From 5171f9fe8119579730c0ad46b56e450e3efd4259 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 5 Jul 2023 11:36:25 -0400 Subject: [PATCH 0001/1145] cargo: update version 0.21.2 -> 0.21.3 --- rustls/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 3ea40b3175..7c5b73205f 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.21.2" +version = "0.21.3" edition = "2021" rust-version = "1.60" license = "Apache-2.0 OR ISC OR MIT" From b3543f90fae13dce4ddf8b598aea90599c812b84 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 4 Jul 2023 17:18:44 +0100 Subject: [PATCH 0002/1145] Add IP address names to test certs --- test-ca/openssl.cnf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test-ca/openssl.cnf b/test-ca/openssl.cnf index cda95b5a9e..549a5c4874 100644 --- a/test-ca/openssl.cnf +++ b/test-ca/openssl.cnf @@ -21,5 +21,7 @@ keyUsage = cRLSign, keyCertSign, digitalSignature, nonRepudiation, keyEncipherme [ alt_names ] DNS.1 = testserver.com +IP.1 = 198.51.100.1 DNS.2 = second.testserver.com +IP.2 = 2001:db8::1 DNS.3 = localhost From 09f3011570f1d4d62fb2fa7a78a81d1964b022e7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 4 Jul 2023 17:19:09 +0100 Subject: [PATCH 0003/1145] Regenerate test certs --- test-ca/ecdsa/ca.cert | 20 ++-- test-ca/ecdsa/ca.der | Bin 462 -> 462 bytes test-ca/ecdsa/ca.key | 8 +- test-ca/ecdsa/client.cert | 18 ++-- test-ca/ecdsa/client.chain | 34 +++--- test-ca/ecdsa/client.fullchain | 52 +++++----- test-ca/ecdsa/client.key | 8 +- test-ca/ecdsa/client.req | 10 +- test-ca/ecdsa/client.revoked.crl.pem | 12 +-- test-ca/ecdsa/end.cert | 23 +++-- test-ca/ecdsa/end.chain | 34 +++--- test-ca/ecdsa/end.fullchain | 57 ++++++----- test-ca/ecdsa/end.key | 6 +- test-ca/ecdsa/end.req | 10 +- test-ca/ecdsa/inter.cert | 14 +-- test-ca/ecdsa/inter.key | 6 +- test-ca/ecdsa/inter.req | 10 +- test-ca/eddsa/ca.cert | 14 +-- test-ca/eddsa/ca.der | Bin 336 -> 336 bytes test-ca/eddsa/ca.key | 2 +- test-ca/eddsa/client.cert | 14 +-- test-ca/eddsa/client.chain | 26 ++--- test-ca/eddsa/client.fullchain | 40 ++++---- test-ca/eddsa/client.key | 2 +- test-ca/eddsa/client.req | 6 +- test-ca/eddsa/client.revoked.crl.pem | 10 +- test-ca/eddsa/end.cert | 20 ++-- test-ca/eddsa/end.chain | 26 ++--- test-ca/eddsa/end.fullchain | 46 ++++----- test-ca/eddsa/end.key | 2 +- test-ca/eddsa/end.req | 8 +- test-ca/eddsa/inter.cert | 12 +-- test-ca/eddsa/inter.key | 2 +- test-ca/eddsa/inter.req | 6 +- test-ca/rsa/ca.cert | 56 +++++----- test-ca/rsa/ca.der | Bin 1305 -> 1305 bytes test-ca/rsa/ca.key | 100 +++++++++--------- test-ca/rsa/client.cert | 38 +++---- test-ca/rsa/client.chain | 104 +++++++++---------- test-ca/rsa/client.fullchain | 142 ++++++++++++------------- test-ca/rsa/client.key | 52 +++++----- test-ca/rsa/client.req | 24 ++--- test-ca/rsa/client.revoked.crl.pem | 24 ++--- test-ca/rsa/client.rsa | 52 +++++----- test-ca/rsa/end.cert | 44 ++++---- test-ca/rsa/end.chain | 104 +++++++++---------- test-ca/rsa/end.fullchain | 148 +++++++++++++-------------- test-ca/rsa/end.key | 52 +++++----- test-ca/rsa/end.req | 24 ++--- test-ca/rsa/end.rsa | 52 +++++----- test-ca/rsa/inter.cert | 48 ++++----- test-ca/rsa/inter.key | 76 +++++++------- test-ca/rsa/inter.req | 36 +++---- 53 files changed, 868 insertions(+), 866 deletions(-) diff --git a/test-ca/ecdsa/ca.cert b/test-ca/ecdsa/ca.cert index b5125d6114..7e4b53310e 100644 --- a/test-ca/ecdsa/ca.cert +++ b/test-ca/ecdsa/ca.cert @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIByjCCAVCgAwIBAgIULO3+cmyE+k7ZGvmzLQIWYLxCNGUwCgYIKoZIzj0EAwIw -HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcN -MzMwNjI0MjAxMzQ4WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABBioWbxD28Pa4gwDrdJoGJhEkB6iHoJlYtHsrCer -0rWtuV/f36Sbp6twF3TfeLXOGXM2Sbw5RnEAWbpLeXDkd3rM8pTa4WcyCxWgPoKX -61DsZrOsRc2k2hHj+56Np/ZgEaNTMFEwHQYDVR0OBBYEFEfsl2VxOvnp9sSquj68 -TDfNuT4rMB8GA1UdIwQYMBaAFEfsl2VxOvnp9sSquj68TDfNuT4rMA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwIFSvpx15SMa/hGsyB+B1cniBEZjt -tXPZimZV13l0tkNRLMCnbJ2rtOmRAEBUlEhNAjEA/sYqju6nv4gHE+KDG19Xv0Ty -2rxX3fnlPbdybTqFnT188Rvq4igeJZkg2gEEUnKW +MIIByjCCAVCgAwIBAgIUKM/riKovAp5g/M6wfqzo0i+T0rIwCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcN +MzMwNzAyMTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABL7ijhL2hRVDpr8Wlr4PU6sLLmN4PX4GojTLn1uS +ZPRqssaRvDWrTC9jOdQ/UnYvANMFpN02KTGioOcfc6VTiwkomwDnpw70l/iLezFC +jtEOSWb+79UUgWiXUvrUq+3vHKNTMFEwHQYDVR0OBBYEFMPKd+by6FQfl20s1Y6q +WXvAZ7aeMB8GA1UdIwQYMBaAFMPKd+by6FQfl20s1Y6qWXvAZ7aeMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwVIEVsSeQAcxOh4AoC+beQSl3nLfl +jX7N3gMTP0uth6iyR4AgFP4XM6xgCkIcjYPOAjEAvJRyTXtXYSLM+2/HOq+Ti/BW +1xqzPuxufx+Mz98Q9Ies5CBQUOxoHJmYvbXP+1M0 -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/ca.der b/test-ca/ecdsa/ca.der index b7a5ddc5c07667aa871284474c114ac0feb40c78..530ef3fe26c74b03800765dd5683a8adc94f128d 100644 GIT binary patch delta 345 zcmX@de2!V!po#Gm5C<$^W@2Pw645ySx?`0-)4YT~=Qh->d2va9@}*4^l?^4$4NMJ9 zO$J$3bD(bv!zu2^W{K2ca^^z-W>(~~VoSq*& zDdkJnrehQLn6CEGPqw^bA5^B#aG7<T>8;7j|OCkg=pZ!%dBUjP6A delta 345 zcmX@de2!V!po#Gm5C<$^W@2Pw64814uPCSGm)}jPpPO}=#1i&6nWRosHk33oGB+|X zG&Zq_66ZBGHZU_XfpRD6%TMePua{U6xySkT;aiV*nAcv)keJ~zL2i*;Q)<%1H*3^a zU)s8MXZ-#9OJ*-$T_9d^zhdh-$zn6lJ(g~T43WFMD+`{KSDpDZ<<`S=BW}?Jc1_b? z2fRt!yvFtHl3Rk0f6wb({w+apaj-$4fh-$ys4O3g7>kJeo9U^ARzF{UJF;q*-5wuv z)w4V8v<>7z^2#g{24W2uDnJS*yECdJD}=0HE?enwY=29(5&MJEqKZbr8E>~1-|R{Y zyDHd`yFZ`W dZZFEUYMpCa^HKWMBMmv#nF_ZUS%QkD0RT;-mTCY1 diff --git a/test-ca/ecdsa/ca.key b/test-ca/ecdsa/ca.key index c06b944b01..f620c3e2cc 100644 --- a/test-ca/ecdsa/ca.key +++ b/test-ca/ecdsa/ca.key @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAfPEtZf6gtyHQ1sJhX -fsM0meJ0xZcL+KdUg0wIIdvvt/6sBY4DKilNjFKCJ6rTjZKhZANiAAQYqFm8Q9vD -2uIMA63SaBiYRJAeoh6CZWLR7Kwnq9K1rblf39+km6ercBd033i1zhlzNkm8OUZx -AFm6S3lw5Hd6zPKU2uFnMgsVoD6Cl+tQ7GazrEXNpNoR4/uejaf2YBE= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCsjZYhksLxap94U8my +D1pQN7DbpidGpEoEG50dJKFoURmOxmtlyEAv3p3Mr3Aw/2ahZANiAAS+4o4S9oUV +Q6a/Fpa+D1OrCy5jeD1+BqI0y59bkmT0arLGkbw1q0wvYznUP1J2LwDTBaTdNikx +oqDnH3OlU4sJKJsA56cO9Jf4i3sxQo7RDklm/u/VFIFol1L61Kvt7xw= -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa/client.cert b/test-ca/ecdsa/client.cert index c2f80879ba..3a8bcef9c5 100644 --- a/test-ca/ecdsa/client.cert +++ b/test-ca/ecdsa/client.cert @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- MIIB8TCCAZegAwIBAgICAxUwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv -d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMwNjI3MjAxMzQ4WhcN -MjgxMjE3MjAxMzQ4WjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAAS9Lets4njbfbb2BY9fwKNB0ReQH3vV9u/M6Nygo2xG -h2hvOqSm1XH8Od76hY+JVWOzzSahNHXHYchC08El9MnqoCXQWOijpMvBgDRfVytn -3Uaq7IlEzNP1+134cXrZtW+jgZswgZgwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMC -BsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFC+LrX+4QKTPQhgS -LZEuIghR9Oy8MEQGA1UdIwQ9MDuAFCxwJ3fcyB99oWNB/MQ50XoWOLjhoSCkHjAc +d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMwNzA1MTU0MDQ2WhcN +MjgxMjI1MTU0MDQ2WjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAASCd1LWnaWRlRPYTdovjuxJK6qJSkyI3oLoJTsSUPiw +Et5js19D68vOAIXpEOMb7Nk454lmlrp3YD5zDXez7NevNOIdsI9BRRiwDOQmGtlw +25wtXDS7AwSLgdka4H5lzJ+jgZswgZgwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMC +BsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFBsFIEPKbxNv1Rca +9wzShkfBD+n+MEQGA1UdIwQ9MDuAFEQqdSwAeFQDDYhbCo8g6wMn27CpoSCkHjAc MRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQYIBezAKBggqhkjOPQQDAgNIADBF -AiEA5LHZT+lZj69DIcSMD7s60pED4o5oayRbzDYtiD9/YxUCIG+o4OrhLzMDyYg8 -EPOMNriZlM49ZsLhIYFyUnREFO4S +AiAy9QJOaI7DEC6ZjoLn2j1I1q4VUQAQIlUFfbu1hG2bigIhAIt5Q/jDa+AAYSFk +5dtMOXJtWiCGZc20OxhZsHXmGpAs -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/client.chain b/test-ca/ecdsa/client.chain index f5ccbb6149..11a406b0cd 100644 --- a/test-ca/ecdsa/client.chain +++ b/test-ca/ecdsa/client.chain @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- MIIB2DCCAV6gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 -biBFQ0RTQSBDQTAeFw0yMzA2MjcyMDEzNDhaFw0zMzA2MjQyMDEzNDhaMC4xLDAq +biBFQ0RTQSBDQTAeFw0yMzA3MDUxNTQwNDZaFw0zMzA3MDIxNTQwNDZaMC4xLDAq BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAEJevOmejkLmzS4CxKv0Jq9V2RzaZHcYcYpQGL -j63QsxBpsK8Fdtv3G2v45F68m2fLG3dtMAbLPjlf4KlaCGQ0paN/MH0wHQYDVR0O -BBYEFCxwJ3fcyB99oWNB/MQ50XoWOLjhMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +KoZIzj0CAQYIKoZIzj0DAQcDQgAEI9uWbLTyPyP7rGipF8gmjTNjdZrOuoFm0Dwj +IhcPOZrlWrBB7EaTf5jv/0EC3aMx7nUsf25lYYDyEKEafjzlSaN/MH0wHQYDVR0O +BBYEFEQqdSwAeFQDDYhbCo8g6wMn27CpMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAW -gBRH7JdlcTr56fbEqro+vEw3zbk+KzAKBggqhkjOPQQDAgNoADBlAjBUq3F+eViV -w6tddGnKFCI5C6R9As+ZxNnTBkam/z0PEoOA/JB9AR+nBemSFy112JQCMQD3Xz7/ -e9HZWXzVGKUAFe/pXFYE1kaYGCAZ2I40A0tY5cSdewJBxvyAwyEqM2GG9wA= +gBTDynfm8uhUH5dtLNWOqll7wGe2njAKBggqhkjOPQQDAgNoADBlAjEAtd6eQF4/ +vb1uZZDLP7Goi6Q0pZ5abGUMibdqc8inp5o8G8beq9NOdhN3529jK6YhAjA45bnN +IEJ8u6KUK3JHwbynsZhibm26SFLFJf4C1USRBCn7+Mpz76PLMDIDRciF6vs= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIByjCCAVCgAwIBAgIULO3+cmyE+k7ZGvmzLQIWYLxCNGUwCgYIKoZIzj0EAwIw -HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcN -MzMwNjI0MjAxMzQ4WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABBioWbxD28Pa4gwDrdJoGJhEkB6iHoJlYtHsrCer -0rWtuV/f36Sbp6twF3TfeLXOGXM2Sbw5RnEAWbpLeXDkd3rM8pTa4WcyCxWgPoKX -61DsZrOsRc2k2hHj+56Np/ZgEaNTMFEwHQYDVR0OBBYEFEfsl2VxOvnp9sSquj68 -TDfNuT4rMB8GA1UdIwQYMBaAFEfsl2VxOvnp9sSquj68TDfNuT4rMA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwIFSvpx15SMa/hGsyB+B1cniBEZjt -tXPZimZV13l0tkNRLMCnbJ2rtOmRAEBUlEhNAjEA/sYqju6nv4gHE+KDG19Xv0Ty -2rxX3fnlPbdybTqFnT188Rvq4igeJZkg2gEEUnKW +MIIByjCCAVCgAwIBAgIUKM/riKovAp5g/M6wfqzo0i+T0rIwCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcN +MzMwNzAyMTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABL7ijhL2hRVDpr8Wlr4PU6sLLmN4PX4GojTLn1uS +ZPRqssaRvDWrTC9jOdQ/UnYvANMFpN02KTGioOcfc6VTiwkomwDnpw70l/iLezFC +jtEOSWb+79UUgWiXUvrUq+3vHKNTMFEwHQYDVR0OBBYEFMPKd+by6FQfl20s1Y6q +WXvAZ7aeMB8GA1UdIwQYMBaAFMPKd+by6FQfl20s1Y6qWXvAZ7aeMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwVIEVsSeQAcxOh4AoC+beQSl3nLfl +jX7N3gMTP0uth6iyR4AgFP4XM6xgCkIcjYPOAjEAvJRyTXtXYSLM+2/HOq+Ti/BW +1xqzPuxufx+Mz98Q9Ies5CBQUOxoHJmYvbXP+1M0 -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/client.fullchain b/test-ca/ecdsa/client.fullchain index 0626023e4e..2c83641a75 100644 --- a/test-ca/ecdsa/client.fullchain +++ b/test-ca/ecdsa/client.fullchain @@ -1,37 +1,37 @@ -----BEGIN CERTIFICATE----- MIIB8TCCAZegAwIBAgICAxUwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv -d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMwNjI3MjAxMzQ4WhcN -MjgxMjE3MjAxMzQ4WjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAAS9Lets4njbfbb2BY9fwKNB0ReQH3vV9u/M6Nygo2xG -h2hvOqSm1XH8Od76hY+JVWOzzSahNHXHYchC08El9MnqoCXQWOijpMvBgDRfVytn -3Uaq7IlEzNP1+134cXrZtW+jgZswgZgwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMC -BsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFC+LrX+4QKTPQhgS -LZEuIghR9Oy8MEQGA1UdIwQ9MDuAFCxwJ3fcyB99oWNB/MQ50XoWOLjhoSCkHjAc +d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMwNzA1MTU0MDQ2WhcN +MjgxMjI1MTU0MDQ2WjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAASCd1LWnaWRlRPYTdovjuxJK6qJSkyI3oLoJTsSUPiw +Et5js19D68vOAIXpEOMb7Nk454lmlrp3YD5zDXez7NevNOIdsI9BRRiwDOQmGtlw +25wtXDS7AwSLgdka4H5lzJ+jgZswgZgwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMC +BsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFBsFIEPKbxNv1Rca +9wzShkfBD+n+MEQGA1UdIwQ9MDuAFEQqdSwAeFQDDYhbCo8g6wMn27CpoSCkHjAc MRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQYIBezAKBggqhkjOPQQDAgNIADBF -AiEA5LHZT+lZj69DIcSMD7s60pED4o5oayRbzDYtiD9/YxUCIG+o4OrhLzMDyYg8 -EPOMNriZlM49ZsLhIYFyUnREFO4S +AiAy9QJOaI7DEC6ZjoLn2j1I1q4VUQAQIlUFfbu1hG2bigIhAIt5Q/jDa+AAYSFk +5dtMOXJtWiCGZc20OxhZsHXmGpAs -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIB2DCCAV6gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 -biBFQ0RTQSBDQTAeFw0yMzA2MjcyMDEzNDhaFw0zMzA2MjQyMDEzNDhaMC4xLDAq +biBFQ0RTQSBDQTAeFw0yMzA3MDUxNTQwNDZaFw0zMzA3MDIxNTQwNDZaMC4xLDAq BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAEJevOmejkLmzS4CxKv0Jq9V2RzaZHcYcYpQGL -j63QsxBpsK8Fdtv3G2v45F68m2fLG3dtMAbLPjlf4KlaCGQ0paN/MH0wHQYDVR0O -BBYEFCxwJ3fcyB99oWNB/MQ50XoWOLjhMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +KoZIzj0CAQYIKoZIzj0DAQcDQgAEI9uWbLTyPyP7rGipF8gmjTNjdZrOuoFm0Dwj +IhcPOZrlWrBB7EaTf5jv/0EC3aMx7nUsf25lYYDyEKEafjzlSaN/MH0wHQYDVR0O +BBYEFEQqdSwAeFQDDYhbCo8g6wMn27CpMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAW -gBRH7JdlcTr56fbEqro+vEw3zbk+KzAKBggqhkjOPQQDAgNoADBlAjBUq3F+eViV -w6tddGnKFCI5C6R9As+ZxNnTBkam/z0PEoOA/JB9AR+nBemSFy112JQCMQD3Xz7/ -e9HZWXzVGKUAFe/pXFYE1kaYGCAZ2I40A0tY5cSdewJBxvyAwyEqM2GG9wA= +gBTDynfm8uhUH5dtLNWOqll7wGe2njAKBggqhkjOPQQDAgNoADBlAjEAtd6eQF4/ +vb1uZZDLP7Goi6Q0pZ5abGUMibdqc8inp5o8G8beq9NOdhN3529jK6YhAjA45bnN +IEJ8u6KUK3JHwbynsZhibm26SFLFJf4C1USRBCn7+Mpz76PLMDIDRciF6vs= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIByjCCAVCgAwIBAgIULO3+cmyE+k7ZGvmzLQIWYLxCNGUwCgYIKoZIzj0EAwIw -HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcN -MzMwNjI0MjAxMzQ4WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABBioWbxD28Pa4gwDrdJoGJhEkB6iHoJlYtHsrCer -0rWtuV/f36Sbp6twF3TfeLXOGXM2Sbw5RnEAWbpLeXDkd3rM8pTa4WcyCxWgPoKX -61DsZrOsRc2k2hHj+56Np/ZgEaNTMFEwHQYDVR0OBBYEFEfsl2VxOvnp9sSquj68 -TDfNuT4rMB8GA1UdIwQYMBaAFEfsl2VxOvnp9sSquj68TDfNuT4rMA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwIFSvpx15SMa/hGsyB+B1cniBEZjt -tXPZimZV13l0tkNRLMCnbJ2rtOmRAEBUlEhNAjEA/sYqju6nv4gHE+KDG19Xv0Ty -2rxX3fnlPbdybTqFnT188Rvq4igeJZkg2gEEUnKW +MIIByjCCAVCgAwIBAgIUKM/riKovAp5g/M6wfqzo0i+T0rIwCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcN +MzMwNzAyMTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABL7ijhL2hRVDpr8Wlr4PU6sLLmN4PX4GojTLn1uS +ZPRqssaRvDWrTC9jOdQ/UnYvANMFpN02KTGioOcfc6VTiwkomwDnpw70l/iLezFC +jtEOSWb+79UUgWiXUvrUq+3vHKNTMFEwHQYDVR0OBBYEFMPKd+by6FQfl20s1Y6q +WXvAZ7aeMB8GA1UdIwQYMBaAFMPKd+by6FQfl20s1Y6qWXvAZ7aeMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwVIEVsSeQAcxOh4AoC+beQSl3nLfl +jX7N3gMTP0uth6iyR4AgFP4XM6xgCkIcjYPOAjEAvJRyTXtXYSLM+2/HOq+Ti/BW +1xqzPuxufx+Mz98Q9Ies5CBQUOxoHJmYvbXP+1M0 -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/client.key b/test-ca/ecdsa/client.key index a6bb4c3996..fa9812f90d 100644 --- a/test-ca/ecdsa/client.key +++ b/test-ca/ecdsa/client.key @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDpP+leVyB54HTb9NfD -W3ADGPF3i/rtiOhYwUAQPuu35fNWWMjS76S/RZUgIh6h0wihZANiAAS9Lets4njb -fbb2BY9fwKNB0ReQH3vV9u/M6Nygo2xGh2hvOqSm1XH8Od76hY+JVWOzzSahNHXH -YchC08El9MnqoCXQWOijpMvBgDRfVytn3Uaq7IlEzNP1+134cXrZtW8= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDKJ+hWQWsvoxw6pWYL +N90eokxpImgIb3kCEUW5sJDnAGlYIwcn25A4lADRyEuEcSShZANiAASCd1LWnaWR +lRPYTdovjuxJK6qJSkyI3oLoJTsSUPiwEt5js19D68vOAIXpEOMb7Nk454lmlrp3 +YD5zDXez7NevNOIdsI9BRRiwDOQmGtlw25wtXDS7AwSLgdka4H5lzJ8= -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa/client.req b/test-ca/ecdsa/client.req index fa8cec81c4..af10407383 100644 --- a/test-ca/ecdsa/client.req +++ b/test-ca/ecdsa/client.req @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE REQUEST----- MIIBEzCBmQIBADAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcqhkjO -PQIBBgUrgQQAIgNiAAS9Lets4njbfbb2BY9fwKNB0ReQH3vV9u/M6Nygo2xGh2hv -OqSm1XH8Od76hY+JVWOzzSahNHXHYchC08El9MnqoCXQWOijpMvBgDRfVytn3Uaq -7IlEzNP1+134cXrZtW+gADAKBggqhkjOPQQDAgNpADBmAjEA9ZNAY7J6fkDQnNsX -MZ9sp1eaGkC911T3bgxjQlS6DzRokH5m5S+HJ1VEhy4G54KgAjEA7lZxQ/sfneBb -d7PQM7FJIfK2aDKUGrgYISWqJHYLWpbnQYCWAzs4Gp77roLN4JhG +PQIBBgUrgQQAIgNiAASCd1LWnaWRlRPYTdovjuxJK6qJSkyI3oLoJTsSUPiwEt5j +s19D68vOAIXpEOMb7Nk454lmlrp3YD5zDXez7NevNOIdsI9BRRiwDOQmGtlw25wt +XDS7AwSLgdka4H5lzJ+gADAKBggqhkjOPQQDAgNpADBmAjEAtRws/pll70FNzZ79 +pHZb5Bovy/6injVsQ9PQcvPdZ84biI1bRiKYKKSjMn6iRAnVAjEA4jva8MmhIuvJ +W3MiYjH2F5R8Acto1apmx9S4uPlI+Tv04lPFluAHK6fV3rfgcRCW -----END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa/client.revoked.crl.pem b/test-ca/ecdsa/client.revoked.crl.pem index 75d5658995..f424e3d67a 100644 --- a/test-ca/ecdsa/client.revoked.crl.pem +++ b/test-ca/ecdsa/client.revoked.crl.pem @@ -1,8 +1,8 @@ -----BEGIN X509 CRL----- -MIIBDDCBtAIBATAKBggqhkjOPQQDAjAuMSwwKgYDVQQDDCNwb255dG93biBFQ0RT -QSBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjMwNjI3MjAxMzQ4WhcNMjMwNzA0MjAx -MzQ4WjAjMCECAgMVFw0yMzA2MjcyMDEzNDhaMAwwCgYDVR0VBAMKAQGgMDAuMB8G -A1UdIwQYMBaAFCxwJ3fcyB99oWNB/MQ50XoWOLjhMAsGA1UdFAQEAgIQATAKBggq -hkjOPQQDAgNHADBEAiB2EMs2Nxmgs+u60tJcjvz6HQD6QY+ceh6ja6SDnov2/QIg -UbHe7Wz9UwMMFOrHqGwArmispOqOVRRf0L58OE7fL9I= +MIIBDTCBtAIBATAKBggqhkjOPQQDAjAuMSwwKgYDVQQDDCNwb255dG93biBFQ0RT +QSBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjMwNzA1MTU0MDQ2WhcNMjMwNzEyMTU0 +MDQ2WjAjMCECAgMVFw0yMzA3MDUxNTQwNDZaMAwwCgYDVR0VBAMKAQGgMDAuMB8G +A1UdIwQYMBaAFEQqdSwAeFQDDYhbCo8g6wMn27CpMAsGA1UdFAQEAgIQATAKBggq +hkjOPQQDAgNIADBFAiB3hle53ZctSd+FI76SZsRXb4NZaUVlY41qIHeeMlKLzQIh +ALBfSkSc19jdt8Vw/6GUiSDc7+u7XfeKr6JX/ZiVLXqZ -----END X509 CRL----- diff --git a/test-ca/ecdsa/end.cert b/test-ca/ecdsa/end.cert index 89eb3e9ea2..c51a402384 100644 --- a/test-ca/ecdsa/end.cert +++ b/test-ca/ecdsa/end.cert @@ -1,13 +1,14 @@ -----BEGIN CERTIFICATE----- -MIIB9zCCAZ6gAwIBAgICAcgwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv -d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMwNjI3MjAxMzQ4WhcN -MjgxMjE3MjAxMzQ4WjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTBZMBMGByqG -SM49AgEGCCqGSM49AwEHA0IABGnrR4cOWZShvEXPRxSWWPsb58nq2nW04OXX4SKM -B3YHdgdbvFBSrVBYk9Oa1SYTvqwABz/+KuDr2QgqIgSDygqjgcAwgb0wDAYDVR0T -AQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFKxlVrNnhfdS+3uOpnSJD8n8 -QPCXMEQGA1UdIwQ9MDuAFCxwJ3fcyB99oWNB/MQ50XoWOLjhoSCkHjAcMRowGAYD -VQQDDBFwb255dG93biBFQ0RTQSBDQYIBezA7BgNVHREENDAygg50ZXN0c2VydmVy -LmNvbYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3QwCgYIKoZIzj0E -AwIDRwAwRAIgXfnkEV0qiVx+Mi6XbUswZclU0U9AJPNW+Pf8gRtDa1ICIHYdiale -PiC/sN27oopnJZiN9+4dXr+ZN+UoJa+vu4Wh +MIICDzCCAbagAwIBAgICAcgwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv +d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMwNzA1MTU0MDQ2WhcN +MjgxMjI1MTU0MDQ2WjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABFn59Brhwq5VxUaj2MYtw2SYSadcHnDkNG9Efmgx +E4lQCW2GZMcBbxJ/mzdjBl+WLeXjtwY2eXcu3glW2sOtzCijgdgwgdUwDAYDVR0T +AQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFDAfnnyYiG3m3mcvvPGjukL1 +Ld3+MEQGA1UdIwQ9MDuAFEQqdSwAeFQDDYhbCo8g6wMn27CpoSCkHjAcMRowGAYD +VQQDDBFwb255dG93biBFQ0RTQSBDQYIBezBTBgNVHREETDBKgg50ZXN0c2VydmVy +LmNvbYcExjNkAYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29thxAgAQ24AAAAAAAAAAAA +AAABgglsb2NhbGhvc3QwCgYIKoZIzj0EAwIDRwAwRAIgZWkcJ8MGs8YasHC37f3D +rf8H/TYwSUE+IQx8hCWgT9MCIC1/UueWePY+kGgLnQTsM4+V7b0YBXEcCnvr9MyU +Ih5J -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/end.chain b/test-ca/ecdsa/end.chain index f5ccbb6149..11a406b0cd 100644 --- a/test-ca/ecdsa/end.chain +++ b/test-ca/ecdsa/end.chain @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- MIIB2DCCAV6gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 -biBFQ0RTQSBDQTAeFw0yMzA2MjcyMDEzNDhaFw0zMzA2MjQyMDEzNDhaMC4xLDAq +biBFQ0RTQSBDQTAeFw0yMzA3MDUxNTQwNDZaFw0zMzA3MDIxNTQwNDZaMC4xLDAq BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAEJevOmejkLmzS4CxKv0Jq9V2RzaZHcYcYpQGL -j63QsxBpsK8Fdtv3G2v45F68m2fLG3dtMAbLPjlf4KlaCGQ0paN/MH0wHQYDVR0O -BBYEFCxwJ3fcyB99oWNB/MQ50XoWOLjhMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +KoZIzj0CAQYIKoZIzj0DAQcDQgAEI9uWbLTyPyP7rGipF8gmjTNjdZrOuoFm0Dwj +IhcPOZrlWrBB7EaTf5jv/0EC3aMx7nUsf25lYYDyEKEafjzlSaN/MH0wHQYDVR0O +BBYEFEQqdSwAeFQDDYhbCo8g6wMn27CpMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAW -gBRH7JdlcTr56fbEqro+vEw3zbk+KzAKBggqhkjOPQQDAgNoADBlAjBUq3F+eViV -w6tddGnKFCI5C6R9As+ZxNnTBkam/z0PEoOA/JB9AR+nBemSFy112JQCMQD3Xz7/ -e9HZWXzVGKUAFe/pXFYE1kaYGCAZ2I40A0tY5cSdewJBxvyAwyEqM2GG9wA= +gBTDynfm8uhUH5dtLNWOqll7wGe2njAKBggqhkjOPQQDAgNoADBlAjEAtd6eQF4/ +vb1uZZDLP7Goi6Q0pZ5abGUMibdqc8inp5o8G8beq9NOdhN3529jK6YhAjA45bnN +IEJ8u6KUK3JHwbynsZhibm26SFLFJf4C1USRBCn7+Mpz76PLMDIDRciF6vs= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIByjCCAVCgAwIBAgIULO3+cmyE+k7ZGvmzLQIWYLxCNGUwCgYIKoZIzj0EAwIw -HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcN -MzMwNjI0MjAxMzQ4WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABBioWbxD28Pa4gwDrdJoGJhEkB6iHoJlYtHsrCer -0rWtuV/f36Sbp6twF3TfeLXOGXM2Sbw5RnEAWbpLeXDkd3rM8pTa4WcyCxWgPoKX -61DsZrOsRc2k2hHj+56Np/ZgEaNTMFEwHQYDVR0OBBYEFEfsl2VxOvnp9sSquj68 -TDfNuT4rMB8GA1UdIwQYMBaAFEfsl2VxOvnp9sSquj68TDfNuT4rMA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwIFSvpx15SMa/hGsyB+B1cniBEZjt -tXPZimZV13l0tkNRLMCnbJ2rtOmRAEBUlEhNAjEA/sYqju6nv4gHE+KDG19Xv0Ty -2rxX3fnlPbdybTqFnT188Rvq4igeJZkg2gEEUnKW +MIIByjCCAVCgAwIBAgIUKM/riKovAp5g/M6wfqzo0i+T0rIwCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcN +MzMwNzAyMTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABL7ijhL2hRVDpr8Wlr4PU6sLLmN4PX4GojTLn1uS +ZPRqssaRvDWrTC9jOdQ/UnYvANMFpN02KTGioOcfc6VTiwkomwDnpw70l/iLezFC +jtEOSWb+79UUgWiXUvrUq+3vHKNTMFEwHQYDVR0OBBYEFMPKd+by6FQfl20s1Y6q +WXvAZ7aeMB8GA1UdIwQYMBaAFMPKd+by6FQfl20s1Y6qWXvAZ7aeMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwVIEVsSeQAcxOh4AoC+beQSl3nLfl +jX7N3gMTP0uth6iyR4AgFP4XM6xgCkIcjYPOAjEAvJRyTXtXYSLM+2/HOq+Ti/BW +1xqzPuxufx+Mz98Q9Ies5CBQUOxoHJmYvbXP+1M0 -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/end.fullchain b/test-ca/ecdsa/end.fullchain index f0a2f726b0..7c79886ea3 100644 --- a/test-ca/ecdsa/end.fullchain +++ b/test-ca/ecdsa/end.fullchain @@ -1,37 +1,38 @@ -----BEGIN CERTIFICATE----- -MIIB9zCCAZ6gAwIBAgICAcgwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv -d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMwNjI3MjAxMzQ4WhcN -MjgxMjE3MjAxMzQ4WjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTBZMBMGByqG -SM49AgEGCCqGSM49AwEHA0IABGnrR4cOWZShvEXPRxSWWPsb58nq2nW04OXX4SKM -B3YHdgdbvFBSrVBYk9Oa1SYTvqwABz/+KuDr2QgqIgSDygqjgcAwgb0wDAYDVR0T -AQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFKxlVrNnhfdS+3uOpnSJD8n8 -QPCXMEQGA1UdIwQ9MDuAFCxwJ3fcyB99oWNB/MQ50XoWOLjhoSCkHjAcMRowGAYD -VQQDDBFwb255dG93biBFQ0RTQSBDQYIBezA7BgNVHREENDAygg50ZXN0c2VydmVy -LmNvbYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3QwCgYIKoZIzj0E -AwIDRwAwRAIgXfnkEV0qiVx+Mi6XbUswZclU0U9AJPNW+Pf8gRtDa1ICIHYdiale -PiC/sN27oopnJZiN9+4dXr+ZN+UoJa+vu4Wh +MIICDzCCAbagAwIBAgICAcgwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv +d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMwNzA1MTU0MDQ2WhcN +MjgxMjI1MTU0MDQ2WjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABFn59Brhwq5VxUaj2MYtw2SYSadcHnDkNG9Efmgx +E4lQCW2GZMcBbxJ/mzdjBl+WLeXjtwY2eXcu3glW2sOtzCijgdgwgdUwDAYDVR0T +AQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFDAfnnyYiG3m3mcvvPGjukL1 +Ld3+MEQGA1UdIwQ9MDuAFEQqdSwAeFQDDYhbCo8g6wMn27CpoSCkHjAcMRowGAYD +VQQDDBFwb255dG93biBFQ0RTQSBDQYIBezBTBgNVHREETDBKgg50ZXN0c2VydmVy +LmNvbYcExjNkAYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29thxAgAQ24AAAAAAAAAAAA +AAABgglsb2NhbGhvc3QwCgYIKoZIzj0EAwIDRwAwRAIgZWkcJ8MGs8YasHC37f3D +rf8H/TYwSUE+IQx8hCWgT9MCIC1/UueWePY+kGgLnQTsM4+V7b0YBXEcCnvr9MyU +Ih5J -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIB2DCCAV6gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 -biBFQ0RTQSBDQTAeFw0yMzA2MjcyMDEzNDhaFw0zMzA2MjQyMDEzNDhaMC4xLDAq +biBFQ0RTQSBDQTAeFw0yMzA3MDUxNTQwNDZaFw0zMzA3MDIxNTQwNDZaMC4xLDAq BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAEJevOmejkLmzS4CxKv0Jq9V2RzaZHcYcYpQGL -j63QsxBpsK8Fdtv3G2v45F68m2fLG3dtMAbLPjlf4KlaCGQ0paN/MH0wHQYDVR0O -BBYEFCxwJ3fcyB99oWNB/MQ50XoWOLjhMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +KoZIzj0CAQYIKoZIzj0DAQcDQgAEI9uWbLTyPyP7rGipF8gmjTNjdZrOuoFm0Dwj +IhcPOZrlWrBB7EaTf5jv/0EC3aMx7nUsf25lYYDyEKEafjzlSaN/MH0wHQYDVR0O +BBYEFEQqdSwAeFQDDYhbCo8g6wMn27CpMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAW -gBRH7JdlcTr56fbEqro+vEw3zbk+KzAKBggqhkjOPQQDAgNoADBlAjBUq3F+eViV -w6tddGnKFCI5C6R9As+ZxNnTBkam/z0PEoOA/JB9AR+nBemSFy112JQCMQD3Xz7/ -e9HZWXzVGKUAFe/pXFYE1kaYGCAZ2I40A0tY5cSdewJBxvyAwyEqM2GG9wA= +gBTDynfm8uhUH5dtLNWOqll7wGe2njAKBggqhkjOPQQDAgNoADBlAjEAtd6eQF4/ +vb1uZZDLP7Goi6Q0pZ5abGUMibdqc8inp5o8G8beq9NOdhN3529jK6YhAjA45bnN +IEJ8u6KUK3JHwbynsZhibm26SFLFJf4C1USRBCn7+Mpz76PLMDIDRciF6vs= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIByjCCAVCgAwIBAgIULO3+cmyE+k7ZGvmzLQIWYLxCNGUwCgYIKoZIzj0EAwIw -HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcN -MzMwNjI0MjAxMzQ4WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABBioWbxD28Pa4gwDrdJoGJhEkB6iHoJlYtHsrCer -0rWtuV/f36Sbp6twF3TfeLXOGXM2Sbw5RnEAWbpLeXDkd3rM8pTa4WcyCxWgPoKX -61DsZrOsRc2k2hHj+56Np/ZgEaNTMFEwHQYDVR0OBBYEFEfsl2VxOvnp9sSquj68 -TDfNuT4rMB8GA1UdIwQYMBaAFEfsl2VxOvnp9sSquj68TDfNuT4rMA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwIFSvpx15SMa/hGsyB+B1cniBEZjt -tXPZimZV13l0tkNRLMCnbJ2rtOmRAEBUlEhNAjEA/sYqju6nv4gHE+KDG19Xv0Ty -2rxX3fnlPbdybTqFnT188Rvq4igeJZkg2gEEUnKW +MIIByjCCAVCgAwIBAgIUKM/riKovAp5g/M6wfqzo0i+T0rIwCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcN +MzMwNzAyMTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABL7ijhL2hRVDpr8Wlr4PU6sLLmN4PX4GojTLn1uS +ZPRqssaRvDWrTC9jOdQ/UnYvANMFpN02KTGioOcfc6VTiwkomwDnpw70l/iLezFC +jtEOSWb+79UUgWiXUvrUq+3vHKNTMFEwHQYDVR0OBBYEFMPKd+by6FQfl20s1Y6q +WXvAZ7aeMB8GA1UdIwQYMBaAFMPKd+by6FQfl20s1Y6qWXvAZ7aeMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwVIEVsSeQAcxOh4AoC+beQSl3nLfl +jX7N3gMTP0uth6iyR4AgFP4XM6xgCkIcjYPOAjEAvJRyTXtXYSLM+2/HOq+Ti/BW +1xqzPuxufx+Mz98Q9Ies5CBQUOxoHJmYvbXP+1M0 -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/end.key b/test-ca/ecdsa/end.key index d4d1cc92ee..cec45a54c6 100644 --- a/test-ca/ecdsa/end.key +++ b/test-ca/ecdsa/end.key @@ -1,5 +1,5 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgf6J7W1NE4YKpBCz3 -iUpHUeK/ORhOnZmB05/avgbMslGhRANCAARp60eHDlmUobxFz0cUllj7G+fJ6tp1 -tODl1+EijAd2B3YHW7xQUq1QWJPTmtUmE76sAAc//irg69kIKiIEg8oK +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgALQpY6/2BJbpIuRP +UNX49o9PFYEKCjoGSQEeX5AwSO2hRANCAARZ+fQa4cKuVcVGo9jGLcNkmEmnXB5w +5DRvRH5oMROJUAlthmTHAW8Sf5s3YwZfli3l47cGNnl3Lt4JVtrDrcwo -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa/end.req b/test-ca/ecdsa/end.req index f5d7997f99..0bfd50416e 100644 --- a/test-ca/ecdsa/end.req +++ b/test-ca/ecdsa/end.req @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE REQUEST----- -MIHTMHsCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wWTATBgcqhkjOPQIB -BggqhkjOPQMBBwNCAARp60eHDlmUobxFz0cUllj7G+fJ6tp1tODl1+EijAd2B3YH -W7xQUq1QWJPTmtUmE76sAAc//irg69kIKiIEg8oKoAAwCgYIKoZIzj0EAwIDSAAw -RQIgK9zvB6iucBJb1yzxW4paDF4upKZC0AlAhHHzu/Z9ZF8CIQCCMSB7g9DbL+R/ -Lgcc3RgRFU3zrfUQVPfvI8spgPlLEw== +MIHUMHsCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAARZ+fQa4cKuVcVGo9jGLcNkmEmnXB5w5DRvRH5oMROJUAlt +hmTHAW8Sf5s3YwZfli3l47cGNnl3Lt4JVtrDrcwooAAwCgYIKoZIzj0EAwIDSQAw +RgIhAIEU3/Twp/+1Pz/8StU1c9Jky3Dl59VaYbS7QbIG9YU+AiEA9q0gNjBAM9iT +zgrSnAe9E/YS00RUMmoHKZXXSyaIVxQ= -----END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa/inter.cert b/test-ca/ecdsa/inter.cert index 30217452c1..4a0e110fe4 100644 --- a/test-ca/ecdsa/inter.cert +++ b/test-ca/ecdsa/inter.cert @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- MIIB2DCCAV6gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 -biBFQ0RTQSBDQTAeFw0yMzA2MjcyMDEzNDhaFw0zMzA2MjQyMDEzNDhaMC4xLDAq +biBFQ0RTQSBDQTAeFw0yMzA3MDUxNTQwNDZaFw0zMzA3MDIxNTQwNDZaMC4xLDAq BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAEJevOmejkLmzS4CxKv0Jq9V2RzaZHcYcYpQGL -j63QsxBpsK8Fdtv3G2v45F68m2fLG3dtMAbLPjlf4KlaCGQ0paN/MH0wHQYDVR0O -BBYEFCxwJ3fcyB99oWNB/MQ50XoWOLjhMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +KoZIzj0CAQYIKoZIzj0DAQcDQgAEI9uWbLTyPyP7rGipF8gmjTNjdZrOuoFm0Dwj +IhcPOZrlWrBB7EaTf5jv/0EC3aMx7nUsf25lYYDyEKEafjzlSaN/MH0wHQYDVR0O +BBYEFEQqdSwAeFQDDYhbCo8g6wMn27CpMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAW -gBRH7JdlcTr56fbEqro+vEw3zbk+KzAKBggqhkjOPQQDAgNoADBlAjBUq3F+eViV -w6tddGnKFCI5C6R9As+ZxNnTBkam/z0PEoOA/JB9AR+nBemSFy112JQCMQD3Xz7/ -e9HZWXzVGKUAFe/pXFYE1kaYGCAZ2I40A0tY5cSdewJBxvyAwyEqM2GG9wA= +gBTDynfm8uhUH5dtLNWOqll7wGe2njAKBggqhkjOPQQDAgNoADBlAjEAtd6eQF4/ +vb1uZZDLP7Goi6Q0pZ5abGUMibdqc8inp5o8G8beq9NOdhN3529jK6YhAjA45bnN +IEJ8u6KUK3JHwbynsZhibm26SFLFJf4C1USRBCn7+Mpz76PLMDIDRciF6vs= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/inter.key b/test-ca/ecdsa/inter.key index 3b0b0a5cc7..a504363742 100644 --- a/test-ca/ecdsa/inter.key +++ b/test-ca/ecdsa/inter.key @@ -1,5 +1,5 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgWschVMQWGSJpkQZi -rn/lAmhuIXvXtVGHMMPxnmD65nShRANCAAQl686Z6OQubNLgLEq/Qmr1XZHNpkdx -hxilAYuPrdCzEGmwrwV22/cba/jkXrybZ8sbd20wBss+OV/gqVoIZDSl +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEblFpZPgIENYtmEv +tXkpNxJ3IXEi0+d341R1UT0/JvChRANCAAQj25ZstPI/I/usaKkXyCaNM2N1ms66 +gWbQPCMiFw85muVasEHsRpN/mO//QQLdozHudSx/bmVhgPIQoRp+POVJ -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa/inter.req b/test-ca/ecdsa/inter.req index 2ec3fc75f7..f9238ff816 100644 --- a/test-ca/ecdsa/inter.req +++ b/test-ca/ecdsa/inter.req @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE REQUEST----- -MIHpMIGQAgEAMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50 -ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJevOmejkLmzS4CxK -v0Jq9V2RzaZHcYcYpQGLj63QsxBpsK8Fdtv3G2v45F68m2fLG3dtMAbLPjlf4Kla -CGQ0paAAMAoGCCqGSM49BAMCA0gAMEUCIQCFPA0cyGppad9WspJ7gcjFY0dSZaXz -ENNTIi74UZlDTAIgFbXyX3vaXvE68GA8DT2juwp62EfvQmlkmQPyD9/dU1Y= +MIHqMIGQAgEAMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50 +ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI9uWbLTyPyP7rGip +F8gmjTNjdZrOuoFm0DwjIhcPOZrlWrBB7EaTf5jv/0EC3aMx7nUsf25lYYDyEKEa +fjzlSaAAMAoGCCqGSM49BAMCA0kAMEYCIQD7MzWSwNHd+XIAOCDtZT2/yUnrdGvQ +TQVmpSOHrhZvaAIhAJC/oBxetLlBuq6XLDboV0jCOzz4YQRElIWibDWs5qpg -----END CERTIFICATE REQUEST----- diff --git a/test-ca/eddsa/ca.cert b/test-ca/eddsa/ca.cert index 35936e6b59..18518275b1 100644 --- a/test-ca/eddsa/ca.cert +++ b/test-ca/eddsa/ca.cert @@ -1,9 +1,9 @@ -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhQC8ReNmcRk7uwJS9qD5HHOUnqejDAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0 -MjAxMzQ4WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -ANdeKJZRGeQQeoXP7VzFUR5IsigrEV2n9j64ULKW2lxvo1MwUTAdBgNVHQ4EFgQU -V0M7GNkxTnhMXtnDlcrc1FgwdKswHwYDVR0jBBgwFoAUV0M7GNkxTnhMXtnDlcrc -1FgwdKswDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDyZPQbhCIHnXU+/PXxg+34 -ZK8BbCJ26SSU6i2hIfy6JZ077SUH+KBD8ziM16dHLj8snQPNol/IvNaYotZxkG8L +MIIBTDCB/6ADAgECAhR7gyGjUc9PrlhC7/0Uvh5Ee2XaZTAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAy +MTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AHlf4LfMdp6UuT9Eq7I3X9sGo+uYpyaGvTDP9Poh4IO1o1MwUTAdBgNVHQ4EFgQU +s4a/Q9lEZJkPUCkYiZ7dYgXyHpYwHwYDVR0jBBgwFoAUs4a/Q9lEZJkPUCkYiZ7d +YgXyHpYwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQCx1pCmzga9qPedPRErr9oG +ked8KY0DR/clmU3qHBQeRAw/TNukvPwGEgGpIR3MamL/LgUp0/3kYsWARrzsKVcB -----END CERTIFICATE----- diff --git a/test-ca/eddsa/ca.der b/test-ca/eddsa/ca.der index ef7d6ca252e1404a53c094f6aad76db45ff72be3..1389dd0c26fb89556258cc18ff40fedc125a6c6e 100644 GIT binary patch delta 275 zcmcb>bb(39po!7Ppz;3#W+p}^CXwo9#l?Z={nte}z5gq+PtK(}^;YUcB^^m~15-m& z69W^oC~;n6V*_&oBPe&GrhL7Y0V^A`c4`5$B12{TgY9R^=1tjY@3MN6dHij*#jj^9 zS8LmAaQ@3L#Rtt>7Y7>z8pyIShsyG?h_Q%lZrksC(}%LGAUo*d{)&(d=b* w|E@aI_mzx@oC}Y=&+R39{;&x#u2hsgla=&ek5%*X-zP~&8{GE1(F|t<01p{r_W%F@ delta 275 zcmcb>bb(39po!7Ppz;3#W+p}^CK0BO;=MDEq`Z5>>3ysDN#VJms(C#Vm2@P{jLeM; z42?}JqQrTPjSb9h`_v$e!cL%#~2xSNNkp1N}-!k}cefjmfB znMJ}ttO2_MevkrTM#ldvtOm@CjNboY_B%3sO8Fw)qQpM8)b7vMkIip?q^xJmQ7U_> wGUb)-Ld8G3ROed1Rb~IN!1=R9&-LZ*diFYVna?hYKe6Z9j78T9C**Sj010qrIRF3v diff --git a/test-ca/eddsa/ca.key b/test-ca/eddsa/ca.key index 53cd27d36c..71fedfb8c0 100644 --- a/test-ca/eddsa/ca.key +++ b/test-ca/eddsa/ca.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIIJaffMh+ZRQEWd6ClKFbIqtNox5iHKFrEpJxdWj934i +MC4CAQAwBQYDK2VwBCIEIFfG4HHRxJBvkHkuAHEBFqC7HDnZAwvGwMQJTB/0xbRe -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/client.cert b/test-ca/eddsa/client.cert index 73fa032c8d..e58189a965 100644 --- a/test-ca/eddsa/client.cert +++ b/test-ca/eddsa/client.cert @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- MIIBlDCCAUagAwIBAgICAxUwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDYyNzIwMTM0OFoXDTI4MTIx -NzIwMTM0OFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA -ikIM+JUu4rDHSg8gW9TSWaH6PD4/iqiwLtdNfv092jOjgZswgZgwDAYDVR0TAQH/ +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloXDTI4MTIy +NTE1NDA0NlowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA +POHCFETLoCJa5YPecGskXVjIMhKY/KgL7QA1kldezD+jgZswgZgwDAYDVR0TAQH/ BAIwADALBgNVHQ8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0O -BBYEFEDbO62mMOmhbgLp8e4kvSlhCD1uMEQGA1UdIwQ9MDuAFPW1B1HSYqhldaIu -a+c7DGfwaYnwoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF -BgMrZXADQQBopkbWPM31tMKFg9W5+K2UhLqgCZIkXIqPgxkIkZCWjiJj0vHjHdYE -M0u+zg8K4OOd1Hzz8jq+NanP6DH+IhID +BBYEFI9anYJwjc6HAvTtaHJ+49pm1DnBMEQGA1UdIwQ9MDuAFF4I7KonT8pjYvHv +XyhXvvHAUk1PoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF +BgMrZXADQQDhNYLsEmP4c8DT8PSrCpNqaK0eQFJABNmB2yngOxfrXYVZk7oiBJrY +TGWOaXlAoFnY4/1MEbSJiePzCnC16tQG -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.chain b/test-ca/eddsa/client.chain index 36ab67f4f9..38a2da5483 100644 --- a/test-ca/eddsa/client.chain +++ b/test-ca/eddsa/client.chain @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0MjAxMzQ4WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -APqLwTwcUvvu6UR71UT47ZlbXCjLbRQIFeq88fxMO31Go38wfTAdBgNVHQ4EFgQU -9bUHUdJiqGV1oi5r5zsMZ/BpifAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFFdD -OxjZMU54TF7Zw5XK3NRYMHSrMAUGAytlcANBAO3DlgUfIZ0628+9BLTRRlMVfsE8 -83okxDWnViuZK1AXiDsVEooDbjZUdg9esGOcC98QD5FpPDioAgwAv/OojQE= +AI0/BtRQI45V5ncukO0PvSjK21VD6PqF4su9d5npo/zyo38wfTAdBgNVHQ4EFgQU +XgjsqidPymNi8e9fKFe+8cBSTU8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFLOG +v0PZRGSZD1ApGIme3WIF8h6WMAUGAytlcANBAIZfveXZFMYCGJgcaJMhsexNA8pP +pzKlKCAf7XpT2RwSpTVYKdiFT0rYr3/JRTUfylGm6Tn7KMavEqP6fHmEhgY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhQC8ReNmcRk7uwJS9qD5HHOUnqejDAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0 -MjAxMzQ4WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -ANdeKJZRGeQQeoXP7VzFUR5IsigrEV2n9j64ULKW2lxvo1MwUTAdBgNVHQ4EFgQU -V0M7GNkxTnhMXtnDlcrc1FgwdKswHwYDVR0jBBgwFoAUV0M7GNkxTnhMXtnDlcrc -1FgwdKswDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDyZPQbhCIHnXU+/PXxg+34 -ZK8BbCJ26SSU6i2hIfy6JZ077SUH+KBD8ziM16dHLj8snQPNol/IvNaYotZxkG8L +MIIBTDCB/6ADAgECAhR7gyGjUc9PrlhC7/0Uvh5Ee2XaZTAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAy +MTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AHlf4LfMdp6UuT9Eq7I3X9sGo+uYpyaGvTDP9Poh4IO1o1MwUTAdBgNVHQ4EFgQU +s4a/Q9lEZJkPUCkYiZ7dYgXyHpYwHwYDVR0jBBgwFoAUs4a/Q9lEZJkPUCkYiZ7d +YgXyHpYwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQCx1pCmzga9qPedPRErr9oG +ked8KY0DR/clmU3qHBQeRAw/TNukvPwGEgGpIR3MamL/LgUp0/3kYsWARrzsKVcB -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.fullchain b/test-ca/eddsa/client.fullchain index 889e45c2da..4042b5d805 100644 --- a/test-ca/eddsa/client.fullchain +++ b/test-ca/eddsa/client.fullchain @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- MIIBlDCCAUagAwIBAgICAxUwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDYyNzIwMTM0OFoXDTI4MTIx -NzIwMTM0OFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA -ikIM+JUu4rDHSg8gW9TSWaH6PD4/iqiwLtdNfv092jOjgZswgZgwDAYDVR0TAQH/ +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloXDTI4MTIy +NTE1NDA0NlowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA +POHCFETLoCJa5YPecGskXVjIMhKY/KgL7QA1kldezD+jgZswgZgwDAYDVR0TAQH/ BAIwADALBgNVHQ8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0O -BBYEFEDbO62mMOmhbgLp8e4kvSlhCD1uMEQGA1UdIwQ9MDuAFPW1B1HSYqhldaIu -a+c7DGfwaYnwoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF -BgMrZXADQQBopkbWPM31tMKFg9W5+K2UhLqgCZIkXIqPgxkIkZCWjiJj0vHjHdYE -M0u+zg8K4OOd1Hzz8jq+NanP6DH+IhID +BBYEFI9anYJwjc6HAvTtaHJ+49pm1DnBMEQGA1UdIwQ9MDuAFF4I7KonT8pjYvHv +XyhXvvHAUk1PoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF +BgMrZXADQQDhNYLsEmP4c8DT8PSrCpNqaK0eQFJABNmB2yngOxfrXYVZk7oiBJrY +TGWOaXlAoFnY4/1MEbSJiePzCnC16tQG -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0MjAxMzQ4WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -APqLwTwcUvvu6UR71UT47ZlbXCjLbRQIFeq88fxMO31Go38wfTAdBgNVHQ4EFgQU -9bUHUdJiqGV1oi5r5zsMZ/BpifAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFFdD -OxjZMU54TF7Zw5XK3NRYMHSrMAUGAytlcANBAO3DlgUfIZ0628+9BLTRRlMVfsE8 -83okxDWnViuZK1AXiDsVEooDbjZUdg9esGOcC98QD5FpPDioAgwAv/OojQE= +AI0/BtRQI45V5ncukO0PvSjK21VD6PqF4su9d5npo/zyo38wfTAdBgNVHQ4EFgQU +XgjsqidPymNi8e9fKFe+8cBSTU8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFLOG +v0PZRGSZD1ApGIme3WIF8h6WMAUGAytlcANBAIZfveXZFMYCGJgcaJMhsexNA8pP +pzKlKCAf7XpT2RwSpTVYKdiFT0rYr3/JRTUfylGm6Tn7KMavEqP6fHmEhgY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhQC8ReNmcRk7uwJS9qD5HHOUnqejDAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0 -MjAxMzQ4WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -ANdeKJZRGeQQeoXP7VzFUR5IsigrEV2n9j64ULKW2lxvo1MwUTAdBgNVHQ4EFgQU -V0M7GNkxTnhMXtnDlcrc1FgwdKswHwYDVR0jBBgwFoAUV0M7GNkxTnhMXtnDlcrc -1FgwdKswDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDyZPQbhCIHnXU+/PXxg+34 -ZK8BbCJ26SSU6i2hIfy6JZ077SUH+KBD8ziM16dHLj8snQPNol/IvNaYotZxkG8L +MIIBTDCB/6ADAgECAhR7gyGjUc9PrlhC7/0Uvh5Ee2XaZTAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAy +MTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AHlf4LfMdp6UuT9Eq7I3X9sGo+uYpyaGvTDP9Poh4IO1o1MwUTAdBgNVHQ4EFgQU +s4a/Q9lEZJkPUCkYiZ7dYgXyHpYwHwYDVR0jBBgwFoAUs4a/Q9lEZJkPUCkYiZ7d +YgXyHpYwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQCx1pCmzga9qPedPRErr9oG +ked8KY0DR/clmU3qHBQeRAw/TNukvPwGEgGpIR3MamL/LgUp0/3kYsWARrzsKVcB -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.key b/test-ca/eddsa/client.key index 59ab77ef90..53b0568de8 100644 --- a/test-ca/eddsa/client.key +++ b/test-ca/eddsa/client.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIP0ZM+0WkJlPg4HAOZoeUuzwNwJcYnd8xPJz+AquHXHk +MC4CAQAwBQYDK2VwBCIEIF1kN4ROxiD1rLG/5ENhZ9Vcj3LClrMKSToC2uVEddTF -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/client.req b/test-ca/eddsa/client.req index 8962eafc5a..ac1ade5d8f 100644 --- a/test-ca/eddsa/client.req +++ b/test-ca/eddsa/client.req @@ -1,6 +1,6 @@ -----BEGIN CERTIFICATE REQUEST----- MIGZME0CAQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA -ikIM+JUu4rDHSg8gW9TSWaH6PD4/iqiwLtdNfv092jOgADAFBgMrZXADQQAjDOWl -I+TmdeaDKr4TIc68ysA9LcGhAJ9wKk7jmkKazUjyZOgH1aBZjOr/sfgZFOIzJAUQ -EtFhyeisIjNEyVUI +POHCFETLoCJa5YPecGskXVjIMhKY/KgL7QA1kldezD+gADAFBgMrZXADQQDPZNiP +jTHJMLuunc0+bxAzAOxpSywWWoDqqCOIHCadHgHfe3pzQk9/OAU1iMSV5f9Etstg +66E321kBlitiWIED -----END CERTIFICATE REQUEST----- diff --git a/test-ca/eddsa/client.revoked.crl.pem b/test-ca/eddsa/client.revoked.crl.pem index ef932ee878..1779cff1cb 100644 --- a/test-ca/eddsa/client.revoked.crl.pem +++ b/test-ca/eddsa/client.revoked.crl.pem @@ -1,8 +1,8 @@ -----BEGIN X509 CRL----- MIH8MIGvAgEBMAUGAytlcDAuMSwwKgYDVQQDDCNwb255dG93biBFZERTQSBsZXZl -bCAyIGludGVybWVkaWF0ZRcNMjMwNjI3MjAxMzQ4WhcNMjMwNzA0MjAxMzQ4WjAj -MCECAgMVFw0yMzA2MjcyMDEzNDhaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQY -MBaAFPW1B1HSYqhldaIua+c7DGfwaYnwMAsGA1UdFAQEAgIQATAFBgMrZXADQQDD -WUkRgsBscZItMH33ZpTYfFLb7nW7WHaJOZLQKc+qUb3gvHog8EzS5ODMyFWf9JTS -9sLL/xIkGKy3YhOYb50M +bCAyIGludGVybWVkaWF0ZRcNMjMwNzA1MTU0MDQ2WhcNMjMwNzEyMTU0MDQ2WjAj +MCECAgMVFw0yMzA3MDUxNTQwNDZaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQY +MBaAFF4I7KonT8pjYvHvXyhXvvHAUk1PMAsGA1UdFAQEAgIQATAFBgMrZXADQQCa +t3FCr8qS0Gnq+ZBjs4E5VNRQiHmQJVgHRyDdLyQeikHZ0+djiTh1gl+Po5YIGwpg +hDn3OvO0YtjKNIlvUnkG -----END X509 CRL----- diff --git a/test-ca/eddsa/end.cert b/test-ca/eddsa/end.cert index 2f5981be65..4cbd8f7633 100644 --- a/test-ca/eddsa/end.cert +++ b/test-ca/eddsa/end.cert @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBuDCCAWqgAwIBAgICAcgwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDYyNzIwMTM0OFoXDTI4MTIx -NzIwMTM0OFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQAJ -EKUfnKRgXyH1rpH1pWbLrOlb3qtEPwJN3bNTC9s65KOBwDCBvTAMBgNVHRMBAf8E -AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUvHn2rUm6gXRtnKlkf5sL7+rLQNMw -RAYDVR0jBD0wO4AU9bUHUdJiqGV1oi5r5zsMZ/BpifChIKQeMBwxGjAYBgNVBAMM -EXBvbnl0b3duIEVkRFNBIENBggF7MDsGA1UdEQQ0MDKCDnRlc3RzZXJ2ZXIuY29t -ghVzZWNvbmQudGVzdHNlcnZlci5jb22CCWxvY2FsaG9zdDAFBgMrZXADQQCIz753 -0RKNgM9pJTltnqZY/7jT0Sp6lSwLfxbbTztkOya1uDdYuyc7QbiCzBTPGW1PR4BT -u+AP7l+DrZ9noX0D +MIIB0DCCAYKgAwIBAgICAcgwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloXDTI4MTIy +NTE1NDA0NlowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQBT +p3JQLT+wKPGofQqe2lqidbOLj8hwAoZJNBTc5rAtKKOB2DCB1TAMBgNVHRMBAf8E +AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQU00mqZ+S3UNpykNqHt45HN1sOi2ww +RAYDVR0jBD0wO4AUXgjsqidPymNi8e9fKFe+8cBSTU+hIKQeMBwxGjAYBgNVBAMM +EXBvbnl0b3duIEVkRFNBIENBggF7MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29t +hwTGM2QBghVzZWNvbmQudGVzdHNlcnZlci5jb22HECABDbgAAAAAAAAAAAAAAAGC +CWxvY2FsaG9zdDAFBgMrZXADQQAAmqv482CuUt16D7M/4AGhXEbce1OC1bPE5KRK +YT92CRD9pwfg00SYIKYq1DjqTj2cAspKjGjbblAIHvt5u+wB -----END CERTIFICATE----- diff --git a/test-ca/eddsa/end.chain b/test-ca/eddsa/end.chain index 36ab67f4f9..38a2da5483 100644 --- a/test-ca/eddsa/end.chain +++ b/test-ca/eddsa/end.chain @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0MjAxMzQ4WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -APqLwTwcUvvu6UR71UT47ZlbXCjLbRQIFeq88fxMO31Go38wfTAdBgNVHQ4EFgQU -9bUHUdJiqGV1oi5r5zsMZ/BpifAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFFdD -OxjZMU54TF7Zw5XK3NRYMHSrMAUGAytlcANBAO3DlgUfIZ0628+9BLTRRlMVfsE8 -83okxDWnViuZK1AXiDsVEooDbjZUdg9esGOcC98QD5FpPDioAgwAv/OojQE= +AI0/BtRQI45V5ncukO0PvSjK21VD6PqF4su9d5npo/zyo38wfTAdBgNVHQ4EFgQU +XgjsqidPymNi8e9fKFe+8cBSTU8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFLOG +v0PZRGSZD1ApGIme3WIF8h6WMAUGAytlcANBAIZfveXZFMYCGJgcaJMhsexNA8pP +pzKlKCAf7XpT2RwSpTVYKdiFT0rYr3/JRTUfylGm6Tn7KMavEqP6fHmEhgY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhQC8ReNmcRk7uwJS9qD5HHOUnqejDAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0 -MjAxMzQ4WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -ANdeKJZRGeQQeoXP7VzFUR5IsigrEV2n9j64ULKW2lxvo1MwUTAdBgNVHQ4EFgQU -V0M7GNkxTnhMXtnDlcrc1FgwdKswHwYDVR0jBBgwFoAUV0M7GNkxTnhMXtnDlcrc -1FgwdKswDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDyZPQbhCIHnXU+/PXxg+34 -ZK8BbCJ26SSU6i2hIfy6JZ077SUH+KBD8ziM16dHLj8snQPNol/IvNaYotZxkG8L +MIIBTDCB/6ADAgECAhR7gyGjUc9PrlhC7/0Uvh5Ee2XaZTAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAy +MTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AHlf4LfMdp6UuT9Eq7I3X9sGo+uYpyaGvTDP9Poh4IO1o1MwUTAdBgNVHQ4EFgQU +s4a/Q9lEZJkPUCkYiZ7dYgXyHpYwHwYDVR0jBBgwFoAUs4a/Q9lEZJkPUCkYiZ7d +YgXyHpYwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQCx1pCmzga9qPedPRErr9oG +ked8KY0DR/clmU3qHBQeRAw/TNukvPwGEgGpIR3MamL/LgUp0/3kYsWARrzsKVcB -----END CERTIFICATE----- diff --git a/test-ca/eddsa/end.fullchain b/test-ca/eddsa/end.fullchain index 266b440c0b..bdbf8cda4b 100644 --- a/test-ca/eddsa/end.fullchain +++ b/test-ca/eddsa/end.fullchain @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- -MIIBuDCCAWqgAwIBAgICAcgwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDYyNzIwMTM0OFoXDTI4MTIx -NzIwMTM0OFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQAJ -EKUfnKRgXyH1rpH1pWbLrOlb3qtEPwJN3bNTC9s65KOBwDCBvTAMBgNVHRMBAf8E -AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUvHn2rUm6gXRtnKlkf5sL7+rLQNMw -RAYDVR0jBD0wO4AU9bUHUdJiqGV1oi5r5zsMZ/BpifChIKQeMBwxGjAYBgNVBAMM -EXBvbnl0b3duIEVkRFNBIENBggF7MDsGA1UdEQQ0MDKCDnRlc3RzZXJ2ZXIuY29t -ghVzZWNvbmQudGVzdHNlcnZlci5jb22CCWxvY2FsaG9zdDAFBgMrZXADQQCIz753 -0RKNgM9pJTltnqZY/7jT0Sp6lSwLfxbbTztkOya1uDdYuyc7QbiCzBTPGW1PR4BT -u+AP7l+DrZ9noX0D +MIIB0DCCAYKgAwIBAgICAcgwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloXDTI4MTIy +NTE1NDA0NlowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQBT +p3JQLT+wKPGofQqe2lqidbOLj8hwAoZJNBTc5rAtKKOB2DCB1TAMBgNVHRMBAf8E +AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQU00mqZ+S3UNpykNqHt45HN1sOi2ww +RAYDVR0jBD0wO4AUXgjsqidPymNi8e9fKFe+8cBSTU+hIKQeMBwxGjAYBgNVBAMM +EXBvbnl0b3duIEVkRFNBIENBggF7MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29t +hwTGM2QBghVzZWNvbmQudGVzdHNlcnZlci5jb22HECABDbgAAAAAAAAAAAAAAAGC +CWxvY2FsaG9zdDAFBgMrZXADQQAAmqv482CuUt16D7M/4AGhXEbce1OC1bPE5KRK +YT92CRD9pwfg00SYIKYq1DjqTj2cAspKjGjbblAIHvt5u+wB -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0MjAxMzQ4WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -APqLwTwcUvvu6UR71UT47ZlbXCjLbRQIFeq88fxMO31Go38wfTAdBgNVHQ4EFgQU -9bUHUdJiqGV1oi5r5zsMZ/BpifAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFFdD -OxjZMU54TF7Zw5XK3NRYMHSrMAUGAytlcANBAO3DlgUfIZ0628+9BLTRRlMVfsE8 -83okxDWnViuZK1AXiDsVEooDbjZUdg9esGOcC98QD5FpPDioAgwAv/OojQE= +AI0/BtRQI45V5ncukO0PvSjK21VD6PqF4su9d5npo/zyo38wfTAdBgNVHQ4EFgQU +XgjsqidPymNi8e9fKFe+8cBSTU8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFLOG +v0PZRGSZD1ApGIme3WIF8h6WMAUGAytlcANBAIZfveXZFMYCGJgcaJMhsexNA8pP +pzKlKCAf7XpT2RwSpTVYKdiFT0rYr3/JRTUfylGm6Tn7KMavEqP6fHmEhgY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhQC8ReNmcRk7uwJS9qD5HHOUnqejDAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0 -MjAxMzQ4WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -ANdeKJZRGeQQeoXP7VzFUR5IsigrEV2n9j64ULKW2lxvo1MwUTAdBgNVHQ4EFgQU -V0M7GNkxTnhMXtnDlcrc1FgwdKswHwYDVR0jBBgwFoAUV0M7GNkxTnhMXtnDlcrc -1FgwdKswDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDyZPQbhCIHnXU+/PXxg+34 -ZK8BbCJ26SSU6i2hIfy6JZ077SUH+KBD8ziM16dHLj8snQPNol/IvNaYotZxkG8L +MIIBTDCB/6ADAgECAhR7gyGjUc9PrlhC7/0Uvh5Ee2XaZTAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAy +MTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AHlf4LfMdp6UuT9Eq7I3X9sGo+uYpyaGvTDP9Poh4IO1o1MwUTAdBgNVHQ4EFgQU +s4a/Q9lEZJkPUCkYiZ7dYgXyHpYwHwYDVR0jBBgwFoAUs4a/Q9lEZJkPUCkYiZ7d +YgXyHpYwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQCx1pCmzga9qPedPRErr9oG +ked8KY0DR/clmU3qHBQeRAw/TNukvPwGEgGpIR3MamL/LgUp0/3kYsWARrzsKVcB -----END CERTIFICATE----- diff --git a/test-ca/eddsa/end.key b/test-ca/eddsa/end.key index fe0b5e97a8..4aaeb7ee0a 100644 --- a/test-ca/eddsa/end.key +++ b/test-ca/eddsa/end.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEILOqj5i5ZysyaAOtFkr018UPAoTCTr0eHNxlHz5Vu1Re +MC4CAQAwBQYDK2VwBCIEILpjcX1mqV95ccSy9dkDjfANeuztB8tjSbWB/ZIBP+2O -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/end.req b/test-ca/eddsa/end.req index 8c607e1fff..ed3fad0211 100644 --- a/test-ca/eddsa/end.req +++ b/test-ca/eddsa/end.req @@ -1,6 +1,6 @@ -----BEGIN CERTIFICATE REQUEST----- -MIGYMEwCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQAJ -EKUfnKRgXyH1rpH1pWbLrOlb3qtEPwJN3bNTC9s65KAAMAUGAytlcANBAL2hZOV2 -2DtY/kLIqPXfLBjfVMJ+HXaAK5vmWwkFGyb7BOChfxHuZY9xKFJB/sW5RaRvdrGV -gM4ITLs3RUISrws= +MIGYMEwCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQBT +p3JQLT+wKPGofQqe2lqidbOLj8hwAoZJNBTc5rAtKKAAMAUGAytlcANBAEm/ubmQ +UFdzGQrnE4rIMwIKmGCkmN1OBkXeKUHa9Lkhylu0ZeM6wy0VIhW/m+FvhWLlL5a7 +WJMwnkw/R8CBJAg= -----END CERTIFICATE REQUEST----- diff --git a/test-ca/eddsa/inter.cert b/test-ca/eddsa/inter.cert index b604d8cf43..be20157ff2 100644 --- a/test-ca/eddsa/inter.cert +++ b/test-ca/eddsa/inter.cert @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0MjAxMzQ4WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -APqLwTwcUvvu6UR71UT47ZlbXCjLbRQIFeq88fxMO31Go38wfTAdBgNVHQ4EFgQU -9bUHUdJiqGV1oi5r5zsMZ/BpifAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFFdD -OxjZMU54TF7Zw5XK3NRYMHSrMAUGAytlcANBAO3DlgUfIZ0628+9BLTRRlMVfsE8 -83okxDWnViuZK1AXiDsVEooDbjZUdg9esGOcC98QD5FpPDioAgwAv/OojQE= +AI0/BtRQI45V5ncukO0PvSjK21VD6PqF4su9d5npo/zyo38wfTAdBgNVHQ4EFgQU +XgjsqidPymNi8e9fKFe+8cBSTU8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFLOG +v0PZRGSZD1ApGIme3WIF8h6WMAUGAytlcANBAIZfveXZFMYCGJgcaJMhsexNA8pP +pzKlKCAf7XpT2RwSpTVYKdiFT0rYr3/JRTUfylGm6Tn7KMavEqP6fHmEhgY= -----END CERTIFICATE----- diff --git a/test-ca/eddsa/inter.key b/test-ca/eddsa/inter.key index 77dc7b17c7..42abc0611e 100644 --- a/test-ca/eddsa/inter.key +++ b/test-ca/eddsa/inter.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIC5GhQvbhmZMF9lb2IjzMsmXWvoct49j6E6Md35o42js +MC4CAQAwBQYDK2VwBCIEII7VfiQYQnipujNa2R+wIriAvyP7kzcTg6EJnHfyHfKy -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/inter.req b/test-ca/eddsa/inter.req index 5b67fc6a3d..00674aab63 100644 --- a/test-ca/eddsa/inter.req +++ b/test-ca/eddsa/inter.req @@ -1,6 +1,6 @@ -----BEGIN CERTIFICATE REQUEST----- MIGtMGECAQAwLjEsMCoGA1UEAwwjcG9ueXRvd24gRWREU0EgbGV2ZWwgMiBpbnRl -cm1lZGlhdGUwKjAFBgMrZXADIQD6i8E8HFL77ulEe9VE+O2ZW1woy20UCBXqvPH8 -TDt9RqAAMAUGAytlcANBACchnHnDs9zkmQUfatIS1jmQvANCJC0xHWVUHICWNgXg -WhQ1zzySOKoFzxH+rxiX13LlkWEokQJFdLALyU0PCgc= +cm1lZGlhdGUwKjAFBgMrZXADIQCNPwbUUCOOVeZ3LpDtD70oyttVQ+j6heLLvXeZ +6aP88qAAMAUGAytlcANBAIhqpGFU9lrS1c3gQ3g1jQh/xUH0SIyarlODXpUXbmqB +FI4MIwgxVMJAzxbiEj1/qVwNf4aURiRkCftQIGbj/Qo= -----END CERTIFICATE REQUEST----- diff --git a/test-ca/rsa/ca.cert b/test-ca/rsa/ca.cert index 636f3ff51f..9d1b1507e8 100644 --- a/test-ca/rsa/ca.cert +++ b/test-ca/rsa/ca.cert @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUGIGV3FDZXdNIPCe2s9FHmjTqeLYwDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDYyNzIwMTM0N1oX -DTMzMDYyNDIwMTM0N1owGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9Dkdby/tuMYvV62TbVmz7CWASGq/ -f/m7zZPlS8SSoMdqow1pr8mcWD0od39rIYFlGGoLHoBtqP3d6cV0KRpcJqDF4oDr -HrMoZikpQAO3s50NvXWhkESxGzCUJD4XtvZkmK+gBdob/qrOn1uqYdkD8YM6rnqw -R9VOz/GLWmguWMhd66mMAPvpfLD3wPtJmIzMQyrGRuLDenm9cigNNjYtCDFiHvbL -H499UikqgYIVPIPal4nzDWO/iAo/ktC7zDI/cH+q38eZJbKy6z1Yi+VTI4285r/M -cex4DTJVfdTRYt2lRKzLhCFwdPED7CZS1pVhNh+C4DCPIw/jreBmfq1rSKnPqVqA -BWm7B+WVKAOOPbIQtXHbIfjRzkjF/37I5zWvLHaLlfPaEpjIlNAZTjQgYaOCMI0+ -HPHvWVklE4CY8jq44N2K4bPAvr6NpLkiqsaNvfOwmLdnmfDoytmOSbvl0bSauLkg -WDasorR7Z4k2Q157Mmictv1CSSo4PvZB44l0nC2Xzd731DgUjxiAAjOcgFXUNLPp -ALQBI+5xkHhnoqcFe6LWlZkRbdfWHVXVRnNKRADyXS0bwbSmVOsnvBPQFCbL+0X6 -3m8Wvk/2RymALARIQ1zIl+Wpt03YZU9XXevNsHa7xFeNRY3NinxI68mIux80C2Fc -rdFKgNxfhjVhi7UCAwEAAaNTMFEwHQYDVR0OBBYEFDoLyGBbOF6+Uo0/z++0JGLK -T3R9MB8GA1UdIwQYMBaAFDoLyGBbOF6+Uo0/z++0JGLKT3R9MA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBANFjC5Ry/i+A38YrDIGSRAf0ePZj3tjc -Bh/SV75cgIJUGGS+KCX2+K7P5/9XxH/fwb5kZZyfZsT7oPiv0nqoXutljcoqfb/V -Cx7SJD600JhJsPu4HJsbF4IP660gNSnSyNt4ESx8RIECW3o9iO/cgKpGkValT1cC -HKSrv80l+whwnRRKHV2yvl3N9RkVXlAcFOP8zhRjQsrMNZSIz1Ux9KsJG68s52tX -SSqK00bQQMMFiznF+xvN31GL8nQrtgPvbbz3EI6EjdBhXtwHSZXzUXM5IYWD/GzO -a0Td7TFGQlZckq6/rxT0Qp4qzYlEx1JQi14Mv9wQoAXkew706s6oGBCd9xg+UVu/ -cny2l7gal8kJ2rcOmiXY04IpiXlQQuovAntB6XHpgc2Vgh7Ao93DpBxmRfFTXI2r -O0C6DMzd/oHDbSNkxONuk6V0usvGnFLSbtPDJsJegpSjzSA+CWR9es0PAqsf92Be -unCoUEx+Vzz87/g+shQKkWw+Bw1VKmTGmtXK0x9r/Nawmj19YRfp/CYhdJT3xj3L -5c1Aw5EVM3Ti6ABSi3Lk8dO6XewcR8dgr2wxGE6eSL4XJ1e7GwaSt+F3KbTeAY7c -KcWhobyFAXIyXmjhNYgZA+atnRuD2Cx4w/kO7fzn8C3c0aVZYuv2cXCeqFlFBbas -EhGAHWy7QFZ+ +MIIFFTCCAv2gAwIBAgIUeBO7ijNleg4pg4gsGEwTqZeLBgowDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDcwNTE1NDA0NFoX +DTMzMDcwMjE1NDA0NFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmfbeDwj5qaV4Iw1/ATrU9Ss5irf9 +pWW5scBC/DLswdRgJgHnM79BiwJxhjrUGnBIRdOoAopf5NmJt14wwwOkyRui77jR +1XLbiTV5uow4NIZ0oyTYUTybmIdqatbCGXTOnYedOoogZt1D4SvDyzoCPJMXL3ig +nezgmPons9eXjMJgTZXxCIkwUYcIjhvjHy2QIIXWXQM0jG9/gVMJN+Wu1FbhAv2V +z+DUZmFKwjjvnFJsQskoHGZ8g5hKECKiTD6zSKyVcJSKOcgnPrA1jh1YAwVNp7qn +Vt15Z26dsKSKSJh0ET6PSrruCQ4W3dgAN3PEUZclx/VFBEnWx+Xr+zbqOVg5RAA0 +QZRLZQqzIuZLFkEQJ6yMerU0cQ1xvkxhWXSSYG0tZHonfhZu4x65M1GRZom1XTcB +XtnwrcMCxYuRRIHE6ObRqzenkaU3dS/s3oZzHXv9byUdrYU4ZfhSYObGegCa4jY0 +NvuaL1JJyGXJ7P97ScRf0Gjm7m+oMrET7gb0bZYTgIJd7+FnUsiRXHH2b5w9AoCN +1tYSmmu1wXkGw1njqFGLKrghwhfYrH5o/8xnQbkkszEWSCGW8e4Z1KIPCM/an6JF +QfwbSFw7ftjN87qoqqkzqQq4CoiQGyCs9mMSBmmH/7XTFsRjmw205Od0N+XCEAmv +OPnA8J60gdoVW8sCAwEAAaNTMFEwHQYDVR0OBBYEFHogObiMvRDUu1UFA1ElmE5o +n0LVMB8GA1UdIwQYMBaAFHogObiMvRDUu1UFA1ElmE5on0LVMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAACPasY7ZBYW58oYuMgX/MZa5F8V3bTX +Fi7WpuunVzJ6X68KadTPF1GeF/dyfkqly9xG5qyeL8X3MoAhKfMp75iz7JkNpilq +mHO9GRN+SRzCOF2otWZGpvTp4syLq6VfjWw9bkwzC5N7FIP0t07aO4/AIPbpwHwm +oH8O611eVrh7nrhoXhUa6s4UxEVNu6RP6D8AtO4KDtJ3phPgvEXXZKZ/DUWcrAmB +2mXVZsuLOvegPPP0RxqgKlNX2ZG53xJE4Ugg8zfPyU7DCI3kpnks/gJrhz6B1nuL +14KOC/rXo5oQRNVhTmanKHnW6GKZ5QEB1rqty16RG2CBog7957DnSYKleO4Y7daN +RZQX2x34PzbKvbDqcIgtlmFJmP6OMd8yUGBqIEh+3ed6GImfoMZdhmnttMnaAmlP +OU/w4cTB7FhQoX4MN5y3S/YA32mBjBt7H2NZmXJl5Q3DU1cKtJ1vAwHIATXlwt7F +9wOuhT/2usGQue1l2H26KRZ7tqa0TvWYzYI9liWEn8CT+Hf505c9lnAV26lxoSBH +C1MQhK1UzOSpL0m+GFdz6fX6fCYCB7DZDuv++KcHWbKXVTSk0jxZvl34CAIXJy2s +Xm6jtv9+Jo5zseYDTT/YgUXymH30SL+x8WHhOPPgunF3SD7uMbSyxI021vkBmRmi +mXLHfCGEyjF/ -----END CERTIFICATE----- diff --git a/test-ca/rsa/ca.der b/test-ca/rsa/ca.der index ea4a8e2a51462cad9b0dec49aa0a09b39e45465e..b2f0cd4834861620c2114f30b5b1a4d8992d2765 100644 GIT binary patch delta 1182 zcmV;P1Y!G`3YiKcFoFdYFoFX8paTK{0s<6x6T6BtWqJ-NgNQ5`OcSY>iv|jjBQh8_ zFf}nXG%z$YS{Ds7GcY$WGBGtYFf=rgZ9adQ_TCQ&`KhINBMpB6I@I+mIf}RarDeIX zz(V{o?7`GvCIRO&zd?%vafUk78gNKO)2IT9U*y?|w_Y&A1Ek3tqVKrT)pFa3HF>&> zI5dWIqa@f-Je!z@YHHTP8FbE_hn+f#AZFb|;VZ+-Is!bC7cY3Ao$TP4`X{s3myCbH zU`>_r2#GLJhX{@v;~y=MAcfXl12l|pe}Pj8H|4I>R^bBumCxYRW?@RgIPaWNY(mK> z9AjvZJ71x=^Ar&is0XKtOaq>4zGbP+y}O1ka| z4i??m05@~QQI{ph^+g0p*2m@R`!;{-IaoPF05n0AOJxePBIZjLK@cabjC!>+aSd_4 zOkr7cl3;BuWO^rl7H;Dnxie9bW{I_3HvwMR@U6oF#fy!(*TdS9;!Y1GdbQJxp~a(+ss%iKohte!8$ z_cDMXDf21sn6vDe4W=n-m~*`u6Mjh?!Z=;1wPr@9^y%Wvi>swyjch$`Ofw6UdlZB8 zw@%tSkH8@I>A-v@pnneQU0znWe|w&|XkHZ>>dq9zMNPY;Pv}1YwC)NH(s!m4;JiiG zWTt-&MVzb&f!bx&X3L8@_n{w8tehfF9w@dZ_-)Vu28+#vPS($QWS9Zvz3y0X5~q-o^I=u7yAL zy1|gS?Pb_~x+xZWwx+aBfAyHnf<2ZcgrC5Z_;>l!mpztn72BzCp&&;KQxJr$RLtb5 zFG;=_S99t0`g|q=2e8==>;Cws2U)V0RWzj1JXyY7_y__QCoQaAZlkvUekP7{vE~C! wKiGjq@|b<}NWZc1Vc|IQ;JR^lNIvc{w6esFHrDw8nHi#)a>slj1cb^lf0Cpx)c^nh delta 1182 zcmV;P1Y!G`3YiKcFoFdYFoFX8paTK{0s<5mftB1)*Ug%1BQh8^ zGB+|XF*7tbS{Ds7GcYzXG%_$TGc-4mZ9aeWIUR2=?YPD-SFMw6S+ndVfJkb;fBC!3 zljTdqlAyBV#@8eArz#o~bL9+3GM6nw%lq5bEw)SM0ub>6m8~&=!pIfS7*#q%|I<9)KN7YWx@rzn$E?9ra zUF)fg0Q>2Du=l|GNtlexLn_8b;=_7*y>ciGHa0B?F=8I}%O8(@QYk8df)zZ2+Lwv* z4P(EE3O|z2yUa2_aDS@b$C)LvvgnFSu&=e-i`$hWRZx+5!_D3mzECfhHT*#N@skcqoWlvXK>&>usyTn(GMUBmh zd`Robh`S#&3t?QX(Mo{aUxrOJVT-i_0|5X5qf;zwI9|R| zjX%%tv?OB6Pjr1S9|i+e9U}x7FcyFmIt$2PTR2|6QjI^)@3bUh%1?BClk@^5f6-$L zlyd$rfZxU|41tnF2lROMW8T=@1|QN_zFdHUR2XEwC?)pzuFvQHSHyqc!Mt&6~Dt*7z3m(!WKD5x7NwE949Ge>#f)DGhAT=q{$lG`kEPOWs+zuXX@1>}1U^y<#2e;5#*_ZU7= zTfcIAwwJgXm&pm*w+@;m*wcb3iFr^$>MsI&LFsYnfz6eI9>AmB!=xN$Me$QyjjKCA zx(v+S{(-}7BV@$mZj+^Sy359#QqpeI!zRLBf|R4pAU+9XeR|Cg0;?bQU|za#s8CFP zS3Lah_&%}}3XyC+2Mtv!e`Lm*)ymT!Yy8%*nmv7C7wP;aA#{}Y#y!jB%|OGE6*F|= z=m1iSa^&&Tx?SuXN5^2VY%v&4o=CnICs(^029meocPX^q0gl`$#i60Rg#mIhUTEPp wh#3Rst(_Z#*erO%`3~*;=kP7u(WO~p>-KSQo~T(x1-7gb5r7?R1iL_1eqv)fw*UYD diff --git a/test-ca/rsa/ca.key b/test-ca/rsa/ca.key index 25451389ae..42e5dd612d 100644 --- a/test-ca/rsa/ca.key +++ b/test-ca/rsa/ca.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQD0OR1vL+24xi9X -rZNtWbPsJYBIar9/+bvNk+VLxJKgx2qjDWmvyZxYPSh3f2shgWUYagsegG2o/d3p -xXQpGlwmoMXigOsesyhmKSlAA7eznQ29daGQRLEbMJQkPhe29mSYr6AF2hv+qs6f -W6ph2QPxgzquerBH1U7P8YtaaC5YyF3rqYwA++l8sPfA+0mYjMxDKsZG4sN6eb1y -KA02Ni0IMWIe9ssfj31SKSqBghU8g9qXifMNY7+ICj+S0LvMMj9wf6rfx5klsrLr -PViL5VMjjbzmv8xx7HgNMlV91NFi3aVErMuEIXB08QPsJlLWlWE2H4LgMI8jD+Ot -4GZ+rWtIqc+pWoAFabsH5ZUoA449shC1cdsh+NHOSMX/fsjnNa8sdouV89oSmMiU -0BlONCBho4IwjT4c8e9ZWSUTgJjyOrjg3Yrhs8C+vo2kuSKqxo2987CYt2eZ8OjK -2Y5Ju+XRtJq4uSBYNqyitHtniTZDXnsyaJy2/UJJKjg+9kHjiXScLZfN3vfUOBSP -GIACM5yAVdQ0s+kAtAEj7nGQeGeipwV7otaVmRFt19YdVdVGc0pEAPJdLRvBtKZU -6ye8E9AUJsv7Rfrebxa+T/ZHKYAsBEhDXMiX5am3TdhlT1dd682wdrvEV41Fjc2K -fEjryYi7HzQLYVyt0UqA3F+GNWGLtQIDAQABAoICAAdaA/2c2Il/YPcN511oHd2c -VpUKrmKqOdg7MEo5Mjcn/Mwu7MeF4iO/c40yILkMrbMwCs8+pNs5b4l7kCUzASMi -I9LPRRFsUAMDQ8kEuge5UPiRc4bMPcIu+PnX6w7VS+65gRYSaSIfy8IWsei2h6l1 -fqBR9FlO0OVUxN64oOyIDr7q7UDHIVHHlS2rlgOP+XYfWE8GwUVAKBvCz0lnSBby -Pzaymlq3QkAYgFcPSDErwIcsEYAnSIfn097iuarj64gpAuCWbMQqi1UMruWtkyfq -B42xDsGlkXEt2rT2+xAznw36LAYsm4RpqbYqHfd0d7PeLvctfwfz90tjCrLPHABj -Ti/Bg6fOS28oGW9kJ8B/06u/3Alg50EAmg5AnDprb3k74TfsEx3Hm5deVrKIYdYS -Z8dFxpGueOP2sCXpXk06R1Nh1xWyh2K08cGrjiZRaaSDguOxysigL508EsbIGIoR -mqLb/YLGnFg4i+nWBUleCWRbmL9VUrA+/Fjvq389PcupINrDBClUpPUCxPY6XQX0 -sdclRagSjwXgd/xQYfbRIAOGXBphZ2+56wtS8Iiqm1o/d+cxfDolP2sH6NLF6vF8 -35BQKm5Tne0r/ZFv+wJhUkUdQn12O9WG+Vofh9LeML3BYc3OUJSwn8KiBTmeitYQ -RCJBHxx5F+Uobz8H5FrhAoIBAQD88oMCUekOfL7WcyP1G1+ec/U5KEumsC7XEXJX -5ErM8r7gFBl1fBGObw5usR0mTyYkEXorNpySRbBfhtkofoQji/kTUesoHxummzT/ -CAiUDnBS51X90SihoKc9xOOVtvb31adaqIzE/AMXYyzU5sN//8dC2JBnjQjwVuEn -syPX7N2dydYrPvP/rllh3CfUj/EBBk65y2wJQlJDs2WfDJNjO9s9qQ9SubT2MJJ/ -6+LW3nv8VS3H6qDzl4CdVuTWVvH1WcyjhCJKk2VBlDG4a6XBCd/GtB1r4Oo4xhgP -MnSyrllGoZo5rZvEq/jZesYz0dBk3yqwl5sjTmvIsSXdHBgzAoIBAQD3K6ZHivRy -ffD7v0DJoPqTYfHM+DsACbTZHsu3SOpPyHy5cc1nImIP/DojyT8Vjim28neVLVwC -Gx8q6glbFgtk29ILuBa5r+gV6hqI66zXxVV4ytErkBuXS8u4b/U+kCgcSf2diZpT -SIxK9kj8rWzAbxDOhlBcJDrRePEdFkLQ2dingrff4MxkOPDRYAnMC3r4Bd+n5XOg -e0jorziBIabYLsI9xxHp7AbFrFYnNvzYUWfv/N2ed6oCdtAH+CYXxj01QSIBMwmh -x/gOBxAna2uKRTxoCfOiT3ngRduQ3WKGg1GDn8Wchp41w4IKbYt0VPGXlLTSpJSg -IUQqJ+fTyIR3AoIBAEhdJMe8IT2IyJvXUtkjXKabK/OPKJ1mV/AlSJ4GbLPXWm4G -sgXfWbJy6SEXwGweRp4Y9ed49zANidi6XlPsZec5eydgzzKqO6HdUzsG1FVvEAlX -r00u0j3zFQVh124UavEaCYexIpyUMFo3gDLkVde/mATyqdVGDuGbKUzPPhje5cPn -Y0L5/poOCfoqHqb8CwmtAUa8AIthkuFVaGQpF91S2XT5ca3L/Q5VdQPtuvaXrcbR -o4hHAobNt/jLTCpZs1zqtNWuzpShOF2bhOHqwf/I0GErVCNxs/BME8P9Pk+D+3xu -bQ3FMgQA4u9s5Vkb1E+XXMIqjTJ7k/BVZaytBesCggEAGbmkS8vtl0D+ZOVJ8/Ja -Qh6ukPvBAEcCWJq47zGamYUvXgm3LCXK+QjycCkQ9MhgFRd1VMRs0BdMjiXfpWhM -9UlfujKFwvvI9wbvjhKhYa+7LqBFVvhftsZ/xIl6h/FvC0q0J8JbmpFxcJfjjtDq -AblNkYEvOffXW1fwGGvptl0GDKExTA7UlxXKErChNGh5evj5hzr9ZtWOCBG8mswK -1nM/ajie567WIZrHOLujY0xNug+ibUzdF/aPvlSYel76neFSjbdnKDxs1+DqUIAA -qFp+aAGpJtqIv8vlh1VTXNasFDv70Ee+ja/0h+tQ2WHB51nl3AqfIW907cJLgaJc -DwKCAQArWCadaAPle8GwOuBjl1n+cwPOdEg37Aab8AD9wcjEG+blevijPAwt2kQd -tFAZOtj1Sp4sAeGpZfbVaYSAvjQi5gkitPm8ZEkHpVzF6Xbp3fyfq4B4F78X9fgV -2/ZA8sH30KAZsr/+PKvLP2dC4s2ZlOMySM5Ag8mGDtJDTd49XDJf3HDoKiivO+NR -uajuBJrFlCbilOwdL8i7eQ48UPBv87gUR2nSVlr2UxSHqXdEg4wZE7QskjG8/vud -7F3nLLQk14Qqv9AuojIIugRNeOQeJpBaY+iTZwrKEFActErRN4x+DbnouBuJESc8 -jJsEX0b+CuJuF8UXlH85H3kiG/Tl +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCZ9t4PCPmppXgj +DX8BOtT1KzmKt/2lZbmxwEL8MuzB1GAmAeczv0GLAnGGOtQacEhF06gCil/k2Ym3 +XjDDA6TJG6LvuNHVctuJNXm6jDg0hnSjJNhRPJuYh2pq1sIZdM6dh506iiBm3UPh +K8PLOgI8kxcveKCd7OCY+iez15eMwmBNlfEIiTBRhwiOG+MfLZAghdZdAzSMb3+B +Uwk35a7UVuEC/ZXP4NRmYUrCOO+cUmxCySgcZnyDmEoQIqJMPrNIrJVwlIo5yCc+ +sDWOHVgDBU2nuqdW3Xlnbp2wpIpImHQRPo9Kuu4JDhbd2AA3c8RRlyXH9UUESdbH +5ev7Nuo5WDlEADRBlEtlCrMi5ksWQRAnrIx6tTRxDXG+TGFZdJJgbS1keid+Fm7j +HrkzUZFmibVdNwFe2fCtwwLFi5FEgcTo5tGrN6eRpTd1L+zehnMde/1vJR2thThl ++FJg5sZ6AJriNjQ2+5ovUknIZcns/3tJxF/QaObub6gysRPuBvRtlhOAgl3v4WdS +yJFccfZvnD0CgI3W1hKaa7XBeQbDWeOoUYsquCHCF9isfmj/zGdBuSSzMRZIIZbx +7hnUog8Iz9qfokVB/BtIXDt+2M3zuqiqqTOpCrgKiJAbIKz2YxIGaYf/tdMWxGOb +DbTk53Q35cIQCa84+cDwnrSB2hVbywIDAQABAoICADX5L25I4LDik4OCQzAsriQG +U6U4C+C0EQ1pj3H27j2i1FPundzroq/3GtIKBHoCO6vS35aIaMaCpj8Uc3ah694e +ZJeyDElN+v0WNIa7iiaLrg7VJ0oPO6KUci9i+udOpfHebTVs35//2EBzBa/UNZ2D +mQCownGqbS/jnhBzNyr+pyD7u+QYp8ok0tByoUO4RsrH8FZp/b1vhtzQva4NRCUn +EblpKWAW+o6rc7gzmngMAuzEtN2D5gmB1RDj+05MOrBy4+5z/CL2ch+NSTD5Q3XH +oan3ipsuh9VFF12pyNpbK3EyI6x4bGLbQBPkGWtXF47ctD9tUZUHx5YLGZdW8HO/ +gAR9Zlu4K3b/1cwnBtuo9CIAYdNjnobu66M8ilqCTlRNw5891ejfoY1Um+zt0lGy +T8ZDEY+5Vt8AfXXdWFjI9TLdPjihHYI/KhTwrdVYK/pxRlashl0oYP+KxZ5tgJ4A +osIPWdkpV0GZA74CSZlu/0FSDzBCoYar29ws+wlPtDxAHZsl3YRxTc+ugyFcD6cl +VFH3t6R062WNAmb2eUbyuY3+JecMZO/TH4Y9dYhYiL38E7XnzFXiXDTqIKlDpNkr +PPV2HY+0xStpk5XzSfiBd1uGVjVHzx71u+SXQtc75KO3uNRa9q8XSptc/B1ye2dr +F9jbVOasGjTR3r33Dc6ZAoIBAQC8ReJQohWKo+5K6UabCMNZYgTJUa6+PGNwt5wR +LZx4aJfHbQkrYwR8bCYilRkzQUAWdCjHJGJ96BhogcJtbnnULLK2pD6OChM0Fzds +3nTvTkF0z1JcL5TSjtEmpbepKv7RIYykKlDsiD+e6GZ0RJO+idBuIFAx3A42m+9N +4EaTOn5P+d6aQyaTy0TpphJnBwODi3eHUfxC/AJkvKGqI+NZBI/Y6CT+GqT6jFx6 +LgavwI5x2UsN3b96yJbGn296sPOPX4AaNWoAf2Bg0SQPXaah6n8t0paJ2n7Xl8gR +ti88V+Iz851TD/xBKpOs+sKH2/fVsEetroe3j2HPe9k0Lgf5AoIBAQDRWX0XqbzZ +XWVXPlpas+8DEk4MjfxbxH6yBSl0k0gRSULMm2yAYQo9eH11RXxC5zrAPCgFI7pj +xWkvYE9JUrACkGh7WIJtHpWsNPij65i4AYv1bp5dq034B7X+YhMZ8y4ydRNWJa7d +1Lw5PCSkHFkB6Xbe78EATlBxcmAX1cz73k4jvjEY7jTIbZsKbZ9OIbaCGV+mZadv +HYqt4anV01Tp3JBSIOUKo/UJ6rm9Tx2o1m4jtqUqojia7UY1JkNBBzGSAAsT/LmC +WsTbdqlbJ1+3ik5LoTblQelNsH0knulZ+WXXhGp0me4rjf8WKlTux/4dPL6GHS86 +TkvEnNnbXRrjAoIBAQCPh49S/V4CxZqijViAVJvohmsztwvKh2sfwTo/dlA1Ezey +lxNIekIvQJuJ/bSqeHINLBzyRHC5n7kL4vCAUJqcAD92MZxm2JNvQMvGOYlX7obE +MFGPac7A/pPALNHpK5f7guIfPQtYZz5pPK7usGEZ/yJg8k1w1VwYkaRL8FCdaRhm +jA0B+XNtdKdioHKjDJvHKwnCpeP0hP6mIY/1j0qA0JOBPukEtvdS8rKFipUaY2e0 +r30iYwzY5Bbd8SohlMj5YkrcsB/RpUmqRYaCGFkyUv0Fx+dvzJyqa1Hg/szf6ffO +t0gWzLb4Tycp1jl7LVyxEaRzafyZGbvtW3No7jaxAoIBAQCGPLKIhM9SNZ/wtEut +k2jz+D3RsQ2bLkDrF4JAfNweMXLCzfphy1eMmQEhPD/0il5Su4AR45n1tbS/qyrL +4lh4HG7SgKuJGq5wcLrqKPyRKHS9GIQ1nc1t+EvLZMnIvvTlZ8rRV3JsTaevr4/z +JzYvkqslQmjoME9Gn0dcoTxCWIaURrUmvj9cMWPT6PzYVae4flql0NLu3et5mZSU +RmFRX5uu/ea/zuglxrv41o03IOAYyFnaH5DaTsDQ/crsHJe9fYec9lVhb6CA9PKd +P38Rqn6P4jzX/k6CAWQNIlSQ2+lgq0izoaxlgzSI2vYA8n5P8w5b4sTQxzmwRb8v ++OBvAoIBACFTTlrcVOFg3LqXvJkrmOHRlc+6xu6wKthRRT8YSCEaft+OqpwVko1C +pdbmPjbqYyfave6CP5Ok0esFj5/UkR9JTmwxbRWfGWub67lPEPNT5vA6zVbd1khD +/2rNqKokOPt4IYHPIvTnl/kgCOvz3tM8mp3uWiqWICfPQg5F3CrpJgWz9XYWeIhv +7kzAyUtqy01y0cWkyyKwJBMQCSM4+iQFfap0hXyCyQf8F2fo7480WtzQYpwN6Cxj +osSM98P5VkJtNfX0tLhSyo7rv4LFx5zNL3js8c+jSLZP/Gva6ttwv4uepJlL/n3L +TveOK3pXOzZpbPfacvO2EweKccHWM34= -----END PRIVATE KEY----- diff --git a/test-ca/rsa/client.cert b/test-ca/rsa/client.cert index cabf63219a..f389be34ca 100644 --- a/test-ca/rsa/client.cert +++ b/test-ca/rsa/client.cert @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- MIID3DCCAkSgAwIBAgICAxUwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u -eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDYyNzIwMTM0OFoX -DTI4MTIxNzIwMTM0OFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pPIalsU/g+B0hjSuj/f9JuW6tMe -ioqeTC5B1LCzSY9RS/PiSUfTgRyZ1e6cv7wlASeoj2rpaqPnHxUTz89OPR1nHOEK -BytX42YBrm0D9BQPz95Wzg62fVL8d4V6rh4AvDZA90N1f/W0pkGsmygB0aHQO5h5 -rM1nTNhvm6Uuz+rQqts67KPDE9He16Q4oYK/djmlRE2D0sBL1YKsyO1K9pCCHoKV -+loYwn4unKvvCuhntC7LFQaB+3SdbHVW0VjCXF6iKHalJww2sI90pYDYYh8J4Iws -mJ6WytEh45SIg65ZHsz3bNPVBUPHUODBN4nutYJnVeZUIDbd2HfOvADpWwIDAQAB +eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloX +DTI4MTIyNTE1NDA0NlowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5QHm+0o8If5m8OsUC2K1oJ1IeCPD +Aq2AuXFqVRIa5kWCqAcd6Vp9y25RFGS7j9HhT1bViU/ZZxROY/rOXZNiPJkUgAb/ +E7CBXh8yc9qGmac03ZtspIcCpmkOX1YvkEfwBeLzYIBC9wm2BcwqWHtNrBEQzDRd +nTiVH0W8/Lqyg3NtCFYQkJOQnZvTD/dvR0wrXXxePmtyMdJ05TZkrfX5B4w7Tndf +6CKjqSPQ7o+iWm9kdhJxqxWFzWLWlWXn5h7kmpDHf4/mJ8KDZv0oH4uzc22FodJJ +YfrGVelFMLTCHCM440wN4tWZKxxtWbmdNVTiNDHu44XhHqIT1sSCMzMSzwIDAQAB o4GZMIGWMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgbAMBYGA1UdJQEB/wQMMAoG -CCsGAQUFBwMCMB0GA1UdDgQWBBQQZNmo6prWzRHju+orTZeCDSSnoTBCBgNVHSME -OzA5gBQrYSNFxVz2xpuhaMyTwFvsTvWcLKEepBwwGjEYMBYGA1UEAwwPcG9ueXRv -d24gUlNBIENBggF7MA0GCSqGSIb3DQEBCwUAA4IBgQAl7MDSv/BElk0e3ke2WGOa -f6Y3WRFciWC603sr3vSoYPoD2A8Q4ug/a/Bnhs7VlS6YChsk3IT1rpjgJIgLDUUc -dK8TmE+ibSsWYj0zGXr3UhNNZKoZl0JT7OxJfsqYY2aCjCtsLhRS+kpCr0+e/zMT -OcsI0iN9F2AyFFT9eFQCOS/IKpldIj8eB+Bhx6so3/qkX/Hg1CJqRmVbznNY3OCN -I4k/87sze2e0fdU3bH8275zRSfONb35BdceKn8VpZywWgxm/eRrEv0U9Yqi/Gdv6 -elrbRSNw5uJXwlmi4k4+OnbOznzBsrteCwigUBrTcJRHs/8eRLyRRNkRysQG4Flb -mh+KDsj/f+Odjg1diQOwPMSC4ESmZdZgSEn9Zcd4Oy66+OSMdfctO6e6v6vkZddJ -/jcTUZEPsT9y+SCqtCy+9NHHN4VVMOSQhhCj5GiPqfuEe/slzlUlS4xg2+9s9yqH -Z+liOu6o2++JVbXDeYYFx8v0ZhttMYaXlLw1q+s4IyM= +CCsGAQUFBwMCMB0GA1UdDgQWBBQfSuJGtGHK53ixx4sPRZ1H7i6tnDBCBgNVHSME +OzA5gBTV8BzLqYquWjLv3bEFk1WlElVQo6EepBwwGjEYMBYGA1UEAwwPcG9ueXRv +d24gUlNBIENBggF7MA0GCSqGSIb3DQEBCwUAA4IBgQADh5dd3GPomTyUdFgo5pGB +VLyiM5mkXTEtlQVerMCdGEFfPzRqOragZYdrdyJuu/ZQTWF/B/skQHxE9YR7d/2S +tGFh3NxSP2wELe8fXgxrOgM3gTUXn6B0UqP9aMZtaDG6MUDKKTHQqUnV/TnAUwQF +hmpMDt5YHVM+XhO6c+nd6ky1JewBSqzShAC9eTPnYFn4RDjsuoD829pNe/fZtGHi +5orpKGZwit4/uX+Tiw0IJj3fVbPRt12+0DEiXEKpETjXCKAejgXzzUNnewablMZE +RdTiDivqx7KWvEx0sUMf4HC4N1EGwMtg2kYsfMpGT8/Lxjd6k4/27S/y4/9VisWT +ZTnSg9vD+FD1deBu5uDJmQJSChSfUJ5OjGTGvFUw01TfG/t7v+pJa25lUvmlkKo9 +kpksUCuGYmgfKuyO69DHNiTgTdHsy7mknGHhHFovS05q5SDXMyjyU9Vf3Nxg4Z1l +99gYyEJEQifZQZm/TuGLfc6iVGb0hEvqnjFf7OBusrk= -----END CERTIFICATE----- diff --git a/test-ca/rsa/client.chain b/test-ca/rsa/client.chain index 0c90929a5e..045d4cd7c2 100644 --- a/test-ca/rsa/client.chain +++ b/test-ca/rsa/client.chain @@ -1,58 +1,58 @@ -----BEGIN CERTIFICATE----- MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0MjAxMzQ4WjAsMSow +dG93biBSU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAsMSow KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC4cHjqDpD9JPmZUzQ6VRraIaxPysbc -Iu6JgHYuFZeFGi0dU4DkCjpySiqF0r6Ym3ZprweJdsX0WMHYgcn/L+0GcgXbxZKv -emyeHS1XSFnhJUwNHdPzz7YUL7x5n6ucZlU89XB7yzjpm8KF8XEltM5n63TGvVm2 -xstJu9YE5tIXFOo59R3GM0xaSexNhKTTaY4Q4kvLURHYhHB0WSrngJTW77u65JRp -mO9y+SOtHlpuOrlf7/PD6sQk8Fb0UZHJDlNVK3ScVQ/i4eHl2+VKl77UoavI/SYG -luPQwy2SllYHPnvXryTIDsO4CAhtHe1kBqgEe4gnQqkKBifnom1oexaKtOqP5msw -9+P+DqjOu08qGLUS8UB05cLXtqnMp68/6cPT3sE+1tm7iEYZwqxSLSS3DOPdBr3H -bBq820O4aypi4dEPTAnWkYUj3FG7hfOyBFNtNkY2wEX1K/ylo32d2kOP6oRrBubs -xYT61q1cVIvcjrA0Ko6XRDHqCPEloGlB0mUCAwEAAaN/MH0wHQYDVR0OBBYEFCth -I0XFXPbGm6FozJPAW+xO9ZwsMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBQ6C8hg -WzhevlKNP8/vtCRiyk90fTANBgkqhkiG9w0BAQsFAAOCAgEAnjpQF9FTwFQD75aA -1xL15XR5l6DrjDzZfq13gr/StaCQJ44OtmJvjzdgfPI5sRmpiUgU7bK4rOhKLK6C -3NUpq+Zg+5D2TzDHwyBNb0uViTgr75/P+HHBJUHwdvKbenDkn1QfPlx8nOtyyyFD -Jw3HEVGIAzGX3rWUkyZhwLQ1JUC6tmckNGg/9OVxKnr0f1fxct/F1Hc3Hd806Wqc -/D2QdDDTCtA9qZt53ED+SaLI1mzfvm67pyRZ43V5BvkAj1xiumGFHqLheK7hdC9V -WXHgPQobGJgyhOCAnQru1iKKnld+VIDfkZHu6fchsJg9ty/526QfyKRGfT7ak3Ng -0VSRsBj9zRPBiKrK4SFcmmWVIbj+lyN0xJWJFJ0ZrxFnLE/fjzF6smyTZxRYC15L -NCq+xy4yAvFRvcLOCjhmWkDJeAa/Y2cg50xrHpK/Y6FtPT2Bg34N1/fY9FP1r6AO -QMSrFGWpRl8Nsm6EfmJMJR1vfX52H7u0rla6Ay86yL3JMAfW7zFMYrRXx4bxq9hF -Rv4z5nj1RVR3+iNeOIWNx7YtyxvYvd+zPXY2LlkAr9QAjScvsiCKWi/5z9eC8aSX -VJcQoaKWoX2/SwjRuTSsI9P7rHeGNavUQCVL97slkdx//Xvw6ruP3bOQ+XzYvPAO -/DUNNf2nkPD7DKj8pFV8Ia8p910= +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDJygesR+2I4Bc9YCty+f9/mn3zD6Qh +pd8C2tGKBQ31cD33Q+sN4JGRWkGTJIygu/oXXeS3Gqu0RjnPHFikMdDOWge6Wizq +pGzkftg1ZL6nvs9IkOhrcfEIthxJmC5zOfEQ2f/7k1a4lriUC5rYot86ySOgRMbJ +1p/uJPejbGXGiJD8q2T0EyNS9RlgCXtBMrVbngwl1aet1ZR0KQITPA9pKi9ra6Og +x3agB3tDi/LGiX2JlkLAvp/VsN5CnnaEeppsID+7fFspr/QWjVl27RRE+KMpPL1C +sxuUXodcFv1s+4gDrXZHEWCUAL0O5gwVtL4mCv0vfdqZZQWThZdRlRM1FXAhk+ja +aYrgCbWgfP7M9qaTua/mUVEKRHAOzghCeGE6B2FVyKlk2xmPHseLMeM9n8/9vgGs +5h6WHWzs8BNQKgs4V7Rd9cqQ3JdZI8+TAaD43wFCwoW3dNnLOOsyS6XF4WVf9ngn +GxkFajQLkVuKwHCqmrJa4dtjx793EtD4ONECAwEAAaN/MH0wHQYDVR0OBBYEFNXw +HMupiq5aMu/dsQWTVaUSVVCjMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBR6IDm4 +jL0Q1LtVBQNRJZhOaJ9C1TANBgkqhkiG9w0BAQsFAAOCAgEAZbhH6jLY/RqiIiX9 +Eflrn+86FwAzHZiKgbIkMVUqhh1tEHsmVqyXgGZvp8a0j1xA/Kj4RJ/mVSNIZ/z7 +PdDcfYfcdotUvfpUlMIdgESB7tn2VfLdpx807DHTK44di+RsDEOcZokb+u3bYzsD +6VeYgk3dCdSQR7s6NEgKolcQkY0Ma8EL188yHBmkOOex/ewM+sVNYKQTiSWeCJhV +pQAOQwhMejHa8BMvZGKIy3RtXDR+bbS4tw1tiJQXft+380+yNfrkpDDiSiyhR6KF +UXwZD8O7DLSlT0mHxe4o7reurPcsDkoF7aOywuxI43+SKwPKtxgEZif9FiiMfdJW +fK9wy/gf8Xd4YAn6ja7TEsu1Xtf/NpC3oBJ7T2Fhxf7wV3dDqUxltKKHnCJ0QWrn +4e5fyLpP4NsVIFv6LPhYvm4Aa574uyYMfnVhui1mHWMi3FbOACPQ13x2S7nLVUzp +ZtorkQgQAo+D45lSJCQizf1CoRP/l3+iOIwhP/5Sr/at4nOsjTQCE4gAeStlYfoc +SwVtG/euJTxKR7n5HPn2Jcb86AqnNp5zF5XRJgWXyIn9NfYuNAOTWqQXPgc2Cko0 +8f4bBc1Z7u8UN+dGuun+MnFLUnsQDPAarYWndS/7c7IuqLNjQJVnk5+ZnV8DIPxU +9rOxDaj2ExLTz8unCJcwRxEtyd0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUGIGV3FDZXdNIPCe2s9FHmjTqeLYwDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDYyNzIwMTM0N1oX -DTMzMDYyNDIwMTM0N1owGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9Dkdby/tuMYvV62TbVmz7CWASGq/ -f/m7zZPlS8SSoMdqow1pr8mcWD0od39rIYFlGGoLHoBtqP3d6cV0KRpcJqDF4oDr -HrMoZikpQAO3s50NvXWhkESxGzCUJD4XtvZkmK+gBdob/qrOn1uqYdkD8YM6rnqw -R9VOz/GLWmguWMhd66mMAPvpfLD3wPtJmIzMQyrGRuLDenm9cigNNjYtCDFiHvbL -H499UikqgYIVPIPal4nzDWO/iAo/ktC7zDI/cH+q38eZJbKy6z1Yi+VTI4285r/M -cex4DTJVfdTRYt2lRKzLhCFwdPED7CZS1pVhNh+C4DCPIw/jreBmfq1rSKnPqVqA -BWm7B+WVKAOOPbIQtXHbIfjRzkjF/37I5zWvLHaLlfPaEpjIlNAZTjQgYaOCMI0+ -HPHvWVklE4CY8jq44N2K4bPAvr6NpLkiqsaNvfOwmLdnmfDoytmOSbvl0bSauLkg -WDasorR7Z4k2Q157Mmictv1CSSo4PvZB44l0nC2Xzd731DgUjxiAAjOcgFXUNLPp -ALQBI+5xkHhnoqcFe6LWlZkRbdfWHVXVRnNKRADyXS0bwbSmVOsnvBPQFCbL+0X6 -3m8Wvk/2RymALARIQ1zIl+Wpt03YZU9XXevNsHa7xFeNRY3NinxI68mIux80C2Fc -rdFKgNxfhjVhi7UCAwEAAaNTMFEwHQYDVR0OBBYEFDoLyGBbOF6+Uo0/z++0JGLK -T3R9MB8GA1UdIwQYMBaAFDoLyGBbOF6+Uo0/z++0JGLKT3R9MA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBANFjC5Ry/i+A38YrDIGSRAf0ePZj3tjc -Bh/SV75cgIJUGGS+KCX2+K7P5/9XxH/fwb5kZZyfZsT7oPiv0nqoXutljcoqfb/V -Cx7SJD600JhJsPu4HJsbF4IP660gNSnSyNt4ESx8RIECW3o9iO/cgKpGkValT1cC -HKSrv80l+whwnRRKHV2yvl3N9RkVXlAcFOP8zhRjQsrMNZSIz1Ux9KsJG68s52tX -SSqK00bQQMMFiznF+xvN31GL8nQrtgPvbbz3EI6EjdBhXtwHSZXzUXM5IYWD/GzO -a0Td7TFGQlZckq6/rxT0Qp4qzYlEx1JQi14Mv9wQoAXkew706s6oGBCd9xg+UVu/ -cny2l7gal8kJ2rcOmiXY04IpiXlQQuovAntB6XHpgc2Vgh7Ao93DpBxmRfFTXI2r -O0C6DMzd/oHDbSNkxONuk6V0usvGnFLSbtPDJsJegpSjzSA+CWR9es0PAqsf92Be -unCoUEx+Vzz87/g+shQKkWw+Bw1VKmTGmtXK0x9r/Nawmj19YRfp/CYhdJT3xj3L -5c1Aw5EVM3Ti6ABSi3Lk8dO6XewcR8dgr2wxGE6eSL4XJ1e7GwaSt+F3KbTeAY7c -KcWhobyFAXIyXmjhNYgZA+atnRuD2Cx4w/kO7fzn8C3c0aVZYuv2cXCeqFlFBbas -EhGAHWy7QFZ+ +MIIFFTCCAv2gAwIBAgIUeBO7ijNleg4pg4gsGEwTqZeLBgowDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDcwNTE1NDA0NFoX +DTMzMDcwMjE1NDA0NFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmfbeDwj5qaV4Iw1/ATrU9Ss5irf9 +pWW5scBC/DLswdRgJgHnM79BiwJxhjrUGnBIRdOoAopf5NmJt14wwwOkyRui77jR +1XLbiTV5uow4NIZ0oyTYUTybmIdqatbCGXTOnYedOoogZt1D4SvDyzoCPJMXL3ig +nezgmPons9eXjMJgTZXxCIkwUYcIjhvjHy2QIIXWXQM0jG9/gVMJN+Wu1FbhAv2V +z+DUZmFKwjjvnFJsQskoHGZ8g5hKECKiTD6zSKyVcJSKOcgnPrA1jh1YAwVNp7qn +Vt15Z26dsKSKSJh0ET6PSrruCQ4W3dgAN3PEUZclx/VFBEnWx+Xr+zbqOVg5RAA0 +QZRLZQqzIuZLFkEQJ6yMerU0cQ1xvkxhWXSSYG0tZHonfhZu4x65M1GRZom1XTcB +XtnwrcMCxYuRRIHE6ObRqzenkaU3dS/s3oZzHXv9byUdrYU4ZfhSYObGegCa4jY0 +NvuaL1JJyGXJ7P97ScRf0Gjm7m+oMrET7gb0bZYTgIJd7+FnUsiRXHH2b5w9AoCN +1tYSmmu1wXkGw1njqFGLKrghwhfYrH5o/8xnQbkkszEWSCGW8e4Z1KIPCM/an6JF +QfwbSFw7ftjN87qoqqkzqQq4CoiQGyCs9mMSBmmH/7XTFsRjmw205Od0N+XCEAmv +OPnA8J60gdoVW8sCAwEAAaNTMFEwHQYDVR0OBBYEFHogObiMvRDUu1UFA1ElmE5o +n0LVMB8GA1UdIwQYMBaAFHogObiMvRDUu1UFA1ElmE5on0LVMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAACPasY7ZBYW58oYuMgX/MZa5F8V3bTX +Fi7WpuunVzJ6X68KadTPF1GeF/dyfkqly9xG5qyeL8X3MoAhKfMp75iz7JkNpilq +mHO9GRN+SRzCOF2otWZGpvTp4syLq6VfjWw9bkwzC5N7FIP0t07aO4/AIPbpwHwm +oH8O611eVrh7nrhoXhUa6s4UxEVNu6RP6D8AtO4KDtJ3phPgvEXXZKZ/DUWcrAmB +2mXVZsuLOvegPPP0RxqgKlNX2ZG53xJE4Ugg8zfPyU7DCI3kpnks/gJrhz6B1nuL +14KOC/rXo5oQRNVhTmanKHnW6GKZ5QEB1rqty16RG2CBog7957DnSYKleO4Y7daN +RZQX2x34PzbKvbDqcIgtlmFJmP6OMd8yUGBqIEh+3ed6GImfoMZdhmnttMnaAmlP +OU/w4cTB7FhQoX4MN5y3S/YA32mBjBt7H2NZmXJl5Q3DU1cKtJ1vAwHIATXlwt7F +9wOuhT/2usGQue1l2H26KRZ7tqa0TvWYzYI9liWEn8CT+Hf505c9lnAV26lxoSBH +C1MQhK1UzOSpL0m+GFdz6fX6fCYCB7DZDuv++KcHWbKXVTSk0jxZvl34CAIXJy2s +Xm6jtv9+Jo5zseYDTT/YgUXymH30SL+x8WHhOPPgunF3SD7uMbSyxI021vkBmRmi +mXLHfCGEyjF/ -----END CERTIFICATE----- diff --git a/test-ca/rsa/client.fullchain b/test-ca/rsa/client.fullchain index 1a5949b604..56ff67d667 100644 --- a/test-ca/rsa/client.fullchain +++ b/test-ca/rsa/client.fullchain @@ -1,81 +1,81 @@ -----BEGIN CERTIFICATE----- MIID3DCCAkSgAwIBAgICAxUwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u -eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDYyNzIwMTM0OFoX -DTI4MTIxNzIwMTM0OFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pPIalsU/g+B0hjSuj/f9JuW6tMe -ioqeTC5B1LCzSY9RS/PiSUfTgRyZ1e6cv7wlASeoj2rpaqPnHxUTz89OPR1nHOEK -BytX42YBrm0D9BQPz95Wzg62fVL8d4V6rh4AvDZA90N1f/W0pkGsmygB0aHQO5h5 -rM1nTNhvm6Uuz+rQqts67KPDE9He16Q4oYK/djmlRE2D0sBL1YKsyO1K9pCCHoKV -+loYwn4unKvvCuhntC7LFQaB+3SdbHVW0VjCXF6iKHalJww2sI90pYDYYh8J4Iws -mJ6WytEh45SIg65ZHsz3bNPVBUPHUODBN4nutYJnVeZUIDbd2HfOvADpWwIDAQAB +eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloX +DTI4MTIyNTE1NDA0NlowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5QHm+0o8If5m8OsUC2K1oJ1IeCPD +Aq2AuXFqVRIa5kWCqAcd6Vp9y25RFGS7j9HhT1bViU/ZZxROY/rOXZNiPJkUgAb/ +E7CBXh8yc9qGmac03ZtspIcCpmkOX1YvkEfwBeLzYIBC9wm2BcwqWHtNrBEQzDRd +nTiVH0W8/Lqyg3NtCFYQkJOQnZvTD/dvR0wrXXxePmtyMdJ05TZkrfX5B4w7Tndf +6CKjqSPQ7o+iWm9kdhJxqxWFzWLWlWXn5h7kmpDHf4/mJ8KDZv0oH4uzc22FodJJ +YfrGVelFMLTCHCM440wN4tWZKxxtWbmdNVTiNDHu44XhHqIT1sSCMzMSzwIDAQAB o4GZMIGWMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgbAMBYGA1UdJQEB/wQMMAoG -CCsGAQUFBwMCMB0GA1UdDgQWBBQQZNmo6prWzRHju+orTZeCDSSnoTBCBgNVHSME -OzA5gBQrYSNFxVz2xpuhaMyTwFvsTvWcLKEepBwwGjEYMBYGA1UEAwwPcG9ueXRv -d24gUlNBIENBggF7MA0GCSqGSIb3DQEBCwUAA4IBgQAl7MDSv/BElk0e3ke2WGOa -f6Y3WRFciWC603sr3vSoYPoD2A8Q4ug/a/Bnhs7VlS6YChsk3IT1rpjgJIgLDUUc -dK8TmE+ibSsWYj0zGXr3UhNNZKoZl0JT7OxJfsqYY2aCjCtsLhRS+kpCr0+e/zMT -OcsI0iN9F2AyFFT9eFQCOS/IKpldIj8eB+Bhx6so3/qkX/Hg1CJqRmVbznNY3OCN -I4k/87sze2e0fdU3bH8275zRSfONb35BdceKn8VpZywWgxm/eRrEv0U9Yqi/Gdv6 -elrbRSNw5uJXwlmi4k4+OnbOznzBsrteCwigUBrTcJRHs/8eRLyRRNkRysQG4Flb -mh+KDsj/f+Odjg1diQOwPMSC4ESmZdZgSEn9Zcd4Oy66+OSMdfctO6e6v6vkZddJ -/jcTUZEPsT9y+SCqtCy+9NHHN4VVMOSQhhCj5GiPqfuEe/slzlUlS4xg2+9s9yqH -Z+liOu6o2++JVbXDeYYFx8v0ZhttMYaXlLw1q+s4IyM= +CCsGAQUFBwMCMB0GA1UdDgQWBBQfSuJGtGHK53ixx4sPRZ1H7i6tnDBCBgNVHSME +OzA5gBTV8BzLqYquWjLv3bEFk1WlElVQo6EepBwwGjEYMBYGA1UEAwwPcG9ueXRv +d24gUlNBIENBggF7MA0GCSqGSIb3DQEBCwUAA4IBgQADh5dd3GPomTyUdFgo5pGB +VLyiM5mkXTEtlQVerMCdGEFfPzRqOragZYdrdyJuu/ZQTWF/B/skQHxE9YR7d/2S +tGFh3NxSP2wELe8fXgxrOgM3gTUXn6B0UqP9aMZtaDG6MUDKKTHQqUnV/TnAUwQF +hmpMDt5YHVM+XhO6c+nd6ky1JewBSqzShAC9eTPnYFn4RDjsuoD829pNe/fZtGHi +5orpKGZwit4/uX+Tiw0IJj3fVbPRt12+0DEiXEKpETjXCKAejgXzzUNnewablMZE +RdTiDivqx7KWvEx0sUMf4HC4N1EGwMtg2kYsfMpGT8/Lxjd6k4/27S/y4/9VisWT +ZTnSg9vD+FD1deBu5uDJmQJSChSfUJ5OjGTGvFUw01TfG/t7v+pJa25lUvmlkKo9 +kpksUCuGYmgfKuyO69DHNiTgTdHsy7mknGHhHFovS05q5SDXMyjyU9Vf3Nxg4Z1l +99gYyEJEQifZQZm/TuGLfc6iVGb0hEvqnjFf7OBusrk= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0MjAxMzQ4WjAsMSow +dG93biBSU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAsMSow KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC4cHjqDpD9JPmZUzQ6VRraIaxPysbc -Iu6JgHYuFZeFGi0dU4DkCjpySiqF0r6Ym3ZprweJdsX0WMHYgcn/L+0GcgXbxZKv -emyeHS1XSFnhJUwNHdPzz7YUL7x5n6ucZlU89XB7yzjpm8KF8XEltM5n63TGvVm2 -xstJu9YE5tIXFOo59R3GM0xaSexNhKTTaY4Q4kvLURHYhHB0WSrngJTW77u65JRp -mO9y+SOtHlpuOrlf7/PD6sQk8Fb0UZHJDlNVK3ScVQ/i4eHl2+VKl77UoavI/SYG -luPQwy2SllYHPnvXryTIDsO4CAhtHe1kBqgEe4gnQqkKBifnom1oexaKtOqP5msw -9+P+DqjOu08qGLUS8UB05cLXtqnMp68/6cPT3sE+1tm7iEYZwqxSLSS3DOPdBr3H -bBq820O4aypi4dEPTAnWkYUj3FG7hfOyBFNtNkY2wEX1K/ylo32d2kOP6oRrBubs -xYT61q1cVIvcjrA0Ko6XRDHqCPEloGlB0mUCAwEAAaN/MH0wHQYDVR0OBBYEFCth -I0XFXPbGm6FozJPAW+xO9ZwsMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBQ6C8hg -WzhevlKNP8/vtCRiyk90fTANBgkqhkiG9w0BAQsFAAOCAgEAnjpQF9FTwFQD75aA -1xL15XR5l6DrjDzZfq13gr/StaCQJ44OtmJvjzdgfPI5sRmpiUgU7bK4rOhKLK6C -3NUpq+Zg+5D2TzDHwyBNb0uViTgr75/P+HHBJUHwdvKbenDkn1QfPlx8nOtyyyFD -Jw3HEVGIAzGX3rWUkyZhwLQ1JUC6tmckNGg/9OVxKnr0f1fxct/F1Hc3Hd806Wqc -/D2QdDDTCtA9qZt53ED+SaLI1mzfvm67pyRZ43V5BvkAj1xiumGFHqLheK7hdC9V -WXHgPQobGJgyhOCAnQru1iKKnld+VIDfkZHu6fchsJg9ty/526QfyKRGfT7ak3Ng -0VSRsBj9zRPBiKrK4SFcmmWVIbj+lyN0xJWJFJ0ZrxFnLE/fjzF6smyTZxRYC15L -NCq+xy4yAvFRvcLOCjhmWkDJeAa/Y2cg50xrHpK/Y6FtPT2Bg34N1/fY9FP1r6AO -QMSrFGWpRl8Nsm6EfmJMJR1vfX52H7u0rla6Ay86yL3JMAfW7zFMYrRXx4bxq9hF -Rv4z5nj1RVR3+iNeOIWNx7YtyxvYvd+zPXY2LlkAr9QAjScvsiCKWi/5z9eC8aSX -VJcQoaKWoX2/SwjRuTSsI9P7rHeGNavUQCVL97slkdx//Xvw6ruP3bOQ+XzYvPAO -/DUNNf2nkPD7DKj8pFV8Ia8p910= +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDJygesR+2I4Bc9YCty+f9/mn3zD6Qh +pd8C2tGKBQ31cD33Q+sN4JGRWkGTJIygu/oXXeS3Gqu0RjnPHFikMdDOWge6Wizq +pGzkftg1ZL6nvs9IkOhrcfEIthxJmC5zOfEQ2f/7k1a4lriUC5rYot86ySOgRMbJ +1p/uJPejbGXGiJD8q2T0EyNS9RlgCXtBMrVbngwl1aet1ZR0KQITPA9pKi9ra6Og +x3agB3tDi/LGiX2JlkLAvp/VsN5CnnaEeppsID+7fFspr/QWjVl27RRE+KMpPL1C +sxuUXodcFv1s+4gDrXZHEWCUAL0O5gwVtL4mCv0vfdqZZQWThZdRlRM1FXAhk+ja +aYrgCbWgfP7M9qaTua/mUVEKRHAOzghCeGE6B2FVyKlk2xmPHseLMeM9n8/9vgGs +5h6WHWzs8BNQKgs4V7Rd9cqQ3JdZI8+TAaD43wFCwoW3dNnLOOsyS6XF4WVf9ngn +GxkFajQLkVuKwHCqmrJa4dtjx793EtD4ONECAwEAAaN/MH0wHQYDVR0OBBYEFNXw +HMupiq5aMu/dsQWTVaUSVVCjMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBR6IDm4 +jL0Q1LtVBQNRJZhOaJ9C1TANBgkqhkiG9w0BAQsFAAOCAgEAZbhH6jLY/RqiIiX9 +Eflrn+86FwAzHZiKgbIkMVUqhh1tEHsmVqyXgGZvp8a0j1xA/Kj4RJ/mVSNIZ/z7 +PdDcfYfcdotUvfpUlMIdgESB7tn2VfLdpx807DHTK44di+RsDEOcZokb+u3bYzsD +6VeYgk3dCdSQR7s6NEgKolcQkY0Ma8EL188yHBmkOOex/ewM+sVNYKQTiSWeCJhV +pQAOQwhMejHa8BMvZGKIy3RtXDR+bbS4tw1tiJQXft+380+yNfrkpDDiSiyhR6KF +UXwZD8O7DLSlT0mHxe4o7reurPcsDkoF7aOywuxI43+SKwPKtxgEZif9FiiMfdJW +fK9wy/gf8Xd4YAn6ja7TEsu1Xtf/NpC3oBJ7T2Fhxf7wV3dDqUxltKKHnCJ0QWrn +4e5fyLpP4NsVIFv6LPhYvm4Aa574uyYMfnVhui1mHWMi3FbOACPQ13x2S7nLVUzp +ZtorkQgQAo+D45lSJCQizf1CoRP/l3+iOIwhP/5Sr/at4nOsjTQCE4gAeStlYfoc +SwVtG/euJTxKR7n5HPn2Jcb86AqnNp5zF5XRJgWXyIn9NfYuNAOTWqQXPgc2Cko0 +8f4bBc1Z7u8UN+dGuun+MnFLUnsQDPAarYWndS/7c7IuqLNjQJVnk5+ZnV8DIPxU +9rOxDaj2ExLTz8unCJcwRxEtyd0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUGIGV3FDZXdNIPCe2s9FHmjTqeLYwDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDYyNzIwMTM0N1oX -DTMzMDYyNDIwMTM0N1owGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9Dkdby/tuMYvV62TbVmz7CWASGq/ -f/m7zZPlS8SSoMdqow1pr8mcWD0od39rIYFlGGoLHoBtqP3d6cV0KRpcJqDF4oDr -HrMoZikpQAO3s50NvXWhkESxGzCUJD4XtvZkmK+gBdob/qrOn1uqYdkD8YM6rnqw -R9VOz/GLWmguWMhd66mMAPvpfLD3wPtJmIzMQyrGRuLDenm9cigNNjYtCDFiHvbL -H499UikqgYIVPIPal4nzDWO/iAo/ktC7zDI/cH+q38eZJbKy6z1Yi+VTI4285r/M -cex4DTJVfdTRYt2lRKzLhCFwdPED7CZS1pVhNh+C4DCPIw/jreBmfq1rSKnPqVqA -BWm7B+WVKAOOPbIQtXHbIfjRzkjF/37I5zWvLHaLlfPaEpjIlNAZTjQgYaOCMI0+ -HPHvWVklE4CY8jq44N2K4bPAvr6NpLkiqsaNvfOwmLdnmfDoytmOSbvl0bSauLkg -WDasorR7Z4k2Q157Mmictv1CSSo4PvZB44l0nC2Xzd731DgUjxiAAjOcgFXUNLPp -ALQBI+5xkHhnoqcFe6LWlZkRbdfWHVXVRnNKRADyXS0bwbSmVOsnvBPQFCbL+0X6 -3m8Wvk/2RymALARIQ1zIl+Wpt03YZU9XXevNsHa7xFeNRY3NinxI68mIux80C2Fc -rdFKgNxfhjVhi7UCAwEAAaNTMFEwHQYDVR0OBBYEFDoLyGBbOF6+Uo0/z++0JGLK -T3R9MB8GA1UdIwQYMBaAFDoLyGBbOF6+Uo0/z++0JGLKT3R9MA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBANFjC5Ry/i+A38YrDIGSRAf0ePZj3tjc -Bh/SV75cgIJUGGS+KCX2+K7P5/9XxH/fwb5kZZyfZsT7oPiv0nqoXutljcoqfb/V -Cx7SJD600JhJsPu4HJsbF4IP660gNSnSyNt4ESx8RIECW3o9iO/cgKpGkValT1cC -HKSrv80l+whwnRRKHV2yvl3N9RkVXlAcFOP8zhRjQsrMNZSIz1Ux9KsJG68s52tX -SSqK00bQQMMFiznF+xvN31GL8nQrtgPvbbz3EI6EjdBhXtwHSZXzUXM5IYWD/GzO -a0Td7TFGQlZckq6/rxT0Qp4qzYlEx1JQi14Mv9wQoAXkew706s6oGBCd9xg+UVu/ -cny2l7gal8kJ2rcOmiXY04IpiXlQQuovAntB6XHpgc2Vgh7Ao93DpBxmRfFTXI2r -O0C6DMzd/oHDbSNkxONuk6V0usvGnFLSbtPDJsJegpSjzSA+CWR9es0PAqsf92Be -unCoUEx+Vzz87/g+shQKkWw+Bw1VKmTGmtXK0x9r/Nawmj19YRfp/CYhdJT3xj3L -5c1Aw5EVM3Ti6ABSi3Lk8dO6XewcR8dgr2wxGE6eSL4XJ1e7GwaSt+F3KbTeAY7c -KcWhobyFAXIyXmjhNYgZA+atnRuD2Cx4w/kO7fzn8C3c0aVZYuv2cXCeqFlFBbas -EhGAHWy7QFZ+ +MIIFFTCCAv2gAwIBAgIUeBO7ijNleg4pg4gsGEwTqZeLBgowDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDcwNTE1NDA0NFoX +DTMzMDcwMjE1NDA0NFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmfbeDwj5qaV4Iw1/ATrU9Ss5irf9 +pWW5scBC/DLswdRgJgHnM79BiwJxhjrUGnBIRdOoAopf5NmJt14wwwOkyRui77jR +1XLbiTV5uow4NIZ0oyTYUTybmIdqatbCGXTOnYedOoogZt1D4SvDyzoCPJMXL3ig +nezgmPons9eXjMJgTZXxCIkwUYcIjhvjHy2QIIXWXQM0jG9/gVMJN+Wu1FbhAv2V +z+DUZmFKwjjvnFJsQskoHGZ8g5hKECKiTD6zSKyVcJSKOcgnPrA1jh1YAwVNp7qn +Vt15Z26dsKSKSJh0ET6PSrruCQ4W3dgAN3PEUZclx/VFBEnWx+Xr+zbqOVg5RAA0 +QZRLZQqzIuZLFkEQJ6yMerU0cQ1xvkxhWXSSYG0tZHonfhZu4x65M1GRZom1XTcB +XtnwrcMCxYuRRIHE6ObRqzenkaU3dS/s3oZzHXv9byUdrYU4ZfhSYObGegCa4jY0 +NvuaL1JJyGXJ7P97ScRf0Gjm7m+oMrET7gb0bZYTgIJd7+FnUsiRXHH2b5w9AoCN +1tYSmmu1wXkGw1njqFGLKrghwhfYrH5o/8xnQbkkszEWSCGW8e4Z1KIPCM/an6JF +QfwbSFw7ftjN87qoqqkzqQq4CoiQGyCs9mMSBmmH/7XTFsRjmw205Od0N+XCEAmv +OPnA8J60gdoVW8sCAwEAAaNTMFEwHQYDVR0OBBYEFHogObiMvRDUu1UFA1ElmE5o +n0LVMB8GA1UdIwQYMBaAFHogObiMvRDUu1UFA1ElmE5on0LVMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAACPasY7ZBYW58oYuMgX/MZa5F8V3bTX +Fi7WpuunVzJ6X68KadTPF1GeF/dyfkqly9xG5qyeL8X3MoAhKfMp75iz7JkNpilq +mHO9GRN+SRzCOF2otWZGpvTp4syLq6VfjWw9bkwzC5N7FIP0t07aO4/AIPbpwHwm +oH8O611eVrh7nrhoXhUa6s4UxEVNu6RP6D8AtO4KDtJ3phPgvEXXZKZ/DUWcrAmB +2mXVZsuLOvegPPP0RxqgKlNX2ZG53xJE4Ugg8zfPyU7DCI3kpnks/gJrhz6B1nuL +14KOC/rXo5oQRNVhTmanKHnW6GKZ5QEB1rqty16RG2CBog7957DnSYKleO4Y7daN +RZQX2x34PzbKvbDqcIgtlmFJmP6OMd8yUGBqIEh+3ed6GImfoMZdhmnttMnaAmlP +OU/w4cTB7FhQoX4MN5y3S/YA32mBjBt7H2NZmXJl5Q3DU1cKtJ1vAwHIATXlwt7F +9wOuhT/2usGQue1l2H26KRZ7tqa0TvWYzYI9liWEn8CT+Hf505c9lnAV26lxoSBH +C1MQhK1UzOSpL0m+GFdz6fX6fCYCB7DZDuv++KcHWbKXVTSk0jxZvl34CAIXJy2s +Xm6jtv9+Jo5zseYDTT/YgUXymH30SL+x8WHhOPPgunF3SD7uMbSyxI021vkBmRmi +mXLHfCGEyjF/ -----END CERTIFICATE----- diff --git a/test-ca/rsa/client.key b/test-ca/rsa/client.key index 6d5645b128..8dc7df2e00 100644 --- a/test-ca/rsa/client.key +++ b/test-ca/rsa/client.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDek8hqWxT+D4HS -GNK6P9/0m5bq0x6Kip5MLkHUsLNJj1FL8+JJR9OBHJnV7py/vCUBJ6iPaulqo+cf -FRPPz049HWcc4QoHK1fjZgGubQP0FA/P3lbODrZ9Uvx3hXquHgC8NkD3Q3V/9bSm -QaybKAHRodA7mHmszWdM2G+bpS7P6tCq2zrso8MT0d7XpDihgr92OaVETYPSwEvV -gqzI7Ur2kIIegpX6WhjCfi6cq+8K6Ge0LssVBoH7dJ1sdVbRWMJcXqIodqUnDDaw -j3SlgNhiHwngjCyYnpbK0SHjlIiDrlkezPds09UFQ8dQ4ME3ie61gmdV5lQgNt3Y -d868AOlbAgMBAAECggEACzCHHFIiPRgwl+GiXuAbTiWh2NdZRBr8eDGksQtbFy9Y -7Kn52LgNhJ77+Rq5OhTZEBEwnXWdjTxMTmc5QHnfflZ/6NdDoy9oz2+IORtcenbB -uzAmQyRBNn+ZXjUYgTANSGkBnTdWCX/APCdEEx7Jt0mjwJiTtO/fRlMBNWQdH/hY -Pk//WQ3gbDa+8yqDg/3JGEXhzeTyDO+vXDdpkrGQMMsYVkPrqPnVeXokeKsemtap -tSTITyU6+WDYxQSdwuBrZn9VVO3vWjfZ+KX1ADD61W2wog4+ny4p7piJgxqFrels -M6M3Ppdcao89+QRpMaOL+/OsLpfW7ST01k/G4zZvbQKBgQD5xEv5mAr/miewZS10 -CzeCyrxJXm4DYXMRdMQeqaiofgFh6VcH3asCu+KXMnK/6Rfg+o7QeHVG5MGP54Qs -JLEOvkc1uXLEcGZ5cVAfo7suxl6ZiJ3D70MyUD6ntrXj29UvOVXv28vRRtYXR5Ks -cPSDBmeyKeIT5kA3N6fAFEKKNQKBgQDkIcdMioiHxv9rKMXJpVTThRp1RpcV1H9n -TggxOlPMqiB0HgexmC8sj4B3F+17qUbVfBrC+JUoiBCSEIEmJ8qQJ2h7dyhBCEbr -/yD8vJ7gFU/CqRgaSiXg8DmxOBg9dlLpKK6QY8Iu7OOwnKVwPNvjqngQARO4Zj6M -/gOAMoeXTwKBgQC6o9oWOGy3li1kXib6GUuw++h5dwwEkLSY7cWEGEnFJuvHi8OS -SC37TAVF8NfY2skSQImp9OnGQTj3XQzio8R/fObfmaXObyPUSj2SdxpwGKImXvVt -rgRru5UmZJ1FGUgUEudJ5thGmYVwPfa3z2yX4JhqhWvAbQW9fWRoX3tdpQKBgQDh -n0asvJYrMvSJ1tlGhO1QBOQV+KqUPIWEdfhEN5uJXviZ3tldG1YMjCBRqKiHFPOp -UARnr9JVM7yvuQMB6Xi8+TysXzzAlJ8P6FOHokS++lTYAMSFu6+at/tW+lN+9fcq -AcIjq4XxQvgtQ7+bMZWHpKD5sxb92KEkcFSmBVN0oQKBgQCnnd/zoBTAjoSPNK0N -wgEe6gwsOkQbl8ojpIbaaoek5Mbf07cCfH5Rwv0BbMOWjBr0OQM4HxaKOflCeEad -1C4BaPmQhzH/vVjVWOzpuJvPgiINqGVMRcckFdRhYyzQ3dGK7IvV3FbJZWJbAmZ1 -/xrdnX4iuU7if5wqPARxrnaP4A== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDlAeb7Sjwh/mbw +6xQLYrWgnUh4I8MCrYC5cWpVEhrmRYKoBx3pWn3LblEUZLuP0eFPVtWJT9lnFE5j ++s5dk2I8mRSABv8TsIFeHzJz2oaZpzTdm2ykhwKmaQ5fVi+QR/AF4vNggEL3CbYF +zCpYe02sERDMNF2dOJUfRbz8urKDc20IVhCQk5Cdm9MP929HTCtdfF4+a3Ix0nTl +NmSt9fkHjDtOd1/oIqOpI9Duj6Jab2R2EnGrFYXNYtaVZefmHuSakMd/j+YnwoNm +/Sgfi7NzbYWh0klh+sZV6UUwtMIcIzjjTA3i1ZkrHG1ZuZ01VOI0Me7jheEeohPW +xIIzMxLPAgMBAAECggEAFKSIwSMOa5QGjHXsPyB9NcantyimFfI01cJ67sMsiJBA +eEv37sZ462L8zQVNgOfO0vuFURTRCIEklc+QVZAI/WRhHC9FQ+2Xo7fVMOtEUcpo +MgemEeiXnQ+AO6jFrdBGOwmbnZnCL4mBDmG6eXJX7Ig3Ruj7fUYR7xk2sWNU3xNX +WdpbAToidz7oedmDqqT6DkJLWUv26m3eewrIP5r06mrHX5a1NYjukV/xKbKouuus +t18y95/Gz3a2+Fy3jmxlQIH+Gx3Iw61zUQPqzeVLMhYURIk06OBJ6ySDp6mFdVUa +X7ISKalvgFOVj3/vogzm3hvL4q+TSVQNeMuvlgIc+QKBgQD3ZiNuPo5coZivSGir +KtKJYdLtGGLgNgfYOeHmzr5HBG/Ib/Siuehzb7meQzUrfWwdwjPL1vniPtpC0Mes +TqBBUQsmuSZGWns7vutQhNg6mAv7bhdhPVTQaIsp6pdfWHaI+6t30p7+LCD5s9ar +YglWvToXShLSpq1KV0HNaPaXmQKBgQDs+BQLwBAX6KAcOmUp+/1RgA5XntZQfNoF +empXas/BjZm9EGKuFu3DWqbznHnBTxh7jB0fLGnh8smPfwk608wMOfnTQVunaKVW +ljox1dlHF5q587RB3TlZ3DAzwBguLxlGakMkFTbWM5vLkg+d85mB7j1ql3UuXfvn +FKPn34xepwKBgEwBPwVRhp8Crku7bRyY7VFzkj9w7H+BWeud7L7h6SccP9NOQdP0 +VWuReW8bqqwPvjVuQkdvZhmRwbAhQBa5mRY39bsRyqZ2icGTJ+v2xA9MQvIdomUn +WHUmiQp5ncOXA+OVndoUBPCFUiQkkeDZH5FcVQpuoVXCCx75q6eVhZyRAoGAfeFy +1KMcaXb7xsMGhn0EHk1GUSlhc7Q/JPXYk8N7xbfw2Uxg/1XSzBnV4kdXLmdT/B18 +QtkXDh4pEH9NaeCk3kHWAnEPvSiL3ClFlL+jAm75lJpvQSXBl4iuWm9K6Q3AAXXl +YL+cN8GGm2dlwGRtQWZLXdpDN3RZonGGeGB6crUCgYEAih5PAj5MCCt9r/DCYcFs +3Yc4fFPTnE9pj+2lBR8wmNBwt93zyuuyQqurvaIBKMlcByzBbG++CJkxGWrptMJD +sw07G7+W5JC4dBxZPxa+GEdWVB9nxIhHXtR7/y4Hou8MN+RIMMxQVzfSUK6I8w46 +3ZTF8vnh3BT4vwpwRouZcgg= -----END PRIVATE KEY----- diff --git a/test-ca/rsa/client.req b/test-ca/rsa/client.req index b561f41151..02ed7b7449 100644 --- a/test-ca/rsa/client.req +++ b/test-ca/rsa/client.req @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE REQUEST----- MIICXzCCAUcCAQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3pPIalsU/g+B0hjSuj/f9JuW6tMeioqe -TC5B1LCzSY9RS/PiSUfTgRyZ1e6cv7wlASeoj2rpaqPnHxUTz89OPR1nHOEKBytX -42YBrm0D9BQPz95Wzg62fVL8d4V6rh4AvDZA90N1f/W0pkGsmygB0aHQO5h5rM1n -TNhvm6Uuz+rQqts67KPDE9He16Q4oYK/djmlRE2D0sBL1YKsyO1K9pCCHoKV+loY -wn4unKvvCuhntC7LFQaB+3SdbHVW0VjCXF6iKHalJww2sI90pYDYYh8J4IwsmJ6W -ytEh45SIg65ZHsz3bNPVBUPHUODBN4nutYJnVeZUIDbd2HfOvADpWwIDAQABoAAw -DQYJKoZIhvcNAQELBQADggEBAMm+d8mxXOpcdc/MkfZ72TIjZdUY1bl34foajqG3 -+tB+CbtwZ6MqfVIsrhkdyMsrNkapzvjnTDl9VEmvuUv31s1AwhsKJvaoByEyCGAj -O//YY9M+x17mcMxsq3RJ9cSCpLpeumC+lvthpZrGfc5J8hMgw6gWy3eK3jRFxZcE -vGv/up0y006Fqsf9Dh/rPLq7oZ01xhKbBSXY4NYmtXSPEMLzdi3IGj15S5oXW1EQ -1KGY87YROicdIjbM2thMRYgjV5HEcWBp8cWTD38CJBzudJaF3zjlVUD8q3oJeX92 -ND3GmjqrCBKz8mN4bnhJzbb524l0ZyO10BVwXGXLoU4ILOs= +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5QHm+0o8If5m8OsUC2K1oJ1IeCPDAq2A +uXFqVRIa5kWCqAcd6Vp9y25RFGS7j9HhT1bViU/ZZxROY/rOXZNiPJkUgAb/E7CB +Xh8yc9qGmac03ZtspIcCpmkOX1YvkEfwBeLzYIBC9wm2BcwqWHtNrBEQzDRdnTiV +H0W8/Lqyg3NtCFYQkJOQnZvTD/dvR0wrXXxePmtyMdJ05TZkrfX5B4w7Tndf6CKj +qSPQ7o+iWm9kdhJxqxWFzWLWlWXn5h7kmpDHf4/mJ8KDZv0oH4uzc22FodJJYfrG +VelFMLTCHCM440wN4tWZKxxtWbmdNVTiNDHu44XhHqIT1sSCMzMSzwIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBAIjYcciz5UuO02tJGZO62XjO/rap0AT7BGkgKV6L +IpRj4d/Sl7mitKx1matuXte29V6yfUz/o4kgnT2N1KB0sGtKi/GuJC5W8pfQhkzQ +WAlLv0Bylyi9oi12BWOIl9Tfq2g8xJ/DXjJ/sw+lprDaTOXZFzI6GQd/9+IPojcD +X9bPUkWbs5ARnxmtmFMv2vbLNyDAKeKZW0ZDm2o1zNrq8nINkDzoX3eW3yNBYLYE +4WRJ4QIM++MmOaS8sB3GZWBppqP04ZAlDOrfwh3dg8fKD2a2btz9/0WpseubXh4M +UkJSOYz7rGzDpJI7A0fCUHtMCYzB3RAq0N82NbOMO3n6nLY= -----END CERTIFICATE REQUEST----- diff --git a/test-ca/rsa/client.revoked.crl.pem b/test-ca/rsa/client.revoked.crl.pem index 638cdbf21e..d9eda8d7a4 100644 --- a/test-ca/rsa/client.revoked.crl.pem +++ b/test-ca/rsa/client.revoked.crl.pem @@ -1,15 +1,15 @@ -----BEGIN X509 CRL----- MIICTDCBtQIBATANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDDCFwb255dG93biBS -U0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUXDTIzMDYyNzIwMTM0OFoXDTIzMDcwNDIw -MTM0OFowIzAhAgIDFRcNMjMwNjI3MjAxMzQ4WjAMMAoGA1UdFQQDCgEBoDAwLjAf -BgNVHSMEGDAWgBQrYSNFxVz2xpuhaMyTwFvsTvWcLDALBgNVHRQEBAICEAEwDQYJ -KoZIhvcNAQELBQADggGBACMSTKV9hVED6ld7Hv6nunnJjodpQxFMjaRZtTMN6cK9 -KLpIs/kBTZLTtny3msVtpfgXyEG3did+rZy7nEY+vn6xnnVXjpCpqiRXUqD3PFyQ -rHSPmAhL13SwblKbJpK+R2c3U3UrtgsPhUALGXhB/lwCh0PGJ+UGeBDynNi41GS8 -lvHfuux6K5dI3A6lNTFW1u2Pih6QN0cmX9FLuzgK3eAtsdCzNXKnquyOTcjercXL -tJ+T7JGXK1jFAZg6yG7v5Qb2Y0IhxBqJsuF3cRKt9SiV+XHV70Gcn5mmhgyRQjGA -WNEyIamFO/SF1ycFxy2m6EsD8XlqYW25RtR8W3VAVEjBd6u2uKPa6Lj9HLb+ower -fqWuSyqYFUBdomvlfOzOoBG02vy6E6uj/xye+Th1WqNDpDoYATsJSepdWrT6cJwS -NPIs2H60BQubLzRjvn+9ed2M+p4YUYJs4GcH9NwKbUrhm2rKvH7Zn5C6jb3CeCjQ -J4fCVm0lITEl1BXPsC+6+w== +U0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUXDTIzMDcwNTE1NDA0NloXDTIzMDcxMjE1 +NDA0NlowIzAhAgIDFRcNMjMwNzA1MTU0MDQ2WjAMMAoGA1UdFQQDCgEBoDAwLjAf +BgNVHSMEGDAWgBTV8BzLqYquWjLv3bEFk1WlElVQozALBgNVHRQEBAICEAEwDQYJ +KoZIhvcNAQELBQADggGBALZ9fozYbrC4A5z1tSldRmDS/b4xniFHA04MZPaEUKEZ +QEiZI+5JxCHgntdzoIMsgkcYYnL5798GrwsF66rbCzJyNzHA8+mwDhm2Wqdc2vRh +g84E3Kc/yRmuxCzaPijNg4nb7OKKbuacUFOd2aO/vzHrW/cRjFWnk5X/TszsLboo +95hL642GHFJlaVWs/yfVwb8Vq8LB0Z+zpsjJZ0BAGme16VT5K+NaRvAAK26ppv2x +1YUtYRXrWswxOlhJRkLE+pfyabmSMa1BCEHYxx3GNV7TdgEjevn+DDsDSUDBQH6f +MfyOYMt9iMb2lED+mVcOsErNyH9PEpv/1yvm84crxTqxef+oYMQGnTU+QNTlUOG8 +QewqHUrhR6Ll5QEMYypeQlrhFuWkTiM6xrzVrmzLwF/cvEpjbk32a3F6rAYP9msl +1IxyHVhZUK8OzjOL0djTdKG9qRAU+lVrANxXLgLQ0vrwa0lFavjVrZ4zYR5qz3Zp +EFnPZTvKeeoogBjerFGPvw== -----END X509 CRL----- diff --git a/test-ca/rsa/client.rsa b/test-ca/rsa/client.rsa index 6d5645b128..8dc7df2e00 100644 --- a/test-ca/rsa/client.rsa +++ b/test-ca/rsa/client.rsa @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDek8hqWxT+D4HS -GNK6P9/0m5bq0x6Kip5MLkHUsLNJj1FL8+JJR9OBHJnV7py/vCUBJ6iPaulqo+cf -FRPPz049HWcc4QoHK1fjZgGubQP0FA/P3lbODrZ9Uvx3hXquHgC8NkD3Q3V/9bSm -QaybKAHRodA7mHmszWdM2G+bpS7P6tCq2zrso8MT0d7XpDihgr92OaVETYPSwEvV -gqzI7Ur2kIIegpX6WhjCfi6cq+8K6Ge0LssVBoH7dJ1sdVbRWMJcXqIodqUnDDaw -j3SlgNhiHwngjCyYnpbK0SHjlIiDrlkezPds09UFQ8dQ4ME3ie61gmdV5lQgNt3Y -d868AOlbAgMBAAECggEACzCHHFIiPRgwl+GiXuAbTiWh2NdZRBr8eDGksQtbFy9Y -7Kn52LgNhJ77+Rq5OhTZEBEwnXWdjTxMTmc5QHnfflZ/6NdDoy9oz2+IORtcenbB -uzAmQyRBNn+ZXjUYgTANSGkBnTdWCX/APCdEEx7Jt0mjwJiTtO/fRlMBNWQdH/hY -Pk//WQ3gbDa+8yqDg/3JGEXhzeTyDO+vXDdpkrGQMMsYVkPrqPnVeXokeKsemtap -tSTITyU6+WDYxQSdwuBrZn9VVO3vWjfZ+KX1ADD61W2wog4+ny4p7piJgxqFrels -M6M3Ppdcao89+QRpMaOL+/OsLpfW7ST01k/G4zZvbQKBgQD5xEv5mAr/miewZS10 -CzeCyrxJXm4DYXMRdMQeqaiofgFh6VcH3asCu+KXMnK/6Rfg+o7QeHVG5MGP54Qs -JLEOvkc1uXLEcGZ5cVAfo7suxl6ZiJ3D70MyUD6ntrXj29UvOVXv28vRRtYXR5Ks -cPSDBmeyKeIT5kA3N6fAFEKKNQKBgQDkIcdMioiHxv9rKMXJpVTThRp1RpcV1H9n -TggxOlPMqiB0HgexmC8sj4B3F+17qUbVfBrC+JUoiBCSEIEmJ8qQJ2h7dyhBCEbr -/yD8vJ7gFU/CqRgaSiXg8DmxOBg9dlLpKK6QY8Iu7OOwnKVwPNvjqngQARO4Zj6M -/gOAMoeXTwKBgQC6o9oWOGy3li1kXib6GUuw++h5dwwEkLSY7cWEGEnFJuvHi8OS -SC37TAVF8NfY2skSQImp9OnGQTj3XQzio8R/fObfmaXObyPUSj2SdxpwGKImXvVt -rgRru5UmZJ1FGUgUEudJ5thGmYVwPfa3z2yX4JhqhWvAbQW9fWRoX3tdpQKBgQDh -n0asvJYrMvSJ1tlGhO1QBOQV+KqUPIWEdfhEN5uJXviZ3tldG1YMjCBRqKiHFPOp -UARnr9JVM7yvuQMB6Xi8+TysXzzAlJ8P6FOHokS++lTYAMSFu6+at/tW+lN+9fcq -AcIjq4XxQvgtQ7+bMZWHpKD5sxb92KEkcFSmBVN0oQKBgQCnnd/zoBTAjoSPNK0N -wgEe6gwsOkQbl8ojpIbaaoek5Mbf07cCfH5Rwv0BbMOWjBr0OQM4HxaKOflCeEad -1C4BaPmQhzH/vVjVWOzpuJvPgiINqGVMRcckFdRhYyzQ3dGK7IvV3FbJZWJbAmZ1 -/xrdnX4iuU7if5wqPARxrnaP4A== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDlAeb7Sjwh/mbw +6xQLYrWgnUh4I8MCrYC5cWpVEhrmRYKoBx3pWn3LblEUZLuP0eFPVtWJT9lnFE5j ++s5dk2I8mRSABv8TsIFeHzJz2oaZpzTdm2ykhwKmaQ5fVi+QR/AF4vNggEL3CbYF +zCpYe02sERDMNF2dOJUfRbz8urKDc20IVhCQk5Cdm9MP929HTCtdfF4+a3Ix0nTl +NmSt9fkHjDtOd1/oIqOpI9Duj6Jab2R2EnGrFYXNYtaVZefmHuSakMd/j+YnwoNm +/Sgfi7NzbYWh0klh+sZV6UUwtMIcIzjjTA3i1ZkrHG1ZuZ01VOI0Me7jheEeohPW +xIIzMxLPAgMBAAECggEAFKSIwSMOa5QGjHXsPyB9NcantyimFfI01cJ67sMsiJBA +eEv37sZ462L8zQVNgOfO0vuFURTRCIEklc+QVZAI/WRhHC9FQ+2Xo7fVMOtEUcpo +MgemEeiXnQ+AO6jFrdBGOwmbnZnCL4mBDmG6eXJX7Ig3Ruj7fUYR7xk2sWNU3xNX +WdpbAToidz7oedmDqqT6DkJLWUv26m3eewrIP5r06mrHX5a1NYjukV/xKbKouuus +t18y95/Gz3a2+Fy3jmxlQIH+Gx3Iw61zUQPqzeVLMhYURIk06OBJ6ySDp6mFdVUa +X7ISKalvgFOVj3/vogzm3hvL4q+TSVQNeMuvlgIc+QKBgQD3ZiNuPo5coZivSGir +KtKJYdLtGGLgNgfYOeHmzr5HBG/Ib/Siuehzb7meQzUrfWwdwjPL1vniPtpC0Mes +TqBBUQsmuSZGWns7vutQhNg6mAv7bhdhPVTQaIsp6pdfWHaI+6t30p7+LCD5s9ar +YglWvToXShLSpq1KV0HNaPaXmQKBgQDs+BQLwBAX6KAcOmUp+/1RgA5XntZQfNoF +empXas/BjZm9EGKuFu3DWqbznHnBTxh7jB0fLGnh8smPfwk608wMOfnTQVunaKVW +ljox1dlHF5q587RB3TlZ3DAzwBguLxlGakMkFTbWM5vLkg+d85mB7j1ql3UuXfvn +FKPn34xepwKBgEwBPwVRhp8Crku7bRyY7VFzkj9w7H+BWeud7L7h6SccP9NOQdP0 +VWuReW8bqqwPvjVuQkdvZhmRwbAhQBa5mRY39bsRyqZ2icGTJ+v2xA9MQvIdomUn +WHUmiQp5ncOXA+OVndoUBPCFUiQkkeDZH5FcVQpuoVXCCx75q6eVhZyRAoGAfeFy +1KMcaXb7xsMGhn0EHk1GUSlhc7Q/JPXYk8N7xbfw2Uxg/1XSzBnV4kdXLmdT/B18 +QtkXDh4pEH9NaeCk3kHWAnEPvSiL3ClFlL+jAm75lJpvQSXBl4iuWm9K6Q3AAXXl +YL+cN8GGm2dlwGRtQWZLXdpDN3RZonGGeGB6crUCgYEAih5PAj5MCCt9r/DCYcFs +3Yc4fFPTnE9pj+2lBR8wmNBwt93zyuuyQqurvaIBKMlcByzBbG++CJkxGWrptMJD +sw07G7+W5JC4dBxZPxa+GEdWVB9nxIhHXtR7/y4Hou8MN+RIMMxQVzfSUK6I8w46 +3ZTF8vnh3BT4vwpwRouZcgg= -----END PRIVATE KEY----- diff --git a/test-ca/rsa/end.cert b/test-ca/rsa/end.cert index 64e66b55a5..2c71627370 100644 --- a/test-ca/rsa/end.cert +++ b/test-ca/rsa/end.cert @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEADCCAmigAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u -eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDYyNzIwMTM0OFoX -DTI4MTIxNzIwMTM0OFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYz8pM3z09XnaAqOvsuCRluyaPGuUN -I5j/72LTYXdnHXNJMjskj4DYjzuo6VtjupNMPE2o9jvVNzeuKZ56ID/mWFM77V0g -IY5pjdgZg5Qi9+dlnraeQvBIhO6fvnzbWlqVUH9ag90bLj8RrHb3W4XkPOFgvR8g -OGUFg4X6GiWT78KHo6QZuwFDXPqqfjWSexZnZQWCc1BVM4927uzuzbFFB/KCe7nc -OrZ0RUu5eeNIZdsmoDDKEV3wWKE5qe58KtXcSF9y3AI1+/oBeobtNwT3egaevWZ3 -xq0yVQJEEXsbTTuJKpp5XF/FDflTHpSdjfhXmu2Am9eNaEsQ5O+r2ElDAgMBAAGj -gb4wgbswDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFAby13i/ -B82QxYu8FxZzC9l0lnMWMEIGA1UdIwQ7MDmAFCthI0XFXPbGm6FozJPAW+xO9Zws -oR6kHDAaMRgwFgYDVQQDDA9wb255dG93biBSU0EgQ0GCAXswOwYDVR0RBDQwMoIO -dGVzdHNlcnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0 -MA0GCSqGSIb3DQEBCwUAA4IBgQBMUj//Ygtodu95Ig3UHkYXPjMLhPDAS5EN1hez -MvnP+X9W8q+FURACP2FAAJ4M70tUpyORpgmcKvnpT8jS79MGo4bvqUXRQG5vlisL -S01PdKoC2asPNhd0BYsrBHaXd5Jyu6pcDw1UnjjI9qWXcCtj5clileemyYPgERI/ -/yXXxb+wzTsmbHVEt3+sw8wPFXXNXPdr8MZW2e/XBSdmhMyd6oGuEgvjLCO2kFgW -/oTBWNQ/5xRNE5jYqkVe2+oAKTHQCLKVbWWFAwbdCGW3jUI3+zhs+wv56J9kMTXC -uJwsbPd9eAJYBb759sdtH/koCDcUi7RqSbgdeIIFAGtab9D8Qwo+0BH2LVYqMOeP -OxhX2DFnJepUVUzHO2gtSW4qBqD+rn4s/CvJFrnNu/djF2lFljPuGZuPXHrJZRjD -btdkqd5idSriu3Rtm3jMjCMwlCxXhm3561mGPsk5oYkNK4V1yeDOGk0CkdEs9Mk9 -89VKAjQ7foQbG7TnR3V0J8S3QBc= +MIIEGDCCAoCgAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u +eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloX +DTI4MTIyNTE1NDA0NlowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIKTHriPL+/8gxe6vvLQZl3XmYxjpX +tiUixRuiL9GKZj0i7pNk+YV+GN4KA/WK7dE6hD+87QCSmAItwRZ+BKCzrpy67i4j +6uJBRZlR/4wQ2RLw/+b/UMRu9/MOPD+gxi3FPqq8TUE7jZQ3FHpZOad0Qu79jLnw +pLFMyQxWTNxJrvusr5hzJle/PdWE6sTEB2XF6vzlL/sYkpoX8IHN5HJNjHy4uA1H +uXOHZh3CN9pdRDzhcYdIKJgKFiInBorxpM1dLkUpi7l8/RiibyLdiO+7wv5CgAPV +r9DTP9lqlSrrhc/ZFEugdVReaiZgf69DK6m0/tMcpxAuFHNFlo7+HQDhAgMBAAGj +gdYwgdMwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFHgdUolw +w+l+y7tSzOapzG8cSBDhMEIGA1UdIwQ7MDmAFNXwHMupiq5aMu/dsQWTVaUSVVCj +oR6kHDAaMRgwFgYDVQQDDA9wb255dG93biBSU0EgQ0GCAXswUwYDVR0RBEwwSoIO +dGVzdHNlcnZlci5jb22HBMYzZAGCFXNlY29uZC50ZXN0c2VydmVyLmNvbYcQIAEN +uAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBgQCHnRZ1 +qV7w/tjfJm92Za8yTmrnZyyPyJyMWysTSvYgtF/NekB0ujGF734J9sFHWQ9qKUxJ +RNKPeNgvqzimTsxZht0PPwblNDnsnKpS/V+BGaIQ/c5DDu8uDia5c9yNOR4Us3FH +C4w8pp0E71TzFHBaCwUaleIYAwfvY84BbTgSc5UFn5SxcSE3Z7pxAgAfCs1W3VoS +LJan+MvzFzxNtWZ7tE0UE+ezZ/8Zs1LKQHZfXP62Yjyj6C3zI8QUSttmRJMK4EAL +XAX8WPr5QGKWbQ0lbdmi5hKgLrwSbqinVACmMeR8KJ1Cd/l4Na28jFApbkNOD7Wu +bUlZJIInMzhPAuQD1QVcstwwkpLsUWp9jn2ljdEU4T8JcwgWkGYMB1KYDLDJzXSf +bc7IuZ29rZy3RNrfsmBRxA7O67VAVyIQhVeGkoIPL4xWqO87WEF9qpqyMOK4fAqt +HOrn4QNQf4Lw9UQby9bF2nIDX0uC0u+8I7rF/42T30WiStx2EBBTc1P9WKI= -----END CERTIFICATE----- diff --git a/test-ca/rsa/end.chain b/test-ca/rsa/end.chain index 0c90929a5e..045d4cd7c2 100644 --- a/test-ca/rsa/end.chain +++ b/test-ca/rsa/end.chain @@ -1,58 +1,58 @@ -----BEGIN CERTIFICATE----- MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0MjAxMzQ4WjAsMSow +dG93biBSU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAsMSow KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC4cHjqDpD9JPmZUzQ6VRraIaxPysbc -Iu6JgHYuFZeFGi0dU4DkCjpySiqF0r6Ym3ZprweJdsX0WMHYgcn/L+0GcgXbxZKv -emyeHS1XSFnhJUwNHdPzz7YUL7x5n6ucZlU89XB7yzjpm8KF8XEltM5n63TGvVm2 -xstJu9YE5tIXFOo59R3GM0xaSexNhKTTaY4Q4kvLURHYhHB0WSrngJTW77u65JRp -mO9y+SOtHlpuOrlf7/PD6sQk8Fb0UZHJDlNVK3ScVQ/i4eHl2+VKl77UoavI/SYG -luPQwy2SllYHPnvXryTIDsO4CAhtHe1kBqgEe4gnQqkKBifnom1oexaKtOqP5msw -9+P+DqjOu08qGLUS8UB05cLXtqnMp68/6cPT3sE+1tm7iEYZwqxSLSS3DOPdBr3H -bBq820O4aypi4dEPTAnWkYUj3FG7hfOyBFNtNkY2wEX1K/ylo32d2kOP6oRrBubs -xYT61q1cVIvcjrA0Ko6XRDHqCPEloGlB0mUCAwEAAaN/MH0wHQYDVR0OBBYEFCth -I0XFXPbGm6FozJPAW+xO9ZwsMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBQ6C8hg -WzhevlKNP8/vtCRiyk90fTANBgkqhkiG9w0BAQsFAAOCAgEAnjpQF9FTwFQD75aA -1xL15XR5l6DrjDzZfq13gr/StaCQJ44OtmJvjzdgfPI5sRmpiUgU7bK4rOhKLK6C -3NUpq+Zg+5D2TzDHwyBNb0uViTgr75/P+HHBJUHwdvKbenDkn1QfPlx8nOtyyyFD -Jw3HEVGIAzGX3rWUkyZhwLQ1JUC6tmckNGg/9OVxKnr0f1fxct/F1Hc3Hd806Wqc -/D2QdDDTCtA9qZt53ED+SaLI1mzfvm67pyRZ43V5BvkAj1xiumGFHqLheK7hdC9V -WXHgPQobGJgyhOCAnQru1iKKnld+VIDfkZHu6fchsJg9ty/526QfyKRGfT7ak3Ng -0VSRsBj9zRPBiKrK4SFcmmWVIbj+lyN0xJWJFJ0ZrxFnLE/fjzF6smyTZxRYC15L -NCq+xy4yAvFRvcLOCjhmWkDJeAa/Y2cg50xrHpK/Y6FtPT2Bg34N1/fY9FP1r6AO -QMSrFGWpRl8Nsm6EfmJMJR1vfX52H7u0rla6Ay86yL3JMAfW7zFMYrRXx4bxq9hF -Rv4z5nj1RVR3+iNeOIWNx7YtyxvYvd+zPXY2LlkAr9QAjScvsiCKWi/5z9eC8aSX -VJcQoaKWoX2/SwjRuTSsI9P7rHeGNavUQCVL97slkdx//Xvw6ruP3bOQ+XzYvPAO -/DUNNf2nkPD7DKj8pFV8Ia8p910= +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDJygesR+2I4Bc9YCty+f9/mn3zD6Qh +pd8C2tGKBQ31cD33Q+sN4JGRWkGTJIygu/oXXeS3Gqu0RjnPHFikMdDOWge6Wizq +pGzkftg1ZL6nvs9IkOhrcfEIthxJmC5zOfEQ2f/7k1a4lriUC5rYot86ySOgRMbJ +1p/uJPejbGXGiJD8q2T0EyNS9RlgCXtBMrVbngwl1aet1ZR0KQITPA9pKi9ra6Og +x3agB3tDi/LGiX2JlkLAvp/VsN5CnnaEeppsID+7fFspr/QWjVl27RRE+KMpPL1C +sxuUXodcFv1s+4gDrXZHEWCUAL0O5gwVtL4mCv0vfdqZZQWThZdRlRM1FXAhk+ja +aYrgCbWgfP7M9qaTua/mUVEKRHAOzghCeGE6B2FVyKlk2xmPHseLMeM9n8/9vgGs +5h6WHWzs8BNQKgs4V7Rd9cqQ3JdZI8+TAaD43wFCwoW3dNnLOOsyS6XF4WVf9ngn +GxkFajQLkVuKwHCqmrJa4dtjx793EtD4ONECAwEAAaN/MH0wHQYDVR0OBBYEFNXw +HMupiq5aMu/dsQWTVaUSVVCjMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBR6IDm4 +jL0Q1LtVBQNRJZhOaJ9C1TANBgkqhkiG9w0BAQsFAAOCAgEAZbhH6jLY/RqiIiX9 +Eflrn+86FwAzHZiKgbIkMVUqhh1tEHsmVqyXgGZvp8a0j1xA/Kj4RJ/mVSNIZ/z7 +PdDcfYfcdotUvfpUlMIdgESB7tn2VfLdpx807DHTK44di+RsDEOcZokb+u3bYzsD +6VeYgk3dCdSQR7s6NEgKolcQkY0Ma8EL188yHBmkOOex/ewM+sVNYKQTiSWeCJhV +pQAOQwhMejHa8BMvZGKIy3RtXDR+bbS4tw1tiJQXft+380+yNfrkpDDiSiyhR6KF +UXwZD8O7DLSlT0mHxe4o7reurPcsDkoF7aOywuxI43+SKwPKtxgEZif9FiiMfdJW +fK9wy/gf8Xd4YAn6ja7TEsu1Xtf/NpC3oBJ7T2Fhxf7wV3dDqUxltKKHnCJ0QWrn +4e5fyLpP4NsVIFv6LPhYvm4Aa574uyYMfnVhui1mHWMi3FbOACPQ13x2S7nLVUzp +ZtorkQgQAo+D45lSJCQizf1CoRP/l3+iOIwhP/5Sr/at4nOsjTQCE4gAeStlYfoc +SwVtG/euJTxKR7n5HPn2Jcb86AqnNp5zF5XRJgWXyIn9NfYuNAOTWqQXPgc2Cko0 +8f4bBc1Z7u8UN+dGuun+MnFLUnsQDPAarYWndS/7c7IuqLNjQJVnk5+ZnV8DIPxU +9rOxDaj2ExLTz8unCJcwRxEtyd0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUGIGV3FDZXdNIPCe2s9FHmjTqeLYwDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDYyNzIwMTM0N1oX -DTMzMDYyNDIwMTM0N1owGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9Dkdby/tuMYvV62TbVmz7CWASGq/ -f/m7zZPlS8SSoMdqow1pr8mcWD0od39rIYFlGGoLHoBtqP3d6cV0KRpcJqDF4oDr -HrMoZikpQAO3s50NvXWhkESxGzCUJD4XtvZkmK+gBdob/qrOn1uqYdkD8YM6rnqw -R9VOz/GLWmguWMhd66mMAPvpfLD3wPtJmIzMQyrGRuLDenm9cigNNjYtCDFiHvbL -H499UikqgYIVPIPal4nzDWO/iAo/ktC7zDI/cH+q38eZJbKy6z1Yi+VTI4285r/M -cex4DTJVfdTRYt2lRKzLhCFwdPED7CZS1pVhNh+C4DCPIw/jreBmfq1rSKnPqVqA -BWm7B+WVKAOOPbIQtXHbIfjRzkjF/37I5zWvLHaLlfPaEpjIlNAZTjQgYaOCMI0+ -HPHvWVklE4CY8jq44N2K4bPAvr6NpLkiqsaNvfOwmLdnmfDoytmOSbvl0bSauLkg -WDasorR7Z4k2Q157Mmictv1CSSo4PvZB44l0nC2Xzd731DgUjxiAAjOcgFXUNLPp -ALQBI+5xkHhnoqcFe6LWlZkRbdfWHVXVRnNKRADyXS0bwbSmVOsnvBPQFCbL+0X6 -3m8Wvk/2RymALARIQ1zIl+Wpt03YZU9XXevNsHa7xFeNRY3NinxI68mIux80C2Fc -rdFKgNxfhjVhi7UCAwEAAaNTMFEwHQYDVR0OBBYEFDoLyGBbOF6+Uo0/z++0JGLK -T3R9MB8GA1UdIwQYMBaAFDoLyGBbOF6+Uo0/z++0JGLKT3R9MA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBANFjC5Ry/i+A38YrDIGSRAf0ePZj3tjc -Bh/SV75cgIJUGGS+KCX2+K7P5/9XxH/fwb5kZZyfZsT7oPiv0nqoXutljcoqfb/V -Cx7SJD600JhJsPu4HJsbF4IP660gNSnSyNt4ESx8RIECW3o9iO/cgKpGkValT1cC -HKSrv80l+whwnRRKHV2yvl3N9RkVXlAcFOP8zhRjQsrMNZSIz1Ux9KsJG68s52tX -SSqK00bQQMMFiznF+xvN31GL8nQrtgPvbbz3EI6EjdBhXtwHSZXzUXM5IYWD/GzO -a0Td7TFGQlZckq6/rxT0Qp4qzYlEx1JQi14Mv9wQoAXkew706s6oGBCd9xg+UVu/ -cny2l7gal8kJ2rcOmiXY04IpiXlQQuovAntB6XHpgc2Vgh7Ao93DpBxmRfFTXI2r -O0C6DMzd/oHDbSNkxONuk6V0usvGnFLSbtPDJsJegpSjzSA+CWR9es0PAqsf92Be -unCoUEx+Vzz87/g+shQKkWw+Bw1VKmTGmtXK0x9r/Nawmj19YRfp/CYhdJT3xj3L -5c1Aw5EVM3Ti6ABSi3Lk8dO6XewcR8dgr2wxGE6eSL4XJ1e7GwaSt+F3KbTeAY7c -KcWhobyFAXIyXmjhNYgZA+atnRuD2Cx4w/kO7fzn8C3c0aVZYuv2cXCeqFlFBbas -EhGAHWy7QFZ+ +MIIFFTCCAv2gAwIBAgIUeBO7ijNleg4pg4gsGEwTqZeLBgowDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDcwNTE1NDA0NFoX +DTMzMDcwMjE1NDA0NFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmfbeDwj5qaV4Iw1/ATrU9Ss5irf9 +pWW5scBC/DLswdRgJgHnM79BiwJxhjrUGnBIRdOoAopf5NmJt14wwwOkyRui77jR +1XLbiTV5uow4NIZ0oyTYUTybmIdqatbCGXTOnYedOoogZt1D4SvDyzoCPJMXL3ig +nezgmPons9eXjMJgTZXxCIkwUYcIjhvjHy2QIIXWXQM0jG9/gVMJN+Wu1FbhAv2V +z+DUZmFKwjjvnFJsQskoHGZ8g5hKECKiTD6zSKyVcJSKOcgnPrA1jh1YAwVNp7qn +Vt15Z26dsKSKSJh0ET6PSrruCQ4W3dgAN3PEUZclx/VFBEnWx+Xr+zbqOVg5RAA0 +QZRLZQqzIuZLFkEQJ6yMerU0cQ1xvkxhWXSSYG0tZHonfhZu4x65M1GRZom1XTcB +XtnwrcMCxYuRRIHE6ObRqzenkaU3dS/s3oZzHXv9byUdrYU4ZfhSYObGegCa4jY0 +NvuaL1JJyGXJ7P97ScRf0Gjm7m+oMrET7gb0bZYTgIJd7+FnUsiRXHH2b5w9AoCN +1tYSmmu1wXkGw1njqFGLKrghwhfYrH5o/8xnQbkkszEWSCGW8e4Z1KIPCM/an6JF +QfwbSFw7ftjN87qoqqkzqQq4CoiQGyCs9mMSBmmH/7XTFsRjmw205Od0N+XCEAmv +OPnA8J60gdoVW8sCAwEAAaNTMFEwHQYDVR0OBBYEFHogObiMvRDUu1UFA1ElmE5o +n0LVMB8GA1UdIwQYMBaAFHogObiMvRDUu1UFA1ElmE5on0LVMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAACPasY7ZBYW58oYuMgX/MZa5F8V3bTX +Fi7WpuunVzJ6X68KadTPF1GeF/dyfkqly9xG5qyeL8X3MoAhKfMp75iz7JkNpilq +mHO9GRN+SRzCOF2otWZGpvTp4syLq6VfjWw9bkwzC5N7FIP0t07aO4/AIPbpwHwm +oH8O611eVrh7nrhoXhUa6s4UxEVNu6RP6D8AtO4KDtJ3phPgvEXXZKZ/DUWcrAmB +2mXVZsuLOvegPPP0RxqgKlNX2ZG53xJE4Ugg8zfPyU7DCI3kpnks/gJrhz6B1nuL +14KOC/rXo5oQRNVhTmanKHnW6GKZ5QEB1rqty16RG2CBog7957DnSYKleO4Y7daN +RZQX2x34PzbKvbDqcIgtlmFJmP6OMd8yUGBqIEh+3ed6GImfoMZdhmnttMnaAmlP +OU/w4cTB7FhQoX4MN5y3S/YA32mBjBt7H2NZmXJl5Q3DU1cKtJ1vAwHIATXlwt7F +9wOuhT/2usGQue1l2H26KRZ7tqa0TvWYzYI9liWEn8CT+Hf505c9lnAV26lxoSBH +C1MQhK1UzOSpL0m+GFdz6fX6fCYCB7DZDuv++KcHWbKXVTSk0jxZvl34CAIXJy2s +Xm6jtv9+Jo5zseYDTT/YgUXymH30SL+x8WHhOPPgunF3SD7uMbSyxI021vkBmRmi +mXLHfCGEyjF/ -----END CERTIFICATE----- diff --git a/test-ca/rsa/end.fullchain b/test-ca/rsa/end.fullchain index b794334c5a..7e34d98c2a 100644 --- a/test-ca/rsa/end.fullchain +++ b/test-ca/rsa/end.fullchain @@ -1,82 +1,82 @@ -----BEGIN CERTIFICATE----- -MIIEADCCAmigAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u -eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDYyNzIwMTM0OFoX -DTI4MTIxNzIwMTM0OFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYz8pM3z09XnaAqOvsuCRluyaPGuUN -I5j/72LTYXdnHXNJMjskj4DYjzuo6VtjupNMPE2o9jvVNzeuKZ56ID/mWFM77V0g -IY5pjdgZg5Qi9+dlnraeQvBIhO6fvnzbWlqVUH9ag90bLj8RrHb3W4XkPOFgvR8g -OGUFg4X6GiWT78KHo6QZuwFDXPqqfjWSexZnZQWCc1BVM4927uzuzbFFB/KCe7nc -OrZ0RUu5eeNIZdsmoDDKEV3wWKE5qe58KtXcSF9y3AI1+/oBeobtNwT3egaevWZ3 -xq0yVQJEEXsbTTuJKpp5XF/FDflTHpSdjfhXmu2Am9eNaEsQ5O+r2ElDAgMBAAGj -gb4wgbswDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFAby13i/ -B82QxYu8FxZzC9l0lnMWMEIGA1UdIwQ7MDmAFCthI0XFXPbGm6FozJPAW+xO9Zws -oR6kHDAaMRgwFgYDVQQDDA9wb255dG93biBSU0EgQ0GCAXswOwYDVR0RBDQwMoIO -dGVzdHNlcnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0 -MA0GCSqGSIb3DQEBCwUAA4IBgQBMUj//Ygtodu95Ig3UHkYXPjMLhPDAS5EN1hez -MvnP+X9W8q+FURACP2FAAJ4M70tUpyORpgmcKvnpT8jS79MGo4bvqUXRQG5vlisL -S01PdKoC2asPNhd0BYsrBHaXd5Jyu6pcDw1UnjjI9qWXcCtj5clileemyYPgERI/ -/yXXxb+wzTsmbHVEt3+sw8wPFXXNXPdr8MZW2e/XBSdmhMyd6oGuEgvjLCO2kFgW -/oTBWNQ/5xRNE5jYqkVe2+oAKTHQCLKVbWWFAwbdCGW3jUI3+zhs+wv56J9kMTXC -uJwsbPd9eAJYBb759sdtH/koCDcUi7RqSbgdeIIFAGtab9D8Qwo+0BH2LVYqMOeP -OxhX2DFnJepUVUzHO2gtSW4qBqD+rn4s/CvJFrnNu/djF2lFljPuGZuPXHrJZRjD -btdkqd5idSriu3Rtm3jMjCMwlCxXhm3561mGPsk5oYkNK4V1yeDOGk0CkdEs9Mk9 -89VKAjQ7foQbG7TnR3V0J8S3QBc= +MIIEGDCCAoCgAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u +eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloX +DTI4MTIyNTE1NDA0NlowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIKTHriPL+/8gxe6vvLQZl3XmYxjpX +tiUixRuiL9GKZj0i7pNk+YV+GN4KA/WK7dE6hD+87QCSmAItwRZ+BKCzrpy67i4j +6uJBRZlR/4wQ2RLw/+b/UMRu9/MOPD+gxi3FPqq8TUE7jZQ3FHpZOad0Qu79jLnw +pLFMyQxWTNxJrvusr5hzJle/PdWE6sTEB2XF6vzlL/sYkpoX8IHN5HJNjHy4uA1H +uXOHZh3CN9pdRDzhcYdIKJgKFiInBorxpM1dLkUpi7l8/RiibyLdiO+7wv5CgAPV +r9DTP9lqlSrrhc/ZFEugdVReaiZgf69DK6m0/tMcpxAuFHNFlo7+HQDhAgMBAAGj +gdYwgdMwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFHgdUolw +w+l+y7tSzOapzG8cSBDhMEIGA1UdIwQ7MDmAFNXwHMupiq5aMu/dsQWTVaUSVVCj +oR6kHDAaMRgwFgYDVQQDDA9wb255dG93biBSU0EgQ0GCAXswUwYDVR0RBEwwSoIO +dGVzdHNlcnZlci5jb22HBMYzZAGCFXNlY29uZC50ZXN0c2VydmVyLmNvbYcQIAEN +uAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBgQCHnRZ1 +qV7w/tjfJm92Za8yTmrnZyyPyJyMWysTSvYgtF/NekB0ujGF734J9sFHWQ9qKUxJ +RNKPeNgvqzimTsxZht0PPwblNDnsnKpS/V+BGaIQ/c5DDu8uDia5c9yNOR4Us3FH +C4w8pp0E71TzFHBaCwUaleIYAwfvY84BbTgSc5UFn5SxcSE3Z7pxAgAfCs1W3VoS +LJan+MvzFzxNtWZ7tE0UE+ezZ/8Zs1LKQHZfXP62Yjyj6C3zI8QUSttmRJMK4EAL +XAX8WPr5QGKWbQ0lbdmi5hKgLrwSbqinVACmMeR8KJ1Cd/l4Na28jFApbkNOD7Wu +bUlZJIInMzhPAuQD1QVcstwwkpLsUWp9jn2ljdEU4T8JcwgWkGYMB1KYDLDJzXSf +bc7IuZ29rZy3RNrfsmBRxA7O67VAVyIQhVeGkoIPL4xWqO87WEF9qpqyMOK4fAqt +HOrn4QNQf4Lw9UQby9bF2nIDX0uC0u+8I7rF/42T30WiStx2EBBTc1P9WKI= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0MjAxMzQ4WjAsMSow +dG93biBSU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAsMSow KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC4cHjqDpD9JPmZUzQ6VRraIaxPysbc -Iu6JgHYuFZeFGi0dU4DkCjpySiqF0r6Ym3ZprweJdsX0WMHYgcn/L+0GcgXbxZKv -emyeHS1XSFnhJUwNHdPzz7YUL7x5n6ucZlU89XB7yzjpm8KF8XEltM5n63TGvVm2 -xstJu9YE5tIXFOo59R3GM0xaSexNhKTTaY4Q4kvLURHYhHB0WSrngJTW77u65JRp -mO9y+SOtHlpuOrlf7/PD6sQk8Fb0UZHJDlNVK3ScVQ/i4eHl2+VKl77UoavI/SYG -luPQwy2SllYHPnvXryTIDsO4CAhtHe1kBqgEe4gnQqkKBifnom1oexaKtOqP5msw -9+P+DqjOu08qGLUS8UB05cLXtqnMp68/6cPT3sE+1tm7iEYZwqxSLSS3DOPdBr3H -bBq820O4aypi4dEPTAnWkYUj3FG7hfOyBFNtNkY2wEX1K/ylo32d2kOP6oRrBubs -xYT61q1cVIvcjrA0Ko6XRDHqCPEloGlB0mUCAwEAAaN/MH0wHQYDVR0OBBYEFCth -I0XFXPbGm6FozJPAW+xO9ZwsMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBQ6C8hg -WzhevlKNP8/vtCRiyk90fTANBgkqhkiG9w0BAQsFAAOCAgEAnjpQF9FTwFQD75aA -1xL15XR5l6DrjDzZfq13gr/StaCQJ44OtmJvjzdgfPI5sRmpiUgU7bK4rOhKLK6C -3NUpq+Zg+5D2TzDHwyBNb0uViTgr75/P+HHBJUHwdvKbenDkn1QfPlx8nOtyyyFD -Jw3HEVGIAzGX3rWUkyZhwLQ1JUC6tmckNGg/9OVxKnr0f1fxct/F1Hc3Hd806Wqc -/D2QdDDTCtA9qZt53ED+SaLI1mzfvm67pyRZ43V5BvkAj1xiumGFHqLheK7hdC9V -WXHgPQobGJgyhOCAnQru1iKKnld+VIDfkZHu6fchsJg9ty/526QfyKRGfT7ak3Ng -0VSRsBj9zRPBiKrK4SFcmmWVIbj+lyN0xJWJFJ0ZrxFnLE/fjzF6smyTZxRYC15L -NCq+xy4yAvFRvcLOCjhmWkDJeAa/Y2cg50xrHpK/Y6FtPT2Bg34N1/fY9FP1r6AO -QMSrFGWpRl8Nsm6EfmJMJR1vfX52H7u0rla6Ay86yL3JMAfW7zFMYrRXx4bxq9hF -Rv4z5nj1RVR3+iNeOIWNx7YtyxvYvd+zPXY2LlkAr9QAjScvsiCKWi/5z9eC8aSX -VJcQoaKWoX2/SwjRuTSsI9P7rHeGNavUQCVL97slkdx//Xvw6ruP3bOQ+XzYvPAO -/DUNNf2nkPD7DKj8pFV8Ia8p910= +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDJygesR+2I4Bc9YCty+f9/mn3zD6Qh +pd8C2tGKBQ31cD33Q+sN4JGRWkGTJIygu/oXXeS3Gqu0RjnPHFikMdDOWge6Wizq +pGzkftg1ZL6nvs9IkOhrcfEIthxJmC5zOfEQ2f/7k1a4lriUC5rYot86ySOgRMbJ +1p/uJPejbGXGiJD8q2T0EyNS9RlgCXtBMrVbngwl1aet1ZR0KQITPA9pKi9ra6Og +x3agB3tDi/LGiX2JlkLAvp/VsN5CnnaEeppsID+7fFspr/QWjVl27RRE+KMpPL1C +sxuUXodcFv1s+4gDrXZHEWCUAL0O5gwVtL4mCv0vfdqZZQWThZdRlRM1FXAhk+ja +aYrgCbWgfP7M9qaTua/mUVEKRHAOzghCeGE6B2FVyKlk2xmPHseLMeM9n8/9vgGs +5h6WHWzs8BNQKgs4V7Rd9cqQ3JdZI8+TAaD43wFCwoW3dNnLOOsyS6XF4WVf9ngn +GxkFajQLkVuKwHCqmrJa4dtjx793EtD4ONECAwEAAaN/MH0wHQYDVR0OBBYEFNXw +HMupiq5aMu/dsQWTVaUSVVCjMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBR6IDm4 +jL0Q1LtVBQNRJZhOaJ9C1TANBgkqhkiG9w0BAQsFAAOCAgEAZbhH6jLY/RqiIiX9 +Eflrn+86FwAzHZiKgbIkMVUqhh1tEHsmVqyXgGZvp8a0j1xA/Kj4RJ/mVSNIZ/z7 +PdDcfYfcdotUvfpUlMIdgESB7tn2VfLdpx807DHTK44di+RsDEOcZokb+u3bYzsD +6VeYgk3dCdSQR7s6NEgKolcQkY0Ma8EL188yHBmkOOex/ewM+sVNYKQTiSWeCJhV +pQAOQwhMejHa8BMvZGKIy3RtXDR+bbS4tw1tiJQXft+380+yNfrkpDDiSiyhR6KF +UXwZD8O7DLSlT0mHxe4o7reurPcsDkoF7aOywuxI43+SKwPKtxgEZif9FiiMfdJW +fK9wy/gf8Xd4YAn6ja7TEsu1Xtf/NpC3oBJ7T2Fhxf7wV3dDqUxltKKHnCJ0QWrn +4e5fyLpP4NsVIFv6LPhYvm4Aa574uyYMfnVhui1mHWMi3FbOACPQ13x2S7nLVUzp +ZtorkQgQAo+D45lSJCQizf1CoRP/l3+iOIwhP/5Sr/at4nOsjTQCE4gAeStlYfoc +SwVtG/euJTxKR7n5HPn2Jcb86AqnNp5zF5XRJgWXyIn9NfYuNAOTWqQXPgc2Cko0 +8f4bBc1Z7u8UN+dGuun+MnFLUnsQDPAarYWndS/7c7IuqLNjQJVnk5+ZnV8DIPxU +9rOxDaj2ExLTz8unCJcwRxEtyd0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUGIGV3FDZXdNIPCe2s9FHmjTqeLYwDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDYyNzIwMTM0N1oX -DTMzMDYyNDIwMTM0N1owGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9Dkdby/tuMYvV62TbVmz7CWASGq/ -f/m7zZPlS8SSoMdqow1pr8mcWD0od39rIYFlGGoLHoBtqP3d6cV0KRpcJqDF4oDr -HrMoZikpQAO3s50NvXWhkESxGzCUJD4XtvZkmK+gBdob/qrOn1uqYdkD8YM6rnqw -R9VOz/GLWmguWMhd66mMAPvpfLD3wPtJmIzMQyrGRuLDenm9cigNNjYtCDFiHvbL -H499UikqgYIVPIPal4nzDWO/iAo/ktC7zDI/cH+q38eZJbKy6z1Yi+VTI4285r/M -cex4DTJVfdTRYt2lRKzLhCFwdPED7CZS1pVhNh+C4DCPIw/jreBmfq1rSKnPqVqA -BWm7B+WVKAOOPbIQtXHbIfjRzkjF/37I5zWvLHaLlfPaEpjIlNAZTjQgYaOCMI0+ -HPHvWVklE4CY8jq44N2K4bPAvr6NpLkiqsaNvfOwmLdnmfDoytmOSbvl0bSauLkg -WDasorR7Z4k2Q157Mmictv1CSSo4PvZB44l0nC2Xzd731DgUjxiAAjOcgFXUNLPp -ALQBI+5xkHhnoqcFe6LWlZkRbdfWHVXVRnNKRADyXS0bwbSmVOsnvBPQFCbL+0X6 -3m8Wvk/2RymALARIQ1zIl+Wpt03YZU9XXevNsHa7xFeNRY3NinxI68mIux80C2Fc -rdFKgNxfhjVhi7UCAwEAAaNTMFEwHQYDVR0OBBYEFDoLyGBbOF6+Uo0/z++0JGLK -T3R9MB8GA1UdIwQYMBaAFDoLyGBbOF6+Uo0/z++0JGLKT3R9MA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBANFjC5Ry/i+A38YrDIGSRAf0ePZj3tjc -Bh/SV75cgIJUGGS+KCX2+K7P5/9XxH/fwb5kZZyfZsT7oPiv0nqoXutljcoqfb/V -Cx7SJD600JhJsPu4HJsbF4IP660gNSnSyNt4ESx8RIECW3o9iO/cgKpGkValT1cC -HKSrv80l+whwnRRKHV2yvl3N9RkVXlAcFOP8zhRjQsrMNZSIz1Ux9KsJG68s52tX -SSqK00bQQMMFiznF+xvN31GL8nQrtgPvbbz3EI6EjdBhXtwHSZXzUXM5IYWD/GzO -a0Td7TFGQlZckq6/rxT0Qp4qzYlEx1JQi14Mv9wQoAXkew706s6oGBCd9xg+UVu/ -cny2l7gal8kJ2rcOmiXY04IpiXlQQuovAntB6XHpgc2Vgh7Ao93DpBxmRfFTXI2r -O0C6DMzd/oHDbSNkxONuk6V0usvGnFLSbtPDJsJegpSjzSA+CWR9es0PAqsf92Be -unCoUEx+Vzz87/g+shQKkWw+Bw1VKmTGmtXK0x9r/Nawmj19YRfp/CYhdJT3xj3L -5c1Aw5EVM3Ti6ABSi3Lk8dO6XewcR8dgr2wxGE6eSL4XJ1e7GwaSt+F3KbTeAY7c -KcWhobyFAXIyXmjhNYgZA+atnRuD2Cx4w/kO7fzn8C3c0aVZYuv2cXCeqFlFBbas -EhGAHWy7QFZ+ +MIIFFTCCAv2gAwIBAgIUeBO7ijNleg4pg4gsGEwTqZeLBgowDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDcwNTE1NDA0NFoX +DTMzMDcwMjE1NDA0NFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmfbeDwj5qaV4Iw1/ATrU9Ss5irf9 +pWW5scBC/DLswdRgJgHnM79BiwJxhjrUGnBIRdOoAopf5NmJt14wwwOkyRui77jR +1XLbiTV5uow4NIZ0oyTYUTybmIdqatbCGXTOnYedOoogZt1D4SvDyzoCPJMXL3ig +nezgmPons9eXjMJgTZXxCIkwUYcIjhvjHy2QIIXWXQM0jG9/gVMJN+Wu1FbhAv2V +z+DUZmFKwjjvnFJsQskoHGZ8g5hKECKiTD6zSKyVcJSKOcgnPrA1jh1YAwVNp7qn +Vt15Z26dsKSKSJh0ET6PSrruCQ4W3dgAN3PEUZclx/VFBEnWx+Xr+zbqOVg5RAA0 +QZRLZQqzIuZLFkEQJ6yMerU0cQ1xvkxhWXSSYG0tZHonfhZu4x65M1GRZom1XTcB +XtnwrcMCxYuRRIHE6ObRqzenkaU3dS/s3oZzHXv9byUdrYU4ZfhSYObGegCa4jY0 +NvuaL1JJyGXJ7P97ScRf0Gjm7m+oMrET7gb0bZYTgIJd7+FnUsiRXHH2b5w9AoCN +1tYSmmu1wXkGw1njqFGLKrghwhfYrH5o/8xnQbkkszEWSCGW8e4Z1KIPCM/an6JF +QfwbSFw7ftjN87qoqqkzqQq4CoiQGyCs9mMSBmmH/7XTFsRjmw205Od0N+XCEAmv +OPnA8J60gdoVW8sCAwEAAaNTMFEwHQYDVR0OBBYEFHogObiMvRDUu1UFA1ElmE5o +n0LVMB8GA1UdIwQYMBaAFHogObiMvRDUu1UFA1ElmE5on0LVMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAACPasY7ZBYW58oYuMgX/MZa5F8V3bTX +Fi7WpuunVzJ6X68KadTPF1GeF/dyfkqly9xG5qyeL8X3MoAhKfMp75iz7JkNpilq +mHO9GRN+SRzCOF2otWZGpvTp4syLq6VfjWw9bkwzC5N7FIP0t07aO4/AIPbpwHwm +oH8O611eVrh7nrhoXhUa6s4UxEVNu6RP6D8AtO4KDtJ3phPgvEXXZKZ/DUWcrAmB +2mXVZsuLOvegPPP0RxqgKlNX2ZG53xJE4Ugg8zfPyU7DCI3kpnks/gJrhz6B1nuL +14KOC/rXo5oQRNVhTmanKHnW6GKZ5QEB1rqty16RG2CBog7957DnSYKleO4Y7daN +RZQX2x34PzbKvbDqcIgtlmFJmP6OMd8yUGBqIEh+3ed6GImfoMZdhmnttMnaAmlP +OU/w4cTB7FhQoX4MN5y3S/YA32mBjBt7H2NZmXJl5Q3DU1cKtJ1vAwHIATXlwt7F +9wOuhT/2usGQue1l2H26KRZ7tqa0TvWYzYI9liWEn8CT+Hf505c9lnAV26lxoSBH +C1MQhK1UzOSpL0m+GFdz6fX6fCYCB7DZDuv++KcHWbKXVTSk0jxZvl34CAIXJy2s +Xm6jtv9+Jo5zseYDTT/YgUXymH30SL+x8WHhOPPgunF3SD7uMbSyxI021vkBmRmi +mXLHfCGEyjF/ -----END CERTIFICATE----- diff --git a/test-ca/rsa/end.key b/test-ca/rsa/end.key index 9499f6f978..0309320c89 100644 --- a/test-ca/rsa/end.key +++ b/test-ca/rsa/end.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCYz8pM3z09XnaA -qOvsuCRluyaPGuUNI5j/72LTYXdnHXNJMjskj4DYjzuo6VtjupNMPE2o9jvVNzeu -KZ56ID/mWFM77V0gIY5pjdgZg5Qi9+dlnraeQvBIhO6fvnzbWlqVUH9ag90bLj8R -rHb3W4XkPOFgvR8gOGUFg4X6GiWT78KHo6QZuwFDXPqqfjWSexZnZQWCc1BVM492 -7uzuzbFFB/KCe7ncOrZ0RUu5eeNIZdsmoDDKEV3wWKE5qe58KtXcSF9y3AI1+/oB -eobtNwT3egaevWZ3xq0yVQJEEXsbTTuJKpp5XF/FDflTHpSdjfhXmu2Am9eNaEsQ -5O+r2ElDAgMBAAECggEAF0R7BlBu19jPIhEBIfakiB7tJJi7lqVnHFUxZC6GNUZd -MaB7M+UWgSLyD7/py+9ykobowO4ujG0PcS6MybCpD3mUbDQHXCdFMsTydL69qsNk -0ZV53fLNo7p7Rl8v+LWzGY17uWcJns61s2BiGZDZ0WJZuNajFiSwG8emeen1ndGF -a38B0F3f1Hv6ByXGK4B9QRnZMoN1oTLovUKh1ryNI8cGSRgQx6qulepGU0Xkmti1 -3cqXVb4zye9jIimVMQq+eW6TXQ13F1DcoVR174eojnxDrUFc/Ar+PIwx6a8Jd/+W -S7E1zoaXeooVpqG2V1HHuagEAc1UnX5evqAkWVVcOQKBgQDUtVW5P0NWxyYg8FjZ -9OkGGB6t2EBl1D3p6EkHG2fWBmPV4+TJomN4W3ppGe0H3CqKe8QEEeMWS1oSGADO -k38MZV0zFN19nxhdBSZgcZ0sAY7qMaT4Tq5SQ6VUVupxoASwx/H1ZBVLeD+hFz37 -fTyxWzSz1/XLpeOLggxObgeCCQKBgQC36a58LOgwcVmwUEndRhkfbSElBKtGFv5T -98l004MJfsf5kpq0SYm1c3RB4F5nkxtjG8l/1/lbxnxezUG4XWq3/DMz+GqHA9x6 -et/xPeiUDcKXFmDrP8CzOqnIwV28lPdWrqSkFLCxlDNJAb1Zju+Ly/MDCFoU+2Ev -b79ftDNT6wKBgDk4Zs0kpZrMjAdEYMKRTbZj+qzNhdVe2SD5advNlYtPwL+jRMKx -Oo0AHtfzL35zzcXfMYXewfYXYy2G44Cu0PimtAGv1T2b9NPhNMexCJTz/lwl6rkZ -gW+D3w/nKb5TS6+6ue5HdCsPOB6/v97Ne+xCGtVefTLBd4rp+yGGG+LxAoGARLmU -NF7rnT6eT16RW5iYRsAXBKhMAHMTMvmDVJ69dszjmYWJPhnE1gOAzCU14ep873ow -wA9K5Vq0mxCEoIp4GKyrzZ3k4PM2bqaADLwfr0O9FYyNRxuZvOANFjH7/z6Ddubo -K1B3/sPsrjlyModRSKI7+0QhtXmChaFymCbUj2UCgYBOt21zl/U2bXgoOT3PMRbO -BYk2LUU8qco/o6VH5/ibvcTliuR+BGCDKOjD3pTaQweT4hNQDDFT5HntMtRFNa+M -txWWbrV8/TlItkgf1AT9vv0NQJBfLjCA6hsYXDHyi6RJ9Ifbs3blBCx0g6OrLBbB -ABrlUhuSHvRX3d2WY59flg== +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDIKTHriPL+/8gx +e6vvLQZl3XmYxjpXtiUixRuiL9GKZj0i7pNk+YV+GN4KA/WK7dE6hD+87QCSmAIt +wRZ+BKCzrpy67i4j6uJBRZlR/4wQ2RLw/+b/UMRu9/MOPD+gxi3FPqq8TUE7jZQ3 +FHpZOad0Qu79jLnwpLFMyQxWTNxJrvusr5hzJle/PdWE6sTEB2XF6vzlL/sYkpoX +8IHN5HJNjHy4uA1HuXOHZh3CN9pdRDzhcYdIKJgKFiInBorxpM1dLkUpi7l8/Rii +byLdiO+7wv5CgAPVr9DTP9lqlSrrhc/ZFEugdVReaiZgf69DK6m0/tMcpxAuFHNF +lo7+HQDhAgMBAAECggEABJkZqfj76Aq1LRnTsctdfcKQNAe9uF0ZTkqr31Zs4FqH +5gEIBsZKoEJu+1jq75WV/FukYTEqlbODPUzVuPBfRrForUyiZ7XSG8C/DGir7Ykn +C709L7lJwejVPwr4RTe4PnM5ldjKelU+xeMlCl6uL5gICHAOp24JGqP1shfS6ahe +ej7mtKHu/jY5YwS9oiAwqqz9f+tXP109sdfo7xffPCH7HkdSEK9C6hXbGp2KzGAx +8NZuaaib+BQ29A1PWjR/3OgPdQBOaI7k3TZeHIivk0AIkeFecqNMCHNIFDFydwJ0 +yw/ab8hydHlvcsDHRFc19zR5tJhJLhhRgE7RbyoHHwKBgQDvIBbb7iVc4ZOVPmOw +huOlJ87OoYuFth0SwluolAwDaHpu0TEXKLP+mQCRZm3Unv2s/peCs1woEI8LqXVO +j1tFBO4J9adjrlMqmrk1g/dTmUgYovpwZcJ9ZIMkfydFbwrEaWgFDkbUvJLJjlG+ +eH5W6RwZliTR2tbNxhU8/Ckj+wKBgQDWSTH0HjBmkEIq+pTpaSA3gCfiRTMucRWz +BWNnYaslWa72I6XZzuAdjhs1C9gQz124GIWiR+9x0C0LZHDxpbwLjI1eeeeqmMsv +u9T9b4nwfKtjz1B3dsWtQiHgoAK+CykISY7xhrk2nKxwmViz+ySkQu0HDZwLE9Ch +59t8sQS70wKBgQCtbiymHjbjAogzeih7Y5m/svt/ShMTS14SuPwZbCa6YhBKR1a/ +YToKsZWD3zJRP27lBVGF7egs9rWI08LM05Rynny2pIBe/5Q6FjW15px++XEczTeu +RV+l6jxjQAWPilXY1konQI+Gw64CmUIYTvPyvOcwd4EE4x9f5waIUKrV+QKBgQC2 +yfkypA3lb2kCAH7GHEa/ETL0cNMX6p739sC0jzvOwJHepMn04eOLUo0i0tecf0cS +othbdcFq9Il4DlXJy/Z8Y4iz7okPnQa10SP+jAa+fZo1qcKaJVa6VI9RbSzpr9tw +lk64+JNFYqA17Jkd7j1zYSOPwKw7RsvRUFaKJvZCwQKBgQDmBCJbAIcPxXDTssO6 +w056l0M/nel2e4Lo1Wq958u59xqFuNaXRSqlpB6pfRHdKt7DVmrJJl4mylSk9H4g +660F+RBGVBLdfnLgKdC7NgFWrV4DxgoU4jUY3+zurBl75mKER02Fh0zfhhiwrM2g +14fy3hWF11lqatcAsQy34YcGlA== -----END PRIVATE KEY----- diff --git a/test-ca/rsa/end.req b/test-ca/rsa/end.req index c4a03377d6..95548f2400 100644 --- a/test-ca/rsa/end.req +++ b/test-ca/rsa/end.req @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE REQUEST----- MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYz8pM3z09XnaAqOvsuCRluyaPGuUNI5j/ -72LTYXdnHXNJMjskj4DYjzuo6VtjupNMPE2o9jvVNzeuKZ56ID/mWFM77V0gIY5p -jdgZg5Qi9+dlnraeQvBIhO6fvnzbWlqVUH9ag90bLj8RrHb3W4XkPOFgvR8gOGUF -g4X6GiWT78KHo6QZuwFDXPqqfjWSexZnZQWCc1BVM4927uzuzbFFB/KCe7ncOrZ0 -RUu5eeNIZdsmoDDKEV3wWKE5qe58KtXcSF9y3AI1+/oBeobtNwT3egaevWZ3xq0y -VQJEEXsbTTuJKpp5XF/FDflTHpSdjfhXmu2Am9eNaEsQ5O+r2ElDAgMBAAGgADAN -BgkqhkiG9w0BAQsFAAOCAQEAZO6NVv+/0DTSolXcL6UpCCA44rVu+Gti3MxaWAAm -SuS9O762zaG+9TfOJifXTNIyohsF04edpW1Cxhje2u1TbrO2IKznaBwrvXIFhfNN -SVnKhX3SltQKRDBQgkmS6L6bnzN2HipWtkqW1PTOMo+9Gw2RgR+1uJkemftjZ5tp -+C7O6HXGucbGv7YpYb79l08cE9UxXI8AH/XlQNJeJ0dVM/ni2P+iS3vUurzgMhfG -IuFQA8Fp+/0JXTD7/e/K9w8+wufV41FDROFt/63pf9XehO/pd5gsPUFdN1irbYzD -izKAJW7zHwHHE3lEDx9suBd5GFtMq67SxDw7ARTo0rF28A== +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIKTHriPL+/8gxe6vvLQZl3XmYxjpXtiUi +xRuiL9GKZj0i7pNk+YV+GN4KA/WK7dE6hD+87QCSmAItwRZ+BKCzrpy67i4j6uJB +RZlR/4wQ2RLw/+b/UMRu9/MOPD+gxi3FPqq8TUE7jZQ3FHpZOad0Qu79jLnwpLFM +yQxWTNxJrvusr5hzJle/PdWE6sTEB2XF6vzlL/sYkpoX8IHN5HJNjHy4uA1HuXOH +Zh3CN9pdRDzhcYdIKJgKFiInBorxpM1dLkUpi7l8/RiibyLdiO+7wv5CgAPVr9DT +P9lqlSrrhc/ZFEugdVReaiZgf69DK6m0/tMcpxAuFHNFlo7+HQDhAgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAQEAiDQdzNBzgql9Lca3YdZmVLB3JXPctzefsSLq/TeQ +y2nf3IdZKrsYPwTNEptmdMN4c0NqhAhxZhf5TV7a8xfGERZuYm7EB+6neiu14zRV +hrobvfQ4Wzcl6DNBkMdz+FxykFXMXs/2OaAOIsVosqkflxGXlyPGvzhk2tceN6Dy +nUhgV+60lUICXnP1FrNEOheylATFCJyCtEQkjtWneW3otpTRrlV8FYL/qzwPS1mT +U7cPfPBbK7o0RR50bIyfpYt2s4f5f9R3H46xOcIV85tWBOkBgyu6wNrnjb14SKa2 +M5nxLAq9j4PEX9sZT40QnXVYAZdjxz78T0GRINlmNYNDNA== -----END CERTIFICATE REQUEST----- diff --git a/test-ca/rsa/end.rsa b/test-ca/rsa/end.rsa index 9499f6f978..0309320c89 100644 --- a/test-ca/rsa/end.rsa +++ b/test-ca/rsa/end.rsa @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCYz8pM3z09XnaA -qOvsuCRluyaPGuUNI5j/72LTYXdnHXNJMjskj4DYjzuo6VtjupNMPE2o9jvVNzeu -KZ56ID/mWFM77V0gIY5pjdgZg5Qi9+dlnraeQvBIhO6fvnzbWlqVUH9ag90bLj8R -rHb3W4XkPOFgvR8gOGUFg4X6GiWT78KHo6QZuwFDXPqqfjWSexZnZQWCc1BVM492 -7uzuzbFFB/KCe7ncOrZ0RUu5eeNIZdsmoDDKEV3wWKE5qe58KtXcSF9y3AI1+/oB -eobtNwT3egaevWZ3xq0yVQJEEXsbTTuJKpp5XF/FDflTHpSdjfhXmu2Am9eNaEsQ -5O+r2ElDAgMBAAECggEAF0R7BlBu19jPIhEBIfakiB7tJJi7lqVnHFUxZC6GNUZd -MaB7M+UWgSLyD7/py+9ykobowO4ujG0PcS6MybCpD3mUbDQHXCdFMsTydL69qsNk -0ZV53fLNo7p7Rl8v+LWzGY17uWcJns61s2BiGZDZ0WJZuNajFiSwG8emeen1ndGF -a38B0F3f1Hv6ByXGK4B9QRnZMoN1oTLovUKh1ryNI8cGSRgQx6qulepGU0Xkmti1 -3cqXVb4zye9jIimVMQq+eW6TXQ13F1DcoVR174eojnxDrUFc/Ar+PIwx6a8Jd/+W -S7E1zoaXeooVpqG2V1HHuagEAc1UnX5evqAkWVVcOQKBgQDUtVW5P0NWxyYg8FjZ -9OkGGB6t2EBl1D3p6EkHG2fWBmPV4+TJomN4W3ppGe0H3CqKe8QEEeMWS1oSGADO -k38MZV0zFN19nxhdBSZgcZ0sAY7qMaT4Tq5SQ6VUVupxoASwx/H1ZBVLeD+hFz37 -fTyxWzSz1/XLpeOLggxObgeCCQKBgQC36a58LOgwcVmwUEndRhkfbSElBKtGFv5T -98l004MJfsf5kpq0SYm1c3RB4F5nkxtjG8l/1/lbxnxezUG4XWq3/DMz+GqHA9x6 -et/xPeiUDcKXFmDrP8CzOqnIwV28lPdWrqSkFLCxlDNJAb1Zju+Ly/MDCFoU+2Ev -b79ftDNT6wKBgDk4Zs0kpZrMjAdEYMKRTbZj+qzNhdVe2SD5advNlYtPwL+jRMKx -Oo0AHtfzL35zzcXfMYXewfYXYy2G44Cu0PimtAGv1T2b9NPhNMexCJTz/lwl6rkZ -gW+D3w/nKb5TS6+6ue5HdCsPOB6/v97Ne+xCGtVefTLBd4rp+yGGG+LxAoGARLmU -NF7rnT6eT16RW5iYRsAXBKhMAHMTMvmDVJ69dszjmYWJPhnE1gOAzCU14ep873ow -wA9K5Vq0mxCEoIp4GKyrzZ3k4PM2bqaADLwfr0O9FYyNRxuZvOANFjH7/z6Ddubo -K1B3/sPsrjlyModRSKI7+0QhtXmChaFymCbUj2UCgYBOt21zl/U2bXgoOT3PMRbO -BYk2LUU8qco/o6VH5/ibvcTliuR+BGCDKOjD3pTaQweT4hNQDDFT5HntMtRFNa+M -txWWbrV8/TlItkgf1AT9vv0NQJBfLjCA6hsYXDHyi6RJ9Ifbs3blBCx0g6OrLBbB -ABrlUhuSHvRX3d2WY59flg== +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDIKTHriPL+/8gx +e6vvLQZl3XmYxjpXtiUixRuiL9GKZj0i7pNk+YV+GN4KA/WK7dE6hD+87QCSmAIt +wRZ+BKCzrpy67i4j6uJBRZlR/4wQ2RLw/+b/UMRu9/MOPD+gxi3FPqq8TUE7jZQ3 +FHpZOad0Qu79jLnwpLFMyQxWTNxJrvusr5hzJle/PdWE6sTEB2XF6vzlL/sYkpoX +8IHN5HJNjHy4uA1HuXOHZh3CN9pdRDzhcYdIKJgKFiInBorxpM1dLkUpi7l8/Rii +byLdiO+7wv5CgAPVr9DTP9lqlSrrhc/ZFEugdVReaiZgf69DK6m0/tMcpxAuFHNF +lo7+HQDhAgMBAAECggEABJkZqfj76Aq1LRnTsctdfcKQNAe9uF0ZTkqr31Zs4FqH +5gEIBsZKoEJu+1jq75WV/FukYTEqlbODPUzVuPBfRrForUyiZ7XSG8C/DGir7Ykn +C709L7lJwejVPwr4RTe4PnM5ldjKelU+xeMlCl6uL5gICHAOp24JGqP1shfS6ahe +ej7mtKHu/jY5YwS9oiAwqqz9f+tXP109sdfo7xffPCH7HkdSEK9C6hXbGp2KzGAx +8NZuaaib+BQ29A1PWjR/3OgPdQBOaI7k3TZeHIivk0AIkeFecqNMCHNIFDFydwJ0 +yw/ab8hydHlvcsDHRFc19zR5tJhJLhhRgE7RbyoHHwKBgQDvIBbb7iVc4ZOVPmOw +huOlJ87OoYuFth0SwluolAwDaHpu0TEXKLP+mQCRZm3Unv2s/peCs1woEI8LqXVO +j1tFBO4J9adjrlMqmrk1g/dTmUgYovpwZcJ9ZIMkfydFbwrEaWgFDkbUvJLJjlG+ +eH5W6RwZliTR2tbNxhU8/Ckj+wKBgQDWSTH0HjBmkEIq+pTpaSA3gCfiRTMucRWz +BWNnYaslWa72I6XZzuAdjhs1C9gQz124GIWiR+9x0C0LZHDxpbwLjI1eeeeqmMsv +u9T9b4nwfKtjz1B3dsWtQiHgoAK+CykISY7xhrk2nKxwmViz+ySkQu0HDZwLE9Ch +59t8sQS70wKBgQCtbiymHjbjAogzeih7Y5m/svt/ShMTS14SuPwZbCa6YhBKR1a/ +YToKsZWD3zJRP27lBVGF7egs9rWI08LM05Rynny2pIBe/5Q6FjW15px++XEczTeu +RV+l6jxjQAWPilXY1konQI+Gw64CmUIYTvPyvOcwd4EE4x9f5waIUKrV+QKBgQC2 +yfkypA3lb2kCAH7GHEa/ETL0cNMX6p739sC0jzvOwJHepMn04eOLUo0i0tecf0cS +othbdcFq9Il4DlXJy/Z8Y4iz7okPnQa10SP+jAa+fZo1qcKaJVa6VI9RbSzpr9tw +lk64+JNFYqA17Jkd7j1zYSOPwKw7RsvRUFaKJvZCwQKBgQDmBCJbAIcPxXDTssO6 +w056l0M/nel2e4Lo1Wq958u59xqFuNaXRSqlpB6pfRHdKt7DVmrJJl4mylSk9H4g +660F+RBGVBLdfnLgKdC7NgFWrV4DxgoU4jUY3+zurBl75mKER02Fh0zfhhiwrM2g +14fy3hWF11lqatcAsQy34YcGlA== -----END PRIVATE KEY----- diff --git a/test-ca/rsa/inter.cert b/test-ca/rsa/inter.cert index e36f4d7618..4a2ec09b8c 100644 --- a/test-ca/rsa/inter.cert +++ b/test-ca/rsa/inter.cert @@ -1,28 +1,28 @@ -----BEGIN CERTIFICATE----- MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMwNjI3MjAxMzQ4WhcNMzMwNjI0MjAxMzQ4WjAsMSow +dG93biBSU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAsMSow KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC4cHjqDpD9JPmZUzQ6VRraIaxPysbc -Iu6JgHYuFZeFGi0dU4DkCjpySiqF0r6Ym3ZprweJdsX0WMHYgcn/L+0GcgXbxZKv -emyeHS1XSFnhJUwNHdPzz7YUL7x5n6ucZlU89XB7yzjpm8KF8XEltM5n63TGvVm2 -xstJu9YE5tIXFOo59R3GM0xaSexNhKTTaY4Q4kvLURHYhHB0WSrngJTW77u65JRp -mO9y+SOtHlpuOrlf7/PD6sQk8Fb0UZHJDlNVK3ScVQ/i4eHl2+VKl77UoavI/SYG -luPQwy2SllYHPnvXryTIDsO4CAhtHe1kBqgEe4gnQqkKBifnom1oexaKtOqP5msw -9+P+DqjOu08qGLUS8UB05cLXtqnMp68/6cPT3sE+1tm7iEYZwqxSLSS3DOPdBr3H -bBq820O4aypi4dEPTAnWkYUj3FG7hfOyBFNtNkY2wEX1K/ylo32d2kOP6oRrBubs -xYT61q1cVIvcjrA0Ko6XRDHqCPEloGlB0mUCAwEAAaN/MH0wHQYDVR0OBBYEFCth -I0XFXPbGm6FozJPAW+xO9ZwsMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBQ6C8hg -WzhevlKNP8/vtCRiyk90fTANBgkqhkiG9w0BAQsFAAOCAgEAnjpQF9FTwFQD75aA -1xL15XR5l6DrjDzZfq13gr/StaCQJ44OtmJvjzdgfPI5sRmpiUgU7bK4rOhKLK6C -3NUpq+Zg+5D2TzDHwyBNb0uViTgr75/P+HHBJUHwdvKbenDkn1QfPlx8nOtyyyFD -Jw3HEVGIAzGX3rWUkyZhwLQ1JUC6tmckNGg/9OVxKnr0f1fxct/F1Hc3Hd806Wqc -/D2QdDDTCtA9qZt53ED+SaLI1mzfvm67pyRZ43V5BvkAj1xiumGFHqLheK7hdC9V -WXHgPQobGJgyhOCAnQru1iKKnld+VIDfkZHu6fchsJg9ty/526QfyKRGfT7ak3Ng -0VSRsBj9zRPBiKrK4SFcmmWVIbj+lyN0xJWJFJ0ZrxFnLE/fjzF6smyTZxRYC15L -NCq+xy4yAvFRvcLOCjhmWkDJeAa/Y2cg50xrHpK/Y6FtPT2Bg34N1/fY9FP1r6AO -QMSrFGWpRl8Nsm6EfmJMJR1vfX52H7u0rla6Ay86yL3JMAfW7zFMYrRXx4bxq9hF -Rv4z5nj1RVR3+iNeOIWNx7YtyxvYvd+zPXY2LlkAr9QAjScvsiCKWi/5z9eC8aSX -VJcQoaKWoX2/SwjRuTSsI9P7rHeGNavUQCVL97slkdx//Xvw6ruP3bOQ+XzYvPAO -/DUNNf2nkPD7DKj8pFV8Ia8p910= +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDJygesR+2I4Bc9YCty+f9/mn3zD6Qh +pd8C2tGKBQ31cD33Q+sN4JGRWkGTJIygu/oXXeS3Gqu0RjnPHFikMdDOWge6Wizq +pGzkftg1ZL6nvs9IkOhrcfEIthxJmC5zOfEQ2f/7k1a4lriUC5rYot86ySOgRMbJ +1p/uJPejbGXGiJD8q2T0EyNS9RlgCXtBMrVbngwl1aet1ZR0KQITPA9pKi9ra6Og +x3agB3tDi/LGiX2JlkLAvp/VsN5CnnaEeppsID+7fFspr/QWjVl27RRE+KMpPL1C +sxuUXodcFv1s+4gDrXZHEWCUAL0O5gwVtL4mCv0vfdqZZQWThZdRlRM1FXAhk+ja +aYrgCbWgfP7M9qaTua/mUVEKRHAOzghCeGE6B2FVyKlk2xmPHseLMeM9n8/9vgGs +5h6WHWzs8BNQKgs4V7Rd9cqQ3JdZI8+TAaD43wFCwoW3dNnLOOsyS6XF4WVf9ngn +GxkFajQLkVuKwHCqmrJa4dtjx793EtD4ONECAwEAAaN/MH0wHQYDVR0OBBYEFNXw +HMupiq5aMu/dsQWTVaUSVVCjMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBR6IDm4 +jL0Q1LtVBQNRJZhOaJ9C1TANBgkqhkiG9w0BAQsFAAOCAgEAZbhH6jLY/RqiIiX9 +Eflrn+86FwAzHZiKgbIkMVUqhh1tEHsmVqyXgGZvp8a0j1xA/Kj4RJ/mVSNIZ/z7 +PdDcfYfcdotUvfpUlMIdgESB7tn2VfLdpx807DHTK44di+RsDEOcZokb+u3bYzsD +6VeYgk3dCdSQR7s6NEgKolcQkY0Ma8EL188yHBmkOOex/ewM+sVNYKQTiSWeCJhV +pQAOQwhMejHa8BMvZGKIy3RtXDR+bbS4tw1tiJQXft+380+yNfrkpDDiSiyhR6KF +UXwZD8O7DLSlT0mHxe4o7reurPcsDkoF7aOywuxI43+SKwPKtxgEZif9FiiMfdJW +fK9wy/gf8Xd4YAn6ja7TEsu1Xtf/NpC3oBJ7T2Fhxf7wV3dDqUxltKKHnCJ0QWrn +4e5fyLpP4NsVIFv6LPhYvm4Aa574uyYMfnVhui1mHWMi3FbOACPQ13x2S7nLVUzp +ZtorkQgQAo+D45lSJCQizf1CoRP/l3+iOIwhP/5Sr/at4nOsjTQCE4gAeStlYfoc +SwVtG/euJTxKR7n5HPn2Jcb86AqnNp5zF5XRJgWXyIn9NfYuNAOTWqQXPgc2Cko0 +8f4bBc1Z7u8UN+dGuun+MnFLUnsQDPAarYWndS/7c7IuqLNjQJVnk5+ZnV8DIPxU +9rOxDaj2ExLTz8unCJcwRxEtyd0= -----END CERTIFICATE----- diff --git a/test-ca/rsa/inter.key b/test-ca/rsa/inter.key index 09de8116d2..bed44a1e3c 100644 --- a/test-ca/rsa/inter.key +++ b/test-ca/rsa/inter.key @@ -1,40 +1,40 @@ -----BEGIN PRIVATE KEY----- -MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQC4cHjqDpD9JPmZ -UzQ6VRraIaxPysbcIu6JgHYuFZeFGi0dU4DkCjpySiqF0r6Ym3ZprweJdsX0WMHY -gcn/L+0GcgXbxZKvemyeHS1XSFnhJUwNHdPzz7YUL7x5n6ucZlU89XB7yzjpm8KF -8XEltM5n63TGvVm2xstJu9YE5tIXFOo59R3GM0xaSexNhKTTaY4Q4kvLURHYhHB0 -WSrngJTW77u65JRpmO9y+SOtHlpuOrlf7/PD6sQk8Fb0UZHJDlNVK3ScVQ/i4eHl -2+VKl77UoavI/SYGluPQwy2SllYHPnvXryTIDsO4CAhtHe1kBqgEe4gnQqkKBifn -om1oexaKtOqP5msw9+P+DqjOu08qGLUS8UB05cLXtqnMp68/6cPT3sE+1tm7iEYZ -wqxSLSS3DOPdBr3HbBq820O4aypi4dEPTAnWkYUj3FG7hfOyBFNtNkY2wEX1K/yl -o32d2kOP6oRrBubsxYT61q1cVIvcjrA0Ko6XRDHqCPEloGlB0mUCAwEAAQKCAYBI -Hxr5E2cYxgugLAwBP2Q3pfE2ZmmqjTJPrF8KGEFet+SqUgvVoDZImL3WBJmpHSmJ -m/rLgxlXOhna6q2tTvVVjuLBlJmOasXsciZXuiADTU1W17IY5cEiVaRSvuAhUVbF -dohcsBP6LYE8VTRUdUY9FrJcQJDDSysVExFWa1f91Jzeuv3AkjCqIbv4eATn8p+t -9H+E6pea3fcHWBLR4dLR1X7ITzfFrxr7D3cm6/aaofX5EOB2XOgENcMa2Ia0YxgC -IJe7OT9gs6N74HZshk1B9j2eVxQfQFRaIMDr8LSLOXsd4puvhGmCmcp4lvUvwQn8 -qPt3ee/swFXucHKbR7N8iWQikD0RS37hhWM+fI571r8REnOwr9ZdbeerIrBogNFQ -l5LxPJg23ut4fziY78erqLQLEhPdp4Da2KuooTY0OK1NGnHHlwNJAa88hJp7GkLN -e53DafMWpCZr72Ie3IESVzvv+yJi2hcSdo9anRYE00kqTVmc54wJ1ofDEmmTi+UC -gcEAxBOvZu9EVI0JlNsbdQQUBz30ZJMz3NllaSyiKPzFQ0PsK/ABhauRl5Z5qMvh -GwwPWXYPH8JuYlek/PqgtXDxeyjkVTqAmihMoYpAVuISOwlOLFChmyJnzWr70I2d -pEpLr9E/I6GuFcL69o4WXp0xHJ8GuNxIn54YPatJGnFwmX1wGTCF+ytdWQDPIXu5 -YH3jvb9E2mWKZINciElQOt9iyconvmpWU6ALjraXnEq6yhae9DZU2m0opuHrNtej -xN03AoHBAPDOTyo4OijrEI/beYoCX2Oi1YEyT1yIOVKrSD8UFNjRCBcYnh5Vo8v1 -rXh/BdWyvqaoApRjZUDRTEGrfsjGDIYz+wBhGVWfv/0GdpgyS11Z/oXVlkc+C7OD -sxbHtdATSfm1YsVuy5L/x0W9+EvOMylssrLDpY6fYkMnzXOkNSRq06SBjwFC3Sky -wXag/7F3btvdJScX7Zith5b0uUbSzQvZjczgeDQ/f2P6RET0KceLhFexndwJFX7d -IAd5+mH7QwKBwQC5CLKf+u+KssX1+YdBuCWGaAr31oo8wdMXm400DMXDIpf/JrDp -Ce2NFe2dQzkdIxZhIC5JlFxC5d7G9WUvlHPt+7ruSxUNZTZbw3HQC+uUVsW0wCqh -kahPi8QzHVFEtvAR7O8emvcDhkr63T9y7fhowBHB5e+K4dCScc+86oyN7Hga7VWi -n1uqID9Xo8BetK50Y8mAKA6fp+9slXLm++Pn9aPn58WriP8fIGSWk1cOWqaKY7NT -pWuVgOFNkdX0c6UCgcEAv6OwpOzyfDX2jEYiR47z0xt3xsX/Gqje1ceyS2Dz5kkU -oyzYSVPmcx8l2stcHWGPEJqM0wL3RcpLYcfVsnrK5NLhYr/jpZzo8bj/EMiV6ckB -IgmE+1WJgmfBUtPFAb8YFD4iSPWP1YDxWbOBsvJ7DPCQlmvVideWH9PBUdLQ6BaM -MFNbN6m60FqwVHR0iQt/kkJAmwgT8nnHen9wI8kHnfKZQv8xKoOOIka9phKaXU/P -FusnskEYdkoMf2a3uNp5AoHAGCu4pLMqKs3vwFOfXkdtiMs2KnK5dOHbHgomwrn+ -c401dixykuPcooSQu2y6xCBNx7iSo7QYtQrRVNN3ZyAdj/zT03JY6dXN7gHNeB8c -VBA+Ab32rmsrTGRwg9V/zHFbfyYIx/wvYRF0SZyIuhVqTHohl0mQiDkWtipXtSwW -o+ynJ99r6Nf14bcQSauvF3ZijLSYgcNhYG+Kz1tEcYnBUUR+N75dyYju856VTM00 -wxQL0Be6/MFzazp/MydSgPsk +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDJygesR+2I4Bc9 +YCty+f9/mn3zD6Qhpd8C2tGKBQ31cD33Q+sN4JGRWkGTJIygu/oXXeS3Gqu0RjnP +HFikMdDOWge6WizqpGzkftg1ZL6nvs9IkOhrcfEIthxJmC5zOfEQ2f/7k1a4lriU +C5rYot86ySOgRMbJ1p/uJPejbGXGiJD8q2T0EyNS9RlgCXtBMrVbngwl1aet1ZR0 +KQITPA9pKi9ra6Ogx3agB3tDi/LGiX2JlkLAvp/VsN5CnnaEeppsID+7fFspr/QW +jVl27RRE+KMpPL1CsxuUXodcFv1s+4gDrXZHEWCUAL0O5gwVtL4mCv0vfdqZZQWT +hZdRlRM1FXAhk+jaaYrgCbWgfP7M9qaTua/mUVEKRHAOzghCeGE6B2FVyKlk2xmP +HseLMeM9n8/9vgGs5h6WHWzs8BNQKgs4V7Rd9cqQ3JdZI8+TAaD43wFCwoW3dNnL +OOsyS6XF4WVf9ngnGxkFajQLkVuKwHCqmrJa4dtjx793EtD4ONECAwEAAQKCAYAI +qH6DyeJLSTI2E/ZJTKjF1N8qmrU0LGXRPYpYHbdnnJVMEsH3KneUgQbnRV4zV113 +uzOhF6feaFT6qgCzqt+Gux4xxMTAnKV/eGHWiKgVkn5aYr1WPuFUulukXL9Bem75 +hiERrlS+PtlUoNrYCMUDRLYenlTZPDhIg5WMkY4cYqe177S5NEkDujiIgl+jgIV/ +lNx4kx5KuytPgKLyKFWQ8ZpvRYMT1vskCq4jS9Hy6ttUF/ptQsCg7qHawenb7Va3 +Wqah5FSJ+tSaqpzeShs07HbwOgDjitirFvcNqAQshP2wzAetuWHYxnG7XC+xhHo4 +vH7XBMN/q+QTUiNz/a+fXJWRWB0kihQ6qRL4ef1XifzVed1DWkVYH4NRf9cXedj3 +GwsA8X3W1AorNNIVZMVCc4pLwLuzF+JwyOUaltRozG/VXtUNvzEe+rNLqd6+q1iE +ago1nICwSBqCq78V6Su2I94OELs+MlaZ4qd14ONvjR4KoXujHoPjgFBYUbcHSTEC +gcEA1elEqk4GK4DbNwjJ5WrY6IjTZkGFHV/Ii/1sInRfqlODje3VbptTyr/PccsK +1aE5Tk0wfV23P6GcnkEIJOyqj70O3BbmHZG5mg1tbs8+bnx51ezNbyUraFh+ujz5 +UCWGQfRJiErE9IMRz2C1kThQt6gbpA3Xkyk8xW4UEyd2ofrpv/MZyd1BDWDHKN7f +CLLuBgqQ20jzsI3e8j1Vsad9L+BhOTdJ+FkXshYZJGprg2QZwvNXPOmiphgh2XDz +oTCLAoHBAPF+LIrnGcoq2zHjSHnunQrlchx6NReDAmDm63bl0Wvht3X0wF4CScR+ +Pe1op+CnBl71jb3Qhf8lBrVW4OpHNwaOMKnXdWL3ywP0fH2zDFaG4t324Iixulp4 +MVRHcg8Bm+I5gFDn+M1lacZjpIde7f8obtyB93+9G0pfbO0W/wklPbWxODRNFA74 +gsXUj6BUmXrKXjpv5J5RbDYAKHg+DD6lO1Ol70gayTm5N59hz5Q84JPxEph+UgxT +InlkvwYrkwKBwQCgD+d4g9+sB8SAvsvMJhJelZuRxW8k1rpKvft/IJNA8TLcLd3p +4MJnUPWZ0XOu/O/TfoDNHiXzsCtwY3sDni/WVIJc/6l68MLv2iJLqzmtFOlZwNLL +2wVLFATnuJ5ZcWqvyWqIWGJeEAFwqo3SN1B2zIy6Sj1H+bBmjwLofjwP4p+sKOzg +FvYJW6RLGdHMQY9H5/oSi9kFAHOV0X1g7NII1B4L4SoxcgEAGfcAP71pWKrKLKnX +g39YR3B0s0cqExcCgcAgd5Evf5CFEKv1khQNaJoue9iSoY9/wLpSItmnW5CDS45p +ymUOfopCY6KZx4dCedIudB8BVQae3fB/8tU8SiTIudcrDm+Wxa/CsV0HXUocW/gm +VWmslxBx11TyesSH5fR6PrbUqctWefr1lDHrjUS8GEiHVuXag6cmoZu4aG4TYbFh +OxlOVsqKlLioNkK1EIqt6oUuoBqBenrs66qFN/pXdcl7HoUEEa3aF9+1iuXojSK4 +YSHZ5KnNRGQPJA9WmgcCgcBttG1HjTKcgaslzMy2ShiwywIQ4RYcnh2tXDlLUgCa ++5ZJ7Ys5VxhRivCIgnub3Fs1rVblsIFA0H6B64w8QGHoO6aYtH0DU+ezPj9iPWaG +dls8yX8jwalVwgeBVy4aHX5i0tRWhimffxZzEm8Pod9M0u9/1zbCRQcpmNyl1mI/ +UgP3QJFw+EK/B6cFQqIFFwkQZxLTQDE6dYUSS4LpdbdCjBKWjp1JheAPOsQgkb0c +gcG/f1qBHl7sZT+8QLngEFs= -----END PRIVATE KEY----- diff --git a/test-ca/rsa/inter.req b/test-ca/rsa/inter.req index 21785d4de2..f1021ed15f 100644 --- a/test-ca/rsa/inter.req +++ b/test-ca/rsa/inter.req @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE REQUEST----- MIIDcTCCAdkCAQAwLDEqMCgGA1UEAwwhcG9ueXRvd24gUlNBIGxldmVsIDIgaW50 -ZXJtZWRpYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAuHB46g6Q -/ST5mVM0OlUa2iGsT8rG3CLuiYB2LhWXhRotHVOA5Ao6ckoqhdK+mJt2aa8HiXbF -9FjB2IHJ/y/tBnIF28WSr3psnh0tV0hZ4SVMDR3T88+2FC+8eZ+rnGZVPPVwe8s4 -6ZvChfFxJbTOZ+t0xr1ZtsbLSbvWBObSFxTqOfUdxjNMWknsTYSk02mOEOJLy1ER -2IRwdFkq54CU1u+7uuSUaZjvcvkjrR5abjq5X+/zw+rEJPBW9FGRyQ5TVSt0nFUP -4uHh5dvlSpe+1KGryP0mBpbj0MMtkpZWBz57168kyA7DuAgIbR3tZAaoBHuIJ0Kp -CgYn56JtaHsWirTqj+ZrMPfj/g6ozrtPKhi1EvFAdOXC17apzKevP+nD097BPtbZ -u4hGGcKsUi0ktwzj3Qa9x2wavNtDuGsqYuHRD0wJ1pGFI9xRu4XzsgRTbTZGNsBF -9Sv8paN9ndpDj+qEawbm7MWE+tatXFSL3I6wNCqOl0Qx6gjxJaBpQdJlAgMBAAGg -ADANBgkqhkiG9w0BAQsFAAOCAYEAbMl/5VVUiyqDPN9iiMdKIn2fhyKOGG1psZm7 -KXKz2LksxjKL/4GPkR5pUOyncBYgszwV3+RcOcKaXASShlGBogV7aJG09jbJWzQH -o4AlvQAzRfU5qx5oZm3IrvJi8YPpkWWL5tn/uvf8+Ia4hClzURi/MRdKd+XYX5m3 -NHzt39oObHxVVSzvJH6kA7I0ImbvYKXdcGBKcu9l3tNSobOKX+CwndA/ZdJ5E4RH -y6DXHkHiU1cGdpC7w6v/TQQYsKqGsqiAB1WH1eAPfTriWSdeyr9PyMniZYKFBwXT -TI5dKkpKeh0U/gKPmvCokzRxobaVkRN/witTC9rqfiLDfp3aeOM6Hz561mE6hhZn -ByQ8H48oDRyWW6N4IbHHzxCjYS6WzCQbtKz63X/W+ZwUUbB6e7omnpSWJrYC3oo7 -wjWYrBoUpWcdIkyf2euBBtLF4O3fcmTLreeFJmyJD656EBddcLsDfqASxW9HKIVn -1rcIiIoEoTyVcTQu0by0qwdu8OFI +ZXJtZWRpYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAycoHrEft +iOAXPWArcvn/f5p98w+kIaXfAtrRigUN9XA990PrDeCRkVpBkySMoLv6F13ktxqr +tEY5zxxYpDHQzloHulos6qRs5H7YNWS+p77PSJDoa3HxCLYcSZgucznxENn/+5NW +uJa4lAua2KLfOskjoETGydaf7iT3o2xlxoiQ/Ktk9BMjUvUZYAl7QTK1W54MJdWn +rdWUdCkCEzwPaSova2ujoMd2oAd7Q4vyxol9iZZCwL6f1bDeQp52hHqabCA/u3xb +Ka/0Fo1Zdu0URPijKTy9QrMblF6HXBb9bPuIA612RxFglAC9DuYMFbS+Jgr9L33a +mWUFk4WXUZUTNRVwIZPo2mmK4Am1oHz+zPamk7mv5lFRCkRwDs4IQnhhOgdhVcip +ZNsZjx7HizHjPZ/P/b4BrOYelh1s7PATUCoLOFe0XfXKkNyXWSPPkwGg+N8BQsKF +t3TZyzjrMkulxeFlX/Z4JxsZBWo0C5FbisBwqpqyWuHbY8e/dxLQ+DjRAgMBAAGg +ADANBgkqhkiG9w0BAQsFAAOCAYEAroXQLyVxjWxiS4RLYa93502hsZ1z4E2uPaqc +hHcFMiyMRp6gxFllPol91z7li9RQSQtwsd6mNAPaBjhHoG5aQmpNHiyYHxufF/xR +Q9PmZok/7akQY7lDbK/14eJFsQQlD+81Qhg3qpw0cym3NpmtivnMyGEqpw2EozJC +RxNAjTj+C1LfynB33tOOax/QEz4griFVazQ3T3yEjR5C1xVPzisZFxaM6pxC3YIS +AOoeIHrG5Iw8u98zVMxRHomYSv568/Ghv3bF9lJkwL7bgmOb2347QRtNd3mE2Kv2 +CqPk9HUtIJDytq4Z79wE9lPqh9U8lMmDWWw6JymIyi6UEdiZi+T1nvCo612b/Nxk +mHpFPClMzCxb59o90kmy2TpqYrVX7jkSM+tI7YJZ+PLDoOSrTS5+S19Ka2+xxPGU +T3ekvxkTZFFfhlU6mH0DIG39jXMia7EGlaVrg5j6Ucu3a6Ph2+RCHJvMtXHLgWV6 +N0KLYXPb7EXYyUnlz1enk55MzDbR -----END CERTIFICATE REQUEST----- From eb513fbfc3b891f5fba15721cc6338f907fd4932 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 4 Jul 2023 17:29:43 +0100 Subject: [PATCH 0004/1145] Rename helper function dns_name -> server_name --- rustls/tests/api.rs | 64 ++++++++++++++++------------ rustls/tests/client_cert_verifier.rs | 8 ++-- rustls/tests/common/mod.rs | 4 +- 3 files changed, 43 insertions(+), 33 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 789d017e5a..34b423b843 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -749,7 +749,8 @@ fn server_cert_resolve_with_sni() { }); let mut client = - ClientConnection::new(Arc::new(client_config), dns_name("the-value-from-sni")).unwrap(); + ClientConnection::new(Arc::new(client_config), server_name("the-value-from-sni")) + .unwrap(); let mut server = ServerConnection::new(Arc::new(server_config)).unwrap(); let err = do_handshake_until_error(&mut client, &mut server); @@ -770,7 +771,7 @@ fn server_cert_resolve_with_alpn() { }); let mut client = - ClientConnection::new(Arc::new(client_config), dns_name("sni-value")).unwrap(); + ClientConnection::new(Arc::new(client_config), server_name("sni-value")).unwrap(); let mut server = ServerConnection::new(Arc::new(server_config)).unwrap(); let err = do_handshake_until_error(&mut client, &mut server); @@ -790,7 +791,7 @@ fn client_trims_terminating_dot() { }); let mut client = - ClientConnection::new(Arc::new(client_config), dns_name("some-host.com.")).unwrap(); + ClientConnection::new(Arc::new(client_config), server_name("some-host.com.")).unwrap(); let mut server = ServerConnection::new(Arc::new(server_config)).unwrap(); let err = do_handshake_until_error(&mut client, &mut server); @@ -821,7 +822,8 @@ fn check_sigalgs_reduced_by_ciphersuite( ..Default::default() }); - let mut client = ClientConnection::new(Arc::new(client_config), dns_name("localhost")).unwrap(); + let mut client = + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); let mut server = ServerConnection::new(Arc::new(server_config)).unwrap(); let err = do_handshake_until_error(&mut client, &mut server); @@ -881,7 +883,8 @@ fn client_with_sni_disabled_does_not_send_sni() { client_config.enable_sni = false; let mut client = - ClientConnection::new(Arc::new(client_config), dns_name("value-not-sent")).unwrap(); + ClientConnection::new(Arc::new(client_config), server_name("value-not-sent")) + .unwrap(); let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); let err = do_handshake_until_error(&mut client, &mut server); @@ -899,7 +902,7 @@ fn client_checks_server_certificate_with_given_name() { let client_config = make_client_config_with_versions(*kt, &[version]); let mut client = ClientConnection::new( Arc::new(client_config), - dns_name("not-the-right-hostname.com"), + server_name("not-the-right-hostname.com"), ) .unwrap(); let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); @@ -1947,9 +1950,11 @@ fn server_exposes_offered_sni() { let kt = KeyType::Rsa; for version in rustls::ALL_VERSIONS { let client_config = make_client_config_with_versions(kt, &[version]); - let mut client = - ClientConnection::new(Arc::new(client_config), dns_name("second.testserver.com")) - .unwrap(); + let mut client = ClientConnection::new( + Arc::new(client_config), + server_name("second.testserver.com"), + ) + .unwrap(); let mut server = ServerConnection::new(Arc::new(make_server_config(kt))).unwrap(); assert_eq!(None, server.server_name()); @@ -1964,9 +1969,11 @@ fn server_exposes_offered_sni_smashed_to_lowercase() { let kt = KeyType::Rsa; for version in rustls::ALL_VERSIONS { let client_config = make_client_config_with_versions(kt, &[version]); - let mut client = - ClientConnection::new(Arc::new(client_config), dns_name("SECOND.TESTServer.com")) - .unwrap(); + let mut client = ClientConnection::new( + Arc::new(client_config), + server_name("SECOND.TESTServer.com"), + ) + .unwrap(); let mut server = ServerConnection::new(Arc::new(make_server_config(kt))).unwrap(); assert_eq!(None, server.server_name()); @@ -1988,7 +1995,7 @@ fn server_exposes_offered_sni_even_if_resolver_fails() { let client_config = make_client_config_with_versions(kt, &[version]); let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); let mut client = - ClientConnection::new(Arc::new(client_config), dns_name("thisdoesNOTexist.com")) + ClientConnection::new(Arc::new(client_config), server_name("thisdoesNOTexist.com")) .unwrap(); assert_eq!(None, server.server_name()); @@ -2022,13 +2029,16 @@ fn sni_resolver_works() { let mut server1 = ServerConnection::new(Arc::clone(&server_config)).unwrap(); let mut client1 = - ClientConnection::new(Arc::new(make_client_config(kt)), dns_name("localhost")).unwrap(); + ClientConnection::new(Arc::new(make_client_config(kt)), server_name("localhost")).unwrap(); let err = do_handshake_until_error(&mut client1, &mut server1); assert_eq!(err, Ok(())); let mut server2 = ServerConnection::new(Arc::clone(&server_config)).unwrap(); - let mut client2 = - ClientConnection::new(Arc::new(make_client_config(kt)), dns_name("notlocalhost")).unwrap(); + let mut client2 = ClientConnection::new( + Arc::new(make_client_config(kt)), + server_name("notlocalhost"), + ) + .unwrap(); let err = do_handshake_until_error(&mut client2, &mut server2); assert_eq!( err, @@ -2091,7 +2101,7 @@ fn sni_resolver_lower_cases_configured_names() { let mut server1 = ServerConnection::new(Arc::clone(&server_config)).unwrap(); let mut client1 = - ClientConnection::new(Arc::new(make_client_config(kt)), dns_name("localhost")).unwrap(); + ClientConnection::new(Arc::new(make_client_config(kt)), server_name("localhost")).unwrap(); let err = do_handshake_until_error(&mut client1, &mut server1); assert_eq!(err, Ok(())); } @@ -2118,7 +2128,7 @@ fn sni_resolver_lower_cases_queried_names() { let mut server1 = ServerConnection::new(Arc::clone(&server_config)).unwrap(); let mut client1 = - ClientConnection::new(Arc::new(make_client_config(kt)), dns_name("LOCALHOST")).unwrap(); + ClientConnection::new(Arc::new(make_client_config(kt)), server_name("LOCALHOST")).unwrap(); let err = do_handshake_until_error(&mut client1, &mut server1); assert_eq!(err, Ok(())); } @@ -3219,7 +3229,7 @@ mod test_quic { let mut client = quic::ClientConnection::new( Arc::clone(&client_config), quic::Version::V1, - dns_name("localhost"), + server_name("localhost"), client_params.into(), ) .unwrap(); @@ -3267,7 +3277,7 @@ mod test_quic { let mut client = quic::ClientConnection::new( Arc::clone(&client_config), quic::Version::V1, - dns_name("localhost"), + server_name("localhost"), client_params.into(), ) .unwrap(); @@ -3309,7 +3319,7 @@ mod test_quic { let mut client = quic::ClientConnection::new( Arc::new(client_config), quic::Version::V1, - dns_name("localhost"), + server_name("localhost"), client_params.into(), ) .unwrap(); @@ -3342,7 +3352,7 @@ mod test_quic { let mut client = quic::ClientConnection::new( client_config, quic::Version::V1, - dns_name("example.com"), + server_name("example.com"), client_params.into(), ) .unwrap(); @@ -3398,7 +3408,7 @@ mod test_quic { let mut client = quic::ClientConnection::new( client_config, quic::Version::V1, - dns_name("localhost"), + server_name("localhost"), client_params.into(), ) .unwrap(); @@ -3431,7 +3441,7 @@ mod test_quic { assert!(quic::ClientConnection::new( client_config, quic::Version::V1, - dns_name("localhost"), + server_name("localhost"), b"client params".to_vec(), ) .is_err()); @@ -4099,7 +4109,7 @@ fn test_client_mtu_reduction() { let mut client_config = make_client_config(*kt); client_config.max_fragment_size = Some(64); let mut client = - ClientConnection::new(Arc::new(client_config), dns_name("localhost")).unwrap(); + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); let writes = collect_write_lengths(&mut client); println!("writes at mtu=64: {:?}", writes); assert!(writes.iter().all(|x| *x <= 64)); @@ -4154,7 +4164,7 @@ fn test_server_mtu_reduction() { fn check_client_max_fragment_size(size: usize) -> Option { let mut client_config = make_client_config(KeyType::Ed25519); client_config.max_fragment_size = Some(size); - ClientConnection::new(Arc::new(client_config), dns_name("localhost")).err() + ClientConnection::new(Arc::new(client_config), server_name("localhost")).err() } #[test] @@ -4384,7 +4394,7 @@ fn test_acceptor() { use rustls::server::Acceptor; let client_config = Arc::new(make_client_config(KeyType::Ed25519)); - let mut client = ClientConnection::new(client_config, dns_name("localhost")).unwrap(); + let mut client = ClientConnection::new(client_config, server_name("localhost")).unwrap(); let mut buf = Vec::new(); client.write_tls(&mut buf).unwrap(); diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index d7f6de5203..f8f711e0d8 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -5,9 +5,9 @@ mod common; use crate::common::{ - dns_name, do_handshake_until_both_error, do_handshake_until_error, get_client_root_store, + do_handshake_until_both_error, do_handshake_until_error, get_client_root_store, make_client_config_with_versions, make_client_config_with_versions_with_auth, - make_pair_for_arc_configs, ErrorFromPeer, KeyType, ALL_KEY_TYPES, + make_pair_for_arc_configs, server_name, ErrorFromPeer, KeyType, ALL_KEY_TYPES, }; use rustls::client::WebPkiVerifier; use rustls::internal::msgs::handshake::DistinguishedName; @@ -127,7 +127,7 @@ fn client_verifier_no_auth_yes_root() { let client_config = make_client_config_with_versions(*kt, &[version]); let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); let mut client = - ClientConnection::new(Arc::new(client_config), dns_name("localhost")).unwrap(); + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); let errs = do_handshake_until_both_error(&mut client, &mut server); assert_eq!( errs, @@ -164,7 +164,7 @@ fn client_verifier_fails_properly() { let client_config = make_client_config_with_versions_with_auth(*kt, &[version]); let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); let mut client = - ClientConnection::new(Arc::new(client_config), dns_name("localhost")).unwrap(); + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); let err = do_handshake_until_error(&mut client, &mut server); assert_eq!( err, diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 1a9b836dd2..66a6a9fab1 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -423,7 +423,7 @@ pub fn make_pair_for_arc_configs( server_config: &Arc, ) -> (ClientConnection, ServerConnection) { ( - ClientConnection::new(Arc::clone(client_config), dns_name("localhost")).unwrap(), + ClientConnection::new(Arc::clone(client_config), server_name("localhost")).unwrap(), ServerConnection::new(Arc::clone(server_config)).unwrap(), ) } @@ -497,7 +497,7 @@ pub fn do_handshake_until_both_error( } } -pub fn dns_name(name: &'static str) -> rustls::ServerName { +pub fn server_name(name: &'static str) -> rustls::ServerName { name.try_into().unwrap() } From 4d5a3d8965b023f7aa80ae0441843bfe22047a55 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 4 Jul 2023 17:30:04 +0100 Subject: [PATCH 0005/1145] Basic test for IP address names --- rustls/tests/api.rs | 49 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 34b423b843..5632689a06 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -918,6 +918,55 @@ fn client_checks_server_certificate_with_given_name() { } } +#[test] +fn client_checks_server_certificate_with_given_ip_address() { + fn check_server_name( + client_config: Arc, + server_config: Arc, + name: &'static str, + ) -> Result<(), ErrorFromPeer> { + let mut client = ClientConnection::new(client_config, server_name(name)).unwrap(); + let mut server = ServerConnection::new(server_config).unwrap(); + do_handshake_until_error(&mut client, &mut server) + } + + for kt in ALL_KEY_TYPES.iter() { + let server_config = Arc::new(make_server_config(*kt)); + + for version in rustls::ALL_VERSIONS { + let client_config = Arc::new(make_client_config_with_versions(*kt, &[version])); + + // positive ipv4 case + assert_eq!( + check_server_name(client_config.clone(), server_config.clone(), "198.51.100.1"), + Ok(()), + ); + + // negative ipv4 case + assert_eq!( + check_server_name(client_config.clone(), server_config.clone(), "198.51.100.2"), + Err(ErrorFromPeer::Client(Error::InvalidCertificate( + CertificateError::NotValidForName + ))) + ); + + // positive ipv6 case + assert_eq!( + check_server_name(client_config.clone(), server_config.clone(), "2001:db8::1"), + Ok(()), + ); + + // negative ipv6 case + assert_eq!( + check_server_name(client_config.clone(), server_config.clone(), "2001:db8::2"), + Err(ErrorFromPeer::Client(Error::InvalidCertificate( + CertificateError::NotValidForName + ))) + ); + } + } +} + struct ClientCheckCertResolve { query_count: AtomicUsize, expect_queries: usize, From b3a0ce23f9c131d6dc2cf284496cf6c6846c274c Mon Sep 17 00:00:00 2001 From: dAxpeDDa Date: Wed, 5 Jul 2023 14:42:36 +0200 Subject: [PATCH 0006/1145] Take `IntoIterator` in `add_parsable_certificates()` --- README.md | 3 +++ examples/src/bin/tlsclient-mio.rs | 2 +- rustls/examples/internal/bench.rs | 2 +- rustls/src/anchors.rs | 5 ++++- rustls/tests/common/mod.rs | 3 ++- 5 files changed, 11 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index eac03bbe7d..4ec00f50ab 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,9 @@ If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md). ## Release history +* Next release: + - `RootCertStore::add_parsable_certificates` now takes a + `impl IntoIterator>`. * Release 0.21.3 (2023-07-05) - Added `with_crls` function to `AllowAnyAuthenticatedClient` and `AllowAnyAnonymousOrAuthenticatedClient` client certificate verifiers to diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 0e4bc6886e..7f1c47af73 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -377,7 +377,7 @@ fn make_config(args: &Args) -> Arc { let certfile = fs::File::open(cafile).expect("Cannot open CA file"); let mut reader = BufReader::new(certfile); - root_store.add_parsable_certificates(&rustls_pemfile::certs(&mut reader).unwrap()); + root_store.add_parsable_certificates(rustls_pemfile::certs(&mut reader).unwrap()); } else { root_store.add_server_trust_anchors( webpki_roots::TLS_SERVER_ROOTS diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index 357ccecc7b..42cfdf5f2d 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -338,7 +338,7 @@ fn make_client_config( let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(fs::File::open(params.key_type.path_for("ca.cert")).unwrap()); - root_store.add_parsable_certificates(&rustls_pemfile::certs(&mut rootbuf).unwrap()); + root_store.add_parsable_certificates(rustls_pemfile::certs(&mut rootbuf).unwrap()); let cfg = ClientConfig::builder() .with_cipher_suites(&[params.ciphersuite]) diff --git a/rustls/src/anchors.rs b/rustls/src/anchors.rs index 1364a45a63..1d090dc2a0 100644 --- a/rustls/src/anchors.rs +++ b/rustls/src/anchors.rs @@ -124,7 +124,10 @@ impl RootCertStore { /// include ancient or syntactically invalid certificates. /// /// Returns the number of certificates added, and the number that were ignored. - pub fn add_parsable_certificates(&mut self, der_certs: &[impl AsRef<[u8]>]) -> (usize, usize) { + pub fn add_parsable_certificates>( + &mut self, + der_certs: impl IntoIterator, + ) -> (usize, usize) { let mut valid_count = 0; let mut invalid_count = 0; diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 66a6a9fab1..7b36f1f7cd 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -342,7 +342,7 @@ pub fn finish_client_config( ) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); - root_store.add_parsable_certificates(&rustls_pemfile::certs(&mut rootbuf).unwrap()); + root_store.add_parsable_certificates(rustls_pemfile::certs(&mut rootbuf).unwrap()); config .with_root_certificates(root_store) @@ -355,6 +355,7 @@ pub fn finish_client_config_with_creds( ) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); + // Passing a reference here just for testing. root_store.add_parsable_certificates(&rustls_pemfile::certs(&mut rootbuf).unwrap()); config From ad86bcb9fd7f3cb2062f4e2df823cc87238d3909 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 5 Jul 2023 15:02:08 -0400 Subject: [PATCH 0007/1145] ci: add 32bit cross compilation target. This commit adds a CI task that uses `cross` to cross-compile Rustls for the 32bit `i686-unknown-linux-gnu` target. This can be used as a smoke-test that we haven't broken 32bit compat. Unfortunately GitHub doesn't offer 32bit action runners so we have to cross-compile to achieve this test. To install `cross` this commit relies on `install-action`[0]. This is a new 3rd party action for the Rustls repo, but one that was already being used in `webpki` for `llvm-cov` and `cargo deny`. If we'd prefer to avoid that workflow dependency we could instead `cargo install cross` at the cost of having to use nightly rust and longer CI execution time. [0]: https://github.com/taiki-e/install-action --- .github/workflows/build.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3cf09d730b..89a67f86fe 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -218,6 +218,21 @@ jobs: - name: cargo test (debug; all features; -Z minimal-versions) run: cargo -Z minimal-versions test --all-features + cross: + name: Check cross compilation targets + runs-on: ubuntu-20.04 + steps: + - name: Checkout sources + uses: actions/checkout@v3 + with: + persist-credentials: false + + - name: Install rust toolchain + uses: dtolnay/rust-toolchain@stable + - name: Install cross + uses: taiki-e/install-action@cross + - run: cross build --target i686-unknown-linux-gnu + format: name: Format runs-on: ubuntu-latest From 9fbf2e566842665be8efa7752664636191857238 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Jul 2023 04:11:44 +0000 Subject: [PATCH 0008/1145] build(deps): update webpki-roots requirement from 0.23 to 0.24 Updates the requirements on [webpki-roots](https://github.com/rustls/webpki-roots) to permit the latest version. - [Commits](https://github.com/rustls/webpki-roots/compare/v/0.23.1...v/0.24.0) --- updated-dependencies: - dependency-name: webpki-roots dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- examples/Cargo.toml | 2 +- rustls/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 9860989068..3f4f7ddbd5 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -21,7 +21,7 @@ rustls-pemfile = "1.0.3" sct = "0.7" serde = "1.0" serde_derive = "1.0" -webpki-roots = "0.23" +webpki-roots = "0.24" [dev-dependencies] regex = "1.0" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 7c5b73205f..64201ae223 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -34,7 +34,7 @@ read_buf = ["rustversion"] bencher = "0.1.5" env_logger = "0.10" log = "0.4.4" -webpki-roots = "0.23.0" +webpki-roots = "0.24.0" rustls-pemfile = "1.0.3" base64 = "0.21" From 06b44be5d2e1acd5a03e1980e16832499fcf9158 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 6 Jul 2023 11:04:00 +0100 Subject: [PATCH 0009/1145] bump major version --- rustls/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 64201ae223..fe6f939d38 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.21.3" +version = "0.22.0-alpha.0" edition = "2021" rust-version = "1.60" license = "Apache-2.0 OR ISC OR MIT" From 1d659a4689e653ac3f40d9a74d6385f92271d7fd Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 6 Jul 2023 11:08:05 +0100 Subject: [PATCH 0010/1145] Revert "Revert "Remove support for SCT stapling"" This reverts commit 777cc07a4b21a570ffaabbff526d904584fe0a81. --- README.md | 4 +- bogo/config.json | 10 +-- examples/src/bin/tlsclient-mio.rs | 1 - examples/src/bin/tlsserver-mio.rs | 2 +- rustls/Cargo.toml | 1 - rustls/examples/internal/bogo_shim.rs | 39 ++------- rustls/src/client/builder.rs | 93 +------------------- rustls/src/client/common.rs | 23 +---- rustls/src/client/hs.rs | 23 +---- rustls/src/client/tls12.rs | 36 +------- rustls/src/client/tls13.rs | 27 +----- rustls/src/error.rs | 7 -- rustls/src/lib.rs | 9 +- rustls/src/msgs/handshake.rs | 65 +------------- rustls/src/msgs/handshake_test.rs | 17 +--- rustls/src/server/builder.rs | 8 +- rustls/src/server/common.rs | 7 -- rustls/src/server/handy.rs | 4 - rustls/src/server/hs.rs | 19 ----- rustls/src/server/tls12.rs | 16 +--- rustls/src/server/tls13.rs | 24 +----- rustls/src/sign.rs | 6 -- rustls/src/verify.rs | 117 +------------------------- rustls/src/verifybench.rs | 4 +- rustls/tests/server_cert_verifier.rs | 13 +-- 25 files changed, 46 insertions(+), 529 deletions(-) diff --git a/README.md b/README.md index 4ec00f50ab..29cbe28c6f 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,8 @@ If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md). * Next release: - `RootCertStore::add_parsable_certificates` now takes a `impl IntoIterator>`. + - *Breaking change*: remove support for SCT stapling. Ecosystem support for this is rare compared to + inclusion of SCTs in certificates. * Release 0.21.3 (2023-07-05) - Added `with_crls` function to `AllowAnyAuthenticatedClient` and `AllowAnyAnonymousOrAuthenticatedClient` client certificate verifiers to @@ -120,8 +122,6 @@ obsolete cryptography. * Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)). * Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)). * OCSP stapling by servers. -* SCT stapling by servers. -* SCT verification by clients. ## Possible future features diff --git a/bogo/config.json b/bogo/config.json index 4362ac667e..ce0319555d 100644 --- a/bogo/config.json +++ b/bogo/config.json @@ -40,6 +40,11 @@ "EmptyExtensions-ServerHello-TLS12": "", "Server-JDK11*": "workarounds for oracle engineering quality", "Client-RejectJDK11DowngradeRandom": "", + "SendUnsolicitedSCTOnCertificate-TLS13": "SCT stapling not supported", + "SignedCertificateTimestampListEmpty-Client-*": "", + "SignedCertificateTimestampListEmptySCT-Client-*": "", + "SendSCTListOnResume-TLS-TLS12": "", + "IgnoreExtensionsOnIntermediates-TLS13": "assumes SCT support", "CBCRecordSplitting*": "insane ciphersuites", "*CBCPadding*": "", "RSAEphemeralKey": "", @@ -322,7 +327,6 @@ "NegotiatePSKResumption-TLS13": ":PEER_MISBEHAVIOUR:", "PointFormat-Client-MissingUncompressed": ":PEER_MISBEHAVIOUR:", "SendUnsolicitedOCSPOnCertificate-TLS13": ":PEER_MISBEHAVIOUR:", - "SendUnsolicitedSCTOnCertificate-TLS13": ":PEER_MISBEHAVIOUR:", "UnsolicitedServerNameAck-TLS-TLS12": ":PEER_MISBEHAVIOUR:", "UnsolicitedServerNameAck-TLS-TLS13": ":PEER_MISBEHAVIOUR:", "TicketSessionIDLength-33-TLS-TLS12": ":BAD_HANDSHAKE_MSG:", @@ -332,10 +336,6 @@ "Ed25519DefaultDisable-NoAccept": ":PEER_MISBEHAVIOUR:", "SendUnknownExtensionOnCertificate-TLS13": ":PEER_MISBEHAVIOUR:", "SendDuplicateExtensionsOnCerts-TLS13": ":PEER_MISBEHAVIOUR:", - "SignedCertificateTimestampListEmpty-Client-TLS-TLS12": ":PEER_MISBEHAVIOUR:", - "SignedCertificateTimestampListEmpty-Client-TLS-TLS13": ":PEER_MISBEHAVIOUR:", - "SignedCertificateTimestampListEmptySCT-Client-TLS-TLS12": ":PEER_MISBEHAVIOUR:", - "SignedCertificateTimestampListEmptySCT-Client-TLS-TLS13": ":PEER_MISBEHAVIOUR:", "EMS-Forbidden-TLS13": ":PEER_MISBEHAVIOUR:", "Unclean-Shutdown": ":CLOSE_WITHOUT_CLOSE_NOTIFY:", "SendExtensionOnClientCertificate-TLS13": ":PEER_MISBEHAVIOUR:", diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 7f1c47af73..a120c518d3 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -344,7 +344,6 @@ mod danger { _end_entity: &rustls::Certificate, _intermediates: &[rustls::Certificate], _server_name: &rustls::ServerName, - _scts: &mut dyn Iterator, _ocsp: &[u8], _now: std::time::SystemTime, ) -> Result { diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index d0583782ac..50cd9253ef 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -622,7 +622,7 @@ fn make_config(args: &Args) -> Arc { .with_protocol_versions(&versions) .expect("inconsistent cipher-suites/versions specified") .with_client_cert_verifier(client_auth) - .with_single_cert_with_ocsp_and_sct(certs, privkey, ocsp, vec![]) + .with_single_cert_with_ocsp(certs, privkey, ocsp) .expect("bad certificates/private key"); config.key_log = Arc::new(rustls::KeyLogFile::new()); diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index fe6f939d38..98807cc011 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -18,7 +18,6 @@ rustversion = { version = "1.0.6", optional = true } [dependencies] log = { version = "0.4.4", optional = true } ring = "0.16.20" -sct = "0.7.0" webpki = { package = "rustls-webpki", version = "0.101.0", features = ["alloc", "std"] } [features] diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index df8c231a7f..1c81409a7c 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -50,7 +50,6 @@ struct Options { check_close_notify: bool, host_name: String, use_sni: bool, - send_sct: bool, key_file: String, cert_file: String, protocols: Vec, @@ -60,7 +59,6 @@ struct Options { min_version: Option, max_version: Option, server_ocsp_response: Vec, - server_sct_list: Vec, use_signing_scheme: u16, curves: Option>, export_keying_material: usize, @@ -91,7 +89,6 @@ impl Options { resume_with_tickets_disabled: false, host_name: "example.com".to_string(), use_sni: false, - send_sct: false, queue_data: false, queue_data_on_resume: false, only_write_one_byte_after_handshake: false, @@ -109,7 +106,6 @@ impl Options { min_version: None, max_version: None, server_ocsp_response: vec![], - server_sct_list: vec![], use_signing_scheme: 0, curves: None, export_keying_material: 0, @@ -215,9 +211,7 @@ impl server::ClientCertVerifier for DummyClientAuth { } } -struct DummyServerAuth { - send_sct: bool, -} +struct DummyServerAuth {} impl client::ServerCertVerifier for DummyServerAuth { fn verify_server_cert( @@ -225,16 +219,11 @@ impl client::ServerCertVerifier for DummyServerAuth { _end_entity: &Certificate, _certs: &[Certificate], _hostname: &ServerName, - _scts: &mut dyn Iterator, _ocsp: &[u8], _now: SystemTime, ) -> Result { Ok(client::ServerCertVerified::assertion()) } - - fn request_scts(&self) -> bool { - self.send_sct - } } struct FixedSignatureSchemeSigningKey { @@ -418,12 +407,7 @@ fn make_server_cfg(opts: &Options) -> Arc { .with_protocol_versions(&opts.supported_versions()) .unwrap() .with_client_cert_verifier(client_auth) - .with_single_cert_with_ocsp_and_sct( - cert.clone(), - key, - opts.server_ocsp_response.clone(), - opts.server_sct_list.clone(), - ) + .with_single_cert_with_ocsp(cert.clone(), key, opts.server_ocsp_response.clone()) .unwrap(); cfg.session_storage = ServerCacheWithResumptionDelay::new(opts.resumption_delay); @@ -538,9 +522,7 @@ fn make_client_cfg(opts: &Options) -> Arc { .with_kx_groups(&kx_groups) .with_protocol_versions(&opts.supported_versions()) .expect("inconsistent settings") - .with_custom_certificate_verifier(Arc::new(DummyServerAuth { - send_sct: opts.send_sct, - })); + .with_custom_certificate_verifier(Arc::new(DummyServerAuth {})); let mut cfg = if !opts.cert_file.is_empty() && !opts.key_file.is_empty() { let cert = load_cert(&opts.cert_file); @@ -991,6 +973,7 @@ fn main() { "-on-resume-expect-no-offer-early-data" | "-key-update" | //< we could implement an API for this "-expect-tls13-downgrade" | + "-enable-signed-cert-timestamps" | "-expect-session-id" => { println!("not checking {}; NYI", arg); } @@ -1020,16 +1003,6 @@ fn main() { opts.server_ocsp_response = BASE64_STANDARD.decode(args.remove(0).as_bytes()) .expect("invalid base64"); } - "-signed-cert-timestamps" => { - opts.server_sct_list = BASE64_STANDARD.decode(args.remove(0).as_bytes()) - .expect("invalid base64"); - - if opts.server_sct_list.len() == 2 && - opts.server_sct_list[0] == 0x00 && - opts.server_sct_list[1] == 0x00 { - quit(":INVALID_SCT_LIST:"); - } - } "-select-alpn" => { opts.protocols.push(args.remove(0)); } @@ -1065,9 +1038,6 @@ fn main() { "-use-null-client-ca-list" => { opts.offer_no_client_cas = true; } - "-enable-signed-cert-timestamps" => { - opts.send_sct = true; - } "-enable-early-data" => { opts.tickets = false; opts.enable_early_data = true; @@ -1200,6 +1170,7 @@ fn main() { "-wpa-202304" | "-srtp-profiles" | "-permute-extensions" | + "-signed-cert-timestamps" | "-on-initial-expect-peer-cert-file" => { println!("NYI option {:?}", arg); process::exit(BOGO_NACK); diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 63bcd4ffc0..7306e49200 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -4,27 +4,26 @@ use crate::error::Error; use crate::key_log::NoKeyLog; use crate::kx::SupportedKxGroup; use crate::suites::SupportedCipherSuite; -use crate::verify::{self, CertificateTransparencyPolicy}; +use crate::verify; use crate::{anchors, key, versions}; use super::client_conn::Resumption; use std::marker::PhantomData; use std::sync::Arc; -use std::time::SystemTime; impl ConfigBuilder { /// Choose how to verify server certificates. pub fn with_root_certificates( self, root_store: anchors::RootCertStore, - ) -> ConfigBuilder { + ) -> ConfigBuilder { ConfigBuilder { - state: WantsTransparencyPolicyOrClientCert { + state: WantsClientCert { cipher_suites: self.state.cipher_suites, kx_groups: self.state.kx_groups, versions: self.state.versions, - root_store, + verifier: Arc::new(verify::WebPkiVerifier::new(root_store)), }, side: PhantomData, } @@ -48,90 +47,6 @@ impl ConfigBuilder { } } -/// A config builder state where the caller needs to supply a certificate transparency policy or -/// client certificate resolver. -/// -/// In this state, the caller can optionally enable certificate transparency, or ignore CT and -/// invoke one of the methods related to client certificates (as in the [`WantsClientCert`] state). -/// -/// For more information, see the [`ConfigBuilder`] documentation. -#[derive(Clone, Debug)] -pub struct WantsTransparencyPolicyOrClientCert { - cipher_suites: Vec, - kx_groups: Vec<&'static SupportedKxGroup>, - versions: versions::EnabledVersions, - root_store: anchors::RootCertStore, -} - -impl ConfigBuilder { - /// Set Certificate Transparency logs to use for server certificate validation. - /// - /// Because Certificate Transparency logs are sharded on a per-year basis and can be trusted or - /// distrusted relatively quickly, rustls stores a validation deadline. Server certificates will - /// be validated against the configured CT logs until the deadline expires. After the deadline, - /// certificates will no longer be validated, and a warning message will be logged. The deadline - /// may vary depending on how often you deploy builds with updated dependencies. - pub fn with_certificate_transparency_logs( - self, - logs: &'static [&'static sct::Log], - validation_deadline: SystemTime, - ) -> ConfigBuilder { - self.with_logs(Some(CertificateTransparencyPolicy::new( - logs, - validation_deadline, - ))) - } - - /// Sets a single certificate chain and matching private key for use - /// in client authentication. - /// - /// `cert_chain` is a vector of DER-encoded certificates. - /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key. - /// - /// This function fails if `key_der` is invalid. - pub fn with_single_cert( - self, - cert_chain: Vec, - key_der: key::PrivateKey, - ) -> Result { - self.with_logs(None) - .with_single_cert(cert_chain, key_der) - } - - /// Do not support client auth. - pub fn with_no_client_auth(self) -> ClientConfig { - self.with_logs(None) - .with_client_cert_resolver(Arc::new(handy::FailResolveClientCert {})) - } - - /// Sets a custom [`ResolvesClientCert`]. - pub fn with_client_cert_resolver( - self, - client_auth_cert_resolver: Arc, - ) -> ClientConfig { - self.with_logs(None) - .with_client_cert_resolver(client_auth_cert_resolver) - } - - fn with_logs( - self, - ct_policy: Option, - ) -> ConfigBuilder { - ConfigBuilder { - state: WantsClientCert { - cipher_suites: self.state.cipher_suites, - kx_groups: self.state.kx_groups, - versions: self.state.versions, - verifier: Arc::new(verify::WebPkiVerifier::new( - self.state.root_store, - ct_policy, - )), - }, - side: PhantomData, - } - } -} - /// A config builder state where the caller needs to supply whether and how to provide a client /// certificate. /// diff --git a/rustls/src/client/common.rs b/rustls/src/client/common.rs index 3816e40f42..482b7be40a 100644 --- a/rustls/src/client/common.rs +++ b/rustls/src/client/common.rs @@ -2,8 +2,8 @@ use super::ResolvesClientCert; #[cfg(feature = "logging")] use crate::log::{debug, trace}; use crate::msgs::enums::ExtensionType; +use crate::msgs::handshake::ServerExtension; use crate::msgs::handshake::{CertificatePayload, DistinguishedName}; -use crate::msgs::handshake::{Sct, ServerExtension}; use crate::{sign, SignatureScheme}; use std::sync::Arc; @@ -12,29 +12,15 @@ use std::sync::Arc; pub(super) struct ServerCertDetails { pub(super) cert_chain: CertificatePayload, pub(super) ocsp_response: Vec, - pub(super) scts: Option>, } impl ServerCertDetails { - pub(super) fn new( - cert_chain: CertificatePayload, - ocsp_response: Vec, - scts: Option>, - ) -> Self { + pub(super) fn new(cert_chain: CertificatePayload, ocsp_response: Vec) -> Self { Self { cert_chain, ocsp_response, - scts, } } - - pub(super) fn scts(&self) -> impl Iterator { - self.scts - .as_deref() - .unwrap_or(&[]) - .iter() - .map(|payload| payload.as_ref()) - } } pub(super) struct ClientHelloDetails { @@ -48,11 +34,6 @@ impl ClientHelloDetails { } } - pub(super) fn server_may_send_sct_list(&self) -> bool { - self.sent_extensions - .contains(&ExtensionType::SCT) - } - pub(super) fn server_sent_unsolicited_extensions( &self, received_exts: &[ServerExtension], diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 5cfbf22d21..3181b91496 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -13,7 +13,7 @@ use crate::msgs::base::Payload; use crate::msgs::enums::{Compression, ExtensionType}; use crate::msgs::enums::{ECPointFormat, PSKKeyExchangeMode}; use crate::msgs::handshake::ConvertProtocolNameList; -use crate::msgs::handshake::{CertificateStatusRequest, ClientSessionTicket, Sct}; +use crate::msgs::handshake::{CertificateStatusRequest, ClientSessionTicket}; use crate::msgs::handshake::{ClientExtension, HasServerExtensions}; use crate::msgs::handshake::{ClientHelloPayload, HandshakeMessagePayload, HandshakePayload}; use crate::msgs::handshake::{HelloRetryRequest, KeyShareEntry}; @@ -141,13 +141,11 @@ pub(super) fn start_handshake( None => SessionId::random()?, }; - let may_send_sct_list = config.verifier.request_scts(); Ok(emit_client_hello_for_retry( transcript_buffer, None, key_share, extra_exts, - may_send_sct_list, None, ClientHelloInput { config, @@ -194,7 +192,6 @@ fn emit_client_hello_for_retry( retryreq: Option<&HelloRetryRequest>, key_share: Option, extra_exts: Vec, - may_send_sct_list: bool, suite: Option, mut input: ClientHelloInput, cx: &mut ClientContext<'_>, @@ -238,10 +235,6 @@ fn emit_client_hello_for_retry( exts.push(ClientExtension::make_sni(sni_name)); } - if may_send_sct_list { - exts.push(ClientExtension::SignedCertificateTimestampRequest); - } - if let Some(key_share) = &key_share { debug_assert!(support_tls13); let key_share = KeyShareEntry::new(key_share.group(), key_share.pubkey.as_ref()); @@ -479,13 +472,6 @@ pub(super) fn process_alpn_protocol( Ok(()) } -pub(super) fn sct_list_is_invalid(scts: &[Sct]) -> bool { - scts.is_empty() - || scts - .iter() - .any(|sct| sct.as_ref().is_empty()) -} - impl State for ExpectServerHello { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> NextStateOrError { let server_hello = @@ -800,12 +786,6 @@ impl ExpectServerHelloOrHelloRetryRequest { cx.data.early_data.rejected(); } - let may_send_sct_list = self - .next - .input - .hello - .server_may_send_sct_list(); - let key_share = match req_group { Some(group) if group != offered_key_share.group() => { let group = kx::KeyExchange::choose(group, &config.kx_groups).ok_or_else(|| { @@ -824,7 +804,6 @@ impl ExpectServerHelloOrHelloRetryRequest { Some(hrr), Some(key_share), self.extra_exts, - may_send_sct_list, Some(cs), self.next.input, cx, diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 700bb4acd5..113b64fb51 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -12,7 +12,7 @@ use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::codec::Codec; use crate::msgs::handshake::{ - CertificatePayload, HandshakeMessagePayload, HandshakePayload, NewSessionTicketPayload, Sct, + CertificatePayload, HandshakeMessagePayload, HandshakePayload, NewSessionTicketPayload, ServerECDHParams, SessionId, }; use crate::msgs::message::{Message, MessagePayload}; @@ -102,18 +102,6 @@ mod server_hello { debug!("Server may staple OCSP response"); } - // Save any sent SCTs for verification against the certificate. - let server_cert_sct_list = if let Some(sct_list) = server_hello.get_sct_list() { - debug!("Server sent {:?} SCTs", sct_list.len()); - - if hs::sct_list_is_invalid(sct_list) { - return Err(PeerMisbehaved::InvalidSctList.into()); - } - Some(sct_list.to_owned()) - } else { - None - }; - // See if we're successfully resuming. if let Some(ref resuming) = self.resuming_session { if resuming.session_id == server_hello.session_id { @@ -187,7 +175,6 @@ mod server_hello { suite, may_send_cert_status, must_issue_new_ticket, - server_cert_sct_list, })) } } @@ -204,7 +191,6 @@ struct ExpectCertificate { pub(super) suite: &'static Tls12CipherSuite, may_send_cert_status: bool, must_issue_new_ticket: bool, - server_cert_sct_list: Option>, } impl State for ExpectCertificate { @@ -230,13 +216,11 @@ impl State for ExpectCertificate { using_ems: self.using_ems, transcript: self.transcript, suite: self.suite, - server_cert_sct_list: self.server_cert_sct_list, server_cert_chain, must_issue_new_ticket: self.must_issue_new_ticket, })) } else { - let server_cert = - ServerCertDetails::new(server_cert_chain, vec![], self.server_cert_sct_list); + let server_cert = ServerCertDetails::new(server_cert_chain, vec![]); Ok(Box::new(ExpectServerKx { config: self.config, @@ -263,7 +247,6 @@ struct ExpectCertificateStatusOrServerKx { using_ems: bool, transcript: HandshakeHash, suite: &'static Tls12CipherSuite, - server_cert_sct_list: Option>, server_cert_chain: CertificatePayload, must_issue_new_ticket: bool, } @@ -287,11 +270,7 @@ impl State for ExpectCertificateStatusOrServerKx { using_ems: self.using_ems, transcript: self.transcript, suite: self.suite, - server_cert: ServerCertDetails::new( - self.server_cert_chain, - vec![], - self.server_cert_sct_list, - ), + server_cert: ServerCertDetails::new(self.server_cert_chain, vec![]), must_issue_new_ticket: self.must_issue_new_ticket, }) .handle(cx, m), @@ -311,7 +290,6 @@ impl State for ExpectCertificateStatusOrServerKx { using_ems: self.using_ems, transcript: self.transcript, suite: self.suite, - server_cert_sct_list: self.server_cert_sct_list, server_cert_chain: self.server_cert_chain, must_issue_new_ticket: self.must_issue_new_ticket, }) @@ -337,7 +315,6 @@ struct ExpectCertificateStatus { using_ems: bool, transcript: HandshakeHash, suite: &'static Tls12CipherSuite, - server_cert_sct_list: Option>, server_cert_chain: CertificatePayload, must_issue_new_ticket: bool, } @@ -361,11 +338,7 @@ impl State for ExpectCertificateStatus { &server_cert_ocsp_response ); - let server_cert = ServerCertDetails::new( - self.server_cert_chain, - server_cert_ocsp_response, - self.server_cert_sct_list, - ); + let server_cert = ServerCertDetails::new(self.server_cert_chain, server_cert_ocsp_response); Ok(Box::new(ExpectServerKx { config: self.config, @@ -741,7 +714,6 @@ impl State for ExpectServerDone { end_entity, intermediates, &st.server_name, - &mut st.server_cert.scts(), &st.server_cert.ocsp_response, now, ) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 7b39770b18..6fa0ec6da2 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -448,7 +448,6 @@ impl State for ExpectEncryptedExtensions { suite: self.suite, transcript: self.transcript, key_schedule: self.key_schedule, - may_send_sct_list: self.hello.server_may_send_sct_list(), })) } } @@ -461,7 +460,6 @@ struct ExpectCertificateOrCertReq { suite: &'static Tls13CipherSuite, transcript: HandshakeHash, key_schedule: KeyScheduleHandshake, - may_send_sct_list: bool, } impl State for ExpectCertificateOrCertReq { @@ -481,7 +479,6 @@ impl State for ExpectCertificateOrCertReq { suite: self.suite, transcript: self.transcript, key_schedule: self.key_schedule, - may_send_sct_list: self.may_send_sct_list, client_auth: None, }) .handle(cx, m), @@ -499,7 +496,6 @@ impl State for ExpectCertificateOrCertReq { suite: self.suite, transcript: self.transcript, key_schedule: self.key_schedule, - may_send_sct_list: self.may_send_sct_list, }) .handle(cx, m), payload => Err(inappropriate_handshake_message( @@ -524,7 +520,6 @@ struct ExpectCertificateRequest { suite: &'static Tls13CipherSuite, transcript: HandshakeHash, key_schedule: KeyScheduleHandshake, - may_send_sct_list: bool, } impl State for ExpectCertificateRequest { @@ -582,7 +577,6 @@ impl State for ExpectCertificateRequest { suite: self.suite, transcript: self.transcript, key_schedule: self.key_schedule, - may_send_sct_list: self.may_send_sct_list, client_auth: Some(client_auth), })) } @@ -595,7 +589,6 @@ struct ExpectCertificate { suite: &'static Tls13CipherSuite, transcript: HandshakeHash, key_schedule: KeyScheduleHandshake, - may_send_sct_list: bool, client_auth: Option, } @@ -625,23 +618,8 @@ impl State for ExpectCertificate { )); } - let server_cert = ServerCertDetails::new( - cert_chain.convert(), - cert_chain.get_end_entity_ocsp(), - cert_chain - .get_end_entity_scts() - .map(|scts| scts.to_vec()), - ); - - if let Some(sct_list) = server_cert.scts.as_ref() { - if hs::sct_list_is_invalid(sct_list) { - return Err(PeerMisbehaved::InvalidSctList.into()); - } - - if !self.may_send_sct_list { - return Err(PeerMisbehaved::UnsolicitedSctList.into()); - } - } + let server_cert = + ServerCertDetails::new(cert_chain.convert(), cert_chain.get_end_entity_ocsp()); Ok(Box::new(ExpectCertificateVerify { config: self.config, @@ -692,7 +670,6 @@ impl State for ExpectCertificateVerify { end_entity, intermediates, &self.server_name, - &mut self.server_cert.scts(), &self.server_cert.ocsp_response, now, ) diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 1ff2c6922c..9cd5a08801 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -66,9 +66,6 @@ pub enum Error { /// implementation. InvalidCertificate(CertificateError), - /// The presented SCT(s) were invalid. - InvalidSct(sct::Error), - /// A provided certificate revocation list (CRL) was invalid. InvalidCertRevocationList(CertRevocationListError), @@ -188,7 +185,6 @@ pub enum PeerMisbehaved { IncorrectBinder, InvalidMaxEarlyDataSize, InvalidKeyShare, - InvalidSctList, KeyEpochWithPendingFragment, KeyUpdateReceivedInQuicConnection, MessageInterleavedWithHandshakeMessage, @@ -525,7 +521,6 @@ impl fmt::Display for Error { Self::PeerSentOversizedRecord => write!(f, "peer sent excess record size"), Self::HandshakeNotComplete => write!(f, "handshake not complete"), Self::NoApplicationProtocol => write!(f, "peer doesn't support any known protocol"), - Self::InvalidSct(ref err) => write!(f, "invalid certificate timestamp: {:?}", err), Self::FailedToGetCurrentTime => write!(f, "failed to get current time"), Self::FailedToGetRandomBytes => write!(f, "failed to get random bytes"), Self::BadMaxFragmentSize => { @@ -653,7 +648,6 @@ mod tests { #[test] fn smoke() { use crate::enums::{AlertDescription, ContentType, HandshakeType}; - use sct; let all = vec![ Error::InappropriateMessage { @@ -671,7 +665,6 @@ mod tests { super::PeerMisbehaved::UnsolicitedCertExtension.into(), Error::AlertReceived(AlertDescription::ExportRestriction), super::CertificateError::Expired.into(), - Error::InvalidSct(sct::Error::MalformedSct), Error::General("undocumented error".to_string()), Error::FailedToGetCurrentTime, Error::FailedToGetRandomBytes, diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index dd7f111935..01f355465c 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -25,8 +25,6 @@ //! * Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)). //! * Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)). //! * OCSP stapling by servers. -//! * SCT stapling by servers. -//! * SCT verification by clients. //! //! ## Possible future features //! @@ -417,7 +415,7 @@ pub mod client { mod tls13; pub use crate::dns_name::InvalidDnsNameError; - pub use builder::{WantsClientCert, WantsTransparencyPolicyOrClientCert}; + pub use builder::WantsClientCert; pub use client_conn::{ ClientConfig, ClientConnection, ClientConnectionData, ClientSessionStore, ResolvesClientCert, Resumption, ServerName, Tls12Resumption, WriteEarlyData, @@ -426,9 +424,8 @@ pub mod client { #[cfg(feature = "dangerous_configuration")] pub use crate::verify::{ - verify_server_cert_signed_by_trust_anchor, verify_server_name, - CertificateTransparencyPolicy, HandshakeSignatureValid, ServerCertVerified, - ServerCertVerifier, WebPkiVerifier, + verify_server_cert_signed_by_trust_anchor, verify_server_name, HandshakeSignatureValid, + ServerCertVerified, ServerCertVerifier, WebPkiVerifier, }; #[cfg(feature = "dangerous_configuration")] pub use client_conn::danger::DangerousClientConfig; diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index f8be007ed5..a019154939 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -516,15 +516,6 @@ impl CertificateStatusRequest { } } -// --- -// SCTs - -wrapped_payload!(Sct, PayloadU16,); - -impl TlsListElement for Sct { - const SIZE_LEN: ListLength = ListLength::U16; -} - // --- impl TlsListElement for PSKKeyExchangeMode { @@ -554,7 +545,6 @@ pub enum ClientExtension { Cookie(PayloadU16), ExtendedMasterSecretRequest, CertificateStatusRequest(CertificateStatusRequest), - SignedCertificateTimestampRequest, TransportParameters(Vec), TransportParametersDraft(Vec), EarlyData, @@ -577,7 +567,6 @@ impl ClientExtension { Self::Cookie(_) => ExtensionType::Cookie, Self::ExtendedMasterSecretRequest => ExtensionType::ExtendedMasterSecret, Self::CertificateStatusRequest(_) => ExtensionType::StatusRequest, - Self::SignedCertificateTimestampRequest => ExtensionType::SCT, Self::TransportParameters(_) => ExtensionType::TransportParameters, Self::TransportParametersDraft(_) => ExtensionType::TransportParametersDraft, Self::EarlyData => ExtensionType::EarlyData, @@ -598,7 +587,6 @@ impl Codec for ClientExtension { Self::ServerName(ref r) => r.encode(&mut sub), Self::SessionTicket(ClientSessionTicket::Request) | Self::ExtendedMasterSecretRequest - | Self::SignedCertificateTimestampRequest | Self::EarlyData => {} Self::SessionTicket(ClientSessionTicket::Offer(ref r)) => r.encode(&mut sub), Self::Protocols(ref r) => r.encode(&mut sub), @@ -649,7 +637,6 @@ impl Codec for ClientExtension { let csr = CertificateStatusRequest::read(&mut sub)?; Self::CertificateStatusRequest(csr) } - ExtensionType::SCT if !sub.any_left() => Self::SignedCertificateTimestampRequest, ExtensionType::TransportParameters => Self::TransportParameters(sub.rest().to_vec()), ExtensionType::TransportParametersDraft => { Self::TransportParametersDraft(sub.rest().to_vec()) @@ -707,7 +694,6 @@ pub enum ServerExtension { PresharedKey(u16), ExtendedMasterSecretAck, CertificateStatusAck, - SignedCertificateTimestamp(Vec), SupportedVersions(ProtocolVersion), TransportParameters(Vec), TransportParametersDraft(Vec), @@ -727,7 +713,6 @@ impl ServerExtension { Self::PresharedKey(_) => ExtensionType::PreSharedKey, Self::ExtendedMasterSecretAck => ExtensionType::ExtendedMasterSecret, Self::CertificateStatusAck => ExtensionType::StatusRequest, - Self::SignedCertificateTimestamp(_) => ExtensionType::SCT, Self::SupportedVersions(_) => ExtensionType::SupportedVersions, Self::TransportParameters(_) => ExtensionType::TransportParameters, Self::TransportParametersDraft(_) => ExtensionType::TransportParametersDraft, @@ -753,7 +738,6 @@ impl Codec for ServerExtension { Self::Protocols(ref r) => r.encode(&mut sub), Self::KeyShare(ref r) => r.encode(&mut sub), Self::PresharedKey(r) => r.encode(&mut sub), - Self::SignedCertificateTimestamp(ref r) => r.encode(&mut sub), Self::SupportedVersions(ref r) => r.encode(&mut sub), Self::TransportParameters(ref r) | Self::TransportParametersDraft(ref r) => { sub.extend_from_slice(r); @@ -780,7 +764,6 @@ impl Codec for ServerExtension { ExtensionType::KeyShare => Self::KeyShare(KeyShareEntry::read(&mut sub)?), ExtensionType::PreSharedKey => Self::PresharedKey(u16::read(&mut sub)?), ExtensionType::ExtendedMasterSecret => Self::ExtendedMasterSecretAck, - ExtensionType::SCT => Self::SignedCertificateTimestamp(Vec::read(&mut sub)?), ExtensionType::SupportedVersions => { Self::SupportedVersions(ProtocolVersion::read(&mut sub)?) } @@ -806,11 +789,6 @@ impl ServerExtension { let empty = Vec::new(); Self::RenegotiationInfo(PayloadU8::new(empty)) } - - pub fn make_sct(sctl: Vec) -> Self { - let scts = Vec::read_bytes(&sctl).expect("invalid SCT list"); - Self::SignedCertificateTimestamp(scts) - } } #[derive(Debug)] @@ -1264,14 +1242,6 @@ impl ServerHelloPayload { .is_some() } - pub fn get_sct_list(&self) -> Option<&[Sct]> { - let ext = self.find_extension(ExtensionType::SCT)?; - match *ext { - ServerExtension::SignedCertificateTimestamp(ref sctl) => Some(sctl), - _ => None, - } - } - pub fn get_supported_versions(&self) -> Option { let ext = self.find_extension(ExtensionType::SupportedVersions)?; match *ext { @@ -1294,7 +1264,6 @@ impl TlsListElement for key::Certificate { #[derive(Debug)] pub enum CertificateExtension { CertificateStatus(CertificateStatus), - SignedCertificateTimestamp(Vec), Unknown(UnknownExtension), } @@ -1302,29 +1271,16 @@ impl CertificateExtension { pub fn get_type(&self) -> ExtensionType { match *self { Self::CertificateStatus(_) => ExtensionType::StatusRequest, - Self::SignedCertificateTimestamp(_) => ExtensionType::SCT, Self::Unknown(ref r) => r.typ, } } - pub fn make_sct(sct_list: Vec) -> Self { - let sctl = Vec::read_bytes(&sct_list).expect("invalid SCT list"); - Self::SignedCertificateTimestamp(sctl) - } - pub fn get_cert_status(&self) -> Option<&Vec> { match *self { Self::CertificateStatus(ref cs) => Some(&cs.ocsp_response.0), _ => None, } } - - pub fn get_sct_list(&self) -> Option<&[Sct]> { - match *self { - Self::SignedCertificateTimestamp(ref sctl) => Some(sctl), - _ => None, - } - } } impl Codec for CertificateExtension { @@ -1334,7 +1290,6 @@ impl Codec for CertificateExtension { let mut sub: Vec = Vec::new(); match *self { Self::CertificateStatus(ref r) => r.encode(&mut sub), - Self::SignedCertificateTimestamp(ref r) => r.encode(&mut sub), Self::Unknown(ref r) => r.encode(&mut sub), } @@ -1352,7 +1307,6 @@ impl Codec for CertificateExtension { let st = CertificateStatus::read(&mut sub)?; Self::CertificateStatus(st) } - ExtensionType::SCT => Self::SignedCertificateTimestamp(Vec::read(&mut sub)?), _ => Self::Unknown(UnknownExtension::read(typ, &mut sub)), }; @@ -1409,9 +1363,9 @@ impl CertificateEntry { } pub fn has_unknown_extension(&self) -> bool { - self.exts.iter().any(|ext| { - ext.get_type() != ExtensionType::StatusRequest && ext.get_type() != ExtensionType::SCT - }) + self.exts + .iter() + .any(|ext| ext.get_type() != ExtensionType::StatusRequest) } pub fn get_ocsp_response(&self) -> Option<&Vec> { @@ -1420,13 +1374,6 @@ impl CertificateEntry { .find(|ext| ext.get_type() == ExtensionType::StatusRequest) .and_then(CertificateExtension::get_cert_status) } - - pub fn get_scts(&self) -> Option<&[Sct]> { - self.exts - .iter() - .find(|ext| ext.get_type() == ExtensionType::SCT) - .and_then(CertificateExtension::get_sct_list) - } } impl TlsListElement for CertificateEntry { @@ -1499,12 +1446,6 @@ impl CertificatePayloadTLS13 { .unwrap_or_default() } - pub fn get_end_entity_scts(&self) -> Option<&[Sct]> { - self.entries - .first() - .and_then(CertificateEntry::get_scts) - } - pub fn convert(&self) -> CertificatePayload { let mut ret = Vec::new(); for entry in &self.entries { diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index ee96055723..c7111641ac 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -15,7 +15,7 @@ use crate::msgs::handshake::{ ECParameters, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, HelloRetryExtension, HelloRetryRequest, KeyShareEntry, NewSessionTicketExtension, NewSessionTicketPayload, NewSessionTicketPayloadTLS13, PresharedKeyBinder, - PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, Sct, ServerECDHParams, + PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, ServerECDHParams, ServerExtension, ServerHelloPayload, ServerKeyExchangePayload, SessionId, UnknownExtension, }; use crate::verify::DigitallySignedStruct; @@ -131,7 +131,7 @@ fn refuses_server_ext_with_unparsed_bytes() { #[test] fn refuses_certificate_ext_with_unparsed_bytes() { - let bytes = [0x00u8, 0x12, 0x00, 0x03, 0x00, 0x00, 0x01]; + let bytes = [0x00u8, 0x05, 0x00, 0x03, 0x00, 0x00, 0x01]; let mut rd = Reader::init(&bytes); assert!(CertificateExtension::read(&mut rd).is_err()); } @@ -385,7 +385,6 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload { ClientExtension::Cookie(PayloadU16(vec![1, 2, 3])), ClientExtension::ExtendedMasterSecretRequest, ClientExtension::CertificateStatusRequest(CertificateStatusRequest::build_ocsp()), - ClientExtension::SignedCertificateTimestampRequest, ClientExtension::TransportParameters(vec![1, 2, 3]), ClientExtension::Unknown(UnknownExtension { typ: ExtensionType::Unknown(12345), @@ -704,11 +703,6 @@ fn server_get_ecpoints_extension() { }); } -#[test] -fn server_get_sct_list() { - test_server_extension_getter(ExtensionType::SCT, |shp| shp.get_sct_list().is_some()); -} - #[test] fn server_get_supported_versions() { test_server_extension_getter(ExtensionType::SupportedVersions, |shp| { @@ -742,11 +736,6 @@ fn certentry_get_ocsp_response() { }); } -#[test] -fn certentry_get_scts() { - test_cert_extension_getter(ExtensionType::SCT, |ce| ce.get_scts().is_some()); -} - fn get_sample_serverhellopayload() -> ServerHelloPayload { ServerHelloPayload { legacy_version: ProtocolVersion::TLSv1_2, @@ -764,7 +753,6 @@ fn get_sample_serverhellopayload() -> ServerHelloPayload { ServerExtension::PresharedKey(3), ServerExtension::ExtendedMasterSecretAck, ServerExtension::CertificateStatusAck, - ServerExtension::SignedCertificateTimestamp(vec![Sct::from(vec![0])]), ServerExtension::SupportedVersions(ProtocolVersion::TLSv1_2), ServerExtension::TransportParameters(vec![1, 2, 3]), ServerExtension::Unknown(UnknownExtension { @@ -811,7 +799,6 @@ fn get_sample_certificatepayloadtls13() -> CertificatePayloadTLS13 { CertificateExtension::CertificateStatus(CertificateStatus { ocsp_response: PayloadU24(vec![1, 2, 3]), }), - CertificateExtension::SignedCertificateTimestamp(vec![Sct::from(vec![0])]), CertificateExtension::Unknown(UnknownExtension { typ: ExtensionType::Unknown(12345), payload: Payload(vec![1, 2, 3]), diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 56e636fd0e..d499f4a557 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -77,19 +77,15 @@ impl ConfigBuilder { /// `cert_chain` is a vector of DER-encoded certificates. /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key. /// `ocsp` is a DER-encoded OCSP response. Ignored if zero length. - /// `scts` is an `SignedCertificateTimestampList` encoding (see RFC6962) - /// and is ignored if empty. /// /// This function fails if `key_der` is invalid. - pub fn with_single_cert_with_ocsp_and_sct( + pub fn with_single_cert_with_ocsp( self, cert_chain: Vec, key_der: key::PrivateKey, ocsp: Vec, - scts: Vec, ) -> Result { - let resolver = - handy::AlwaysResolvesChain::new_with_extras(cert_chain, &key_der, ocsp, scts)?; + let resolver = handy::AlwaysResolvesChain::new_with_extras(cert_chain, &key_der, ocsp)?; Ok(self.with_cert_resolver(Arc::new(resolver))) } diff --git a/rustls/src/server/common.rs b/rustls/src/server/common.rs index 2e3420c2f5..65ffee4af3 100644 --- a/rustls/src/server/common.rs +++ b/rustls/src/server/common.rs @@ -5,7 +5,6 @@ use crate::{key, sign}; pub(super) struct ActiveCertifiedKey<'a> { key: &'a sign::CertifiedKey, ocsp: Option<&'a [u8]>, - sct_list: Option<&'a [u8]>, } impl<'a> ActiveCertifiedKey<'a> { @@ -13,7 +12,6 @@ impl<'a> ActiveCertifiedKey<'a> { ActiveCertifiedKey { key, ocsp: key.ocsp.as_deref(), - sct_list: key.sct_list.as_deref(), } } @@ -33,9 +31,4 @@ impl<'a> ActiveCertifiedKey<'a> { pub(super) fn get_ocsp(&self) -> Option<&[u8]> { self.ocsp } - - #[inline] - pub(super) fn get_sct_list(&self) -> Option<&[u8]> { - self.sct_list - } } diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 5fcaaaebf5..df7d109d81 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -112,7 +112,6 @@ impl AlwaysResolvesChain { chain: Vec, priv_key: &key::PrivateKey, ocsp: Vec, - scts: Vec, ) -> Result { let mut r = Self::new(chain, priv_key)?; @@ -121,9 +120,6 @@ impl AlwaysResolvesChain { if !ocsp.is_empty() { cert.ocsp = Some(ocsp); } - if !scts.is_empty() { - cert.sct_list = Some(scts); - } } Ok(r) diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 8d3077458d..6d5afd2084 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -67,7 +67,6 @@ impl ExtensionProcessing { config: &ServerConfig, cx: &mut ServerContext<'_>, ocsp_response: &mut Option<&[u8]>, - sct_list: &mut Option<&[u8]>, hello: &ClientHelloPayload, resumedata: Option<&persist::ServerSessionValue>, extra_exts: Vec, @@ -156,24 +155,6 @@ impl ExtensionProcessing { ocsp_response.take(); } - if !for_resume - && hello - .find_extension(ExtensionType::SCT) - .is_some() - { - if !cx.common.is_tls13() { - // Take the SCT list, if any, so we don't send it later, - // and put it in the legacy extension. - if let Some(sct_list) = sct_list.take() { - self.exts - .push(ServerExtension::make_sct(sct_list.to_vec())); - } - } - } else { - // Throw away any SCT list so we don't send it later. - sct_list.take(); - } - self.exts.extend(extra_exts); Ok(()) diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index b55b961272..b0f01e38e4 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -193,8 +193,7 @@ mod client_hello { debug_assert_eq!(ecpoint, ECPointFormat::Uncompressed); - let (mut ocsp_response, mut sct_list) = - (server_key.get_ocsp(), server_key.get_sct_list()); + let mut ocsp_response = server_key.get_ocsp(); // If we're not offered a ticket or a potential session ID, allocate a session ID. if !self.config.session_storage.can_cache() { @@ -211,7 +210,6 @@ mod client_hello { self.suite, self.using_ems, &mut ocsp_response, - &mut sct_list, client_hello, None, &self.randoms, @@ -283,7 +281,6 @@ mod client_hello { self.suite, self.using_ems, &mut None, - &mut None, client_hello, Some(&resumedata), &self.randoms, @@ -339,22 +336,13 @@ mod client_hello { suite: &'static Tls12CipherSuite, using_ems: bool, ocsp_response: &mut Option<&[u8]>, - sct_list: &mut Option<&[u8]>, hello: &ClientHelloPayload, resumedata: Option<&persist::ServerSessionValue>, randoms: &ConnectionRandoms, extra_exts: Vec, ) -> Result { let mut ep = hs::ExtensionProcessing::new(); - ep.process_common( - config, - cx, - ocsp_response, - sct_list, - hello, - resumedata, - extra_exts, - )?; + ep.process_common(config, cx, ocsp_response, hello, resumedata, extra_exts)?; ep.process_tls12(config, hello, using_ems); let sh = Message { diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 9b15a25683..69484d45e9 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -372,14 +372,12 @@ mod client_hello { emit_fake_ccs(cx.common); } - let (mut ocsp_response, mut sct_list) = - (server_key.get_ocsp(), server_key.get_sct_list()); + let mut ocsp_response = server_key.get_ocsp(); let doing_early_data = emit_encrypted_extensions( &mut self.transcript, self.suite, cx, &mut ocsp_response, - &mut sct_list, client_hello, resumedata.as_ref(), self.extra_exts, @@ -394,7 +392,6 @@ mod client_hello { cx.common, server_key.get_cert(), ocsp_response, - sct_list, ); emit_certificate_verify_tls13( &mut self.transcript, @@ -666,22 +663,13 @@ mod client_hello { suite: &'static Tls13CipherSuite, cx: &mut ServerContext<'_>, ocsp_response: &mut Option<&[u8]>, - sct_list: &mut Option<&[u8]>, hello: &ClientHelloPayload, resumedata: Option<&persist::ServerSessionValue>, extra_exts: Vec, config: &ServerConfig, ) -> Result { let mut ep = hs::ExtensionProcessing::new(); - ep.process_common( - config, - cx, - ocsp_response, - sct_list, - hello, - resumedata, - extra_exts, - )?; + ep.process_common(config, cx, ocsp_response, hello, resumedata, extra_exts)?; let early_data = decide_if_early_data_allowed(cx, hello, resumedata, suite, config); if early_data == EarlyDataDecision::Accepted { @@ -751,7 +739,6 @@ mod client_hello { common: &mut CommonState, cert_chain: &[Certificate], ocsp_response: Option<&[u8]>, - sct_list: Option<&[u8]>, ) { let mut cert_entries = vec![]; for cert in cert_chain { @@ -772,13 +759,6 @@ mod client_hello { .exts .push(CertificateExtension::CertificateStatus(cst)); } - - // Likewise, SCT - if let Some(sct_list) = sct_list { - end_entity_cert - .exts - .push(CertificateExtension::make_sct(sct_list.to_owned())); - } } let cert_body = CertificatePayloadTLS13::new(cert_entries); diff --git a/rustls/src/sign.rs b/rustls/src/sign.rs index d557754c89..cb88489543 100644 --- a/rustls/src/sign.rs +++ b/rustls/src/sign.rs @@ -44,11 +44,6 @@ pub struct CertifiedKey { /// An optional OCSP response from the certificate issuer, /// attesting to its continued validity. pub ocsp: Option>, - - /// An optional collection of SCTs from CT logs, proving the - /// certificate is included on those logs. This must be - /// a `SignedCertificateTimestampList` encoding; see RFC6962. - pub sct_list: Option>, } impl CertifiedKey { @@ -61,7 +56,6 @@ impl CertifiedKey { cert, key, ocsp: None, - sct_list: None, } } diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 1c9abdcc1f..eb5139ea26 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -8,7 +8,7 @@ use crate::error::{ }; use crate::key::{Certificate, ParsedCertificate}; #[cfg(feature = "logging")] -use crate::log::{debug, trace, warn}; +use crate::log::trace; use crate::msgs::base::PayloadU16; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::DistinguishedName; @@ -110,16 +110,12 @@ pub trait ServerCertVerifier: Send + Sync { /// the implementor to handle invalid data. It is recommended that the implementor returns /// [`Error::InvalidCertificate(CertificateError::BadEncoding)`] when these cases are encountered. /// - /// `scts` contains the Signed Certificate Timestamps (SCTs) the server - /// sent with the end-entity certificate, if any. - /// /// [Certificate]: https://datatracker.ietf.org/doc/html/rfc8446#section-4.4.2 fn verify_server_cert( &self, end_entity: &Certificate, intermediates: &[Certificate], server_name: &ServerName, - scts: &mut dyn Iterator, ocsp_response: &[u8], now: SystemTime, ) -> Result; @@ -187,16 +183,6 @@ pub trait ServerCertVerifier: Send + Sync { fn supported_verify_schemes(&self) -> Vec { WebPkiVerifier::verification_schemes() } - - /// Returns `true` if Rustls should ask the server to send SCTs. - /// - /// Signed Certificate Timestamps (SCTs) are used for Certificate - /// Transparency validation. - /// - /// The default implementation of this function returns true. - fn request_scts(&self) -> bool { - true - } } impl fmt::Debug for dyn ServerCertVerifier { @@ -392,7 +378,6 @@ impl ServerCertVerifier for WebPkiVerifier { end_entity: &Certificate, intermediates: &[Certificate], server_name: &ServerName, - scts: &mut dyn Iterator, ocsp_response: &[u8], now: SystemTime, ) -> Result { @@ -400,10 +385,6 @@ impl ServerCertVerifier for WebPkiVerifier { verify_server_cert_signed_by_trust_anchor(&cert, &self.roots, intermediates, now)?; - if let Some(policy) = &self.ct_policy { - policy.verify(end_entity, now, scts)?; - } - if !ocsp_response.is_empty() { trace!("Unvalidated OCSP response: {:?}", ocsp_response.to_vec()); } @@ -418,7 +399,6 @@ impl ServerCertVerifier for WebPkiVerifier { #[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] pub struct WebPkiVerifier { roots: RootCertStore, - ct_policy: Option, } #[allow(unreachable_pub)] @@ -426,12 +406,8 @@ impl WebPkiVerifier { /// Constructs a new `WebPkiVerifier`. /// /// `roots` is the set of trust anchors to trust for issuing server certs. - /// - /// `ct_logs` is the list of logs that are trusted for Certificate - /// Transparency. Currently CT log enforcement is opportunistic; see - /// . - pub fn new(roots: RootCertStore, ct_policy: Option) -> Self { - Self { roots, ct_policy } + pub fn new(roots: RootCertStore) -> Self { + Self { roots } } /// Returns the signature verification methods supported by @@ -451,83 +427,6 @@ impl WebPkiVerifier { } } -/// Policy for enforcing Certificate Transparency. -/// -/// Because Certificate Transparency logs are sharded on a per-year basis and can be trusted or -/// distrusted relatively quickly, rustls stores a validation deadline. Server certificates will -/// be validated against the configured CT logs until the deadline expires. After the deadline, -/// certificates will no longer be validated, and a warning message will be logged. The deadline -/// may vary depending on how often you deploy builds with updated dependencies. -#[allow(unreachable_pub)] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] -pub struct CertificateTransparencyPolicy { - logs: &'static [&'static sct::Log<'static>], - validation_deadline: SystemTime, -} - -impl CertificateTransparencyPolicy { - /// Create a new policy. - #[allow(unreachable_pub)] - pub fn new( - logs: &'static [&'static sct::Log<'static>], - validation_deadline: SystemTime, - ) -> Self { - Self { - logs, - validation_deadline, - } - } - - fn verify( - &self, - cert: &Certificate, - now: SystemTime, - scts: &mut dyn Iterator, - ) -> Result<(), Error> { - if self.logs.is_empty() { - return Ok(()); - } else if self - .validation_deadline - .duration_since(now) - .is_err() - { - warn!("certificate transparency logs have expired, validation disabled"); - return Ok(()); - } - - let now = unix_time_millis(now)?; - let mut last_sct_error = None; - for sct in scts { - #[cfg_attr(not(feature = "logging"), allow(unused_variables))] - match sct::verify_sct(&cert.0, sct, now, self.logs) { - Ok(index) => { - debug!( - "Valid SCT signed by {} on {}", - self.logs[index].operated_by, self.logs[index].description - ); - return Ok(()); - } - Err(e) => { - if e.should_be_fatal() { - return Err(Error::InvalidSct(e)); - } - debug!("SCT ignored because {:?}", e); - last_sct_error = Some(e); - } - } - } - - /* If we were supplied with some logs, and some SCTs, - * but couldn't verify any of them, fail the handshake. */ - if let Some(last_sct_error) = last_sct_error { - warn!("No valid SCTs provided"); - return Err(Error::InvalidSct(last_sct_error)); - } - - Ok(()) - } -} - fn intermediate_chain(intermediates: &[Certificate]) -> Vec<&[u8]> { intermediates .iter() @@ -920,16 +819,6 @@ fn verify_tls13( .map(|_| HandshakeSignatureValid::assertion()) } -fn unix_time_millis(now: SystemTime) -> Result { - now.duration_since(std::time::UNIX_EPOCH) - .map(|dur| dur.as_secs()) - .map_err(|_| Error::FailedToGetCurrentTime) - .and_then(|secs| { - secs.checked_mul(1000) - .ok_or(Error::FailedToGetCurrentTime) - }) -} - #[cfg(test)] mod tests { use super::*; diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index a1099f8566..3ccfbdb004 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -213,8 +213,7 @@ impl Context { } fn bench(&self, count: usize) { - let verifier = verify::WebPkiVerifier::new(self.roots.clone(), None); - const SCTS: &[&[u8]] = &[]; + let verifier = verify::WebPkiVerifier::new(self.roots.clone()); const OCSP_RESPONSE: &[u8] = &[]; let mut times = Vec::new(); @@ -227,7 +226,6 @@ impl Context { end_entity, intermediates, &server_name, - &mut SCTS.iter().copied(), OCSP_RESPONSE, self.now, ) diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index ee5b89b8ff..4c0342f089 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -157,7 +157,6 @@ pub struct MockServerVerifier { cert_rejection_error: Option, tls12_signature_error: Option, tls13_signature_error: Option, - wants_scts: bool, signature_schemes: Vec, } @@ -167,14 +166,12 @@ impl ServerCertVerifier for MockServerVerifier { end_entity: &rustls::Certificate, intermediates: &[rustls::Certificate], server_name: &rustls::ServerName, - scts: &mut dyn Iterator, oscp_response: &[u8], now: std::time::SystemTime, ) -> Result { - let scts: Vec> = scts.map(|x| x.to_owned()).collect(); println!( - "verify_server_cert({:?}, {:?}, {:?}, {:?}, {:?}, {:?})", - end_entity, intermediates, server_name, scts, oscp_response, now + "verify_server_cert({:?}, {:?}, {:?}, {:?}, {:?})", + end_entity, intermediates, server_name, oscp_response, now ); if let Some(error) = &self.cert_rejection_error { Err(error.clone()) @@ -220,11 +217,6 @@ impl ServerCertVerifier for MockServerVerifier { fn supported_verify_schemes(&self) -> Vec { self.signature_schemes.clone() } - - fn request_scts(&self) -> bool { - println!("request_scts? {:?}", self.wants_scts); - self.wants_scts - } } impl MockServerVerifier { @@ -270,7 +262,6 @@ impl Default for MockServerVerifier { cert_rejection_error: None, tls12_signature_error: None, tls13_signature_error: None, - wants_scts: false, signature_schemes: WebPkiVerifier::verification_schemes(), } } From bea6cb047f5848c08eab7c5d99237113ce5c8fa6 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 6 Jul 2023 11:44:42 +0100 Subject: [PATCH 0011/1145] RELEASING.md: restructure, use github releases --- RELEASING.md | 52 +++++++++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/RELEASING.md b/RELEASING.md index 2e39a03ac3..92bb4a503a 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -1,23 +1,25 @@ -# Making a rustls release +## Before making a release -This is a checklist for steps to make before/after making a rustls release. - -1. Attend to the README.md: this appears on crates.io for the release, and can't be edited after - the fact. - - Ensure the version has a good set of release notes. Move old release notes to OLDCHANGES.md - if this is getting excessively long. - - Write the version and date of the release. -2. Run `cargo update` followed by `cargo outdated`, to check if we have any +1. Run `cargo update` followed by `cargo outdated`, to check if we have any dependency updates which are not already automatically taken by their semver specs. - - If we do, take them if possible with separate commits (but there should've been - dependabot PRs submitted for these already.) -3. Now run `cargo test --all-features` to ensure our tests continue to pass with the - updated dependencies. -4. Update `rustls/Cargo.toml` to set the correct version. -5. Make a commit with the above changes, something like 'Prepare $VERSION'. This - should not contain functional changes: just versions numbers, and markdown changes. -6. Do a dry run: in `rustls/` check `cargo publish --dry-run` -7. Push the above commit. Wait for CI to confirm it as green. + - If we do, take them if possible. There should be dependabot PRs submitted for these already, but if + not make separate commits for these and land those first. +2. Update `rustls/Cargo.toml` to set the correct version. +3. Make a commit with the new version number, something like 'Prepare $VERSION'. This + should not contain functional changes: just version numbers, and perhaps markdown changes. +4. Do a dry run: in `rustls/` check `cargo publish --dry-run`. + - Do not use `--allow-dirty`; use a separate working tree if needed. +5. Come up with text detailing headline changes for this release. General guidelines: + * :green_heart: include any breaking changes. + * :green_heart: include any major new headline features. + * :green_heart: include any major, user-visible bug fixes. + * :green_heart: include any new API deprecations. + * :green_heart: emphasise contributions from outside the maintainer team. + * :x: omit any internal build, process or test improvements. + * :x: omit any minor or user-invisible bug fixes. + * :x: omit any changes to dependency versions (unless these cause breaking changes). +5. Open a PR with the above commit and include the release notes in the description. + Wait for review and CI to confirm it as green. - Any red _should_ naturally block the release. - If rustc nightly is broken, this _may_ be acceptable if the reason is understood and does not point to a defect in rustls. eg, at the time of writing in releasing 0.20: @@ -25,12 +27,16 @@ This is a checklist for steps to make before/after making a rustls release. - oss fuzz is broken: https://github.com/google/oss-fuzz/issues/6268 (Both of these share the same root cause of LLVM13 breaking changes; which are unfortunately common when rustc nightly takes a new LLVM.) -8. Tag the released version: `git tag -m '0.20.0' v/0.20.0` -9. Push the tag: `git push --tags` -10. Do the release: `cargo publish` when sat in `rustls/`. -## Post-release things +## Making a release -- Update dependent crates (eg, hyper-rustls, rustls-native-certs, etc.) +1. Tag the released version: eg. `git tag -m '0.20.0' v/0.20.0` +2. Push the tag: eg. `git push origin v/0.20.0` +3. Do the release: `cargo publish` when sat in `rustls/`. + - Do not use `--allow-dirty`; use a separate working tree if needed. +## After making a release +1. Create a new GitHub release for that tag. Use "Generate release notes" (against the tag for the previous release) + as a starting point for the release description. Then add the "headlines" produced earlier at the top. +2. Update dependent crates (eg, hyper-rustls, rustls-native-certs, etc.) if this was a semver-incompatible release. From 9f76287912e907bff9e7407c83c161c19e561442 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 6 Jul 2023 12:22:27 +0100 Subject: [PATCH 0012/1145] Prepare to move release notes to github releases --- README.md | 72 +----------- RELEASE_NOTES.md | 279 ----------------------------------------------- 2 files changed, 1 insertion(+), 350 deletions(-) delete mode 100644 RELEASE_NOTES.md diff --git a/README.md b/README.md index 29cbe28c6f..b6d8b06e49 100644 --- a/README.md +++ b/README.md @@ -20,77 +20,7 @@ If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md). ## Release history -* Next release: - - `RootCertStore::add_parsable_certificates` now takes a - `impl IntoIterator>`. - - *Breaking change*: remove support for SCT stapling. Ecosystem support for this is rare compared to - inclusion of SCTs in certificates. -* Release 0.21.3 (2023-07-05) - - Added `with_crls` function to `AllowAnyAuthenticatedClient` and - `AllowAnyAnonymousOrAuthenticatedClient` client certificate verifiers to - support revocation checking of client certificates using certificate - revocation lists (CRLs). - - Exposed `verify_signed_by_trust_anchor` and `verify_server_name` certificate - validation helper functions when using the "dangerous_configuration" - feature. -* Release 0.21.2 (2023-06-14) - - Bump MSRV to 1.60 to track similar change in dependencies. - - Differentiate between unexpected and expected EOF in `Stream` and `OwnedStream`. - - `RootCertStore::add_parsable_certificates` now takes a `&[impl AsRef<[u8]>]`. - - Add QUIC V2 support. -* Release 0.21.1 (2023-05-01) - - Remove `warn`-level logging from code paths that also return a `rustls::Error` with - the same information. - - Bug fix: ensure `ConnectionCommon::complete_io` flushes pending writes. - - Bug fix: correct encoding of acceptable issuer subjects when rustls operates as a server - requesting client authentication. This was a regression introduced in 0.21.0. -* Release 0.21.0 (2023-03-29) - - Support for connecting to peers named with IP addresses. This means - rustls now depends on a fork of webpki - `rustls-webpki` - with a suitably - extended API. - - *Breaking change*: `StoresClientSessions` trait renamed to `ClientSessionStore` and - reworked to allow storage of multiple TLS1.3 tickets and avoid reuse of them. - This is a privacy improvement, see RFC8446 appendix C.4. - - *Breaking change*: the `DistinguishedNames` type alias no longer exists; the public - API now exports a `DistinguishedName` type, and the - `ClientCertVerifier::client_auth_root_subjects()` method now returns a - `&[DistinguishedName]` instead (with the lifetime constrained to the - verifier's). - - *Breaking change*: the `ClientCertVerifier` methods `client_auth_mandatory()` - and `client_auth_root_subjects()` no longer return an `Option`. You can now - use an `Acceptor` to decide whether to accept the connection based on information - from the `ClientHello` (like server name). - - *Breaking change*: rework `rustls::Error` to avoid String usage in - `PeerMisbehavedError`, `PeerIncompatibleError` and certificate errors. - Especially note that custom certificate verifiers should move to use the - new certificate errors. `Error` is now `non_exhaustive`, and so are the - inner enums used in its variants. - - *Breaking change*: replace `webpki::Error` appearing in the public API - in `RootCertStore::add`. - - The number of tickets sent by a TLS1.3 server is now configurable via - `ServerConfig::send_tls13_tickets`. Previously one ticket was sent, now - the default is four. - - *Breaking change*: remove deprecated methods from `Acceptor`. - - *Breaking change*: `AllowAnyAuthenticatedClient` and `AllowAnyAnonymousOrAuthenticatedClient` - `new` functions now return `Self`. A `boxed` function was added to both types to easily acquire - an `Arc`. - - *Breaking change*: `NoClientAuth::new` was renamed to `boxed`. - - *Breaking change*: the QUIC API has changed to provide QUIC-specific `ClientConnection` and - `ServerConnection` types, instead of using an extension trait. - - *Breaking change*: the QUIC `Secrets` constructor was changed to take - a `Side` instead of `bool`. - - *Breaking change*: the `export_keying_material` function on a `Connection` - was changed from returning `Result<(), Error>` to `Result` where - `T: AsMut<[u8]>`. - - *Breaking change*: the `sni_hostname` function on a `Connection` was renamed - to `server_name`. - - *Breaking change*: remove alternative type names deprecated in 0.20.0 (`RSASigningKey` vs. - `RsaSigningKey` etc.) - - *Breaking change*: the client config `session_storage` and `enable_tickets` - fields have been replaced by a more misuse resistant `Resumption` type that - combines the two options. - -See [RELEASE_NOTES.md](RELEASE_NOTES.md) for further change history. +Release history can be found [on GitHub](https://github.com/rustls/rustls/releases). # Documentation Lives here: https://docs.rs/rustls/ diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md deleted file mode 100644 index f7ca1c2d07..0000000000 --- a/RELEASE_NOTES.md +++ /dev/null @@ -1,279 +0,0 @@ -## Release history: - -* 0.20.8 (2023-01-12) - - Yield an error from `ConnectionCommon::read_tls()` if buffers are full. - Both a full deframer buffer and a full incoming plaintext buffer will - now cause an error to be returned. Callers should call `process_new_packets()` - and read out the plaintext data from `reader()` after each successful call to `read_tls()`. - - The minimum supported Rust version is now 1.57.0 due to some dependencies - requiring it. -* 0.20.7 (2022-10-18) - - Expose secret extraction API under the `secret_extraction` cargo feature. - This is designed to enable switching from rustls to kTLS (kernel TLS - offload) after a successful TLS 1.2/1.3 handshake, for example. - - Move filtering of signature schemes after config selection, avoiding the need - for linking in encryption/decryption code for all cipher suites at the cost of - exposing more signature schemes in the `ClientHello` emitted by the `Acceptor`. - - Expose AlertDescription, ContentType, and HandshakeType, - SignatureAlgorithm, and NamedGroup as part of the stable API. Previously they - were part of the unstable internals API, but were referenced by parts of the - stable API. - - We now have a [Discord channel](https://discord.gg/MCSB76RU96) for community - discussions. - - The minimum supported Rust version is now 1.56.0 due to several dependencies - requiring it. -* 0.20.6 (2022-05-18) - - 0.20.5 included a change to track more context for the `Error::CorruptMessage` - which made API-incompatible changes to the `Error` type. We yanked 0.20.5 - and have reverted that change as part of 0.20.6. -* 0.20.5 (2022-05-14) - - Correct compatbility with servers which return no TLS extensions and take - advantage of a special case encoding. - - Remove spurious warn-level logging introduced in 0.20.3. - - Expose cipher suites in `ClientHello` type. - - Allow verification of IP addresses with `dangerous_config` enabled. - - Retry I/O operations in `ConnectionCommon::complete_io()` when interrupted. - - Fix server::ResolvesServerCertUsingSni case sensitivity. -* 0.20.4 (2022-02-19) - - Correct regression in QUIC 0-RTT support. -* 0.20.3 (2022-02-13) - - Support loading ECDSA keys in SEC1 format. - - Support receipt of 0-RTT "early data" in TLS1.3 servers. It is not enabled - by default; opt in by setting `ServerConfig::max_early_data_size` to a non-zero - value. - - Support sending of data with the first server flight. This is also not - enabled by default either: opt in by setting `ServerConfig::send_half_rtt_data`. - - Support `read_buf` interface when compiled with nightly. This means - data can be safely read out of a rustls connection into a buffer without - the buffer requiring initialisation first. Set the `read_buf` feature to - use this. - - Improve efficiency when writing vectors of TLS types. - - Reduce copying and improve efficiency in TLS1.2 handshake. -* 0.20.2 (2021-11-21) - - Fix `CipherSuite::as_str()` value (as introduced in 0.20.1). -* 0.20.1 (2021-11-14) - - Allow cipher suite enum items to be stringified. - - Improve documentation of configuration builder types. - - Ensure unused cipher suites can be removed at link-time. - - Ensure single-use error types implement `std::error::Error`, and are public. -* 0.20.0 (2021-09-26) - - *Breaking change*: `Connection` is now an enum instead of a trait. You can abstract over - `ClientConnection` and `ServerConnection` with a bound like `where C: Deref>, SD: SideData`. - - *Breaking change*: the SNI arguments to `ClientCertVerifier` methods have been removed. - The `Acceptor` API now allows selecting a `ServerConfig` based on the `ClientHello` instead. - - Unclean TCP closure is now tracked by the library. This means a new error is possible when reading plaintext: - `ErrorKind::UnexpectedEof` will be returned in this case. - - *Breaking change*: insulate the rustls public API from webpki API changes: - - PKI errors are now reported using rustls-specific errors. - - There is now a rustls-specific root trust anchor type. - - *Breaking change*: the following types are no longer exposed in the crate root, and can instead be imported - through the `client` module exposed in the crate root: `ResolvesClientCert`, `StoresClientSessions`, - `WriteEarlyData`, `ClientSessionMemoryCache`, `NoClientSessionStorage`, `HandshakeSignatureValid`, - `ServerCertVerified`, `ServerCertVerifier`, `WebPkiVerifier` and `DangerousClientConfig`. - - *Breaking change*: the following types are no longer exposed in the crate root, and can instead be imported - through the `server` module exposed in the crate root: `AllowAnonymousOrAuthenticatedClient`, - `AllowAnyAuthenticatedClient`, `NoClientAuth`, `ResolvesServerCertUsingSni`, `NoServerSessionStorage`, - `ServerSessionMemoryCache`, `StoresServerSessions`, `ClientHello`, `ProducesTickets`, `ResolvesServerCert`, - `ClientCertVerified` and `ClientCertVerifier`. - - *Breaking API change*: `QuicExt::write_hs()` now returns a `KeyChange` type that returns handshake or 1-RTT keys. In the case of 1-RTT keys, a `KeyChange` also - includes a `Secrets` type that must be used to derive further key updates, independent from the rustls `Connection`. The `QuicExt::next_1rtt_keys()` method - has been removed. - - *Breaking API change*: QUIC header protection keys now use a new type that directly exposes a masking/unmasking operation. -* 0.20.0-beta2 (2021-07-04) - - *Breaking change*: internal buffers are now limited to 64 kB by default. Use - `Connection::set_buffer_limit` to change the buffer limits to suit your application. - - *Breaking API change*: PEM parsing now lives in the [rustls-pemfile crate](https://crates.io/crates/rustls-pemfile). - This means `rustls::internals::pemfile` and `rustls::RootCertStore::add_pem_file` no longer exist. - - *Breaking API change*: `ServerCertVerifier::verify_server_cert` and `ClientCertVerifier::verify_client_cert` - pass the end-entity and intermediate certificates separately. This means rustls deals with the case - where the certificate chain is empty, rather than leaving that to ServerCertVerifier/ClientCertVerifier - implementation. - - *Breaking API change*: `SupportedCipherSuite` is now an enum with TLS 1.2 and TLS 1.3 variants. Some of its - methods have moved to the inner `Tls12CipherSuite` and `Tls13CipherSuite` types. Instead of - `usable_for_version()`, it now has a `version()` method. `get_hash()` has been renamed - to `hash_algorithm()` and `usable_for_sigalg()` to `usable_for_signature_algorithm()`. - - There are now 80% fewer unreachable unwraps in the core crate thanks to large refactoring efforts. - - *Breaking API change*: the `WebPkiError` variant of `rustls::Error` now includes which operation failed. - - *Breaking API changes*: These public API items have been renamed to meet naming guidelines: - - `rustls::TLSError` to `rustls::Error`. - - `rustls::ResolvesServerCertUsingSNI` to `rustls::ResolvesServerCertUsingSni`. - - `rustls::WebPKIVerifier` to `rustls::WebPkiVerifier`. - - `rustls::ciphersuites` to `rustls::cipher_suites`. - - `rustls::ALL_CIPHERSUITES` to `ALL_CIPHER_SUITES`; `rustls::DEFAULT_CIPHERSUITES` to `DEFAULT_CIPHER_SUITES`. - - `rustls::ClientHello::sigschemes` to `rustls::ClientHello::signature_schemes`. - - `rustls::RootCertStore::get_subjects` to `rustls::RootCertStore::subjects`. - - `rustls::ServerSession` to `rustls::ServerConnection`. - - `rustls::ClientSession` to `rustls::ClientConnection`. - - `rustls::ServerSession::get_sni_hostname` to `rustls::ServerConnection::sni_hostname`. - - `rustls::ClientConfig::ciphersuites` to `rustls::ClientConfig::cipher_suites`. - - `rustls::ServerConfig::ciphersuites` to `rustls::ServerConfig::cipher_suites`. - - `rustls::ProducesTickets::get_lifetime` to `rustls::ProducesTickets::lifetime`. - - `rustls::Session`: `get_peer_certificates` to `peer_certificates`, `get_alpn_protocol` to `alpn_protocol`, - `get_protocol_version` to `protocol_version`, `get_negotiated_ciphersuite` to `negotiated_cipher_suite`. - - *Breaking API change*: `ResolvesServerCert::resolve` and `ResolvesClientCert::resolve` now return - `Option>` instead of `Option`. `CertifiedKey` is now an immutable - type. - - *Breaking API change*: `peer_certificates` returns a borrow rather than a copy on the - internally stored certificate chain. - - *Breaking API change*: `ClientConnection`'s DNS name parameter is now a new enum, `ServerName`, to allow future support for ECH and servers named by IP address. -* 0.19.1 (2021-04-17): - - Backport: fix security issue: there was a reachable panic in servers if a client - sent an invalid `ClientECDiffieHellmanPublic` encoding, due to an errant `unwrap()` - when parsing the encoding. -* 0.19.0 (2020-11-22): - - Ensured that `get_peer_certificates` is both better documented, and works - uniformly for both full-handshake and resumed sessions. - - Fix bug: fully qualified hostnames should have had their trailing dot - stripped when quoted in the SNI extension. -* 0.18.1 (2020-08-16): - - Fix DoS vulnerability in TLS1.3 "Middlebox Compatibility Mode" CCS handling. - This is thought to be quite minor -- see - [this commit message](https://github.com/rustls/rustls/commit/e51bf92afcd9dfbd5f4e8154b847aa5cc380913c) - for a full discussion. -* 0.18.0 (2020-07-04): - - Allow custom certificate validation implementations to also - handle handshake signature computation. This allows uses in non-web - contexts, where `webpki` is not likely to process the certificates - in use. Thanks to @DemiMarie-parity. - - Performance improvements. Thanks to @nviennot. - - Fixed client authentication being unduly rejected by client when server - uses the superseded certificate_types field of CertificateRequest. - - *Breaking API change*: The writev_tls API has been removed, in favour - of using vectored IO support now offered by std::io::Write. - - Added ed25519 support for authentication; thanks to @potatosalad. - - Support removal of unused ciphersuites at link-time. To use this, - call `ClientConfig::with_ciphersuites` instead of `ClientConfig::new`. -* 0.17.0 (2020-02-22): - - *Breaking API change*: ALPN protocols offered by the client are passed - to the server certificate resolution trait (`ResolvesServerCert`). - - *Breaking API change*: The server certificate resolution trait now - takes a struct containing its arguments, so new data can be passed - to these functions without further breaking changes. - - Signature schemes offered by the client are now filtered to those - compatible with the client-offered ciphersuites. Prior to this change - it was likely that server key type switching would not work for clients - that offer signature schemes mismatched with their ciphersuites. - - Add manual with goal-oriented documentation, and rationale for design - decisions. - - *Breaking API change*: `AlwaysResolvesClientCert::new` is now fallible, - as is `ClientConfig::set_single_client_cert`. -* 0.16.0 (2019-08-10): - - Optimisation of read path for polled non-blocking IO. - - Correct an omission in TLS1.3 middlebox compatibility mode, causing - handshake failures with servers behind buggy middleboxes. - - Move to *ring* 0.16. - - Assorted refactoring to reduce memory usage during and after - handshake. - - Update other dependencies. -* 0.15.2 (2019-04-02): - - Moved example code around for benefit of Fuchsia. - - Example code fixes for Windows -- Windows is now a tested platform. - - QUIC-specific bug fixes. - - Update dependencies. -* 0.15.1 (2019-01-29): - - Fix incorrect offering of SHA1. -* 0.15.0 (2019-01-20): - - Update dependencies. - - *Breaking API change*: ALPN protocols are now encoded as a `Vec`, not - a `String`. This alters the type of: - - `ClientConfig::alpn_protocols` - - `ClientConfig::set_protocols` - - `ServerConfig::alpn_protocols` - - `ServerConfig::set_protocols` - - `Session::get_alpn_protocol` - - Emit a warning when receiving an invalid SNI extension, such as one - including an IP address. - - Extended QUIC support for later QUIC drafts. - - Correct bug where we'd send more than one fatal alert for - handshake failure cases. - - Discontinue support for SHA1 signatures. - - Move to Rust 2018 edition. -* 0.14.0 (2018-09-30): - - Introduce client-side support for 0-RTT data in TLS1.3. - - Fix a bug in rustls::Stream for non-blocking transports. - - Move TLS1.3 support from draft 23 to final RFC8446 version. - - Don't offer (e.g.) TLS1.3 if no TLS1.3 suites are configured. - - Support stateful resumption in TLS1.3. Stateless resumption - was previously supported, but is not the default configuration. - - *Breaking API change*: `generate()` removed from `StoresServerSessions` trait. - - *Breaking API change*: `take()` added to `StoresServerSessions` trait. -* 0.13.1 (2018-08-17): - - Fix a bug in rustls::Stream for non-blocking transports - (backport). -* 0.13.0 (2018-07-15): - - Move TLS1.3 support from draft 22 to 23. - - Add support for `SSLKEYLOGFILE`; not enabled by default. - - Add support for basic usage in QUIC. - - `ServerConfig::set_single_cert` and company now report errors. - - Add support for vectored IO: `writev_tls` can now be used to - optimise system call usage. - - Support ECDSA signing for server and client authentication. - - Add type like `rustls::Stream` which owns its underlying TCP stream - and rustls session. -* 0.12.0 (2018-01-06): - - New API for learning negotiated cipher suite. - - Move TLS1.3 support from draft 18 to 22. - - Allow server-side MTU configuration. - - Tested against latest BoringSSL test suite. - - Support RFC5705 exporters. - - Provide `ResolvesServerCertUsingSNI` for doing SNI-based - certificate switching. - - Allow disabling SNI extension on clients, for use with - custom server certificate verifiers where the hostname - may not make sense. - - DNS names are now typesafe, using `webpki::DNSName`. - - Update dependencies. -* 0.11.0 (2017-08-28): - - New server API for learning requested SNI name. - - Server now checks selected certificate for validity. - - Remove time crate dependency. - - Follow webpki interface changes. - - Update dependencies. -* 0.10.0 (2017-08-12): - - Request and verify SCTs using sct crate. This doesn't happen - unless you pass in some certificate transparency logs -- example code - does this. - - Request OCSP stapled response and pass to cert verifier. - Note that OCSP verification is not implemented, but this is the public - API public change required to support this. - - Allow OCSP and SCT stapling for servers. - - Refactor handshake state machines. - - Bind verifications to final state -- note API change for custom cert - verification. -* 0.9.0 (2017-06-16): - - Update dependencies. - - Add IO helper function (`complete_io`) to `rustls::Session`. - - Add blocking stream type -- `rustls::Stream` -- to ease use on top - of blocking sockets. -* 0.8.0 (2017-05-14): - - Add `dangerous_configuration` feature for unsafe features. -* 0.7.0 (2017-05-08): - - Update dependencies. -* 0.6.0 (2017-05-06): - - Update dependencies. - - Expose ring's new support for PKCS#8-format private keys. - - New API for applying limitation to internal buffer sizes. -* 0.5.8 (2017-03-16): - - Fix build on later rustc. -* 0.5.7 (2017-02-27): - - No changes from 0.5.6; republished with nightly cargo for category support. -* 0.5.6 (2017-02-19): - - RFC7627 extended master secret support - - Assorted documentation improvements -* 0.5.5 (2017-02-03): - - Crate categories. - - Protocol errors now permanent for given session. - - Exposed `ResolvesServerCert` trait for customising certification - selection. - - Exposed `SignatureScheme` enum. -* 0.5.4 (2017-01-26): - - First release with TLS1.3-draft-18 support. - - More performance improvements (now ~15Gbps per core). - - New API to learn version of negotiated connection. -* 0.5.0 (2016-09-27): - - Tickets. - - Coverage testing. - - Benchmarking. - - Massive performance improvements (from ~1Gbps to ~6Gbps per core). - - OSX support. - - Minor API corrections and additional testing. From d397481eca3c7445730ad16d3d918240a6a8d4a6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 7 Jul 2023 10:22:52 -0400 Subject: [PATCH 0013/1145] lib: export CertRevocationListError enum. The top level `Error::InvalidCertRevocationList` was exported, but not its inner `CertRevocationListError` enum. This should be done to match other enums (e.g. the `Error::InvalidCertificate`'s exported `CertificateError` enum). --- rustls/src/lib.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 01f355465c..a42de493ca 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -382,7 +382,10 @@ pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, SignatureScheme, }; -pub use crate::error::{CertificateError, Error, InvalidMessage, PeerIncompatible, PeerMisbehaved}; +pub use crate::error::{ + CertRevocationListError, CertificateError, Error, InvalidMessage, PeerIncompatible, + PeerMisbehaved, +}; pub use crate::key::{Certificate, PrivateKey}; pub use crate::key_log::{KeyLog, NoKeyLog}; pub use crate::key_log_file::KeyLogFile; From 95dc0da1c9a3b71dd87ccd0a9e92c43904b52fe9 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 7 Jul 2023 10:24:42 -0400 Subject: [PATCH 0014/1145] error: use automatic link for RFC 5280 ref. Fixes: ``` warning: this URL is not a hyperlink --> rustls/src/error.rs:427:15 | 427 | /// [^1]: https://www.rfc-editor.org/rfc/rfc5280#section-5.3.1 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: use an automatic link instead: `` | = note: bare URLs are not automatically turned into clickable links = note: `#[warn(rustdoc::bare_urls)]` on by default ``` --- rustls/src/error.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 9cd5a08801..381835f29a 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -420,7 +420,7 @@ pub enum CertRevocationListError { /// The CRL contained a revoked certificate with an unsupported revocation reason. /// See RFC 5280 Section 5.3.1[^1] for a list of supported revocation reasons. /// - /// [^1]: https://www.rfc-editor.org/rfc/rfc5280#section-5.3.1 + /// [^1]: UnsupportedRevocationReason, } From 8e5395bfc1ccfd7b06f0aaeb0f524a369a8639b8 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 7 Jul 2023 14:05:38 -0400 Subject: [PATCH 0015/1145] ci: add merge_group trigger to ci tasks. This commit adds `merge_group` to our CI task `on` triggers in preparation for enabling the merge queue feature. Per the GitHub docs[0]: > You must use the merge_group event to trigger your GitHub Actions > workflow when a pull request is added to a merge queue. > > Note: If your repository uses GitHub Actions to perform required > checks on pull requests in your repository, you need to update the > workflows to include the merge_group event as an additional trigger. > Otherwise, status checks will not be triggered when you add a pull > request to a merge queue. The merge will fail as the required status > check will not be reported. The merge_group event is separate from the > pull_request and push events. [0]: https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 89a67f86fe..cdb65868fe 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,6 +6,7 @@ permissions: on: push: pull_request: + merge_group: schedule: - cron: '0 18 * * *' From 0381e5a455e8cc7e64c6987e4d76daeeaaacce60 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 6 Jul 2023 15:53:08 -0400 Subject: [PATCH 0016/1145] client: `with_single_cert` -> `with_client_auth_cert` This commit renames the `ClientConfig` builder's `with_single_cert` function to be called `with_client_auth_cert`. The old `with_single_cert` function is left as an alias for `with_client_auth_cert` and marked as deprecated to encourage users to switch to the new name. I believe this offers better symmetry with the `with_no_client_auth` function that's used to disable client authentication, and more clearly conveys the purpose of this function is for providing a client authentication certificate. --- examples/src/bin/tlsclient-mio.rs | 2 +- rustls/examples/internal/bench.rs | 2 +- rustls/examples/internal/bogo_shim.rs | 3 ++- rustls/src/builder.rs | 2 +- rustls/src/client/builder.rs | 18 +++++++++++++++++- rustls/tests/common/mod.rs | 2 +- 6 files changed, 23 insertions(+), 6 deletions(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index a120c518d3..ca3c3fc689 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -416,7 +416,7 @@ fn make_config(args: &Args) -> Arc { let certs = load_certs(certs_file); let key = load_private_key(key_file); config - .with_single_cert(certs, key) + .with_client_auth_cert(certs, key) .expect("invalid client auth certs/key") } (None, None) => config.with_no_client_auth(), diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index 42cfdf5f2d..536e341b46 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -348,7 +348,7 @@ fn make_client_config( .with_root_certificates(root_store); let mut cfg = if clientauth == ClientAuth::Yes { - cfg.with_single_cert( + cfg.with_client_auth_cert( params.key_type.get_client_chain(), params.key_type.get_client_key(), ) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 1c81409a7c..f942d82e04 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -527,7 +527,8 @@ fn make_client_cfg(opts: &Options) -> Arc { let mut cfg = if !opts.cert_file.is_empty() && !opts.key_file.is_empty() { let cert = load_cert(&opts.cert_file); let key = load_key(&opts.key_file); - cfg.with_single_cert(cert, key).unwrap() + cfg.with_client_auth_cert(cert, key) + .unwrap() } else { cfg.with_no_client_auth() }; diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 8b63f8c1e3..5c32977fb8 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -58,7 +58,7 @@ use std::marker::PhantomData; /// .with_safe_default_protocol_versions() /// .unwrap() /// .with_root_certificates(root_certs) -/// .with_single_cert(certs, private_key) +/// .with_client_auth_cert(certs, private_key) /// .expect("bad certificate/key"); /// ``` /// diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 7306e49200..5d2e4ce061 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -67,7 +67,7 @@ impl ConfigBuilder { /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key. /// /// This function fails if `key_der` is invalid. - pub fn with_single_cert( + pub fn with_client_auth_cert( self, cert_chain: Vec, key_der: key::PrivateKey, @@ -76,6 +76,22 @@ impl ConfigBuilder { Ok(self.with_client_cert_resolver(Arc::new(resolver))) } + /// Sets a single certificate chain and matching private key for use + /// in client authentication. + /// + /// `cert_chain` is a vector of DER-encoded certificates. + /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key. + /// + /// This function fails if `key_der` is invalid. + #[deprecated(since = "0.21.4", note = "Use `with_client_auth_cert` instead")] + pub fn with_single_cert( + self, + cert_chain: Vec, + key_der: key::PrivateKey, + ) -> Result { + self.with_client_auth_cert(cert_chain, key_der) + } + /// Do not support client auth. pub fn with_no_client_auth(self) -> ClientConfig { self.with_client_cert_resolver(Arc::new(handy::FailResolveClientCert {})) diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 7b36f1f7cd..afdb67cf5d 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -360,7 +360,7 @@ pub fn finish_client_config_with_creds( config .with_root_certificates(root_store) - .with_single_cert(kt.get_client_chain(), kt.get_client_key()) + .with_client_auth_cert(kt.get_client_chain(), kt.get_client_key()) .unwrap() } From 478a895cf010e08bb4028c1b535ee653e3988a8f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 11 Jul 2023 10:43:38 -0400 Subject: [PATCH 0017/1145] ci: add a cargo-semver-checks action. This commit updates the `build.yml` GitHub actions workflow to additionally include a step that checks semver compatibility w/ cargo-semver-checks[0]. Notably this check passing is necessary but not sufficient for knowing that we're maintaining semver: if this tool produces a finding we know we aren't matching semver, but if it doesn't, we may still be breaking semver in a way the tool can't detect. [0]: https://github.com/obi1kenobi/cargo-semver-checks --- .github/workflows/build.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cdb65868fe..774d04e1ba 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -234,6 +234,18 @@ jobs: uses: taiki-e/install-action@cross - run: cross build --target i686-unknown-linux-gnu + semver: + name: Check semver compatibility + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@v3 + with: + persist-credentials: false + + - name: Check semver + uses: obi1kenobi/cargo-semver-checks-action@v2 + format: name: Format runs-on: ubuntu-latest From 9939793a7e1ab179dd633a5692cc5dd2958aca4f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 13 Jul 2023 15:28:51 +0100 Subject: [PATCH 0018/1145] client::builder: fix PhantomData clippy lint --- rustls/src/client/builder.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 5d2e4ce061..13032f86c2 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -42,7 +42,7 @@ impl ConfigBuilder { versions: self.state.versions, verifier, }, - side: PhantomData::default(), + side: PhantomData, } } } From bf09a07845e66667505ae0bc70717c9e417837a5 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 13 Jul 2023 15:20:04 +0100 Subject: [PATCH 0019/1145] Remove MSRV variant of connect-tests MSRV is important (an tested separately) for the core crate (and its dependencies) but doesn't apply to test code. Run these daily to notice any breakage earlier. --- .github/workflows/connect-tests.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/connect-tests.yml b/.github/workflows/connect-tests.yml index f702aaaa01..ab25beb527 100644 --- a/.github/workflows/connect-tests.yml +++ b/.github/workflows/connect-tests.yml @@ -5,9 +5,9 @@ permissions: on: schedule: - # We only run connectivity tests on a weekly basis, choosing a weekday and + # We run connectivity tests on a daily basis, choosing a # a time slightly offset from the top of the hour. - - cron: '15 12 * * 3' + - cron: '15 18 * * *' jobs: build: @@ -20,7 +20,6 @@ jobs: - stable - beta - nightly - - "1.60" # MSRV os: [ubuntu-20.04] # but only stable on macos/windows (slower platforms) include: From fd5f9df24a095e7a0f7de80f3c5d345610c5b95b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 10 Jul 2023 13:40:20 -0400 Subject: [PATCH 0020/1145] docs: update RELEASING w/ maintenance release steps. This commit adds some short guidance on performing maintenance point releases when `main` has breaking changes, preventing using the normal release process. --- RELEASING.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/RELEASING.md b/RELEASING.md index 92bb4a503a..5f82effc7b 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -40,3 +40,16 @@ 1. Create a new GitHub release for that tag. Use "Generate release notes" (against the tag for the previous release) as a starting point for the release description. Then add the "headlines" produced earlier at the top. 2. Update dependent crates (eg, hyper-rustls, rustls-native-certs, etc.) if this was a semver-incompatible release. + +## Maintenance point releases + +When point releases for bug fixes and small backwards compatible changes, but `main` contains unreleased breaking +changes we follow a modified release process using a longer-lived maintenance branch. + +1. Check if there is an existing release branch, e.g. `rel-0.21` for point releases in the `0.21.x` series. + - If there is, use that branch. + - If there is not, create a new branch from the tag for the previous release, e.g. `git checkout -b rel-0.21 v/0.21.0`. + Remember to also create a branch protection rule for the release branch, matching the settings from `main`. +2. Make pull-requests for any changes you want to include in the point release, targeted against the release branch. +3. Follow the usual release process, but use the release branch instead of `main` when making the release. + - For example, `cargo publish` should be run from the release branch, not `main`. From 1d07dd5dde28a182b33e501d3ac316c13c99e8bd Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 18 Jul 2023 16:27:45 +0100 Subject: [PATCH 0021/1145] Correct/allow unnecessarily &mut function args allow unknown-lints on stable clippy, otherwise it warns about us allowing lints that were introduced on nightly. --- .github/workflows/build.yml | 8 ++++---- rustls/src/client/tls12.rs | 2 +- rustls/src/server/tls13.rs | 1 + 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 774d04e1ba..870ebdfd12 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -277,10 +277,10 @@ jobs: uses: dtolnay/rust-toolchain@stable with: components: clippy - - run: cargo clippy --package rustls --all-features -- --deny warnings - - run: cargo clippy --package rustls --no-default-features -- --deny warnings - - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features -- --deny warnings - - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features -- --deny warnings + - run: cargo clippy --package rustls --all-features -- --deny warnings --allow unknown-lints + - run: cargo clippy --package rustls --no-default-features -- --deny warnings --allow unknown-lints + - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features -- --deny warnings --allow unknown-lints + - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features -- --deny warnings --allow unknown-lints clippy-nightly: name: Clippy (Nightly) diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 113b64fb51..7cbcbb6bf2 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -952,7 +952,7 @@ struct ExpectFinished { impl ExpectFinished { // -- Waiting for their finished -- - fn save_session(&mut self, cx: &mut ClientContext<'_>) { + fn save_session(&mut self, cx: &ClientContext<'_>) { // Save a ticket. If we got a new ticket, save that. Otherwise, save the // original ticket again. let (mut ticket, lifetime) = match self.ticket.take() { diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 69484d45e9..5f4feb673c 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -598,6 +598,7 @@ mod client_hello { common.send_msg(m, false); } + #[allow(clippy::needless_pass_by_ref_mut)] // cx only mutated if cfg(feature = "quic") fn decide_if_early_data_allowed( cx: &mut ServerContext<'_>, client_hello: &ClientHelloPayload, From e1860c91a8ffa58e0e09e54bf51c683724d97e69 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 9 Feb 2023 14:31:08 +0100 Subject: [PATCH 0022/1145] crypto: parametrize config types with crypto provider --- examples/src/bin/limitedclient.rs | 3 +- examples/src/bin/simple_0rtt_client.rs | 5 +- examples/src/bin/simpleclient.rs | 3 +- examples/src/bin/tlsclient-mio.rs | 10 ++-- examples/src/bin/tlsserver-mio.rs | 7 +-- fuzz/fuzzers/client.rs | 3 +- fuzz/fuzzers/server.rs | 3 +- rustls/examples/internal/bench.rs | 5 +- rustls/examples/internal/bogo_shim.rs | 10 ++-- rustls/src/builder.rs | 45 +++++++++++------ rustls/src/client/builder.rs | 21 ++++---- rustls/src/client/client_conn.rs | 48 ++++++++++++++---- rustls/src/client/hs.rs | 29 +++++------ rustls/src/client/tls12.rs | 70 +++++++++++++------------- rustls/src/client/tls13.rs | 43 ++++++++-------- rustls/src/crypto.rs | 7 +++ rustls/src/lib.rs | 8 +-- rustls/src/quic.rs | 9 ++-- rustls/src/server/builder.rs | 16 +++--- rustls/src/server/hs.rs | 19 +++---- rustls/src/server/server_conn.rs | 58 +++++++++++++++++---- rustls/src/server/tls12.rs | 45 +++++++++-------- rustls/src/server/tls13.rs | 61 +++++++++++----------- rustls/src/versions.rs | 2 +- rustls/tests/api.rs | 70 ++++++++++++++------------ rustls/tests/client_cert_verifier.rs | 3 +- rustls/tests/common/mod.rs | 53 +++++++++---------- 27 files changed, 386 insertions(+), 270 deletions(-) create mode 100644 rustls/src/crypto.rs diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index d95ee937a9..b0b6d99acf 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -6,6 +6,7 @@ use std::sync::Arc; use std::io::{stdout, Read, Write}; use std::net::TcpStream; +use rustls::crypto::Ring; use rustls::OwnedTrustAnchor; fn main() { @@ -23,7 +24,7 @@ fn main() { }), ); - let config = rustls::ClientConfig::builder() + let config = rustls::ClientConfig::::builder() .with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]) .with_kx_groups(&[&rustls::kx_group::X25519]) .with_protocol_versions(&[&rustls::version::TLS13]) diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index c952e90fe9..90ea4f779d 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -3,9 +3,10 @@ use std::sync::Arc; use std::io::{BufRead, BufReader, Write}; use std::net::TcpStream; +use rustls::crypto::{CryptoProvider, Ring}; use rustls::{OwnedTrustAnchor, RootCertStore}; -fn start_connection(config: &Arc, domain_name: &str) { +fn start_connection(config: &Arc>, domain_name: &str) { let server_name = domain_name .try_into() .expect("invalid DNS name"); @@ -71,7 +72,7 @@ fn main() { }), ); - let mut config = rustls::ClientConfig::builder() + let mut config = rustls::ClientConfig::::builder() .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(); diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index 923be184ab..5ef51039ea 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -12,6 +12,7 @@ use std::sync::Arc; use std::io::{stdout, Read, Write}; use std::net::TcpStream; +use rustls::crypto::Ring; use rustls::{OwnedTrustAnchor, RootCertStore}; fn main() { @@ -28,7 +29,7 @@ fn main() { ) }), ); - let config = rustls::ClientConfig::builder() + let config = rustls::ClientConfig::::builder() .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(); diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index ca3c3fc689..7c1a822d2c 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -2,6 +2,8 @@ use std::process; use std::sync::Arc; use mio::net::TcpStream; +use rustls::crypto::CryptoProvider; +use rustls::crypto::Ring; use std::fs; use std::io; @@ -31,7 +33,7 @@ impl TlsClient { fn new( sock: TcpStream, server_name: rustls::ServerName, - cfg: Arc, + cfg: Arc>, ) -> Self { Self { socket: sock, @@ -353,7 +355,7 @@ mod danger { } #[cfg(feature = "dangerous_configuration")] -fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig) { +fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig) { if args.flag_insecure { cfg.dangerous() .set_certificate_verifier(Arc::new(danger::NoCertificateVerification {})); @@ -361,14 +363,14 @@ fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig) { } #[cfg(not(feature = "dangerous_configuration"))] -fn apply_dangerous_options(args: &Args, _: &mut rustls::ClientConfig) { +fn apply_dangerous_options(args: &Args, _: &mut rustls::ClientConfig) { if args.flag_insecure { panic!("This build does not support --insecure."); } } /// Build a `ClientConfig` from our arguments -fn make_config(args: &Args) -> Arc { +fn make_config(args: &Args) -> Arc> { let mut root_store = RootCertStore::empty(); if args.flag_cafile.is_some() { diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 50cd9253ef..18994744c4 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -1,6 +1,7 @@ use std::sync::Arc; use mio::net::{TcpListener, TcpStream}; +use rustls::crypto::Ring; #[macro_use] extern crate log; @@ -45,12 +46,12 @@ struct TlsServer { server: TcpListener, connections: HashMap, next_id: usize, - tls_config: Arc, + tls_config: Arc>, mode: ServerMode, } impl TlsServer { - fn new(server: TcpListener, mode: ServerMode, cfg: Arc) -> Self { + fn new(server: TcpListener, mode: ServerMode, cfg: Arc>) -> Self { Self { server, connections: HashMap::new(), @@ -569,7 +570,7 @@ fn load_crls(filenames: &[String]) -> Vec { .collect() } -fn make_config(args: &Args) -> Arc { +fn make_config(args: &Args) -> Arc> { let client_auth = if args.flag_auth.is_some() { let roots = load_certs(args.flag_auth.as_ref().unwrap()); let mut client_auth_roots = RootCertStore::empty(); diff --git a/fuzz/fuzzers/client.rs b/fuzz/fuzzers/client.rs index 42c931d6e4..a87f3524c2 100644 --- a/fuzz/fuzzers/client.rs +++ b/fuzz/fuzzers/client.rs @@ -4,6 +4,7 @@ extern crate libfuzzer_sys; extern crate rustls; extern crate webpki; +use rustls::crypto::Ring; use rustls::{ClientConfig, ClientConnection, RootCertStore}; use std::io; use std::sync::Arc; @@ -11,7 +12,7 @@ use std::sync::Arc; fuzz_target!(|data: &[u8]| { let root_store = RootCertStore::empty(); let config = Arc::new( - ClientConfig::builder() + ClientConfig::::builder() .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(), diff --git a/fuzz/fuzzers/server.rs b/fuzz/fuzzers/server.rs index 0fe7c1c9ef..5c6aa95e8c 100644 --- a/fuzz/fuzzers/server.rs +++ b/fuzz/fuzzers/server.rs @@ -3,6 +3,7 @@ extern crate libfuzzer_sys; extern crate rustls; +use rustls::crypto::Ring; use rustls::server::ResolvesServerCert; use rustls::{ServerConfig, ServerConnection}; @@ -22,7 +23,7 @@ impl ResolvesServerCert for Fail { fuzz_target!(|data: &[u8]| { let config = Arc::new( - ServerConfig::builder() + ServerConfig::::builder() .with_safe_defaults() .with_no_client_auth() .with_cert_resolver(Arc::new(Fail)), diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index 536e341b46..da8e1e5fdd 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -12,6 +12,7 @@ use std::sync::Arc; use std::time::{Duration, Instant}; use rustls::client::Resumption; +use rustls::crypto::Ring; use rustls::server::{ AllowAnyAuthenticatedClient, NoClientAuth, NoServerSessionStorage, ServerSessionMemoryCache, }; @@ -296,7 +297,7 @@ fn make_server_config( client_auth: ClientAuth, resume: ResumptionParam, max_fragment_size: Option, -) -> ServerConfig { +) -> ServerConfig { let client_auth = match client_auth { ClientAuth::Yes => { let roots = params.key_type.get_chain(); @@ -334,7 +335,7 @@ fn make_client_config( params: &BenchmarkParam, clientauth: ClientAuth, resume: ResumptionParam, -) -> ClientConfig { +) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(fs::File::open(params.key_type.path_for("ca.cert")).unwrap()); diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index f942d82e04..0f6c3bc00b 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -5,6 +5,8 @@ // use rustls::client::{ClientConfig, ClientConnection, Resumption}; +use rustls::crypto::CryptoProvider; +use rustls::crypto::Ring; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist; use rustls::server::{ClientHello, ServerConfig, ServerConnection}; @@ -379,7 +381,7 @@ impl server::StoresServerSessions for ServerCacheWithResumptionDelay { } } -fn make_server_cfg(opts: &Options) -> Arc { +fn make_server_cfg(opts: &Options) -> Arc> { let client_auth = if opts.verify_peer || opts.offer_no_client_cas || opts.require_any_client_cert { Arc::new(DummyClientAuth { @@ -507,7 +509,7 @@ impl client::ClientSessionStore for ClientCacheWithoutKxHints { } } -fn make_client_cfg(opts: &Options) -> Arc { +fn make_client_cfg(opts: &Options) -> Arc> { let kx_groups = if let Some(curves) = &opts.curves { curves .iter() @@ -1193,8 +1195,8 @@ fn main() { fn make_session( opts: &Options, - scfg: &Option>, - ccfg: &Option>, + scfg: &Option>>, + ccfg: &Option>>, ) -> Connection { assert!(opts.quic_transport_params.is_empty()); assert!(opts diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 5c32977fb8..4ec6aed104 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -1,3 +1,4 @@ +use crate::crypto::CryptoProvider; use crate::error::Error; use crate::kx::{SupportedKxGroup, ALL_KX_GROUPS}; use crate::suites::{SupportedCipherSuite, DEFAULT_CIPHER_SUITES}; @@ -20,9 +21,10 @@ use std::marker::PhantomData; /// /// ```no_run /// # use rustls::ServerConfig; +/// # use rustls::crypto::Ring; /// # let certs = vec![]; /// # let private_key = rustls::PrivateKey(vec![]); -/// ServerConfig::builder() +/// ServerConfig::::builder() /// .with_safe_default_cipher_suites() /// .with_safe_default_kx_groups() /// .with_safe_default_protocol_versions() @@ -36,9 +38,10 @@ use std::marker::PhantomData; /// /// ```no_run /// # use rustls::ServerConfig; +/// # use rustls::crypto::Ring; /// # let certs = vec![]; /// # let private_key = rustls::PrivateKey(vec![]); -/// ServerConfig::builder() +/// ServerConfig::::builder() /// .with_safe_defaults() /// .with_no_client_auth() /// .with_single_cert(certs, private_key) @@ -49,10 +52,11 @@ use std::marker::PhantomData; /// /// ```no_run /// # use rustls::ClientConfig; +/// # use rustls::crypto::Ring; /// # let root_certs = rustls::RootCertStore::empty(); /// # let certs = vec![]; /// # let private_key = rustls::PrivateKey(vec![]); -/// ClientConfig::builder() +/// ClientConfig::::builder() /// .with_safe_default_cipher_suites() /// .with_safe_default_kx_groups() /// .with_safe_default_protocol_versions() @@ -66,8 +70,9 @@ use std::marker::PhantomData; /// /// ``` /// # use rustls::ClientConfig; +/// # use rustls::crypto::Ring; /// # let root_certs = rustls::RootCertStore::empty(); -/// ClientConfig::builder() +/// ClientConfig::::builder() /// .with_safe_defaults() /// .with_root_certificates(root_certs) /// .with_no_client_auth(); @@ -102,13 +107,21 @@ pub struct ConfigBuilder { impl fmt::Debug for ConfigBuilder { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { let side_name = std::any::type_name::(); - let side_name = side_name - .split("::") - .last() - .unwrap_or(side_name); - f.debug_struct(&format!("ConfigBuilder<{}, _>", side_name)) - .field("state", &self.state) - .finish() + let (ty, param) = side_name + .split_once('<') + .unwrap_or((side_name, "")); + let (_, name) = ty.rsplit_once("::").unwrap_or(("", ty)); + let (_, param) = param + .rsplit_once("::") + .unwrap_or(("", param)); + + f.debug_struct(&format!( + "ConfigBuilder<{}<{}>, _>", + name, + param.trim_end_matches('>') + )) + .field("state", &self.state) + .finish() } } @@ -258,11 +271,13 @@ pub struct WantsVerifier { /// [`ServerConfig`]: crate::ServerConfig pub trait ConfigSide: sealed::Sealed {} -impl ConfigSide for crate::ClientConfig {} -impl ConfigSide for crate::ServerConfig {} +impl ConfigSide for crate::ClientConfig {} +impl ConfigSide for crate::ServerConfig {} mod sealed { + use crate::crypto::CryptoProvider; + pub trait Sealed {} - impl Sealed for crate::ClientConfig {} - impl Sealed for crate::ServerConfig {} + impl Sealed for crate::ClientConfig {} + impl Sealed for crate::ServerConfig {} } diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 13032f86c2..3b1ac2f02d 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -1,5 +1,7 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; -use crate::client::{handy, ClientConfig, ResolvesClientCert}; +use crate::client::handy; +use crate::client::{ClientConfig, ResolvesClientCert}; +use crate::crypto::CryptoProvider; use crate::error::Error; use crate::key_log::NoKeyLog; use crate::kx::SupportedKxGroup; @@ -12,12 +14,12 @@ use super::client_conn::Resumption; use std::marker::PhantomData; use std::sync::Arc; -impl ConfigBuilder { +impl ConfigBuilder, WantsVerifier> { /// Choose how to verify server certificates. pub fn with_root_certificates( self, root_store: anchors::RootCertStore, - ) -> ConfigBuilder { + ) -> ConfigBuilder, WantsClientCert> { ConfigBuilder { state: WantsClientCert { cipher_suites: self.state.cipher_suites, @@ -34,7 +36,7 @@ impl ConfigBuilder { pub fn with_custom_certificate_verifier( self, verifier: Arc, - ) -> ConfigBuilder { + ) -> ConfigBuilder, WantsClientCert> { ConfigBuilder { state: WantsClientCert { cipher_suites: self.state.cipher_suites, @@ -59,7 +61,7 @@ pub struct WantsClientCert { verifier: Arc, } -impl ConfigBuilder { +impl ConfigBuilder, WantsClientCert> { /// Sets a single certificate chain and matching private key for use /// in client authentication. /// @@ -71,7 +73,7 @@ impl ConfigBuilder { self, cert_chain: Vec, key_der: key::PrivateKey, - ) -> Result { + ) -> Result, Error> { let resolver = handy::AlwaysResolvesClientCert::new(cert_chain, &key_der)?; Ok(self.with_client_cert_resolver(Arc::new(resolver))) } @@ -88,12 +90,12 @@ impl ConfigBuilder { self, cert_chain: Vec, key_der: key::PrivateKey, - ) -> Result { + ) -> Result, Error> { self.with_client_auth_cert(cert_chain, key_der) } /// Do not support client auth. - pub fn with_no_client_auth(self) -> ClientConfig { + pub fn with_no_client_auth(self) -> ClientConfig { self.with_client_cert_resolver(Arc::new(handy::FailResolveClientCert {})) } @@ -101,7 +103,7 @@ impl ConfigBuilder { pub fn with_client_cert_resolver( self, client_auth_cert_resolver: Arc, - ) -> ClientConfig { + ) -> ClientConfig { ClientConfig { cipher_suites: self.state.cipher_suites, kx_groups: self.state.kx_groups, @@ -116,6 +118,7 @@ impl ConfigBuilder { #[cfg(feature = "secret_extraction")] enable_secret_extraction: false, enable_early_data: false, + provider: PhantomData, } } } diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index d8fc18dd41..90670459f1 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -1,6 +1,7 @@ use crate::builder::{ConfigBuilder, WantsCipherSuites}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCommon, ConnectionCore}; +use crate::crypto::CryptoProvider; use crate::dns_name::{DnsName, DnsNameRef, InvalidDnsNameError}; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -121,8 +122,7 @@ pub trait ResolvesClientCert: Send + Sync { /// ids or tickets, with a max of eight tickets per server. /// * [`ClientConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. /// * [`ClientConfig::key_log`]: key material is not logged. -#[derive(Clone)] -pub struct ClientConfig { +pub struct ClientConfig { /// List of ciphersuites, in preference order. pub(super) cipher_suites: Vec, @@ -180,6 +180,8 @@ pub struct ClientConfig { /// /// The default is false. pub enable_early_data: bool, + + pub(crate) provider: PhantomData, } /// What mechanisms to support for resuming a TLS 1.2 session. @@ -198,7 +200,28 @@ pub enum Tls12Resumption { SessionIdOrTickets, } -impl fmt::Debug for ClientConfig { +impl Clone for ClientConfig { + fn clone(&self) -> Self { + Self { + cipher_suites: self.cipher_suites.clone(), + kx_groups: self.kx_groups.clone(), + resumption: self.resumption.clone(), + alpn_protocols: self.alpn_protocols.clone(), + max_fragment_size: self.max_fragment_size, + client_auth_cert_resolver: Arc::clone(&self.client_auth_cert_resolver), + versions: self.versions, + enable_sni: self.enable_sni, + verifier: Arc::clone(&self.verifier), + key_log: Arc::clone(&self.key_log), + #[cfg(feature = "secret_extraction")] + enable_secret_extraction: self.enable_secret_extraction, + enable_early_data: self.enable_early_data, + provider: PhantomData, + } + } +} + +impl fmt::Debug for ClientConfig { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("ClientConfig") .field("alpn_protocols", &self.alpn_protocols) @@ -210,7 +233,7 @@ impl fmt::Debug for ClientConfig { } } -impl ClientConfig { +impl ClientConfig { /// Create a builder to build up the client configuration. /// /// For more information, see the [`ConfigBuilder`] documentation. @@ -235,7 +258,7 @@ impl ClientConfig { /// Access configuration options whose use is dangerous and requires /// extra care. #[cfg(feature = "dangerous_configuration")] - pub fn dangerous(&mut self) -> danger::DangerousClientConfig { + pub fn dangerous(&mut self) -> danger::DangerousClientConfig<'_, C> { danger::DangerousClientConfig { cfg: self } } @@ -399,12 +422,12 @@ pub(super) mod danger { /// Accessor for dangerous configuration options. #[derive(Debug)] #[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] - pub struct DangerousClientConfig<'a> { + pub struct DangerousClientConfig<'a, C> { /// The underlying ClientConfig - pub cfg: &'a mut ClientConfig, + pub cfg: &'a mut ClientConfig, } - impl<'a> DangerousClientConfig<'a> { + impl<'a, C> DangerousClientConfig<'a, C> { /// Overrides the default `ServerCertVerifier` with something else. pub fn set_certificate_verifier(&mut self, verifier: Arc) { self.cfg.verifier = verifier; @@ -542,7 +565,10 @@ impl ClientConnection { /// Make a new ClientConnection. `config` controls how /// we behave in the TLS protocol, `name` is the /// name of the server we want to talk to. - pub fn new(config: Arc, name: ServerName) -> Result { + pub fn new( + config: Arc>, + name: ServerName, + ) -> Result { Ok(Self { inner: ConnectionCore::for_client(config, name, Vec::new(), Protocol::Tcp)?.into(), }) @@ -643,8 +669,8 @@ impl From for crate::Connection { } impl ConnectionCore { - pub(crate) fn for_client( - config: Arc, + pub(crate) fn for_client( + config: Arc>, name: ServerName, extra_exts: Vec, proto: Protocol, diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 3181b91496..0fab58507e 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -3,6 +3,7 @@ use crate::bs_debug; use crate::check::inappropriate_handshake_message; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; +use crate::crypto::CryptoProvider; use crate::enums::{AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHashBuffer; @@ -40,7 +41,7 @@ pub(super) type ClientContext<'a> = crate::common_state::Context<'a, ClientConne fn find_session( server_name: &ServerName, - config: &ClientConfig, + config: &ClientConfig, #[cfg(feature = "quic")] cx: &mut ClientContext<'_>, ) -> Option> { #[allow(clippy::let_and_return, clippy::unnecessary_lazy_evaluations)] @@ -89,7 +90,7 @@ fn find_session( pub(super) fn start_handshake( server_name: ServerName, extra_exts: Vec, - config: Arc, + config: Arc>, cx: &mut ClientContext<'_>, ) -> NextStateOrError { let mut transcript_buffer = HandshakeHashBuffer::new(); @@ -162,21 +163,21 @@ pub(super) fn start_handshake( )) } -struct ExpectServerHello { - input: ClientHelloInput, +struct ExpectServerHello { + input: ClientHelloInput, transcript_buffer: HandshakeHashBuffer, early_key_schedule: Option, offered_key_share: Option, suite: Option, } -struct ExpectServerHelloOrHelloRetryRequest { - next: ExpectServerHello, +struct ExpectServerHelloOrHelloRetryRequest { + next: ExpectServerHello, extra_exts: Vec, } -struct ClientHelloInput { - config: Arc, +struct ClientHelloInput { + config: Arc>, resuming: Option>, random: Random, #[cfg(feature = "tls12")] @@ -193,7 +194,7 @@ fn emit_client_hello_for_retry( key_share: Option, extra_exts: Vec, suite: Option, - mut input: ClientHelloInput, + mut input: ClientHelloInput, cx: &mut ClientContext<'_>, ) -> NextState { let config = &input.config; @@ -375,7 +376,7 @@ fn prepare_resumption<'a>( exts: &mut Vec, suite: Option, cx: &mut ClientContext<'_>, - config: &ClientConfig, + config: &ClientConfig, ) -> Option> { // Check whether we're resuming with a non-empty ticket. let resuming = match resuming { @@ -429,7 +430,7 @@ fn prepare_resumption<'a>( pub(super) fn process_alpn_protocol( common: &mut CommonState, - config: &ClientConfig, + config: &ClientConfig, proto: Option<&[u8]>, ) -> Result<(), Error> { common.alpn_protocol = proto.map(ToOwned::to_owned); @@ -472,7 +473,7 @@ pub(super) fn process_alpn_protocol( Ok(()) } -impl State for ExpectServerHello { +impl State for ExpectServerHello { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> NextStateOrError { let server_hello = require_handshake_msg!(m, HandshakeType::ServerHello, HandshakePayload::ServerHello)?; @@ -665,7 +666,7 @@ impl State for ExpectServerHello { } } -impl ExpectServerHelloOrHelloRetryRequest { +impl ExpectServerHelloOrHelloRetryRequest { fn into_expect_server_hello(self) -> NextState { Box::new(self.next) } @@ -811,7 +812,7 @@ impl ExpectServerHelloOrHelloRetryRequest { } } -impl State for ExpectServerHelloOrHelloRetryRequest { +impl State for ExpectServerHelloOrHelloRetryRequest { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> NextStateOrError { match m.payload { MessagePayload::Handshake { diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 7cbcbb6bf2..e3243c71b5 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -1,6 +1,7 @@ use crate::check::{inappropriate_handshake_message, inappropriate_message}; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; +use crate::crypto::CryptoProvider; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; @@ -39,14 +40,15 @@ use std::sync::Arc; pub(super) use server_hello::CompleteServerHelloHandling; mod server_hello { + use crate::crypto::CryptoProvider; use crate::msgs::enums::ExtensionType; use crate::msgs::handshake::HasServerExtensions; use crate::msgs::handshake::ServerHelloPayload; use super::*; - pub(in crate::client) struct CompleteServerHelloHandling { - pub(in crate::client) config: Arc, + pub(in crate::client) struct CompleteServerHelloHandling { + pub(in crate::client) config: Arc>, pub(in crate::client) resuming_session: Option, pub(in crate::client) server_name: ServerName, pub(in crate::client) randoms: ConnectionRandoms, @@ -54,7 +56,7 @@ mod server_hello { pub(in crate::client) transcript: HandshakeHash, } - impl CompleteServerHelloHandling { + impl CompleteServerHelloHandling { pub(in crate::client) fn handle_server_hello( mut self, cx: &mut ClientContext, @@ -180,8 +182,8 @@ mod server_hello { } } -struct ExpectCertificate { - config: Arc, +struct ExpectCertificate { + config: Arc>, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -193,7 +195,7 @@ struct ExpectCertificate { must_issue_new_ticket: bool, } -impl State for ExpectCertificate { +impl State for ExpectCertificate { fn handle( mut self: Box, _cx: &mut ClientContext<'_>, @@ -238,8 +240,8 @@ impl State for ExpectCertificate { } } -struct ExpectCertificateStatusOrServerKx { - config: Arc, +struct ExpectCertificateStatusOrServerKx { + config: Arc>, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -251,7 +253,7 @@ struct ExpectCertificateStatusOrServerKx { must_issue_new_ticket: bool, } -impl State for ExpectCertificateStatusOrServerKx { +impl State for ExpectCertificateStatusOrServerKx { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { match m.payload { MessagePayload::Handshake { @@ -306,8 +308,8 @@ impl State for ExpectCertificateStatusOrServerKx { } } -struct ExpectCertificateStatus { - config: Arc, +struct ExpectCertificateStatus { + config: Arc>, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -319,7 +321,7 @@ struct ExpectCertificateStatus { must_issue_new_ticket: bool, } -impl State for ExpectCertificateStatus { +impl State for ExpectCertificateStatus { fn handle( mut self: Box, _cx: &mut ClientContext<'_>, @@ -355,8 +357,8 @@ impl State for ExpectCertificateStatus { } } -struct ExpectServerKx { - config: Arc, +struct ExpectServerKx { + config: Arc>, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -368,7 +370,7 @@ struct ExpectServerKx { must_issue_new_ticket: bool, } -impl State for ExpectServerKx { +impl State for ExpectServerKx { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let opaque_kx = require_handshake_msg!( m, @@ -520,8 +522,8 @@ impl ServerKxDetails { // --- Either a CertificateRequest, or a ServerHelloDone. --- // Existence of the CertificateRequest tells us the server is asking for // client auth. Otherwise we go straight to ServerHelloDone. -struct ExpectServerDoneOrCertReq { - config: Arc, +struct ExpectServerDoneOrCertReq { + config: Arc>, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -534,7 +536,7 @@ struct ExpectServerDoneOrCertReq { must_issue_new_ticket: bool, } -impl State for ExpectServerDoneOrCertReq { +impl State for ExpectServerDoneOrCertReq { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { if matches!( m.payload, @@ -582,8 +584,8 @@ impl State for ExpectServerDoneOrCertReq { } } -struct ExpectCertificateRequest { - config: Arc, +struct ExpectCertificateRequest { + config: Arc>, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -596,7 +598,7 @@ struct ExpectCertificateRequest { must_issue_new_ticket: bool, } -impl State for ExpectCertificateRequest { +impl State for ExpectCertificateRequest { fn handle( mut self: Box, _cx: &mut ClientContext<'_>, @@ -643,8 +645,8 @@ impl State for ExpectCertificateRequest { } } -struct ExpectServerDone { - config: Arc, +struct ExpectServerDone { + config: Arc>, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -658,7 +660,7 @@ struct ExpectServerDone { must_issue_new_ticket: bool, } -impl State for ExpectServerDone { +impl State for ExpectServerDone { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { match m.payload { MessagePayload::Handshake { @@ -842,8 +844,8 @@ impl State for ExpectServerDone { } } -struct ExpectNewTicket { - config: Arc, +struct ExpectNewTicket { + config: Arc>, secrets: ConnectionSecrets, resuming_session: Option, session_id: SessionId, @@ -855,7 +857,7 @@ struct ExpectNewTicket { sig_verified: verify::HandshakeSignatureValid, } -impl State for ExpectNewTicket { +impl State for ExpectNewTicket { fn handle( mut self: Box, _cx: &mut ClientContext<'_>, @@ -886,8 +888,8 @@ impl State for ExpectNewTicket { } // -- Waiting for their CCS -- -struct ExpectCcs { - config: Arc, +struct ExpectCcs { + config: Arc>, secrets: ConnectionSecrets, resuming_session: Option, session_id: SessionId, @@ -900,7 +902,7 @@ struct ExpectCcs { sig_verified: verify::HandshakeSignatureValid, } -impl State for ExpectCcs { +impl State for ExpectCcs { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { match m.payload { MessagePayload::ChangeCipherSpec(..) => {} @@ -936,8 +938,8 @@ impl State for ExpectCcs { } } -struct ExpectFinished { - config: Arc, +struct ExpectFinished { + config: Arc>, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -950,7 +952,7 @@ struct ExpectFinished { sig_verified: verify::HandshakeSignatureValid, } -impl ExpectFinished { +impl ExpectFinished { // -- Waiting for their finished -- fn save_session(&mut self, cx: &ClientContext<'_>) { // Save a ticket. If we got a new ticket, save that. Otherwise, save the @@ -1001,7 +1003,7 @@ impl ExpectFinished { } } -impl State for ExpectFinished { +impl State for ExpectFinished { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let mut st = *self; let finished = diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 6fa0ec6da2..f7867e0feb 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -5,6 +5,7 @@ use crate::common_state::Protocol; use crate::common_state::Side; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; +use crate::crypto::CryptoProvider; use crate::enums::{ AlertDescription, ContentType, HandshakeType, ProtocolVersion, SignatureScheme, }; @@ -63,7 +64,7 @@ static DISALLOWED_TLS13_EXTS: &[ExtensionType] = &[ ]; pub(super) fn handle_server_hello( - config: Arc, + config: Arc>, cx: &mut ClientContext, server_hello: &ServerHelloPayload, mut resuming_session: Option, @@ -202,7 +203,7 @@ fn validate_server_hello( } pub(super) fn initial_key_share( - config: &ClientConfig, + config: &ClientConfig, server_name: &ServerName, ) -> Result { let group = config @@ -249,7 +250,7 @@ pub(super) fn fill_in_psk_binder( } pub(super) fn prepare_resumption( - config: &ClientConfig, + config: &ClientConfig, cx: &mut ClientContext<'_>, resuming_session: &persist::Retrieved<&persist::Tls13ClientSessionValue>, exts: &mut Vec, @@ -360,8 +361,8 @@ fn validate_encrypted_extensions( Ok(()) } -struct ExpectEncryptedExtensions { - config: Arc, +struct ExpectEncryptedExtensions { + config: Arc>, resuming_session: Option, server_name: ServerName, randoms: ConnectionRandoms, @@ -371,7 +372,7 @@ struct ExpectEncryptedExtensions { hello: ClientHelloDetails, } -impl State for ExpectEncryptedExtensions { +impl State for ExpectEncryptedExtensions { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let exts = require_handshake_msg!( m, @@ -453,8 +454,8 @@ impl State for ExpectEncryptedExtensions { } } -struct ExpectCertificateOrCertReq { - config: Arc, +struct ExpectCertificateOrCertReq { + config: Arc>, server_name: ServerName, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -462,7 +463,7 @@ struct ExpectCertificateOrCertReq { key_schedule: KeyScheduleHandshake, } -impl State for ExpectCertificateOrCertReq { +impl State for ExpectCertificateOrCertReq { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { match m.payload { MessagePayload::Handshake { @@ -513,8 +514,8 @@ impl State for ExpectCertificateOrCertReq { // TLS1.3 version of CertificateRequest handling. We then move to expecting the server // Certificate. Unfortunately the CertificateRequest type changed in an annoying way // in TLS1.3. -struct ExpectCertificateRequest { - config: Arc, +struct ExpectCertificateRequest { + config: Arc>, server_name: ServerName, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -522,7 +523,7 @@ struct ExpectCertificateRequest { key_schedule: KeyScheduleHandshake, } -impl State for ExpectCertificateRequest { +impl State for ExpectCertificateRequest { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let certreq = &require_handshake_msg!( m, @@ -582,8 +583,8 @@ impl State for ExpectCertificateRequest { } } -struct ExpectCertificate { - config: Arc, +struct ExpectCertificate { + config: Arc>, server_name: ServerName, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -592,7 +593,7 @@ struct ExpectCertificate { client_auth: Option, } -impl State for ExpectCertificate { +impl State for ExpectCertificate { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let cert_chain = require_handshake_msg!( m, @@ -635,8 +636,8 @@ impl State for ExpectCertificate { } // --- TLS1.3 CertificateVerify --- -struct ExpectCertificateVerify { - config: Arc, +struct ExpectCertificateVerify { + config: Arc>, server_name: ServerName, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -646,7 +647,7 @@ struct ExpectCertificateVerify { client_auth: Option, } -impl State for ExpectCertificateVerify { +impl State for ExpectCertificateVerify { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let cert_verify = require_handshake_msg!( m, @@ -802,8 +803,8 @@ fn emit_end_of_early_data_tls13(transcript: &mut HandshakeHash, common: &mut Com common.send_msg(m, true); } -struct ExpectFinished { - config: Arc, +struct ExpectFinished { + config: Arc>, server_name: ServerName, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -814,7 +815,7 @@ struct ExpectFinished { sig_verified: verify::HandshakeSignatureValid, } -impl State for ExpectFinished { +impl State for ExpectFinished { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let mut st = *self; let finished = diff --git a/rustls/src/crypto.rs b/rustls/src/crypto.rs new file mode 100644 index 0000000000..408c161466 --- /dev/null +++ b/rustls/src/crypto.rs @@ -0,0 +1,7 @@ +/// Pluggable crypto galore. +pub trait CryptoProvider: Send + Sync + 'static {} + +/// Default crypto provider. +pub struct Ring; + +impl CryptoProvider for Ring {} diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index a42de493ca..ab35b2abfc 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -122,7 +122,7 @@ //! //! ```rust,no_run //! # let root_store: rustls::RootCertStore = panic!(); -//! let config = rustls::ClientConfig::builder() +//! let config = rustls::ClientConfig::::builder() //! .with_safe_defaults() //! .with_root_certificates(root_store) //! .with_no_client_auth(); @@ -148,7 +148,7 @@ //! # ) //! # }) //! # ); -//! # let config = rustls::ClientConfig::builder() +//! # let config = rustls::ClientConfig::::builder() //! # .with_safe_defaults() //! # .with_root_certificates(root_store) //! # .with_no_client_auth(); @@ -181,7 +181,7 @@ //! errors. //! //! ```rust,no_run -//! # let mut client = rustls::ClientConnection::new(panic!(), panic!()).unwrap(); +//! # let mut client = rustls::ClientConnection::new::(panic!(), panic!()).unwrap(); //! # struct Socket { } //! # impl Socket { //! # fn ready_for_write(&self) -> bool { false } @@ -326,6 +326,8 @@ mod anchors; mod cipher; mod common_state; mod conn; +/// Crypto provider interface. +pub mod crypto; mod dns_name; mod error; mod hash_hs; diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 1c893bb865..3ad0426cb6 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -3,6 +3,7 @@ use crate::cipher::{Iv, IvLen}; use crate::client::{ClientConfig, ClientConnectionData, ServerName}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, SideData}; +use crate::crypto::CryptoProvider; use crate::enums::{AlertDescription, ProtocolVersion}; use crate::error::Error; use crate::msgs::handshake::{ClientExtension, ServerExtension}; @@ -138,8 +139,8 @@ impl ClientConnection { /// Make a new QUIC ClientConnection. This differs from `ClientConnection::new()` /// in that it takes an extra argument, `params`, which contains the /// TLS-encoded transport parameters to send. - pub fn new( - config: Arc, + pub fn new( + config: Arc>, quic_version: Version, name: ServerName, params: Vec, @@ -208,8 +209,8 @@ impl ServerConnection { /// Make a new QUIC ServerConnection. This differs from `ServerConnection::new()` /// in that it takes an extra argument, `params`, which contains the /// TLS-encoded transport parameters to send. - pub fn new( - config: Arc, + pub fn new( + config: Arc>, quic_version: Version, params: Vec, ) -> Result { diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index d499f4a557..49fd6cd323 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -1,4 +1,5 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; +use crate::crypto::CryptoProvider; use crate::error::Error; use crate::key; use crate::kx::SupportedKxGroup; @@ -12,12 +13,12 @@ use crate::NoKeyLog; use std::marker::PhantomData; use std::sync::Arc; -impl ConfigBuilder { +impl ConfigBuilder, WantsVerifier> { /// Choose how to verify client certificates. pub fn with_client_cert_verifier( self, client_cert_verifier: Arc, - ) -> ConfigBuilder { + ) -> ConfigBuilder, WantsServerCert> { ConfigBuilder { state: WantsServerCert { cipher_suites: self.state.cipher_suites, @@ -30,7 +31,7 @@ impl ConfigBuilder { } /// Disable client authentication. - pub fn with_no_client_auth(self) -> ConfigBuilder { + pub fn with_no_client_auth(self) -> ConfigBuilder, WantsServerCert> { self.with_client_cert_verifier(verify::NoClientAuth::boxed()) } } @@ -47,7 +48,7 @@ pub struct WantsServerCert { verifier: Arc, } -impl ConfigBuilder { +impl ConfigBuilder, WantsServerCert> { /// Sets a single certificate chain and matching private key. This /// certificate and key is used for all subsequent connections, /// irrespective of things like SNI hostname. @@ -65,7 +66,7 @@ impl ConfigBuilder { self, cert_chain: Vec, key_der: key::PrivateKey, - ) -> Result { + ) -> Result, Error> { let resolver = handy::AlwaysResolvesChain::new(cert_chain, &key_der)?; Ok(self.with_cert_resolver(Arc::new(resolver))) } @@ -84,13 +85,13 @@ impl ConfigBuilder { cert_chain: Vec, key_der: key::PrivateKey, ocsp: Vec, - ) -> Result { + ) -> Result, Error> { let resolver = handy::AlwaysResolvesChain::new_with_extras(cert_chain, &key_der, ocsp)?; Ok(self.with_cert_resolver(Arc::new(resolver))) } /// Sets a custom [`ResolvesServerCert`]. - pub fn with_cert_resolver(self, cert_resolver: Arc) -> ServerConfig { + pub fn with_cert_resolver(self, cert_resolver: Arc) -> ServerConfig { ServerConfig { cipher_suites: self.state.cipher_suites, kx_groups: self.state.kx_groups, @@ -108,6 +109,7 @@ impl ConfigBuilder { max_early_data_size: 0, send_half_rtt_data: false, send_tls13_tickets: 4, + provider: PhantomData, } } } diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 6d5afd2084..ebb1e4266a 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -1,5 +1,6 @@ use crate::common_state::State; use crate::conn::ConnectionRandoms; +use crate::crypto::CryptoProvider; use crate::dns_name::DnsName; #[cfg(feature = "tls12")] use crate::enums::CipherSuite; @@ -62,9 +63,9 @@ impl ExtensionProcessing { Default::default() } - pub(super) fn process_common( + pub(super) fn process_common( &mut self, - config: &ServerConfig, + config: &ServerConfig, cx: &mut ServerContext<'_>, ocsp_response: &mut Option<&[u8]>, hello: &ClientHelloPayload, @@ -161,9 +162,9 @@ impl ExtensionProcessing { } #[cfg(feature = "tls12")] - pub(super) fn process_tls12( + pub(super) fn process_tls12( &mut self, - config: &ServerConfig, + config: &ServerConfig, hello: &ClientHelloPayload, using_ems: bool, ) { @@ -202,8 +203,8 @@ impl ExtensionProcessing { } } -pub(super) struct ExpectClientHello { - pub(super) config: Arc, +pub(super) struct ExpectClientHello { + pub(super) config: Arc>, pub(super) extra_exts: Vec, pub(super) transcript: HandshakeHashOrBuffer, #[cfg(feature = "tls12")] @@ -214,8 +215,8 @@ pub(super) struct ExpectClientHello { pub(super) send_tickets: usize, } -impl ExpectClientHello { - pub(super) fn new(config: Arc, extra_exts: Vec) -> Self { +impl ExpectClientHello { + pub(super) fn new(config: Arc>, extra_exts: Vec) -> Self { let mut transcript_buffer = HandshakeHashBuffer::new(); if config.verifier.offer_client_auth() { @@ -410,7 +411,7 @@ impl ExpectClientHello { } } -impl State for ExpectClientHello { +impl State for ExpectClientHello { fn handle(self: Box, cx: &mut ServerContext<'_>, m: Message) -> NextStateOrError { let (client_hello, sig_schemes) = process_client_hello(&m, self.done_retry, cx)?; self.with_certified_key(sig_schemes, client_hello, &m, cx) diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index d166024bff..6b75479807 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,6 +1,7 @@ use crate::builder::{ConfigBuilder, WantsCipherSuites}; use crate::common_state::{CommonState, Context, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore}; +use crate::crypto::CryptoProvider; use crate::dns_name::DnsName; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -196,8 +197,7 @@ impl<'a> ClientHello<'a> { /// * [`ServerConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. /// * [`ServerConfig::key_log`]: key material is not logged. /// * [`ServerConfig::send_tls13_tickets`]: 4 tickets are sent. -#[derive(Clone)] -pub struct ServerConfig { +pub struct ServerConfig { /// List of ciphersuites, in preference order. pub(super) cipher_suites: Vec, @@ -296,9 +296,36 @@ pub struct ServerConfig { /// If this is 0, no tickets are sent and clients will not be able to /// do any resumption. pub send_tls13_tickets: usize, + + pub(crate) provider: PhantomData, +} + +// Avoid a `Clone` bound on `C`. +impl Clone for ServerConfig { + fn clone(&self) -> Self { + Self { + cipher_suites: self.cipher_suites.clone(), + kx_groups: self.kx_groups.clone(), + ignore_client_order: self.ignore_client_order, + max_fragment_size: self.max_fragment_size, + session_storage: Arc::clone(&self.session_storage), + ticketer: Arc::clone(&self.ticketer), + cert_resolver: Arc::clone(&self.cert_resolver), + alpn_protocols: self.alpn_protocols.clone(), + versions: self.versions, + verifier: Arc::clone(&self.verifier), + key_log: Arc::clone(&self.key_log), + #[cfg(feature = "secret_extraction")] + enable_secret_extraction: self.enable_secret_extraction, + max_early_data_size: self.max_early_data_size, + send_half_rtt_data: self.send_half_rtt_data, + send_tls13_tickets: self.send_tls13_tickets, + provider: PhantomData, + } + } } -impl fmt::Debug for ServerConfig { +impl fmt::Debug for ServerConfig { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("ServerConfig") .field("ignore_client_order", &self.ignore_client_order) @@ -311,7 +338,7 @@ impl fmt::Debug for ServerConfig { } } -impl ServerConfig { +impl ServerConfig { /// Create builder to build up the server configuration. /// /// For more information, see the [`ConfigBuilder`] documentation. @@ -371,7 +398,13 @@ pub struct ServerConnection { impl ServerConnection { /// Make a new ServerConnection. `config` controls how /// we behave in the TLS protocol. - pub fn new(config: Arc) -> Result { + pub fn new(config: Arc>) -> Result { + let mut common = CommonState::new(Side::Server); + common.set_max_fragment_size(config.max_fragment_size)?; + #[cfg(feature = "secret_extraction")] + { + common.enable_secret_extraction = config.enable_secret_extraction; + } Ok(Self { inner: ConnectionCommon::from(ConnectionCore::for_server(config, Vec::new())?), }) @@ -501,9 +534,9 @@ impl From for crate::Connection { /// # Example /// /// ```no_run -/// # fn choose_server_config( +/// # fn choose_server_config( /// # _: rustls::server::ClientHello, -/// # ) -> std::sync::Arc { +/// # ) -> std::sync::Arc> { /// # unimplemented!(); /// # } /// # #[allow(unused_variables)] @@ -521,7 +554,7 @@ impl From for crate::Connection { /// }; /// /// // For some user-defined choose_server_config: -/// let config = choose_server_config(accepted.client_hello()); +/// let config = choose_server_config::(accepted.client_hello()); /// let conn = accepted /// .into_connection(config) /// .unwrap(); @@ -629,7 +662,10 @@ impl Accepted { /// Takes the state returned from [`Acceptor::accept()`] as well as the [`ServerConfig`] and /// [`sign::CertifiedKey`] that should be used for the session. Returns an error if /// configuration-dependent validation of the received `ClientHello` message fails. - pub fn into_connection(mut self, config: Arc) -> Result { + pub fn into_connection( + mut self, + config: Arc>, + ) -> Result { self.connection .set_max_fragment_size(config.max_fragment_size)?; @@ -757,8 +793,8 @@ fn test_read_buf_in_new_state() { } impl ConnectionCore { - pub(crate) fn for_server( - config: Arc, + pub(crate) fn for_server( + config: Arc>, extra_exts: Vec, ) -> Result { let mut common = CommonState::new(Side::Server); diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index b0f01e38e4..d597637348 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -1,6 +1,7 @@ use crate::check::inappropriate_message; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; +use crate::crypto::CryptoProvider; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; @@ -45,8 +46,8 @@ mod client_hello { use super::*; - pub(in crate::server) struct CompleteClientHelloHandling { - pub(in crate::server) config: Arc, + pub(in crate::server) struct CompleteClientHelloHandling { + pub(in crate::server) config: Arc>, pub(in crate::server) transcript: HandshakeHash, pub(in crate::server) session_id: SessionId, pub(in crate::server) suite: &'static Tls12CipherSuite, @@ -56,7 +57,7 @@ mod client_hello { pub(in crate::server) extra_exts: Vec, } - impl CompleteClientHelloHandling { + impl CompleteClientHelloHandling { pub(in crate::server) fn handle_client_hello( mut self, cx: &mut ServerContext<'_>, @@ -328,8 +329,8 @@ mod client_hello { } } - fn emit_server_hello( - config: &ServerConfig, + fn emit_server_hello( + config: &ServerConfig, transcript: &mut HandshakeHash, cx: &mut ServerContext<'_>, session_id: SessionId, @@ -438,8 +439,8 @@ mod client_hello { Ok(kx) } - fn emit_certificate_req( - config: &ServerConfig, + fn emit_certificate_req( + config: &ServerConfig, transcript: &mut HandshakeHash, cx: &mut ServerContext<'_>, ) -> Result { @@ -494,8 +495,8 @@ mod client_hello { } // --- Process client's Certificate for client auth --- -struct ExpectCertificate { - config: Arc, +struct ExpectCertificate { + config: Arc>, transcript: HandshakeHash, randoms: ConnectionRandoms, session_id: SessionId, @@ -505,7 +506,7 @@ struct ExpectCertificate { send_ticket: bool, } -impl State for ExpectCertificate { +impl State for ExpectCertificate { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { self.transcript.add_message(&m); let cert_chain = require_handshake_msg_move!( @@ -563,8 +564,8 @@ impl State for ExpectCertificate { } // --- Process client's KeyExchange --- -struct ExpectClientKx { - config: Arc, +struct ExpectClientKx { + config: Arc>, transcript: HandshakeHash, randoms: ConnectionRandoms, session_id: SessionId, @@ -575,7 +576,7 @@ struct ExpectClientKx { send_ticket: bool, } -impl State for ExpectClientKx { +impl State for ExpectClientKx { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { let client_kx = require_handshake_msg!( m, @@ -632,8 +633,8 @@ impl State for ExpectClientKx { } // --- Process client's certificate proof --- -struct ExpectCertificateVerify { - config: Arc, +struct ExpectCertificateVerify { + config: Arc>, secrets: ConnectionSecrets, transcript: HandshakeHash, session_id: SessionId, @@ -642,7 +643,7 @@ struct ExpectCertificateVerify { send_ticket: bool, } -impl State for ExpectCertificateVerify { +impl State for ExpectCertificateVerify { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { let rc = { let sig = require_handshake_msg!( @@ -695,8 +696,8 @@ impl State for ExpectCertificateVerify { } // --- Process client's ChangeCipherSpec --- -struct ExpectCcs { - config: Arc, +struct ExpectCcs { + config: Arc>, secrets: ConnectionSecrets, transcript: HandshakeHash, session_id: SessionId, @@ -705,7 +706,7 @@ struct ExpectCcs { send_ticket: bool, } -impl State for ExpectCcs { +impl State for ExpectCcs { fn handle(self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { match m.payload { MessagePayload::ChangeCipherSpec(..) => {} @@ -828,8 +829,8 @@ fn emit_finished( common.send_msg(f, true); } -struct ExpectFinished { - config: Arc, +struct ExpectFinished { + config: Arc>, secrets: ConnectionSecrets, transcript: HandshakeHash, session_id: SessionId, @@ -838,7 +839,7 @@ struct ExpectFinished { send_ticket: bool, } -impl State for ExpectFinished { +impl State for ExpectFinished { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { let finished = require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?; diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 5f4feb673c..69116367ec 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -7,6 +7,7 @@ use crate::common_state::Protocol; use crate::common_state::Side; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; +use crate::crypto::CryptoProvider; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; @@ -76,8 +77,8 @@ mod client_hello { Accepted, } - pub(in crate::server) struct CompleteClientHelloHandling { - pub(in crate::server) config: Arc, + pub(in crate::server) struct CompleteClientHelloHandling { + pub(in crate::server) config: Arc>, pub(in crate::server) transcript: HandshakeHash, pub(in crate::server) suite: &'static Tls13CipherSuite, pub(in crate::server) randoms: ConnectionRandoms, @@ -101,7 +102,7 @@ mod client_hello { } } - impl CompleteClientHelloHandling { + impl CompleteClientHelloHandling { fn check_binder( &self, suite: &'static Tls13CipherSuite, @@ -473,7 +474,7 @@ mod client_hello { } } - fn emit_server_hello( + fn emit_server_hello( transcript: &mut HandshakeHash, randoms: &ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -482,7 +483,7 @@ mod client_hello { share: &KeyShareEntry, chosen_psk_idx: Option, resuming_psk: Option<&[u8]>, - config: &ServerConfig, + config: &ServerConfig, ) -> Result { let mut extensions = Vec::new(); @@ -599,12 +600,12 @@ mod client_hello { } #[allow(clippy::needless_pass_by_ref_mut)] // cx only mutated if cfg(feature = "quic") - fn decide_if_early_data_allowed( + fn decide_if_early_data_allowed( cx: &mut ServerContext<'_>, client_hello: &ClientHelloPayload, resumedata: Option<&persist::ServerSessionValue>, suite: &'static Tls13CipherSuite, - config: &ServerConfig, + config: &ServerConfig, ) -> EarlyDataDecision { let early_data_requested = client_hello.early_data_extension_offered(); let rejected_or_disabled = match early_data_requested { @@ -659,7 +660,7 @@ mod client_hello { } } - fn emit_encrypted_extensions( + fn emit_encrypted_extensions( transcript: &mut HandshakeHash, suite: &'static Tls13CipherSuite, cx: &mut ServerContext<'_>, @@ -667,7 +668,7 @@ mod client_hello { hello: &ClientHelloPayload, resumedata: Option<&persist::ServerSessionValue>, extra_exts: Vec, - config: &ServerConfig, + config: &ServerConfig, ) -> Result { let mut ep = hs::ExtensionProcessing::new(); ep.process_common(config, cx, ocsp_response, hello, resumedata, extra_exts)?; @@ -691,10 +692,10 @@ mod client_hello { Ok(early_data) } - fn emit_certificate_req_tls13( + fn emit_certificate_req_tls13( transcript: &mut HandshakeHash, cx: &mut ServerContext<'_>, - config: &ServerConfig, + config: &ServerConfig, ) -> Result { if !config.verifier.offer_client_auth() { return Ok(false); @@ -812,12 +813,12 @@ mod client_hello { Ok(()) } - fn emit_finished_tls13( + fn emit_finished_tls13( transcript: &mut HandshakeHash, randoms: &ConnectionRandoms, cx: &mut ServerContext<'_>, key_schedule: KeyScheduleHandshake, - config: &ServerConfig, + config: &ServerConfig, ) -> KeyScheduleTrafficWithClientFinishedPending { let handshake_hash = transcript.get_current_hash(); let verify_data = key_schedule.sign_server_finish(&handshake_hash); @@ -847,12 +848,12 @@ mod client_hello { } } -struct ExpectAndSkipRejectedEarlyData { +struct ExpectAndSkipRejectedEarlyData { skip_data_left: usize, - next: Box, + next: Box>, } -impl State for ExpectAndSkipRejectedEarlyData { +impl State for ExpectAndSkipRejectedEarlyData { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { /* "The server then ignores early data by skipping all records with an external * content type of "application_data" (indicating that they are encrypted), @@ -869,15 +870,15 @@ impl State for ExpectAndSkipRejectedEarlyData { } } -struct ExpectCertificate { - config: Arc, +struct ExpectCertificate { + config: Arc>, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, key_schedule: KeyScheduleTrafficWithClientFinishedPending, send_tickets: usize, } -impl State for ExpectCertificate { +impl State for ExpectCertificate { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { let certp = require_handshake_msg!( m, @@ -941,8 +942,8 @@ impl State for ExpectCertificate { } } -struct ExpectCertificateVerify { - config: Arc, +struct ExpectCertificateVerify { + config: Arc>, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, key_schedule: KeyScheduleTrafficWithClientFinishedPending, @@ -950,7 +951,7 @@ struct ExpectCertificateVerify { send_tickets: usize, } -impl State for ExpectCertificateVerify { +impl State for ExpectCertificateVerify { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { let rc = { let sig = require_handshake_msg!( @@ -991,15 +992,15 @@ impl State for ExpectCertificateVerify { // --- Process (any number of) early ApplicationData messages, // followed by a terminating handshake EndOfEarlyData message --- -struct ExpectEarlyData { - config: Arc, +struct ExpectEarlyData { + config: Arc>, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, key_schedule: KeyScheduleTrafficWithClientFinishedPending, send_tickets: usize, } -impl State for ExpectEarlyData { +impl State for ExpectEarlyData { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { match m.payload { MessagePayload::ApplicationData(payload) => { @@ -1072,21 +1073,21 @@ fn get_server_session_value( ) } -struct ExpectFinished { - config: Arc, +struct ExpectFinished { + config: Arc>, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, key_schedule: KeyScheduleTrafficWithClientFinishedPending, send_tickets: usize, } -impl ExpectFinished { +impl ExpectFinished { fn emit_ticket( transcript: &HandshakeHash, suite: &'static Tls13CipherSuite, cx: &mut ServerContext<'_>, key_schedule: &KeyScheduleTraffic, - config: &ServerConfig, + config: &ServerConfig, ) -> Result<(), Error> { let nonce = rand::random_vec(32)?; let now = ticketer::TimeBase::now()?; @@ -1145,7 +1146,7 @@ impl ExpectFinished { } } -impl State for ExpectFinished { +impl State for ExpectFinished { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { let finished = require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?; diff --git a/rustls/src/versions.rs b/rustls/src/versions.rs index 68f6e2a752..f2b19e21a3 100644 --- a/rustls/src/versions.rs +++ b/rustls/src/versions.rs @@ -47,7 +47,7 @@ pub static ALL_VERSIONS: &[&SupportedProtocolVersion] = &[ /// versions. pub static DEFAULT_VERSIONS: &[&SupportedProtocolVersion] = ALL_VERSIONS; -#[derive(Clone)] +#[derive(Clone, Copy)] pub(crate) struct EnabledVersions { #[cfg(feature = "tls12")] tls12: Option<&'static SupportedProtocolVersion>, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 5632689a06..2f599deb50 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -10,6 +10,7 @@ use std::sync::Arc; use std::sync::Mutex; use rustls::client::{ResolvesClientCert, Resumption}; +use rustls::crypto::{CryptoProvider, Ring}; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::server::{AllowAnyAnonymousOrAuthenticatedClient, ClientHello, ResolvesServerCert}; @@ -215,7 +216,7 @@ fn check_read_buf_err(reader: &mut dyn io::Read, err_kind: io::ErrorKind) { #[test] fn config_builder_for_client_rejects_empty_kx_groups() { assert_eq!( - ClientConfig::builder() + ClientConfig::::builder() .with_safe_default_cipher_suites() .with_kx_groups(&[]) .with_safe_default_protocol_versions() @@ -227,7 +228,7 @@ fn config_builder_for_client_rejects_empty_kx_groups() { #[test] fn config_builder_for_client_rejects_empty_cipher_suites() { assert_eq!( - ClientConfig::builder() + ClientConfig::::builder() .with_cipher_suites(&[]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -240,7 +241,7 @@ fn config_builder_for_client_rejects_empty_cipher_suites() { #[test] fn config_builder_for_client_rejects_incompatible_cipher_suites() { assert_eq!( - ClientConfig::builder() + ClientConfig::::builder() .with_cipher_suites(&[rustls::cipher_suite::TLS13_AES_256_GCM_SHA384]) .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) @@ -252,7 +253,7 @@ fn config_builder_for_client_rejects_incompatible_cipher_suites() { #[test] fn config_builder_for_server_rejects_empty_kx_groups() { assert_eq!( - ServerConfig::builder() + ServerConfig::::builder() .with_safe_default_cipher_suites() .with_kx_groups(&[]) .with_safe_default_protocol_versions() @@ -264,7 +265,7 @@ fn config_builder_for_server_rejects_empty_kx_groups() { #[test] fn config_builder_for_server_rejects_empty_cipher_suites() { assert_eq!( - ServerConfig::builder() + ServerConfig::::builder() .with_cipher_suites(&[]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -277,7 +278,7 @@ fn config_builder_for_server_rejects_empty_cipher_suites() { #[test] fn config_builder_for_server_rejects_incompatible_cipher_suites() { assert_eq!( - ServerConfig::builder() + ServerConfig::::builder() .with_cipher_suites(&[rustls::cipher_suite::TLS13_AES_256_GCM_SHA384]) .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) @@ -439,34 +440,34 @@ fn server_can_get_client_cert_after_resumption() { #[test] fn test_config_builders_debug() { - let b = ServerConfig::builder(); + let b = ServerConfig::::builder(); assert_eq!( - "ConfigBuilder { state: WantsCipherSuites(()) }", + "ConfigBuilder, _> { state: WantsCipherSuites(()) }", format!("{:?}", b) ); let b = b.with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); - assert_eq!("ConfigBuilder { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256] } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder, _> { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256] } }", format!("{:?}", b)); let b = b.with_kx_groups(&[&rustls::kx_group::X25519]); - assert_eq!("ConfigBuilder { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519] } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder, _> { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519] } }", format!("{:?}", b)); let b = b .with_protocol_versions(&[&rustls::version::TLS13]) .unwrap(); let b = b.with_no_client_auth(); - assert_eq!("ConfigBuilder { state: WantsServerCert { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], versions: [TLSv1_3], verifier: dyn ClientCertVerifier } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder, _> { state: WantsServerCert { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], versions: [TLSv1_3], verifier: dyn ClientCertVerifier } }", format!("{:?}", b)); - let b = ClientConfig::builder(); + let b = ClientConfig::::builder(); assert_eq!( - "ConfigBuilder { state: WantsCipherSuites(()) }", + "ConfigBuilder, _> { state: WantsCipherSuites(()) }", format!("{:?}", b) ); let b = b.with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); - assert_eq!("ConfigBuilder { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256] } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder, _> { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256] } }", format!("{:?}", b)); let b = b.with_kx_groups(&[&rustls::kx_group::X25519]); - assert_eq!("ConfigBuilder { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519] } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder, _> { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519] } }", format!("{:?}", b)); let b = b .with_protocol_versions(&[&rustls::version::TLS13]) .unwrap(); - assert_eq!("ConfigBuilder { state: WantsVerifier { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], versions: [TLSv1_3] } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder, _> { state: WantsVerifier { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], versions: [TLSv1_3] } }", format!("{:?}", b)); } /// Test that the server handles combination of `offer_client_auth()` returning true @@ -481,7 +482,7 @@ fn server_allow_any_anonymous_or_authenticated_client() { let client_auth_roots = get_client_root_store(kt); let client_auth = AllowAnyAnonymousOrAuthenticatedClient::new(client_auth_roots); - let server_config = ServerConfig::builder() + let server_config = ServerConfig::::builder() .with_safe_defaults() .with_client_cert_verifier(Arc::new(client_auth)) .with_single_cert(kt.get_chain(), kt.get_key()) @@ -807,7 +808,7 @@ fn check_sigalgs_reduced_by_ciphersuite( ) { let client_config = finish_client_config( kt, - ClientConfig::builder() + ClientConfig::::builder() .with_cipher_suites(&[find_suite(suite)]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -921,8 +922,8 @@ fn client_checks_server_certificate_with_given_name() { #[test] fn client_checks_server_certificate_with_given_ip_address() { fn check_server_name( - client_config: Arc, - server_config: Arc, + client_config: Arc>, + server_config: Arc>, name: &'static str, ) -> Result<(), ErrorFromPeer> { let mut client = ClientConnection::new(client_config, server_name(name)).unwrap(); @@ -1843,7 +1844,7 @@ fn stream_write_swallows_underlying_io_error_after_plaintext_processed() { assert_eq!(format!("{:?}", rc), "Ok(5)"); } -fn make_disjoint_suite_configs() -> (ClientConfig, ServerConfig) { +fn make_disjoint_suite_configs() -> (ClientConfig, ServerConfig) { let kt = KeyType::Rsa; let server_config = finish_server_config( kt, @@ -2211,7 +2212,10 @@ fn sni_resolver_rejects_bad_certs() { ); } -fn do_exporter_test(client_config: ClientConfig, server_config: ServerConfig) { +fn do_exporter_test( + client_config: ClientConfig, + server_config: ServerConfig, +) { let mut client_secret = [0u8; 64]; let mut server_secret = [0u8; 64]; @@ -2267,8 +2271,8 @@ fn test_tls13_exporter() { } fn do_suite_test( - client_config: ClientConfig, - server_config: ServerConfig, + client_config: ClientConfig, + server_config: ServerConfig, expect_suite: SupportedCipherSuite, expect_version: ProtocolVersion, ) { @@ -2403,7 +2407,7 @@ fn negotiated_ciphersuite_client() { let scs = find_suite(suite); let client_config = finish_client_config( kt, - ClientConfig::builder() + ClientConfig::::builder() .with_cipher_suites(&[scs]) .with_safe_default_kx_groups() .with_protocol_versions(&[version]) @@ -2421,7 +2425,7 @@ fn negotiated_ciphersuite_server() { let scs = find_suite(suite); let server_config = finish_server_config( kt, - ServerConfig::builder() + ServerConfig::::builder() .with_cipher_suites(&[scs]) .with_safe_default_kx_groups() .with_protocol_versions(&[version]) @@ -2676,7 +2680,7 @@ fn vectored_write_for_server_handshake_with_half_rtt_data() { check_read(&mut client.reader(), b"012345678901234567890123456789"); } -fn check_half_rtt_does_not_work(server_config: ServerConfig) { +fn check_half_rtt_does_not_work(server_config: ServerConfig) { let (mut client, mut server) = make_pair_for_configs(make_client_config_with_auth(KeyType::Rsa), server_config); @@ -3108,7 +3112,7 @@ fn early_data_not_available() { assert!(client.early_data().is_none()); } -fn early_data_configs() -> (Arc, Arc) { +fn early_data_configs() -> (Arc>, Arc>) { let kt = KeyType::Rsa; let mut client_config = make_client_config(kt); client_config.enable_early_data = true; @@ -4379,7 +4383,7 @@ fn test_client_tls12_no_resume_after_server_downgrade() { let server_config_1 = Arc::new(common::finish_server_config( KeyType::Ed25519, - ServerConfig::builder() + ServerConfig::::builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS13]) @@ -4388,7 +4392,7 @@ fn test_client_tls12_no_resume_after_server_downgrade() { let mut server_config_2 = common::finish_server_config( KeyType::Ed25519, - ServerConfig::builder() + ServerConfig::::builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) @@ -4627,7 +4631,7 @@ fn test_secret_extraction_enabled() { println!("Testing suite {:?}", suite.suite().as_str()); // Only offer the cipher suite (and protocol version) that we're testing - let mut server_config = ServerConfig::builder() + let mut server_config = ServerConfig::::builder() .with_cipher_suites(&[suite]) .with_safe_default_kx_groups() .with_protocol_versions(&[version]) @@ -4685,7 +4689,7 @@ fn test_secret_extraction_disabled_or_too_early() { let kt = KeyType::Rsa; for (server_enable, client_enable) in [(true, false), (false, true)] { - let mut server_config = ServerConfig::builder() + let mut server_config = ServerConfig::::builder() .with_cipher_suites(&[suite]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -4727,7 +4731,7 @@ fn test_received_plaintext_backpressure() { let kt = KeyType::Rsa; let server_config = Arc::new( - ServerConfig::builder() + ServerConfig::::builder() .with_cipher_suites(&[suite]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index f8f711e0d8..3735ebc536 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -10,6 +10,7 @@ use crate::common::{ make_pair_for_arc_configs, server_name, ErrorFromPeer, KeyType, ALL_KEY_TYPES, }; use rustls::client::WebPkiVerifier; +use rustls::crypto::Ring; use rustls::internal::msgs::handshake::DistinguishedName; use rustls::server::{ClientCertVerified, ClientCertVerifier}; use rustls::{ @@ -36,7 +37,7 @@ fn ver_err() -> Result { fn server_config_with_verifier( kt: KeyType, client_cert_verifier: MockClientVerifier, -) -> ServerConfig { +) -> ServerConfig { ServerConfig::builder() .with_safe_defaults() .with_client_cert_verifier(Arc::new(client_cert_verifier)) diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index afdb67cf5d..1d8d60abcd 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -4,6 +4,7 @@ use std::io; use std::ops::{Deref, DerefMut}; use std::sync::Arc; +use rustls::crypto::{CryptoProvider, Ring}; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage}; use rustls::server::{ @@ -246,23 +247,23 @@ impl KeyType { } } -pub fn finish_server_config( +pub fn finish_server_config( kt: KeyType, - conf: rustls::ConfigBuilder, -) -> ServerConfig { + conf: rustls::ConfigBuilder, rustls::WantsVerifier>, +) -> ServerConfig { conf.with_no_client_auth() .with_single_cert(kt.get_chain(), kt.get_key()) .unwrap() } -pub fn make_server_config(kt: KeyType) -> ServerConfig { +pub fn make_server_config(kt: KeyType) -> ServerConfig { finish_server_config(kt, ServerConfig::builder().with_safe_defaults()) } pub fn make_server_config_with_versions( kt: KeyType, versions: &[&'static rustls::SupportedProtocolVersion], -) -> ServerConfig { +) -> ServerConfig { finish_server_config( kt, ServerConfig::builder() @@ -276,7 +277,7 @@ pub fn make_server_config_with_versions( pub fn make_server_config_with_kx_groups( kt: KeyType, kx_groups: &[&'static rustls::SupportedKxGroup], -) -> ServerConfig { +) -> ServerConfig { finish_server_config( kt, ServerConfig::builder() @@ -301,7 +302,7 @@ pub fn get_client_root_store(kt: KeyType) -> RootCertStore { pub fn make_server_config_with_mandatory_client_auth_crls( kt: KeyType, crls: Vec, -) -> ServerConfig { +) -> ServerConfig { let client_auth_roots = get_client_root_store(kt); let client_auth = AllowAnyAuthenticatedClient::new(client_auth_roots) @@ -315,14 +316,14 @@ pub fn make_server_config_with_mandatory_client_auth_crls( .unwrap() } -pub fn make_server_config_with_mandatory_client_auth(kt: KeyType) -> ServerConfig { +pub fn make_server_config_with_mandatory_client_auth(kt: KeyType) -> ServerConfig { make_server_config_with_mandatory_client_auth_crls(kt, Vec::new()) } pub fn make_server_config_with_optional_client_auth( kt: KeyType, crls: Vec, -) -> ServerConfig { +) -> ServerConfig { let client_auth_roots = get_client_root_store(kt); let client_auth = AllowAnyAnonymousOrAuthenticatedClient::new(client_auth_roots) @@ -336,10 +337,10 @@ pub fn make_server_config_with_optional_client_auth( .unwrap() } -pub fn finish_client_config( +pub fn finish_client_config( kt: KeyType, - config: rustls::ConfigBuilder, -) -> ClientConfig { + config: rustls::ConfigBuilder, rustls::WantsVerifier>, +) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); root_store.add_parsable_certificates(rustls_pemfile::certs(&mut rootbuf).unwrap()); @@ -349,10 +350,10 @@ pub fn finish_client_config( .with_no_client_auth() } -pub fn finish_client_config_with_creds( +pub fn finish_client_config_with_creds( kt: KeyType, - config: rustls::ConfigBuilder, -) -> ClientConfig { + config: rustls::ConfigBuilder, rustls::WantsVerifier>, +) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); // Passing a reference here just for testing. @@ -364,14 +365,14 @@ pub fn finish_client_config_with_creds( .unwrap() } -pub fn make_client_config(kt: KeyType) -> ClientConfig { - finish_client_config(kt, ClientConfig::builder().with_safe_defaults()) +pub fn make_client_config(kt: KeyType) -> ClientConfig { + finish_client_config(kt, ClientConfig::::builder().with_safe_defaults()) } pub fn make_client_config_with_kx_groups( kt: KeyType, kx_groups: &[&'static rustls::SupportedKxGroup], -) -> ClientConfig { +) -> ClientConfig { let builder = ClientConfig::builder() .with_safe_default_cipher_suites() .with_kx_groups(kx_groups) @@ -383,7 +384,7 @@ pub fn make_client_config_with_kx_groups( pub fn make_client_config_with_versions( kt: KeyType, versions: &[&'static rustls::SupportedProtocolVersion], -) -> ClientConfig { +) -> ClientConfig { let builder = ClientConfig::builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() @@ -392,14 +393,14 @@ pub fn make_client_config_with_versions( finish_client_config(kt, builder) } -pub fn make_client_config_with_auth(kt: KeyType) -> ClientConfig { - finish_client_config_with_creds(kt, ClientConfig::builder().with_safe_defaults()) +pub fn make_client_config_with_auth(kt: KeyType) -> ClientConfig { + finish_client_config_with_creds(kt, ClientConfig::::builder().with_safe_defaults()) } pub fn make_client_config_with_versions_with_auth( kt: KeyType, versions: &[&'static rustls::SupportedProtocolVersion], -) -> ClientConfig { +) -> ClientConfig { let builder = ClientConfig::builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() @@ -413,15 +414,15 @@ pub fn make_pair(kt: KeyType) -> (ClientConnection, ServerConnection) { } pub fn make_pair_for_configs( - client_config: ClientConfig, - server_config: ServerConfig, + client_config: ClientConfig, + server_config: ServerConfig, ) -> (ClientConnection, ServerConnection) { make_pair_for_arc_configs(&Arc::new(client_config), &Arc::new(server_config)) } pub fn make_pair_for_arc_configs( - client_config: &Arc, - server_config: &Arc, + client_config: &Arc>, + server_config: &Arc>, ) -> (ClientConnection, ServerConnection) { ( ClientConnection::new(Arc::clone(client_config), server_name("localhost")).unwrap(), From ef573bcd18d45542663228d895bed9c940544aad Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 9 Feb 2023 14:31:43 +0100 Subject: [PATCH 0023/1145] crypto: redefine single DER constant --- rustls/src/x509.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/x509.rs b/rustls/src/x509.rs index 17239d74ad..7fad90a75c 100644 --- a/rustls/src/x509.rs +++ b/rustls/src/x509.rs @@ -1,7 +1,5 @@ // Additional x509/asn1 functions to those provided in webpki/ring. -use ring::io::der; - pub(crate) fn wrap_in_asn1_len(bytes: &mut Vec) { let len = bytes.len(); @@ -22,9 +20,11 @@ pub(crate) fn wrap_in_asn1_len(bytes: &mut Vec) { /// Prepend stuff to `bytes` to put it in a DER SEQUENCE. pub(crate) fn wrap_in_sequence(bytes: &mut Vec) { wrap_in_asn1_len(bytes); - bytes.insert(0, der::Tag::Sequence as u8); + bytes.insert(0, DER_SEQUENCE_TAG); } +const DER_SEQUENCE_TAG: u8 = 0x30; + #[test] fn test_empty() { let mut val = Vec::new(); From d470cc45fae8c852cd428cb2797e45f67bc94ff4 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 9 Feb 2023 14:34:03 +0100 Subject: [PATCH 0024/1145] crypto: use crypto provider for random bytes --- rustls/src/client/hs.rs | 12 +++++++----- rustls/src/crypto.rs | 17 +++++++++++++++-- rustls/src/msgs/handshake.rs | 9 +++++---- rustls/src/rand.rs | 17 +++++------------ rustls/src/server/hs.rs | 2 +- rustls/src/server/tls12.rs | 2 +- rustls/src/server/tls13.rs | 8 ++++---- rustls/src/ticketer.rs | 6 ++++-- rustls/tests/api.rs | 4 ++-- 9 files changed, 44 insertions(+), 33 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 0fab58507e..21ab3fc852 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -87,10 +87,10 @@ fn find_session( found } -pub(super) fn start_handshake( +pub(super) fn start_handshake( server_name: ServerName, extra_exts: Vec, - config: Arc>, + config: Arc>, cx: &mut ClientContext<'_>, ) -> NextStateOrError { let mut transcript_buffer = HandshakeHashBuffer::new(); @@ -123,7 +123,7 @@ pub(super) fn start_handshake( // we're doing an abbreviated handshake. See section 3.4 in // RFC5077. if !inner.ticket().is_empty() { - inner.session_id = SessionId::random()?; + inner.session_id = SessionId::random::()?; } session_id = Some(inner.session_id); } @@ -139,9 +139,11 @@ pub(super) fn start_handshake( Some(session_id) => session_id, None if cx.common.is_quic() => SessionId::empty(), None if !config.supports_version(ProtocolVersion::TLSv1_3) => SessionId::empty(), - None => SessionId::random()?, + None => SessionId::random::()?, }; + let random = Random::new::()?; + Ok(emit_client_hello_for_retry( transcript_buffer, None, @@ -151,7 +153,7 @@ pub(super) fn start_handshake( ClientHelloInput { config, resuming, - random: Random::new()?, + random, #[cfg(feature = "tls12")] using_ems: false, sent_tls13_fake_ccs: false, diff --git a/rustls/src/crypto.rs b/rustls/src/crypto.rs index 408c161466..b87e80e1e6 100644 --- a/rustls/src/crypto.rs +++ b/rustls/src/crypto.rs @@ -1,7 +1,20 @@ +use crate::rand::GetRandomFailed; + +use ring::rand::{SecureRandom, SystemRandom}; + /// Pluggable crypto galore. -pub trait CryptoProvider: Send + Sync + 'static {} +pub trait CryptoProvider: Send + Sync + 'static { + /// Fill the given buffer with random bytes. + fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>; +} /// Default crypto provider. pub struct Ring; -impl CryptoProvider for Ring {} +impl CryptoProvider for Ring { + fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed> { + SystemRandom::new() + .fill(buf) + .map_err(|_| GetRandomFailed) + } +} diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index a019154939..a01159b55c 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1,4 +1,5 @@ #![allow(non_camel_case_types)] +use crate::crypto::CryptoProvider; use crate::dns_name::{DnsName, DnsNameRef}; use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; use crate::error::InvalidMessage; @@ -86,9 +87,9 @@ impl Codec for Random { } impl Random { - pub fn new() -> Result { + pub fn new() -> Result { let mut data = [0u8; 32]; - rand::fill_random(&mut data)?; + C::fill_random(&mut data)?; Ok(Self(data)) } @@ -157,9 +158,9 @@ impl Codec for SessionId { } impl SessionId { - pub fn random() -> Result { + pub fn random() -> Result { let mut data = [0u8; 32]; - rand::fill_random(&mut data)?; + C::fill_random(&mut data)?; Ok(Self { data, len: 32 }) } diff --git a/rustls/src/rand.rs b/rustls/src/rand.rs index d822210026..0320d504c0 100644 --- a/rustls/src/rand.rs +++ b/rustls/src/rand.rs @@ -1,26 +1,19 @@ //! The single place where we generate random material for our own use. -use ring::rand::{SecureRandom, SystemRandom}; - -/// Fill the whole slice with random material. -pub(crate) fn fill_random(bytes: &mut [u8]) -> Result<(), GetRandomFailed> { - SystemRandom::new() - .fill(bytes) - .map_err(|_| GetRandomFailed) -} +use crate::crypto::CryptoProvider; /// Make a Vec of the given size /// containing random material. -pub(crate) fn random_vec(len: usize) -> Result, GetRandomFailed> { +pub(crate) fn random_vec(len: usize) -> Result, GetRandomFailed> { let mut v = vec![0; len]; - fill_random(&mut v)?; + C::fill_random(&mut v)?; Ok(v) } /// Return a uniformly random u32. -pub(crate) fn random_u32() -> Result { +pub(crate) fn random_u32() -> Result { let mut buf = [0u8; 4]; - fill_random(&mut buf)?; + C::fill_random(&mut buf)?; Ok(u32::from_be_bytes(buf)) } diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index ebb1e4266a..c13ff83afe 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -376,7 +376,7 @@ impl ExpectClientHello { }; // Save their Random. - let randoms = ConnectionRandoms::new(client_hello.random, Random::new()?); + let randoms = ConnectionRandoms::new(client_hello.random, Random::new::()?); match suite { SupportedCipherSuite::Tls13(suite) => tls13::CompleteClientHelloHandling { config: self.config, diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index d597637348..d2b2e86ddd 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -200,7 +200,7 @@ mod client_hello { if !self.config.session_storage.can_cache() { self.session_id = SessionId::empty(); } else if self.session_id.is_empty() && !ticket_received { - self.session_id = SessionId::random()?; + self.session_id = SessionId::random::()?; } self.send_ticket = emit_server_hello( diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 69116367ec..2391253897 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1081,7 +1081,7 @@ struct ExpectFinished { send_tickets: usize, } -impl ExpectFinished { +impl ExpectFinished { fn emit_ticket( transcript: &HandshakeHash, suite: &'static Tls13CipherSuite, @@ -1089,9 +1089,9 @@ impl ExpectFinished { key_schedule: &KeyScheduleTraffic, config: &ServerConfig, ) -> Result<(), Error> { - let nonce = rand::random_vec(32)?; + let nonce = rand::random_vec::(32)?; let now = ticketer::TimeBase::now()?; - let age_add = rand::random_u32()?; + let age_add = rand::random_u32::()?; let plain = get_server_session_value(transcript, suite, key_schedule, cx, &nonce, now, age_add) .get_encoding(); @@ -1104,7 +1104,7 @@ impl ExpectFinished { }; (ticket, config.ticketer.lifetime()) } else { - let id = rand::random_vec(32)?; + let id = rand::random_vec::(32)?; let stored = config .session_storage .put(id.clone(), plain); diff --git a/rustls/src/ticketer.rs b/rustls/src/ticketer.rs index 9660d711a6..bf87d71a1a 100644 --- a/rustls/src/ticketer.rs +++ b/rustls/src/ticketer.rs @@ -1,8 +1,10 @@ +use crate::crypto::{CryptoProvider, Ring}; use crate::rand; use crate::server::ProducesTickets; use crate::Error; use ring::aead; + use std::mem; use std::sync::{Arc, Mutex, MutexGuard}; use std::time; @@ -42,7 +44,7 @@ impl AeadTicketer { /// Make a ticketer with recommended configuration and a random key. fn new() -> Result { let mut key = [0u8; 32]; - rand::fill_random(&mut key)?; + Ring::fill_random(&mut key)?; let alg = &aead::CHACHA20_POLY1305; let key = aead::UnboundKey::new(alg, &key).unwrap(); @@ -67,7 +69,7 @@ impl ProducesTickets for AeadTicketer { fn encrypt(&self, message: &[u8]) -> Option> { // Random nonce, because a counter is a privacy leak. let mut nonce_buf = [0u8; 12]; - rand::fill_random(&mut nonce_buf).ok()?; + Ring::fill_random(&mut nonce_buf).ok()?; let nonce = ring::aead::Nonce::assume_unique_for_key(nonce_buf); let aad = ring::aead::Aad::empty(); diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 2f599deb50..319344c49a 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3576,7 +3576,7 @@ mod test_quic { payload: HandshakePayload::ClientHello(ClientHelloPayload { client_version: ProtocolVersion::TLSv1_3, random, - session_id: SessionId::random().unwrap(), + session_id: SessionId::random::().unwrap(), cipher_suites: vec![CipherSuite::TLS13_AES_128_GCM_SHA256], compression_methods: vec![Compression::Null], extensions: vec![ @@ -3640,7 +3640,7 @@ mod test_quic { payload: HandshakePayload::ClientHello(ClientHelloPayload { client_version: ProtocolVersion::TLSv1_2, random: random.clone(), - session_id: SessionId::random().unwrap(), + session_id: SessionId::random::().unwrap(), cipher_suites: vec![CipherSuite::TLS13_AES_128_GCM_SHA256], compression_methods: vec![Compression::Null], extensions: vec![ From 6814ce32ac77459c15254cde28c2c28125421e56 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 9 Feb 2023 14:34:27 +0100 Subject: [PATCH 0025/1145] crypto: use crypto provider to produce ticketer --- examples/src/bin/tlsserver-mio.rs | 2 +- rustls/examples/internal/bench.rs | 2 +- rustls/examples/internal/bogo_shim.rs | 2 +- rustls/src/crypto.rs | 80 ++++++++++++++++++++ rustls/src/ticketer.rs | 103 +++----------------------- rustls/tests/api.rs | 2 +- 6 files changed, 96 insertions(+), 95 deletions(-) diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 18994744c4..401eb24c86 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -633,7 +633,7 @@ fn make_config(args: &Args) -> Arc> { } if args.flag_tickets { - config.ticketer = rustls::Ticketer::new().unwrap(); + config.ticketer = rustls::Ticketer::new::().unwrap(); } config.alpn_protocols = args diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index da8e1e5fdd..11281b3575 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -322,7 +322,7 @@ fn make_server_config( if resume == ResumptionParam::SessionID { cfg.session_storage = ServerSessionMemoryCache::new(128); } else if resume == ResumptionParam::Tickets { - cfg.ticketer = Ticketer::new().unwrap(); + cfg.ticketer = Ticketer::new::().unwrap(); } else { cfg.session_storage = Arc::new(NoServerSessionStorage {}); } diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 0f6c3bc00b..3424f9d0ff 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -425,7 +425,7 @@ fn make_server_cfg(opts: &Options) -> Arc> { } if opts.tickets { - cfg.ticketer = Ticketer::new().unwrap(); + cfg.ticketer = Ticketer::new::().unwrap(); } else if opts.resumes == 0 { cfg.session_storage = Arc::new(server::NoServerSessionStorage {}); } diff --git a/rustls/src/crypto.rs b/rustls/src/crypto.rs index b87e80e1e6..a4e2526d71 100644 --- a/rustls/src/crypto.rs +++ b/rustls/src/crypto.rs @@ -1,9 +1,14 @@ use crate::rand::GetRandomFailed; +use crate::server::ProducesTickets; +use ring::aead; use ring::rand::{SecureRandom, SystemRandom}; /// Pluggable crypto galore. pub trait CryptoProvider: Send + Sync + 'static { + /// Build a ticket generator. + fn ticket_generator() -> Result, GetRandomFailed>; + /// Fill the given buffer with random bytes. fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>; } @@ -12,9 +17,84 @@ pub trait CryptoProvider: Send + Sync + 'static { pub struct Ring; impl CryptoProvider for Ring { + fn ticket_generator() -> Result, GetRandomFailed> { + let mut key = [0u8; 32]; + Self::fill_random(&mut key)?; + + let alg = &aead::CHACHA20_POLY1305; + let key = aead::UnboundKey::new(alg, &key).unwrap(); + + Ok(Box::new(AeadTicketer { + alg, + key: aead::LessSafeKey::new(key), + lifetime: 60 * 60 * 12, + })) + } + fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed> { SystemRandom::new() .fill(buf) .map_err(|_| GetRandomFailed) } } + +/// This is a `ProducesTickets` implementation which uses +/// any *ring* `aead::Algorithm` to encrypt and authentication +/// the ticket payload. It does not enforce any lifetime +/// constraint. +struct AeadTicketer { + alg: &'static aead::Algorithm, + key: aead::LessSafeKey, + lifetime: u32, +} + +impl ProducesTickets for AeadTicketer { + fn enabled(&self) -> bool { + true + } + fn lifetime(&self) -> u32 { + self.lifetime + } + + /// Encrypt `message` and return the ciphertext. + fn encrypt(&self, message: &[u8]) -> Option> { + // Random nonce, because a counter is a privacy leak. + let mut nonce_buf = [0u8; 12]; + Ring::fill_random(&mut nonce_buf).ok()?; + let nonce = ring::aead::Nonce::assume_unique_for_key(nonce_buf); + let aad = ring::aead::Aad::empty(); + + let mut ciphertext = + Vec::with_capacity(nonce_buf.len() + message.len() + self.key.algorithm().tag_len()); + ciphertext.extend(nonce_buf); + ciphertext.extend(message); + self.key + .seal_in_place_separate_tag(nonce, aad, &mut ciphertext[nonce_buf.len()..]) + .map(|tag| { + ciphertext.extend(tag.as_ref()); + ciphertext + }) + .ok() + } + + /// Decrypt `ciphertext` and recover the original message. + fn decrypt(&self, ciphertext: &[u8]) -> Option> { + // Non-panicking `let (nonce, ciphertext) = ciphertext.split_at(...)`. + let nonce = ciphertext.get(..self.alg.nonce_len())?; + let ciphertext = ciphertext.get(nonce.len()..)?; + + // This won't fail since `nonce` has the required length. + let nonce = ring::aead::Nonce::try_assume_unique_for_key(nonce).ok()?; + + let mut out = Vec::from(ciphertext); + + let plain_len = self + .key + .open_in_place(nonce, aead::Aad::empty(), &mut out) + .ok()? + .len(); + out.truncate(plain_len); + + Some(out) + } +} diff --git a/rustls/src/ticketer.rs b/rustls/src/ticketer.rs index bf87d71a1a..979443faed 100644 --- a/rustls/src/ticketer.rs +++ b/rustls/src/ticketer.rs @@ -1,10 +1,10 @@ -use crate::crypto::{CryptoProvider, Ring}; +use crate::crypto::CryptoProvider; +#[cfg(test)] +use crate::crypto::Ring; use crate::rand; use crate::server::ProducesTickets; use crate::Error; -use ring::aead; - use std::mem; use std::sync::{Arc, Mutex, MutexGuard}; use std::time; @@ -30,84 +30,6 @@ impl TimeBase { } } -/// This is a `ProducesTickets` implementation which uses -/// any *ring* `aead::Algorithm` to encrypt and authentication -/// the ticket payload. It does not enforce any lifetime -/// constraint. -struct AeadTicketer { - alg: &'static aead::Algorithm, - key: aead::LessSafeKey, - lifetime: u32, -} - -impl AeadTicketer { - /// Make a ticketer with recommended configuration and a random key. - fn new() -> Result { - let mut key = [0u8; 32]; - Ring::fill_random(&mut key)?; - - let alg = &aead::CHACHA20_POLY1305; - let key = aead::UnboundKey::new(alg, &key).unwrap(); - - Ok(Self { - alg, - key: aead::LessSafeKey::new(key), - lifetime: 60 * 60 * 12, - }) - } -} - -impl ProducesTickets for AeadTicketer { - fn enabled(&self) -> bool { - true - } - fn lifetime(&self) -> u32 { - self.lifetime - } - - /// Encrypt `message` and return the ciphertext. - fn encrypt(&self, message: &[u8]) -> Option> { - // Random nonce, because a counter is a privacy leak. - let mut nonce_buf = [0u8; 12]; - Ring::fill_random(&mut nonce_buf).ok()?; - let nonce = ring::aead::Nonce::assume_unique_for_key(nonce_buf); - let aad = ring::aead::Aad::empty(); - - let mut ciphertext = - Vec::with_capacity(nonce_buf.len() + message.len() + self.key.algorithm().tag_len()); - ciphertext.extend(nonce_buf); - ciphertext.extend(message); - self.key - .seal_in_place_separate_tag(nonce, aad, &mut ciphertext[nonce_buf.len()..]) - .map(|tag| { - ciphertext.extend(tag.as_ref()); - ciphertext - }) - .ok() - } - - /// Decrypt `ciphertext` and recover the original message. - fn decrypt(&self, ciphertext: &[u8]) -> Option> { - // Non-panicking `let (nonce, ciphertext) = ciphertext.split_at(...)`. - let nonce = ciphertext.get(..self.alg.nonce_len())?; - let ciphertext = ciphertext.get(nonce.len()..)?; - - // This won't fail since `nonce` has the required length. - let nonce = ring::aead::Nonce::try_assume_unique_for_key(nonce).ok()?; - - let mut out = Vec::from(ciphertext); - - let plain_len = self - .key - .open_in_place(nonce, aead::Aad::empty(), &mut out) - .ok()? - .len(); - out.truncate(plain_len); - - Some(out) - } -} - struct TicketSwitcherState { next: Option>, current: Box, @@ -263,23 +185,22 @@ impl ProducesTickets for TicketSwitcher { /// A concrete, safe ticket creation mechanism. pub struct Ticketer {} -fn generate_inner() -> Result, rand::GetRandomFailed> { - Ok(Box::new(AeadTicketer::new()?)) -} - impl Ticketer { /// Make the recommended Ticketer. This produces tickets /// with a 12 hour life and randomly generated keys. /// /// The encryption mechanism used in Chacha20Poly1305. - pub fn new() -> Result, Error> { - Ok(Arc::new(TicketSwitcher::new(6 * 60 * 60, generate_inner)?)) + pub fn new() -> Result, Error> { + Ok(Arc::new(TicketSwitcher::new( + 6 * 60 * 60, + C::ticket_generator, + )?)) } } #[test] fn basic_pairwise_test() { - let t = Ticketer::new().unwrap(); + let t = Ticketer::new::().unwrap(); assert!(t.enabled()); let cipher = t.encrypt(b"hello world").unwrap(); let plain = t.decrypt(&cipher).unwrap(); @@ -288,7 +209,7 @@ fn basic_pairwise_test() { #[test] fn ticketswitcher_switching_test() { - let t = Arc::new(TicketSwitcher::new(1, generate_inner).unwrap()); + let t = Arc::new(TicketSwitcher::new(1, Ring::ticket_generator).unwrap()); let now = TimeBase::now().unwrap(); let cipher1 = t.encrypt(b"ticket 1").unwrap(); assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); @@ -316,7 +237,7 @@ fn fail_generator() -> Result, rand::GetRandomFailed> { #[test] fn ticketswitcher_recover_test() { - let mut t = TicketSwitcher::new(1, generate_inner).unwrap(); + let mut t = TicketSwitcher::new(1, Ring::ticket_generator).unwrap(); let now = TimeBase::now().unwrap(); let cipher1 = t.encrypt(b"ticket 1").unwrap(); assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); @@ -325,7 +246,7 @@ fn ticketswitcher_recover_test() { // Failed new ticketer t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(10))); } - t.generator = generate_inner; + t.generator = Ring::ticket_generator; let cipher2 = t.encrypt(b"ticket 2").unwrap(); assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 319344c49a..7e20686728 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3057,7 +3057,7 @@ fn tls13_stateless_resumption() { let client_config = Arc::new(client_config); let mut server_config = make_server_config(kt); - server_config.ticketer = rustls::Ticketer::new().unwrap(); + server_config.ticketer = rustls::Ticketer::new::().unwrap(); let storage = Arc::new(ServerStorage::new()); server_config.session_storage = storage.clone(); let server_config = Arc::new(server_config); From fbc81b5f46962dfd77652b3cc331c0be84bd9869 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 10 Feb 2023 10:37:09 +0100 Subject: [PATCH 0026/1145] kx: let KeyExchange::choose() instantiate directly --- rustls/src/client/hs.rs | 19 ++++++++------- rustls/src/client/tls12.rs | 14 ++++++----- rustls/src/client/tls13.rs | 14 +++++++---- rustls/src/kx.rs | 49 +++++++++++++++++++++++++------------- rustls/src/server/tls12.rs | 2 +- rustls/src/server/tls13.rs | 5 ++-- 6 files changed, 64 insertions(+), 39 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 21ab3fc852..daaa9cf35e 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -7,7 +7,7 @@ use crate::crypto::CryptoProvider; use crate::enums::{AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHashBuffer; -use crate::kx; +use crate::kx::{self, KeyExchangeError}; #[cfg(feature = "logging")] use crate::log::{debug, trace}; use crate::msgs::base::Payload; @@ -791,13 +791,16 @@ impl ExpectServerHelloOrHelloRetryRequest { let key_share = match req_group { Some(group) if group != offered_key_share.group() => { - let group = kx::KeyExchange::choose(group, &config.kx_groups).ok_or_else(|| { - cx.common.send_fatal_alert( - AlertDescription::IllegalParameter, - PeerMisbehaved::IllegalHelloRetryRequestWithUnofferedNamedGroup, - ) - })?; - kx::KeyExchange::start(group).ok_or(Error::FailedToGetRandomBytes)? + match kx::KeyExchange::choose(group, &self.next.input.config.kx_groups) { + Ok(kx) => kx, + Err(KeyExchangeError::UnsupportedGroup) => { + return Err(cx.common.send_fatal_alert( + AlertDescription::IllegalParameter, + PeerMisbehaved::IllegalHelloRetryRequestWithUnofferedNamedGroup, + )); + } + Err(KeyExchangeError::KeyExchangeFailed(err)) => return Err(err.into()), + } } _ => offered_key_share, }; diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index e3243c71b5..efd6aa65d2 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -767,12 +767,14 @@ impl State for ExpectServerDone { // 5a. let ecdh_params = tls12::decode_ecdh_params::(cx.common, &st.server_kx.kx_params)?; - let group = - kx::KeyExchange::choose(ecdh_params.curve_params.named_group, &st.config.kx_groups) - .ok_or(Error::PeerMisbehaved( - PeerMisbehaved::SelectedUnofferedKxGroup, - ))?; - let kx = kx::KeyExchange::start(group).ok_or(Error::FailedToGetRandomBytes)?; + let named_group = ecdh_params.curve_params.named_group; + let kx = match kx::KeyExchange::choose(named_group, &st.config.kx_groups) { + Ok(kx) => kx, + Err(kx::KeyExchangeError::UnsupportedGroup) => { + return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into()) + } + Err(kx::KeyExchangeError::KeyExchangeFailed(err)) => return Err(err.into()), + }; // 5b. let mut transcript = st.transcript; diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index f7867e0feb..37e223b61d 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -210,15 +210,21 @@ pub(super) fn initial_key_share( .resumption .store .kx_hint(server_name) - .and_then(|group| kx::KeyExchange::choose(group, &config.kx_groups)) - .unwrap_or_else(|| { + .filter(|hint_group| { + config + .kx_groups + .iter() + .any(|supported_group| supported_group.name == *hint_group) + }) + .unwrap_or( config .kx_groups .first() .expect("No kx groups configured") - }); + .name, + ); - kx::KeyExchange::start(group).ok_or(Error::FailedToGetRandomBytes) + kx::KeyExchange::choose(group, &config.kx_groups).map_err(|_| Error::FailedToGetRandomBytes) } /// This implements the horrifying TLS1.3 hack where PSK binders have a diff --git a/rustls/src/kx.rs b/rustls/src/kx.rs index d45f1dbc5e..0788b1f63e 100644 --- a/rustls/src/kx.rs +++ b/rustls/src/kx.rs @@ -2,40 +2,50 @@ use std::fmt; use crate::error::{Error, PeerMisbehaved}; use crate::msgs::enums::NamedGroup; +use crate::rand::GetRandomFailed; + +use ring::agreement::{agree_ephemeral, EphemeralPrivateKey, UnparsedPublicKey}; +use ring::rand::SystemRandom; /// An in-progress key exchange. This has the algorithm, /// our private key, and our public key. pub(crate) struct KeyExchange { skxg: &'static SupportedKxGroup, - privkey: ring::agreement::EphemeralPrivateKey, + privkey: EphemeralPrivateKey, pub(crate) pubkey: ring::agreement::PublicKey, } impl KeyExchange { - /// Choose a SupportedKxGroup by name, from a list of supported groups. pub(crate) fn choose( name: NamedGroup, supported: &[&'static SupportedKxGroup], - ) -> Option<&'static SupportedKxGroup> { - supported + ) -> Result { + let skxg = match supported .iter() .find(|skxg| skxg.name == name) - .cloned() + { + Some(skxg) => skxg, + None => return Err(KeyExchangeError::UnsupportedGroup), + }; + + Self::start(skxg).map_err(KeyExchangeError::KeyExchangeFailed) } - /// Start a key exchange, using the given SupportedKxGroup. - /// - /// This generates an ephemeral key pair and stores it in the returned KeyExchange object. - pub(crate) fn start(skxg: &'static SupportedKxGroup) -> Option { - let rng = ring::rand::SystemRandom::new(); - let ours = - ring::agreement::EphemeralPrivateKey::generate(skxg.agreement_algorithm, &rng).ok()?; + pub(crate) fn start(skxg: &'static SupportedKxGroup) -> Result { + let rng = SystemRandom::new(); + let privkey = match EphemeralPrivateKey::generate(skxg.agreement_algorithm, &rng) { + Ok(privkey) => privkey, + Err(_) => return Err(GetRandomFailed), + }; - let pubkey = ours.compute_public_key().ok()?; + let pubkey = match privkey.compute_public_key() { + Ok(pubkey) => pubkey, + Err(_) => return Err(GetRandomFailed), + }; - Some(Self { + Ok(Self { skxg, - privkey: ours, + privkey, pubkey, }) } @@ -54,12 +64,17 @@ impl KeyExchange { peer: &[u8], f: impl FnOnce(&[u8]) -> Result, ) -> Result { - let peer_key = ring::agreement::UnparsedPublicKey::new(self.skxg.agreement_algorithm, peer); - ring::agreement::agree_ephemeral(self.privkey, &peer_key, (), f) + let peer_key = UnparsedPublicKey::new(self.skxg.agreement_algorithm, peer); + agree_ephemeral(self.privkey, &peer_key, (), f) .map_err(|()| PeerMisbehaved::InvalidKeyShare.into()) } } +pub(crate) enum KeyExchangeError { + UnsupportedGroup, + KeyExchangeFailed(GetRandomFailed), +} + /// A key-exchange group supported by rustls. /// /// All possible instances of this class are provided by the library in diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index d2b2e86ddd..e2b8a29db5 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -407,7 +407,7 @@ mod client_hello { signing_key: &dyn sign::SigningKey, randoms: &ConnectionRandoms, ) -> Result { - let kx = kx::KeyExchange::start(skxg).ok_or(Error::FailedToGetRandomBytes)?; + let kx = kx::KeyExchange::start(skxg)?; let secdh = ServerECDHParams::new(skxg.name, kx.pubkey.as_ref()); let mut msg = Vec::new(); diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 2391253897..74adc8b318 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -487,10 +487,9 @@ mod client_hello { ) -> Result { let mut extensions = Vec::new(); - // Prepare key exchange + // Prepare key exchange; the caller ascertained that the `share.group` is supported let kx = kx::KeyExchange::choose(share.group, &config.kx_groups) - .and_then(kx::KeyExchange::start) - .ok_or(Error::FailedToGetRandomBytes)?; + .map_err(|_| Error::FailedToGetRandomBytes)?; let kse = KeyShareEntry::new(share.group, kx.pubkey.as_ref()); extensions.push(ServerExtension::KeyShare(kse)); From ec3c8b5294eb89f9205b689266241b3641009004 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 13 Mar 2023 10:45:30 -0400 Subject: [PATCH 0027/1145] kx: replace pubkey field w/ pub_key() accessor. The only consumers of the `pub(crate)` visible `pubkey` field of the `KeyExchange` struct were using it to get at a `&[u8]` of public key bytes. This commit: 1. Unexports the `pubkey` field of the `KeyExchange` struct. 2. Adds a `pub(crate)` visible `pub_key()` method to return the public key as a `&[u8]`. 3. Adjusts the tls12 client `emit_clientkx` function to use `&[u8]` for its pub key argument. 4. Adjusts all callers to use the new `pub_key` accessor in place of the field. The name is changed from `pubkey` to `pub_key` to match Rust naming conventions[0]. [0]: https://rust-lang.github.io/api-guidelines/naming.html --- rustls/src/client/hs.rs | 2 +- rustls/src/client/tls12.rs | 7 +++---- rustls/src/kx.rs | 7 ++++++- rustls/src/server/tls12.rs | 2 +- rustls/src/server/tls13.rs | 2 +- rustls/src/tls12/mod.rs | 2 +- 6 files changed, 13 insertions(+), 9 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index daaa9cf35e..ec4fc5b9d5 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -240,7 +240,7 @@ fn emit_client_hello_for_retry( if let Some(key_share) = &key_share { debug_assert!(support_tls13); - let key_share = KeyShareEntry::new(key_share.group(), key_share.pubkey.as_ref()); + let key_share = KeyShareEntry::new(key_share.group(), key_share.pub_key()); exts.push(ClientExtension::KeyShare(vec![key_share])); } diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index efd6aa65d2..89c62374e0 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -32,7 +32,6 @@ use crate::client::common::ClientAuthDetails; use crate::client::common::ServerCertDetails; use crate::client::{hs, ClientConfig, ServerName}; -use ring::agreement::PublicKey; use ring::constant_time; use std::sync::Arc; @@ -431,9 +430,9 @@ fn emit_certificate( common.send_msg(cert, false); } -fn emit_clientkx(transcript: &mut HandshakeHash, common: &mut CommonState, pubkey: &PublicKey) { +fn emit_clientkx(transcript: &mut HandshakeHash, common: &mut CommonState, pub_key: &[u8]) { let mut buf = Vec::new(); - let ecpoint = PayloadU8::new(Vec::from(pubkey.as_ref())); + let ecpoint = PayloadU8::new(Vec::from(pub_key)); ecpoint.encode(&mut buf); let pubkey = Payload::new(buf); @@ -778,7 +777,7 @@ impl State for ExpectServerDone { // 5b. let mut transcript = st.transcript; - emit_clientkx(&mut transcript, cx.common, &kx.pubkey); + emit_clientkx(&mut transcript, cx.common, kx.pub_key()); // nb. EMS handshake hash only runs up to ClientKeyExchange. let ems_seed = st .using_ems diff --git a/rustls/src/kx.rs b/rustls/src/kx.rs index 0788b1f63e..98708617f6 100644 --- a/rustls/src/kx.rs +++ b/rustls/src/kx.rs @@ -12,7 +12,7 @@ use ring::rand::SystemRandom; pub(crate) struct KeyExchange { skxg: &'static SupportedKxGroup, privkey: EphemeralPrivateKey, - pub(crate) pubkey: ring::agreement::PublicKey, + pubkey: ring::agreement::PublicKey, } impl KeyExchange { @@ -68,6 +68,11 @@ impl KeyExchange { agree_ephemeral(self.privkey, &peer_key, (), f) .map_err(|()| PeerMisbehaved::InvalidKeyShare.into()) } + + /// Return the public key being used. + pub(crate) fn pub_key(&self) -> &[u8] { + self.pubkey.as_ref() + } } pub(crate) enum KeyExchangeError { diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index e2b8a29db5..df7092a3db 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -408,7 +408,7 @@ mod client_hello { randoms: &ConnectionRandoms, ) -> Result { let kx = kx::KeyExchange::start(skxg)?; - let secdh = ServerECDHParams::new(skxg.name, kx.pubkey.as_ref()); + let secdh = ServerECDHParams::new(skxg.name, kx.pub_key()); let mut msg = Vec::new(); msg.extend(randoms.client); diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 74adc8b318..c06bef10ec 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -491,7 +491,7 @@ mod client_hello { let kx = kx::KeyExchange::choose(share.group, &config.kx_groups) .map_err(|_| Error::FailedToGetRandomBytes)?; - let kse = KeyShareEntry::new(share.group, kx.pubkey.as_ref()); + let kse = KeyShareEntry::new(share.group, kx.pub_key()); extensions.push(ServerExtension::KeyShare(kse)); extensions.push(ServerExtension::SupportedVersions(ProtocolVersion::TLSv1_3)); diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 22b2aadece..d9d7627eaa 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -520,7 +520,7 @@ mod tests { #[test] fn server_ecdhe_remaining_bytes() { let key = kx::KeyExchange::start(&kx::X25519).unwrap(); - let server_params = ServerECDHParams::new(key.group(), key.pubkey.as_ref()); + let server_params = ServerECDHParams::new(key.group(), key.pub_key()); let mut server_buf = Vec::new(); server_params.encode(&mut server_buf); server_buf.push(34); From d60df2c368b3ee0773bde8b587bed8992905064f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 17 Mar 2023 14:24:06 -0400 Subject: [PATCH 0028/1145] kx: rename fields for readability/convention. Following up on the previous commit, this commit updates the `KeyExchange` struct's private `skxg`, `pubkey` and `privkey` fields to be named `group`, `pub_key` and `priv_key`. This better matches the Rust naming convention for struct members and makes for easier to understand code. --- rustls/src/kx.rs | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/rustls/src/kx.rs b/rustls/src/kx.rs index 98708617f6..c74c33d412 100644 --- a/rustls/src/kx.rs +++ b/rustls/src/kx.rs @@ -10,9 +10,9 @@ use ring::rand::SystemRandom; /// An in-progress key exchange. This has the algorithm, /// our private key, and our public key. pub(crate) struct KeyExchange { - skxg: &'static SupportedKxGroup, - privkey: EphemeralPrivateKey, - pubkey: ring::agreement::PublicKey, + group: &'static SupportedKxGroup, + priv_key: EphemeralPrivateKey, + pub_key: ring::agreement::PublicKey, } impl KeyExchange { @@ -20,39 +20,39 @@ impl KeyExchange { name: NamedGroup, supported: &[&'static SupportedKxGroup], ) -> Result { - let skxg = match supported + let group = match supported .iter() - .find(|skxg| skxg.name == name) + .find(|group| group.name == name) { - Some(skxg) => skxg, + Some(group) => group, None => return Err(KeyExchangeError::UnsupportedGroup), }; - Self::start(skxg).map_err(KeyExchangeError::KeyExchangeFailed) + Self::start(group).map_err(KeyExchangeError::KeyExchangeFailed) } - pub(crate) fn start(skxg: &'static SupportedKxGroup) -> Result { + pub(crate) fn start(group: &'static SupportedKxGroup) -> Result { let rng = SystemRandom::new(); - let privkey = match EphemeralPrivateKey::generate(skxg.agreement_algorithm, &rng) { - Ok(privkey) => privkey, + let priv_key = match EphemeralPrivateKey::generate(group.agreement_algorithm, &rng) { + Ok(priv_key) => priv_key, Err(_) => return Err(GetRandomFailed), }; - let pubkey = match privkey.compute_public_key() { - Ok(pubkey) => pubkey, + let pub_key = match priv_key.compute_public_key() { + Ok(pub_key) => pub_key, Err(_) => return Err(GetRandomFailed), }; Ok(Self { - skxg, - privkey, - pubkey, + group, + priv_key, + pub_key, }) } /// Return the group being used. pub(crate) fn group(&self) -> NamedGroup { - self.skxg.name + self.group.name } /// Completes the key exchange, given the peer's public key. @@ -64,14 +64,14 @@ impl KeyExchange { peer: &[u8], f: impl FnOnce(&[u8]) -> Result, ) -> Result { - let peer_key = UnparsedPublicKey::new(self.skxg.agreement_algorithm, peer); - agree_ephemeral(self.privkey, &peer_key, (), f) + let peer_key = UnparsedPublicKey::new(self.group.agreement_algorithm, peer); + agree_ephemeral(self.priv_key, &peer_key, (), f) .map_err(|()| PeerMisbehaved::InvalidKeyShare.into()) } /// Return the public key being used. pub(crate) fn pub_key(&self) -> &[u8] { - self.pubkey.as_ref() + self.pub_key.as_ref() } } From 17a7e175348125944aecfd0e8b66feccdb2dc5a9 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 13 Mar 2023 11:00:10 -0400 Subject: [PATCH 0029/1145] crypto: separate module dir, ring sub-module. For better code organization this commit moves the generic crypto interface code from `src/crypto.rs` to `src/crypto/lib.rs`. The *ring* specific code implementing the generic interfaces is moved to `src/crypto/ring.rs` as a sub-module of `crypto. All imports are adjusted accordingly. This has the advantage of leaving `src/crypto/lib.rs` small, and without any *ring* specific imports. In the future we may choose to feature-gate the ring sub-module to allow building the crate without a dependency on ring. --- examples/src/bin/limitedclient.rs | 2 +- examples/src/bin/simple_0rtt_client.rs | 3 ++- examples/src/bin/simpleclient.rs | 2 +- examples/src/bin/tlsclient-mio.rs | 2 +- examples/src/bin/tlsserver-mio.rs | 2 +- fuzz/fuzzers/client.rs | 2 +- fuzz/fuzzers/server.rs | 2 +- rustls/examples/internal/bench.rs | 2 +- rustls/examples/internal/bogo_shim.rs | 2 +- rustls/src/builder.rs | 8 ++++---- rustls/src/crypto/mod.rs | 14 ++++++++++++++ rustls/src/{crypto.rs => crypto/ring.rs} | 14 +++----------- rustls/src/lib.rs | 6 +++--- rustls/src/server/server_conn.rs | 2 +- rustls/src/ticketer.rs | 4 ++-- rustls/tests/api.rs | 3 ++- rustls/tests/client_cert_verifier.rs | 2 +- rustls/tests/common/mod.rs | 3 ++- 18 files changed, 42 insertions(+), 33 deletions(-) create mode 100644 rustls/src/crypto/mod.rs rename rustls/src/{crypto.rs => crypto/ring.rs} (85%) diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index b0b6d99acf..a5151075f8 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -6,7 +6,7 @@ use std::sync::Arc; use std::io::{stdout, Read, Write}; use std::net::TcpStream; -use rustls::crypto::Ring; +use rustls::crypto::ring::Ring; use rustls::OwnedTrustAnchor; fn main() { diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index 90ea4f779d..ffa2ba7c62 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -3,7 +3,8 @@ use std::sync::Arc; use std::io::{BufRead, BufReader, Write}; use std::net::TcpStream; -use rustls::crypto::{CryptoProvider, Ring}; +use rustls::crypto::ring::Ring; +use rustls::crypto::CryptoProvider; use rustls::{OwnedTrustAnchor, RootCertStore}; fn start_connection(config: &Arc>, domain_name: &str) { diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index 5ef51039ea..baf5cec581 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -12,7 +12,7 @@ use std::sync::Arc; use std::io::{stdout, Read, Write}; use std::net::TcpStream; -use rustls::crypto::Ring; +use rustls::crypto::ring::Ring; use rustls::{OwnedTrustAnchor, RootCertStore}; fn main() { diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 7c1a822d2c..8d4cac532e 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -2,8 +2,8 @@ use std::process; use std::sync::Arc; use mio::net::TcpStream; +use rustls::crypto::ring::Ring; use rustls::crypto::CryptoProvider; -use rustls::crypto::Ring; use std::fs; use std::io; diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 401eb24c86..e0a200af44 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -1,7 +1,7 @@ use std::sync::Arc; use mio::net::{TcpListener, TcpStream}; -use rustls::crypto::Ring; +use rustls::crypto::ring::Ring; #[macro_use] extern crate log; diff --git a/fuzz/fuzzers/client.rs b/fuzz/fuzzers/client.rs index a87f3524c2..1f7910cbb4 100644 --- a/fuzz/fuzzers/client.rs +++ b/fuzz/fuzzers/client.rs @@ -4,7 +4,7 @@ extern crate libfuzzer_sys; extern crate rustls; extern crate webpki; -use rustls::crypto::Ring; +use rustls::crypto::ring::Ring; use rustls::{ClientConfig, ClientConnection, RootCertStore}; use std::io; use std::sync::Arc; diff --git a/fuzz/fuzzers/server.rs b/fuzz/fuzzers/server.rs index 5c6aa95e8c..d712353135 100644 --- a/fuzz/fuzzers/server.rs +++ b/fuzz/fuzzers/server.rs @@ -3,7 +3,7 @@ extern crate libfuzzer_sys; extern crate rustls; -use rustls::crypto::Ring; +use rustls::crypto::ring::Ring; use rustls::server::ResolvesServerCert; use rustls::{ServerConfig, ServerConnection}; diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index 11281b3575..d61d57c0df 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -12,7 +12,7 @@ use std::sync::Arc; use std::time::{Duration, Instant}; use rustls::client::Resumption; -use rustls::crypto::Ring; +use rustls::crypto::ring::Ring; use rustls::server::{ AllowAnyAuthenticatedClient, NoClientAuth, NoServerSessionStorage, ServerSessionMemoryCache, }; diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 3424f9d0ff..67d27a0481 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -5,8 +5,8 @@ // use rustls::client::{ClientConfig, ClientConnection, Resumption}; +use rustls::crypto::ring::Ring; use rustls::crypto::CryptoProvider; -use rustls::crypto::Ring; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist; use rustls::server::{ClientHello, ServerConfig, ServerConnection}; diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 4ec6aed104..5dbbefeae8 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -21,7 +21,7 @@ use std::marker::PhantomData; /// /// ```no_run /// # use rustls::ServerConfig; -/// # use rustls::crypto::Ring; +/// # use rustls::crypto::ring::Ring; /// # let certs = vec![]; /// # let private_key = rustls::PrivateKey(vec![]); /// ServerConfig::::builder() @@ -38,7 +38,7 @@ use std::marker::PhantomData; /// /// ```no_run /// # use rustls::ServerConfig; -/// # use rustls::crypto::Ring; +/// # use rustls::crypto::ring::Ring; /// # let certs = vec![]; /// # let private_key = rustls::PrivateKey(vec![]); /// ServerConfig::::builder() @@ -52,7 +52,7 @@ use std::marker::PhantomData; /// /// ```no_run /// # use rustls::ClientConfig; -/// # use rustls::crypto::Ring; +/// # use rustls::crypto::ring::Ring; /// # let root_certs = rustls::RootCertStore::empty(); /// # let certs = vec![]; /// # let private_key = rustls::PrivateKey(vec![]); @@ -70,7 +70,7 @@ use std::marker::PhantomData; /// /// ``` /// # use rustls::ClientConfig; -/// # use rustls::crypto::Ring; +/// # use rustls::crypto::ring::Ring; /// # let root_certs = rustls::RootCertStore::empty(); /// ClientConfig::::builder() /// .with_safe_defaults() diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs new file mode 100644 index 0000000000..5f1b363cfa --- /dev/null +++ b/rustls/src/crypto/mod.rs @@ -0,0 +1,14 @@ +use crate::rand::GetRandomFailed; +use crate::server::ProducesTickets; + +/// *ring* based CryptoProvider. +pub mod ring; + +/// Pluggable crypto galore. +pub trait CryptoProvider: Send + Sync + 'static { + /// Build a ticket generator. + fn ticket_generator() -> Result, GetRandomFailed>; + + /// Fill the given buffer with random bytes. + fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>; +} diff --git a/rustls/src/crypto.rs b/rustls/src/crypto/ring.rs similarity index 85% rename from rustls/src/crypto.rs rename to rustls/src/crypto/ring.rs index a4e2526d71..2d8de05427 100644 --- a/rustls/src/crypto.rs +++ b/rustls/src/crypto/ring.rs @@ -1,18 +1,10 @@ +use crate::crypto::CryptoProvider; use crate::rand::GetRandomFailed; use crate::server::ProducesTickets; use ring::aead; use ring::rand::{SecureRandom, SystemRandom}; -/// Pluggable crypto galore. -pub trait CryptoProvider: Send + Sync + 'static { - /// Build a ticket generator. - fn ticket_generator() -> Result, GetRandomFailed>; - - /// Fill the given buffer with random bytes. - fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>; -} - /// Default crypto provider. pub struct Ring; @@ -61,7 +53,7 @@ impl ProducesTickets for AeadTicketer { // Random nonce, because a counter is a privacy leak. let mut nonce_buf = [0u8; 12]; Ring::fill_random(&mut nonce_buf).ok()?; - let nonce = ring::aead::Nonce::assume_unique_for_key(nonce_buf); + let nonce = aead::Nonce::assume_unique_for_key(nonce_buf); let aad = ring::aead::Aad::empty(); let mut ciphertext = @@ -84,7 +76,7 @@ impl ProducesTickets for AeadTicketer { let ciphertext = ciphertext.get(nonce.len()..)?; // This won't fail since `nonce` has the required length. - let nonce = ring::aead::Nonce::try_assume_unique_for_key(nonce).ok()?; + let nonce = aead::Nonce::try_assume_unique_for_key(nonce).ok()?; let mut out = Vec::from(ciphertext); diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index ab35b2abfc..c51143e7f0 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -122,7 +122,7 @@ //! //! ```rust,no_run //! # let root_store: rustls::RootCertStore = panic!(); -//! let config = rustls::ClientConfig::::builder() +//! let config = rustls::ClientConfig::::builder() //! .with_safe_defaults() //! .with_root_certificates(root_store) //! .with_no_client_auth(); @@ -148,7 +148,7 @@ //! # ) //! # }) //! # ); -//! # let config = rustls::ClientConfig::::builder() +//! # let config = rustls::ClientConfig::::builder() //! # .with_safe_defaults() //! # .with_root_certificates(root_store) //! # .with_no_client_auth(); @@ -181,7 +181,7 @@ //! errors. //! //! ```rust,no_run -//! # let mut client = rustls::ClientConnection::new::(panic!(), panic!()).unwrap(); +//! # let mut client = rustls::ClientConnection::new::(panic!(), panic!()).unwrap(); //! # struct Socket { } //! # impl Socket { //! # fn ready_for_write(&self) -> bool { false } diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 6b75479807..cd4543ee20 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -554,7 +554,7 @@ impl From for crate::Connection { /// }; /// /// // For some user-defined choose_server_config: -/// let config = choose_server_config::(accepted.client_hello()); +/// let config = choose_server_config::(accepted.client_hello()); /// let conn = accepted /// .into_connection(config) /// .unwrap(); diff --git a/rustls/src/ticketer.rs b/rustls/src/ticketer.rs index 979443faed..dd9f6b1dcd 100644 --- a/rustls/src/ticketer.rs +++ b/rustls/src/ticketer.rs @@ -1,6 +1,6 @@ -use crate::crypto::CryptoProvider; #[cfg(test)] -use crate::crypto::Ring; +use crate::crypto::ring::Ring; +use crate::crypto::CryptoProvider; use crate::rand; use crate::server::ProducesTickets; use crate::Error; diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 7e20686728..ac79fa3973 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -10,7 +10,8 @@ use std::sync::Arc; use std::sync::Mutex; use rustls::client::{ResolvesClientCert, Resumption}; -use rustls::crypto::{CryptoProvider, Ring}; +use rustls::crypto::ring::Ring; +use rustls::crypto::CryptoProvider; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::server::{AllowAnyAnonymousOrAuthenticatedClient, ClientHello, ResolvesServerCert}; diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 3735ebc536..f5220a4360 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -10,7 +10,7 @@ use crate::common::{ make_pair_for_arc_configs, server_name, ErrorFromPeer, KeyType, ALL_KEY_TYPES, }; use rustls::client::WebPkiVerifier; -use rustls::crypto::Ring; +use rustls::crypto::ring::Ring; use rustls::internal::msgs::handshake::DistinguishedName; use rustls::server::{ClientCertVerified, ClientCertVerifier}; use rustls::{ diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 1d8d60abcd..51d576faca 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -4,7 +4,8 @@ use std::io; use std::ops::{Deref, DerefMut}; use std::sync::Arc; -use rustls::crypto::{CryptoProvider, Ring}; +use rustls::crypto::ring::Ring; +use rustls::crypto::CryptoProvider; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage}; use rustls::server::{ From 2279faa124ebd970649d40b40997a921987e73d3 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 17 Mar 2023 15:00:39 -0400 Subject: [PATCH 0030/1145] kx: lift `KeyExchangeError` into `crypto` The `KeyExchangeError` type is generic enough to live in the `crypto` module. This will allow it to be shared with non-ring implementations in the future. --- rustls/src/client/hs.rs | 4 ++-- rustls/src/client/tls12.rs | 6 +++--- rustls/src/crypto/mod.rs | 5 +++++ rustls/src/kx.rs | 6 +----- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index ec4fc5b9d5..f90d4c369d 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -3,11 +3,11 @@ use crate::bs_debug; use crate::check::inappropriate_handshake_message; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::CryptoProvider; +use crate::crypto::{CryptoProvider, KeyExchangeError}; use crate::enums::{AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHashBuffer; -use crate::kx::{self, KeyExchangeError}; +use crate::kx; #[cfg(feature = "logging")] use crate::log::{debug, trace}; use crate::msgs::base::Payload; diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 89c62374e0..e4f8e824ad 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -1,7 +1,7 @@ use crate::check::{inappropriate_handshake_message, inappropriate_message}; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::CryptoProvider; +use crate::crypto::{CryptoProvider, KeyExchangeError}; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; @@ -769,10 +769,10 @@ impl State for ExpectServerDone { let named_group = ecdh_params.curve_params.named_group; let kx = match kx::KeyExchange::choose(named_group, &st.config.kx_groups) { Ok(kx) => kx, - Err(kx::KeyExchangeError::UnsupportedGroup) => { + Err(KeyExchangeError::UnsupportedGroup) => { return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into()) } - Err(kx::KeyExchangeError::KeyExchangeFailed(err)) => return Err(err.into()), + Err(KeyExchangeError::KeyExchangeFailed(err)) => return Err(err.into()), }; // 5b. diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 5f1b363cfa..b64f0dd96d 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -12,3 +12,8 @@ pub trait CryptoProvider: Send + Sync + 'static { /// Fill the given buffer with random bytes. fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>; } + +pub(crate) enum KeyExchangeError { + UnsupportedGroup, + KeyExchangeFailed(GetRandomFailed), +} diff --git a/rustls/src/kx.rs b/rustls/src/kx.rs index c74c33d412..2564a273a7 100644 --- a/rustls/src/kx.rs +++ b/rustls/src/kx.rs @@ -1,5 +1,6 @@ use std::fmt; +use crate::crypto::KeyExchangeError; use crate::error::{Error, PeerMisbehaved}; use crate::msgs::enums::NamedGroup; use crate::rand::GetRandomFailed; @@ -75,11 +76,6 @@ impl KeyExchange { } } -pub(crate) enum KeyExchangeError { - UnsupportedGroup, - KeyExchangeFailed(GetRandomFailed), -} - /// A key-exchange group supported by rustls. /// /// All possible instances of this class are provided by the library in From 5e512826818e672c9c44bbfaac060f31e0fd73f6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 17 Mar 2023 14:53:49 -0400 Subject: [PATCH 0031/1145] kx: move Ring key exchange impl. to crypto::ring. This commit moves the existing Ring-based key exchange mechanisms from `rustls/src/kx.rs` to `rustls/src/crypto/ring.rs` in anticipation of adapting the codebase to a more general keyex trait that these types will implement. No changes are made to the implementation except to update import paths to reference the new location. --- rustls/src/builder.rs | 2 +- rustls/src/client/builder.rs | 2 +- rustls/src/client/client_conn.rs | 2 +- rustls/src/client/hs.rs | 8 +-- rustls/src/client/tls12.rs | 4 +- rustls/src/client/tls13.rs | 8 +-- rustls/src/crypto/ring.rs | 114 +++++++++++++++++++++++++++++- rustls/src/kx.rs | 116 ------------------------------- rustls/src/lib.rs | 9 ++- rustls/src/server/builder.rs | 2 +- rustls/src/server/server_conn.rs | 2 +- rustls/src/server/tls12.rs | 13 ++-- rustls/src/server/tls13.rs | 4 +- rustls/src/tls12/mod.rs | 7 +- 14 files changed, 145 insertions(+), 148 deletions(-) delete mode 100644 rustls/src/kx.rs diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 5dbbefeae8..86acc44fd3 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -1,6 +1,6 @@ +use crate::crypto::ring::{SupportedKxGroup, ALL_KX_GROUPS}; use crate::crypto::CryptoProvider; use crate::error::Error; -use crate::kx::{SupportedKxGroup, ALL_KX_GROUPS}; use crate::suites::{SupportedCipherSuite, DEFAULT_CIPHER_SUITES}; use crate::versions; diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 3b1ac2f02d..2a27e18f59 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -1,10 +1,10 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::client::handy; use crate::client::{ClientConfig, ResolvesClientCert}; +use crate::crypto::ring::SupportedKxGroup; use crate::crypto::CryptoProvider; use crate::error::Error; use crate::key_log::NoKeyLog; -use crate::kx::SupportedKxGroup; use crate::suites::SupportedCipherSuite; use crate::verify; use crate::{anchors, key, versions}; diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 90670459f1..b3f5f71ff2 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -1,11 +1,11 @@ use crate::builder::{ConfigBuilder, WantsCipherSuites}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCommon, ConnectionCore}; +use crate::crypto::ring::SupportedKxGroup; use crate::crypto::CryptoProvider; use crate::dns_name::{DnsName, DnsNameRef, InvalidDnsNameError}; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; -use crate::kx::SupportedKxGroup; #[cfg(feature = "logging")] use crate::log::trace; use crate::msgs::enums::NamedGroup; diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index f90d4c369d..c0f2e6090e 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -3,11 +3,11 @@ use crate::bs_debug; use crate::check::inappropriate_handshake_message; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; +use crate::crypto::ring::KeyExchange; use crate::crypto::{CryptoProvider, KeyExchangeError}; use crate::enums::{AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHashBuffer; -use crate::kx; #[cfg(feature = "logging")] use crate::log::{debug, trace}; use crate::msgs::base::Payload; @@ -169,7 +169,7 @@ struct ExpectServerHello { input: ClientHelloInput, transcript_buffer: HandshakeHashBuffer, early_key_schedule: Option, - offered_key_share: Option, + offered_key_share: Option, suite: Option, } @@ -193,7 +193,7 @@ struct ClientHelloInput { fn emit_client_hello_for_retry( mut transcript_buffer: HandshakeHashBuffer, retryreq: Option<&HelloRetryRequest>, - key_share: Option, + key_share: Option, extra_exts: Vec, suite: Option, mut input: ClientHelloInput, @@ -791,7 +791,7 @@ impl ExpectServerHelloOrHelloRetryRequest { let key_share = match req_group { Some(group) if group != offered_key_share.group() => { - match kx::KeyExchange::choose(group, &self.next.input.config.kx_groups) { + match KeyExchange::choose(group, &self.next.input.config.kx_groups) { Ok(kx) => kx, Err(KeyExchangeError::UnsupportedGroup) => { return Err(cx.common.send_fatal_alert( diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index e4f8e824ad..777d1e4458 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -1,12 +1,12 @@ use crate::check::{inappropriate_handshake_message, inappropriate_message}; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; +use crate::crypto::ring::KeyExchange; use crate::crypto::{CryptoProvider, KeyExchangeError}; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; use crate::hash_hs::HandshakeHash; -use crate::kx; #[cfg(feature = "logging")] use crate::log::{debug, trace, warn}; use crate::msgs::base::{Payload, PayloadU8}; @@ -767,7 +767,7 @@ impl State for ExpectServerDone { let ecdh_params = tls12::decode_ecdh_params::(cx.common, &st.server_kx.kx_params)?; let named_group = ecdh_params.curve_params.named_group; - let kx = match kx::KeyExchange::choose(named_group, &st.config.kx_groups) { + let kx = match KeyExchange::choose(named_group, &st.config.kx_groups) { Ok(kx) => kx, Err(KeyExchangeError::UnsupportedGroup) => { return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into()) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 37e223b61d..c8b482388a 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -5,13 +5,13 @@ use crate::common_state::Protocol; use crate::common_state::Side; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; +use crate::crypto::ring::KeyExchange; use crate::crypto::CryptoProvider; use crate::enums::{ AlertDescription, ContentType, HandshakeType, ProtocolVersion, SignatureScheme, }; use crate::error::{Error, InvalidMessage, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::{HandshakeHash, HandshakeHashBuffer}; -use crate::kx; #[cfg(feature = "logging")] use crate::log::{debug, trace, warn}; use crate::msgs::base::{Payload, PayloadU8}; @@ -74,7 +74,7 @@ pub(super) fn handle_server_hello( transcript: HandshakeHash, early_key_schedule: Option, hello: ClientHelloDetails, - our_key_share: kx::KeyExchange, + our_key_share: KeyExchange, mut sent_tls13_fake_ccs: bool, ) -> hs::NextStateOrError { validate_server_hello(cx.common, server_hello)?; @@ -205,7 +205,7 @@ fn validate_server_hello( pub(super) fn initial_key_share( config: &ClientConfig, server_name: &ServerName, -) -> Result { +) -> Result { let group = config .resumption .store @@ -224,7 +224,7 @@ pub(super) fn initial_key_share( .name, ); - kx::KeyExchange::choose(group, &config.kx_groups).map_err(|_| Error::FailedToGetRandomBytes) + KeyExchange::choose(group, &config.kx_groups).map_err(|_| Error::FailedToGetRandomBytes) } /// This implements the horrifying TLS1.3 hack where PSK binders have a diff --git a/rustls/src/crypto/ring.rs b/rustls/src/crypto/ring.rs index 2d8de05427..1a5c20e0da 100644 --- a/rustls/src/crypto/ring.rs +++ b/rustls/src/crypto/ring.rs @@ -1,10 +1,15 @@ -use crate::crypto::CryptoProvider; +use crate::crypto::{CryptoProvider, KeyExchangeError}; +use crate::error::{Error, PeerMisbehaved}; +use crate::msgs::enums::NamedGroup; use crate::rand::GetRandomFailed; use crate::server::ProducesTickets; use ring::aead; +use ring::agreement::{agree_ephemeral, EphemeralPrivateKey, UnparsedPublicKey}; use ring::rand::{SecureRandom, SystemRandom}; +use std::fmt; + /// Default crypto provider. pub struct Ring; @@ -90,3 +95,110 @@ impl ProducesTickets for AeadTicketer { Some(out) } } + +/// An in-progress key exchange. This has the algorithm, +/// our private key, and our public key. +pub(crate) struct KeyExchange { + group: &'static SupportedKxGroup, + priv_key: EphemeralPrivateKey, + pub_key: ring::agreement::PublicKey, +} + +impl KeyExchange { + pub(crate) fn choose( + name: NamedGroup, + supported: &[&'static SupportedKxGroup], + ) -> Result { + let group = match supported + .iter() + .find(|group| group.name == name) + { + Some(group) => group, + None => return Err(KeyExchangeError::UnsupportedGroup), + }; + + Self::start(group).map_err(KeyExchangeError::KeyExchangeFailed) + } + + pub(crate) fn start(group: &'static SupportedKxGroup) -> Result { + let rng = SystemRandom::new(); + let priv_key = match EphemeralPrivateKey::generate(group.agreement_algorithm, &rng) { + Ok(priv_key) => priv_key, + Err(_) => return Err(GetRandomFailed), + }; + + let pub_key = match priv_key.compute_public_key() { + Ok(pub_key) => pub_key, + Err(_) => return Err(GetRandomFailed), + }; + + Ok(Self { + group, + priv_key, + pub_key, + }) + } + + /// Return the group being used. + pub(crate) fn group(&self) -> NamedGroup { + self.group.name + } + + /// Completes the key exchange, given the peer's public key. + /// + /// The shared secret is passed into the closure passed down in `f`, and the result of calling + /// `f` is returned to the caller. + pub(crate) fn complete( + self, + peer: &[u8], + f: impl FnOnce(&[u8]) -> Result, + ) -> Result { + let peer_key = UnparsedPublicKey::new(self.group.agreement_algorithm, peer); + agree_ephemeral(self.priv_key, &peer_key, (), f) + .map_err(|()| PeerMisbehaved::InvalidKeyShare.into()) + } + + /// Return the public key being used. + pub(crate) fn pub_key(&self) -> &[u8] { + self.pub_key.as_ref() + } +} + +/// A key-exchange group supported by rustls. +/// +/// All possible instances of this class are provided by the library in +/// the `ALL_KX_GROUPS` array. +pub struct SupportedKxGroup { + /// The IANA "TLS Supported Groups" name of the group + pub name: NamedGroup, + + /// The corresponding ring agreement::Algorithm + agreement_algorithm: &'static ring::agreement::Algorithm, +} + +impl fmt::Debug for SupportedKxGroup { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + self.name.fmt(f) + } +} + +/// Ephemeral ECDH on curve25519 (see RFC7748) +pub static X25519: SupportedKxGroup = SupportedKxGroup { + name: NamedGroup::X25519, + agreement_algorithm: &ring::agreement::X25519, +}; + +/// Ephemeral ECDH on secp256r1 (aka NIST-P256) +pub static SECP256R1: SupportedKxGroup = SupportedKxGroup { + name: NamedGroup::secp256r1, + agreement_algorithm: &ring::agreement::ECDH_P256, +}; + +/// Ephemeral ECDH on secp384r1 (aka NIST-P384) +pub static SECP384R1: SupportedKxGroup = SupportedKxGroup { + name: NamedGroup::secp384r1, + agreement_algorithm: &ring::agreement::ECDH_P384, +}; + +/// A list of all the key exchange groups supported by rustls. +pub static ALL_KX_GROUPS: [&SupportedKxGroup; 3] = [&X25519, &SECP256R1, &SECP384R1]; diff --git a/rustls/src/kx.rs b/rustls/src/kx.rs deleted file mode 100644 index 2564a273a7..0000000000 --- a/rustls/src/kx.rs +++ /dev/null @@ -1,116 +0,0 @@ -use std::fmt; - -use crate::crypto::KeyExchangeError; -use crate::error::{Error, PeerMisbehaved}; -use crate::msgs::enums::NamedGroup; -use crate::rand::GetRandomFailed; - -use ring::agreement::{agree_ephemeral, EphemeralPrivateKey, UnparsedPublicKey}; -use ring::rand::SystemRandom; - -/// An in-progress key exchange. This has the algorithm, -/// our private key, and our public key. -pub(crate) struct KeyExchange { - group: &'static SupportedKxGroup, - priv_key: EphemeralPrivateKey, - pub_key: ring::agreement::PublicKey, -} - -impl KeyExchange { - pub(crate) fn choose( - name: NamedGroup, - supported: &[&'static SupportedKxGroup], - ) -> Result { - let group = match supported - .iter() - .find(|group| group.name == name) - { - Some(group) => group, - None => return Err(KeyExchangeError::UnsupportedGroup), - }; - - Self::start(group).map_err(KeyExchangeError::KeyExchangeFailed) - } - - pub(crate) fn start(group: &'static SupportedKxGroup) -> Result { - let rng = SystemRandom::new(); - let priv_key = match EphemeralPrivateKey::generate(group.agreement_algorithm, &rng) { - Ok(priv_key) => priv_key, - Err(_) => return Err(GetRandomFailed), - }; - - let pub_key = match priv_key.compute_public_key() { - Ok(pub_key) => pub_key, - Err(_) => return Err(GetRandomFailed), - }; - - Ok(Self { - group, - priv_key, - pub_key, - }) - } - - /// Return the group being used. - pub(crate) fn group(&self) -> NamedGroup { - self.group.name - } - - /// Completes the key exchange, given the peer's public key. - /// - /// The shared secret is passed into the closure passed down in `f`, and the result of calling - /// `f` is returned to the caller. - pub(crate) fn complete( - self, - peer: &[u8], - f: impl FnOnce(&[u8]) -> Result, - ) -> Result { - let peer_key = UnparsedPublicKey::new(self.group.agreement_algorithm, peer); - agree_ephemeral(self.priv_key, &peer_key, (), f) - .map_err(|()| PeerMisbehaved::InvalidKeyShare.into()) - } - - /// Return the public key being used. - pub(crate) fn pub_key(&self) -> &[u8] { - self.pub_key.as_ref() - } -} - -/// A key-exchange group supported by rustls. -/// -/// All possible instances of this class are provided by the library in -/// the `ALL_KX_GROUPS` array. -pub struct SupportedKxGroup { - /// The IANA "TLS Supported Groups" name of the group - pub name: NamedGroup, - - /// The corresponding ring agreement::Algorithm - agreement_algorithm: &'static ring::agreement::Algorithm, -} - -impl fmt::Debug for SupportedKxGroup { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - self.name.fmt(f) - } -} - -/// Ephemeral ECDH on curve25519 (see RFC7748) -pub static X25519: SupportedKxGroup = SupportedKxGroup { - name: NamedGroup::X25519, - agreement_algorithm: &ring::agreement::X25519, -}; - -/// Ephemeral ECDH on secp256r1 (aka NIST-P256) -pub static SECP256R1: SupportedKxGroup = SupportedKxGroup { - name: NamedGroup::secp256r1, - agreement_algorithm: &ring::agreement::ECDH_P256, -}; - -/// Ephemeral ECDH on secp384r1 (aka NIST-P384) -pub static SECP384R1: SupportedKxGroup = SupportedKxGroup { - name: NamedGroup::secp384r1, - agreement_algorithm: &ring::agreement::ECDH_P384, -}; - -/// A list of all the key exchange groups supported by rustls. -pub static ALL_KX_GROUPS: [&SupportedKxGroup; 3] = [&X25519, &SECP256R1, &SECP384R1]; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index c51143e7f0..ccbe4c62ef 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -351,7 +351,6 @@ mod enums; mod key; mod key_log; mod key_log_file; -mod kx; mod suites; mod ticketer; mod versions; @@ -380,6 +379,7 @@ pub use crate::builder::{ }; pub use crate::common_state::{CommonState, IoState, Side}; pub use crate::conn::{Connection, ConnectionCommon, Reader, SideData, Writer}; +pub use crate::crypto::ring::{SupportedKxGroup, ALL_KX_GROUPS}; pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, SignatureScheme, @@ -391,7 +391,6 @@ pub use crate::error::{ pub use crate::key::{Certificate, PrivateKey}; pub use crate::key_log::{KeyLog, NoKeyLog}; pub use crate::key_log_file::KeyLogFile; -pub use crate::kx::{SupportedKxGroup, ALL_KX_GROUPS}; pub use crate::msgs::enums::NamedGroup; pub use crate::msgs::handshake::DistinguishedName; pub use crate::stream::{Stream, StreamOwned}; @@ -510,9 +509,9 @@ pub mod version { /// /// ALL_KX_GROUPS is provided as an array of all of these values. pub mod kx_group { - pub use crate::kx::SECP256R1; - pub use crate::kx::SECP384R1; - pub use crate::kx::X25519; + pub use crate::crypto::ring::SECP256R1; + pub use crate::crypto::ring::SECP384R1; + pub use crate::crypto::ring::X25519; } /// Message signing interfaces and implementations. diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 49fd6cd323..8fa984ae68 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -1,8 +1,8 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; +use crate::crypto::ring::SupportedKxGroup; use crate::crypto::CryptoProvider; use crate::error::Error; use crate::key; -use crate::kx::SupportedKxGroup; use crate::server::handy; use crate::server::{ResolvesServerCert, ServerConfig}; use crate::suites::SupportedCipherSuite; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index cd4543ee20..335c3c7789 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,11 +1,11 @@ use crate::builder::{ConfigBuilder, WantsCipherSuites}; use crate::common_state::{CommonState, Context, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore}; +use crate::crypto::ring::SupportedKxGroup; use crate::crypto::CryptoProvider; use crate::dns_name::DnsName; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; -use crate::kx::SupportedKxGroup; #[cfg(feature = "logging")] use crate::log::trace; use crate::msgs::base::Payload; diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index df7092a3db..666a781f51 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -1,6 +1,7 @@ use crate::check::inappropriate_message; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; +use crate::crypto::ring::{KeyExchange, SupportedKxGroup}; use crate::crypto::CryptoProvider; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; @@ -19,7 +20,7 @@ use crate::msgs::persist; #[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite}; -use crate::{kx, ticketer, verify}; +use crate::{ticketer, verify}; use super::common::ActiveCertifiedKey; use super::hs::{self, ServerContext}; @@ -403,11 +404,11 @@ mod client_hello { transcript: &mut HandshakeHash, common: &mut CommonState, sigschemes: Vec, - skxg: &'static kx::SupportedKxGroup, + skxg: &'static SupportedKxGroup, signing_key: &dyn sign::SigningKey, randoms: &ConnectionRandoms, - ) -> Result { - let kx = kx::KeyExchange::start(skxg)?; + ) -> Result { + let kx = KeyExchange::start(skxg)?; let secdh = ServerECDHParams::new(skxg.name, kx.pub_key()); let mut msg = Vec::new(); @@ -502,7 +503,7 @@ struct ExpectCertificate { session_id: SessionId, suite: &'static Tls12CipherSuite, using_ems: bool, - server_kx: kx::KeyExchange, + server_kx: KeyExchange, send_ticket: bool, } @@ -571,7 +572,7 @@ struct ExpectClientKx { session_id: SessionId, suite: &'static Tls12CipherSuite, using_ems: bool, - server_kx: kx::KeyExchange, + server_kx: KeyExchange, client_cert: Option>, send_ticket: bool, } diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index c06bef10ec..fa6ba5b609 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -41,8 +41,8 @@ use ring::constant_time; pub(super) use client_hello::CompleteClientHelloHandling; mod client_hello { + use crate::crypto::ring::KeyExchange; use crate::enums::SignatureScheme; - use crate::kx; use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::enums::NamedGroup; @@ -488,7 +488,7 @@ mod client_hello { let mut extensions = Vec::new(); // Prepare key exchange; the caller ascertained that the `share.group` is supported - let kx = kx::KeyExchange::choose(share.group, &config.kx_groups) + let kx = KeyExchange::choose(share.group, &config.kx_groups) .map_err(|_| Error::FailedToGetRandomBytes)?; let kse = KeyShareEntry::new(share.group, kx.pub_key()); diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index d9d7627eaa..e8bc15d267 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -1,9 +1,9 @@ use crate::cipher::{MessageDecrypter, MessageEncrypter}; use crate::common_state::{CommonState, Side}; use crate::conn::ConnectionRandoms; +use crate::crypto; use crate::enums::{AlertDescription, CipherSuite, SignatureScheme}; use crate::error::{Error, InvalidMessage}; -use crate::kx; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::KeyExchangeAlgorithm; use crate::suites::{BulkAlgorithm, CipherSuiteCommon, SupportedCipherSuite}; @@ -206,7 +206,7 @@ pub(crate) struct ConnectionSecrets { impl ConnectionSecrets { pub(crate) fn from_key_exchange( - kx: kx::KeyExchange, + kx: crypto::ring::KeyExchange, peer_pub_key: &[u8], ems_seed: Option, randoms: ConnectionRandoms, @@ -515,11 +515,12 @@ pub(crate) const DOWNGRADE_SENTINEL: [u8; 8] = [0x44, 0x4f, 0x57, 0x4e, 0x47, 0x mod tests { use super::*; use crate::common_state::{CommonState, Side}; + use crate::crypto::ring::{KeyExchange, X25519}; use crate::msgs::handshake::{ClientECDHParams, ServerECDHParams}; #[test] fn server_ecdhe_remaining_bytes() { - let key = kx::KeyExchange::start(&kx::X25519).unwrap(); + let key = KeyExchange::start(&X25519).unwrap(); let server_params = ServerECDHParams::new(key.group(), key.pub_key()); let mut server_buf = Vec::new(); server_params.encode(&mut server_buf); From 9c945eadb9de2c2656ac3eeee93c773f40818f1c Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 17 Mar 2023 14:56:49 -0400 Subject: [PATCH 0032/1145] lib: move `kx_group` module to crypto/ring. --- rustls/src/crypto/ring.rs | 9 +++++++++ rustls/src/lib.rs | 10 ++-------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/rustls/src/crypto/ring.rs b/rustls/src/crypto/ring.rs index 1a5c20e0da..e64b187564 100644 --- a/rustls/src/crypto/ring.rs +++ b/rustls/src/crypto/ring.rs @@ -202,3 +202,12 @@ pub static SECP384R1: SupportedKxGroup = SupportedKxGroup { /// A list of all the key exchange groups supported by rustls. pub static ALL_KX_GROUPS: [&SupportedKxGroup; 3] = [&X25519, &SECP256R1, &SECP384R1]; + +/// All defined key exchange groups supported by *ring* appear in this module. +/// +/// [`ALL_KX_GROUPS`] is provided as an array of all of these values. +pub mod kx_group { + pub use crate::crypto::ring::SECP256R1; + pub use crate::crypto::ring::SECP384R1; + pub use crate::crypto::ring::X25519; +} diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index ccbe4c62ef..2e6dcebd15 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -505,14 +505,8 @@ pub mod version { pub use crate::versions::TLS13; } -/// All defined key exchange groups appear in this module. -/// -/// ALL_KX_GROUPS is provided as an array of all of these values. -pub mod kx_group { - pub use crate::crypto::ring::SECP256R1; - pub use crate::crypto::ring::SECP384R1; - pub use crate::crypto::ring::X25519; -} +/// All defined key exchange groups supported by *ring* appear in this module. +pub use crypto::ring::kx_group; /// Message signing interfaces and implementations. pub mod sign; From 0e52a9b2c13cc60e01f15f7aab094373b9a80d01 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 13 Mar 2023 14:17:37 -0400 Subject: [PATCH 0033/1145] crypto: add SupportedGroup trait. This commit adds a trait for referring to supported key exchanges over named groups in a general fashion. The *ring* specific `SupportedKxGroup` type is then made to implement this trait. --- rustls/src/crypto/mod.rs | 8 ++++++++ rustls/src/crypto/ring.rs | 10 ++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index b64f0dd96d..724c530480 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,5 +1,7 @@ use crate::rand::GetRandomFailed; use crate::server::ProducesTickets; +use crate::NamedGroup; +use std::fmt::Debug; /// *ring* based CryptoProvider. pub mod ring; @@ -17,3 +19,9 @@ pub(crate) enum KeyExchangeError { UnsupportedGroup, KeyExchangeFailed(GetRandomFailed), } + +/// A trait describing a supported key exchange group that can be identified by name. +pub trait SupportedGroup: Debug + Send + Sync + 'static { + /// Named group the SupportedGroup operates in. + fn name(&self) -> NamedGroup; +} diff --git a/rustls/src/crypto/ring.rs b/rustls/src/crypto/ring.rs index e64b187564..8be1b52aa6 100644 --- a/rustls/src/crypto/ring.rs +++ b/rustls/src/crypto/ring.rs @@ -1,4 +1,4 @@ -use crate::crypto::{CryptoProvider, KeyExchangeError}; +use crate::crypto::{CryptoProvider, KeyExchangeError, SupportedGroup}; use crate::error::{Error, PeerMisbehaved}; use crate::msgs::enums::NamedGroup; use crate::rand::GetRandomFailed; @@ -164,7 +164,7 @@ impl KeyExchange { } } -/// A key-exchange group supported by rustls. +/// A key-exchange group supported by *ring*. /// /// All possible instances of this class are provided by the library in /// the `ALL_KX_GROUPS` array. @@ -176,6 +176,12 @@ pub struct SupportedKxGroup { agreement_algorithm: &'static ring::agreement::Algorithm, } +impl SupportedGroup for SupportedKxGroup { + fn name(&self) -> NamedGroup { + self.name + } +} + impl fmt::Debug for SupportedKxGroup { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { self.name.fmt(f) From 76de9080da856038f0f6ffdd25e285abce753b91 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 13 Mar 2023 17:08:51 -0400 Subject: [PATCH 0034/1145] crypto: introduce key exchange traits. This commit adds a `KeyExchange` associated type to the `CryptoProvider` trait. The `KeyExchange` type is constrained with its own `KeyExchange` trait that has an associated type for the `SupportedGroup`. In the `crypto::ring` package we adapt the existing *ring* specific `KeyExchange` and `SupportedKxGroup` types to these new traits. Throughout the codebase we tighten generic bounds where required to ensure we have a `CryptoProvider` bound that allows accessing the associated `KeyExchange` and `SupportedGroup`. We also make the `CryptoProvider` an associated type on the `Side` config. --- examples/src/bin/tlsclient-mio.rs | 2 +- rustls/src/builder.rs | 51 +++++++++++++++++------------ rustls/src/client/builder.rs | 15 ++++----- rustls/src/client/client_conn.rs | 16 ++++----- rustls/src/client/hs.rs | 23 +++++++------ rustls/src/client/tls12.rs | 40 +++++++++++------------ rustls/src/client/tls13.rs | 35 ++++++++++---------- rustls/src/crypto/mod.rs | 54 +++++++++++++++++++++++++++++-- rustls/src/crypto/ring.rs | 29 ++++++++++------- rustls/src/server/builder.rs | 15 ++++----- rustls/src/server/hs.rs | 6 ++-- rustls/src/server/server_conn.rs | 11 +++---- rustls/src/server/tls12.rs | 36 ++++++++++----------- rustls/src/server/tls13.rs | 37 +++++++++++---------- rustls/src/tls12/mod.rs | 7 ++-- rustls/tests/common/mod.rs | 6 ++-- 16 files changed, 224 insertions(+), 159 deletions(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 8d4cac532e..d6cddc112c 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -363,7 +363,7 @@ fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig(args: &Args, _: &mut rustls::ClientConfig) { +fn apply_dangerous_options(args: &Args, _: &mut rustls::ClientConfig) { if args.flag_insecure { panic!("This build does not support --insecure."); } diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 86acc44fd3..eae1be269a 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -1,5 +1,4 @@ -use crate::crypto::ring::{SupportedKxGroup, ALL_KX_GROUPS}; -use crate::crypto::CryptoProvider; +use crate::crypto::{CryptoProvider, KeyExchange}; use crate::error::Error; use crate::suites::{SupportedCipherSuite, DEFAULT_CIPHER_SUITES}; use crate::versions; @@ -135,17 +134,17 @@ impl ConfigBuilder { /// Start side-specific config with defaults for underlying cryptography. /// /// If used, this will enable all safe supported cipher suites ([`DEFAULT_CIPHER_SUITES`]), all - /// safe supported key exchange groups ([`ALL_KX_GROUPS`]) and all safe supported protocol - /// versions ([`DEFAULT_VERSIONS`]). + /// safe supported key exchange groups ([`KeyExchange::all_kx_groups`]) and all safe supported + /// protocol versions ([`DEFAULT_VERSIONS`]). /// /// These are safe defaults, useful for 99% of applications. /// /// [`DEFAULT_VERSIONS`]: versions::DEFAULT_VERSIONS - pub fn with_safe_defaults(self) -> ConfigBuilder { + pub fn with_safe_defaults(self) -> ConfigBuilder> { ConfigBuilder { state: WantsVerifier { cipher_suites: DEFAULT_CIPHER_SUITES.to_vec(), - kx_groups: ALL_KX_GROUPS.to_vec(), + kx_groups: <::KeyExchange as KeyExchange>::all_kx_groups().to_vec(), versions: versions::EnabledVersions::new(versions::DEFAULT_VERSIONS), }, side: self.side, @@ -187,8 +186,8 @@ impl ConfigBuilder { /// Choose a specific set of key exchange groups. pub fn with_kx_groups( self, - kx_groups: &[&'static SupportedKxGroup], - ) -> ConfigBuilder { + kx_groups: &[&'static <::KeyExchange as KeyExchange>::SupportedGroup], + ) -> ConfigBuilder> { ConfigBuilder { state: WantsVersions { cipher_suites: self.state.cipher_suites, @@ -198,11 +197,13 @@ impl ConfigBuilder { } } - /// Choose the default set of key exchange groups ([`ALL_KX_GROUPS`]). + /// Choose the default set of key exchange groups ([`KeyExchange::all_kx_groups`]). /// /// This is a safe default: rustls doesn't implement any poor-quality groups. - pub fn with_safe_default_kx_groups(self) -> ConfigBuilder { - self.with_kx_groups(&ALL_KX_GROUPS) + pub fn with_safe_default_kx_groups(self) -> ConfigBuilder> { + self.with_kx_groups( + <::KeyExchange as KeyExchange>::all_kx_groups(), + ) } } @@ -210,16 +211,16 @@ impl ConfigBuilder { /// /// For more information, see the [`ConfigBuilder`] documentation. #[derive(Clone, Debug)] -pub struct WantsVersions { +pub struct WantsVersions { cipher_suites: Vec, - kx_groups: Vec<&'static SupportedKxGroup>, + kx_groups: Vec<&'static ::SupportedGroup>, } -impl ConfigBuilder { +impl ConfigBuilder> { /// Accept the default protocol versions: both TLS1.2 and TLS1.3 are enabled. pub fn with_safe_default_protocol_versions( self, - ) -> Result, Error> { + ) -> Result>, Error> { self.with_protocol_versions(versions::DEFAULT_VERSIONS) } @@ -227,7 +228,7 @@ impl ConfigBuilder { pub fn with_protocol_versions( self, versions: &[&'static versions::SupportedProtocolVersion], - ) -> Result, Error> { + ) -> Result>, Error> { let mut any_usable_suite = false; for suite in &self.state.cipher_suites { if versions.contains(&suite.version()) { @@ -259,9 +260,10 @@ impl ConfigBuilder { /// /// For more information, see the [`ConfigBuilder`] documentation. #[derive(Clone, Debug)] -pub struct WantsVerifier { +pub struct WantsVerifier { pub(crate) cipher_suites: Vec, - pub(crate) kx_groups: Vec<&'static SupportedKxGroup>, + pub(crate) kx_groups: + Vec<&'static <::KeyExchange as KeyExchange>::SupportedGroup>, pub(crate) versions: versions::EnabledVersions, } @@ -269,10 +271,17 @@ pub struct WantsVerifier { /// /// [`ClientConfig`]: crate::ClientConfig /// [`ServerConfig`]: crate::ServerConfig -pub trait ConfigSide: sealed::Sealed {} +pub trait ConfigSide: sealed::Sealed { + /// Cryptographic provider. + type CryptoProvider: CryptoProvider; +} -impl ConfigSide for crate::ClientConfig {} -impl ConfigSide for crate::ServerConfig {} +impl ConfigSide for crate::ClientConfig { + type CryptoProvider = C; +} +impl ConfigSide for crate::ServerConfig { + type CryptoProvider = C; +} mod sealed { use crate::crypto::CryptoProvider; diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 2a27e18f59..d3e4388752 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -1,8 +1,7 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::client::handy; use crate::client::{ClientConfig, ResolvesClientCert}; -use crate::crypto::ring::SupportedKxGroup; -use crate::crypto::CryptoProvider; +use crate::crypto::{CryptoProvider, KeyExchange}; use crate::error::Error; use crate::key_log::NoKeyLog; use crate::suites::SupportedCipherSuite; @@ -14,12 +13,12 @@ use super::client_conn::Resumption; use std::marker::PhantomData; use std::sync::Arc; -impl ConfigBuilder, WantsVerifier> { +impl ConfigBuilder, WantsVerifier> { /// Choose how to verify server certificates. pub fn with_root_certificates( self, root_store: anchors::RootCertStore, - ) -> ConfigBuilder, WantsClientCert> { + ) -> ConfigBuilder, WantsClientCert> { ConfigBuilder { state: WantsClientCert { cipher_suites: self.state.cipher_suites, @@ -36,7 +35,7 @@ impl ConfigBuilder, WantsVerifier> { pub fn with_custom_certificate_verifier( self, verifier: Arc, - ) -> ConfigBuilder, WantsClientCert> { + ) -> ConfigBuilder, WantsClientCert> { ConfigBuilder { state: WantsClientCert { cipher_suites: self.state.cipher_suites, @@ -54,14 +53,14 @@ impl ConfigBuilder, WantsVerifier> { /// /// For more information, see the [`ConfigBuilder`] documentation. #[derive(Clone, Debug)] -pub struct WantsClientCert { +pub struct WantsClientCert { cipher_suites: Vec, - kx_groups: Vec<&'static SupportedKxGroup>, + kx_groups: Vec<&'static <::KeyExchange as KeyExchange>::SupportedGroup>, versions: versions::EnabledVersions, verifier: Arc, } -impl ConfigBuilder, WantsClientCert> { +impl ConfigBuilder, WantsClientCert> { /// Sets a single certificate chain and matching private key for use /// in client authentication. /// diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index b3f5f71ff2..48af82eb44 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -1,8 +1,7 @@ use crate::builder::{ConfigBuilder, WantsCipherSuites}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCommon, ConnectionCore}; -use crate::crypto::ring::SupportedKxGroup; -use crate::crypto::CryptoProvider; +use crate::crypto::{CryptoProvider, KeyExchange}; use crate::dns_name::{DnsName, DnsNameRef, InvalidDnsNameError}; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -122,7 +121,7 @@ pub trait ResolvesClientCert: Send + Sync { /// ids or tickets, with a max of eight tickets per server. /// * [`ClientConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. /// * [`ClientConfig::key_log`]: key material is not logged. -pub struct ClientConfig { +pub struct ClientConfig { /// List of ciphersuites, in preference order. pub(super) cipher_suites: Vec, @@ -131,7 +130,7 @@ pub struct ClientConfig { /// /// The first element in this list is the _default key share algorithm_, /// and in TLS1.3 a key share for it is sent in the client hello. - pub(super) kx_groups: Vec<&'static SupportedKxGroup>, + pub(super) kx_groups: Vec<&'static ::SupportedGroup>, /// Which ALPN protocols we include in our client hello. /// If empty, no ALPN extension is sent. @@ -200,7 +199,7 @@ pub enum Tls12Resumption { SessionIdOrTickets, } -impl Clone for ClientConfig { +impl Clone for ClientConfig { fn clone(&self) -> Self { Self { cipher_suites: self.cipher_suites.clone(), @@ -221,7 +220,7 @@ impl Clone for ClientConfig { } } -impl fmt::Debug for ClientConfig { +impl fmt::Debug for ClientConfig { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("ClientConfig") .field("alpn_protocols", &self.alpn_protocols) @@ -414,6 +413,7 @@ impl TryFrom<&str> for ServerName { /// Container for unsafe APIs #[cfg(feature = "dangerous_configuration")] pub(super) mod danger { + use crate::crypto::CryptoProvider; use std::sync::Arc; use super::verify::ServerCertVerifier; @@ -422,12 +422,12 @@ pub(super) mod danger { /// Accessor for dangerous configuration options. #[derive(Debug)] #[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] - pub struct DangerousClientConfig<'a, C> { + pub struct DangerousClientConfig<'a, C: CryptoProvider> { /// The underlying ClientConfig pub cfg: &'a mut ClientConfig, } - impl<'a, C> DangerousClientConfig<'a, C> { + impl<'a, C: CryptoProvider> DangerousClientConfig<'a, C> { /// Overrides the default `ServerCertVerifier` with something else. pub fn set_certificate_verifier(&mut self, verifier: Arc) { self.cfg.verifier = verifier; diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index c0f2e6090e..cf5ea85b98 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -3,8 +3,7 @@ use crate::bs_debug; use crate::check::inappropriate_handshake_message; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::ring::KeyExchange; -use crate::crypto::{CryptoProvider, KeyExchangeError}; +use crate::crypto::{CryptoProvider, KeyExchange, KeyExchangeError, SupportedGroup}; use crate::enums::{AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHashBuffer; @@ -144,7 +143,7 @@ pub(super) fn start_handshake( let random = Random::new::()?; - Ok(emit_client_hello_for_retry( + Ok(emit_client_hello_for_retry::( transcript_buffer, None, key_share, @@ -165,20 +164,20 @@ pub(super) fn start_handshake( )) } -struct ExpectServerHello { +struct ExpectServerHello { input: ClientHelloInput, transcript_buffer: HandshakeHashBuffer, early_key_schedule: Option, - offered_key_share: Option, + offered_key_share: Option, suite: Option, } -struct ExpectServerHelloOrHelloRetryRequest { +struct ExpectServerHelloOrHelloRetryRequest { next: ExpectServerHello, extra_exts: Vec, } -struct ClientHelloInput { +struct ClientHelloInput { config: Arc>, resuming: Option>, random: Random, @@ -190,13 +189,13 @@ struct ClientHelloInput { server_name: ServerName, } -fn emit_client_hello_for_retry( +fn emit_client_hello_for_retry( mut transcript_buffer: HandshakeHashBuffer, retryreq: Option<&HelloRetryRequest>, - key_share: Option, + key_share: Option, extra_exts: Vec, suite: Option, - mut input: ClientHelloInput, + mut input: ClientHelloInput, cx: &mut ClientContext<'_>, ) -> NextState { let config = &input.config; @@ -222,7 +221,7 @@ fn emit_client_hello_for_retry( config .kx_groups .iter() - .map(|skxg| skxg.name) + .map(|skxg| skxg.name()) .collect(), ), ClientExtension::SignatureAlgorithms( @@ -805,7 +804,7 @@ impl ExpectServerHelloOrHelloRetryRequest { _ => offered_key_share, }; - Ok(emit_client_hello_for_retry( + Ok(emit_client_hello_for_retry::( transcript_buffer, Some(hrr), Some(key_share), diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 777d1e4458..ec9cc8d28a 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -1,8 +1,7 @@ use crate::check::{inappropriate_handshake_message, inappropriate_message}; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::ring::KeyExchange; -use crate::crypto::{CryptoProvider, KeyExchangeError}; +use crate::crypto::{CryptoProvider, KeyExchange, KeyExchangeError}; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; @@ -46,7 +45,7 @@ mod server_hello { use super::*; - pub(in crate::client) struct CompleteServerHelloHandling { + pub(in crate::client) struct CompleteServerHelloHandling { pub(in crate::client) config: Arc>, pub(in crate::client) resuming_session: Option, pub(in crate::client) server_name: ServerName, @@ -181,7 +180,7 @@ mod server_hello { } } -struct ExpectCertificate { +struct ExpectCertificate { config: Arc>, resuming_session: Option, session_id: SessionId, @@ -239,7 +238,7 @@ impl State for ExpectCertificate { } } -struct ExpectCertificateStatusOrServerKx { +struct ExpectCertificateStatusOrServerKx { config: Arc>, resuming_session: Option, session_id: SessionId, @@ -307,7 +306,7 @@ impl State for ExpectCertificateStatusO } } -struct ExpectCertificateStatus { +struct ExpectCertificateStatus { config: Arc>, resuming_session: Option, session_id: SessionId, @@ -356,7 +355,7 @@ impl State for ExpectCertificateStatus< } } -struct ExpectServerKx { +struct ExpectServerKx { config: Arc>, resuming_session: Option, session_id: SessionId, @@ -521,7 +520,7 @@ impl ServerKxDetails { // --- Either a CertificateRequest, or a ServerHelloDone. --- // Existence of the CertificateRequest tells us the server is asking for // client auth. Otherwise we go straight to ServerHelloDone. -struct ExpectServerDoneOrCertReq { +struct ExpectServerDoneOrCertReq { config: Arc>, resuming_session: Option, session_id: SessionId, @@ -583,7 +582,7 @@ impl State for ExpectServerDoneOrCertRe } } -struct ExpectCertificateRequest { +struct ExpectCertificateRequest { config: Arc>, resuming_session: Option, session_id: SessionId, @@ -644,7 +643,7 @@ impl State for ExpectCertificateRequest } } -struct ExpectServerDone { +struct ExpectServerDone { config: Arc>, resuming_session: Option, session_id: SessionId, @@ -767,13 +766,14 @@ impl State for ExpectServerDone { let ecdh_params = tls12::decode_ecdh_params::(cx.common, &st.server_kx.kx_params)?; let named_group = ecdh_params.curve_params.named_group; - let kx = match KeyExchange::choose(named_group, &st.config.kx_groups) { - Ok(kx) => kx, - Err(KeyExchangeError::UnsupportedGroup) => { - return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into()) - } - Err(KeyExchangeError::KeyExchangeFailed(err)) => return Err(err.into()), - }; + let kx = + match <::KeyExchange>::choose(named_group, &st.config.kx_groups) { + Ok(kx) => kx, + Err(KeyExchangeError::UnsupportedGroup) => { + return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into()) + } + Err(KeyExchangeError::KeyExchangeFailed(err)) => return Err(err.into()), + }; // 5b. let mut transcript = st.transcript; @@ -845,7 +845,7 @@ impl State for ExpectServerDone { } } -struct ExpectNewTicket { +struct ExpectNewTicket { config: Arc>, secrets: ConnectionSecrets, resuming_session: Option, @@ -889,7 +889,7 @@ impl State for ExpectNewTicket { } // -- Waiting for their CCS -- -struct ExpectCcs { +struct ExpectCcs { config: Arc>, secrets: ConnectionSecrets, resuming_session: Option, @@ -939,7 +939,7 @@ impl State for ExpectCcs { } } -struct ExpectFinished { +struct ExpectFinished { config: Arc>, resuming_session: Option, session_id: SessionId, diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index c8b482388a..568f4067ae 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -5,8 +5,7 @@ use crate::common_state::Protocol; use crate::common_state::Side; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::ring::KeyExchange; -use crate::crypto::CryptoProvider; +use crate::crypto::{CryptoProvider, KeyExchange, SupportedGroup}; use crate::enums::{ AlertDescription, ContentType, HandshakeType, ProtocolVersion, SignatureScheme, }; @@ -63,8 +62,8 @@ static DISALLOWED_TLS13_EXTS: &[ExtensionType] = &[ ExtensionType::ExtendedMasterSecret, ]; -pub(super) fn handle_server_hello( - config: Arc>, +pub(super) fn handle_server_hello( + config: Arc>, cx: &mut ClientContext, server_hello: &ServerHelloPayload, mut resuming_session: Option, @@ -74,7 +73,7 @@ pub(super) fn handle_server_hello( transcript: HandshakeHash, early_key_schedule: Option, hello: ClientHelloDetails, - our_key_share: KeyExchange, + our_key_share: C::KeyExchange, mut sent_tls13_fake_ccs: bool, ) -> hs::NextStateOrError { validate_server_hello(cx.common, server_hello)?; @@ -202,10 +201,10 @@ fn validate_server_hello( Ok(()) } -pub(super) fn initial_key_share( - config: &ClientConfig, +pub(super) fn initial_key_share( + config: &ClientConfig, server_name: &ServerName, -) -> Result { +) -> Result { let group = config .resumption .store @@ -214,15 +213,15 @@ pub(super) fn initial_key_share( config .kx_groups .iter() - .any(|supported_group| supported_group.name == *hint_group) + .any(|supported_group| supported_group.name() == *hint_group) }) - .unwrap_or( + .unwrap_or_else(|| { config .kx_groups .first() .expect("No kx groups configured") - .name, - ); + .name() + }); KeyExchange::choose(group, &config.kx_groups).map_err(|_| Error::FailedToGetRandomBytes) } @@ -367,7 +366,7 @@ fn validate_encrypted_extensions( Ok(()) } -struct ExpectEncryptedExtensions { +struct ExpectEncryptedExtensions { config: Arc>, resuming_session: Option, server_name: ServerName, @@ -460,7 +459,7 @@ impl State for ExpectEncryptedExtension } } -struct ExpectCertificateOrCertReq { +struct ExpectCertificateOrCertReq { config: Arc>, server_name: ServerName, randoms: ConnectionRandoms, @@ -520,7 +519,7 @@ impl State for ExpectCertificateOrCertR // TLS1.3 version of CertificateRequest handling. We then move to expecting the server // Certificate. Unfortunately the CertificateRequest type changed in an annoying way // in TLS1.3. -struct ExpectCertificateRequest { +struct ExpectCertificateRequest { config: Arc>, server_name: ServerName, randoms: ConnectionRandoms, @@ -589,7 +588,7 @@ impl State for ExpectCertificateRequest } } -struct ExpectCertificate { +struct ExpectCertificate { config: Arc>, server_name: ServerName, randoms: ConnectionRandoms, @@ -642,7 +641,7 @@ impl State for ExpectCertificate { } // --- TLS1.3 CertificateVerify --- -struct ExpectCertificateVerify { +struct ExpectCertificateVerify { config: Arc>, server_name: ServerName, randoms: ConnectionRandoms, @@ -809,7 +808,7 @@ fn emit_end_of_early_data_tls13(transcript: &mut HandshakeHash, common: &mut Com common.send_msg(m, true); } -struct ExpectFinished { +struct ExpectFinished { config: Arc>, server_name: ServerName, randoms: ConnectionRandoms, diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 724c530480..463b9bae12 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,6 +1,7 @@ use crate::rand::GetRandomFailed; use crate::server::ProducesTickets; -use crate::NamedGroup; +use crate::{Error, NamedGroup}; + use std::fmt::Debug; /// *ring* based CryptoProvider. @@ -8,6 +9,9 @@ pub mod ring; /// Pluggable crypto galore. pub trait CryptoProvider: Send + Sync + 'static { + /// KeyExchange operations that are supported by the provider. + type KeyExchange: KeyExchange; + /// Build a ticket generator. fn ticket_generator() -> Result, GetRandomFailed>; @@ -15,8 +19,54 @@ pub trait CryptoProvider: Send + Sync + 'static { fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>; } -pub(crate) enum KeyExchangeError { +/// An in-progress key exchange over a [SupportedGroup]. +pub trait KeyExchange: Sized + Send + Sync + 'static { + /// The supported group the key exchange is operating over. + type SupportedGroup: SupportedGroup; + + /// Start a key exchange using the [NamedGroup] if it is a suitable choice + /// based on the groups supported. + /// + /// # Errors + /// + /// Returns an error if the [NamedGroup] is not supported, or if a key exchange + /// can't be started (see [KeyExchange#start]). + fn choose( + name: NamedGroup, + supported: &[&'static Self::SupportedGroup], + ) -> Result; + + /// Start a key exchange using the [SupportedGroup]. This will prepare an ephemeral + /// secret key in the supported group, and a corresponding public key. The key exchange + /// must be completed by calling [KeyExchange#complete]. + /// + /// # Errors + /// + /// Returns an error if key generation fails. + fn start(skxg: &'static Self::SupportedGroup) -> Result; + + /// Completes the key exchange, given the peer's public key. + /// + /// The shared secret is passed into the closure passed down in `f`, and the result of calling + /// `f` is returned to the caller. + fn complete(self, peer: &[u8], f: impl FnOnce(&[u8]) -> Result) -> Result; + + /// Return the group being used. + fn group(&self) -> NamedGroup; + + /// Return the public key being used. + fn pub_key(&self) -> &[u8]; + + /// Return all supported key exchange groups. + fn all_kx_groups() -> &'static [&'static Self::SupportedGroup]; +} + +/// Enumerates possible key exchange errors. +pub enum KeyExchangeError { + /// Returned when the specified group is unsupported. UnsupportedGroup, + + /// Returned when key exchange fails. KeyExchangeFailed(GetRandomFailed), } diff --git a/rustls/src/crypto/ring.rs b/rustls/src/crypto/ring.rs index 8be1b52aa6..3e80bc1d61 100644 --- a/rustls/src/crypto/ring.rs +++ b/rustls/src/crypto/ring.rs @@ -11,9 +11,12 @@ use ring::rand::{SecureRandom, SystemRandom}; use std::fmt; /// Default crypto provider. +#[derive(Debug)] pub struct Ring; impl CryptoProvider for Ring { + type KeyExchange = KeyExchange; + fn ticket_generator() -> Result, GetRandomFailed> { let mut key = [0u8; 32]; Self::fill_random(&mut key)?; @@ -98,14 +101,17 @@ impl ProducesTickets for AeadTicketer { /// An in-progress key exchange. This has the algorithm, /// our private key, and our public key. -pub(crate) struct KeyExchange { +#[derive(Debug)] +pub struct KeyExchange { group: &'static SupportedKxGroup, priv_key: EphemeralPrivateKey, pub_key: ring::agreement::PublicKey, } -impl KeyExchange { - pub(crate) fn choose( +impl super::KeyExchange for KeyExchange { + type SupportedGroup = SupportedKxGroup; + + fn choose( name: NamedGroup, supported: &[&'static SupportedKxGroup], ) -> Result { @@ -120,7 +126,7 @@ impl KeyExchange { Self::start(group).map_err(KeyExchangeError::KeyExchangeFailed) } - pub(crate) fn start(group: &'static SupportedKxGroup) -> Result { + fn start(group: &'static SupportedKxGroup) -> Result { let rng = SystemRandom::new(); let priv_key = match EphemeralPrivateKey::generate(group.agreement_algorithm, &rng) { Ok(priv_key) => priv_key, @@ -140,7 +146,7 @@ impl KeyExchange { } /// Return the group being used. - pub(crate) fn group(&self) -> NamedGroup { + fn group(&self) -> NamedGroup { self.group.name } @@ -148,20 +154,21 @@ impl KeyExchange { /// /// The shared secret is passed into the closure passed down in `f`, and the result of calling /// `f` is returned to the caller. - pub(crate) fn complete( - self, - peer: &[u8], - f: impl FnOnce(&[u8]) -> Result, - ) -> Result { + fn complete(self, peer: &[u8], f: impl FnOnce(&[u8]) -> Result) -> Result { let peer_key = UnparsedPublicKey::new(self.group.agreement_algorithm, peer); agree_ephemeral(self.priv_key, &peer_key, (), f) .map_err(|()| PeerMisbehaved::InvalidKeyShare.into()) } /// Return the public key being used. - pub(crate) fn pub_key(&self) -> &[u8] { + fn pub_key(&self) -> &[u8] { self.pub_key.as_ref() } + + /// Return all supported key exchange groups. + fn all_kx_groups() -> &'static [&'static Self::SupportedGroup] { + &ALL_KX_GROUPS + } } /// A key-exchange group supported by *ring*. diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 8fa984ae68..c67d11befc 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -1,6 +1,5 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; -use crate::crypto::ring::SupportedKxGroup; -use crate::crypto::CryptoProvider; +use crate::crypto::{CryptoProvider, KeyExchange}; use crate::error::Error; use crate::key; use crate::server::handy; @@ -13,12 +12,12 @@ use crate::NoKeyLog; use std::marker::PhantomData; use std::sync::Arc; -impl ConfigBuilder, WantsVerifier> { +impl ConfigBuilder, WantsVerifier> { /// Choose how to verify client certificates. pub fn with_client_cert_verifier( self, client_cert_verifier: Arc, - ) -> ConfigBuilder, WantsServerCert> { + ) -> ConfigBuilder, WantsServerCert> { ConfigBuilder { state: WantsServerCert { cipher_suites: self.state.cipher_suites, @@ -31,7 +30,7 @@ impl ConfigBuilder, WantsVerifier> { } /// Disable client authentication. - pub fn with_no_client_auth(self) -> ConfigBuilder, WantsServerCert> { + pub fn with_no_client_auth(self) -> ConfigBuilder, WantsServerCert> { self.with_client_cert_verifier(verify::NoClientAuth::boxed()) } } @@ -41,14 +40,14 @@ impl ConfigBuilder, WantsVerifier> { /// /// For more information, see the [`ConfigBuilder`] documentation. #[derive(Clone, Debug)] -pub struct WantsServerCert { +pub struct WantsServerCert { cipher_suites: Vec, - kx_groups: Vec<&'static SupportedKxGroup>, + kx_groups: Vec<&'static ::SupportedGroup>, versions: versions::EnabledVersions, verifier: Arc, } -impl ConfigBuilder, WantsServerCert> { +impl ConfigBuilder, WantsServerCert> { /// Sets a single certificate chain and matching private key. This /// certificate and key is used for all subsequent connections, /// irrespective of things like SNI hostname. diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index c13ff83afe..ea147fa370 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -63,7 +63,7 @@ impl ExtensionProcessing { Default::default() } - pub(super) fn process_common( + pub(super) fn process_common( &mut self, config: &ServerConfig, cx: &mut ServerContext<'_>, @@ -162,7 +162,7 @@ impl ExtensionProcessing { } #[cfg(feature = "tls12")] - pub(super) fn process_tls12( + pub(super) fn process_tls12( &mut self, config: &ServerConfig, hello: &ClientHelloPayload, @@ -203,7 +203,7 @@ impl ExtensionProcessing { } } -pub(super) struct ExpectClientHello { +pub(super) struct ExpectClientHello { pub(super) config: Arc>, pub(super) extra_exts: Vec, pub(super) transcript: HandshakeHashOrBuffer, diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 335c3c7789..c204a8376f 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,8 +1,7 @@ use crate::builder::{ConfigBuilder, WantsCipherSuites}; use crate::common_state::{CommonState, Context, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore}; -use crate::crypto::ring::SupportedKxGroup; -use crate::crypto::CryptoProvider; +use crate::crypto::{CryptoProvider, KeyExchange}; use crate::dns_name::DnsName; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -197,7 +196,7 @@ impl<'a> ClientHello<'a> { /// * [`ServerConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. /// * [`ServerConfig::key_log`]: key material is not logged. /// * [`ServerConfig::send_tls13_tickets`]: 4 tickets are sent. -pub struct ServerConfig { +pub struct ServerConfig { /// List of ciphersuites, in preference order. pub(super) cipher_suites: Vec, @@ -205,7 +204,7 @@ pub struct ServerConfig { /// /// The first is the highest priority: they will be /// offered to the client in this order. - pub(super) kx_groups: Vec<&'static SupportedKxGroup>, + pub(super) kx_groups: Vec<&'static ::SupportedGroup>, /// Ignore the client's ciphersuite order. Instead, /// choose the top ciphersuite in the server list @@ -301,7 +300,7 @@ pub struct ServerConfig { } // Avoid a `Clone` bound on `C`. -impl Clone for ServerConfig { +impl Clone for ServerConfig { fn clone(&self) -> Self { Self { cipher_suites: self.cipher_suites.clone(), @@ -325,7 +324,7 @@ impl Clone for ServerConfig { } } -impl fmt::Debug for ServerConfig { +impl fmt::Debug for ServerConfig { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("ServerConfig") .field("ignore_client_order", &self.ignore_client_order) diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 666a781f51..c9b0c4d018 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -1,7 +1,6 @@ use crate::check::inappropriate_message; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::ring::{KeyExchange, SupportedKxGroup}; use crate::crypto::CryptoProvider; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; @@ -33,6 +32,7 @@ use std::sync::Arc; pub(super) use client_hello::CompleteClientHelloHandling; mod client_hello { + use crate::crypto::{KeyExchange, SupportedGroup}; use crate::enums::SignatureScheme; use crate::msgs::enums::ECPointFormat; use crate::msgs::enums::{ClientCertificateType, Compression}; @@ -47,7 +47,7 @@ mod client_hello { use super::*; - pub(in crate::server) struct CompleteClientHelloHandling { + pub(in crate::server) struct CompleteClientHelloHandling { pub(in crate::server) config: Arc>, pub(in crate::server) transcript: HandshakeHash, pub(in crate::server) session_id: SessionId, @@ -173,7 +173,7 @@ mod client_hello { .config .kx_groups .iter() - .find(|skxg| groups_ext.contains(&skxg.name)) + .find(|skxg| groups_ext.contains(&skxg.name())) .cloned() .ok_or_else(|| { cx.common.send_fatal_alert( @@ -221,7 +221,7 @@ mod client_hello { if let Some(ocsp_response) = ocsp_response { emit_cert_status(&mut self.transcript, cx.common, ocsp_response); } - let server_kx = emit_server_kx( + let server_kx = emit_server_kx::( &mut self.transcript, cx.common, sigschemes, @@ -330,7 +330,7 @@ mod client_hello { } } - fn emit_server_hello( + fn emit_server_hello( config: &ServerConfig, transcript: &mut HandshakeHash, cx: &mut ServerContext<'_>, @@ -400,16 +400,16 @@ mod client_hello { common.send_msg(c, false); } - fn emit_server_kx( + fn emit_server_kx( transcript: &mut HandshakeHash, common: &mut CommonState, sigschemes: Vec, - skxg: &'static SupportedKxGroup, + skxg: &'static <::KeyExchange as KeyExchange>::SupportedGroup, signing_key: &dyn sign::SigningKey, randoms: &ConnectionRandoms, - ) -> Result { - let kx = KeyExchange::start(skxg)?; - let secdh = ServerECDHParams::new(skxg.name, kx.pub_key()); + ) -> Result { + let kx = <::KeyExchange as KeyExchange>::start(skxg)?; + let secdh = ServerECDHParams::new(skxg.name(), kx.pub_key()); let mut msg = Vec::new(); msg.extend(randoms.client); @@ -440,7 +440,7 @@ mod client_hello { Ok(kx) } - fn emit_certificate_req( + fn emit_certificate_req( config: &ServerConfig, transcript: &mut HandshakeHash, cx: &mut ServerContext<'_>, @@ -496,14 +496,14 @@ mod client_hello { } // --- Process client's Certificate for client auth --- -struct ExpectCertificate { +struct ExpectCertificate { config: Arc>, transcript: HandshakeHash, randoms: ConnectionRandoms, session_id: SessionId, suite: &'static Tls12CipherSuite, using_ems: bool, - server_kx: KeyExchange, + server_kx: C::KeyExchange, send_ticket: bool, } @@ -565,14 +565,14 @@ impl State for ExpectCertificate { } // --- Process client's KeyExchange --- -struct ExpectClientKx { +struct ExpectClientKx { config: Arc>, transcript: HandshakeHash, randoms: ConnectionRandoms, session_id: SessionId, suite: &'static Tls12CipherSuite, using_ems: bool, - server_kx: KeyExchange, + server_kx: C::KeyExchange, client_cert: Option>, send_ticket: bool, } @@ -634,7 +634,7 @@ impl State for ExpectClientKx { } // --- Process client's certificate proof --- -struct ExpectCertificateVerify { +struct ExpectCertificateVerify { config: Arc>, secrets: ConnectionSecrets, transcript: HandshakeHash, @@ -697,7 +697,7 @@ impl State for ExpectCertificateVerify< } // --- Process client's ChangeCipherSpec --- -struct ExpectCcs { +struct ExpectCcs { config: Arc>, secrets: ConnectionSecrets, transcript: HandshakeHash, @@ -830,7 +830,7 @@ fn emit_finished( common.send_msg(f, true); } -struct ExpectFinished { +struct ExpectFinished { config: Arc>, secrets: ConnectionSecrets, transcript: HandshakeHash, diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index fa6ba5b609..5a39941e72 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -41,7 +41,7 @@ use ring::constant_time; pub(super) use client_hello::CompleteClientHelloHandling; mod client_hello { - use crate::crypto::ring::KeyExchange; + use crate::crypto::{KeyExchange, SupportedGroup}; use crate::enums::SignatureScheme; use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; @@ -77,7 +77,7 @@ mod client_hello { Accepted, } - pub(in crate::server) struct CompleteClientHelloHandling { + pub(in crate::server) struct CompleteClientHelloHandling { pub(in crate::server) config: Arc>, pub(in crate::server) transcript: HandshakeHash, pub(in crate::server) suite: &'static Tls13CipherSuite, @@ -208,7 +208,7 @@ mod client_hello { .find_map(|group| { shares_ext .iter() - .find(|share| share.group == group.name) + .find(|share| share.group == group.name()) }); let chosen_share = match chosen_share { @@ -220,7 +220,7 @@ mod client_hello { .config .kx_groups .iter() - .find(|group| groups_ext.contains(&group.name)) + .find(|group| groups_ext.contains(&group.name())) .cloned(); self.transcript.add_message(chm); @@ -237,7 +237,7 @@ mod client_hello { &mut self.transcript, self.suite, cx.common, - group.name, + group.name(), ); emit_fake_ccs(cx.common); @@ -474,7 +474,7 @@ mod client_hello { } } - fn emit_server_hello( + fn emit_server_hello( transcript: &mut HandshakeHash, randoms: &ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -488,8 +488,11 @@ mod client_hello { let mut extensions = Vec::new(); // Prepare key exchange; the caller ascertained that the `share.group` is supported - let kx = KeyExchange::choose(share.group, &config.kx_groups) - .map_err(|_| Error::FailedToGetRandomBytes)?; + let kx = <::KeyExchange as KeyExchange>::choose( + share.group, + &config.kx_groups, + ) + .map_err(|_| Error::FailedToGetRandomBytes)?; let kse = KeyShareEntry::new(share.group, kx.pub_key()); extensions.push(ServerExtension::KeyShare(kse)); @@ -599,7 +602,7 @@ mod client_hello { } #[allow(clippy::needless_pass_by_ref_mut)] // cx only mutated if cfg(feature = "quic") - fn decide_if_early_data_allowed( + fn decide_if_early_data_allowed( cx: &mut ServerContext<'_>, client_hello: &ClientHelloPayload, resumedata: Option<&persist::ServerSessionValue>, @@ -659,7 +662,7 @@ mod client_hello { } } - fn emit_encrypted_extensions( + fn emit_encrypted_extensions( transcript: &mut HandshakeHash, suite: &'static Tls13CipherSuite, cx: &mut ServerContext<'_>, @@ -691,7 +694,7 @@ mod client_hello { Ok(early_data) } - fn emit_certificate_req_tls13( + fn emit_certificate_req_tls13( transcript: &mut HandshakeHash, cx: &mut ServerContext<'_>, config: &ServerConfig, @@ -812,7 +815,7 @@ mod client_hello { Ok(()) } - fn emit_finished_tls13( + fn emit_finished_tls13( transcript: &mut HandshakeHash, randoms: &ConnectionRandoms, cx: &mut ServerContext<'_>, @@ -847,7 +850,7 @@ mod client_hello { } } -struct ExpectAndSkipRejectedEarlyData { +struct ExpectAndSkipRejectedEarlyData { skip_data_left: usize, next: Box>, } @@ -869,7 +872,7 @@ impl State for ExpectAndSkipRejectedEar } } -struct ExpectCertificate { +struct ExpectCertificate { config: Arc>, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, @@ -941,7 +944,7 @@ impl State for ExpectCertificate { } } -struct ExpectCertificateVerify { +struct ExpectCertificateVerify { config: Arc>, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, @@ -991,7 +994,7 @@ impl State for ExpectCertificateVerify< // --- Process (any number of) early ApplicationData messages, // followed by a terminating handshake EndOfEarlyData message --- -struct ExpectEarlyData { +struct ExpectEarlyData { config: Arc>, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, @@ -1072,7 +1075,7 @@ fn get_server_session_value( ) } -struct ExpectFinished { +struct ExpectFinished { config: Arc>, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index e8bc15d267..d10517e021 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -206,7 +206,7 @@ pub(crate) struct ConnectionSecrets { impl ConnectionSecrets { pub(crate) fn from_key_exchange( - kx: crypto::ring::KeyExchange, + kx: impl crypto::KeyExchange, peer_pub_key: &[u8], ems_seed: Option, randoms: ConnectionRandoms, @@ -515,12 +515,13 @@ pub(crate) const DOWNGRADE_SENTINEL: [u8; 8] = [0x44, 0x4f, 0x57, 0x4e, 0x47, 0x mod tests { use super::*; use crate::common_state::{CommonState, Side}; - use crate::crypto::ring::{KeyExchange, X25519}; + use crate::crypto::ring::{self, X25519}; + use crate::crypto::KeyExchange; use crate::msgs::handshake::{ClientECDHParams, ServerECDHParams}; #[test] fn server_ecdhe_remaining_bytes() { - let key = KeyExchange::start(&X25519).unwrap(); + let key = ring::KeyExchange::start(&X25519).unwrap(); let server_params = ServerECDHParams::new(key.group(), key.pub_key()); let mut server_buf = Vec::new(); server_params.encode(&mut server_buf); diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 51d576faca..52aa8d3c9b 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -250,7 +250,7 @@ impl KeyType { pub fn finish_server_config( kt: KeyType, - conf: rustls::ConfigBuilder, rustls::WantsVerifier>, + conf: rustls::ConfigBuilder, rustls::WantsVerifier>, ) -> ServerConfig { conf.with_no_client_auth() .with_single_cert(kt.get_chain(), kt.get_key()) @@ -340,7 +340,7 @@ pub fn make_server_config_with_optional_client_auth( pub fn finish_client_config( kt: KeyType, - config: rustls::ConfigBuilder, rustls::WantsVerifier>, + config: rustls::ConfigBuilder, rustls::WantsVerifier>, ) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); @@ -353,7 +353,7 @@ pub fn finish_client_config( pub fn finish_client_config_with_creds( kt: KeyType, - config: rustls::ConfigBuilder, rustls::WantsVerifier>, + config: rustls::ConfigBuilder, rustls::WantsVerifier>, ) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); From 74fa57c9c8589b3436e67cd6a3f95254f4fb3fbd Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 17 Mar 2023 15:28:33 -0400 Subject: [PATCH 0035/1145] ring: match KeyExchange impl block to trait. The `KeyExchange` trait's methods were ordered constructors -> complex functions -> less complex functions. The original *ring* specific `KeyExchange` didn't match this ordering. This commit synchronizes the two. --- rustls/src/crypto/ring.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rustls/src/crypto/ring.rs b/rustls/src/crypto/ring.rs index 3e80bc1d61..e5b0890b70 100644 --- a/rustls/src/crypto/ring.rs +++ b/rustls/src/crypto/ring.rs @@ -145,11 +145,6 @@ impl super::KeyExchange for KeyExchange { }) } - /// Return the group being used. - fn group(&self) -> NamedGroup { - self.group.name - } - /// Completes the key exchange, given the peer's public key. /// /// The shared secret is passed into the closure passed down in `f`, and the result of calling @@ -160,6 +155,11 @@ impl super::KeyExchange for KeyExchange { .map_err(|()| PeerMisbehaved::InvalidKeyShare.into()) } + /// Return the group being used. + fn group(&self) -> NamedGroup { + self.group.name + } + /// Return the public key being used. fn pub_key(&self) -> &[u8] { self.pub_key.as_ref() From 7d6a84ba0cd3737a4c604613b472e3ff9bd63b06 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 13 Jun 2023 12:45:09 +0100 Subject: [PATCH 0036/1145] Use subtle::ConstantTimeEq instead of ring::constant_time --- rustls/Cargo.toml | 1 + rustls/src/client/tls12.rs | 18 ++++++++++-------- rustls/src/client/tls13.rs | 16 +++++++++------- rustls/src/server/tls12.rs | 18 ++++++++++-------- rustls/src/server/tls13.rs | 19 ++++++++++--------- 5 files changed, 40 insertions(+), 32 deletions(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 98807cc011..6e99f676a4 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -18,6 +18,7 @@ rustversion = { version = "1.0.6", optional = true } [dependencies] log = { version = "0.4.4", optional = true } ring = "0.16.20" +subtle = "2.5.0" webpki = { package = "rustls-webpki", version = "0.101.0", features = ["alloc", "std"] } [features] diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index ec9cc8d28a..16b694290c 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -31,7 +31,7 @@ use crate::client::common::ClientAuthDetails; use crate::client::common::ServerCertDetails; use crate::client::{hs, ClientConfig, ServerName}; -use ring::constant_time; +use subtle::ConstantTimeEq; use std::sync::Arc; @@ -1018,13 +1018,15 @@ impl State for ExpectFinished { // Constant-time verification of this is relatively unimportant: they only // get one chance. But it can't hurt. - let _fin_verified = - constant_time::verify_slices_are_equal(&expect_verify_data, &finished.0) - .map_err(|_| { - cx.common - .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError) - }) - .map(|_| verify::FinishedMessageVerified::assertion())?; + let _fin_verified = match ConstantTimeEq::ct_eq(&expect_verify_data[..], &finished.0).into() + { + true => verify::FinishedMessageVerified::assertion(), + false => { + return Err(cx + .common + .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError)); + } + }; // Hash this message too. st.transcript.add_message(&m); diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 568f4067ae..ef40049ee4 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -41,7 +41,7 @@ use crate::client::common::{ClientAuthDetails, ClientHelloDetails}; use crate::client::{hs, ClientConfig, ClientSessionStore, ServerName}; use crate::ticketer::TimeBase; -use ring::constant_time; +use subtle::ConstantTimeEq; use crate::sign::{CertifiedKey, Signer}; use std::sync::Arc; @@ -831,12 +831,14 @@ impl State for ExpectFinished { .key_schedule .sign_server_finish(&handshake_hash); - let fin = constant_time::verify_slices_are_equal(expect_verify_data.as_ref(), &finished.0) - .map_err(|_| { - cx.common - .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError) - }) - .map(|_| verify::FinishedMessageVerified::assertion())?; + let fin = match ConstantTimeEq::ct_eq(expect_verify_data.as_ref(), &finished.0).into() { + true => verify::FinishedMessageVerified::assertion(), + false => { + return Err(cx + .common + .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError)); + } + }; st.transcript.add_message(&m); diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index c9b0c4d018..f981148a9d 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -25,7 +25,7 @@ use super::common::ActiveCertifiedKey; use super::hs::{self, ServerContext}; use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData}; -use ring::constant_time; +use subtle::ConstantTimeEq; use std::sync::Arc; @@ -850,13 +850,15 @@ impl State for ExpectFinished { let vh = self.transcript.get_current_hash(); let expect_verify_data = self.secrets.client_verify_data(&vh); - let _fin_verified = - constant_time::verify_slices_are_equal(&expect_verify_data, &finished.0) - .map_err(|_| { - cx.common - .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError) - }) - .map(|_| verify::FinishedMessageVerified::assertion())?; + let _fin_verified = match ConstantTimeEq::ct_eq(&expect_verify_data[..], &finished.0).into() + { + true => verify::FinishedMessageVerified::assertion(), + false => { + return Err(cx + .common + .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError)); + } + }; // Save connection, perhaps if !self.resuming && !self.session_id.is_empty() { diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 5a39941e72..8388880b22 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -36,7 +36,7 @@ use super::server_conn::ServerConnectionData; use std::sync::Arc; -use ring::constant_time; +use subtle::ConstantTimeEq; pub(super) use client_hello::CompleteClientHelloHandling; @@ -125,7 +125,7 @@ mod client_hello { let real_binder = key_schedule.resumption_psk_binder_key_and_sign_verify_data(&handshake_hash); - constant_time::verify_slices_are_equal(real_binder.as_ref(), binder).is_ok() + ConstantTimeEq::ct_eq(real_binder.as_ref(), binder).into() } fn attempt_tls13_ticket_decryption( @@ -1158,13 +1158,14 @@ impl State for ExpectFinished { .key_schedule .sign_client_finish(&handshake_hash, cx.common); - let fin = constant_time::verify_slices_are_equal(expect_verify_data.as_ref(), &finished.0) - .map_err(|_| { - warn!("Finished wrong"); - cx.common - .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError) - }) - .map(|_| verify::FinishedMessageVerified::assertion())?; + let fin = match ConstantTimeEq::ct_eq(expect_verify_data.as_ref(), &finished.0[..]).into() { + true => verify::FinishedMessageVerified::assertion(), + false => { + return Err(cx + .common + .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError)); + } + }; // nb. future derivations include Client Finished, but not the // main application data keying. From 3d5c93aa0bd9a695bd7c36bc55b21d8bfe668d1e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 12 Jul 2023 12:28:34 +0100 Subject: [PATCH 0037/1145] Remove ticketer from CryptoProvider Instead, the ring-based `rustls::Ticketer` is exported directly, as is the `TicketSwitcher` which is a useful building block for downstream users. --- examples/src/bin/tlsserver-mio.rs | 2 +- rustls/examples/internal/bench.rs | 2 +- rustls/examples/internal/bogo_shim.rs | 2 +- rustls/src/crypto/mod.rs | 4 - rustls/src/crypto/ring.rs | 232 +++++++++++++++++--------- rustls/src/lib.rs | 3 +- rustls/src/ticketer.rs | 98 ++--------- rustls/tests/api.rs | 2 +- 8 files changed, 173 insertions(+), 172 deletions(-) diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index e0a200af44..110739008a 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -633,7 +633,7 @@ fn make_config(args: &Args) -> Arc> { } if args.flag_tickets { - config.ticketer = rustls::Ticketer::new::().unwrap(); + config.ticketer = rustls::Ticketer::new().unwrap(); } config.alpn_protocols = args diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index d61d57c0df..5862eed517 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -322,7 +322,7 @@ fn make_server_config( if resume == ResumptionParam::SessionID { cfg.session_storage = ServerSessionMemoryCache::new(128); } else if resume == ResumptionParam::Tickets { - cfg.ticketer = Ticketer::new::().unwrap(); + cfg.ticketer = Ticketer::new().unwrap(); } else { cfg.session_storage = Arc::new(NoServerSessionStorage {}); } diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 67d27a0481..b811293f15 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -425,7 +425,7 @@ fn make_server_cfg(opts: &Options) -> Arc> { } if opts.tickets { - cfg.ticketer = Ticketer::new::().unwrap(); + cfg.ticketer = Ticketer::new().unwrap(); } else if opts.resumes == 0 { cfg.session_storage = Arc::new(server::NoServerSessionStorage {}); } diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 463b9bae12..9ddd9f0c93 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,5 +1,4 @@ use crate::rand::GetRandomFailed; -use crate::server::ProducesTickets; use crate::{Error, NamedGroup}; use std::fmt::Debug; @@ -12,9 +11,6 @@ pub trait CryptoProvider: Send + Sync + 'static { /// KeyExchange operations that are supported by the provider. type KeyExchange: KeyExchange; - /// Build a ticket generator. - fn ticket_generator() -> Result, GetRandomFailed>; - /// Fill the given buffer with random bytes. fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>; } diff --git a/rustls/src/crypto/ring.rs b/rustls/src/crypto/ring.rs index e5b0890b70..2e94058358 100644 --- a/rustls/src/crypto/ring.rs +++ b/rustls/src/crypto/ring.rs @@ -9,6 +9,7 @@ use ring::agreement::{agree_ephemeral, EphemeralPrivateKey, UnparsedPublicKey}; use ring::rand::{SecureRandom, SystemRandom}; use std::fmt; +use std::sync::Arc; /// Default crypto provider. #[derive(Debug)] @@ -17,20 +18,6 @@ pub struct Ring; impl CryptoProvider for Ring { type KeyExchange = KeyExchange; - fn ticket_generator() -> Result, GetRandomFailed> { - let mut key = [0u8; 32]; - Self::fill_random(&mut key)?; - - let alg = &aead::CHACHA20_POLY1305; - let key = aead::UnboundKey::new(alg, &key).unwrap(); - - Ok(Box::new(AeadTicketer { - alg, - key: aead::LessSafeKey::new(key), - lifetime: 60 * 60 * 12, - })) - } - fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed> { SystemRandom::new() .fill(buf) @@ -38,67 +25,6 @@ impl CryptoProvider for Ring { } } -/// This is a `ProducesTickets` implementation which uses -/// any *ring* `aead::Algorithm` to encrypt and authentication -/// the ticket payload. It does not enforce any lifetime -/// constraint. -struct AeadTicketer { - alg: &'static aead::Algorithm, - key: aead::LessSafeKey, - lifetime: u32, -} - -impl ProducesTickets for AeadTicketer { - fn enabled(&self) -> bool { - true - } - fn lifetime(&self) -> u32 { - self.lifetime - } - - /// Encrypt `message` and return the ciphertext. - fn encrypt(&self, message: &[u8]) -> Option> { - // Random nonce, because a counter is a privacy leak. - let mut nonce_buf = [0u8; 12]; - Ring::fill_random(&mut nonce_buf).ok()?; - let nonce = aead::Nonce::assume_unique_for_key(nonce_buf); - let aad = ring::aead::Aad::empty(); - - let mut ciphertext = - Vec::with_capacity(nonce_buf.len() + message.len() + self.key.algorithm().tag_len()); - ciphertext.extend(nonce_buf); - ciphertext.extend(message); - self.key - .seal_in_place_separate_tag(nonce, aad, &mut ciphertext[nonce_buf.len()..]) - .map(|tag| { - ciphertext.extend(tag.as_ref()); - ciphertext - }) - .ok() - } - - /// Decrypt `ciphertext` and recover the original message. - fn decrypt(&self, ciphertext: &[u8]) -> Option> { - // Non-panicking `let (nonce, ciphertext) = ciphertext.split_at(...)`. - let nonce = ciphertext.get(..self.alg.nonce_len())?; - let ciphertext = ciphertext.get(nonce.len()..)?; - - // This won't fail since `nonce` has the required length. - let nonce = aead::Nonce::try_assume_unique_for_key(nonce).ok()?; - - let mut out = Vec::from(ciphertext); - - let plain_len = self - .key - .open_in_place(nonce, aead::Aad::empty(), &mut out) - .ok()? - .len(); - out.truncate(plain_len); - - Some(out) - } -} - /// An in-progress key exchange. This has the algorithm, /// our private key, and our public key. #[derive(Debug)] @@ -224,3 +150,159 @@ pub mod kx_group { pub use crate::crypto::ring::SECP384R1; pub use crate::crypto::ring::X25519; } + +/// A concrete, safe ticket creation mechanism. +pub struct Ticketer {} + +impl Ticketer { + /// Make the recommended Ticketer. This produces tickets + /// with a 12 hour life and randomly generated keys. + /// + /// The encryption mechanism used is Chacha20Poly1305. + pub fn new() -> Result, Error> { + Ok(Arc::new(crate::ticketer::TicketSwitcher::new( + 6 * 60 * 60, + make_ticket_generator, + )?)) + } +} + +fn make_ticket_generator() -> Result, GetRandomFailed> { + let mut key = [0u8; 32]; + Ring::fill_random(&mut key)?; + + let alg = &aead::CHACHA20_POLY1305; + let key = aead::UnboundKey::new(alg, &key).unwrap(); + + Ok(Box::new(AeadTicketer { + alg, + key: aead::LessSafeKey::new(key), + lifetime: 60 * 60 * 12, + })) +} + +/// This is a `ProducesTickets` implementation which uses +/// any *ring* `aead::Algorithm` to encrypt and authentication +/// the ticket payload. It does not enforce any lifetime +/// constraint. +struct AeadTicketer { + alg: &'static aead::Algorithm, + key: aead::LessSafeKey, + lifetime: u32, +} + +impl ProducesTickets for AeadTicketer { + fn enabled(&self) -> bool { + true + } + fn lifetime(&self) -> u32 { + self.lifetime + } + + /// Encrypt `message` and return the ciphertext. + fn encrypt(&self, message: &[u8]) -> Option> { + // Random nonce, because a counter is a privacy leak. + let mut nonce_buf = [0u8; 12]; + Ring::fill_random(&mut nonce_buf).ok()?; + let nonce = aead::Nonce::assume_unique_for_key(nonce_buf); + let aad = ring::aead::Aad::empty(); + + let mut ciphertext = + Vec::with_capacity(nonce_buf.len() + message.len() + self.key.algorithm().tag_len()); + ciphertext.extend(nonce_buf); + ciphertext.extend(message); + self.key + .seal_in_place_separate_tag(nonce, aad, &mut ciphertext[nonce_buf.len()..]) + .map(|tag| { + ciphertext.extend(tag.as_ref()); + ciphertext + }) + .ok() + } + + /// Decrypt `ciphertext` and recover the original message. + fn decrypt(&self, ciphertext: &[u8]) -> Option> { + // Non-panicking `let (nonce, ciphertext) = ciphertext.split_at(...)`. + let nonce = ciphertext.get(..self.alg.nonce_len())?; + let ciphertext = ciphertext.get(nonce.len()..)?; + + // This won't fail since `nonce` has the required length. + let nonce = aead::Nonce::try_assume_unique_for_key(nonce).ok()?; + + let mut out = Vec::from(ciphertext); + + let plain_len = self + .key + .open_in_place(nonce, aead::Aad::empty(), &mut out) + .ok()? + .len(); + out.truncate(plain_len); + + Some(out) + } +} + +#[cfg(test)] +use crate::ticketer::TimeBase; + +#[test] +fn basic_pairwise_test() { + let t = Ticketer::new().unwrap(); + assert!(t.enabled()); + let cipher = t.encrypt(b"hello world").unwrap(); + let plain = t.decrypt(&cipher).unwrap(); + assert_eq!(plain, b"hello world"); +} + +#[test] +fn ticketswitcher_switching_test() { + let t = Arc::new(crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap()); + let now = TimeBase::now().unwrap(); + let cipher1 = t.encrypt(b"ticket 1").unwrap(); + assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); + { + // Trigger new ticketer + t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(10))); + } + let cipher2 = t.encrypt(b"ticket 2").unwrap(); + assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); + assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); + { + // Trigger new ticketer + t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(20))); + } + let cipher3 = t.encrypt(b"ticket 3").unwrap(); + assert!(t.decrypt(&cipher1).is_none()); + assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); + assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); +} + +#[cfg(test)] +fn fail_generator() -> Result, GetRandomFailed> { + Err(GetRandomFailed) +} + +#[test] +fn ticketswitcher_recover_test() { + let mut t = crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap(); + let now = TimeBase::now().unwrap(); + let cipher1 = t.encrypt(b"ticket 1").unwrap(); + assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); + t.generator = fail_generator; + { + // Failed new ticketer + t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(10))); + } + t.generator = make_ticket_generator; + let cipher2 = t.encrypt(b"ticket 2").unwrap(); + assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); + assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); + { + // recover + t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(20))); + } + let cipher3 = t.encrypt(b"ticket 3").unwrap(); + assert!(t.decrypt(&cipher1).is_none()); + assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); + assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); +} diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 2e6dcebd15..dc7f51b7cd 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -379,6 +379,7 @@ pub use crate::builder::{ }; pub use crate::common_state::{CommonState, IoState, Side}; pub use crate::conn::{Connection, ConnectionCommon, Reader, SideData, Writer}; +pub use crate::crypto::ring::Ticketer; pub use crate::crypto::ring::{SupportedKxGroup, ALL_KX_GROUPS}; pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, @@ -400,7 +401,7 @@ pub use crate::suites::{ #[cfg(feature = "secret_extraction")] #[cfg_attr(docsrs, doc(cfg(feature = "secret_extraction")))] pub use crate::suites::{ConnectionTrafficSecrets, ExtractedSecrets}; -pub use crate::ticketer::Ticketer; +pub use crate::ticketer::TicketSwitcher; #[cfg(feature = "tls12")] pub use crate::tls12::Tls12CipherSuite; pub use crate::tls13::Tls13CipherSuite; diff --git a/rustls/src/ticketer.rs b/rustls/src/ticketer.rs index dd9f6b1dcd..d0725ea93e 100644 --- a/rustls/src/ticketer.rs +++ b/rustls/src/ticketer.rs @@ -1,12 +1,9 @@ -#[cfg(test)] -use crate::crypto::ring::Ring; -use crate::crypto::CryptoProvider; use crate::rand; use crate::server::ProducesTickets; use crate::Error; use std::mem; -use std::sync::{Arc, Mutex, MutexGuard}; +use std::sync::{Mutex, MutexGuard}; use std::time; /// The timebase for expiring and rolling tickets and ticketing @@ -14,7 +11,7 @@ use std::time; /// /// This is guaranteed to be on or after the UNIX epoch. #[derive(Clone, Copy, Debug)] -pub struct TimeBase(time::Duration); +pub struct TimeBase(pub(crate) time::Duration); impl TimeBase { #[inline] @@ -30,7 +27,7 @@ impl TimeBase { } } -struct TicketSwitcherState { +pub(crate) struct TicketSwitcherState { next: Option>, current: Box, previous: Option>, @@ -40,18 +37,21 @@ struct TicketSwitcherState { /// A ticketer that has a 'current' sub-ticketer and a single /// 'previous' ticketer. It creates a new ticketer every so /// often, demoting the current ticketer. -struct TicketSwitcher { - generator: fn() -> Result, rand::GetRandomFailed>, +pub struct TicketSwitcher { + pub(crate) generator: fn() -> Result, rand::GetRandomFailed>, lifetime: u32, state: Mutex, } impl TicketSwitcher { + /// Creates a new `TicketSwitcher`, which rotates through sub-ticketers + /// based on the passage of time. + /// /// `lifetime` is in seconds, and is how long the current ticketer /// is used to generate new tickets. Tickets are accepted for no /// longer than twice this duration. `generator` produces a new /// `ProducesTickets` implementation. - fn new( + pub fn new( lifetime: u32, generator: fn() -> Result, rand::GetRandomFailed>, ) -> Result { @@ -79,7 +79,7 @@ impl TicketSwitcher { /// /// For efficiency, this is also responsible for locking the state mutex /// and returning the mutexguard. - fn maybe_roll(&self, now: TimeBase) -> Option> { + pub(crate) fn maybe_roll(&self, now: TimeBase) -> Option> { // The code below aims to make switching as efficient as possible // in the common case that the generator never fails. To achieve this // we run the following steps: @@ -181,81 +181,3 @@ impl ProducesTickets for TicketSwitcher { }) } } - -/// A concrete, safe ticket creation mechanism. -pub struct Ticketer {} - -impl Ticketer { - /// Make the recommended Ticketer. This produces tickets - /// with a 12 hour life and randomly generated keys. - /// - /// The encryption mechanism used in Chacha20Poly1305. - pub fn new() -> Result, Error> { - Ok(Arc::new(TicketSwitcher::new( - 6 * 60 * 60, - C::ticket_generator, - )?)) - } -} - -#[test] -fn basic_pairwise_test() { - let t = Ticketer::new::().unwrap(); - assert!(t.enabled()); - let cipher = t.encrypt(b"hello world").unwrap(); - let plain = t.decrypt(&cipher).unwrap(); - assert_eq!(plain, b"hello world"); -} - -#[test] -fn ticketswitcher_switching_test() { - let t = Arc::new(TicketSwitcher::new(1, Ring::ticket_generator).unwrap()); - let now = TimeBase::now().unwrap(); - let cipher1 = t.encrypt(b"ticket 1").unwrap(); - assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); - { - // Trigger new ticketer - t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(10))); - } - let cipher2 = t.encrypt(b"ticket 2").unwrap(); - assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); - assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); - { - // Trigger new ticketer - t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(20))); - } - let cipher3 = t.encrypt(b"ticket 3").unwrap(); - assert!(t.decrypt(&cipher1).is_none()); - assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); - assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); -} - -#[cfg(test)] -fn fail_generator() -> Result, rand::GetRandomFailed> { - Err(rand::GetRandomFailed) -} - -#[test] -fn ticketswitcher_recover_test() { - let mut t = TicketSwitcher::new(1, Ring::ticket_generator).unwrap(); - let now = TimeBase::now().unwrap(); - let cipher1 = t.encrypt(b"ticket 1").unwrap(); - assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); - t.generator = fail_generator; - { - // Failed new ticketer - t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(10))); - } - t.generator = Ring::ticket_generator; - let cipher2 = t.encrypt(b"ticket 2").unwrap(); - assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); - assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); - { - // recover - t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(20))); - } - let cipher3 = t.encrypt(b"ticket 3").unwrap(); - assert!(t.decrypt(&cipher1).is_none()); - assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); - assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); -} diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index ac79fa3973..1f40728ae8 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3058,7 +3058,7 @@ fn tls13_stateless_resumption() { let client_config = Arc::new(client_config); let mut server_config = make_server_config(kt); - server_config.ticketer = rustls::Ticketer::new::().unwrap(); + server_config.ticketer = rustls::Ticketer::new().unwrap(); let storage = Arc::new(ServerStorage::new()); server_config.session_storage = storage.clone(); let server_config = Arc::new(server_config); From 83be0aa3489a499212eae5a65973dc030ed3df1f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 12 Jul 2023 14:02:38 +0100 Subject: [PATCH 0038/1145] Refactor crypto::KeyExchange to simplify This replaces the one use of `start()` (in TLS1.2 server) with `choose()`, and then calls the result `start()` which I think is slightly clearer. --- rustls/src/client/hs.rs | 5 +++-- rustls/src/client/tls12.rs | 5 +++-- rustls/src/client/tls13.rs | 2 +- rustls/src/crypto/mod.rs | 26 +++++++++++++------------- rustls/src/crypto/ring.rs | 10 +++------- rustls/src/server/tls12.rs | 21 +++++++++++++++++---- rustls/src/server/tls13.rs | 2 +- rustls/src/tls12/mod.rs | 2 +- 8 files changed, 42 insertions(+), 31 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index cf5ea85b98..57ef1ed86b 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -20,6 +20,7 @@ use crate::msgs::handshake::{HelloRetryRequest, KeyShareEntry}; use crate::msgs::handshake::{Random, SessionId}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; +use crate::rand::GetRandomFailed; use crate::ticketer::TimeBase; use crate::tls13::key_schedule::KeyScheduleEarly; use crate::SupportedCipherSuite; @@ -790,7 +791,7 @@ impl ExpectServerHelloOrHelloRetryRequest { let key_share = match req_group { Some(group) if group != offered_key_share.group() => { - match KeyExchange::choose(group, &self.next.input.config.kx_groups) { + match KeyExchange::start(group, &config.kx_groups) { Ok(kx) => kx, Err(KeyExchangeError::UnsupportedGroup) => { return Err(cx.common.send_fatal_alert( @@ -798,7 +799,7 @@ impl ExpectServerHelloOrHelloRetryRequest { PeerMisbehaved::IllegalHelloRetryRequestWithUnofferedNamedGroup, )); } - Err(KeyExchangeError::KeyExchangeFailed(err)) => return Err(err.into()), + Err(KeyExchangeError::GetRandomFailed) => return Err(GetRandomFailed.into()), } } _ => offered_key_share, diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 16b694290c..40f704f2e5 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -30,6 +30,7 @@ use super::hs::ClientContext; use crate::client::common::ClientAuthDetails; use crate::client::common::ServerCertDetails; use crate::client::{hs, ClientConfig, ServerName}; +use crate::rand::GetRandomFailed; use subtle::ConstantTimeEq; @@ -767,12 +768,12 @@ impl State for ExpectServerDone { tls12::decode_ecdh_params::(cx.common, &st.server_kx.kx_params)?; let named_group = ecdh_params.curve_params.named_group; let kx = - match <::KeyExchange>::choose(named_group, &st.config.kx_groups) { + match <::KeyExchange>::start(named_group, &st.config.kx_groups) { Ok(kx) => kx, Err(KeyExchangeError::UnsupportedGroup) => { return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into()) } - Err(KeyExchangeError::KeyExchangeFailed(err)) => return Err(err.into()), + Err(KeyExchangeError::GetRandomFailed) => return Err(GetRandomFailed.into()), }; // 5b. diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index ef40049ee4..6fb6d6c8f1 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -223,7 +223,7 @@ pub(super) fn initial_key_share( .name() }); - KeyExchange::choose(group, &config.kx_groups).map_err(|_| Error::FailedToGetRandomBytes) + KeyExchange::start(group, &config.kx_groups).map_err(|_| Error::FailedToGetRandomBytes) } /// This implements the horrifying TLS1.3 hack where PSK binders have a diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 9ddd9f0c93..26fb211346 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -23,24 +23,23 @@ pub trait KeyExchange: Sized + Send + Sync + 'static { /// Start a key exchange using the [NamedGroup] if it is a suitable choice /// based on the groups supported. /// + /// This will prepare an ephemeral secret key in the supported group, and a corresponding + /// public key. The key exchange must be completed by calling [KeyExchange#complete]. + /// + /// `name` gives the name of the chosen key exchange group that should be used. `supported` + /// is the configurated collection of supported key exchange groups. Implementation-specific + /// data can be looked up in this array (based on `name`) to allow unconfigured algorithms + /// to be discarded by the linker. + /// /// # Errors /// /// Returns an error if the [NamedGroup] is not supported, or if a key exchange - /// can't be started (see [KeyExchange#start]). - fn choose( + /// can't be started. + fn start( name: NamedGroup, supported: &[&'static Self::SupportedGroup], ) -> Result; - /// Start a key exchange using the [SupportedGroup]. This will prepare an ephemeral - /// secret key in the supported group, and a corresponding public key. The key exchange - /// must be completed by calling [KeyExchange#complete]. - /// - /// # Errors - /// - /// Returns an error if key generation fails. - fn start(skxg: &'static Self::SupportedGroup) -> Result; - /// Completes the key exchange, given the peer's public key. /// /// The shared secret is passed into the closure passed down in `f`, and the result of calling @@ -58,12 +57,13 @@ pub trait KeyExchange: Sized + Send + Sync + 'static { } /// Enumerates possible key exchange errors. +#[derive(Debug)] pub enum KeyExchangeError { /// Returned when the specified group is unsupported. UnsupportedGroup, - /// Returned when key exchange fails. - KeyExchangeFailed(GetRandomFailed), + /// Random material generation failure during key generation/exchange. + GetRandomFailed, } /// A trait describing a supported key exchange group that can be identified by name. diff --git a/rustls/src/crypto/ring.rs b/rustls/src/crypto/ring.rs index 2e94058358..884e1ec1c3 100644 --- a/rustls/src/crypto/ring.rs +++ b/rustls/src/crypto/ring.rs @@ -37,7 +37,7 @@ pub struct KeyExchange { impl super::KeyExchange for KeyExchange { type SupportedGroup = SupportedKxGroup; - fn choose( + fn start( name: NamedGroup, supported: &[&'static SupportedKxGroup], ) -> Result { @@ -49,19 +49,15 @@ impl super::KeyExchange for KeyExchange { None => return Err(KeyExchangeError::UnsupportedGroup), }; - Self::start(group).map_err(KeyExchangeError::KeyExchangeFailed) - } - - fn start(group: &'static SupportedKxGroup) -> Result { let rng = SystemRandom::new(); let priv_key = match EphemeralPrivateKey::generate(group.agreement_algorithm, &rng) { Ok(priv_key) => priv_key, - Err(_) => return Err(GetRandomFailed), + Err(_) => return Err(KeyExchangeError::GetRandomFailed), }; let pub_key = match priv_key.compute_public_key() { Ok(pub_key) => pub_key, - Err(_) => return Err(GetRandomFailed), + Err(_) => return Err(KeyExchangeError::GetRandomFailed), }; Ok(Self { diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index f981148a9d..78a0be235f 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -16,6 +16,7 @@ use crate::msgs::handshake::{ClientECDHParams, HandshakeMessagePayload, Handshak use crate::msgs::handshake::{NewSessionTicketPayload, SessionId}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; +use crate::rand::GetRandomFailed; #[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite}; @@ -35,6 +36,7 @@ mod client_hello { use crate::crypto::{KeyExchange, SupportedGroup}; use crate::enums::SignatureScheme; use crate::msgs::enums::ECPointFormat; + use crate::msgs::enums::NamedGroup; use crate::msgs::enums::{ClientCertificateType, Compression}; use crate::msgs::handshake::ServerECDHParams; use crate::msgs::handshake::{CertificateRequestPayload, ClientSessionTicket, Random}; @@ -180,7 +182,8 @@ mod client_hello { AlertDescription::HandshakeFailure, PeerIncompatible::NoKxGroupsInCommon, ) - })?; + })? + .name(); let ecpoint = ECPointFormat::SUPPORTED .iter() @@ -224,6 +227,7 @@ mod client_hello { let server_kx = emit_server_kx::( &mut self.transcript, cx.common, + &self.config, sigschemes, group, server_key.get_key(), @@ -403,13 +407,22 @@ mod client_hello { fn emit_server_kx( transcript: &mut HandshakeHash, common: &mut CommonState, + config: &ServerConfig, sigschemes: Vec, - skxg: &'static <::KeyExchange as KeyExchange>::SupportedGroup, + selected_group: NamedGroup, signing_key: &dyn sign::SigningKey, randoms: &ConnectionRandoms, ) -> Result { - let kx = <::KeyExchange as KeyExchange>::start(skxg)?; - let secdh = ServerECDHParams::new(skxg.name(), kx.pub_key()); + let kx = match <::KeyExchange as KeyExchange>::start( + selected_group, + &config.kx_groups, + ) { + Ok(kx) => kx, + Err(_) => { + return Err(GetRandomFailed.into()); + } + }; + let secdh = ServerECDHParams::new(selected_group, kx.pub_key()); let mut msg = Vec::new(); msg.extend(randoms.client); diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 8388880b22..0015bb8232 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -488,7 +488,7 @@ mod client_hello { let mut extensions = Vec::new(); // Prepare key exchange; the caller ascertained that the `share.group` is supported - let kx = <::KeyExchange as KeyExchange>::choose( + let kx = <::KeyExchange as KeyExchange>::start( share.group, &config.kx_groups, ) diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index d10517e021..127c87e402 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -521,7 +521,7 @@ mod tests { #[test] fn server_ecdhe_remaining_bytes() { - let key = ring::KeyExchange::start(&X25519).unwrap(); + let key = ring::KeyExchange::start(crate::NamedGroup::X25519, &[&X25519]).unwrap(); let server_params = ServerECDHParams::new(key.group(), key.pub_key()); let mut server_buf = Vec::new(); server_params.encode(&mut server_buf); From 3d121b9d6254a4326a9b92a1c40cb002a84f8188 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 13 Jul 2023 11:06:03 +0100 Subject: [PATCH 0039/1145] tls13: refactor choosing of first kx group --- rustls/src/client/tls13.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 6fb6d6c8f1..4700a78677 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -209,19 +209,19 @@ pub(super) fn initial_key_share( .resumption .store .kx_hint(server_name) - .filter(|hint_group| { + .and_then(|hint_group| { config .kx_groups .iter() - .any(|supported_group| supported_group.name() == *hint_group) + .find(|kx_group| kx_group.name() == hint_group) }) .unwrap_or_else(|| { config .kx_groups .first() .expect("No kx groups configured") - .name() - }); + }) + .name(); KeyExchange::start(group, &config.kx_groups).map_err(|_| Error::FailedToGetRandomBytes) } From 304116b4765a562f1d063c453286d2ca6ebba519 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 24 Jul 2023 15:10:04 +0200 Subject: [PATCH 0040/1145] crypto: fix typo in docstring --- rustls/src/crypto/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 26fb211346..90ab7f3673 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -27,7 +27,7 @@ pub trait KeyExchange: Sized + Send + Sync + 'static { /// public key. The key exchange must be completed by calling [KeyExchange#complete]. /// /// `name` gives the name of the chosen key exchange group that should be used. `supported` - /// is the configurated collection of supported key exchange groups. Implementation-specific + /// is the configured collection of supported key exchange groups. Implementation-specific /// data can be looked up in this array (based on `name`) to allow unconfigured algorithms /// to be discarded by the linker. /// From aa30870f150f6b4299b3eea4facb750a1c4680c9 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 26 Jul 2023 14:14:30 +0100 Subject: [PATCH 0041/1145] server: echo client's session_id in HRR --- rustls/src/server/tls13.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 0015bb8232..72a3b2a5aa 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -236,6 +236,7 @@ mod client_hello { emit_hello_retry_request( &mut self.transcript, self.suite, + client_hello.session_id, cx.common, group.name(), ); @@ -570,12 +571,13 @@ mod client_hello { fn emit_hello_retry_request( transcript: &mut HandshakeHash, suite: &'static Tls13CipherSuite, + session_id: SessionId, common: &mut CommonState, group: NamedGroup, ) { let mut req = HelloRetryRequest { legacy_version: ProtocolVersion::TLSv1_2, - session_id: SessionId::empty(), + session_id, cipher_suite: suite.common.suite, extensions: Vec::new(), }; From 41769b4801ec5a5a3a5af93c45750cf73bea482f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 26 Jul 2023 14:13:54 +0100 Subject: [PATCH 0042/1145] Regression test for echoing session id in HRR --- rustls/tests/api.rs | 58 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 1f40728ae8..d7e498dde8 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4022,6 +4022,64 @@ fn test_client_sends_helloretryrequest() { )); } +#[test] +fn test_server_requests_retry_with_echoed_session_id() { + use rustls::internal::msgs::handshake::SessionId; + let expected_session_id = SessionId::random::().unwrap(); + + let assert_client_sends_hello_with_secp384 = |msg: &mut Message| -> Altered { + if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { + if let HandshakePayload::ClientHello(ch) = &mut parsed.payload { + let keyshares = ch + .get_keyshare_extension() + .expect("missing key share extension"); + assert_eq!(keyshares.len(), 1); + assert_eq!(keyshares[0].group, rustls::NamedGroup::secp384r1); + + ch.session_id = expected_session_id; + *encoded = Payload::new(parsed.get_encoding()); + } + } + Altered::InPlace + }; + + let assert_server_requests_retry_and_echoes_session_id = |msg: &mut Message| -> Altered { + if let MessagePayload::Handshake { parsed, .. } = &mut msg.payload { + if let HandshakePayload::HelloRetryRequest(hrr) = &mut parsed.payload { + let group = hrr.get_requested_key_share_group(); + assert_eq!(group, Some(rustls::NamedGroup::X25519)); + + assert_eq!(hrr.session_id, expected_session_id); + } + } + Altered::InPlace + }; + + // client prefers a secp384r1 key share, server only accepts x25519 + let client_config = make_client_config_with_kx_groups( + KeyType::Rsa, + &[&rustls::kx_group::SECP384R1, &rustls::kx_group::X25519], + ); + + let server_config = + make_server_config_with_kx_groups(KeyType::Rsa, &[&rustls::kx_group::X25519]); + + let (client, server) = make_pair_for_configs(client_config, server_config); + let (mut client, mut server) = (client.into(), server.into()); + transfer_altered( + &mut client, + assert_client_sends_hello_with_secp384, + &mut server, + ); + server.process_new_packets().unwrap(); + transfer_altered( + &mut server, + assert_server_requests_retry_and_echoes_session_id, + &mut client, + ); + client.process_new_packets().unwrap(); +} + #[cfg(feature = "tls12")] #[test] fn test_client_attempts_to_use_unsupported_kx_group() { From b2ba1a2a71b2d382f5d831b904ec398b9d69b68c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 26 Jul 2023 14:30:15 +0100 Subject: [PATCH 0043/1145] Require new webpki and use its new APIs --- rustls/Cargo.toml | 2 +- rustls/src/verify.rs | 13 ++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 6e99f676a4..d8fa4d5115 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -19,7 +19,7 @@ rustversion = { version = "1.0.6", optional = true } log = { version = "0.4.4", optional = true } ring = "0.16.20" subtle = "2.5.0" -webpki = { package = "rustls-webpki", version = "0.101.0", features = ["alloc", "std"] } +webpki = { package = "rustls-webpki", version = "0.101.2", features = ["alloc", "std"] } [features] default = ["logging", "tls12"] diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index eb5139ea26..2513687cbd 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -329,11 +329,13 @@ pub fn verify_server_cert_signed_by_trust_anchor( let webpki_now = webpki::Time::try_from(now).map_err(|_| Error::FailedToGetCurrentTime)?; cert.0 - .verify_is_valid_tls_server_cert( + .verify_for_usage( SUPPORTED_SIG_ALGS, - &webpki::TlsServerTrustAnchors(&trust_roots), + &trust_roots, &chain, webpki_now, + webpki::KeyUsage::server_auth(), + &[], // no CRLs ) .map_err(pki_error) .map(|_| ()) @@ -532,12 +534,13 @@ impl ClientCertVerifier for AllowAnyAuthenticatedClient { .collect::>(); cert.0 - .verify_is_valid_tls_client_cert( + .verify_for_usage( SUPPORTED_SIG_ALGS, - &webpki::TlsClientTrustAnchors(&trust_roots), + &trust_roots, &chain, now, - crls.as_slice(), + webpki::KeyUsage::client_auth(), + &crls, ) .map_err(pki_error) .map(|_| ClientCertVerified::assertion()) From cc19eabc251dc6f75abae00be9a8b8764a03fb2b Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 26 Jul 2023 15:16:11 +0100 Subject: [PATCH 0044/1145] client: detect HRR with incorrect session_id See comment for justification from RFC. --- rustls/src/client/hs.rs | 22 ++++++++++++++++++++++ rustls/src/error.rs | 1 + rustls/tests/api.rs | 15 ++++++++++----- 3 files changed, 33 insertions(+), 5 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 57ef1ed86b..b8125b8c29 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -744,6 +744,28 @@ impl ExpectServerHelloOrHelloRetryRequest { }); } + // Or does not echo the session_id from our ClientHello: + // + // > the HelloRetryRequest has the same format as a ServerHello message, + // > and the legacy_version, legacy_session_id_echo, cipher_suite, and + // > legacy_compression_method fields have the same meaning + // + // + // and + // + // > A client which receives a legacy_session_id_echo field that does not + // > match what it sent in the ClientHello MUST abort the handshake with an + // > "illegal_parameter" alert. + // + if hrr.session_id != self.next.input.session_id { + return Err({ + cx.common.send_fatal_alert( + AlertDescription::IllegalParameter, + PeerMisbehaved::IllegalHelloRetryRequestWithWrongSessionId, + ) + }); + } + // Or asks us to talk a protocol we didn't offer, or doesn't support HRR at all. match hrr.get_supported_versions() { Some(ProtocolVersion::TLSv1_3) => { diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 381835f29a..40d126cd49 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -180,6 +180,7 @@ pub enum PeerMisbehaved { IllegalHelloRetryRequestWithUnofferedCipherSuite, IllegalHelloRetryRequestWithUnofferedNamedGroup, IllegalHelloRetryRequestWithUnsupportedVersion, + IllegalHelloRetryRequestWithWrongSessionId, IllegalMiddleboxChangeCipherSpec, IllegalTlsInnerPlaintext, IncorrectBinder, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index d7e498dde8..2be391a8b3 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4023,9 +4023,9 @@ fn test_client_sends_helloretryrequest() { } #[test] -fn test_server_requests_retry_with_echoed_session_id() { +fn test_client_rejects_hrr_with_varied_session_id() { use rustls::internal::msgs::handshake::SessionId; - let expected_session_id = SessionId::random::().unwrap(); + let different_session_id = SessionId::random::().unwrap(); let assert_client_sends_hello_with_secp384 = |msg: &mut Message| -> Altered { if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { @@ -4036,7 +4036,7 @@ fn test_server_requests_retry_with_echoed_session_id() { assert_eq!(keyshares.len(), 1); assert_eq!(keyshares[0].group, rustls::NamedGroup::secp384r1); - ch.session_id = expected_session_id; + ch.session_id = different_session_id; *encoded = Payload::new(parsed.get_encoding()); } } @@ -4049,7 +4049,7 @@ fn test_server_requests_retry_with_echoed_session_id() { let group = hrr.get_requested_key_share_group(); assert_eq!(group, Some(rustls::NamedGroup::X25519)); - assert_eq!(hrr.session_id, expected_session_id); + assert_eq!(hrr.session_id, different_session_id); } } Altered::InPlace @@ -4077,7 +4077,12 @@ fn test_server_requests_retry_with_echoed_session_id() { assert_server_requests_retry_and_echoes_session_id, &mut client, ); - client.process_new_packets().unwrap(); + assert_eq!( + client.process_new_packets(), + Err(Error::PeerMisbehaved( + PeerMisbehaved::IllegalHelloRetryRequestWithWrongSessionId + )) + ); } #[cfg(feature = "tls12")] From 29a207be867a321b54b687430aa79762fff88a5c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Jul 2023 04:12:31 +0000 Subject: [PATCH 0045/1145] build(deps): update webpki-roots requirement from 0.24 to 0.25 .. and then fix build for webpki-roots 0.25.x. --- examples/Cargo.toml | 2 +- examples/src/bin/limitedclient.rs | 1 - examples/src/bin/simple_0rtt_client.rs | 1 - examples/src/bin/simpleclient.rs | 1 - examples/src/bin/tlsclient-mio.rs | 1 - rustls/Cargo.toml | 2 +- rustls/src/lib.rs | 2 -- rustls/src/verifybench.rs | 1 - 8 files changed, 2 insertions(+), 9 deletions(-) diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 3f4f7ddbd5..6f3f9b5ace 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -21,7 +21,7 @@ rustls-pemfile = "1.0.3" sct = "0.7" serde = "1.0" serde_derive = "1.0" -webpki-roots = "0.24" +webpki-roots = "0.25" [dev-dependencies] regex = "1.0" diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index a5151075f8..7d75191cea 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -13,7 +13,6 @@ fn main() { let mut root_store = rustls::RootCertStore::empty(); root_store.add_server_trust_anchors( webpki_roots::TLS_SERVER_ROOTS - .0 .iter() .map(|ta| { OwnedTrustAnchor::from_subject_spki_name_constraints( diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index ffa2ba7c62..35bc4abd6e 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -62,7 +62,6 @@ fn main() { let mut root_store = RootCertStore::empty(); root_store.add_server_trust_anchors( webpki_roots::TLS_SERVER_ROOTS - .0 .iter() .map(|ta| { OwnedTrustAnchor::from_subject_spki_name_constraints( diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index baf5cec581..f73aa9161e 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -19,7 +19,6 @@ fn main() { let mut root_store = RootCertStore::empty(); root_store.add_server_trust_anchors( webpki_roots::TLS_SERVER_ROOTS - .0 .iter() .map(|ta| { OwnedTrustAnchor::from_subject_spki_name_constraints( diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index d6cddc112c..7b605c4e3b 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -382,7 +382,6 @@ fn make_config(args: &Args) -> Arc> { } else { root_store.add_server_trust_anchors( webpki_roots::TLS_SERVER_ROOTS - .0 .iter() .map(|ta| { OwnedTrustAnchor::from_subject_spki_name_constraints( diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index d8fa4d5115..9de8f9ebb8 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -34,7 +34,7 @@ read_buf = ["rustversion"] bencher = "0.1.5" env_logger = "0.10" log = "0.4.4" -webpki-roots = "0.24.0" +webpki-roots = "0.25.0" rustls-pemfile = "1.0.3" base64 = "0.21" diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index dc7f51b7cd..ca9716bb97 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -105,7 +105,6 @@ //! let mut root_store = rustls::RootCertStore::empty(); //! root_store.add_server_trust_anchors( //! webpki_roots::TLS_SERVER_ROOTS -//! .0 //! .iter() //! .map(|ta| { //! rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( @@ -138,7 +137,6 @@ //! # let mut root_store = rustls::RootCertStore::empty(); //! # root_store.add_server_trust_anchors( //! # webpki_roots::TLS_SERVER_ROOTS -//! # .0 //! # .iter() //! # .map(|ta| { //! # rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index 3ccfbdb004..71419042e1 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -189,7 +189,6 @@ impl Context { let mut roots = anchors::RootCertStore::empty(); roots.add_server_trust_anchors( webpki_roots::TLS_SERVER_ROOTS - .0 .iter() .map(|ta| { OwnedTrustAnchor::from_subject_spki_name_constraints( From ad62b2cf4a0af0ad37a1d082ab631c93796b2c96 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 27 Jul 2023 08:31:55 +0100 Subject: [PATCH 0046/1145] Update example usage in README.md (with admin/pull-usage) --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index b6d8b06e49..af1af57b33 100644 --- a/README.md +++ b/README.md @@ -189,6 +189,8 @@ Options: to certificate. Optional. --auth CERTFILE Enable client authentication, and accept certificates signed by those roots provided in CERTFILE. + --crl CRLFILE ... Perform client certificate revocation checking using the DER-encoded + CRLFILE. May be used multiple times. --require-auth Send a fatal alert if the client does not complete client authentication. --resumption Support session resumption. From 763a17ef5f14bd3eeda8565fedd78ca0caea9a99 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 27 Jul 2023 18:45:21 -0400 Subject: [PATCH 0047/1145] ci: fix setup-go build cache warnings. Since v4 of the `actions/setup-go` action, caching is enabled by default and when a `go.sum` can't be found in the root of the project, a warning is logged. Since we don't have a `go.sum` in the project root, this warning was being issued by both tasks that used the `setup-go` action: * The BoGo test suite task * The code coverage task For the first of these, caching is disabled to avoid the warning - we weren't benefiting from this to begin with and setting `cache-dependency-path` to `bogo/bogo/go.sum` or `bogo/go.sum` wasn't working. For the second of these, it's not clear _why_ we were installing the Go toolchain. The BoGo test suite is not being run by this task and so Go is not required. Removing it fixes the warning. --- .github/workflows/build.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 870ebdfd12..cb7d1714aa 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -107,6 +107,7 @@ jobs: uses: actions/setup-go@v4 with: go-version: "1.20" + cache: false - name: Run test suite working-directory: bogo @@ -189,11 +190,6 @@ jobs: - name: Install cargo-llvm-cov run: cargo install cargo-llvm-cov - - name: Install golang toolchain - uses: actions/setup-go@v4 - with: - go-version: "1.20" - - name: Measure coverage run: ./admin/coverage --lcov --output-path final.info From 54a7771d90fe34563a3d6ac36a0f0510722ffb68 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 28 Jul 2023 13:34:39 +0100 Subject: [PATCH 0048/1145] Check usage/intro docs in README.md are in sync --- .github/workflows/build.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cb7d1714aa..3896896320 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -173,6 +173,13 @@ jobs: env: RUSTDOCFLAGS: -Dwarnings + - name: Check README.md + run: | + cargo build --all-features + ./admin/pull-readme + ./admin/pull-usage + git diff --exit-code + coverage: name: Measure coverage runs-on: ubuntu-20.04 From 01a9c6cd7f98521da5076b883caae8854514ff85 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Mon, 31 Jul 2023 18:28:54 +0200 Subject: [PATCH 0049/1145] directly use core:: & alloc:: API instead of std:: re-exports --- rustls/src/bs_debug.rs | 2 +- rustls/src/builder.rs | 6 +++--- rustls/src/client/builder.rs | 4 ++-- rustls/src/client/client_conn.rs | 11 ++++++----- rustls/src/client/common.rs | 2 +- rustls/src/client/handy.rs | 7 ++++--- rustls/src/client/hs.rs | 4 ++-- rustls/src/client/tls12.rs | 2 +- rustls/src/client/tls13.rs | 4 ++-- rustls/src/conn.rs | 6 +++--- rustls/src/crypto/mod.rs | 2 +- rustls/src/crypto/ring.rs | 12 ++++++------ rustls/src/dns_name.rs | 5 +++-- rustls/src/error.rs | 8 ++++---- rustls/src/hash_hs.rs | 2 +- rustls/src/key.rs | 2 +- rustls/src/lib.rs | 2 ++ rustls/src/limited_cache.rs | 9 +++++---- rustls/src/msgs/base.rs | 2 +- rustls/src/msgs/codec.rs | 2 +- rustls/src/msgs/deframer.rs | 2 +- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 4 ++-- rustls/src/msgs/persist.rs | 12 ++++++------ rustls/src/quic.rs | 8 ++++---- rustls/src/server/builder.rs | 4 ++-- rustls/src/server/handy.rs | 3 ++- rustls/src/server/hs.rs | 2 +- rustls/src/server/server_conn.rs | 9 +++++---- rustls/src/server/tls12.rs | 2 +- rustls/src/server/tls13.rs | 2 +- rustls/src/sign.rs | 4 ++-- rustls/src/stream.rs | 2 +- rustls/src/suites.rs | 2 +- rustls/src/ticketer.rs | 5 +++-- rustls/src/tls12/mod.rs | 2 +- rustls/src/tls13/mod.rs | 2 +- rustls/src/vecbuf.rs | 6 +++--- rustls/src/verify.rs | 4 ++-- rustls/src/verifybench.rs | 3 ++- rustls/src/versions.rs | 2 +- 41 files changed, 93 insertions(+), 83 deletions(-) diff --git a/rustls/src/bs_debug.rs b/rustls/src/bs_debug.rs index ad73ee6b3c..6fe18f27f9 100644 --- a/rustls/src/bs_debug.rs +++ b/rustls/src/bs_debug.rs @@ -1,4 +1,4 @@ -use std::fmt; +use core::fmt; /// Alternative implementation of `fmt::Debug` for byte slice. /// diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index eae1be269a..10947e0558 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -3,8 +3,8 @@ use crate::error::Error; use crate::suites::{SupportedCipherSuite, DEFAULT_CIPHER_SUITES}; use crate::versions; -use std::fmt; -use std::marker::PhantomData; +use core::fmt; +use core::marker::PhantomData; /// Building a [`ServerConfig`] or [`ClientConfig`] in a linker-friendly and /// complete way. @@ -105,7 +105,7 @@ pub struct ConfigBuilder { impl fmt::Debug for ConfigBuilder { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - let side_name = std::any::type_name::(); + let side_name = core::any::type_name::(); let (ty, param) = side_name .split_once('<') .unwrap_or((side_name, "")); diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index d3e4388752..9828b37aec 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -10,8 +10,8 @@ use crate::{anchors, key, versions}; use super::client_conn::Resumption; -use std::marker::PhantomData; -use std::sync::Arc; +use alloc::sync::Arc; +use core::marker::PhantomData; impl ConfigBuilder, WantsVerifier> { /// Choose how to verify server certificates. diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 48af82eb44..ac768a2eb0 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -21,11 +21,12 @@ use crate::KeyLog; use super::handy::{ClientSessionMemoryCache, NoClientSessionStorage}; use super::hs; -use std::marker::PhantomData; +use alloc::sync::Arc; +use core::marker::PhantomData; +use core::ops::{Deref, DerefMut}; +use core::{fmt, mem}; +use std::io; use std::net::IpAddr; -use std::ops::{Deref, DerefMut}; -use std::sync::Arc; -use std::{fmt, io, mem}; /// A trait for the ability to store client session data, so that sessions /// can be resumed in future connections. @@ -414,7 +415,7 @@ impl TryFrom<&str> for ServerName { #[cfg(feature = "dangerous_configuration")] pub(super) mod danger { use crate::crypto::CryptoProvider; - use std::sync::Arc; + use alloc::sync::Arc; use super::verify::ServerCertVerifier; use super::ClientConfig; diff --git a/rustls/src/client/common.rs b/rustls/src/client/common.rs index 482b7be40a..49506348e0 100644 --- a/rustls/src/client/common.rs +++ b/rustls/src/client/common.rs @@ -6,7 +6,7 @@ use crate::msgs::handshake::ServerExtension; use crate::msgs::handshake::{CertificatePayload, DistinguishedName}; use crate::{sign, SignatureScheme}; -use std::sync::Arc; +use alloc::sync::Arc; #[derive(Debug)] pub(super) struct ServerCertDetails { diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 963572fd2f..76611f4971 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -8,8 +8,9 @@ use crate::sign; use crate::NamedGroup; use crate::ServerName; -use std::collections::VecDeque; -use std::sync::{Arc, Mutex}; +use alloc::collections::VecDeque; +use alloc::sync::Arc; +use std::sync::Mutex; /// An implementer of `ClientSessionStore` which does nothing. pub(super) struct NoClientSessionStorage; @@ -209,7 +210,7 @@ mod test { use crate::msgs::handshake::SessionId; use crate::msgs::persist::Tls13ClientSessionValue; use crate::suites::SupportedCipherSuite; - use std::convert::TryInto; + use core::convert::TryInto; #[test] fn test_noclientsessionstorage_does_nothing() { diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index b8125b8c29..9639d1cbc4 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -32,8 +32,8 @@ use crate::client::client_conn::ClientConnectionData; use crate::client::common::ClientHelloDetails; use crate::client::{tls13, ClientConfig, ServerName}; -use std::ops::Deref; -use std::sync::Arc; +use alloc::sync::Arc; +use core::ops::Deref; pub(super) type NextState = Box>; pub(super) type NextStateOrError = Result; diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 40f704f2e5..a364419d71 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -34,7 +34,7 @@ use crate::rand::GetRandomFailed; use subtle::ConstantTimeEq; -use std::sync::Arc; +use alloc::sync::Arc; pub(super) use server_hello::CompleteServerHelloHandling; diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 4700a78677..82b3ea63fe 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -44,7 +44,7 @@ use crate::ticketer::TimeBase; use subtle::ConstantTimeEq; use crate::sign::{CertifiedKey, Signer}; -use std::sync::Arc; +use alloc::sync::Arc; // Extensions we expect in plaintext in the ServerHello. static ALLOWED_PLAINTEXT_EXTS: &[ExtensionType] = &[ @@ -322,7 +322,7 @@ pub(super) fn emit_fake_ccs(sent_tls13_fake_ccs: &mut bool, common: &mut CommonS return; } - if std::mem::replace(sent_tls13_fake_ccs, true) { + if core::mem::replace(sent_tls13_fake_ccs, true) { return; } diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 223aade9d9..974bbf6f23 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -10,10 +10,10 @@ use crate::msgs::message::{Message, MessagePayload, PlainMessage}; use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; use crate::vecbuf::ChunkVecBuffer; -use std::fmt::Debug; +use core::fmt::Debug; +use core::mem; +use core::ops::{Deref, DerefMut}; use std::io; -use std::mem; -use std::ops::{Deref, DerefMut}; /// A client or server connection. #[derive(Debug)] diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 90ab7f3673..8ed4e498eb 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,7 +1,7 @@ use crate::rand::GetRandomFailed; use crate::{Error, NamedGroup}; -use std::fmt::Debug; +use core::fmt::Debug; /// *ring* based CryptoProvider. pub mod ring; diff --git a/rustls/src/crypto/ring.rs b/rustls/src/crypto/ring.rs index 884e1ec1c3..6dd98527cb 100644 --- a/rustls/src/crypto/ring.rs +++ b/rustls/src/crypto/ring.rs @@ -8,8 +8,8 @@ use ring::aead; use ring::agreement::{agree_ephemeral, EphemeralPrivateKey, UnparsedPublicKey}; use ring::rand::{SecureRandom, SystemRandom}; -use std::fmt; -use std::sync::Arc; +use alloc::sync::Arc; +use core::fmt; /// Default crypto provider. #[derive(Debug)] @@ -258,14 +258,14 @@ fn ticketswitcher_switching_test() { assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); { // Trigger new ticketer - t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(10))); + t.maybe_roll(TimeBase(now.0 + core::time::Duration::from_secs(10))); } let cipher2 = t.encrypt(b"ticket 2").unwrap(); assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); { // Trigger new ticketer - t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(20))); + t.maybe_roll(TimeBase(now.0 + core::time::Duration::from_secs(20))); } let cipher3 = t.encrypt(b"ticket 3").unwrap(); assert!(t.decrypt(&cipher1).is_none()); @@ -287,7 +287,7 @@ fn ticketswitcher_recover_test() { t.generator = fail_generator; { // Failed new ticketer - t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(10))); + t.maybe_roll(TimeBase(now.0 + core::time::Duration::from_secs(10))); } t.generator = make_ticket_generator; let cipher2 = t.encrypt(b"ticket 2").unwrap(); @@ -295,7 +295,7 @@ fn ticketswitcher_recover_test() { assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); { // recover - t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(20))); + t.maybe_roll(TimeBase(now.0 + core::time::Duration::from_secs(20))); } let cipher3 = t.encrypt(b"ticket 3").unwrap(); assert!(t.decrypt(&cipher1).is_none()); diff --git a/rustls/src/dns_name.rs b/rustls/src/dns_name.rs index 473d652cb7..58566e90a0 100644 --- a/rustls/src/dns_name.rs +++ b/rustls/src/dns_name.rs @@ -1,6 +1,7 @@ -/// DNS name validation according to RFC1035, but with underscores allowed. +//! DNS name validation according to RFC1035, but with underscores allowed. + +use core::fmt; use std::error::Error as StdError; -use std::fmt; /// A type which encapsulates an owned string that is a syntactically valid DNS name. #[derive(Clone, Eq, Hash, PartialEq, Debug)] diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 40d126cd49..945d5c3a81 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -2,9 +2,9 @@ use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::msgs::handshake::KeyExchangeAlgorithm; use crate::rand; +use alloc::sync::Arc; +use core::fmt; use std::error::Error as StdError; -use std::fmt; -use std::sync::Arc; use std::time::SystemTimeError; /// rustls reports protocol errors using this type. @@ -568,7 +568,7 @@ mod tests { ApplicationVerificationFailure, ApplicationVerificationFailure ); - let other = Other(std::sync::Arc::from(Box::from(""))); + let other = Other(alloc::sync::Arc::from(Box::from(""))); assert_ne!(other, other); assert_ne!(BadEncoding, Expired); } @@ -589,7 +589,7 @@ mod tests { assert_eq!(UnsupportedDeltaCrl, UnsupportedDeltaCrl); assert_eq!(UnsupportedIndirectCrl, UnsupportedIndirectCrl); assert_eq!(UnsupportedRevocationReason, UnsupportedRevocationReason); - let other = Other(std::sync::Arc::from(Box::from(""))); + let other = Other(alloc::sync::Arc::from(Box::from(""))); assert_ne!(other, other); assert_ne!(BadSignature, InvalidCrlNumber); } diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index 3dd66b118c..e0f7dbc825 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -1,8 +1,8 @@ use crate::msgs::codec::Codec; use crate::msgs::handshake::HandshakeMessagePayload; use crate::msgs::message::{Message, MessagePayload}; +use core::mem; use ring::digest; -use std::mem; /// Early stage buffering of handshake payloads. /// diff --git a/rustls/src/key.rs b/rustls/src/key.rs index 1efe50cb74..94fedafb6d 100644 --- a/rustls/src/key.rs +++ b/rustls/src/key.rs @@ -1,4 +1,4 @@ -use std::fmt; +use core::fmt; use crate::Error; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index ca9716bb97..831c26a48a 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -301,6 +301,8 @@ #![cfg_attr(read_buf, feature(read_buf))] #![cfg_attr(bench, feature(test))] +extern crate alloc; + // Import `test` sysroot crate for `Bencher` definitions. #[cfg(bench)] #[allow(unused_extern_crates)] diff --git a/rustls/src/limited_cache.rs b/rustls/src/limited_cache.rs index 6bb99f954d..ab53d8b478 100644 --- a/rustls/src/limited_cache.rs +++ b/rustls/src/limited_cache.rs @@ -1,7 +1,8 @@ -use std::borrow::Borrow; +use alloc::collections::VecDeque; +use core::borrow::Borrow; +use core::hash::Hash; use std::collections::hash_map::Entry; -use std::collections::{HashMap, VecDeque}; -use std::hash::Hash; +use std::collections::HashMap; /// A HashMap-alike, which never gets larger than a specified /// capacity, and evicts the oldest insertion to maintain this. @@ -20,7 +21,7 @@ pub(crate) struct LimitedCache { impl LimitedCache where - K: Eq + Hash + Clone + std::fmt::Debug, + K: Eq + Hash + Clone + core::fmt::Debug, V: Default, { /// Create a new LimitedCache with the given rough capacity. diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index 139ffa7249..ceb3f5a30c 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -1,4 +1,4 @@ -use std::fmt; +use core::fmt; use crate::error::InvalidMessage; use crate::key; diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index 9316e4fc47..c1dddd2526 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -1,4 +1,4 @@ -use std::fmt::Debug; +use core::fmt::Debug; use crate::error::InvalidMessage; diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index b06117656a..7245825924 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -1,5 +1,5 @@ +use core::ops::Range; use std::io; -use std::ops::Range; use super::base::Payload; use super::codec::Codec; diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index a01159b55c..6109dcb261 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -15,8 +15,8 @@ use crate::msgs::enums::{ use crate::rand; use crate::verify::DigitallySignedStruct; +use core::fmt; use std::collections; -use std::fmt; /// Create a newtype wrapper around a given type. /// diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index c7111641ac..6402592880 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -600,7 +600,7 @@ fn test_truncated_helloretry_extension_is_detected() { fn test_helloretry_extension_getter(typ: ExtensionType, getter: fn(&HelloRetryRequest) -> bool) { let mut hrr = get_sample_helloretryrequest(); - let mut exts = std::mem::take(&mut hrr.extensions); + let mut exts = core::mem::take(&mut hrr.extensions); exts.retain(|ext| ext.get_type() == typ); assert!(!getter(&hrr)); @@ -714,7 +714,7 @@ fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry) let mut ce = get_sample_certificatepayloadtls13() .entries .remove(0); - let mut exts = std::mem::take(&mut ce.exts); + let mut exts = core::mem::take(&mut ce.exts); exts.retain(|ext| ext.get_type() == typ); assert!(!getter(&ce)); diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index 1ca73820e7..35e130a8f4 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -11,9 +11,9 @@ use crate::ticketer::TimeBase; use crate::tls12::Tls12CipherSuite; use crate::tls13::Tls13CipherSuite; -use std::cmp; +use core::cmp; #[cfg(feature = "tls12")] -use std::mem; +use core::mem; pub struct Retrieved { pub value: T, @@ -47,7 +47,7 @@ impl Retrieved<&Tls13ClientSessionValue> { } } -impl> Retrieved { +impl> Retrieved { pub fn has_expired(&self) -> bool { let common = &*self.value; common.lifetime_secs != 0 @@ -58,7 +58,7 @@ impl> Retrieved { } } -impl std::ops::Deref for Retrieved { +impl core::ops::Deref for Retrieved { type Target = T; fn deref(&self) -> &Self::Target { @@ -128,7 +128,7 @@ impl Tls13ClientSessionValue { } } -impl std::ops::Deref for Tls13ClientSessionValue { +impl core::ops::Deref for Tls13ClientSessionValue { type Target = ClientSessionCommon; fn deref(&self) -> &Self::Target { @@ -195,7 +195,7 @@ impl Tls12ClientSessionValue { } #[cfg(feature = "tls12")] -impl std::ops::Deref for Tls12ClientSessionValue { +impl core::ops::Deref for Tls12ClientSessionValue { type Target = ClientSessionCommon; fn deref(&self) -> &Self::Target { diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 3ad0426cb6..18d3d7d546 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -14,10 +14,10 @@ use crate::tls13::{Tls13CipherSuite, TLS13_AES_128_GCM_SHA256_INTERNAL}; use ring::{aead, hkdf}; -use std::collections::VecDeque; -use std::fmt::{self, Debug}; -use std::ops::{Deref, DerefMut}; -use std::sync::Arc; +use alloc::collections::VecDeque; +use alloc::sync::Arc; +use core::fmt::{self, Debug}; +use core::ops::{Deref, DerefMut}; /// A QUIC client or server connection. #[derive(Debug)] diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index c67d11befc..9835f4f647 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -9,8 +9,8 @@ use crate::verify; use crate::versions; use crate::NoKeyLog; -use std::marker::PhantomData; -use std::sync::Arc; +use alloc::sync::Arc; +use core::marker::PhantomData; impl ConfigBuilder, WantsVerifier> { /// Choose how to verify client certificates. diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index df7d109d81..4b959995f9 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -6,8 +6,9 @@ use crate::server; use crate::server::ClientHello; use crate::sign; +use alloc::sync::Arc; use std::collections; -use std::sync::{Arc, Mutex}; +use std::sync::Mutex; /// Something which never stores sessions. pub struct NoServerSessionStorage {} diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index ea147fa370..f9bcc30c40 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -26,7 +26,7 @@ use super::tls12; use crate::server::common::ActiveCertifiedKey; use crate::server::tls13; -use std::sync::Arc; +use alloc::sync::Arc; pub(super) type NextState = Box>; pub(super) type NextStateOrError = Result; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index c204a8376f..6a48c61e51 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -20,10 +20,11 @@ use crate::KeyLog; use super::hs; -use std::marker::PhantomData; -use std::ops::{Deref, DerefMut}; -use std::sync::Arc; -use std::{fmt, io}; +use alloc::sync::Arc; +use core::fmt; +use core::marker::PhantomData; +use core::ops::{Deref, DerefMut}; +use std::io; /// A trait for the ability to store server session data. /// diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 78a0be235f..9152527b19 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -28,7 +28,7 @@ use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData}; use subtle::ConstantTimeEq; -use std::sync::Arc; +use alloc::sync::Arc; pub(super) use client_hello::CompleteClientHelloHandling; diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 72a3b2a5aa..0d334d3261 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -34,7 +34,7 @@ use crate::verify; use super::hs::{self, HandshakeHashOrBuffer, ServerContext}; use super::server_conn::ServerConnectionData; -use std::sync::Arc; +use alloc::sync::Arc; use subtle::ConstantTimeEq; diff --git a/rustls/src/sign.rs b/rustls/src/sign.rs index cb88489543..53d93228af 100644 --- a/rustls/src/sign.rs +++ b/rustls/src/sign.rs @@ -6,9 +6,9 @@ use crate::x509::{wrap_in_asn1_len, wrap_in_sequence}; use ring::io::der; use ring::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use alloc::sync::Arc; +use core::fmt; use std::error::Error as StdError; -use std::fmt; -use std::sync::Arc; /// An abstract signing key. pub trait SigningKey: Send + Sync { diff --git a/rustls/src/stream.rs b/rustls/src/stream.rs index 58f324ec69..f850164239 100644 --- a/rustls/src/stream.rs +++ b/rustls/src/stream.rs @@ -1,7 +1,7 @@ use crate::conn::{ConnectionCommon, SideData}; +use core::ops::{Deref, DerefMut}; use std::io::{IoSlice, Read, Result, Write}; -use std::ops::{Deref, DerefMut}; /// This type implements `io::Read` and `io::Write`, encapsulating /// a Connection `C` and an underlying transport `T`, such as a socket. diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index c09e8314b6..62e69a243c 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -1,4 +1,4 @@ -use std::fmt; +use core::fmt; use crate::enums::{CipherSuite, ProtocolVersion, SignatureAlgorithm, SignatureScheme}; #[cfg(feature = "tls12")] diff --git a/rustls/src/ticketer.rs b/rustls/src/ticketer.rs index d0725ea93e..6243a3ec24 100644 --- a/rustls/src/ticketer.rs +++ b/rustls/src/ticketer.rs @@ -2,7 +2,8 @@ use crate::rand; use crate::server::ProducesTickets; use crate::Error; -use std::mem; +use core::mem; +use core::time::Duration; use std::sync::{Mutex, MutexGuard}; use std::time; @@ -11,7 +12,7 @@ use std::time; /// /// This is guaranteed to be on or after the UNIX epoch. #[derive(Clone, Copy, Debug)] -pub struct TimeBase(pub(crate) time::Duration); +pub struct TimeBase(pub(crate) Duration); impl TimeBase { #[inline] diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 127c87e402..ed0442870a 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -13,7 +13,7 @@ use crate::suites::{ConnectionTrafficSecrets, PartiallyExtractedSecrets}; use ring::aead; use ring::digest::Digest; -use std::fmt; +use core::fmt; mod cipher; pub(crate) use cipher::{AesGcm, ChaCha20Poly1305, Tls12AeadAlgorithm}; diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 2c861470dd..00e63a136d 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -10,7 +10,7 @@ use crate::suites::{BulkAlgorithm, CipherSuiteCommon, SupportedCipherSuite}; use ring::aead; -use std::fmt; +use core::fmt; pub(crate) mod key_schedule; diff --git a/rustls/src/vecbuf.rs b/rustls/src/vecbuf.rs index 6126edd944..be595e1da1 100644 --- a/rustls/src/vecbuf.rs +++ b/rustls/src/vecbuf.rs @@ -1,5 +1,5 @@ -use std::cmp; -use std::collections::VecDeque; +use alloc::collections::VecDeque; +use core::cmp; use std::io; use std::io::Read; @@ -110,7 +110,7 @@ impl ChunkVecBuffer { pub(crate) fn read_buf(&mut self, mut cursor: io::BorrowedCursor<'_>) -> io::Result<()> { while !self.is_empty() && cursor.capacity() > 0 { let chunk = self.chunks[0].as_slice(); - let used = std::cmp::min(chunk.len(), cursor.capacity()); + let used = core::cmp::min(chunk.len(), cursor.capacity()); cursor.append(&chunk[..used]); self.consume(used); } diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 2513687cbd..4328baf15f 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -1,4 +1,4 @@ -use std::fmt; +use core::fmt; use crate::anchors::{OwnedTrustAnchor, RootCertStore}; use crate::client::ServerName; @@ -15,7 +15,7 @@ use crate::msgs::handshake::DistinguishedName; use ring::digest::Digest; -use std::sync::Arc; +use alloc::sync::Arc; use std::time::SystemTime; type SignatureAlgorithms = &'static [&'static webpki::SignatureAlgorithm]; diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index 71419042e1..2cc0a66c46 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -4,7 +4,8 @@ // Note: we don't use any of the standard 'cargo bench', 'test::Bencher', // etc. because it's unstable at the time of writing. -use std::time::{Duration, Instant, SystemTime}; +use core::time::Duration; +use std::time::{Instant, SystemTime}; use crate::key; use crate::verify; diff --git a/rustls/src/versions.rs b/rustls/src/versions.rs index f2b19e21a3..7f31c8e854 100644 --- a/rustls/src/versions.rs +++ b/rustls/src/versions.rs @@ -1,4 +1,4 @@ -use std::fmt; +use core::fmt; use crate::enums::ProtocolVersion; From d4535756cf6cf5a87583fc02a5ef8bb00f8fea16 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Mon, 31 Jul 2023 18:31:21 +0200 Subject: [PATCH 0050/1145] enable clippy lints to prevent future uses of re-exported std API --- rustls/src/lib.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 831c26a48a..6a0f6aea8c 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -261,7 +261,9 @@ #![forbid(unsafe_code, unused_must_use)] #![cfg_attr(not(any(read_buf, bench)), forbid(unstable_features))] #![deny( + clippy::alloc_instead_of_core, clippy::clone_on_ref_ptr, + clippy::std_instead_of_core, clippy::use_self, trivial_casts, trivial_numeric_casts, From 1776e0ba3b9df78134b2d04f2fb70496bf209595 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 1 Aug 2023 09:57:28 -0400 Subject: [PATCH 0051/1145] msgs: make TlsListElement/ListLength pub(crate). This commit resolves two TODO's left in `msgs/codec.rs` about using `pub(crate)` visibility for `TlsListElement` and `ListLength` once MSRV allows it. That time has come :) --- rustls/src/msgs/codec.rs | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index c1dddd2526..ba2e01acb7 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -270,9 +270,7 @@ impl Codec for Vec { /// prefixed with a length, the size of which depends on the type of the list elements. /// As such, the `Codec` implementation for `Vec` requires an implementation of this trait /// for its element type `T`. -/// -// TODO: make this `pub(crate)` once our MSRV allows it? -pub trait TlsListElement { +pub(crate) trait TlsListElement { const SIZE_LEN: ListLength; } @@ -281,9 +279,7 @@ pub trait TlsListElement { /// The types that appear in lists are limited to three kinds of length prefixes: /// 1, 2, and 3 bytes. For the latter kind, we require a `TlsListElement` implementer /// to specify a maximum length. -/// -// TODO: make this `pub(crate)` once our MSRV allows it? -pub enum ListLength { +pub(crate) enum ListLength { U8, U16, U24 { max: usize }, From 79de94221f5aad759f36790534b2281279dce89a Mon Sep 17 00:00:00 2001 From: Tshepang Mbambo Date: Wed, 2 Aug 2023 09:45:37 +0200 Subject: [PATCH 0052/1145] readme: add some readability pauses (#1380) See https://github.com/rustls/rustls/pull/1380#issuecomment-1660649621 --- README.md | 6 +++--- rustls/src/lib.rs | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index af1af57b33..55633058bc 100644 --- a/README.md +++ b/README.md @@ -81,11 +81,11 @@ need them. ### Platform support -While Rustls itself is platform independent it uses +While Rustls itself is platform independent, it uses [`ring`](https://crates.io/crates/ring) for implementing the cryptography in TLS. As a result, rustls only runs on platforms -supported by `ring`. At the time of writing this means x86, x86-64, armv7, and -aarch64. For more information see [the supported `ring` CI +supported by `ring`. At the time of writing, this means x86, x86-64, armv7, and +aarch64. For more information, see [the supported `ring` CI targets](https://github.com/briansmith/ring/blob/9cc0d45f4d8521f467bb3a621e74b1535e118188/.github/workflows/ci.yml#L151-L167). Rustls requires Rust 1.60 or later. diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 6a0f6aea8c..1f9bd578b5 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -54,11 +54,11 @@ //! //! ### Platform support //! -//! While Rustls itself is platform independent it uses +//! While Rustls itself is platform independent, it uses //! [`ring`](https://crates.io/crates/ring) for implementing the cryptography in //! TLS. As a result, rustls only runs on platforms -//! supported by `ring`. At the time of writing this means x86, x86-64, armv7, and -//! aarch64. For more information see [the supported `ring` CI +//! supported by `ring`. At the time of writing, this means x86, x86-64, armv7, and +//! aarch64. For more information, see [the supported `ring` CI //! targets](https://github.com/briansmith/ring/blob/9cc0d45f4d8521f467bb3a621e74b1535e118188/.github/workflows/ci.yml#L151-L167). //! //! Rustls requires Rust 1.60 or later. From 56cbc89df0de6c7220439904f8a250ef7e8cc030 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 2 Aug 2023 10:03:13 +0200 Subject: [PATCH 0053/1145] Fix up nightly clippy issue with incorrect comment --- rustls/src/server/server_conn.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 6a48c61e51..4412e76e46 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -562,7 +562,7 @@ impl From for crate::Connection { /// // Proceed with handling the ServerConnection. /// } /// # } -//// ``` +/// ``` pub struct Acceptor { inner: Option>, } From cf1f8b1422f598ced06a36bf077e98a6db5dcf7c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 31 Jul 2023 11:38:56 +0100 Subject: [PATCH 0054/1145] Move to using prerelease rustls-webpki 0.102.0-alpha.0 This is intended to just maintain the status-quo, not take advantage of the new features in this release. --- rustls/Cargo.toml | 2 +- rustls/src/verify.rs | 81 ++++++++++++++++++++++++-------------------- 2 files changed, 46 insertions(+), 37 deletions(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 9de8f9ebb8..1e4e1d5005 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -19,7 +19,7 @@ rustversion = { version = "1.0.6", optional = true } log = { version = "0.4.4", optional = true } ring = "0.16.20" subtle = "2.5.0" -webpki = { package = "rustls-webpki", version = "0.101.2", features = ["alloc", "std"] } +webpki = { package = "rustls-webpki", version = "0.102.0-alpha.0", features = ["alloc", "std", "ring"] } [features] default = ["logging", "tls12"] diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 4328baf15f..32fd513e25 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -18,23 +18,23 @@ use ring::digest::Digest; use alloc::sync::Arc; use std::time::SystemTime; -type SignatureAlgorithms = &'static [&'static webpki::SignatureAlgorithm]; +type SignatureAlgorithms = &'static [&'static dyn webpki::SignatureVerificationAlgorithm]; /// Which signature verification mechanisms we support. No particular /// order. static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[ - &webpki::ECDSA_P256_SHA256, - &webpki::ECDSA_P256_SHA384, - &webpki::ECDSA_P384_SHA256, - &webpki::ECDSA_P384_SHA384, - &webpki::ED25519, - &webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, - &webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, - &webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, - &webpki::RSA_PKCS1_2048_8192_SHA256, - &webpki::RSA_PKCS1_2048_8192_SHA384, - &webpki::RSA_PKCS1_2048_8192_SHA512, - &webpki::RSA_PKCS1_3072_8192_SHA384, + webpki::ECDSA_P256_SHA256, + webpki::ECDSA_P256_SHA384, + webpki::ECDSA_P384_SHA256, + webpki::ECDSA_P384_SHA384, + webpki::ED25519, + webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, + webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, + webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, + webpki::RSA_PKCS1_2048_8192_SHA256, + webpki::RSA_PKCS1_2048_8192_SHA384, + webpki::RSA_PKCS1_2048_8192_SHA512, + webpki::RSA_PKCS1_3072_8192_SHA384, ]; // Marker types. These are used to bind the fact some verification @@ -335,7 +335,7 @@ pub fn verify_server_cert_signed_by_trust_anchor( &chain, webpki_now, webpki::KeyUsage::server_auth(), - &[], // no CRLs + None, // no CRLs ) .map_err(pki_error) .map(|_| ()) @@ -533,6 +533,17 @@ impl ClientCertVerifier for AllowAnyAuthenticatedClient { .map(|crl| crl as &dyn webpki::CertRevocationList) .collect::>(); + let revocation = if crls.is_empty() { + None + } else { + Some( + webpki::RevocationOptionsBuilder::new(&crls) + .expect("invalid crls") + .allow_unknown_status() + .build(), + ) + }; + cert.0 .verify_for_usage( SUPPORTED_SIG_ALGS, @@ -540,7 +551,7 @@ impl ClientCertVerifier for AllowAnyAuthenticatedClient { &chain, now, webpki::KeyUsage::client_auth(), - &crls, + revocation, ) .map_err(pki_error) .map(|_| ClientCertVerified::assertion()) @@ -614,7 +625,7 @@ impl ClientCertVerifier for AllowAnyAnonymousOrAuthenticatedClient { pub(crate) fn pki_error(error: webpki::Error) -> Error { use webpki::Error::*; match error { - BadDer | BadDerTime => CertificateError::BadEncoding.into(), + BadDer | BadDerTime | TrailingData(_) => CertificateError::BadEncoding.into(), CertNotValidYet => CertificateError::NotValidYet.into(), CertExpired | InvalidCertValidity => CertificateError::Expired.into(), UnknownIssuer => CertificateError::UnknownIssuer.into(), @@ -705,20 +716,18 @@ impl Codec for DigitallySignedStruct { } } -static ECDSA_SHA256: SignatureAlgorithms = - &[&webpki::ECDSA_P256_SHA256, &webpki::ECDSA_P384_SHA256]; +static ECDSA_SHA256: SignatureAlgorithms = &[webpki::ECDSA_P256_SHA256, webpki::ECDSA_P384_SHA256]; -static ECDSA_SHA384: SignatureAlgorithms = - &[&webpki::ECDSA_P256_SHA384, &webpki::ECDSA_P384_SHA384]; +static ECDSA_SHA384: SignatureAlgorithms = &[webpki::ECDSA_P256_SHA384, webpki::ECDSA_P384_SHA384]; -static ED25519: SignatureAlgorithms = &[&webpki::ED25519]; +static ED25519: SignatureAlgorithms = &[webpki::ED25519]; -static RSA_SHA256: SignatureAlgorithms = &[&webpki::RSA_PKCS1_2048_8192_SHA256]; -static RSA_SHA384: SignatureAlgorithms = &[&webpki::RSA_PKCS1_2048_8192_SHA384]; -static RSA_SHA512: SignatureAlgorithms = &[&webpki::RSA_PKCS1_2048_8192_SHA512]; -static RSA_PSS_SHA256: SignatureAlgorithms = &[&webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY]; -static RSA_PSS_SHA384: SignatureAlgorithms = &[&webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY]; -static RSA_PSS_SHA512: SignatureAlgorithms = &[&webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY]; +static RSA_SHA256: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA256]; +static RSA_SHA384: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA384]; +static RSA_SHA512: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA512]; +static RSA_PSS_SHA256: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY]; +static RSA_PSS_SHA384: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY]; +static RSA_PSS_SHA512: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY]; fn convert_scheme(scheme: SignatureScheme) -> Result { match scheme { @@ -746,10 +755,10 @@ fn verify_sig_using_any_alg( message: &[u8], sig: &[u8], ) -> Result<(), webpki::Error> { - // TLS doesn't itself give us enough info to map to a single webpki::SignatureAlgorithm. + // TLS doesn't itself give us enough info to map to a single webpki::SignatureVerificationAlgorithm. // Therefore, convert_algs maps to several and we try them all. for alg in algs { - match cert.verify_signature(alg, message, sig) { + match cert.verify_signature(*alg, message, sig) { Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey) => continue, res => return res, } @@ -773,16 +782,16 @@ fn verify_signed_struct( fn convert_alg_tls13( scheme: SignatureScheme, -) -> Result<&'static webpki::SignatureAlgorithm, Error> { +) -> Result<&'static dyn webpki::SignatureVerificationAlgorithm, Error> { use crate::enums::SignatureScheme::*; match scheme { - ECDSA_NISTP256_SHA256 => Ok(&webpki::ECDSA_P256_SHA256), - ECDSA_NISTP384_SHA384 => Ok(&webpki::ECDSA_P384_SHA384), - ED25519 => Ok(&webpki::ED25519), - RSA_PSS_SHA256 => Ok(&webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY), - RSA_PSS_SHA384 => Ok(&webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY), - RSA_PSS_SHA512 => Ok(&webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY), + ECDSA_NISTP256_SHA256 => Ok(webpki::ECDSA_P256_SHA256), + ECDSA_NISTP384_SHA384 => Ok(webpki::ECDSA_P384_SHA384), + ED25519 => Ok(webpki::ED25519), + RSA_PSS_SHA256 => Ok(webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY), + RSA_PSS_SHA384 => Ok(webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY), + RSA_PSS_SHA512 => Ok(webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY), _ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()), } } From 2d6eeec40e07f31ccf98b1b9274abe687334758d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 18 Jul 2023 21:36:54 -0400 Subject: [PATCH 0055/1145] verifier: use builder API for client verifier. Previously users configuring a `ServerConfig` that wanted to use a webpki backed client certificate verifier had to make a choice of which concrete implementation to construct, and how to configure it (e.g. with trust anchors and CRLs). This made for a somewhat cumbersome experience. In its place, this commit: * Adds a `WebPkiClientVerifier` type that replace both the `AllowAnyAuthenticatedClient` and `AllowAnyAnonymousOrAuthenticatedClient` verifiers. The name emphasizes that the implementation is backed by `rustls/webpki` to help distinguish it from platform verifiers. The new type can only be constructed external to the crate using a `ClientCertVerifierBuilder` builder that walks the user through specifying roots, CRLs, and policy for anonymous clients. * Turns the `NoClientAuth` verifier into a crate internal type that also only be constructed via the `ClientCertVerifierBuilder`. * Removes the `boxed()` fn's of the above, since they won't be needed anymore - consumers will construct a `Arc` through the builder and don't need to have `ClientCertVerifier` in-scope via the dangerous config feature. * Updates all existing usages in tests and examples to use the new builder API. --- examples/src/bin/tlsserver-mio.rs | 20 +- rustls/examples/internal/bench.rs | 10 +- rustls/examples/internal/bogo_shim.rs | 2 +- rustls/src/lib.rs | 7 +- rustls/src/server/builder.rs | 4 +- rustls/src/server/verifier_builder.rs | 269 ++++++++++++++++++++++++++ rustls/src/verify.rs | 220 ++++++++++----------- rustls/tests/api.rs | 9 +- rustls/tests/common/mod.rs | 15 +- 9 files changed, 413 insertions(+), 143 deletions(-) create mode 100644 rustls/src/server/verifier_builder.rs diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 110739008a..bdce512214 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -17,10 +17,7 @@ extern crate serde_derive; use docopt::Docopt; -use rustls::server::{ - AllowAnyAnonymousOrAuthenticatedClient, AllowAnyAuthenticatedClient, NoClientAuth, - UnparsedCertRevocationList, -}; +use rustls::server::{UnparsedCertRevocationList, WebPkiClientVerifier}; use rustls::{self, RootCertStore}; // Token for our listening socket. @@ -579,18 +576,19 @@ fn make_config(args: &Args) -> Arc> { } let crls = load_crls(&args.flag_crl); if args.flag_require_auth { - AllowAnyAuthenticatedClient::new(client_auth_roots) + WebPkiClientVerifier::builder(client_auth_roots) .with_crls(crls) - .expect("invalid CRLs") - .boxed() + .build() + .unwrap() } else { - AllowAnyAnonymousOrAuthenticatedClient::new(client_auth_roots) + WebPkiClientVerifier::builder(client_auth_roots) .with_crls(crls) - .expect("invalid CRLs") - .boxed() + .allow_unauthenticated() + .build() + .unwrap() } } else { - NoClientAuth::boxed() + WebPkiClientVerifier::no_client_auth() }; let suites = if !args.flag_suite.is_empty() { diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index 5862eed517..2b423af7e1 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -13,9 +13,7 @@ use std::time::{Duration, Instant}; use rustls::client::Resumption; use rustls::crypto::ring::Ring; -use rustls::server::{ - AllowAnyAuthenticatedClient, NoClientAuth, NoServerSessionStorage, ServerSessionMemoryCache, -}; +use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; use rustls::RootCertStore; use rustls::Ticketer; use rustls::{ClientConfig, ClientConnection}; @@ -305,9 +303,11 @@ fn make_server_config( for root in roots { client_auth_roots.add(&root).unwrap(); } - Arc::new(AllowAnyAuthenticatedClient::new(client_auth_roots)) + WebPkiClientVerifier::builder(client_auth_roots.clone()) + .build() + .unwrap() } - ClientAuth::No => NoClientAuth::boxed(), + ClientAuth::No => WebPkiClientVerifier::no_client_auth(), }; let mut cfg = ServerConfig::builder() diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index b811293f15..3bcb125ecd 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -388,7 +388,7 @@ fn make_server_cfg(opts: &Options) -> Arc> { mandatory: opts.require_any_client_cert, }) } else { - server::NoClientAuth::boxed() + server::WebPkiClientVerifier::no_client_auth() }; let cert = load_cert(&opts.cert_file); diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 1f9bd578b5..5372b3b376 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -453,11 +453,9 @@ pub mod server { #[cfg(feature = "tls12")] mod tls12; mod tls13; + pub(crate) mod verifier_builder; - pub use crate::verify::{ - AllowAnyAnonymousOrAuthenticatedClient, AllowAnyAuthenticatedClient, NoClientAuth, - UnparsedCertRevocationList, - }; + pub use crate::verify::{UnparsedCertRevocationList, WebPkiClientVerifier}; pub use builder::WantsServerCert; pub use handy::ResolvesServerCertUsingSni; pub use handy::{NoServerSessionStorage, ServerSessionMemoryCache}; @@ -466,6 +464,7 @@ pub mod server { Accepted, Acceptor, ReadEarlyData, ServerConfig, ServerConnection, ServerConnectionData, }; pub use server_conn::{ClientHello, ProducesTickets, ResolvesServerCert}; + pub use verifier_builder::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; #[cfg(feature = "dangerous_configuration")] pub use crate::dns_name::DnsName; diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 9835f4f647..0b429dd7ca 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -5,7 +5,7 @@ use crate::key; use crate::server::handy; use crate::server::{ResolvesServerCert, ServerConfig}; use crate::suites::SupportedCipherSuite; -use crate::verify; +use crate::verify::{self, WebPkiClientVerifier}; use crate::versions; use crate::NoKeyLog; @@ -31,7 +31,7 @@ impl ConfigBuilder, WantsVerifier> { /// Disable client authentication. pub fn with_no_client_auth(self) -> ConfigBuilder, WantsServerCert> { - self.with_client_cert_verifier(verify::NoClientAuth::boxed()) + self.with_client_cert_verifier(WebPkiClientVerifier::no_client_auth()) } } diff --git a/rustls/src/server/verifier_builder.rs b/rustls/src/server/verifier_builder.rs new file mode 100644 index 0000000000..6e1c37fbf1 --- /dev/null +++ b/rustls/src/server/verifier_builder.rs @@ -0,0 +1,269 @@ +use std::sync::Arc; + +use crate::server::UnparsedCertRevocationList; +use crate::verify::{AnonymousClientPolicy, ClientCertVerifier, WebPkiClientVerifier}; +use crate::{CertRevocationListError, RootCertStore}; + +/// A builder for configuring a `webpki` client certificate verifier. +/// +/// For more information, see the [`WebPkiClientVerifier`] documentation. +#[derive(Debug, Clone)] +pub struct ClientCertVerifierBuilder { + roots: RootCertStore, + crls: Vec, + anon_policy: AnonymousClientPolicy, +} + +impl ClientCertVerifierBuilder { + pub(crate) fn new(roots: RootCertStore) -> Self { + Self { + roots, + crls: Vec::new(), + anon_policy: AnonymousClientPolicy::Deny, + } + } + + /// Add additional `roots` to use to verify client certificates. + /// + /// All clients must provide a client certificate unless you have allowed unauthenticated + /// clients by calling [allow_unauthenticated()][ClientCertVerifierBuilder::allow_unauthenticated] + /// on the builder. + pub fn with_roots(mut self, roots: RootCertStore) -> Self { + self.roots + .add_server_trust_anchors(roots.roots.into_iter()); + self + } + + /// Verify the revocation state of presented client certificates against the provided + /// certificate revocation lists (CRLs). Calling `with_crls` multiple times appends the + /// given CRLs to the existing collection. + pub fn with_crls(mut self, crls: impl IntoIterator) -> Self { + self.crls.extend(crls); + self + } + + /// Allow unauthenticated clients to connect. + /// + /// Clients that offer a client certificate issued by a trusted root, and clients that offer no + /// client certificate will be allowed to connect. + pub fn allow_unauthenticated(mut self) -> Self { + self.anon_policy = AnonymousClientPolicy::Allow; + self + } + + /// Build a client certificate verifier. The built verifier will be used for the server to offer + /// client certificate authentication, to control how offered client certificates are validated, + /// and to determine what to do with anonymous clients that do not respond to the client + /// certificate authentication offer with a client certificate. + /// + /// Once built, the provided `Arc` can be used with a Rustls + /// [crate::server::ServerConfig] to configure client certificate validation using + /// [`with_client_cert_verifier`][crate::ConfigBuilder::with_client_cert_verifier]. + /// + /// # Errors + /// This function will return a `ClientCertVerifierBuilderError` if: + /// 1. No trust anchors have been provided. + /// 2. DER encoded CRLs have been provided that can not be parsed successfully. + pub fn build(self) -> Result, ClientCertVerifierBuilderError> { + if self.roots.is_empty() { + return Err(ClientCertVerifierBuilderError::NoRootAnchors); + } + + Ok(Arc::new(WebPkiClientVerifier::new( + self.roots, + self.crls + .into_iter() + .map(|der_crl| der_crl.parse()) + .collect::, CertRevocationListError>>()?, + self.anon_policy, + ))) + } +} + +/// One or more root trust anchors must be provided to create a [ClientCertVerifierBuilder]. +/// If you wish to disable client authentication, then use [WebPkiClientVerifier::no_client_auth] +/// instead of constructing a builder. +#[derive(Debug, Clone)] +#[non_exhaustive] +pub enum ClientCertVerifierBuilderError { + /// No root trust anchors were provided. + NoRootAnchors, + /// A provided CRL could not be parsed. + InvalidCrl(CertRevocationListError), +} + +impl From for ClientCertVerifierBuilderError { + fn from(value: CertRevocationListError) -> Self { + Self::InvalidCrl(value) + } +} + +#[cfg(test)] +mod tests { + use crate::server::{ClientCertVerifierBuilderError, UnparsedCertRevocationList}; + use crate::verify::WebPkiClientVerifier; + use crate::{Certificate, RootCertStore}; + + fn load_crls(crls_der: &[&[u8]]) -> Vec { + crls_der + .iter() + .map(|pem_bytes| { + UnparsedCertRevocationList( + rustls_pemfile::crls(&mut &pem_bytes[..]) + .unwrap() + .first() + .unwrap() + .to_vec(), + ) + }) + .collect() + } + + fn test_crls() -> Vec { + load_crls(&[ + include_bytes!("../../../test-ca/ecdsa/client.revoked.crl.pem").as_slice(), + include_bytes!("../../../test-ca/rsa/client.revoked.crl.pem").as_slice(), + ]) + } + + fn load_roots(roots_der: &[&[u8]]) -> RootCertStore { + let mut roots = RootCertStore::empty(); + roots_der.iter().for_each(|der| { + roots + .add(&Certificate(der.to_vec())) + .unwrap() + }); + roots + } + + fn test_roots() -> RootCertStore { + load_roots(&[ + include_bytes!("../../../test-ca/ecdsa/ca.der").as_slice(), + include_bytes!("../../../test-ca/rsa/ca.der").as_slice(), + ]) + } + + #[test] + fn test_noauth() { + // We should be able to build a verifier that turns off client authentication. + WebPkiClientVerifier::no_client_auth(); + } + + #[test] + fn test_required_auth() { + // We should be able to build a verifier that requires client authentication, and does + // no revocation checking. + let builder = WebPkiClientVerifier::builder(test_roots()); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + + #[test] + fn test_required_auth_add_roots() { + // We should be able to call `with_roots` to add more roots. + let initial_roots = test_roots(); + let extra_roots = load_roots(&[include_bytes!("../../../test-ca/eddsa/ca.der").as_slice()]); + let builder = + WebPkiClientVerifier::builder(initial_roots.clone()).with_roots(extra_roots.clone()); + // The builder should be Debug. + println!("{:?}", builder); + // There should be the expected number of roots. + assert_eq!(builder.roots.len(), initial_roots.len() + extra_roots.len()); + builder.build().unwrap(); + } + + #[test] + fn test_optional_auth() { + // We should be able to build a verifier that allows client authentication, and anonymous + // access, and does no revocation checking. + let builder = WebPkiClientVerifier::builder(test_roots()).allow_unauthenticated(); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + + #[test] + fn test_without_crls_required_auth() { + // We should be able to build a verifier that requires client authentication, and does + // no revocation checking, that hasn't been configured to determine how to handle + // unauthenticated clients yet. + let builder = WebPkiClientVerifier::builder(test_roots()); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + + #[test] + fn test_without_crls_opptional_auth() { + // We should be able to build a verifier that allows client authentication, + // and anonymous access, that does no revocation checking. + let builder = WebPkiClientVerifier::builder(test_roots()).allow_unauthenticated(); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + + #[test] + fn test_with_invalid_crls() { + // Trying to build a verifier with invalid CRLs should error at build time. + let result = WebPkiClientVerifier::builder(test_roots()) + .with_crls(vec![UnparsedCertRevocationList(vec![0xFF])]) + .build(); + assert!(matches!( + result, + Err(ClientCertVerifierBuilderError::InvalidCrl(_)) + )); + } + + #[test] + fn test_with_crls_multiple_calls() { + // We should be able to call `with_crls` multiple times. + let initial_crls = test_crls(); + let extra_crls = + load_crls(&[ + include_bytes!("../../../test-ca/eddsa/client.revoked.crl.pem").as_slice(), + ]); + let builder = WebPkiClientVerifier::builder(test_roots()) + .with_crls(initial_crls.clone()) + .with_crls(extra_crls.clone()); + + // There should be the expected number of crls. + assert_eq!(builder.crls.len(), initial_crls.len() + extra_crls.len()); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + + #[test] + fn test_with_crls_required_auth_implicit() { + // We should be able to build a verifier that requires client authentication, and that does + // revocation checking with CRLs, and that does not allow any anonymous access. + let builder = WebPkiClientVerifier::builder(test_roots()).with_crls(test_crls()); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + + #[test] + fn test_with_crls_optional_auth() { + // We should be able to build a verifier that supports client authentication, that does + // revocation checking with CRLs, and that allows anonymous access. + let builder = WebPkiClientVerifier::builder(test_roots()) + .with_crls(test_crls()) + .allow_unauthenticated(); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + + #[test] + fn test_builder_no_roots() { + // Trying to create a builder with no trust anchors should fail at build time + let result = WebPkiClientVerifier::builder(RootCertStore::empty()).build(); + assert!(matches!( + result, + Err(ClientCertVerifierBuilderError::NoRootAnchors) + )); + } +} diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 32fd513e25..9c2240658c 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -1,4 +1,6 @@ +use alloc::sync::Arc; use core::fmt; +use std::time::SystemTime; use crate::anchors::{OwnedTrustAnchor, RootCertStore}; use crate::client::ServerName; @@ -12,12 +14,10 @@ use crate::log::trace; use crate::msgs::base::PayloadU16; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::DistinguishedName; +use crate::server::ClientCertVerifierBuilder; use ring::digest::Digest; -use alloc::sync::Arc; -use std::time::SystemTime; - type SignatureAlgorithms = &'static [&'static dyn webpki::SignatureVerificationAlgorithm]; /// Which signature verification mechanisms we support. No particular @@ -445,6 +445,7 @@ fn trust_roots(roots: &RootCertStore) -> Vec { } /// An unparsed DER encoded Certificate Revocation List (CRL). +#[derive(Debug, Clone, Eq, PartialEq)] pub struct UnparsedCertRevocationList(pub Vec); impl UnparsedCertRevocationList { @@ -457,60 +458,122 @@ impl UnparsedCertRevocationList { } } -/// A `ClientCertVerifier` that will ensure that every client provides a trusted -/// certificate, without any name checking. Optionally, client certificates will -/// have their revocation status checked using the DER encoded CRLs provided. -pub struct AllowAnyAuthenticatedClient { +/// A client certificate verifier that uses the `webpki` crate[^1] to perform client certificate +/// validation. It must be created via the [WebPkiClientVerifier::builder()] function. +/// +/// Once built, the provided `Arc` can be used with a Rustls [crate::server::ServerConfig] +/// to configure client certificate validation using [`with_client_cert_verifier`][crate::ConfigBuilder::with_client_cert_verifier]. +/// +/// Example: +/// +/// To require all clients present a client certificate issued by a trusted CA: +/// ```no_run +/// # use rustls::RootCertStore; +/// # use rustls::server::WebPkiClientVerifier; +/// # let roots = RootCertStore::empty(); +/// let client_verifier = WebPkiClientVerifier::builder(roots) +/// .build() +/// .unwrap(); +/// ``` +/// +/// Or, to allow clients presenting a client certificate authenticated by a trusted CA, or +/// anonymous clients that present no client certificate: +/// ```no_run +/// # use rustls::RootCertStore; +/// # use rustls::server::WebPkiClientVerifier; +/// # let roots = RootCertStore::empty(); +/// let client_verifier = WebPkiClientVerifier::builder(roots) +/// .allow_unauthenticated() +/// .build() +/// .unwrap(); +/// ``` +/// +/// If you wish to disable advertising client authentication: +/// ```no_run +/// # use rustls::RootCertStore; +/// # use rustls::server::WebPkiClientVerifier; +/// # let roots = RootCertStore::empty(); +/// let client_verifier = WebPkiClientVerifier::no_client_auth(); +/// ``` +/// +/// You can also configure the client verifier to check for certificate revocation with +/// client certificate revocation lists (CRLs): +/// ```no_run +/// # use rustls::RootCertStore; +/// # use rustls::server::{WebPkiClientVerifier}; +/// # let roots = RootCertStore::empty(); +/// # let crls = Vec::new(); +/// let client_verifier = WebPkiClientVerifier::builder(roots) +/// .with_crls(crls) +/// .build() +/// .unwrap(); +/// ``` +/// +/// [^1]: +pub struct WebPkiClientVerifier { roots: RootCertStore, subjects: Vec, crls: Vec, + anonymous_policy: AnonymousClientPolicy, } -impl AllowAnyAuthenticatedClient { - /// Construct a new `AllowAnyAuthenticatedClient`. +impl WebPkiClientVerifier { + /// Create builder to build up the `webpki` client certificate verifier configuration. + /// Client certificate authentication will be offered by the server, and client certificates + /// will be verified using the trust anchors found in the provided `roots`. If you + /// wish to disable client authentication use [WebPkiClientVerifier::no_client_auth()] instead. + /// + /// For more information, see the [`ClientCertVerifierBuilder`] documentation. + pub fn builder(roots: RootCertStore) -> ClientCertVerifierBuilder { + ClientCertVerifierBuilder::new(roots) + } + + /// Create a new `WebPkiClientVerifier` that disables client authentication. The server will + /// not offer client authentication and anonymous clients will be accepted. + /// + /// This is in contrast to using `WebPkiClientVerifier::builder().allow_unauthenticated().build()`, + /// which will produce a verifier that will offer client authentication, but not require it. + pub fn no_client_auth() -> Arc { + Arc::new(NoClientAuth {}) + } + + /// Construct a new `WebpkiClientVerifier`. /// /// `roots` is the list of trust anchors to use for certificate validation. - pub fn new(roots: RootCertStore) -> Self { + /// `crls` are an iterable of owned certificate revocation lists (CRLs) to use for + /// client certificate validation. + /// `anonymous_policy` controls whether client authentication is required, or if anonymous + /// clients can connect. + pub(crate) fn new( + roots: RootCertStore, + crls: Vec, + anonymous_policy: AnonymousClientPolicy, + ) -> Self { Self { subjects: roots .roots .iter() .map(|r| r.subject().clone()) .collect(), - crls: Vec::new(), + crls, roots, + anonymous_policy, } } - - /// Update the verifier to validate client certificates against the provided DER format - /// unparsed certificate revocation lists (CRLs). - pub fn with_crls( - self, - crls: impl IntoIterator, - ) -> Result { - Ok(Self { - crls: crls - .into_iter() - .map(|der_crl| der_crl.parse()) - .collect::, CertRevocationListError>>()?, - ..self - }) - } - - /// Wrap this verifier in an [`Arc`] and coerce it to `dyn ClientCertVerifier` - #[inline(always)] - pub fn boxed(self) -> Arc { - // This function is needed because `ClientCertVerifier` is only reachable if the - // `dangerous_configuration` feature is enabled, which makes coercing hard to outside users - Arc::new(self) - } } -impl ClientCertVerifier for AllowAnyAuthenticatedClient { +impl ClientCertVerifier for WebPkiClientVerifier { fn offer_client_auth(&self) -> bool { true } + fn client_auth_mandatory(&self) -> bool { + match self.anonymous_policy { + AnonymousClientPolicy::Allow => false, + AnonymousClientPolicy::Deny => true, + } + } + fn client_auth_root_subjects(&self) -> &[DistinguishedName] { &self.subjects } @@ -558,68 +621,13 @@ impl ClientCertVerifier for AllowAnyAuthenticatedClient { } } -/// A `ClientCertVerifier` that will allow both anonymous and authenticated -/// clients, without any name checking. -/// -/// Client authentication will be requested during the TLS handshake. If the -/// client offers a certificate then this acts like -/// `AllowAnyAuthenticatedClient`, otherwise this acts like `NoClientAuth`. -pub struct AllowAnyAnonymousOrAuthenticatedClient { - inner: AllowAnyAuthenticatedClient, -} - -impl AllowAnyAnonymousOrAuthenticatedClient { - /// Construct a new `AllowAnyAnonymousOrAuthenticatedClient`. - /// - /// `roots` is the list of trust anchors to use for certificate validation. - pub fn new(roots: RootCertStore) -> Self { - Self { - inner: AllowAnyAuthenticatedClient::new(roots), - } - } - - /// Update the verifier to validate client certificates against the provided DER format - /// unparsed certificate revocation lists (CRLs). - pub fn with_crls( - self, - crls: impl IntoIterator, - ) -> Result { - Ok(Self { - inner: self.inner.with_crls(crls)?, - }) - } - - /// Wrap this verifier in an [`Arc`] and coerce it to `dyn ClientCertVerifier` - #[inline(always)] - pub fn boxed(self) -> Arc { - // This function is needed because `ClientCertVerifier` is only reachable if the - // `dangerous_configuration` feature is enabled, which makes coercing hard to outside users - Arc::new(self) - } -} - -impl ClientCertVerifier for AllowAnyAnonymousOrAuthenticatedClient { - fn offer_client_auth(&self) -> bool { - self.inner.offer_client_auth() - } - - fn client_auth_mandatory(&self) -> bool { - false - } - - fn client_auth_root_subjects(&self) -> &[DistinguishedName] { - self.inner.client_auth_root_subjects() - } - - fn verify_client_cert( - &self, - end_entity: &Certificate, - intermediates: &[Certificate], - now: SystemTime, - ) -> Result { - self.inner - .verify_client_cert(end_entity, intermediates, now) - } +/// Controls how the [WebPkiClientVerifier] handles anonymous clients. +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub(crate) enum AnonymousClientPolicy { + /// Clients that do not present a client certificate are allowed. + Allow, + /// Clients that do not present a client certificate are denied. + Deny, } pub(crate) fn pki_error(error: webpki::Error) -> Error { @@ -647,19 +655,11 @@ pub(crate) fn pki_error(error: webpki::Error) -> Error { } } -/// Turns off client authentication. -pub struct NoClientAuth; - -impl NoClientAuth { - /// Construct a [`NoClientAuth`], wrap it in an [`Arc`] and coerce it to - /// `dyn ClientCertVerifier`. - #[inline(always)] - pub fn boxed() -> Arc { - // This function is needed because `ClientCertVerifier` is only reachable if the - // `dangerous_configuration` feature is enabled, which makes coercing hard to outside users - Arc::new(Self) - } -} +/// Turns off client authentication. In contrast to using +/// `WebPkiClientVerifier::builder(roots).allow_unauthenticated().build()`, the `NoClientAuth` +/// `ClientCertVerifier` will not offer client authentication at all, vs offering but not +/// requiring it. +pub(crate) struct NoClientAuth; impl ClientCertVerifier for NoClientAuth { fn offer_client_auth(&self) -> bool { diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 2be391a8b3..309489f788 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -14,7 +14,7 @@ use rustls::crypto::ring::Ring; use rustls::crypto::CryptoProvider; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; -use rustls::server::{AllowAnyAnonymousOrAuthenticatedClient, ClientHello, ResolvesServerCert}; +use rustls::server::{ClientHello, ResolvesServerCert, WebPkiClientVerifier}; #[cfg(feature = "secret_extraction")] use rustls::ConnectionTrafficSecrets; use rustls::{ @@ -481,11 +481,14 @@ fn server_allow_any_anonymous_or_authenticated_client() { let kt = KeyType::Rsa; for client_cert_chain in [None, Some(kt.get_client_chain())].iter() { let client_auth_roots = get_client_root_store(kt); - let client_auth = AllowAnyAnonymousOrAuthenticatedClient::new(client_auth_roots); + let client_auth = WebPkiClientVerifier::builder(client_auth_roots.clone()) + .allow_unauthenticated() + .build() + .unwrap(); let server_config = ServerConfig::::builder() .with_safe_defaults() - .with_client_cert_verifier(Arc::new(client_auth)) + .with_client_cert_verifier(client_auth) .with_single_cert(kt.get_chain(), kt.get_key()) .unwrap(); let server_config = Arc::new(server_config); diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 52aa8d3c9b..9c9c9f9436 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -8,9 +8,7 @@ use rustls::crypto::ring::Ring; use rustls::crypto::CryptoProvider; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage}; -use rustls::server::{ - AllowAnyAnonymousOrAuthenticatedClient, AllowAnyAuthenticatedClient, UnparsedCertRevocationList, -}; +use rustls::server::{UnparsedCertRevocationList, WebPkiClientVerifier}; use rustls::Connection; use rustls::Error; use rustls::RootCertStore; @@ -306,13 +304,14 @@ pub fn make_server_config_with_mandatory_client_auth_crls( ) -> ServerConfig { let client_auth_roots = get_client_root_store(kt); - let client_auth = AllowAnyAuthenticatedClient::new(client_auth_roots) + let client_auth = WebPkiClientVerifier::builder(client_auth_roots) .with_crls(crls) + .build() .unwrap(); ServerConfig::builder() .with_safe_defaults() - .with_client_cert_verifier(Arc::new(client_auth)) + .with_client_cert_verifier(client_auth) .with_single_cert(kt.get_chain(), kt.get_key()) .unwrap() } @@ -327,13 +326,15 @@ pub fn make_server_config_with_optional_client_auth( ) -> ServerConfig { let client_auth_roots = get_client_root_store(kt); - let client_auth = AllowAnyAnonymousOrAuthenticatedClient::new(client_auth_roots) + let client_auth = WebPkiClientVerifier::builder(client_auth_roots) .with_crls(crls) + .allow_unauthenticated() + .build() .unwrap(); ServerConfig::builder() .with_safe_defaults() - .with_client_cert_verifier(Arc::new(client_auth)) + .with_client_cert_verifier(client_auth) .with_single_cert(kt.get_chain(), kt.get_key()) .unwrap() } From 697846460dd1652529ec33a098e43b88ac3a85c8 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 28 Jul 2023 09:17:54 -0400 Subject: [PATCH 0056/1145] anchors: add_server_trust_anchors -> add_trust_anchors The `RootCertStore` type is used for both client and server trust anchors. This commit renames the `add_server_trust_anchors` method to be `add_trust_anchors` to reflect its general purpose. --- examples/src/bin/limitedclient.rs | 2 +- examples/src/bin/simple_0rtt_client.rs | 2 +- examples/src/bin/simpleclient.rs | 2 +- examples/src/bin/tlsclient-mio.rs | 2 +- rustls/src/anchors.rs | 5 +---- rustls/src/lib.rs | 4 ++-- rustls/src/server/verifier_builder.rs | 2 +- rustls/src/verifybench.rs | 2 +- 8 files changed, 9 insertions(+), 12 deletions(-) diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index 7d75191cea..3ffee579cd 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -11,7 +11,7 @@ use rustls::OwnedTrustAnchor; fn main() { let mut root_store = rustls::RootCertStore::empty(); - root_store.add_server_trust_anchors( + root_store.add_trust_anchors( webpki_roots::TLS_SERVER_ROOTS .iter() .map(|ta| { diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index 35bc4abd6e..8b41232b64 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -60,7 +60,7 @@ fn main() { env_logger::init(); let mut root_store = RootCertStore::empty(); - root_store.add_server_trust_anchors( + root_store.add_trust_anchors( webpki_roots::TLS_SERVER_ROOTS .iter() .map(|ta| { diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index f73aa9161e..b4f6f2272d 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -17,7 +17,7 @@ use rustls::{OwnedTrustAnchor, RootCertStore}; fn main() { let mut root_store = RootCertStore::empty(); - root_store.add_server_trust_anchors( + root_store.add_trust_anchors( webpki_roots::TLS_SERVER_ROOTS .iter() .map(|ta| { diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 7b605c4e3b..5d53c529eb 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -380,7 +380,7 @@ fn make_config(args: &Args) -> Arc> { let mut reader = BufReader::new(certfile); root_store.add_parsable_certificates(rustls_pemfile::certs(&mut reader).unwrap()); } else { - root_store.add_server_trust_anchors( + root_store.add_trust_anchors( webpki_roots::TLS_SERVER_ROOTS .iter() .map(|ta| { diff --git a/rustls/src/anchors.rs b/rustls/src/anchors.rs index 1d090dc2a0..6c2574655f 100644 --- a/rustls/src/anchors.rs +++ b/rustls/src/anchors.rs @@ -110,10 +110,7 @@ impl RootCertStore { /// Adds all the given TrustAnchors `anchors`. This does not /// fail. - pub fn add_server_trust_anchors( - &mut self, - trust_anchors: impl Iterator, - ) { + pub fn add_trust_anchors(&mut self, trust_anchors: impl Iterator) { self.roots.extend(trust_anchors); } diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 5372b3b376..0d64ede84a 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -103,7 +103,7 @@ //! //! ```rust,no_run //! let mut root_store = rustls::RootCertStore::empty(); -//! root_store.add_server_trust_anchors( +//! root_store.add_trust_anchors( //! webpki_roots::TLS_SERVER_ROOTS //! .iter() //! .map(|ta| { @@ -135,7 +135,7 @@ //! # use webpki; //! # use std::sync::Arc; //! # let mut root_store = rustls::RootCertStore::empty(); -//! # root_store.add_server_trust_anchors( +//! # root_store.add_trust_anchors( //! # webpki_roots::TLS_SERVER_ROOTS //! # .iter() //! # .map(|ta| { diff --git a/rustls/src/server/verifier_builder.rs b/rustls/src/server/verifier_builder.rs index 6e1c37fbf1..6c4cfa9e80 100644 --- a/rustls/src/server/verifier_builder.rs +++ b/rustls/src/server/verifier_builder.rs @@ -30,7 +30,7 @@ impl ClientCertVerifierBuilder { /// on the builder. pub fn with_roots(mut self, roots: RootCertStore) -> Self { self.roots - .add_server_trust_anchors(roots.roots.into_iter()); + .add_trust_anchors(roots.roots.into_iter()); self } diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index 2cc0a66c46..fcd2a6eaa1 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -188,7 +188,7 @@ struct Context { impl Context { fn new(name: &'static str, domain: &'static str, certs: &[&'static [u8]]) -> Self { let mut roots = anchors::RootCertStore::empty(); - roots.add_server_trust_anchors( + roots.add_trust_anchors( webpki_roots::TLS_SERVER_ROOTS .iter() .map(|ta| { From e07323541d9f3a6725ea49cf8f2b5abd7fa6069b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 31 Jul 2023 09:02:58 -0400 Subject: [PATCH 0057/1145] verify: WebPkiVerifier -> WebPkiServerVerifier. In previous commits we reworked the primary implementation of the `ClientCertVerifier` trait to be named `WebPkiClientVerifier`. This commit updates the corresponding `ServerCertVerifier` implementation in `WebPkiVerifier` to be named `WebPkiServerVerifier` to match the client naming scheme and to better emphasize its role. --- rustls/src/client/builder.rs | 2 +- rustls/src/lib.rs | 2 +- rustls/src/verify.rs | 10 +++++----- rustls/src/verifybench.rs | 2 +- rustls/tests/client_cert_verifier.rs | 4 ++-- rustls/tests/server_cert_verifier.rs | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 9828b37aec..7b69fead3a 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -24,7 +24,7 @@ impl ConfigBuilder, WantsVerifier> { cipher_suites: self.state.cipher_suites, kx_groups: self.state.kx_groups, versions: self.state.versions, - verifier: Arc::new(verify::WebPkiVerifier::new(root_store)), + verifier: Arc::new(verify::WebPkiServerVerifier::new(root_store)), }, side: PhantomData, } diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 0d64ede84a..3a492978c4 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -432,7 +432,7 @@ pub mod client { #[cfg(feature = "dangerous_configuration")] pub use crate::verify::{ verify_server_cert_signed_by_trust_anchor, verify_server_name, HandshakeSignatureValid, - ServerCertVerified, ServerCertVerifier, WebPkiVerifier, + ServerCertVerified, ServerCertVerifier, WebPkiServerVerifier, }; #[cfg(feature = "dangerous_configuration")] pub use client_conn::danger::DangerousClientConfig; diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 9c2240658c..cb101217fb 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -181,7 +181,7 @@ pub trait ServerCertVerifier: Send + Sync { /// This trait method has a default implementation that reflects the schemes /// supported by webpki. fn supported_verify_schemes(&self) -> Vec { - WebPkiVerifier::verification_schemes() + WebPkiServerVerifier::verification_schemes() } } @@ -299,7 +299,7 @@ pub trait ClientCertVerifier: Send + Sync { /// This trait method has a default implementation that reflects the schemes /// supported by webpki. fn supported_verify_schemes(&self) -> Vec { - WebPkiVerifier::verification_schemes() + WebPkiServerVerifier::verification_schemes() } } @@ -370,7 +370,7 @@ pub fn verify_server_name(cert: &ParsedCertificate, server_name: &ServerName) -> Ok(()) } -impl ServerCertVerifier for WebPkiVerifier { +impl ServerCertVerifier for WebPkiServerVerifier { /// Will verify the certificate is valid in the following ways: /// - Signed by a trusted `RootCertStore` CA /// - Not Expired @@ -399,12 +399,12 @@ impl ServerCertVerifier for WebPkiVerifier { /// Default `ServerCertVerifier`, see the trait impl for more information. #[allow(unreachable_pub)] #[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] -pub struct WebPkiVerifier { +pub struct WebPkiServerVerifier { roots: RootCertStore, } #[allow(unreachable_pub)] -impl WebPkiVerifier { +impl WebPkiServerVerifier { /// Constructs a new `WebPkiVerifier`. /// /// `roots` is the set of trust anchors to trust for issuing server certs. diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index fcd2a6eaa1..865a505489 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -213,7 +213,7 @@ impl Context { } fn bench(&self, count: usize) { - let verifier = verify::WebPkiVerifier::new(self.roots.clone()); + let verifier = verify::WebPkiServerVerifier::new(self.roots.clone()); const OCSP_RESPONSE: &[u8] = &[]; let mut times = Vec::new(); diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index f5220a4360..6dd7bdc45f 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -9,7 +9,7 @@ use crate::common::{ make_client_config_with_versions, make_client_config_with_versions_with_auth, make_pair_for_arc_configs, server_name, ErrorFromPeer, KeyType, ALL_KEY_TYPES, }; -use rustls::client::WebPkiVerifier; +use rustls::client::WebPkiServerVerifier; use rustls::crypto::ring::Ring; use rustls::internal::msgs::handshake::DistinguishedName; use rustls::server::{ClientCertVerified, ClientCertVerifier}; @@ -204,7 +204,7 @@ impl ClientCertVerifier for MockClientVerifier { if let Some(schemes) = &self.offered_schemes { schemes.clone() } else { - WebPkiVerifier::verification_schemes() + WebPkiServerVerifier::verification_schemes() } } } diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index 4c0342f089..4b41b2c068 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -8,7 +8,7 @@ use crate::common::{ make_pair_for_arc_configs, make_server_config, ErrorFromPeer, ALL_KEY_TYPES, }; use rustls::client::{ - HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, WebPkiVerifier, + HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, WebPkiServerVerifier, }; use rustls::DigitallySignedStruct; use rustls::{AlertDescription, Certificate, Error, InvalidMessage, SignatureScheme}; @@ -262,7 +262,7 @@ impl Default for MockServerVerifier { cert_rejection_error: None, tls12_signature_error: None, tls13_signature_error: None, - signature_schemes: WebPkiVerifier::verification_schemes(), + signature_schemes: WebPkiServerVerifier::verification_schemes(), } } } From 460934b1b06670e8e84c3e99beadb6dfd8eee21c Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 1 Aug 2023 11:13:31 -0400 Subject: [PATCH 0058/1145] verify: take Arc. As pointed out by Jsha, an implementation of the `Acceptor` API may want to create a verifier on something approaching a per-handshake basis in order to provide up-to-date CRLs and client trust anchors. We can improve on the cost of this operation by allowing shared use of a `RootCertStore` across verifiers by wrapping it in an `Arc`. This commit updates the `WebPkiClientVerifier`, and `ClientCertVerifierBuilder` to take a `Arc` instead of `RootCertStore`. One side-effect of this change is the removal of the `add_roots` fn of the `ClientCertVerifierBuilder` - once we take an `Arc` we can't modify the backing `RootCertStore` without introducing some form of locking. I think the use-case for adding additional `RootCertStore`'s after constructing the builder is weak enough that we should drop that feature rather than introduce locking. --- examples/src/bin/tlsserver-mio.rs | 4 +-- rustls/examples/internal/bench.rs | 2 +- rustls/src/server/verifier_builder.rs | 38 +++++---------------------- rustls/src/verify.rs | 12 ++++----- rustls/tests/common/mod.rs | 4 +-- 5 files changed, 18 insertions(+), 42 deletions(-) diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index bdce512214..4066e7fd72 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -576,12 +576,12 @@ fn make_config(args: &Args) -> Arc> { } let crls = load_crls(&args.flag_crl); if args.flag_require_auth { - WebPkiClientVerifier::builder(client_auth_roots) + WebPkiClientVerifier::builder(client_auth_roots.into()) .with_crls(crls) .build() .unwrap() } else { - WebPkiClientVerifier::builder(client_auth_roots) + WebPkiClientVerifier::builder(client_auth_roots.into()) .with_crls(crls) .allow_unauthenticated() .build() diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index 2b423af7e1..ea66961496 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -303,7 +303,7 @@ fn make_server_config( for root in roots { client_auth_roots.add(&root).unwrap(); } - WebPkiClientVerifier::builder(client_auth_roots.clone()) + WebPkiClientVerifier::builder(client_auth_roots.into()) .build() .unwrap() } diff --git a/rustls/src/server/verifier_builder.rs b/rustls/src/server/verifier_builder.rs index 6c4cfa9e80..b126206483 100644 --- a/rustls/src/server/verifier_builder.rs +++ b/rustls/src/server/verifier_builder.rs @@ -9,13 +9,13 @@ use crate::{CertRevocationListError, RootCertStore}; /// For more information, see the [`WebPkiClientVerifier`] documentation. #[derive(Debug, Clone)] pub struct ClientCertVerifierBuilder { - roots: RootCertStore, + roots: Arc, crls: Vec, anon_policy: AnonymousClientPolicy, } impl ClientCertVerifierBuilder { - pub(crate) fn new(roots: RootCertStore) -> Self { + pub(crate) fn new(roots: Arc) -> Self { Self { roots, crls: Vec::new(), @@ -23,17 +23,6 @@ impl ClientCertVerifierBuilder { } } - /// Add additional `roots` to use to verify client certificates. - /// - /// All clients must provide a client certificate unless you have allowed unauthenticated - /// clients by calling [allow_unauthenticated()][ClientCertVerifierBuilder::allow_unauthenticated] - /// on the builder. - pub fn with_roots(mut self, roots: RootCertStore) -> Self { - self.roots - .add_trust_anchors(roots.roots.into_iter()); - self - } - /// Verify the revocation state of presented client certificates against the provided /// certificate revocation lists (CRLs). Calling `with_crls` multiple times appends the /// given CRLs to the existing collection. @@ -103,6 +92,7 @@ mod tests { use crate::server::{ClientCertVerifierBuilderError, UnparsedCertRevocationList}; use crate::verify::WebPkiClientVerifier; use crate::{Certificate, RootCertStore}; + use std::sync::Arc; fn load_crls(crls_der: &[&[u8]]) -> Vec { crls_der @@ -126,17 +116,17 @@ mod tests { ]) } - fn load_roots(roots_der: &[&[u8]]) -> RootCertStore { + fn load_roots(roots_der: &[&[u8]]) -> Arc { let mut roots = RootCertStore::empty(); roots_der.iter().for_each(|der| { roots .add(&Certificate(der.to_vec())) .unwrap() }); - roots + roots.into() } - fn test_roots() -> RootCertStore { + fn test_roots() -> Arc { load_roots(&[ include_bytes!("../../../test-ca/ecdsa/ca.der").as_slice(), include_bytes!("../../../test-ca/rsa/ca.der").as_slice(), @@ -159,20 +149,6 @@ mod tests { builder.build().unwrap(); } - #[test] - fn test_required_auth_add_roots() { - // We should be able to call `with_roots` to add more roots. - let initial_roots = test_roots(); - let extra_roots = load_roots(&[include_bytes!("../../../test-ca/eddsa/ca.der").as_slice()]); - let builder = - WebPkiClientVerifier::builder(initial_roots.clone()).with_roots(extra_roots.clone()); - // The builder should be Debug. - println!("{:?}", builder); - // There should be the expected number of roots. - assert_eq!(builder.roots.len(), initial_roots.len() + extra_roots.len()); - builder.build().unwrap(); - } - #[test] fn test_optional_auth() { // We should be able to build a verifier that allows client authentication, and anonymous @@ -260,7 +236,7 @@ mod tests { #[test] fn test_builder_no_roots() { // Trying to create a builder with no trust anchors should fail at build time - let result = WebPkiClientVerifier::builder(RootCertStore::empty()).build(); + let result = WebPkiClientVerifier::builder(RootCertStore::empty().into()).build(); assert!(matches!( result, Err(ClientCertVerifierBuilderError::NoRootAnchors) diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index cb101217fb..faaf214719 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -471,7 +471,7 @@ impl UnparsedCertRevocationList { /// # use rustls::RootCertStore; /// # use rustls::server::WebPkiClientVerifier; /// # let roots = RootCertStore::empty(); -/// let client_verifier = WebPkiClientVerifier::builder(roots) +/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) /// .build() /// .unwrap(); /// ``` @@ -482,7 +482,7 @@ impl UnparsedCertRevocationList { /// # use rustls::RootCertStore; /// # use rustls::server::WebPkiClientVerifier; /// # let roots = RootCertStore::empty(); -/// let client_verifier = WebPkiClientVerifier::builder(roots) +/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) /// .allow_unauthenticated() /// .build() /// .unwrap(); @@ -503,7 +503,7 @@ impl UnparsedCertRevocationList { /// # use rustls::server::{WebPkiClientVerifier}; /// # let roots = RootCertStore::empty(); /// # let crls = Vec::new(); -/// let client_verifier = WebPkiClientVerifier::builder(roots) +/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) /// .with_crls(crls) /// .build() /// .unwrap(); @@ -511,7 +511,7 @@ impl UnparsedCertRevocationList { /// /// [^1]: pub struct WebPkiClientVerifier { - roots: RootCertStore, + roots: Arc, subjects: Vec, crls: Vec, anonymous_policy: AnonymousClientPolicy, @@ -524,7 +524,7 @@ impl WebPkiClientVerifier { /// wish to disable client authentication use [WebPkiClientVerifier::no_client_auth()] instead. /// /// For more information, see the [`ClientCertVerifierBuilder`] documentation. - pub fn builder(roots: RootCertStore) -> ClientCertVerifierBuilder { + pub fn builder(roots: Arc) -> ClientCertVerifierBuilder { ClientCertVerifierBuilder::new(roots) } @@ -545,7 +545,7 @@ impl WebPkiClientVerifier { /// `anonymous_policy` controls whether client authentication is required, or if anonymous /// clients can connect. pub(crate) fn new( - roots: RootCertStore, + roots: Arc, crls: Vec, anonymous_policy: AnonymousClientPolicy, ) -> Self { diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 9c9c9f9436..162bc9f54d 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -287,7 +287,7 @@ pub fn make_server_config_with_kx_groups( ) } -pub fn get_client_root_store(kt: KeyType) -> RootCertStore { +pub fn get_client_root_store(kt: KeyType) -> Arc { let mut roots = kt.get_chain(); // drop server cert roots.drain(0..1); @@ -295,7 +295,7 @@ pub fn get_client_root_store(kt: KeyType) -> RootCertStore { for root in roots { client_auth_roots.add(&root).unwrap(); } - client_auth_roots + client_auth_roots.into() } pub fn make_server_config_with_mandatory_client_auth_crls( From d7755d54c1360ee77143f542624f4413dee58e47 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 3 Aug 2023 17:13:24 +0100 Subject: [PATCH 0059/1145] examples: remove unused sct dependency --- examples/Cargo.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 6f3f9b5ace..9b69cf1b1e 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -18,7 +18,6 @@ log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } rustls = { path = "../rustls", features = [ "logging" ]} rustls-pemfile = "1.0.3" -sct = "0.7" serde = "1.0" serde_derive = "1.0" webpki-roots = "0.25" From 77ad069312253a6ca2a63bea618afa343251547c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 22 Jun 2023 14:24:34 +0100 Subject: [PATCH 0060/1145] Refactor sign::supported_sign_tls13 This returned a slice of signature schemes allowed in TLS1.3. But all callers actually needed something that would fit in `Iterator::filter` so had to linear scan it. Instead, move into a function on `SignatureScheme` (it's a fact about that standard) and make it directly usable with `Iterator::filter`. --- rustls/src/client/tls13.rs | 5 ++--- rustls/src/enums.rs | 19 +++++++++++++++++++ rustls/src/server/tls13.rs | 3 +-- rustls/src/sign.rs | 13 ------------- 4 files changed, 22 insertions(+), 18 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 82b3ea63fe..24e433940c 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -32,7 +32,7 @@ use crate::tls13::key_schedule::{ }; use crate::tls13::Tls13CipherSuite; use crate::verify::{self, DigitallySignedStruct}; -use crate::{sign, KeyLog}; +use crate::KeyLog; use super::client_conn::ClientConnectionData; use super::hs::ClientContext; @@ -550,14 +550,13 @@ impl State for ExpectCertificateRequest )); } - let tls13_sign_schemes = sign::supported_sign_tls13(); let no_sigschemes = Vec::new(); let compat_sigschemes = certreq .get_sigalgs_extension() .unwrap_or(&no_sigschemes) .iter() .cloned() - .filter(|scheme| tls13_sign_schemes.contains(scheme)) + .filter(SignatureScheme::supported_in_tls13) .collect::>(); if compat_sigschemes.is_empty() { diff --git a/rustls/src/enums.rs b/rustls/src/enums.rs index 592f7ad239..087e92f3ed 100644 --- a/rustls/src/enums.rs +++ b/rustls/src/enums.rs @@ -534,6 +534,25 @@ impl SignatureScheme { _ => SignatureAlgorithm::Unknown(0), } } + + /// Whether a particular `SignatureScheme` is allowed for TLS protocol signatures + /// in TLS1.3. + /// + /// This prevents (eg) RSA_PKCS1_SHA256 being offered or accepted, even if our + /// verifier supports it for other protocol versions. + /// + /// See RFC8446 s4.2.3. + pub(crate) fn supported_in_tls13(&self) -> bool { + matches!( + *self, + Self::ECDSA_NISTP384_SHA384 + | Self::ECDSA_NISTP256_SHA256 + | Self::RSA_PSS_SHA512 + | Self::RSA_PSS_SHA384 + | Self::RSA_PSS_SHA256 + | Self::ED25519 + ) + } } enum_builder! { diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 0d334d3261..9a55eaed42 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -169,8 +169,7 @@ mod client_hello { ) })?; - let tls13_schemes = sign::supported_sign_tls13(); - sigschemes_ext.retain(|scheme| tls13_schemes.contains(scheme)); + sigschemes_ext.retain(SignatureScheme::supported_in_tls13); let shares_ext = client_hello .get_keyshare_extension() diff --git a/rustls/src/sign.rs b/rustls/src/sign.rs index 53d93228af..8ad9584b34 100644 --- a/rustls/src/sign.rs +++ b/rustls/src/sign.rs @@ -376,19 +376,6 @@ impl Signer for Ed25519Signer { } } -/// The set of schemes we support for signatures and -/// that are allowed for TLS1.3. -pub fn supported_sign_tls13() -> &'static [SignatureScheme] { - &[ - SignatureScheme::ECDSA_NISTP384_SHA384, - SignatureScheme::ECDSA_NISTP256_SHA256, - SignatureScheme::RSA_PSS_SHA512, - SignatureScheme::RSA_PSS_SHA384, - SignatureScheme::RSA_PSS_SHA256, - SignatureScheme::ED25519, - ] -} - /// Errors while signing #[derive(Debug)] pub struct SignError(()); From e9c15abe0633416aefc783bbc5f7ab525e899c77 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 22 Jun 2023 15:27:55 +0100 Subject: [PATCH 0061/1145] Remove default certificate verifier trait functions This is a breaking change. These introduced an implicit dependency on the `webpki` crate for anyone who wanted to implement these traits. Instead, someone who wants to benefit from the `webpki`-backed implementations should dispatch to `WebPkiServerVerifier` themselves. Expose these defaults explicitly, and dispatch to them in our various bits of example and test code. --- examples/src/bin/tlsclient-mio.rs | 25 +++++ rustls/examples/internal/bogo_shim.rs | 55 ++++++++++- rustls/src/verify.rs | 135 ++++++++++++++++++-------- rustls/tests/api.rs | 3 +- rustls/tests/client_cert_verifier.rs | 26 ++++- rustls/tests/server_cert_verifier.rs | 2 +- 6 files changed, 195 insertions(+), 51 deletions(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 5d53c529eb..8dce605c51 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -338,6 +338,9 @@ fn load_private_key(filename: &str) -> rustls::PrivateKey { #[cfg(feature = "dangerous_configuration")] mod danger { + use rustls::client::{HandshakeSignatureValid, WebPkiServerVerifier}; + use rustls::DigitallySignedStruct; + pub struct NoCertificateVerification {} impl rustls::client::ServerCertVerifier for NoCertificateVerification { @@ -351,6 +354,28 @@ mod danger { ) -> Result { Ok(rustls::client::ServerCertVerified::assertion()) } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &rustls::Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &rustls::Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + } + + fn supported_verify_schemes(&self) -> Vec { + WebPkiServerVerifier::default_supported_verify_schemes() + } } } diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 3bcb125ecd..57bfc74bf6 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -4,7 +4,9 @@ // https://boringssl.googlesource.com/boringssl/+/master/ssl/test // -use rustls::client::{ClientConfig, ClientConnection, Resumption}; +use rustls::client::{ + ClientConfig, ClientConnection, HandshakeSignatureValid, Resumption, WebPkiServerVerifier, +}; use rustls::crypto::ring::Ring; use rustls::crypto::CryptoProvider; use rustls::internal::msgs::codec::Codec; @@ -12,9 +14,10 @@ use rustls::internal::msgs::persist; use rustls::server::{ClientHello, ServerConfig, ServerConnection}; use rustls::{ self, client, kx_group, server, sign, version, AlertDescription, Certificate, CertificateError, - Connection, DistinguishedName, Error, InvalidMessage, NamedGroup, PeerIncompatible, - PeerMisbehaved, PrivateKey, ProtocolVersion, ServerName, Side, SignatureAlgorithm, - SignatureScheme, SupportedKxGroup, SupportedProtocolVersion, Ticketer, ALL_KX_GROUPS, + Connection, DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, + PeerIncompatible, PeerMisbehaved, PrivateKey, ProtocolVersion, ServerName, Side, + SignatureAlgorithm, SignatureScheme, SupportedKxGroup, SupportedProtocolVersion, Ticketer, + ALL_KX_GROUPS, }; use base64::prelude::{Engine, BASE64_STANDARD}; @@ -211,6 +214,28 @@ impl server::ClientCertVerifier for DummyClientAuth { ) -> Result { Ok(server::ClientCertVerified::assertion()) } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &rustls::Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &rustls::Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + } + + fn supported_verify_schemes(&self) -> Vec { + WebPkiServerVerifier::default_supported_verify_schemes() + } } struct DummyServerAuth {} @@ -226,6 +251,28 @@ impl client::ServerCertVerifier for DummyServerAuth { ) -> Result { Ok(client::ServerCertVerified::assertion()) } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &rustls::Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &rustls::Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + } + + fn supported_verify_schemes(&self) -> Vec { + WebPkiServerVerifier::default_supported_verify_schemes() + } } struct FixedSignatureSchemeSigningKey { diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index faaf214719..8cc8552924 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -135,17 +135,12 @@ pub trait ServerCertVerifier: Send + Sync { /// This method is only called for TLS1.2 handshakes. Note that, in TLS1.2, /// SignatureSchemes such as `SignatureScheme::ECDSA_NISTP256_SHA256` are not /// in fact bound to the specific curve implied in their name. - /// - /// This trait method has a default implementation that uses webpki to verify - /// the signature. fn verify_tls12_signature( &self, message: &[u8], cert: &Certificate, dss: &DigitallySignedStruct, - ) -> Result { - verify_signed_struct(message, cert, dss) - } + ) -> Result; /// Verify a signature allegedly by the given server certificate. /// @@ -161,28 +156,18 @@ pub trait ServerCertVerifier: Send + Sync { /// If and only if the signature is valid, return `Ok(HandshakeSignatureValid)`. /// Otherwise, return an error -- rustls will send an alert and abort the /// connection. - /// - /// This trait method has a default implementation that uses webpki to verify - /// the signature. fn verify_tls13_signature( &self, message: &[u8], cert: &Certificate, dss: &DigitallySignedStruct, - ) -> Result { - verify_tls13(message, cert, dss) - } + ) -> Result; /// Return the list of SignatureSchemes that this verifier will handle, /// in `verify_tls12_signature` and `verify_tls13_signature` calls. /// /// This should be in priority order, with the most preferred first. - /// - /// This trait method has a default implementation that reflects the schemes - /// supported by webpki. - fn supported_verify_schemes(&self) -> Vec { - WebPkiServerVerifier::verification_schemes() - } + fn supported_verify_schemes(&self) -> Vec; } impl fmt::Debug for dyn ServerCertVerifier { @@ -258,17 +243,12 @@ pub trait ClientCertVerifier: Send + Sync { /// This method is only called for TLS1.2 handshakes. Note that, in TLS1.2, /// SignatureSchemes such as `SignatureScheme::ECDSA_NISTP256_SHA256` are not /// in fact bound to the specific curve implied in their name. - /// - /// This trait method has a default implementation that uses webpki to verify - /// the signature. fn verify_tls12_signature( &self, message: &[u8], cert: &Certificate, dss: &DigitallySignedStruct, - ) -> Result { - verify_signed_struct(message, cert, dss) - } + ) -> Result; /// Verify a signature allegedly by the given client certificate. /// @@ -279,28 +259,18 @@ pub trait ClientCertVerifier: Send + Sync { /// `SignatureScheme::ECDSA_NISTP256_SHA256` /// must only validate signatures using public keys on the right curve -- /// rustls does not enforce this requirement for you. - /// - /// This trait method has a default implementation that uses webpki to verify - /// the signature. fn verify_tls13_signature( &self, message: &[u8], cert: &Certificate, dss: &DigitallySignedStruct, - ) -> Result { - verify_tls13(message, cert, dss) - } + ) -> Result; /// Return the list of SignatureSchemes that this verifier will handle, /// in `verify_tls12_signature` and `verify_tls13_signature` calls. /// /// This should be in priority order, with the most preferred first. - /// - /// This trait method has a default implementation that reflects the schemes - /// supported by webpki. - fn supported_verify_schemes(&self) -> Vec { - WebPkiServerVerifier::verification_schemes() - } + fn supported_verify_schemes(&self) -> Vec; } impl fmt::Debug for dyn ClientCertVerifier { @@ -394,6 +364,28 @@ impl ServerCertVerifier for WebPkiServerVerifier { verify_server_name(&cert, server_name)?; Ok(ServerCertVerified::assertion()) } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + Self::default_verify_tls12_signature(message, cert, dss) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + Self::default_verify_tls13_signature(message, cert, dss) + } + + fn supported_verify_schemes(&self) -> Vec { + Self::default_supported_verify_schemes() + } } /// Default `ServerCertVerifier`, see the trait impl for more information. @@ -405,16 +397,15 @@ pub struct WebPkiServerVerifier { #[allow(unreachable_pub)] impl WebPkiServerVerifier { - /// Constructs a new `WebPkiVerifier`. + /// Constructs a new `WebPkiServerVerifier`. /// /// `roots` is the set of trust anchors to trust for issuing server certs. pub fn new(roots: RootCertStore) -> Self { Self { roots } } - /// Returns the signature verification methods supported by - /// webpki. - pub fn verification_schemes() -> Vec { + /// Which signature verification schemes the `webpki` crate supports. + pub fn default_supported_verify_schemes() -> Vec { vec![ SignatureScheme::ECDSA_NISTP384_SHA384, SignatureScheme::ECDSA_NISTP256_SHA256, @@ -427,6 +418,26 @@ impl WebPkiServerVerifier { SignatureScheme::RSA_PKCS1_SHA256, ] } + + /// An full implementation of `ServerCertVerifier::verify_tls12_signature` or + /// `ClientCertVerifier::verify_tls12_signature`. + pub fn default_verify_tls12_signature( + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + verify_signed_struct(message, cert, dss) + } + + /// An full implementation of `ServerCertVerifier::verify_tls13_signature` or + /// `ClientCertVerifier::verify_tls13_signature`. + pub fn default_verify_tls13_signature( + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + verify_tls13(message, cert, dss) + } } fn intermediate_chain(intermediates: &[Certificate]) -> Vec<&[u8]> { @@ -619,6 +630,28 @@ impl ClientCertVerifier for WebPkiClientVerifier { .map_err(pki_error) .map(|_| ClientCertVerified::assertion()) } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + } + + fn supported_verify_schemes(&self) -> Vec { + WebPkiServerVerifier::default_supported_verify_schemes() + } } /// Controls how the [WebPkiClientVerifier] handles anonymous clients. @@ -678,6 +711,28 @@ impl ClientCertVerifier for NoClientAuth { ) -> Result { unimplemented!(); } + + fn verify_tls12_signature( + &self, + _message: &[u8], + _cert: &Certificate, + _dss: &DigitallySignedStruct, + ) -> Result { + unimplemented!(); + } + + fn verify_tls13_signature( + &self, + _message: &[u8], + _cert: &Certificate, + _dss: &DigitallySignedStruct, + ) -> Result { + unimplemented!(); + } + + fn supported_verify_schemes(&self) -> Vec { + unimplemented!(); + } } /// This type combines a [`SignatureScheme`] and a signature payload produced with that scheme. diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 309489f788..a48a589501 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -474,8 +474,7 @@ fn test_config_builders_debug() { /// Test that the server handles combination of `offer_client_auth()` returning true /// and `client_auth_mandatory` returning `Some(false)`. This exercises both the /// client's and server's ability to "recover" from the server asking for a client -/// certificate and not being given one. This also covers the implementation -/// of `AllowAnyAnonymousOrAuthenticatedClient`. +/// certificate and not being given one. #[test] fn server_allow_any_anonymous_or_authenticated_client() { let kt = KeyType::Rsa; diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 6dd7bdc45f..05e1491516 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -9,13 +9,13 @@ use crate::common::{ make_client_config_with_versions, make_client_config_with_versions_with_auth, make_pair_for_arc_configs, server_name, ErrorFromPeer, KeyType, ALL_KEY_TYPES, }; -use rustls::client::WebPkiServerVerifier; +use rustls::client::{HandshakeSignatureValid, WebPkiServerVerifier}; use rustls::crypto::ring::Ring; use rustls::internal::msgs::handshake::DistinguishedName; use rustls::server::{ClientCertVerified, ClientCertVerifier}; use rustls::{ - AlertDescription, Certificate, ClientConnection, Error, InvalidMessage, ServerConfig, - ServerConnection, SignatureScheme, + AlertDescription, Certificate, ClientConnection, DigitallySignedStruct, Error, InvalidMessage, + ServerConfig, ServerConnection, SignatureScheme, }; use std::sync::Arc; @@ -200,11 +200,29 @@ impl ClientCertVerifier for MockClientVerifier { (self.verified)() } + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + } + fn supported_verify_schemes(&self) -> Vec { if let Some(schemes) = &self.offered_schemes { schemes.clone() } else { - WebPkiServerVerifier::verification_schemes() + WebPkiServerVerifier::default_supported_verify_schemes() } } } diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index 4b41b2c068..1e67da378a 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -262,7 +262,7 @@ impl Default for MockServerVerifier { cert_rejection_error: None, tls12_signature_error: None, tls13_signature_error: None, - signature_schemes: WebPkiServerVerifier::verification_schemes(), + signature_schemes: WebPkiServerVerifier::default_supported_verify_schemes(), } } } From f63c53355f9566b2c87856d63c79d1e25764fcd3 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 26 Jun 2023 09:59:37 +0100 Subject: [PATCH 0062/1145] verify: move construct_tls13_client_verify_message et al to tls13 --- rustls/src/client/tls13.rs | 6 ++++-- rustls/src/server/tls13.rs | 6 ++++-- rustls/src/tls13/mod.rs | 19 +++++++++++++++++++ rustls/src/verify.rs | 23 ----------------------- 4 files changed, 27 insertions(+), 27 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 24e433940c..44d5b62f0a 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -27,6 +27,8 @@ use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; #[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; +use crate::tls13::construct_client_verify_message; +use crate::tls13::construct_server_verify_message; use crate::tls13::key_schedule::{ KeyScheduleEarly, KeyScheduleHandshake, KeySchedulePreHandshake, KeyScheduleTraffic, }; @@ -689,7 +691,7 @@ impl State for ExpectCertificateVerify< .config .verifier .verify_tls13_signature( - &verify::construct_tls13_server_verify_message(&handshake_hash), + &construct_server_verify_message(&handshake_hash), &self.server_cert.cert_chain[0], cert_verify, ) @@ -752,7 +754,7 @@ fn emit_certverify_tls13( signer: &dyn Signer, common: &mut CommonState, ) -> Result<(), Error> { - let message = verify::construct_tls13_client_verify_message(&transcript.get_current_hash()); + let message = construct_client_verify_message(&transcript.get_current_hash()); let scheme = signer.scheme(); let sig = signer.sign(&message)?; diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 9a55eaed42..ce9627e0e1 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -27,6 +27,8 @@ use crate::server::ServerConfig; #[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; use crate::ticketer; +use crate::tls13::construct_client_verify_message; +use crate::tls13::construct_server_verify_message; use crate::tls13::key_schedule::{KeyScheduleTraffic, KeyScheduleTrafficWithClientFinishedPending}; use crate::tls13::Tls13CipherSuite; use crate::verify; @@ -786,7 +788,7 @@ mod client_hello { signing_key: &dyn sign::SigningKey, schemes: &[SignatureScheme], ) -> Result<(), Error> { - let message = verify::construct_tls13_server_verify_message(&transcript.get_current_hash()); + let message = construct_server_verify_message(&transcript.get_current_hash()); let signer = signing_key .choose_scheme(schemes) @@ -965,7 +967,7 @@ impl State for ExpectCertificateVerify< let handshake_hash = self.transcript.get_current_hash(); self.transcript.abandon_client_auth(); let certs = &self.client_cert; - let msg = verify::construct_tls13_client_verify_message(&handshake_hash); + let msg = construct_client_verify_message(&handshake_hash); self.config .verifier diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 00e63a136d..a9643333cd 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -9,6 +9,7 @@ use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; use crate::suites::{BulkAlgorithm, CipherSuiteCommon, SupportedCipherSuite}; use ring::aead; +use ring::digest::Digest; use core::fmt; @@ -198,3 +199,21 @@ impl MessageDecrypter for Tls13MessageDecrypter { Ok(msg.into_plain_message()) } } + +/// Constructs the signature message specified in section 4.4.3 of RFC8446. +pub(crate) fn construct_client_verify_message(handshake_hash: &Digest) -> Vec { + construct_verify_message(handshake_hash, b"TLS 1.3, client CertificateVerify\x00") +} + +/// Constructs the signature message specified in section 4.4.3 of RFC8446. +pub(crate) fn construct_server_verify_message(handshake_hash: &Digest) -> Vec { + construct_verify_message(handshake_hash, b"TLS 1.3, server CertificateVerify\x00") +} + +fn construct_verify_message(handshake_hash: &Digest, context_string_with_0: &[u8]) -> Vec { + let mut msg = Vec::new(); + msg.resize(64, 0x20u8); + msg.extend_from_slice(context_string_with_0); + msg.extend_from_slice(handshake_hash.as_ref()); + msg +} diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 8cc8552924..42dad1b604 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -16,8 +16,6 @@ use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::DistinguishedName; use crate::server::ClientCertVerifierBuilder; -use ring::digest::Digest; - type SignatureAlgorithms = &'static [&'static dyn webpki::SignatureVerificationAlgorithm]; /// Which signature verification mechanisms we support. No particular @@ -851,27 +849,6 @@ fn convert_alg_tls13( } } -/// Constructs the signature message specified in section 4.4.3 of RFC8446. -pub(crate) fn construct_tls13_client_verify_message(handshake_hash: &Digest) -> Vec { - construct_tls13_verify_message(handshake_hash, b"TLS 1.3, client CertificateVerify\x00") -} - -/// Constructs the signature message specified in section 4.4.3 of RFC8446. -pub(crate) fn construct_tls13_server_verify_message(handshake_hash: &Digest) -> Vec { - construct_tls13_verify_message(handshake_hash, b"TLS 1.3, server CertificateVerify\x00") -} - -fn construct_tls13_verify_message( - handshake_hash: &Digest, - context_string_with_0: &[u8], -) -> Vec { - let mut msg = Vec::new(); - msg.resize(64, 0x20u8); - msg.extend_from_slice(context_string_with_0); - msg.extend_from_slice(handshake_hash.as_ref()); - msg -} - fn verify_tls13( msg: &[u8], cert: &Certificate, From 764da8a0a4e8406ae7ae4dc3af9a5fe7dbe4b5f7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 22 Jun 2023 16:25:46 +0100 Subject: [PATCH 0063/1145] Regularise CertifiedKey::end_entity_cert error This isn't really a error "while signing", so `SignError` isn't a good match. --- rustls/src/sign.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rustls/src/sign.rs b/rustls/src/sign.rs index 8ad9584b34..e2e30b489f 100644 --- a/rustls/src/sign.rs +++ b/rustls/src/sign.rs @@ -60,8 +60,10 @@ impl CertifiedKey { } /// The end-entity certificate. - pub fn end_entity_cert(&self) -> Result<&key::Certificate, SignError> { - self.cert.get(0).ok_or(SignError(())) + pub fn end_entity_cert(&self) -> Result<&key::Certificate, Error> { + self.cert + .get(0) + .ok_or(Error::NoCertificatesPresented) } } From 2f724e5ed780063d9a7bf8213f35b551523d615d Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 4 Aug 2023 12:59:42 +0100 Subject: [PATCH 0064/1145] Reuse `verify_server_name` for checking SNI mappings --- rustls/src/server/handy.rs | 50 +++++++++++++------------------------- rustls/tests/api.rs | 12 +++------ 2 files changed, 20 insertions(+), 42 deletions(-) diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 4b959995f9..72251950e5 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -1,10 +1,13 @@ use crate::dns_name::DnsNameRef; use crate::error::Error; use crate::key; +use crate::key::ParsedCertificate; use crate::limited_cache; use crate::server; use crate::server::ClientHello; use crate::sign; +use crate::verify::verify_server_name; +use crate::ServerName; use alloc::sync::Arc; use std::collections; @@ -153,9 +156,12 @@ impl ResolvesServerCertUsingSni { /// it's not valid for the supplied certificate, or if the certificate /// chain is syntactically faulty. pub fn add(&mut self, name: &str, ck: sign::CertifiedKey) -> Result<(), Error> { - let checked_name = DnsNameRef::try_from(name) - .map_err(|_| Error::General("Bad DNS name".into())) - .map(|dns| dns.to_lowercase_owned())?; + let server_name = { + let checked_name = DnsNameRef::try_from(name) + .map_err(|_| Error::General("Bad DNS name".into())) + .map(|name| name.to_lowercase_owned())?; + ServerName::DnsName(checked_name) + }; // Check the certificate chain for validity: // - it should be non-empty list @@ -166,36 +172,14 @@ impl ResolvesServerCertUsingSni { // These checks are not security-sensitive. They are the // *server* attempting to detect accidental misconfiguration. - // Always reject an empty certificate chain. - let end_entity_cert = ck.end_entity_cert().map_err(|_| { - Error::General("No end-entity certificate in certificate chain".to_string()) - })?; - - // Reject syntactically-invalid end-entity certificates. - let end_entity_cert = - webpki::EndEntityCert::try_from(end_entity_cert.as_ref()).map_err(|_| { - Error::General( - "End-entity certificate in certificate chain is syntactically invalid" - .to_string(), - ) - })?; - - // Note that this doesn't fully validate that the certificate is valid; it only validates that the name is one - // that the certificate is valid for, if the certificate is - // valid. - let general_error = - || Error::General("The server certificate is not valid for the given name".to_string()); - - let name = webpki::DnsNameRef::try_from_ascii(checked_name.as_ref().as_bytes()) - .map_err(|_| general_error())?; - - end_entity_cert - .verify_is_valid_for_subject_name(webpki::SubjectNameRef::DnsName(name)) - .map_err(|_| general_error())?; - - let as_str: &str = checked_name.as_ref(); - self.by_name - .insert(as_str.to_string(), Arc::new(ck)); + ck.end_entity_cert() + .and_then(ParsedCertificate::try_from) + .and_then(|cert| verify_server_name(&cert, &server_name))?; + + if let ServerName::DnsName(name) = server_name { + self.by_name + .insert(name.as_ref().to_string(), Arc::new(ck)); + } Ok(()) } } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index a48a589501..afc9eee591 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -2116,9 +2116,7 @@ fn sni_resolver_rejects_wrong_names() { ) ); assert_eq!( - Err(Error::General( - "The server certificate is not valid for the given name".into() - )), + Err(Error::InvalidCertificate(CertificateError::NotValidForName)), resolver.add( "not-localhost", sign::CertifiedKey::new(kt.get_chain(), signing_key.clone()) @@ -2194,9 +2192,7 @@ fn sni_resolver_rejects_bad_certs() { let signing_key: Arc = Arc::new(signing_key); assert_eq!( - Err(Error::General( - "No end-entity certificate in certificate chain".into() - )), + Err(Error::NoCertificatesPresented), resolver.add( "localhost", sign::CertifiedKey::new(vec![], signing_key.clone()) @@ -2205,9 +2201,7 @@ fn sni_resolver_rejects_bad_certs() { let bad_chain = vec![rustls::Certificate(vec![0xa0])]; assert_eq!( - Err(Error::General( - "End-entity certificate in certificate chain is syntactically invalid".into() - )), + Err(Error::InvalidCertificate(CertificateError::BadEncoding)), resolver.add( "localhost", sign::CertifiedKey::new(bad_chain, signing_key.clone()) From 03e88637e5551bafd37475d27a167aa2fc0833fb Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 4 Aug 2023 13:00:32 +0100 Subject: [PATCH 0065/1145] Separate-out webpki callers into specific module The goal of this is to make it clear which parts of the crate are specific to webpki, and which are intended to be generic. Eventually, this gives a route to making the `webpki` dependency optional, putting this module (and callers of it) behind the `webpki` feature. --- rustls/src/client/builder.rs | 7 +- rustls/src/error.rs | 74 -- rustls/src/key.rs | 29 - rustls/src/lib.rs | 20 +- rustls/src/server/builder.rs | 7 +- rustls/src/server/handy.rs | 3 +- rustls/src/verify.rs | 605 +--------------- rustls/src/verifybench.rs | 9 +- rustls/src/{ => webpki}/anchors.rs | 0 .../client_verifier_builder.rs} | 5 +- rustls/src/webpki/mod.rs | 16 + rustls/src/webpki/verify.rs | 668 ++++++++++++++++++ 12 files changed, 730 insertions(+), 713 deletions(-) rename rustls/src/{ => webpki}/anchors.rs (100%) rename rustls/src/{server/verifier_builder.rs => webpki/client_verifier_builder.rs} (98%) create mode 100644 rustls/src/webpki/mod.rs create mode 100644 rustls/src/webpki/verify.rs diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 7b69fead3a..e055094c9a 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -5,8 +5,7 @@ use crate::crypto::{CryptoProvider, KeyExchange}; use crate::error::Error; use crate::key_log::NoKeyLog; use crate::suites::SupportedCipherSuite; -use crate::verify; -use crate::{anchors, key, versions}; +use crate::{key, verify, versions, webpki}; use super::client_conn::Resumption; @@ -17,14 +16,14 @@ impl ConfigBuilder, WantsVerifier> { /// Choose how to verify server certificates. pub fn with_root_certificates( self, - root_store: anchors::RootCertStore, + root_store: webpki::RootCertStore, ) -> ConfigBuilder, WantsClientCert> { ConfigBuilder { state: WantsClientCert { cipher_suites: self.state.cipher_suites, kx_groups: self.state.kx_groups, versions: self.state.versions, - verifier: Arc::new(verify::WebPkiServerVerifier::new(root_store)), + verifier: Arc::new(webpki::WebPkiServerVerifier::new(root_store)), }, side: PhantomData, } diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 945d5c3a81..d15ed194fc 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -445,28 +445,6 @@ impl PartialEq for CertRevocationListError { } } -impl From for CertRevocationListError { - fn from(e: webpki::Error) -> Self { - use webpki::Error::*; - match e { - InvalidCrlSignatureForPublicKey - | UnsupportedCrlSignatureAlgorithm - | UnsupportedCrlSignatureAlgorithmForPublicKey => Self::BadSignature, - InvalidCrlNumber => Self::InvalidCrlNumber, - InvalidSerialNumber => Self::InvalidRevokedCertSerialNumber, - IssuerNotCrlSigner => Self::IssuerInvalidForCrl, - MalformedExtensions | BadDer | BadDerTime => Self::ParseError, - UnsupportedCriticalExtension => Self::UnsupportedCriticalExtension, - UnsupportedCrlVersion => Self::UnsupportedCrlVersion, - UnsupportedDeltaCrl => Self::UnsupportedDeltaCrl, - UnsupportedIndirectCrl => Self::UnsupportedIndirectCrl, - UnsupportedRevocationReason => Self::UnsupportedRevocationReason, - - _ => Self::Other(Arc::new(e)), - } - } -} - impl From for Error { #[inline] fn from(e: CertRevocationListError) -> Self { @@ -594,58 +572,6 @@ mod tests { assert_ne!(BadSignature, InvalidCrlNumber); } - #[test] - fn crl_error_from_webpki() { - use super::CertRevocationListError::*; - let testcases = &[ - (webpki::Error::InvalidCrlSignatureForPublicKey, BadSignature), - ( - webpki::Error::UnsupportedCrlSignatureAlgorithm, - BadSignature, - ), - ( - webpki::Error::UnsupportedCrlSignatureAlgorithmForPublicKey, - BadSignature, - ), - (webpki::Error::InvalidCrlNumber, InvalidCrlNumber), - ( - webpki::Error::InvalidSerialNumber, - InvalidRevokedCertSerialNumber, - ), - (webpki::Error::IssuerNotCrlSigner, IssuerInvalidForCrl), - (webpki::Error::MalformedExtensions, ParseError), - (webpki::Error::BadDer, ParseError), - (webpki::Error::BadDerTime, ParseError), - ( - webpki::Error::UnsupportedCriticalExtension, - UnsupportedCriticalExtension, - ), - (webpki::Error::UnsupportedCrlVersion, UnsupportedCrlVersion), - (webpki::Error::UnsupportedDeltaCrl, UnsupportedDeltaCrl), - ( - webpki::Error::UnsupportedIndirectCrl, - UnsupportedIndirectCrl, - ), - ( - webpki::Error::UnsupportedRevocationReason, - UnsupportedRevocationReason, - ), - ]; - for t in testcases { - assert_eq!( - >::into(t.0), - t.1 - ); - } - - assert!(matches!( - >::into( - webpki::Error::NameConstraintViolation - ), - Other(_) - )); - } - #[test] fn smoke() { use crate::enums::{AlertDescription, ContentType, HandshakeType}; diff --git a/rustls/src/key.rs b/rustls/src/key.rs index 94fedafb6d..2ae910e765 100644 --- a/rustls/src/key.rs +++ b/rustls/src/key.rs @@ -1,7 +1,5 @@ use core::fmt; -use crate::Error; - /// This type contains a private key by value. /// /// The private key must be DER-encoded ASN.1 in either @@ -98,30 +96,3 @@ impl fmt::Debug for Certificate { .finish() } } - -/// wrapper around internal representation of a parsed certificate. This is used in order to avoid parsing twice when specifying custom verification -#[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] -pub struct ParsedCertificate<'a>(pub(crate) webpki::EndEntityCert<'a>); - -impl<'a> TryFrom<&'a Certificate> for ParsedCertificate<'a> { - type Error = Error; - fn try_from(value: &'a Certificate) -> Result, Self::Error> { - webpki::EndEntityCert::try_from(value.0.as_ref()) - .map_err(crate::verify::pki_error) - .map(ParsedCertificate) - } -} - -#[cfg(test)] -mod test { - use super::Certificate; - - #[test] - fn certificate_debug() { - assert_eq!( - "Certificate(b\"ab\")", - format!("{:?}", Certificate(b"ab".to_vec())) - ); - } -} diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 3a492978c4..67b798068c 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -324,7 +324,6 @@ mod log { #[macro_use] mod msgs; -mod anchors; mod cipher; mod common_state; mod conn; @@ -356,6 +355,7 @@ mod key_log_file; mod suites; mod ticketer; mod versions; +mod webpki; /// Internal classes which may be useful outside the library. /// The contents of this section DO NOT form part of the stable interface. @@ -375,7 +375,6 @@ pub mod internal { } // The public interface is: -pub use crate::anchors::{OwnedTrustAnchor, RootCertStore}; pub use crate::builder::{ ConfigBuilder, ConfigSide, WantsCipherSuites, WantsKxGroups, WantsVerifier, WantsVersions, }; @@ -409,6 +408,7 @@ pub use crate::tls12::Tls12CipherSuite; pub use crate::tls13::Tls13CipherSuite; pub use crate::verify::DigitallySignedStruct; pub use crate::versions::{SupportedProtocolVersion, ALL_VERSIONS, DEFAULT_VERSIONS}; +pub use crate::webpki::{OwnedTrustAnchor, RootCertStore}; /// Items for use in a client. pub mod client { @@ -430,9 +430,10 @@ pub mod client { pub use handy::ClientSessionMemoryCache; #[cfg(feature = "dangerous_configuration")] - pub use crate::verify::{ - verify_server_cert_signed_by_trust_anchor, verify_server_name, HandshakeSignatureValid, - ServerCertVerified, ServerCertVerifier, WebPkiServerVerifier, + pub use crate::verify::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; + #[cfg(feature = "dangerous_configuration")] + pub use crate::webpki::{ + verify_server_cert_signed_by_trust_anchor, verify_server_name, WebPkiServerVerifier, }; #[cfg(feature = "dangerous_configuration")] pub use client_conn::danger::DangerousClientConfig; @@ -453,9 +454,9 @@ pub mod server { #[cfg(feature = "tls12")] mod tls12; mod tls13; - pub(crate) mod verifier_builder; - pub use crate::verify::{UnparsedCertRevocationList, WebPkiClientVerifier}; + pub use crate::webpki::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; + pub use crate::webpki::{UnparsedCertRevocationList, WebPkiClientVerifier}; pub use builder::WantsServerCert; pub use handy::ResolvesServerCertUsingSni; pub use handy::{NoServerSessionStorage, ServerSessionMemoryCache}; @@ -464,14 +465,13 @@ pub mod server { Accepted, Acceptor, ReadEarlyData, ServerConfig, ServerConnection, ServerConnectionData, }; pub use server_conn::{ClientHello, ProducesTickets, ResolvesServerCert}; - pub use verifier_builder::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; #[cfg(feature = "dangerous_configuration")] pub use crate::dns_name::DnsName; #[cfg(feature = "dangerous_configuration")] - pub use crate::key::ParsedCertificate; - #[cfg(feature = "dangerous_configuration")] pub use crate::verify::{ClientCertVerified, ClientCertVerifier}; + #[cfg(feature = "dangerous_configuration")] + pub use crate::webpki::ParsedCertificate; } pub use server::{ServerConfig, ServerConnection}; diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 0b429dd7ca..e40a16dbb3 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -5,8 +5,9 @@ use crate::key; use crate::server::handy; use crate::server::{ResolvesServerCert, ServerConfig}; use crate::suites::SupportedCipherSuite; -use crate::verify::{self, WebPkiClientVerifier}; +use crate::verify::ClientCertVerifier; use crate::versions; +use crate::webpki::WebPkiClientVerifier; use crate::NoKeyLog; use alloc::sync::Arc; @@ -16,7 +17,7 @@ impl ConfigBuilder, WantsVerifier> { /// Choose how to verify client certificates. pub fn with_client_cert_verifier( self, - client_cert_verifier: Arc, + client_cert_verifier: Arc, ) -> ConfigBuilder, WantsServerCert> { ConfigBuilder { state: WantsServerCert { @@ -44,7 +45,7 @@ pub struct WantsServerCert { cipher_suites: Vec, kx_groups: Vec<&'static ::SupportedGroup>, versions: versions::EnabledVersions, - verifier: Arc, + verifier: Arc, } impl ConfigBuilder, WantsServerCert> { diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 72251950e5..2a63d202eb 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -1,12 +1,11 @@ use crate::dns_name::DnsNameRef; use crate::error::Error; use crate::key; -use crate::key::ParsedCertificate; use crate::limited_cache; use crate::server; use crate::server::ClientHello; use crate::sign; -use crate::verify::verify_server_name; +use crate::webpki::{verify_server_name, ParsedCertificate}; use crate::ServerName; use alloc::sync::Arc; diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 42dad1b604..376912bc12 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -1,39 +1,13 @@ -use alloc::sync::Arc; use core::fmt; use std::time::SystemTime; -use crate::anchors::{OwnedTrustAnchor, RootCertStore}; use crate::client::ServerName; use crate::enums::SignatureScheme; -use crate::error::{ - CertRevocationListError, CertificateError, Error, InvalidMessage, PeerMisbehaved, -}; -use crate::key::{Certificate, ParsedCertificate}; -#[cfg(feature = "logging")] -use crate::log::trace; +use crate::error::{Error, InvalidMessage}; +use crate::key::Certificate; use crate::msgs::base::PayloadU16; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::DistinguishedName; -use crate::server::ClientCertVerifierBuilder; - -type SignatureAlgorithms = &'static [&'static dyn webpki::SignatureVerificationAlgorithm]; - -/// Which signature verification mechanisms we support. No particular -/// order. -static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[ - webpki::ECDSA_P256_SHA256, - webpki::ECDSA_P256_SHA384, - webpki::ECDSA_P384_SHA256, - webpki::ECDSA_P384_SHA384, - webpki::ED25519, - webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, - webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, - webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, - webpki::RSA_PKCS1_2048_8192_SHA256, - webpki::RSA_PKCS1_2048_8192_SHA384, - webpki::RSA_PKCS1_2048_8192_SHA512, - webpki::RSA_PKCS1_3072_8192_SHA384, -]; // Marker types. These are used to bind the fact some verification // (certificate chain or handshake signature) has taken place into @@ -218,7 +192,7 @@ pub trait ClientCertVerifier: Send + Sync { /// an [InvalidCertificate] error with the [BadEncoding] variant when these cases are encountered. /// /// [InvalidCertificate]: Error#variant.InvalidCertificate - /// [BadEncoding]: CertificateError#variant.BadEncoding + /// [BadEncoding]: crate::CertificateError#variant.BadEncoding fn verify_client_cert( &self, end_entity: &Certificate, @@ -277,415 +251,6 @@ impl fmt::Debug for dyn ClientCertVerifier { } } -/// Verify that the end-entity certificate `end_entity` is a valid server cert -/// and chains to at least one of the [OwnedTrustAnchor] in the `roots` [RootCertStore]. -/// -/// `intermediates` contains all certificates other than `end_entity` that -/// were sent as part of the server's [Certificate] message. It is in the -/// same order that the server sent them and may be empty. -#[allow(dead_code)] -#[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] -pub fn verify_server_cert_signed_by_trust_anchor( - cert: &ParsedCertificate, - roots: &RootCertStore, - intermediates: &[Certificate], - now: SystemTime, -) -> Result<(), Error> { - let chain = intermediate_chain(intermediates); - let trust_roots = trust_roots(roots); - let webpki_now = webpki::Time::try_from(now).map_err(|_| Error::FailedToGetCurrentTime)?; - - cert.0 - .verify_for_usage( - SUPPORTED_SIG_ALGS, - &trust_roots, - &chain, - webpki_now, - webpki::KeyUsage::server_auth(), - None, // no CRLs - ) - .map_err(pki_error) - .map(|_| ()) -} - -/// Verify that the `end_entity` has a name or alternative name matching the `server_name` -/// note: this only verifies the name and should be used in conjuction with more verification -/// like [verify_server_cert_signed_by_trust_anchor] -#[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] -pub fn verify_server_name(cert: &ParsedCertificate, server_name: &ServerName) -> Result<(), Error> { - match server_name { - ServerName::DnsName(dns_name) => { - // unlikely error because dns_name::DnsNameRef and webpki::DnsNameRef - // should have the same encoding rules. - let dns_name = webpki::DnsNameRef::try_from_ascii_str(dns_name.as_ref()) - .map_err(|_| Error::InvalidCertificate(CertificateError::BadEncoding))?; - let name = webpki::SubjectNameRef::DnsName(dns_name); - cert.0 - .verify_is_valid_for_subject_name(name) - .map_err(pki_error)?; - } - ServerName::IpAddress(ip_addr) => { - let ip_addr = webpki::IpAddr::from(*ip_addr); - cert.0 - .verify_is_valid_for_subject_name(webpki::SubjectNameRef::IpAddress( - webpki::IpAddrRef::from(&ip_addr), - )) - .map_err(pki_error)?; - } - } - Ok(()) -} - -impl ServerCertVerifier for WebPkiServerVerifier { - /// Will verify the certificate is valid in the following ways: - /// - Signed by a trusted `RootCertStore` CA - /// - Not Expired - /// - Valid for DNS entry - fn verify_server_cert( - &self, - end_entity: &Certificate, - intermediates: &[Certificate], - server_name: &ServerName, - ocsp_response: &[u8], - now: SystemTime, - ) -> Result { - let cert = ParsedCertificate::try_from(end_entity)?; - - verify_server_cert_signed_by_trust_anchor(&cert, &self.roots, intermediates, now)?; - - if !ocsp_response.is_empty() { - trace!("Unvalidated OCSP response: {:?}", ocsp_response.to_vec()); - } - - verify_server_name(&cert, server_name)?; - Ok(ServerCertVerified::assertion()) - } - - fn verify_tls12_signature( - &self, - message: &[u8], - cert: &Certificate, - dss: &DigitallySignedStruct, - ) -> Result { - Self::default_verify_tls12_signature(message, cert, dss) - } - - fn verify_tls13_signature( - &self, - message: &[u8], - cert: &Certificate, - dss: &DigitallySignedStruct, - ) -> Result { - Self::default_verify_tls13_signature(message, cert, dss) - } - - fn supported_verify_schemes(&self) -> Vec { - Self::default_supported_verify_schemes() - } -} - -/// Default `ServerCertVerifier`, see the trait impl for more information. -#[allow(unreachable_pub)] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] -pub struct WebPkiServerVerifier { - roots: RootCertStore, -} - -#[allow(unreachable_pub)] -impl WebPkiServerVerifier { - /// Constructs a new `WebPkiServerVerifier`. - /// - /// `roots` is the set of trust anchors to trust for issuing server certs. - pub fn new(roots: RootCertStore) -> Self { - Self { roots } - } - - /// Which signature verification schemes the `webpki` crate supports. - pub fn default_supported_verify_schemes() -> Vec { - vec![ - SignatureScheme::ECDSA_NISTP384_SHA384, - SignatureScheme::ECDSA_NISTP256_SHA256, - SignatureScheme::ED25519, - SignatureScheme::RSA_PSS_SHA512, - SignatureScheme::RSA_PSS_SHA384, - SignatureScheme::RSA_PSS_SHA256, - SignatureScheme::RSA_PKCS1_SHA512, - SignatureScheme::RSA_PKCS1_SHA384, - SignatureScheme::RSA_PKCS1_SHA256, - ] - } - - /// An full implementation of `ServerCertVerifier::verify_tls12_signature` or - /// `ClientCertVerifier::verify_tls12_signature`. - pub fn default_verify_tls12_signature( - message: &[u8], - cert: &Certificate, - dss: &DigitallySignedStruct, - ) -> Result { - verify_signed_struct(message, cert, dss) - } - - /// An full implementation of `ServerCertVerifier::verify_tls13_signature` or - /// `ClientCertVerifier::verify_tls13_signature`. - pub fn default_verify_tls13_signature( - message: &[u8], - cert: &Certificate, - dss: &DigitallySignedStruct, - ) -> Result { - verify_tls13(message, cert, dss) - } -} - -fn intermediate_chain(intermediates: &[Certificate]) -> Vec<&[u8]> { - intermediates - .iter() - .map(|cert| cert.0.as_ref()) - .collect() -} - -fn trust_roots(roots: &RootCertStore) -> Vec { - roots - .roots - .iter() - .map(OwnedTrustAnchor::to_trust_anchor) - .collect() -} - -/// An unparsed DER encoded Certificate Revocation List (CRL). -#[derive(Debug, Clone, Eq, PartialEq)] -pub struct UnparsedCertRevocationList(pub Vec); - -impl UnparsedCertRevocationList { - /// Parse the CRL DER, yielding a [`webpki::CertRevocationList`] or an error if the CRL - /// is malformed, or uses unsupported features. - pub fn parse(&self) -> Result { - webpki::BorrowedCertRevocationList::from_der(&self.0) - .and_then(|crl| crl.to_owned()) - .map_err(CertRevocationListError::from) - } -} - -/// A client certificate verifier that uses the `webpki` crate[^1] to perform client certificate -/// validation. It must be created via the [WebPkiClientVerifier::builder()] function. -/// -/// Once built, the provided `Arc` can be used with a Rustls [crate::server::ServerConfig] -/// to configure client certificate validation using [`with_client_cert_verifier`][crate::ConfigBuilder::with_client_cert_verifier]. -/// -/// Example: -/// -/// To require all clients present a client certificate issued by a trusted CA: -/// ```no_run -/// # use rustls::RootCertStore; -/// # use rustls::server::WebPkiClientVerifier; -/// # let roots = RootCertStore::empty(); -/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) -/// .build() -/// .unwrap(); -/// ``` -/// -/// Or, to allow clients presenting a client certificate authenticated by a trusted CA, or -/// anonymous clients that present no client certificate: -/// ```no_run -/// # use rustls::RootCertStore; -/// # use rustls::server::WebPkiClientVerifier; -/// # let roots = RootCertStore::empty(); -/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) -/// .allow_unauthenticated() -/// .build() -/// .unwrap(); -/// ``` -/// -/// If you wish to disable advertising client authentication: -/// ```no_run -/// # use rustls::RootCertStore; -/// # use rustls::server::WebPkiClientVerifier; -/// # let roots = RootCertStore::empty(); -/// let client_verifier = WebPkiClientVerifier::no_client_auth(); -/// ``` -/// -/// You can also configure the client verifier to check for certificate revocation with -/// client certificate revocation lists (CRLs): -/// ```no_run -/// # use rustls::RootCertStore; -/// # use rustls::server::{WebPkiClientVerifier}; -/// # let roots = RootCertStore::empty(); -/// # let crls = Vec::new(); -/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) -/// .with_crls(crls) -/// .build() -/// .unwrap(); -/// ``` -/// -/// [^1]: -pub struct WebPkiClientVerifier { - roots: Arc, - subjects: Vec, - crls: Vec, - anonymous_policy: AnonymousClientPolicy, -} - -impl WebPkiClientVerifier { - /// Create builder to build up the `webpki` client certificate verifier configuration. - /// Client certificate authentication will be offered by the server, and client certificates - /// will be verified using the trust anchors found in the provided `roots`. If you - /// wish to disable client authentication use [WebPkiClientVerifier::no_client_auth()] instead. - /// - /// For more information, see the [`ClientCertVerifierBuilder`] documentation. - pub fn builder(roots: Arc) -> ClientCertVerifierBuilder { - ClientCertVerifierBuilder::new(roots) - } - - /// Create a new `WebPkiClientVerifier` that disables client authentication. The server will - /// not offer client authentication and anonymous clients will be accepted. - /// - /// This is in contrast to using `WebPkiClientVerifier::builder().allow_unauthenticated().build()`, - /// which will produce a verifier that will offer client authentication, but not require it. - pub fn no_client_auth() -> Arc { - Arc::new(NoClientAuth {}) - } - - /// Construct a new `WebpkiClientVerifier`. - /// - /// `roots` is the list of trust anchors to use for certificate validation. - /// `crls` are an iterable of owned certificate revocation lists (CRLs) to use for - /// client certificate validation. - /// `anonymous_policy` controls whether client authentication is required, or if anonymous - /// clients can connect. - pub(crate) fn new( - roots: Arc, - crls: Vec, - anonymous_policy: AnonymousClientPolicy, - ) -> Self { - Self { - subjects: roots - .roots - .iter() - .map(|r| r.subject().clone()) - .collect(), - crls, - roots, - anonymous_policy, - } - } -} - -impl ClientCertVerifier for WebPkiClientVerifier { - fn offer_client_auth(&self) -> bool { - true - } - - fn client_auth_mandatory(&self) -> bool { - match self.anonymous_policy { - AnonymousClientPolicy::Allow => false, - AnonymousClientPolicy::Deny => true, - } - } - - fn client_auth_root_subjects(&self) -> &[DistinguishedName] { - &self.subjects - } - - fn verify_client_cert( - &self, - end_entity: &Certificate, - intermediates: &[Certificate], - now: SystemTime, - ) -> Result { - let cert = ParsedCertificate::try_from(end_entity)?; - let chain = intermediate_chain(intermediates); - let trust_roots = trust_roots(&self.roots); - let now = webpki::Time::try_from(now).map_err(|_| Error::FailedToGetCurrentTime)?; - - #[allow(trivial_casts)] // Cast to &dyn trait is required. - let crls = self - .crls - .iter() - .map(|crl| crl as &dyn webpki::CertRevocationList) - .collect::>(); - - let revocation = if crls.is_empty() { - None - } else { - Some( - webpki::RevocationOptionsBuilder::new(&crls) - .expect("invalid crls") - .allow_unknown_status() - .build(), - ) - }; - - cert.0 - .verify_for_usage( - SUPPORTED_SIG_ALGS, - &trust_roots, - &chain, - now, - webpki::KeyUsage::client_auth(), - revocation, - ) - .map_err(pki_error) - .map(|_| ClientCertVerified::assertion()) - } - - fn verify_tls12_signature( - &self, - message: &[u8], - cert: &Certificate, - dss: &DigitallySignedStruct, - ) -> Result { - WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) - } - - fn verify_tls13_signature( - &self, - message: &[u8], - cert: &Certificate, - dss: &DigitallySignedStruct, - ) -> Result { - WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) - } - - fn supported_verify_schemes(&self) -> Vec { - WebPkiServerVerifier::default_supported_verify_schemes() - } -} - -/// Controls how the [WebPkiClientVerifier] handles anonymous clients. -#[derive(Debug, Clone, Copy, PartialEq, Eq)] -pub(crate) enum AnonymousClientPolicy { - /// Clients that do not present a client certificate are allowed. - Allow, - /// Clients that do not present a client certificate are denied. - Deny, -} - -pub(crate) fn pki_error(error: webpki::Error) -> Error { - use webpki::Error::*; - match error { - BadDer | BadDerTime | TrailingData(_) => CertificateError::BadEncoding.into(), - CertNotValidYet => CertificateError::NotValidYet.into(), - CertExpired | InvalidCertValidity => CertificateError::Expired.into(), - UnknownIssuer => CertificateError::UnknownIssuer.into(), - CertNotValidForName => CertificateError::NotValidForName.into(), - CertRevoked => CertificateError::Revoked.into(), - IssuerNotCrlSigner => CertRevocationListError::IssuerInvalidForCrl.into(), - - InvalidSignatureForPublicKey - | UnsupportedSignatureAlgorithm - | UnsupportedSignatureAlgorithmForPublicKey => CertificateError::BadSignature.into(), - - InvalidCrlSignatureForPublicKey - | UnsupportedCrlSignatureAlgorithm - | UnsupportedCrlSignatureAlgorithmForPublicKey => { - CertRevocationListError::BadSignature.into() - } - - _ => CertificateError::Other(Arc::new(error)).into(), - } -} - /// Turns off client authentication. In contrast to using /// `WebPkiClientVerifier::builder(roots).allow_unauthenticated().build()`, the `NoClientAuth` /// `ClientCertVerifier` will not offer client authentication at all, vs offering but not @@ -769,150 +334,22 @@ impl Codec for DigitallySignedStruct { } } -static ECDSA_SHA256: SignatureAlgorithms = &[webpki::ECDSA_P256_SHA256, webpki::ECDSA_P384_SHA256]; - -static ECDSA_SHA384: SignatureAlgorithms = &[webpki::ECDSA_P256_SHA384, webpki::ECDSA_P384_SHA384]; - -static ED25519: SignatureAlgorithms = &[webpki::ED25519]; - -static RSA_SHA256: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA256]; -static RSA_SHA384: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA384]; -static RSA_SHA512: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA512]; -static RSA_PSS_SHA256: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY]; -static RSA_PSS_SHA384: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY]; -static RSA_PSS_SHA512: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY]; - -fn convert_scheme(scheme: SignatureScheme) -> Result { - match scheme { - // nb. for TLS1.2 the curve is not fixed by SignatureScheme. - SignatureScheme::ECDSA_NISTP256_SHA256 => Ok(ECDSA_SHA256), - SignatureScheme::ECDSA_NISTP384_SHA384 => Ok(ECDSA_SHA384), - - SignatureScheme::ED25519 => Ok(ED25519), - - SignatureScheme::RSA_PKCS1_SHA256 => Ok(RSA_SHA256), - SignatureScheme::RSA_PKCS1_SHA384 => Ok(RSA_SHA384), - SignatureScheme::RSA_PKCS1_SHA512 => Ok(RSA_SHA512), - - SignatureScheme::RSA_PSS_SHA256 => Ok(RSA_PSS_SHA256), - SignatureScheme::RSA_PSS_SHA384 => Ok(RSA_PSS_SHA384), - SignatureScheme::RSA_PSS_SHA512 => Ok(RSA_PSS_SHA512), - - _ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()), - } -} - -fn verify_sig_using_any_alg( - cert: &webpki::EndEntityCert, - algs: SignatureAlgorithms, - message: &[u8], - sig: &[u8], -) -> Result<(), webpki::Error> { - // TLS doesn't itself give us enough info to map to a single webpki::SignatureVerificationAlgorithm. - // Therefore, convert_algs maps to several and we try them all. - for alg in algs { - match cert.verify_signature(*alg, message, sig) { - Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey) => continue, - res => return res, - } - } - - Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey) -} - -fn verify_signed_struct( - message: &[u8], - cert: &Certificate, - dss: &DigitallySignedStruct, -) -> Result { - let possible_algs = convert_scheme(dss.scheme)?; - let cert = webpki::EndEntityCert::try_from(cert.0.as_ref()).map_err(pki_error)?; - - verify_sig_using_any_alg(&cert, possible_algs, message, dss.signature()) - .map_err(pki_error) - .map(|_| HandshakeSignatureValid::assertion()) -} - -fn convert_alg_tls13( - scheme: SignatureScheme, -) -> Result<&'static dyn webpki::SignatureVerificationAlgorithm, Error> { - use crate::enums::SignatureScheme::*; - - match scheme { - ECDSA_NISTP256_SHA256 => Ok(webpki::ECDSA_P256_SHA256), - ECDSA_NISTP384_SHA384 => Ok(webpki::ECDSA_P384_SHA384), - ED25519 => Ok(webpki::ED25519), - RSA_PSS_SHA256 => Ok(webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY), - RSA_PSS_SHA384 => Ok(webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY), - RSA_PSS_SHA512 => Ok(webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY), - _ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()), - } -} - -fn verify_tls13( - msg: &[u8], - cert: &Certificate, - dss: &DigitallySignedStruct, -) -> Result { - let alg = convert_alg_tls13(dss.scheme)?; - - let cert = webpki::EndEntityCert::try_from(cert.0.as_ref()).map_err(pki_error)?; - - cert.verify_signature(alg, msg, dss.signature()) - .map_err(pki_error) - .map(|_| HandshakeSignatureValid::assertion()) -} - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn assertions_are_debug() { - assert_eq!( - format!("{:?}", ClientCertVerified::assertion()), - "ClientCertVerified(())" - ); - assert_eq!( - format!("{:?}", HandshakeSignatureValid::assertion()), - "HandshakeSignatureValid(())" - ); - assert_eq!( - format!("{:?}", FinishedMessageVerified::assertion()), - "FinishedMessageVerified(())" - ); - assert_eq!( - format!("{:?}", ServerCertVerified::assertion()), - "ServerCertVerified(())" - ); - } - - #[test] - fn pki_crl_errors() { - // CRL signature errors should be turned into BadSignature. - assert_eq!( - pki_error(webpki::Error::InvalidCrlSignatureForPublicKey), - Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), - ); - assert_eq!( - pki_error(webpki::Error::UnsupportedCrlSignatureAlgorithm), - Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), - ); - assert_eq!( - pki_error(webpki::Error::UnsupportedCrlSignatureAlgorithmForPublicKey), - Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), - ); - - // Revoked cert errors should be turned into Revoked. - assert_eq!( - pki_error(webpki::Error::CertRevoked), - Error::InvalidCertificate(CertificateError::Revoked), - ); - - // Issuer not CRL signer errors should be turned into IssuerInvalidForCrl - assert_eq!( - pki_error(webpki::Error::IssuerNotCrlSigner), - Error::InvalidCertRevocationList(CertRevocationListError::IssuerInvalidForCrl) - ); - } +#[test] +fn assertions_are_debug() { + assert_eq!( + format!("{:?}", ClientCertVerified::assertion()), + "ClientCertVerified(())" + ); + assert_eq!( + format!("{:?}", HandshakeSignatureValid::assertion()), + "HandshakeSignatureValid(())" + ); + assert_eq!( + format!("{:?}", FinishedMessageVerified::assertion()), + "FinishedMessageVerified(())" + ); + assert_eq!( + format!("{:?}", ServerCertVerified::assertion()), + "ServerCertVerified(())" + ); } diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index 865a505489..a37cf634a5 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -8,9 +8,8 @@ use core::time::Duration; use std::time::{Instant, SystemTime}; use crate::key; -use crate::verify; use crate::verify::ServerCertVerifier; -use crate::{anchors, OwnedTrustAnchor}; +use crate::webpki::{OwnedTrustAnchor, RootCertStore, WebPkiServerVerifier}; use webpki_roots; @@ -180,14 +179,14 @@ fn test_wapo_cert() { struct Context { name: &'static str, domain: &'static str, - roots: anchors::RootCertStore, + roots: RootCertStore, chain: Vec, now: SystemTime, } impl Context { fn new(name: &'static str, domain: &'static str, certs: &[&'static [u8]]) -> Self { - let mut roots = anchors::RootCertStore::empty(); + let mut roots = RootCertStore::empty(); roots.add_trust_anchors( webpki_roots::TLS_SERVER_ROOTS .iter() @@ -213,7 +212,7 @@ impl Context { } fn bench(&self, count: usize) { - let verifier = verify::WebPkiServerVerifier::new(self.roots.clone()); + let verifier = WebPkiServerVerifier::new(self.roots.clone()); const OCSP_RESPONSE: &[u8] = &[]; let mut times = Vec::new(); diff --git a/rustls/src/anchors.rs b/rustls/src/webpki/anchors.rs similarity index 100% rename from rustls/src/anchors.rs rename to rustls/src/webpki/anchors.rs diff --git a/rustls/src/server/verifier_builder.rs b/rustls/src/webpki/client_verifier_builder.rs similarity index 98% rename from rustls/src/server/verifier_builder.rs rename to rustls/src/webpki/client_verifier_builder.rs index b126206483..2ffde2258d 100644 --- a/rustls/src/server/verifier_builder.rs +++ b/rustls/src/webpki/client_verifier_builder.rs @@ -1,7 +1,8 @@ use std::sync::Arc; +use super::verify::{AnonymousClientPolicy, WebPkiClientVerifier}; use crate::server::UnparsedCertRevocationList; -use crate::verify::{AnonymousClientPolicy, ClientCertVerifier, WebPkiClientVerifier}; +use crate::verify::ClientCertVerifier; use crate::{CertRevocationListError, RootCertStore}; /// A builder for configuring a `webpki` client certificate verifier. @@ -90,7 +91,7 @@ impl From for ClientCertVerifierBuilderError { #[cfg(test)] mod tests { use crate::server::{ClientCertVerifierBuilderError, UnparsedCertRevocationList}; - use crate::verify::WebPkiClientVerifier; + use crate::webpki::verify::WebPkiClientVerifier; use crate::{Certificate, RootCertStore}; use std::sync::Arc; diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs new file mode 100644 index 0000000000..727c86f760 --- /dev/null +++ b/rustls/src/webpki/mod.rs @@ -0,0 +1,16 @@ +mod anchors; +mod client_verifier_builder; +mod verify; + +pub use anchors::{OwnedTrustAnchor, RootCertStore}; + +pub use client_verifier_builder::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; + +pub use verify::{UnparsedCertRevocationList, WebPkiClientVerifier}; + +// Conditionally exported from crate. +#[allow(unreachable_pub)] +pub use verify::{ + verify_server_cert_signed_by_trust_anchor, verify_server_name, ParsedCertificate, + WebPkiServerVerifier, +}; diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs new file mode 100644 index 0000000000..8d8f52e577 --- /dev/null +++ b/rustls/src/webpki/verify.rs @@ -0,0 +1,668 @@ +use alloc::sync::Arc; +use std::time::SystemTime; + +use super::anchors::{OwnedTrustAnchor, RootCertStore}; +use super::client_verifier_builder::ClientCertVerifierBuilder; +use crate::client::ServerName; +use crate::enums::SignatureScheme; +use crate::error::{CertRevocationListError, CertificateError, Error, PeerMisbehaved}; +use crate::key::Certificate; +#[cfg(feature = "logging")] +use crate::log::trace; +use crate::msgs::handshake::DistinguishedName; +use crate::verify::{ + ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid, + NoClientAuth, ServerCertVerified, ServerCertVerifier, +}; + +type SignatureAlgorithms = &'static [&'static dyn webpki::SignatureVerificationAlgorithm]; + +/// Which signature verification mechanisms we support. No particular +/// order. +static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[ + webpki::ECDSA_P256_SHA256, + webpki::ECDSA_P256_SHA384, + webpki::ECDSA_P384_SHA256, + webpki::ECDSA_P384_SHA384, + webpki::ED25519, + webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, + webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, + webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, + webpki::RSA_PKCS1_2048_8192_SHA256, + webpki::RSA_PKCS1_2048_8192_SHA384, + webpki::RSA_PKCS1_2048_8192_SHA512, + webpki::RSA_PKCS1_3072_8192_SHA384, +]; + +/// Verify that the end-entity certificate `end_entity` is a valid server cert +/// and chains to at least one of the [OwnedTrustAnchor] in the `roots` [RootCertStore]. +/// +/// `intermediates` contains all certificates other than `end_entity` that +/// were sent as part of the server's [Certificate] message. It is in the +/// same order that the server sent them and may be empty. +#[allow(dead_code)] +#[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] +#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] +pub fn verify_server_cert_signed_by_trust_anchor( + cert: &ParsedCertificate, + roots: &RootCertStore, + intermediates: &[Certificate], + now: SystemTime, +) -> Result<(), Error> { + let chain = intermediate_chain(intermediates); + let trust_roots = trust_roots(roots); + let webpki_now = webpki::Time::try_from(now).map_err(|_| Error::FailedToGetCurrentTime)?; + + cert.0 + .verify_for_usage( + SUPPORTED_SIG_ALGS, + &trust_roots, + &chain, + webpki_now, + webpki::KeyUsage::server_auth(), + None, // no CRLs + ) + .map_err(pki_error) + .map(|_| ()) +} + +/// Verify that the `end_entity` has a name or alternative name matching the `server_name` +/// note: this only verifies the name and should be used in conjuction with more verification +/// like [verify_server_cert_signed_by_trust_anchor] +#[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] +#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] +pub fn verify_server_name(cert: &ParsedCertificate, server_name: &ServerName) -> Result<(), Error> { + match server_name { + ServerName::DnsName(dns_name) => { + // unlikely error because dns_name::DnsNameRef and webpki::DnsNameRef + // should have the same encoding rules. + let dns_name = webpki::DnsNameRef::try_from_ascii_str(dns_name.as_ref()) + .map_err(|_| Error::InvalidCertificate(CertificateError::BadEncoding))?; + let name = webpki::SubjectNameRef::DnsName(dns_name); + cert.0 + .verify_is_valid_for_subject_name(name) + .map_err(pki_error)?; + } + ServerName::IpAddress(ip_addr) => { + let ip_addr = webpki::IpAddr::from(*ip_addr); + cert.0 + .verify_is_valid_for_subject_name(webpki::SubjectNameRef::IpAddress( + webpki::IpAddrRef::from(&ip_addr), + )) + .map_err(pki_error)?; + } + } + Ok(()) +} + +impl ServerCertVerifier for WebPkiServerVerifier { + /// Will verify the certificate is valid in the following ways: + /// - Signed by a trusted `RootCertStore` CA + /// - Not Expired + /// - Valid for DNS entry + fn verify_server_cert( + &self, + end_entity: &Certificate, + intermediates: &[Certificate], + server_name: &ServerName, + ocsp_response: &[u8], + now: SystemTime, + ) -> Result { + let cert = ParsedCertificate::try_from(end_entity)?; + + verify_server_cert_signed_by_trust_anchor(&cert, &self.roots, intermediates, now)?; + + if !ocsp_response.is_empty() { + trace!("Unvalidated OCSP response: {:?}", ocsp_response.to_vec()); + } + + verify_server_name(&cert, server_name)?; + Ok(ServerCertVerified::assertion()) + } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + Self::default_verify_tls12_signature(message, cert, dss) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + Self::default_verify_tls13_signature(message, cert, dss) + } + + fn supported_verify_schemes(&self) -> Vec { + Self::default_supported_verify_schemes() + } +} + +/// Default `ServerCertVerifier`, see the trait impl for more information. +#[allow(unreachable_pub)] +#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] +pub struct WebPkiServerVerifier { + roots: RootCertStore, +} + +#[allow(unreachable_pub)] +impl WebPkiServerVerifier { + /// Constructs a new `WebPkiServerVerifier`. + /// + /// `roots` is the set of trust anchors to trust for issuing server certs. + pub fn new(roots: RootCertStore) -> Self { + Self { roots } + } + + /// Which signature verification schemes the `webpki` crate supports. + pub fn default_supported_verify_schemes() -> Vec { + vec![ + SignatureScheme::ECDSA_NISTP384_SHA384, + SignatureScheme::ECDSA_NISTP256_SHA256, + SignatureScheme::ED25519, + SignatureScheme::RSA_PSS_SHA512, + SignatureScheme::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA256, + SignatureScheme::RSA_PKCS1_SHA512, + SignatureScheme::RSA_PKCS1_SHA384, + SignatureScheme::RSA_PKCS1_SHA256, + ] + } + + /// A full implementation of `ServerCertVerifier::verify_tls12_signature` or + /// `ClientCertVerifier::verify_tls12_signature`. + pub fn default_verify_tls12_signature( + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + verify_signed_struct(message, cert, dss) + } + + /// A full implementation of `ServerCertVerifier::verify_tls13_signature` or + /// `ClientCertVerifier::verify_tls13_signature`. + pub fn default_verify_tls13_signature( + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + verify_tls13(message, cert, dss) + } +} + +fn intermediate_chain(intermediates: &[Certificate]) -> Vec<&[u8]> { + intermediates + .iter() + .map(|cert| cert.0.as_ref()) + .collect() +} + +fn trust_roots(roots: &RootCertStore) -> Vec { + roots + .roots + .iter() + .map(OwnedTrustAnchor::to_trust_anchor) + .collect() +} + +/// An unparsed DER encoded Certificate Revocation List (CRL). +#[derive(Debug, Clone, Eq, PartialEq)] +pub struct UnparsedCertRevocationList(pub Vec); + +impl UnparsedCertRevocationList { + /// Parse the CRL DER, yielding a [`webpki::CertRevocationList`] or an error if the CRL + /// is malformed, or uses unsupported features. + pub fn parse(&self) -> Result { + webpki::BorrowedCertRevocationList::from_der(&self.0) + .and_then(|crl| crl.to_owned()) + .map_err(CertRevocationListError::from) + } +} + +/// A client certificate verifier that uses the `webpki` crate[^1] to perform client certificate +/// validation. It must be created via the [WebPkiClientVerifier::builder()] function. +/// +/// Once built, the provided `Arc` can be used with a Rustls [crate::server::ServerConfig] +/// to configure client certificate validation using [`with_client_cert_verifier`][crate::ConfigBuilder::with_client_cert_verifier]. +/// +/// Example: +/// +/// To require all clients present a client certificate issued by a trusted CA: +/// ```no_run +/// # use rustls::RootCertStore; +/// # use rustls::server::WebPkiClientVerifier; +/// # let roots = RootCertStore::empty(); +/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) +/// .build() +/// .unwrap(); +/// ``` +/// +/// Or, to allow clients presenting a client certificate authenticated by a trusted CA, or +/// anonymous clients that present no client certificate: +/// ```no_run +/// # use rustls::RootCertStore; +/// # use rustls::server::WebPkiClientVerifier; +/// # let roots = RootCertStore::empty(); +/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) +/// .allow_unauthenticated() +/// .build() +/// .unwrap(); +/// ``` +/// +/// If you wish to disable advertising client authentication: +/// ```no_run +/// # use rustls::RootCertStore; +/// # use rustls::server::WebPkiClientVerifier; +/// # let roots = RootCertStore::empty(); +/// let client_verifier = WebPkiClientVerifier::no_client_auth(); +/// ``` +/// +/// You can also configure the client verifier to check for certificate revocation with +/// client certificate revocation lists (CRLs): +/// ```no_run +/// # use rustls::RootCertStore; +/// # use rustls::server::{WebPkiClientVerifier}; +/// # let roots = RootCertStore::empty(); +/// # let crls = Vec::new(); +/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) +/// .with_crls(crls) +/// .build() +/// .unwrap(); +/// ``` +/// +/// [^1]: +pub struct WebPkiClientVerifier { + roots: Arc, + subjects: Vec, + crls: Vec, + anonymous_policy: AnonymousClientPolicy, +} + +impl WebPkiClientVerifier { + /// Create builder to build up the `webpki` client certificate verifier configuration. + /// Client certificate authentication will be offered by the server, and client certificates + /// will be verified using the trust anchors found in the provided `roots`. If you + /// wish to disable client authentication use [WebPkiClientVerifier::no_client_auth()] instead. + /// + /// For more information, see the [`ClientCertVerifierBuilder`] documentation. + pub fn builder(roots: Arc) -> ClientCertVerifierBuilder { + ClientCertVerifierBuilder::new(roots) + } + + /// Create a new `WebPkiClientVerifier` that disables client authentication. The server will + /// not offer client authentication and anonymous clients will be accepted. + /// + /// This is in contrast to using `WebPkiClientVerifier::builder().allow_unauthenticated().build()`, + /// which will produce a verifier that will offer client authentication, but not require it. + pub fn no_client_auth() -> Arc { + Arc::new(NoClientAuth {}) + } + + /// Construct a new `WebpkiClientVerifier`. + /// + /// `roots` is the list of trust anchors to use for certificate validation. + /// `crls` are an iterable of owned certificate revocation lists (CRLs) to use for + /// client certificate validation. + /// `anonymous_policy` controls whether client authentication is required, or if anonymous + /// clients can connect. + pub(crate) fn new( + roots: Arc, + crls: Vec, + anonymous_policy: AnonymousClientPolicy, + ) -> Self { + Self { + subjects: roots + .roots + .iter() + .map(|r| r.subject().clone()) + .collect(), + crls, + roots, + anonymous_policy, + } + } +} + +impl ClientCertVerifier for WebPkiClientVerifier { + fn offer_client_auth(&self) -> bool { + true + } + + fn client_auth_mandatory(&self) -> bool { + match self.anonymous_policy { + AnonymousClientPolicy::Allow => false, + AnonymousClientPolicy::Deny => true, + } + } + + fn client_auth_root_subjects(&self) -> &[DistinguishedName] { + &self.subjects + } + + fn verify_client_cert( + &self, + end_entity: &Certificate, + intermediates: &[Certificate], + now: SystemTime, + ) -> Result { + let cert = ParsedCertificate::try_from(end_entity)?; + let chain = intermediate_chain(intermediates); + let trust_roots = trust_roots(&self.roots); + let now = webpki::Time::try_from(now).map_err(|_| Error::FailedToGetCurrentTime)?; + + #[allow(trivial_casts)] // Cast to &dyn trait is required. + let crls = self + .crls + .iter() + .map(|crl| crl as &dyn webpki::CertRevocationList) + .collect::>(); + + let revocation = if crls.is_empty() { + None + } else { + Some( + webpki::RevocationOptionsBuilder::new(&crls) + .expect("invalid crls") + .allow_unknown_status() + .build(), + ) + }; + + cert.0 + .verify_for_usage( + SUPPORTED_SIG_ALGS, + &trust_roots, + &chain, + now, + webpki::KeyUsage::client_auth(), + revocation, + ) + .map_err(pki_error) + .map(|_| ClientCertVerified::assertion()) + } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + } + + fn supported_verify_schemes(&self) -> Vec { + WebPkiServerVerifier::default_supported_verify_schemes() + } +} + +/// Controls how the [WebPkiClientVerifier] handles anonymous clients. +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub(crate) enum AnonymousClientPolicy { + /// Clients that do not present a client certificate are allowed. + Allow, + /// Clients that do not present a client certificate are denied. + Deny, +} + +fn pki_error(error: webpki::Error) -> Error { + use webpki::Error::*; + match error { + BadDer | BadDerTime | TrailingData(_) => CertificateError::BadEncoding.into(), + CertNotValidYet => CertificateError::NotValidYet.into(), + CertExpired | InvalidCertValidity => CertificateError::Expired.into(), + UnknownIssuer => CertificateError::UnknownIssuer.into(), + CertNotValidForName => CertificateError::NotValidForName.into(), + CertRevoked => CertificateError::Revoked.into(), + IssuerNotCrlSigner => CertRevocationListError::IssuerInvalidForCrl.into(), + + InvalidSignatureForPublicKey + | UnsupportedSignatureAlgorithm + | UnsupportedSignatureAlgorithmForPublicKey => CertificateError::BadSignature.into(), + + InvalidCrlSignatureForPublicKey + | UnsupportedCrlSignatureAlgorithm + | UnsupportedCrlSignatureAlgorithmForPublicKey => { + CertRevocationListError::BadSignature.into() + } + + _ => CertificateError::Other(Arc::new(error)).into(), + } +} + +impl From for CertRevocationListError { + fn from(e: webpki::Error) -> Self { + use webpki::Error::*; + match e { + InvalidCrlSignatureForPublicKey + | UnsupportedCrlSignatureAlgorithm + | UnsupportedCrlSignatureAlgorithmForPublicKey => Self::BadSignature, + InvalidCrlNumber => Self::InvalidCrlNumber, + InvalidSerialNumber => Self::InvalidRevokedCertSerialNumber, + IssuerNotCrlSigner => Self::IssuerInvalidForCrl, + MalformedExtensions | BadDer | BadDerTime => Self::ParseError, + UnsupportedCriticalExtension => Self::UnsupportedCriticalExtension, + UnsupportedCrlVersion => Self::UnsupportedCrlVersion, + UnsupportedDeltaCrl => Self::UnsupportedDeltaCrl, + UnsupportedIndirectCrl => Self::UnsupportedIndirectCrl, + UnsupportedRevocationReason => Self::UnsupportedRevocationReason, + + _ => Self::Other(Arc::new(e)), + } + } +} + +static ECDSA_SHA256: SignatureAlgorithms = &[webpki::ECDSA_P256_SHA256, webpki::ECDSA_P384_SHA256]; + +static ECDSA_SHA384: SignatureAlgorithms = &[webpki::ECDSA_P256_SHA384, webpki::ECDSA_P384_SHA384]; + +static ED25519: SignatureAlgorithms = &[webpki::ED25519]; + +static RSA_SHA256: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA256]; +static RSA_SHA384: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA384]; +static RSA_SHA512: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA512]; +static RSA_PSS_SHA256: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY]; +static RSA_PSS_SHA384: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY]; +static RSA_PSS_SHA512: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY]; + +fn convert_scheme(scheme: SignatureScheme) -> Result { + match scheme { + // nb. for TLS1.2 the curve is not fixed by SignatureScheme. + SignatureScheme::ECDSA_NISTP256_SHA256 => Ok(ECDSA_SHA256), + SignatureScheme::ECDSA_NISTP384_SHA384 => Ok(ECDSA_SHA384), + + SignatureScheme::ED25519 => Ok(ED25519), + + SignatureScheme::RSA_PKCS1_SHA256 => Ok(RSA_SHA256), + SignatureScheme::RSA_PKCS1_SHA384 => Ok(RSA_SHA384), + SignatureScheme::RSA_PKCS1_SHA512 => Ok(RSA_SHA512), + + SignatureScheme::RSA_PSS_SHA256 => Ok(RSA_PSS_SHA256), + SignatureScheme::RSA_PSS_SHA384 => Ok(RSA_PSS_SHA384), + SignatureScheme::RSA_PSS_SHA512 => Ok(RSA_PSS_SHA512), + + _ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()), + } +} + +fn verify_sig_using_any_alg( + cert: &webpki::EndEntityCert, + algs: SignatureAlgorithms, + message: &[u8], + sig: &[u8], +) -> Result<(), webpki::Error> { + // TLS doesn't itself give us enough info to map to a single webpki::SignatureVerificationAlgorithm. + // Therefore, convert_algs maps to several and we try them all. + for alg in algs { + match cert.verify_signature(*alg, message, sig) { + Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey) => continue, + res => return res, + } + } + + Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey) +} + +fn verify_signed_struct( + message: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, +) -> Result { + let possible_algs = convert_scheme(dss.scheme)?; + let cert = webpki::EndEntityCert::try_from(cert.0.as_ref()).map_err(pki_error)?; + + verify_sig_using_any_alg(&cert, possible_algs, message, dss.signature()) + .map_err(pki_error) + .map(|_| HandshakeSignatureValid::assertion()) +} + +fn convert_alg_tls13( + scheme: SignatureScheme, +) -> Result<&'static dyn webpki::SignatureVerificationAlgorithm, Error> { + use crate::enums::SignatureScheme::*; + + match scheme { + ECDSA_NISTP256_SHA256 => Ok(webpki::ECDSA_P256_SHA256), + ECDSA_NISTP384_SHA384 => Ok(webpki::ECDSA_P384_SHA384), + ED25519 => Ok(webpki::ED25519), + RSA_PSS_SHA256 => Ok(webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY), + RSA_PSS_SHA384 => Ok(webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY), + RSA_PSS_SHA512 => Ok(webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY), + _ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()), + } +} + +fn verify_tls13( + msg: &[u8], + cert: &Certificate, + dss: &DigitallySignedStruct, +) -> Result { + let alg = convert_alg_tls13(dss.scheme)?; + + let cert = webpki::EndEntityCert::try_from(cert.0.as_ref()).map_err(pki_error)?; + + cert.verify_signature(alg, msg, dss.signature()) + .map_err(pki_error) + .map(|_| HandshakeSignatureValid::assertion()) +} + +#[test] +fn pki_crl_errors() { + // CRL signature errors should be turned into BadSignature. + assert_eq!( + pki_error(webpki::Error::InvalidCrlSignatureForPublicKey), + Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), + ); + assert_eq!( + pki_error(webpki::Error::UnsupportedCrlSignatureAlgorithm), + Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), + ); + assert_eq!( + pki_error(webpki::Error::UnsupportedCrlSignatureAlgorithmForPublicKey), + Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), + ); + + // Revoked cert errors should be turned into Revoked. + assert_eq!( + pki_error(webpki::Error::CertRevoked), + Error::InvalidCertificate(CertificateError::Revoked), + ); + + // Issuer not CRL signer errors should be turned into IssuerInvalidForCrl + assert_eq!( + pki_error(webpki::Error::IssuerNotCrlSigner), + Error::InvalidCertRevocationList(CertRevocationListError::IssuerInvalidForCrl) + ); +} + +#[test] +fn crl_error_from_webpki() { + use crate::CertRevocationListError::*; + let testcases = &[ + (webpki::Error::InvalidCrlSignatureForPublicKey, BadSignature), + ( + webpki::Error::UnsupportedCrlSignatureAlgorithm, + BadSignature, + ), + ( + webpki::Error::UnsupportedCrlSignatureAlgorithmForPublicKey, + BadSignature, + ), + (webpki::Error::InvalidCrlNumber, InvalidCrlNumber), + ( + webpki::Error::InvalidSerialNumber, + InvalidRevokedCertSerialNumber, + ), + (webpki::Error::IssuerNotCrlSigner, IssuerInvalidForCrl), + (webpki::Error::MalformedExtensions, ParseError), + (webpki::Error::BadDer, ParseError), + (webpki::Error::BadDerTime, ParseError), + ( + webpki::Error::UnsupportedCriticalExtension, + UnsupportedCriticalExtension, + ), + (webpki::Error::UnsupportedCrlVersion, UnsupportedCrlVersion), + (webpki::Error::UnsupportedDeltaCrl, UnsupportedDeltaCrl), + ( + webpki::Error::UnsupportedIndirectCrl, + UnsupportedIndirectCrl, + ), + ( + webpki::Error::UnsupportedRevocationReason, + UnsupportedRevocationReason, + ), + ]; + for t in testcases { + assert_eq!( + >::into(t.0), + t.1 + ); + } + + assert!(matches!( + >::into( + webpki::Error::NameConstraintViolation + ), + Other(_) + )); +} + +/// wrapper around internal representation of a parsed certificate. This is used in order to avoid parsing twice when specifying custom verification +#[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] +#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] +pub struct ParsedCertificate<'a>(pub(crate) webpki::EndEntityCert<'a>); + +impl<'a> TryFrom<&'a Certificate> for ParsedCertificate<'a> { + type Error = Error; + fn try_from(value: &'a Certificate) -> Result, Self::Error> { + webpki::EndEntityCert::try_from(value.0.as_ref()) + .map_err(pki_error) + .map(ParsedCertificate) + } +} + +#[cfg(test)] +mod test { + use super::Certificate; + + #[test] + fn certificate_debug() { + assert_eq!( + "Certificate(b\"ab\")", + format!("{:?}", Certificate(b"ab".to_vec())) + ); + } +} From bf0af502a5cdb0f182948a9e99fb9ab391e62809 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 4 Aug 2023 09:29:34 -0400 Subject: [PATCH 0066/1145] examples: fix comment typo in tlsclient-mio. --- examples/src/bin/tlsclient-mio.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 8dce605c51..dbbb94074c 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -124,7 +124,7 @@ impl TlsClient { .unwrap(); } - // If wethat fails, the peer might have started a clean TLS-level + // If that fails, the peer might have started a clean TLS-level // session closure. if io_state.peer_has_closed() { self.clean_closure = true; From 22e6a87f6d5c44212f2969d1fb31ed889499b63a Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 4 Aug 2023 09:36:45 -0400 Subject: [PATCH 0067/1145] examples: IPv6 for mio client/server examples. In the server, bind `::` instead of `0.0.0.0`. In the client: * delete a comment about `openssl s_client/s_server` not supporting IPv6 - we don't test these examples against OpenSSL anymore. * rework `lookup_ipv4` as `lookup_ip`, returning the first socket address whether or not it's IPv4. --- examples/src/bin/tlsclient-mio.rs | 26 +++++++------------------- examples/src/bin/tlsserver-mio.rs | 2 +- 2 files changed, 8 insertions(+), 20 deletions(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index dbbb94074c..0888455b2b 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -8,7 +8,7 @@ use rustls::crypto::CryptoProvider; use std::fs; use std::io; use std::io::{BufReader, Read, Write}; -use std::net::SocketAddr; +use std::net::ToSocketAddrs; use std::str; #[macro_use] @@ -243,22 +243,6 @@ struct Args { arg_hostname: String, } -// TODO: um, well, it turns out that openssl s_client/s_server -// that we use for testing doesn't do ipv6. So we can't actually -// test ipv6 and hence kill this. -fn lookup_ipv4(host: &str, port: u16) -> SocketAddr { - use std::net::ToSocketAddrs; - - let addrs = (host, port).to_socket_addrs().unwrap(); - for addr in addrs { - if let SocketAddr::V4(_) = addr { - return addr; - } - } - - unreachable!("Cannot lookup address"); -} - /// Find a ciphersuite with the given name fn find_suite(name: &str) -> Option { for suite in rustls::ALL_CIPHER_SUITES { @@ -493,11 +477,15 @@ fn main() { } let port = args.flag_port.unwrap_or(443); - let addr = lookup_ipv4(args.arg_hostname.as_str(), port); let config = make_config(&args); - let sock = TcpStream::connect(addr).unwrap(); + let sock_addr = (args.arg_hostname.as_str(), port) + .to_socket_addrs() + .unwrap() + .next() + .unwrap(); + let sock = TcpStream::connect(sock_addr).unwrap(); let server_name = args .arg_hostname .as_str() diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 4066e7fd72..8e9778f32a 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -663,7 +663,7 @@ fn main() { return; } - let mut addr: net::SocketAddr = "0.0.0.0:443".parse().unwrap(); + let mut addr: net::SocketAddr = "[::]:443".parse().unwrap(); addr.set_port(args.flag_port.unwrap_or(443)); let config = make_config(&args); From ef76fec1459c907e7472a19fb993567ca4b288f5 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Thu, 3 Aug 2023 10:42:18 -0700 Subject: [PATCH 0068/1145] ConfigBuilder: expand documentation De-emphasize the linker-friendliness in favor of explaining to the user what they need to do and in what order to do it. Explicitly explain the type parameters. Add separate intro sections for server and client. Shorten examples by using with_safe_defaults() in examples that aren't talking about protocol primitives. --- rustls/src/builder.rs | 159 ++++++++++++++++++++++++++++-------------- 1 file changed, 106 insertions(+), 53 deletions(-) diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 10947e0558..3a574c23c3 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -6,34 +6,100 @@ use crate::versions; use core::fmt; use core::marker::PhantomData; -/// Building a [`ServerConfig`] or [`ClientConfig`] in a linker-friendly and -/// complete way. +/// A [builder] for [`ServerConfig`] or [`ClientConfig`] values. /// -/// Linker-friendly: meaning unused cipher suites, protocol -/// versions, key exchange mechanisms, etc. can be discarded -/// by the linker as they'll be unreferenced. +/// To get one of these, call [`ServerConfig::builder()`] or [`ClientConfig::builder()`]. /// -/// Complete: the type system ensures all decisions required to run a -/// server or client have been made by the time the process finishes. +/// To build a config, you must make at least three decisions (in order): /// -/// Example, to make a [`ServerConfig`]: +/// - Which protocol primitives should be supported (cipher suites, key exchange groups, protocol versions)? +/// - How should this client or server verify certificates provided by its peer? +/// - What certificates should this client or server present to its peer? +/// +/// For settings besides these, see the fields of [`ServerConfig`] and [`ClientConfig`]. +/// +/// The usual choice for protocol primitives is to call +/// [`ConfigBuilder::with_safe_defaults`], which will choose rustls' defaults for cipher suites, key +/// exchange groups and protocol versions: +/// +/// ``` +/// use rustls::{ClientConfig, ServerConfig, crypto::ring::Ring}; +/// // specifies the cryptographic provider to use. +/// ClientConfig::::builder() +/// .with_safe_defaults() +/// // ... +/// # ; +/// +/// ServerConfig::::builder() +/// .with_safe_defaults() +/// // ... +/// # ; +/// ``` +/// +/// If you override the default for one protocol primitive (for instance supporting only TLS 1.3), +/// you will need to explicitly specify configuration for all three. That configuration may simply +/// be "use the default." /// /// ```no_run /// # use rustls::ServerConfig; /// # use rustls::crypto::ring::Ring; -/// # let certs = vec![]; -/// # let private_key = rustls::PrivateKey(vec![]); /// ServerConfig::::builder() /// .with_safe_default_cipher_suites() /// .with_safe_default_kx_groups() -/// .with_safe_default_protocol_versions() +/// .with_protocol_versions(&[&rustls::version::TLS13]) /// .unwrap() -/// .with_no_client_auth() -/// .with_single_cert(certs, private_key) -/// .expect("bad certificate/key"); +/// // ... +/// # ; +/// ``` +/// +/// Overriding a default introduces a `Result` that must be unwrapped, +/// because the config builder checks for consistency of the choices made. For instance, it's an error to +/// configure only TLS 1.2 cipher suites while specifying that TLS 1.3 should be the only supported protocol +/// version. +/// +/// If you configure a smaller set of protocol primitives than the default, you may get a smaller binary, +/// since the code for the unused ones can be optimized away at link time. +/// +/// After choosing protocol primitives, you must choose (a) how to verify certificates and (b) what certificates +/// (if any) to send to the peer. The methods to do this are specific to whether you're building a ClientConfig +/// or a ServerConfig, as tracked by the [`ConfigSide`] type parameter on the various impls of ConfigBuilder. +/// +/// # ClientConfig certificate configuration +/// +/// For a client, _certificate verification_ must be configured either by calling one of: +/// - [`ConfigBuilder::with_root_certificates`] or +/// - [`ConfigBuilder::with_custom_certificate_verifier`] - requires dangerous_configuration feature flag +/// +/// Next, _certificate sending_ (also known as "client authentication", "mutual TLS", or "mTLS") must be configured +/// or disabled using one of: +/// - [`ConfigBuilder::with_no_client_auth`] - to not send client authentication (most common) +/// - [`ConfigBuilder::with_client_auth_cert`] - to always send a specific certificate +/// - [`ConfigBuilder::with_client_cert_resolver`] - to send a certificate chosen dynamically +/// +/// For example: +/// +/// ``` +/// # use rustls::ClientConfig; +/// # use rustls::crypto::ring::Ring; +/// # let root_certs = rustls::RootCertStore::empty(); +/// ClientConfig::::builder() +/// .with_safe_defaults() +/// .with_root_certificates(root_certs) +/// .with_no_client_auth(); /// ``` /// -/// This may be shortened to: +/// # ServerConfig certificate configuration +/// +/// For a server, _certificate verification_ must be configured by calling one of: +/// - [`ConfigBuilder::with_no_client_auth`] - to not require client authentication (most common) +/// - [`ConfigBuilder::with_client_cert_verifier`] - to use a custom verifier +/// +/// Next, _certificate sending_ must be configured by calling one of: +/// - [`ConfigBuilder::with_single_cert`] - to send a specific certificate +/// - [`ConfigBuilder::with_single_cert_with_ocsp`] - to send a specific certificate, plus stapled OCSP +/// - [`ConfigBuilder::with_cert_resolver`] - to send a certificate chosen dynamically +/// +/// For example: /// /// ```no_run /// # use rustls::ServerConfig; @@ -47,56 +113,43 @@ use core::marker::PhantomData; /// .expect("bad certificate/key"); /// ``` /// -/// To make a [`ClientConfig`]: +/// # Types /// -/// ```no_run -/// # use rustls::ClientConfig; -/// # use rustls::crypto::ring::Ring; -/// # let root_certs = rustls::RootCertStore::empty(); -/// # let certs = vec![]; -/// # let private_key = rustls::PrivateKey(vec![]); -/// ClientConfig::::builder() -/// .with_safe_default_cipher_suites() -/// .with_safe_default_kx_groups() -/// .with_safe_default_protocol_versions() -/// .unwrap() -/// .with_root_certificates(root_certs) -/// .with_client_auth_cert(certs, private_key) -/// .expect("bad certificate/key"); -/// ``` +/// ConfigBuilder uses the [typestate] pattern to ensure at compile time that each required +/// configuration item is provided exactly once. This is tracked in the `State` type parameter, +/// which can have these values: /// -/// This may be shortened to: +/// - [`WantsCipherSuites`] +/// - [`WantsKxGroups`] +/// - [`WantsVersions`] +/// - [`WantsVerifier`] +/// - [`WantsClientCert`] +/// - [`WantsServerCert`] /// -/// ``` -/// # use rustls::ClientConfig; -/// # use rustls::crypto::ring::Ring; -/// # let root_certs = rustls::RootCertStore::empty(); -/// ClientConfig::::builder() -/// .with_safe_defaults() -/// .with_root_certificates(root_certs) -/// .with_no_client_auth(); -/// ``` +/// The other type parameter is `Side`, which is either `ServerConfig` or `ClientConfig` +/// depending on whether the ConfigBuilder was built with [`ServerConfig::builder()`] or +/// [`ClientConfig::builder()`]. /// -/// The types used here fit together like this: +/// You won't need to write out either of these type parameters explicitly. If you write a +/// correct chain of configuration calls they will be used automatically. If you write an +/// incorrect chain of configuration calls you will get an error message from the compiler +/// mentioning some of these types. /// -/// 1. Call [`ClientConfig::builder()`] or [`ServerConfig::builder()`] to initialize a builder. -/// 1. You must make a decision on which cipher suites to use, typically -/// by calling [`ConfigBuilder::with_safe_default_cipher_suites()`]. -/// 2. Now you must make a decision -/// on key exchange groups: typically by calling -/// [`ConfigBuilder::with_safe_default_kx_groups()`]. -/// 3. Now you must make -/// a decision on which protocol versions to support, typically by calling -/// [`ConfigBuilder::with_safe_default_protocol_versions()`]. -/// 5. Now see [`ConfigBuilder`] or -/// [`ConfigBuilder`] for further steps. +/// Additionally, ServerConfig and ClientConfig are parameterized by `C`, a [`CryptoProvider`], +/// which determines a cryptographic backend to use (for instance, `ring`). That type parameter +/// is used in several of the `State` types as well. /// +/// [builder]: https://rust-unofficial.github.io/patterns/patterns/creational/builder.html +/// [typestate]: http://cliffle.com/blog/rust-typestate/ /// [`ServerConfig`]: crate::ServerConfig +/// [`ServerConfig::builder`]: crate::ServerConfig::builder /// [`ClientConfig`]: crate::ClientConfig /// [`ClientConfig::builder()`]: crate::ClientConfig::builder() /// [`ServerConfig::builder()`]: crate::ServerConfig::builder() /// [`ConfigBuilder`]: struct.ConfigBuilder.html#impl-3 /// [`ConfigBuilder`]: struct.ConfigBuilder.html#impl-6 +/// [`WantsClientCert`]: crate::client::WantsClientCert +/// [`WantsServerCert`]: crate::server::WantsServerCert #[derive(Clone)] pub struct ConfigBuilder { pub(crate) state: State, From f5837b06b593601c1df29b9afc004b8436d8ef1c Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 7 Aug 2023 16:29:28 +0200 Subject: [PATCH 0069/1145] examples: print server address --- examples/src/bin/tlsserver-mio.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 8e9778f32a..10d244a4f2 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -669,6 +669,7 @@ fn main() { let config = make_config(&args); let mut listener = TcpListener::bind(addr).expect("cannot listen on port"); + println!("listening on {addr}"); let mut poll = mio::Poll::new().unwrap(); poll.registry() .register(&mut listener, LISTENER, mio::Interest::READABLE) From 9bdb243ffab597f09c7acb8c5d076b5244124646 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 8 Aug 2023 14:28:09 +0100 Subject: [PATCH 0070/1145] Enable feature(doc_auto_cfg) This removes duplicated manual feature gates for documentation and leaves it to `cargo doc` to derive the same information from the actual feature gates. I didn't find any gaps in the auto-generated features and what we had before, but now things like `rustls::cipher_suite::TLS_ECDHE_*` are correctly marked tls12-only. --- rustls/src/client/client_conn.rs | 3 --- rustls/src/conn.rs | 2 -- rustls/src/lib.rs | 4 +--- rustls/src/server/server_conn.rs | 2 -- rustls/src/suites.rs | 2 -- rustls/src/verify.rs | 5 ----- rustls/src/webpki/verify.rs | 4 ---- 7 files changed, 1 insertion(+), 21 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index ac768a2eb0..497d02a6ab 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -172,7 +172,6 @@ pub struct ClientConfig { /// Allows traffic secrets to be extracted after the handshake, /// e.g. for kTLS setup. #[cfg(feature = "secret_extraction")] - #[cfg_attr(docsrs, doc(cfg(feature = "secret_extraction")))] pub enable_secret_extraction: bool, /// Whether to send data on the first flight ("early data") in @@ -422,7 +421,6 @@ pub(super) mod danger { /// Accessor for dangerous configuration options. #[derive(Debug)] - #[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] pub struct DangerousClientConfig<'a, C: CryptoProvider> { /// The underlying ClientConfig pub cfg: &'a mut ClientConfig, @@ -630,7 +628,6 @@ impl ClientConnection { /// Extract secrets, so they can be used when configuring kTLS, for example. #[cfg(feature = "secret_extraction")] - #[cfg_attr(docsrs, doc(cfg(feature = "secret_extraction")))] pub fn extract_secrets(self) -> Result { self.inner.extract_secrets() } diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 974bbf6f23..4bdf437aac 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -85,7 +85,6 @@ impl Connection { /// Extract secrets, to set up kTLS for example #[cfg(feature = "secret_extraction")] - #[cfg_attr(docsrs, doc(cfg(feature = "secret_extraction")))] pub fn extract_secrets(self) -> Result { match self { Self::Client(conn) => conn.extract_secrets(), @@ -548,7 +547,6 @@ impl ConnectionCommon { /// Extract secrets, so they can be used when configuring kTLS, for example. #[cfg(feature = "secret_extraction")] - #[cfg_attr(docsrs, doc(cfg(feature = "secret_extraction")))] pub fn extract_secrets(self) -> Result { if !self.enable_secret_extraction { return Err(Error::General("Secret extraction is disabled".into())); diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 67b798068c..44d193f14c 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -291,7 +291,7 @@ clippy::new_without_default )] // Enable documentation for all features on docs.rs -#![cfg_attr(docsrs, feature(doc_cfg))] +#![cfg_attr(docsrs, feature(doc_cfg, doc_auto_cfg))] // XXX: Because of https://github.com/rust-lang/rust/issues/54726, we cannot // write `#![rustversion::attr(nightly, feature(read_buf))]` here. Instead, // build.rs set `read_buf` for (only) Rust Nightly to get the same effect. @@ -400,7 +400,6 @@ pub use crate::suites::{ BulkAlgorithm, SupportedCipherSuite, ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES, }; #[cfg(feature = "secret_extraction")] -#[cfg_attr(docsrs, doc(cfg(feature = "secret_extraction")))] pub use crate::suites::{ConnectionTrafficSecrets, ExtractedSecrets}; pub use crate::ticketer::TicketSwitcher; #[cfg(feature = "tls12")] @@ -514,7 +513,6 @@ pub use crypto::ring::kx_group; pub mod sign; #[cfg(feature = "quic")] -#[cfg_attr(docsrs, doc(cfg(feature = "quic")))] /// APIs for implementing QUIC TLS pub mod quic; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 4412e76e46..13bcd8a79f 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -248,7 +248,6 @@ pub struct ServerConfig { /// Allows traffic secrets to be extracted after the handshake, /// e.g. for kTLS setup. #[cfg(feature = "secret_extraction")] - #[cfg_attr(docsrs, doc(cfg(feature = "secret_extraction")))] pub enable_secret_extraction: bool, /// Amount of early data to accept for sessions created by @@ -486,7 +485,6 @@ impl ServerConnection { /// Extract secrets, so they can be used when configuring kTLS, for example. #[cfg(feature = "secret_extraction")] - #[cfg_attr(docsrs, doc(cfg(feature = "secret_extraction")))] pub fn extract_secrets(self) -> Result { self.inner.extract_secrets() } diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 62e69a243c..88282dd9a3 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -220,7 +220,6 @@ pub(crate) fn compatible_sigscheme_for_suites( /// to configure kTLS for a socket, and have the kernel take over encryption /// and/or decryption. #[cfg(feature = "secret_extraction")] -#[cfg_attr(docsrs, doc(cfg(feature = "secret_extraction")))] pub struct ExtractedSecrets { /// sequence number and secrets for the "tx" (transmit) direction pub tx: (u64, ConnectionTrafficSecrets), @@ -245,7 +244,6 @@ pub(crate) struct PartiallyExtractedSecrets { /// The only other piece of information needed is the sequence number, /// which is in [ExtractedSecrets]. #[cfg(feature = "secret_extraction")] -#[cfg_attr(docsrs, doc(cfg(feature = "secret_extraction")))] #[non_exhaustive] pub enum ConnectionTrafficSecrets { /// Secrets for the AES_128_GCM AEAD algorithm diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 376912bc12..516da26088 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -21,7 +21,6 @@ use crate::msgs::handshake::DistinguishedName; /// Zero-sized marker type representing verification of a signature. #[derive(Debug)] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] pub struct HandshakeSignatureValid(()); impl HandshakeSignatureValid { @@ -43,7 +42,6 @@ impl FinishedMessageVerified { /// Zero-sized marker type representing verification of a server cert chain. #[allow(unreachable_pub)] #[derive(Debug)] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] pub struct ServerCertVerified(()); #[allow(unreachable_pub)] @@ -56,7 +54,6 @@ impl ServerCertVerified { /// Zero-sized marker type representing verification of a client cert chain. #[derive(Debug)] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] pub struct ClientCertVerified(()); impl ClientCertVerified { @@ -69,7 +66,6 @@ impl ClientCertVerified { /// Something that can verify a server certificate chain, and verify /// signatures made by certificates. #[allow(unreachable_pub)] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] pub trait ServerCertVerifier: Send + Sync { /// Verify the end-entity certificate `end_entity` is valid for the /// hostname `dns_name` and chains to at least one trust anchor. @@ -150,7 +146,6 @@ impl fmt::Debug for dyn ServerCertVerifier { /// Something that can verify a client certificate chain #[allow(unreachable_pub)] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] pub trait ClientCertVerifier: Send + Sync { /// Returns `true` to enable the server to request a client certificate and /// `false` to skip requesting a client certificate. Defaults to `true`. diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 8d8f52e577..37826a6581 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -42,7 +42,6 @@ static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[ /// same order that the server sent them and may be empty. #[allow(dead_code)] #[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] pub fn verify_server_cert_signed_by_trust_anchor( cert: &ParsedCertificate, roots: &RootCertStore, @@ -70,7 +69,6 @@ pub fn verify_server_cert_signed_by_trust_anchor( /// note: this only verifies the name and should be used in conjuction with more verification /// like [verify_server_cert_signed_by_trust_anchor] #[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] pub fn verify_server_name(cert: &ParsedCertificate, server_name: &ServerName) -> Result<(), Error> { match server_name { ServerName::DnsName(dns_name) => { @@ -145,7 +143,6 @@ impl ServerCertVerifier for WebPkiServerVerifier { /// Default `ServerCertVerifier`, see the trait impl for more information. #[allow(unreachable_pub)] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] pub struct WebPkiServerVerifier { roots: RootCertStore, } @@ -642,7 +639,6 @@ fn crl_error_from_webpki() { /// wrapper around internal representation of a parsed certificate. This is used in order to avoid parsing twice when specifying custom verification #[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] -#[cfg_attr(docsrs, doc(cfg(feature = "dangerous_configuration")))] pub struct ParsedCertificate<'a>(pub(crate) webpki::EndEntityCert<'a>); impl<'a> TryFrom<&'a Certificate> for ParsedCertificate<'a> { From 0545b61c6b4b3fdf3e4893ed9e0947cce095e054 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 8 Aug 2023 09:09:48 -0400 Subject: [PATCH 0071/1145] record_layer: reorder members. This change moves the members of the `RecordLayer` type to match preferred convention: * Ordered by visibility, `pub(crate)` parts first, private parts last. * Ordered by complexity, more involved functions first, trivial functions later. --- rustls/src/record_layer.rs | 142 ++++++++++++++++++------------------- 1 file changed, 71 insertions(+), 71 deletions(-) diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index c05a34720c..ed922d63b2 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -49,33 +49,66 @@ impl RecordLayer { } } - pub(crate) fn is_encrypting(&self) -> bool { - self.encrypt_state == DirectionState::Active - } - - #[cfg(feature = "secret_extraction")] - pub(crate) fn write_seq(&self) -> u64 { - self.write_seq - } + /// Decrypt a TLS message. + /// + /// `encr` is a decoded message allegedly received from the peer. + /// If it can be decrypted, its decryption is returned. Otherwise, + /// an error is returned. + pub(crate) fn decrypt_incoming( + &mut self, + encr: OpaqueMessage, + ) -> Result, Error> { + if self.decrypt_state != DirectionState::Active { + return Ok(Some(Decrypted { + want_close_before_decrypt: false, + plaintext: encr.into_plain_message(), + })); + } - #[cfg(feature = "secret_extraction")] - pub(crate) fn read_seq(&self) -> u64 { - self.read_seq - } + // Set to `true` if the peer appears to getting close to encrypting + // too many messages with this key. + // + // Perhaps if we send an alert well before their counter wraps, a + // buggy peer won't make a terrible mistake here? + // + // Note that there's no reason to refuse to decrypt: the security + // failure has already happened. + let want_close_before_decrypt = self.read_seq == SEQ_SOFT_LIMIT; - fn doing_trial_decryption(&mut self, requested: usize) -> bool { + let encrypted_len = encr.payload.0.len(); match self - .trial_decryption_len - .and_then(|value| value.checked_sub(requested)) + .message_decrypter + .decrypt(encr, self.read_seq) { - Some(remaining) => { - self.trial_decryption_len = Some(remaining); - true + Ok(plaintext) => { + self.read_seq += 1; + Ok(Some(Decrypted { + want_close_before_decrypt, + plaintext, + })) } - _ => false, + Err(Error::DecryptError) if self.doing_trial_decryption(encrypted_len) => { + trace!("Dropping undecryptable message after aborted early_data"); + Ok(None) + } + Err(err) => Err(err), } } + /// Encrypt a TLS message. + /// + /// `plain` is a TLS message we'd like to send. This function + /// panics if the requisite keying material hasn't been established yet. + pub(crate) fn encrypt_outgoing(&mut self, plain: BorrowedPlainMessage) -> OpaqueMessage { + debug_assert!(self.encrypt_state == DirectionState::Active); + assert!(!self.encrypt_exhausted()); + let seq = self.write_seq; + self.write_seq += 1; + self.message_encrypter + .encrypt(plain, seq) + .unwrap() + } + /// Prepare to use the given `MessageEncrypter` for future message encryption. /// It is not used until you call `start_encrypting`. pub(crate) fn prepare_message_encrypter(&mut self, cipher: Box) { @@ -150,65 +183,32 @@ impl RecordLayer { self.write_seq >= SEQ_HARD_LIMIT } - /// Decrypt a TLS message. - /// - /// `encr` is a decoded message allegedly received from the peer. - /// If it can be decrypted, its decryption is returned. Otherwise, - /// an error is returned. - pub(crate) fn decrypt_incoming( - &mut self, - encr: OpaqueMessage, - ) -> Result, Error> { - if self.decrypt_state != DirectionState::Active { - return Ok(Some(Decrypted { - want_close_before_decrypt: false, - plaintext: encr.into_plain_message(), - })); - } + pub(crate) fn is_encrypting(&self) -> bool { + self.encrypt_state == DirectionState::Active + } - // Set to `true` if the peer appears to getting close to encrypting - // too many messages with this key. - // - // Perhaps if we send an alert well before their counter wraps, a - // buggy peer won't make a terrible mistake here? - // - // Note that there's no reason to refuse to decrypt: the security - // failure has already happened. - let want_close_before_decrypt = self.read_seq == SEQ_SOFT_LIMIT; + #[cfg(feature = "secret_extraction")] + pub(crate) fn write_seq(&self) -> u64 { + self.write_seq + } - let encrypted_len = encr.payload.0.len(); + #[cfg(feature = "secret_extraction")] + pub(crate) fn read_seq(&self) -> u64 { + self.read_seq + } + + fn doing_trial_decryption(&mut self, requested: usize) -> bool { match self - .message_decrypter - .decrypt(encr, self.read_seq) + .trial_decryption_len + .and_then(|value| value.checked_sub(requested)) { - Ok(plaintext) => { - self.read_seq += 1; - Ok(Some(Decrypted { - want_close_before_decrypt, - plaintext, - })) - } - Err(Error::DecryptError) if self.doing_trial_decryption(encrypted_len) => { - trace!("Dropping undecryptable message after aborted early_data"); - Ok(None) + Some(remaining) => { + self.trial_decryption_len = Some(remaining); + true } - Err(err) => Err(err), + _ => false, } } - - /// Encrypt a TLS message. - /// - /// `plain` is a TLS message we'd like to send. This function - /// panics if the requisite keying material hasn't been established yet. - pub(crate) fn encrypt_outgoing(&mut self, plain: BorrowedPlainMessage) -> OpaqueMessage { - debug_assert!(self.encrypt_state == DirectionState::Active); - assert!(!self.encrypt_exhausted()); - let seq = self.write_seq; - self.write_seq += 1; - self.message_encrypter - .encrypt(plain, seq) - .unwrap() - } } /// Result of decryption. From 0ac8fb920a26da202760a9acf9013493f68b54c6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 8 Aug 2023 09:12:43 -0400 Subject: [PATCH 0072/1145] record_layer: track whether decryption has occurred. This commit updates the `RecordLayer` to maintain state about whether a decryption has ever occurred. This is maintained separate from the `read_seq` state that can be overwritten when a rekey occurs. The net effect is that once a `RecordLayer` has decrypted a message successfully it will remember this fact across any number of rekeys. This information is useful for the deframer layer where we want to make a determination about how to handle a received plaintext alert based on whether any decryptions have occurred prior to the alert. --- rustls/src/record_layer.rs | 70 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index ed922d63b2..7dece34d50 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -26,6 +26,7 @@ pub struct RecordLayer { message_decrypter: Box, write_seq: u64, read_seq: u64, + has_decrypted: bool, encrypt_state: DirectionState, decrypt_state: DirectionState, @@ -43,6 +44,7 @@ impl RecordLayer { message_decrypter: ::invalid(), write_seq: 0, read_seq: 0, + has_decrypted: false, encrypt_state: DirectionState::Invalid, decrypt_state: DirectionState::Invalid, trial_decryption_len: None, @@ -82,6 +84,9 @@ impl RecordLayer { { Ok(plaintext) => { self.read_seq += 1; + if !self.has_decrypted { + self.has_decrypted = true; + } Ok(Some(Decrypted { want_close_before_decrypt, plaintext, @@ -187,6 +192,12 @@ impl RecordLayer { self.encrypt_state == DirectionState::Active } + /// Return true if we have ever decrypted a message. This is used in place + /// of checking the read_seq since that will be reset on key updates. + pub(crate) fn has_decrypted(&self) -> bool { + self.has_decrypted + } + #[cfg(feature = "secret_extraction")] pub(crate) fn write_seq(&self) -> u64 { self.write_seq @@ -219,3 +230,62 @@ pub struct Decrypted { /// The decrypted message. pub plaintext: PlainMessage, } + +#[test] +fn test_has_decrypted() { + use crate::msgs::base::Payload; + use crate::{ContentType, ProtocolVersion}; + + struct PassThroughDecrypter; + impl MessageDecrypter for PassThroughDecrypter { + fn decrypt(&self, m: OpaqueMessage, _: u64) -> Result { + Ok(m.into_plain_message()) + } + } + + // A record layer starts out invalid, having never decrypted. + let mut record_layer = RecordLayer::new(); + assert!(matches!( + record_layer.decrypt_state, + DirectionState::Invalid + )); + assert_eq!(record_layer.read_seq, 0); + assert!(!record_layer.has_decrypted()); + + // Preparing the record layer should update the decrypt state, but shouldn't affect whether it + // has decrypted. + record_layer.prepare_message_decrypter(Box::new(PassThroughDecrypter)); + assert!(matches!( + record_layer.decrypt_state, + DirectionState::Prepared + )); + assert_eq!(record_layer.read_seq, 0); + assert!(!record_layer.has_decrypted()); + + // Starting decryption should update the decrypt state, but not affect whether it has decrypted. + record_layer.start_decrypting(); + assert!(matches!(record_layer.decrypt_state, DirectionState::Active)); + assert_eq!(record_layer.read_seq, 0); + assert!(!record_layer.has_decrypted()); + + // Decrypting a message should update the read_seq and track that we have now performed + // a decryption. + let msg = OpaqueMessage { + typ: ContentType::Handshake, + version: ProtocolVersion::TLSv1_2, + payload: Payload(vec![0xC0, 0xFF, 0xEE]), + }; + record_layer + .decrypt_incoming(msg) + .unwrap(); + assert!(matches!(record_layer.decrypt_state, DirectionState::Active)); + assert_eq!(record_layer.read_seq, 1); + assert!(record_layer.has_decrypted()); + + // Resetting the record layer message decrypter (as if a key update occurred) should reset + // the read_seq number, but not our knowledge of whether we have decrypted previously. + record_layer.set_message_decrypter(Box::new(PassThroughDecrypter)); + assert!(matches!(record_layer.decrypt_state, DirectionState::Active)); + assert_eq!(record_layer.read_seq, 0); + assert!(record_layer.has_decrypted()); +} From d8073ea20563a8dbfde84f7bc6aa3f01989b7321 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 4 Aug 2023 11:09:12 -0400 Subject: [PATCH 0073/1145] deframer: remove stale comment. The described behaviour isn't happening at the location of the comment, it happens later on after some additional processing. At the comment site we're only considering `ChangeCipherSpec` for early return, not returning an err for non-handshake messages while joining. This commit updates the comment to better reflect the current reality. --- rustls/src/msgs/deframer.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 7245825924..acf80e7def 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -87,8 +87,7 @@ impl MessageDeframer { } }; - // If we're in the middle of joining a handshake payload and the next message is not of - // type handshake, yield an error. Return CCS messages immediately without decrypting. + // Return CCS messages immediately without decrypting. let end = start + rd.used(); if m.typ == ContentType::ChangeCipherSpec && self.joining_hs.is_none() { // This is unencrypted. We check the contents later. From 222690db367bfee3e41938d34707d42d7282e3d7 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 7 Aug 2023 12:06:22 -0400 Subject: [PATCH 0074/1145] deframer: allow plaintext alerts in early 1.3 HS. Some TLS 1.3 implementations send plaintext alerts (e.g. for an unknown certificate issuer) early in the handshake. Trying to decrypt these messages will produce a decrypt error (because they're plaintext!). We also don't want to allow plaintext alerts to be received after encrypted records have been exchanged, since this could allow an active adversary to inject alerts. As a compromise to support clients that send a plaintext alert before any encrypted data, we adjust the deframer in this commit to pass through plaintext alerts iff: * The message type is alert, (e.g. not application data, etc) * There have been no encrypted records received yet. * The message payload is no more than 2 bytes in size (matching an expected plaintext alert payload). * The negotiated protocol version is TLS 1.3 - in TLS 1.2 the CCS messages make whether to expect plaintext or not unambiguous. It's only for TLS 1.3 that we need the heuristics mentioned above. This retains protection against plaintext alerts being sent after encrypted content while still allowing the server to log the correct alert in the early-handshake condition, instead of a decrypt error. --- fuzz/fuzzers/deframer.rs | 2 +- rustls/src/conn.rs | 8 ++-- rustls/src/msgs/deframer.rs | 58 +++++++++++++++++++----- rustls/tests/api.rs | 88 ++++++++++++++++++++++++++++++++++++- 4 files changed, 138 insertions(+), 18 deletions(-) diff --git a/fuzz/fuzzers/deframer.rs b/fuzz/fuzzers/deframer.rs index 4923e7bbca..166cdacdfd 100644 --- a/fuzz/fuzzers/deframer.rs +++ b/fuzz/fuzzers/deframer.rs @@ -19,7 +19,7 @@ fuzz_target!(|data: &[u8]| { dfm.has_pending(); let mut rl = RecordLayer::new(); - while let Ok(Some(decrypted)) = dfm.pop(&mut rl) { + while let Ok(Some(decrypted)) = dfm.pop(&mut rl, None) { Message::try_from(decrypted.message).ok(); } }); diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 4bdf437aac..87d4b9cc0f 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -634,10 +634,10 @@ impl ConnectionCore { /// Pull a message out of the deframer and send any messages that need to be sent as a result. fn deframe(&mut self) -> Result, Error> { - match self - .message_deframer - .pop(&mut self.common_state.record_layer) - { + match self.message_deframer.pop( + &mut self.common_state.record_layer, + self.common_state.negotiated_version, + ) { Ok(Some(Deframed { want_close_before_decrypt, aligned, diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index acf80e7def..ba195dbfad 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -39,7 +39,11 @@ impl MessageDeframer { /// Returns an `Error` if the deframer failed to parse some message contents or if decryption /// failed, `Ok(None)` if no full message is buffered or if trial decryption failed, and /// `Ok(Some(_))` if a valid message was found and decrypted successfully. - pub fn pop(&mut self, record_layer: &mut RecordLayer) -> Result, Error> { + pub fn pop( + &mut self, + record_layer: &mut RecordLayer, + negotiated_version: Option, + ) -> Result, Error> { if let Some(last_err) = self.last_error.clone() { return Err(last_err); } else if self.used == 0 { @@ -87,9 +91,29 @@ impl MessageDeframer { } }; - // Return CCS messages immediately without decrypting. + // Return CCS messages and early plaintext alerts immediately without decrypting. let end = start + rd.used(); - if m.typ == ContentType::ChangeCipherSpec && self.joining_hs.is_none() { + let version_is_tls13 = matches!(negotiated_version, Some(ProtocolVersion::TLSv1_3)); + let allowed_plaintext = match m.typ { + // CCS messages are always plaintext. + ContentType::ChangeCipherSpec => true, + // Alerts are allowed to be plaintext if-and-only-if: + // * The negotiated protocol version is TLS 1.3. - In TLS 1.2 it is unambiguous when + // keying changes based on the CCS message. Only TLS 1.3 requires these heuristics. + // * We have not yet decrypted any messages from the peer - if we have we don't + // expect any plaintext. + // * The payload size is indicative of a plaintext alert message. + ContentType::Alert + if version_is_tls13 + && !record_layer.has_decrypted() + && m.payload.0.len() <= 2 => + { + true + } + // In other circumstances, we expect all messages to be encrypted. + _ => false, + }; + if self.joining_hs.is_none() && allowed_plaintext { // This is unencrypted. We check the contents later. self.discard(end); return Ok(Some(Deframed { @@ -514,13 +538,21 @@ mod tests { } fn pop_first(d: &mut MessageDeframer, rl: &mut RecordLayer) { - let m = d.pop(rl).unwrap().unwrap().message; + let m = d + .pop(rl, None) + .unwrap() + .unwrap() + .message; assert_eq!(m.typ, ContentType::Handshake); Message::try_from(m).unwrap(); } fn pop_second(d: &mut MessageDeframer, rl: &mut RecordLayer) { - let m = d.pop(rl).unwrap().unwrap().message; + let m = d + .pop(rl, None) + .unwrap() + .unwrap() + .message; assert_eq!(m.typ, ContentType::Alert); Message::try_from(m).unwrap(); } @@ -640,7 +672,7 @@ mod tests { let mut rl = RecordLayer::new(); assert_eq!( - d.pop(&mut rl).unwrap_err(), + d.pop(&mut rl, None).unwrap_err(), Error::InvalidMessage(InvalidMessage::InvalidContentType) ); } @@ -655,7 +687,7 @@ mod tests { let mut rl = RecordLayer::new(); assert_eq!( - d.pop(&mut rl).unwrap_err(), + d.pop(&mut rl, None).unwrap_err(), Error::InvalidMessage(InvalidMessage::UnknownProtocolVersion) ); } @@ -670,7 +702,7 @@ mod tests { let mut rl = RecordLayer::new(); assert_eq!( - d.pop(&mut rl).unwrap_err(), + d.pop(&mut rl, None).unwrap_err(), Error::InvalidMessage(InvalidMessage::MessageTooLarge) ); } @@ -684,7 +716,11 @@ mod tests { ); let mut rl = RecordLayer::new(); - let m = d.pop(&mut rl).unwrap().unwrap().message; + let m = d + .pop(&mut rl, None) + .unwrap() + .unwrap() + .message; assert_eq!(m.typ, ContentType::ApplicationData); assert_eq!(m.payload.0.len(), 0); assert!(!d.has_pending()); @@ -701,12 +737,12 @@ mod tests { let mut rl = RecordLayer::new(); assert_eq!( - d.pop(&mut rl).unwrap_err(), + d.pop(&mut rl, None).unwrap_err(), Error::InvalidMessage(InvalidMessage::InvalidEmptyPayload) ); // CorruptMessage has been fused assert_eq!( - d.pop(&mut rl).unwrap_err(), + d.pop(&mut rl, None).unwrap_err(), Error::InvalidMessage(InvalidMessage::InvalidEmptyPayload) ); } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index afc9eee591..a1d8e3fa4e 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -14,12 +14,14 @@ use rustls::crypto::ring::Ring; use rustls::crypto::CryptoProvider; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; +use rustls::internal::msgs::enums::AlertLevel; +use rustls::internal::msgs::message::PlainMessage; use rustls::server::{ClientHello, ResolvesServerCert, WebPkiClientVerifier}; #[cfg(feature = "secret_extraction")] use rustls::ConnectionTrafficSecrets; use rustls::{ - sign, CertificateError, ConnectionCommon, Error, KeyLog, PeerIncompatible, PeerMisbehaved, - SideData, + sign, AlertDescription, CertificateError, ConnectionCommon, ContentType, Error, KeyLog, + PeerIncompatible, PeerMisbehaved, SideData, }; use rustls::{CipherSuite, ProtocolVersion, SignatureScheme}; use rustls::{ClientConfig, ClientConnection}; @@ -681,6 +683,88 @@ fn client_closes_uncleanly() { } } +#[test] +fn test_tls13_valid_early_plaintext_alert() { + let (mut client, mut server) = make_pair(KeyType::Rsa); + + // Perform the start of a TLS 1.3 handshake, sending a client hello to the server. + // The client will not have written a CCS or any encrypted messages to the server yet. + transfer(&mut client, &mut server); + server.process_new_packets().unwrap(); + + // Inject a plaintext alert from the client. The server should accept this since: + // * It hasn't decrypted any messages from the peer yet. + // * The message content type is Alert. + // * The payload size is indicative of a plaintext alert message. + // * The negotiated protocol version is TLS 1.3. + server + .read_tls(&mut io::Cursor::new( + >::into(Message::build_alert( + AlertLevel::Fatal, + AlertDescription::UnknownCA, + )) + .borrow() + .to_unencrypted_opaque() + .encode(), + )) + .unwrap(); + + // The server should process the plaintext alert without error. + assert_eq!( + server.process_new_packets(), + Err(Error::AlertReceived(AlertDescription::UnknownCA)), + ); +} + +#[test] +fn test_tls13_too_short_early_plaintext_alert() { + let (mut client, mut server) = make_pair(KeyType::Rsa); + + // Perform the start of a TLS 1.3 handshake, sending a client hello to the server. + // The client will not have written a CCS or any encrypted messages to the server yet. + transfer(&mut client, &mut server); + server.process_new_packets().unwrap(); + + // Inject a plaintext alert from the client. The server should attempt to decrypt this message + // because the payload length is too large to be considered an early plaintext alert. + let mut payload = vec![ContentType::Alert.get_u8()]; + ProtocolVersion::TLSv1_2.encode(&mut payload); + payload.extend(&[0x00, 0x03]); // Length of 3. + payload.extend(&[AlertLevel::Fatal.get_u8(), 0xDE, 0xAD]); // Three byte fatal alert. + + server + .read_tls(&mut io::Cursor::new(payload)) + .unwrap(); + + // The server should produce a decrypt error trying to decrypt the plaintext alert. + assert_eq!(server.process_new_packets(), Err(Error::DecryptError),); +} + +#[test] +fn test_tls13_late_plaintext_alert() { + let (mut client, mut server) = make_pair(KeyType::Rsa); + + // Complete a bi-directional TLS1.3 handshake. After this point no plaintext messages + // should occur. + do_handshake(&mut client, &mut server); + + // Inject a plaintext alert from the client. The server should attempt to decrypt this message. + server + .read_tls(&mut io::Cursor::new( + >::into(Message::build_alert( + AlertLevel::Fatal, + AlertDescription::UnknownCA, + )) + .borrow() + .to_unencrypted_opaque() + .encode(), + )) + .unwrap(); + + // The server should produce a decrypt error, trying to decrypt a plaintext alert. + assert_eq!(server.process_new_packets(), Err(Error::DecryptError)); +} + #[derive(Default)] struct ServerCheckCertResolve { expected_sni: Option, From cc201f5ffe438053c17fba1478a63a0beca3eae2 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 9 Aug 2023 10:04:42 +0100 Subject: [PATCH 0075/1145] Fix new nightly clippy lints - several `clippy::slow_vector_initialization` - one `clippy::redundant_guards` --- examples/src/bin/tlsclient-mio.rs | 3 +-- examples/src/bin/tlsserver-mio.rs | 5 ++--- rustls/src/tls12/mod.rs | 6 ++---- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 0888455b2b..8c83e074a3 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -113,8 +113,7 @@ impl TlsClient { // // Read it and then write it to stdout. if io_state.plaintext_bytes_to_read() > 0 { - let mut plaintext = Vec::new(); - plaintext.resize(io_state.plaintext_bytes_to_read(), 0u8); + let mut plaintext = vec![0u8; io_state.plaintext_bytes_to_read()]; self.tls_conn .reader() .read_exact(&mut plaintext) diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 10d244a4f2..9b0d4aa140 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -239,8 +239,7 @@ impl OpenConnection { // Read and process all available plaintext. if let Ok(io_state) = self.tls_conn.process_new_packets() { if io_state.plaintext_bytes_to_read() > 0 { - let mut buf = Vec::new(); - buf.resize(io_state.plaintext_bytes_to_read(), 0u8); + let mut buf = vec![0u8; io_state.plaintext_bytes_to_read()]; self.tls_conn .reader() @@ -274,7 +273,7 @@ impl OpenConnection { // If we have a successful but empty read, that's an EOF. // Otherwise, we shove the data into the TLS session. match maybe_len { - Some(len) if len == 0 => { + Some(0) => { debug!("back eof"); self.closing = true; } diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index ed0442870a..3c4e5fee11 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -313,8 +313,7 @@ impl ConnectionSecrets { let len = (common.aead_algorithm.key_len() + suite.fixed_iv_len) * 2 + suite.explicit_nonce_len; - let mut out = Vec::new(); - out.resize(len, 0u8); + let mut out = vec![0u8; len]; // NOTE: opposite order to above for no good reason. // Don't design security protocols on drugs, kids. @@ -341,8 +340,7 @@ impl ConnectionSecrets { } fn make_verify_data(&self, handshake_hash: &Digest, label: &[u8]) -> Vec { - let mut out = Vec::new(); - out.resize(12, 0u8); + let mut out = vec![0u8; 12]; prf::prf( &mut out, From 1fc30c7cbf9afdaa5d6b4e20ddb1078288d7d07e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 17 Jul 2023 16:06:11 +0100 Subject: [PATCH 0076/1145] Make it possible to implement fill_random outside crate --- rustls/src/crypto/mod.rs | 3 ++- rustls/src/rand.rs | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 8ed4e498eb..c2ebabe314 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,4 +1,3 @@ -use crate::rand::GetRandomFailed; use crate::{Error, NamedGroup}; use core::fmt::Debug; @@ -6,6 +5,8 @@ use core::fmt::Debug; /// *ring* based CryptoProvider. pub mod ring; +pub use crate::rand::GetRandomFailed; + /// Pluggable crypto galore. pub trait CryptoProvider: Send + Sync + 'static { /// KeyExchange operations that are supported by the provider. diff --git a/rustls/src/rand.rs b/rustls/src/rand.rs index 0320d504c0..41a5f09766 100644 --- a/rustls/src/rand.rs +++ b/rustls/src/rand.rs @@ -17,5 +17,6 @@ pub(crate) fn random_u32() -> Result { Ok(u32::from_be_bytes(buf)) } +/// Random material generation failed. #[derive(Debug)] pub struct GetRandomFailed; From 1b752ea2217a0031587070bf6dae793585a72039 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 10 Aug 2023 11:24:51 +0100 Subject: [PATCH 0077/1145] Expose & simplify KeyExchangeAlgorithm This is how a TLS1.2 ciphersuite specifies how to decode a {Client,Server}KeyExchange message. This previously had a bunch of unused values: make it non_exhaustive so we can extend it in the future, but otherwise remove all the unused items that could mislead people as to what is actually implemented. This needs to be public so a `rustls::Tls12CipherSuite` can be constructed outside the core crate. --- rustls/src/crypto/mod.rs | 2 ++ rustls/src/msgs/handshake.rs | 7 +------ 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index c2ebabe314..337eb693f8 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -7,6 +7,8 @@ pub mod ring; pub use crate::rand::GetRandomFailed; +pub use crate::msgs::handshake::KeyExchangeAlgorithm; + /// Pluggable crypto galore. pub trait CryptoProvider: Send + Sync + 'static { /// KeyExchange operations that are supported by the provider. diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 6109dcb261..824dbf5479 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1457,12 +1457,8 @@ impl CertificatePayloadTLS13 { } #[derive(Clone, Copy, Debug, PartialEq)] +#[non_exhaustive] pub enum KeyExchangeAlgorithm { - BulkOnly, - DH, - DHE, - RSA, - ECDH, ECDHE, } @@ -1595,7 +1591,6 @@ impl ServerKeyExchangePayload { let result = match kxa { KeyExchangeAlgorithm::ECDHE => ECDHEServerKeyExchange::read(&mut rd), - _ => return None, }; if !rd.any_left() { From 576ba5dd174c2efb21d9b638ba1e1fb556dc5446 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 13 Jun 2023 14:23:08 +0100 Subject: [PATCH 0078/1145] Remove use of ring::aead::Nonce type in common code --- rustls/src/cipher.rs | 23 +++++++++++++---------- rustls/src/tls12/cipher.rs | 6 +++--- rustls/src/tls13/mod.rs | 4 ++-- 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/rustls/src/cipher.rs b/rustls/src/cipher.rs index b4cde3b9bb..cb77c95843 100644 --- a/rustls/src/cipher.rs +++ b/rustls/src/cipher.rs @@ -2,12 +2,11 @@ use crate::error::Error; use crate::msgs::codec; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; -use ring::{aead, hkdf}; +use ring::hkdf; /// Objects with this trait can decrypt TLS messages. pub trait MessageDecrypter: Send + Sync { /// Perform the decryption over the concerned TLS message. - fn decrypt(&self, m: OpaqueMessage, seq: u64) -> Result; } @@ -30,24 +29,24 @@ impl dyn MessageDecrypter { /// A write or read IV. #[derive(Default)] -pub(crate) struct Iv(pub(crate) [u8; ring::aead::NONCE_LEN]); +pub(crate) struct Iv(pub(crate) [u8; NONCE_LEN]); impl Iv { #[cfg(feature = "tls12")] - fn new(value: [u8; ring::aead::NONCE_LEN]) -> Self { + fn new(value: [u8; NONCE_LEN]) -> Self { Self(value) } #[cfg(feature = "tls12")] pub(crate) fn copy(value: &[u8]) -> Self { - debug_assert_eq!(value.len(), ring::aead::NONCE_LEN); + debug_assert_eq!(value.len(), NONCE_LEN); let mut iv = Self::new(Default::default()); iv.0.copy_from_slice(value); iv } #[cfg(test)] - pub(crate) fn value(&self) -> &[u8; 12] { + pub(crate) fn value(&self) -> &[u8; NONCE_LEN] { &self.0 } } @@ -56,7 +55,7 @@ pub(crate) struct IvLen; impl hkdf::KeyType for IvLen { fn len(&self) -> usize { - aead::NONCE_LEN + NONCE_LEN } } @@ -68,8 +67,8 @@ impl From> for Iv { } } -pub(crate) fn make_nonce(iv: &Iv, seq: u64) -> ring::aead::Nonce { - let mut nonce = [0u8; ring::aead::NONCE_LEN]; +pub(crate) fn make_nonce(iv: &Iv, seq: u64) -> [u8; NONCE_LEN] { + let mut nonce = [0u8; NONCE_LEN]; codec::put_u64(seq, &mut nonce[4..]); nonce @@ -79,9 +78,13 @@ pub(crate) fn make_nonce(iv: &Iv, seq: u64) -> ring::aead::Nonce { *nonce ^= *iv; }); - aead::Nonce::assume_unique_for_key(nonce) + nonce } +/// Size of TLS nonces (incorrectly termed "IV" in standard) for all supported ciphersuites +/// (AES-GCM, Chacha20Poly1305) +const NONCE_LEN: usize = 12; + /// A `MessageEncrypter` which doesn't work. struct InvalidMessageEncrypter {} diff --git a/rustls/src/tls12/cipher.rs b/rustls/src/tls12/cipher.rs index 862252125b..9d60e09c3c 100644 --- a/rustls/src/tls12/cipher.rs +++ b/rustls/src/tls12/cipher.rs @@ -144,7 +144,7 @@ impl MessageDecrypter for GcmMessageDecrypter { impl MessageEncrypter for GcmMessageEncrypter { fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { - let nonce = make_nonce(&self.iv, seq); + let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.iv, seq)); let aad = make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len()); let total_len = msg.payload.len() + self.enc_key.algorithm().tag_len(); @@ -191,7 +191,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { return Err(Error::DecryptError); } - let nonce = make_nonce(&self.dec_offset, seq); + let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.dec_offset, seq)); let aad = make_tls12_aad( seq, msg.typ, @@ -216,7 +216,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { - let nonce = make_nonce(&self.enc_offset, seq); + let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.enc_offset, seq)); let aad = make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len()); let total_len = msg.payload.len() + self.enc_key.algorithm().tag_len(); diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index a9643333cd..29ba1a5839 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -150,7 +150,7 @@ impl MessageEncrypter for Tls13MessageEncrypter { payload.extend_from_slice(msg.payload); msg.typ.encode(&mut payload); - let nonce = make_nonce(&self.iv, seq); + let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.iv, seq)); let aad = make_tls13_aad(total_len); self.enc_key @@ -172,7 +172,7 @@ impl MessageDecrypter for Tls13MessageDecrypter { return Err(Error::DecryptError); } - let nonce = make_nonce(&self.iv, seq); + let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.iv, seq)); let aad = make_tls13_aad(payload.len()); let plain_len = self .dec_key From 5700085a3ade519193d96a85b1eb90379324a837 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 11 Aug 2023 12:01:10 +0100 Subject: [PATCH 0079/1145] Prepare for crypto::ring to grow --- rustls/src/crypto/{ring.rs => ring/mod.rs} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename rustls/src/crypto/{ring.rs => ring/mod.rs} (100%) diff --git a/rustls/src/crypto/ring.rs b/rustls/src/crypto/ring/mod.rs similarity index 100% rename from rustls/src/crypto/ring.rs rename to rustls/src/crypto/ring/mod.rs From 9fab87af0cb360115ccd4007b14d0a1e71ce19ae Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 11 Aug 2023 16:57:19 +0100 Subject: [PATCH 0080/1145] Move aead_algorithm from `CipherSuiteCommon` in parent This means subsequent commits can remove this per-version. --- rustls/src/quic.rs | 2 +- rustls/src/suites.rs | 2 -- rustls/src/tls12/mod.rs | 24 ++++++++++++------------ rustls/src/tls13/key_schedule.rs | 6 +++--- rustls/src/tls13/mod.rs | 7 ++++--- 5 files changed, 20 insertions(+), 21 deletions(-) diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 18d3d7d546..961c2ef242 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -651,7 +651,7 @@ impl PacketKey { Self { key: aead::LessSafeKey::new(hkdf_expand( secret, - suite.common.aead_algorithm, + suite.aead_algorithm, version.packet_key_label(), &[], )), diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 88282dd9a3..6312cac6ac 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -43,8 +43,6 @@ pub struct CipherSuiteCommon { /// How to do bulk encryption. pub bulk: BulkAlgorithm, - - pub(crate) aead_algorithm: &'static ring::aead::Algorithm, } /// A cipher suite supported by rustls. diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 3c4e5fee11..99679d8b49 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -26,13 +26,13 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, bulk: BulkAlgorithm::Chacha20Poly1305, - aead_algorithm: &ring::aead::CHACHA20_POLY1305, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, fixed_iv_len: 12, explicit_nonce_len: 0, aead_alg: &ChaCha20Poly1305, + aead_algorithm: &ring::aead::CHACHA20_POLY1305, hmac_algorithm: ring::hmac::HMAC_SHA256, }); @@ -42,13 +42,13 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, bulk: BulkAlgorithm::Chacha20Poly1305, - aead_algorithm: &ring::aead::CHACHA20_POLY1305, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, fixed_iv_len: 12, explicit_nonce_len: 0, aead_alg: &ChaCha20Poly1305, + aead_algorithm: &ring::aead::CHACHA20_POLY1305, hmac_algorithm: ring::hmac::HMAC_SHA256, }); @@ -58,13 +58,13 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, bulk: BulkAlgorithm::Aes128Gcm, - aead_algorithm: &ring::aead::AES_128_GCM, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, fixed_iv_len: 4, explicit_nonce_len: 8, aead_alg: &AesGcm, + aead_algorithm: &ring::aead::AES_128_GCM, hmac_algorithm: ring::hmac::HMAC_SHA256, }); @@ -74,13 +74,13 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, bulk: BulkAlgorithm::Aes256Gcm, - aead_algorithm: &ring::aead::AES_256_GCM, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, fixed_iv_len: 4, explicit_nonce_len: 8, aead_alg: &AesGcm, + aead_algorithm: &ring::aead::AES_256_GCM, hmac_algorithm: ring::hmac::HMAC_SHA384, }); @@ -90,13 +90,13 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, bulk: BulkAlgorithm::Aes128Gcm, - aead_algorithm: &ring::aead::AES_128_GCM, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, fixed_iv_len: 4, explicit_nonce_len: 8, aead_alg: &AesGcm, + aead_algorithm: &ring::aead::AES_128_GCM, hmac_algorithm: ring::hmac::HMAC_SHA256, }); @@ -106,13 +106,13 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, bulk: BulkAlgorithm::Aes256Gcm, - aead_algorithm: &ring::aead::AES_256_GCM, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, fixed_iv_len: 4, explicit_nonce_len: 8, aead_alg: &AesGcm, + aead_algorithm: &ring::aead::AES_256_GCM, hmac_algorithm: ring::hmac::HMAC_SHA384, }); @@ -156,6 +156,8 @@ pub struct Tls12CipherSuite { pub explicit_nonce_len: usize, pub(crate) aead_alg: &'static dyn Tls12AeadAlgorithm, + + pub(crate) aead_algorithm: &'static ring::aead::Algorithm, } impl Tls12CipherSuite { @@ -274,10 +276,9 @@ impl ConnectionSecrets { let key_block = self.make_key_block(); let suite = self.suite; - let scs = &suite.common; - let (client_write_key, key_block) = split_key(&key_block, scs.aead_algorithm); - let (server_write_key, key_block) = split_key(key_block, scs.aead_algorithm); + let (client_write_key, key_block) = split_key(&key_block, suite.aead_algorithm); + let (server_write_key, key_block) = split_key(key_block, suite.aead_algorithm); let (client_write_iv, key_block) = key_block.split_at(suite.fixed_iv_len); let (server_write_iv, extra) = key_block.split_at(suite.fixed_iv_len); @@ -308,10 +309,9 @@ impl ConnectionSecrets { fn make_key_block(&self) -> Vec { let suite = &self.suite; - let common = &self.suite.common; let len = - (common.aead_algorithm.key_len() + suite.fixed_iv_len) * 2 + suite.explicit_nonce_len; + (suite.aead_algorithm.key_len() + suite.fixed_iv_len) * 2 + suite.explicit_nonce_len; let mut out = vec![0u8; len]; @@ -390,7 +390,7 @@ impl ConnectionSecrets { let key_block = self.make_key_block(); let suite = self.suite; - let algo = suite.common.aead_algorithm; + let algo = suite.aead_algorithm; let (client_key, key_block) = key_block.split_at(algo.key_len()); let (server_key, key_block) = key_block.split_at(algo.key_len()); diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index b3cadf0dd7..0c85c2dcb3 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -534,7 +534,7 @@ impl KeyScheduleTraffic { let client_secrets; let server_secrets; - let algo = self.ks.suite.common.aead_algorithm; + let algo = self.ks.suite.aead_algorithm; if algo == &ring::aead::AES_128_GCM { let extract = |secret: &hkdf::Prk| -> Result { let (key, iv_in) = expand::<16, 12>(secret)?; @@ -599,7 +599,7 @@ impl KeySchedule { } fn set_encrypter(&self, secret: &hkdf::Prk, common: &mut CommonState) { - let key = derive_traffic_key(secret, self.suite.common.aead_algorithm); + let key = derive_traffic_key(secret, self.suite.aead_algorithm); let iv = derive_traffic_iv(secret); common @@ -617,7 +617,7 @@ impl KeySchedule { } fn derive_decrypter(&self, secret: &hkdf::Prk) -> Box { - let key = derive_traffic_key(secret, self.suite.common.aead_algorithm); + let key = derive_traffic_key(secret, self.suite.aead_algorithm); let iv = derive_traffic_iv(secret); Box::new(Tls13MessageDecrypter { dec_key: aead::LessSafeKey::new(key), diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 29ba1a5839..4e6e8edb17 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -23,13 +23,13 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & common: CipherSuiteCommon { suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, bulk: BulkAlgorithm::Chacha20Poly1305, - aead_algorithm: &ring::aead::CHACHA20_POLY1305, }, hkdf_algorithm: ring::hkdf::HKDF_SHA256, #[cfg(feature = "quic")] confidentiality_limit: u64::MAX, #[cfg(feature = "quic")] integrity_limit: 1 << 36, + aead_algorithm: &ring::aead::CHACHA20_POLY1305, }; /// The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384 @@ -38,13 +38,13 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_256_GCM_SHA384, bulk: BulkAlgorithm::Aes256Gcm, - aead_algorithm: &ring::aead::AES_256_GCM, }, hkdf_algorithm: ring::hkdf::HKDF_SHA384, #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, #[cfg(feature = "quic")] integrity_limit: 1 << 52, + aead_algorithm: &ring::aead::AES_256_GCM, }); /// The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256 @@ -55,13 +55,13 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_128_GCM_SHA256, bulk: BulkAlgorithm::Aes128Gcm, - aead_algorithm: &ring::aead::AES_128_GCM, }, hkdf_algorithm: ring::hkdf::HKDF_SHA256, #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, #[cfg(feature = "quic")] integrity_limit: 1 << 52, + aead_algorithm: &ring::aead::AES_128_GCM, }; /// A TLS 1.3 cipher suite supported by rustls. @@ -73,6 +73,7 @@ pub struct Tls13CipherSuite { pub(crate) confidentiality_limit: u64, #[cfg(feature = "quic")] pub(crate) integrity_limit: u64, + pub(crate) aead_algorithm: &'static ring::aead::Algorithm, } impl Tls13CipherSuite { From 0592d34ebadc8c2c0ec5170eeb47473a1f93079a Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 13 Jun 2023 15:12:46 +0100 Subject: [PATCH 0081/1145] tls12: push ring::aead-specifics into cipher.rs This means (limited to TLS1.2 and bulk encryption so far) no *ring* types appear in a Tls12CipherSuite -- all the details are hidden behind implementors of `Tls12AeadAlgorithm`. `Tls12AeadAlgorithm` now knows its key block usage (so different ones are needed for aes-128-gcm vs aes-256-gcm). --- rustls/src/tls12/cipher.rs | 82 ++++++++++++++++++++++++--------- rustls/src/tls12/mod.rs | 92 ++++++++++++-------------------------- 2 files changed, 90 insertions(+), 84 deletions(-) diff --git a/rustls/src/tls12/cipher.rs b/rustls/src/tls12/cipher.rs index 9d60e09c3c..25e3c7eafa 100644 --- a/rustls/src/tls12/cipher.rs +++ b/rustls/src/tls12/cipher.rs @@ -25,10 +25,15 @@ fn make_tls12_aad( ring::aead::Aad::from(out) } -pub(crate) struct AesGcm; +pub(crate) static AES128_GCM: GcmAlgorithm = GcmAlgorithm(&aead::AES_128_GCM); +pub(crate) static AES256_GCM: GcmAlgorithm = GcmAlgorithm(&aead::AES_256_GCM); + +pub(crate) struct GcmAlgorithm(&'static aead::Algorithm); + +impl Tls12AeadAlgorithm for GcmAlgorithm { + fn decrypter(&self, dec_key: &[u8], dec_iv: &[u8]) -> Box { + let dec_key = aead::LessSafeKey::new(aead::UnboundKey::new(self.0, dec_key).unwrap()); -impl Tls12AeadAlgorithm for AesGcm { - fn decrypter(&self, dec_key: aead::LessSafeKey, dec_iv: &[u8]) -> Box { let mut ret = GcmMessageDecrypter { dec_key, dec_salt: [0u8; 4], @@ -41,13 +46,15 @@ impl Tls12AeadAlgorithm for AesGcm { fn encrypter( &self, - enc_key: aead::LessSafeKey, + enc_key: &[u8], write_iv: &[u8], explicit: &[u8], ) -> Box { debug_assert_eq!(write_iv.len(), 4); debug_assert_eq!(explicit.len(), 8); + let enc_key = aead::LessSafeKey::new(aead::UnboundKey::new(self.0, enc_key).unwrap()); + // The GCM nonce is constructed from a 32-bit 'salt' derived // from the master-secret, and a 64-bit explicit part, // with no specified construction. Thanks for that. @@ -61,39 +68,46 @@ impl Tls12AeadAlgorithm for AesGcm { Box::new(GcmMessageEncrypter { enc_key, iv }) } + + fn key_block_shape(&self) -> KeyBlockShape { + KeyBlockShape { + enc_key_len: self.0.key_len(), + fixed_iv_len: 4, + explicit_nonce_len: 8, + } + } } pub(crate) struct ChaCha20Poly1305; impl Tls12AeadAlgorithm for ChaCha20Poly1305 { - fn decrypter(&self, dec_key: aead::LessSafeKey, iv: &[u8]) -> Box { + fn decrypter(&self, dec_key: &[u8], iv: &[u8]) -> Box { + let dec_key = aead::LessSafeKey::new( + aead::UnboundKey::new(&aead::CHACHA20_POLY1305, dec_key).unwrap(), + ); Box::new(ChaCha20Poly1305MessageDecrypter { dec_key, dec_offset: Iv::copy(iv), }) } - fn encrypter( - &self, - enc_key: aead::LessSafeKey, - enc_iv: &[u8], - _: &[u8], - ) -> Box { + fn encrypter(&self, enc_key: &[u8], enc_iv: &[u8], _: &[u8]) -> Box { + let enc_key = aead::LessSafeKey::new( + aead::UnboundKey::new(&aead::CHACHA20_POLY1305, enc_key).unwrap(), + ); Box::new(ChaCha20Poly1305MessageEncrypter { enc_key, enc_offset: Iv::copy(enc_iv), }) } -} -pub(crate) trait Tls12AeadAlgorithm: Send + Sync + 'static { - fn decrypter(&self, key: aead::LessSafeKey, iv: &[u8]) -> Box; - fn encrypter( - &self, - key: aead::LessSafeKey, - iv: &[u8], - extra: &[u8], - ) -> Box; + fn key_block_shape(&self) -> KeyBlockShape { + KeyBlockShape { + enc_key_len: 32, + fixed_iv_len: 12, + explicit_nonce_len: 0, + } + } } /// A `MessageEncrypter` for AES-GCM AEAD ciphersuites. TLS 1.2 only. @@ -234,3 +248,31 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { }) } } + +pub(crate) trait Tls12AeadAlgorithm: Send + Sync + 'static { + fn decrypter(&self, key: &[u8], iv: &[u8]) -> Box; + fn encrypter(&self, key: &[u8], iv: &[u8], extra: &[u8]) -> Box; + fn key_block_shape(&self) -> KeyBlockShape; +} + +/// How a TLS1.2 `key_block` is partitioned. +/// +/// nb. ciphersuites with non-zero `mac_key_length` not currently supported +pub(crate) struct KeyBlockShape { + /// How long keys are. + /// + /// `enc_key_len` terminology is from the standard. + pub(crate) enc_key_len: usize, + + /// How long the fixed part of the 'IV' is. + /// + /// This isn't usually an IV, but we continue the + /// terminology misuse to match the standard. + pub(crate) fixed_iv_len: usize, + + /// This is a non-standard extension which extends the + /// key block to provide an initial explicit nonce offset, + /// in a deterministic and safe way. GCM needs this, + /// chacha20poly1305 works this way by design. + pub(crate) explicit_nonce_len: usize, +} diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 99679d8b49..5e67a7621d 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -10,13 +10,12 @@ use crate::suites::{BulkAlgorithm, CipherSuiteCommon, SupportedCipherSuite}; #[cfg(feature = "secret_extraction")] use crate::suites::{ConnectionTrafficSecrets, PartiallyExtractedSecrets}; -use ring::aead; use ring::digest::Digest; use core::fmt; mod cipher; -pub(crate) use cipher::{AesGcm, ChaCha20Poly1305, Tls12AeadAlgorithm}; +pub(crate) use cipher::{ChaCha20Poly1305, Tls12AeadAlgorithm, AES128_GCM, AES256_GCM}; mod prf; @@ -29,10 +28,8 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, - fixed_iv_len: 12, - explicit_nonce_len: 0, aead_alg: &ChaCha20Poly1305, - aead_algorithm: &ring::aead::CHACHA20_POLY1305, + aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::CHACHA20_POLY1305, hmac_algorithm: ring::hmac::HMAC_SHA256, }); @@ -45,10 +42,8 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, - fixed_iv_len: 12, - explicit_nonce_len: 0, aead_alg: &ChaCha20Poly1305, - aead_algorithm: &ring::aead::CHACHA20_POLY1305, + aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::CHACHA20_POLY1305, hmac_algorithm: ring::hmac::HMAC_SHA256, }); @@ -61,10 +56,8 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, - fixed_iv_len: 4, - explicit_nonce_len: 8, - aead_alg: &AesGcm, - aead_algorithm: &ring::aead::AES_128_GCM, + aead_alg: &AES128_GCM, + aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_128_GCM, hmac_algorithm: ring::hmac::HMAC_SHA256, }); @@ -77,10 +70,8 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, - fixed_iv_len: 4, - explicit_nonce_len: 8, - aead_alg: &AesGcm, - aead_algorithm: &ring::aead::AES_256_GCM, + aead_alg: &AES256_GCM, + aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_256_GCM, hmac_algorithm: ring::hmac::HMAC_SHA384, }); @@ -93,10 +84,8 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, - fixed_iv_len: 4, - explicit_nonce_len: 8, - aead_alg: &AesGcm, - aead_algorithm: &ring::aead::AES_128_GCM, + aead_alg: &AES128_GCM, + aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_128_GCM, hmac_algorithm: ring::hmac::HMAC_SHA256, }); @@ -109,10 +98,8 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, - fixed_iv_len: 4, - explicit_nonce_len: 8, - aead_alg: &AesGcm, - aead_algorithm: &ring::aead::AES_256_GCM, + aead_alg: &AES256_GCM, + aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_256_GCM, hmac_algorithm: ring::hmac::HMAC_SHA384, }); @@ -143,21 +130,9 @@ pub struct Tls12CipherSuite { /// How to sign messages for authentication. pub sign: &'static [SignatureScheme], - /// How long the fixed part of the 'IV' is. - /// - /// This isn't usually an IV, but we continue the - /// terminology misuse to match the standard. - pub fixed_iv_len: usize, - - /// This is a non-standard extension which extends the - /// key block to provide an initial explicit nonce offset, - /// in a deterministic and safe way. GCM needs this, - /// chacha20poly1305 works this way by design. - pub explicit_nonce_len: usize, + pub(crate) aead_algorithm_only_for_extract_secrets_fixme: &'static ring::aead::Algorithm, pub(crate) aead_alg: &'static dyn Tls12AeadAlgorithm, - - pub(crate) aead_algorithm: &'static ring::aead::Algorithm, } impl Tls12CipherSuite { @@ -257,30 +232,18 @@ impl ConnectionSecrets { ret } - /// Make a `MessageCipherPair` based on the given supported ciphersuite `scs`, + /// Make a `MessageCipherPair` based on the given supported ciphersuite `self.suite`, /// and the session's `secrets`. pub(crate) fn make_cipher_pair(&self, side: Side) -> MessageCipherPair { - fn split_key<'a>( - key_block: &'a [u8], - alg: &'static aead::Algorithm, - ) -> (aead::LessSafeKey, &'a [u8]) { - // Might panic if the key block is too small. - let (key, rest) = key_block.split_at(alg.key_len()); - // Won't panic because its only prerequisite is that `key` is `alg.key_len()` bytes long. - let key = aead::UnboundKey::new(alg, key).unwrap(); - (aead::LessSafeKey::new(key), rest) - } - // Make a key block, and chop it up. // nb. we don't implement any ciphersuites with nonzero mac_key_len. let key_block = self.make_key_block(); + let shape = self.suite.aead_alg.key_block_shape(); - let suite = self.suite; - - let (client_write_key, key_block) = split_key(&key_block, suite.aead_algorithm); - let (server_write_key, key_block) = split_key(key_block, suite.aead_algorithm); - let (client_write_iv, key_block) = key_block.split_at(suite.fixed_iv_len); - let (server_write_iv, extra) = key_block.split_at(suite.fixed_iv_len); + let (client_write_key, key_block) = key_block.split_at(shape.enc_key_len); + let (server_write_key, key_block) = key_block.split_at(shape.enc_key_len); + let (client_write_iv, key_block) = key_block.split_at(shape.fixed_iv_len); + let (server_write_iv, extra) = key_block.split_at(shape.fixed_iv_len); let (write_key, write_iv, read_key, read_iv) = match side { Side::Client => ( @@ -298,20 +261,19 @@ impl ConnectionSecrets { }; ( - suite + self.suite .aead_alg .decrypter(read_key, read_iv), - suite + self.suite .aead_alg .encrypter(write_key, write_iv, extra), ) } fn make_key_block(&self) -> Vec { - let suite = &self.suite; + let shape = self.suite.aead_alg.key_block_shape(); - let len = - (suite.aead_algorithm.key_len() + suite.fixed_iv_len) * 2 + suite.explicit_nonce_len; + let len = (shape.enc_key_len + shape.fixed_iv_len) * 2 + shape.explicit_nonce_len; let mut out = vec![0u8; len]; @@ -388,14 +350,16 @@ impl ConnectionSecrets { pub(crate) fn extract_secrets(&self, side: Side) -> Result { // Make a key block, and chop it up let key_block = self.make_key_block(); + let shape = self.suite.aead_alg.key_block_shape(); - let suite = self.suite; - let algo = suite.aead_algorithm; + let algo = self + .suite + .aead_algorithm_only_for_extract_secrets_fixme; let (client_key, key_block) = key_block.split_at(algo.key_len()); let (server_key, key_block) = key_block.split_at(algo.key_len()); - let (client_iv, key_block) = key_block.split_at(suite.fixed_iv_len); - let (server_iv, extra) = key_block.split_at(suite.fixed_iv_len); + let (client_iv, key_block) = key_block.split_at(shape.fixed_iv_len); + let (server_iv, extra) = key_block.split_at(shape.fixed_iv_len); // A key/IV pair (fixed IV len is 4 for GCM, 12 for Chacha) struct Pair<'a> { From ea2e846e2a59b992bbe83ae60f787261debd5cf0 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 13 Jun 2023 15:43:43 +0100 Subject: [PATCH 0082/1145] Move cipher.rs to new crypto module The intention is to delineate interfaces to be implemented by pluggable crypto providers. --- rustls/src/{ => crypto}/cipher.rs | 0 rustls/src/crypto/mod.rs | 3 +++ rustls/src/lib.rs | 3 +-- rustls/src/quic.rs | 2 +- rustls/src/record_layer.rs | 2 +- rustls/src/tls12/cipher.rs | 2 +- rustls/src/tls12/mod.rs | 2 +- rustls/src/tls13/key_schedule.rs | 2 +- rustls/src/tls13/mod.rs | 2 +- 9 files changed, 10 insertions(+), 8 deletions(-) rename rustls/src/{ => crypto}/cipher.rs (100%) diff --git a/rustls/src/cipher.rs b/rustls/src/crypto/cipher.rs similarity index 100% rename from rustls/src/cipher.rs rename to rustls/src/crypto/cipher.rs diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 337eb693f8..56cc9a2052 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -5,6 +5,9 @@ use core::fmt::Debug; /// *ring* based CryptoProvider. pub mod ring; +/// TLS message encryption/decryption interfaces. +pub mod cipher; + pub use crate::rand::GetRandomFailed; pub use crate::msgs::handshake::KeyExchangeAlgorithm; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 44d193f14c..60a5cf37c3 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -324,7 +324,6 @@ mod log { #[macro_use] mod msgs; -mod cipher; mod common_state; mod conn; /// Crypto provider interface. @@ -366,7 +365,7 @@ pub mod internal { } /// Low-level TLS message decryption functions. pub mod cipher { - pub use crate::cipher::MessageDecrypter; + pub use crate::crypto::cipher::MessageDecrypter; } /// Low-level TLS record layer functions. pub mod record_layer { diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 961c2ef242..488c7e858b 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -1,8 +1,8 @@ /// This module contains optional APIs for implementing QUIC TLS. -use crate::cipher::{Iv, IvLen}; use crate::client::{ClientConfig, ClientConnectionData, ServerName}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, SideData}; +use crate::crypto::cipher::{Iv, IvLen}; use crate::crypto::CryptoProvider; use crate::enums::{AlertDescription, ProtocolVersion}; use crate::error::Error; diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index 7dece34d50..f46d051f47 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -1,4 +1,4 @@ -use crate::cipher::{MessageDecrypter, MessageEncrypter}; +use crate::crypto::cipher::{MessageDecrypter, MessageEncrypter}; use crate::error::Error; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; diff --git a/rustls/src/tls12/cipher.rs b/rustls/src/tls12/cipher.rs index 25e3c7eafa..86deab7ed0 100644 --- a/rustls/src/tls12/cipher.rs +++ b/rustls/src/tls12/cipher.rs @@ -1,4 +1,4 @@ -use crate::cipher::{make_nonce, Iv, MessageDecrypter, MessageEncrypter}; +use crate::crypto::cipher::{make_nonce, Iv, MessageDecrypter, MessageEncrypter}; use crate::enums::ContentType; use crate::enums::ProtocolVersion; use crate::error::Error; diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 5e67a7621d..d92304a4c4 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -1,7 +1,7 @@ -use crate::cipher::{MessageDecrypter, MessageEncrypter}; use crate::common_state::{CommonState, Side}; use crate::conn::ConnectionRandoms; use crate::crypto; +use crate::crypto::cipher::{MessageDecrypter, MessageEncrypter}; use crate::enums::{AlertDescription, CipherSuite, SignatureScheme}; use crate::error::{Error, InvalidMessage}; use crate::msgs::codec::{Codec, Reader}; diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 0c85c2dcb3..6529d84fec 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -1,5 +1,5 @@ -use crate::cipher::{Iv, IvLen, MessageDecrypter}; use crate::common_state::{CommonState, Side}; +use crate::crypto::cipher::{Iv, IvLen, MessageDecrypter}; use crate::error::Error; use crate::msgs::base::PayloadU8; #[cfg(feature = "quic")] diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 4e6e8edb17..0b0c1ae0ee 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -1,4 +1,4 @@ -use crate::cipher::{make_nonce, Iv, MessageDecrypter, MessageEncrypter}; +use crate::crypto::cipher::{make_nonce, Iv, MessageDecrypter, MessageEncrypter}; use crate::enums::ContentType; use crate::enums::{CipherSuite, ProtocolVersion}; use crate::error::{Error, PeerMisbehaved}; From c994e8267de40c6b4bf705ff8890f417501575c2 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 13 Jun 2023 16:11:19 +0100 Subject: [PATCH 0083/1145] Add crypto::hmac interface and use it for TLS1.2 PRF --- rustls/src/crypto/hmac.rs | 58 ++++++++++++++++++++++++++++++++ rustls/src/crypto/mod.rs | 3 ++ rustls/src/crypto/ring/hmac.rs | 48 ++++++++++++++++++++++++++ rustls/src/crypto/ring/mod.rs | 2 ++ rustls/src/tls12/mod.rs | 32 +++++++++++++----- rustls/src/tls12/prf.rs | 61 +++++++++++++++++----------------- 6 files changed, 165 insertions(+), 39 deletions(-) create mode 100644 rustls/src/crypto/hmac.rs create mode 100644 rustls/src/crypto/ring/hmac.rs diff --git a/rustls/src/crypto/hmac.rs b/rustls/src/crypto/hmac.rs new file mode 100644 index 0000000000..6e35a7b850 --- /dev/null +++ b/rustls/src/crypto/hmac.rs @@ -0,0 +1,58 @@ +/// A concrete HMAC implementation, for a single cryptographic hash function. +/// +/// You should have one object that implements this trait for HMAC-SHA256, another +/// for HMAC-SHA384, etc. +pub trait Hmac: Send + Sync { + /// Prepare to use `key` as a HMAC key. + fn with_key(&self, key: &[u8]) -> Box; + + /// Give the length of the underlying hash function. In RFC2104 terminology this is `L`. + fn hash_output_len(&self) -> usize; +} + +/// A HMAC tag, stored as a value. +#[derive(Clone)] +pub struct Tag { + buf: [u8; Self::MAX_LEN], + used: usize, +} + +impl Tag { + /// Build a tag by copying a byte slice. + /// + /// The slice can be up to `Tag::MAX_LEN` bytes in length. + pub fn new(bytes: &[u8]) -> Self { + let mut tag = Self { + buf: [0u8; Self::MAX_LEN], + used: bytes.len(), + }; + tag.buf[..bytes.len()].copy_from_slice(bytes); + tag + } + + /// Maximum supported HMAC tag size: supports up to SHA512. + const MAX_LEN: usize = 64; +} + +impl AsRef<[u8]> for Tag { + fn as_ref(&self) -> &[u8] { + &self.buf[..self.used] + } +} + +/// A HMAC key that is ready for use. +/// +/// The algorithm used is implicit in the `Hmac` object that produced the key. +pub trait Key: Send + Sync { + /// Calculates a tag over `data` -- a slice of byte slices. + fn sign(&self, data: &[&[u8]]) -> Tag { + self.sign_concat(&[], data, &[]) + } + + /// Calculates a tag over the concatenation of `first`, the items in `middle`, and `last`. + fn sign_concat(&self, first: &[u8], middle: &[&[u8]], last: &[u8]) -> Tag; + + /// Returns the length of the tag returned by a computation using + /// this key. + fn tag_len(&self) -> usize; +} diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 56cc9a2052..e0f8bade1a 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -8,6 +8,9 @@ pub mod ring; /// TLS message encryption/decryption interfaces. pub mod cipher; +/// HMAC interfaces. +pub mod hmac; + pub use crate::rand::GetRandomFailed; pub use crate::msgs::handshake::KeyExchangeAlgorithm; diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs new file mode 100644 index 0000000000..c404f8620e --- /dev/null +++ b/rustls/src/crypto/ring/hmac.rs @@ -0,0 +1,48 @@ +use crate::crypto; +use ring; + +#[cfg(feature = "tls12")] +pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring::hmac::HMAC_SHA256); +#[cfg(feature = "tls12")] +pub(crate) static HMAC_SHA384: Hmac = Hmac(&ring::hmac::HMAC_SHA384); +#[cfg(test)] +pub(crate) static HMAC_SHA512: Hmac = Hmac(&ring::hmac::HMAC_SHA512); + +pub(crate) struct Hmac(&'static ring::hmac::Algorithm); + +impl crypto::hmac::Hmac for Hmac { + fn with_key(&self, key: &[u8]) -> Box { + Box::new(Key(ring::hmac::Key::new(*self.0, key))) + } + + fn hash_output_len(&self) -> usize { + self.0.digest_algorithm().output_len + } +} + +struct Key(ring::hmac::Key); + +impl crypto::hmac::Key for Key { + fn sign_concat(&self, first: &[u8], middle: &[&[u8]], last: &[u8]) -> crypto::hmac::Tag { + let mut ctx = ring::hmac::Context::with_key(&self.0); + ctx.update(first); + for d in middle { + ctx.update(d); + } + ctx.update(last); + ctx.sign().into() + } + + fn tag_len(&self) -> usize { + self.0 + .algorithm() + .digest_algorithm() + .output_len + } +} + +impl From for crypto::hmac::Tag { + fn from(val: ring::hmac::Tag) -> Self { + Self::new(val.as_ref()) + } +} diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 6dd98527cb..cb4d7277c3 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -11,6 +11,8 @@ use ring::rand::{SecureRandom, SystemRandom}; use alloc::sync::Arc; use core::fmt; +pub(crate) mod hmac; + /// Default crypto provider. #[derive(Debug)] pub struct Ring; diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index d92304a4c4..7d38239b91 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -31,6 +31,7 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = aead_alg: &ChaCha20Poly1305, aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::CHACHA20_POLY1305, hmac_algorithm: ring::hmac::HMAC_SHA256, + hmac_provider: &crypto::ring::hmac::HMAC_SHA256, }); /// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 @@ -45,6 +46,7 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = aead_alg: &ChaCha20Poly1305, aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::CHACHA20_POLY1305, hmac_algorithm: ring::hmac::HMAC_SHA256, + hmac_provider: &crypto::ring::hmac::HMAC_SHA256, }); /// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 @@ -59,6 +61,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = aead_alg: &AES128_GCM, aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_128_GCM, hmac_algorithm: ring::hmac::HMAC_SHA256, + hmac_provider: &crypto::ring::hmac::HMAC_SHA256, }); /// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 @@ -73,6 +76,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = aead_alg: &AES256_GCM, aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_256_GCM, hmac_algorithm: ring::hmac::HMAC_SHA384, + hmac_provider: &crypto::ring::hmac::HMAC_SHA384, }); /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 @@ -87,6 +91,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = aead_alg: &AES128_GCM, aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_128_GCM, hmac_algorithm: ring::hmac::HMAC_SHA256, + hmac_provider: &crypto::ring::hmac::HMAC_SHA256, }); /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 @@ -101,6 +106,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = aead_alg: &AES256_GCM, aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_256_GCM, hmac_algorithm: ring::hmac::HMAC_SHA384, + hmac_provider: &crypto::ring::hmac::HMAC_SHA384, }); static TLS12_ECDSA_SCHEMES: &[SignatureScheme] = &[ @@ -123,7 +129,12 @@ static TLS12_RSA_SCHEMES: &[SignatureScheme] = &[ pub struct Tls12CipherSuite { /// Common cipher suite fields. pub common: CipherSuiteCommon, + pub(crate) hmac_algorithm: ring::hmac::Algorithm, + + /// How to compute HMAC for the suite's hash function. + pub hmac_provider: &'static dyn crypto::hmac::Hmac, + /// How to exchange/agree keys. pub kx: KeyExchangeAlgorithm, @@ -206,8 +217,7 @@ impl ConnectionSecrets { kx.complete(peer_pub_key, |secret| { prf::prf( &mut ret.master_secret, - suite.hmac_algorithm, - secret, + &*suite.hmac_provider.with_key(secret), label.as_bytes(), seed.as_ref(), ); @@ -282,8 +292,10 @@ impl ConnectionSecrets { let randoms = join_randoms(&self.randoms.server, &self.randoms.client); prf::prf( &mut out, - self.suite.hmac_algorithm, - &self.master_secret, + &*self + .suite + .hmac_provider + .with_key(&self.master_secret), b"key expansion", &randoms, ); @@ -306,8 +318,10 @@ impl ConnectionSecrets { prf::prf( &mut out, - self.suite.hmac_algorithm, - &self.master_secret, + &*self + .suite + .hmac_provider + .with_key(&self.master_secret), label, handshake_hash.as_ref(), ); @@ -339,8 +353,10 @@ impl ConnectionSecrets { prf::prf( output, - self.suite.hmac_algorithm, - &self.master_secret, + &*self + .suite + .hmac_provider + .with_key(&self.master_secret), label, &randoms, ); diff --git a/rustls/src/tls12/prf.rs b/rustls/src/tls12/prf.rs index ab9d35a3b3..7c88793bef 100644 --- a/rustls/src/tls12/prf.rs +++ b/rustls/src/tls12/prf.rs @@ -1,43 +1,24 @@ -use ring::hmac; - -fn concat_sign(key: &hmac::Key, a: &[u8], b: &[u8]) -> hmac::Tag { - let mut ctx = hmac::Context::with_key(key); - ctx.update(a); - ctx.update(b); - ctx.sign() -} - -fn p(out: &mut [u8], alg: hmac::Algorithm, secret: &[u8], seed: &[u8]) { - let hmac_key = hmac::Key::new(alg, secret); +use crate::crypto; +pub(crate) fn prf(out: &mut [u8], hmac_key: &dyn crypto::hmac::Key, label: &[u8], seed: &[u8]) { // A(1) - let mut current_a = hmac::sign(&hmac_key, seed); - let chunk_size = alg.digest_algorithm().output_len; + let mut current_a = hmac_key.sign(&[label, seed]); + + let chunk_size = hmac_key.tag_len(); for chunk in out.chunks_mut(chunk_size) { // P_hash[i] = HMAC_hash(secret, A(i) + seed) - let p_term = concat_sign(&hmac_key, current_a.as_ref(), seed); + let p_term = hmac_key.sign(&[current_a.as_ref(), label, seed]); chunk.copy_from_slice(&p_term.as_ref()[..chunk.len()]); // A(i+1) = HMAC_hash(secret, A(i)) - current_a = hmac::sign(&hmac_key, current_a.as_ref()); + current_a = hmac_key.sign(&[current_a.as_ref()]); } } -fn concat(a: &[u8], b: &[u8]) -> Vec { - let mut ret = Vec::new(); - ret.extend_from_slice(a); - ret.extend_from_slice(b); - ret -} - -pub(crate) fn prf(out: &mut [u8], alg: hmac::Algorithm, secret: &[u8], label: &[u8], seed: &[u8]) { - let joined_seed = concat(label, seed); - p(out, alg, secret, &joined_seed); -} - #[cfg(test)] mod tests { - use ring::hmac::{HMAC_SHA256, HMAC_SHA512}; + use crate::crypto::hmac::Hmac; + use crate::crypto::ring; #[test] fn check_sha256() { @@ -47,7 +28,12 @@ mod tests { let expect = include_bytes!("../testdata/prf-result.1.bin"); let mut output = [0u8; 100]; - super::prf(&mut output, HMAC_SHA256, secret, label, seed); + super::prf( + &mut output, + &*ring::hmac::HMAC_SHA256.with_key(secret), + label, + seed, + ); assert_eq!(expect.len(), output.len()); assert_eq!(expect.to_vec(), output.to_vec()); } @@ -60,7 +46,12 @@ mod tests { let expect = include_bytes!("../testdata/prf-result.2.bin"); let mut output = [0u8; 196]; - super::prf(&mut output, HMAC_SHA512, secret, label, seed); + super::prf( + &mut output, + &*ring::hmac::HMAC_SHA512.with_key(secret), + label, + seed, + ); assert_eq!(expect.len(), output.len()); assert_eq!(expect.to_vec(), output.to_vec()); } @@ -70,13 +61,21 @@ mod tests { mod benchmarks { #[bench] fn bench_sha256(b: &mut test::Bencher) { + use crate::crypto::hmac::Hmac; + use crate::crypto::ring; + let label = &b"extended master secret"[..]; let seed = [0u8; 32]; let key = &b"secret"[..]; b.iter(|| { let mut out = [0u8; 48]; - super::prf(&mut out, ring::hmac::HMAC_SHA256, key, &label, &seed); + super::prf( + &mut out, + &*ring::hmac::HMAC_SHA256.with_key(key), + &label, + &seed, + ); test::black_box(out); }); } From 9330cd746c25c3df06ec34906c95d344279a5156 Mon Sep 17 00:00:00 2001 From: Dan Sover Date: Tue, 1 Aug 2023 15:00:41 -0400 Subject: [PATCH 0084/1145] docs: Add note on unsupported self-signed certificates This clarifies the rustls position on self-signed certificates. Users writing tests using rustls should be aware that a self-signed cert won't work as expected. Signed-off-by: Dan Sover --- README.md | 1 + rustls/src/lib.rs | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 55633058bc..d3178074c9 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,7 @@ rustls does not and will not support: * Compression. * Discrete-log Diffie-Hellman. * Automatic protocol version downgrade. +* Self-signed certificates. There are plenty of other libraries that provide these features should you need them. diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 60a5cf37c3..feabc5d4d1 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -48,6 +48,7 @@ //! * Compression. //! * Discrete-log Diffie-Hellman. //! * Automatic protocol version downgrade. +//! * Self-signed certificates. //! //! There are plenty of other libraries that provide these features should you //! need them. From 8778b7a3248dead023c190108fa8367f36d2997f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 15 Aug 2023 10:51:57 -0400 Subject: [PATCH 0085/1145] server: fix acceptor rustdoc typo. --- rustls/src/server/server_conn.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 13bcd8a79f..a274776b4b 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -517,7 +517,7 @@ impl From for crate::Connection { } } -/// Handle on a server-side connection before configuration is available. +/// Handle a server-side connection before configuration is available. /// /// `Acceptor` allows the caller to choose a [`ServerConfig`] after reading /// the [`ClientHello`] of an incoming connection. This is useful for servers From 6bdaf04e7af97821485da115b5436913fedea874 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 16 Aug 2023 10:45:31 -0400 Subject: [PATCH 0086/1145] examples: add server_acceptor example. This example has two main purposes: 1. It shows how to use the `Acceptor` API to customize a `ServerConfig` per-connection, possibly using information from the received `ClientHello`. 2. It shows how to load CRL information per-connection to ensure the freshest CRL content is used when validating client certificate revocation status. Additionally this example uses `rcgen` to generate its own test PKI, potentially being a helpful reference for folks that want to do similar without needing to manually construct certs with `openssl`. To simulate CRL updates this example program spawns a background thread that periodically replaces the CRL content, flipping back and forth between a CRL that lists the client certificate as revoked, and a CRL that has no revoked certificates. Using `tlsclient-mio` (or another TLS client program) with the generated client certificate/key you can observe the CRL updates happening by connecting to the server, waiting a little bit, and then connecting again. The result will differ based on the CRL update: ``` $ cargo run --bin tlsclient-mio -- --auth-certs ./client-cert.pem --auth-key ./client-key.pem --cafile ca-cert.pem --port 4443 --http localhost TLS error: AlertReceived(CertificateRevoked) Connection closed $ cargo run --bin tlsclient-mio -- --auth-certs ./client-cert.pem --auth-key ./client-key.pem --cafile ca-cert.pem --port 4443 --http localhost EOF Connection closed ``` --- Cargo.toml | 4 + examples/Cargo.toml | 1 + examples/src/bin/server_acceptor.rs | 356 ++++++++++++++++++++++++++++ 3 files changed, 361 insertions(+) create mode 100644 examples/src/bin/server_acceptor.rs diff --git a/Cargo.toml b/Cargo.toml index e43ca4def6..ea974b25a2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -7,3 +7,7 @@ members = [ ] exclude = ["admin/rustfmt"] resolver = "2" + +[patch.crates-io] +# TODO(XXX): Remove this once rcgen has cut a release w/ CRL support included. Only used in examples. +rcgen = { git = 'https://github.com/est31/rcgen.git' } diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 9b69cf1b1e..bea8aa8945 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -16,6 +16,7 @@ docopt = "~1.1" env_logger = "0.10" log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } +rcgen = { version = "0.11.1", features = ["pem"], default-features = false } rustls = { path = "../rustls", features = [ "logging" ]} rustls-pemfile = "1.0.3" serde = "1.0" diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs new file mode 100644 index 0000000000..43e475ca9e --- /dev/null +++ b/examples/src/bin/server_acceptor.rs @@ -0,0 +1,356 @@ +//! A TLS server that accepts connections using a custom `Acceptor`, demonstrating how fresh +//! CRL information can be retrieved per-client connection to use for revocation checking of +//! client certificates. +//! +//! For a more complete server demonstration, see `tlsserver-mio.rs`. +use std::fs::File; +use std::io::{Read, Write}; +use std::ops::Add; +use std::path::PathBuf; +use std::sync::Arc; +use std::time::Duration; +use std::{fs, thread}; + +use docopt::Docopt; +use serde_derive::Deserialize; + +use rustls::crypto::CryptoProvider; +use rustls::server::{ + Acceptor, ClientHello, ServerConfig, UnparsedCertRevocationList, WebPkiClientVerifier, +}; +use rustls::{Certificate, PrivateKey, RootCertStore}; + +fn main() { + let version = concat!( + env!("CARGO_PKG_NAME"), + ", version: ", + env!("CARGO_PKG_VERSION") + ) + .to_string(); + + let args: Args = Docopt::new(USAGE) + .map(|d| d.help(true)) + .map(|d| d.version(Some(version))) + .and_then(|d| d.deserialize()) + .unwrap_or_else(|e| e.exit()); + + if args.flag_verbose { + env_logger::Builder::new() + .parse_filters("trace") + .init(); + } + + let write_pem = |path: &str, pem: &str| { + let mut file = File::create(path).unwrap(); + file.write_all(pem.as_bytes()).unwrap(); + }; + + // Create a test PKI with: + // * An issuing CA certificate. + // * A server certificate issued by the CA. + // * A client certificate issued by the CA. + let test_pki = Arc::new(TestPki::new()); + + // Write out the parts of the test PKI a client will need to connect: + // * The CA certificate for validating the server certificate. + // * The client certificate and key for its presented mTLS identity. + write_pem( + &args + .flag_ca_path + .unwrap_or("ca-cert.pem".to_string()), + &test_pki + .ca_cert + .serialize_pem() + .unwrap(), + ); + write_pem( + &args + .flag_client_cert_path + .unwrap_or("client-cert.pem".to_string()), + &test_pki + .client_cert + .serialize_pem_with_signer(&test_pki.ca_cert) + .unwrap(), + ); + write_pem( + &args + .flag_client_key_path + .unwrap_or("client-key.pem".to_string()), + &test_pki + .client_cert + .serialize_private_key_pem(), + ); + + // Write out an initial DER CRL that has no revoked certificates. + let update_seconds = args + .flag_crl_update_seconds + .unwrap_or(5); + let crl_path = args + .flag_crl_path + .unwrap_or("crl.der".to_string()); + let mut crl_der = File::create(crl_path.clone()).unwrap(); + crl_der + .write_all(&test_pki.crl(Vec::default(), update_seconds)) + .unwrap(); + + // Spawn a thread that will periodically update the CRL. In a real server you would + // fetch fresh CRLs from a distribution point, or somehow update the CRLs on disk. + // + // For this demo we spawn a thread that flips between writing a CRL that lists the client + // certificate as revoked and a CRL that has no revoked certificates. + let crl_updater = CRLUpdater { + sleep_duration: Duration::from_secs(update_seconds), + crl_path: PathBuf::from(crl_path.clone()), + pki: test_pki.clone(), + }; + thread::spawn(move || crl_updater.run()); + + // Start a TLS server accepting connections as they arrive. + let listener = + std::net::TcpListener::bind(format!("[::]:{}", args.flag_port.unwrap_or(4443))).unwrap(); + for stream in listener.incoming() { + let mut stream = stream.unwrap(); + let mut acceptor = Acceptor::default(); + + // Read TLS packets until we've consumed a full client hello and are ready to accept a + // connection. + let accepted = loop { + acceptor.read_tls(&mut stream).unwrap(); + if let Some(accepted) = acceptor.accept().unwrap() { + break accepted; + } + }; + + // Generate a server config for the accepted connection, optionally customizing the + // configuration based on the client hello. + let config = test_pki + .server_config::(&crl_path, accepted.client_hello()); + let mut conn = accepted + .into_connection(config) + .unwrap(); + + // Proceed with handling the ServerConnection + // Important: We do no error handling here, but you should! + _ = conn.complete_io(&mut stream); + } +} + +/// A test PKI with a CA certificate, server certificate, and client certificate. +struct TestPki { + roots: Arc, + ca_cert: rcgen::Certificate, + client_cert: rcgen::Certificate, + server_cert_der: Vec, + server_key_der: Vec, +} + +impl TestPki { + /// Create a new test PKI using `rcgen`. + fn new() -> Self { + // Create an issuer CA cert. + let alg = &rcgen::PKCS_ECDSA_P256_SHA256; + let mut ca_params = rcgen::CertificateParams::new(Vec::new()); + ca_params + .distinguished_name + .push(rcgen::DnType::OrganizationName, "Rustls Server Acceptor"); + ca_params + .distinguished_name + .push(rcgen::DnType::CommonName, "Example CA"); + ca_params.is_ca = rcgen::IsCa::Ca(rcgen::BasicConstraints::Unconstrained); + ca_params.key_usages = vec![ + rcgen::KeyUsagePurpose::KeyCertSign, + rcgen::KeyUsagePurpose::DigitalSignature, + rcgen::KeyUsagePurpose::CrlSign, + ]; + ca_params.alg = alg; + let ca_cert = rcgen::Certificate::from_params(ca_params).unwrap(); + + // Create a server end entity cert issued by the CA. + let mut server_ee_params = rcgen::CertificateParams::new(vec!["localhost".to_string()]); + server_ee_params.is_ca = rcgen::IsCa::NoCa; + server_ee_params.extended_key_usages = vec![rcgen::ExtendedKeyUsagePurpose::ServerAuth]; + server_ee_params.alg = alg; + let server_cert = rcgen::Certificate::from_params(server_ee_params).unwrap(); + let server_cert_der = server_cert + .serialize_der_with_signer(&ca_cert) + .unwrap(); + let server_key_der = server_cert.serialize_private_key_der(); + + // Create a client end entity cert issued by the CA. + let mut client_ee_params = rcgen::CertificateParams::new(Vec::new()); + client_ee_params + .distinguished_name + .push(rcgen::DnType::CommonName, "Example Client"); + client_ee_params.is_ca = rcgen::IsCa::NoCa; + client_ee_params.extended_key_usages = vec![rcgen::ExtendedKeyUsagePurpose::ClientAuth]; + client_ee_params.alg = alg; + client_ee_params.serial_number = Some(rcgen::SerialNumber::from(vec![0xC0, 0xFF, 0xEE])); + let client_cert = rcgen::Certificate::from_params(client_ee_params).unwrap(); + + // Create a root cert store that includes the CA certificate. + let mut roots = RootCertStore::empty(); + roots + .add(&Certificate(ca_cert.serialize_der().unwrap())) + .unwrap(); + Self { + roots: roots.into(), + ca_cert, + client_cert, + server_cert_der, + server_key_der, + } + } + + /// Generate a server configuration for the client using the test PKI. + /// + /// Importantly this creates a new client certificate verifier per-connection so that the server + /// can read in the latest CRL content from disk. + /// + /// Since the presented client certificate is not available in the `ClientHello` the server + /// must know ahead of time which CRLs it cares about. + fn server_config( + &self, + crl_path: &str, + _hello: ClientHello, + ) -> Arc> { + // Read the latest CRL from disk. The CRL is being periodically updated by the crl_updater + // thread. + let mut crl_file = File::open(crl_path).unwrap(); + let mut crl = Vec::default(); + crl_file.read_to_end(&mut crl).unwrap(); + + // Construct a fresh verifier using the test PKI roots, and the updated CRL. + let verifier = WebPkiClientVerifier::builder(self.roots.clone()) + .with_crls([UnparsedCertRevocationList(crl)]) + .build() + .unwrap(); + + // Build a server config using the fresh verifier. If necessary, this could be customized + // based on the ClientHello (e.g. selecting a different certificate, or customizing + // supported algorithms/protocol versions). + Arc::new( + ServerConfig::builder() + .with_safe_defaults() + .with_client_cert_verifier(verifier) + .with_single_cert( + vec![Certificate(self.server_cert_der.clone())], + PrivateKey(self.server_key_der.clone()), + ) + .unwrap(), + ) + } + + /// Issue a certificate revocation list (CRL) for the revoked `serials` provided (may be empty). + /// The CRL will be signed by the test PKI CA and returned in DER serialized form. + fn crl(&self, serials: Vec, next_update_seconds: u64) -> Vec { + // In a real use-case you would want to set this to the current date/time. + let now = rcgen::date_time_ymd(2023, 1, 1); + + // For each serial, create a revoked certificate entry. + let revoked_certs = serials + .into_iter() + .map(|serial| rcgen::RevokedCertParams { + serial_number: serial, + revocation_time: now, + reason_code: Some(rcgen::RevocationReason::KeyCompromise), + invalidity_date: None, + }) + .collect(); + + // Create a new CRL signed by the CA cert. + let crl = rcgen::CertificateRevocationListParams { + this_update: now, + next_update: now.add(Duration::from_secs(next_update_seconds)), + crl_number: rcgen::SerialNumber::from(1234), + revoked_certs, + key_identifier_method: rcgen::KeyIdMethod::Sha256, + alg: &rcgen::PKCS_ECDSA_P256_SHA256, + }; + rcgen::CertificateRevocationList::from_params(crl) + .unwrap() + .serialize_der_with_signer(&self.ca_cert) + .unwrap() + } +} + +/// CRL updater that runs in a separate thread. This periodically updates the CRL file on disk, +/// flipping between writing a CRL that describes the client certificate as revoked, and a CRL that +/// describes the client certificate as not revoked. +/// +/// In a real use case, the CRL would be updated by fetching fresh CRL data from an authoritative +/// distribution point. +struct CRLUpdater { + sleep_duration: Duration, + crl_path: PathBuf, + pki: Arc, +} + +impl CRLUpdater { + fn run(self) { + let mut revoked = true; + + loop { + thread::sleep(self.sleep_duration); + + let revoked_certs = if revoked { + vec![self + .pki + .client_cert + .get_params() + .serial_number + .clone() + .unwrap()] + } else { + Vec::default() + }; + revoked = !revoked; + + // Write the new CRL content to a temp file, this avoids a race condition where the server + // reads the configured CRL path while we're in the process of writing it. + let mut tmp_path = self.crl_path.clone(); + tmp_path.set_extension("tmp"); + let mut crl_der = File::create(&tmp_path).unwrap(); + crl_der + .write_all( + &self + .pki + .crl(revoked_certs, self.sleep_duration.as_secs()), + ) + .unwrap(); + + // Once the new CRL content is available, atomically rename. + fs::rename(&tmp_path, &self.crl_path).unwrap(); + } + } +} + +const USAGE: &str = " +Runs a TLS server on :PORT. The default PORT is 4443. + +Usage: + server_acceptor [options] + server_acceptor (--version | -v) + server_acceptor (--help | -h) + +Options: + -p, --port PORT Listen on PORT [default: 4443]. + --verbose Emit log output. + --crl-update-seconds SECONDS Update the CRL after SECONDS [default: 5]. + --ca-path PATH Write the CA cert PEM to PATH [default: ca-cert.pem]. + --client-cert-path PATH Write the client cert PEM to PATH [default: client-cert.pem]. + --client-key-path PATH Write the client key PEM to PATH [default: client-key.pem]. + --crl-path PATH Write the DER CRL content to PATH [default: crl.der]. + --version, -v Show tool version. + --help, -h Show this screen. +"; + +#[derive(Debug, Deserialize)] +struct Args { + flag_port: Option, + flag_verbose: bool, + flag_crl_update_seconds: Option, + flag_ca_path: Option, + flag_client_cert_path: Option, + flag_client_key_path: Option, + flag_crl_path: Option, +} From f0e7dd2cca1be2630744ba9d159ec4a4b08fb83a Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Fri, 18 Aug 2023 09:17:05 -0400 Subject: [PATCH 0087/1145] doc: fix max_fragment_size docs The docs formerly said the default maximum was 2**16 (64 kB) but according to spec (and implementation) it's actually 2**14 (16 kb). The docs recommended setting to TCP MSS but by my understanding there is a little record overhead so it's better to set this to a little under the MSS. Clarified that there is in fact a limit when the default value of None is used. Use the slightly more precise "TLS record" instead of "TLS message". --- rustls/src/client/client_conn.rs | 14 +++++++++----- rustls/src/server/server_conn.rs | 14 +++++++++----- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 497d02a6ab..bee6605891 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -117,7 +117,7 @@ pub trait ResolvesClientCert: Send + Sync { /// /// # Defaults /// -/// * [`ClientConfig::max_fragment_size`]: the default is `None`: TLS packets are not fragmented to a specific size. +/// * [`ClientConfig::max_fragment_size`]: the default is `None` (meaning 16kB). /// * [`ClientConfig::resumption`]: supports resumption with up to 256 server names, using session /// ids or tickets, with a max of eight tickets per server. /// * [`ClientConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. @@ -140,13 +140,17 @@ pub struct ClientConfig { /// How and when the client can resume a previous session. pub resumption: Resumption, - /// The maximum size of TLS message we'll emit. If None, we don't limit TLS - /// message lengths except to the 2**16 limit specified in the standard. + /// The maximum size of plaintext input to be emitted in a single TLS record. + /// A value of None is equivalent to the [TLS maximum] of 16 kB. /// /// rustls enforces an arbitrary minimum of 32 bytes for this field. - /// Out of range values are reported as errors from ClientConnection::new. + /// Out of range values are reported as errors from [ClientConnection::new]. /// - /// Setting this value to the TCP MSS may improve latency for stream-y workloads. + /// Setting this value to a little less than the TCP MSS may improve latency + /// for stream-y workloads. + /// + /// [TLS maximum]: https://datatracker.ietf.org/doc/html/rfc8446#section-5.1 + /// [ClientConnection::new]: crate::client::ClientConnection::new pub max_fragment_size: Option, /// How to decide what client auth certificate/keys to use. diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index a274776b4b..008b3f8919 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -192,7 +192,7 @@ impl<'a> ClientHello<'a> { /// /// # Defaults /// -/// * [`ServerConfig::max_fragment_size`]: the default is `None`: TLS packets are not fragmented to a specific size. +/// * [`ServerConfig::max_fragment_size`]: the default is `None` (meaning 16kB). /// * [`ServerConfig::session_storage`]: the default stores 256 sessions in memory. /// * [`ServerConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. /// * [`ServerConfig::key_log`]: key material is not logged. @@ -212,13 +212,17 @@ pub struct ServerConfig { /// which is supported by the client. pub ignore_client_order: bool, - /// The maximum size of TLS message we'll emit. If None, we don't limit TLS - /// message lengths except to the 2**16 limit specified in the standard. + /// The maximum size of plaintext input to be emitted in a single TLS record. + /// A value of None is equivalent to the [TLS maximum] of 16 kB. /// /// rustls enforces an arbitrary minimum of 32 bytes for this field. - /// Out of range values are reported as errors from ServerConnection::new. + /// Out of range values are reported as errors from [ServerConnection::new]. /// - /// Setting this value to the TCP MSS may improve latency for stream-y workloads. + /// Setting this value to a little less than the TCP MSS may improve latency + /// for stream-y workloads. + /// + /// [TLS maximum]: https://datatracker.ietf.org/doc/html/rfc8446#section-5.1 + /// [ServerConnection::new]: crate::server::ServerConnection::new pub max_fragment_size: Option, /// How to store client sessions. From f65b11658eadfa8292a4180daf580e92b1c79d23 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 22 Aug 2023 13:26:14 +0100 Subject: [PATCH 0088/1145] Pin specific rcgen commit --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index ea974b25a2..b0039acdcc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,4 +10,4 @@ resolver = "2" [patch.crates-io] # TODO(XXX): Remove this once rcgen has cut a release w/ CRL support included. Only used in examples. -rcgen = { git = 'https://github.com/est31/rcgen.git' } +rcgen = { git = 'https://github.com/est31/rcgen.git', rev = '83e548a06848d923eada1ac66d1a912735b67e79' } From 6e9a61f055c82ce0bcf35a9b881f6eabb09e2fd6 Mon Sep 17 00:00:00 2001 From: ctz Date: Tue, 22 Aug 2023 17:57:08 +0100 Subject: [PATCH 0089/1145] SECURITY.md: use github vuln reporting tool We have a mailing list for this. But, the first time that was used for real, it didn't go very well: - the report and a follow-up went into spam. A private google group delivering to gmail -- you'd think this would work well, but it did not. - there was only me in the group. Github now has a "private vulnerability reporting" feature that should be better for getting reports to the right people quickly. Let's try that? --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 8fe0ecef27..2bf8066740 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -15,7 +15,7 @@ Therefore 0.20.x and 0.21.x will be updated, while 0.19.x will not be. ## Reporting a Vulnerability -Please report security bugs by email to rustls-security@googlegroups.com. +Please report security bugs [via github](https://github.com/rustls/rustls/security/advisories/new). We'll then: - Prepare a fix and regression tests. From b87f94580cc7cfe8dd3ca94c249b4634db0efa3e Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 24 Aug 2023 11:36:12 +0200 Subject: [PATCH 0090/1145] Store an Arc in WebPkiServerCertVerifier --- rustls/src/client/builder.rs | 2 +- rustls/src/webpki/verify.rs | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index e055094c9a..e479ec1b19 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -16,7 +16,7 @@ impl ConfigBuilder, WantsVerifier> { /// Choose how to verify server certificates. pub fn with_root_certificates( self, - root_store: webpki::RootCertStore, + root_store: impl Into>, ) -> ConfigBuilder, WantsClientCert> { ConfigBuilder { state: WantsClientCert { diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 37826a6581..1fe7c43a5f 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -144,7 +144,7 @@ impl ServerCertVerifier for WebPkiServerVerifier { /// Default `ServerCertVerifier`, see the trait impl for more information. #[allow(unreachable_pub)] pub struct WebPkiServerVerifier { - roots: RootCertStore, + roots: Arc, } #[allow(unreachable_pub)] @@ -152,8 +152,10 @@ impl WebPkiServerVerifier { /// Constructs a new `WebPkiServerVerifier`. /// /// `roots` is the set of trust anchors to trust for issuing server certs. - pub fn new(roots: RootCertStore) -> Self { - Self { roots } + pub fn new(roots: impl Into>) -> Self { + Self { + roots: roots.into(), + } } /// Which signature verification schemes the `webpki` crate supports. From 09903a5c1ed594bb504a0012e4833eaa77124675 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 23 Aug 2023 13:28:48 +0200 Subject: [PATCH 0091/1145] Clarify that building configs is not actually expensive The actually expensive part is mostly the gathering of certificates from the platform trust root store, and it would be better to document that in the relevant API (that is, in rustls-native-certs). Apart from that, I believe that the use of `Arc`-wrapped types is also an effective signal that the wrapped types should be reused where possible. --- rustls/src/client/client_conn.rs | 11 +++++++---- rustls/src/server/server_conn.rs | 7 +++++-- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index bee6605891..8048d5533c 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -107,11 +107,12 @@ pub trait ResolvesClientCert: Send + Sync { fn has_certs(&self) -> bool; } -/// Common configuration for (typically) all connections made by -/// a program. +/// Common configuration for (typically) all connections made by a program. /// -/// Making one of these can be expensive, and should be -/// once per process rather than once per connection. +/// Making one of these is cheap, though one of the inputs may be expensive: gathering trust roots +/// from the operating system to add to the [`RootCertStore`] passed to `with_root_certificates()` +/// (the rustls-native-certs crate is often used for this) may take on the order of a few hundred +/// milliseconds. /// /// These must be created via the [`ClientConfig::builder()`] function. /// @@ -122,6 +123,8 @@ pub trait ResolvesClientCert: Send + Sync { /// ids or tickets, with a max of eight tickets per server. /// * [`ClientConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. /// * [`ClientConfig::key_log`]: key material is not logged. +/// +/// [`RootCertStore`]: crate::RootCertStore pub struct ClientConfig { /// List of ciphersuites, in preference order. pub(super) cipher_suites: Vec, diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 008b3f8919..b3f8d87d35 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -185,8 +185,9 @@ impl<'a> ClientHello<'a> { /// Common configuration for a set of server sessions. /// -/// Making one of these can be expensive, and should be -/// once per process rather than once per connection. +/// Making one of these is cheap, though one of the inputs may be expensive: gathering trust roots +/// from the operating system to add to the [`RootCertStore`] passed to a `ClientCertVerifier` +/// builder may take on the order of a few hundred milliseconds. /// /// These must be created via the [`ServerConfig::builder()`] function. /// @@ -197,6 +198,8 @@ impl<'a> ClientHello<'a> { /// * [`ServerConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. /// * [`ServerConfig::key_log`]: key material is not logged. /// * [`ServerConfig::send_tls13_tickets`]: 4 tickets are sent. +/// +/// [`RootCertStore`]: crate::RootCertStore pub struct ServerConfig { /// List of ciphersuites, in preference order. pub(super) cipher_suites: Vec, From 96a7249b546c66df3171636f8c2ce74b836ccf08 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 24 Aug 2023 17:36:50 +0200 Subject: [PATCH 0092/1145] Apply clippy suggestions from Rust 1.72 --- rustls/examples/internal/bogo_shim.rs | 1 - rustls/src/dns_name.rs | 2 +- rustls/src/msgs/message_test.rs | 6 ------ rustls/src/server/tls13.rs | 2 +- rustls/tests/api.rs | 6 ++++-- rustls/tests/key_log_file_env.rs | 2 +- 6 files changed, 7 insertions(+), 12 deletions(-) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 57bfc74bf6..d08f89dea9 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -21,7 +21,6 @@ use rustls::{ }; use base64::prelude::{Engine, BASE64_STANDARD}; -use env_logger; use std::io::{self, BufReader, Read, Write}; use std::sync::Arc; diff --git a/rustls/src/dns_name.rs b/rustls/src/dns_name.rs index 58566e90a0..074774eb60 100644 --- a/rustls/src/dns_name.rs +++ b/rustls/src/dns_name.rs @@ -146,7 +146,7 @@ enum State { #[cfg(test)] mod test { - static TESTS: &[(&'static str, bool)] = &[ + static TESTS: &[(&str, bool)] = &[ ("", false), ("localhost", true), ("LOCALHOST", true), diff --git a/rustls/src/msgs/message_test.rs b/rustls/src/msgs/message_test.rs index 010f93cd61..5ba8f120bc 100644 --- a/rustls/src/msgs/message_test.rs +++ b/rustls/src/msgs/message_test.rs @@ -81,12 +81,6 @@ fn alert_is_not_handshake() { assert!(!m.is_handshake_type(HandshakeType::ClientHello)); } -#[test] -fn alert_is_not_opaque() { - let m = Message::build_alert(AlertLevel::Fatal, AlertDescription::DecodeError); - assert!(Message::try_from(m).is_ok()); -} - #[test] fn construct_all_types() { let samples = [ diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index ce9627e0e1..eb8c66d395 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -604,7 +604,7 @@ mod client_hello { common.send_msg(m, false); } - #[allow(clippy::needless_pass_by_ref_mut)] // cx only mutated if cfg(feature = "quic") + #[cfg_attr(not(feature = "quic"), allow(clippy::needless_pass_by_ref_mut))] fn decide_if_early_data_allowed( cx: &mut ServerContext<'_>, client_hello: &ClientHelloPayload, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index a1d8e3fa4e..78014f5a59 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1278,6 +1278,7 @@ fn client_flush_does_nothing() { assert!(matches!(client.writer().flush(), Ok(()))); } +#[allow(clippy::no_effect)] #[test] fn server_is_send_and_sync() { let (_, server) = make_pair(KeyType::Rsa); @@ -1285,6 +1286,7 @@ fn server_is_send_and_sync() { &server as &dyn Sync; } +#[allow(clippy::no_effect)] #[test] fn client_is_send_and_sync() { let (client, _) = make_pair(KeyType::Rsa); @@ -1513,7 +1515,7 @@ where Ok(()) } - fn write_vectored<'b>(&mut self, b: &[io::IoSlice<'b>]) -> io::Result { + fn write_vectored(&mut self, b: &[io::IoSlice<'_>]) -> io::Result { let mut total = 0; let mut lengths = vec![]; for bytes in b { @@ -4281,7 +4283,7 @@ fn test_client_mtu_reduction() { fn flush(&mut self) -> io::Result<()> { panic!() } - fn write_vectored<'b>(&mut self, b: &[io::IoSlice<'b>]) -> io::Result { + fn write_vectored(&mut self, b: &[io::IoSlice<'_>]) -> io::Result { let writes = b .iter() .map(|slice| slice.len()) diff --git a/rustls/tests/key_log_file_env.rs b/rustls/tests/key_log_file_env.rs index bc15f5331c..9503d0ea21 100644 --- a/rustls/tests/key_log_file_env.rs +++ b/rustls/tests/key_log_file_env.rs @@ -49,7 +49,7 @@ fn serialized(f: impl FnOnce()) { }); let mutex = unsafe { MUTEX.as_mut() }; - let _guard = mutex.unwrap().lock().unwrap(); + let _guard = mutex.unwrap().get_mut().unwrap(); // XXX: NOT thread safe. env::set_var("SSLKEYLOGFILE", "./sslkeylogfile.txt"); From 5b4e53ed455e1c691ed6ad92699a8d6aa41a8a4c Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 25 Aug 2023 10:29:46 +0200 Subject: [PATCH 0093/1145] Ignore unknown lints locally where needed --- .github/workflows/build.yml | 8 ++++---- rustls/src/server/tls13.rs | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3896896320..9f75f5b179 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -280,10 +280,10 @@ jobs: uses: dtolnay/rust-toolchain@stable with: components: clippy - - run: cargo clippy --package rustls --all-features -- --deny warnings --allow unknown-lints - - run: cargo clippy --package rustls --no-default-features -- --deny warnings --allow unknown-lints - - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features -- --deny warnings --allow unknown-lints - - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features -- --deny warnings --allow unknown-lints + - run: cargo clippy --package rustls --all-features -- --deny warnings + - run: cargo clippy --package rustls --no-default-features -- --deny warnings + - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features -- --deny warnings + - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features -- --deny warnings clippy-nightly: name: Clippy (Nightly) diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index eb8c66d395..6c715a64cf 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -604,6 +604,7 @@ mod client_hello { common.send_msg(m, false); } + #[allow(unknown_lints)] // The lint allowed below is nightly only for now #[cfg_attr(not(feature = "quic"), allow(clippy::needless_pass_by_ref_mut))] fn decide_if_early_data_allowed( cx: &mut ServerContext<'_>, From 484e3771f268a91e05bc221a7d026f432f503632 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 25 Aug 2023 10:33:38 +0200 Subject: [PATCH 0094/1145] Use clippy for test and example code, too --- .github/workflows/build.yml | 16 ++++++++-------- connect-tests/tests/badssl.rs | 8 ++++---- rustls/examples/internal/bench.rs | 4 +--- rustls/examples/internal/bogo_shim.rs | 12 ++++-------- rustls/src/client/handy.rs | 8 +++++--- rustls/src/crypto/ring/hmac.rs | 2 +- rustls/src/vecbuf.rs | 3 ++- rustls/tests/api.rs | 18 +++++++----------- 8 files changed, 32 insertions(+), 39 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9f75f5b179..a0393a2be8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -280,10 +280,10 @@ jobs: uses: dtolnay/rust-toolchain@stable with: components: clippy - - run: cargo clippy --package rustls --all-features -- --deny warnings - - run: cargo clippy --package rustls --no-default-features -- --deny warnings - - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features -- --deny warnings - - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features -- --deny warnings + - run: cargo clippy --package rustls --all-features --all-targets -- --deny warnings + - run: cargo clippy --package rustls --no-default-features --all-targets -- --deny warnings + - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features --all-targets -- --deny warnings + - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features --all-targets -- --deny warnings clippy-nightly: name: Clippy (Nightly) @@ -297,7 +297,7 @@ jobs: uses: dtolnay/rust-toolchain@nightly with: components: clippy - - run: cargo clippy --package rustls --all-features - - run: cargo clippy --package rustls --no-default-features -- --deny warnings - - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features -- --deny warnings - - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features -- --deny warnings + - run: cargo clippy --package rustls --all-features --all-targets + - run: cargo clippy --package rustls --no-default-features --all-targets -- --deny warnings + - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features --all-targets -- --deny warnings + - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features --all-targets -- --deny warnings diff --git a/connect-tests/tests/badssl.rs b/connect-tests/tests/badssl.rs index ecd216acf4..092e718b2d 100644 --- a/connect-tests/tests/badssl.rs +++ b/connect-tests/tests/badssl.rs @@ -33,7 +33,7 @@ mod online { fn expired() { connect("expired.badssl.com") .fails() - .expect(r#"TLS error: InvalidCertificate\(Expired\)"#) + .expect(r"TLS error: InvalidCertificate\(Expired\)") .go() .unwrap(); } @@ -42,7 +42,7 @@ mod online { fn wrong_host() { connect("wrong.host.badssl.com") .fails() - .expect(r#"TLS error: InvalidCertificate\(NotValidForName\)"#) + .expect(r"TLS error: InvalidCertificate\(NotValidForName\)") .go() .unwrap(); } @@ -51,7 +51,7 @@ mod online { fn self_signed() { connect("self-signed.badssl.com") .fails() - .expect(r#"TLS error: InvalidCertificate\(UnknownIssuer\)"#) + .expect(r"TLS error: InvalidCertificate\(UnknownIssuer\)") .go() .unwrap(); } @@ -118,7 +118,7 @@ mod online { fn sha1_2016() { connect("sha1-2016.badssl.com") .fails() - .expect(r#"TLS error: InvalidCertificate\(Expired\)"#) + .expect(r"TLS error: InvalidCertificate\(Expired\)") .go() .unwrap(); } diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index ea66961496..1ccc46d88a 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -474,9 +474,7 @@ fn bench_bulk(params: &BenchmarkParam, plaintext_size: u64, max_fragment_size: O do_handshake(&mut client, &mut server); - let mut buf = Vec::new(); - buf.resize(plaintext_size as usize, 0u8); - + let buf = vec![0; plaintext_size as usize]; let total_data = apply_work_multiplier(if plaintext_size < 8192 { 64 * 1024 * 1024 } else { diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index d08f89dea9..361707abda 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -690,12 +690,9 @@ fn handle_err(err: Error) -> ! { fn flush(sess: &mut Connection, conn: &mut net::TcpStream) { while sess.wants_write() { - match sess.write_tls(conn) { - Err(err) => { - println!("IO error: {:?}", err); - process::exit(0); - } - Ok(_) => {} + if let Err(err) = sess.write_tls(conn) { + println!("IO error: {:?}", err); + process::exit(0); } } conn.flush().unwrap(); @@ -813,8 +810,7 @@ fn exec(opts: &Options, mut sess: Connection, count: usize) { } if !sess.is_handshaking() && opts.export_keying_material > 0 && !sent_exporter { - let mut export = Vec::new(); - export.resize(opts.export_keying_material, 0u8); + let mut export = vec![0; opts.export_keying_material]; sess.export_keying_material( &mut export, opts.export_keying_material_label diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 76611f4971..46ad8a262c 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -224,9 +224,10 @@ mod test { #[cfg(feature = "tls12")] { use crate::msgs::persist::Tls12ClientSessionValue; - let tls12_suite = match crate::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 { - SupportedCipherSuite::Tls12(inner) => inner, - _ => unreachable!(), + let SupportedCipherSuite::Tls12(tls12_suite) = + crate::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + else { + unreachable!() }; c.set_tls12_session( @@ -246,6 +247,7 @@ mod test { c.remove_tls12_session(&name); } + #[cfg_attr(not(feature = "tls12"), allow(clippy::infallible_destructuring_match))] let tls13_suite = match crate::cipher_suite::TLS13_AES_256_GCM_SHA384 { SupportedCipherSuite::Tls13(inner) => inner, #[cfg(feature = "tls12")] diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index c404f8620e..6f6f7f84ad 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -5,7 +5,7 @@ use ring; pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring::hmac::HMAC_SHA256); #[cfg(feature = "tls12")] pub(crate) static HMAC_SHA384: Hmac = Hmac(&ring::hmac::HMAC_SHA384); -#[cfg(test)] +#[cfg(all(test, feature = "tls12"))] pub(crate) static HMAC_SHA512: Hmac = Hmac(&ring::hmac::HMAC_SHA512); pub(crate) struct Hmac(&'static ring::hmac::Algorithm); diff --git a/rustls/src/vecbuf.rs b/rustls/src/vecbuf.rs index be595e1da1..5057042762 100644 --- a/rustls/src/vecbuf.rs +++ b/rustls/src/vecbuf.rs @@ -167,7 +167,8 @@ mod test { #[cfg(read_buf)] #[test] fn read_buf() { - use std::{io::BorrowedBuf, mem::MaybeUninit}; + use core::mem::MaybeUninit; + use std::io::BorrowedBuf; { let mut cvb = ChunkVecBuffer::new(None); diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 78014f5a59..0455a272dc 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3323,7 +3323,7 @@ mod test_quic { fn test_quic_handshake() { fn equal_packet_keys(x: &quic::PacketKey, y: &quic::PacketKey) -> bool { // Check that these two sets of keys are equal. - let mut buf = vec![0; 32]; + let mut buf = [0; 32]; let (header, payload_tag) = buf.split_at_mut(8); let (payload, tag_buf) = payload_tag.split_at_mut(8); let tag = x @@ -3333,7 +3333,7 @@ mod test_quic { let result = y.decrypt_in_place(42, &*header, payload_tag); match result { - Ok(payload) => payload == &[0; 8], + Ok(payload) => payload == [0; 8], Err(_) => false, } } @@ -3677,9 +3677,7 @@ mod test_quic { let mut buf = Vec::with_capacity(512); client_hello.encode(&mut buf); assert_eq!( - server - .read_hs(&mut buf.as_slice()) - .err(), + server.read_hs(buf.as_slice()).err(), Some(Error::PeerMisbehaved( PeerMisbehaved::MissingQuicTransportParameters )) @@ -3722,7 +3720,7 @@ mod test_quic { typ: HandshakeType::ClientHello, payload: HandshakePayload::ClientHello(ClientHelloPayload { client_version: ProtocolVersion::TLSv1_2, - random: random.clone(), + random, session_id: SessionId::random::().unwrap(), cipher_suites: vec![CipherSuite::TLS13_AES_128_GCM_SHA256], compression_methods: vec![Compression::Null], @@ -3740,9 +3738,7 @@ mod test_quic { let mut buf = Vec::with_capacity(512); client_hello.encode(&mut buf); assert_eq!( - server - .read_hs(&mut buf.as_slice()) - .err(), + server.read_hs(buf.as_slice()).err(), Some(Error::PeerIncompatible( PeerIncompatible::SupportedVersionsExtensionRequired )), @@ -3783,7 +3779,7 @@ mod test_quic { 0x08, 0x06, 0x04, 0x80, 0x00, 0xff, 0xff, ]; - let client_keys = Keys::initial(Version::V1, &CONNECTION_ID, Side::Client); + let client_keys = Keys::initial(Version::V1, CONNECTION_ID, Side::Client); assert_eq!( client_keys .local @@ -3919,7 +3915,7 @@ mod test_quic { let (first, rest) = header.split_at_mut(1); let sample = &payload[..sample_len]; - let server_keys = Keys::initial(Version::V1, &CONNECTION_ID, Side::Server); + let server_keys = Keys::initial(Version::V1, CONNECTION_ID, Side::Server); server_keys .remote .header From 3ea338a80506fe6cc69a4036e7658308f42a1cb1 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 16 Aug 2023 15:44:49 +0100 Subject: [PATCH 0095/1145] Introduce provider for hashing --- rustls/src/crypto/hash.rs | 74 ++++++++++++++++++++++++++++++++++ rustls/src/crypto/mod.rs | 3 ++ rustls/src/crypto/ring/hash.rs | 54 +++++++++++++++++++++++++ rustls/src/crypto/ring/mod.rs | 1 + 4 files changed, 132 insertions(+) create mode 100644 rustls/src/crypto/hash.rs create mode 100644 rustls/src/crypto/ring/hash.rs diff --git a/rustls/src/crypto/hash.rs b/rustls/src/crypto/hash.rs new file mode 100644 index 0000000000..8e538e84cc --- /dev/null +++ b/rustls/src/crypto/hash.rs @@ -0,0 +1,74 @@ +pub use crate::msgs::enums::HashAlgorithm; + +/// Describes a single cryptographic hash function. +/// +/// This interface can do both one-shot and incremental hashing, using +/// [`Hash::hash()`] and [`Hash::start()`] respectively. +pub trait Hash: Send + Sync { + /// Start an incremental hash computation. + fn start(&self) -> Box; + + /// Return the output of this hash function with input `data`. + fn hash(&self, data: &[u8]) -> Output; + + /// The length in bytes of this hash function's output. + fn output_len(&self) -> usize; + + /// Which hash function this is, eg, `HashAlgorithm::SHA256`. + fn algorithm(&self) -> HashAlgorithm; +} + +/// A hash output, stored as a value. +pub struct Output { + buf: [u8; Self::MAX_LEN], + used: usize, +} + +impl Output { + /// Build a `hash::Output` from a slice of no more than `Output::MAX_LEN` bytes. + pub fn new(bytes: &[u8]) -> Self { + let mut output = Self { + buf: [0u8; Self::MAX_LEN], + used: bytes.len(), + }; + debug_assert!(bytes.len() <= Self::MAX_LEN); + output.buf[..bytes.len()].copy_from_slice(bytes); + output + } + + /// Maximum supported hash output size: supports up to SHA512. + pub const MAX_LEN: usize = 64; +} + +impl AsRef<[u8]> for Output { + fn as_ref(&self) -> &[u8] { + &self.buf[..self.used] + } +} + +/// How to incrementally compute a hash. +pub trait Context: Send + Sync { + /// Finish the computation, returning the resulting output. + /// + /// The computation remains valid, and more data can be added later with + /// [`Context::update()`]. + /// + /// Compare with [`Context::finish()`] which consumes the computation + /// and prevents any further data being added. This can be more efficient + /// because it avoids a hash context copy to apply Merkle-Damgård padding + /// (if required). + fn fork_finish(&self) -> Output; + + /// Fork the computation, producing another context that has the + /// same prefix as this one. + fn fork(&self) -> Box; + + /// Terminate and finish the computation, returning the resulting output. + /// + /// Further data cannot be added after this, because the context is consumed. + /// Compare [`Context::fork_finish()`]. + fn finish(self: Box) -> Output; + + /// Add `data` to computation. + fn update(&mut self, data: &[u8]); +} diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index e0f8bade1a..8c97e74506 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -8,6 +8,9 @@ pub mod ring; /// TLS message encryption/decryption interfaces. pub mod cipher; +/// Hashing interfaces. +pub mod hash; + /// HMAC interfaces. pub mod hmac; diff --git a/rustls/src/crypto/ring/hash.rs b/rustls/src/crypto/ring/hash.rs new file mode 100644 index 0000000000..fd8b9e74d4 --- /dev/null +++ b/rustls/src/crypto/ring/hash.rs @@ -0,0 +1,54 @@ +use crate::crypto; +use crate::msgs::enums::HashAlgorithm; +use ring; + +pub(crate) static SHA256: Hash = Hash(&ring::digest::SHA256, HashAlgorithm::SHA256); +pub(crate) static SHA384: Hash = Hash(&ring::digest::SHA384, HashAlgorithm::SHA384); + +pub(crate) struct Hash(&'static ring::digest::Algorithm, HashAlgorithm); + +impl crypto::hash::Hash for Hash { + fn start(&self) -> Box { + Box::new(Context(ring::digest::Context::new(self.0))) + } + + fn hash(&self, bytes: &[u8]) -> crypto::hash::Output { + let mut ctx = ring::digest::Context::new(self.0); + ctx.update(bytes); + ctx.finish().into() + } + + fn output_len(&self) -> usize { + self.0.output_len + } + + fn algorithm(&self) -> HashAlgorithm { + self.1 + } +} + +struct Context(ring::digest::Context); + +impl crypto::hash::Context for Context { + fn fork_finish(&self) -> crypto::hash::Output { + self.0.clone().finish().into() + } + + fn fork(&self) -> Box { + Box::new(Self(self.0.clone())) + } + + fn finish(self: Box) -> crypto::hash::Output { + self.0.finish().into() + } + + fn update(&mut self, data: &[u8]) { + self.0.update(data); + } +} + +impl From for crypto::hash::Output { + fn from(val: ring::digest::Digest) -> Self { + Self::new(val.as_ref()) + } +} diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index cb4d7277c3..b42d585c11 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -11,6 +11,7 @@ use ring::rand::{SecureRandom, SystemRandom}; use alloc::sync::Arc; use core::fmt; +pub(crate) mod hash; pub(crate) mod hmac; /// Default crypto provider. From 14fbc598894eeaafccb5ea4ee3d713a16851a0d7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 16 Aug 2023 15:45:11 +0100 Subject: [PATCH 0096/1145] Hook hashing provider into each cipher suite --- rustls/src/suites.rs | 10 +++++++++- rustls/src/tls12/mod.rs | 6 ++++++ rustls/src/tls13/mod.rs | 7 ++++++- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 6312cac6ac..cf61cf2216 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -1,5 +1,6 @@ use core::fmt; +use crate::crypto; use crate::enums::{CipherSuite, ProtocolVersion, SignatureAlgorithm, SignatureScheme}; #[cfg(feature = "tls12")] use crate::tls12::Tls12CipherSuite; @@ -36,13 +37,15 @@ pub enum BulkAlgorithm { } /// Common state for cipher suites (both for TLS 1.2 and TLS 1.3) -#[derive(Debug)] pub struct CipherSuiteCommon { /// The TLS enumeration naming this cipher suite. pub suite: CipherSuite, /// How to do bulk encryption. pub bulk: BulkAlgorithm, + + /// Which hash function the suite uses. + pub hash_provider: &'static dyn crypto::hash::Hash, } /// A cipher suite supported by rustls. @@ -79,6 +82,11 @@ impl SupportedCipherSuite { self.common().suite } + /// The hash function the ciphersuite uses. + pub(crate) fn hash_provider(&self) -> &'static dyn crypto::hash::Hash { + self.common().hash_provider + } + pub(crate) fn common(&self) -> &CipherSuiteCommon { match self { #[cfg(feature = "tls12")] diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 7d38239b91..ce054a2c82 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -25,6 +25,7 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, bulk: BulkAlgorithm::Chacha20Poly1305, + hash_provider: &crypto::ring::hash::SHA256, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, @@ -40,6 +41,7 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, bulk: BulkAlgorithm::Chacha20Poly1305, + hash_provider: &crypto::ring::hash::SHA256, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -55,6 +57,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, bulk: BulkAlgorithm::Aes128Gcm, + hash_provider: &crypto::ring::hash::SHA256, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -70,6 +73,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, bulk: BulkAlgorithm::Aes256Gcm, + hash_provider: &crypto::ring::hash::SHA384, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -85,6 +89,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, bulk: BulkAlgorithm::Aes128Gcm, + hash_provider: &crypto::ring::hash::SHA256, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, @@ -100,6 +105,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, bulk: BulkAlgorithm::Aes256Gcm, + hash_provider: &crypto::ring::hash::SHA384, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 0b0c1ae0ee..26f803fced 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -1,3 +1,4 @@ +use crate::crypto; use crate::crypto::cipher::{make_nonce, Iv, MessageDecrypter, MessageEncrypter}; use crate::enums::ContentType; use crate::enums::{CipherSuite, ProtocolVersion}; @@ -23,6 +24,7 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & common: CipherSuiteCommon { suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, bulk: BulkAlgorithm::Chacha20Poly1305, + hash_provider: &crypto::ring::hash::SHA256, }, hkdf_algorithm: ring::hkdf::HKDF_SHA256, #[cfg(feature = "quic")] @@ -38,6 +40,7 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_256_GCM_SHA384, bulk: BulkAlgorithm::Aes256Gcm, + hash_provider: &crypto::ring::hash::SHA384, }, hkdf_algorithm: ring::hkdf::HKDF_SHA384, #[cfg(feature = "quic")] @@ -55,6 +58,7 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_128_GCM_SHA256, bulk: BulkAlgorithm::Aes128Gcm, + hash_provider: &crypto::ring::hash::SHA256, }, hkdf_algorithm: ring::hkdf::HKDF_SHA256, #[cfg(feature = "quic")] @@ -86,7 +90,8 @@ impl Tls13CipherSuite { /// Can a session using suite self resume from suite prev? pub fn can_resume_from(&self, prev: &'static Self) -> Option<&'static Self> { - (prev.hash_algorithm() == self.hash_algorithm()).then(|| prev) + (prev.common.hash_provider.algorithm() == self.common.hash_provider.algorithm()) + .then(|| prev) } } From eda44ecdcee89a216b253045f7097c92184922ff Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 19 Jun 2023 14:59:18 +0100 Subject: [PATCH 0097/1145] Add hkdf implementation using crypto::hmac --- rustls/src/crypto/hmac.rs | 4 +- rustls/src/hkdf.rs | 250 ++++++++++++++++++++++++++++++++++++++ rustls/src/lib.rs | 1 + 3 files changed, 253 insertions(+), 2 deletions(-) create mode 100644 rustls/src/hkdf.rs diff --git a/rustls/src/crypto/hmac.rs b/rustls/src/crypto/hmac.rs index 6e35a7b850..3a9344a295 100644 --- a/rustls/src/crypto/hmac.rs +++ b/rustls/src/crypto/hmac.rs @@ -20,7 +20,7 @@ pub struct Tag { impl Tag { /// Build a tag by copying a byte slice. /// - /// The slice can be up to `Tag::MAX_LEN` bytes in length. + /// The slice can be up to [`Tag::MAX_LEN`] bytes in length. pub fn new(bytes: &[u8]) -> Self { let mut tag = Self { buf: [0u8; Self::MAX_LEN], @@ -31,7 +31,7 @@ impl Tag { } /// Maximum supported HMAC tag size: supports up to SHA512. - const MAX_LEN: usize = 64; + pub const MAX_LEN: usize = 64; } impl AsRef<[u8]> for Tag { diff --git a/rustls/src/hkdf.rs b/rustls/src/hkdf.rs new file mode 100644 index 0000000000..e43fce9cfb --- /dev/null +++ b/rustls/src/hkdf.rs @@ -0,0 +1,250 @@ +//! HKDF from RFC5869 + +use crate::crypto::{hash, hmac}; + +/// This is the inputs to HKDF-Extract, except for IKM +/// ("input keying material") which is supplied in [`Extractor::extract()`]. +pub(crate) struct Extractor { + salt: Box, + hmac: &'static dyn hmac::Hmac, +} + +impl Extractor { + pub(crate) fn without_salt(hmac: &'static dyn hmac::Hmac) -> Self { + let zeroes = [0u8; hash::Output::MAX_LEN]; + Self::new(hmac, &zeroes[..hmac.hash_output_len()]) + } + + pub(crate) fn new(hmac: &'static dyn hmac::Hmac, salt: &[u8]) -> Self { + Self { + salt: hmac.with_key(salt), + hmac, + } + } + + /// This is the `HKDF-Extract` step: takes the input keying material `ikm` and "extracts" + /// from it a fixed-length pseudorandom key. + /// + /// The returned [`Expander`] can be used for the `HKDF-Expand` step, see: + /// [`Expander::expand()`] et al. + pub(crate) fn extract(self, ikm: &[u8]) -> Expander { + Expander( + self.hmac + .with_key(self.salt.sign(&[ikm]).as_ref()), + ) + } +} + +pub(crate) struct OutputLengthError; + +/// This is a PRK ready for use via `expand()` et al. +pub(crate) struct Expander(Box); + +/// This is a single "output keying material" (OKM) block output from HKDF-Expand. +#[derive(Clone)] +pub(crate) struct OkmBlock(hmac::Tag); + +impl AsRef<[u8]> for OkmBlock { + fn as_ref(&self) -> &[u8] { + self.0.as_ref() + } +} + +impl Expander { + pub(crate) fn from_okm(okm: &OkmBlock, hmac: &'static dyn hmac::Hmac) -> Self { + Self(hmac.with_key(okm.0.as_ref())) + } + + /// HKDF-Expand, writing into a slice. + /// + /// This returns an error if the slice is longer than the maximum HKDF-Expand + /// L parameter. + pub(crate) fn expand_slice( + &self, + info: &[&[u8]], + output: &mut [u8], + ) -> Result<(), OutputLengthError> { + if output.len() > 255 * self.0.tag_len() { + return Err(OutputLengthError); + } + + self.expand_unchecked(info, output); + Ok(()) + } + + /// HKDF-Expand, producing one block of output. + pub(crate) fn expand_block(&self, info: &[&[u8]]) -> OkmBlock { + let mut tag = [0u8; hmac::Tag::MAX_LEN]; + let reduced_tag = &mut tag[..self.0.tag_len()]; + self.expand_unchecked(info, reduced_tag); + OkmBlock(hmac::Tag::new(reduced_tag)) + } + + /// This is the `HKDF-Expand` step: "expands" the key into several additional pseudorandom keys + /// (the output of the KDF). + /// + /// Produces a type `T` which can be constructed from a byte array. + /// + /// This does not fail, on the assumption that the size of the byte array + /// is less than 255 times the HMAC tag length. + pub(crate) fn expand(&self, info: &[&[u8]]) -> T + where + T: From<[u8; N]>, + { + assert!(N <= 255 * self.0.tag_len()); + let mut output = [0u8; N]; + self.expand_unchecked(info, &mut output); + T::from(output) + } + + fn expand_unchecked(&self, info: &[&[u8]], output: &mut [u8]) { + let mut term = hmac::Tag::new(b""); + + for (n, chunk) in output + .chunks_mut(self.0.tag_len()) + .enumerate() + { + term = self + .0 + .sign_concat(term.as_ref(), info, &[(n + 1) as u8]); + chunk.copy_from_slice(&term.as_ref()[..chunk.len()]); + } + } + + pub(crate) fn block_len(&self) -> usize { + self.0.tag_len() + } +} + +#[cfg(test)] +mod test { + use super::Extractor; + use crate::crypto::ring; + + struct ByteArray([u8; N]); + + impl From<[u8; N]> for ByteArray { + fn from(array: [u8; N]) -> Self { + Self(array) + } + } + + /// Test cases from appendix A in the RFC, minus cases requiring SHA1. + + #[test] + fn test_case_1() { + let hmac = &ring::hmac::HMAC_SHA256; + let ikm = &[0x0b; 22]; + let salt = &[ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, + ]; + let info: &[&[u8]] = &[ + &[0xf0, 0xf1, 0xf2], + &[0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9], + ]; + + let output: ByteArray<42> = Extractor::new(hmac, salt) + .extract(ikm) + .expand(info); + + assert_eq!( + &output.0, + &[ + 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, + 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, + 0xec, 0xc4, 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65 + ] + ); + } + + #[test] + fn test_case_2() { + let hmac = &ring::hmac::HMAC_SHA256; + + let ikm: Vec = (0x00u8..=0x4f).collect(); + let salt: Vec = (0x60u8..=0xaf).collect(); + let info: Vec = (0xb0u8..=0xff).collect(); + + let output: ByteArray<82> = Extractor::new(hmac, &salt) + .extract(&ikm) + .expand(&[&info]); + + assert_eq!( + &output.0, + &[ + 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, + 0x49, 0x34, 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8, 0xa0, 0x50, 0xcc, 0x4c, + 0x19, 0xaf, 0xa9, 0x7c, 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, 0x71, 0xcb, + 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09, 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, + 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, + 0x3e, 0x87, 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, 0x1d, 0x87 + ] + ); + } + + #[test] + fn test_case_3() { + let hmac = &ring::hmac::HMAC_SHA256; + let ikm = &[0x0b; 22]; + let salt = &[]; + let info = &[]; + + let output: ByteArray<42> = Extractor::new(hmac, salt) + .extract(ikm) + .expand(info); + + assert_eq!( + &output.0, + &[ + 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, + 0x5a, 0x31, 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, 0xc3, 0x45, 0x4e, 0x5f, + 0x3c, 0x73, 0x8d, 0x2d, 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, 0x96, 0xc8 + ] + ); + } + + #[test] + fn test_salt_not_provided() { + // can't use test case 7, because we don't have (or want) SHA1. + // + // this output is generated with cryptography.io: + // + // >>> hkdf.HKDF(algorithm=hashes.SHA384(), length=96, salt=None, info=b"hello").derive(b"\x0b" * 40) + + let hmac = &ring::hmac::HMAC_SHA384; + + let ikm = &[0x0b; 40]; + let info = &[&b"hel"[..], &b"lo"[..]]; + + let output: ByteArray<96> = Extractor::without_salt(hmac) + .extract(ikm) + .expand(info); + + assert_eq!( + &output.0, + &[ + 0xd5, 0x45, 0xdd, 0x3a, 0xff, 0x5b, 0x19, 0x46, 0xd4, 0x86, 0xfd, 0xb8, 0xd8, 0x88, + 0x2e, 0xe0, 0x1c, 0xc1, 0xa5, 0x48, 0xb6, 0x05, 0x75, 0xe4, 0xd7, 0x5d, 0x0f, 0x5f, + 0x23, 0x40, 0xee, 0x6c, 0x9e, 0x7c, 0x65, 0xd0, 0xee, 0x79, 0xdb, 0xb2, 0x07, 0x1d, + 0x66, 0xa5, 0x50, 0xc4, 0x8a, 0xa3, 0x93, 0x86, 0x8b, 0x7c, 0x69, 0x41, 0x6b, 0x3e, + 0x61, 0x44, 0x98, 0xb8, 0xc2, 0xfc, 0x82, 0x82, 0xae, 0xcd, 0x46, 0xcf, 0xb1, 0x47, + 0xdc, 0xd0, 0x69, 0x0d, 0x19, 0xad, 0xe6, 0x6c, 0x70, 0xfe, 0x87, 0x92, 0x04, 0xb6, + 0x82, 0x2d, 0x97, 0x7e, 0x46, 0x80, 0x4c, 0xe5, 0x76, 0x72, 0xb4, 0xb8 + ] + ); + } + + #[test] + fn test_output_length_bounds() { + let hmac = &ring::hmac::HMAC_SHA256; + let ikm = &[]; + let salt = &[]; + let info = &[]; + + let mut output = [0u8; 32 * 255 + 1]; + assert!(Extractor::new(hmac, salt) + .extract(ikm) + .expand_slice(info, &mut output) + .is_err()); + } +} diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index feabc5d4d1..acaa3d9ff3 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -332,6 +332,7 @@ pub mod crypto; mod dns_name; mod error; mod hash_hs; +mod hkdf; mod limited_cache; mod rand; mod record_layer; From bf816e4b766ed11626356b9cb2d9da7906488676 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 19 Jun 2023 14:44:55 +0100 Subject: [PATCH 0098/1145] Move over to using hashing provider and hkdf --- rustls/src/client/hs.rs | 4 +- rustls/src/client/tls13.rs | 17 +- rustls/src/crypto/cipher.rs | 54 ++-- rustls/src/crypto/ring/hmac.rs | 2 - rustls/src/hash_hs.rs | 42 +-- rustls/src/server/hs.rs | 8 +- rustls/src/server/tls13.rs | 2 +- rustls/src/suites.rs | 9 - rustls/src/tls12/mod.rs | 26 +- rustls/src/tls13/key_schedule.rs | 424 ++++++++++++++++--------------- rustls/src/tls13/mod.rs | 26 +- 11 files changed, 321 insertions(+), 293 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 9639d1cbc4..448b8688a9 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -610,7 +610,7 @@ impl State for ExpectServerHello { // Start our handshake hash, and input the server-hello. let mut transcript = self .transcript_buffer - .start_hash(suite.hash_algorithm()); + .start_hash(suite.hash_provider()); transcript.add_message(&m); let randoms = ConnectionRandoms::new(self.input.random, server_hello.random); @@ -802,7 +802,7 @@ impl ExpectServerHelloOrHelloRetryRequest { let transcript = self .next .transcript_buffer - .start_hash(cs.hash_algorithm()); + .start_hash(cs.hash_provider()); let mut transcript_buffer = transcript.into_hrr_buffer(); transcript_buffer.add_message(&m); diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 44d5b62f0a..c7f129cc60 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -5,6 +5,7 @@ use crate::common_state::Protocol; use crate::common_state::Side; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; +use crate::crypto; use crate::crypto::{CryptoProvider, KeyExchange, SupportedGroup}; use crate::enums::{ AlertDescription, ContentType, HandshakeType, ProtocolVersion, SignatureScheme, @@ -237,7 +238,7 @@ pub(super) fn fill_in_psk_binder( ) -> KeyScheduleEarly { // We need to know the hash function of the suite we're trying to resume into. let suite = resuming.suite(); - let suite_hash = suite.hash_algorithm(); + let suite_hash = suite.common.hash_provider; // The binder is calculated over the clienthello, but doesn't include itself or its // length, or the length of its container. @@ -284,8 +285,9 @@ pub(super) fn prepare_resumption( let obfuscated_ticket_age = resuming_session.obfuscated_ticket_age(); let binder_len = resuming_suite - .hash_algorithm() - .output_len; + .common + .hash_provider + .output_len(); let binder = vec![0u8; binder_len]; let psk_identity = @@ -306,7 +308,8 @@ pub(super) fn derive_early_traffic_secret( // For middlebox compatibility emit_fake_ccs(sent_tls13_fake_ccs, cx.common); - let client_hello_hash = transcript_buffer.get_hash_given(resuming_suite.hash_algorithm(), &[]); + let client_hello_hash = + transcript_buffer.get_hash_given(resuming_suite.common.hash_provider, &[]); early_key_schedule.client_early_traffic_secret( &client_hello_hash, key_log, @@ -775,7 +778,7 @@ fn emit_certverify_tls13( fn emit_finished_tls13( transcript: &mut HandshakeHash, - verify_data: ring::hmac::Tag, + verify_data: &crypto::hmac::Tag, common: &mut CommonState, ) { let verify_data_payload = Payload::new(verify_data.as_ref()); @@ -888,7 +891,7 @@ impl State for ExpectFinished { &st.randoms.client, ); - emit_finished_tls13(&mut st.transcript, verify_data, cx.common); + emit_finished_tls13(&mut st.transcript, &verify_data, cx.common); /* We're now sure this server supports TLS1.3. But if we run out of TLS1.3 tickets * when connecting to it again, we definitely don't want to attempt a TLS1.2 resumption. */ @@ -968,7 +971,7 @@ impl ExpectTraffic { let mut value = persist::Tls13ClientSessionValue::new( self.suite, nst.ticket.0.clone(), - secret, + secret.as_ref().to_vec(), cx.common .peer_certificates .clone() diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index cb77c95843..ce25311519 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -2,8 +2,6 @@ use crate::error::Error; use crate::msgs::codec; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; -use ring::hkdf; - /// Objects with this trait can decrypt TLS messages. pub trait MessageDecrypter: Send + Sync { /// Perform the decryption over the concerned TLS message. @@ -51,19 +49,9 @@ impl Iv { } } -pub(crate) struct IvLen; - -impl hkdf::KeyType for IvLen { - fn len(&self) -> usize { - NONCE_LEN - } -} - -impl From> for Iv { - fn from(okm: hkdf::Okm) -> Self { - let mut r = Self(Default::default()); - okm.fill(&mut r.0[..]).unwrap(); - r +impl From<[u8; NONCE_LEN]> for Iv { + fn from(bytes: [u8; NONCE_LEN]) -> Self { + Self(bytes) } } @@ -85,6 +73,42 @@ pub(crate) fn make_nonce(iv: &Iv, seq: u64) -> [u8; NONCE_LEN] { /// (AES-GCM, Chacha20Poly1305) const NONCE_LEN: usize = 12; +/// A key for an AEAD algorithm. +/// +/// This is a value type for a byte string up to `AeadKey::MAX_LEN` bytes in length. +pub(crate) struct AeadKey { + buf: [u8; Self::MAX_LEN], + used: usize, +} + +impl AeadKey { + pub(crate) fn with_length(self, len: usize) -> Self { + assert!(len <= self.used); + Self { + buf: self.buf, + used: len, + } + } + + /// Largest possible AEAD key in the ciphersuites we support. + pub(crate) const MAX_LEN: usize = 32; +} + +impl AsRef<[u8]> for AeadKey { + fn as_ref(&self) -> &[u8] { + &self.buf[..self.used] + } +} + +impl From<[u8; Self::MAX_LEN]> for AeadKey { + fn from(bytes: [u8; Self::MAX_LEN]) -> Self { + Self { + buf: bytes, + used: Self::MAX_LEN, + } + } +} + /// A `MessageEncrypter` which doesn't work. struct InvalidMessageEncrypter {} diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index 6f6f7f84ad..b84d1b9164 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -1,9 +1,7 @@ use crate::crypto; use ring; -#[cfg(feature = "tls12")] pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring::hmac::HMAC_SHA256); -#[cfg(feature = "tls12")] pub(crate) static HMAC_SHA384: Hmac = Hmac(&ring::hmac::HMAC_SHA384); #[cfg(all(test, feature = "tls12"))] pub(crate) static HMAC_SHA512: Hmac = Hmac(&ring::hmac::HMAC_SHA512); diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index e0f7dbc825..6cab10ab86 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -1,8 +1,9 @@ +use crate::crypto::hash; use crate::msgs::codec::Codec; +use crate::msgs::enums::HashAlgorithm; use crate::msgs::handshake::HandshakeMessagePayload; use crate::msgs::message::{Message, MessagePayload}; use core::mem; -use ring::digest; /// Early stage buffering of handshake payloads. /// @@ -45,20 +46,21 @@ impl HandshakeHashBuffer { /// Get the hash value if we were to hash `extra` too. pub(crate) fn get_hash_given( &self, - hash: &'static digest::Algorithm, + provider: &'static dyn hash::Hash, extra: &[u8], - ) -> digest::Digest { - let mut ctx = digest::Context::new(hash); + ) -> hash::Output { + let mut ctx = provider.start(); ctx.update(&self.buffer); ctx.update(extra); ctx.finish() } /// We now know what hash function the verify_data will use. - pub(crate) fn start_hash(self, alg: &'static digest::Algorithm) -> HandshakeHash { - let mut ctx = digest::Context::new(alg); + pub(crate) fn start_hash(self, provider: &'static dyn hash::Hash) -> HandshakeHash { + let mut ctx = provider.start(); ctx.update(&self.buffer); HandshakeHash { + provider, ctx, client_auth: match self.client_auth_enabled { true => Some(self.buffer), @@ -76,8 +78,8 @@ impl HandshakeHashBuffer { /// For client auth, we also need to buffer all the messages. /// This is disabled in cases where client auth is not possible. pub(crate) struct HandshakeHash { - /// None before we know what hash function we're using - ctx: digest::Context, + provider: &'static dyn hash::Hash, + ctx: Box, /// buffer for client-auth. client_auth: Option>, @@ -111,8 +113,8 @@ impl HandshakeHash { /// Get the hash value if we were to hash `extra` too, /// using hash function `hash`. - pub(crate) fn get_hash_given(&self, extra: &[u8]) -> digest::Digest { - let mut ctx = self.ctx.clone(); + pub(crate) fn get_hash_given(&self, extra: &[u8]) -> hash::Output { + let mut ctx = self.ctx.fork(); ctx.update(extra); ctx.finish() } @@ -134,7 +136,7 @@ impl HandshakeHash { pub(crate) fn rollup_for_hrr(&mut self) { let ctx = &mut self.ctx; - let old_ctx = mem::replace(ctx, digest::Context::new(ctx.algorithm())); + let old_ctx = mem::replace(ctx, self.provider.start()); let old_hash = old_ctx.finish(); let old_handshake_hash_msg = HandshakeMessagePayload::build_handshake_hash(old_hash.as_ref()); @@ -143,8 +145,8 @@ impl HandshakeHash { } /// Get the current hash value. - pub(crate) fn get_current_hash(&self) -> digest::Digest { - self.ctx.clone().finish() + pub(crate) fn get_current_hash(&self) -> hash::Output { + self.ctx.fork_finish() } /// Takes this object's buffer containing all handshake messages @@ -155,23 +157,23 @@ impl HandshakeHash { self.client_auth.take() } - /// The digest algorithm - pub(crate) fn algorithm(&self) -> &'static digest::Algorithm { - self.ctx.algorithm() + /// The hashing algorithm + pub(crate) fn algorithm(&self) -> HashAlgorithm { + self.provider.algorithm() } } #[cfg(test)] mod test { use super::HandshakeHashBuffer; - use ring::digest; + use crate::crypto::ring; #[test] fn hashes_correctly() { let mut hhb = HandshakeHashBuffer::new(); hhb.update_raw(b"hello"); assert_eq!(hhb.buffer.len(), 5); - let mut hh = hhb.start_hash(&digest::SHA256); + let mut hh = hhb.start_hash(&ring::hash::SHA256); assert!(hh.client_auth.is_none()); hh.update_raw(b"world"); let h = hh.get_current_hash(); @@ -189,7 +191,7 @@ mod test { hhb.set_client_auth_enabled(); hhb.update_raw(b"hello"); assert_eq!(hhb.buffer.len(), 5); - let mut hh = hhb.start_hash(&digest::SHA256); + let mut hh = hhb.start_hash(&ring::hash::SHA256); assert_eq!( hh.client_auth .as_ref() @@ -219,7 +221,7 @@ mod test { hhb.set_client_auth_enabled(); hhb.update_raw(b"hello"); assert_eq!(hhb.buffer.len(), 5); - let mut hh = hhb.start_hash(&digest::SHA256); + let mut hh = hhb.start_hash(&ring::hash::SHA256); assert_eq!( hh.client_auth .as_ref() diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index f9bcc30c40..617ca1f1e0 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -363,10 +363,14 @@ impl ExpectClientHello { cx.common.suite = Some(suite); // Start handshake hash. - let starting_hash = suite.hash_algorithm(); + let starting_hash = suite.hash_provider(); let transcript = match self.transcript { HandshakeHashOrBuffer::Buffer(inner) => inner.start_hash(starting_hash), - HandshakeHashOrBuffer::Hash(inner) if inner.algorithm() == starting_hash => inner, + HandshakeHashOrBuffer::Hash(inner) + if inner.algorithm() == starting_hash.algorithm() => + { + inner + } _ => { return Err(cx.common.send_fatal_alert( AlertDescription::IllegalParameter, diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 6c715a64cf..07548ea9f3 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1070,7 +1070,7 @@ fn get_server_session_value( cx.data.sni.as_ref(), version, suite.common.suite, - secret, + secret.as_ref().to_vec(), cx.common.peer_certificates.clone(), cx.common.alpn_protocol.clone(), cx.data.resumption_data.clone(), diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index cf61cf2216..0bf81633f3 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -68,15 +68,6 @@ impl fmt::Debug for SupportedCipherSuite { } impl SupportedCipherSuite { - /// Which hash function to use with this suite. - pub fn hash_algorithm(&self) -> &'static ring::digest::Algorithm { - match self { - #[cfg(feature = "tls12")] - Self::Tls12(inner) => inner.hash_algorithm(), - Self::Tls13(inner) => inner.hash_algorithm(), - } - } - /// The cipher suite's identifier pub fn suite(&self) -> CipherSuite { self.common().suite diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index ce054a2c82..6f3c32a26d 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -2,6 +2,7 @@ use crate::common_state::{CommonState, Side}; use crate::conn::ConnectionRandoms; use crate::crypto; use crate::crypto::cipher::{MessageDecrypter, MessageEncrypter}; +use crate::crypto::hash; use crate::enums::{AlertDescription, CipherSuite, SignatureScheme}; use crate::error::{Error, InvalidMessage}; use crate::msgs::codec::{Codec, Reader}; @@ -10,8 +11,6 @@ use crate::suites::{BulkAlgorithm, CipherSuiteCommon, SupportedCipherSuite}; #[cfg(feature = "secret_extraction")] use crate::suites::{ConnectionTrafficSecrets, PartiallyExtractedSecrets}; -use ring::digest::Digest; - use core::fmt; mod cipher; @@ -31,7 +30,6 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = sign: TLS12_ECDSA_SCHEMES, aead_alg: &ChaCha20Poly1305, aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::CHACHA20_POLY1305, - hmac_algorithm: ring::hmac::HMAC_SHA256, hmac_provider: &crypto::ring::hmac::HMAC_SHA256, }); @@ -47,7 +45,6 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = sign: TLS12_RSA_SCHEMES, aead_alg: &ChaCha20Poly1305, aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::CHACHA20_POLY1305, - hmac_algorithm: ring::hmac::HMAC_SHA256, hmac_provider: &crypto::ring::hmac::HMAC_SHA256, }); @@ -63,7 +60,6 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = sign: TLS12_RSA_SCHEMES, aead_alg: &AES128_GCM, aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_128_GCM, - hmac_algorithm: ring::hmac::HMAC_SHA256, hmac_provider: &crypto::ring::hmac::HMAC_SHA256, }); @@ -79,7 +75,6 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = sign: TLS12_RSA_SCHEMES, aead_alg: &AES256_GCM, aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_256_GCM, - hmac_algorithm: ring::hmac::HMAC_SHA384, hmac_provider: &crypto::ring::hmac::HMAC_SHA384, }); @@ -95,7 +90,6 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = sign: TLS12_ECDSA_SCHEMES, aead_alg: &AES128_GCM, aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_128_GCM, - hmac_algorithm: ring::hmac::HMAC_SHA256, hmac_provider: &crypto::ring::hmac::HMAC_SHA256, }); @@ -111,7 +105,6 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = sign: TLS12_ECDSA_SCHEMES, aead_alg: &AES256_GCM, aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_256_GCM, - hmac_algorithm: ring::hmac::HMAC_SHA384, hmac_provider: &crypto::ring::hmac::HMAC_SHA384, }); @@ -136,8 +129,6 @@ pub struct Tls12CipherSuite { /// Common cipher suite fields. pub common: CipherSuiteCommon, - pub(crate) hmac_algorithm: ring::hmac::Algorithm, - /// How to compute HMAC for the suite's hash function. pub hmac_provider: &'static dyn crypto::hmac::Hmac, @@ -163,11 +154,6 @@ impl Tls12CipherSuite { .cloned() .collect() } - - /// Which hash function to use with this suite. - pub fn hash_algorithm(&self) -> &'static ring::digest::Algorithm { - self.hmac_algorithm.digest_algorithm() - } } impl From<&'static Tls12CipherSuite> for SupportedCipherSuite { @@ -202,7 +188,7 @@ impl ConnectionSecrets { pub(crate) fn from_key_exchange( kx: impl crypto::KeyExchange, peer_pub_key: &[u8], - ems_seed: Option, + ems_seed: Option, randoms: ConnectionRandoms, suite: &'static Tls12CipherSuite, ) -> Result { @@ -319,7 +305,7 @@ impl ConnectionSecrets { ret } - fn make_verify_data(&self, handshake_hash: &Digest, label: &[u8]) -> Vec { + fn make_verify_data(&self, handshake_hash: &hash::Output, label: &[u8]) -> Vec { let mut out = vec![0u8; 12]; prf::prf( @@ -334,11 +320,11 @@ impl ConnectionSecrets { out } - pub(crate) fn client_verify_data(&self, handshake_hash: &Digest) -> Vec { + pub(crate) fn client_verify_data(&self, handshake_hash: &hash::Output) -> Vec { self.make_verify_data(handshake_hash, b"client finished") } - pub(crate) fn server_verify_data(&self, handshake_hash: &Digest) -> Vec { + pub(crate) fn server_verify_data(&self, handshake_hash: &hash::Output) -> Vec { self.make_verify_data(handshake_hash, b"server finished") } @@ -456,7 +442,7 @@ impl ConnectionSecrets { } enum Seed { - Ems(Digest), + Ems(hash::Output), Randoms([u8; 64]), } diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 6529d84fec..d7959f99e5 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -1,7 +1,9 @@ +use super::{Tls13MessageDecrypter, Tls13MessageEncrypter}; use crate::common_state::{CommonState, Side}; -use crate::crypto::cipher::{Iv, IvLen, MessageDecrypter}; +use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter}; +use crate::crypto::{hash, hmac}; use crate::error::Error; -use crate::msgs::base::PayloadU8; +use crate::hkdf; #[cfg(feature = "quic")] use crate::quic; #[cfg(feature = "secret_extraction")] @@ -9,14 +11,6 @@ use crate::suites::{ConnectionTrafficSecrets, PartiallyExtractedSecrets}; use crate::{KeyLog, Tls13CipherSuite}; /// Key schedule maintenance for TLS1.3 -use ring::{ - aead, - digest::{self, Digest}, - hkdf::{self, KeyType as _}, - hmac, -}; - -use super::{Tls13MessageDecrypter, Tls13MessageEncrypter}; /// The kinds of secret we can extract from `KeySchedule`. #[derive(Debug, Clone, Copy, PartialEq)] @@ -68,7 +62,7 @@ impl SecretKind { /// the type of hash. This isn't used directly; but only through the /// typestates. struct KeySchedule { - current: hkdf::Prk, + current: hkdf::Expander, suite: &'static Tls13CipherSuite, } @@ -92,7 +86,7 @@ impl KeyScheduleEarly { pub(crate) fn client_early_traffic_secret( &self, - hs_hash: &Digest, + hs_hash: &hash::Output, key_log: &dyn KeyLog, client_random: &[u8; 32], common: &mut CommonState, @@ -123,7 +117,7 @@ impl KeyScheduleEarly { pub(crate) fn resumption_psk_binder_key_and_sign_verify_data( &self, - hs_hash: &Digest, + hs_hash: &hash::Output, ) -> hmac::Tag { let resumption_psk_binder_key = self .ks @@ -169,7 +163,7 @@ impl KeyScheduleHandshakeStart { pub(crate) fn derive_client_handshake_secrets( mut self, early_data_enabled: bool, - hs_hash: Digest, + hs_hash: hash::Output, suite: &'static Tls13CipherSuite, key_log: &dyn KeyLog, client_random: &[u8; 32], @@ -195,7 +189,7 @@ impl KeyScheduleHandshakeStart { pub(crate) fn derive_server_handshake_secrets( self, - hs_hash: Digest, + hs_hash: hash::Output, key_log: &dyn KeyLog, client_random: &[u8; 32], common: &mut CommonState, @@ -213,7 +207,7 @@ impl KeyScheduleHandshakeStart { fn into_handshake( self, - hs_hash: Digest, + hs_hash: hash::Output, key_log: &dyn KeyLog, client_random: &[u8; 32], _common: &mut CommonState, @@ -254,12 +248,12 @@ impl KeyScheduleHandshakeStart { pub(crate) struct KeyScheduleHandshake { ks: KeySchedule, - client_handshake_traffic_secret: hkdf::Prk, - server_handshake_traffic_secret: hkdf::Prk, + client_handshake_traffic_secret: hkdf::OkmBlock, + server_handshake_traffic_secret: hkdf::OkmBlock, } impl KeyScheduleHandshake { - pub(crate) fn sign_server_finish(&self, hs_hash: &Digest) -> hmac::Tag { + pub(crate) fn sign_server_finish(&self, hs_hash: &hash::Output) -> hmac::Tag { self.ks .sign_finish(&self.server_handshake_traffic_secret, hs_hash) } @@ -291,7 +285,7 @@ impl KeyScheduleHandshake { pub(crate) fn into_traffic_with_client_finished_pending( self, - hs_hash: Digest, + hs_hash: hash::Output, key_log: &dyn KeyLog, client_random: &[u8; 32], common: &mut CommonState, @@ -327,8 +321,8 @@ impl KeyScheduleHandshake { pub(crate) fn into_pre_finished_client_traffic( self, - pre_finished_hash: Digest, - handshake_hash: Digest, + pre_finished_hash: hash::Output, + handshake_hash: hash::Output, key_log: &dyn KeyLog, client_random: &[u8; 32], ) -> (KeyScheduleClientBeforeFinished, hmac::Tag) { @@ -382,7 +376,7 @@ impl KeyScheduleClientBeforeFinished { /// finished verify_data. The traffic stage key schedule can be extracted from it /// through signing the client finished hash. pub(crate) struct KeyScheduleTrafficWithClientFinishedPending { - handshake_client_traffic_secret: hkdf::Prk, + handshake_client_traffic_secret: hkdf::OkmBlock, traffic: KeyScheduleTraffic, } @@ -396,7 +390,7 @@ impl KeyScheduleTrafficWithClientFinishedPending { pub(crate) fn sign_client_finish( self, - hs_hash: &Digest, + hs_hash: &hash::Output, common: &mut CommonState, ) -> (KeyScheduleTraffic, hmac::Tag) { debug_assert_eq!(common.side, Side::Server); @@ -421,15 +415,15 @@ impl KeyScheduleTrafficWithClientFinishedPending { /// to be available. pub(crate) struct KeyScheduleTraffic { ks: KeySchedule, - current_client_traffic_secret: hkdf::Prk, - current_server_traffic_secret: hkdf::Prk, - current_exporter_secret: hkdf::Prk, + current_client_traffic_secret: hkdf::OkmBlock, + current_server_traffic_secret: hkdf::OkmBlock, + current_exporter_secret: hkdf::OkmBlock, } impl KeyScheduleTraffic { fn new( mut ks: KeySchedule, - hs_hash: Digest, + hs_hash: hash::Output, key_log: &dyn KeyLog, client_random: &[u8; 32], ) -> Self { @@ -475,7 +469,7 @@ impl KeyScheduleTraffic { self.ks.set_decrypter(&secret, common); } - pub(crate) fn next_application_traffic_secret(&mut self, side: Side) -> hkdf::Prk { + pub(crate) fn next_application_traffic_secret(&mut self, side: Side) -> hkdf::OkmBlock { let current = match side { Side::Client => &mut self.current_client_traffic_secret, Side::Server => &mut self.current_server_traffic_secret, @@ -488,14 +482,12 @@ impl KeyScheduleTraffic { pub(crate) fn resumption_master_secret_and_derive_ticket_psk( &self, - hs_hash: &Digest, + hs_hash: &hash::Output, nonce: &[u8], - ) -> Vec { - let resumption_master_secret = self.ks.derive( - self.ks.algorithm(), - SecretKind::ResumptionMasterSecret, - hs_hash.as_ref(), - ); + ) -> hkdf::OkmBlock { + let resumption_master_secret = self + .ks + .derive(SecretKind::ResumptionMasterSecret, hs_hash.as_ref()); self.ks .derive_ticket_psk(&resumption_master_secret, nonce) } @@ -512,23 +504,14 @@ impl KeyScheduleTraffic { #[cfg(feature = "secret_extraction")] pub(crate) fn extract_secrets(&self, side: Side) -> Result { - fn expand( - secret: &hkdf::Prk, - ) -> Result<([u8; KEY_LEN], [u8; IV_LEN]), Error> { - let mut key = [0u8; KEY_LEN]; - let mut iv = [0u8; IV_LEN]; - - hkdf_expand_info(secret, PayloadU8Len(key.len()), b"key", &[], |okm| { - okm.fill(&mut key) - }) - .map_err(|_| Error::General("hkdf_expand_info failed".to_string()))?; - - hkdf_expand_info(secret, PayloadU8Len(iv.len()), b"iv", &[], |okm| { - okm.fill(&mut iv) - }) - .map_err(|_| Error::General("hkdf_expand_info failed".to_string()))?; - - Ok((key, iv)) + fn expand( + expander: &hkdf::Expander, + aead_algorithm: &'static ring::aead::Algorithm, + ) -> (AeadKey, Iv) { + ( + hkdf_expand_label_aead_key(expander, aead_algorithm, b"key", &[]), + hkdf_expand_label(expander, b"iv", &[]), + ) } let client_secrets; @@ -536,39 +519,61 @@ impl KeyScheduleTraffic { let algo = self.ks.suite.aead_algorithm; if algo == &ring::aead::AES_128_GCM { - let extract = |secret: &hkdf::Prk| -> Result { - let (key, iv_in) = expand::<16, 12>(secret)?; + let extract = |secret: &hkdf::OkmBlock| -> Result { + let expander = hkdf::Expander::from_okm(secret, self.ks.suite.hmac_provider); + let (key, iv_in) = expand(&expander, algo); let mut salt = [0u8; 4]; - salt.copy_from_slice(&iv_in[..4]); + salt.copy_from_slice(&iv_in.0[..4]); let mut iv = [0u8; 8]; - iv.copy_from_slice(&iv_in[4..]); + iv.copy_from_slice(&iv_in.0[4..]); + + let mut key_array = [0u8; 16]; + key_array.copy_from_slice(key.as_ref()); - Ok(ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv }) + Ok(ConnectionTrafficSecrets::Aes128Gcm { + key: key_array, + salt, + iv, + }) }; client_secrets = extract(&self.current_client_traffic_secret)?; server_secrets = extract(&self.current_server_traffic_secret)?; } else if algo == &ring::aead::AES_256_GCM { - let extract = |secret: &hkdf::Prk| -> Result { - let (key, iv_in) = expand::<32, 12>(secret)?; + let extract = |secret: &hkdf::OkmBlock| -> Result { + let expander = hkdf::Expander::from_okm(secret, self.ks.suite.hmac_provider); + let (key, iv_in) = expand(&expander, algo); let mut salt = [0u8; 4]; - salt.copy_from_slice(&iv_in[..4]); + salt.copy_from_slice(&iv_in.0[..4]); let mut iv = [0u8; 8]; - iv.copy_from_slice(&iv_in[4..]); + iv.copy_from_slice(&iv_in.0[4..]); - Ok(ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv }) + let mut key_array = [0u8; 32]; + key_array.copy_from_slice(key.as_ref()); + + Ok(ConnectionTrafficSecrets::Aes256Gcm { + key: key_array, + salt, + iv, + }) }; client_secrets = extract(&self.current_client_traffic_secret)?; server_secrets = extract(&self.current_server_traffic_secret)?; } else if algo == &ring::aead::CHACHA20_POLY1305 { - let extract = |secret: &hkdf::Prk| -> Result { - let (key, iv) = expand::<32, 12>(secret)?; - Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) + let extract = |secret: &hkdf::OkmBlock| -> Result { + let expander = hkdf::Expander::from_okm(secret, self.ks.suite.hmac_provider); + let (key, iv) = expand(&expander, algo); + let mut key_array = [0u8; 32]; + key_array.copy_from_slice(key.as_ref()); + Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { + key: key_array, + iv: iv.0, + }) }; client_secrets = extract(&self.current_client_traffic_secret)?; @@ -590,70 +595,67 @@ impl KeyScheduleTraffic { impl KeySchedule { fn new(suite: &'static Tls13CipherSuite, secret: &[u8]) -> Self { - let zeroes = [0u8; digest::MAX_OUTPUT_LEN]; - let salt = hkdf::Salt::new(suite.hkdf_algorithm, &zeroes[..suite.hkdf_algorithm.len()]); Self { - current: salt.extract(secret), + current: hkdf::Extractor::without_salt(suite.hmac_provider).extract(secret), suite, } } - fn set_encrypter(&self, secret: &hkdf::Prk, common: &mut CommonState) { - let key = derive_traffic_key(secret, self.suite.aead_algorithm); - let iv = derive_traffic_iv(secret); + fn set_encrypter(&self, secret: &hkdf::OkmBlock, common: &mut CommonState) { + let expander = hkdf::Expander::from_okm(secret, self.suite.hmac_provider); + let key = derive_traffic_key(&expander, self.suite.aead_algorithm); + let iv = derive_traffic_iv(&expander); common .record_layer .set_message_encrypter(Box::new(Tls13MessageEncrypter { - enc_key: aead::LessSafeKey::new(key), + enc_key: ring::aead::LessSafeKey::new(key), iv, })); } - fn set_decrypter(&self, secret: &hkdf::Prk, common: &mut CommonState) { + fn set_decrypter(&self, secret: &hkdf::OkmBlock, common: &mut CommonState) { common .record_layer .set_message_decrypter(self.derive_decrypter(secret)); } - fn derive_decrypter(&self, secret: &hkdf::Prk) -> Box { - let key = derive_traffic_key(secret, self.suite.aead_algorithm); - let iv = derive_traffic_iv(secret); + fn derive_decrypter(&self, secret: &hkdf::OkmBlock) -> Box { + let expander = hkdf::Expander::from_okm(secret, self.suite.hmac_provider); + let key = derive_traffic_key(&expander, self.suite.aead_algorithm); + let iv = derive_traffic_iv(&expander); Box::new(Tls13MessageDecrypter { - dec_key: aead::LessSafeKey::new(key), + dec_key: ring::aead::LessSafeKey::new(key), iv, }) } - #[inline] - fn algorithm(&self) -> hkdf::Algorithm { - self.suite.hkdf_algorithm - } - fn new_with_empty_secret(suite: &'static Tls13CipherSuite) -> Self { - let zeroes = [0u8; digest::MAX_OUTPUT_LEN]; - Self::new(suite, &zeroes[..suite.hkdf_algorithm.len()]) + let zeroes = [0u8; hash::Output::MAX_LEN]; + Self::new(suite, &zeroes[..suite.hmac_provider.hash_output_len()]) } /// Input the empty secret. fn input_empty(&mut self) { - let zeroes = [0u8; digest::MAX_OUTPUT_LEN]; - self.input_secret(&zeroes[..self.suite.hkdf_algorithm.len()]); + let zeroes = [0u8; hash::Output::MAX_LEN]; + self.input_secret( + &zeroes[..self + .suite + .hmac_provider + .hash_output_len()], + ); } /// Input the given secret. fn input_secret(&mut self, secret: &[u8]) { - let salt: hkdf::Salt = self.derive_for_empty_hash(SecretKind::DerivedSecret); - self.current = salt.extract(secret); + let salt = self.derive_for_empty_hash(SecretKind::DerivedSecret); + self.current = + hkdf::Extractor::new(self.suite.hmac_provider, salt.as_ref()).extract(secret); } /// Derive a secret of given `kind`, using current handshake hash `hs_hash`. - fn derive(&self, key_type: L, kind: SecretKind, hs_hash: &[u8]) -> T - where - T: for<'a> From>, - L: hkdf::KeyType, - { - hkdf_expand(&self.current, key_type, kind.to_bytes(), hs_hash) + fn derive(&self, kind: SecretKind, hs_hash: &[u8]) -> hkdf::OkmBlock { + hkdf_expand_label_block(&self.current, kind.to_bytes(), hs_hash) } fn derive_logged_secret( @@ -662,131 +664,171 @@ impl KeySchedule { hs_hash: &[u8], key_log: &dyn KeyLog, client_random: &[u8; 32], - ) -> hkdf::Prk { + ) -> hkdf::OkmBlock { + let output = self.derive(kind, hs_hash); + let log_label = kind .log_label() .expect("not a loggable secret"); if key_log.will_log(log_label) { - let secret = self - .derive::( - PayloadU8Len(self.suite.hkdf_algorithm.len()), - kind, - hs_hash, - ) - .into_inner(); - key_log.log(log_label, client_random, &secret); + key_log.log(log_label, client_random, output.as_ref()); } - self.derive(self.suite.hkdf_algorithm, kind, hs_hash) + output } /// Derive a secret of given `kind` using the hash of the empty string /// for the handshake hash. Useful only for /// `SecretKind::ResumptionPSKBinderKey` and /// `SecretKind::DerivedSecret`. - fn derive_for_empty_hash(&self, kind: SecretKind) -> T - where - T: for<'a> From>, - { - let digest_alg = self + fn derive_for_empty_hash(&self, kind: SecretKind) -> hkdf::OkmBlock { + let empty_hash = self .suite - .hkdf_algorithm - .hmac_algorithm() - .digest_algorithm(); - let empty_hash = digest::digest(digest_alg, &[]); - self.derive(self.suite.hkdf_algorithm, kind, empty_hash.as_ref()) + .common + .hash_provider + .start() + .finish(); + self.derive(kind, empty_hash.as_ref()) } /// Sign the finished message consisting of `hs_hash` using a current /// traffic secret. - fn sign_finish(&self, base_key: &hkdf::Prk, hs_hash: &Digest) -> hmac::Tag { + fn sign_finish(&self, base_key: &hkdf::OkmBlock, hs_hash: &hash::Output) -> hmac::Tag { self.sign_verify_data(base_key, hs_hash) } /// Sign the finished message consisting of `hs_hash` using the key material /// `base_key`. - fn sign_verify_data(&self, base_key: &hkdf::Prk, hs_hash: &Digest) -> hmac::Tag { - let hmac_alg = self - .suite - .hkdf_algorithm - .hmac_algorithm(); - let hmac_key = hkdf_expand(base_key, hmac_alg, b"finished", &[]); - hmac::sign(&hmac_key, hs_hash.as_ref()) + fn sign_verify_data(&self, base_key: &hkdf::OkmBlock, hs_hash: &hash::Output) -> hmac::Tag { + let expander = hkdf::Expander::from_okm(base_key, self.suite.hmac_provider); + let hmac_key = hkdf_expand_label_block(&expander, b"finished", &[]); + + self.suite + .hmac_provider + .with_key(hmac_key.as_ref()) + .sign(&[hs_hash.as_ref()]) } /// Derive the next application traffic secret, returning it. - fn derive_next(&self, base_key: &hkdf::Prk) -> hkdf::Prk { - hkdf_expand(base_key, self.suite.hkdf_algorithm, b"traffic upd", &[]) + fn derive_next(&self, base_key: &hkdf::OkmBlock) -> hkdf::OkmBlock { + let expander = hkdf::Expander::from_okm(base_key, self.suite.hmac_provider); + hkdf_expand_label_block(&expander, b"traffic upd", &[]) } /// Derive the PSK to use given a resumption_master_secret and /// ticket_nonce. - fn derive_ticket_psk(&self, rms: &hkdf::Prk, nonce: &[u8]) -> Vec { - let payload: PayloadU8 = hkdf_expand( - rms, - PayloadU8Len(self.suite.hkdf_algorithm.len()), - b"resumption", - nonce, - ); - payload.into_inner() + fn derive_ticket_psk(&self, rms: &hkdf::OkmBlock, nonce: &[u8]) -> hkdf::OkmBlock { + let expander = hkdf::Expander::from_okm(rms, self.suite.hmac_provider); + hkdf_expand_label_block(&expander, b"resumption", nonce) } fn export_keying_material( &self, - current_exporter_secret: &hkdf::Prk, + current_exporter_secret: &hkdf::OkmBlock, out: &mut [u8], label: &[u8], context: Option<&[u8]>, ) -> Result<(), Error> { - let digest_alg = self + let secret = { + let h_empty = self + .suite + .common + .hash_provider + .hash(&[]); + + let expander = + hkdf::Expander::from_okm(current_exporter_secret, self.suite.hmac_provider); + hkdf_expand_label_block(&expander, label, h_empty.as_ref()) + }; + + let h_context = self .suite - .hkdf_algorithm - .hmac_algorithm() - .digest_algorithm(); + .common + .hash_provider + .hash(context.unwrap_or(&[])); + + let expander = hkdf::Expander::from_okm(&secret, self.suite.hmac_provider); + // TODO: Test what happens when this fails due to large `out.len()` + hkdf_expand_label_slice(&expander, b"exporter", h_context.as_ref(), out) + .map_err(|_| Error::General("exporting too much".to_string())) + } +} - let h_empty = digest::digest(digest_alg, &[]); - let secret: hkdf::Prk = hkdf_expand( - current_exporter_secret, - self.suite.hkdf_algorithm, - label, - h_empty.as_ref(), - ); +/// [HKDF-Expand-Label] where the output length is a compile-time constant, and therefore +/// it is infallible. +/// +/// [HKDF-Expand-Label]: +pub(crate) fn hkdf_expand_label, const N: usize>( + expander: &hkdf::Expander, + label: &[u8], + context: &[u8], +) -> T { + hkdf_expand_label_inner(expander, label, context, N, |e, info| e.expand(info)) +} - let h_context = digest::digest(digest_alg, context.unwrap_or(&[])); +/// [HKDF-Expand-Label] where the output is one block in size. +fn hkdf_expand_label_block( + expander: &hkdf::Expander, + label: &[u8], + context: &[u8], +) -> hkdf::OkmBlock { + hkdf_expand_label_inner(expander, label, context, expander.block_len(), |e, info| { + e.expand_block(info) + }) +} - // TODO: Test what happens when this fails - hkdf_expand_info( - &secret, - PayloadU8Len(out.len()), - b"exporter", - h_context.as_ref(), - |okm| okm.fill(out), - ) - .map_err(|_| Error::General("exporting too much".to_string())) - } +/// [HKDF-Expand-Label] where the output is an AEAD key. +fn hkdf_expand_label_aead_key( + expander: &hkdf::Expander, + aead_algorithm: &'static ring::aead::Algorithm, + label: &[u8], + context: &[u8], +) -> AeadKey { + let key_len = aead_algorithm.key_len(); + hkdf_expand_label_inner(expander, label, context, key_len, |e, info| { + let key: AeadKey = e.expand(info); + key.with_length(key_len) + }) } -pub(crate) fn hkdf_expand(secret: &hkdf::Prk, key_type: L, label: &[u8], context: &[u8]) -> T -where - T: for<'a> From>, - L: hkdf::KeyType, -{ - hkdf_expand_info(secret, key_type, label, context, |okm| okm.into()) +/// [HKDF-Expand-Label] where the output is a slice. +/// +/// This can fail because HKDF-Expand is limited in its maximum output length. +fn hkdf_expand_label_slice( + expander: &hkdf::Expander, + label: &[u8], + context: &[u8], + output: &mut [u8], +) -> Result<(), hkdf::OutputLengthError> { + hkdf_expand_label_inner(expander, label, context, output.len(), |e, info| { + e.expand_slice(info, output) + }) +} + +pub(crate) fn derive_traffic_key( + expander: &hkdf::Expander, + aead_algorithm: &'static ring::aead::Algorithm, +) -> ring::aead::UnboundKey { + let key = hkdf_expand_label_aead_key(expander, aead_algorithm, b"key", &[]); + ring::aead::UnboundKey::new(aead_algorithm, key.as_ref()).unwrap() +} + +pub(crate) fn derive_traffic_iv(expander: &hkdf::Expander) -> Iv { + hkdf_expand_label(expander, b"iv", &[]) } -fn hkdf_expand_info( - secret: &hkdf::Prk, - key_type: L, +fn hkdf_expand_label_inner( + expander: &hkdf::Expander, label: &[u8], context: &[u8], + n: usize, f: F, ) -> T where - F: for<'b> FnOnce(hkdf::Okm<'b, L>) -> T, - L: hkdf::KeyType, + F: FnOnce(&hkdf::Expander, &[&[u8]]) -> T, { const LABEL_PREFIX: &[u8] = b"tls13 "; - let output_len = u16::to_be_bytes(key_type.len() as u16); + let output_len = u16::to_be_bytes(n as u16); let label_len = u8::to_be_bytes((LABEL_PREFIX.len() + label.len()) as u8); let context_len = u8::to_be_bytes(context.len() as u8); @@ -798,35 +840,8 @@ where &context_len[..], context, ]; - let okm = secret.expand(info, key_type).unwrap(); - - f(okm) -} -pub(crate) struct PayloadU8Len(pub(crate) usize); -impl hkdf::KeyType for PayloadU8Len { - fn len(&self) -> usize { - self.0 - } -} - -impl From> for PayloadU8 { - fn from(okm: hkdf::Okm) -> Self { - let mut r = vec![0u8; okm.len().0]; - okm.fill(&mut r[..]).unwrap(); - Self::new(r) - } -} - -pub(crate) fn derive_traffic_key( - secret: &hkdf::Prk, - aead_algorithm: &'static aead::Algorithm, -) -> aead::UnboundKey { - hkdf_expand(secret, aead_algorithm, b"key", &[]) -} - -pub(crate) fn derive_traffic_iv(secret: &hkdf::Prk) -> Iv { - hkdf_expand(secret, IvLen, b"iv", &[]) + f(expander, info) } #[cfg(test)] @@ -978,14 +993,18 @@ mod test { // Since we can't test key equality, we test the output of sealing with the key instead. let aead_alg = &aead::AES_128_GCM; - let key = derive_traffic_key(&traffic_secret, aead_alg); + let expander = crate::hkdf::Expander::from_okm( + &traffic_secret, + &crate::crypto::ring::hmac::HMAC_SHA256, + ); + let key = derive_traffic_key(&expander, aead_alg); let seal_output = seal_zeroes(key); let expected_key = aead::UnboundKey::new(aead_alg, expected_key).unwrap(); let expected_seal_output = seal_zeroes(expected_key); assert_eq!(seal_output, expected_seal_output); assert!(seal_output.len() >= 48); // Sanity check. - let iv = derive_traffic_iv(&traffic_secret); + let iv = derive_traffic_iv(&expander); assert_eq!(iv.value(), expected_iv); } @@ -1007,6 +1026,7 @@ mod benchmarks { #[bench] fn bench_sha256(b: &mut test::Bencher) { use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; + use crate::hkdf; use crate::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; use crate::KeyLog; use ring::aead; @@ -1021,8 +1041,12 @@ mod benchmarks { let aead_alg = &aead::CHACHA20_POLY1305; let hash = [0u8; 32]; let traffic_secret = ks.derive_logged_secret(kind, &hash, &Log, &[0u8; 32]); - test::black_box(derive_traffic_key(&traffic_secret, aead_alg)); - test::black_box(derive_traffic_iv(&traffic_secret)); + let traffic_secret_expander = hkdf::Expander::from_okm( + &traffic_secret, + TLS13_CHACHA20_POLY1305_SHA256_INTERNAL.hmac_provider, + ); + test::black_box(derive_traffic_key(&traffic_secret_expander, aead_alg)); + test::black_box(derive_traffic_iv(&traffic_secret_expander)); } b.iter(|| { diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 26f803fced..c2d08792f3 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -1,5 +1,6 @@ use crate::crypto; use crate::crypto::cipher::{make_nonce, Iv, MessageDecrypter, MessageEncrypter}; +use crate::crypto::hash; use crate::enums::ContentType; use crate::enums::{CipherSuite, ProtocolVersion}; use crate::error::{Error, PeerMisbehaved}; @@ -10,7 +11,6 @@ use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; use crate::suites::{BulkAlgorithm, CipherSuiteCommon, SupportedCipherSuite}; use ring::aead; -use ring::digest::Digest; use core::fmt; @@ -26,7 +26,7 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & bulk: BulkAlgorithm::Chacha20Poly1305, hash_provider: &crypto::ring::hash::SHA256, }, - hkdf_algorithm: ring::hkdf::HKDF_SHA256, + hmac_provider: &crypto::ring::hmac::HMAC_SHA256, #[cfg(feature = "quic")] confidentiality_limit: u64::MAX, #[cfg(feature = "quic")] @@ -42,7 +42,7 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = bulk: BulkAlgorithm::Aes256Gcm, hash_provider: &crypto::ring::hash::SHA384, }, - hkdf_algorithm: ring::hkdf::HKDF_SHA384, + hmac_provider: &crypto::ring::hmac::HMAC_SHA384, #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, #[cfg(feature = "quic")] @@ -60,7 +60,7 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C bulk: BulkAlgorithm::Aes128Gcm, hash_provider: &crypto::ring::hash::SHA256, }, - hkdf_algorithm: ring::hkdf::HKDF_SHA256, + hmac_provider: &crypto::ring::hmac::HMAC_SHA256, #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, #[cfg(feature = "quic")] @@ -72,7 +72,7 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C pub struct Tls13CipherSuite { /// Common cipher suite fields. pub common: CipherSuiteCommon, - pub(crate) hkdf_algorithm: ring::hkdf::Algorithm, + pub(crate) hmac_provider: &'static dyn crypto::hmac::Hmac, #[cfg(feature = "quic")] pub(crate) confidentiality_limit: u64, #[cfg(feature = "quic")] @@ -81,13 +81,6 @@ pub struct Tls13CipherSuite { } impl Tls13CipherSuite { - /// Which hash function to use with this suite. - pub fn hash_algorithm(&self) -> &'static ring::digest::Algorithm { - self.hkdf_algorithm - .hmac_algorithm() - .digest_algorithm() - } - /// Can a session using suite self resume from suite prev? pub fn can_resume_from(&self, prev: &'static Self) -> Option<&'static Self> { (prev.common.hash_provider.algorithm() == self.common.hash_provider.algorithm()) @@ -207,16 +200,19 @@ impl MessageDecrypter for Tls13MessageDecrypter { } /// Constructs the signature message specified in section 4.4.3 of RFC8446. -pub(crate) fn construct_client_verify_message(handshake_hash: &Digest) -> Vec { +pub(crate) fn construct_client_verify_message(handshake_hash: &hash::Output) -> Vec { construct_verify_message(handshake_hash, b"TLS 1.3, client CertificateVerify\x00") } /// Constructs the signature message specified in section 4.4.3 of RFC8446. -pub(crate) fn construct_server_verify_message(handshake_hash: &Digest) -> Vec { +pub(crate) fn construct_server_verify_message(handshake_hash: &hash::Output) -> Vec { construct_verify_message(handshake_hash, b"TLS 1.3, server CertificateVerify\x00") } -fn construct_verify_message(handshake_hash: &Digest, context_string_with_0: &[u8]) -> Vec { +fn construct_verify_message( + handshake_hash: &hash::Output, + context_string_with_0: &[u8], +) -> Vec { let mut msg = Vec::new(); msg.resize(64, 0x20u8); msg.extend_from_slice(context_string_with_0); From a12e5828f5e715b5c0d5a12f764a46c5bb318cf8 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 19 Jun 2023 16:28:13 +0100 Subject: [PATCH 0099/1145] TLS1.2 secret_extraction: decentralise knowledge of key formatting This previously knew about all TLS1.2 AEAD algorithms and how they formatted their key material. Instead delegate this into Tls12AeadAlgorithm implementations. This removes the last *ring* type from SupportedCipherSuite::Tls12. --- rustls/src/tls12/cipher.rs | 44 ++++++++++++++++++ rustls/src/tls12/mod.rs | 93 ++++++-------------------------------- 2 files changed, 57 insertions(+), 80 deletions(-) diff --git a/rustls/src/tls12/cipher.rs b/rustls/src/tls12/cipher.rs index 86deab7ed0..1295917f3b 100644 --- a/rustls/src/tls12/cipher.rs +++ b/rustls/src/tls12/cipher.rs @@ -6,6 +6,8 @@ use crate::msgs::base::Payload; use crate::msgs::codec; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +#[cfg(feature = "secret_extraction")] +use crate::suites::ConnectionTrafficSecrets; use ring::aead; @@ -76,6 +78,23 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { explicit_nonce_len: 8, } } + + #[cfg(feature = "secret_extraction")] + fn extract_keys(&self, key: &[u8], iv: &[u8], explicit: &[u8]) -> ConnectionTrafficSecrets { + match key.len() { + 16 => { + // nb. "fixed IV" becomes the GCM nonce "salt" + let (key, salt, iv) = slices_to_arrays(key, iv, explicit); + ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv } + } + 32 => { + // nb. "fixed IV" becomes the GCM nonce "salt" + let (key, salt, iv) = slices_to_arrays(key, iv, explicit); + ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv } + } + _ => unreachable!(), + } + } } pub(crate) struct ChaCha20Poly1305; @@ -108,6 +127,12 @@ impl Tls12AeadAlgorithm for ChaCha20Poly1305 { explicit_nonce_len: 0, } } + + #[cfg(feature = "secret_extraction")] + fn extract_keys(&self, key: &[u8], iv: &[u8], _explicit: &[u8]) -> ConnectionTrafficSecrets { + let (key, iv) = (slice_to_array(key), slice_to_array(iv)); + ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv } + } } /// A `MessageEncrypter` for AES-GCM AEAD ciphersuites. TLS 1.2 only. @@ -253,6 +278,8 @@ pub(crate) trait Tls12AeadAlgorithm: Send + Sync + 'static { fn decrypter(&self, key: &[u8], iv: &[u8]) -> Box; fn encrypter(&self, key: &[u8], iv: &[u8], extra: &[u8]) -> Box; fn key_block_shape(&self) -> KeyBlockShape; + #[cfg(feature = "secret_extraction")] + fn extract_keys(&self, key: &[u8], iv: &[u8], explicit: &[u8]) -> ConnectionTrafficSecrets; } /// How a TLS1.2 `key_block` is partitioned. @@ -276,3 +303,20 @@ pub(crate) struct KeyBlockShape { /// chacha20poly1305 works this way by design. pub(crate) explicit_nonce_len: usize, } + +#[cfg(feature = "secret_extraction")] +fn slices_to_arrays( + k: &[u8], + s: &[u8], + i: &[u8], +) -> ([u8; NK], [u8; NS], [u8; NI]) { + (slice_to_array(k), slice_to_array(s), slice_to_array(i)) +} + +#[cfg(feature = "secret_extraction")] +fn slice_to_array(slice: &[u8]) -> [u8; N] { + // this is guaranteed true because `ConnectionTrafficSecrets` items and + // `key_block_shape()` are in agreement. + debug_assert_eq!(N, slice.len()); + slice.try_into().unwrap() +} diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 6f3c32a26d..2010da0280 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -7,9 +7,9 @@ use crate::enums::{AlertDescription, CipherSuite, SignatureScheme}; use crate::error::{Error, InvalidMessage}; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::KeyExchangeAlgorithm; -use crate::suites::{BulkAlgorithm, CipherSuiteCommon, SupportedCipherSuite}; #[cfg(feature = "secret_extraction")] -use crate::suites::{ConnectionTrafficSecrets, PartiallyExtractedSecrets}; +use crate::suites::PartiallyExtractedSecrets; +use crate::suites::{BulkAlgorithm, CipherSuiteCommon, SupportedCipherSuite}; use core::fmt; @@ -29,7 +29,6 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, aead_alg: &ChaCha20Poly1305, - aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::CHACHA20_POLY1305, hmac_provider: &crypto::ring::hmac::HMAC_SHA256, }); @@ -44,7 +43,6 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, aead_alg: &ChaCha20Poly1305, - aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::CHACHA20_POLY1305, hmac_provider: &crypto::ring::hmac::HMAC_SHA256, }); @@ -59,7 +57,6 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, aead_alg: &AES128_GCM, - aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_128_GCM, hmac_provider: &crypto::ring::hmac::HMAC_SHA256, }); @@ -74,7 +71,6 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, aead_alg: &AES256_GCM, - aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_256_GCM, hmac_provider: &crypto::ring::hmac::HMAC_SHA384, }); @@ -89,7 +85,6 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, aead_alg: &AES128_GCM, - aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_128_GCM, hmac_provider: &crypto::ring::hmac::HMAC_SHA256, }); @@ -104,7 +99,6 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, aead_alg: &AES256_GCM, - aead_algorithm_only_for_extract_secrets_fixme: &ring::aead::AES_256_GCM, hmac_provider: &crypto::ring::hmac::HMAC_SHA384, }); @@ -138,8 +132,6 @@ pub struct Tls12CipherSuite { /// How to sign messages for authentication. pub sign: &'static [SignatureScheme], - pub(crate) aead_algorithm_only_for_extract_secrets_fixme: &'static ring::aead::Algorithm, - pub(crate) aead_alg: &'static dyn Tls12AeadAlgorithm, } @@ -360,78 +352,19 @@ impl ConnectionSecrets { let key_block = self.make_key_block(); let shape = self.suite.aead_alg.key_block_shape(); - let algo = self - .suite - .aead_algorithm_only_for_extract_secrets_fixme; - - let (client_key, key_block) = key_block.split_at(algo.key_len()); - let (server_key, key_block) = key_block.split_at(algo.key_len()); + let (client_key, key_block) = key_block.split_at(shape.enc_key_len); + let (server_key, key_block) = key_block.split_at(shape.enc_key_len); let (client_iv, key_block) = key_block.split_at(shape.fixed_iv_len); - let (server_iv, extra) = key_block.split_at(shape.fixed_iv_len); - - // A key/IV pair (fixed IV len is 4 for GCM, 12 for Chacha) - struct Pair<'a> { - key: &'a [u8], - iv: &'a [u8], - } - - let client_pair = Pair { - key: client_key, - iv: client_iv, - }; - let server_pair = Pair { - key: server_key, - iv: server_iv, - }; - - let (client_secrets, server_secrets) = if algo == &ring::aead::AES_128_GCM { - let extract = |pair: Pair| -> ConnectionTrafficSecrets { - let mut key = [0u8; 16]; - key.copy_from_slice(pair.key); - - let mut salt = [0u8; 4]; - salt.copy_from_slice(pair.iv); - - let mut iv = [0u8; 8]; - iv.copy_from_slice(&extra[..8]); - - ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv } - }; + let (server_iv, explicit_nonce) = key_block.split_at(shape.fixed_iv_len); - (extract(client_pair), extract(server_pair)) - } else if algo == &ring::aead::AES_256_GCM { - let extract = |pair: Pair| -> ConnectionTrafficSecrets { - let mut key = [0u8; 32]; - key.copy_from_slice(pair.key); - - let mut salt = [0u8; 4]; - salt.copy_from_slice(pair.iv); - - let mut iv = [0u8; 8]; - iv.copy_from_slice(&extra[..8]); - - ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv } - }; - - (extract(client_pair), extract(server_pair)) - } else if algo == &ring::aead::CHACHA20_POLY1305 { - let extract = |pair: Pair| -> ConnectionTrafficSecrets { - let mut key = [0u8; 32]; - key.copy_from_slice(pair.key); - - let mut iv = [0u8; 12]; - iv.copy_from_slice(pair.iv); - - ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv } - }; - - (extract(client_pair), extract(server_pair)) - } else { - return Err(Error::General(format!( - "exporting secrets for {:?}: unimplemented", - algo - ))); - }; + let client_secrets = + self.suite + .aead_alg + .extract_keys(client_key, client_iv, explicit_nonce); + let server_secrets = + self.suite + .aead_alg + .extract_keys(server_key, server_iv, explicit_nonce); let (tx, rx) = match side { Side::Client => (client_secrets, server_secrets), From 274cb044a6cc6e1ce5af944e6adbb8f0aa7b8656 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 15 Aug 2023 14:30:55 +0100 Subject: [PATCH 0100/1145] tls13: extract trait over encryption details This introduces `Tls13AeadAlgorithm` (cf. Tls12AeadAlgorithm) which aims to hide crypto library-specific details. --- rustls/src/tls13/key_schedule.rs | 36 ++++++++----------- rustls/src/tls13/mod.rs | 62 ++++++++++++++++++++++++-------- 2 files changed, 62 insertions(+), 36 deletions(-) diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index d7959f99e5..5e733c138e 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -1,4 +1,3 @@ -use super::{Tls13MessageDecrypter, Tls13MessageEncrypter}; use crate::common_state::{CommonState, Side}; use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter}; use crate::crypto::{hash, hmac}; @@ -509,7 +508,7 @@ impl KeyScheduleTraffic { aead_algorithm: &'static ring::aead::Algorithm, ) -> (AeadKey, Iv) { ( - hkdf_expand_label_aead_key(expander, aead_algorithm, b"key", &[]), + hkdf_expand_label_aead_key(expander, aead_algorithm.key_len(), b"key", &[]), hkdf_expand_label(expander, b"iv", &[]), ) } @@ -603,15 +602,12 @@ impl KeySchedule { fn set_encrypter(&self, secret: &hkdf::OkmBlock, common: &mut CommonState) { let expander = hkdf::Expander::from_okm(secret, self.suite.hmac_provider); - let key = derive_traffic_key(&expander, self.suite.aead_algorithm); + let key = derive_traffic_key(&expander, self.suite.aead_alg.key_len()); let iv = derive_traffic_iv(&expander); common .record_layer - .set_message_encrypter(Box::new(Tls13MessageEncrypter { - enc_key: ring::aead::LessSafeKey::new(key), - iv, - })); + .set_message_encrypter(self.suite.aead_alg.encrypter(key, iv)); } fn set_decrypter(&self, secret: &hkdf::OkmBlock, common: &mut CommonState) { @@ -622,12 +618,9 @@ impl KeySchedule { fn derive_decrypter(&self, secret: &hkdf::OkmBlock) -> Box { let expander = hkdf::Expander::from_okm(secret, self.suite.hmac_provider); - let key = derive_traffic_key(&expander, self.suite.aead_algorithm); + let key = derive_traffic_key(&expander, self.suite.aead_alg.key_len()); let iv = derive_traffic_iv(&expander); - Box::new(Tls13MessageDecrypter { - dec_key: ring::aead::LessSafeKey::new(key), - iv, - }) + self.suite.aead_alg.decrypter(key, iv) } fn new_with_empty_secret(suite: &'static Tls13CipherSuite) -> Self { @@ -779,11 +772,10 @@ fn hkdf_expand_label_block( /// [HKDF-Expand-Label] where the output is an AEAD key. fn hkdf_expand_label_aead_key( expander: &hkdf::Expander, - aead_algorithm: &'static ring::aead::Algorithm, + key_len: usize, label: &[u8], context: &[u8], ) -> AeadKey { - let key_len = aead_algorithm.key_len(); hkdf_expand_label_inner(expander, label, context, key_len, |e, info| { let key: AeadKey = e.expand(info); key.with_length(key_len) @@ -804,12 +796,8 @@ fn hkdf_expand_label_slice( }) } -pub(crate) fn derive_traffic_key( - expander: &hkdf::Expander, - aead_algorithm: &'static ring::aead::Algorithm, -) -> ring::aead::UnboundKey { - let key = hkdf_expand_label_aead_key(expander, aead_algorithm, b"key", &[]); - ring::aead::UnboundKey::new(aead_algorithm, key.as_ref()).unwrap() +pub(crate) fn derive_traffic_key(expander: &hkdf::Expander, aead_key_len: usize) -> AeadKey { + hkdf_expand_label_aead_key(expander, aead_key_len, b"key", &[]) } pub(crate) fn derive_traffic_iv(expander: &hkdf::Expander) -> Iv { @@ -997,7 +985,8 @@ mod test { &traffic_secret, &crate::crypto::ring::hmac::HMAC_SHA256, ); - let key = derive_traffic_key(&expander, aead_alg); + let key = derive_traffic_key(&expander, aead_alg.key_len()); + let key = aead::UnboundKey::new(aead_alg, key.as_ref()).unwrap(); let seal_output = seal_zeroes(key); let expected_key = aead::UnboundKey::new(aead_alg, expected_key).unwrap(); let expected_seal_output = seal_zeroes(expected_key); @@ -1045,7 +1034,10 @@ mod benchmarks { &traffic_secret, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL.hmac_provider, ); - test::black_box(derive_traffic_key(&traffic_secret_expander, aead_alg)); + test::black_box(derive_traffic_key( + &traffic_secret_expander, + aead_alg.key_len(), + )); test::black_box(derive_traffic_iv(&traffic_secret_expander)); } diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index c2d08792f3..57e1098658 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -1,14 +1,14 @@ use crate::crypto; -use crate::crypto::cipher::{make_nonce, Iv, MessageDecrypter, MessageEncrypter}; +use crate::crypto::cipher::{make_nonce, AeadKey, Iv, MessageDecrypter, MessageEncrypter}; use crate::crypto::hash; -use crate::enums::ContentType; -use crate::enums::{CipherSuite, ProtocolVersion}; +use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::{Error, PeerMisbehaved}; use crate::msgs::base::Payload; use crate::msgs::codec::Codec; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; -use crate::suites::{BulkAlgorithm, CipherSuiteCommon, SupportedCipherSuite}; +use crate::suites::BulkAlgorithm; +use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; use ring::aead; @@ -27,6 +27,7 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & hash_provider: &crypto::ring::hash::SHA256, }, hmac_provider: &crypto::ring::hmac::HMAC_SHA256, + aead_alg: &AeadAlgorithm(&ring::aead::CHACHA20_POLY1305), #[cfg(feature = "quic")] confidentiality_limit: u64::MAX, #[cfg(feature = "quic")] @@ -43,6 +44,7 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = hash_provider: &crypto::ring::hash::SHA384, }, hmac_provider: &crypto::ring::hmac::HMAC_SHA384, + aead_alg: &AeadAlgorithm(&ring::aead::AES_256_GCM), #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, #[cfg(feature = "quic")] @@ -61,6 +63,7 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C hash_provider: &crypto::ring::hash::SHA256, }, hmac_provider: &crypto::ring::hmac::HMAC_SHA256, + aead_alg: &AeadAlgorithm(&ring::aead::AES_128_GCM), #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, #[cfg(feature = "quic")] @@ -73,6 +76,7 @@ pub struct Tls13CipherSuite { /// Common cipher suite fields. pub common: CipherSuiteCommon, pub(crate) hmac_provider: &'static dyn crypto::hmac::Hmac, + pub(crate) aead_alg: &'static dyn Tls13AeadAlgorithm, #[cfg(feature = "quic")] pub(crate) confidentiality_limit: u64, #[cfg(feature = "quic")] @@ -109,16 +113,6 @@ impl fmt::Debug for Tls13CipherSuite { } } -struct Tls13MessageEncrypter { - enc_key: aead::LessSafeKey, - iv: Iv, -} - -struct Tls13MessageDecrypter { - dec_key: aead::LessSafeKey, - iv: Iv, -} - fn unpad_tls13(v: &mut Vec) -> ContentType { loop { match v.pop() { @@ -142,6 +136,46 @@ fn make_tls13_aad(len: usize) -> ring::aead::Aad<[u8; TLS13_AAD_SIZE]> { // https://datatracker.ietf.org/doc/html/rfc8446#section-5.2 const TLS13_AAD_SIZE: usize = 1 + 2 + 2; +struct AeadAlgorithm(&'static ring::aead::Algorithm); + +impl Tls13AeadAlgorithm for AeadAlgorithm { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { + // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. + Box::new(Tls13MessageEncrypter { + enc_key: aead::LessSafeKey::new(aead::UnboundKey::new(self.0, key.as_ref()).unwrap()), + iv, + }) + } + + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { + // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. + Box::new(Tls13MessageDecrypter { + dec_key: aead::LessSafeKey::new(aead::UnboundKey::new(self.0, key.as_ref()).unwrap()), + iv, + }) + } + + fn key_len(&self) -> usize { + self.0.key_len() + } +} + +pub(crate) trait Tls13AeadAlgorithm: Send + Sync { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box; + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box; + fn key_len(&self) -> usize; +} + +struct Tls13MessageEncrypter { + enc_key: ring::aead::LessSafeKey, + iv: Iv, +} + +struct Tls13MessageDecrypter { + dec_key: ring::aead::LessSafeKey, + iv: Iv, +} + impl MessageEncrypter for Tls13MessageEncrypter { fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { let total_len = msg.payload.len() + 1 + self.enc_key.algorithm().tag_len(); From 71dec4ee070740f4db91a0a7bfdfc8702540eb6a Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 15 Aug 2023 14:32:15 +0100 Subject: [PATCH 0101/1145] tls13: route secret extraction through `Tls13AeadAlgorithm` This allows for removing the final *ring*-specific member of `Tls13CipherSuite`. --- rustls/src/tls13/key_schedule.rs | 103 +++++++++---------------------- rustls/src/tls13/mod.rs | 101 +++++++++++++++++++++++++++--- 2 files changed, 121 insertions(+), 83 deletions(-) diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 5e733c138e..63fc4e0c66 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -6,7 +6,7 @@ use crate::hkdf; #[cfg(feature = "quic")] use crate::quic; #[cfg(feature = "secret_extraction")] -use crate::suites::{ConnectionTrafficSecrets, PartiallyExtractedSecrets}; +use crate::suites::PartiallyExtractedSecrets; use crate::{KeyLog, Tls13CipherSuite}; /// Key schedule maintenance for TLS1.3 @@ -504,85 +504,38 @@ impl KeyScheduleTraffic { #[cfg(feature = "secret_extraction")] pub(crate) fn extract_secrets(&self, side: Side) -> Result { fn expand( - expander: &hkdf::Expander, - aead_algorithm: &'static ring::aead::Algorithm, + secret: &hkdf::OkmBlock, + hmac: &'static dyn hmac::Hmac, + aead_key_len: usize, ) -> (AeadKey, Iv) { + let expander = hkdf::Expander::from_okm(secret, hmac); + ( - hkdf_expand_label_aead_key(expander, aead_algorithm.key_len(), b"key", &[]), - hkdf_expand_label(expander, b"iv", &[]), + hkdf_expand_label_aead_key(&expander, aead_key_len, b"key", &[]), + hkdf_expand_label(&expander, b"iv", &[]), ) } - let client_secrets; - let server_secrets; - - let algo = self.ks.suite.aead_algorithm; - if algo == &ring::aead::AES_128_GCM { - let extract = |secret: &hkdf::OkmBlock| -> Result { - let expander = hkdf::Expander::from_okm(secret, self.ks.suite.hmac_provider); - let (key, iv_in) = expand(&expander, algo); - - let mut salt = [0u8; 4]; - salt.copy_from_slice(&iv_in.0[..4]); - - let mut iv = [0u8; 8]; - iv.copy_from_slice(&iv_in.0[4..]); - - let mut key_array = [0u8; 16]; - key_array.copy_from_slice(key.as_ref()); - - Ok(ConnectionTrafficSecrets::Aes128Gcm { - key: key_array, - salt, - iv, - }) - }; - - client_secrets = extract(&self.current_client_traffic_secret)?; - server_secrets = extract(&self.current_server_traffic_secret)?; - } else if algo == &ring::aead::AES_256_GCM { - let extract = |secret: &hkdf::OkmBlock| -> Result { - let expander = hkdf::Expander::from_okm(secret, self.ks.suite.hmac_provider); - let (key, iv_in) = expand(&expander, algo); - - let mut salt = [0u8; 4]; - salt.copy_from_slice(&iv_in.0[..4]); - - let mut iv = [0u8; 8]; - iv.copy_from_slice(&iv_in.0[4..]); - - let mut key_array = [0u8; 32]; - key_array.copy_from_slice(key.as_ref()); - - Ok(ConnectionTrafficSecrets::Aes256Gcm { - key: key_array, - salt, - iv, - }) - }; - - client_secrets = extract(&self.current_client_traffic_secret)?; - server_secrets = extract(&self.current_server_traffic_secret)?; - } else if algo == &ring::aead::CHACHA20_POLY1305 { - let extract = |secret: &hkdf::OkmBlock| -> Result { - let expander = hkdf::Expander::from_okm(secret, self.ks.suite.hmac_provider); - let (key, iv) = expand(&expander, algo); - let mut key_array = [0u8; 32]; - key_array.copy_from_slice(key.as_ref()); - Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { - key: key_array, - iv: iv.0, - }) - }; - - client_secrets = extract(&self.current_client_traffic_secret)?; - server_secrets = extract(&self.current_server_traffic_secret)?; - } else { - return Err(Error::General(format!( - "exporting secrets for {:?}: unimplemented", - algo - ))); - } + let (client_key, client_iv) = expand( + &self.current_client_traffic_secret, + self.ks.suite.hmac_provider, + self.ks.suite.aead_alg.key_len(), + ); + let (server_key, server_iv) = expand( + &self.current_server_traffic_secret, + self.ks.suite.hmac_provider, + self.ks.suite.aead_alg.key_len(), + ); + let client_secrets = self + .ks + .suite + .aead_alg + .extract_keys(client_key, client_iv); + let server_secrets = self + .ks + .suite + .aead_alg + .extract_keys(server_key, server_iv); let (tx, rx) = match side { Side::Client => (client_secrets, server_secrets), diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 57e1098658..152d0e00db 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -8,6 +8,8 @@ use crate::msgs::codec::Codec; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; use crate::suites::BulkAlgorithm; +#[cfg(feature = "secret_extraction")] +use crate::suites::ConnectionTrafficSecrets; use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; use ring::aead; @@ -27,12 +29,11 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & hash_provider: &crypto::ring::hash::SHA256, }, hmac_provider: &crypto::ring::hmac::HMAC_SHA256, - aead_alg: &AeadAlgorithm(&ring::aead::CHACHA20_POLY1305), + aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&ring::aead::CHACHA20_POLY1305)), #[cfg(feature = "quic")] confidentiality_limit: u64::MAX, #[cfg(feature = "quic")] integrity_limit: 1 << 36, - aead_algorithm: &ring::aead::CHACHA20_POLY1305, }; /// The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384 @@ -44,12 +45,11 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = hash_provider: &crypto::ring::hash::SHA384, }, hmac_provider: &crypto::ring::hmac::HMAC_SHA384, - aead_alg: &AeadAlgorithm(&ring::aead::AES_256_GCM), + aead_alg: &Aes256GcmAead(AeadAlgorithm(&ring::aead::AES_256_GCM)), #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, #[cfg(feature = "quic")] integrity_limit: 1 << 52, - aead_algorithm: &ring::aead::AES_256_GCM, }); /// The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256 @@ -63,12 +63,11 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C hash_provider: &crypto::ring::hash::SHA256, }, hmac_provider: &crypto::ring::hmac::HMAC_SHA256, - aead_alg: &AeadAlgorithm(&ring::aead::AES_128_GCM), + aead_alg: &Aes128GcmAead(AeadAlgorithm(&ring::aead::AES_128_GCM)), #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, #[cfg(feature = "quic")] integrity_limit: 1 << 52, - aead_algorithm: &ring::aead::AES_128_GCM, }; /// A TLS 1.3 cipher suite supported by rustls. @@ -81,7 +80,6 @@ pub struct Tls13CipherSuite { pub(crate) confidentiality_limit: u64, #[cfg(feature = "quic")] pub(crate) integrity_limit: u64, - pub(crate) aead_algorithm: &'static ring::aead::Algorithm, } impl Tls13CipherSuite { @@ -136,9 +134,76 @@ fn make_tls13_aad(len: usize) -> ring::aead::Aad<[u8; TLS13_AAD_SIZE]> { // https://datatracker.ietf.org/doc/html/rfc8446#section-5.2 const TLS13_AAD_SIZE: usize = 1 + 2 + 2; +struct Chacha20Poly1305Aead(AeadAlgorithm); + +impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.encrypter(key, iv) + } + + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.decrypter(key, iv) + } + + fn key_len(&self) -> usize { + self.0.key_len() + } + + #[cfg(feature = "secret_extraction")] + fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets { + let (key, iv) = (slice_to_array(key.as_ref()), slice_to_array(&iv.0)); + ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv } + } +} + +struct Aes256GcmAead(AeadAlgorithm); + +impl Tls13AeadAlgorithm for Aes256GcmAead { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.encrypter(key, iv) + } + + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.decrypter(key, iv) + } + + fn key_len(&self) -> usize { + self.0.key_len() + } + + #[cfg(feature = "secret_extraction")] + fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets { + let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv.0[..4], &iv.0[4..]); + ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv } + } +} + +struct Aes128GcmAead(AeadAlgorithm); + +impl Tls13AeadAlgorithm for Aes128GcmAead { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.encrypter(key, iv) + } + + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.decrypter(key, iv) + } + + fn key_len(&self) -> usize { + self.0.key_len() + } + + #[cfg(feature = "secret_extraction")] + fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets { + let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv.0[..4], &iv.0[4..]); + ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv } + } +} + +// common encrypter/decrypter/key_len items for above Tls13AeadAlgorithm impls struct AeadAlgorithm(&'static ring::aead::Algorithm); -impl Tls13AeadAlgorithm for AeadAlgorithm { +impl AeadAlgorithm { fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. Box::new(Tls13MessageEncrypter { @@ -164,6 +229,9 @@ pub(crate) trait Tls13AeadAlgorithm: Send + Sync { fn encrypter(&self, key: AeadKey, iv: Iv) -> Box; fn decrypter(&self, key: AeadKey, iv: Iv) -> Box; fn key_len(&self) -> usize; + + #[cfg(feature = "secret_extraction")] + fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets; } struct Tls13MessageEncrypter { @@ -233,6 +301,23 @@ impl MessageDecrypter for Tls13MessageDecrypter { } } +#[cfg(feature = "secret_extraction")] +fn slices_to_arrays( + k: &[u8], + s: &[u8], + i: &[u8], +) -> ([u8; NK], [u8; NS], [u8; NI]) { + (slice_to_array(k), slice_to_array(s), slice_to_array(i)) +} + +#[cfg(feature = "secret_extraction")] +fn slice_to_array(slice: &[u8]) -> [u8; N] { + // this is guaranteed true because `ConnectionTrafficSecrets` items and + // `key_len()` are in agreement. + debug_assert_eq!(N, slice.len()); + slice.try_into().unwrap() +} + /// Constructs the signature message specified in section 4.4.3 of RFC8446. pub(crate) fn construct_client_verify_message(handshake_hash: &hash::Output) -> Vec { construct_verify_message(handshake_hash, b"TLS 1.3, client CertificateVerify\x00") From 075dfe3d77bd06ef09fa0dc49d8806c756055887 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 8 Aug 2023 13:14:40 +0100 Subject: [PATCH 0102/1145] Allow reuse of TLS1.3 message unpadding and AAD --- rustls/src/crypto/cipher.rs | 48 +++++++++++++++++++++++++++++++--- rustls/src/msgs/message.rs | 42 +++++++++++++++++++++++++++++- rustls/src/tls12/cipher.rs | 36 ++++++++------------------ rustls/src/tls13/mod.rs | 51 +++++-------------------------------- 4 files changed, 103 insertions(+), 74 deletions(-) diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index ce25311519..5648bf2bf0 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -1,6 +1,7 @@ +use crate::enums::{ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec; -use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +pub use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; /// Objects with this trait can decrypt TLS messages. pub trait MessageDecrypter: Send + Sync { @@ -27,7 +28,7 @@ impl dyn MessageDecrypter { /// A write or read IV. #[derive(Default)] -pub(crate) struct Iv(pub(crate) [u8; NONCE_LEN]); +pub struct Iv(pub(crate) [u8; NONCE_LEN]); impl Iv { #[cfg(feature = "tls12")] @@ -55,7 +56,11 @@ impl From<[u8; NONCE_LEN]> for Iv { } } -pub(crate) fn make_nonce(iv: &Iv, seq: u64) -> [u8; NONCE_LEN] { +/// Combine an `Iv` and sequence number to produce a unique nonce. +/// +/// This is `iv ^ seq` where `seq` is encoded as a 96-bit big-endian integer. +#[inline] +pub fn make_nonce(iv: &Iv, seq: u64) -> [u8; NONCE_LEN] { let mut nonce = [0u8; NONCE_LEN]; codec::put_u64(seq, &mut nonce[4..]); @@ -73,10 +78,45 @@ pub(crate) fn make_nonce(iv: &Iv, seq: u64) -> [u8; NONCE_LEN] { /// (AES-GCM, Chacha20Poly1305) const NONCE_LEN: usize = 12; +/// Returns a TLS1.3 `additional_data` encoding. +/// +/// See RFC8446 s5.2 for the `additional_data` definition. +#[inline] +pub fn make_tls13_aad(payload_len: usize) -> [u8; 5] { + [ + ContentType::ApplicationData.get_u8(), + // nb. this is `legacy_record_version`, ie TLS1.2 even for TLS1.3. + (ProtocolVersion::TLSv1_2.get_u16() >> 8) as u8, + (ProtocolVersion::TLSv1_2.get_u16() & 0xff) as u8, + (payload_len >> 8) as u8, + (payload_len & 0xff) as u8, + ] +} + +/// Returns a TLS1.2 `additional_data` encoding. +/// +/// See RFC5246 s6.2.3.3 for the `additional_data` definition. +#[inline] +pub fn make_tls12_aad( + seq: u64, + typ: ContentType, + vers: ProtocolVersion, + len: usize, +) -> [u8; TLS12_AAD_SIZE] { + let mut out = [0; TLS12_AAD_SIZE]; + codec::put_u64(seq, &mut out[0..]); + out[8] = typ.get_u8(); + codec::put_u16(vers.get_u16(), &mut out[9..]); + codec::put_u16(len as u16, &mut out[11..]); + out +} + +const TLS12_AAD_SIZE: usize = 8 + 1 + 2 + 2; + /// A key for an AEAD algorithm. /// /// This is a value type for a byte string up to `AeadKey::MAX_LEN` bytes in length. -pub(crate) struct AeadKey { +pub struct AeadKey { buf: [u8; Self::MAX_LEN], used: usize, } diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index 5915ab5ede..9dd57a55ee 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -1,11 +1,12 @@ use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; -use crate::error::{Error, InvalidMessage}; +use crate::error::{Error, InvalidMessage, PeerMisbehaved}; use crate::msgs::alert::AlertMessagePayload; use crate::msgs::base::Payload; use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::enums::AlertLevel; +use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::handshake::HandshakeMessagePayload; #[derive(Debug)] @@ -146,6 +147,30 @@ impl OpaqueMessage { } } + /// For TLS1.3 (only), checks the length msg.payload is valid and removes the padding. + /// + /// Returns an error if the message (pre-unpadding) is too long, or the padding is invalid, + /// or the message (post-unpadding) is too long. + pub fn into_tls13_unpadded_message(mut self) -> Result { + let payload = &mut self.payload.0; + + if payload.len() > MAX_FRAGMENT_LEN + 1 { + return Err(Error::PeerSentOversizedRecord); + } + + self.typ = unpad_tls13(payload); + if self.typ == ContentType::Unknown(0) { + return Err(PeerMisbehaved::IllegalTlsInnerPlaintext.into()); + } + + if payload.len() > MAX_FRAGMENT_LEN { + return Err(Error::PeerSentOversizedRecord); + } + + self.version = ProtocolVersion::TLSv1_3; + Ok(self.into_plain_message()) + } + /// This is the maximum on-the-wire size of a TLSCiphertext. /// That's 2^14 payload bytes, a header, and a 2KB allowance /// for ciphertext overheads. @@ -158,6 +183,21 @@ impl OpaqueMessage { pub const MAX_WIRE_SIZE: usize = (Self::MAX_PAYLOAD + Self::HEADER_SIZE) as usize; } +/// `v` is a message payload, immediately post-decryption. This function +/// removes zero padding bytes, until a non-zero byte is encountered which is +/// the content type, which is returned. See RFC8446 s5.2. +/// +/// ContentType(0) is returned if the message payload is empty or all zeroes. +fn unpad_tls13(v: &mut Vec) -> ContentType { + loop { + match v.pop() { + Some(0) => {} + Some(content_type) => return ContentType::from(content_type), + None => return ContentType::Unknown(0), + } + } +} + impl From for PlainMessage { fn from(msg: Message) -> Self { let typ = msg.payload.content_type(); diff --git a/rustls/src/tls12/cipher.rs b/rustls/src/tls12/cipher.rs index 1295917f3b..63765d7011 100644 --- a/rustls/src/tls12/cipher.rs +++ b/rustls/src/tls12/cipher.rs @@ -1,9 +1,6 @@ -use crate::crypto::cipher::{make_nonce, Iv, MessageDecrypter, MessageEncrypter}; -use crate::enums::ContentType; -use crate::enums::ProtocolVersion; +use crate::crypto::cipher::{make_nonce, make_tls12_aad, Iv, MessageDecrypter, MessageEncrypter}; use crate::error::Error; use crate::msgs::base::Payload; -use crate::msgs::codec; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; #[cfg(feature = "secret_extraction")] @@ -11,22 +8,6 @@ use crate::suites::ConnectionTrafficSecrets; use ring::aead; -const TLS12_AAD_SIZE: usize = 8 + 1 + 2 + 2; - -fn make_tls12_aad( - seq: u64, - typ: ContentType, - vers: ProtocolVersion, - len: usize, -) -> ring::aead::Aad<[u8; TLS12_AAD_SIZE]> { - let mut out = [0; TLS12_AAD_SIZE]; - codec::put_u64(seq, &mut out[0..]); - out[8] = typ.get_u8(); - codec::put_u16(vers.get_u16(), &mut out[9..]); - codec::put_u16(len as u16, &mut out[11..]); - ring::aead::Aad::from(out) -} - pub(crate) static AES128_GCM: GcmAlgorithm = GcmAlgorithm(&aead::AES_128_GCM); pub(crate) static AES256_GCM: GcmAlgorithm = GcmAlgorithm(&aead::AES_256_GCM); @@ -164,7 +145,12 @@ impl MessageDecrypter for GcmMessageDecrypter { aead::Nonce::assume_unique_for_key(nonce) }; - let aad = make_tls12_aad(seq, msg.typ, msg.version, payload.len() - GCM_OVERHEAD); + let aad = aead::Aad::from(make_tls12_aad( + seq, + msg.typ, + msg.version, + payload.len() - GCM_OVERHEAD, + )); let plain_len = self .dec_key @@ -184,7 +170,7 @@ impl MessageDecrypter for GcmMessageDecrypter { impl MessageEncrypter for GcmMessageEncrypter { fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.iv, seq)); - let aad = make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len()); + let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); let total_len = msg.payload.len() + self.enc_key.algorithm().tag_len(); let mut payload = Vec::with_capacity(GCM_EXPLICIT_NONCE_LEN + total_len); @@ -231,12 +217,12 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { } let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.dec_offset, seq)); - let aad = make_tls12_aad( + let aad = aead::Aad::from(make_tls12_aad( seq, msg.typ, msg.version, payload.len() - CHACHAPOLY1305_OVERHEAD, - ); + )); let plain_len = self .dec_key @@ -256,7 +242,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.enc_offset, seq)); - let aad = make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len()); + let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); let total_len = msg.payload.len() + self.enc_key.algorithm().tag_len(); let mut buf = Vec::with_capacity(total_len); diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 152d0e00db..cdc554483a 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -1,11 +1,12 @@ use crate::crypto; -use crate::crypto::cipher::{make_nonce, AeadKey, Iv, MessageDecrypter, MessageEncrypter}; +use crate::crypto::cipher::{ + make_nonce, make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, +}; use crate::crypto::hash; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; -use crate::error::{Error, PeerMisbehaved}; +use crate::error::Error; use crate::msgs::base::Payload; use crate::msgs::codec::Codec; -use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; use crate::suites::BulkAlgorithm; #[cfg(feature = "secret_extraction")] @@ -111,29 +112,6 @@ impl fmt::Debug for Tls13CipherSuite { } } -fn unpad_tls13(v: &mut Vec) -> ContentType { - loop { - match v.pop() { - Some(0) => {} - Some(content_type) => return ContentType::from(content_type), - None => return ContentType::Unknown(0), - } - } -} - -fn make_tls13_aad(len: usize) -> ring::aead::Aad<[u8; TLS13_AAD_SIZE]> { - ring::aead::Aad::from([ - 0x17, // ContentType::ApplicationData - 0x3, // ProtocolVersion (major) - 0x3, // ProtocolVersion (minor) - (len >> 8) as u8, - len as u8, - ]) -} - -// https://datatracker.ietf.org/doc/html/rfc8446#section-5.2 -const TLS13_AAD_SIZE: usize = 1 + 2 + 2; - struct Chacha20Poly1305Aead(AeadAlgorithm); impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { @@ -252,7 +230,7 @@ impl MessageEncrypter for Tls13MessageEncrypter { msg.typ.encode(&mut payload); let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.iv, seq)); - let aad = make_tls13_aad(total_len); + let aad = aead::Aad::from(make_tls13_aad(total_len)); self.enc_key .seal_in_place_append_tag(nonce, aad, &mut payload) @@ -274,7 +252,7 @@ impl MessageDecrypter for Tls13MessageDecrypter { } let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.iv, seq)); - let aad = make_tls13_aad(payload.len()); + let aad = aead::Aad::from(make_tls13_aad(payload.len())); let plain_len = self .dec_key .open_in_place(nonce, aad, payload) @@ -282,22 +260,7 @@ impl MessageDecrypter for Tls13MessageDecrypter { .len(); payload.truncate(plain_len); - - if payload.len() > MAX_FRAGMENT_LEN + 1 { - return Err(Error::PeerSentOversizedRecord); - } - - msg.typ = unpad_tls13(payload); - if msg.typ == ContentType::Unknown(0) { - return Err(PeerMisbehaved::IllegalTlsInnerPlaintext.into()); - } - - if payload.len() > MAX_FRAGMENT_LEN { - return Err(Error::PeerSentOversizedRecord); - } - - msg.version = ProtocolVersion::TLSv1_3; - Ok(msg.into_plain_message()) + msg.into_tls13_unpadded_message() } } From 6253294a0201d7c2f8f0088512a787c00b54b000 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 21 Aug 2023 16:07:37 +0100 Subject: [PATCH 0103/1145] Add dedicated AEAD Nonce type This is constructed from an Iv and sequence number, and its constructor the `make_nonce` free function. --- rustls/src/crypto/cipher.rs | 38 +++++++++++++++++++++---------------- rustls/src/tls12/cipher.rs | 8 ++++---- rustls/src/tls13/mod.rs | 6 +++--- 3 files changed, 29 insertions(+), 23 deletions(-) diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 5648bf2bf0..8ee2ae9a7d 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -56,22 +56,28 @@ impl From<[u8; NONCE_LEN]> for Iv { } } -/// Combine an `Iv` and sequence number to produce a unique nonce. -/// -/// This is `iv ^ seq` where `seq` is encoded as a 96-bit big-endian integer. -#[inline] -pub fn make_nonce(iv: &Iv, seq: u64) -> [u8; NONCE_LEN] { - let mut nonce = [0u8; NONCE_LEN]; - codec::put_u64(seq, &mut nonce[4..]); - - nonce - .iter_mut() - .zip(iv.0.iter()) - .for_each(|(nonce, iv)| { - *nonce ^= *iv; - }); - - nonce +/// A nonce. This is unique for all messages on a connection. +pub struct Nonce(pub [u8; NONCE_LEN]); + +impl Nonce { + /// Combine an `Iv` and sequence number to produce a unique nonce. + /// + /// This is `iv ^ seq` where `seq` is encoded as a 96-bit big-endian integer. + #[inline] + pub fn new(iv: &Iv, seq: u64) -> Self { + let mut nonce = Self([0u8; NONCE_LEN]); + codec::put_u64(seq, &mut nonce.0[4..]); + + nonce + .0 + .iter_mut() + .zip(iv.0.iter()) + .for_each(|(nonce, iv)| { + *nonce ^= *iv; + }); + + nonce + } } /// Size of TLS nonces (incorrectly termed "IV" in standard) for all supported ciphersuites diff --git a/rustls/src/tls12/cipher.rs b/rustls/src/tls12/cipher.rs index 63765d7011..58a1ef5e1d 100644 --- a/rustls/src/tls12/cipher.rs +++ b/rustls/src/tls12/cipher.rs @@ -1,4 +1,4 @@ -use crate::crypto::cipher::{make_nonce, make_tls12_aad, Iv, MessageDecrypter, MessageEncrypter}; +use crate::crypto::cipher::{make_tls12_aad, Iv, MessageDecrypter, MessageEncrypter, Nonce}; use crate::error::Error; use crate::msgs::base::Payload; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; @@ -169,7 +169,7 @@ impl MessageDecrypter for GcmMessageDecrypter { impl MessageEncrypter for GcmMessageEncrypter { fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { - let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.iv, seq)); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); let total_len = msg.payload.len() + self.enc_key.algorithm().tag_len(); @@ -216,7 +216,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { return Err(Error::DecryptError); } - let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.dec_offset, seq)); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.dec_offset, seq).0); let aad = aead::Aad::from(make_tls12_aad( seq, msg.typ, @@ -241,7 +241,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { - let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.enc_offset, seq)); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.enc_offset, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); let total_len = msg.payload.len() + self.enc_key.algorithm().tag_len(); diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index cdc554483a..9689fc5bc2 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -1,6 +1,6 @@ use crate::crypto; use crate::crypto::cipher::{ - make_nonce, make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, + make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, }; use crate::crypto::hash; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; @@ -229,7 +229,7 @@ impl MessageEncrypter for Tls13MessageEncrypter { payload.extend_from_slice(msg.payload); msg.typ.encode(&mut payload); - let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.iv, seq)); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls13_aad(total_len)); self.enc_key @@ -251,7 +251,7 @@ impl MessageDecrypter for Tls13MessageDecrypter { return Err(Error::DecryptError); } - let nonce = aead::Nonce::assume_unique_for_key(make_nonce(&self.iv, seq)); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls13_aad(payload.len())); let plain_len = self .dec_key From b20c02410988c5379a9296306193c2ac74aa2c50 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 14 Aug 2023 10:43:46 +0100 Subject: [PATCH 0104/1145] Have CryptoProvider supply default cipher suites --- rustls/src/builder.rs | 17 +++++++++-------- rustls/src/crypto/mod.rs | 4 ++++ rustls/src/crypto/ring/mod.rs | 5 +++++ rustls/src/lib.rs | 5 ++--- 4 files changed, 20 insertions(+), 11 deletions(-) diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 3a574c23c3..fe167fb81f 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -1,6 +1,6 @@ use crate::crypto::{CryptoProvider, KeyExchange}; use crate::error::Error; -use crate::suites::{SupportedCipherSuite, DEFAULT_CIPHER_SUITES}; +use crate::suites::SupportedCipherSuite; use crate::versions; use core::fmt; @@ -186,8 +186,8 @@ pub struct WantsCipherSuites(pub(crate) ()); impl ConfigBuilder { /// Start side-specific config with defaults for underlying cryptography. /// - /// If used, this will enable all safe supported cipher suites ([`DEFAULT_CIPHER_SUITES`]), all - /// safe supported key exchange groups ([`KeyExchange::all_kx_groups`]) and all safe supported + /// If used, this will enable all safe supported cipher suites (`default_cipher_suites()` as specified by the + /// `CryptoProvider` type), all safe supported key exchange groups ([`KeyExchange::all_kx_groups`]) and all safe supported /// protocol versions ([`DEFAULT_VERSIONS`]). /// /// These are safe defaults, useful for 99% of applications. @@ -196,7 +196,7 @@ impl ConfigBuilder { pub fn with_safe_defaults(self) -> ConfigBuilder> { ConfigBuilder { state: WantsVerifier { - cipher_suites: DEFAULT_CIPHER_SUITES.to_vec(), + cipher_suites: ::default_cipher_suites().to_vec(), kx_groups: <::KeyExchange as KeyExchange>::all_kx_groups().to_vec(), versions: versions::EnabledVersions::new(versions::DEFAULT_VERSIONS), }, @@ -217,13 +217,14 @@ impl ConfigBuilder { } } - /// Choose the default set of cipher suites ([`DEFAULT_CIPHER_SUITES`]). + /// Choose the default set of cipher suites as specified by the `CryptoProvider`. /// - /// Note that this default provides only high-quality suites: there is no need + /// The intention is that this default provides only high-quality suites: there is no need /// to filter out low-, export- or NULL-strength cipher suites: rustls does not - /// implement these. + /// implement these. But the precise details are controlled by what is implemented by the + /// `CryptoProvider`. pub fn with_safe_default_cipher_suites(self) -> ConfigBuilder { - self.with_cipher_suites(DEFAULT_CIPHER_SUITES) + self.with_cipher_suites(::default_cipher_suites()) } } diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 8c97e74506..c02791ecf3 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,3 +1,4 @@ +use crate::suites; use crate::{Error, NamedGroup}; use core::fmt::Debug; @@ -25,6 +26,9 @@ pub trait CryptoProvider: Send + Sync + 'static { /// Fill the given buffer with random bytes. fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>; + + /// Provide a safe set of cipher suites that can be used as the defaults. + fn default_cipher_suites() -> &'static [suites::SupportedCipherSuite]; } /// An in-progress key exchange over a [SupportedGroup]. diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index b42d585c11..ac59e07d42 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -3,6 +3,7 @@ use crate::error::{Error, PeerMisbehaved}; use crate::msgs::enums::NamedGroup; use crate::rand::GetRandomFailed; use crate::server::ProducesTickets; +use crate::suites::SupportedCipherSuite; use ring::aead; use ring::agreement::{agree_ephemeral, EphemeralPrivateKey, UnparsedPublicKey}; @@ -26,6 +27,10 @@ impl CryptoProvider for Ring { .fill(buf) .map_err(|_| GetRandomFailed) } + + fn default_cipher_suites() -> &'static [SupportedCipherSuite] { + crate::suites::DEFAULT_CIPHER_SUITES + } } /// An in-progress key exchange. This has the algorithm, diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index acaa3d9ff3..49bcb9319e 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -397,11 +397,10 @@ pub use crate::key_log_file::KeyLogFile; pub use crate::msgs::enums::NamedGroup; pub use crate::msgs::handshake::DistinguishedName; pub use crate::stream::{Stream, StreamOwned}; -pub use crate::suites::{ - BulkAlgorithm, SupportedCipherSuite, ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES, -}; +pub use crate::suites::SupportedCipherSuite; #[cfg(feature = "secret_extraction")] pub use crate::suites::{ConnectionTrafficSecrets, ExtractedSecrets}; +pub use crate::suites::{ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES}; pub use crate::ticketer::TicketSwitcher; #[cfg(feature = "tls12")] pub use crate::tls12::Tls12CipherSuite; From d0db689d08d699a3940ccad4215b035a222d31ea Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 15 Aug 2023 16:00:25 +0100 Subject: [PATCH 0105/1145] Move ring-backed ciphersuites into crypto::ring As a result, crate::tls12::cipher becomes trivial enough to merge into its parent. --- rustls/src/crypto/ring/mod.rs | 32 ++- .../{tls12/cipher.rs => crypto/ring/tls12.rs} | 135 ++++++++--- rustls/src/crypto/ring/tls13.rs | 226 ++++++++++++++++++ rustls/src/lib.rs | 26 +- rustls/src/suites.rs | 53 +--- rustls/src/tls12/mod.rs | 139 +++-------- rustls/src/tls13/key_schedule.rs | 4 +- rustls/src/tls13/mod.rs | 224 +---------------- 8 files changed, 415 insertions(+), 424 deletions(-) rename rustls/src/{tls12/cipher.rs => crypto/ring/tls12.rs} (68%) create mode 100644 rustls/src/crypto/ring/tls13.rs diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index ac59e07d42..7862db0d32 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -14,6 +14,9 @@ use core::fmt; pub(crate) mod hash; pub(crate) mod hmac; +#[cfg(feature = "tls12")] +pub(crate) mod tls12; +pub(crate) mod tls13; /// Default crypto provider. #[derive(Debug)] @@ -29,10 +32,37 @@ impl CryptoProvider for Ring { } fn default_cipher_suites() -> &'static [SupportedCipherSuite] { - crate::suites::DEFAULT_CIPHER_SUITES + DEFAULT_CIPHER_SUITES } } +/// The cipher suite configuration that an application should use by default. +/// +/// This will be [`ALL_CIPHER_SUITES`] sans any supported cipher suites that +/// shouldn't be enabled by most applications. +pub static DEFAULT_CIPHER_SUITES: &[SupportedCipherSuite] = ALL_CIPHER_SUITES; + +/// A list of all the cipher suites supported by the rustls *ring* provider. +pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[ + // TLS1.3 suites + tls13::TLS13_AES_256_GCM_SHA384, + tls13::TLS13_AES_128_GCM_SHA256, + tls13::TLS13_CHACHA20_POLY1305_SHA256, + // TLS1.2 suites + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +]; + /// An in-progress key exchange. This has the algorithm, /// our private key, and our public key. #[derive(Debug)] diff --git a/rustls/src/tls12/cipher.rs b/rustls/src/crypto/ring/tls12.rs similarity index 68% rename from rustls/src/tls12/cipher.rs rename to rustls/src/crypto/ring/tls12.rs index 58a1ef5e1d..15b24ad6bc 100644 --- a/rustls/src/tls12/cipher.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -1,13 +1,118 @@ use crate::crypto::cipher::{make_tls12_aad, Iv, MessageDecrypter, MessageEncrypter, Nonce}; +use crate::crypto::KeyExchangeAlgorithm; +use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; use crate::msgs::base::Payload; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +use crate::suites::BulkAlgorithm; #[cfg(feature = "secret_extraction")] use crate::suites::ConnectionTrafficSecrets; +use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; +use crate::tls12::{KeyBlockShape, Tls12AeadAlgorithm, Tls12CipherSuite}; use ring::aead; +/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. +pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + bulk: BulkAlgorithm::Chacha20Poly1305, + hash_provider: &super::hash::SHA256, + }, + kx: KeyExchangeAlgorithm::ECDHE, + sign: TLS12_ECDSA_SCHEMES, + aead_alg: &ChaCha20Poly1305, + hmac_provider: &super::hmac::HMAC_SHA256, + }); + +/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + bulk: BulkAlgorithm::Chacha20Poly1305, + hash_provider: &super::hash::SHA256, + }, + kx: KeyExchangeAlgorithm::ECDHE, + sign: TLS12_RSA_SCHEMES, + aead_alg: &ChaCha20Poly1305, + hmac_provider: &super::hmac::HMAC_SHA256, + }); + +/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + bulk: BulkAlgorithm::Aes128Gcm, + hash_provider: &super::hash::SHA256, + }, + kx: KeyExchangeAlgorithm::ECDHE, + sign: TLS12_RSA_SCHEMES, + aead_alg: &AES128_GCM, + hmac_provider: &super::hmac::HMAC_SHA256, + }); + +/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + bulk: BulkAlgorithm::Aes256Gcm, + hash_provider: &super::hash::SHA384, + }, + kx: KeyExchangeAlgorithm::ECDHE, + sign: TLS12_RSA_SCHEMES, + aead_alg: &AES256_GCM, + hmac_provider: &super::hmac::HMAC_SHA384, + }); + +/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + bulk: BulkAlgorithm::Aes128Gcm, + hash_provider: &super::hash::SHA256, + }, + kx: KeyExchangeAlgorithm::ECDHE, + sign: TLS12_ECDSA_SCHEMES, + aead_alg: &AES128_GCM, + hmac_provider: &super::hmac::HMAC_SHA256, + }); + +/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + bulk: BulkAlgorithm::Aes256Gcm, + hash_provider: &super::hash::SHA384, + }, + kx: KeyExchangeAlgorithm::ECDHE, + sign: TLS12_ECDSA_SCHEMES, + aead_alg: &AES256_GCM, + hmac_provider: &super::hmac::HMAC_SHA384, + }); + +static TLS12_ECDSA_SCHEMES: &[SignatureScheme] = &[ + SignatureScheme::ED25519, + SignatureScheme::ECDSA_NISTP521_SHA512, + SignatureScheme::ECDSA_NISTP384_SHA384, + SignatureScheme::ECDSA_NISTP256_SHA256, +]; + +static TLS12_RSA_SCHEMES: &[SignatureScheme] = &[ + SignatureScheme::RSA_PSS_SHA512, + SignatureScheme::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA256, + SignatureScheme::RSA_PKCS1_SHA512, + SignatureScheme::RSA_PKCS1_SHA384, + SignatureScheme::RSA_PKCS1_SHA256, +]; + pub(crate) static AES128_GCM: GcmAlgorithm = GcmAlgorithm(&aead::AES_128_GCM); pub(crate) static AES256_GCM: GcmAlgorithm = GcmAlgorithm(&aead::AES_256_GCM); @@ -260,36 +365,6 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { } } -pub(crate) trait Tls12AeadAlgorithm: Send + Sync + 'static { - fn decrypter(&self, key: &[u8], iv: &[u8]) -> Box; - fn encrypter(&self, key: &[u8], iv: &[u8], extra: &[u8]) -> Box; - fn key_block_shape(&self) -> KeyBlockShape; - #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: &[u8], iv: &[u8], explicit: &[u8]) -> ConnectionTrafficSecrets; -} - -/// How a TLS1.2 `key_block` is partitioned. -/// -/// nb. ciphersuites with non-zero `mac_key_length` not currently supported -pub(crate) struct KeyBlockShape { - /// How long keys are. - /// - /// `enc_key_len` terminology is from the standard. - pub(crate) enc_key_len: usize, - - /// How long the fixed part of the 'IV' is. - /// - /// This isn't usually an IV, but we continue the - /// terminology misuse to match the standard. - pub(crate) fixed_iv_len: usize, - - /// This is a non-standard extension which extends the - /// key block to provide an initial explicit nonce offset, - /// in a deterministic and safe way. GCM needs this, - /// chacha20poly1305 works this way by design. - pub(crate) explicit_nonce_len: usize, -} - #[cfg(feature = "secret_extraction")] fn slices_to_arrays( k: &[u8], diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs new file mode 100644 index 0000000000..4293bdba2a --- /dev/null +++ b/rustls/src/crypto/ring/tls13.rs @@ -0,0 +1,226 @@ +use crate::crypto::cipher::{ + make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, +}; +use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; +use crate::error::Error; +use crate::msgs::base::Payload; +use crate::msgs::codec::Codec; +use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +use crate::suites::BulkAlgorithm; +#[cfg(feature = "secret_extraction")] +use crate::suites::ConnectionTrafficSecrets; +use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; +use crate::tls13::{Tls13AeadAlgorithm, Tls13CipherSuite}; + +use ring::aead; + +/// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256 +pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL); + +pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, + bulk: BulkAlgorithm::Chacha20Poly1305, + hash_provider: &super::hash::SHA256, + }, + hmac_provider: &super::hmac::HMAC_SHA256, + aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&ring::aead::CHACHA20_POLY1305)), + #[cfg(feature = "quic")] + confidentiality_limit: u64::MAX, + #[cfg(feature = "quic")] + integrity_limit: 1 << 36, +}; + +/// The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384 +pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = + SupportedCipherSuite::Tls13(&Tls13CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS13_AES_256_GCM_SHA384, + bulk: BulkAlgorithm::Aes256Gcm, + hash_provider: &super::hash::SHA384, + }, + hmac_provider: &super::hmac::HMAC_SHA384, + aead_alg: &Aes256GcmAead(AeadAlgorithm(&ring::aead::AES_256_GCM)), + #[cfg(feature = "quic")] + confidentiality_limit: 1 << 23, + #[cfg(feature = "quic")] + integrity_limit: 1 << 52, + }); + +/// The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256 +pub static TLS13_AES_128_GCM_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls13(TLS13_AES_128_GCM_SHA256_INTERNAL); + +pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS13_AES_128_GCM_SHA256, + bulk: BulkAlgorithm::Aes128Gcm, + hash_provider: &super::hash::SHA256, + }, + hmac_provider: &super::hmac::HMAC_SHA256, + aead_alg: &Aes128GcmAead(AeadAlgorithm(&ring::aead::AES_128_GCM)), + #[cfg(feature = "quic")] + confidentiality_limit: 1 << 23, + #[cfg(feature = "quic")] + integrity_limit: 1 << 52, +}; + +struct Chacha20Poly1305Aead(AeadAlgorithm); + +impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.encrypter(key, iv) + } + + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.decrypter(key, iv) + } + + fn key_len(&self) -> usize { + self.0.key_len() + } + + #[cfg(feature = "secret_extraction")] + fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets { + let (key, iv) = (slice_to_array(key.as_ref()), slice_to_array(&iv.0)); + ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv } + } +} + +struct Aes256GcmAead(AeadAlgorithm); + +impl Tls13AeadAlgorithm for Aes256GcmAead { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.encrypter(key, iv) + } + + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.decrypter(key, iv) + } + + fn key_len(&self) -> usize { + self.0.key_len() + } + + #[cfg(feature = "secret_extraction")] + fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets { + let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv.0[..4], &iv.0[4..]); + ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv } + } +} + +struct Aes128GcmAead(AeadAlgorithm); + +impl Tls13AeadAlgorithm for Aes128GcmAead { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.encrypter(key, iv) + } + + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.decrypter(key, iv) + } + + fn key_len(&self) -> usize { + self.0.key_len() + } + + #[cfg(feature = "secret_extraction")] + fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets { + let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv.0[..4], &iv.0[4..]); + ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv } + } +} + +// common encrypter/decrypter/key_len items for above Tls13AeadAlgorithm impls +struct AeadAlgorithm(&'static ring::aead::Algorithm); + +impl AeadAlgorithm { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { + // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. + Box::new(Tls13MessageEncrypter { + enc_key: aead::LessSafeKey::new(aead::UnboundKey::new(self.0, key.as_ref()).unwrap()), + iv, + }) + } + + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { + // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. + Box::new(Tls13MessageDecrypter { + dec_key: aead::LessSafeKey::new(aead::UnboundKey::new(self.0, key.as_ref()).unwrap()), + iv, + }) + } + + fn key_len(&self) -> usize { + self.0.key_len() + } +} + +struct Tls13MessageEncrypter { + enc_key: ring::aead::LessSafeKey, + iv: Iv, +} + +struct Tls13MessageDecrypter { + dec_key: ring::aead::LessSafeKey, + iv: Iv, +} + +impl MessageEncrypter for Tls13MessageEncrypter { + fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { + let total_len = msg.payload.len() + 1 + self.enc_key.algorithm().tag_len(); + let mut payload = Vec::with_capacity(total_len); + payload.extend_from_slice(msg.payload); + msg.typ.encode(&mut payload); + + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); + let aad = aead::Aad::from(make_tls13_aad(total_len)); + self.enc_key + .seal_in_place_append_tag(nonce, aad, &mut payload) + .map_err(|_| Error::General("encrypt failed".to_string()))?; + + Ok(OpaqueMessage { + typ: ContentType::ApplicationData, + version: ProtocolVersion::TLSv1_2, + payload: Payload::new(payload), + }) + } +} + +impl MessageDecrypter for Tls13MessageDecrypter { + fn decrypt(&self, mut msg: OpaqueMessage, seq: u64) -> Result { + let payload = &mut msg.payload.0; + if payload.len() < self.dec_key.algorithm().tag_len() { + return Err(Error::DecryptError); + } + + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); + let aad = aead::Aad::from(make_tls13_aad(payload.len())); + let plain_len = self + .dec_key + .open_in_place(nonce, aad, payload) + .map_err(|_| Error::DecryptError)? + .len(); + + payload.truncate(plain_len); + msg.into_tls13_unpadded_message() + } +} + +#[cfg(feature = "secret_extraction")] +fn slices_to_arrays( + k: &[u8], + s: &[u8], + i: &[u8], +) -> ([u8; NK], [u8; NS], [u8; NI]) { + (slice_to_array(k), slice_to_array(s), slice_to_array(i)) +} + +#[cfg(feature = "secret_extraction")] +fn slice_to_array(slice: &[u8]) -> [u8; N] { + // this is guaranteed true because `ConnectionTrafficSecrets` items and + // `key_len()` are in agreement. + debug_assert_eq!(N, slice.len()); + slice.try_into().unwrap() +} diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 49bcb9319e..e473ff0c05 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -383,6 +383,7 @@ pub use crate::common_state::{CommonState, IoState, Side}; pub use crate::conn::{Connection, ConnectionCommon, Reader, SideData, Writer}; pub use crate::crypto::ring::Ticketer; pub use crate::crypto::ring::{SupportedKxGroup, ALL_KX_GROUPS}; +pub use crate::crypto::ring::{ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES}; pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, SignatureScheme, @@ -400,7 +401,6 @@ pub use crate::stream::{Stream, StreamOwned}; pub use crate::suites::SupportedCipherSuite; #[cfg(feature = "secret_extraction")] pub use crate::suites::{ConnectionTrafficSecrets, ExtractedSecrets}; -pub use crate::suites::{ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES}; pub use crate::ticketer::TicketSwitcher; #[cfg(feature = "tls12")] pub use crate::tls12::Tls12CipherSuite; @@ -479,22 +479,16 @@ pub use server::{ServerConfig, ServerConnection}; /// /// [`ALL_CIPHER_SUITES`] is provided as an array of all of these values. pub mod cipher_suite { - pub use crate::suites::CipherSuiteCommon; - #[cfg(feature = "tls12")] - pub use crate::tls12::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256; - #[cfg(feature = "tls12")] - pub use crate::tls12::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384; - #[cfg(feature = "tls12")] - pub use crate::tls12::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256; - #[cfg(feature = "tls12")] - pub use crate::tls12::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256; #[cfg(feature = "tls12")] - pub use crate::tls12::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384; - #[cfg(feature = "tls12")] - pub use crate::tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256; - pub use crate::tls13::TLS13_AES_128_GCM_SHA256; - pub use crate::tls13::TLS13_AES_256_GCM_SHA384; - pub use crate::tls13::TLS13_CHACHA20_POLY1305_SHA256; + pub use crate::crypto::ring::tls12::{ + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + }; + pub use crate::crypto::ring::tls13::{ + TLS13_AES_128_GCM_SHA256, TLS13_AES_256_GCM_SHA384, TLS13_CHACHA20_POLY1305_SHA256, + }; + pub use crate::suites::CipherSuiteCommon; } /// All defined protocol versions appear in this module. diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 0bf81633f3..c24ca5d0f9 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -4,20 +4,7 @@ use crate::crypto; use crate::enums::{CipherSuite, ProtocolVersion, SignatureAlgorithm, SignatureScheme}; #[cfg(feature = "tls12")] use crate::tls12::Tls12CipherSuite; -#[cfg(feature = "tls12")] -use crate::tls12::{ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - // TLS1.2 suites - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, -}; use crate::tls13::Tls13CipherSuite; -use crate::tls13::{ - TLS13_AES_128_GCM_SHA256, TLS13_AES_256_GCM_SHA384, TLS13_CHACHA20_POLY1305_SHA256, -}; #[cfg(feature = "tls12")] use crate::versions::TLS12; use crate::versions::{SupportedProtocolVersion, TLS13}; @@ -51,7 +38,7 @@ pub struct CipherSuiteCommon { /// A cipher suite supported by rustls. /// /// All possible instances of this type are provided by the library in -/// the [`ALL_CIPHER_SUITES`] array. +/// the [`crate::ALL_CIPHER_SUITES`] array. #[derive(Clone, Copy, PartialEq)] pub enum SupportedCipherSuite { /// A TLS 1.2 cipher suite @@ -118,33 +105,6 @@ impl SupportedCipherSuite { } } -/// A list of all the cipher suites supported by rustls. -pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[ - // TLS1.3 suites - TLS13_AES_256_GCM_SHA384, - TLS13_AES_128_GCM_SHA256, - TLS13_CHACHA20_POLY1305_SHA256, - // TLS1.2 suites - #[cfg(feature = "tls12")] - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - #[cfg(feature = "tls12")] - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - #[cfg(feature = "tls12")] - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - #[cfg(feature = "tls12")] - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - #[cfg(feature = "tls12")] - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - #[cfg(feature = "tls12")] - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, -]; - -/// The cipher suite configuration that an application should use by default. -/// -/// This will be [`ALL_CIPHER_SUITES`] sans any supported cipher suites that -/// shouldn't be enabled by most applications. -pub static DEFAULT_CIPHER_SUITES: &[SupportedCipherSuite] = ALL_CIPHER_SUITES; - // These both O(N^2)! pub(crate) fn choose_ciphersuite_preferring_client( client_suites: &[CipherSuite], @@ -274,6 +234,7 @@ pub enum ConnectionTrafficSecrets { #[cfg(test)] mod test { + use super::crypto::ring::tls13::*; use super::*; use crate::enums::CipherSuite; @@ -305,19 +266,19 @@ mod test { fn test_pref_fails() { assert!(choose_ciphersuite_preferring_client( &[CipherSuite::TLS_NULL_WITH_NULL_NULL], - ALL_CIPHER_SUITES + crate::ALL_CIPHER_SUITES ) .is_none()); assert!(choose_ciphersuite_preferring_server( &[CipherSuite::TLS_NULL_WITH_NULL_NULL], - ALL_CIPHER_SUITES + crate::ALL_CIPHER_SUITES ) .is_none()); } #[test] fn test_scs_is_debug() { - println!("{:?}", ALL_CIPHER_SUITES); + println!("{:?}", crate::ALL_CIPHER_SUITES); } #[test] @@ -325,12 +286,12 @@ mod test { assert!(TLS13_AES_128_GCM_SHA256 .tls13() .unwrap() - .can_resume_from(crate::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL) + .can_resume_from(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL) .is_some()); assert!(TLS13_AES_256_GCM_SHA384 .tls13() .unwrap() - .can_resume_from(crate::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL) + .can_resume_from(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL) .is_none()); } } diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 2010da0280..c8f1bb651f 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -3,121 +3,18 @@ use crate::conn::ConnectionRandoms; use crate::crypto; use crate::crypto::cipher::{MessageDecrypter, MessageEncrypter}; use crate::crypto::hash; -use crate::enums::{AlertDescription, CipherSuite, SignatureScheme}; +use crate::enums::{AlertDescription, SignatureScheme}; use crate::error::{Error, InvalidMessage}; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::KeyExchangeAlgorithm; +use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; #[cfg(feature = "secret_extraction")] -use crate::suites::PartiallyExtractedSecrets; -use crate::suites::{BulkAlgorithm, CipherSuiteCommon, SupportedCipherSuite}; +use crate::suites::{ConnectionTrafficSecrets, PartiallyExtractedSecrets}; use core::fmt; -mod cipher; -pub(crate) use cipher::{ChaCha20Poly1305, Tls12AeadAlgorithm, AES128_GCM, AES256_GCM}; - mod prf; -/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. -pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = - SupportedCipherSuite::Tls12(&Tls12CipherSuite { - common: CipherSuiteCommon { - suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - bulk: BulkAlgorithm::Chacha20Poly1305, - hash_provider: &crypto::ring::hash::SHA256, - }, - kx: KeyExchangeAlgorithm::ECDHE, - sign: TLS12_ECDSA_SCHEMES, - aead_alg: &ChaCha20Poly1305, - hmac_provider: &crypto::ring::hmac::HMAC_SHA256, - }); - -/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = - SupportedCipherSuite::Tls12(&Tls12CipherSuite { - common: CipherSuiteCommon { - suite: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - bulk: BulkAlgorithm::Chacha20Poly1305, - hash_provider: &crypto::ring::hash::SHA256, - }, - kx: KeyExchangeAlgorithm::ECDHE, - sign: TLS12_RSA_SCHEMES, - aead_alg: &ChaCha20Poly1305, - hmac_provider: &crypto::ring::hmac::HMAC_SHA256, - }); - -/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = - SupportedCipherSuite::Tls12(&Tls12CipherSuite { - common: CipherSuiteCommon { - suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - bulk: BulkAlgorithm::Aes128Gcm, - hash_provider: &crypto::ring::hash::SHA256, - }, - kx: KeyExchangeAlgorithm::ECDHE, - sign: TLS12_RSA_SCHEMES, - aead_alg: &AES128_GCM, - hmac_provider: &crypto::ring::hmac::HMAC_SHA256, - }); - -/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = - SupportedCipherSuite::Tls12(&Tls12CipherSuite { - common: CipherSuiteCommon { - suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - bulk: BulkAlgorithm::Aes256Gcm, - hash_provider: &crypto::ring::hash::SHA384, - }, - kx: KeyExchangeAlgorithm::ECDHE, - sign: TLS12_RSA_SCHEMES, - aead_alg: &AES256_GCM, - hmac_provider: &crypto::ring::hmac::HMAC_SHA384, - }); - -/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 -pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = - SupportedCipherSuite::Tls12(&Tls12CipherSuite { - common: CipherSuiteCommon { - suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - bulk: BulkAlgorithm::Aes128Gcm, - hash_provider: &crypto::ring::hash::SHA256, - }, - kx: KeyExchangeAlgorithm::ECDHE, - sign: TLS12_ECDSA_SCHEMES, - aead_alg: &AES128_GCM, - hmac_provider: &crypto::ring::hmac::HMAC_SHA256, - }); - -/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 -pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = - SupportedCipherSuite::Tls12(&Tls12CipherSuite { - common: CipherSuiteCommon { - suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - bulk: BulkAlgorithm::Aes256Gcm, - hash_provider: &crypto::ring::hash::SHA384, - }, - kx: KeyExchangeAlgorithm::ECDHE, - sign: TLS12_ECDSA_SCHEMES, - aead_alg: &AES256_GCM, - hmac_provider: &crypto::ring::hmac::HMAC_SHA384, - }); - -static TLS12_ECDSA_SCHEMES: &[SignatureScheme] = &[ - SignatureScheme::ED25519, - SignatureScheme::ECDSA_NISTP521_SHA512, - SignatureScheme::ECDSA_NISTP384_SHA384, - SignatureScheme::ECDSA_NISTP256_SHA256, -]; - -static TLS12_RSA_SCHEMES: &[SignatureScheme] = &[ - SignatureScheme::RSA_PSS_SHA512, - SignatureScheme::RSA_PSS_SHA384, - SignatureScheme::RSA_PSS_SHA256, - SignatureScheme::RSA_PKCS1_SHA512, - SignatureScheme::RSA_PKCS1_SHA384, - SignatureScheme::RSA_PKCS1_SHA256, -]; - /// A TLS 1.2 cipher suite supported by rustls. pub struct Tls12CipherSuite { /// Common cipher suite fields. @@ -169,6 +66,36 @@ impl fmt::Debug for Tls12CipherSuite { } } +pub(crate) trait Tls12AeadAlgorithm: Send + Sync + 'static { + fn decrypter(&self, key: &[u8], iv: &[u8]) -> Box; + fn encrypter(&self, key: &[u8], iv: &[u8], extra: &[u8]) -> Box; + fn key_block_shape(&self) -> KeyBlockShape; + #[cfg(feature = "secret_extraction")] + fn extract_keys(&self, key: &[u8], iv: &[u8], explicit: &[u8]) -> ConnectionTrafficSecrets; +} + +/// How a TLS1.2 `key_block` is partitioned. +/// +/// nb. ciphersuites with non-zero `mac_key_length` not currently supported +pub(crate) struct KeyBlockShape { + /// How long keys are. + /// + /// `enc_key_len` terminology is from the standard. + pub(crate) enc_key_len: usize, + + /// How long the fixed part of the 'IV' is. + /// + /// This isn't usually an IV, but we continue the + /// terminology misuse to match the standard. + pub(crate) fixed_iv_len: usize, + + /// This is a non-standard extension which extends the + /// key block to provide an initial explicit nonce offset, + /// in a deterministic and safe way. GCM needs this, + /// chacha20poly1305 works this way by design. + pub(crate) explicit_nonce_len: usize, +} + /// TLS1.2 per-connection keying material pub(crate) struct ConnectionSecrets { pub(crate) randoms: ConnectionRandoms, diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 63fc4e0c66..b4f21f2a0e 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -788,7 +788,7 @@ where #[cfg(test)] mod test { use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; - use crate::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; + use crate::crypto::ring::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; use crate::KeyLog; use ring::aead; @@ -968,8 +968,8 @@ mod benchmarks { #[bench] fn bench_sha256(b: &mut test::Bencher) { use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; + use crate::crypto::ring::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; use crate::hkdf; - use crate::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; use crate::KeyLog; use ring::aead; diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 9689fc5bc2..6545c72bc1 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -1,76 +1,14 @@ use crate::crypto; -use crate::crypto::cipher::{ - make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, -}; +use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter, MessageEncrypter}; use crate::crypto::hash; -use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; -use crate::error::Error; -use crate::msgs::base::Payload; -use crate::msgs::codec::Codec; -use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; -use crate::suites::BulkAlgorithm; #[cfg(feature = "secret_extraction")] use crate::suites::ConnectionTrafficSecrets; use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; -use ring::aead; - use core::fmt; pub(crate) mod key_schedule; -/// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256 -pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = - SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL); - -pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13CipherSuite { - common: CipherSuiteCommon { - suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, - bulk: BulkAlgorithm::Chacha20Poly1305, - hash_provider: &crypto::ring::hash::SHA256, - }, - hmac_provider: &crypto::ring::hmac::HMAC_SHA256, - aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&ring::aead::CHACHA20_POLY1305)), - #[cfg(feature = "quic")] - confidentiality_limit: u64::MAX, - #[cfg(feature = "quic")] - integrity_limit: 1 << 36, -}; - -/// The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384 -pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = - SupportedCipherSuite::Tls13(&Tls13CipherSuite { - common: CipherSuiteCommon { - suite: CipherSuite::TLS13_AES_256_GCM_SHA384, - bulk: BulkAlgorithm::Aes256Gcm, - hash_provider: &crypto::ring::hash::SHA384, - }, - hmac_provider: &crypto::ring::hmac::HMAC_SHA384, - aead_alg: &Aes256GcmAead(AeadAlgorithm(&ring::aead::AES_256_GCM)), - #[cfg(feature = "quic")] - confidentiality_limit: 1 << 23, - #[cfg(feature = "quic")] - integrity_limit: 1 << 52, - }); - -/// The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256 -pub static TLS13_AES_128_GCM_SHA256: SupportedCipherSuite = - SupportedCipherSuite::Tls13(TLS13_AES_128_GCM_SHA256_INTERNAL); - -pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13CipherSuite { - common: CipherSuiteCommon { - suite: CipherSuite::TLS13_AES_128_GCM_SHA256, - bulk: BulkAlgorithm::Aes128Gcm, - hash_provider: &crypto::ring::hash::SHA256, - }, - hmac_provider: &crypto::ring::hmac::HMAC_SHA256, - aead_alg: &Aes128GcmAead(AeadAlgorithm(&ring::aead::AES_128_GCM)), - #[cfg(feature = "quic")] - confidentiality_limit: 1 << 23, - #[cfg(feature = "quic")] - integrity_limit: 1 << 52, -}; - /// A TLS 1.3 cipher suite supported by rustls. pub struct Tls13CipherSuite { /// Common cipher suite fields. @@ -112,97 +50,6 @@ impl fmt::Debug for Tls13CipherSuite { } } -struct Chacha20Poly1305Aead(AeadAlgorithm); - -impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { - fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { - self.0.encrypter(key, iv) - } - - fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { - self.0.decrypter(key, iv) - } - - fn key_len(&self) -> usize { - self.0.key_len() - } - - #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets { - let (key, iv) = (slice_to_array(key.as_ref()), slice_to_array(&iv.0)); - ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv } - } -} - -struct Aes256GcmAead(AeadAlgorithm); - -impl Tls13AeadAlgorithm for Aes256GcmAead { - fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { - self.0.encrypter(key, iv) - } - - fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { - self.0.decrypter(key, iv) - } - - fn key_len(&self) -> usize { - self.0.key_len() - } - - #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets { - let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv.0[..4], &iv.0[4..]); - ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv } - } -} - -struct Aes128GcmAead(AeadAlgorithm); - -impl Tls13AeadAlgorithm for Aes128GcmAead { - fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { - self.0.encrypter(key, iv) - } - - fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { - self.0.decrypter(key, iv) - } - - fn key_len(&self) -> usize { - self.0.key_len() - } - - #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets { - let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv.0[..4], &iv.0[4..]); - ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv } - } -} - -// common encrypter/decrypter/key_len items for above Tls13AeadAlgorithm impls -struct AeadAlgorithm(&'static ring::aead::Algorithm); - -impl AeadAlgorithm { - fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { - // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. - Box::new(Tls13MessageEncrypter { - enc_key: aead::LessSafeKey::new(aead::UnboundKey::new(self.0, key.as_ref()).unwrap()), - iv, - }) - } - - fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { - // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. - Box::new(Tls13MessageDecrypter { - dec_key: aead::LessSafeKey::new(aead::UnboundKey::new(self.0, key.as_ref()).unwrap()), - iv, - }) - } - - fn key_len(&self) -> usize { - self.0.key_len() - } -} - pub(crate) trait Tls13AeadAlgorithm: Send + Sync { fn encrypter(&self, key: AeadKey, iv: Iv) -> Box; fn decrypter(&self, key: AeadKey, iv: Iv) -> Box; @@ -212,75 +59,6 @@ pub(crate) trait Tls13AeadAlgorithm: Send + Sync { fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets; } -struct Tls13MessageEncrypter { - enc_key: ring::aead::LessSafeKey, - iv: Iv, -} - -struct Tls13MessageDecrypter { - dec_key: ring::aead::LessSafeKey, - iv: Iv, -} - -impl MessageEncrypter for Tls13MessageEncrypter { - fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { - let total_len = msg.payload.len() + 1 + self.enc_key.algorithm().tag_len(); - let mut payload = Vec::with_capacity(total_len); - payload.extend_from_slice(msg.payload); - msg.typ.encode(&mut payload); - - let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); - let aad = aead::Aad::from(make_tls13_aad(total_len)); - - self.enc_key - .seal_in_place_append_tag(nonce, aad, &mut payload) - .map_err(|_| Error::General("encrypt failed".to_string()))?; - - Ok(OpaqueMessage { - typ: ContentType::ApplicationData, - version: ProtocolVersion::TLSv1_2, - payload: Payload::new(payload), - }) - } -} - -impl MessageDecrypter for Tls13MessageDecrypter { - fn decrypt(&self, mut msg: OpaqueMessage, seq: u64) -> Result { - let payload = &mut msg.payload.0; - if payload.len() < self.dec_key.algorithm().tag_len() { - return Err(Error::DecryptError); - } - - let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); - let aad = aead::Aad::from(make_tls13_aad(payload.len())); - let plain_len = self - .dec_key - .open_in_place(nonce, aad, payload) - .map_err(|_| Error::DecryptError)? - .len(); - - payload.truncate(plain_len); - msg.into_tls13_unpadded_message() - } -} - -#[cfg(feature = "secret_extraction")] -fn slices_to_arrays( - k: &[u8], - s: &[u8], - i: &[u8], -) -> ([u8; NK], [u8; NS], [u8; NI]) { - (slice_to_array(k), slice_to_array(s), slice_to_array(i)) -} - -#[cfg(feature = "secret_extraction")] -fn slice_to_array(slice: &[u8]) -> [u8; N] { - // this is guaranteed true because `ConnectionTrafficSecrets` items and - // `key_len()` are in agreement. - debug_assert_eq!(N, slice.len()); - slice.try_into().unwrap() -} - /// Constructs the signature message specified in section 4.4.3 of RFC8446. pub(crate) fn construct_client_verify_message(handshake_hash: &hash::Output) -> Vec { construct_verify_message(handshake_hash, b"TLS 1.3, client CertificateVerify\x00") From 0375b01536e3499c6e9038f01a225d2996772acf Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 22 Aug 2023 12:43:11 +0100 Subject: [PATCH 0106/1145] Insulate quic code from direct dependency on *ring* eg, `HeaderProtectionKey` is no longer a struct, but a trait. This is impl'd by `RingHeaderProtectionKey`. This is a breaking change, because *ring* types no longer appear in the public quic API. This removes the final use of the `BulkAlgorithm` type, which is deleted. Reuse nonce computation in `cipher::Nonce::new`. --- rustls/src/crypto/ring/tls13.rs | 6 + rustls/src/hkdf.rs | 7 + rustls/src/quic.rs | 582 +++++++++++++++++++------------ rustls/src/suites.rs | 3 +- rustls/src/tls13/key_schedule.rs | 4 +- rustls/src/tls13/mod.rs | 2 + rustls/tests/api.rs | 57 ++- 7 files changed, 419 insertions(+), 242 deletions(-) diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 4293bdba2a..8c1aa79a3e 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -30,6 +30,8 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & confidentiality_limit: u64::MAX, #[cfg(feature = "quic")] integrity_limit: 1 << 36, + #[cfg(feature = "quic")] + quic: &crate::quic::RingKeyBuilder(&ring::aead::CHACHA20_POLY1305, &ring::aead::quic::CHACHA20), }; /// The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384 @@ -46,6 +48,8 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = confidentiality_limit: 1 << 23, #[cfg(feature = "quic")] integrity_limit: 1 << 52, + #[cfg(feature = "quic")] + quic: &crate::quic::RingKeyBuilder(&ring::aead::AES_256_GCM, &aead::quic::AES_256), }); /// The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256 @@ -64,6 +68,8 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C confidentiality_limit: 1 << 23, #[cfg(feature = "quic")] integrity_limit: 1 << 52, + #[cfg(feature = "quic")] + quic: &crate::quic::RingKeyBuilder(&ring::aead::AES_128_GCM, &aead::quic::AES_128), }; struct Chacha20Poly1305Aead(AeadAlgorithm); diff --git a/rustls/src/hkdf.rs b/rustls/src/hkdf.rs index e43fce9cfb..f02f5c98f5 100644 --- a/rustls/src/hkdf.rs +++ b/rustls/src/hkdf.rs @@ -44,6 +44,13 @@ pub(crate) struct Expander(Box); #[derive(Clone)] pub(crate) struct OkmBlock(hmac::Tag); +/// TODO: only required for quic tests +impl From<&[u8]> for OkmBlock { + fn from(value: &[u8]) -> Self { + Self(hmac::Tag::new(value)) + } +} + impl AsRef<[u8]> for OkmBlock { fn as_ref(&self) -> &[u8] { self.0.as_ref() diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 488c7e858b..3b6fdb511f 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -2,17 +2,18 @@ use crate::client::{ClientConfig, ClientConnectionData, ServerName}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, SideData}; -use crate::crypto::cipher::{Iv, IvLen}; +use crate::crypto::cipher::{Iv, Nonce}; use crate::crypto::CryptoProvider; use crate::enums::{AlertDescription, ProtocolVersion}; use crate::error::Error; +use crate::hkdf; use crate::msgs::handshake::{ClientExtension, ServerExtension}; use crate::server::{ServerConfig, ServerConnectionData}; -use crate::suites::BulkAlgorithm; -use crate::tls13::key_schedule::hkdf_expand; -use crate::tls13::{Tls13CipherSuite, TLS13_AES_128_GCM_SHA256_INTERNAL}; +use crate::tls13::key_schedule::hkdf_expand_label_block; +use crate::tls13::key_schedule::{hkdf_expand_label, hkdf_expand_label_aead_key}; +use crate::tls13::Tls13CipherSuite; -use ring::{aead, hkdf}; +use ring::aead; use alloc::collections::VecDeque; use alloc::sync::Arc; @@ -387,7 +388,7 @@ pub(crate) struct Quic { pub(crate) params: Option>, pub(crate) alert: Option, pub(crate) hs_queue: VecDeque<(bool, Vec)>, - pub(crate) early_secret: Option, + pub(crate) early_secret: Option, pub(crate) hs_secrets: Option, pub(crate) traffic_secrets: Option, /// Whether keys derived from traffic_secrets have been passed to the QUIC implementation @@ -430,12 +431,12 @@ impl Quic { } /// Secrets used to encrypt/decrypt traffic -#[derive(Clone, Debug)] +#[derive(Clone)] pub struct Secrets { /// Secret used to encrypt packets transmitted by the client - client: hkdf::Prk, + pub(crate) client: hkdf::OkmBlock, /// Secret used to encrypt packets transmitted by the server - server: hkdf::Prk, + pub(crate) server: hkdf::OkmBlock, /// Cipher suite used with these secrets suite: &'static Tls13CipherSuite, side: Side, @@ -444,8 +445,8 @@ pub struct Secrets { impl Secrets { pub(crate) fn new( - client: hkdf::Prk, - server: hkdf::Prk, + client: hkdf::OkmBlock, + server: hkdf::OkmBlock, suite: &'static Tls13CipherSuite, side: Side, version: Version, @@ -466,13 +467,20 @@ impl Secrets { keys } - fn update(&mut self) { - let hkdf_alg = self.suite.hkdf_algorithm; - self.client = hkdf_expand(&self.client, hkdf_alg, self.version.key_update_label(), &[]); - self.server = hkdf_expand(&self.server, hkdf_alg, self.version.key_update_label(), &[]); + pub(crate) fn update(&mut self) { + self.client = hkdf_expand_label_block( + &hkdf::Expander::from_okm(&self.client, self.suite.hmac_provider), + self.version.key_update_label(), + &[], + ); + self.server = hkdf_expand_label_block( + &hkdf::Expander::from_okm(&self.server, self.suite.hmac_provider), + self.version.key_update_label(), + &[], + ); } - fn local_remote(&self) -> (&hkdf::Prk, &hkdf::Prk) { + fn local_remote(&self) -> (&hkdf::OkmBlock, &hkdf::OkmBlock) { match self.side { Side::Client => (&self.client, &self.server), Side::Server => (&self.server, &self.client), @@ -483,38 +491,67 @@ impl Secrets { /// Keys used to communicate in a single direction pub struct DirectionalKeys { /// Encrypts or decrypts a packet's headers - pub header: HeaderProtectionKey, + pub header: Box, /// Encrypts or decrypts the payload of a packet - pub packet: PacketKey, + pub packet: Box, } impl DirectionalKeys { pub(crate) fn new( suite: &'static Tls13CipherSuite, - secret: &hkdf::Prk, + secret: &hkdf::OkmBlock, version: Version, ) -> Self { + let expander = hkdf::Expander::from_okm(secret, suite.hmac_provider); Self { - header: HeaderProtectionKey::new(suite, secret, version), - packet: PacketKey::new(suite, secret, version), + header: suite + .quic + .header_protection_key(&expander, version), + packet: suite + .quic + .packet_key(suite, &expander, version), } } } -/// A QUIC header protection key -pub struct HeaderProtectionKey(aead::quic::HeaderProtectionKey); - -impl HeaderProtectionKey { - fn new(suite: &'static Tls13CipherSuite, secret: &hkdf::Prk, version: Version) -> Self { - let alg = match suite.common.bulk { - BulkAlgorithm::Aes128Gcm => &aead::quic::AES_128, - BulkAlgorithm::Aes256Gcm => &aead::quic::AES_256, - BulkAlgorithm::Chacha20Poly1305 => &aead::quic::CHACHA20, - }; +/// All AEADs we support have 16-byte tags. +const TAG_LEN: usize = 16; + +/// Authentication tag from an AEAD seal operation. +pub struct Tag([u8; TAG_LEN]); + +impl From<&[u8]> for Tag { + fn from(value: &[u8]) -> Self { + let mut array = [0u8; TAG_LEN]; + array.copy_from_slice(value); + Self(array) + } +} - Self(hkdf_expand(secret, alg, version.header_key_label(), &[])) +impl AsRef<[u8]> for Tag { + fn as_ref(&self) -> &[u8] { + &self.0 } +} + +/// How a `Tls13CipherSuite` generates `PacketKey`s and `HeaderProtectionKey`s. +pub(crate) trait Algorithm: Send + Sync { + fn packet_key( + &self, + suite: &'static Tls13CipherSuite, + secret: &hkdf::Expander, + version: Version, + ) -> Box; + + fn header_protection_key( + &self, + secret: &hkdf::Expander, + version: Version, + ) -> Box; +} +/// A QUIC header protection key +pub trait HeaderProtectionKey { /// Adds QUIC Header Protection. /// /// `sample` must contain the sample of encrypted payload; see @@ -535,15 +572,12 @@ impl HeaderProtectionKey { /// [Header Protection Application]: https://datatracker.ietf.org/doc/html/rfc9001#section-5.4.1 /// [Header Protection Sample]: https://datatracker.ietf.org/doc/html/rfc9001#section-5.4.2 /// [Packet Number Encoding and Decoding]: https://datatracker.ietf.org/doc/html/rfc9000#section-17.1 - #[inline] - pub fn encrypt_in_place( + fn encrypt_in_place( &self, sample: &[u8], first: &mut u8, packet_number: &mut [u8], - ) -> Result<(), Error> { - self.xor_in_place(sample, first, packet_number, false) - } + ) -> Result<(), Error>; /// Removes QUIC Header Protection. /// @@ -566,100 +600,19 @@ impl HeaderProtectionKey { /// [Header Protection Application]: https://datatracker.ietf.org/doc/html/rfc9001#section-5.4.1 /// [Header Protection Sample]: https://datatracker.ietf.org/doc/html/rfc9001#section-5.4.2 /// [Packet Number Encoding and Decoding]: https://datatracker.ietf.org/doc/html/rfc9000#section-17.1 - #[inline] - pub fn decrypt_in_place( - &self, - sample: &[u8], - first: &mut u8, - packet_number: &mut [u8], - ) -> Result<(), Error> { - self.xor_in_place(sample, first, packet_number, true) - } - - fn xor_in_place( + fn decrypt_in_place( &self, sample: &[u8], first: &mut u8, packet_number: &mut [u8], - masked: bool, - ) -> Result<(), Error> { - // This implements [Header Protection Application] almost verbatim. - - let mask = self - .0 - .new_mask(sample) - .map_err(|_| Error::General("sample of invalid length".into()))?; - - // The `unwrap()` will not panic because `new_mask` returns a - // non-empty result. - let (first_mask, pn_mask) = mask.split_first().unwrap(); - - // It is OK for the `mask` to be longer than `packet_number`, - // but a valid `packet_number` will never be longer than `mask`. - if packet_number.len() > pn_mask.len() { - return Err(Error::General("packet number too long".into())); - } - - // Infallible from this point on. Before this point, `first` and - // `packet_number` are unchanged. - - const LONG_HEADER_FORM: u8 = 0x80; - let bits = match *first & LONG_HEADER_FORM == LONG_HEADER_FORM { - true => 0x0f, // Long header: 4 bits masked - false => 0x1f, // Short header: 5 bits masked - }; - - let first_plain = match masked { - // When unmasking, use the packet length bits after unmasking - true => *first ^ (first_mask & bits), - // When masking, use the packet length bits before masking - false => *first, - }; - let pn_len = (first_plain & 0x03) as usize + 1; - - *first ^= first_mask & bits; - for (dst, m) in packet_number - .iter_mut() - .zip(pn_mask) - .take(pn_len) - { - *dst ^= m; - } - - Ok(()) - } + ) -> Result<(), Error>; /// Expected sample length for the key's algorithm - #[inline] - pub fn sample_len(&self) -> usize { - self.0.algorithm().sample_len() - } + fn sample_len(&self) -> usize; } /// Keys to encrypt or decrypt the payload of a packet -pub struct PacketKey { - /// Encrypts or decrypts a packet's payload - key: aead::LessSafeKey, - /// Computes unique nonces for each packet - iv: Iv, - /// The cipher suite used for this packet key - suite: &'static Tls13CipherSuite, -} - -impl PacketKey { - fn new(suite: &'static Tls13CipherSuite, secret: &hkdf::Prk, version: Version) -> Self { - Self { - key: aead::LessSafeKey::new(hkdf_expand( - secret, - suite.aead_algorithm, - version.packet_key_label(), - &[], - )), - iv: hkdf_expand(secret, IvLen, version.packet_iv_label(), &[]), - suite, - } - } - +pub trait PacketKey { /// Encrypt a QUIC packet /// /// Takes a `packet_number`, used to derive the nonce; the packet `header`, which is used as @@ -667,20 +620,12 @@ impl PacketKey { /// encryption succeeds. /// /// Fails iff the payload is longer than allowed by the cipher suite's AEAD algorithm. - pub fn encrypt_in_place( + fn encrypt_in_place( &self, packet_number: u64, header: &[u8], payload: &mut [u8], - ) -> Result { - let aad = aead::Aad::from(header); - let nonce = nonce_for(packet_number, &self.iv); - let tag = self - .key - .seal_in_place_separate_tag(nonce, aad, payload) - .map_err(|_| Error::EncryptError)?; - Ok(Tag(tag)) - } + ) -> Result; /// Decrypt a QUIC packet /// @@ -689,70 +634,49 @@ impl PacketKey { /// /// If the return value is `Ok`, the decrypted payload can be found in `payload`, up to the /// length found in the return value. - pub fn decrypt_in_place<'a>( + fn decrypt_in_place<'a>( &self, packet_number: u64, header: &[u8], payload: &'a mut [u8], - ) -> Result<&'a [u8], Error> { - let payload_len = payload.len(); - let aad = aead::Aad::from(header); - let nonce = nonce_for(packet_number, &self.iv); - self.key - .open_in_place(nonce, aad, payload) - .map_err(|_| Error::DecryptError)?; - - let plain_len = payload_len - self.key.algorithm().tag_len(); - Ok(&payload[..plain_len]) - } + ) -> Result<&'a [u8], Error>; /// Number of times the packet key can be used without sacrificing confidentiality /// /// See . - #[inline] - pub fn confidentiality_limit(&self) -> u64 { - self.suite.confidentiality_limit - } + fn confidentiality_limit(&self) -> u64; /// Number of times the packet key can be used without sacrificing integrity /// /// See . - #[inline] - pub fn integrity_limit(&self) -> u64 { - self.suite.integrity_limit - } + fn integrity_limit(&self) -> u64; /// Tag length for the underlying AEAD algorithm - #[inline] - pub fn tag_len(&self) -> usize { - self.key.algorithm().tag_len() - } -} - -/// AEAD tag, must be appended to encrypted cipher text -pub struct Tag(aead::Tag); - -impl AsRef<[u8]> for Tag { - #[inline] - fn as_ref(&self) -> &[u8] { - self.0.as_ref() - } + fn tag_len(&self) -> usize; } /// Packet protection keys for bidirectional 1-RTT communication pub struct PacketKeySet { /// Encrypts outgoing packets - pub local: PacketKey, + pub local: Box, /// Decrypts incoming packets - pub remote: PacketKey, + pub remote: Box, } impl PacketKeySet { fn new(secrets: &Secrets) -> Self { let (local, remote) = secrets.local_remote(); Self { - local: PacketKey::new(secrets.suite, local, secrets.version), - remote: PacketKey::new(secrets.suite, remote, secrets.version), + local: secrets.suite.quic.packet_key( + secrets.suite, + &hkdf::Expander::from_okm(local, secrets.suite.hmac_provider), + secrets.version, + ), + remote: secrets.suite.quic.packet_key( + secrets.suite, + &hkdf::Expander::from_okm(remote, secrets.suite.hmac_provider), + secrets.version, + ), } } } @@ -767,17 +691,23 @@ pub struct Keys { impl Keys { /// Construct keys for use with initial packets - pub fn initial(version: Version, client_dst_connection_id: &[u8], side: Side) -> Self { + pub fn initial( + version: Version, + suite: &'static Tls13CipherSuite, + client_dst_connection_id: &[u8], + side: Side, + ) -> Self { const CLIENT_LABEL: &[u8] = b"client in"; const SERVER_LABEL: &[u8] = b"server in"; let salt = version.initial_salt(); - let hs_secret = hkdf::Salt::new(hkdf::HKDF_SHA256, salt).extract(client_dst_connection_id); + let hs_secret = + hkdf::Extractor::new(suite.hmac_provider, salt).extract(client_dst_connection_id); let secrets = Secrets { version, - client: hkdf_expand(&hs_secret, hkdf::HKDF_SHA256, CLIENT_LABEL, &[]), - server: hkdf_expand(&hs_secret, hkdf::HKDF_SHA256, SERVER_LABEL, &[]), - suite: TLS13_AES_128_GCM_SHA256_INTERNAL, + client: hkdf_expand_label_block(&hs_secret, CLIENT_LABEL, &[]), + server: hkdf_expand_label_block(&hs_secret, SERVER_LABEL, &[]), + suite, side, }; Self::new(&secrets) @@ -821,16 +751,6 @@ pub enum KeyChange { }, } -/// Compute the nonce to use for encrypting or decrypting `packet_number` -fn nonce_for(packet_number: u64, iv: &Iv) -> ring::aead::Nonce { - let mut out = [0; aead::NONCE_LEN]; - out[4..].copy_from_slice(&packet_number.to_be_bytes()); - for (out, inp) in out.iter_mut().zip(iv.0.iter()) { - *out ^= inp; - } - aead::Nonce::assume_unique_for_key(out) -} - /// QUIC protocol version /// /// Governs version-specific behavior in the TLS layer @@ -901,9 +821,228 @@ impl Default for Version { } } +pub(crate) struct RingHeaderProtectionKey(aead::quic::HeaderProtectionKey); + +impl RingHeaderProtectionKey { + pub(crate) fn new( + expander: &hkdf::Expander, + version: Version, + alg: &'static aead::quic::Algorithm, + ) -> Self { + let key = + hkdf_expand_label_aead_key(expander, alg.key_len(), version.header_key_label(), &[]); + Self(aead::quic::HeaderProtectionKey::new(alg, key.as_ref()).unwrap()) + } + + fn xor_in_place( + &self, + sample: &[u8], + first: &mut u8, + packet_number: &mut [u8], + masked: bool, + ) -> Result<(), Error> { + // This implements "Header Protection Application" almost verbatim. + // + + let mask = self + .0 + .new_mask(sample) + .map_err(|_| Error::General("sample of invalid length".into()))?; + + // The `unwrap()` will not panic because `new_mask` returns a + // non-empty result. + let (first_mask, pn_mask) = mask.split_first().unwrap(); + + // It is OK for the `mask` to be longer than `packet_number`, + // but a valid `packet_number` will never be longer than `mask`. + if packet_number.len() > pn_mask.len() { + return Err(Error::General("packet number too long".into())); + } + + // Infallible from this point on. Before this point, `first` and + // `packet_number` are unchanged. + + const LONG_HEADER_FORM: u8 = 0x80; + let bits = match *first & LONG_HEADER_FORM == LONG_HEADER_FORM { + true => 0x0f, // Long header: 4 bits masked + false => 0x1f, // Short header: 5 bits masked + }; + + let first_plain = match masked { + // When unmasking, use the packet length bits after unmasking + true => *first ^ (first_mask & bits), + // When masking, use the packet length bits before masking + false => *first, + }; + let pn_len = (first_plain & 0x03) as usize + 1; + + *first ^= first_mask & bits; + for (dst, m) in packet_number + .iter_mut() + .zip(pn_mask) + .take(pn_len) + { + *dst ^= m; + } + + Ok(()) + } +} + +impl HeaderProtectionKey for RingHeaderProtectionKey { + fn encrypt_in_place( + &self, + sample: &[u8], + first: &mut u8, + packet_number: &mut [u8], + ) -> Result<(), Error> { + self.xor_in_place(sample, first, packet_number, false) + } + + fn decrypt_in_place( + &self, + sample: &[u8], + first: &mut u8, + packet_number: &mut [u8], + ) -> Result<(), Error> { + self.xor_in_place(sample, first, packet_number, true) + } + + #[inline] + fn sample_len(&self) -> usize { + self.0.algorithm().sample_len() + } +} + +pub(crate) struct RingPacketKey { + /// Encrypts or decrypts a packet's payload + key: aead::LessSafeKey, + /// Computes unique nonces for each packet + iv: Iv, + /// The cipher suite used for this packet key + suite: &'static Tls13CipherSuite, +} + +impl RingPacketKey { + pub(crate) fn new( + suite: &'static Tls13CipherSuite, + expander: &hkdf::Expander, + version: Version, + aead_algorithm: &'static aead::Algorithm, + ) -> Self { + let key = hkdf_expand_label_aead_key( + expander, + aead_algorithm.key_len(), + version.packet_key_label(), + &[], + ); + let iv = hkdf_expand_label(expander, version.packet_iv_label(), &[]); + + Self { + key: aead::LessSafeKey::new( + aead::UnboundKey::new(aead_algorithm, key.as_ref()).unwrap(), + ), + iv, + suite, + } + } +} + +impl PacketKey for RingPacketKey { + fn encrypt_in_place( + &self, + packet_number: u64, + header: &[u8], + payload: &mut [u8], + ) -> Result { + let aad = aead::Aad::from(header); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, packet_number).0); + let tag = self + .key + .seal_in_place_separate_tag(nonce, aad, payload) + .map_err(|_| Error::EncryptError)?; + Ok(Tag::from(tag.as_ref())) + } + + /// Decrypt a QUIC packet + /// + /// Takes the packet `header`, which is used as the additional authenticated data, and the + /// `payload`, which includes the authentication tag. + /// + /// If the return value is `Ok`, the decrypted payload can be found in `payload`, up to the + /// length found in the return value. + fn decrypt_in_place<'a>( + &self, + packet_number: u64, + header: &[u8], + payload: &'a mut [u8], + ) -> Result<&'a [u8], Error> { + let payload_len = payload.len(); + let aad = aead::Aad::from(header); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, packet_number).0); + self.key + .open_in_place(nonce, aad, payload) + .map_err(|_| Error::DecryptError)?; + + let plain_len = payload_len - self.key.algorithm().tag_len(); + Ok(&payload[..plain_len]) + } + + /// Number of times the packet key can be used without sacrificing confidentiality + /// + /// See . + #[inline] + fn confidentiality_limit(&self) -> u64 { + self.suite.confidentiality_limit + } + + /// Number of times the packet key can be used without sacrificing integrity + /// + /// See . + #[inline] + fn integrity_limit(&self) -> u64 { + self.suite.integrity_limit + } + + /// Tag length for the underlying AEAD algorithm + #[inline] + fn tag_len(&self) -> usize { + self.key.algorithm().tag_len() + } +} + +pub(crate) struct RingKeyBuilder( + pub(crate) &'static aead::Algorithm, + pub(crate) &'static aead::quic::Algorithm, +); + +impl Algorithm for RingKeyBuilder { + fn packet_key( + &self, + suite: &'static Tls13CipherSuite, + expander: &hkdf::Expander, + version: Version, + ) -> Box { + Box::new(RingPacketKey::new(suite, expander, version, self.0)) + } + + fn header_protection_key( + &self, + expander: &hkdf::Expander, + version: Version, + ) -> Box { + Box::new(RingHeaderProtectionKey::new(expander, version, self.1)) + } +} + #[cfg(test)] mod test { use super::*; + use crate::common_state::Side; + use crate::crypto::ring; + use crate::crypto::ring::tls13::{ + TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, + }; fn test_short_packet(version: Version, expected: &[u8]) { const PN: u64 = 654360564; @@ -913,18 +1052,22 @@ mod test { 0x0f, 0x21, 0x63, 0x2b, ]; - let secret = hkdf::Prk::new_less_safe(hkdf::HKDF_SHA256, SECRET); - use crate::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; - let hpk = - HeaderProtectionKey::new(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, &secret, version); - let packet = PacketKey::new(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, &secret, version); + let expander = + hkdf::Expander::from_okm(&hkdf::OkmBlock::from(SECRET), &ring::hmac::HMAC_SHA256); + let hpk = super::RingHeaderProtectionKey::new(&expander, version, &aead::quic::CHACHA20); + let packet = super::RingPacketKey::new( + TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, + &expander, + version, + &aead::CHACHA20_POLY1305, + ); const PLAIN: &[u8] = &[0x42, 0x00, 0xbf, 0xf4, 0x01]; let mut buf = PLAIN.to_vec(); let (header, payload) = buf.split_at_mut(4); let tag = packet - .encrypt_in_place(PN, &*header, payload) + .encrypt_in_place(PN, header, payload) .unwrap(); buf.extend(tag.as_ref()); @@ -945,7 +1088,7 @@ mod test { let (header, payload_tag) = buf.split_at_mut(4); let plain = packet - .decrypt_in_place(PN, &*header, payload_tag) + .decrypt_in_place(PN, header, payload_tag) .unwrap(); assert_eq!(plain, &PLAIN[4..]); @@ -965,64 +1108,50 @@ mod test { #[test] fn key_update_test_vector() { - fn equal_prk(x: &hkdf::Prk, y: &hkdf::Prk) -> bool { - let mut x_data = [0; 16]; - let mut y_data = [0; 16]; - let x_okm = x - .expand(&[b"info"], &aead::quic::AES_128) - .unwrap(); - x_okm.fill(&mut x_data[..]).unwrap(); - let y_okm = y - .expand(&[b"info"], &aead::quic::AES_128) - .unwrap(); - y_okm.fill(&mut y_data[..]).unwrap(); - x_data == y_data + fn equal_okm(x: &hkdf::OkmBlock, y: &hkdf::OkmBlock) -> bool { + x.as_ref() == y.as_ref() } - let mut secrets = Secrets { + let mut secrets = Secrets::new( // Constant dummy values for reproducibility - client: hkdf::Prk::new_less_safe( - hkdf::HKDF_SHA256, + hkdf::OkmBlock::from( &[ 0xb8, 0x76, 0x77, 0x08, 0xf8, 0x77, 0x23, 0x58, 0xa6, 0xea, 0x9f, 0xc4, 0x3e, 0x4a, 0xdd, 0x2c, 0x96, 0x1b, 0x3f, 0x52, 0x87, 0xa6, 0xd1, 0x46, 0x7e, 0xe0, 0xae, 0xab, 0x33, 0x72, 0x4d, 0xbf, - ], + ][..], ), - server: hkdf::Prk::new_less_safe( - hkdf::HKDF_SHA256, + hkdf::OkmBlock::from( &[ 0x42, 0xdc, 0x97, 0x21, 0x40, 0xe0, 0xf2, 0xe3, 0x98, 0x45, 0xb7, 0x67, 0x61, 0x34, 0x39, 0xdc, 0x67, 0x58, 0xca, 0x43, 0x25, 0x9b, 0x87, 0x85, 0x06, 0x82, 0x4e, 0xb1, 0xe4, 0x38, 0xd8, 0x55, - ], + ][..], ), - suite: TLS13_AES_128_GCM_SHA256_INTERNAL, - side: Side::Client, - version: Version::V1, - }; + TLS13_AES_128_GCM_SHA256_INTERNAL, + Side::Client, + Version::V1, + ); secrets.update(); - assert!(equal_prk( + assert!(equal_okm( &secrets.client, - &hkdf::Prk::new_less_safe( - hkdf::HKDF_SHA256, + &hkdf::OkmBlock::from( &[ 0x42, 0xca, 0xc8, 0xc9, 0x1c, 0xd5, 0xeb, 0x40, 0x68, 0x2e, 0x43, 0x2e, 0xdf, 0x2d, 0x2b, 0xe9, 0xf4, 0x1a, 0x52, 0xca, 0x6b, 0x22, 0xd8, 0xe6, 0xcd, 0xb1, 0xe8, 0xac, 0xa9, 0x6, 0x1f, 0xce - ] + ][..] ) )); - assert!(equal_prk( + assert!(equal_okm( &secrets.server, - &hkdf::Prk::new_less_safe( - hkdf::HKDF_SHA256, + &hkdf::OkmBlock::from( &[ 0xeb, 0x7f, 0x5e, 0x2a, 0x12, 0x3f, 0x40, 0x7d, 0xb4, 0x99, 0xe3, 0x61, 0xca, 0xe5, 0x90, 0xd4, 0xd9, 0x92, 0xe1, 0x4b, 0x7a, 0xce, 0x3, 0xc2, 0x44, 0xe0, 0x42, 0x21, 0x15, 0xb6, 0xd3, 0x8a - ] + ][..] ) )); } @@ -1043,7 +1172,12 @@ mod test { fn initial_test_vector_v2() { // https://www.ietf.org/archive/id/draft-ietf-quic-v2-10.html#name-sample-packet-protection-2 let icid = [0x83, 0x94, 0xc8, 0xf0, 0x3e, 0x51, 0x57, 0x08]; - let server = Keys::initial(Version::V2, &icid, Side::Server); + let server = Keys::initial( + Version::V2, + TLS13_AES_128_GCM_SHA256_INTERNAL, + &icid, + Side::Server, + ); let mut server_payload = [ 0x02, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x40, 0x5a, 0x02, 0x00, 0x00, 0x56, 0x03, 0x03, 0xee, 0xfc, 0xe7, 0xf7, 0xb3, 0x7b, 0xa1, 0xd1, 0x63, 0x2e, 0x96, 0x67, 0x78, diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index c24ca5d0f9..700620cbf8 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -74,7 +74,8 @@ impl SupportedCipherSuite { } #[cfg(any(test, feature = "quic"))] - pub(crate) fn tls13(&self) -> Option<&'static Tls13CipherSuite> { + /// Return the inner `Tls13CipherSuite` for this suite, if it is a TLS1.3 suite. + pub fn tls13(&self) -> Option<&'static Tls13CipherSuite> { match self { #[cfg(feature = "tls12")] Self::Tls12(_) => None, diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index b4f21f2a0e..4575b6c52d 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -712,7 +712,7 @@ pub(crate) fn hkdf_expand_label, const N: usize>( } /// [HKDF-Expand-Label] where the output is one block in size. -fn hkdf_expand_label_block( +pub(crate) fn hkdf_expand_label_block( expander: &hkdf::Expander, label: &[u8], context: &[u8], @@ -723,7 +723,7 @@ fn hkdf_expand_label_block( } /// [HKDF-Expand-Label] where the output is an AEAD key. -fn hkdf_expand_label_aead_key( +pub(crate) fn hkdf_expand_label_aead_key( expander: &hkdf::Expander, key_len: usize, label: &[u8], diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 6545c72bc1..b5dfd280db 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -19,6 +19,8 @@ pub struct Tls13CipherSuite { pub(crate) confidentiality_limit: u64, #[cfg(feature = "quic")] pub(crate) integrity_limit: u64, + #[cfg(feature = "quic")] + pub(crate) quic: &'static dyn crate::quic::Algorithm, } impl Tls13CipherSuite { diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 0455a272dc..b4278b3204 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3321,17 +3321,17 @@ mod test_quic { #[test] fn test_quic_handshake() { - fn equal_packet_keys(x: &quic::PacketKey, y: &quic::PacketKey) -> bool { + fn equal_packet_keys(x: &dyn quic::PacketKey, y: &dyn quic::PacketKey) -> bool { // Check that these two sets of keys are equal. let mut buf = [0; 32]; let (header, payload_tag) = buf.split_at_mut(8); let (payload, tag_buf) = payload_tag.split_at_mut(8); let tag = x - .encrypt_in_place(42, &*header, payload) + .encrypt_in_place(42, header, payload) .unwrap(); tag_buf.copy_from_slice(tag.as_ref()); - let result = y.decrypt_in_place(42, &*header, payload_tag); + let result = y.decrypt_in_place(42, header, payload_tag); match result { Ok(payload) => payload == [0; 8], Err(_) => false, @@ -3347,8 +3347,8 @@ mod test_quic { } let (x, y) = (keys(x), keys(y)); - equal_packet_keys(&x.local.packet, &y.remote.packet) - && equal_packet_keys(&x.remote.packet, &y.local.packet) + equal_packet_keys(x.local.packet.as_ref(), y.remote.packet.as_ref()) + && equal_packet_keys(x.remote.packet.as_ref(), y.local.packet.as_ref()) } let kt = KeyType::Rsa; @@ -3434,8 +3434,8 @@ mod test_quic { let client_early = client.zero_rtt_keys().unwrap(); let server_early = server.zero_rtt_keys().unwrap(); assert!(equal_packet_keys( - &client_early.packet, - &server_early.packet + client_early.packet.as_ref(), + server_early.packet.as_ref() )); } step(&mut server, &mut client) @@ -3518,13 +3518,25 @@ mod test_quic { let mut client_next = client_secrets.next_packet_keys(); let mut server_next = server_secrets.next_packet_keys(); - assert!(equal_packet_keys(&client_next.local, &server_next.remote)); - assert!(equal_packet_keys(&server_next.local, &client_next.remote)); + assert!(equal_packet_keys( + client_next.local.as_ref(), + server_next.remote.as_ref() + )); + assert!(equal_packet_keys( + server_next.local.as_ref(), + client_next.remote.as_ref() + )); client_next = client_secrets.next_packet_keys(); server_next = server_secrets.next_packet_keys(); - assert!(equal_packet_keys(&client_next.local, &server_next.remote)); - assert!(equal_packet_keys(&server_next.local, &client_next.remote)); + assert!(equal_packet_keys( + client_next.local.as_ref(), + server_next.remote.as_ref() + )); + assert!(equal_packet_keys( + server_next.local.as_ref(), + client_next.remote.as_ref() + )); } #[test] @@ -3747,6 +3759,7 @@ mod test_quic { #[test] fn packet_key_api() { + use rustls::cipher_suite::TLS13_AES_128_GCM_SHA256; use rustls::quic::{Keys, Version}; use rustls::Side; @@ -3779,7 +3792,14 @@ mod test_quic { 0x08, 0x06, 0x04, 0x80, 0x00, 0xff, 0xff, ]; - let client_keys = Keys::initial(Version::V1, CONNECTION_ID, Side::Client); + let client_keys = Keys::initial( + Version::V1, + TLS13_AES_128_GCM_SHA256 + .tls13() + .unwrap(), + CONNECTION_ID, + Side::Client, + ); assert_eq!( client_keys .local @@ -3807,7 +3827,7 @@ mod test_quic { let tag = client_keys .local .packet - .encrypt_in_place(PACKET_NUMBER, &*header, payload) + .encrypt_in_place(PACKET_NUMBER, header, payload) .unwrap(); let sample_len = client_keys.local.header.sample_len(); @@ -3915,7 +3935,14 @@ mod test_quic { let (first, rest) = header.split_at_mut(1); let sample = &payload[..sample_len]; - let server_keys = Keys::initial(Version::V1, CONNECTION_ID, Side::Server); + let server_keys = Keys::initial( + Version::V1, + TLS13_AES_128_GCM_SHA256 + .tls13() + .unwrap(), + CONNECTION_ID, + Side::Server, + ); server_keys .remote .header @@ -3924,7 +3951,7 @@ mod test_quic { let payload = server_keys .remote .packet - .decrypt_in_place(PACKET_NUMBER, &*header, payload) + .decrypt_in_place(PACKET_NUMBER, header, payload) .unwrap(); assert_eq!(&payload[..PAYLOAD.len()], PAYLOAD); From 6757c25a4f126bff457b00944453a49d42476c5b Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 22 Aug 2023 12:43:45 +0100 Subject: [PATCH 0107/1145] Remove unused BulkAlgorithm enum --- rustls/src/crypto/ring/tls12.rs | 7 ------- rustls/src/crypto/ring/tls13.rs | 4 ---- rustls/src/suites.rs | 17 ----------------- rustls/src/tls12/mod.rs | 1 - rustls/src/tls13/mod.rs | 1 - 5 files changed, 30 deletions(-) diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 15b24ad6bc..8ed45c1a33 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -5,7 +5,6 @@ use crate::error::Error; use crate::msgs::base::Payload; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; -use crate::suites::BulkAlgorithm; #[cfg(feature = "secret_extraction")] use crate::suites::ConnectionTrafficSecrets; use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; @@ -18,7 +17,6 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - bulk: BulkAlgorithm::Chacha20Poly1305, hash_provider: &super::hash::SHA256, }, kx: KeyExchangeAlgorithm::ECDHE, @@ -32,7 +30,6 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - bulk: BulkAlgorithm::Chacha20Poly1305, hash_provider: &super::hash::SHA256, }, kx: KeyExchangeAlgorithm::ECDHE, @@ -46,7 +43,6 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - bulk: BulkAlgorithm::Aes128Gcm, hash_provider: &super::hash::SHA256, }, kx: KeyExchangeAlgorithm::ECDHE, @@ -60,7 +56,6 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite::Tls12(&Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - bulk: BulkAlgorithm::Aes256Gcm, hash_provider: &super::hash::SHA384, }, kx: KeyExchangeAlgorithm::ECDHE, @@ -74,7 +69,6 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - bulk: BulkAlgorithm::Aes128Gcm, hash_provider: &super::hash::SHA256, }, kx: KeyExchangeAlgorithm::ECDHE, @@ -88,7 +82,6 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite::Tls12(&Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - bulk: BulkAlgorithm::Aes256Gcm, hash_provider: &super::hash::SHA384, }, kx: KeyExchangeAlgorithm::ECDHE, diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 8c1aa79a3e..faf3a26f4a 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -6,7 +6,6 @@ use crate::error::Error; use crate::msgs::base::Payload; use crate::msgs::codec::Codec; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; -use crate::suites::BulkAlgorithm; #[cfg(feature = "secret_extraction")] use crate::suites::ConnectionTrafficSecrets; use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; @@ -21,7 +20,6 @@ pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, - bulk: BulkAlgorithm::Chacha20Poly1305, hash_provider: &super::hash::SHA256, }, hmac_provider: &super::hmac::HMAC_SHA256, @@ -39,7 +37,6 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = SupportedCipherSuite::Tls13(&Tls13CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_256_GCM_SHA384, - bulk: BulkAlgorithm::Aes256Gcm, hash_provider: &super::hash::SHA384, }, hmac_provider: &super::hmac::HMAC_SHA384, @@ -59,7 +56,6 @@ pub static TLS13_AES_128_GCM_SHA256: SupportedCipherSuite = pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_128_GCM_SHA256, - bulk: BulkAlgorithm::Aes128Gcm, hash_provider: &super::hash::SHA256, }, hmac_provider: &super::hmac::HMAC_SHA256, diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 700620cbf8..32baeff21a 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -9,28 +9,11 @@ use crate::tls13::Tls13CipherSuite; use crate::versions::TLS12; use crate::versions::{SupportedProtocolVersion, TLS13}; -/// Bulk symmetric encryption scheme used by a cipher suite. -#[allow(non_camel_case_types)] -#[derive(Debug, Eq, PartialEq)] -pub enum BulkAlgorithm { - /// AES with 128-bit keys in Galois counter mode. - Aes128Gcm, - - /// AES with 256-bit keys in Galois counter mode. - Aes256Gcm, - - /// Chacha20 for confidentiality with poly1305 for authenticity. - Chacha20Poly1305, -} - /// Common state for cipher suites (both for TLS 1.2 and TLS 1.3) pub struct CipherSuiteCommon { /// The TLS enumeration naming this cipher suite. pub suite: CipherSuite, - /// How to do bulk encryption. - pub bulk: BulkAlgorithm, - /// Which hash function the suite uses. pub hash_provider: &'static dyn crypto::hash::Hash, } diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index c8f1bb651f..63a1a844f1 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -61,7 +61,6 @@ impl fmt::Debug for Tls12CipherSuite { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("Tls12CipherSuite") .field("suite", &self.common.suite) - .field("bulk", &self.common.bulk) .finish() } } diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index b5dfd280db..174af3c93b 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -47,7 +47,6 @@ impl fmt::Debug for Tls13CipherSuite { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("Tls13CipherSuite") .field("suite", &self.common.suite) - .field("bulk", &self.common.bulk) .finish() } } From 2b6a212b7e552e62d29ff86e0ff58a4ca254f75a Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 22 Aug 2023 12:51:06 +0100 Subject: [PATCH 0108/1145] Move *ring*-backed quic implementations into crypto::ring --- rustls/src/crypto/ring/mod.rs | 2 + rustls/src/crypto/ring/quic.rs | 421 ++++++++++++++++++++++++++++++++ rustls/src/crypto/ring/tls13.rs | 6 +- rustls/src/quic.rs | 416 +------------------------------ 4 files changed, 429 insertions(+), 416 deletions(-) create mode 100644 rustls/src/crypto/ring/quic.rs diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 7862db0d32..e8907e6b14 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -14,6 +14,8 @@ use core::fmt; pub(crate) mod hash; pub(crate) mod hmac; +#[cfg(feature = "quic")] +pub(crate) mod quic; #[cfg(feature = "tls12")] pub(crate) mod tls12; pub(crate) mod tls13; diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs new file mode 100644 index 0000000000..b8b080255e --- /dev/null +++ b/rustls/src/crypto/ring/quic.rs @@ -0,0 +1,421 @@ +use crate::crypto::cipher::{Iv, Nonce}; +use crate::error::Error; +use crate::hkdf; +use crate::quic; +use crate::tls13::key_schedule::{hkdf_expand_label, hkdf_expand_label_aead_key}; +use crate::tls13::Tls13CipherSuite; + +use ring::aead; + +pub(crate) struct HeaderProtectionKey(aead::quic::HeaderProtectionKey); + +impl HeaderProtectionKey { + pub(crate) fn new( + expander: &hkdf::Expander, + version: quic::Version, + alg: &'static aead::quic::Algorithm, + ) -> Self { + let key = + hkdf_expand_label_aead_key(expander, alg.key_len(), version.header_key_label(), &[]); + Self(aead::quic::HeaderProtectionKey::new(alg, key.as_ref()).unwrap()) + } + + fn xor_in_place( + &self, + sample: &[u8], + first: &mut u8, + packet_number: &mut [u8], + masked: bool, + ) -> Result<(), Error> { + // This implements "Header Protection Application" almost verbatim. + // + + let mask = self + .0 + .new_mask(sample) + .map_err(|_| Error::General("sample of invalid length".into()))?; + + // The `unwrap()` will not panic because `new_mask` returns a + // non-empty result. + let (first_mask, pn_mask) = mask.split_first().unwrap(); + + // It is OK for the `mask` to be longer than `packet_number`, + // but a valid `packet_number` will never be longer than `mask`. + if packet_number.len() > pn_mask.len() { + return Err(Error::General("packet number too long".into())); + } + + // Infallible from this point on. Before this point, `first` and + // `packet_number` are unchanged. + + const LONG_HEADER_FORM: u8 = 0x80; + let bits = match *first & LONG_HEADER_FORM == LONG_HEADER_FORM { + true => 0x0f, // Long header: 4 bits masked + false => 0x1f, // Short header: 5 bits masked + }; + + let first_plain = match masked { + // When unmasking, use the packet length bits after unmasking + true => *first ^ (first_mask & bits), + // When masking, use the packet length bits before masking + false => *first, + }; + let pn_len = (first_plain & 0x03) as usize + 1; + + *first ^= first_mask & bits; + for (dst, m) in packet_number + .iter_mut() + .zip(pn_mask) + .take(pn_len) + { + *dst ^= m; + } + + Ok(()) + } +} + +impl quic::HeaderProtectionKey for HeaderProtectionKey { + fn encrypt_in_place( + &self, + sample: &[u8], + first: &mut u8, + packet_number: &mut [u8], + ) -> Result<(), Error> { + self.xor_in_place(sample, first, packet_number, false) + } + + fn decrypt_in_place( + &self, + sample: &[u8], + first: &mut u8, + packet_number: &mut [u8], + ) -> Result<(), Error> { + self.xor_in_place(sample, first, packet_number, true) + } + + #[inline] + fn sample_len(&self) -> usize { + self.0.algorithm().sample_len() + } +} + +pub(crate) struct PacketKey { + /// Encrypts or decrypts a packet's payload + key: aead::LessSafeKey, + /// Computes unique nonces for each packet + iv: Iv, + /// The cipher suite used for this packet key + suite: &'static Tls13CipherSuite, +} + +impl PacketKey { + pub(crate) fn new( + suite: &'static Tls13CipherSuite, + expander: &hkdf::Expander, + version: quic::Version, + aead_algorithm: &'static aead::Algorithm, + ) -> Self { + let key = hkdf_expand_label_aead_key( + expander, + aead_algorithm.key_len(), + version.packet_key_label(), + &[], + ); + let iv = hkdf_expand_label(expander, version.packet_iv_label(), &[]); + + Self { + key: aead::LessSafeKey::new( + aead::UnboundKey::new(aead_algorithm, key.as_ref()).unwrap(), + ), + iv, + suite, + } + } +} + +impl quic::PacketKey for PacketKey { + fn encrypt_in_place( + &self, + packet_number: u64, + header: &[u8], + payload: &mut [u8], + ) -> Result { + let aad = aead::Aad::from(header); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, packet_number).0); + let tag = self + .key + .seal_in_place_separate_tag(nonce, aad, payload) + .map_err(|_| Error::EncryptError)?; + Ok(quic::Tag::from(tag.as_ref())) + } + + /// Decrypt a QUIC packet + /// + /// Takes the packet `header`, which is used as the additional authenticated data, and the + /// `payload`, which includes the authentication tag. + /// + /// If the return value is `Ok`, the decrypted payload can be found in `payload`, up to the + /// length found in the return value. + fn decrypt_in_place<'a>( + &self, + packet_number: u64, + header: &[u8], + payload: &'a mut [u8], + ) -> Result<&'a [u8], Error> { + let payload_len = payload.len(); + let aad = aead::Aad::from(header); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, packet_number).0); + self.key + .open_in_place(nonce, aad, payload) + .map_err(|_| Error::DecryptError)?; + + let plain_len = payload_len - self.key.algorithm().tag_len(); + Ok(&payload[..plain_len]) + } + + /// Number of times the packet key can be used without sacrificing confidentiality + /// + /// See . + #[inline] + fn confidentiality_limit(&self) -> u64 { + self.suite.confidentiality_limit + } + + /// Number of times the packet key can be used without sacrificing integrity + /// + /// See . + #[inline] + fn integrity_limit(&self) -> u64 { + self.suite.integrity_limit + } + + /// Tag length for the underlying AEAD algorithm + #[inline] + fn tag_len(&self) -> usize { + self.key.algorithm().tag_len() + } +} + +pub(crate) struct KeyBuilder( + pub(crate) &'static aead::Algorithm, + pub(crate) &'static aead::quic::Algorithm, +); + +impl crate::quic::Algorithm for KeyBuilder { + fn packet_key( + &self, + suite: &'static Tls13CipherSuite, + expander: &hkdf::Expander, + version: quic::Version, + ) -> Box { + Box::new(super::quic::PacketKey::new( + suite, expander, version, self.0, + )) + } + + fn header_protection_key( + &self, + expander: &hkdf::Expander, + version: quic::Version, + ) -> Box { + Box::new(super::quic::HeaderProtectionKey::new( + expander, version, self.1, + )) + } +} + +#[cfg(test)] +mod test { + use super::*; + use crate::common_state::Side; + use crate::crypto::ring; + use crate::crypto::ring::tls13::{ + TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, + }; + use crate::quic::HeaderProtectionKey; + use crate::quic::PacketKey; + use crate::quic::*; + + fn test_short_packet(version: Version, expected: &[u8]) { + const PN: u64 = 654360564; + const SECRET: &[u8] = &[ + 0x9a, 0xc3, 0x12, 0xa7, 0xf8, 0x77, 0x46, 0x8e, 0xbe, 0x69, 0x42, 0x27, 0x48, 0xad, + 0x00, 0xa1, 0x54, 0x43, 0xf1, 0x82, 0x03, 0xa0, 0x7d, 0x60, 0x60, 0xf6, 0x88, 0xf3, + 0x0f, 0x21, 0x63, 0x2b, + ]; + + let expander = + hkdf::Expander::from_okm(&hkdf::OkmBlock::from(SECRET), &ring::hmac::HMAC_SHA256); + let hpk = super::HeaderProtectionKey::new(&expander, version, &aead::quic::CHACHA20); + let packet = super::PacketKey::new( + TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, + &expander, + version, + &aead::CHACHA20_POLY1305, + ); + + const PLAIN: &[u8] = &[0x42, 0x00, 0xbf, 0xf4, 0x01]; + + let mut buf = PLAIN.to_vec(); + let (header, payload) = buf.split_at_mut(4); + let tag = packet + .encrypt_in_place(PN, header, payload) + .unwrap(); + buf.extend(tag.as_ref()); + + let pn_offset = 1; + let (header, sample) = buf.split_at_mut(pn_offset + 4); + let (first, rest) = header.split_at_mut(1); + let sample = &sample[..hpk.sample_len()]; + hpk.encrypt_in_place(sample, &mut first[0], dbg!(rest)) + .unwrap(); + + assert_eq!(&buf, expected); + + let (header, sample) = buf.split_at_mut(pn_offset + 4); + let (first, rest) = header.split_at_mut(1); + let sample = &sample[..hpk.sample_len()]; + hpk.decrypt_in_place(sample, &mut first[0], rest) + .unwrap(); + + let (header, payload_tag) = buf.split_at_mut(4); + let plain = packet + .decrypt_in_place(PN, header, payload_tag) + .unwrap(); + + assert_eq!(plain, &PLAIN[4..]); + } + + #[test] + fn short_packet_header_protection() { + // https://www.rfc-editor.org/rfc/rfc9001.html#name-chacha20-poly1305-short-hea + test_short_packet( + Version::V1, + &[ + 0x4c, 0xfe, 0x41, 0x89, 0x65, 0x5e, 0x5c, 0xd5, 0x5c, 0x41, 0xf6, 0x90, 0x80, 0x57, + 0x5d, 0x79, 0x99, 0xc2, 0x5a, 0x5b, 0xfb, + ], + ); + } + + #[test] + fn key_update_test_vector() { + fn equal_okm(x: &hkdf::OkmBlock, y: &hkdf::OkmBlock) -> bool { + x.as_ref() == y.as_ref() + } + + let mut secrets = Secrets::new( + // Constant dummy values for reproducibility + hkdf::OkmBlock::from( + &[ + 0xb8, 0x76, 0x77, 0x08, 0xf8, 0x77, 0x23, 0x58, 0xa6, 0xea, 0x9f, 0xc4, 0x3e, + 0x4a, 0xdd, 0x2c, 0x96, 0x1b, 0x3f, 0x52, 0x87, 0xa6, 0xd1, 0x46, 0x7e, 0xe0, + 0xae, 0xab, 0x33, 0x72, 0x4d, 0xbf, + ][..], + ), + hkdf::OkmBlock::from( + &[ + 0x42, 0xdc, 0x97, 0x21, 0x40, 0xe0, 0xf2, 0xe3, 0x98, 0x45, 0xb7, 0x67, 0x61, + 0x34, 0x39, 0xdc, 0x67, 0x58, 0xca, 0x43, 0x25, 0x9b, 0x87, 0x85, 0x06, 0x82, + 0x4e, 0xb1, 0xe4, 0x38, 0xd8, 0x55, + ][..], + ), + TLS13_AES_128_GCM_SHA256_INTERNAL, + Side::Client, + Version::V1, + ); + secrets.update(); + + assert!(equal_okm( + &secrets.client, + &hkdf::OkmBlock::from( + &[ + 0x42, 0xca, 0xc8, 0xc9, 0x1c, 0xd5, 0xeb, 0x40, 0x68, 0x2e, 0x43, 0x2e, 0xdf, + 0x2d, 0x2b, 0xe9, 0xf4, 0x1a, 0x52, 0xca, 0x6b, 0x22, 0xd8, 0xe6, 0xcd, 0xb1, + 0xe8, 0xac, 0xa9, 0x6, 0x1f, 0xce + ][..] + ) + )); + assert!(equal_okm( + &secrets.server, + &hkdf::OkmBlock::from( + &[ + 0xeb, 0x7f, 0x5e, 0x2a, 0x12, 0x3f, 0x40, 0x7d, 0xb4, 0x99, 0xe3, 0x61, 0xca, + 0xe5, 0x90, 0xd4, 0xd9, 0x92, 0xe1, 0x4b, 0x7a, 0xce, 0x3, 0xc2, 0x44, 0xe0, + 0x42, 0x21, 0x15, 0xb6, 0xd3, 0x8a + ][..] + ) + )); + } + + #[test] + fn short_packet_header_protection_v2() { + // https://www.ietf.org/archive/id/draft-ietf-quic-v2-10.html#name-chacha20-poly1305-short-head + test_short_packet( + Version::V2, + &[ + 0x55, 0x58, 0xb1, 0xc6, 0x0a, 0xe7, 0xb6, 0xb9, 0x32, 0xbc, 0x27, 0xd7, 0x86, 0xf4, + 0xbc, 0x2b, 0xb2, 0x0f, 0x21, 0x62, 0xba, + ], + ); + } + + #[test] + fn initial_test_vector_v2() { + // https://www.ietf.org/archive/id/draft-ietf-quic-v2-10.html#name-sample-packet-protection-2 + let icid = [0x83, 0x94, 0xc8, 0xf0, 0x3e, 0x51, 0x57, 0x08]; + let server = Keys::initial( + Version::V2, + TLS13_AES_128_GCM_SHA256_INTERNAL, + &icid, + Side::Server, + ); + let mut server_payload = [ + 0x02, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x40, 0x5a, 0x02, 0x00, 0x00, 0x56, 0x03, + 0x03, 0xee, 0xfc, 0xe7, 0xf7, 0xb3, 0x7b, 0xa1, 0xd1, 0x63, 0x2e, 0x96, 0x67, 0x78, + 0x25, 0xdd, 0xf7, 0x39, 0x88, 0xcf, 0xc7, 0x98, 0x25, 0xdf, 0x56, 0x6d, 0xc5, 0x43, + 0x0b, 0x9a, 0x04, 0x5a, 0x12, 0x00, 0x13, 0x01, 0x00, 0x00, 0x2e, 0x00, 0x33, 0x00, + 0x24, 0x00, 0x1d, 0x00, 0x20, 0x9d, 0x3c, 0x94, 0x0d, 0x89, 0x69, 0x0b, 0x84, 0xd0, + 0x8a, 0x60, 0x99, 0x3c, 0x14, 0x4e, 0xca, 0x68, 0x4d, 0x10, 0x81, 0x28, 0x7c, 0x83, + 0x4d, 0x53, 0x11, 0xbc, 0xf3, 0x2b, 0xb9, 0xda, 0x1a, 0x00, 0x2b, 0x00, 0x02, 0x03, + 0x04, + ]; + let mut server_header = [ + 0xd1, 0x6b, 0x33, 0x43, 0xcf, 0x00, 0x08, 0xf0, 0x67, 0xa5, 0x50, 0x2a, 0x42, 0x62, + 0xb5, 0x00, 0x40, 0x75, 0x00, 0x01, + ]; + let tag = server + .local + .packet + .encrypt_in_place(1, &server_header, &mut server_payload) + .unwrap(); + let (first, rest) = server_header.split_at_mut(1); + let rest_len = rest.len(); + server + .local + .header + .encrypt_in_place( + &server_payload[2..18], + &mut first[0], + &mut rest[rest_len - 2..], + ) + .unwrap(); + let mut server_packet = server_header.to_vec(); + server_packet.extend(server_payload); + server_packet.extend(tag.as_ref()); + let expected_server_packet = [ + 0xdc, 0x6b, 0x33, 0x43, 0xcf, 0x00, 0x08, 0xf0, 0x67, 0xa5, 0x50, 0x2a, 0x42, 0x62, + 0xb5, 0x00, 0x40, 0x75, 0xd9, 0x2f, 0xaa, 0xf1, 0x6f, 0x05, 0xd8, 0xa4, 0x39, 0x8c, + 0x47, 0x08, 0x96, 0x98, 0xba, 0xee, 0xa2, 0x6b, 0x91, 0xeb, 0x76, 0x1d, 0x9b, 0x89, + 0x23, 0x7b, 0xbf, 0x87, 0x26, 0x30, 0x17, 0x91, 0x53, 0x58, 0x23, 0x00, 0x35, 0xf7, + 0xfd, 0x39, 0x45, 0xd8, 0x89, 0x65, 0xcf, 0x17, 0xf9, 0xaf, 0x6e, 0x16, 0x88, 0x6c, + 0x61, 0xbf, 0xc7, 0x03, 0x10, 0x6f, 0xba, 0xf3, 0xcb, 0x4c, 0xfa, 0x52, 0x38, 0x2d, + 0xd1, 0x6a, 0x39, 0x3e, 0x42, 0x75, 0x75, 0x07, 0x69, 0x80, 0x75, 0xb2, 0xc9, 0x84, + 0xc7, 0x07, 0xf0, 0xa0, 0x81, 0x2d, 0x8c, 0xd5, 0xa6, 0x88, 0x1e, 0xaf, 0x21, 0xce, + 0xda, 0x98, 0xf4, 0xbd, 0x23, 0xf6, 0xfe, 0x1a, 0x3e, 0x2c, 0x43, 0xed, 0xd9, 0xce, + 0x7c, 0xa8, 0x4b, 0xed, 0x85, 0x21, 0xe2, 0xe1, 0x40, + ]; + assert_eq!(server_packet[..], expected_server_packet[..]); + } +} diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index faf3a26f4a..baad246969 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -29,7 +29,7 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & #[cfg(feature = "quic")] integrity_limit: 1 << 36, #[cfg(feature = "quic")] - quic: &crate::quic::RingKeyBuilder(&ring::aead::CHACHA20_POLY1305, &ring::aead::quic::CHACHA20), + quic: &super::quic::KeyBuilder(&ring::aead::CHACHA20_POLY1305, &ring::aead::quic::CHACHA20), }; /// The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384 @@ -46,7 +46,7 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = #[cfg(feature = "quic")] integrity_limit: 1 << 52, #[cfg(feature = "quic")] - quic: &crate::quic::RingKeyBuilder(&ring::aead::AES_256_GCM, &aead::quic::AES_256), + quic: &super::quic::KeyBuilder(&ring::aead::AES_256_GCM, &aead::quic::AES_256), }); /// The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256 @@ -65,7 +65,7 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C #[cfg(feature = "quic")] integrity_limit: 1 << 52, #[cfg(feature = "quic")] - quic: &crate::quic::RingKeyBuilder(&ring::aead::AES_128_GCM, &aead::quic::AES_128), + quic: &super::quic::KeyBuilder(&ring::aead::AES_128_GCM, &aead::quic::AES_128), }; struct Chacha20Poly1305Aead(AeadAlgorithm); diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 3b6fdb511f..1717429786 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -2,7 +2,6 @@ use crate::client::{ClientConfig, ClientConnectionData, ServerName}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, SideData}; -use crate::crypto::cipher::{Iv, Nonce}; use crate::crypto::CryptoProvider; use crate::enums::{AlertDescription, ProtocolVersion}; use crate::error::Error; @@ -10,11 +9,8 @@ use crate::hkdf; use crate::msgs::handshake::{ClientExtension, ServerExtension}; use crate::server::{ServerConfig, ServerConnectionData}; use crate::tls13::key_schedule::hkdf_expand_label_block; -use crate::tls13::key_schedule::{hkdf_expand_label, hkdf_expand_label_aead_key}; use crate::tls13::Tls13CipherSuite; -use ring::aead; - use alloc::collections::VecDeque; use alloc::sync::Arc; use core::fmt::{self, Debug}; @@ -786,21 +782,21 @@ impl Version { } } - fn packet_key_label(&self) -> &'static [u8] { + pub(crate) fn packet_key_label(&self) -> &'static [u8] { match self { Self::V1Draft | Self::V1 => b"quic key", Self::V2 => b"quicv2 key", } } - fn packet_iv_label(&self) -> &'static [u8] { + pub(crate) fn packet_iv_label(&self) -> &'static [u8] { match self { Self::V1Draft | Self::V1 => b"quic iv", Self::V2 => b"quicv2 iv", } } - fn header_key_label(&self) -> &'static [u8] { + pub(crate) fn header_key_label(&self) -> &'static [u8] { match self { Self::V1Draft | Self::V1 => b"quic hp", Self::V2 => b"quicv2 hp", @@ -820,409 +816,3 @@ impl Default for Version { Self::V1 } } - -pub(crate) struct RingHeaderProtectionKey(aead::quic::HeaderProtectionKey); - -impl RingHeaderProtectionKey { - pub(crate) fn new( - expander: &hkdf::Expander, - version: Version, - alg: &'static aead::quic::Algorithm, - ) -> Self { - let key = - hkdf_expand_label_aead_key(expander, alg.key_len(), version.header_key_label(), &[]); - Self(aead::quic::HeaderProtectionKey::new(alg, key.as_ref()).unwrap()) - } - - fn xor_in_place( - &self, - sample: &[u8], - first: &mut u8, - packet_number: &mut [u8], - masked: bool, - ) -> Result<(), Error> { - // This implements "Header Protection Application" almost verbatim. - // - - let mask = self - .0 - .new_mask(sample) - .map_err(|_| Error::General("sample of invalid length".into()))?; - - // The `unwrap()` will not panic because `new_mask` returns a - // non-empty result. - let (first_mask, pn_mask) = mask.split_first().unwrap(); - - // It is OK for the `mask` to be longer than `packet_number`, - // but a valid `packet_number` will never be longer than `mask`. - if packet_number.len() > pn_mask.len() { - return Err(Error::General("packet number too long".into())); - } - - // Infallible from this point on. Before this point, `first` and - // `packet_number` are unchanged. - - const LONG_HEADER_FORM: u8 = 0x80; - let bits = match *first & LONG_HEADER_FORM == LONG_HEADER_FORM { - true => 0x0f, // Long header: 4 bits masked - false => 0x1f, // Short header: 5 bits masked - }; - - let first_plain = match masked { - // When unmasking, use the packet length bits after unmasking - true => *first ^ (first_mask & bits), - // When masking, use the packet length bits before masking - false => *first, - }; - let pn_len = (first_plain & 0x03) as usize + 1; - - *first ^= first_mask & bits; - for (dst, m) in packet_number - .iter_mut() - .zip(pn_mask) - .take(pn_len) - { - *dst ^= m; - } - - Ok(()) - } -} - -impl HeaderProtectionKey for RingHeaderProtectionKey { - fn encrypt_in_place( - &self, - sample: &[u8], - first: &mut u8, - packet_number: &mut [u8], - ) -> Result<(), Error> { - self.xor_in_place(sample, first, packet_number, false) - } - - fn decrypt_in_place( - &self, - sample: &[u8], - first: &mut u8, - packet_number: &mut [u8], - ) -> Result<(), Error> { - self.xor_in_place(sample, first, packet_number, true) - } - - #[inline] - fn sample_len(&self) -> usize { - self.0.algorithm().sample_len() - } -} - -pub(crate) struct RingPacketKey { - /// Encrypts or decrypts a packet's payload - key: aead::LessSafeKey, - /// Computes unique nonces for each packet - iv: Iv, - /// The cipher suite used for this packet key - suite: &'static Tls13CipherSuite, -} - -impl RingPacketKey { - pub(crate) fn new( - suite: &'static Tls13CipherSuite, - expander: &hkdf::Expander, - version: Version, - aead_algorithm: &'static aead::Algorithm, - ) -> Self { - let key = hkdf_expand_label_aead_key( - expander, - aead_algorithm.key_len(), - version.packet_key_label(), - &[], - ); - let iv = hkdf_expand_label(expander, version.packet_iv_label(), &[]); - - Self { - key: aead::LessSafeKey::new( - aead::UnboundKey::new(aead_algorithm, key.as_ref()).unwrap(), - ), - iv, - suite, - } - } -} - -impl PacketKey for RingPacketKey { - fn encrypt_in_place( - &self, - packet_number: u64, - header: &[u8], - payload: &mut [u8], - ) -> Result { - let aad = aead::Aad::from(header); - let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, packet_number).0); - let tag = self - .key - .seal_in_place_separate_tag(nonce, aad, payload) - .map_err(|_| Error::EncryptError)?; - Ok(Tag::from(tag.as_ref())) - } - - /// Decrypt a QUIC packet - /// - /// Takes the packet `header`, which is used as the additional authenticated data, and the - /// `payload`, which includes the authentication tag. - /// - /// If the return value is `Ok`, the decrypted payload can be found in `payload`, up to the - /// length found in the return value. - fn decrypt_in_place<'a>( - &self, - packet_number: u64, - header: &[u8], - payload: &'a mut [u8], - ) -> Result<&'a [u8], Error> { - let payload_len = payload.len(); - let aad = aead::Aad::from(header); - let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, packet_number).0); - self.key - .open_in_place(nonce, aad, payload) - .map_err(|_| Error::DecryptError)?; - - let plain_len = payload_len - self.key.algorithm().tag_len(); - Ok(&payload[..plain_len]) - } - - /// Number of times the packet key can be used without sacrificing confidentiality - /// - /// See . - #[inline] - fn confidentiality_limit(&self) -> u64 { - self.suite.confidentiality_limit - } - - /// Number of times the packet key can be used without sacrificing integrity - /// - /// See . - #[inline] - fn integrity_limit(&self) -> u64 { - self.suite.integrity_limit - } - - /// Tag length for the underlying AEAD algorithm - #[inline] - fn tag_len(&self) -> usize { - self.key.algorithm().tag_len() - } -} - -pub(crate) struct RingKeyBuilder( - pub(crate) &'static aead::Algorithm, - pub(crate) &'static aead::quic::Algorithm, -); - -impl Algorithm for RingKeyBuilder { - fn packet_key( - &self, - suite: &'static Tls13CipherSuite, - expander: &hkdf::Expander, - version: Version, - ) -> Box { - Box::new(RingPacketKey::new(suite, expander, version, self.0)) - } - - fn header_protection_key( - &self, - expander: &hkdf::Expander, - version: Version, - ) -> Box { - Box::new(RingHeaderProtectionKey::new(expander, version, self.1)) - } -} - -#[cfg(test)] -mod test { - use super::*; - use crate::common_state::Side; - use crate::crypto::ring; - use crate::crypto::ring::tls13::{ - TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, - }; - - fn test_short_packet(version: Version, expected: &[u8]) { - const PN: u64 = 654360564; - const SECRET: &[u8] = &[ - 0x9a, 0xc3, 0x12, 0xa7, 0xf8, 0x77, 0x46, 0x8e, 0xbe, 0x69, 0x42, 0x27, 0x48, 0xad, - 0x00, 0xa1, 0x54, 0x43, 0xf1, 0x82, 0x03, 0xa0, 0x7d, 0x60, 0x60, 0xf6, 0x88, 0xf3, - 0x0f, 0x21, 0x63, 0x2b, - ]; - - let expander = - hkdf::Expander::from_okm(&hkdf::OkmBlock::from(SECRET), &ring::hmac::HMAC_SHA256); - let hpk = super::RingHeaderProtectionKey::new(&expander, version, &aead::quic::CHACHA20); - let packet = super::RingPacketKey::new( - TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, - &expander, - version, - &aead::CHACHA20_POLY1305, - ); - - const PLAIN: &[u8] = &[0x42, 0x00, 0xbf, 0xf4, 0x01]; - - let mut buf = PLAIN.to_vec(); - let (header, payload) = buf.split_at_mut(4); - let tag = packet - .encrypt_in_place(PN, header, payload) - .unwrap(); - buf.extend(tag.as_ref()); - - let pn_offset = 1; - let (header, sample) = buf.split_at_mut(pn_offset + 4); - let (first, rest) = header.split_at_mut(1); - let sample = &sample[..hpk.sample_len()]; - hpk.encrypt_in_place(sample, &mut first[0], dbg!(rest)) - .unwrap(); - - assert_eq!(&buf, expected); - - let (header, sample) = buf.split_at_mut(pn_offset + 4); - let (first, rest) = header.split_at_mut(1); - let sample = &sample[..hpk.sample_len()]; - hpk.decrypt_in_place(sample, &mut first[0], rest) - .unwrap(); - - let (header, payload_tag) = buf.split_at_mut(4); - let plain = packet - .decrypt_in_place(PN, header, payload_tag) - .unwrap(); - - assert_eq!(plain, &PLAIN[4..]); - } - - #[test] - fn short_packet_header_protection() { - // https://www.rfc-editor.org/rfc/rfc9001.html#name-chacha20-poly1305-short-hea - test_short_packet( - Version::V1, - &[ - 0x4c, 0xfe, 0x41, 0x89, 0x65, 0x5e, 0x5c, 0xd5, 0x5c, 0x41, 0xf6, 0x90, 0x80, 0x57, - 0x5d, 0x79, 0x99, 0xc2, 0x5a, 0x5b, 0xfb, - ], - ); - } - - #[test] - fn key_update_test_vector() { - fn equal_okm(x: &hkdf::OkmBlock, y: &hkdf::OkmBlock) -> bool { - x.as_ref() == y.as_ref() - } - - let mut secrets = Secrets::new( - // Constant dummy values for reproducibility - hkdf::OkmBlock::from( - &[ - 0xb8, 0x76, 0x77, 0x08, 0xf8, 0x77, 0x23, 0x58, 0xa6, 0xea, 0x9f, 0xc4, 0x3e, - 0x4a, 0xdd, 0x2c, 0x96, 0x1b, 0x3f, 0x52, 0x87, 0xa6, 0xd1, 0x46, 0x7e, 0xe0, - 0xae, 0xab, 0x33, 0x72, 0x4d, 0xbf, - ][..], - ), - hkdf::OkmBlock::from( - &[ - 0x42, 0xdc, 0x97, 0x21, 0x40, 0xe0, 0xf2, 0xe3, 0x98, 0x45, 0xb7, 0x67, 0x61, - 0x34, 0x39, 0xdc, 0x67, 0x58, 0xca, 0x43, 0x25, 0x9b, 0x87, 0x85, 0x06, 0x82, - 0x4e, 0xb1, 0xe4, 0x38, 0xd8, 0x55, - ][..], - ), - TLS13_AES_128_GCM_SHA256_INTERNAL, - Side::Client, - Version::V1, - ); - secrets.update(); - - assert!(equal_okm( - &secrets.client, - &hkdf::OkmBlock::from( - &[ - 0x42, 0xca, 0xc8, 0xc9, 0x1c, 0xd5, 0xeb, 0x40, 0x68, 0x2e, 0x43, 0x2e, 0xdf, - 0x2d, 0x2b, 0xe9, 0xf4, 0x1a, 0x52, 0xca, 0x6b, 0x22, 0xd8, 0xe6, 0xcd, 0xb1, - 0xe8, 0xac, 0xa9, 0x6, 0x1f, 0xce - ][..] - ) - )); - assert!(equal_okm( - &secrets.server, - &hkdf::OkmBlock::from( - &[ - 0xeb, 0x7f, 0x5e, 0x2a, 0x12, 0x3f, 0x40, 0x7d, 0xb4, 0x99, 0xe3, 0x61, 0xca, - 0xe5, 0x90, 0xd4, 0xd9, 0x92, 0xe1, 0x4b, 0x7a, 0xce, 0x3, 0xc2, 0x44, 0xe0, - 0x42, 0x21, 0x15, 0xb6, 0xd3, 0x8a - ][..] - ) - )); - } - - #[test] - fn short_packet_header_protection_v2() { - // https://www.ietf.org/archive/id/draft-ietf-quic-v2-10.html#name-chacha20-poly1305-short-head - test_short_packet( - Version::V2, - &[ - 0x55, 0x58, 0xb1, 0xc6, 0x0a, 0xe7, 0xb6, 0xb9, 0x32, 0xbc, 0x27, 0xd7, 0x86, 0xf4, - 0xbc, 0x2b, 0xb2, 0x0f, 0x21, 0x62, 0xba, - ], - ); - } - - #[test] - fn initial_test_vector_v2() { - // https://www.ietf.org/archive/id/draft-ietf-quic-v2-10.html#name-sample-packet-protection-2 - let icid = [0x83, 0x94, 0xc8, 0xf0, 0x3e, 0x51, 0x57, 0x08]; - let server = Keys::initial( - Version::V2, - TLS13_AES_128_GCM_SHA256_INTERNAL, - &icid, - Side::Server, - ); - let mut server_payload = [ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x40, 0x5a, 0x02, 0x00, 0x00, 0x56, 0x03, - 0x03, 0xee, 0xfc, 0xe7, 0xf7, 0xb3, 0x7b, 0xa1, 0xd1, 0x63, 0x2e, 0x96, 0x67, 0x78, - 0x25, 0xdd, 0xf7, 0x39, 0x88, 0xcf, 0xc7, 0x98, 0x25, 0xdf, 0x56, 0x6d, 0xc5, 0x43, - 0x0b, 0x9a, 0x04, 0x5a, 0x12, 0x00, 0x13, 0x01, 0x00, 0x00, 0x2e, 0x00, 0x33, 0x00, - 0x24, 0x00, 0x1d, 0x00, 0x20, 0x9d, 0x3c, 0x94, 0x0d, 0x89, 0x69, 0x0b, 0x84, 0xd0, - 0x8a, 0x60, 0x99, 0x3c, 0x14, 0x4e, 0xca, 0x68, 0x4d, 0x10, 0x81, 0x28, 0x7c, 0x83, - 0x4d, 0x53, 0x11, 0xbc, 0xf3, 0x2b, 0xb9, 0xda, 0x1a, 0x00, 0x2b, 0x00, 0x02, 0x03, - 0x04, - ]; - let mut server_header = [ - 0xd1, 0x6b, 0x33, 0x43, 0xcf, 0x00, 0x08, 0xf0, 0x67, 0xa5, 0x50, 0x2a, 0x42, 0x62, - 0xb5, 0x00, 0x40, 0x75, 0x00, 0x01, - ]; - let tag = server - .local - .packet - .encrypt_in_place(1, &server_header, &mut server_payload) - .unwrap(); - let (first, rest) = server_header.split_at_mut(1); - let rest_len = rest.len(); - server - .local - .header - .encrypt_in_place( - &server_payload[2..18], - &mut first[0], - &mut rest[rest_len - 2..], - ) - .unwrap(); - let mut server_packet = server_header.to_vec(); - server_packet.extend(server_payload); - server_packet.extend(tag.as_ref()); - let expected_server_packet = [ - 0xdc, 0x6b, 0x33, 0x43, 0xcf, 0x00, 0x08, 0xf0, 0x67, 0xa5, 0x50, 0x2a, 0x42, 0x62, - 0xb5, 0x00, 0x40, 0x75, 0xd9, 0x2f, 0xaa, 0xf1, 0x6f, 0x05, 0xd8, 0xa4, 0x39, 0x8c, - 0x47, 0x08, 0x96, 0x98, 0xba, 0xee, 0xa2, 0x6b, 0x91, 0xeb, 0x76, 0x1d, 0x9b, 0x89, - 0x23, 0x7b, 0xbf, 0x87, 0x26, 0x30, 0x17, 0x91, 0x53, 0x58, 0x23, 0x00, 0x35, 0xf7, - 0xfd, 0x39, 0x45, 0xd8, 0x89, 0x65, 0xcf, 0x17, 0xf9, 0xaf, 0x6e, 0x16, 0x88, 0x6c, - 0x61, 0xbf, 0xc7, 0x03, 0x10, 0x6f, 0xba, 0xf3, 0xcb, 0x4c, 0xfa, 0x52, 0x38, 0x2d, - 0xd1, 0x6a, 0x39, 0x3e, 0x42, 0x75, 0x75, 0x07, 0x69, 0x80, 0x75, 0xb2, 0xc9, 0x84, - 0xc7, 0x07, 0xf0, 0xa0, 0x81, 0x2d, 0x8c, 0xd5, 0xa6, 0x88, 0x1e, 0xaf, 0x21, 0xce, - 0xda, 0x98, 0xf4, 0xbd, 0x23, 0xf6, 0xfe, 0x1a, 0x3e, 0x2c, 0x43, 0xed, 0xd9, 0xce, - 0x7c, 0xa8, 0x4b, 0xed, 0x85, 0x21, 0xe2, 0xe1, 0x40, - ]; - assert_eq!(server_packet[..], expected_server_packet[..]); - } -} From b421083f516153d40537b5540f3db14eb61c5413 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 17 Jul 2023 16:02:18 +0100 Subject: [PATCH 0109/1145] crypto::cipher: publicise traits for external use This makes `Tls12AeadAlgorithm` and `Tls13AeadAlgorithm` public, as well as the types that are associated with them. Document fields that need to become public to allow `Tls12CipherSuite` and `Tls13CipherSuite` to become public. --- rustls/src/crypto/cipher.rs | 75 +++++++++++++++++++++++++++++++-- rustls/src/crypto/ring/tls12.rs | 7 ++- rustls/src/crypto/ring/tls13.rs | 4 +- rustls/src/tls12/mod.rs | 44 ++++--------------- rustls/src/tls13/mod.rs | 25 +++++------ 5 files changed, 97 insertions(+), 58 deletions(-) diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 8ee2ae9a7d..2e7c42a318 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -2,16 +2,83 @@ use crate::enums::{ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec; pub use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +#[cfg(feature = "secret_extraction")] +use crate::suites::ConnectionTrafficSecrets; + +/// Factory trait for building `MessageEncrypter` and `MessageDecrypter` for a TLS1.3 cipher suite. +pub trait Tls13AeadAlgorithm: Send + Sync { + /// Build a `MessageEncrypter` for the given key/iv. + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box; + + /// Build a `MessageDecrypter` for the given key/iv. + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box; + + /// The length of key in bytes required by `encrypter()` and `decrypter()`. + fn key_len(&self) -> usize; + + #[cfg(feature = "secret_extraction")] + /// Convert the key material from `key`/`iv`, into a `ConnectionTrafficSecrets` item. + fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets; +} + +/// Factory trait for building `MessageEncrypter` and `MessageDecrypter` for a TLS1.2 cipher suite. +pub trait Tls12AeadAlgorithm: Send + Sync + 'static { + /// Build a `MessageEncrypter` for the given key/iv and extra key block (which can be used for + /// improving explicit nonce size security, if needed). + fn encrypter(&self, key: &[u8], iv: &[u8], extra: &[u8]) -> Box; + + /// Build a `MessageDecrypter` for the given key/iv. + fn decrypter(&self, key: &[u8], iv: &[u8]) -> Box; + + /// Return a `KeyBlockShape` that defines how large the `key_block` is and how it + /// is split up prior to calling `encrypter()`, `decrypter()` and/or `extract_keys()`. + fn key_block_shape(&self) -> KeyBlockShape; + + #[cfg(feature = "secret_extraction")] + /// Convert the key material from `key`/`iv`, into a `ConnectionTrafficSecrets` item. + fn extract_keys(&self, key: &[u8], iv: &[u8], explicit: &[u8]) -> ConnectionTrafficSecrets; +} + +/// How a TLS1.2 `key_block` is partitioned. +/// +/// nb. ciphersuites with non-zero `mac_key_length` not currently supported +pub struct KeyBlockShape { + /// How long keys are. + /// + /// `enc_key_length` terminology is from the standard ([RFC5246 A.6]). + /// + /// [RFC5246 A.6]: + pub enc_key_len: usize, + + /// How long the fixed part of the 'IV' is. + /// + /// `fixed_iv_length` terminology is from the standard ([RFC5246 A.6]). + /// + /// This isn't usually an IV, but we continue the + /// terminology misuse to match the standard. + /// + /// [RFC5246 A.6]: + pub fixed_iv_len: usize, + + /// This is a non-standard extension which extends the + /// key block to provide an initial explicit nonce offset, + /// in a deterministic and safe way. GCM needs this, + /// chacha20poly1305 works this way by design. + pub explicit_nonce_len: usize, +} /// Objects with this trait can decrypt TLS messages. pub trait MessageDecrypter: Send + Sync { - /// Perform the decryption over the concerned TLS message. - fn decrypt(&self, m: OpaqueMessage, seq: u64) -> Result; + /// Decrypt the given TLS message `msg`, using the sequence number + /// `seq` which can be used to derive a unique [`Nonce`]. + fn decrypt(&self, msg: OpaqueMessage, seq: u64) -> Result; } /// Objects with this trait can encrypt TLS messages. -pub(crate) trait MessageEncrypter: Send + Sync { - fn encrypt(&self, m: BorrowedPlainMessage, seq: u64) -> Result; +pub trait MessageEncrypter: Send + Sync { + /// Encrypt the given TLS message `msg`, using the sequence number + /// `seq which can be used to derive a unique [`Nonce`]. + fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result; } impl dyn MessageEncrypter { diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 8ed45c1a33..19af58eac2 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -1,4 +1,7 @@ -use crate::crypto::cipher::{make_tls12_aad, Iv, MessageDecrypter, MessageEncrypter, Nonce}; +use crate::crypto::cipher::{ + make_tls12_aad, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, + Tls12AeadAlgorithm, +}; use crate::crypto::KeyExchangeAlgorithm; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; @@ -8,7 +11,7 @@ use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; #[cfg(feature = "secret_extraction")] use crate::suites::ConnectionTrafficSecrets; use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; -use crate::tls12::{KeyBlockShape, Tls12AeadAlgorithm, Tls12CipherSuite}; +use crate::tls12::Tls12CipherSuite; use ring::aead; diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index baad246969..a0bb8a9b54 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -1,5 +1,5 @@ use crate::crypto::cipher::{ - make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, + make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, Tls13AeadAlgorithm, }; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; @@ -9,7 +9,7 @@ use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; #[cfg(feature = "secret_extraction")] use crate::suites::ConnectionTrafficSecrets; use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; -use crate::tls13::{Tls13AeadAlgorithm, Tls13CipherSuite}; +use crate::tls13::Tls13CipherSuite; use ring::aead; diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 63a1a844f1..b1e5dcaf98 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -1,15 +1,15 @@ use crate::common_state::{CommonState, Side}; use crate::conn::ConnectionRandoms; use crate::crypto; -use crate::crypto::cipher::{MessageDecrypter, MessageEncrypter}; +use crate::crypto::cipher::{MessageDecrypter, MessageEncrypter, Tls12AeadAlgorithm}; use crate::crypto::hash; use crate::enums::{AlertDescription, SignatureScheme}; use crate::error::{Error, InvalidMessage}; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::KeyExchangeAlgorithm; -use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; #[cfg(feature = "secret_extraction")] -use crate::suites::{ConnectionTrafficSecrets, PartiallyExtractedSecrets}; +use crate::suites::PartiallyExtractedSecrets; +use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; use core::fmt; @@ -29,12 +29,14 @@ pub struct Tls12CipherSuite { /// How to sign messages for authentication. pub sign: &'static [SignatureScheme], - pub(crate) aead_alg: &'static dyn Tls12AeadAlgorithm, + /// How to produce a [`MessageDecrypter`] or [`MessageEncrypter`] + /// from raw key material. + pub aead_alg: &'static dyn Tls12AeadAlgorithm, } impl Tls12CipherSuite { - /// Resolve the set of supported `SignatureScheme`s from the - /// offered `SupportedSignatureSchemes`. If we return an empty + /// Resolve the set of supported [`SignatureScheme`]s from the + /// offered signature schemes. If we return an empty /// set, the handshake terminates. pub fn resolve_sig_schemes(&self, offered: &[SignatureScheme]) -> Vec { self.sign @@ -65,36 +67,6 @@ impl fmt::Debug for Tls12CipherSuite { } } -pub(crate) trait Tls12AeadAlgorithm: Send + Sync + 'static { - fn decrypter(&self, key: &[u8], iv: &[u8]) -> Box; - fn encrypter(&self, key: &[u8], iv: &[u8], extra: &[u8]) -> Box; - fn key_block_shape(&self) -> KeyBlockShape; - #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: &[u8], iv: &[u8], explicit: &[u8]) -> ConnectionTrafficSecrets; -} - -/// How a TLS1.2 `key_block` is partitioned. -/// -/// nb. ciphersuites with non-zero `mac_key_length` not currently supported -pub(crate) struct KeyBlockShape { - /// How long keys are. - /// - /// `enc_key_len` terminology is from the standard. - pub(crate) enc_key_len: usize, - - /// How long the fixed part of the 'IV' is. - /// - /// This isn't usually an IV, but we continue the - /// terminology misuse to match the standard. - pub(crate) fixed_iv_len: usize, - - /// This is a non-standard extension which extends the - /// key block to provide an initial explicit nonce offset, - /// in a deterministic and safe way. GCM needs this, - /// chacha20poly1305 works this way by design. - pub(crate) explicit_nonce_len: usize, -} - /// TLS1.2 per-connection keying material pub(crate) struct ConnectionSecrets { pub(crate) randoms: ConnectionRandoms, diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 174af3c93b..587e79755f 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -1,8 +1,5 @@ use crate::crypto; -use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter, MessageEncrypter}; use crate::crypto::hash; -#[cfg(feature = "secret_extraction")] -use crate::suites::ConnectionTrafficSecrets; use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; use core::fmt; @@ -13,8 +10,17 @@ pub(crate) mod key_schedule; pub struct Tls13CipherSuite { /// Common cipher suite fields. pub common: CipherSuiteCommon, - pub(crate) hmac_provider: &'static dyn crypto::hmac::Hmac, - pub(crate) aead_alg: &'static dyn Tls13AeadAlgorithm, + + /// How to compute HMAC with the suite's hash function. + pub hmac_provider: &'static dyn crypto::hmac::Hmac, + + /// How to produce a [MessageDecrypter] or [MessageEncrypter] + /// from raw key material. + /// + /// [MessageDecrypter]: crate::crypto::cipher::MessageDecrypter + /// [MessageEncrypter]: crate::crypto::cipher::MessageEncrypter + pub aead_alg: &'static dyn crypto::cipher::Tls13AeadAlgorithm, + #[cfg(feature = "quic")] pub(crate) confidentiality_limit: u64, #[cfg(feature = "quic")] @@ -51,15 +57,6 @@ impl fmt::Debug for Tls13CipherSuite { } } -pub(crate) trait Tls13AeadAlgorithm: Send + Sync { - fn encrypter(&self, key: AeadKey, iv: Iv) -> Box; - fn decrypter(&self, key: AeadKey, iv: Iv) -> Box; - fn key_len(&self) -> usize; - - #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets; -} - /// Constructs the signature message specified in section 4.4.3 of RFC8446. pub(crate) fn construct_client_verify_message(handshake_hash: &hash::Output) -> Vec { construct_verify_message(handshake_hash, b"TLS 1.3, client CertificateVerify\x00") From 0f9206e78252fa2d95539932d36f8e336077887a Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 10 Aug 2023 17:11:05 +0100 Subject: [PATCH 0110/1145] Tighten up key type on `Tls12AeadAlgorithm` --- rustls/src/crypto/cipher.rs | 31 ++++++++++++++++++++++++++++--- rustls/src/crypto/ring/tls12.rs | 32 +++++++++++++++++--------------- rustls/src/tls12/mod.rs | 10 +++++----- 3 files changed, 50 insertions(+), 23 deletions(-) diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 2e7c42a318..40a6b7c714 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -25,10 +25,20 @@ pub trait Tls13AeadAlgorithm: Send + Sync { pub trait Tls12AeadAlgorithm: Send + Sync + 'static { /// Build a `MessageEncrypter` for the given key/iv and extra key block (which can be used for /// improving explicit nonce size security, if needed). - fn encrypter(&self, key: &[u8], iv: &[u8], extra: &[u8]) -> Box; + /// + /// The length of `key` is set by [`KeyBlockShape::enc_key_len`]. + /// + /// The length of `iv` is set by [`KeyBlockShape::fixed_iv_len`]. + /// + /// The length of `extra` is set by [`KeyBlockShape::explicit_nonce_len`]. + fn encrypter(&self, key: AeadKey, iv: &[u8], extra: &[u8]) -> Box; /// Build a `MessageDecrypter` for the given key/iv. - fn decrypter(&self, key: &[u8], iv: &[u8]) -> Box; + /// + /// The length of `key` is set by [`KeyBlockShape::enc_key_len`]. + /// + /// The length of `iv` is set by [`KeyBlockShape::fixed_iv_len`]. + fn decrypter(&self, key: AeadKey, iv: &[u8]) -> Box; /// Return a `KeyBlockShape` that defines how large the `key_block` is and how it /// is split up prior to calling `encrypter()`, `decrypter()` and/or `extract_keys()`. @@ -36,7 +46,13 @@ pub trait Tls12AeadAlgorithm: Send + Sync + 'static { #[cfg(feature = "secret_extraction")] /// Convert the key material from `key`/`iv`, into a `ConnectionTrafficSecrets` item. - fn extract_keys(&self, key: &[u8], iv: &[u8], explicit: &[u8]) -> ConnectionTrafficSecrets; + /// + /// The length of `key` is set by [`KeyBlockShape::enc_key_len`]. + /// + /// The length of `iv` is set by [`KeyBlockShape::fixed_iv_len`]. + /// + /// The length of `extra` is set by [`KeyBlockShape::explicit_nonce_len`]. + fn extract_keys(&self, key: AeadKey, iv: &[u8], explicit: &[u8]) -> ConnectionTrafficSecrets; } /// How a TLS1.2 `key_block` is partitioned. @@ -195,6 +211,15 @@ pub struct AeadKey { } impl AeadKey { + #[cfg(feature = "tls12")] + pub(crate) fn new(buf: &[u8]) -> Self { + debug_assert!(buf.len() <= Self::MAX_LEN); + let mut key = Self::from([0u8; Self::MAX_LEN]); + key.buf[..buf.len()].copy_from_slice(buf); + key.used = buf.len(); + key + } + pub(crate) fn with_length(self, len: usize) -> Self { assert!(len <= self.used); Self { diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 19af58eac2..a53cec60eb 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -1,5 +1,5 @@ use crate::crypto::cipher::{ - make_tls12_aad, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, + make_tls12_aad, AeadKey, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, Tls12AeadAlgorithm, }; use crate::crypto::KeyExchangeAlgorithm; @@ -115,8 +115,9 @@ pub(crate) static AES256_GCM: GcmAlgorithm = GcmAlgorithm(&aead::AES_256_GCM); pub(crate) struct GcmAlgorithm(&'static aead::Algorithm); impl Tls12AeadAlgorithm for GcmAlgorithm { - fn decrypter(&self, dec_key: &[u8], dec_iv: &[u8]) -> Box { - let dec_key = aead::LessSafeKey::new(aead::UnboundKey::new(self.0, dec_key).unwrap()); + fn decrypter(&self, dec_key: AeadKey, dec_iv: &[u8]) -> Box { + let dec_key = + aead::LessSafeKey::new(aead::UnboundKey::new(self.0, dec_key.as_ref()).unwrap()); let mut ret = GcmMessageDecrypter { dec_key, @@ -130,14 +131,15 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { fn encrypter( &self, - enc_key: &[u8], + enc_key: AeadKey, write_iv: &[u8], explicit: &[u8], ) -> Box { debug_assert_eq!(write_iv.len(), 4); debug_assert_eq!(explicit.len(), 8); - let enc_key = aead::LessSafeKey::new(aead::UnboundKey::new(self.0, enc_key).unwrap()); + let enc_key = + aead::LessSafeKey::new(aead::UnboundKey::new(self.0, enc_key.as_ref()).unwrap()); // The GCM nonce is constructed from a 32-bit 'salt' derived // from the master-secret, and a 64-bit explicit part, @@ -162,16 +164,16 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { } #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: &[u8], iv: &[u8], explicit: &[u8]) -> ConnectionTrafficSecrets { - match key.len() { + fn extract_keys(&self, key: AeadKey, iv: &[u8], explicit: &[u8]) -> ConnectionTrafficSecrets { + match key.as_ref().len() { 16 => { // nb. "fixed IV" becomes the GCM nonce "salt" - let (key, salt, iv) = slices_to_arrays(key, iv, explicit); + let (key, salt, iv) = slices_to_arrays(key.as_ref(), iv, explicit); ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv } } 32 => { // nb. "fixed IV" becomes the GCM nonce "salt" - let (key, salt, iv) = slices_to_arrays(key, iv, explicit); + let (key, salt, iv) = slices_to_arrays(key.as_ref(), iv, explicit); ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv } } _ => unreachable!(), @@ -182,9 +184,9 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { pub(crate) struct ChaCha20Poly1305; impl Tls12AeadAlgorithm for ChaCha20Poly1305 { - fn decrypter(&self, dec_key: &[u8], iv: &[u8]) -> Box { + fn decrypter(&self, dec_key: AeadKey, iv: &[u8]) -> Box { let dec_key = aead::LessSafeKey::new( - aead::UnboundKey::new(&aead::CHACHA20_POLY1305, dec_key).unwrap(), + aead::UnboundKey::new(&aead::CHACHA20_POLY1305, dec_key.as_ref()).unwrap(), ); Box::new(ChaCha20Poly1305MessageDecrypter { dec_key, @@ -192,9 +194,9 @@ impl Tls12AeadAlgorithm for ChaCha20Poly1305 { }) } - fn encrypter(&self, enc_key: &[u8], enc_iv: &[u8], _: &[u8]) -> Box { + fn encrypter(&self, enc_key: AeadKey, enc_iv: &[u8], _: &[u8]) -> Box { let enc_key = aead::LessSafeKey::new( - aead::UnboundKey::new(&aead::CHACHA20_POLY1305, enc_key).unwrap(), + aead::UnboundKey::new(&aead::CHACHA20_POLY1305, enc_key.as_ref()).unwrap(), ); Box::new(ChaCha20Poly1305MessageEncrypter { enc_key, @@ -211,8 +213,8 @@ impl Tls12AeadAlgorithm for ChaCha20Poly1305 { } #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: &[u8], iv: &[u8], _explicit: &[u8]) -> ConnectionTrafficSecrets { - let (key, iv) = (slice_to_array(key), slice_to_array(iv)); + fn extract_keys(&self, key: AeadKey, iv: &[u8], _explicit: &[u8]) -> ConnectionTrafficSecrets { + let (key, iv) = (slice_to_array(key.as_ref()), slice_to_array(iv)); ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv } } } diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index b1e5dcaf98..77ea770d25 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -1,7 +1,7 @@ use crate::common_state::{CommonState, Side}; use crate::conn::ConnectionRandoms; use crate::crypto; -use crate::crypto::cipher::{MessageDecrypter, MessageEncrypter, Tls12AeadAlgorithm}; +use crate::crypto::cipher::{AeadKey, MessageDecrypter, MessageEncrypter, Tls12AeadAlgorithm}; use crate::crypto::hash; use crate::enums::{AlertDescription, SignatureScheme}; use crate::error::{Error, InvalidMessage}; @@ -155,10 +155,10 @@ impl ConnectionSecrets { ( self.suite .aead_alg - .decrypter(read_key, read_iv), + .decrypter(AeadKey::new(read_key), read_iv), self.suite .aead_alg - .encrypter(write_key, write_iv, extra), + .encrypter(AeadKey::new(write_key), write_iv, extra), ) } @@ -258,11 +258,11 @@ impl ConnectionSecrets { let client_secrets = self.suite .aead_alg - .extract_keys(client_key, client_iv, explicit_nonce); + .extract_keys(AeadKey::new(client_key), client_iv, explicit_nonce); let server_secrets = self.suite .aead_alg - .extract_keys(server_key, server_iv, explicit_nonce); + .extract_keys(AeadKey::new(server_key), server_iv, explicit_nonce); let (tx, rx) = match side { Side::Client => (client_secrets, server_secrets), From 6541e9b18c777382606a9a326b324d0725765200 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 21 Aug 2023 16:17:18 +0100 Subject: [PATCH 0111/1145] tls13: use Error::EncryptError for encryption failures --- rustls/src/crypto/ring/tls13.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index a0bb8a9b54..0606eb4333 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -180,7 +180,7 @@ impl MessageEncrypter for Tls13MessageEncrypter { let aad = aead::Aad::from(make_tls13_aad(total_len)); self.enc_key .seal_in_place_append_tag(nonce, aad, &mut payload) - .map_err(|_| Error::General("encrypt failed".to_string()))?; + .map_err(|_| Error::EncryptError)?; Ok(OpaqueMessage { typ: ContentType::ApplicationData, From 175514d02f21f5c28c4b8ba8e987cce248a90c37 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 25 Aug 2023 15:12:18 +0100 Subject: [PATCH 0112/1145] Clean up `cargo doc --document-private-items` warnings --- rustls/src/conn.rs | 3 +++ rustls/src/rand.rs | 5 ++--- rustls/src/server/hs.rs | 4 +++- rustls/src/sign.rs | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 87d4b9cc0f..484b366c64 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -221,6 +221,9 @@ impl<'a> io::Read for Reader<'a> { /// Internal trait implemented by the [`ServerConnection`]/[`ClientConnection`] /// allowing them to be the subject of a [`Writer`]. +/// +/// [`ServerConnection`]: crate::ServerConnection +/// [`ClientConnection`]: crate::ClientConnection pub(crate) trait PlaintextSink { fn write(&mut self, buf: &[u8]) -> io::Result; fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result; diff --git a/rustls/src/rand.rs b/rustls/src/rand.rs index 41a5f09766..abffb44f78 100644 --- a/rustls/src/rand.rs +++ b/rustls/src/rand.rs @@ -2,15 +2,14 @@ use crate::crypto::CryptoProvider; -/// Make a Vec of the given size -/// containing random material. +/// Make a [`Vec`] of the given size containing random material. pub(crate) fn random_vec(len: usize) -> Result, GetRandomFailed> { let mut v = vec![0; len]; C::fill_random(&mut v)?; Ok(v) } -/// Return a uniformly random u32. +/// Return a uniformly random [`u32`]. pub(crate) fn random_u32() -> Result { let mut buf = [0u8; 4]; C::fill_random(&mut buf)?; diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 617ca1f1e0..bc64a5570d 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -426,9 +426,11 @@ impl State for ExpectClientHello { /// /// This represents the first part of the `ClientHello` handling, where we do all validation that /// doesn't depend on a `ServerConfig` being available and extract everything needed to build a -/// [`ClientHello`] value for a [`ResolvesServerConfig`]/`ResolvesServerCert`]. +/// [`ClientHello`] value for a [`ResolvesServerCert`]. /// /// Note that this will modify `data.sni` even if config or certificate resolution fail. +/// +/// [`ResolvesServerCert`]: crate::server::ResolvesServerCert pub(super) fn process_client_hello<'a>( m: &'a Message, done_retry: bool, diff --git a/rustls/src/sign.rs b/rustls/src/sign.rs index e2e30b489f..919aa3c10b 100644 --- a/rustls/src/sign.rs +++ b/rustls/src/sign.rs @@ -233,7 +233,7 @@ impl EcdsaSigningKey { } /// Convert a SEC1 encoding to PKCS8, and ask ring to parse it. This - /// can be removed once https://github.com/briansmith/ring/pull/1456 + /// can be removed once /// (or equivalent) is landed. fn convert_sec1_to_pkcs8( scheme: SignatureScheme, From 0f5deca3454528e7b29b47889d1505577b06ea7d Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 25 Aug 2023 15:13:14 +0100 Subject: [PATCH 0113/1145] ci: check `cargo doc --document-private-items` --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a0393a2be8..f7d4b0ec3f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -169,7 +169,7 @@ jobs: uses: dtolnay/rust-toolchain@nightly - name: cargo doc (all features) - run: cargo doc --all-features --no-deps --workspace + run: cargo doc --all-features --no-deps --document-private-items --workspace env: RUSTDOCFLAGS: -Dwarnings From c29c75b802bb180b1019b21cfe0474ccf4d1f0ff Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 28 Aug 2023 11:35:01 -0400 Subject: [PATCH 0114/1145] examples: configure `KeyLogFile` for all examples. The example programs distributed with Rustls are often used to demonstrate TLS features, or debug issues, that require being able to view plaintext data captured in a pcap (e.g. with Wireshark). To make this convenient this commit updates the examples (minus the MIO examples that already did so ) to configure Rustls with a `KeyLogFile` implementation of the `KeyLog` trait. Users can then specify the `SSLKEYLOGFILE` environment variable to log the required session secrets for use with their pcap tool of choice. --- examples/src/bin/server_acceptor.rs | 23 +++++++++++++---------- examples/src/bin/simple_0rtt_client.rs | 3 +++ examples/src/bin/simpleclient.rs | 5 ++++- 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index 43e475ca9e..aa4fe19f3d 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -228,16 +228,19 @@ impl TestPki { // Build a server config using the fresh verifier. If necessary, this could be customized // based on the ClientHello (e.g. selecting a different certificate, or customizing // supported algorithms/protocol versions). - Arc::new( - ServerConfig::builder() - .with_safe_defaults() - .with_client_cert_verifier(verifier) - .with_single_cert( - vec![Certificate(self.server_cert_der.clone())], - PrivateKey(self.server_key_der.clone()), - ) - .unwrap(), - ) + let mut server_config = ServerConfig::builder() + .with_safe_defaults() + .with_client_cert_verifier(verifier) + .with_single_cert( + vec![Certificate(self.server_cert_der.clone())], + PrivateKey(self.server_key_der.clone()), + ) + .unwrap(); + + // Allow using SSLKEYLOGFILE. + server_config.key_log = Arc::new(rustls::KeyLogFile::new()); + + Arc::new(server_config) } /// Issue a certificate revocation list (CRL) for the revoked `serials` provided (may be empty). diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index 8b41232b64..e25cb53b9a 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -77,6 +77,9 @@ fn main() { .with_root_certificates(root_store) .with_no_client_auth(); + // Allow using SSLKEYLOGFILE. + config.key_log = Arc::new(rustls::KeyLogFile::new()); + // Enable early data. config.enable_early_data = true; let config = Arc::new(config); diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index b4f6f2272d..07036c8c6d 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -28,11 +28,14 @@ fn main() { ) }), ); - let config = rustls::ClientConfig::::builder() + let mut config = rustls::ClientConfig::::builder() .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(); + // Allow using SSLKEYLOGFILE. + config.key_log = Arc::new(rustls::KeyLogFile::new()); + let server_name = "www.rust-lang.org".try_into().unwrap(); let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap(); let mut sock = TcpStream::connect("www.rust-lang.org:443").unwrap(); From 3159410cf1bd2b488dde322a01adb1a76e5a8d7c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 29 Aug 2023 09:42:58 +0100 Subject: [PATCH 0115/1145] Correct `cargo test` for all feature combinations It seems ideal if `cargo build` and `cargo test` work without errors for any combination of crate features. `cargo hack --feature-powerset --keep-going test` shows a few existing issues that this commit addresses: - `bogo_shim`: requires the `tls12` feature - `test_secret_extraction_enabled` and `test_secret_extraction_disabled_or_too_early` require the `tls12` feature. --- rustls/Cargo.toml | 2 +- rustls/tests/api.rs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 1e4e1d5005..d27d8fdfe9 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -41,7 +41,7 @@ base64 = "0.21" [[example]] name = "bogo_shim" path = "examples/internal/bogo_shim.rs" -required-features = ["dangerous_configuration", "quic"] +required-features = ["dangerous_configuration", "quic", "tls12"] [[example]] name = "bench" diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index b4278b3204..7d3ae73fd0 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4776,7 +4776,7 @@ fn test_no_warning_logging_during_successful_sessions() { } /// Test that secrets can be extracted and used for encryption/decryption. -#[cfg(feature = "secret_extraction")] +#[cfg(all(feature = "secret_extraction", feature = "tls12"))] #[test] fn test_secret_extraction_enabled() { // Normally, secret extraction would be used to configure kTLS (TLS offload @@ -4851,7 +4851,7 @@ fn test_secret_extraction_enabled() { /// Test that secrets cannot be extracted unless explicitly enabled, and until /// the handshake is done. -#[cfg(feature = "secret_extraction")] +#[cfg(all(feature = "secret_extraction", feature = "tls12"))] #[test] fn test_secret_extraction_disabled_or_too_early() { let suite = rustls::cipher_suite::TLS13_AES_128_GCM_SHA256; From 676df24f53208bb4303a100b95bc5f2bedc73ce9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Thu, 24 Aug 2023 12:09:46 +0200 Subject: [PATCH 0116/1145] Implement CPU instruction benchmarks --- Cargo.toml | 6 + ci-bench/Cargo.toml | 17 + ci-bench/README.md | 110 +++++++ ci-bench/src/benchmark.rs | 197 ++++++++++++ ci-bench/src/cachegrind.rs | 218 +++++++++++++ ci-bench/src/main.rs | 632 +++++++++++++++++++++++++++++++++++++ ci-bench/src/util.rs | 195 ++++++++++++ 7 files changed, 1375 insertions(+) create mode 100644 ci-bench/Cargo.toml create mode 100644 ci-bench/README.md create mode 100644 ci-bench/src/benchmark.rs create mode 100644 ci-bench/src/cachegrind.rs create mode 100644 ci-bench/src/main.rs create mode 100644 ci-bench/src/util.rs diff --git a/Cargo.toml b/Cargo.toml index b0039acdcc..88b287d81d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,10 +1,16 @@ [workspace] members = [ + # CI benchmarks + "ci-bench", # tests and example code "examples", # the main library and tests "rustls", ] +default-members = [ + "examples", + "rustls", +] exclude = ["admin/rustfmt"] resolver = "2" diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml new file mode 100644 index 0000000000..c4e2c59b74 --- /dev/null +++ b/ci-bench/Cargo.toml @@ -0,0 +1,17 @@ +[package] +name = "rustls-ci-bench" +version = "0.0.1" +edition = "2021" +license = "Apache-2.0 OR ISC OR MIT" +description = "Rustls CPU instruction counting benchmarks." +publish = false + +[dependencies] +anyhow = "1.0.73" +byteorder = "1.4.3" +clap = { version = "4.3.21", features = ["derive"] } +itertools = "0.11.0" +rayon = "1.7.0" +rustls = { path = "../rustls" } +rustls-pemfile = "1.0.3" + diff --git a/ci-bench/README.md b/ci-bench/README.md new file mode 100644 index 0000000000..3187adacc6 --- /dev/null +++ b/ci-bench/README.md @@ -0,0 +1,110 @@ +# CI Bench + +This crate is meant for CI benchmarking. It measures CPU instructions using `cachegrind`, outputs +the results in CSV format and allows comparing results from multiple runs. + +## Usage + +You can get detailed usage information through `cargo run --release -- --help`. Below are the most +important bits. + +### Running all benchmarks + +_Note: this step requires having `valgrind` in your path._ + +Use `cargo run --release -- run-all > out.csv` to generate a CSV with the instruction counts for +the different scenarios we support. The result should look like the following: + +```csv +handshake_no_resume_1.2_rsa_aes_server,11327015 +handshake_no_resume_1.2_rsa_aes_client,4314952 +handshake_session_id_1.2_rsa_aes_server,11342136 +handshake_session_id_1.2_rsa_aes_client,4327564 +handshake_tickets_1.2_rsa_aes_server,11347746 +handshake_tickets_1.2_rsa_aes_client,4331424 +transfer_no_resume_1.2_rsa_aes_server,8775780 +transfer_no_resume_1.2_rsa_aes_client,8818847 +handshake_no_resume_1.3_rsa_aes_server,11517007 +handshake_no_resume_1.3_rsa_aes_client,4212770 +... +... rest omitted for brevity +... +``` + +### Comparing results + +Use `cargo run --release -- compare out1.csv out2.csv`. It will output a report using +GitHub-flavored markdown (used by the CI itself to give feedback about PRs). We currently +consider differences of 0.2% to be significant, but might tweak it in the future after we gain +experience with the benchmarking setup. + +### Supported scenarios + +We benchmark the following scenarios: + +- Handshake without resumption (`handshake_no_resume`) +- Handshake with ticket resumption (`handshake_tickets`) +- Handshake with session id resumption (`handshake_session_id`) +- Encrypt, transfer and decrypt 1MB of data sent by the server + (`transfer_no_resume`) + +The scenarios are benchmarked with different TLS versions, certificate key types and cipher suites. +CPU counts are measured independently for the server side and for the client side. Hence, we end up +with names like `transfer_no_resume_1.3_rsa_aes_client`. + +## Internals + +We have made an effort to heavily document the source code of the benchmarks. In addition to that, +here are some high-level considerations that can help you hack on the crate. + +### Architecture + +An important goal of this benchmarking setup is that it should run with minimum noise on +standard GitHub Actions runners. We achieve that by measuring CPU instructions using `cachegrind`, +which runs fine on the cloud (contrary to hardware instruction counters). This is the same +approach used by the [iai](https://crates.io/crates/iai) benchmarking crate, but we needed more +flexibility and have therefore rolled our own setup. + +Using `cachegrind` has some architectural consequences because it operates at the process level +(i.e. it can count CPU instructions for a whole process, but not for a single function). The +most important consequences are: + +- Since we want to measure server and client instruction counts separately, the benchmark runner + spawns two child processes for each benchmark (one for the client, one for the server) and pipes + their stdio to each other for communication (i.e. stdio acts as the transport layer). +- There is a no-op "benchmark" that measures the overhead of starting up the child process, so + we can subtract it from the instruction count of the real benchmarks and reduce noise. +- Since we want to measure individual portions of code (e.g. data transfer after the handshake), + there is a mechanism to subtract the instructions that are part of a benchmark's setup. + Specifically, a benchmark can be configured to have another benchmark's instruction count + subtracted from it. We are currently using this to subtract the handshake instructions from the + data transfer benchmark. + +### Debugging + +If you need to debug the crate, here are a few tricks that might help: + +- For printf debugging, you should use `eprintln!`, because child processes use stdio as the + transport for the TLS connection (i.e. if you print something to stdout, you won't even see it + _and_ the other side of the connection will choke on it). +- When using a proper debugger, remember that each side of the connection runs as a child process. + If necessary, you can tweak the code to ensure both sides of the connection run on the parent + process (e.g. by starting each side on its own thread and having them communicate through TCP). + This should require little effort, because the TLS transport layer is encapsulated and generic + over `Read` and `Write`. + +### Why measure CPU instructions + +This technique has been successfully used in tracking the Rust compiler's performance, and is +known to work well when comparing two versions of the same code. It has incredibly low noise, +and therefore makes for a very good metric for automatic PR checking (i.e. the automatic check +will reliably identify significant performance changes). + +It is not possible to deduce the exact change in runtime based on the instruction count +difference (e.g. a 5% increase in instructions does not necessarily result in a 5% increase in +runtime). However, if there is a significant change in instruction count, you can be fairly +confident there is a significant change in runtime too. This is very useful information to have +when reviewing a PR. + +For more information, including the alternatives we considered, check out [this comment] +(https://github.com/rustls/rustls/issues/1385#issuecomment-1668023152) in the issue tracker. diff --git a/ci-bench/src/benchmark.rs b/ci-bench/src/benchmark.rs new file mode 100644 index 0000000000..05d057d33d --- /dev/null +++ b/ci-bench/src/benchmark.rs @@ -0,0 +1,197 @@ +use std::collections::{HashMap, HashSet}; + +use itertools::Itertools; + +use crate::cachegrind::InstructionCounts; +use crate::util::KeyType; +use crate::Side; + +/// Validates a benchmark collection, returning an error if the provided benchmarks are invalid +/// +/// Benchmarks can be invalid because of the following reasons: +/// +/// - Re-using an already defined benchmark name. +/// - Referencing a non-existing benchmark in [`ReportingMode::AllInstructionsExceptSetup`]. +pub fn validate_benchmarks(benchmarks: &[Benchmark]) -> anyhow::Result<()> { + // Detect duplicate definitions + let duplicate_names: Vec<_> = benchmarks + .iter() + .map(|b| b.name.as_str()) + .duplicates() + .collect(); + if !duplicate_names.is_empty() { + anyhow::bail!( + "The following benchmarks are defined multiple times: {}", + duplicate_names.join(", ") + ); + } + + // Detect dangling benchmark references + let all_names: HashSet<_> = benchmarks + .iter() + .map(|b| b.name.as_str()) + .collect(); + let referenced_names: HashSet<_> = benchmarks + .iter() + .flat_map(|b| match &b.reporting_mode { + ReportingMode::AllInstructions => None, + ReportingMode::AllInstructionsExceptSetup(name) => Some(name.as_str()), + }) + .collect(); + + let undefined_names: Vec<_> = referenced_names + .difference(&all_names) + .cloned() + .collect(); + if !undefined_names.is_empty() { + anyhow::bail!("The following benchmark names are referenced, but have no corresponding benchmarks: {}", + undefined_names.join(", ")); + } + + Ok(()) +} + +/// Specifies how the results of a particular benchmark should be reported +pub enum ReportingMode { + /// All instructions are reported + AllInstructions, + /// All instructions are reported, after subtracting the instructions of the setup code + /// + /// The instruction count of the setup code is obtained by running a benchmark containing only + /// that code. The string parameter corresponds to the name of that benchmark. + AllInstructionsExceptSetup(String), +} + +/// Get the reported instruction counts for the provided benchmark +pub fn get_reported_instr_count( + bench: &Benchmark, + results: &HashMap<&str, InstructionCounts>, +) -> InstructionCounts { + match bench.reporting_mode() { + ReportingMode::AllInstructions => results[&bench.name()], + ReportingMode::AllInstructionsExceptSetup(setup_name) => { + let bench_results = results[&bench.name()]; + let setup_results = results[setup_name.as_str()]; + bench_results - setup_results + } + } +} + +/// Specifies which functionality is being benchmarked +#[derive(Copy, Clone)] +pub enum BenchmarkKind { + /// Perform the handshake and exit + Handshake(ResumptionKind), + /// Perform the handshake and transfer 1MB of data + Transfer, +} + +impl BenchmarkKind { + /// Returns the [`ResumptionKind`] used in the handshake part of the benchmark + pub fn resumption_kind(self) -> ResumptionKind { + match self { + BenchmarkKind::Handshake(kind) => kind, + BenchmarkKind::Transfer => ResumptionKind::No, + } + } +} + +#[derive(PartialEq, Clone, Copy)] +/// The kind of resumption used during the handshake +pub enum ResumptionKind { + /// No resumption + No, + /// Session ID + SessionID, + /// Session tickets + Tickets, +} + +impl ResumptionKind { + pub const ALL: &'static [ResumptionKind] = &[Self::No, Self::SessionID, Self::Tickets]; + + /// Returns a user-facing label that identifies the resumption kind + pub fn label(&self) -> &'static str { + match *self { + Self::No => "no_resume", + Self::SessionID => "session_id", + Self::Tickets => "tickets", + } + } +} + +/// Parameters associated to a benchmark +#[derive(Copy, Clone)] +pub struct BenchmarkParams { + /// The type of key used to sign the TLS certificate + pub key_type: KeyType, + /// Cipher suite + pub ciphersuite: rustls::SupportedCipherSuite, + /// TLS version + pub version: &'static rustls::SupportedProtocolVersion, + /// A user-facing label that identifies these params + pub label: &'static str, +} + +impl BenchmarkParams { + /// Create a new set of benchmark params + pub const fn new( + key_type: KeyType, + ciphersuite: rustls::SupportedCipherSuite, + version: &'static rustls::SupportedProtocolVersion, + label: &'static str, + ) -> Self { + Self { + key_type, + ciphersuite, + version, + label, + } + } +} + +/// A benchmark specification +pub struct Benchmark { + /// The name of the benchmark, as shown in the benchmark results + name: String, + /// The benchmark kind + pub kind: BenchmarkKind, + /// The benchmark's parameters + pub params: BenchmarkParams, + /// The way instruction counts should be reported for this benchmark + pub reporting_mode: ReportingMode, +} + +impl Benchmark { + /// Create a new benchmark + pub fn new(name: String, kind: BenchmarkKind, params: BenchmarkParams) -> Self { + Self { + name, + kind, + params, + reporting_mode: ReportingMode::AllInstructions, + } + } + + /// Configure this benchmark to subtract the instruction count of the referenced benchmark when + /// reporting results + pub fn exclude_setup_instructions(mut self, name: String) -> Self { + self.reporting_mode = ReportingMode::AllInstructionsExceptSetup(name); + self + } + + /// Returns the benchmark's unique name + pub fn name(&self) -> &str { + &self.name + } + + /// Returns the benchmark's unique name with the side appended to it + pub fn name_with_side(&self, side: Side) -> String { + format!("{}_{}", self.name, side.as_str()) + } + + /// Returns the benchmark's reporting mode + pub fn reporting_mode(&self) -> &ReportingMode { + &self.reporting_mode + } +} diff --git a/ci-bench/src/cachegrind.rs b/ci-bench/src/cachegrind.rs new file mode 100644 index 0000000000..e674fbf019 --- /dev/null +++ b/ci-bench/src/cachegrind.rs @@ -0,0 +1,218 @@ +use std::fs::File; +use std::io::{BufRead, BufReader}; +use std::ops::Sub; +use std::path::{Path, PathBuf}; +use std::process::{Child, Command, Stdio}; + +use anyhow::Context; + +use crate::benchmark::Benchmark; +use crate::Side; + +/// A cachegrind-based benchmark runner +pub struct CachegrindRunner { + /// The path to the ci-bench executable + /// + /// This is necessary because the cachegrind runner works by spawning child processes + executable: String, + /// The amount of instructions that are executed upon startup of the child process, before + /// actually running one of the benchmarks + /// + /// This count is subtracted from benchmark results, to reduce noise + overhead_instructions: u64, +} + +impl CachegrindRunner { + /// Returns a new cachegrind-based benchmark runner + pub fn new(executable: String) -> anyhow::Result { + Self::ensure_cachegrind_available()?; + + // We don't care about the side here, so let's use `Server` just to choose something + let overhead_instructions = Self::run_bench_side( + &executable, + u32::MAX, + Side::Server, + "calibration", + Stdio::piped(), + Stdio::piped(), + )? + .wait_and_get_instr_count() + .context("Unable to count overhead instructions")?; + + Ok(CachegrindRunner { + executable, + overhead_instructions, + }) + } + + /// Runs the benchmark at the specified index and returns the instruction counts for each side + pub fn run_bench( + &self, + benchmark_index: u32, + bench: &Benchmark, + ) -> anyhow::Result { + // The server and client are started as child processes, and communicate with each other + // through stdio. + + let mut server = Self::run_bench_side( + &self.executable, + benchmark_index, + Side::Server, + &bench.name_with_side(Side::Server), + Stdio::piped(), + Stdio::piped(), + ) + .context("server side bench crashed")?; + + let client = Self::run_bench_side( + &self.executable, + benchmark_index, + Side::Client, + &bench.name_with_side(Side::Client), + Stdio::from(server.process.stdout.take().unwrap()), + Stdio::from(server.process.stdin.take().unwrap()), + ) + .context("client side bench crashed")?; + + let counts = InstructionCounts { + server: server.wait_and_get_instr_count()?, + client: client.wait_and_get_instr_count()?, + }; + + let overhead_counts = InstructionCounts { + server: self.overhead_instructions, + client: self.overhead_instructions, + }; + + Ok(counts - overhead_counts) + } + + /// Returns an error if cachegrind is not available + fn ensure_cachegrind_available() -> anyhow::Result<()> { + let result = Command::new("valgrind") + .arg("--tool=cachegrind") + .arg("--version") + .stdout(Stdio::null()) + .stderr(Stdio::null()) + .status(); + + match result { + Err(e) => anyhow::bail!("Unexpected error while launching cachegrind. Error: {}", e), + Ok(status) => { + if status.success() { + Ok(()) + } else { + anyhow::bail!("Failed to launch cachegrind. Error: {}. Please ensure that valgrind is installed and on the $PATH.", status) + } + } + } + } + + /// See docs for [`Self::run_bench`] + fn run_bench_side( + executable: &str, + benchmark_index: u32, + side: Side, + name: &str, + stdin: Stdio, + stdout: Stdio, + ) -> anyhow::Result { + let output_file = PathBuf::from(format!("target/cachegrind/cachegrind.out.{}", name)); + std::fs::create_dir_all(output_file.parent().unwrap()) + .context("Failed to create cachegrind output directory")?; + + // Run under setarch to disable ASLR, to reduce noise + let mut cmd = Command::new("setarch"); + let child = cmd + .arg("-R") + .arg("valgrind") + .arg("--tool=cachegrind") + // Disable the cache simulation, since we are only interested in instruction counts + .arg("--cache-sim=no") + // Discard cachegrind's logs, which would otherwise be printed to stderr (we want to + // keep stderr free of noise, to see any errors from the child process) + .arg("--log-file=/dev/null") + // The file where the instruction counts will be stored + .arg(format!("--cachegrind-out-file={}", output_file.display())) + .arg(executable) + .arg("run-single") + .arg(benchmark_index.to_string()) + .arg(side.as_str()) + .stdin(stdin) + .stdout(stdout) + .stderr(Stdio::inherit()) + .spawn() + .context("Failed to run benchmark in cachegrind")?; + + Ok(BenchSubprocess { + process: child, + output_file, + }) + } +} + +/// A running subprocess for one of the sides of the benchmark (client or server) +struct BenchSubprocess { + /// The benchmark's child process, running under cachegrind + process: Child, + /// Cachegrind's output file for this benchmark + output_file: PathBuf, +} + +impl BenchSubprocess { + /// Waits for the process to finish and returns the measured instruction count + fn wait_and_get_instr_count(mut self) -> anyhow::Result { + let status = self + .process + .wait() + .context("Failed to run benchmark in cachegrind")?; + if !status.success() { + anyhow::bail!( + "Failed to run benchmark in cachegrind. Exit code: {:?}", + status.code() + ); + } + + let instruction_count = parse_cachegrind_output(&self.output_file)?; + std::fs::remove_file(&self.output_file).ok(); + + Ok(instruction_count) + } +} + +/// Returns the instruction count, extracted from the cachegrind output file at the provided path +fn parse_cachegrind_output(file: &Path) -> anyhow::Result { + let file_in = File::open(file).context("Unable to open cachegrind output file")?; + + for line in BufReader::new(file_in).lines() { + let line = line.context("Error reading cachegrind output file")?; + if let Some(line) = line.strip_prefix("summary: ") { + let instr_count = line + .trim() + .parse() + .context("Unable to parse instruction counts from cachegrind output file")?; + + return Ok(instr_count); + } + } + + anyhow::bail!("`summary` section not found in cachegrind output file") +} + +/// The instruction counts, for each side, after running a benchmark +#[derive(Copy, Clone)] +pub struct InstructionCounts { + pub client: u64, + pub server: u64, +} + +impl Sub for InstructionCounts { + type Output = InstructionCounts; + + fn sub(self, rhs: Self) -> Self::Output { + InstructionCounts { + client: self.client - rhs.client, + server: self.server - rhs.server, + } + } +} diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs new file mode 100644 index 0000000000..059aebaaa0 --- /dev/null +++ b/ci-bench/src/main.rs @@ -0,0 +1,632 @@ +use std::collections::HashMap; +use std::fs; +use std::hint::black_box; +use std::io::{self, BufRead, BufReader, Read, Write}; +use std::path::{Path, PathBuf}; +use std::sync::Arc; + +use anyhow::Context; +use clap::{Parser, Subcommand, ValueEnum}; +use itertools::Itertools; +use rayon::iter::Either; +use rayon::prelude::*; +use rustls::client::Resumption; +use rustls::crypto::ring::Ring; +use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; +use rustls::{ + ClientConfig, ClientConnection, ProtocolVersion, RootCertStore, ServerConfig, ServerConnection, + Ticketer, +}; + +use crate::benchmark::{ + get_reported_instr_count, validate_benchmarks, Benchmark, BenchmarkKind, BenchmarkParams, + ResumptionKind, +}; +use crate::cachegrind::CachegrindRunner; +use crate::util::transport::{ + read_handshake_message, read_plaintext_to_end_bounded, send_handshake_message, + write_all_plaintext_bounded, +}; +use crate::util::KeyType; + +mod benchmark; +mod cachegrind; +mod util; + +/// The size in bytes of the plaintext sent in the transfer benchmark +const TRANSFER_PLAINTEXT_SIZE: usize = 1024 * 1024; + +/// The amount of times a resumed handshake should be executed during benchmarking. +/// +/// Handshakes with session resumption execute a very small amount of instructions (less than 200_000 +/// for some parameters), so a small difference in instructions accounts for a high difference in +/// percentage (making the benchmark more sensitive to noise, because differences as low as 500 +/// instructions already raise a flag). Running the handshake multiple times gives additional weight +/// to the instructions involved in the handshake, and less weight to noisy one-time setup code. +/// +/// More specifically, great part of the noise in resumed handshakes comes from the usage of +/// [`rustls::client::ClientSessionMemoryCache`] and [`rustls::server::ServerSessionMemoryCache`], +/// which rely on a randomized `HashMap` under the hood (you can check for yourself by that +/// `HashMap` by a `FxHashMap`, which brings the noise down to acceptable levels in a single run). +const RESUMED_HANDSHAKE_RUNS: usize = 3; + +/// The threshold at which instruction count changes are considered relevant +const CHANGE_THRESHOLD: f64 = 0.002; // 0.2% + +#[derive(Parser)] +#[command(about)] +pub struct Cli { + #[command(subcommand)] + pub command: Command, +} + +#[derive(Subcommand)] +pub enum Command { + /// Run all benchmarks and prints the measured CPU instruction counts in CSV format + RunAll, + /// Run a single benchmark at the provided index (used by the bench runner to start each benchmark in its own process) + RunSingle { index: u32, side: Side }, + /// Compare the results from two previous benchmark runs and print a user-friendly markdown overview + Compare { + /// Path to a CSV file obtained from a previous `run-all` execution + baseline_input: PathBuf, + /// Path to a CSV file obtained from a previous `run-all` execution + candidate_input: PathBuf, + }, +} + +#[derive(Copy, Clone, ValueEnum)] +pub enum Side { + Server, + Client, +} + +impl Side { + /// Returns the string representation of the side + pub fn as_str(self) -> &'static str { + match self { + Side::Client => "client", + Side::Server => "server", + } + } +} + +fn main() -> anyhow::Result<()> { + let benchmarks = all_benchmarks()?; + + let cli = Cli::parse(); + match cli.command { + Command::RunAll => { + let executable = std::env::args().next().unwrap(); + let results = run_all(executable, &benchmarks)?; + + // Output results in CSV (note: not using a library here to avoid extra dependencies) + for (name, instr_count) in results { + println!("{name},{instr_count}"); + } + } + Command::RunSingle { index, side } => { + // `u32::MAX` is used as a signal to do nothing and return. By "running" an empty + // benchmark we can measure the startup overhead. + if index == u32::MAX { + return Ok(()); + } + + let bench = benchmarks + .get(index as usize) + .ok_or(anyhow::anyhow!("Benchmark not found: {index}"))?; + + let mut stdin = io::stdin().lock(); + let mut stdout = io::stdout().lock(); + + let handshake_buf = &mut [0u8; 262144]; + let resumption_kind = black_box(bench.kind.resumption_kind()); + let params = black_box(bench.params); + let io = StepperIO { + reader: &mut stdin, + writer: &mut stdout, + handshake_buf, + }; + let result = match side { + Side::Server => run_bench( + ServerSideStepper { + io, + config: ServerSideStepper::make_config(¶ms, resumption_kind), + }, + bench.kind, + ), + Side::Client => run_bench( + ClientSideStepper { + io, + resumption_kind, + config: ClientSideStepper::make_config(¶ms, resumption_kind), + }, + bench.kind, + ), + }; + + result + .with_context(|| format!("{} crashed for {} side", bench.name(), side.as_str()))?; + } + Command::Compare { + baseline_input, + candidate_input, + } => { + let baseline = read_results(baseline_input.as_ref())?; + let candidate = read_results(candidate_input.as_ref())?; + let result = compare_results(&baseline, &candidate); + print_report(result); + } + } + + Ok(()) +} + +/// Returns all benchmarks +fn all_benchmarks() -> anyhow::Result> { + let mut benchmarks = Vec::new(); + for ¶m in ALL_BENCHMARK_PARAMS { + add_benchmark_group(&mut benchmarks, param); + } + + validate_benchmarks(&benchmarks)?; + Ok(benchmarks) +} + +/// The benchmark params to use for each group of benchmarks +static ALL_BENCHMARK_PARAMS: &[BenchmarkParams] = &[ + BenchmarkParams::new( + KeyType::Rsa, + rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + &rustls::version::TLS12, + "1.2_rsa_aes", + ), + BenchmarkParams::new( + KeyType::Rsa, + rustls::cipher_suite::TLS13_AES_128_GCM_SHA256, + &rustls::version::TLS13, + "1.3_rsa_aes", + ), + BenchmarkParams::new( + KeyType::Ecdsa, + rustls::cipher_suite::TLS13_AES_128_GCM_SHA256, + &rustls::version::TLS13, + "1.3_ecdsa_aes", + ), + BenchmarkParams::new( + KeyType::Rsa, + rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, + &rustls::version::TLS13, + "1.3_rsa_chacha", + ), + BenchmarkParams::new( + KeyType::Ecdsa, + rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, + &rustls::version::TLS13, + "1.3_ecdsa_chacha", + ), +]; + +/// Adds a group of benchmarks for the specified parameters +/// +/// The benchmarks in the group are: +/// +/// - Handshake without resumption +/// - Handshake with session id resumption +/// - Handshake with ticket resumption +/// - Transfer a 1MB data stream from the server to the client +fn add_benchmark_group(benchmarks: &mut Vec, params: BenchmarkParams) { + let params_label = params.label; + + // Create handshake benchmarks for all resumption kinds + for &resumption_param in ResumptionKind::ALL { + let handshake_bench = Benchmark::new( + format!("handshake_{}_{params_label}", resumption_param.label()), + BenchmarkKind::Handshake(resumption_param), + params, + ); + + let handshake_bench = if resumption_param != ResumptionKind::No { + // Since resumed handshakes include a first non-resumed handshake, we need to subtract + // the non-resumed handshake's instructions + handshake_bench + .exclude_setup_instructions(format!("handshake_no_resume_{params_label}")) + } else { + handshake_bench + }; + + benchmarks.push(handshake_bench); + } + + // Benchmark data transfer + benchmarks.push( + Benchmark::new( + format!("transfer_no_resume_{params_label}"), + BenchmarkKind::Transfer, + params, + ) + .exclude_setup_instructions(format!("handshake_no_resume_{params_label}")), + ); +} + +/// Run all the provided benches under cachegrind to retrieve their instruction count +pub fn run_all(executable: String, benches: &[Benchmark]) -> anyhow::Result> { + // Run the benchmarks in parallel + let cachegrind = CachegrindRunner::new(executable)?; + let results: Vec<_> = benches + .par_iter() + .enumerate() + .map(|(i, bench)| (bench, cachegrind.run_bench(i as u32, bench))) + .collect(); + + // Report possible errors + let (errors, results): (Vec<_>, HashMap<_, _>) = + results + .into_iter() + .partition_map(|(bench, result)| match result { + Err(_) => Either::Left(()), + Ok(instr_counts) => Either::Right((bench.name(), instr_counts)), + }); + if !errors.is_empty() { + // Note: there is no need to explicitly report the names of each crashed benchmark, because + // names and other details are automatically printed to stderr by the child process upon + // crashing + anyhow::bail!("One or more benchmarks crashed"); + } + + // Gather results keeping the original order of the benchmarks + let mut measurements = Vec::new(); + for bench in benches { + let instr_counts = get_reported_instr_count(bench, &results); + measurements.push((bench.name_with_side(Side::Server), instr_counts.server)); + measurements.push((bench.name_with_side(Side::Client), instr_counts.client)); + } + + Ok(measurements) +} + +/// Drives the different steps in a benchmark. +/// +/// See [`run_bench`] for specific details on how it is used. +trait BenchStepper { + type Endpoint; + + fn handshake(&mut self) -> anyhow::Result; + fn sync_before_resumed_handshake(&mut self) -> anyhow::Result<()>; + fn transmit_data(&mut self, endpoint: &mut Self::Endpoint) -> anyhow::Result<()>; +} + +/// Stepper fields necessary for IO +struct StepperIO<'a> { + reader: &'a mut dyn Read, + writer: &'a mut dyn Write, + handshake_buf: &'a mut [u8], +} + +/// A benchmark stepper for the client-side of the connection +struct ClientSideStepper<'a> { + io: StepperIO<'a>, + resumption_kind: ResumptionKind, + config: Arc>, +} + +impl ClientSideStepper<'_> { + fn make_config(params: &BenchmarkParams, resume: ResumptionKind) -> Arc> { + assert_eq!(params.ciphersuite.version(), params.version); + let mut root_store = RootCertStore::empty(); + let mut rootbuf = + io::BufReader::new(fs::File::open(params.key_type.path_for("ca.cert")).unwrap()); + root_store.add_parsable_certificates(rustls_pemfile::certs(&mut rootbuf).unwrap()); + + let mut cfg = ClientConfig::builder() + .with_cipher_suites(&[params.ciphersuite]) + .with_safe_default_kx_groups() + .with_protocol_versions(&[params.version]) + .unwrap() + .with_root_certificates(root_store) + .with_no_client_auth(); + + if resume != ResumptionKind::No { + cfg.resumption = Resumption::in_memory_sessions(128); + } else { + cfg.resumption = Resumption::disabled(); + } + + Arc::new(cfg) + } +} + +impl BenchStepper for ClientSideStepper<'_> { + type Endpoint = ClientConnection; + + fn handshake(&mut self) -> anyhow::Result { + let server_name = "localhost".try_into().unwrap(); + let mut client = ClientConnection::new(self.config.clone(), server_name).unwrap(); + client.set_buffer_limit(None); + + loop { + send_handshake_message(&mut client, self.io.writer, self.io.handshake_buf)?; + if !client.is_handshaking() && !client.wants_write() { + break; + } + read_handshake_message(&mut client, self.io.reader, self.io.handshake_buf)?; + } + + // Session ids and tickets are no longer part of the handshake in TLS 1.3, so we need to + // explicitly receive them from the server + if self.resumption_kind != ResumptionKind::No + && client.protocol_version().unwrap() == ProtocolVersion::TLSv1_3 + { + read_handshake_message(&mut client, self.io.reader, self.io.handshake_buf)?; + } + + Ok(client) + } + + fn sync_before_resumed_handshake(&mut self) -> anyhow::Result<()> { + // The client syncs by receiving a single byte (we assert that it matches the `42` byte sent + // by the server, just to be sure) + let buf = &mut [0]; + self.io.reader.read_exact(buf)?; + assert_eq!(buf[0], 42); + Ok(()) + } + + fn transmit_data(&mut self, endpoint: &mut Self::Endpoint) -> anyhow::Result<()> { + let total_plaintext_read = read_plaintext_to_end_bounded(endpoint, self.io.reader)?; + assert_eq!(total_plaintext_read, TRANSFER_PLAINTEXT_SIZE); + Ok(()) + } +} + +/// A benchmark stepper for the server-side of the connection +struct ServerSideStepper<'a> { + io: StepperIO<'a>, + config: Arc>, +} + +impl ServerSideStepper<'_> { + fn make_config(params: &BenchmarkParams, resume: ResumptionKind) -> Arc> { + assert_eq!(params.ciphersuite.version(), params.version); + + let mut cfg = ServerConfig::builder() + .with_safe_default_cipher_suites() + .with_safe_default_kx_groups() + .with_protocol_versions(&[params.version]) + .unwrap() + .with_client_cert_verifier(WebPkiClientVerifier::no_client_auth()) + .with_single_cert(params.key_type.get_chain(), params.key_type.get_key()) + .expect("bad certs/private key?"); + + if resume == ResumptionKind::SessionID { + cfg.session_storage = ServerSessionMemoryCache::new(128); + } else if resume == ResumptionKind::Tickets { + cfg.ticketer = Ticketer::new().unwrap(); + } else { + cfg.session_storage = Arc::new(NoServerSessionStorage {}); + } + + Arc::new(cfg) + } +} + +impl BenchStepper for ServerSideStepper<'_> { + type Endpoint = ServerConnection; + + fn handshake(&mut self) -> anyhow::Result { + let mut server = ServerConnection::new(self.config.clone()).unwrap(); + server.set_buffer_limit(None); + + while server.is_handshaking() { + read_handshake_message(&mut server, self.io.reader, self.io.handshake_buf)?; + send_handshake_message(&mut server, self.io.writer, self.io.handshake_buf)?; + } + + Ok(server) + } + + fn sync_before_resumed_handshake(&mut self) -> anyhow::Result<()> { + // The server syncs by sending a single byte + self.io.writer.write_all(&[42])?; + self.io.writer.flush()?; + Ok(()) + } + + fn transmit_data(&mut self, endpoint: &mut Self::Endpoint) -> anyhow::Result<()> { + write_all_plaintext_bounded(endpoint, self.io.writer, TRANSFER_PLAINTEXT_SIZE)?; + Ok(()) + } +} + +/// Runs the benchmark using the provided stepper +fn run_bench(mut stepper: T, kind: BenchmarkKind) -> anyhow::Result<()> { + let mut endpoint = stepper.handshake()?; + + match kind { + BenchmarkKind::Handshake(ResumptionKind::No) => { + // Nothing else to do here, since the handshake already happened + black_box(endpoint); + } + BenchmarkKind::Handshake(_) => { + // The handshake performed above was non-resumed, because the client didn't have a + // session ID / ticket; from now on we can perform resumed handshakes. We do it multiple + // times, for reasons explained in the comments to `RESUMED_HANDSHAKE_RUNS`. + for _ in 0..RESUMED_HANDSHAKE_RUNS { + // Wait for the endpoints to sync (i.e. the server must have discarded the previous + // connection and be ready for a new handshake, otherwise the client will start a + // handshake before the server is ready and the bytes will be fed to the old + // connection!) + stepper.sync_before_resumed_handshake()?; + stepper.handshake()?; + } + } + BenchmarkKind::Transfer => { + stepper.transmit_data(&mut endpoint)?; + } + } + + Ok(()) +} + +/// The results of a comparison between two `run-all` executions +struct CompareResult { + diffs: Vec, + /// Benchmark scenarios present in the candidate but missing in the baseline + missing_in_baseline: Vec, +} + +/// Contains information about instruction counts and their difference for a specific scenario +struct Diff { + scenario: String, + baseline: u64, + candidate: u64, + diff: i64, + diff_ratio: f64, +} + +/// Reads the (benchmark, instruction count) pairs from previous CSV output +fn read_results(path: &Path) -> anyhow::Result> { + let file = fs::File::open(path).context("CSV file for comparison not found")?; + + let mut measurements = HashMap::new(); + for line in BufReader::new(file).lines() { + let line = line.context("Unable to read results from CSV file")?; + let line = line.trim(); + let mut parts = line.split(','); + measurements.insert( + parts + .next() + .ok_or(anyhow::anyhow!("CSV is wrongly formatted"))? + .to_string(), + parts + .next() + .ok_or(anyhow::anyhow!("CSV is wrongly formatted"))? + .parse() + .context("Unable to parse instruction count from CSV")?, + ); + } + + Ok(measurements) +} + +/// Returns an internal representation of the comparison between the baseline and the candidate +/// measurements +fn compare_results( + baseline: &HashMap, + candidate: &HashMap, +) -> CompareResult { + let mut diffs = Vec::new(); + let mut missing = Vec::new(); + for (scenario, &instr_count) in candidate { + let Some(&baseline_instr_count) = baseline.get(scenario) else { + missing.push(scenario.clone()); + continue; + }; + + let diff = instr_count as i64 - baseline_instr_count as i64; + let diff_ratio = diff as f64 / baseline_instr_count as f64; + diffs.push(Diff { + scenario: scenario.clone(), + baseline: baseline_instr_count, + candidate: instr_count, + diff, + diff_ratio, + }); + } + + CompareResult { + diffs, + missing_in_baseline: missing, + } +} + +/// Prints a report of the comparison to stdout, using GitHub-flavored markdown +fn print_report(mut result: CompareResult) { + result.diffs.sort_by(|diff1, diff2| { + diff2 + .diff_ratio + .abs() + .total_cmp(&diff1.diff_ratio.abs()) + }); + + println!("# Benchmark results"); + + if !result.missing_in_baseline.is_empty() { + println!("### âš ï¸ Warning: missing benchmarks"); + println!(); + println!("The following benchmark scenarios are present in the candidate but not in the baseline:"); + println!(); + for scenario in &result.missing_in_baseline { + println!("* {scenario}"); + } + } + + if result.diffs.is_empty() { + println!("### âš ï¸ Warning: missing benchmarks"); + println!(); + println!("There are no benchmarks to report"); + return; + } + + let (noteworthy, negligible) = split_on_threshold(&result.diffs); + + println!("### Noteworthy instruction count differences"); + if noteworthy.is_empty() { + println!( + "_There are no noteworthy instruction count differences (i.e. above {}%)_", + CHANGE_THRESHOLD * 100.0 + ); + } else { + table(noteworthy, true); + } + + println!("### Other instruction count differences"); + if negligible.is_empty() { + println!("_There are no other instruction count differences_"); + } else { + println!("
"); + println!("Click to expand\n"); + table(negligible, false); + println!("
\n") + } +} + +/// Splits the diffs into two slices, the first one containing the diffs that exceed the threshold, +/// the second one containing the rest. +/// +/// Assumes that the diff slice is sorted by `diff_ratio` in descending order. +fn split_on_threshold(diffs: &[Diff]) -> (&[Diff], &[Diff]) { + match diffs + .iter() + .position(|diff| diff.diff_ratio.abs() < CHANGE_THRESHOLD) + { + None => (diffs, &[]), + Some(first_below_threshold) => ( + &diffs[..first_below_threshold], + &diffs[first_below_threshold..], + ), + } +} + +/// Renders the diffs as a markdown table +fn table(diffs: &[Diff], emoji_feedback: bool) { + println!("| Scenario | Baseline | Candidate | Diff |"); + println!("| --- | ---: | ---: | ---: |"); + for diff in diffs { + let emoji = match emoji_feedback { + true if diff.diff > 0 => "âš ï¸ ", + true if diff.diff < 0 => "✅ ", + _ => "", + }; + + println!( + "| {} | {} | {} | {}{} ({:.2}%) |", + diff.scenario, + diff.baseline, + diff.candidate, + emoji, + diff.diff, + diff.diff_ratio * 100.0 + ) + } +} diff --git a/ci-bench/src/util.rs b/ci-bench/src/util.rs new file mode 100644 index 0000000000..8fe70b2ea1 --- /dev/null +++ b/ci-bench/src/util.rs @@ -0,0 +1,195 @@ +use std::{fs, io}; + +#[derive(PartialEq, Clone, Copy, Debug)] +pub enum KeyType { + Rsa, + Ecdsa, +} + +impl KeyType { + pub(crate) fn path_for(&self, part: &str) -> String { + match self { + Self::Rsa => format!("../test-ca/rsa/{}", part), + Self::Ecdsa => format!("../test-ca/ecdsa/{}", part), + } + } + + pub(crate) fn get_chain(&self) -> Vec { + rustls_pemfile::certs(&mut io::BufReader::new( + fs::File::open(self.path_for("end.fullchain")).unwrap(), + )) + .unwrap() + .iter() + .map(|v| rustls::Certificate(v.clone())) + .collect() + } + + pub(crate) fn get_key(&self) -> rustls::PrivateKey { + rustls::PrivateKey( + rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( + fs::File::open(self.path_for("end.key")).unwrap(), + )) + .unwrap()[0] + .clone(), + ) + } +} + +pub mod transport { + //! This module implements custom functions to interact between rustls clients and a servers. + //! + //! The goal of these functions is to ensure messages are exchanged in chunks of a fixed size, to make + //! instruction counts more deterministic. This is particularly important for the receiver of the + //! data. Without it, the amount of bytes received in a single `read` call can wildly differ among + //! benchmark runs, which in turn influences the resizing of rustls' internal buffers, and therefore + //! affects the instruction count (resulting in consistent noise above 2% for the client-side of the + //! data transfer benchmarks, which is unacceptable). + //! + //! Note that this approach introduces extra copies, because we are using an intermediate buffer, + //! but that doesn't matter (we are measuring performance differences, and overhead is automatically + //! ignored as long as it remains constant). + + use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt}; + use rustls::{ClientConnection, ConnectionCommon, ServerConnection, SideData}; + use std::io::{Read, Write}; + + /// Sends one side's handshake data to the other side in one go. + /// + /// Because it is not possible for the receiver to know beforehand how many bytes are contained in + /// the message, the transmission consists of a leading big-endian u32 specifying the message's + /// length, followed by the message itself. + /// + /// The receiving end should use [`read_handshake_message`] to process the transmission. + pub fn send_handshake_message( + conn: &mut ConnectionCommon, + writer: &mut dyn Write, + buf: &mut [u8], + ) -> anyhow::Result<()> { + // Write all bytes the connection wants to send to an intermediate buffer + let mut written = 0; + while conn.wants_write() { + if written >= buf.len() { + anyhow::bail!( + "Not enough space in buffer for outgoing message (buf len = {})", + buf.len() + ); + } + + written += conn.write_tls(&mut &mut buf[written..])?; + } + + if written == 0 { + return Ok(()); + } + + // Write the whole buffer in one go, preceded by its length + writer.write_u32::(written as u32)?; + writer.write_all(&buf[..written])?; + writer.flush()?; + + Ok(()) + } + + /// Receives one side's handshake data to the other side in one go. + /// + /// Used in combination with [`send_handshake_message`] (see that function's documentation for + /// more details). + pub fn read_handshake_message( + conn: &mut ConnectionCommon, + reader: &mut dyn Read, + buf: &mut [u8], + ) -> anyhow::Result { + // Read the message to an intermediate buffer + let length = reader.read_u32::()? as usize; + if length >= buf.len() { + anyhow::bail!( + "Not enough space in buffer for incoming message (msg len = {length}, buf len = {})", + buf.len() + ); + } + reader.read_exact(&mut buf[..length])?; + + // Feed the data to rustls + let in_memory_reader = &mut &buf[..length]; + while conn.read_tls(in_memory_reader)? != 0 { + conn.process_new_packets()?; + } + + Ok(length) + } + + /// Reads plaintext until the reader reaches EOF, using a bounded amount of memory. + /// + /// Returns the amount of plaintext bytes received. + pub fn read_plaintext_to_end_bounded( + client: &mut ClientConnection, + reader: &mut dyn Read, + ) -> anyhow::Result { + let mut chunk_buf = [0u8; 262_144]; + let mut plaintext_buf = [0u8; 262_144]; + let mut total_plaintext_bytes_read = 0; + + loop { + // Read until the whole chunk is received + let mut chunk_buf_end = 0; + while chunk_buf_end != chunk_buf.len() { + let read = reader.read(&mut chunk_buf[chunk_buf_end..])?; + if read == 0 { + // Stream closed + break; + } + + chunk_buf_end += read; + } + + if chunk_buf_end == 0 { + // Stream closed + break; + } + + // Load the buffer's bytes into rustls + let mut chunk_buf_offset = 0; + while chunk_buf_offset < chunk_buf_end { + let read = client.read_tls(&mut &chunk_buf[chunk_buf_offset..chunk_buf_end])?; + chunk_buf_offset += read; + + // Process packets to free space in the message buffer + let state = client.process_new_packets()?; + let available_plaintext_bytes = state.plaintext_bytes_to_read(); + let mut plaintext_bytes_read = 0; + while plaintext_bytes_read < available_plaintext_bytes { + plaintext_bytes_read += client + .reader() + .read(&mut plaintext_buf)?; + } + + total_plaintext_bytes_read += plaintext_bytes_read; + } + } + + Ok(total_plaintext_bytes_read) + } + + /// Writes a plaintext of size `plaintext_size`, using a bounded amount of memory + pub fn write_all_plaintext_bounded( + server: &mut ServerConnection, + writer: &mut dyn Write, + plaintext_size: usize, + ) -> anyhow::Result<()> { + let send_buf = [0u8; 262_144]; + assert_eq!(plaintext_size % send_buf.len(), 0); + let iterations = plaintext_size / send_buf.len(); + + for _ in 0..iterations { + server.writer().write_all(&send_buf)?; + + // Empty the server's buffer, so we can re-fill it in the next iteration + while server.wants_write() { + server.write_tls(writer)?; + writer.flush()?; + } + } + + Ok(()) + } +} From 5ed68a92936f5a6fa8b633cf2475c9e692f7d05d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Mon, 28 Aug 2023 10:18:30 +0200 Subject: [PATCH 0117/1145] Hook up icount benchmarks to CI --- .github/workflows/icount-bench.yml | 34 ++++++++++++++++ ci-bench/src/main.rs | 62 ++++++++++++++++-------------- 2 files changed, 67 insertions(+), 29 deletions(-) create mode 100644 .github/workflows/icount-bench.yml diff --git a/.github/workflows/icount-bench.yml b/.github/workflows/icount-bench.yml new file mode 100644 index 0000000000..2f44356aa8 --- /dev/null +++ b/.github/workflows/icount-bench.yml @@ -0,0 +1,34 @@ +name: icount bench +on: [pull_request] + +jobs: + icount-benchmarks: + name: Run icount benchmarks + runs-on: ubuntu-22.04 + steps: + - name: Install valgrind + run: sudo apt install -y valgrind + + - name: Install stable toolchain + uses: dtolnay/rust-toolchain@stable + + - name: Checkout ${{ github.base_ref }} + uses: actions/checkout@v3 + with: + ref: ${{ github.base_ref }} + persist-credentials: false + + - name: Run icount benchmarks for ${{ github.base_ref }} + run: cd ci-bench && cargo run --release -- run-all > ${{ runner.temp }}/base.csv + + - name: Checkout PR + uses: actions/checkout@v3 + with: + clean: false + persist-credentials: false + + - name: Run icount benchmarks for PR + run: cd ci-bench && cargo run --release -- run-all > ${{ runner.temp }}/pr.csv + + - name: Compare results + run: cd ci-bench && cargo run --release -- compare ${{ runner.temp }}/base.csv ${{ runner.temp }}/pr.csv > $GITHUB_STEP_SUMMARY diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 059aebaaa0..07804d56f9 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -155,7 +155,14 @@ fn main() -> anyhow::Result<()> { let baseline = read_results(baseline_input.as_ref())?; let candidate = read_results(candidate_input.as_ref())?; let result = compare_results(&baseline, &candidate); - print_report(result); + print_report(&result); + + if !result.noteworthy.is_empty() { + // Signal to the parent process that there are noteworthy instruction count + // differences (exit code 1 is already used when main returns an error) + eprintln!("Noteworthy instruction count differences found. Check the job summary for details."); + std::process::exit(2); + } } } @@ -470,12 +477,16 @@ fn run_bench(mut stepper: T, kind: BenchmarkKind) -> anyhow::Re /// The results of a comparison between two `run-all` executions struct CompareResult { - diffs: Vec, + /// Results that probably indicate a real change in performance and should be highlighted + noteworthy: Vec, + /// Results within the noise threshold + negligible: Vec, /// Benchmark scenarios present in the candidate but missing in the baseline missing_in_baseline: Vec, } /// Contains information about instruction counts and their difference for a specific scenario +#[derive(Clone)] struct Diff { scenario: String, baseline: u64, @@ -534,21 +545,23 @@ fn compare_results( }); } - CompareResult { - diffs, - missing_in_baseline: missing, - } -} - -/// Prints a report of the comparison to stdout, using GitHub-flavored markdown -fn print_report(mut result: CompareResult) { - result.diffs.sort_by(|diff1, diff2| { + diffs.sort_by(|diff1, diff2| { diff2 .diff_ratio .abs() .total_cmp(&diff1.diff_ratio.abs()) }); + let (noteworthy, negligible) = split_on_threshold(&diffs); + CompareResult { + noteworthy, + negligible, + missing_in_baseline: missing, + } +} + +/// Prints a report of the comparison to stdout, using GitHub-flavored markdown +fn print_report(result: &CompareResult) { println!("# Benchmark results"); if !result.missing_in_baseline.is_empty() { @@ -561,49 +574,40 @@ fn print_report(mut result: CompareResult) { } } - if result.diffs.is_empty() { - println!("### âš ï¸ Warning: missing benchmarks"); - println!(); - println!("There are no benchmarks to report"); - return; - } - - let (noteworthy, negligible) = split_on_threshold(&result.diffs); - println!("### Noteworthy instruction count differences"); - if noteworthy.is_empty() { + if result.noteworthy.is_empty() { println!( "_There are no noteworthy instruction count differences (i.e. above {}%)_", CHANGE_THRESHOLD * 100.0 ); } else { - table(noteworthy, true); + table(&result.noteworthy, true); } println!("### Other instruction count differences"); - if negligible.is_empty() { + if result.negligible.is_empty() { println!("_There are no other instruction count differences_"); } else { println!("
"); println!("Click to expand\n"); - table(negligible, false); + table(&result.negligible, false); println!("
\n") } } -/// Splits the diffs into two slices, the first one containing the diffs that exceed the threshold, +/// Splits the diffs into two `Vec`s, the first one containing the diffs that exceed the threshold, /// the second one containing the rest. /// /// Assumes that the diff slice is sorted by `diff_ratio` in descending order. -fn split_on_threshold(diffs: &[Diff]) -> (&[Diff], &[Diff]) { +fn split_on_threshold(diffs: &[Diff]) -> (Vec, Vec) { match diffs .iter() .position(|diff| diff.diff_ratio.abs() < CHANGE_THRESHOLD) { - None => (diffs, &[]), + None => (diffs.to_vec(), Vec::new()), Some(first_below_threshold) => ( - &diffs[..first_below_threshold], - &diffs[first_below_threshold..], + diffs[..first_below_threshold].to_vec(), + diffs[first_below_threshold..].to_vec(), ), } } From 95cffd6d4443e6075d205b46ec3142cf3be3f4e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Wed, 30 Aug 2023 10:53:15 +0200 Subject: [PATCH 0118/1145] Run resumed handshakes 30x to filter out noise --- ci-bench/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 07804d56f9..ea8f162fa5 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -48,7 +48,7 @@ const TRANSFER_PLAINTEXT_SIZE: usize = 1024 * 1024; /// [`rustls::client::ClientSessionMemoryCache`] and [`rustls::server::ServerSessionMemoryCache`], /// which rely on a randomized `HashMap` under the hood (you can check for yourself by that /// `HashMap` by a `FxHashMap`, which brings the noise down to acceptable levels in a single run). -const RESUMED_HANDSHAKE_RUNS: usize = 3; +const RESUMED_HANDSHAKE_RUNS: usize = 30; /// The threshold at which instruction count changes are considered relevant const CHANGE_THRESHOLD: f64 = 0.002; // 0.2% From 9ec344fe290cce0b2cfe983e6863e6421a4666ef Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 30 Aug 2023 11:38:57 -0400 Subject: [PATCH 0119/1145] ci: rename connect-tests.yml -> daily-tests.yml --- .github/workflows/{connect-tests.yml => daily-tests.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{connect-tests.yml => daily-tests.yml} (100%) diff --git a/.github/workflows/connect-tests.yml b/.github/workflows/daily-tests.yml similarity index 100% rename from .github/workflows/connect-tests.yml rename to .github/workflows/daily-tests.yml From 7759f05e44499329e3e3ee0289d0294f54b40af6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 30 Aug 2023 11:37:59 -0400 Subject: [PATCH 0120/1145] ci: update connect-tests comment, and name. We are gradually adding other CI task here that aren't appropriate for the main CI runs. Since it's no longer dedicated to just running the connection tests we need a more representative name. --- .github/workflows/daily-tests.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index ab25beb527..501815db4c 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -1,17 +1,18 @@ -name: connect-tests +name: daily-tests permissions: contents: read on: schedule: - # We run connectivity tests on a daily basis, choosing a - # a time slightly offset from the top of the hour. + # We run these tests on a daily basis (at a time slightly offset from the + # top of the hour), as their runtime is either too long for the usual per-PR + # CI, or because they rely on external 3rd party services that can be flaky. - cron: '15 18 * * *' jobs: build: - name: Connectivity Tests + name: Daily Tests runs-on: ${{ matrix.os }} strategy: matrix: From 61b5a4cb9b6c7b31049a5059c5a4c2ca3acf80f9 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 29 Aug 2023 10:10:26 -0400 Subject: [PATCH 0121/1145] ci: add server_acceptor build check to daily-tests. This ensures the example binary continues to build, similar to how we handle the other examples. --- .github/workflows/daily-tests.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 501815db4c..5e6fc5ba68 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -50,3 +50,7 @@ jobs: - run: cargo run --bin limitedclient - run: cargo run --bin simple_0rtt_client + + # Test the server_acceptor binary builds - we invoke with --help since it + # will run a server process that doesn't exit when invoked with no args + - run: cargo run --bin server_acceptor -- --help From 4d243a35f291e446231db1362acff30d876ef38d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 30 Aug 2023 11:42:01 -0400 Subject: [PATCH 0122/1145] ci: add 'name' descriptions to daily-tests. --- .github/workflows/daily-tests.yml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 5e6fc5ba68..7c7681e4a2 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -39,18 +39,24 @@ jobs: with: toolchain: ${{ matrix.rust }} - - run: cargo build + - name: Build main crate + run: cargo build - - run: cargo test --manifest-path=connect-tests/Cargo.toml + - name: Run connect tests + run: cargo test --manifest-path=connect-tests/Cargo.toml env: RUST_BACKTRACE: 1 - - run: cargo run --bin simpleclient + - name: Check simple client + run: cargo run --bin simpleclient - - run: cargo run --bin limitedclient + - name: Check limited client + run: cargo run --bin limitedclient - - run: cargo run --bin simple_0rtt_client + - name: Check simple 0rtt client + run: cargo run --bin simple_0rtt_client # Test the server_acceptor binary builds - we invoke with --help since it # will run a server process that doesn't exit when invoked with no args - - run: cargo run --bin server_acceptor -- --help + - name: Check server acceptor + run: cargo run --bin server_acceptor -- --help From 94ce539d585d7f55005b5364f27f9c22ef474679 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 31 Aug 2023 09:51:55 -0400 Subject: [PATCH 0123/1145] ci: split up daily-tests into multiple jobs. This better separates the connection tests from the example binary smoke tests. In a subsequent commit we will add another job for running `cargo hack`. --- .github/workflows/daily-tests.yml | 32 +++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 7c7681e4a2..86c7b2cb68 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -11,8 +11,8 @@ on: - cron: '15 18 * * *' jobs: - build: - name: Daily Tests + connect-tests: + name: Connect Tests runs-on: ${{ matrix.os }} strategy: matrix: @@ -47,6 +47,34 @@ jobs: env: RUST_BACKTRACE: 1 + example-tests: + name: Example Tests + runs-on: ${{ matrix.os }} + strategy: + matrix: + # test a bunch of toolchains on ubuntu + rust: + - stable + - beta + - nightly + os: [ubuntu-20.04] + # but only stable on macos/windows (slower platforms) + include: + - os: macos-latest + rust: stable + - os: windows-latest + rust: stable + steps: + - name: Checkout sources + uses: actions/checkout@v3 + with: + persist-credentials: false + + - name: Install ${{ matrix.rust }} toolchain + uses: dtolnay/rust-toolchain@master + with: + toolchain: ${{ matrix.rust }} + - name: Check simple client run: cargo run --bin simpleclient From c1ec86d4cdccbb03c9a7a47a5843bf9d82e78192 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 31 Aug 2023 09:55:37 -0400 Subject: [PATCH 0124/1145] ci: add cargo hack to daily-tests. Test the feature powerset of the crate using `cargo hack`. The runtime of this is too large to use as part of the regular CI flow but it is helpful for catching feature interaction breakages. --- .github/workflows/daily-tests.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 86c7b2cb68..5f310df0ba 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -88,3 +88,21 @@ jobs: # will run a server process that doesn't exit when invoked with no args - name: Check server acceptor run: cargo run --bin server_acceptor -- --help + + feature-powerset: + name: Feature Powerset + runs-on: ubuntu-20.04 + steps: + - name: Checkout sources + uses: actions/checkout@v3 + with: + persist-credentials: false + + - name: Install stable toolchain + uses: dtolnay/rust-toolchain@stable + + - name: Install cargo hack + uses: taiki-e/install-action@cargo-hack + + - name: Check feature powerset + run: cargo hack check --feature-powerset --no-dev-deps From 48bf96eeecc64d4fa89297ee11981fc25cadf1b1 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 1 Sep 2023 12:39:30 +0100 Subject: [PATCH 0125/1145] Affix rustls-webpki prerelease version --- rustls/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index d27d8fdfe9..209b68e4ca 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -19,7 +19,7 @@ rustversion = { version = "1.0.6", optional = true } log = { version = "0.4.4", optional = true } ring = "0.16.20" subtle = "2.5.0" -webpki = { package = "rustls-webpki", version = "0.102.0-alpha.0", features = ["alloc", "std", "ring"] } +webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.0", features = ["alloc", "std", "ring"] } [features] default = ["logging", "tls12"] From 150b6929ce4c9db40d41e07cc44efdf334b737e9 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Fri, 1 Sep 2023 08:29:49 -0700 Subject: [PATCH 0126/1145] ci: fix job name for `cargo test` There was a mismatch between the job name and what it did. --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f7d4b0ec3f..302ebd7959 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -82,7 +82,7 @@ jobs: env: RUST_BACKTRACE: 1 - - name: cargo build (debug; no default features) + - name: cargo test (debug; no default features) run: cargo test --no-default-features - name: cargo test (debug; no default features; tls12) From a222bb9193b086a0eeee223fb46a396a08e0c562 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 4 Sep 2023 11:55:00 +0200 Subject: [PATCH 0127/1145] Docstrings on expressions are not a thing --- rustls/src/conn.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 484b366c64..b1f26d9ef4 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -326,8 +326,8 @@ impl ConnectionCommon { let common = &mut self.core.common_state; Reader { received_plaintext: &mut common.received_plaintext, - /// Are we done? i.e., have we processed all received messages, and received a - /// close_notify to indicate that no new messages will arrive? + // Are we done? i.e., have we processed all received messages, and received a + // close_notify to indicate that no new messages will arrive? peer_cleanly_closed: common.has_received_close_notify && !self.core.message_deframer.has_pending(), has_seen_eof: common.has_seen_eof, From 95780ab4768e0fb8af340ac8dd09e68ec328bf80 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 4 Sep 2023 11:55:39 +0200 Subject: [PATCH 0128/1145] Don't deny warnings from nightly clippy Since these can be added at any time. --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 302ebd7959..99fbb2dcfa 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -298,6 +298,6 @@ jobs: with: components: clippy - run: cargo clippy --package rustls --all-features --all-targets - - run: cargo clippy --package rustls --no-default-features --all-targets -- --deny warnings - - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features --all-targets -- --deny warnings - - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features --all-targets -- --deny warnings + - run: cargo clippy --package rustls --no-default-features --all-targets + - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features --all-targets + - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features --all-targets From e35a1bc22d12f3f9abff8f9028c0c34d829fdb0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Mon, 4 Sep 2023 10:26:53 +0200 Subject: [PATCH 0129/1145] Make ci-bench more deterministic * Switch to unbuffered stdio * Use FxHasher where possible --- ci-bench/Cargo.toml | 1 + ci-bench/src/benchmark.rs | 9 ++++----- ci-bench/src/main.rs | 26 ++++++++++++++++++++++---- 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index c4e2c59b74..e5d1c04bb9 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -10,6 +10,7 @@ publish = false anyhow = "1.0.73" byteorder = "1.4.3" clap = { version = "4.3.21", features = ["derive"] } +fxhash = "0.2.1" itertools = "0.11.0" rayon = "1.7.0" rustls = { path = "../rustls" } diff --git a/ci-bench/src/benchmark.rs b/ci-bench/src/benchmark.rs index 05d057d33d..a3679893d4 100644 --- a/ci-bench/src/benchmark.rs +++ b/ci-bench/src/benchmark.rs @@ -1,5 +1,4 @@ -use std::collections::{HashMap, HashSet}; - +use fxhash::{FxHashMap, FxHashSet}; use itertools::Itertools; use crate::cachegrind::InstructionCounts; @@ -27,11 +26,11 @@ pub fn validate_benchmarks(benchmarks: &[Benchmark]) -> anyhow::Result<()> { } // Detect dangling benchmark references - let all_names: HashSet<_> = benchmarks + let all_names: FxHashSet<_> = benchmarks .iter() .map(|b| b.name.as_str()) .collect(); - let referenced_names: HashSet<_> = benchmarks + let referenced_names: FxHashSet<_> = benchmarks .iter() .flat_map(|b| match &b.reporting_mode { ReportingMode::AllInstructions => None, @@ -65,7 +64,7 @@ pub enum ReportingMode { /// Get the reported instruction counts for the provided benchmark pub fn get_reported_instr_count( bench: &Benchmark, - results: &HashMap<&str, InstructionCounts>, + results: &FxHashMap<&str, InstructionCounts>, ) -> InstructionCounts { match bench.reporting_mode() { ReportingMode::AllInstructions => results[&bench.name()], diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index ea8f162fa5..07cbeec2f5 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -1,12 +1,15 @@ use std::collections::HashMap; -use std::fs; +use std::fs::{self, File}; use std::hint::black_box; use std::io::{self, BufRead, BufReader, Read, Write}; +use std::mem; +use std::os::fd::{AsRawFd, FromRawFd}; use std::path::{Path, PathBuf}; use std::sync::Arc; use anyhow::Context; use clap::{Parser, Subcommand, ValueEnum}; +use fxhash::FxHashMap; use itertools::Itertools; use rayon::iter::Either; use rayon::prelude::*; @@ -116,8 +119,19 @@ fn main() -> anyhow::Result<()> { .get(index as usize) .ok_or(anyhow::anyhow!("Benchmark not found: {index}"))?; - let mut stdin = io::stdin().lock(); - let mut stdout = io::stdout().lock(); + let stdin_lock = io::stdin().lock(); + let stdout_lock = io::stdout().lock(); + + // `StdinLock` and `StdoutLock` are buffered, which makes the instruction counts less + // deterministic (the growth of the internal buffers varies across runs, causing + // differences of hundreds of instructions). To counter this, we do the actual io + // operations through `File`, which is unbuffered. The `stdin_lock` and `stdout_lock` + // variables are kept around to ensure exclusive access. + + // safety: the file descriptor is valid and we have exclusive access to it for the + // duration of the lock + let mut stdin = unsafe { File::from_raw_fd(stdin_lock.as_raw_fd()) }; + let mut stdout = unsafe { File::from_raw_fd(stdout_lock.as_raw_fd()) }; let handshake_buf = &mut [0u8; 262144]; let resumption_kind = black_box(bench.kind.resumption_kind()); @@ -147,6 +161,10 @@ fn main() -> anyhow::Result<()> { result .with_context(|| format!("{} crashed for {} side", bench.name(), side.as_str()))?; + + // Prevent stdin / stdout from being closed + mem::forget(stdin); + mem::forget(stdout); } Command::Compare { baseline_input, @@ -267,7 +285,7 @@ pub fn run_all(executable: String, benches: &[Benchmark]) -> anyhow::Result, HashMap<_, _>) = + let (errors, results): (Vec<_>, FxHashMap<_, _>) = results .into_iter() .partition_map(|(bench, result)| match result { From 71e118b1c3831f2a35db90411b1d80afd766188f Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 30 Aug 2023 14:37:08 +0200 Subject: [PATCH 0130/1145] Hoist pki_error from webpki::verify to webpki --- rustls/src/webpki/mod.rs | 29 +++++++++++++++++++++++++++++ rustls/src/webpki/verify.rs | 26 +------------------------- 2 files changed, 30 insertions(+), 25 deletions(-) diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 727c86f760..5194562118 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -1,3 +1,7 @@ +use alloc::sync::Arc; + +use crate::error::{Error, CertificateError, CertRevocationListError}; + mod anchors; mod client_verifier_builder; mod verify; @@ -14,3 +18,28 @@ pub use verify::{ verify_server_cert_signed_by_trust_anchor, verify_server_name, ParsedCertificate, WebPkiServerVerifier, }; + +fn pki_error(error: webpki::Error) -> Error { + use webpki::Error::*; + match error { + BadDer | BadDerTime | TrailingData(_) => CertificateError::BadEncoding.into(), + CertNotValidYet => CertificateError::NotValidYet.into(), + CertExpired | InvalidCertValidity => CertificateError::Expired.into(), + UnknownIssuer => CertificateError::UnknownIssuer.into(), + CertNotValidForName => CertificateError::NotValidForName.into(), + CertRevoked => CertificateError::Revoked.into(), + IssuerNotCrlSigner => CertRevocationListError::IssuerInvalidForCrl.into(), + + InvalidSignatureForPublicKey + | UnsupportedSignatureAlgorithm + | UnsupportedSignatureAlgorithmForPublicKey => CertificateError::BadSignature.into(), + + InvalidCrlSignatureForPublicKey + | UnsupportedCrlSignatureAlgorithm + | UnsupportedCrlSignatureAlgorithmForPublicKey => { + CertRevocationListError::BadSignature.into() + } + + _ => CertificateError::Other(Arc::new(error)).into(), + } +} diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 1fe7c43a5f..2c881f8a61 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -3,6 +3,7 @@ use std::time::SystemTime; use super::anchors::{OwnedTrustAnchor, RootCertStore}; use super::client_verifier_builder::ClientCertVerifierBuilder; +use super::pki_error; use crate::client::ServerName; use crate::enums::SignatureScheme; use crate::error::{CertRevocationListError, CertificateError, Error, PeerMisbehaved}; @@ -417,31 +418,6 @@ pub(crate) enum AnonymousClientPolicy { Deny, } -fn pki_error(error: webpki::Error) -> Error { - use webpki::Error::*; - match error { - BadDer | BadDerTime | TrailingData(_) => CertificateError::BadEncoding.into(), - CertNotValidYet => CertificateError::NotValidYet.into(), - CertExpired | InvalidCertValidity => CertificateError::Expired.into(), - UnknownIssuer => CertificateError::UnknownIssuer.into(), - CertNotValidForName => CertificateError::NotValidForName.into(), - CertRevoked => CertificateError::Revoked.into(), - IssuerNotCrlSigner => CertRevocationListError::IssuerInvalidForCrl.into(), - - InvalidSignatureForPublicKey - | UnsupportedSignatureAlgorithm - | UnsupportedSignatureAlgorithmForPublicKey => CertificateError::BadSignature.into(), - - InvalidCrlSignatureForPublicKey - | UnsupportedCrlSignatureAlgorithm - | UnsupportedCrlSignatureAlgorithmForPublicKey => { - CertRevocationListError::BadSignature.into() - } - - _ => CertificateError::Other(Arc::new(error)).into(), - } -} - impl From for CertRevocationListError { fn from(e: webpki::Error) -> Self { use webpki::Error::*; From 4d825932a85a1e8184738105b4e9bcc29efdcdfe Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Sat, 2 Sep 2023 14:32:27 +0200 Subject: [PATCH 0131/1145] examples: clean up imports and module-level comments --- examples/src/bin/limitedclient.rs | 8 ++++---- examples/src/bin/server_acceptor.rs | 3 ++- examples/src/bin/simple_0rtt_client.rs | 3 +-- examples/src/bin/simpleclient.rs | 20 ++++++++++---------- examples/src/bin/tlsclient-mio.rs | 19 ++++++------------- examples/src/bin/tlsserver-mio.rs | 22 +++++++--------------- 6 files changed, 30 insertions(+), 45 deletions(-) diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index 3ffee579cd..eb14fc3a9a 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -1,10 +1,10 @@ -/// limitedclient: This example demonstrates usage of ClientConfig building -/// so that unused cryptography in rustls can be discarded by the linker. You can -/// observe using `nm` that the binary of this program does not contain any AES code. -use std::sync::Arc; +//! limitedclient: This example demonstrates usage of ClientConfig building +//! so that unused cryptography in rustls can be discarded by the linker. You can +//! observe using `nm` that the binary of this program does not contain any AES code. use std::io::{stdout, Read, Write}; use std::net::TcpStream; +use std::sync::Arc; use rustls::crypto::ring::Ring; use rustls::OwnedTrustAnchor; diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index aa4fe19f3d..e50cd0410a 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -3,6 +3,7 @@ //! client certificates. //! //! For a more complete server demonstration, see `tlsserver-mio.rs`. + use std::fs::File; use std::io::{Read, Write}; use std::ops::Add; @@ -12,7 +13,7 @@ use std::time::Duration; use std::{fs, thread}; use docopt::Docopt; -use serde_derive::Deserialize; +use serde::Deserialize; use rustls::crypto::CryptoProvider; use rustls::server::{ diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index e25cb53b9a..5b1dd2d810 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -1,7 +1,6 @@ -use std::sync::Arc; - use std::io::{BufRead, BufReader, Write}; use std::net::TcpStream; +use std::sync::Arc; use rustls::crypto::ring::Ring; use rustls::crypto::CryptoProvider; diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index 07036c8c6d..c298654a3b 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -1,16 +1,16 @@ -/// This is the simplest possible client using rustls that does something useful: -/// it accepts the default configuration, loads some root certs, and then connects -/// to google.com and issues a basic HTTP request. The response is printed to stdout. -/// -/// It makes use of rustls::Stream to treat the underlying TLS connection as a basic -/// bi-directional stream -- the underlying IO is performed transparently. -/// -/// Note that `unwrap()` is used to deal with networking errors; this is not something -/// that is sensible outside of example code. -use std::sync::Arc; +//! This is the simplest possible client using rustls that does something useful: +//! it accepts the default configuration, loads some root certs, and then connects +//! to google.com and issues a basic HTTP request. The response is printed to stdout. +//! +//! It makes use of rustls::Stream to treat the underlying TLS connection as a basic +//! bi-directional stream -- the underlying IO is performed transparently. +//! +//! Note that `unwrap()` is used to deal with networking errors; this is not something +//! that is sensible outside of example code. use std::io::{stdout, Read, Write}; use std::net::TcpStream; +use std::sync::Arc; use rustls::crypto::ring::Ring; use rustls::{OwnedTrustAnchor, RootCertStore}; diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 8c83e074a3..0e7299f030 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -1,21 +1,14 @@ -use std::process; +use std::io::{self, BufReader, Read, Write}; +use std::net::ToSocketAddrs; use std::sync::Arc; +use std::{fs, process, str}; +use docopt::Docopt; use mio::net::TcpStream; +use serde::Deserialize; + use rustls::crypto::ring::Ring; use rustls::crypto::CryptoProvider; - -use std::fs; -use std::io; -use std::io::{BufReader, Read, Write}; -use std::net::ToSocketAddrs; -use std::str; - -#[macro_use] -extern crate serde_derive; - -use docopt::Docopt; - use rustls::{OwnedTrustAnchor, RootCertStore}; const CLIENT: mio::Token = mio::Token(0); diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 9b0d4aa140..4afc9b29f9 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -1,22 +1,14 @@ -use std::sync::Arc; - -use mio::net::{TcpListener, TcpStream}; -use rustls::crypto::ring::Ring; - -#[macro_use] -extern crate log; - use std::collections::HashMap; -use std::fs; -use std::io; -use std::io::{BufReader, Read, Write}; -use std::net; - -#[macro_use] -extern crate serde_derive; +use std::io::{self, BufReader, Read, Write}; +use std::sync::Arc; +use std::{fs, net}; use docopt::Docopt; +use log::{debug, error}; +use mio::net::{TcpListener, TcpStream}; +use serde::Deserialize; +use rustls::crypto::ring::Ring; use rustls::server::{UnparsedCertRevocationList, WebPkiClientVerifier}; use rustls::{self, RootCertStore}; From c9a397446231854c5af439081875ef53fe4339c8 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Sat, 5 Aug 2023 23:12:15 +0200 Subject: [PATCH 0132/1145] Switch to using pki-types crate --- ci-bench/Cargo.toml | 4 +- ci-bench/src/main.rs | 4 +- ci-bench/src/util.rs | 24 +-- examples/Cargo.toml | 5 +- examples/src/bin/limitedclient.rs | 9 +- examples/src/bin/server_acceptor.rs | 38 ++-- examples/src/bin/simple_0rtt_client.rs | 10 +- examples/src/bin/simpleclient.rs | 10 +- examples/src/bin/tlsclient-mio.rs | 38 ++-- examples/src/bin/tlsserver-mio.rs | 23 ++- rustls/Cargo.toml | 7 +- rustls/examples/internal/bench.rs | 52 +++--- rustls/examples/internal/bogo_shim.rs | 40 ++--- rustls/src/builder.rs | 4 +- rustls/src/client/builder.rs | 12 +- rustls/src/client/handy.rs | 7 +- rustls/src/client/tls12.rs | 8 +- rustls/src/common_state.rs | 7 +- rustls/src/key.rs | 98 ---------- rustls/src/lib.rs | 22 +-- rustls/src/msgs/base.rs | 11 +- rustls/src/msgs/handshake.rs | 13 +- rustls/src/msgs/handshake_test.rs | 7 +- rustls/src/msgs/persist.rs | 11 +- rustls/src/server/builder.rs | 11 +- rustls/src/server/common.rs | 6 +- rustls/src/server/handy.rs | 11 +- rustls/src/server/tls12.rs | 8 +- rustls/src/server/tls13.rs | 6 +- rustls/src/sign.rs | 179 +++++++++++-------- rustls/src/verify.rs | 27 +-- rustls/src/verifybench.rs | 16 +- rustls/src/webpki/anchors.rs | 145 +++++++-------- rustls/src/webpki/client_verifier_builder.rs | 43 +++-- rustls/src/webpki/mod.rs | 6 +- rustls/src/webpki/verify.rs | 95 +++++----- rustls/tests/api.rs | 3 +- rustls/tests/client_cert_verifier.rs | 15 +- rustls/tests/common/mod.rs | 66 +++---- rustls/tests/server_cert_verifier.rs | 13 +- 40 files changed, 505 insertions(+), 609 deletions(-) delete mode 100644 rustls/src/key.rs diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index e5d1c04bb9..cccd61a55c 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -12,7 +12,7 @@ byteorder = "1.4.3" clap = { version = "4.3.21", features = ["derive"] } fxhash = "0.2.1" itertools = "0.11.0" +pki-types = { package = "rustls-pki-types", version = "0.1" } rayon = "1.7.0" rustls = { path = "../rustls" } -rustls-pemfile = "1.0.3" - +rustls-pemfile = "2.0.0-alpha.0" diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 07cbeec2f5..066b7187f8 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -341,7 +341,9 @@ impl ClientSideStepper<'_> { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(fs::File::open(params.key_type.path_for("ca.cert")).unwrap()); - root_store.add_parsable_certificates(rustls_pemfile::certs(&mut rootbuf).unwrap()); + root_store.add_parsable_certificates( + rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), + ); let mut cfg = ClientConfig::builder() .with_cipher_suites(&[params.ciphersuite]) diff --git a/ci-bench/src/util.rs b/ci-bench/src/util.rs index 8fe70b2ea1..098e11aa59 100644 --- a/ci-bench/src/util.rs +++ b/ci-bench/src/util.rs @@ -1,5 +1,7 @@ use std::{fs, io}; +use pki_types::{CertificateDer, PrivateKeyDer}; + #[derive(PartialEq, Clone, Copy, Debug)] pub enum KeyType { Rsa, @@ -14,24 +16,22 @@ impl KeyType { } } - pub(crate) fn get_chain(&self) -> Vec { + pub(crate) fn get_chain(&self) -> Vec> { rustls_pemfile::certs(&mut io::BufReader::new( fs::File::open(self.path_for("end.fullchain")).unwrap(), )) - .unwrap() - .iter() - .map(|v| rustls::Certificate(v.clone())) + .map(|result| result.unwrap()) .collect() } - pub(crate) fn get_key(&self) -> rustls::PrivateKey { - rustls::PrivateKey( - rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( - fs::File::open(self.path_for("end.key")).unwrap(), - )) - .unwrap()[0] - .clone(), - ) + pub(crate) fn get_key(&self) -> PrivateKeyDer<'static> { + rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( + fs::File::open(self.path_for("end.key")).unwrap(), + )) + .next() + .unwrap() + .unwrap() + .into() } } diff --git a/examples/Cargo.toml b/examples/Cargo.toml index bea8aa8945..505b948c83 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -16,12 +16,13 @@ docopt = "~1.1" env_logger = "0.10" log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } +pki-types = { package = "rustls-pki-types", version = "0.1" } rcgen = { version = "0.11.1", features = ["pem"], default-features = false } rustls = { path = "../rustls", features = [ "logging" ]} -rustls-pemfile = "1.0.3" +rustls-pemfile = "=2.0.0-alpha.0" serde = "1.0" serde_derive = "1.0" -webpki-roots = "0.25" +webpki-roots = "=0.26.0-alpha.0" [dev-dependencies] regex = "1.0" diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index eb14fc3a9a..e42b02c89f 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -7,20 +7,13 @@ use std::net::TcpStream; use std::sync::Arc; use rustls::crypto::ring::Ring; -use rustls::OwnedTrustAnchor; fn main() { let mut root_store = rustls::RootCertStore::empty(); root_store.add_trust_anchors( webpki_roots::TLS_SERVER_ROOTS .iter() - .map(|ta| { - OwnedTrustAnchor::from_subject_spki_name_constraints( - ta.subject, - ta.spki, - ta.name_constraints, - ) - }), + .cloned(), ); let config = rustls::ClientConfig::::builder() diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index e50cd0410a..4d3103d9a6 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -13,13 +13,12 @@ use std::time::Duration; use std::{fs, thread}; use docopt::Docopt; -use serde::Deserialize; +use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, PrivatePkcs8KeyDer}; +use serde_derive::Deserialize; use rustls::crypto::CryptoProvider; -use rustls::server::{ - Acceptor, ClientHello, ServerConfig, UnparsedCertRevocationList, WebPkiClientVerifier, -}; -use rustls::{Certificate, PrivateKey, RootCertStore}; +use rustls::server::{Acceptor, ClientHello, ServerConfig, WebPkiClientVerifier}; +use rustls::RootCertStore; fn main() { let version = concat!( @@ -141,8 +140,8 @@ struct TestPki { roots: Arc, ca_cert: rcgen::Certificate, client_cert: rcgen::Certificate, - server_cert_der: Vec, - server_key_der: Vec, + server_cert_der: CertificateDer<'static>, + server_key_der: PrivateKeyDer<'static>, } impl TestPki { @@ -172,10 +171,12 @@ impl TestPki { server_ee_params.extended_key_usages = vec![rcgen::ExtendedKeyUsagePurpose::ServerAuth]; server_ee_params.alg = alg; let server_cert = rcgen::Certificate::from_params(server_ee_params).unwrap(); - let server_cert_der = server_cert - .serialize_der_with_signer(&ca_cert) - .unwrap(); - let server_key_der = server_cert.serialize_private_key_der(); + let server_cert_der = CertificateDer::from( + server_cert + .serialize_der_with_signer(&ca_cert) + .unwrap(), + ); + let server_key_der = PrivatePkcs8KeyDer::from(server_cert.serialize_private_key_der()); // Create a client end entity cert issued by the CA. let mut client_ee_params = rcgen::CertificateParams::new(Vec::new()); @@ -191,14 +192,14 @@ impl TestPki { // Create a root cert store that includes the CA certificate. let mut roots = RootCertStore::empty(); roots - .add(&Certificate(ca_cert.serialize_der().unwrap())) + .add(CertificateDer::from(ca_cert.serialize_der().unwrap())) .unwrap(); Self { roots: roots.into(), ca_cert, client_cert, server_cert_der, - server_key_der, + server_key_der: server_key_der.into(), } } @@ -222,7 +223,7 @@ impl TestPki { // Construct a fresh verifier using the test PKI roots, and the updated CRL. let verifier = WebPkiClientVerifier::builder(self.roots.clone()) - .with_crls([UnparsedCertRevocationList(crl)]) + .with_crls([CertificateRevocationListDer::from(crl)]) .build() .unwrap(); @@ -233,8 +234,13 @@ impl TestPki { .with_safe_defaults() .with_client_cert_verifier(verifier) .with_single_cert( - vec![Certificate(self.server_cert_der.clone())], - PrivateKey(self.server_key_der.clone()), + vec![self.server_cert_der.clone()], + PrivatePkcs8KeyDer::from( + self.server_key_der + .secret_der() + .to_owned(), + ) + .into(), ) .unwrap(); diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index 5b1dd2d810..9298de3992 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -4,7 +4,7 @@ use std::sync::Arc; use rustls::crypto::ring::Ring; use rustls::crypto::CryptoProvider; -use rustls::{OwnedTrustAnchor, RootCertStore}; +use rustls::RootCertStore; fn start_connection(config: &Arc>, domain_name: &str) { let server_name = domain_name @@ -62,13 +62,7 @@ fn main() { root_store.add_trust_anchors( webpki_roots::TLS_SERVER_ROOTS .iter() - .map(|ta| { - OwnedTrustAnchor::from_subject_spki_name_constraints( - ta.subject, - ta.spki, - ta.name_constraints, - ) - }), + .cloned(), ); let mut config = rustls::ClientConfig::::builder() diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index c298654a3b..40316e3c36 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -13,20 +13,14 @@ use std::net::TcpStream; use std::sync::Arc; use rustls::crypto::ring::Ring; -use rustls::{OwnedTrustAnchor, RootCertStore}; +use rustls::RootCertStore; fn main() { let mut root_store = RootCertStore::empty(); root_store.add_trust_anchors( webpki_roots::TLS_SERVER_ROOTS .iter() - .map(|ta| { - OwnedTrustAnchor::from_subject_spki_name_constraints( - ta.subject, - ta.spki, - ta.name_constraints, - ) - }), + .cloned(), ); let mut config = rustls::ClientConfig::::builder() .with_safe_defaults() diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 0e7299f030..9bee41b32f 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -5,11 +5,12 @@ use std::{fs, process, str}; use docopt::Docopt; use mio::net::TcpStream; +use pki_types::{CertificateDer, PrivateKeyDer}; use serde::Deserialize; use rustls::crypto::ring::Ring; use rustls::crypto::CryptoProvider; -use rustls::{OwnedTrustAnchor, RootCertStore}; +use rustls::RootCertStore; const CLIENT: mio::Token = mio::Token(0); @@ -282,25 +283,23 @@ fn lookup_versions(versions: &[String]) -> Vec<&'static rustls::SupportedProtoco out } -fn load_certs(filename: &str) -> Vec { +fn load_certs(filename: &str) -> Vec> { let certfile = fs::File::open(filename).expect("cannot open certificate file"); let mut reader = BufReader::new(certfile); rustls_pemfile::certs(&mut reader) - .unwrap() - .iter() - .map(|v| rustls::Certificate(v.clone())) + .map(|result| result.unwrap()) .collect() } -fn load_private_key(filename: &str) -> rustls::PrivateKey { +fn load_private_key(filename: &str) -> PrivateKeyDer<'static> { let keyfile = fs::File::open(filename).expect("cannot open private key file"); let mut reader = BufReader::new(keyfile); loop { match rustls_pemfile::read_one(&mut reader).expect("cannot parse private key .pem file") { - Some(rustls_pemfile::Item::RSAKey(key)) => return rustls::PrivateKey(key), - Some(rustls_pemfile::Item::PKCS8Key(key)) => return rustls::PrivateKey(key), - Some(rustls_pemfile::Item::ECKey(key)) => return rustls::PrivateKey(key), + Some(rustls_pemfile::Item::Pkcs1Key(key)) => return key.into(), + Some(rustls_pemfile::Item::Pkcs8Key(key)) => return key.into(), + Some(rustls_pemfile::Item::Sec1Key(key)) => return key.into(), None => break, _ => {} } @@ -314,6 +313,7 @@ fn load_private_key(filename: &str) -> rustls::PrivateKey { #[cfg(feature = "dangerous_configuration")] mod danger { + use pki_types::CertificateDer; use rustls::client::{HandshakeSignatureValid, WebPkiServerVerifier}; use rustls::DigitallySignedStruct; @@ -322,8 +322,8 @@ mod danger { impl rustls::client::ServerCertVerifier for NoCertificateVerification { fn verify_server_cert( &self, - _end_entity: &rustls::Certificate, - _intermediates: &[rustls::Certificate], + _end_entity: &CertificateDer<'_>, + _intermediates: &[CertificateDer<'_>], _server_name: &rustls::ServerName, _ocsp: &[u8], _now: std::time::SystemTime, @@ -334,7 +334,7 @@ mod danger { fn verify_tls12_signature( &self, message: &[u8], - cert: &rustls::Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) @@ -343,7 +343,7 @@ mod danger { fn verify_tls13_signature( &self, message: &[u8], - cert: &rustls::Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) @@ -379,18 +379,14 @@ fn make_config(args: &Args) -> Arc> { let certfile = fs::File::open(cafile).expect("Cannot open CA file"); let mut reader = BufReader::new(certfile); - root_store.add_parsable_certificates(rustls_pemfile::certs(&mut reader).unwrap()); + root_store.add_parsable_certificates( + rustls_pemfile::certs(&mut reader).map(|result| result.unwrap()), + ); } else { root_store.add_trust_anchors( webpki_roots::TLS_SERVER_ROOTS .iter() - .map(|ta| { - OwnedTrustAnchor::from_subject_spki_name_constraints( - ta.subject, - ta.spki, - ta.name_constraints, - ) - }), + .cloned(), ); } diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 4afc9b29f9..66b60c0212 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -6,10 +6,11 @@ use std::{fs, net}; use docopt::Docopt; use log::{debug, error}; use mio::net::{TcpListener, TcpStream}; +use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use serde::Deserialize; use rustls::crypto::ring::Ring; -use rustls::server::{UnparsedCertRevocationList, WebPkiClientVerifier}; +use rustls::server::WebPkiClientVerifier; use rustls::{self, RootCertStore}; // Token for our listening socket. @@ -501,25 +502,23 @@ fn lookup_versions(versions: &[String]) -> Vec<&'static rustls::SupportedProtoco out } -fn load_certs(filename: &str) -> Vec { +fn load_certs(filename: &str) -> Vec> { let certfile = fs::File::open(filename).expect("cannot open certificate file"); let mut reader = BufReader::new(certfile); rustls_pemfile::certs(&mut reader) - .unwrap() - .iter() - .map(|v| rustls::Certificate(v.clone())) + .map(|result| result.unwrap()) .collect() } -fn load_private_key(filename: &str) -> rustls::PrivateKey { +fn load_private_key(filename: &str) -> PrivateKeyDer<'static> { let keyfile = fs::File::open(filename).expect("cannot open private key file"); let mut reader = BufReader::new(keyfile); loop { match rustls_pemfile::read_one(&mut reader).expect("cannot parse private key .pem file") { - Some(rustls_pemfile::Item::RSAKey(key)) => return rustls::PrivateKey(key), - Some(rustls_pemfile::Item::PKCS8Key(key)) => return rustls::PrivateKey(key), - Some(rustls_pemfile::Item::ECKey(key)) => return rustls::PrivateKey(key), + Some(rustls_pemfile::Item::Pkcs1Key(key)) => return key.into(), + Some(rustls_pemfile::Item::Pkcs8Key(key)) => return key.into(), + Some(rustls_pemfile::Item::Sec1Key(key)) => return key.into(), None => break, _ => {} } @@ -544,7 +543,7 @@ fn load_ocsp(filename: &Option) -> Vec { ret } -fn load_crls(filenames: &[String]) -> Vec { +fn load_crls(filenames: &[String]) -> Vec> { filenames .iter() .map(|filename| { @@ -553,7 +552,7 @@ fn load_crls(filenames: &[String]) -> Vec { .expect("cannot open CRL file") .read_to_end(&mut der) .unwrap(); - UnparsedCertRevocationList(der) + CertificateRevocationListDer::from(der) }) .collect() } @@ -563,7 +562,7 @@ fn make_config(args: &Args) -> Arc> { let roots = load_certs(args.flag_auth.as_ref().unwrap()); let mut client_auth_roots = RootCertStore::empty(); for root in roots { - client_auth_roots.add(&root).unwrap(); + client_auth_roots.add(root).unwrap(); } let crls = load_crls(&args.flag_crl); if args.flag_require_auth { diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 209b68e4ca..0953e24fcf 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -19,7 +19,8 @@ rustversion = { version = "1.0.6", optional = true } log = { version = "0.4.4", optional = true } ring = "0.16.20" subtle = "2.5.0" -webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.0", features = ["alloc", "std", "ring"] } +webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.1", features = ["alloc", "std", "ring"] } +pki-types = { package = "rustls-pki-types", version = "0.1.1" } [features] default = ["logging", "tls12"] @@ -34,8 +35,8 @@ read_buf = ["rustversion"] bencher = "0.1.5" env_logger = "0.10" log = "0.4.4" -webpki-roots = "0.25.0" -rustls-pemfile = "1.0.3" +webpki-roots = "=0.26.0-alpha.0" +rustls-pemfile = "=2.0.0-alpha.0" base64 = "0.21" [[example]] diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index 1ccc46d88a..fc34dfda12 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -11,6 +11,8 @@ use std::ops::DerefMut; use std::sync::Arc; use std::time::{Duration, Instant}; +use pki_types::{CertificateDer, PrivateKeyDer}; + use rustls::client::Resumption; use rustls::crypto::ring::Ring; use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; @@ -249,44 +251,40 @@ impl KeyType { } } - fn get_chain(&self) -> Vec { + fn get_chain(&self) -> Vec> { rustls_pemfile::certs(&mut io::BufReader::new( fs::File::open(self.path_for("end.fullchain")).unwrap(), )) - .unwrap() - .iter() - .map(|v| rustls::Certificate(v.clone())) + .map(|result| result.unwrap()) .collect() } - fn get_key(&self) -> rustls::PrivateKey { - rustls::PrivateKey( - rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( - fs::File::open(self.path_for("end.key")).unwrap(), - )) - .unwrap()[0] - .clone(), - ) + fn get_key(&self) -> PrivateKeyDer<'static> { + rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( + fs::File::open(self.path_for("end.key")).unwrap(), + )) + .next() + .unwrap() + .unwrap() + .into() } - fn get_client_chain(&self) -> Vec { + fn get_client_chain(&self) -> Vec> { rustls_pemfile::certs(&mut io::BufReader::new( fs::File::open(self.path_for("client.fullchain")).unwrap(), )) - .unwrap() - .iter() - .map(|v| rustls::Certificate(v.clone())) + .map(|result| result.unwrap()) .collect() } - fn get_client_key(&self) -> rustls::PrivateKey { - rustls::PrivateKey( - rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( - fs::File::open(self.path_for("client.key")).unwrap(), - )) - .unwrap()[0] - .clone(), - ) + fn get_client_key(&self) -> PrivateKeyDer<'static> { + rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( + fs::File::open(self.path_for("client.key")).unwrap(), + )) + .next() + .unwrap() + .unwrap() + .into() } } @@ -301,7 +299,7 @@ fn make_server_config( let roots = params.key_type.get_chain(); let mut client_auth_roots = RootCertStore::empty(); for root in roots { - client_auth_roots.add(&root).unwrap(); + client_auth_roots.add(root).unwrap(); } WebPkiClientVerifier::builder(client_auth_roots.into()) .build() @@ -339,7 +337,9 @@ fn make_client_config( let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(fs::File::open(params.key_type.path_for("ca.cert")).unwrap()); - root_store.add_parsable_certificates(rustls_pemfile::certs(&mut rootbuf).unwrap()); + root_store.add_parsable_certificates( + rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), + ); let cfg = ClientConfig::builder() .with_cipher_suites(&[params.ciphersuite]) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 361707abda..89511a0c8e 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -13,14 +13,14 @@ use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist; use rustls::server::{ClientHello, ServerConfig, ServerConnection}; use rustls::{ - self, client, kx_group, server, sign, version, AlertDescription, Certificate, CertificateError, - Connection, DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, - PeerIncompatible, PeerMisbehaved, PrivateKey, ProtocolVersion, ServerName, Side, - SignatureAlgorithm, SignatureScheme, SupportedKxGroup, SupportedProtocolVersion, Ticketer, - ALL_KX_GROUPS, + self, client, kx_group, server, sign, version, AlertDescription, CertificateError, Connection, + DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, PeerIncompatible, + PeerMisbehaved, ProtocolVersion, ServerName, Side, SignatureAlgorithm, SignatureScheme, + SupportedKxGroup, SupportedProtocolVersion, Ticketer, ALL_KX_GROUPS, }; use base64::prelude::{Engine, BASE64_STANDARD}; +use pki_types::{CertificateDer, PrivateKeyDer}; use std::io::{self, BufReader, Read, Write}; use std::sync::Arc; @@ -156,22 +156,22 @@ impl Options { } } -fn load_cert(filename: &str) -> Vec { +fn load_cert(filename: &str) -> Vec> { let certfile = fs::File::open(filename).expect("cannot open certificate file"); let mut reader = BufReader::new(certfile); rustls_pemfile::certs(&mut reader) - .unwrap() - .iter() - .map(|v| Certificate(v.clone())) + .map(|result| result.unwrap()) .collect() } -fn load_key(filename: &str) -> PrivateKey { +fn load_key(filename: &str) -> PrivateKeyDer<'static> { let keyfile = fs::File::open(filename).expect("cannot open private key file"); let mut reader = BufReader::new(keyfile); - let keys = rustls_pemfile::pkcs8_private_keys(&mut reader).unwrap(); + let mut keys = rustls_pemfile::pkcs8_private_keys(&mut reader) + .map(|result| result.unwrap()) + .collect::>(); assert!(keys.len() == 1); - PrivateKey(keys[0].clone()) + keys.pop().unwrap().into() } fn split_protocols(protos: &str) -> Vec { @@ -207,8 +207,8 @@ impl server::ClientCertVerifier for DummyClientAuth { fn verify_client_cert( &self, - _end_entity: &Certificate, - _intermediates: &[Certificate], + _end_entity: &CertificateDer<'_>, + _intermediates: &[CertificateDer<'_>], _now: SystemTime, ) -> Result { Ok(server::ClientCertVerified::assertion()) @@ -217,7 +217,7 @@ impl server::ClientCertVerifier for DummyClientAuth { fn verify_tls12_signature( &self, message: &[u8], - cert: &rustls::Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) @@ -226,7 +226,7 @@ impl server::ClientCertVerifier for DummyClientAuth { fn verify_tls13_signature( &self, message: &[u8], - cert: &rustls::Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) @@ -242,8 +242,8 @@ struct DummyServerAuth {} impl client::ServerCertVerifier for DummyServerAuth { fn verify_server_cert( &self, - _end_entity: &Certificate, - _certs: &[Certificate], + _end_entity: &CertificateDer<'_>, + _certs: &[CertificateDer<'_>], _hostname: &ServerName, _ocsp: &[u8], _now: SystemTime, @@ -254,7 +254,7 @@ impl client::ServerCertVerifier for DummyServerAuth { fn verify_tls12_signature( &self, message: &[u8], - cert: &rustls::Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) @@ -263,7 +263,7 @@ impl client::ServerCertVerifier for DummyServerAuth { fn verify_tls13_signature( &self, message: &[u8], - cert: &rustls::Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index fe167fb81f..0b89927847 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -105,7 +105,9 @@ use core::marker::PhantomData; /// # use rustls::ServerConfig; /// # use rustls::crypto::ring::Ring; /// # let certs = vec![]; -/// # let private_key = rustls::PrivateKey(vec![]); +/// # let private_key = pki_types::PrivateKeyDer::from( +/// # pki_types::PrivatePkcs8KeyDer::from(vec![]) +/// # ); /// ServerConfig::::builder() /// .with_safe_defaults() /// .with_no_client_auth() diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index e479ec1b19..924587c2f5 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -5,10 +5,12 @@ use crate::crypto::{CryptoProvider, KeyExchange}; use crate::error::Error; use crate::key_log::NoKeyLog; use crate::suites::SupportedCipherSuite; -use crate::{key, verify, versions, webpki}; +use crate::{verify, versions, webpki}; use super::client_conn::Resumption; +use pki_types::{CertificateDer, PrivateKeyDer}; + use alloc::sync::Arc; use core::marker::PhantomData; @@ -69,8 +71,8 @@ impl ConfigBuilder, WantsClientCert> { /// This function fails if `key_der` is invalid. pub fn with_client_auth_cert( self, - cert_chain: Vec, - key_der: key::PrivateKey, + cert_chain: Vec>, + key_der: PrivateKeyDer<'static>, ) -> Result, Error> { let resolver = handy::AlwaysResolvesClientCert::new(cert_chain, &key_der)?; Ok(self.with_client_cert_resolver(Arc::new(resolver))) @@ -86,8 +88,8 @@ impl ConfigBuilder, WantsClientCert> { #[deprecated(since = "0.21.4", note = "Use `with_client_auth_cert` instead")] pub fn with_single_cert( self, - cert_chain: Vec, - key_der: key::PrivateKey, + cert_chain: Vec>, + key_der: PrivateKeyDer<'static>, ) -> Result, Error> { self.with_client_auth_cert(cert_chain, key_der) } diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 46ad8a262c..131deeb040 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -1,13 +1,14 @@ use crate::client; use crate::enums::SignatureScheme; use crate::error::Error; -use crate::key; use crate::limited_cache; use crate::msgs::persist; use crate::sign; use crate::NamedGroup; use crate::ServerName; +use pki_types::{CertificateDer, PrivateKeyDer}; + use alloc::collections::VecDeque; use alloc::sync::Arc; use std::sync::Mutex; @@ -178,8 +179,8 @@ pub(super) struct AlwaysResolvesClientCert(Arc); impl AlwaysResolvesClientCert { pub(super) fn new( - chain: Vec, - priv_key: &key::PrivateKey, + chain: Vec>, + priv_key: &PrivateKeyDer<'_>, ) -> Result { let key = sign::any_supported_type(priv_key) .map_err(|_| Error::General("invalid private key".into()))?; diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index a364419d71..e34847d696 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -104,7 +104,7 @@ mod server_hello { } // See if we're successfully resuming. - if let Some(ref resuming) = self.resuming_session { + if let Some(resuming) = self.resuming_session { if resuming.session_id == server_hello.session_id { debug!("Server agreed to resume"); @@ -138,7 +138,7 @@ mod server_hello { Ok(Box::new(ExpectNewTicket { config: self.config, secrets, - resuming_session: self.resuming_session, + resuming_session: Some(resuming), session_id: server_hello.session_id, server_name: self.server_name, using_ems: self.using_ems, @@ -151,7 +151,7 @@ mod server_hello { Ok(Box::new(ExpectCcs { config: self.config, secrets, - resuming_session: self.resuming_session, + resuming_session: Some(resuming), session_id: server_hello.session_id, server_name: self.server_name, using_ems: self.using_ems, @@ -167,7 +167,7 @@ mod server_hello { Ok(Box::new(ExpectCertificate { config: self.config, - resuming_session: self.resuming_session, + resuming_session: None, session_id: server_hello.session_id, server_name: self.server_name, randoms: self.randoms, diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 27ba9b68af..0aff51745b 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -1,6 +1,5 @@ use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; -use crate::key; #[cfg(feature = "logging")] use crate::log::{debug, warn}; use crate::msgs::alert::AlertMessagePayload; @@ -20,6 +19,8 @@ use crate::suites::SupportedCipherSuite; use crate::tls12::ConnectionSecrets; use crate::vecbuf::ChunkVecBuffer; +use pki_types::CertificateDer; + /// Connection state common to both client and server connections. pub struct CommonState { pub(crate) negotiated_version: Option, @@ -36,7 +37,7 @@ pub struct CommonState { pub(crate) has_received_close_notify: bool, pub(crate) has_seen_eof: bool, pub(crate) received_middlebox_ccs: u8, - pub(crate) peer_certificates: Option>, + pub(crate) peer_certificates: Option>>, message_fragmenter: MessageFragmenter, pub(crate) received_plaintext: ChunkVecBuffer, sendable_plaintext: ChunkVecBuffer, @@ -116,7 +117,7 @@ impl CommonState { /// if client authentication was completed. /// /// The return value is None until this value is available. - pub fn peer_certificates(&self) -> Option<&[key::Certificate]> { + pub fn peer_certificates(&self) -> Option<&[CertificateDer<'_>]> { self.peer_certificates.as_deref() } diff --git a/rustls/src/key.rs b/rustls/src/key.rs deleted file mode 100644 index 2ae910e765..0000000000 --- a/rustls/src/key.rs +++ /dev/null @@ -1,98 +0,0 @@ -use core::fmt; - -/// This type contains a private key by value. -/// -/// The private key must be DER-encoded ASN.1 in either -/// PKCS#8, PKCS#1, or Sec1 format. -/// -/// A common format for storing private keys is -/// [PEM](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). -/// PEM private keys are commonly stored in files with a `.pem` or `.key` suffix, and look like this: -/// -/// ```txt -/// -----BEGIN PRIVATE KEY----- -/// -/// -----END PRIVATE KEY----- -/// ``` -/// -/// The [`rustls-pemfile`](https://docs.rs/rustls-pemfile/latest/rustls_pemfile/) crate can be used -/// to parse PEM files. The [`rcgen`](https://docs.rs/rcgen/latest/rcgen/) can be used to generate -/// certificates and private keys. -/// -/// ## Examples -/// -/// Creating a `PrivateKey` from a PEM file containing a PKCS8-encoded private key using the `rustls_pemfile` crate: -/// -/// ```rust -/// use std::fs::File; -/// use std::io::BufReader; -/// use rustls::PrivateKey; -/// -/// fn load_private_key_from_file(path: &str) -> Result> { -/// let file = File::open(&path)?; -/// let mut reader = BufReader::new(file); -/// let mut keys = rustls_pemfile::pkcs8_private_keys(&mut reader)?; -/// -/// match keys.len() { -/// 0 => Err(format!("No PKCS8-encoded private key found in {path}").into()), -/// 1 => Ok(PrivateKey(keys.remove(0))), -/// _ => Err(format!("More than one PKCS8-encoded private key found in {path}").into()), -/// } -/// } -/// ``` -#[derive(Debug, Clone, Eq, PartialEq)] -pub struct PrivateKey(pub Vec); - -/// This type contains a single certificate by value. -/// -/// The certificate must be in DER-encoded X.509 format. -/// -/// A common format for storing certificates is -/// [PEM](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). -/// PEM certificates are commonly stored in files with a `.pem`, `.cer` or `.crt` suffix, and look -/// like this: -/// -/// ```txt -/// -----BEGIN CERTIFICATE----- -/// -/// -----END CERTIFICATE----- -/// ``` -/// -/// The [`rustls-pemfile`](https://docs.rs/rustls-pemfile/latest/rustls_pemfile/) crate can be used -/// to parse PEM files. The [`rcgen`](https://docs.rs/rcgen/latest/rcgen/) crate can be used to -/// generate certificates and private keys. -/// -/// ## Examples -/// -/// Parsing a PEM file to extract DER-encoded certificates: -/// -/// ```rust -/// use std::fs::File; -/// use std::io::BufReader; -/// use rustls::Certificate; -/// -/// fn load_certificates_from_pem(path: &str) -> std::io::Result> { -/// let file = File::open(path)?; -/// let mut reader = BufReader::new(file); -/// let certs = rustls_pemfile::certs(&mut reader)?; -/// -/// Ok(certs.into_iter().map(Certificate).collect()) -/// } -/// ``` -#[derive(Clone, Eq, Hash, Ord, PartialEq, PartialOrd)] -pub struct Certificate(pub Vec); - -impl AsRef<[u8]> for Certificate { - fn as_ref(&self) -> &[u8] { - &self.0 - } -} - -impl fmt::Debug for Certificate { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - use super::bs_debug::BsDebug; - f.debug_tuple("Certificate") - .field(&BsDebug(&self.0)) - .finish() - } -} diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index e473ff0c05..b28a6c3055 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -107,13 +107,7 @@ //! root_store.add_trust_anchors( //! webpki_roots::TLS_SERVER_ROOTS //! .iter() -//! .map(|ta| { -//! rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( -//! ta.subject, -//! ta.spki, -//! ta.name_constraints, -//! ) -//! }) +//! .cloned() //! ); //! ``` //! @@ -139,13 +133,7 @@ //! # root_store.add_trust_anchors( //! # webpki_roots::TLS_SERVER_ROOTS //! # .iter() -//! # .map(|ta| { -//! # rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( -//! # ta.subject, -//! # ta.spki, -//! # ta.name_constraints, -//! # ) -//! # }) +//! # .cloned() //! # ); //! # let config = rustls::ClientConfig::::builder() //! # .with_safe_defaults() @@ -350,7 +338,6 @@ mod check; mod bs_debug; mod builder; mod enums; -mod key; mod key_log; mod key_log_file; mod suites; @@ -392,7 +379,6 @@ pub use crate::error::{ CertRevocationListError, CertificateError, Error, InvalidMessage, PeerIncompatible, PeerMisbehaved, }; -pub use crate::key::{Certificate, PrivateKey}; pub use crate::key_log::{KeyLog, NoKeyLog}; pub use crate::key_log_file::KeyLogFile; pub use crate::msgs::enums::NamedGroup; @@ -407,7 +393,7 @@ pub use crate::tls12::Tls12CipherSuite; pub use crate::tls13::Tls13CipherSuite; pub use crate::verify::DigitallySignedStruct; pub use crate::versions::{SupportedProtocolVersion, ALL_VERSIONS, DEFAULT_VERSIONS}; -pub use crate::webpki::{OwnedTrustAnchor, RootCertStore}; +pub use crate::webpki::{RootCertStore, TrustAnchorWithDn}; /// Items for use in a client. pub mod client { @@ -454,8 +440,8 @@ pub mod server { mod tls12; mod tls13; + pub use crate::webpki::WebPkiClientVerifier; pub use crate::webpki::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; - pub use crate::webpki::{UnparsedCertRevocationList, WebPkiClientVerifier}; pub use builder::WantsServerCert; pub use handy::ResolvesServerCertUsingSni; pub use handy::{NoServerSessionStorage, ServerSessionMemoryCache}; diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index ceb3f5a30c..47be52ff2e 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -1,10 +1,11 @@ use core::fmt; use crate::error::InvalidMessage; -use crate::key; use crate::msgs::codec; use crate::msgs::codec::{Codec, Reader}; +use pki_types::CertificateDer; + /// An externally length'd payload #[derive(Clone, Eq, PartialEq)] pub struct Payload(pub Vec); @@ -33,17 +34,17 @@ impl Payload { } } -impl Codec for key::Certificate { +impl<'a> Codec for CertificateDer<'a> { fn encode(&self, bytes: &mut Vec) { - codec::u24(self.0.len() as u32).encode(bytes); - bytes.extend_from_slice(&self.0); + codec::u24(self.as_ref().len() as u32).encode(bytes); + bytes.extend(self.as_ref()); } fn read(r: &mut Reader) -> Result { let len = codec::u24::read(r)?.0 as usize; let mut sub = r.sub(len)?; let body = sub.rest().to_vec(); - Ok(Self(body)) + Ok(Self::from(body)) } } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 824dbf5479..849ed1226b 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -3,7 +3,6 @@ use crate::crypto::CryptoProvider; use crate::dns_name::{DnsName, DnsNameRef}; use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; use crate::error::InvalidMessage; -use crate::key; #[cfg(feature = "logging")] use crate::log::warn; use crate::msgs::base::{Payload, PayloadU16, PayloadU24, PayloadU8}; @@ -15,6 +14,8 @@ use crate::msgs::enums::{ use crate::rand; use crate::verify::DigitallySignedStruct; +use pki_types::CertificateDer; + use core::fmt; use std::collections; @@ -1252,9 +1253,9 @@ impl ServerHelloPayload { } } -pub type CertificatePayload = Vec; +pub type CertificatePayload = Vec>; -impl TlsListElement for key::Certificate { +impl TlsListElement for CertificateDer<'_> { const SIZE_LEN: ListLength = ListLength::U24 { max: 0x1_0000 }; } @@ -1322,7 +1323,7 @@ impl TlsListElement for CertificateExtension { #[derive(Debug)] pub struct CertificateEntry { - pub cert: key::Certificate, + pub cert: CertificateDer<'static>, pub exts: Vec, } @@ -1334,14 +1335,14 @@ impl Codec for CertificateEntry { fn read(r: &mut Reader) -> Result { Ok(Self { - cert: key::Certificate::read(r)?, + cert: CertificateDer::read(r)?, exts: Vec::read(r)?, }) } } impl CertificateEntry { - pub fn new(cert: key::Certificate) -> Self { + pub fn new(cert: CertificateDer<'static>) -> Self { Self { cert, exts: Vec::new(), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 6402592880..9a98b0eb15 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -1,6 +1,5 @@ use crate::dns_name::DnsNameRef; use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; -use crate::key::Certificate; use crate::msgs::base::{Payload, PayloadU16, PayloadU24, PayloadU8}; use crate::msgs::codec::{put_u16, Codec, Reader}; use crate::msgs::enums::{ @@ -20,6 +19,8 @@ use crate::msgs::handshake::{ }; use crate::verify::DigitallySignedStruct; +use pki_types::CertificateDer; + #[test] fn rejects_short_random() { let bytes = [0x01; 31]; @@ -794,7 +795,7 @@ fn get_sample_certificatepayloadtls13() -> CertificatePayloadTLS13 { CertificatePayloadTLS13 { context: PayloadU8(vec![1, 2, 3]), entries: vec![CertificateEntry { - cert: Certificate(vec![3, 4, 5]), + cert: CertificateDer::from(vec![3, 4, 5]), exts: vec![ CertificateExtension::CertificateStatus(CertificateStatus { ocsp_response: PayloadU24(vec![1, 2, 3]), @@ -897,7 +898,7 @@ fn get_all_tls12_handshake_payloads() -> Vec { }, HandshakeMessagePayload { typ: HandshakeType::Certificate, - payload: HandshakePayload::Certificate(vec![Certificate(vec![1, 2, 3])]), + payload: HandshakePayload::Certificate(vec![CertificateDer::from(vec![1, 2, 3])]), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index 35e130a8f4..825dfcc236 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -1,7 +1,6 @@ use crate::dns_name::DnsName; use crate::enums::{CipherSuite, ProtocolVersion}; use crate::error::InvalidMessage; -use crate::key; use crate::msgs::base::{PayloadU16, PayloadU8}; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::CertificatePayload; @@ -11,6 +10,8 @@ use crate::ticketer::TimeBase; use crate::tls12::Tls12CipherSuite; use crate::tls13::Tls13CipherSuite; +use pki_types::CertificateDer; + use core::cmp; #[cfg(feature = "tls12")] use core::mem; @@ -81,7 +82,7 @@ impl Tls13ClientSessionValue { suite: &'static Tls13CipherSuite, ticket: Vec, secret: Vec, - server_cert_chain: Vec, + server_cert_chain: Vec>, time_now: TimeBase, lifetime_secs: u32, age_add: u32, @@ -156,7 +157,7 @@ impl Tls12ClientSessionValue { session_id: SessionId, ticket: Vec, master_secret: Vec, - server_cert_chain: Vec, + server_cert_chain: Vec>, time_now: TimeBase, lifetime_secs: u32, extended_ms: bool, @@ -218,7 +219,7 @@ impl ClientSessionCommon { secret: Vec, time_now: TimeBase, lifetime_secs: u32, - server_cert_chain: Vec, + server_cert_chain: Vec>, ) -> Self { Self { ticket: PayloadU16(ticket), @@ -229,7 +230,7 @@ impl ClientSessionCommon { } } - pub(crate) fn server_cert_chain(&self) -> &[key::Certificate] { + pub(crate) fn server_cert_chain(&self) -> &[CertificateDer<'static>] { self.server_cert_chain.as_ref() } diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index e40a16dbb3..9641f81ff4 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -1,7 +1,6 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::crypto::{CryptoProvider, KeyExchange}; use crate::error::Error; -use crate::key; use crate::server::handy; use crate::server::{ResolvesServerCert, ServerConfig}; use crate::suites::SupportedCipherSuite; @@ -10,6 +9,8 @@ use crate::versions; use crate::webpki::WebPkiClientVerifier; use crate::NoKeyLog; +use pki_types::{CertificateDer, PrivateKeyDer}; + use alloc::sync::Arc; use core::marker::PhantomData; @@ -64,8 +65,8 @@ impl ConfigBuilder, WantsServerCert> { /// This function fails if `key_der` is invalid. pub fn with_single_cert( self, - cert_chain: Vec, - key_der: key::PrivateKey, + cert_chain: Vec>, + key_der: PrivateKeyDer<'static>, ) -> Result, Error> { let resolver = handy::AlwaysResolvesChain::new(cert_chain, &key_der)?; Ok(self.with_cert_resolver(Arc::new(resolver))) @@ -82,8 +83,8 @@ impl ConfigBuilder, WantsServerCert> { /// This function fails if `key_der` is invalid. pub fn with_single_cert_with_ocsp( self, - cert_chain: Vec, - key_der: key::PrivateKey, + cert_chain: Vec>, + key_der: PrivateKeyDer<'static>, ocsp: Vec, ) -> Result, Error> { let resolver = handy::AlwaysResolvesChain::new_with_extras(cert_chain, &key_der, ocsp)?; diff --git a/rustls/src/server/common.rs b/rustls/src/server/common.rs index 65ffee4af3..d4c0d30afb 100644 --- a/rustls/src/server/common.rs +++ b/rustls/src/server/common.rs @@ -1,4 +1,6 @@ -use crate::{key, sign}; +use crate::sign; + +use pki_types::CertificateDer; /// ActiveCertifiedKey wraps CertifiedKey and tracks OSCP and SCT state /// in a single handshake. @@ -17,7 +19,7 @@ impl<'a> ActiveCertifiedKey<'a> { /// Get the certificate chain #[inline] - pub(super) fn get_cert(&self) -> &[key::Certificate] { + pub(super) fn get_cert(&self) -> &[CertificateDer<'static>] { &self.key.cert } diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 2a63d202eb..f0b91e2937 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -1,6 +1,5 @@ use crate::dns_name::DnsNameRef; use crate::error::Error; -use crate::key; use crate::limited_cache; use crate::server; use crate::server::ClientHello; @@ -8,6 +7,8 @@ use crate::sign; use crate::webpki::{verify_server_name, ParsedCertificate}; use crate::ServerName; +use pki_types::{CertificateDer, PrivateKeyDer}; + use alloc::sync::Arc; use std::collections; use std::sync::Mutex; @@ -99,8 +100,8 @@ impl AlwaysResolvesChain { /// Creates an `AlwaysResolvesChain`, auto-detecting the underlying private /// key type and encoding. pub(super) fn new( - chain: Vec, - priv_key: &key::PrivateKey, + chain: Vec>, + priv_key: &PrivateKeyDer<'_>, ) -> Result { let key = sign::any_supported_type(priv_key) .map_err(|_| Error::General("invalid private key".into()))?; @@ -112,8 +113,8 @@ impl AlwaysResolvesChain { /// /// If non-empty, the given OCSP response and SCTs are attached. pub(super) fn new_with_extras( - chain: Vec, - priv_key: &key::PrivateKey, + chain: Vec>, + priv_key: &PrivateKeyDer<'_>, ocsp: Vec, ) -> Result { let mut r = Self::new(chain, priv_key)?; diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 9152527b19..d7c034904e 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -6,7 +6,6 @@ use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHash; -use crate::key::Certificate; #[cfg(feature = "logging")] use crate::log::{debug, trace}; use crate::msgs::base::Payload; @@ -26,6 +25,7 @@ use super::common::ActiveCertifiedKey; use super::hs::{self, ServerContext}; use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData}; +use pki_types::CertificateDer; use subtle::ConstantTimeEq; use alloc::sync::Arc; @@ -375,7 +375,7 @@ mod client_hello { fn emit_certificate( transcript: &mut HandshakeHash, common: &mut CommonState, - cert_chain: &[Certificate], + cert_chain: &[CertificateDer<'static>], ) { let c = Message { version: ProtocolVersion::TLSv1_2, @@ -586,7 +586,7 @@ struct ExpectClientKx { suite: &'static Tls12CipherSuite, using_ems: bool, server_kx: C::KeyExchange, - client_cert: Option>, + client_cert: Option>>, send_ticket: bool, } @@ -653,7 +653,7 @@ struct ExpectCertificateVerify { transcript: HandshakeHash, session_id: SessionId, using_ems: bool, - client_cert: Vec, + client_cert: Vec>, send_ticket: bool, } diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 07548ea9f3..300e0bc340 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -12,7 +12,6 @@ use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHash; -use crate::key::Certificate; #[cfg(feature = "logging")] use crate::log::{debug, trace, warn}; use crate::msgs::codec::Codec; @@ -38,6 +37,7 @@ use super::server_conn::ServerConnectionData; use alloc::sync::Arc; +use pki_types::CertificateDer; use subtle::ConstantTimeEq; pub(super) use client_hello::CompleteClientHelloHandling; @@ -745,7 +745,7 @@ mod client_hello { fn emit_certificate_tls13( transcript: &mut HandshakeHash, common: &mut CommonState, - cert_chain: &[Certificate], + cert_chain: &[CertificateDer<'static>], ocsp_response: Option<&[u8]>, ) { let mut cert_entries = vec![]; @@ -953,7 +953,7 @@ struct ExpectCertificateVerify { transcript: HandshakeHash, suite: &'static Tls13CipherSuite, key_schedule: KeyScheduleTrafficWithClientFinishedPending, - client_cert: Vec, + client_cert: Vec>, send_tickets: usize, } diff --git a/rustls/src/sign.rs b/rustls/src/sign.rs index 919aa3c10b..2059591edb 100644 --- a/rustls/src/sign.rs +++ b/rustls/src/sign.rs @@ -1,8 +1,8 @@ use crate::enums::{SignatureAlgorithm, SignatureScheme}; use crate::error::Error; -use crate::key; use crate::x509::{wrap_in_asn1_len, wrap_in_sequence}; +use pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer}; use ring::io::der; use ring::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; @@ -36,7 +36,7 @@ pub trait Signer: Send + Sync { #[derive(Clone)] pub struct CertifiedKey { /// The certificate chain. - pub cert: Vec, + pub cert: Vec>, /// The certified key. pub key: Arc, @@ -51,7 +51,7 @@ impl CertifiedKey { /// /// The cert chain must not be empty. The first certificate in the chain /// must be the end-entity certificate. - pub fn new(cert: Vec, key: Arc) -> Self { + pub fn new(cert: Vec>, key: Arc) -> Self { Self { cert, key, @@ -60,7 +60,7 @@ impl CertifiedKey { } /// The end-entity certificate. - pub fn end_entity_cert(&self) -> Result<&key::Certificate, Error> { + pub fn end_entity_cert(&self) -> Result<&CertificateDer<'_>, Error> { self.cert .get(0) .ok_or(Error::NoCertificatesPresented) @@ -69,13 +69,15 @@ impl CertifiedKey { /// Parse `der` as any supported key encoding/type, returning /// the first which works. -pub fn any_supported_type(der: &key::PrivateKey) -> Result, SignError> { +pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result, SignError> { if let Ok(rsa) = RsaSigningKey::new(der) { Ok(Arc::new(rsa)) } else if let Ok(ecdsa) = any_ecdsa_type(der) { Ok(ecdsa) + } else if let PrivateKeyDer::Pkcs8(pkcs8) = der { + any_eddsa_type(pkcs8) } else { - any_eddsa_type(der) + Err(SignError(())) } } @@ -83,7 +85,7 @@ pub fn any_supported_type(der: &key::PrivateKey) -> Result, /// /// Both SEC1 (PEM section starting with 'BEGIN EC PRIVATE KEY') and PKCS8 /// (PEM section starting with 'BEGIN PRIVATE KEY') encodings are supported. -pub fn any_ecdsa_type(der: &key::PrivateKey) -> Result, SignError> { +pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result, SignError> { if let Ok(ecdsa_p256) = EcdsaSigningKey::new( der, SignatureScheme::ECDSA_NISTP256_SHA256, @@ -104,7 +106,7 @@ pub fn any_ecdsa_type(der: &key::PrivateKey) -> Result, Sign } /// Parse `der` as any EdDSA key type, returning the first which works. -pub fn any_eddsa_type(der: &key::PrivateKey) -> Result, SignError> { +pub fn any_eddsa_type(der: &PrivatePkcs8KeyDer<'_>) -> Result, SignError> { if let Ok(ed25519) = Ed25519SigningKey::new(der, SignatureScheme::ED25519) { return Ok(Arc::new(ed25519)); } @@ -135,11 +137,17 @@ static ALL_RSA_SCHEMES: &[SignatureScheme] = &[ impl RsaSigningKey { /// Make a new `RsaSigningKey` from a DER encoding, in either /// PKCS#1 or PKCS#8 format. - pub fn new(der: &key::PrivateKey) -> Result { - RsaKeyPair::from_der(&der.0) - .or_else(|_| RsaKeyPair::from_pkcs8(&der.0)) - .map(|s| Self { key: Arc::new(s) }) - .map_err(|_| SignError(())) + pub fn new(der: &PrivateKeyDer<'_>) -> Result { + let key_pair = match der { + PrivateKeyDer::Pkcs1(pkcs1) => RsaKeyPair::from_der(pkcs1.secret_pkcs1_der()), + PrivateKeyDer::Pkcs8(pkcs8) => RsaKeyPair::from_pkcs8(pkcs8.secret_pkcs8_der()), + _ => return Err(SignError(())), + } + .map_err(|_| SignError(()))?; + + Ok(Self { + key: Arc::new(key_pair), + }) } } @@ -219,17 +227,24 @@ impl EcdsaSigningKey { /// format, expecting a key usable with precisely the given signature /// scheme. fn new( - der: &key::PrivateKey, + der: &PrivateKeyDer<'_>, scheme: SignatureScheme, sigalg: &'static signature::EcdsaSigningAlgorithm, ) -> Result { - EcdsaKeyPair::from_pkcs8(sigalg, &der.0) - .map_err(|_| ()) - .or_else(|_| Self::convert_sec1_to_pkcs8(scheme, sigalg, &der.0)) - .map(|kp| Self { - key: Arc::new(kp), - scheme, - }) + let key_pair = match der { + PrivateKeyDer::Sec1(sec1) => { + Self::convert_sec1_to_pkcs8(scheme, sigalg, sec1.secret_sec1_der())? + } + PrivateKeyDer::Pkcs8(pkcs8) => { + EcdsaKeyPair::from_pkcs8(sigalg, pkcs8.secret_pkcs8_der()).map_err(|_| ())? + } + _ => return Err(()), + }; + + Ok(Self { + key: Arc::new(key_pair), + scheme, + }) } /// Convert a SEC1 encoding to PKCS8, and ask ring to parse it. This @@ -336,13 +351,14 @@ struct Ed25519SigningKey { impl Ed25519SigningKey { /// Make a new `Ed25519SigningKey` from a DER encoding in PKCS#8 format, /// expecting a key usable with precisely the given signature scheme. - fn new(der: &key::PrivateKey, scheme: SignatureScheme) -> Result { - Ed25519KeyPair::from_pkcs8_maybe_unchecked(&der.0) - .map(|kp| Self { - key: Arc::new(kp), + fn new(der: &PrivatePkcs8KeyDer<'_>, scheme: SignatureScheme) -> Result { + match Ed25519KeyPair::from_pkcs8_maybe_unchecked(der.secret_pkcs8_der()) { + Ok(key_pair) => Ok(Self { + key: Arc::new(key_pair), scheme, - }) - .map_err(|_| SignError(())) + }), + Err(_) => Err(SignError(())), + } } } @@ -390,58 +406,71 @@ impl fmt::Display for SignError { impl StdError for SignError {} -#[test] -fn can_load_ecdsa_nistp256_pkcs8() { - let key = key::PrivateKey(include_bytes!("testdata/nistp256key.pkcs8.der").to_vec()); - assert!(any_supported_type(&key).is_ok()); - assert!(any_ecdsa_type(&key).is_ok()); - assert!(any_eddsa_type(&key).is_err()); -} +#[cfg(test)] +mod tests { + use super::*; + use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer}; + + #[test] + fn can_load_ecdsa_nistp256_pkcs8() { + let key = PrivatePkcs8KeyDer::from(&include_bytes!("testdata/nistp256key.pkcs8.der")[..]); + assert!(any_eddsa_type(&key).is_err()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } -#[test] -fn can_load_ecdsa_nistp256_sec1() { - let key = key::PrivateKey(include_bytes!("testdata/nistp256key.der").to_vec()); - assert!(any_supported_type(&key).is_ok()); - assert!(any_ecdsa_type(&key).is_ok()); - assert!(any_eddsa_type(&key).is_err()); -} + #[test] + fn can_load_ecdsa_nistp256_sec1() { + let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( + &include_bytes!("testdata/nistp256key.der")[..], + )); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } -#[test] -fn can_load_ecdsa_nistp384_pkcs8() { - let key = key::PrivateKey(include_bytes!("testdata/nistp384key.pkcs8.der").to_vec()); - assert!(any_supported_type(&key).is_ok()); - assert!(any_ecdsa_type(&key).is_ok()); - assert!(any_eddsa_type(&key).is_err()); -} + #[test] + fn can_load_ecdsa_nistp384_pkcs8() { + let key = PrivatePkcs8KeyDer::from(&include_bytes!("testdata/nistp384key.pkcs8.der")[..]); + assert!(any_eddsa_type(&key).is_err()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } -#[test] -fn can_load_ecdsa_nistp384_sec1() { - let key = key::PrivateKey(include_bytes!("testdata/nistp384key.der").to_vec()); - assert!(any_supported_type(&key).is_ok()); - assert!(any_ecdsa_type(&key).is_ok()); - assert!(any_eddsa_type(&key).is_err()); -} + #[test] + fn can_load_ecdsa_nistp384_sec1() { + let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( + &include_bytes!("testdata/nistp384key.der")[..], + )); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } -#[test] -fn can_load_eddsa_pkcs8() { - let key = key::PrivateKey(include_bytes!("testdata/eddsakey.der").to_vec()); - assert!(any_supported_type(&key).is_ok()); - assert!(any_eddsa_type(&key).is_ok()); - assert!(any_ecdsa_type(&key).is_err()); -} + #[test] + fn can_load_eddsa_pkcs8() { + let key = PrivatePkcs8KeyDer::from(&include_bytes!("testdata/eddsakey.der")[..]); + assert!(any_eddsa_type(&key).is_ok()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_err()); + } -#[test] -fn can_load_rsa2048_pkcs8() { - let key = key::PrivateKey(include_bytes!("testdata/rsa2048key.pkcs8.der").to_vec()); - assert!(any_supported_type(&key).is_ok()); - assert!(any_eddsa_type(&key).is_err()); - assert!(any_ecdsa_type(&key).is_err()); -} + #[test] + fn can_load_rsa2048_pkcs8() { + let key = PrivatePkcs8KeyDer::from(&include_bytes!("testdata/rsa2048key.pkcs8.der")[..]); + assert!(any_eddsa_type(&key).is_err()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_err()); + } -#[test] -fn can_load_rsa2048_pkcs1() { - let key = key::PrivateKey(include_bytes!("testdata/rsa2048key.pkcs1.der").to_vec()); - assert!(any_supported_type(&key).is_ok()); - assert!(any_eddsa_type(&key).is_err()); - assert!(any_ecdsa_type(&key).is_err()); + #[test] + fn can_load_rsa2048_pkcs1() { + let key = PrivateKeyDer::Pkcs1(PrivatePkcs1KeyDer::from( + &include_bytes!("testdata/rsa2048key.pkcs1.der")[..], + )); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_err()); + } } diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 516da26088..41fb2c1fe4 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -1,10 +1,11 @@ use core::fmt; use std::time::SystemTime; +use pki_types::CertificateDer; + use crate::client::ServerName; use crate::enums::SignatureScheme; use crate::error::{Error, InvalidMessage}; -use crate::key::Certificate; use crate::msgs::base::PayloadU16; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::DistinguishedName; @@ -81,8 +82,8 @@ pub trait ServerCertVerifier: Send + Sync { /// [Certificate]: https://datatracker.ietf.org/doc/html/rfc8446#section-4.4.2 fn verify_server_cert( &self, - end_entity: &Certificate, - intermediates: &[Certificate], + end_entity: &CertificateDer<'_>, + intermediates: &[CertificateDer<'_>], server_name: &ServerName, ocsp_response: &[u8], now: SystemTime, @@ -106,7 +107,7 @@ pub trait ServerCertVerifier: Send + Sync { fn verify_tls12_signature( &self, message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result; @@ -127,7 +128,7 @@ pub trait ServerCertVerifier: Send + Sync { fn verify_tls13_signature( &self, message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result; @@ -190,8 +191,8 @@ pub trait ClientCertVerifier: Send + Sync { /// [BadEncoding]: crate::CertificateError#variant.BadEncoding fn verify_client_cert( &self, - end_entity: &Certificate, - intermediates: &[Certificate], + end_entity: &CertificateDer<'_>, + intermediates: &[CertificateDer<'_>], now: SystemTime, ) -> Result; @@ -213,7 +214,7 @@ pub trait ClientCertVerifier: Send + Sync { fn verify_tls12_signature( &self, message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result; @@ -229,7 +230,7 @@ pub trait ClientCertVerifier: Send + Sync { fn verify_tls13_signature( &self, message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result; @@ -263,8 +264,8 @@ impl ClientCertVerifier for NoClientAuth { fn verify_client_cert( &self, - _end_entity: &Certificate, - _intermediates: &[Certificate], + _end_entity: &CertificateDer<'_>, + _intermediates: &[CertificateDer<'_>], _now: SystemTime, ) -> Result { unimplemented!(); @@ -273,7 +274,7 @@ impl ClientCertVerifier for NoClientAuth { fn verify_tls12_signature( &self, _message: &[u8], - _cert: &Certificate, + _cert: &CertificateDer<'_>, _dss: &DigitallySignedStruct, ) -> Result { unimplemented!(); @@ -282,7 +283,7 @@ impl ClientCertVerifier for NoClientAuth { fn verify_tls13_signature( &self, _message: &[u8], - _cert: &Certificate, + _cert: &CertificateDer<'_>, _dss: &DigitallySignedStruct, ) -> Result { unimplemented!(); diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index a37cf634a5..c2a566fc1b 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -7,10 +7,10 @@ use core::time::Duration; use std::time::{Instant, SystemTime}; -use crate::key; use crate::verify::ServerCertVerifier; -use crate::webpki::{OwnedTrustAnchor, RootCertStore, WebPkiServerVerifier}; +use crate::webpki::{RootCertStore, WebPkiServerVerifier}; +use pki_types::CertificateDer; use webpki_roots; fn duration_nanos(d: Duration) -> u64 { @@ -180,7 +180,7 @@ struct Context { name: &'static str, domain: &'static str, roots: RootCertStore, - chain: Vec, + chain: Vec>, now: SystemTime, } @@ -190,13 +190,7 @@ impl Context { roots.add_trust_anchors( webpki_roots::TLS_SERVER_ROOTS .iter() - .map(|ta| { - OwnedTrustAnchor::from_subject_spki_name_constraints( - ta.subject, - ta.spki, - ta.name_constraints, - ) - }), + .cloned(), ); Self { name, @@ -205,7 +199,7 @@ impl Context { chain: certs .iter() .copied() - .map(|bytes| key::Certificate(bytes.to_vec())) + .map(|bytes| CertificateDer::from(bytes.to_vec())) .collect(), now: SystemTime::UNIX_EPOCH + Duration::from_secs(1640870720), } diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index 6c2574655f..6309d9ce2b 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -1,63 +1,21 @@ +use pki_types::{CertificateDer, TrustAnchor}; +use webpki::extract_trust_anchor; + +use super::pki_error; #[cfg(feature = "logging")] use crate::log::{debug, trace}; use crate::x509; -use crate::{key, DistinguishedName}; -use crate::{CertificateError, Error}; +use crate::DistinguishedName; +use crate::Error; /// A trust anchor, commonly known as a "Root Certificate." #[derive(Debug, Clone)] -pub struct OwnedTrustAnchor { - subject_dn_header_len: usize, +pub struct TrustAnchorWithDn { subject_dn: DistinguishedName, - spki: Vec, - name_constraints: Option>, + inner: TrustAnchor<'static>, } -impl OwnedTrustAnchor { - /// Get a `webpki::TrustAnchor` by borrowing the owned elements. - pub(crate) fn to_trust_anchor(&self) -> webpki::TrustAnchor { - webpki::TrustAnchor { - subject: &self.subject_dn.as_ref()[self.subject_dn_header_len..], - spki: &self.spki, - name_constraints: self.name_constraints.as_deref(), - } - } - - /// Constructs an `OwnedTrustAnchor` from its components. - /// - /// All inputs are DER-encoded. - /// - /// `subject` is the [Subject] field of the trust anchor *without* the outer SEQUENCE - /// encoding. - /// - /// `spki` is the [SubjectPublicKeyInfo] field of the trust anchor. - /// - /// `name_constraints` is the [Name Constraints] to - /// apply for this trust anchor, if any. - /// - /// [Subject]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 - /// [SubjectPublicKeyInfo]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.7 - /// [Name Constraints]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 - pub fn from_subject_spki_name_constraints( - subject: impl Into>, - spki: impl Into>, - name_constraints: Option>>, - ) -> Self { - let (subject_dn, subject_dn_header_len) = { - let mut subject = subject.into(); - let before_len = subject.len(); - x509::wrap_in_sequence(&mut subject); - let header_len = subject.len().saturating_sub(before_len); - (DistinguishedName::from(subject), header_len) - }; - Self { - subject_dn_header_len, - subject_dn, - spki: spki.into(), - name_constraints: name_constraints.map(|x| x.into()), - } - } - +impl TrustAnchorWithDn { /// Return the subject field including its outer SEQUENCE encoding. /// /// This can be decoded using [x509-parser's FromDer trait](https://docs.rs/x509-parser/latest/x509_parser/prelude/trait.FromDer.html). @@ -69,6 +27,23 @@ impl OwnedTrustAnchor { pub fn subject(&self) -> &DistinguishedName { &self.subject_dn } + + /// Get a `TrustAnchor` by borrowing the owned elements. + pub(crate) fn inner(&self) -> &TrustAnchor<'static> { + &self.inner + } +} + +impl From> for TrustAnchorWithDn { + fn from(inner: TrustAnchor<'static>) -> Self { + let mut subject = inner.subject.as_ref().to_owned(); + x509::wrap_in_sequence(&mut subject); + + Self { + subject_dn: DistinguishedName::from(subject), + inner, + } + } } /// A container for root certificates able to provide a root-of-trust @@ -76,7 +51,7 @@ impl OwnedTrustAnchor { #[derive(Debug, Clone)] pub struct RootCertStore { /// The list of roots. - pub roots: Vec, + pub roots: Vec, } impl RootCertStore { @@ -104,14 +79,19 @@ impl RootCertStore { /// this should not be a cause for concern. Use [`RootCertStore::add_parsable_certificates`] /// in order to add as many valid roots as possible and to understand how many certificates /// have been diagnosed as malformed. - pub fn add(&mut self, der: &key::Certificate) -> Result<(), Error> { - self.add_internal(&der.0) + pub fn add(&mut self, der: CertificateDer<'_>) -> Result<(), Error> { + self.roots.push(TrustAnchorWithDn::from( + extract_trust_anchor(&der) + .map_err(pki_error)? + .to_owned(), + )); + Ok(()) } - /// Adds all the given TrustAnchors `anchors`. This does not - /// fail. - pub fn add_trust_anchors(&mut self, trust_anchors: impl Iterator) { - self.roots.extend(trust_anchors); + /// Adds all the given TrustAnchors `anchors`. This does not fail. + pub fn add_trust_anchors(&mut self, trust_anchors: impl Iterator>) { + self.roots + .extend(trust_anchors.map(|ta| ta.into())); } /// Parse the given DER-encoded certificates and add all that can be parsed @@ -121,23 +101,27 @@ impl RootCertStore { /// include ancient or syntactically invalid certificates. /// /// Returns the number of certificates added, and the number that were ignored. - pub fn add_parsable_certificates>( + pub fn add_parsable_certificates<'a>( &mut self, - der_certs: impl IntoIterator, + der_certs: impl IntoIterator>, ) -> (usize, usize) { let mut valid_count = 0; let mut invalid_count = 0; for der_cert in der_certs { #[cfg_attr(not(feature = "logging"), allow(unused_variables))] - match self.add_internal(der_cert.as_ref()) { - Ok(_) => valid_count += 1, + match extract_trust_anchor(&der_cert) { + Ok(anchor) => { + self.roots + .push(TrustAnchorWithDn::from(anchor.to_owned())); + valid_count += 1; + } Err(err) => { trace!("invalid cert der {:?}", der_cert.as_ref()); debug!("certificate parsing failed: {:?}", err); invalid_count += 1; } - } + }; } debug!( @@ -147,33 +131,26 @@ impl RootCertStore { (valid_count, invalid_count) } - - fn add_internal(&mut self, der: &[u8]) -> Result<(), Error> { - let ta = webpki::TrustAnchor::try_from_cert_der(der) - .map_err(|_| Error::InvalidCertificate(CertificateError::BadEncoding))?; - self.roots - .push(OwnedTrustAnchor::from_subject_spki_name_constraints( - ta.subject, - ta.spki, - ta.name_constraints, - )); - Ok(()) - } } +#[cfg(test)] mod tests { + use super::TrustAnchorWithDn; + use pki_types::TrustAnchor; + #[test] fn ownedtrustanchor_subject_is_correctly_encoding_dn() { - let subject = b"subject".to_owned(); - let ota = super::OwnedTrustAnchor::from_subject_spki_name_constraints( - subject, - b"".to_owned(), - None::>, - ); - let expected_prefix = vec![ring::io::der::Tag::Sequence as u8, subject.len() as u8]; + let ta = TrustAnchor { + subject: b"subject"[..].into(), + subject_public_key_info: [][..].into(), + name_constraints: None, + }; + + let with_dn = TrustAnchorWithDn::from(ta.clone()); + let expected_prefix = vec![ring::io::der::Tag::Sequence as u8, ta.subject.len() as u8]; assert_eq!( - ota.subject().as_ref(), - [expected_prefix, subject.to_vec()].concat() + with_dn.subject().as_ref(), + [expected_prefix, ta.subject.to_vec()].concat() ); } } diff --git a/rustls/src/webpki/client_verifier_builder.rs b/rustls/src/webpki/client_verifier_builder.rs index 2ffde2258d..0b47b41d20 100644 --- a/rustls/src/webpki/client_verifier_builder.rs +++ b/rustls/src/webpki/client_verifier_builder.rs @@ -1,7 +1,9 @@ use std::sync::Arc; +use pki_types::CertificateRevocationListDer; +use webpki::BorrowedCertRevocationList; + use super::verify::{AnonymousClientPolicy, WebPkiClientVerifier}; -use crate::server::UnparsedCertRevocationList; use crate::verify::ClientCertVerifier; use crate::{CertRevocationListError, RootCertStore}; @@ -11,7 +13,7 @@ use crate::{CertRevocationListError, RootCertStore}; #[derive(Debug, Clone)] pub struct ClientCertVerifierBuilder { roots: Arc, - crls: Vec, + crls: Vec>, anon_policy: AnonymousClientPolicy, } @@ -27,7 +29,10 @@ impl ClientCertVerifierBuilder { /// Verify the revocation state of presented client certificates against the provided /// certificate revocation lists (CRLs). Calling `with_crls` multiple times appends the /// given CRLs to the existing collection. - pub fn with_crls(mut self, crls: impl IntoIterator) -> Self { + pub fn with_crls( + mut self, + crls: impl IntoIterator>, + ) -> Self { self.crls.extend(crls); self } @@ -63,7 +68,11 @@ impl ClientCertVerifierBuilder { self.roots, self.crls .into_iter() - .map(|der_crl| der_crl.parse()) + .map(|der_crl| { + BorrowedCertRevocationList::from_der(der_crl.as_ref()) + .and_then(|crl| crl.to_owned()) + .map_err(CertRevocationListError::from) + }) .collect::, CertRevocationListError>>()?, self.anon_policy, ))) @@ -90,27 +99,27 @@ impl From for ClientCertVerifierBuilderError { #[cfg(test)] mod tests { - use crate::server::{ClientCertVerifierBuilderError, UnparsedCertRevocationList}; + use crate::server::ClientCertVerifierBuilderError; use crate::webpki::verify::WebPkiClientVerifier; - use crate::{Certificate, RootCertStore}; + use crate::RootCertStore; + + use pki_types::{CertificateDer, CertificateRevocationListDer}; + use std::sync::Arc; - fn load_crls(crls_der: &[&[u8]]) -> Vec { + fn load_crls(crls_der: &[&[u8]]) -> Vec> { crls_der .iter() .map(|pem_bytes| { - UnparsedCertRevocationList( - rustls_pemfile::crls(&mut &pem_bytes[..]) - .unwrap() - .first() - .unwrap() - .to_vec(), - ) + rustls_pemfile::crls(&mut &pem_bytes[..]) + .next() + .unwrap() + .unwrap() }) .collect() } - fn test_crls() -> Vec { + fn test_crls() -> Vec> { load_crls(&[ include_bytes!("../../../test-ca/ecdsa/client.revoked.crl.pem").as_slice(), include_bytes!("../../../test-ca/rsa/client.revoked.crl.pem").as_slice(), @@ -121,7 +130,7 @@ mod tests { let mut roots = RootCertStore::empty(); roots_der.iter().for_each(|der| { roots - .add(&Certificate(der.to_vec())) + .add(CertificateDer::from(der.to_vec())) .unwrap() }); roots.into() @@ -185,7 +194,7 @@ mod tests { fn test_with_invalid_crls() { // Trying to build a verifier with invalid CRLs should error at build time. let result = WebPkiClientVerifier::builder(test_roots()) - .with_crls(vec![UnparsedCertRevocationList(vec![0xFF])]) + .with_crls(vec![CertificateRevocationListDer::from(vec![0xFF])]) .build(); assert!(matches!( result, diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 5194562118..2e99193a46 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -1,16 +1,16 @@ use alloc::sync::Arc; -use crate::error::{Error, CertificateError, CertRevocationListError}; +use crate::error::{CertRevocationListError, CertificateError, Error}; mod anchors; mod client_verifier_builder; mod verify; -pub use anchors::{OwnedTrustAnchor, RootCertStore}; +pub use anchors::{RootCertStore, TrustAnchorWithDn}; pub use client_verifier_builder::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; -pub use verify::{UnparsedCertRevocationList, WebPkiClientVerifier}; +pub use verify::WebPkiClientVerifier; // Conditionally exported from crate. #[allow(unreachable_pub)] diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 2c881f8a61..b7a3e544bd 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -1,13 +1,14 @@ use alloc::sync::Arc; use std::time::SystemTime; -use super::anchors::{OwnedTrustAnchor, RootCertStore}; +use pki_types::{CertificateDer, TrustAnchor}; + +use super::anchors::RootCertStore; use super::client_verifier_builder::ClientCertVerifierBuilder; use super::pki_error; use crate::client::ServerName; use crate::enums::SignatureScheme; use crate::error::{CertRevocationListError, CertificateError, Error, PeerMisbehaved}; -use crate::key::Certificate; #[cfg(feature = "logging")] use crate::log::trace; use crate::msgs::handshake::DistinguishedName; @@ -36,20 +37,19 @@ static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[ ]; /// Verify that the end-entity certificate `end_entity` is a valid server cert -/// and chains to at least one of the [OwnedTrustAnchor] in the `roots` [RootCertStore]. +/// and chains to at least one of the [TrustAnchor]s in the `roots` [RootCertStore]. /// /// `intermediates` contains all certificates other than `end_entity` that -/// were sent as part of the server's [Certificate] message. It is in the +/// were sent as part of the server's `Certificate` message. It is in the /// same order that the server sent them and may be empty. #[allow(dead_code)] #[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] pub fn verify_server_cert_signed_by_trust_anchor( cert: &ParsedCertificate, roots: &RootCertStore, - intermediates: &[Certificate], + intermediates: &[CertificateDer<'_>], now: SystemTime, ) -> Result<(), Error> { - let chain = intermediate_chain(intermediates); let trust_roots = trust_roots(roots); let webpki_now = webpki::Time::try_from(now).map_err(|_| Error::FailedToGetCurrentTime)?; @@ -57,7 +57,7 @@ pub fn verify_server_cert_signed_by_trust_anchor( .verify_for_usage( SUPPORTED_SIG_ALGS, &trust_roots, - &chain, + intermediates, webpki_now, webpki::KeyUsage::server_auth(), None, // no CRLs @@ -101,8 +101,8 @@ impl ServerCertVerifier for WebPkiServerVerifier { /// - Valid for DNS entry fn verify_server_cert( &self, - end_entity: &Certificate, - intermediates: &[Certificate], + end_entity: &CertificateDer<'_>, + intermediates: &[CertificateDer<'_>], server_name: &ServerName, ocsp_response: &[u8], now: SystemTime, @@ -122,7 +122,7 @@ impl ServerCertVerifier for WebPkiServerVerifier { fn verify_tls12_signature( &self, message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { Self::default_verify_tls12_signature(message, cert, dss) @@ -131,7 +131,7 @@ impl ServerCertVerifier for WebPkiServerVerifier { fn verify_tls13_signature( &self, message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { Self::default_verify_tls13_signature(message, cert, dss) @@ -178,7 +178,7 @@ impl WebPkiServerVerifier { /// `ClientCertVerifier::verify_tls12_signature`. pub fn default_verify_tls12_signature( message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { verify_signed_struct(message, cert, dss) @@ -188,42 +188,34 @@ impl WebPkiServerVerifier { /// `ClientCertVerifier::verify_tls13_signature`. pub fn default_verify_tls13_signature( message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { verify_tls13(message, cert, dss) } } -fn intermediate_chain(intermediates: &[Certificate]) -> Vec<&[u8]> { - intermediates - .iter() - .map(|cert| cert.0.as_ref()) - .collect() -} - -fn trust_roots(roots: &RootCertStore) -> Vec { +fn trust_roots(roots: &RootCertStore) -> Vec> { roots .roots .iter() - .map(OwnedTrustAnchor::to_trust_anchor) + .map(|with_dn| { + let inner = with_dn.inner(); + TrustAnchor { + subject: inner.subject.as_ref().into(), + subject_public_key_info: inner + .subject_public_key_info + .as_ref() + .into(), + name_constraints: inner + .name_constraints + .as_ref() + .map(|nc| nc.as_ref().into()), + } + }) .collect() } -/// An unparsed DER encoded Certificate Revocation List (CRL). -#[derive(Debug, Clone, Eq, PartialEq)] -pub struct UnparsedCertRevocationList(pub Vec); - -impl UnparsedCertRevocationList { - /// Parse the CRL DER, yielding a [`webpki::CertRevocationList`] or an error if the CRL - /// is malformed, or uses unsupported features. - pub fn parse(&self) -> Result { - webpki::BorrowedCertRevocationList::from_der(&self.0) - .and_then(|crl| crl.to_owned()) - .map_err(CertRevocationListError::from) - } -} - /// A client certificate verifier that uses the `webpki` crate[^1] to perform client certificate /// validation. It must be created via the [WebPkiClientVerifier::builder()] function. /// @@ -346,12 +338,11 @@ impl ClientCertVerifier for WebPkiClientVerifier { fn verify_client_cert( &self, - end_entity: &Certificate, - intermediates: &[Certificate], + end_entity: &CertificateDer<'_>, + intermediates: &[CertificateDer<'_>], now: SystemTime, ) -> Result { let cert = ParsedCertificate::try_from(end_entity)?; - let chain = intermediate_chain(intermediates); let trust_roots = trust_roots(&self.roots); let now = webpki::Time::try_from(now).map_err(|_| Error::FailedToGetCurrentTime)?; @@ -377,7 +368,7 @@ impl ClientCertVerifier for WebPkiClientVerifier { .verify_for_usage( SUPPORTED_SIG_ALGS, &trust_roots, - &chain, + intermediates, now, webpki::KeyUsage::client_auth(), revocation, @@ -389,7 +380,7 @@ impl ClientCertVerifier for WebPkiClientVerifier { fn verify_tls12_signature( &self, message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) @@ -398,7 +389,7 @@ impl ClientCertVerifier for WebPkiClientVerifier { fn verify_tls13_signature( &self, message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) @@ -493,11 +484,11 @@ fn verify_sig_using_any_alg( fn verify_signed_struct( message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { let possible_algs = convert_scheme(dss.scheme)?; - let cert = webpki::EndEntityCert::try_from(cert.0.as_ref()).map_err(pki_error)?; + let cert = webpki::EndEntityCert::try_from(cert).map_err(pki_error)?; verify_sig_using_any_alg(&cert, possible_algs, message, dss.signature()) .map_err(pki_error) @@ -522,12 +513,12 @@ fn convert_alg_tls13( fn verify_tls13( msg: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { let alg = convert_alg_tls13(dss.scheme)?; - let cert = webpki::EndEntityCert::try_from(cert.0.as_ref()).map_err(pki_error)?; + let cert = webpki::EndEntityCert::try_from(cert).map_err(pki_error)?; cert.verify_signature(alg, msg, dss.signature()) .map_err(pki_error) @@ -619,10 +610,10 @@ fn crl_error_from_webpki() { #[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] pub struct ParsedCertificate<'a>(pub(crate) webpki::EndEntityCert<'a>); -impl<'a> TryFrom<&'a Certificate> for ParsedCertificate<'a> { +impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { type Error = Error; - fn try_from(value: &'a Certificate) -> Result, Self::Error> { - webpki::EndEntityCert::try_from(value.0.as_ref()) + fn try_from(value: &'a CertificateDer<'a>) -> Result, Self::Error> { + webpki::EndEntityCert::try_from(value) .map_err(pki_error) .map(ParsedCertificate) } @@ -630,13 +621,13 @@ impl<'a> TryFrom<&'a Certificate> for ParsedCertificate<'a> { #[cfg(test)] mod test { - use super::Certificate; + use super::CertificateDer; #[test] fn certificate_debug() { assert_eq!( - "Certificate(b\"ab\")", - format!("{:?}", Certificate(b"ab".to_vec())) + "CertificateDer(Der([97, 98]))", + format!("{:?}", CertificateDer::from(b"ab".to_vec())) ); } } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 7d3ae73fd0..aada434e19 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -9,6 +9,7 @@ use std::sync::atomic::{AtomicUsize, Ordering}; use std::sync::Arc; use std::sync::Mutex; +use pki_types::CertificateDer; use rustls::client::{ResolvesClientCert, Resumption}; use rustls::crypto::ring::Ring; use rustls::crypto::CryptoProvider; @@ -2285,7 +2286,7 @@ fn sni_resolver_rejects_bad_certs() { ) ); - let bad_chain = vec![rustls::Certificate(vec![0xa0])]; + let bad_chain = vec![CertificateDer::from(vec![0xa0])]; assert_eq!( Err(Error::InvalidCertificate(CertificateError::BadEncoding)), resolver.add( diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 05e1491516..ac3ca57f31 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -14,9 +14,12 @@ use rustls::crypto::ring::Ring; use rustls::internal::msgs::handshake::DistinguishedName; use rustls::server::{ClientCertVerified, ClientCertVerifier}; use rustls::{ - AlertDescription, Certificate, ClientConnection, DigitallySignedStruct, Error, InvalidMessage, - ServerConfig, ServerConnection, SignatureScheme, + AlertDescription, ClientConnection, DigitallySignedStruct, Error, InvalidMessage, ServerConfig, + ServerConnection, SignatureScheme, }; + +use pki_types::CertificateDer; + use std::sync::Arc; // Client is authorized! @@ -193,8 +196,8 @@ impl ClientCertVerifier for MockClientVerifier { fn verify_client_cert( &self, - _end_entity: &Certificate, - _intermediates: &[Certificate], + _end_entity: &CertificateDer<'_>, + _intermediates: &[CertificateDer<'_>], _now: std::time::SystemTime, ) -> Result { (self.verified)() @@ -203,7 +206,7 @@ impl ClientCertVerifier for MockClientVerifier { fn verify_tls12_signature( &self, message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) @@ -212,7 +215,7 @@ impl ClientCertVerifier for MockClientVerifier { fn verify_tls13_signature( &self, message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 162bc9f54d..1b0964e5fe 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -4,15 +4,16 @@ use std::io; use std::ops::{Deref, DerefMut}; use std::sync::Arc; +use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; + use rustls::crypto::ring::Ring; use rustls::crypto::CryptoProvider; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage}; -use rustls::server::{UnparsedCertRevocationList, WebPkiClientVerifier}; +use rustls::server::WebPkiClientVerifier; use rustls::Connection; use rustls::Error; use rustls::RootCertStore; -use rustls::{Certificate, PrivateKey}; use rustls::{ClientConfig, ClientConnection}; use rustls::{ConnectionCommon, ServerConfig, ServerConnection, SideData}; @@ -199,49 +200,44 @@ impl KeyType { } } - pub fn get_chain(&self) -> Vec { + pub fn get_chain(&self) -> Vec> { rustls_pemfile::certs(&mut io::BufReader::new(self.bytes_for("end.fullchain"))) - .unwrap() - .iter() - .map(|v| Certificate(v.clone())) + .map(|result| result.unwrap()) .collect() } - pub fn get_key(&self) -> PrivateKey { - PrivateKey( + pub fn get_key(&self) -> PrivateKeyDer<'static> { + PrivateKeyDer::Pkcs8( rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new(self.bytes_for("end.key"))) - .unwrap()[0] - .clone(), + .next() + .unwrap() + .unwrap(), ) } - pub fn get_client_chain(&self) -> Vec { + pub fn get_client_chain(&self) -> Vec> { rustls_pemfile::certs(&mut io::BufReader::new(self.bytes_for("client.fullchain"))) - .unwrap() - .iter() - .map(|v| Certificate(v.clone())) + .map(|result| result.unwrap()) .collect() } - pub fn client_crl(&self) -> UnparsedCertRevocationList { - UnparsedCertRevocationList( - rustls_pemfile::crls(&mut io::BufReader::new( - self.bytes_for("client.revoked.crl.pem"), - )) - .unwrap() - .into_iter() - .next() // We only expect one CRL. - .unwrap(), - ) + pub fn client_crl(&self) -> CertificateRevocationListDer<'static> { + rustls_pemfile::crls(&mut io::BufReader::new( + self.bytes_for("client.revoked.crl.pem"), + )) + .map(|result| result.unwrap()) + .next() // We only expect one CRL. + .unwrap() } - fn get_client_key(&self) -> PrivateKey { - PrivateKey( + fn get_client_key(&self) -> PrivateKeyDer<'static> { + PrivateKeyDer::Pkcs8( rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( self.bytes_for("client.key"), )) - .unwrap()[0] - .clone(), + .next() + .unwrap() + .unwrap(), ) } } @@ -293,14 +289,14 @@ pub fn get_client_root_store(kt: KeyType) -> Arc { roots.drain(0..1); let mut client_auth_roots = RootCertStore::empty(); for root in roots { - client_auth_roots.add(&root).unwrap(); + client_auth_roots.add(root).unwrap(); } client_auth_roots.into() } pub fn make_server_config_with_mandatory_client_auth_crls( kt: KeyType, - crls: Vec, + crls: Vec>, ) -> ServerConfig { let client_auth_roots = get_client_root_store(kt); @@ -322,7 +318,7 @@ pub fn make_server_config_with_mandatory_client_auth(kt: KeyType) -> ServerConfi pub fn make_server_config_with_optional_client_auth( kt: KeyType, - crls: Vec, + crls: Vec>, ) -> ServerConfig { let client_auth_roots = get_client_root_store(kt); @@ -345,7 +341,9 @@ pub fn finish_client_config( ) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); - root_store.add_parsable_certificates(rustls_pemfile::certs(&mut rootbuf).unwrap()); + root_store.add_parsable_certificates( + rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), + ); config .with_root_certificates(root_store) @@ -359,7 +357,9 @@ pub fn finish_client_config_with_creds( let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); // Passing a reference here just for testing. - root_store.add_parsable_certificates(&rustls_pemfile::certs(&mut rootbuf).unwrap()); + root_store.add_parsable_certificates( + rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), + ); config .with_root_certificates(root_store) diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index 1e67da378a..376cbaa075 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -11,7 +11,10 @@ use rustls::client::{ HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, WebPkiServerVerifier, }; use rustls::DigitallySignedStruct; -use rustls::{AlertDescription, Certificate, Error, InvalidMessage, SignatureScheme}; +use rustls::{AlertDescription, Error, InvalidMessage, SignatureScheme}; + +use pki_types::CertificateDer; + use std::sync::Arc; #[test] @@ -163,8 +166,8 @@ pub struct MockServerVerifier { impl ServerCertVerifier for MockServerVerifier { fn verify_server_cert( &self, - end_entity: &rustls::Certificate, - intermediates: &[rustls::Certificate], + end_entity: &CertificateDer<'_>, + intermediates: &[CertificateDer<'_>], server_name: &rustls::ServerName, oscp_response: &[u8], now: std::time::SystemTime, @@ -183,7 +186,7 @@ impl ServerCertVerifier for MockServerVerifier { fn verify_tls12_signature( &self, message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { println!( @@ -200,7 +203,7 @@ impl ServerCertVerifier for MockServerVerifier { fn verify_tls13_signature( &self, message: &[u8], - cert: &Certificate, + cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { println!( From 8c914559f8b31c2db642322a8c87b95ccfd9b2f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Tue, 5 Sep 2023 11:25:36 +0200 Subject: [PATCH 0133/1145] Show detailed icount diff for scenarios with noteworthy diffs --- .github/workflows/icount-bench.yml | 6 +- ci-bench/README.md | 15 +++-- ci-bench/src/cachegrind.rs | 99 +++++++++++++++++++++++++++--- ci-bench/src/main.rs | 96 +++++++++++++++++++++-------- 4 files changed, 170 insertions(+), 46 deletions(-) diff --git a/.github/workflows/icount-bench.yml b/.github/workflows/icount-bench.yml index 2f44356aa8..34e4bee2e3 100644 --- a/.github/workflows/icount-bench.yml +++ b/.github/workflows/icount-bench.yml @@ -19,7 +19,7 @@ jobs: persist-credentials: false - name: Run icount benchmarks for ${{ github.base_ref }} - run: cd ci-bench && cargo run --release -- run-all > ${{ runner.temp }}/base.csv + run: cd ci-bench && cargo run --release -- run-all --output-dir ${{ runner.temp }}/base - name: Checkout PR uses: actions/checkout@v3 @@ -28,7 +28,7 @@ jobs: persist-credentials: false - name: Run icount benchmarks for PR - run: cd ci-bench && cargo run --release -- run-all > ${{ runner.temp }}/pr.csv + run: cd ci-bench && cargo run --release -- run-all --output-dir ${{ runner.temp }}/pr - name: Compare results - run: cd ci-bench && cargo run --release -- compare ${{ runner.temp }}/base.csv ${{ runner.temp }}/pr.csv > $GITHUB_STEP_SUMMARY + run: cd ci-bench && cargo run --release -- compare ${{ runner.temp }}/base ${{ runner.temp }}/pr > $GITHUB_STEP_SUMMARY diff --git a/ci-bench/README.md b/ci-bench/README.md index 3187adacc6..d869c4846f 100644 --- a/ci-bench/README.md +++ b/ci-bench/README.md @@ -12,8 +12,9 @@ important bits. _Note: this step requires having `valgrind` in your path._ -Use `cargo run --release -- run-all > out.csv` to generate a CSV with the instruction counts for -the different scenarios we support. The result should look like the following: +Use `cargo run --release -- run-all --output-dir foo` to generate the results inside the `foo` +directory. Within that directory, you will find an `icounts.csv` file with the instruction counts +for the different scenarios we support. It should look like the following: ```csv handshake_no_resume_1.2_rsa_aes_server,11327015 @@ -31,12 +32,14 @@ handshake_no_resume_1.3_rsa_aes_client,4212770 ... ``` +In the `cachegrind` subdirectory you will find output files emitted by the `cachegrind` tool, which +are useful to report detailed instruction count differences when comparing two benchmark runs. + ### Comparing results -Use `cargo run --release -- compare out1.csv out2.csv`. It will output a report using -GitHub-flavored markdown (used by the CI itself to give feedback about PRs). We currently -consider differences of 0.2% to be significant, but might tweak it in the future after we gain -experience with the benchmarking setup. +Use `cargo run --release -- compare foo bar`. It will output a report using GitHub-flavored markdown +(used by the CI itself to give feedback about PRs). We currently consider differences of 0.2% to be +significant, but might tweak it in the future after we gain experience with the benchmarking setup. ### Supported scenarios diff --git a/ci-bench/src/cachegrind.rs b/ci-bench/src/cachegrind.rs index e674fbf019..064aeeb1eb 100644 --- a/ci-bench/src/cachegrind.rs +++ b/ci-bench/src/cachegrind.rs @@ -9,12 +9,17 @@ use anyhow::Context; use crate::benchmark::Benchmark; use crate::Side; +/// The subdirectory in which the cachegrind output should be stored +const CACHEGRIND_OUTPUT_SUBDIR: &str = "cachegrind"; + /// A cachegrind-based benchmark runner pub struct CachegrindRunner { /// The path to the ci-bench executable /// /// This is necessary because the cachegrind runner works by spawning child processes executable: String, + /// The directory where the cachegrind output will be stored + output_dir: PathBuf, /// The amount of instructions that are executed upon startup of the child process, before /// actually running one of the benchmarks /// @@ -24,9 +29,13 @@ pub struct CachegrindRunner { impl CachegrindRunner { /// Returns a new cachegrind-based benchmark runner - pub fn new(executable: String) -> anyhow::Result { + pub fn new(executable: String, output_dir: PathBuf) -> anyhow::Result { Self::ensure_cachegrind_available()?; + let cachegrind_output_dir = output_dir.join(CACHEGRIND_OUTPUT_SUBDIR); + std::fs::create_dir_all(&cachegrind_output_dir) + .context("Failed to create cachegrind output directory")?; + // We don't care about the side here, so let's use `Server` just to choose something let overhead_instructions = Self::run_bench_side( &executable, @@ -35,12 +44,14 @@ impl CachegrindRunner { "calibration", Stdio::piped(), Stdio::piped(), + &cachegrind_output_dir, )? .wait_and_get_instr_count() .context("Unable to count overhead instructions")?; Ok(CachegrindRunner { executable, + output_dir: cachegrind_output_dir, overhead_instructions, }) } @@ -61,6 +72,7 @@ impl CachegrindRunner { &bench.name_with_side(Side::Server), Stdio::piped(), Stdio::piped(), + &self.output_dir, ) .context("server side bench crashed")?; @@ -71,6 +83,7 @@ impl CachegrindRunner { &bench.name_with_side(Side::Client), Stdio::from(server.process.stdout.take().unwrap()), Stdio::from(server.process.stdin.take().unwrap()), + &self.output_dir, ) .context("client side bench crashed")?; @@ -116,10 +129,9 @@ impl CachegrindRunner { name: &str, stdin: Stdio, stdout: Stdio, + output_dir: &Path, ) -> anyhow::Result { - let output_file = PathBuf::from(format!("target/cachegrind/cachegrind.out.{}", name)); - std::fs::create_dir_all(output_file.parent().unwrap()) - .context("Failed to create cachegrind output directory")?; + let cachegrind_output_file = output_dir.join(name); // Run under setarch to disable ASLR, to reduce noise let mut cmd = Command::new("setarch"); @@ -133,7 +145,10 @@ impl CachegrindRunner { // keep stderr free of noise, to see any errors from the child process) .arg("--log-file=/dev/null") // The file where the instruction counts will be stored - .arg(format!("--cachegrind-out-file={}", output_file.display())) + .arg(format!( + "--cachegrind-out-file={}", + cachegrind_output_file.display() + )) .arg(executable) .arg("run-single") .arg(benchmark_index.to_string()) @@ -146,7 +161,7 @@ impl CachegrindRunner { Ok(BenchSubprocess { process: child, - output_file, + cachegrind_output_file, }) } } @@ -156,7 +171,7 @@ struct BenchSubprocess { /// The benchmark's child process, running under cachegrind process: Child, /// Cachegrind's output file for this benchmark - output_file: PathBuf, + cachegrind_output_file: PathBuf, } impl BenchSubprocess { @@ -173,9 +188,7 @@ impl BenchSubprocess { ); } - let instruction_count = parse_cachegrind_output(&self.output_file)?; - std::fs::remove_file(&self.output_file).ok(); - + let instruction_count = parse_cachegrind_output(&self.cachegrind_output_file)?; Ok(instruction_count) } } @@ -216,3 +229,69 @@ impl Sub for InstructionCounts { } } } + +/// Returns the detailed instruction diff between the baseline and the candidate +pub fn diff(baseline: &Path, candidate: &Path, scenario: &str) -> anyhow::Result { + // The latest version of valgrind has deprecated cg_diff, which has been superseded by + // cg_annotate. Many systems are running older versions, though, so we are sticking with cg_diff + // for the time being. + + let tmp_path = Path::new("target/ci-bench-tmp"); + let tmp = File::create(tmp_path).context("cannot create temp file for cg_diff")?; + + // cg_diff generates a diff between two cachegrind output files in a custom format that is not + // user-friendly + let cg_diff = Command::new("cg_diff") + .arg( + baseline + .join(CACHEGRIND_OUTPUT_SUBDIR) + .join(scenario), + ) + .arg( + candidate + .join(CACHEGRIND_OUTPUT_SUBDIR) + .join(scenario), + ) + .stdout(Stdio::from(tmp)) + .spawn() + .context("cannot spawn cg_diff subprocess")? + .wait() + .context("error waiting for cg_diff to finish")?; + + if !cg_diff.success() { + anyhow::bail!( + "cg_diff finished with an error (code = {:?})", + cg_diff.code() + ) + } + + // cg_annotate transforms the output of cg_diff into something a user can understand + let cg_annotate = Command::new("cg_annotate") + .arg(tmp_path) + .arg("--auto=no") + .output() + .context("error waiting for cg_annotate to finish")?; + + if !cg_annotate.status.success() { + anyhow::bail!( + "cg_annotate finished with an error (code = {:?})", + cg_annotate.status.code() + ) + } + + let annotated = + String::from_utf8(cg_annotate.stdout).context("cg_annotate produced invalid UTF8")?; + + // Discard lines before the first `Ir` header + let mut diff = String::new(); + for line in annotated + .trim() + .lines() + .skip_while(|l| l.trim() != "Ir") + { + diff.push_str(line); + diff.push('\n'); + } + + Ok(diff) +} diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 066b7187f8..5b0e8dad2a 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -56,6 +56,9 @@ const RESUMED_HANDSHAKE_RUNS: usize = 30; /// The threshold at which instruction count changes are considered relevant const CHANGE_THRESHOLD: f64 = 0.002; // 0.2% +/// The name of the file where the instruction counts are stored after a `run-all` run +const ICOUNTS_FILENAME: &str = "icounts.csv"; + #[derive(Parser)] #[command(about)] pub struct Cli { @@ -66,15 +69,18 @@ pub struct Cli { #[derive(Subcommand)] pub enum Command { /// Run all benchmarks and prints the measured CPU instruction counts in CSV format - RunAll, + RunAll { + #[arg(short, long)] + output_dir: Option, + }, /// Run a single benchmark at the provided index (used by the bench runner to start each benchmark in its own process) RunSingle { index: u32, side: Side }, /// Compare the results from two previous benchmark runs and print a user-friendly markdown overview Compare { - /// Path to a CSV file obtained from a previous `run-all` execution - baseline_input: PathBuf, - /// Path to a CSV file obtained from a previous `run-all` execution - candidate_input: PathBuf, + /// Path to the directory with the results of a previous `run-all` execution + baseline_dir: PathBuf, + /// Path to the directory with the results of a previous `run-all` execution + candidate_dir: PathBuf, }, } @@ -99,13 +105,16 @@ fn main() -> anyhow::Result<()> { let cli = Cli::parse(); match cli.command { - Command::RunAll => { + Command::RunAll { output_dir } => { let executable = std::env::args().next().unwrap(); - let results = run_all(executable, &benchmarks)?; + let output_dir = output_dir.unwrap_or("target/ci-bench".into()); + let results = run_all(executable, output_dir.clone(), &benchmarks)?; // Output results in CSV (note: not using a library here to avoid extra dependencies) + let mut csv_file = File::create(output_dir.join(ICOUNTS_FILENAME)) + .context("cannot create output csv file")?; for (name, instr_count) in results { - println!("{name},{instr_count}"); + writeln!(csv_file, "{name},{instr_count}")?; } } Command::RunSingle { index, side } => { @@ -167,12 +176,12 @@ fn main() -> anyhow::Result<()> { mem::forget(stdout); } Command::Compare { - baseline_input, - candidate_input, + baseline_dir, + candidate_dir, } => { - let baseline = read_results(baseline_input.as_ref())?; - let candidate = read_results(candidate_input.as_ref())?; - let result = compare_results(&baseline, &candidate); + let baseline = read_results(&baseline_dir.join(ICOUNTS_FILENAME))?; + let candidate = read_results(&candidate_dir.join(ICOUNTS_FILENAME))?; + let result = compare_results(&baseline_dir, &candidate_dir, &baseline, &candidate)?; print_report(&result); if !result.noteworthy.is_empty() { @@ -275,9 +284,13 @@ fn add_benchmark_group(benchmarks: &mut Vec, params: BenchmarkParams) } /// Run all the provided benches under cachegrind to retrieve their instruction count -pub fn run_all(executable: String, benches: &[Benchmark]) -> anyhow::Result> { +pub fn run_all( + executable: String, + output_dir: PathBuf, + benches: &[Benchmark], +) -> anyhow::Result> { // Run the benchmarks in parallel - let cachegrind = CachegrindRunner::new(executable)?; + let cachegrind = CachegrindRunner::new(executable, output_dir)?; let results: Vec<_> = benches .par_iter() .enumerate() @@ -497,8 +510,10 @@ fn run_bench(mut stepper: T, kind: BenchmarkKind) -> anyhow::Re /// The results of a comparison between two `run-all` executions struct CompareResult { - /// Results that probably indicate a real change in performance and should be highlighted - noteworthy: Vec, + /// Results that probably indicate a real change in performance and should be highlighted. + /// + /// The string is a detailed diff between the instruction counts obtained from cachegrind. + noteworthy: Vec<(Diff, String)>, /// Results within the noise threshold negligible: Vec, /// Benchmark scenarios present in the candidate but missing in the baseline @@ -517,7 +532,10 @@ struct Diff { /// Reads the (benchmark, instruction count) pairs from previous CSV output fn read_results(path: &Path) -> anyhow::Result> { - let file = fs::File::open(path).context("CSV file for comparison not found")?; + let file = File::open(path).context(format!( + "CSV file for comparison not found: {}", + path.display() + ))?; let mut measurements = HashMap::new(); for line in BufReader::new(file).lines() { @@ -543,9 +561,11 @@ fn read_results(path: &Path) -> anyhow::Result> { /// Returns an internal representation of the comparison between the baseline and the candidate /// measurements fn compare_results( + baseline_dir: &Path, + candidate_dir: &Path, baseline: &HashMap, candidate: &HashMap, -) -> CompareResult { +) -> anyhow::Result { let mut diffs = Vec::new(); let mut missing = Vec::new(); for (scenario, &instr_count) in candidate { @@ -573,11 +593,18 @@ fn compare_results( }); let (noteworthy, negligible) = split_on_threshold(&diffs); - CompareResult { - noteworthy, + + let mut noteworthy_with_details = Vec::new(); + for diff in noteworthy { + let detailed_diff = cachegrind::diff(baseline_dir, candidate_dir, &diff.scenario)?; + noteworthy_with_details.push((diff, detailed_diff)); + } + + Ok(CompareResult { + noteworthy: noteworthy_with_details, negligible, missing_in_baseline: missing, - } + }) } /// Prints a report of the comparison to stdout, using GitHub-flavored markdown @@ -594,23 +621,38 @@ fn print_report(result: &CompareResult) { } } - println!("### Noteworthy instruction count differences"); + println!("## Noteworthy instruction count differences"); if result.noteworthy.is_empty() { println!( "_There are no noteworthy instruction count differences (i.e. above {}%)_", CHANGE_THRESHOLD * 100.0 ); } else { - table(&result.noteworthy, true); + table( + result + .noteworthy + .iter() + .map(|(diff, _)| diff), + true, + ); + println!("
"); + println!("Details per scenario\n"); + for (diff, detailed_diff) in &result.noteworthy { + println!("#### {}", diff.scenario); + println!("```"); + println!("{detailed_diff}"); + println!("```"); + } + println!("
\n") } - println!("### Other instruction count differences"); + println!("## Other instruction count differences"); if result.negligible.is_empty() { println!("_There are no other instruction count differences_"); } else { println!("
"); println!("Click to expand\n"); - table(&result.negligible, false); + table(result.negligible.iter(), false); println!("
\n") } } @@ -633,7 +675,7 @@ fn split_on_threshold(diffs: &[Diff]) -> (Vec, Vec) { } /// Renders the diffs as a markdown table -fn table(diffs: &[Diff], emoji_feedback: bool) { +fn table<'a>(diffs: impl Iterator, emoji_feedback: bool) { println!("| Scenario | Baseline | Candidate | Diff |"); println!("| --- | ---: | ---: | ---: |"); for diff in diffs { From 5b98394a611b1d6bc1f92167306a6fc097a210e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Wed, 6 Sep 2023 10:14:44 +0200 Subject: [PATCH 0134/1145] Fix: create cg_diff tmp file at the cwd --- ci-bench/src/cachegrind.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ci-bench/src/cachegrind.rs b/ci-bench/src/cachegrind.rs index 064aeeb1eb..22adef3a76 100644 --- a/ci-bench/src/cachegrind.rs +++ b/ci-bench/src/cachegrind.rs @@ -1,4 +1,4 @@ -use std::fs::File; +use std::fs::{self, File}; use std::io::{BufRead, BufReader}; use std::ops::Sub; use std::path::{Path, PathBuf}; @@ -236,7 +236,7 @@ pub fn diff(baseline: &Path, candidate: &Path, scenario: &str) -> anyhow::Result // cg_annotate. Many systems are running older versions, though, so we are sticking with cg_diff // for the time being. - let tmp_path = Path::new("target/ci-bench-tmp"); + let tmp_path = Path::new("ci-bench-tmp"); let tmp = File::create(tmp_path).context("cannot create temp file for cg_diff")?; // cg_diff generates a diff between two cachegrind output files in a custom format that is not @@ -293,5 +293,7 @@ pub fn diff(baseline: &Path, candidate: &Path, scenario: &str) -> anyhow::Result diff.push('\n'); } + fs::remove_file(tmp_path).ok(); + Ok(diff) } From 490108e6c5c2e290bb731f2810d2188c62f8383f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Wed, 6 Sep 2023 10:33:34 +0200 Subject: [PATCH 0135/1145] Show valgrind version in CI job --- .github/workflows/icount-bench.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/icount-bench.yml b/.github/workflows/icount-bench.yml index 34e4bee2e3..a52a74f1a3 100644 --- a/.github/workflows/icount-bench.yml +++ b/.github/workflows/icount-bench.yml @@ -7,7 +7,9 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Install valgrind - run: sudo apt install -y valgrind + run: | + sudo apt install -y valgrind + valgrind --version - name: Install stable toolchain uses: dtolnay/rust-toolchain@stable From e36559c193125924a368794c05aa39fd4bf9079d Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 6 Sep 2023 16:31:48 +0200 Subject: [PATCH 0136/1145] Bump version to 0.22.0-alpha.1 --- rustls/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 0953e24fcf..47ce24b8c1 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.22.0-alpha.0" +version = "0.22.0-alpha.1" edition = "2021" rust-version = "1.60" license = "Apache-2.0 OR ISC OR MIT" From 3087811ec78fc9d8d548c27542c6147eb398edc4 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Fri, 1 Sep 2023 08:55:04 -0700 Subject: [PATCH 0137/1145] doc: link ResolvesServerCert to Acceptor Previously, looking at ResolvesServerCert, it was not clear that there was an async version available. --- rustls/src/server/server_conn.rs | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index b3f8d87d35..98f31fd814 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -99,6 +99,13 @@ pub trait ProducesTickets: Send + Sync { /// How to choose a certificate chain and signing key for use /// in server authentication. +/// +/// This is suitable when selecting a certificate does not require +/// I/O or when the application is using blocking I/O anyhow. +/// +/// For applications that use async I/O and need to do I/O to choose +/// a certificate (for instance, fetching a certificate from a data store), +/// the [`Acceptor`] interface is more suitable. pub trait ResolvesServerCert: Send + Sync { /// Choose a certificate chain and matching key given simplified /// ClientHello information. @@ -234,7 +241,9 @@ pub struct ServerConfig { /// How to produce tickets. pub ticketer: Arc, - /// How to choose a server cert and key. + /// How to choose a server cert and key. This is usually set by + /// [ConfigBuilder::with_single_cert] or [ConfigBuilder::with_cert_resolver]. + /// For async applications, see also [Acceptor]. pub cert_resolver: Arc, /// Protocol names we support, most preferred first. From c21eca793b90c74b8c6710416a66a56266abae6f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 7 Sep 2023 14:14:41 +0100 Subject: [PATCH 0138/1145] Take latest webpki, pki-types, pemfile, webpki-roots --- ci-bench/Cargo.toml | 4 ++-- examples/Cargo.toml | 6 +++--- rustls/Cargo.toml | 8 ++++---- rustls/src/webpki/verify.rs | 8 ++++---- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index cccd61a55c..01504b5401 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -12,7 +12,7 @@ byteorder = "1.4.3" clap = { version = "4.3.21", features = ["derive"] } fxhash = "0.2.1" itertools = "0.11.0" -pki-types = { package = "rustls-pki-types", version = "0.1" } +pki-types = { package = "rustls-pki-types", version = "0.2" } rayon = "1.7.0" rustls = { path = "../rustls" } -rustls-pemfile = "2.0.0-alpha.0" +rustls-pemfile = "2.0.0-alpha.1" diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 505b948c83..13d860fa73 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -16,13 +16,13 @@ docopt = "~1.1" env_logger = "0.10" log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } -pki-types = { package = "rustls-pki-types", version = "0.1" } +pki-types = { package = "rustls-pki-types", version = "0.2" } rcgen = { version = "0.11.1", features = ["pem"], default-features = false } rustls = { path = "../rustls", features = [ "logging" ]} -rustls-pemfile = "=2.0.0-alpha.0" +rustls-pemfile = "=2.0.0-alpha.1" serde = "1.0" serde_derive = "1.0" -webpki-roots = "=0.26.0-alpha.0" +webpki-roots = "=0.26.0-alpha.1" [dev-dependencies] regex = "1.0" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 47ce24b8c1..cf76a41632 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -19,8 +19,8 @@ rustversion = { version = "1.0.6", optional = true } log = { version = "0.4.4", optional = true } ring = "0.16.20" subtle = "2.5.0" -webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.1", features = ["alloc", "std", "ring"] } -pki-types = { package = "rustls-pki-types", version = "0.1.1" } +webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.2", features = ["alloc", "std", "ring"] } +pki-types = { package = "rustls-pki-types", version = "0.2.0" } [features] default = ["logging", "tls12"] @@ -35,8 +35,8 @@ read_buf = ["rustversion"] bencher = "0.1.5" env_logger = "0.10" log = "0.4.4" -webpki-roots = "=0.26.0-alpha.0" -rustls-pemfile = "=2.0.0-alpha.0" +webpki-roots = "=0.26.0-alpha.1" +rustls-pemfile = "=2.0.0-alpha.1" base64 = "0.21" [[example]] diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index b7a3e544bd..a524deda67 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -1,7 +1,7 @@ use alloc::sync::Arc; use std::time::SystemTime; -use pki_types::{CertificateDer, TrustAnchor}; +use pki_types::{CertificateDer, SignatureVerificationAlgorithm, TrustAnchor}; use super::anchors::RootCertStore; use super::client_verifier_builder::ClientCertVerifierBuilder; @@ -17,7 +17,7 @@ use crate::verify::{ NoClientAuth, ServerCertVerified, ServerCertVerifier, }; -type SignatureAlgorithms = &'static [&'static dyn webpki::SignatureVerificationAlgorithm]; +type SignatureAlgorithms = &'static [&'static dyn SignatureVerificationAlgorithm]; /// Which signature verification mechanisms we support. No particular /// order. @@ -470,7 +470,7 @@ fn verify_sig_using_any_alg( message: &[u8], sig: &[u8], ) -> Result<(), webpki::Error> { - // TLS doesn't itself give us enough info to map to a single webpki::SignatureVerificationAlgorithm. + // TLS doesn't itself give us enough info to map to a single pki_types::SignatureVerificationAlgorithm. // Therefore, convert_algs maps to several and we try them all. for alg in algs { match cert.verify_signature(*alg, message, sig) { @@ -497,7 +497,7 @@ fn verify_signed_struct( fn convert_alg_tls13( scheme: SignatureScheme, -) -> Result<&'static dyn webpki::SignatureVerificationAlgorithm, Error> { +) -> Result<&'static dyn SignatureVerificationAlgorithm, Error> { use crate::enums::SignatureScheme::*; match scheme { From 384dd1c3fa9b725fdfb55bd168951e31900f7144 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 8 Sep 2023 10:27:26 +0200 Subject: [PATCH 0139/1145] Bump version to alpha.2 --- rustls/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index cf76a41632..5305f42ae6 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.22.0-alpha.1" +version = "0.22.0-alpha.2" edition = "2021" rust-version = "1.60" license = "Apache-2.0 OR ISC OR MIT" From 1770e1e455b6c725441cd7fbf521086e3f95ff33 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 04:19:06 +0000 Subject: [PATCH 0140/1145] build(deps): bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 28 ++++++++++++++-------------- .github/workflows/daily-tests.yml | 6 +++--- .github/workflows/icount-bench.yml | 4 ++-- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 99fbb2dcfa..9f38f68fb4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -30,7 +30,7 @@ jobs: rust: stable steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -67,7 +67,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -96,7 +96,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -119,7 +119,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -141,7 +141,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -161,7 +161,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -185,7 +185,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -212,7 +212,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -227,7 +227,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -242,7 +242,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -254,7 +254,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false - name: Install rust toolchain @@ -273,7 +273,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false - name: Install rust toolchain @@ -290,7 +290,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false - name: Install rust toolchain diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 5f310df0ba..abf23c508b 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -30,7 +30,7 @@ jobs: rust: stable steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -66,7 +66,7 @@ jobs: rust: stable steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false @@ -94,7 +94,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false diff --git a/.github/workflows/icount-bench.yml b/.github/workflows/icount-bench.yml index a52a74f1a3..10aad417a2 100644 --- a/.github/workflows/icount-bench.yml +++ b/.github/workflows/icount-bench.yml @@ -15,7 +15,7 @@ jobs: uses: dtolnay/rust-toolchain@stable - name: Checkout ${{ github.base_ref }} - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.base_ref }} persist-credentials: false @@ -24,7 +24,7 @@ jobs: run: cd ci-bench && cargo run --release -- run-all --output-dir ${{ runner.temp }}/base - name: Checkout PR - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: clean: false persist-credentials: false From 237ba876bc5d56119772d703f9bc00a8f5b7a6ea Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 8 Sep 2023 12:42:58 +0100 Subject: [PATCH 0141/1145] ci-bench: reduce noise in cg_diff output The diffs produced tend to be noisy here because two separate compilations have different per-type and per-compilation uniqueness. eg: ``` 29,792 (124.8%) ???:_ZN5alloc7raw_vec11finish_grow17h463b2c6f0ba30854E.llvm.2614985587368234107 -29,792 (-124.8%) ???:_ZN5alloc7raw_vec11finish_grow17h463b2c6f0ba30854E.llvm.3375118279659775674 ``` This diff line is here because some per-compilation unique value (after the '.llvm.') changed, not because the instruction count changed. We can chop these out by giving a regular expression to cg_diff. --- ci-bench/src/cachegrind.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ci-bench/src/cachegrind.rs b/ci-bench/src/cachegrind.rs index 22adef3a76..537aafd5ec 100644 --- a/ci-bench/src/cachegrind.rs +++ b/ci-bench/src/cachegrind.rs @@ -242,6 +242,10 @@ pub fn diff(baseline: &Path, candidate: &Path, scenario: &str) -> anyhow::Result // cg_diff generates a diff between two cachegrind output files in a custom format that is not // user-friendly let cg_diff = Command::new("cg_diff") + // remove per-compilation uniqueness in symbols, eg + // _ZN9hashbrown3raw21RawTable$LT$T$C$A$GT$14reserve_rehash17hc60392f3f3eac4b2E.llvm.9716880419886440089 -> + // _ZN9hashbrown3raw21RawTable$LT$T$C$A$GT$14reserve_rehashE + .arg("--mod-funcname=s/17h[0-9a-f]+E\\.llvm\\.\\d+/E/") .arg( baseline .join(CACHEGRIND_OUTPUT_SUBDIR) From b08776c84d33a522e9f5c70a04ce01f5d5425669 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 11 Sep 2023 12:47:56 +0200 Subject: [PATCH 0142/1145] Add StreamOwned::into_parts() API --- rustls/src/stream.rs | 5 +++++ rustls/tests/api.rs | 2 ++ 2 files changed, 7 insertions(+) diff --git a/rustls/src/stream.rs b/rustls/src/stream.rs index f850164239..5eb2629b0b 100644 --- a/rustls/src/stream.rs +++ b/rustls/src/stream.rs @@ -167,6 +167,11 @@ where pub fn get_mut(&mut self) -> &mut T { &mut self.sock } + + /// Extract the `conn` and `sock` parts from the `StreamOwned` + pub fn into_parts(self) -> (C, T) { + (self.conn, self.sock) + } } impl<'a, C, T, S> StreamOwned diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index aada434e19..e8d29e4c97 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1999,6 +1999,8 @@ fn client_streamowned_handshake_error() { format!("{:?}", rc), "Err(Custom { kind: InvalidData, error: AlertReceived(HandshakeFailure) })" ); + + let (_, _) = client_stream.into_parts(); } #[test] From b253c1034848820230f9e667f3dd1504f4ddf90b Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 11 Sep 2023 13:31:21 +0200 Subject: [PATCH 0143/1145] Add abstraction for MockClientVerifier construction --- rustls/tests/client_cert_verifier.rs | 64 +++++++++------------------- 1 file changed, 20 insertions(+), 44 deletions(-) diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index ac3ca57f31..d35fbea75e 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -52,17 +52,7 @@ fn server_config_with_verifier( // Happy path, we resolve to a root, it is verified OK, should be able to connect fn client_verifier_works() { for kt in ALL_KEY_TYPES.iter() { - let client_verifier = MockClientVerifier { - verified: ver_ok, - subjects: get_client_root_store(*kt) - .roots - .iter() - .map(|r| r.subject().clone()) - .collect(), - mandatory: true, - offered_schemes: None, - }; - + let client_verifier = MockClientVerifier::new(ver_ok, *kt); let server_config = server_config_with_verifier(*kt, client_verifier); let server_config = Arc::new(server_config); @@ -80,17 +70,8 @@ fn client_verifier_works() { #[test] fn client_verifier_no_schemes() { for kt in ALL_KEY_TYPES.iter() { - let client_verifier = MockClientVerifier { - verified: ver_ok, - subjects: get_client_root_store(*kt) - .roots - .iter() - .map(|r| r.subject().clone()) - .collect(), - mandatory: true, - offered_schemes: Some(vec![]), - }; - + let mut client_verifier = MockClientVerifier::new(ver_ok, *kt); + client_verifier.offered_schemes = Some(vec![]); let server_config = server_config_with_verifier(*kt, client_verifier); let server_config = Arc::new(server_config); @@ -113,17 +94,7 @@ fn client_verifier_no_schemes() { #[test] fn client_verifier_no_auth_yes_root() { for kt in ALL_KEY_TYPES.iter() { - let client_verifier = MockClientVerifier { - verified: ver_unreachable, - subjects: get_client_root_store(*kt) - .roots - .iter() - .map(|r| r.subject().clone()) - .collect(), - mandatory: true, - offered_schemes: None, - }; - + let client_verifier = MockClientVerifier::new(ver_unreachable, *kt); let server_config = server_config_with_verifier(*kt, client_verifier); let server_config = Arc::new(server_config); @@ -150,17 +121,7 @@ fn client_verifier_no_auth_yes_root() { // Triple checks we propagate the rustls::Error through fn client_verifier_fails_properly() { for kt in ALL_KEY_TYPES.iter() { - let client_verifier = MockClientVerifier { - verified: ver_err, - subjects: get_client_root_store(*kt) - .roots - .iter() - .map(|r| r.subject().clone()) - .collect(), - mandatory: true, - offered_schemes: None, - }; - + let client_verifier = MockClientVerifier::new(ver_err, *kt); let server_config = server_config_with_verifier(*kt, client_verifier); let server_config = Arc::new(server_config); @@ -185,6 +146,21 @@ pub struct MockClientVerifier { pub offered_schemes: Option>, } +impl MockClientVerifier { + pub fn new(verified: fn() -> Result, kt: KeyType) -> Self { + Self { + verified, + subjects: get_client_root_store(kt) + .roots + .iter() + .map(|ta| ta.subject().clone()) + .collect(), + mandatory: true, + offered_schemes: None, + } + } +} + impl ClientCertVerifier for MockClientVerifier { fn client_auth_mandatory(&self) -> bool { self.mandatory From f0d587e705bfd582b9399357879d1b3108159e29 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 11 Sep 2023 13:20:32 +0200 Subject: [PATCH 0144/1145] Move DistinguishedName wrapping into DistinguishedName method --- rustls/src/msgs/handshake.rs | 18 +++++++++++++++++- rustls/src/msgs/handshake_test.rs | 8 ++++++++ rustls/src/webpki/anchors.rs | 6 +----- 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 849ed1226b..1c7b7de004 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -11,8 +11,8 @@ use crate::msgs::enums::{ CertificateStatusType, ClientCertificateType, Compression, ECCurveType, ECPointFormat, ExtensionType, KeyUpdateRequest, NamedGroup, PSKKeyExchangeMode, ServerNameType, }; -use crate::rand; use crate::verify::DigitallySignedStruct; +use crate::{rand, x509}; use pki_types::CertificateDer; @@ -1687,6 +1687,22 @@ wrapped_payload!( PayloadU16, ); +impl DistinguishedName { + /// Create a [`DistinguishedName`] after prepending its outer SEQUENCE encoding. + /// + /// This can be decoded using [x509-parser's FromDer trait](https://docs.rs/x509-parser/latest/x509_parser/prelude/trait.FromDer.html). + /// + /// ```ignore + /// use x509_parser::prelude::FromDer; + /// println!("{}", x509_parser::x509::X509Name::from_der(dn.as_ref())?.1); + /// ``` + pub fn in_sequence(bytes: &[u8]) -> Self { + let mut wrapped = bytes.to_owned(); + x509::wrap_in_sequence(&mut wrapped); + Self(PayloadU16::new(wrapped)) + } +} + impl TlsListElement for DistinguishedName { const SIZE_LEN: ListLength = ListLength::U16; } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 9a98b0eb15..6d97b83312 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -1196,3 +1196,11 @@ fn can_decode_server_hello_from_api_devicecheck_apple_com() { let hm = HandshakeMessagePayload::read(&mut r).unwrap(); println!("msg: {:?}", hm); } + +#[test] +fn wrapped_dn_encoding() { + let subject = b"subject"; + let dn = DistinguishedName::in_sequence(&subject[..]); + let expected_prefix = vec![ring::io::der::Tag::Sequence as u8, subject.len() as u8]; + assert_eq!(dn.as_ref(), [expected_prefix, subject.to_vec()].concat()); +} diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index 6309d9ce2b..eae77de259 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -4,7 +4,6 @@ use webpki::extract_trust_anchor; use super::pki_error; #[cfg(feature = "logging")] use crate::log::{debug, trace}; -use crate::x509; use crate::DistinguishedName; use crate::Error; @@ -36,11 +35,8 @@ impl TrustAnchorWithDn { impl From> for TrustAnchorWithDn { fn from(inner: TrustAnchor<'static>) -> Self { - let mut subject = inner.subject.as_ref().to_owned(); - x509::wrap_in_sequence(&mut subject); - Self { - subject_dn: DistinguishedName::from(subject), + subject_dn: DistinguishedName::in_sequence(inner.subject.as_ref()), inner, } } From eef89ca9ce4281f8e58f0329ec6c5d0910bbcc50 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 11 Sep 2023 13:23:36 +0200 Subject: [PATCH 0145/1145] Remove subject() accessor from TrustAnchorWithDn type --- rustls/src/webpki/anchors.rs | 43 ++-------------------------- rustls/src/webpki/verify.rs | 2 +- rustls/tests/client_cert_verifier.rs | 2 +- 3 files changed, 4 insertions(+), 43 deletions(-) diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index eae77de259..37fd8970db 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -4,41 +4,24 @@ use webpki::extract_trust_anchor; use super::pki_error; #[cfg(feature = "logging")] use crate::log::{debug, trace}; -use crate::DistinguishedName; use crate::Error; /// A trust anchor, commonly known as a "Root Certificate." #[derive(Debug, Clone)] pub struct TrustAnchorWithDn { - subject_dn: DistinguishedName, inner: TrustAnchor<'static>, } impl TrustAnchorWithDn { - /// Return the subject field including its outer SEQUENCE encoding. - /// - /// This can be decoded using [x509-parser's FromDer trait](https://docs.rs/x509-parser/latest/x509_parser/prelude/trait.FromDer.html). - /// - /// ```ignore - /// use x509_parser::prelude::FromDer; - /// println!("{}", x509_parser::x509::X509Name::from_der(anchor.subject())?.1); - /// ``` - pub fn subject(&self) -> &DistinguishedName { - &self.subject_dn - } - /// Get a `TrustAnchor` by borrowing the owned elements. - pub(crate) fn inner(&self) -> &TrustAnchor<'static> { + pub fn inner(&self) -> &TrustAnchor<'static> { &self.inner } } impl From> for TrustAnchorWithDn { fn from(inner: TrustAnchor<'static>) -> Self { - Self { - subject_dn: DistinguishedName::in_sequence(inner.subject.as_ref()), - inner, - } + Self { inner } } } @@ -128,25 +111,3 @@ impl RootCertStore { (valid_count, invalid_count) } } - -#[cfg(test)] -mod tests { - use super::TrustAnchorWithDn; - use pki_types::TrustAnchor; - - #[test] - fn ownedtrustanchor_subject_is_correctly_encoding_dn() { - let ta = TrustAnchor { - subject: b"subject"[..].into(), - subject_public_key_info: [][..].into(), - name_constraints: None, - }; - - let with_dn = TrustAnchorWithDn::from(ta.clone()); - let expected_prefix = vec![ring::io::der::Tag::Sequence as u8, ta.subject.len() as u8]; - assert_eq!( - with_dn.subject().as_ref(), - [expected_prefix, ta.subject.to_vec()].concat() - ); - } -} diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index a524deda67..811c49f36f 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -311,7 +311,7 @@ impl WebPkiClientVerifier { subjects: roots .roots .iter() - .map(|r| r.subject().clone()) + .map(|r| DistinguishedName::in_sequence(r.inner().subject.as_ref())) .collect(), crls, roots, diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index d35fbea75e..a185b92a3e 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -153,7 +153,7 @@ impl MockClientVerifier { subjects: get_client_root_store(kt) .roots .iter() - .map(|ta| ta.subject().clone()) + .map(|ta| DistinguishedName::in_sequence(ta.inner().subject.as_ref())) .collect(), mandatory: true, offered_schemes: None, From e2e7a7c09162d063a6477a4457802a5c07dd820a Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 11 Sep 2023 13:27:16 +0200 Subject: [PATCH 0146/1145] Remove TrustAnchorWithDn type --- rustls/src/lib.rs | 2 +- rustls/src/webpki/anchors.rs | 31 +++++--------------------- rustls/src/webpki/mod.rs | 2 +- rustls/src/webpki/verify.rs | 33 +++++----------------------- rustls/tests/client_cert_verifier.rs | 2 +- 5 files changed, 13 insertions(+), 57 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index b28a6c3055..9839b931e9 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -393,7 +393,7 @@ pub use crate::tls12::Tls12CipherSuite; pub use crate::tls13::Tls13CipherSuite; pub use crate::verify::DigitallySignedStruct; pub use crate::versions::{SupportedProtocolVersion, ALL_VERSIONS, DEFAULT_VERSIONS}; -pub use crate::webpki::{RootCertStore, TrustAnchorWithDn}; +pub use crate::webpki::RootCertStore; /// Items for use in a client. pub mod client { diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index 37fd8970db..1e2a182407 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -6,31 +6,12 @@ use super::pki_error; use crate::log::{debug, trace}; use crate::Error; -/// A trust anchor, commonly known as a "Root Certificate." -#[derive(Debug, Clone)] -pub struct TrustAnchorWithDn { - inner: TrustAnchor<'static>, -} - -impl TrustAnchorWithDn { - /// Get a `TrustAnchor` by borrowing the owned elements. - pub fn inner(&self) -> &TrustAnchor<'static> { - &self.inner - } -} - -impl From> for TrustAnchorWithDn { - fn from(inner: TrustAnchor<'static>) -> Self { - Self { inner } - } -} - /// A container for root certificates able to provide a root-of-trust /// for connection authentication. #[derive(Debug, Clone)] pub struct RootCertStore { /// The list of roots. - pub roots: Vec, + pub roots: Vec>, } impl RootCertStore { @@ -59,18 +40,17 @@ impl RootCertStore { /// in order to add as many valid roots as possible and to understand how many certificates /// have been diagnosed as malformed. pub fn add(&mut self, der: CertificateDer<'_>) -> Result<(), Error> { - self.roots.push(TrustAnchorWithDn::from( + self.roots.push( extract_trust_anchor(&der) .map_err(pki_error)? .to_owned(), - )); + ); Ok(()) } /// Adds all the given TrustAnchors `anchors`. This does not fail. pub fn add_trust_anchors(&mut self, trust_anchors: impl Iterator>) { - self.roots - .extend(trust_anchors.map(|ta| ta.into())); + self.roots.extend(trust_anchors); } /// Parse the given DER-encoded certificates and add all that can be parsed @@ -91,8 +71,7 @@ impl RootCertStore { #[cfg_attr(not(feature = "logging"), allow(unused_variables))] match extract_trust_anchor(&der_cert) { Ok(anchor) => { - self.roots - .push(TrustAnchorWithDn::from(anchor.to_owned())); + self.roots.push(anchor.to_owned()); valid_count += 1; } Err(err) => { diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 2e99193a46..5e7b2be3fb 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -6,7 +6,7 @@ mod anchors; mod client_verifier_builder; mod verify; -pub use anchors::{RootCertStore, TrustAnchorWithDn}; +pub use anchors::RootCertStore; pub use client_verifier_builder::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 811c49f36f..709638bde6 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -1,7 +1,7 @@ use alloc::sync::Arc; use std::time::SystemTime; -use pki_types::{CertificateDer, SignatureVerificationAlgorithm, TrustAnchor}; +use pki_types::{CertificateDer, SignatureVerificationAlgorithm}; use super::anchors::RootCertStore; use super::client_verifier_builder::ClientCertVerifierBuilder; @@ -37,7 +37,7 @@ static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[ ]; /// Verify that the end-entity certificate `end_entity` is a valid server cert -/// and chains to at least one of the [TrustAnchor]s in the `roots` [RootCertStore]. +/// and chains to at least one of the trust anchors in the `roots` [RootCertStore]. /// /// `intermediates` contains all certificates other than `end_entity` that /// were sent as part of the server's `Certificate` message. It is in the @@ -50,13 +50,12 @@ pub fn verify_server_cert_signed_by_trust_anchor( intermediates: &[CertificateDer<'_>], now: SystemTime, ) -> Result<(), Error> { - let trust_roots = trust_roots(roots); let webpki_now = webpki::Time::try_from(now).map_err(|_| Error::FailedToGetCurrentTime)?; cert.0 .verify_for_usage( SUPPORTED_SIG_ALGS, - &trust_roots, + &roots.roots, intermediates, webpki_now, webpki::KeyUsage::server_auth(), @@ -195,27 +194,6 @@ impl WebPkiServerVerifier { } } -fn trust_roots(roots: &RootCertStore) -> Vec> { - roots - .roots - .iter() - .map(|with_dn| { - let inner = with_dn.inner(); - TrustAnchor { - subject: inner.subject.as_ref().into(), - subject_public_key_info: inner - .subject_public_key_info - .as_ref() - .into(), - name_constraints: inner - .name_constraints - .as_ref() - .map(|nc| nc.as_ref().into()), - } - }) - .collect() -} - /// A client certificate verifier that uses the `webpki` crate[^1] to perform client certificate /// validation. It must be created via the [WebPkiClientVerifier::builder()] function. /// @@ -311,7 +289,7 @@ impl WebPkiClientVerifier { subjects: roots .roots .iter() - .map(|r| DistinguishedName::in_sequence(r.inner().subject.as_ref())) + .map(|ta| DistinguishedName::in_sequence(ta.subject.as_ref())) .collect(), crls, roots, @@ -343,7 +321,6 @@ impl ClientCertVerifier for WebPkiClientVerifier { now: SystemTime, ) -> Result { let cert = ParsedCertificate::try_from(end_entity)?; - let trust_roots = trust_roots(&self.roots); let now = webpki::Time::try_from(now).map_err(|_| Error::FailedToGetCurrentTime)?; #[allow(trivial_casts)] // Cast to &dyn trait is required. @@ -367,7 +344,7 @@ impl ClientCertVerifier for WebPkiClientVerifier { cert.0 .verify_for_usage( SUPPORTED_SIG_ALGS, - &trust_roots, + &self.roots.roots, intermediates, now, webpki::KeyUsage::client_auth(), diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index a185b92a3e..0d12a3ce74 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -153,7 +153,7 @@ impl MockClientVerifier { subjects: get_client_root_store(kt) .roots .iter() - .map(|ta| DistinguishedName::in_sequence(ta.inner().subject.as_ref())) + .map(|ta| DistinguishedName::in_sequence(ta.subject.as_ref())) .collect(), mandatory: true, offered_schemes: None, From 53e9e77424588533e6145785ed990ce4f394b9f1 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 11 Sep 2023 13:48:17 +0200 Subject: [PATCH 0147/1145] Implement Extend for RootCertStore instead of using a custom method --- examples/src/bin/limitedclient.rs | 2 +- examples/src/bin/simple_0rtt_client.rs | 2 +- examples/src/bin/simpleclient.rs | 2 +- examples/src/bin/tlsclient-mio.rs | 2 +- rustls/src/lib.rs | 4 ++-- rustls/src/verifybench.rs | 2 +- rustls/src/webpki/anchors.rs | 11 ++++++----- 7 files changed, 13 insertions(+), 12 deletions(-) diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index e42b02c89f..a273ddab7a 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -10,7 +10,7 @@ use rustls::crypto::ring::Ring; fn main() { let mut root_store = rustls::RootCertStore::empty(); - root_store.add_trust_anchors( + root_store.extend( webpki_roots::TLS_SERVER_ROOTS .iter() .cloned(), diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index 9298de3992..581e19df8e 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -59,7 +59,7 @@ fn main() { env_logger::init(); let mut root_store = RootCertStore::empty(); - root_store.add_trust_anchors( + root_store.extend( webpki_roots::TLS_SERVER_ROOTS .iter() .cloned(), diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index 40316e3c36..66b4360423 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -17,7 +17,7 @@ use rustls::RootCertStore; fn main() { let mut root_store = RootCertStore::empty(); - root_store.add_trust_anchors( + root_store.extend( webpki_roots::TLS_SERVER_ROOTS .iter() .cloned(), diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 9bee41b32f..63e6fa63bd 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -383,7 +383,7 @@ fn make_config(args: &Args) -> Arc> { rustls_pemfile::certs(&mut reader).map(|result| result.unwrap()), ); } else { - root_store.add_trust_anchors( + root_store.extend( webpki_roots::TLS_SERVER_ROOTS .iter() .cloned(), diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 9839b931e9..b7ff1d17a7 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -104,7 +104,7 @@ //! //! ```rust,no_run //! let mut root_store = rustls::RootCertStore::empty(); -//! root_store.add_trust_anchors( +//! root_store.extend( //! webpki_roots::TLS_SERVER_ROOTS //! .iter() //! .cloned() @@ -130,7 +130,7 @@ //! # use webpki; //! # use std::sync::Arc; //! # let mut root_store = rustls::RootCertStore::empty(); -//! # root_store.add_trust_anchors( +//! # root_store.extend( //! # webpki_roots::TLS_SERVER_ROOTS //! # .iter() //! # .cloned() diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index c2a566fc1b..d1acfecb43 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -187,7 +187,7 @@ struct Context { impl Context { fn new(name: &'static str, domain: &'static str, certs: &[&'static [u8]]) -> Self { let mut roots = RootCertStore::empty(); - roots.add_trust_anchors( + roots.extend( webpki_roots::TLS_SERVER_ROOTS .iter() .cloned(), diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index 1e2a182407..faf1d6e093 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -48,11 +48,6 @@ impl RootCertStore { Ok(()) } - /// Adds all the given TrustAnchors `anchors`. This does not fail. - pub fn add_trust_anchors(&mut self, trust_anchors: impl Iterator>) { - self.roots.extend(trust_anchors); - } - /// Parse the given DER-encoded certificates and add all that can be parsed /// in a best-effort fashion. /// @@ -90,3 +85,9 @@ impl RootCertStore { (valid_count, invalid_count) } } + +impl Extend> for RootCertStore { + fn extend>>(&mut self, iter: T) { + self.roots.extend(iter); + } +} From b57204daab48e46b216d2505d9007cbdde0a6460 Mon Sep 17 00:00:00 2001 From: tottoto Date: Mon, 11 Sep 2023 05:15:27 +0900 Subject: [PATCH 0148/1145] feat: impl Error for ClientCertVerifierBuilderError --- rustls/src/webpki/client_verifier_builder.rs | 27 +++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/rustls/src/webpki/client_verifier_builder.rs b/rustls/src/webpki/client_verifier_builder.rs index 0b47b41d20..155f4f451d 100644 --- a/rustls/src/webpki/client_verifier_builder.rs +++ b/rustls/src/webpki/client_verifier_builder.rs @@ -1,4 +1,5 @@ -use std::sync::Arc; +use core::fmt; +use std::{error::Error as StdError, sync::Arc}; use pki_types::CertificateRevocationListDer; use webpki::BorrowedCertRevocationList; @@ -97,6 +98,17 @@ impl From for ClientCertVerifierBuilderError { } } +impl fmt::Display for ClientCertVerifierBuilderError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + Self::NoRootAnchors => write!(f, "no root trust anchors were provided"), + Self::InvalidCrl(e) => write!(f, "provided CRL could not be parsed: {:?}", e), + } + } +} + +impl StdError for ClientCertVerifierBuilderError {} + #[cfg(test)] mod tests { use crate::server::ClientCertVerifierBuilderError; @@ -252,4 +264,17 @@ mod tests { Err(ClientCertVerifierBuilderError::NoRootAnchors) )); } + + #[test] + fn smoke() { + let all = vec![ + ClientCertVerifierBuilderError::NoRootAnchors, + ClientCertVerifierBuilderError::InvalidCrl(crate::CertRevocationListError::ParseError), + ]; + + for err in all { + let _ = format!("{:?}", err); + let _ = format!("{}", err); + } + } } From 1b33f8d46ca69571cdc0e6f904593385ffb6bbd6 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 13 Sep 2023 11:18:25 +0200 Subject: [PATCH 0149/1145] Switch to using pki_types::UnixTime --- examples/src/bin/tlsclient-mio.rs | 4 ++-- rustls/Cargo.toml | 4 ++-- rustls/examples/internal/bogo_shim.rs | 8 +++---- rustls/src/client/handy.rs | 5 +++- rustls/src/client/hs.rs | 5 ++-- rustls/src/client/tls12.rs | 16 +++---------- rustls/src/client/tls13.rs | 18 ++++---------- rustls/src/crypto/ring/mod.rs | 24 +++++++++++++------ rustls/src/msgs/persist.rs | 20 +++++++--------- rustls/src/server/tls12.rs | 22 +++++++++-------- rustls/src/server/tls13.rs | 25 +++++++++++--------- rustls/src/ticketer.rs | 34 +++++---------------------- rustls/src/verify.rs | 9 ++++--- rustls/src/verifybench.rs | 8 +++---- rustls/src/webpki/verify.rs | 14 ++++------- rustls/tests/client_cert_verifier.rs | 4 ++-- rustls/tests/server_cert_verifier.rs | 4 ++-- 17 files changed, 97 insertions(+), 127 deletions(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 63e6fa63bd..a62b98212d 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -313,7 +313,7 @@ fn load_private_key(filename: &str) -> PrivateKeyDer<'static> { #[cfg(feature = "dangerous_configuration")] mod danger { - use pki_types::CertificateDer; + use pki_types::{CertificateDer, UnixTime}; use rustls::client::{HandshakeSignatureValid, WebPkiServerVerifier}; use rustls::DigitallySignedStruct; @@ -326,7 +326,7 @@ mod danger { _intermediates: &[CertificateDer<'_>], _server_name: &rustls::ServerName, _ocsp: &[u8], - _now: std::time::SystemTime, + _now: UnixTime, ) -> Result { Ok(rustls::client::ServerCertVerified::assertion()) } diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 5305f42ae6..9a5ff2ca9e 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -19,8 +19,8 @@ rustversion = { version = "1.0.6", optional = true } log = { version = "0.4.4", optional = true } ring = "0.16.20" subtle = "2.5.0" -webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.2", features = ["alloc", "std", "ring"] } -pki-types = { package = "rustls-pki-types", version = "0.2.0" } +webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.3", features = ["alloc", "std", "ring"] } +pki-types = { package = "rustls-pki-types", version = "0.2.0", features = ["std"] } [features] default = ["logging", "tls12"] diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 89511a0c8e..483653c8c6 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -20,11 +20,11 @@ use rustls::{ }; use base64::prelude::{Engine, BASE64_STANDARD}; -use pki_types::{CertificateDer, PrivateKeyDer}; +use pki_types::{CertificateDer, PrivateKeyDer, UnixTime}; use std::io::{self, BufReader, Read, Write}; use std::sync::Arc; -use std::time::{self, SystemTime}; +use std::time; use std::{env, fs, net, process, thread}; static BOGO_NACK: i32 = 89; @@ -209,7 +209,7 @@ impl server::ClientCertVerifier for DummyClientAuth { &self, _end_entity: &CertificateDer<'_>, _intermediates: &[CertificateDer<'_>], - _now: SystemTime, + _now: UnixTime, ) -> Result { Ok(server::ClientCertVerified::assertion()) } @@ -246,7 +246,7 @@ impl client::ServerCertVerifier for DummyServerAuth { _certs: &[CertificateDer<'_>], _hostname: &ServerName, _ocsp: &[u8], - _now: SystemTime, + _now: UnixTime, ) -> Result { Ok(client::ServerCertVerified::assertion()) } diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 131deeb040..39ad6bc230 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -211,13 +211,16 @@ mod test { use crate::msgs::handshake::SessionId; use crate::msgs::persist::Tls13ClientSessionValue; use crate::suites::SupportedCipherSuite; + + use pki_types::UnixTime; + use core::convert::TryInto; #[test] fn test_noclientsessionstorage_does_nothing() { let c = NoClientSessionStorage {}; let name = "example.com".try_into().unwrap(); - let now = crate::ticketer::TimeBase::now().unwrap(); + let now = UnixTime::now(); c.set_kx_hint(&name, NamedGroup::X25519); assert_eq!(None, c.kx_hint(&name)); diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 448b8688a9..44a6e42212 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -21,7 +21,6 @@ use crate::msgs::handshake::{Random, SessionId}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; use crate::rand::GetRandomFailed; -use crate::ticketer::TimeBase; use crate::tls13::key_schedule::KeyScheduleEarly; use crate::SupportedCipherSuite; @@ -32,6 +31,8 @@ use crate::client::client_conn::ClientConnectionData; use crate::client::common::ClientHelloDetails; use crate::client::{tls13, ClientConfig, ServerName}; +use pki_types::UnixTime; + use alloc::sync::Arc; use core::ops::Deref; @@ -64,7 +65,7 @@ fn find_session( None }) .and_then(|resuming| { - let retrieved = persist::Retrieved::new(resuming, TimeBase::now().ok()?); + let retrieved = persist::Retrieved::new(resuming, UnixTime::now()); match retrieved.has_expired() { false => Some(retrieved), true => None, diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index e34847d696..aae0237bb3 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -21,7 +21,6 @@ use crate::sign::Signer; #[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; use crate::suites::SupportedCipherSuite; -use crate::ticketer::TimeBase; use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite}; use crate::verify::{self, DigitallySignedStruct}; @@ -32,6 +31,7 @@ use crate::client::common::ServerCertDetails; use crate::client::{hs, ClientConfig, ServerName}; use crate::rand::GetRandomFailed; +use pki_types::UnixTime; use subtle::ConstantTimeEq; use alloc::sync::Arc; @@ -707,7 +707,6 @@ impl State for ExpectServerDone { .cert_chain .split_first() .ok_or(Error::NoCertificatesPresented)?; - let now = std::time::SystemTime::now(); let cert_verified = st .config .verifier @@ -716,7 +715,7 @@ impl State for ExpectServerDone { intermediates, &st.server_name, &st.server_cert.ocsp_response, - now, + UnixTime::now(), ) .map_err(|err| { cx.common @@ -975,15 +974,6 @@ impl ExpectFinished { return; } - let time_now = match TimeBase::now() { - Ok(time_now) => time_now, - #[allow(unused_variables)] - Err(e) => { - debug!("Session not saved: {}", e); - return; - } - }; - let session_value = persist::Tls12ClientSessionValue::new( self.secrets.suite(), self.session_id, @@ -993,7 +983,7 @@ impl ExpectFinished { .peer_certificates .clone() .unwrap_or_default(), - time_now, + UnixTime::now(), lifetime, self.using_ems, ); diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index c7f129cc60..745a19bd48 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -26,6 +26,7 @@ use crate::msgs::handshake::{HasServerExtensions, ServerHelloPayload}; use crate::msgs::handshake::{PresharedKeyIdentity, PresharedKeyOffer}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; +use crate::sign::{CertifiedKey, Signer}; #[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; use crate::tls13::construct_client_verify_message; @@ -43,10 +44,9 @@ use crate::client::common::ServerCertDetails; use crate::client::common::{ClientAuthDetails, ClientHelloDetails}; use crate::client::{hs, ClientConfig, ClientSessionStore, ServerName}; -use crate::ticketer::TimeBase; +use pki_types::UnixTime; use subtle::ConstantTimeEq; -use crate::sign::{CertifiedKey, Signer}; use alloc::sync::Arc; // Extensions we expect in plaintext in the ServerHello. @@ -672,7 +672,6 @@ impl State for ExpectCertificateVerify< .cert_chain .split_first() .ok_or(Error::NoCertificatesPresented)?; - let now = std::time::SystemTime::now(); let cert_verified = self .config .verifier @@ -681,7 +680,7 @@ impl State for ExpectCertificateVerify< intermediates, &self.server_name, &self.server_cert.ocsp_response, - now, + UnixTime::now(), ) .map_err(|err| { cx.common @@ -958,15 +957,6 @@ impl ExpectTraffic { .key_schedule .resumption_master_secret_and_derive_ticket_psk(&handshake_hash, &nst.nonce.0); - let time_now = match TimeBase::now() { - Ok(t) => t, - #[allow(unused_variables)] - Err(e) => { - debug!("Session not saved: {}", e); - return Ok(()); - } - }; - #[allow(unused_mut)] let mut value = persist::Tls13ClientSessionValue::new( self.suite, @@ -976,7 +966,7 @@ impl ExpectTraffic { .peer_certificates .clone() .unwrap_or_default(), - time_now, + UnixTime::now(), nst.lifetime, nst.age_add, nst.get_max_early_data_size() diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index e8907e6b14..7707ba8515 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -279,7 +279,9 @@ impl ProducesTickets for AeadTicketer { } #[cfg(test)] -use crate::ticketer::TimeBase; +use core::time::Duration; +#[cfg(test)] +use pki_types::UnixTime; #[test] fn basic_pairwise_test() { @@ -293,19 +295,23 @@ fn basic_pairwise_test() { #[test] fn ticketswitcher_switching_test() { let t = Arc::new(crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap()); - let now = TimeBase::now().unwrap(); + let now = UnixTime::now(); let cipher1 = t.encrypt(b"ticket 1").unwrap(); assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); { // Trigger new ticketer - t.maybe_roll(TimeBase(now.0 + core::time::Duration::from_secs(10))); + t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( + now.as_secs() + 10, + ))); } let cipher2 = t.encrypt(b"ticket 2").unwrap(); assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); { // Trigger new ticketer - t.maybe_roll(TimeBase(now.0 + core::time::Duration::from_secs(20))); + t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( + now.as_secs() + 20, + ))); } let cipher3 = t.encrypt(b"ticket 3").unwrap(); assert!(t.decrypt(&cipher1).is_none()); @@ -321,13 +327,15 @@ fn fail_generator() -> Result, GetRandomFailed> { #[test] fn ticketswitcher_recover_test() { let mut t = crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap(); - let now = TimeBase::now().unwrap(); + let now = UnixTime::now(); let cipher1 = t.encrypt(b"ticket 1").unwrap(); assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); t.generator = fail_generator; { // Failed new ticketer - t.maybe_roll(TimeBase(now.0 + core::time::Duration::from_secs(10))); + t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( + now.as_secs() + 10, + ))); } t.generator = make_ticket_generator; let cipher2 = t.encrypt(b"ticket 2").unwrap(); @@ -335,7 +343,9 @@ fn ticketswitcher_recover_test() { assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); { // recover - t.maybe_roll(TimeBase(now.0 + core::time::Duration::from_secs(20))); + t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( + now.as_secs() + 20, + ))); } let cipher3 = t.encrypt(b"ticket 3").unwrap(); assert!(t.decrypt(&cipher1).is_none()); diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index 825dfcc236..1a5966e9e1 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -5,12 +5,11 @@ use crate::msgs::base::{PayloadU16, PayloadU8}; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::CertificatePayload; use crate::msgs::handshake::SessionId; -use crate::ticketer::TimeBase; #[cfg(feature = "tls12")] use crate::tls12::Tls12CipherSuite; use crate::tls13::Tls13CipherSuite; -use pki_types::CertificateDer; +use pki_types::{CertificateDer, UnixTime}; use core::cmp; #[cfg(feature = "tls12")] @@ -18,11 +17,11 @@ use core::mem; pub struct Retrieved { pub value: T, - retrieved_at: TimeBase, + retrieved_at: UnixTime, } impl Retrieved { - pub fn new(value: T, retrieved_at: TimeBase) -> Self { + pub fn new(value: T, retrieved_at: UnixTime) -> Self { Self { value, retrieved_at, @@ -83,7 +82,7 @@ impl Tls13ClientSessionValue { ticket: Vec, secret: Vec, server_cert_chain: Vec>, - time_now: TimeBase, + time_now: UnixTime, lifetime_secs: u32, age_add: u32, max_early_data_size: u32, @@ -158,7 +157,7 @@ impl Tls12ClientSessionValue { ticket: Vec, master_secret: Vec, server_cert_chain: Vec>, - time_now: TimeBase, + time_now: UnixTime, lifetime_secs: u32, extended_ms: bool, ) -> Self { @@ -217,7 +216,7 @@ impl ClientSessionCommon { fn new( ticket: Vec, secret: Vec, - time_now: TimeBase, + time_now: UnixTime, lifetime_secs: u32, server_cert_chain: Vec>, ) -> Self { @@ -359,7 +358,7 @@ impl ServerSessionValue { client_cert_chain: Option, alpn: Option>, application_data: Vec, - creation_time: TimeBase, + creation_time: UnixTime, age_obfuscation_offset: u32, ) -> Self { Self { @@ -381,7 +380,7 @@ impl ServerSessionValue { self.extended_ms = true; } - pub fn set_freshness(mut self, obfuscated_client_age_ms: u32, time_now: TimeBase) -> Self { + pub fn set_freshness(mut self, obfuscated_client_age_ms: u32, time_now: UnixTime) -> Self { let client_age_ms = obfuscated_client_age_ms.wrapping_sub(self.age_obfuscation_offset); let server_age_ms = (time_now .as_secs() @@ -408,7 +407,6 @@ mod tests { use super::*; use crate::enums::*; use crate::msgs::codec::{Codec, Reader}; - use crate::ticketer::TimeBase; #[test] fn serversessionvalue_is_debug() { @@ -420,7 +418,7 @@ mod tests { None, None, vec![4, 5, 6], - TimeBase::now().unwrap(), + UnixTime::now(), 0x12345678, ); println!("{:?}", ssv); diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index d7c034904e..377a49099b 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -19,13 +19,13 @@ use crate::rand::GetRandomFailed; #[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite}; -use crate::{ticketer, verify}; +use crate::verify; use super::common::ActiveCertifiedKey; use super::hs::{self, ServerContext}; use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData}; -use pki_types::CertificateDer; +use pki_types::{CertificateDer, UnixTime}; use subtle::ConstantTimeEq; use alloc::sync::Arc; @@ -550,10 +550,9 @@ impl State for ExpectCertificate { None } Some((end_entity, intermediates)) => { - let now = std::time::SystemTime::now(); self.config .verifier - .verify_client_cert(end_entity, intermediates, now) + .verify_client_cert(end_entity, intermediates, UnixTime::now()) .map_err(|err| { cx.common .send_cert_verify_error_alert(err) @@ -756,7 +755,7 @@ fn get_server_connection_value_tls12( secrets: &ConnectionSecrets, using_ems: bool, cx: &ServerContext<'_>, - time_now: ticketer::TimeBase, + time_now: UnixTime, ) -> persist::ServerSessionValue { let version = ProtocolVersion::TLSv1_2; let secret = secrets.get_master_secret(); @@ -787,8 +786,8 @@ fn emit_ticket( cx: &mut ServerContext<'_>, ticketer: &dyn ProducesTickets, ) -> Result<(), Error> { - let time_now = ticketer::TimeBase::now()?; - let plain = get_server_connection_value_tls12(secrets, using_ems, cx, time_now).get_encoding(); + let plain = + get_server_connection_value_tls12(secrets, using_ems, cx, UnixTime::now()).get_encoding(); // If we can't produce a ticket for some reason, we can't // report an error. Send an empty one. @@ -875,9 +874,12 @@ impl State for ExpectFinished { // Save connection, perhaps if !self.resuming && !self.session_id.is_empty() { - let time_now = ticketer::TimeBase::now()?; - let value = - get_server_connection_value_tls12(&self.secrets, self.using_ems, cx, time_now); + let value = get_server_connection_value_tls12( + &self.secrets, + self.using_ems, + cx, + UnixTime::now(), + ); let worked = self .config diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 300e0bc340..ca7860374c 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -25,7 +25,6 @@ use crate::rand; use crate::server::ServerConfig; #[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; -use crate::ticketer; use crate::tls13::construct_client_verify_message; use crate::tls13::construct_server_verify_message; use crate::tls13::key_schedule::{KeyScheduleTraffic, KeyScheduleTrafficWithClientFinishedPending}; @@ -37,7 +36,7 @@ use super::server_conn::ServerConnectionData; use alloc::sync::Arc; -use pki_types::CertificateDer; +use pki_types::{CertificateDer, UnixTime}; use subtle::ConstantTimeEq; pub(super) use client_hello::CompleteClientHelloHandling; @@ -276,7 +275,6 @@ mod client_hello { let mut chosen_psk_index = None; let mut resumedata = None; - let time_now = ticketer::TimeBase::now()?; if let Some(psk_offer) = client_hello.get_psk() { if !client_hello.check_psk_ext_is_last() { @@ -315,7 +313,7 @@ mod client_hello { let resume = match self .attempt_tls13_ticket_decryption(&psk_id.identity.0) .map(|resumedata| { - resumedata.set_freshness(psk_id.obfuscated_ticket_age, time_now) + resumedata.set_freshness(psk_id.obfuscated_ticket_age, UnixTime::now()) }) .filter(|resumedata| { hs::can_resume(self.suite.into(), &cx.data.sni, false, resumedata) @@ -928,10 +926,9 @@ impl State for ExpectCertificate { Some(chain) => chain, }; - let now = std::time::SystemTime::now(); self.config .verifier - .verify_client_cert(end_entity, intermediates, now) + .verify_client_cert(end_entity, intermediates, UnixTime::now()) .map_err(|err| { cx.common .send_cert_verify_error_alert(err) @@ -1057,7 +1054,7 @@ fn get_server_session_value( key_schedule: &KeyScheduleTraffic, cx: &ServerContext<'_>, nonce: &[u8], - time_now: ticketer::TimeBase, + time_now: UnixTime, age_obfuscation_offset: u32, ) -> persist::ServerSessionValue { let version = ProtocolVersion::TLSv1_3; @@ -1096,11 +1093,17 @@ impl ExpectFinished { config: &ServerConfig, ) -> Result<(), Error> { let nonce = rand::random_vec::(32)?; - let now = ticketer::TimeBase::now()?; let age_add = rand::random_u32::()?; - let plain = - get_server_session_value(transcript, suite, key_schedule, cx, &nonce, now, age_add) - .get_encoding(); + let plain = get_server_session_value( + transcript, + suite, + key_schedule, + cx, + &nonce, + UnixTime::now(), + age_add, + ) + .get_encoding(); let stateless = config.ticketer.enabled(); let (ticket, lifetime) = if stateless { diff --git a/rustls/src/ticketer.rs b/rustls/src/ticketer.rs index 6243a3ec24..38230e3692 100644 --- a/rustls/src/ticketer.rs +++ b/rustls/src/ticketer.rs @@ -2,31 +2,10 @@ use crate::rand; use crate::server::ProducesTickets; use crate::Error; +use pki_types::UnixTime; + use core::mem; -use core::time::Duration; use std::sync::{Mutex, MutexGuard}; -use std::time; - -/// The timebase for expiring and rolling tickets and ticketing -/// keys. This is UNIX wall time in seconds. -/// -/// This is guaranteed to be on or after the UNIX epoch. -#[derive(Clone, Copy, Debug)] -pub struct TimeBase(pub(crate) Duration); - -impl TimeBase { - #[inline] - pub fn now() -> Result { - Ok(Self( - time::SystemTime::now().duration_since(time::UNIX_EPOCH)?, - )) - } - - #[inline] - pub fn as_secs(&self) -> u64 { - self.0.as_secs() - } -} pub(crate) struct TicketSwitcherState { next: Option>, @@ -56,7 +35,6 @@ impl TicketSwitcher { lifetime: u32, generator: fn() -> Result, rand::GetRandomFailed>, ) -> Result { - let now = TimeBase::now()?; Ok(Self { generator, lifetime, @@ -64,7 +42,7 @@ impl TicketSwitcher { next: Some(generator()?), current: generator()?, previous: None, - next_switch_time: now + next_switch_time: UnixTime::now() .as_secs() .saturating_add(u64::from(lifetime)), }), @@ -80,7 +58,7 @@ impl TicketSwitcher { /// /// For efficiency, this is also responsible for locking the state mutex /// and returning the mutexguard. - pub(crate) fn maybe_roll(&self, now: TimeBase) -> Option> { + pub(crate) fn maybe_roll(&self, now: UnixTime) -> Option> { // The code below aims to make switching as efficient as possible // in the common case that the generator never fails. To achieve this // we run the following steps: @@ -162,13 +140,13 @@ impl ProducesTickets for TicketSwitcher { } fn encrypt(&self, message: &[u8]) -> Option> { - let state = self.maybe_roll(TimeBase::now().ok()?)?; + let state = self.maybe_roll(UnixTime::now())?; state.current.encrypt(message) } fn decrypt(&self, ciphertext: &[u8]) -> Option> { - let state = self.maybe_roll(TimeBase::now().ok()?)?; + let state = self.maybe_roll(UnixTime::now())?; // Decrypt with the current key; if that fails, try with the previous. state diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 41fb2c1fe4..8ac1bcab40 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -1,7 +1,6 @@ use core::fmt; -use std::time::SystemTime; -use pki_types::CertificateDer; +use pki_types::{CertificateDer, UnixTime}; use crate::client::ServerName; use crate::enums::SignatureScheme; @@ -86,7 +85,7 @@ pub trait ServerCertVerifier: Send + Sync { intermediates: &[CertificateDer<'_>], server_name: &ServerName, ocsp_response: &[u8], - now: SystemTime, + now: UnixTime, ) -> Result; /// Verify a signature allegedly by the given server certificate. @@ -193,7 +192,7 @@ pub trait ClientCertVerifier: Send + Sync { &self, end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], - now: SystemTime, + now: UnixTime, ) -> Result; /// Verify a signature allegedly by the given client certificate. @@ -266,7 +265,7 @@ impl ClientCertVerifier for NoClientAuth { &self, _end_entity: &CertificateDer<'_>, _intermediates: &[CertificateDer<'_>], - _now: SystemTime, + _now: UnixTime, ) -> Result { unimplemented!(); } diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index d1acfecb43..82bccc4451 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -5,12 +5,12 @@ // etc. because it's unstable at the time of writing. use core::time::Duration; -use std::time::{Instant, SystemTime}; +use std::time::Instant; use crate::verify::ServerCertVerifier; use crate::webpki::{RootCertStore, WebPkiServerVerifier}; -use pki_types::CertificateDer; +use pki_types::{CertificateDer, UnixTime}; use webpki_roots; fn duration_nanos(d: Duration) -> u64 { @@ -181,7 +181,7 @@ struct Context { domain: &'static str, roots: RootCertStore, chain: Vec>, - now: SystemTime, + now: UnixTime, } impl Context { @@ -201,7 +201,7 @@ impl Context { .copied() .map(|bytes| CertificateDer::from(bytes.to_vec())) .collect(), - now: SystemTime::UNIX_EPOCH + Duration::from_secs(1640870720), + now: UnixTime::since_unix_epoch(Duration::from_secs(1_640_870_720)), } } diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 709638bde6..ed9652f5dd 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -1,7 +1,6 @@ use alloc::sync::Arc; -use std::time::SystemTime; -use pki_types::{CertificateDer, SignatureVerificationAlgorithm}; +use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime}; use super::anchors::RootCertStore; use super::client_verifier_builder::ClientCertVerifierBuilder; @@ -48,16 +47,14 @@ pub fn verify_server_cert_signed_by_trust_anchor( cert: &ParsedCertificate, roots: &RootCertStore, intermediates: &[CertificateDer<'_>], - now: SystemTime, + now: UnixTime, ) -> Result<(), Error> { - let webpki_now = webpki::Time::try_from(now).map_err(|_| Error::FailedToGetCurrentTime)?; - cert.0 .verify_for_usage( SUPPORTED_SIG_ALGS, &roots.roots, intermediates, - webpki_now, + now, webpki::KeyUsage::server_auth(), None, // no CRLs ) @@ -104,7 +101,7 @@ impl ServerCertVerifier for WebPkiServerVerifier { intermediates: &[CertificateDer<'_>], server_name: &ServerName, ocsp_response: &[u8], - now: SystemTime, + now: UnixTime, ) -> Result { let cert = ParsedCertificate::try_from(end_entity)?; @@ -318,10 +315,9 @@ impl ClientCertVerifier for WebPkiClientVerifier { &self, end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], - now: SystemTime, + now: UnixTime, ) -> Result { let cert = ParsedCertificate::try_from(end_entity)?; - let now = webpki::Time::try_from(now).map_err(|_| Error::FailedToGetCurrentTime)?; #[allow(trivial_casts)] // Cast to &dyn trait is required. let crls = self diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 0d12a3ce74..c47aa1e7cf 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -18,7 +18,7 @@ use rustls::{ ServerConnection, SignatureScheme, }; -use pki_types::CertificateDer; +use pki_types::{CertificateDer, UnixTime}; use std::sync::Arc; @@ -174,7 +174,7 @@ impl ClientCertVerifier for MockClientVerifier { &self, _end_entity: &CertificateDer<'_>, _intermediates: &[CertificateDer<'_>], - _now: std::time::SystemTime, + _now: UnixTime, ) -> Result { (self.verified)() } diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index 376cbaa075..3bdfd1aa9e 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -13,7 +13,7 @@ use rustls::client::{ use rustls::DigitallySignedStruct; use rustls::{AlertDescription, Error, InvalidMessage, SignatureScheme}; -use pki_types::CertificateDer; +use pki_types::{CertificateDer, UnixTime}; use std::sync::Arc; @@ -170,7 +170,7 @@ impl ServerCertVerifier for MockServerVerifier { intermediates: &[CertificateDer<'_>], server_name: &rustls::ServerName, oscp_response: &[u8], - now: std::time::SystemTime, + now: UnixTime, ) -> Result { println!( "verify_server_cert({:?}, {:?}, {:?}, {:?}, {:?})", From 6e2842f747402ad2e1c3a687ce8342693777af04 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Sep 2023 10:43:43 +0100 Subject: [PATCH 0150/1145] Extract nested length code for reuse --- rustls/src/msgs/codec.rs | 92 ++++++++++++++++++++++++++-------------- 1 file changed, 60 insertions(+), 32 deletions(-) diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index ba2e01acb7..5914b70347 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -210,40 +210,10 @@ impl Codec for u64 { /// `TlsListElement` provides the size of the length prefix for the list. impl Codec for Vec { fn encode(&self, bytes: &mut Vec) { - let len_offset = bytes.len(); - bytes.extend(match T::SIZE_LEN { - ListLength::U8 => &[0][..], - ListLength::U16 => &[0, 0], - ListLength::U24 { .. } => &[0, 0, 0], - }); + let nest = LengthPrefixedBuffer::new(T::SIZE_LEN, bytes); for i in self { - i.encode(bytes); - } - - match T::SIZE_LEN { - ListLength::U8 => { - let len = bytes.len() - len_offset - 1; - debug_assert!(len <= 0xff); - bytes[len_offset] = len as u8; - } - ListLength::U16 => { - let len = bytes.len() - len_offset - 2; - debug_assert!(len <= 0xffff); - let out: &mut [u8; 2] = (&mut bytes[len_offset..len_offset + 2]) - .try_into() - .unwrap(); - *out = u16::to_be_bytes(len as u16); - } - ListLength::U24 { .. } => { - let len = bytes.len() - len_offset - 3; - debug_assert!(len <= 0xff_ffff); - let len_bytes = u32::to_be_bytes(len as u32); - let out: &mut [u8; 3] = (&mut bytes[len_offset..len_offset + 3]) - .try_into() - .unwrap(); - out.copy_from_slice(&len_bytes[1..]); - } + i.encode(nest.buf); } } @@ -284,3 +254,61 @@ pub(crate) enum ListLength { U16, U24 { max: usize }, } + +/// Tracks encoding a length-delimited structure in a single pass. +pub(crate) struct LengthPrefixedBuffer<'a> { + pub(crate) buf: &'a mut Vec, + len_offset: usize, + size_len: ListLength, +} + +impl<'a> LengthPrefixedBuffer<'a> { + /// Inserts a dummy length into `buf`, and remembers where it went. + /// + /// After this, the body of the length-delimited structure should be appended to `LengthPrefixedBuffer::buf`. + /// The length header is corrected in `LengthPrefixedBuffer::drop`. + pub(crate) fn new(size_len: ListLength, buf: &'a mut Vec) -> LengthPrefixedBuffer<'a> { + let len_offset = buf.len(); + buf.extend(match size_len { + ListLength::U8 => &[0][..], + ListLength::U16 => &[0, 0], + ListLength::U24 { .. } => &[0, 0, 0], + }); + + Self { + buf, + len_offset, + size_len, + } + } +} + +impl<'a> Drop for LengthPrefixedBuffer<'a> { + /// Goes back and corrects the length previously inserted at the start of the structure. + fn drop(&mut self) { + match self.size_len { + ListLength::U8 => { + let len = self.buf.len() - self.len_offset - 1; + debug_assert!(len <= 0xff); + self.buf[self.len_offset] = len as u8; + } + ListLength::U16 => { + let len = self.buf.len() - self.len_offset - 2; + debug_assert!(len <= 0xffff); + let out: &mut [u8; 2] = (&mut self.buf[self.len_offset..self.len_offset + 2]) + .try_into() + .unwrap(); + *out = u16::to_be_bytes(len as u16); + } + ListLength::U24 { .. } => { + let len = self.buf.len() - self.len_offset - 3; + debug_assert!(len <= 0xff_ffff); + let len_bytes = u32::to_be_bytes(len as u32); + let out: &mut [u8; 3] = (&mut self.buf[self.len_offset..self.len_offset + 3]) + .try_into() + .unwrap(); + out.copy_from_slice(&len_bytes[1..]); + } + } + } +} From 2014ab9bee618e8df69001adab19b47fcbf726e9 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Sep 2023 10:58:40 +0100 Subject: [PATCH 0151/1145] Reuse nested length encoder This avoids many small, short-lived allocations and copying during message encoding. --- rustls/src/msgs/handshake.rs | 107 ++++++++++++++--------------------- 1 file changed, 43 insertions(+), 64 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 1c7b7de004..4324e3c5c5 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -6,7 +6,7 @@ use crate::error::InvalidMessage; #[cfg(feature = "logging")] use crate::log::warn; use crate::msgs::base::{Payload, PayloadU16, PayloadU24, PayloadU8}; -use crate::msgs::codec::{self, Codec, ListLength, Reader, TlsListElement}; +use crate::msgs::codec::{self, Codec, LengthPrefixedBuffer, ListLength, Reader, TlsListElement}; use crate::msgs::enums::{ CertificateStatusType, ClientCertificateType, Compression, ECCurveType, ECPointFormat, ExtensionType, KeyUpdateRequest, NamedGroup, PSKKeyExchangeMode, ServerNameType, @@ -581,31 +581,28 @@ impl Codec for ClientExtension { fn encode(&self, bytes: &mut Vec) { self.get_type().encode(bytes); - let mut sub: Vec = Vec::new(); + let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { - Self::ECPointFormats(ref r) => r.encode(&mut sub), - Self::NamedGroups(ref r) => r.encode(&mut sub), - Self::SignatureAlgorithms(ref r) => r.encode(&mut sub), - Self::ServerName(ref r) => r.encode(&mut sub), + Self::ECPointFormats(ref r) => r.encode(nested.buf), + Self::NamedGroups(ref r) => r.encode(nested.buf), + Self::SignatureAlgorithms(ref r) => r.encode(nested.buf), + Self::ServerName(ref r) => r.encode(nested.buf), Self::SessionTicket(ClientSessionTicket::Request) | Self::ExtendedMasterSecretRequest | Self::EarlyData => {} - Self::SessionTicket(ClientSessionTicket::Offer(ref r)) => r.encode(&mut sub), - Self::Protocols(ref r) => r.encode(&mut sub), - Self::SupportedVersions(ref r) => r.encode(&mut sub), - Self::KeyShare(ref r) => r.encode(&mut sub), - Self::PresharedKeyModes(ref r) => r.encode(&mut sub), - Self::PresharedKey(ref r) => r.encode(&mut sub), - Self::Cookie(ref r) => r.encode(&mut sub), - Self::CertificateStatusRequest(ref r) => r.encode(&mut sub), + Self::SessionTicket(ClientSessionTicket::Offer(ref r)) => r.encode(nested.buf), + Self::Protocols(ref r) => r.encode(nested.buf), + Self::SupportedVersions(ref r) => r.encode(nested.buf), + Self::KeyShare(ref r) => r.encode(nested.buf), + Self::PresharedKeyModes(ref r) => r.encode(nested.buf), + Self::PresharedKey(ref r) => r.encode(nested.buf), + Self::Cookie(ref r) => r.encode(nested.buf), + Self::CertificateStatusRequest(ref r) => r.encode(nested.buf), Self::TransportParameters(ref r) | Self::TransportParametersDraft(ref r) => { - sub.extend_from_slice(r); + nested.buf.extend_from_slice(r); } - Self::Unknown(ref r) => r.encode(&mut sub), + Self::Unknown(ref r) => r.encode(nested.buf), } - - (sub.len() as u16).encode(bytes); - bytes.append(&mut sub); } fn read(r: &mut Reader) -> Result { @@ -728,27 +725,24 @@ impl Codec for ServerExtension { fn encode(&self, bytes: &mut Vec) { self.get_type().encode(bytes); - let mut sub: Vec = Vec::new(); + let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { - Self::ECPointFormats(ref r) => r.encode(&mut sub), + Self::ECPointFormats(ref r) => r.encode(nested.buf), Self::ServerNameAck | Self::SessionTicketAck | Self::ExtendedMasterSecretAck | Self::CertificateStatusAck | Self::EarlyData => {} - Self::RenegotiationInfo(ref r) => r.encode(&mut sub), - Self::Protocols(ref r) => r.encode(&mut sub), - Self::KeyShare(ref r) => r.encode(&mut sub), - Self::PresharedKey(r) => r.encode(&mut sub), - Self::SupportedVersions(ref r) => r.encode(&mut sub), + Self::RenegotiationInfo(ref r) => r.encode(nested.buf), + Self::Protocols(ref r) => r.encode(nested.buf), + Self::KeyShare(ref r) => r.encode(nested.buf), + Self::PresharedKey(r) => r.encode(nested.buf), + Self::SupportedVersions(ref r) => r.encode(nested.buf), Self::TransportParameters(ref r) | Self::TransportParametersDraft(ref r) => { - sub.extend_from_slice(r); + nested.buf.extend_from_slice(r); } - Self::Unknown(ref r) => r.encode(&mut sub), + Self::Unknown(ref r) => r.encode(nested.buf), } - - (sub.len() as u16).encode(bytes); - bytes.append(&mut sub); } fn read(r: &mut Reader) -> Result { @@ -1030,16 +1024,13 @@ impl Codec for HelloRetryExtension { fn encode(&self, bytes: &mut Vec) { self.get_type().encode(bytes); - let mut sub: Vec = Vec::new(); + let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { - Self::KeyShare(ref r) => r.encode(&mut sub), - Self::Cookie(ref r) => r.encode(&mut sub), - Self::SupportedVersions(ref r) => r.encode(&mut sub), - Self::Unknown(ref r) => r.encode(&mut sub), + Self::KeyShare(ref r) => r.encode(nested.buf), + Self::Cookie(ref r) => r.encode(nested.buf), + Self::SupportedVersions(ref r) => r.encode(nested.buf), + Self::Unknown(ref r) => r.encode(nested.buf), } - - (sub.len() as u16).encode(bytes); - bytes.append(&mut sub); } fn read(r: &mut Reader) -> Result { @@ -1289,14 +1280,11 @@ impl Codec for CertificateExtension { fn encode(&self, bytes: &mut Vec) { self.get_type().encode(bytes); - let mut sub: Vec = Vec::new(); + let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { - Self::CertificateStatus(ref r) => r.encode(&mut sub), - Self::Unknown(ref r) => r.encode(&mut sub), + Self::CertificateStatus(ref r) => r.encode(nested.buf), + Self::Unknown(ref r) => r.encode(nested.buf), } - - (sub.len() as u16).encode(bytes); - bytes.append(&mut sub); } fn read(r: &mut Reader) -> Result { @@ -1760,15 +1748,12 @@ impl Codec for CertReqExtension { fn encode(&self, bytes: &mut Vec) { self.get_type().encode(bytes); - let mut sub: Vec = Vec::new(); + let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { - Self::SignatureAlgorithms(ref r) => r.encode(&mut sub), - Self::AuthorityNames(ref r) => r.encode(&mut sub), - Self::Unknown(ref r) => r.encode(&mut sub), + Self::SignatureAlgorithms(ref r) => r.encode(nested.buf), + Self::AuthorityNames(ref r) => r.encode(nested.buf), + Self::Unknown(ref r) => r.encode(nested.buf), } - - (sub.len() as u16).encode(bytes); - bytes.append(&mut sub); } fn read(r: &mut Reader) -> Result { @@ -1900,14 +1885,11 @@ impl Codec for NewSessionTicketExtension { fn encode(&self, bytes: &mut Vec) { self.get_type().encode(bytes); - let mut sub: Vec = Vec::new(); + let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { - Self::EarlyData(r) => r.encode(&mut sub), - Self::Unknown(ref r) => r.encode(&mut sub), + Self::EarlyData(r) => r.encode(nested.buf), + Self::Unknown(ref r) => r.encode(nested.buf), } - - (sub.len() as u16).encode(bytes); - bytes.append(&mut sub); } fn read(r: &mut Reader) -> Result { @@ -2103,18 +2085,15 @@ pub struct HandshakeMessagePayload { impl Codec for HandshakeMessagePayload { fn encode(&self, bytes: &mut Vec) { - // encode payload to learn length - let mut sub: Vec = Vec::new(); - self.payload.encode(&mut sub); - // output type, length, and encoded payload match self.typ { HandshakeType::HelloRetryRequest => HandshakeType::ServerHello, _ => self.typ, } .encode(bytes); - codec::u24(sub.len() as u32).encode(bytes); - bytes.append(&mut sub); + + let nested = LengthPrefixedBuffer::new(ListLength::U24 { max: usize::MAX }, bytes); + self.payload.encode(nested.buf); } fn read(r: &mut Reader) -> Result { From 3fc1c9324039aa9006faa6c434b24dcfe105435d Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Sep 2023 13:41:53 +0100 Subject: [PATCH 0152/1145] LengthPrefixedBuffer: use maximal dummy length This is just for extreme paranoia and isn't fixing an extant issue. It is safer to have a length prefix that is too large, so that an accidental read of the buffer prior to the length being fixed cannot be interpreted as an empty structure followed by something else. eg, a `ClientExtension` (type 0x12 0x23) in this situation with body [0xff, 0x01, 0x00, 0x00] with a zero dummy length would end up encoded as: 0x12 0x23 0x00 0x00 0xff 0x01 0x00 0x00 Which decodes as two extensions (one empty, one RenegotiationInfo). That would be bad. Using maximal lengths: 0x12 0x23 0xff 0xff 0xff 0x01 0x00 0x00 This cannot be decoded, and prevents the body from being interpreted as something else. --- rustls/src/msgs/codec.rs | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index 5914b70347..80318ac90f 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -270,9 +270,9 @@ impl<'a> LengthPrefixedBuffer<'a> { pub(crate) fn new(size_len: ListLength, buf: &'a mut Vec) -> LengthPrefixedBuffer<'a> { let len_offset = buf.len(); buf.extend(match size_len { - ListLength::U8 => &[0][..], - ListLength::U16 => &[0, 0], - ListLength::U24 { .. } => &[0, 0, 0], + ListLength::U8 => &[0xff][..], + ListLength::U16 => &[0xff, 0xff], + ListLength::U24 { .. } => &[0xff, 0xff, 0xff], }); Self { @@ -312,3 +312,17 @@ impl<'a> Drop for LengthPrefixedBuffer<'a> { } } } + +#[test] +fn interrupted_length_prefixed_buffer_leaves_maximum_length() { + let mut buf = Vec::new(); + let nested = LengthPrefixedBuffer::new(ListLength::U16, &mut buf); + nested.buf.push(0xaa); + assert_eq!(nested.buf, &vec![0xff, 0xff, 0xaa]); + // <- if the buffer is accidentally read here, there is no possiblity + // that the contents of the length-prefixed buffer are interpretted + // as a subsequent encoding (perhaps allowing injection of a different + // extension) + drop(nested); + assert_eq!(buf, vec![0x00, 0x01, 0xaa]); +} From 8f2f34e9139eb786ce7aa5a999d60ddd21f2af19 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 31 Aug 2023 11:21:37 +0100 Subject: [PATCH 0153/1145] Move crate::sign to crate::crypto::signer --- rustls/src/crypto/mod.rs | 3 +++ rustls/src/{sign.rs => crypto/signer.rs} | 16 +++++++++------- rustls/src/lib.rs | 7 ++++++- 3 files changed, 18 insertions(+), 8 deletions(-) rename rustls/src/{sign.rs => crypto/signer.rs} (95%) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index c02791ecf3..db2816b9b7 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -15,6 +15,9 @@ pub mod hash; /// HMAC interfaces. pub mod hmac; +/// Message signing interfaces. +pub mod signer; + pub use crate::rand::GetRandomFailed; pub use crate::msgs::handshake::KeyExchangeAlgorithm; diff --git a/rustls/src/sign.rs b/rustls/src/crypto/signer.rs similarity index 95% rename from rustls/src/sign.rs rename to rustls/src/crypto/signer.rs index 2059591edb..ef4576b3a6 100644 --- a/rustls/src/sign.rs +++ b/rustls/src/crypto/signer.rs @@ -413,7 +413,8 @@ mod tests { #[test] fn can_load_ecdsa_nistp256_pkcs8() { - let key = PrivatePkcs8KeyDer::from(&include_bytes!("testdata/nistp256key.pkcs8.der")[..]); + let key = + PrivatePkcs8KeyDer::from(&include_bytes!("../testdata/nistp256key.pkcs8.der")[..]); assert!(any_eddsa_type(&key).is_err()); let key = PrivateKeyDer::Pkcs8(key); assert!(any_supported_type(&key).is_ok()); @@ -423,7 +424,7 @@ mod tests { #[test] fn can_load_ecdsa_nistp256_sec1() { let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( - &include_bytes!("testdata/nistp256key.der")[..], + &include_bytes!("../testdata/nistp256key.der")[..], )); assert!(any_supported_type(&key).is_ok()); assert!(any_ecdsa_type(&key).is_ok()); @@ -431,7 +432,8 @@ mod tests { #[test] fn can_load_ecdsa_nistp384_pkcs8() { - let key = PrivatePkcs8KeyDer::from(&include_bytes!("testdata/nistp384key.pkcs8.der")[..]); + let key = + PrivatePkcs8KeyDer::from(&include_bytes!("../testdata/nistp384key.pkcs8.der")[..]); assert!(any_eddsa_type(&key).is_err()); let key = PrivateKeyDer::Pkcs8(key); assert!(any_supported_type(&key).is_ok()); @@ -441,7 +443,7 @@ mod tests { #[test] fn can_load_ecdsa_nistp384_sec1() { let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( - &include_bytes!("testdata/nistp384key.der")[..], + &include_bytes!("../testdata/nistp384key.der")[..], )); assert!(any_supported_type(&key).is_ok()); assert!(any_ecdsa_type(&key).is_ok()); @@ -449,7 +451,7 @@ mod tests { #[test] fn can_load_eddsa_pkcs8() { - let key = PrivatePkcs8KeyDer::from(&include_bytes!("testdata/eddsakey.der")[..]); + let key = PrivatePkcs8KeyDer::from(&include_bytes!("../testdata/eddsakey.der")[..]); assert!(any_eddsa_type(&key).is_ok()); let key = PrivateKeyDer::Pkcs8(key); assert!(any_supported_type(&key).is_ok()); @@ -458,7 +460,7 @@ mod tests { #[test] fn can_load_rsa2048_pkcs8() { - let key = PrivatePkcs8KeyDer::from(&include_bytes!("testdata/rsa2048key.pkcs8.der")[..]); + let key = PrivatePkcs8KeyDer::from(&include_bytes!("../testdata/rsa2048key.pkcs8.der")[..]); assert!(any_eddsa_type(&key).is_err()); let key = PrivateKeyDer::Pkcs8(key); assert!(any_supported_type(&key).is_ok()); @@ -468,7 +470,7 @@ mod tests { #[test] fn can_load_rsa2048_pkcs1() { let key = PrivateKeyDer::Pkcs1(PrivatePkcs1KeyDer::from( - &include_bytes!("testdata/rsa2048key.pkcs1.der")[..], + &include_bytes!("../testdata/rsa2048key.pkcs1.der")[..], )); assert!(any_supported_type(&key).is_ok()); assert!(any_ecdsa_type(&key).is_err()); diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index b7ff1d17a7..3a1bf2b113 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -490,7 +490,12 @@ pub mod version { pub use crypto::ring::kx_group; /// Message signing interfaces and implementations. -pub mod sign; +pub mod sign { + pub use super::crypto::signer::{ + any_ecdsa_type, any_eddsa_type, any_supported_type, CertifiedKey, RsaSigningKey, Signer, + SigningKey, + }; +} #[cfg(feature = "quic")] /// APIs for implementing QUIC TLS From 18442cbd157f2e0cfa76451ecee62a9cf9f7630c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 22 Jun 2023 16:41:04 +0100 Subject: [PATCH 0154/1145] Move ring-backed signature keys to crypto::ring --- rustls/src/client/handy.rs | 3 +- rustls/src/crypto/ring/mod.rs | 3 + rustls/src/crypto/ring/sign.rs | 423 +++++++++++++++++++++++++++++++++ rustls/src/crypto/signer.rs | 417 +------------------------------- rustls/src/lib.rs | 6 +- rustls/src/server/handy.rs | 3 +- 6 files changed, 434 insertions(+), 421 deletions(-) create mode 100644 rustls/src/crypto/ring/sign.rs diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 39ad6bc230..3570f0638a 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -1,4 +1,5 @@ use crate::client; +use crate::crypto::ring; use crate::enums::SignatureScheme; use crate::error::Error; use crate::limited_cache; @@ -182,7 +183,7 @@ impl AlwaysResolvesClientCert { chain: Vec>, priv_key: &PrivateKeyDer<'_>, ) -> Result { - let key = sign::any_supported_type(priv_key) + let key = ring::sign::any_supported_type(priv_key) .map_err(|_| Error::General("invalid private key".into()))?; Ok(Self(Arc::new(sign::CertifiedKey::new(chain, key)))) } diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 7707ba8515..3f739a9cf2 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -20,6 +20,9 @@ pub(crate) mod quic; pub(crate) mod tls12; pub(crate) mod tls13; +/// Using software keys for authentication. +pub mod sign; + /// Default crypto provider. #[derive(Debug)] pub struct Ring; diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs new file mode 100644 index 0000000000..f57323153d --- /dev/null +++ b/rustls/src/crypto/ring/sign.rs @@ -0,0 +1,423 @@ +use crate::enums::{SignatureAlgorithm, SignatureScheme}; +use crate::error::Error; +use crate::sign::{Signer, SigningKey}; +use crate::x509::{wrap_in_asn1_len, wrap_in_sequence}; + +use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; +use ring::io::der; +use ring::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; + +use alloc::sync::Arc; +use core::fmt; +use std::error::Error as StdError; + +/// Parse `der` as any supported key encoding/type, returning +/// the first which works. +pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result, SignError> { + if let Ok(rsa) = RsaSigningKey::new(der) { + Ok(Arc::new(rsa)) + } else if let Ok(ecdsa) = any_ecdsa_type(der) { + Ok(ecdsa) + } else if let PrivateKeyDer::Pkcs8(pkcs8) = der { + any_eddsa_type(pkcs8) + } else { + Err(SignError(())) + } +} + +/// Parse `der` as any ECDSA key type, returning the first which works. +/// +/// Both SEC1 (PEM section starting with 'BEGIN EC PRIVATE KEY') and PKCS8 +/// (PEM section starting with 'BEGIN PRIVATE KEY') encodings are supported. +pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result, SignError> { + if let Ok(ecdsa_p256) = EcdsaSigningKey::new( + der, + SignatureScheme::ECDSA_NISTP256_SHA256, + &signature::ECDSA_P256_SHA256_ASN1_SIGNING, + ) { + return Ok(Arc::new(ecdsa_p256)); + } + + if let Ok(ecdsa_p384) = EcdsaSigningKey::new( + der, + SignatureScheme::ECDSA_NISTP384_SHA384, + &signature::ECDSA_P384_SHA384_ASN1_SIGNING, + ) { + return Ok(Arc::new(ecdsa_p384)); + } + + Err(SignError(())) +} + +/// Parse `der` as any EdDSA key type, returning the first which works. +pub fn any_eddsa_type(der: &PrivatePkcs8KeyDer<'_>) -> Result, SignError> { + if let Ok(ed25519) = Ed25519SigningKey::new(der, SignatureScheme::ED25519) { + return Ok(Arc::new(ed25519)); + } + + // TODO: Add support for Ed448 + + Err(SignError(())) +} + +/// A `SigningKey` for RSA-PKCS1 or RSA-PSS. +/// +/// This is used by the test suite, so it must be `pub`, but it isn't part of +/// the public, stable, API. +#[doc(hidden)] +pub struct RsaSigningKey { + key: Arc, +} + +static ALL_RSA_SCHEMES: &[SignatureScheme] = &[ + SignatureScheme::RSA_PSS_SHA512, + SignatureScheme::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA256, + SignatureScheme::RSA_PKCS1_SHA512, + SignatureScheme::RSA_PKCS1_SHA384, + SignatureScheme::RSA_PKCS1_SHA256, +]; + +impl RsaSigningKey { + /// Make a new `RsaSigningKey` from a DER encoding, in either + /// PKCS#1 or PKCS#8 format. + pub fn new(der: &PrivateKeyDer<'_>) -> Result { + let key_pair = match der { + PrivateKeyDer::Pkcs1(pkcs1) => RsaKeyPair::from_der(pkcs1.secret_pkcs1_der()), + PrivateKeyDer::Pkcs8(pkcs8) => RsaKeyPair::from_pkcs8(pkcs8.secret_pkcs8_der()), + _ => return Err(SignError(())), + } + .map_err(|_| SignError(()))?; + + Ok(Self { + key: Arc::new(key_pair), + }) + } +} + +impl SigningKey for RsaSigningKey { + fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { + ALL_RSA_SCHEMES + .iter() + .find(|scheme| offered.contains(scheme)) + .map(|scheme| RsaSigner::new(Arc::clone(&self.key), *scheme)) + } + + fn algorithm(&self) -> SignatureAlgorithm { + SignatureAlgorithm::RSA + } +} + +struct RsaSigner { + key: Arc, + scheme: SignatureScheme, + encoding: &'static dyn signature::RsaEncoding, +} + +impl RsaSigner { + fn new(key: Arc, scheme: SignatureScheme) -> Box { + let encoding: &dyn signature::RsaEncoding = match scheme { + SignatureScheme::RSA_PKCS1_SHA256 => &signature::RSA_PKCS1_SHA256, + SignatureScheme::RSA_PKCS1_SHA384 => &signature::RSA_PKCS1_SHA384, + SignatureScheme::RSA_PKCS1_SHA512 => &signature::RSA_PKCS1_SHA512, + SignatureScheme::RSA_PSS_SHA256 => &signature::RSA_PSS_SHA256, + SignatureScheme::RSA_PSS_SHA384 => &signature::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA512 => &signature::RSA_PSS_SHA512, + _ => unreachable!(), + }; + + Box::new(Self { + key, + scheme, + encoding, + }) + } +} + +impl Signer for RsaSigner { + fn sign(&self, message: &[u8]) -> Result, Error> { + let mut sig = vec![0; self.key.public_modulus_len()]; + + let rng = ring::rand::SystemRandom::new(); + self.key + .sign(self.encoding, &rng, message, &mut sig) + .map(|_| sig) + .map_err(|_| Error::General("signing failed".to_string())) + } + + fn scheme(&self) -> SignatureScheme { + self.scheme + } +} + +/// A SigningKey that uses exactly one TLS-level SignatureScheme +/// and one ring-level signature::SigningAlgorithm. +/// +/// Compare this to RsaSigningKey, which for a particular key is +/// willing to sign with several algorithms. This is quite poor +/// cryptography practice, but is necessary because a given RSA key +/// is expected to work in TLS1.2 (PKCS#1 signatures) and TLS1.3 +/// (PSS signatures) -- nobody is willing to obtain certificates for +/// different protocol versions. +/// +/// Currently this is only implemented for ECDSA keys. +struct EcdsaSigningKey { + key: Arc, + scheme: SignatureScheme, +} + +impl EcdsaSigningKey { + /// Make a new `ECDSASigningKey` from a DER encoding in PKCS#8 or SEC1 + /// format, expecting a key usable with precisely the given signature + /// scheme. + fn new( + der: &PrivateKeyDer<'_>, + scheme: SignatureScheme, + sigalg: &'static signature::EcdsaSigningAlgorithm, + ) -> Result { + let key_pair = match der { + PrivateKeyDer::Sec1(sec1) => { + Self::convert_sec1_to_pkcs8(scheme, sigalg, sec1.secret_sec1_der())? + } + PrivateKeyDer::Pkcs8(pkcs8) => { + EcdsaKeyPair::from_pkcs8(sigalg, pkcs8.secret_pkcs8_der()).map_err(|_| ())? + } + _ => return Err(()), + }; + + Ok(Self { + key: Arc::new(key_pair), + scheme, + }) + } + + /// Convert a SEC1 encoding to PKCS8, and ask ring to parse it. This + /// can be removed once + /// (or equivalent) is landed. + fn convert_sec1_to_pkcs8( + scheme: SignatureScheme, + sigalg: &'static signature::EcdsaSigningAlgorithm, + maybe_sec1_der: &[u8], + ) -> Result { + let pkcs8_prefix = match scheme { + SignatureScheme::ECDSA_NISTP256_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256, + SignatureScheme::ECDSA_NISTP384_SHA384 => &PKCS8_PREFIX_ECDSA_NISTP384, + _ => unreachable!(), // all callers are in this file + }; + + // wrap sec1 encoding in an OCTET STRING + let mut sec1_wrap = Vec::with_capacity(maybe_sec1_der.len() + 8); + sec1_wrap.extend_from_slice(maybe_sec1_der); + wrap_in_asn1_len(&mut sec1_wrap); + sec1_wrap.insert(0, der::Tag::OctetString as u8); + + let mut pkcs8 = Vec::with_capacity(pkcs8_prefix.len() + sec1_wrap.len() + 4); + pkcs8.extend_from_slice(pkcs8_prefix); + pkcs8.extend_from_slice(&sec1_wrap); + wrap_in_sequence(&mut pkcs8); + + EcdsaKeyPair::from_pkcs8(sigalg, &pkcs8).map_err(|_| ()) + } +} + +// This is (line-by-line): +// - INTEGER Version = 0 +// - SEQUENCE (privateKeyAlgorithm) +// - id-ecPublicKey OID +// - prime256v1 OID +const PKCS8_PREFIX_ECDSA_NISTP256: &[u8] = b"\x02\x01\x00\ + \x30\x13\ + \x06\x07\x2a\x86\x48\xce\x3d\x02\x01\ + \x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"; + +// This is (line-by-line): +// - INTEGER Version = 0 +// - SEQUENCE (privateKeyAlgorithm) +// - id-ecPublicKey OID +// - secp384r1 OID +const PKCS8_PREFIX_ECDSA_NISTP384: &[u8] = b"\x02\x01\x00\ + \x30\x10\ + \x06\x07\x2a\x86\x48\xce\x3d\x02\x01\ + \x06\x05\x2b\x81\x04\x00\x22"; + +impl SigningKey for EcdsaSigningKey { + fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { + if offered.contains(&self.scheme) { + Some(Box::new(EcdsaSigner { + key: Arc::clone(&self.key), + scheme: self.scheme, + })) + } else { + None + } + } + + fn algorithm(&self) -> SignatureAlgorithm { + self.scheme.sign() + } +} + +struct EcdsaSigner { + key: Arc, + scheme: SignatureScheme, +} + +impl Signer for EcdsaSigner { + fn sign(&self, message: &[u8]) -> Result, Error> { + let rng = ring::rand::SystemRandom::new(); + self.key + .sign(&rng, message) + .map_err(|_| Error::General("signing failed".into())) + .map(|sig| sig.as_ref().into()) + } + + fn scheme(&self) -> SignatureScheme { + self.scheme + } +} + +/// A SigningKey that uses exactly one TLS-level SignatureScheme +/// and one ring-level signature::SigningAlgorithm. +/// +/// Compare this to RsaSigningKey, which for a particular key is +/// willing to sign with several algorithms. This is quite poor +/// cryptography practice, but is necessary because a given RSA key +/// is expected to work in TLS1.2 (PKCS#1 signatures) and TLS1.3 +/// (PSS signatures) -- nobody is willing to obtain certificates for +/// different protocol versions. +/// +/// Currently this is only implemented for Ed25519 keys. +struct Ed25519SigningKey { + key: Arc, + scheme: SignatureScheme, +} + +impl Ed25519SigningKey { + /// Make a new `Ed25519SigningKey` from a DER encoding in PKCS#8 format, + /// expecting a key usable with precisely the given signature scheme. + fn new(der: &PrivatePkcs8KeyDer<'_>, scheme: SignatureScheme) -> Result { + match Ed25519KeyPair::from_pkcs8_maybe_unchecked(der.secret_pkcs8_der()) { + Ok(key_pair) => Ok(Self { + key: Arc::new(key_pair), + scheme, + }), + Err(_) => Err(SignError(())), + } + } +} + +impl SigningKey for Ed25519SigningKey { + fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { + if offered.contains(&self.scheme) { + Some(Box::new(Ed25519Signer { + key: Arc::clone(&self.key), + scheme: self.scheme, + })) + } else { + None + } + } + + fn algorithm(&self) -> SignatureAlgorithm { + self.scheme.sign() + } +} + +struct Ed25519Signer { + key: Arc, + scheme: SignatureScheme, +} + +impl Signer for Ed25519Signer { + fn sign(&self, message: &[u8]) -> Result, Error> { + Ok(self.key.sign(message).as_ref().into()) + } + + fn scheme(&self) -> SignatureScheme { + self.scheme + } +} + +/// Errors while signing +#[derive(Debug)] +pub struct SignError(()); + +impl fmt::Display for SignError { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + f.write_str("sign error") + } +} + +impl StdError for SignError {} + +#[cfg(test)] +mod tests { + use super::*; + use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer}; + + #[test] + fn can_load_ecdsa_nistp256_pkcs8() { + let key = + PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/nistp256key.pkcs8.der")[..]); + assert!(any_eddsa_type(&key).is_err()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } + + #[test] + fn can_load_ecdsa_nistp256_sec1() { + let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( + &include_bytes!("../../testdata/nistp256key.der")[..], + )); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } + + #[test] + fn can_load_ecdsa_nistp384_pkcs8() { + let key = + PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/nistp384key.pkcs8.der")[..]); + assert!(any_eddsa_type(&key).is_err()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } + + #[test] + fn can_load_ecdsa_nistp384_sec1() { + let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( + &include_bytes!("../../testdata/nistp384key.der")[..], + )); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } + + #[test] + fn can_load_eddsa_pkcs8() { + let key = PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/eddsakey.der")[..]); + assert!(any_eddsa_type(&key).is_ok()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_err()); + } + + #[test] + fn can_load_rsa2048_pkcs8() { + let key = + PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/rsa2048key.pkcs8.der")[..]); + assert!(any_eddsa_type(&key).is_err()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_err()); + } + + #[test] + fn can_load_rsa2048_pkcs1() { + let key = PrivateKeyDer::Pkcs1(PrivatePkcs1KeyDer::from( + &include_bytes!("../../testdata/rsa2048key.pkcs1.der")[..], + )); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_err()); + } +} diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index ef4576b3a6..88bb919f5c 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -1,14 +1,9 @@ use crate::enums::{SignatureAlgorithm, SignatureScheme}; use crate::error::Error; -use crate::x509::{wrap_in_asn1_len, wrap_in_sequence}; -use pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer}; -use ring::io::der; -use ring::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use pki_types::CertificateDer; use alloc::sync::Arc; -use core::fmt; -use std::error::Error as StdError; /// An abstract signing key. pub trait SigningKey: Send + Sync { @@ -66,413 +61,3 @@ impl CertifiedKey { .ok_or(Error::NoCertificatesPresented) } } - -/// Parse `der` as any supported key encoding/type, returning -/// the first which works. -pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result, SignError> { - if let Ok(rsa) = RsaSigningKey::new(der) { - Ok(Arc::new(rsa)) - } else if let Ok(ecdsa) = any_ecdsa_type(der) { - Ok(ecdsa) - } else if let PrivateKeyDer::Pkcs8(pkcs8) = der { - any_eddsa_type(pkcs8) - } else { - Err(SignError(())) - } -} - -/// Parse `der` as any ECDSA key type, returning the first which works. -/// -/// Both SEC1 (PEM section starting with 'BEGIN EC PRIVATE KEY') and PKCS8 -/// (PEM section starting with 'BEGIN PRIVATE KEY') encodings are supported. -pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result, SignError> { - if let Ok(ecdsa_p256) = EcdsaSigningKey::new( - der, - SignatureScheme::ECDSA_NISTP256_SHA256, - &signature::ECDSA_P256_SHA256_ASN1_SIGNING, - ) { - return Ok(Arc::new(ecdsa_p256)); - } - - if let Ok(ecdsa_p384) = EcdsaSigningKey::new( - der, - SignatureScheme::ECDSA_NISTP384_SHA384, - &signature::ECDSA_P384_SHA384_ASN1_SIGNING, - ) { - return Ok(Arc::new(ecdsa_p384)); - } - - Err(SignError(())) -} - -/// Parse `der` as any EdDSA key type, returning the first which works. -pub fn any_eddsa_type(der: &PrivatePkcs8KeyDer<'_>) -> Result, SignError> { - if let Ok(ed25519) = Ed25519SigningKey::new(der, SignatureScheme::ED25519) { - return Ok(Arc::new(ed25519)); - } - - // TODO: Add support for Ed448 - - Err(SignError(())) -} - -/// A `SigningKey` for RSA-PKCS1 or RSA-PSS. -/// -/// This is used by the test suite, so it must be `pub`, but it isn't part of -/// the public, stable, API. -#[doc(hidden)] -pub struct RsaSigningKey { - key: Arc, -} - -static ALL_RSA_SCHEMES: &[SignatureScheme] = &[ - SignatureScheme::RSA_PSS_SHA512, - SignatureScheme::RSA_PSS_SHA384, - SignatureScheme::RSA_PSS_SHA256, - SignatureScheme::RSA_PKCS1_SHA512, - SignatureScheme::RSA_PKCS1_SHA384, - SignatureScheme::RSA_PKCS1_SHA256, -]; - -impl RsaSigningKey { - /// Make a new `RsaSigningKey` from a DER encoding, in either - /// PKCS#1 or PKCS#8 format. - pub fn new(der: &PrivateKeyDer<'_>) -> Result { - let key_pair = match der { - PrivateKeyDer::Pkcs1(pkcs1) => RsaKeyPair::from_der(pkcs1.secret_pkcs1_der()), - PrivateKeyDer::Pkcs8(pkcs8) => RsaKeyPair::from_pkcs8(pkcs8.secret_pkcs8_der()), - _ => return Err(SignError(())), - } - .map_err(|_| SignError(()))?; - - Ok(Self { - key: Arc::new(key_pair), - }) - } -} - -impl SigningKey for RsaSigningKey { - fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { - ALL_RSA_SCHEMES - .iter() - .find(|scheme| offered.contains(scheme)) - .map(|scheme| RsaSigner::new(Arc::clone(&self.key), *scheme)) - } - - fn algorithm(&self) -> SignatureAlgorithm { - SignatureAlgorithm::RSA - } -} - -struct RsaSigner { - key: Arc, - scheme: SignatureScheme, - encoding: &'static dyn signature::RsaEncoding, -} - -impl RsaSigner { - fn new(key: Arc, scheme: SignatureScheme) -> Box { - let encoding: &dyn signature::RsaEncoding = match scheme { - SignatureScheme::RSA_PKCS1_SHA256 => &signature::RSA_PKCS1_SHA256, - SignatureScheme::RSA_PKCS1_SHA384 => &signature::RSA_PKCS1_SHA384, - SignatureScheme::RSA_PKCS1_SHA512 => &signature::RSA_PKCS1_SHA512, - SignatureScheme::RSA_PSS_SHA256 => &signature::RSA_PSS_SHA256, - SignatureScheme::RSA_PSS_SHA384 => &signature::RSA_PSS_SHA384, - SignatureScheme::RSA_PSS_SHA512 => &signature::RSA_PSS_SHA512, - _ => unreachable!(), - }; - - Box::new(Self { - key, - scheme, - encoding, - }) - } -} - -impl Signer for RsaSigner { - fn sign(&self, message: &[u8]) -> Result, Error> { - let mut sig = vec![0; self.key.public_modulus_len()]; - - let rng = ring::rand::SystemRandom::new(); - self.key - .sign(self.encoding, &rng, message, &mut sig) - .map(|_| sig) - .map_err(|_| Error::General("signing failed".to_string())) - } - - fn scheme(&self) -> SignatureScheme { - self.scheme - } -} - -/// A SigningKey that uses exactly one TLS-level SignatureScheme -/// and one ring-level signature::SigningAlgorithm. -/// -/// Compare this to RsaSigningKey, which for a particular key is -/// willing to sign with several algorithms. This is quite poor -/// cryptography practice, but is necessary because a given RSA key -/// is expected to work in TLS1.2 (PKCS#1 signatures) and TLS1.3 -/// (PSS signatures) -- nobody is willing to obtain certificates for -/// different protocol versions. -/// -/// Currently this is only implemented for ECDSA keys. -struct EcdsaSigningKey { - key: Arc, - scheme: SignatureScheme, -} - -impl EcdsaSigningKey { - /// Make a new `ECDSASigningKey` from a DER encoding in PKCS#8 or SEC1 - /// format, expecting a key usable with precisely the given signature - /// scheme. - fn new( - der: &PrivateKeyDer<'_>, - scheme: SignatureScheme, - sigalg: &'static signature::EcdsaSigningAlgorithm, - ) -> Result { - let key_pair = match der { - PrivateKeyDer::Sec1(sec1) => { - Self::convert_sec1_to_pkcs8(scheme, sigalg, sec1.secret_sec1_der())? - } - PrivateKeyDer::Pkcs8(pkcs8) => { - EcdsaKeyPair::from_pkcs8(sigalg, pkcs8.secret_pkcs8_der()).map_err(|_| ())? - } - _ => return Err(()), - }; - - Ok(Self { - key: Arc::new(key_pair), - scheme, - }) - } - - /// Convert a SEC1 encoding to PKCS8, and ask ring to parse it. This - /// can be removed once - /// (or equivalent) is landed. - fn convert_sec1_to_pkcs8( - scheme: SignatureScheme, - sigalg: &'static signature::EcdsaSigningAlgorithm, - maybe_sec1_der: &[u8], - ) -> Result { - let pkcs8_prefix = match scheme { - SignatureScheme::ECDSA_NISTP256_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256, - SignatureScheme::ECDSA_NISTP384_SHA384 => &PKCS8_PREFIX_ECDSA_NISTP384, - _ => unreachable!(), // all callers are in this file - }; - - // wrap sec1 encoding in an OCTET STRING - let mut sec1_wrap = Vec::with_capacity(maybe_sec1_der.len() + 8); - sec1_wrap.extend_from_slice(maybe_sec1_der); - wrap_in_asn1_len(&mut sec1_wrap); - sec1_wrap.insert(0, der::Tag::OctetString as u8); - - let mut pkcs8 = Vec::with_capacity(pkcs8_prefix.len() + sec1_wrap.len() + 4); - pkcs8.extend_from_slice(pkcs8_prefix); - pkcs8.extend_from_slice(&sec1_wrap); - wrap_in_sequence(&mut pkcs8); - - EcdsaKeyPair::from_pkcs8(sigalg, &pkcs8).map_err(|_| ()) - } -} - -// This is (line-by-line): -// - INTEGER Version = 0 -// - SEQUENCE (privateKeyAlgorithm) -// - id-ecPublicKey OID -// - prime256v1 OID -const PKCS8_PREFIX_ECDSA_NISTP256: &[u8] = b"\x02\x01\x00\ - \x30\x13\ - \x06\x07\x2a\x86\x48\xce\x3d\x02\x01\ - \x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"; - -// This is (line-by-line): -// - INTEGER Version = 0 -// - SEQUENCE (privateKeyAlgorithm) -// - id-ecPublicKey OID -// - secp384r1 OID -const PKCS8_PREFIX_ECDSA_NISTP384: &[u8] = b"\x02\x01\x00\ - \x30\x10\ - \x06\x07\x2a\x86\x48\xce\x3d\x02\x01\ - \x06\x05\x2b\x81\x04\x00\x22"; - -impl SigningKey for EcdsaSigningKey { - fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { - if offered.contains(&self.scheme) { - Some(Box::new(EcdsaSigner { - key: Arc::clone(&self.key), - scheme: self.scheme, - })) - } else { - None - } - } - - fn algorithm(&self) -> SignatureAlgorithm { - self.scheme.sign() - } -} - -struct EcdsaSigner { - key: Arc, - scheme: SignatureScheme, -} - -impl Signer for EcdsaSigner { - fn sign(&self, message: &[u8]) -> Result, Error> { - let rng = ring::rand::SystemRandom::new(); - self.key - .sign(&rng, message) - .map_err(|_| Error::General("signing failed".into())) - .map(|sig| sig.as_ref().into()) - } - - fn scheme(&self) -> SignatureScheme { - self.scheme - } -} - -/// A SigningKey that uses exactly one TLS-level SignatureScheme -/// and one ring-level signature::SigningAlgorithm. -/// -/// Compare this to RsaSigningKey, which for a particular key is -/// willing to sign with several algorithms. This is quite poor -/// cryptography practice, but is necessary because a given RSA key -/// is expected to work in TLS1.2 (PKCS#1 signatures) and TLS1.3 -/// (PSS signatures) -- nobody is willing to obtain certificates for -/// different protocol versions. -/// -/// Currently this is only implemented for Ed25519 keys. -struct Ed25519SigningKey { - key: Arc, - scheme: SignatureScheme, -} - -impl Ed25519SigningKey { - /// Make a new `Ed25519SigningKey` from a DER encoding in PKCS#8 format, - /// expecting a key usable with precisely the given signature scheme. - fn new(der: &PrivatePkcs8KeyDer<'_>, scheme: SignatureScheme) -> Result { - match Ed25519KeyPair::from_pkcs8_maybe_unchecked(der.secret_pkcs8_der()) { - Ok(key_pair) => Ok(Self { - key: Arc::new(key_pair), - scheme, - }), - Err(_) => Err(SignError(())), - } - } -} - -impl SigningKey for Ed25519SigningKey { - fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { - if offered.contains(&self.scheme) { - Some(Box::new(Ed25519Signer { - key: Arc::clone(&self.key), - scheme: self.scheme, - })) - } else { - None - } - } - - fn algorithm(&self) -> SignatureAlgorithm { - self.scheme.sign() - } -} - -struct Ed25519Signer { - key: Arc, - scheme: SignatureScheme, -} - -impl Signer for Ed25519Signer { - fn sign(&self, message: &[u8]) -> Result, Error> { - Ok(self.key.sign(message).as_ref().into()) - } - - fn scheme(&self) -> SignatureScheme { - self.scheme - } -} - -/// Errors while signing -#[derive(Debug)] -pub struct SignError(()); - -impl fmt::Display for SignError { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - f.write_str("sign error") - } -} - -impl StdError for SignError {} - -#[cfg(test)] -mod tests { - use super::*; - use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer}; - - #[test] - fn can_load_ecdsa_nistp256_pkcs8() { - let key = - PrivatePkcs8KeyDer::from(&include_bytes!("../testdata/nistp256key.pkcs8.der")[..]); - assert!(any_eddsa_type(&key).is_err()); - let key = PrivateKeyDer::Pkcs8(key); - assert!(any_supported_type(&key).is_ok()); - assert!(any_ecdsa_type(&key).is_ok()); - } - - #[test] - fn can_load_ecdsa_nistp256_sec1() { - let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( - &include_bytes!("../testdata/nistp256key.der")[..], - )); - assert!(any_supported_type(&key).is_ok()); - assert!(any_ecdsa_type(&key).is_ok()); - } - - #[test] - fn can_load_ecdsa_nistp384_pkcs8() { - let key = - PrivatePkcs8KeyDer::from(&include_bytes!("../testdata/nistp384key.pkcs8.der")[..]); - assert!(any_eddsa_type(&key).is_err()); - let key = PrivateKeyDer::Pkcs8(key); - assert!(any_supported_type(&key).is_ok()); - assert!(any_ecdsa_type(&key).is_ok()); - } - - #[test] - fn can_load_ecdsa_nistp384_sec1() { - let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( - &include_bytes!("../testdata/nistp384key.der")[..], - )); - assert!(any_supported_type(&key).is_ok()); - assert!(any_ecdsa_type(&key).is_ok()); - } - - #[test] - fn can_load_eddsa_pkcs8() { - let key = PrivatePkcs8KeyDer::from(&include_bytes!("../testdata/eddsakey.der")[..]); - assert!(any_eddsa_type(&key).is_ok()); - let key = PrivateKeyDer::Pkcs8(key); - assert!(any_supported_type(&key).is_ok()); - assert!(any_ecdsa_type(&key).is_err()); - } - - #[test] - fn can_load_rsa2048_pkcs8() { - let key = PrivatePkcs8KeyDer::from(&include_bytes!("../testdata/rsa2048key.pkcs8.der")[..]); - assert!(any_eddsa_type(&key).is_err()); - let key = PrivateKeyDer::Pkcs8(key); - assert!(any_supported_type(&key).is_ok()); - assert!(any_ecdsa_type(&key).is_err()); - } - - #[test] - fn can_load_rsa2048_pkcs1() { - let key = PrivateKeyDer::Pkcs1(PrivatePkcs1KeyDer::from( - &include_bytes!("../testdata/rsa2048key.pkcs1.der")[..], - )); - assert!(any_supported_type(&key).is_ok()); - assert!(any_ecdsa_type(&key).is_err()); - } -} diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 3a1bf2b113..7488154a2d 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -491,10 +491,10 @@ pub use crypto::ring::kx_group; /// Message signing interfaces and implementations. pub mod sign { - pub use super::crypto::signer::{ - any_ecdsa_type, any_eddsa_type, any_supported_type, CertifiedKey, RsaSigningKey, Signer, - SigningKey, + pub use crate::crypto::ring::sign::{ + any_ecdsa_type, any_eddsa_type, any_supported_type, RsaSigningKey, }; + pub use crate::crypto::signer::{CertifiedKey, Signer, SigningKey}; } #[cfg(feature = "quic")] diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index f0b91e2937..2316332795 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -1,3 +1,4 @@ +use crate::crypto::ring; use crate::dns_name::DnsNameRef; use crate::error::Error; use crate::limited_cache; @@ -103,7 +104,7 @@ impl AlwaysResolvesChain { chain: Vec>, priv_key: &PrivateKeyDer<'_>, ) -> Result { - let key = sign::any_supported_type(priv_key) + let key = ring::sign::any_supported_type(priv_key) .map_err(|_| Error::General("invalid private key".into()))?; Ok(Self(Arc::new(sign::CertifiedKey::new(chain, key)))) } From 310738e0313612e9496b73984c4585c432bf45e3 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 11 Sep 2023 15:50:02 +0100 Subject: [PATCH 0155/1145] Remove ring use in handshake_test.rs --- rustls/src/msgs/handshake_test.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 6d97b83312..6d4bb149e2 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -1201,6 +1201,7 @@ fn can_decode_server_hello_from_api_devicecheck_apple_com() { fn wrapped_dn_encoding() { let subject = b"subject"; let dn = DistinguishedName::in_sequence(&subject[..]); - let expected_prefix = vec![ring::io::der::Tag::Sequence as u8, subject.len() as u8]; + const DER_SEQUENCE_TAG: u8 = 0x30; + let expected_prefix = vec![DER_SEQUENCE_TAG, subject.len() as u8]; assert_eq!(dn.as_ref(), [expected_prefix, subject.to_vec()].concat()); } From b1450548825538425bc6ddd4da294bc97190dce7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 10 Jul 2023 15:06:49 +0100 Subject: [PATCH 0156/1145] Make *ring* an optional dependency Using the crate without this feature means something external needs to provide all the cryptography, and (eg) convenient integrated key loading APIs disappear. --- rustls/Cargo.toml | 11 +++++++---- rustls/src/builder.rs | 8 ++++++++ rustls/src/client/builder.rs | 9 +++++++-- rustls/src/client/handy.rs | 8 +++++--- rustls/src/crypto/cipher.rs | 5 ----- rustls/src/crypto/mod.rs | 1 + rustls/src/hash_hs.rs | 4 ++-- rustls/src/hkdf.rs | 2 +- rustls/src/lib.rs | 22 +++++++++++++++++++++- rustls/src/server/builder.rs | 4 ++++ rustls/src/server/handy.rs | 4 ++++ rustls/src/server/server_conn.rs | 2 ++ rustls/src/suites.rs | 2 +- rustls/src/tls12/mod.rs | 2 +- rustls/src/tls12/prf.rs | 2 +- rustls/src/tls13/key_schedule.rs | 5 +++-- rustls/src/verify.rs | 2 +- rustls/tests/api.rs | 1 + rustls/tests/client_cert_verifier.rs | 6 +++++- rustls/tests/common/mod.rs | 1 + rustls/tests/key_log_file_env.rs | 2 ++ rustls/tests/server_cert_verifier.rs | 6 +++++- 22 files changed, 83 insertions(+), 26 deletions(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 9a5ff2ca9e..0362b5ded0 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -17,15 +17,16 @@ rustversion = { version = "1.0.6", optional = true } [dependencies] log = { version = "0.4.4", optional = true } -ring = "0.16.20" +ring = { version = "0.16.20", optional = true } subtle = "2.5.0" -webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.3", features = ["alloc", "std", "ring"] } +webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.3", features = ["alloc", "std"], default-features = false } pki-types = { package = "rustls-pki-types", version = "0.2.0", features = ["std"] } [features] -default = ["logging", "tls12"] +default = ["logging", "ring", "tls12"] logging = ["log"] dangerous_configuration = [] +ring = ["dep:ring", "webpki/ring"] secret_extraction = [] quic = [] tls12 = [] @@ -42,16 +43,18 @@ base64 = "0.21" [[example]] name = "bogo_shim" path = "examples/internal/bogo_shim.rs" -required-features = ["dangerous_configuration", "quic", "tls12"] +required-features = ["dangerous_configuration", "quic", "tls12", "ring"] [[example]] name = "bench" path = "examples/internal/bench.rs" +required-features = ["ring"] [[bench]] name = "benchmarks" path = "benches/benchmarks.rs" harness = false +required-features = ["ring"] [package.metadata.docs.rs] all-features = true diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 0b89927847..d6a1b3a831 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -23,6 +23,7 @@ use core::marker::PhantomData; /// exchange groups and protocol versions: /// /// ``` +/// # #[cfg(feature = "ring")] { /// use rustls::{ClientConfig, ServerConfig, crypto::ring::Ring}; /// // specifies the cryptographic provider to use. /// ClientConfig::::builder() @@ -34,6 +35,7 @@ use core::marker::PhantomData; /// .with_safe_defaults() /// // ... /// # ; +/// # } /// ``` /// /// If you override the default for one protocol primitive (for instance supporting only TLS 1.3), @@ -41,6 +43,7 @@ use core::marker::PhantomData; /// be "use the default." /// /// ```no_run +/// # #[cfg(feature = "ring")] { /// # use rustls::ServerConfig; /// # use rustls::crypto::ring::Ring; /// ServerConfig::::builder() @@ -50,6 +53,7 @@ use core::marker::PhantomData; /// .unwrap() /// // ... /// # ; +/// # } /// ``` /// /// Overriding a default introduces a `Result` that must be unwrapped, @@ -79,6 +83,7 @@ use core::marker::PhantomData; /// For example: /// /// ``` +/// # #[cfg(feature = "ring")] { /// # use rustls::ClientConfig; /// # use rustls::crypto::ring::Ring; /// # let root_certs = rustls::RootCertStore::empty(); @@ -86,6 +91,7 @@ use core::marker::PhantomData; /// .with_safe_defaults() /// .with_root_certificates(root_certs) /// .with_no_client_auth(); +/// # } /// ``` /// /// # ServerConfig certificate configuration @@ -102,6 +108,7 @@ use core::marker::PhantomData; /// For example: /// /// ```no_run +/// # #[cfg(feature = "ring")] { /// # use rustls::ServerConfig; /// # use rustls::crypto::ring::Ring; /// # let certs = vec![]; @@ -113,6 +120,7 @@ use core::marker::PhantomData; /// .with_no_client_auth() /// .with_single_cert(certs, private_key) /// .expect("bad certificate/key"); +/// # } /// ``` /// /// # Types diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 924587c2f5..0539fa8a13 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -2,19 +2,22 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::client::handy; use crate::client::{ClientConfig, ResolvesClientCert}; use crate::crypto::{CryptoProvider, KeyExchange}; -use crate::error::Error; use crate::key_log::NoKeyLog; use crate::suites::SupportedCipherSuite; -use crate::{verify, versions, webpki}; +#[cfg(feature = "ring")] +use crate::{error::Error, webpki}; +use crate::{verify, versions}; use super::client_conn::Resumption; +#[cfg(feature = "ring")] use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::sync::Arc; use core::marker::PhantomData; impl ConfigBuilder, WantsVerifier> { + #[cfg(feature = "ring")] /// Choose how to verify server certificates. pub fn with_root_certificates( self, @@ -62,6 +65,7 @@ pub struct WantsClientCert { } impl ConfigBuilder, WantsClientCert> { + #[cfg(feature = "ring")] /// Sets a single certificate chain and matching private key for use /// in client authentication. /// @@ -78,6 +82,7 @@ impl ConfigBuilder, WantsClientCert> { Ok(self.with_client_cert_resolver(Arc::new(resolver))) } + #[cfg(feature = "ring")] /// Sets a single certificate chain and matching private key for use /// in client authentication. /// diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 3570f0638a..dd75596c66 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -1,13 +1,14 @@ use crate::client; -use crate::crypto::ring; use crate::enums::SignatureScheme; -use crate::error::Error; use crate::limited_cache; use crate::msgs::persist; use crate::sign; use crate::NamedGroup; use crate::ServerName; +#[cfg(feature = "ring")] +use crate::{crypto::ring, error::Error}; +#[cfg(feature = "ring")] use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::collections::VecDeque; @@ -179,6 +180,7 @@ impl client::ResolvesClientCert for FailResolveClientCert { pub(super) struct AlwaysResolvesClientCert(Arc); impl AlwaysResolvesClientCert { + #[cfg(feature = "ring")] pub(super) fn new( chain: Vec>, priv_key: &PrivateKeyDer<'_>, @@ -203,7 +205,7 @@ impl client::ResolvesClientCert for AlwaysResolvesClientCert { } } -#[cfg(test)] +#[cfg(all(test, feature = "ring"))] mod test { use super::NoClientSessionStorage; use crate::client::ClientSessionStore; diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 40a6b7c714..3dbdb4b2a8 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -126,11 +126,6 @@ impl Iv { iv.0.copy_from_slice(value); iv } - - #[cfg(test)] - pub(crate) fn value(&self) -> &[u8; NONCE_LEN] { - &self.0 - } } impl From<[u8; NONCE_LEN]> for Iv { diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index db2816b9b7..dc52fe75bf 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -4,6 +4,7 @@ use crate::{Error, NamedGroup}; use core::fmt::Debug; /// *ring* based CryptoProvider. +#[cfg(feature = "ring")] pub mod ring; /// TLS message encryption/decryption interfaces. diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index 6cab10ab86..35ec0227fe 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -38,7 +38,7 @@ impl HandshakeHashBuffer { } /// Hash or buffer a byte slice. - #[cfg(test)] + #[cfg(all(test, feature = "ring"))] fn update_raw(&mut self, buf: &[u8]) { self.buffer.extend_from_slice(buf); } @@ -163,7 +163,7 @@ impl HandshakeHash { } } -#[cfg(test)] +#[cfg(all(test, feature = "ring"))] mod test { use super::HandshakeHashBuffer; use crate::crypto::ring; diff --git a/rustls/src/hkdf.rs b/rustls/src/hkdf.rs index f02f5c98f5..c996a160d0 100644 --- a/rustls/src/hkdf.rs +++ b/rustls/src/hkdf.rs @@ -123,7 +123,7 @@ impl Expander { } } -#[cfg(test)] +#[cfg(all(test, feature = "ring"))] mod test { use super::Extractor; use crate::crypto::ring; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 7488154a2d..37d3081439 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -103,29 +103,34 @@ //! the Mozilla set of root certificates. //! //! ```rust,no_run +//! # #[cfg(feature = "ring")] { //! let mut root_store = rustls::RootCertStore::empty(); //! root_store.extend( //! webpki_roots::TLS_SERVER_ROOTS //! .iter() //! .cloned() //! ); +//! # } //! ``` //! //! Next, we make a `ClientConfig`. You're likely to make one of these per process, //! and use it for all connections made by that process. //! //! ```rust,no_run +//! # #[cfg(feature = "ring")] { //! # let root_store: rustls::RootCertStore = panic!(); //! let config = rustls::ClientConfig::::builder() //! .with_safe_defaults() //! .with_root_certificates(root_store) //! .with_no_client_auth(); +//! # } //! ``` //! //! Now we can make a connection. You need to provide the server's hostname so we //! know what to expect to find in the server's certificate. //! //! ```rust +//! # #[cfg(feature = "ring")] { //! # use rustls; //! # use webpki; //! # use std::sync::Arc; @@ -142,6 +147,7 @@ //! let rc_config = Arc::new(config); //! let example_com = "example.com".try_into().unwrap(); //! let mut client = rustls::ClientConnection::new(rc_config, example_com); +//! # } //! ``` //! //! Now you should do appropriate IO for the `client` object. If `client.wants_read()` yields @@ -168,6 +174,7 @@ //! errors. //! //! ```rust,no_run +//! # #[cfg(feature = "ring")] { //! # let mut client = rustls::ClientConnection::new::(panic!(), panic!()).unwrap(); //! # struct Socket { } //! # impl Socket { @@ -209,6 +216,7 @@ //! //! socket.wait_for_something_to_happen(); //! } +//! # } //! ``` //! //! # Examples @@ -245,6 +253,11 @@ //! - `read_buf`: When building with Rust Nightly, adds support for the unstable //! `std::io::ReadBuf` and related APIs. This reduces costs from initializing //! buffers. Will do nothing on non-Nightly releases. +//! +//! - `ring`: this makes the rustls crate depend on the *ring* crate, which is +//! which is used for cryptography. +//! Without this feature, these items must be provided externally to the core +//! rustls crate. // Require docs for public APIs, deny unsafe code, etc. #![forbid(unsafe_code, unused_must_use)] @@ -368,8 +381,11 @@ pub use crate::builder::{ }; pub use crate::common_state::{CommonState, IoState, Side}; pub use crate::conn::{Connection, ConnectionCommon, Reader, SideData, Writer}; +#[cfg(feature = "ring")] pub use crate::crypto::ring::Ticketer; +#[cfg(feature = "ring")] pub use crate::crypto::ring::{SupportedKxGroup, ALL_KX_GROUPS}; +#[cfg(feature = "ring")] pub use crate::crypto::ring::{ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES}; pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, @@ -440,6 +456,7 @@ pub mod server { mod tls12; mod tls13; + pub use crate::verify::NoClientAuth; pub use crate::webpki::WebPkiClientVerifier; pub use crate::webpki::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; pub use builder::WantsServerCert; @@ -465,12 +482,13 @@ pub use server::{ServerConfig, ServerConnection}; /// /// [`ALL_CIPHER_SUITES`] is provided as an array of all of these values. pub mod cipher_suite { - #[cfg(feature = "tls12")] + #[cfg(all(feature = "tls12", feature = "ring"))] pub use crate::crypto::ring::tls12::{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, }; + #[cfg(feature = "ring")] pub use crate::crypto::ring::tls13::{ TLS13_AES_128_GCM_SHA256, TLS13_AES_256_GCM_SHA384, TLS13_CHACHA20_POLY1305_SHA256, }; @@ -486,11 +504,13 @@ pub mod version { pub use crate::versions::TLS13; } +#[cfg(feature = "ring")] /// All defined key exchange groups supported by *ring* appear in this module. pub use crypto::ring::kx_group; /// Message signing interfaces and implementations. pub mod sign { + #[cfg(feature = "ring")] pub use crate::crypto::ring::sign::{ any_ecdsa_type, any_eddsa_type, any_supported_type, RsaSigningKey, }; diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 9641f81ff4..6bb046eede 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -1,5 +1,6 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::crypto::{CryptoProvider, KeyExchange}; +#[cfg(feature = "ring")] use crate::error::Error; use crate::server::handy; use crate::server::{ResolvesServerCert, ServerConfig}; @@ -9,6 +10,7 @@ use crate::versions; use crate::webpki::WebPkiClientVerifier; use crate::NoKeyLog; +#[cfg(feature = "ring")] use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::sync::Arc; @@ -50,6 +52,7 @@ pub struct WantsServerCert { } impl ConfigBuilder, WantsServerCert> { + #[cfg(feature = "ring")] /// Sets a single certificate chain and matching private key. This /// certificate and key is used for all subsequent connections, /// irrespective of things like SNI hostname. @@ -72,6 +75,7 @@ impl ConfigBuilder, WantsServerCert> { Ok(self.with_cert_resolver(Arc::new(resolver))) } + #[cfg(feature = "ring")] /// Sets a single certificate chain, matching private key, OCSP /// response and SCTs. This certificate and key is used for all /// subsequent connections, irrespective of things like SNI hostname. diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 2316332795..dd5760bfc9 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -1,3 +1,4 @@ +#[cfg(feature = "ring")] use crate::crypto::ring; use crate::dns_name::DnsNameRef; use crate::error::Error; @@ -8,6 +9,7 @@ use crate::sign; use crate::webpki::{verify_server_name, ParsedCertificate}; use crate::ServerName; +#[cfg(feature = "ring")] use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::sync::Arc; @@ -100,6 +102,7 @@ pub(super) struct AlwaysResolvesChain(Arc); impl AlwaysResolvesChain { /// Creates an `AlwaysResolvesChain`, auto-detecting the underlying private /// key type and encoding. + #[cfg(feature = "ring")] pub(super) fn new( chain: Vec>, priv_key: &PrivateKeyDer<'_>, @@ -113,6 +116,7 @@ impl AlwaysResolvesChain { /// key type and encoding. /// /// If non-empty, the given OCSP response and SCTs are attached. + #[cfg(feature = "ring")] pub(super) fn new_with_extras( chain: Vec>, priv_key: &PrivateKeyDer<'_>, diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 98f31fd814..1ce36515b2 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -548,6 +548,7 @@ impl From for crate::Connection { /// # Example /// /// ```no_run +/// # #[cfg(feature = "ring")] { /// # fn choose_server_config( /// # _: rustls::server::ClientHello, /// # ) -> std::sync::Arc> { @@ -576,6 +577,7 @@ impl From for crate::Connection { /// // Proceed with handling the ServerConnection. /// } /// # } +/// # } /// ``` pub struct Acceptor { inner: Option>, diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 32baeff21a..8b31c03e9b 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -216,7 +216,7 @@ pub enum ConnectionTrafficSecrets { }, } -#[cfg(test)] +#[cfg(all(test, feature = "ring"))] mod test { use super::crypto::ring::tls13::*; use super::*; diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 77ea770d25..fe6c42d11c 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -312,7 +312,7 @@ pub(crate) fn decode_ecdh_params( pub(crate) const DOWNGRADE_SENTINEL: [u8; 8] = [0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01]; -#[cfg(test)] +#[cfg(all(test, feature = "ring"))] mod tests { use super::*; use crate::common_state::{CommonState, Side}; diff --git a/rustls/src/tls12/prf.rs b/rustls/src/tls12/prf.rs index 7c88793bef..08c3fef488 100644 --- a/rustls/src/tls12/prf.rs +++ b/rustls/src/tls12/prf.rs @@ -15,7 +15,7 @@ pub(crate) fn prf(out: &mut [u8], hmac_key: &dyn crypto::hmac::Key, label: &[u8] } } -#[cfg(test)] +#[cfg(all(test, feature = "ring"))] mod tests { use crate::crypto::hmac::Hmac; use crate::crypto::ring; diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 4575b6c52d..4c6cb72f06 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -785,7 +785,7 @@ where f(expander, info) } -#[cfg(test)] +#[cfg(all(test, feature = "ring"))] mod test { use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; use crate::crypto::ring::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; @@ -947,7 +947,7 @@ mod test { assert!(seal_output.len() >= 48); // Sanity check. let iv = derive_traffic_iv(&expander); - assert_eq!(iv.value(), expected_iv); + assert_eq!(&iv.0, expected_iv); } fn seal_zeroes(key: aead::UnboundKey) -> Vec { @@ -965,6 +965,7 @@ mod test { #[cfg(bench)] mod benchmarks { + #[cfg(feature = "ring")] #[bench] fn bench_sha256(b: &mut test::Bencher) { use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 8ac1bcab40..66d372505d 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -250,7 +250,7 @@ impl fmt::Debug for dyn ClientCertVerifier { /// `WebPkiClientVerifier::builder(roots).allow_unauthenticated().build()`, the `NoClientAuth` /// `ClientCertVerifier` will not offer client authentication at all, vs offering but not /// requiring it. -pub(crate) struct NoClientAuth; +pub struct NoClientAuth; impl ClientCertVerifier for NoClientAuth { fn offer_client_auth(&self) -> bool { diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index e8d29e4c97..813691a13d 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1,3 +1,4 @@ +#![cfg(feature = "ring")] #![cfg_attr(read_buf, feature(read_buf))] //! Assorted public API tests. use std::cell::RefCell; diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index c47aa1e7cf..0a85bd322e 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -1,6 +1,10 @@ //! Tests for configuring and using a [`ClientCertVerifier`] for a server. -#![cfg(feature = "dangerous_configuration")] +#![cfg(all( + feature = "dangerous_configuration", + feature = "webpki", + feature = "ring" +))] mod common; diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 1b0964e5fe..9f51ae8cdc 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -1,4 +1,5 @@ #![allow(dead_code)] +#![cfg(feature = "ring")] use std::io; use std::ops::{Deref, DerefMut}; diff --git a/rustls/tests/key_log_file_env.rs b/rustls/tests/key_log_file_env.rs index 9503d0ea21..d23b41b7a5 100644 --- a/rustls/tests/key_log_file_env.rs +++ b/rustls/tests/key_log_file_env.rs @@ -1,3 +1,5 @@ +#![cfg(feature = "ring")] + //! Tests of [`rustls::KeyLogFile`] that require us to set environment variables. //! //! vvvv diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index 3bdfd1aa9e..7d2a1b574c 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -1,6 +1,10 @@ //! Tests for configuring and using a [`ServerCertVerifier`] for a client. -#![cfg(feature = "dangerous_configuration")] +#![cfg(all( + feature = "dangerous_configuration", + feature = "webpki", + feature = "ring" +))] mod common; use crate::common::{ From 521758a957f2c83553eb8622267ee9fce1bb6e79 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 31 Aug 2023 12:33:33 +0100 Subject: [PATCH 0157/1145] Allow control of which `pki_types::SignatureVerificationAlgorithm`s are used The prior arrangements are still available (and the default), if the crate is built with the *ring* feature. `WebPkiSupportedAlgorithms` is a new structure (designed for static construction, and direct use in webpki calls) that links `pki_types::SignatureVerificationAlgorithm`s to their corresponding TLS `SignatureScheme`. This replaces the hardcoded mappings in `fn convert_scheme` etc. --- rustls/src/lib.rs | 2 +- rustls/src/server/builder.rs | 5 +- rustls/src/verifybench.rs | 2 + rustls/src/webpki/client_verifier_builder.rs | 43 ++- rustls/src/webpki/mod.rs | 2 +- rustls/src/webpki/verify.rs | 269 ++++++++++++------- 6 files changed, 225 insertions(+), 98 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 37d3081439..d94d6e7bb4 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -409,7 +409,7 @@ pub use crate::tls12::Tls12CipherSuite; pub use crate::tls13::Tls13CipherSuite; pub use crate::verify::DigitallySignedStruct; pub use crate::versions::{SupportedProtocolVersion, ALL_VERSIONS, DEFAULT_VERSIONS}; -pub use crate::webpki::RootCertStore; +pub use crate::webpki::{RootCertStore, WebPkiSupportedAlgorithms}; /// Items for use in a client. pub mod client { diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 6bb046eede..54d6c5445a 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -5,9 +5,8 @@ use crate::error::Error; use crate::server::handy; use crate::server::{ResolvesServerCert, ServerConfig}; use crate::suites::SupportedCipherSuite; -use crate::verify::ClientCertVerifier; +use crate::verify::{ClientCertVerifier, NoClientAuth}; use crate::versions; -use crate::webpki::WebPkiClientVerifier; use crate::NoKeyLog; #[cfg(feature = "ring")] @@ -35,7 +34,7 @@ impl ConfigBuilder, WantsVerifier> { /// Disable client authentication. pub fn with_no_client_auth(self) -> ConfigBuilder, WantsServerCert> { - self.with_client_cert_verifier(WebPkiClientVerifier::no_client_auth()) + self.with_client_cert_verifier(Arc::new(NoClientAuth)) } } diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index 82bccc4451..d83edb3152 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -4,6 +4,8 @@ // Note: we don't use any of the standard 'cargo bench', 'test::Bencher', // etc. because it's unstable at the time of writing. +#![cfg(feature = "ring")] + use core::time::Duration; use std::time::Instant; diff --git a/rustls/src/webpki/client_verifier_builder.rs b/rustls/src/webpki/client_verifier_builder.rs index 155f4f451d..e94b13a224 100644 --- a/rustls/src/webpki/client_verifier_builder.rs +++ b/rustls/src/webpki/client_verifier_builder.rs @@ -4,7 +4,7 @@ use std::{error::Error as StdError, sync::Arc}; use pki_types::CertificateRevocationListDer; use webpki::BorrowedCertRevocationList; -use super::verify::{AnonymousClientPolicy, WebPkiClientVerifier}; +use super::verify::{AnonymousClientPolicy, WebPkiClientVerifier, WebPkiSupportedAlgorithms}; use crate::verify::ClientCertVerifier; use crate::{CertRevocationListError, RootCertStore}; @@ -16,6 +16,7 @@ pub struct ClientCertVerifierBuilder { roots: Arc, crls: Vec>, anon_policy: AnonymousClientPolicy, + supported_algs: Option, } impl ClientCertVerifierBuilder { @@ -24,6 +25,7 @@ impl ClientCertVerifierBuilder { roots, crls: Vec::new(), anon_policy: AnonymousClientPolicy::Deny, + supported_algs: None, } } @@ -47,11 +49,25 @@ impl ClientCertVerifierBuilder { self } + /// Sets which signature verification algorithms are enabled. + /// + /// If this is called multiple times, the last call wins. + pub fn with_signature_verification_algorithms( + mut self, + supported_algs: WebPkiSupportedAlgorithms, + ) -> Self { + self.supported_algs = Some(supported_algs); + self + } + /// Build a client certificate verifier. The built verifier will be used for the server to offer /// client certificate authentication, to control how offered client certificates are validated, /// and to determine what to do with anonymous clients that do not respond to the client /// certificate authentication offer with a client certificate. /// + /// If the `ring` crate feature is supplied, and `with_signature_verification_algorithms` was not + /// called on the builder, a default set of signature verification algorithms is used. + /// /// Once built, the provided `Arc` can be used with a Rustls /// [crate::server::ServerConfig] to configure client certificate validation using /// [`with_client_cert_verifier`][crate::ConfigBuilder::with_client_cert_verifier]. @@ -60,11 +76,22 @@ impl ClientCertVerifierBuilder { /// This function will return a `ClientCertVerifierBuilderError` if: /// 1. No trust anchors have been provided. /// 2. DER encoded CRLs have been provided that can not be parsed successfully. - pub fn build(self) -> Result, ClientCertVerifierBuilderError> { + /// 3. No signature verification algorithms were set and the `ring` feature is not enabled. + #[cfg_attr(not(feature = "ring"), allow(unused_mut))] + pub fn build(mut self) -> Result, ClientCertVerifierBuilderError> { if self.roots.is_empty() { return Err(ClientCertVerifierBuilderError::NoRootAnchors); } + #[cfg(feature = "ring")] + if self.supported_algs.is_none() { + self.supported_algs = Some(super::verify::SUPPORTED_SIG_ALGS); + } + + let supported_algs = self + .supported_algs + .ok_or(ClientCertVerifierBuilderError::NoSupportedAlgorithms)?; + Ok(Arc::new(WebPkiClientVerifier::new( self.roots, self.crls @@ -76,6 +103,7 @@ impl ClientCertVerifierBuilder { }) .collect::, CertRevocationListError>>()?, self.anon_policy, + supported_algs, ))) } } @@ -90,6 +118,11 @@ pub enum ClientCertVerifierBuilderError { NoRootAnchors, /// A provided CRL could not be parsed. InvalidCrl(CertRevocationListError), + /// No supported signature verification algorithms were provided. + /// + /// Call `with_signature_verification_algorithms` on the builder, or compile + /// with the `ring` feature. + NoSupportedAlgorithms, } impl From for ClientCertVerifierBuilderError { @@ -103,13 +136,16 @@ impl fmt::Display for ClientCertVerifierBuilderError { match self { Self::NoRootAnchors => write!(f, "no root trust anchors were provided"), Self::InvalidCrl(e) => write!(f, "provided CRL could not be parsed: {:?}", e), + Self::NoSupportedAlgorithms => { + write!(f, "no signature verification algorithms were provided") + } } } } impl StdError for ClientCertVerifierBuilderError {} -#[cfg(test)] +#[cfg(all(test, feature = "ring"))] mod tests { use crate::server::ClientCertVerifierBuilderError; use crate::webpki::verify::WebPkiClientVerifier; @@ -270,6 +306,7 @@ mod tests { let all = vec![ ClientCertVerifierBuilderError::NoRootAnchors, ClientCertVerifierBuilderError::InvalidCrl(crate::CertRevocationListError::ParseError), + ClientCertVerifierBuilderError::NoSupportedAlgorithms, ]; for err in all { diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 5e7b2be3fb..714d6a5c42 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -10,7 +10,7 @@ pub use anchors::RootCertStore; pub use client_verifier_builder::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; -pub use verify::WebPkiClientVerifier; +pub use verify::{WebPkiClientVerifier, WebPkiSupportedAlgorithms}; // Conditionally exported from crate. #[allow(unreachable_pub)] diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index ed9652f5dd..00ec950e2d 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -1,4 +1,5 @@ use alloc::sync::Arc; +use core::fmt; use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime}; @@ -16,25 +17,6 @@ use crate::verify::{ NoClientAuth, ServerCertVerified, ServerCertVerifier, }; -type SignatureAlgorithms = &'static [&'static dyn SignatureVerificationAlgorithm]; - -/// Which signature verification mechanisms we support. No particular -/// order. -static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[ - webpki::ECDSA_P256_SHA256, - webpki::ECDSA_P256_SHA384, - webpki::ECDSA_P384_SHA256, - webpki::ECDSA_P384_SHA384, - webpki::ED25519, - webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, - webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, - webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, - webpki::RSA_PKCS1_2048_8192_SHA256, - webpki::RSA_PKCS1_2048_8192_SHA384, - webpki::RSA_PKCS1_2048_8192_SHA512, - webpki::RSA_PKCS1_3072_8192_SHA384, -]; - /// Verify that the end-entity certificate `end_entity` is a valid server cert /// and chains to at least one of the trust anchors in the `roots` [RootCertStore]. /// @@ -48,10 +30,11 @@ pub fn verify_server_cert_signed_by_trust_anchor( roots: &RootCertStore, intermediates: &[CertificateDer<'_>], now: UnixTime, + supported_algs: &[&dyn SignatureVerificationAlgorithm], ) -> Result<(), Error> { cert.0 .verify_for_usage( - SUPPORTED_SIG_ALGS, + supported_algs, &roots.roots, intermediates, now, @@ -105,7 +88,13 @@ impl ServerCertVerifier for WebPkiServerVerifier { ) -> Result { let cert = ParsedCertificate::try_from(end_entity)?; - verify_server_cert_signed_by_trust_anchor(&cert, &self.roots, intermediates, now)?; + verify_server_cert_signed_by_trust_anchor( + &cert, + &self.roots, + intermediates, + now, + self.supported.all, + )?; if !ocsp_response.is_empty() { trace!("Unvalidated OCSP response: {:?}", ocsp_response.to_vec()); @@ -121,7 +110,7 @@ impl ServerCertVerifier for WebPkiServerVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - Self::default_verify_tls12_signature(message, cert, dss) + verify_signed_struct(message, cert, dss, &self.supported) } fn verify_tls13_signature( @@ -130,11 +119,11 @@ impl ServerCertVerifier for WebPkiServerVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - Self::default_verify_tls13_signature(message, cert, dss) + verify_tls13(message, cert, dss, &self.supported) } fn supported_verify_schemes(&self) -> Vec { - Self::default_supported_verify_schemes() + self.supported.supported_schemes() } } @@ -142,6 +131,7 @@ impl ServerCertVerifier for WebPkiServerVerifier { #[allow(unreachable_pub)] pub struct WebPkiServerVerifier { roots: Arc, + supported: WebPkiSupportedAlgorithms, } #[allow(unreachable_pub)] @@ -149,45 +139,57 @@ impl WebPkiServerVerifier { /// Constructs a new `WebPkiServerVerifier`. /// /// `roots` is the set of trust anchors to trust for issuing server certs. + #[cfg(feature = "ring")] pub fn new(roots: impl Into>) -> Self { + Self::new_with_algorithms(roots, SUPPORTED_SIG_ALGS) + } + + /// Constructs a new `WebPkiServerVerifier`. + /// + /// `roots` is the set of trust anchors to trust for issuing server certs. + /// `supported` is the set of supported algorithms that will be used for + /// certificate verification and TLS handshake signature verification. + #[cfg_attr(not(feature = "dangerous_configuration"), allow(dead_code))] + pub fn new_with_algorithms( + roots: impl Into>, + supported: WebPkiSupportedAlgorithms, + ) -> Self { Self { roots: roots.into(), + supported, } } - /// Which signature verification schemes the `webpki` crate supports. - pub fn default_supported_verify_schemes() -> Vec { - vec![ - SignatureScheme::ECDSA_NISTP384_SHA384, - SignatureScheme::ECDSA_NISTP256_SHA256, - SignatureScheme::ED25519, - SignatureScheme::RSA_PSS_SHA512, - SignatureScheme::RSA_PSS_SHA384, - SignatureScheme::RSA_PSS_SHA256, - SignatureScheme::RSA_PKCS1_SHA512, - SignatureScheme::RSA_PKCS1_SHA384, - SignatureScheme::RSA_PKCS1_SHA256, - ] - } - /// A full implementation of `ServerCertVerifier::verify_tls12_signature` or /// `ClientCertVerifier::verify_tls12_signature`. + #[cfg(feature = "ring")] + #[cfg_attr(not(feature = "dangerous_configuration"), allow(dead_code))] pub fn default_verify_tls12_signature( message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - verify_signed_struct(message, cert, dss) + verify_signed_struct(message, cert, dss, &SUPPORTED_SIG_ALGS) } /// A full implementation of `ServerCertVerifier::verify_tls13_signature` or /// `ClientCertVerifier::verify_tls13_signature`. + #[cfg(feature = "ring")] + #[cfg_attr(not(feature = "dangerous_configuration"), allow(dead_code))] pub fn default_verify_tls13_signature( message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - verify_tls13(message, cert, dss) + verify_tls13(message, cert, dss, &SUPPORTED_SIG_ALGS) + } + + /// A full implementation of `ServerCertVerifier::supported_verify_schemes()` or + /// `ClientCertVerifier::supported_verify_schemes()`. + #[cfg(feature = "ring")] + #[cfg_attr(not(feature = "dangerous_configuration"), allow(dead_code))] + pub fn default_supported_verify_schemes() -> Vec { + SUPPORTED_SIG_ALGS.supported_schemes() } } @@ -248,6 +250,7 @@ pub struct WebPkiClientVerifier { subjects: Vec, crls: Vec, anonymous_policy: AnonymousClientPolicy, + supported_algs: WebPkiSupportedAlgorithms, } impl WebPkiClientVerifier { @@ -277,10 +280,12 @@ impl WebPkiClientVerifier { /// client certificate validation. /// `anonymous_policy` controls whether client authentication is required, or if anonymous /// clients can connect. + /// `supported_algs` is which signature verification algorithms should be used. pub(crate) fn new( roots: Arc, crls: Vec, anonymous_policy: AnonymousClientPolicy, + supported_algs: WebPkiSupportedAlgorithms, ) -> Self { Self { subjects: roots @@ -291,6 +296,7 @@ impl WebPkiClientVerifier { crls, roots, anonymous_policy, + supported_algs, } } } @@ -339,7 +345,7 @@ impl ClientCertVerifier for WebPkiClientVerifier { cert.0 .verify_for_usage( - SUPPORTED_SIG_ALGS, + self.supported_algs.all, &self.roots.roots, intermediates, now, @@ -356,7 +362,7 @@ impl ClientCertVerifier for WebPkiClientVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + verify_signed_struct(message, cert, dss, &self.supported_algs) } fn verify_tls13_signature( @@ -365,11 +371,11 @@ impl ClientCertVerifier for WebPkiClientVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + verify_tls13(message, cert, dss, &self.supported_algs) } fn supported_verify_schemes(&self) -> Vec { - WebPkiServerVerifier::default_supported_verify_schemes() + self.supported_algs.supported_schemes() } } @@ -404,42 +410,126 @@ impl From for CertRevocationListError { } } -static ECDSA_SHA256: SignatureAlgorithms = &[webpki::ECDSA_P256_SHA256, webpki::ECDSA_P384_SHA256]; - -static ECDSA_SHA384: SignatureAlgorithms = &[webpki::ECDSA_P256_SHA384, webpki::ECDSA_P384_SHA384]; - -static ED25519: SignatureAlgorithms = &[webpki::ED25519]; - -static RSA_SHA256: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA256]; -static RSA_SHA384: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA384]; -static RSA_SHA512: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA512]; -static RSA_PSS_SHA256: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY]; -static RSA_PSS_SHA384: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY]; -static RSA_PSS_SHA512: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY]; - -fn convert_scheme(scheme: SignatureScheme) -> Result { - match scheme { - // nb. for TLS1.2 the curve is not fixed by SignatureScheme. - SignatureScheme::ECDSA_NISTP256_SHA256 => Ok(ECDSA_SHA256), - SignatureScheme::ECDSA_NISTP384_SHA384 => Ok(ECDSA_SHA384), +/// Describes which `webpki` signature verification algorithms are supported and +/// how they map to TLS `SignatureScheme`s. +#[derive(Clone, Copy)] +#[allow(unreachable_pub)] +pub struct WebPkiSupportedAlgorithms { + /// A list of all supported signature verification algorithms. + /// + /// Used for verifying certificate chains. + /// + /// The order of this list is not significant. + pub all: &'static [&'static dyn SignatureVerificationAlgorithm], - SignatureScheme::ED25519 => Ok(ED25519), + /// A mapping from TLS `SignatureScheme`s to matching webpki signature verification algorithms. + /// + /// This is one (`SignatureScheme`) to many ([`SignatureVerificationAlgorithm`]) because + /// (depending on the protocol version) there is not necessary a 1-to-1 mapping. + /// + /// For TLS1.2, all `SignatureVerificationAlgorithm`s are tried in sequence. + /// + /// For TLS1.3, only the first is tried. + /// + /// The supported schemes in this mapping is communicated to the peer and the order is significant. + /// The first mapping is our highest preference. + pub mapping: &'static [( + SignatureScheme, + &'static [&'static dyn SignatureVerificationAlgorithm], + )], +} - SignatureScheme::RSA_PKCS1_SHA256 => Ok(RSA_SHA256), - SignatureScheme::RSA_PKCS1_SHA384 => Ok(RSA_SHA384), - SignatureScheme::RSA_PKCS1_SHA512 => Ok(RSA_SHA512), +impl fmt::Debug for WebPkiSupportedAlgorithms { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "WebPkiSupportedAlgorithms {{ all: [ .. ], mapping: ")?; + f.debug_list() + .entries(self.mapping.iter().map(|item| item.0)) + .finish()?; + write!(f, " }}") + } +} - SignatureScheme::RSA_PSS_SHA256 => Ok(RSA_PSS_SHA256), - SignatureScheme::RSA_PSS_SHA384 => Ok(RSA_PSS_SHA384), - SignatureScheme::RSA_PSS_SHA512 => Ok(RSA_PSS_SHA512), +impl WebPkiSupportedAlgorithms { + /// Return all the `scheme` items in `mapping`, maintaining order. + fn supported_schemes(&self) -> Vec { + self.mapping + .iter() + .map(|item| item.0) + .collect() + } - _ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()), + /// Return the first item in `mapping` that matches `scheme`. + fn convert_scheme( + &self, + scheme: SignatureScheme, + ) -> Result<&[&'static dyn SignatureVerificationAlgorithm], Error> { + self.mapping + .iter() + .filter_map(|item| if item.0 == scheme { Some(item.1) } else { None }) + .next() + .ok_or_else(|| PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()) } } +/// A `WebPkiSupportedAlgorithms` value that reflects webpki's capabilities when +/// compiled against *ring*. +#[cfg(feature = "ring")] +pub(crate) static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { + all: &[ + webpki::ECDSA_P256_SHA256, + webpki::ECDSA_P256_SHA384, + webpki::ECDSA_P384_SHA256, + webpki::ECDSA_P384_SHA384, + webpki::ED25519, + webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, + webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, + webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, + webpki::RSA_PKCS1_2048_8192_SHA256, + webpki::RSA_PKCS1_2048_8192_SHA384, + webpki::RSA_PKCS1_2048_8192_SHA512, + webpki::RSA_PKCS1_3072_8192_SHA384, + ], + mapping: &[ + // nb. for TLS1.2 the curve is not fixed by SignatureScheme. for TLS1.3 it is. + ( + SignatureScheme::ECDSA_NISTP384_SHA384, + &[webpki::ECDSA_P384_SHA384, webpki::ECDSA_P256_SHA384], + ), + ( + SignatureScheme::ECDSA_NISTP256_SHA256, + &[webpki::ECDSA_P256_SHA256, webpki::ECDSA_P384_SHA256], + ), + (SignatureScheme::ED25519, &[webpki::ED25519]), + ( + SignatureScheme::RSA_PSS_SHA512, + &[webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY], + ), + ( + SignatureScheme::RSA_PSS_SHA384, + &[webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY], + ), + ( + SignatureScheme::RSA_PSS_SHA256, + &[webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY], + ), + ( + SignatureScheme::RSA_PKCS1_SHA512, + &[webpki::RSA_PKCS1_2048_8192_SHA512], + ), + ( + SignatureScheme::RSA_PKCS1_SHA384, + &[webpki::RSA_PKCS1_2048_8192_SHA384], + ), + ( + SignatureScheme::RSA_PKCS1_SHA256, + &[webpki::RSA_PKCS1_2048_8192_SHA256], + ), + ], +}; + fn verify_sig_using_any_alg( cert: &webpki::EndEntityCert, - algs: SignatureAlgorithms, + algs: &[&'static dyn SignatureVerificationAlgorithm], message: &[u8], sig: &[u8], ) -> Result<(), webpki::Error> { @@ -459,8 +549,9 @@ fn verify_signed_struct( message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, + supported_schemes: &WebPkiSupportedAlgorithms, ) -> Result { - let possible_algs = convert_scheme(dss.scheme)?; + let possible_algs = supported_schemes.convert_scheme(dss.scheme)?; let cert = webpki::EndEntityCert::try_from(cert).map_err(pki_error)?; verify_sig_using_any_alg(&cert, possible_algs, message, dss.signature()) @@ -468,28 +559,17 @@ fn verify_signed_struct( .map(|_| HandshakeSignatureValid::assertion()) } -fn convert_alg_tls13( - scheme: SignatureScheme, -) -> Result<&'static dyn SignatureVerificationAlgorithm, Error> { - use crate::enums::SignatureScheme::*; - - match scheme { - ECDSA_NISTP256_SHA256 => Ok(webpki::ECDSA_P256_SHA256), - ECDSA_NISTP384_SHA384 => Ok(webpki::ECDSA_P384_SHA384), - ED25519 => Ok(webpki::ED25519), - RSA_PSS_SHA256 => Ok(webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY), - RSA_PSS_SHA384 => Ok(webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY), - RSA_PSS_SHA512 => Ok(webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY), - _ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()), - } -} - fn verify_tls13( msg: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, + supported_schemes: &WebPkiSupportedAlgorithms, ) -> Result { - let alg = convert_alg_tls13(dss.scheme)?; + if !dss.scheme.supported_in_tls13() { + return Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()); + } + + let alg = supported_schemes.convert_scheme(dss.scheme)?[0]; let cert = webpki::EndEntityCert::try_from(cert).map_err(pki_error)?; @@ -603,4 +683,13 @@ mod test { format!("{:?}", CertificateDer::from(b"ab".to_vec())) ); } + + #[cfg(feature = "ring")] + #[test] + fn webpki_supported_algorithms_is_debug() { + assert_eq!( + "WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }", + format!("{:?}", super::SUPPORTED_SIG_ALGS) + ); + } } From 49f071b775cb68289047a64c70a272c63ce7ec6c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 12 Sep 2023 10:21:41 +0100 Subject: [PATCH 0158/1145] OpaqueMessage: allow construction without exposing `Payload` --- rustls/src/crypto/ring/tls12.rs | 13 ++----------- rustls/src/crypto/ring/tls13.rs | 11 +++++------ rustls/src/msgs/message.rs | 11 +++++++++++ rustls/src/record_layer.rs | 11 +++++------ 4 files changed, 23 insertions(+), 23 deletions(-) diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index a53cec60eb..dd8acad912 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -5,7 +5,6 @@ use crate::crypto::cipher::{ use crate::crypto::KeyExchangeAlgorithm; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; -use crate::msgs::base::Payload; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; #[cfg(feature = "secret_extraction")] @@ -285,11 +284,7 @@ impl MessageEncrypter for GcmMessageEncrypter { .map(|tag| payload.extend(tag.as_ref())) .map_err(|_| Error::EncryptError)?; - Ok(OpaqueMessage { - typ: msg.typ, - version: msg.version, - payload: Payload::new(payload), - }) + Ok(OpaqueMessage::new(msg.typ, msg.version, payload)) } } @@ -355,11 +350,7 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { .seal_in_place_append_tag(nonce, aad, &mut buf) .map_err(|_| Error::EncryptError)?; - Ok(OpaqueMessage { - typ: msg.typ, - version: msg.version, - payload: Payload::new(buf), - }) + Ok(OpaqueMessage::new(msg.typ, msg.version, buf)) } } diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 0606eb4333..668226c204 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -3,7 +3,6 @@ use crate::crypto::cipher::{ }; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; -use crate::msgs::base::Payload; use crate::msgs::codec::Codec; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; #[cfg(feature = "secret_extraction")] @@ -182,11 +181,11 @@ impl MessageEncrypter for Tls13MessageEncrypter { .seal_in_place_append_tag(nonce, aad, &mut payload) .map_err(|_| Error::EncryptError)?; - Ok(OpaqueMessage { - typ: ContentType::ApplicationData, - version: ProtocolVersion::TLSv1_2, - payload: Payload::new(payload), - }) + Ok(OpaqueMessage::new( + ContentType::ApplicationData, + ProtocolVersion::TLSv1_2, + payload, + )) } } diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index 9dd57a55ee..ca2125b21e 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -82,6 +82,17 @@ pub struct OpaqueMessage { } impl OpaqueMessage { + /// Construct a new `OpaqueMessage` from constituent fields. + /// + /// `body` is moved into the `payload` field. + pub fn new(typ: ContentType, version: ProtocolVersion, body: Vec) -> Self { + Self { + typ, + version, + payload: Payload::new(body), + } + } + /// `MessageError` allows callers to distinguish between valid prefixes (might /// become valid if we read more data) and invalid data. pub fn read(r: &mut Reader) -> Result { diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index f46d051f47..657851aa29 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -233,7 +233,6 @@ pub struct Decrypted { #[test] fn test_has_decrypted() { - use crate::msgs::base::Payload; use crate::{ContentType, ProtocolVersion}; struct PassThroughDecrypter; @@ -270,11 +269,11 @@ fn test_has_decrypted() { // Decrypting a message should update the read_seq and track that we have now performed // a decryption. - let msg = OpaqueMessage { - typ: ContentType::Handshake, - version: ProtocolVersion::TLSv1_2, - payload: Payload(vec![0xC0, 0xFF, 0xEE]), - }; + let msg = OpaqueMessage::new( + ContentType::Handshake, + ProtocolVersion::TLSv1_2, + vec![0xC0, 0xFF, 0xEE], + ); record_layer .decrypt_incoming(msg) .unwrap(); From f6f7df55c98bf7a782c3efae29fdf90e0e14fb8d Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 12 Sep 2023 10:46:34 +0100 Subject: [PATCH 0159/1145] OpaqueMessage: privatize payload type This removes a further need for `Payload` to be understood outside this crate. `payload()` allows immutable access as a slice, `payload_mut()` allows mutable access to the underlying vec (such as needed to decrypt the message without a copy). --- rustls/src/crypto/ring/tls12.rs | 6 ++++-- rustls/src/crypto/ring/tls13.rs | 2 +- rustls/src/msgs/deframer.rs | 2 +- rustls/src/msgs/message.rs | 19 ++++++++++++++++++- rustls/src/record_layer.rs | 2 +- 5 files changed, 25 insertions(+), 6 deletions(-) diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index dd8acad912..49b04d6981 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -235,7 +235,7 @@ const GCM_OVERHEAD: usize = GCM_EXPLICIT_NONCE_LEN + 16; impl MessageDecrypter for GcmMessageDecrypter { fn decrypt(&self, mut msg: OpaqueMessage, seq: u64) -> Result { - let payload = &mut msg.payload.0; + let payload = msg.payload(); if payload.len() < GCM_OVERHEAD { return Err(Error::DecryptError); } @@ -254,6 +254,7 @@ impl MessageDecrypter for GcmMessageDecrypter { payload.len() - GCM_OVERHEAD, )); + let payload = msg.payload_mut(); let plain_len = self .dec_key .open_within(nonce, aad, payload, GCM_EXPLICIT_NONCE_LEN..) @@ -308,7 +309,7 @@ const CHACHAPOLY1305_OVERHEAD: usize = 16; impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { fn decrypt(&self, mut msg: OpaqueMessage, seq: u64) -> Result { - let payload = &mut msg.payload.0; + let payload = msg.payload(); if payload.len() < CHACHAPOLY1305_OVERHEAD { return Err(Error::DecryptError); @@ -322,6 +323,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { payload.len() - CHACHAPOLY1305_OVERHEAD, )); + let payload = msg.payload_mut(); let plain_len = self .dec_key .open_in_place(nonce, aad, payload) diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 668226c204..df1c8872ff 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -191,7 +191,7 @@ impl MessageEncrypter for Tls13MessageEncrypter { impl MessageDecrypter for Tls13MessageDecrypter { fn decrypt(&self, mut msg: OpaqueMessage, seq: u64) -> Result { - let payload = &mut msg.payload.0; + let payload = msg.payload_mut(); if payload.len() < self.dec_key.algorithm().tag_len() { return Err(Error::DecryptError); } diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index ba195dbfad..6351d7fafb 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -106,7 +106,7 @@ impl MessageDeframer { ContentType::Alert if version_is_tls13 && !record_layer.has_decrypted() - && m.payload.0.len() <= 2 => + && m.payload().len() <= 2 => { true } diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index ca2125b21e..546b5579b9 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -74,11 +74,18 @@ impl MessagePayload { /// This type owns all memory for its interior parts. It is used to read/write from/to I/O /// buffers as well as for fragmenting, joining and encryption/decryption. It can be converted /// into a `Message` by decoding the payload. +/// +/// # Decryption +/// Internally the message payload is stored as a `Vec`; this can by mutably borrowed with +/// [`OpaqueMessage::payload_mut()`]. This is useful for decrypting a message in-place. +/// After the message is decrypted, call [`OpaqueMessage::into_plain_message()`] or +/// [`OpaqueMessage::into_tls13_unpadded_message()`] (depending on the +/// protocol version). #[derive(Clone, Debug)] pub struct OpaqueMessage { pub typ: ContentType, pub version: ProtocolVersion, - pub payload: Payload, + payload: Payload, } impl OpaqueMessage { @@ -93,6 +100,16 @@ impl OpaqueMessage { } } + /// Access the message payload as a slice. + pub fn payload(&self) -> &[u8] { + &self.payload.0 + } + + /// Access the message payload as a mutable `Vec`. + pub fn payload_mut(&mut self) -> &mut Vec { + &mut self.payload.0 + } + /// `MessageError` allows callers to distinguish between valid prefixes (might /// become valid if we read more data) and invalid data. pub fn read(r: &mut Reader) -> Result { diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index 657851aa29..bb1c956756 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -77,7 +77,7 @@ impl RecordLayer { // failure has already happened. let want_close_before_decrypt = self.read_seq == SEQ_SOFT_LIMIT; - let encrypted_len = encr.payload.0.len(); + let encrypted_len = encr.payload().len(); match self .message_decrypter .decrypt(encr, self.read_seq) From 6c55ca81a85dcc71a93a368d63d678ec1d299af0 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 12 Sep 2023 10:53:54 +0100 Subject: [PATCH 0160/1145] crypto::Iv::copy: allow use outside crate --- rustls/src/crypto/cipher.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 3dbdb4b2a8..ddec008904 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -119,8 +119,9 @@ impl Iv { Self(value) } + /// Create a new `Iv` from a byte slice, of precisely `NONCE_LEN` bytes. #[cfg(feature = "tls12")] - pub(crate) fn copy(value: &[u8]) -> Self { + pub fn copy(value: &[u8]) -> Self { debug_assert_eq!(value.len(), NONCE_LEN); let mut iv = Self::new(Default::default()); iv.0.copy_from_slice(value); From a1950e84cf7a24aea7ddb3a8fb33e271a35e3242 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 17 Jul 2023 16:07:27 +0100 Subject: [PATCH 0161/1145] Add demonstration of custom crypto This is an example that builds a mostly-unchanged rustls example (simpleclient), but only using crypto from the rust-crypto project and elsewhere. This is intended to be minimalistic, and not a complete replacement for *ring*. It implements: - TLS1.3 TLS13_CHACHA20_POLY1305_SHA256 cipher suite. - TLS1.2 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 cipher suite. - X25519 key exchange. - RSA-PSS-SHA256 and RSA-PKCS1-SHA256 signature verification for verifying the server, integrated into the webpki crate. - random generation using `rand_core`. This means it can fetch www.rust-lang.org. TLS1.2 is not strictly necessary for this server, but serves to demonstrate that part of the API. --- .github/workflows/build.yml | 9 +- .github/workflows/daily-tests.yml | 4 + Cargo.toml | 2 + provider-example/Cargo.toml | 24 +++++ provider-example/examples/client.rs | 50 +++++++++ provider-example/src/aead.rs | 152 ++++++++++++++++++++++++++++ provider-example/src/hash.rs | 42 ++++++++ provider-example/src/hmac.rs | 33 ++++++ provider-example/src/kx.rs | 61 +++++++++++ provider-example/src/lib.rs | 65 ++++++++++++ provider-example/src/verify.rs | 89 ++++++++++++++++ 11 files changed, 529 insertions(+), 2 deletions(-) create mode 100644 provider-example/Cargo.toml create mode 100644 provider-example/examples/client.rs create mode 100644 provider-example/src/aead.rs create mode 100644 provider-example/src/hash.rs create mode 100644 provider-example/src/hmac.rs create mode 100644 provider-example/src/kx.rs create mode 100644 provider-example/src/lib.rs create mode 100644 provider-example/src/verify.rs diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9f38f68fb4..1b9ba384e7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -47,6 +47,9 @@ jobs: env: RUST_BACKTRACE: 1 + - name: cargo build (debug; rustls-provider-example) + run: cargo build -p rustls-provider-example + msrv: name: MSRV runs-on: ubuntu-20.04 @@ -168,8 +171,8 @@ jobs: - name: Install rust toolchain uses: dtolnay/rust-toolchain@nightly - - name: cargo doc (all features) - run: cargo doc --all-features --no-deps --document-private-items --workspace + - name: cargo doc (rustls; all features) + run: cargo doc --all-features --no-deps --document-private-items --package rustls env: RUSTDOCFLAGS: -Dwarnings @@ -284,6 +287,7 @@ jobs: - run: cargo clippy --package rustls --no-default-features --all-targets -- --deny warnings - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features --all-targets -- --deny warnings - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features --all-targets -- --deny warnings + - run: cargo clippy --manifest-path=provider-example/Cargo.toml --all-features --all-targets -- --deny warnings clippy-nightly: name: Clippy (Nightly) @@ -301,3 +305,4 @@ jobs: - run: cargo clippy --package rustls --no-default-features --all-targets - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features --all-targets - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features --all-targets + - run: cargo clippy --manifest-path=provider-example/Cargo.toml --all-features --all-targets diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index abf23c508b..e7779a8f49 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -89,6 +89,10 @@ jobs: - name: Check server acceptor run: cargo run --bin server_acceptor -- --help + - name: Check provider-example client + run: cargo run -p rustls-provider-example --example client + + feature-powerset: name: Feature Powerset runs-on: ubuntu-20.04 diff --git a/Cargo.toml b/Cargo.toml index 88b287d81d..07d874ece7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,6 +6,8 @@ members = [ "examples", # the main library and tests "rustls", + # example of custom provider + "provider-example", ] default-members = [ "examples", diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml new file mode 100644 index 0000000000..1c14ebde2c --- /dev/null +++ b/provider-example/Cargo.toml @@ -0,0 +1,24 @@ +[package] +name = "rustls-provider-example" +version = "0.0.1" +edition = "2021" +rust-version = "1.60" +license = "Apache-2.0 OR ISC OR MIT" +description = "Example of rustls with custom crypto provider." +publish = false + +[dependencies] +chacha20poly1305 = "0.10.0" +der = "0.7.0" +env_logger = "0.10" +hmac = "0.12.0" +pki-types = { package = "rustls-pki-types", version = "0.2.0" } +rand_core = "0.6.0" +rustls = { path = "../rustls", default-features = false, features = [ "logging", "dangerous_configuration", "tls12" ]} +rsa = { version = "0.9.0", features = [ "sha2" ] } +sha2 = "0.10.0" +webpki = { package = "rustls-webpki", version = "0.102.0-alpha.1", default-features = false, features = ["alloc", "std"] } +webpki-roots = "0.26.0-alpha.1" +x25519-dalek = "2" + +[dev-dependencies] diff --git a/provider-example/examples/client.rs b/provider-example/examples/client.rs new file mode 100644 index 0000000000..f9c1547e78 --- /dev/null +++ b/provider-example/examples/client.rs @@ -0,0 +1,50 @@ +use std::io::{stdout, Read, Write}; +use std::net::TcpStream; +use std::sync::Arc; + +use rustls_provider_example::Provider; + +fn main() { + env_logger::init(); + + let mut root_store = rustls::RootCertStore::empty(); + root_store.extend( + webpki_roots::TLS_SERVER_ROOTS + .iter() + .cloned(), + ); + + let config = rustls::ClientConfig::::builder() + .with_safe_defaults() + .with_custom_certificate_verifier(Provider::certificate_verifier(root_store)) + .with_no_client_auth(); + + let server_name = "www.rust-lang.org".try_into().unwrap(); + let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap(); + let mut sock = TcpStream::connect("www.rust-lang.org:443").unwrap(); + let mut tls = rustls::Stream::new(&mut conn, &mut sock); + tls.write_all( + concat!( + "GET / HTTP/1.1\r\n", + "Host: www.rust-lang.org\r\n", + "Connection: close\r\n", + "Accept-Encoding: identity\r\n", + "\r\n" + ) + .as_bytes(), + ) + .unwrap(); + let ciphersuite = tls + .conn + .negotiated_cipher_suite() + .unwrap(); + writeln!( + &mut std::io::stderr(), + "Current ciphersuite: {:?}", + ciphersuite.suite() + ) + .unwrap(); + let mut plaintext = Vec::new(); + tls.read_to_end(&mut plaintext).unwrap(); + stdout().write_all(&plaintext).unwrap(); +} diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs new file mode 100644 index 0000000000..5cdd8ee0de --- /dev/null +++ b/provider-example/src/aead.rs @@ -0,0 +1,152 @@ +use chacha20poly1305::{AeadInPlace, KeyInit, KeySizeUser}; +use rustls::crypto::cipher; +use rustls::{ContentType, ProtocolVersion}; + +pub struct Chacha20Poly1305; + +impl cipher::Tls13AeadAlgorithm for Chacha20Poly1305 { + fn encrypter(&self, key: cipher::AeadKey, iv: cipher::Iv) -> Box { + Box::new(Tls13Cipher( + chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), + iv, + )) + } + + fn decrypter(&self, key: cipher::AeadKey, iv: cipher::Iv) -> Box { + Box::new(Tls13Cipher( + chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), + iv, + )) + } + + fn key_len(&self) -> usize { + chacha20poly1305::ChaCha20Poly1305::key_size() + } +} + +impl cipher::Tls12AeadAlgorithm for Chacha20Poly1305 { + fn encrypter( + &self, + key: cipher::AeadKey, + iv: &[u8], + _: &[u8], + ) -> Box { + Box::new(Tls12Cipher( + chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), + cipher::Iv::copy(iv), + )) + } + + fn decrypter(&self, key: cipher::AeadKey, iv: &[u8]) -> Box { + Box::new(Tls12Cipher( + chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), + cipher::Iv::copy(iv), + )) + } + + fn key_block_shape(&self) -> cipher::KeyBlockShape { + cipher::KeyBlockShape { + enc_key_len: 32, + fixed_iv_len: 12, + explicit_nonce_len: 0, + } + } +} + +struct Tls13Cipher(chacha20poly1305::ChaCha20Poly1305, cipher::Iv); + +impl cipher::MessageEncrypter for Tls13Cipher { + fn encrypt( + &self, + m: cipher::BorrowedPlainMessage, + seq: u64, + ) -> Result { + let total_len = m.payload.len() + 1 + CHACHAPOLY1305_OVERHEAD; + + // construct a TLSInnerPlaintext + let mut payload = Vec::with_capacity(total_len); + payload.extend_from_slice(m.payload); + payload.push(m.typ.get_u8()); + + let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); + let aad = cipher::make_tls13_aad(total_len); + + self.0 + .encrypt_in_place(&nonce, &aad, &mut payload) + .map_err(|_| rustls::Error::EncryptError) + .map(|_| { + cipher::OpaqueMessage::new( + ContentType::ApplicationData, + ProtocolVersion::TLSv1_2, + payload, + ) + }) + } +} + +impl cipher::MessageDecrypter for Tls13Cipher { + fn decrypt( + &self, + mut m: cipher::OpaqueMessage, + seq: u64, + ) -> Result { + let payload = m.payload_mut(); + let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); + let aad = cipher::make_tls13_aad(payload.len()); + + self.0 + .decrypt_in_place(&nonce, &aad, payload) + .map_err(|_| rustls::Error::DecryptError)?; + + m.into_tls13_unpadded_message() + } +} + +struct Tls12Cipher(chacha20poly1305::ChaCha20Poly1305, cipher::Iv); + +impl cipher::MessageEncrypter for Tls12Cipher { + fn encrypt( + &self, + m: cipher::BorrowedPlainMessage, + seq: u64, + ) -> Result { + let total_len = m.payload.len() + CHACHAPOLY1305_OVERHEAD; + + let mut payload = Vec::with_capacity(total_len); + payload.extend_from_slice(m.payload); + + let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); + let aad = cipher::make_tls12_aad(seq, m.typ, m.version, payload.len()); + + self.0 + .encrypt_in_place(&nonce, &aad, &mut payload) + .map_err(|_| rustls::Error::EncryptError) + .map(|_| cipher::OpaqueMessage::new(m.typ, m.version, payload)) + } +} + +impl cipher::MessageDecrypter for Tls12Cipher { + fn decrypt( + &self, + mut m: cipher::OpaqueMessage, + seq: u64, + ) -> Result { + let payload = m.payload(); + let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); + let aad = cipher::make_tls12_aad( + seq, + m.typ, + m.version, + payload.len() - CHACHAPOLY1305_OVERHEAD, + ); + + let payload = m.payload_mut(); + self.0 + .decrypt_in_place(&nonce, &aad, payload) + .map_err(|_| rustls::Error::DecryptError)?; + + Ok(m.into_plain_message()) + } +} + +const CHACHAPOLY1305_OVERHEAD: usize = 16; diff --git a/provider-example/src/hash.rs b/provider-example/src/hash.rs new file mode 100644 index 0000000000..87dd2adb09 --- /dev/null +++ b/provider-example/src/hash.rs @@ -0,0 +1,42 @@ +use rustls::crypto::hash; +use sha2::Digest; + +pub struct Sha256; + +impl hash::Hash for Sha256 { + fn start(&self) -> Box { + Box::new(Sha256Context(sha2::Sha256::new())) + } + + fn hash(&self, data: &[u8]) -> hash::Output { + hash::Output::new(&sha2::Sha256::digest(data)[..]) + } + + fn algorithm(&self) -> hash::HashAlgorithm { + hash::HashAlgorithm::SHA256 + } + + fn output_len(&self) -> usize { + 32 + } +} + +struct Sha256Context(sha2::Sha256); + +impl hash::Context for Sha256Context { + fn fork_finish(&self) -> hash::Output { + hash::Output::new(&self.0.clone().finalize()[..]) + } + + fn fork(&self) -> Box { + Box::new(Sha256Context(self.0.clone())) + } + + fn finish(self: Box) -> hash::Output { + hash::Output::new(&self.0.finalize()[..]) + } + + fn update(&mut self, data: &[u8]) { + self.0.update(data); + } +} diff --git a/provider-example/src/hmac.rs b/provider-example/src/hmac.rs new file mode 100644 index 0000000000..92fb0fcf7b --- /dev/null +++ b/provider-example/src/hmac.rs @@ -0,0 +1,33 @@ +use hmac::{Hmac, Mac}; +use rustls::crypto; +use sha2::{Digest, Sha256}; + +pub struct Sha256Hmac; + +impl crypto::hmac::Hmac for Sha256Hmac { + fn with_key(&self, key: &[u8]) -> Box { + Box::new(Sha256HmacKey(Hmac::::new_from_slice(key).unwrap())) + } + + fn hash_output_len(&self) -> usize { + Sha256::output_size() + } +} + +struct Sha256HmacKey(Hmac); + +impl crypto::hmac::Key for Sha256HmacKey { + fn sign_concat(&self, first: &[u8], middle: &[&[u8]], last: &[u8]) -> crypto::hmac::Tag { + let mut ctx = self.0.clone(); + ctx.update(first); + for m in middle { + ctx.update(m); + } + ctx.update(last); + crypto::hmac::Tag::new(&ctx.finalize().into_bytes()[..]) + } + + fn tag_len(&self) -> usize { + Sha256::output_size() + } +} diff --git a/provider-example/src/kx.rs b/provider-example/src/kx.rs new file mode 100644 index 0000000000..a2e67a271c --- /dev/null +++ b/provider-example/src/kx.rs @@ -0,0 +1,61 @@ +use crypto::SupportedGroup; +use rustls::crypto; + +pub struct KeyExchange { + priv_key: x25519_dalek::EphemeralSecret, + pub_key: x25519_dalek::PublicKey, +} + +impl crypto::KeyExchange for KeyExchange { + type SupportedGroup = X25519; + + fn start( + name: rustls::NamedGroup, + _: &[&'static Self::SupportedGroup], + ) -> Result { + if name == rustls::NamedGroup::X25519 { + let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(rand_core::OsRng); + let pub_key = (&priv_key).into(); + Ok(KeyExchange { priv_key, pub_key }) + } else { + Err(crypto::KeyExchangeError::UnsupportedGroup) + } + } + + fn complete( + self, + peer: &[u8], + f: impl FnOnce(&[u8]) -> Result, + ) -> Result { + let peer_array: [u8; 32] = peer + .try_into() + .map_err(|_| rustls::Error::from(rustls::PeerMisbehaved::InvalidKeyShare))?; + let their_pub = x25519_dalek::PublicKey::from(peer_array); + let shared_secret = self.priv_key.diffie_hellman(&their_pub); + f(shared_secret.as_bytes()) + .map_err(|_| rustls::Error::from(rustls::PeerMisbehaved::InvalidKeyShare)) + } + + fn pub_key(&self) -> &[u8] { + self.pub_key.as_bytes() + } + + fn group(&self) -> rustls::NamedGroup { + X25519.name() + } + + fn all_kx_groups() -> &'static [&'static Self::SupportedGroup] { + ALL_KX_GROUPS + } +} + +#[derive(Debug)] +pub struct X25519; + +impl crypto::SupportedGroup for X25519 { + fn name(&self) -> rustls::NamedGroup { + rustls::NamedGroup::X25519 + } +} + +const ALL_KX_GROUPS: &[&X25519] = &[&X25519]; diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs new file mode 100644 index 0000000000..8e0ad94294 --- /dev/null +++ b/provider-example/src/lib.rs @@ -0,0 +1,65 @@ +use std::sync::Arc; + +mod aead; +mod hash; +mod hmac; +mod kx; +mod verify; + +pub struct Provider; + +impl Provider { + pub fn certificate_verifier( + roots: rustls::RootCertStore, + ) -> Arc { + Arc::new(rustls::client::WebPkiServerVerifier::new_with_algorithms( + roots, + verify::ALGORITHMS, + )) + } +} + +impl rustls::crypto::CryptoProvider for Provider { + type KeyExchange = kx::KeyExchange; + + fn fill_random(bytes: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { + use rand_core::RngCore; + rand_core::OsRng + .try_fill_bytes(bytes) + .map_err(|_| rustls::crypto::GetRandomFailed) + } + + fn default_cipher_suites() -> &'static [rustls::SupportedCipherSuite] { + ALL_CIPHER_SUITES + } +} + +static ALL_CIPHER_SUITES: &[rustls::SupportedCipherSuite] = &[ + TLS13_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +]; + +pub static TLS13_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = + rustls::SupportedCipherSuite::Tls13(&rustls::Tls13CipherSuite { + common: rustls::cipher_suite::CipherSuiteCommon { + suite: rustls::CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, + hash_provider: &hash::Sha256, + }, + hmac_provider: &hmac::Sha256Hmac, + aead_alg: &aead::Chacha20Poly1305, + }); + +pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = + rustls::SupportedCipherSuite::Tls12(&rustls::Tls12CipherSuite { + common: rustls::cipher_suite::CipherSuiteCommon { + suite: rustls::CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + hash_provider: &hash::Sha256, + }, + kx: rustls::crypto::KeyExchangeAlgorithm::ECDHE, + sign: &[ + rustls::SignatureScheme::RSA_PSS_SHA256, + rustls::SignatureScheme::RSA_PKCS1_SHA256, + ], + hmac_provider: &hmac::Sha256Hmac, + aead_alg: &aead::Chacha20Poly1305, + }); diff --git a/provider-example/src/verify.rs b/provider-example/src/verify.rs new file mode 100644 index 0000000000..f3b47e78d4 --- /dev/null +++ b/provider-example/src/verify.rs @@ -0,0 +1,89 @@ +use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm}; +use rustls::{SignatureScheme, WebPkiSupportedAlgorithms}; +use webpki::alg_id; + +use der::Reader; +use rsa::signature::Verifier; +use rsa::BigUint; +use rsa::RsaPublicKey; +use rsa::{pkcs1v15, pss}; + +pub static ALGORITHMS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { + all: &[RSA_PSS_SHA256, RSA_PKCS1_SHA256], + mapping: &[ + (SignatureScheme::RSA_PSS_SHA256, &[RSA_PSS_SHA256]), + (SignatureScheme::RSA_PKCS1_SHA256, &[RSA_PKCS1_SHA256]), + ], +}; + +static RSA_PSS_SHA256: &dyn SignatureVerificationAlgorithm = &RsaPssSha256Verify; +static RSA_PKCS1_SHA256: &dyn SignatureVerificationAlgorithm = &RsaPkcs1Sha256Verify; + +struct RsaPssSha256Verify; + +impl SignatureVerificationAlgorithm for RsaPssSha256Verify { + fn public_key_alg_id(&self) -> AlgorithmIdentifier { + alg_id::RSA_ENCRYPTION + } + + fn signature_alg_id(&self) -> AlgorithmIdentifier { + alg_id::RSA_PSS_SHA256 + } + + fn verify_signature( + &self, + public_key: &[u8], + message: &[u8], + signature: &[u8], + ) -> Result<(), InvalidSignature> { + let public_key = decode_spki_spk(public_key)?; + + let signature = pss::Signature::try_from(signature).map_err(|_| InvalidSignature)?; + + pss::VerifyingKey::::new(public_key) + .verify(message, &signature) + .map_err(|_| InvalidSignature) + } +} + +struct RsaPkcs1Sha256Verify; + +impl SignatureVerificationAlgorithm for RsaPkcs1Sha256Verify { + fn public_key_alg_id(&self) -> AlgorithmIdentifier { + alg_id::RSA_ENCRYPTION + } + + fn signature_alg_id(&self) -> AlgorithmIdentifier { + alg_id::RSA_PKCS1_SHA256 + } + + fn verify_signature( + &self, + public_key: &[u8], + message: &[u8], + signature: &[u8], + ) -> Result<(), InvalidSignature> { + let public_key = decode_spki_spk(public_key)?; + + let signature = pkcs1v15::Signature::try_from(signature).map_err(|_| InvalidSignature)?; + + pkcs1v15::VerifyingKey::::new(public_key) + .verify(message, &signature) + .map_err(|_| InvalidSignature) + } +} + +fn decode_spki_spk(spki_spk: &[u8]) -> Result { + // public_key: unfortunately this is not a whole SPKI, but just the key material. + // decode the two integers manually. + let mut reader = der::SliceReader::new(spki_spk).map_err(|_| InvalidSignature)?; + let ne: [der::asn1::UintRef; 2] = reader + .decode() + .map_err(|_| InvalidSignature)?; + + RsaPublicKey::new( + BigUint::from_bytes_be(ne[0].as_bytes()), + BigUint::from_bytes_be(ne[1].as_bytes()), + ) + .map_err(|_| InvalidSignature) +} From 64f36a79dd590da014f73df6cee76aa6097888d2 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 14 Sep 2023 10:38:41 +0200 Subject: [PATCH 0162/1145] Fix pki-types dependency --- rustls/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 0362b5ded0..1645803585 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -20,7 +20,7 @@ log = { version = "0.4.4", optional = true } ring = { version = "0.16.20", optional = true } subtle = "2.5.0" webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.3", features = ["alloc", "std"], default-features = false } -pki-types = { package = "rustls-pki-types", version = "0.2.0", features = ["std"] } +pki-types = { package = "rustls-pki-types", version = "0.2.1", features = ["std"] } [features] default = ["logging", "ring", "tls12"] From 5a1b369080acd21eb21e0132f2c5ab99ef965ffb Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 14 Sep 2023 10:39:08 +0100 Subject: [PATCH 0163/1145] icount-bench: apt update before relying on index --- .github/workflows/icount-bench.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/icount-bench.yml b/.github/workflows/icount-bench.yml index 10aad417a2..be1c4caca5 100644 --- a/.github/workflows/icount-bench.yml +++ b/.github/workflows/icount-bench.yml @@ -8,6 +8,7 @@ jobs: steps: - name: Install valgrind run: | + sudo apt update sudo apt install -y valgrind valgrind --version From e3c3ed5c8fdb05017857a810fdcb0670f3c75680 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 14 Sep 2023 10:32:14 +0200 Subject: [PATCH 0164/1145] More consistently use modules for unit tests --- rustls/src/bs_debug.rs | 2 +- rustls/src/client/handy.rs | 2 +- rustls/src/crypto/ring/mod.rs | 137 +++++++++++++------------ rustls/src/crypto/ring/quic.rs | 2 +- rustls/src/dns_name.rs | 2 +- rustls/src/hash_hs.rs | 2 +- rustls/src/hkdf.rs | 2 +- rustls/src/key_log_file.rs | 2 +- rustls/src/limited_cache.rs | 2 +- rustls/src/msgs/codec.rs | 29 +++--- rustls/src/msgs/mod.rs | 7 +- rustls/src/record_layer.rs | 113 +++++++++++---------- rustls/src/server/handy.rs | 2 +- rustls/src/server/server_conn.rs | 49 +++++---- rustls/src/suites.rs | 2 +- rustls/src/tls13/key_schedule.rs | 2 +- rustls/src/vecbuf.rs | 2 +- rustls/src/webpki/verify.rs | 168 +++++++++++++++---------------- rustls/src/x509.rs | 123 +++++++++++----------- 19 files changed, 337 insertions(+), 313 deletions(-) diff --git a/rustls/src/bs_debug.rs b/rustls/src/bs_debug.rs index 6fe18f27f9..5524fac4ab 100644 --- a/rustls/src/bs_debug.rs +++ b/rustls/src/bs_debug.rs @@ -40,7 +40,7 @@ impl<'a> fmt::Debug for BsDebug<'a> { } #[cfg(test)] -mod test { +mod tests { use super::BsDebug; #[test] diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index dd75596c66..a2cd72779f 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -206,7 +206,7 @@ impl client::ResolvesClientCert for AlwaysResolvesClientCert { } #[cfg(all(test, feature = "ring"))] -mod test { +mod tests { use super::NoClientSessionStorage; use crate::client::ClientSessionStore; use crate::msgs::enums::NamedGroup; diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 3f739a9cf2..f79fba0616 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -282,76 +282,79 @@ impl ProducesTickets for AeadTicketer { } #[cfg(test)] -use core::time::Duration; -#[cfg(test)] -use pki_types::UnixTime; - -#[test] -fn basic_pairwise_test() { - let t = Ticketer::new().unwrap(); - assert!(t.enabled()); - let cipher = t.encrypt(b"hello world").unwrap(); - let plain = t.decrypt(&cipher).unwrap(); - assert_eq!(plain, b"hello world"); -} - -#[test] -fn ticketswitcher_switching_test() { - let t = Arc::new(crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap()); - let now = UnixTime::now(); - let cipher1 = t.encrypt(b"ticket 1").unwrap(); - assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); - { - // Trigger new ticketer - t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( - now.as_secs() + 10, - ))); - } - let cipher2 = t.encrypt(b"ticket 2").unwrap(); - assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); - assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); - { - // Trigger new ticketer - t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( - now.as_secs() + 20, - ))); +mod tests { + use super::*; + + use core::time::Duration; + use pki_types::UnixTime; + + #[test] + fn basic_pairwise_test() { + let t = Ticketer::new().unwrap(); + assert!(t.enabled()); + let cipher = t.encrypt(b"hello world").unwrap(); + let plain = t.decrypt(&cipher).unwrap(); + assert_eq!(plain, b"hello world"); } - let cipher3 = t.encrypt(b"ticket 3").unwrap(); - assert!(t.decrypt(&cipher1).is_none()); - assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); - assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); -} -#[cfg(test)] -fn fail_generator() -> Result, GetRandomFailed> { - Err(GetRandomFailed) -} + #[test] + fn ticketswitcher_switching_test() { + let t = Arc::new(crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap()); + let now = UnixTime::now(); + let cipher1 = t.encrypt(b"ticket 1").unwrap(); + assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); + { + // Trigger new ticketer + t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( + now.as_secs() + 10, + ))); + } + let cipher2 = t.encrypt(b"ticket 2").unwrap(); + assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); + assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); + { + // Trigger new ticketer + t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( + now.as_secs() + 20, + ))); + } + let cipher3 = t.encrypt(b"ticket 3").unwrap(); + assert!(t.decrypt(&cipher1).is_none()); + assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); + assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); + } -#[test] -fn ticketswitcher_recover_test() { - let mut t = crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap(); - let now = UnixTime::now(); - let cipher1 = t.encrypt(b"ticket 1").unwrap(); - assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); - t.generator = fail_generator; - { - // Failed new ticketer - t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( - now.as_secs() + 10, - ))); + #[cfg(test)] + fn fail_generator() -> Result, GetRandomFailed> { + Err(GetRandomFailed) } - t.generator = make_ticket_generator; - let cipher2 = t.encrypt(b"ticket 2").unwrap(); - assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); - assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); - { - // recover - t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( - now.as_secs() + 20, - ))); + + #[test] + fn ticketswitcher_recover_test() { + let mut t = crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap(); + let now = UnixTime::now(); + let cipher1 = t.encrypt(b"ticket 1").unwrap(); + assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); + t.generator = fail_generator; + { + // Failed new ticketer + t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( + now.as_secs() + 10, + ))); + } + t.generator = make_ticket_generator; + let cipher2 = t.encrypt(b"ticket 2").unwrap(); + assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); + assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); + { + // recover + t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( + now.as_secs() + 20, + ))); + } + let cipher3 = t.encrypt(b"ticket 3").unwrap(); + assert!(t.decrypt(&cipher1).is_none()); + assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); + assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); } - let cipher3 = t.encrypt(b"ticket 3").unwrap(); - assert!(t.decrypt(&cipher1).is_none()); - assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); - assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); } diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index b8b080255e..e344b77fb1 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -226,7 +226,7 @@ impl crate::quic::Algorithm for KeyBuilder { } #[cfg(test)] -mod test { +mod tests { use super::*; use crate::common_state::Side; use crate::crypto::ring; diff --git a/rustls/src/dns_name.rs b/rustls/src/dns_name.rs index 074774eb60..74b5ce0f4c 100644 --- a/rustls/src/dns_name.rs +++ b/rustls/src/dns_name.rs @@ -145,7 +145,7 @@ enum State { } #[cfg(test)] -mod test { +mod tests { static TESTS: &[(&str, bool)] = &[ ("", false), ("localhost", true), diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index 35ec0227fe..0cbad91237 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -164,7 +164,7 @@ impl HandshakeHash { } #[cfg(all(test, feature = "ring"))] -mod test { +mod tests { use super::HandshakeHashBuffer; use crate::crypto::ring; diff --git a/rustls/src/hkdf.rs b/rustls/src/hkdf.rs index c996a160d0..1657688175 100644 --- a/rustls/src/hkdf.rs +++ b/rustls/src/hkdf.rs @@ -124,7 +124,7 @@ impl Expander { } #[cfg(all(test, feature = "ring"))] -mod test { +mod tests { use super::Extractor; use crate::crypto::ring; diff --git a/rustls/src/key_log_file.rs b/rustls/src/key_log_file.rs index 79071131bc..741e36da94 100644 --- a/rustls/src/key_log_file.rs +++ b/rustls/src/key_log_file.rs @@ -105,7 +105,7 @@ impl KeyLog for KeyLogFile { } #[cfg(all(test, target_os = "linux"))] -mod test { +mod tests { use super::*; fn init() { diff --git a/rustls/src/limited_cache.rs b/rustls/src/limited_cache.rs index ab53d8b478..5198a4dd26 100644 --- a/rustls/src/limited_cache.rs +++ b/rustls/src/limited_cache.rs @@ -116,7 +116,7 @@ where } #[cfg(test)] -mod test { +mod tests { type Test = super::LimitedCache; #[test] diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index 80318ac90f..d325ac0393 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -313,16 +313,21 @@ impl<'a> Drop for LengthPrefixedBuffer<'a> { } } -#[test] -fn interrupted_length_prefixed_buffer_leaves_maximum_length() { - let mut buf = Vec::new(); - let nested = LengthPrefixedBuffer::new(ListLength::U16, &mut buf); - nested.buf.push(0xaa); - assert_eq!(nested.buf, &vec![0xff, 0xff, 0xaa]); - // <- if the buffer is accidentally read here, there is no possiblity - // that the contents of the length-prefixed buffer are interpretted - // as a subsequent encoding (perhaps allowing injection of a different - // extension) - drop(nested); - assert_eq!(buf, vec![0x00, 0x01, 0xaa]); +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn interrupted_length_prefixed_buffer_leaves_maximum_length() { + let mut buf = Vec::new(); + let nested = LengthPrefixedBuffer::new(ListLength::U16, &mut buf); + nested.buf.push(0xaa); + assert_eq!(nested.buf, &vec![0xff, 0xff, 0xaa]); + // <- if the buffer is accidentally read here, there is no possiblity + // that the contents of the length-prefixed buffer are interpretted + // as a subsequent encoding (perhaps allowing injection of a different + // extension) + drop(nested); + assert_eq!(buf, vec![0x00, 0x01, 0xaa]); + } } diff --git a/rustls/src/msgs/mod.rs b/rustls/src/msgs/mod.rs index f6411f6068..8f1ce123c6 100644 --- a/rustls/src/msgs/mod.rs +++ b/rustls/src/msgs/mod.rs @@ -22,11 +22,12 @@ mod handshake_test; mod message_test; #[cfg(test)] -mod test { +mod tests { + use super::codec::Reader; + use super::message::{Message, OpaqueMessage}; + #[test] fn smoketest() { - use super::codec::Reader; - use super::message::{Message, OpaqueMessage}; let bytes = include_bytes!("handshake-test.1.bin"); let mut r = Reader::init(bytes); diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index bb1c956756..839f6774ab 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -231,60 +231,65 @@ pub struct Decrypted { pub plaintext: PlainMessage, } -#[test] -fn test_has_decrypted() { - use crate::{ContentType, ProtocolVersion}; - - struct PassThroughDecrypter; - impl MessageDecrypter for PassThroughDecrypter { - fn decrypt(&self, m: OpaqueMessage, _: u64) -> Result { - Ok(m.into_plain_message()) +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_has_decrypted() { + use crate::{ContentType, ProtocolVersion}; + + struct PassThroughDecrypter; + impl MessageDecrypter for PassThroughDecrypter { + fn decrypt(&self, m: OpaqueMessage, _: u64) -> Result { + Ok(m.into_plain_message()) + } } - } - // A record layer starts out invalid, having never decrypted. - let mut record_layer = RecordLayer::new(); - assert!(matches!( - record_layer.decrypt_state, - DirectionState::Invalid - )); - assert_eq!(record_layer.read_seq, 0); - assert!(!record_layer.has_decrypted()); - - // Preparing the record layer should update the decrypt state, but shouldn't affect whether it - // has decrypted. - record_layer.prepare_message_decrypter(Box::new(PassThroughDecrypter)); - assert!(matches!( - record_layer.decrypt_state, - DirectionState::Prepared - )); - assert_eq!(record_layer.read_seq, 0); - assert!(!record_layer.has_decrypted()); - - // Starting decryption should update the decrypt state, but not affect whether it has decrypted. - record_layer.start_decrypting(); - assert!(matches!(record_layer.decrypt_state, DirectionState::Active)); - assert_eq!(record_layer.read_seq, 0); - assert!(!record_layer.has_decrypted()); - - // Decrypting a message should update the read_seq and track that we have now performed - // a decryption. - let msg = OpaqueMessage::new( - ContentType::Handshake, - ProtocolVersion::TLSv1_2, - vec![0xC0, 0xFF, 0xEE], - ); - record_layer - .decrypt_incoming(msg) - .unwrap(); - assert!(matches!(record_layer.decrypt_state, DirectionState::Active)); - assert_eq!(record_layer.read_seq, 1); - assert!(record_layer.has_decrypted()); - - // Resetting the record layer message decrypter (as if a key update occurred) should reset - // the read_seq number, but not our knowledge of whether we have decrypted previously. - record_layer.set_message_decrypter(Box::new(PassThroughDecrypter)); - assert!(matches!(record_layer.decrypt_state, DirectionState::Active)); - assert_eq!(record_layer.read_seq, 0); - assert!(record_layer.has_decrypted()); + // A record layer starts out invalid, having never decrypted. + let mut record_layer = RecordLayer::new(); + assert!(matches!( + record_layer.decrypt_state, + DirectionState::Invalid + )); + assert_eq!(record_layer.read_seq, 0); + assert!(!record_layer.has_decrypted()); + + // Preparing the record layer should update the decrypt state, but shouldn't affect whether it + // has decrypted. + record_layer.prepare_message_decrypter(Box::new(PassThroughDecrypter)); + assert!(matches!( + record_layer.decrypt_state, + DirectionState::Prepared + )); + assert_eq!(record_layer.read_seq, 0); + assert!(!record_layer.has_decrypted()); + + // Starting decryption should update the decrypt state, but not affect whether it has decrypted. + record_layer.start_decrypting(); + assert!(matches!(record_layer.decrypt_state, DirectionState::Active)); + assert_eq!(record_layer.read_seq, 0); + assert!(!record_layer.has_decrypted()); + + // Decrypting a message should update the read_seq and track that we have now performed + // a decryption. + let msg = OpaqueMessage::new( + ContentType::Handshake, + ProtocolVersion::TLSv1_2, + vec![0xC0, 0xFF, 0xEE], + ); + record_layer + .decrypt_incoming(msg) + .unwrap(); + assert!(matches!(record_layer.decrypt_state, DirectionState::Active)); + assert_eq!(record_layer.read_seq, 1); + assert!(record_layer.has_decrypted()); + + // Resetting the record layer message decrypter (as if a key update occurred) should reset + // the read_seq number, but not our knowledge of whether we have decrypted previously. + record_layer.set_message_decrypter(Box::new(PassThroughDecrypter)); + assert!(matches!(record_layer.decrypt_state, DirectionState::Active)); + assert_eq!(record_layer.read_seq, 0); + assert!(record_layer.has_decrypted()); + } } diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index dd5760bfc9..82e1b79586 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -201,7 +201,7 @@ impl server::ResolvesServerCert for ResolvesServerCertUsingSni { } #[cfg(test)] -mod test { +mod tests { use super::*; use crate::server::ProducesTickets; use crate::server::ResolvesServerCert; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 1ce36515b2..3b97466ce1 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -786,28 +786,6 @@ impl EarlyDataState { } } -// these branches not reachable externally, unless something else goes wrong. -#[test] -fn test_read_in_new_state() { - assert_eq!( - format!("{:?}", EarlyDataState::default().read(&mut [0u8; 5])), - "Err(Kind(BrokenPipe))" - ); -} - -#[cfg(read_buf)] -#[test] -fn test_read_buf_in_new_state() { - use std::io::BorrowedBuf; - - let mut buf = [0u8; 5]; - let mut buf: BorrowedBuf<'_> = buf.as_mut_slice().into(); - assert_eq!( - format!("{:?}", EarlyDataState::default().read_buf(buf.unfilled())), - "Err(Kind(BrokenPipe))" - ); -} - impl ConnectionCore { pub(crate) fn for_server( config: Arc>, @@ -855,3 +833,30 @@ impl ServerConnectionData { } impl crate::conn::SideData for ServerConnectionData {} + +#[cfg(test)] +mod tests { + use super::*; + + // these branches not reachable externally, unless something else goes wrong. + #[test] + fn test_read_in_new_state() { + assert_eq!( + format!("{:?}", EarlyDataState::default().read(&mut [0u8; 5])), + "Err(Kind(BrokenPipe))" + ); + } + + #[cfg(read_buf)] + #[test] + fn test_read_buf_in_new_state() { + use std::io::BorrowedBuf; + + let mut buf = [0u8; 5]; + let mut buf: BorrowedBuf<'_> = buf.as_mut_slice().into(); + assert_eq!( + format!("{:?}", EarlyDataState::default().read_buf(buf.unfilled())), + "Err(Kind(BrokenPipe))" + ); + } +} diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 8b31c03e9b..aec3538d2a 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -217,7 +217,7 @@ pub enum ConnectionTrafficSecrets { } #[cfg(all(test, feature = "ring"))] -mod test { +mod tests { use super::crypto::ring::tls13::*; use super::*; use crate::enums::CipherSuite; diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 4c6cb72f06..a111d29bae 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -786,7 +786,7 @@ where } #[cfg(all(test, feature = "ring"))] -mod test { +mod tests { use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; use crate::crypto::ring::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; use crate::KeyLog; diff --git a/rustls/src/vecbuf.rs b/rustls/src/vecbuf.rs index 5057042762..cd3102566f 100644 --- a/rustls/src/vecbuf.rs +++ b/rustls/src/vecbuf.rs @@ -148,7 +148,7 @@ impl ChunkVecBuffer { } #[cfg(test)] -mod test { +mod tests { use super::ChunkVecBuffer; #[test] diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 00ec950e2d..6a422db966 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -578,87 +578,6 @@ fn verify_tls13( .map(|_| HandshakeSignatureValid::assertion()) } -#[test] -fn pki_crl_errors() { - // CRL signature errors should be turned into BadSignature. - assert_eq!( - pki_error(webpki::Error::InvalidCrlSignatureForPublicKey), - Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), - ); - assert_eq!( - pki_error(webpki::Error::UnsupportedCrlSignatureAlgorithm), - Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), - ); - assert_eq!( - pki_error(webpki::Error::UnsupportedCrlSignatureAlgorithmForPublicKey), - Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), - ); - - // Revoked cert errors should be turned into Revoked. - assert_eq!( - pki_error(webpki::Error::CertRevoked), - Error::InvalidCertificate(CertificateError::Revoked), - ); - - // Issuer not CRL signer errors should be turned into IssuerInvalidForCrl - assert_eq!( - pki_error(webpki::Error::IssuerNotCrlSigner), - Error::InvalidCertRevocationList(CertRevocationListError::IssuerInvalidForCrl) - ); -} - -#[test] -fn crl_error_from_webpki() { - use crate::CertRevocationListError::*; - let testcases = &[ - (webpki::Error::InvalidCrlSignatureForPublicKey, BadSignature), - ( - webpki::Error::UnsupportedCrlSignatureAlgorithm, - BadSignature, - ), - ( - webpki::Error::UnsupportedCrlSignatureAlgorithmForPublicKey, - BadSignature, - ), - (webpki::Error::InvalidCrlNumber, InvalidCrlNumber), - ( - webpki::Error::InvalidSerialNumber, - InvalidRevokedCertSerialNumber, - ), - (webpki::Error::IssuerNotCrlSigner, IssuerInvalidForCrl), - (webpki::Error::MalformedExtensions, ParseError), - (webpki::Error::BadDer, ParseError), - (webpki::Error::BadDerTime, ParseError), - ( - webpki::Error::UnsupportedCriticalExtension, - UnsupportedCriticalExtension, - ), - (webpki::Error::UnsupportedCrlVersion, UnsupportedCrlVersion), - (webpki::Error::UnsupportedDeltaCrl, UnsupportedDeltaCrl), - ( - webpki::Error::UnsupportedIndirectCrl, - UnsupportedIndirectCrl, - ), - ( - webpki::Error::UnsupportedRevocationReason, - UnsupportedRevocationReason, - ), - ]; - for t in testcases { - assert_eq!( - >::into(t.0), - t.1 - ); - } - - assert!(matches!( - >::into( - webpki::Error::NameConstraintViolation - ), - Other(_) - )); -} - /// wrapper around internal representation of a parsed certificate. This is used in order to avoid parsing twice when specifying custom verification #[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] pub struct ParsedCertificate<'a>(pub(crate) webpki::EndEntityCert<'a>); @@ -673,8 +592,89 @@ impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { } #[cfg(test)] -mod test { - use super::CertificateDer; +mod tests { + use super::*; + + #[test] + fn pki_crl_errors() { + // CRL signature errors should be turned into BadSignature. + assert_eq!( + pki_error(webpki::Error::InvalidCrlSignatureForPublicKey), + Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), + ); + assert_eq!( + pki_error(webpki::Error::UnsupportedCrlSignatureAlgorithm), + Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), + ); + assert_eq!( + pki_error(webpki::Error::UnsupportedCrlSignatureAlgorithmForPublicKey), + Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), + ); + + // Revoked cert errors should be turned into Revoked. + assert_eq!( + pki_error(webpki::Error::CertRevoked), + Error::InvalidCertificate(CertificateError::Revoked), + ); + + // Issuer not CRL signer errors should be turned into IssuerInvalidForCrl + assert_eq!( + pki_error(webpki::Error::IssuerNotCrlSigner), + Error::InvalidCertRevocationList(CertRevocationListError::IssuerInvalidForCrl) + ); + } + + #[test] + fn crl_error_from_webpki() { + use crate::CertRevocationListError::*; + let testcases = &[ + (webpki::Error::InvalidCrlSignatureForPublicKey, BadSignature), + ( + webpki::Error::UnsupportedCrlSignatureAlgorithm, + BadSignature, + ), + ( + webpki::Error::UnsupportedCrlSignatureAlgorithmForPublicKey, + BadSignature, + ), + (webpki::Error::InvalidCrlNumber, InvalidCrlNumber), + ( + webpki::Error::InvalidSerialNumber, + InvalidRevokedCertSerialNumber, + ), + (webpki::Error::IssuerNotCrlSigner, IssuerInvalidForCrl), + (webpki::Error::MalformedExtensions, ParseError), + (webpki::Error::BadDer, ParseError), + (webpki::Error::BadDerTime, ParseError), + ( + webpki::Error::UnsupportedCriticalExtension, + UnsupportedCriticalExtension, + ), + (webpki::Error::UnsupportedCrlVersion, UnsupportedCrlVersion), + (webpki::Error::UnsupportedDeltaCrl, UnsupportedDeltaCrl), + ( + webpki::Error::UnsupportedIndirectCrl, + UnsupportedIndirectCrl, + ), + ( + webpki::Error::UnsupportedRevocationReason, + UnsupportedRevocationReason, + ), + ]; + for t in testcases { + assert_eq!( + >::into(t.0), + t.1 + ); + } + + assert!(matches!( + >::into( + webpki::Error::NameConstraintViolation + ), + Other(_) + )); + } #[test] fn certificate_debug() { @@ -689,7 +689,7 @@ mod test { fn webpki_supported_algorithms_is_debug() { assert_eq!( "WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }", - format!("{:?}", super::SUPPORTED_SIG_ALGS) + format!("{:?}", SUPPORTED_SIG_ALGS) ); } } diff --git a/rustls/src/x509.rs b/rustls/src/x509.rs index 7fad90a75c..b30e86707c 100644 --- a/rustls/src/x509.rs +++ b/rustls/src/x509.rs @@ -25,69 +25,74 @@ pub(crate) fn wrap_in_sequence(bytes: &mut Vec) { const DER_SEQUENCE_TAG: u8 = 0x30; -#[test] -fn test_empty() { - let mut val = Vec::new(); - wrap_in_sequence(&mut val); - assert_eq!(vec![0x30, 0x00], val); -} +#[cfg(test)] +mod tests { + use super::*; -#[test] -fn test_small() { - let mut val = Vec::new(); - val.insert(0, 0x00); - val.insert(1, 0x11); - val.insert(2, 0x22); - val.insert(3, 0x33); - wrap_in_sequence(&mut val); - assert_eq!(vec![0x30, 0x04, 0x00, 0x11, 0x22, 0x33], val); -} + #[test] + fn test_empty() { + let mut val = Vec::new(); + wrap_in_sequence(&mut val); + assert_eq!(vec![0x30, 0x00], val); + } -#[test] -fn test_medium() { - let mut val = Vec::new(); - val.resize(255, 0x12); - wrap_in_sequence(&mut val); - assert_eq!(vec![0x30, 0x81, 0xff, 0x12, 0x12, 0x12], val[..6].to_vec()); -} + #[test] + fn test_small() { + let mut val = Vec::new(); + val.insert(0, 0x00); + val.insert(1, 0x11); + val.insert(2, 0x22); + val.insert(3, 0x33); + wrap_in_sequence(&mut val); + assert_eq!(vec![0x30, 0x04, 0x00, 0x11, 0x22, 0x33], val); + } -#[test] -fn test_large() { - let mut val = Vec::new(); - val.resize(4660, 0x12); - wrap_in_sequence(&mut val); - assert_eq!(vec![0x30, 0x82, 0x12, 0x34, 0x12, 0x12], val[..6].to_vec()); -} + #[test] + fn test_medium() { + let mut val = Vec::new(); + val.resize(255, 0x12); + wrap_in_sequence(&mut val); + assert_eq!(vec![0x30, 0x81, 0xff, 0x12, 0x12, 0x12], val[..6].to_vec()); + } -#[test] -fn test_huge() { - let mut val = Vec::new(); - val.resize(0xffff, 0x12); - wrap_in_sequence(&mut val); - assert_eq!(vec![0x30, 0x82, 0xff, 0xff, 0x12, 0x12], val[..6].to_vec()); - assert_eq!(val.len(), 0xffff + 4); -} + #[test] + fn test_large() { + let mut val = Vec::new(); + val.resize(4660, 0x12); + wrap_in_sequence(&mut val); + assert_eq!(vec![0x30, 0x82, 0x12, 0x34, 0x12, 0x12], val[..6].to_vec()); + } -#[test] -fn test_gigantic() { - let mut val = Vec::new(); - val.resize(0x100000, 0x12); - wrap_in_sequence(&mut val); - assert_eq!( - vec![0x30, 0x83, 0x10, 0x00, 0x00, 0x12, 0x12], - val[..7].to_vec() - ); - assert_eq!(val.len(), 0x100000 + 5); -} + #[test] + fn test_huge() { + let mut val = Vec::new(); + val.resize(0xffff, 0x12); + wrap_in_sequence(&mut val); + assert_eq!(vec![0x30, 0x82, 0xff, 0xff, 0x12, 0x12], val[..6].to_vec()); + assert_eq!(val.len(), 0xffff + 4); + } -#[test] -fn test_ludicrous() { - let mut val = Vec::new(); - val.resize(0x1000000, 0x12); - wrap_in_sequence(&mut val); - assert_eq!( - vec![0x30, 0x84, 0x01, 0x00, 0x00, 0x00, 0x12, 0x12], - val[..8].to_vec() - ); - assert_eq!(val.len(), 0x1000000 + 6); + #[test] + fn test_gigantic() { + let mut val = Vec::new(); + val.resize(0x100000, 0x12); + wrap_in_sequence(&mut val); + assert_eq!( + vec![0x30, 0x83, 0x10, 0x00, 0x00, 0x12, 0x12], + val[..7].to_vec() + ); + assert_eq!(val.len(), 0x100000 + 5); + } + + #[test] + fn test_ludicrous() { + let mut val = Vec::new(); + val.resize(0x1000000, 0x12); + wrap_in_sequence(&mut val); + assert_eq!( + vec![0x30, 0x84, 0x01, 0x00, 0x00, 0x00, 0x12, 0x12], + val[..8].to_vec() + ); + assert_eq!(val.len(), 0x1000000 + 6); + } } From ee33acfcd0e63f409f330f1d957750a4a2411ebc Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 14 Sep 2023 10:34:53 +0200 Subject: [PATCH 0165/1145] Tweak formatting for provider-example Cargo manifest --- provider-example/Cargo.toml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 1c14ebde2c..14c837798b 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -14,11 +14,9 @@ env_logger = "0.10" hmac = "0.12.0" pki-types = { package = "rustls-pki-types", version = "0.2.0" } rand_core = "0.6.0" -rustls = { path = "../rustls", default-features = false, features = [ "logging", "dangerous_configuration", "tls12" ]} -rsa = { version = "0.9.0", features = [ "sha2" ] } +rustls = { path = "../rustls", default-features = false, features = ["logging", "dangerous_configuration", "tls12"] } +rsa = { version = "0.9.0", features = ["sha2"] } sha2 = "0.10.0" webpki = { package = "rustls-webpki", version = "0.102.0-alpha.1", default-features = false, features = ["alloc", "std"] } webpki-roots = "0.26.0-alpha.1" x25519-dalek = "2" - -[dev-dependencies] From 91709e6c303aaa073b13ebcd90bc43b587835db2 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 18 Aug 2023 13:27:48 +0200 Subject: [PATCH 0166/1145] Add a style guide --- CONTRIBUTING.md | 130 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4efaba6801..4ac31d6ad7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -51,6 +51,136 @@ If you're *looking* for security bugs, this crate is set up for PRs which cause test failures or a significant coverage decrease are unlikely to be accepted. +## Style guide + +### Ordering + +#### Top-down ordering within modules + +Within a module, we prefer to order items top-down. This means that items within +a module will depend on items defined below them, but not (usually) above them. +The idea here is that the public API, with more internal dependencies, will be +read (and changed) more often, and putting it closer to the top of the module +makes it more accessible. + +This can be surprising to many engineers who are used to the bottom-up ordering +used in languages like Python, where items can have a run-time dependency on +other items defined in the same module. + +Usually `const` values will thus go on the bottom of the module (least complex, +usually no dependencies of their own), although in larger modules it can make +sense to place a `const` directly below the user (especially if there is a +single user, or just a few co-located users). + +The `#[cfg(test)] mod tests {}` module goes on the very bottom, if present. + +#### Ordering for a given type + +For a given type, we prefer to order items as follows: + +1. The type definition (`struct` or `enum`) +2. The inherent `impl` block (that is, not a trait implementation) +3. `impl` blocks for traits, from most specific to least specific. + The least specific would be something like a `Debug` or `Clone` impl. + +#### Ordering associated functions within an inherent `impl` block + +Here's a guide to how we like to order associated functions: + +0. Associated functions (that is, `fn foo() {}` instead of `fn foo(&self) {}`) +1. Constructors, starting with the constructor that takes the least arguments +2. Public API that takes a `&mut self` +3. Public API that takes a `&self` +4. Private API that takes a `&mut self` +5. Private API that takes a `&self` +6. `const` values + +Note that we usually also practice top-down ordering here; where these are in +conflict, make a choice that you think makes sense. For getters and setters, the +order should typically mirror the order of the fields in the type definition. + +### Functions + +#### Consider avoiding short single-use functions + +While single-use functions can make sense if the algorithm is sufficiently complex +that it warrants an explicit name and interface, using many short single-use +functions can make the code harder to follow, due to having to jump around in order +to gain an understanding of what's going on. When writing a single-use function, +consider whether it needs the dedicated interface, or if it could be inlined into +its caller instead. + +#### Order arguments from most specific to least specific + +When writing a function, we prefer to order arguments from most specific to +least specific. This means that an `image_id` might go before the `domain`, +which will go before the `app` context. More specific arguments are more +differentiating between a given function and other functions, so putting them +first makes it easier to infer the context/meaning of the function (compared to +starting with a number of generic context-like types). + +#### Error handling + +We use `Result` types pervasively throughout the code to signal error cases. We +prefer to avoid `unwrap()` and `expect()` calls unless there is a clear +invariant which can be locally validated by the structure of the code. If +there is such an invariant, we usually add a comment explaining how the +invariant is upheld. In other cases (especially for error cases which can arise +from network traffic, which could represent an attacker), we always prefer to +handle errors and ultimately return an error to the network peer or close the +connection. + +### Expressions + +#### Avoid single-use bindings + +We generally make full use of the expression-oriented nature of Rust. For +example, when using iterators we prefer to use `map` and other combinators +instead of `for`-loops when possible, and will often avoid variable bindings if +a variable is only used once. Naming variables takes cognitive efforts, and so +does tracking references to bindings in your mind. One metric we like to +minimize is the number of mutable bindings in a given scope. + +Remember that the overall goal is to make the code easy to understand. +Combinators can help with this by eliding boilerplate (like replacing a +`None => None` arm with a `map()` call), but they can also make it harder to +understand the code. One example is that a combinator chain like +`.map().map_err()` might be harder to understand than a `match` statement +(since, in this case, both of the arms have a significant transformation). + +#### Use early `return` and `continue` to reduce nesting + +The typed nature of Rust can cause some code to end up at deeply indented +levels, which we call "rightward drift". This makes lines shorter, making the +code harder to read. To avoid this, try to `return` early for error cases, or +`continue` early in a loop to skip an iteration. + +### Naming + +#### Use concise names + +We prefer concise names, especially for local variables. Avoid adding a suffix +for a variable that describes its type (provided that its type is hard to +confuse with other types -- for example, we do still use `_id` suffixes because +we usually use numeric IDs for database entities). The precision/conciseness +trade-off for variable names also depends on the scope of the binding. + +#### Avoid `get_` prefixes + +Per the +[API guidelines](https://rust-lang.github.io/api-guidelines/naming.html#getter-names-follow-rust-convention-c-getter), +`get_()` prefixes are discouraged. + +### Imports + +We use 3 blocks of imports in our Rust files: + +1. `std` imports +2. Imports from external crates +3. Crate-internal imports + +We believe that this makes it easier to see where a particular import comes from. + ## Licensing Contributions are made under [rustls's licenses](LICENSE). From 87f1a69aa76d7fcec138c8b7f1e0eb6301c67bdd Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 20:43:46 -0400 Subject: [PATCH 0167/1145] docs: update CONTRIBUTING security policy The existing text has fallen out of sync with `SECURITY.md` and recommends sending security issues through regular GitHub issue, or email to Ctz. This commit updates the text to match what's in the up-to-date `SECURITY.md`: use the GitHub security advisory tooling. That's what it's made for. --- CONTRIBUTING.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4ac31d6ad7..01206a033e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,6 +13,11 @@ a pcap or reproduction steps. Feel free to file github issues to get help, or ask a question. +If you believe you've found a security bug please +[open a draft security advisory](https://github.com/rustls/rustls/security/advisories/new) +in GitHub, and not as a regular repository issue. See [SECURITY.md] for more +information. + ## Code changes Some ideas and guidelines for contributions: @@ -30,13 +35,10 @@ Some ideas and guidelines for contributions: ## Security bugs -Please report security bugs by filing a github issue, or by -email to jbp@jbp.io if you want to disclose privately. I'll then: +Please report security bugs by [opening a draft security advisory](https://github.com/rustls/rustls/security/advisories/new) +in GitHub, and not as a regular repository issue. -- Prepare a fix and regression tests. -- Backport the fix and make a patch release for most recent release. -- Submit an advisory to [rustsec/advisory-db](https://github.com/RustSec/advisory-db). -- Refer to the advisory on the main README.md and release notes. +See [SECURITY.md] for more information. If you're *looking* for security bugs, this crate is set up for `cargo fuzz` but would benefit from more runtime, targets and corpora. From 8f582862fe3b835a7ff411b40e952084e68827b6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 20:48:06 -0400 Subject: [PATCH 0168/1145] style docs: add free-standing function note --- CONTRIBUTING.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 01206a033e..13033378cf 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -112,6 +112,14 @@ to gain an understanding of what's going on. When writing a single-use function, consider whether it needs the dedicated interface, or if it could be inlined into its caller instead. +#### Consider avoiding free-standing functions + +If a function's semantics or implementation are strongly dependent on one of its +arguments, and the argument is defined in a type within the current crate, +prefer using a method on the type. Similarly, if a function is taking multiple +arguments that originate from the same common type in all call-sites it is +a strong candidate for becoming a method on the type. + #### Order arguments from most specific to least specific When writing a function, we prefer to order arguments from most specific to From fe4d029e1af234658f53395e1a84ae29d55ba492 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 20:53:00 -0400 Subject: [PATCH 0169/1145] style docs: add note to prefer expanding acronyms --- CONTRIBUTING.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 13033378cf..50715ea315 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -169,11 +169,16 @@ code harder to read. To avoid this, try to `return` early for error cases, or #### Use concise names -We prefer concise names, especially for local variables. Avoid adding a suffix -for a variable that describes its type (provided that its type is hard to -confuse with other types -- for example, we do still use `_id` suffixes because -we usually use numeric IDs for database entities). The precision/conciseness -trade-off for variable names also depends on the scope of the binding. +We prefer concise names, especially for local variables, but prefer to +expand acronyms/abbreviations that are not very well known (e.g. prefer +`key_usage` instead of `ku`, `anonymous` instead of `anon`). Extremely common +short-forms like `url` are acceptable. + +Avoid adding a suffix for a variable that describes its type (provided that its +type is hard to confuse with other types -- for example, we do still use `_id` +suffixes because we usually use numeric IDs for database entities). The +precision/conciseness trade-off for variable names also depends on the scope of +the binding. #### Avoid `get_` prefixes From 8698e093a4150a991f93444eb12a679e35397ee4 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 20:55:42 -0400 Subject: [PATCH 0170/1145] style docs: add note about avoiding qualified types --- CONTRIBUTING.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 50715ea315..bfd2fa69c6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -196,6 +196,14 @@ We use 3 blocks of imports in our Rust files: We believe that this makes it easier to see where a particular import comes from. +We prefer to reference types and traits by an imported symbol name instead of +using qualified references. Qualification paths generally add noise and are +unnecessary. The one exception to this is when the symbol name is overly +generic, or easily confused between different crates. In this case we prefer to +import the symbol name under an alias, or if the parent module name is short, +using a one-level qualified path. E.g. for a crate with a local `Error` type, +prefer to `import std::error::Error as StdError`. + ## Licensing Contributions are made under [rustls's licenses](LICENSE). From 22fab108e4ed328f54c8b75f27e48f0dd0d8b24e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 20:59:57 -0400 Subject: [PATCH 0171/1145] style docs: note about hoisting expression commonality --- CONTRIBUTING.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bfd2fa69c6..7a91633941 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -165,6 +165,26 @@ levels, which we call "rightward drift". This makes lines shorter, making the code harder to read. To avoid this, try to `return` early for error cases, or `continue` early in a loop to skip an iteration. +#### Hoist common expression returns + +When writing a `match` or `if` expression that has arms that each share a return +type (e.g. `Ok(...)`), hoist the commonality outside the `match`. This helps +separate out the important differences and reduces code duplication. + +```rust +// Incorrect: +match foo { + 1..10 => Ok(do_one_thing()), + _ => Ok(do_another()), +} + +// Correct: +Ok(match foo { + 1..10 => do_one_thing(), + _ => do_another(), +}) +``` + ### Naming #### Use concise names From bcedd9d26a4e51630cd70c2c14e23c16175f031a Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 21:02:03 -0400 Subject: [PATCH 0172/1145] style docs: avoid ref in match --- CONTRIBUTING.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7a91633941..e3ef63f095 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -185,6 +185,18 @@ Ok(match foo { }) ``` +#### Avoid `ref` in match patterns + +When writing match expressions, try to avoid using `ref` in patterns. Prefer +taking a reference on the +[scrutinee](https://doc.rust-lang.org/reference/expressions/match-expr.html) +of the `match`. + +Since the addition of [binding +modes](https://rust-lang.github.io/rfcs/2005-match-ergonomics.html) for improved +match ergonomics the `ref` keyword is unidiomatic and can be unfamiliar to +readers. + ### Naming #### Use concise names From 0d0cf38d892546c548a1c44f4a1f8053ed406077 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 21:05:17 -0400 Subject: [PATCH 0173/1145] style docs: "parse, don't validate" style --- CONTRIBUTING.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e3ef63f095..290f1df769 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -129,6 +129,14 @@ differentiating between a given function and other functions, so putting them first makes it easier to infer the context/meaning of the function (compared to starting with a number of generic context-like types). +#### Validation + +Where possible, avoid writing `validate` or `check` type functions that try to +check for error conditions based on the state of a populated object. Prefer +["parse, don't validate"](https://lexi-lambda.github.io/blog/2019/11/05/parse-don-t-validate/) +style and try to use the type system to make it impossible for invalid states to +be represented. + #### Error handling We use `Result` types pervasively throughout the code to signal error cases. We From 014cfdc36ffb03cedaebc4e24e091d387c1da229 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 21:08:37 -0400 Subject: [PATCH 0174/1145] style docs: don't elide lifetimes --- CONTRIBUTING.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 290f1df769..110d042920 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -226,6 +226,12 @@ Per the [API guidelines](https://rust-lang.github.io/api-guidelines/naming.html#getter-names-follow-rust-convention-c-getter), `get_()` prefixes are discouraged. +#### Don't elide generic lifetimes + +We prefer not to elide lifetimes when naming types that are generic over +lifetimes. Always include a lifetime placeholder (e.g. `<'_>`) to avoid +confusion. + ### Imports We use 3 blocks of imports in our Rust files: From 1d3f066081ca9c12dd5be3eba766b10c124d1f7f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 21:10:38 -0400 Subject: [PATCH 0175/1145] style docs: use `impl` where possible --- CONTRIBUTING.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 110d042920..b4b6304cb2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -129,6 +129,12 @@ differentiating between a given function and other functions, so putting them first makes it easier to infer the context/meaning of the function (compared to starting with a number of generic context-like types). +#### Use `impl` where possible + +We prefer to use `impl ...` for arguments and return types when there's a single +use of the type. Generic type argument bounds add a level of indirection that's +harder to read in one pass. + #### Validation Where possible, avoid writing `validate` or `check` type functions that try to From d97973a572e98264b616f19551983bf7da65b349 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 21:14:24 -0400 Subject: [PATCH 0176/1145] style docs: avoid type aliases --- CONTRIBUTING.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b4b6304cb2..629d9b815f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -256,6 +256,15 @@ import the symbol name under an alias, or if the parent module name is short, using a one-level qualified path. E.g. for a crate with a local `Error` type, prefer to `import std::error::Error as StdError`. +### Misc + +#### Avoid type aliases + +We prefer to avoid type aliases as they obfuscate the underlying type and +don't provide additional type safety. Using the +[newtype idiom](https://doc.rust-lang.org/rust-by-example/generics/new_types.html) +is one alternative when an abstraction boundary is worth the added complexity. + ## Licensing Contributions are made under [rustls's licenses](LICENSE). From e3c8b0efc3c6c0becd8582d899292554ee037c8d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 21:19:54 -0400 Subject: [PATCH 0177/1145] style docs: alphabetize enum variants --- CONTRIBUTING.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 629d9b815f..a8381985d0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -232,6 +232,12 @@ Per the [API guidelines](https://rust-lang.github.io/api-guidelines/naming.html#getter-names-follow-rust-convention-c-getter), `get_()` prefixes are discouraged. +#### Alphabetize enum variants + +When implementing or modifying an `enum` type, list its variants in alphabetical +order. It's acceptable to ignore this advice when matching the order imposed by +an external source, e.g. a standards document. + #### Don't elide generic lifetimes We prefer not to elide lifetimes when naming types that are generic over From a5329212fe08e91084a5d990a1116044c50a1a5e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 21:21:04 -0400 Subject: [PATCH 0178/1145] style docs: active verbs for enum variants --- CONTRIBUTING.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a8381985d0..e84b2400a7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -232,12 +232,16 @@ Per the [API guidelines](https://rust-lang.github.io/api-guidelines/naming.html#getter-names-follow-rust-convention-c-getter), `get_()` prefixes are discouraged. -#### Alphabetize enum variants +#### Enum variants When implementing or modifying an `enum` type, list its variants in alphabetical order. It's acceptable to ignore this advice when matching the order imposed by an external source, e.g. a standards document. +Prefer active verbs for variant names. E.g. `Allow` instead of `Allowed`, +`Forbid` instead of `Forbidden`. Avoid faux-bools like `Yes` and `No`, instead +preferring variant names that are descriptive of the different states. + #### Don't elide generic lifetimes We prefer not to elide lifetimes when naming types that are generic over From 87d3e0ceae0b91b8d1ed37f9d45bdc0fbdcaee76 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 21:23:20 -0400 Subject: [PATCH 0179/1145] style docs: advice on numeric literals --- CONTRIBUTING.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e84b2400a7..e674b4c07c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -268,6 +268,13 @@ prefer to `import std::error::Error as StdError`. ### Misc +#### Numeric literals + +Prefer a numeric base that fits with the domain of the value being used. E.g. +use hexadecimal for protocol message literals, and octal for UNIX privileges. +Use digit grouping to make larger numeric constants easy to read, e.g. use +`100_000_000` instead of `100000000`. + #### Avoid type aliases We prefer to avoid type aliases as they obfuscate the underlying type and From cb9884de63be72ca60a93df34b0ddf28d276bde4 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Sep 2023 21:24:24 -0400 Subject: [PATCH 0180/1145] style docs: clarify expect/unwrap OK for tests --- CONTRIBUTING.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e674b4c07c..be0823cac0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -145,14 +145,14 @@ be represented. #### Error handling -We use `Result` types pervasively throughout the code to signal error cases. We -prefer to avoid `unwrap()` and `expect()` calls unless there is a clear -invariant which can be locally validated by the structure of the code. If -there is such an invariant, we usually add a comment explaining how the -invariant is upheld. In other cases (especially for error cases which can arise -from network traffic, which could represent an attacker), we always prefer to -handle errors and ultimately return an error to the network peer or close the -connection. +We use `Result` types pervasively throughout the code to signal error cases. +Outside of unit/integration tests we prefer to avoid `unwrap()` and `expect()` +calls unless there is a clear invariant which can be locally validated by the +structure of the code. If there is such an invariant, we usually add a comment +explaining how the invariant is upheld. In other cases (especially for error +cases which can arise from network traffic, which could represent an attacker), +we always prefer to handle errors and ultimately return an error to the network +peer or close the connection. ### Expressions From 274b285d15808e645c21faf4bcd545e038c1e144 Mon Sep 17 00:00:00 2001 From: Josh Aas Date: Fri, 15 Sep 2023 10:10:44 -0400 Subject: [PATCH 0181/1145] Update the readme with the following changes: - Don't list dependencies in the headline - Remove relativistic language like "mature" and "widely" - Remove possible future features as it is incomplete and thus misleading, should eventually replace with a roadmap - Make it clear that Rustls provides no unsafe features *by default* - remove self-signed certs and compression from non-features list because it's nuanced and we don't want to turn people away - Add a list of project leadership --- README.md | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index d3178074c9..de5822682f 100644 --- a/README.md +++ b/README.md @@ -3,13 +3,11 @@

-Rustls is a modern TLS library written in Rust. It uses ring for cryptography and webpki for certificate -verification. +Rustls is a modern TLS library written in Rust.

# Status -Rustls is mature and widely used. While most of the API surface is stable, we expect the next -few releases will make further changes as needed to accomodate new features or performance improvements. +Rustls is ready for production use. We aim to maintain reasonable API surface stability but the API may evolve as we make changes to accomodate new features or performance improvements. If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md). @@ -23,12 +21,13 @@ If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md). Release history can be found [on GitHub](https://github.com/rustls/rustls/releases). # Documentation -Lives here: https://docs.rs/rustls/ + +https://docs.rs/rustls/ # Approach Rustls is a TLS library that aims to provide a good level of cryptographic security, requires no configuration to achieve that security, and provides no unsafe features or -obsolete cryptography. +obsolete cryptography by default. ## Current features @@ -53,12 +52,6 @@ obsolete cryptography. * Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)). * OCSP stapling by servers. -## Possible future features - -* PSK support. -* OCSP verification by clients. -* Certificate pinning. - ## Non-features For reasons [explained in the manual](https://docs.rs/rustls/latest/rustls/manual/_02_tls_vulnerabilities/index.html), @@ -72,10 +65,8 @@ rustls does not and will not support: * Ciphersuites without forward secrecy. * Renegotiation. * Kerberos. -* Compression. * Discrete-log Diffie-Hellman. * Automatic protocol version downgrade. -* Self-signed certificates. There are plenty of other libraries that provide these features should you need them. @@ -222,6 +213,12 @@ hello world ^C ``` +# Project Leadership + +- Joe Birr-Pixton (GitHub: @ctz) +- Dirkjan Ochtman (GitHub: @djc) +- Daniel McCarney (GitHub: @cpu) + # License Rustls is distributed under the following three licenses: From 0b9e07847eca2e7d63295bc5508becbe72981899 Mon Sep 17 00:00:00 2001 From: Josh Aas Date: Fri, 15 Sep 2023 10:14:41 -0400 Subject: [PATCH 0182/1145] Fix to stay within 90 character line limit --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index de5822682f..0163d29c28 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,9 @@ Rustls is a modern TLS library written in Rust.

# Status -Rustls is ready for production use. We aim to maintain reasonable API surface stability but the API may evolve as we make changes to accomodate new features or performance improvements. +Rustls is ready for production use. We aim to maintain reasonable API surface stability +but the API may evolve as we make changes to accomodate new features or performance +improvements. If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md). From 10411018e962826d4cb8c479c5f5079cdfba1e28 Mon Sep 17 00:00:00 2001 From: Josh Aas Date: Fri, 15 Sep 2023 11:41:22 -0400 Subject: [PATCH 0183/1145] Update text regarding production status. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0163d29c28..562091fdf6 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,9 @@ Rustls is a modern TLS library written in Rust.

# Status -Rustls is ready for production use. We aim to maintain reasonable API surface stability -but the API may evolve as we make changes to accomodate new features or performance -improvements. +Rustls is used in production at many organizations and projects. We aim to maintain +reasonable API surface stability but the API may evolve as we make changes to accomodate +new features or performance improvements. If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md). From a519303f0c4a76cf3ea746e1bae0707b5001b8e0 Mon Sep 17 00:00:00 2001 From: Josh Aas Date: Fri, 15 Sep 2023 12:12:03 -0400 Subject: [PATCH 0184/1145] Fix documentation error. --- README.md | 16 ++++++++++------ rustls/src/lib.rs | 11 +++-------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 562091fdf6..1da5b7a586 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,7 @@ Rustls is a modern TLS library written in Rust.

# Status + Rustls is used in production at many organizations and projects. We aim to maintain reasonable API surface stability but the API may evolve as we make changes to accomodate new features or performance improvements. @@ -27,6 +28,7 @@ Release history can be found [on GitHub](https://github.com/rustls/rustls/releas https://docs.rs/rustls/ # Approach + Rustls is a TLS library that aims to provide a good level of cryptographic security, requires no configuration to achieve that security, and provides no unsafe features or obsolete cryptography by default. @@ -67,8 +69,10 @@ rustls does not and will not support: * Ciphersuites without forward secrecy. * Renegotiation. * Kerberos. +* TLS 1.2 protocol compression. * Discrete-log Diffie-Hellman. * Automatic protocol version downgrade. +* Self-signed certificates. There are plenty of other libraries that provide these features should you need them. @@ -215,12 +219,6 @@ hello world ^C ``` -# Project Leadership - -- Joe Birr-Pixton (GitHub: @ctz) -- Dirkjan Ochtman (GitHub: @djc) -- Daniel McCarney (GitHub: @cpu) - # License Rustls is distributed under the following three licenses: @@ -233,6 +231,12 @@ These are included as LICENSE-APACHE, LICENSE-MIT and LICENSE-ISC respectively. You may use this software under the terms of any of these licenses, at your option. +# Project Leadership + +- Joe Birr-Pixton (GitHub: @ctz) +- Dirkjan Ochtman (GitHub: @djc) +- Daniel McCarney (GitHub: @cpu) + # Code of conduct This project adopts the [Rust Code of Conduct](https://www.rust-lang.org/policies/code-of-conduct). diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index d94d6e7bb4..8f2f18c283 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -1,7 +1,8 @@ //! # Rustls - a modern TLS library +//! //! Rustls is a TLS library that aims to provide a good level of cryptographic security, //! requires no configuration to achieve that security, and provides no unsafe features or -//! obsolete cryptography. +//! obsolete cryptography by default. //! //! ## Current features //! @@ -26,12 +27,6 @@ //! * Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)). //! * OCSP stapling by servers. //! -//! ## Possible future features -//! -//! * PSK support. -//! * OCSP verification by clients. -//! * Certificate pinning. -//! //! ## Non-features //! //! For reasons [explained in the manual](manual), @@ -45,7 +40,7 @@ //! * Ciphersuites without forward secrecy. //! * Renegotiation. //! * Kerberos. -//! * Compression. +//! * TLS 1.2 protocol compression. //! * Discrete-log Diffie-Hellman. //! * Automatic protocol version downgrade. //! * Self-signed certificates. From 0e1908890d4fe06f703ec0a506b463b63078f134 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 6 Sep 2023 11:12:30 +0100 Subject: [PATCH 0185/1145] Use dynamic dispatch for key exchanges This turns `SupportedKxGroup` into a trait, which can tell you which `NamedGroup` it is, and `start()` an `ActiveKeyExchange`. An `ActiveKeyExchange` represents the need for the peer's public key which can be passed to `ActiveKeyExchange::complete`. Unfortunately we can't be generic at compile-time over the various uses of the resulting shared secret, so define a further type which encapsulates the resulting shared secret. Predefined key exchange algorithms (eg `rustls::kx_group::X25519`) are now `&'static dyn rustls::SupportedKxGroup`. The remainder of this commit is noise as much code ceased needing to be generic of CryptoProvider (for its `KeyExchange` associated type). --- examples/src/bin/limitedclient.rs | 2 +- provider-example/src/kx.rs | 47 ++++----- provider-example/src/lib.rs | 6 +- rustls/examples/internal/bogo_shim.rs | 8 +- rustls/src/builder.rs | 38 ++++--- rustls/src/client/builder.rs | 16 +-- rustls/src/client/client_conn.rs | 4 +- rustls/src/client/hs.rs | 23 +++-- rustls/src/client/tls12.rs | 25 +++-- rustls/src/client/tls13.rs | 18 ++-- rustls/src/crypto/mod.rs | 78 +++++++------- rustls/src/crypto/ring/mod.rs | 141 +++++++++++--------------- rustls/src/lib.rs | 3 +- rustls/src/msgs/handshake.rs | 8 +- rustls/src/server/builder.rs | 14 +-- rustls/src/server/server_conn.rs | 4 +- rustls/src/server/tls12.rs | 37 +++---- rustls/src/server/tls13.rs | 28 ++--- rustls/src/tls12/mod.rs | 28 ++--- rustls/tests/api.rs | 24 ++--- rustls/tests/common/mod.rs | 10 +- 21 files changed, 264 insertions(+), 298 deletions(-) diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index a273ddab7a..99bc2f26de 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -18,7 +18,7 @@ fn main() { let config = rustls::ClientConfig::::builder() .with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]) - .with_kx_groups(&[&rustls::kx_group::X25519]) + .with_kx_groups(&[rustls::kx_group::X25519]) .with_protocol_versions(&[&rustls::version::TLS13]) .unwrap() .with_root_certificates(root_store) diff --git a/provider-example/src/kx.rs b/provider-example/src/kx.rs index a2e67a271c..748af98f3e 100644 --- a/provider-example/src/kx.rs +++ b/provider-example/src/kx.rs @@ -1,4 +1,4 @@ -use crypto::SupportedGroup; +use crypto::SupportedKxGroup; use rustls::crypto; pub struct KeyExchange { @@ -6,34 +6,17 @@ pub struct KeyExchange { pub_key: x25519_dalek::PublicKey, } -impl crypto::KeyExchange for KeyExchange { - type SupportedGroup = X25519; - - fn start( - name: rustls::NamedGroup, - _: &[&'static Self::SupportedGroup], - ) -> Result { - if name == rustls::NamedGroup::X25519 { - let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(rand_core::OsRng); - let pub_key = (&priv_key).into(); - Ok(KeyExchange { priv_key, pub_key }) - } else { - Err(crypto::KeyExchangeError::UnsupportedGroup) - } - } - - fn complete( - self, +impl crypto::ActiveKeyExchange for KeyExchange { + fn complete( + self: Box, peer: &[u8], - f: impl FnOnce(&[u8]) -> Result, - ) -> Result { + ) -> Result { let peer_array: [u8; 32] = peer .try_into() .map_err(|_| rustls::Error::from(rustls::PeerMisbehaved::InvalidKeyShare))?; let their_pub = x25519_dalek::PublicKey::from(peer_array); let shared_secret = self.priv_key.diffie_hellman(&their_pub); - f(shared_secret.as_bytes()) - .map_err(|_| rustls::Error::from(rustls::PeerMisbehaved::InvalidKeyShare)) + Ok(crypto::SharedSecret::from(&shared_secret.as_bytes()[..])) } fn pub_key(&self) -> &[u8] { @@ -43,19 +26,23 @@ impl crypto::KeyExchange for KeyExchange { fn group(&self) -> rustls::NamedGroup { X25519.name() } - - fn all_kx_groups() -> &'static [&'static Self::SupportedGroup] { - ALL_KX_GROUPS - } } +pub const ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[&X25519 as &dyn SupportedKxGroup]; + #[derive(Debug)] pub struct X25519; -impl crypto::SupportedGroup for X25519 { +impl crypto::SupportedKxGroup for X25519 { + fn start(&self) -> Result, rustls::crypto::GetRandomFailed> { + let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(rand_core::OsRng); + Ok(Box::new(KeyExchange { + pub_key: (&priv_key).into(), + priv_key, + })) + } + fn name(&self) -> rustls::NamedGroup { rustls::NamedGroup::X25519 } } - -const ALL_KX_GROUPS: &[&X25519] = &[&X25519]; diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 8e0ad94294..e500a85ab8 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -20,8 +20,6 @@ impl Provider { } impl rustls::crypto::CryptoProvider for Provider { - type KeyExchange = kx::KeyExchange; - fn fill_random(bytes: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { use rand_core::RngCore; rand_core::OsRng @@ -32,6 +30,10 @@ impl rustls::crypto::CryptoProvider for Provider { fn default_cipher_suites() -> &'static [rustls::SupportedCipherSuite] { ALL_CIPHER_SUITES } + + fn default_kx_groups() -> &'static [&'static dyn rustls::SupportedKxGroup] { + kx::ALL_KX_GROUPS + } } static ALL_CIPHER_SUITES: &[rustls::SupportedCipherSuite] = &[ diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 483653c8c6..636323e49b 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -357,11 +357,11 @@ fn lookup_scheme(scheme: u16) -> SignatureScheme { } } -fn lookup_kx_group(group: u16) -> &'static SupportedKxGroup { +fn lookup_kx_group(group: u16) -> &'static dyn SupportedKxGroup { match group { - 0x001d => &kx_group::X25519, - 0x0017 => &kx_group::SECP256R1, - 0x0018 => &kx_group::SECP384R1, + 0x001d => kx_group::X25519, + 0x0017 => kx_group::SECP256R1, + 0x0018 => kx_group::SECP384R1, _ => { println_err!("Unsupported kx group {:04x}", group); process::exit(BOGO_NACK); diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index d6a1b3a831..75b54b9d40 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -1,4 +1,4 @@ -use crate::crypto::{CryptoProvider, KeyExchange}; +use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::error::Error; use crate::suites::SupportedCipherSuite; use crate::versions; @@ -197,17 +197,18 @@ impl ConfigBuilder { /// Start side-specific config with defaults for underlying cryptography. /// /// If used, this will enable all safe supported cipher suites (`default_cipher_suites()` as specified by the - /// `CryptoProvider` type), all safe supported key exchange groups ([`KeyExchange::all_kx_groups`]) and all safe supported + /// `CryptoProvider` type), all safe supported key exchange groups ([`CryptoProvider::default_kx_groups()`]) and all safe supported /// protocol versions ([`DEFAULT_VERSIONS`]). /// /// These are safe defaults, useful for 99% of applications. /// /// [`DEFAULT_VERSIONS`]: versions::DEFAULT_VERSIONS - pub fn with_safe_defaults(self) -> ConfigBuilder> { + pub fn with_safe_defaults(self) -> ConfigBuilder { ConfigBuilder { state: WantsVerifier { - cipher_suites: ::default_cipher_suites().to_vec(), - kx_groups: <::KeyExchange as KeyExchange>::all_kx_groups().to_vec(), + cipher_suites: ::default_cipher_suites() + .to_vec(), + kx_groups: ::default_kx_groups().to_vec(), versions: versions::EnabledVersions::new(versions::DEFAULT_VERSIONS), }, side: self.side, @@ -250,8 +251,8 @@ impl ConfigBuilder { /// Choose a specific set of key exchange groups. pub fn with_kx_groups( self, - kx_groups: &[&'static <::KeyExchange as KeyExchange>::SupportedGroup], - ) -> ConfigBuilder> { + kx_groups: &[&'static dyn SupportedKxGroup], + ) -> ConfigBuilder { ConfigBuilder { state: WantsVersions { cipher_suites: self.state.cipher_suites, @@ -261,13 +262,11 @@ impl ConfigBuilder { } } - /// Choose the default set of key exchange groups ([`KeyExchange::all_kx_groups`]). + /// Choose the default set of key exchange groups ([`CryptoProvider::default_kx_groups`]). /// /// This is a safe default: rustls doesn't implement any poor-quality groups. - pub fn with_safe_default_kx_groups(self) -> ConfigBuilder> { - self.with_kx_groups( - <::KeyExchange as KeyExchange>::all_kx_groups(), - ) + pub fn with_safe_default_kx_groups(self) -> ConfigBuilder { + self.with_kx_groups(::default_kx_groups()) } } @@ -275,16 +274,16 @@ impl ConfigBuilder { /// /// For more information, see the [`ConfigBuilder`] documentation. #[derive(Clone, Debug)] -pub struct WantsVersions { +pub struct WantsVersions { cipher_suites: Vec, - kx_groups: Vec<&'static ::SupportedGroup>, + kx_groups: Vec<&'static dyn SupportedKxGroup>, } -impl ConfigBuilder> { +impl ConfigBuilder { /// Accept the default protocol versions: both TLS1.2 and TLS1.3 are enabled. pub fn with_safe_default_protocol_versions( self, - ) -> Result>, Error> { + ) -> Result, Error> { self.with_protocol_versions(versions::DEFAULT_VERSIONS) } @@ -292,7 +291,7 @@ impl ConfigBuilder> { pub fn with_protocol_versions( self, versions: &[&'static versions::SupportedProtocolVersion], - ) -> Result>, Error> { + ) -> Result, Error> { let mut any_usable_suite = false; for suite in &self.state.cipher_suites { if versions.contains(&suite.version()) { @@ -324,10 +323,9 @@ impl ConfigBuilder> { /// /// For more information, see the [`ConfigBuilder`] documentation. #[derive(Clone, Debug)] -pub struct WantsVerifier { +pub struct WantsVerifier { pub(crate) cipher_suites: Vec, - pub(crate) kx_groups: - Vec<&'static <::KeyExchange as KeyExchange>::SupportedGroup>, + pub(crate) kx_groups: Vec<&'static dyn SupportedKxGroup>, pub(crate) versions: versions::EnabledVersions, } diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 0539fa8a13..d8db857e84 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -1,7 +1,7 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::client::handy; use crate::client::{ClientConfig, ResolvesClientCert}; -use crate::crypto::{CryptoProvider, KeyExchange}; +use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::key_log::NoKeyLog; use crate::suites::SupportedCipherSuite; #[cfg(feature = "ring")] @@ -16,13 +16,13 @@ use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::sync::Arc; use core::marker::PhantomData; -impl ConfigBuilder, WantsVerifier> { +impl ConfigBuilder, WantsVerifier> { #[cfg(feature = "ring")] /// Choose how to verify server certificates. pub fn with_root_certificates( self, root_store: impl Into>, - ) -> ConfigBuilder, WantsClientCert> { + ) -> ConfigBuilder, WantsClientCert> { ConfigBuilder { state: WantsClientCert { cipher_suites: self.state.cipher_suites, @@ -39,7 +39,7 @@ impl ConfigBuilder, WantsVerifier> { pub fn with_custom_certificate_verifier( self, verifier: Arc, - ) -> ConfigBuilder, WantsClientCert> { + ) -> ConfigBuilder, WantsClientCert> { ConfigBuilder { state: WantsClientCert { cipher_suites: self.state.cipher_suites, @@ -56,15 +56,15 @@ impl ConfigBuilder, WantsVerifier> { /// certificate. /// /// For more information, see the [`ConfigBuilder`] documentation. -#[derive(Clone, Debug)] -pub struct WantsClientCert { +#[derive(Clone)] +pub struct WantsClientCert { cipher_suites: Vec, - kx_groups: Vec<&'static <::KeyExchange as KeyExchange>::SupportedGroup>, + kx_groups: Vec<&'static dyn SupportedKxGroup>, versions: versions::EnabledVersions, verifier: Arc, } -impl ConfigBuilder, WantsClientCert> { +impl ConfigBuilder, WantsClientCert> { #[cfg(feature = "ring")] /// Sets a single certificate chain and matching private key for use /// in client authentication. diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 8048d5533c..03c91e00cf 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -1,7 +1,7 @@ use crate::builder::{ConfigBuilder, WantsCipherSuites}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCommon, ConnectionCore}; -use crate::crypto::{CryptoProvider, KeyExchange}; +use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::dns_name::{DnsName, DnsNameRef, InvalidDnsNameError}; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -134,7 +134,7 @@ pub struct ClientConfig { /// /// The first element in this list is the _default key share algorithm_, /// and in TLS1.3 a key share for it is sent in the client hello. - pub(super) kx_groups: Vec<&'static ::SupportedGroup>, + pub(super) kx_groups: Vec<&'static dyn SupportedKxGroup>, /// Which ALPN protocols we include in our client hello. /// If empty, no ALPN extension is sent. diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 44a6e42212..90e17bdbac 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -3,7 +3,7 @@ use crate::bs_debug; use crate::check::inappropriate_handshake_message; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::{CryptoProvider, KeyExchange, KeyExchangeError, SupportedGroup}; +use crate::crypto::{ActiveKeyExchange, CryptoProvider}; use crate::enums::{AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHashBuffer; @@ -20,7 +20,6 @@ use crate::msgs::handshake::{HelloRetryRequest, KeyShareEntry}; use crate::msgs::handshake::{Random, SessionId}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; -use crate::rand::GetRandomFailed; use crate::tls13::key_schedule::KeyScheduleEarly; use crate::SupportedCipherSuite; @@ -170,7 +169,7 @@ struct ExpectServerHello { input: ClientHelloInput, transcript_buffer: HandshakeHashBuffer, early_key_schedule: Option, - offered_key_share: Option, + offered_key_share: Option>, suite: Option, } @@ -194,7 +193,7 @@ struct ClientHelloInput { fn emit_client_hello_for_retry( mut transcript_buffer: HandshakeHashBuffer, retryreq: Option<&HelloRetryRequest>, - key_share: Option, + key_share: Option>, extra_exts: Vec, suite: Option, mut input: ClientHelloInput, @@ -814,16 +813,22 @@ impl ExpectServerHelloOrHelloRetryRequest { let key_share = match req_group { Some(group) if group != offered_key_share.group() => { - match KeyExchange::start(group, &config.kx_groups) { - Ok(kx) => kx, - Err(KeyExchangeError::UnsupportedGroup) => { + let skxg = match config + .kx_groups + .iter() + .find(|skxg| skxg.name() == group) + { + Some(skxg) => skxg, + None => { return Err(cx.common.send_fatal_alert( AlertDescription::IllegalParameter, PeerMisbehaved::IllegalHelloRetryRequestWithUnofferedNamedGroup, )); } - Err(KeyExchangeError::GetRandomFailed) => return Err(GetRandomFailed.into()), - } + }; + + skxg.start() + .map_err(|_| Error::FailedToGetRandomBytes)? } _ => offered_key_share, }; diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index aae0237bb3..002d4d959a 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -1,7 +1,7 @@ use crate::check::{inappropriate_handshake_message, inappropriate_message}; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::{CryptoProvider, KeyExchange, KeyExchangeError}; +use crate::crypto::CryptoProvider; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; @@ -29,7 +29,6 @@ use super::hs::ClientContext; use crate::client::common::ClientAuthDetails; use crate::client::common::ServerCertDetails; use crate::client::{hs, ClientConfig, ServerName}; -use crate::rand::GetRandomFailed; use pki_types::UnixTime; use subtle::ConstantTimeEq; @@ -766,14 +765,20 @@ impl State for ExpectServerDone { let ecdh_params = tls12::decode_ecdh_params::(cx.common, &st.server_kx.kx_params)?; let named_group = ecdh_params.curve_params.named_group; - let kx = - match <::KeyExchange>::start(named_group, &st.config.kx_groups) { - Ok(kx) => kx, - Err(KeyExchangeError::UnsupportedGroup) => { - return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into()) - } - Err(KeyExchangeError::GetRandomFailed) => return Err(GetRandomFailed.into()), - }; + let skxg = match st + .config + .kx_groups + .iter() + .find(|skxg| skxg.name() == named_group) + { + Some(skxg) => skxg, + None => { + return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into()); + } + }; + let kx = skxg + .start() + .map_err(|_| Error::FailedToGetRandomBytes)?; // 5b. let mut transcript = st.transcript; diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 745a19bd48..a5ec17eaa8 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -6,7 +6,7 @@ use crate::common_state::Side; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; use crate::crypto; -use crate::crypto::{CryptoProvider, KeyExchange, SupportedGroup}; +use crate::crypto::{ActiveKeyExchange, CryptoProvider}; use crate::enums::{ AlertDescription, ContentType, HandshakeType, ProtocolVersion, SignatureScheme, }; @@ -76,7 +76,7 @@ pub(super) fn handle_server_hello( transcript: HandshakeHash, early_key_schedule: Option, hello: ClientHelloDetails, - our_key_share: C::KeyExchange, + our_key_share: Box, mut sent_tls13_fake_ccs: bool, ) -> hs::NextStateOrError { validate_server_hello(cx.common, server_hello)?; @@ -150,9 +150,8 @@ pub(super) fn handle_server_hello( KeySchedulePreHandshake::new(suite) }; - let key_schedule = our_key_share.complete(&their_key_share.payload.0, |secret| { - Ok(key_schedule_pre_handshake.into_handshake(secret)) - })?; + let shared_secret = our_key_share.complete(&their_key_share.payload.0)?; + let key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret.secret_bytes()); // Remember what KX group the server liked for next time. config @@ -207,7 +206,7 @@ fn validate_server_hello( pub(super) fn initial_key_share( config: &ClientConfig, server_name: &ServerName, -) -> Result { +) -> Result, Error> { let group = config .resumption .store @@ -223,10 +222,11 @@ pub(super) fn initial_key_share( .kx_groups .first() .expect("No kx groups configured") - }) - .name(); + }); - KeyExchange::start(group, &config.kx_groups).map_err(|_| Error::FailedToGetRandomBytes) + group + .start() + .map_err(|_| Error::FailedToGetRandomBytes) } /// This implements the horrifying TLS1.3 hack where PSK binders have a diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index dc52fe75bf..b2c6a0f241 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -25,69 +25,65 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// Pluggable crypto galore. pub trait CryptoProvider: Send + Sync + 'static { - /// KeyExchange operations that are supported by the provider. - type KeyExchange: KeyExchange; - /// Fill the given buffer with random bytes. fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>; /// Provide a safe set of cipher suites that can be used as the defaults. fn default_cipher_suites() -> &'static [suites::SupportedCipherSuite]; -} -/// An in-progress key exchange over a [SupportedGroup]. -pub trait KeyExchange: Sized + Send + Sync + 'static { - /// The supported group the key exchange is operating over. - type SupportedGroup: SupportedGroup; + /// Return a safe set of supported key exchange groups to be used as the defaults. + fn default_kx_groups() -> &'static [&'static dyn SupportedKxGroup]; +} - /// Start a key exchange using the [NamedGroup] if it is a suitable choice - /// based on the groups supported. +/// A supported key exchange group. +/// +/// This has a TLS-level name expressed using the [`NamedGroup`] enum, and +/// a function which produces a [`ActiveKeyExchange`]. +pub trait SupportedKxGroup: Send + Sync + Debug { + /// Start a key exchange. /// /// This will prepare an ephemeral secret key in the supported group, and a corresponding - /// public key. The key exchange must be completed by calling [KeyExchange#complete]. - /// - /// `name` gives the name of the chosen key exchange group that should be used. `supported` - /// is the configured collection of supported key exchange groups. Implementation-specific - /// data can be looked up in this array (based on `name`) to allow unconfigured algorithms - /// to be discarded by the linker. + /// public key. The key exchange can be completed by calling [ActiveKeyExchange#complete] + /// or discarded. /// /// # Errors /// - /// Returns an error if the [NamedGroup] is not supported, or if a key exchange - /// can't be started. - fn start( - name: NamedGroup, - supported: &[&'static Self::SupportedGroup], - ) -> Result; + /// This can fail if the random source fails during ephemeral key generation. + fn start(&self) -> Result, GetRandomFailed>; + + /// Named group the SupportedKxGroup operates in. + fn name(&self) -> NamedGroup; +} +/// An in-progress key exchange originating from a `SupportedKxGroup`. +pub trait ActiveKeyExchange: Send + Sync { /// Completes the key exchange, given the peer's public key. /// - /// The shared secret is passed into the closure passed down in `f`, and the result of calling - /// `f` is returned to the caller. - fn complete(self, peer: &[u8], f: impl FnOnce(&[u8]) -> Result) -> Result; - - /// Return the group being used. - fn group(&self) -> NamedGroup; + /// The shared secret is returned as a [`SharedSecret`] which can be constructed + /// from a `&[u8]`. + /// + /// This consumes and so terminates the [`ActiveKeyExchange`]. + fn complete(self: Box, peer_pub_key: &[u8]) -> Result; /// Return the public key being used. fn pub_key(&self) -> &[u8]; - /// Return all supported key exchange groups. - fn all_kx_groups() -> &'static [&'static Self::SupportedGroup]; + /// Return the group being used. + fn group(&self) -> NamedGroup; } -/// Enumerates possible key exchange errors. -#[derive(Debug)] -pub enum KeyExchangeError { - /// Returned when the specified group is unsupported. - UnsupportedGroup, +/// The result from `ActiveKeyExchange::complete` as a value. +pub struct SharedSecret(Vec); - /// Random material generation failure during key generation/exchange. - GetRandomFailed, +impl SharedSecret { + /// Returns the shared secret as a slice of bytes. + pub(crate) fn secret_bytes(&self) -> &[u8] { + &self.0 + } } -/// A trait describing a supported key exchange group that can be identified by name. -pub trait SupportedGroup: Debug + Send + Sync + 'static { - /// Named group the SupportedGroup operates in. - fn name(&self) -> NamedGroup; +impl From<&[u8]> for SharedSecret { + fn from(source: &[u8]) -> Self { + Self(source.to_vec()) + } } diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index f79fba0616..37c70def4c 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -1,4 +1,4 @@ -use crate::crypto::{CryptoProvider, KeyExchangeError, SupportedGroup}; +use crate::crypto::{ActiveKeyExchange, CryptoProvider, SharedSecret, SupportedKxGroup}; use crate::error::{Error, PeerMisbehaved}; use crate::msgs::enums::NamedGroup; use crate::rand::GetRandomFailed; @@ -28,8 +28,6 @@ pub mod sign; pub struct Ring; impl CryptoProvider for Ring { - type KeyExchange = KeyExchange; - fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed> { SystemRandom::new() .fill(buf) @@ -39,6 +37,11 @@ impl CryptoProvider for Ring { fn default_cipher_suites() -> &'static [SupportedCipherSuite] { DEFAULT_CIPHER_SUITES } + + /// Return all supported key exchange groups. + fn default_kx_groups() -> &'static [&'static dyn SupportedKxGroup] { + ALL_KX_GROUPS + } } /// The cipher suite configuration that an application should use by default. @@ -68,118 +71,98 @@ pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[ tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ]; -/// An in-progress key exchange. This has the algorithm, -/// our private key, and our public key. -#[derive(Debug)] -pub struct KeyExchange { - group: &'static SupportedKxGroup, - priv_key: EphemeralPrivateKey, - pub_key: ring::agreement::PublicKey, -} - -impl super::KeyExchange for KeyExchange { - type SupportedGroup = SupportedKxGroup; - - fn start( - name: NamedGroup, - supported: &[&'static SupportedKxGroup], - ) -> Result { - let group = match supported - .iter() - .find(|group| group.name == name) - { - Some(group) => group, - None => return Err(KeyExchangeError::UnsupportedGroup), - }; - - let rng = SystemRandom::new(); - let priv_key = match EphemeralPrivateKey::generate(group.agreement_algorithm, &rng) { - Ok(priv_key) => priv_key, - Err(_) => return Err(KeyExchangeError::GetRandomFailed), - }; - - let pub_key = match priv_key.compute_public_key() { - Ok(pub_key) => pub_key, - Err(_) => return Err(KeyExchangeError::GetRandomFailed), - }; - - Ok(Self { - group, - priv_key, - pub_key, - }) - } - - /// Completes the key exchange, given the peer's public key. - /// - /// The shared secret is passed into the closure passed down in `f`, and the result of calling - /// `f` is returned to the caller. - fn complete(self, peer: &[u8], f: impl FnOnce(&[u8]) -> Result) -> Result { - let peer_key = UnparsedPublicKey::new(self.group.agreement_algorithm, peer); - agree_ephemeral(self.priv_key, &peer_key, (), f) - .map_err(|()| PeerMisbehaved::InvalidKeyShare.into()) - } - - /// Return the group being used. - fn group(&self) -> NamedGroup { - self.group.name - } - - /// Return the public key being used. - fn pub_key(&self) -> &[u8] { - self.pub_key.as_ref() - } - - /// Return all supported key exchange groups. - fn all_kx_groups() -> &'static [&'static Self::SupportedGroup] { - &ALL_KX_GROUPS - } -} - /// A key-exchange group supported by *ring*. /// /// All possible instances of this class are provided by the library in /// the `ALL_KX_GROUPS` array. -pub struct SupportedKxGroup { +pub struct KxGroup { /// The IANA "TLS Supported Groups" name of the group - pub name: NamedGroup, + name: NamedGroup, /// The corresponding ring agreement::Algorithm agreement_algorithm: &'static ring::agreement::Algorithm, } -impl SupportedGroup for SupportedKxGroup { +impl SupportedKxGroup for KxGroup { + fn start(&self) -> Result, GetRandomFailed> { + let rng = SystemRandom::new(); + let priv_key = EphemeralPrivateKey::generate(self.agreement_algorithm, &rng) + .map_err(|_| GetRandomFailed)?; + + let pub_key = priv_key + .compute_public_key() + .map_err(|_| GetRandomFailed)?; + + Ok(Box::new(KeyExchange { + name: self.name, + agreement_algorithm: self.agreement_algorithm, + priv_key, + pub_key, + })) + } + fn name(&self) -> NamedGroup { self.name } } -impl fmt::Debug for SupportedKxGroup { +impl fmt::Debug for KxGroup { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { self.name.fmt(f) } } /// Ephemeral ECDH on curve25519 (see RFC7748) -pub static X25519: SupportedKxGroup = SupportedKxGroup { +pub static X25519: &dyn SupportedKxGroup = &KxGroup { name: NamedGroup::X25519, agreement_algorithm: &ring::agreement::X25519, }; /// Ephemeral ECDH on secp256r1 (aka NIST-P256) -pub static SECP256R1: SupportedKxGroup = SupportedKxGroup { +pub static SECP256R1: &dyn SupportedKxGroup = &KxGroup { name: NamedGroup::secp256r1, agreement_algorithm: &ring::agreement::ECDH_P256, }; /// Ephemeral ECDH on secp384r1 (aka NIST-P384) -pub static SECP384R1: SupportedKxGroup = SupportedKxGroup { +pub static SECP384R1: &dyn SupportedKxGroup = &KxGroup { name: NamedGroup::secp384r1, agreement_algorithm: &ring::agreement::ECDH_P384, }; /// A list of all the key exchange groups supported by rustls. -pub static ALL_KX_GROUPS: [&SupportedKxGroup; 3] = [&X25519, &SECP256R1, &SECP384R1]; +pub static ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[X25519, SECP256R1, SECP384R1]; + +/// An in-progress key exchange. This has the algorithm, +/// our private key, and our public key. +#[derive(Debug)] +pub struct KeyExchange { + name: NamedGroup, + agreement_algorithm: &'static ring::agreement::Algorithm, + priv_key: EphemeralPrivateKey, + pub_key: ring::agreement::PublicKey, +} + +impl ActiveKeyExchange for KeyExchange { + /// Completes the key exchange, given the peer's public key. + fn complete(self: Box, peer: &[u8]) -> Result { + let peer_key = UnparsedPublicKey::new(self.agreement_algorithm, peer); + agree_ephemeral(self.priv_key, &peer_key, (), |secret| { + Ok(SharedSecret::from(secret)) + }) + .map_err(|()| PeerMisbehaved::InvalidKeyShare.into()) + } + + /// Return the group being used. + fn group(&self) -> NamedGroup { + self.name + } + + /// Return the public key being used. + fn pub_key(&self) -> &[u8] { + self.pub_key.as_ref() + } +} /// All defined key exchange groups supported by *ring* appear in this module. /// diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 8f2f18c283..3db07d4753 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -379,9 +379,10 @@ pub use crate::conn::{Connection, ConnectionCommon, Reader, SideData, Writer}; #[cfg(feature = "ring")] pub use crate::crypto::ring::Ticketer; #[cfg(feature = "ring")] -pub use crate::crypto::ring::{SupportedKxGroup, ALL_KX_GROUPS}; +pub use crate::crypto::ring::ALL_KX_GROUPS; #[cfg(feature = "ring")] pub use crate::crypto::ring::{ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES}; +pub use crate::crypto::SupportedKxGroup; pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, SignatureScheme, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 4324e3c5c5..7fdbddba8f 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1,5 +1,5 @@ #![allow(non_camel_case_types)] -use crate::crypto::CryptoProvider; +use crate::crypto::{ActiveKeyExchange, CryptoProvider}; use crate::dns_name::{DnsName, DnsNameRef}; use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; use crate::error::InvalidMessage; @@ -1504,13 +1504,13 @@ pub struct ServerECDHParams { } impl ServerECDHParams { - pub fn new(named_group: NamedGroup, pubkey: &[u8]) -> Self { + pub fn new(kx: &dyn ActiveKeyExchange) -> Self { Self { curve_params: ECParameters { curve_type: ECCurveType::NamedCurve, - named_group, + named_group: kx.group(), }, - public: PayloadU8::new(pubkey.to_vec()), + public: PayloadU8::new(kx.pub_key().to_vec()), } } } diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 54d6c5445a..394c2caa70 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -1,5 +1,5 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; -use crate::crypto::{CryptoProvider, KeyExchange}; +use crate::crypto::{CryptoProvider, SupportedKxGroup}; #[cfg(feature = "ring")] use crate::error::Error; use crate::server::handy; @@ -15,12 +15,12 @@ use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::sync::Arc; use core::marker::PhantomData; -impl ConfigBuilder, WantsVerifier> { +impl ConfigBuilder, WantsVerifier> { /// Choose how to verify client certificates. pub fn with_client_cert_verifier( self, client_cert_verifier: Arc, - ) -> ConfigBuilder, WantsServerCert> { + ) -> ConfigBuilder, WantsServerCert> { ConfigBuilder { state: WantsServerCert { cipher_suites: self.state.cipher_suites, @@ -33,7 +33,7 @@ impl ConfigBuilder, WantsVerifier> { } /// Disable client authentication. - pub fn with_no_client_auth(self) -> ConfigBuilder, WantsServerCert> { + pub fn with_no_client_auth(self) -> ConfigBuilder, WantsServerCert> { self.with_client_cert_verifier(Arc::new(NoClientAuth)) } } @@ -43,14 +43,14 @@ impl ConfigBuilder, WantsVerifier> { /// /// For more information, see the [`ConfigBuilder`] documentation. #[derive(Clone, Debug)] -pub struct WantsServerCert { +pub struct WantsServerCert { cipher_suites: Vec, - kx_groups: Vec<&'static ::SupportedGroup>, + kx_groups: Vec<&'static dyn SupportedKxGroup>, versions: versions::EnabledVersions, verifier: Arc, } -impl ConfigBuilder, WantsServerCert> { +impl ConfigBuilder, WantsServerCert> { #[cfg(feature = "ring")] /// Sets a single certificate chain and matching private key. This /// certificate and key is used for all subsequent connections, diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 3b97466ce1..a5623a3e76 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,7 +1,7 @@ use crate::builder::{ConfigBuilder, WantsCipherSuites}; use crate::common_state::{CommonState, Context, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore}; -use crate::crypto::{CryptoProvider, KeyExchange}; +use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::dns_name::DnsName; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -215,7 +215,7 @@ pub struct ServerConfig { /// /// The first is the highest priority: they will be /// offered to the client in this order. - pub(super) kx_groups: Vec<&'static ::SupportedGroup>, + pub(super) kx_groups: Vec<&'static dyn SupportedKxGroup>, /// Ignore the client's ciphersuite order. Instead, /// choose the top ciphersuite in the server list diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 377a49099b..bab23256f1 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -1,7 +1,7 @@ use crate::check::inappropriate_message; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::CryptoProvider; +use crate::crypto::{ActiveKeyExchange, CryptoProvider}; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; @@ -15,7 +15,6 @@ use crate::msgs::handshake::{ClientECDHParams, HandshakeMessagePayload, Handshak use crate::msgs::handshake::{NewSessionTicketPayload, SessionId}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; -use crate::rand::GetRandomFailed; #[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite}; @@ -33,10 +32,9 @@ use alloc::sync::Arc; pub(super) use client_hello::CompleteClientHelloHandling; mod client_hello { - use crate::crypto::{KeyExchange, SupportedGroup}; + use crate::crypto::SupportedKxGroup; use crate::enums::SignatureScheme; use crate::msgs::enums::ECPointFormat; - use crate::msgs::enums::NamedGroup; use crate::msgs::enums::{ClientCertificateType, Compression}; use crate::msgs::handshake::ServerECDHParams; use crate::msgs::handshake::{CertificateRequestPayload, ClientSessionTicket, Random}; @@ -182,8 +180,7 @@ mod client_hello { AlertDescription::HandshakeFailure, PeerIncompatible::NoKxGroupsInCommon, ) - })? - .name(); + })?; let ecpoint = ECPointFormat::SUPPORTED .iter() @@ -224,10 +221,9 @@ mod client_hello { if let Some(ocsp_response) = ocsp_response { emit_cert_status(&mut self.transcript, cx.common, ocsp_response); } - let server_kx = emit_server_kx::( + let server_kx = emit_server_kx( &mut self.transcript, cx.common, - &self.config, sigschemes, group, server_key.get_key(), @@ -404,25 +400,18 @@ mod client_hello { common.send_msg(c, false); } - fn emit_server_kx( + fn emit_server_kx( transcript: &mut HandshakeHash, common: &mut CommonState, - config: &ServerConfig, sigschemes: Vec, - selected_group: NamedGroup, + selected_group: &'static dyn SupportedKxGroup, signing_key: &dyn sign::SigningKey, randoms: &ConnectionRandoms, - ) -> Result { - let kx = match <::KeyExchange as KeyExchange>::start( - selected_group, - &config.kx_groups, - ) { - Ok(kx) => kx, - Err(_) => { - return Err(GetRandomFailed.into()); - } - }; - let secdh = ServerECDHParams::new(selected_group, kx.pub_key()); + ) -> Result, Error> { + let kx = selected_group + .start() + .map_err(|_| Error::FailedToGetRandomBytes)?; + let secdh = ServerECDHParams::new(&*kx); let mut msg = Vec::new(); msg.extend(randoms.client); @@ -516,7 +505,7 @@ struct ExpectCertificate { session_id: SessionId, suite: &'static Tls12CipherSuite, using_ems: bool, - server_kx: C::KeyExchange, + server_kx: Box, send_ticket: bool, } @@ -584,7 +573,7 @@ struct ExpectClientKx { session_id: SessionId, suite: &'static Tls12CipherSuite, using_ems: bool, - server_kx: C::KeyExchange, + server_kx: Box, client_cert: Option>>, send_ticket: bool, } diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index ca7860374c..1400cebe85 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -42,7 +42,7 @@ use subtle::ConstantTimeEq; pub(super) use client_hello::CompleteClientHelloHandling; mod client_hello { - use crate::crypto::{KeyExchange, SupportedGroup}; + use crate::crypto::SupportedKxGroup; use crate::enums::SignatureScheme; use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; @@ -201,7 +201,7 @@ mod client_hello { } // choose a share that we support - let chosen_share = self + let chosen_share_and_kxg = self .config .kx_groups .iter() @@ -209,9 +209,10 @@ mod client_hello { shares_ext .iter() .find(|share| share.group == group.name()) + .map(|share| (share, *group)) }); - let chosen_share = match chosen_share { + let chosen_share_and_kxg = match chosen_share_and_kxg { Some(s) => s, None => { // We don't have a suitable key share. Choose a suitable group and @@ -362,7 +363,7 @@ mod client_hello { self.suite, cx, &client_hello.session_id, - chosen_share, + chosen_share_and_kxg, chosen_psk_index, resumedata .as_ref() @@ -480,19 +481,19 @@ mod client_hello { suite: &'static Tls13CipherSuite, cx: &mut ServerContext<'_>, session_id: &SessionId, - share: &KeyShareEntry, + share_and_kxgroup: (&KeyShareEntry, &'static dyn SupportedKxGroup), chosen_psk_idx: Option, resuming_psk: Option<&[u8]>, config: &ServerConfig, ) -> Result { let mut extensions = Vec::new(); - // Prepare key exchange; the caller ascertained that the `share.group` is supported - let kx = <::KeyExchange as KeyExchange>::start( - share.group, - &config.kx_groups, - ) - .map_err(|_| Error::FailedToGetRandomBytes)?; + // Prepare key exchange; the caller already found the matching SupportedKxGroup + let (share, kxgroup) = share_and_kxgroup; + debug_assert_eq!(kxgroup.name(), share.group); + let kx = kxgroup + .start() + .map_err(|_| Error::FailedToGetRandomBytes)?; let kse = KeyShareEntry::new(share.group, kx.pub_key()); extensions.push(ServerExtension::KeyShare(kse)); @@ -541,9 +542,8 @@ mod client_hello { }; // Do key exchange - let key_schedule = kx.complete(&share.payload.0, |secret| { - Ok(key_schedule_pre_handshake.into_handshake(secret)) - })?; + let shared_secret = kx.complete(&share.payload.0)?; + let key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret.secret_bytes()); let handshake_hash = transcript.get_current_hash(); let key_schedule = key_schedule.derive_server_handshake_secrets( diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index fe6c42d11c..561a54b43a 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -76,7 +76,7 @@ pub(crate) struct ConnectionSecrets { impl ConnectionSecrets { pub(crate) fn from_key_exchange( - kx: impl crypto::KeyExchange, + kx: Box, peer_pub_key: &[u8], ems_seed: Option, randoms: ConnectionRandoms, @@ -96,15 +96,16 @@ impl ConnectionSecrets { ), }; - kx.complete(peer_pub_key, |secret| { - prf::prf( - &mut ret.master_secret, - &*suite.hmac_provider.with_key(secret), - label.as_bytes(), - seed.as_ref(), - ); - Ok(()) - })?; + let shared_secret = kx.complete(peer_pub_key)?; + prf::prf( + &mut ret.master_secret, + &*ret + .suite + .hmac_provider + .with_key(shared_secret.secret_bytes()), + label.as_bytes(), + seed.as_ref(), + ); Ok(ret) } @@ -316,14 +317,13 @@ pub(crate) const DOWNGRADE_SENTINEL: [u8; 8] = [0x44, 0x4f, 0x57, 0x4e, 0x47, 0x mod tests { use super::*; use crate::common_state::{CommonState, Side}; - use crate::crypto::ring::{self, X25519}; - use crate::crypto::KeyExchange; + use crate::crypto::ring::X25519; use crate::msgs::handshake::{ClientECDHParams, ServerECDHParams}; #[test] fn server_ecdhe_remaining_bytes() { - let key = ring::KeyExchange::start(crate::NamedGroup::X25519, &[&X25519]).unwrap(); - let server_params = ServerECDHParams::new(key.group(), key.pub_key()); + let key = X25519.start().unwrap(); + let server_params = ServerECDHParams::new(&*key); let mut server_buf = Vec::new(); server_params.encode(&mut server_buf); server_buf.push(34); diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 813691a13d..b071788e59 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -452,7 +452,7 @@ fn test_config_builders_debug() { ); let b = b.with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); assert_eq!("ConfigBuilder, _> { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256] } }", format!("{:?}", b)); - let b = b.with_kx_groups(&[&rustls::kx_group::X25519]); + let b = b.with_kx_groups(&[rustls::kx_group::X25519]); assert_eq!("ConfigBuilder, _> { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519] } }", format!("{:?}", b)); let b = b .with_protocol_versions(&[&rustls::version::TLS13]) @@ -467,7 +467,7 @@ fn test_config_builders_debug() { ); let b = b.with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); assert_eq!("ConfigBuilder, _> { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256] } }", format!("{:?}", b)); - let b = b.with_kx_groups(&[&rustls::kx_group::X25519]); + let b = b.with_kx_groups(&[rustls::kx_group::X25519]); assert_eq!("ConfigBuilder, _> { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519] } }", format!("{:?}", b)); let b = b .with_protocol_versions(&[&rustls::version::TLS13]) @@ -4016,9 +4016,9 @@ fn test_client_does_not_offer_sha1() { #[test] fn test_client_config_keyshare() { let client_config = - make_client_config_with_kx_groups(KeyType::Rsa, &[&rustls::kx_group::SECP384R1]); + make_client_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::SECP384R1]); let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[&rustls::kx_group::SECP384R1]); + make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::SECP384R1]); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); do_handshake_until_error(&mut client, &mut server).unwrap(); } @@ -4026,9 +4026,9 @@ fn test_client_config_keyshare() { #[test] fn test_client_config_keyshare_mismatch() { let client_config = - make_client_config_with_kx_groups(KeyType::Rsa, &[&rustls::kx_group::SECP384R1]); + make_client_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::SECP384R1]); let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[&rustls::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::X25519]); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); assert!(do_handshake_until_error(&mut client, &mut server).is_err()); } @@ -4039,7 +4039,7 @@ fn test_client_sends_helloretryrequest() { // client sends a secp384r1 key share let mut client_config = make_client_config_with_kx_groups( KeyType::Rsa, - &[&rustls::kx_group::SECP384R1, &rustls::kx_group::X25519], + &[rustls::kx_group::SECP384R1, rustls::kx_group::X25519], ); let storage = Arc::new(ClientStorage::new()); @@ -4047,7 +4047,7 @@ fn test_client_sends_helloretryrequest() { // but server only accepts x25519, so a HRR is required let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[&rustls::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::X25519]); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); @@ -4167,11 +4167,11 @@ fn test_client_rejects_hrr_with_varied_session_id() { // client prefers a secp384r1 key share, server only accepts x25519 let client_config = make_client_config_with_kx_groups( KeyType::Rsa, - &[&rustls::kx_group::SECP384R1, &rustls::kx_group::X25519], + &[rustls::kx_group::SECP384R1, rustls::kx_group::X25519], ); let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[&rustls::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::X25519]); let (client, server) = make_pair_for_configs(client_config, server_config); let (mut client, mut server) = (client.into(), server.into()); @@ -4203,13 +4203,13 @@ fn test_client_attempts_to_use_unsupported_kx_group() { // first, client sends a x25519 and server agrees. x25519 is inserted // into kx group cache. let mut client_config_1 = - make_client_config_with_kx_groups(KeyType::Rsa, &[&rustls::kx_group::X25519]); + make_client_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::X25519]); client_config_1.resumption = Resumption::store(shared_storage.clone()); // second, client only supports secp-384 and so kx group cache // contains an unusable value. let mut client_config_2 = - make_client_config_with_kx_groups(KeyType::Rsa, &[&rustls::kx_group::SECP384R1]); + make_client_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::SECP384R1]); client_config_2.resumption = Resumption::store(shared_storage.clone()); let server_config = make_server_config(KeyType::Rsa); diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 9f51ae8cdc..a1c9116b28 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -245,7 +245,7 @@ impl KeyType { pub fn finish_server_config( kt: KeyType, - conf: rustls::ConfigBuilder, rustls::WantsVerifier>, + conf: rustls::ConfigBuilder, rustls::WantsVerifier>, ) -> ServerConfig { conf.with_no_client_auth() .with_single_cert(kt.get_chain(), kt.get_key()) @@ -272,7 +272,7 @@ pub fn make_server_config_with_versions( pub fn make_server_config_with_kx_groups( kt: KeyType, - kx_groups: &[&'static rustls::SupportedKxGroup], + kx_groups: &[&'static dyn rustls::SupportedKxGroup], ) -> ServerConfig { finish_server_config( kt, @@ -338,7 +338,7 @@ pub fn make_server_config_with_optional_client_auth( pub fn finish_client_config( kt: KeyType, - config: rustls::ConfigBuilder, rustls::WantsVerifier>, + config: rustls::ConfigBuilder, rustls::WantsVerifier>, ) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); @@ -353,7 +353,7 @@ pub fn finish_client_config( pub fn finish_client_config_with_creds( kt: KeyType, - config: rustls::ConfigBuilder, rustls::WantsVerifier>, + config: rustls::ConfigBuilder, rustls::WantsVerifier>, ) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); @@ -374,7 +374,7 @@ pub fn make_client_config(kt: KeyType) -> ClientConfig { pub fn make_client_config_with_kx_groups( kt: KeyType, - kx_groups: &[&'static rustls::SupportedKxGroup], + kx_groups: &[&'static dyn rustls::SupportedKxGroup], ) -> ClientConfig { let builder = ClientConfig::builder() .with_safe_default_cipher_suites() From d4a7985c99ec7210acdc4f7b47342f565f37c1ff Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 19 Sep 2023 11:21:09 +0100 Subject: [PATCH 0186/1145] Use `SharedSecret` for into_handshake key_schedule transition --- rustls/src/client/tls13.rs | 2 +- rustls/src/server/tls13.rs | 2 +- rustls/src/tls13/key_schedule.rs | 7 ++++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index a5ec17eaa8..0d123670d9 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -151,7 +151,7 @@ pub(super) fn handle_server_hello( }; let shared_secret = our_key_share.complete(&their_key_share.payload.0)?; - let key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret.secret_bytes()); + let key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret); // Remember what KX group the server liked for next time. config diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 1400cebe85..e03984b7b7 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -543,7 +543,7 @@ mod client_hello { // Do key exchange let shared_secret = kx.complete(&share.payload.0)?; - let key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret.secret_bytes()); + let key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret); let handshake_hash = transcript.get_current_hash(); let key_schedule = key_schedule.derive_server_handshake_secrets( diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index a111d29bae..10ff950c16 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -1,6 +1,6 @@ use crate::common_state::{CommonState, Side}; use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter}; -use crate::crypto::{hash, hmac}; +use crate::crypto::{hash, hmac, SharedSecret}; use crate::error::Error; use crate::hkdf; #[cfg(feature = "quic")] @@ -141,8 +141,9 @@ impl KeySchedulePreHandshake { } } - pub(crate) fn into_handshake(mut self, secret: &[u8]) -> KeyScheduleHandshakeStart { - self.ks.input_secret(secret); + pub(crate) fn into_handshake(mut self, secret: SharedSecret) -> KeyScheduleHandshakeStart { + self.ks + .input_secret(secret.secret_bytes()); KeyScheduleHandshakeStart { ks: self.ks } } } From 6cb43a65df20a7c8201bdb570471bca2dc95b3f1 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 18 Sep 2023 13:45:04 +0100 Subject: [PATCH 0187/1145] Extract lookup of named SupportedKxGroup into function --- rustls/src/client/client_conn.rs | 7 +++++++ rustls/src/client/hs.rs | 6 +----- rustls/src/client/tls12.rs | 7 +------ rustls/src/client/tls13.rs | 11 ++++------- 4 files changed, 13 insertions(+), 18 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 03c91e00cf..e0a0728bfe 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -274,6 +274,13 @@ impl ClientConfig { .copied() .find(|&scs| scs.suite() == suite) } + + pub(super) fn find_kx_group(&self, group: NamedGroup) -> Option<&'static dyn SupportedKxGroup> { + self.kx_groups + .iter() + .copied() + .find(|skxg| skxg.name() == group) + } } /// Configuration for how/when a client is allowed to resume a previous session. diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 90e17bdbac..e9f4dcac88 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -813,11 +813,7 @@ impl ExpectServerHelloOrHelloRetryRequest { let key_share = match req_group { Some(group) if group != offered_key_share.group() => { - let skxg = match config - .kx_groups - .iter() - .find(|skxg| skxg.name() == group) - { + let skxg = match config.find_kx_group(group) { Some(skxg) => skxg, None => { return Err(cx.common.send_fatal_alert( diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 002d4d959a..f211aaa4f4 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -765,12 +765,7 @@ impl State for ExpectServerDone { let ecdh_params = tls12::decode_ecdh_params::(cx.common, &st.server_kx.kx_params)?; let named_group = ecdh_params.curve_params.named_group; - let skxg = match st - .config - .kx_groups - .iter() - .find(|skxg| skxg.name() == named_group) - { + let skxg = match st.config.find_kx_group(named_group) { Some(skxg) => skxg, None => { return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into()); diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 0d123670d9..a2b42e2b15 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -211,16 +211,13 @@ pub(super) fn initial_key_share( .resumption .store .kx_hint(server_name) - .and_then(|hint_group| { - config - .kx_groups - .iter() - .find(|kx_group| kx_group.name() == hint_group) - }) + .and_then(|group_name| config.find_kx_group(group_name)) .unwrap_or_else(|| { config .kx_groups - .first() + .iter() + .copied() + .next() .expect("No kx groups configured") }); From 048ff107405b326f237b89b93a743e5e7fef662d Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 8 Sep 2023 15:51:24 +0100 Subject: [PATCH 0188/1145] Use dynamic dispatch for `CryptoProvider` Instead of the type `rustls::crypto::ring::Ring`, the value `rustls::crypto::ring::RING` implements this, and is more entertaining to write. `ServerConfig::builder()` references this by default, and is equivalent to `ServerConfig::builder_with_provider(crypto::ring::RING)`. --- ci-bench/src/main.rs | 9 ++- examples/src/bin/limitedclient.rs | 4 +- examples/src/bin/server_acceptor.rs | 10 +-- examples/src/bin/simple_0rtt_client.rs | 6 +- examples/src/bin/simpleclient.rs | 3 +- examples/src/bin/tlsclient-mio.rs | 10 ++- examples/src/bin/tlsserver-mio.rs | 7 +- fuzz/fuzzers/client.rs | 3 +- fuzz/fuzzers/server.rs | 3 +- provider-example/examples/client.rs | 6 +- provider-example/src/lib.rs | 29 +++++---- rustls/examples/internal/bench.rs | 5 +- rustls/examples/internal/bogo_shim.rs | 10 ++- rustls/src/builder.rs | 78 +++++++++++----------- rustls/src/client/builder.rs | 22 ++++--- rustls/src/client/client_conn.rs | 49 ++++++++------ rustls/src/client/hs.rs | 44 ++++++------- rustls/src/client/tls12.rs | 70 ++++++++++---------- rustls/src/client/tls13.rs | 48 +++++++------- rustls/src/crypto/mod.rs | 8 +-- rustls/src/crypto/ring/mod.rs | 17 +++-- rustls/src/lib.rs | 6 +- rustls/src/msgs/handshake.rs | 8 +-- rustls/src/quic.rs | 9 ++- rustls/src/rand.rs | 11 ++-- rustls/src/server/builder.rs | 18 +++--- rustls/src/server/hs.rs | 22 +++---- rustls/src/server/server_conn.rs | 48 ++++++++------ rustls/src/server/tls12.rs | 48 +++++++------- rustls/src/server/tls13.rs | 67 ++++++++++--------- rustls/tests/api.rs | 90 ++++++++++++-------------- rustls/tests/client_cert_verifier.rs | 3 +- rustls/tests/common/mod.rs | 54 ++++++++-------- 33 files changed, 412 insertions(+), 413 deletions(-) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 5b0e8dad2a..f75b7a6a4e 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -14,7 +14,6 @@ use itertools::Itertools; use rayon::iter::Either; use rayon::prelude::*; use rustls::client::Resumption; -use rustls::crypto::ring::Ring; use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; use rustls::{ ClientConfig, ClientConnection, ProtocolVersion, RootCertStore, ServerConfig, ServerConnection, @@ -345,11 +344,11 @@ struct StepperIO<'a> { struct ClientSideStepper<'a> { io: StepperIO<'a>, resumption_kind: ResumptionKind, - config: Arc>, + config: Arc, } impl ClientSideStepper<'_> { - fn make_config(params: &BenchmarkParams, resume: ResumptionKind) -> Arc> { + fn make_config(params: &BenchmarkParams, resume: ResumptionKind) -> Arc { assert_eq!(params.ciphersuite.version(), params.version); let mut root_store = RootCertStore::empty(); let mut rootbuf = @@ -422,11 +421,11 @@ impl BenchStepper for ClientSideStepper<'_> { /// A benchmark stepper for the server-side of the connection struct ServerSideStepper<'a> { io: StepperIO<'a>, - config: Arc>, + config: Arc, } impl ServerSideStepper<'_> { - fn make_config(params: &BenchmarkParams, resume: ResumptionKind) -> Arc> { + fn make_config(params: &BenchmarkParams, resume: ResumptionKind) -> Arc { assert_eq!(params.ciphersuite.version(), params.version); let mut cfg = ServerConfig::builder() diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index 99bc2f26de..e7264e2dcc 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -6,8 +6,6 @@ use std::io::{stdout, Read, Write}; use std::net::TcpStream; use std::sync::Arc; -use rustls::crypto::ring::Ring; - fn main() { let mut root_store = rustls::RootCertStore::empty(); root_store.extend( @@ -16,7 +14,7 @@ fn main() { .cloned(), ); - let config = rustls::ClientConfig::::builder() + let config = rustls::ClientConfig::builder() .with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]) .with_kx_groups(&[rustls::kx_group::X25519]) .with_protocol_versions(&[&rustls::version::TLS13]) diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index 4d3103d9a6..d6b1db74e7 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -16,7 +16,6 @@ use docopt::Docopt; use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, PrivatePkcs8KeyDer}; use serde_derive::Deserialize; -use rustls::crypto::CryptoProvider; use rustls::server::{Acceptor, ClientHello, ServerConfig, WebPkiClientVerifier}; use rustls::RootCertStore; @@ -123,8 +122,7 @@ fn main() { // Generate a server config for the accepted connection, optionally customizing the // configuration based on the client hello. - let config = test_pki - .server_config::(&crl_path, accepted.client_hello()); + let config = test_pki.server_config(&crl_path, accepted.client_hello()); let mut conn = accepted .into_connection(config) .unwrap(); @@ -210,11 +208,7 @@ impl TestPki { /// /// Since the presented client certificate is not available in the `ClientHello` the server /// must know ahead of time which CRLs it cares about. - fn server_config( - &self, - crl_path: &str, - _hello: ClientHello, - ) -> Arc> { + fn server_config(&self, crl_path: &str, _hello: ClientHello) -> Arc { // Read the latest CRL from disk. The CRL is being periodically updated by the crl_updater // thread. let mut crl_file = File::open(crl_path).unwrap(); diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index 581e19df8e..00add57621 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -2,11 +2,9 @@ use std::io::{BufRead, BufReader, Write}; use std::net::TcpStream; use std::sync::Arc; -use rustls::crypto::ring::Ring; -use rustls::crypto::CryptoProvider; use rustls::RootCertStore; -fn start_connection(config: &Arc>, domain_name: &str) { +fn start_connection(config: &Arc, domain_name: &str) { let server_name = domain_name .try_into() .expect("invalid DNS name"); @@ -65,7 +63,7 @@ fn main() { .cloned(), ); - let mut config = rustls::ClientConfig::::builder() + let mut config = rustls::ClientConfig::builder() .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(); diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index 66b4360423..a5dbee6d5d 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -12,7 +12,6 @@ use std::io::{stdout, Read, Write}; use std::net::TcpStream; use std::sync::Arc; -use rustls::crypto::ring::Ring; use rustls::RootCertStore; fn main() { @@ -22,7 +21,7 @@ fn main() { .iter() .cloned(), ); - let mut config = rustls::ClientConfig::::builder() + let mut config = rustls::ClientConfig::builder() .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(); diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index a62b98212d..c92b6166f9 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -8,8 +8,6 @@ use mio::net::TcpStream; use pki_types::{CertificateDer, PrivateKeyDer}; use serde::Deserialize; -use rustls::crypto::ring::Ring; -use rustls::crypto::CryptoProvider; use rustls::RootCertStore; const CLIENT: mio::Token = mio::Token(0); @@ -27,7 +25,7 @@ impl TlsClient { fn new( sock: TcpStream, server_name: rustls::ServerName, - cfg: Arc>, + cfg: Arc, ) -> Self { Self { socket: sock, @@ -356,7 +354,7 @@ mod danger { } #[cfg(feature = "dangerous_configuration")] -fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig) { +fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig) { if args.flag_insecure { cfg.dangerous() .set_certificate_verifier(Arc::new(danger::NoCertificateVerification {})); @@ -364,14 +362,14 @@ fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig) { +fn apply_dangerous_options(args: &Args, _: &mut rustls::ClientConfig) { if args.flag_insecure { panic!("This build does not support --insecure."); } } /// Build a `ClientConfig` from our arguments -fn make_config(args: &Args) -> Arc> { +fn make_config(args: &Args) -> Arc { let mut root_store = RootCertStore::empty(); if args.flag_cafile.is_some() { diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 66b60c0212..7fc70b8109 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -9,7 +9,6 @@ use mio::net::{TcpListener, TcpStream}; use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use serde::Deserialize; -use rustls::crypto::ring::Ring; use rustls::server::WebPkiClientVerifier; use rustls::{self, RootCertStore}; @@ -36,12 +35,12 @@ struct TlsServer { server: TcpListener, connections: HashMap, next_id: usize, - tls_config: Arc>, + tls_config: Arc, mode: ServerMode, } impl TlsServer { - fn new(server: TcpListener, mode: ServerMode, cfg: Arc>) -> Self { + fn new(server: TcpListener, mode: ServerMode, cfg: Arc) -> Self { Self { server, connections: HashMap::new(), @@ -557,7 +556,7 @@ fn load_crls(filenames: &[String]) -> Vec> .collect() } -fn make_config(args: &Args) -> Arc> { +fn make_config(args: &Args) -> Arc { let client_auth = if args.flag_auth.is_some() { let roots = load_certs(args.flag_auth.as_ref().unwrap()); let mut client_auth_roots = RootCertStore::empty(); diff --git a/fuzz/fuzzers/client.rs b/fuzz/fuzzers/client.rs index 1f7910cbb4..42c931d6e4 100644 --- a/fuzz/fuzzers/client.rs +++ b/fuzz/fuzzers/client.rs @@ -4,7 +4,6 @@ extern crate libfuzzer_sys; extern crate rustls; extern crate webpki; -use rustls::crypto::ring::Ring; use rustls::{ClientConfig, ClientConnection, RootCertStore}; use std::io; use std::sync::Arc; @@ -12,7 +11,7 @@ use std::sync::Arc; fuzz_target!(|data: &[u8]| { let root_store = RootCertStore::empty(); let config = Arc::new( - ClientConfig::::builder() + ClientConfig::builder() .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(), diff --git a/fuzz/fuzzers/server.rs b/fuzz/fuzzers/server.rs index d712353135..0fe7c1c9ef 100644 --- a/fuzz/fuzzers/server.rs +++ b/fuzz/fuzzers/server.rs @@ -3,7 +3,6 @@ extern crate libfuzzer_sys; extern crate rustls; -use rustls::crypto::ring::Ring; use rustls::server::ResolvesServerCert; use rustls::{ServerConfig, ServerConnection}; @@ -23,7 +22,7 @@ impl ResolvesServerCert for Fail { fuzz_target!(|data: &[u8]| { let config = Arc::new( - ServerConfig::::builder() + ServerConfig::builder() .with_safe_defaults() .with_no_client_auth() .with_cert_resolver(Arc::new(Fail)), diff --git a/provider-example/examples/client.rs b/provider-example/examples/client.rs index f9c1547e78..c1074e5968 100644 --- a/provider-example/examples/client.rs +++ b/provider-example/examples/client.rs @@ -2,7 +2,7 @@ use std::io::{stdout, Read, Write}; use std::net::TcpStream; use std::sync::Arc; -use rustls_provider_example::Provider; +use rustls_provider_example::{certificate_verifier, PROVIDER}; fn main() { env_logger::init(); @@ -14,9 +14,9 @@ fn main() { .cloned(), ); - let config = rustls::ClientConfig::::builder() + let config = rustls::ClientConfig::builder_with_provider(PROVIDER) .with_safe_defaults() - .with_custom_certificate_verifier(Provider::certificate_verifier(root_store)) + .with_custom_certificate_verifier(certificate_verifier(root_store)) .with_no_client_auth(); let server_name = "www.rust-lang.org".try_into().unwrap(); diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index e500a85ab8..efd33f2e39 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -6,32 +6,24 @@ mod hmac; mod kx; mod verify; -pub struct Provider; +pub static PROVIDER: &'static dyn rustls::crypto::CryptoProvider = &Provider; -impl Provider { - pub fn certificate_verifier( - roots: rustls::RootCertStore, - ) -> Arc { - Arc::new(rustls::client::WebPkiServerVerifier::new_with_algorithms( - roots, - verify::ALGORITHMS, - )) - } -} +#[derive(Debug)] +struct Provider; impl rustls::crypto::CryptoProvider for Provider { - fn fill_random(bytes: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { + fn fill_random(&self, bytes: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { use rand_core::RngCore; rand_core::OsRng .try_fill_bytes(bytes) .map_err(|_| rustls::crypto::GetRandomFailed) } - fn default_cipher_suites() -> &'static [rustls::SupportedCipherSuite] { + fn default_cipher_suites(&self) -> &'static [rustls::SupportedCipherSuite] { ALL_CIPHER_SUITES } - fn default_kx_groups() -> &'static [&'static dyn rustls::SupportedKxGroup] { + fn default_kx_groups(&self) -> &'static [&'static dyn rustls::SupportedKxGroup] { kx::ALL_KX_GROUPS } } @@ -65,3 +57,12 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherS hmac_provider: &hmac::Sha256Hmac, aead_alg: &aead::Chacha20Poly1305, }); + +pub fn certificate_verifier( + roots: rustls::RootCertStore, +) -> Arc { + Arc::new(rustls::client::WebPkiServerVerifier::new_with_algorithms( + roots, + verify::ALGORITHMS, + )) +} diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index fc34dfda12..605333e3a8 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -14,7 +14,6 @@ use std::time::{Duration, Instant}; use pki_types::{CertificateDer, PrivateKeyDer}; use rustls::client::Resumption; -use rustls::crypto::ring::Ring; use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; use rustls::RootCertStore; use rustls::Ticketer; @@ -293,7 +292,7 @@ fn make_server_config( client_auth: ClientAuth, resume: ResumptionParam, max_fragment_size: Option, -) -> ServerConfig { +) -> ServerConfig { let client_auth = match client_auth { ClientAuth::Yes => { let roots = params.key_type.get_chain(); @@ -333,7 +332,7 @@ fn make_client_config( params: &BenchmarkParam, clientauth: ClientAuth, resume: ResumptionParam, -) -> ClientConfig { +) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(fs::File::open(params.key_type.path_for("ca.cert")).unwrap()); diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 636323e49b..5269695d3e 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -7,8 +7,6 @@ use rustls::client::{ ClientConfig, ClientConnection, HandshakeSignatureValid, Resumption, WebPkiServerVerifier, }; -use rustls::crypto::ring::Ring; -use rustls::crypto::CryptoProvider; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist; use rustls::server::{ClientHello, ServerConfig, ServerConnection}; @@ -427,7 +425,7 @@ impl server::StoresServerSessions for ServerCacheWithResumptionDelay { } } -fn make_server_cfg(opts: &Options) -> Arc> { +fn make_server_cfg(opts: &Options) -> Arc { let client_auth = if opts.verify_peer || opts.offer_no_client_cas || opts.require_any_client_cert { Arc::new(DummyClientAuth { @@ -555,7 +553,7 @@ impl client::ClientSessionStore for ClientCacheWithoutKxHints { } } -fn make_client_cfg(opts: &Options) -> Arc> { +fn make_client_cfg(opts: &Options) -> Arc { let kx_groups = if let Some(curves) = &opts.curves { curves .iter() @@ -1237,8 +1235,8 @@ fn main() { fn make_session( opts: &Options, - scfg: &Option>>, - ccfg: &Option>>, + scfg: &Option>, + ccfg: &Option>, ) -> Connection { assert!(opts.quic_transport_params.is_empty()); assert!(opts diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 75b54b9d40..7f09130dce 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -24,14 +24,13 @@ use core::marker::PhantomData; /// /// ``` /// # #[cfg(feature = "ring")] { -/// use rustls::{ClientConfig, ServerConfig, crypto::ring::Ring}; -/// // specifies the cryptographic provider to use. -/// ClientConfig::::builder() +/// use rustls::{ClientConfig, ServerConfig}; +/// ClientConfig::builder() /// .with_safe_defaults() /// // ... /// # ; /// -/// ServerConfig::::builder() +/// ServerConfig::builder() /// .with_safe_defaults() /// // ... /// # ; @@ -45,8 +44,7 @@ use core::marker::PhantomData; /// ```no_run /// # #[cfg(feature = "ring")] { /// # use rustls::ServerConfig; -/// # use rustls::crypto::ring::Ring; -/// ServerConfig::::builder() +/// ServerConfig::builder() /// .with_safe_default_cipher_suites() /// .with_safe_default_kx_groups() /// .with_protocol_versions(&[&rustls::version::TLS13]) @@ -85,9 +83,8 @@ use core::marker::PhantomData; /// ``` /// # #[cfg(feature = "ring")] { /// # use rustls::ClientConfig; -/// # use rustls::crypto::ring::Ring; /// # let root_certs = rustls::RootCertStore::empty(); -/// ClientConfig::::builder() +/// ClientConfig::builder() /// .with_safe_defaults() /// .with_root_certificates(root_certs) /// .with_no_client_auth(); @@ -110,12 +107,11 @@ use core::marker::PhantomData; /// ```no_run /// # #[cfg(feature = "ring")] { /// # use rustls::ServerConfig; -/// # use rustls::crypto::ring::Ring; /// # let certs = vec![]; /// # let private_key = pki_types::PrivateKeyDer::from( /// # pki_types::PrivatePkcs8KeyDer::from(vec![]) /// # ); -/// ServerConfig::::builder() +/// ServerConfig::builder() /// .with_safe_defaults() /// .with_no_client_auth() /// .with_single_cert(certs, private_key) @@ -136,7 +132,7 @@ use core::marker::PhantomData; /// - [`WantsClientCert`] /// - [`WantsServerCert`] /// -/// The other type parameter is `Side`, which is either `ServerConfig` or `ClientConfig` +/// The other type parameter is `Side`, which is either `ServerConfig` or `ClientConfig` /// depending on whether the ConfigBuilder was built with [`ServerConfig::builder()`] or /// [`ClientConfig::builder()`]. /// @@ -169,21 +165,14 @@ pub struct ConfigBuilder { impl fmt::Debug for ConfigBuilder { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { let side_name = core::any::type_name::(); - let (ty, param) = side_name + let (ty, _) = side_name .split_once('<') .unwrap_or((side_name, "")); let (_, name) = ty.rsplit_once("::").unwrap_or(("", ty)); - let (_, param) = param - .rsplit_once("::") - .unwrap_or(("", param)); - f.debug_struct(&format!( - "ConfigBuilder<{}<{}>, _>", - name, - param.trim_end_matches('>') - )) - .field("state", &self.state) - .finish() + f.debug_struct(&format!("ConfigBuilder<{}, _>", name,)) + .field("state", &self.state) + .finish() } } @@ -191,7 +180,7 @@ impl fmt::Debug for ConfigBuilder ConfigBuilder { /// Start side-specific config with defaults for underlying cryptography. @@ -206,9 +195,17 @@ impl ConfigBuilder { pub fn with_safe_defaults(self) -> ConfigBuilder { ConfigBuilder { state: WantsVerifier { - cipher_suites: ::default_cipher_suites() + cipher_suites: self + .state + .0 + .default_cipher_suites() .to_vec(), - kx_groups: ::default_kx_groups().to_vec(), + kx_groups: self + .state + .0 + .default_kx_groups() + .to_vec(), + provider: self.state.0, versions: versions::EnabledVersions::new(versions::DEFAULT_VERSIONS), }, side: self.side, @@ -223,6 +220,7 @@ impl ConfigBuilder { ConfigBuilder { state: WantsKxGroups { cipher_suites: cipher_suites.to_vec(), + provider: self.state.0, }, side: self.side, } @@ -235,7 +233,8 @@ impl ConfigBuilder { /// implement these. But the precise details are controlled by what is implemented by the /// `CryptoProvider`. pub fn with_safe_default_cipher_suites(self) -> ConfigBuilder { - self.with_cipher_suites(::default_cipher_suites()) + let default = self.state.0.default_cipher_suites(); + self.with_cipher_suites(default) } } @@ -245,6 +244,7 @@ impl ConfigBuilder { #[derive(Clone, Debug)] pub struct WantsKxGroups { cipher_suites: Vec, + provider: &'static dyn CryptoProvider, } impl ConfigBuilder { @@ -257,6 +257,7 @@ impl ConfigBuilder { state: WantsVersions { cipher_suites: self.state.cipher_suites, kx_groups: kx_groups.to_vec(), + provider: self.state.provider, }, side: self.side, } @@ -266,7 +267,8 @@ impl ConfigBuilder { /// /// This is a safe default: rustls doesn't implement any poor-quality groups. pub fn with_safe_default_kx_groups(self) -> ConfigBuilder { - self.with_kx_groups(::default_kx_groups()) + let default = self.state.provider.default_kx_groups(); + self.with_kx_groups(default) } } @@ -277,6 +279,7 @@ impl ConfigBuilder { pub struct WantsVersions { cipher_suites: Vec, kx_groups: Vec<&'static dyn SupportedKxGroup>, + provider: &'static dyn CryptoProvider, } impl ConfigBuilder { @@ -312,6 +315,7 @@ impl ConfigBuilder { state: WantsVerifier { cipher_suites: self.state.cipher_suites, kx_groups: self.state.kx_groups, + provider: self.state.provider, versions: versions::EnabledVersions::new(versions), }, side: self.side, @@ -326,6 +330,7 @@ impl ConfigBuilder { pub struct WantsVerifier { pub(crate) cipher_suites: Vec, pub(crate) kx_groups: Vec<&'static dyn SupportedKxGroup>, + pub(crate) provider: &'static dyn CryptoProvider, pub(crate) versions: versions::EnabledVersions, } @@ -333,22 +338,13 @@ pub struct WantsVerifier { /// /// [`ClientConfig`]: crate::ClientConfig /// [`ServerConfig`]: crate::ServerConfig -pub trait ConfigSide: sealed::Sealed { - /// Cryptographic provider. - type CryptoProvider: CryptoProvider; -} +pub trait ConfigSide: sealed::Sealed {} -impl ConfigSide for crate::ClientConfig { - type CryptoProvider = C; -} -impl ConfigSide for crate::ServerConfig { - type CryptoProvider = C; -} +impl ConfigSide for crate::ClientConfig {} +impl ConfigSide for crate::ServerConfig {} mod sealed { - use crate::crypto::CryptoProvider; - pub trait Sealed {} - impl Sealed for crate::ClientConfig {} - impl Sealed for crate::ServerConfig {} + impl Sealed for crate::ClientConfig {} + impl Sealed for crate::ServerConfig {} } diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index d8db857e84..2fd8ed8bf0 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -14,19 +14,21 @@ use super::client_conn::Resumption; use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::sync::Arc; +#[cfg(any(feature = "dangerous_configuration", feature = "ring"))] use core::marker::PhantomData; -impl ConfigBuilder, WantsVerifier> { +impl ConfigBuilder { #[cfg(feature = "ring")] /// Choose how to verify server certificates. pub fn with_root_certificates( self, root_store: impl Into>, - ) -> ConfigBuilder, WantsClientCert> { + ) -> ConfigBuilder { ConfigBuilder { state: WantsClientCert { cipher_suites: self.state.cipher_suites, kx_groups: self.state.kx_groups, + provider: self.state.provider, versions: self.state.versions, verifier: Arc::new(webpki::WebPkiServerVerifier::new(root_store)), }, @@ -39,11 +41,12 @@ impl ConfigBuilder, WantsVerifier> { pub fn with_custom_certificate_verifier( self, verifier: Arc, - ) -> ConfigBuilder, WantsClientCert> { + ) -> ConfigBuilder { ConfigBuilder { state: WantsClientCert { cipher_suites: self.state.cipher_suites, kx_groups: self.state.kx_groups, + provider: self.state.provider, versions: self.state.versions, verifier, }, @@ -60,11 +63,12 @@ impl ConfigBuilder, WantsVerifier> { pub struct WantsClientCert { cipher_suites: Vec, kx_groups: Vec<&'static dyn SupportedKxGroup>, + provider: &'static dyn CryptoProvider, versions: versions::EnabledVersions, verifier: Arc, } -impl ConfigBuilder, WantsClientCert> { +impl ConfigBuilder { #[cfg(feature = "ring")] /// Sets a single certificate chain and matching private key for use /// in client authentication. @@ -77,7 +81,7 @@ impl ConfigBuilder, WantsClientCert> { self, cert_chain: Vec>, key_der: PrivateKeyDer<'static>, - ) -> Result, Error> { + ) -> Result { let resolver = handy::AlwaysResolvesClientCert::new(cert_chain, &key_der)?; Ok(self.with_client_cert_resolver(Arc::new(resolver))) } @@ -95,12 +99,12 @@ impl ConfigBuilder, WantsClientCert> { self, cert_chain: Vec>, key_der: PrivateKeyDer<'static>, - ) -> Result, Error> { + ) -> Result { self.with_client_auth_cert(cert_chain, key_der) } /// Do not support client auth. - pub fn with_no_client_auth(self) -> ClientConfig { + pub fn with_no_client_auth(self) -> ClientConfig { self.with_client_cert_resolver(Arc::new(handy::FailResolveClientCert {})) } @@ -108,10 +112,11 @@ impl ConfigBuilder, WantsClientCert> { pub fn with_client_cert_resolver( self, client_auth_cert_resolver: Arc, - ) -> ClientConfig { + ) -> ClientConfig { ClientConfig { cipher_suites: self.state.cipher_suites, kx_groups: self.state.kx_groups, + provider: self.state.provider, alpn_protocols: Vec::new(), resumption: Resumption::default(), max_fragment_size: None, @@ -123,7 +128,6 @@ impl ConfigBuilder, WantsClientCert> { #[cfg(feature = "secret_extraction")] enable_secret_extraction: false, enable_early_data: false, - provider: PhantomData, } } } diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index e0a0728bfe..264e979877 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -125,7 +125,7 @@ pub trait ResolvesClientCert: Send + Sync { /// * [`ClientConfig::key_log`]: key material is not logged. /// /// [`RootCertStore`]: crate::RootCertStore -pub struct ClientConfig { +pub struct ClientConfig { /// List of ciphersuites, in preference order. pub(super) cipher_suites: Vec, @@ -136,6 +136,9 @@ pub struct ClientConfig { /// and in TLS1.3 a key share for it is sent in the client hello. pub(super) kx_groups: Vec<&'static dyn SupportedKxGroup>, + /// Source of randomness and other crypto. + pub(super) provider: &'static dyn CryptoProvider, + /// Which ALPN protocols we include in our client hello. /// If empty, no ALPN extension is sent. pub alpn_protocols: Vec>, @@ -186,8 +189,6 @@ pub struct ClientConfig { /// /// The default is false. pub enable_early_data: bool, - - pub(crate) provider: PhantomData, } /// What mechanisms to support for resuming a TLS 1.2 session. @@ -206,11 +207,12 @@ pub enum Tls12Resumption { SessionIdOrTickets, } -impl Clone for ClientConfig { +impl Clone for ClientConfig { fn clone(&self) -> Self { Self { cipher_suites: self.cipher_suites.clone(), kx_groups: self.kx_groups.clone(), + provider: self.provider, resumption: self.resumption.clone(), alpn_protocols: self.alpn_protocols.clone(), max_fragment_size: self.max_fragment_size, @@ -222,12 +224,11 @@ impl Clone for ClientConfig { #[cfg(feature = "secret_extraction")] enable_secret_extraction: self.enable_secret_extraction, enable_early_data: self.enable_early_data, - provider: PhantomData, } } } -impl fmt::Debug for ClientConfig { +impl fmt::Debug for ClientConfig { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("ClientConfig") .field("alpn_protocols", &self.alpn_protocols) @@ -239,13 +240,25 @@ impl fmt::Debug for ClientConfig { } } -impl ClientConfig { - /// Create a builder to build up the client configuration. +impl ClientConfig { + #[cfg(feature = "ring")] + /// Create a builder to build up the client configuration with the default + /// [`CryptoProvider`]. /// /// For more information, see the [`ConfigBuilder`] documentation. pub fn builder() -> ConfigBuilder { + Self::builder_with_provider(crate::crypto::ring::RING) + } + + /// Create builder to build up the client configuration with a specific + /// `CryptoProvider`. + /// + /// For more information, see the [`ConfigBuilder`] documentation. + pub fn builder_with_provider( + provider: &'static dyn CryptoProvider, + ) -> ConfigBuilder { ConfigBuilder { - state: WantsCipherSuites(()), + state: WantsCipherSuites(provider), side: PhantomData, } } @@ -264,7 +277,7 @@ impl ClientConfig { /// Access configuration options whose use is dangerous and requires /// extra care. #[cfg(feature = "dangerous_configuration")] - pub fn dangerous(&mut self) -> danger::DangerousClientConfig<'_, C> { + pub fn dangerous(&mut self) -> danger::DangerousClientConfig<'_> { danger::DangerousClientConfig { cfg: self } } @@ -427,7 +440,6 @@ impl TryFrom<&str> for ServerName { /// Container for unsafe APIs #[cfg(feature = "dangerous_configuration")] pub(super) mod danger { - use crate::crypto::CryptoProvider; use alloc::sync::Arc; use super::verify::ServerCertVerifier; @@ -435,12 +447,12 @@ pub(super) mod danger { /// Accessor for dangerous configuration options. #[derive(Debug)] - pub struct DangerousClientConfig<'a, C: CryptoProvider> { + pub struct DangerousClientConfig<'a> { /// The underlying ClientConfig - pub cfg: &'a mut ClientConfig, + pub cfg: &'a mut ClientConfig, } - impl<'a, C: CryptoProvider> DangerousClientConfig<'a, C> { + impl<'a> DangerousClientConfig<'a> { /// Overrides the default `ServerCertVerifier` with something else. pub fn set_certificate_verifier(&mut self, verifier: Arc) { self.cfg.verifier = verifier; @@ -578,10 +590,7 @@ impl ClientConnection { /// Make a new ClientConnection. `config` controls how /// we behave in the TLS protocol, `name` is the /// name of the server we want to talk to. - pub fn new( - config: Arc>, - name: ServerName, - ) -> Result { + pub fn new(config: Arc, name: ServerName) -> Result { Ok(Self { inner: ConnectionCore::for_client(config, name, Vec::new(), Protocol::Tcp)?.into(), }) @@ -681,8 +690,8 @@ impl From for crate::Connection { } impl ConnectionCore { - pub(crate) fn for_client( - config: Arc>, + pub(crate) fn for_client( + config: Arc, name: ServerName, extra_exts: Vec, proto: Protocol, diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index e9f4dcac88..341c8a1ade 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -3,7 +3,7 @@ use crate::bs_debug; use crate::check::inappropriate_handshake_message; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::{ActiveKeyExchange, CryptoProvider}; +use crate::crypto::ActiveKeyExchange; use crate::enums::{AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHashBuffer; @@ -41,7 +41,7 @@ pub(super) type ClientContext<'a> = crate::common_state::Context<'a, ClientConne fn find_session( server_name: &ServerName, - config: &ClientConfig, + config: &ClientConfig, #[cfg(feature = "quic")] cx: &mut ClientContext<'_>, ) -> Option> { #[allow(clippy::let_and_return, clippy::unnecessary_lazy_evaluations)] @@ -87,10 +87,10 @@ fn find_session( found } -pub(super) fn start_handshake( +pub(super) fn start_handshake( server_name: ServerName, extra_exts: Vec, - config: Arc>, + config: Arc, cx: &mut ClientContext<'_>, ) -> NextStateOrError { let mut transcript_buffer = HandshakeHashBuffer::new(); @@ -123,7 +123,7 @@ pub(super) fn start_handshake( // we're doing an abbreviated handshake. See section 3.4 in // RFC5077. if !inner.ticket().is_empty() { - inner.session_id = SessionId::random::()?; + inner.session_id = SessionId::random(config.provider)?; } session_id = Some(inner.session_id); } @@ -139,12 +139,12 @@ pub(super) fn start_handshake( Some(session_id) => session_id, None if cx.common.is_quic() => SessionId::empty(), None if !config.supports_version(ProtocolVersion::TLSv1_3) => SessionId::empty(), - None => SessionId::random::()?, + None => SessionId::random(config.provider)?, }; - let random = Random::new::()?; + let random = Random::new(config.provider)?; - Ok(emit_client_hello_for_retry::( + Ok(emit_client_hello_for_retry( transcript_buffer, None, key_share, @@ -165,21 +165,21 @@ pub(super) fn start_handshake( )) } -struct ExpectServerHello { - input: ClientHelloInput, +struct ExpectServerHello { + input: ClientHelloInput, transcript_buffer: HandshakeHashBuffer, early_key_schedule: Option, offered_key_share: Option>, suite: Option, } -struct ExpectServerHelloOrHelloRetryRequest { - next: ExpectServerHello, +struct ExpectServerHelloOrHelloRetryRequest { + next: ExpectServerHello, extra_exts: Vec, } -struct ClientHelloInput { - config: Arc>, +struct ClientHelloInput { + config: Arc, resuming: Option>, random: Random, #[cfg(feature = "tls12")] @@ -190,13 +190,13 @@ struct ClientHelloInput { server_name: ServerName, } -fn emit_client_hello_for_retry( +fn emit_client_hello_for_retry( mut transcript_buffer: HandshakeHashBuffer, retryreq: Option<&HelloRetryRequest>, key_share: Option>, extra_exts: Vec, suite: Option, - mut input: ClientHelloInput, + mut input: ClientHelloInput, cx: &mut ClientContext<'_>, ) -> NextState { let config = &input.config; @@ -378,7 +378,7 @@ fn prepare_resumption<'a>( exts: &mut Vec, suite: Option, cx: &mut ClientContext<'_>, - config: &ClientConfig, + config: &ClientConfig, ) -> Option> { // Check whether we're resuming with a non-empty ticket. let resuming = match resuming { @@ -432,7 +432,7 @@ fn prepare_resumption<'a>( pub(super) fn process_alpn_protocol( common: &mut CommonState, - config: &ClientConfig, + config: &ClientConfig, proto: Option<&[u8]>, ) -> Result<(), Error> { common.alpn_protocol = proto.map(ToOwned::to_owned); @@ -475,7 +475,7 @@ pub(super) fn process_alpn_protocol( Ok(()) } -impl State for ExpectServerHello { +impl State for ExpectServerHello { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> NextStateOrError { let server_hello = require_handshake_msg!(m, HandshakeType::ServerHello, HandshakePayload::ServerHello)?; @@ -668,7 +668,7 @@ impl State for ExpectServerHello { } } -impl ExpectServerHelloOrHelloRetryRequest { +impl ExpectServerHelloOrHelloRetryRequest { fn into_expect_server_hello(self) -> NextState { Box::new(self.next) } @@ -829,7 +829,7 @@ impl ExpectServerHelloOrHelloRetryRequest { _ => offered_key_share, }; - Ok(emit_client_hello_for_retry::( + Ok(emit_client_hello_for_retry( transcript_buffer, Some(hrr), Some(key_share), @@ -841,7 +841,7 @@ impl ExpectServerHelloOrHelloRetryRequest { } } -impl State for ExpectServerHelloOrHelloRetryRequest { +impl State for ExpectServerHelloOrHelloRetryRequest { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> NextStateOrError { match m.payload { MessagePayload::Handshake { diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index f211aaa4f4..9ce01f6533 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -1,7 +1,6 @@ use crate::check::{inappropriate_handshake_message, inappropriate_message}; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::CryptoProvider; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; @@ -38,15 +37,14 @@ use alloc::sync::Arc; pub(super) use server_hello::CompleteServerHelloHandling; mod server_hello { - use crate::crypto::CryptoProvider; use crate::msgs::enums::ExtensionType; use crate::msgs::handshake::HasServerExtensions; use crate::msgs::handshake::ServerHelloPayload; use super::*; - pub(in crate::client) struct CompleteServerHelloHandling { - pub(in crate::client) config: Arc>, + pub(in crate::client) struct CompleteServerHelloHandling { + pub(in crate::client) config: Arc, pub(in crate::client) resuming_session: Option, pub(in crate::client) server_name: ServerName, pub(in crate::client) randoms: ConnectionRandoms, @@ -54,7 +52,7 @@ mod server_hello { pub(in crate::client) transcript: HandshakeHash, } - impl CompleteServerHelloHandling { + impl CompleteServerHelloHandling { pub(in crate::client) fn handle_server_hello( mut self, cx: &mut ClientContext, @@ -180,8 +178,8 @@ mod server_hello { } } -struct ExpectCertificate { - config: Arc>, +struct ExpectCertificate { + config: Arc, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -193,7 +191,7 @@ struct ExpectCertificate { must_issue_new_ticket: bool, } -impl State for ExpectCertificate { +impl State for ExpectCertificate { fn handle( mut self: Box, _cx: &mut ClientContext<'_>, @@ -238,8 +236,8 @@ impl State for ExpectCertificate { } } -struct ExpectCertificateStatusOrServerKx { - config: Arc>, +struct ExpectCertificateStatusOrServerKx { + config: Arc, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -251,7 +249,7 @@ struct ExpectCertificateStatusOrServerKx { must_issue_new_ticket: bool, } -impl State for ExpectCertificateStatusOrServerKx { +impl State for ExpectCertificateStatusOrServerKx { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { match m.payload { MessagePayload::Handshake { @@ -306,8 +304,8 @@ impl State for ExpectCertificateStatusO } } -struct ExpectCertificateStatus { - config: Arc>, +struct ExpectCertificateStatus { + config: Arc, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -319,7 +317,7 @@ struct ExpectCertificateStatus { must_issue_new_ticket: bool, } -impl State for ExpectCertificateStatus { +impl State for ExpectCertificateStatus { fn handle( mut self: Box, _cx: &mut ClientContext<'_>, @@ -355,8 +353,8 @@ impl State for ExpectCertificateStatus< } } -struct ExpectServerKx { - config: Arc>, +struct ExpectServerKx { + config: Arc, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -368,7 +366,7 @@ struct ExpectServerKx { must_issue_new_ticket: bool, } -impl State for ExpectServerKx { +impl State for ExpectServerKx { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let opaque_kx = require_handshake_msg!( m, @@ -520,8 +518,8 @@ impl ServerKxDetails { // --- Either a CertificateRequest, or a ServerHelloDone. --- // Existence of the CertificateRequest tells us the server is asking for // client auth. Otherwise we go straight to ServerHelloDone. -struct ExpectServerDoneOrCertReq { - config: Arc>, +struct ExpectServerDoneOrCertReq { + config: Arc, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -534,7 +532,7 @@ struct ExpectServerDoneOrCertReq { must_issue_new_ticket: bool, } -impl State for ExpectServerDoneOrCertReq { +impl State for ExpectServerDoneOrCertReq { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { if matches!( m.payload, @@ -582,8 +580,8 @@ impl State for ExpectServerDoneOrCertRe } } -struct ExpectCertificateRequest { - config: Arc>, +struct ExpectCertificateRequest { + config: Arc, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -596,7 +594,7 @@ struct ExpectCertificateRequest { must_issue_new_ticket: bool, } -impl State for ExpectCertificateRequest { +impl State for ExpectCertificateRequest { fn handle( mut self: Box, _cx: &mut ClientContext<'_>, @@ -643,8 +641,8 @@ impl State for ExpectCertificateRequest } } -struct ExpectServerDone { - config: Arc>, +struct ExpectServerDone { + config: Arc, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -658,7 +656,7 @@ struct ExpectServerDone { must_issue_new_ticket: bool, } -impl State for ExpectServerDone { +impl State for ExpectServerDone { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { match m.payload { MessagePayload::Handshake { @@ -845,8 +843,8 @@ impl State for ExpectServerDone { } } -struct ExpectNewTicket { - config: Arc>, +struct ExpectNewTicket { + config: Arc, secrets: ConnectionSecrets, resuming_session: Option, session_id: SessionId, @@ -858,7 +856,7 @@ struct ExpectNewTicket { sig_verified: verify::HandshakeSignatureValid, } -impl State for ExpectNewTicket { +impl State for ExpectNewTicket { fn handle( mut self: Box, _cx: &mut ClientContext<'_>, @@ -889,8 +887,8 @@ impl State for ExpectNewTicket { } // -- Waiting for their CCS -- -struct ExpectCcs { - config: Arc>, +struct ExpectCcs { + config: Arc, secrets: ConnectionSecrets, resuming_session: Option, session_id: SessionId, @@ -903,7 +901,7 @@ struct ExpectCcs { sig_verified: verify::HandshakeSignatureValid, } -impl State for ExpectCcs { +impl State for ExpectCcs { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { match m.payload { MessagePayload::ChangeCipherSpec(..) => {} @@ -939,8 +937,8 @@ impl State for ExpectCcs { } } -struct ExpectFinished { - config: Arc>, +struct ExpectFinished { + config: Arc, resuming_session: Option, session_id: SessionId, server_name: ServerName, @@ -953,7 +951,7 @@ struct ExpectFinished { sig_verified: verify::HandshakeSignatureValid, } -impl ExpectFinished { +impl ExpectFinished { // -- Waiting for their finished -- fn save_session(&mut self, cx: &ClientContext<'_>) { // Save a ticket. If we got a new ticket, save that. Otherwise, save the @@ -995,7 +993,7 @@ impl ExpectFinished { } } -impl State for ExpectFinished { +impl State for ExpectFinished { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let mut st = *self; let finished = diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index a2b42e2b15..5526bd5285 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -6,7 +6,7 @@ use crate::common_state::Side; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; use crate::crypto; -use crate::crypto::{ActiveKeyExchange, CryptoProvider}; +use crate::crypto::ActiveKeyExchange; use crate::enums::{ AlertDescription, ContentType, HandshakeType, ProtocolVersion, SignatureScheme, }; @@ -65,8 +65,8 @@ static DISALLOWED_TLS13_EXTS: &[ExtensionType] = &[ ExtensionType::ExtendedMasterSecret, ]; -pub(super) fn handle_server_hello( - config: Arc>, +pub(super) fn handle_server_hello( + config: Arc, cx: &mut ClientContext, server_hello: &ServerHelloPayload, mut resuming_session: Option, @@ -203,8 +203,8 @@ fn validate_server_hello( Ok(()) } -pub(super) fn initial_key_share( - config: &ClientConfig, +pub(super) fn initial_key_share( + config: &ClientConfig, server_name: &ServerName, ) -> Result, Error> { let group = config @@ -255,7 +255,7 @@ pub(super) fn fill_in_psk_binder( } pub(super) fn prepare_resumption( - config: &ClientConfig, + config: &ClientConfig, cx: &mut ClientContext<'_>, resuming_session: &persist::Retrieved<&persist::Tls13ClientSessionValue>, exts: &mut Vec, @@ -368,8 +368,8 @@ fn validate_encrypted_extensions( Ok(()) } -struct ExpectEncryptedExtensions { - config: Arc>, +struct ExpectEncryptedExtensions { + config: Arc, resuming_session: Option, server_name: ServerName, randoms: ConnectionRandoms, @@ -379,7 +379,7 @@ struct ExpectEncryptedExtensions { hello: ClientHelloDetails, } -impl State for ExpectEncryptedExtensions { +impl State for ExpectEncryptedExtensions { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let exts = require_handshake_msg!( m, @@ -461,8 +461,8 @@ impl State for ExpectEncryptedExtension } } -struct ExpectCertificateOrCertReq { - config: Arc>, +struct ExpectCertificateOrCertReq { + config: Arc, server_name: ServerName, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -470,7 +470,7 @@ struct ExpectCertificateOrCertReq { key_schedule: KeyScheduleHandshake, } -impl State for ExpectCertificateOrCertReq { +impl State for ExpectCertificateOrCertReq { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { match m.payload { MessagePayload::Handshake { @@ -521,8 +521,8 @@ impl State for ExpectCertificateOrCertR // TLS1.3 version of CertificateRequest handling. We then move to expecting the server // Certificate. Unfortunately the CertificateRequest type changed in an annoying way // in TLS1.3. -struct ExpectCertificateRequest { - config: Arc>, +struct ExpectCertificateRequest { + config: Arc, server_name: ServerName, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -530,7 +530,7 @@ struct ExpectCertificateRequest { key_schedule: KeyScheduleHandshake, } -impl State for ExpectCertificateRequest { +impl State for ExpectCertificateRequest { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let certreq = &require_handshake_msg!( m, @@ -589,8 +589,8 @@ impl State for ExpectCertificateRequest } } -struct ExpectCertificate { - config: Arc>, +struct ExpectCertificate { + config: Arc, server_name: ServerName, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -599,7 +599,7 @@ struct ExpectCertificate { client_auth: Option, } -impl State for ExpectCertificate { +impl State for ExpectCertificate { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let cert_chain = require_handshake_msg!( m, @@ -642,8 +642,8 @@ impl State for ExpectCertificate { } // --- TLS1.3 CertificateVerify --- -struct ExpectCertificateVerify { - config: Arc>, +struct ExpectCertificateVerify { + config: Arc, server_name: ServerName, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -653,7 +653,7 @@ struct ExpectCertificateVerify { client_auth: Option, } -impl State for ExpectCertificateVerify { +impl State for ExpectCertificateVerify { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let cert_verify = require_handshake_msg!( m, @@ -808,8 +808,8 @@ fn emit_end_of_early_data_tls13(transcript: &mut HandshakeHash, common: &mut Com common.send_msg(m, true); } -struct ExpectFinished { - config: Arc>, +struct ExpectFinished { + config: Arc, server_name: ServerName, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -820,7 +820,7 @@ struct ExpectFinished { sig_verified: verify::HandshakeSignatureValid, } -impl State for ExpectFinished { +impl State for ExpectFinished { fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let mut st = *self; let finished = diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index b2c6a0f241..ff2573a4a6 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -24,15 +24,15 @@ pub use crate::rand::GetRandomFailed; pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// Pluggable crypto galore. -pub trait CryptoProvider: Send + Sync + 'static { +pub trait CryptoProvider: Send + Sync + Debug + 'static { /// Fill the given buffer with random bytes. - fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>; + fn fill_random(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed>; /// Provide a safe set of cipher suites that can be used as the defaults. - fn default_cipher_suites() -> &'static [suites::SupportedCipherSuite]; + fn default_cipher_suites(&self) -> &'static [suites::SupportedCipherSuite]; /// Return a safe set of supported key exchange groups to be used as the defaults. - fn default_kx_groups() -> &'static [&'static dyn SupportedKxGroup]; + fn default_kx_groups(&self) -> &'static [&'static dyn SupportedKxGroup]; } /// A supported key exchange group. diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 37c70def4c..9c077d3918 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -23,23 +23,28 @@ pub(crate) mod tls13; /// Using software keys for authentication. pub mod sign; +/// A `CryptoProvider` backed by the [*ring*] crate. +/// +/// [*ring*]: https://github.com/briansmith/ring +pub static RING: &dyn CryptoProvider = &Ring; + /// Default crypto provider. #[derive(Debug)] -pub struct Ring; +struct Ring; impl CryptoProvider for Ring { - fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed> { + fn fill_random(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed> { SystemRandom::new() .fill(buf) .map_err(|_| GetRandomFailed) } - fn default_cipher_suites() -> &'static [SupportedCipherSuite] { + fn default_cipher_suites(&self) -> &'static [SupportedCipherSuite] { DEFAULT_CIPHER_SUITES } /// Return all supported key exchange groups. - fn default_kx_groups() -> &'static [&'static dyn SupportedKxGroup] { + fn default_kx_groups(&self) -> &'static [&'static dyn SupportedKxGroup] { ALL_KX_GROUPS } } @@ -191,7 +196,7 @@ impl Ticketer { fn make_ticket_generator() -> Result, GetRandomFailed> { let mut key = [0u8; 32]; - Ring::fill_random(&mut key)?; + RING.fill_random(&mut key)?; let alg = &aead::CHACHA20_POLY1305; let key = aead::UnboundKey::new(alg, &key).unwrap(); @@ -225,7 +230,7 @@ impl ProducesTickets for AeadTicketer { fn encrypt(&self, message: &[u8]) -> Option> { // Random nonce, because a counter is a privacy leak. let mut nonce_buf = [0u8; 12]; - Ring::fill_random(&mut nonce_buf).ok()?; + RING.fill_random(&mut nonce_buf).ok()?; let nonce = aead::Nonce::assume_unique_for_key(nonce_buf); let aad = ring::aead::Aad::empty(); diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 3db07d4753..40f24ca70f 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -114,7 +114,7 @@ //! ```rust,no_run //! # #[cfg(feature = "ring")] { //! # let root_store: rustls::RootCertStore = panic!(); -//! let config = rustls::ClientConfig::::builder() +//! let config = rustls::ClientConfig::builder() //! .with_safe_defaults() //! .with_root_certificates(root_store) //! .with_no_client_auth(); @@ -135,7 +135,7 @@ //! # .iter() //! # .cloned() //! # ); -//! # let config = rustls::ClientConfig::::builder() +//! # let config = rustls::ClientConfig::builder() //! # .with_safe_defaults() //! # .with_root_certificates(root_store) //! # .with_no_client_auth(); @@ -170,7 +170,7 @@ //! //! ```rust,no_run //! # #[cfg(feature = "ring")] { -//! # let mut client = rustls::ClientConnection::new::(panic!(), panic!()).unwrap(); +//! # let mut client = rustls::ClientConnection::new(panic!(), panic!()).unwrap(); //! # struct Socket { } //! # impl Socket { //! # fn ready_for_write(&self) -> bool { false } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 7fdbddba8f..aec7fba77c 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -88,9 +88,9 @@ impl Codec for Random { } impl Random { - pub fn new() -> Result { + pub fn new(provider: &'static dyn CryptoProvider) -> Result { let mut data = [0u8; 32]; - C::fill_random(&mut data)?; + provider.fill_random(&mut data)?; Ok(Self(data)) } @@ -159,9 +159,9 @@ impl Codec for SessionId { } impl SessionId { - pub fn random() -> Result { + pub fn random(provider: &'static dyn CryptoProvider) -> Result { let mut data = [0u8; 32]; - C::fill_random(&mut data)?; + provider.fill_random(&mut data)?; Ok(Self { data, len: 32 }) } diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 1717429786..416e0ef583 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -2,7 +2,6 @@ use crate::client::{ClientConfig, ClientConnectionData, ServerName}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, SideData}; -use crate::crypto::CryptoProvider; use crate::enums::{AlertDescription, ProtocolVersion}; use crate::error::Error; use crate::hkdf; @@ -136,8 +135,8 @@ impl ClientConnection { /// Make a new QUIC ClientConnection. This differs from `ClientConnection::new()` /// in that it takes an extra argument, `params`, which contains the /// TLS-encoded transport parameters to send. - pub fn new( - config: Arc>, + pub fn new( + config: Arc, quic_version: Version, name: ServerName, params: Vec, @@ -206,8 +205,8 @@ impl ServerConnection { /// Make a new QUIC ServerConnection. This differs from `ServerConnection::new()` /// in that it takes an extra argument, `params`, which contains the /// TLS-encoded transport parameters to send. - pub fn new( - config: Arc>, + pub fn new( + config: Arc, quic_version: Version, params: Vec, ) -> Result { diff --git a/rustls/src/rand.rs b/rustls/src/rand.rs index abffb44f78..d67cada134 100644 --- a/rustls/src/rand.rs +++ b/rustls/src/rand.rs @@ -3,16 +3,19 @@ use crate::crypto::CryptoProvider; /// Make a [`Vec`] of the given size containing random material. -pub(crate) fn random_vec(len: usize) -> Result, GetRandomFailed> { +pub(crate) fn random_vec( + provider: &dyn CryptoProvider, + len: usize, +) -> Result, GetRandomFailed> { let mut v = vec![0; len]; - C::fill_random(&mut v)?; + provider.fill_random(&mut v)?; Ok(v) } /// Return a uniformly random [`u32`]. -pub(crate) fn random_u32() -> Result { +pub(crate) fn random_u32(provider: &dyn CryptoProvider) -> Result { let mut buf = [0u8; 4]; - C::fill_random(&mut buf)?; + provider.fill_random(&mut buf)?; Ok(u32::from_be_bytes(buf)) } diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 394c2caa70..ec2b6d23c7 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -15,16 +15,17 @@ use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::sync::Arc; use core::marker::PhantomData; -impl ConfigBuilder, WantsVerifier> { +impl ConfigBuilder { /// Choose how to verify client certificates. pub fn with_client_cert_verifier( self, client_cert_verifier: Arc, - ) -> ConfigBuilder, WantsServerCert> { + ) -> ConfigBuilder { ConfigBuilder { state: WantsServerCert { cipher_suites: self.state.cipher_suites, kx_groups: self.state.kx_groups, + provider: self.state.provider, versions: self.state.versions, verifier: client_cert_verifier, }, @@ -33,7 +34,7 @@ impl ConfigBuilder, WantsVerifier> { } /// Disable client authentication. - pub fn with_no_client_auth(self) -> ConfigBuilder, WantsServerCert> { + pub fn with_no_client_auth(self) -> ConfigBuilder { self.with_client_cert_verifier(Arc::new(NoClientAuth)) } } @@ -46,11 +47,12 @@ impl ConfigBuilder, WantsVerifier> { pub struct WantsServerCert { cipher_suites: Vec, kx_groups: Vec<&'static dyn SupportedKxGroup>, + provider: &'static dyn CryptoProvider, versions: versions::EnabledVersions, verifier: Arc, } -impl ConfigBuilder, WantsServerCert> { +impl ConfigBuilder { #[cfg(feature = "ring")] /// Sets a single certificate chain and matching private key. This /// certificate and key is used for all subsequent connections, @@ -69,7 +71,7 @@ impl ConfigBuilder, WantsServerCert> { self, cert_chain: Vec>, key_der: PrivateKeyDer<'static>, - ) -> Result, Error> { + ) -> Result { let resolver = handy::AlwaysResolvesChain::new(cert_chain, &key_der)?; Ok(self.with_cert_resolver(Arc::new(resolver))) } @@ -89,16 +91,17 @@ impl ConfigBuilder, WantsServerCert> { cert_chain: Vec>, key_der: PrivateKeyDer<'static>, ocsp: Vec, - ) -> Result, Error> { + ) -> Result { let resolver = handy::AlwaysResolvesChain::new_with_extras(cert_chain, &key_der, ocsp)?; Ok(self.with_cert_resolver(Arc::new(resolver))) } /// Sets a custom [`ResolvesServerCert`]. - pub fn with_cert_resolver(self, cert_resolver: Arc) -> ServerConfig { + pub fn with_cert_resolver(self, cert_resolver: Arc) -> ServerConfig { ServerConfig { cipher_suites: self.state.cipher_suites, kx_groups: self.state.kx_groups, + provider: self.state.provider, verifier: self.state.verifier, cert_resolver, ignore_client_order: false, @@ -113,7 +116,6 @@ impl ConfigBuilder, WantsServerCert> { max_early_data_size: 0, send_half_rtt_data: false, send_tls13_tickets: 4, - provider: PhantomData, } } } diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index bc64a5570d..4d604dabf6 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -1,6 +1,5 @@ use crate::common_state::State; use crate::conn::ConnectionRandoms; -use crate::crypto::CryptoProvider; use crate::dns_name::DnsName; #[cfg(feature = "tls12")] use crate::enums::CipherSuite; @@ -63,9 +62,9 @@ impl ExtensionProcessing { Default::default() } - pub(super) fn process_common( + pub(super) fn process_common( &mut self, - config: &ServerConfig, + config: &ServerConfig, cx: &mut ServerContext<'_>, ocsp_response: &mut Option<&[u8]>, hello: &ClientHelloPayload, @@ -162,9 +161,9 @@ impl ExtensionProcessing { } #[cfg(feature = "tls12")] - pub(super) fn process_tls12( + pub(super) fn process_tls12( &mut self, - config: &ServerConfig, + config: &ServerConfig, hello: &ClientHelloPayload, using_ems: bool, ) { @@ -203,8 +202,8 @@ impl ExtensionProcessing { } } -pub(super) struct ExpectClientHello { - pub(super) config: Arc>, +pub(super) struct ExpectClientHello { + pub(super) config: Arc, pub(super) extra_exts: Vec, pub(super) transcript: HandshakeHashOrBuffer, #[cfg(feature = "tls12")] @@ -215,8 +214,8 @@ pub(super) struct ExpectClientHello { pub(super) send_tickets: usize, } -impl ExpectClientHello { - pub(super) fn new(config: Arc>, extra_exts: Vec) -> Self { +impl ExpectClientHello { + pub(super) fn new(config: Arc, extra_exts: Vec) -> Self { let mut transcript_buffer = HandshakeHashBuffer::new(); if config.verifier.offer_client_auth() { @@ -380,7 +379,8 @@ impl ExpectClientHello { }; // Save their Random. - let randoms = ConnectionRandoms::new(client_hello.random, Random::new::()?); + let randoms = + ConnectionRandoms::new(client_hello.random, Random::new(self.config.provider)?); match suite { SupportedCipherSuite::Tls13(suite) => tls13::CompleteClientHelloHandling { config: self.config, @@ -415,7 +415,7 @@ impl ExpectClientHello { } } -impl State for ExpectClientHello { +impl State for ExpectClientHello { fn handle(self: Box, cx: &mut ServerContext<'_>, m: Message) -> NextStateOrError { let (client_hello, sig_schemes) = process_client_hello(&m, self.done_retry, cx)?; self.with_certified_key(sig_schemes, client_hello, &m, cx) diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index a5623a3e76..cc2ab3b7b5 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -207,7 +207,7 @@ impl<'a> ClientHello<'a> { /// * [`ServerConfig::send_tls13_tickets`]: 4 tickets are sent. /// /// [`RootCertStore`]: crate::RootCertStore -pub struct ServerConfig { +pub struct ServerConfig { /// List of ciphersuites, in preference order. pub(super) cipher_suites: Vec, @@ -217,6 +217,9 @@ pub struct ServerConfig { /// offered to the client in this order. pub(super) kx_groups: Vec<&'static dyn SupportedKxGroup>, + /// Source of randomness and other crypto. + pub(super) provider: &'static dyn CryptoProvider, + /// Ignore the client's ciphersuite order. Instead, /// choose the top ciphersuite in the server list /// which is supported by the client. @@ -311,16 +314,15 @@ pub struct ServerConfig { /// If this is 0, no tickets are sent and clients will not be able to /// do any resumption. pub send_tls13_tickets: usize, - - pub(crate) provider: PhantomData, } // Avoid a `Clone` bound on `C`. -impl Clone for ServerConfig { +impl Clone for ServerConfig { fn clone(&self) -> Self { Self { cipher_suites: self.cipher_suites.clone(), kx_groups: self.kx_groups.clone(), + provider: self.provider, ignore_client_order: self.ignore_client_order, max_fragment_size: self.max_fragment_size, session_storage: Arc::clone(&self.session_storage), @@ -335,12 +337,11 @@ impl Clone for ServerConfig { max_early_data_size: self.max_early_data_size, send_half_rtt_data: self.send_half_rtt_data, send_tls13_tickets: self.send_tls13_tickets, - provider: PhantomData, } } } -impl fmt::Debug for ServerConfig { +impl fmt::Debug for ServerConfig { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("ServerConfig") .field("ignore_client_order", &self.ignore_client_order) @@ -353,13 +354,25 @@ impl fmt::Debug for ServerConfig { } } -impl ServerConfig { - /// Create builder to build up the server configuration. +impl ServerConfig { + #[cfg(feature = "ring")] + /// Create builder to build up the server configuration with the default + /// `CryptoProvider`. /// /// For more information, see the [`ConfigBuilder`] documentation. pub fn builder() -> ConfigBuilder { + Self::builder_with_provider(crate::crypto::ring::RING) + } + + /// Create builder to build up the server configuration with a specific + /// `CryptoProvider`. + /// + /// For more information, see the [`ConfigBuilder`] documentation. + pub fn builder_with_provider( + provider: &'static dyn CryptoProvider, + ) -> ConfigBuilder { ConfigBuilder { - state: WantsCipherSuites(()), + state: WantsCipherSuites(provider), side: PhantomData, } } @@ -413,7 +426,7 @@ pub struct ServerConnection { impl ServerConnection { /// Make a new ServerConnection. `config` controls how /// we behave in the TLS protocol. - pub fn new(config: Arc>) -> Result { + pub fn new(config: Arc) -> Result { let mut common = CommonState::new(Side::Server); common.set_max_fragment_size(config.max_fragment_size)?; #[cfg(feature = "secret_extraction")] @@ -549,9 +562,9 @@ impl From for crate::Connection { /// /// ```no_run /// # #[cfg(feature = "ring")] { -/// # fn choose_server_config( +/// # fn choose_server_config( /// # _: rustls::server::ClientHello, -/// # ) -> std::sync::Arc> { +/// # ) -> std::sync::Arc { /// # unimplemented!(); /// # } /// # #[allow(unused_variables)] @@ -569,7 +582,7 @@ impl From for crate::Connection { /// }; /// /// // For some user-defined choose_server_config: -/// let config = choose_server_config::(accepted.client_hello()); +/// let config = choose_server_config(accepted.client_hello()); /// let conn = accepted /// .into_connection(config) /// .unwrap(); @@ -678,10 +691,7 @@ impl Accepted { /// Takes the state returned from [`Acceptor::accept()`] as well as the [`ServerConfig`] and /// [`sign::CertifiedKey`] that should be used for the session. Returns an error if /// configuration-dependent validation of the received `ClientHello` message fails. - pub fn into_connection( - mut self, - config: Arc>, - ) -> Result { + pub fn into_connection(mut self, config: Arc) -> Result { self.connection .set_max_fragment_size(config.max_fragment_size)?; @@ -787,8 +797,8 @@ impl EarlyDataState { } impl ConnectionCore { - pub(crate) fn for_server( - config: Arc>, + pub(crate) fn for_server( + config: Arc, extra_exts: Vec, ) -> Result { let mut common = CommonState::new(Side::Server); diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index bab23256f1..31b6b57bfb 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -1,7 +1,7 @@ use crate::check::inappropriate_message; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::{ActiveKeyExchange, CryptoProvider}; +use crate::crypto::ActiveKeyExchange; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; @@ -47,8 +47,8 @@ mod client_hello { use super::*; - pub(in crate::server) struct CompleteClientHelloHandling { - pub(in crate::server) config: Arc>, + pub(in crate::server) struct CompleteClientHelloHandling { + pub(in crate::server) config: Arc, pub(in crate::server) transcript: HandshakeHash, pub(in crate::server) session_id: SessionId, pub(in crate::server) suite: &'static Tls12CipherSuite, @@ -58,7 +58,7 @@ mod client_hello { pub(in crate::server) extra_exts: Vec, } - impl CompleteClientHelloHandling { + impl CompleteClientHelloHandling { pub(in crate::server) fn handle_client_hello( mut self, cx: &mut ServerContext<'_>, @@ -201,7 +201,7 @@ mod client_hello { if !self.config.session_storage.can_cache() { self.session_id = SessionId::empty(); } else if self.session_id.is_empty() && !ticket_received { - self.session_id = SessionId::random::()?; + self.session_id = SessionId::random(self.config.provider)?; } self.send_ticket = emit_server_hello( @@ -330,8 +330,8 @@ mod client_hello { } } - fn emit_server_hello( - config: &ServerConfig, + fn emit_server_hello( + config: &ServerConfig, transcript: &mut HandshakeHash, cx: &mut ServerContext<'_>, session_id: SessionId, @@ -442,8 +442,8 @@ mod client_hello { Ok(kx) } - fn emit_certificate_req( - config: &ServerConfig, + fn emit_certificate_req( + config: &ServerConfig, transcript: &mut HandshakeHash, cx: &mut ServerContext<'_>, ) -> Result { @@ -498,8 +498,8 @@ mod client_hello { } // --- Process client's Certificate for client auth --- -struct ExpectCertificate { - config: Arc>, +struct ExpectCertificate { + config: Arc, transcript: HandshakeHash, randoms: ConnectionRandoms, session_id: SessionId, @@ -509,7 +509,7 @@ struct ExpectCertificate { send_ticket: bool, } -impl State for ExpectCertificate { +impl State for ExpectCertificate { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { self.transcript.add_message(&m); let cert_chain = require_handshake_msg_move!( @@ -566,8 +566,8 @@ impl State for ExpectCertificate { } // --- Process client's KeyExchange --- -struct ExpectClientKx { - config: Arc>, +struct ExpectClientKx { + config: Arc, transcript: HandshakeHash, randoms: ConnectionRandoms, session_id: SessionId, @@ -578,7 +578,7 @@ struct ExpectClientKx { send_ticket: bool, } -impl State for ExpectClientKx { +impl State for ExpectClientKx { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { let client_kx = require_handshake_msg!( m, @@ -635,8 +635,8 @@ impl State for ExpectClientKx { } // --- Process client's certificate proof --- -struct ExpectCertificateVerify { - config: Arc>, +struct ExpectCertificateVerify { + config: Arc, secrets: ConnectionSecrets, transcript: HandshakeHash, session_id: SessionId, @@ -645,7 +645,7 @@ struct ExpectCertificateVerify { send_ticket: bool, } -impl State for ExpectCertificateVerify { +impl State for ExpectCertificateVerify { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { let rc = { let sig = require_handshake_msg!( @@ -698,8 +698,8 @@ impl State for ExpectCertificateVerify< } // --- Process client's ChangeCipherSpec --- -struct ExpectCcs { - config: Arc>, +struct ExpectCcs { + config: Arc, secrets: ConnectionSecrets, transcript: HandshakeHash, session_id: SessionId, @@ -708,7 +708,7 @@ struct ExpectCcs { send_ticket: bool, } -impl State for ExpectCcs { +impl State for ExpectCcs { fn handle(self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { match m.payload { MessagePayload::ChangeCipherSpec(..) => {} @@ -831,8 +831,8 @@ fn emit_finished( common.send_msg(f, true); } -struct ExpectFinished { - config: Arc>, +struct ExpectFinished { + config: Arc, secrets: ConnectionSecrets, transcript: HandshakeHash, session_id: SessionId, @@ -841,7 +841,7 @@ struct ExpectFinished { send_ticket: bool, } -impl State for ExpectFinished { +impl State for ExpectFinished { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { let finished = require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?; diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index e03984b7b7..0f69f3d9a7 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -7,7 +7,6 @@ use crate::common_state::Protocol; use crate::common_state::Side; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::CryptoProvider; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; @@ -78,8 +77,8 @@ mod client_hello { Accepted, } - pub(in crate::server) struct CompleteClientHelloHandling { - pub(in crate::server) config: Arc>, + pub(in crate::server) struct CompleteClientHelloHandling { + pub(in crate::server) config: Arc, pub(in crate::server) transcript: HandshakeHash, pub(in crate::server) suite: &'static Tls13CipherSuite, pub(in crate::server) randoms: ConnectionRandoms, @@ -103,7 +102,7 @@ mod client_hello { } } - impl CompleteClientHelloHandling { + impl CompleteClientHelloHandling { fn check_binder( &self, suite: &'static Tls13CipherSuite, @@ -475,7 +474,7 @@ mod client_hello { } } - fn emit_server_hello( + fn emit_server_hello( transcript: &mut HandshakeHash, randoms: &ConnectionRandoms, suite: &'static Tls13CipherSuite, @@ -484,7 +483,7 @@ mod client_hello { share_and_kxgroup: (&KeyShareEntry, &'static dyn SupportedKxGroup), chosen_psk_idx: Option, resuming_psk: Option<&[u8]>, - config: &ServerConfig, + config: &ServerConfig, ) -> Result { let mut extensions = Vec::new(); @@ -604,12 +603,12 @@ mod client_hello { #[allow(unknown_lints)] // The lint allowed below is nightly only for now #[cfg_attr(not(feature = "quic"), allow(clippy::needless_pass_by_ref_mut))] - fn decide_if_early_data_allowed( + fn decide_if_early_data_allowed( cx: &mut ServerContext<'_>, client_hello: &ClientHelloPayload, resumedata: Option<&persist::ServerSessionValue>, suite: &'static Tls13CipherSuite, - config: &ServerConfig, + config: &ServerConfig, ) -> EarlyDataDecision { let early_data_requested = client_hello.early_data_extension_offered(); let rejected_or_disabled = match early_data_requested { @@ -664,7 +663,7 @@ mod client_hello { } } - fn emit_encrypted_extensions( + fn emit_encrypted_extensions( transcript: &mut HandshakeHash, suite: &'static Tls13CipherSuite, cx: &mut ServerContext<'_>, @@ -672,7 +671,7 @@ mod client_hello { hello: &ClientHelloPayload, resumedata: Option<&persist::ServerSessionValue>, extra_exts: Vec, - config: &ServerConfig, + config: &ServerConfig, ) -> Result { let mut ep = hs::ExtensionProcessing::new(); ep.process_common(config, cx, ocsp_response, hello, resumedata, extra_exts)?; @@ -696,10 +695,10 @@ mod client_hello { Ok(early_data) } - fn emit_certificate_req_tls13( + fn emit_certificate_req_tls13( transcript: &mut HandshakeHash, cx: &mut ServerContext<'_>, - config: &ServerConfig, + config: &ServerConfig, ) -> Result { if !config.verifier.offer_client_auth() { return Ok(false); @@ -817,12 +816,12 @@ mod client_hello { Ok(()) } - fn emit_finished_tls13( + fn emit_finished_tls13( transcript: &mut HandshakeHash, randoms: &ConnectionRandoms, cx: &mut ServerContext<'_>, key_schedule: KeyScheduleHandshake, - config: &ServerConfig, + config: &ServerConfig, ) -> KeyScheduleTrafficWithClientFinishedPending { let handshake_hash = transcript.get_current_hash(); let verify_data = key_schedule.sign_server_finish(&handshake_hash); @@ -852,12 +851,12 @@ mod client_hello { } } -struct ExpectAndSkipRejectedEarlyData { +struct ExpectAndSkipRejectedEarlyData { skip_data_left: usize, - next: Box>, + next: Box, } -impl State for ExpectAndSkipRejectedEarlyData { +impl State for ExpectAndSkipRejectedEarlyData { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { /* "The server then ignores early data by skipping all records with an external * content type of "application_data" (indicating that they are encrypted), @@ -874,15 +873,15 @@ impl State for ExpectAndSkipRejectedEar } } -struct ExpectCertificate { - config: Arc>, +struct ExpectCertificate { + config: Arc, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, key_schedule: KeyScheduleTrafficWithClientFinishedPending, send_tickets: usize, } -impl State for ExpectCertificate { +impl State for ExpectCertificate { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { let certp = require_handshake_msg!( m, @@ -945,8 +944,8 @@ impl State for ExpectCertificate { } } -struct ExpectCertificateVerify { - config: Arc>, +struct ExpectCertificateVerify { + config: Arc, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, key_schedule: KeyScheduleTrafficWithClientFinishedPending, @@ -954,7 +953,7 @@ struct ExpectCertificateVerify { send_tickets: usize, } -impl State for ExpectCertificateVerify { +impl State for ExpectCertificateVerify { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { let rc = { let sig = require_handshake_msg!( @@ -995,15 +994,15 @@ impl State for ExpectCertificateVerify< // --- Process (any number of) early ApplicationData messages, // followed by a terminating handshake EndOfEarlyData message --- -struct ExpectEarlyData { - config: Arc>, +struct ExpectEarlyData { + config: Arc, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, key_schedule: KeyScheduleTrafficWithClientFinishedPending, send_tickets: usize, } -impl State for ExpectEarlyData { +impl State for ExpectEarlyData { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { match m.payload { MessagePayload::ApplicationData(payload) => { @@ -1076,24 +1075,24 @@ fn get_server_session_value( ) } -struct ExpectFinished { - config: Arc>, +struct ExpectFinished { + config: Arc, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, key_schedule: KeyScheduleTrafficWithClientFinishedPending, send_tickets: usize, } -impl ExpectFinished { +impl ExpectFinished { fn emit_ticket( transcript: &HandshakeHash, suite: &'static Tls13CipherSuite, cx: &mut ServerContext<'_>, key_schedule: &KeyScheduleTraffic, - config: &ServerConfig, + config: &ServerConfig, ) -> Result<(), Error> { - let nonce = rand::random_vec::(32)?; - let age_add = rand::random_u32::()?; + let nonce = rand::random_vec(config.provider, 32)?; + let age_add = rand::random_u32(config.provider)?; let plain = get_server_session_value( transcript, suite, @@ -1113,7 +1112,7 @@ impl ExpectFinished { }; (ticket, config.ticketer.lifetime()) } else { - let id = rand::random_vec::(32)?; + let id = rand::random_vec(config.provider, 32)?; let stored = config .session_storage .put(id.clone(), plain); @@ -1155,7 +1154,7 @@ impl ExpectFinished { } } -impl State for ExpectFinished { +impl State for ExpectFinished { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { let finished = require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?; diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index b071788e59..db5130f161 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -12,8 +12,6 @@ use std::sync::Mutex; use pki_types::CertificateDer; use rustls::client::{ResolvesClientCert, Resumption}; -use rustls::crypto::ring::Ring; -use rustls::crypto::CryptoProvider; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; @@ -221,7 +219,7 @@ fn check_read_buf_err(reader: &mut dyn io::Read, err_kind: io::ErrorKind) { #[test] fn config_builder_for_client_rejects_empty_kx_groups() { assert_eq!( - ClientConfig::::builder() + ClientConfig::builder() .with_safe_default_cipher_suites() .with_kx_groups(&[]) .with_safe_default_protocol_versions() @@ -233,7 +231,7 @@ fn config_builder_for_client_rejects_empty_kx_groups() { #[test] fn config_builder_for_client_rejects_empty_cipher_suites() { assert_eq!( - ClientConfig::::builder() + ClientConfig::builder() .with_cipher_suites(&[]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -246,7 +244,7 @@ fn config_builder_for_client_rejects_empty_cipher_suites() { #[test] fn config_builder_for_client_rejects_incompatible_cipher_suites() { assert_eq!( - ClientConfig::::builder() + ClientConfig::builder() .with_cipher_suites(&[rustls::cipher_suite::TLS13_AES_256_GCM_SHA384]) .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) @@ -258,7 +256,7 @@ fn config_builder_for_client_rejects_incompatible_cipher_suites() { #[test] fn config_builder_for_server_rejects_empty_kx_groups() { assert_eq!( - ServerConfig::::builder() + ServerConfig::builder() .with_safe_default_cipher_suites() .with_kx_groups(&[]) .with_safe_default_protocol_versions() @@ -270,7 +268,7 @@ fn config_builder_for_server_rejects_empty_kx_groups() { #[test] fn config_builder_for_server_rejects_empty_cipher_suites() { assert_eq!( - ServerConfig::::builder() + ServerConfig::builder() .with_cipher_suites(&[]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -283,7 +281,7 @@ fn config_builder_for_server_rejects_empty_cipher_suites() { #[test] fn config_builder_for_server_rejects_incompatible_cipher_suites() { assert_eq!( - ServerConfig::::builder() + ServerConfig::builder() .with_cipher_suites(&[rustls::cipher_suite::TLS13_AES_256_GCM_SHA384]) .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) @@ -445,34 +443,34 @@ fn server_can_get_client_cert_after_resumption() { #[test] fn test_config_builders_debug() { - let b = ServerConfig::::builder(); + let b = ServerConfig::builder(); assert_eq!( - "ConfigBuilder, _> { state: WantsCipherSuites(()) }", + "ConfigBuilder { state: WantsCipherSuites(Ring) }", format!("{:?}", b) ); let b = b.with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); - assert_eq!("ConfigBuilder, _> { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256] } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], provider: Ring } }", format!("{:?}", b)); let b = b.with_kx_groups(&[rustls::kx_group::X25519]); - assert_eq!("ConfigBuilder, _> { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519] } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring } }", format!("{:?}", b)); let b = b .with_protocol_versions(&[&rustls::version::TLS13]) .unwrap(); let b = b.with_no_client_auth(); - assert_eq!("ConfigBuilder, _> { state: WantsServerCert { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], versions: [TLSv1_3], verifier: dyn ClientCertVerifier } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsServerCert { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring, versions: [TLSv1_3], verifier: dyn ClientCertVerifier } }", format!("{:?}", b)); - let b = ClientConfig::::builder(); + let b = ClientConfig::builder(); assert_eq!( - "ConfigBuilder, _> { state: WantsCipherSuites(()) }", + "ConfigBuilder { state: WantsCipherSuites(Ring) }", format!("{:?}", b) ); let b = b.with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); - assert_eq!("ConfigBuilder, _> { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256] } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], provider: Ring } }", format!("{:?}", b)); let b = b.with_kx_groups(&[rustls::kx_group::X25519]); - assert_eq!("ConfigBuilder, _> { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519] } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring } }", format!("{:?}", b)); let b = b .with_protocol_versions(&[&rustls::version::TLS13]) .unwrap(); - assert_eq!("ConfigBuilder, _> { state: WantsVerifier { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], versions: [TLSv1_3] } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsVerifier { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring, versions: [TLSv1_3] } }", format!("{:?}", b)); } /// Test that the server handles combination of `offer_client_auth()` returning true @@ -489,7 +487,7 @@ fn server_allow_any_anonymous_or_authenticated_client() { .build() .unwrap(); - let server_config = ServerConfig::::builder() + let server_config = ServerConfig::builder() .with_safe_defaults() .with_client_cert_verifier(client_auth) .with_single_cert(kt.get_chain(), kt.get_key()) @@ -897,7 +895,7 @@ fn check_sigalgs_reduced_by_ciphersuite( ) { let client_config = finish_client_config( kt, - ClientConfig::::builder() + ClientConfig::builder() .with_cipher_suites(&[find_suite(suite)]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -1011,8 +1009,8 @@ fn client_checks_server_certificate_with_given_name() { #[test] fn client_checks_server_certificate_with_given_ip_address() { fn check_server_name( - client_config: Arc>, - server_config: Arc>, + client_config: Arc, + server_config: Arc, name: &'static str, ) -> Result<(), ErrorFromPeer> { let mut client = ClientConnection::new(client_config, server_name(name)).unwrap(); @@ -1935,7 +1933,7 @@ fn stream_write_swallows_underlying_io_error_after_plaintext_processed() { assert_eq!(format!("{:?}", rc), "Ok(5)"); } -fn make_disjoint_suite_configs() -> (ClientConfig, ServerConfig) { +fn make_disjoint_suite_configs() -> (ClientConfig, ServerConfig) { let kt = KeyType::Rsa; let server_config = finish_server_config( kt, @@ -2299,10 +2297,7 @@ fn sni_resolver_rejects_bad_certs() { ); } -fn do_exporter_test( - client_config: ClientConfig, - server_config: ServerConfig, -) { +fn do_exporter_test(client_config: ClientConfig, server_config: ServerConfig) { let mut client_secret = [0u8; 64]; let mut server_secret = [0u8; 64]; @@ -2358,8 +2353,8 @@ fn test_tls13_exporter() { } fn do_suite_test( - client_config: ClientConfig, - server_config: ServerConfig, + client_config: ClientConfig, + server_config: ServerConfig, expect_suite: SupportedCipherSuite, expect_version: ProtocolVersion, ) { @@ -2494,7 +2489,7 @@ fn negotiated_ciphersuite_client() { let scs = find_suite(suite); let client_config = finish_client_config( kt, - ClientConfig::::builder() + ClientConfig::builder() .with_cipher_suites(&[scs]) .with_safe_default_kx_groups() .with_protocol_versions(&[version]) @@ -2512,7 +2507,7 @@ fn negotiated_ciphersuite_server() { let scs = find_suite(suite); let server_config = finish_server_config( kt, - ServerConfig::::builder() + ServerConfig::builder() .with_cipher_suites(&[scs]) .with_safe_default_kx_groups() .with_protocol_versions(&[version]) @@ -2767,7 +2762,7 @@ fn vectored_write_for_server_handshake_with_half_rtt_data() { check_read(&mut client.reader(), b"012345678901234567890123456789"); } -fn check_half_rtt_does_not_work(server_config: ServerConfig) { +fn check_half_rtt_does_not_work(server_config: ServerConfig) { let (mut client, mut server) = make_pair_for_configs(make_client_config_with_auth(KeyType::Rsa), server_config); @@ -3199,7 +3194,7 @@ fn early_data_not_available() { assert!(client.early_data().is_none()); } -fn early_data_configs() -> (Arc>, Arc>) { +fn early_data_configs() -> (Arc, Arc) { let kt = KeyType::Rsa; let mut client_config = make_client_config(kt); client_config.enable_early_data = true; @@ -3652,7 +3647,7 @@ mod test_quic { ) .unwrap(); - use ring::rand::SecureRandom; + use rustls::crypto::ring::RING; use rustls::internal::msgs::base::PayloadU16; use rustls::internal::msgs::enums::{Compression, NamedGroup}; use rustls::internal::msgs::handshake::{ @@ -3660,11 +3655,11 @@ mod test_quic { }; use rustls::{CipherSuite, HandshakeType, SignatureScheme}; - let rng = ring::rand::SystemRandom::new(); let mut random = [0; 32]; - rng.fill(&mut random).unwrap(); + RING.fill_random(&mut random).unwrap(); let random = Random::from(random); + let rng = ring::rand::SystemRandom::new(); let kx = ring::agreement::EphemeralPrivateKey::generate(&ring::agreement::X25519, &rng) .unwrap() .compute_public_key() @@ -3675,7 +3670,7 @@ mod test_quic { payload: HandshakePayload::ClientHello(ClientHelloPayload { client_version: ProtocolVersion::TLSv1_3, random, - session_id: SessionId::random::().unwrap(), + session_id: SessionId::random(RING).unwrap(), cipher_suites: vec![CipherSuite::TLS13_AES_128_GCM_SHA256], compression_methods: vec![Compression::Null], extensions: vec![ @@ -3707,7 +3702,7 @@ mod test_quic { server_config.alpn_protocols = vec!["foo".into()]; let server_config = Arc::new(server_config); - use ring::rand::SecureRandom; + use rustls::crypto::ring::RING; use rustls::internal::msgs::base::PayloadU16; use rustls::internal::msgs::enums::{Compression, NamedGroup}; use rustls::internal::msgs::handshake::{ @@ -3715,11 +3710,11 @@ mod test_quic { }; use rustls::{CipherSuite, HandshakeType, SignatureScheme}; - let rng = ring::rand::SystemRandom::new(); let mut random = [0; 32]; - rng.fill(&mut random).unwrap(); + RING.fill_random(&mut random).unwrap(); let random = Random::from(random); + let rng = ring::rand::SystemRandom::new(); let kx = ring::agreement::EphemeralPrivateKey::generate(&ring::agreement::X25519, &rng) .unwrap() .compute_public_key() @@ -3737,7 +3732,7 @@ mod test_quic { payload: HandshakePayload::ClientHello(ClientHelloPayload { client_version: ProtocolVersion::TLSv1_2, random, - session_id: SessionId::random::().unwrap(), + session_id: SessionId::random(RING).unwrap(), cipher_suites: vec![CipherSuite::TLS13_AES_128_GCM_SHA256], compression_methods: vec![Compression::Null], extensions: vec![ @@ -4133,8 +4128,9 @@ fn test_client_sends_helloretryrequest() { #[test] fn test_client_rejects_hrr_with_varied_session_id() { + use rustls::crypto::ring::RING; use rustls::internal::msgs::handshake::SessionId; - let different_session_id = SessionId::random::().unwrap(); + let different_session_id = SessionId::random(RING).unwrap(); let assert_client_sends_hello_with_secp384 = |msg: &mut Message| -> Altered { if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { @@ -4556,7 +4552,7 @@ fn test_client_tls12_no_resume_after_server_downgrade() { let server_config_1 = Arc::new(common::finish_server_config( KeyType::Ed25519, - ServerConfig::::builder() + ServerConfig::builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS13]) @@ -4565,7 +4561,7 @@ fn test_client_tls12_no_resume_after_server_downgrade() { let mut server_config_2 = common::finish_server_config( KeyType::Ed25519, - ServerConfig::::builder() + ServerConfig::builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) @@ -4804,7 +4800,7 @@ fn test_secret_extraction_enabled() { println!("Testing suite {:?}", suite.suite().as_str()); // Only offer the cipher suite (and protocol version) that we're testing - let mut server_config = ServerConfig::::builder() + let mut server_config = ServerConfig::builder() .with_cipher_suites(&[suite]) .with_safe_default_kx_groups() .with_protocol_versions(&[version]) @@ -4862,7 +4858,7 @@ fn test_secret_extraction_disabled_or_too_early() { let kt = KeyType::Rsa; for (server_enable, client_enable) in [(true, false), (false, true)] { - let mut server_config = ServerConfig::::builder() + let mut server_config = ServerConfig::builder() .with_cipher_suites(&[suite]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -4904,7 +4900,7 @@ fn test_received_plaintext_backpressure() { let kt = KeyType::Rsa; let server_config = Arc::new( - ServerConfig::::builder() + ServerConfig::builder() .with_cipher_suites(&[suite]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 0a85bd322e..b15453bde9 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -14,7 +14,6 @@ use crate::common::{ make_pair_for_arc_configs, server_name, ErrorFromPeer, KeyType, ALL_KEY_TYPES, }; use rustls::client::{HandshakeSignatureValid, WebPkiServerVerifier}; -use rustls::crypto::ring::Ring; use rustls::internal::msgs::handshake::DistinguishedName; use rustls::server::{ClientCertVerified, ClientCertVerifier}; use rustls::{ @@ -44,7 +43,7 @@ fn ver_err() -> Result { fn server_config_with_verifier( kt: KeyType, client_cert_verifier: MockClientVerifier, -) -> ServerConfig { +) -> ServerConfig { ServerConfig::builder() .with_safe_defaults() .with_client_cert_verifier(Arc::new(client_cert_verifier)) diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index a1c9116b28..91b55a5737 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -7,8 +7,6 @@ use std::sync::Arc; use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; -use rustls::crypto::ring::Ring; -use rustls::crypto::CryptoProvider; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage}; use rustls::server::WebPkiClientVerifier; @@ -243,23 +241,23 @@ impl KeyType { } } -pub fn finish_server_config( +pub fn finish_server_config( kt: KeyType, - conf: rustls::ConfigBuilder, rustls::WantsVerifier>, -) -> ServerConfig { + conf: rustls::ConfigBuilder, +) -> ServerConfig { conf.with_no_client_auth() .with_single_cert(kt.get_chain(), kt.get_key()) .unwrap() } -pub fn make_server_config(kt: KeyType) -> ServerConfig { +pub fn make_server_config(kt: KeyType) -> ServerConfig { finish_server_config(kt, ServerConfig::builder().with_safe_defaults()) } pub fn make_server_config_with_versions( kt: KeyType, versions: &[&'static rustls::SupportedProtocolVersion], -) -> ServerConfig { +) -> ServerConfig { finish_server_config( kt, ServerConfig::builder() @@ -273,7 +271,7 @@ pub fn make_server_config_with_versions( pub fn make_server_config_with_kx_groups( kt: KeyType, kx_groups: &[&'static dyn rustls::SupportedKxGroup], -) -> ServerConfig { +) -> ServerConfig { finish_server_config( kt, ServerConfig::builder() @@ -298,7 +296,7 @@ pub fn get_client_root_store(kt: KeyType) -> Arc { pub fn make_server_config_with_mandatory_client_auth_crls( kt: KeyType, crls: Vec>, -) -> ServerConfig { +) -> ServerConfig { let client_auth_roots = get_client_root_store(kt); let client_auth = WebPkiClientVerifier::builder(client_auth_roots) @@ -313,14 +311,14 @@ pub fn make_server_config_with_mandatory_client_auth_crls( .unwrap() } -pub fn make_server_config_with_mandatory_client_auth(kt: KeyType) -> ServerConfig { +pub fn make_server_config_with_mandatory_client_auth(kt: KeyType) -> ServerConfig { make_server_config_with_mandatory_client_auth_crls(kt, Vec::new()) } pub fn make_server_config_with_optional_client_auth( kt: KeyType, crls: Vec>, -) -> ServerConfig { +) -> ServerConfig { let client_auth_roots = get_client_root_store(kt); let client_auth = WebPkiClientVerifier::builder(client_auth_roots) @@ -336,10 +334,10 @@ pub fn make_server_config_with_optional_client_auth( .unwrap() } -pub fn finish_client_config( +pub fn finish_client_config( kt: KeyType, - config: rustls::ConfigBuilder, rustls::WantsVerifier>, -) -> ClientConfig { + config: rustls::ConfigBuilder, +) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); root_store.add_parsable_certificates( @@ -351,10 +349,10 @@ pub fn finish_client_config( .with_no_client_auth() } -pub fn finish_client_config_with_creds( +pub fn finish_client_config_with_creds( kt: KeyType, - config: rustls::ConfigBuilder, rustls::WantsVerifier>, -) -> ClientConfig { + config: rustls::ConfigBuilder, +) -> ClientConfig { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); // Passing a reference here just for testing. @@ -368,14 +366,14 @@ pub fn finish_client_config_with_creds( .unwrap() } -pub fn make_client_config(kt: KeyType) -> ClientConfig { - finish_client_config(kt, ClientConfig::::builder().with_safe_defaults()) +pub fn make_client_config(kt: KeyType) -> ClientConfig { + finish_client_config(kt, ClientConfig::builder().with_safe_defaults()) } pub fn make_client_config_with_kx_groups( kt: KeyType, kx_groups: &[&'static dyn rustls::SupportedKxGroup], -) -> ClientConfig { +) -> ClientConfig { let builder = ClientConfig::builder() .with_safe_default_cipher_suites() .with_kx_groups(kx_groups) @@ -387,7 +385,7 @@ pub fn make_client_config_with_kx_groups( pub fn make_client_config_with_versions( kt: KeyType, versions: &[&'static rustls::SupportedProtocolVersion], -) -> ClientConfig { +) -> ClientConfig { let builder = ClientConfig::builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() @@ -396,14 +394,14 @@ pub fn make_client_config_with_versions( finish_client_config(kt, builder) } -pub fn make_client_config_with_auth(kt: KeyType) -> ClientConfig { - finish_client_config_with_creds(kt, ClientConfig::::builder().with_safe_defaults()) +pub fn make_client_config_with_auth(kt: KeyType) -> ClientConfig { + finish_client_config_with_creds(kt, ClientConfig::builder().with_safe_defaults()) } pub fn make_client_config_with_versions_with_auth( kt: KeyType, versions: &[&'static rustls::SupportedProtocolVersion], -) -> ClientConfig { +) -> ClientConfig { let builder = ClientConfig::builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() @@ -417,15 +415,15 @@ pub fn make_pair(kt: KeyType) -> (ClientConnection, ServerConnection) { } pub fn make_pair_for_configs( - client_config: ClientConfig, - server_config: ServerConfig, + client_config: ClientConfig, + server_config: ServerConfig, ) -> (ClientConnection, ServerConnection) { make_pair_for_arc_configs(&Arc::new(client_config), &Arc::new(server_config)) } pub fn make_pair_for_arc_configs( - client_config: &Arc>, - server_config: &Arc>, + client_config: &Arc, + server_config: &Arc, ) -> (ClientConnection, ServerConnection) { ( ClientConnection::new(Arc::clone(client_config), server_name("localhost")).unwrap(), From e20e0baf2c2762c27cfead193da90e752bb00ee8 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Sep 2023 17:08:34 +0100 Subject: [PATCH 0189/1145] Smoke-test explicit provider selection API --- rustls/tests/api.rs | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index db5130f161..eda2af9a06 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4984,3 +4984,21 @@ fn test_debug_server_name_from_string() { "DnsName(\"a.com\")" ) } + +#[cfg(feature = "ring")] +#[test] +fn test_explicit_provider_selection() { + let client_config = finish_client_config( + KeyType::Rsa, + rustls::ClientConfig::builder_with_provider(rustls::crypto::ring::RING) + .with_safe_defaults(), + ); + let server_config = finish_server_config( + KeyType::Rsa, + rustls::ServerConfig::builder_with_provider(rustls::crypto::ring::RING) + .with_safe_defaults(), + ); + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + do_handshake(&mut client, &mut server); +} From 30412d092c837db2be3dd6b0e6dcf87bd99d12ea Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Sep 2023 17:35:04 +0100 Subject: [PATCH 0190/1145] Use provider API to validate RNG failure errors --- rustls/tests/api.rs | 92 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index eda2af9a06..09897a29a4 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5002,3 +5002,95 @@ fn test_explicit_provider_selection() { let (mut client, mut server) = make_pair_for_configs(client_config, server_config); do_handshake(&mut client, &mut server); } + +#[derive(Debug)] +struct FaultyRandomProvider { + parent: &'static dyn rustls::crypto::CryptoProvider, + + // when empty, `fill_random` requests return `GetRandomFailed` + rand_queue: Mutex<&'static [u8]>, +} + +impl rustls::crypto::CryptoProvider for FaultyRandomProvider { + fn fill_random(&self, output: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { + let mut queue = self.rand_queue.lock().unwrap(); + + println!( + "fill_random request for {} bytes (got {})", + output.len(), + queue.len() + ); + + if queue.len() < output.len() { + return Err(rustls::crypto::GetRandomFailed); + } + + let fixed_output = &queue[..output.len()]; + output.copy_from_slice(fixed_output); + *queue = &queue[output.len()..]; + Ok(()) + } + + fn default_cipher_suites(&self) -> &'static [SupportedCipherSuite] { + self.parent.default_cipher_suites() + } + + fn default_kx_groups(&self) -> &'static [&'static (dyn rustls::crypto::SupportedKxGroup)] { + self.parent.default_kx_groups() + } +} + +#[test] +fn test_client_construction_fails_if_random_source_fails_in_first_request() { + static PROVIDER: FaultyRandomProvider = FaultyRandomProvider { + parent: rustls::crypto::ring::RING, + rand_queue: Mutex::new(b""), + }; + + let client_config = finish_client_config( + KeyType::Rsa, + rustls::ClientConfig::builder_with_provider(&PROVIDER).with_safe_defaults(), + ); + + assert_eq!( + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap_err(), + Error::FailedToGetRandomBytes + ); +} + +#[test] +fn test_client_construction_fails_if_random_source_fails_in_second_request() { + static PROVIDER: FaultyRandomProvider = FaultyRandomProvider { + parent: rustls::crypto::ring::RING, + rand_queue: Mutex::new(b"nice random number generator huh"), + }; + + let client_config = finish_client_config( + KeyType::Rsa, + rustls::ClientConfig::builder_with_provider(&PROVIDER).with_safe_defaults(), + ); + + assert_eq!( + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap_err(), + Error::FailedToGetRandomBytes + ); +} + +#[test] +fn test_client_construction_requires_64_bytes_of_random_material() { + static PROVIDER: FaultyRandomProvider = FaultyRandomProvider { + parent: rustls::crypto::ring::RING, + rand_queue: Mutex::new( + b"nice random number generator !!!\ + it's really not very good is it?", + ), + }; + + let client_config = finish_client_config( + KeyType::Rsa, + rustls::ClientConfig::builder_with_provider(&PROVIDER).with_safe_defaults(), + ); + + ClientConnection::new(Arc::new(client_config), server_name("localhost")) + .expect("check how much random material ClientConnection::new consumes"); +} From 76db9fb00f10c580f2145c6dc5a19c268389151b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Sep 2023 09:01:02 -0400 Subject: [PATCH 0191/1145] lib: remove crypto::ring::Ticketer re-export --- ci-bench/src/main.rs | 2 +- examples/src/bin/tlsserver-mio.rs | 2 +- rustls/examples/internal/bench.rs | 2 +- rustls/examples/internal/bogo_shim.rs | 3 ++- rustls/src/lib.rs | 2 -- rustls/tests/api.rs | 2 +- 6 files changed, 6 insertions(+), 7 deletions(-) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index f75b7a6a4e..cacd893387 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -14,10 +14,10 @@ use itertools::Itertools; use rayon::iter::Either; use rayon::prelude::*; use rustls::client::Resumption; +use rustls::crypto::ring::Ticketer; use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; use rustls::{ ClientConfig, ClientConnection, ProtocolVersion, RootCertStore, ServerConfig, ServerConnection, - Ticketer, }; use crate::benchmark::{ diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 7fc70b8109..78bf7a70ec 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -620,7 +620,7 @@ fn make_config(args: &Args) -> Arc { } if args.flag_tickets { - config.ticketer = rustls::Ticketer::new().unwrap(); + config.ticketer = rustls::crypto::ring::Ticketer::new().unwrap(); } config.alpn_protocols = args diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index 605333e3a8..3fd452a34b 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -14,9 +14,9 @@ use std::time::{Duration, Instant}; use pki_types::{CertificateDer, PrivateKeyDer}; use rustls::client::Resumption; +use rustls::crypto::ring::Ticketer; use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; use rustls::RootCertStore; -use rustls::Ticketer; use rustls::{ClientConfig, ClientConnection}; use rustls::{ConnectionCommon, SideData}; use rustls::{ServerConfig, ServerConnection}; diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 5269695d3e..9d1fb5f096 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -7,6 +7,7 @@ use rustls::client::{ ClientConfig, ClientConnection, HandshakeSignatureValid, Resumption, WebPkiServerVerifier, }; +use rustls::crypto::ring::Ticketer; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist; use rustls::server::{ClientHello, ServerConfig, ServerConnection}; @@ -14,7 +15,7 @@ use rustls::{ self, client, kx_group, server, sign, version, AlertDescription, CertificateError, Connection, DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, PeerIncompatible, PeerMisbehaved, ProtocolVersion, ServerName, Side, SignatureAlgorithm, SignatureScheme, - SupportedKxGroup, SupportedProtocolVersion, Ticketer, ALL_KX_GROUPS, + SupportedKxGroup, SupportedProtocolVersion, ALL_KX_GROUPS, }; use base64::prelude::{Engine, BASE64_STANDARD}; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 40f24ca70f..e3c55b388f 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -377,8 +377,6 @@ pub use crate::builder::{ pub use crate::common_state::{CommonState, IoState, Side}; pub use crate::conn::{Connection, ConnectionCommon, Reader, SideData, Writer}; #[cfg(feature = "ring")] -pub use crate::crypto::ring::Ticketer; -#[cfg(feature = "ring")] pub use crate::crypto::ring::ALL_KX_GROUPS; #[cfg(feature = "ring")] pub use crate::crypto::ring::{ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES}; diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 09897a29a4..ec2dcdd475 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3139,7 +3139,7 @@ fn tls13_stateless_resumption() { let client_config = Arc::new(client_config); let mut server_config = make_server_config(kt); - server_config.ticketer = rustls::Ticketer::new().unwrap(); + server_config.ticketer = rustls::crypto::ring::Ticketer::new().unwrap(); let storage = Arc::new(ServerStorage::new()); server_config.session_storage = storage.clone(); let server_config = Arc::new(server_config); From b1bde8c0e772dc3c697e3e88426c5c12113fe77d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Sep 2023 09:04:01 -0400 Subject: [PATCH 0192/1145] lib: remove crypto::SupportedKxGroup re-export --- provider-example/src/lib.rs | 2 +- rustls/examples/internal/bogo_shim.rs | 3 ++- rustls/src/lib.rs | 1 - rustls/tests/common/mod.rs | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index efd33f2e39..1f6d081068 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -23,7 +23,7 @@ impl rustls::crypto::CryptoProvider for Provider { ALL_CIPHER_SUITES } - fn default_kx_groups(&self) -> &'static [&'static dyn rustls::SupportedKxGroup] { + fn default_kx_groups(&self) -> &'static [&'static dyn rustls::crypto::SupportedKxGroup] { kx::ALL_KX_GROUPS } } diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 9d1fb5f096..494cc20c0d 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -8,6 +8,7 @@ use rustls::client::{ ClientConfig, ClientConnection, HandshakeSignatureValid, Resumption, WebPkiServerVerifier, }; use rustls::crypto::ring::Ticketer; +use rustls::crypto::SupportedKxGroup; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist; use rustls::server::{ClientHello, ServerConfig, ServerConnection}; @@ -15,7 +16,7 @@ use rustls::{ self, client, kx_group, server, sign, version, AlertDescription, CertificateError, Connection, DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, PeerIncompatible, PeerMisbehaved, ProtocolVersion, ServerName, Side, SignatureAlgorithm, SignatureScheme, - SupportedKxGroup, SupportedProtocolVersion, ALL_KX_GROUPS, + SupportedProtocolVersion, ALL_KX_GROUPS, }; use base64::prelude::{Engine, BASE64_STANDARD}; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index e3c55b388f..f592b4268c 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -380,7 +380,6 @@ pub use crate::conn::{Connection, ConnectionCommon, Reader, SideData, Writer}; pub use crate::crypto::ring::ALL_KX_GROUPS; #[cfg(feature = "ring")] pub use crate::crypto::ring::{ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES}; -pub use crate::crypto::SupportedKxGroup; pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, SignatureScheme, diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 91b55a5737..91ceb7f8c3 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -270,7 +270,7 @@ pub fn make_server_config_with_versions( pub fn make_server_config_with_kx_groups( kt: KeyType, - kx_groups: &[&'static dyn rustls::SupportedKxGroup], + kx_groups: &[&'static dyn rustls::crypto::SupportedKxGroup], ) -> ServerConfig { finish_server_config( kt, @@ -372,7 +372,7 @@ pub fn make_client_config(kt: KeyType) -> ClientConfig { pub fn make_client_config_with_kx_groups( kt: KeyType, - kx_groups: &[&'static dyn rustls::SupportedKxGroup], + kx_groups: &[&'static dyn rustls::crypto::SupportedKxGroup], ) -> ClientConfig { let builder = ClientConfig::builder() .with_safe_default_cipher_suites() From 949e1ca0621b909c3c1350c7d975ee2a5bc44d92 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Sep 2023 09:06:14 -0400 Subject: [PATCH 0193/1145] lib: remove crypto::ring::ALL_KX_GROUPS re-export --- rustls/examples/internal/bogo_shim.rs | 4 ++-- rustls/src/lib.rs | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 494cc20c0d..fc26398e8c 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -7,7 +7,7 @@ use rustls::client::{ ClientConfig, ClientConnection, HandshakeSignatureValid, Resumption, WebPkiServerVerifier, }; -use rustls::crypto::ring::Ticketer; +use rustls::crypto::ring::{Ticketer, ALL_KX_GROUPS}; use rustls::crypto::SupportedKxGroup; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist; @@ -16,7 +16,7 @@ use rustls::{ self, client, kx_group, server, sign, version, AlertDescription, CertificateError, Connection, DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, PeerIncompatible, PeerMisbehaved, ProtocolVersion, ServerName, Side, SignatureAlgorithm, SignatureScheme, - SupportedProtocolVersion, ALL_KX_GROUPS, + SupportedProtocolVersion, }; use base64::prelude::{Engine, BASE64_STANDARD}; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index f592b4268c..d27f44a7b5 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -377,8 +377,6 @@ pub use crate::builder::{ pub use crate::common_state::{CommonState, IoState, Side}; pub use crate::conn::{Connection, ConnectionCommon, Reader, SideData, Writer}; #[cfg(feature = "ring")] -pub use crate::crypto::ring::ALL_KX_GROUPS; -#[cfg(feature = "ring")] pub use crate::crypto::ring::{ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES}; pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, From 46b3442d5788a49492eb58b6a865e57a04523fdb Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Sep 2023 09:09:55 -0400 Subject: [PATCH 0194/1145] lib: remove crypto::ring::ALL_CIPHER_SUITES re-export --- examples/src/bin/tlsclient-mio.rs | 2 +- examples/src/bin/tlsserver-mio.rs | 4 ++-- rustls/src/lib.rs | 4 ++-- rustls/src/suites.rs | 8 ++++---- rustls/tests/api.rs | 3 ++- 5 files changed, 11 insertions(+), 10 deletions(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index c92b6166f9..20826ae98c 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -236,7 +236,7 @@ struct Args { /// Find a ciphersuite with the given name fn find_suite(name: &str) -> Option { - for suite in rustls::ALL_CIPHER_SUITES { + for suite in rustls::crypto::ring::ALL_CIPHER_SUITES { let sname = format!("{:?}", suite.suite()).to_lowercase(); if sname == name.to_string().to_lowercase() { diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 78bf7a70ec..0ba487b1e6 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -457,7 +457,7 @@ struct Args { } fn find_suite(name: &str) -> Option { - for suite in rustls::ALL_CIPHER_SUITES { + for suite in rustls::crypto::ring::ALL_CIPHER_SUITES { let sname = format!("{:?}", suite.suite()).to_lowercase(); if sname == name.to_string().to_lowercase() { @@ -583,7 +583,7 @@ fn make_config(args: &Args) -> Arc { let suites = if !args.flag_suite.is_empty() { lookup_suites(&args.flag_suite) } else { - rustls::ALL_CIPHER_SUITES.to_vec() + rustls::crypto::ring::ALL_CIPHER_SUITES.to_vec() }; let versions = if !args.flag_protover.is_empty() { diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index d27f44a7b5..d4a5e9d614 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -377,7 +377,7 @@ pub use crate::builder::{ pub use crate::common_state::{CommonState, IoState, Side}; pub use crate::conn::{Connection, ConnectionCommon, Reader, SideData, Writer}; #[cfg(feature = "ring")] -pub use crate::crypto::ring::{ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES}; +pub use crate::crypto::ring::DEFAULT_CIPHER_SUITES; pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, SignatureScheme, @@ -471,7 +471,7 @@ pub use server::{ServerConfig, ServerConnection}; /// All defined ciphersuites appear in this module. /// -/// [`ALL_CIPHER_SUITES`] is provided as an array of all of these values. +/// [`crypto::ring::ALL_CIPHER_SUITES`] is provided as an array of all of these values. pub mod cipher_suite { #[cfg(all(feature = "tls12", feature = "ring"))] pub use crate::crypto::ring::tls12::{ diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index aec3538d2a..c090cf81be 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -21,7 +21,7 @@ pub struct CipherSuiteCommon { /// A cipher suite supported by rustls. /// /// All possible instances of this type are provided by the library in -/// the [`crate::ALL_CIPHER_SUITES`] array. +/// the [`crypto::ring::ALL_CIPHER_SUITES`] array. #[derive(Clone, Copy, PartialEq)] pub enum SupportedCipherSuite { /// A TLS 1.2 cipher suite @@ -250,19 +250,19 @@ mod tests { fn test_pref_fails() { assert!(choose_ciphersuite_preferring_client( &[CipherSuite::TLS_NULL_WITH_NULL_NULL], - crate::ALL_CIPHER_SUITES + crypto::ring::ALL_CIPHER_SUITES ) .is_none()); assert!(choose_ciphersuite_preferring_server( &[CipherSuite::TLS_NULL_WITH_NULL_NULL], - crate::ALL_CIPHER_SUITES + crypto::ring::ALL_CIPHER_SUITES ) .is_none()); } #[test] fn test_scs_is_debug() { - println!("{:?}", crate::ALL_CIPHER_SUITES); + println!("{:?}", crypto::ring::ALL_CIPHER_SUITES); } #[test] diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index ec2dcdd475..eb4b417d0c 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -12,6 +12,7 @@ use std::sync::Mutex; use pki_types::CertificateDer; use rustls::client::{ResolvesClientCert, Resumption}; +use rustls::crypto::ring::ALL_CIPHER_SUITES; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; @@ -19,6 +20,7 @@ use rustls::internal::msgs::message::PlainMessage; use rustls::server::{ClientHello, ResolvesServerCert, WebPkiClientVerifier}; #[cfg(feature = "secret_extraction")] use rustls::ConnectionTrafficSecrets; +use rustls::SupportedCipherSuite; use rustls::{ sign, AlertDescription, CertificateError, ConnectionCommon, ContentType, Error, KeyLog, PeerIncompatible, PeerMisbehaved, SideData, @@ -27,7 +29,6 @@ use rustls::{CipherSuite, ProtocolVersion, SignatureScheme}; use rustls::{ClientConfig, ClientConnection}; use rustls::{ServerConfig, ServerConnection}; use rustls::{Stream, StreamOwned}; -use rustls::{SupportedCipherSuite, ALL_CIPHER_SUITES}; mod common; use crate::common::*; From 34bb3e38069a6469290076c070a07eaf8255e625 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Sep 2023 09:11:34 -0400 Subject: [PATCH 0195/1145] lib: remove crypto::ring::DEFAULT_CIPHER_SUITES re-export --- examples/src/bin/tlsclient-mio.rs | 2 +- rustls/src/lib.rs | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 20826ae98c..4f3500574e 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -391,7 +391,7 @@ fn make_config(args: &Args) -> Arc { let suites = if !args.flag_suite.is_empty() { lookup_suites(&args.flag_suite) } else { - rustls::DEFAULT_CIPHER_SUITES.to_vec() + rustls::crypto::ring::DEFAULT_CIPHER_SUITES.to_vec() }; let versions = if !args.flag_protover.is_empty() { diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index d4a5e9d614..c4d131e7de 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -376,8 +376,6 @@ pub use crate::builder::{ }; pub use crate::common_state::{CommonState, IoState, Side}; pub use crate::conn::{Connection, ConnectionCommon, Reader, SideData, Writer}; -#[cfg(feature = "ring")] -pub use crate::crypto::ring::DEFAULT_CIPHER_SUITES; pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, SignatureScheme, From e7a15fb935bfee72c25ab99f92c57b6a4ace20c9 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Sep 2023 09:14:50 -0400 Subject: [PATCH 0196/1145] lib: remove crypto::ring::kx_group re-export --- examples/src/bin/limitedclient.rs | 2 +- rustls/examples/internal/bogo_shim.rs | 4 +-- rustls/src/lib.rs | 4 --- rustls/src/msgs/enums.rs | 2 +- rustls/tests/api.rs | 46 +++++++++++++++++---------- 5 files changed, 34 insertions(+), 24 deletions(-) diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index e7264e2dcc..095d64d0a1 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -16,7 +16,7 @@ fn main() { let config = rustls::ClientConfig::builder() .with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]) - .with_kx_groups(&[rustls::kx_group::X25519]) + .with_kx_groups(&[rustls::crypto::ring::kx_group::X25519]) .with_protocol_versions(&[&rustls::version::TLS13]) .unwrap() .with_root_certificates(root_store) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index fc26398e8c..1c997ab1bf 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -7,13 +7,13 @@ use rustls::client::{ ClientConfig, ClientConnection, HandshakeSignatureValid, Resumption, WebPkiServerVerifier, }; -use rustls::crypto::ring::{Ticketer, ALL_KX_GROUPS}; +use rustls::crypto::ring::{kx_group, Ticketer, ALL_KX_GROUPS}; use rustls::crypto::SupportedKxGroup; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist; use rustls::server::{ClientHello, ServerConfig, ServerConnection}; use rustls::{ - self, client, kx_group, server, sign, version, AlertDescription, CertificateError, Connection, + self, client, server, sign, version, AlertDescription, CertificateError, Connection, DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, PeerIncompatible, PeerMisbehaved, ProtocolVersion, ServerName, Side, SignatureAlgorithm, SignatureScheme, SupportedProtocolVersion, diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index c4d131e7de..d0f8cc319f 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -493,10 +493,6 @@ pub mod version { pub use crate::versions::TLS13; } -#[cfg(feature = "ring")] -/// All defined key exchange groups supported by *ring* appear in this module. -pub use crypto::ring::kx_group; - /// Message signing interfaces and implementations. pub mod sign { #[cfg(feature = "ring")] diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 3861722001..8d91f0a138 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -142,7 +142,7 @@ enum_builder! { /// /// This enum is used for recognizing elliptic curve parameters advertised /// by a peer during a TLS handshake. It is **not** a list of curves that - /// Rustls supports. See [`crate::kx_group`] for the list of supported + /// Rustls supports. See [`crate::crypto::ring::kx_group`] for the list of supported /// elliptic curve groups. @U16 EnumName: NamedCurve; diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index eb4b417d0c..0a6400aafd 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -451,7 +451,7 @@ fn test_config_builders_debug() { ); let b = b.with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); assert_eq!("ConfigBuilder { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], provider: Ring } }", format!("{:?}", b)); - let b = b.with_kx_groups(&[rustls::kx_group::X25519]); + let b = b.with_kx_groups(&[rustls::crypto::ring::kx_group::X25519]); assert_eq!("ConfigBuilder { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring } }", format!("{:?}", b)); let b = b .with_protocol_versions(&[&rustls::version::TLS13]) @@ -466,7 +466,7 @@ fn test_config_builders_debug() { ); let b = b.with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); assert_eq!("ConfigBuilder { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], provider: Ring } }", format!("{:?}", b)); - let b = b.with_kx_groups(&[rustls::kx_group::X25519]); + let b = b.with_kx_groups(&[rustls::crypto::ring::kx_group::X25519]); assert_eq!("ConfigBuilder { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring } }", format!("{:?}", b)); let b = b .with_protocol_versions(&[&rustls::version::TLS13]) @@ -4011,20 +4011,26 @@ fn test_client_does_not_offer_sha1() { #[test] fn test_client_config_keyshare() { - let client_config = - make_client_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::SECP384R1]); - let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::SECP384R1]); + let client_config = make_client_config_with_kx_groups( + KeyType::Rsa, + &[rustls::crypto::ring::kx_group::SECP384R1], + ); + let server_config = make_server_config_with_kx_groups( + KeyType::Rsa, + &[rustls::crypto::ring::kx_group::SECP384R1], + ); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); do_handshake_until_error(&mut client, &mut server).unwrap(); } #[test] fn test_client_config_keyshare_mismatch() { - let client_config = - make_client_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::SECP384R1]); + let client_config = make_client_config_with_kx_groups( + KeyType::Rsa, + &[rustls::crypto::ring::kx_group::SECP384R1], + ); let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::crypto::ring::kx_group::X25519]); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); assert!(do_handshake_until_error(&mut client, &mut server).is_err()); } @@ -4035,7 +4041,10 @@ fn test_client_sends_helloretryrequest() { // client sends a secp384r1 key share let mut client_config = make_client_config_with_kx_groups( KeyType::Rsa, - &[rustls::kx_group::SECP384R1, rustls::kx_group::X25519], + &[ + rustls::crypto::ring::kx_group::SECP384R1, + rustls::crypto::ring::kx_group::X25519, + ], ); let storage = Arc::new(ClientStorage::new()); @@ -4043,7 +4052,7 @@ fn test_client_sends_helloretryrequest() { // but server only accepts x25519, so a HRR is required let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::crypto::ring::kx_group::X25519]); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); @@ -4164,11 +4173,14 @@ fn test_client_rejects_hrr_with_varied_session_id() { // client prefers a secp384r1 key share, server only accepts x25519 let client_config = make_client_config_with_kx_groups( KeyType::Rsa, - &[rustls::kx_group::SECP384R1, rustls::kx_group::X25519], + &[ + rustls::crypto::ring::kx_group::SECP384R1, + rustls::crypto::ring::kx_group::X25519, + ], ); let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::crypto::ring::kx_group::X25519]); let (client, server) = make_pair_for_configs(client_config, server_config); let (mut client, mut server) = (client.into(), server.into()); @@ -4200,13 +4212,15 @@ fn test_client_attempts_to_use_unsupported_kx_group() { // first, client sends a x25519 and server agrees. x25519 is inserted // into kx group cache. let mut client_config_1 = - make_client_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::X25519]); + make_client_config_with_kx_groups(KeyType::Rsa, &[rustls::crypto::ring::kx_group::X25519]); client_config_1.resumption = Resumption::store(shared_storage.clone()); // second, client only supports secp-384 and so kx group cache // contains an unusable value. - let mut client_config_2 = - make_client_config_with_kx_groups(KeyType::Rsa, &[rustls::kx_group::SECP384R1]); + let mut client_config_2 = make_client_config_with_kx_groups( + KeyType::Rsa, + &[rustls::crypto::ring::kx_group::SECP384R1], + ); client_config_2.resumption = Resumption::store(shared_storage.clone()); let server_config = make_server_config(KeyType::Rsa); From a3dd08bc6bef69af5d0728b69ae77820da85da3b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 18 Sep 2023 09:46:05 -0400 Subject: [PATCH 0197/1145] docs: add re-export guidance to CONTRIBUTING --- CONTRIBUTING.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index be0823cac0..9028ee80ef 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -266,6 +266,15 @@ import the symbol name under an alias, or if the parent module name is short, using a one-level qualified path. E.g. for a crate with a local `Error` type, prefer to `import std::error::Error as StdError`. +### Exports + +We prefer to export types under a single name, avoiding re-exporting types from +the top-level `lib.rs`. The exception to this are "paved path" exports that we +expect every user will need. The canonical example of such types are +`client::ClientConfig` and `server::ServerConfig`. In general this sort of type +is rare and most new types should be exported only from the module in which they +are defined. + ### Misc #### Numeric literals From 5fd434f7bd8b43189e7250d0ecee3fabe89b94ec Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Sep 2023 10:47:01 -0400 Subject: [PATCH 0198/1145] proj: remove dangerous_configuration feature In an effort to reduce our feature list, this commit replaces the `dangerous_configuration` feature flag with separate `danger` modules. Cargo features are additive, which means transitive dependencies could enable them for you without explicit opt-in. Using obviously named modules will maintain the property that it's easy to grep for imports, but avoids feature flag bloat and the additive downsides. After discussion we've chosen to not include the webpki verifier and helper functions as part of the dangerous API surface. Functionality for setting a custom verifier, or implementing one to make assertions about verification status, remain marked as dangerous via their module name. --- bogo/runme | 2 +- connect-tests/Cargo.toml | 1 - connect-tests/tests/badssl.rs | 1 - examples/Cargo.toml | 1 - examples/src/bin/tlsclient-mio.rs | 31 +++++----------- provider-example/Cargo.toml | 2 +- provider-example/examples/client.rs | 1 + provider-example/src/lib.rs | 2 +- rustls/Cargo.toml | 3 +- rustls/examples/internal/bogo_shim.rs | 18 ++++----- rustls/src/builder.rs | 4 +- rustls/src/client/builder.rs | 53 +++++++++++++++++++-------- rustls/src/client/client_conn.rs | 2 - rustls/src/lib.rs | 27 ++++++-------- rustls/src/webpki/verify.rs | 7 ---- rustls/tests/bogo.rs | 2 +- rustls/tests/client_cert_verifier.rs | 13 +++---- rustls/tests/server_cert_verifier.rs | 11 ++---- 18 files changed, 85 insertions(+), 96 deletions(-) diff --git a/bogo/runme b/bogo/runme index 4b8630d352..0a51c8097c 100755 --- a/bogo/runme +++ b/bogo/runme @@ -6,7 +6,7 @@ set -xe if [ "x$USE_EXISTING_BOGO_SHIM" = "x" ] ; then - cargo build --example bogo_shim --features dangerous_configuration,quic + cargo build --example bogo_shim --features quic fi if [ ! -e bogo/ssl/test/runner/runner.test ] ; then diff --git a/connect-tests/Cargo.toml b/connect-tests/Cargo.toml index f6c0c249a6..623cc7ff67 100644 --- a/connect-tests/Cargo.toml +++ b/connect-tests/Cargo.toml @@ -12,7 +12,6 @@ publish = false members = ["."] [features] -dangerous_configuration = ["rustls/dangerous_configuration"] quic = ["rustls/quic"] [dependencies] diff --git a/connect-tests/tests/badssl.rs b/connect-tests/tests/badssl.rs index 092e718b2d..5016112ea3 100644 --- a/connect-tests/tests/badssl.rs +++ b/connect-tests/tests/badssl.rs @@ -123,7 +123,6 @@ mod online { .unwrap(); } - #[cfg(feature = "dangerous_configuration")] mod danger { #[test] fn self_signed() { diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 13d860fa73..b09d71ba10 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -8,7 +8,6 @@ description = "Rustls example code and tests." publish = false [features] -dangerous_configuration = ["rustls/dangerous_configuration"] quic = ["rustls/quic"] [dependencies] diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 4f3500574e..3e95b38e5f 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -309,15 +309,15 @@ fn load_private_key(filename: &str) -> PrivateKeyDer<'static> { ); } -#[cfg(feature = "dangerous_configuration")] mod danger { use pki_types::{CertificateDer, UnixTime}; - use rustls::client::{HandshakeSignatureValid, WebPkiServerVerifier}; + use rustls::client::danger::HandshakeSignatureValid; + use rustls::client::WebPkiServerVerifier; use rustls::DigitallySignedStruct; pub struct NoCertificateVerification {} - impl rustls::client::ServerCertVerifier for NoCertificateVerification { + impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification { fn verify_server_cert( &self, _end_entity: &CertificateDer<'_>, @@ -325,8 +325,8 @@ mod danger { _server_name: &rustls::ServerName, _ocsp: &[u8], _now: UnixTime, - ) -> Result { - Ok(rustls::client::ServerCertVerified::assertion()) + ) -> Result { + Ok(rustls::client::danger::ServerCertVerified::assertion()) } fn verify_tls12_signature( @@ -353,21 +353,6 @@ mod danger { } } -#[cfg(feature = "dangerous_configuration")] -fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig) { - if args.flag_insecure { - cfg.dangerous() - .set_certificate_verifier(Arc::new(danger::NoCertificateVerification {})); - } -} - -#[cfg(not(feature = "dangerous_configuration"))] -fn apply_dangerous_options(args: &Args, _: &mut rustls::ClientConfig) { - if args.flag_insecure { - panic!("This build does not support --insecure."); - } -} - /// Build a `ClientConfig` from our arguments fn make_config(args: &Args) -> Arc { let mut root_store = RootCertStore::empty(); @@ -440,7 +425,11 @@ fn make_config(args: &Args) -> Arc { .collect(); config.max_fragment_size = args.flag_max_frag_size; - apply_dangerous_options(args, &mut config); + if args.flag_insecure { + config + .dangerous() + .set_certificate_verifier(Arc::new(danger::NoCertificateVerification {})); + } Arc::new(config) } diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 14c837798b..3533b30c78 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -14,7 +14,7 @@ env_logger = "0.10" hmac = "0.12.0" pki-types = { package = "rustls-pki-types", version = "0.2.0" } rand_core = "0.6.0" -rustls = { path = "../rustls", default-features = false, features = ["logging", "dangerous_configuration", "tls12"] } +rustls = { path = "../rustls", default-features = false, features = ["logging", "tls12"] } rsa = { version = "0.9.0", features = ["sha2"] } sha2 = "0.10.0" webpki = { package = "rustls-webpki", version = "0.102.0-alpha.1", default-features = false, features = ["alloc", "std"] } diff --git a/provider-example/examples/client.rs b/provider-example/examples/client.rs index c1074e5968..01462af29e 100644 --- a/provider-example/examples/client.rs +++ b/provider-example/examples/client.rs @@ -16,6 +16,7 @@ fn main() { let config = rustls::ClientConfig::builder_with_provider(PROVIDER) .with_safe_defaults() + .dangerous() .with_custom_certificate_verifier(certificate_verifier(root_store)) .with_no_client_auth(); diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 1f6d081068..5643d76687 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -60,7 +60,7 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherS pub fn certificate_verifier( roots: rustls::RootCertStore, -) -> Arc { +) -> Arc { Arc::new(rustls::client::WebPkiServerVerifier::new_with_algorithms( roots, verify::ALGORITHMS, diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 1645803585..1bf88a83a1 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -25,7 +25,6 @@ pki-types = { package = "rustls-pki-types", version = "0.2.1", features = ["std" [features] default = ["logging", "ring", "tls12"] logging = ["log"] -dangerous_configuration = [] ring = ["dep:ring", "webpki/ring"] secret_extraction = [] quic = [] @@ -43,7 +42,7 @@ base64 = "0.21" [[example]] name = "bogo_shim" path = "examples/internal/bogo_shim.rs" -required-features = ["dangerous_configuration", "quic", "tls12", "ring"] +required-features = ["quic", "tls12", "ring"] [[example]] name = "bench" diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 1c997ab1bf..8d8868b1c0 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -4,9 +4,8 @@ // https://boringssl.googlesource.com/boringssl/+/master/ssl/test // -use rustls::client::{ - ClientConfig, ClientConnection, HandshakeSignatureValid, Resumption, WebPkiServerVerifier, -}; +use rustls::client::danger::HandshakeSignatureValid; +use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier}; use rustls::crypto::ring::{kx_group, Ticketer, ALL_KX_GROUPS}; use rustls::crypto::SupportedKxGroup; use rustls::internal::msgs::codec::Codec; @@ -192,7 +191,7 @@ struct DummyClientAuth { mandatory: bool, } -impl server::ClientCertVerifier for DummyClientAuth { +impl server::danger::ClientCertVerifier for DummyClientAuth { fn offer_client_auth(&self) -> bool { true } @@ -210,8 +209,8 @@ impl server::ClientCertVerifier for DummyClientAuth { _end_entity: &CertificateDer<'_>, _intermediates: &[CertificateDer<'_>], _now: UnixTime, - ) -> Result { - Ok(server::ClientCertVerified::assertion()) + ) -> Result { + Ok(server::danger::ClientCertVerified::assertion()) } fn verify_tls12_signature( @@ -239,7 +238,7 @@ impl server::ClientCertVerifier for DummyClientAuth { struct DummyServerAuth {} -impl client::ServerCertVerifier for DummyServerAuth { +impl client::danger::ServerCertVerifier for DummyServerAuth { fn verify_server_cert( &self, _end_entity: &CertificateDer<'_>, @@ -247,8 +246,8 @@ impl client::ServerCertVerifier for DummyServerAuth { _hostname: &ServerName, _ocsp: &[u8], _now: UnixTime, - ) -> Result { - Ok(client::ServerCertVerified::assertion()) + ) -> Result { + Ok(client::danger::ServerCertVerified::assertion()) } fn verify_tls12_signature( @@ -570,6 +569,7 @@ fn make_client_cfg(opts: &Options) -> Arc { .with_kx_groups(&kx_groups) .with_protocol_versions(&opts.supported_versions()) .expect("inconsistent settings") + .dangerous() .with_custom_certificate_verifier(Arc::new(DummyServerAuth {})); let mut cfg = if !opts.cert_file.is_empty() && !opts.key_file.is_empty() { diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 7f09130dce..7d9e58628d 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -70,7 +70,7 @@ use core::marker::PhantomData; /// /// For a client, _certificate verification_ must be configured either by calling one of: /// - [`ConfigBuilder::with_root_certificates`] or -/// - [`ConfigBuilder::with_custom_certificate_verifier`] - requires dangerous_configuration feature flag +/// - [`ConfigBuilder::dangerous.with_custom_certificate_verifier`] /// /// Next, _certificate sending_ (also known as "client authentication", "mutual TLS", or "mTLS") must be configured /// or disabled using one of: @@ -95,7 +95,7 @@ use core::marker::PhantomData; /// /// For a server, _certificate verification_ must be configured by calling one of: /// - [`ConfigBuilder::with_no_client_auth`] - to not require client authentication (most common) -/// - [`ConfigBuilder::with_client_cert_verifier`] - to use a custom verifier +/// - [`ConfigBuilder::dangerous.with_client_cert_verifier`] - to use a custom verifier /// /// Next, _certificate sending_ must be configured by calling one of: /// - [`ConfigBuilder::with_single_cert`] - to send a specific certificate diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 2fd8ed8bf0..7d87470725 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -36,21 +36,44 @@ impl ConfigBuilder { } } - #[cfg(feature = "dangerous_configuration")] - /// Set a custom certificate verifier. - pub fn with_custom_certificate_verifier( - self, - verifier: Arc, - ) -> ConfigBuilder { - ConfigBuilder { - state: WantsClientCert { - cipher_suites: self.state.cipher_suites, - kx_groups: self.state.kx_groups, - provider: self.state.provider, - versions: self.state.versions, - verifier, - }, - side: PhantomData, + /// Access configuration options whose use is dangerous and requires + /// extra care. + pub fn dangerous(self) -> danger::DangerousClientConfigBuilder { + danger::DangerousClientConfigBuilder { cfg: self } + } +} + +/// Container for unsafe APIs +pub(super) mod danger { + use core::marker::PhantomData; + use std::sync::Arc; + + use crate::client::WantsClientCert; + use crate::{verify, ClientConfig, ConfigBuilder, WantsVerifier}; + + /// Accessor for dangerous configuration options. + #[derive(Debug)] + pub struct DangerousClientConfigBuilder { + /// The underlying ClientConfigBuilder + pub cfg: ConfigBuilder, + } + + impl DangerousClientConfigBuilder { + /// Set a custom certificate verifier. + pub fn with_custom_certificate_verifier( + self, + verifier: Arc, + ) -> ConfigBuilder { + ConfigBuilder { + state: WantsClientCert { + cipher_suites: self.cfg.state.cipher_suites, + kx_groups: self.cfg.state.kx_groups, + provider: self.cfg.state.provider, + versions: self.cfg.state.versions, + verifier, + }, + side: PhantomData, + } } } } diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 264e979877..d0a951d8cd 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -276,7 +276,6 @@ impl ClientConfig { /// Access configuration options whose use is dangerous and requires /// extra care. - #[cfg(feature = "dangerous_configuration")] pub fn dangerous(&mut self) -> danger::DangerousClientConfig<'_> { danger::DangerousClientConfig { cfg: self } } @@ -438,7 +437,6 @@ impl TryFrom<&str> for ServerName { } /// Container for unsafe APIs -#[cfg(feature = "dangerous_configuration")] pub(super) mod danger { use alloc::sync::Arc; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index d0f8cc319f..0f2794b880 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -229,11 +229,6 @@ //! messages do not contain secret key data, and so are safe to archive without //! affecting session security. This feature is in the default set. //! -//! - `dangerous_configuration`: this feature enables a `dangerous()` method on -//! `ClientConfig` and `ServerConfig` that allows setting inadvisable options, -//! such as replacing the certificate verification process. Applications -//! requesting this feature should be reviewed carefully. -//! //! - `quic`: this feature exposes additional constructors and functions //! for using rustls as a TLS library for QUIC. See the `quic` module for //! details of these. You will only need this if you're writing a QUIC @@ -419,14 +414,15 @@ pub mod client { }; pub use handy::ClientSessionMemoryCache; - #[cfg(feature = "dangerous_configuration")] - pub use crate::verify::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; - #[cfg(feature = "dangerous_configuration")] + /// Dangerous configuration that should be audited and used with extreme care. + pub mod danger { + pub use super::client_conn::danger::DangerousClientConfig; + pub use crate::verify::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; + } + pub use crate::webpki::{ verify_server_cert_signed_by_trust_anchor, verify_server_name, WebPkiServerVerifier, }; - #[cfg(feature = "dangerous_configuration")] - pub use client_conn::danger::DangerousClientConfig; pub use crate::msgs::persist::Tls12ClientSessionValue; pub use crate::msgs::persist::Tls13ClientSessionValue; @@ -457,11 +453,12 @@ pub mod server { }; pub use server_conn::{ClientHello, ProducesTickets, ResolvesServerCert}; - #[cfg(feature = "dangerous_configuration")] - pub use crate::dns_name::DnsName; - #[cfg(feature = "dangerous_configuration")] - pub use crate::verify::{ClientCertVerified, ClientCertVerifier}; - #[cfg(feature = "dangerous_configuration")] + /// Dangerous configuration that should be audited and used with extreme care. + pub mod danger { + pub use crate::dns_name::DnsName; + pub use crate::verify::{ClientCertVerified, ClientCertVerifier}; + } + pub use crate::webpki::ParsedCertificate; } diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 6a422db966..92091fbc79 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -24,7 +24,6 @@ use crate::verify::{ /// were sent as part of the server's `Certificate` message. It is in the /// same order that the server sent them and may be empty. #[allow(dead_code)] -#[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] pub fn verify_server_cert_signed_by_trust_anchor( cert: &ParsedCertificate, roots: &RootCertStore, @@ -48,7 +47,6 @@ pub fn verify_server_cert_signed_by_trust_anchor( /// Verify that the `end_entity` has a name or alternative name matching the `server_name` /// note: this only verifies the name and should be used in conjuction with more verification /// like [verify_server_cert_signed_by_trust_anchor] -#[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] pub fn verify_server_name(cert: &ParsedCertificate, server_name: &ServerName) -> Result<(), Error> { match server_name { ServerName::DnsName(dns_name) => { @@ -149,7 +147,6 @@ impl WebPkiServerVerifier { /// `roots` is the set of trust anchors to trust for issuing server certs. /// `supported` is the set of supported algorithms that will be used for /// certificate verification and TLS handshake signature verification. - #[cfg_attr(not(feature = "dangerous_configuration"), allow(dead_code))] pub fn new_with_algorithms( roots: impl Into>, supported: WebPkiSupportedAlgorithms, @@ -163,7 +160,6 @@ impl WebPkiServerVerifier { /// A full implementation of `ServerCertVerifier::verify_tls12_signature` or /// `ClientCertVerifier::verify_tls12_signature`. #[cfg(feature = "ring")] - #[cfg_attr(not(feature = "dangerous_configuration"), allow(dead_code))] pub fn default_verify_tls12_signature( message: &[u8], cert: &CertificateDer<'_>, @@ -175,7 +171,6 @@ impl WebPkiServerVerifier { /// A full implementation of `ServerCertVerifier::verify_tls13_signature` or /// `ClientCertVerifier::verify_tls13_signature`. #[cfg(feature = "ring")] - #[cfg_attr(not(feature = "dangerous_configuration"), allow(dead_code))] pub fn default_verify_tls13_signature( message: &[u8], cert: &CertificateDer<'_>, @@ -187,7 +182,6 @@ impl WebPkiServerVerifier { /// A full implementation of `ServerCertVerifier::supported_verify_schemes()` or /// `ClientCertVerifier::supported_verify_schemes()`. #[cfg(feature = "ring")] - #[cfg_attr(not(feature = "dangerous_configuration"), allow(dead_code))] pub fn default_supported_verify_schemes() -> Vec { SUPPORTED_SIG_ALGS.supported_schemes() } @@ -579,7 +573,6 @@ fn verify_tls13( } /// wrapper around internal representation of a parsed certificate. This is used in order to avoid parsing twice when specifying custom verification -#[cfg_attr(not(feature = "dangerous_configuration"), allow(unreachable_pub))] pub struct ParsedCertificate<'a>(pub(crate) webpki::EndEntityCert<'a>); impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { diff --git a/rustls/tests/bogo.rs b/rustls/tests/bogo.rs index e96073d109..e6bfcd8105 100644 --- a/rustls/tests/bogo.rs +++ b/rustls/tests/bogo.rs @@ -3,7 +3,7 @@ // and run. #[test] -#[cfg(all(coverage, feature = "quic", feature = "dangerous_configuration"))] +#[cfg(all(coverage, feature = "quic"))] fn run_bogo_tests() { use std::process::Command; diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index b15453bde9..98c101d443 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -1,10 +1,6 @@ //! Tests for configuring and using a [`ClientCertVerifier`] for a server. -#![cfg(all( - feature = "dangerous_configuration", - feature = "webpki", - feature = "ring" -))] +#![cfg(all(feature = "webpki", feature = "ring"))] mod common; @@ -13,9 +9,10 @@ use crate::common::{ make_client_config_with_versions, make_client_config_with_versions_with_auth, make_pair_for_arc_configs, server_name, ErrorFromPeer, KeyType, ALL_KEY_TYPES, }; -use rustls::client::{HandshakeSignatureValid, WebPkiServerVerifier}; +use rustls::client::danger::HandshakeSignatureValid; +use rustls::client::WebPkiServerVerifier; use rustls::internal::msgs::handshake::DistinguishedName; -use rustls::server::{ClientCertVerified, ClientCertVerifier}; +use rustls::server::danger::{ClientCertVerified, ClientCertVerifier}; use rustls::{ AlertDescription, ClientConnection, DigitallySignedStruct, Error, InvalidMessage, ServerConfig, ServerConnection, SignatureScheme, @@ -27,7 +24,7 @@ use std::sync::Arc; // Client is authorized! fn ver_ok() -> Result { - Ok(rustls::server::ClientCertVerified::assertion()) + Ok(ClientCertVerified::assertion()) } // Use when we shouldn't even attempt verification diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index 7d2a1b574c..039d319441 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -1,19 +1,14 @@ //! Tests for configuring and using a [`ServerCertVerifier`] for a client. -#![cfg(all( - feature = "dangerous_configuration", - feature = "webpki", - feature = "ring" -))] +#![cfg(all(feature = "webpki", feature = "ring"))] mod common; use crate::common::{ do_handshake, do_handshake_until_both_error, make_client_config_with_versions, make_pair_for_arc_configs, make_server_config, ErrorFromPeer, ALL_KEY_TYPES, }; -use rustls::client::{ - HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, WebPkiServerVerifier, -}; +use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; +use rustls::client::WebPkiServerVerifier; use rustls::DigitallySignedStruct; use rustls::{AlertDescription, Error, InvalidMessage, SignatureScheme}; From 92a9e46d20f57d7e961d391b2b9fbd52db13511e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 20 Sep 2023 09:13:38 +0100 Subject: [PATCH 0199/1145] Use stable for coverage measurement --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1b9ba384e7..89de99e623 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -193,7 +193,7 @@ jobs: persist-credentials: false - name: Install rust toolchain - uses: dtolnay/rust-toolchain@nightly + uses: dtolnay/rust-toolchain@stable with: components: llvm-tools From a09b68045f31dd18df777a45f23f9e5cd9da3852 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Tue, 19 Sep 2023 13:14:14 -0700 Subject: [PATCH 0200/1145] doc: fix reference to CryptoProvider parameter Also fix link to ConfigBuilder::dangerous --- rustls/src/builder.rs | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 7d9e58628d..86390f50a8 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -70,7 +70,7 @@ use core::marker::PhantomData; /// /// For a client, _certificate verification_ must be configured either by calling one of: /// - [`ConfigBuilder::with_root_certificates`] or -/// - [`ConfigBuilder::dangerous.with_custom_certificate_verifier`] +/// - [`ConfigBuilder::dangerous()`]`.with_custom_certificate_verifier` /// /// Next, _certificate sending_ (also known as "client authentication", "mutual TLS", or "mTLS") must be configured /// or disabled using one of: @@ -141,9 +141,10 @@ use core::marker::PhantomData; /// incorrect chain of configuration calls you will get an error message from the compiler /// mentioning some of these types. /// -/// Additionally, ServerConfig and ClientConfig are parameterized by `C`, a [`CryptoProvider`], -/// which determines a cryptographic backend to use (for instance, `ring`). That type parameter -/// is used in several of the `State` types as well. +/// Additionally, ServerConfig and ClientConfig carry a private field containing a +/// `&'static dyn `[`CryptoProvider`], from [`ClientConfig::builder_with_provider()`] or +/// [`ServerConfig::builder_with_provider()`]. This determines which cryptographic backend +/// is used. The default is [*ring*]. /// /// [builder]: https://rust-unofficial.github.io/patterns/patterns/creational/builder.html /// [typestate]: http://cliffle.com/blog/rust-typestate/ @@ -152,10 +153,13 @@ use core::marker::PhantomData; /// [`ClientConfig`]: crate::ClientConfig /// [`ClientConfig::builder()`]: crate::ClientConfig::builder() /// [`ServerConfig::builder()`]: crate::ServerConfig::builder() +/// [`ClientConfig::builder_with_provider()`]: crate::ClientConfig::builder_with_provider() +/// [`ServerConfig::builder_with_provider()`]: crate::ServerConfig::builder_with_provider() /// [`ConfigBuilder`]: struct.ConfigBuilder.html#impl-3 /// [`ConfigBuilder`]: struct.ConfigBuilder.html#impl-6 /// [`WantsClientCert`]: crate::client::WantsClientCert /// [`WantsServerCert`]: crate::server::WantsServerCert +/// [*ring*]: crate::crypto::ring::RING #[derive(Clone)] pub struct ConfigBuilder { pub(crate) state: State, From 9e0bfa2f25439be9ec93d7aa440e3a65f1e7ea71 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 20 Sep 2023 09:49:43 -0400 Subject: [PATCH 0201/1145] builder: use `RING` type for default provider link name The existing `*ring*` link was already pointing to `crypto::ring::RING`, let's use that name in the link display name to make this extra obvious. --- rustls/src/builder.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 86390f50a8..638a8df8a0 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -144,7 +144,7 @@ use core::marker::PhantomData; /// Additionally, ServerConfig and ClientConfig carry a private field containing a /// `&'static dyn `[`CryptoProvider`], from [`ClientConfig::builder_with_provider()`] or /// [`ServerConfig::builder_with_provider()`]. This determines which cryptographic backend -/// is used. The default is [*ring*]. +/// is used. The default is [`RING`]. /// /// [builder]: https://rust-unofficial.github.io/patterns/patterns/creational/builder.html /// [typestate]: http://cliffle.com/blog/rust-typestate/ @@ -159,7 +159,7 @@ use core::marker::PhantomData; /// [`ConfigBuilder`]: struct.ConfigBuilder.html#impl-6 /// [`WantsClientCert`]: crate::client::WantsClientCert /// [`WantsServerCert`]: crate::server::WantsServerCert -/// [*ring*]: crate::crypto::ring::RING +/// [`RING`]: crate::crypto::ring::RING #[derive(Clone)] pub struct ConfigBuilder { pub(crate) state: State, From ca7ae3142da7b64566c75f5cde4ee808d4dc7038 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 20 Sep 2023 09:51:49 -0400 Subject: [PATCH 0202/1145] lib: export `DangerousClientConfigBuilder` The `builder::danger::DangerousClientConfigBuilder` type should be exported in the `client::danger` module to support users setting a custom certificate verifier using it. --- rustls/src/lib.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 0f2794b880..4301b4c349 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -416,6 +416,7 @@ pub mod client { /// Dangerous configuration that should be audited and used with extreme care. pub mod danger { + pub use super::builder::danger::DangerousClientConfigBuilder; pub use super::client_conn::danger::DangerousClientConfig; pub use crate::verify::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; } From f0875392f3b26ace6b4bdef7545850fce90d4b4e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 20 Sep 2023 09:58:17 -0400 Subject: [PATCH 0203/1145] builder: link directly to `with_custom_certificate_verifier` --- rustls/src/builder.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 638a8df8a0..08540d4fb2 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -70,7 +70,7 @@ use core::marker::PhantomData; /// /// For a client, _certificate verification_ must be configured either by calling one of: /// - [`ConfigBuilder::with_root_certificates`] or -/// - [`ConfigBuilder::dangerous()`]`.with_custom_certificate_verifier` +/// - [`ConfigBuilder::dangerous()`] and [`DangerousClientConfigBuilder::with_custom_certificate_verifier`] /// /// Next, _certificate sending_ (also known as "client authentication", "mutual TLS", or "mTLS") must be configured /// or disabled using one of: @@ -160,6 +160,7 @@ use core::marker::PhantomData; /// [`WantsClientCert`]: crate::client::WantsClientCert /// [`WantsServerCert`]: crate::server::WantsServerCert /// [`RING`]: crate::crypto::ring::RING +/// [`DangerousClientConfigBuilder::with_custom_certificate_verifier`]: crate::client::danger::DangerousClientConfigBuilder::with_custom_certificate_verifier #[derive(Clone)] pub struct ConfigBuilder { pub(crate) state: State, From 86aa146d59f83e9fbf890b05f823799c0e8d3023 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 20 Sep 2023 10:00:33 -0400 Subject: [PATCH 0204/1145] builder: fix broken link to `with_client_cert_verifier` --- rustls/src/builder.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 08540d4fb2..91249e3714 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -95,7 +95,7 @@ use core::marker::PhantomData; /// /// For a server, _certificate verification_ must be configured by calling one of: /// - [`ConfigBuilder::with_no_client_auth`] - to not require client authentication (most common) -/// - [`ConfigBuilder::dangerous.with_client_cert_verifier`] - to use a custom verifier +/// - [`ConfigBuilder::with_client_cert_verifier`] - to use a custom verifier /// /// Next, _certificate sending_ must be configured by calling one of: /// - [`ConfigBuilder::with_single_cert`] - to send a specific certificate From 1988d70a9c7c050a41ad7b3a8301722ecc8622f3 Mon Sep 17 00:00:00 2001 From: Steve Fan <29133953+stevefan1999-personal@users.noreply.github.com> Date: Thu, 21 Sep 2023 22:38:49 +0800 Subject: [PATCH 0205/1145] Update rustls version to 0.22.0-alpha.3 --- rustls/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 1bf88a83a1..cd76c02299 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.22.0-alpha.2" +version = "0.22.0-alpha.3" edition = "2021" rust-version = "1.60" license = "Apache-2.0 OR ISC OR MIT" From ff595eb7b305e23ef8e02d6313dbda57441591c5 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 14 Sep 2023 10:43:29 +0200 Subject: [PATCH 0206/1145] Fix minimal versions job --- .github/workflows/build.yml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 89de99e623..fad40bd5f6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -222,8 +222,17 @@ jobs: - name: Install rust toolchain uses: dtolnay/rust-toolchain@nightly - - name: cargo test (debug; all features; -Z minimal-versions) - run: cargo -Z minimal-versions test --all-features + - name: Create a lockfile + run: cargo check + + - name: Update to minimal-versions + # This has no effect if no `Cargo.lock` exists yet. + run: cargo update -Z minimal-versions + + - name: cargo test (debug; all features) + run: cargo test --locked --all-features + env: + RUST_BACKTRACE: 1 cross: name: Check cross compilation targets From a43e0c2f260e85dbf54bce71560f9b8b1a1be92c Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 15 Sep 2023 13:44:33 +0200 Subject: [PATCH 0207/1145] Add section on commit history to CONTRIBUTING --- CONTRIBUTING.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 9028ee80ef..d1cd024a6a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -33,6 +33,17 @@ Some ideas and guidelines for contributions: - I run `cargo outdated` prior to major releases; but PRs to update specific dependencies are welcome. +## Commit history + +We prefer to keep the commit history clean and easy to follow. As such, we prefer small commits +that do one thing. In particular: + +* Avoid mixing refactoring and functional changes in the same commit if possible +* Make mechanical changes (like renaming or moving code around) in a separate commit +* Isolate updates to `Cargo.lock` in their own commits + +Our default workflow is to rebase clean commit history from a PR to `main`. + ## Security bugs Please report security bugs by [opening a draft security advisory](https://github.com/rustls/rustls/security/advisories/new) From 32e3b84db4ab6e8a1451e77ae6ee384a1b6e7b70 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 15 Sep 2023 13:44:44 +0200 Subject: [PATCH 0208/1145] Clean up trailing whitespace --- CONTRIBUTING.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d1cd024a6a..a3071f5f72 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,8 +13,8 @@ a pcap or reproduction steps. Feel free to file github issues to get help, or ask a question. -If you believe you've found a security bug please -[open a draft security advisory](https://github.com/rustls/rustls/security/advisories/new) +If you believe you've found a security bug please +[open a draft security advisory](https://github.com/rustls/rustls/security/advisories/new) in GitHub, and not as a regular repository issue. See [SECURITY.md] for more information. @@ -47,7 +47,7 @@ Our default workflow is to rebase clean commit history from a PR to `main`. ## Security bugs Please report security bugs by [opening a draft security advisory](https://github.com/rustls/rustls/security/advisories/new) -in GitHub, and not as a regular repository issue. +in GitHub, and not as a regular repository issue. See [SECURITY.md] for more information. @@ -156,7 +156,7 @@ be represented. #### Error handling -We use `Result` types pervasively throughout the code to signal error cases. +We use `Result` types pervasively throughout the code to signal error cases. Outside of unit/integration tests we prefer to avoid `unwrap()` and `expect()` calls unless there is a clear invariant which can be locally validated by the structure of the code. If there is such an invariant, we usually add a comment @@ -214,7 +214,7 @@ Ok(match foo { When writing match expressions, try to avoid using `ref` in patterns. Prefer taking a reference on the -[scrutinee](https://doc.rust-lang.org/reference/expressions/match-expr.html) +[scrutinee](https://doc.rust-lang.org/reference/expressions/match-expr.html) of the `match`. Since the addition of [binding @@ -235,7 +235,7 @@ Avoid adding a suffix for a variable that describes its type (provided that its type is hard to confuse with other types -- for example, we do still use `_id` suffixes because we usually use numeric IDs for database entities). The precision/conciseness trade-off for variable names also depends on the scope of -the binding. +the binding. #### Avoid `get_` prefixes @@ -298,8 +298,8 @@ Use digit grouping to make larger numeric constants easy to read, e.g. use #### Avoid type aliases We prefer to avoid type aliases as they obfuscate the underlying type and -don't provide additional type safety. Using the -[newtype idiom](https://doc.rust-lang.org/rust-by-example/generics/new_types.html) +don't provide additional type safety. Using the +[newtype idiom](https://doc.rust-lang.org/rust-by-example/generics/new_types.html) is one alternative when an abstraction boundary is worth the added complexity. ## Licensing From c7970af1799c7a69f627a8d8d4628eb394086747 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 14 Sep 2023 11:25:28 +0200 Subject: [PATCH 0209/1145] Keep Cargo.lock under version control --- .github/workflows/build.yml | 3 - .gitignore | 1 - Cargo.lock | 1324 +++++++++++++++++++++++++++++++++++ connect-tests/Cargo.lock | 286 ++++++++ fuzz/Cargo.lock | 267 +++++++ 5 files changed, 1877 insertions(+), 4 deletions(-) create mode 100644 Cargo.lock create mode 100644 connect-tests/Cargo.lock create mode 100644 fuzz/Cargo.lock diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fad40bd5f6..67b4d6031b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -222,9 +222,6 @@ jobs: - name: Install rust toolchain uses: dtolnay/rust-toolchain@nightly - - name: Create a lockfile - run: cargo check - - name: Update to minimal-versions # This has no effect if no `Cargo.lock` exists yet. run: cargo update -Z minimal-versions diff --git a/.gitignore b/.gitignore index 6df2a738e0..0351088b32 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ -Cargo.lock target/ *.gcda *.gcno diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 0000000000..83f410c527 --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,1324 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common", + "generic-array", +] + +[[package]] +name = "aho-corasick" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea5d730647d4fadd988536d06fecce94b7b4f2a7efdae548f1cf4b63205518ab" +dependencies = [ + "memchr", +] + +[[package]] +name = "anstream" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1f58811cfac344940f1a400b6e6231ce35171f614f26439e80f8c1465c5cc0c" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b84bf0a05bbb2a83e5eb6fa36bb6e87baa08193c35ff52bbf6b38d8af2890e46" + +[[package]] +name = "anstyle-parse" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "938874ff5980b03a87c5524b3ae5b59cf99b1d6bc836848df7bc5ada9643c333" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "anstyle-wincon" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "58f54d10c6dfa51283a066ceab3ec1ab78d13fae00aa49243a45e4571fb79dfd" +dependencies = [ + "anstyle", + "windows-sys", +] + +[[package]] +name = "anyhow" +version = "1.0.75" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" + +[[package]] +name = "autocfg" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" + +[[package]] +name = "base64" +version = "0.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ba43ea6f343b788c8764558649e08df62f86c6ef251fdaeb1ffd010a9ae50a2" + +[[package]] +name = "base64ct" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" + +[[package]] +name = "bencher" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dfdb4953a096c551ce9ace855a604d702e6e62d77fac690575ae347571717f5" + +[[package]] +name = "bitflags" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "bumpalo" +version = "3.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" + +[[package]] +name = "byteorder" +version = "1.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" + +[[package]] +name = "cc" +version = "1.0.83" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +dependencies = [ + "libc", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "chacha20" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "chacha20poly1305" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" +dependencies = [ + "aead", + "chacha20", + "cipher", + "poly1305", + "zeroize", +] + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", + "zeroize", +] + +[[package]] +name = "clap" +version = "4.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1d7b8d5ec32af0fadc644bf1fd509a688c2103b185644bb1e29d164e0703136" +dependencies = [ + "clap_builder", + "clap_derive", +] + +[[package]] +name = "clap_builder" +version = "4.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5179bb514e4d7c2051749d8fcefa2ed6d06a9f4e6d69faf3805f5d80b8cf8d56" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim", +] + +[[package]] +name = "clap_derive" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0862016ff20d69b84ef8247369fabf5c008a7417002411897d40ee1f4532b873" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "clap_lex" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cd7cc57abe963c6d3b9d8be5b06ba7c8957a930305ca90304f24ef040aa6f961" + +[[package]] +name = "colorchoice" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" + +[[package]] +name = "const-oid" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" + +[[package]] +name = "cpufeatures" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" +dependencies = [ + "libc", +] + +[[package]] +name = "crossbeam-deque" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" +dependencies = [ + "cfg-if", + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7" +dependencies = [ + "autocfg", + "cfg-if", + "crossbeam-utils", + "memoffset", + "scopeguard", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "rand_core", + "typenum", +] + +[[package]] +name = "curve25519-dalek" +version = "4.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e89b8c6a2e4b1f45971ad09761aafb85514a84744b67a95e32c3cc1352d1f65c" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "fiat-crypto", + "platforms", + "rustc_version", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fdaf97f4804dcebfa5862639bc9ce4121e82140bec2a987ac5140294865b5b" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "der" +version = "0.7.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" +dependencies = [ + "const-oid", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "deranged" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2696e8a945f658fd14dc3b87242e6b80cd0f36ff04ea560fa39082368847946" + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "docopt" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f3f119846c823f9eafcf953a8f6ffb6ed69bf6240883261a7f13b634579a51f" +dependencies = [ + "lazy_static", + "regex", + "serde", + "strsim", +] + +[[package]] +name = "either" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" + +[[package]] +name = "env_logger" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85cdab6a89accf66733ad5a1693a4dcced6aeff64602b634530dd73c1f3ee9f0" +dependencies = [ + "humantime", + "is-terminal", + "log", + "regex", + "termcolor", +] + +[[package]] +name = "errno" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "136526188508e25c6fef639d7927dfb3e0e3084488bf202267829cf7fc23dbdd" +dependencies = [ + "errno-dragonfly", + "libc", + "windows-sys", +] + +[[package]] +name = "errno-dragonfly" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf" +dependencies = [ + "cc", + "libc", +] + +[[package]] +name = "fiat-crypto" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0870c84016d4b481be5c9f323c24f65e31e901ae618f0e80f4308fb00de1d2d" + +[[package]] +name = "fxhash" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c31b6d751ae2c7f11320402d34e41349dd1016f8d5d45e48c4312bc8625af50c" +dependencies = [ + "byteorder", +] + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "heck" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" + +[[package]] +name = "hermit-abi" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + +[[package]] +name = "humantime" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" + +[[package]] +name = "inout" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" +dependencies = [ + "generic-array", +] + +[[package]] +name = "is-terminal" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" +dependencies = [ + "hermit-abi", + "rustix", + "windows-sys", +] + +[[package]] +name = "itertools" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1c173a5686ce8bfa551b3563d0c2170bf24ca44da99c7ca4bfdab5418c3fe57" +dependencies = [ + "either", +] + +[[package]] +name = "js-sys" +version = "0.3.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" +dependencies = [ + "wasm-bindgen", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +dependencies = [ + "spin", +] + +[[package]] +name = "libc" +version = "0.2.148" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b" + +[[package]] +name = "libm" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7012b1bbb0719e1097c47611d3898568c546d597c2e74d66f6087edd5233ff4" + +[[package]] +name = "linux-raw-sys" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a9bad9f94746442c783ca431b22403b519cd7fbeed0533fdd6328b2f2212128" + +[[package]] +name = "log" +version = "0.4.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" + +[[package]] +name = "memchr" +version = "2.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f232d6ef707e1956a43342693d2a31e72989554d58299d7a88738cc95b0d35c" + +[[package]] +name = "memoffset" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" +dependencies = [ + "autocfg", +] + +[[package]] +name = "mio" +version = "0.8.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "927a765cd3fc26206e66b296465fa9d3e5ab003e651c1b3c060e7956d96b19d2" +dependencies = [ + "libc", + "log", + "wasi", + "windows-sys", +] + +[[package]] +name = "num-bigint-dig" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151" +dependencies = [ + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand", + "smallvec", + "zeroize", +] + +[[package]] +name = "num-integer" +version = "0.1.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" +dependencies = [ + "autocfg", + "num-traits", +] + +[[package]] +name = "num-iter" +version = "0.1.43" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f30b0abd723be7e2ffca1272140fac1a2f084c77ec3e123c192b66af1ee9e6c2" +dependencies = [ + "autocfg", + "libm", +] + +[[package]] +name = "once_cell" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" + +[[package]] +name = "opaque-debug" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" + +[[package]] +name = "pem" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b13fe415cdf3c8e44518e18a7c95a13431d9bdf6d15367d82b23c377fdd441a" +dependencies = [ + "base64", + "serde", +] + +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + +[[package]] +name = "pkcs1" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +dependencies = [ + "der", + "pkcs8", + "spki", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "platforms" +version = "3.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4503fa043bf02cee09a9582e9554b4c6403b2ef55e4612e96561d294419429f8" + +[[package]] +name = "poly1305" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf" +dependencies = [ + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" + +[[package]] +name = "proc-macro2" +version = "1.0.67" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d433d9f1a3e8c1263d9456598b16fec66f4acc9a74dacffd35c7bb09b3a1328" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + +[[package]] +name = "rayon" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c27db03db7734835b3f53954b534c91069375ce6ccaa2e065441e07d9b6cdb1" +dependencies = [ + "either", + "rayon-core", +] + +[[package]] +name = "rayon-core" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ce3fb6ad83f861aac485e76e1985cd109d9a3713802152be56c3b1f0e0658ed" +dependencies = [ + "crossbeam-deque", + "crossbeam-utils", +] + +[[package]] +name = "rcgen" +version = "0.11.1" +source = "git+https://github.com/est31/rcgen.git?rev=83e548a06848d923eada1ac66d1a912735b67e79#83e548a06848d923eada1ac66d1a912735b67e79" +dependencies = [ + "pem", + "ring", + "time", + "yasna", +] + +[[package]] +name = "regex" +version = "1.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "697061221ea1b4a94a624f67d0ae2bfe4e22b8a17b6a192afb11046542cc8c47" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2f401f4955220693b56f8ec66ee9c78abffd8d1c4f23dc41a23839eb88f0795" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" + +[[package]] +name = "ring" +version = "0.16.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" +dependencies = [ + "cc", + "libc", + "once_cell", + "spin", + "untrusted", + "web-sys", + "winapi", +] + +[[package]] +name = "rsa" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ab43bb47d23c1a631b4b680199a45255dce26fa9ab2fa902581f624ff13e6a8" +dependencies = [ + "byteorder", + "const-oid", + "digest", + "num-bigint-dig", + "num-integer", + "num-iter", + "num-traits", + "pkcs1", + "pkcs8", + "rand_core", + "sha2", + "signature", + "spki", + "subtle", + "zeroize", +] + +[[package]] +name = "rustc_version" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +dependencies = [ + "semver", +] + +[[package]] +name = "rustix" +version = "0.38.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "747c788e9ce8e92b12cd485c49ddf90723550b654b32508f979b71a7b1ecda4f" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys", +] + +[[package]] +name = "rustls" +version = "0.22.0-alpha.3" +dependencies = [ + "base64", + "bencher", + "env_logger", + "log", + "ring", + "rustls-pemfile", + "rustls-pki-types", + "rustls-webpki", + "rustversion", + "subtle", + "webpki-roots", +] + +[[package]] +name = "rustls-ci-bench" +version = "0.0.1" +dependencies = [ + "anyhow", + "byteorder", + "clap", + "fxhash", + "itertools", + "rayon", + "rustls", + "rustls-pemfile", + "rustls-pki-types", +] + +[[package]] +name = "rustls-examples" +version = "0.0.1" +dependencies = [ + "docopt", + "env_logger", + "log", + "mio", + "rcgen", + "regex", + "ring", + "rustls", + "rustls-pemfile", + "rustls-pki-types", + "serde", + "serde_derive", + "webpki-roots", +] + +[[package]] +name = "rustls-pemfile" +version = "2.0.0-alpha.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4aaa4fe93b39faddb6a8f99568c3e5880680156da0d46818e884a071381f67fe" +dependencies = [ + "base64", + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a47003264dea418db67060fa420ad16d0d2f8f0a0360d825c00e177ac52cb5d8" + +[[package]] +name = "rustls-provider-example" +version = "0.0.1" +dependencies = [ + "chacha20poly1305", + "der", + "env_logger", + "hmac", + "rand_core", + "rsa", + "rustls", + "rustls-pki-types", + "rustls-webpki", + "sha2", + "webpki-roots", + "x25519-dalek", +] + +[[package]] +name = "rustls-webpki" +version = "0.102.0-alpha.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77fecb40b15f8d5d22e08f89e0a0bfa2c17ddd5fc385700f96920bba2b99b680" +dependencies = [ + "ring", + "rustls-pki-types", + "untrusted", +] + +[[package]] +name = "rustversion" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "semver" +version = "1.0.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ad977052201c6de01a8ef2aa3378c4bd23217a056337d1d6da40468d267a4fb0" + +[[package]] +name = "serde" +version = "1.0.188" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf9e0fcba69a370eed61bcf2b728575f726b50b55cba78064753d708ddc7549e" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.188" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "sha2" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "signature" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500" +dependencies = [ + "digest", + "rand_core", +] + +[[package]] +name = "smallvec" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a" + +[[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + +[[package]] +name = "spki" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "strsim" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" + +[[package]] +name = "subtle" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" + +[[package]] +name = "syn" +version = "2.0.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7303ef2c05cd654186cb250d29049a24840ca25d2747c25c0381c8d9e2f582e8" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "termcolor" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6093bad37da69aab9d123a8091e4be0aa4a03e4d601ec641c327398315f62b64" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "time" +version = "0.3.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "426f806f4089c493dcac0d24c29c01e2c38baf8e30f1b716ee37e83d200b18fe" +dependencies = [ + "deranged", + "serde", + "time-core", +] + +[[package]] +name = "time-core" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" + +[[package]] +name = "typenum" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] +name = "universal-hash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" +dependencies = [ + "crypto-common", + "subtle", +] + +[[package]] +name = "untrusted" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" + +[[package]] +name = "utf8parse" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" + +[[package]] +name = "version_check" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "wasm-bindgen" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" +dependencies = [ + "bumpalo", + "log", + "once_cell", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" + +[[package]] +name = "web-sys" +version = "0.3.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "webpki-roots" +version = "0.26.0-alpha.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42157929d7ca9c353222a4d1763c52ef86d25d0fd2eca66076df5975fd4e25ed" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-util" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +dependencies = [ + "winapi", +] + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "windows-sys" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" + +[[package]] +name = "windows_i686_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" + +[[package]] +name = "windows_i686_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" + +[[package]] +name = "x25519-dalek" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb66477291e7e8d2b0ff1bcb900bf29489a9692816d79874bea351e7a8b6de96" +dependencies = [ + "curve25519-dalek", + "rand_core", + "serde", + "zeroize", +] + +[[package]] +name = "yasna" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd" +dependencies = [ + "time", +] + +[[package]] +name = "zeroize" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/connect-tests/Cargo.lock b/connect-tests/Cargo.lock new file mode 100644 index 0000000000..639619ef79 --- /dev/null +++ b/connect-tests/Cargo.lock @@ -0,0 +1,286 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "aho-corasick" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea5d730647d4fadd988536d06fecce94b7b4f2a7efdae548f1cf4b63205518ab" +dependencies = [ + "memchr", +] + +[[package]] +name = "bumpalo" +version = "3.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" + +[[package]] +name = "cc" +version = "1.0.83" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +dependencies = [ + "libc", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "js-sys" +version = "0.3.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" +dependencies = [ + "wasm-bindgen", +] + +[[package]] +name = "libc" +version = "0.2.148" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b" + +[[package]] +name = "log" +version = "0.4.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" + +[[package]] +name = "memchr" +version = "2.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f232d6ef707e1956a43342693d2a31e72989554d58299d7a88738cc95b0d35c" + +[[package]] +name = "once_cell" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" + +[[package]] +name = "proc-macro2" +version = "1.0.67" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d433d9f1a3e8c1263d9456598b16fec66f4acc9a74dacffd35c7bb09b3a1328" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "regex" +version = "1.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "697061221ea1b4a94a624f67d0ae2bfe4e22b8a17b6a192afb11046542cc8c47" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2f401f4955220693b56f8ec66ee9c78abffd8d1c4f23dc41a23839eb88f0795" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" + +[[package]] +name = "ring" +version = "0.16.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" +dependencies = [ + "cc", + "libc", + "once_cell", + "spin", + "untrusted", + "web-sys", + "winapi", +] + +[[package]] +name = "rustls" +version = "0.22.0-alpha.3" +dependencies = [ + "log", + "ring", + "rustls-pki-types", + "rustls-webpki", + "subtle", +] + +[[package]] +name = "rustls-connect-tests" +version = "0.0.1" +dependencies = [ + "regex", + "ring", + "rustls", +] + +[[package]] +name = "rustls-pki-types" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a47003264dea418db67060fa420ad16d0d2f8f0a0360d825c00e177ac52cb5d8" + +[[package]] +name = "rustls-webpki" +version = "0.102.0-alpha.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77fecb40b15f8d5d22e08f89e0a0bfa2c17ddd5fc385700f96920bba2b99b680" +dependencies = [ + "ring", + "rustls-pki-types", + "untrusted", +] + +[[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + +[[package]] +name = "subtle" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" + +[[package]] +name = "syn" +version = "2.0.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7303ef2c05cd654186cb250d29049a24840ca25d2747c25c0381c8d9e2f582e8" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] +name = "untrusted" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" + +[[package]] +name = "wasm-bindgen" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" +dependencies = [ + "bumpalo", + "log", + "once_cell", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" + +[[package]] +name = "web-sys" +version = "0.3.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock new file mode 100644 index 0000000000..b8cb734e06 --- /dev/null +++ b/fuzz/Cargo.lock @@ -0,0 +1,267 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "arbitrary" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64cf76cb6e2222ed0ea86b2b0ee2f71c96ec6edd5af42e84d59160e91b836ec4" + +[[package]] +name = "bumpalo" +version = "3.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" + +[[package]] +name = "cc" +version = "1.0.83" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +dependencies = [ + "libc", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "js-sys" +version = "0.3.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" +dependencies = [ + "wasm-bindgen", +] + +[[package]] +name = "libc" +version = "0.2.148" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b" + +[[package]] +name = "libfuzzer-sys" +version = "0.1.0" +source = "git+https://github.com/rust-fuzz/libfuzzer-sys.git#35ce7d7177c254b9c798aec171dfe76877d1a20f" +dependencies = [ + "arbitrary", + "cc", +] + +[[package]] +name = "log" +version = "0.4.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" + +[[package]] +name = "once_cell" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" + +[[package]] +name = "proc-macro2" +version = "1.0.67" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d433d9f1a3e8c1263d9456598b16fec66f4acc9a74dacffd35c7bb09b3a1328" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "ring" +version = "0.16.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" +dependencies = [ + "cc", + "libc", + "once_cell", + "spin", + "untrusted", + "web-sys", + "winapi", +] + +[[package]] +name = "rustls" +version = "0.22.0-alpha.3" +dependencies = [ + "log", + "ring", + "rustls-pki-types", + "rustls-webpki 0.102.0-alpha.3", + "subtle", +] + +[[package]] +name = "rustls-fuzz" +version = "0.0.1" +dependencies = [ + "libfuzzer-sys", + "rustls", + "rustls-webpki 0.101.6", +] + +[[package]] +name = "rustls-pki-types" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a47003264dea418db67060fa420ad16d0d2f8f0a0360d825c00e177ac52cb5d8" + +[[package]] +name = "rustls-webpki" +version = "0.101.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe" +dependencies = [ + "ring", + "untrusted", +] + +[[package]] +name = "rustls-webpki" +version = "0.102.0-alpha.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77fecb40b15f8d5d22e08f89e0a0bfa2c17ddd5fc385700f96920bba2b99b680" +dependencies = [ + "ring", + "rustls-pki-types", + "untrusted", +] + +[[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + +[[package]] +name = "subtle" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" + +[[package]] +name = "syn" +version = "2.0.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7303ef2c05cd654186cb250d29049a24840ca25d2747c25c0381c8d9e2f582e8" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] +name = "untrusted" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" + +[[package]] +name = "wasm-bindgen" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" +dependencies = [ + "bumpalo", + "log", + "once_cell", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" + +[[package]] +name = "web-sys" +version = "0.3.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" From 78c8ff4d967bbf054bd7c96bfc80a484acd20f63 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 15 Sep 2023 13:39:56 +0200 Subject: [PATCH 0210/1145] Use Cargo.lock for CI builds --- .github/workflows/build.yml | 48 +++++++++++++++--------------- .github/workflows/daily-tests.yml | 16 +++++----- .github/workflows/icount-bench.yml | 6 ++-- admin/coverage | 4 +-- 4 files changed, 37 insertions(+), 37 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 67b4d6031b..0810e84afa 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -40,15 +40,15 @@ jobs: toolchain: ${{ matrix.rust }} - name: cargo build (debug; default features) - run: cargo build + run: cargo build --locked - name: cargo test (debug; all features) - run: cargo test --all-features + run: cargo test --locked --all-features env: RUST_BACKTRACE: 1 - name: cargo build (debug; rustls-provider-example) - run: cargo build -p rustls-provider-example + run: cargo build --locked -p rustls-provider-example msrv: name: MSRV @@ -63,7 +63,7 @@ jobs: with: toolchain: "1.60" - - run: cargo check --lib --all-features -p rustls + - run: cargo check --locked --lib --all-features -p rustls features: name: Features @@ -78,21 +78,21 @@ jobs: uses: dtolnay/rust-toolchain@stable - name: cargo build (debug; default features) - run: cargo build + run: cargo build --locked - name: cargo test (debug; default features) - run: cargo test + run: cargo test --locked env: RUST_BACKTRACE: 1 - name: cargo test (debug; no default features) - run: cargo test --no-default-features + run: cargo test --locked --no-default-features - name: cargo test (debug; no default features; tls12) - run: cargo test --no-default-features --features tls12 + run: cargo test --locked --no-default-features --features tls12 - name: cargo test (release; no run) - run: cargo test --release --no-run + run: cargo test --locked --release --no-run bogo: name: BoGo test suite @@ -152,10 +152,10 @@ jobs: uses: dtolnay/rust-toolchain@nightly - name: Smoke-test benchmark program - run: cargo run --release --example bench + run: cargo run --release --locked --example bench - name: Run micro-benchmarks - run: cargo bench + run: cargo bench --locked env: RUSTFLAGS: --cfg=bench @@ -172,13 +172,13 @@ jobs: uses: dtolnay/rust-toolchain@nightly - name: cargo doc (rustls; all features) - run: cargo doc --all-features --no-deps --document-private-items --package rustls + run: cargo doc --locked --all-features --no-deps --document-private-items --package rustls env: RUSTDOCFLAGS: -Dwarnings - name: Check README.md run: | - cargo build --all-features + cargo build --locked --all-features ./admin/pull-readme ./admin/pull-usage git diff --exit-code @@ -244,7 +244,7 @@ jobs: uses: dtolnay/rust-toolchain@stable - name: Install cross uses: taiki-e/install-action@cross - - run: cross build --target i686-unknown-linux-gnu + - run: cross build --locked --target i686-unknown-linux-gnu semver: name: Check semver compatibility @@ -289,11 +289,11 @@ jobs: uses: dtolnay/rust-toolchain@stable with: components: clippy - - run: cargo clippy --package rustls --all-features --all-targets -- --deny warnings - - run: cargo clippy --package rustls --no-default-features --all-targets -- --deny warnings - - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features --all-targets -- --deny warnings - - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features --all-targets -- --deny warnings - - run: cargo clippy --manifest-path=provider-example/Cargo.toml --all-features --all-targets -- --deny warnings + - run: cargo clippy --locked --package rustls --all-features --all-targets -- --deny warnings + - run: cargo clippy --locked --package rustls --no-default-features --all-targets -- --deny warnings + - run: cargo clippy --locked --manifest-path=connect-tests/Cargo.toml --all-features --all-targets -- --deny warnings + - run: cargo clippy --locked --manifest-path=fuzz/Cargo.toml --all-features --all-targets -- --deny warnings + - run: cargo clippy --locked --manifest-path=provider-example/Cargo.toml --all-features --all-targets -- --deny warnings clippy-nightly: name: Clippy (Nightly) @@ -307,8 +307,8 @@ jobs: uses: dtolnay/rust-toolchain@nightly with: components: clippy - - run: cargo clippy --package rustls --all-features --all-targets - - run: cargo clippy --package rustls --no-default-features --all-targets - - run: cargo clippy --manifest-path=connect-tests/Cargo.toml --all-features --all-targets - - run: cargo clippy --manifest-path=fuzz/Cargo.toml --all-features --all-targets - - run: cargo clippy --manifest-path=provider-example/Cargo.toml --all-features --all-targets + - run: cargo clippy --locked --package rustls --all-features --all-targets + - run: cargo clippy --locked --package rustls --no-default-features --all-targets + - run: cargo clippy --locked --manifest-path=connect-tests/Cargo.toml --all-features --all-targets + - run: cargo clippy --locked --manifest-path=fuzz/Cargo.toml --all-features --all-targets + - run: cargo clippy --locked --manifest-path=provider-example/Cargo.toml --all-features --all-targets diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index e7779a8f49..056011bdd7 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -40,10 +40,10 @@ jobs: toolchain: ${{ matrix.rust }} - name: Build main crate - run: cargo build + run: cargo build --locked - name: Run connect tests - run: cargo test --manifest-path=connect-tests/Cargo.toml + run: cargo test --locked --manifest-path=connect-tests/Cargo.toml env: RUST_BACKTRACE: 1 @@ -76,21 +76,21 @@ jobs: toolchain: ${{ matrix.rust }} - name: Check simple client - run: cargo run --bin simpleclient + run: cargo run --locked --bin simpleclient - name: Check limited client - run: cargo run --bin limitedclient + run: cargo run --locked --bin limitedclient - name: Check simple 0rtt client - run: cargo run --bin simple_0rtt_client + run: cargo run --locked --bin simple_0rtt_client # Test the server_acceptor binary builds - we invoke with --help since it # will run a server process that doesn't exit when invoked with no args - name: Check server acceptor - run: cargo run --bin server_acceptor -- --help + run: cargo run --locked --bin server_acceptor -- --help - name: Check provider-example client - run: cargo run -p rustls-provider-example --example client + run: cargo run --locked -p rustls-provider-example --example client feature-powerset: @@ -109,4 +109,4 @@ jobs: uses: taiki-e/install-action@cargo-hack - name: Check feature powerset - run: cargo hack check --feature-powerset --no-dev-deps + run: cargo hack check --locked --feature-powerset --no-dev-deps diff --git a/.github/workflows/icount-bench.yml b/.github/workflows/icount-bench.yml index be1c4caca5..569737a244 100644 --- a/.github/workflows/icount-bench.yml +++ b/.github/workflows/icount-bench.yml @@ -22,7 +22,7 @@ jobs: persist-credentials: false - name: Run icount benchmarks for ${{ github.base_ref }} - run: cd ci-bench && cargo run --release -- run-all --output-dir ${{ runner.temp }}/base + run: cd ci-bench && cargo run --locked --release -- run-all --output-dir ${{ runner.temp }}/base - name: Checkout PR uses: actions/checkout@v4 @@ -31,7 +31,7 @@ jobs: persist-credentials: false - name: Run icount benchmarks for PR - run: cd ci-bench && cargo run --release -- run-all --output-dir ${{ runner.temp }}/pr + run: cd ci-bench && cargo run --locked --release -- run-all --output-dir ${{ runner.temp }}/pr - name: Compare results - run: cd ci-bench && cargo run --release -- compare ${{ runner.temp }}/base ${{ runner.temp }}/pr > $GITHUB_STEP_SUMMARY + run: cd ci-bench && cargo run --locked --release -- compare ${{ runner.temp }}/base ${{ runner.temp }}/pr > $GITHUB_STEP_SUMMARY diff --git a/admin/coverage b/admin/coverage index 960ec5bae3..c4c0d852a2 100755 --- a/admin/coverage +++ b/admin/coverage @@ -5,6 +5,6 @@ set -e source <(cargo llvm-cov show-env --export-prefix) cargo llvm-cov clean --workspace -cargo build --all-targets --all-features -cargo test --all-features +cargo build --locked --all-targets --all-features +cargo test --locked --all-features cargo llvm-cov report "$@" From 2c0b2c142eacab2921debe754a48a639d8a11104 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Mon, 25 Sep 2023 09:44:36 +0200 Subject: [PATCH 0211/1145] Run CI bench for current branch before main --- .github/workflows/icount-bench.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/icount-bench.yml b/.github/workflows/icount-bench.yml index 569737a244..f98c76a31b 100644 --- a/.github/workflows/icount-bench.yml +++ b/.github/workflows/icount-bench.yml @@ -15,23 +15,23 @@ jobs: - name: Install stable toolchain uses: dtolnay/rust-toolchain@stable - - name: Checkout ${{ github.base_ref }} + - name: Checkout PR uses: actions/checkout@v4 with: - ref: ${{ github.base_ref }} persist-credentials: false - - name: Run icount benchmarks for ${{ github.base_ref }} - run: cd ci-bench && cargo run --locked --release -- run-all --output-dir ${{ runner.temp }}/base + - name: Run icount benchmarks for PR + run: cd ci-bench && cargo run --locked --release -- run-all --output-dir ${{ runner.temp }}/pr - - name: Checkout PR + - name: Checkout ${{ github.base_ref }} uses: actions/checkout@v4 with: clean: false + ref: ${{ github.base_ref }} persist-credentials: false - - name: Run icount benchmarks for PR - run: cd ci-bench && cargo run --locked --release -- run-all --output-dir ${{ runner.temp }}/pr + - name: Run icount benchmarks for ${{ github.base_ref }} + run: cd ci-bench && cargo run --locked --release -- run-all --output-dir ${{ runner.temp }}/base - name: Compare results run: cd ci-bench && cargo run --locked --release -- compare ${{ runner.temp }}/base ${{ runner.temp }}/pr > $GITHUB_STEP_SUMMARY From 3ab24727acc596f58b8a6691706f5295ce69ec3b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 20 Sep 2023 12:15:55 -0400 Subject: [PATCH 0212/1145] cipher: make extract_keys fallible The `ConnectionTrafficSecrets` enum has a fixed number of variants, describing supported AEAD algorithm secrets. Since it's now possible for a crate-external crypto provider to supply new AEAD algorithms we need to make the `extract_secrets` fn of the TLS 1.2 and TLS 1.3 AEAD algorithm traits fallible so that if an algorithm is provided that doesn't have a matching `ConnectionTrafficSecrets` variant, the algorithm can return an `UnsupportedOperationError` when `extract_secrets` is called. --- rustls/src/crypto/cipher.rs | 40 ++++++++++++++++++++++++++++++-- rustls/src/crypto/ring/tls12.rs | 22 ++++++++++++++---- rustls/src/crypto/ring/tls13.rs | 26 ++++++++++++++++----- rustls/src/tls12/mod.rs | 18 +++++++------- rustls/src/tls13/key_schedule.rs | 4 ++-- 5 files changed, 87 insertions(+), 23 deletions(-) diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index ddec008904..d2d6e1d00d 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -1,3 +1,6 @@ +use core::fmt; +use std::error::Error as StdError; + use crate::enums::{ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec; @@ -18,7 +21,14 @@ pub trait Tls13AeadAlgorithm: Send + Sync { #[cfg(feature = "secret_extraction")] /// Convert the key material from `key`/`iv`, into a `ConnectionTrafficSecrets` item. - fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets; + /// + /// May return [`UnsupportedOperationError`] if the AEAD algorithm is not a supported + /// variant of `ConnectionTrafficSecrets`. + fn extract_keys( + &self, + key: AeadKey, + iv: Iv, + ) -> Result; } /// Factory trait for building `MessageEncrypter` and `MessageDecrypter` for a TLS1.2 cipher suite. @@ -52,9 +62,35 @@ pub trait Tls12AeadAlgorithm: Send + Sync + 'static { /// The length of `iv` is set by [`KeyBlockShape::fixed_iv_len`]. /// /// The length of `extra` is set by [`KeyBlockShape::explicit_nonce_len`]. - fn extract_keys(&self, key: AeadKey, iv: &[u8], explicit: &[u8]) -> ConnectionTrafficSecrets; + /// + /// May return [`UnsupportedOperationError`] if the AEAD algorithm is not a supported + /// variant of `ConnectionTrafficSecrets`. + fn extract_keys( + &self, + key: AeadKey, + iv: &[u8], + explicit: &[u8], + ) -> Result; } +/// An error indicating that the AEAD algorithm does not support the requested operation. +#[derive(Debug, Eq, PartialEq, Clone, Copy)] +pub struct UnsupportedOperationError; + +impl From for Error { + fn from(value: UnsupportedOperationError) -> Self { + Self::General(value.to_string()) + } +} + +impl fmt::Display for UnsupportedOperationError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "operation not supported") + } +} + +impl StdError for UnsupportedOperationError {} + /// How a TLS1.2 `key_block` is partitioned. /// /// nb. ciphersuites with non-zero `mac_key_length` not currently supported diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 49b04d6981..0e770d46dd 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -1,3 +1,5 @@ +#[cfg(feature = "secret_extraction")] +use crate::crypto::cipher::UnsupportedOperationError; use crate::crypto::cipher::{ make_tls12_aad, AeadKey, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, Tls12AeadAlgorithm, @@ -163,8 +165,13 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { } #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: AeadKey, iv: &[u8], explicit: &[u8]) -> ConnectionTrafficSecrets { - match key.as_ref().len() { + fn extract_keys( + &self, + key: AeadKey, + iv: &[u8], + explicit: &[u8], + ) -> Result { + Ok(match key.as_ref().len() { 16 => { // nb. "fixed IV" becomes the GCM nonce "salt" let (key, salt, iv) = slices_to_arrays(key.as_ref(), iv, explicit); @@ -176,7 +183,7 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv } } _ => unreachable!(), - } + }) } } @@ -212,9 +219,14 @@ impl Tls12AeadAlgorithm for ChaCha20Poly1305 { } #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: AeadKey, iv: &[u8], _explicit: &[u8]) -> ConnectionTrafficSecrets { + fn extract_keys( + &self, + key: AeadKey, + iv: &[u8], + _explicit: &[u8], + ) -> Result { let (key, iv) = (slice_to_array(key.as_ref()), slice_to_array(iv)); - ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv } + Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) } } diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index df1c8872ff..cfab5d8e46 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -1,3 +1,5 @@ +#[cfg(feature = "secret_extraction")] +use crate::crypto::cipher::UnsupportedOperationError; use crate::crypto::cipher::{ make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, Tls13AeadAlgorithm, }; @@ -83,9 +85,13 @@ impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { } #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets { + fn extract_keys( + &self, + key: AeadKey, + iv: Iv, + ) -> Result { let (key, iv) = (slice_to_array(key.as_ref()), slice_to_array(&iv.0)); - ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv } + Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) } } @@ -105,9 +111,13 @@ impl Tls13AeadAlgorithm for Aes256GcmAead { } #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets { + fn extract_keys( + &self, + key: AeadKey, + iv: Iv, + ) -> Result { let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv.0[..4], &iv.0[4..]); - ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv } + Ok(ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv }) } } @@ -127,9 +137,13 @@ impl Tls13AeadAlgorithm for Aes128GcmAead { } #[cfg(feature = "secret_extraction")] - fn extract_keys(&self, key: AeadKey, iv: Iv) -> ConnectionTrafficSecrets { + fn extract_keys( + &self, + key: AeadKey, + iv: Iv, + ) -> Result { let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv.0[..4], &iv.0[4..]); - ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv } + Ok(ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv }) } } diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 561a54b43a..2e64a0bc75 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -256,14 +256,16 @@ impl ConnectionSecrets { let (client_iv, key_block) = key_block.split_at(shape.fixed_iv_len); let (server_iv, explicit_nonce) = key_block.split_at(shape.fixed_iv_len); - let client_secrets = - self.suite - .aead_alg - .extract_keys(AeadKey::new(client_key), client_iv, explicit_nonce); - let server_secrets = - self.suite - .aead_alg - .extract_keys(AeadKey::new(server_key), server_iv, explicit_nonce); + let client_secrets = self.suite.aead_alg.extract_keys( + AeadKey::new(client_key), + client_iv, + explicit_nonce, + )?; + let server_secrets = self.suite.aead_alg.extract_keys( + AeadKey::new(server_key), + server_iv, + explicit_nonce, + )?; let (tx, rx) = match side { Side::Client => (client_secrets, server_secrets), diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 10ff950c16..d2cd7148c8 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -531,12 +531,12 @@ impl KeyScheduleTraffic { .ks .suite .aead_alg - .extract_keys(client_key, client_iv); + .extract_keys(client_key, client_iv)?; let server_secrets = self .ks .suite .aead_alg - .extract_keys(server_key, server_iv); + .extract_keys(server_key, server_iv)?; let (tx, rx) = match side { Side::Client => (client_secrets, server_secrets), From fdcaed4145d92168abcbc4f9847b0afe50f39d32 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 20 Sep 2023 12:52:32 -0400 Subject: [PATCH 0213/1145] cipher: impl `AsRef<[u8]>` for `Iv` The TLS1.3 `Tls13AeadAlgorithm` trait passes an `Iv` instance to `extract_secrets`. In order for a crate-external crypto provider to offer an instance of this trait there needs to be a way to access the `Iv`'s underlying `&[u8]` value. The crate-internal implementations of `Tls13AeadAlgorithm` do this by accessing `Iv.0`, but this field is `pub(crate)`. This commit implements `AsRef<[u8]>` for `Iv` for this purpose, and switches the existing `Iv.0` accesses to use it too. This allows removing the `pub(crate)` access to the underlying array after also exporting the cipher `NONCE_LEN` and exposing `Iv::new` for construction from the correct size nonce array. --- rustls/src/crypto/cipher.rs | 13 ++++++++++--- rustls/src/crypto/ring/tls12.rs | 9 +++++---- rustls/src/crypto/ring/tls13.rs | 8 +++++--- rustls/src/tls13/key_schedule.rs | 2 +- 4 files changed, 21 insertions(+), 11 deletions(-) diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index d2d6e1d00d..7262f796bf 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -147,11 +147,12 @@ impl dyn MessageDecrypter { /// A write or read IV. #[derive(Default)] -pub struct Iv(pub(crate) [u8; NONCE_LEN]); +pub struct Iv([u8; NONCE_LEN]); impl Iv { + /// Create a new `Iv` from a byte array, of precisely `NONCE_LEN` bytes. #[cfg(feature = "tls12")] - fn new(value: [u8; NONCE_LEN]) -> Self { + pub fn new(value: [u8; NONCE_LEN]) -> Self { Self(value) } @@ -171,6 +172,12 @@ impl From<[u8; NONCE_LEN]> for Iv { } } +impl AsRef<[u8]> for Iv { + fn as_ref(&self) -> &[u8] { + self.0.as_ref() + } +} + /// A nonce. This is unique for all messages on a connection. pub struct Nonce(pub [u8; NONCE_LEN]); @@ -197,7 +204,7 @@ impl Nonce { /// Size of TLS nonces (incorrectly termed "IV" in standard) for all supported ciphersuites /// (AES-GCM, Chacha20Poly1305) -const NONCE_LEN: usize = 12; +pub const NONCE_LEN: usize = 12; /// Returns a TLS1.3 `additional_data` encoding. /// diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 0e770d46dd..5c4404f0c2 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -2,7 +2,7 @@ use crate::crypto::cipher::UnsupportedOperationError; use crate::crypto::cipher::{ make_tls12_aad, AeadKey, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, - Tls12AeadAlgorithm, + Tls12AeadAlgorithm, NONCE_LEN, }; use crate::crypto::KeyExchangeAlgorithm; use crate::enums::{CipherSuite, SignatureScheme}; @@ -149,9 +149,10 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { // We use the same construction as TLS1.3/ChaCha20Poly1305: // a starting point extracted from the key block, xored with // the sequence number. - let mut iv = Iv(Default::default()); - iv.0[..4].copy_from_slice(write_iv); - iv.0[4..].copy_from_slice(explicit); + let mut iv = [0; NONCE_LEN]; + iv[..4].copy_from_slice(write_iv); + iv[4..].copy_from_slice(explicit); + let iv = Iv::new(iv); Box::new(GcmMessageEncrypter { enc_key, iv }) } diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index cfab5d8e46..d4eb1385d7 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -90,7 +90,7 @@ impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { key: AeadKey, iv: Iv, ) -> Result { - let (key, iv) = (slice_to_array(key.as_ref()), slice_to_array(&iv.0)); + let (key, iv) = (slice_to_array(key.as_ref()), slice_to_array(iv.as_ref())); Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) } } @@ -116,7 +116,8 @@ impl Tls13AeadAlgorithm for Aes256GcmAead { key: AeadKey, iv: Iv, ) -> Result { - let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv.0[..4], &iv.0[4..]); + let iv = iv.as_ref(); + let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv[..4], &iv[4..]); Ok(ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv }) } } @@ -142,7 +143,8 @@ impl Tls13AeadAlgorithm for Aes128GcmAead { key: AeadKey, iv: Iv, ) -> Result { - let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv.0[..4], &iv.0[4..]); + let iv = iv.as_ref(); + let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv[..4], &iv[4..]); Ok(ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv }) } } diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index d2cd7148c8..2599cc8c90 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -948,7 +948,7 @@ mod tests { assert!(seal_output.len() >= 48); // Sanity check. let iv = derive_traffic_iv(&expander); - assert_eq!(&iv.0, expected_iv); + assert_eq!(iv.as_ref(), expected_iv); } fn seal_zeroes(key: aead::UnboundKey) -> Vec { From 79fd1f7639fca830bcae7dd4730b986324dfbed9 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 20 Sep 2023 12:59:42 -0400 Subject: [PATCH 0214/1145] suites: lift slice_to_array(s) helpers The *ring* TLS 1.2 and TLS 1.3 AEAD algorithm implementations all shared the same `slice_to_array` and `slices_to_arrays` helpers used to carve up IV values for `extract_keys`. This commit lifts these helpers to be associated with the `ConnectionTrafficSecrets` type in the `suites` mod. This reduces duplication, allowing all usages to share the same implementation. --- rustls/src/crypto/ring/tls12.rs | 28 ++++++++-------------------- rustls/src/crypto/ring/tls13.rs | 28 ++++++++-------------------- rustls/src/suites.rs | 26 ++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 40 deletions(-) diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 5c4404f0c2..bf667d56ad 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -175,12 +175,14 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { Ok(match key.as_ref().len() { 16 => { // nb. "fixed IV" becomes the GCM nonce "salt" - let (key, salt, iv) = slices_to_arrays(key.as_ref(), iv, explicit); + let (key, salt, iv) = + ConnectionTrafficSecrets::slices_to_arrays(key.as_ref(), iv, explicit); ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv } } 32 => { // nb. "fixed IV" becomes the GCM nonce "salt" - let (key, salt, iv) = slices_to_arrays(key.as_ref(), iv, explicit); + let (key, salt, iv) = + ConnectionTrafficSecrets::slices_to_arrays(key.as_ref(), iv, explicit); ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv } } _ => unreachable!(), @@ -226,7 +228,10 @@ impl Tls12AeadAlgorithm for ChaCha20Poly1305 { iv: &[u8], _explicit: &[u8], ) -> Result { - let (key, iv) = (slice_to_array(key.as_ref()), slice_to_array(iv)); + let (key, iv) = ( + ConnectionTrafficSecrets::slice_to_array(key.as_ref()), + ConnectionTrafficSecrets::slice_to_array(iv), + ); Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) } } @@ -368,20 +373,3 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { Ok(OpaqueMessage::new(msg.typ, msg.version, buf)) } } - -#[cfg(feature = "secret_extraction")] -fn slices_to_arrays( - k: &[u8], - s: &[u8], - i: &[u8], -) -> ([u8; NK], [u8; NS], [u8; NI]) { - (slice_to_array(k), slice_to_array(s), slice_to_array(i)) -} - -#[cfg(feature = "secret_extraction")] -fn slice_to_array(slice: &[u8]) -> [u8; N] { - // this is guaranteed true because `ConnectionTrafficSecrets` items and - // `key_block_shape()` are in agreement. - debug_assert_eq!(N, slice.len()); - slice.try_into().unwrap() -} diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index d4eb1385d7..44d475b3c9 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -90,7 +90,10 @@ impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { key: AeadKey, iv: Iv, ) -> Result { - let (key, iv) = (slice_to_array(key.as_ref()), slice_to_array(iv.as_ref())); + let (key, iv) = ( + ConnectionTrafficSecrets::slice_to_array(key.as_ref()), + ConnectionTrafficSecrets::slice_to_array(iv.as_ref()), + ); Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) } } @@ -117,7 +120,8 @@ impl Tls13AeadAlgorithm for Aes256GcmAead { iv: Iv, ) -> Result { let iv = iv.as_ref(); - let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv[..4], &iv[4..]); + let (key, salt, iv) = + ConnectionTrafficSecrets::slices_to_arrays(key.as_ref(), &iv[..4], &iv[4..]); Ok(ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv }) } } @@ -144,7 +148,8 @@ impl Tls13AeadAlgorithm for Aes128GcmAead { iv: Iv, ) -> Result { let iv = iv.as_ref(); - let (key, salt, iv) = slices_to_arrays(key.as_ref(), &iv[..4], &iv[4..]); + let (key, salt, iv) = + ConnectionTrafficSecrets::slices_to_arrays(key.as_ref(), &iv[..4], &iv[4..]); Ok(ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv }) } } @@ -224,20 +229,3 @@ impl MessageDecrypter for Tls13MessageDecrypter { msg.into_tls13_unpadded_message() } } - -#[cfg(feature = "secret_extraction")] -fn slices_to_arrays( - k: &[u8], - s: &[u8], - i: &[u8], -) -> ([u8; NK], [u8; NS], [u8; NI]) { - (slice_to_array(k), slice_to_array(s), slice_to_array(i)) -} - -#[cfg(feature = "secret_extraction")] -fn slice_to_array(slice: &[u8]) -> [u8; N] { - // this is guaranteed true because `ConnectionTrafficSecrets` items and - // `key_len()` are in agreement. - debug_assert_eq!(N, slice.len()); - slice.try_into().unwrap() -} diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index c090cf81be..a20597687e 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -216,6 +216,32 @@ pub enum ConnectionTrafficSecrets { }, } +#[cfg(feature = "secret_extraction")] +impl ConnectionTrafficSecrets { + /// Convert three slices to three fixed sized arrays, panicking if any slice is not the correct + /// constant size length. + pub fn slices_to_arrays( + k: &[u8], + s: &[u8], + i: &[u8], + ) -> ([u8; NK], [u8; NS], [u8; NI]) { + ( + Self::slice_to_array(k), + Self::slice_to_array(s), + Self::slice_to_array(i), + ) + } + + /// Convert a slice to a fixed sized array, panicking if the slice is not the correct + /// constant size length. + pub fn slice_to_array(slice: &[u8]) -> [u8; N] { + // this is guaranteed true because `ConnectionTrafficSecrets` items and + // call-site `TlsXXAeadAlgorithm` impl `key_len()`s are in agreement. + debug_assert_eq!(N, slice.len()); + slice.try_into().unwrap() + } +} + #[cfg(all(test, feature = "ring"))] mod tests { use super::crypto::ring::tls13::*; From 21a7df570036e97e3ad2d01b88e022c0865b35b1 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 20 Sep 2023 13:22:50 -0400 Subject: [PATCH 0215/1145] proj: remove secret_extraction feature In an effort to reduce our feature list, this commit replaces the `secret_extraction` feature flag with functions that are always present, but named `dangerous_extract_secrets` to emphasize potential danger. Cargo features are additive, which means transitive dependencies could enable them for you without explicit opt-in. Using obviously named functions will maintain the property that it's easy to grep for imports, but avoids feature flag bloat and the additive downsides. --- provider-example/src/aead.rs | 29 ++++++++++++++++++++++++-- rustls/Cargo.toml | 1 - rustls/src/client/builder.rs | 1 - rustls/src/client/client_conn.rs | 23 ++++++++------------- rustls/src/client/tls12.rs | 5 +---- rustls/src/client/tls13.rs | 6 +----- rustls/src/common_state.rs | 4 ---- rustls/src/conn.rs | 23 ++++++++++----------- rustls/src/crypto/cipher.rs | 3 --- rustls/src/crypto/ring/tls12.rs | 10 ++------- rustls/src/crypto/ring/tls13.rs | 10 ++------- rustls/src/lib.rs | 4 +--- rustls/src/record_layer.rs | 2 -- rustls/src/server/builder.rs | 1 - rustls/src/server/server_conn.rs | 27 +++++++----------------- rustls/src/server/tls12.rs | 2 -- rustls/src/server/tls13.rs | 6 +----- rustls/src/suites.rs | 4 ---- rustls/src/tls12/mod.rs | 5 +---- rustls/src/tls13/key_schedule.rs | 2 -- rustls/tests/api.rs | 35 ++++++++++++++++++++++++-------- 21 files changed, 88 insertions(+), 115 deletions(-) diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index 5cdd8ee0de..0515cbbc63 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -1,6 +1,6 @@ use chacha20poly1305::{AeadInPlace, KeyInit, KeySizeUser}; -use rustls::crypto::cipher; -use rustls::{ContentType, ProtocolVersion}; +use rustls::crypto::cipher::{self, AeadKey, Iv, UnsupportedOperationError}; +use rustls::{ConnectionTrafficSecrets, ContentType, ProtocolVersion}; pub struct Chacha20Poly1305; @@ -22,6 +22,18 @@ impl cipher::Tls13AeadAlgorithm for Chacha20Poly1305 { fn key_len(&self) -> usize { chacha20poly1305::ChaCha20Poly1305::key_size() } + + fn extract_keys( + &self, + key: AeadKey, + iv: Iv, + ) -> Result { + let (key, iv) = ( + ConnectionTrafficSecrets::slice_to_array(key.as_ref()), + ConnectionTrafficSecrets::slice_to_array(iv.as_ref()), + ); + Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) + } } impl cipher::Tls12AeadAlgorithm for Chacha20Poly1305 { @@ -51,6 +63,19 @@ impl cipher::Tls12AeadAlgorithm for Chacha20Poly1305 { explicit_nonce_len: 0, } } + + fn extract_keys( + &self, + key: AeadKey, + iv: &[u8], + _explicit: &[u8], + ) -> Result { + let (key, iv) = ( + ConnectionTrafficSecrets::slice_to_array(key.as_ref()), + ConnectionTrafficSecrets::slice_to_array(iv), + ); + Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) + } } struct Tls13Cipher(chacha20poly1305::ChaCha20Poly1305, cipher::Iv); diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index cd76c02299..4b1890625b 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -26,7 +26,6 @@ pki-types = { package = "rustls-pki-types", version = "0.2.1", features = ["std" default = ["logging", "ring", "tls12"] logging = ["log"] ring = ["dep:ring", "webpki/ring"] -secret_extraction = [] quic = [] tls12 = [] read_buf = ["rustversion"] diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 7d87470725..8f3a18db07 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -148,7 +148,6 @@ impl ConfigBuilder { enable_sni: true, verifier: self.state.verifier, key_log: Arc::new(NoKeyLog {}), - #[cfg(feature = "secret_extraction")] enable_secret_extraction: false, enable_early_data: false, } diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index d0a951d8cd..b9a681fbfd 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -11,11 +11,9 @@ use crate::msgs::enums::NamedGroup; use crate::msgs::handshake::ClientExtension; use crate::msgs::persist; use crate::sign; -use crate::suites::SupportedCipherSuite; +use crate::suites::{ExtractedSecrets, SupportedCipherSuite}; use crate::verify; use crate::versions; -#[cfg(feature = "secret_extraction")] -use crate::ExtractedSecrets; use crate::KeyLog; use super::handy::{ClientSessionMemoryCache, NoClientSessionStorage}; @@ -181,7 +179,6 @@ pub struct ClientConfig { /// Allows traffic secrets to be extracted after the handshake, /// e.g. for kTLS setup. - #[cfg(feature = "secret_extraction")] pub enable_secret_extraction: bool, /// Whether to send data on the first flight ("early data") in @@ -221,7 +218,6 @@ impl Clone for ClientConfig { enable_sni: self.enable_sni, verifier: Arc::clone(&self.verifier), key_log: Arc::clone(&self.key_log), - #[cfg(feature = "secret_extraction")] enable_secret_extraction: self.enable_secret_extraction, enable_early_data: self.enable_early_data, } @@ -635,6 +631,12 @@ impl ClientConnection { self.inner.core.is_early_data_accepted() } + /// Extract secrets, so they can be used when configuring kTLS, for example. + /// Should be used with care as it exposes secret key material. + pub fn dangerous_extract_secrets(self) -> Result { + self.inner.dangerous_extract_secrets() + } + fn write_early_data(&mut self, data: &[u8]) -> io::Result { self.inner .core @@ -646,12 +648,6 @@ impl ClientConnection { .send_early_plaintext(&data[..sz]) }) } - - /// Extract secrets, so they can be used when configuring kTLS, for example. - #[cfg(feature = "secret_extraction")] - pub fn extract_secrets(self) -> Result { - self.inner.extract_secrets() - } } impl Deref for ClientConnection { @@ -697,10 +693,7 @@ impl ConnectionCore { let mut common_state = CommonState::new(Side::Client); common_state.set_max_fragment_size(config.max_fragment_size)?; common_state.protocol = proto; - #[cfg(feature = "secret_extraction")] - { - common_state.enable_secret_extraction = config.enable_secret_extraction; - } + common_state.enable_secret_extraction = config.enable_secret_extraction; let mut data = ClientConnectionData::new(); let mut cx = hs::ClientContext { diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 9ce01f6533..7c3dac9f90 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -17,9 +17,7 @@ use crate::msgs::handshake::{ use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; use crate::sign::Signer; -#[cfg(feature = "secret_extraction")] -use crate::suites::PartiallyExtractedSecrets; -use crate::suites::SupportedCipherSuite; +use crate::suites::{PartiallyExtractedSecrets, SupportedCipherSuite}; use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite}; use crate::verify::{self, DigitallySignedStruct}; @@ -1075,7 +1073,6 @@ impl State for ExpectTraffic { Ok(()) } - #[cfg(feature = "secret_extraction")] fn extract_secrets(&self) -> Result { self.secrets .extract_secrets(Side::Client) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 5526bd5285..9e93fced93 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -1,9 +1,7 @@ use crate::check::inappropriate_handshake_message; #[cfg(feature = "quic")] use crate::common_state::Protocol; -#[cfg(feature = "secret_extraction")] -use crate::common_state::Side; -use crate::common_state::{CommonState, State}; +use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; use crate::crypto; use crate::crypto::ActiveKeyExchange; @@ -27,7 +25,6 @@ use crate::msgs::handshake::{PresharedKeyIdentity, PresharedKeyOffer}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; use crate::sign::{CertifiedKey, Signer}; -#[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; use crate::tls13::construct_client_verify_message; use crate::tls13::construct_server_verify_message; @@ -1062,7 +1059,6 @@ impl State for ExpectTraffic { .export_keying_material(output, label, context) } - #[cfg(feature = "secret_extraction")] fn extract_secrets(&self) -> Result { self.key_schedule .extract_secrets(Side::Client) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 0aff51745b..a50933650d 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -12,7 +12,6 @@ use crate::msgs::message::{BorrowedPlainMessage, Message, OpaqueMessage, PlainMe #[cfg(feature = "quic")] use crate::quic; use crate::record_layer; -#[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; use crate::suites::SupportedCipherSuite; #[cfg(feature = "tls12")] @@ -49,7 +48,6 @@ pub struct CommonState { pub(crate) protocol: Protocol, #[cfg(feature = "quic")] pub(crate) quic: quic::Quic, - #[cfg(feature = "secret_extraction")] pub(crate) enable_secret_extraction: bool, } @@ -79,7 +77,6 @@ impl CommonState { protocol: Protocol::Tcp, #[cfg(feature = "quic")] quic: quic::Quic::default(), - #[cfg(feature = "secret_extraction")] enable_secret_extraction: false, } } @@ -639,7 +636,6 @@ pub(crate) trait State: Send + Sync { Err(Error::HandshakeNotComplete) } - #[cfg(feature = "secret_extraction")] fn extract_secrets(&self) -> Result { Err(Error::HandshakeNotComplete) } diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index b1f26d9ef4..293f3ab61b 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -6,7 +6,6 @@ use crate::log::trace; use crate::msgs::deframer::{Deframed, MessageDeframer}; use crate::msgs::handshake::Random; use crate::msgs::message::{Message, MessagePayload, PlainMessage}; -#[cfg(feature = "secret_extraction")] use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; use crate::vecbuf::ChunkVecBuffer; @@ -83,15 +82,6 @@ impl Connection { } } - /// Extract secrets, to set up kTLS for example - #[cfg(feature = "secret_extraction")] - pub fn extract_secrets(self) -> Result { - match self { - Self::Client(conn) => conn.extract_secrets(), - Self::Server(conn) => conn.extract_secrets(), - } - } - /// This function uses `io` to complete any outstanding IO for this connection. /// /// See [`ConnectionCommon::complete_io()`] for more information. @@ -105,6 +95,15 @@ impl Connection { Self::Server(conn) => conn.complete_io(io), } } + + /// Extract secrets, so they can be used when configuring kTLS, for example. + /// Should be used with care as it exposes secret key material. + pub fn dangerous_extract_secrets(self) -> Result { + match self { + Self::Client(client) => client.dangerous_extract_secrets(), + Self::Server(server) => server.dangerous_extract_secrets(), + } + } } impl Deref for Connection { @@ -549,8 +548,8 @@ impl ConnectionCommon { } /// Extract secrets, so they can be used when configuring kTLS, for example. - #[cfg(feature = "secret_extraction")] - pub fn extract_secrets(self) -> Result { + /// Should be used with care as it exposes secret key material. + pub fn dangerous_extract_secrets(self) -> Result { if !self.enable_secret_extraction { return Err(Error::General("Secret extraction is disabled".into())); } diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 7262f796bf..3c4ab9212f 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -5,7 +5,6 @@ use crate::enums::{ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec; pub use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; -#[cfg(feature = "secret_extraction")] use crate::suites::ConnectionTrafficSecrets; /// Factory trait for building `MessageEncrypter` and `MessageDecrypter` for a TLS1.3 cipher suite. @@ -19,7 +18,6 @@ pub trait Tls13AeadAlgorithm: Send + Sync { /// The length of key in bytes required by `encrypter()` and `decrypter()`. fn key_len(&self) -> usize; - #[cfg(feature = "secret_extraction")] /// Convert the key material from `key`/`iv`, into a `ConnectionTrafficSecrets` item. /// /// May return [`UnsupportedOperationError`] if the AEAD algorithm is not a supported @@ -54,7 +52,6 @@ pub trait Tls12AeadAlgorithm: Send + Sync + 'static { /// is split up prior to calling `encrypter()`, `decrypter()` and/or `extract_keys()`. fn key_block_shape(&self) -> KeyBlockShape; - #[cfg(feature = "secret_extraction")] /// Convert the key material from `key`/`iv`, into a `ConnectionTrafficSecrets` item. /// /// The length of `key` is set by [`KeyBlockShape::enc_key_len`]. diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index bf667d56ad..859d1ff6a8 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -1,17 +1,13 @@ -#[cfg(feature = "secret_extraction")] -use crate::crypto::cipher::UnsupportedOperationError; use crate::crypto::cipher::{ make_tls12_aad, AeadKey, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, - Tls12AeadAlgorithm, NONCE_LEN, + Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, }; use crate::crypto::KeyExchangeAlgorithm; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; -#[cfg(feature = "secret_extraction")] -use crate::suites::ConnectionTrafficSecrets; -use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; +use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; use ring::aead; @@ -165,7 +161,6 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { } } - #[cfg(feature = "secret_extraction")] fn extract_keys( &self, key: AeadKey, @@ -221,7 +216,6 @@ impl Tls12AeadAlgorithm for ChaCha20Poly1305 { } } - #[cfg(feature = "secret_extraction")] fn extract_keys( &self, key: AeadKey, diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 44d475b3c9..2a77b0f1dd 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -1,15 +1,12 @@ -#[cfg(feature = "secret_extraction")] -use crate::crypto::cipher::UnsupportedOperationError; use crate::crypto::cipher::{ make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, Tls13AeadAlgorithm, + UnsupportedOperationError, }; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec::Codec; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; -#[cfg(feature = "secret_extraction")] -use crate::suites::ConnectionTrafficSecrets; -use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; +use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; use ring::aead; @@ -84,7 +81,6 @@ impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { self.0.key_len() } - #[cfg(feature = "secret_extraction")] fn extract_keys( &self, key: AeadKey, @@ -113,7 +109,6 @@ impl Tls13AeadAlgorithm for Aes256GcmAead { self.0.key_len() } - #[cfg(feature = "secret_extraction")] fn extract_keys( &self, key: AeadKey, @@ -141,7 +136,6 @@ impl Tls13AeadAlgorithm for Aes128GcmAead { self.0.key_len() } - #[cfg(feature = "secret_extraction")] fn extract_keys( &self, key: AeadKey, diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 4301b4c349..59ed2af10e 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -384,9 +384,7 @@ pub use crate::key_log_file::KeyLogFile; pub use crate::msgs::enums::NamedGroup; pub use crate::msgs::handshake::DistinguishedName; pub use crate::stream::{Stream, StreamOwned}; -pub use crate::suites::SupportedCipherSuite; -#[cfg(feature = "secret_extraction")] -pub use crate::suites::{ConnectionTrafficSecrets, ExtractedSecrets}; +pub use crate::suites::{ConnectionTrafficSecrets, ExtractedSecrets, SupportedCipherSuite}; pub use crate::ticketer::TicketSwitcher; #[cfg(feature = "tls12")] pub use crate::tls12::Tls12CipherSuite; diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index 839f6774ab..f23eae33a2 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -198,12 +198,10 @@ impl RecordLayer { self.has_decrypted } - #[cfg(feature = "secret_extraction")] pub(crate) fn write_seq(&self) -> u64 { self.write_seq } - #[cfg(feature = "secret_extraction")] pub(crate) fn read_seq(&self) -> u64 { self.read_seq } diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index ec2b6d23c7..72b3bd0c5a 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -111,7 +111,6 @@ impl ConfigBuilder { alpn_protocols: Vec::new(), versions: self.state.versions, key_log: Arc::new(NoKeyLog {}), - #[cfg(feature = "secret_extraction")] enable_secret_extraction: false, max_early_data_size: 0, send_half_rtt_data: false, diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index cc2ab3b7b5..95260e6808 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -11,11 +11,9 @@ use crate::msgs::base::Payload; use crate::msgs::handshake::{ClientHelloPayload, ProtocolName, ServerExtension}; use crate::msgs::message::Message; use crate::sign; -use crate::suites::SupportedCipherSuite; +use crate::suites::{ExtractedSecrets, SupportedCipherSuite}; use crate::vecbuf::ChunkVecBuffer; use crate::verify; -#[cfg(feature = "secret_extraction")] -use crate::ExtractedSecrets; use crate::KeyLog; use super::hs; @@ -266,7 +264,6 @@ pub struct ServerConfig { /// Allows traffic secrets to be extracted after the handshake, /// e.g. for kTLS setup. - #[cfg(feature = "secret_extraction")] pub enable_secret_extraction: bool, /// Amount of early data to accept for sessions created by @@ -332,7 +329,6 @@ impl Clone for ServerConfig { versions: self.versions, verifier: Arc::clone(&self.verifier), key_log: Arc::clone(&self.key_log), - #[cfg(feature = "secret_extraction")] enable_secret_extraction: self.enable_secret_extraction, max_early_data_size: self.max_early_data_size, send_half_rtt_data: self.send_half_rtt_data, @@ -429,10 +425,7 @@ impl ServerConnection { pub fn new(config: Arc) -> Result { let mut common = CommonState::new(Side::Server); common.set_max_fragment_size(config.max_fragment_size)?; - #[cfg(feature = "secret_extraction")] - { - common.enable_secret_extraction = config.enable_secret_extraction; - } + common.enable_secret_extraction = config.enable_secret_extraction; Ok(Self { inner: ConnectionCommon::from(ConnectionCore::for_server(config, Vec::new())?), }) @@ -513,9 +506,9 @@ impl ServerConnection { } /// Extract secrets, so they can be used when configuring kTLS, for example. - #[cfg(feature = "secret_extraction")] - pub fn extract_secrets(self) -> Result { - self.inner.extract_secrets() + /// Should be used with care as it exposes secret key material. + pub fn dangerous_extract_secrets(self) -> Result { + self.inner.dangerous_extract_secrets() } } @@ -695,10 +688,7 @@ impl Accepted { self.connection .set_max_fragment_size(config.max_fragment_size)?; - #[cfg(feature = "secret_extraction")] - { - self.connection.enable_secret_extraction = config.enable_secret_extraction; - } + self.connection.enable_secret_extraction = config.enable_secret_extraction; let state = hs::ExpectClientHello::new(config, Vec::new()); let mut cx = hs::ServerContext::from(&mut self.connection); @@ -803,10 +793,7 @@ impl ConnectionCore { ) -> Result { let mut common = CommonState::new(Side::Server); common.set_max_fragment_size(config.max_fragment_size)?; - #[cfg(feature = "secret_extraction")] - { - common.enable_secret_extraction = config.enable_secret_extraction; - } + common.enable_secret_extraction = config.enable_secret_extraction; Ok(Self::new( Box::new(hs::ExpectClientHello::new(config, extra_exts)), ServerConnectionData::default(), diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 31b6b57bfb..704415fbc7 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -15,7 +15,6 @@ use crate::msgs::handshake::{ClientECDHParams, HandshakeMessagePayload, Handshak use crate::msgs::handshake::{NewSessionTicketPayload, SessionId}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; -#[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite}; use crate::verify; @@ -943,7 +942,6 @@ impl State for ExpectTraffic { Ok(()) } - #[cfg(feature = "secret_extraction")] fn extract_secrets(&self) -> Result { self.secrets .extract_secrets(Side::Server) diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 0f69f3d9a7..1c25872586 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -3,9 +3,7 @@ use crate::check::inappropriate_handshake_message; use crate::check::inappropriate_message; #[cfg(feature = "quic")] use crate::common_state::Protocol; -#[cfg(feature = "secret_extraction")] -use crate::common_state::Side; -use crate::common_state::{CommonState, State}; +use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; @@ -22,7 +20,6 @@ use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; use crate::rand; use crate::server::ServerConfig; -#[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; use crate::tls13::construct_client_verify_message; use crate::tls13::construct_server_verify_message; @@ -1281,7 +1278,6 @@ impl State for ExpectTraffic { .export_keying_material(output, label, context) } - #[cfg(feature = "secret_extraction")] fn extract_secrets(&self) -> Result { self.key_schedule .extract_secrets(Side::Server) diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index a20597687e..6915ecf5a9 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -160,7 +160,6 @@ pub(crate) fn compatible_sigscheme_for_suites( /// After performing a handshake with rustls, these secrets can be extracted /// to configure kTLS for a socket, and have the kernel take over encryption /// and/or decryption. -#[cfg(feature = "secret_extraction")] pub struct ExtractedSecrets { /// sequence number and secrets for the "tx" (transmit) direction pub tx: (u64, ConnectionTrafficSecrets), @@ -170,7 +169,6 @@ pub struct ExtractedSecrets { } /// [ExtractedSecrets] minus the sequence numbers -#[cfg(feature = "secret_extraction")] pub(crate) struct PartiallyExtractedSecrets { /// secrets for the "tx" (transmit) direction pub(crate) tx: ConnectionTrafficSecrets, @@ -184,7 +182,6 @@ pub(crate) struct PartiallyExtractedSecrets { /// These can be used to configure kTLS for a socket in one direction. /// The only other piece of information needed is the sequence number, /// which is in [ExtractedSecrets]. -#[cfg(feature = "secret_extraction")] #[non_exhaustive] pub enum ConnectionTrafficSecrets { /// Secrets for the AES_128_GCM AEAD algorithm @@ -216,7 +213,6 @@ pub enum ConnectionTrafficSecrets { }, } -#[cfg(feature = "secret_extraction")] impl ConnectionTrafficSecrets { /// Convert three slices to three fixed sized arrays, panicking if any slice is not the correct /// constant size length. diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 2e64a0bc75..a5c11b2bdb 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -7,9 +7,7 @@ use crate::enums::{AlertDescription, SignatureScheme}; use crate::error::{Error, InvalidMessage}; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::KeyExchangeAlgorithm; -#[cfg(feature = "secret_extraction")] -use crate::suites::PartiallyExtractedSecrets; -use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; +use crate::suites::{CipherSuiteCommon, PartiallyExtractedSecrets, SupportedCipherSuite}; use core::fmt; @@ -245,7 +243,6 @@ impl ConnectionSecrets { ); } - #[cfg(feature = "secret_extraction")] pub(crate) fn extract_secrets(&self, side: Side) -> Result { // Make a key block, and chop it up let key_block = self.make_key_block(); diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 2599cc8c90..f8b096d1da 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -5,7 +5,6 @@ use crate::error::Error; use crate::hkdf; #[cfg(feature = "quic")] use crate::quic; -#[cfg(feature = "secret_extraction")] use crate::suites::PartiallyExtractedSecrets; use crate::{KeyLog, Tls13CipherSuite}; @@ -502,7 +501,6 @@ impl KeyScheduleTraffic { .export_keying_material(&self.current_exporter_secret, out, label, context) } - #[cfg(feature = "secret_extraction")] pub(crate) fn extract_secrets(&self, side: Side) -> Result { fn expand( secret: &hkdf::OkmBlock, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 0a6400aafd..9f9803c46a 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -18,7 +18,6 @@ use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; use rustls::internal::msgs::message::PlainMessage; use rustls::server::{ClientHello, ResolvesServerCert, WebPkiClientVerifier}; -#[cfg(feature = "secret_extraction")] use rustls::ConnectionTrafficSecrets; use rustls::SupportedCipherSuite; use rustls::{ @@ -4791,7 +4790,7 @@ fn test_no_warning_logging_during_successful_sessions() { } /// Test that secrets can be extracted and used for encryption/decryption. -#[cfg(all(feature = "secret_extraction", feature = "tls12"))] +#[cfg(feature = "tls12")] #[test] fn test_secret_extraction_enabled() { // Normally, secret extraction would be used to configure kTLS (TLS offload @@ -4836,8 +4835,12 @@ fn test_secret_extraction_enabled() { do_handshake(&mut client, &mut server); // The handshake is finished, we're now able to extract traffic secrets - let client_secrets = client.extract_secrets().unwrap(); - let server_secrets = server.extract_secrets().unwrap(); + let client_secrets = client + .dangerous_extract_secrets() + .unwrap(); + let server_secrets = server + .dangerous_extract_secrets() + .unwrap(); // Comparing secrets for equality is something you should never have to // do in production code, so ConnectionTrafficSecrets doesn't implement @@ -4866,7 +4869,7 @@ fn test_secret_extraction_enabled() { /// Test that secrets cannot be extracted unless explicitly enabled, and until /// the handshake is done. -#[cfg(all(feature = "secret_extraction", feature = "tls12"))] +#[cfg(feature = "tls12")] #[test] fn test_secret_extraction_disabled_or_too_early() { let suite = rustls::cipher_suite::TLS13_AES_128_GCM_SHA256; @@ -4892,11 +4895,15 @@ fn test_secret_extraction_disabled_or_too_early() { let (client, server) = make_pair_for_arc_configs(&client_config, &server_config); assert!( - client.extract_secrets().is_err(), + client + .dangerous_extract_secrets() + .is_err(), "extraction should fail until handshake completes" ); assert!( - server.extract_secrets().is_err(), + server + .dangerous_extract_secrets() + .is_err(), "extraction should fail until handshake completes" ); @@ -4904,8 +4911,18 @@ fn test_secret_extraction_disabled_or_too_early() { do_handshake(&mut client, &mut server); - assert_eq!(server_enable, server.extract_secrets().is_ok()); - assert_eq!(client_enable, client.extract_secrets().is_ok()); + assert_eq!( + server_enable, + server + .dangerous_extract_secrets() + .is_ok() + ); + assert_eq!( + client_enable, + client + .dangerous_extract_secrets() + .is_ok() + ); } } From f141da4a2e6ce6b19f569835bc591a3c86b8f860 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 27 Sep 2023 09:28:15 -0400 Subject: [PATCH 0216/1145] Cargo: remove rcgen git patch The `rcgen` crate has cut a 0.11.2 release that includes the CRL functionality we were using a Cargo patch to depend on previously. This commit removes the patch, fixes one breakage in the server acceptor example, and updates the `Cargo.toml` and `Cargo.lock` files. --- Cargo.lock | 21 +++++++++++---------- Cargo.toml | 4 ---- examples/Cargo.toml | 2 +- examples/src/bin/server_acceptor.rs | 1 + 4 files changed, 13 insertions(+), 15 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 83f410c527..22cdcf4a1d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -178,9 +178,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.4" +version = "4.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1d7b8d5ec32af0fadc644bf1fd509a688c2103b185644bb1e29d164e0703136" +checksum = "824956d0dca8334758a5b7f7e50518d66ea319330cbceedcf76905c2f6ab30e3" dependencies = [ "clap_builder", "clap_derive", @@ -188,9 +188,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.4" +version = "4.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5179bb514e4d7c2051749d8fcefa2ed6d06a9f4e6d69faf3805f5d80b8cf8d56" +checksum = "122ec64120a49b4563ccaedcbea7818d069ed8e9aa6d829b82d8a4128936b2ab" dependencies = [ "anstream", "anstyle", @@ -612,9 +612,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "pem" -version = "2.0.1" +version = "3.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b13fe415cdf3c8e44518e18a7c95a13431d9bdf6d15367d82b23c377fdd441a" +checksum = "3163d2912b7c3b52d651a055f2c7eec9ba5cd22d26ef75b8dd3a59980b185923" dependencies = [ "base64", "serde", @@ -742,8 +742,9 @@ dependencies = [ [[package]] name = "rcgen" -version = "0.11.1" -source = "git+https://github.com/est31/rcgen.git?rev=83e548a06848d923eada1ac66d1a912735b67e79#83e548a06848d923eada1ac66d1a912735b67e79" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4426f9f4d65c83b570885bee479ba4c5e78d7a5286c8a58e3d2570462121b447" dependencies = [ "pem", "ring", @@ -976,9 +977,9 @@ dependencies = [ [[package]] name = "sha2" -version = "0.10.7" +version = "0.10.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" +checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" dependencies = [ "cfg-if", "cpufeatures", diff --git a/Cargo.toml b/Cargo.toml index 07d874ece7..796c1f8286 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,7 +15,3 @@ default-members = [ ] exclude = ["admin/rustfmt"] resolver = "2" - -[patch.crates-io] -# TODO(XXX): Remove this once rcgen has cut a release w/ CRL support included. Only used in examples. -rcgen = { git = 'https://github.com/est31/rcgen.git', rev = '83e548a06848d923eada1ac66d1a912735b67e79' } diff --git a/examples/Cargo.toml b/examples/Cargo.toml index b09d71ba10..862a53946c 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -16,7 +16,7 @@ env_logger = "0.10" log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } pki-types = { package = "rustls-pki-types", version = "0.2" } -rcgen = { version = "0.11.1", features = ["pem"], default-features = false } +rcgen = { version = "0.11.2", features = ["pem"], default-features = false } rustls = { path = "../rustls", features = [ "logging" ]} rustls-pemfile = "=2.0.0-alpha.1" serde = "1.0" diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index d6b1db74e7..c54d1dfbc9 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -266,6 +266,7 @@ impl TestPki { this_update: now, next_update: now.add(Duration::from_secs(next_update_seconds)), crl_number: rcgen::SerialNumber::from(1234), + issuing_distribution_point: None, revoked_certs, key_identifier_method: rcgen::KeyIdMethod::Sha256, alg: &rcgen::PKCS_ECDSA_P256_SHA256, From 940d603e38bb228ce4da601c1c76eef60602cd22 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 27 Sep 2023 10:49:47 -0400 Subject: [PATCH 0217/1145] ci: run cargo dependabot weekly Now that we're checking in `Cargo.lock` files we'll be getting more Dependabot PRs for semver compatible Cargo dependency updates. This commit switches the tool to run weekly instead of daily so that we don't have to spend as much time triaging these on a day-by-day basis. --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c7b634c988..1064e01392 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,7 +3,7 @@ updates: - package-ecosystem: cargo directory: "/" schedule: - interval: daily + interval: weekly open-pull-requests-limit: 10 - package-ecosystem: github-actions directory: "/" From 55bb27953d52eb2762f20aa6e30dc54252b1f77e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 20 Sep 2023 14:36:44 -0400 Subject: [PATCH 0218/1145] suites: rework `ConnectionTrafficSecrets` This commit updates `ConnectionTrafficSecrets` to hold `AeadKey` and `Iv` instances, instead of byte arrays, removing the need for the `slices_to_arrays` and `slice_to_array` helpers. --- provider-example/src/aead.rs | 17 ++++----- rustls/src/crypto/ring/tls12.rs | 65 +++++++++++++++------------------ rustls/src/crypto/ring/tls13.rs | 14 +------ rustls/src/suites.rs | 54 +++++++-------------------- rustls/tests/api.rs | 10 +++-- 5 files changed, 57 insertions(+), 103 deletions(-) diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index 0515cbbc63..2c9d410442 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -1,5 +1,5 @@ use chacha20poly1305::{AeadInPlace, KeyInit, KeySizeUser}; -use rustls::crypto::cipher::{self, AeadKey, Iv, UnsupportedOperationError}; +use rustls::crypto::cipher::{self, AeadKey, Iv, UnsupportedOperationError, NONCE_LEN}; use rustls::{ConnectionTrafficSecrets, ContentType, ProtocolVersion}; pub struct Chacha20Poly1305; @@ -28,10 +28,6 @@ impl cipher::Tls13AeadAlgorithm for Chacha20Poly1305 { key: AeadKey, iv: Iv, ) -> Result { - let (key, iv) = ( - ConnectionTrafficSecrets::slice_to_array(key.as_ref()), - ConnectionTrafficSecrets::slice_to_array(iv.as_ref()), - ); Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) } } @@ -70,11 +66,12 @@ impl cipher::Tls12AeadAlgorithm for Chacha20Poly1305 { iv: &[u8], _explicit: &[u8], ) -> Result { - let (key, iv) = ( - ConnectionTrafficSecrets::slice_to_array(key.as_ref()), - ConnectionTrafficSecrets::slice_to_array(iv), - ); - Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) + // This should always be true because KeyBlockShape and the Iv nonce len are in agreement. + debug_assert_eq!(NONCE_LEN, iv.len()); + Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { + key, + iv: Iv::new(iv[..].try_into().unwrap()), + }) } } diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 859d1ff6a8..09d23dbd1a 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -132,24 +132,9 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { write_iv: &[u8], explicit: &[u8], ) -> Box { - debug_assert_eq!(write_iv.len(), 4); - debug_assert_eq!(explicit.len(), 8); - let enc_key = aead::LessSafeKey::new(aead::UnboundKey::new(self.0, enc_key.as_ref()).unwrap()); - - // The GCM nonce is constructed from a 32-bit 'salt' derived - // from the master-secret, and a 64-bit explicit part, - // with no specified construction. Thanks for that. - // - // We use the same construction as TLS1.3/ChaCha20Poly1305: - // a starting point extracted from the key block, xored with - // the sequence number. - let mut iv = [0; NONCE_LEN]; - iv[..4].copy_from_slice(write_iv); - iv[4..].copy_from_slice(explicit); - let iv = Iv::new(iv); - + let iv = gcm_iv(write_iv, explicit); Box::new(GcmMessageEncrypter { enc_key, iv }) } @@ -164,23 +149,12 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { fn extract_keys( &self, key: AeadKey, - iv: &[u8], + write_iv: &[u8], explicit: &[u8], ) -> Result { - Ok(match key.as_ref().len() { - 16 => { - // nb. "fixed IV" becomes the GCM nonce "salt" - let (key, salt, iv) = - ConnectionTrafficSecrets::slices_to_arrays(key.as_ref(), iv, explicit); - ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv } - } - 32 => { - // nb. "fixed IV" becomes the GCM nonce "salt" - let (key, salt, iv) = - ConnectionTrafficSecrets::slices_to_arrays(key.as_ref(), iv, explicit); - ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv } - } - _ => unreachable!(), + Ok(ConnectionTrafficSecrets::Aes128Gcm { + key, + iv: gcm_iv(write_iv, explicit), }) } } @@ -222,11 +196,12 @@ impl Tls12AeadAlgorithm for ChaCha20Poly1305 { iv: &[u8], _explicit: &[u8], ) -> Result { - let (key, iv) = ( - ConnectionTrafficSecrets::slice_to_array(key.as_ref()), - ConnectionTrafficSecrets::slice_to_array(iv), - ); - Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) + // This should always be true because KeyBlockShape and the Iv nonce len are in agreement. + debug_assert_eq!(aead::NONCE_LEN, iv.len()); + Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { + key, + iv: Iv::new(iv[..].try_into().unwrap()), + }) } } @@ -367,3 +342,21 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { Ok(OpaqueMessage::new(msg.typ, msg.version, buf)) } } + +fn gcm_iv(write_iv: &[u8], explicit: &[u8]) -> Iv { + debug_assert_eq!(write_iv.len(), 4); + debug_assert_eq!(explicit.len(), 8); + + // The GCM nonce is constructed from a 32-bit 'salt' derived + // from the master-secret, and a 64-bit explicit part, + // with no specified construction. Thanks for that. + // + // We use the same construction as TLS1.3/ChaCha20Poly1305: + // a starting point extracted from the key block, xored with + // the sequence number. + let mut iv = [0; NONCE_LEN]; + iv[..4].copy_from_slice(write_iv); + iv[4..].copy_from_slice(explicit); + + Iv::new(iv) +} diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 2a77b0f1dd..5349f14f15 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -86,10 +86,6 @@ impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { key: AeadKey, iv: Iv, ) -> Result { - let (key, iv) = ( - ConnectionTrafficSecrets::slice_to_array(key.as_ref()), - ConnectionTrafficSecrets::slice_to_array(iv.as_ref()), - ); Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) } } @@ -114,10 +110,7 @@ impl Tls13AeadAlgorithm for Aes256GcmAead { key: AeadKey, iv: Iv, ) -> Result { - let iv = iv.as_ref(); - let (key, salt, iv) = - ConnectionTrafficSecrets::slices_to_arrays(key.as_ref(), &iv[..4], &iv[4..]); - Ok(ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv }) + Ok(ConnectionTrafficSecrets::Aes256Gcm { key, iv }) } } @@ -141,10 +134,7 @@ impl Tls13AeadAlgorithm for Aes128GcmAead { key: AeadKey, iv: Iv, ) -> Result { - let iv = iv.as_ref(); - let (key, salt, iv) = - ConnectionTrafficSecrets::slices_to_arrays(key.as_ref(), &iv[..4], &iv[4..]); - Ok(ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv }) + Ok(ConnectionTrafficSecrets::Aes128Gcm { key, iv }) } } diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 6915ecf5a9..fd591a9e7e 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -1,6 +1,7 @@ use core::fmt; use crate::crypto; +use crate::crypto::cipher::{AeadKey, Iv}; use crate::enums::{CipherSuite, ProtocolVersion, SignatureAlgorithm, SignatureScheme}; #[cfg(feature = "tls12")] use crate::tls12::Tls12CipherSuite; @@ -186,58 +187,29 @@ pub(crate) struct PartiallyExtractedSecrets { pub enum ConnectionTrafficSecrets { /// Secrets for the AES_128_GCM AEAD algorithm Aes128Gcm { - /// key (16 bytes) - key: [u8; 16], - /// salt (4 bytes) - salt: [u8; 4], - /// initialization vector (8 bytes, chopped from key block) - iv: [u8; 8], + /// AEAD Key + key: AeadKey, + /// Initialization vector + iv: Iv, }, /// Secrets for the AES_256_GCM AEAD algorithm Aes256Gcm { - /// key (32 bytes) - key: [u8; 32], - /// salt (4 bytes) - salt: [u8; 4], - /// initialization vector (8 bytes, chopped from key block) - iv: [u8; 8], + /// AEAD Key + key: AeadKey, + /// Initialization vector + iv: Iv, }, /// Secrets for the CHACHA20_POLY1305 AEAD algorithm Chacha20Poly1305 { - /// key (32 bytes) - key: [u8; 32], - /// initialization vector (12 bytes) - iv: [u8; 12], + /// AEAD Key + key: AeadKey, + /// Initialization vector + iv: Iv, }, } -impl ConnectionTrafficSecrets { - /// Convert three slices to three fixed sized arrays, panicking if any slice is not the correct - /// constant size length. - pub fn slices_to_arrays( - k: &[u8], - s: &[u8], - i: &[u8], - ) -> ([u8; NK], [u8; NS], [u8; NI]) { - ( - Self::slice_to_array(k), - Self::slice_to_array(s), - Self::slice_to_array(i), - ) - } - - /// Convert a slice to a fixed sized array, panicking if the slice is not the correct - /// constant size length. - pub fn slice_to_array(slice: &[u8]) -> [u8; N] { - // this is guaranteed true because `ConnectionTrafficSecrets` items and - // call-site `TlsXXAeadAlgorithm` impl `key_len()`s are in agreement. - debug_assert_eq!(N, slice.len()); - slice.try_into().unwrap() - } -} - #[cfg(all(test, feature = "ring"))] mod tests { use super::crypto::ring::tls13::*; diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 9f9803c46a..d3643c8f79 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4845,11 +4845,13 @@ fn test_secret_extraction_enabled() { // Comparing secrets for equality is something you should never have to // do in production code, so ConnectionTrafficSecrets doesn't implement // PartialEq/Eq on purpose. Instead, we have to get creative. - fn explode_secrets(s: &ConnectionTrafficSecrets) -> (&[u8], &[u8], &[u8]) { + fn explode_secrets(s: &ConnectionTrafficSecrets) -> (&[u8], &[u8]) { match s { - ConnectionTrafficSecrets::Aes128Gcm { key, salt, iv } => (key, salt, iv), - ConnectionTrafficSecrets::Aes256Gcm { key, salt, iv } => (key, salt, iv), - ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv } => (key, &[], iv), + ConnectionTrafficSecrets::Aes128Gcm { key, iv } => (key.as_ref(), iv.as_ref()), + ConnectionTrafficSecrets::Aes256Gcm { key, iv } => (key.as_ref(), iv.as_ref()), + ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv } => { + (key.as_ref(), iv.as_ref()) + } _ => panic!("unexpected secret type"), } } From 1a939124e8b8a72f21bdb557b8d80dc6eef72522 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 28 Sep 2023 17:09:06 -0400 Subject: [PATCH 0219/1145] ci: remove `--locked` from cargo hack daily test Running `cargo hack check --locked --feature-powerset` seems to be failing, as it detects that the lockfile needs to be updated. Updating the lockfile and re-running causes the same error. It looks as though it is removing items from the lockfile based on which features it's testing. To prevent this test from failing, let's remove `--locked` and test the feature powerset with relaxed handling of the `Cargo.lock` file. --- .github/workflows/daily-tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 056011bdd7..4fb3698a4e 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -109,4 +109,4 @@ jobs: uses: taiki-e/install-action@cargo-hack - name: Check feature powerset - run: cargo hack check --locked --feature-powerset --no-dev-deps + run: cargo hack check --feature-powerset --no-dev-deps From 4d3f303daa47d2aeb48bf444f067484bab7745ca Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Sun, 1 Oct 2023 20:12:19 +0100 Subject: [PATCH 0220/1145] tlsvulns.rs: add reference to "Marvin" attack --- rustls/src/manual/tlsvulns.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/src/manual/tlsvulns.rs b/rustls/src/manual/tlsvulns.rs index 77d5510270..ebd6453cf5 100644 --- a/rustls/src/manual/tlsvulns.rs +++ b/rustls/src/manual/tlsvulns.rs @@ -44,6 +44,7 @@ In a similar pattern to the MAC-then-encrypt problem discussed above, TLSv1.0 (1 continued to specify use of PKCS#1 encryption, again with incrementally more complex and incorrect advice on countermeasures. [ROBOT](https://robotattack.org/) (2018) showed that implementations were still vulnerable to these attacks twenty years later. +[The Marvin Attack](https://people.redhat.com/~hkario/marvin/) (2023) demonstrated the same a further five years later. rustls does not support RSA key exchange. TLSv1.3 also removed support. From d980e2bd385e71db1bd629bc4b276a793033dcd8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Oct 2023 04:26:21 +0000 Subject: [PATCH 0221/1145] build(deps): bump regex from 1.9.5 to 1.9.6 Bumps [regex](https://github.com/rust-lang/regex) from 1.9.5 to 1.9.6. - [Release notes](https://github.com/rust-lang/regex/releases) - [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/regex/compare/1.9.5...1.9.6) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Cargo.lock | 8 ++++---- examples/Cargo.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 22cdcf4a1d..fbfe4fa346 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -754,9 +754,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.9.5" +version = "1.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "697061221ea1b4a94a624f67d0ae2bfe4e22b8a17b6a192afb11046542cc8c47" +checksum = "ebee201405406dbf528b8b672104ae6d6d63e6d118cb10e4d51abbc7b58044ff" dependencies = [ "aho-corasick", "memchr", @@ -766,9 +766,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2f401f4955220693b56f8ec66ee9c78abffd8d1c4f23dc41a23839eb88f0795" +checksum = "59b23e92ee4318893fa3fe3e6fb365258efbfe6ac6ab30f090cdcbb7aa37efa9" dependencies = [ "aho-corasick", "memchr", diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 862a53946c..39d5bb5440 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -24,5 +24,5 @@ serde_derive = "1.0" webpki-roots = "=0.26.0-alpha.1" [dev-dependencies] -regex = "1.0" +regex = "1.9" ring = "0.16.20" From babfe038ee673fe3245d2b884b3fc1723fff34bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Oct 2023 04:26:44 +0000 Subject: [PATCH 0222/1145] build(deps): bump rcgen from 0.11.2 to 0.11.3 Bumps [rcgen](https://github.com/est31/rcgen) from 0.11.2 to 0.11.3. - [Changelog](https://github.com/rustls/rcgen/blob/main/CHANGELOG.md) - [Commits](https://github.com/est31/rcgen/commits) --- updated-dependencies: - dependency-name: rcgen dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Cargo.lock | 4 ++-- examples/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index fbfe4fa346..d18f95810e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -742,9 +742,9 @@ dependencies = [ [[package]] name = "rcgen" -version = "0.11.2" +version = "0.11.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4426f9f4d65c83b570885bee479ba4c5e78d7a5286c8a58e3d2570462121b447" +checksum = "52c4f3084aa3bc7dfbba4eff4fab2a54db4324965d8872ab933565e6fbd83bc6" dependencies = [ "pem", "ring", diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 39d5bb5440..f21f52df4a 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -16,7 +16,7 @@ env_logger = "0.10" log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } pki-types = { package = "rustls-pki-types", version = "0.2" } -rcgen = { version = "0.11.2", features = ["pem"], default-features = false } +rcgen = { version = "0.11.3", features = ["pem"], default-features = false } rustls = { path = "../rustls", features = [ "logging" ]} rustls-pemfile = "=2.0.0-alpha.1" serde = "1.0" From 992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 2 Oct 2023 11:45:39 +0200 Subject: [PATCH 0223/1145] Make connect-tests part of the workspace --- Cargo.lock | 9 ++ Cargo.toml | 2 + connect-tests/Cargo.lock | 286 --------------------------------------- connect-tests/Cargo.toml | 4 - 4 files changed, 11 insertions(+), 290 deletions(-) delete mode 100644 connect-tests/Cargo.lock diff --git a/Cargo.lock b/Cargo.lock index d18f95810e..0e2ae3149f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -873,6 +873,15 @@ dependencies = [ "rustls-pki-types", ] +[[package]] +name = "rustls-connect-tests" +version = "0.0.1" +dependencies = [ + "regex", + "ring", + "rustls", +] + [[package]] name = "rustls-examples" version = "0.0.1" diff --git a/Cargo.toml b/Cargo.toml index 796c1f8286..3c8b7d8352 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,6 +2,8 @@ members = [ # CI benchmarks "ci-bench", + # Network-based tests + "connect-tests", # tests and example code "examples", # the main library and tests diff --git a/connect-tests/Cargo.lock b/connect-tests/Cargo.lock deleted file mode 100644 index 639619ef79..0000000000 --- a/connect-tests/Cargo.lock +++ /dev/null @@ -1,286 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -version = 3 - -[[package]] -name = "aho-corasick" -version = "1.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea5d730647d4fadd988536d06fecce94b7b4f2a7efdae548f1cf4b63205518ab" -dependencies = [ - "memchr", -] - -[[package]] -name = "bumpalo" -version = "3.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" - -[[package]] -name = "cc" -version = "1.0.83" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" -dependencies = [ - "libc", -] - -[[package]] -name = "cfg-if" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" - -[[package]] -name = "js-sys" -version = "0.3.64" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" -dependencies = [ - "wasm-bindgen", -] - -[[package]] -name = "libc" -version = "0.2.148" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b" - -[[package]] -name = "log" -version = "0.4.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" - -[[package]] -name = "memchr" -version = "2.6.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f232d6ef707e1956a43342693d2a31e72989554d58299d7a88738cc95b0d35c" - -[[package]] -name = "once_cell" -version = "1.18.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" - -[[package]] -name = "proc-macro2" -version = "1.0.67" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d433d9f1a3e8c1263d9456598b16fec66f4acc9a74dacffd35c7bb09b3a1328" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "quote" -version = "1.0.33" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "regex" -version = "1.9.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "697061221ea1b4a94a624f67d0ae2bfe4e22b8a17b6a192afb11046542cc8c47" -dependencies = [ - "aho-corasick", - "memchr", - "regex-automata", - "regex-syntax", -] - -[[package]] -name = "regex-automata" -version = "0.3.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2f401f4955220693b56f8ec66ee9c78abffd8d1c4f23dc41a23839eb88f0795" -dependencies = [ - "aho-corasick", - "memchr", - "regex-syntax", -] - -[[package]] -name = "regex-syntax" -version = "0.7.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" - -[[package]] -name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin", - "untrusted", - "web-sys", - "winapi", -] - -[[package]] -name = "rustls" -version = "0.22.0-alpha.3" -dependencies = [ - "log", - "ring", - "rustls-pki-types", - "rustls-webpki", - "subtle", -] - -[[package]] -name = "rustls-connect-tests" -version = "0.0.1" -dependencies = [ - "regex", - "ring", - "rustls", -] - -[[package]] -name = "rustls-pki-types" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a47003264dea418db67060fa420ad16d0d2f8f0a0360d825c00e177ac52cb5d8" - -[[package]] -name = "rustls-webpki" -version = "0.102.0-alpha.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77fecb40b15f8d5d22e08f89e0a0bfa2c17ddd5fc385700f96920bba2b99b680" -dependencies = [ - "ring", - "rustls-pki-types", - "untrusted", -] - -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - -[[package]] -name = "subtle" -version = "2.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" - -[[package]] -name = "syn" -version = "2.0.37" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7303ef2c05cd654186cb250d29049a24840ca25d2747c25c0381c8d9e2f582e8" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "unicode-ident" -version = "1.0.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" - -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - -[[package]] -name = "wasm-bindgen" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" -dependencies = [ - "cfg-if", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" -dependencies = [ - "bumpalo", - "log", - "once_cell", - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" - -[[package]] -name = "web-sys" -version = "0.3.64" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b" -dependencies = [ - "js-sys", - "wasm-bindgen", -] - -[[package]] -name = "winapi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" -dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", -] - -[[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" - -[[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" diff --git a/connect-tests/Cargo.toml b/connect-tests/Cargo.toml index 623cc7ff67..f4633d4a4a 100644 --- a/connect-tests/Cargo.toml +++ b/connect-tests/Cargo.toml @@ -7,10 +7,6 @@ license = "Apache-2.0 OR ISC OR MIT" description = "Rustls connectivity based integration tests." publish = false -# Prevent this from interfering with workspaces -[workspace] -members = ["."] - [features] quic = ["rustls/quic"] From a930fff04846de8ec46f7cca8e38299306168078 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 23 Aug 2023 12:36:13 +0100 Subject: [PATCH 0224/1145] Split ring-based ticketer and kx into their own files --- rustls/src/crypto/ring/kx.rs | 102 +++++++++++ rustls/src/crypto/ring/mod.rs | 281 +---------------------------- rustls/src/crypto/ring/ticketer.rs | 178 ++++++++++++++++++ rustls/src/tls12/mod.rs | 2 +- 4 files changed, 289 insertions(+), 274 deletions(-) create mode 100644 rustls/src/crypto/ring/kx.rs create mode 100644 rustls/src/crypto/ring/ticketer.rs diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs new file mode 100644 index 0000000000..664c1f663f --- /dev/null +++ b/rustls/src/crypto/ring/kx.rs @@ -0,0 +1,102 @@ +use crate::crypto::{ActiveKeyExchange, SharedSecret, SupportedKxGroup}; +use crate::error::{Error, PeerMisbehaved}; +use crate::msgs::enums::NamedGroup; +use crate::rand::GetRandomFailed; + +use ring::agreement::{agree_ephemeral, EphemeralPrivateKey, UnparsedPublicKey}; +use ring::rand::SystemRandom; + +use core::fmt; + +/// A key-exchange group supported by *ring*. +/// +/// All possible instances of this class are provided by the library in +/// the `ALL_KX_GROUPS` array. +struct KxGroup { + /// The IANA "TLS Supported Groups" name of the group + name: NamedGroup, + + /// The corresponding ring agreement::Algorithm + agreement_algorithm: &'static ring::agreement::Algorithm, +} + +impl SupportedKxGroup for KxGroup { + fn start(&self) -> Result, GetRandomFailed> { + let rng = SystemRandom::new(); + let priv_key = EphemeralPrivateKey::generate(self.agreement_algorithm, &rng) + .map_err(|_| GetRandomFailed)?; + + let pub_key = priv_key + .compute_public_key() + .map_err(|_| GetRandomFailed)?; + + Ok(Box::new(KeyExchange { + name: self.name, + agreement_algorithm: self.agreement_algorithm, + priv_key, + pub_key, + })) + } + + fn name(&self) -> NamedGroup { + self.name + } +} + +impl fmt::Debug for KxGroup { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + self.name.fmt(f) + } +} + +/// Ephemeral ECDH on curve25519 (see RFC7748) +pub static X25519: &dyn SupportedKxGroup = &KxGroup { + name: NamedGroup::X25519, + agreement_algorithm: &ring::agreement::X25519, +}; + +/// Ephemeral ECDH on secp256r1 (aka NIST-P256) +pub static SECP256R1: &dyn SupportedKxGroup = &KxGroup { + name: NamedGroup::secp256r1, + agreement_algorithm: &ring::agreement::ECDH_P256, +}; + +/// Ephemeral ECDH on secp384r1 (aka NIST-P384) +pub static SECP384R1: &dyn SupportedKxGroup = &KxGroup { + name: NamedGroup::secp384r1, + agreement_algorithm: &ring::agreement::ECDH_P384, +}; + +/// A list of all the key exchange groups supported by rustls. +pub static ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[X25519, SECP256R1, SECP384R1]; + +/// An in-progress key exchange. This has the algorithm, +/// our private key, and our public key. +#[derive(Debug)] +struct KeyExchange { + name: NamedGroup, + agreement_algorithm: &'static ring::agreement::Algorithm, + priv_key: EphemeralPrivateKey, + pub_key: ring::agreement::PublicKey, +} + +impl ActiveKeyExchange for KeyExchange { + /// Completes the key exchange, given the peer's public key. + fn complete(self: Box, peer: &[u8]) -> Result { + let peer_key = UnparsedPublicKey::new(self.agreement_algorithm, peer); + agree_ephemeral(self.priv_key, &peer_key, (), |secret| { + Ok(SharedSecret::from(secret)) + }) + .map_err(|()| PeerMisbehaved::InvalidKeyShare.into()) + } + + /// Return the group being used. + fn group(&self) -> NamedGroup { + self.name + } + + /// Return the public key being used. + fn pub_key(&self) -> &[u8] { + self.pub_key.as_ref() + } +} diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 9c077d3918..d758714325 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -1,21 +1,15 @@ -use crate::crypto::{ActiveKeyExchange, CryptoProvider, SharedSecret, SupportedKxGroup}; -use crate::error::{Error, PeerMisbehaved}; -use crate::msgs::enums::NamedGroup; +use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::rand::GetRandomFailed; -use crate::server::ProducesTickets; use crate::suites::SupportedCipherSuite; -use ring::aead; -use ring::agreement::{agree_ephemeral, EphemeralPrivateKey, UnparsedPublicKey}; use ring::rand::{SecureRandom, SystemRandom}; -use alloc::sync::Arc; -use core::fmt; - pub(crate) mod hash; pub(crate) mod hmac; +pub(crate) mod kx; #[cfg(feature = "quic")] pub(crate) mod quic; +pub(crate) mod ticketer; #[cfg(feature = "tls12")] pub(crate) mod tls12; pub(crate) mod tls13; @@ -76,273 +70,14 @@ pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[ tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ]; -/// A key-exchange group supported by *ring*. -/// -/// All possible instances of this class are provided by the library in -/// the `ALL_KX_GROUPS` array. -pub struct KxGroup { - /// The IANA "TLS Supported Groups" name of the group - name: NamedGroup, - - /// The corresponding ring agreement::Algorithm - agreement_algorithm: &'static ring::agreement::Algorithm, -} - -impl SupportedKxGroup for KxGroup { - fn start(&self) -> Result, GetRandomFailed> { - let rng = SystemRandom::new(); - let priv_key = EphemeralPrivateKey::generate(self.agreement_algorithm, &rng) - .map_err(|_| GetRandomFailed)?; - - let pub_key = priv_key - .compute_public_key() - .map_err(|_| GetRandomFailed)?; - - Ok(Box::new(KeyExchange { - name: self.name, - agreement_algorithm: self.agreement_algorithm, - priv_key, - pub_key, - })) - } - - fn name(&self) -> NamedGroup { - self.name - } -} - -impl fmt::Debug for KxGroup { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - self.name.fmt(f) - } -} - -/// Ephemeral ECDH on curve25519 (see RFC7748) -pub static X25519: &dyn SupportedKxGroup = &KxGroup { - name: NamedGroup::X25519, - agreement_algorithm: &ring::agreement::X25519, -}; - -/// Ephemeral ECDH on secp256r1 (aka NIST-P256) -pub static SECP256R1: &dyn SupportedKxGroup = &KxGroup { - name: NamedGroup::secp256r1, - agreement_algorithm: &ring::agreement::ECDH_P256, -}; - -/// Ephemeral ECDH on secp384r1 (aka NIST-P384) -pub static SECP384R1: &dyn SupportedKxGroup = &KxGroup { - name: NamedGroup::secp384r1, - agreement_algorithm: &ring::agreement::ECDH_P384, -}; - -/// A list of all the key exchange groups supported by rustls. -pub static ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[X25519, SECP256R1, SECP384R1]; - -/// An in-progress key exchange. This has the algorithm, -/// our private key, and our public key. -#[derive(Debug)] -pub struct KeyExchange { - name: NamedGroup, - agreement_algorithm: &'static ring::agreement::Algorithm, - priv_key: EphemeralPrivateKey, - pub_key: ring::agreement::PublicKey, -} - -impl ActiveKeyExchange for KeyExchange { - /// Completes the key exchange, given the peer's public key. - fn complete(self: Box, peer: &[u8]) -> Result { - let peer_key = UnparsedPublicKey::new(self.agreement_algorithm, peer); - agree_ephemeral(self.priv_key, &peer_key, (), |secret| { - Ok(SharedSecret::from(secret)) - }) - .map_err(|()| PeerMisbehaved::InvalidKeyShare.into()) - } - - /// Return the group being used. - fn group(&self) -> NamedGroup { - self.name - } - - /// Return the public key being used. - fn pub_key(&self) -> &[u8] { - self.pub_key.as_ref() - } -} - /// All defined key exchange groups supported by *ring* appear in this module. /// /// [`ALL_KX_GROUPS`] is provided as an array of all of these values. pub mod kx_group { - pub use crate::crypto::ring::SECP256R1; - pub use crate::crypto::ring::SECP384R1; - pub use crate::crypto::ring::X25519; -} - -/// A concrete, safe ticket creation mechanism. -pub struct Ticketer {} - -impl Ticketer { - /// Make the recommended Ticketer. This produces tickets - /// with a 12 hour life and randomly generated keys. - /// - /// The encryption mechanism used is Chacha20Poly1305. - pub fn new() -> Result, Error> { - Ok(Arc::new(crate::ticketer::TicketSwitcher::new( - 6 * 60 * 60, - make_ticket_generator, - )?)) - } -} - -fn make_ticket_generator() -> Result, GetRandomFailed> { - let mut key = [0u8; 32]; - RING.fill_random(&mut key)?; - - let alg = &aead::CHACHA20_POLY1305; - let key = aead::UnboundKey::new(alg, &key).unwrap(); - - Ok(Box::new(AeadTicketer { - alg, - key: aead::LessSafeKey::new(key), - lifetime: 60 * 60 * 12, - })) -} - -/// This is a `ProducesTickets` implementation which uses -/// any *ring* `aead::Algorithm` to encrypt and authentication -/// the ticket payload. It does not enforce any lifetime -/// constraint. -struct AeadTicketer { - alg: &'static aead::Algorithm, - key: aead::LessSafeKey, - lifetime: u32, + pub use super::kx::SECP256R1; + pub use super::kx::SECP384R1; + pub use super::kx::X25519; } -impl ProducesTickets for AeadTicketer { - fn enabled(&self) -> bool { - true - } - fn lifetime(&self) -> u32 { - self.lifetime - } - - /// Encrypt `message` and return the ciphertext. - fn encrypt(&self, message: &[u8]) -> Option> { - // Random nonce, because a counter is a privacy leak. - let mut nonce_buf = [0u8; 12]; - RING.fill_random(&mut nonce_buf).ok()?; - let nonce = aead::Nonce::assume_unique_for_key(nonce_buf); - let aad = ring::aead::Aad::empty(); - - let mut ciphertext = - Vec::with_capacity(nonce_buf.len() + message.len() + self.key.algorithm().tag_len()); - ciphertext.extend(nonce_buf); - ciphertext.extend(message); - self.key - .seal_in_place_separate_tag(nonce, aad, &mut ciphertext[nonce_buf.len()..]) - .map(|tag| { - ciphertext.extend(tag.as_ref()); - ciphertext - }) - .ok() - } - - /// Decrypt `ciphertext` and recover the original message. - fn decrypt(&self, ciphertext: &[u8]) -> Option> { - // Non-panicking `let (nonce, ciphertext) = ciphertext.split_at(...)`. - let nonce = ciphertext.get(..self.alg.nonce_len())?; - let ciphertext = ciphertext.get(nonce.len()..)?; - - // This won't fail since `nonce` has the required length. - let nonce = aead::Nonce::try_assume_unique_for_key(nonce).ok()?; - - let mut out = Vec::from(ciphertext); - - let plain_len = self - .key - .open_in_place(nonce, aead::Aad::empty(), &mut out) - .ok()? - .len(); - out.truncate(plain_len); - - Some(out) - } -} - -#[cfg(test)] -mod tests { - use super::*; - - use core::time::Duration; - use pki_types::UnixTime; - - #[test] - fn basic_pairwise_test() { - let t = Ticketer::new().unwrap(); - assert!(t.enabled()); - let cipher = t.encrypt(b"hello world").unwrap(); - let plain = t.decrypt(&cipher).unwrap(); - assert_eq!(plain, b"hello world"); - } - - #[test] - fn ticketswitcher_switching_test() { - let t = Arc::new(crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap()); - let now = UnixTime::now(); - let cipher1 = t.encrypt(b"ticket 1").unwrap(); - assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); - { - // Trigger new ticketer - t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( - now.as_secs() + 10, - ))); - } - let cipher2 = t.encrypt(b"ticket 2").unwrap(); - assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); - assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); - { - // Trigger new ticketer - t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( - now.as_secs() + 20, - ))); - } - let cipher3 = t.encrypt(b"ticket 3").unwrap(); - assert!(t.decrypt(&cipher1).is_none()); - assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); - assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); - } - - #[cfg(test)] - fn fail_generator() -> Result, GetRandomFailed> { - Err(GetRandomFailed) - } - - #[test] - fn ticketswitcher_recover_test() { - let mut t = crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap(); - let now = UnixTime::now(); - let cipher1 = t.encrypt(b"ticket 1").unwrap(); - assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); - t.generator = fail_generator; - { - // Failed new ticketer - t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( - now.as_secs() + 10, - ))); - } - t.generator = make_ticket_generator; - let cipher2 = t.encrypt(b"ticket 2").unwrap(); - assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); - assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); - { - // recover - t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( - now.as_secs() + 20, - ))); - } - let cipher3 = t.encrypt(b"ticket 3").unwrap(); - assert!(t.decrypt(&cipher1).is_none()); - assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); - assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); - } -} +pub use kx::ALL_KX_GROUPS; +pub use ticketer::Ticketer; diff --git a/rustls/src/crypto/ring/ticketer.rs b/rustls/src/crypto/ring/ticketer.rs new file mode 100644 index 0000000000..fe2d116d9e --- /dev/null +++ b/rustls/src/crypto/ring/ticketer.rs @@ -0,0 +1,178 @@ +use crate::error::Error; +use crate::rand::GetRandomFailed; +use crate::server::ProducesTickets; + +use ring::aead; + +use alloc::sync::Arc; + +/// A concrete, safe ticket creation mechanism. +pub struct Ticketer {} + +impl Ticketer { + /// Make the recommended Ticketer. This produces tickets + /// with a 12 hour life and randomly generated keys. + /// + /// The encryption mechanism used is Chacha20Poly1305. + pub fn new() -> Result, Error> { + Ok(Arc::new(crate::ticketer::TicketSwitcher::new( + 6 * 60 * 60, + make_ticket_generator, + )?)) + } +} + +fn make_ticket_generator() -> Result, GetRandomFailed> { + let mut key = [0u8; 32]; + super::RING.fill_random(&mut key)?; + + let alg = &aead::CHACHA20_POLY1305; + let key = aead::UnboundKey::new(alg, &key).unwrap(); + + Ok(Box::new(AeadTicketer { + alg, + key: aead::LessSafeKey::new(key), + lifetime: 60 * 60 * 12, + })) +} + +/// This is a `ProducesTickets` implementation which uses +/// any *ring* `aead::Algorithm` to encrypt and authentication +/// the ticket payload. It does not enforce any lifetime +/// constraint. +struct AeadTicketer { + alg: &'static aead::Algorithm, + key: aead::LessSafeKey, + lifetime: u32, +} + +impl ProducesTickets for AeadTicketer { + fn enabled(&self) -> bool { + true + } + fn lifetime(&self) -> u32 { + self.lifetime + } + + /// Encrypt `message` and return the ciphertext. + fn encrypt(&self, message: &[u8]) -> Option> { + // Random nonce, because a counter is a privacy leak. + let mut nonce_buf = [0u8; 12]; + super::RING + .fill_random(&mut nonce_buf) + .ok()?; + let nonce = aead::Nonce::assume_unique_for_key(nonce_buf); + let aad = ring::aead::Aad::empty(); + + let mut ciphertext = + Vec::with_capacity(nonce_buf.len() + message.len() + self.key.algorithm().tag_len()); + ciphertext.extend(nonce_buf); + ciphertext.extend(message); + self.key + .seal_in_place_separate_tag(nonce, aad, &mut ciphertext[nonce_buf.len()..]) + .map(|tag| { + ciphertext.extend(tag.as_ref()); + ciphertext + }) + .ok() + } + + /// Decrypt `ciphertext` and recover the original message. + fn decrypt(&self, ciphertext: &[u8]) -> Option> { + // Non-panicking `let (nonce, ciphertext) = ciphertext.split_at(...)`. + let nonce = ciphertext.get(..self.alg.nonce_len())?; + let ciphertext = ciphertext.get(nonce.len()..)?; + + // This won't fail since `nonce` has the required length. + let nonce = aead::Nonce::try_assume_unique_for_key(nonce).ok()?; + + let mut out = Vec::from(ciphertext); + + let plain_len = self + .key + .open_in_place(nonce, aead::Aad::empty(), &mut out) + .ok()? + .len(); + out.truncate(plain_len); + + Some(out) + } +} + +#[cfg(test)] +mod tests { + use super::*; + + use core::time::Duration; + use pki_types::UnixTime; + + #[test] + fn basic_pairwise_test() { + let t = Ticketer::new().unwrap(); + assert!(t.enabled()); + let cipher = t.encrypt(b"hello world").unwrap(); + let plain = t.decrypt(&cipher).unwrap(); + assert_eq!(plain, b"hello world"); + } + + #[test] + fn ticketswitcher_switching_test() { + let t = Arc::new(crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap()); + let now = UnixTime::now(); + let cipher1 = t.encrypt(b"ticket 1").unwrap(); + assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); + { + // Trigger new ticketer + t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( + now.as_secs() + 10, + ))); + } + let cipher2 = t.encrypt(b"ticket 2").unwrap(); + assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); + assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); + { + // Trigger new ticketer + t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( + now.as_secs() + 20, + ))); + } + let cipher3 = t.encrypt(b"ticket 3").unwrap(); + assert!(t.decrypt(&cipher1).is_none()); + assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); + assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); + } + + #[cfg(test)] + fn fail_generator() -> Result, GetRandomFailed> { + Err(GetRandomFailed) + } + + #[test] + fn ticketswitcher_recover_test() { + let mut t = crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap(); + let now = UnixTime::now(); + let cipher1 = t.encrypt(b"ticket 1").unwrap(); + assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); + t.generator = fail_generator; + { + // Failed new ticketer + t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( + now.as_secs() + 10, + ))); + } + t.generator = make_ticket_generator; + let cipher2 = t.encrypt(b"ticket 2").unwrap(); + assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1"); + assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); + { + // recover + t.maybe_roll(UnixTime::since_unix_epoch(Duration::from_secs( + now.as_secs() + 20, + ))); + } + let cipher3 = t.encrypt(b"ticket 3").unwrap(); + assert!(t.decrypt(&cipher1).is_none()); + assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); + assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); + } +} diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index a5c11b2bdb..d4f9bf488c 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -316,7 +316,7 @@ pub(crate) const DOWNGRADE_SENTINEL: [u8; 8] = [0x44, 0x4f, 0x57, 0x4e, 0x47, 0x mod tests { use super::*; use crate::common_state::{CommonState, Side}; - use crate::crypto::ring::X25519; + use crate::crypto::ring::kx_group::X25519; use crate::msgs::handshake::{ClientECDHParams, ServerECDHParams}; #[test] From ca0923930471ac907a5226d49227451ff39c1707 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 1 Sep 2023 13:42:24 +0100 Subject: [PATCH 0225/1145] Add micro benchmarks for Signer impls --- rustls/src/crypto/ring/sign.rs | 113 +++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index f57323153d..d499ff0bd4 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -421,3 +421,116 @@ mod tests { assert!(any_ecdsa_type(&key).is_err()); } } + +#[cfg(bench)] +mod benchmarks { + use super::{PrivateKeyDer, PrivatePkcs8KeyDer, SignatureScheme}; + + #[bench] + fn bench_rsa2048_pkcs1_sha256(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/rsa2048key.pkcs8.der")[..], + )); + let sk = super::any_supported_type(&key).unwrap(); + let signer = sk + .choose_scheme(&[SignatureScheme::RSA_PKCS1_SHA256]) + .unwrap(); + + b.iter(|| { + test::black_box( + signer + .sign(SAMPLE_TLS13_MESSAGE) + .unwrap(), + ); + }); + } + + #[bench] + fn bench_rsa2048_pss_sha256(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/rsa2048key.pkcs8.der")[..], + )); + let sk = super::any_supported_type(&key).unwrap(); + let signer = sk + .choose_scheme(&[SignatureScheme::RSA_PSS_SHA256]) + .unwrap(); + + b.iter(|| { + test::black_box( + signer + .sign(SAMPLE_TLS13_MESSAGE) + .unwrap(), + ); + }); + } + + #[bench] + fn bench_eddsa(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/eddsakey.der")[..], + )); + let sk = super::any_supported_type(&key).unwrap(); + let signer = sk + .choose_scheme(&[SignatureScheme::ED25519]) + .unwrap(); + + b.iter(|| { + test::black_box( + signer + .sign(SAMPLE_TLS13_MESSAGE) + .unwrap(), + ); + }); + } + + #[bench] + fn bench_ecdsa_p256_sha256(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/nistp256key.pkcs8.der")[..], + )); + let sk = super::any_supported_type(&key).unwrap(); + let signer = sk + .choose_scheme(&[SignatureScheme::ECDSA_NISTP256_SHA256]) + .unwrap(); + + b.iter(|| { + test::black_box( + signer + .sign(SAMPLE_TLS13_MESSAGE) + .unwrap(), + ); + }); + } + + #[bench] + fn bench_ecdsa_p384_sha384(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/nistp384key.pkcs8.der")[..], + )); + let sk = super::any_supported_type(&key).unwrap(); + let signer = sk + .choose_scheme(&[SignatureScheme::ECDSA_NISTP384_SHA384]) + .unwrap(); + + b.iter(|| { + test::black_box( + signer + .sign(SAMPLE_TLS13_MESSAGE) + .unwrap(), + ); + }); + } + + const SAMPLE_TLS13_MESSAGE: &[u8] = &[ + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x2c, 0x20, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x00, 0x04, 0xca, 0xc4, 0x48, 0x0e, 0x70, 0xf2, + 0x1b, 0xa9, 0x1c, 0x16, 0xca, 0x90, 0x48, 0xbe, 0x28, 0x2f, 0xc7, 0xf8, 0x9b, 0x87, 0x72, + 0x93, 0xda, 0x4d, 0x2f, 0x80, 0x80, 0x60, 0x1a, 0xd3, 0x08, 0xe2, 0xb7, 0x86, 0x14, 0x1b, + 0x54, 0xda, 0x9a, 0xc9, 0x6d, 0xe9, 0x66, 0xb4, 0x9f, 0xe2, 0x2c, + ]; +} From 1343df72249218f3bc9efadb0d55c59ae9d4654a Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 1 Sep 2023 14:17:30 +0100 Subject: [PATCH 0226/1145] Add micro benchmarks for key exchange impls --- rustls/src/crypto/ring/kx.rs | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index 664c1f663f..c0167e5e77 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -100,3 +100,29 @@ impl ActiveKeyExchange for KeyExchange { self.pub_key.as_ref() } } + +#[cfg(bench)] +mod benchmarks { + #[bench] + fn bench_x25519(b: &mut test::Bencher) { + bench_any(b, super::X25519); + } + + #[bench] + fn bench_ecdh_p256(b: &mut test::Bencher) { + bench_any(b, super::SECP256R1); + } + + #[bench] + fn bench_ecdh_p384(b: &mut test::Bencher) { + bench_any(b, super::SECP384R1); + } + + fn bench_any(b: &mut test::Bencher, kxg: &dyn super::SupportedKxGroup) { + b.iter(|| { + let akx = kxg.start().unwrap(); + let pub_key = akx.pub_key().to_vec(); + test::black_box(akx.complete(&pub_key).unwrap()); + }); + } +} From 23e1273d22fb70d665b368bf4cfdbd4a426e4e8e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 1 Sep 2023 14:57:42 +0100 Subject: [PATCH 0227/1145] Add micro benchmarks for key loading & validation --- rustls/src/crypto/ring/sign.rs | 53 +++++++++++++++++++++++ rustls/src/testdata/rsa4096key.pkcs8.der | Bin 0 -> 2376 bytes 2 files changed, 53 insertions(+) create mode 100644 rustls/src/testdata/rsa4096key.pkcs8.der diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index d499ff0bd4..78b291661a 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -521,6 +521,59 @@ mod benchmarks { }); } + #[bench] + fn bench_load_and_validate_rsa2048(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/rsa2048key.pkcs8.der")[..], + )); + + b.iter(|| { + test::black_box(super::any_supported_type(&key).unwrap()); + }); + } + + #[bench] + fn bench_load_and_validate_rsa4096(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/rsa4096key.pkcs8.der")[..], + )); + + b.iter(|| { + test::black_box(super::any_supported_type(&key).unwrap()); + }); + } + + #[bench] + fn bench_load_and_validate_p256(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/nistp256key.pkcs8.der")[..], + )); + + b.iter(|| { + test::black_box(super::any_ecdsa_type(&key).unwrap()); + }); + } + + #[bench] + fn bench_load_and_validate_p384(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/nistp384key.pkcs8.der")[..], + )); + + b.iter(|| { + test::black_box(super::any_ecdsa_type(&key).unwrap()); + }); + } + + #[bench] + fn bench_load_and_validate_eddsa(b: &mut test::Bencher) { + let key = PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/eddsakey.der")[..]); + + b.iter(|| { + test::black_box(super::any_eddsa_type(&key).unwrap()); + }); + } + const SAMPLE_TLS13_MESSAGE: &[u8] = &[ 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, diff --git a/rustls/src/testdata/rsa4096key.pkcs8.der b/rustls/src/testdata/rsa4096key.pkcs8.der new file mode 100644 index 0000000000000000000000000000000000000000..242ea48f1d3919a92c94e8d9d65fcd5c511dd133 GIT binary patch literal 2376 zcmV-O3Agqzf(b+d0RS)!1_>&LNQUwE--=#Dgprj0)heo0NB%EWev&R zcE&J*(TjkbS;*?-g1_@8TxM!g21ylfVnM}q*O{3LX7R;;VA1x@U+v7#V#sK5pW}&I zY3_BFO{^PXjF}PT3GNmTLCb!QPwBx8WJm_VWn&*OPa&t95JrA#c_1=U75*g*Tq zIzN-utvEk2I4*!`JJ)OUI$(gRbY?PZBN<5g`K(o6yUM^w%GI=IY7SOr!Yl5fk)#HN zM;pOOA$zwI-W1@`tqO)DIGhEXhb1SA_|&EPzU$A!oLmrJQ&oHw!Qy^0-B}+Rw?ChT zM~3C_&6`Yi%!GH%`u0q)#`RC7roLT#9?Et&D=r0Ij6Lz2x9ynaD4zHNml0jGzY*t{Z`1LP>o!TkM`%4J=HW7#Kgbc7Y9#gxhC63 z%tl&5WLn>8Yq7#<_;sj~cqB1mk~#=qQG+{NC|_?foXeG+p*+}tN(!@ zz42)_`3_?yB`{Ib>@2Lm^gN91nCjfhIPiowl)S{A+i}HF_@|jD#!qDkkA6#kpHEcW zzv7;PU`<0QtmM^Ggw#K0VvpylJB2G*N4zFDe`fNSCv)>uuDR9<>n{;>rs_v=7ut2}S9aAFbytBp8+(Rm3%df`4h~WmUE9 zrM;kw9Za<7k&=vJM(%?IH6Lf!J#p5I7u4;%z1vsllf#bT@Z*cJDtd;RA+7q2h%*<_ z)jR>2Pyb|hhuX!CPg95o6dr=t9SlH7Fk>(CB*#WoBWlC<%sS##3MU^fNg8R&>f&=6 zUc3G(*djAYVgtGcmbUZAEk#EApJ}1b?c+orl}K5W^faPE=Oc{%}i3oO?$^Kv%j>Nm|gAK^^{Q!xU90RaH-Cv`2izQi{= zE?n^4N~EfH@o}moyX5%mD~{Hu$HrEIRRzTm6%2NKz|kKL_n3+li8C6(itV}FUyWV> z!7}KEiLOAC;TdDqI{BU>fXgd)K}fDcj^7MGw40#HkiUgk7!@IoN4sXbpBiHoC3=>p zuQ?SuU_qaj+USJL;YE5nLvA0K>x#ECd;gO*?Pi@>5*u?SXLJ357LuC`JJ?gIqcOpV zcFxVsyuq{WX#|y>#z>dOp0RX4G;`JN0-u*1=WSmOlSpyv;a9C$jNj|>M$+nw^8Bs7 zb>@kygWe9oT_15dZ2gGbd2=IEL2T`(|5SL&|{+lf&l>l=ov{Vt5~?3 z&#I5Us;=0U*ISEcW~(GT|7(`_gtgz)P6VD>FTY{#e!>l}?C056>mk}Z3iTopKFMEu z|S)#aVx zze>o#@46_2;sURjfQw~KuN>d=s=vS2%yD){s#6@$kz_%z;5-sp0)hbn0L5o~fzUbE z9RC?*{wu42V06I;VY(2WU>QD38AL?VqIJ?(fZ2M7nwj{oiJw zS=#US-d*7~N!07TB4ImGZX(I149?vi6FQs^$|QWTM-Wc2`O2w!M7CKwieLW50m;Y< zIt03m*|Z5NnyO6|OR9hoOSac11087Ibf=Nx$%++?Vfj`0W{;iX5oGDJtG>WjIOA*{ z#tVR^THOe2Ga<dKs`p#p*d0RZB*P*C%p zW;IMyKD6)TdW>B#eycJLS_gYKjPIHvP0<6SUrCtyNS?kDuWR`2KhQBvkL|p6Rv@B7 z@sR`&%VPHIa8)y&Nu-*XWAO!z#w>nM%^qIkIUkCSl5#;|9kk%RK^h@jH(OGy)bhiHlq6@dbR0RaHs>cAcE z^aNor>CxTWxaEe(HNr*KK`wxYnJ)Z2q}*j(#y74cAYPxUPow6 zvt4wi{wR{N`r^>&2aU7_Y=xI8bf?At72=5I9YK$+KFzWaWB=Rfu4f&KtOeq1{la}g zW^1Ld&{I(Ang>N8o=N_>eeiE7Nep>Z5oLuh1KG5EZyy^vvs10MWbQWdQ~Pryq%zGJ zFzVEU@|G(%1Pm1VxtebRw|J?4Wc>1liVTjCT*!BjLY*0DR-0 u@SRCE=^IjcYW~&+HKLQFEfAPx_~)d2a;4y)%DB5&RQzx;H%YK&84%X72%E_O literal 0 HcmV?d00001 From 829471689e6c414b1bc2d51aef541d2ed1a31335 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 3 Oct 2023 11:16:52 -0400 Subject: [PATCH 0228/1145] manual: update to clarify downgrade protection Previously the manual described Rustls not requiring the TLS_FALLBACK_SCSV countermeasure because it "contains no ability to downgrade to earlier protocol versions". With TLS 1.3 and TLS 1.2 support it makes sense to clarify that Rustls has no ability to downgrade from TLS 1.2 to earlier protocol versions, and TLS 1.3 has native downgrade protections to avoid inadvertent downgrade from 1.3 to 1.2. --- rustls/src/manual/tlsvulns.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rustls/src/manual/tlsvulns.rs b/rustls/src/manual/tlsvulns.rs index ebd6453cf5..1ff3043bcd 100644 --- a/rustls/src/manual/tlsvulns.rs +++ b/rustls/src/manual/tlsvulns.rs @@ -120,7 +120,8 @@ is an attack against CBC mode ciphersuites in SSLv3. This was possible in most downgraded to SSLv3 after failed handshakes for later versions. rustls does not support CBC mode ciphersuites, or SSLv3. Note that rustls does not need to implement `TLS_FALLBACK_SCSV` -introduced as a countermeasure because it contains no ability to downgrade to earlier protocol versions. +introduced as a countermeasure because it contains no ability to downgrade from TLS 1.2 to earlier protocol versions, +and TLS 1.3 has protocol-level downgrade protection based on the [ServerHello server random value](https://www.rfc-editor.org/rfc/rfc8446#section-4.1.3). ## GCM nonces From 188e30481e1d23db4bd90b54b7ba5e2f676c249b Mon Sep 17 00:00:00 2001 From: Josh Aas Date: Sat, 16 Sep 2023 19:13:37 -0400 Subject: [PATCH 0229/1145] docs: clarify self-signed certificate limitation The self-signed certificate limitation imposed by the default webpki certificate verifier is somewhat nuanced. This commit updates the README to reflect some of this nuance. --- README.md | 6 +++++- rustls/src/lib.rs | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1da5b7a586..c272e12837 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,11 @@ rustls does not and will not support: * TLS 1.2 protocol compression. * Discrete-log Diffie-Hellman. * Automatic protocol version downgrade. -* Self-signed certificates. +* Using CA certificates directly to authenticate a server/client (often called "self-signed +certificates"). _Rustls' default certificate verifier does not support using a trust anchor as +both a CA certificate and an end-entity certificate in order to limit complexity and risk in +path building. While dangerous, all authentication can be turned off if required -- +see the [example code](https://github.com/rustls/rustls/blob/992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de/examples/src/bin/tlsclient-mio.rs#L318)_. There are plenty of other libraries that provide these features should you need them. diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 59ed2af10e..0d0a0157a8 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -43,7 +43,11 @@ //! * TLS 1.2 protocol compression. //! * Discrete-log Diffie-Hellman. //! * Automatic protocol version downgrade. -//! * Self-signed certificates. +//! * Using CA certificates directly to authenticate a server/client (often called "self-signed +//! certificates"). _Rustls' default certificate verifier does not support using a trust anchor as +//! both a CA certificate and an end-entity certificate in order to limit complexity and risk in +//! path building. While dangerous, all authentication can be turned off if required -- +//! see the [example code](https://github.com/rustls/rustls/blob/992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de/examples/src/bin/tlsclient-mio.rs#L318)_. //! //! There are plenty of other libraries that provide these features should you //! need them. From 40fdc4495cab1356eec83af29419af71f6f035b3 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 4 Oct 2023 15:02:40 +0200 Subject: [PATCH 0230/1145] Group Dependabot updates into a single PR --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1064e01392..ce1ffcc9c8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,6 +5,10 @@ updates: schedule: interval: weekly open-pull-requests-limit: 10 + groups: + crates-io: + patterns: + - "*" - package-ecosystem: github-actions directory: "/" schedule: From 9f9f5f1c341be1c15c47712f994898c4961042ff Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 4 Oct 2023 14:18:42 +0200 Subject: [PATCH 0231/1145] Drop rust-version metadata for internal crates --- connect-tests/Cargo.toml | 1 - examples/Cargo.toml | 1 - provider-example/Cargo.toml | 1 - 3 files changed, 3 deletions(-) diff --git a/connect-tests/Cargo.toml b/connect-tests/Cargo.toml index f4633d4a4a..e9e5dab0fc 100644 --- a/connect-tests/Cargo.toml +++ b/connect-tests/Cargo.toml @@ -2,7 +2,6 @@ name = "rustls-connect-tests" version = "0.0.1" edition = "2021" -rust-version = "1.60" license = "Apache-2.0 OR ISC OR MIT" description = "Rustls connectivity based integration tests." publish = false diff --git a/examples/Cargo.toml b/examples/Cargo.toml index f21f52df4a..1d9570bf4e 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -2,7 +2,6 @@ name = "rustls-examples" version = "0.0.1" edition = "2021" -rust-version = "1.60" license = "Apache-2.0 OR ISC OR MIT" description = "Rustls example code and tests." publish = false diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 3533b30c78..943cb89cfd 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -2,7 +2,6 @@ name = "rustls-provider-example" version = "0.0.1" edition = "2021" -rust-version = "1.60" license = "Apache-2.0 OR ISC OR MIT" description = "Example of rustls with custom crypto provider." publish = false From 2a94f9b2ab5e976413ebce8e625bdaf610f9c754 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 2 Oct 2023 11:54:48 +0200 Subject: [PATCH 0232/1145] Bump MSRV to 1.61 --- .github/workflows/build.yml | 2 +- README.md | 2 +- rustls/Cargo.toml | 2 +- rustls/src/lib.rs | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0810e84afa..482d121525 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -61,7 +61,7 @@ jobs: - uses: dtolnay/rust-toolchain@master with: - toolchain: "1.60" + toolchain: "1.61" - run: cargo check --locked --lib --all-features -p rustls diff --git a/README.md b/README.md index c272e12837..7217380dab 100644 --- a/README.md +++ b/README.md @@ -90,7 +90,7 @@ supported by `ring`. At the time of writing, this means x86, x86-64, armv7, and aarch64. For more information, see [the supported `ring` CI targets](https://github.com/briansmith/ring/blob/9cc0d45f4d8521f467bb3a621e74b1535e118188/.github/workflows/ci.yml#L151-L167). -Rustls requires Rust 1.60 or later. +Rustls requires Rust 1.61 or later. # Example code There are two example programs which use diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 4b1890625b..0318dc86d8 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -2,7 +2,7 @@ name = "rustls" version = "0.22.0-alpha.3" edition = "2021" -rust-version = "1.60" +rust-version = "1.61" license = "Apache-2.0 OR ISC OR MIT" readme = "../README.md" description = "Rustls is a modern TLS library written in Rust." diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 0d0a0157a8..2aba956e7f 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -61,7 +61,7 @@ //! aarch64. For more information, see [the supported `ring` CI //! targets](https://github.com/briansmith/ring/blob/9cc0d45f4d8521f467bb3a621e74b1535e118188/.github/workflows/ci.yml#L151-L167). //! -//! Rustls requires Rust 1.60 or later. +//! Rustls requires Rust 1.61 or later. //! //! ## Design Overview //! ### Rustls does not take care of network IO From b409df3b28dd3fc46f04b8603e4cd87343b0897b Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 5 Oct 2023 13:36:14 +0100 Subject: [PATCH 0233/1145] Take `clap` 4.4.6 --- Cargo.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0e2ae3149f..13021542d8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -23,9 +23,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.5.0" +version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1f58811cfac344940f1a400b6e6231ce35171f614f26439e80f8c1465c5cc0c" +checksum = "2ab91ebe16eb252986481c5b62f6098f3b698a45e34b5b98200cf20dd2484a44" dependencies = [ "anstyle", "anstyle-parse", @@ -61,9 +61,9 @@ dependencies = [ [[package]] name = "anstyle-wincon" -version = "2.1.0" +version = "3.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58f54d10c6dfa51283a066ceab3ec1ab78d13fae00aa49243a45e4571fb79dfd" +checksum = "f0699d10d2f4d628a98ee7b57b289abbc98ff3bad977cb3152709d4bf2330628" dependencies = [ "anstyle", "windows-sys", @@ -178,9 +178,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.5" +version = "4.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "824956d0dca8334758a5b7f7e50518d66ea319330cbceedcf76905c2f6ab30e3" +checksum = "d04704f56c2cde07f43e8e2c154b43f216dc5c92fc98ada720177362f953b956" dependencies = [ "clap_builder", "clap_derive", @@ -188,9 +188,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.5" +version = "4.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "122ec64120a49b4563ccaedcbea7818d069ed8e9aa6d829b82d8a4128936b2ab" +checksum = "0e231faeaca65ebd1ea3c737966bf858971cd38c3849107aa3ea7de90a804e45" dependencies = [ "anstream", "anstyle", From 47cae34706377fe9c15c98589cb946cc54d08851 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 6 Oct 2023 10:29:10 +0100 Subject: [PATCH 0234/1145] fuzz: remove unused webpki dependency --- fuzz/Cargo.lock | 13 +------------ fuzz/Cargo.toml | 3 --- fuzz/fuzzers/client.rs | 1 - 3 files changed, 1 insertion(+), 16 deletions(-) diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index b8cb734e06..b7552b735d 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -105,7 +105,7 @@ dependencies = [ "log", "ring", "rustls-pki-types", - "rustls-webpki 0.102.0-alpha.3", + "rustls-webpki", "subtle", ] @@ -115,7 +115,6 @@ version = "0.0.1" dependencies = [ "libfuzzer-sys", "rustls", - "rustls-webpki 0.101.6", ] [[package]] @@ -124,16 +123,6 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a47003264dea418db67060fa420ad16d0d2f8f0a0360d825c00e177ac52cb5d8" -[[package]] -name = "rustls-webpki" -version = "0.101.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe" -dependencies = [ - "ring", - "untrusted", -] - [[package]] name = "rustls-webpki" version = "0.102.0-alpha.3" diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index 174939575e..dcd90c6102 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -9,9 +9,6 @@ edition = "2021" [package.metadata] cargo-fuzz = true -[dependencies] -webpki = { package = "rustls-webpki", version = "0.101.0", features = ["alloc", "std"] } - [dependencies.rustls] path = "../rustls" [dependencies.libfuzzer-sys] diff --git a/fuzz/fuzzers/client.rs b/fuzz/fuzzers/client.rs index 42c931d6e4..738ac326e7 100644 --- a/fuzz/fuzzers/client.rs +++ b/fuzz/fuzzers/client.rs @@ -2,7 +2,6 @@ #[macro_use] extern crate libfuzzer_sys; extern crate rustls; -extern crate webpki; use rustls::{ClientConfig, ClientConnection, RootCertStore}; use std::io; From 8e64ed10b9637dfe1431b64501748cd1ac298878 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 2 Oct 2023 11:39:11 +0200 Subject: [PATCH 0235/1145] Upgrade to ring 0.17 --- Cargo.lock | 44 +++++++++--- README.md | 8 ++- fuzz/Cargo.lock | 119 +++++++++++++++++++++++++++++++-- rustls/Cargo.toml | 2 +- rustls/src/crypto/ring/hash.rs | 2 +- rustls/src/crypto/ring/hmac.rs | 4 +- rustls/src/crypto/ring/kx.rs | 6 +- rustls/src/crypto/ring/sign.rs | 11 +-- rustls/src/lib.rs | 8 ++- 9 files changed, 173 insertions(+), 31 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 13021542d8..0acce789ee 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -496,7 +496,7 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" dependencies = [ - "spin", + "spin 0.5.2", ] [[package]] @@ -747,7 +747,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "52c4f3084aa3bc7dfbba4eff4fab2a54db4324965d8872ab933565e6fbd83bc6" dependencies = [ "pem", - "ring", + "ring 0.16.20", "time", "yasna", ] @@ -790,12 +790,26 @@ dependencies = [ "cc", "libc", "once_cell", - "spin", - "untrusted", + "spin 0.5.2", + "untrusted 0.7.1", "web-sys", "winapi", ] +[[package]] +name = "ring" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb9d44f9bf6b635117787f72416783eb7e4227aaf255e5ce739563d817176a7e" +dependencies = [ + "cc", + "getrandom", + "libc", + "spin 0.9.8", + "untrusted 0.9.0", + "windows-sys", +] + [[package]] name = "rsa" version = "0.9.2" @@ -849,7 +863,7 @@ dependencies = [ "bencher", "env_logger", "log", - "ring", + "ring 0.17.0", "rustls-pemfile", "rustls-pki-types", "rustls-webpki", @@ -878,7 +892,7 @@ name = "rustls-connect-tests" version = "0.0.1" dependencies = [ "regex", - "ring", + "ring 0.16.20", "rustls", ] @@ -892,7 +906,7 @@ dependencies = [ "mio", "rcgen", "regex", - "ring", + "ring 0.16.20", "rustls", "rustls-pemfile", "rustls-pki-types", @@ -941,9 +955,9 @@ version = "0.102.0-alpha.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77fecb40b15f8d5d22e08f89e0a0bfa2c17ddd5fc385700f96920bba2b99b680" dependencies = [ - "ring", + "ring 0.16.20", "rustls-pki-types", - "untrusted", + "untrusted 0.7.1", ] [[package]] @@ -1017,6 +1031,12 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + [[package]] name = "spki" version = "0.7.2" @@ -1104,6 +1124,12 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + [[package]] name = "utf8parse" version = "0.2.1" diff --git a/README.md b/README.md index 7217380dab..245b1fbce3 100644 --- a/README.md +++ b/README.md @@ -86,12 +86,14 @@ need them. While Rustls itself is platform independent, it uses [`ring`](https://crates.io/crates/ring) for implementing the cryptography in TLS. As a result, rustls only runs on platforms -supported by `ring`. At the time of writing, this means x86, x86-64, armv7, and -aarch64. For more information, see [the supported `ring` CI -targets](https://github.com/briansmith/ring/blob/9cc0d45f4d8521f467bb3a621e74b1535e118188/.github/workflows/ci.yml#L151-L167). +supported by `ring`. At the time of writing, this means x86, x86-64, aarch64, +armv7, powerpc64le, riscv64gc and s390x. For more information, see [the +supported `ring` CI targets][ring-ci-targets]. Rustls requires Rust 1.61 or later. +[ring-ci-targets]: https://github.com/briansmith/ring/blob/d34858a918b04127d085cdbc20325263bf8fdd36/.github/workflows/ci.yml#L171-L190 + # Example code There are two example programs which use [mio](https://github.com/carllerche/mio) to do asynchronous IO. diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index b7552b735d..b4659877ef 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -29,6 +29,17 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "getrandom" +version = "0.2.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + [[package]] name = "js-sys" version = "0.3.64" @@ -92,18 +103,32 @@ dependencies = [ "cc", "libc", "once_cell", - "spin", - "untrusted", + "spin 0.5.2", + "untrusted 0.7.1", "web-sys", "winapi", ] +[[package]] +name = "ring" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb9d44f9bf6b635117787f72416783eb7e4227aaf255e5ce739563d817176a7e" +dependencies = [ + "cc", + "getrandom", + "libc", + "spin 0.9.8", + "untrusted 0.9.0", + "windows-sys", +] + [[package]] name = "rustls" version = "0.22.0-alpha.3" dependencies = [ "log", - "ring", + "ring 0.17.0", "rustls-pki-types", "rustls-webpki", "subtle", @@ -129,9 +154,9 @@ version = "0.102.0-alpha.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77fecb40b15f8d5d22e08f89e0a0bfa2c17ddd5fc385700f96920bba2b99b680" dependencies = [ - "ring", + "ring 0.16.20", "rustls-pki-types", - "untrusted", + "untrusted 0.7.1", ] [[package]] @@ -140,6 +165,12 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + [[package]] name = "subtle" version = "2.5.0" @@ -169,6 +200,18 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + [[package]] name = "wasm-bindgen" version = "0.2.87" @@ -254,3 +297,69 @@ name = "winapi-x86_64-pc-windows-gnu" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "windows-sys" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" + +[[package]] +name = "windows_i686_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" + +[[package]] +name = "windows_i686_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 0318dc86d8..57ffa5b97b 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -17,7 +17,7 @@ rustversion = { version = "1.0.6", optional = true } [dependencies] log = { version = "0.4.4", optional = true } -ring = { version = "0.16.20", optional = true } +ring = { version = "0.17", optional = true } subtle = "2.5.0" webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.3", features = ["alloc", "std"], default-features = false } pki-types = { package = "rustls-pki-types", version = "0.2.1", features = ["std"] } diff --git a/rustls/src/crypto/ring/hash.rs b/rustls/src/crypto/ring/hash.rs index fd8b9e74d4..2cc31970ab 100644 --- a/rustls/src/crypto/ring/hash.rs +++ b/rustls/src/crypto/ring/hash.rs @@ -19,7 +19,7 @@ impl crypto::hash::Hash for Hash { } fn output_len(&self) -> usize { - self.0.output_len + self.0.output_len() } fn algorithm(&self) -> HashAlgorithm { diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index b84d1b9164..b415f81b8f 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -14,7 +14,7 @@ impl crypto::hmac::Hmac for Hmac { } fn hash_output_len(&self) -> usize { - self.0.digest_algorithm().output_len + self.0.digest_algorithm().output_len() } } @@ -35,7 +35,7 @@ impl crypto::hmac::Key for Key { self.0 .algorithm() .digest_algorithm() - .output_len + .output_len() } } diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index c0167e5e77..12df8fbe15 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -84,10 +84,10 @@ impl ActiveKeyExchange for KeyExchange { /// Completes the key exchange, given the peer's public key. fn complete(self: Box, peer: &[u8]) -> Result { let peer_key = UnparsedPublicKey::new(self.agreement_algorithm, peer); - agree_ephemeral(self.priv_key, &peer_key, (), |secret| { - Ok(SharedSecret::from(secret)) + agree_ephemeral(self.priv_key, &peer_key, |secret| { + SharedSecret::from(secret) }) - .map_err(|()| PeerMisbehaved::InvalidKeyShare.into()) + .map_err(|_| PeerMisbehaved::InvalidKeyShare.into()) } /// Return the group being used. diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index 78b291661a..1a08654caa 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -5,6 +5,7 @@ use crate::x509::{wrap_in_asn1_len, wrap_in_sequence}; use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; use ring::io::der; +use ring::rand::{SecureRandom, SystemRandom}; use ring::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; use alloc::sync::Arc; @@ -136,7 +137,7 @@ impl RsaSigner { impl Signer for RsaSigner { fn sign(&self, message: &[u8]) -> Result, Error> { - let mut sig = vec![0; self.key.public_modulus_len()]; + let mut sig = vec![0; self.key.public().modulus_len()]; let rng = ring::rand::SystemRandom::new(); self.key @@ -175,12 +176,13 @@ impl EcdsaSigningKey { scheme: SignatureScheme, sigalg: &'static signature::EcdsaSigningAlgorithm, ) -> Result { + let rng = SystemRandom::new(); let key_pair = match der { PrivateKeyDer::Sec1(sec1) => { - Self::convert_sec1_to_pkcs8(scheme, sigalg, sec1.secret_sec1_der())? + Self::convert_sec1_to_pkcs8(scheme, sigalg, sec1.secret_sec1_der(), &rng)? } PrivateKeyDer::Pkcs8(pkcs8) => { - EcdsaKeyPair::from_pkcs8(sigalg, pkcs8.secret_pkcs8_der()).map_err(|_| ())? + EcdsaKeyPair::from_pkcs8(sigalg, pkcs8.secret_pkcs8_der(), &rng).map_err(|_| ())? } _ => return Err(()), }; @@ -198,6 +200,7 @@ impl EcdsaSigningKey { scheme: SignatureScheme, sigalg: &'static signature::EcdsaSigningAlgorithm, maybe_sec1_der: &[u8], + rng: &dyn SecureRandom, ) -> Result { let pkcs8_prefix = match scheme { SignatureScheme::ECDSA_NISTP256_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256, @@ -216,7 +219,7 @@ impl EcdsaSigningKey { pkcs8.extend_from_slice(&sec1_wrap); wrap_in_sequence(&mut pkcs8); - EcdsaKeyPair::from_pkcs8(sigalg, &pkcs8).map_err(|_| ()) + EcdsaKeyPair::from_pkcs8(sigalg, &pkcs8, rng).map_err(|_| ()) } } diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 2aba956e7f..c200709e4d 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -57,12 +57,14 @@ //! While Rustls itself is platform independent, it uses //! [`ring`](https://crates.io/crates/ring) for implementing the cryptography in //! TLS. As a result, rustls only runs on platforms -//! supported by `ring`. At the time of writing, this means x86, x86-64, armv7, and -//! aarch64. For more information, see [the supported `ring` CI -//! targets](https://github.com/briansmith/ring/blob/9cc0d45f4d8521f467bb3a621e74b1535e118188/.github/workflows/ci.yml#L151-L167). +//! supported by `ring`. At the time of writing, this means x86, x86-64, aarch64, +//! armv7, powerpc64le, riscv64gc and s390x. For more information, see [the +//! supported `ring` CI targets][ring-ci-targets]. //! //! Rustls requires Rust 1.61 or later. //! +//! [ring-ci-targets]: https://github.com/briansmith/ring/blob/d34858a918b04127d085cdbc20325263bf8fdd36/.github/workflows/ci.yml#L171-L190 +//! //! ## Design Overview //! ### Rustls does not take care of network IO //! It doesn't make or accept TCP connections, or do DNS, or read or write files. From 092a6af3dbc8b0b714b66e28ab0df0c4787cf125 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 3 Oct 2023 07:52:51 +0100 Subject: [PATCH 0236/1145] Take rustls-webpki 0.102.0-alpha.4 --- Cargo.lock | 8 +- fuzz/Cargo.lock | 183 ++---------------------------------- rustls/Cargo.toml | 2 +- rustls/src/webpki/verify.rs | 50 +++++----- 4 files changed, 41 insertions(+), 202 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0acce789ee..23cee8ed8c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -951,13 +951,13 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.102.0-alpha.3" +version = "0.102.0-alpha.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77fecb40b15f8d5d22e08f89e0a0bfa2c17ddd5fc385700f96920bba2b99b680" +checksum = "aa3ae0c05ae540f6d9089b731c26e49863058f03082dcef070df987bcc8db7ba" dependencies = [ - "ring 0.16.20", + "ring 0.17.0", "rustls-pki-types", - "untrusted 0.7.1", + "untrusted 0.9.0", ] [[package]] diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index b4659877ef..cb216a7f4c 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -8,12 +8,6 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64cf76cb6e2222ed0ea86b2b0ee2f71c96ec6edd5af42e84d59160e91b836ec4" -[[package]] -name = "bumpalo" -version = "3.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" - [[package]] name = "cc" version = "1.0.83" @@ -40,15 +34,6 @@ dependencies = [ "wasi", ] -[[package]] -name = "js-sys" -version = "0.3.64" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" -dependencies = [ - "wasm-bindgen", -] - [[package]] name = "libc" version = "0.2.148" @@ -70,45 +55,6 @@ version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" -[[package]] -name = "once_cell" -version = "1.18.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" - -[[package]] -name = "proc-macro2" -version = "1.0.67" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d433d9f1a3e8c1263d9456598b16fec66f4acc9a74dacffd35c7bb09b3a1328" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "quote" -version = "1.0.33" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin 0.5.2", - "untrusted 0.7.1", - "web-sys", - "winapi", -] - [[package]] name = "ring" version = "0.17.0" @@ -118,8 +64,8 @@ dependencies = [ "cc", "getrandom", "libc", - "spin 0.9.8", - "untrusted 0.9.0", + "spin", + "untrusted", "windows-sys", ] @@ -128,7 +74,7 @@ name = "rustls" version = "0.22.0-alpha.3" dependencies = [ "log", - "ring 0.17.0", + "ring", "rustls-pki-types", "rustls-webpki", "subtle", @@ -150,21 +96,15 @@ checksum = "a47003264dea418db67060fa420ad16d0d2f8f0a0360d825c00e177ac52cb5d8" [[package]] name = "rustls-webpki" -version = "0.102.0-alpha.3" +version = "0.102.0-alpha.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77fecb40b15f8d5d22e08f89e0a0bfa2c17ddd5fc385700f96920bba2b99b680" +checksum = "aa3ae0c05ae540f6d9089b731c26e49863058f03082dcef070df987bcc8db7ba" dependencies = [ - "ring 0.16.20", + "ring", "rustls-pki-types", - "untrusted 0.7.1", + "untrusted", ] -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - [[package]] name = "spin" version = "0.9.8" @@ -177,29 +117,6 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" -[[package]] -name = "syn" -version = "2.0.37" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7303ef2c05cd654186cb250d29049a24840ca25d2747c25c0381c8d9e2f582e8" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "unicode-ident" -version = "1.0.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" - -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - [[package]] name = "untrusted" version = "0.9.0" @@ -212,92 +129,6 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "wasm-bindgen" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" -dependencies = [ - "cfg-if", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" -dependencies = [ - "bumpalo", - "log", - "once_cell", - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" - -[[package]] -name = "web-sys" -version = "0.3.64" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b" -dependencies = [ - "js-sys", - "wasm-bindgen", -] - -[[package]] -name = "winapi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" -dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", -] - -[[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" - -[[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" - [[package]] name = "windows-sys" version = "0.48.0" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 57ffa5b97b..104310a62c 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -19,7 +19,7 @@ rustversion = { version = "1.0.6", optional = true } log = { version = "0.4.4", optional = true } ring = { version = "0.17", optional = true } subtle = "2.5.0" -webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.3", features = ["alloc", "std"], default-features = false } +webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.4", features = ["alloc", "std"], default-features = false } pki-types = { package = "rustls-pki-types", version = "0.2.1", features = ["std"] } [features] diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 92091fbc79..ad6cd7b15c 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -2,6 +2,8 @@ use alloc::sync::Arc; use core::fmt; use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime}; +#[cfg(feature = "ring")] +use webpki::ring as webpki_algs; use super::anchors::RootCertStore; use super::client_verifier_builder::ClientCertVerifierBuilder; @@ -470,53 +472,59 @@ impl WebPkiSupportedAlgorithms { #[cfg(feature = "ring")] pub(crate) static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { all: &[ - webpki::ECDSA_P256_SHA256, - webpki::ECDSA_P256_SHA384, - webpki::ECDSA_P384_SHA256, - webpki::ECDSA_P384_SHA384, - webpki::ED25519, - webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, - webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, - webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, - webpki::RSA_PKCS1_2048_8192_SHA256, - webpki::RSA_PKCS1_2048_8192_SHA384, - webpki::RSA_PKCS1_2048_8192_SHA512, - webpki::RSA_PKCS1_3072_8192_SHA384, + webpki_algs::ECDSA_P256_SHA256, + webpki_algs::ECDSA_P256_SHA384, + webpki_algs::ECDSA_P384_SHA256, + webpki_algs::ECDSA_P384_SHA384, + webpki_algs::ED25519, + webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, + webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, + webpki_algs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, + webpki_algs::RSA_PKCS1_2048_8192_SHA256, + webpki_algs::RSA_PKCS1_2048_8192_SHA384, + webpki_algs::RSA_PKCS1_2048_8192_SHA512, + webpki_algs::RSA_PKCS1_3072_8192_SHA384, ], mapping: &[ // nb. for TLS1.2 the curve is not fixed by SignatureScheme. for TLS1.3 it is. ( SignatureScheme::ECDSA_NISTP384_SHA384, - &[webpki::ECDSA_P384_SHA384, webpki::ECDSA_P256_SHA384], + &[ + webpki_algs::ECDSA_P384_SHA384, + webpki_algs::ECDSA_P256_SHA384, + ], ), ( SignatureScheme::ECDSA_NISTP256_SHA256, - &[webpki::ECDSA_P256_SHA256, webpki::ECDSA_P384_SHA256], + &[ + webpki_algs::ECDSA_P256_SHA256, + webpki_algs::ECDSA_P384_SHA256, + ], ), - (SignatureScheme::ED25519, &[webpki::ED25519]), + (SignatureScheme::ED25519, &[webpki_algs::ED25519]), ( SignatureScheme::RSA_PSS_SHA512, - &[webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY], + &[webpki_algs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY], ), ( SignatureScheme::RSA_PSS_SHA384, - &[webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY], + &[webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY], ), ( SignatureScheme::RSA_PSS_SHA256, - &[webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY], + &[webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY], ), ( SignatureScheme::RSA_PKCS1_SHA512, - &[webpki::RSA_PKCS1_2048_8192_SHA512], + &[webpki_algs::RSA_PKCS1_2048_8192_SHA512], ), ( SignatureScheme::RSA_PKCS1_SHA384, - &[webpki::RSA_PKCS1_2048_8192_SHA384], + &[webpki_algs::RSA_PKCS1_2048_8192_SHA384], ), ( SignatureScheme::RSA_PKCS1_SHA256, - &[webpki::RSA_PKCS1_2048_8192_SHA256], + &[webpki_algs::RSA_PKCS1_2048_8192_SHA256], ), ], }; From 7edbfb999b352aa09fe669e9103d8155d7e7d890 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 6 Oct 2023 11:54:28 -0400 Subject: [PATCH 0237/1145] docs: add more import advice to CONTRIBUTING.md --- CONTRIBUTING.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a3071f5f72..3ca8a68640 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -269,6 +269,18 @@ We use 3 blocks of imports in our Rust files: We believe that this makes it easier to see where a particular import comes from. +Within the import blocks we prefer to separate imports that don't share a parent +module. For example, + +```rust +// Incorrect +use alloc::{format, vec::Vec}; + +// Correct +use alloc::format; +use alloc::vec::Vec; +``` + We prefer to reference types and traits by an imported symbol name instead of using qualified references. Qualification paths generally add noise and are unnecessary. The one exception to this is when the symbol name is overly From 2dbae4995c0bb493b7164489bae31f1fba0f0e48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Tue, 10 Oct 2023 11:37:42 +0200 Subject: [PATCH 0238/1145] ci-bench: save cachegrind logs --- ci-bench/README.md | 4 +++- ci-bench/src/cachegrind.rs | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ci-bench/README.md b/ci-bench/README.md index d869c4846f..2f38c04bcf 100644 --- a/ci-bench/README.md +++ b/ci-bench/README.md @@ -33,7 +33,9 @@ handshake_no_resume_1.3_rsa_aes_client,4212770 ``` In the `cachegrind` subdirectory you will find output files emitted by the `cachegrind` tool, which -are useful to report detailed instruction count differences when comparing two benchmark runs. +are useful to report detailed instruction count differences when comparing two benchmark runs. This +subdirectory also contains log information from cachegrind itself (in `.log` files), which can be +used to diagnose unexpected cachegrind crashes. ### Comparing results diff --git a/ci-bench/src/cachegrind.rs b/ci-bench/src/cachegrind.rs index 537aafd5ec..3b743d7539 100644 --- a/ci-bench/src/cachegrind.rs +++ b/ci-bench/src/cachegrind.rs @@ -132,6 +132,7 @@ impl CachegrindRunner { output_dir: &Path, ) -> anyhow::Result { let cachegrind_output_file = output_dir.join(name); + let cachegrind_log_file = output_dir.join(format!("{name}.log")); // Run under setarch to disable ASLR, to reduce noise let mut cmd = Command::new("setarch"); @@ -141,9 +142,9 @@ impl CachegrindRunner { .arg("--tool=cachegrind") // Disable the cache simulation, since we are only interested in instruction counts .arg("--cache-sim=no") - // Discard cachegrind's logs, which would otherwise be printed to stderr (we want to + // Save cachegrind's logs, which would otherwise be printed to stderr (we want to // keep stderr free of noise, to see any errors from the child process) - .arg("--log-file=/dev/null") + .arg(format!("--log-file={}", cachegrind_log_file.display())) // The file where the instruction counts will be stored .arg(format!( "--cachegrind-out-file={}", From 47c0450ce954e2481c9af65578436d63a4d56751 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 9 Oct 2023 10:37:35 +0200 Subject: [PATCH 0239/1145] Remove unused dev-dependencies in examples crate --- Cargo.lock | 2 -- examples/Cargo.toml | 4 ---- 2 files changed, 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 23cee8ed8c..18481341b5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -905,8 +905,6 @@ dependencies = [ "log", "mio", "rcgen", - "regex", - "ring 0.16.20", "rustls", "rustls-pemfile", "rustls-pki-types", diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 1d9570bf4e..227f8c949a 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -21,7 +21,3 @@ rustls-pemfile = "=2.0.0-alpha.1" serde = "1.0" serde_derive = "1.0" webpki-roots = "=0.26.0-alpha.1" - -[dev-dependencies] -regex = "1.9" -ring = "0.16.20" From 8a150a9a9303f1ae48e2d22dfe81d6db350e0d3d Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 9 Oct 2023 10:08:31 +0200 Subject: [PATCH 0240/1145] Use ring 0.17 in dev-dependencies --- Cargo.lock | 2 +- connect-tests/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 18481341b5..cc430f595a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -892,7 +892,7 @@ name = "rustls-connect-tests" version = "0.0.1" dependencies = [ "regex", - "ring 0.16.20", + "ring 0.17.0", "rustls", ] diff --git a/connect-tests/Cargo.toml b/connect-tests/Cargo.toml index e9e5dab0fc..1cf87a252c 100644 --- a/connect-tests/Cargo.toml +++ b/connect-tests/Cargo.toml @@ -14,4 +14,4 @@ rustls = { path = "../rustls", features = [ "logging" ]} [dev-dependencies] regex = "1.0" -ring = "0.16.20" +ring = "0.17" From 76ca8203e088bb8d2d2be9d28e31a86e9410ae06 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 9 Oct 2023 10:09:29 +0200 Subject: [PATCH 0241/1145] Update ring to 0.17.2 --- Cargo.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cc430f595a..5335d31092 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -798,9 +798,9 @@ dependencies = [ [[package]] name = "ring" -version = "0.17.0" +version = "0.17.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb9d44f9bf6b635117787f72416783eb7e4227aaf255e5ce739563d817176a7e" +checksum = "911b295d2d302948838c8ac142da1ee09fa7863163b44e6715bc9357905878b8" dependencies = [ "cc", "getrandom", @@ -863,7 +863,7 @@ dependencies = [ "bencher", "env_logger", "log", - "ring 0.17.0", + "ring 0.17.2", "rustls-pemfile", "rustls-pki-types", "rustls-webpki", @@ -892,7 +892,7 @@ name = "rustls-connect-tests" version = "0.0.1" dependencies = [ "regex", - "ring 0.17.0", + "ring 0.17.2", "rustls", ] @@ -953,7 +953,7 @@ version = "0.102.0-alpha.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "aa3ae0c05ae540f6d9089b731c26e49863058f03082dcef070df987bcc8db7ba" dependencies = [ - "ring 0.17.0", + "ring 0.17.2", "rustls-pki-types", "untrusted 0.9.0", ] From 21484e16a2804db9adbe1ec2abd53597f5a4e074 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 9 Oct 2023 10:09:50 +0200 Subject: [PATCH 0242/1145] Update semver-compatible dependencies --- Cargo.lock | 59 ++++++++++++++++++++++-------------------------------- 1 file changed, 24 insertions(+), 35 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5335d31092..a0075e4061 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -37,15 +37,15 @@ dependencies = [ [[package]] name = "anstyle" -version = "1.0.3" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b84bf0a05bbb2a83e5eb6fa36bb6e87baa08193c35ff52bbf6b38d8af2890e46" +checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87" [[package]] name = "anstyle-parse" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "938874ff5980b03a87c5524b3ae5b59cf99b1d6bc836848df7bc5ada9643c333" +checksum = "317b9a89c1868f5ea6ff1d9539a69f45dffc21ce321ac1fd1160dfa48c8e2140" dependencies = [ "utf8parse", ] @@ -122,9 +122,9 @@ checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" [[package]] name = "byteorder" -version = "1.4.3" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "cc" @@ -370,25 +370,14 @@ dependencies = [ [[package]] name = "errno" -version = "0.3.3" +version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "136526188508e25c6fef639d7927dfb3e0e3084488bf202267829cf7fc23dbdd" +checksum = "ac3e13f66a2f95e32a39eaa81f6b95d42878ca0e1db0c7543723dfe12557e860" dependencies = [ - "errno-dragonfly", "libc", "windows-sys", ] -[[package]] -name = "errno-dragonfly" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf" -dependencies = [ - "cc", - "libc", -] - [[package]] name = "fiat-crypto" version = "0.2.1" @@ -501,21 +490,21 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.148" +version = "0.2.149" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b" +checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b" [[package]] name = "libm" -version = "0.2.7" +version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7012b1bbb0719e1097c47611d3898568c546d597c2e74d66f6087edd5233ff4" +checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" [[package]] name = "linux-raw-sys" -version = "0.4.7" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a9bad9f94746442c783ca431b22403b519cd7fbeed0533fdd6328b2f2212128" +checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f" [[package]] name = "log" @@ -525,9 +514,9 @@ checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" [[package]] name = "memchr" -version = "2.6.3" +version = "2.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f232d6ef707e1956a43342693d2a31e72989554d58299d7a88738cc95b0d35c" +checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" [[package]] name = "memoffset" @@ -590,9 +579,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.16" +version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f30b0abd723be7e2ffca1272140fac1a2f084c77ec3e123c192b66af1ee9e6c2" +checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" dependencies = [ "autocfg", "libm", @@ -675,9 +664,9 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "proc-macro2" -version = "1.0.67" +version = "1.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d433d9f1a3e8c1263d9456598b16fec66f4acc9a74dacffd35c7bb09b3a1328" +checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" dependencies = [ "unicode-ident", ] @@ -844,9 +833,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.14" +version = "0.38.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "747c788e9ce8e92b12cd485c49ddf90723550b654b32508f979b71a7b1ecda4f" +checksum = "f25469e9ae0f3d0047ca8b93fc56843f38e6774f0914a107ff8b41be8be8e0b7" dependencies = [ "bitflags", "errno", @@ -1059,9 +1048,9 @@ checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" [[package]] name = "syn" -version = "2.0.37" +version = "2.0.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7303ef2c05cd654186cb250d29049a24840ca25d2747c25c0381c8d9e2f582e8" +checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b" dependencies = [ "proc-macro2", "quote", From 5427a4d6e99ffcb67ffa1adcb9d690e320c8de57 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 16:32:26 +0200 Subject: [PATCH 0243/1145] use `core::prelude` instead of `std::prelude` --- rustls/src/builder.rs | 2 ++ rustls/src/client/builder.rs | 3 ++- rustls/src/client/client_conn.rs | 4 +++- rustls/src/client/common.rs | 2 ++ rustls/src/client/handy.rs | 2 ++ rustls/src/client/hs.rs | 4 ++++ rustls/src/client/tls12.rs | 4 ++++ rustls/src/client/tls13.rs | 3 +++ rustls/src/common_state.rs | 3 +++ rustls/src/conn.rs | 1 + rustls/src/crypto/cipher.rs | 2 ++ rustls/src/crypto/hash.rs | 2 ++ rustls/src/crypto/hmac.rs | 2 ++ rustls/src/crypto/mod.rs | 2 ++ rustls/src/crypto/ring/hash.rs | 2 ++ rustls/src/crypto/ring/hmac.rs | 2 ++ rustls/src/crypto/ring/kx.rs | 1 + rustls/src/crypto/ring/quic.rs | 2 ++ rustls/src/crypto/ring/sign.rs | 4 ++++ rustls/src/crypto/ring/ticketer.rs | 2 ++ rustls/src/crypto/ring/tls12.rs | 3 +++ rustls/src/crypto/ring/tls13.rs | 3 +++ rustls/src/crypto/signer.rs | 2 ++ rustls/src/dns_name.rs | 1 + rustls/src/error.rs | 3 +++ rustls/src/hash_hs.rs | 3 +++ rustls/src/hkdf.rs | 2 ++ rustls/src/key_log_file.rs | 3 +++ rustls/src/lib.rs | 8 ++++++++ rustls/src/msgs/alert.rs | 2 ++ rustls/src/msgs/base.rs | 5 +++-- rustls/src/msgs/ccs.rs | 2 ++ rustls/src/msgs/codec.rs | 5 +++-- rustls/src/msgs/deframer.rs | 1 + rustls/src/msgs/handshake.rs | 6 ++++++ rustls/src/msgs/macros.rs | 8 ++++++-- rustls/src/msgs/message.rs | 2 ++ rustls/src/msgs/persist.rs | 1 + rustls/src/quic.rs | 3 +++ rustls/src/rand.rs | 3 +++ rustls/src/record_layer.rs | 2 ++ rustls/src/server/builder.rs | 1 + rustls/src/server/handy.rs | 2 ++ rustls/src/server/hs.rs | 3 +++ rustls/src/server/server_conn.rs | 2 ++ rustls/src/server/tls12.rs | 5 +++++ rustls/src/server/tls13.rs | 4 ++++ rustls/src/suites.rs | 5 +++-- rustls/src/ticketer.rs | 2 ++ rustls/src/tls12/mod.rs | 3 +++ rustls/src/tls13/key_schedule.rs | 3 +++ rustls/src/tls13/mod.rs | 1 + rustls/src/vecbuf.rs | 1 + rustls/src/verify.rs | 1 + rustls/src/webpki/anchors.rs | 2 ++ rustls/src/webpki/client_verifier_builder.rs | 4 +++- rustls/src/webpki/verify.rs | 1 + rustls/src/x509.rs | 2 ++ 58 files changed, 148 insertions(+), 11 deletions(-) diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 91249e3714..08f6bbe6e6 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -3,6 +3,8 @@ use crate::error::Error; use crate::suites::SupportedCipherSuite; use crate::versions; +use alloc::format; +use alloc::vec::Vec; use core::fmt; use core::marker::PhantomData; diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 8f3a18db07..9e3499f9aa 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -14,6 +14,7 @@ use super::client_conn::Resumption; use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::sync::Arc; +use alloc::vec::Vec; #[cfg(any(feature = "dangerous_configuration", feature = "ring"))] use core::marker::PhantomData; @@ -45,8 +46,8 @@ impl ConfigBuilder { /// Container for unsafe APIs pub(super) mod danger { + use alloc::sync::Arc; use core::marker::PhantomData; - use std::sync::Arc; use crate::client::WantsClientCert; use crate::{verify, ClientConfig, ConfigBuilder, WantsVerifier}; diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index b9a681fbfd..deab619f9a 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -20,9 +20,11 @@ use super::handy::{ClientSessionMemoryCache, NoClientSessionStorage}; use super::hs; use alloc::sync::Arc; +use alloc::vec::Vec; +use core::fmt; use core::marker::PhantomData; +use core::mem; use core::ops::{Deref, DerefMut}; -use core::{fmt, mem}; use std::io; use std::net::IpAddr; diff --git a/rustls/src/client/common.rs b/rustls/src/client/common.rs index 49506348e0..ea80628b08 100644 --- a/rustls/src/client/common.rs +++ b/rustls/src/client/common.rs @@ -6,7 +6,9 @@ use crate::msgs::handshake::ServerExtension; use crate::msgs::handshake::{CertificatePayload, DistinguishedName}; use crate::{sign, SignatureScheme}; +use alloc::boxed::Box; use alloc::sync::Arc; +use alloc::vec::Vec; #[derive(Debug)] pub(super) struct ServerCertDetails { diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index a2cd72779f..828b76a3b4 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -13,6 +13,8 @@ use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::collections::VecDeque; use alloc::sync::Arc; +#[cfg(feature = "ring")] +use alloc::vec::Vec; use std::sync::Mutex; /// An implementer of `ClientSessionStore` which does nothing. diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 341c8a1ade..a4b1027ad1 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -32,7 +32,11 @@ use crate::client::{tls13, ClientConfig, ServerName}; use pki_types::UnixTime; +use alloc::borrow::ToOwned; +use alloc::boxed::Box; use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; use core::ops::Deref; pub(super) type NextState = Box>; diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 7c3dac9f90..a3ce3217df 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -30,7 +30,11 @@ use crate::client::{hs, ClientConfig, ServerName}; use pki_types::UnixTime; use subtle::ConstantTimeEq; +use alloc::borrow::ToOwned; +use alloc::boxed::Box; use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; pub(super) use server_hello::CompleteServerHelloHandling; diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 9e93fced93..1ee04ed1be 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -44,7 +44,10 @@ use crate::client::{hs, ClientConfig, ClientSessionStore, ServerName}; use pki_types::UnixTime; use subtle::ConstantTimeEq; +use alloc::boxed::Box; use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; // Extensions we expect in plaintext in the ServerHello. static ALLOWED_PLAINTEXT_EXTS: &[ExtensionType] = &[ diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index a50933650d..e14a479045 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -18,6 +18,9 @@ use crate::suites::SupportedCipherSuite; use crate::tls12::ConnectionSecrets; use crate::vecbuf::ChunkVecBuffer; +use alloc::boxed::Box; +use alloc::vec::Vec; + use pki_types::CertificateDer; /// Connection state common to both client and server connections. diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 293f3ab61b..183b43848a 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -9,6 +9,7 @@ use crate::msgs::message::{Message, MessagePayload, PlainMessage}; use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; use crate::vecbuf::ChunkVecBuffer; +use alloc::boxed::Box; use core::fmt::Debug; use core::mem; use core::ops::{Deref, DerefMut}; diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 3c4ab9212f..311a08002c 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -1,3 +1,5 @@ +use alloc::boxed::Box; +use alloc::string::ToString; use core::fmt; use std::error::Error as StdError; diff --git a/rustls/src/crypto/hash.rs b/rustls/src/crypto/hash.rs index 8e538e84cc..7f645f5443 100644 --- a/rustls/src/crypto/hash.rs +++ b/rustls/src/crypto/hash.rs @@ -1,5 +1,7 @@ pub use crate::msgs::enums::HashAlgorithm; +use alloc::boxed::Box; + /// Describes a single cryptographic hash function. /// /// This interface can do both one-shot and incremental hashing, using diff --git a/rustls/src/crypto/hmac.rs b/rustls/src/crypto/hmac.rs index 3a9344a295..d1ccee1531 100644 --- a/rustls/src/crypto/hmac.rs +++ b/rustls/src/crypto/hmac.rs @@ -1,3 +1,5 @@ +use alloc::boxed::Box; + /// A concrete HMAC implementation, for a single cryptographic hash function. /// /// You should have one object that implements this trait for HMAC-SHA256, another diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index ff2573a4a6..461e6b0ddb 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,6 +1,8 @@ use crate::suites; use crate::{Error, NamedGroup}; +use alloc::boxed::Box; +use alloc::vec::Vec; use core::fmt::Debug; /// *ring* based CryptoProvider. diff --git a/rustls/src/crypto/ring/hash.rs b/rustls/src/crypto/ring/hash.rs index 2cc31970ab..bfb45cd4d0 100644 --- a/rustls/src/crypto/ring/hash.rs +++ b/rustls/src/crypto/ring/hash.rs @@ -2,6 +2,8 @@ use crate::crypto; use crate::msgs::enums::HashAlgorithm; use ring; +use alloc::boxed::Box; + pub(crate) static SHA256: Hash = Hash(&ring::digest::SHA256, HashAlgorithm::SHA256); pub(crate) static SHA384: Hash = Hash(&ring::digest::SHA384, HashAlgorithm::SHA384); diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index b415f81b8f..d82b27fa41 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -1,6 +1,8 @@ use crate::crypto; use ring; +use alloc::boxed::Box; + pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring::hmac::HMAC_SHA256); pub(crate) static HMAC_SHA384: Hmac = Hmac(&ring::hmac::HMAC_SHA384); #[cfg(all(test, feature = "tls12"))] diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index 12df8fbe15..9c40ebe502 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -6,6 +6,7 @@ use crate::rand::GetRandomFailed; use ring::agreement::{agree_ephemeral, EphemeralPrivateKey, UnparsedPublicKey}; use ring::rand::SystemRandom; +use alloc::boxed::Box; use core::fmt; /// A key-exchange group supported by *ring*. diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index e344b77fb1..3465708c7a 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -5,6 +5,8 @@ use crate::quic; use crate::tls13::key_schedule::{hkdf_expand_label, hkdf_expand_label_aead_key}; use crate::tls13::Tls13CipherSuite; +use alloc::boxed::Box; + use ring::aead; pub(crate) struct HeaderProtectionKey(aead::quic::HeaderProtectionKey); diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index 1a08654caa..81aa934363 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -8,7 +8,11 @@ use ring::io::der; use ring::rand::{SecureRandom, SystemRandom}; use ring::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use alloc::boxed::Box; +use alloc::string::ToString; use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; use core::fmt; use std::error::Error as StdError; diff --git a/rustls/src/crypto/ring/ticketer.rs b/rustls/src/crypto/ring/ticketer.rs index fe2d116d9e..67ebe05842 100644 --- a/rustls/src/crypto/ring/ticketer.rs +++ b/rustls/src/crypto/ring/ticketer.rs @@ -4,7 +4,9 @@ use crate::server::ProducesTickets; use ring::aead; +use alloc::boxed::Box; use alloc::sync::Arc; +use alloc::vec::Vec; /// A concrete, safe ticket creation mechanism. pub struct Ticketer {} diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 09d23dbd1a..9af0a7d2ae 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -10,6 +10,9 @@ use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; +use alloc::boxed::Box; +use alloc::vec::Vec; + use ring::aead; /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 5349f14f15..78b6f9333e 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -1,3 +1,6 @@ +use alloc::boxed::Box; +use alloc::vec::Vec; + use crate::crypto::cipher::{ make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, Tls13AeadAlgorithm, UnsupportedOperationError, diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index 88bb919f5c..55faa33844 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -3,7 +3,9 @@ use crate::error::Error; use pki_types::CertificateDer; +use alloc::boxed::Box; use alloc::sync::Arc; +use alloc::vec::Vec; /// An abstract signing key. pub trait SigningKey: Send + Sync { diff --git a/rustls/src/dns_name.rs b/rustls/src/dns_name.rs index 74b5ce0f4c..5d04f1971d 100644 --- a/rustls/src/dns_name.rs +++ b/rustls/src/dns_name.rs @@ -1,5 +1,6 @@ //! DNS name validation according to RFC1035, but with underscores allowed. +use alloc::string::{String, ToString}; use core::fmt; use std::error::Error as StdError; diff --git a/rustls/src/error.rs b/rustls/src/error.rs index d15ed194fc..58767a3a1a 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -2,7 +2,10 @@ use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::msgs::handshake::KeyExchangeAlgorithm; use crate::rand; +use alloc::format; +use alloc::string::String; use alloc::sync::Arc; +use alloc::vec::Vec; use core::fmt; use std::error::Error as StdError; use std::time::SystemTimeError; diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index 0cbad91237..ec64fff858 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -3,6 +3,9 @@ use crate::msgs::codec::Codec; use crate::msgs::enums::HashAlgorithm; use crate::msgs::handshake::HandshakeMessagePayload; use crate::msgs::message::{Message, MessagePayload}; + +use alloc::boxed::Box; +use alloc::vec::Vec; use core::mem; /// Early stage buffering of handshake payloads. diff --git a/rustls/src/hkdf.rs b/rustls/src/hkdf.rs index 1657688175..b0cab4c39d 100644 --- a/rustls/src/hkdf.rs +++ b/rustls/src/hkdf.rs @@ -2,6 +2,8 @@ use crate::crypto::{hash, hmac}; +use alloc::boxed::Box; + /// This is the inputs to HKDF-Extract, except for IKM /// ("input keying material") which is supplied in [`Extractor::extract()`]. pub(crate) struct Extractor { diff --git a/rustls/src/key_log_file.rs b/rustls/src/key_log_file.rs index 741e36da94..ad32c37933 100644 --- a/rustls/src/key_log_file.rs +++ b/rustls/src/key_log_file.rs @@ -1,6 +1,9 @@ #[cfg(feature = "logging")] use crate::log::warn; use crate::KeyLog; + +use alloc::string::String; +use alloc::vec::Vec; use std::env; use std::fs::{File, OpenOptions}; use std::io; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index c200709e4d..93a1671550 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -300,8 +300,16 @@ // cross-compiling. #![cfg_attr(read_buf, feature(read_buf))] #![cfg_attr(bench, feature(test))] +#![cfg_attr(not(test), no_std)] extern crate alloc; +// This `extern crate` plus the `#![no_std]` attribute changes the default prelude from +// `std::prelude` to `core::prelude`. That forces one to _explicitly_ import (`use`) everything that +// is in `std::prelude` but not in `core::prelude`. This helps maintain no-std support as even +// developers that are not interested in, or aware of, no-std support and / or that never run +// `cargo build --no-default-features` locally will get errors when they rely on `std::prelude` API. +#[cfg(not(test))] +extern crate std; // Import `test` sysroot crate for `Bencher` definitions. #[cfg(bench)] diff --git a/rustls/src/msgs/alert.rs b/rustls/src/msgs/alert.rs index ca673647c6..a45c0d68f1 100644 --- a/rustls/src/msgs/alert.rs +++ b/rustls/src/msgs/alert.rs @@ -3,6 +3,8 @@ use crate::error::InvalidMessage; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::enums::AlertLevel; +use alloc::vec::Vec; + #[derive(Debug)] pub struct AlertMessagePayload { pub level: AlertLevel, diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index 47be52ff2e..78c6231ff7 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -1,9 +1,10 @@ -use core::fmt; - use crate::error::InvalidMessage; use crate::msgs::codec; use crate::msgs::codec::{Codec, Reader}; +use alloc::vec::Vec; +use core::fmt; + use pki_types::CertificateDer; /// An externally length'd payload diff --git a/rustls/src/msgs/ccs.rs b/rustls/src/msgs/ccs.rs index b9fb624eb8..15a2f50a83 100644 --- a/rustls/src/msgs/ccs.rs +++ b/rustls/src/msgs/ccs.rs @@ -1,3 +1,5 @@ +use alloc::vec::Vec; + use crate::error::InvalidMessage; use crate::msgs::codec::{Codec, Reader}; diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index d325ac0393..ac817f28cc 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -1,7 +1,8 @@ -use core::fmt::Debug; - use crate::error::InvalidMessage; +use alloc::vec::Vec; +use core::fmt::Debug; + /// Wrapper over a slice of bytes that allows reading chunks from /// with the current position state held using a cursor. /// diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 6351d7fafb..0f909318e7 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -1,3 +1,4 @@ +use alloc::vec::Vec; use core::ops::Range; use std::io; diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index aec7fba77c..4a7bb37717 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1,4 +1,5 @@ #![allow(non_camel_case_types)] + use crate::crypto::{ActiveKeyExchange, CryptoProvider}; use crate::dns_name::{DnsName, DnsNameRef}; use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; @@ -16,6 +17,11 @@ use crate::{rand, x509}; use pki_types::CertificateDer; +use alloc::borrow::ToOwned; +#[cfg(feature = "logging")] +use alloc::string::String; +use alloc::vec; +use alloc::vec::Vec; use core::fmt; use std::collections; diff --git a/rustls/src/msgs/macros.rs b/rustls/src/msgs/macros.rs index ba47e9b34c..3988215ced 100644 --- a/rustls/src/msgs/macros.rs +++ b/rustls/src/msgs/macros.rs @@ -23,7 +23,9 @@ macro_rules! enum_builder { } } impl Codec for $enum_name { - fn encode(&self, bytes: &mut Vec) { + // NOTE(allow) fully qualified Vec is only needed in no-std mode + #[allow(unused_qualifications)] + fn encode(&self, bytes: &mut alloc::vec::Vec) { self.get_u8().encode(bytes); } @@ -73,7 +75,9 @@ macro_rules! enum_builder { } } impl Codec for $enum_name { - fn encode(&self, bytes: &mut Vec) { + // NOTE(allow) fully qualified Vec is only needed in no-std mode + #[allow(unused_qualifications)] + fn encode(&self, bytes: &mut alloc::vec::Vec) { self.get_u16().encode(bytes); } diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index 546b5579b9..67704af190 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -9,6 +9,8 @@ use crate::msgs::enums::AlertLevel; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::handshake::HandshakeMessagePayload; +use alloc::vec::Vec; + #[derive(Debug)] pub enum MessagePayload { Alert(AlertMessagePayload), diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index 1a5966e9e1..5acf5f1b5b 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -11,6 +11,7 @@ use crate::tls13::Tls13CipherSuite; use pki_types::{CertificateDer, UnixTime}; +use alloc::vec::Vec; use core::cmp; #[cfg(feature = "tls12")] use core::mem; diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 416e0ef583..057444faef 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -10,8 +10,11 @@ use crate::server::{ServerConfig, ServerConnectionData}; use crate::tls13::key_schedule::hkdf_expand_label_block; use crate::tls13::Tls13CipherSuite; +use alloc::boxed::Box; use alloc::collections::VecDeque; use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; use core::fmt::{self, Debug}; use core::ops::{Deref, DerefMut}; diff --git a/rustls/src/rand.rs b/rustls/src/rand.rs index d67cada134..77567322a3 100644 --- a/rustls/src/rand.rs +++ b/rustls/src/rand.rs @@ -2,6 +2,9 @@ use crate::crypto::CryptoProvider; +use alloc::vec; +use alloc::vec::Vec; + /// Make a [`Vec`] of the given size containing random material. pub(crate) fn random_vec( provider: &dyn CryptoProvider, diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index f23eae33a2..694e85d328 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -5,6 +5,8 @@ use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; #[cfg(feature = "logging")] use crate::log::trace; +use alloc::boxed::Box; + static SEQ_SOFT_LIMIT: u64 = 0xffff_ffff_ffff_0000u64; static SEQ_HARD_LIMIT: u64 = 0xffff_ffff_ffff_fffeu64; diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 72b3bd0c5a..124764b0ba 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -13,6 +13,7 @@ use crate::NoKeyLog; use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::sync::Arc; +use alloc::vec::Vec; use core::marker::PhantomData; impl ConfigBuilder { diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 82e1b79586..2200af7239 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -12,7 +12,9 @@ use crate::ServerName; #[cfg(feature = "ring")] use pki_types::{CertificateDer, PrivateKeyDer}; +use alloc::string::{String, ToString}; use alloc::sync::Arc; +use alloc::vec::Vec; use std::collections; use std::sync::Mutex; diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 4d604dabf6..92f2ac7746 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -25,7 +25,10 @@ use super::tls12; use crate::server::common::ActiveCertifiedKey; use crate::server::tls13; +use alloc::borrow::ToOwned; +use alloc::boxed::Box; use alloc::sync::Arc; +use alloc::vec::Vec; pub(super) type NextState = Box>; pub(super) type NextStateOrError = Result; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 95260e6808..d6a8094f29 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -18,7 +18,9 @@ use crate::KeyLog; use super::hs; +use alloc::boxed::Box; use alloc::sync::Arc; +use alloc::vec::Vec; use core::fmt; use core::marker::PhantomData; use core::ops::{Deref, DerefMut}; diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 704415fbc7..a539209fc6 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -26,7 +26,12 @@ use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData}; use pki_types::{CertificateDer, UnixTime}; use subtle::ConstantTimeEq; +use alloc::borrow::ToOwned; +use alloc::boxed::Box; +use alloc::string::ToString; use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; pub(super) use client_hello::CompleteClientHelloHandling; diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 1c25872586..2ac7a3184b 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -30,7 +30,11 @@ use crate::verify; use super::hs::{self, HandshakeHashOrBuffer, ServerContext}; use super::server_conn::ServerConnectionData; +use alloc::borrow::ToOwned; +use alloc::boxed::Box; use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; use pki_types::{CertificateDer, UnixTime}; use subtle::ConstantTimeEq; diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index fd591a9e7e..14b7adff99 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -1,5 +1,3 @@ -use core::fmt; - use crate::crypto; use crate::crypto::cipher::{AeadKey, Iv}; use crate::enums::{CipherSuite, ProtocolVersion, SignatureAlgorithm, SignatureScheme}; @@ -10,6 +8,9 @@ use crate::tls13::Tls13CipherSuite; use crate::versions::TLS12; use crate::versions::{SupportedProtocolVersion, TLS13}; +use alloc::vec::Vec; +use core::fmt; + /// Common state for cipher suites (both for TLS 1.2 and TLS 1.3) pub struct CipherSuiteCommon { /// The TLS enumeration naming this cipher suite. diff --git a/rustls/src/ticketer.rs b/rustls/src/ticketer.rs index 38230e3692..56273ac296 100644 --- a/rustls/src/ticketer.rs +++ b/rustls/src/ticketer.rs @@ -4,6 +4,8 @@ use crate::Error; use pki_types::UnixTime; +use alloc::boxed::Box; +use alloc::vec::Vec; use core::mem; use std::sync::{Mutex, MutexGuard}; diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index d4f9bf488c..0d91c98e5e 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -9,6 +9,9 @@ use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::KeyExchangeAlgorithm; use crate::suites::{CipherSuiteCommon, PartiallyExtractedSecrets, SupportedCipherSuite}; +use alloc::boxed::Box; +use alloc::vec; +use alloc::vec::Vec; use core::fmt; mod prf; diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index f8b096d1da..6751c5fec2 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -8,6 +8,9 @@ use crate::quic; use crate::suites::PartiallyExtractedSecrets; use crate::{KeyLog, Tls13CipherSuite}; +use alloc::boxed::Box; +use alloc::string::ToString; + /// Key schedule maintenance for TLS1.3 /// The kinds of secret we can extract from `KeySchedule`. diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 587e79755f..af81e99772 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -2,6 +2,7 @@ use crate::crypto; use crate::crypto::hash; use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; +use alloc::vec::Vec; use core::fmt; pub(crate) mod key_schedule; diff --git a/rustls/src/vecbuf.rs b/rustls/src/vecbuf.rs index cd3102566f..b7ece02612 100644 --- a/rustls/src/vecbuf.rs +++ b/rustls/src/vecbuf.rs @@ -1,4 +1,5 @@ use alloc::collections::VecDeque; +use alloc::vec::Vec; use core::cmp; use std::io; use std::io::Read; diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 66d372505d..9e0dc27ffb 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -1,3 +1,4 @@ +use alloc::vec::Vec; use core::fmt; use pki_types::{CertificateDer, UnixTime}; diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index faf1d6e093..886b075696 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -1,3 +1,5 @@ +use alloc::vec::Vec; + use pki_types::{CertificateDer, TrustAnchor}; use webpki::extract_trust_anchor; diff --git a/rustls/src/webpki/client_verifier_builder.rs b/rustls/src/webpki/client_verifier_builder.rs index e94b13a224..556bbc63bd 100644 --- a/rustls/src/webpki/client_verifier_builder.rs +++ b/rustls/src/webpki/client_verifier_builder.rs @@ -1,5 +1,7 @@ +use alloc::sync::Arc; +use alloc::vec::Vec; use core::fmt; -use std::{error::Error as StdError, sync::Arc}; +use std::error::Error as StdError; use pki_types::CertificateRevocationListDer; use webpki::BorrowedCertRevocationList; diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index ad6cd7b15c..a07d56f661 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -1,4 +1,5 @@ use alloc::sync::Arc; +use alloc::vec::Vec; use core::fmt; use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime}; diff --git a/rustls/src/x509.rs b/rustls/src/x509.rs index b30e86707c..d6a873aef0 100644 --- a/rustls/src/x509.rs +++ b/rustls/src/x509.rs @@ -1,5 +1,7 @@ // Additional x509/asn1 functions to those provided in webpki/ring. +use alloc::vec::Vec; + pub(crate) fn wrap_in_asn1_len(bytes: &mut Vec) { let len = bytes.len(); From ac10422a898335230f64104b169461a50e9d61db Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 10 Oct 2023 13:21:53 -0400 Subject: [PATCH 0244/1145] docs: adjust *ring* platform compatibility Updated the README/lib.rs notes about *ring* platform compatibility to fold in suggestions from Brian Smith. --- README.md | 10 ++++++---- rustls/src/lib.rs | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 245b1fbce3..944f176b88 100644 --- a/README.md +++ b/README.md @@ -86,13 +86,15 @@ need them. While Rustls itself is platform independent, it uses [`ring`](https://crates.io/crates/ring) for implementing the cryptography in TLS. As a result, rustls only runs on platforms -supported by `ring`. At the time of writing, this means x86, x86-64, aarch64, -armv7, powerpc64le, riscv64gc and s390x. For more information, see [the -supported `ring` CI targets][ring-ci-targets]. +supported by `ring`. At the time of writing, this means 32-bit ARM, Aarch64 (64-bit ARM), +x86, x86-64, LoongArch64, 32-bit & 64-bit Little Endian MIPS, 32-bit PowerPC (Big Endian), +64-bit PowerPC (Big and Little Endian), 64-bit RISC-V, and s390x. We do not presently +support WebAssembly. +For more information, see [the supported `ring` target platforms][ring-target-platforms]. Rustls requires Rust 1.61 or later. -[ring-ci-targets]: https://github.com/briansmith/ring/blob/d34858a918b04127d085cdbc20325263bf8fdd36/.github/workflows/ci.yml#L171-L190 +[ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 # Example code There are two example programs which use diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 93a1671550..04fe2b488a 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -57,13 +57,15 @@ //! While Rustls itself is platform independent, it uses //! [`ring`](https://crates.io/crates/ring) for implementing the cryptography in //! TLS. As a result, rustls only runs on platforms -//! supported by `ring`. At the time of writing, this means x86, x86-64, aarch64, -//! armv7, powerpc64le, riscv64gc and s390x. For more information, see [the -//! supported `ring` CI targets][ring-ci-targets]. +//! supported by `ring`. At the time of writing, this means 32-bit ARM, Aarch64 (64-bit ARM), +//! x86, x86-64, LoongArch64, 32-bit & 64-bit Little Endian MIPS, 32-bit PowerPC (Big Endian), +//! 64-bit PowerPC (Big and Little Endian), 64-bit RISC-V, and s390x. We do not presently +//! support WebAssembly. +//! For more information, see [the supported `ring` target platforms][ring-target-platforms]. //! //! Rustls requires Rust 1.61 or later. //! -//! [ring-ci-targets]: https://github.com/briansmith/ring/blob/d34858a918b04127d085cdbc20325263bf8fdd36/.github/workflows/ci.yml#L171-L190 +//! [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 //! //! ## Design Overview //! ### Rustls does not take care of network IO From 0bbc1cf3f8276434215ea13b0b29b442b3a87d17 Mon Sep 17 00:00:00 2001 From: Robsdedude Date: Tue, 17 Oct 2023 17:05:54 +0200 Subject: [PATCH 0245/1145] Flush writers before potentially expecting a response --- rustls/src/conn.rs | 2 + rustls/tests/api.rs | 121 ++++++++++++++++++++++++++++++++++---------- 2 files changed, 97 insertions(+), 26 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 183b43848a..aab6f77378 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -383,6 +383,7 @@ impl ConnectionCommon { while self.wants_write() { wrlen += self.write_tls(io)?; } + io.flush()?; if !until_handshaked && wrlen > 0 { return Ok((rdlen, wrlen)); @@ -413,6 +414,7 @@ impl ConnectionCommon { // try a last-gasp write -- but don't predate the primary // error. let _ignored = self.write_tls(io); + let _ignored = io.flush(); return Err(io::Error::new(io::ErrorKind::InvalidData, e)); } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index d3643c8f79..bc2f22b8a2 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1466,6 +1466,8 @@ where fail_ok: bool, pub short_writes: bool, pub last_error: Option, + pub buffered: bool, + buffer: Vec>, } impl<'a, C, S> OtherSession<'a, C, S> @@ -1481,41 +1483,24 @@ where fail_ok: false, short_writes: false, last_error: None, + buffered: false, + buffer: vec![], } } - fn new_fails(sess: &'a mut C) -> OtherSession<'a, C, S> { + fn new_buffered(sess: &'a mut C) -> OtherSession<'a, C, S> { let mut os = OtherSession::new(sess); - os.fail_ok = true; + os.buffered = true; os } -} -impl<'a, C, S> io::Read for OtherSession<'a, C, S> -where - C: DerefMut + Deref>, - S: SideData, -{ - fn read(&mut self, mut b: &mut [u8]) -> io::Result { - self.reads += 1; - self.sess.write_tls(b.by_ref()) - } -} - -impl<'a, C, S> io::Write for OtherSession<'a, C, S> -where - C: DerefMut + Deref>, - S: SideData, -{ - fn write(&mut self, _: &[u8]) -> io::Result { - unreachable!() - } - - fn flush(&mut self) -> io::Result<()> { - Ok(()) + fn new_fails(sess: &'a mut C) -> OtherSession<'a, C, S> { + let mut os = OtherSession::new(sess); + os.fail_ok = true; + os } - fn write_vectored(&mut self, b: &[io::IoSlice<'_>]) -> io::Result { + fn flush_vectored(&mut self, b: &[io::IoSlice<'_>]) -> io::Result { let mut total = 0; let mut lengths = vec![]; for bytes in b { @@ -1551,6 +1536,48 @@ where } } +impl<'a, C, S> io::Read for OtherSession<'a, C, S> +where + C: DerefMut + Deref>, + S: SideData, +{ + fn read(&mut self, mut b: &mut [u8]) -> io::Result { + self.reads += 1; + self.sess.write_tls(b.by_ref()) + } +} + +impl<'a, C, S> io::Write for OtherSession<'a, C, S> +where + C: DerefMut + Deref>, + S: SideData, +{ + fn write(&mut self, _: &[u8]) -> io::Result { + unreachable!() + } + + fn flush(&mut self) -> io::Result<()> { + if !self.buffer.is_empty() { + let buffer = mem::take(&mut self.buffer); + let slices = buffer + .iter() + .map(|b| io::IoSlice::new(b)) + .collect::>(); + self.flush_vectored(&slices)?; + } + Ok(()) + } + + fn write_vectored(&mut self, b: &[io::IoSlice<'_>]) -> io::Result { + if self.buffered { + self.buffer + .extend(b.iter().map(|s| s.to_vec())); + return Ok(b.iter().map(|s| s.len()).sum()); + } + self.flush_vectored(b) + } +} + #[test] fn server_read_returns_wouldblock_when_no_data() { let (_, mut server) = make_pair(KeyType::Rsa); @@ -1598,6 +1625,19 @@ fn client_complete_io_for_handshake() { assert!(!client.wants_write()); } +#[test] +fn buffered_client_complete_io_for_handshake() { + let (mut client, mut server) = make_pair(KeyType::Rsa); + + assert!(client.is_handshaking()); + let (rdlen, wrlen) = client + .complete_io(&mut OtherSession::new_buffered(&mut server)) + .unwrap(); + assert!(rdlen > 0 && wrlen > 0); + assert!(!client.is_handshaking()); + assert!(!client.wants_write()); +} + #[test] fn client_complete_io_for_handshake_eof() { let (mut client, _) = make_pair(KeyType::Rsa); @@ -1639,6 +1679,35 @@ fn client_complete_io_for_write() { } } +#[test] +fn buffered_client_complete_io_for_write() { + for kt in ALL_KEY_TYPES.iter() { + let (mut client, mut server) = make_pair(*kt); + + do_handshake(&mut client, &mut server); + + client + .writer() + .write_all(b"01234567890123456789") + .unwrap(); + client + .writer() + .write_all(b"01234567890123456789") + .unwrap(); + { + let mut pipe = OtherSession::new_buffered(&mut server); + let (rdlen, wrlen) = client.complete_io(&mut pipe).unwrap(); + assert!(rdlen == 0 && wrlen > 0); + println!("{:?}", pipe.writevs); + assert_eq!(pipe.writevs, vec![vec![42, 42]]); + } + check_read( + &mut server.reader(), + b"0123456789012345678901234567890123456789", + ); + } +} + #[test] fn client_complete_io_for_read() { for kt in ALL_KEY_TYPES.iter() { From 6b57e65f457a43a63ab40c40feee26771ed2f706 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 10:39:47 -0400 Subject: [PATCH 0246/1145] ci-bench: SessionID -> SessionId Renames the `ResumptionKind::SessionID` variant to be `SessionId` to match Rust naming conventions. --- ci-bench/src/benchmark.rs | 6 +++--- ci-bench/src/main.rs | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ci-bench/src/benchmark.rs b/ci-bench/src/benchmark.rs index a3679893d4..9c1382c0c5 100644 --- a/ci-bench/src/benchmark.rs +++ b/ci-bench/src/benchmark.rs @@ -101,19 +101,19 @@ pub enum ResumptionKind { /// No resumption No, /// Session ID - SessionID, + SessionId, /// Session tickets Tickets, } impl ResumptionKind { - pub const ALL: &'static [ResumptionKind] = &[Self::No, Self::SessionID, Self::Tickets]; + pub const ALL: &'static [ResumptionKind] = &[Self::No, Self::SessionId, Self::Tickets]; /// Returns a user-facing label that identifies the resumption kind pub fn label(&self) -> &'static str { match *self { Self::No => "no_resume", - Self::SessionID => "session_id", + Self::SessionId => "session_id", Self::Tickets => "tickets", } } diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index cacd893387..515de15e7b 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -437,7 +437,7 @@ impl ServerSideStepper<'_> { .with_single_cert(params.key_type.get_chain(), params.key_type.get_key()) .expect("bad certs/private key?"); - if resume == ResumptionKind::SessionID { + if resume == ResumptionKind::SessionId { cfg.session_storage = ServerSessionMemoryCache::new(128); } else if resume == ResumptionKind::Tickets { cfg.ticketer = Ticketer::new().unwrap(); From e006e4ec239424568ede2e9b479188eeee88ebc7 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 10:41:14 -0400 Subject: [PATCH 0247/1145] ci-bench: StepperIO -> StepperIo This commit renames the ci-bench `StepperIO` struct to be named `StepperIo` to match Rust naming conventions. --- ci-bench/src/main.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 515de15e7b..44f05c76bf 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -144,7 +144,7 @@ fn main() -> anyhow::Result<()> { let handshake_buf = &mut [0u8; 262144]; let resumption_kind = black_box(bench.kind.resumption_kind()); let params = black_box(bench.params); - let io = StepperIO { + let io = StepperIo { reader: &mut stdin, writer: &mut stdout, handshake_buf, @@ -334,7 +334,7 @@ trait BenchStepper { } /// Stepper fields necessary for IO -struct StepperIO<'a> { +struct StepperIo<'a> { reader: &'a mut dyn Read, writer: &'a mut dyn Write, handshake_buf: &'a mut [u8], @@ -342,7 +342,7 @@ struct StepperIO<'a> { /// A benchmark stepper for the client-side of the connection struct ClientSideStepper<'a> { - io: StepperIO<'a>, + io: StepperIo<'a>, resumption_kind: ResumptionKind, config: Arc, } @@ -420,7 +420,7 @@ impl BenchStepper for ClientSideStepper<'_> { /// A benchmark stepper for the server-side of the connection struct ServerSideStepper<'a> { - io: StepperIO<'a>, + io: StepperIo<'a>, config: Arc, } From dbc5562c6b6bd017dd7ba7fda0fe46d786ac7c66 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 10:42:48 -0400 Subject: [PATCH 0248/1145] examples: CRLUpdater -> CrlUpdater This commit updates the server acceptor example's `CRLUpdater` struct to be named `CrlUpdater` to match Rust naming conventions. --- examples/src/bin/server_acceptor.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index c54d1dfbc9..69d4de7180 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -97,7 +97,7 @@ fn main() { // // For this demo we spawn a thread that flips between writing a CRL that lists the client // certificate as revoked and a CRL that has no revoked certificates. - let crl_updater = CRLUpdater { + let crl_updater = CrlUpdater { sleep_duration: Duration::from_secs(update_seconds), crl_path: PathBuf::from(crl_path.clone()), pki: test_pki.clone(), @@ -284,13 +284,13 @@ impl TestPki { /// /// In a real use case, the CRL would be updated by fetching fresh CRL data from an authoritative /// distribution point. -struct CRLUpdater { +struct CrlUpdater { sleep_duration: Duration, crl_path: PathBuf, pki: Arc, } -impl CRLUpdater { +impl CrlUpdater { fn run(self) { let mut revoked = true; From e52b642868eceefbdb1d74c1caaa55d981ea8b81 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 10:48:27 -0400 Subject: [PATCH 0249/1145] internal: SessionID -> SessionId This commit renames the `ResumptionParam::SessionID` variant to `SessionId` in the internal bench.rs code to match the Rust naming conventions. --- rustls/examples/internal/bench.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index 3fd452a34b..d665408cf3 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -129,7 +129,7 @@ enum ClientAuth { #[derive(PartialEq, Clone, Copy)] enum ResumptionParam { No, - SessionID, + SessionId, Tickets, } @@ -137,7 +137,7 @@ impl ResumptionParam { fn label(&self) -> &'static str { match *self { Self::No => "no-resume", - Self::SessionID => "sessionid", + Self::SessionId => "sessionid", Self::Tickets => "tickets", } } @@ -316,7 +316,7 @@ fn make_server_config( .with_single_cert(params.key_type.get_chain(), params.key_type.get_key()) .expect("bad certs/private key?"); - if resume == ResumptionParam::SessionID { + if resume == ResumptionParam::SessionId { cfg.session_storage = ServerSessionMemoryCache::new(128); } else if resume == ResumptionParam::Tickets { cfg.ticketer = Ticketer::new().unwrap(); @@ -611,7 +611,7 @@ fn selected_tests(mut args: env::Args) { let resume = if mode == "handshake" { ResumptionParam::No } else if mode == "handshake-resume" { - ResumptionParam::SessionID + ResumptionParam::SessionId } else { ResumptionParam::Tickets }; @@ -655,8 +655,8 @@ fn all_tests() { bench_bulk(test, 1024 * 1024, Some(10000)); bench_handshake(test, ClientAuth::No, ResumptionParam::No); bench_handshake(test, ClientAuth::Yes, ResumptionParam::No); - bench_handshake(test, ClientAuth::No, ResumptionParam::SessionID); - bench_handshake(test, ClientAuth::Yes, ResumptionParam::SessionID); + bench_handshake(test, ClientAuth::No, ResumptionParam::SessionId); + bench_handshake(test, ClientAuth::Yes, ResumptionParam::SessionId); bench_handshake(test, ClientAuth::No, ResumptionParam::Tickets); bench_handshake(test, ClientAuth::Yes, ResumptionParam::Tickets); } From dc15001879a4abd74f0c2b26624a49704eb85b07 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:26:22 -0400 Subject: [PATCH 0250/1145] msgs: OCSPCertificateStatusRequest -> OcspCertificateStatusRequest This commit renames the `OCSPCertificateStatusRequest` struct to `OcspCertificateStatusRequest` to match Rust naming conventions. --- rustls/src/msgs/handshake.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 4a7bb37717..757ea782a4 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -461,12 +461,12 @@ impl TlsListElement for ResponderId { } #[derive(Clone, Debug)] -pub struct OCSPCertificateStatusRequest { +pub struct OcspCertificateStatusRequest { pub responder_ids: Vec, pub extensions: PayloadU16, } -impl Codec for OCSPCertificateStatusRequest { +impl Codec for OcspCertificateStatusRequest { fn encode(&self, bytes: &mut Vec) { CertificateStatusType::OCSP.encode(bytes); self.responder_ids.encode(bytes); @@ -483,7 +483,7 @@ impl Codec for OCSPCertificateStatusRequest { #[derive(Clone, Debug)] pub enum CertificateStatusRequest { - OCSP(OCSPCertificateStatusRequest), + OCSP(OcspCertificateStatusRequest), Unknown((CertificateStatusType, Payload)), } @@ -503,7 +503,7 @@ impl Codec for CertificateStatusRequest { match typ { CertificateStatusType::OCSP => { - let ocsp_req = OCSPCertificateStatusRequest::read(r)?; + let ocsp_req = OcspCertificateStatusRequest::read(r)?; Ok(Self::OCSP(ocsp_req)) } _ => { @@ -516,7 +516,7 @@ impl Codec for CertificateStatusRequest { impl CertificateStatusRequest { pub fn build_ocsp() -> Self { - let ocsp = OCSPCertificateStatusRequest { + let ocsp = OcspCertificateStatusRequest { responder_ids: Vec::new(), extensions: PayloadU16::empty(), }; From cead71f2f73eb69f8aa4bab6a01e103034dcece8 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:27:20 -0400 Subject: [PATCH 0251/1145] msgs: CertificateStatusRequest::OCSP -> Ocsp This commit renames the `CertificateStatusRequest::OCSP` variant to `Ocsp` to match the Rust naming conventions. --- rustls/src/msgs/handshake.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 757ea782a4..f800e0150c 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -483,14 +483,14 @@ impl Codec for OcspCertificateStatusRequest { #[derive(Clone, Debug)] pub enum CertificateStatusRequest { - OCSP(OcspCertificateStatusRequest), + Ocsp(OcspCertificateStatusRequest), Unknown((CertificateStatusType, Payload)), } impl Codec for CertificateStatusRequest { fn encode(&self, bytes: &mut Vec) { match self { - Self::OCSP(ref r) => r.encode(bytes), + Self::Ocsp(ref r) => r.encode(bytes), Self::Unknown((typ, payload)) => { typ.encode(bytes); payload.encode(bytes); @@ -504,7 +504,7 @@ impl Codec for CertificateStatusRequest { match typ { CertificateStatusType::OCSP => { let ocsp_req = OcspCertificateStatusRequest::read(r)?; - Ok(Self::OCSP(ocsp_req)) + Ok(Self::Ocsp(ocsp_req)) } _ => { let data = Payload::read(r); @@ -520,7 +520,7 @@ impl CertificateStatusRequest { responder_ids: Vec::new(), extensions: PayloadU16::empty(), }; - Self::OCSP(ocsp) + Self::Ocsp(ocsp) } } From 73c06647adaf559f3261807464d6dda7f2adf9ff Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:29:58 -0400 Subject: [PATCH 0252/1145] msgs: ClientExtension::ECPointFormats -> EcPointFormats This commit renames the `ClientExtension::ECPointFormats` variant to `EcPointFormats` to match the Rust naming conventions. --- rustls/src/client/hs.rs | 2 +- rustls/src/msgs/handshake.rs | 10 +++++----- rustls/src/msgs/handshake_test.rs | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index a4b1027ad1..2b153083da 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -221,7 +221,7 @@ fn emit_client_hello_for_retry( let mut exts = vec![ ClientExtension::SupportedVersions(supported_versions), - ClientExtension::ECPointFormats(ECPointFormat::SUPPORTED.to_vec()), + ClientExtension::EcPointFormats(ECPointFormat::SUPPORTED.to_vec()), ClientExtension::NamedGroups( config .kx_groups diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index f800e0150c..40e49ff9ba 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -540,7 +540,7 @@ impl TlsListElement for ProtocolVersion { #[derive(Clone, Debug)] pub enum ClientExtension { - ECPointFormats(Vec), + EcPointFormats(Vec), NamedGroups(Vec), SignatureAlgorithms(Vec), ServerName(Vec), @@ -562,7 +562,7 @@ pub enum ClientExtension { impl ClientExtension { pub fn get_type(&self) -> ExtensionType { match *self { - Self::ECPointFormats(_) => ExtensionType::ECPointFormats, + Self::EcPointFormats(_) => ExtensionType::ECPointFormats, Self::NamedGroups(_) => ExtensionType::EllipticCurves, Self::SignatureAlgorithms(_) => ExtensionType::SignatureAlgorithms, Self::ServerName(_) => ExtensionType::ServerName, @@ -589,7 +589,7 @@ impl Codec for ClientExtension { let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { - Self::ECPointFormats(ref r) => r.encode(nested.buf), + Self::EcPointFormats(ref r) => r.encode(nested.buf), Self::NamedGroups(ref r) => r.encode(nested.buf), Self::SignatureAlgorithms(ref r) => r.encode(nested.buf), Self::ServerName(ref r) => r.encode(nested.buf), @@ -617,7 +617,7 @@ impl Codec for ClientExtension { let mut sub = r.sub(len)?; let ext = match typ { - ExtensionType::ECPointFormats => Self::ECPointFormats(Vec::read(&mut sub)?), + ExtensionType::ECPointFormats => Self::EcPointFormats(Vec::read(&mut sub)?), ExtensionType::EllipticCurves => Self::NamedGroups(Vec::read(&mut sub)?), ExtensionType::SignatureAlgorithms => Self::SignatureAlgorithms(Vec::read(&mut sub)?), ExtensionType::ServerName => Self::ServerName(Vec::read(&mut sub)?), @@ -901,7 +901,7 @@ impl ClientHelloPayload { pub fn get_ecpoints_extension(&self) -> Option<&[ECPointFormat]> { let ext = self.find_extension(ExtensionType::ECPointFormats)?; match *ext { - ClientExtension::ECPointFormats(ref req) => Some(req), + ClientExtension::EcPointFormats(ref req) => Some(req), _ => None, } } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 6d4bb149e2..6ef9352628 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -363,7 +363,7 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload { cipher_suites: vec![CipherSuite::TLS_NULL_WITH_NULL_NULL], compression_methods: vec![Compression::Null], extensions: vec![ - ClientExtension::ECPointFormats(ECPointFormat::SUPPORTED.to_vec()), + ClientExtension::EcPointFormats(ECPointFormat::SUPPORTED.to_vec()), ClientExtension::NamedGroups(vec![NamedGroup::X25519]), ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]), ClientExtension::make_sni(DnsNameRef::try_from("hello").unwrap()), From 5db228ee495e553560b5257303fb2f9d67366894 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:31:24 -0400 Subject: [PATCH 0253/1145] msgs: ServerExtension::ECPointFormats -> EcPointFormats This commit renames the `ServerExtension::ECPointFormats` variant to `EcPointFormats` to match the Rust naming conventions. --- rustls/src/msgs/handshake.rs | 10 +++++----- rustls/src/msgs/handshake_test.rs | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 40e49ff9ba..cb0e999dfa 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -690,7 +690,7 @@ pub enum ClientSessionTicket { #[derive(Clone, Debug)] pub enum ServerExtension { - ECPointFormats(Vec), + EcPointFormats(Vec), ServerNameAck, SessionTicketAck, RenegotiationInfo(PayloadU8), @@ -709,7 +709,7 @@ pub enum ServerExtension { impl ServerExtension { pub fn get_type(&self) -> ExtensionType { match *self { - Self::ECPointFormats(_) => ExtensionType::ECPointFormats, + Self::EcPointFormats(_) => ExtensionType::ECPointFormats, Self::ServerNameAck => ExtensionType::ServerName, Self::SessionTicketAck => ExtensionType::SessionTicket, Self::RenegotiationInfo(_) => ExtensionType::RenegotiationInfo, @@ -733,7 +733,7 @@ impl Codec for ServerExtension { let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { - Self::ECPointFormats(ref r) => r.encode(nested.buf), + Self::EcPointFormats(ref r) => r.encode(nested.buf), Self::ServerNameAck | Self::SessionTicketAck | Self::ExtendedMasterSecretAck @@ -757,7 +757,7 @@ impl Codec for ServerExtension { let mut sub = r.sub(len)?; let ext = match typ { - ExtensionType::ECPointFormats => Self::ECPointFormats(Vec::read(&mut sub)?), + ExtensionType::ECPointFormats => Self::EcPointFormats(Vec::read(&mut sub)?), ExtensionType::ServerName => Self::ServerNameAck, ExtensionType::SessionTicket => Self::SessionTicketAck, ExtensionType::StatusRequest => Self::CertificateStatusAck, @@ -1231,7 +1231,7 @@ impl ServerHelloPayload { pub fn get_ecpoints_extension(&self) -> Option<&[ECPointFormat]> { let ext = self.find_extension(ExtensionType::ECPointFormats)?; match *ext { - ServerExtension::ECPointFormats(ref fmts) => Some(fmts), + ServerExtension::EcPointFormats(ref fmts) => Some(fmts), _ => None, } } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 6ef9352628..4b5a053b8a 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -745,7 +745,7 @@ fn get_sample_serverhellopayload() -> ServerHelloPayload { cipher_suite: CipherSuite::TLS_NULL_WITH_NULL_NULL, compression_method: Compression::Null, extensions: vec![ - ServerExtension::ECPointFormats(ECPointFormat::SUPPORTED.to_vec()), + ServerExtension::EcPointFormats(ECPointFormat::SUPPORTED.to_vec()), ServerExtension::ServerNameAck, ServerExtension::SessionTicketAck, ServerExtension::RenegotiationInfo(PayloadU8(vec![0])), From 0d3c1457fa9ef31e819dd48dc5366ea2ab7b5dbe Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:34:06 -0400 Subject: [PATCH 0254/1145] msgs: CertificatePayloadTLS13 -> CertificatePayloadTls13 This commit renames the `CertificatePayloadTLS13` struct to `CertificatePayloadTls13` to match the Rust naming conventions. --- rustls/src/client/tls13.rs | 4 ++-- rustls/src/msgs/handshake.rs | 10 +++++----- rustls/src/msgs/handshake_test.rs | 6 +++--- rustls/src/server/tls13.rs | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 1ee04ed1be..4ca8bb85b0 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -17,7 +17,7 @@ use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::enums::ExtensionType; use crate::msgs::enums::KeyUpdateRequest; use crate::msgs::handshake::NewSessionTicketPayloadTLS13; -use crate::msgs::handshake::{CertificateEntry, CertificatePayloadTLS13}; +use crate::msgs::handshake::{CertificateEntry, CertificatePayloadTls13}; use crate::msgs::handshake::{ClientExtension, ServerExtension}; use crate::msgs::handshake::{HandshakeMessagePayload, HandshakePayload}; use crate::msgs::handshake::{HasServerExtensions, ServerHelloPayload}; @@ -724,7 +724,7 @@ fn emit_certificate_tls13( ) { let context = auth_context.unwrap_or_default(); - let mut cert_payload = CertificatePayloadTLS13 { + let mut cert_payload = CertificatePayloadTls13 { context: PayloadU8::new(context), entries: Vec::new(), }; diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index cb0e999dfa..8635c11075 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1377,12 +1377,12 @@ impl TlsListElement for CertificateEntry { } #[derive(Debug)] -pub struct CertificatePayloadTLS13 { +pub struct CertificatePayloadTls13 { pub context: PayloadU8, pub entries: Vec, } -impl Codec for CertificatePayloadTLS13 { +impl Codec for CertificatePayloadTls13 { fn encode(&self, bytes: &mut Vec) { self.context.encode(bytes); self.entries.encode(bytes); @@ -1396,7 +1396,7 @@ impl Codec for CertificatePayloadTLS13 { } } -impl CertificatePayloadTLS13 { +impl CertificatePayloadTls13 { pub fn new(entries: Vec) -> Self { Self { context: PayloadU8::empty(), @@ -2038,7 +2038,7 @@ pub enum HandshakePayload { ServerHello(ServerHelloPayload), HelloRetryRequest(HelloRetryRequest), Certificate(CertificatePayload), - CertificateTLS13(CertificatePayloadTLS13), + CertificateTLS13(CertificatePayloadTls13), ServerKeyExchange(ServerKeyExchangePayload), CertificateRequest(CertificateRequestPayload), CertificateRequestTLS13(CertificateRequestPayloadTLS13), @@ -2135,7 +2135,7 @@ impl HandshakeMessagePayload { } } HandshakeType::Certificate if vers == ProtocolVersion::TLSv1_3 => { - let p = CertificatePayloadTLS13::read(&mut sub)?; + let p = CertificatePayloadTls13::read(&mut sub)?; HandshakePayload::CertificateTLS13(p) } HandshakeType::Certificate => { diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 4b5a053b8a..36a00902a7 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -7,7 +7,7 @@ use crate::msgs::enums::{ KeyUpdateRequest, NamedGroup, PSKKeyExchangeMode, ServerNameType, }; use crate::msgs::handshake::{ - CertReqExtension, CertificateEntry, CertificateExtension, CertificatePayloadTLS13, + CertReqExtension, CertificateEntry, CertificateExtension, CertificatePayloadTls13, CertificateRequestPayload, CertificateRequestPayloadTLS13, CertificateStatus, CertificateStatusRequest, ClientExtension, ClientHelloPayload, ClientSessionTicket, ConvertProtocolNameList, ConvertServerNameList, DistinguishedName, ECDHEServerKeyExchange, @@ -791,8 +791,8 @@ fn get_sample_helloretryrequest() -> HelloRetryRequest { } } -fn get_sample_certificatepayloadtls13() -> CertificatePayloadTLS13 { - CertificatePayloadTLS13 { +fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13 { + CertificatePayloadTls13 { context: PayloadU8(vec![1, 2, 3]), entries: vec![CertificateEntry { cert: CertificateDer::from(vec![3, 4, 5]), diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 2ac7a3184b..f6bf55063a 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -51,7 +51,7 @@ mod client_hello { use crate::msgs::handshake::CertReqExtension; use crate::msgs::handshake::CertificateEntry; use crate::msgs::handshake::CertificateExtension; - use crate::msgs::handshake::CertificatePayloadTLS13; + use crate::msgs::handshake::CertificatePayloadTls13; use crate::msgs::handshake::CertificateRequestPayloadTLS13; use crate::msgs::handshake::CertificateStatus; use crate::msgs::handshake::ClientHelloPayload; @@ -767,7 +767,7 @@ mod client_hello { } } - let cert_body = CertificatePayloadTLS13::new(cert_entries); + let cert_body = CertificatePayloadTls13::new(cert_entries); let c = Message { version: ProtocolVersion::TLSv1_3, payload: MessagePayload::handshake(HandshakeMessagePayload { From 6a0f2ade7d1f0d54992872e20e4efe8785217fcd Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:36:00 -0400 Subject: [PATCH 0255/1145] msgs: ECParameters -> EcParameters This commit renames the `ECParameters` struct to `EcParameters` to match Rust naming conventions. --- rustls/src/msgs/handshake.rs | 10 +++++----- rustls/src/msgs/handshake_test.rs | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 8635c11075..4ebded02b8 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1461,12 +1461,12 @@ pub enum KeyExchangeAlgorithm { // idea and unnecessary attack surface. Please, // get a grip. #[derive(Debug)] -pub struct ECParameters { +pub struct EcParameters { pub curve_type: ECCurveType, pub named_group: NamedGroup, } -impl Codec for ECParameters { +impl Codec for EcParameters { fn encode(&self, bytes: &mut Vec) { self.curve_type.encode(bytes); self.named_group.encode(bytes); @@ -1505,14 +1505,14 @@ impl Codec for ClientECDHParams { #[derive(Debug)] pub struct ServerECDHParams { - pub curve_params: ECParameters, + pub curve_params: EcParameters, pub public: PayloadU8, } impl ServerECDHParams { pub fn new(kx: &dyn ActiveKeyExchange) -> Self { Self { - curve_params: ECParameters { + curve_params: EcParameters { curve_type: ECCurveType::NamedCurve, named_group: kx.group(), }, @@ -1528,7 +1528,7 @@ impl Codec for ServerECDHParams { } fn read(r: &mut Reader) -> Result { - let cp = ECParameters::read(r)?; + let cp = EcParameters::read(r)?; let pb = PayloadU8::read(r)?; Ok(Self { diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 36a00902a7..ca8a3734af 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -11,7 +11,7 @@ use crate::msgs::handshake::{ CertificateRequestPayload, CertificateRequestPayloadTLS13, CertificateStatus, CertificateStatusRequest, ClientExtension, ClientHelloPayload, ClientSessionTicket, ConvertProtocolNameList, ConvertServerNameList, DistinguishedName, ECDHEServerKeyExchange, - ECParameters, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, + EcParameters, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, HelloRetryExtension, HelloRetryRequest, KeyShareEntry, NewSessionTicketExtension, NewSessionTicketPayload, NewSessionTicketPayloadTLS13, PresharedKeyBinder, PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, ServerECDHParams, @@ -812,7 +812,7 @@ fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13 { fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload { ServerKeyExchangePayload::ECDHE(ECDHEServerKeyExchange { params: ServerECDHParams { - curve_params: ECParameters { + curve_params: EcParameters { curve_type: ECCurveType::NamedCurve, named_group: NamedGroup::X25519, }, From 01979695f11132551abdb513bfdadecd167d79cf Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:36:45 -0400 Subject: [PATCH 0256/1145] msgs: ClientECDHParams -> ClientEcdhParams This commit renames the `ClientECDHParams` struct to `ClientEcdhParams` to meet Rust naming conventions. --- rustls/src/msgs/handshake.rs | 4 ++-- rustls/src/server/tls12.rs | 4 ++-- rustls/src/tls12/mod.rs | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 4ebded02b8..233792bd3c 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1488,11 +1488,11 @@ impl Codec for EcParameters { } #[derive(Debug)] -pub struct ClientECDHParams { +pub struct ClientEcdhParams { pub public: PayloadU8, } -impl Codec for ClientECDHParams { +impl Codec for ClientEcdhParams { fn encode(&self, bytes: &mut Vec) { self.public.encode(bytes); } diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index a539209fc6..03a8947f80 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -11,7 +11,7 @@ use crate::log::{debug, trace}; use crate::msgs::base::Payload; use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::codec::Codec; -use crate::msgs::handshake::{ClientECDHParams, HandshakeMessagePayload, HandshakePayload}; +use crate::msgs::handshake::{ClientEcdhParams, HandshakeMessagePayload, HandshakePayload}; use crate::msgs::handshake::{NewSessionTicketPayload, SessionId}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; @@ -597,7 +597,7 @@ impl State for ExpectClientKx { // Complete key agreement, and set up encryption with the // resulting premaster secret. let peer_kx_params = - tls12::decode_ecdh_params::(cx.common, &client_kx.0)?; + tls12::decode_ecdh_params::(cx.common, &client_kx.0)?; let secrets = ConnectionSecrets::from_key_exchange( self.server_kx, &peer_kx_params.public.0, diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 0d91c98e5e..20da88b7c0 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -320,7 +320,7 @@ mod tests { use super::*; use crate::common_state::{CommonState, Side}; use crate::crypto::ring::kx_group::X25519; - use crate::msgs::handshake::{ClientECDHParams, ServerECDHParams}; + use crate::msgs::handshake::{ClientEcdhParams, ServerECDHParams}; #[test] fn server_ecdhe_remaining_bytes() { @@ -337,6 +337,6 @@ mod tests { #[test] fn client_ecdhe_invalid() { let mut common = CommonState::new(Side::Server); - assert!(decode_ecdh_params::(&mut common, &[34]).is_err()); + assert!(decode_ecdh_params::(&mut common, &[34]).is_err()); } } From 5b2a56f32528c07909d8020845ae7af852d397c9 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:37:29 -0400 Subject: [PATCH 0257/1145] msgs: ServerECDHParams -> ServerEcdhParams This commit renames the `ServerECDHParams` struct to `ServerEcdhParams` to meet the Rust naming conventions. --- rustls/src/client/tls12.rs | 4 ++-- rustls/src/msgs/handshake.rs | 10 +++++----- rustls/src/msgs/handshake_test.rs | 4 ++-- rustls/src/server/tls12.rs | 4 ++-- rustls/src/tls12/mod.rs | 6 +++--- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index a3ce3217df..c9067b4538 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -12,7 +12,7 @@ use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::codec::Codec; use crate::msgs::handshake::{ CertificatePayload, HandshakeMessagePayload, HandshakePayload, NewSessionTicketPayload, - ServerECDHParams, SessionId, + ServerEcdhParams, SessionId, }; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; @@ -763,7 +763,7 @@ impl State for ExpectServerDone { // 5a. let ecdh_params = - tls12::decode_ecdh_params::(cx.common, &st.server_kx.kx_params)?; + tls12::decode_ecdh_params::(cx.common, &st.server_kx.kx_params)?; let named_group = ecdh_params.curve_params.named_group; let skxg = match st.config.find_kx_group(named_group) { Some(skxg) => skxg, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 233792bd3c..826a2709c1 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1504,12 +1504,12 @@ impl Codec for ClientEcdhParams { } #[derive(Debug)] -pub struct ServerECDHParams { +pub struct ServerEcdhParams { pub curve_params: EcParameters, pub public: PayloadU8, } -impl ServerECDHParams { +impl ServerEcdhParams { pub fn new(kx: &dyn ActiveKeyExchange) -> Self { Self { curve_params: EcParameters { @@ -1521,7 +1521,7 @@ impl ServerECDHParams { } } -impl Codec for ServerECDHParams { +impl Codec for ServerEcdhParams { fn encode(&self, bytes: &mut Vec) { self.curve_params.encode(bytes); self.public.encode(bytes); @@ -1540,7 +1540,7 @@ impl Codec for ServerECDHParams { #[derive(Debug)] pub struct ECDHEServerKeyExchange { - pub params: ServerECDHParams, + pub params: ServerEcdhParams, pub dss: DigitallySignedStruct, } @@ -1551,7 +1551,7 @@ impl Codec for ECDHEServerKeyExchange { } fn read(r: &mut Reader) -> Result { - let params = ServerECDHParams::read(r)?; + let params = ServerEcdhParams::read(r)?; let dss = DigitallySignedStruct::read(r)?; Ok(Self { params, dss }) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index ca8a3734af..bf666f2ee7 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -14,7 +14,7 @@ use crate::msgs::handshake::{ EcParameters, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, HelloRetryExtension, HelloRetryRequest, KeyShareEntry, NewSessionTicketExtension, NewSessionTicketPayload, NewSessionTicketPayloadTLS13, PresharedKeyBinder, - PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, ServerECDHParams, + PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, ServerEcdhParams, ServerExtension, ServerHelloPayload, ServerKeyExchangePayload, SessionId, UnknownExtension, }; use crate::verify::DigitallySignedStruct; @@ -811,7 +811,7 @@ fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13 { fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload { ServerKeyExchangePayload::ECDHE(ECDHEServerKeyExchange { - params: ServerECDHParams { + params: ServerEcdhParams { curve_params: EcParameters { curve_type: ECCurveType::NamedCurve, named_group: NamedGroup::X25519, diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 03a8947f80..c3beeeca34 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -40,7 +40,7 @@ mod client_hello { use crate::enums::SignatureScheme; use crate::msgs::enums::ECPointFormat; use crate::msgs::enums::{ClientCertificateType, Compression}; - use crate::msgs::handshake::ServerECDHParams; + use crate::msgs::handshake::ServerEcdhParams; use crate::msgs::handshake::{CertificateRequestPayload, ClientSessionTicket, Random}; use crate::msgs::handshake::{CertificateStatus, ECDHEServerKeyExchange}; use crate::msgs::handshake::{ClientExtension, SessionId}; @@ -415,7 +415,7 @@ mod client_hello { let kx = selected_group .start() .map_err(|_| Error::FailedToGetRandomBytes)?; - let secdh = ServerECDHParams::new(&*kx); + let secdh = ServerEcdhParams::new(&*kx); let mut msg = Vec::new(); msg.extend(randoms.client); diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 20da88b7c0..8d9cb5e12f 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -320,18 +320,18 @@ mod tests { use super::*; use crate::common_state::{CommonState, Side}; use crate::crypto::ring::kx_group::X25519; - use crate::msgs::handshake::{ClientEcdhParams, ServerECDHParams}; + use crate::msgs::handshake::{ClientEcdhParams, ServerEcdhParams}; #[test] fn server_ecdhe_remaining_bytes() { let key = X25519.start().unwrap(); - let server_params = ServerECDHParams::new(&*key); + let server_params = ServerEcdhParams::new(&*key); let mut server_buf = Vec::new(); server_params.encode(&mut server_buf); server_buf.push(34); let mut common = CommonState::new(Side::Client); - assert!(decode_ecdh_params::(&mut common, &server_buf).is_err()); + assert!(decode_ecdh_params::(&mut common, &server_buf).is_err()); } #[test] From d3ec74de68d51c76c585d0feff80230dcb7f23bc Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:38:29 -0400 Subject: [PATCH 0258/1145] msgs: ECDHEServerKeyExchange -> EcdheServerKeyExchange This commit renames the `ECHDEServerKeyExchange` to `EcdheServerKeyExchange` to meet Rust naming conventions. --- rustls/src/msgs/handshake.rs | 10 +++++----- rustls/src/msgs/handshake_test.rs | 6 +++--- rustls/src/server/tls12.rs | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 826a2709c1..d2ff252d6c 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1539,12 +1539,12 @@ impl Codec for ServerEcdhParams { } #[derive(Debug)] -pub struct ECDHEServerKeyExchange { +pub struct EcdheServerKeyExchange { pub params: ServerEcdhParams, pub dss: DigitallySignedStruct, } -impl Codec for ECDHEServerKeyExchange { +impl Codec for EcdheServerKeyExchange { fn encode(&self, bytes: &mut Vec) { self.params.encode(bytes); self.dss.encode(bytes); @@ -1560,7 +1560,7 @@ impl Codec for ECDHEServerKeyExchange { #[derive(Debug)] pub enum ServerKeyExchangePayload { - ECDHE(ECDHEServerKeyExchange), + ECDHE(EcdheServerKeyExchange), Unknown(Payload), } @@ -1580,12 +1580,12 @@ impl Codec for ServerKeyExchangePayload { } impl ServerKeyExchangePayload { - pub fn unwrap_given_kxa(&self, kxa: KeyExchangeAlgorithm) -> Option { + pub fn unwrap_given_kxa(&self, kxa: KeyExchangeAlgorithm) -> Option { if let Self::Unknown(ref unk) = *self { let mut rd = Reader::init(&unk.0); let result = match kxa { - KeyExchangeAlgorithm::ECDHE => ECDHEServerKeyExchange::read(&mut rd), + KeyExchangeAlgorithm::ECDHE => EcdheServerKeyExchange::read(&mut rd), }; if !rd.any_left() { diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index bf666f2ee7..a5cc1bb008 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -10,8 +10,8 @@ use crate::msgs::handshake::{ CertReqExtension, CertificateEntry, CertificateExtension, CertificatePayloadTls13, CertificateRequestPayload, CertificateRequestPayloadTLS13, CertificateStatus, CertificateStatusRequest, ClientExtension, ClientHelloPayload, ClientSessionTicket, - ConvertProtocolNameList, ConvertServerNameList, DistinguishedName, ECDHEServerKeyExchange, - EcParameters, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, + ConvertProtocolNameList, ConvertServerNameList, DistinguishedName, EcParameters, + EcdheServerKeyExchange, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, HelloRetryExtension, HelloRetryRequest, KeyShareEntry, NewSessionTicketExtension, NewSessionTicketPayload, NewSessionTicketPayloadTLS13, PresharedKeyBinder, PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, ServerEcdhParams, @@ -810,7 +810,7 @@ fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13 { } fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload { - ServerKeyExchangePayload::ECDHE(ECDHEServerKeyExchange { + ServerKeyExchangePayload::ECDHE(EcdheServerKeyExchange { params: ServerEcdhParams { curve_params: EcParameters { curve_type: ECCurveType::NamedCurve, diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index c3beeeca34..d27c6d905d 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -42,7 +42,7 @@ mod client_hello { use crate::msgs::enums::{ClientCertificateType, Compression}; use crate::msgs::handshake::ServerEcdhParams; use crate::msgs::handshake::{CertificateRequestPayload, ClientSessionTicket, Random}; - use crate::msgs::handshake::{CertificateStatus, ECDHEServerKeyExchange}; + use crate::msgs::handshake::{CertificateStatus, EcdheServerKeyExchange}; use crate::msgs::handshake::{ClientExtension, SessionId}; use crate::msgs::handshake::{ClientHelloPayload, ServerHelloPayload}; use crate::msgs::handshake::{ServerExtension, ServerKeyExchangePayload}; @@ -428,7 +428,7 @@ mod client_hello { let sigscheme = signer.scheme(); let sig = signer.sign(&msg)?; - let skx = ServerKeyExchangePayload::ECDHE(ECDHEServerKeyExchange { + let skx = ServerKeyExchangePayload::ECDHE(EcdheServerKeyExchange { params: secdh, dss: DigitallySignedStruct::new(sigscheme, sig), }); From 274392835d87445c4439f708ffc4776b210e75cb Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:39:33 -0400 Subject: [PATCH 0259/1145] msgs: ServerKeyExchangePayload::ECDHE -> Ecdhe This commit renames the `ServerKeyExchangePayload::ECDHE` variant to `Ecdhe` to match Rust naming conventions. --- rustls/src/msgs/handshake.rs | 4 ++-- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/server/tls12.rs | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index d2ff252d6c..18b54b111c 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1560,14 +1560,14 @@ impl Codec for EcdheServerKeyExchange { #[derive(Debug)] pub enum ServerKeyExchangePayload { - ECDHE(EcdheServerKeyExchange), + Ecdhe(EcdheServerKeyExchange), Unknown(Payload), } impl Codec for ServerKeyExchangePayload { fn encode(&self, bytes: &mut Vec) { match *self { - Self::ECDHE(ref x) => x.encode(bytes), + Self::Ecdhe(ref x) => x.encode(bytes), Self::Unknown(ref x) => x.encode(bytes), } } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index a5cc1bb008..eb5b91b594 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -810,7 +810,7 @@ fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13 { } fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload { - ServerKeyExchangePayload::ECDHE(EcdheServerKeyExchange { + ServerKeyExchangePayload::Ecdhe(EcdheServerKeyExchange { params: ServerEcdhParams { curve_params: EcParameters { curve_type: ECCurveType::NamedCurve, diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index d27c6d905d..5519468289 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -428,7 +428,7 @@ mod client_hello { let sigscheme = signer.scheme(); let sig = signer.sign(&msg)?; - let skx = ServerKeyExchangePayload::ECDHE(EcdheServerKeyExchange { + let skx = ServerKeyExchangePayload::Ecdhe(EcdheServerKeyExchange { params: secdh, dss: DigitallySignedStruct::new(sigscheme, sig), }); From 1638197300d2d88c8286ca13174a9f0251bfab4c Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:41:34 -0400 Subject: [PATCH 0260/1145] msgs: CertificateRequestPayloadTLS13 -> CertificateRequestPayloadTls13 This commit renames the `CertificateRequestPayloadTLS13` struct to `CertificateRequestPayloadTls13` to match Rust naming conventions. --- rustls/src/msgs/handshake.rs | 10 +++++----- rustls/src/msgs/handshake_test.rs | 6 +++--- rustls/src/server/tls13.rs | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 18b54b111c..dfb67063a8 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1792,12 +1792,12 @@ impl TlsListElement for CertReqExtension { } #[derive(Debug)] -pub struct CertificateRequestPayloadTLS13 { +pub struct CertificateRequestPayloadTls13 { pub context: PayloadU8, pub extensions: Vec, } -impl Codec for CertificateRequestPayloadTLS13 { +impl Codec for CertificateRequestPayloadTls13 { fn encode(&self, bytes: &mut Vec) { self.context.encode(bytes); self.extensions.encode(bytes); @@ -1814,7 +1814,7 @@ impl Codec for CertificateRequestPayloadTLS13 { } } -impl CertificateRequestPayloadTLS13 { +impl CertificateRequestPayloadTls13 { pub fn find_extension(&self, ext: ExtensionType) -> Option<&CertReqExtension> { self.extensions .iter() @@ -2041,7 +2041,7 @@ pub enum HandshakePayload { CertificateTLS13(CertificatePayloadTls13), ServerKeyExchange(ServerKeyExchangePayload), CertificateRequest(CertificateRequestPayload), - CertificateRequestTLS13(CertificateRequestPayloadTLS13), + CertificateRequestTLS13(CertificateRequestPayloadTls13), CertificateVerify(DigitallySignedStruct), ServerHelloDone, EndOfEarlyData, @@ -2153,7 +2153,7 @@ impl HandshakeMessagePayload { HandshakePayload::ClientKeyExchange(Payload::read(&mut sub)) } HandshakeType::CertificateRequest if vers == ProtocolVersion::TLSv1_3 => { - let p = CertificateRequestPayloadTLS13::read(&mut sub)?; + let p = CertificateRequestPayloadTls13::read(&mut sub)?; HandshakePayload::CertificateRequestTLS13(p) } HandshakeType::CertificateRequest => { diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index eb5b91b594..b67b885012 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -8,7 +8,7 @@ use crate::msgs::enums::{ }; use crate::msgs::handshake::{ CertReqExtension, CertificateEntry, CertificateExtension, CertificatePayloadTls13, - CertificateRequestPayload, CertificateRequestPayloadTLS13, CertificateStatus, + CertificateRequestPayload, CertificateRequestPayloadTls13, CertificateStatus, CertificateStatusRequest, ClientExtension, ClientHelloPayload, ClientSessionTicket, ConvertProtocolNameList, ConvertServerNameList, DistinguishedName, EcParameters, EcdheServerKeyExchange, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, @@ -834,8 +834,8 @@ fn get_sample_certificaterequestpayload() -> CertificateRequestPayload { } } -fn get_sample_certificaterequestpayloadtls13() -> CertificateRequestPayloadTLS13 { - CertificateRequestPayloadTLS13 { +fn get_sample_certificaterequestpayloadtls13() -> CertificateRequestPayloadTls13 { + CertificateRequestPayloadTls13 { context: PayloadU8(vec![1, 2, 3]), extensions: vec![ CertReqExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]), diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index f6bf55063a..b933c57bad 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -52,7 +52,7 @@ mod client_hello { use crate::msgs::handshake::CertificateEntry; use crate::msgs::handshake::CertificateExtension; use crate::msgs::handshake::CertificatePayloadTls13; - use crate::msgs::handshake::CertificateRequestPayloadTLS13; + use crate::msgs::handshake::CertificateRequestPayloadTls13; use crate::msgs::handshake::CertificateStatus; use crate::msgs::handshake::ClientHelloPayload; use crate::msgs::handshake::HelloRetryExtension; @@ -705,7 +705,7 @@ mod client_hello { return Ok(false); } - let mut cr = CertificateRequestPayloadTLS13 { + let mut cr = CertificateRequestPayloadTls13 { context: PayloadU8::empty(), extensions: Vec::new(), }; From 4480f0e4f17c0e067e01945608714bb159fae972 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:42:40 -0400 Subject: [PATCH 0261/1145] msgs: NewSessionTicketPayloadTLS13 -> NewSessionTicketPayloadTls13 This commit renames the `NewSessionTicketPayloadTLS13` struct to `NewSessionTicketPayloadTls13` to meet Rust naming conventions. --- rustls/src/client/tls13.rs | 4 ++-- rustls/src/msgs/handshake.rs | 10 +++++----- rustls/src/msgs/handshake_test.rs | 6 +++--- rustls/src/server/tls13.rs | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 4ca8bb85b0..c6f1e41e8b 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -16,7 +16,7 @@ use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::enums::ExtensionType; use crate::msgs::enums::KeyUpdateRequest; -use crate::msgs::handshake::NewSessionTicketPayloadTLS13; +use crate::msgs::handshake::NewSessionTicketPayloadTls13; use crate::msgs::handshake::{CertificateEntry, CertificatePayloadTls13}; use crate::msgs::handshake::{ClientExtension, ServerExtension}; use crate::msgs::handshake::{HandshakeMessagePayload, HandshakePayload}; @@ -940,7 +940,7 @@ impl ExpectTraffic { fn handle_new_ticket_tls13( &mut self, cx: &mut ClientContext<'_>, - nst: &NewSessionTicketPayloadTLS13, + nst: &NewSessionTicketPayloadTls13, ) -> Result<(), Error> { if nst.has_duplicate_extension() { return Err(cx.common.send_fatal_alert( diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index dfb67063a8..4da24d602b 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1918,7 +1918,7 @@ impl TlsListElement for NewSessionTicketExtension { } #[derive(Debug)] -pub struct NewSessionTicketPayloadTLS13 { +pub struct NewSessionTicketPayloadTls13 { pub lifetime: u32, pub age_add: u32, pub nonce: PayloadU8, @@ -1926,7 +1926,7 @@ pub struct NewSessionTicketPayloadTLS13 { pub exts: Vec, } -impl NewSessionTicketPayloadTLS13 { +impl NewSessionTicketPayloadTls13 { pub fn new(lifetime: u32, age_add: u32, nonce: Vec, ticket: Vec) -> Self { Self { lifetime, @@ -1967,7 +1967,7 @@ impl NewSessionTicketPayloadTLS13 { } } -impl Codec for NewSessionTicketPayloadTLS13 { +impl Codec for NewSessionTicketPayloadTls13 { fn encode(&self, bytes: &mut Vec) { self.lifetime.encode(bytes); self.age_add.encode(bytes); @@ -2047,7 +2047,7 @@ pub enum HandshakePayload { EndOfEarlyData, ClientKeyExchange(Payload), NewSessionTicket(NewSessionTicketPayload), - NewSessionTicketTLS13(NewSessionTicketPayloadTLS13), + NewSessionTicketTLS13(NewSessionTicketPayloadTls13), EncryptedExtensions(Vec), KeyUpdate(KeyUpdateRequest), Finished(Payload), @@ -2164,7 +2164,7 @@ impl HandshakeMessagePayload { HandshakePayload::CertificateVerify(DigitallySignedStruct::read(&mut sub)?) } HandshakeType::NewSessionTicket if vers == ProtocolVersion::TLSv1_3 => { - let p = NewSessionTicketPayloadTLS13::read(&mut sub)?; + let p = NewSessionTicketPayloadTls13::read(&mut sub)?; HandshakePayload::NewSessionTicketTLS13(p) } HandshakeType::NewSessionTicket => { diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index b67b885012..59e5a1df54 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -13,7 +13,7 @@ use crate::msgs::handshake::{ ConvertProtocolNameList, ConvertServerNameList, DistinguishedName, EcParameters, EcdheServerKeyExchange, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, HelloRetryExtension, HelloRetryRequest, KeyShareEntry, NewSessionTicketExtension, - NewSessionTicketPayload, NewSessionTicketPayloadTLS13, PresharedKeyBinder, + NewSessionTicketPayload, NewSessionTicketPayloadTls13, PresharedKeyBinder, PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, ServerEcdhParams, ServerExtension, ServerHelloPayload, ServerKeyExchangePayload, SessionId, UnknownExtension, }; @@ -855,8 +855,8 @@ fn get_sample_newsessionticketpayload() -> NewSessionTicketPayload { } } -fn get_sample_newsessionticketpayloadtls13() -> NewSessionTicketPayloadTLS13 { - NewSessionTicketPayloadTLS13 { +fn get_sample_newsessionticketpayloadtls13() -> NewSessionTicketPayloadTls13 { + NewSessionTicketPayloadTls13 { lifetime: 123, age_add: 1234, nonce: PayloadU8(vec![1, 2, 3]), diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index b933c57bad..999ef11b90 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -15,7 +15,7 @@ use crate::msgs::codec::Codec; use crate::msgs::enums::KeyUpdateRequest; use crate::msgs::handshake::HandshakeMessagePayload; use crate::msgs::handshake::HandshakePayload; -use crate::msgs::handshake::{NewSessionTicketExtension, NewSessionTicketPayloadTLS13}; +use crate::msgs::handshake::{NewSessionTicketExtension, NewSessionTicketPayloadTls13}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; use crate::rand; @@ -1125,7 +1125,7 @@ impl ExpectFinished { (id, stateful_lifetime) }; - let mut payload = NewSessionTicketPayloadTLS13::new(lifetime, age_add, nonce, ticket); + let mut payload = NewSessionTicketPayloadTls13::new(lifetime, age_add, nonce, ticket); if config.max_early_data_size > 0 { if !stateless { From ca4a5338ae10717deccd35a5b3fef40fe857d920 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:43:44 -0400 Subject: [PATCH 0262/1145] msgs: HandshakePayload::CertificateTLS13 -> CertificateTls13 This commit renames the `HandshakePayload::CertificateTLS13` variant to `CertificateTls13` to match Rust naming conventions. --- rustls/src/client/tls13.rs | 6 +++--- rustls/src/msgs/handshake.rs | 6 +++--- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/server/tls13.rs | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index c6f1e41e8b..1873640080 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -476,7 +476,7 @@ impl State for ExpectCertificateOrCertReq { MessagePayload::Handshake { parsed: HandshakeMessagePayload { - payload: HandshakePayload::CertificateTLS13(..), + payload: HandshakePayload::CertificateTls13(..), .. }, .. @@ -604,7 +604,7 @@ impl State for ExpectCertificate { let cert_chain = require_handshake_msg!( m, HandshakeType::Certificate, - HandshakePayload::CertificateTLS13 + HandshakePayload::CertificateTls13 )?; self.transcript.add_message(&m); @@ -741,7 +741,7 @@ fn emit_certificate_tls13( version: ProtocolVersion::TLSv1_3, payload: MessagePayload::handshake(HandshakeMessagePayload { typ: HandshakeType::Certificate, - payload: HandshakePayload::CertificateTLS13(cert_payload), + payload: HandshakePayload::CertificateTls13(cert_payload), }), }; transcript.add_message(&m); diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 4da24d602b..0d322229dc 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2038,7 +2038,7 @@ pub enum HandshakePayload { ServerHello(ServerHelloPayload), HelloRetryRequest(HelloRetryRequest), Certificate(CertificatePayload), - CertificateTLS13(CertificatePayloadTls13), + CertificateTls13(CertificatePayloadTls13), ServerKeyExchange(ServerKeyExchangePayload), CertificateRequest(CertificateRequestPayload), CertificateRequestTLS13(CertificateRequestPayloadTls13), @@ -2065,7 +2065,7 @@ impl HandshakePayload { ServerHello(ref x) => x.encode(bytes), HelloRetryRequest(ref x) => x.encode(bytes), Certificate(ref x) => x.encode(bytes), - CertificateTLS13(ref x) => x.encode(bytes), + CertificateTls13(ref x) => x.encode(bytes), ServerKeyExchange(ref x) => x.encode(bytes), ClientKeyExchange(ref x) => x.encode(bytes), CertificateRequest(ref x) => x.encode(bytes), @@ -2136,7 +2136,7 @@ impl HandshakeMessagePayload { } HandshakeType::Certificate if vers == ProtocolVersion::TLSv1_3 => { let p = CertificatePayloadTls13::read(&mut sub)?; - HandshakePayload::CertificateTLS13(p) + HandshakePayload::CertificateTls13(p) } HandshakeType::Certificate => { HandshakePayload::Certificate(CertificatePayload::read(&mut sub)?) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 59e5a1df54..e5191c0a63 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -1026,7 +1026,7 @@ fn get_all_tls13_handshake_payloads() -> Vec { }, HandshakeMessagePayload { typ: HandshakeType::Certificate, - payload: HandshakePayload::CertificateTLS13(get_sample_certificatepayloadtls13()), + payload: HandshakePayload::CertificateTls13(get_sample_certificatepayloadtls13()), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 999ef11b90..fe1deaf748 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -772,7 +772,7 @@ mod client_hello { version: ProtocolVersion::TLSv1_3, payload: MessagePayload::handshake(HandshakeMessagePayload { typ: HandshakeType::Certificate, - payload: HandshakePayload::CertificateTLS13(cert_body), + payload: HandshakePayload::CertificateTls13(cert_body), }), }; @@ -887,7 +887,7 @@ impl State for ExpectCertificate { let certp = require_handshake_msg!( m, HandshakeType::Certificate, - HandshakePayload::CertificateTLS13 + HandshakePayload::CertificateTls13 )?; self.transcript.add_message(&m); From b22cda803d612b1cb85df72a928eebf81ab12af7 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:44:31 -0400 Subject: [PATCH 0263/1145] msgs: HandshakePayload::CertificateRequestTLS13 -> CertificateRequestTls13 This commit renames the `HandshakePayload::CertificateRequestTLS13` variant to `CertificateRequestTls13` to meet Rust naming conventions. --- rustls/src/client/tls13.rs | 4 ++-- rustls/src/msgs/handshake.rs | 6 +++--- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/server/tls13.rs | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 1873640080..ca735e8a7b 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -493,7 +493,7 @@ impl State for ExpectCertificateOrCertReq { MessagePayload::Handshake { parsed: HandshakeMessagePayload { - payload: HandshakePayload::CertificateRequestTLS13(..), + payload: HandshakePayload::CertificateRequestTls13(..), .. }, .. @@ -535,7 +535,7 @@ impl State for ExpectCertificateRequest { let certreq = &require_handshake_msg!( m, HandshakeType::CertificateRequest, - HandshakePayload::CertificateRequestTLS13 + HandshakePayload::CertificateRequestTls13 )?; self.transcript.add_message(&m); debug!("Got CertificateRequest {:?}", certreq); diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 0d322229dc..b6eed7174f 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2041,7 +2041,7 @@ pub enum HandshakePayload { CertificateTls13(CertificatePayloadTls13), ServerKeyExchange(ServerKeyExchangePayload), CertificateRequest(CertificateRequestPayload), - CertificateRequestTLS13(CertificateRequestPayloadTls13), + CertificateRequestTls13(CertificateRequestPayloadTls13), CertificateVerify(DigitallySignedStruct), ServerHelloDone, EndOfEarlyData, @@ -2069,7 +2069,7 @@ impl HandshakePayload { ServerKeyExchange(ref x) => x.encode(bytes), ClientKeyExchange(ref x) => x.encode(bytes), CertificateRequest(ref x) => x.encode(bytes), - CertificateRequestTLS13(ref x) => x.encode(bytes), + CertificateRequestTls13(ref x) => x.encode(bytes), CertificateVerify(ref x) => x.encode(bytes), NewSessionTicket(ref x) => x.encode(bytes), NewSessionTicketTLS13(ref x) => x.encode(bytes), @@ -2154,7 +2154,7 @@ impl HandshakeMessagePayload { } HandshakeType::CertificateRequest if vers == ProtocolVersion::TLSv1_3 => { let p = CertificateRequestPayloadTls13::read(&mut sub)?; - HandshakePayload::CertificateRequestTLS13(p) + HandshakePayload::CertificateRequestTls13(p) } HandshakeType::CertificateRequest => { let p = CertificateRequestPayload::read(&mut sub)?; diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index e5191c0a63..92cee6a19d 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -1042,7 +1042,7 @@ fn get_all_tls13_handshake_payloads() -> Vec { }, HandshakeMessagePayload { typ: HandshakeType::CertificateRequest, - payload: HandshakePayload::CertificateRequestTLS13( + payload: HandshakePayload::CertificateRequestTls13( get_sample_certificaterequestpayloadtls13(), ), }, diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index fe1deaf748..d99e774755 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -730,7 +730,7 @@ mod client_hello { version: ProtocolVersion::TLSv1_3, payload: MessagePayload::handshake(HandshakeMessagePayload { typ: HandshakeType::CertificateRequest, - payload: HandshakePayload::CertificateRequestTLS13(cr), + payload: HandshakePayload::CertificateRequestTls13(cr), }), }; From 52c2aa3fb056229bf853e2e8627ef87978235c15 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:45:28 -0400 Subject: [PATCH 0264/1145] msgs: HandshakePayload::NewSessionTicketTLS13 -> NewSessionTicketTls13 This commit renames the `HandshakePayload::NewSessionTicketTLS13` variant to `NewSessionTicketTls13` to meet Rust naming conventions. --- rustls/src/client/tls13.rs | 4 ++-- rustls/src/msgs/handshake.rs | 6 +++--- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/server/tls13.rs | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index ca735e8a7b..96d31b7f4b 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -1027,7 +1027,7 @@ impl State for ExpectTraffic { MessagePayload::Handshake { parsed: HandshakeMessagePayload { - payload: HandshakePayload::NewSessionTicketTLS13(ref new_ticket), + payload: HandshakePayload::NewSessionTicketTls13(ref new_ticket), .. }, .. @@ -1077,7 +1077,7 @@ impl State for ExpectQuicTraffic { let nst = require_handshake_msg!( m, HandshakeType::NewSessionTicket, - HandshakePayload::NewSessionTicketTLS13 + HandshakePayload::NewSessionTicketTls13 )?; self.0 .handle_new_ticket_tls13(cx, nst)?; diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index b6eed7174f..8a55a195a6 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2047,7 +2047,7 @@ pub enum HandshakePayload { EndOfEarlyData, ClientKeyExchange(Payload), NewSessionTicket(NewSessionTicketPayload), - NewSessionTicketTLS13(NewSessionTicketPayloadTls13), + NewSessionTicketTls13(NewSessionTicketPayloadTls13), EncryptedExtensions(Vec), KeyUpdate(KeyUpdateRequest), Finished(Payload), @@ -2072,7 +2072,7 @@ impl HandshakePayload { CertificateRequestTls13(ref x) => x.encode(bytes), CertificateVerify(ref x) => x.encode(bytes), NewSessionTicket(ref x) => x.encode(bytes), - NewSessionTicketTLS13(ref x) => x.encode(bytes), + NewSessionTicketTls13(ref x) => x.encode(bytes), EncryptedExtensions(ref x) => x.encode(bytes), KeyUpdate(ref x) => x.encode(bytes), Finished(ref x) => x.encode(bytes), @@ -2165,7 +2165,7 @@ impl HandshakeMessagePayload { } HandshakeType::NewSessionTicket if vers == ProtocolVersion::TLSv1_3 => { let p = NewSessionTicketPayloadTls13::read(&mut sub)?; - HandshakePayload::NewSessionTicketTLS13(p) + HandshakePayload::NewSessionTicketTls13(p) } HandshakeType::NewSessionTicket => { let p = NewSessionTicketPayload::read(&mut sub)?; diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 92cee6a19d..cb08182ca2 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -1063,7 +1063,7 @@ fn get_all_tls13_handshake_payloads() -> Vec { }, HandshakeMessagePayload { typ: HandshakeType::NewSessionTicket, - payload: HandshakePayload::NewSessionTicketTLS13( + payload: HandshakePayload::NewSessionTicketTls13( get_sample_newsessionticketpayloadtls13(), ), }, diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index d99e774755..d518d593e6 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1145,7 +1145,7 @@ impl ExpectFinished { version: ProtocolVersion::TLSv1_3, payload: MessagePayload::handshake(HandshakeMessagePayload { typ: HandshakeType::NewSessionTicket, - payload: HandshakePayload::NewSessionTicketTLS13(payload), + payload: HandshakePayload::NewSessionTicketTls13(payload), }), }; From 326008d032a86680d82335b8a95b245c46136913 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 11:56:55 -0400 Subject: [PATCH 0265/1145] tests: ServerCheckNoSNI -> ServerCheckNoSni This commit renames the `ServerCheckNoSNI` struct to `ServerCheckNoSni` to match Rust naming conventions. --- rustls/tests/api.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index bc2f22b8a2..5ec1d5df3b 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -949,9 +949,9 @@ fn server_cert_resolve_reduces_sigalgs_for_ecdsa_ciphersuite() { ); } -struct ServerCheckNoSNI {} +struct ServerCheckNoSni {} -impl ResolvesServerCert for ServerCheckNoSNI { +impl ResolvesServerCert for ServerCheckNoSni { fn resolve(&self, client_hello: ClientHello) -> Option> { assert!(client_hello.server_name().is_none()); @@ -963,7 +963,7 @@ impl ResolvesServerCert for ServerCheckNoSNI { fn client_with_sni_disabled_does_not_send_sni() { for kt in ALL_KEY_TYPES.iter() { let mut server_config = make_server_config(*kt); - server_config.cert_resolver = Arc::new(ServerCheckNoSNI {}); + server_config.cert_resolver = Arc::new(ServerCheckNoSni {}); let server_config = Arc::new(server_config); for version in rustls::ALL_VERSIONS { From 9387bcbd4e5fac6259cfb76a885b12fb82854329 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 17 Oct 2023 10:44:18 -0400 Subject: [PATCH 0266/1145] proj: enforce aggressive upper_case_acronyms lint --- .clippy.toml | 1 + rustls/src/lib.rs | 1 + 2 files changed, 2 insertions(+) create mode 100644 .clippy.toml diff --git a/.clippy.toml b/.clippy.toml new file mode 100644 index 0000000000..cc94ec53e1 --- /dev/null +++ b/.clippy.toml @@ -0,0 +1 @@ +upper-case-acronyms-aggressive = true diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 04fe2b488a..83d595cd63 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -265,6 +265,7 @@ clippy::clone_on_ref_ptr, clippy::std_instead_of_core, clippy::use_self, + clippy::upper_case_acronyms, trivial_casts, trivial_numeric_casts, missing_docs, From 22a808a2128cd707a0faf2265e2dd75c266b4e3f Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 13 Oct 2023 19:59:19 +0200 Subject: [PATCH 0267/1145] Run cargo-check-external-types in CI This needs nightly, which is affixed as the version documneted as working by cargo-check-external-types. external-types.toml is a config file as a starting point: it allows all types from pki-types. This currently fails due to some `impl From` on public types. --- .github/workflows/build.yml | 18 ++++++++++++++++++ rustls/external-types.toml | 3 +++ 2 files changed, 21 insertions(+) create mode 100644 rustls/external-types.toml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 482d121525..bd1e32441e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -312,3 +312,21 @@ jobs: - run: cargo clippy --locked --manifest-path=connect-tests/Cargo.toml --all-features --all-targets - run: cargo clippy --locked --manifest-path=fuzz/Cargo.toml --all-features --all-targets - run: cargo clippy --locked --manifest-path=provider-example/Cargo.toml --all-features --all-targets + + check-external-types: + name: Validate external types appearing in public API + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Install rust toolchain + uses: dtolnay/rust-toolchain@master + with: + toolchain: nightly-2023-10-10 + # ^ sync with https://github.com/awslabs/cargo-check-external-types/blob/main/rust-toolchain.toml + - run: cargo install --locked cargo-check-external-types + - name: run cargo-check-external-types for rustls/ + working-directory: rustls/ + run: cargo check-external-types --config external-types.toml diff --git a/rustls/external-types.toml b/rustls/external-types.toml new file mode 100644 index 0000000000..2dc0b72cf4 --- /dev/null +++ b/rustls/external-types.toml @@ -0,0 +1,3 @@ +allowed_external_types = [ + "rustls_pki_types::*", +] From 2e0ea5dfb05261a717d6d73584bc15337a00e210 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 13 Oct 2023 20:56:55 +0200 Subject: [PATCH 0268/1145] Move up conversion into CertRevocationListError --- rustls/src/webpki/mod.rs | 22 ++++++++++++++++++++++ rustls/src/webpki/verify.rs | 25 ++----------------------- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 714d6a5c42..034d4fd91a 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -43,3 +43,25 @@ fn pki_error(error: webpki::Error) -> Error { _ => CertificateError::Other(Arc::new(error)).into(), } } + +impl From for CertRevocationListError { + fn from(e: webpki::Error) -> Self { + use webpki::Error::*; + match e { + InvalidCrlSignatureForPublicKey + | UnsupportedCrlSignatureAlgorithm + | UnsupportedCrlSignatureAlgorithmForPublicKey => Self::BadSignature, + InvalidCrlNumber => Self::InvalidCrlNumber, + InvalidSerialNumber => Self::InvalidRevokedCertSerialNumber, + IssuerNotCrlSigner => Self::IssuerInvalidForCrl, + MalformedExtensions | BadDer | BadDerTime => Self::ParseError, + UnsupportedCriticalExtension => Self::UnsupportedCriticalExtension, + UnsupportedCrlVersion => Self::UnsupportedCrlVersion, + UnsupportedDeltaCrl => Self::UnsupportedDeltaCrl, + UnsupportedIndirectCrl => Self::UnsupportedIndirectCrl, + UnsupportedRevocationReason => Self::UnsupportedRevocationReason, + + _ => Self::Other(Arc::new(e)), + } + } +} diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index a07d56f661..8871f4a85d 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -11,7 +11,7 @@ use super::client_verifier_builder::ClientCertVerifierBuilder; use super::pki_error; use crate::client::ServerName; use crate::enums::SignatureScheme; -use crate::error::{CertRevocationListError, CertificateError, Error, PeerMisbehaved}; +use crate::error::{CertificateError, Error, PeerMisbehaved}; #[cfg(feature = "logging")] use crate::log::trace; use crate::msgs::handshake::DistinguishedName; @@ -385,28 +385,6 @@ pub(crate) enum AnonymousClientPolicy { Deny, } -impl From for CertRevocationListError { - fn from(e: webpki::Error) -> Self { - use webpki::Error::*; - match e { - InvalidCrlSignatureForPublicKey - | UnsupportedCrlSignatureAlgorithm - | UnsupportedCrlSignatureAlgorithmForPublicKey => Self::BadSignature, - InvalidCrlNumber => Self::InvalidCrlNumber, - InvalidSerialNumber => Self::InvalidRevokedCertSerialNumber, - IssuerNotCrlSigner => Self::IssuerInvalidForCrl, - MalformedExtensions | BadDer | BadDerTime => Self::ParseError, - UnsupportedCriticalExtension => Self::UnsupportedCriticalExtension, - UnsupportedCrlVersion => Self::UnsupportedCrlVersion, - UnsupportedDeltaCrl => Self::UnsupportedDeltaCrl, - UnsupportedIndirectCrl => Self::UnsupportedIndirectCrl, - UnsupportedRevocationReason => Self::UnsupportedRevocationReason, - - _ => Self::Other(Arc::new(e)), - } - } -} - /// Describes which `webpki` signature verification algorithms are supported and /// how they map to TLS `SignatureScheme`s. #[derive(Clone, Copy)] @@ -596,6 +574,7 @@ impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { #[cfg(test)] mod tests { use super::*; + use crate::error::CertRevocationListError; #[test] fn pki_crl_errors() { From e2f08a9c1b43aa2ec9a90b6a07b9146f56f254dc Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 13 Oct 2023 20:39:40 +0200 Subject: [PATCH 0269/1145] Privatise conversion into CertRevocationListError --- rustls/src/webpki/client_verifier_builder.rs | 3 +- rustls/src/webpki/mod.rs | 34 +++++++++----------- rustls/src/webpki/verify.rs | 10 ++---- 3 files changed, 21 insertions(+), 26 deletions(-) diff --git a/rustls/src/webpki/client_verifier_builder.rs b/rustls/src/webpki/client_verifier_builder.rs index 556bbc63bd..5668b66ef8 100644 --- a/rustls/src/webpki/client_verifier_builder.rs +++ b/rustls/src/webpki/client_verifier_builder.rs @@ -6,6 +6,7 @@ use std::error::Error as StdError; use pki_types::CertificateRevocationListDer; use webpki::BorrowedCertRevocationList; +use super::crl_error; use super::verify::{AnonymousClientPolicy, WebPkiClientVerifier, WebPkiSupportedAlgorithms}; use crate::verify::ClientCertVerifier; use crate::{CertRevocationListError, RootCertStore}; @@ -101,7 +102,7 @@ impl ClientCertVerifierBuilder { .map(|der_crl| { BorrowedCertRevocationList::from_der(der_crl.as_ref()) .and_then(|crl| crl.to_owned()) - .map_err(CertRevocationListError::from) + .map_err(crl_error) }) .collect::, CertRevocationListError>>()?, self.anon_policy, diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 034d4fd91a..560f4808b8 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -44,24 +44,22 @@ fn pki_error(error: webpki::Error) -> Error { } } -impl From for CertRevocationListError { - fn from(e: webpki::Error) -> Self { - use webpki::Error::*; - match e { - InvalidCrlSignatureForPublicKey - | UnsupportedCrlSignatureAlgorithm - | UnsupportedCrlSignatureAlgorithmForPublicKey => Self::BadSignature, - InvalidCrlNumber => Self::InvalidCrlNumber, - InvalidSerialNumber => Self::InvalidRevokedCertSerialNumber, - IssuerNotCrlSigner => Self::IssuerInvalidForCrl, - MalformedExtensions | BadDer | BadDerTime => Self::ParseError, - UnsupportedCriticalExtension => Self::UnsupportedCriticalExtension, - UnsupportedCrlVersion => Self::UnsupportedCrlVersion, - UnsupportedDeltaCrl => Self::UnsupportedDeltaCrl, - UnsupportedIndirectCrl => Self::UnsupportedIndirectCrl, - UnsupportedRevocationReason => Self::UnsupportedRevocationReason, +fn crl_error(e: webpki::Error) -> CertRevocationListError { + use webpki::Error::*; + match e { + InvalidCrlSignatureForPublicKey + | UnsupportedCrlSignatureAlgorithm + | UnsupportedCrlSignatureAlgorithmForPublicKey => CertRevocationListError::BadSignature, + InvalidCrlNumber => CertRevocationListError::InvalidCrlNumber, + InvalidSerialNumber => CertRevocationListError::InvalidRevokedCertSerialNumber, + IssuerNotCrlSigner => CertRevocationListError::IssuerInvalidForCrl, + MalformedExtensions | BadDer | BadDerTime => CertRevocationListError::ParseError, + UnsupportedCriticalExtension => CertRevocationListError::UnsupportedCriticalExtension, + UnsupportedCrlVersion => CertRevocationListError::UnsupportedCrlVersion, + UnsupportedDeltaCrl => CertRevocationListError::UnsupportedDeltaCrl, + UnsupportedIndirectCrl => CertRevocationListError::UnsupportedIndirectCrl, + UnsupportedRevocationReason => CertRevocationListError::UnsupportedRevocationReason, - _ => Self::Other(Arc::new(e)), - } + _ => CertRevocationListError::Other(Arc::new(e)), } } diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 8871f4a85d..8026b484a2 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -573,6 +573,7 @@ impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { #[cfg(test)] mod tests { + use super::super::crl_error; use super::*; use crate::error::CertRevocationListError; @@ -643,16 +644,11 @@ mod tests { ), ]; for t in testcases { - assert_eq!( - >::into(t.0), - t.1 - ); + assert_eq!(crl_error(t.0), t.1); } assert!(matches!( - >::into( - webpki::Error::NameConstraintViolation - ), + crl_error(webpki::Error::NameConstraintViolation), Other(_) )); } From 23151675dcf8377f733259991a05b06416879761 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 13 Oct 2023 20:43:35 +0200 Subject: [PATCH 0270/1145] Inline and privatise conversion into crypto::hmac::Tag --- rustls/src/crypto/ring/hmac.rs | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index d82b27fa41..5924e244e7 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -30,7 +30,7 @@ impl crypto::hmac::Key for Key { ctx.update(d); } ctx.update(last); - ctx.sign().into() + crypto::hmac::Tag::new(ctx.sign().as_ref()) } fn tag_len(&self) -> usize { @@ -40,9 +40,3 @@ impl crypto::hmac::Key for Key { .output_len() } } - -impl From for crypto::hmac::Tag { - fn from(val: ring::hmac::Tag) -> Self { - Self::new(val.as_ref()) - } -} From c3f6b8883fa518964b1438a1fd678bf59d57366a Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 13 Oct 2023 20:55:08 +0200 Subject: [PATCH 0271/1145] Privatise conversion into crypto::hash::Output --- rustls/src/crypto/ring/hash.rs | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/rustls/src/crypto/ring/hash.rs b/rustls/src/crypto/ring/hash.rs index bfb45cd4d0..596c9d2c07 100644 --- a/rustls/src/crypto/ring/hash.rs +++ b/rustls/src/crypto/ring/hash.rs @@ -17,7 +17,7 @@ impl crypto::hash::Hash for Hash { fn hash(&self, bytes: &[u8]) -> crypto::hash::Output { let mut ctx = ring::digest::Context::new(self.0); ctx.update(bytes); - ctx.finish().into() + convert(ctx.finish()) } fn output_len(&self) -> usize { @@ -33,7 +33,7 @@ struct Context(ring::digest::Context); impl crypto::hash::Context for Context { fn fork_finish(&self) -> crypto::hash::Output { - self.0.clone().finish().into() + convert(self.0.clone().finish()) } fn fork(&self) -> Box { @@ -41,7 +41,7 @@ impl crypto::hash::Context for Context { } fn finish(self: Box) -> crypto::hash::Output { - self.0.finish().into() + convert(self.0.finish()) } fn update(&mut self, data: &[u8]) { @@ -49,8 +49,6 @@ impl crypto::hash::Context for Context { } } -impl From for crypto::hash::Output { - fn from(val: ring::digest::Digest) -> Self { - Self::new(val.as_ref()) - } +fn convert(val: ring::digest::Digest) -> crypto::hash::Output { + crypto::hash::Output::new(val.as_ref()) } From 50209cf338468d69ce4b250a6a9d3a3c6a681033 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Oct 2023 18:45:48 +0000 Subject: [PATCH 0272/1145] build(deps): bump rustix from 0.38.17 to 0.38.19 Bumps [rustix](https://github.com/bytecodealliance/rustix) from 0.38.17 to 0.38.19. - [Release notes](https://github.com/bytecodealliance/rustix/releases) - [Commits](https://github.com/bytecodealliance/rustix/compare/v0.38.17...v0.38.19) --- updated-dependencies: - dependency-name: rustix dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a0075e4061..72a94538b6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -833,9 +833,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.17" +version = "0.38.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f25469e9ae0f3d0047ca8b93fc56843f38e6774f0914a107ff8b41be8be8e0b7" +checksum = "745ecfa778e66b2b63c88a61cb36e0eea109e803b0b86bf9879fbc77c70e86ed" dependencies = [ "bitflags", "errno", From 3b8a7c3afbc0a90a048316584a8b7f27bb87995e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 18 Oct 2023 17:02:15 -0400 Subject: [PATCH 0273/1145] ci: move external types config to cargo metadata As of cargo-check-external-types v0.1.9 the tool can read its configuration from the crate `Cargo.toml` metadata, removing the need for a standalone TOML file and the `--config` arg. This commit switches to that style of configuration. --- .github/workflows/build.yml | 2 +- rustls/Cargo.toml | 5 +++++ rustls/external-types.toml | 3 --- 3 files changed, 6 insertions(+), 4 deletions(-) delete mode 100644 rustls/external-types.toml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bd1e32441e..e0ade283b3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -329,4 +329,4 @@ jobs: - run: cargo install --locked cargo-check-external-types - name: run cargo-check-external-types for rustls/ working-directory: rustls/ - run: cargo check-external-types --config external-types.toml + run: cargo check-external-types diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 104310a62c..bdb77d9613 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -57,3 +57,8 @@ required-features = ["ring"] [package.metadata.docs.rs] all-features = true rustdoc-args = ["--cfg", "docsrs"] + +[package.metadata.cargo_check_external_types] +allowed_external_types = [ + "rustls_pki_types::*", +] diff --git a/rustls/external-types.toml b/rustls/external-types.toml deleted file mode 100644 index 2dc0b72cf4..0000000000 --- a/rustls/external-types.toml +++ /dev/null @@ -1,3 +0,0 @@ -allowed_external_types = [ - "rustls_pki_types::*", -] From 61ac3b2c7b9365b1d957de6c33bca25812415490 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 18 Oct 2023 13:04:22 +0100 Subject: [PATCH 0274/1145] Rework enum_builder macro The goal of this is to make the visibility of the type it produces explicit rather than implicit. As a side effect, it makes the declarations a bit less odd-looking. --- rustls/src/enums.rs | 21 ++++++------------ rustls/src/msgs/enums.rs | 45 +++++++++++++-------------------------- rustls/src/msgs/macros.rs | 18 ++++++++-------- 3 files changed, 31 insertions(+), 53 deletions(-) diff --git a/rustls/src/enums.rs b/rustls/src/enums.rs index 087e92f3ed..fd5a653ab5 100644 --- a/rustls/src/enums.rs +++ b/rustls/src/enums.rs @@ -7,8 +7,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: AlertDescription; - EnumVal{ + pub enum AlertDescription { CloseNotify => 0x00, UnexpectedMessage => 0x0a, BadRecordMac => 0x14, @@ -51,8 +50,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: HandshakeType; - EnumVal{ + pub enum HandshakeType { HelloRequest => 0x00, ClientHello => 0x01, ServerHello => 0x02, @@ -80,8 +78,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: ContentType; - EnumVal{ + pub enum ContentType { ChangeCipherSpec => 0x14, Alert => 0x15, Handshake => 0x16, @@ -95,8 +92,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U16 - EnumName: ProtocolVersion; - EnumVal{ + pub enum ProtocolVersion { SSLv2 => 0x0200, SSLv3 => 0x0300, TLSv1_0 => 0x0301, @@ -114,8 +110,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U16 - EnumName: CipherSuite; - EnumVal{ + pub enum CipherSuite { TLS_NULL_WITH_NULL_NULL => 0x0000, TLS_RSA_WITH_NULL_MD5 => 0x0001, TLS_RSA_WITH_NULL_SHA => 0x0002, @@ -500,8 +495,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U16 - EnumName: SignatureScheme; - EnumVal{ + pub enum SignatureScheme { RSA_PKCS1_SHA1 => 0x0201, ECDSA_SHA1_Legacy => 0x0203, RSA_PKCS1_SHA256 => 0x0401, @@ -560,8 +554,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: SignatureAlgorithm; - EnumVal{ + pub enum SignatureAlgorithm { Anonymous => 0x00, RSA => 0x01, DSA => 0x02, diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 8d91f0a138..8423b3566c 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -8,8 +8,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: HashAlgorithm; - EnumVal{ + pub enum HashAlgorithm { NONE => 0x00, MD5 => 0x01, SHA1 => 0x02, @@ -25,8 +24,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: ClientCertificateType; - EnumVal{ + pub enum ClientCertificateType { RSASign => 0x01, DSSSign => 0x02, RSAFixedDH => 0x03, @@ -45,8 +43,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: Compression; - EnumVal{ + pub enum Compression { Null => 0x00, Deflate => 0x01, LSZ => 0x40 @@ -58,8 +55,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: AlertLevel; - EnumVal{ + pub enum AlertLevel { Warning => 0x01, Fatal => 0x02 } @@ -70,8 +66,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: HeartbeatMessageType; - EnumVal{ + pub enum HeartbeatMessageType { Request => 0x01, Response => 0x02 } @@ -82,8 +77,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U16 - EnumName: ExtensionType; - EnumVal{ + pub enum ExtensionType { ServerName => 0x0000, MaxFragmentLength => 0x0001, ClientCertificateUrl => 0x0002, @@ -129,8 +123,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: ServerNameType; - EnumVal{ + pub enum ServerNameType { HostName => 0x00 } } @@ -145,8 +138,7 @@ enum_builder! { /// Rustls supports. See [`crate::crypto::ring::kx_group`] for the list of supported /// elliptic curve groups. @U16 - EnumName: NamedCurve; - EnumVal{ + pub enum NamedCurve { sect163k1 => 0x0001, sect163r1 => 0x0002, sect163r2 => 0x0003, @@ -187,8 +179,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U16 - EnumName: NamedGroup; - EnumVal{ + pub enum NamedGroup { secp256r1 => 0x0017, secp384r1 => 0x0018, secp521r1 => 0x0019, @@ -207,8 +198,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: ECPointFormat; - EnumVal{ + pub enum ECPointFormat { Uncompressed => 0x00, ANSIX962CompressedPrime => 0x01, ANSIX962CompressedChar2 => 0x02 @@ -224,8 +214,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: HeartbeatMode; - EnumVal{ + pub enum HeartbeatMode { PeerAllowedToSend => 0x01, PeerNotAllowedToSend => 0x02 } @@ -236,8 +225,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: ECCurveType; - EnumVal{ + pub enum ECCurveType { ExplicitPrime => 0x01, ExplicitChar2 => 0x02, NamedCurve => 0x03 @@ -249,8 +237,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: PSKKeyExchangeMode; - EnumVal{ + pub enum PSKKeyExchangeMode { PSK_KE => 0x00, PSK_DHE_KE => 0x01 } @@ -261,8 +248,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: KeyUpdateRequest; - EnumVal{ + pub enum KeyUpdateRequest { UpdateNotRequested => 0x00, UpdateRequested => 0x01 } @@ -273,8 +259,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - EnumName: CertificateStatusType; - EnumVal{ + pub enum CertificateStatusType { OCSP => 0x01 } } diff --git a/rustls/src/msgs/macros.rs b/rustls/src/msgs/macros.rs index 3988215ced..3e797930ec 100644 --- a/rustls/src/msgs/macros.rs +++ b/rustls/src/msgs/macros.rs @@ -3,18 +3,18 @@ macro_rules! enum_builder { ( $(#[$comment:meta])* @U8 - EnumName: $enum_name: ident; - EnumVal { $( $enum_var: ident => $enum_val: expr ),* } + $enum_vis:vis enum $enum_name:ident + { $( $enum_var: ident => $enum_val: expr ),* } ) => { $(#[$comment])* #[non_exhaustive] #[derive(Debug, PartialEq, Eq, Clone, Copy)] - pub enum $enum_name { + $enum_vis enum $enum_name { $( $enum_var),* ,Unknown(u8) } impl $enum_name { - pub fn get_u8(&self) -> u8 { + $enum_vis fn get_u8(&self) -> u8 { let x = self.clone(); match x { $( $enum_name::$enum_var => $enum_val),* @@ -48,18 +48,18 @@ macro_rules! enum_builder { ( $(#[$comment:meta])* @U16 - EnumName: $enum_name: ident; - EnumVal { $( $enum_var: ident => $enum_val: expr ),* } + $enum_vis:vis enum $enum_name:ident + { $( $enum_var: ident => $enum_val: expr ),* } ) => { $(#[$comment])* #[non_exhaustive] #[derive(Debug, PartialEq, Eq, Clone, Copy)] - pub enum $enum_name { + $enum_vis enum $enum_name { $( $enum_var),* ,Unknown(u16) } impl $enum_name { - pub fn get_u16(&self) -> u16 { + $enum_vis fn get_u16(&self) -> u16 { let x = self.clone(); match x { $( $enum_name::$enum_var => $enum_val),* @@ -67,7 +67,7 @@ macro_rules! enum_builder { } } - pub fn as_str(&self) -> Option<&'static str> { + $enum_vis fn as_str(&self) -> Option<&'static str> { match self { $( $enum_name::$enum_var => Some(stringify!($enum_var))),* ,$enum_name::Unknown(_) => None, From 237cb255ace0c84a908e0eda8b76b1b9aeed21a7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 18 Oct 2023 15:52:31 +0100 Subject: [PATCH 0275/1145] Make visibility explicit in wrapped_payload macro --- rustls/src/msgs/handshake.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 8a55a195a6..b1007a1f14 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -31,10 +31,10 @@ use std::collections; /// the `PayloadU8` or `PayloadU16` types. This is typically used for types where we don't need /// anything other than access to the underlying bytes. macro_rules! wrapped_payload( - ($(#[$comment:meta])* $name:ident, $inner:ident,) => { + ($(#[$comment:meta])* $vis:vis struct $name:ident, $inner:ident,) => { $(#[$comment])* #[derive(Clone, Debug)] - pub struct $name($inner); + $vis struct $name($inner); impl From> for $name { fn from(v: Vec) -> Self { @@ -315,7 +315,7 @@ impl ConvertServerNameList for [ServerName] { } } -wrapped_payload!(ProtocolName, PayloadU8,); +wrapped_payload!(pub struct ProtocolName, PayloadU8,); impl TlsListElement for ProtocolName { const SIZE_LEN: ListLength = ListLength::U16; @@ -417,7 +417,7 @@ impl TlsListElement for PresharedKeyIdentity { const SIZE_LEN: ListLength = ListLength::U16; } -wrapped_payload!(PresharedKeyBinder, PayloadU8,); +wrapped_payload!(pub struct PresharedKeyBinder, PayloadU8,); impl TlsListElement for PresharedKeyBinder { const SIZE_LEN: ListLength = ListLength::U16; @@ -454,7 +454,7 @@ impl Codec for PresharedKeyOffer { } // --- RFC6066 certificate status request --- -wrapped_payload!(ResponderId, PayloadU16,); +wrapped_payload!(pub struct ResponderId, PayloadU16,); impl TlsListElement for ResponderId { const SIZE_LEN: ListLength = ListLength::U16; @@ -1677,7 +1677,7 @@ wrapped_payload!( /// println!("{}", x509_parser::x509::X509Name::from_der(&name.0)?.1); /// } /// ``` - DistinguishedName, + pub struct DistinguishedName, PayloadU16, ); From 7a3daed1d7c709cf8f6a30cf15369080986905db Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 18 Oct 2023 12:50:19 +0100 Subject: [PATCH 0276/1145] Reduce rustls::internal exports to exactly what is used This causes a cascade of types in `msgs` that were pub but are no longer reachable: most of this commit is from `cargo fix`. --- rustls/examples/internal/bogo_shim.rs | 4 +- rustls/src/lib.rs | 39 +++- rustls/src/msgs/base.rs | 12 +- rustls/src/msgs/codec.rs | 4 +- rustls/src/msgs/deframer.rs | 10 +- rustls/src/msgs/enums.rs | 16 +- rustls/src/msgs/fragmenter.rs | 8 +- rustls/src/msgs/handshake.rs | 274 +++++++++++++------------- rustls/src/msgs/mod.rs | 20 +- rustls/src/msgs/persist.rs | 44 +++-- rustls/src/record_layer.rs | 6 +- rustls/tests/api.rs | 8 +- 12 files changed, 238 insertions(+), 207 deletions(-) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 8d8868b1c0..c9cb70d75b 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -9,7 +9,7 @@ use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVer use rustls::crypto::ring::{kx_group, Ticketer, ALL_KX_GROUPS}; use rustls::crypto::SupportedKxGroup; use rustls::internal::msgs::codec::Codec; -use rustls::internal::msgs::persist; +use rustls::internal::msgs::persist::ServerSessionValue; use rustls::server::{ClientHello, ServerConfig, ServerConnection}; use rustls::{ self, client, server, sign, version, AlertDescription, CertificateError, Connection, @@ -406,7 +406,7 @@ fn align_time() { impl server::StoresServerSessions for ServerCacheWithResumptionDelay { fn put(&self, key: Vec, value: Vec) -> bool { - let mut ssv = persist::ServerSessionValue::read_bytes(&value).unwrap(); + let mut ssv = ServerSessionValue::read_bytes(&value).unwrap(); ssv.creation_time_sec -= self.delay as u64; self.storage diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 83d595cd63..6bc8376813 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -365,20 +365,43 @@ mod ticketer; mod versions; mod webpki; -/// Internal classes which may be useful outside the library. +/// Internal classes that are used in integration tests. /// The contents of this section DO NOT form part of the stable interface. +#[allow(missing_docs)] pub mod internal { /// Low-level TLS message parsing and encoding functions. pub mod msgs { - pub use crate::msgs::*; + pub mod base { + pub use crate::msgs::base::{Payload, PayloadU16}; + } + pub mod codec { + pub use crate::msgs::codec::{Codec, Reader}; + } + pub mod deframer { + pub use crate::msgs::deframer::MessageDeframer; + } + pub mod enums { + pub use crate::msgs::enums::{AlertLevel, Compression, NamedGroup}; + } + pub mod fragmenter { + pub use crate::msgs::fragmenter::MessageFragmenter; + } + pub mod handshake { + pub use crate::msgs::handshake::{ + ClientExtension, ClientHelloPayload, DistinguishedName, HandshakeMessagePayload, + HandshakePayload, KeyShareEntry, Random, SessionId, + }; + } + pub mod message { + pub use crate::msgs::message::{Message, MessagePayload, OpaqueMessage, PlainMessage}; + } + pub mod persist { + pub use crate::msgs::persist::ServerSessionValue; + } } - /// Low-level TLS message decryption functions. - pub mod cipher { - pub use crate::crypto::cipher::MessageDecrypter; - } - /// Low-level TLS record layer functions. + pub mod record_layer { - pub use crate::record_layer::{Decrypted, RecordLayer}; + pub use crate::record_layer::RecordLayer; } } diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index 78c6231ff7..ce4b51289d 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -57,10 +57,10 @@ impl fmt::Debug for Payload { /// An arbitrary, unknown-content, u24-length-prefixed payload #[derive(Clone, Eq, PartialEq)] -pub struct PayloadU24(pub Vec); +pub(crate) struct PayloadU24(pub(crate) Vec); impl PayloadU24 { - pub fn new(bytes: Vec) -> Self { + pub(crate) fn new(bytes: Vec) -> Self { Self(bytes) } } @@ -125,18 +125,18 @@ impl fmt::Debug for PayloadU16 { /// An arbitrary, unknown-content, u8-length-prefixed payload #[derive(Clone, Eq, PartialEq)] -pub struct PayloadU8(pub Vec); +pub struct PayloadU8(pub(crate) Vec); impl PayloadU8 { - pub fn new(bytes: Vec) -> Self { + pub(crate) fn new(bytes: Vec) -> Self { Self(bytes) } - pub fn empty() -> Self { + pub(crate) fn empty() -> Self { Self(Vec::new()) } - pub fn into_inner(self) -> Vec { + pub(crate) fn into_inner(self) -> Vec { self.0 } } diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index ac817f28cc..55d246ffe0 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -126,7 +126,7 @@ impl Codec for u8 { } } -pub fn put_u16(v: u16, out: &mut [u8]) { +pub(crate) fn put_u16(v: u16, out: &mut [u8]) { let out: &mut [u8; 2] = (&mut out[..2]).try_into().unwrap(); *out = u16::to_be_bytes(v); } @@ -186,7 +186,7 @@ impl Codec for u32 { } } -pub fn put_u64(v: u64, bytes: &mut [u8]) { +pub(crate) fn put_u64(v: u64, bytes: &mut [u8]) { let bytes: &mut [u8; 8] = (&mut bytes[..8]).try_into().unwrap(); *bytes = u64::to_be_bytes(v); } diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 0f909318e7..9c9f451050 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -221,7 +221,7 @@ impl MessageDeframer { /// Allow pushing handshake messages directly into the buffer. #[cfg(feature = "quic")] - pub fn push(&mut self, version: ProtocolVersion, payload: &[u8]) -> Result<(), Error> { + pub(crate) fn push(&mut self, version: ProtocolVersion, payload: &[u8]) -> Result<(), Error> { if self.used > 0 && self.joining_hs.is_none() { return Err(Error::General( "cannot push QUIC messages into unrelated connection".into(), @@ -432,14 +432,14 @@ fn payload_size(buf: &[u8]) -> Result, Error> { #[derive(Debug)] pub struct Deframed { - pub want_close_before_decrypt: bool, - pub aligned: bool, - pub trial_decryption_finished: bool, + pub(crate) want_close_before_decrypt: bool, + pub(crate) aligned: bool, + pub(crate) trial_decryption_finished: bool, pub message: PlainMessage, } #[derive(Debug)] -pub enum DeframerError { +pub(crate) enum DeframerError { HandshakePayloadSizeTooLarge, } diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 8423b3566c..aa07efd527 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -24,7 +24,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - pub enum ClientCertificateType { + pub(crate) enum ClientCertificateType { RSASign => 0x01, DSSSign => 0x02, RSAFixedDH => 0x03, @@ -66,7 +66,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - pub enum HeartbeatMessageType { + pub(crate) enum HeartbeatMessageType { Request => 0x01, Response => 0x02 } @@ -77,7 +77,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U16 - pub enum ExtensionType { + pub(crate) enum ExtensionType { ServerName => 0x0000, MaxFragmentLength => 0x0001, ClientCertificateUrl => 0x0002, @@ -123,7 +123,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - pub enum ServerNameType { + pub(crate) enum ServerNameType { HostName => 0x00 } } @@ -138,7 +138,7 @@ enum_builder! { /// Rustls supports. See [`crate::crypto::ring::kx_group`] for the list of supported /// elliptic curve groups. @U16 - pub enum NamedCurve { + pub(crate) enum NamedCurve { sect163k1 => 0x0001, sect163r1 => 0x0002, sect163r2 => 0x0003, @@ -206,7 +206,7 @@ enum_builder! { } impl ECPointFormat { - pub const SUPPORTED: [Self; 1] = [Self::Uncompressed]; + pub(crate) const SUPPORTED: [Self; 1] = [Self::Uncompressed]; } enum_builder! { @@ -214,7 +214,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - pub enum HeartbeatMode { + pub(crate) enum HeartbeatMode { PeerAllowedToSend => 0x01, PeerNotAllowedToSend => 0x02 } @@ -225,7 +225,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U8 - pub enum ECCurveType { + pub(crate) enum ECCurveType { ExplicitPrime => 0x01, ExplicitChar2 => 0x02, NamedCurve => 0x03 diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index ac930b1ea7..e0a1c5b3d3 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -2,9 +2,9 @@ use crate::enums::ContentType; use crate::enums::ProtocolVersion; use crate::msgs::message::{BorrowedPlainMessage, PlainMessage}; use crate::Error; -pub const MAX_FRAGMENT_LEN: usize = 16384; -pub const PACKET_OVERHEAD: usize = 1 + 2 + 2; -pub const MAX_FRAGMENT_SIZE: usize = MAX_FRAGMENT_LEN + PACKET_OVERHEAD; +pub(crate) const MAX_FRAGMENT_LEN: usize = 16384; +pub(crate) const PACKET_OVERHEAD: usize = 1 + 2 + 2; +pub(crate) const MAX_FRAGMENT_SIZE: usize = MAX_FRAGMENT_LEN + PACKET_OVERHEAD; pub struct MessageFragmenter { max_frag: usize, @@ -32,7 +32,7 @@ impl MessageFragmenter { /// Enqueue borrowed fragments of (version, typ, payload) which /// are no longer than max_frag onto the `out` deque. - pub fn fragment_slice<'a>( + pub(crate) fn fragment_slice<'a>( &self, typ: ContentType, version: ProtocolVersion, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index b1007a1f14..7ba787984b 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -61,7 +61,7 @@ macro_rules! wrapped_payload( ); #[derive(Clone, Copy, Eq, PartialEq)] -pub struct Random(pub [u8; 32]); +pub struct Random(pub(crate) [u8; 32]); impl fmt::Debug for Random { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { @@ -94,13 +94,15 @@ impl Codec for Random { } impl Random { - pub fn new(provider: &'static dyn CryptoProvider) -> Result { + pub(crate) fn new( + provider: &'static dyn CryptoProvider, + ) -> Result { let mut data = [0u8; 32]; provider.fill_random(&mut data)?; Ok(Self(data)) } - pub fn write_slice(&self, bytes: &mut [u8]) { + pub(crate) fn write_slice(&self, bytes: &mut [u8]) { let buf = self.get_encoding(); bytes.copy_from_slice(&buf); } @@ -171,26 +173,26 @@ impl SessionId { Ok(Self { data, len: 32 }) } - pub fn empty() -> Self { + pub(crate) fn empty() -> Self { Self { data: [0u8; 32], len: 0, } } - pub fn len(&self) -> usize { + pub(crate) fn len(&self) -> usize { self.len } - pub fn is_empty(&self) -> bool { + pub(crate) fn is_empty(&self) -> bool { self.len == 0 } } #[derive(Clone, Debug)] pub struct UnknownExtension { - pub typ: ExtensionType, - pub payload: Payload, + pub(crate) typ: ExtensionType, + pub(crate) payload: Payload, } impl UnknownExtension { @@ -217,13 +219,13 @@ impl TlsListElement for SignatureScheme { } #[derive(Clone, Debug)] -pub enum ServerNamePayload { +pub(crate) enum ServerNamePayload { HostName(DnsName), Unknown(Payload), } impl ServerNamePayload { - pub fn new_hostname(hostname: DnsName) -> Self { + pub(crate) fn new_hostname(hostname: DnsName) -> Self { Self::HostName(hostname) } @@ -255,8 +257,8 @@ impl ServerNamePayload { #[derive(Clone, Debug)] pub struct ServerName { - pub typ: ServerNameType, - pub payload: ServerNamePayload, + pub(crate) typ: ServerNameType, + pub(crate) payload: ServerNamePayload, } impl Codec for ServerName { @@ -281,7 +283,7 @@ impl TlsListElement for ServerName { const SIZE_LEN: ListLength = ListLength::U16; } -pub trait ConvertServerNameList { +pub(crate) trait ConvertServerNameList { fn has_duplicate_names_for_type(&self) -> bool; fn get_single_hostname(&self) -> Option; } @@ -321,7 +323,7 @@ impl TlsListElement for ProtocolName { const SIZE_LEN: ListLength = ListLength::U16; } -pub trait ConvertProtocolNameList { +pub(crate) trait ConvertProtocolNameList { fn from_slices(names: &[&[u8]]) -> Self; fn to_slices(&self) -> Vec<&[u8]>; fn as_single_slice(&self) -> Option<&[u8]>; @@ -361,7 +363,7 @@ pub struct KeyShareEntry { } impl KeyShareEntry { - pub fn new(group: NamedGroup, payload: &[u8]) -> Self { + pub(crate) fn new(group: NamedGroup, payload: &[u8]) -> Self { Self { group, payload: PayloadU16::new(payload.to_vec()), @@ -385,13 +387,13 @@ impl Codec for KeyShareEntry { // --- TLS 1.3 PresharedKey offers --- #[derive(Clone, Debug)] -pub struct PresharedKeyIdentity { - pub identity: PayloadU16, - pub obfuscated_ticket_age: u32, +pub(crate) struct PresharedKeyIdentity { + pub(crate) identity: PayloadU16, + pub(crate) obfuscated_ticket_age: u32, } impl PresharedKeyIdentity { - pub fn new(id: Vec, age: u32) -> Self { + pub(crate) fn new(id: Vec, age: u32) -> Self { Self { identity: PayloadU16::new(id), obfuscated_ticket_age: age, @@ -417,7 +419,7 @@ impl TlsListElement for PresharedKeyIdentity { const SIZE_LEN: ListLength = ListLength::U16; } -wrapped_payload!(pub struct PresharedKeyBinder, PayloadU8,); +wrapped_payload!(pub(crate) struct PresharedKeyBinder, PayloadU8,); impl TlsListElement for PresharedKeyBinder { const SIZE_LEN: ListLength = ListLength::U16; @@ -425,13 +427,13 @@ impl TlsListElement for PresharedKeyBinder { #[derive(Clone, Debug)] pub struct PresharedKeyOffer { - pub identities: Vec, - pub binders: Vec, + pub(crate) identities: Vec, + pub(crate) binders: Vec, } impl PresharedKeyOffer { /// Make a new one with one entry. - pub fn new(id: PresharedKeyIdentity, binder: Vec) -> Self { + pub(crate) fn new(id: PresharedKeyIdentity, binder: Vec) -> Self { Self { identities: vec![id], binders: vec![PresharedKeyBinder::from(binder)], @@ -454,7 +456,7 @@ impl Codec for PresharedKeyOffer { } // --- RFC6066 certificate status request --- -wrapped_payload!(pub struct ResponderId, PayloadU16,); +wrapped_payload!(pub(crate) struct ResponderId, PayloadU16,); impl TlsListElement for ResponderId { const SIZE_LEN: ListLength = ListLength::U16; @@ -462,8 +464,8 @@ impl TlsListElement for ResponderId { #[derive(Clone, Debug)] pub struct OcspCertificateStatusRequest { - pub responder_ids: Vec, - pub extensions: PayloadU16, + pub(crate) responder_ids: Vec, + pub(crate) extensions: PayloadU16, } impl Codec for OcspCertificateStatusRequest { @@ -515,7 +517,7 @@ impl Codec for CertificateStatusRequest { } impl CertificateStatusRequest { - pub fn build_ocsp() -> Self { + pub(crate) fn build_ocsp() -> Self { let ocsp = OcspCertificateStatusRequest { responder_ids: Vec::new(), extensions: PayloadU16::empty(), @@ -560,7 +562,7 @@ pub enum ClientExtension { } impl ClientExtension { - pub fn get_type(&self) -> ExtensionType { + pub(crate) fn get_type(&self) -> ExtensionType { match *self { Self::EcPointFormats(_) => ExtensionType::ECPointFormats, Self::NamedGroups(_) => ExtensionType::EllipticCurves, @@ -672,7 +674,7 @@ fn trim_hostname_trailing_dot_for_sni(dns_name: DnsNameRef) -> DnsName { impl ClientExtension { /// Make a basic SNI ServerNameRequest quoting `hostname`. - pub fn make_sni(dns_name: DnsNameRef) -> Self { + pub(crate) fn make_sni(dns_name: DnsNameRef) -> Self { let name = ServerName { typ: ServerNameType::HostName, payload: ServerNamePayload::new_hostname(trim_hostname_trailing_dot_for_sni(dns_name)), @@ -707,7 +709,7 @@ pub enum ServerExtension { } impl ServerExtension { - pub fn get_type(&self) -> ExtensionType { + pub(crate) fn get_type(&self) -> ExtensionType { match *self { Self::EcPointFormats(_) => ExtensionType::ECPointFormats, Self::ServerNameAck => ExtensionType::ServerName, @@ -783,11 +785,11 @@ impl Codec for ServerExtension { } impl ServerExtension { - pub fn make_alpn(proto: &[&[u8]]) -> Self { + pub(crate) fn make_alpn(proto: &[&[u8]]) -> Self { Self::Protocols(Vec::from_slices(proto)) } - pub fn make_empty_renegotiation_info() -> Self { + pub(crate) fn make_empty_renegotiation_info() -> Self { let empty = Vec::new(); Self::RenegotiationInfo(PayloadU8::new(empty)) } @@ -853,7 +855,7 @@ impl TlsListElement for ClientExtension { impl ClientHelloPayload { /// Returns true if there is more than one extension of a given /// type. - pub fn has_duplicate_extension(&self) -> bool { + pub(crate) fn has_duplicate_extension(&self) -> bool { let mut seen = collections::HashSet::new(); for ext in &self.extensions { @@ -868,13 +870,13 @@ impl ClientHelloPayload { false } - pub fn find_extension(&self, ext: ExtensionType) -> Option<&ClientExtension> { + pub(crate) fn find_extension(&self, ext: ExtensionType) -> Option<&ClientExtension> { self.extensions .iter() .find(|x| x.get_type() == ext) } - pub fn get_sni_extension(&self) -> Option<&[ServerName]> { + pub(crate) fn get_sni_extension(&self) -> Option<&[ServerName]> { let ext = self.find_extension(ExtensionType::ServerName)?; match *ext { ClientExtension::ServerName(ref req) => Some(req), @@ -890,7 +892,7 @@ impl ClientHelloPayload { } } - pub fn get_namedgroups_extension(&self) -> Option<&[NamedGroup]> { + pub(crate) fn get_namedgroups_extension(&self) -> Option<&[NamedGroup]> { let ext = self.find_extension(ExtensionType::EllipticCurves)?; match *ext { ClientExtension::NamedGroups(ref req) => Some(req), @@ -898,7 +900,7 @@ impl ClientHelloPayload { } } - pub fn get_ecpoints_extension(&self) -> Option<&[ECPointFormat]> { + pub(crate) fn get_ecpoints_extension(&self) -> Option<&[ECPointFormat]> { let ext = self.find_extension(ExtensionType::ECPointFormats)?; match *ext { ClientExtension::EcPointFormats(ref req) => Some(req), @@ -906,7 +908,7 @@ impl ClientHelloPayload { } } - pub fn get_alpn_extension(&self) -> Option<&Vec> { + pub(crate) fn get_alpn_extension(&self) -> Option<&Vec> { let ext = self.find_extension(ExtensionType::ALProtocolNegotiation)?; match *ext { ClientExtension::Protocols(ref req) => Some(req), @@ -914,7 +916,7 @@ impl ClientHelloPayload { } } - pub fn get_quic_params_extension(&self) -> Option> { + pub(crate) fn get_quic_params_extension(&self) -> Option> { let ext = self .find_extension(ExtensionType::TransportParameters) .or_else(|| self.find_extension(ExtensionType::TransportParametersDraft))?; @@ -925,11 +927,11 @@ impl ClientHelloPayload { } } - pub fn get_ticket_extension(&self) -> Option<&ClientExtension> { + pub(crate) fn get_ticket_extension(&self) -> Option<&ClientExtension> { self.find_extension(ExtensionType::SessionTicket) } - pub fn get_versions_extension(&self) -> Option<&[ProtocolVersion]> { + pub(crate) fn get_versions_extension(&self) -> Option<&[ProtocolVersion]> { let ext = self.find_extension(ExtensionType::SupportedVersions)?; match *ext { ClientExtension::SupportedVersions(ref vers) => Some(vers), @@ -945,7 +947,7 @@ impl ClientHelloPayload { } } - pub fn has_keyshare_extension_with_duplicates(&self) -> bool { + pub(crate) fn has_keyshare_extension_with_duplicates(&self) -> bool { if let Some(entries) = self.get_keyshare_extension() { let mut seen = collections::HashSet::new(); @@ -961,7 +963,7 @@ impl ClientHelloPayload { false } - pub fn get_psk(&self) -> Option<&PresharedKeyOffer> { + pub(crate) fn get_psk(&self) -> Option<&PresharedKeyOffer> { let ext = self.find_extension(ExtensionType::PreSharedKey)?; match *ext { ClientExtension::PresharedKey(ref psk) => Some(psk), @@ -969,13 +971,13 @@ impl ClientHelloPayload { } } - pub fn check_psk_ext_is_last(&self) -> bool { + pub(crate) fn check_psk_ext_is_last(&self) -> bool { self.extensions .last() .map_or(false, |ext| ext.get_type() == ExtensionType::PreSharedKey) } - pub fn get_psk_modes(&self) -> Option<&[PSKKeyExchangeMode]> { + pub(crate) fn get_psk_modes(&self) -> Option<&[PSKKeyExchangeMode]> { let ext = self.find_extension(ExtensionType::PSKKeyExchangeModes)?; match *ext { ClientExtension::PresharedKeyModes(ref psk_modes) => Some(psk_modes), @@ -983,32 +985,32 @@ impl ClientHelloPayload { } } - pub fn psk_mode_offered(&self, mode: PSKKeyExchangeMode) -> bool { + pub(crate) fn psk_mode_offered(&self, mode: PSKKeyExchangeMode) -> bool { self.get_psk_modes() .map(|modes| modes.contains(&mode)) .unwrap_or(false) } - pub fn set_psk_binder(&mut self, binder: impl Into>) { + pub(crate) fn set_psk_binder(&mut self, binder: impl Into>) { let last_extension = self.extensions.last_mut(); if let Some(ClientExtension::PresharedKey(ref mut offer)) = last_extension { offer.binders[0] = PresharedKeyBinder::from(binder.into()); } } - pub fn ems_support_offered(&self) -> bool { + pub(crate) fn ems_support_offered(&self) -> bool { self.find_extension(ExtensionType::ExtendedMasterSecret) .is_some() } - pub fn early_data_extension_offered(&self) -> bool { + pub(crate) fn early_data_extension_offered(&self) -> bool { self.find_extension(ExtensionType::EarlyData) .is_some() } } #[derive(Debug)] -pub enum HelloRetryExtension { +pub(crate) enum HelloRetryExtension { KeyShare(NamedGroup), Cookie(PayloadU16), SupportedVersions(ProtocolVersion), @@ -1016,7 +1018,7 @@ pub enum HelloRetryExtension { } impl HelloRetryExtension { - pub fn get_type(&self) -> ExtensionType { + pub(crate) fn get_type(&self) -> ExtensionType { match *self { Self::KeyShare(_) => ExtensionType::KeyShare, Self::Cookie(_) => ExtensionType::Cookie, @@ -1064,10 +1066,10 @@ impl TlsListElement for HelloRetryExtension { #[derive(Debug)] pub struct HelloRetryRequest { - pub legacy_version: ProtocolVersion, + pub(crate) legacy_version: ProtocolVersion, pub session_id: SessionId, - pub cipher_suite: CipherSuite, - pub extensions: Vec, + pub(crate) cipher_suite: CipherSuite, + pub(crate) extensions: Vec, } impl Codec for HelloRetryRequest { @@ -1101,7 +1103,7 @@ impl Codec for HelloRetryRequest { impl HelloRetryRequest { /// Returns true if there is more than one extension of a given /// type. - pub fn has_duplicate_extension(&self) -> bool { + pub(crate) fn has_duplicate_extension(&self) -> bool { let mut seen = collections::HashSet::new(); for ext in &self.extensions { @@ -1116,7 +1118,7 @@ impl HelloRetryRequest { false } - pub fn has_unknown_extension(&self) -> bool { + pub(crate) fn has_unknown_extension(&self) -> bool { self.extensions.iter().any(|ext| { ext.get_type() != ExtensionType::KeyShare && ext.get_type() != ExtensionType::SupportedVersions @@ -1138,7 +1140,7 @@ impl HelloRetryRequest { } } - pub fn get_cookie(&self) -> Option<&PayloadU16> { + pub(crate) fn get_cookie(&self) -> Option<&PayloadU16> { let ext = self.find_extension(ExtensionType::Cookie)?; match *ext { HelloRetryExtension::Cookie(ref ck) => Some(ck), @@ -1146,7 +1148,7 @@ impl HelloRetryRequest { } } - pub fn get_supported_versions(&self) -> Option { + pub(crate) fn get_supported_versions(&self) -> Option { let ext = self.find_extension(ExtensionType::SupportedVersions)?; match *ext { HelloRetryExtension::SupportedVersions(ver) => Some(ver), @@ -1157,12 +1159,12 @@ impl HelloRetryRequest { #[derive(Debug)] pub struct ServerHelloPayload { - pub legacy_version: ProtocolVersion, - pub random: Random, - pub session_id: SessionId, - pub cipher_suite: CipherSuite, - pub compression_method: Compression, - pub extensions: Vec, + pub(crate) legacy_version: ProtocolVersion, + pub(crate) random: Random, + pub(crate) session_id: SessionId, + pub(crate) cipher_suite: CipherSuite, + pub(crate) compression_method: Compression, + pub(crate) extensions: Vec, } impl Codec for ServerHelloPayload { @@ -1212,7 +1214,7 @@ impl HasServerExtensions for ServerHelloPayload { } impl ServerHelloPayload { - pub fn get_key_share(&self) -> Option<&KeyShareEntry> { + pub(crate) fn get_key_share(&self) -> Option<&KeyShareEntry> { let ext = self.find_extension(ExtensionType::KeyShare)?; match *ext { ServerExtension::KeyShare(ref share) => Some(share), @@ -1220,7 +1222,7 @@ impl ServerHelloPayload { } } - pub fn get_psk_index(&self) -> Option { + pub(crate) fn get_psk_index(&self) -> Option { let ext = self.find_extension(ExtensionType::PreSharedKey)?; match *ext { ServerExtension::PresharedKey(ref index) => Some(*index), @@ -1228,7 +1230,7 @@ impl ServerHelloPayload { } } - pub fn get_ecpoints_extension(&self) -> Option<&[ECPointFormat]> { + pub(crate) fn get_ecpoints_extension(&self) -> Option<&[ECPointFormat]> { let ext = self.find_extension(ExtensionType::ECPointFormats)?; match *ext { ServerExtension::EcPointFormats(ref fmts) => Some(fmts), @@ -1236,12 +1238,12 @@ impl ServerHelloPayload { } } - pub fn ems_support_acked(&self) -> bool { + pub(crate) fn ems_support_acked(&self) -> bool { self.find_extension(ExtensionType::ExtendedMasterSecret) .is_some() } - pub fn get_supported_versions(&self) -> Option { + pub(crate) fn get_supported_versions(&self) -> Option { let ext = self.find_extension(ExtensionType::SupportedVersions)?; match *ext { ServerExtension::SupportedVersions(vers) => Some(vers), @@ -1250,7 +1252,7 @@ impl ServerHelloPayload { } } -pub type CertificatePayload = Vec>; +pub(crate) type CertificatePayload = Vec>; impl TlsListElement for CertificateDer<'_> { const SIZE_LEN: ListLength = ListLength::U24 { max: 0x1_0000 }; @@ -1261,20 +1263,20 @@ impl TlsListElement for CertificateDer<'_> { // context-free any more. #[derive(Debug)] -pub enum CertificateExtension { +pub(crate) enum CertificateExtension { CertificateStatus(CertificateStatus), Unknown(UnknownExtension), } impl CertificateExtension { - pub fn get_type(&self) -> ExtensionType { + pub(crate) fn get_type(&self) -> ExtensionType { match *self { Self::CertificateStatus(_) => ExtensionType::StatusRequest, Self::Unknown(ref r) => r.typ, } } - pub fn get_cert_status(&self) -> Option<&Vec> { + pub(crate) fn get_cert_status(&self) -> Option<&Vec> { match *self { Self::CertificateStatus(ref cs) => Some(&cs.ocsp_response.0), _ => None, @@ -1316,9 +1318,9 @@ impl TlsListElement for CertificateExtension { } #[derive(Debug)] -pub struct CertificateEntry { - pub cert: CertificateDer<'static>, - pub exts: Vec, +pub(crate) struct CertificateEntry { + pub(crate) cert: CertificateDer<'static>, + pub(crate) exts: Vec, } impl Codec for CertificateEntry { @@ -1336,14 +1338,14 @@ impl Codec for CertificateEntry { } impl CertificateEntry { - pub fn new(cert: CertificateDer<'static>) -> Self { + pub(crate) fn new(cert: CertificateDer<'static>) -> Self { Self { cert, exts: Vec::new(), } } - pub fn has_duplicate_extension(&self) -> bool { + pub(crate) fn has_duplicate_extension(&self) -> bool { let mut seen = collections::HashSet::new(); for ext in &self.exts { @@ -1358,13 +1360,13 @@ impl CertificateEntry { false } - pub fn has_unknown_extension(&self) -> bool { + pub(crate) fn has_unknown_extension(&self) -> bool { self.exts .iter() .any(|ext| ext.get_type() != ExtensionType::StatusRequest) } - pub fn get_ocsp_response(&self) -> Option<&Vec> { + pub(crate) fn get_ocsp_response(&self) -> Option<&Vec> { self.exts .iter() .find(|ext| ext.get_type() == ExtensionType::StatusRequest) @@ -1378,8 +1380,8 @@ impl TlsListElement for CertificateEntry { #[derive(Debug)] pub struct CertificatePayloadTls13 { - pub context: PayloadU8, - pub entries: Vec, + pub(crate) context: PayloadU8, + pub(crate) entries: Vec, } impl Codec for CertificatePayloadTls13 { @@ -1397,14 +1399,14 @@ impl Codec for CertificatePayloadTls13 { } impl CertificatePayloadTls13 { - pub fn new(entries: Vec) -> Self { + pub(crate) fn new(entries: Vec) -> Self { Self { context: PayloadU8::empty(), entries, } } - pub fn any_entry_has_duplicate_extension(&self) -> bool { + pub(crate) fn any_entry_has_duplicate_extension(&self) -> bool { for entry in &self.entries { if entry.has_duplicate_extension() { return true; @@ -1414,7 +1416,7 @@ impl CertificatePayloadTls13 { false } - pub fn any_entry_has_unknown_extension(&self) -> bool { + pub(crate) fn any_entry_has_unknown_extension(&self) -> bool { for entry in &self.entries { if entry.has_unknown_extension() { return true; @@ -1424,7 +1426,7 @@ impl CertificatePayloadTls13 { false } - pub fn any_entry_has_extension(&self) -> bool { + pub(crate) fn any_entry_has_extension(&self) -> bool { for entry in &self.entries { if !entry.exts.is_empty() { return true; @@ -1434,7 +1436,7 @@ impl CertificatePayloadTls13 { false } - pub fn get_end_entity_ocsp(&self) -> Vec { + pub(crate) fn get_end_entity_ocsp(&self) -> Vec { self.entries .first() .and_then(CertificateEntry::get_ocsp_response) @@ -1442,7 +1444,7 @@ impl CertificatePayloadTls13 { .unwrap_or_default() } - pub fn convert(&self) -> CertificatePayload { + pub(crate) fn convert(&self) -> CertificatePayload { let mut ret = Vec::new(); for entry in &self.entries { ret.push(entry.cert.clone()); @@ -1461,9 +1463,9 @@ pub enum KeyExchangeAlgorithm { // idea and unnecessary attack surface. Please, // get a grip. #[derive(Debug)] -pub struct EcParameters { - pub curve_type: ECCurveType, - pub named_group: NamedGroup, +pub(crate) struct EcParameters { + pub(crate) curve_type: ECCurveType, + pub(crate) named_group: NamedGroup, } impl Codec for EcParameters { @@ -1488,8 +1490,8 @@ impl Codec for EcParameters { } #[derive(Debug)] -pub struct ClientEcdhParams { - pub public: PayloadU8, +pub(crate) struct ClientEcdhParams { + pub(crate) public: PayloadU8, } impl Codec for ClientEcdhParams { @@ -1504,13 +1506,13 @@ impl Codec for ClientEcdhParams { } #[derive(Debug)] -pub struct ServerEcdhParams { - pub curve_params: EcParameters, - pub public: PayloadU8, +pub(crate) struct ServerEcdhParams { + pub(crate) curve_params: EcParameters, + pub(crate) public: PayloadU8, } impl ServerEcdhParams { - pub fn new(kx: &dyn ActiveKeyExchange) -> Self { + pub(crate) fn new(kx: &dyn ActiveKeyExchange) -> Self { Self { curve_params: EcParameters { curve_type: ECCurveType::NamedCurve, @@ -1540,8 +1542,8 @@ impl Codec for ServerEcdhParams { #[derive(Debug)] pub struct EcdheServerKeyExchange { - pub params: ServerEcdhParams, - pub dss: DigitallySignedStruct, + pub(crate) params: ServerEcdhParams, + pub(crate) dss: DigitallySignedStruct, } impl Codec for EcdheServerKeyExchange { @@ -1580,7 +1582,10 @@ impl Codec for ServerKeyExchangePayload { } impl ServerKeyExchangePayload { - pub fn unwrap_given_kxa(&self, kxa: KeyExchangeAlgorithm) -> Option { + pub(crate) fn unwrap_given_kxa( + &self, + kxa: KeyExchangeAlgorithm, + ) -> Option { if let Self::Unknown(ref unk) = *self { let mut rd = Reader::init(&unk.0); @@ -1603,7 +1608,7 @@ impl TlsListElement for ServerExtension { const SIZE_LEN: ListLength = ListLength::U16; } -pub trait HasServerExtensions { +pub(crate) trait HasServerExtensions { fn get_extensions(&self) -> &[ServerExtension]; /// Returns true if there is more than one extension of a given @@ -1690,7 +1695,7 @@ impl DistinguishedName { /// use x509_parser::prelude::FromDer; /// println!("{}", x509_parser::x509::X509Name::from_der(dn.as_ref())?.1); /// ``` - pub fn in_sequence(bytes: &[u8]) -> Self { + pub(crate) fn in_sequence(bytes: &[u8]) -> Self { let mut wrapped = bytes.to_owned(); x509::wrap_in_sequence(&mut wrapped); Self(PayloadU16::new(wrapped)) @@ -1703,9 +1708,9 @@ impl TlsListElement for DistinguishedName { #[derive(Debug)] pub struct CertificateRequestPayload { - pub certtypes: Vec, - pub sigschemes: Vec, - pub canames: Vec, + pub(crate) certtypes: Vec, + pub(crate) sigschemes: Vec, + pub(crate) canames: Vec, } impl Codec for CertificateRequestPayload { @@ -1734,14 +1739,14 @@ impl Codec for CertificateRequestPayload { } #[derive(Debug)] -pub enum CertReqExtension { +pub(crate) enum CertReqExtension { SignatureAlgorithms(Vec), AuthorityNames(Vec), Unknown(UnknownExtension), } impl CertReqExtension { - pub fn get_type(&self) -> ExtensionType { + pub(crate) fn get_type(&self) -> ExtensionType { match *self { Self::SignatureAlgorithms(_) => ExtensionType::SignatureAlgorithms, Self::AuthorityNames(_) => ExtensionType::CertificateAuthorities, @@ -1793,8 +1798,8 @@ impl TlsListElement for CertReqExtension { #[derive(Debug)] pub struct CertificateRequestPayloadTls13 { - pub context: PayloadU8, - pub extensions: Vec, + pub(crate) context: PayloadU8, + pub(crate) extensions: Vec, } impl Codec for CertificateRequestPayloadTls13 { @@ -1815,13 +1820,13 @@ impl Codec for CertificateRequestPayloadTls13 { } impl CertificateRequestPayloadTls13 { - pub fn find_extension(&self, ext: ExtensionType) -> Option<&CertReqExtension> { + pub(crate) fn find_extension(&self, ext: ExtensionType) -> Option<&CertReqExtension> { self.extensions .iter() .find(|x| x.get_type() == ext) } - pub fn get_sigalgs_extension(&self) -> Option<&[SignatureScheme]> { + pub(crate) fn get_sigalgs_extension(&self) -> Option<&[SignatureScheme]> { let ext = self.find_extension(ExtensionType::SignatureAlgorithms)?; match *ext { CertReqExtension::SignatureAlgorithms(ref sa) => Some(sa), @@ -1829,7 +1834,7 @@ impl CertificateRequestPayloadTls13 { } } - pub fn get_authorities_extension(&self) -> Option<&[DistinguishedName]> { + pub(crate) fn get_authorities_extension(&self) -> Option<&[DistinguishedName]> { let ext = self.find_extension(ExtensionType::CertificateAuthorities)?; match *ext { CertReqExtension::AuthorityNames(ref an) => Some(an), @@ -1841,12 +1846,12 @@ impl CertificateRequestPayloadTls13 { // -- NewSessionTicket -- #[derive(Debug)] pub struct NewSessionTicketPayload { - pub lifetime_hint: u32, - pub ticket: PayloadU16, + pub(crate) lifetime_hint: u32, + pub(crate) ticket: PayloadU16, } impl NewSessionTicketPayload { - pub fn new(lifetime_hint: u32, ticket: Vec) -> Self { + pub(crate) fn new(lifetime_hint: u32, ticket: Vec) -> Self { Self { lifetime_hint, ticket: PayloadU16::new(ticket), @@ -1873,13 +1878,13 @@ impl Codec for NewSessionTicketPayload { // -- NewSessionTicket electric boogaloo -- #[derive(Debug)] -pub enum NewSessionTicketExtension { +pub(crate) enum NewSessionTicketExtension { EarlyData(u32), Unknown(UnknownExtension), } impl NewSessionTicketExtension { - pub fn get_type(&self) -> ExtensionType { + pub(crate) fn get_type(&self) -> ExtensionType { match *self { Self::EarlyData(_) => ExtensionType::EarlyData, Self::Unknown(ref r) => r.typ, @@ -1919,15 +1924,15 @@ impl TlsListElement for NewSessionTicketExtension { #[derive(Debug)] pub struct NewSessionTicketPayloadTls13 { - pub lifetime: u32, - pub age_add: u32, - pub nonce: PayloadU8, - pub ticket: PayloadU16, - pub exts: Vec, + pub(crate) lifetime: u32, + pub(crate) age_add: u32, + pub(crate) nonce: PayloadU8, + pub(crate) ticket: PayloadU16, + pub(crate) exts: Vec, } impl NewSessionTicketPayloadTls13 { - pub fn new(lifetime: u32, age_add: u32, nonce: Vec, ticket: Vec) -> Self { + pub(crate) fn new(lifetime: u32, age_add: u32, nonce: Vec, ticket: Vec) -> Self { Self { lifetime, age_add, @@ -1937,7 +1942,7 @@ impl NewSessionTicketPayloadTls13 { } } - pub fn has_duplicate_extension(&self) -> bool { + pub(crate) fn has_duplicate_extension(&self) -> bool { let mut seen = collections::HashSet::new(); for ext in &self.exts { @@ -1952,13 +1957,13 @@ impl NewSessionTicketPayloadTls13 { false } - pub fn find_extension(&self, ext: ExtensionType) -> Option<&NewSessionTicketExtension> { + pub(crate) fn find_extension(&self, ext: ExtensionType) -> Option<&NewSessionTicketExtension> { self.exts .iter() .find(|x| x.get_type() == ext) } - pub fn get_max_early_data_size(&self) -> Option { + pub(crate) fn get_max_early_data_size(&self) -> Option { let ext = self.find_extension(ExtensionType::EarlyData)?; match *ext { NewSessionTicketExtension::EarlyData(ref sz) => Some(*sz), @@ -1998,7 +2003,7 @@ impl Codec for NewSessionTicketPayloadTls13 { /// Only supports OCSP #[derive(Debug)] pub struct CertificateStatus { - pub ocsp_response: PayloadU24, + pub(crate) ocsp_response: PayloadU24, } impl Codec for CertificateStatus { @@ -2020,13 +2025,13 @@ impl Codec for CertificateStatus { } impl CertificateStatus { - pub fn new(ocsp: Vec) -> Self { + pub(crate) fn new(ocsp: Vec) -> Self { Self { ocsp_response: PayloadU24::new(ocsp), } } - pub fn into_inner(self) -> Vec { + pub(crate) fn into_inner(self) -> Vec { self.ocsp_response.0 } } @@ -2108,7 +2113,10 @@ impl Codec for HandshakeMessagePayload { } impl HandshakeMessagePayload { - pub fn read_version(r: &mut Reader, vers: ProtocolVersion) -> Result { + pub(crate) fn read_version( + r: &mut Reader, + vers: ProtocolVersion, + ) -> Result { let mut typ = HandshakeType::read(r)?; let len = codec::u24::read(r)?.0 as usize; let mut sub = r.sub(len)?; @@ -2200,14 +2208,14 @@ impl HandshakeMessagePayload { .map(|_| Self { typ, payload }) } - pub fn build_key_update_notify() -> Self { + pub(crate) fn build_key_update_notify() -> Self { Self { typ: HandshakeType::KeyUpdate, payload: HandshakePayload::KeyUpdate(KeyUpdateRequest::UpdateNotRequested), } } - pub fn get_encoding_for_binder_signing(&self) -> Vec { + pub(crate) fn get_encoding_for_binder_signing(&self) -> Vec { let mut ret = self.get_encoding(); let binder_len = match self.payload { @@ -2229,7 +2237,7 @@ impl HandshakeMessagePayload { ret } - pub fn build_handshake_hash(hash: &[u8]) -> Self { + pub(crate) fn build_handshake_hash(hash: &[u8]) -> Self { Self { typ: HandshakeType::MessageHash, payload: HandshakePayload::MessageHash(Payload::new(hash.to_vec())), diff --git a/rustls/src/msgs/mod.rs b/rustls/src/msgs/mod.rs index 8f1ce123c6..6f918223f9 100644 --- a/rustls/src/msgs/mod.rs +++ b/rustls/src/msgs/mod.rs @@ -4,16 +4,16 @@ #[macro_use] mod macros; -pub mod alert; -pub mod base; -pub mod ccs; -pub mod codec; -pub mod deframer; -pub mod enums; -pub mod fragmenter; -pub mod handshake; -pub mod message; -pub mod persist; +pub(crate) mod alert; +pub(crate) mod base; +pub(crate) mod ccs; +pub(crate) mod codec; +pub(crate) mod deframer; +pub(crate) mod enums; +pub(crate) mod fragmenter; +pub(crate) mod handshake; +pub(crate) mod message; +pub(crate) mod persist; #[cfg(test)] mod handshake_test; diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index 5acf5f1b5b..a6f205af80 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -16,20 +16,20 @@ use core::cmp; #[cfg(feature = "tls12")] use core::mem; -pub struct Retrieved { - pub value: T, +pub(crate) struct Retrieved { + pub(crate) value: T, retrieved_at: UnixTime, } impl Retrieved { - pub fn new(value: T, retrieved_at: UnixTime) -> Self { + pub(crate) fn new(value: T, retrieved_at: UnixTime) -> Self { Self { value, retrieved_at, } } - pub fn map(&self, f: impl FnOnce(&T) -> Option<&M>) -> Option> { + pub(crate) fn map(&self, f: impl FnOnce(&T) -> Option<&M>) -> Option> { Some(Retrieved { value: f(&self.value)?, retrieved_at: self.retrieved_at, @@ -38,7 +38,7 @@ impl Retrieved { } impl Retrieved<&Tls13ClientSessionValue> { - pub fn obfuscated_ticket_age(&self) -> u32 { + pub(crate) fn obfuscated_ticket_age(&self) -> u32 { let age_secs = self .retrieved_at .as_secs() @@ -49,7 +49,7 @@ impl Retrieved<&Tls13ClientSessionValue> { } impl> Retrieved { - pub fn has_expired(&self) -> bool { + pub(crate) fn has_expired(&self) -> bool { let common = &*self.value; common.lifetime_secs != 0 && common @@ -252,20 +252,20 @@ static MAX_TICKET_LIFETIME: u32 = 7 * 24 * 60 * 60; static MAX_FRESHNESS_SKEW_MS: u32 = 60 * 1000; // --- Server types --- -pub type ServerSessionKey = SessionId; +pub(crate) type ServerSessionKey = SessionId; #[derive(Debug)] pub struct ServerSessionValue { - pub sni: Option, - pub version: ProtocolVersion, - pub cipher_suite: CipherSuite, - pub master_secret: PayloadU8, - pub extended_ms: bool, - pub client_cert_chain: Option, - pub alpn: Option, - pub application_data: PayloadU16, + pub(crate) sni: Option, + pub(crate) version: ProtocolVersion, + pub(crate) cipher_suite: CipherSuite, + pub(crate) master_secret: PayloadU8, + pub(crate) extended_ms: bool, + pub(crate) client_cert_chain: Option, + pub(crate) alpn: Option, + pub(crate) application_data: PayloadU16, pub creation_time_sec: u64, - pub age_obfuscation_offset: u32, + pub(crate) age_obfuscation_offset: u32, freshness: Option, } @@ -351,7 +351,7 @@ impl Codec for ServerSessionValue { } impl ServerSessionValue { - pub fn new( + pub(crate) fn new( sni: Option<&DnsName>, v: ProtocolVersion, cs: CipherSuite, @@ -377,11 +377,15 @@ impl ServerSessionValue { } } - pub fn set_extended_ms_used(&mut self) { + pub(crate) fn set_extended_ms_used(&mut self) { self.extended_ms = true; } - pub fn set_freshness(mut self, obfuscated_client_age_ms: u32, time_now: UnixTime) -> Self { + pub(crate) fn set_freshness( + mut self, + obfuscated_client_age_ms: u32, + time_now: UnixTime, + ) -> Self { let client_age_ms = obfuscated_client_age_ms.wrapping_sub(self.age_obfuscation_offset); let server_age_ms = (time_now .as_secs() @@ -398,7 +402,7 @@ impl ServerSessionValue { self } - pub fn is_fresh(&self) -> bool { + pub(crate) fn is_fresh(&self) -> bool { self.freshness.unwrap_or_default() } } diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index 694e85d328..8532e11249 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -224,11 +224,11 @@ impl RecordLayer { /// Result of decryption. #[derive(Debug)] -pub struct Decrypted { +pub(crate) struct Decrypted { /// Whether the peer appears to be getting close to encrypting too many messages with this key. - pub want_close_before_decrypt: bool, + pub(crate) want_close_before_decrypt: bool, /// The decrypted message. - pub plaintext: PlainMessage, + pub(crate) plaintext: PlainMessage, } #[cfg(test)] diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 5ec1d5df3b..206f749cdc 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -16,7 +16,8 @@ use rustls::crypto::ring::ALL_CIPHER_SUITES; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; -use rustls::internal::msgs::message::PlainMessage; +use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; +use rustls::internal::msgs::message::{Message, MessagePayload, PlainMessage}; use rustls::server::{ClientHello, ResolvesServerCert, WebPkiClientVerifier}; use rustls::ConnectionTrafficSecrets; use rustls::SupportedCipherSuite; @@ -4506,11 +4507,6 @@ fn connection_types_are_not_huge() { assert_lt(mem::size_of::(), 1600); } -use rustls::internal::msgs::{ - handshake::ClientExtension, handshake::HandshakePayload, message::Message, - message::MessagePayload, -}; - #[test] fn test_server_rejects_duplicate_sni_names() { fn duplicate_sni_payload(msg: &mut Message) -> Altered { From 3659b6119333b3edff59bcf6e5a8465ea22b5618 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 18 Oct 2023 15:16:28 +0100 Subject: [PATCH 0277/1145] KeyShareEntry: tighten up use in tests - swap `PayloadU16` for `KeyShareEntry::new` - swap public members for accessor fn --- rustls/src/lib.rs | 2 +- rustls/src/msgs/handshake.rs | 10 +++++++--- rustls/tests/api.rs | 20 +++++++++----------- 3 files changed, 17 insertions(+), 15 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 6bc8376813..e15d882d6b 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -372,7 +372,7 @@ pub mod internal { /// Low-level TLS message parsing and encoding functions. pub mod msgs { pub mod base { - pub use crate::msgs::base::{Payload, PayloadU16}; + pub use crate::msgs::base::Payload; } pub mod codec { pub use crate::msgs::codec::{Codec, Reader}; diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 7ba787984b..2e21dd5e58 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -358,17 +358,21 @@ impl ConvertProtocolNameList for Vec { // --- TLS 1.3 Key shares --- #[derive(Clone, Debug)] pub struct KeyShareEntry { - pub group: NamedGroup, - pub payload: PayloadU16, + pub(crate) group: NamedGroup, + pub(crate) payload: PayloadU16, } impl KeyShareEntry { - pub(crate) fn new(group: NamedGroup, payload: &[u8]) -> Self { + pub fn new(group: NamedGroup, payload: &[u8]) -> Self { Self { group, payload: PayloadU16::new(payload.to_vec()), } } + + pub fn group(&self) -> NamedGroup { + self.group + } } impl Codec for KeyShareEntry { diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 206f749cdc..6a9590b484 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3718,7 +3718,6 @@ mod test_quic { .unwrap(); use rustls::crypto::ring::RING; - use rustls::internal::msgs::base::PayloadU16; use rustls::internal::msgs::enums::{Compression, NamedGroup}; use rustls::internal::msgs::handshake::{ ClientHelloPayload, HandshakeMessagePayload, KeyShareEntry, Random, SessionId, @@ -3747,10 +3746,10 @@ mod test_quic { ClientExtension::SupportedVersions(vec![ProtocolVersion::TLSv1_3]), ClientExtension::NamedGroups(vec![NamedGroup::X25519]), ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ED25519]), - ClientExtension::KeyShare(vec![KeyShareEntry { - group: NamedGroup::X25519, - payload: PayloadU16::new(kx.as_ref().to_vec()), - }]), + ClientExtension::KeyShare(vec![KeyShareEntry::new( + NamedGroup::X25519, + kx.as_ref(), + )]), ], }), }); @@ -3773,7 +3772,6 @@ mod test_quic { let server_config = Arc::new(server_config); use rustls::crypto::ring::RING; - use rustls::internal::msgs::base::PayloadU16; use rustls::internal::msgs::enums::{Compression, NamedGroup}; use rustls::internal::msgs::handshake::{ ClientHelloPayload, HandshakeMessagePayload, KeyShareEntry, Random, SessionId, @@ -3808,10 +3806,10 @@ mod test_quic { extensions: vec![ ClientExtension::NamedGroups(vec![NamedGroup::X25519]), ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ED25519]), - ClientExtension::KeyShare(vec![KeyShareEntry { - group: NamedGroup::X25519, - payload: PayloadU16::new(kx.as_ref().to_vec()), - }]), + ClientExtension::KeyShare(vec![KeyShareEntry::new( + NamedGroup::X25519, + kx.as_ref(), + )]), ], }), }); @@ -4218,7 +4216,7 @@ fn test_client_rejects_hrr_with_varied_session_id() { .get_keyshare_extension() .expect("missing key share extension"); assert_eq!(keyshares.len(), 1); - assert_eq!(keyshares[0].group, rustls::NamedGroup::secp384r1); + assert_eq!(keyshares[0].group(), rustls::NamedGroup::secp384r1); ch.session_id = different_session_id; *encoded = Payload::new(parsed.get_encoding()); From fed717ef62c37b92fa2f97fe67aa4d7b7853434e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 18 Oct 2023 15:18:47 +0100 Subject: [PATCH 0278/1145] Delete unused PayloadU8::into_inner --- rustls/src/msgs/base.rs | 4 ---- 1 file changed, 4 deletions(-) diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index ce4b51289d..dd6d47f730 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -135,10 +135,6 @@ impl PayloadU8 { pub(crate) fn empty() -> Self { Self(Vec::new()) } - - pub(crate) fn into_inner(self) -> Vec { - self.0 - } } impl Codec for PayloadU8 { From 795bf59b59c31f819391d1c2ebc914834ea2be68 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 18 Oct 2023 15:19:24 +0100 Subject: [PATCH 0279/1145] Delete unused DeframerError --- rustls/src/msgs/deframer.rs | 5 ----- 1 file changed, 5 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 9c9f451050..8db153fd0c 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -438,11 +438,6 @@ pub struct Deframed { pub message: PlainMessage, } -#[derive(Debug)] -pub(crate) enum DeframerError { - HandshakePayloadSizeTooLarge, -} - const HEADER_SIZE: usize = 1 + 3; /// TLS allows for handshake messages of up to 16MB. We From bff5d4e775532b0d26dc7835f6d99c47582bd0ef Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 18 Oct 2023 15:21:01 +0100 Subject: [PATCH 0280/1145] Delete unused ServerSessionKey type alias --- rustls/src/msgs/persist.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index a6f205af80..bb48b44fa5 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -252,8 +252,6 @@ static MAX_TICKET_LIFETIME: u32 = 7 * 24 * 60 * 60; static MAX_FRESHNESS_SKEW_MS: u32 = 60 * 1000; // --- Server types --- -pub(crate) type ServerSessionKey = SessionId; - #[derive(Debug)] pub struct ServerSessionValue { pub(crate) sni: Option, From 740389086a37f4b01e5052a68642217c20835140 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 18 Oct 2023 15:47:20 +0100 Subject: [PATCH 0281/1145] Remove unused SessionId::len --- rustls/src/msgs/handshake.rs | 4 ---- rustls/src/msgs/handshake_test.rs | 2 -- 2 files changed, 6 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 2e21dd5e58..e4bdeac040 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -180,10 +180,6 @@ impl SessionId { } } - pub(crate) fn len(&self) -> usize { - self.len - } - pub(crate) fn is_empty(&self) -> bool { self.len == 0 } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index cb08182ca2..07a55df8d4 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -75,7 +75,6 @@ fn accepts_short_sessionid() { println!("{:?}", sess); assert!(!sess.is_empty()); - assert_eq!(sess.len(), 1); assert!(!rd.any_left()); } @@ -87,7 +86,6 @@ fn accepts_empty_sessionid() { println!("{:?}", sess); assert!(sess.is_empty()); - assert_eq!(sess.len(), 0); assert!(!rd.any_left()); } From 49f93d098fd35b405184b615ff89875419242efb Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 18 Oct 2023 15:46:10 +0100 Subject: [PATCH 0282/1145] Feature gate ClientHelloPayload::get_quic_params_extension --- rustls/src/msgs/handshake.rs | 1 + rustls/src/msgs/handshake_test.rs | 1 + 2 files changed, 2 insertions(+) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index e4bdeac040..d99a48c10c 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -916,6 +916,7 @@ impl ClientHelloPayload { } } + #[cfg(feature = "quic")] pub(crate) fn get_quic_params_extension(&self) -> Option> { let ext = self .find_extension(ExtensionType::TransportParameters) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 07a55df8d4..23a3f7485f 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -534,6 +534,7 @@ fn client_get_alpn_extension() { }); } +#[cfg(feature = "quic")] #[test] fn client_get_quic_params_extension() { test_client_extension_getter(ExtensionType::TransportParameters, |chp| { From 1893f2460c8770b9ddef38d57df79140f095d35c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 18 Oct 2023 15:56:01 +0100 Subject: [PATCH 0283/1145] Enums generated by enum_builder may have unused `as_str` --- rustls/src/msgs/macros.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/src/msgs/macros.rs b/rustls/src/msgs/macros.rs index 3e797930ec..d2a4300bb3 100644 --- a/rustls/src/msgs/macros.rs +++ b/rustls/src/msgs/macros.rs @@ -67,6 +67,7 @@ macro_rules! enum_builder { } } + #[allow(dead_code)] // generated irrespective if there are callers $enum_vis fn as_str(&self) -> Option<&'static str> { match self { $( $enum_name::$enum_var => Some(stringify!($enum_var))),* From 7b456d9dfa29dc41c70c6ee32ebeb5c1bbc111ee Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 19 Oct 2023 10:24:36 +0100 Subject: [PATCH 0284/1145] Delete single caller Random::write_slice --- rustls/src/client/tls12.rs | 6 +++--- rustls/src/msgs/handshake.rs | 5 ----- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index c9067b4538..6110a535fa 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -62,9 +62,9 @@ mod server_hello { server_hello: &ServerHelloPayload, tls13_supported: bool, ) -> hs::NextStateOrError { - server_hello - .random - .write_slice(&mut self.randoms.server); + self.randoms + .server + .clone_from_slice(&server_hello.random.0[..]); // Look for TLS1.3 downgrade signal in server random // both the server random and TLS12_DOWNGRADE_SENTINEL are diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index d99a48c10c..da8d604eb0 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -101,11 +101,6 @@ impl Random { provider.fill_random(&mut data)?; Ok(Self(data)) } - - pub(crate) fn write_slice(&self, bytes: &mut [u8]) { - let buf = self.get_encoding(); - bytes.copy_from_slice(&buf); - } } impl From<[u8; 32]> for Random { From 1fbb608a7a0b19441dbc08fb1617d64255667edb Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 19 Oct 2023 11:27:06 +0100 Subject: [PATCH 0285/1145] Chase through cfg(feature = "tls12") gates --- rustls/src/msgs/handshake.rs | 14 +++++++++++++- rustls/src/msgs/handshake_test.rs | 5 +++++ rustls/src/msgs/persist.rs | 2 ++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index da8d604eb0..8124e82e7b 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1,6 +1,8 @@ #![allow(non_camel_case_types)] -use crate::crypto::{ActiveKeyExchange, CryptoProvider}; +#[cfg(feature = "tls12")] +use crate::crypto::ActiveKeyExchange; +use crate::crypto::CryptoProvider; use crate::dns_name::{DnsName, DnsNameRef}; use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; use crate::error::InvalidMessage; @@ -175,6 +177,7 @@ impl SessionId { } } + #[cfg(feature = "tls12")] pub(crate) fn is_empty(&self) -> bool { self.len == 0 } @@ -784,6 +787,7 @@ impl ServerExtension { Self::Protocols(Vec::from_slices(proto)) } + #[cfg(feature = "tls12")] pub(crate) fn make_empty_renegotiation_info() -> Self { let empty = Vec::new(); Self::RenegotiationInfo(PayloadU8::new(empty)) @@ -895,6 +899,7 @@ impl ClientHelloPayload { } } + #[cfg(feature = "tls12")] pub(crate) fn get_ecpoints_extension(&self) -> Option<&[ECPointFormat]> { let ext = self.find_extension(ExtensionType::ECPointFormats)?; match *ext { @@ -923,6 +928,7 @@ impl ClientHelloPayload { } } + #[cfg(feature = "tls12")] pub(crate) fn get_ticket_extension(&self) -> Option<&ClientExtension> { self.find_extension(ExtensionType::SessionTicket) } @@ -994,6 +1000,7 @@ impl ClientHelloPayload { } } + #[cfg(feature = "tls12")] pub(crate) fn ems_support_offered(&self) -> bool { self.find_extension(ExtensionType::ExtendedMasterSecret) .is_some() @@ -1234,6 +1241,7 @@ impl ServerHelloPayload { } } + #[cfg(feature = "tls12")] pub(crate) fn ems_support_acked(&self) -> bool { self.find_extension(ExtensionType::ExtendedMasterSecret) .is_some() @@ -1508,6 +1516,7 @@ pub(crate) struct ServerEcdhParams { } impl ServerEcdhParams { + #[cfg(feature = "tls12")] pub(crate) fn new(kx: &dyn ActiveKeyExchange) -> Self { Self { curve_params: EcParameters { @@ -1578,6 +1587,7 @@ impl Codec for ServerKeyExchangePayload { } impl ServerKeyExchangePayload { + #[cfg(feature = "tls12")] pub(crate) fn unwrap_given_kxa( &self, kxa: KeyExchangeAlgorithm, @@ -1847,6 +1857,7 @@ pub struct NewSessionTicketPayload { } impl NewSessionTicketPayload { + #[cfg(feature = "tls12")] pub(crate) fn new(lifetime_hint: u32, ticket: Vec) -> Self { Self { lifetime_hint, @@ -2027,6 +2038,7 @@ impl CertificateStatus { } } + #[cfg(feature = "tls12")] pub(crate) fn into_inner(self) -> Vec { self.ocsp_response.0 } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 23a3f7485f..928c06850e 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -74,7 +74,9 @@ fn accepts_short_sessionid() { let sess = SessionId::read(&mut rd).unwrap(); println!("{:?}", sess); + #[cfg(feature = "tls12")] assert!(!sess.is_empty()); + assert_ne!(sess, SessionId::empty()); assert!(!rd.any_left()); } @@ -85,7 +87,9 @@ fn accepts_empty_sessionid() { let sess = SessionId::read(&mut rd).unwrap(); println!("{:?}", sess); + #[cfg(feature = "tls12")] assert!(sess.is_empty()); + assert_eq!(sess, SessionId::empty()); assert!(!rd.any_left()); } @@ -520,6 +524,7 @@ fn client_get_namedgroups_extension() { }); } +#[cfg(feature = "tls12")] #[test] fn client_get_ecpoints_extension() { test_client_extension_getter(ExtensionType::ECPointFormats, |chp| { diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index bb48b44fa5..bc6907bba0 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -4,6 +4,7 @@ use crate::error::InvalidMessage; use crate::msgs::base::{PayloadU16, PayloadU8}; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::CertificatePayload; +#[cfg(feature = "tls12")] use crate::msgs::handshake::SessionId; #[cfg(feature = "tls12")] use crate::tls12::Tls12CipherSuite; @@ -375,6 +376,7 @@ impl ServerSessionValue { } } + #[cfg(feature = "tls12")] pub(crate) fn set_extended_ms_used(&mut self) { self.extended_ms = true; } From b515abfcb31bbc9d32a2c5955e8927497d93212e Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Thu, 21 Sep 2023 14:15:17 +0100 Subject: [PATCH 0286/1145] `AeadKey`: zeroize on drop --- Cargo.lock | 1 + fuzz/Cargo.lock | 7 +++++++ rustls/Cargo.toml | 1 + rustls/src/crypto/cipher.rs | 8 ++++++++ 4 files changed, 17 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index 72a94538b6..d8512fbfda 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -859,6 +859,7 @@ dependencies = [ "rustversion", "subtle", "webpki-roots", + "zeroize", ] [[package]] diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index cb216a7f4c..ee9c17bc68 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -78,6 +78,7 @@ dependencies = [ "rustls-pki-types", "rustls-webpki", "subtle", + "zeroize", ] [[package]] @@ -194,3 +195,9 @@ name = "windows_x86_64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" + +[[package]] +name = "zeroize" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index bdb77d9613..b589c7794b 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -21,6 +21,7 @@ ring = { version = "0.17", optional = true } subtle = "2.5.0" webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.4", features = ["alloc", "std"], default-features = false } pki-types = { package = "rustls-pki-types", version = "0.2.1", features = ["std"] } +zeroize = "1.6.0" [features] default = ["logging", "ring", "tls12"] diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 311a08002c..9491c74dac 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -9,6 +9,8 @@ use crate::msgs::codec; pub use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; use crate::suites::ConnectionTrafficSecrets; +use zeroize::Zeroize; + /// Factory trait for building `MessageEncrypter` and `MessageDecrypter` for a TLS1.3 cipher suite. pub trait Tls13AeadAlgorithm: Send + Sync { /// Build a `MessageEncrypter` for the given key/iv. @@ -270,6 +272,12 @@ impl AeadKey { pub(crate) const MAX_LEN: usize = 32; } +impl Drop for AeadKey { + fn drop(&mut self) { + self.buf.zeroize(); + } +} + impl AsRef<[u8]> for AeadKey { fn as_ref(&self) -> &[u8] { &self.buf[..self.used] From 071c580d5cf30c3dfe2301f15198deac351626b3 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Thu, 21 Sep 2023 14:16:21 +0100 Subject: [PATCH 0287/1145] `SharedSecret`: zeroize on drop --- rustls/src/crypto/mod.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 461e6b0ddb..cf67cd1ec1 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -5,6 +5,8 @@ use alloc::boxed::Box; use alloc::vec::Vec; use core::fmt::Debug; +use zeroize::Zeroize; + /// *ring* based CryptoProvider. #[cfg(feature = "ring")] pub mod ring; @@ -84,6 +86,12 @@ impl SharedSecret { } } +impl Drop for SharedSecret { + fn drop(&mut self) { + self.0.zeroize(); + } +} + impl From<&[u8]> for SharedSecret { fn from(source: &[u8]) -> Self { Self(source.to_vec()) From ae1418db6d8be17c3678afe4e82048518b009866 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Thu, 21 Sep 2023 14:21:55 +0100 Subject: [PATCH 0288/1145] `hmac::Tag`: zeroize on drop This is not always a secret quantity, but treating it as such covers zeroisation on `OkmBlock`, and hence tls13::key_schedule. It also covers some intermediate values in hkdf computations. --- rustls/src/crypto/hmac.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/rustls/src/crypto/hmac.rs b/rustls/src/crypto/hmac.rs index d1ccee1531..16cca43aa7 100644 --- a/rustls/src/crypto/hmac.rs +++ b/rustls/src/crypto/hmac.rs @@ -1,5 +1,7 @@ use alloc::boxed::Box; +use zeroize::Zeroize; + /// A concrete HMAC implementation, for a single cryptographic hash function. /// /// You should have one object that implements this trait for HMAC-SHA256, another @@ -36,6 +38,12 @@ impl Tag { pub const MAX_LEN: usize = 64; } +impl Drop for Tag { + fn drop(&mut self) { + self.buf.zeroize(); + } +} + impl AsRef<[u8]> for Tag { fn as_ref(&self) -> &[u8] { &self.buf[..self.used] From 78c66d369e3ebae245f094e9be60d699698f9a5c Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Thu, 21 Sep 2023 14:35:53 +0100 Subject: [PATCH 0289/1145] `tls12::ConnectionSecrets`: zeroize on drop --- rustls/src/tls12/mod.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 8d9cb5e12f..4f580c3d5e 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -14,6 +14,8 @@ use alloc::vec; use alloc::vec::Vec; use core::fmt; +use zeroize::Zeroize; + mod prf; /// A TLS 1.2 cipher suite supported by rustls. @@ -275,6 +277,12 @@ impl ConnectionSecrets { } } +impl Drop for ConnectionSecrets { + fn drop(&mut self) { + self.master_secret.zeroize(); + } +} + enum Seed { Ems(hash::Output), Randoms([u8; 64]), From e5d8ee81e7dbb6b4c08b5425eeee473fef3ae0d4 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Thu, 21 Sep 2023 15:05:47 +0100 Subject: [PATCH 0290/1145] `PayloadU8`: impl Zeroize So we can wrap it in `zeroize::Zeroizing` --- rustls/src/msgs/base.rs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index dd6d47f730..4339bbd914 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -6,6 +6,7 @@ use alloc::vec::Vec; use core::fmt; use pki_types::CertificateDer; +use zeroize::Zeroize; /// An externally length'd payload #[derive(Clone, Eq, PartialEq)] @@ -151,6 +152,12 @@ impl Codec for PayloadU8 { } } +impl Zeroize for PayloadU8 { + fn zeroize(&mut self) { + self.0.zeroize(); + } +} + impl fmt::Debug for PayloadU8 { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { hex(f, &self.0) From 1cf347f10ae0f80a4b4707d4d4b83c2c05938f3c Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Thu, 21 Sep 2023 14:39:39 +0100 Subject: [PATCH 0291/1145] `ClientSessionCommon::master_secret`: zeroize on drop --- rustls/src/msgs/persist.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index bc6907bba0..7824ec63c1 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -11,6 +11,7 @@ use crate::tls12::Tls12CipherSuite; use crate::tls13::Tls13CipherSuite; use pki_types::{CertificateDer, UnixTime}; +use zeroize::Zeroizing; use alloc::vec::Vec; use core::cmp; @@ -208,7 +209,7 @@ impl core::ops::Deref for Tls12ClientSessionValue { #[derive(Debug, Clone)] pub struct ClientSessionCommon { ticket: PayloadU16, - secret: PayloadU8, + secret: Zeroizing, epoch: u64, lifetime_secs: u32, server_cert_chain: CertificatePayload, @@ -224,7 +225,7 @@ impl ClientSessionCommon { ) -> Self { Self { ticket: PayloadU16(ticket), - secret: PayloadU8(secret), + secret: Zeroizing::new(PayloadU8(secret)), epoch: time_now.as_secs(), lifetime_secs: cmp::min(lifetime_secs, MAX_TICKET_LIFETIME), server_cert_chain, From 05bd01882414c32916190c34f61dcf0c6bd37634 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Thu, 21 Sep 2023 15:06:07 +0100 Subject: [PATCH 0292/1145] `ServerSessionValue::master_secret` zeroize on drop --- rustls/src/msgs/persist.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index 7824ec63c1..1dc6f4b149 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -259,7 +259,7 @@ pub struct ServerSessionValue { pub(crate) sni: Option, pub(crate) version: ProtocolVersion, pub(crate) cipher_suite: CipherSuite, - pub(crate) master_secret: PayloadU8, + pub(crate) master_secret: Zeroizing, pub(crate) extended_ms: bool, pub(crate) client_cert_chain: Option, pub(crate) alpn: Option, @@ -316,7 +316,7 @@ impl Codec for ServerSessionValue { let v = ProtocolVersion::read(r)?; let cs = CipherSuite::read(r)?; - let ms = PayloadU8::read(r)?; + let ms = Zeroizing::new(PayloadU8::read(r)?); let ems = u8::read(r)?; let has_ccert = u8::read(r)? == 1; let ccert = if has_ccert { @@ -366,7 +366,7 @@ impl ServerSessionValue { sni: sni.cloned(), version: v, cipher_suite: cs, - master_secret: PayloadU8::new(ms), + master_secret: Zeroizing::new(PayloadU8::new(ms)), extended_ms: false, client_cert_chain, alpn: alpn.map(PayloadU8::new), From 19d5edaacd9d20f103765226f6b6e83788484494 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Thu, 21 Sep 2023 15:20:49 +0100 Subject: [PATCH 0293/1145] persist: avoid passing secrets in as Vec This avoids having them as 'loose' unzeroized type on the way to being moved to their final home. This is sufficient, because: - tls12: the secret comes from `tls12::ConnectionSecrets::master_secret()` which borrows from its internal storage; `tls12::ConnectionSecrets::drop` zeroes this storage. - tls13: the secret comes from `resumption_master_secret_and_derive_ticket_psk`, of type `hkdf::OkmBlock`, which we borrow from. Only once the borrow finishes will that be zeroized. --- rustls/src/client/handy.rs | 13 ++----------- rustls/src/client/tls12.rs | 2 +- rustls/src/client/tls13.rs | 2 +- rustls/src/msgs/persist.rs | 14 +++++++------- rustls/src/server/tls12.rs | 3 +-- rustls/src/server/tls13.rs | 2 +- rustls/src/tls12/mod.rs | 6 ++---- 7 files changed, 15 insertions(+), 27 deletions(-) diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 828b76a3b4..35c2504005 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -245,7 +245,7 @@ mod tests { tls12_suite, SessionId::empty(), Vec::new(), - Vec::new(), + &[], Vec::new(), now, 0, @@ -264,16 +264,7 @@ mod tests { }; c.insert_tls13_ticket( &name, - Tls13ClientSessionValue::new( - tls13_suite, - Vec::new(), - Vec::new(), - Vec::new(), - now, - 0, - 0, - 0, - ), + Tls13ClientSessionValue::new(tls13_suite, Vec::new(), &[], Vec::new(), now, 0, 0, 0), ); assert!(c.take_tls13_ticket(&name).is_none()); } diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 6110a535fa..3ddf039b2b 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -978,7 +978,7 @@ impl ExpectFinished { self.secrets.suite(), self.session_id, ticket, - self.secrets.get_master_secret(), + self.secrets.master_secret(), cx.common .peer_certificates .clone() diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 96d31b7f4b..8cae68cece 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -958,7 +958,7 @@ impl ExpectTraffic { let mut value = persist::Tls13ClientSessionValue::new( self.suite, nst.ticket.0.clone(), - secret.as_ref().to_vec(), + secret.as_ref(), cx.common .peer_certificates .clone() diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index 1dc6f4b149..6c37a72127 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -83,7 +83,7 @@ impl Tls13ClientSessionValue { pub(crate) fn new( suite: &'static Tls13CipherSuite, ticket: Vec, - secret: Vec, + secret: &[u8], server_cert_chain: Vec>, time_now: UnixTime, lifetime_secs: u32, @@ -158,7 +158,7 @@ impl Tls12ClientSessionValue { suite: &'static Tls12CipherSuite, session_id: SessionId, ticket: Vec, - master_secret: Vec, + master_secret: &[u8], server_cert_chain: Vec>, time_now: UnixTime, lifetime_secs: u32, @@ -218,14 +218,14 @@ pub struct ClientSessionCommon { impl ClientSessionCommon { fn new( ticket: Vec, - secret: Vec, + secret: &[u8], time_now: UnixTime, lifetime_secs: u32, server_cert_chain: Vec>, ) -> Self { Self { ticket: PayloadU16(ticket), - secret: Zeroizing::new(PayloadU8(secret)), + secret: Zeroizing::new(PayloadU8(secret.to_vec())), epoch: time_now.as_secs(), lifetime_secs: cmp::min(lifetime_secs, MAX_TICKET_LIFETIME), server_cert_chain, @@ -355,7 +355,7 @@ impl ServerSessionValue { sni: Option<&DnsName>, v: ProtocolVersion, cs: CipherSuite, - ms: Vec, + ms: &[u8], client_cert_chain: Option, alpn: Option>, application_data: Vec, @@ -366,7 +366,7 @@ impl ServerSessionValue { sni: sni.cloned(), version: v, cipher_suite: cs, - master_secret: Zeroizing::new(PayloadU8::new(ms)), + master_secret: Zeroizing::new(PayloadU8::new(ms.to_vec())), extended_ms: false, client_cert_chain, alpn: alpn.map(PayloadU8::new), @@ -420,7 +420,7 @@ mod tests { None, ProtocolVersion::TLSv1_3, CipherSuite::TLS13_AES_128_GCM_SHA256, - vec![1, 2, 3], + &[1, 2, 3], None, None, vec![4, 5, 6], diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 5519468289..fabfa9007b 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -751,13 +751,12 @@ fn get_server_connection_value_tls12( time_now: UnixTime, ) -> persist::ServerSessionValue { let version = ProtocolVersion::TLSv1_2; - let secret = secrets.get_master_secret(); let mut v = persist::ServerSessionValue::new( cx.data.sni.as_ref(), version, secrets.suite().common.suite, - secret, + secrets.master_secret(), cx.common.peer_certificates.clone(), cx.common.alpn_protocol.clone(), cx.data.resumption_data.clone(), diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index d518d593e6..7a2a979a20 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1067,7 +1067,7 @@ fn get_server_session_value( cx.data.sni.as_ref(), version, suite.common.suite, - secret.as_ref().to_vec(), + secret.as_ref(), cx.common.peer_certificates.clone(), cx.common.alpn_protocol.clone(), cx.data.resumption_data.clone(), diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 4f580c3d5e..9592164bec 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -193,10 +193,8 @@ impl ConnectionSecrets { self.suite } - pub(crate) fn get_master_secret(&self) -> Vec { - let mut ret = Vec::new(); - ret.extend_from_slice(&self.master_secret); - ret + pub(crate) fn master_secret(&self) -> &[u8] { + &self.master_secret[..] } fn make_verify_data(&self, handshake_hash: &hash::Output, label: &[u8]) -> Vec { From 3257cbdda74a01603c2edda7455c6d7830b374b5 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 24 Oct 2023 09:57:59 -0400 Subject: [PATCH 0294/1145] crypto: fix nightly clippy get-first warning ``` warning: accessing first element with `self.cert.get(0)` --> rustls/src/crypto/signer.rs:61:9 | 61 | / self.cert 62 | | .get(0) | |___________________^ help: try: `self.cert.first()` | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#get_first = note: `#[warn(clippy::get_first)]` on by default ``` --- rustls/src/crypto/signer.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index 55faa33844..d582dd6b6f 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -59,7 +59,7 @@ impl CertifiedKey { /// The end-entity certificate. pub fn end_entity_cert(&self) -> Result<&CertificateDer<'_>, Error> { self.cert - .get(0) + .first() .ok_or(Error::NoCertificatesPresented) } } From 13aa353c45e6ed4a9de80e30a4696cd542f15869 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Oct 2023 13:37:06 -0400 Subject: [PATCH 0295/1145] webpki: move ServerCertVerifier impl below inherent impl --- rustls/src/webpki/verify.rs | 108 ++++++++++++++++++------------------ 1 file changed, 54 insertions(+), 54 deletions(-) diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 8026b484a2..018b20c3fb 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -74,60 +74,6 @@ pub fn verify_server_name(cert: &ParsedCertificate, server_name: &ServerName) -> Ok(()) } -impl ServerCertVerifier for WebPkiServerVerifier { - /// Will verify the certificate is valid in the following ways: - /// - Signed by a trusted `RootCertStore` CA - /// - Not Expired - /// - Valid for DNS entry - fn verify_server_cert( - &self, - end_entity: &CertificateDer<'_>, - intermediates: &[CertificateDer<'_>], - server_name: &ServerName, - ocsp_response: &[u8], - now: UnixTime, - ) -> Result { - let cert = ParsedCertificate::try_from(end_entity)?; - - verify_server_cert_signed_by_trust_anchor( - &cert, - &self.roots, - intermediates, - now, - self.supported.all, - )?; - - if !ocsp_response.is_empty() { - trace!("Unvalidated OCSP response: {:?}", ocsp_response.to_vec()); - } - - verify_server_name(&cert, server_name)?; - Ok(ServerCertVerified::assertion()) - } - - fn verify_tls12_signature( - &self, - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - verify_signed_struct(message, cert, dss, &self.supported) - } - - fn verify_tls13_signature( - &self, - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - verify_tls13(message, cert, dss, &self.supported) - } - - fn supported_verify_schemes(&self) -> Vec { - self.supported.supported_schemes() - } -} - /// Default `ServerCertVerifier`, see the trait impl for more information. #[allow(unreachable_pub)] pub struct WebPkiServerVerifier { @@ -190,6 +136,60 @@ impl WebPkiServerVerifier { } } +impl ServerCertVerifier for WebPkiServerVerifier { + /// Will verify the certificate is valid in the following ways: + /// - Signed by a trusted `RootCertStore` CA + /// - Not Expired + /// - Valid for DNS entry + fn verify_server_cert( + &self, + end_entity: &CertificateDer<'_>, + intermediates: &[CertificateDer<'_>], + server_name: &ServerName, + ocsp_response: &[u8], + now: UnixTime, + ) -> Result { + let cert = ParsedCertificate::try_from(end_entity)?; + + verify_server_cert_signed_by_trust_anchor( + &cert, + &self.roots, + intermediates, + now, + self.supported.all, + )?; + + if !ocsp_response.is_empty() { + trace!("Unvalidated OCSP response: {:?}", ocsp_response.to_vec()); + } + + verify_server_name(&cert, server_name)?; + Ok(ServerCertVerified::assertion()) + } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + verify_signed_struct(message, cert, dss, &self.supported) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + verify_tls13(message, cert, dss, &self.supported) + } + + fn supported_verify_schemes(&self) -> Vec { + self.supported.supported_schemes() + } +} + /// A client certificate verifier that uses the `webpki` crate[^1] to perform client certificate /// validation. It must be created via the [WebPkiClientVerifier::builder()] function. /// From 4bb46ce418da8a4fd399ecca65f8c46f0b0961a5 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Oct 2023 13:37:59 -0400 Subject: [PATCH 0296/1145] webpki: move crate-internal type below pub types --- rustls/src/webpki/verify.rs | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 018b20c3fb..2bb0607363 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -376,15 +376,6 @@ impl ClientCertVerifier for WebPkiClientVerifier { } } -/// Controls how the [WebPkiClientVerifier] handles anonymous clients. -#[derive(Debug, Clone, Copy, PartialEq, Eq)] -pub(crate) enum AnonymousClientPolicy { - /// Clients that do not present a client certificate are allowed. - Allow, - /// Clients that do not present a client certificate are denied. - Deny, -} - /// Describes which `webpki` signature verification algorithms are supported and /// how they map to TLS `SignatureScheme`s. #[derive(Clone, Copy)] @@ -446,6 +437,15 @@ impl WebPkiSupportedAlgorithms { } } +/// Controls how the [WebPkiClientVerifier] handles anonymous clients. +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub(crate) enum AnonymousClientPolicy { + /// Clients that do not present a client certificate are allowed. + Allow, + /// Clients that do not present a client certificate are denied. + Deny, +} + /// A `WebPkiSupportedAlgorithms` value that reflects webpki's capabilities when /// compiled against *ring*. #[cfg(feature = "ring")] From cf69f661888ea27356195f5e3601f4d3800f9844 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Oct 2023 13:38:43 -0400 Subject: [PATCH 0297/1145] webpki: move Debug impl below inherent impl --- rustls/src/webpki/verify.rs | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 2bb0607363..40ead85737 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -405,16 +405,6 @@ pub struct WebPkiSupportedAlgorithms { )], } -impl fmt::Debug for WebPkiSupportedAlgorithms { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - write!(f, "WebPkiSupportedAlgorithms {{ all: [ .. ], mapping: ")?; - f.debug_list() - .entries(self.mapping.iter().map(|item| item.0)) - .finish()?; - write!(f, " }}") - } -} - impl WebPkiSupportedAlgorithms { /// Return all the `scheme` items in `mapping`, maintaining order. fn supported_schemes(&self) -> Vec { @@ -437,6 +427,16 @@ impl WebPkiSupportedAlgorithms { } } +impl fmt::Debug for WebPkiSupportedAlgorithms { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "WebPkiSupportedAlgorithms {{ all: [ .. ], mapping: ")?; + f.debug_list() + .entries(self.mapping.iter().map(|item| item.0)) + .finish()?; + write!(f, " }}") + } +} + /// Controls how the [WebPkiClientVerifier] handles anonymous clients. #[derive(Debug, Clone, Copy, PartialEq, Eq)] pub(crate) enum AnonymousClientPolicy { From fefbf42725156c4ec45e0cb7164341bff047d9d6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Oct 2023 13:39:18 -0400 Subject: [PATCH 0298/1145] webpki: move pub struct above pub(crate) types --- rustls/src/webpki/verify.rs | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 40ead85737..77684051d0 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -437,6 +437,18 @@ impl fmt::Debug for WebPkiSupportedAlgorithms { } } +/// wrapper around internal representation of a parsed certificate. This is used in order to avoid parsing twice when specifying custom verification +pub struct ParsedCertificate<'a>(pub(crate) webpki::EndEntityCert<'a>); + +impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { + type Error = Error; + fn try_from(value: &'a CertificateDer<'a>) -> Result, Self::Error> { + webpki::EndEntityCert::try_from(value) + .map_err(pki_error) + .map(ParsedCertificate) + } +} + /// Controls how the [WebPkiClientVerifier] handles anonymous clients. #[derive(Debug, Clone, Copy, PartialEq, Eq)] pub(crate) enum AnonymousClientPolicy { @@ -559,18 +571,6 @@ fn verify_tls13( .map(|_| HandshakeSignatureValid::assertion()) } -/// wrapper around internal representation of a parsed certificate. This is used in order to avoid parsing twice when specifying custom verification -pub struct ParsedCertificate<'a>(pub(crate) webpki::EndEntityCert<'a>); - -impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { - type Error = Error; - fn try_from(value: &'a CertificateDer<'a>) -> Result, Self::Error> { - webpki::EndEntityCert::try_from(value) - .map_err(pki_error) - .map(ParsedCertificate) - } -} - #[cfg(test)] mod tests { use super::super::crl_error; From 2f451c4a1da29e035dbd9cf9635e83ec2de96060 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 23 Oct 2023 09:25:46 -0400 Subject: [PATCH 0299/1145] webpki: fix up ParsedCertificate rustdoc * Capitalize first word. * Break out headline sentence. * Wrap the rest. --- rustls/src/webpki/verify.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 77684051d0..6d9a55ddc6 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -437,7 +437,9 @@ impl fmt::Debug for WebPkiSupportedAlgorithms { } } -/// wrapper around internal representation of a parsed certificate. This is used in order to avoid parsing twice when specifying custom verification +/// Wrapper around internal representation of a parsed certificate. +/// +/// This is used in order to avoid parsing twice when specifying custom verification pub struct ParsedCertificate<'a>(pub(crate) webpki::EndEntityCert<'a>); impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { From 84a4edb08d6ab8447f9d8ac553cfac22ace2c447 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 20 Oct 2023 09:46:48 -0400 Subject: [PATCH 0300/1145] webpki: clarify verifier builder test names In the future we'll have similar unit tests for the server certificate verifiers. This commit clarifies the tests that are specific to the client certificate verifier. --- rustls/src/webpki/client_verifier_builder.rs | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/rustls/src/webpki/client_verifier_builder.rs b/rustls/src/webpki/client_verifier_builder.rs index 5668b66ef8..d00683198b 100644 --- a/rustls/src/webpki/client_verifier_builder.rs +++ b/rustls/src/webpki/client_verifier_builder.rs @@ -195,13 +195,13 @@ mod tests { } #[test] - fn test_noauth() { + fn test_client_verifier_no_auth() { // We should be able to build a verifier that turns off client authentication. WebPkiClientVerifier::no_client_auth(); } #[test] - fn test_required_auth() { + fn test_client_verifier_required_auth() { // We should be able to build a verifier that requires client authentication, and does // no revocation checking. let builder = WebPkiClientVerifier::builder(test_roots()); @@ -211,7 +211,7 @@ mod tests { } #[test] - fn test_optional_auth() { + fn test_client_verifier_optional_auth() { // We should be able to build a verifier that allows client authentication, and anonymous // access, and does no revocation checking. let builder = WebPkiClientVerifier::builder(test_roots()).allow_unauthenticated(); @@ -221,7 +221,7 @@ mod tests { } #[test] - fn test_without_crls_required_auth() { + fn test_client_verifier_without_crls_required_auth() { // We should be able to build a verifier that requires client authentication, and does // no revocation checking, that hasn't been configured to determine how to handle // unauthenticated clients yet. @@ -232,7 +232,7 @@ mod tests { } #[test] - fn test_without_crls_opptional_auth() { + fn test_client_verifier_without_crls_opptional_auth() { // We should be able to build a verifier that allows client authentication, // and anonymous access, that does no revocation checking. let builder = WebPkiClientVerifier::builder(test_roots()).allow_unauthenticated(); @@ -243,7 +243,7 @@ mod tests { #[test] fn test_with_invalid_crls() { - // Trying to build a verifier with invalid CRLs should error at build time. + // Trying to build a client verifier with invalid CRLs should error at build time. let result = WebPkiClientVerifier::builder(test_roots()) .with_crls(vec![CertificateRevocationListDer::from(vec![0xFF])]) .build(); @@ -255,7 +255,7 @@ mod tests { #[test] fn test_with_crls_multiple_calls() { - // We should be able to call `with_crls` multiple times. + // We should be able to call `with_crls` on a client verifier multiple times. let initial_crls = test_crls(); let extra_crls = load_crls(&[ @@ -273,7 +273,7 @@ mod tests { } #[test] - fn test_with_crls_required_auth_implicit() { + fn test_client_verifier_with_crls_required_auth_implicit() { // We should be able to build a verifier that requires client authentication, and that does // revocation checking with CRLs, and that does not allow any anonymous access. let builder = WebPkiClientVerifier::builder(test_roots()).with_crls(test_crls()); @@ -283,7 +283,7 @@ mod tests { } #[test] - fn test_with_crls_optional_auth() { + fn test_client_verifier_with_crls_optional_auth() { // We should be able to build a verifier that supports client authentication, that does // revocation checking with CRLs, and that allows anonymous access. let builder = WebPkiClientVerifier::builder(test_roots()) @@ -296,7 +296,7 @@ mod tests { #[test] fn test_builder_no_roots() { - // Trying to create a builder with no trust anchors should fail at build time + // Trying to create a client verifier builder with no trust anchors should fail at build time let result = WebPkiClientVerifier::builder(RootCertStore::empty().into()).build(); assert!(matches!( result, From 9aa50fab6f333c684a3d3891787158afdeffeb7f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Oct 2023 13:44:54 -0400 Subject: [PATCH 0301/1145] webpki: add revocation depth control to client verifier This commit exposes support for configuring client certificate revocation checking depth when building a webpki client certificate verifier. By default when CRLs are provided revocation status checks will be performed for all certificates in the verified chain to a trust anchor (minus the trust anchor itself). Optionally users of the verifier builder may opt to relax this behaviour to check only the end entity certificate's revocation status. --- rustls/src/webpki/client_verifier_builder.rs | 35 +++++++++++++++++++- rustls/src/webpki/verify.rs | 6 ++++ 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/rustls/src/webpki/client_verifier_builder.rs b/rustls/src/webpki/client_verifier_builder.rs index d00683198b..3bbf75050e 100644 --- a/rustls/src/webpki/client_verifier_builder.rs +++ b/rustls/src/webpki/client_verifier_builder.rs @@ -4,7 +4,7 @@ use core::fmt; use std::error::Error as StdError; use pki_types::CertificateRevocationListDer; -use webpki::BorrowedCertRevocationList; +use webpki::{BorrowedCertRevocationList, RevocationCheckDepth}; use super::crl_error; use super::verify::{AnonymousClientPolicy, WebPkiClientVerifier, WebPkiSupportedAlgorithms}; @@ -18,6 +18,7 @@ use crate::{CertRevocationListError, RootCertStore}; pub struct ClientCertVerifierBuilder { roots: Arc, crls: Vec>, + revocation_check_depth: RevocationCheckDepth, anon_policy: AnonymousClientPolicy, supported_algs: Option, } @@ -28,6 +29,7 @@ impl ClientCertVerifierBuilder { roots, crls: Vec::new(), anon_policy: AnonymousClientPolicy::Deny, + revocation_check_depth: RevocationCheckDepth::Chain, supported_algs: None, } } @@ -35,6 +37,11 @@ impl ClientCertVerifierBuilder { /// Verify the revocation state of presented client certificates against the provided /// certificate revocation lists (CRLs). Calling `with_crls` multiple times appends the /// given CRLs to the existing collection. + /// + /// By default all certificates in the verified chain built from the presented client + /// certificate to a trust anchor will have their revocation status checked. Calling + /// [`only_check_end_entity_revocation`][Self::only_check_end_entity_revocation] will + /// change this behavior to only check the end entity client certificate. pub fn with_crls( mut self, crls: impl IntoIterator>, @@ -43,6 +50,20 @@ impl ClientCertVerifierBuilder { self } + /// Only check the end entity certificate revocation status when using CRLs. + /// + /// If CRLs are provided using [`with_crls`][Self::with_crls] only check the end entity + /// certificate's revocation status. Overrides the default behavior of checking revocation + /// status for each certificate in the verified chain built to a trust anchor + /// (excluding the trust anchor itself). + /// + /// If no CRLs are provided then this setting has no effect. Neither the end entity certificate + /// or any intermediates will have revocation status checked. + pub fn only_check_end_entity_revocation(mut self) -> Self { + self.revocation_check_depth = RevocationCheckDepth::EndEntity; + self + } + /// Allow unauthenticated clients to connect. /// /// Clients that offer a client certificate issued by a trusted root, and clients that offer no @@ -105,6 +126,7 @@ impl ClientCertVerifierBuilder { .map_err(crl_error) }) .collect::, CertRevocationListError>>()?, + self.revocation_check_depth, self.anon_policy, supported_algs, ))) @@ -294,6 +316,17 @@ mod tests { builder.build().unwrap(); } + #[test] + fn test_client_verifier_ee_only() { + // We should be able to build a client verifier that only checks EE revocation status. + let builder = WebPkiClientVerifier::builder(test_roots()) + .with_crls(test_crls()) + .only_check_end_entity_revocation(); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + #[test] fn test_builder_no_roots() { // Trying to create a client verifier builder with no trust anchors should fail at build time diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 6d9a55ddc6..45fcc178e9 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -246,6 +246,7 @@ pub struct WebPkiClientVerifier { roots: Arc, subjects: Vec, crls: Vec, + revocation_check_depth: webpki::RevocationCheckDepth, anonymous_policy: AnonymousClientPolicy, supported_algs: WebPkiSupportedAlgorithms, } @@ -275,12 +276,15 @@ impl WebPkiClientVerifier { /// `roots` is the list of trust anchors to use for certificate validation. /// `crls` are an iterable of owned certificate revocation lists (CRLs) to use for /// client certificate validation. + /// `revocation_check_depth` controls which certificates have their revocation status checked + /// when `crls` are provided. /// `anonymous_policy` controls whether client authentication is required, or if anonymous /// clients can connect. /// `supported_algs` is which signature verification algorithms should be used. pub(crate) fn new( roots: Arc, crls: Vec, + revocation_check_depth: webpki::RevocationCheckDepth, anonymous_policy: AnonymousClientPolicy, supported_algs: WebPkiSupportedAlgorithms, ) -> Self { @@ -291,6 +295,7 @@ impl WebPkiClientVerifier { .map(|ta| DistinguishedName::in_sequence(ta.subject.as_ref())) .collect(), crls, + revocation_check_depth, roots, anonymous_policy, supported_algs, @@ -336,6 +341,7 @@ impl ClientCertVerifier for WebPkiClientVerifier { webpki::RevocationOptionsBuilder::new(&crls) .expect("invalid crls") .allow_unknown_status() + .with_depth(self.revocation_check_depth) .build(), ) }; From 024984dc894b5b3487c4dc8d86afe261eb956c67 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Oct 2023 13:52:37 -0400 Subject: [PATCH 0302/1145] webpki: add unknown revocation status control to client verifier This commit exposes support for configuring client certificate revocation behaviour for the case where revocation status can not be determined. By default the webpki client certificate verifier built by the `ClientCertVerifierBuilder` will treat unknown revocation status as an error. Users of the builder may optionally relax this behaviour to allow unknown revocation status. --- rustls/src/error.rs | 8 ++++- rustls/src/webpki/client_verifier_builder.rs | 34 +++++++++++++++++- rustls/src/webpki/mod.rs | 1 + rustls/src/webpki/verify.rs | 38 ++++++++++++-------- 4 files changed, 64 insertions(+), 17 deletions(-) diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 58767a3a1a..edb8f47ff9 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -303,6 +303,9 @@ pub enum CertificateError { /// The certificate chain is not issued by a known root certificate. UnknownIssuer, + /// The certificate's revocation status could not be determined. + UnknownRevocationStatus, + /// A certificate is not correctly signed by the key of its alleged /// issuer. BadSignature, @@ -358,7 +361,10 @@ impl From for AlertDescription { fn from(e: CertificateError) -> Self { use CertificateError::*; match e { - BadEncoding | UnhandledCriticalExtension | NotValidForName => Self::BadCertificate, + BadEncoding + | UnhandledCriticalExtension + | NotValidForName + | UnknownRevocationStatus => Self::BadCertificate, // RFC 5246/RFC 8446 // certificate_expired // A certificate has expired or **is not currently valid**. diff --git a/rustls/src/webpki/client_verifier_builder.rs b/rustls/src/webpki/client_verifier_builder.rs index 3bbf75050e..9d5a8299ce 100644 --- a/rustls/src/webpki/client_verifier_builder.rs +++ b/rustls/src/webpki/client_verifier_builder.rs @@ -4,7 +4,7 @@ use core::fmt; use std::error::Error as StdError; use pki_types::CertificateRevocationListDer; -use webpki::{BorrowedCertRevocationList, RevocationCheckDepth}; +use webpki::{BorrowedCertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; use super::crl_error; use super::verify::{AnonymousClientPolicy, WebPkiClientVerifier, WebPkiSupportedAlgorithms}; @@ -19,6 +19,7 @@ pub struct ClientCertVerifierBuilder { roots: Arc, crls: Vec>, revocation_check_depth: RevocationCheckDepth, + unknown_revocation_policy: UnknownStatusPolicy, anon_policy: AnonymousClientPolicy, supported_algs: Option, } @@ -30,6 +31,7 @@ impl ClientCertVerifierBuilder { crls: Vec::new(), anon_policy: AnonymousClientPolicy::Deny, revocation_check_depth: RevocationCheckDepth::Chain, + unknown_revocation_policy: UnknownStatusPolicy::Deny, supported_algs: None, } } @@ -42,6 +44,11 @@ impl ClientCertVerifierBuilder { /// certificate to a trust anchor will have their revocation status checked. Calling /// [`only_check_end_entity_revocation`][Self::only_check_end_entity_revocation] will /// change this behavior to only check the end entity client certificate. + /// + /// By default if a certificate's revocation status can not be determined using the + /// configured CRLs, it will be treated as an error. Calling + /// [`allow_unknown_revocation_status`][Self::allow_unknown_revocation_status] will change + /// this behavior to allow unknown revocation status. pub fn with_crls( mut self, crls: impl IntoIterator>, @@ -73,6 +80,19 @@ impl ClientCertVerifierBuilder { self } + /// Allow unknown certificate revocation status when using CRLs. + /// + /// If CRLs are provided with [`with_crls`][Self::with_crls] and it isn't possible to + /// determine the revocation status of a certificate, do not treat it as an error condition. + /// Overrides the default behavior where unknown revocation status is considered an error. + /// + /// If no CRLs are provided then this setting has no effect as revocation status checks + /// are not performed. + pub fn allow_unknown_revocation_status(mut self) -> Self { + self.unknown_revocation_policy = UnknownStatusPolicy::Allow; + self + } + /// Sets which signature verification algorithms are enabled. /// /// If this is called multiple times, the last call wins. @@ -127,6 +147,7 @@ impl ClientCertVerifierBuilder { }) .collect::, CertRevocationListError>>()?, self.revocation_check_depth, + self.unknown_revocation_policy, self.anon_policy, supported_algs, ))) @@ -327,6 +348,17 @@ mod tests { builder.build().unwrap(); } + #[test] + fn test_client_verifier_allow_unknown() { + // We should be able to build a client verifier that allows unknown revocation status + let builder = WebPkiClientVerifier::builder(test_roots()) + .with_crls(test_crls()) + .allow_unknown_revocation_status(); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + #[test] fn test_builder_no_roots() { // Trying to create a client verifier builder with no trust anchors should fail at build time diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 560f4808b8..fdff175c0d 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -28,6 +28,7 @@ fn pki_error(error: webpki::Error) -> Error { UnknownIssuer => CertificateError::UnknownIssuer.into(), CertNotValidForName => CertificateError::NotValidForName.into(), CertRevoked => CertificateError::Revoked.into(), + UnknownRevocationStatus => CertificateError::UnknownRevocationStatus.into(), IssuerNotCrlSigner => CertRevocationListError::IssuerInvalidForCrl.into(), InvalidSignatureForPublicKey diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 45fcc178e9..6316f93e50 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -247,6 +247,7 @@ pub struct WebPkiClientVerifier { subjects: Vec, crls: Vec, revocation_check_depth: webpki::RevocationCheckDepth, + unknown_revocation_policy: webpki::UnknownStatusPolicy, anonymous_policy: AnonymousClientPolicy, supported_algs: WebPkiSupportedAlgorithms, } @@ -273,18 +274,21 @@ impl WebPkiClientVerifier { /// Construct a new `WebpkiClientVerifier`. /// - /// `roots` is the list of trust anchors to use for certificate validation. - /// `crls` are an iterable of owned certificate revocation lists (CRLs) to use for - /// client certificate validation. - /// `revocation_check_depth` controls which certificates have their revocation status checked - /// when `crls` are provided. - /// `anonymous_policy` controls whether client authentication is required, or if anonymous - /// clients can connect. - /// `supported_algs` is which signature verification algorithms should be used. + /// * `roots` is a list of trust anchors to use for certificate validation. + /// * `crls` is a `Vec` of owned certificate revocation lists (CRLs) to use for + /// client certificate validation. + /// * `revocation_check_depth` controls which certificates have their revocation status checked + /// when `crls` are provided. + /// * `unknown_revocation_policy` controls how certificates with an unknown revocation status + /// are handled when `crls` are provided. + /// * `anonymous_policy` controls whether client authentication is required, or if anonymous + /// clients can connect. + /// * `supported_algs` specifies which signature verification algorithms should be used. pub(crate) fn new( roots: Arc, crls: Vec, revocation_check_depth: webpki::RevocationCheckDepth, + unknown_revocation_policy: webpki::UnknownStatusPolicy, anonymous_policy: AnonymousClientPolicy, supported_algs: WebPkiSupportedAlgorithms, ) -> Self { @@ -296,6 +300,7 @@ impl WebPkiClientVerifier { .collect(), crls, revocation_check_depth, + unknown_revocation_policy, roots, anonymous_policy, supported_algs, @@ -337,13 +342,16 @@ impl ClientCertVerifier for WebPkiClientVerifier { let revocation = if crls.is_empty() { None } else { - Some( - webpki::RevocationOptionsBuilder::new(&crls) - .expect("invalid crls") - .allow_unknown_status() - .with_depth(self.revocation_check_depth) - .build(), - ) + let mut builder = webpki::RevocationOptionsBuilder::new(&crls) + .expect("invalid crls") + .with_depth(self.revocation_check_depth); + if matches!( + self.unknown_revocation_policy, + webpki::UnknownStatusPolicy::Allow + ) { + builder = builder.allow_unknown_status(); + } + Some(builder.build()) }; cert.0 From 75c7f1ecd704188b471e0f1573a7ac2e52411c4f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 23 Oct 2023 10:51:58 -0400 Subject: [PATCH 0303/1145] webpki: rename client_verifier_builder -> client_verifier This commit renames the `client_verifier_builder.rs` module to be named `client_verifier.rs`. In a subsequent commit we'll move the verifier impl that is built by the verifier builder into the same module. This will make it easier to create a `server_verifier.rs` module for the server certificate verifier equivalents, and keeps the builder and the type it builds in the same module for clarity. --- .../webpki/{client_verifier_builder.rs => client_verifier.rs} | 0 rustls/src/webpki/mod.rs | 4 ++-- rustls/src/webpki/verify.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) rename rustls/src/webpki/{client_verifier_builder.rs => client_verifier.rs} (100%) diff --git a/rustls/src/webpki/client_verifier_builder.rs b/rustls/src/webpki/client_verifier.rs similarity index 100% rename from rustls/src/webpki/client_verifier_builder.rs rename to rustls/src/webpki/client_verifier.rs diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index fdff175c0d..60c096b2dc 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -3,12 +3,12 @@ use alloc::sync::Arc; use crate::error::{CertRevocationListError, CertificateError, Error}; mod anchors; -mod client_verifier_builder; +mod client_verifier; mod verify; pub use anchors::RootCertStore; -pub use client_verifier_builder::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; +pub use client_verifier::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; pub use verify::{WebPkiClientVerifier, WebPkiSupportedAlgorithms}; diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 6316f93e50..f890f629b7 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -7,7 +7,7 @@ use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime}; use webpki::ring as webpki_algs; use super::anchors::RootCertStore; -use super::client_verifier_builder::ClientCertVerifierBuilder; +use super::client_verifier::ClientCertVerifierBuilder; use super::pki_error; use crate::client::ServerName; use crate::enums::SignatureScheme; From 69057f51cf82bac36f2c937f6e391e5fe4704521 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 23 Oct 2023 11:06:50 -0400 Subject: [PATCH 0304/1145] webpki: move WebPkiClientVerifier to client_verifier This commit moves the `WebPkiClientVerifier` type (and associated bits) from `verify.rs` into `client_verifier.rs` to live alongside its builder type. --- rustls/src/webpki/client_verifier.rs | 233 ++++++++++++++++++++++++++- rustls/src/webpki/mod.rs | 6 +- rustls/src/webpki/verify.rs | 220 +------------------------ 3 files changed, 233 insertions(+), 226 deletions(-) diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 9d5a8299ce..5645349ac0 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -3,13 +3,21 @@ use alloc::vec::Vec; use core::fmt; use std::error::Error as StdError; -use pki_types::CertificateRevocationListDer; -use webpki::{BorrowedCertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; - -use super::crl_error; -use super::verify::{AnonymousClientPolicy, WebPkiClientVerifier, WebPkiSupportedAlgorithms}; -use crate::verify::ClientCertVerifier; -use crate::{CertRevocationListError, RootCertStore}; +use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; +use webpki::{ + BorrowedCertRevocationList, OwnedCertRevocationList, RevocationCheckDepth, UnknownStatusPolicy, +}; + +use super::{crl_error, pki_error}; +use crate::verify::{ + ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid, + NoClientAuth, +}; +use crate::webpki::verify::{verify_signed_struct, verify_tls13, ParsedCertificate}; +use crate::{ + CertRevocationListError, DistinguishedName, Error, RootCertStore, SignatureScheme, + WebPkiSupportedAlgorithms, +}; /// A builder for configuring a `webpki` client certificate verifier. /// @@ -191,10 +199,219 @@ impl fmt::Display for ClientCertVerifierBuilderError { impl StdError for ClientCertVerifierBuilderError {} +/// A client certificate verifier that uses the `webpki` crate[^1] to perform client certificate +/// validation. It must be created via the [WebPkiClientVerifier::builder()] function. +/// +/// Once built, the provided `Arc` can be used with a Rustls [crate::server::ServerConfig] +/// to configure client certificate validation using [`with_client_cert_verifier`][crate::ConfigBuilder::with_client_cert_verifier]. +/// +/// Example: +/// +/// To require all clients present a client certificate issued by a trusted CA: +/// ```no_run +/// # use rustls::RootCertStore; +/// # use rustls::server::WebPkiClientVerifier; +/// # let roots = RootCertStore::empty(); +/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) +/// .build() +/// .unwrap(); +/// ``` +/// +/// Or, to allow clients presenting a client certificate authenticated by a trusted CA, or +/// anonymous clients that present no client certificate: +/// ```no_run +/// # use rustls::RootCertStore; +/// # use rustls::server::WebPkiClientVerifier; +/// # let roots = RootCertStore::empty(); +/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) +/// .allow_unauthenticated() +/// .build() +/// .unwrap(); +/// ``` +/// +/// If you wish to disable advertising client authentication: +/// ```no_run +/// # use rustls::RootCertStore; +/// # use rustls::server::WebPkiClientVerifier; +/// # let roots = RootCertStore::empty(); +/// let client_verifier = WebPkiClientVerifier::no_client_auth(); +/// ``` +/// +/// You can also configure the client verifier to check for certificate revocation with +/// client certificate revocation lists (CRLs): +/// ```no_run +/// # use rustls::RootCertStore; +/// # use rustls::server::{WebPkiClientVerifier}; +/// # let roots = RootCertStore::empty(); +/// # let crls = Vec::new(); +/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) +/// .with_crls(crls) +/// .build() +/// .unwrap(); +/// ``` +/// +/// [^1]: +pub struct WebPkiClientVerifier { + roots: Arc, + subjects: Vec, + crls: Vec, + revocation_check_depth: RevocationCheckDepth, + unknown_revocation_policy: UnknownStatusPolicy, + anonymous_policy: AnonymousClientPolicy, + supported_algs: WebPkiSupportedAlgorithms, +} + +impl WebPkiClientVerifier { + /// Create builder to build up the `webpki` client certificate verifier configuration. + /// Client certificate authentication will be offered by the server, and client certificates + /// will be verified using the trust anchors found in the provided `roots`. If you + /// wish to disable client authentication use [WebPkiClientVerifier::no_client_auth()] instead. + /// + /// For more information, see the [`ClientCertVerifierBuilder`] documentation. + pub fn builder(roots: Arc) -> ClientCertVerifierBuilder { + ClientCertVerifierBuilder::new(roots) + } + + /// Create a new `WebPkiClientVerifier` that disables client authentication. The server will + /// not offer client authentication and anonymous clients will be accepted. + /// + /// This is in contrast to using `WebPkiClientVerifier::builder().allow_unauthenticated().build()`, + /// which will produce a verifier that will offer client authentication, but not require it. + pub fn no_client_auth() -> Arc { + Arc::new(NoClientAuth {}) + } + + /// Construct a new `WebpkiClientVerifier`. + /// + /// * `roots` is a list of trust anchors to use for certificate validation. + /// * `crls` is a `Vec` of owned certificate revocation lists (CRLs) to use for + /// client certificate validation. + /// * `revocation_check_depth` controls which certificates have their revocation status checked + /// when `crls` are provided. + /// * `unknown_revocation_policy` controls how certificates with an unknown revocation status + /// are handled when `crls` are provided. + /// * `anonymous_policy` controls whether client authentication is required, or if anonymous + /// clients can connect. + /// * `supported_algs` specifies which signature verification algorithms should be used. + pub(crate) fn new( + roots: Arc, + crls: Vec, + revocation_check_depth: RevocationCheckDepth, + unknown_revocation_policy: UnknownStatusPolicy, + anonymous_policy: AnonymousClientPolicy, + supported_algs: WebPkiSupportedAlgorithms, + ) -> Self { + Self { + subjects: roots + .roots + .iter() + .map(|ta| DistinguishedName::in_sequence(ta.subject.as_ref())) + .collect(), + crls, + revocation_check_depth, + unknown_revocation_policy, + roots, + anonymous_policy, + supported_algs, + } + } +} + +impl ClientCertVerifier for WebPkiClientVerifier { + fn offer_client_auth(&self) -> bool { + true + } + + fn client_auth_mandatory(&self) -> bool { + match self.anonymous_policy { + AnonymousClientPolicy::Allow => false, + AnonymousClientPolicy::Deny => true, + } + } + + fn client_auth_root_subjects(&self) -> &[DistinguishedName] { + &self.subjects + } + + fn verify_client_cert( + &self, + end_entity: &CertificateDer<'_>, + intermediates: &[CertificateDer<'_>], + now: UnixTime, + ) -> Result { + let cert = ParsedCertificate::try_from(end_entity)?; + + #[allow(trivial_casts)] // Cast to &dyn trait is required. + let crls = self + .crls + .iter() + .map(|crl| crl as &dyn webpki::CertRevocationList) + .collect::>(); + + let revocation = if crls.is_empty() { + None + } else { + let mut builder = webpki::RevocationOptionsBuilder::new(&crls) + .expect("invalid crls") + .with_depth(self.revocation_check_depth); + if matches!( + self.unknown_revocation_policy, + webpki::UnknownStatusPolicy::Allow + ) { + builder = builder.allow_unknown_status(); + } + Some(builder.build()) + }; + + cert.0 + .verify_for_usage( + self.supported_algs.all, + &self.roots.roots, + intermediates, + now, + webpki::KeyUsage::client_auth(), + revocation, + ) + .map_err(pki_error) + .map(|_| ClientCertVerified::assertion()) + } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + verify_signed_struct(message, cert, dss, &self.supported_algs) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + verify_tls13(message, cert, dss, &self.supported_algs) + } + + fn supported_verify_schemes(&self) -> Vec { + self.supported_algs.supported_schemes() + } +} + +/// Controls how the [WebPkiClientVerifier] handles anonymous clients. +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub(crate) enum AnonymousClientPolicy { + /// Clients that do not present a client certificate are allowed. + Allow, + /// Clients that do not present a client certificate are denied. + Deny, +} + #[cfg(all(test, feature = "ring"))] mod tests { + use super::WebPkiClientVerifier; use crate::server::ClientCertVerifierBuilderError; - use crate::webpki::verify::WebPkiClientVerifier; use crate::RootCertStore; use pki_types::{CertificateDer, CertificateRevocationListDer}; diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 60c096b2dc..f5d3aab3a5 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -8,9 +8,11 @@ mod verify; pub use anchors::RootCertStore; -pub use client_verifier::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; +pub use client_verifier::{ + ClientCertVerifierBuilder, ClientCertVerifierBuilderError, WebPkiClientVerifier, +}; -pub use verify::{WebPkiClientVerifier, WebPkiSupportedAlgorithms}; +pub use verify::WebPkiSupportedAlgorithms; // Conditionally exported from crate. #[allow(unreachable_pub)] diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index f890f629b7..1b69c81f5f 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -7,17 +7,14 @@ use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime}; use webpki::ring as webpki_algs; use super::anchors::RootCertStore; -use super::client_verifier::ClientCertVerifierBuilder; use super::pki_error; use crate::client::ServerName; use crate::enums::SignatureScheme; use crate::error::{CertificateError, Error, PeerMisbehaved}; #[cfg(feature = "logging")] use crate::log::trace; -use crate::msgs::handshake::DistinguishedName; use crate::verify::{ - ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid, - NoClientAuth, ServerCertVerified, ServerCertVerifier, + DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, }; /// Verify that the end-entity certificate `end_entity` is a valid server cert @@ -190,206 +187,6 @@ impl ServerCertVerifier for WebPkiServerVerifier { } } -/// A client certificate verifier that uses the `webpki` crate[^1] to perform client certificate -/// validation. It must be created via the [WebPkiClientVerifier::builder()] function. -/// -/// Once built, the provided `Arc` can be used with a Rustls [crate::server::ServerConfig] -/// to configure client certificate validation using [`with_client_cert_verifier`][crate::ConfigBuilder::with_client_cert_verifier]. -/// -/// Example: -/// -/// To require all clients present a client certificate issued by a trusted CA: -/// ```no_run -/// # use rustls::RootCertStore; -/// # use rustls::server::WebPkiClientVerifier; -/// # let roots = RootCertStore::empty(); -/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) -/// .build() -/// .unwrap(); -/// ``` -/// -/// Or, to allow clients presenting a client certificate authenticated by a trusted CA, or -/// anonymous clients that present no client certificate: -/// ```no_run -/// # use rustls::RootCertStore; -/// # use rustls::server::WebPkiClientVerifier; -/// # let roots = RootCertStore::empty(); -/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) -/// .allow_unauthenticated() -/// .build() -/// .unwrap(); -/// ``` -/// -/// If you wish to disable advertising client authentication: -/// ```no_run -/// # use rustls::RootCertStore; -/// # use rustls::server::WebPkiClientVerifier; -/// # let roots = RootCertStore::empty(); -/// let client_verifier = WebPkiClientVerifier::no_client_auth(); -/// ``` -/// -/// You can also configure the client verifier to check for certificate revocation with -/// client certificate revocation lists (CRLs): -/// ```no_run -/// # use rustls::RootCertStore; -/// # use rustls::server::{WebPkiClientVerifier}; -/// # let roots = RootCertStore::empty(); -/// # let crls = Vec::new(); -/// let client_verifier = WebPkiClientVerifier::builder(roots.into()) -/// .with_crls(crls) -/// .build() -/// .unwrap(); -/// ``` -/// -/// [^1]: -pub struct WebPkiClientVerifier { - roots: Arc, - subjects: Vec, - crls: Vec, - revocation_check_depth: webpki::RevocationCheckDepth, - unknown_revocation_policy: webpki::UnknownStatusPolicy, - anonymous_policy: AnonymousClientPolicy, - supported_algs: WebPkiSupportedAlgorithms, -} - -impl WebPkiClientVerifier { - /// Create builder to build up the `webpki` client certificate verifier configuration. - /// Client certificate authentication will be offered by the server, and client certificates - /// will be verified using the trust anchors found in the provided `roots`. If you - /// wish to disable client authentication use [WebPkiClientVerifier::no_client_auth()] instead. - /// - /// For more information, see the [`ClientCertVerifierBuilder`] documentation. - pub fn builder(roots: Arc) -> ClientCertVerifierBuilder { - ClientCertVerifierBuilder::new(roots) - } - - /// Create a new `WebPkiClientVerifier` that disables client authentication. The server will - /// not offer client authentication and anonymous clients will be accepted. - /// - /// This is in contrast to using `WebPkiClientVerifier::builder().allow_unauthenticated().build()`, - /// which will produce a verifier that will offer client authentication, but not require it. - pub fn no_client_auth() -> Arc { - Arc::new(NoClientAuth {}) - } - - /// Construct a new `WebpkiClientVerifier`. - /// - /// * `roots` is a list of trust anchors to use for certificate validation. - /// * `crls` is a `Vec` of owned certificate revocation lists (CRLs) to use for - /// client certificate validation. - /// * `revocation_check_depth` controls which certificates have their revocation status checked - /// when `crls` are provided. - /// * `unknown_revocation_policy` controls how certificates with an unknown revocation status - /// are handled when `crls` are provided. - /// * `anonymous_policy` controls whether client authentication is required, or if anonymous - /// clients can connect. - /// * `supported_algs` specifies which signature verification algorithms should be used. - pub(crate) fn new( - roots: Arc, - crls: Vec, - revocation_check_depth: webpki::RevocationCheckDepth, - unknown_revocation_policy: webpki::UnknownStatusPolicy, - anonymous_policy: AnonymousClientPolicy, - supported_algs: WebPkiSupportedAlgorithms, - ) -> Self { - Self { - subjects: roots - .roots - .iter() - .map(|ta| DistinguishedName::in_sequence(ta.subject.as_ref())) - .collect(), - crls, - revocation_check_depth, - unknown_revocation_policy, - roots, - anonymous_policy, - supported_algs, - } - } -} - -impl ClientCertVerifier for WebPkiClientVerifier { - fn offer_client_auth(&self) -> bool { - true - } - - fn client_auth_mandatory(&self) -> bool { - match self.anonymous_policy { - AnonymousClientPolicy::Allow => false, - AnonymousClientPolicy::Deny => true, - } - } - - fn client_auth_root_subjects(&self) -> &[DistinguishedName] { - &self.subjects - } - - fn verify_client_cert( - &self, - end_entity: &CertificateDer<'_>, - intermediates: &[CertificateDer<'_>], - now: UnixTime, - ) -> Result { - let cert = ParsedCertificate::try_from(end_entity)?; - - #[allow(trivial_casts)] // Cast to &dyn trait is required. - let crls = self - .crls - .iter() - .map(|crl| crl as &dyn webpki::CertRevocationList) - .collect::>(); - - let revocation = if crls.is_empty() { - None - } else { - let mut builder = webpki::RevocationOptionsBuilder::new(&crls) - .expect("invalid crls") - .with_depth(self.revocation_check_depth); - if matches!( - self.unknown_revocation_policy, - webpki::UnknownStatusPolicy::Allow - ) { - builder = builder.allow_unknown_status(); - } - Some(builder.build()) - }; - - cert.0 - .verify_for_usage( - self.supported_algs.all, - &self.roots.roots, - intermediates, - now, - webpki::KeyUsage::client_auth(), - revocation, - ) - .map_err(pki_error) - .map(|_| ClientCertVerified::assertion()) - } - - fn verify_tls12_signature( - &self, - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - verify_signed_struct(message, cert, dss, &self.supported_algs) - } - - fn verify_tls13_signature( - &self, - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - verify_tls13(message, cert, dss, &self.supported_algs) - } - - fn supported_verify_schemes(&self) -> Vec { - self.supported_algs.supported_schemes() - } -} - /// Describes which `webpki` signature verification algorithms are supported and /// how they map to TLS `SignatureScheme`s. #[derive(Clone, Copy)] @@ -421,7 +218,7 @@ pub struct WebPkiSupportedAlgorithms { impl WebPkiSupportedAlgorithms { /// Return all the `scheme` items in `mapping`, maintaining order. - fn supported_schemes(&self) -> Vec { + pub(crate) fn supported_schemes(&self) -> Vec { self.mapping .iter() .map(|item| item.0) @@ -465,15 +262,6 @@ impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { } } -/// Controls how the [WebPkiClientVerifier] handles anonymous clients. -#[derive(Debug, Clone, Copy, PartialEq, Eq)] -pub(crate) enum AnonymousClientPolicy { - /// Clients that do not present a client certificate are allowed. - Allow, - /// Clients that do not present a client certificate are denied. - Deny, -} - /// A `WebPkiSupportedAlgorithms` value that reflects webpki's capabilities when /// compiled against *ring*. #[cfg(feature = "ring")] @@ -554,7 +342,7 @@ fn verify_sig_using_any_alg( Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey) } -fn verify_signed_struct( +pub(crate) fn verify_signed_struct( message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, @@ -568,7 +356,7 @@ fn verify_signed_struct( .map(|_| HandshakeSignatureValid::assertion()) } -fn verify_tls13( +pub(crate) fn verify_tls13( msg: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, From 7960489913fe845e682485b5ee5ab39da4f09a20 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 23 Oct 2023 11:12:26 -0400 Subject: [PATCH 0305/1145] webpki: move crl_error and pki_error tests This commit moves the unit tests for the `crl_error` and `pki_error` helpers to be defined alongside the helpers themselves, in `mod.rs`, as opposed to `verify.rs`. --- rustls/src/webpki/mod.rs | 81 +++++++++++++++++++++++++++++++++++++ rustls/src/webpki/verify.rs | 78 ----------------------------------- 2 files changed, 81 insertions(+), 78 deletions(-) diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index f5d3aab3a5..0535c863f4 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -66,3 +66,84 @@ fn crl_error(e: webpki::Error) -> CertRevocationListError { _ => CertRevocationListError::Other(Arc::new(e)), } } + +mod tests { + #[test] + fn pki_crl_errors() { + use super::{pki_error, CertRevocationListError, CertificateError, Error}; + + // CRL signature errors should be turned into BadSignature. + assert_eq!( + pki_error(webpki::Error::InvalidCrlSignatureForPublicKey), + Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), + ); + assert_eq!( + pki_error(webpki::Error::UnsupportedCrlSignatureAlgorithm), + Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), + ); + assert_eq!( + pki_error(webpki::Error::UnsupportedCrlSignatureAlgorithmForPublicKey), + Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), + ); + + // Revoked cert errors should be turned into Revoked. + assert_eq!( + pki_error(webpki::Error::CertRevoked), + Error::InvalidCertificate(CertificateError::Revoked), + ); + + // Issuer not CRL signer errors should be turned into IssuerInvalidForCrl + assert_eq!( + pki_error(webpki::Error::IssuerNotCrlSigner), + Error::InvalidCertRevocationList(CertRevocationListError::IssuerInvalidForCrl) + ); + } + + #[test] + fn crl_error_from_webpki() { + use super::{crl_error, CertRevocationListError::*}; + + let testcases = &[ + (webpki::Error::InvalidCrlSignatureForPublicKey, BadSignature), + ( + webpki::Error::UnsupportedCrlSignatureAlgorithm, + BadSignature, + ), + ( + webpki::Error::UnsupportedCrlSignatureAlgorithmForPublicKey, + BadSignature, + ), + (webpki::Error::InvalidCrlNumber, InvalidCrlNumber), + ( + webpki::Error::InvalidSerialNumber, + InvalidRevokedCertSerialNumber, + ), + (webpki::Error::IssuerNotCrlSigner, IssuerInvalidForCrl), + (webpki::Error::MalformedExtensions, ParseError), + (webpki::Error::BadDer, ParseError), + (webpki::Error::BadDerTime, ParseError), + ( + webpki::Error::UnsupportedCriticalExtension, + UnsupportedCriticalExtension, + ), + (webpki::Error::UnsupportedCrlVersion, UnsupportedCrlVersion), + (webpki::Error::UnsupportedDeltaCrl, UnsupportedDeltaCrl), + ( + webpki::Error::UnsupportedIndirectCrl, + UnsupportedIndirectCrl, + ), + ( + webpki::Error::UnsupportedRevocationReason, + UnsupportedRevocationReason, + ), + ]; + for t in testcases { + assert_eq!(crl_error(t.0), t.1); + } + + assert!(matches!( + crl_error(webpki::Error::NameConstraintViolation), + Other(_) + )); + } +} diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 1b69c81f5f..f51a76da13 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -377,85 +377,7 @@ pub(crate) fn verify_tls13( #[cfg(test)] mod tests { - use super::super::crl_error; use super::*; - use crate::error::CertRevocationListError; - - #[test] - fn pki_crl_errors() { - // CRL signature errors should be turned into BadSignature. - assert_eq!( - pki_error(webpki::Error::InvalidCrlSignatureForPublicKey), - Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), - ); - assert_eq!( - pki_error(webpki::Error::UnsupportedCrlSignatureAlgorithm), - Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), - ); - assert_eq!( - pki_error(webpki::Error::UnsupportedCrlSignatureAlgorithmForPublicKey), - Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), - ); - - // Revoked cert errors should be turned into Revoked. - assert_eq!( - pki_error(webpki::Error::CertRevoked), - Error::InvalidCertificate(CertificateError::Revoked), - ); - - // Issuer not CRL signer errors should be turned into IssuerInvalidForCrl - assert_eq!( - pki_error(webpki::Error::IssuerNotCrlSigner), - Error::InvalidCertRevocationList(CertRevocationListError::IssuerInvalidForCrl) - ); - } - - #[test] - fn crl_error_from_webpki() { - use crate::CertRevocationListError::*; - let testcases = &[ - (webpki::Error::InvalidCrlSignatureForPublicKey, BadSignature), - ( - webpki::Error::UnsupportedCrlSignatureAlgorithm, - BadSignature, - ), - ( - webpki::Error::UnsupportedCrlSignatureAlgorithmForPublicKey, - BadSignature, - ), - (webpki::Error::InvalidCrlNumber, InvalidCrlNumber), - ( - webpki::Error::InvalidSerialNumber, - InvalidRevokedCertSerialNumber, - ), - (webpki::Error::IssuerNotCrlSigner, IssuerInvalidForCrl), - (webpki::Error::MalformedExtensions, ParseError), - (webpki::Error::BadDer, ParseError), - (webpki::Error::BadDerTime, ParseError), - ( - webpki::Error::UnsupportedCriticalExtension, - UnsupportedCriticalExtension, - ), - (webpki::Error::UnsupportedCrlVersion, UnsupportedCrlVersion), - (webpki::Error::UnsupportedDeltaCrl, UnsupportedDeltaCrl), - ( - webpki::Error::UnsupportedIndirectCrl, - UnsupportedIndirectCrl, - ), - ( - webpki::Error::UnsupportedRevocationReason, - UnsupportedRevocationReason, - ), - ]; - for t in testcases { - assert_eq!(crl_error(t.0), t.1); - } - - assert!(matches!( - crl_error(webpki::Error::NameConstraintViolation), - Other(_) - )); - } #[test] fn certificate_debug() { From 740def5d4678c3de2026a0381b885642dee0a2b6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 23 Oct 2023 11:18:42 -0400 Subject: [PATCH 0306/1145] webpki: ClientCertVerifierBuilderError -> VerifierBuilderError This commit renames the existing `ClientCertVerifierBuilderError` to be called `VerifierBuilderError`. The top-level rustdoc comment is also updated to better reflect the usage of the type. --- rustls/src/lib.rs | 2 +- rustls/src/webpki/client_verifier.rs | 36 +++++++++++----------------- rustls/src/webpki/mod.rs | 4 +--- 3 files changed, 16 insertions(+), 26 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index e15d882d6b..83290c3171 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -482,7 +482,7 @@ pub mod server { pub use crate::verify::NoClientAuth; pub use crate::webpki::WebPkiClientVerifier; - pub use crate::webpki::{ClientCertVerifierBuilder, ClientCertVerifierBuilderError}; + pub use crate::webpki::{ClientCertVerifierBuilder, VerifierBuilderError}; pub use builder::WantsServerCert; pub use handy::ResolvesServerCertUsingSni; pub use handy::{NoServerSessionStorage, ServerSessionMemoryCache}; diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 5645349ac0..114464d59a 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -130,9 +130,9 @@ impl ClientCertVerifierBuilder { /// 2. DER encoded CRLs have been provided that can not be parsed successfully. /// 3. No signature verification algorithms were set and the `ring` feature is not enabled. #[cfg_attr(not(feature = "ring"), allow(unused_mut))] - pub fn build(mut self) -> Result, ClientCertVerifierBuilderError> { + pub fn build(mut self) -> Result, VerifierBuilderError> { if self.roots.is_empty() { - return Err(ClientCertVerifierBuilderError::NoRootAnchors); + return Err(VerifierBuilderError::NoRootAnchors); } #[cfg(feature = "ring")] @@ -142,7 +142,7 @@ impl ClientCertVerifierBuilder { let supported_algs = self .supported_algs - .ok_or(ClientCertVerifierBuilderError::NoSupportedAlgorithms)?; + .ok_or(VerifierBuilderError::NoSupportedAlgorithms)?; Ok(Arc::new(WebPkiClientVerifier::new( self.roots, @@ -162,12 +162,10 @@ impl ClientCertVerifierBuilder { } } -/// One or more root trust anchors must be provided to create a [ClientCertVerifierBuilder]. -/// If you wish to disable client authentication, then use [WebPkiClientVerifier::no_client_auth] -/// instead of constructing a builder. +/// An error that can occur when building a certificate verifier. #[derive(Debug, Clone)] #[non_exhaustive] -pub enum ClientCertVerifierBuilderError { +pub enum VerifierBuilderError { /// No root trust anchors were provided. NoRootAnchors, /// A provided CRL could not be parsed. @@ -179,13 +177,13 @@ pub enum ClientCertVerifierBuilderError { NoSupportedAlgorithms, } -impl From for ClientCertVerifierBuilderError { +impl From for VerifierBuilderError { fn from(value: CertRevocationListError) -> Self { Self::InvalidCrl(value) } } -impl fmt::Display for ClientCertVerifierBuilderError { +impl fmt::Display for VerifierBuilderError { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { match self { Self::NoRootAnchors => write!(f, "no root trust anchors were provided"), @@ -197,7 +195,7 @@ impl fmt::Display for ClientCertVerifierBuilderError { } } -impl StdError for ClientCertVerifierBuilderError {} +impl StdError for VerifierBuilderError {} /// A client certificate verifier that uses the `webpki` crate[^1] to perform client certificate /// validation. It must be created via the [WebPkiClientVerifier::builder()] function. @@ -411,7 +409,7 @@ pub(crate) enum AnonymousClientPolicy { #[cfg(all(test, feature = "ring"))] mod tests { use super::WebPkiClientVerifier; - use crate::server::ClientCertVerifierBuilderError; + use crate::server::VerifierBuilderError; use crate::RootCertStore; use pki_types::{CertificateDer, CertificateRevocationListDer}; @@ -507,10 +505,7 @@ mod tests { let result = WebPkiClientVerifier::builder(test_roots()) .with_crls(vec![CertificateRevocationListDer::from(vec![0xFF])]) .build(); - assert!(matches!( - result, - Err(ClientCertVerifierBuilderError::InvalidCrl(_)) - )); + assert!(matches!(result, Err(VerifierBuilderError::InvalidCrl(_)))); } #[test] @@ -580,18 +575,15 @@ mod tests { fn test_builder_no_roots() { // Trying to create a client verifier builder with no trust anchors should fail at build time let result = WebPkiClientVerifier::builder(RootCertStore::empty().into()).build(); - assert!(matches!( - result, - Err(ClientCertVerifierBuilderError::NoRootAnchors) - )); + assert!(matches!(result, Err(VerifierBuilderError::NoRootAnchors))); } #[test] fn smoke() { let all = vec![ - ClientCertVerifierBuilderError::NoRootAnchors, - ClientCertVerifierBuilderError::InvalidCrl(crate::CertRevocationListError::ParseError), - ClientCertVerifierBuilderError::NoSupportedAlgorithms, + VerifierBuilderError::NoRootAnchors, + VerifierBuilderError::InvalidCrl(crate::CertRevocationListError::ParseError), + VerifierBuilderError::NoSupportedAlgorithms, ]; for err in all { diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 0535c863f4..0fce91c11a 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -8,9 +8,7 @@ mod verify; pub use anchors::RootCertStore; -pub use client_verifier::{ - ClientCertVerifierBuilder, ClientCertVerifierBuilderError, WebPkiClientVerifier, -}; +pub use client_verifier::{ClientCertVerifierBuilder, VerifierBuilderError, WebPkiClientVerifier}; pub use verify::WebPkiSupportedAlgorithms; From 668844c413d84c6dfaf323ac6ca48ab0086b9803 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 23 Oct 2023 11:21:16 -0400 Subject: [PATCH 0307/1145] webpki: lift VerifierBuilderError to mod.rs This commit moves the `VerifierBuilderError` from `client_verifier.rs` to `mod.rs` where it can be shared between both the client and server verifiers in the future. --- rustls/src/webpki/client_verifier.rs | 39 +--------------------------- rustls/src/webpki/mod.rs | 39 +++++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 39 deletions(-) diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 114464d59a..c938aa8548 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -1,14 +1,12 @@ use alloc::sync::Arc; use alloc::vec::Vec; -use core::fmt; -use std::error::Error as StdError; use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; use webpki::{ BorrowedCertRevocationList, OwnedCertRevocationList, RevocationCheckDepth, UnknownStatusPolicy, }; -use super::{crl_error, pki_error}; +use super::{crl_error, pki_error, VerifierBuilderError}; use crate::verify::{ ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid, NoClientAuth, @@ -162,41 +160,6 @@ impl ClientCertVerifierBuilder { } } -/// An error that can occur when building a certificate verifier. -#[derive(Debug, Clone)] -#[non_exhaustive] -pub enum VerifierBuilderError { - /// No root trust anchors were provided. - NoRootAnchors, - /// A provided CRL could not be parsed. - InvalidCrl(CertRevocationListError), - /// No supported signature verification algorithms were provided. - /// - /// Call `with_signature_verification_algorithms` on the builder, or compile - /// with the `ring` feature. - NoSupportedAlgorithms, -} - -impl From for VerifierBuilderError { - fn from(value: CertRevocationListError) -> Self { - Self::InvalidCrl(value) - } -} - -impl fmt::Display for VerifierBuilderError { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - match self { - Self::NoRootAnchors => write!(f, "no root trust anchors were provided"), - Self::InvalidCrl(e) => write!(f, "provided CRL could not be parsed: {:?}", e), - Self::NoSupportedAlgorithms => { - write!(f, "no signature verification algorithms were provided") - } - } - } -} - -impl StdError for VerifierBuilderError {} - /// A client certificate verifier that uses the `webpki` crate[^1] to perform client certificate /// validation. It must be created via the [WebPkiClientVerifier::builder()] function. /// diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 0fce91c11a..7eb5957dc7 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -1,4 +1,6 @@ use alloc::sync::Arc; +use core::fmt; +use std::error::Error as StdError; use crate::error::{CertRevocationListError, CertificateError, Error}; @@ -8,7 +10,7 @@ mod verify; pub use anchors::RootCertStore; -pub use client_verifier::{ClientCertVerifierBuilder, VerifierBuilderError, WebPkiClientVerifier}; +pub use client_verifier::{ClientCertVerifierBuilder, WebPkiClientVerifier}; pub use verify::WebPkiSupportedAlgorithms; @@ -19,6 +21,41 @@ pub use verify::{ WebPkiServerVerifier, }; +/// An error that can occur when building a certificate verifier. +#[derive(Debug, Clone)] +#[non_exhaustive] +pub enum VerifierBuilderError { + /// No root trust anchors were provided. + NoRootAnchors, + /// A provided CRL could not be parsed. + InvalidCrl(CertRevocationListError), + /// No supported signature verification algorithms were provided. + /// + /// Call `with_signature_verification_algorithms` on the builder, or compile + /// with the `ring` feature. + NoSupportedAlgorithms, +} + +impl From for VerifierBuilderError { + fn from(value: CertRevocationListError) -> Self { + Self::InvalidCrl(value) + } +} + +impl fmt::Display for VerifierBuilderError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + Self::NoRootAnchors => write!(f, "no root trust anchors were provided"), + Self::InvalidCrl(e) => write!(f, "provided CRL could not be parsed: {:?}", e), + Self::NoSupportedAlgorithms => { + write!(f, "no signature verification algorithms were provided") + } + } + } +} + +impl StdError for VerifierBuilderError {} + fn pki_error(error: webpki::Error) -> Error { use webpki::Error::*; match error { From 263ab0776e6508fcb45f324d5070f08b907b7cf7 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 23 Oct 2023 11:24:06 -0400 Subject: [PATCH 0308/1145] webpki: lift out helper for borrowing owned CRLs This commit lifts out a private `borrow_crls` fn that can be used to convert a `&Vec` to a `Vec<&dyn webpki::CertRevocationList>`. Presently there is only one call-site, but in future commits we will add a second and it's helpful to not have to duplicate the code + clippy allow. --- rustls/src/webpki/client_verifier.rs | 10 ++-------- rustls/src/webpki/mod.rs | 10 ++++++++++ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index c938aa8548..1ffa40fd73 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -6,7 +6,7 @@ use webpki::{ BorrowedCertRevocationList, OwnedCertRevocationList, RevocationCheckDepth, UnknownStatusPolicy, }; -use super::{crl_error, pki_error, VerifierBuilderError}; +use super::{borrow_crls, crl_error, pki_error, VerifierBuilderError}; use crate::verify::{ ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid, NoClientAuth, @@ -301,13 +301,7 @@ impl ClientCertVerifier for WebPkiClientVerifier { now: UnixTime, ) -> Result { let cert = ParsedCertificate::try_from(end_entity)?; - - #[allow(trivial_casts)] // Cast to &dyn trait is required. - let crls = self - .crls - .iter() - .map(|crl| crl as &dyn webpki::CertRevocationList) - .collect::>(); + let crls = borrow_crls(&self.crls); let revocation = if crls.is_empty() { None diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 7eb5957dc7..6e1cf9f755 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -1,4 +1,5 @@ use alloc::sync::Arc; +use alloc::vec::Vec; use core::fmt; use std::error::Error as StdError; @@ -102,6 +103,15 @@ fn crl_error(e: webpki::Error) -> CertRevocationListError { } } +fn borrow_crls( + crls: &Vec, +) -> Vec<&dyn webpki::CertRevocationList> { + #[allow(trivial_casts)] // Cast to &dyn trait is required. + crls.iter() + .map(|crl| crl as &dyn webpki::CertRevocationList) + .collect::>() +} + mod tests { #[test] fn pki_crl_errors() { From 10e6e60a31818eabac4ccff4d666c67fdfea7d4a Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 23 Oct 2023 11:48:13 -0400 Subject: [PATCH 0309/1145] webpki: move WebPkiServerVerifier to server_verifier.rs This commit moves the existing `WebPkiServerVerifier` type out of `verify.rs` and into `server_verifier.rs`. This matches the new `client_verifier.rs` module introduced in a previous commit and paves the way for having a single module location for both the verifier type and a builder for making it. --- rustls/src/webpki/mod.rs | 3 +- rustls/src/webpki/server_verifier.rs | 131 +++++++++++++++++++++++++++ rustls/src/webpki/verify.rs | 124 +------------------------ 3 files changed, 135 insertions(+), 123 deletions(-) create mode 100644 rustls/src/webpki/server_verifier.rs diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 6e1cf9f755..dda6f3233c 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -7,11 +7,13 @@ use crate::error::{CertRevocationListError, CertificateError, Error}; mod anchors; mod client_verifier; +mod server_verifier; mod verify; pub use anchors::RootCertStore; pub use client_verifier::{ClientCertVerifierBuilder, WebPkiClientVerifier}; +pub use server_verifier::WebPkiServerVerifier; pub use verify::WebPkiSupportedAlgorithms; @@ -19,7 +21,6 @@ pub use verify::WebPkiSupportedAlgorithms; #[allow(unreachable_pub)] pub use verify::{ verify_server_cert_signed_by_trust_anchor, verify_server_name, ParsedCertificate, - WebPkiServerVerifier, }; /// An error that can occur when building a certificate verifier. diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs new file mode 100644 index 0000000000..2835f001b4 --- /dev/null +++ b/rustls/src/webpki/server_verifier.rs @@ -0,0 +1,131 @@ +#[cfg(feature = "logging")] +use crate::log::trace; +use alloc::sync::Arc; +use alloc::vec::Vec; + +use pki_types::{CertificateDer, UnixTime}; + +use crate::verify::{ + DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, +}; +use crate::webpki::verify::{ + verify_signed_struct, verify_tls13, ParsedCertificate, SUPPORTED_SIG_ALGS, +}; +use crate::webpki::{verify_server_cert_signed_by_trust_anchor, verify_server_name}; +use crate::{Error, RootCertStore, ServerName, SignatureScheme, WebPkiSupportedAlgorithms}; + +/// Default `ServerCertVerifier`, see the trait impl for more information. +#[allow(unreachable_pub)] +pub struct WebPkiServerVerifier { + roots: Arc, + supported: WebPkiSupportedAlgorithms, +} + +#[allow(unreachable_pub)] +impl WebPkiServerVerifier { + /// Constructs a new `WebPkiServerVerifier`. + /// + /// `roots` is the set of trust anchors to trust for issuing server certs. + #[cfg(feature = "ring")] + pub fn new(roots: impl Into>) -> Self { + Self::new_with_algorithms(roots, SUPPORTED_SIG_ALGS) + } + + /// Constructs a new `WebPkiServerVerifier`. + /// + /// `roots` is the set of trust anchors to trust for issuing server certs. + /// `supported` is the set of supported algorithms that will be used for + /// certificate verification and TLS handshake signature verification. + pub fn new_with_algorithms( + roots: impl Into>, + supported: WebPkiSupportedAlgorithms, + ) -> Self { + Self { + roots: roots.into(), + supported, + } + } + + /// A full implementation of `ServerCertVerifier::verify_tls12_signature` or + /// `ClientCertVerifier::verify_tls12_signature`. + #[cfg(feature = "ring")] + pub fn default_verify_tls12_signature( + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + verify_signed_struct(message, cert, dss, &SUPPORTED_SIG_ALGS) + } + + /// A full implementation of `ServerCertVerifier::verify_tls13_signature` or + /// `ClientCertVerifier::verify_tls13_signature`. + #[cfg(feature = "ring")] + pub fn default_verify_tls13_signature( + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + verify_tls13(message, cert, dss, &SUPPORTED_SIG_ALGS) + } + + /// A full implementation of `ServerCertVerifier::supported_verify_schemes()` or + /// `ClientCertVerifier::supported_verify_schemes()`. + #[cfg(feature = "ring")] + pub fn default_supported_verify_schemes() -> Vec { + SUPPORTED_SIG_ALGS.supported_schemes() + } +} + +impl ServerCertVerifier for WebPkiServerVerifier { + /// Will verify the certificate is valid in the following ways: + /// - Signed by a trusted `RootCertStore` CA + /// - Not Expired + /// - Valid for DNS entry + fn verify_server_cert( + &self, + end_entity: &CertificateDer<'_>, + intermediates: &[CertificateDer<'_>], + server_name: &ServerName, + ocsp_response: &[u8], + now: UnixTime, + ) -> Result { + let cert = ParsedCertificate::try_from(end_entity)?; + + verify_server_cert_signed_by_trust_anchor( + &cert, + &self.roots, + intermediates, + now, + self.supported.all, + )?; + + if !ocsp_response.is_empty() { + trace!("Unvalidated OCSP response: {:?}", ocsp_response.to_vec()); + } + + verify_server_name(&cert, server_name)?; + Ok(ServerCertVerified::assertion()) + } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + verify_signed_struct(message, cert, dss, &self.supported) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + verify_tls13(message, cert, dss, &self.supported) + } + + fn supported_verify_schemes(&self) -> Vec { + self.supported.supported_schemes() + } +} diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index f51a76da13..41967e921a 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -1,4 +1,3 @@ -use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; @@ -11,11 +10,8 @@ use super::pki_error; use crate::client::ServerName; use crate::enums::SignatureScheme; use crate::error::{CertificateError, Error, PeerMisbehaved}; -#[cfg(feature = "logging")] -use crate::log::trace; -use crate::verify::{ - DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, -}; + +use crate::verify::{DigitallySignedStruct, HandshakeSignatureValid}; /// Verify that the end-entity certificate `end_entity` is a valid server cert /// and chains to at least one of the trust anchors in the `roots` [RootCertStore]. @@ -71,122 +67,6 @@ pub fn verify_server_name(cert: &ParsedCertificate, server_name: &ServerName) -> Ok(()) } -/// Default `ServerCertVerifier`, see the trait impl for more information. -#[allow(unreachable_pub)] -pub struct WebPkiServerVerifier { - roots: Arc, - supported: WebPkiSupportedAlgorithms, -} - -#[allow(unreachable_pub)] -impl WebPkiServerVerifier { - /// Constructs a new `WebPkiServerVerifier`. - /// - /// `roots` is the set of trust anchors to trust for issuing server certs. - #[cfg(feature = "ring")] - pub fn new(roots: impl Into>) -> Self { - Self::new_with_algorithms(roots, SUPPORTED_SIG_ALGS) - } - - /// Constructs a new `WebPkiServerVerifier`. - /// - /// `roots` is the set of trust anchors to trust for issuing server certs. - /// `supported` is the set of supported algorithms that will be used for - /// certificate verification and TLS handshake signature verification. - pub fn new_with_algorithms( - roots: impl Into>, - supported: WebPkiSupportedAlgorithms, - ) -> Self { - Self { - roots: roots.into(), - supported, - } - } - - /// A full implementation of `ServerCertVerifier::verify_tls12_signature` or - /// `ClientCertVerifier::verify_tls12_signature`. - #[cfg(feature = "ring")] - pub fn default_verify_tls12_signature( - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - verify_signed_struct(message, cert, dss, &SUPPORTED_SIG_ALGS) - } - - /// A full implementation of `ServerCertVerifier::verify_tls13_signature` or - /// `ClientCertVerifier::verify_tls13_signature`. - #[cfg(feature = "ring")] - pub fn default_verify_tls13_signature( - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - verify_tls13(message, cert, dss, &SUPPORTED_SIG_ALGS) - } - - /// A full implementation of `ServerCertVerifier::supported_verify_schemes()` or - /// `ClientCertVerifier::supported_verify_schemes()`. - #[cfg(feature = "ring")] - pub fn default_supported_verify_schemes() -> Vec { - SUPPORTED_SIG_ALGS.supported_schemes() - } -} - -impl ServerCertVerifier for WebPkiServerVerifier { - /// Will verify the certificate is valid in the following ways: - /// - Signed by a trusted `RootCertStore` CA - /// - Not Expired - /// - Valid for DNS entry - fn verify_server_cert( - &self, - end_entity: &CertificateDer<'_>, - intermediates: &[CertificateDer<'_>], - server_name: &ServerName, - ocsp_response: &[u8], - now: UnixTime, - ) -> Result { - let cert = ParsedCertificate::try_from(end_entity)?; - - verify_server_cert_signed_by_trust_anchor( - &cert, - &self.roots, - intermediates, - now, - self.supported.all, - )?; - - if !ocsp_response.is_empty() { - trace!("Unvalidated OCSP response: {:?}", ocsp_response.to_vec()); - } - - verify_server_name(&cert, server_name)?; - Ok(ServerCertVerified::assertion()) - } - - fn verify_tls12_signature( - &self, - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - verify_signed_struct(message, cert, dss, &self.supported) - } - - fn verify_tls13_signature( - &self, - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - verify_tls13(message, cert, dss, &self.supported) - } - - fn supported_verify_schemes(&self) -> Vec { - self.supported.supported_schemes() - } -} - /// Describes which `webpki` signature verification algorithms are supported and /// how they map to TLS `SignatureScheme`s. #[derive(Clone, Copy)] From 056ba787486f9a321ca84a558156786a70e7c3ab Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 23 Oct 2023 12:18:36 -0400 Subject: [PATCH 0310/1145] webpki: builder for server cert verifier, CRL support This commit reworks the `WebPkiServerCertVerifier` type to use a builder model similar to the `WebPkiClientCertVerifier` type. The new `ServerCertVerifierBuilder` additionally exposes support for configuring the depth of revocation status checking, and how to handle unknown revocation status. --- provider-example/src/lib.rs | 8 +- rustls/src/client/builder.rs | 4 +- rustls/src/lib.rs | 3 +- rustls/src/verifybench.rs | 2 +- rustls/src/webpki/mod.rs | 2 +- rustls/src/webpki/server_verifier.rs | 325 +++++++++++++++++++++++++-- rustls/src/webpki/verify.rs | 59 ++++- 7 files changed, 370 insertions(+), 33 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 5643d76687..cadc6b01d4 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -61,8 +61,8 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherS pub fn certificate_verifier( roots: rustls::RootCertStore, ) -> Arc { - Arc::new(rustls::client::WebPkiServerVerifier::new_with_algorithms( - roots, - verify::ALGORITHMS, - )) + rustls::client::WebPkiServerVerifier::builder(roots.into()) + .with_signature_verification_algorithms(verify::ALGORITHMS) + .build() + .unwrap() } diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 9e3499f9aa..98f15a5026 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -31,7 +31,9 @@ impl ConfigBuilder { kx_groups: self.state.kx_groups, provider: self.state.provider, versions: self.state.versions, - verifier: Arc::new(webpki::WebPkiServerVerifier::new(root_store)), + verifier: Arc::new(webpki::WebPkiServerVerifier::new_without_revocation( + root_store, + )), }, side: PhantomData, } diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 83290c3171..d71df07867 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -460,7 +460,8 @@ pub mod client { } pub use crate::webpki::{ - verify_server_cert_signed_by_trust_anchor, verify_server_name, WebPkiServerVerifier, + verify_server_cert_signed_by_trust_anchor, verify_server_name, ServerCertVerifierBuilder, + VerifierBuilderError, WebPkiServerVerifier, }; pub use crate::msgs::persist::Tls12ClientSessionValue; diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index d83edb3152..61b3383e28 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -208,7 +208,7 @@ impl Context { } fn bench(&self, count: usize) { - let verifier = WebPkiServerVerifier::new(self.roots.clone()); + let verifier = WebPkiServerVerifier::new_without_revocation(self.roots.clone()); const OCSP_RESPONSE: &[u8] = &[]; let mut times = Vec::new(); diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index dda6f3233c..589e4c074f 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -13,7 +13,7 @@ mod verify; pub use anchors::RootCertStore; pub use client_verifier::{ClientCertVerifierBuilder, WebPkiClientVerifier}; -pub use server_verifier::WebPkiServerVerifier; +pub use server_verifier::{ServerCertVerifierBuilder, WebPkiServerVerifier}; pub use verify::WebPkiSupportedAlgorithms; diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 2835f001b4..d57578cc34 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -3,45 +3,201 @@ use crate::log::trace; use alloc::sync::Arc; use alloc::vec::Vec; -use pki_types::{CertificateDer, UnixTime}; +use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; +use webpki::{ + BorrowedCertRevocationList, OwnedCertRevocationList, RevocationCheckDepth, UnknownStatusPolicy, +}; use crate::verify::{ DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, }; +#[cfg(feature = "ring")] +use crate::webpki::verify::SUPPORTED_SIG_ALGS; use crate::webpki::verify::{ - verify_signed_struct, verify_tls13, ParsedCertificate, SUPPORTED_SIG_ALGS, + verify_server_cert_signed_by_trust_anchor_impl, verify_signed_struct, verify_tls13, + ParsedCertificate, +}; +use crate::webpki::{borrow_crls, crl_error, verify_server_name, VerifierBuilderError}; +use crate::{ + CertRevocationListError, Error, RootCertStore, ServerName, SignatureScheme, + WebPkiSupportedAlgorithms, }; -use crate::webpki::{verify_server_cert_signed_by_trust_anchor, verify_server_name}; -use crate::{Error, RootCertStore, ServerName, SignatureScheme, WebPkiSupportedAlgorithms}; + +/// A builder for configuring a `webpki` server certificate verifier. +/// +/// For more information, see the [`WebPkiServerVerifier`] documentation. +#[derive(Debug, Clone)] +pub struct ServerCertVerifierBuilder { + roots: Arc, + crls: Vec>, + revocation_check_depth: RevocationCheckDepth, + unknown_revocation_policy: UnknownStatusPolicy, + supported_algs: Option, +} + +impl ServerCertVerifierBuilder { + pub(crate) fn new(roots: Arc) -> Self { + Self { + roots, + crls: Vec::new(), + revocation_check_depth: RevocationCheckDepth::Chain, + unknown_revocation_policy: UnknownStatusPolicy::Deny, + supported_algs: None, + } + } + + /// Verify the revocation state of presented client certificates against the provided + /// certificate revocation lists (CRLs). Calling `with_crls` multiple times appends the + /// given CRLs to the existing collection. + pub fn with_crls( + mut self, + crls: impl IntoIterator>, + ) -> Self { + self.crls.extend(crls); + self + } + + /// Only check the end entity certificate revocation status when using CRLs. + /// + /// If CRLs are provided using [`with_crls`][Self::with_crls] only check the end entity + /// certificate's revocation status. Overrides the default behavior of checking revocation + /// status for each certificate in the verified chain built to a trust anchor + /// (excluding the trust anchor itself). + /// + /// If no CRLs are provided then this setting has no effect. Neither the end entity certificate + /// or any intermediates will have revocation status checked. + pub fn only_check_end_entity_revocation(mut self) -> Self { + self.revocation_check_depth = RevocationCheckDepth::EndEntity; + self + } + + /// Allow unknown certificate revocation status when using CRLs. + /// + /// If CRLs are provided with [`with_crls`][Self::with_crls] and it isn't possible to + /// determine the revocation status of a certificate, do not treat it as an error condition. + /// Overrides the default behavior where unknown revocation status is considered an error. + /// + /// If no CRLs are provided then this setting has no effect as revocation status checks + /// are not performed. + pub fn allow_unknown_revocation_status(mut self) -> Self { + self.unknown_revocation_policy = UnknownStatusPolicy::Allow; + self + } + + /// Sets which signature verification algorithms are enabled. + /// + /// If this is called multiple times, the last call wins. + pub fn with_signature_verification_algorithms( + mut self, + supported_algs: WebPkiSupportedAlgorithms, + ) -> Self { + self.supported_algs = Some(supported_algs); + self + } + + /// Build a server certificate verifier, allowing control over the root certificates to use as + /// trust anchors, and to control how server certificate revocation checking is performed. + /// + /// If the `ring` crate feature is supplied, and `with_signature_verification_algorithms` was not + /// called on the builder, a default set of signature verification algorithms is used. + /// + /// Once built, the provided `Arc` can be used with a Rustls + /// [crate::server::ServerConfig] to configure client certificate validation using + /// [`with_client_cert_verifier`][crate::ConfigBuilder::with_client_cert_verifier]. + /// + /// # Errors + /// This function will return a `CertVerifierBuilderError` if: + /// 1. No trust anchors have been provided. + /// 2. DER encoded CRLs have been provided that can not be parsed successfully. + /// 3. No signature verification algorithms were set and the `ring` feature is not enabled. + #[cfg_attr(not(feature = "ring"), allow(unused_mut))] + pub fn build(mut self) -> Result, VerifierBuilderError> { + if self.roots.is_empty() { + return Err(VerifierBuilderError::NoRootAnchors); + } + + #[cfg(feature = "ring")] + if self.supported_algs.is_none() { + self.supported_algs = Some(SUPPORTED_SIG_ALGS); + } + + let supported_algs = self + .supported_algs + .ok_or(VerifierBuilderError::NoSupportedAlgorithms)?; + + Ok(Arc::new(WebPkiServerVerifier::new( + self.roots, + self.crls + .into_iter() + .map(|der_crl| { + BorrowedCertRevocationList::from_der(der_crl.as_ref()) + .and_then(|crl| crl.to_owned()) + .map_err(crl_error) + }) + .collect::, CertRevocationListError>>()?, + self.revocation_check_depth, + self.unknown_revocation_policy, + supported_algs, + ))) + } +} /// Default `ServerCertVerifier`, see the trait impl for more information. #[allow(unreachable_pub)] pub struct WebPkiServerVerifier { roots: Arc, + crls: Vec, + revocation_check_depth: RevocationCheckDepth, + unknown_revocation_policy: UnknownStatusPolicy, supported: WebPkiSupportedAlgorithms, } #[allow(unreachable_pub)] impl WebPkiServerVerifier { - /// Constructs a new `WebPkiServerVerifier`. + /// Create builder to build up the `webpki` server certificate verifier configuration. + /// Server certificates will be verified using the trust anchors found in the provided `roots`. /// - /// `roots` is the set of trust anchors to trust for issuing server certs. + /// For more information, see the [`ServerCertVerifierBuilder`] documentation. + pub fn builder(roots: Arc) -> ServerCertVerifierBuilder { + ServerCertVerifierBuilder::new(roots) + } + + /// Short-cut for creating a `WebPkiServerVerifier` that does not perform certificate revocation + /// checking, avoiding the need to use a builder. #[cfg(feature = "ring")] - pub fn new(roots: impl Into>) -> Self { - Self::new_with_algorithms(roots, SUPPORTED_SIG_ALGS) + pub(crate) fn new_without_revocation(roots: impl Into>) -> Self { + Self::new( + roots, + Vec::default(), + RevocationCheckDepth::Chain, + UnknownStatusPolicy::Allow, + SUPPORTED_SIG_ALGS, + ) } /// Constructs a new `WebPkiServerVerifier`. /// - /// `roots` is the set of trust anchors to trust for issuing server certs. - /// `supported` is the set of supported algorithms that will be used for - /// certificate verification and TLS handshake signature verification. - pub fn new_with_algorithms( + /// * `roots` is the set of trust anchors to trust for issuing server certs. + /// * `crls` are a vec of owned certificate revocation lists (CRLs) to use for + /// client certificate validation. + /// * `revocation_check_depth` controls which certificates have their revocation status checked + /// when `crls` are provided. + /// * `unknown_revocation_policy` controls how certificates with an unknown revocation status + /// are handled when `crls` are provided. + /// * `supported` is the set of supported algorithms that will be used for + /// certificate verification and TLS handshake signature verification. + pub(crate) fn new( roots: impl Into>, + crls: Vec, + revocation_check_depth: RevocationCheckDepth, + unknown_revocation_policy: UnknownStatusPolicy, supported: WebPkiSupportedAlgorithms, ) -> Self { Self { roots: roots.into(), + crls, + revocation_check_depth, + unknown_revocation_policy, supported, } } @@ -78,9 +234,15 @@ impl WebPkiServerVerifier { impl ServerCertVerifier for WebPkiServerVerifier { /// Will verify the certificate is valid in the following ways: - /// - Signed by a trusted `RootCertStore` CA + /// - Signed by a trusted `RootCertStore` CA /// - Not Expired /// - Valid for DNS entry + /// - Valid revocation status (if applicable). + /// + /// Depending on the verifier's configuration revocation status checking may be performed for + /// each certificate in the chain to a root CA (excluding the root itself), or only the + /// end entity certificate. Similarly, unknown revocation status may be treated as an error + /// or allowed based on configuration. fn verify_server_cert( &self, end_entity: &CertificateDer<'_>, @@ -91,10 +253,31 @@ impl ServerCertVerifier for WebPkiServerVerifier { ) -> Result { let cert = ParsedCertificate::try_from(end_entity)?; - verify_server_cert_signed_by_trust_anchor( + let crls = borrow_crls(&self.crls); + let revocation = if crls.is_empty() { + None + } else { + // Note: unwrap here is safe because RevocationOptionsBuilder only errors when given + // empty CRLs. + let mut builder = webpki::RevocationOptionsBuilder::new(&crls) + .unwrap() + .with_depth(self.revocation_check_depth); + if matches!( + self.unknown_revocation_policy, + webpki::UnknownStatusPolicy::Allow + ) { + builder = builder.allow_unknown_status(); + } + Some(builder.build()) + }; + + // Note: we use the crate-internal `_impl` fn here in order to provide revocation + // checking information, if applicable. + verify_server_cert_signed_by_trust_anchor_impl( &cert, &self.roots, intermediates, + revocation, now, self.supported.all, )?; @@ -129,3 +312,117 @@ impl ServerCertVerifier for WebPkiServerVerifier { self.supported.supported_schemes() } } + +#[cfg(all(test, feature = "ring"))] +mod tests { + use std::sync::Arc; + + use pki_types::{CertificateDer, CertificateRevocationListDer}; + + use super::{VerifierBuilderError, WebPkiServerVerifier}; + use crate::RootCertStore; + + fn load_crls(crls_der: &[&[u8]]) -> Vec> { + crls_der + .iter() + .map(|pem_bytes| { + rustls_pemfile::crls(&mut &pem_bytes[..]) + .next() + .unwrap() + .unwrap() + }) + .collect() + } + + fn test_crls() -> Vec> { + load_crls(&[ + include_bytes!("../../../test-ca/ecdsa/client.revoked.crl.pem").as_slice(), + include_bytes!("../../../test-ca/rsa/client.revoked.crl.pem").as_slice(), + ]) + } + + fn load_roots(roots_der: &[&[u8]]) -> Arc { + let mut roots = RootCertStore::empty(); + roots_der.iter().for_each(|der| { + roots + .add(CertificateDer::from(der.to_vec())) + .unwrap() + }); + roots.into() + } + + fn test_roots() -> Arc { + load_roots(&[ + include_bytes!("../../../test-ca/ecdsa/ca.der").as_slice(), + include_bytes!("../../../test-ca/rsa/ca.der").as_slice(), + ]) + } + + #[test] + fn test_with_invalid_crls() { + // Trying to build a server verifier with invalid CRLs should error at build time. + let result = WebPkiServerVerifier::builder(test_roots()) + .with_crls(vec![CertificateRevocationListDer::from(vec![0xFF])]) + .build(); + assert!(matches!(result, Err(VerifierBuilderError::InvalidCrl(_)))); + } + + #[test] + fn test_with_crls_multiple_calls() { + // We should be able to call `with_crls` on a server verifier multiple times. + let initial_crls = test_crls(); + let extra_crls = + load_crls(&[ + include_bytes!("../../../test-ca/eddsa/client.revoked.crl.pem").as_slice(), + ]); + + let builder = WebPkiServerVerifier::builder(test_roots()) + .with_crls(initial_crls.clone()) + .with_crls(extra_crls.clone()); + + // There should be the expected number of crls. + assert_eq!(builder.crls.len(), initial_crls.len() + extra_crls.len()); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + + #[test] + fn test_builder_no_roots() { + // Trying to create a server verifier builder with no trust anchors should fail at build time + let result = WebPkiServerVerifier::builder(RootCertStore::empty().into()).build(); + assert!(matches!(result, Err(VerifierBuilderError::NoRootAnchors))); + } + + #[test] + fn test_server_verifier_ee_only() { + // We should be able to build a server cert. verifier that only checks the EE cert. + let builder = + WebPkiServerVerifier::builder(test_roots()).only_check_end_entity_revocation(); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + + #[test] + fn test_server_verifier_allow_unknown() { + // We should be able to build a server cert. verifier that allows unknown revocation + // status. + let builder = WebPkiServerVerifier::builder(test_roots()).allow_unknown_revocation_status(); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + + #[test] + fn test_server_verifier_allow_unknown_ee_only() { + // We should be able to build a server cert. verifier that allows unknown revocation + // status and only checks the EE cert. + let builder = WebPkiServerVerifier::builder(test_roots()) + .allow_unknown_revocation_status() + .only_check_end_entity_revocation(); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } +} diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 41967e921a..026184e5df 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -16,6 +16,11 @@ use crate::verify::{DigitallySignedStruct, HandshakeSignatureValid}; /// Verify that the end-entity certificate `end_entity` is a valid server cert /// and chains to at least one of the trust anchors in the `roots` [RootCertStore]. /// +/// This function is primarily useful when building a custom certificate verifier. It +/// performs **no revocation checking**. Implementors must handle this themselves, +/// along with checking that the server certificate is valid for the subject name +/// being used (see [`verify_server_name`]). +/// /// `intermediates` contains all certificates other than `end_entity` that /// were sent as part of the server's `Certificate` message. It is in the /// same order that the server sent them and may be empty. @@ -27,17 +32,14 @@ pub fn verify_server_cert_signed_by_trust_anchor( now: UnixTime, supported_algs: &[&dyn SignatureVerificationAlgorithm], ) -> Result<(), Error> { - cert.0 - .verify_for_usage( - supported_algs, - &roots.roots, - intermediates, - now, - webpki::KeyUsage::server_auth(), - None, // no CRLs - ) - .map_err(pki_error) - .map(|_| ()) + verify_server_cert_signed_by_trust_anchor_impl( + cert, + roots, + intermediates, + None, // No revocation checking supported with this API. + now, + supported_algs, + ) } /// Verify that the `end_entity` has a name or alternative name matching the `server_name` @@ -255,6 +257,41 @@ pub(crate) fn verify_tls13( .map(|_| HandshakeSignatureValid::assertion()) } +/// Verify that the end-entity certificate `end_entity` is a valid server cert +/// and chains to at least one of the trust anchors in the `roots` [RootCertStore]. +/// +/// `intermediates` contains all certificates other than `end_entity` that +/// were sent as part of the server's `Certificate` message. It is in the +/// same order that the server sent them and may be empty. +/// +/// `revocation` controls how revocation checking is performed, if at all. +/// +/// This function exists to be used by [`verify_server_cert_signed_by_trust_anchor`], +/// and differs only in providing a `Option` argument. We +/// can't include this argument in `verify_server_cert_signed_by_trust_anchor` because +/// it will leak the webpki types into Rustls' public API. +pub(crate) fn verify_server_cert_signed_by_trust_anchor_impl( + cert: &ParsedCertificate, + roots: &RootCertStore, + intermediates: &[CertificateDer<'_>], + revocation: Option, + now: UnixTime, + supported_algs: &[&dyn SignatureVerificationAlgorithm], +) -> Result<(), Error> { + let result = cert.0.verify_for_usage( + supported_algs, + &roots.roots, + intermediates, + now, + webpki::KeyUsage::server_auth(), + revocation, + ); + match result { + Ok(_) => Ok(()), + Err(e) => Err(pki_error(e)), + } +} + #[cfg(test)] mod tests { use super::*; From a3f0d06c4b74b642686fed05117e144627ce0170 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 20 Oct 2023 10:13:27 -0400 Subject: [PATCH 0311/1145] test-ca: make CRLs revoking intermediate, server EE certs Previously the test-ca `build-a-pki.sh` script would revoke each key type's client certificate to produce a `client.revoked.crl.pem` CRL. In this commit we update the script to do the same for each key type's intermediate cert (`inter.cert`) to produce a `inter.revoked.crl.pem`, as well as the server ee cert (`end.cert`) to produce a `end.revoked.crl.pem` file. This will be useful for testing the chain depth revocation controls, and the server verifier CRL support. --- test-ca/build-a-pki.sh | 70 ++++++++----- test-ca/ecdsa/ca.cert | 20 ++-- test-ca/ecdsa/ca.der | Bin 462 -> 461 bytes test-ca/ecdsa/ca.key | 8 +- test-ca/ecdsa/client.cert | 22 ++--- test-ca/ecdsa/client.chain | 34 +++---- test-ca/ecdsa/client.fullchain | 56 +++++------ test-ca/ecdsa/client.key | 8 +- test-ca/ecdsa/client.req | 10 +- test-ca/ecdsa/client.revoked.crl.pem | 10 +- test-ca/ecdsa/end.cert | 18 ++-- test-ca/ecdsa/end.chain | 34 +++---- test-ca/ecdsa/end.fullchain | 52 +++++----- test-ca/ecdsa/end.key | 6 +- test-ca/ecdsa/end.req | 10 +- test-ca/ecdsa/end.revoked.crl.pem | 8 ++ test-ca/ecdsa/inter.cert | 14 +-- test-ca/ecdsa/inter.key | 6 +- test-ca/ecdsa/inter.req | 10 +- test-ca/ecdsa/inter.revoked.crl.pem | 8 ++ test-ca/eddsa/ca.cert | 14 +-- test-ca/eddsa/ca.der | Bin 336 -> 336 bytes test-ca/eddsa/ca.key | 2 +- test-ca/eddsa/client.cert | 14 +-- test-ca/eddsa/client.chain | 26 ++--- test-ca/eddsa/client.fullchain | 40 ++++---- test-ca/eddsa/client.key | 2 +- test-ca/eddsa/client.req | 6 +- test-ca/eddsa/client.revoked.crl.pem | 10 +- test-ca/eddsa/end.cert | 14 +-- test-ca/eddsa/end.chain | 26 ++--- test-ca/eddsa/end.fullchain | 40 ++++---- test-ca/eddsa/end.key | 2 +- test-ca/eddsa/end.req | 8 +- test-ca/eddsa/end.revoked.crl.pem | 8 ++ test-ca/eddsa/inter.cert | 12 +-- test-ca/eddsa/inter.key | 2 +- test-ca/eddsa/inter.req | 6 +- test-ca/eddsa/inter.revoked.crl.pem | 7 ++ test-ca/rsa/ca.cert | 56 +++++------ test-ca/rsa/ca.der | Bin 1305 -> 1305 bytes test-ca/rsa/ca.key | 100 +++++++++---------- test-ca/rsa/client.cert | 38 +++---- test-ca/rsa/client.chain | 104 ++++++++++---------- test-ca/rsa/client.fullchain | 142 +++++++++++++-------------- test-ca/rsa/client.key | 52 +++++----- test-ca/rsa/client.req | 24 ++--- test-ca/rsa/client.revoked.crl.pem | 24 ++--- test-ca/rsa/client.rsa | 52 +++++----- test-ca/rsa/end.cert | 38 +++---- test-ca/rsa/end.chain | 104 ++++++++++---------- test-ca/rsa/end.fullchain | 142 +++++++++++++-------------- test-ca/rsa/end.key | 52 +++++----- test-ca/rsa/end.req | 24 ++--- test-ca/rsa/end.revoked.crl.pem | 15 +++ test-ca/rsa/end.rsa | 52 +++++----- test-ca/rsa/inter.cert | 48 ++++----- test-ca/rsa/inter.key | 76 +++++++------- test-ca/rsa/inter.req | 36 +++---- test-ca/rsa/inter.revoked.crl.pem | 17 ++++ 60 files changed, 960 insertions(+), 879 deletions(-) create mode 100644 test-ca/ecdsa/end.revoked.crl.pem create mode 100644 test-ca/ecdsa/inter.revoked.crl.pem create mode 100644 test-ca/eddsa/end.revoked.crl.pem create mode 100644 test-ca/eddsa/inter.revoked.crl.pem create mode 100644 test-ca/rsa/end.revoked.crl.pem create mode 100644 test-ca/rsa/inter.revoked.crl.pem diff --git a/test-ca/build-a-pki.sh b/test-ca/build-a-pki.sh index 0759bbedf4..f1970cea25 100755 --- a/test-ca/build-a-pki.sh +++ b/test-ca/build-a-pki.sh @@ -135,6 +135,44 @@ openssl req -nodes \ -batch \ -subj "/CN=ponytown client" +# Generate a CRL revoking a specific certificate, signed by the specified issuer. +# Arguments: +# 1. the key type (e.g. "rsa") +# 2. the name of the issuer (e.g. "inter") +# 3. the name of the certificate to revoke (e.g. "end") +function gen_crl { + local kt=$1 + local issuer_name=$2 + local revoked_cert_name=$3 + + # Overwrite the CA state for each revocation - this avoids an + # "already revoked" error since we're re-using serial numbers across + # key types. + echo -n '' > index.txt + echo '1000' > crlnumber + + # Revoke the certificate in the openssl CA index. This produces a CRL but + # doesn't include the revoked certificate in the CRL... + openssl ca \ + -config ./crl-openssl.cnf \ + -keyfile "$kt/$issuer_name.key" \ + -cert "$kt/$issuer_name.cert" \ + -gencrl \ + -crldays 7 \ + -revoke "$kt/$revoked_cert_name.cert" \ + -crl_reason keyCompromise \ + -out "$kt/$revoked_cert_name.revoked.crl.pem" + + # Run -gencrl again to actually include the revoked certificate in the CRL. + openssl ca \ + -config ./crl-openssl.cnf \ + -keyfile "$kt/$issuer_name.key" \ + -cert "$kt/$issuer_name.cert" \ + -gencrl \ + -crldays 7 \ + -out "$kt/$revoked_cert_name.revoked.crl.pem" +} + for kt in rsa ecdsa eddsa ; do openssl x509 -req \ -in $kt/inter.req \ @@ -166,32 +204,12 @@ for kt in rsa ecdsa eddsa ; do -set_serial 789 \ -extensions v3_client -extfile openssl.cnf - # Overwrite the CA state for each revocation - this avoids an - # "already revoked" error since we're re-using serial numbers across - # key types. - echo -n '' > index.txt - echo '1000' > crlnumber - - # Revoke the certificate in the openssl CA index. This produces a CRL but - # doesn't include the revoked certificate... - openssl ca \ - -config ./crl-openssl.cnf \ - -keyfile $kt/inter.key \ - -cert $kt/inter.cert \ - -gencrl \ - -crldays 7 \ - -revoke $kt/client.cert \ - -crl_reason keyCompromise \ - -out $kt/client.revoked.crl.pem - - # Run -gencrl again to actually include the revoked certificate in the CRL. - openssl ca \ - -config ./crl-openssl.cnf \ - -keyfile $kt/inter.key \ - -cert $kt/inter.cert \ - -gencrl \ - -crldays 7 \ - -out $kt/client.revoked.crl.pem + # Generate a CRL revoking the client certificate + gen_crl $kt inter client + # Generate a CRL revoking the server certificate + gen_crl $kt inter end + # Generate a CRL revoking the intermediate certificate + gen_crl $kt ca inter cat $kt/inter.cert $kt/ca.cert > $kt/end.chain cat $kt/end.cert $kt/inter.cert $kt/ca.cert > $kt/end.fullchain diff --git a/test-ca/ecdsa/ca.cert b/test-ca/ecdsa/ca.cert index 7e4b53310e..0e0017b8c8 100644 --- a/test-ca/ecdsa/ca.cert +++ b/test-ca/ecdsa/ca.cert @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIByjCCAVCgAwIBAgIUKM/riKovAp5g/M6wfqzo0i+T0rIwCgYIKoZIzj0EAwIw -HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcN -MzMwNzAyMTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABL7ijhL2hRVDpr8Wlr4PU6sLLmN4PX4GojTLn1uS -ZPRqssaRvDWrTC9jOdQ/UnYvANMFpN02KTGioOcfc6VTiwkomwDnpw70l/iLezFC -jtEOSWb+79UUgWiXUvrUq+3vHKNTMFEwHQYDVR0OBBYEFMPKd+by6FQfl20s1Y6q -WXvAZ7aeMB8GA1UdIwQYMBaAFMPKd+by6FQfl20s1Y6qWXvAZ7aeMA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwVIEVsSeQAcxOh4AoC+beQSl3nLfl -jX7N3gMTP0uth6iyR4AgFP4XM6xgCkIcjYPOAjEAvJRyTXtXYSLM+2/HOq+Ti/BW -1xqzPuxufx+Mz98Q9Ies5CBQUOxoHJmYvbXP+1M0 +MIIByTCCAVCgAwIBAgIUeZqAHHuoavuELrRjQI5C2u1Yfn8wCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcN +MzMxMDIwMTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMY2qaD6fLoR3X7iNVzc1fXiP45ndjhNU+h9ZjDE +tFrJD+NtaiC2L39leMksfGG9LTzeuZR3l6KaXKcXPjEKsohotv6SYtrtw1IZT4oI +exUVXVUuo0Tq8JMoeYmSBY0egaNTMFEwHQYDVR0OBBYEFKJ+6/Eduk7UEWurmHlh ++MMtFCS5MB8GA1UdIwQYMBaAFKJ+6/Eduk7UEWurmHlh+MMtFCS5MA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDZwAwZAIwSqLm28kaRhlRL+C6rC7jIIRTJ0lm +pq+9PMU50cHbnL1NDgCy86Q8/EogQHYS1PXDAjAQxSSTztVAMqCB9CxcXmAM9wRW +T4+ZiLscgZuFGfHWB69pWloR39vLw72w3RbDRpE= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/ca.der b/test-ca/ecdsa/ca.der index 530ef3fe26c74b03800765dd5683a8adc94f128d..100fd6029f96efd3da8aa1467c7c09ab47eea20e 100644 GIT binary patch delta 351 zcmX@de3n_+po#G$5C<$^W@2Pw5~-ZkAXB{}>vxOZmSl%Mr(16$>gp#d8%P-%7#SOy znHU%tM~U+q8w0rpQ0_#1`H4N^^~cOsF8EcmOYm;pBh#2WSHC{8?@KSU@C|-Zn`Uri zOVmmJ$GKSw+w|*GD^BXvB<|IjyEv*v zMPozt7Q4LqFj=Fra}sN>T;t+kgFpjWHs(-SJ{B<+kwtZ{Kg#a%yCRsqdPZg9kHf0E zA}Tu#d2va9@}*4^l?|i}%neKp zO-&3;%%a43jg5g^BPe&GzWl@<@%nv_`h>oDa_QrmKDQlP#~<2bJkFTxMNz*G$uJ(Sqml#Y=;`IW=Z8JYUZDW%`fqYD1^K zi+rAG|K48}Y0Q`&^y|v%x9?>Z2O9($$g(kq%JQ*@v4|W#RsQVLixBzgxjI+-Rz+5; z9!TFd&p;j|ugoH0Al87P0;FKFJEL4?27^H=lR-$M=tlJkjA#7X8#K6|-E-6|pR@gG zZ{68@%)<8GYui_Ba&J%&`6q6?CV|UIrnmVVlOe;NDMh~3;fYFTe&-*zT0gn_L)dkx i&313{>g9XR-xv7OzUGNSK){;}nVB>8Zax1y*aQH$B$d4Y diff --git a/test-ca/ecdsa/ca.key b/test-ca/ecdsa/ca.key index f620c3e2cc..72e906ed88 100644 --- a/test-ca/ecdsa/ca.key +++ b/test-ca/ecdsa/ca.key @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCsjZYhksLxap94U8my -D1pQN7DbpidGpEoEG50dJKFoURmOxmtlyEAv3p3Mr3Aw/2ahZANiAAS+4o4S9oUV -Q6a/Fpa+D1OrCy5jeD1+BqI0y59bkmT0arLGkbw1q0wvYznUP1J2LwDTBaTdNikx -oqDnH3OlU4sJKJsA56cO9Jf4i3sxQo7RDklm/u/VFIFol1L61Kvt7xw= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAsNC5rD/81fa4m2A8F +IV7c/VguVzj/bUyKBvLglR4+88TqKQICIxGRe2KXe/y6yUihZANiAATGNqmg+ny6 +Ed1+4jVc3NX14j+OZ3Y4TVPofWYwxLRayQ/jbWogti9/ZXjJLHxhvS083rmUd5ei +mlynFz4xCrKIaLb+kmLa7cNSGU+KCHsVFV1VLqNE6vCTKHmJkgWNHoE= -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa/client.cert b/test-ca/ecdsa/client.cert index 3a8bcef9c5..88587d71b6 100644 --- a/test-ca/ecdsa/client.cert +++ b/test-ca/ecdsa/client.cert @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- -MIIB8TCCAZegAwIBAgICAxUwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv -d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMwNzA1MTU0MDQ2WhcN -MjgxMjI1MTU0MDQ2WjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAASCd1LWnaWRlRPYTdovjuxJK6qJSkyI3oLoJTsSUPiw -Et5js19D68vOAIXpEOMb7Nk454lmlrp3YD5zDXez7NevNOIdsI9BRRiwDOQmGtlw -25wtXDS7AwSLgdka4H5lzJ+jgZswgZgwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMC -BsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFBsFIEPKbxNv1Rca -9wzShkfBD+n+MEQGA1UdIwQ9MDuAFEQqdSwAeFQDDYhbCo8g6wMn27CpoSCkHjAc -MRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQYIBezAKBggqhkjOPQQDAgNIADBF -AiAy9QJOaI7DEC6ZjoLn2j1I1q4VUQAQIlUFfbu1hG2bigIhAIt5Q/jDa+AAYSFk -5dtMOXJtWiCGZc20OxhZsHXmGpAs +MIIB8DCCAZegAwIBAgICAxUwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv +d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMxMDIzMTY0MDA0WhcN +MjkwNDE0MTY0MDA0WjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQzbr2s4WWBj4rFDG9/rj3gup3PC17Ry1WrfXHExFuV +40cl1ARXsmJR7xvNvcaIku+7m+XF6W/n6+FFD8WgopXmtsgGeMQ07+2Yt/frseoJ +H5M0nBi6MtkInG09m+bU6PWjgZswgZgwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMC +BsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFHYASKoe/sI/zKRl +1XT2I4XxkTsCMEQGA1UdIwQ9MDuAFPRCQtkBR3u1PyFVNG3JJ1li/uGooSCkHjAc +MRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQYIBezAKBggqhkjOPQQDAgNHADBE +AiB4+SQRvDg+qoXlPjbvaqi2vqmaMp7EuVvPRkY8RMR/yAIgKEcYTDj0AYrpdVMo +af9Zq2pYXIyiAeT65QC+GU185ew= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/client.chain b/test-ca/ecdsa/client.chain index 11a406b0cd..4935910e1f 100644 --- a/test-ca/ecdsa/client.chain +++ b/test-ca/ecdsa/client.chain @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- MIIB2DCCAV6gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 -biBFQ0RTQSBDQTAeFw0yMzA3MDUxNTQwNDZaFw0zMzA3MDIxNTQwNDZaMC4xLDAq +biBFQ0RTQSBDQTAeFw0yMzEwMjMxNjQwMDRaFw0zMzEwMjAxNjQwMDRaMC4xLDAq BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAEI9uWbLTyPyP7rGipF8gmjTNjdZrOuoFm0Dwj -IhcPOZrlWrBB7EaTf5jv/0EC3aMx7nUsf25lYYDyEKEafjzlSaN/MH0wHQYDVR0O -BBYEFEQqdSwAeFQDDYhbCo8g6wMn27CpMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +KoZIzj0CAQYIKoZIzj0DAQcDQgAEDkhysek+1diUOZ8W/92dm1dRgTrREwqEYziN +9qq6gTTCwF1K+XVzgJTNJc/SPFQx4ylMlLlst/i6idayzsBLPqN/MH0wHQYDVR0O +BBYEFPRCQtkBR3u1PyFVNG3JJ1li/uGoMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAW -gBTDynfm8uhUH5dtLNWOqll7wGe2njAKBggqhkjOPQQDAgNoADBlAjEAtd6eQF4/ -vb1uZZDLP7Goi6Q0pZ5abGUMibdqc8inp5o8G8beq9NOdhN3529jK6YhAjA45bnN -IEJ8u6KUK3JHwbynsZhibm26SFLFJf4C1USRBCn7+Mpz76PLMDIDRciF6vs= +gBSifuvxHbpO1BFrq5h5YfjDLRQkuTAKBggqhkjOPQQDAgNoADBlAjEAuuNrQFoD +U1SnmQSkr7PuPX9G2XsVKDAjF7KZth44VwsbRs/Gr+4/cGdb9f69Q2y+AjBAdQnA +av9Gw7FxrVZ887J7UXgeGhNYCADSnOWfdum7cgsB3sHD/ysjDi5bJc7yJHM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIByjCCAVCgAwIBAgIUKM/riKovAp5g/M6wfqzo0i+T0rIwCgYIKoZIzj0EAwIw -HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcN -MzMwNzAyMTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABL7ijhL2hRVDpr8Wlr4PU6sLLmN4PX4GojTLn1uS -ZPRqssaRvDWrTC9jOdQ/UnYvANMFpN02KTGioOcfc6VTiwkomwDnpw70l/iLezFC -jtEOSWb+79UUgWiXUvrUq+3vHKNTMFEwHQYDVR0OBBYEFMPKd+by6FQfl20s1Y6q -WXvAZ7aeMB8GA1UdIwQYMBaAFMPKd+by6FQfl20s1Y6qWXvAZ7aeMA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwVIEVsSeQAcxOh4AoC+beQSl3nLfl -jX7N3gMTP0uth6iyR4AgFP4XM6xgCkIcjYPOAjEAvJRyTXtXYSLM+2/HOq+Ti/BW -1xqzPuxufx+Mz98Q9Ies5CBQUOxoHJmYvbXP+1M0 +MIIByTCCAVCgAwIBAgIUeZqAHHuoavuELrRjQI5C2u1Yfn8wCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcN +MzMxMDIwMTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMY2qaD6fLoR3X7iNVzc1fXiP45ndjhNU+h9ZjDE +tFrJD+NtaiC2L39leMksfGG9LTzeuZR3l6KaXKcXPjEKsohotv6SYtrtw1IZT4oI +exUVXVUuo0Tq8JMoeYmSBY0egaNTMFEwHQYDVR0OBBYEFKJ+6/Eduk7UEWurmHlh ++MMtFCS5MB8GA1UdIwQYMBaAFKJ+6/Eduk7UEWurmHlh+MMtFCS5MA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDZwAwZAIwSqLm28kaRhlRL+C6rC7jIIRTJ0lm +pq+9PMU50cHbnL1NDgCy86Q8/EogQHYS1PXDAjAQxSSTztVAMqCB9CxcXmAM9wRW +T4+ZiLscgZuFGfHWB69pWloR39vLw72w3RbDRpE= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/client.fullchain b/test-ca/ecdsa/client.fullchain index 2c83641a75..8ac90de6d7 100644 --- a/test-ca/ecdsa/client.fullchain +++ b/test-ca/ecdsa/client.fullchain @@ -1,37 +1,37 @@ -----BEGIN CERTIFICATE----- -MIIB8TCCAZegAwIBAgICAxUwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv -d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMwNzA1MTU0MDQ2WhcN -MjgxMjI1MTU0MDQ2WjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAASCd1LWnaWRlRPYTdovjuxJK6qJSkyI3oLoJTsSUPiw -Et5js19D68vOAIXpEOMb7Nk454lmlrp3YD5zDXez7NevNOIdsI9BRRiwDOQmGtlw -25wtXDS7AwSLgdka4H5lzJ+jgZswgZgwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMC -BsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFBsFIEPKbxNv1Rca -9wzShkfBD+n+MEQGA1UdIwQ9MDuAFEQqdSwAeFQDDYhbCo8g6wMn27CpoSCkHjAc -MRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQYIBezAKBggqhkjOPQQDAgNIADBF -AiAy9QJOaI7DEC6ZjoLn2j1I1q4VUQAQIlUFfbu1hG2bigIhAIt5Q/jDa+AAYSFk -5dtMOXJtWiCGZc20OxhZsHXmGpAs +MIIB8DCCAZegAwIBAgICAxUwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv +d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMxMDIzMTY0MDA0WhcN +MjkwNDE0MTY0MDA0WjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQzbr2s4WWBj4rFDG9/rj3gup3PC17Ry1WrfXHExFuV +40cl1ARXsmJR7xvNvcaIku+7m+XF6W/n6+FFD8WgopXmtsgGeMQ07+2Yt/frseoJ +H5M0nBi6MtkInG09m+bU6PWjgZswgZgwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMC +BsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFHYASKoe/sI/zKRl +1XT2I4XxkTsCMEQGA1UdIwQ9MDuAFPRCQtkBR3u1PyFVNG3JJ1li/uGooSCkHjAc +MRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQYIBezAKBggqhkjOPQQDAgNHADBE +AiB4+SQRvDg+qoXlPjbvaqi2vqmaMp7EuVvPRkY8RMR/yAIgKEcYTDj0AYrpdVMo +af9Zq2pYXIyiAeT65QC+GU185ew= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIB2DCCAV6gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 -biBFQ0RTQSBDQTAeFw0yMzA3MDUxNTQwNDZaFw0zMzA3MDIxNTQwNDZaMC4xLDAq +biBFQ0RTQSBDQTAeFw0yMzEwMjMxNjQwMDRaFw0zMzEwMjAxNjQwMDRaMC4xLDAq BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAEI9uWbLTyPyP7rGipF8gmjTNjdZrOuoFm0Dwj -IhcPOZrlWrBB7EaTf5jv/0EC3aMx7nUsf25lYYDyEKEafjzlSaN/MH0wHQYDVR0O -BBYEFEQqdSwAeFQDDYhbCo8g6wMn27CpMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +KoZIzj0CAQYIKoZIzj0DAQcDQgAEDkhysek+1diUOZ8W/92dm1dRgTrREwqEYziN +9qq6gTTCwF1K+XVzgJTNJc/SPFQx4ylMlLlst/i6idayzsBLPqN/MH0wHQYDVR0O +BBYEFPRCQtkBR3u1PyFVNG3JJ1li/uGoMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAW -gBTDynfm8uhUH5dtLNWOqll7wGe2njAKBggqhkjOPQQDAgNoADBlAjEAtd6eQF4/ -vb1uZZDLP7Goi6Q0pZ5abGUMibdqc8inp5o8G8beq9NOdhN3529jK6YhAjA45bnN -IEJ8u6KUK3JHwbynsZhibm26SFLFJf4C1USRBCn7+Mpz76PLMDIDRciF6vs= +gBSifuvxHbpO1BFrq5h5YfjDLRQkuTAKBggqhkjOPQQDAgNoADBlAjEAuuNrQFoD +U1SnmQSkr7PuPX9G2XsVKDAjF7KZth44VwsbRs/Gr+4/cGdb9f69Q2y+AjBAdQnA +av9Gw7FxrVZ887J7UXgeGhNYCADSnOWfdum7cgsB3sHD/ysjDi5bJc7yJHM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIByjCCAVCgAwIBAgIUKM/riKovAp5g/M6wfqzo0i+T0rIwCgYIKoZIzj0EAwIw -HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcN -MzMwNzAyMTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABL7ijhL2hRVDpr8Wlr4PU6sLLmN4PX4GojTLn1uS -ZPRqssaRvDWrTC9jOdQ/UnYvANMFpN02KTGioOcfc6VTiwkomwDnpw70l/iLezFC -jtEOSWb+79UUgWiXUvrUq+3vHKNTMFEwHQYDVR0OBBYEFMPKd+by6FQfl20s1Y6q -WXvAZ7aeMB8GA1UdIwQYMBaAFMPKd+by6FQfl20s1Y6qWXvAZ7aeMA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwVIEVsSeQAcxOh4AoC+beQSl3nLfl -jX7N3gMTP0uth6iyR4AgFP4XM6xgCkIcjYPOAjEAvJRyTXtXYSLM+2/HOq+Ti/BW -1xqzPuxufx+Mz98Q9Ies5CBQUOxoHJmYvbXP+1M0 +MIIByTCCAVCgAwIBAgIUeZqAHHuoavuELrRjQI5C2u1Yfn8wCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcN +MzMxMDIwMTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMY2qaD6fLoR3X7iNVzc1fXiP45ndjhNU+h9ZjDE +tFrJD+NtaiC2L39leMksfGG9LTzeuZR3l6KaXKcXPjEKsohotv6SYtrtw1IZT4oI +exUVXVUuo0Tq8JMoeYmSBY0egaNTMFEwHQYDVR0OBBYEFKJ+6/Eduk7UEWurmHlh ++MMtFCS5MB8GA1UdIwQYMBaAFKJ+6/Eduk7UEWurmHlh+MMtFCS5MA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDZwAwZAIwSqLm28kaRhlRL+C6rC7jIIRTJ0lm +pq+9PMU50cHbnL1NDgCy86Q8/EogQHYS1PXDAjAQxSSTztVAMqCB9CxcXmAM9wRW +T4+ZiLscgZuFGfHWB69pWloR39vLw72w3RbDRpE= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/client.key b/test-ca/ecdsa/client.key index fa9812f90d..a5162d7a0c 100644 --- a/test-ca/ecdsa/client.key +++ b/test-ca/ecdsa/client.key @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDKJ+hWQWsvoxw6pWYL -N90eokxpImgIb3kCEUW5sJDnAGlYIwcn25A4lADRyEuEcSShZANiAASCd1LWnaWR -lRPYTdovjuxJK6qJSkyI3oLoJTsSUPiwEt5js19D68vOAIXpEOMb7Nk454lmlrp3 -YD5zDXez7NevNOIdsI9BRRiwDOQmGtlw25wtXDS7AwSLgdka4H5lzJ8= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDByhNhR8TP9jP8TZPzR +w6QkWuFmiXGy/ZimTWqYSN8Fp2PPiqjXEy8epH0RmMDZD++hZANiAAQzbr2s4WWB +j4rFDG9/rj3gup3PC17Ry1WrfXHExFuV40cl1ARXsmJR7xvNvcaIku+7m+XF6W/n +6+FFD8WgopXmtsgGeMQ07+2Yt/frseoJH5M0nBi6MtkInG09m+bU6PU= -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa/client.req b/test-ca/ecdsa/client.req index af10407383..089aad7a98 100644 --- a/test-ca/ecdsa/client.req +++ b/test-ca/ecdsa/client.req @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE REQUEST----- MIIBEzCBmQIBADAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcqhkjO -PQIBBgUrgQQAIgNiAASCd1LWnaWRlRPYTdovjuxJK6qJSkyI3oLoJTsSUPiwEt5j -s19D68vOAIXpEOMb7Nk454lmlrp3YD5zDXez7NevNOIdsI9BRRiwDOQmGtlw25wt -XDS7AwSLgdka4H5lzJ+gADAKBggqhkjOPQQDAgNpADBmAjEAtRws/pll70FNzZ79 -pHZb5Bovy/6injVsQ9PQcvPdZ84biI1bRiKYKKSjMn6iRAnVAjEA4jva8MmhIuvJ -W3MiYjH2F5R8Acto1apmx9S4uPlI+Tv04lPFluAHK6fV3rfgcRCW +PQIBBgUrgQQAIgNiAAQzbr2s4WWBj4rFDG9/rj3gup3PC17Ry1WrfXHExFuV40cl +1ARXsmJR7xvNvcaIku+7m+XF6W/n6+FFD8WgopXmtsgGeMQ07+2Yt/frseoJH5M0 +nBi6MtkInG09m+bU6PWgADAKBggqhkjOPQQDAgNpADBmAjEA/ggAU1DzE67UyjFm +DkFhA5FqtoLpnSqtJ6bkJ4DSGQeMbBVUviO006adObjJv+o2AjEA3lrTDLZzlqr1 +KQPWbNu2/AqZhJTh43Wdyz7GyZiCV2tCHcGstgEas6zKnnxxa6K3 -----END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa/client.revoked.crl.pem b/test-ca/ecdsa/client.revoked.crl.pem index f424e3d67a..660c494ac4 100644 --- a/test-ca/ecdsa/client.revoked.crl.pem +++ b/test-ca/ecdsa/client.revoked.crl.pem @@ -1,8 +1,8 @@ -----BEGIN X509 CRL----- MIIBDTCBtAIBATAKBggqhkjOPQQDAjAuMSwwKgYDVQQDDCNwb255dG93biBFQ0RT -QSBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjMwNzA1MTU0MDQ2WhcNMjMwNzEyMTU0 -MDQ2WjAjMCECAgMVFw0yMzA3MDUxNTQwNDZaMAwwCgYDVR0VBAMKAQGgMDAuMB8G -A1UdIwQYMBaAFEQqdSwAeFQDDYhbCo8g6wMn27CpMAsGA1UdFAQEAgIQATAKBggq -hkjOPQQDAgNIADBFAiB3hle53ZctSd+FI76SZsRXb4NZaUVlY41qIHeeMlKLzQIh -ALBfSkSc19jdt8Vw/6GUiSDc7+u7XfeKr6JX/ZiVLXqZ +QSBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjMxMDIzMTY0MDA0WhcNMjMxMDMwMTY0 +MDA0WjAjMCECAgMVFw0yMzEwMjMxNjQwMDRaMAwwCgYDVR0VBAMKAQGgMDAuMB8G +A1UdIwQYMBaAFPRCQtkBR3u1PyFVNG3JJ1li/uGoMAsGA1UdFAQEAgIQATAKBggq +hkjOPQQDAgNIADBFAiAi3GxEYygj24BVmP5wVrGjWpvmHuP8X/VtG8JwUDNTXAIh +AKk6+yQ1GiEtUVHgSpUXu8EHDjVTy35gGPnCukSOx77V -----END X509 CRL----- diff --git a/test-ca/ecdsa/end.cert b/test-ca/ecdsa/end.cert index c51a402384..54726ceeee 100644 --- a/test-ca/ecdsa/end.cert +++ b/test-ca/ecdsa/end.cert @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- MIICDzCCAbagAwIBAgICAcgwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv -d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMwNzA1MTU0MDQ2WhcN -MjgxMjI1MTU0MDQ2WjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTBZMBMGByqG -SM49AgEGCCqGSM49AwEHA0IABFn59Brhwq5VxUaj2MYtw2SYSadcHnDkNG9Efmgx -E4lQCW2GZMcBbxJ/mzdjBl+WLeXjtwY2eXcu3glW2sOtzCijgdgwgdUwDAYDVR0T -AQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFDAfnnyYiG3m3mcvvPGjukL1 -Ld3+MEQGA1UdIwQ9MDuAFEQqdSwAeFQDDYhbCo8g6wMn27CpoSCkHjAcMRowGAYD +d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMxMDIzMTY0MDA0WhcN +MjkwNDE0MTY0MDA0WjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABC5/tAfkUDvshOy6ZUYSooHQQ1/zKX28sBWYVijn +8rsM/t/rkV7PDR3AMUi6hpg8rnY22PlwvAx264EvkGVN7AqjgdgwgdUwDAYDVR0T +AQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFAdx/fObH+0Qt5v5wNuz+VEF +rmLMMEQGA1UdIwQ9MDuAFPRCQtkBR3u1PyFVNG3JJ1li/uGooSCkHjAcMRowGAYD VQQDDBFwb255dG93biBFQ0RTQSBDQYIBezBTBgNVHREETDBKgg50ZXN0c2VydmVy LmNvbYcExjNkAYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29thxAgAQ24AAAAAAAAAAAA -AAABgglsb2NhbGhvc3QwCgYIKoZIzj0EAwIDRwAwRAIgZWkcJ8MGs8YasHC37f3D -rf8H/TYwSUE+IQx8hCWgT9MCIC1/UueWePY+kGgLnQTsM4+V7b0YBXEcCnvr9MyU -Ih5J +AAABgglsb2NhbGhvc3QwCgYIKoZIzj0EAwIDRwAwRAIgDBponUxPnh1zEhlYXpyj +++f7ArV/6eugzpIf+oapDmwCIHbi/ikE+j6QNs/ShF2l18nmFxAp0FPeMLs5EoQO +6rE0 -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/end.chain b/test-ca/ecdsa/end.chain index 11a406b0cd..4935910e1f 100644 --- a/test-ca/ecdsa/end.chain +++ b/test-ca/ecdsa/end.chain @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- MIIB2DCCAV6gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 -biBFQ0RTQSBDQTAeFw0yMzA3MDUxNTQwNDZaFw0zMzA3MDIxNTQwNDZaMC4xLDAq +biBFQ0RTQSBDQTAeFw0yMzEwMjMxNjQwMDRaFw0zMzEwMjAxNjQwMDRaMC4xLDAq BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAEI9uWbLTyPyP7rGipF8gmjTNjdZrOuoFm0Dwj -IhcPOZrlWrBB7EaTf5jv/0EC3aMx7nUsf25lYYDyEKEafjzlSaN/MH0wHQYDVR0O -BBYEFEQqdSwAeFQDDYhbCo8g6wMn27CpMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +KoZIzj0CAQYIKoZIzj0DAQcDQgAEDkhysek+1diUOZ8W/92dm1dRgTrREwqEYziN +9qq6gTTCwF1K+XVzgJTNJc/SPFQx4ylMlLlst/i6idayzsBLPqN/MH0wHQYDVR0O +BBYEFPRCQtkBR3u1PyFVNG3JJ1li/uGoMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAW -gBTDynfm8uhUH5dtLNWOqll7wGe2njAKBggqhkjOPQQDAgNoADBlAjEAtd6eQF4/ -vb1uZZDLP7Goi6Q0pZ5abGUMibdqc8inp5o8G8beq9NOdhN3529jK6YhAjA45bnN -IEJ8u6KUK3JHwbynsZhibm26SFLFJf4C1USRBCn7+Mpz76PLMDIDRciF6vs= +gBSifuvxHbpO1BFrq5h5YfjDLRQkuTAKBggqhkjOPQQDAgNoADBlAjEAuuNrQFoD +U1SnmQSkr7PuPX9G2XsVKDAjF7KZth44VwsbRs/Gr+4/cGdb9f69Q2y+AjBAdQnA +av9Gw7FxrVZ887J7UXgeGhNYCADSnOWfdum7cgsB3sHD/ysjDi5bJc7yJHM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIByjCCAVCgAwIBAgIUKM/riKovAp5g/M6wfqzo0i+T0rIwCgYIKoZIzj0EAwIw -HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcN -MzMwNzAyMTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABL7ijhL2hRVDpr8Wlr4PU6sLLmN4PX4GojTLn1uS -ZPRqssaRvDWrTC9jOdQ/UnYvANMFpN02KTGioOcfc6VTiwkomwDnpw70l/iLezFC -jtEOSWb+79UUgWiXUvrUq+3vHKNTMFEwHQYDVR0OBBYEFMPKd+by6FQfl20s1Y6q -WXvAZ7aeMB8GA1UdIwQYMBaAFMPKd+by6FQfl20s1Y6qWXvAZ7aeMA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwVIEVsSeQAcxOh4AoC+beQSl3nLfl -jX7N3gMTP0uth6iyR4AgFP4XM6xgCkIcjYPOAjEAvJRyTXtXYSLM+2/HOq+Ti/BW -1xqzPuxufx+Mz98Q9Ies5CBQUOxoHJmYvbXP+1M0 +MIIByTCCAVCgAwIBAgIUeZqAHHuoavuELrRjQI5C2u1Yfn8wCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcN +MzMxMDIwMTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMY2qaD6fLoR3X7iNVzc1fXiP45ndjhNU+h9ZjDE +tFrJD+NtaiC2L39leMksfGG9LTzeuZR3l6KaXKcXPjEKsohotv6SYtrtw1IZT4oI +exUVXVUuo0Tq8JMoeYmSBY0egaNTMFEwHQYDVR0OBBYEFKJ+6/Eduk7UEWurmHlh ++MMtFCS5MB8GA1UdIwQYMBaAFKJ+6/Eduk7UEWurmHlh+MMtFCS5MA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDZwAwZAIwSqLm28kaRhlRL+C6rC7jIIRTJ0lm +pq+9PMU50cHbnL1NDgCy86Q8/EogQHYS1PXDAjAQxSSTztVAMqCB9CxcXmAM9wRW +T4+ZiLscgZuFGfHWB69pWloR39vLw72w3RbDRpE= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/end.fullchain b/test-ca/ecdsa/end.fullchain index 7c79886ea3..ebc5653844 100644 --- a/test-ca/ecdsa/end.fullchain +++ b/test-ca/ecdsa/end.fullchain @@ -1,38 +1,38 @@ -----BEGIN CERTIFICATE----- MIICDzCCAbagAwIBAgICAcgwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv -d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMwNzA1MTU0MDQ2WhcN -MjgxMjI1MTU0MDQ2WjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTBZMBMGByqG -SM49AgEGCCqGSM49AwEHA0IABFn59Brhwq5VxUaj2MYtw2SYSadcHnDkNG9Efmgx -E4lQCW2GZMcBbxJ/mzdjBl+WLeXjtwY2eXcu3glW2sOtzCijgdgwgdUwDAYDVR0T -AQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFDAfnnyYiG3m3mcvvPGjukL1 -Ld3+MEQGA1UdIwQ9MDuAFEQqdSwAeFQDDYhbCo8g6wMn27CpoSCkHjAcMRowGAYD +d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMjMxMDIzMTY0MDA0WhcN +MjkwNDE0MTY0MDA0WjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABC5/tAfkUDvshOy6ZUYSooHQQ1/zKX28sBWYVijn +8rsM/t/rkV7PDR3AMUi6hpg8rnY22PlwvAx264EvkGVN7AqjgdgwgdUwDAYDVR0T +AQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFAdx/fObH+0Qt5v5wNuz+VEF +rmLMMEQGA1UdIwQ9MDuAFPRCQtkBR3u1PyFVNG3JJ1li/uGooSCkHjAcMRowGAYD VQQDDBFwb255dG93biBFQ0RTQSBDQYIBezBTBgNVHREETDBKgg50ZXN0c2VydmVy LmNvbYcExjNkAYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29thxAgAQ24AAAAAAAAAAAA -AAABgglsb2NhbGhvc3QwCgYIKoZIzj0EAwIDRwAwRAIgZWkcJ8MGs8YasHC37f3D -rf8H/TYwSUE+IQx8hCWgT9MCIC1/UueWePY+kGgLnQTsM4+V7b0YBXEcCnvr9MyU -Ih5J +AAABgglsb2NhbGhvc3QwCgYIKoZIzj0EAwIDRwAwRAIgDBponUxPnh1zEhlYXpyj +++f7ArV/6eugzpIf+oapDmwCIHbi/ikE+j6QNs/ShF2l18nmFxAp0FPeMLs5EoQO +6rE0 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIB2DCCAV6gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 -biBFQ0RTQSBDQTAeFw0yMzA3MDUxNTQwNDZaFw0zMzA3MDIxNTQwNDZaMC4xLDAq +biBFQ0RTQSBDQTAeFw0yMzEwMjMxNjQwMDRaFw0zMzEwMjAxNjQwMDRaMC4xLDAq BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAEI9uWbLTyPyP7rGipF8gmjTNjdZrOuoFm0Dwj -IhcPOZrlWrBB7EaTf5jv/0EC3aMx7nUsf25lYYDyEKEafjzlSaN/MH0wHQYDVR0O -BBYEFEQqdSwAeFQDDYhbCo8g6wMn27CpMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +KoZIzj0CAQYIKoZIzj0DAQcDQgAEDkhysek+1diUOZ8W/92dm1dRgTrREwqEYziN +9qq6gTTCwF1K+XVzgJTNJc/SPFQx4ylMlLlst/i6idayzsBLPqN/MH0wHQYDVR0O +BBYEFPRCQtkBR3u1PyFVNG3JJ1li/uGoMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAW -gBTDynfm8uhUH5dtLNWOqll7wGe2njAKBggqhkjOPQQDAgNoADBlAjEAtd6eQF4/ -vb1uZZDLP7Goi6Q0pZ5abGUMibdqc8inp5o8G8beq9NOdhN3529jK6YhAjA45bnN -IEJ8u6KUK3JHwbynsZhibm26SFLFJf4C1USRBCn7+Mpz76PLMDIDRciF6vs= +gBSifuvxHbpO1BFrq5h5YfjDLRQkuTAKBggqhkjOPQQDAgNoADBlAjEAuuNrQFoD +U1SnmQSkr7PuPX9G2XsVKDAjF7KZth44VwsbRs/Gr+4/cGdb9f69Q2y+AjBAdQnA +av9Gw7FxrVZ887J7UXgeGhNYCADSnOWfdum7cgsB3sHD/ysjDi5bJc7yJHM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIByjCCAVCgAwIBAgIUKM/riKovAp5g/M6wfqzo0i+T0rIwCgYIKoZIzj0EAwIw -HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcN -MzMwNzAyMTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABL7ijhL2hRVDpr8Wlr4PU6sLLmN4PX4GojTLn1uS -ZPRqssaRvDWrTC9jOdQ/UnYvANMFpN02KTGioOcfc6VTiwkomwDnpw70l/iLezFC -jtEOSWb+79UUgWiXUvrUq+3vHKNTMFEwHQYDVR0OBBYEFMPKd+by6FQfl20s1Y6q -WXvAZ7aeMB8GA1UdIwQYMBaAFMPKd+by6FQfl20s1Y6qWXvAZ7aeMA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIwVIEVsSeQAcxOh4AoC+beQSl3nLfl -jX7N3gMTP0uth6iyR4AgFP4XM6xgCkIcjYPOAjEAvJRyTXtXYSLM+2/HOq+Ti/BW -1xqzPuxufx+Mz98Q9Ies5CBQUOxoHJmYvbXP+1M0 +MIIByTCCAVCgAwIBAgIUeZqAHHuoavuELrRjQI5C2u1Yfn8wCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcN +MzMxMDIwMTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMY2qaD6fLoR3X7iNVzc1fXiP45ndjhNU+h9ZjDE +tFrJD+NtaiC2L39leMksfGG9LTzeuZR3l6KaXKcXPjEKsohotv6SYtrtw1IZT4oI +exUVXVUuo0Tq8JMoeYmSBY0egaNTMFEwHQYDVR0OBBYEFKJ+6/Eduk7UEWurmHlh ++MMtFCS5MB8GA1UdIwQYMBaAFKJ+6/Eduk7UEWurmHlh+MMtFCS5MA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDZwAwZAIwSqLm28kaRhlRL+C6rC7jIIRTJ0lm +pq+9PMU50cHbnL1NDgCy86Q8/EogQHYS1PXDAjAQxSSTztVAMqCB9CxcXmAM9wRW +T4+ZiLscgZuFGfHWB69pWloR39vLw72w3RbDRpE= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/end.key b/test-ca/ecdsa/end.key index cec45a54c6..7371f3d105 100644 --- a/test-ca/ecdsa/end.key +++ b/test-ca/ecdsa/end.key @@ -1,5 +1,5 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgALQpY6/2BJbpIuRP -UNX49o9PFYEKCjoGSQEeX5AwSO2hRANCAARZ+fQa4cKuVcVGo9jGLcNkmEmnXB5w -5DRvRH5oMROJUAlthmTHAW8Sf5s3YwZfli3l47cGNnl3Lt4JVtrDrcwo +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgAmn1iZQ1nV7blY2q +x2sPtxy5eaVRtbV/Jts2IbONrKqhRANCAAQuf7QH5FA77ITsumVGEqKB0ENf8yl9 +vLAVmFYo5/K7DP7f65Fezw0dwDFIuoaYPK52Ntj5cLwMduuBL5BlTewK -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa/end.req b/test-ca/ecdsa/end.req index 0bfd50416e..ae1a3ea710 100644 --- a/test-ca/ecdsa/end.req +++ b/test-ca/ecdsa/end.req @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE REQUEST----- -MIHUMHsCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wWTATBgcqhkjOPQIB -BggqhkjOPQMBBwNCAARZ+fQa4cKuVcVGo9jGLcNkmEmnXB5w5DRvRH5oMROJUAlt -hmTHAW8Sf5s3YwZfli3l47cGNnl3Lt4JVtrDrcwooAAwCgYIKoZIzj0EAwIDSQAw -RgIhAIEU3/Twp/+1Pz/8StU1c9Jky3Dl59VaYbS7QbIG9YU+AiEA9q0gNjBAM9iT -zgrSnAe9E/YS00RUMmoHKZXXSyaIVxQ= +MIHTMHsCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAAQuf7QH5FA77ITsumVGEqKB0ENf8yl9vLAVmFYo5/K7DP7f +65Fezw0dwDFIuoaYPK52Ntj5cLwMduuBL5BlTewKoAAwCgYIKoZIzj0EAwIDSAAw +RQIhAI8pgThEVIZXXMSsRzdB8tVjiM9j1ALdNLRnanquO6ObAiAdRLK//mWYLJsH +J8/hwqtiST4UaNnSDJQhtVWDjFlqpw== -----END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa/end.revoked.crl.pem b/test-ca/ecdsa/end.revoked.crl.pem new file mode 100644 index 0000000000..34be1e35a0 --- /dev/null +++ b/test-ca/ecdsa/end.revoked.crl.pem @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIIBDjCBtAIBATAKBggqhkjOPQQDAjAuMSwwKgYDVQQDDCNwb255dG93biBFQ0RT +QSBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjMxMDIzMTY0MDA0WhcNMjMxMDMwMTY0 +MDA0WjAjMCECAgHIFw0yMzEwMjMxNjQwMDRaMAwwCgYDVR0VBAMKAQGgMDAuMB8G +A1UdIwQYMBaAFPRCQtkBR3u1PyFVNG3JJ1li/uGoMAsGA1UdFAQEAgIQATAKBggq +hkjOPQQDAgNJADBGAiEAy0NOKAJdNapfnRgbWrf8Pvb93/J55yA22/8JnEYUOs4C +IQCKALEw5UjBgYzPni0iHTzFJni4G+PTcqHs0NOqS2YgSw== +-----END X509 CRL----- diff --git a/test-ca/ecdsa/inter.cert b/test-ca/ecdsa/inter.cert index 4a0e110fe4..8cc2f36204 100644 --- a/test-ca/ecdsa/inter.cert +++ b/test-ca/ecdsa/inter.cert @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- MIIB2DCCAV6gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 -biBFQ0RTQSBDQTAeFw0yMzA3MDUxNTQwNDZaFw0zMzA3MDIxNTQwNDZaMC4xLDAq +biBFQ0RTQSBDQTAeFw0yMzEwMjMxNjQwMDRaFw0zMzEwMjAxNjQwMDRaMC4xLDAq BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH -KoZIzj0CAQYIKoZIzj0DAQcDQgAEI9uWbLTyPyP7rGipF8gmjTNjdZrOuoFm0Dwj -IhcPOZrlWrBB7EaTf5jv/0EC3aMx7nUsf25lYYDyEKEafjzlSaN/MH0wHQYDVR0O -BBYEFEQqdSwAeFQDDYhbCo8g6wMn27CpMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +KoZIzj0CAQYIKoZIzj0DAQcDQgAEDkhysek+1diUOZ8W/92dm1dRgTrREwqEYziN +9qq6gTTCwF1K+XVzgJTNJc/SPFQx4ylMlLlst/i6idayzsBLPqN/MH0wHQYDVR0O +BBYEFPRCQtkBR3u1PyFVNG3JJ1li/uGoMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAW -gBTDynfm8uhUH5dtLNWOqll7wGe2njAKBggqhkjOPQQDAgNoADBlAjEAtd6eQF4/ -vb1uZZDLP7Goi6Q0pZ5abGUMibdqc8inp5o8G8beq9NOdhN3529jK6YhAjA45bnN -IEJ8u6KUK3JHwbynsZhibm26SFLFJf4C1USRBCn7+Mpz76PLMDIDRciF6vs= +gBSifuvxHbpO1BFrq5h5YfjDLRQkuTAKBggqhkjOPQQDAgNoADBlAjEAuuNrQFoD +U1SnmQSkr7PuPX9G2XsVKDAjF7KZth44VwsbRs/Gr+4/cGdb9f69Q2y+AjBAdQnA +av9Gw7FxrVZ887J7UXgeGhNYCADSnOWfdum7cgsB3sHD/ysjDi5bJc7yJHM= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa/inter.key b/test-ca/ecdsa/inter.key index a504363742..998f591c51 100644 --- a/test-ca/ecdsa/inter.key +++ b/test-ca/ecdsa/inter.key @@ -1,5 +1,5 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEblFpZPgIENYtmEv -tXkpNxJ3IXEi0+d341R1UT0/JvChRANCAAQj25ZstPI/I/usaKkXyCaNM2N1ms66 -gWbQPCMiFw85muVasEHsRpN/mO//QQLdozHudSx/bmVhgPIQoRp+POVJ +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgY196b9ih7qQupnmI +3Ihz8S9cB4eaVLoLLPan8Um4qzqhRANCAAQOSHKx6T7V2JQ5nxb/3Z2bV1GBOtET +CoRjOI32qrqBNMLAXUr5dXOAlM0lz9I8VDHjKUyUuWy3+LqJ1rLOwEs+ -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa/inter.req b/test-ca/ecdsa/inter.req index f9238ff816..01e57fd8b0 100644 --- a/test-ca/ecdsa/inter.req +++ b/test-ca/ecdsa/inter.req @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE REQUEST----- -MIHqMIGQAgEAMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50 -ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI9uWbLTyPyP7rGip -F8gmjTNjdZrOuoFm0DwjIhcPOZrlWrBB7EaTf5jv/0EC3aMx7nUsf25lYYDyEKEa -fjzlSaAAMAoGCCqGSM49BAMCA0kAMEYCIQD7MzWSwNHd+XIAOCDtZT2/yUnrdGvQ -TQVmpSOHrhZvaAIhAJC/oBxetLlBuq6XLDboV0jCOzz4YQRElIWibDWs5qpg +MIHpMIGQAgEAMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50 +ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDkhysek+1diUOZ8W +/92dm1dRgTrREwqEYziN9qq6gTTCwF1K+XVzgJTNJc/SPFQx4ylMlLlst/i6iday +zsBLPqAAMAoGCCqGSM49BAMCA0gAMEUCIEXzdY7z9kvyZq99LEse0gWJGXCjn7W4 +ka8JCvSUD5+EAiEA4HmRN9m0xJGuNSboX4EMdPwPQ73anr0Ljl2wXOgT+qY= -----END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa/inter.revoked.crl.pem b/test-ca/ecdsa/inter.revoked.crl.pem new file mode 100644 index 0000000000..0902c80d97 --- /dev/null +++ b/test-ca/ecdsa/inter.revoked.crl.pem @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIIBGTCBoQIBATAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RT +QSBDQRcNMjMxMDIzMTY0MDA0WhcNMjMxMDMwMTY0MDA0WjAiMCACAXsXDTIzMTAy +MzE2NDAwNFowDDAKBgNVHRUEAwoBAaAwMC4wHwYDVR0jBBgwFoAUon7r8R26TtQR +a6uYeWH4wy0UJLkwCwYDVR0UBAQCAhABMAoGCCqGSM49BAMCA2cAMGQCMAN0B7kh +NhD0vljCy9ppl9/ABshmmg0pTo8anHy/hFA45JzoEQnBn59WXkTvr8HOjgIwLjZn +ug37KHRHscdmFdyLts/hwO6GVuoh2RXoT5AxTOV45/Ra80M8GBuKymUXvZ3w +-----END X509 CRL----- diff --git a/test-ca/eddsa/ca.cert b/test-ca/eddsa/ca.cert index 18518275b1..08c53b3411 100644 --- a/test-ca/eddsa/ca.cert +++ b/test-ca/eddsa/ca.cert @@ -1,9 +1,9 @@ -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhR7gyGjUc9PrlhC7/0Uvh5Ee2XaZTAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAy -MTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AHlf4LfMdp6UuT9Eq7I3X9sGo+uYpyaGvTDP9Poh4IO1o1MwUTAdBgNVHQ4EFgQU -s4a/Q9lEZJkPUCkYiZ7dYgXyHpYwHwYDVR0jBBgwFoAUs4a/Q9lEZJkPUCkYiZ7d -YgXyHpYwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQCx1pCmzga9qPedPRErr9oG -ked8KY0DR/clmU3qHBQeRAw/TNukvPwGEgGpIR3MamL/LgUp0/3kYsWARrzsKVcB +MIIBTDCB/6ADAgECAhRTtCxlQbL9jsIc2xbssnclPXmZojAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcNMzMxMDIw +MTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AH00j8a+JGKAzbrlhw6HKsVyseoJqvPI45Tz0IfXRn3Mo1MwUTAdBgNVHQ4EFgQU +7Ftp1xt285nQvTgIt3H53yeX2b8wHwYDVR0jBBgwFoAU7Ftp1xt285nQvTgIt3H5 +3yeX2b8wDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDIK4mvpExyNd/Veuvr0+iH +hh3JJ+FagRyoKzcIe/Wq6nSU7CllTb3QSkxt/2vLOe0RZ66CL3y+hm4Xpf3/+L0F -----END CERTIFICATE----- diff --git a/test-ca/eddsa/ca.der b/test-ca/eddsa/ca.der index 1389dd0c26fb89556258cc18ff40fedc125a6c6e..da3d6492ed042bd12e896af8a5cfa2375e5bb91a 100644 GIT binary patch delta 276 zcmcb>bb(39po!7Ppz;3#W+p}^CXwJRI;oDE{`MV`xh?i)Q@N^b<;+DBm9(V{4UCKp z%}fjojHASPjg5g^11NW*rhL7Y0V^A`c4`5$B15f7|FL~4NeyRrJ#FV}*E(9X@fGK) z&nF&F`Fx@Mx?Am;#lZ%F2C{6-p|X4|Vk{zWqBE~cmwldjVXpbb(39po!7Ppz;3#W+p}^CXwo9#l?Z={nte}z5gq+PtK(}^;YUcC2c7Ka|2UD zQxgLdvnX+1V`CuK2+EzPDPON;z{&}#lZ%F2C{6-p|X4|Vk{z?+x9!(bV-@XAD}7GIqz-~>nFKs2J#?j zWflnou?Fl4_(2MU85#exuo^HkGJ5}q+3(1(@!EuC=h*hH_&(QGP<#C?wu#ScG<%ud vzpKvleI+9z=fY#}b9>32KWsvbD-~tWWF`IAW7WL;_es*x2Dd$LG{YGIN~~ii diff --git a/test-ca/eddsa/ca.key b/test-ca/eddsa/ca.key index 71fedfb8c0..f1f4c3cefd 100644 --- a/test-ca/eddsa/ca.key +++ b/test-ca/eddsa/ca.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIFfG4HHRxJBvkHkuAHEBFqC7HDnZAwvGwMQJTB/0xbRe +MC4CAQAwBQYDK2VwBCIEIBghvincUxfOg+M781C9ryJ9FQ1xT0EkCNNe7PaE5mIa -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/client.cert b/test-ca/eddsa/client.cert index e58189a965..ec6f18f13b 100644 --- a/test-ca/eddsa/client.cert +++ b/test-ca/eddsa/client.cert @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- MIIBlDCCAUagAwIBAgICAxUwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloXDTI4MTIy -NTE1NDA0NlowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA -POHCFETLoCJa5YPecGskXVjIMhKY/KgL7QA1kldezD+jgZswgZgwDAYDVR0TAQH/ +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTAyMzE2NDAwNFoXDTI5MDQx +NDE2NDAwNFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA +J4orr/JsbIidCCuuxXRvEUVN5yMAeoOQLhxTj9bt9H2jgZswgZgwDAYDVR0TAQH/ BAIwADALBgNVHQ8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0O -BBYEFI9anYJwjc6HAvTtaHJ+49pm1DnBMEQGA1UdIwQ9MDuAFF4I7KonT8pjYvHv -XyhXvvHAUk1PoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF -BgMrZXADQQDhNYLsEmP4c8DT8PSrCpNqaK0eQFJABNmB2yngOxfrXYVZk7oiBJrY -TGWOaXlAoFnY4/1MEbSJiePzCnC16tQG +BBYEFBJeM9KRUu8UH6UX9cqmBcI98+jQMEQGA1UdIwQ9MDuAFGelezYB8S5fQhGU +4RsvtTEEZ4aFoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF +BgMrZXADQQBGEzlbVkzJD0R+Wv4Zav4bhW5arIM7W8ursDYX96QZvqimSjW6nrIa +thOf5ia/nSJP72jfcYJ57lHeksaA8MgI -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.chain b/test-ca/eddsa/client.chain index 38a2da5483..2d0fe168bb 100644 --- a/test-ca/eddsa/client.chain +++ b/test-ca/eddsa/client.chain @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AI0/BtRQI45V5ncukO0PvSjK21VD6PqF4su9d5npo/zyo38wfTAdBgNVHQ4EFgQU -XgjsqidPymNi8e9fKFe+8cBSTU8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFLOG -v0PZRGSZD1ApGIme3WIF8h6WMAUGAytlcANBAIZfveXZFMYCGJgcaJMhsexNA8pP -pzKlKCAf7XpT2RwSpTVYKdiFT0rYr3/JRTUfylGm6Tn7KMavEqP6fHmEhgY= +AJwzAzcBUOC1W8DNjttmM/uKliQYIONZu9RNzjiGNSkyo38wfTAdBgNVHQ4EFgQU +Z6V7NgHxLl9CEZThGy+1MQRnhoUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFOxb +adcbdvOZ0L04CLdx+d8nl9m/MAUGAytlcANBABBykGh+W049HT0f8/ta2II1zBGo +bTgA/MLQjHx3f6wK+InKVGRRX4adWN3a8fk258P9HiVmLMovz5X+YlBH8QM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhR7gyGjUc9PrlhC7/0Uvh5Ee2XaZTAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAy -MTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AHlf4LfMdp6UuT9Eq7I3X9sGo+uYpyaGvTDP9Poh4IO1o1MwUTAdBgNVHQ4EFgQU -s4a/Q9lEZJkPUCkYiZ7dYgXyHpYwHwYDVR0jBBgwFoAUs4a/Q9lEZJkPUCkYiZ7d -YgXyHpYwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQCx1pCmzga9qPedPRErr9oG -ked8KY0DR/clmU3qHBQeRAw/TNukvPwGEgGpIR3MamL/LgUp0/3kYsWARrzsKVcB +MIIBTDCB/6ADAgECAhRTtCxlQbL9jsIc2xbssnclPXmZojAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcNMzMxMDIw +MTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AH00j8a+JGKAzbrlhw6HKsVyseoJqvPI45Tz0IfXRn3Mo1MwUTAdBgNVHQ4EFgQU +7Ftp1xt285nQvTgIt3H53yeX2b8wHwYDVR0jBBgwFoAU7Ftp1xt285nQvTgIt3H5 +3yeX2b8wDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDIK4mvpExyNd/Veuvr0+iH +hh3JJ+FagRyoKzcIe/Wq6nSU7CllTb3QSkxt/2vLOe0RZ66CL3y+hm4Xpf3/+L0F -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.fullchain b/test-ca/eddsa/client.fullchain index 4042b5d805..18f97ca53d 100644 --- a/test-ca/eddsa/client.fullchain +++ b/test-ca/eddsa/client.fullchain @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- MIIBlDCCAUagAwIBAgICAxUwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloXDTI4MTIy -NTE1NDA0NlowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA -POHCFETLoCJa5YPecGskXVjIMhKY/KgL7QA1kldezD+jgZswgZgwDAYDVR0TAQH/ +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTAyMzE2NDAwNFoXDTI5MDQx +NDE2NDAwNFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA +J4orr/JsbIidCCuuxXRvEUVN5yMAeoOQLhxTj9bt9H2jgZswgZgwDAYDVR0TAQH/ BAIwADALBgNVHQ8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0O -BBYEFI9anYJwjc6HAvTtaHJ+49pm1DnBMEQGA1UdIwQ9MDuAFF4I7KonT8pjYvHv -XyhXvvHAUk1PoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF -BgMrZXADQQDhNYLsEmP4c8DT8PSrCpNqaK0eQFJABNmB2yngOxfrXYVZk7oiBJrY -TGWOaXlAoFnY4/1MEbSJiePzCnC16tQG +BBYEFBJeM9KRUu8UH6UX9cqmBcI98+jQMEQGA1UdIwQ9MDuAFGelezYB8S5fQhGU +4RsvtTEEZ4aFoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF +BgMrZXADQQBGEzlbVkzJD0R+Wv4Zav4bhW5arIM7W8ursDYX96QZvqimSjW6nrIa +thOf5ia/nSJP72jfcYJ57lHeksaA8MgI -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AI0/BtRQI45V5ncukO0PvSjK21VD6PqF4su9d5npo/zyo38wfTAdBgNVHQ4EFgQU -XgjsqidPymNi8e9fKFe+8cBSTU8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFLOG -v0PZRGSZD1ApGIme3WIF8h6WMAUGAytlcANBAIZfveXZFMYCGJgcaJMhsexNA8pP -pzKlKCAf7XpT2RwSpTVYKdiFT0rYr3/JRTUfylGm6Tn7KMavEqP6fHmEhgY= +AJwzAzcBUOC1W8DNjttmM/uKliQYIONZu9RNzjiGNSkyo38wfTAdBgNVHQ4EFgQU +Z6V7NgHxLl9CEZThGy+1MQRnhoUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFOxb +adcbdvOZ0L04CLdx+d8nl9m/MAUGAytlcANBABBykGh+W049HT0f8/ta2II1zBGo +bTgA/MLQjHx3f6wK+InKVGRRX4adWN3a8fk258P9HiVmLMovz5X+YlBH8QM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhR7gyGjUc9PrlhC7/0Uvh5Ee2XaZTAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAy -MTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AHlf4LfMdp6UuT9Eq7I3X9sGo+uYpyaGvTDP9Poh4IO1o1MwUTAdBgNVHQ4EFgQU -s4a/Q9lEZJkPUCkYiZ7dYgXyHpYwHwYDVR0jBBgwFoAUs4a/Q9lEZJkPUCkYiZ7d -YgXyHpYwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQCx1pCmzga9qPedPRErr9oG -ked8KY0DR/clmU3qHBQeRAw/TNukvPwGEgGpIR3MamL/LgUp0/3kYsWARrzsKVcB +MIIBTDCB/6ADAgECAhRTtCxlQbL9jsIc2xbssnclPXmZojAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcNMzMxMDIw +MTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AH00j8a+JGKAzbrlhw6HKsVyseoJqvPI45Tz0IfXRn3Mo1MwUTAdBgNVHQ4EFgQU +7Ftp1xt285nQvTgIt3H53yeX2b8wHwYDVR0jBBgwFoAU7Ftp1xt285nQvTgIt3H5 +3yeX2b8wDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDIK4mvpExyNd/Veuvr0+iH +hh3JJ+FagRyoKzcIe/Wq6nSU7CllTb3QSkxt/2vLOe0RZ66CL3y+hm4Xpf3/+L0F -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.key b/test-ca/eddsa/client.key index 53b0568de8..6da45d1d70 100644 --- a/test-ca/eddsa/client.key +++ b/test-ca/eddsa/client.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIF1kN4ROxiD1rLG/5ENhZ9Vcj3LClrMKSToC2uVEddTF +MC4CAQAwBQYDK2VwBCIEIKk3Fv6+Yiql1JsyUSwF8dUg5xI2QJka7VCrvyY1V9pU -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/client.req b/test-ca/eddsa/client.req index ac1ade5d8f..0c3ba64a6c 100644 --- a/test-ca/eddsa/client.req +++ b/test-ca/eddsa/client.req @@ -1,6 +1,6 @@ -----BEGIN CERTIFICATE REQUEST----- MIGZME0CAQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA -POHCFETLoCJa5YPecGskXVjIMhKY/KgL7QA1kldezD+gADAFBgMrZXADQQDPZNiP -jTHJMLuunc0+bxAzAOxpSywWWoDqqCOIHCadHgHfe3pzQk9/OAU1iMSV5f9Etstg -66E321kBlitiWIED +J4orr/JsbIidCCuuxXRvEUVN5yMAeoOQLhxTj9bt9H2gADAFBgMrZXADQQBsOliJ +dN8NQkntaTuYRcvfLSEIiTR3bbqbB8Kseb8vEDRiVB8jwsfsZzDwuhTccNsRrNIL +hVycQSc7EUsvgWwC -----END CERTIFICATE REQUEST----- diff --git a/test-ca/eddsa/client.revoked.crl.pem b/test-ca/eddsa/client.revoked.crl.pem index 1779cff1cb..ea72c42aa1 100644 --- a/test-ca/eddsa/client.revoked.crl.pem +++ b/test-ca/eddsa/client.revoked.crl.pem @@ -1,8 +1,8 @@ -----BEGIN X509 CRL----- MIH8MIGvAgEBMAUGAytlcDAuMSwwKgYDVQQDDCNwb255dG93biBFZERTQSBsZXZl -bCAyIGludGVybWVkaWF0ZRcNMjMwNzA1MTU0MDQ2WhcNMjMwNzEyMTU0MDQ2WjAj -MCECAgMVFw0yMzA3MDUxNTQwNDZaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQY -MBaAFF4I7KonT8pjYvHvXyhXvvHAUk1PMAsGA1UdFAQEAgIQATAFBgMrZXADQQCa -t3FCr8qS0Gnq+ZBjs4E5VNRQiHmQJVgHRyDdLyQeikHZ0+djiTh1gl+Po5YIGwpg -hDn3OvO0YtjKNIlvUnkG +bCAyIGludGVybWVkaWF0ZRcNMjMxMDIzMTY0MDA0WhcNMjMxMDMwMTY0MDA0WjAj +MCECAgMVFw0yMzEwMjMxNjQwMDRaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQY +MBaAFGelezYB8S5fQhGU4RsvtTEEZ4aFMAsGA1UdFAQEAgIQATAFBgMrZXADQQDu +oFRRioDfvoo0wWllFqQzChcc57xs5kX5N4QhOJwDoJ3iOm9dWc3ZR6379CPKLx7s +PScMHpQmjzO/9RKlsTsD -----END X509 CRL----- diff --git a/test-ca/eddsa/end.cert b/test-ca/eddsa/end.cert index 4cbd8f7633..941e942f5b 100644 --- a/test-ca/eddsa/end.cert +++ b/test-ca/eddsa/end.cert @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- MIIB0DCCAYKgAwIBAgICAcgwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloXDTI4MTIy -NTE1NDA0NlowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQBT -p3JQLT+wKPGofQqe2lqidbOLj8hwAoZJNBTc5rAtKKOB2DCB1TAMBgNVHRMBAf8E -AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQU00mqZ+S3UNpykNqHt45HN1sOi2ww -RAYDVR0jBD0wO4AUXgjsqidPymNi8e9fKFe+8cBSTU+hIKQeMBwxGjAYBgNVBAMM +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTAyMzE2NDAwNFoXDTI5MDQx +NDE2NDAwNFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQAO +j64BOLMpqqxKiC0Dd2EPSToZFbm/p5WHSI4nNKZ+iaOB2DCB1TAMBgNVHRMBAf8E +AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQU/0iGbVq8VIt83pdkmn7MeRqoPE8w +RAYDVR0jBD0wO4AUZ6V7NgHxLl9CEZThGy+1MQRnhoWhIKQeMBwxGjAYBgNVBAMM EXBvbnl0b3duIEVkRFNBIENBggF7MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29t hwTGM2QBghVzZWNvbmQudGVzdHNlcnZlci5jb22HECABDbgAAAAAAAAAAAAAAAGC -CWxvY2FsaG9zdDAFBgMrZXADQQAAmqv482CuUt16D7M/4AGhXEbce1OC1bPE5KRK -YT92CRD9pwfg00SYIKYq1DjqTj2cAspKjGjbblAIHvt5u+wB +CWxvY2FsaG9zdDAFBgMrZXADQQDpDp/hVJAWoKfGV/aZz72Slm480R0+KwDLrZSA +arvXA+K4TNCGLtA0WIFktwo/OvpOzfNRQMrnSjibcI/BeH8O -----END CERTIFICATE----- diff --git a/test-ca/eddsa/end.chain b/test-ca/eddsa/end.chain index 38a2da5483..2d0fe168bb 100644 --- a/test-ca/eddsa/end.chain +++ b/test-ca/eddsa/end.chain @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AI0/BtRQI45V5ncukO0PvSjK21VD6PqF4su9d5npo/zyo38wfTAdBgNVHQ4EFgQU -XgjsqidPymNi8e9fKFe+8cBSTU8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFLOG -v0PZRGSZD1ApGIme3WIF8h6WMAUGAytlcANBAIZfveXZFMYCGJgcaJMhsexNA8pP -pzKlKCAf7XpT2RwSpTVYKdiFT0rYr3/JRTUfylGm6Tn7KMavEqP6fHmEhgY= +AJwzAzcBUOC1W8DNjttmM/uKliQYIONZu9RNzjiGNSkyo38wfTAdBgNVHQ4EFgQU +Z6V7NgHxLl9CEZThGy+1MQRnhoUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFOxb +adcbdvOZ0L04CLdx+d8nl9m/MAUGAytlcANBABBykGh+W049HT0f8/ta2II1zBGo +bTgA/MLQjHx3f6wK+InKVGRRX4adWN3a8fk258P9HiVmLMovz5X+YlBH8QM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhR7gyGjUc9PrlhC7/0Uvh5Ee2XaZTAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAy -MTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AHlf4LfMdp6UuT9Eq7I3X9sGo+uYpyaGvTDP9Poh4IO1o1MwUTAdBgNVHQ4EFgQU -s4a/Q9lEZJkPUCkYiZ7dYgXyHpYwHwYDVR0jBBgwFoAUs4a/Q9lEZJkPUCkYiZ7d -YgXyHpYwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQCx1pCmzga9qPedPRErr9oG -ked8KY0DR/clmU3qHBQeRAw/TNukvPwGEgGpIR3MamL/LgUp0/3kYsWARrzsKVcB +MIIBTDCB/6ADAgECAhRTtCxlQbL9jsIc2xbssnclPXmZojAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcNMzMxMDIw +MTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AH00j8a+JGKAzbrlhw6HKsVyseoJqvPI45Tz0IfXRn3Mo1MwUTAdBgNVHQ4EFgQU +7Ftp1xt285nQvTgIt3H53yeX2b8wHwYDVR0jBBgwFoAU7Ftp1xt285nQvTgIt3H5 +3yeX2b8wDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDIK4mvpExyNd/Veuvr0+iH +hh3JJ+FagRyoKzcIe/Wq6nSU7CllTb3QSkxt/2vLOe0RZ66CL3y+hm4Xpf3/+L0F -----END CERTIFICATE----- diff --git a/test-ca/eddsa/end.fullchain b/test-ca/eddsa/end.fullchain index bdbf8cda4b..d7f40e665c 100644 --- a/test-ca/eddsa/end.fullchain +++ b/test-ca/eddsa/end.fullchain @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- MIIB0DCCAYKgAwIBAgICAcgwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloXDTI4MTIy -NTE1NDA0NlowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQBT -p3JQLT+wKPGofQqe2lqidbOLj8hwAoZJNBTc5rAtKKOB2DCB1TAMBgNVHRMBAf8E -AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQU00mqZ+S3UNpykNqHt45HN1sOi2ww -RAYDVR0jBD0wO4AUXgjsqidPymNi8e9fKFe+8cBSTU+hIKQeMBwxGjAYBgNVBAMM +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTAyMzE2NDAwNFoXDTI5MDQx +NDE2NDAwNFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQAO +j64BOLMpqqxKiC0Dd2EPSToZFbm/p5WHSI4nNKZ+iaOB2DCB1TAMBgNVHRMBAf8E +AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQU/0iGbVq8VIt83pdkmn7MeRqoPE8w +RAYDVR0jBD0wO4AUZ6V7NgHxLl9CEZThGy+1MQRnhoWhIKQeMBwxGjAYBgNVBAMM EXBvbnl0b3duIEVkRFNBIENBggF7MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29t hwTGM2QBghVzZWNvbmQudGVzdHNlcnZlci5jb22HECABDbgAAAAAAAAAAAAAAAGC -CWxvY2FsaG9zdDAFBgMrZXADQQAAmqv482CuUt16D7M/4AGhXEbce1OC1bPE5KRK -YT92CRD9pwfg00SYIKYq1DjqTj2cAspKjGjbblAIHvt5u+wB +CWxvY2FsaG9zdDAFBgMrZXADQQDpDp/hVJAWoKfGV/aZz72Slm480R0+KwDLrZSA +arvXA+K4TNCGLtA0WIFktwo/OvpOzfNRQMrnSjibcI/BeH8O -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AI0/BtRQI45V5ncukO0PvSjK21VD6PqF4su9d5npo/zyo38wfTAdBgNVHQ4EFgQU -XgjsqidPymNi8e9fKFe+8cBSTU8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFLOG -v0PZRGSZD1ApGIme3WIF8h6WMAUGAytlcANBAIZfveXZFMYCGJgcaJMhsexNA8pP -pzKlKCAf7XpT2RwSpTVYKdiFT0rYr3/JRTUfylGm6Tn7KMavEqP6fHmEhgY= +AJwzAzcBUOC1W8DNjttmM/uKliQYIONZu9RNzjiGNSkyo38wfTAdBgNVHQ4EFgQU +Z6V7NgHxLl9CEZThGy+1MQRnhoUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFOxb +adcbdvOZ0L04CLdx+d8nl9m/MAUGAytlcANBABBykGh+W049HT0f8/ta2II1zBGo +bTgA/MLQjHx3f6wK+InKVGRRX4adWN3a8fk258P9HiVmLMovz5X+YlBH8QM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhR7gyGjUc9PrlhC7/0Uvh5Ee2XaZTAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAy -MTU0MDQ2WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AHlf4LfMdp6UuT9Eq7I3X9sGo+uYpyaGvTDP9Poh4IO1o1MwUTAdBgNVHQ4EFgQU -s4a/Q9lEZJkPUCkYiZ7dYgXyHpYwHwYDVR0jBBgwFoAUs4a/Q9lEZJkPUCkYiZ7d -YgXyHpYwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQCx1pCmzga9qPedPRErr9oG -ked8KY0DR/clmU3qHBQeRAw/TNukvPwGEgGpIR3MamL/LgUp0/3kYsWARrzsKVcB +MIIBTDCB/6ADAgECAhRTtCxlQbL9jsIc2xbssnclPXmZojAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcNMzMxMDIw +MTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AH00j8a+JGKAzbrlhw6HKsVyseoJqvPI45Tz0IfXRn3Mo1MwUTAdBgNVHQ4EFgQU +7Ftp1xt285nQvTgIt3H53yeX2b8wHwYDVR0jBBgwFoAU7Ftp1xt285nQvTgIt3H5 +3yeX2b8wDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDIK4mvpExyNd/Veuvr0+iH +hh3JJ+FagRyoKzcIe/Wq6nSU7CllTb3QSkxt/2vLOe0RZ66CL3y+hm4Xpf3/+L0F -----END CERTIFICATE----- diff --git a/test-ca/eddsa/end.key b/test-ca/eddsa/end.key index 4aaeb7ee0a..6701332062 100644 --- a/test-ca/eddsa/end.key +++ b/test-ca/eddsa/end.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEILpjcX1mqV95ccSy9dkDjfANeuztB8tjSbWB/ZIBP+2O +MC4CAQAwBQYDK2VwBCIEIBOlKbPZIvsapxU9ExsbukTI6M68Y+ke8/aF9OUPngSX -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/end.req b/test-ca/eddsa/end.req index ed3fad0211..779a4a398f 100644 --- a/test-ca/eddsa/end.req +++ b/test-ca/eddsa/end.req @@ -1,6 +1,6 @@ -----BEGIN CERTIFICATE REQUEST----- -MIGYMEwCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQBT -p3JQLT+wKPGofQqe2lqidbOLj8hwAoZJNBTc5rAtKKAAMAUGAytlcANBAEm/ubmQ -UFdzGQrnE4rIMwIKmGCkmN1OBkXeKUHa9Lkhylu0ZeM6wy0VIhW/m+FvhWLlL5a7 -WJMwnkw/R8CBJAg= +MIGYMEwCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQAO +j64BOLMpqqxKiC0Dd2EPSToZFbm/p5WHSI4nNKZ+iaAAMAUGAytlcANBACna8zs+ +HnR2QBS6cfrH2TkOzg7krQ9xGvrRNyeDFDhP/bdqsla/iAFcDMfMaLXDAuQ7xFsg +A6OUQDezwMZIbgM= -----END CERTIFICATE REQUEST----- diff --git a/test-ca/eddsa/end.revoked.crl.pem b/test-ca/eddsa/end.revoked.crl.pem new file mode 100644 index 0000000000..5c2ffe0eb3 --- /dev/null +++ b/test-ca/eddsa/end.revoked.crl.pem @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIH8MIGvAgEBMAUGAytlcDAuMSwwKgYDVQQDDCNwb255dG93biBFZERTQSBsZXZl +bCAyIGludGVybWVkaWF0ZRcNMjMxMDIzMTY0MDA0WhcNMjMxMDMwMTY0MDA0WjAj +MCECAgHIFw0yMzEwMjMxNjQwMDRaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQY +MBaAFGelezYB8S5fQhGU4RsvtTEEZ4aFMAsGA1UdFAQEAgIQATAFBgMrZXADQQA+ +tF2+zT/gIi7HYJwMeAdsvP9dsDUEEz/OtwnZCep7IhH979rGvTgQZJbllMfTurFs +Y/41ILf1+TzC8+9LGZwM +-----END X509 CRL----- diff --git a/test-ca/eddsa/inter.cert b/test-ca/eddsa/inter.cert index be20157ff2..e0dd534c5a 100644 --- a/test-ca/eddsa/inter.cert +++ b/test-ca/eddsa/inter.cert @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AI0/BtRQI45V5ncukO0PvSjK21VD6PqF4su9d5npo/zyo38wfTAdBgNVHQ4EFgQU -XgjsqidPymNi8e9fKFe+8cBSTU8wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFLOG -v0PZRGSZD1ApGIme3WIF8h6WMAUGAytlcANBAIZfveXZFMYCGJgcaJMhsexNA8pP -pzKlKCAf7XpT2RwSpTVYKdiFT0rYr3/JRTUfylGm6Tn7KMavEqP6fHmEhgY= +AJwzAzcBUOC1W8DNjttmM/uKliQYIONZu9RNzjiGNSkyo38wfTAdBgNVHQ4EFgQU +Z6V7NgHxLl9CEZThGy+1MQRnhoUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFOxb +adcbdvOZ0L04CLdx+d8nl9m/MAUGAytlcANBABBykGh+W049HT0f8/ta2II1zBGo +bTgA/MLQjHx3f6wK+InKVGRRX4adWN3a8fk258P9HiVmLMovz5X+YlBH8QM= -----END CERTIFICATE----- diff --git a/test-ca/eddsa/inter.key b/test-ca/eddsa/inter.key index 42abc0611e..af443e51d7 100644 --- a/test-ca/eddsa/inter.key +++ b/test-ca/eddsa/inter.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEII7VfiQYQnipujNa2R+wIriAvyP7kzcTg6EJnHfyHfKy +MC4CAQAwBQYDK2VwBCIEII76J/qZcFnEZbXjx7SNcGAf/GqBdBhJ4vi8vtROn5V1 -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/inter.req b/test-ca/eddsa/inter.req index 00674aab63..218417a7d0 100644 --- a/test-ca/eddsa/inter.req +++ b/test-ca/eddsa/inter.req @@ -1,6 +1,6 @@ -----BEGIN CERTIFICATE REQUEST----- MIGtMGECAQAwLjEsMCoGA1UEAwwjcG9ueXRvd24gRWREU0EgbGV2ZWwgMiBpbnRl -cm1lZGlhdGUwKjAFBgMrZXADIQCNPwbUUCOOVeZ3LpDtD70oyttVQ+j6heLLvXeZ -6aP88qAAMAUGAytlcANBAIhqpGFU9lrS1c3gQ3g1jQh/xUH0SIyarlODXpUXbmqB -FI4MIwgxVMJAzxbiEj1/qVwNf4aURiRkCftQIGbj/Qo= +cm1lZGlhdGUwKjAFBgMrZXADIQCcMwM3AVDgtVvAzY7bZjP7ipYkGCDjWbvUTc44 +hjUpMqAAMAUGAytlcANBABFku7ohuVUqK/iTUnXZewmU72aDU0oiu9HCZtE3mRLq +qX0R9t1Z2+eFGR6LHTqzdJNQUyIzflx6ye36DJXdWgs= -----END CERTIFICATE REQUEST----- diff --git a/test-ca/eddsa/inter.revoked.crl.pem b/test-ca/eddsa/inter.revoked.crl.pem new file mode 100644 index 0000000000..963c18721b --- /dev/null +++ b/test-ca/eddsa/inter.revoked.crl.pem @@ -0,0 +1,7 @@ +-----BEGIN X509 CRL----- +MIHpMIGcAgEBMAUGAytlcDAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQRcN +MjMxMDIzMTY0MDA0WhcNMjMxMDMwMTY0MDA0WjAiMCACAXsXDTIzMTAyMzE2NDAw +NFowDDAKBgNVHRUEAwoBAaAwMC4wHwYDVR0jBBgwFoAU7Ftp1xt285nQvTgIt3H5 +3yeX2b8wCwYDVR0UBAQCAhABMAUGAytlcANBADOqMI246XRgiVUL5vsReN7R3ycY +lwW/n1lDScTl15ZwGNGj8YG0ZDeFoV9I0ptbmGhuzZfZcsugZcaONtQipQ4= +-----END X509 CRL----- diff --git a/test-ca/rsa/ca.cert b/test-ca/rsa/ca.cert index 9d1b1507e8..44cdf39321 100644 --- a/test-ca/rsa/ca.cert +++ b/test-ca/rsa/ca.cert @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUeBO7ijNleg4pg4gsGEwTqZeLBgowDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDcwNTE1NDA0NFoX -DTMzMDcwMjE1NDA0NFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmfbeDwj5qaV4Iw1/ATrU9Ss5irf9 -pWW5scBC/DLswdRgJgHnM79BiwJxhjrUGnBIRdOoAopf5NmJt14wwwOkyRui77jR -1XLbiTV5uow4NIZ0oyTYUTybmIdqatbCGXTOnYedOoogZt1D4SvDyzoCPJMXL3ig -nezgmPons9eXjMJgTZXxCIkwUYcIjhvjHy2QIIXWXQM0jG9/gVMJN+Wu1FbhAv2V -z+DUZmFKwjjvnFJsQskoHGZ8g5hKECKiTD6zSKyVcJSKOcgnPrA1jh1YAwVNp7qn -Vt15Z26dsKSKSJh0ET6PSrruCQ4W3dgAN3PEUZclx/VFBEnWx+Xr+zbqOVg5RAA0 -QZRLZQqzIuZLFkEQJ6yMerU0cQ1xvkxhWXSSYG0tZHonfhZu4x65M1GRZom1XTcB -XtnwrcMCxYuRRIHE6ObRqzenkaU3dS/s3oZzHXv9byUdrYU4ZfhSYObGegCa4jY0 -NvuaL1JJyGXJ7P97ScRf0Gjm7m+oMrET7gb0bZYTgIJd7+FnUsiRXHH2b5w9AoCN -1tYSmmu1wXkGw1njqFGLKrghwhfYrH5o/8xnQbkkszEWSCGW8e4Z1KIPCM/an6JF -QfwbSFw7ftjN87qoqqkzqQq4CoiQGyCs9mMSBmmH/7XTFsRjmw205Od0N+XCEAmv -OPnA8J60gdoVW8sCAwEAAaNTMFEwHQYDVR0OBBYEFHogObiMvRDUu1UFA1ElmE5o -n0LVMB8GA1UdIwQYMBaAFHogObiMvRDUu1UFA1ElmE5on0LVMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAACPasY7ZBYW58oYuMgX/MZa5F8V3bTX -Fi7WpuunVzJ6X68KadTPF1GeF/dyfkqly9xG5qyeL8X3MoAhKfMp75iz7JkNpilq -mHO9GRN+SRzCOF2otWZGpvTp4syLq6VfjWw9bkwzC5N7FIP0t07aO4/AIPbpwHwm -oH8O611eVrh7nrhoXhUa6s4UxEVNu6RP6D8AtO4KDtJ3phPgvEXXZKZ/DUWcrAmB -2mXVZsuLOvegPPP0RxqgKlNX2ZG53xJE4Ugg8zfPyU7DCI3kpnks/gJrhz6B1nuL -14KOC/rXo5oQRNVhTmanKHnW6GKZ5QEB1rqty16RG2CBog7957DnSYKleO4Y7daN -RZQX2x34PzbKvbDqcIgtlmFJmP6OMd8yUGBqIEh+3ed6GImfoMZdhmnttMnaAmlP -OU/w4cTB7FhQoX4MN5y3S/YA32mBjBt7H2NZmXJl5Q3DU1cKtJ1vAwHIATXlwt7F -9wOuhT/2usGQue1l2H26KRZ7tqa0TvWYzYI9liWEn8CT+Hf505c9lnAV26lxoSBH -C1MQhK1UzOSpL0m+GFdz6fX6fCYCB7DZDuv++KcHWbKXVTSk0jxZvl34CAIXJy2s -Xm6jtv9+Jo5zseYDTT/YgUXymH30SL+x8WHhOPPgunF3SD7uMbSyxI021vkBmRmi -mXLHfCGEyjF/ +MIIFFTCCAv2gAwIBAgIUWGj6bltbjWrqNVeP8QkDGMmNV5AwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMTAyMzE2NDAwMloX +DTMzMTAyMDE2NDAwMlowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvOn06bbCkCE7wuwCXojGngKuPj5k +oNB1k99U2X4CNiyPez3EhHFTRJ2sZ8XMf+mgVVS8QBmJb17mHzPDbKlVVqm8W5jV +n0q0AMFBTxbPzupI9puISAlrnnP1EgX4DM8WfPlzIYmVwR5G80qSKy1YLjiQlI8J +N3E5HBQiTrVyjBpSAyAujhhDJ0pjkBRA1CuwU3wL4OM6VlRnaEXV4RiUxsQVnyy3 +15x2VIPYjWm4pj6HLbxvReTuJO+kZy1OJnkAY5f5OMXYbabcp5JBHDafrRh/C1ls +iCRzhfHuaxeMMSHSOSeiN7yrE23tVB/F+dQ3k3MQVziuMGngK0GJ+aYbQ9bo3JPf +kuUk0WMMGNfjnEPJ9WHOiEAaG90IF94s1oR3JKa7RepmCazf9hA7/2RMxlnxzhUl +JiZyNVG3HpnNzd37VGOpLt2UXhdtWNhcwUwHKXuAE2QYTVkQsCfEW+es/yN05Vyn +DHocS8vGReS9Jc+ABqpqF8nXd/BKUNrLI7hSZAP0MNeoHTWY0XBXxICeLGeU0S4B +fVe0WFmnuS0Mw/bowuG186lXbzZCqf8v0/95D+NoQdbv7M5bKN8Y/EC/+FbQHeuk +rL0ISplPxmLq9H1Ldt0P91Yc3FbMSvg7m5eTlYPFWuiFW7XKjIAtIsihEtGeDneT +C0+yenpLAEGOpOsCAwEAAaNTMFEwHQYDVR0OBBYEFBGSqBeIIX9SwLsIniIRrGy9 +TN26MB8GA1UdIwQYMBaAFBGSqBeIIX9SwLsIniIRrGy9TN26MA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBACzcRcYKjUFndZjGhGQwGBtbZlSq4SX1 +YGhqO8sov3uQiWhtSFcL3qTJy69pxB1nfTDiloMFGaXORYJgvyRnD3fZugFiTp+C +LRcQnStiZZWxsCARLQ78FOTy8hMxA5U47BE9h4Ut8eIbDsvBaGYWYGntUqSf0qjK +tFjmmmeQI8EKv1YI3gDnkgoGNwycmXXYhPct4sjRnl158B60bneJwSCrla/BmLfM +PYHCzF7cE29k2n4oi4QUCaFh2Ozmrw14UuEfv6MSGzDXoKxHSs0YMLE8/AF7YeHv +6Wrd2BUOYMCmP0JK4s/JOoeNCWWZ1aA53C1Ch961/XToXzJILmCK9SaAYV/cu+Md +U26s8gRRVfW29OML9F5Caue4jruFc7GEv1zjM2tuSFk2Io2itZXfTed3JDuf49qu +AJoksI+J5iLzo55oL5wnYmtKlcF16EWaPXKDX8SlFWqAU1np9wpU9OZeB6g8UbAV +3TrMQ/sN6CKpPnasJPBIowapKZ3sGf/PQnZeEE5SJiBinm703xrSu13cm19tdGTE +SMGg6QerUfO9MWypM1ZAd8/TWH1a3rv6ezoyp+3HxoA6J5E0kIp9TswK+pVwxqHb +RkVObe8gIk+Q4q45bYuhdn/jZrQ4VNSi5/LJDvqIF/HDF3FzTRcoynIFrOJXNC7s +K4XIODjx7ooL -----END CERTIFICATE----- diff --git a/test-ca/rsa/ca.der b/test-ca/rsa/ca.der index b2f0cd4834861620c2114f30b5b1a4d8992d2765..9b69d76cb91e22228db95d805a464090739bb275 100644 GIT binary patch delta 1183 zcmV;Q1YrA_3YiKcFoFdYFoFX8paTK{0s<6RX!>qjTa9Y!HCK=E2?H3(jaQJ7BQY5< zFfubSHZ(9WGFlf6Gcz$TGB7bVG%zqSk!?PIyy^7mw!)AhJHqS&UWmq?0 zliyU?egZZuk9$4DgmF_uovdfY%zx>iRaCq{8HsOR<{vY|Y^haNsk~d5)t^eV0Kq{| z7SGP=NcNkENC|76bM+Dh_zce$eED-BiIu?~M)OLND=kwQ`Jq z8d3uwE{+&OCrV?G6hPD~uv2^s;Nv=0RA*>K)!`VF#>5q$EVtL3c2tAdjcK^1K8G#5 zZ$;$pB=4kWElwtR0ArW=IK|j)rrf8JK^!)ptr&j`S!{?TbA|ElYZr_$A<{V~qBp#& z6K(BOAI169H_sueqroI}a=Va|v^8XMgR z7v3z^gm)ySyG80|39R4t5Ig^5OvYL9&J`slCUP}Vw;q|z&E5M{W2r9PlwKEYSlC>_ zOb01@fD>dGO<54IC&XLltp6i)dK^p3#zo}4CC`8cs%jU>*LUzrP}<9XBe+sz z1N1Q0s2w$!(QsG9fSxR8l+i8$eOI(tS*N)z48!*5!r`^^saJ0{LaF~R)Bkx7<7h$F z@9fT7DBl?TK)?7_&>icfti1?InNP-I>hyg}cHIy6Rvg?`%u4t>o0pT7gT-3tgZA`z@?y-eM@Fdqg3RUIP)7%&!q6cLiB7lJab=ZXWE#k=0o?UtH9<*+E ziNPSNm9N2=x6D0(!pvUW6K`bNekhBC6bYeW*zD%74R})FAHSm#8!*?PtVc@C7%;Is z`~iDm;qU2c-PjclV8Et7LQ3M#$vTIP31ykppgG(vLWkb9{dDMGGDt39ihuPcfMH+U zyW<^GZmjYIQC0P}^y3TkUP5Z;xQ@GpbFqZKT;nrqZb(@+B8{T8mETS0cO*NXCloF`&yN|nKN=tY`6a)V#Qr4?#`Q(5Wv3RLvwUI(Z=QLq)=I?O}+ z4d^1NK6b1m@JOQusVSZ88GrxJLUvvdPEsZyVxDgF-x|`pUEG^rZFFSBNWq}#2dh!@ zy)kU5Ggd%%&(m0aTHd?*dpa_w?Z?J|Iwz4dkcxdy%nJIIaK@qAMnz6-?;s*ikm9a6 xZHu9Hf8%DfI8@Z4=km!8`iK|t!xwRLO&2K2as{m7S2Ql{D}~57I0W(TiVGDFDP#Zu delta 1183 zcmV;Q1YrA_3YiKcFoFdYFoFX8paTK{0s<6x6T6BtWqJ-NgNQ5`OcSY>iv|jjBQY5; zH!w9ZH8e0ZG+Gx8GczzZFfuVUG%z$Yk!?PInfBff2>Gd{cq0ve0Xo$6D>;g{{iS8O zvA{z7GVHi8Xn; zj5sugbfYBLQ9PTNhiYop!WneVorj$|iXdj)L*XmK%Q^x)lNT>|pq=dCnEEHP*O!cc z!eC96@d$}9QHKbQ8{;1>kRXNDT>~_XZ-0SP2{+}g)K=jF{guz))MjBy!Z`1oQfxxW zC>&;dgP2MXBBD$_vq-F!aFmKU$R|FqHI5xv0|iZ|x~Ep%d1r2&u%wDem~;_7k4n1k z2@V$B*Z?-#o;>N!|BL;y5FluKm_vm)k87C{gvtc-fKG;s}a zzD!|Rbdq3gEo6Epeim-y9=S77k!FdtT{i(<+3>By0>z7wM1jQU=FzJ+r;(*MbuaAR zhI1Wz{cj~5t%W#c_)=iz#(Dsn;x;rk`8=I(E(GO-hX?gsR2 zmJ@)2UGL#%Qpk~9arSSVJpzD@*47f5Yqi072E$q7s8Ne5xFNz9*sOkN|IBAWxg@hO z7DyqM@$MPaq7Mkq+Ml9DLHrv?TswZ)&GWjbs;M)n3b+c0kQ*SZ_G1zTX@~!{(-y>I zn+>$&=X5va!Vn3sIQhWvp0t5Y+7(;N0s{d60i#neQ7|0_163Uk1QrAodLTKtjJ*)l zyHy1PQ6-p8XrDsWFdqg3RUIP)7%&!q6nY>zxQx9J)Voy$15qWIPH3M()syrBC4T^q zYQ{Tc78d8q7`Vt6{Ki`3UlrZ7*A_0;rt7CyGJ0RH3Tf2O7g3%U_i}zprOVt#=B%DC z#rHCRAu01I@0hdfnGL2XYM67q854d<9KtwVsI_KBru6CJ%!{j~UyW=%ZcH-^lY10{ z^tVphJCDF1_UXWUCZK-~>s?+}xPN<|xM*G#8tTpz#6?ZJq)+HS0JQE34$^m~6X3i> z*JP%D4Mm)+34z*W)n?0!I`^PF^Ylj=pej>W*^#;55=7xhAoDlR$xg!vjpU|zEdBy( zhdzPUdyChCjtlzNqnZ#z)nQI%rzm;W=wg}W0Rh&!t;=4K8(@K=4*ln_=YL6prFiZb z?beM&lo#6__&+wvy|C(Vh%J_3NtphQG2b#!U}_*pe%S>t#$ASK?X=0-0%=b< zPw?Ty!R%O2p?(ZEoVQE%0N-hWj2n9&V_BJUW#tXSQ&$SKoo@pH$N@Fw!rsOA1FnTX z_PW84x$R}xeYzR(mYwdUHAwB7bh*OUT&kd|9&QpbFt+^^hm$4@nPXO^WeI1cSt_&F|@M8jW*W#0ht-1nR3T`Aq0fVF@JQ2Fa-br diff --git a/test-ca/rsa/ca.key b/test-ca/rsa/ca.key index 42e5dd612d..683bb0b303 100644 --- a/test-ca/rsa/ca.key +++ b/test-ca/rsa/ca.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCZ9t4PCPmppXgj -DX8BOtT1KzmKt/2lZbmxwEL8MuzB1GAmAeczv0GLAnGGOtQacEhF06gCil/k2Ym3 -XjDDA6TJG6LvuNHVctuJNXm6jDg0hnSjJNhRPJuYh2pq1sIZdM6dh506iiBm3UPh -K8PLOgI8kxcveKCd7OCY+iez15eMwmBNlfEIiTBRhwiOG+MfLZAghdZdAzSMb3+B -Uwk35a7UVuEC/ZXP4NRmYUrCOO+cUmxCySgcZnyDmEoQIqJMPrNIrJVwlIo5yCc+ -sDWOHVgDBU2nuqdW3Xlnbp2wpIpImHQRPo9Kuu4JDhbd2AA3c8RRlyXH9UUESdbH -5ev7Nuo5WDlEADRBlEtlCrMi5ksWQRAnrIx6tTRxDXG+TGFZdJJgbS1keid+Fm7j -HrkzUZFmibVdNwFe2fCtwwLFi5FEgcTo5tGrN6eRpTd1L+zehnMde/1vJR2thThl -+FJg5sZ6AJriNjQ2+5ovUknIZcns/3tJxF/QaObub6gysRPuBvRtlhOAgl3v4WdS -yJFccfZvnD0CgI3W1hKaa7XBeQbDWeOoUYsquCHCF9isfmj/zGdBuSSzMRZIIZbx -7hnUog8Iz9qfokVB/BtIXDt+2M3zuqiqqTOpCrgKiJAbIKz2YxIGaYf/tdMWxGOb -DbTk53Q35cIQCa84+cDwnrSB2hVbywIDAQABAoICADX5L25I4LDik4OCQzAsriQG -U6U4C+C0EQ1pj3H27j2i1FPundzroq/3GtIKBHoCO6vS35aIaMaCpj8Uc3ah694e -ZJeyDElN+v0WNIa7iiaLrg7VJ0oPO6KUci9i+udOpfHebTVs35//2EBzBa/UNZ2D -mQCownGqbS/jnhBzNyr+pyD7u+QYp8ok0tByoUO4RsrH8FZp/b1vhtzQva4NRCUn -EblpKWAW+o6rc7gzmngMAuzEtN2D5gmB1RDj+05MOrBy4+5z/CL2ch+NSTD5Q3XH -oan3ipsuh9VFF12pyNpbK3EyI6x4bGLbQBPkGWtXF47ctD9tUZUHx5YLGZdW8HO/ -gAR9Zlu4K3b/1cwnBtuo9CIAYdNjnobu66M8ilqCTlRNw5891ejfoY1Um+zt0lGy -T8ZDEY+5Vt8AfXXdWFjI9TLdPjihHYI/KhTwrdVYK/pxRlashl0oYP+KxZ5tgJ4A -osIPWdkpV0GZA74CSZlu/0FSDzBCoYar29ws+wlPtDxAHZsl3YRxTc+ugyFcD6cl -VFH3t6R062WNAmb2eUbyuY3+JecMZO/TH4Y9dYhYiL38E7XnzFXiXDTqIKlDpNkr -PPV2HY+0xStpk5XzSfiBd1uGVjVHzx71u+SXQtc75KO3uNRa9q8XSptc/B1ye2dr -F9jbVOasGjTR3r33Dc6ZAoIBAQC8ReJQohWKo+5K6UabCMNZYgTJUa6+PGNwt5wR -LZx4aJfHbQkrYwR8bCYilRkzQUAWdCjHJGJ96BhogcJtbnnULLK2pD6OChM0Fzds -3nTvTkF0z1JcL5TSjtEmpbepKv7RIYykKlDsiD+e6GZ0RJO+idBuIFAx3A42m+9N -4EaTOn5P+d6aQyaTy0TpphJnBwODi3eHUfxC/AJkvKGqI+NZBI/Y6CT+GqT6jFx6 -LgavwI5x2UsN3b96yJbGn296sPOPX4AaNWoAf2Bg0SQPXaah6n8t0paJ2n7Xl8gR -ti88V+Iz851TD/xBKpOs+sKH2/fVsEetroe3j2HPe9k0Lgf5AoIBAQDRWX0XqbzZ -XWVXPlpas+8DEk4MjfxbxH6yBSl0k0gRSULMm2yAYQo9eH11RXxC5zrAPCgFI7pj -xWkvYE9JUrACkGh7WIJtHpWsNPij65i4AYv1bp5dq034B7X+YhMZ8y4ydRNWJa7d -1Lw5PCSkHFkB6Xbe78EATlBxcmAX1cz73k4jvjEY7jTIbZsKbZ9OIbaCGV+mZadv -HYqt4anV01Tp3JBSIOUKo/UJ6rm9Tx2o1m4jtqUqojia7UY1JkNBBzGSAAsT/LmC -WsTbdqlbJ1+3ik5LoTblQelNsH0knulZ+WXXhGp0me4rjf8WKlTux/4dPL6GHS86 -TkvEnNnbXRrjAoIBAQCPh49S/V4CxZqijViAVJvohmsztwvKh2sfwTo/dlA1Ezey -lxNIekIvQJuJ/bSqeHINLBzyRHC5n7kL4vCAUJqcAD92MZxm2JNvQMvGOYlX7obE -MFGPac7A/pPALNHpK5f7guIfPQtYZz5pPK7usGEZ/yJg8k1w1VwYkaRL8FCdaRhm -jA0B+XNtdKdioHKjDJvHKwnCpeP0hP6mIY/1j0qA0JOBPukEtvdS8rKFipUaY2e0 -r30iYwzY5Bbd8SohlMj5YkrcsB/RpUmqRYaCGFkyUv0Fx+dvzJyqa1Hg/szf6ffO -t0gWzLb4Tycp1jl7LVyxEaRzafyZGbvtW3No7jaxAoIBAQCGPLKIhM9SNZ/wtEut -k2jz+D3RsQ2bLkDrF4JAfNweMXLCzfphy1eMmQEhPD/0il5Su4AR45n1tbS/qyrL -4lh4HG7SgKuJGq5wcLrqKPyRKHS9GIQ1nc1t+EvLZMnIvvTlZ8rRV3JsTaevr4/z -JzYvkqslQmjoME9Gn0dcoTxCWIaURrUmvj9cMWPT6PzYVae4flql0NLu3et5mZSU -RmFRX5uu/ea/zuglxrv41o03IOAYyFnaH5DaTsDQ/crsHJe9fYec9lVhb6CA9PKd -P38Rqn6P4jzX/k6CAWQNIlSQ2+lgq0izoaxlgzSI2vYA8n5P8w5b4sTQxzmwRb8v -+OBvAoIBACFTTlrcVOFg3LqXvJkrmOHRlc+6xu6wKthRRT8YSCEaft+OqpwVko1C -pdbmPjbqYyfave6CP5Ok0esFj5/UkR9JTmwxbRWfGWub67lPEPNT5vA6zVbd1khD -/2rNqKokOPt4IYHPIvTnl/kgCOvz3tM8mp3uWiqWICfPQg5F3CrpJgWz9XYWeIhv -7kzAyUtqy01y0cWkyyKwJBMQCSM4+iQFfap0hXyCyQf8F2fo7480WtzQYpwN6Cxj -osSM98P5VkJtNfX0tLhSyo7rv4LFx5zNL3js8c+jSLZP/Gva6ttwv4uepJlL/n3L -TveOK3pXOzZpbPfacvO2EweKccHWM34= +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC86fTptsKQITvC +7AJeiMaeAq4+PmSg0HWT31TZfgI2LI97PcSEcVNEnaxnxcx/6aBVVLxAGYlvXuYf +M8NsqVVWqbxbmNWfSrQAwUFPFs/O6kj2m4hICWuec/USBfgMzxZ8+XMhiZXBHkbz +SpIrLVguOJCUjwk3cTkcFCJOtXKMGlIDIC6OGEMnSmOQFEDUK7BTfAvg4zpWVGdo +RdXhGJTGxBWfLLfXnHZUg9iNabimPoctvG9F5O4k76RnLU4meQBjl/k4xdhtptyn +kkEcNp+tGH8LWWyIJHOF8e5rF4wxIdI5J6I3vKsTbe1UH8X51DeTcxBXOK4waeAr +QYn5phtD1ujck9+S5STRYwwY1+OcQ8n1Yc6IQBob3QgX3izWhHckprtF6mYJrN/2 +EDv/ZEzGWfHOFSUmJnI1Ubcemc3N3ftUY6ku3ZReF21Y2FzBTAcpe4ATZBhNWRCw +J8Rb56z/I3TlXKcMehxLy8ZF5L0lz4AGqmoXydd38EpQ2ssjuFJkA/Qw16gdNZjR +cFfEgJ4sZ5TRLgF9V7RYWae5LQzD9ujC4bXzqVdvNkKp/y/T/3kP42hB1u/szlso +3xj8QL/4VtAd66SsvQhKmU/GYur0fUt23Q/3VhzcVsxK+Dubl5OVg8Va6IVbtcqM +gC0iyKES0Z4Od5MLT7J6eksAQY6k6wIDAQABAoICABAuBYDi20UW45RtPEK2ejRc +TGoeU+YGFJvmm9DI3w2ewWcvwh4JyrTswDBfG4W1D7tfN4RR65hzS0hO2aT718hF +X1GFBH7RGhuacaqBbKjvHfKpHYH19Jasnce+ZSFLt0Ra5QZxTzcsDa2WrHAwQQYs +aA2hNoveEaMbAlk1ZysisfV8kyAuacn6sA5N/cNuPnrX+/h13bA5KGYg3RGbVlqz +vppUbSZ1Sxkv9aMe8+ahIljDc9BLrC3TrIP9uFzJLkRZZsn6/+9cRDfB6futnf1o +RLFHJml+nbpSHzZi3On0WJn2kAkwCoLufk4fLoiYKW5ig3rE6v5QgxeRVGziUiFW +ObLpKlp7p4Ay7neveZgxV5PI5nHGpqe/WNPVouV41BbfpY5mq1xo9pfBiRNvfXWC +M3kevnDwouXebO8Si1RVxI8x/xZ3TYILPVYksDb7BolTnsivwL1QMT6atErc0dpi +2HkJso8NcMgdAkhPTOlj8+mgKVsPv/GrxkFhaRGsoTt+RD7JRGf2crK5mQ93VTYS +Vbl3IP5WHzY05NT640gIG+bprWAudo92gnlWtFJvnbkG3slt24ewhovkNV9kU3Ht +FNDE+3a5czgFXu2qT+JGORQDEYzEch3q+Ui17kS0STeykRKY8kBIHt0IO6jWha5h +sq6Khf8yDUxFKDNKrQrZAoIBAQD+wRcsFLdalOTN9oCa9pSwlosKuD/gX9X8Y2hf +5CXtybfTsBqVrFDoE+L7xDR0yAM7wFO8fOgbbGpRdndUy1EtHnal2iPnXXQNE/pK +LUU3+MURoVW4VMhxwbx7OUcFEN6dwNQnFxcwI9ZBZiMgnjzHHBXd+NvSGx2LN/mk +N5ponn2Ukk/SsvjPEJs5VnTbj4lZ3q5QyMrjCAyZ60iU0Rb/3LJ40BoQOhB9STK+ +QPm9tPKho2LaTZRa2Ccvvl8QI6xajwi+gAYU67I68YdiNvXzPT8Qd+JjjGwHhiej +tcsd26wr8y/Jwr11vk1lL8TmOHaCzlh7pPWBCH8XRYxJHflFAoIBAQC91nHyv8pw +EIA+H9QUL1BSxEMMsHQzAwANCifsiCBLzvX7HSMFGqLQ+Xe7W1Wa38vvlRJwwimP +tHM8U+xMhEtK4x3AE4aK8djnNpkpPNzwjJ7JARHuSXfRKbL1P2/ebUce6JFccGiW +R+3pIbqdklBL4IQznAE4InN+BdY/cw8vjZVdvmqBXlmtg6Sei8Z7eh4UhDQ/ZTw7 +xjtqlVvyY5YwSeh52dyGPp81q7XdqLNPZU+JM0Z9Eb3taYm+/FBmKYjZPR8g0XmC +H1sW8pvODX8yG0BSPyclPY04pJt/n6U2ocrLlemIzoL1m7k9h4Lo/4h/G5elKIW6 +ZC+5eS/KolBvAoIBAQCkrTTJberIRw9QhFPF2DdtnyLqHwhLhifRKoFB2z0ZZRfL +Yz8MGYODQbesf7xY8SIF8eEvKp7vezmOx0GEMpmazOJte4FSAfsOqSdV48Wm1Myv +BNdgfI3F2zJ3hSL/h1QgLZH2Ytq+Z6wMQnXak+891k3cWw3d12FVqS1algbeMfWD +oMCwtrhXQajVe6m2dCaZTXTpC6L69y0OIiWc7Tws0QEdT4hJjP8zvalripzloJ5n +FjLEYvnPb4KFPk49JJI5R9SjMCa+R03DBHY7asO6JJErmBNjvlXm1zWwgcd22ZWG +I4F0rsnB3u4wxpxFJaKWE8TmyE9axZ9B79crPJDxAoIBAC6W9pgw4annItIcVZwu +kHP/nsT6eUobrmOE3o96SRLR1CSw3etewh6vWucsXzIHQrGl0ETEIhcWnkFsB04w +GZpjauW85QQsnqMAD07DlSWkHUQPcysb9L/sj/MIgpgAEbhQM3yQSdq4BHd2w6nw +QqyciVVxMAtqyRVgsVgZEN0GzmWXWeQuF6wx5rDSdP/Q1JkMaRY17jZtTB+4UDyI +nE91lAxzn1+C9ufhIF0qDfeqUX7GisIfHJGrmRa6LbEk+GT4Ty9quXtp3p0fJYXI +YjMV5Q9KWH0XQhVosJD9yTpDMtYMEKh2pkVI1ol3PHWaYRFw4CK0cz1vYRcP2t7M +PxkCggEAVuuWc0DC/BUYPmMXqQ1LUBuuB5S/j9H8eiyQGs5UUVjSVrteJHWIczEl +jveLsAz3KY2E1f1+2V7xtXLc4mAqM3WHUvcGXmmf0pJiAm3NvSgIBms7TpRwpBwb +xt12mHGjzXi+/dyvjcIQNlBxClzt+m+MV9p+Gs8e3DFuOtGILqY7kggsgQb75g9y +w/JPOUT4GtJIvXKcONNOvTYhRyGtsu/HVvfCDlsknqYPJfv3hUpEUxXzV9o1wKHn +nCwbKyIYeEZBCMi2e5NhRXwtNlftTX96hObtzGGc5VOXxso77LhABZl1yVRutB5M +HH4WXwlm3wFtY4yKziK3XoFA6mo4Eg== -----END PRIVATE KEY----- diff --git a/test-ca/rsa/client.cert b/test-ca/rsa/client.cert index f389be34ca..9be6464acb 100644 --- a/test-ca/rsa/client.cert +++ b/test-ca/rsa/client.cert @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- MIID3DCCAkSgAwIBAgICAxUwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u -eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloX -DTI4MTIyNTE1NDA0NlowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5QHm+0o8If5m8OsUC2K1oJ1IeCPD -Aq2AuXFqVRIa5kWCqAcd6Vp9y25RFGS7j9HhT1bViU/ZZxROY/rOXZNiPJkUgAb/ -E7CBXh8yc9qGmac03ZtspIcCpmkOX1YvkEfwBeLzYIBC9wm2BcwqWHtNrBEQzDRd -nTiVH0W8/Lqyg3NtCFYQkJOQnZvTD/dvR0wrXXxePmtyMdJ05TZkrfX5B4w7Tndf -6CKjqSPQ7o+iWm9kdhJxqxWFzWLWlWXn5h7kmpDHf4/mJ8KDZv0oH4uzc22FodJJ -YfrGVelFMLTCHCM440wN4tWZKxxtWbmdNVTiNDHu44XhHqIT1sSCMzMSzwIDAQAB +eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTAyMzE2NDAwNFoX +DTI5MDQxNDE2NDAwNFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprhvpwNq42PltNgGQsZMPMmjuSqS +rtbhq0m0wVY6k1MbsPjEyYGTvPbiYFOkTOuybk9vP497NSRMAGNu7J9C8L8LmPAm +820BcWqON6qM9GGrg0mFlKjjxuASfqbkGkw9aHSvfPJGa1YAouf/ctCoXoBP0F3K +xgtyaYRLqiUq67jWX50jKdG2VKusjhZp4qlK3dHLWrcGqgfbwj0apW7Tc1aOx1Th +/Jeahf2INr0uKlmJPrwiQzPzqrcrOeI2Sg2IOMfhwMWawNeqFzzfwx+5GSeLvx3X +RpTbhcBOq5pFTymyGj3uu8HdBySQBeeGnlwR91pYXsBa1aCcIxs1pWTPTQIDAQAB o4GZMIGWMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgbAMBYGA1UdJQEB/wQMMAoG -CCsGAQUFBwMCMB0GA1UdDgQWBBQfSuJGtGHK53ixx4sPRZ1H7i6tnDBCBgNVHSME -OzA5gBTV8BzLqYquWjLv3bEFk1WlElVQo6EepBwwGjEYMBYGA1UEAwwPcG9ueXRv -d24gUlNBIENBggF7MA0GCSqGSIb3DQEBCwUAA4IBgQADh5dd3GPomTyUdFgo5pGB -VLyiM5mkXTEtlQVerMCdGEFfPzRqOragZYdrdyJuu/ZQTWF/B/skQHxE9YR7d/2S -tGFh3NxSP2wELe8fXgxrOgM3gTUXn6B0UqP9aMZtaDG6MUDKKTHQqUnV/TnAUwQF -hmpMDt5YHVM+XhO6c+nd6ky1JewBSqzShAC9eTPnYFn4RDjsuoD829pNe/fZtGHi -5orpKGZwit4/uX+Tiw0IJj3fVbPRt12+0DEiXEKpETjXCKAejgXzzUNnewablMZE -RdTiDivqx7KWvEx0sUMf4HC4N1EGwMtg2kYsfMpGT8/Lxjd6k4/27S/y4/9VisWT -ZTnSg9vD+FD1deBu5uDJmQJSChSfUJ5OjGTGvFUw01TfG/t7v+pJa25lUvmlkKo9 -kpksUCuGYmgfKuyO69DHNiTgTdHsy7mknGHhHFovS05q5SDXMyjyU9Vf3Nxg4Z1l -99gYyEJEQifZQZm/TuGLfc6iVGb0hEvqnjFf7OBusrk= +CCsGAQUFBwMCMB0GA1UdDgQWBBRUiKToaTjxVh7r2zJ6g+cnkTJJGjBCBgNVHSME +OzA5gBQaYYJhI5L6K6I80SMUPQtVKEM8nKEepBwwGjEYMBYGA1UEAwwPcG9ueXRv +d24gUlNBIENBggF7MA0GCSqGSIb3DQEBCwUAA4IBgQCnKa4O9YsuSzrnd/7E7Fii +C+YT/UHQJv/rzAYUaqeC/UjF2/Ux7SkkWqtJjgcKqLNIcEr0tixi9kKk9XnDGoT8 +3XX+PB5OgRaFWbE9ABDuvZGS9RCJLJ+QipD8MgTDlIqBCmc2FW4gnQqoG3U9RVhl +haqagc6gWdiUSwvY1zL62CbEUKxXfuQOgvES5T8UTWm7Tiu1yNbxz1EzxT5hmw95 +XV542pK+LO+pMxU/tLjahaBM5pq+o/akaQ10JOdRvcB9IUJV3se9UEWIW/VjVZsv +mkxTYe67xYR3wOQqr/iaVIn4HrsqZZoFGn93HTIshj7S39WK1gfUcIy16q4RkLFQ +OU11Z4nh+y5s2/QMlQt5SkfwIcWyCCxFqOLoERbjWsFP8460Obz1LXrnDR0mlziV +7XD2Yo7GoLHh1ddoYWxPO8wUKNDwD0N5n5MuzobdJotxIR+vprpHdfUiAezKv+i6 +UHg5uCf/dHDV+qnl06fWSCebeqzonDSQgYFyJJHIk+c= -----END CERTIFICATE----- diff --git a/test-ca/rsa/client.chain b/test-ca/rsa/client.chain index 045d4cd7c2..139da9ebc7 100644 --- a/test-ca/rsa/client.chain +++ b/test-ca/rsa/client.chain @@ -1,58 +1,58 @@ -----BEGIN CERTIFICATE----- MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAsMSow +dG93biBSU0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAsMSow KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDJygesR+2I4Bc9YCty+f9/mn3zD6Qh -pd8C2tGKBQ31cD33Q+sN4JGRWkGTJIygu/oXXeS3Gqu0RjnPHFikMdDOWge6Wizq -pGzkftg1ZL6nvs9IkOhrcfEIthxJmC5zOfEQ2f/7k1a4lriUC5rYot86ySOgRMbJ -1p/uJPejbGXGiJD8q2T0EyNS9RlgCXtBMrVbngwl1aet1ZR0KQITPA9pKi9ra6Og -x3agB3tDi/LGiX2JlkLAvp/VsN5CnnaEeppsID+7fFspr/QWjVl27RRE+KMpPL1C -sxuUXodcFv1s+4gDrXZHEWCUAL0O5gwVtL4mCv0vfdqZZQWThZdRlRM1FXAhk+ja -aYrgCbWgfP7M9qaTua/mUVEKRHAOzghCeGE6B2FVyKlk2xmPHseLMeM9n8/9vgGs -5h6WHWzs8BNQKgs4V7Rd9cqQ3JdZI8+TAaD43wFCwoW3dNnLOOsyS6XF4WVf9ngn -GxkFajQLkVuKwHCqmrJa4dtjx793EtD4ONECAwEAAaN/MH0wHQYDVR0OBBYEFNXw -HMupiq5aMu/dsQWTVaUSVVCjMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBR6IDm4 -jL0Q1LtVBQNRJZhOaJ9C1TANBgkqhkiG9w0BAQsFAAOCAgEAZbhH6jLY/RqiIiX9 -Eflrn+86FwAzHZiKgbIkMVUqhh1tEHsmVqyXgGZvp8a0j1xA/Kj4RJ/mVSNIZ/z7 -PdDcfYfcdotUvfpUlMIdgESB7tn2VfLdpx807DHTK44di+RsDEOcZokb+u3bYzsD -6VeYgk3dCdSQR7s6NEgKolcQkY0Ma8EL188yHBmkOOex/ewM+sVNYKQTiSWeCJhV -pQAOQwhMejHa8BMvZGKIy3RtXDR+bbS4tw1tiJQXft+380+yNfrkpDDiSiyhR6KF -UXwZD8O7DLSlT0mHxe4o7reurPcsDkoF7aOywuxI43+SKwPKtxgEZif9FiiMfdJW -fK9wy/gf8Xd4YAn6ja7TEsu1Xtf/NpC3oBJ7T2Fhxf7wV3dDqUxltKKHnCJ0QWrn -4e5fyLpP4NsVIFv6LPhYvm4Aa574uyYMfnVhui1mHWMi3FbOACPQ13x2S7nLVUzp -ZtorkQgQAo+D45lSJCQizf1CoRP/l3+iOIwhP/5Sr/at4nOsjTQCE4gAeStlYfoc -SwVtG/euJTxKR7n5HPn2Jcb86AqnNp5zF5XRJgWXyIn9NfYuNAOTWqQXPgc2Cko0 -8f4bBc1Z7u8UN+dGuun+MnFLUnsQDPAarYWndS/7c7IuqLNjQJVnk5+ZnV8DIPxU -9rOxDaj2ExLTz8unCJcwRxEtyd0= +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC5yg9Avocjcf2c9mAMTEtwp5ays+Jq +zEHnEXTgJGNxrim3lsJY5bz+1T6KtjNnySRwK4aFkGJ2IpH2R2VMmRBTRFaJWEjh +oa1Xc8UcT8BZA21N5iQUROIG61tZi30wNp5hqI9LE4oII1rAOdxXa8jmcTR2o2Ch +ZP0Q7MQqXn6ecKB4W9R5V3s5UCle2f5fvSJ57oqoN00sIG5Su4hSC9jV/yGrAIMK +XBiOy7lPr8LJzrKV5qmvns1KDCG3sxjrtnWFCAflZTaHS3ygyH9KuPIf1MF9BIaT +gm+O3VBU/anvQ5DBusxDgytelfTFElPkvtW8KFRnLCCgZ7A6Y9fevBXdbOgr7AK3 +o6tIEcixzcRMnUTmeXIN5NJJw/mmbGLr5wPY0FthwqD3Bn8A92OFUo1iEMjrpYS/ +4maRdlW7kIFw3yct12REhEaaY8Adtag3DBfY7b0zb4txWOFS+OjZ8/Q4oISn9zT2 +VZ8d+WxOcp04gpaXxZSBgk1D/jL2tmgH480CAwEAAaN/MH0wHQYDVR0OBBYEFBph +gmEjkvorojzRIxQ9C1UoQzycMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBQRkqgX +iCF/UsC7CJ4iEaxsvUzdujANBgkqhkiG9w0BAQsFAAOCAgEAhuWKXWI/SfArbnzD +n1IWrvt6RLRR7tU5tqLDtEpzh5t+LxOibTicNCzuKGk7fj+dod2552d5NYs5DKID +B5pchKaJYeH5uDGlCcCCgsDG3xTFTeCI2HEd5Ros+FPRqBrAUhiObs9sPbQ6gcAU +qaeeRWrVRxfO1w6N0y8om8tpQsCX5KR5qhOkIJsOSg6b6Iigl1abVb2v6iqGM8rC +oCghrecTNWumYfLtOXEwCu89hYYUoGEt6nvGHIwhU/xUAo8/IKo0rYGIbJRCuX02 +FhrHEWJMqAWZvs0Cx4F4g9xGfpyzxBuL9H/FTGq+XKXjQBGDRECuIq7hl9ccK+1K +TxQadSm3C0Ap7dOLAdYN9P8K7Ql3AX0nNQG6AX8CzRgm4Flontq4h4XURjFLAhbr +bKZ/tPaUcRYEAONegiTwbvm1akECKEz3n+toMDNTK5Cai51r19kKT01eQ97oo/wq +vO/CyVjHr6dmof2/GLJ6v5TdcPz68TdX1G65bmX26SphhAwxC0PtWEfxzdyrdmVg +a+60GrKo6WYzkiAX2PP+QsSASGFKgm/wulvKZ+F03Tl0Cv7VgLDXD6c3aOngeev6 ++1nlrYGt6m1RWH2xBZjhnUOsk3q1VbgSFVHAzTtEg/vIf73FlM5pO4zfXzyObML3 +5SNs5aaltQMH+hFDr5OgXypQ1uY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUeBO7ijNleg4pg4gsGEwTqZeLBgowDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDcwNTE1NDA0NFoX -DTMzMDcwMjE1NDA0NFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmfbeDwj5qaV4Iw1/ATrU9Ss5irf9 -pWW5scBC/DLswdRgJgHnM79BiwJxhjrUGnBIRdOoAopf5NmJt14wwwOkyRui77jR -1XLbiTV5uow4NIZ0oyTYUTybmIdqatbCGXTOnYedOoogZt1D4SvDyzoCPJMXL3ig -nezgmPons9eXjMJgTZXxCIkwUYcIjhvjHy2QIIXWXQM0jG9/gVMJN+Wu1FbhAv2V -z+DUZmFKwjjvnFJsQskoHGZ8g5hKECKiTD6zSKyVcJSKOcgnPrA1jh1YAwVNp7qn -Vt15Z26dsKSKSJh0ET6PSrruCQ4W3dgAN3PEUZclx/VFBEnWx+Xr+zbqOVg5RAA0 -QZRLZQqzIuZLFkEQJ6yMerU0cQ1xvkxhWXSSYG0tZHonfhZu4x65M1GRZom1XTcB -XtnwrcMCxYuRRIHE6ObRqzenkaU3dS/s3oZzHXv9byUdrYU4ZfhSYObGegCa4jY0 -NvuaL1JJyGXJ7P97ScRf0Gjm7m+oMrET7gb0bZYTgIJd7+FnUsiRXHH2b5w9AoCN -1tYSmmu1wXkGw1njqFGLKrghwhfYrH5o/8xnQbkkszEWSCGW8e4Z1KIPCM/an6JF -QfwbSFw7ftjN87qoqqkzqQq4CoiQGyCs9mMSBmmH/7XTFsRjmw205Od0N+XCEAmv -OPnA8J60gdoVW8sCAwEAAaNTMFEwHQYDVR0OBBYEFHogObiMvRDUu1UFA1ElmE5o -n0LVMB8GA1UdIwQYMBaAFHogObiMvRDUu1UFA1ElmE5on0LVMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAACPasY7ZBYW58oYuMgX/MZa5F8V3bTX -Fi7WpuunVzJ6X68KadTPF1GeF/dyfkqly9xG5qyeL8X3MoAhKfMp75iz7JkNpilq -mHO9GRN+SRzCOF2otWZGpvTp4syLq6VfjWw9bkwzC5N7FIP0t07aO4/AIPbpwHwm -oH8O611eVrh7nrhoXhUa6s4UxEVNu6RP6D8AtO4KDtJ3phPgvEXXZKZ/DUWcrAmB -2mXVZsuLOvegPPP0RxqgKlNX2ZG53xJE4Ugg8zfPyU7DCI3kpnks/gJrhz6B1nuL -14KOC/rXo5oQRNVhTmanKHnW6GKZ5QEB1rqty16RG2CBog7957DnSYKleO4Y7daN -RZQX2x34PzbKvbDqcIgtlmFJmP6OMd8yUGBqIEh+3ed6GImfoMZdhmnttMnaAmlP -OU/w4cTB7FhQoX4MN5y3S/YA32mBjBt7H2NZmXJl5Q3DU1cKtJ1vAwHIATXlwt7F -9wOuhT/2usGQue1l2H26KRZ7tqa0TvWYzYI9liWEn8CT+Hf505c9lnAV26lxoSBH -C1MQhK1UzOSpL0m+GFdz6fX6fCYCB7DZDuv++KcHWbKXVTSk0jxZvl34CAIXJy2s -Xm6jtv9+Jo5zseYDTT/YgUXymH30SL+x8WHhOPPgunF3SD7uMbSyxI021vkBmRmi -mXLHfCGEyjF/ +MIIFFTCCAv2gAwIBAgIUWGj6bltbjWrqNVeP8QkDGMmNV5AwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMTAyMzE2NDAwMloX +DTMzMTAyMDE2NDAwMlowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvOn06bbCkCE7wuwCXojGngKuPj5k +oNB1k99U2X4CNiyPez3EhHFTRJ2sZ8XMf+mgVVS8QBmJb17mHzPDbKlVVqm8W5jV +n0q0AMFBTxbPzupI9puISAlrnnP1EgX4DM8WfPlzIYmVwR5G80qSKy1YLjiQlI8J +N3E5HBQiTrVyjBpSAyAujhhDJ0pjkBRA1CuwU3wL4OM6VlRnaEXV4RiUxsQVnyy3 +15x2VIPYjWm4pj6HLbxvReTuJO+kZy1OJnkAY5f5OMXYbabcp5JBHDafrRh/C1ls +iCRzhfHuaxeMMSHSOSeiN7yrE23tVB/F+dQ3k3MQVziuMGngK0GJ+aYbQ9bo3JPf +kuUk0WMMGNfjnEPJ9WHOiEAaG90IF94s1oR3JKa7RepmCazf9hA7/2RMxlnxzhUl +JiZyNVG3HpnNzd37VGOpLt2UXhdtWNhcwUwHKXuAE2QYTVkQsCfEW+es/yN05Vyn +DHocS8vGReS9Jc+ABqpqF8nXd/BKUNrLI7hSZAP0MNeoHTWY0XBXxICeLGeU0S4B +fVe0WFmnuS0Mw/bowuG186lXbzZCqf8v0/95D+NoQdbv7M5bKN8Y/EC/+FbQHeuk +rL0ISplPxmLq9H1Ldt0P91Yc3FbMSvg7m5eTlYPFWuiFW7XKjIAtIsihEtGeDneT +C0+yenpLAEGOpOsCAwEAAaNTMFEwHQYDVR0OBBYEFBGSqBeIIX9SwLsIniIRrGy9 +TN26MB8GA1UdIwQYMBaAFBGSqBeIIX9SwLsIniIRrGy9TN26MA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBACzcRcYKjUFndZjGhGQwGBtbZlSq4SX1 +YGhqO8sov3uQiWhtSFcL3qTJy69pxB1nfTDiloMFGaXORYJgvyRnD3fZugFiTp+C +LRcQnStiZZWxsCARLQ78FOTy8hMxA5U47BE9h4Ut8eIbDsvBaGYWYGntUqSf0qjK +tFjmmmeQI8EKv1YI3gDnkgoGNwycmXXYhPct4sjRnl158B60bneJwSCrla/BmLfM +PYHCzF7cE29k2n4oi4QUCaFh2Ozmrw14UuEfv6MSGzDXoKxHSs0YMLE8/AF7YeHv +6Wrd2BUOYMCmP0JK4s/JOoeNCWWZ1aA53C1Ch961/XToXzJILmCK9SaAYV/cu+Md +U26s8gRRVfW29OML9F5Caue4jruFc7GEv1zjM2tuSFk2Io2itZXfTed3JDuf49qu +AJoksI+J5iLzo55oL5wnYmtKlcF16EWaPXKDX8SlFWqAU1np9wpU9OZeB6g8UbAV +3TrMQ/sN6CKpPnasJPBIowapKZ3sGf/PQnZeEE5SJiBinm703xrSu13cm19tdGTE +SMGg6QerUfO9MWypM1ZAd8/TWH1a3rv6ezoyp+3HxoA6J5E0kIp9TswK+pVwxqHb +RkVObe8gIk+Q4q45bYuhdn/jZrQ4VNSi5/LJDvqIF/HDF3FzTRcoynIFrOJXNC7s +K4XIODjx7ooL -----END CERTIFICATE----- diff --git a/test-ca/rsa/client.fullchain b/test-ca/rsa/client.fullchain index 56ff67d667..2ef5385f24 100644 --- a/test-ca/rsa/client.fullchain +++ b/test-ca/rsa/client.fullchain @@ -1,81 +1,81 @@ -----BEGIN CERTIFICATE----- MIID3DCCAkSgAwIBAgICAxUwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u -eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloX -DTI4MTIyNTE1NDA0NlowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5QHm+0o8If5m8OsUC2K1oJ1IeCPD -Aq2AuXFqVRIa5kWCqAcd6Vp9y25RFGS7j9HhT1bViU/ZZxROY/rOXZNiPJkUgAb/ -E7CBXh8yc9qGmac03ZtspIcCpmkOX1YvkEfwBeLzYIBC9wm2BcwqWHtNrBEQzDRd -nTiVH0W8/Lqyg3NtCFYQkJOQnZvTD/dvR0wrXXxePmtyMdJ05TZkrfX5B4w7Tndf -6CKjqSPQ7o+iWm9kdhJxqxWFzWLWlWXn5h7kmpDHf4/mJ8KDZv0oH4uzc22FodJJ -YfrGVelFMLTCHCM440wN4tWZKxxtWbmdNVTiNDHu44XhHqIT1sSCMzMSzwIDAQAB +eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTAyMzE2NDAwNFoX +DTI5MDQxNDE2NDAwNFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprhvpwNq42PltNgGQsZMPMmjuSqS +rtbhq0m0wVY6k1MbsPjEyYGTvPbiYFOkTOuybk9vP497NSRMAGNu7J9C8L8LmPAm +820BcWqON6qM9GGrg0mFlKjjxuASfqbkGkw9aHSvfPJGa1YAouf/ctCoXoBP0F3K +xgtyaYRLqiUq67jWX50jKdG2VKusjhZp4qlK3dHLWrcGqgfbwj0apW7Tc1aOx1Th +/Jeahf2INr0uKlmJPrwiQzPzqrcrOeI2Sg2IOMfhwMWawNeqFzzfwx+5GSeLvx3X +RpTbhcBOq5pFTymyGj3uu8HdBySQBeeGnlwR91pYXsBa1aCcIxs1pWTPTQIDAQAB o4GZMIGWMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgbAMBYGA1UdJQEB/wQMMAoG -CCsGAQUFBwMCMB0GA1UdDgQWBBQfSuJGtGHK53ixx4sPRZ1H7i6tnDBCBgNVHSME -OzA5gBTV8BzLqYquWjLv3bEFk1WlElVQo6EepBwwGjEYMBYGA1UEAwwPcG9ueXRv -d24gUlNBIENBggF7MA0GCSqGSIb3DQEBCwUAA4IBgQADh5dd3GPomTyUdFgo5pGB -VLyiM5mkXTEtlQVerMCdGEFfPzRqOragZYdrdyJuu/ZQTWF/B/skQHxE9YR7d/2S -tGFh3NxSP2wELe8fXgxrOgM3gTUXn6B0UqP9aMZtaDG6MUDKKTHQqUnV/TnAUwQF -hmpMDt5YHVM+XhO6c+nd6ky1JewBSqzShAC9eTPnYFn4RDjsuoD829pNe/fZtGHi -5orpKGZwit4/uX+Tiw0IJj3fVbPRt12+0DEiXEKpETjXCKAejgXzzUNnewablMZE -RdTiDivqx7KWvEx0sUMf4HC4N1EGwMtg2kYsfMpGT8/Lxjd6k4/27S/y4/9VisWT -ZTnSg9vD+FD1deBu5uDJmQJSChSfUJ5OjGTGvFUw01TfG/t7v+pJa25lUvmlkKo9 -kpksUCuGYmgfKuyO69DHNiTgTdHsy7mknGHhHFovS05q5SDXMyjyU9Vf3Nxg4Z1l -99gYyEJEQifZQZm/TuGLfc6iVGb0hEvqnjFf7OBusrk= +CCsGAQUFBwMCMB0GA1UdDgQWBBRUiKToaTjxVh7r2zJ6g+cnkTJJGjBCBgNVHSME +OzA5gBQaYYJhI5L6K6I80SMUPQtVKEM8nKEepBwwGjEYMBYGA1UEAwwPcG9ueXRv +d24gUlNBIENBggF7MA0GCSqGSIb3DQEBCwUAA4IBgQCnKa4O9YsuSzrnd/7E7Fii +C+YT/UHQJv/rzAYUaqeC/UjF2/Ux7SkkWqtJjgcKqLNIcEr0tixi9kKk9XnDGoT8 +3XX+PB5OgRaFWbE9ABDuvZGS9RCJLJ+QipD8MgTDlIqBCmc2FW4gnQqoG3U9RVhl +haqagc6gWdiUSwvY1zL62CbEUKxXfuQOgvES5T8UTWm7Tiu1yNbxz1EzxT5hmw95 +XV542pK+LO+pMxU/tLjahaBM5pq+o/akaQ10JOdRvcB9IUJV3se9UEWIW/VjVZsv +mkxTYe67xYR3wOQqr/iaVIn4HrsqZZoFGn93HTIshj7S39WK1gfUcIy16q4RkLFQ +OU11Z4nh+y5s2/QMlQt5SkfwIcWyCCxFqOLoERbjWsFP8460Obz1LXrnDR0mlziV +7XD2Yo7GoLHh1ddoYWxPO8wUKNDwD0N5n5MuzobdJotxIR+vprpHdfUiAezKv+i6 +UHg5uCf/dHDV+qnl06fWSCebeqzonDSQgYFyJJHIk+c= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAsMSow +dG93biBSU0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAsMSow KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDJygesR+2I4Bc9YCty+f9/mn3zD6Qh -pd8C2tGKBQ31cD33Q+sN4JGRWkGTJIygu/oXXeS3Gqu0RjnPHFikMdDOWge6Wizq -pGzkftg1ZL6nvs9IkOhrcfEIthxJmC5zOfEQ2f/7k1a4lriUC5rYot86ySOgRMbJ -1p/uJPejbGXGiJD8q2T0EyNS9RlgCXtBMrVbngwl1aet1ZR0KQITPA9pKi9ra6Og -x3agB3tDi/LGiX2JlkLAvp/VsN5CnnaEeppsID+7fFspr/QWjVl27RRE+KMpPL1C -sxuUXodcFv1s+4gDrXZHEWCUAL0O5gwVtL4mCv0vfdqZZQWThZdRlRM1FXAhk+ja -aYrgCbWgfP7M9qaTua/mUVEKRHAOzghCeGE6B2FVyKlk2xmPHseLMeM9n8/9vgGs -5h6WHWzs8BNQKgs4V7Rd9cqQ3JdZI8+TAaD43wFCwoW3dNnLOOsyS6XF4WVf9ngn -GxkFajQLkVuKwHCqmrJa4dtjx793EtD4ONECAwEAAaN/MH0wHQYDVR0OBBYEFNXw -HMupiq5aMu/dsQWTVaUSVVCjMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBR6IDm4 -jL0Q1LtVBQNRJZhOaJ9C1TANBgkqhkiG9w0BAQsFAAOCAgEAZbhH6jLY/RqiIiX9 -Eflrn+86FwAzHZiKgbIkMVUqhh1tEHsmVqyXgGZvp8a0j1xA/Kj4RJ/mVSNIZ/z7 -PdDcfYfcdotUvfpUlMIdgESB7tn2VfLdpx807DHTK44di+RsDEOcZokb+u3bYzsD -6VeYgk3dCdSQR7s6NEgKolcQkY0Ma8EL188yHBmkOOex/ewM+sVNYKQTiSWeCJhV -pQAOQwhMejHa8BMvZGKIy3RtXDR+bbS4tw1tiJQXft+380+yNfrkpDDiSiyhR6KF -UXwZD8O7DLSlT0mHxe4o7reurPcsDkoF7aOywuxI43+SKwPKtxgEZif9FiiMfdJW -fK9wy/gf8Xd4YAn6ja7TEsu1Xtf/NpC3oBJ7T2Fhxf7wV3dDqUxltKKHnCJ0QWrn -4e5fyLpP4NsVIFv6LPhYvm4Aa574uyYMfnVhui1mHWMi3FbOACPQ13x2S7nLVUzp -ZtorkQgQAo+D45lSJCQizf1CoRP/l3+iOIwhP/5Sr/at4nOsjTQCE4gAeStlYfoc -SwVtG/euJTxKR7n5HPn2Jcb86AqnNp5zF5XRJgWXyIn9NfYuNAOTWqQXPgc2Cko0 -8f4bBc1Z7u8UN+dGuun+MnFLUnsQDPAarYWndS/7c7IuqLNjQJVnk5+ZnV8DIPxU -9rOxDaj2ExLTz8unCJcwRxEtyd0= +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC5yg9Avocjcf2c9mAMTEtwp5ays+Jq +zEHnEXTgJGNxrim3lsJY5bz+1T6KtjNnySRwK4aFkGJ2IpH2R2VMmRBTRFaJWEjh +oa1Xc8UcT8BZA21N5iQUROIG61tZi30wNp5hqI9LE4oII1rAOdxXa8jmcTR2o2Ch +ZP0Q7MQqXn6ecKB4W9R5V3s5UCle2f5fvSJ57oqoN00sIG5Su4hSC9jV/yGrAIMK +XBiOy7lPr8LJzrKV5qmvns1KDCG3sxjrtnWFCAflZTaHS3ygyH9KuPIf1MF9BIaT +gm+O3VBU/anvQ5DBusxDgytelfTFElPkvtW8KFRnLCCgZ7A6Y9fevBXdbOgr7AK3 +o6tIEcixzcRMnUTmeXIN5NJJw/mmbGLr5wPY0FthwqD3Bn8A92OFUo1iEMjrpYS/ +4maRdlW7kIFw3yct12REhEaaY8Adtag3DBfY7b0zb4txWOFS+OjZ8/Q4oISn9zT2 +VZ8d+WxOcp04gpaXxZSBgk1D/jL2tmgH480CAwEAAaN/MH0wHQYDVR0OBBYEFBph +gmEjkvorojzRIxQ9C1UoQzycMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBQRkqgX +iCF/UsC7CJ4iEaxsvUzdujANBgkqhkiG9w0BAQsFAAOCAgEAhuWKXWI/SfArbnzD +n1IWrvt6RLRR7tU5tqLDtEpzh5t+LxOibTicNCzuKGk7fj+dod2552d5NYs5DKID +B5pchKaJYeH5uDGlCcCCgsDG3xTFTeCI2HEd5Ros+FPRqBrAUhiObs9sPbQ6gcAU +qaeeRWrVRxfO1w6N0y8om8tpQsCX5KR5qhOkIJsOSg6b6Iigl1abVb2v6iqGM8rC +oCghrecTNWumYfLtOXEwCu89hYYUoGEt6nvGHIwhU/xUAo8/IKo0rYGIbJRCuX02 +FhrHEWJMqAWZvs0Cx4F4g9xGfpyzxBuL9H/FTGq+XKXjQBGDRECuIq7hl9ccK+1K +TxQadSm3C0Ap7dOLAdYN9P8K7Ql3AX0nNQG6AX8CzRgm4Flontq4h4XURjFLAhbr +bKZ/tPaUcRYEAONegiTwbvm1akECKEz3n+toMDNTK5Cai51r19kKT01eQ97oo/wq +vO/CyVjHr6dmof2/GLJ6v5TdcPz68TdX1G65bmX26SphhAwxC0PtWEfxzdyrdmVg +a+60GrKo6WYzkiAX2PP+QsSASGFKgm/wulvKZ+F03Tl0Cv7VgLDXD6c3aOngeev6 ++1nlrYGt6m1RWH2xBZjhnUOsk3q1VbgSFVHAzTtEg/vIf73FlM5pO4zfXzyObML3 +5SNs5aaltQMH+hFDr5OgXypQ1uY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUeBO7ijNleg4pg4gsGEwTqZeLBgowDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDcwNTE1NDA0NFoX -DTMzMDcwMjE1NDA0NFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmfbeDwj5qaV4Iw1/ATrU9Ss5irf9 -pWW5scBC/DLswdRgJgHnM79BiwJxhjrUGnBIRdOoAopf5NmJt14wwwOkyRui77jR -1XLbiTV5uow4NIZ0oyTYUTybmIdqatbCGXTOnYedOoogZt1D4SvDyzoCPJMXL3ig -nezgmPons9eXjMJgTZXxCIkwUYcIjhvjHy2QIIXWXQM0jG9/gVMJN+Wu1FbhAv2V -z+DUZmFKwjjvnFJsQskoHGZ8g5hKECKiTD6zSKyVcJSKOcgnPrA1jh1YAwVNp7qn -Vt15Z26dsKSKSJh0ET6PSrruCQ4W3dgAN3PEUZclx/VFBEnWx+Xr+zbqOVg5RAA0 -QZRLZQqzIuZLFkEQJ6yMerU0cQ1xvkxhWXSSYG0tZHonfhZu4x65M1GRZom1XTcB -XtnwrcMCxYuRRIHE6ObRqzenkaU3dS/s3oZzHXv9byUdrYU4ZfhSYObGegCa4jY0 -NvuaL1JJyGXJ7P97ScRf0Gjm7m+oMrET7gb0bZYTgIJd7+FnUsiRXHH2b5w9AoCN -1tYSmmu1wXkGw1njqFGLKrghwhfYrH5o/8xnQbkkszEWSCGW8e4Z1KIPCM/an6JF -QfwbSFw7ftjN87qoqqkzqQq4CoiQGyCs9mMSBmmH/7XTFsRjmw205Od0N+XCEAmv -OPnA8J60gdoVW8sCAwEAAaNTMFEwHQYDVR0OBBYEFHogObiMvRDUu1UFA1ElmE5o -n0LVMB8GA1UdIwQYMBaAFHogObiMvRDUu1UFA1ElmE5on0LVMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAACPasY7ZBYW58oYuMgX/MZa5F8V3bTX -Fi7WpuunVzJ6X68KadTPF1GeF/dyfkqly9xG5qyeL8X3MoAhKfMp75iz7JkNpilq -mHO9GRN+SRzCOF2otWZGpvTp4syLq6VfjWw9bkwzC5N7FIP0t07aO4/AIPbpwHwm -oH8O611eVrh7nrhoXhUa6s4UxEVNu6RP6D8AtO4KDtJ3phPgvEXXZKZ/DUWcrAmB -2mXVZsuLOvegPPP0RxqgKlNX2ZG53xJE4Ugg8zfPyU7DCI3kpnks/gJrhz6B1nuL -14KOC/rXo5oQRNVhTmanKHnW6GKZ5QEB1rqty16RG2CBog7957DnSYKleO4Y7daN -RZQX2x34PzbKvbDqcIgtlmFJmP6OMd8yUGBqIEh+3ed6GImfoMZdhmnttMnaAmlP -OU/w4cTB7FhQoX4MN5y3S/YA32mBjBt7H2NZmXJl5Q3DU1cKtJ1vAwHIATXlwt7F -9wOuhT/2usGQue1l2H26KRZ7tqa0TvWYzYI9liWEn8CT+Hf505c9lnAV26lxoSBH -C1MQhK1UzOSpL0m+GFdz6fX6fCYCB7DZDuv++KcHWbKXVTSk0jxZvl34CAIXJy2s -Xm6jtv9+Jo5zseYDTT/YgUXymH30SL+x8WHhOPPgunF3SD7uMbSyxI021vkBmRmi -mXLHfCGEyjF/ +MIIFFTCCAv2gAwIBAgIUWGj6bltbjWrqNVeP8QkDGMmNV5AwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMTAyMzE2NDAwMloX +DTMzMTAyMDE2NDAwMlowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvOn06bbCkCE7wuwCXojGngKuPj5k +oNB1k99U2X4CNiyPez3EhHFTRJ2sZ8XMf+mgVVS8QBmJb17mHzPDbKlVVqm8W5jV +n0q0AMFBTxbPzupI9puISAlrnnP1EgX4DM8WfPlzIYmVwR5G80qSKy1YLjiQlI8J +N3E5HBQiTrVyjBpSAyAujhhDJ0pjkBRA1CuwU3wL4OM6VlRnaEXV4RiUxsQVnyy3 +15x2VIPYjWm4pj6HLbxvReTuJO+kZy1OJnkAY5f5OMXYbabcp5JBHDafrRh/C1ls +iCRzhfHuaxeMMSHSOSeiN7yrE23tVB/F+dQ3k3MQVziuMGngK0GJ+aYbQ9bo3JPf +kuUk0WMMGNfjnEPJ9WHOiEAaG90IF94s1oR3JKa7RepmCazf9hA7/2RMxlnxzhUl +JiZyNVG3HpnNzd37VGOpLt2UXhdtWNhcwUwHKXuAE2QYTVkQsCfEW+es/yN05Vyn +DHocS8vGReS9Jc+ABqpqF8nXd/BKUNrLI7hSZAP0MNeoHTWY0XBXxICeLGeU0S4B +fVe0WFmnuS0Mw/bowuG186lXbzZCqf8v0/95D+NoQdbv7M5bKN8Y/EC/+FbQHeuk +rL0ISplPxmLq9H1Ldt0P91Yc3FbMSvg7m5eTlYPFWuiFW7XKjIAtIsihEtGeDneT +C0+yenpLAEGOpOsCAwEAAaNTMFEwHQYDVR0OBBYEFBGSqBeIIX9SwLsIniIRrGy9 +TN26MB8GA1UdIwQYMBaAFBGSqBeIIX9SwLsIniIRrGy9TN26MA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBACzcRcYKjUFndZjGhGQwGBtbZlSq4SX1 +YGhqO8sov3uQiWhtSFcL3qTJy69pxB1nfTDiloMFGaXORYJgvyRnD3fZugFiTp+C +LRcQnStiZZWxsCARLQ78FOTy8hMxA5U47BE9h4Ut8eIbDsvBaGYWYGntUqSf0qjK +tFjmmmeQI8EKv1YI3gDnkgoGNwycmXXYhPct4sjRnl158B60bneJwSCrla/BmLfM +PYHCzF7cE29k2n4oi4QUCaFh2Ozmrw14UuEfv6MSGzDXoKxHSs0YMLE8/AF7YeHv +6Wrd2BUOYMCmP0JK4s/JOoeNCWWZ1aA53C1Ch961/XToXzJILmCK9SaAYV/cu+Md +U26s8gRRVfW29OML9F5Caue4jruFc7GEv1zjM2tuSFk2Io2itZXfTed3JDuf49qu +AJoksI+J5iLzo55oL5wnYmtKlcF16EWaPXKDX8SlFWqAU1np9wpU9OZeB6g8UbAV +3TrMQ/sN6CKpPnasJPBIowapKZ3sGf/PQnZeEE5SJiBinm703xrSu13cm19tdGTE +SMGg6QerUfO9MWypM1ZAd8/TWH1a3rv6ezoyp+3HxoA6J5E0kIp9TswK+pVwxqHb +RkVObe8gIk+Q4q45bYuhdn/jZrQ4VNSi5/LJDvqIF/HDF3FzTRcoynIFrOJXNC7s +K4XIODjx7ooL -----END CERTIFICATE----- diff --git a/test-ca/rsa/client.key b/test-ca/rsa/client.key index 8dc7df2e00..e92b85e78e 100644 --- a/test-ca/rsa/client.key +++ b/test-ca/rsa/client.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDlAeb7Sjwh/mbw -6xQLYrWgnUh4I8MCrYC5cWpVEhrmRYKoBx3pWn3LblEUZLuP0eFPVtWJT9lnFE5j -+s5dk2I8mRSABv8TsIFeHzJz2oaZpzTdm2ykhwKmaQ5fVi+QR/AF4vNggEL3CbYF -zCpYe02sERDMNF2dOJUfRbz8urKDc20IVhCQk5Cdm9MP929HTCtdfF4+a3Ix0nTl -NmSt9fkHjDtOd1/oIqOpI9Duj6Jab2R2EnGrFYXNYtaVZefmHuSakMd/j+YnwoNm -/Sgfi7NzbYWh0klh+sZV6UUwtMIcIzjjTA3i1ZkrHG1ZuZ01VOI0Me7jheEeohPW -xIIzMxLPAgMBAAECggEAFKSIwSMOa5QGjHXsPyB9NcantyimFfI01cJ67sMsiJBA -eEv37sZ462L8zQVNgOfO0vuFURTRCIEklc+QVZAI/WRhHC9FQ+2Xo7fVMOtEUcpo -MgemEeiXnQ+AO6jFrdBGOwmbnZnCL4mBDmG6eXJX7Ig3Ruj7fUYR7xk2sWNU3xNX -WdpbAToidz7oedmDqqT6DkJLWUv26m3eewrIP5r06mrHX5a1NYjukV/xKbKouuus -t18y95/Gz3a2+Fy3jmxlQIH+Gx3Iw61zUQPqzeVLMhYURIk06OBJ6ySDp6mFdVUa -X7ISKalvgFOVj3/vogzm3hvL4q+TSVQNeMuvlgIc+QKBgQD3ZiNuPo5coZivSGir -KtKJYdLtGGLgNgfYOeHmzr5HBG/Ib/Siuehzb7meQzUrfWwdwjPL1vniPtpC0Mes -TqBBUQsmuSZGWns7vutQhNg6mAv7bhdhPVTQaIsp6pdfWHaI+6t30p7+LCD5s9ar -YglWvToXShLSpq1KV0HNaPaXmQKBgQDs+BQLwBAX6KAcOmUp+/1RgA5XntZQfNoF -empXas/BjZm9EGKuFu3DWqbznHnBTxh7jB0fLGnh8smPfwk608wMOfnTQVunaKVW -ljox1dlHF5q587RB3TlZ3DAzwBguLxlGakMkFTbWM5vLkg+d85mB7j1ql3UuXfvn -FKPn34xepwKBgEwBPwVRhp8Crku7bRyY7VFzkj9w7H+BWeud7L7h6SccP9NOQdP0 -VWuReW8bqqwPvjVuQkdvZhmRwbAhQBa5mRY39bsRyqZ2icGTJ+v2xA9MQvIdomUn -WHUmiQp5ncOXA+OVndoUBPCFUiQkkeDZH5FcVQpuoVXCCx75q6eVhZyRAoGAfeFy -1KMcaXb7xsMGhn0EHk1GUSlhc7Q/JPXYk8N7xbfw2Uxg/1XSzBnV4kdXLmdT/B18 -QtkXDh4pEH9NaeCk3kHWAnEPvSiL3ClFlL+jAm75lJpvQSXBl4iuWm9K6Q3AAXXl -YL+cN8GGm2dlwGRtQWZLXdpDN3RZonGGeGB6crUCgYEAih5PAj5MCCt9r/DCYcFs -3Yc4fFPTnE9pj+2lBR8wmNBwt93zyuuyQqurvaIBKMlcByzBbG++CJkxGWrptMJD -sw07G7+W5JC4dBxZPxa+GEdWVB9nxIhHXtR7/y4Hou8MN+RIMMxQVzfSUK6I8w46 -3ZTF8vnh3BT4vwpwRouZcgg= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCmuG+nA2rjY+W0 +2AZCxkw8yaO5KpKu1uGrSbTBVjqTUxuw+MTJgZO89uJgU6RM67JuT28/j3s1JEwA +Y27sn0LwvwuY8CbzbQFxao43qoz0YauDSYWUqOPG4BJ+puQaTD1odK988kZrVgCi +5/9y0KhegE/QXcrGC3JphEuqJSrruNZfnSMp0bZUq6yOFmniqUrd0ctatwaqB9vC +PRqlbtNzVo7HVOH8l5qF/Yg2vS4qWYk+vCJDM/Oqtys54jZKDYg4x+HAxZrA16oX +PN/DH7kZJ4u/HddGlNuFwE6rmkVPKbIaPe67wd0HJJAF54aeXBH3WlhewFrVoJwj +GzWlZM9NAgMBAAECggEAFFrpWuFKcBfWyFUlsopmbXeK80UU4p7er5yQophGD42y +kFFXKWkWIhice/lKUo/mWZx+Lyrz9oGHe/an6ODq+dzBbDtJ7ieNaQ0C7x32FrJE +EAPueL+EC9h4uZjjuag8SSAR+vXTjjBSZJFhuWFrZRpSZFTHOJXWMrbRzCS8kEnu +q2Ejl/xgwxgZDKDjuhJBnL7L6XYUBahWiVlLlSLkU4U1mv0+wjdVDbbiIWI2mI/W +2zFQy0a4EvrWx79wNVpa4X8ox4bYG90iPJ2cr6wTpJOM7G/L6f44KHJLPe7yf2Dk +fHZd/TyYHHHlz+D1VieA0n9c1oIeKKm8hA5hpTLkKwKBgQDoQt1v3N9bSYYE05Yb +Bqt4tVuEpt12Pw7mIrSYgq4rN6pxKZcaL2J6wSrpPac1Kckz08X3TFHzPUnBT2Qq +qnwYEGqWvbN5v77ilDq4c8qTMrC80tbA5rfxRR4o+u6Z9bYQd+QsKQDEJ88YHHfO +Ui+czGQBwLMCeN86939notU1kwKBgQC3wrEcqzfKamG4JnNvYes+FvrvLLk3/rF6 +iUlrGi3SZ2xInBkyBd2xHbhXxx2/c8Khf5/M6kLBnerGHrMXxY8YVsEjMIOr2gIj +7zeKuN9WB8N/d11T+DromXddfxLmcqqeDjUEOLyK+k31JL6gUH97nVW71aSjsv+i +WUiIrSrznwKBgQDSul/4r1hDlfivhl2Jlcqb0UgAmfkS4PGeodxjByYI9g+Bbq+2 +xUk/gOVzC0oa9RelGz5hOnCcFX5GksaZ42aF2tcqf2FIVE1XfA+u7PfeB77NAypv +iKVZlVFg8xLqw0F1vaFa47TbRBcklCerHWwvgk42POTtmEdJU+bXW6jAWwKBgAkI +C5ZiH+LV6amYUjIWOO6bSIf6xbuny+c+2hnmdnwR0zOaYG6h9SxgTpAZ3C9trBIt +6Je0p8VGUqScG6c+cXL7yJBHMSGAHHzRpAQwY+Ghjg00u6SF3bdS25f/x9kFp7cO +8bIca7/U34H95VSRwEI+EFmj/WyCPqgnBTaadDL3AoGAEiW2bYzxxIR6OGQ2qMeY +hSLxfH9cqmLXmjAJESd+0xWpeyfpe5UMVZWp1KEjUxmvrMdGHjDReaV+3HnwDZ6E +FCdLg/S2iBQX/B4FSqCJQWjkSHjxPuMtjdurZmqUS1jPajh60jH1AGdWOnBhYvNk +rrDsc3j8GC1I+wwHp3hfLKY= -----END PRIVATE KEY----- diff --git a/test-ca/rsa/client.req b/test-ca/rsa/client.req index 02ed7b7449..f37b506c05 100644 --- a/test-ca/rsa/client.req +++ b/test-ca/rsa/client.req @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE REQUEST----- MIICXzCCAUcCAQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5QHm+0o8If5m8OsUC2K1oJ1IeCPDAq2A -uXFqVRIa5kWCqAcd6Vp9y25RFGS7j9HhT1bViU/ZZxROY/rOXZNiPJkUgAb/E7CB -Xh8yc9qGmac03ZtspIcCpmkOX1YvkEfwBeLzYIBC9wm2BcwqWHtNrBEQzDRdnTiV -H0W8/Lqyg3NtCFYQkJOQnZvTD/dvR0wrXXxePmtyMdJ05TZkrfX5B4w7Tndf6CKj -qSPQ7o+iWm9kdhJxqxWFzWLWlWXn5h7kmpDHf4/mJ8KDZv0oH4uzc22FodJJYfrG -VelFMLTCHCM440wN4tWZKxxtWbmdNVTiNDHu44XhHqIT1sSCMzMSzwIDAQABoAAw -DQYJKoZIhvcNAQELBQADggEBAIjYcciz5UuO02tJGZO62XjO/rap0AT7BGkgKV6L -IpRj4d/Sl7mitKx1matuXte29V6yfUz/o4kgnT2N1KB0sGtKi/GuJC5W8pfQhkzQ -WAlLv0Bylyi9oi12BWOIl9Tfq2g8xJ/DXjJ/sw+lprDaTOXZFzI6GQd/9+IPojcD -X9bPUkWbs5ARnxmtmFMv2vbLNyDAKeKZW0ZDm2o1zNrq8nINkDzoX3eW3yNBYLYE -4WRJ4QIM++MmOaS8sB3GZWBppqP04ZAlDOrfwh3dg8fKD2a2btz9/0WpseubXh4M -UkJSOYz7rGzDpJI7A0fCUHtMCYzB3RAq0N82NbOMO3n6nLY= +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprhvpwNq42PltNgGQsZMPMmjuSqSrtbh +q0m0wVY6k1MbsPjEyYGTvPbiYFOkTOuybk9vP497NSRMAGNu7J9C8L8LmPAm820B +cWqON6qM9GGrg0mFlKjjxuASfqbkGkw9aHSvfPJGa1YAouf/ctCoXoBP0F3Kxgty +aYRLqiUq67jWX50jKdG2VKusjhZp4qlK3dHLWrcGqgfbwj0apW7Tc1aOx1Th/Jea +hf2INr0uKlmJPrwiQzPzqrcrOeI2Sg2IOMfhwMWawNeqFzzfwx+5GSeLvx3XRpTb +hcBOq5pFTymyGj3uu8HdBySQBeeGnlwR91pYXsBa1aCcIxs1pWTPTQIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBAHhBmzJJdtGll+mUhQx/h3hG8Lfux/g+G+40ZBnV +N5p0o5YanzV93RkGx3KGMf9iGZsgPDhcxnQ91Ck0XQm9GWJATQKzeCyoMyjSEJV4 +8wmdJbERb+TCOWEYT+m/0+dwjsOlLqEgYxsTU6YPhDOl+lkTeojObU1Ha948hyrJ +W9q9Dhupn2FH0DIVEV2l1Ta0QYALdtnalaod1C+r0x8OxQngE/mOew9eXSXqEIwM +mm862dNL94TU5pFDTDxc7BsnfBa3M+JegyJt4W5aEu2LL6E0YmPEPN8PcuJuSuJj +xDSBkPZPEwp5P8XwoktDlN5zojvcf9HyK8TdYnx56PulAj4= -----END CERTIFICATE REQUEST----- diff --git a/test-ca/rsa/client.revoked.crl.pem b/test-ca/rsa/client.revoked.crl.pem index d9eda8d7a4..03483bbf4d 100644 --- a/test-ca/rsa/client.revoked.crl.pem +++ b/test-ca/rsa/client.revoked.crl.pem @@ -1,15 +1,15 @@ -----BEGIN X509 CRL----- MIICTDCBtQIBATANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDDCFwb255dG93biBS -U0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUXDTIzMDcwNTE1NDA0NloXDTIzMDcxMjE1 -NDA0NlowIzAhAgIDFRcNMjMwNzA1MTU0MDQ2WjAMMAoGA1UdFQQDCgEBoDAwLjAf -BgNVHSMEGDAWgBTV8BzLqYquWjLv3bEFk1WlElVQozALBgNVHRQEBAICEAEwDQYJ -KoZIhvcNAQELBQADggGBALZ9fozYbrC4A5z1tSldRmDS/b4xniFHA04MZPaEUKEZ -QEiZI+5JxCHgntdzoIMsgkcYYnL5798GrwsF66rbCzJyNzHA8+mwDhm2Wqdc2vRh -g84E3Kc/yRmuxCzaPijNg4nb7OKKbuacUFOd2aO/vzHrW/cRjFWnk5X/TszsLboo -95hL642GHFJlaVWs/yfVwb8Vq8LB0Z+zpsjJZ0BAGme16VT5K+NaRvAAK26ppv2x -1YUtYRXrWswxOlhJRkLE+pfyabmSMa1BCEHYxx3GNV7TdgEjevn+DDsDSUDBQH6f -MfyOYMt9iMb2lED+mVcOsErNyH9PEpv/1yvm84crxTqxef+oYMQGnTU+QNTlUOG8 -QewqHUrhR6Ll5QEMYypeQlrhFuWkTiM6xrzVrmzLwF/cvEpjbk32a3F6rAYP9msl -1IxyHVhZUK8OzjOL0djTdKG9qRAU+lVrANxXLgLQ0vrwa0lFavjVrZ4zYR5qz3Zp -EFnPZTvKeeoogBjerFGPvw== +U0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUXDTIzMTAyMzE2NDAwNFoXDTIzMTAzMDE2 +NDAwNFowIzAhAgIDFRcNMjMxMDIzMTY0MDA0WjAMMAoGA1UdFQQDCgEBoDAwLjAf +BgNVHSMEGDAWgBQaYYJhI5L6K6I80SMUPQtVKEM8nDALBgNVHRQEBAICEAEwDQYJ +KoZIhvcNAQELBQADggGBAJI2bizP6DS/XwNFldORhQZeC4+bCZC6z2DIkA1C1cMR +EyR9CJzVLCwoMMgcG41RJO7cKvQN1tU1cAbH5IAhICOic8z7j6TGPWSZV6Q1WOK5 +yCy7+lzfFVGB6O3ut3FzbrjlpYgo6KXa053eXZTxaKENB8Z4mC9k/XrD/ujQxlfe +AIc8SC3+Jez625Ut/O7aN3sCEkXeOXpAW8ss3hsnfx26aj7txzMVAIjF6TNi0U/H +HLDKwWqA1e7uMvcp9mC3ZP0M9cYM7YPsH4cSsCB/9A2C87sqzO9GJKArzlDKlmhR ++8HTby2Fo3GuKP8xp7i1XSnnNlOF0sKWV18g0FwxMGuE1pPZ4b5CGTsYMrnJ3xc5 +JGjwED8icchCYeaQ5JZvoF6NN3CCsmlEO+VILNeRyOGzQw98I+iJCkHD7UWtrg+q +zHdg/D0n9nn49Wlb/wq15NFziPwq2MaTkgmq0l0hpDXxfhIv4SD5XL/Hy8vjGGby +rtiysnH0ZrLz0PvmJT4tsw== -----END X509 CRL----- diff --git a/test-ca/rsa/client.rsa b/test-ca/rsa/client.rsa index 8dc7df2e00..e92b85e78e 100644 --- a/test-ca/rsa/client.rsa +++ b/test-ca/rsa/client.rsa @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDlAeb7Sjwh/mbw -6xQLYrWgnUh4I8MCrYC5cWpVEhrmRYKoBx3pWn3LblEUZLuP0eFPVtWJT9lnFE5j -+s5dk2I8mRSABv8TsIFeHzJz2oaZpzTdm2ykhwKmaQ5fVi+QR/AF4vNggEL3CbYF -zCpYe02sERDMNF2dOJUfRbz8urKDc20IVhCQk5Cdm9MP929HTCtdfF4+a3Ix0nTl -NmSt9fkHjDtOd1/oIqOpI9Duj6Jab2R2EnGrFYXNYtaVZefmHuSakMd/j+YnwoNm -/Sgfi7NzbYWh0klh+sZV6UUwtMIcIzjjTA3i1ZkrHG1ZuZ01VOI0Me7jheEeohPW -xIIzMxLPAgMBAAECggEAFKSIwSMOa5QGjHXsPyB9NcantyimFfI01cJ67sMsiJBA -eEv37sZ462L8zQVNgOfO0vuFURTRCIEklc+QVZAI/WRhHC9FQ+2Xo7fVMOtEUcpo -MgemEeiXnQ+AO6jFrdBGOwmbnZnCL4mBDmG6eXJX7Ig3Ruj7fUYR7xk2sWNU3xNX -WdpbAToidz7oedmDqqT6DkJLWUv26m3eewrIP5r06mrHX5a1NYjukV/xKbKouuus -t18y95/Gz3a2+Fy3jmxlQIH+Gx3Iw61zUQPqzeVLMhYURIk06OBJ6ySDp6mFdVUa -X7ISKalvgFOVj3/vogzm3hvL4q+TSVQNeMuvlgIc+QKBgQD3ZiNuPo5coZivSGir -KtKJYdLtGGLgNgfYOeHmzr5HBG/Ib/Siuehzb7meQzUrfWwdwjPL1vniPtpC0Mes -TqBBUQsmuSZGWns7vutQhNg6mAv7bhdhPVTQaIsp6pdfWHaI+6t30p7+LCD5s9ar -YglWvToXShLSpq1KV0HNaPaXmQKBgQDs+BQLwBAX6KAcOmUp+/1RgA5XntZQfNoF -empXas/BjZm9EGKuFu3DWqbznHnBTxh7jB0fLGnh8smPfwk608wMOfnTQVunaKVW -ljox1dlHF5q587RB3TlZ3DAzwBguLxlGakMkFTbWM5vLkg+d85mB7j1ql3UuXfvn -FKPn34xepwKBgEwBPwVRhp8Crku7bRyY7VFzkj9w7H+BWeud7L7h6SccP9NOQdP0 -VWuReW8bqqwPvjVuQkdvZhmRwbAhQBa5mRY39bsRyqZ2icGTJ+v2xA9MQvIdomUn -WHUmiQp5ncOXA+OVndoUBPCFUiQkkeDZH5FcVQpuoVXCCx75q6eVhZyRAoGAfeFy -1KMcaXb7xsMGhn0EHk1GUSlhc7Q/JPXYk8N7xbfw2Uxg/1XSzBnV4kdXLmdT/B18 -QtkXDh4pEH9NaeCk3kHWAnEPvSiL3ClFlL+jAm75lJpvQSXBl4iuWm9K6Q3AAXXl -YL+cN8GGm2dlwGRtQWZLXdpDN3RZonGGeGB6crUCgYEAih5PAj5MCCt9r/DCYcFs -3Yc4fFPTnE9pj+2lBR8wmNBwt93zyuuyQqurvaIBKMlcByzBbG++CJkxGWrptMJD -sw07G7+W5JC4dBxZPxa+GEdWVB9nxIhHXtR7/y4Hou8MN+RIMMxQVzfSUK6I8w46 -3ZTF8vnh3BT4vwpwRouZcgg= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCmuG+nA2rjY+W0 +2AZCxkw8yaO5KpKu1uGrSbTBVjqTUxuw+MTJgZO89uJgU6RM67JuT28/j3s1JEwA +Y27sn0LwvwuY8CbzbQFxao43qoz0YauDSYWUqOPG4BJ+puQaTD1odK988kZrVgCi +5/9y0KhegE/QXcrGC3JphEuqJSrruNZfnSMp0bZUq6yOFmniqUrd0ctatwaqB9vC +PRqlbtNzVo7HVOH8l5qF/Yg2vS4qWYk+vCJDM/Oqtys54jZKDYg4x+HAxZrA16oX +PN/DH7kZJ4u/HddGlNuFwE6rmkVPKbIaPe67wd0HJJAF54aeXBH3WlhewFrVoJwj +GzWlZM9NAgMBAAECggEAFFrpWuFKcBfWyFUlsopmbXeK80UU4p7er5yQophGD42y +kFFXKWkWIhice/lKUo/mWZx+Lyrz9oGHe/an6ODq+dzBbDtJ7ieNaQ0C7x32FrJE +EAPueL+EC9h4uZjjuag8SSAR+vXTjjBSZJFhuWFrZRpSZFTHOJXWMrbRzCS8kEnu +q2Ejl/xgwxgZDKDjuhJBnL7L6XYUBahWiVlLlSLkU4U1mv0+wjdVDbbiIWI2mI/W +2zFQy0a4EvrWx79wNVpa4X8ox4bYG90iPJ2cr6wTpJOM7G/L6f44KHJLPe7yf2Dk +fHZd/TyYHHHlz+D1VieA0n9c1oIeKKm8hA5hpTLkKwKBgQDoQt1v3N9bSYYE05Yb +Bqt4tVuEpt12Pw7mIrSYgq4rN6pxKZcaL2J6wSrpPac1Kckz08X3TFHzPUnBT2Qq +qnwYEGqWvbN5v77ilDq4c8qTMrC80tbA5rfxRR4o+u6Z9bYQd+QsKQDEJ88YHHfO +Ui+czGQBwLMCeN86939notU1kwKBgQC3wrEcqzfKamG4JnNvYes+FvrvLLk3/rF6 +iUlrGi3SZ2xInBkyBd2xHbhXxx2/c8Khf5/M6kLBnerGHrMXxY8YVsEjMIOr2gIj +7zeKuN9WB8N/d11T+DromXddfxLmcqqeDjUEOLyK+k31JL6gUH97nVW71aSjsv+i +WUiIrSrznwKBgQDSul/4r1hDlfivhl2Jlcqb0UgAmfkS4PGeodxjByYI9g+Bbq+2 +xUk/gOVzC0oa9RelGz5hOnCcFX5GksaZ42aF2tcqf2FIVE1XfA+u7PfeB77NAypv +iKVZlVFg8xLqw0F1vaFa47TbRBcklCerHWwvgk42POTtmEdJU+bXW6jAWwKBgAkI +C5ZiH+LV6amYUjIWOO6bSIf6xbuny+c+2hnmdnwR0zOaYG6h9SxgTpAZ3C9trBIt +6Je0p8VGUqScG6c+cXL7yJBHMSGAHHzRpAQwY+Ghjg00u6SF3bdS25f/x9kFp7cO +8bIca7/U34H95VSRwEI+EFmj/WyCPqgnBTaadDL3AoGAEiW2bYzxxIR6OGQ2qMeY +hSLxfH9cqmLXmjAJESd+0xWpeyfpe5UMVZWp1KEjUxmvrMdGHjDReaV+3HnwDZ6E +FCdLg/S2iBQX/B4FSqCJQWjkSHjxPuMtjdurZmqUS1jPajh60jH1AGdWOnBhYvNk +rrDsc3j8GC1I+wwHp3hfLKY= -----END PRIVATE KEY----- diff --git a/test-ca/rsa/end.cert b/test-ca/rsa/end.cert index 2c71627370..56dc8bc770 100644 --- a/test-ca/rsa/end.cert +++ b/test-ca/rsa/end.cert @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- MIIEGDCCAoCgAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u -eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloX -DTI4MTIyNTE1NDA0NlowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIKTHriPL+/8gxe6vvLQZl3XmYxjpX -tiUixRuiL9GKZj0i7pNk+YV+GN4KA/WK7dE6hD+87QCSmAItwRZ+BKCzrpy67i4j -6uJBRZlR/4wQ2RLw/+b/UMRu9/MOPD+gxi3FPqq8TUE7jZQ3FHpZOad0Qu79jLnw -pLFMyQxWTNxJrvusr5hzJle/PdWE6sTEB2XF6vzlL/sYkpoX8IHN5HJNjHy4uA1H -uXOHZh3CN9pdRDzhcYdIKJgKFiInBorxpM1dLkUpi7l8/RiibyLdiO+7wv5CgAPV -r9DTP9lqlSrrhc/ZFEugdVReaiZgf69DK6m0/tMcpxAuFHNFlo7+HQDhAgMBAAGj -gdYwgdMwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFHgdUolw -w+l+y7tSzOapzG8cSBDhMEIGA1UdIwQ7MDmAFNXwHMupiq5aMu/dsQWTVaUSVVCj +eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTAyMzE2NDAwNFoX +DTI5MDQxNDE2NDAwNFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcKY2pRsvWI15QbTiNltzOLx47yloS +ZeTVt+TnQXJTxpCwhcpfBs3pho2IEbNMSRsGMjcAmWR9f3mkmx1gb59oM1VufgU3 +pZIC3lvFtd7TKcTJ/Que0BR9rkiy0UJRIPSynQHAGBDPNOZlVOgBqNypk5WL9aKc +R72wATriZu+L85Cq/DkPXQUtJa90I+4kLXuigzxqr3Qlj4q+pJUCuwQ03WQAfNZq +c3Fi7p+AfNb9AXXXYmb+L8hejsOBg+N67PWdwUYaHDcnLhwKIG19ABxiEsHsAfS7 +WJLOdgg3UJ02ml6rbTiZJHRD4/1dLy9csIbi47MHkuKRkKDfaGkSuzL1AgMBAAGj +gdYwgdMwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFJj/V++C +I9CPyrz2aPeET2akBsMMMEIGA1UdIwQ7MDmAFBphgmEjkvorojzRIxQ9C1UoQzyc oR6kHDAaMRgwFgYDVQQDDA9wb255dG93biBSU0EgQ0GCAXswUwYDVR0RBEwwSoIO dGVzdHNlcnZlci5jb22HBMYzZAGCFXNlY29uZC50ZXN0c2VydmVyLmNvbYcQIAEN -uAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBgQCHnRZ1 -qV7w/tjfJm92Za8yTmrnZyyPyJyMWysTSvYgtF/NekB0ujGF734J9sFHWQ9qKUxJ -RNKPeNgvqzimTsxZht0PPwblNDnsnKpS/V+BGaIQ/c5DDu8uDia5c9yNOR4Us3FH -C4w8pp0E71TzFHBaCwUaleIYAwfvY84BbTgSc5UFn5SxcSE3Z7pxAgAfCs1W3VoS -LJan+MvzFzxNtWZ7tE0UE+ezZ/8Zs1LKQHZfXP62Yjyj6C3zI8QUSttmRJMK4EAL -XAX8WPr5QGKWbQ0lbdmi5hKgLrwSbqinVACmMeR8KJ1Cd/l4Na28jFApbkNOD7Wu -bUlZJIInMzhPAuQD1QVcstwwkpLsUWp9jn2ljdEU4T8JcwgWkGYMB1KYDLDJzXSf -bc7IuZ29rZy3RNrfsmBRxA7O67VAVyIQhVeGkoIPL4xWqO87WEF9qpqyMOK4fAqt -HOrn4QNQf4Lw9UQby9bF2nIDX0uC0u+8I7rF/42T30WiStx2EBBTc1P9WKI= +uAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBgQC3rmDg +BeS1hv91KewOoHmmZlh3jm4wGxqbGymXEpL9N3vtMESnsgvJZWN9vBDdp5MbznLL +BdjK+cbwj2E6qjP2xA08xwy7jS2A7dQMN0EMHKgJC/9ExgGkXD973ii5SVebpRgS +A9Vq9GXtzr/N0h7vmdlg0ewVQ/3zkLbVDc2dFKNRa+KRX5uZ+n0QUCvPoL446TK2 +blaw0tPB4dzNHUUIgV/I4ChCSwVyvtG+RZ9Qjxcb4vWt8sowikWSDlm7jWt5Dg9n +kTddYgU/1sUzGoih2jeZslR0m2vsTrgEk1sOLdmUKD5btRbvyoCB7nrGoO2f6G5d +Ygl13Uh6ZaYgZik4aMwOgRuq6ageUqXxMw/mUwXvu+JTAlGSaCankVehVNzZnrp2 +1Vj28u0h2ISaMKIQNd9i0R+Zf3uW7u8v9gyMvbvGOvIGgmqHPzulxTDHQHEKziGv +QjvABXuAnB7FChhaIqexfH82aCvaSjVm1laz7r/2kbLpTEV2WYUrG65IV3s= -----END CERTIFICATE----- diff --git a/test-ca/rsa/end.chain b/test-ca/rsa/end.chain index 045d4cd7c2..139da9ebc7 100644 --- a/test-ca/rsa/end.chain +++ b/test-ca/rsa/end.chain @@ -1,58 +1,58 @@ -----BEGIN CERTIFICATE----- MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAsMSow +dG93biBSU0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAsMSow KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDJygesR+2I4Bc9YCty+f9/mn3zD6Qh -pd8C2tGKBQ31cD33Q+sN4JGRWkGTJIygu/oXXeS3Gqu0RjnPHFikMdDOWge6Wizq -pGzkftg1ZL6nvs9IkOhrcfEIthxJmC5zOfEQ2f/7k1a4lriUC5rYot86ySOgRMbJ -1p/uJPejbGXGiJD8q2T0EyNS9RlgCXtBMrVbngwl1aet1ZR0KQITPA9pKi9ra6Og -x3agB3tDi/LGiX2JlkLAvp/VsN5CnnaEeppsID+7fFspr/QWjVl27RRE+KMpPL1C -sxuUXodcFv1s+4gDrXZHEWCUAL0O5gwVtL4mCv0vfdqZZQWThZdRlRM1FXAhk+ja -aYrgCbWgfP7M9qaTua/mUVEKRHAOzghCeGE6B2FVyKlk2xmPHseLMeM9n8/9vgGs -5h6WHWzs8BNQKgs4V7Rd9cqQ3JdZI8+TAaD43wFCwoW3dNnLOOsyS6XF4WVf9ngn -GxkFajQLkVuKwHCqmrJa4dtjx793EtD4ONECAwEAAaN/MH0wHQYDVR0OBBYEFNXw -HMupiq5aMu/dsQWTVaUSVVCjMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBR6IDm4 -jL0Q1LtVBQNRJZhOaJ9C1TANBgkqhkiG9w0BAQsFAAOCAgEAZbhH6jLY/RqiIiX9 -Eflrn+86FwAzHZiKgbIkMVUqhh1tEHsmVqyXgGZvp8a0j1xA/Kj4RJ/mVSNIZ/z7 -PdDcfYfcdotUvfpUlMIdgESB7tn2VfLdpx807DHTK44di+RsDEOcZokb+u3bYzsD -6VeYgk3dCdSQR7s6NEgKolcQkY0Ma8EL188yHBmkOOex/ewM+sVNYKQTiSWeCJhV -pQAOQwhMejHa8BMvZGKIy3RtXDR+bbS4tw1tiJQXft+380+yNfrkpDDiSiyhR6KF -UXwZD8O7DLSlT0mHxe4o7reurPcsDkoF7aOywuxI43+SKwPKtxgEZif9FiiMfdJW -fK9wy/gf8Xd4YAn6ja7TEsu1Xtf/NpC3oBJ7T2Fhxf7wV3dDqUxltKKHnCJ0QWrn -4e5fyLpP4NsVIFv6LPhYvm4Aa574uyYMfnVhui1mHWMi3FbOACPQ13x2S7nLVUzp -ZtorkQgQAo+D45lSJCQizf1CoRP/l3+iOIwhP/5Sr/at4nOsjTQCE4gAeStlYfoc -SwVtG/euJTxKR7n5HPn2Jcb86AqnNp5zF5XRJgWXyIn9NfYuNAOTWqQXPgc2Cko0 -8f4bBc1Z7u8UN+dGuun+MnFLUnsQDPAarYWndS/7c7IuqLNjQJVnk5+ZnV8DIPxU -9rOxDaj2ExLTz8unCJcwRxEtyd0= +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC5yg9Avocjcf2c9mAMTEtwp5ays+Jq +zEHnEXTgJGNxrim3lsJY5bz+1T6KtjNnySRwK4aFkGJ2IpH2R2VMmRBTRFaJWEjh +oa1Xc8UcT8BZA21N5iQUROIG61tZi30wNp5hqI9LE4oII1rAOdxXa8jmcTR2o2Ch +ZP0Q7MQqXn6ecKB4W9R5V3s5UCle2f5fvSJ57oqoN00sIG5Su4hSC9jV/yGrAIMK +XBiOy7lPr8LJzrKV5qmvns1KDCG3sxjrtnWFCAflZTaHS3ygyH9KuPIf1MF9BIaT +gm+O3VBU/anvQ5DBusxDgytelfTFElPkvtW8KFRnLCCgZ7A6Y9fevBXdbOgr7AK3 +o6tIEcixzcRMnUTmeXIN5NJJw/mmbGLr5wPY0FthwqD3Bn8A92OFUo1iEMjrpYS/ +4maRdlW7kIFw3yct12REhEaaY8Adtag3DBfY7b0zb4txWOFS+OjZ8/Q4oISn9zT2 +VZ8d+WxOcp04gpaXxZSBgk1D/jL2tmgH480CAwEAAaN/MH0wHQYDVR0OBBYEFBph +gmEjkvorojzRIxQ9C1UoQzycMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBQRkqgX +iCF/UsC7CJ4iEaxsvUzdujANBgkqhkiG9w0BAQsFAAOCAgEAhuWKXWI/SfArbnzD +n1IWrvt6RLRR7tU5tqLDtEpzh5t+LxOibTicNCzuKGk7fj+dod2552d5NYs5DKID +B5pchKaJYeH5uDGlCcCCgsDG3xTFTeCI2HEd5Ros+FPRqBrAUhiObs9sPbQ6gcAU +qaeeRWrVRxfO1w6N0y8om8tpQsCX5KR5qhOkIJsOSg6b6Iigl1abVb2v6iqGM8rC +oCghrecTNWumYfLtOXEwCu89hYYUoGEt6nvGHIwhU/xUAo8/IKo0rYGIbJRCuX02 +FhrHEWJMqAWZvs0Cx4F4g9xGfpyzxBuL9H/FTGq+XKXjQBGDRECuIq7hl9ccK+1K +TxQadSm3C0Ap7dOLAdYN9P8K7Ql3AX0nNQG6AX8CzRgm4Flontq4h4XURjFLAhbr +bKZ/tPaUcRYEAONegiTwbvm1akECKEz3n+toMDNTK5Cai51r19kKT01eQ97oo/wq +vO/CyVjHr6dmof2/GLJ6v5TdcPz68TdX1G65bmX26SphhAwxC0PtWEfxzdyrdmVg +a+60GrKo6WYzkiAX2PP+QsSASGFKgm/wulvKZ+F03Tl0Cv7VgLDXD6c3aOngeev6 ++1nlrYGt6m1RWH2xBZjhnUOsk3q1VbgSFVHAzTtEg/vIf73FlM5pO4zfXzyObML3 +5SNs5aaltQMH+hFDr5OgXypQ1uY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUeBO7ijNleg4pg4gsGEwTqZeLBgowDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDcwNTE1NDA0NFoX -DTMzMDcwMjE1NDA0NFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmfbeDwj5qaV4Iw1/ATrU9Ss5irf9 -pWW5scBC/DLswdRgJgHnM79BiwJxhjrUGnBIRdOoAopf5NmJt14wwwOkyRui77jR -1XLbiTV5uow4NIZ0oyTYUTybmIdqatbCGXTOnYedOoogZt1D4SvDyzoCPJMXL3ig -nezgmPons9eXjMJgTZXxCIkwUYcIjhvjHy2QIIXWXQM0jG9/gVMJN+Wu1FbhAv2V -z+DUZmFKwjjvnFJsQskoHGZ8g5hKECKiTD6zSKyVcJSKOcgnPrA1jh1YAwVNp7qn -Vt15Z26dsKSKSJh0ET6PSrruCQ4W3dgAN3PEUZclx/VFBEnWx+Xr+zbqOVg5RAA0 -QZRLZQqzIuZLFkEQJ6yMerU0cQ1xvkxhWXSSYG0tZHonfhZu4x65M1GRZom1XTcB -XtnwrcMCxYuRRIHE6ObRqzenkaU3dS/s3oZzHXv9byUdrYU4ZfhSYObGegCa4jY0 -NvuaL1JJyGXJ7P97ScRf0Gjm7m+oMrET7gb0bZYTgIJd7+FnUsiRXHH2b5w9AoCN -1tYSmmu1wXkGw1njqFGLKrghwhfYrH5o/8xnQbkkszEWSCGW8e4Z1KIPCM/an6JF -QfwbSFw7ftjN87qoqqkzqQq4CoiQGyCs9mMSBmmH/7XTFsRjmw205Od0N+XCEAmv -OPnA8J60gdoVW8sCAwEAAaNTMFEwHQYDVR0OBBYEFHogObiMvRDUu1UFA1ElmE5o -n0LVMB8GA1UdIwQYMBaAFHogObiMvRDUu1UFA1ElmE5on0LVMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAACPasY7ZBYW58oYuMgX/MZa5F8V3bTX -Fi7WpuunVzJ6X68KadTPF1GeF/dyfkqly9xG5qyeL8X3MoAhKfMp75iz7JkNpilq -mHO9GRN+SRzCOF2otWZGpvTp4syLq6VfjWw9bkwzC5N7FIP0t07aO4/AIPbpwHwm -oH8O611eVrh7nrhoXhUa6s4UxEVNu6RP6D8AtO4KDtJ3phPgvEXXZKZ/DUWcrAmB -2mXVZsuLOvegPPP0RxqgKlNX2ZG53xJE4Ugg8zfPyU7DCI3kpnks/gJrhz6B1nuL -14KOC/rXo5oQRNVhTmanKHnW6GKZ5QEB1rqty16RG2CBog7957DnSYKleO4Y7daN -RZQX2x34PzbKvbDqcIgtlmFJmP6OMd8yUGBqIEh+3ed6GImfoMZdhmnttMnaAmlP -OU/w4cTB7FhQoX4MN5y3S/YA32mBjBt7H2NZmXJl5Q3DU1cKtJ1vAwHIATXlwt7F -9wOuhT/2usGQue1l2H26KRZ7tqa0TvWYzYI9liWEn8CT+Hf505c9lnAV26lxoSBH -C1MQhK1UzOSpL0m+GFdz6fX6fCYCB7DZDuv++KcHWbKXVTSk0jxZvl34CAIXJy2s -Xm6jtv9+Jo5zseYDTT/YgUXymH30SL+x8WHhOPPgunF3SD7uMbSyxI021vkBmRmi -mXLHfCGEyjF/ +MIIFFTCCAv2gAwIBAgIUWGj6bltbjWrqNVeP8QkDGMmNV5AwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMTAyMzE2NDAwMloX +DTMzMTAyMDE2NDAwMlowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvOn06bbCkCE7wuwCXojGngKuPj5k +oNB1k99U2X4CNiyPez3EhHFTRJ2sZ8XMf+mgVVS8QBmJb17mHzPDbKlVVqm8W5jV +n0q0AMFBTxbPzupI9puISAlrnnP1EgX4DM8WfPlzIYmVwR5G80qSKy1YLjiQlI8J +N3E5HBQiTrVyjBpSAyAujhhDJ0pjkBRA1CuwU3wL4OM6VlRnaEXV4RiUxsQVnyy3 +15x2VIPYjWm4pj6HLbxvReTuJO+kZy1OJnkAY5f5OMXYbabcp5JBHDafrRh/C1ls +iCRzhfHuaxeMMSHSOSeiN7yrE23tVB/F+dQ3k3MQVziuMGngK0GJ+aYbQ9bo3JPf +kuUk0WMMGNfjnEPJ9WHOiEAaG90IF94s1oR3JKa7RepmCazf9hA7/2RMxlnxzhUl +JiZyNVG3HpnNzd37VGOpLt2UXhdtWNhcwUwHKXuAE2QYTVkQsCfEW+es/yN05Vyn +DHocS8vGReS9Jc+ABqpqF8nXd/BKUNrLI7hSZAP0MNeoHTWY0XBXxICeLGeU0S4B +fVe0WFmnuS0Mw/bowuG186lXbzZCqf8v0/95D+NoQdbv7M5bKN8Y/EC/+FbQHeuk +rL0ISplPxmLq9H1Ldt0P91Yc3FbMSvg7m5eTlYPFWuiFW7XKjIAtIsihEtGeDneT +C0+yenpLAEGOpOsCAwEAAaNTMFEwHQYDVR0OBBYEFBGSqBeIIX9SwLsIniIRrGy9 +TN26MB8GA1UdIwQYMBaAFBGSqBeIIX9SwLsIniIRrGy9TN26MA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBACzcRcYKjUFndZjGhGQwGBtbZlSq4SX1 +YGhqO8sov3uQiWhtSFcL3qTJy69pxB1nfTDiloMFGaXORYJgvyRnD3fZugFiTp+C +LRcQnStiZZWxsCARLQ78FOTy8hMxA5U47BE9h4Ut8eIbDsvBaGYWYGntUqSf0qjK +tFjmmmeQI8EKv1YI3gDnkgoGNwycmXXYhPct4sjRnl158B60bneJwSCrla/BmLfM +PYHCzF7cE29k2n4oi4QUCaFh2Ozmrw14UuEfv6MSGzDXoKxHSs0YMLE8/AF7YeHv +6Wrd2BUOYMCmP0JK4s/JOoeNCWWZ1aA53C1Ch961/XToXzJILmCK9SaAYV/cu+Md +U26s8gRRVfW29OML9F5Caue4jruFc7GEv1zjM2tuSFk2Io2itZXfTed3JDuf49qu +AJoksI+J5iLzo55oL5wnYmtKlcF16EWaPXKDX8SlFWqAU1np9wpU9OZeB6g8UbAV +3TrMQ/sN6CKpPnasJPBIowapKZ3sGf/PQnZeEE5SJiBinm703xrSu13cm19tdGTE +SMGg6QerUfO9MWypM1ZAd8/TWH1a3rv6ezoyp+3HxoA6J5E0kIp9TswK+pVwxqHb +RkVObe8gIk+Q4q45bYuhdn/jZrQ4VNSi5/LJDvqIF/HDF3FzTRcoynIFrOJXNC7s +K4XIODjx7ooL -----END CERTIFICATE----- diff --git a/test-ca/rsa/end.fullchain b/test-ca/rsa/end.fullchain index 7e34d98c2a..37ee395d9c 100644 --- a/test-ca/rsa/end.fullchain +++ b/test-ca/rsa/end.fullchain @@ -1,82 +1,82 @@ -----BEGIN CERTIFICATE----- MIIEGDCCAoCgAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u -eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMDcwNTE1NDA0NloX -DTI4MTIyNTE1NDA0NlowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIKTHriPL+/8gxe6vvLQZl3XmYxjpX -tiUixRuiL9GKZj0i7pNk+YV+GN4KA/WK7dE6hD+87QCSmAItwRZ+BKCzrpy67i4j -6uJBRZlR/4wQ2RLw/+b/UMRu9/MOPD+gxi3FPqq8TUE7jZQ3FHpZOad0Qu79jLnw -pLFMyQxWTNxJrvusr5hzJle/PdWE6sTEB2XF6vzlL/sYkpoX8IHN5HJNjHy4uA1H -uXOHZh3CN9pdRDzhcYdIKJgKFiInBorxpM1dLkUpi7l8/RiibyLdiO+7wv5CgAPV -r9DTP9lqlSrrhc/ZFEugdVReaiZgf69DK6m0/tMcpxAuFHNFlo7+HQDhAgMBAAGj -gdYwgdMwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFHgdUolw -w+l+y7tSzOapzG8cSBDhMEIGA1UdIwQ7MDmAFNXwHMupiq5aMu/dsQWTVaUSVVCj +eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTAyMzE2NDAwNFoX +DTI5MDQxNDE2NDAwNFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcKY2pRsvWI15QbTiNltzOLx47yloS +ZeTVt+TnQXJTxpCwhcpfBs3pho2IEbNMSRsGMjcAmWR9f3mkmx1gb59oM1VufgU3 +pZIC3lvFtd7TKcTJ/Que0BR9rkiy0UJRIPSynQHAGBDPNOZlVOgBqNypk5WL9aKc +R72wATriZu+L85Cq/DkPXQUtJa90I+4kLXuigzxqr3Qlj4q+pJUCuwQ03WQAfNZq +c3Fi7p+AfNb9AXXXYmb+L8hejsOBg+N67PWdwUYaHDcnLhwKIG19ABxiEsHsAfS7 +WJLOdgg3UJ02ml6rbTiZJHRD4/1dLy9csIbi47MHkuKRkKDfaGkSuzL1AgMBAAGj +gdYwgdMwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFJj/V++C +I9CPyrz2aPeET2akBsMMMEIGA1UdIwQ7MDmAFBphgmEjkvorojzRIxQ9C1UoQzyc oR6kHDAaMRgwFgYDVQQDDA9wb255dG93biBSU0EgQ0GCAXswUwYDVR0RBEwwSoIO dGVzdHNlcnZlci5jb22HBMYzZAGCFXNlY29uZC50ZXN0c2VydmVyLmNvbYcQIAEN -uAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBgQCHnRZ1 -qV7w/tjfJm92Za8yTmrnZyyPyJyMWysTSvYgtF/NekB0ujGF734J9sFHWQ9qKUxJ -RNKPeNgvqzimTsxZht0PPwblNDnsnKpS/V+BGaIQ/c5DDu8uDia5c9yNOR4Us3FH -C4w8pp0E71TzFHBaCwUaleIYAwfvY84BbTgSc5UFn5SxcSE3Z7pxAgAfCs1W3VoS -LJan+MvzFzxNtWZ7tE0UE+ezZ/8Zs1LKQHZfXP62Yjyj6C3zI8QUSttmRJMK4EAL -XAX8WPr5QGKWbQ0lbdmi5hKgLrwSbqinVACmMeR8KJ1Cd/l4Na28jFApbkNOD7Wu -bUlZJIInMzhPAuQD1QVcstwwkpLsUWp9jn2ljdEU4T8JcwgWkGYMB1KYDLDJzXSf -bc7IuZ29rZy3RNrfsmBRxA7O67VAVyIQhVeGkoIPL4xWqO87WEF9qpqyMOK4fAqt -HOrn4QNQf4Lw9UQby9bF2nIDX0uC0u+8I7rF/42T30WiStx2EBBTc1P9WKI= +uAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBgQC3rmDg +BeS1hv91KewOoHmmZlh3jm4wGxqbGymXEpL9N3vtMESnsgvJZWN9vBDdp5MbznLL +BdjK+cbwj2E6qjP2xA08xwy7jS2A7dQMN0EMHKgJC/9ExgGkXD973ii5SVebpRgS +A9Vq9GXtzr/N0h7vmdlg0ewVQ/3zkLbVDc2dFKNRa+KRX5uZ+n0QUCvPoL446TK2 +blaw0tPB4dzNHUUIgV/I4ChCSwVyvtG+RZ9Qjxcb4vWt8sowikWSDlm7jWt5Dg9n +kTddYgU/1sUzGoih2jeZslR0m2vsTrgEk1sOLdmUKD5btRbvyoCB7nrGoO2f6G5d +Ygl13Uh6ZaYgZik4aMwOgRuq6ageUqXxMw/mUwXvu+JTAlGSaCankVehVNzZnrp2 +1Vj28u0h2ISaMKIQNd9i0R+Zf3uW7u8v9gyMvbvGOvIGgmqHPzulxTDHQHEKziGv +QjvABXuAnB7FChhaIqexfH82aCvaSjVm1laz7r/2kbLpTEV2WYUrG65IV3s= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAsMSow +dG93biBSU0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAsMSow KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDJygesR+2I4Bc9YCty+f9/mn3zD6Qh -pd8C2tGKBQ31cD33Q+sN4JGRWkGTJIygu/oXXeS3Gqu0RjnPHFikMdDOWge6Wizq -pGzkftg1ZL6nvs9IkOhrcfEIthxJmC5zOfEQ2f/7k1a4lriUC5rYot86ySOgRMbJ -1p/uJPejbGXGiJD8q2T0EyNS9RlgCXtBMrVbngwl1aet1ZR0KQITPA9pKi9ra6Og -x3agB3tDi/LGiX2JlkLAvp/VsN5CnnaEeppsID+7fFspr/QWjVl27RRE+KMpPL1C -sxuUXodcFv1s+4gDrXZHEWCUAL0O5gwVtL4mCv0vfdqZZQWThZdRlRM1FXAhk+ja -aYrgCbWgfP7M9qaTua/mUVEKRHAOzghCeGE6B2FVyKlk2xmPHseLMeM9n8/9vgGs -5h6WHWzs8BNQKgs4V7Rd9cqQ3JdZI8+TAaD43wFCwoW3dNnLOOsyS6XF4WVf9ngn -GxkFajQLkVuKwHCqmrJa4dtjx793EtD4ONECAwEAAaN/MH0wHQYDVR0OBBYEFNXw -HMupiq5aMu/dsQWTVaUSVVCjMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBR6IDm4 -jL0Q1LtVBQNRJZhOaJ9C1TANBgkqhkiG9w0BAQsFAAOCAgEAZbhH6jLY/RqiIiX9 -Eflrn+86FwAzHZiKgbIkMVUqhh1tEHsmVqyXgGZvp8a0j1xA/Kj4RJ/mVSNIZ/z7 -PdDcfYfcdotUvfpUlMIdgESB7tn2VfLdpx807DHTK44di+RsDEOcZokb+u3bYzsD -6VeYgk3dCdSQR7s6NEgKolcQkY0Ma8EL188yHBmkOOex/ewM+sVNYKQTiSWeCJhV -pQAOQwhMejHa8BMvZGKIy3RtXDR+bbS4tw1tiJQXft+380+yNfrkpDDiSiyhR6KF -UXwZD8O7DLSlT0mHxe4o7reurPcsDkoF7aOywuxI43+SKwPKtxgEZif9FiiMfdJW -fK9wy/gf8Xd4YAn6ja7TEsu1Xtf/NpC3oBJ7T2Fhxf7wV3dDqUxltKKHnCJ0QWrn -4e5fyLpP4NsVIFv6LPhYvm4Aa574uyYMfnVhui1mHWMi3FbOACPQ13x2S7nLVUzp -ZtorkQgQAo+D45lSJCQizf1CoRP/l3+iOIwhP/5Sr/at4nOsjTQCE4gAeStlYfoc -SwVtG/euJTxKR7n5HPn2Jcb86AqnNp5zF5XRJgWXyIn9NfYuNAOTWqQXPgc2Cko0 -8f4bBc1Z7u8UN+dGuun+MnFLUnsQDPAarYWndS/7c7IuqLNjQJVnk5+ZnV8DIPxU -9rOxDaj2ExLTz8unCJcwRxEtyd0= +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC5yg9Avocjcf2c9mAMTEtwp5ays+Jq +zEHnEXTgJGNxrim3lsJY5bz+1T6KtjNnySRwK4aFkGJ2IpH2R2VMmRBTRFaJWEjh +oa1Xc8UcT8BZA21N5iQUROIG61tZi30wNp5hqI9LE4oII1rAOdxXa8jmcTR2o2Ch +ZP0Q7MQqXn6ecKB4W9R5V3s5UCle2f5fvSJ57oqoN00sIG5Su4hSC9jV/yGrAIMK +XBiOy7lPr8LJzrKV5qmvns1KDCG3sxjrtnWFCAflZTaHS3ygyH9KuPIf1MF9BIaT +gm+O3VBU/anvQ5DBusxDgytelfTFElPkvtW8KFRnLCCgZ7A6Y9fevBXdbOgr7AK3 +o6tIEcixzcRMnUTmeXIN5NJJw/mmbGLr5wPY0FthwqD3Bn8A92OFUo1iEMjrpYS/ +4maRdlW7kIFw3yct12REhEaaY8Adtag3DBfY7b0zb4txWOFS+OjZ8/Q4oISn9zT2 +VZ8d+WxOcp04gpaXxZSBgk1D/jL2tmgH480CAwEAAaN/MH0wHQYDVR0OBBYEFBph +gmEjkvorojzRIxQ9C1UoQzycMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBQRkqgX +iCF/UsC7CJ4iEaxsvUzdujANBgkqhkiG9w0BAQsFAAOCAgEAhuWKXWI/SfArbnzD +n1IWrvt6RLRR7tU5tqLDtEpzh5t+LxOibTicNCzuKGk7fj+dod2552d5NYs5DKID +B5pchKaJYeH5uDGlCcCCgsDG3xTFTeCI2HEd5Ros+FPRqBrAUhiObs9sPbQ6gcAU +qaeeRWrVRxfO1w6N0y8om8tpQsCX5KR5qhOkIJsOSg6b6Iigl1abVb2v6iqGM8rC +oCghrecTNWumYfLtOXEwCu89hYYUoGEt6nvGHIwhU/xUAo8/IKo0rYGIbJRCuX02 +FhrHEWJMqAWZvs0Cx4F4g9xGfpyzxBuL9H/FTGq+XKXjQBGDRECuIq7hl9ccK+1K +TxQadSm3C0Ap7dOLAdYN9P8K7Ql3AX0nNQG6AX8CzRgm4Flontq4h4XURjFLAhbr +bKZ/tPaUcRYEAONegiTwbvm1akECKEz3n+toMDNTK5Cai51r19kKT01eQ97oo/wq +vO/CyVjHr6dmof2/GLJ6v5TdcPz68TdX1G65bmX26SphhAwxC0PtWEfxzdyrdmVg +a+60GrKo6WYzkiAX2PP+QsSASGFKgm/wulvKZ+F03Tl0Cv7VgLDXD6c3aOngeev6 ++1nlrYGt6m1RWH2xBZjhnUOsk3q1VbgSFVHAzTtEg/vIf73FlM5pO4zfXzyObML3 +5SNs5aaltQMH+hFDr5OgXypQ1uY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUeBO7ijNleg4pg4gsGEwTqZeLBgowDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMDcwNTE1NDA0NFoX -DTMzMDcwMjE1NDA0NFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmfbeDwj5qaV4Iw1/ATrU9Ss5irf9 -pWW5scBC/DLswdRgJgHnM79BiwJxhjrUGnBIRdOoAopf5NmJt14wwwOkyRui77jR -1XLbiTV5uow4NIZ0oyTYUTybmIdqatbCGXTOnYedOoogZt1D4SvDyzoCPJMXL3ig -nezgmPons9eXjMJgTZXxCIkwUYcIjhvjHy2QIIXWXQM0jG9/gVMJN+Wu1FbhAv2V -z+DUZmFKwjjvnFJsQskoHGZ8g5hKECKiTD6zSKyVcJSKOcgnPrA1jh1YAwVNp7qn -Vt15Z26dsKSKSJh0ET6PSrruCQ4W3dgAN3PEUZclx/VFBEnWx+Xr+zbqOVg5RAA0 -QZRLZQqzIuZLFkEQJ6yMerU0cQ1xvkxhWXSSYG0tZHonfhZu4x65M1GRZom1XTcB -XtnwrcMCxYuRRIHE6ObRqzenkaU3dS/s3oZzHXv9byUdrYU4ZfhSYObGegCa4jY0 -NvuaL1JJyGXJ7P97ScRf0Gjm7m+oMrET7gb0bZYTgIJd7+FnUsiRXHH2b5w9AoCN -1tYSmmu1wXkGw1njqFGLKrghwhfYrH5o/8xnQbkkszEWSCGW8e4Z1KIPCM/an6JF -QfwbSFw7ftjN87qoqqkzqQq4CoiQGyCs9mMSBmmH/7XTFsRjmw205Od0N+XCEAmv -OPnA8J60gdoVW8sCAwEAAaNTMFEwHQYDVR0OBBYEFHogObiMvRDUu1UFA1ElmE5o -n0LVMB8GA1UdIwQYMBaAFHogObiMvRDUu1UFA1ElmE5on0LVMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAACPasY7ZBYW58oYuMgX/MZa5F8V3bTX -Fi7WpuunVzJ6X68KadTPF1GeF/dyfkqly9xG5qyeL8X3MoAhKfMp75iz7JkNpilq -mHO9GRN+SRzCOF2otWZGpvTp4syLq6VfjWw9bkwzC5N7FIP0t07aO4/AIPbpwHwm -oH8O611eVrh7nrhoXhUa6s4UxEVNu6RP6D8AtO4KDtJ3phPgvEXXZKZ/DUWcrAmB -2mXVZsuLOvegPPP0RxqgKlNX2ZG53xJE4Ugg8zfPyU7DCI3kpnks/gJrhz6B1nuL -14KOC/rXo5oQRNVhTmanKHnW6GKZ5QEB1rqty16RG2CBog7957DnSYKleO4Y7daN -RZQX2x34PzbKvbDqcIgtlmFJmP6OMd8yUGBqIEh+3ed6GImfoMZdhmnttMnaAmlP -OU/w4cTB7FhQoX4MN5y3S/YA32mBjBt7H2NZmXJl5Q3DU1cKtJ1vAwHIATXlwt7F -9wOuhT/2usGQue1l2H26KRZ7tqa0TvWYzYI9liWEn8CT+Hf505c9lnAV26lxoSBH -C1MQhK1UzOSpL0m+GFdz6fX6fCYCB7DZDuv++KcHWbKXVTSk0jxZvl34CAIXJy2s -Xm6jtv9+Jo5zseYDTT/YgUXymH30SL+x8WHhOPPgunF3SD7uMbSyxI021vkBmRmi -mXLHfCGEyjF/ +MIIFFTCCAv2gAwIBAgIUWGj6bltbjWrqNVeP8QkDGMmNV5AwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMTAyMzE2NDAwMloX +DTMzMTAyMDE2NDAwMlowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvOn06bbCkCE7wuwCXojGngKuPj5k +oNB1k99U2X4CNiyPez3EhHFTRJ2sZ8XMf+mgVVS8QBmJb17mHzPDbKlVVqm8W5jV +n0q0AMFBTxbPzupI9puISAlrnnP1EgX4DM8WfPlzIYmVwR5G80qSKy1YLjiQlI8J +N3E5HBQiTrVyjBpSAyAujhhDJ0pjkBRA1CuwU3wL4OM6VlRnaEXV4RiUxsQVnyy3 +15x2VIPYjWm4pj6HLbxvReTuJO+kZy1OJnkAY5f5OMXYbabcp5JBHDafrRh/C1ls +iCRzhfHuaxeMMSHSOSeiN7yrE23tVB/F+dQ3k3MQVziuMGngK0GJ+aYbQ9bo3JPf +kuUk0WMMGNfjnEPJ9WHOiEAaG90IF94s1oR3JKa7RepmCazf9hA7/2RMxlnxzhUl +JiZyNVG3HpnNzd37VGOpLt2UXhdtWNhcwUwHKXuAE2QYTVkQsCfEW+es/yN05Vyn +DHocS8vGReS9Jc+ABqpqF8nXd/BKUNrLI7hSZAP0MNeoHTWY0XBXxICeLGeU0S4B +fVe0WFmnuS0Mw/bowuG186lXbzZCqf8v0/95D+NoQdbv7M5bKN8Y/EC/+FbQHeuk +rL0ISplPxmLq9H1Ldt0P91Yc3FbMSvg7m5eTlYPFWuiFW7XKjIAtIsihEtGeDneT +C0+yenpLAEGOpOsCAwEAAaNTMFEwHQYDVR0OBBYEFBGSqBeIIX9SwLsIniIRrGy9 +TN26MB8GA1UdIwQYMBaAFBGSqBeIIX9SwLsIniIRrGy9TN26MA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBACzcRcYKjUFndZjGhGQwGBtbZlSq4SX1 +YGhqO8sov3uQiWhtSFcL3qTJy69pxB1nfTDiloMFGaXORYJgvyRnD3fZugFiTp+C +LRcQnStiZZWxsCARLQ78FOTy8hMxA5U47BE9h4Ut8eIbDsvBaGYWYGntUqSf0qjK +tFjmmmeQI8EKv1YI3gDnkgoGNwycmXXYhPct4sjRnl158B60bneJwSCrla/BmLfM +PYHCzF7cE29k2n4oi4QUCaFh2Ozmrw14UuEfv6MSGzDXoKxHSs0YMLE8/AF7YeHv +6Wrd2BUOYMCmP0JK4s/JOoeNCWWZ1aA53C1Ch961/XToXzJILmCK9SaAYV/cu+Md +U26s8gRRVfW29OML9F5Caue4jruFc7GEv1zjM2tuSFk2Io2itZXfTed3JDuf49qu +AJoksI+J5iLzo55oL5wnYmtKlcF16EWaPXKDX8SlFWqAU1np9wpU9OZeB6g8UbAV +3TrMQ/sN6CKpPnasJPBIowapKZ3sGf/PQnZeEE5SJiBinm703xrSu13cm19tdGTE +SMGg6QerUfO9MWypM1ZAd8/TWH1a3rv6ezoyp+3HxoA6J5E0kIp9TswK+pVwxqHb +RkVObe8gIk+Q4q45bYuhdn/jZrQ4VNSi5/LJDvqIF/HDF3FzTRcoynIFrOJXNC7s +K4XIODjx7ooL -----END CERTIFICATE----- diff --git a/test-ca/rsa/end.key b/test-ca/rsa/end.key index 0309320c89..fc2ed4d89f 100644 --- a/test-ca/rsa/end.key +++ b/test-ca/rsa/end.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDIKTHriPL+/8gx -e6vvLQZl3XmYxjpXtiUixRuiL9GKZj0i7pNk+YV+GN4KA/WK7dE6hD+87QCSmAIt -wRZ+BKCzrpy67i4j6uJBRZlR/4wQ2RLw/+b/UMRu9/MOPD+gxi3FPqq8TUE7jZQ3 -FHpZOad0Qu79jLnwpLFMyQxWTNxJrvusr5hzJle/PdWE6sTEB2XF6vzlL/sYkpoX -8IHN5HJNjHy4uA1HuXOHZh3CN9pdRDzhcYdIKJgKFiInBorxpM1dLkUpi7l8/Rii -byLdiO+7wv5CgAPVr9DTP9lqlSrrhc/ZFEugdVReaiZgf69DK6m0/tMcpxAuFHNF -lo7+HQDhAgMBAAECggEABJkZqfj76Aq1LRnTsctdfcKQNAe9uF0ZTkqr31Zs4FqH -5gEIBsZKoEJu+1jq75WV/FukYTEqlbODPUzVuPBfRrForUyiZ7XSG8C/DGir7Ykn -C709L7lJwejVPwr4RTe4PnM5ldjKelU+xeMlCl6uL5gICHAOp24JGqP1shfS6ahe -ej7mtKHu/jY5YwS9oiAwqqz9f+tXP109sdfo7xffPCH7HkdSEK9C6hXbGp2KzGAx -8NZuaaib+BQ29A1PWjR/3OgPdQBOaI7k3TZeHIivk0AIkeFecqNMCHNIFDFydwJ0 -yw/ab8hydHlvcsDHRFc19zR5tJhJLhhRgE7RbyoHHwKBgQDvIBbb7iVc4ZOVPmOw -huOlJ87OoYuFth0SwluolAwDaHpu0TEXKLP+mQCRZm3Unv2s/peCs1woEI8LqXVO -j1tFBO4J9adjrlMqmrk1g/dTmUgYovpwZcJ9ZIMkfydFbwrEaWgFDkbUvJLJjlG+ -eH5W6RwZliTR2tbNxhU8/Ckj+wKBgQDWSTH0HjBmkEIq+pTpaSA3gCfiRTMucRWz -BWNnYaslWa72I6XZzuAdjhs1C9gQz124GIWiR+9x0C0LZHDxpbwLjI1eeeeqmMsv -u9T9b4nwfKtjz1B3dsWtQiHgoAK+CykISY7xhrk2nKxwmViz+ySkQu0HDZwLE9Ch -59t8sQS70wKBgQCtbiymHjbjAogzeih7Y5m/svt/ShMTS14SuPwZbCa6YhBKR1a/ -YToKsZWD3zJRP27lBVGF7egs9rWI08LM05Rynny2pIBe/5Q6FjW15px++XEczTeu -RV+l6jxjQAWPilXY1konQI+Gw64CmUIYTvPyvOcwd4EE4x9f5waIUKrV+QKBgQC2 -yfkypA3lb2kCAH7GHEa/ETL0cNMX6p739sC0jzvOwJHepMn04eOLUo0i0tecf0cS -othbdcFq9Il4DlXJy/Z8Y4iz7okPnQa10SP+jAa+fZo1qcKaJVa6VI9RbSzpr9tw -lk64+JNFYqA17Jkd7j1zYSOPwKw7RsvRUFaKJvZCwQKBgQDmBCJbAIcPxXDTssO6 -w056l0M/nel2e4Lo1Wq958u59xqFuNaXRSqlpB6pfRHdKt7DVmrJJl4mylSk9H4g -660F+RBGVBLdfnLgKdC7NgFWrV4DxgoU4jUY3+zurBl75mKER02Fh0zfhhiwrM2g -14fy3hWF11lqatcAsQy34YcGlA== +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcKY2pRsvWI15Q +bTiNltzOLx47yloSZeTVt+TnQXJTxpCwhcpfBs3pho2IEbNMSRsGMjcAmWR9f3mk +mx1gb59oM1VufgU3pZIC3lvFtd7TKcTJ/Que0BR9rkiy0UJRIPSynQHAGBDPNOZl +VOgBqNypk5WL9aKcR72wATriZu+L85Cq/DkPXQUtJa90I+4kLXuigzxqr3Qlj4q+ +pJUCuwQ03WQAfNZqc3Fi7p+AfNb9AXXXYmb+L8hejsOBg+N67PWdwUYaHDcnLhwK +IG19ABxiEsHsAfS7WJLOdgg3UJ02ml6rbTiZJHRD4/1dLy9csIbi47MHkuKRkKDf +aGkSuzL1AgMBAAECggEAPIdoHRwLuonqyi3dGIBboIwvwbx2WwyMh32Rf0rtBb9X +1FBUPR//yK5nhvtm0hhfR6rSmGWTzTUY2nqS7wqBRwKmAETBZnUs2YEMtiS0aFXZ +drcNVNJcb9lUv2Ts2KU44UptSsTTCkS++ykGyD4GvNCIkvwrgs/uhM8xw0ENpuoD +F5DuD3xRoKEn7QqbkcjRjMGVspTxEDekN6oSTmg6LnXlq21AXEWvtzHXaEK4Z9o7 ++ROGT6e+YCRMYXm0pErTeurzWZ1heFCPbUy74131kYRsOaPntpzRO2g4tYIoEcoL +snxT1WvgZSdbMiNlXbKRshrz+hcdISzRksyAfdetmQKBgQD8jnWiKV9yyk354aEL +5Wj5/7zR7pWeLcJiIdNjtbDf3Dat3nl9Y5oS5qQWTGwmCrkKm3pMlnDFax5L09lb +QvWqFzL8LfikHhaMjL24yBhrSpkpIVmuwFbvp+2207C/CN1q+HMyNjIHiCFtsmz+ +CaAcgvDxQAjkOUweJbM+9qHuswKBgQDfKgXmB/h/edk1GcOUES7KsxHao/Wjip30 +FMkYLKNEgOMfQNwbtjQokVqN1XAhlFSVWzpu3o2Cp3lE361X993zfxOHGBaSpFtW +HqwzhqVa/6JSF3bIJZ92TozOVpj/SLtPpVYscGuX4fusJaZESnR6G5HxP3BuIRzj +WGj9v1irtwKBgQC4ykOn8z2zb/K98yky2xiEU2qE8Fzo7/JaewWA32Aba7VWYoHi +DQ6e5cMJzcET1KSv7jL99tVsnYP9V3SiIcw+N9tGSRy0eI9nJ1Np8H5tgpeuUIie +JH13vRdhvmKEZKgdrMwc4SqZ+DD9Yp/9AG32bph87K2Uz5eyN0N/vlWdoQKBgCBA +E3Al0LyjYEdzPLdmMEvsyvS84x/KRX9jjZgnw0SAF9KJbgW3NBx0vRBoOvcvV3Xq +JCynju3FxBm29XcUBAhPYgQQ8BorFGQCtMIRgE4BSXTxnSHZhgzz1xdunleuLBub +ejOb34CokNVU741I8UJAP7wMffP8Zw9X1HxvLaJLAoGBAJIM6ljFh8XykIrR6xtj +XdspTVKQhkNmSe2aFU7ujEYWgrSoJO9szICsRPRhbb6PGy+QmStcEEJrrJMP8ojc +oYAd8Q3x008AuMcjSCWNuUggTYZOaBVoPzg6de5NfN08lcqwJVZRP7bx74CmfIIM +Hd+2ikk85J6Ho/SQ/ViQLYQD -----END PRIVATE KEY----- diff --git a/test-ca/rsa/end.req b/test-ca/rsa/end.req index 95548f2400..cb08894cdb 100644 --- a/test-ca/rsa/end.req +++ b/test-ca/rsa/end.req @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE REQUEST----- MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIKTHriPL+/8gxe6vvLQZl3XmYxjpXtiUi -xRuiL9GKZj0i7pNk+YV+GN4KA/WK7dE6hD+87QCSmAItwRZ+BKCzrpy67i4j6uJB -RZlR/4wQ2RLw/+b/UMRu9/MOPD+gxi3FPqq8TUE7jZQ3FHpZOad0Qu79jLnwpLFM -yQxWTNxJrvusr5hzJle/PdWE6sTEB2XF6vzlL/sYkpoX8IHN5HJNjHy4uA1HuXOH -Zh3CN9pdRDzhcYdIKJgKFiInBorxpM1dLkUpi7l8/RiibyLdiO+7wv5CgAPVr9DT -P9lqlSrrhc/ZFEugdVReaiZgf69DK6m0/tMcpxAuFHNFlo7+HQDhAgMBAAGgADAN -BgkqhkiG9w0BAQsFAAOCAQEAiDQdzNBzgql9Lca3YdZmVLB3JXPctzefsSLq/TeQ -y2nf3IdZKrsYPwTNEptmdMN4c0NqhAhxZhf5TV7a8xfGERZuYm7EB+6neiu14zRV -hrobvfQ4Wzcl6DNBkMdz+FxykFXMXs/2OaAOIsVosqkflxGXlyPGvzhk2tceN6Dy -nUhgV+60lUICXnP1FrNEOheylATFCJyCtEQkjtWneW3otpTRrlV8FYL/qzwPS1mT -U7cPfPBbK7o0RR50bIyfpYt2s4f5f9R3H46xOcIV85tWBOkBgyu6wNrnjb14SKa2 -M5nxLAq9j4PEX9sZT40QnXVYAZdjxz78T0GRINlmNYNDNA== +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcKY2pRsvWI15QbTiNltzOLx47yloSZeTV +t+TnQXJTxpCwhcpfBs3pho2IEbNMSRsGMjcAmWR9f3mkmx1gb59oM1VufgU3pZIC +3lvFtd7TKcTJ/Que0BR9rkiy0UJRIPSynQHAGBDPNOZlVOgBqNypk5WL9aKcR72w +ATriZu+L85Cq/DkPXQUtJa90I+4kLXuigzxqr3Qlj4q+pJUCuwQ03WQAfNZqc3Fi +7p+AfNb9AXXXYmb+L8hejsOBg+N67PWdwUYaHDcnLhwKIG19ABxiEsHsAfS7WJLO +dgg3UJ02ml6rbTiZJHRD4/1dLy9csIbi47MHkuKRkKDfaGkSuzL1AgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAQEAJnKJqcVDqzXy4AevNe2cjjEu/S4La6FUyQlvnXds +9VsIsJ++F5fSmM9ZYejX89SS0bt2bAcUHy+GG3+/Ab15J84VhNUcy1RuISOmTQzx +Jnk8l+L6dTNHteA0lNSooxxCMzRqz5pJ948AICKZ7BD4vHtoU75vp2/JBevH6HWp +mbMy+oeYxuDUtQy8dGHfV9bG4vR7Mf8Q0XdPYZPw447Awfj5/xmwlFOCPYRPIyk7 +StqP3U3d28Qoyp9mTcgkeTApWyagQnMrOHlJQfUFPkLYi9q1zHbxeTR6IKtQCVe4 +KM09jnko4il3XtpzmIvxA56i5W7RIbcjlIY136YwVWaIjg== -----END CERTIFICATE REQUEST----- diff --git a/test-ca/rsa/end.revoked.crl.pem b/test-ca/rsa/end.revoked.crl.pem new file mode 100644 index 0000000000..1f5cbc8b42 --- /dev/null +++ b/test-ca/rsa/end.revoked.crl.pem @@ -0,0 +1,15 @@ +-----BEGIN X509 CRL----- +MIICTDCBtQIBATANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDDCFwb255dG93biBS +U0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUXDTIzMTAyMzE2NDAwNFoXDTIzMTAzMDE2 +NDAwNFowIzAhAgIByBcNMjMxMDIzMTY0MDA0WjAMMAoGA1UdFQQDCgEBoDAwLjAf +BgNVHSMEGDAWgBQaYYJhI5L6K6I80SMUPQtVKEM8nDALBgNVHRQEBAICEAEwDQYJ +KoZIhvcNAQELBQADggGBAJUD8Dy9FVY5/euoi8K/NvCGr0iKUskCGhk+lQqiovLs +yqCz5+n/U0yVOCwEnDYI9VK2WI11U9EDgZpstAhs+ZRGTDj4IsVX5o91YYYH4zYp +XiW6oMsYWSk9Gh1N5os8fwXL04Vp34dTergqGXl9WVZ1i0phsHjJL3+zFM4X3MSm +vUUrL4od/RQ3hqzZ6Uhpp7PQvYvFPVWQxQNDn606OAvad8MYpOKJ5AN8jQKTISQd +YfV8blIySpCvdCN+ak107OTEeQiOcPpk4jMllXnmFz0AUgQ14Ptyifc08UfU2z7P +Ie69tQIWvvYAJ1KM+aFbvA14+tI4VOKl5u8qGmBOx+nIA9IL9XH9zhlhcnYaWZYD +li/im4ecBChNmSrYsGBqdSIIl/UNeWMXsOrTyu3rUCknOMmKGC0pC5p0DvdZ1qjo +vEYUMnE1YD5J38sk9mIT3vRFgo12IsMmG09rD+kh1+oJedDF6wSbMxVhgUnvANcP +R/E7pOcyAtIrLB4atSCXYQ== +-----END X509 CRL----- diff --git a/test-ca/rsa/end.rsa b/test-ca/rsa/end.rsa index 0309320c89..fc2ed4d89f 100644 --- a/test-ca/rsa/end.rsa +++ b/test-ca/rsa/end.rsa @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDIKTHriPL+/8gx -e6vvLQZl3XmYxjpXtiUixRuiL9GKZj0i7pNk+YV+GN4KA/WK7dE6hD+87QCSmAIt -wRZ+BKCzrpy67i4j6uJBRZlR/4wQ2RLw/+b/UMRu9/MOPD+gxi3FPqq8TUE7jZQ3 -FHpZOad0Qu79jLnwpLFMyQxWTNxJrvusr5hzJle/PdWE6sTEB2XF6vzlL/sYkpoX -8IHN5HJNjHy4uA1HuXOHZh3CN9pdRDzhcYdIKJgKFiInBorxpM1dLkUpi7l8/Rii -byLdiO+7wv5CgAPVr9DTP9lqlSrrhc/ZFEugdVReaiZgf69DK6m0/tMcpxAuFHNF -lo7+HQDhAgMBAAECggEABJkZqfj76Aq1LRnTsctdfcKQNAe9uF0ZTkqr31Zs4FqH -5gEIBsZKoEJu+1jq75WV/FukYTEqlbODPUzVuPBfRrForUyiZ7XSG8C/DGir7Ykn -C709L7lJwejVPwr4RTe4PnM5ldjKelU+xeMlCl6uL5gICHAOp24JGqP1shfS6ahe -ej7mtKHu/jY5YwS9oiAwqqz9f+tXP109sdfo7xffPCH7HkdSEK9C6hXbGp2KzGAx -8NZuaaib+BQ29A1PWjR/3OgPdQBOaI7k3TZeHIivk0AIkeFecqNMCHNIFDFydwJ0 -yw/ab8hydHlvcsDHRFc19zR5tJhJLhhRgE7RbyoHHwKBgQDvIBbb7iVc4ZOVPmOw -huOlJ87OoYuFth0SwluolAwDaHpu0TEXKLP+mQCRZm3Unv2s/peCs1woEI8LqXVO -j1tFBO4J9adjrlMqmrk1g/dTmUgYovpwZcJ9ZIMkfydFbwrEaWgFDkbUvJLJjlG+ -eH5W6RwZliTR2tbNxhU8/Ckj+wKBgQDWSTH0HjBmkEIq+pTpaSA3gCfiRTMucRWz -BWNnYaslWa72I6XZzuAdjhs1C9gQz124GIWiR+9x0C0LZHDxpbwLjI1eeeeqmMsv -u9T9b4nwfKtjz1B3dsWtQiHgoAK+CykISY7xhrk2nKxwmViz+ySkQu0HDZwLE9Ch -59t8sQS70wKBgQCtbiymHjbjAogzeih7Y5m/svt/ShMTS14SuPwZbCa6YhBKR1a/ -YToKsZWD3zJRP27lBVGF7egs9rWI08LM05Rynny2pIBe/5Q6FjW15px++XEczTeu -RV+l6jxjQAWPilXY1konQI+Gw64CmUIYTvPyvOcwd4EE4x9f5waIUKrV+QKBgQC2 -yfkypA3lb2kCAH7GHEa/ETL0cNMX6p739sC0jzvOwJHepMn04eOLUo0i0tecf0cS -othbdcFq9Il4DlXJy/Z8Y4iz7okPnQa10SP+jAa+fZo1qcKaJVa6VI9RbSzpr9tw -lk64+JNFYqA17Jkd7j1zYSOPwKw7RsvRUFaKJvZCwQKBgQDmBCJbAIcPxXDTssO6 -w056l0M/nel2e4Lo1Wq958u59xqFuNaXRSqlpB6pfRHdKt7DVmrJJl4mylSk9H4g -660F+RBGVBLdfnLgKdC7NgFWrV4DxgoU4jUY3+zurBl75mKER02Fh0zfhhiwrM2g -14fy3hWF11lqatcAsQy34YcGlA== +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcKY2pRsvWI15Q +bTiNltzOLx47yloSZeTVt+TnQXJTxpCwhcpfBs3pho2IEbNMSRsGMjcAmWR9f3mk +mx1gb59oM1VufgU3pZIC3lvFtd7TKcTJ/Que0BR9rkiy0UJRIPSynQHAGBDPNOZl +VOgBqNypk5WL9aKcR72wATriZu+L85Cq/DkPXQUtJa90I+4kLXuigzxqr3Qlj4q+ +pJUCuwQ03WQAfNZqc3Fi7p+AfNb9AXXXYmb+L8hejsOBg+N67PWdwUYaHDcnLhwK +IG19ABxiEsHsAfS7WJLOdgg3UJ02ml6rbTiZJHRD4/1dLy9csIbi47MHkuKRkKDf +aGkSuzL1AgMBAAECggEAPIdoHRwLuonqyi3dGIBboIwvwbx2WwyMh32Rf0rtBb9X +1FBUPR//yK5nhvtm0hhfR6rSmGWTzTUY2nqS7wqBRwKmAETBZnUs2YEMtiS0aFXZ +drcNVNJcb9lUv2Ts2KU44UptSsTTCkS++ykGyD4GvNCIkvwrgs/uhM8xw0ENpuoD +F5DuD3xRoKEn7QqbkcjRjMGVspTxEDekN6oSTmg6LnXlq21AXEWvtzHXaEK4Z9o7 ++ROGT6e+YCRMYXm0pErTeurzWZ1heFCPbUy74131kYRsOaPntpzRO2g4tYIoEcoL +snxT1WvgZSdbMiNlXbKRshrz+hcdISzRksyAfdetmQKBgQD8jnWiKV9yyk354aEL +5Wj5/7zR7pWeLcJiIdNjtbDf3Dat3nl9Y5oS5qQWTGwmCrkKm3pMlnDFax5L09lb +QvWqFzL8LfikHhaMjL24yBhrSpkpIVmuwFbvp+2207C/CN1q+HMyNjIHiCFtsmz+ +CaAcgvDxQAjkOUweJbM+9qHuswKBgQDfKgXmB/h/edk1GcOUES7KsxHao/Wjip30 +FMkYLKNEgOMfQNwbtjQokVqN1XAhlFSVWzpu3o2Cp3lE361X993zfxOHGBaSpFtW +HqwzhqVa/6JSF3bIJZ92TozOVpj/SLtPpVYscGuX4fusJaZESnR6G5HxP3BuIRzj +WGj9v1irtwKBgQC4ykOn8z2zb/K98yky2xiEU2qE8Fzo7/JaewWA32Aba7VWYoHi +DQ6e5cMJzcET1KSv7jL99tVsnYP9V3SiIcw+N9tGSRy0eI9nJ1Np8H5tgpeuUIie +JH13vRdhvmKEZKgdrMwc4SqZ+DD9Yp/9AG32bph87K2Uz5eyN0N/vlWdoQKBgCBA +E3Al0LyjYEdzPLdmMEvsyvS84x/KRX9jjZgnw0SAF9KJbgW3NBx0vRBoOvcvV3Xq +JCynju3FxBm29XcUBAhPYgQQ8BorFGQCtMIRgE4BSXTxnSHZhgzz1xdunleuLBub +ejOb34CokNVU741I8UJAP7wMffP8Zw9X1HxvLaJLAoGBAJIM6ljFh8XykIrR6xtj +XdspTVKQhkNmSe2aFU7ujEYWgrSoJO9szICsRPRhbb6PGy+QmStcEEJrrJMP8ojc +oYAd8Q3x008AuMcjSCWNuUggTYZOaBVoPzg6de5NfN08lcqwJVZRP7bx74CmfIIM +Hd+2ikk85J6Ho/SQ/ViQLYQD -----END PRIVATE KEY----- diff --git a/test-ca/rsa/inter.cert b/test-ca/rsa/inter.cert index 4a2ec09b8c..6ede848949 100644 --- a/test-ca/rsa/inter.cert +++ b/test-ca/rsa/inter.cert @@ -1,28 +1,28 @@ -----BEGIN CERTIFICATE----- MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMwNzA1MTU0MDQ2WhcNMzMwNzAyMTU0MDQ2WjAsMSow +dG93biBSU0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAsMSow KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDJygesR+2I4Bc9YCty+f9/mn3zD6Qh -pd8C2tGKBQ31cD33Q+sN4JGRWkGTJIygu/oXXeS3Gqu0RjnPHFikMdDOWge6Wizq -pGzkftg1ZL6nvs9IkOhrcfEIthxJmC5zOfEQ2f/7k1a4lriUC5rYot86ySOgRMbJ -1p/uJPejbGXGiJD8q2T0EyNS9RlgCXtBMrVbngwl1aet1ZR0KQITPA9pKi9ra6Og -x3agB3tDi/LGiX2JlkLAvp/VsN5CnnaEeppsID+7fFspr/QWjVl27RRE+KMpPL1C -sxuUXodcFv1s+4gDrXZHEWCUAL0O5gwVtL4mCv0vfdqZZQWThZdRlRM1FXAhk+ja -aYrgCbWgfP7M9qaTua/mUVEKRHAOzghCeGE6B2FVyKlk2xmPHseLMeM9n8/9vgGs -5h6WHWzs8BNQKgs4V7Rd9cqQ3JdZI8+TAaD43wFCwoW3dNnLOOsyS6XF4WVf9ngn -GxkFajQLkVuKwHCqmrJa4dtjx793EtD4ONECAwEAAaN/MH0wHQYDVR0OBBYEFNXw -HMupiq5aMu/dsQWTVaUSVVCjMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBR6IDm4 -jL0Q1LtVBQNRJZhOaJ9C1TANBgkqhkiG9w0BAQsFAAOCAgEAZbhH6jLY/RqiIiX9 -Eflrn+86FwAzHZiKgbIkMVUqhh1tEHsmVqyXgGZvp8a0j1xA/Kj4RJ/mVSNIZ/z7 -PdDcfYfcdotUvfpUlMIdgESB7tn2VfLdpx807DHTK44di+RsDEOcZokb+u3bYzsD -6VeYgk3dCdSQR7s6NEgKolcQkY0Ma8EL188yHBmkOOex/ewM+sVNYKQTiSWeCJhV -pQAOQwhMejHa8BMvZGKIy3RtXDR+bbS4tw1tiJQXft+380+yNfrkpDDiSiyhR6KF -UXwZD8O7DLSlT0mHxe4o7reurPcsDkoF7aOywuxI43+SKwPKtxgEZif9FiiMfdJW -fK9wy/gf8Xd4YAn6ja7TEsu1Xtf/NpC3oBJ7T2Fhxf7wV3dDqUxltKKHnCJ0QWrn -4e5fyLpP4NsVIFv6LPhYvm4Aa574uyYMfnVhui1mHWMi3FbOACPQ13x2S7nLVUzp -ZtorkQgQAo+D45lSJCQizf1CoRP/l3+iOIwhP/5Sr/at4nOsjTQCE4gAeStlYfoc -SwVtG/euJTxKR7n5HPn2Jcb86AqnNp5zF5XRJgWXyIn9NfYuNAOTWqQXPgc2Cko0 -8f4bBc1Z7u8UN+dGuun+MnFLUnsQDPAarYWndS/7c7IuqLNjQJVnk5+ZnV8DIPxU -9rOxDaj2ExLTz8unCJcwRxEtyd0= +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC5yg9Avocjcf2c9mAMTEtwp5ays+Jq +zEHnEXTgJGNxrim3lsJY5bz+1T6KtjNnySRwK4aFkGJ2IpH2R2VMmRBTRFaJWEjh +oa1Xc8UcT8BZA21N5iQUROIG61tZi30wNp5hqI9LE4oII1rAOdxXa8jmcTR2o2Ch +ZP0Q7MQqXn6ecKB4W9R5V3s5UCle2f5fvSJ57oqoN00sIG5Su4hSC9jV/yGrAIMK +XBiOy7lPr8LJzrKV5qmvns1KDCG3sxjrtnWFCAflZTaHS3ygyH9KuPIf1MF9BIaT +gm+O3VBU/anvQ5DBusxDgytelfTFElPkvtW8KFRnLCCgZ7A6Y9fevBXdbOgr7AK3 +o6tIEcixzcRMnUTmeXIN5NJJw/mmbGLr5wPY0FthwqD3Bn8A92OFUo1iEMjrpYS/ +4maRdlW7kIFw3yct12REhEaaY8Adtag3DBfY7b0zb4txWOFS+OjZ8/Q4oISn9zT2 +VZ8d+WxOcp04gpaXxZSBgk1D/jL2tmgH480CAwEAAaN/MH0wHQYDVR0OBBYEFBph +gmEjkvorojzRIxQ9C1UoQzycMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBQRkqgX +iCF/UsC7CJ4iEaxsvUzdujANBgkqhkiG9w0BAQsFAAOCAgEAhuWKXWI/SfArbnzD +n1IWrvt6RLRR7tU5tqLDtEpzh5t+LxOibTicNCzuKGk7fj+dod2552d5NYs5DKID +B5pchKaJYeH5uDGlCcCCgsDG3xTFTeCI2HEd5Ros+FPRqBrAUhiObs9sPbQ6gcAU +qaeeRWrVRxfO1w6N0y8om8tpQsCX5KR5qhOkIJsOSg6b6Iigl1abVb2v6iqGM8rC +oCghrecTNWumYfLtOXEwCu89hYYUoGEt6nvGHIwhU/xUAo8/IKo0rYGIbJRCuX02 +FhrHEWJMqAWZvs0Cx4F4g9xGfpyzxBuL9H/FTGq+XKXjQBGDRECuIq7hl9ccK+1K +TxQadSm3C0Ap7dOLAdYN9P8K7Ql3AX0nNQG6AX8CzRgm4Flontq4h4XURjFLAhbr +bKZ/tPaUcRYEAONegiTwbvm1akECKEz3n+toMDNTK5Cai51r19kKT01eQ97oo/wq +vO/CyVjHr6dmof2/GLJ6v5TdcPz68TdX1G65bmX26SphhAwxC0PtWEfxzdyrdmVg +a+60GrKo6WYzkiAX2PP+QsSASGFKgm/wulvKZ+F03Tl0Cv7VgLDXD6c3aOngeev6 ++1nlrYGt6m1RWH2xBZjhnUOsk3q1VbgSFVHAzTtEg/vIf73FlM5pO4zfXzyObML3 +5SNs5aaltQMH+hFDr5OgXypQ1uY= -----END CERTIFICATE----- diff --git a/test-ca/rsa/inter.key b/test-ca/rsa/inter.key index bed44a1e3c..214f6d641d 100644 --- a/test-ca/rsa/inter.key +++ b/test-ca/rsa/inter.key @@ -1,40 +1,40 @@ -----BEGIN PRIVATE KEY----- -MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDJygesR+2I4Bc9 -YCty+f9/mn3zD6Qhpd8C2tGKBQ31cD33Q+sN4JGRWkGTJIygu/oXXeS3Gqu0RjnP -HFikMdDOWge6WizqpGzkftg1ZL6nvs9IkOhrcfEIthxJmC5zOfEQ2f/7k1a4lriU -C5rYot86ySOgRMbJ1p/uJPejbGXGiJD8q2T0EyNS9RlgCXtBMrVbngwl1aet1ZR0 -KQITPA9pKi9ra6Ogx3agB3tDi/LGiX2JlkLAvp/VsN5CnnaEeppsID+7fFspr/QW -jVl27RRE+KMpPL1CsxuUXodcFv1s+4gDrXZHEWCUAL0O5gwVtL4mCv0vfdqZZQWT -hZdRlRM1FXAhk+jaaYrgCbWgfP7M9qaTua/mUVEKRHAOzghCeGE6B2FVyKlk2xmP -HseLMeM9n8/9vgGs5h6WHWzs8BNQKgs4V7Rd9cqQ3JdZI8+TAaD43wFCwoW3dNnL -OOsyS6XF4WVf9ngnGxkFajQLkVuKwHCqmrJa4dtjx793EtD4ONECAwEAAQKCAYAI -qH6DyeJLSTI2E/ZJTKjF1N8qmrU0LGXRPYpYHbdnnJVMEsH3KneUgQbnRV4zV113 -uzOhF6feaFT6qgCzqt+Gux4xxMTAnKV/eGHWiKgVkn5aYr1WPuFUulukXL9Bem75 -hiERrlS+PtlUoNrYCMUDRLYenlTZPDhIg5WMkY4cYqe177S5NEkDujiIgl+jgIV/ -lNx4kx5KuytPgKLyKFWQ8ZpvRYMT1vskCq4jS9Hy6ttUF/ptQsCg7qHawenb7Va3 -Wqah5FSJ+tSaqpzeShs07HbwOgDjitirFvcNqAQshP2wzAetuWHYxnG7XC+xhHo4 -vH7XBMN/q+QTUiNz/a+fXJWRWB0kihQ6qRL4ef1XifzVed1DWkVYH4NRf9cXedj3 -GwsA8X3W1AorNNIVZMVCc4pLwLuzF+JwyOUaltRozG/VXtUNvzEe+rNLqd6+q1iE -ago1nICwSBqCq78V6Su2I94OELs+MlaZ4qd14ONvjR4KoXujHoPjgFBYUbcHSTEC -gcEA1elEqk4GK4DbNwjJ5WrY6IjTZkGFHV/Ii/1sInRfqlODje3VbptTyr/PccsK -1aE5Tk0wfV23P6GcnkEIJOyqj70O3BbmHZG5mg1tbs8+bnx51ezNbyUraFh+ujz5 -UCWGQfRJiErE9IMRz2C1kThQt6gbpA3Xkyk8xW4UEyd2ofrpv/MZyd1BDWDHKN7f -CLLuBgqQ20jzsI3e8j1Vsad9L+BhOTdJ+FkXshYZJGprg2QZwvNXPOmiphgh2XDz -oTCLAoHBAPF+LIrnGcoq2zHjSHnunQrlchx6NReDAmDm63bl0Wvht3X0wF4CScR+ -Pe1op+CnBl71jb3Qhf8lBrVW4OpHNwaOMKnXdWL3ywP0fH2zDFaG4t324Iixulp4 -MVRHcg8Bm+I5gFDn+M1lacZjpIde7f8obtyB93+9G0pfbO0W/wklPbWxODRNFA74 -gsXUj6BUmXrKXjpv5J5RbDYAKHg+DD6lO1Ol70gayTm5N59hz5Q84JPxEph+UgxT -InlkvwYrkwKBwQCgD+d4g9+sB8SAvsvMJhJelZuRxW8k1rpKvft/IJNA8TLcLd3p -4MJnUPWZ0XOu/O/TfoDNHiXzsCtwY3sDni/WVIJc/6l68MLv2iJLqzmtFOlZwNLL -2wVLFATnuJ5ZcWqvyWqIWGJeEAFwqo3SN1B2zIy6Sj1H+bBmjwLofjwP4p+sKOzg -FvYJW6RLGdHMQY9H5/oSi9kFAHOV0X1g7NII1B4L4SoxcgEAGfcAP71pWKrKLKnX -g39YR3B0s0cqExcCgcAgd5Evf5CFEKv1khQNaJoue9iSoY9/wLpSItmnW5CDS45p -ymUOfopCY6KZx4dCedIudB8BVQae3fB/8tU8SiTIudcrDm+Wxa/CsV0HXUocW/gm -VWmslxBx11TyesSH5fR6PrbUqctWefr1lDHrjUS8GEiHVuXag6cmoZu4aG4TYbFh -OxlOVsqKlLioNkK1EIqt6oUuoBqBenrs66qFN/pXdcl7HoUEEa3aF9+1iuXojSK4 -YSHZ5KnNRGQPJA9WmgcCgcBttG1HjTKcgaslzMy2ShiwywIQ4RYcnh2tXDlLUgCa -+5ZJ7Ys5VxhRivCIgnub3Fs1rVblsIFA0H6B64w8QGHoO6aYtH0DU+ezPj9iPWaG -dls8yX8jwalVwgeBVy4aHX5i0tRWhimffxZzEm8Pod9M0u9/1zbCRQcpmNyl1mI/ -UgP3QJFw+EK/B6cFQqIFFwkQZxLTQDE6dYUSS4LpdbdCjBKWjp1JheAPOsQgkb0c -gcG/f1qBHl7sZT+8QLngEFs= +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQC5yg9Avocjcf2c +9mAMTEtwp5ays+JqzEHnEXTgJGNxrim3lsJY5bz+1T6KtjNnySRwK4aFkGJ2IpH2 +R2VMmRBTRFaJWEjhoa1Xc8UcT8BZA21N5iQUROIG61tZi30wNp5hqI9LE4oII1rA +OdxXa8jmcTR2o2ChZP0Q7MQqXn6ecKB4W9R5V3s5UCle2f5fvSJ57oqoN00sIG5S +u4hSC9jV/yGrAIMKXBiOy7lPr8LJzrKV5qmvns1KDCG3sxjrtnWFCAflZTaHS3yg +yH9KuPIf1MF9BIaTgm+O3VBU/anvQ5DBusxDgytelfTFElPkvtW8KFRnLCCgZ7A6 +Y9fevBXdbOgr7AK3o6tIEcixzcRMnUTmeXIN5NJJw/mmbGLr5wPY0FthwqD3Bn8A +92OFUo1iEMjrpYS/4maRdlW7kIFw3yct12REhEaaY8Adtag3DBfY7b0zb4txWOFS ++OjZ8/Q4oISn9zT2VZ8d+WxOcp04gpaXxZSBgk1D/jL2tmgH480CAwEAAQKCAYAm +vxLkxgdxdze02TYJQo0WKsFVNgpBiyUwXzXge/5ISlH1cYnJF+qNO+RN8fcxDSQe +B5nHt6etKwMFWXjxG1fqAa3JeYHDmqAHxcNlJuW+uqX8UcOS/ZWk60czGtHqMO3h +gJGXzvShw1vNDJQdIEO2+YN/PY3swt67PaGgk3H1MZhp2X7rqniuqH7kQvLXvR5Y +Tw0YTWY5Dm9rriQdNk7LvGhlXRc3HSNa/nZAfe+R/ltEw2T+lRALwhFzGfUXzYaD +SjXZUxUMmFUwogydAVRy7KEIV1PdopAJuJFYY/mwchiiq3yZiWLwGzEENCNXNurh +IeE59QnHg7HuH5uaS9BqyNqas5C5nhbbCQISFh1bKMShhNtfyXSedlc4c+ZUKqPV +041XB5JxJ07eoDcu1naHhrIa27VlxgCxJ70bNTB6L4pznh33QvC9glvDT0ZUW+Sg +cTIv37mVytuTmvPOtCibjoqg8wWoQZVC8QbGc4ziaxPg3B1gaLQh9UGPwfmci7EC +gcEA/d+QvCCMRkpQyAXIRFU+W4zKiLmrc0lplMh/IaIhxepFdn0bNmMj0BpLpAVH +kfwpGL+CspVHDEQ/UP9nLa/K0gddnJiq5KdQ1sqGwQ84Dn/YNDaak0BlwcU9K/9b +Z04TJPo7+EAc2W94Vh4lToQfLwhvXFuS/V22Oo81353o46+2HgMpxt1PF42gPWAY +Wlo+z1jiO67uh/A/qdxQ2/t/NeHwaVpWDPmhEluvpXcbkS/mNFX42wS5MgJ4WZxS +UF8xAoHBALtYfLbMvOC4KjaRAnqILiBisYkzRoHGmOCcZQjL5c4D0ALjdowG/gvj +inXYL5mITfcpVfGgR+TdvgSe5c3aGy/b++BtzjlNljaGMZ6z1dCDQWCXxqIa+VZT +9JCoCwO77G/zaeViQPkOgEKylmGElZk8CvUTuZaWpHPCDp+p31JBSMeOooCFCqxM +cWMYCQaAR04qXe7QpsXcHXkFdEQUEab33xE7NsxETZBnQr7YCNSIpmDXitIgMrZT +Ch5YLFx/XQKBwQCoorHUlVY4drL0OwsNgQY77+i1K4gcu34bq5bvM3B1tClSDMZf +uTkXye/G0w74hOSToNrjX09jcY4RcqYJ7gSuwN/I3oxd+Fo1YzBh24cj8n4eKMtC +1vsA3NDGgggoNe93l5TwUT4YnPf1VG75mb/RESxP0DByhqY+fdSOZqlFXPl/NCCz +DVy1S4lOW5+xnNKuDt+wP4II4GiZn1RC2+tjUmLMyInycnsw46BoLBcuuP+Uciss +6RVPh96Dv9fZtXECgcBUKGvdshsm15Qe7wUuBf6yjaMy/tWtdok2XQsF6JJS+WN3 +6LZYMMvui0inp3W6goCDhw4UfOvO4814Rej1kASmeyuqpaj+FNxloeKoaCCkilHU +Elood/WJ0i0KznIkO0b7A12OrZSCTQFQ9OiY5fZN36sMbM/x1boKRiJLlwO675jC +DFDzatBglfZZjXKAeR+O/Xk0zoYcW8ThmJGiA2Hqn26VTwROvmAZfkl9cY6F6tzS +pAC4Y75kKOliuDk1VAECgcBASGzrmunMsn+KVnOozbGRP3H33afizz9GYByKKEHW +ErfnjVQ2/iaARLYFBof45PQUSD772dpoF8zvYASl1BVhVfpsB1BbAlKx4OPZL6NS +BS8DnOCTfqxEfzrbOAj3g69yapjT/sqHn2/33unm4sx2ctrq0wCrDmLkiRjOoUic +o+eA2dDIR3hyFk/0qX0LeCTC7SJXdT+Uu61x+deXvddr5zrJi/Vugvp7IzAtlW3y +qJBXIWBtA0aJhcLHYBPdqNw= -----END PRIVATE KEY----- diff --git a/test-ca/rsa/inter.req b/test-ca/rsa/inter.req index f1021ed15f..3d6ba5f909 100644 --- a/test-ca/rsa/inter.req +++ b/test-ca/rsa/inter.req @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE REQUEST----- MIIDcTCCAdkCAQAwLDEqMCgGA1UEAwwhcG9ueXRvd24gUlNBIGxldmVsIDIgaW50 -ZXJtZWRpYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAycoHrEft -iOAXPWArcvn/f5p98w+kIaXfAtrRigUN9XA990PrDeCRkVpBkySMoLv6F13ktxqr -tEY5zxxYpDHQzloHulos6qRs5H7YNWS+p77PSJDoa3HxCLYcSZgucznxENn/+5NW -uJa4lAua2KLfOskjoETGydaf7iT3o2xlxoiQ/Ktk9BMjUvUZYAl7QTK1W54MJdWn -rdWUdCkCEzwPaSova2ujoMd2oAd7Q4vyxol9iZZCwL6f1bDeQp52hHqabCA/u3xb -Ka/0Fo1Zdu0URPijKTy9QrMblF6HXBb9bPuIA612RxFglAC9DuYMFbS+Jgr9L33a -mWUFk4WXUZUTNRVwIZPo2mmK4Am1oHz+zPamk7mv5lFRCkRwDs4IQnhhOgdhVcip -ZNsZjx7HizHjPZ/P/b4BrOYelh1s7PATUCoLOFe0XfXKkNyXWSPPkwGg+N8BQsKF -t3TZyzjrMkulxeFlX/Z4JxsZBWo0C5FbisBwqpqyWuHbY8e/dxLQ+DjRAgMBAAGg -ADANBgkqhkiG9w0BAQsFAAOCAYEAroXQLyVxjWxiS4RLYa93502hsZ1z4E2uPaqc -hHcFMiyMRp6gxFllPol91z7li9RQSQtwsd6mNAPaBjhHoG5aQmpNHiyYHxufF/xR -Q9PmZok/7akQY7lDbK/14eJFsQQlD+81Qhg3qpw0cym3NpmtivnMyGEqpw2EozJC -RxNAjTj+C1LfynB33tOOax/QEz4griFVazQ3T3yEjR5C1xVPzisZFxaM6pxC3YIS -AOoeIHrG5Iw8u98zVMxRHomYSv568/Ghv3bF9lJkwL7bgmOb2347QRtNd3mE2Kv2 -CqPk9HUtIJDytq4Z79wE9lPqh9U8lMmDWWw6JymIyi6UEdiZi+T1nvCo612b/Nxk -mHpFPClMzCxb59o90kmy2TpqYrVX7jkSM+tI7YJZ+PLDoOSrTS5+S19Ka2+xxPGU -T3ekvxkTZFFfhlU6mH0DIG39jXMia7EGlaVrg5j6Ucu3a6Ph2+RCHJvMtXHLgWV6 -N0KLYXPb7EXYyUnlz1enk55MzDbR +ZXJtZWRpYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAucoPQL6H +I3H9nPZgDExLcKeWsrPiasxB5xF04CRjca4pt5bCWOW8/tU+irYzZ8kkcCuGhZBi +diKR9kdlTJkQU0RWiVhI4aGtV3PFHE/AWQNtTeYkFETiButbWYt9MDaeYaiPSxOK +CCNawDncV2vI5nE0dqNgoWT9EOzEKl5+nnCgeFvUeVd7OVApXtn+X70iee6KqDdN +LCBuUruIUgvY1f8hqwCDClwYjsu5T6/Cyc6yleapr57NSgwht7MY67Z1hQgH5WU2 +h0t8oMh/SrjyH9TBfQSGk4Jvjt1QVP2p70OQwbrMQ4MrXpX0xRJT5L7VvChUZywg +oGewOmPX3rwV3WzoK+wCt6OrSBHIsc3ETJ1E5nlyDeTSScP5pmxi6+cD2NBbYcKg +9wZ/APdjhVKNYhDI66WEv+JmkXZVu5CBcN8nLddkRIRGmmPAHbWoNwwX2O29M2+L +cVjhUvjo2fP0OKCEp/c09lWfHflsTnKdOIKWl8WUgYJNQ/4y9rZoB+PNAgMBAAGg +ADANBgkqhkiG9w0BAQsFAAOCAYEAZnS6W4TqFJ/1taJl1CBAAzr/Cbd6+eIG1FY4 +pf0ks3aPj60IWkyLAknisq4JV7dNmXFs2IUOsK73YU4GxBP1Fh6JK5qD0h5fNz+f +Zmeug22Sf3bnaIccVduA4dB3fgGlQGC++5K2nUZWKJ3uX2PGGpeT/uVHG3z9JxHn +2XfeN/P6ncs8nXwmDkF44/i+TNjWbHjhWJ3ElEI+0jdnNSDulwrOOLdcnV2otU9x +piOK0LhXbgjZdiCMTyUIT+u3rSxOuSvKQMIlskiIuJcx0eZjCTq9Bwtqu+RNv1x1 +yiTXRdVzfdE88kfOL6xHqtZJn86d08cZE8VtgFtBzbtI+0qEZ0FhwYXD168b6kK6 +0kx33WCTj7VDwUNn2g3PMSgIxzyZ3LQWOoBm7uGkkw/n6pme3MmamrwyDB315WrF +Zn8SDnqCWfDvxHHqamIXuLfLEljax+4JroK9LNZYOLbmDwMF4pb135ag2FinH0rv +PlCgx1S3nhVQtRLr7/o+WZbL3Sfl -----END CERTIFICATE REQUEST----- diff --git a/test-ca/rsa/inter.revoked.crl.pem b/test-ca/rsa/inter.revoked.crl.pem new file mode 100644 index 0000000000..b0be585aea --- /dev/null +++ b/test-ca/rsa/inter.revoked.crl.pem @@ -0,0 +1,17 @@ +-----BEGIN X509 CRL----- +MIICuTCBogIBATANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255dG93biBS +U0EgQ0EXDTIzMTAyMzE2NDAwNFoXDTIzMTAzMDE2NDAwNFowIjAgAgF7Fw0yMzEw +MjMxNjQwMDRaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQYMBaAFBGSqBeIIX9S +wLsIniIRrGy9TN26MAsGA1UdFAQEAgIQATANBgkqhkiG9w0BAQsFAAOCAgEAKlj8 +oSrrtN3QFBGUpttYJIvA8LBpOayWnOVXA7EqP4G9vhiABTebR8aT0qTk+ZeNoH+x +FfUpK0cNj2bqcKU07HqEUBsTC1vsfcm6zt6fjM4naux9CqgdPGwe+NZ3+noH7Cu4 +YRU/8sTJIWbqXYvvLsGjRGDRNrJdUqHJyGyCr3o9+O6ANcKWu+olmxnVh2X9McBA +AuBItfq8EcampOIbO8beb41hWnQhL+CtM4PEV5/iG0iOrJYqAJ/msEtnNFQkqRd6 +I72axNRX4T7A09YW9TZDOcEOJx05E1XVsqUqv8YzifFE9dZUaHJ3EGBnFMLYyQk7 +OUap0TMIy919kXBpIY68SeN3OcgtEZ/yke7tF2QWt7C0R90TkFUhBcUoTpmGfiWV +Vi/7e9aR9R/PVUMGMHyJ5pkOg3nj1si/A9Co4KPw54lfUsDQFLAaG2IP8u5QnwlT +z2A4L/ZGJICtPTtnSaumqoh17Y23DcZK9sIzvDnoaNQzESlmwApoqGZx1wpZMZl5 +xL9JXOib9dunkARX3uy5BFV0Pugw2Rd/E9f1vN+eJbHMXdCg0bmeyva04uuH3NiQ +WdFq96yk0s6+uSMGFFhHK4pMg99YWZL9Z5vsfAM3lFvrVVmdQw4bzTP+VJFBB3ux +7rKMdQsby4/+zU6oKW/QWYjsteBZzBL3h2Dxu08= +-----END X509 CRL----- From 46f719a8a04cff6735483c62399ef982d56f7ba6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 20 Oct 2023 12:52:03 -0400 Subject: [PATCH 0312/1145] tests: coverage for client revocation depth/unknown status This commit updates the existing client certificate revocation testing to also exercise the two new verifier options for controlling the depth of revocation checking, and deciding how to handle unknown revocation status. --- rustls/tests/api.rs | 131 +++++++++++++++++++++++++++++++------ rustls/tests/common/mod.rs | 84 ++++++++++++++---------- 2 files changed, 160 insertions(+), 55 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 6a9590b484..231481bca3 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1121,18 +1121,15 @@ fn client_cert_resolve() { let server_config = Arc::new(make_server_config_with_mandatory_client_auth(*kt)); let expected_issuers = match *kt { - KeyType::Rsa => vec![ - b"0,1*0(\x06\x03U\x04\x03\x0c!ponytown RSA level 2 intermediate".to_vec(), - b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA".to_vec(), - ], - KeyType::Ecdsa => vec![ - b"0.1,0*\x06\x03U\x04\x03\x0c#ponytown ECDSA level 2 intermediate".to_vec(), - b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown ECDSA CA".to_vec(), - ], - KeyType::Ed25519 => vec![ - b"0.1,0*\x06\x03U\x04\x03\x0c#ponytown EdDSA level 2 intermediate".to_vec(), - b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown EdDSA CA".to_vec(), - ], + KeyType::Rsa => { + vec![b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA".to_vec()] + } + KeyType::Ecdsa => { + vec![b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown ECDSA CA".to_vec()] + } + KeyType::Ed25519 => { + vec![b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown EdDSA CA".to_vec()] + } }; for version in rustls::ALL_VERSIONS { @@ -1194,20 +1191,109 @@ fn client_auth_works() { } #[test] -fn client_mandatory_auth_revocation_works() { +fn client_mandatory_auth_client_revocation_works() { for kt in ALL_KEY_TYPES.iter() { // Create a server configuration that includes a CRL that specifies the client certificate // is revoked. - let crls = vec![kt.client_crl()]; - let server_config = Arc::new(make_server_config_with_mandatory_client_auth_crls( - *kt, crls, + let relevant_crls = vec![kt.client_crl()]; + // Only check the EE certificate status. See client_mandatory_auth_intermediate_revocation_works + // for testing revocation status of the whole chain. + let ee_verifier_builder = WebPkiClientVerifier::builder(get_client_root_store(*kt)) + .with_crls(relevant_crls) + .only_check_end_entity_revocation(); + let revoked_server_config = Arc::new(make_server_config_with_client_verifier( + *kt, + ee_verifier_builder, )); + // Create a server configuration that includes a CRL that doesn't cover the client certificate, + // and uses the default behaviour of treating unknown revocation status as an error. + let unrelated_crls = vec![kt.intermediate_crl()]; + let ee_verifier_builder = WebPkiClientVerifier::builder(get_client_root_store(*kt)) + .with_crls(unrelated_crls.clone()) + .only_check_end_entity_revocation(); + let missing_client_crl_server_config = Arc::new(make_server_config_with_client_verifier( + *kt, + ee_verifier_builder, + )); + + // Create a server configuration that includes a CRL that doesn't cover the client certificate, + // but change the builder to allow unknown revocation status. + let ee_verifier_builder = WebPkiClientVerifier::builder(get_client_root_store(*kt)) + .with_crls(unrelated_crls.clone()) + .only_check_end_entity_revocation() + .allow_unknown_revocation_status(); + let allow_missing_client_crl_server_config = Arc::new( + make_server_config_with_client_verifier(*kt, ee_verifier_builder), + ); + for version in rustls::ALL_VERSIONS { - let client_config = make_client_config_with_versions_with_auth(*kt, &[version]); + // Connecting to the server with a CRL that indicates the client certificate is revoked + // should fail with the expected error. + let client_config = + Arc::new(make_client_config_with_versions_with_auth(*kt, &[version])); let (mut client, mut server) = - make_pair_for_arc_configs(&Arc::new(client_config), &server_config); - // Because the client certificate is revoked, the handshake should fail. + make_pair_for_arc_configs(&client_config, &revoked_server_config); + let err = do_handshake_until_error(&mut client, &mut server); + assert_eq!( + err, + Err(ErrorFromPeer::Server(Error::InvalidCertificate( + CertificateError::Revoked + ))) + ); + // Connecting to the server missing CRL information for the client certificate should + // fail with the expected unknown revocation status error. + let (mut client, mut server) = + make_pair_for_arc_configs(&client_config, &missing_client_crl_server_config); + let res = do_handshake_until_error(&mut client, &mut server); + assert!(matches!( + res, + Err(ErrorFromPeer::Server(Error::InvalidCertificate( + CertificateError::UnknownRevocationStatus + ))) + )); + // Connecting to the server missing CRL information for the client should not error + // if the server's verifier allows unknown revocation status. + let (mut client, mut server) = + make_pair_for_arc_configs(&client_config, &allow_missing_client_crl_server_config); + let res = do_handshake_until_error(&mut client, &mut server); + assert!(res.is_ok()); + } + } +} + +#[test] +fn client_mandatory_auth_intermediate_revocation_works() { + for kt in ALL_KEY_TYPES.iter() { + // Create a server configuration that includes a CRL that specifies the intermediate certificate + // is revoked. We check the full chain for revocation status (default), and allow unknown + // revocation status so the EE's unknown revocation status isn't an error. + let crls = vec![kt.intermediate_crl()]; + let full_chain_verifier_builder = WebPkiClientVerifier::builder(get_client_root_store(*kt)) + .with_crls(crls.clone()) + .allow_unknown_revocation_status(); + let full_chain_server_config = Arc::new(make_server_config_with_client_verifier( + *kt, + full_chain_verifier_builder, + )); + + // Also create a server configuration that uses the same CRL, but that only checks the EE + // cert revocation status. + let ee_only_verifier_builder = WebPkiClientVerifier::builder(get_client_root_store(*kt)) + .with_crls(crls) + .only_check_end_entity_revocation() + .allow_unknown_revocation_status(); + let ee_server_config = Arc::new(make_server_config_with_client_verifier( + *kt, + ee_only_verifier_builder, + )); + + for version in rustls::ALL_VERSIONS { + // When checking the full chain, we expect an error - the intermediate is revoked. + let client_config = + Arc::new(make_client_config_with_versions_with_auth(*kt, &[version])); + let (mut client, mut server) = + make_pair_for_arc_configs(&client_config, &full_chain_server_config); let err = do_handshake_until_error(&mut client, &mut server); assert_eq!( err, @@ -1215,12 +1301,17 @@ fn client_mandatory_auth_revocation_works() { CertificateError::Revoked ))) ); + // However, when checking just the EE cert we expect no error - the intermediate's + // revocation status should not be checked. + let (mut client, mut server) = + make_pair_for_arc_configs(&client_config, &ee_server_config); + assert!(do_handshake_until_error(&mut client, &mut server).is_ok()); } } } #[test] -fn client_optional_auth_revocation_works() { +fn client_optional_auth_client_revocation_works() { for kt in ALL_KEY_TYPES.iter() { // Create a server configuration that includes a CRL that specifies the client certificate // is revoked. diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 91ceb7f8c3..292bb10528 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -6,10 +6,11 @@ use std::ops::{Deref, DerefMut}; use std::sync::Arc; use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; +use webpki::extract_trust_anchor; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage}; -use rustls::server::WebPkiClientVerifier; +use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier}; use rustls::Connection; use rustls::Error; use rustls::RootCertStore; @@ -48,6 +49,7 @@ embed_files! { (ECDSA_CLIENT_KEY, "ecdsa", "client.key"); (ECDSA_CLIENT_REQ, "ecdsa", "client.req"); (ECDSA_CLIENT_CRL_PEM, "ecdsa", "client.revoked.crl.pem"); + (ECDSA_INTERMEDIATE_CRL_PEM, "ecdsa", "inter.revoked.crl.pem"); (ECDSA_END_CERT, "ecdsa", "end.cert"); (ECDSA_END_CHAIN, "ecdsa", "end.chain"); (ECDSA_END_FULLCHAIN, "ecdsa", "end.fullchain"); @@ -68,6 +70,7 @@ embed_files! { (EDDSA_CLIENT_KEY, "eddsa", "client.key"); (EDDSA_CLIENT_REQ, "eddsa", "client.req"); (EDDSA_CLIENT_CRL_PEM, "eddsa", "client.revoked.crl.pem"); + (EDDSA_INTERMEDIATE_CRL_PEM, "eddsa", "inter.revoked.crl.pem"); (EDDSA_END_CERT, "eddsa", "end.cert"); (EDDSA_END_CHAIN, "eddsa", "end.chain"); (EDDSA_END_FULLCHAIN, "eddsa", "end.fullchain"); @@ -87,6 +90,7 @@ embed_files! { (RSA_CLIENT_REQ, "rsa", "client.req"); (RSA_CLIENT_RSA, "rsa", "client.rsa"); (RSA_CLIENT_CRL_PEM, "rsa", "client.revoked.crl.pem"); + (RSA_INTERMEDIATE_CRL_PEM, "rsa", "inter.revoked.crl.pem"); (RSA_END_CERT, "rsa", "end.cert"); (RSA_END_CHAIN, "rsa", "end.chain"); (RSA_END_FULLCHAIN, "rsa", "end.fullchain"); @@ -221,12 +225,11 @@ impl KeyType { } pub fn client_crl(&self) -> CertificateRevocationListDer<'static> { - rustls_pemfile::crls(&mut io::BufReader::new( - self.bytes_for("client.revoked.crl.pem"), - )) - .map(|result| result.unwrap()) - .next() // We only expect one CRL. - .unwrap() + self.get_crl("client") + } + + pub fn intermediate_crl(&self) -> CertificateRevocationListDer<'static> { + self.get_crl("inter") } fn get_client_key(&self) -> PrivateKeyDer<'static> { @@ -239,6 +242,15 @@ impl KeyType { .unwrap(), ) } + + fn get_crl(&self, role: &str) -> CertificateRevocationListDer<'static> { + rustls_pemfile::crls(&mut io::BufReader::new( + self.bytes_for(&format!("{role}.revoked.crl.pem")), + )) + .map(|result| result.unwrap()) + .next() // We only expect one CRL. + .unwrap() + } } pub fn finish_server_config( @@ -283,53 +295,55 @@ pub fn make_server_config_with_kx_groups( } pub fn get_client_root_store(kt: KeyType) -> Arc { - let mut roots = kt.get_chain(); - // drop server cert - roots.drain(0..1); - let mut client_auth_roots = RootCertStore::empty(); - for root in roots { - client_auth_roots.add(root).unwrap(); + // The key type's chain file contains the DER encoding of the EE cert, the intermediate cert, + // and the root trust anchor. We want only the trust anchor to build the root cert store. + let chain = kt.get_chain(); + let trust_anchor = chain.last().unwrap(); + RootCertStore { + roots: vec![extract_trust_anchor(trust_anchor) + .unwrap() + .to_owned()], } - client_auth_roots.into() + .into() } pub fn make_server_config_with_mandatory_client_auth_crls( kt: KeyType, crls: Vec>, ) -> ServerConfig { - let client_auth_roots = get_client_root_store(kt); - - let client_auth = WebPkiClientVerifier::builder(client_auth_roots) - .with_crls(crls) - .build() - .unwrap(); - - ServerConfig::builder() - .with_safe_defaults() - .with_client_cert_verifier(client_auth) - .with_single_cert(kt.get_chain(), kt.get_key()) - .unwrap() + make_server_config_with_client_verifier( + kt, + WebPkiClientVerifier::builder(get_client_root_store(kt)).with_crls(crls), + ) } pub fn make_server_config_with_mandatory_client_auth(kt: KeyType) -> ServerConfig { - make_server_config_with_mandatory_client_auth_crls(kt, Vec::new()) + make_server_config_with_client_verifier( + kt, + WebPkiClientVerifier::builder(get_client_root_store(kt)), + ) } pub fn make_server_config_with_optional_client_auth( kt: KeyType, crls: Vec>, ) -> ServerConfig { - let client_auth_roots = get_client_root_store(kt); - - let client_auth = WebPkiClientVerifier::builder(client_auth_roots) - .with_crls(crls) - .allow_unauthenticated() - .build() - .unwrap(); + make_server_config_with_client_verifier( + kt, + WebPkiClientVerifier::builder(get_client_root_store(kt)) + .with_crls(crls) + .allow_unknown_revocation_status() + .allow_unauthenticated(), + ) +} +pub fn make_server_config_with_client_verifier( + kt: KeyType, + verifier_builder: ClientCertVerifierBuilder, +) -> ServerConfig { ServerConfig::builder() .with_safe_defaults() - .with_client_cert_verifier(client_auth) + .with_client_cert_verifier(verifier_builder.build().unwrap()) .with_single_cert(kt.get_chain(), kt.get_key()) .unwrap() } From 587a0ec1d35266c745ee415b281c49c6f9572cb1 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 20 Oct 2023 14:02:28 -0400 Subject: [PATCH 0313/1145] tests: coverage for server revocation depth/unknown status This commit adds test coverage for a client connecting to a server with a webpki server certificate verifier configured to do CRL revocation checking. --- rustls/tests/api.rs | 129 ++++++++++++++++++++++++++++++++++++- rustls/tests/common/mod.rs | 22 +++++++ 2 files changed, 150 insertions(+), 1 deletion(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 231481bca3..1daa60eeb2 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -11,7 +11,7 @@ use std::sync::Arc; use std::sync::Mutex; use pki_types::CertificateDer; -use rustls::client::{ResolvesClientCert, Resumption}; +use rustls::client::{ResolvesClientCert, Resumption, WebPkiServerVerifier}; use rustls::crypto::ring::ALL_CIPHER_SUITES; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; @@ -1056,6 +1056,133 @@ fn client_checks_server_certificate_with_given_ip_address() { } } +#[test] +fn client_check_server_certificate_ee_revoked() { + for kt in ALL_KEY_TYPES.iter() { + let server_config = Arc::new(make_server_config(*kt)); + + // Setup a server verifier that will check the EE certificate's revocation status. + let crls = vec![kt.end_entity_crl()]; + let builder = WebPkiServerVerifier::builder(get_client_root_store(*kt)) + .with_crls(crls) + .only_check_end_entity_revocation(); + + for version in rustls::ALL_VERSIONS { + let client_config = make_client_config_with_verifier(&[version], builder.clone()); + let mut client = + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); + let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); + + // We expect the handshake to fail since the server's EE certificate is revoked. + let err = do_handshake_until_error(&mut client, &mut server); + assert_eq!( + err, + Err(ErrorFromPeer::Client(Error::InvalidCertificate( + CertificateError::Revoked + ))) + ); + } + } +} + +#[test] +fn client_check_server_certificate_ee_unknown_revocation() { + for kt in ALL_KEY_TYPES.iter() { + let server_config = Arc::new(make_server_config(*kt)); + + // Setup a server verifier builder that will check the EE certificate's revocation status, but not + // allow unknown revocation status (the default). We'll provide CRLs that are not relevant + // to the EE cert to ensure its status is unknown. + let unrelated_crls = vec![kt.intermediate_crl()]; + let forbid_unknown_verifier = WebPkiServerVerifier::builder(get_client_root_store(*kt)) + .with_crls(unrelated_crls.clone()) + .only_check_end_entity_revocation(); + + // Also set up a verifier builder that will allow unknown revocation status. + let allow_unknown_verifier = WebPkiServerVerifier::builder(get_client_root_store(*kt)) + .with_crls(unrelated_crls) + .only_check_end_entity_revocation() + .allow_unknown_revocation_status(); + + for version in rustls::ALL_VERSIONS { + let client_config = + make_client_config_with_verifier(&[version], forbid_unknown_verifier.clone()); + let mut client = + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); + let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); + + // We expect if we use the forbid_unknown_verifier that the handshake will fail since the + // server's EE certificate's revocation status is unknown given the CRLs we've provided. + let err = do_handshake_until_error(&mut client, &mut server); + assert!(matches!( + err, + Err(ErrorFromPeer::Client(Error::InvalidCertificate( + CertificateError::UnknownRevocationStatus + ))) + )); + + // We expect if we use the allow_unknown_verifier that the handshake will not fail. + let client_config = + make_client_config_with_verifier(&[version], allow_unknown_verifier.clone()); + let mut client = + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); + let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); + let res = do_handshake_until_error(&mut client, &mut server); + assert!(res.is_ok()); + } + } +} + +#[test] +fn client_check_server_certificate_intermediate_revoked() { + for kt in ALL_KEY_TYPES.iter() { + let server_config = Arc::new(make_server_config(*kt)); + + // Setup a server verifier builder that will check the full chain revocation status against a CRL + // that marks the intermediate certificate as revoked. We allow unknown revocation status + // so the EE cert's unknown status doesn't cause an error. + let crls = vec![kt.intermediate_crl()]; + let full_chain_verifier_builder = WebPkiServerVerifier::builder(get_client_root_store(*kt)) + .with_crls(crls.clone()) + .allow_unknown_revocation_status(); + + // Also set up a verifier builder that will use the same CRL, but only check the EE certificate + // revocation status. + let ee_verifier_builder = WebPkiServerVerifier::builder(get_client_root_store(*kt)) + .with_crls(crls.clone()) + .only_check_end_entity_revocation() + .allow_unknown_revocation_status(); + + for version in rustls::ALL_VERSIONS { + let client_config = + make_client_config_with_verifier(&[version], full_chain_verifier_builder.clone()); + let mut client = + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); + let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); + + // We expect the handshake to fail when using the full chain verifier since the intermediate's + // EE certificate is revoked. + let err = do_handshake_until_error(&mut client, &mut server); + assert_eq!( + err, + Err(ErrorFromPeer::Client(Error::InvalidCertificate( + CertificateError::Revoked + ))) + ); + + let client_config = + make_client_config_with_verifier(&[version], ee_verifier_builder.clone()); + let mut client = + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); + let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); + // We expect the handshake to succeed when we use the verifier that only checks the EE certificate + // revocation status. The revoked intermediate status should not be checked. + let res = do_handshake_until_error(&mut client, &mut server); + assert!(res.is_ok()) + } + } +} + struct ClientCheckCertResolve { query_count: AtomicUsize, expect_queries: usize, diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 292bb10528..9e93e1b902 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -8,6 +8,7 @@ use std::sync::Arc; use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use webpki::extract_trust_anchor; +use rustls::client::ServerCertVerifierBuilder; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage}; use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier}; @@ -48,6 +49,7 @@ embed_files! { (ECDSA_CLIENT_FULLCHAIN, "ecdsa", "client.fullchain"); (ECDSA_CLIENT_KEY, "ecdsa", "client.key"); (ECDSA_CLIENT_REQ, "ecdsa", "client.req"); + (ECDSA_END_CRL_PEM, "ecdsa", "end.revoked.crl.pem"); (ECDSA_CLIENT_CRL_PEM, "ecdsa", "client.revoked.crl.pem"); (ECDSA_INTERMEDIATE_CRL_PEM, "ecdsa", "inter.revoked.crl.pem"); (ECDSA_END_CERT, "ecdsa", "end.cert"); @@ -69,6 +71,7 @@ embed_files! { (EDDSA_CLIENT_FULLCHAIN, "eddsa", "client.fullchain"); (EDDSA_CLIENT_KEY, "eddsa", "client.key"); (EDDSA_CLIENT_REQ, "eddsa", "client.req"); + (EDDSA_END_CRL_PEM, "eddsa", "end.revoked.crl.pem"); (EDDSA_CLIENT_CRL_PEM, "eddsa", "client.revoked.crl.pem"); (EDDSA_INTERMEDIATE_CRL_PEM, "eddsa", "inter.revoked.crl.pem"); (EDDSA_END_CERT, "eddsa", "end.cert"); @@ -89,6 +92,7 @@ embed_files! { (RSA_CLIENT_KEY, "rsa", "client.key"); (RSA_CLIENT_REQ, "rsa", "client.req"); (RSA_CLIENT_RSA, "rsa", "client.rsa"); + (RSA_END_CRL_PEM, "rsa", "end.revoked.crl.pem"); (RSA_CLIENT_CRL_PEM, "rsa", "client.revoked.crl.pem"); (RSA_INTERMEDIATE_CRL_PEM, "rsa", "inter.revoked.crl.pem"); (RSA_END_CERT, "rsa", "end.cert"); @@ -224,6 +228,10 @@ impl KeyType { .collect() } + pub fn end_entity_crl(&self) -> CertificateRevocationListDer<'static> { + self.get_crl("end") + } + pub fn client_crl(&self) -> CertificateRevocationListDer<'static> { self.get_crl("client") } @@ -424,6 +432,20 @@ pub fn make_client_config_with_versions_with_auth( finish_client_config_with_creds(kt, builder) } +pub fn make_client_config_with_verifier( + versions: &[&'static rustls::SupportedProtocolVersion], + verifier_builder: ServerCertVerifierBuilder, +) -> ClientConfig { + ClientConfig::builder() + .with_safe_default_cipher_suites() + .with_safe_default_kx_groups() + .with_protocol_versions(versions) + .unwrap() + .dangerous() + .with_custom_certificate_verifier(verifier_builder.build().unwrap()) + .with_no_client_auth() +} + pub fn make_pair(kt: KeyType) -> (ClientConnection, ServerConnection) { make_pair_for_configs(make_client_config(kt), make_server_config(kt)) } From 216b5610348b357af870d1dbe01f1f2bb16f4c8e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 23 Oct 2023 15:03:48 -0400 Subject: [PATCH 0314/1145] error: use UnknownCA alert for Error:UnknownRevocationStatus This matches OpenSSL, BoringSSL and AWS-LC. Since the existing functionality was heavily referencing these projects it seems sensible to do the same here. --- rustls/src/error.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/rustls/src/error.rs b/rustls/src/error.rs index edb8f47ff9..595c46040f 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -361,16 +361,15 @@ impl From for AlertDescription { fn from(e: CertificateError) -> Self { use CertificateError::*; match e { - BadEncoding - | UnhandledCriticalExtension - | NotValidForName - | UnknownRevocationStatus => Self::BadCertificate, + BadEncoding | UnhandledCriticalExtension | NotValidForName => Self::BadCertificate, // RFC 5246/RFC 8446 // certificate_expired // A certificate has expired or **is not currently valid**. Expired | NotValidYet => Self::CertificateExpired, Revoked => Self::CertificateRevoked, - UnknownIssuer => Self::UnknownCA, + // OpenSSL, BoringSSL and AWS-LC all generate an Unknown CA alert for + // the case where revocation status can not be determined, so we do the same here. + UnknownIssuer | UnknownRevocationStatus => Self::UnknownCA, BadSignature => Self::DecryptError, InvalidPurpose => Self::UnsupportedCertificate, ApplicationVerificationFailure => Self::AccessDenied, From 60420c53aa9fef1455ea8fb2d54193bc4488e0b1 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 24 Oct 2023 10:48:05 -0400 Subject: [PATCH 0315/1145] tests: add verify_server_cert_signed_by_trust_anchor helper test --- rustls/tests/api.rs | 44 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 1daa60eeb2..6a5f7b06c0 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -10,15 +10,17 @@ use std::sync::atomic::{AtomicUsize, Ordering}; use std::sync::Arc; use std::sync::Mutex; -use pki_types::CertificateDer; -use rustls::client::{ResolvesClientCert, Resumption, WebPkiServerVerifier}; +use pki_types::{CertificateDer, UnixTime}; +use rustls::client::{ + verify_server_cert_signed_by_trust_anchor, ResolvesClientCert, Resumption, WebPkiServerVerifier, +}; use rustls::crypto::ring::ALL_CIPHER_SUITES; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; use rustls::internal::msgs::message::{Message, MessagePayload, PlainMessage}; -use rustls::server::{ClientHello, ResolvesServerCert, WebPkiClientVerifier}; +use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert, WebPkiClientVerifier}; use rustls::ConnectionTrafficSecrets; use rustls::SupportedCipherSuite; use rustls::{ @@ -1183,6 +1185,42 @@ fn client_check_server_certificate_intermediate_revoked() { } } +/// Simple smoke-test of the webpki verify_server_cert_signed_by_trust_anchor helper API. +/// This public API is intended to be used by consumers implementing their own verifier and +/// so isn't used by the other existing verifier tests. +#[test] +fn client_check_server_certificate_helper_api() { + for kt in ALL_KEY_TYPES.iter() { + let chain = kt.get_chain(); + let correct_roots = get_client_root_store(*kt); + let incorrect_roots = get_client_root_store(match kt { + KeyType::Rsa => KeyType::Ecdsa, + _ => KeyType::Rsa, + }); + // Using the correct trust anchors, we should verify without error. + assert!(verify_server_cert_signed_by_trust_anchor( + &ParsedCertificate::try_from(chain.first().unwrap()).unwrap(), + &correct_roots, + &[chain.get(1).unwrap().clone()], + UnixTime::now(), + webpki::ALL_VERIFICATION_ALGS, + ) + .is_ok()); + // Using the wrong trust anchors, we should get the expected error. + assert_eq!( + verify_server_cert_signed_by_trust_anchor( + &ParsedCertificate::try_from(chain.first().unwrap()).unwrap(), + &incorrect_roots, + &[chain.get(1).unwrap().clone()], + UnixTime::now(), + webpki::ALL_VERIFICATION_ALGS, + ) + .unwrap_err(), + Error::InvalidCertificate(CertificateError::UnknownIssuer) + ); + } +} + struct ClientCheckCertResolve { query_count: AtomicUsize, expect_queries: usize, From 65ad987c267a08c5c5dbd0a3ca16a5b8d48c7f38 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 23 Oct 2023 11:28:09 +0100 Subject: [PATCH 0316/1145] Move tls12::prf to crypto::tls12 --- rustls/src/crypto/mod.rs | 3 +++ rustls/src/{tls12/prf.rs => crypto/tls12.rs} | 4 +--- rustls/src/tls12/mod.rs | 11 +++++------ 3 files changed, 9 insertions(+), 9 deletions(-) rename rustls/src/{tls12/prf.rs => crypto/tls12.rs} (95%) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index cf67cd1ec1..169fb08747 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -23,6 +23,9 @@ pub mod hmac; /// Message signing interfaces. pub mod signer; +/// Cryptography specific to TLS1.2. +pub mod tls12; + pub use crate::rand::GetRandomFailed; pub use crate::msgs::handshake::KeyExchangeAlgorithm; diff --git a/rustls/src/tls12/prf.rs b/rustls/src/crypto/tls12.rs similarity index 95% rename from rustls/src/tls12/prf.rs rename to rustls/src/crypto/tls12.rs index 08c3fef488..930642c349 100644 --- a/rustls/src/tls12/prf.rs +++ b/rustls/src/crypto/tls12.rs @@ -1,6 +1,4 @@ -use crate::crypto; - -pub(crate) fn prf(out: &mut [u8], hmac_key: &dyn crypto::hmac::Key, label: &[u8], seed: &[u8]) { +pub(crate) fn prf(out: &mut [u8], hmac_key: &dyn super::hmac::Key, label: &[u8], seed: &[u8]) { // A(1) let mut current_a = hmac_key.sign(&[label, seed]); diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 9592164bec..210d90c2ce 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -3,6 +3,7 @@ use crate::conn::ConnectionRandoms; use crate::crypto; use crate::crypto::cipher::{AeadKey, MessageDecrypter, MessageEncrypter, Tls12AeadAlgorithm}; use crate::crypto::hash; +use crate::crypto::tls12::prf; use crate::enums::{AlertDescription, SignatureScheme}; use crate::error::{Error, InvalidMessage}; use crate::msgs::codec::{Codec, Reader}; @@ -16,8 +17,6 @@ use core::fmt; use zeroize::Zeroize; -mod prf; - /// A TLS 1.2 cipher suite supported by rustls. pub struct Tls12CipherSuite { /// Common cipher suite fields. @@ -100,7 +99,7 @@ impl ConnectionSecrets { }; let shared_secret = kx.complete(peer_pub_key)?; - prf::prf( + prf( &mut ret.master_secret, &*ret .suite @@ -176,7 +175,7 @@ impl ConnectionSecrets { // NOTE: opposite order to above for no good reason. // Don't design security protocols on drugs, kids. let randoms = join_randoms(&self.randoms.server, &self.randoms.client); - prf::prf( + prf( &mut out, &*self .suite @@ -200,7 +199,7 @@ impl ConnectionSecrets { fn make_verify_data(&self, handshake_hash: &hash::Output, label: &[u8]) -> Vec { let mut out = vec![0u8; 12]; - prf::prf( + prf( &mut out, &*self .suite @@ -235,7 +234,7 @@ impl ConnectionSecrets { randoms.extend_from_slice(context); } - prf::prf( + prf( output, &*self .suite From d5923030d6c5d9c31c7a899db1d7b6e96c20dc09 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 23 Oct 2023 11:38:00 +0100 Subject: [PATCH 0317/1145] Put TLS1.2 PRF implementation behind a trait This replaces the HMAC trait in Tls12CipherSuite (there were no other uses of HMAC). Provide an implementation of the new PRF trait in terms of HMAC, for convenience of providers that have a HMAC (common) but not a separate TLS1.2 PRF (relatively uncommon). The *ring* and `provider-example/` providers use this. --- provider-example/src/lib.rs | 2 +- rustls/src/crypto/ring/tls12.rs | 13 ++++--- rustls/src/crypto/tls12.rs | 65 ++++++++++++++++++++++++++++++++- rustls/src/tls12/mod.rs | 51 ++++++++++---------------- 4 files changed, 91 insertions(+), 40 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index cadc6b01d4..169d424286 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -54,7 +54,7 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherS rustls::SignatureScheme::RSA_PSS_SHA256, rustls::SignatureScheme::RSA_PKCS1_SHA256, ], - hmac_provider: &hmac::Sha256Hmac, + prf_provider: &rustls::crypto::tls12::PrfUsingHmac(&hmac::Sha256Hmac), aead_alg: &aead::Chacha20Poly1305, }); diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 9af0a7d2ae..c18bce7306 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -2,6 +2,7 @@ use crate::crypto::cipher::{ make_tls12_aad, AeadKey, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, }; +use crate::crypto::tls12::PrfUsingHmac; use crate::crypto::KeyExchangeAlgorithm; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; @@ -25,7 +26,7 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, aead_alg: &ChaCha20Poly1305, - hmac_provider: &super::hmac::HMAC_SHA256, + prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256), }); /// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 @@ -38,7 +39,7 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, aead_alg: &ChaCha20Poly1305, - hmac_provider: &super::hmac::HMAC_SHA256, + prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256), }); /// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 @@ -51,7 +52,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, aead_alg: &AES128_GCM, - hmac_provider: &super::hmac::HMAC_SHA256, + prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256), }); /// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 @@ -64,7 +65,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, aead_alg: &AES256_GCM, - hmac_provider: &super::hmac::HMAC_SHA384, + prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA384), }); /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 @@ -77,7 +78,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, aead_alg: &AES128_GCM, - hmac_provider: &super::hmac::HMAC_SHA256, + prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256), }); /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 @@ -90,7 +91,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, aead_alg: &AES256_GCM, - hmac_provider: &super::hmac::HMAC_SHA384, + prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA384), }); static TLS12_ECDSA_SCHEMES: &[SignatureScheme] = &[ diff --git a/rustls/src/crypto/tls12.rs b/rustls/src/crypto/tls12.rs index 930642c349..e74b0863b4 100644 --- a/rustls/src/crypto/tls12.rs +++ b/rustls/src/crypto/tls12.rs @@ -1,4 +1,67 @@ -pub(crate) fn prf(out: &mut [u8], hmac_key: &dyn super::hmac::Key, label: &[u8], seed: &[u8]) { +use super::hmac; +use super::ActiveKeyExchange; +use crate::error::Error; + +use alloc::boxed::Box; + +/// Implements [`Prf`] using a [`hmac::Hmac`]. +pub struct PrfUsingHmac<'a>(pub &'a dyn hmac::Hmac); + +impl<'a> Prf for PrfUsingHmac<'a> { + fn for_key_exchange( + &self, + output: &mut [u8], + kx: Box, + peer_pub_key: &[u8], + label: &[u8], + seed: &[u8], + ) -> Result<(), Error> { + prf( + output, + self.0 + .with_key( + kx.complete(peer_pub_key)? + .secret_bytes(), + ) + .as_ref(), + label, + seed, + ); + Ok(()) + } + + fn for_secret(&self, output: &mut [u8], secret: &[u8], label: &[u8], seed: &[u8]) { + prf(output, self.0.with_key(secret).as_ref(), label, seed); + } +} + +/// An instantiation of the TLS1.2 PRF with a specific, implicit hash function. +/// +/// See the definition in [RFC5246 section 5](https://www.rfc-editor.org/rfc/rfc5246#section-5). +/// +/// See [`PrfUsingHmac`] as a route to implementing this trait with just +/// an implementation of [`hmac::Hmac`]. +pub trait Prf: Send + Sync { + /// Computes `PRF(secret, label, seed)` using the secret from a completed key exchange. + /// + /// Completes the given key exchange, and then uses the resulting shared secret + /// to compute the PRF, writing the result into `output`. + /// + /// This can fail only if the key exchange fails. + fn for_key_exchange( + &self, + output: &mut [u8], + kx: Box, + peer_pub_key: &[u8], + label: &[u8], + seed: &[u8], + ) -> Result<(), Error>; + + /// Computes `PRF(secret, label, seed)`, writing the result into `output`. + fn for_secret(&self, output: &mut [u8], secret: &[u8], label: &[u8], seed: &[u8]); +} + +pub(crate) fn prf(out: &mut [u8], hmac_key: &dyn hmac::Key, label: &[u8], seed: &[u8]) { // A(1) let mut current_a = hmac_key.sign(&[label, seed]); diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 210d90c2ce..b2749e305a 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -3,7 +3,6 @@ use crate::conn::ConnectionRandoms; use crate::crypto; use crate::crypto::cipher::{AeadKey, MessageDecrypter, MessageEncrypter, Tls12AeadAlgorithm}; use crate::crypto::hash; -use crate::crypto::tls12::prf; use crate::enums::{AlertDescription, SignatureScheme}; use crate::error::{Error, InvalidMessage}; use crate::msgs::codec::{Codec, Reader}; @@ -22,8 +21,8 @@ pub struct Tls12CipherSuite { /// Common cipher suite fields. pub common: CipherSuiteCommon, - /// How to compute HMAC for the suite's hash function. - pub hmac_provider: &'static dyn crypto::hmac::Hmac, + /// How to compute the TLS1.2 PRF for the suite's hash function. + pub prf_provider: &'static dyn crypto::tls12::Prf, /// How to exchange/agree keys. pub kx: KeyExchangeAlgorithm, @@ -98,16 +97,15 @@ impl ConnectionSecrets { ), }; - let shared_secret = kx.complete(peer_pub_key)?; - prf( - &mut ret.master_secret, - &*ret - .suite - .hmac_provider - .with_key(shared_secret.secret_bytes()), - label.as_bytes(), - seed.as_ref(), - ); + ret.suite + .prf_provider + .for_key_exchange( + &mut ret.master_secret, + kx, + peer_pub_key, + label.as_bytes(), + seed.as_ref(), + )?; Ok(ret) } @@ -175,12 +173,9 @@ impl ConnectionSecrets { // NOTE: opposite order to above for no good reason. // Don't design security protocols on drugs, kids. let randoms = join_randoms(&self.randoms.server, &self.randoms.client); - prf( + self.suite.prf_provider.for_secret( &mut out, - &*self - .suite - .hmac_provider - .with_key(&self.master_secret), + &self.master_secret, b"key expansion", &randoms, ); @@ -199,15 +194,13 @@ impl ConnectionSecrets { fn make_verify_data(&self, handshake_hash: &hash::Output, label: &[u8]) -> Vec { let mut out = vec![0u8; 12]; - prf( + self.suite.prf_provider.for_secret( &mut out, - &*self - .suite - .hmac_provider - .with_key(&self.master_secret), + &self.master_secret, label, handshake_hash.as_ref(), ); + out } @@ -234,15 +227,9 @@ impl ConnectionSecrets { randoms.extend_from_slice(context); } - prf( - output, - &*self - .suite - .hmac_provider - .with_key(&self.master_secret), - label, - &randoms, - ); + self.suite + .prf_provider + .for_secret(output, &self.master_secret, label, &randoms); } pub(crate) fn extract_secrets(&self, side: Side) -> Result { From 6d60dff161b03f067681e80c680189c6a4749886 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 3 Oct 2023 11:27:34 +0100 Subject: [PATCH 0318/1145] Add test for TLS1.2 PRF using HMAC-SHA384 Test data from https://mailarchive.ietf.org/arch/msg/tls/fzVCzk-z3FShgGJ6DOXqM1ydxms/ --- rustls/src/crypto/tls12.rs | 20 ++++++++++++++++++++ rustls/src/testdata/prf-result.3.bin | Bin 0 -> 148 bytes 2 files changed, 20 insertions(+) create mode 100644 rustls/src/testdata/prf-result.3.bin diff --git a/rustls/src/crypto/tls12.rs b/rustls/src/crypto/tls12.rs index e74b0863b4..2e8538d7f2 100644 --- a/rustls/src/crypto/tls12.rs +++ b/rustls/src/crypto/tls12.rs @@ -81,6 +81,8 @@ mod tests { use crate::crypto::hmac::Hmac; use crate::crypto::ring; + // Below known answer tests come from https://mailarchive.ietf.org/arch/msg/tls/fzVCzk-z3FShgGJ6DOXqM1ydxms/ + #[test] fn check_sha256() { let secret = b"\x9b\xbe\x43\x6b\xa9\x40\xf0\x17\xb1\x76\x52\x84\x9a\x71\xdb\x35"; @@ -116,6 +118,24 @@ mod tests { assert_eq!(expect.len(), output.len()); assert_eq!(expect.to_vec(), output.to_vec()); } + + #[test] + fn check_sha384() { + let secret = b"\xb8\x0b\x73\x3d\x6c\xee\xfc\xdc\x71\x56\x6e\xa4\x8e\x55\x67\xdf"; + let seed = b"\xcd\x66\x5c\xf6\xa8\x44\x7d\xd6\xff\x8b\x27\x55\x5e\xdb\x74\x65"; + let label = b"test label"; + let expect = include_bytes!("../testdata/prf-result.3.bin"); + let mut output = [0u8; 148]; + + super::prf( + &mut output, + &*ring::hmac::HMAC_SHA384.with_key(secret), + label, + seed, + ); + assert_eq!(expect.len(), output.len()); + assert_eq!(expect.to_vec(), output.to_vec()); + } } #[cfg(bench)] diff --git a/rustls/src/testdata/prf-result.3.bin b/rustls/src/testdata/prf-result.3.bin new file mode 100644 index 0000000000000000000000000000000000000000..3ad2015262e6b2262bf1911f5e84f517a92f47cd GIT binary patch literal 148 zcmV;F0Biqy3>fLo)DZ0$1oF?LN;7I46yN(v0J~q;lpzP`9D~j2$`7hwzMtbyg0Uk! zkw&29G|NB_?I!?;Po2Ux_zvBR`j!zy$>`UT?5859voFKc7Swa=!o~eczuM4Uk%T3i zTlmdQkopZV;@-r08|FH$n&CTR4|QRsypaj36O9-bLDS} CDNvaJ literal 0 HcmV?d00001 From 636b772c393b57f3e8213708bd737c357b2d98db Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 24 Oct 2023 10:04:43 +0100 Subject: [PATCH 0319/1145] Put HKDF use behind trait Have an impl of this for hmac::Hmac --- provider-example/src/lib.rs | 1 + rustls/src/crypto/mod.rs | 3 + rustls/src/crypto/ring/quic.rs | 32 ++--- rustls/src/crypto/ring/tls13.rs | 4 + rustls/src/crypto/tls13.rs | 225 +++++++++++++++++++++++++++++++ rustls/src/lib.rs | 1 - rustls/src/quic.rs | 59 +++++--- rustls/src/tls13/key_schedule.rs | 195 +++++++++++++++------------ rustls/src/tls13/mod.rs | 3 + 9 files changed, 401 insertions(+), 122 deletions(-) create mode 100644 rustls/src/crypto/tls13.rs diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 169d424286..7380d310a8 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -40,6 +40,7 @@ pub static TLS13_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = hash_provider: &hash::Sha256, }, hmac_provider: &hmac::Sha256Hmac, + hkdf_provider: &rustls::crypto::tls13::HkdfUsingHmac(&hmac::Sha256Hmac), aead_alg: &aead::Chacha20Poly1305, }); diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 169fb08747..cadfd96958 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -26,6 +26,9 @@ pub mod signer; /// Cryptography specific to TLS1.2. pub mod tls12; +/// Cryptography specific to TLS1.3. +pub mod tls13; + pub use crate::rand::GetRandomFailed; pub use crate::msgs::handshake::KeyExchangeAlgorithm; diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 3465708c7a..8384a34039 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -1,6 +1,6 @@ use crate::crypto::cipher::{Iv, Nonce}; +use crate::crypto::tls13; use crate::error::Error; -use crate::hkdf; use crate::quic; use crate::tls13::key_schedule::{hkdf_expand_label, hkdf_expand_label_aead_key}; use crate::tls13::Tls13CipherSuite; @@ -13,7 +13,7 @@ pub(crate) struct HeaderProtectionKey(aead::quic::HeaderProtectionKey); impl HeaderProtectionKey { pub(crate) fn new( - expander: &hkdf::Expander, + expander: &dyn tls13::HkdfExpander, version: quic::Version, alg: &'static aead::quic::Algorithm, ) -> Self { @@ -114,7 +114,7 @@ pub(crate) struct PacketKey { impl PacketKey { pub(crate) fn new( suite: &'static Tls13CipherSuite, - expander: &hkdf::Expander, + expander: &dyn tls13::HkdfExpander, version: quic::Version, aead_algorithm: &'static aead::Algorithm, ) -> Self { @@ -208,7 +208,7 @@ impl crate::quic::Algorithm for KeyBuilder { fn packet_key( &self, suite: &'static Tls13CipherSuite, - expander: &hkdf::Expander, + expander: &dyn tls13::HkdfExpander, version: quic::Version, ) -> Box { Box::new(super::quic::PacketKey::new( @@ -218,7 +218,7 @@ impl crate::quic::Algorithm for KeyBuilder { fn header_protection_key( &self, - expander: &hkdf::Expander, + expander: &dyn tls13::HkdfExpander, version: quic::Version, ) -> Box { Box::new(super::quic::HeaderProtectionKey::new( @@ -231,10 +231,10 @@ impl crate::quic::Algorithm for KeyBuilder { mod tests { use super::*; use crate::common_state::Side; - use crate::crypto::ring; use crate::crypto::ring::tls13::{ TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, }; + use crate::crypto::tls13::OkmBlock; use crate::quic::HeaderProtectionKey; use crate::quic::PacketKey; use crate::quic::*; @@ -247,12 +247,14 @@ mod tests { 0x0f, 0x21, 0x63, 0x2b, ]; - let expander = - hkdf::Expander::from_okm(&hkdf::OkmBlock::from(SECRET), &ring::hmac::HMAC_SHA256); - let hpk = super::HeaderProtectionKey::new(&expander, version, &aead::quic::CHACHA20); + let expander = TLS13_CHACHA20_POLY1305_SHA256_INTERNAL + .hkdf_provider + .expander_for_okm(&OkmBlock::new(SECRET)); + let hpk = + super::HeaderProtectionKey::new(expander.as_ref(), version, &aead::quic::CHACHA20); let packet = super::PacketKey::new( TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, - &expander, + expander.as_ref(), version, &aead::CHACHA20_POLY1305, ); @@ -303,20 +305,20 @@ mod tests { #[test] fn key_update_test_vector() { - fn equal_okm(x: &hkdf::OkmBlock, y: &hkdf::OkmBlock) -> bool { + fn equal_okm(x: &OkmBlock, y: &OkmBlock) -> bool { x.as_ref() == y.as_ref() } let mut secrets = Secrets::new( // Constant dummy values for reproducibility - hkdf::OkmBlock::from( + OkmBlock::new( &[ 0xb8, 0x76, 0x77, 0x08, 0xf8, 0x77, 0x23, 0x58, 0xa6, 0xea, 0x9f, 0xc4, 0x3e, 0x4a, 0xdd, 0x2c, 0x96, 0x1b, 0x3f, 0x52, 0x87, 0xa6, 0xd1, 0x46, 0x7e, 0xe0, 0xae, 0xab, 0x33, 0x72, 0x4d, 0xbf, ][..], ), - hkdf::OkmBlock::from( + OkmBlock::new( &[ 0x42, 0xdc, 0x97, 0x21, 0x40, 0xe0, 0xf2, 0xe3, 0x98, 0x45, 0xb7, 0x67, 0x61, 0x34, 0x39, 0xdc, 0x67, 0x58, 0xca, 0x43, 0x25, 0x9b, 0x87, 0x85, 0x06, 0x82, @@ -331,7 +333,7 @@ mod tests { assert!(equal_okm( &secrets.client, - &hkdf::OkmBlock::from( + &OkmBlock::new( &[ 0x42, 0xca, 0xc8, 0xc9, 0x1c, 0xd5, 0xeb, 0x40, 0x68, 0x2e, 0x43, 0x2e, 0xdf, 0x2d, 0x2b, 0xe9, 0xf4, 0x1a, 0x52, 0xca, 0x6b, 0x22, 0xd8, 0xe6, 0xcd, 0xb1, @@ -341,7 +343,7 @@ mod tests { )); assert!(equal_okm( &secrets.server, - &hkdf::OkmBlock::from( + &OkmBlock::new( &[ 0xeb, 0x7f, 0x5e, 0x2a, 0x12, 0x3f, 0x40, 0x7d, 0xb4, 0x99, 0xe3, 0x61, 0xca, 0xe5, 0x90, 0xd4, 0xd9, 0x92, 0xe1, 0x4b, 0x7a, 0xce, 0x3, 0xc2, 0x44, 0xe0, diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 78b6f9333e..766ba87e7f 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -5,6 +5,7 @@ use crate::crypto::cipher::{ make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, Tls13AeadAlgorithm, UnsupportedOperationError, }; +use crate::crypto::tls13::HkdfUsingHmac; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec::Codec; @@ -24,6 +25,7 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & hash_provider: &super::hash::SHA256, }, hmac_provider: &super::hmac::HMAC_SHA256, + hkdf_provider: &HkdfUsingHmac(&super::hmac::HMAC_SHA256), aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&ring::aead::CHACHA20_POLY1305)), #[cfg(feature = "quic")] confidentiality_limit: u64::MAX, @@ -41,6 +43,7 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = hash_provider: &super::hash::SHA384, }, hmac_provider: &super::hmac::HMAC_SHA384, + hkdf_provider: &HkdfUsingHmac(&super::hmac::HMAC_SHA384), aead_alg: &Aes256GcmAead(AeadAlgorithm(&ring::aead::AES_256_GCM)), #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, @@ -60,6 +63,7 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C hash_provider: &super::hash::SHA256, }, hmac_provider: &super::hmac::HMAC_SHA256, + hkdf_provider: &HkdfUsingHmac(&super::hmac::HMAC_SHA256), aead_alg: &Aes128GcmAead(AeadAlgorithm(&ring::aead::AES_128_GCM)), #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, diff --git a/rustls/src/crypto/tls13.rs b/rustls/src/crypto/tls13.rs new file mode 100644 index 0000000000..4a81669ed7 --- /dev/null +++ b/rustls/src/crypto/tls13.rs @@ -0,0 +1,225 @@ +use super::hmac; +use super::ActiveKeyExchange; +use crate::error::Error; + +use alloc::boxed::Box; +use zeroize::Zeroize; + +/// Implementation of `HkdfExpander` via `hmac::Key`. +pub struct HkdfExpanderUsingHmac(Box); + +impl HkdfExpanderUsingHmac { + fn expand_unchecked(&self, info: &[&[u8]], output: &mut [u8]) { + let mut term = hmac::Tag::new(b""); + + for (n, chunk) in output + .chunks_mut(self.0.tag_len()) + .enumerate() + { + term = self + .0 + .sign_concat(term.as_ref(), info, &[(n + 1) as u8]); + chunk.copy_from_slice(&term.as_ref()[..chunk.len()]); + } + } +} + +impl HkdfExpander for HkdfExpanderUsingHmac { + fn expand_slice(&self, info: &[&[u8]], output: &mut [u8]) -> Result<(), OutputLengthError> { + if output.len() > 255 * self.0.tag_len() { + return Err(OutputLengthError); + } + + self.expand_unchecked(info, output); + Ok(()) + } + + fn expand_block(&self, info: &[&[u8]]) -> OkmBlock { + let mut tag = [0u8; hmac::Tag::MAX_LEN]; + let reduced_tag = &mut tag[..self.0.tag_len()]; + self.expand_unchecked(info, reduced_tag); + OkmBlock::new(reduced_tag) + } + + fn hash_len(&self) -> usize { + self.0.tag_len() + } +} + +/// Implementation of `Hkdf` (and thence `HkdfExpander`) via `hmac::Hmac`. +pub struct HkdfUsingHmac<'a>(pub &'a dyn hmac::Hmac); + +impl<'a> Hkdf for HkdfUsingHmac<'a> { + fn extract_from_zero_ikm(&self, salt: Option<&[u8]>) -> Box { + let zeroes = [0u8; hmac::Tag::MAX_LEN]; + let salt = match salt { + Some(salt) => salt, + None => &zeroes[..self.0.hash_output_len()], + }; + Box::new(HkdfExpanderUsingHmac( + self.0.with_key( + self.0 + .with_key(salt) + .sign(&[&zeroes[..self.0.hash_output_len()]]) + .as_ref(), + ), + )) + } + + fn extract_from_secret(&self, salt: Option<&[u8]>, secret: &[u8]) -> Box { + let zeroes = [0u8; hmac::Tag::MAX_LEN]; + let salt = match salt { + Some(salt) => salt, + None => &zeroes[..self.0.hash_output_len()], + }; + Box::new(HkdfExpanderUsingHmac( + self.0.with_key( + self.0 + .with_key(salt) + .sign(&[secret]) + .as_ref(), + ), + )) + } + + fn expander_for_okm(&self, okm: &OkmBlock) -> Box { + Box::new(HkdfExpanderUsingHmac(self.0.with_key(okm.as_ref()))) + } +} + +/// Implementation of `HKDF-Expand` with an implicitly stored and immutable `PRK`. +pub trait HkdfExpander: Send + Sync { + /// `HKDF-Expand(PRK, info, L)` into a slice. + /// + /// Where: + /// + /// - `PRK` is the implicit key material represented by this instance. + /// - `L` is `output.len()`. + /// - `info` is a slice of byte slices, which should be processed sequentially + /// (or concatenated if that is not possible). + /// + /// Returns `Err(OutputLengthError)` if `L` is larger than `255 * HashLen`. + /// Otherwise, writes to `output`. + fn expand_slice(&self, info: &[&[u8]], output: &mut [u8]) -> Result<(), OutputLengthError>; + + /// `HKDF-Expand(PRK, info, L=HashLen)` returned as a value. + /// + /// - `PRK` is the implicit key material represented by this instance. + /// - `L := HashLen`. + /// - `info` is a slice of byte slices, which should be processed sequentially + /// (or concatenated if that is not possible). + /// + /// This is infallible, because by definition `OkmBlock` is always exactly + /// `HashLen` bytes long. + fn expand_block(&self, info: &[&[u8]]) -> OkmBlock; + + /// Return what `HashLen` is for this instance. + /// + /// This must be no larger than [`OkmBlock::MAX_LEN`]. + fn hash_len(&self) -> usize; +} + +/// A HKDF implementation oriented to the needs of TLS1.3. +/// +/// See [RFC5869](https://datatracker.ietf.org/doc/html/rfc5869) for the terminology +/// used in this definition. +/// +/// You can use [`HkdfUsingHmac`] which implements this trait on top of an implementation +/// of [`hmac::Hmac`]. +pub trait Hkdf: Send + Sync { + /// `HKDF-Extract(salt, 0_HashLen)` + /// + /// `0_HashLen` is a string of `HashLen` zero bytes. + /// + /// A `salt` of `None` should be treated as a sequence of `HashLen` zero bytes. + fn extract_from_zero_ikm(&self, salt: Option<&[u8]>) -> Box; + + /// `HKDF-Extract(salt, secret)` + /// + /// A `salt` of `None` should be treated as a sequence of `HashLen` zero bytes. + fn extract_from_secret(&self, salt: Option<&[u8]>, secret: &[u8]) -> Box; + + /// `HKDF-Extract(salt, shared_secret)` where `shared_secret` is the result of a key exchange. + /// + /// Custom implementations should complete the key exchange by calling + /// `kx.complete(peer_pub_key)` and then using this as the input keying material to + /// `HKDF-Extract`. + /// + /// A `salt` of `None` should be treated as a sequence of `HashLen` zero bytes. + fn extract_from_kx_shared_secret( + &self, + salt: Option<&[u8]>, + kx: Box, + peer_pub_key: &[u8], + ) -> Result, Error> { + Ok(self.extract_from_secret( + salt, + kx.complete(peer_pub_key)? + .secret_bytes(), + )) + } + + /// Build a `HkdfExpander` using `okm` as the secret PRK. + fn expander_for_okm(&self, okm: &OkmBlock) -> Box; +} + +/// `HKDF-Expand(PRK, info, L)` to construct any type from a byte array. +/// +/// - `PRK` is the implicit key material represented by this instance. +/// - `L := N`; N is the size of the byte array. +/// - `info` is a slice of byte slices, which should be processed sequentially +/// (or concatenated if that is not possible). +/// +/// This is infallible, because the set of types (and therefore their length) is known +/// at compile time. +pub fn expand(expander: &dyn HkdfExpander, info: &[&[u8]]) -> T +where + T: From<[u8; N]>, +{ + let mut output = [0u8; N]; + expander + .expand_slice(info, &mut output) + .expect("expand type parameter T is too large"); + T::from(output) +} + +/// Output key material from HKDF, as a value type. +#[derive(Clone)] +pub struct OkmBlock { + buf: [u8; Self::MAX_LEN], + used: usize, +} + +impl OkmBlock { + /// Build a single OKM block by copying a byte slice. + /// + /// The slice can be up to [`OkmBlock::MAX_LEN`] bytes in length. + pub fn new(bytes: &[u8]) -> Self { + let mut tag = Self { + buf: [0u8; Self::MAX_LEN], + used: bytes.len(), + }; + tag.buf[..bytes.len()].copy_from_slice(bytes); + tag + } + + /// Maximum supported HMAC tag size: supports up to SHA512. + pub const MAX_LEN: usize = 64; +} + +impl Drop for OkmBlock { + fn drop(&mut self) { + self.buf.zeroize(); + } +} + +impl AsRef<[u8]> for OkmBlock { + fn as_ref(&self) -> &[u8] { + &self.buf[..self.used] + } +} + +/// An error type used for `HkdfExpander::expand_slice` when +/// the slice exceeds the maximum HKDF output length. +#[derive(Debug)] +pub struct OutputLengthError; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index d71df07867..5e4df95e65 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -340,7 +340,6 @@ pub mod crypto; mod dns_name; mod error; mod hash_hs; -mod hkdf; mod limited_cache; mod rand; mod record_layer; diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 057444faef..8672583ee1 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -2,9 +2,9 @@ use crate::client::{ClientConfig, ClientConnectionData, ServerName}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, SideData}; +use crate::crypto::tls13::{HkdfExpander, OkmBlock}; use crate::enums::{AlertDescription, ProtocolVersion}; use crate::error::Error; -use crate::hkdf; use crate::msgs::handshake::{ClientExtension, ServerExtension}; use crate::server::{ServerConfig, ServerConnectionData}; use crate::tls13::key_schedule::hkdf_expand_label_block; @@ -386,7 +386,7 @@ pub(crate) struct Quic { pub(crate) params: Option>, pub(crate) alert: Option, pub(crate) hs_queue: VecDeque<(bool, Vec)>, - pub(crate) early_secret: Option, + pub(crate) early_secret: Option, pub(crate) hs_secrets: Option, pub(crate) traffic_secrets: Option, /// Whether keys derived from traffic_secrets have been passed to the QUIC implementation @@ -432,9 +432,9 @@ impl Quic { #[derive(Clone)] pub struct Secrets { /// Secret used to encrypt packets transmitted by the client - pub(crate) client: hkdf::OkmBlock, + pub(crate) client: OkmBlock, /// Secret used to encrypt packets transmitted by the server - pub(crate) server: hkdf::OkmBlock, + pub(crate) server: OkmBlock, /// Cipher suite used with these secrets suite: &'static Tls13CipherSuite, side: Side, @@ -443,8 +443,8 @@ pub struct Secrets { impl Secrets { pub(crate) fn new( - client: hkdf::OkmBlock, - server: hkdf::OkmBlock, + client: OkmBlock, + server: OkmBlock, suite: &'static Tls13CipherSuite, side: Side, version: Version, @@ -467,18 +467,24 @@ impl Secrets { pub(crate) fn update(&mut self) { self.client = hkdf_expand_label_block( - &hkdf::Expander::from_okm(&self.client, self.suite.hmac_provider), + self.suite + .hkdf_provider + .expander_for_okm(&self.client) + .as_ref(), self.version.key_update_label(), &[], ); self.server = hkdf_expand_label_block( - &hkdf::Expander::from_okm(&self.server, self.suite.hmac_provider), + self.suite + .hkdf_provider + .expander_for_okm(&self.server) + .as_ref(), self.version.key_update_label(), &[], ); } - fn local_remote(&self) -> (&hkdf::OkmBlock, &hkdf::OkmBlock) { + fn local_remote(&self) -> (&OkmBlock, &OkmBlock) { match self.side { Side::Client => (&self.client, &self.server), Side::Server => (&self.server, &self.client), @@ -497,17 +503,19 @@ pub struct DirectionalKeys { impl DirectionalKeys { pub(crate) fn new( suite: &'static Tls13CipherSuite, - secret: &hkdf::OkmBlock, + secret: &OkmBlock, version: Version, ) -> Self { - let expander = hkdf::Expander::from_okm(secret, suite.hmac_provider); + let expander = suite + .hkdf_provider + .expander_for_okm(secret); Self { header: suite .quic - .header_protection_key(&expander, version), + .header_protection_key(expander.as_ref(), version), packet: suite .quic - .packet_key(suite, &expander, version), + .packet_key(suite, expander.as_ref(), version), } } } @@ -537,13 +545,13 @@ pub(crate) trait Algorithm: Send + Sync { fn packet_key( &self, suite: &'static Tls13CipherSuite, - secret: &hkdf::Expander, + secret: &dyn HkdfExpander, version: Version, ) -> Box; fn header_protection_key( &self, - secret: &hkdf::Expander, + secret: &dyn HkdfExpander, version: Version, ) -> Box; } @@ -667,12 +675,20 @@ impl PacketKeySet { Self { local: secrets.suite.quic.packet_key( secrets.suite, - &hkdf::Expander::from_okm(local, secrets.suite.hmac_provider), + secrets + .suite + .hkdf_provider + .expander_for_okm(local) + .as_ref(), secrets.version, ), remote: secrets.suite.quic.packet_key( secrets.suite, - &hkdf::Expander::from_okm(remote, secrets.suite.hmac_provider), + secrets + .suite + .hkdf_provider + .expander_for_okm(remote) + .as_ref(), secrets.version, ), } @@ -698,13 +714,14 @@ impl Keys { const CLIENT_LABEL: &[u8] = b"client in"; const SERVER_LABEL: &[u8] = b"server in"; let salt = version.initial_salt(); - let hs_secret = - hkdf::Extractor::new(suite.hmac_provider, salt).extract(client_dst_connection_id); + let hs_secret = suite + .hkdf_provider + .extract_from_secret(Some(salt), client_dst_connection_id); let secrets = Secrets { version, - client: hkdf_expand_label_block(&hs_secret, CLIENT_LABEL, &[]), - server: hkdf_expand_label_block(&hs_secret, SERVER_LABEL, &[]), + client: hkdf_expand_label_block(hs_secret.as_ref(), CLIENT_LABEL, &[]), + server: hkdf_expand_label_block(hs_secret.as_ref(), SERVER_LABEL, &[]), suite, side, }; diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 6751c5fec2..273f068b8e 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -1,8 +1,8 @@ use crate::common_state::{CommonState, Side}; use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter}; +use crate::crypto::tls13::{expand, Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::crypto::{hash, hmac, SharedSecret}; use crate::error::Error; -use crate::hkdf; #[cfg(feature = "quic")] use crate::quic; use crate::suites::PartiallyExtractedSecrets; @@ -63,7 +63,7 @@ impl SecretKind { /// the type of hash. This isn't used directly; but only through the /// typestates. struct KeySchedule { - current: hkdf::Expander, + current: Box, suite: &'static Tls13CipherSuite, } @@ -250,8 +250,8 @@ impl KeyScheduleHandshakeStart { pub(crate) struct KeyScheduleHandshake { ks: KeySchedule, - client_handshake_traffic_secret: hkdf::OkmBlock, - server_handshake_traffic_secret: hkdf::OkmBlock, + client_handshake_traffic_secret: OkmBlock, + server_handshake_traffic_secret: OkmBlock, } impl KeyScheduleHandshake { @@ -378,7 +378,7 @@ impl KeyScheduleClientBeforeFinished { /// finished verify_data. The traffic stage key schedule can be extracted from it /// through signing the client finished hash. pub(crate) struct KeyScheduleTrafficWithClientFinishedPending { - handshake_client_traffic_secret: hkdf::OkmBlock, + handshake_client_traffic_secret: OkmBlock, traffic: KeyScheduleTraffic, } @@ -417,9 +417,9 @@ impl KeyScheduleTrafficWithClientFinishedPending { /// to be available. pub(crate) struct KeyScheduleTraffic { ks: KeySchedule, - current_client_traffic_secret: hkdf::OkmBlock, - current_server_traffic_secret: hkdf::OkmBlock, - current_exporter_secret: hkdf::OkmBlock, + current_client_traffic_secret: OkmBlock, + current_server_traffic_secret: OkmBlock, + current_exporter_secret: OkmBlock, } impl KeyScheduleTraffic { @@ -471,7 +471,7 @@ impl KeyScheduleTraffic { self.ks.set_decrypter(&secret, common); } - pub(crate) fn next_application_traffic_secret(&mut self, side: Side) -> hkdf::OkmBlock { + pub(crate) fn next_application_traffic_secret(&mut self, side: Side) -> OkmBlock { let current = match side { Side::Client => &mut self.current_client_traffic_secret, Side::Server => &mut self.current_server_traffic_secret, @@ -486,7 +486,7 @@ impl KeyScheduleTraffic { &self, hs_hash: &hash::Output, nonce: &[u8], - ) -> hkdf::OkmBlock { + ) -> OkmBlock { let resumption_master_secret = self .ks .derive(SecretKind::ResumptionMasterSecret, hs_hash.as_ref()); @@ -506,26 +506,26 @@ impl KeyScheduleTraffic { pub(crate) fn extract_secrets(&self, side: Side) -> Result { fn expand( - secret: &hkdf::OkmBlock, - hmac: &'static dyn hmac::Hmac, + secret: &OkmBlock, + hkdf: &'static dyn Hkdf, aead_key_len: usize, ) -> (AeadKey, Iv) { - let expander = hkdf::Expander::from_okm(secret, hmac); + let expander = hkdf.expander_for_okm(secret); ( - hkdf_expand_label_aead_key(&expander, aead_key_len, b"key", &[]), - hkdf_expand_label(&expander, b"iv", &[]), + hkdf_expand_label_aead_key(expander.as_ref(), aead_key_len, b"key", &[]), + hkdf_expand_label(expander.as_ref(), b"iv", &[]), ) } let (client_key, client_iv) = expand( &self.current_client_traffic_secret, - self.ks.suite.hmac_provider, + self.ks.suite.hkdf_provider, self.ks.suite.aead_alg.key_len(), ); let (server_key, server_iv) = expand( &self.current_server_traffic_secret, - self.ks.suite.hmac_provider, + self.ks.suite.hkdf_provider, self.ks.suite.aead_alg.key_len(), ); let client_secrets = self @@ -550,60 +550,72 @@ impl KeyScheduleTraffic { impl KeySchedule { fn new(suite: &'static Tls13CipherSuite, secret: &[u8]) -> Self { Self { - current: hkdf::Extractor::without_salt(suite.hmac_provider).extract(secret), + current: suite + .hkdf_provider + .extract_from_secret(None, secret), suite, } } - fn set_encrypter(&self, secret: &hkdf::OkmBlock, common: &mut CommonState) { - let expander = hkdf::Expander::from_okm(secret, self.suite.hmac_provider); - let key = derive_traffic_key(&expander, self.suite.aead_alg.key_len()); - let iv = derive_traffic_iv(&expander); + fn set_encrypter(&self, secret: &OkmBlock, common: &mut CommonState) { + let expander = self + .suite + .hkdf_provider + .expander_for_okm(secret); + let key = derive_traffic_key(expander.as_ref(), self.suite.aead_alg.key_len()); + let iv = derive_traffic_iv(expander.as_ref()); common .record_layer .set_message_encrypter(self.suite.aead_alg.encrypter(key, iv)); } - fn set_decrypter(&self, secret: &hkdf::OkmBlock, common: &mut CommonState) { + fn set_decrypter(&self, secret: &OkmBlock, common: &mut CommonState) { common .record_layer .set_message_decrypter(self.derive_decrypter(secret)); } - fn derive_decrypter(&self, secret: &hkdf::OkmBlock) -> Box { - let expander = hkdf::Expander::from_okm(secret, self.suite.hmac_provider); - let key = derive_traffic_key(&expander, self.suite.aead_alg.key_len()); - let iv = derive_traffic_iv(&expander); + fn derive_decrypter(&self, secret: &OkmBlock) -> Box { + let expander = self + .suite + .hkdf_provider + .expander_for_okm(secret); + let key = derive_traffic_key(expander.as_ref(), self.suite.aead_alg.key_len()); + let iv = derive_traffic_iv(expander.as_ref()); self.suite.aead_alg.decrypter(key, iv) } fn new_with_empty_secret(suite: &'static Tls13CipherSuite) -> Self { - let zeroes = [0u8; hash::Output::MAX_LEN]; - Self::new(suite, &zeroes[..suite.hmac_provider.hash_output_len()]) + Self { + current: suite + .hkdf_provider + .extract_from_zero_ikm(None), + suite, + } } /// Input the empty secret. fn input_empty(&mut self) { - let zeroes = [0u8; hash::Output::MAX_LEN]; - self.input_secret( - &zeroes[..self - .suite - .hmac_provider - .hash_output_len()], - ); + let salt = self.derive_for_empty_hash(SecretKind::DerivedSecret); + self.current = self + .suite + .hkdf_provider + .extract_from_zero_ikm(Some(salt.as_ref())); } /// Input the given secret. fn input_secret(&mut self, secret: &[u8]) { let salt = self.derive_for_empty_hash(SecretKind::DerivedSecret); - self.current = - hkdf::Extractor::new(self.suite.hmac_provider, salt.as_ref()).extract(secret); + self.current = self + .suite + .hkdf_provider + .extract_from_secret(Some(salt.as_ref()), secret); } /// Derive a secret of given `kind`, using current handshake hash `hs_hash`. - fn derive(&self, kind: SecretKind, hs_hash: &[u8]) -> hkdf::OkmBlock { - hkdf_expand_label_block(&self.current, kind.to_bytes(), hs_hash) + fn derive(&self, kind: SecretKind, hs_hash: &[u8]) -> OkmBlock { + hkdf_expand_label_block(self.current.as_ref(), kind.to_bytes(), hs_hash) } fn derive_logged_secret( @@ -612,7 +624,7 @@ impl KeySchedule { hs_hash: &[u8], key_log: &dyn KeyLog, client_random: &[u8; 32], - ) -> hkdf::OkmBlock { + ) -> OkmBlock { let output = self.derive(kind, hs_hash); let log_label = kind @@ -628,7 +640,7 @@ impl KeySchedule { /// for the handshake hash. Useful only for /// `SecretKind::ResumptionPSKBinderKey` and /// `SecretKind::DerivedSecret`. - fn derive_for_empty_hash(&self, kind: SecretKind) -> hkdf::OkmBlock { + fn derive_for_empty_hash(&self, kind: SecretKind) -> OkmBlock { let empty_hash = self .suite .common @@ -640,15 +652,18 @@ impl KeySchedule { /// Sign the finished message consisting of `hs_hash` using a current /// traffic secret. - fn sign_finish(&self, base_key: &hkdf::OkmBlock, hs_hash: &hash::Output) -> hmac::Tag { + fn sign_finish(&self, base_key: &OkmBlock, hs_hash: &hash::Output) -> hmac::Tag { self.sign_verify_data(base_key, hs_hash) } /// Sign the finished message consisting of `hs_hash` using the key material /// `base_key`. - fn sign_verify_data(&self, base_key: &hkdf::OkmBlock, hs_hash: &hash::Output) -> hmac::Tag { - let expander = hkdf::Expander::from_okm(base_key, self.suite.hmac_provider); - let hmac_key = hkdf_expand_label_block(&expander, b"finished", &[]); + fn sign_verify_data(&self, base_key: &OkmBlock, hs_hash: &hash::Output) -> hmac::Tag { + let expander = self + .suite + .hkdf_provider + .expander_for_okm(base_key); + let hmac_key = hkdf_expand_label_block(expander.as_ref(), b"finished", &[]); self.suite .hmac_provider @@ -657,21 +672,27 @@ impl KeySchedule { } /// Derive the next application traffic secret, returning it. - fn derive_next(&self, base_key: &hkdf::OkmBlock) -> hkdf::OkmBlock { - let expander = hkdf::Expander::from_okm(base_key, self.suite.hmac_provider); - hkdf_expand_label_block(&expander, b"traffic upd", &[]) + fn derive_next(&self, base_key: &OkmBlock) -> OkmBlock { + let expander = self + .suite + .hkdf_provider + .expander_for_okm(base_key); + hkdf_expand_label_block(expander.as_ref(), b"traffic upd", &[]) } /// Derive the PSK to use given a resumption_master_secret and /// ticket_nonce. - fn derive_ticket_psk(&self, rms: &hkdf::OkmBlock, nonce: &[u8]) -> hkdf::OkmBlock { - let expander = hkdf::Expander::from_okm(rms, self.suite.hmac_provider); - hkdf_expand_label_block(&expander, b"resumption", nonce) + fn derive_ticket_psk(&self, rms: &OkmBlock, nonce: &[u8]) -> OkmBlock { + let expander = self + .suite + .hkdf_provider + .expander_for_okm(rms); + hkdf_expand_label_block(expander.as_ref(), b"resumption", nonce) } fn export_keying_material( &self, - current_exporter_secret: &hkdf::OkmBlock, + current_exporter_secret: &OkmBlock, out: &mut [u8], label: &[u8], context: Option<&[u8]>, @@ -683,9 +704,11 @@ impl KeySchedule { .hash_provider .hash(&[]); - let expander = - hkdf::Expander::from_okm(current_exporter_secret, self.suite.hmac_provider); - hkdf_expand_label_block(&expander, label, h_empty.as_ref()) + let expander = self + .suite + .hkdf_provider + .expander_for_okm(current_exporter_secret); + hkdf_expand_label_block(expander.as_ref(), label, h_empty.as_ref()) }; let h_context = self @@ -694,9 +717,12 @@ impl KeySchedule { .hash_provider .hash(context.unwrap_or(&[])); - let expander = hkdf::Expander::from_okm(&secret, self.suite.hmac_provider); + let expander = self + .suite + .hkdf_provider + .expander_for_okm(&secret); // TODO: Test what happens when this fails due to large `out.len()` - hkdf_expand_label_slice(&expander, b"exporter", h_context.as_ref(), out) + hkdf_expand_label_slice(expander.as_ref(), b"exporter", h_context.as_ref(), out) .map_err(|_| Error::General("exporting too much".to_string())) } } @@ -706,33 +732,33 @@ impl KeySchedule { /// /// [HKDF-Expand-Label]: pub(crate) fn hkdf_expand_label, const N: usize>( - expander: &hkdf::Expander, + expander: &dyn HkdfExpander, label: &[u8], context: &[u8], ) -> T { - hkdf_expand_label_inner(expander, label, context, N, |e, info| e.expand(info)) + hkdf_expand_label_inner(expander, label, context, N, |e, info| expand(e, info)) } /// [HKDF-Expand-Label] where the output is one block in size. pub(crate) fn hkdf_expand_label_block( - expander: &hkdf::Expander, + expander: &dyn HkdfExpander, label: &[u8], context: &[u8], -) -> hkdf::OkmBlock { - hkdf_expand_label_inner(expander, label, context, expander.block_len(), |e, info| { +) -> OkmBlock { + hkdf_expand_label_inner(expander, label, context, expander.hash_len(), |e, info| { e.expand_block(info) }) } /// [HKDF-Expand-Label] where the output is an AEAD key. pub(crate) fn hkdf_expand_label_aead_key( - expander: &hkdf::Expander, + expander: &dyn HkdfExpander, key_len: usize, label: &[u8], context: &[u8], ) -> AeadKey { hkdf_expand_label_inner(expander, label, context, key_len, |e, info| { - let key: AeadKey = e.expand(info); + let key: AeadKey = expand(e, info); key.with_length(key_len) }) } @@ -741,33 +767,33 @@ pub(crate) fn hkdf_expand_label_aead_key( /// /// This can fail because HKDF-Expand is limited in its maximum output length. fn hkdf_expand_label_slice( - expander: &hkdf::Expander, + expander: &dyn HkdfExpander, label: &[u8], context: &[u8], output: &mut [u8], -) -> Result<(), hkdf::OutputLengthError> { +) -> Result<(), OutputLengthError> { hkdf_expand_label_inner(expander, label, context, output.len(), |e, info| { e.expand_slice(info, output) }) } -pub(crate) fn derive_traffic_key(expander: &hkdf::Expander, aead_key_len: usize) -> AeadKey { +pub(crate) fn derive_traffic_key(expander: &dyn HkdfExpander, aead_key_len: usize) -> AeadKey { hkdf_expand_label_aead_key(expander, aead_key_len, b"key", &[]) } -pub(crate) fn derive_traffic_iv(expander: &hkdf::Expander) -> Iv { +pub(crate) fn derive_traffic_iv(expander: &dyn HkdfExpander) -> Iv { hkdf_expand_label(expander, b"iv", &[]) } fn hkdf_expand_label_inner( - expander: &hkdf::Expander, + expander: &dyn HkdfExpander, label: &[u8], context: &[u8], n: usize, f: F, ) -> T where - F: FnOnce(&hkdf::Expander, &[&[u8]]) -> T, + F: FnOnce(&dyn HkdfExpander, &[&[u8]]) -> T, { const LABEL_PREFIX: &[u8] = b"tls13 "; @@ -790,7 +816,9 @@ where #[cfg(all(test, feature = "ring"))] mod tests { use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; - use crate::crypto::ring::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; + use crate::crypto::ring::tls13::{ + TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, + }; use crate::KeyLog; use ring::aead; @@ -936,11 +964,10 @@ mod tests { // Since we can't test key equality, we test the output of sealing with the key instead. let aead_alg = &aead::AES_128_GCM; - let expander = crate::hkdf::Expander::from_okm( - &traffic_secret, - &crate::crypto::ring::hmac::HMAC_SHA256, - ); - let key = derive_traffic_key(&expander, aead_alg.key_len()); + let expander = TLS13_AES_128_GCM_SHA256_INTERNAL + .hkdf_provider + .expander_for_okm(&traffic_secret); + let key = derive_traffic_key(expander.as_ref(), aead_alg.key_len()); let key = aead::UnboundKey::new(aead_alg, key.as_ref()).unwrap(); let seal_output = seal_zeroes(key); let expected_key = aead::UnboundKey::new(aead_alg, expected_key).unwrap(); @@ -948,7 +975,7 @@ mod tests { assert_eq!(seal_output, expected_seal_output); assert!(seal_output.len() >= 48); // Sanity check. - let iv = derive_traffic_iv(&expander); + let iv = derive_traffic_iv(expander.as_ref()); assert_eq!(iv.as_ref(), expected_iv); } @@ -972,7 +999,6 @@ mod benchmarks { fn bench_sha256(b: &mut test::Bencher) { use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; use crate::crypto::ring::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; - use crate::hkdf; use crate::KeyLog; use ring::aead; @@ -986,15 +1012,14 @@ mod benchmarks { let aead_alg = &aead::CHACHA20_POLY1305; let hash = [0u8; 32]; let traffic_secret = ks.derive_logged_secret(kind, &hash, &Log, &[0u8; 32]); - let traffic_secret_expander = hkdf::Expander::from_okm( - &traffic_secret, - TLS13_CHACHA20_POLY1305_SHA256_INTERNAL.hmac_provider, - ); + let traffic_secret_expander = TLS13_CHACHA20_POLY1305_SHA256_INTERNAL + .hkdf_provider + .expander_for_okm(&traffic_secret); test::black_box(derive_traffic_key( - &traffic_secret_expander, + traffic_secret_expander.as_ref(), aead_alg.key_len(), )); - test::black_box(derive_traffic_iv(&traffic_secret_expander)); + test::black_box(derive_traffic_iv(traffic_secret_expander.as_ref())); } b.iter(|| { diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index af81e99772..1be098f9ea 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -15,6 +15,9 @@ pub struct Tls13CipherSuite { /// How to compute HMAC with the suite's hash function. pub hmac_provider: &'static dyn crypto::hmac::Hmac, + /// How to complete HKDF with the suite's hash function. + pub hkdf_provider: &'static dyn crypto::tls13::Hkdf, + /// How to produce a [MessageDecrypter] or [MessageEncrypter] /// from raw key material. /// From 0e58a74ec0954f5e0ddb2f594daa3f41bb930765 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 24 Oct 2023 16:47:31 +0100 Subject: [PATCH 0320/1145] Delete unused hkdf.rs: migrate tests to crypto::tls13 --- rustls/src/crypto/tls13.rs | 138 ++++++++++++++++++++ rustls/src/hkdf.rs | 259 ------------------------------------- 2 files changed, 138 insertions(+), 259 deletions(-) delete mode 100644 rustls/src/hkdf.rs diff --git a/rustls/src/crypto/tls13.rs b/rustls/src/crypto/tls13.rs index 4a81669ed7..d2df13819e 100644 --- a/rustls/src/crypto/tls13.rs +++ b/rustls/src/crypto/tls13.rs @@ -223,3 +223,141 @@ impl AsRef<[u8]> for OkmBlock { /// the slice exceeds the maximum HKDF output length. #[derive(Debug)] pub struct OutputLengthError; + +#[cfg(all(test, feature = "ring"))] +mod tests { + use super::{expand, Hkdf, HkdfUsingHmac}; + use crate::crypto::ring; + + struct ByteArray([u8; N]); + + impl From<[u8; N]> for ByteArray { + fn from(array: [u8; N]) -> Self { + Self(array) + } + } + + /// Test cases from appendix A in the RFC, minus cases requiring SHA1. + + #[test] + fn test_case_1() { + let hkdf = HkdfUsingHmac(&ring::hmac::HMAC_SHA256); + let ikm = &[0x0b; 22]; + let salt = &[ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, + ]; + let info: &[&[u8]] = &[ + &[0xf0, 0xf1, 0xf2], + &[0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9], + ]; + + let output: ByteArray<42> = expand( + hkdf.extract_from_secret(Some(salt), ikm) + .as_ref(), + info, + ); + + assert_eq!( + &output.0, + &[ + 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, + 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, + 0xec, 0xc4, 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65 + ] + ); + } + + #[test] + fn test_case_2() { + let hkdf = HkdfUsingHmac(&ring::hmac::HMAC_SHA256); + let ikm: Vec = (0x00u8..=0x4f).collect(); + let salt: Vec = (0x60u8..=0xaf).collect(); + let info: Vec = (0xb0u8..=0xff).collect(); + + let output: ByteArray<82> = expand( + hkdf.extract_from_secret(Some(&salt), &ikm) + .as_ref(), + &[&info], + ); + + assert_eq!( + &output.0, + &[ + 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, + 0x49, 0x34, 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8, 0xa0, 0x50, 0xcc, 0x4c, + 0x19, 0xaf, 0xa9, 0x7c, 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, 0x71, 0xcb, + 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09, 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, + 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, + 0x3e, 0x87, 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, 0x1d, 0x87 + ] + ); + } + + #[test] + fn test_case_3() { + let hkdf = HkdfUsingHmac(&ring::hmac::HMAC_SHA256); + let ikm = &[0x0b; 22]; + let salt = &[]; + let info = &[]; + + let output: ByteArray<42> = expand( + hkdf.extract_from_secret(Some(salt), ikm) + .as_ref(), + info, + ); + + assert_eq!( + &output.0, + &[ + 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, + 0x5a, 0x31, 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, 0xc3, 0x45, 0x4e, 0x5f, + 0x3c, 0x73, 0x8d, 0x2d, 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, 0x96, 0xc8 + ] + ); + } + + #[test] + fn test_salt_not_provided() { + // can't use test case 7, because we don't have (or want) SHA1. + // + // this output is generated with cryptography.io: + // + // >>> hkdf.HKDF(algorithm=hashes.SHA384(), length=96, salt=None, info=b"hello").derive(b"\x0b" * 40) + + let hkdf = HkdfUsingHmac(&ring::hmac::HMAC_SHA384); + let ikm = &[0x0b; 40]; + let info = &[&b"hel"[..], &b"lo"[..]]; + + let output: ByteArray<96> = expand( + hkdf.extract_from_secret(None, ikm) + .as_ref(), + info, + ); + + assert_eq!( + &output.0, + &[ + 0xd5, 0x45, 0xdd, 0x3a, 0xff, 0x5b, 0x19, 0x46, 0xd4, 0x86, 0xfd, 0xb8, 0xd8, 0x88, + 0x2e, 0xe0, 0x1c, 0xc1, 0xa5, 0x48, 0xb6, 0x05, 0x75, 0xe4, 0xd7, 0x5d, 0x0f, 0x5f, + 0x23, 0x40, 0xee, 0x6c, 0x9e, 0x7c, 0x65, 0xd0, 0xee, 0x79, 0xdb, 0xb2, 0x07, 0x1d, + 0x66, 0xa5, 0x50, 0xc4, 0x8a, 0xa3, 0x93, 0x86, 0x8b, 0x7c, 0x69, 0x41, 0x6b, 0x3e, + 0x61, 0x44, 0x98, 0xb8, 0xc2, 0xfc, 0x82, 0x82, 0xae, 0xcd, 0x46, 0xcf, 0xb1, 0x47, + 0xdc, 0xd0, 0x69, 0x0d, 0x19, 0xad, 0xe6, 0x6c, 0x70, 0xfe, 0x87, 0x92, 0x04, 0xb6, + 0x82, 0x2d, 0x97, 0x7e, 0x46, 0x80, 0x4c, 0xe5, 0x76, 0x72, 0xb4, 0xb8 + ] + ); + } + + #[test] + fn test_output_length_bounds() { + let hkdf = HkdfUsingHmac(&ring::hmac::HMAC_SHA256); + let ikm = &[]; + let info = &[]; + + let mut output = [0u8; 32 * 255 + 1]; + assert!(hkdf + .extract_from_secret(None, ikm) + .expand_slice(info, &mut output) + .is_err()); + } +} diff --git a/rustls/src/hkdf.rs b/rustls/src/hkdf.rs deleted file mode 100644 index b0cab4c39d..0000000000 --- a/rustls/src/hkdf.rs +++ /dev/null @@ -1,259 +0,0 @@ -//! HKDF from RFC5869 - -use crate::crypto::{hash, hmac}; - -use alloc::boxed::Box; - -/// This is the inputs to HKDF-Extract, except for IKM -/// ("input keying material") which is supplied in [`Extractor::extract()`]. -pub(crate) struct Extractor { - salt: Box, - hmac: &'static dyn hmac::Hmac, -} - -impl Extractor { - pub(crate) fn without_salt(hmac: &'static dyn hmac::Hmac) -> Self { - let zeroes = [0u8; hash::Output::MAX_LEN]; - Self::new(hmac, &zeroes[..hmac.hash_output_len()]) - } - - pub(crate) fn new(hmac: &'static dyn hmac::Hmac, salt: &[u8]) -> Self { - Self { - salt: hmac.with_key(salt), - hmac, - } - } - - /// This is the `HKDF-Extract` step: takes the input keying material `ikm` and "extracts" - /// from it a fixed-length pseudorandom key. - /// - /// The returned [`Expander`] can be used for the `HKDF-Expand` step, see: - /// [`Expander::expand()`] et al. - pub(crate) fn extract(self, ikm: &[u8]) -> Expander { - Expander( - self.hmac - .with_key(self.salt.sign(&[ikm]).as_ref()), - ) - } -} - -pub(crate) struct OutputLengthError; - -/// This is a PRK ready for use via `expand()` et al. -pub(crate) struct Expander(Box); - -/// This is a single "output keying material" (OKM) block output from HKDF-Expand. -#[derive(Clone)] -pub(crate) struct OkmBlock(hmac::Tag); - -/// TODO: only required for quic tests -impl From<&[u8]> for OkmBlock { - fn from(value: &[u8]) -> Self { - Self(hmac::Tag::new(value)) - } -} - -impl AsRef<[u8]> for OkmBlock { - fn as_ref(&self) -> &[u8] { - self.0.as_ref() - } -} - -impl Expander { - pub(crate) fn from_okm(okm: &OkmBlock, hmac: &'static dyn hmac::Hmac) -> Self { - Self(hmac.with_key(okm.0.as_ref())) - } - - /// HKDF-Expand, writing into a slice. - /// - /// This returns an error if the slice is longer than the maximum HKDF-Expand - /// L parameter. - pub(crate) fn expand_slice( - &self, - info: &[&[u8]], - output: &mut [u8], - ) -> Result<(), OutputLengthError> { - if output.len() > 255 * self.0.tag_len() { - return Err(OutputLengthError); - } - - self.expand_unchecked(info, output); - Ok(()) - } - - /// HKDF-Expand, producing one block of output. - pub(crate) fn expand_block(&self, info: &[&[u8]]) -> OkmBlock { - let mut tag = [0u8; hmac::Tag::MAX_LEN]; - let reduced_tag = &mut tag[..self.0.tag_len()]; - self.expand_unchecked(info, reduced_tag); - OkmBlock(hmac::Tag::new(reduced_tag)) - } - - /// This is the `HKDF-Expand` step: "expands" the key into several additional pseudorandom keys - /// (the output of the KDF). - /// - /// Produces a type `T` which can be constructed from a byte array. - /// - /// This does not fail, on the assumption that the size of the byte array - /// is less than 255 times the HMAC tag length. - pub(crate) fn expand(&self, info: &[&[u8]]) -> T - where - T: From<[u8; N]>, - { - assert!(N <= 255 * self.0.tag_len()); - let mut output = [0u8; N]; - self.expand_unchecked(info, &mut output); - T::from(output) - } - - fn expand_unchecked(&self, info: &[&[u8]], output: &mut [u8]) { - let mut term = hmac::Tag::new(b""); - - for (n, chunk) in output - .chunks_mut(self.0.tag_len()) - .enumerate() - { - term = self - .0 - .sign_concat(term.as_ref(), info, &[(n + 1) as u8]); - chunk.copy_from_slice(&term.as_ref()[..chunk.len()]); - } - } - - pub(crate) fn block_len(&self) -> usize { - self.0.tag_len() - } -} - -#[cfg(all(test, feature = "ring"))] -mod tests { - use super::Extractor; - use crate::crypto::ring; - - struct ByteArray([u8; N]); - - impl From<[u8; N]> for ByteArray { - fn from(array: [u8; N]) -> Self { - Self(array) - } - } - - /// Test cases from appendix A in the RFC, minus cases requiring SHA1. - - #[test] - fn test_case_1() { - let hmac = &ring::hmac::HMAC_SHA256; - let ikm = &[0x0b; 22]; - let salt = &[ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, - ]; - let info: &[&[u8]] = &[ - &[0xf0, 0xf1, 0xf2], - &[0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9], - ]; - - let output: ByteArray<42> = Extractor::new(hmac, salt) - .extract(ikm) - .expand(info); - - assert_eq!( - &output.0, - &[ - 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, - 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, - 0xec, 0xc4, 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65 - ] - ); - } - - #[test] - fn test_case_2() { - let hmac = &ring::hmac::HMAC_SHA256; - - let ikm: Vec = (0x00u8..=0x4f).collect(); - let salt: Vec = (0x60u8..=0xaf).collect(); - let info: Vec = (0xb0u8..=0xff).collect(); - - let output: ByteArray<82> = Extractor::new(hmac, &salt) - .extract(&ikm) - .expand(&[&info]); - - assert_eq!( - &output.0, - &[ - 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, - 0x49, 0x34, 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8, 0xa0, 0x50, 0xcc, 0x4c, - 0x19, 0xaf, 0xa9, 0x7c, 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, 0x71, 0xcb, - 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09, 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, - 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, - 0x3e, 0x87, 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, 0x1d, 0x87 - ] - ); - } - - #[test] - fn test_case_3() { - let hmac = &ring::hmac::HMAC_SHA256; - let ikm = &[0x0b; 22]; - let salt = &[]; - let info = &[]; - - let output: ByteArray<42> = Extractor::new(hmac, salt) - .extract(ikm) - .expand(info); - - assert_eq!( - &output.0, - &[ - 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, - 0x5a, 0x31, 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, 0xc3, 0x45, 0x4e, 0x5f, - 0x3c, 0x73, 0x8d, 0x2d, 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, 0x96, 0xc8 - ] - ); - } - - #[test] - fn test_salt_not_provided() { - // can't use test case 7, because we don't have (or want) SHA1. - // - // this output is generated with cryptography.io: - // - // >>> hkdf.HKDF(algorithm=hashes.SHA384(), length=96, salt=None, info=b"hello").derive(b"\x0b" * 40) - - let hmac = &ring::hmac::HMAC_SHA384; - - let ikm = &[0x0b; 40]; - let info = &[&b"hel"[..], &b"lo"[..]]; - - let output: ByteArray<96> = Extractor::without_salt(hmac) - .extract(ikm) - .expand(info); - - assert_eq!( - &output.0, - &[ - 0xd5, 0x45, 0xdd, 0x3a, 0xff, 0x5b, 0x19, 0x46, 0xd4, 0x86, 0xfd, 0xb8, 0xd8, 0x88, - 0x2e, 0xe0, 0x1c, 0xc1, 0xa5, 0x48, 0xb6, 0x05, 0x75, 0xe4, 0xd7, 0x5d, 0x0f, 0x5f, - 0x23, 0x40, 0xee, 0x6c, 0x9e, 0x7c, 0x65, 0xd0, 0xee, 0x79, 0xdb, 0xb2, 0x07, 0x1d, - 0x66, 0xa5, 0x50, 0xc4, 0x8a, 0xa3, 0x93, 0x86, 0x8b, 0x7c, 0x69, 0x41, 0x6b, 0x3e, - 0x61, 0x44, 0x98, 0xb8, 0xc2, 0xfc, 0x82, 0x82, 0xae, 0xcd, 0x46, 0xcf, 0xb1, 0x47, - 0xdc, 0xd0, 0x69, 0x0d, 0x19, 0xad, 0xe6, 0x6c, 0x70, 0xfe, 0x87, 0x92, 0x04, 0xb6, - 0x82, 0x2d, 0x97, 0x7e, 0x46, 0x80, 0x4c, 0xe5, 0x76, 0x72, 0xb4, 0xb8 - ] - ); - } - - #[test] - fn test_output_length_bounds() { - let hmac = &ring::hmac::HMAC_SHA256; - let ikm = &[]; - let salt = &[]; - let info = &[]; - - let mut output = [0u8; 32 * 255 + 1]; - assert!(Extractor::new(hmac, salt) - .extract(ikm) - .expand_slice(info, &mut output) - .is_err()); - } -} From b9950a606383858cd8885518449157fa3e11a8ba Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 24 Oct 2023 17:14:38 +0100 Subject: [PATCH 0321/1145] Arrange for key exchange to be completed in Hkdf trait --- rustls/src/client/tls13.rs | 4 ++-- rustls/src/server/tls13.rs | 3 +-- rustls/src/tls13/key_schedule.rs | 27 +++++++++++++++++++++++---- 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 8cae68cece..c18d1ef7fe 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -150,8 +150,8 @@ pub(super) fn handle_server_hello( KeySchedulePreHandshake::new(suite) }; - let shared_secret = our_key_share.complete(&their_key_share.payload.0)?; - let key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret); + let key_schedule = + key_schedule_pre_handshake.into_handshake(our_key_share, &their_key_share.payload.0)?; // Remember what KX group the server liked for next time. config diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 7a2a979a20..e34499f0c6 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -542,8 +542,7 @@ mod client_hello { }; // Do key exchange - let shared_secret = kx.complete(&share.payload.0)?; - let key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret); + let key_schedule = key_schedule_pre_handshake.into_handshake(kx, &share.payload.0)?; let handshake_hash = transcript.get_current_hash(); let key_schedule = key_schedule.derive_server_handshake_secrets( diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 273f068b8e..758e966ed3 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -1,7 +1,7 @@ use crate::common_state::{CommonState, Side}; use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter}; use crate::crypto::tls13::{expand, Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; -use crate::crypto::{hash, hmac, SharedSecret}; +use crate::crypto::{hash, hmac, ActiveKeyExchange}; use crate::error::Error; #[cfg(feature = "quic")] use crate::quic; @@ -143,10 +143,14 @@ impl KeySchedulePreHandshake { } } - pub(crate) fn into_handshake(mut self, secret: SharedSecret) -> KeyScheduleHandshakeStart { + pub(crate) fn into_handshake( + mut self, + kx: Box, + peer_public_key: &[u8], + ) -> Result { self.ks - .input_secret(secret.secret_bytes()); - KeyScheduleHandshakeStart { ks: self.ks } + .input_from_key_exchange(kx, peer_public_key)?; + Ok(KeyScheduleHandshakeStart { ks: self.ks }) } } @@ -605,6 +609,7 @@ impl KeySchedule { } /// Input the given secret. + #[cfg(all(test, feature = "ring"))] fn input_secret(&mut self, secret: &[u8]) { let salt = self.derive_for_empty_hash(SecretKind::DerivedSecret); self.current = self @@ -613,6 +618,20 @@ impl KeySchedule { .extract_from_secret(Some(salt.as_ref()), secret); } + /// Input the shared secret resulting from completing the given key exchange. + fn input_from_key_exchange( + &mut self, + kx: Box, + peer_public_key: &[u8], + ) -> Result<(), Error> { + let salt = self.derive_for_empty_hash(SecretKind::DerivedSecret); + self.current = self + .suite + .hkdf_provider + .extract_from_kx_shared_secret(Some(salt.as_ref()), kx, peer_public_key)?; + Ok(()) + } + /// Derive a secret of given `kind`, using current handshake hash `hs_hash`. fn derive(&self, kind: SecretKind, hs_hash: &[u8]) -> OkmBlock { hkdf_expand_label_block(self.current.as_ref(), kind.to_bytes(), hs_hash) From 602929fa26851a68d34776030ca420ee0f56eba2 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 24 Oct 2023 16:21:30 +0100 Subject: [PATCH 0322/1145] Test excess secret exporting, to address TODO --- rustls/src/tls13/key_schedule.rs | 1 - rustls/tests/api.rs | 48 ++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 758e966ed3..f6b3909021 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -740,7 +740,6 @@ impl KeySchedule { .suite .hkdf_provider .expander_for_okm(&secret); - // TODO: Test what happens when this fails due to large `out.len()` hkdf_expand_label_slice(expander.as_ref(), b"exporter", h_context.as_ref(), out) .map_err(|_| Error::General("exporting too much".to_string())) } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 6a5f7b06c0..fed611aa59 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -2678,6 +2678,54 @@ fn test_tls13_exporter() { } } +#[test] +fn test_tls13_exporter_maximum_output_length() { + let client_config = + make_client_config_with_versions(KeyType::Ecdsa, &[&rustls::version::TLS13]); + let server_config = make_server_config(KeyType::Ecdsa); + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + do_handshake(&mut client, &mut server); + + assert_eq!( + client.negotiated_cipher_suite(), + Some(find_suite(CipherSuite::TLS13_AES_256_GCM_SHA384)) + ); + + let mut maximum_allowed_output_client = [0u8; 255 * 48]; + let mut maximum_allowed_output_server = [0u8; 255 * 48]; + client + .export_keying_material( + &mut maximum_allowed_output_client, + b"label", + Some(b"context"), + ) + .unwrap(); + server + .export_keying_material( + &mut maximum_allowed_output_server, + b"label", + Some(b"context"), + ) + .unwrap(); + + assert_eq!(maximum_allowed_output_client, maximum_allowed_output_server); + + let mut too_long_output = [0u8; 255 * 48 + 1]; + assert_eq!( + client + .export_keying_material(&mut too_long_output, b"label", Some(b"context"),) + .err(), + Some(Error::General("exporting too much".into())) + ); + assert_eq!( + server + .export_keying_material(&mut too_long_output, b"label", Some(b"context"),) + .err(), + Some(Error::General("exporting too much".into())) + ); +} + fn do_suite_test( client_config: ClientConfig, server_config: ServerConfig, From 6df2dd8f620cb976b639a82799b1be82a98ede6b Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 25 Oct 2023 17:45:14 +0100 Subject: [PATCH 0323/1145] Bolt hmac_sign onto `Hkdf` trait This means `Hkdf` covers the entire use of TLS1.3 for HMAC/HKDF, and that avoids having to implement the HMAC traits just for this. --- provider-example/src/lib.rs | 1 - rustls/src/crypto/ring/tls13.rs | 3 --- rustls/src/crypto/tls13.rs | 15 +++++++++++++++ rustls/src/tls13/key_schedule.rs | 5 ++--- rustls/src/tls13/mod.rs | 3 --- 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 7380d310a8..1c08116119 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -39,7 +39,6 @@ pub static TLS13_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = suite: rustls::CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, hash_provider: &hash::Sha256, }, - hmac_provider: &hmac::Sha256Hmac, hkdf_provider: &rustls::crypto::tls13::HkdfUsingHmac(&hmac::Sha256Hmac), aead_alg: &aead::Chacha20Poly1305, }); diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 766ba87e7f..4bb302dcc7 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -24,7 +24,6 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, }, - hmac_provider: &super::hmac::HMAC_SHA256, hkdf_provider: &HkdfUsingHmac(&super::hmac::HMAC_SHA256), aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&ring::aead::CHACHA20_POLY1305)), #[cfg(feature = "quic")] @@ -42,7 +41,6 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = suite: CipherSuite::TLS13_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, }, - hmac_provider: &super::hmac::HMAC_SHA384, hkdf_provider: &HkdfUsingHmac(&super::hmac::HMAC_SHA384), aead_alg: &Aes256GcmAead(AeadAlgorithm(&ring::aead::AES_256_GCM)), #[cfg(feature = "quic")] @@ -62,7 +60,6 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C suite: CipherSuite::TLS13_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, }, - hmac_provider: &super::hmac::HMAC_SHA256, hkdf_provider: &HkdfUsingHmac(&super::hmac::HMAC_SHA256), aead_alg: &Aes128GcmAead(AeadAlgorithm(&ring::aead::AES_128_GCM)), #[cfg(feature = "quic")] diff --git a/rustls/src/crypto/tls13.rs b/rustls/src/crypto/tls13.rs index d2df13819e..eb600b0142 100644 --- a/rustls/src/crypto/tls13.rs +++ b/rustls/src/crypto/tls13.rs @@ -85,6 +85,12 @@ impl<'a> Hkdf for HkdfUsingHmac<'a> { fn expander_for_okm(&self, okm: &OkmBlock) -> Box { Box::new(HkdfExpanderUsingHmac(self.0.with_key(okm.as_ref()))) } + + fn hmac_sign(&self, key: &OkmBlock, message: &[u8]) -> hmac::Tag { + self.0 + .with_key(key.as_ref()) + .sign(&[message]) + } } /// Implementation of `HKDF-Expand` with an implicitly stored and immutable `PRK`. @@ -161,6 +167,15 @@ pub trait Hkdf: Send + Sync { /// Build a `HkdfExpander` using `okm` as the secret PRK. fn expander_for_okm(&self, okm: &OkmBlock) -> Box; + + /// Signs `message` using `key` viewed as a HMAC key. + /// + /// This should use the same hash function as the HKDF functions in this + /// trait. + /// + /// See [RFC2104](https://datatracker.ietf.org/doc/html/rfc2104) for the + /// definition of HMAC. + fn hmac_sign(&self, key: &OkmBlock, message: &[u8]) -> hmac::Tag; } /// `HKDF-Expand(PRK, info, L)` to construct any type from a byte array. diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index f6b3909021..2a982da090 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -685,9 +685,8 @@ impl KeySchedule { let hmac_key = hkdf_expand_label_block(expander.as_ref(), b"finished", &[]); self.suite - .hmac_provider - .with_key(hmac_key.as_ref()) - .sign(&[hs_hash.as_ref()]) + .hkdf_provider + .hmac_sign(&hmac_key, hs_hash.as_ref()) } /// Derive the next application traffic secret, returning it. diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 1be098f9ea..f904425f4b 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -12,9 +12,6 @@ pub struct Tls13CipherSuite { /// Common cipher suite fields. pub common: CipherSuiteCommon, - /// How to compute HMAC with the suite's hash function. - pub hmac_provider: &'static dyn crypto::hmac::Hmac, - /// How to complete HKDF with the suite's hash function. pub hkdf_provider: &'static dyn crypto::tls13::Hkdf, From 0013a087abd80193f59a87b559969ebe3479c89f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 25 Oct 2023 13:42:25 +0100 Subject: [PATCH 0324/1145] Return to using ring hkdf API Now we no longer have a depedency on hmac, we can avoid that and save some heap allocations. This marginally improves TLS1.3 handshake performance. --- rustls/src/crypto/ring/tls13.rs | 87 +++++++++++++++++++++++++++++++-- 1 file changed, 82 insertions(+), 5 deletions(-) diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 4bb302dcc7..a4ea26968b 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -1,11 +1,12 @@ use alloc::boxed::Box; use alloc::vec::Vec; +use crate::crypto; use crate::crypto::cipher::{ make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, Tls13AeadAlgorithm, UnsupportedOperationError, }; -use crate::crypto::tls13::HkdfUsingHmac; +use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec::Codec; @@ -13,7 +14,8 @@ use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; -use ring::aead; +use ring::hkdf::KeyType; +use ring::{aead, hkdf, hmac}; /// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256 pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = @@ -24,7 +26,7 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, }, - hkdf_provider: &HkdfUsingHmac(&super::hmac::HMAC_SHA256), + hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&ring::aead::CHACHA20_POLY1305)), #[cfg(feature = "quic")] confidentiality_limit: u64::MAX, @@ -41,7 +43,7 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = suite: CipherSuite::TLS13_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, }, - hkdf_provider: &HkdfUsingHmac(&super::hmac::HMAC_SHA384), + hkdf_provider: &RingHkdf(hkdf::HKDF_SHA384, hmac::HMAC_SHA384), aead_alg: &Aes256GcmAead(AeadAlgorithm(&ring::aead::AES_256_GCM)), #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, @@ -60,7 +62,7 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C suite: CipherSuite::TLS13_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, }, - hkdf_provider: &HkdfUsingHmac(&super::hmac::HMAC_SHA256), + hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Aes128GcmAead(AeadAlgorithm(&ring::aead::AES_128_GCM)), #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, @@ -217,3 +219,78 @@ impl MessageDecrypter for Tls13MessageDecrypter { msg.into_tls13_unpadded_message() } } + +struct RingHkdf(hkdf::Algorithm, hmac::Algorithm); + +impl Hkdf for RingHkdf { + fn extract_from_zero_ikm(&self, salt: Option<&[u8]>) -> Box { + let zeroes = [0u8; OkmBlock::MAX_LEN]; + let salt = match salt { + Some(salt) => salt, + None => &zeroes[..self.0.len()], + }; + Box::new(RingHkdfExpander { + alg: self.0, + prk: hkdf::Salt::new(self.0, salt).extract(&zeroes[..self.0.len()]), + }) + } + + fn extract_from_secret(&self, salt: Option<&[u8]>, secret: &[u8]) -> Box { + let zeroes = [0u8; OkmBlock::MAX_LEN]; + let salt = match salt { + Some(salt) => salt, + None => &zeroes[..self.0.len()], + }; + Box::new(RingHkdfExpander { + alg: self.0, + prk: hkdf::Salt::new(self.0, salt).extract(secret), + }) + } + + fn expander_for_okm(&self, okm: &OkmBlock) -> Box { + Box::new(RingHkdfExpander { + alg: self.0, + prk: hkdf::Prk::new_less_safe(self.0, okm.as_ref()), + }) + } + + fn hmac_sign(&self, key: &OkmBlock, message: &[u8]) -> crypto::hmac::Tag { + crypto::hmac::Tag::new(hmac::sign(&hmac::Key::new(self.1, key.as_ref()), message).as_ref()) + } +} + +struct RingHkdfExpander { + alg: hkdf::Algorithm, + prk: hkdf::Prk, +} + +impl HkdfExpander for RingHkdfExpander { + fn expand_slice(&self, info: &[&[u8]], output: &mut [u8]) -> Result<(), OutputLengthError> { + self.prk + .expand(info, Len(output.len())) + .and_then(|okm| okm.fill(output)) + .map_err(|_| OutputLengthError) + } + + fn expand_block(&self, info: &[&[u8]]) -> OkmBlock { + let mut buf = [0u8; OkmBlock::MAX_LEN]; + let output = &mut buf[..self.hash_len()]; + self.prk + .expand(info, Len(output.len())) + .and_then(|okm| okm.fill(output)) + .unwrap(); + OkmBlock::new(output) + } + + fn hash_len(&self) -> usize { + self.alg.len() + } +} + +struct Len(usize); + +impl KeyType for Len { + fn len(&self) -> usize { + self.0 + } +} From 1afdd459bc6991c38d08f097ab0de52ec635dc73 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 16 Oct 2023 15:26:18 +0100 Subject: [PATCH 0325/1145] Reinstate client_cert_verifier/server_cert_verifier Both were accidentally disabled in b14505488 when they were made conditional on a non-existent `webpki` feature. --- rustls/tests/client_cert_verifier.rs | 2 +- rustls/tests/server_cert_verifier.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 98c101d443..21f56fe694 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -1,6 +1,6 @@ //! Tests for configuring and using a [`ClientCertVerifier`] for a server. -#![cfg(all(feature = "webpki", feature = "ring"))] +#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] mod common; diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index 039d319441..740c0a1e69 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -1,6 +1,6 @@ //! Tests for configuring and using a [`ServerCertVerifier`] for a client. -#![cfg(all(feature = "webpki", feature = "ring"))] +#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] mod common; use crate::common::{ From 169671fbc11c13df009a2d7ff3d0db5a492005d1 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 27 Oct 2023 10:39:56 +0100 Subject: [PATCH 0326/1145] Re-publicise DistinguishedName::in_sequence --- rustls/src/msgs/handshake.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 8124e82e7b..bd30cba2d4 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1701,7 +1701,7 @@ impl DistinguishedName { /// use x509_parser::prelude::FromDer; /// println!("{}", x509_parser::x509::X509Name::from_der(dn.as_ref())?.1); /// ``` - pub(crate) fn in_sequence(bytes: &[u8]) -> Self { + pub fn in_sequence(bytes: &[u8]) -> Self { let mut wrapped = bytes.to_owned(); x509::wrap_in_sequence(&mut wrapped); Self(PayloadU16::new(wrapped)) From 71505f36f48909472ee91290280f7ff1ef5ce05e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 12:46:11 -0400 Subject: [PATCH 0327/1145] docs: create issue templates Add Bug report, Feature request, and Dependency update issue templates to help prompt users into providing the information that will get them the best help. --- .github/ISSUE_TEMPLATE/bug_report.md | 29 ++++++++++++++++++ .github/ISSUE_TEMPLATE/dependency-update.md | 33 +++++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 23 ++++++++++++++ 3 files changed, 85 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/dependency-update.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000000..80d1dacbdc --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,29 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**Checklist** +* [ ] I've searched the issue tracker for similar bugs. + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Use one of the examples to connect to `....` +2. ... +3. See error + +**Applicable Version(s)** +A list of versions and platforms you've tested with. + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/dependency-update.md b/.github/ISSUE_TEMPLATE/dependency-update.md new file mode 100644 index 0000000000..952f25be5b --- /dev/null +++ b/.github/ISSUE_TEMPLATE/dependency-update.md @@ -0,0 +1,33 @@ +--- +name: Dependency Update +about: Request a dependency be updated +title: Dependency update request +labels: '' +assignees: '' + +--- + + + +**Checklist** +* [ ] I've searched the issue tracker for similar requests +* [ ] I've confirmed my request is for a semver-incompatible update + +**Is your dependency update request related to a problem? Please describe.** +A clear and concise description of what the problem is. + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000000..65494ebc45 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,23 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' + +--- + +**Checklist** +* [ ] I've searched the issue tracker for similar requests + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. From 78260d89fc79794d54db8725f3b57d8b11211a81 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 26 Oct 2023 09:30:44 -0400 Subject: [PATCH 0328/1145] webpki: lift WebPkiClientVerifier subjects to builder This commit lifts the construction of the `subjects: Vec` arg of the `WebPkiClientVerifier` into `ClientCertVerifierBuilder::build`. This will let us customize how it's built in a subsequent commit. --- rustls/src/webpki/client_verifier.rs | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 1ffa40fd73..b2147cb55e 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -142,8 +142,16 @@ impl ClientCertVerifierBuilder { .supported_algs .ok_or(VerifierBuilderError::NoSupportedAlgorithms)?; + let subjects = self + .roots + .roots + .iter() + .map(|ta| DistinguishedName::in_sequence(ta.subject.as_ref())) + .collect(); + Ok(Arc::new(WebPkiClientVerifier::new( self.roots, + subjects, self.crls .into_iter() .map(|der_crl| { @@ -256,6 +264,7 @@ impl WebPkiClientVerifier { /// * `supported_algs` specifies which signature verification algorithms should be used. pub(crate) fn new( roots: Arc, + subjects: Vec, crls: Vec, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, @@ -263,15 +272,11 @@ impl WebPkiClientVerifier { supported_algs: WebPkiSupportedAlgorithms, ) -> Self { Self { - subjects: roots - .roots - .iter() - .map(|ta| DistinguishedName::in_sequence(ta.subject.as_ref())) - .collect(), + roots, + subjects, crls, revocation_check_depth, unknown_revocation_policy, - roots, anonymous_policy, supported_algs, } From 7f071c78680fcece635514846dbf9ef102b0689a Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 26 Oct 2023 10:19:55 -0400 Subject: [PATCH 0329/1145] clarify hinted trust anchor subjects This commit renames the `ClientCertVerifier::client_auth_root_subjects` fn to `root_hint_subjects` to emphasize that these subjects may be distinct from the subjects of the verifier's trust anchors. The `client_auth` prefix is dropped as obvious from context. The Rustdoc comment for the trait fn is expanded to give more information about what these hint subjects are used for, and why there are instances where the hint subject names aren't 1:1 with the verifier's root cert store subject names. Similarly the `ResolvesClientCert::resolve` fn's argument is renamed from `root_hint_subjects` and the rustdoc gains additional context. --- rustls/examples/internal/bogo_shim.rs | 6 ++--- rustls/src/client/client_conn.rs | 24 +++++++++++------ rustls/src/client/handy.rs | 4 +-- rustls/src/server/tls12.rs | 2 +- rustls/src/server/tls13.rs | 2 +- rustls/src/verify.rs | 37 +++++++++++++++++++-------- rustls/src/webpki/client_verifier.rs | 16 +++++++----- rustls/tests/api.rs | 6 ++--- rustls/tests/client_cert_verifier.rs | 2 +- 9 files changed, 63 insertions(+), 36 deletions(-) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index c9cb70d75b..15d2ead24b 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -200,7 +200,7 @@ impl server::danger::ClientCertVerifier for DummyClientAuth { self.mandatory } - fn client_auth_root_subjects(&self) -> &[DistinguishedName] { + fn root_hint_subjects(&self) -> &[DistinguishedName] { &[] } @@ -315,7 +315,7 @@ struct FixedSignatureSchemeClientCertResolver { impl client::ResolvesClientCert for FixedSignatureSchemeClientCertResolver { fn resolve( &self, - acceptable_issuers: &[&[u8]], + root_hint_subjects: &[&[u8]], sigschemes: &[SignatureScheme], ) -> Option> { if !sigschemes.contains(&self.scheme) { @@ -323,7 +323,7 @@ impl client::ResolvesClientCert for FixedSignatureSchemeClientCertResolver { } let mut certkey = self .resolver - .resolve(acceptable_issuers, sigschemes)?; + .resolve(root_hint_subjects, sigschemes)?; Arc::make_mut(&mut certkey).key = Arc::new(FixedSignatureSchemeSigningKey { key: certkey.key.clone(), scheme: self.scheme, diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index deab619f9a..d2c111f84e 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -86,20 +86,28 @@ pub trait ClientSessionStore: Send + Sync { /// A trait for the ability to choose a certificate chain and /// private key for the purposes of client authentication. pub trait ResolvesClientCert: Send + Sync { - /// With the server-supplied acceptable issuers in `acceptable_issuers`, - /// the server's supported signature schemes in `sigschemes`, - /// return a certificate chain and signing key to authenticate. + /// Resolve a client certificate chain/private key to use as the client's + /// identity. /// - /// `acceptable_issuers` is undecoded and unverified by the rustls - /// library, but it should be expected to contain a DER encodings - /// of X501 NAMEs. + /// `root_hint_subjects` is an optional list of certificate authority + /// subject distinguished names that the client can use to help + /// decide on a client certificate the server is likely to accept. If + /// the list is empty, the client should send whatever certificate it + /// has. The hints are expected to be DER-encoded X.500 distinguished names, + /// per [RFC 5280 A.1]. See [`crate::DistinguishedName`] for more information + /// on decoding with external crates like `x509-parser`. /// - /// Return None to continue the handshake without any client + /// `sigschemes` is the list of the [`SignatureScheme`]s the server + /// supports. + /// + /// Return `None` to continue the handshake without any client /// authentication. The server may reject the handshake later /// if it requires authentication. + /// + /// [RFC 5280 A.1]: https://www.rfc-editor.org/rfc/rfc5280#appendix-A.1 fn resolve( &self, - acceptable_issuers: &[&[u8]], + root_hint_subjects: &[&[u8]], sigschemes: &[SignatureScheme], ) -> Option>; diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 35c2504005..943abd4fda 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -168,7 +168,7 @@ pub(super) struct FailResolveClientCert {} impl client::ResolvesClientCert for FailResolveClientCert { fn resolve( &self, - _acceptable_issuers: &[&[u8]], + _root_hint_subjects: &[&[u8]], _sigschemes: &[SignatureScheme], ) -> Option> { None @@ -196,7 +196,7 @@ impl AlwaysResolvesClientCert { impl client::ResolvesClientCert for AlwaysResolvesClientCert { fn resolve( &self, - _acceptable_issuers: &[&[u8]], + _root_hint_subjects: &[&[u8]], _sigschemes: &[SignatureScheme], ) -> Option> { Some(Arc::clone(&self.0)) diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index fabfa9007b..1a45fd5b97 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -461,7 +461,7 @@ mod client_hello { let names = config .verifier - .client_auth_root_subjects() + .root_hint_subjects() .to_vec(); let cr = CertificateRequestPayload { diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index e34499f0c6..0214062d7b 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -717,7 +717,7 @@ mod client_hello { let names = config .verifier - .client_auth_root_subjects() + .root_hint_subjects() .to_vec(); if !names.is_empty() { diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 9e0dc27ffb..f489ccaad9 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -161,19 +161,36 @@ pub trait ClientCertVerifier: Send + Sync { self.offer_client_auth() } - /// Returns the [Subjects] of the client authentication trust anchors to - /// share with the client when requesting client authentication. + /// Returns the [`DistinguishedName`] [subjects] that the server will hint to clients to + /// identify acceptable authentication trust anchors. /// - /// These must be DER-encoded X.500 distinguished names, per RFC 5280. - /// They are sent in the [`certificate_authorities`] extension of a - /// [`CertificateRequest`] message. + /// These hint values help the client pick a client certificate it believes the server will + /// accept. The hints must be DER-encoded X.500 distinguished names, per [RFC 5280 A.1]. They + /// are sent in the [`certificate_authorities`] extension of a [`CertificateRequest`] message + /// when [ClientCertVerifier::offer_client_auth] is true. If the return value is empty, no + /// CertificateRequest message will be sent. /// - /// [Subjects]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + /// Generally this list should contain the [`DistinguishedName`] of each root trust + /// anchor in the root cert store that the server is configured to use for authenticating + /// presented client certificates. + /// + /// In some circumstances this list may be customized to include [`DistinguishedName`] entries + /// that do not correspond to a trust anchor in the server's root cert store. For example, + /// the server may be configured to trust a root CA that cross-signed an issuer certificate + /// that the client considers a trust anchor. From the server's perspective the cross-signed + /// certificate is an intermediate, and not present in the server's root cert store. The client + /// may have the cross-signed certificate configured as a trust anchor, and be unaware of the + /// root CA that cross-signed it. If the server's hints list only contained the subjects of the + /// server's root store the client would consider a client certificate issued by the cross-signed + /// issuer unacceptable, since its subject was not hinted. To avoid this circumstance the server + /// should customize the hints list to include the subject of the cross-signed issuer in addition + /// to the subjects from the root cert store. + /// + /// [subjects]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + /// [RFC 5280 A.1]: https://www.rfc-editor.org/rfc/rfc5280#appendix-A.1 /// [`CertificateRequest`]: https://datatracker.ietf.org/doc/html/rfc8446#section-4.3.2 /// [`certificate_authorities`]: https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.4 - /// - /// If the return value is empty, no CertificateRequest message will be sent. - fn client_auth_root_subjects(&self) -> &[DistinguishedName]; + fn root_hint_subjects(&self) -> &[DistinguishedName]; /// Verify the end-entity certificate `end_entity` is valid, acceptable, /// and chains to at least one of the trust anchors trusted by @@ -258,7 +275,7 @@ impl ClientCertVerifier for NoClientAuth { false } - fn client_auth_root_subjects(&self) -> &[DistinguishedName] { + fn root_hint_subjects(&self) -> &[DistinguishedName] { unimplemented!(); } diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index b2147cb55e..24e99ed353 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -142,7 +142,7 @@ impl ClientCertVerifierBuilder { .supported_algs .ok_or(VerifierBuilderError::NoSupportedAlgorithms)?; - let subjects = self + let root_hint_subjects = self .roots .roots .iter() @@ -151,7 +151,7 @@ impl ClientCertVerifierBuilder { Ok(Arc::new(WebPkiClientVerifier::new( self.roots, - subjects, + root_hint_subjects, self.crls .into_iter() .map(|der_crl| { @@ -222,7 +222,7 @@ impl ClientCertVerifierBuilder { /// [^1]: pub struct WebPkiClientVerifier { roots: Arc, - subjects: Vec, + root_hint_subjects: Vec, crls: Vec, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, @@ -253,6 +253,8 @@ impl WebPkiClientVerifier { /// Construct a new `WebpkiClientVerifier`. /// /// * `roots` is a list of trust anchors to use for certificate validation. + /// * `root_hint_subjects` is a list of distinguished names to use for hinting acceptable + /// certificate authority subjects to a client. /// * `crls` is a `Vec` of owned certificate revocation lists (CRLs) to use for /// client certificate validation. /// * `revocation_check_depth` controls which certificates have their revocation status checked @@ -264,7 +266,7 @@ impl WebPkiClientVerifier { /// * `supported_algs` specifies which signature verification algorithms should be used. pub(crate) fn new( roots: Arc, - subjects: Vec, + root_hint_subjects: Vec, crls: Vec, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, @@ -273,7 +275,7 @@ impl WebPkiClientVerifier { ) -> Self { Self { roots, - subjects, + root_hint_subjects, crls, revocation_check_depth, unknown_revocation_policy, @@ -295,8 +297,8 @@ impl ClientCertVerifier for WebPkiClientVerifier { } } - fn client_auth_root_subjects(&self) -> &[DistinguishedName] { - &self.subjects + fn root_hint_subjects(&self) -> &[DistinguishedName] { + &self.root_hint_subjects } fn verify_client_cert( diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index fed611aa59..5efaa47fb1 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1255,13 +1255,13 @@ impl Drop for ClientCheckCertResolve { impl ResolvesClientCert for ClientCheckCertResolve { fn resolve( &self, - acceptable_issuers: &[&[u8]], + root_hint_subjects: &[&[u8]], sigschemes: &[SignatureScheme], ) -> Option> { self.query_count .fetch_add(1, Ordering::SeqCst); - if acceptable_issuers.is_empty() { + if root_hint_subjects.is_empty() { panic!("no issuers offered by server"); } @@ -1269,7 +1269,7 @@ impl ResolvesClientCert for ClientCheckCertResolve { panic!("no signature schemes shared by server"); } - assert_eq!(acceptable_issuers, self.expect_issuers); + assert_eq!(root_hint_subjects, self.expect_issuers); assert_eq!(sigschemes, self.expect_sigschemes); None diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 21f56fe694..fccce3b94f 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -166,7 +166,7 @@ impl ClientCertVerifier for MockClientVerifier { self.mandatory } - fn client_auth_root_subjects(&self) -> &[DistinguishedName] { + fn root_hint_subjects(&self) -> &[DistinguishedName] { &self.subjects } From 7dfbdb8efd177a9586635f2ff12d43f07ab90689 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 26 Oct 2023 10:25:41 -0400 Subject: [PATCH 0330/1145] server: allow sending empty root hints list In some circumstances the server may want the client to send whatever client certificate it has on hand with no help from the server hints to decide which will be appropriate. To enable this use case for TLS 1.3 we should send the authority names extension even when the list of subjects is empty. TLS 1.2 already included the empty list in the `message. The `ClientCertVerifier` rustdoc is updated to reflect this new behaviour. Previously it claimed that if the return value was empty, no `CertificateRequest` message will be sent - this was not true, we separately used the `ClientCertVerifier::offer_client_auth` fn for that determination. For TLS1.2 the empty `canames` were sent in the `CertificateRequestPayload`, for TLS 1.3 we conditionally omitted the `AuthorityNames` extension. --- rustls/src/server/tls13.rs | 16 +++++++--------- rustls/src/verify.rs | 4 ++-- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 0214062d7b..102ad41077 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -715,15 +715,13 @@ mod client_hello { cr.extensions .push(CertReqExtension::SignatureAlgorithms(schemes.to_vec())); - let names = config - .verifier - .root_hint_subjects() - .to_vec(); - - if !names.is_empty() { - cr.extensions - .push(CertReqExtension::AuthorityNames(names)); - } + cr.extensions + .push(CertReqExtension::AuthorityNames( + config + .verifier + .root_hint_subjects() + .to_vec(), + )); let m = Message { version: ProtocolVersion::TLSv1_3, diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index f489ccaad9..da87cbd233 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -167,8 +167,8 @@ pub trait ClientCertVerifier: Send + Sync { /// These hint values help the client pick a client certificate it believes the server will /// accept. The hints must be DER-encoded X.500 distinguished names, per [RFC 5280 A.1]. They /// are sent in the [`certificate_authorities`] extension of a [`CertificateRequest`] message - /// when [ClientCertVerifier::offer_client_auth] is true. If the return value is empty, no - /// CertificateRequest message will be sent. + /// when [ClientCertVerifier::offer_client_auth] is true. When an empty list is sent the client + /// should always provide a client certificate if it has one. /// /// Generally this list should contain the [`DistinguishedName`] of each root trust /// anchor in the root cert store that the server is configured to use for authenticating From 2f193a1f7b43307d7075219cb21226e2f2937ecb Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 26 Oct 2023 10:45:39 -0400 Subject: [PATCH 0331/1145] webpki: re-order RootCertStore members This commit re-orders the `RootCertStore` members based on CONTRIBUTING.md style guide. Mainly: 1. Associated fn (without `self` arg) first. 2. The rest ordered by code complexity. --- rustls/src/webpki/anchors.rs | 56 ++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index 886b075696..e628c65eba 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -22,34 +22,6 @@ impl RootCertStore { Self { roots: Vec::new() } } - /// Return true if there are no certificates. - pub fn is_empty(&self) -> bool { - self.len() == 0 - } - - /// Say how many certificates are in the container. - pub fn len(&self) -> usize { - self.roots.len() - } - - /// Add a single DER-encoded certificate to the store. - /// - /// This is suitable for a small set of root certificates that are expected to parse - /// successfully. For large collections of roots (for example from a system store) it - /// is expected that some of them might not be valid according to the rules rustls - /// implements. As long as a relatively limited number of certificates are affected, - /// this should not be a cause for concern. Use [`RootCertStore::add_parsable_certificates`] - /// in order to add as many valid roots as possible and to understand how many certificates - /// have been diagnosed as malformed. - pub fn add(&mut self, der: CertificateDer<'_>) -> Result<(), Error> { - self.roots.push( - extract_trust_anchor(&der) - .map_err(pki_error)? - .to_owned(), - ); - Ok(()) - } - /// Parse the given DER-encoded certificates and add all that can be parsed /// in a best-effort fashion. /// @@ -86,6 +58,34 @@ impl RootCertStore { (valid_count, invalid_count) } + + /// Add a single DER-encoded certificate to the store. + /// + /// This is suitable for a small set of root certificates that are expected to parse + /// successfully. For large collections of roots (for example from a system store) it + /// is expected that some of them might not be valid according to the rules rustls + /// implements. As long as a relatively limited number of certificates are affected, + /// this should not be a cause for concern. Use [`RootCertStore::add_parsable_certificates`] + /// in order to add as many valid roots as possible and to understand how many certificates + /// have been diagnosed as malformed. + pub fn add(&mut self, der: CertificateDer<'_>) -> Result<(), Error> { + self.roots.push( + extract_trust_anchor(&der) + .map_err(pki_error)? + .to_owned(), + ); + Ok(()) + } + + /// Return true if there are no certificates. + pub fn is_empty(&self) -> bool { + self.len() == 0 + } + + /// Say how many certificates are in the container. + pub fn len(&self) -> usize { + self.roots.len() + } } impl Extend> for RootCertStore { From 675048987e220835fc77758f81d857025afab3cc Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 26 Oct 2023 11:20:08 -0400 Subject: [PATCH 0332/1145] webpki: add subjects helper to RootCertStore This commit adds a helper to the existing `webpki::RootCertStore` to allow building a `Vec` out of the trust anchor subjects in the root cert store. This is helpful when configuring a verifier to hint accepted certificate authority subjects. --- rustls/src/webpki/anchors.rs | 16 +++++++++++++++- rustls/src/webpki/client_verifier.rs | 7 +------ rustls/tests/client_cert_verifier.rs | 6 +----- 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index e628c65eba..2ba209ddbb 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -6,7 +6,7 @@ use webpki::extract_trust_anchor; use super::pki_error; #[cfg(feature = "logging")] use crate::log::{debug, trace}; -use crate::Error; +use crate::{DistinguishedName, Error}; /// A container for root certificates able to provide a root-of-trust /// for connection authentication. @@ -77,6 +77,20 @@ impl RootCertStore { Ok(()) } + /// Return the DER encoded [`DistinguishedName`] of each trust anchor subject in the root + /// cert store. + /// + /// Each [`DistinguishedName`] will be a DER-encoded X.500 distinguished name, per + /// [RFC 5280 A.1], including the outer `SEQUENCE`. + /// + /// [RFC 5280 A.1]: https://www.rfc-editor.org/rfc/rfc5280#appendix-A.1 + pub fn subjects(&self) -> Vec { + self.roots + .iter() + .map(|ta| DistinguishedName::in_sequence(ta.subject.as_ref())) + .collect() + } + /// Return true if there are no certificates. pub fn is_empty(&self) -> bool { self.len() == 0 diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 24e99ed353..6e3fc92939 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -142,12 +142,7 @@ impl ClientCertVerifierBuilder { .supported_algs .ok_or(VerifierBuilderError::NoSupportedAlgorithms)?; - let root_hint_subjects = self - .roots - .roots - .iter() - .map(|ta| DistinguishedName::in_sequence(ta.subject.as_ref())) - .collect(); + let root_hint_subjects = self.roots.subjects(); Ok(Arc::new(WebPkiClientVerifier::new( self.roots, diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index fccce3b94f..437e383152 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -150,11 +150,7 @@ impl MockClientVerifier { pub fn new(verified: fn() -> Result, kt: KeyType) -> Self { Self { verified, - subjects: get_client_root_store(kt) - .roots - .iter() - .map(|ta| DistinguishedName::in_sequence(ta.subject.as_ref())) - .collect(), + subjects: get_client_root_store(kt).subjects(), mandatory: true, offered_schemes: None, } From 14c8872e00e1ae8c3ddbc42e9028a9fbb51f9803 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 26 Oct 2023 11:29:42 -0400 Subject: [PATCH 0333/1145] webpki: support customizing client hint subjects This commit updates the `ClientCertVerifierBuilder` to add two fns for customizing the `DistinguishedName` set sent to clients as certificate authority hints during the TLS handshake: 1. `with_root_hint_subjects` - for completely replacing the subjects with an iterable of `DistinguishedName`s. This is useful if you have a `RootCertStore` or a set of `DistinguishedNames` you want to use in place of the default. It also enables replacing the hints with an empty list. 2. `add_root_hint_subjects` - for adding new subjects to the existing set. This is useful if you want to add a few new subjects in addition to the defaults. --- rustls/src/webpki/client_verifier.rs | 37 +++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 6e3fc92939..086a6b7cf2 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -23,6 +23,7 @@ use crate::{ #[derive(Debug, Clone)] pub struct ClientCertVerifierBuilder { roots: Arc, + root_hint_subjects: Vec, crls: Vec>, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, @@ -33,6 +34,7 @@ pub struct ClientCertVerifierBuilder { impl ClientCertVerifierBuilder { pub(crate) fn new(roots: Arc) -> Self { Self { + root_hint_subjects: roots.subjects(), roots, crls: Vec::new(), anon_policy: AnonymousClientPolicy::Deny, @@ -42,6 +44,37 @@ impl ClientCertVerifierBuilder { } } + /// Clear the list of trust anchor hint subjects. + /// + /// By default, the client cert verifier will use the subjects provided by the root cert + /// store configured for client authentication. Calling this function will remove these + /// hint subjects, indicating the client should make a free choice of which certificate + /// to send. + /// + /// See [`ClientCertVerifier::root_hint_subjects`] for more information on + /// circumstances where you may want to clear the default hint subjects. + pub fn clear_root_hint_subjects(mut self) -> Self { + self.root_hint_subjects = Vec::default(); + self + } + + /// Add additional [`DistinguishedName`]s to the list of trust anchor hint subjects. + /// + /// By default, the client cert verifier will use the subjects provided by the root cert + /// store configured for client authentication. Calling this function will add to these + /// existing hint subjects. Calling this function with empty `subjects` will have no + /// effect. + /// + /// See [`ClientCertVerifier::root_hint_subjects`] for more information on + /// circumstances where you may want to override the default hint subjects. + pub fn add_root_hint_subjects( + mut self, + subjects: impl IntoIterator, + ) -> Self { + self.root_hint_subjects.extend(subjects); + self + } + /// Verify the revocation state of presented client certificates against the provided /// certificate revocation lists (CRLs). Calling `with_crls` multiple times appends the /// given CRLs to the existing collection. @@ -142,11 +175,9 @@ impl ClientCertVerifierBuilder { .supported_algs .ok_or(VerifierBuilderError::NoSupportedAlgorithms)?; - let root_hint_subjects = self.roots.subjects(); - Ok(Arc::new(WebPkiClientVerifier::new( self.roots, - root_hint_subjects, + self.root_hint_subjects, self.crls .into_iter() .map(|der_crl| { From 3cfa71d853c390b8682c04f3956a1557d73b00af Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 26 Oct 2023 12:00:35 -0400 Subject: [PATCH 0334/1145] tests: generalize client cert resolve test Pull out a generic helper from the existing client cert resolver test, rename the test that uses the helper to emphasize it's testing a default configuration. This will make it easier to add a test for non-default configurations. --- rustls/tests/api.rs | 114 ++++++++++++++++++++++++-------------------- 1 file changed, 61 insertions(+), 53 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 5efaa47fb1..4980a142f5 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1224,20 +1224,20 @@ fn client_check_server_certificate_helper_api() { struct ClientCheckCertResolve { query_count: AtomicUsize, expect_queries: usize, - expect_issuers: Vec>, + expect_root_hint_subjects: Vec>, expect_sigschemes: Vec, } impl ClientCheckCertResolve { fn new( expect_queries: usize, - expect_issuers: Vec>, + expect_root_hint_subjects: Vec>, expect_sigschemes: Vec, ) -> Self { Self { query_count: AtomicUsize::new(0), expect_queries, - expect_issuers, + expect_root_hint_subjects, expect_sigschemes, } } @@ -1261,16 +1261,12 @@ impl ResolvesClientCert for ClientCheckCertResolve { self.query_count .fetch_add(1, Ordering::SeqCst); - if root_hint_subjects.is_empty() { - panic!("no issuers offered by server"); - } - if sigschemes.is_empty() { panic!("no signature schemes shared by server"); } - assert_eq!(root_hint_subjects, self.expect_issuers); assert_eq!(sigschemes, self.expect_sigschemes); + assert_eq!(root_hint_subjects, self.expect_root_hint_subjects); None } @@ -1280,12 +1276,64 @@ impl ResolvesClientCert for ClientCheckCertResolve { } } +fn test_client_cert_resolve( + key_type: KeyType, + server_config: Arc, + expected_root_hint_subjects: Vec>, +) { + for version in rustls::ALL_VERSIONS { + let expected_sigschemes = match version.version { + ProtocolVersion::TLSv1_2 => vec![ + SignatureScheme::ECDSA_NISTP384_SHA384, + SignatureScheme::ECDSA_NISTP256_SHA256, + SignatureScheme::ED25519, + SignatureScheme::RSA_PSS_SHA512, + SignatureScheme::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA256, + SignatureScheme::RSA_PKCS1_SHA512, + SignatureScheme::RSA_PKCS1_SHA384, + SignatureScheme::RSA_PKCS1_SHA256, + ], + ProtocolVersion::TLSv1_3 => vec![ + SignatureScheme::ECDSA_NISTP384_SHA384, + SignatureScheme::ECDSA_NISTP256_SHA256, + SignatureScheme::ED25519, + SignatureScheme::RSA_PSS_SHA512, + SignatureScheme::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA256, + ], + _ => unreachable!(), + }; + + println!("{:?} {:?}:", version.version, key_type); + + let mut client_config = make_client_config_with_versions(key_type, &[version]); + client_config.client_auth_cert_resolver = Arc::new(ClientCheckCertResolve::new( + 1, + expected_root_hint_subjects.clone(), + expected_sigschemes, + )); + + let (mut client, mut server) = + make_pair_for_arc_configs(&Arc::new(client_config), &server_config); + + assert_eq!( + do_handshake_until_error(&mut client, &mut server), + Err(ErrorFromPeer::Server(Error::NoCertificatesPresented)) + ); + } +} + #[test] -fn client_cert_resolve() { - for kt in ALL_KEY_TYPES.iter() { - let server_config = Arc::new(make_server_config_with_mandatory_client_auth(*kt)); +fn client_cert_resolve_default() { + // Test that in the default configuration that a client cert resolver gets the expected + // CA subject hints, and supported signature algorithms. + for key_type in ALL_KEY_TYPES.into_iter() { + let server_config = Arc::new(make_server_config_with_mandatory_client_auth(key_type)); - let expected_issuers = match *kt { + // In a default configuration we expect that the verifier's trust anchors are used + // for the hint subjects. + let expected_root_hint_subjects = match key_type { KeyType::Rsa => { vec![b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA".to_vec()] } @@ -1297,47 +1345,7 @@ fn client_cert_resolve() { } }; - for version in rustls::ALL_VERSIONS { - let expected_sigschemes = match version.version { - ProtocolVersion::TLSv1_2 => vec![ - SignatureScheme::ECDSA_NISTP384_SHA384, - SignatureScheme::ECDSA_NISTP256_SHA256, - SignatureScheme::ED25519, - SignatureScheme::RSA_PSS_SHA512, - SignatureScheme::RSA_PSS_SHA384, - SignatureScheme::RSA_PSS_SHA256, - SignatureScheme::RSA_PKCS1_SHA512, - SignatureScheme::RSA_PKCS1_SHA384, - SignatureScheme::RSA_PKCS1_SHA256, - ], - ProtocolVersion::TLSv1_3 => vec![ - SignatureScheme::ECDSA_NISTP384_SHA384, - SignatureScheme::ECDSA_NISTP256_SHA256, - SignatureScheme::ED25519, - SignatureScheme::RSA_PSS_SHA512, - SignatureScheme::RSA_PSS_SHA384, - SignatureScheme::RSA_PSS_SHA256, - ], - _ => unreachable!(), - }; - - println!("{:?} {:?}:", version.version, *kt); - - let mut client_config = make_client_config_with_versions(*kt, &[version]); - client_config.client_auth_cert_resolver = Arc::new(ClientCheckCertResolve::new( - 1, - expected_issuers.clone(), - expected_sigschemes, - )); - - let (mut client, mut server) = - make_pair_for_arc_configs(&Arc::new(client_config), &server_config); - - assert_eq!( - do_handshake_until_error(&mut client, &mut server), - Err(ErrorFromPeer::Server(Error::NoCertificatesPresented)) - ); - } + test_client_cert_resolve(key_type, server_config, expected_root_hint_subjects); } } From c3f00c7179335116fa99b5af5dc01c17c14fdc1d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 26 Oct 2023 12:25:49 -0400 Subject: [PATCH 0335/1145] tests: test server hint subject control Adds tests for: * Sending an empty root hint subjects list. * Adding custom root hint subjects in addition to the defaults. --- rustls/tests/api.rs | 59 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 47 insertions(+), 12 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 4980a142f5..725b2482a6 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -21,7 +21,6 @@ use rustls::internal::msgs::enums::AlertLevel; use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; use rustls::internal::msgs::message::{Message, MessagePayload, PlainMessage}; use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert, WebPkiClientVerifier}; -use rustls::ConnectionTrafficSecrets; use rustls::SupportedCipherSuite; use rustls::{ sign, AlertDescription, CertificateError, ConnectionCommon, ContentType, Error, KeyLog, @@ -29,6 +28,7 @@ use rustls::{ }; use rustls::{CipherSuite, ProtocolVersion, SignatureScheme}; use rustls::{ClientConfig, ClientConnection}; +use rustls::{ConnectionTrafficSecrets, DistinguishedName}; use rustls::{ServerConfig, ServerConnection}; use rustls::{Stream, StreamOwned}; @@ -1333,22 +1333,57 @@ fn client_cert_resolve_default() { // In a default configuration we expect that the verifier's trust anchors are used // for the hint subjects. - let expected_root_hint_subjects = match key_type { - KeyType::Rsa => { - vec![b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA".to_vec()] - } - KeyType::Ecdsa => { - vec![b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown ECDSA CA".to_vec()] - } - KeyType::Ed25519 => { - vec![b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown EdDSA CA".to_vec()] - } - }; + let expected_root_hint_subjects = vec![match key_type { + KeyType::Rsa => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..], + KeyType::Ecdsa => &b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown ECDSA CA"[..], + KeyType::Ed25519 => &b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown EdDSA CA"[..], + } + .to_vec()]; test_client_cert_resolve(key_type, server_config, expected_root_hint_subjects); } } +#[test] +fn client_cert_resolve_server_no_hints() { + // Test that a server can provide no hints and the client cert resolver gets the expected + // arguments. + for key_type in ALL_KEY_TYPES.into_iter() { + // Build a verifier with no hint subjects. + let verifier = WebPkiClientVerifier::builder(get_client_root_store(key_type)) + .clear_root_hint_subjects(); + let server_config = make_server_config_with_client_verifier(key_type, verifier); + let expected_root_hint_subjects = Vec::default(); // no hints expected. + test_client_cert_resolve(key_type, server_config.into(), expected_root_hint_subjects); + } +} + +#[test] +fn client_cert_resolve_server_added_hint() { + // Test that a server can add an extra subject above/beyond those found in its trust store + // and the client cert resolver gets the expected arguments. + let extra_name = b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponyland IDK CA".to_vec(); + for key_type in ALL_KEY_TYPES.into_iter() { + let expected_hint_subjects = vec![ + match key_type { + KeyType::Rsa => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..], + KeyType::Ecdsa => &b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown ECDSA CA"[..], + KeyType::Ed25519 => { + &b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown EdDSA CA"[..] + } + } + .to_vec(), + extra_name.clone(), + ]; + // Create a verifier that adds the extra_name as a hint subject in addition to the ones + // from the root cert store. + let verifier = WebPkiClientVerifier::builder(get_client_root_store(key_type)) + .add_root_hint_subjects([DistinguishedName::from(extra_name.clone())].into_iter()); + let server_config = make_server_config_with_client_verifier(key_type, verifier); + test_client_cert_resolve(key_type, server_config.into(), expected_hint_subjects); + } +} + #[test] fn client_auth_works() { for kt in ALL_KEY_TYPES.iter() { From 1ec7b727de4b698c5dbec858868475e589d6d195 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 23 Oct 2023 15:47:27 -0400 Subject: [PATCH 0336/1145] Cargo: use rustls-webpki v0.102.0-alpha.6 This version of webpki improves CRL ergonomics. Notable changes: * use `with_status_policy builder` fn The upstream crate added a more ergonomic interface we can use in place of having to keep around a mutable builder and doing our own matching. * avoid CRL dyn trait hurdles The upstream crate made working with CRLs easier by replacing the `CertRevocationList` trait with an `enum` representation. Notably this makes working with the `Vec` that the webpki verifier builders and verifiers hold much easier: we no long have to do as many contortions to convert to a `&[&dyn CertRevocationList]`. --- Cargo.lock | 4 +-- fuzz/Cargo.lock | 4 +-- rustls/Cargo.toml | 2 +- rustls/src/webpki/client_verifier.rs | 50 +++++++++++----------------- rustls/src/webpki/mod.rs | 15 +++++---- rustls/src/webpki/server_verifier.rs | 48 ++++++++++---------------- rustls/src/webpki/verify.rs | 1 + 7 files changed, 53 insertions(+), 71 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d8512fbfda..13c62354b0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -939,9 +939,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.102.0-alpha.4" +version = "0.102.0-alpha.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa3ae0c05ae540f6d9089b731c26e49863058f03082dcef070df987bcc8db7ba" +checksum = "34d9ed3a8267782ba32d257ff5b197b63eef19a467dbd1be011caaae35ee416e" dependencies = [ "ring 0.17.2", "rustls-pki-types", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index ee9c17bc68..7f34b0e15b 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -97,9 +97,9 @@ checksum = "a47003264dea418db67060fa420ad16d0d2f8f0a0360d825c00e177ac52cb5d8" [[package]] name = "rustls-webpki" -version = "0.102.0-alpha.4" +version = "0.102.0-alpha.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa3ae0c05ae540f6d9089b731c26e49863058f03082dcef070df987bcc8db7ba" +checksum = "34d9ed3a8267782ba32d257ff5b197b63eef19a467dbd1be011caaae35ee416e" dependencies = [ "ring", "rustls-pki-types", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index b589c7794b..32046a2f60 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -19,7 +19,7 @@ rustversion = { version = "1.0.6", optional = true } log = { version = "0.4.4", optional = true } ring = { version = "0.17", optional = true } subtle = "2.5.0" -webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.4", features = ["alloc", "std"], default-features = false } +webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.6", features = ["alloc", "std"], default-features = false } pki-types = { package = "rustls-pki-types", version = "0.2.1", features = ["std"] } zeroize = "1.6.0" diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 086a6b7cf2..ab7f8d4eee 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -2,20 +2,16 @@ use alloc::sync::Arc; use alloc::vec::Vec; use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; -use webpki::{ - BorrowedCertRevocationList, OwnedCertRevocationList, RevocationCheckDepth, UnknownStatusPolicy, -}; +use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; -use super::{borrow_crls, crl_error, pki_error, VerifierBuilderError}; +use super::{pki_error, VerifierBuilderError}; use crate::verify::{ ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid, NoClientAuth, }; +use crate::webpki::parse_crls; use crate::webpki::verify::{verify_signed_struct, verify_tls13, ParsedCertificate}; -use crate::{ - CertRevocationListError, DistinguishedName, Error, RootCertStore, SignatureScheme, - WebPkiSupportedAlgorithms, -}; +use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme, WebPkiSupportedAlgorithms}; /// A builder for configuring a `webpki` client certificate verifier. /// @@ -178,14 +174,7 @@ impl ClientCertVerifierBuilder { Ok(Arc::new(WebPkiClientVerifier::new( self.roots, self.root_hint_subjects, - self.crls - .into_iter() - .map(|der_crl| { - BorrowedCertRevocationList::from_der(der_crl.as_ref()) - .and_then(|crl| crl.to_owned()) - .map_err(crl_error) - }) - .collect::, CertRevocationListError>>()?, + parse_crls(self.crls)?, self.revocation_check_depth, self.unknown_revocation_policy, self.anon_policy, @@ -249,7 +238,7 @@ impl ClientCertVerifierBuilder { pub struct WebPkiClientVerifier { roots: Arc, root_hint_subjects: Vec, - crls: Vec, + crls: Vec>, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, anonymous_policy: AnonymousClientPolicy, @@ -293,7 +282,7 @@ impl WebPkiClientVerifier { pub(crate) fn new( roots: Arc, root_hint_subjects: Vec, - crls: Vec, + crls: Vec>, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, anonymous_policy: AnonymousClientPolicy, @@ -334,21 +323,21 @@ impl ClientCertVerifier for WebPkiClientVerifier { now: UnixTime, ) -> Result { let cert = ParsedCertificate::try_from(end_entity)?; - let crls = borrow_crls(&self.crls); - let revocation = if crls.is_empty() { + let crl_refs = self.crls.iter().collect::>(); + + let revocation = if self.crls.is_empty() { None } else { - let mut builder = webpki::RevocationOptionsBuilder::new(&crls) - .expect("invalid crls") - .with_depth(self.revocation_check_depth); - if matches!( - self.unknown_revocation_policy, - webpki::UnknownStatusPolicy::Allow - ) { - builder = builder.allow_unknown_status(); - } - Some(builder.build()) + Some( + webpki::RevocationOptionsBuilder::new(&crl_refs) + // Note: safe to unwrap here - new is only fallible if no CRLs are provided + // and we verify this above. + .unwrap() + .with_depth(self.revocation_check_depth) + .with_status_policy(self.unknown_revocation_policy) + .build(), + ) }; cert.0 @@ -359,6 +348,7 @@ impl ClientCertVerifier for WebPkiClientVerifier { now, webpki::KeyUsage::client_auth(), revocation, + None, ) .map_err(pki_error) .map(|_| ClientCertVerified::assertion()) diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 589e4c074f..d72edc23b6 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -1,7 +1,10 @@ use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; + +use pki_types::CertificateRevocationListDer; use std::error::Error as StdError; +use webpki::{CertRevocationList, OwnedCertRevocationList}; use crate::error::{CertRevocationListError, CertificateError, Error}; @@ -104,13 +107,13 @@ fn crl_error(e: webpki::Error) -> CertRevocationListError { } } -fn borrow_crls( - crls: &Vec, -) -> Vec<&dyn webpki::CertRevocationList> { - #[allow(trivial_casts)] // Cast to &dyn trait is required. +fn parse_crls( + crls: Vec>, +) -> Result>, CertRevocationListError> { crls.iter() - .map(|crl| crl as &dyn webpki::CertRevocationList) - .collect::>() + .map(|der| OwnedCertRevocationList::from_der(der.as_ref()).map(Into::into)) + .collect::, _>>() + .map_err(crl_error) } mod tests { diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index d57578cc34..ac722e640f 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -4,9 +4,7 @@ use alloc::sync::Arc; use alloc::vec::Vec; use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; -use webpki::{ - BorrowedCertRevocationList, OwnedCertRevocationList, RevocationCheckDepth, UnknownStatusPolicy, -}; +use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; use crate::verify::{ DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, @@ -17,11 +15,8 @@ use crate::webpki::verify::{ verify_server_cert_signed_by_trust_anchor_impl, verify_signed_struct, verify_tls13, ParsedCertificate, }; -use crate::webpki::{borrow_crls, crl_error, verify_server_name, VerifierBuilderError}; -use crate::{ - CertRevocationListError, Error, RootCertStore, ServerName, SignatureScheme, - WebPkiSupportedAlgorithms, -}; +use crate::webpki::{parse_crls, verify_server_name, VerifierBuilderError}; +use crate::{Error, RootCertStore, ServerName, SignatureScheme, WebPkiSupportedAlgorithms}; /// A builder for configuring a `webpki` server certificate verifier. /// @@ -127,14 +122,7 @@ impl ServerCertVerifierBuilder { Ok(Arc::new(WebPkiServerVerifier::new( self.roots, - self.crls - .into_iter() - .map(|der_crl| { - BorrowedCertRevocationList::from_der(der_crl.as_ref()) - .and_then(|crl| crl.to_owned()) - .map_err(crl_error) - }) - .collect::, CertRevocationListError>>()?, + parse_crls(self.crls)?, self.revocation_check_depth, self.unknown_revocation_policy, supported_algs, @@ -146,7 +134,7 @@ impl ServerCertVerifierBuilder { #[allow(unreachable_pub)] pub struct WebPkiServerVerifier { roots: Arc, - crls: Vec, + crls: Vec>, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, supported: WebPkiSupportedAlgorithms, @@ -188,7 +176,7 @@ impl WebPkiServerVerifier { /// certificate verification and TLS handshake signature verification. pub(crate) fn new( roots: impl Into>, - crls: Vec, + crls: Vec>, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, supported: WebPkiSupportedAlgorithms, @@ -253,22 +241,22 @@ impl ServerCertVerifier for WebPkiServerVerifier { ) -> Result { let cert = ParsedCertificate::try_from(end_entity)?; - let crls = borrow_crls(&self.crls); - let revocation = if crls.is_empty() { + let crl_refs = self.crls.iter().collect::>(); + + let revocation = if self.crls.is_empty() { None } else { // Note: unwrap here is safe because RevocationOptionsBuilder only errors when given // empty CRLs. - let mut builder = webpki::RevocationOptionsBuilder::new(&crls) - .unwrap() - .with_depth(self.revocation_check_depth); - if matches!( - self.unknown_revocation_policy, - webpki::UnknownStatusPolicy::Allow - ) { - builder = builder.allow_unknown_status(); - } - Some(builder.build()) + Some( + webpki::RevocationOptionsBuilder::new(crl_refs.as_slice()) + // Note: safe to unwrap here - new is only fallible if no CRLs are provided + // and we verify this above. + .unwrap() + .with_depth(self.revocation_check_depth) + .with_status_policy(self.unknown_revocation_policy) + .build(), + ) }; // Note: we use the crate-internal `_impl` fn here in order to provide revocation diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 026184e5df..46cda9904a 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -285,6 +285,7 @@ pub(crate) fn verify_server_cert_signed_by_trust_anchor_impl( now, webpki::KeyUsage::server_auth(), revocation, + None, ); match result { Ok(_) => Ok(()), From b776a5778ad333653670c34ff9125d8ae59b6047 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 14:35:12 -0400 Subject: [PATCH 0337/1145] Cargo: 0.22.0-alpha.3 -> 0.22.0-alpha.4 --- Cargo.lock | 2 +- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 13c62354b0..2abbcfa0b9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -846,7 +846,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.22.0-alpha.3" +version = "0.22.0-alpha.4" dependencies = [ "base64", "bencher", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 7f34b0e15b..a0dc47f929 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -71,7 +71,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.22.0-alpha.3" +version = "0.22.0-alpha.4" dependencies = [ "log", "ring", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 32046a2f60..298ac31637 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.22.0-alpha.3" +version = "0.22.0-alpha.4" edition = "2021" rust-version = "1.61" license = "Apache-2.0 OR ISC OR MIT" From 793ca28c0c58635d6ab00e170b4d4c42a97ca193 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:40:20 +0200 Subject: [PATCH 0338/1145] disable subtle's default features suble depends on libstd by default and its default features are not being used --- rustls/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 298ac31637..cc32aa91bc 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -18,7 +18,7 @@ rustversion = { version = "1.0.6", optional = true } [dependencies] log = { version = "0.4.4", optional = true } ring = { version = "0.17", optional = true } -subtle = "2.5.0" +subtle = { version = "2.5.0", default-features = false } webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.6", features = ["alloc", "std"], default-features = false } pki-types = { package = "rustls-pki-types", version = "0.2.1", features = ["std"] } zeroize = "1.6.0" From d8e86aaf45aa02f1d12ac99dd1499f18f81cd882 Mon Sep 17 00:00:00 2001 From: Paolo Barbolini Date: Sun, 5 Nov 2023 15:23:43 +0100 Subject: [PATCH 0339/1145] key_log_file: replace `env::var` with `env::var_os` Instead of matching the error from `env:var` in order to accept non-unicode file paths we switch to the more idiomatic `env::var_os`. --- rustls/src/key_log_file.rs | 31 +++++++++---------------------- 1 file changed, 9 insertions(+), 22 deletions(-) diff --git a/rustls/src/key_log_file.rs b/rustls/src/key_log_file.rs index ad32c37933..51390d0f38 100644 --- a/rustls/src/key_log_file.rs +++ b/rustls/src/key_log_file.rs @@ -2,13 +2,12 @@ use crate::log::warn; use crate::KeyLog; -use alloc::string::String; use alloc::vec::Vec; use std::env; +use std::ffi::OsString; use std::fs::{File, OpenOptions}; use std::io; use std::io::Write; -use std::path::Path; use std::sync::Mutex; // Internal mutable state for KeyLogFile @@ -18,11 +17,10 @@ struct KeyLogFileInner { } impl KeyLogFileInner { - fn new(var: Result) -> Self { - let path = match var { - Ok(ref s) => Path::new(s), - Err(env::VarError::NotUnicode(ref s)) => Path::new(s), - Err(env::VarError::NotPresent) => { + fn new(var: Option) -> Self { + let path = match &var { + Some(path) => path, + None => { return Self { file: None, buf: Vec::new(), @@ -85,7 +83,7 @@ impl KeyLogFile { /// Makes a new `KeyLogFile`. The environment variable is /// inspected and the named file is opened during this call. pub fn new() -> Self { - let var = env::var("SSLKEYLOGFILE"); + let var = env::var_os("SSLKEYLOGFILE"); Self(Mutex::new(KeyLogFileInner::new(var))) } } @@ -117,21 +115,10 @@ mod tests { .try_init(); } - #[test] - fn test_env_var_is_not_unicode() { - init(); - let mut inner = KeyLogFileInner::new(Err(env::VarError::NotUnicode( - "/tmp/keylogfileinnertest".into(), - ))); - assert!(inner - .try_write("label", b"random", b"secret") - .is_ok()); - } - #[test] fn test_env_var_is_not_set() { init(); - let mut inner = KeyLogFileInner::new(Err(env::VarError::NotPresent)); + let mut inner = KeyLogFileInner::new(None); assert!(inner .try_write("label", b"random", b"secret") .is_ok()); @@ -140,7 +127,7 @@ mod tests { #[test] fn test_env_var_cannot_be_opened() { init(); - let mut inner = KeyLogFileInner::new(Ok("/dev/does-not-exist".into())); + let mut inner = KeyLogFileInner::new(Some("/dev/does-not-exist".into())); assert!(inner .try_write("label", b"random", b"secret") .is_ok()); @@ -149,7 +136,7 @@ mod tests { #[test] fn test_env_var_cannot_be_written() { init(); - let mut inner = KeyLogFileInner::new(Ok("/dev/full".into())); + let mut inner = KeyLogFileInner::new(Some("/dev/full".into())); assert!(inner .try_write("label", b"random", b"secret") .is_err()); From da280af796a8988c98e811101f10a4070ff3f3eb Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 6 Nov 2023 09:30:49 +0100 Subject: [PATCH 0340/1145] Update semver-compatible dependencies --- Cargo.lock | 146 ++++++++++++++++++++++++++++------------------------- 1 file changed, 77 insertions(+), 69 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2abbcfa0b9..103d2f46e6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -14,9 +14,9 @@ dependencies = [ [[package]] name = "aho-corasick" -version = "1.1.1" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea5d730647d4fadd988536d06fecce94b7b4f2a7efdae548f1cf4b63205518ab" +checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" dependencies = [ "memchr", ] @@ -83,9 +83,9 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "base64" -version = "0.21.4" +version = "0.21.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ba43ea6f343b788c8764558649e08df62f86c6ef251fdaeb1ffd010a9ae50a2" +checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" [[package]] name = "base64ct" @@ -101,9 +101,9 @@ checksum = "7dfdb4953a096c551ce9ace855a604d702e6e62d77fac690575ae347571717f5" [[package]] name = "bitflags" -version = "2.4.0" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" +checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" [[package]] name = "block-buffer" @@ -178,9 +178,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.6" +version = "4.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d04704f56c2cde07f43e8e2c154b43f216dc5c92fc98ada720177362f953b956" +checksum = "ac495e00dcec98c83465d5ad66c5c4fabd652fd6686e7c6269b117e729a6f17b" dependencies = [ "clap_builder", "clap_derive", @@ -188,9 +188,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.6" +version = "4.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e231faeaca65ebd1ea3c737966bf858971cd38c3849107aa3ea7de90a804e45" +checksum = "c77ed9a32a62e6ca27175d00d29d05ca32e396ea1eb5fb01d8256b669cec7663" dependencies = [ "anstream", "anstyle", @@ -200,9 +200,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.4.2" +version = "4.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0862016ff20d69b84ef8247369fabf5c008a7417002411897d40ee1f4532b873" +checksum = "cf9804afaaf59a91e75b022a30fb7229a7901f60c755489cc61c9b423b836442" dependencies = [ "heck", "proc-macro2", @@ -212,9 +212,9 @@ dependencies = [ [[package]] name = "clap_lex" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd7cc57abe963c6d3b9d8be5b06ba7c8957a930305ca90304f24ef040aa6f961" +checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1" [[package]] name = "colorchoice" @@ -230,9 +230,9 @@ checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" [[package]] name = "cpufeatures" -version = "0.2.9" +version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" +checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0" dependencies = [ "libc", ] @@ -299,9 +299,9 @@ dependencies = [ [[package]] name = "curve25519-dalek-derive" -version = "0.1.0" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83fdaf97f4804dcebfa5862639bc9ce4121e82140bec2a987ac5140294865b5b" +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", @@ -321,9 +321,12 @@ dependencies = [ [[package]] name = "deranged" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2696e8a945f658fd14dc3b87242e6b80cd0f36ff04ea560fa39082368847946" +checksum = "0f32d04922c60427da6f9fef14d042d9edddef64cb9d4ce0d64d0685fbeb1fd3" +dependencies = [ + "powerfmt", +] [[package]] name = "digest" @@ -380,9 +383,9 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0870c84016d4b481be5c9f323c24f65e31e901ae618f0e80f4308fb00de1d2d" +checksum = "a481586acf778f1b1455424c343f71124b048ffa5f4fc3f8f6ae9dc432dcb3c7" [[package]] name = "fxhash" @@ -472,9 +475,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.64" +version = "0.3.65" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" +checksum = "54c0c35952f67de54bb584e9fd912b3023117cbafc0a77d8f3dee1fb5f572fe8" dependencies = [ "wasm-bindgen", ] @@ -490,9 +493,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.149" +version = "0.2.150" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b" +checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" [[package]] name = "libm" @@ -529,9 +532,9 @@ dependencies = [ [[package]] name = "mio" -version = "0.8.8" +version = "0.8.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "927a765cd3fc26206e66b296465fa9d3e5ab003e651c1b3c060e7956d96b19d2" +checksum = "3dce281c5e46beae905d4de1870d8b1509a9142b62eedf18b443b011ca8343d0" dependencies = [ "libc", "log", @@ -641,9 +644,9 @@ dependencies = [ [[package]] name = "platforms" -version = "3.1.2" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4503fa043bf02cee09a9582e9554b4c6403b2ef55e4612e96561d294419429f8" +checksum = "14e6ab3f592e6fb464fc9712d8d6e6912de6473954635fd76a589d832cffcbb0" [[package]] name = "poly1305" @@ -656,6 +659,12 @@ dependencies = [ "universal-hash", ] +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + [[package]] name = "ppv-lite86" version = "0.2.17" @@ -743,9 +752,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.9.6" +version = "1.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebee201405406dbf528b8b672104ae6d6d63e6d118cb10e4d51abbc7b58044ff" +checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" dependencies = [ "aho-corasick", "memchr", @@ -755,9 +764,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.3.9" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59b23e92ee4318893fa3fe3e6fb365258efbfe6ac6ab30f090cdcbb7aa37efa9" +checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" dependencies = [ "aho-corasick", "memchr", @@ -766,9 +775,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.7.5" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" +checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "ring" @@ -787,9 +796,9 @@ dependencies = [ [[package]] name = "ring" -version = "0.17.2" +version = "0.17.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "911b295d2d302948838c8ac142da1ee09fa7863163b44e6715bc9357905878b8" +checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b" dependencies = [ "cc", "getrandom", @@ -801,16 +810,14 @@ dependencies = [ [[package]] name = "rsa" -version = "0.9.2" +version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ab43bb47d23c1a631b4b680199a45255dce26fa9ab2fa902581f624ff13e6a8" +checksum = "86ef35bf3e7fe15a53c4ab08a998e42271eab13eb0db224126bc7bc4c4bad96d" dependencies = [ - "byteorder", "const-oid", "digest", "num-bigint-dig", "num-integer", - "num-iter", "num-traits", "pkcs1", "pkcs8", @@ -833,9 +840,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.19" +version = "0.38.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "745ecfa778e66b2b63c88a61cb36e0eea109e803b0b86bf9879fbc77c70e86ed" +checksum = "2b426b0506e5d50a7d8dafcf2e81471400deb602392c7dd110815afb4eaf02a3" dependencies = [ "bitflags", "errno", @@ -852,7 +859,7 @@ dependencies = [ "bencher", "env_logger", "log", - "ring 0.17.2", + "ring 0.17.5", "rustls-pemfile", "rustls-pki-types", "rustls-webpki", @@ -882,7 +889,7 @@ name = "rustls-connect-tests" version = "0.0.1" dependencies = [ "regex", - "ring 0.17.2", + "ring 0.17.5", "rustls", ] @@ -943,7 +950,7 @@ version = "0.102.0-alpha.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34d9ed3a8267782ba32d257ff5b197b63eef19a467dbd1be011caaae35ee416e" dependencies = [ - "ring 0.17.2", + "ring 0.17.5", "rustls-pki-types", "untrusted 0.9.0", ] @@ -962,24 +969,24 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "semver" -version = "1.0.19" +version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad977052201c6de01a8ef2aa3378c4bd23217a056337d1d6da40468d267a4fb0" +checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" [[package]] name = "serde" -version = "1.0.188" +version = "1.0.190" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf9e0fcba69a370eed61bcf2b728575f726b50b55cba78064753d708ddc7549e" +checksum = "91d3c334ca1ee894a2c6f6ad698fe8c435b76d504b13d436f0685d648d6d96f7" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.188" +version = "1.0.190" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" +checksum = "67c5609f394e5c2bd7fc51efda478004ea80ef42fee983d5c67a65e34f32c0e3" dependencies = [ "proc-macro2", "quote", @@ -1049,9 +1056,9 @@ checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" [[package]] name = "syn" -version = "2.0.38" +version = "2.0.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b" +checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" dependencies = [ "proc-macro2", "quote", @@ -1069,11 +1076,12 @@ dependencies = [ [[package]] name = "time" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "426f806f4089c493dcac0d24c29c01e2c38baf8e30f1b716ee37e83d200b18fe" +checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5" dependencies = [ "deranged", + "powerfmt", "serde", "time-core", ] @@ -1138,9 +1146,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.87" +version = "0.2.88" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" +checksum = "7daec296f25a1bae309c0cd5c29c4b260e510e6d813c286b19eaadf409d40fce" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -1148,9 +1156,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.87" +version = "0.2.88" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" +checksum = "e397f4664c0e4e428e8313a469aaa58310d302159845980fd23b0f22a847f217" dependencies = [ "bumpalo", "log", @@ -1163,9 +1171,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.87" +version = "0.2.88" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" +checksum = "5961017b3b08ad5f3fe39f1e79877f8ee7c23c5e5fd5eb80de95abc41f1f16b2" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1173,9 +1181,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.87" +version = "0.2.88" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" +checksum = "c5353b8dab669f5e10f5bd76df26a9360c748f054f862ff5f3f8aae0c7fb3907" dependencies = [ "proc-macro2", "quote", @@ -1186,15 +1194,15 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.87" +version = "0.2.88" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" +checksum = "0d046c5d029ba91a1ed14da14dca44b68bf2f124cfbaf741c54151fdb3e0750b" [[package]] name = "web-sys" -version = "0.3.64" +version = "0.3.65" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b" +checksum = "5db499c5f66323272151db0e666cd34f78617522fb0c1604d31a27c50c206a85" dependencies = [ "js-sys", "wasm-bindgen", From 22a35838f85fa4f02ea9fa3a676c1c86a63e08f0 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Thu, 2 Nov 2023 16:39:38 -0700 Subject: [PATCH 0341/1145] x509: reduce allocations for wrap_in_sequence Instead of taking a `Vec` and inserting bytes at the beginning, take a `&[u8]` and return a new vector containing those bytes plus a tag and a length. This isn't the perfect approach for all situations, but for one of the main places we call wrap_in_sequence (DistinguishedName::in_sequence), it's optimal because the input is `&[u8]`, meaning we can't write to a previously existing `Vec` (which would potentially save allocations by using excess capacity at the end of the Vec). In the process, change the one call site for `wrap_in_asn1_len` to call the new `asn1_wrap` function instead, which encodes a tag and length at the same time, reducing reallocations and copies. This has a slight secondary benefit: the resulting Vec is exactly sized to what it holds, instead of following the doubling approach and possibly over-allocating. This saves a handful of bytes in a long-lived data structure. --- rustls/src/crypto/ring/sign.rs | 17 +++---- rustls/src/msgs/handshake.rs | 8 ++-- rustls/src/x509.rs | 88 +++++++++++++++++++--------------- 3 files changed, 58 insertions(+), 55 deletions(-) diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index 81aa934363..b26dd80a82 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -1,7 +1,7 @@ use crate::enums::{SignatureAlgorithm, SignatureScheme}; use crate::error::Error; use crate::sign::{Signer, SigningKey}; -use crate::x509::{wrap_in_asn1_len, wrap_in_sequence}; +use crate::x509::{asn1_wrap, wrap_in_sequence}; use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; use ring::io::der; @@ -212,18 +212,13 @@ impl EcdsaSigningKey { _ => unreachable!(), // all callers are in this file }; - // wrap sec1 encoding in an OCTET STRING - let mut sec1_wrap = Vec::with_capacity(maybe_sec1_der.len() + 8); - sec1_wrap.extend_from_slice(maybe_sec1_der); - wrap_in_asn1_len(&mut sec1_wrap); - sec1_wrap.insert(0, der::Tag::OctetString as u8); + let sec1_wrap = asn1_wrap(der::Tag::OctetString as u8, maybe_sec1_der); - let mut pkcs8 = Vec::with_capacity(pkcs8_prefix.len() + sec1_wrap.len() + 4); - pkcs8.extend_from_slice(pkcs8_prefix); - pkcs8.extend_from_slice(&sec1_wrap); - wrap_in_sequence(&mut pkcs8); + let mut pkcs8_inner = Vec::with_capacity(pkcs8_prefix.len() + sec1_wrap.len()); + pkcs8_inner.extend_from_slice(pkcs8_prefix); + pkcs8_inner.extend_from_slice(&sec1_wrap); - EcdsaKeyPair::from_pkcs8(sigalg, &pkcs8, rng).map_err(|_| ()) + EcdsaKeyPair::from_pkcs8(sigalg, &wrap_in_sequence(&pkcs8_inner), rng).map_err(|_| ()) } } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index bd30cba2d4..b62272050b 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -14,12 +14,12 @@ use crate::msgs::enums::{ CertificateStatusType, ClientCertificateType, Compression, ECCurveType, ECPointFormat, ExtensionType, KeyUpdateRequest, NamedGroup, PSKKeyExchangeMode, ServerNameType, }; +use crate::rand; use crate::verify::DigitallySignedStruct; -use crate::{rand, x509}; +use crate::x509::wrap_in_sequence; use pki_types::CertificateDer; -use alloc::borrow::ToOwned; #[cfg(feature = "logging")] use alloc::string::String; use alloc::vec; @@ -1702,9 +1702,7 @@ impl DistinguishedName { /// println!("{}", x509_parser::x509::X509Name::from_der(dn.as_ref())?.1); /// ``` pub fn in_sequence(bytes: &[u8]) -> Self { - let mut wrapped = bytes.to_owned(); - x509::wrap_in_sequence(&mut wrapped); - Self(PayloadU16::new(wrapped)) + Self(PayloadU16::new(wrap_in_sequence(bytes))) } } diff --git a/rustls/src/x509.rs b/rustls/src/x509.rs index d6a873aef0..1b8e4cfd51 100644 --- a/rustls/src/x509.rs +++ b/rustls/src/x509.rs @@ -2,27 +2,40 @@ use alloc::vec::Vec; -pub(crate) fn wrap_in_asn1_len(bytes: &mut Vec) { +pub(crate) fn asn1_wrap(tag: u8, bytes: &[u8]) -> Vec { let len = bytes.len(); if len <= 0x7f { - bytes.insert(0, len as u8); + // Short form + let mut ret = Vec::with_capacity(2 + len); + ret.push(tag); + ret.push(len as u8); + ret.extend_from_slice(bytes); + ret } else { - bytes.insert(0, 0x80u8); - let mut left = len; - while left > 0 { - let byte = (left & 0xff) as u8; - bytes.insert(1, byte); - bytes[0] += 1; - left >>= 8; - } + // Long form + let size = len.to_be_bytes(); + let leading_zero_bytes = size + .iter() + .position(|&x| x != 0) + .unwrap_or(size.len()); + assert!(leading_zero_bytes < size.len()); + let encoded_bytes = size.len() - leading_zero_bytes; + + let mut ret = Vec::with_capacity(2 + encoded_bytes + len); + ret.push(tag); + + ret.push(0x80 + encoded_bytes as u8); + ret.extend_from_slice(&size[leading_zero_bytes..]); + + ret.extend_from_slice(bytes); + ret } } /// Prepend stuff to `bytes` to put it in a DER SEQUENCE. -pub(crate) fn wrap_in_sequence(bytes: &mut Vec) { - wrap_in_asn1_len(bytes); - bytes.insert(0, DER_SEQUENCE_TAG); +pub(crate) fn wrap_in_sequence(bytes: &[u8]) -> Vec { + asn1_wrap(DER_SEQUENCE_TAG, bytes) } const DER_SEQUENCE_TAG: u8 = 0x30; @@ -33,68 +46,65 @@ mod tests { #[test] fn test_empty() { - let mut val = Vec::new(); - wrap_in_sequence(&mut val); - assert_eq!(vec![0x30, 0x00], val); + assert_eq!(vec![0x30, 0x00], wrap_in_sequence(&[])); } #[test] fn test_small() { - let mut val = Vec::new(); - val.insert(0, 0x00); - val.insert(1, 0x11); - val.insert(2, 0x22); - val.insert(3, 0x33); - wrap_in_sequence(&mut val); - assert_eq!(vec![0x30, 0x04, 0x00, 0x11, 0x22, 0x33], val); + assert_eq!( + vec![0x30, 0x04, 0x00, 0x11, 0x22, 0x33], + wrap_in_sequence(&[0x00, 0x11, 0x22, 0x33]) + ); } #[test] fn test_medium() { let mut val = Vec::new(); val.resize(255, 0x12); - wrap_in_sequence(&mut val); - assert_eq!(vec![0x30, 0x81, 0xff, 0x12, 0x12, 0x12], val[..6].to_vec()); + assert_eq!( + vec![0x30, 0x81, 0xff, 0x12, 0x12, 0x12], + wrap_in_sequence(&val)[..6] + ); } #[test] fn test_large() { let mut val = Vec::new(); val.resize(4660, 0x12); - wrap_in_sequence(&mut val); - assert_eq!(vec![0x30, 0x82, 0x12, 0x34, 0x12, 0x12], val[..6].to_vec()); + wrap_in_sequence(&val); + assert_eq!( + vec![0x30, 0x82, 0x12, 0x34, 0x12, 0x12], + wrap_in_sequence(&val)[..6] + ); } #[test] fn test_huge() { let mut val = Vec::new(); val.resize(0xffff, 0x12); - wrap_in_sequence(&mut val); - assert_eq!(vec![0x30, 0x82, 0xff, 0xff, 0x12, 0x12], val[..6].to_vec()); - assert_eq!(val.len(), 0xffff + 4); + let result = wrap_in_sequence(&val); + assert_eq!(vec![0x30, 0x82, 0xff, 0xff, 0x12, 0x12], result[..6]); + assert_eq!(result.len(), 0xffff + 4); } #[test] fn test_gigantic() { let mut val = Vec::new(); val.resize(0x100000, 0x12); - wrap_in_sequence(&mut val); - assert_eq!( - vec![0x30, 0x83, 0x10, 0x00, 0x00, 0x12, 0x12], - val[..7].to_vec() - ); - assert_eq!(val.len(), 0x100000 + 5); + let result = wrap_in_sequence(&val); + assert_eq!(vec![0x30, 0x83, 0x10, 0x00, 0x00, 0x12, 0x12], result[..7]); + assert_eq!(result.len(), 0x100000 + 5); } #[test] fn test_ludicrous() { let mut val = Vec::new(); val.resize(0x1000000, 0x12); - wrap_in_sequence(&mut val); + let result = wrap_in_sequence(&val); assert_eq!( vec![0x30, 0x84, 0x01, 0x00, 0x00, 0x00, 0x12, 0x12], - val[..8].to_vec() + result[..8] ); - assert_eq!(val.len(), 0x1000000 + 6); + assert_eq!(result.len(), 0x1000000 + 6); } } From 04ed53f7a6bb7b25d8552878f4ef5507c1b9e9d6 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Sat, 4 Nov 2023 00:19:00 -0700 Subject: [PATCH 0342/1145] Move, rather than clone, Certificate message This saves some allocations and copies of relatively large data. --- rustls/src/check.rs | 1 - rustls/src/client/tls13.rs | 9 ++++----- rustls/src/msgs/handshake.rs | 11 +++++------ rustls/src/server/tls13.rs | 4 ++-- 4 files changed, 11 insertions(+), 14 deletions(-) diff --git a/rustls/src/check.rs b/rustls/src/check.rs index e61a42a3d4..d5f1305850 100644 --- a/rustls/src/check.rs +++ b/rustls/src/check.rs @@ -24,7 +24,6 @@ macro_rules! require_handshake_msg( ); /// Like require_handshake_msg, but moves the payload out of $m. -#[cfg(feature = "tls12")] macro_rules! require_handshake_msg_move( ( $m:expr, $handshake_type:path, $payload_type:path ) => ( match $m.payload { diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index c18d1ef7fe..49642e36e8 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -601,12 +601,12 @@ struct ExpectCertificate { impl State for ExpectCertificate { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { - let cert_chain = require_handshake_msg!( + self.transcript.add_message(&m); + let cert_chain = require_handshake_msg_move!( m, HandshakeType::Certificate, HandshakePayload::CertificateTls13 )?; - self.transcript.add_message(&m); // This is only non-empty for client auth. if !cert_chain.context.0.is_empty() { @@ -624,9 +624,8 @@ impl State for ExpectCertificate { PeerMisbehaved::BadCertChainExtensions, )); } - - let server_cert = - ServerCertDetails::new(cert_chain.convert(), cert_chain.get_end_entity_ocsp()); + let end_entity_ocsp = cert_chain.get_end_entity_ocsp(); + let server_cert = ServerCertDetails::new(cert_chain.convert(), end_entity_ocsp); Ok(Box::new(ExpectCertificateVerify { config: self.config, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index b62272050b..628f57ec13 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1448,12 +1448,11 @@ impl CertificatePayloadTls13 { .unwrap_or_default() } - pub(crate) fn convert(&self) -> CertificatePayload { - let mut ret = Vec::new(); - for entry in &self.entries { - ret.push(entry.cert.clone()); - } - ret + pub(crate) fn convert(self) -> CertificatePayload { + self.entries + .into_iter() + .map(|e| e.cert) + .collect() } } diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 102ad41077..d330a062a2 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -881,12 +881,12 @@ struct ExpectCertificate { impl State for ExpectCertificate { fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { - let certp = require_handshake_msg!( + self.transcript.add_message(&m); + let certp = require_handshake_msg_move!( m, HandshakeType::Certificate, HandshakePayload::CertificateTls13 )?; - self.transcript.add_message(&m); // We don't send any CertificateRequest extensions, so any extensions // here are illegal. From e7a380f53639423adbff0ad0dc1b87daae871432 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Sat, 4 Nov 2023 00:49:33 -0700 Subject: [PATCH 0343/1145] vecbuf: use drain rather than split_at split_at always creates a new Vec, but drain just moves bytes within the existing Vec. --- rustls/src/vecbuf.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/vecbuf.rs b/rustls/src/vecbuf.rs index b7ece02612..64e89ee866 100644 --- a/rustls/src/vecbuf.rs +++ b/rustls/src/vecbuf.rs @@ -122,8 +122,8 @@ impl ChunkVecBuffer { fn consume(&mut self, mut used: usize) { while let Some(mut buf) = self.chunks.pop_front() { if used < buf.len() { - self.chunks - .push_front(buf.split_off(used)); + buf.drain(..used); + self.chunks.push_front(buf); break; } else { used -= buf.len(); From 3355e06f97738a0c5d8127283b7e06438e3d29f0 Mon Sep 17 00:00:00 2001 From: Yuxiang Cao Date: Mon, 6 Nov 2023 11:25:15 -0800 Subject: [PATCH 0344/1145] refactor: more general error in SupportedKxGroup Use `Error` instead of `GetRandomFailed` in trait `SupportedKxGroup`, so that underlying crypto provider could throw errors other than RNG related errors. --- provider-example/src/kx.rs | 2 +- rustls/src/crypto/mod.rs | 2 +- rustls/src/crypto/ring/kx.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/provider-example/src/kx.rs b/provider-example/src/kx.rs index 748af98f3e..42584e6911 100644 --- a/provider-example/src/kx.rs +++ b/provider-example/src/kx.rs @@ -34,7 +34,7 @@ pub const ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[&X25519 as &dyn SupportedK pub struct X25519; impl crypto::SupportedKxGroup for X25519 { - fn start(&self) -> Result, rustls::crypto::GetRandomFailed> { + fn start(&self) -> Result, rustls::Error> { let priv_key = x25519_dalek::EphemeralSecret::random_from_rng(rand_core::OsRng); Ok(Box::new(KeyExchange { pub_key: (&priv_key).into(), diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index cadfd96958..9507cc1636 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -59,7 +59,7 @@ pub trait SupportedKxGroup: Send + Sync + Debug { /// # Errors /// /// This can fail if the random source fails during ephemeral key generation. - fn start(&self) -> Result, GetRandomFailed>; + fn start(&self) -> Result, Error>; /// Named group the SupportedKxGroup operates in. fn name(&self) -> NamedGroup; diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index 9c40ebe502..73fac4f8c6 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -22,7 +22,7 @@ struct KxGroup { } impl SupportedKxGroup for KxGroup { - fn start(&self) -> Result, GetRandomFailed> { + fn start(&self) -> Result, Error> { let rng = SystemRandom::new(); let priv_key = EphemeralPrivateKey::generate(self.agreement_algorithm, &rng) .map_err(|_| GetRandomFailed)?; From 1f0e6ad6269eeace3c8ceab51d32f0c0196926db Mon Sep 17 00:00:00 2001 From: Yuxiang Cao Date: Mon, 6 Nov 2023 11:16:38 -0800 Subject: [PATCH 0345/1145] feat: add a new variant in Error Add `Other` variant in Error to express any other error. The main intention for this is to use it to hold errors throw from underlying custom crypto provider or pki provider. A new unit struct `OtherError` is added to properly implement `PartialEq`. --- rustls/src/error.rs | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 595c46040f..266153467f 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -94,6 +94,15 @@ pub enum Error { /// The `max_fragment_size` value supplied in configuration was too small, /// or too large. BadMaxFragmentSize, + + /// Any other error. + /// + /// This variant should only be used when the error is not better described by a more + /// specific variant. For example, if a custom crypto provider returns a + /// provider specific error. + /// + /// Enums holding this variant will never compare equal to each other. + Other(OtherError), } /// A corrupt TLS message payload that resulted in an error. @@ -514,6 +523,7 @@ impl fmt::Display for Error { write!(f, "the supplied max_fragment_size was too small or large") } Self::General(ref err) => write!(f, "unexpected error: {}", err), + Self::Other(ref err) => write!(f, "other error: {:?}", err), } } } @@ -533,10 +543,31 @@ impl From for Error { } } +/// Any other error that cannot be expressed by a more specific [`Error`] variant. +/// +/// For example, an `OtherError` could be produced by a custom crypto provider +/// exposing a provider specific error. +/// +/// Enums holding this type will never compare equal to each other. +#[derive(Debug, Clone)] +pub struct OtherError(pub Arc); + +impl PartialEq for OtherError { + fn eq(&self, _other: &Self) -> bool { + false + } +} + +impl From for Error { + fn from(value: OtherError) -> Self { + Self::Other(value) + } +} + #[cfg(test)] mod tests { use super::{Error, InvalidMessage}; - use crate::error::CertRevocationListError; + use crate::error::{CertRevocationListError, OtherError}; #[test] fn certificate_error_equality() { @@ -580,6 +611,14 @@ mod tests { assert_ne!(BadSignature, InvalidCrlNumber); } + #[test] + fn other_error_equality() { + let other_error = OtherError(alloc::sync::Arc::from(Box::from(""))); + assert_ne!(other_error, other_error); + let other: Error = other_error.into(); + assert_ne!(other, other); + } + #[test] fn smoke() { use crate::enums::{AlertDescription, ContentType, HandshakeType}; @@ -608,6 +647,7 @@ mod tests { Error::NoApplicationProtocol, Error::BadMaxFragmentSize, Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), + Error::Other(OtherError(alloc::sync::Arc::from(Box::from("")))), ]; for err in all { From 8583cd504cfe7531f2fe88ebe4b6f4a4f1881276 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 2 Nov 2023 15:29:21 -0400 Subject: [PATCH 0346/1145] msgs: add ECH config messages and parsing This commit breaks out representation of Encrypted Client Hello (ECH) configuration from overall support for the feature. This code is relatively isolated and so can be added without much impact to the rest of the codebase. It does _not_ provide any actual ECH support. The code is almost entirely derived from earlier WIP branches adding ECH support, updated for the current Rustls codebase, and spot checked against the current most ECH draft at the time of writing (draft-17). HPKE references are also updated to use the published RFC (RFC 9180). Notable updates from the WIP version: * adapting to the `Codec` return type change. * adapting to the enum builder changes. * adapting to the server name changes. * adapting to `TlsListElement` trait. * adapting HPKE registry refs to use the RFC instead of an earlier draft. * adding `Hpke` prefix to enums to clarify their purpose. * adapting base64 usage to avoid deprecated fns. * reworking unit tests for de-duplication, adding another encoded test case, adding more asserts for decoded content. * fixing `clippy::use_self` finding. * Changing `default` fn on `HpkeSymmetricCipherSuite` to be an impl of `Default`. * Updating trust-dns-resolver code to use latest hickory-resolver. * Pulling out ECH config fetch + deserialize from ECH example program to a connect-tests unit test. --- rustls/src/lib.rs | 9 ++- rustls/src/msgs/base.rs | 5 ++ rustls/src/msgs/enums.rs | 69 +++++++++++++++++++++ rustls/src/msgs/handshake.rs | 115 ++++++++++++++++++++++++++++++++++- rustls/tests/ech.rs | 98 +++++++++++++++++++++++++++++ 5 files changed, 292 insertions(+), 4 deletions(-) create mode 100644 rustls/tests/ech.rs diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 5e4df95e65..3cb93a12e9 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -380,15 +380,18 @@ pub mod internal { pub use crate::msgs::deframer::MessageDeframer; } pub mod enums { - pub use crate::msgs::enums::{AlertLevel, Compression, NamedGroup}; + pub use crate::msgs::enums::{ + AlertLevel, Compression, EchVersion, HpkeAead, HpkeKdf, HpkeKem, NamedGroup, + }; } pub mod fragmenter { pub use crate::msgs::fragmenter::MessageFragmenter; } pub mod handshake { pub use crate::msgs::handshake::{ - ClientExtension, ClientHelloPayload, DistinguishedName, HandshakeMessagePayload, - HandshakePayload, KeyShareEntry, Random, SessionId, + ClientExtension, ClientHelloPayload, DistinguishedName, EchConfig, + EchConfigContents, HandshakeMessagePayload, HandshakePayload, HpkeKeyConfig, + HpkeSymmetricCipherSuite, KeyShareEntry, Random, SessionId, }; } pub mod message { diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index 4339bbd914..1ef8b901c0 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -129,6 +129,11 @@ impl fmt::Debug for PayloadU16 { pub struct PayloadU8(pub(crate) Vec); impl PayloadU8 { + pub(crate) fn encode_slice(slice: &[u8], bytes: &mut Vec) { + (slice.len() as u8).encode(bytes); + bytes.extend_from_slice(slice); + } + pub(crate) fn new(bytes: Vec) -> Self { Self(bytes) } diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index aa07efd527..9978d6457e 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -264,6 +264,75 @@ enum_builder! { } } +enum_builder! { + /// The Key Encapsulation Mechanism (`Kem`) type for HPKE operations. + /// Listed by IANA, as specified in [RFC 9180 Section 7.1] + /// + /// [RFC 9180 Section 7.1]: + @U16 + pub enum HpkeKem { + DHKEM_P256_HKDF_SHA256 => 0x0010, + DHKEM_P384_HKDF_SHA384 => 0x0011, + DHKEM_P521_HKDF_SHA512 => 0x0012, + DHKEM_X25519_HKDF_SHA256 => 0x0020, + DHKEM_X448_HKDF_SHA512 => 0x0021 + } +} + +enum_builder! { + /// The Key Derivation Function (`Kdf`) type for HPKE operations. + /// Listed by IANA, as specified in [RFC 9180 Section 7.2] + /// + /// [RFC 9180 Section 7.2]: + @U16 + pub enum HpkeKdf { + HKDF_SHA256 => 0x0001, + HKDF_SHA384 => 0x0002, + HKDF_SHA512 => 0x0003 + } +} + +impl Default for HpkeKdf { + // TODO(XXX): revisit the default configuration. This is just what Cloudflare ships right now. + fn default() -> Self { + Self::HKDF_SHA256 + } +} + +enum_builder! { + /// The Authenticated Encryption with Associated Data (`Aead`) type for HPKE operations. + /// Listed by IANA, as specified in [RFC 9180 Section 7.3] + /// + /// [RFC 9180 Section 7.3]: + @U16 + pub enum HpkeAead { + AES_128_GCM => 0x0001, + AES_256_GCM => 0x0002, + CHACHA20_POLY_1305 => 0x0003, + EXPORT_ONLY => 0xFFFF + } +} + +impl Default for HpkeAead { + // TODO(XXX): revisit the default configuration. This is just what Cloudflare ships right now. + fn default() -> Self { + Self::AES_128_GCM + } +} + +enum_builder! { + /// The Encrypted Client Hello protocol version (`EchVersion`). + /// + /// Specified in [draft-ietf-tls-esni Section 4]. + /// TODO(XXX): Update reference once RFC is published. + /// + /// [draft-ietf-tls-esni Section 4]: + @U16 + pub enum EchVersion { + V14 => 0xfe0d + } +} + #[cfg(test)] pub(crate) mod tests { //! These tests are intended to provide coverage and diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 628f57ec13..ef8be14d10 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -12,7 +12,8 @@ use crate::msgs::base::{Payload, PayloadU16, PayloadU24, PayloadU8}; use crate::msgs::codec::{self, Codec, LengthPrefixedBuffer, ListLength, Reader, TlsListElement}; use crate::msgs::enums::{ CertificateStatusType, ClientCertificateType, Compression, ECCurveType, ECPointFormat, - ExtensionType, KeyUpdateRequest, NamedGroup, PSKKeyExchangeMode, ServerNameType, + EchVersion, ExtensionType, HpkeAead, HpkeKdf, HpkeKem, KeyUpdateRequest, NamedGroup, + PSKKeyExchangeMode, ServerNameType, }; use crate::rand; use crate::verify::DigitallySignedStruct; @@ -2249,3 +2250,115 @@ impl HandshakeMessagePayload { } } } + +#[derive(Clone, Debug, Default, Eq, PartialEq)] +pub struct HpkeSymmetricCipherSuite { + pub kdf_id: HpkeKdf, + pub aead_id: HpkeAead, +} + +impl Codec for HpkeSymmetricCipherSuite { + fn encode(&self, bytes: &mut Vec) { + self.kdf_id.encode(bytes); + self.aead_id.encode(bytes); + } + + fn read(r: &mut Reader) -> Result { + Ok(Self { + kdf_id: HpkeKdf::read(r)?, + aead_id: HpkeAead::read(r)?, + }) + } +} + +impl TlsListElement for HpkeSymmetricCipherSuite { + const SIZE_LEN: ListLength = ListLength::U16; +} + +#[derive(Clone, Debug)] +pub struct HpkeKeyConfig { + pub config_id: u8, + pub kem_id: HpkeKem, + pub public_key: PayloadU16, + pub symmetric_cipher_suites: Vec, +} + +impl Codec for HpkeKeyConfig { + fn encode(&self, bytes: &mut Vec) { + self.config_id.encode(bytes); + self.kem_id.encode(bytes); + self.public_key.encode(bytes); + self.symmetric_cipher_suites + .encode(bytes); + } + + fn read(r: &mut Reader) -> Result { + Ok(Self { + config_id: u8::read(r)?, + kem_id: HpkeKem::read(r)?, + public_key: PayloadU16::read(r)?, + symmetric_cipher_suites: Vec::::read(r)?, + }) + } +} + +#[derive(Clone, Debug)] +pub struct EchConfigContents { + pub key_config: HpkeKeyConfig, + pub maximum_name_length: u8, + pub public_name: DnsName, + pub extensions: PayloadU16, +} + +impl Codec for EchConfigContents { + fn encode(&self, bytes: &mut Vec) { + self.key_config.encode(bytes); + self.maximum_name_length.encode(bytes); + let dns_name = &self.public_name.borrow(); + PayloadU8::encode_slice(dns_name.as_ref().as_ref(), bytes); + self.extensions.encode(bytes); + } + + fn read(r: &mut Reader) -> Result { + Ok(Self { + key_config: HpkeKeyConfig::read(r)?, + maximum_name_length: u8::read(r)?, + public_name: { + DnsName::try_from_ascii(PayloadU8::read(r)?.0.as_slice()) + .map_err(|_| InvalidMessage::InvalidServerName)? + }, + extensions: PayloadU16::read(r)?, + }) + } +} + +#[derive(Clone, Debug)] +pub struct EchConfig { + pub version: EchVersion, + pub contents: EchConfigContents, +} + +impl Codec for EchConfig { + fn encode(&self, bytes: &mut Vec) { + self.version.encode(bytes); + let mut contents = Vec::with_capacity(128); + self.contents.encode(&mut contents); + let length: &mut [u8; 2] = &mut [0, 0]; + codec::put_u16(contents.len() as u16, length); + bytes.extend_from_slice(length); + bytes.extend(contents); + } + + fn read(r: &mut Reader) -> Result { + let version = EchVersion::read(r)?; + let length = u16::read(r)?; + Ok(Self { + version, + contents: EchConfigContents::read(&mut r.sub(length as usize)?)?, + }) + } +} + +impl TlsListElement for EchConfig { + const SIZE_LEN: ListLength = ListLength::U16; +} diff --git a/rustls/tests/ech.rs b/rustls/tests/ech.rs new file mode 100644 index 0000000000..ff9926b0b0 --- /dev/null +++ b/rustls/tests/ech.rs @@ -0,0 +1,98 @@ +use base64::prelude::{Engine, BASE64_STANDARD}; + +use rustls::internal::msgs::codec::{Codec, Reader}; +use rustls::internal::msgs::enums::{EchVersion, HpkeAead, HpkeKdf, HpkeKem}; +use rustls::internal::msgs::handshake::{EchConfig, HpkeKeyConfig, HpkeSymmetricCipherSuite}; +use rustls::server::danger::DnsName; + +#[test] +fn test_decode_config_list() { + fn assert_config(config: &EchConfig, public_name: impl AsRef<[u8]>, max_len: u8) { + assert_eq!(config.version, EchVersion::V14); + assert_eq!(config.contents.maximum_name_length, max_len); + assert_eq!( + config.contents.public_name, + DnsName::try_from_ascii(public_name.as_ref()).unwrap() + ); + assert!(config.contents.extensions.0.is_empty()); + } + + fn assert_key_config( + config: &HpkeKeyConfig, + id: u8, + kem_id: HpkeKem, + cipher_suites: Vec, + ) { + assert_eq!(config.config_id, id); + assert_eq!(config.kem_id, kem_id); + assert_eq!(config.symmetric_cipher_suites, cipher_suites); + } + + let config_list = get_ech_config(BASE64_ECHCONFIG_LIST_LOCALHOST); + assert_eq!(config_list.len(), 1); + assert_config(&config_list[0], "localhost", 128); + assert_key_config( + &config_list[0].contents.key_config, + 0, + HpkeKem::DHKEM_X25519_HKDF_SHA256, + vec![ + HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA256, + aead_id: HpkeAead::AES_128_GCM, + }, + HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA256, + aead_id: HpkeAead::CHACHA20_POLY_1305, + }, + ], + ); + + let config_list = get_ech_config(BASE64_ECHCONFIG_LIST_CF); + assert_eq!(config_list.len(), 2); + assert_config(&config_list[0], "cloudflare-esni.com", 37); + assert_key_config( + &config_list[0].contents.key_config, + 195, + HpkeKem::DHKEM_X25519_HKDF_SHA256, + vec![HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA256, + aead_id: HpkeAead::AES_128_GCM, + }], + ); + assert_config(&config_list[1], "cloudflare-esni.com", 42); + assert_key_config( + &config_list[1].contents.key_config, + 3, + HpkeKem::DHKEM_P256_HKDF_SHA256, + vec![HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA256, + aead_id: HpkeAead::AES_128_GCM, + }], + ); +} + +#[test] +fn test_echconfig_serialization() { + fn assert_round_trip_eq(data: &str) { + let configs = get_ech_config(data); + let mut output = Vec::new(); + configs.encode(&mut output); + assert_eq!(data, BASE64_STANDARD.encode(&output)); + } + + assert_round_trip_eq(BASE64_ECHCONFIG_LIST_LOCALHOST); + assert_round_trip_eq(BASE64_ECHCONFIG_LIST_CF); +} + +fn get_ech_config(s: &str) -> Vec { + let bytes = BASE64_STANDARD.decode(s).unwrap(); + Vec::<_>::read(&mut Reader::init(&bytes)).unwrap() +} + +// One EchConfig, with server-name "localhost". +const BASE64_ECHCONFIG_LIST_LOCALHOST: &str = + "AED+DQA8AAAgACAxoIJyV36iDlfFRmqE+ho2PxXE0EISPfUUJYKCy6T8VwAIAAEAAQABAAOACWxvY2FsaG9zdAAA"; + +// Two EchConfigs, both with server-name "cloudflare-esni.com". +const BASE64_ECHCONFIG_LIST_CF: &str = + "AK3+DQBCwwAgACAJ9T5U4FeM6631r2bvAuGtmEd8zQaoTkFAtArTcMl/XQAEAAEAASUTY2xvdWRmbGFyZS1lc25pLmNvbQAA/g0AYwMAEABBBGGbUlGLuGRorUeFwmrgHImkrh9uxoPrnFKpS5bQvnc5grfMS3PvymQ2FYL02WQi1ZzZJg5OsYYdzlaGYnEoJNsABAABAAEqE2Nsb3VkZmxhcmUtZXNuaS5jb20AAA=="; From de9bf1d2e906154dc42b54d749662f36b12e07c2 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 2 Nov 2023 17:03:35 -0400 Subject: [PATCH 0347/1145] connect-tests: add EchConfig fetch tests This commit adds a new `connect-tests/tests/ech.rs` module that performs a DNS over HTTPS lookup for HTTPS type records, finding `EchConfig`s and testing we can deserialize the raw form into the Rustls representation without error. Presently it tests against: * `crypto.cloudflare.com` * `defo.ie` * `tls-ech.dev` Since these are network based tests they need to live in `connect-tests` to avoid flakyness during normal CI runs. In previous WIP branches this was done as part of an overall end-to-end example of using ECH, but we can test this in isolation ahead of having full ECH support. --- Cargo.lock | 657 ++++++++++++++++++++++++++++++++++++- connect-tests/Cargo.toml | 1 + connect-tests/tests/ech.rs | 55 ++++ 3 files changed, 700 insertions(+), 13 deletions(-) create mode 100644 connect-tests/tests/ech.rs diff --git a/Cargo.lock b/Cargo.lock index 103d2f46e6..41adad13a7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2,6 +2,21 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "addr2line" +version = "0.21.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb" +dependencies = [ + "gimli", +] + +[[package]] +name = "adler" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" + [[package]] name = "aead" version = "0.5.2" @@ -75,12 +90,38 @@ version = "1.0.75" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" +[[package]] +name = "async-trait" +version = "0.1.74" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "autocfg" version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +[[package]] +name = "backtrace" +version = "0.3.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" +dependencies = [ + "addr2line", + "cc", + "cfg-if", + "libc", + "miniz_oxide", + "object", + "rustc-demangle", +] + [[package]] name = "base64" version = "0.21.5" @@ -99,6 +140,12 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7dfdb4953a096c551ce9ace855a604d702e6e62d77fac690575ae347571717f5" +[[package]] +name = "bitflags" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" + [[package]] name = "bitflags" version = "2.4.1" @@ -126,6 +173,12 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" +[[package]] +name = "bytes" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" + [[package]] name = "cc" version = "1.0.83" @@ -308,6 +361,12 @@ dependencies = [ "syn", ] +[[package]] +name = "data-encoding" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2e66c9d817f1720209181c316d28635c050fa304f9c79e47a520882661b7308" + [[package]] name = "der" version = "0.7.8" @@ -358,6 +417,18 @@ version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" +[[package]] +name = "enum-as-inner" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ffccbb6966c05b32ef8fbac435df276c4ae4d3dc55a8cd0eb9745e6c12f546a" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "env_logger" version = "0.10.0" @@ -387,6 +458,67 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a481586acf778f1b1455424c343f71124b048ffa5f4fc3f8f6ae9dc432dcb3c7" +[[package]] +name = "fnv" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" + +[[package]] +name = "form_urlencoded" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a62bc1cf6f830c2ec14a513a9fb124d0a213a629668a4186f329db21fe045652" +dependencies = [ + "percent-encoding", +] + +[[package]] +name = "futures-channel" +version = "0.3.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff4dd66668b557604244583e3e1e1eada8c5c2e96a6d0d6653ede395b78bbacb" +dependencies = [ + "futures-core", +] + +[[package]] +name = "futures-core" +version = "0.3.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eb1d22c66e66d9d72e1758f0bd7d4fd0bee04cad842ee34587d68c07e45d088c" + +[[package]] +name = "futures-io" +version = "0.3.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8bf34a163b5c4c52d0478a4d757da8fb65cabef42ba90515efee0f6f9fa45aaa" + +[[package]] +name = "futures-sink" +version = "0.3.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e36d3378ee38c2a36ad710c5d30c2911d752cb941c00c72dbabfb786a7970817" + +[[package]] +name = "futures-task" +version = "0.3.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "efd193069b0ddadc69c46389b740bbccdd97203899b48d09c5f7969591d6bae2" + +[[package]] +name = "futures-util" +version = "0.3.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a19526d624e703a3179b3d322efec918b6246ea0fa51d41124525f00f1cc8104" +dependencies = [ + "futures-core", + "futures-task", + "pin-project-lite", + "pin-utils", + "slab", +] + [[package]] name = "fxhash" version = "0.2.1" @@ -417,6 +549,37 @@ dependencies = [ "wasi", ] +[[package]] +name = "gimli" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fb8d784f27acf97159b40fc4db5ecd8aa23b9ad5ef69cdd136d3bc80665f0c0" + +[[package]] +name = "h2" +version = "0.3.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91fc23aa11be92976ef4729127f1a74adf36d8436f7816b185d18df956790833" +dependencies = [ + "bytes", + "fnv", + "futures-core", + "futures-sink", + "futures-util", + "http", + "indexmap", + "slab", + "tokio", + "tokio-util", + "tracing", +] + +[[package]] +name = "hashbrown" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" + [[package]] name = "heck" version = "0.4.1" @@ -429,6 +592,61 @@ version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" +[[package]] +name = "hickory-proto" +version = "0.24.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "091a6fbccf4860009355e3efc52ff4acf37a63489aad7435372d44ceeb6fbbcf" +dependencies = [ + "async-trait", + "bytes", + "cfg-if", + "data-encoding", + "enum-as-inner", + "futures-channel", + "futures-io", + "futures-util", + "h2", + "http", + "idna", + "ipnet", + "once_cell", + "rand", + "rustls 0.21.8", + "rustls-pemfile 1.0.3", + "thiserror", + "tinyvec", + "tokio", + "tokio-rustls", + "tracing", + "url", + "webpki-roots 0.25.2", +] + +[[package]] +name = "hickory-resolver" +version = "0.24.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35b8f021164e6a984c9030023544c57789c51760065cd510572fedcfb04164e8" +dependencies = [ + "cfg-if", + "futures-util", + "hickory-proto", + "ipconfig", + "lru-cache", + "once_cell", + "parking_lot", + "rand", + "resolv-conf", + "rustls 0.21.8", + "smallvec", + "thiserror", + "tokio", + "tokio-rustls", + "tracing", + "webpki-roots 0.25.2", +] + [[package]] name = "hmac" version = "0.12.1" @@ -438,12 +656,54 @@ dependencies = [ "digest", ] +[[package]] +name = "hostname" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c731c3e10504cc8ed35cfe2f1db4c9274c3d35fa486e3b31df46f068ef3e867" +dependencies = [ + "libc", + "match_cfg", + "winapi", +] + +[[package]] +name = "http" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd6effc99afb63425aff9b05836f029929e345a6148a14b7ecd5ab67af944482" +dependencies = [ + "bytes", + "fnv", + "itoa", +] + [[package]] name = "humantime" version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" +[[package]] +name = "idna" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d20d6b07bfbc108882d88ed8e37d39636dcc260e15e30c45e6ba089610b917c" +dependencies = [ + "unicode-bidi", + "unicode-normalization", +] + +[[package]] +name = "indexmap" +version = "1.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" +dependencies = [ + "autocfg", + "hashbrown", +] + [[package]] name = "inout" version = "0.1.3" @@ -453,6 +713,24 @@ dependencies = [ "generic-array", ] +[[package]] +name = "ipconfig" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f" +dependencies = [ + "socket2", + "widestring", + "windows-sys", + "winreg", +] + +[[package]] +name = "ipnet" +version = "2.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3" + [[package]] name = "is-terminal" version = "0.4.9" @@ -473,6 +751,12 @@ dependencies = [ "either", ] +[[package]] +name = "itoa" +version = "1.0.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" + [[package]] name = "js-sys" version = "0.3.65" @@ -503,18 +787,49 @@ version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" +[[package]] +name = "linked-hash-map" +version = "0.5.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" + [[package]] name = "linux-raw-sys" version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f" +[[package]] +name = "lock_api" +version = "0.4.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" +dependencies = [ + "autocfg", + "scopeguard", +] + [[package]] name = "log" version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +[[package]] +name = "lru-cache" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "31e24f1ad8321ca0e8a1e0ac13f23cb668e6f5466c2c57319f6a5cf1cc8e3b1c" +dependencies = [ + "linked-hash-map", +] + +[[package]] +name = "match_cfg" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4" + [[package]] name = "memchr" version = "2.6.4" @@ -530,6 +845,15 @@ dependencies = [ "autocfg", ] +[[package]] +name = "miniz_oxide" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +dependencies = [ + "adler", +] + [[package]] name = "mio" version = "0.8.9" @@ -590,6 +914,25 @@ dependencies = [ "libm", ] +[[package]] +name = "num_cpus" +version = "1.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" +dependencies = [ + "hermit-abi", + "libc", +] + +[[package]] +name = "object" +version = "0.32.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" +dependencies = [ + "memchr", +] + [[package]] name = "once_cell" version = "1.18.0" @@ -602,6 +945,29 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +[[package]] +name = "parking_lot" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "smallvec", + "windows-targets", +] + [[package]] name = "pem" version = "3.0.2" @@ -621,6 +987,24 @@ dependencies = [ "base64ct", ] +[[package]] +name = "percent-encoding" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94" + +[[package]] +name = "pin-project-lite" +version = "0.2.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" + +[[package]] +name = "pin-utils" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" + [[package]] name = "pkcs1" version = "0.7.5" @@ -680,6 +1064,12 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "quick-error" +version = "1.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" + [[package]] name = "quote" version = "1.0.33" @@ -695,6 +1085,7 @@ version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ + "libc", "rand_chacha", "rand_core", ] @@ -750,6 +1141,15 @@ dependencies = [ "yasna", ] +[[package]] +name = "redox_syscall" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" +dependencies = [ + "bitflags 1.3.2", +] + [[package]] name = "regex" version = "1.10.2" @@ -779,6 +1179,16 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +[[package]] +name = "resolv-conf" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52e44394d2086d010551b14b53b1f24e31647570cd1deb0379e2c21b329aba00" +dependencies = [ + "hostname", + "quick-error", +] + [[package]] name = "ring" version = "0.16.20" @@ -829,6 +1239,12 @@ dependencies = [ "zeroize", ] +[[package]] +name = "rustc-demangle" +version = "0.1.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" + [[package]] name = "rustc_version" version = "0.4.0" @@ -844,13 +1260,25 @@ version = "0.38.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b426b0506e5d50a7d8dafcf2e81471400deb602392c7dd110815afb4eaf02a3" dependencies = [ - "bitflags", + "bitflags 2.4.1", "errno", "libc", "linux-raw-sys", "windows-sys", ] +[[package]] +name = "rustls" +version = "0.21.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "446e14c5cda4f3f30fe71863c34ec70f5ac79d6087097ad0bb433e1be5edf04c" +dependencies = [ + "log", + "ring 0.17.5", + "rustls-webpki 0.101.7", + "sct", +] + [[package]] name = "rustls" version = "0.22.0-alpha.4" @@ -860,12 +1288,12 @@ dependencies = [ "env_logger", "log", "ring 0.17.5", - "rustls-pemfile", + "rustls-pemfile 2.0.0-alpha.1", "rustls-pki-types", - "rustls-webpki", + "rustls-webpki 0.102.0-alpha.6", "rustversion", "subtle", - "webpki-roots", + "webpki-roots 0.26.0-alpha.1", "zeroize", ] @@ -879,8 +1307,8 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls", - "rustls-pemfile", + "rustls 0.22.0-alpha.4", + "rustls-pemfile 2.0.0-alpha.1", "rustls-pki-types", ] @@ -888,9 +1316,10 @@ dependencies = [ name = "rustls-connect-tests" version = "0.0.1" dependencies = [ + "hickory-resolver", "regex", "ring 0.17.5", - "rustls", + "rustls 0.22.0-alpha.4", ] [[package]] @@ -902,12 +1331,21 @@ dependencies = [ "log", "mio", "rcgen", - "rustls", - "rustls-pemfile", + "rustls 0.22.0-alpha.4", + "rustls-pemfile 2.0.0-alpha.1", "rustls-pki-types", "serde", "serde_derive", - "webpki-roots", + "webpki-roots 0.26.0-alpha.1", +] + +[[package]] +name = "rustls-pemfile" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2" +dependencies = [ + "base64", ] [[package]] @@ -936,14 +1374,24 @@ dependencies = [ "hmac", "rand_core", "rsa", - "rustls", + "rustls 0.22.0-alpha.4", "rustls-pki-types", - "rustls-webpki", + "rustls-webpki 0.102.0-alpha.6", "sha2", - "webpki-roots", + "webpki-roots 0.26.0-alpha.1", "x25519-dalek", ] +[[package]] +name = "rustls-webpki" +version = "0.101.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +dependencies = [ + "ring 0.17.5", + "untrusted 0.9.0", +] + [[package]] name = "rustls-webpki" version = "0.102.0-alpha.6" @@ -967,6 +1415,16 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "sct" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" +dependencies = [ + "ring 0.17.5", + "untrusted 0.9.0", +] + [[package]] name = "semver" version = "1.0.20" @@ -1014,12 +1472,31 @@ dependencies = [ "rand_core", ] +[[package]] +name = "slab" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" +dependencies = [ + "autocfg", +] + [[package]] name = "smallvec" version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a" +[[package]] +name = "socket2" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9" +dependencies = [ + "libc", + "windows-sys", +] + [[package]] name = "spin" version = "0.5.2" @@ -1074,6 +1551,26 @@ dependencies = [ "winapi-util", ] +[[package]] +name = "thiserror" +version = "1.0.50" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.50" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "time" version = "0.3.30" @@ -1092,18 +1589,119 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" +[[package]] +name = "tinyvec" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + +[[package]] +name = "tokio" +version = "1.33.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4f38200e3ef7995e5ef13baec2f432a6da0aa9ac495b2c0e8f3b7eec2c92d653" +dependencies = [ + "backtrace", + "bytes", + "libc", + "mio", + "num_cpus", + "pin-project-lite", + "socket2", + "windows-sys", +] + +[[package]] +name = "tokio-rustls" +version = "0.24.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +dependencies = [ + "rustls 0.21.8", + "tokio", +] + +[[package]] +name = "tokio-util" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15" +dependencies = [ + "bytes", + "futures-core", + "futures-sink", + "pin-project-lite", + "tokio", + "tracing", +] + +[[package]] +name = "tracing" +version = "0.1.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" +dependencies = [ + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing-core" +version = "0.1.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" +dependencies = [ + "once_cell", +] + [[package]] name = "typenum" version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" +[[package]] +name = "unicode-bidi" +version = "0.3.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" + [[package]] name = "unicode-ident" version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +[[package]] +name = "unicode-normalization" +version = "0.1.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" +dependencies = [ + "tinyvec", +] + [[package]] name = "universal-hash" version = "0.5.1" @@ -1126,6 +1724,17 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" +[[package]] +name = "url" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "143b538f18257fac9cad154828a57c6bf5157e1aa604d4816b5995bf6de87ae5" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", +] + [[package]] name = "utf8parse" version = "0.2.1" @@ -1208,6 +1817,12 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "webpki-roots" +version = "0.25.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14247bb57be4f377dfb94c72830b8ce8fc6beac03cf4bf7b9732eadd414123fc" + [[package]] name = "webpki-roots" version = "0.26.0-alpha.1" @@ -1217,6 +1832,12 @@ dependencies = [ "rustls-pki-types", ] +[[package]] +name = "widestring" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "653f141f39ec16bba3c5abe400a0c60da7468261cc2cbf36805022876bc721a8" + [[package]] name = "winapi" version = "0.3.9" @@ -1314,6 +1935,16 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +[[package]] +name = "winreg" +version = "0.50.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" +dependencies = [ + "cfg-if", + "windows-sys", +] + [[package]] name = "x25519-dalek" version = "2.0.0" diff --git a/connect-tests/Cargo.toml b/connect-tests/Cargo.toml index 1cf87a252c..68d32b3cd4 100644 --- a/connect-tests/Cargo.toml +++ b/connect-tests/Cargo.toml @@ -15,3 +15,4 @@ rustls = { path = "../rustls", features = [ "logging" ]} [dev-dependencies] regex = "1.0" ring = "0.17" +hickory-resolver = { version = "0.24", features = ["dns-over-https-rustls", "webpki-roots"] } diff --git a/connect-tests/tests/ech.rs b/connect-tests/tests/ech.rs new file mode 100644 index 0000000000..3cadb73007 --- /dev/null +++ b/connect-tests/tests/ech.rs @@ -0,0 +1,55 @@ +mod ech_config { + use hickory_resolver::config::{ResolverConfig, ResolverOpts}; + use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; + use hickory_resolver::proto::rr::{RData, RecordType}; + use hickory_resolver::Resolver; + + use rustls::internal::msgs::codec::{Codec, Reader}; + use rustls::internal::msgs::enums::EchVersion; + use rustls::internal::msgs::handshake::EchConfig; + + #[test] + fn cloudflare() { + test_deserialize_ech_config("crypto.cloudflare.com"); + } + + #[test] + fn defo_ie() { + test_deserialize_ech_config("defo.ie"); + } + + #[test] + fn tls_ech_dev() { + test_deserialize_ech_config("tls-ech.dev"); + } + + /// Lookup the ECH config for a domain and deserialize it. + fn test_deserialize_ech_config(domain: &str) { + let resolver = + Resolver::new(ResolverConfig::google_https(), ResolverOpts::default()).unwrap(); + let raw_value = lookup_ech(&resolver, domain); + let parsed_config = EchConfig::read(&mut Reader::init(&raw_value)) + .expect("failed to deserialize ECH config"); + assert_eq!(parsed_config.version, EchVersion::V14); + } + + /// Use `resolver` to make an HTTPS record type query for `domain`, returning the + /// first SvcParam EchConfig value found, panicing if none are returned. + fn lookup_ech(resolver: &Resolver, domain: &str) -> Vec { + resolver + .lookup(domain, RecordType::HTTPS) + .expect("failed to lookup HTTPS record type") + .record_iter() + .find_map(|r| match r.data() { + Some(RData::HTTPS(svcb)) => svcb + .svc_params() + .iter() + .find_map(|sp| match sp { + (SvcParamKey::EchConfig, SvcParamValue::EchConfig(e)) => Some(e.clone().0), + _ => None, + }), + _ => None, + }) + .expect("missing expected HTTPS SvcParam EchConfig record") + } +} From 45e98d704dc58beb87c937b5f9d63f80966c751d Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 16:36:40 +0200 Subject: [PATCH 0348/1145] replace HashSet with BTreeSet in msgs::handshake BTreeSet is in alloc but HashSet is not. all the affected sets contain integers --- rustls/src/msgs/handshake.rs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index ef8be14d10..9b82c0eb19 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -21,12 +21,12 @@ use crate::x509::wrap_in_sequence; use pki_types::CertificateDer; +use alloc::collections::BTreeSet; #[cfg(feature = "logging")] use alloc::string::String; use alloc::vec; use alloc::vec::Vec; use core::fmt; -use std::collections; /// Create a newtype wrapper around a given type. /// @@ -286,7 +286,7 @@ pub(crate) trait ConvertServerNameList { impl ConvertServerNameList for [ServerName] { /// RFC6066: "The ServerNameList MUST NOT contain more than one name of the same name_type." fn has_duplicate_names_for_type(&self) -> bool { - let mut seen = collections::HashSet::new(); + let mut seen = BTreeSet::new(); for name in self { if !seen.insert(name.typ.get_u8()) { @@ -856,7 +856,7 @@ impl ClientHelloPayload { /// Returns true if there is more than one extension of a given /// type. pub(crate) fn has_duplicate_extension(&self) -> bool { - let mut seen = collections::HashSet::new(); + let mut seen = BTreeSet::new(); for ext in &self.extensions { let typ = ext.get_type().get_u16(); @@ -952,7 +952,7 @@ impl ClientHelloPayload { pub(crate) fn has_keyshare_extension_with_duplicates(&self) -> bool { if let Some(entries) = self.get_keyshare_extension() { - let mut seen = collections::HashSet::new(); + let mut seen = BTreeSet::new(); for kse in entries { let grp = kse.group.get_u16(); @@ -1108,7 +1108,7 @@ impl HelloRetryRequest { /// Returns true if there is more than one extension of a given /// type. pub(crate) fn has_duplicate_extension(&self) -> bool { - let mut seen = collections::HashSet::new(); + let mut seen = BTreeSet::new(); for ext in &self.extensions { let typ = ext.get_type().get_u16(); @@ -1351,7 +1351,7 @@ impl CertificateEntry { } pub(crate) fn has_duplicate_extension(&self) -> bool { - let mut seen = collections::HashSet::new(); + let mut seen = BTreeSet::new(); for ext in &self.exts { let typ = ext.get_type().get_u16(); @@ -1620,7 +1620,7 @@ pub(crate) trait HasServerExtensions { /// Returns true if there is more than one extension of a given /// type. fn has_duplicate_extension(&self) -> bool { - let mut seen = collections::HashSet::new(); + let mut seen = BTreeSet::new(); for ext in self.get_extensions() { let typ = ext.get_type().get_u16(); @@ -1948,7 +1948,7 @@ impl NewSessionTicketPayloadTls13 { } pub(crate) fn has_duplicate_extension(&self) -> bool { - let mut seen = collections::HashSet::new(); + let mut seen = BTreeSet::new(); for ext in &self.exts { let typ = ext.get_type().get_u16(); From 332d27f10f94da5a1325f5efd82e1083ef6c3539 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 3 Oct 2023 07:39:37 +0100 Subject: [PATCH 0349/1145] ring/kx.rs: tidy up and clarify imports --- rustls/src/crypto/ring/kx.rs | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index 73fac4f8c6..90df01109e 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -3,7 +3,7 @@ use crate::error::{Error, PeerMisbehaved}; use crate::msgs::enums::NamedGroup; use crate::rand::GetRandomFailed; -use ring::agreement::{agree_ephemeral, EphemeralPrivateKey, UnparsedPublicKey}; +use ring::agreement; use ring::rand::SystemRandom; use alloc::boxed::Box; @@ -18,13 +18,13 @@ struct KxGroup { name: NamedGroup, /// The corresponding ring agreement::Algorithm - agreement_algorithm: &'static ring::agreement::Algorithm, + agreement_algorithm: &'static agreement::Algorithm, } impl SupportedKxGroup for KxGroup { fn start(&self) -> Result, Error> { let rng = SystemRandom::new(); - let priv_key = EphemeralPrivateKey::generate(self.agreement_algorithm, &rng) + let priv_key = agreement::EphemeralPrivateKey::generate(self.agreement_algorithm, &rng) .map_err(|_| GetRandomFailed)?; let pub_key = priv_key @@ -53,19 +53,19 @@ impl fmt::Debug for KxGroup { /// Ephemeral ECDH on curve25519 (see RFC7748) pub static X25519: &dyn SupportedKxGroup = &KxGroup { name: NamedGroup::X25519, - agreement_algorithm: &ring::agreement::X25519, + agreement_algorithm: &agreement::X25519, }; /// Ephemeral ECDH on secp256r1 (aka NIST-P256) pub static SECP256R1: &dyn SupportedKxGroup = &KxGroup { name: NamedGroup::secp256r1, - agreement_algorithm: &ring::agreement::ECDH_P256, + agreement_algorithm: &agreement::ECDH_P256, }; /// Ephemeral ECDH on secp384r1 (aka NIST-P384) pub static SECP384R1: &dyn SupportedKxGroup = &KxGroup { name: NamedGroup::secp384r1, - agreement_algorithm: &ring::agreement::ECDH_P384, + agreement_algorithm: &agreement::ECDH_P384, }; /// A list of all the key exchange groups supported by rustls. @@ -76,16 +76,16 @@ pub static ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[X25519, SECP256R1, SECP38 #[derive(Debug)] struct KeyExchange { name: NamedGroup, - agreement_algorithm: &'static ring::agreement::Algorithm, - priv_key: EphemeralPrivateKey, - pub_key: ring::agreement::PublicKey, + agreement_algorithm: &'static agreement::Algorithm, + priv_key: agreement::EphemeralPrivateKey, + pub_key: agreement::PublicKey, } impl ActiveKeyExchange for KeyExchange { /// Completes the key exchange, given the peer's public key. fn complete(self: Box, peer: &[u8]) -> Result { - let peer_key = UnparsedPublicKey::new(self.agreement_algorithm, peer); - agree_ephemeral(self.priv_key, &peer_key, |secret| { + let peer_key = agreement::UnparsedPublicKey::new(self.agreement_algorithm, peer); + agreement::agree_ephemeral(self.priv_key, &peer_key, |secret| { SharedSecret::from(secret) }) .map_err(|_| PeerMisbehaved::InvalidKeyShare.into()) From 7aa87e98a44388df38d68e002f71e5996246efed Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 23 Aug 2023 11:52:33 +0100 Subject: [PATCH 0350/1145] Make modules in crypto::ring reusable They take the dependency on ring via `super::ring_like`, which means they can be reused against a different, ring-compatible crate. --- rustls/src/crypto/ring/hash.rs | 16 ++++++++-------- rustls/src/crypto/ring/hmac.rs | 16 ++++++++-------- rustls/src/crypto/ring/kx.rs | 4 ++-- rustls/src/crypto/ring/mod.rs | 9 +++++---- rustls/src/crypto/ring/quic.rs | 2 +- rustls/src/crypto/ring/sign.rs | 10 +++++----- rustls/src/crypto/ring/ticketer.rs | 13 ++++++++----- rustls/src/crypto/ring/tls12.rs | 2 +- rustls/src/crypto/ring/tls13.rs | 22 +++++++++++----------- rustls/src/tls13/key_schedule.rs | 2 +- 10 files changed, 50 insertions(+), 46 deletions(-) diff --git a/rustls/src/crypto/ring/hash.rs b/rustls/src/crypto/ring/hash.rs index 596c9d2c07..49e9a3f917 100644 --- a/rustls/src/crypto/ring/hash.rs +++ b/rustls/src/crypto/ring/hash.rs @@ -1,21 +1,21 @@ +use super::ring_like::digest; use crate::crypto; use crate::msgs::enums::HashAlgorithm; -use ring; use alloc::boxed::Box; -pub(crate) static SHA256: Hash = Hash(&ring::digest::SHA256, HashAlgorithm::SHA256); -pub(crate) static SHA384: Hash = Hash(&ring::digest::SHA384, HashAlgorithm::SHA384); +pub(crate) static SHA256: Hash = Hash(&digest::SHA256, HashAlgorithm::SHA256); +pub(crate) static SHA384: Hash = Hash(&digest::SHA384, HashAlgorithm::SHA384); -pub(crate) struct Hash(&'static ring::digest::Algorithm, HashAlgorithm); +pub(crate) struct Hash(&'static digest::Algorithm, HashAlgorithm); impl crypto::hash::Hash for Hash { fn start(&self) -> Box { - Box::new(Context(ring::digest::Context::new(self.0))) + Box::new(Context(digest::Context::new(self.0))) } fn hash(&self, bytes: &[u8]) -> crypto::hash::Output { - let mut ctx = ring::digest::Context::new(self.0); + let mut ctx = digest::Context::new(self.0); ctx.update(bytes); convert(ctx.finish()) } @@ -29,7 +29,7 @@ impl crypto::hash::Hash for Hash { } } -struct Context(ring::digest::Context); +struct Context(digest::Context); impl crypto::hash::Context for Context { fn fork_finish(&self) -> crypto::hash::Output { @@ -49,6 +49,6 @@ impl crypto::hash::Context for Context { } } -fn convert(val: ring::digest::Digest) -> crypto::hash::Output { +fn convert(val: digest::Digest) -> crypto::hash::Output { crypto::hash::Output::new(val.as_ref()) } diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index 5924e244e7..9535dc58bd 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -1,18 +1,18 @@ +use super::ring_like; use crate::crypto; -use ring; use alloc::boxed::Box; -pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring::hmac::HMAC_SHA256); -pub(crate) static HMAC_SHA384: Hmac = Hmac(&ring::hmac::HMAC_SHA384); +pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring_like::hmac::HMAC_SHA256); +pub(crate) static HMAC_SHA384: Hmac = Hmac(&ring_like::hmac::HMAC_SHA384); #[cfg(all(test, feature = "tls12"))] -pub(crate) static HMAC_SHA512: Hmac = Hmac(&ring::hmac::HMAC_SHA512); +pub(crate) static HMAC_SHA512: Hmac = Hmac(&ring_like::hmac::HMAC_SHA512); -pub(crate) struct Hmac(&'static ring::hmac::Algorithm); +pub(crate) struct Hmac(&'static ring_like::hmac::Algorithm); impl crypto::hmac::Hmac for Hmac { fn with_key(&self, key: &[u8]) -> Box { - Box::new(Key(ring::hmac::Key::new(*self.0, key))) + Box::new(Key(ring_like::hmac::Key::new(*self.0, key))) } fn hash_output_len(&self) -> usize { @@ -20,11 +20,11 @@ impl crypto::hmac::Hmac for Hmac { } } -struct Key(ring::hmac::Key); +struct Key(ring_like::hmac::Key); impl crypto::hmac::Key for Key { fn sign_concat(&self, first: &[u8], middle: &[&[u8]], last: &[u8]) -> crypto::hmac::Tag { - let mut ctx = ring::hmac::Context::with_key(&self.0); + let mut ctx = ring_like::hmac::Context::with_key(&self.0); ctx.update(first); for d in middle { ctx.update(d); diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index 90df01109e..be83ba8b8d 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -3,8 +3,8 @@ use crate::error::{Error, PeerMisbehaved}; use crate::msgs::enums::NamedGroup; use crate::rand::GetRandomFailed; -use ring::agreement; -use ring::rand::SystemRandom; +use super::ring_like::agreement; +use super::ring_like::rand::SystemRandom; use alloc::boxed::Box; use core::fmt; diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index d758714325..4b042b6858 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -2,7 +2,11 @@ use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::rand::GetRandomFailed; use crate::suites::SupportedCipherSuite; -use ring::rand::{SecureRandom, SystemRandom}; +pub(crate) use ring as ring_like; +use ring_like::rand::{SecureRandom, SystemRandom}; + +/// Using software keys for authentication. +pub mod sign; pub(crate) mod hash; pub(crate) mod hmac; @@ -14,9 +18,6 @@ pub(crate) mod ticketer; pub(crate) mod tls12; pub(crate) mod tls13; -/// Using software keys for authentication. -pub mod sign; - /// A `CryptoProvider` backed by the [*ring*] crate. /// /// [*ring*]: https://github.com/briansmith/ring diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 8384a34039..c1b6050d3f 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -7,7 +7,7 @@ use crate::tls13::Tls13CipherSuite; use alloc::boxed::Box; -use ring::aead; +use super::ring_like::aead; pub(crate) struct HeaderProtectionKey(aead::quic::HeaderProtectionKey); diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index b26dd80a82..a8090ba928 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -3,10 +3,10 @@ use crate::error::Error; use crate::sign::{Signer, SigningKey}; use crate::x509::{asn1_wrap, wrap_in_sequence}; +use super::ring_like::io::der; +use super::ring_like::rand::{SecureRandom, SystemRandom}; +use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; -use ring::io::der; -use ring::rand::{SecureRandom, SystemRandom}; -use ring::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; use alloc::boxed::Box; use alloc::string::ToString; @@ -143,7 +143,7 @@ impl Signer for RsaSigner { fn sign(&self, message: &[u8]) -> Result, Error> { let mut sig = vec![0; self.key.public().modulus_len()]; - let rng = ring::rand::SystemRandom::new(); + let rng = SystemRandom::new(); self.key .sign(self.encoding, &rng, message, &mut sig) .map(|_| sig) @@ -266,7 +266,7 @@ struct EcdsaSigner { impl Signer for EcdsaSigner { fn sign(&self, message: &[u8]) -> Result, Error> { - let rng = ring::rand::SystemRandom::new(); + let rng = super::ring_like::rand::SystemRandom::new(); self.key .sign(&rng, message) .map_err(|_| Error::General("signing failed".into())) diff --git a/rustls/src/crypto/ring/ticketer.rs b/rustls/src/crypto/ring/ticketer.rs index 67ebe05842..032d305835 100644 --- a/rustls/src/crypto/ring/ticketer.rs +++ b/rustls/src/crypto/ring/ticketer.rs @@ -2,7 +2,8 @@ use crate::error::Error; use crate::rand::GetRandomFailed; use crate::server::ProducesTickets; -use ring::aead; +use super::ring_like::aead; +use super::ring_like::rand::{SecureRandom, SystemRandom}; use alloc::boxed::Box; use alloc::sync::Arc; @@ -26,7 +27,9 @@ impl Ticketer { fn make_ticket_generator() -> Result, GetRandomFailed> { let mut key = [0u8; 32]; - super::RING.fill_random(&mut key)?; + SystemRandom::new() + .fill(&mut key) + .map_err(|_| GetRandomFailed)?; let alg = &aead::CHACHA20_POLY1305; let key = aead::UnboundKey::new(alg, &key).unwrap(); @@ -60,11 +63,11 @@ impl ProducesTickets for AeadTicketer { fn encrypt(&self, message: &[u8]) -> Option> { // Random nonce, because a counter is a privacy leak. let mut nonce_buf = [0u8; 12]; - super::RING - .fill_random(&mut nonce_buf) + SystemRandom::new() + .fill(&mut nonce_buf) .ok()?; let nonce = aead::Nonce::assume_unique_for_key(nonce_buf); - let aad = ring::aead::Aad::empty(); + let aad = aead::Aad::empty(); let mut ciphertext = Vec::with_capacity(nonce_buf.len() + message.len() + self.key.algorithm().tag_len()); diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index c18bce7306..8e7f1fbab0 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -14,7 +14,7 @@ use crate::tls12::Tls12CipherSuite; use alloc::boxed::Box; use alloc::vec::Vec; -use ring::aead; +use super::ring_like::aead; /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index a4ea26968b..ecf1894e87 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -14,8 +14,8 @@ use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; -use ring::hkdf::KeyType; -use ring::{aead, hkdf, hmac}; +use super::ring_like::hkdf::KeyType; +use super::ring_like::{aead, hkdf, hmac}; /// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256 pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = @@ -27,13 +27,13 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & hash_provider: &super::hash::SHA256, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), - aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&ring::aead::CHACHA20_POLY1305)), + aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&aead::CHACHA20_POLY1305)), #[cfg(feature = "quic")] confidentiality_limit: u64::MAX, #[cfg(feature = "quic")] integrity_limit: 1 << 36, #[cfg(feature = "quic")] - quic: &super::quic::KeyBuilder(&ring::aead::CHACHA20_POLY1305, &ring::aead::quic::CHACHA20), + quic: &super::quic::KeyBuilder(&aead::CHACHA20_POLY1305, &aead::quic::CHACHA20), }; /// The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384 @@ -44,13 +44,13 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = hash_provider: &super::hash::SHA384, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA384, hmac::HMAC_SHA384), - aead_alg: &Aes256GcmAead(AeadAlgorithm(&ring::aead::AES_256_GCM)), + aead_alg: &Aes256GcmAead(AeadAlgorithm(&aead::AES_256_GCM)), #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, #[cfg(feature = "quic")] integrity_limit: 1 << 52, #[cfg(feature = "quic")] - quic: &super::quic::KeyBuilder(&ring::aead::AES_256_GCM, &aead::quic::AES_256), + quic: &super::quic::KeyBuilder(&aead::AES_256_GCM, &aead::quic::AES_256), }); /// The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256 @@ -63,13 +63,13 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C hash_provider: &super::hash::SHA256, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), - aead_alg: &Aes128GcmAead(AeadAlgorithm(&ring::aead::AES_128_GCM)), + aead_alg: &Aes128GcmAead(AeadAlgorithm(&aead::AES_128_GCM)), #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, #[cfg(feature = "quic")] integrity_limit: 1 << 52, #[cfg(feature = "quic")] - quic: &super::quic::KeyBuilder(&ring::aead::AES_128_GCM, &aead::quic::AES_128), + quic: &super::quic::KeyBuilder(&aead::AES_128_GCM, &aead::quic::AES_128), }; struct Chacha20Poly1305Aead(AeadAlgorithm); @@ -145,7 +145,7 @@ impl Tls13AeadAlgorithm for Aes128GcmAead { } // common encrypter/decrypter/key_len items for above Tls13AeadAlgorithm impls -struct AeadAlgorithm(&'static ring::aead::Algorithm); +struct AeadAlgorithm(&'static aead::Algorithm); impl AeadAlgorithm { fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { @@ -170,12 +170,12 @@ impl AeadAlgorithm { } struct Tls13MessageEncrypter { - enc_key: ring::aead::LessSafeKey, + enc_key: aead::LessSafeKey, iv: Iv, } struct Tls13MessageDecrypter { - dec_key: ring::aead::LessSafeKey, + dec_key: aead::LessSafeKey, iv: Iv, } diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 2a982da090..de8338cdd2 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -833,11 +833,11 @@ where #[cfg(all(test, feature = "ring"))] mod tests { use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; + use crate::crypto::ring::ring_like::aead; use crate::crypto::ring::tls13::{ TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, }; use crate::KeyLog; - use ring::aead; #[test] fn test_vectors() { From 0e296980fd5bc2dadf1896db580275b8ad8ef0f8 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 5 Oct 2023 11:04:08 +0100 Subject: [PATCH 0351/1145] Move `rustls::cipher_suite` members into provider module Naming cipher suites individually seems like a "detail" feature, and therefore having to name the provider too is not a large imposition. Naturally this is a breaking change. --- ci-bench/src/main.rs | 12 ++++++------ examples/src/bin/limitedclient.rs | 2 +- provider-example/src/lib.rs | 4 ++-- rustls/examples/internal/bench.rs | 26 ++++++++++++------------- rustls/src/client/handy.rs | 5 +++-- rustls/src/crypto/ring/mod.rs | 13 +++++++++++++ rustls/src/lib.rs | 21 +++----------------- rustls/tests/api.rs | 32 +++++++++++++++---------------- 8 files changed, 57 insertions(+), 58 deletions(-) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 44f05c76bf..2befd7a09a 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -14,7 +14,7 @@ use itertools::Itertools; use rayon::iter::Either; use rayon::prelude::*; use rustls::client::Resumption; -use rustls::crypto::ring::Ticketer; +use rustls::crypto::ring::{cipher_suite, Ticketer}; use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; use rustls::{ ClientConfig, ClientConnection, ProtocolVersion, RootCertStore, ServerConfig, ServerConnection, @@ -210,31 +210,31 @@ fn all_benchmarks() -> anyhow::Result> { static ALL_BENCHMARK_PARAMS: &[BenchmarkParams] = &[ BenchmarkParams::new( KeyType::Rsa, - rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, &rustls::version::TLS12, "1.2_rsa_aes", ), BenchmarkParams::new( KeyType::Rsa, - rustls::cipher_suite::TLS13_AES_128_GCM_SHA256, + cipher_suite::TLS13_AES_128_GCM_SHA256, &rustls::version::TLS13, "1.3_rsa_aes", ), BenchmarkParams::new( KeyType::Ecdsa, - rustls::cipher_suite::TLS13_AES_128_GCM_SHA256, + cipher_suite::TLS13_AES_128_GCM_SHA256, &rustls::version::TLS13, "1.3_ecdsa_aes", ), BenchmarkParams::new( KeyType::Rsa, - rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, + cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, &rustls::version::TLS13, "1.3_rsa_chacha", ), BenchmarkParams::new( KeyType::Ecdsa, - rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, + cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, &rustls::version::TLS13, "1.3_ecdsa_chacha", ), diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index 095d64d0a1..18014cf4b8 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -15,7 +15,7 @@ fn main() { ); let config = rustls::ClientConfig::builder() - .with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]) + .with_cipher_suites(&[rustls::crypto::ring::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]) .with_kx_groups(&[rustls::crypto::ring::kx_group::X25519]) .with_protocol_versions(&[&rustls::version::TLS13]) .unwrap() diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 1c08116119..29ca7b4db8 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -35,7 +35,7 @@ static ALL_CIPHER_SUITES: &[rustls::SupportedCipherSuite] = &[ pub static TLS13_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = rustls::SupportedCipherSuite::Tls13(&rustls::Tls13CipherSuite { - common: rustls::cipher_suite::CipherSuiteCommon { + common: rustls::CipherSuiteCommon { suite: rustls::CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, hash_provider: &hash::Sha256, }, @@ -45,7 +45,7 @@ pub static TLS13_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = rustls::SupportedCipherSuite::Tls12(&rustls::Tls12CipherSuite { - common: rustls::cipher_suite::CipherSuiteCommon { + common: rustls::CipherSuiteCommon { suite: rustls::CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, hash_provider: &hash::Sha256, }, diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index d665408cf3..e185629519 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -14,7 +14,7 @@ use std::time::{Duration, Instant}; use pki_types::{CertificateDer, PrivateKeyDer}; use rustls::client::Resumption; -use rustls::crypto::ring::Ticketer; +use rustls::crypto::ring::{cipher_suite, Ticketer}; use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; use rustls::RootCertStore; use rustls::{ClientConfig, ClientConnection}; @@ -175,68 +175,68 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[ #[cfg(feature = "tls12")] BenchmarkParam::new( KeyType::Rsa, - rustls::cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, &rustls::version::TLS12, ), #[cfg(feature = "tls12")] BenchmarkParam::new( KeyType::Ecdsa, - rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, &rustls::version::TLS12, ), #[cfg(feature = "tls12")] BenchmarkParam::new( KeyType::Rsa, - rustls::cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, &rustls::version::TLS12, ), #[cfg(feature = "tls12")] BenchmarkParam::new( KeyType::Rsa, - rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, &rustls::version::TLS12, ), #[cfg(feature = "tls12")] BenchmarkParam::new( KeyType::Rsa, - rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, &rustls::version::TLS12, ), #[cfg(feature = "tls12")] BenchmarkParam::new( KeyType::Ecdsa, - rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, &rustls::version::TLS12, ), #[cfg(feature = "tls12")] BenchmarkParam::new( KeyType::Ecdsa, - rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, &rustls::version::TLS12, ), BenchmarkParam::new( KeyType::Rsa, - rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, + cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, &rustls::version::TLS13, ), BenchmarkParam::new( KeyType::Rsa, - rustls::cipher_suite::TLS13_AES_256_GCM_SHA384, + cipher_suite::TLS13_AES_256_GCM_SHA384, &rustls::version::TLS13, ), BenchmarkParam::new( KeyType::Rsa, - rustls::cipher_suite::TLS13_AES_128_GCM_SHA256, + cipher_suite::TLS13_AES_128_GCM_SHA256, &rustls::version::TLS13, ), BenchmarkParam::new( KeyType::Ecdsa, - rustls::cipher_suite::TLS13_AES_128_GCM_SHA256, + cipher_suite::TLS13_AES_128_GCM_SHA256, &rustls::version::TLS13, ), BenchmarkParam::new( KeyType::Ed25519, - rustls::cipher_suite::TLS13_AES_128_GCM_SHA256, + cipher_suite::TLS13_AES_128_GCM_SHA256, &rustls::version::TLS13, ), ]; diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 943abd4fda..420902d5b0 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -211,6 +211,7 @@ impl client::ResolvesClientCert for AlwaysResolvesClientCert { mod tests { use super::NoClientSessionStorage; use crate::client::ClientSessionStore; + use crate::crypto::ring::cipher_suite; use crate::msgs::enums::NamedGroup; #[cfg(feature = "tls12")] use crate::msgs::handshake::SessionId; @@ -234,7 +235,7 @@ mod tests { { use crate::msgs::persist::Tls12ClientSessionValue; let SupportedCipherSuite::Tls12(tls12_suite) = - crate::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 else { unreachable!() }; @@ -257,7 +258,7 @@ mod tests { } #[cfg_attr(not(feature = "tls12"), allow(clippy::infallible_destructuring_match))] - let tls13_suite = match crate::cipher_suite::TLS13_AES_256_GCM_SHA384 { + let tls13_suite = match cipher_suite::TLS13_AES_256_GCM_SHA384 { SupportedCipherSuite::Tls13(inner) => inner, #[cfg(feature = "tls12")] _ => unreachable!(), diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 4b042b6858..5cf18fa7e5 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -71,6 +71,19 @@ pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[ tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ]; +/// All defined cipher suites supported by *ring* appear in this module. +pub mod cipher_suite { + #[cfg(feature = "tls12")] + pub use super::tls12::{ + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + }; + pub use super::tls13::{ + TLS13_AES_128_GCM_SHA256, TLS13_AES_256_GCM_SHA384, TLS13_CHACHA20_POLY1305_SHA256, + }; +} + /// All defined key exchange groups supported by *ring* appear in this module. /// /// [`ALL_KX_GROUPS`] is provided as an array of all of these values. diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 3cb93a12e9..f143d54967 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -426,7 +426,9 @@ pub use crate::key_log_file::KeyLogFile; pub use crate::msgs::enums::NamedGroup; pub use crate::msgs::handshake::DistinguishedName; pub use crate::stream::{Stream, StreamOwned}; -pub use crate::suites::{ConnectionTrafficSecrets, ExtractedSecrets, SupportedCipherSuite}; +pub use crate::suites::{ + CipherSuiteCommon, ConnectionTrafficSecrets, ExtractedSecrets, SupportedCipherSuite, +}; pub use crate::ticketer::TicketSwitcher; #[cfg(feature = "tls12")] pub use crate::tls12::Tls12CipherSuite; @@ -506,23 +508,6 @@ pub mod server { pub use server::{ServerConfig, ServerConnection}; -/// All defined ciphersuites appear in this module. -/// -/// [`crypto::ring::ALL_CIPHER_SUITES`] is provided as an array of all of these values. -pub mod cipher_suite { - #[cfg(all(feature = "tls12", feature = "ring"))] - pub use crate::crypto::ring::tls12::{ - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - }; - #[cfg(feature = "ring")] - pub use crate::crypto::ring::tls13::{ - TLS13_AES_128_GCM_SHA256, TLS13_AES_256_GCM_SHA384, TLS13_CHACHA20_POLY1305_SHA256, - }; - pub use crate::suites::CipherSuiteCommon; -} - /// All defined protocol versions appear in this module. /// /// ALL_VERSIONS is a provided as an array of all of these values. diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 725b2482a6..75e2e271ae 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -14,7 +14,7 @@ use pki_types::{CertificateDer, UnixTime}; use rustls::client::{ verify_server_cert_signed_by_trust_anchor, ResolvesClientCert, Resumption, WebPkiServerVerifier, }; -use rustls::crypto::ring::ALL_CIPHER_SUITES; +use rustls::crypto::ring::{cipher_suite, ALL_CIPHER_SUITES}; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; @@ -248,7 +248,7 @@ fn config_builder_for_client_rejects_empty_cipher_suites() { fn config_builder_for_client_rejects_incompatible_cipher_suites() { assert_eq!( ClientConfig::builder() - .with_cipher_suites(&[rustls::cipher_suite::TLS13_AES_256_GCM_SHA384]) + .with_cipher_suites(&[cipher_suite::TLS13_AES_256_GCM_SHA384]) .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) .err(), @@ -285,7 +285,7 @@ fn config_builder_for_server_rejects_empty_cipher_suites() { fn config_builder_for_server_rejects_incompatible_cipher_suites() { assert_eq!( ServerConfig::builder() - .with_cipher_suites(&[rustls::cipher_suite::TLS13_AES_256_GCM_SHA384]) + .with_cipher_suites(&[cipher_suite::TLS13_AES_256_GCM_SHA384]) .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) .err(), @@ -451,7 +451,7 @@ fn test_config_builders_debug() { "ConfigBuilder { state: WantsCipherSuites(Ring) }", format!("{:?}", b) ); - let b = b.with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); + let b = b.with_cipher_suites(&[cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); assert_eq!("ConfigBuilder { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], provider: Ring } }", format!("{:?}", b)); let b = b.with_kx_groups(&[rustls::crypto::ring::kx_group::X25519]); assert_eq!("ConfigBuilder { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring } }", format!("{:?}", b)); @@ -466,7 +466,7 @@ fn test_config_builders_debug() { "ConfigBuilder { state: WantsCipherSuites(Ring) }", format!("{:?}", b) ); - let b = b.with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); + let b = b.with_cipher_suites(&[cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); assert_eq!("ConfigBuilder { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], provider: Ring } }", format!("{:?}", b)); let b = b.with_kx_groups(&[rustls::crypto::ring::kx_group::X25519]); assert_eq!("ConfigBuilder { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring } }", format!("{:?}", b)); @@ -2307,7 +2307,7 @@ fn make_disjoint_suite_configs() -> (ClientConfig, ServerConfig) { let server_config = finish_server_config( kt, ServerConfig::builder() - .with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]) + .with_cipher_suites(&[cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() .unwrap(), @@ -2316,7 +2316,7 @@ fn make_disjoint_suite_configs() -> (ClientConfig, ServerConfig) { let client_config = finish_client_config( kt, ClientConfig::builder() - .with_cipher_suites(&[rustls::cipher_suite::TLS13_AES_256_GCM_SHA384]) + .with_cipher_suites(&[cipher_suite::TLS13_AES_256_GCM_SHA384]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() .unwrap(), @@ -4173,7 +4173,7 @@ mod test_quic { #[test] fn packet_key_api() { - use rustls::cipher_suite::TLS13_AES_128_GCM_SHA256; + use cipher_suite::TLS13_AES_128_GCM_SHA256; use rustls::quic::{Keys, Version}; use rustls::Side; @@ -5213,12 +5213,12 @@ fn test_secret_extraction_enabled() { // Chacha20Poly1305), so that's 2*3 = 6 combinations to test. let kt = KeyType::Rsa; for suite in [ - rustls::cipher_suite::TLS13_AES_128_GCM_SHA256, - rustls::cipher_suite::TLS13_AES_256_GCM_SHA384, - rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, - rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - rustls::cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + cipher_suite::TLS13_AES_128_GCM_SHA256, + cipher_suite::TLS13_AES_256_GCM_SHA384, + cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, + cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ] { let version = suite.version(); println!("Testing suite {:?}", suite.suite().as_str()); @@ -5284,7 +5284,7 @@ fn test_secret_extraction_enabled() { #[cfg(feature = "tls12")] #[test] fn test_secret_extraction_disabled_or_too_early() { - let suite = rustls::cipher_suite::TLS13_AES_128_GCM_SHA256; + let suite = cipher_suite::TLS13_AES_128_GCM_SHA256; let kt = KeyType::Rsa; for (server_enable, client_enable) in [(true, false), (false, true)] { @@ -5340,7 +5340,7 @@ fn test_secret_extraction_disabled_or_too_early() { #[test] fn test_received_plaintext_backpressure() { - let suite = rustls::cipher_suite::TLS13_AES_128_GCM_SHA256; + let suite = cipher_suite::TLS13_AES_128_GCM_SHA256; let kt = KeyType::Rsa; let server_config = Arc::new( From 3897bceeca8f53619a3e03da789792cb462b0ae5 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 16 Oct 2023 12:23:02 +0100 Subject: [PATCH 0352/1145] Delegate private key loading to `CryptoProvider` --- provider-example/src/lib.rs | 10 ++++++++++ rustls/src/client/builder.rs | 18 +++++++++++------- rustls/src/client/handy.rs | 14 ++++---------- rustls/src/crypto/mod.rs | 11 +++++++++++ rustls/src/crypto/ring/mod.rs | 16 +++++++++++++++- rustls/src/server/builder.rs | 26 ++++++++++++++++---------- rustls/src/server/handy.rs | 31 +++++++++++-------------------- rustls/tests/api.rs | 9 ++++++++- 8 files changed, 86 insertions(+), 49 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 29ca7b4db8..720f8a7a73 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -1,3 +1,4 @@ +use pki_types::PrivateKeyDer; use std::sync::Arc; mod aead; @@ -26,6 +27,15 @@ impl rustls::crypto::CryptoProvider for Provider { fn default_kx_groups(&self) -> &'static [&'static dyn rustls::crypto::SupportedKxGroup] { kx::ALL_KX_GROUPS } + + /// XXX: currently this example is client-only, which avoids the need for it to support + /// authentication key handling. + fn load_private_key( + &self, + _key_der: PrivateKeyDer<'static>, + ) -> Result, rustls::Error> { + unimplemented!() + } } static ALL_CIPHER_SUITES: &[rustls::SupportedCipherSuite] = &[ diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 98f15a5026..5f81edd74c 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -2,15 +2,15 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::client::handy; use crate::client::{ClientConfig, ResolvesClientCert}; use crate::crypto::{CryptoProvider, SupportedKxGroup}; +use crate::error::Error; use crate::key_log::NoKeyLog; use crate::suites::SupportedCipherSuite; #[cfg(feature = "ring")] -use crate::{error::Error, webpki}; +use crate::webpki; use crate::{verify, versions}; use super::client_conn::Resumption; -#[cfg(feature = "ring")] use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::sync::Arc; @@ -95,12 +95,12 @@ pub struct WantsClientCert { } impl ConfigBuilder { - #[cfg(feature = "ring")] /// Sets a single certificate chain and matching private key for use /// in client authentication. /// /// `cert_chain` is a vector of DER-encoded certificates. - /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key. + /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key -- the precise + /// set of supported key types and parameters is defined by the selected `CryptoProvider`. /// /// This function fails if `key_der` is invalid. pub fn with_client_auth_cert( @@ -108,16 +108,20 @@ impl ConfigBuilder { cert_chain: Vec>, key_der: PrivateKeyDer<'static>, ) -> Result { - let resolver = handy::AlwaysResolvesClientCert::new(cert_chain, &key_der)?; + let private_key = self + .state + .provider + .load_private_key(key_der)?; + let resolver = handy::AlwaysResolvesClientCert::new(private_key, cert_chain)?; Ok(self.with_client_cert_resolver(Arc::new(resolver))) } - #[cfg(feature = "ring")] /// Sets a single certificate chain and matching private key for use /// in client authentication. /// /// `cert_chain` is a vector of DER-encoded certificates. - /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key. + /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key -- the precise + /// set of supported key types and parameters is defined by the selected `CryptoProvider`. /// /// This function fails if `key_der` is invalid. #[deprecated(since = "0.21.4", note = "Use `with_client_auth_cert` instead")] diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 420902d5b0..ef087e89db 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -1,19 +1,16 @@ use crate::client; use crate::enums::SignatureScheme; +use crate::error::Error; use crate::limited_cache; use crate::msgs::persist; use crate::sign; use crate::NamedGroup; use crate::ServerName; -#[cfg(feature = "ring")] -use crate::{crypto::ring, error::Error}; -#[cfg(feature = "ring")] -use pki_types::{CertificateDer, PrivateKeyDer}; +use pki_types::CertificateDer; use alloc::collections::VecDeque; use alloc::sync::Arc; -#[cfg(feature = "ring")] use alloc::vec::Vec; use std::sync::Mutex; @@ -182,14 +179,11 @@ impl client::ResolvesClientCert for FailResolveClientCert { pub(super) struct AlwaysResolvesClientCert(Arc); impl AlwaysResolvesClientCert { - #[cfg(feature = "ring")] pub(super) fn new( + private_key: Arc, chain: Vec>, - priv_key: &PrivateKeyDer<'_>, ) -> Result { - let key = ring::sign::any_supported_type(priv_key) - .map_err(|_| Error::General("invalid private key".into()))?; - Ok(Self(Arc::new(sign::CertifiedKey::new(chain, key)))) + Ok(Self(Arc::new(sign::CertifiedKey::new(chain, private_key)))) } } diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 9507cc1636..2ceb805d79 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,10 +1,13 @@ +use crate::sign::SigningKey; use crate::suites; use crate::{Error, NamedGroup}; use alloc::boxed::Box; +use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; +use pki_types::PrivateKeyDer; use zeroize::Zeroize; /// *ring* based CryptoProvider. @@ -43,6 +46,14 @@ pub trait CryptoProvider: Send + Sync + Debug + 'static { /// Return a safe set of supported key exchange groups to be used as the defaults. fn default_kx_groups(&self) -> &'static [&'static dyn SupportedKxGroup]; + + /// Decode and validate a private signing key from `key_der`. + /// + /// Return an error if the key type encoding is not supported, or if the key fails validation. + fn load_private_key( + &self, + key_der: PrivateKeyDer<'static>, + ) -> Result, Error>; } /// A supported key exchange group. diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 5cf18fa7e5..f0fa439192 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -1,6 +1,13 @@ use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::rand::GetRandomFailed; +use crate::sign::SigningKey; use crate::suites::SupportedCipherSuite; +use crate::Error; + +use pki_types::PrivateKeyDer; + +use alloc::borrow::ToOwned; +use alloc::sync::Arc; pub(crate) use ring as ring_like; use ring_like::rand::{SecureRandom, SystemRandom}; @@ -38,10 +45,17 @@ impl CryptoProvider for Ring { DEFAULT_CIPHER_SUITES } - /// Return all supported key exchange groups. fn default_kx_groups(&self) -> &'static [&'static dyn SupportedKxGroup] { ALL_KX_GROUPS } + + fn load_private_key( + &self, + key_der: PrivateKeyDer<'static>, + ) -> Result, Error> { + sign::any_supported_type(&key_der) + .map_err(|_| Error::General("invalid private key".to_owned())) + } } /// The cipher suite configuration that an application should use by default. diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 124764b0ba..6b459f5cce 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -1,6 +1,5 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::crypto::{CryptoProvider, SupportedKxGroup}; -#[cfg(feature = "ring")] use crate::error::Error; use crate::server::handy; use crate::server::{ResolvesServerCert, ServerConfig}; @@ -9,7 +8,6 @@ use crate::verify::{ClientCertVerifier, NoClientAuth}; use crate::versions; use crate::NoKeyLog; -#[cfg(feature = "ring")] use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::sync::Arc; @@ -54,7 +52,6 @@ pub struct WantsServerCert { } impl ConfigBuilder { - #[cfg(feature = "ring")] /// Sets a single certificate chain and matching private key. This /// certificate and key is used for all subsequent connections, /// irrespective of things like SNI hostname. @@ -65,7 +62,8 @@ impl ConfigBuilder { /// disregarded. /// /// `cert_chain` is a vector of DER-encoded certificates. - /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key. + /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key -- the precise + /// set of supported key types and parameters is defined by the selected `CryptoProvider`. /// /// This function fails if `key_der` is invalid. pub fn with_single_cert( @@ -73,17 +71,21 @@ impl ConfigBuilder { cert_chain: Vec>, key_der: PrivateKeyDer<'static>, ) -> Result { - let resolver = handy::AlwaysResolvesChain::new(cert_chain, &key_der)?; + let private_key = self + .state + .provider + .load_private_key(key_der)?; + let resolver = handy::AlwaysResolvesChain::new(private_key, cert_chain); Ok(self.with_cert_resolver(Arc::new(resolver))) } - #[cfg(feature = "ring")] - /// Sets a single certificate chain, matching private key, OCSP - /// response and SCTs. This certificate and key is used for all + /// Sets a single certificate chain, matching private key and optional OCSP + /// response. This certificate and key is used for all /// subsequent connections, irrespective of things like SNI hostname. /// /// `cert_chain` is a vector of DER-encoded certificates. - /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key. + /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key -- the precise + /// set of supported key types and parameters is defined by the selected `CryptoProvider`. /// `ocsp` is a DER-encoded OCSP response. Ignored if zero length. /// /// This function fails if `key_der` is invalid. @@ -93,7 +95,11 @@ impl ConfigBuilder { key_der: PrivateKeyDer<'static>, ocsp: Vec, ) -> Result { - let resolver = handy::AlwaysResolvesChain::new_with_extras(cert_chain, &key_der, ocsp)?; + let private_key = self + .state + .provider + .load_private_key(key_der)?; + let resolver = handy::AlwaysResolvesChain::new_with_extras(private_key, cert_chain, ocsp); Ok(self.with_cert_resolver(Arc::new(resolver))) } diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 2200af7239..e56fb03a93 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -1,5 +1,3 @@ -#[cfg(feature = "ring")] -use crate::crypto::ring; use crate::dns_name::DnsNameRef; use crate::error::Error; use crate::limited_cache; @@ -9,8 +7,7 @@ use crate::sign; use crate::webpki::{verify_server_name, ParsedCertificate}; use crate::ServerName; -#[cfg(feature = "ring")] -use pki_types::{CertificateDer, PrivateKeyDer}; +use pki_types::CertificateDer; use alloc::string::{String, ToString}; use alloc::sync::Arc; @@ -102,29 +99,23 @@ impl server::ProducesTickets for NeverProducesTickets { pub(super) struct AlwaysResolvesChain(Arc); impl AlwaysResolvesChain { - /// Creates an `AlwaysResolvesChain`, auto-detecting the underlying private - /// key type and encoding. - #[cfg(feature = "ring")] + /// Creates an `AlwaysResolvesChain`, using the supplied key and certificate chain. pub(super) fn new( + private_key: Arc, chain: Vec>, - priv_key: &PrivateKeyDer<'_>, - ) -> Result { - let key = ring::sign::any_supported_type(priv_key) - .map_err(|_| Error::General("invalid private key".into()))?; - Ok(Self(Arc::new(sign::CertifiedKey::new(chain, key)))) + ) -> Self { + Self(Arc::new(sign::CertifiedKey::new(chain, private_key))) } - /// Creates an `AlwaysResolvesChain`, auto-detecting the underlying private - /// key type and encoding. + /// Creates an `AlwaysResolvesChain`, using the supplied key, certificate chain and OCSP response. /// - /// If non-empty, the given OCSP response and SCTs are attached. - #[cfg(feature = "ring")] + /// If non-empty, the given OCSP response is attached. pub(super) fn new_with_extras( + private_key: Arc, chain: Vec>, - priv_key: &PrivateKeyDer<'_>, ocsp: Vec, - ) -> Result { - let mut r = Self::new(chain, priv_key)?; + ) -> Self { + let mut r = Self::new(private_key, chain); { let cert = Arc::make_mut(&mut r.0); @@ -133,7 +124,7 @@ impl AlwaysResolvesChain { } } - Ok(r) + r } } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 75e2e271ae..be598c1527 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -10,7 +10,7 @@ use std::sync::atomic::{AtomicUsize, Ordering}; use std::sync::Arc; use std::sync::Mutex; -use pki_types::{CertificateDer, UnixTime}; +use pki_types::{CertificateDer, PrivateKeyDer, UnixTime}; use rustls::client::{ verify_server_cert_signed_by_trust_anchor, ResolvesClientCert, Resumption, WebPkiServerVerifier, }; @@ -5482,6 +5482,13 @@ impl rustls::crypto::CryptoProvider for FaultyRandomProvider { fn default_kx_groups(&self) -> &'static [&'static (dyn rustls::crypto::SupportedKxGroup)] { self.parent.default_kx_groups() } + + fn load_private_key( + &self, + key_der: PrivateKeyDer<'static>, + ) -> Result, Error> { + self.parent.load_private_key(key_der) + } } #[test] From 6719bc52be72b5d97aa1f99cd3fb56458bb9dfd8 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 9 Nov 2023 12:06:35 +0000 Subject: [PATCH 0353/1145] Move webpki `SUPPORTED_SIG_ALGS` into `crypto::ring` --- rustls/src/crypto/ring/mod.rs | 64 +++++++++++++++++++++++++++ rustls/src/webpki/client_verifier.rs | 2 +- rustls/src/webpki/server_verifier.rs | 4 +- rustls/src/webpki/verify.rs | 66 +--------------------------- 4 files changed, 68 insertions(+), 68 deletions(-) diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index f0fa439192..ef0cee7fa4 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -1,10 +1,13 @@ use crate::crypto::{CryptoProvider, SupportedKxGroup}; +use crate::enums::SignatureScheme; use crate::rand::GetRandomFailed; use crate::sign::SigningKey; use crate::suites::SupportedCipherSuite; +use crate::webpki::WebPkiSupportedAlgorithms; use crate::Error; use pki_types::PrivateKeyDer; +use webpki::ring as webpki_algs; use alloc::borrow::ToOwned; use alloc::sync::Arc; @@ -98,6 +101,67 @@ pub mod cipher_suite { }; } +/// A `WebPkiSupportedAlgorithms` value that reflects webpki's capabilities when +/// compiled against *ring*. +pub(crate) static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { + all: &[ + webpki_algs::ECDSA_P256_SHA256, + webpki_algs::ECDSA_P256_SHA384, + webpki_algs::ECDSA_P384_SHA256, + webpki_algs::ECDSA_P384_SHA384, + webpki_algs::ED25519, + webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, + webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, + webpki_algs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, + webpki_algs::RSA_PKCS1_2048_8192_SHA256, + webpki_algs::RSA_PKCS1_2048_8192_SHA384, + webpki_algs::RSA_PKCS1_2048_8192_SHA512, + webpki_algs::RSA_PKCS1_3072_8192_SHA384, + ], + mapping: &[ + // nb. for TLS1.2 the curve is not fixed by SignatureScheme. for TLS1.3 it is. + ( + SignatureScheme::ECDSA_NISTP384_SHA384, + &[ + webpki_algs::ECDSA_P384_SHA384, + webpki_algs::ECDSA_P256_SHA384, + ], + ), + ( + SignatureScheme::ECDSA_NISTP256_SHA256, + &[ + webpki_algs::ECDSA_P256_SHA256, + webpki_algs::ECDSA_P384_SHA256, + ], + ), + (SignatureScheme::ED25519, &[webpki_algs::ED25519]), + ( + SignatureScheme::RSA_PSS_SHA512, + &[webpki_algs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY], + ), + ( + SignatureScheme::RSA_PSS_SHA384, + &[webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY], + ), + ( + SignatureScheme::RSA_PSS_SHA256, + &[webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY], + ), + ( + SignatureScheme::RSA_PKCS1_SHA512, + &[webpki_algs::RSA_PKCS1_2048_8192_SHA512], + ), + ( + SignatureScheme::RSA_PKCS1_SHA384, + &[webpki_algs::RSA_PKCS1_2048_8192_SHA384], + ), + ( + SignatureScheme::RSA_PKCS1_SHA256, + &[webpki_algs::RSA_PKCS1_2048_8192_SHA256], + ), + ], +}; + /// All defined key exchange groups supported by *ring* appear in this module. /// /// [`ALL_KX_GROUPS`] is provided as an array of all of these values. diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index ab7f8d4eee..8fc57db728 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -164,7 +164,7 @@ impl ClientCertVerifierBuilder { #[cfg(feature = "ring")] if self.supported_algs.is_none() { - self.supported_algs = Some(super::verify::SUPPORTED_SIG_ALGS); + self.supported_algs = Some(crate::crypto::ring::SUPPORTED_SIG_ALGS); } let supported_algs = self diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index ac722e640f..71aba0a775 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -6,11 +6,11 @@ use alloc::vec::Vec; use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; +#[cfg(feature = "ring")] +use crate::crypto::ring::SUPPORTED_SIG_ALGS; use crate::verify::{ DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, }; -#[cfg(feature = "ring")] -use crate::webpki::verify::SUPPORTED_SIG_ALGS; use crate::webpki::verify::{ verify_server_cert_signed_by_trust_anchor_impl, verify_signed_struct, verify_tls13, ParsedCertificate, diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 46cda9904a..95842238bf 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -2,8 +2,6 @@ use alloc::vec::Vec; use core::fmt; use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime}; -#[cfg(feature = "ring")] -use webpki::ring as webpki_algs; use super::anchors::RootCertStore; use super::pki_error; @@ -144,68 +142,6 @@ impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { } } -/// A `WebPkiSupportedAlgorithms` value that reflects webpki's capabilities when -/// compiled against *ring*. -#[cfg(feature = "ring")] -pub(crate) static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { - all: &[ - webpki_algs::ECDSA_P256_SHA256, - webpki_algs::ECDSA_P256_SHA384, - webpki_algs::ECDSA_P384_SHA256, - webpki_algs::ECDSA_P384_SHA384, - webpki_algs::ED25519, - webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, - webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, - webpki_algs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, - webpki_algs::RSA_PKCS1_2048_8192_SHA256, - webpki_algs::RSA_PKCS1_2048_8192_SHA384, - webpki_algs::RSA_PKCS1_2048_8192_SHA512, - webpki_algs::RSA_PKCS1_3072_8192_SHA384, - ], - mapping: &[ - // nb. for TLS1.2 the curve is not fixed by SignatureScheme. for TLS1.3 it is. - ( - SignatureScheme::ECDSA_NISTP384_SHA384, - &[ - webpki_algs::ECDSA_P384_SHA384, - webpki_algs::ECDSA_P256_SHA384, - ], - ), - ( - SignatureScheme::ECDSA_NISTP256_SHA256, - &[ - webpki_algs::ECDSA_P256_SHA256, - webpki_algs::ECDSA_P384_SHA256, - ], - ), - (SignatureScheme::ED25519, &[webpki_algs::ED25519]), - ( - SignatureScheme::RSA_PSS_SHA512, - &[webpki_algs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY], - ), - ( - SignatureScheme::RSA_PSS_SHA384, - &[webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY], - ), - ( - SignatureScheme::RSA_PSS_SHA256, - &[webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY], - ), - ( - SignatureScheme::RSA_PKCS1_SHA512, - &[webpki_algs::RSA_PKCS1_2048_8192_SHA512], - ), - ( - SignatureScheme::RSA_PKCS1_SHA384, - &[webpki_algs::RSA_PKCS1_2048_8192_SHA384], - ), - ( - SignatureScheme::RSA_PKCS1_SHA256, - &[webpki_algs::RSA_PKCS1_2048_8192_SHA256], - ), - ], -}; - fn verify_sig_using_any_alg( cert: &webpki::EndEntityCert, algs: &[&'static dyn SignatureVerificationAlgorithm], @@ -310,7 +246,7 @@ mod tests { fn webpki_supported_algorithms_is_debug() { assert_eq!( "WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }", - format!("{:?}", SUPPORTED_SIG_ALGS) + format!("{:?}", crate::crypto::ring::SUPPORTED_SIG_ALGS) ); } } From c6c792b616a35424cd1b91be8c4f58a76ca1bff9 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 30 Oct 2023 09:59:48 +0000 Subject: [PATCH 0354/1145] Delegate choosing webpki algorithms to `CryptoProvider` This drastically simplifies `provider-example`. But the primary goal is ensuring a client configured `with_provider(AWS_LC_RS)` only uses algorithms from aws-lc-rs, irrespective of crate features. --- provider-example/examples/client.rs | 5 +- provider-example/src/lib.rs | 13 ++--- rustls/src/client/builder.rs | 6 +- rustls/src/crypto/mod.rs | 6 ++ rustls/src/crypto/ring/mod.rs | 6 +- rustls/src/verifybench.rs | 6 +- rustls/src/webpki/client_verifier.rs | 59 +++++++++++-------- rustls/src/webpki/mod.rs | 8 --- rustls/src/webpki/server_verifier.rs | 84 ++++++++++++++++++---------- rustls/src/webpki/verify.rs | 2 +- rustls/tests/api.rs | 5 ++ 11 files changed, 123 insertions(+), 77 deletions(-) diff --git a/provider-example/examples/client.rs b/provider-example/examples/client.rs index 01462af29e..6bb24c5f0a 100644 --- a/provider-example/examples/client.rs +++ b/provider-example/examples/client.rs @@ -2,7 +2,7 @@ use std::io::{stdout, Read, Write}; use std::net::TcpStream; use std::sync::Arc; -use rustls_provider_example::{certificate_verifier, PROVIDER}; +use rustls_provider_example::PROVIDER; fn main() { env_logger::init(); @@ -16,8 +16,7 @@ fn main() { let config = rustls::ClientConfig::builder_with_provider(PROVIDER) .with_safe_defaults() - .dangerous() - .with_custom_certificate_verifier(certificate_verifier(root_store)) + .with_root_certificates(root_store) .with_no_client_auth(); let server_name = "www.rust-lang.org".try_into().unwrap(); diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 720f8a7a73..2018665d4c 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -36,6 +36,10 @@ impl rustls::crypto::CryptoProvider for Provider { ) -> Result, rustls::Error> { unimplemented!() } + + fn signature_verification_algorithms(&self) -> rustls::WebPkiSupportedAlgorithms { + verify::ALGORITHMS + } } static ALL_CIPHER_SUITES: &[rustls::SupportedCipherSuite] = &[ @@ -67,12 +71,3 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherS prf_provider: &rustls::crypto::tls12::PrfUsingHmac(&hmac::Sha256Hmac), aead_alg: &aead::Chacha20Poly1305, }); - -pub fn certificate_verifier( - roots: rustls::RootCertStore, -) -> Arc { - rustls::client::WebPkiServerVerifier::builder(roots.into()) - .with_signature_verification_algorithms(verify::ALGORITHMS) - .build() - .unwrap() -} diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 5f81edd74c..e46cdf5fd7 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -5,7 +5,6 @@ use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::error::Error; use crate::key_log::NoKeyLog; use crate::suites::SupportedCipherSuite; -#[cfg(feature = "ring")] use crate::webpki; use crate::{verify, versions}; @@ -15,11 +14,9 @@ use pki_types::{CertificateDer, PrivateKeyDer}; use alloc::sync::Arc; use alloc::vec::Vec; -#[cfg(any(feature = "dangerous_configuration", feature = "ring"))] use core::marker::PhantomData; impl ConfigBuilder { - #[cfg(feature = "ring")] /// Choose how to verify server certificates. pub fn with_root_certificates( self, @@ -33,6 +30,9 @@ impl ConfigBuilder { versions: self.state.versions, verifier: Arc::new(webpki::WebPkiServerVerifier::new_without_revocation( root_store, + self.state + .provider + .signature_verification_algorithms(), )), }, side: PhantomData, diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 2ceb805d79..bd43307ded 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,5 +1,6 @@ use crate::sign::SigningKey; use crate::suites; +use crate::webpki::WebPkiSupportedAlgorithms; use crate::{Error, NamedGroup}; use alloc::boxed::Box; @@ -54,6 +55,11 @@ pub trait CryptoProvider: Send + Sync + Debug + 'static { &self, key_der: PrivateKeyDer<'static>, ) -> Result, Error>; + + /// Return the signature verification algorithms for use with webpki. + /// + /// These are used for both certificate chain verification and handshake signature verification. + fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms; } /// A supported key exchange group. diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index ef0cee7fa4..f06b41fbe6 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -59,6 +59,10 @@ impl CryptoProvider for Ring { sign::any_supported_type(&key_der) .map_err(|_| Error::General("invalid private key".to_owned())) } + + fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms { + SUPPORTED_SIG_ALGS + } } /// The cipher suite configuration that an application should use by default. @@ -103,7 +107,7 @@ pub mod cipher_suite { /// A `WebPkiSupportedAlgorithms` value that reflects webpki's capabilities when /// compiled against *ring*. -pub(crate) static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { +static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { all: &[ webpki_algs::ECDSA_P256_SHA256, webpki_algs::ECDSA_P256_SHA384, diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index 61b3383e28..8d6b8d0002 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -9,6 +9,7 @@ use core::time::Duration; use std::time::Instant; +use crate::crypto::ring; use crate::verify::ServerCertVerifier; use crate::webpki::{RootCertStore, WebPkiServerVerifier}; @@ -208,7 +209,10 @@ impl Context { } fn bench(&self, count: usize) { - let verifier = WebPkiServerVerifier::new_without_revocation(self.roots.clone()); + let verifier = WebPkiServerVerifier::new_without_revocation( + self.roots.clone(), + ring::RING.signature_verification_algorithms(), + ); const OCSP_RESPONSE: &[u8] = &[]; let mut times = Vec::new(); diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 8fc57db728..38bb621db8 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -5,6 +5,7 @@ use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; use super::{pki_error, VerifierBuilderError}; +use crate::crypto::CryptoProvider; use crate::verify::{ ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid, NoClientAuth, @@ -24,11 +25,14 @@ pub struct ClientCertVerifierBuilder { revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, anon_policy: AnonymousClientPolicy, - supported_algs: Option, + supported_algs: WebPkiSupportedAlgorithms, } impl ClientCertVerifierBuilder { - pub(crate) fn new(roots: Arc) -> Self { + pub(crate) fn new( + roots: Arc, + supported_algs: WebPkiSupportedAlgorithms, + ) -> Self { Self { root_hint_subjects: roots.subjects(), roots, @@ -36,7 +40,7 @@ impl ClientCertVerifierBuilder { anon_policy: AnonymousClientPolicy::Deny, revocation_check_depth: RevocationCheckDepth::Chain, unknown_revocation_policy: UnknownStatusPolicy::Deny, - supported_algs: None, + supported_algs, } } @@ -135,7 +139,7 @@ impl ClientCertVerifierBuilder { mut self, supported_algs: WebPkiSupportedAlgorithms, ) -> Self { - self.supported_algs = Some(supported_algs); + self.supported_algs = supported_algs; self } @@ -144,8 +148,8 @@ impl ClientCertVerifierBuilder { /// and to determine what to do with anonymous clients that do not respond to the client /// certificate authentication offer with a client certificate. /// - /// If the `ring` crate feature is supplied, and `with_signature_verification_algorithms` was not - /// called on the builder, a default set of signature verification algorithms is used. + /// If `with_signature_verification_algorithms` was not called on the builder, a default set of + /// signature verification algorithms is used, controlled by the selected [`crate::crypto::CryptoProvider`]. /// /// Once built, the provided `Arc` can be used with a Rustls /// [crate::server::ServerConfig] to configure client certificate validation using @@ -155,22 +159,11 @@ impl ClientCertVerifierBuilder { /// This function will return a `ClientCertVerifierBuilderError` if: /// 1. No trust anchors have been provided. /// 2. DER encoded CRLs have been provided that can not be parsed successfully. - /// 3. No signature verification algorithms were set and the `ring` feature is not enabled. - #[cfg_attr(not(feature = "ring"), allow(unused_mut))] - pub fn build(mut self) -> Result, VerifierBuilderError> { + pub fn build(self) -> Result, VerifierBuilderError> { if self.roots.is_empty() { return Err(VerifierBuilderError::NoRootAnchors); } - #[cfg(feature = "ring")] - if self.supported_algs.is_none() { - self.supported_algs = Some(crate::crypto::ring::SUPPORTED_SIG_ALGS); - } - - let supported_algs = self - .supported_algs - .ok_or(VerifierBuilderError::NoSupportedAlgorithms)?; - Ok(Arc::new(WebPkiClientVerifier::new( self.roots, self.root_hint_subjects, @@ -178,7 +171,7 @@ impl ClientCertVerifierBuilder { self.revocation_check_depth, self.unknown_revocation_policy, self.anon_policy, - supported_algs, + self.supported_algs, ))) } } @@ -246,14 +239,37 @@ pub struct WebPkiClientVerifier { } impl WebPkiClientVerifier { - /// Create builder to build up the `webpki` client certificate verifier configuration. + /// Create a builder for the `webpki` client certificate verifier configuration using + /// the default [`CryptoProvider`]. + /// /// Client certificate authentication will be offered by the server, and client certificates /// will be verified using the trust anchors found in the provided `roots`. If you /// wish to disable client authentication use [WebPkiClientVerifier::no_client_auth()] instead. /// + /// The cryptography used comes from the default [`CryptoProvider`]: [`crate::crypto::ring::RING`]. + /// Use [`Self::builder_with_provider`] if you wish to customize this. + /// /// For more information, see the [`ClientCertVerifierBuilder`] documentation. + #[cfg(feature = "ring")] pub fn builder(roots: Arc) -> ClientCertVerifierBuilder { - ClientCertVerifierBuilder::new(roots) + Self::builder_with_provider(roots, crate::crypto::ring::RING) + } + + /// Create a builder for the `webpki` client certificate verifier configuration using + /// a specified [`CryptoProvider`]. + /// + /// Client certificate authentication will be offered by the server, and client certificates + /// will be verified using the trust anchors found in the provided `roots`. If you + /// wish to disable client authentication use [WebPkiClientVerifier::no_client_auth()] instead. + /// + /// The cryptography used comes from the specified [`CryptoProvider`]. + /// + /// For more information, see the [`ClientCertVerifierBuilder`] documentation. + pub fn builder_with_provider( + roots: Arc, + provider: &'static dyn CryptoProvider, + ) -> ClientCertVerifierBuilder { + ClientCertVerifierBuilder::new(roots, provider.signature_verification_algorithms()) } /// Create a new `WebPkiClientVerifier` that disables client authentication. The server will @@ -563,7 +579,6 @@ mod tests { let all = vec![ VerifierBuilderError::NoRootAnchors, VerifierBuilderError::InvalidCrl(crate::CertRevocationListError::ParseError), - VerifierBuilderError::NoSupportedAlgorithms, ]; for err in all { diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index d72edc23b6..c00d15b677 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -34,11 +34,6 @@ pub enum VerifierBuilderError { NoRootAnchors, /// A provided CRL could not be parsed. InvalidCrl(CertRevocationListError), - /// No supported signature verification algorithms were provided. - /// - /// Call `with_signature_verification_algorithms` on the builder, or compile - /// with the `ring` feature. - NoSupportedAlgorithms, } impl From for VerifierBuilderError { @@ -52,9 +47,6 @@ impl fmt::Display for VerifierBuilderError { match self { Self::NoRootAnchors => write!(f, "no root trust anchors were provided"), Self::InvalidCrl(e) => write!(f, "provided CRL could not be parsed: {:?}", e), - Self::NoSupportedAlgorithms => { - write!(f, "no signature verification algorithms were provided") - } } } } diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 71aba0a775..2e33c79505 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -6,8 +6,7 @@ use alloc::vec::Vec; use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; -#[cfg(feature = "ring")] -use crate::crypto::ring::SUPPORTED_SIG_ALGS; +use crate::crypto::CryptoProvider; use crate::verify::{ DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, }; @@ -27,17 +26,20 @@ pub struct ServerCertVerifierBuilder { crls: Vec>, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, - supported_algs: Option, + supported_algs: WebPkiSupportedAlgorithms, } impl ServerCertVerifierBuilder { - pub(crate) fn new(roots: Arc) -> Self { + pub(crate) fn new( + roots: Arc, + supported_algs: WebPkiSupportedAlgorithms, + ) -> Self { Self { roots, crls: Vec::new(), revocation_check_depth: RevocationCheckDepth::Chain, unknown_revocation_policy: UnknownStatusPolicy::Deny, - supported_algs: None, + supported_algs, } } @@ -86,15 +88,15 @@ impl ServerCertVerifierBuilder { mut self, supported_algs: WebPkiSupportedAlgorithms, ) -> Self { - self.supported_algs = Some(supported_algs); + self.supported_algs = supported_algs; self } /// Build a server certificate verifier, allowing control over the root certificates to use as /// trust anchors, and to control how server certificate revocation checking is performed. /// - /// If the `ring` crate feature is supplied, and `with_signature_verification_algorithms` was not - /// called on the builder, a default set of signature verification algorithms is used. + /// If `with_signature_verification_algorithms` was not called on the builder, a default set of + /// signature verification algorithms is used, controlled by the selected [`crate::crypto::CryptoProvider`]. /// /// Once built, the provided `Arc` can be used with a Rustls /// [crate::server::ServerConfig] to configure client certificate validation using @@ -104,28 +106,17 @@ impl ServerCertVerifierBuilder { /// This function will return a `CertVerifierBuilderError` if: /// 1. No trust anchors have been provided. /// 2. DER encoded CRLs have been provided that can not be parsed successfully. - /// 3. No signature verification algorithms were set and the `ring` feature is not enabled. - #[cfg_attr(not(feature = "ring"), allow(unused_mut))] - pub fn build(mut self) -> Result, VerifierBuilderError> { + pub fn build(self) -> Result, VerifierBuilderError> { if self.roots.is_empty() { return Err(VerifierBuilderError::NoRootAnchors); } - #[cfg(feature = "ring")] - if self.supported_algs.is_none() { - self.supported_algs = Some(SUPPORTED_SIG_ALGS); - } - - let supported_algs = self - .supported_algs - .ok_or(VerifierBuilderError::NoSupportedAlgorithms)?; - Ok(Arc::new(WebPkiServerVerifier::new( self.roots, parse_crls(self.crls)?, self.revocation_check_depth, self.unknown_revocation_policy, - supported_algs, + self.supported_algs, ))) } } @@ -142,24 +133,47 @@ pub struct WebPkiServerVerifier { #[allow(unreachable_pub)] impl WebPkiServerVerifier { - /// Create builder to build up the `webpki` server certificate verifier configuration. + /// Create a builder for the `webpki` server certificate verifier configuration using + /// the default [`CryptoProvider`]. + /// /// Server certificates will be verified using the trust anchors found in the provided `roots`. /// + /// The cryptography used comes from the default [`CryptoProvider`]: [`crate::crypto::ring::RING`]. + /// Use [`Self::builder_with_provider`] if you wish to customize this. + /// /// For more information, see the [`ServerCertVerifierBuilder`] documentation. + #[cfg(feature = "ring")] pub fn builder(roots: Arc) -> ServerCertVerifierBuilder { - ServerCertVerifierBuilder::new(roots) + Self::builder_with_provider(roots, crate::crypto::ring::RING) + } + + /// Create a builder for the `webpki` server certificate verifier configuration using + /// a specified [`CryptoProvider`]. + /// + /// Server certificates will be verified using the trust anchors found in the provided `roots`. + /// + /// The cryptography used comes from the specified [`CryptoProvider`]. + /// + /// For more information, see the [`ServerCertVerifierBuilder`] documentation. + pub fn builder_with_provider( + roots: Arc, + provider: &'static dyn CryptoProvider, + ) -> ServerCertVerifierBuilder { + ServerCertVerifierBuilder::new(roots, provider.signature_verification_algorithms()) } /// Short-cut for creating a `WebPkiServerVerifier` that does not perform certificate revocation /// checking, avoiding the need to use a builder. - #[cfg(feature = "ring")] - pub(crate) fn new_without_revocation(roots: impl Into>) -> Self { + pub(crate) fn new_without_revocation( + roots: impl Into>, + supported_algs: WebPkiSupportedAlgorithms, + ) -> Self { Self::new( roots, Vec::default(), RevocationCheckDepth::Chain, UnknownStatusPolicy::Allow, - SUPPORTED_SIG_ALGS, + supported_algs, ) } @@ -198,7 +212,12 @@ impl WebPkiServerVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - verify_signed_struct(message, cert, dss, &SUPPORTED_SIG_ALGS) + verify_signed_struct( + message, + cert, + dss, + &crate::crypto::ring::RING.signature_verification_algorithms(), + ) } /// A full implementation of `ServerCertVerifier::verify_tls13_signature` or @@ -209,14 +228,21 @@ impl WebPkiServerVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - verify_tls13(message, cert, dss, &SUPPORTED_SIG_ALGS) + verify_tls13( + message, + cert, + dss, + &crate::crypto::ring::RING.signature_verification_algorithms(), + ) } /// A full implementation of `ServerCertVerifier::supported_verify_schemes()` or /// `ClientCertVerifier::supported_verify_schemes()`. #[cfg(feature = "ring")] pub fn default_supported_verify_schemes() -> Vec { - SUPPORTED_SIG_ALGS.supported_schemes() + crate::crypto::ring::RING + .signature_verification_algorithms() + .supported_schemes() } } diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 95842238bf..52e567ec95 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -246,7 +246,7 @@ mod tests { fn webpki_supported_algorithms_is_debug() { assert_eq!( "WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }", - format!("{:?}", crate::crypto::ring::SUPPORTED_SIG_ALGS) + format!("{:?}", crate::crypto::ring::RING.signature_verification_algorithms()) ); } } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index be598c1527..3b5b3b6d62 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5489,6 +5489,11 @@ impl rustls::crypto::CryptoProvider for FaultyRandomProvider { ) -> Result, Error> { self.parent.load_private_key(key_der) } + + fn signature_verification_algorithms(&self) -> rustls::WebPkiSupportedAlgorithms { + self.parent + .signature_verification_algorithms() + } } #[test] From 48d78f723266969f640a3d6a5e9db0a037a0fa3a Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 31 Oct 2023 12:37:32 +0000 Subject: [PATCH 0355/1145] Improve docs around `{Server,Client}Config::builder` --- rustls/src/client/client_conn.rs | 10 +++++----- rustls/src/server/server_conn.rs | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index d2c111f84e..3cae4ead14 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -122,7 +122,8 @@ pub trait ResolvesClientCert: Send + Sync { /// (the rustls-native-certs crate is often used for this) may take on the order of a few hundred /// milliseconds. /// -/// These must be created via the [`ClientConfig::builder()`] function. +/// These must be created via the [`ClientConfig::builder()`] or [`ClientConfig::builder_with_provider()`] +/// function. /// /// # Defaults /// @@ -248,16 +249,15 @@ impl fmt::Debug for ClientConfig { impl ClientConfig { #[cfg(feature = "ring")] - /// Create a builder to build up the client configuration with the default - /// [`CryptoProvider`]. + /// Create a builder for a client configuration with the default + /// [`CryptoProvider`]: [`crate::crypto::ring::RING`]. /// /// For more information, see the [`ConfigBuilder`] documentation. pub fn builder() -> ConfigBuilder { Self::builder_with_provider(crate::crypto::ring::RING) } - /// Create builder to build up the client configuration with a specific - /// `CryptoProvider`. + /// Create a builder for a client configuration with a specific [`CryptoProvider`]. /// /// For more information, see the [`ConfigBuilder`] documentation. pub fn builder_with_provider( diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index d6a8094f29..597d11281f 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -196,7 +196,8 @@ impl<'a> ClientHello<'a> { /// from the operating system to add to the [`RootCertStore`] passed to a `ClientCertVerifier` /// builder may take on the order of a few hundred milliseconds. /// -/// These must be created via the [`ServerConfig::builder()`] function. +/// These must be created via the [`ServerConfig::builder()`] or [`ServerConfig::builder_with_provider()`] +/// function. /// /// # Defaults /// @@ -354,16 +355,15 @@ impl fmt::Debug for ServerConfig { impl ServerConfig { #[cfg(feature = "ring")] - /// Create builder to build up the server configuration with the default - /// `CryptoProvider`. + /// Create a builder for a server configuration with the default + /// [`CryptoProvider`]: [`crate::crypto::ring::RING`]. /// /// For more information, see the [`ConfigBuilder`] documentation. pub fn builder() -> ConfigBuilder { Self::builder_with_provider(crate::crypto::ring::RING) } - /// Create builder to build up the server configuration with a specific - /// `CryptoProvider`. + /// Create a builder for a server configuration with a specific [`CryptoProvider`]. /// /// For more information, see the [`ConfigBuilder`] documentation. pub fn builder_with_provider( From 8ea64754ac5a3eaff985ef5ccd8ff094c1a6ba80 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 27 Oct 2023 13:58:50 +0100 Subject: [PATCH 0356/1145] Remove reexport of signing impls in `rustls::sign::*` These continue to be available in `rustls::crypto::ring::sign::*`. --- rustls/src/lib.rs | 6 +----- rustls/tests/api.rs | 11 ++++++----- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index f143d54967..b2cb664b2c 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -517,12 +517,8 @@ pub mod version { pub use crate::versions::TLS13; } -/// Message signing interfaces and implementations. +/// Message signing interfaces. pub mod sign { - #[cfg(feature = "ring")] - pub use crate::crypto::ring::sign::{ - any_ecdsa_type, any_eddsa_type, any_supported_type, RsaSigningKey, - }; pub use crate::crypto::signer::{CertifiedKey, Signer, SigningKey}; } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 3b5b3b6d62..2f7a10c0ca 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -14,6 +14,7 @@ use pki_types::{CertificateDer, PrivateKeyDer, UnixTime}; use rustls::client::{ verify_server_cert_signed_by_trust_anchor, ResolvesClientCert, Resumption, WebPkiServerVerifier, }; +use rustls::crypto::ring::sign::RsaSigningKey; use rustls::crypto::ring::{cipher_suite, ALL_CIPHER_SUITES}; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; @@ -2524,7 +2525,7 @@ fn server_exposes_offered_sni_even_if_resolver_fails() { fn sni_resolver_works() { let kt = KeyType::Rsa; let mut resolver = rustls::server::ResolvesServerCertUsingSni::new(); - let signing_key = sign::RsaSigningKey::new(&kt.get_key()).unwrap(); + let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap(); let signing_key: Arc = Arc::new(signing_key); resolver .add( @@ -2562,7 +2563,7 @@ fn sni_resolver_works() { fn sni_resolver_rejects_wrong_names() { let kt = KeyType::Rsa; let mut resolver = rustls::server::ResolvesServerCertUsingSni::new(); - let signing_key = sign::RsaSigningKey::new(&kt.get_key()).unwrap(); + let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap(); let signing_key: Arc = Arc::new(signing_key); assert_eq!( @@ -2592,7 +2593,7 @@ fn sni_resolver_rejects_wrong_names() { fn sni_resolver_lower_cases_configured_names() { let kt = KeyType::Rsa; let mut resolver = rustls::server::ResolvesServerCertUsingSni::new(); - let signing_key = sign::RsaSigningKey::new(&kt.get_key()).unwrap(); + let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap(); let signing_key: Arc = Arc::new(signing_key); assert_eq!( @@ -2619,7 +2620,7 @@ fn sni_resolver_lower_cases_queried_names() { // actually, the handshake parser does this, but the effect is the same. let kt = KeyType::Rsa; let mut resolver = rustls::server::ResolvesServerCertUsingSni::new(); - let signing_key = sign::RsaSigningKey::new(&kt.get_key()).unwrap(); + let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap(); let signing_key: Arc = Arc::new(signing_key); assert_eq!( @@ -2645,7 +2646,7 @@ fn sni_resolver_lower_cases_queried_names() { fn sni_resolver_rejects_bad_certs() { let kt = KeyType::Rsa; let mut resolver = rustls::server::ResolvesServerCertUsingSni::new(); - let signing_key = sign::RsaSigningKey::new(&kt.get_key()).unwrap(); + let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap(); let signing_key: Arc = Arc::new(signing_key); assert_eq!( From aaf21d1cdf2b8102d25c2878e4455331a1004cad Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 3 Oct 2023 07:55:54 +0100 Subject: [PATCH 0357/1145] Allow optional use of aws-lc-rs Provide shims for limited number of places where ring 0.17 and aws-lc-rs (ring 0.16-era) APIs have diverged. This is a short-term fix, as they are likely to diverge more over time. Eventually we'll have to stop sharing the code like this. For unit-like tests, export a `test_provider` alias that resolves to a provider module, for use in these tests. This resolves to: - *ring* if cfg(feature = "ring"), else - aws-lc-rs if cfg(feature = "aws_lc_rs"), else - is absent --- .github/workflows/build.yml | 4 + Cargo.lock | 184 ++++++++++++++++++++++ rustls/Cargo.toml | 2 + rustls/src/client/handy.rs | 4 +- rustls/src/crypto/aws_lc_rs/mod.rs | 220 +++++++++++++++++++++++++++ rustls/src/crypto/mod.rs | 4 + rustls/src/crypto/ring/hash.rs | 4 +- rustls/src/crypto/ring/hmac.rs | 9 +- rustls/src/crypto/ring/kx.rs | 8 +- rustls/src/crypto/ring/mod.rs | 37 ++++- rustls/src/crypto/ring/quic.rs | 2 + rustls/src/crypto/ring/sign.rs | 8 +- rustls/src/crypto/ring/ticketer.rs | 2 + rustls/src/crypto/ring/tls12.rs | 2 + rustls/src/crypto/ring/tls13.rs | 2 + rustls/src/crypto/tls12.rs | 21 +-- rustls/src/crypto/tls13.rs | 14 +- rustls/src/hash_hs.rs | 12 +- rustls/src/lib.rs | 21 +++ rustls/src/suites.rs | 3 +- rustls/src/tls12/mod.rs | 4 +- rustls/src/tls13/key_schedule.rs | 18 +-- rustls/src/webpki/client_verifier.rs | 6 + rustls/src/webpki/server_verifier.rs | 23 +-- 24 files changed, 550 insertions(+), 64 deletions(-) create mode 100644 rustls/src/crypto/aws_lc_rs/mod.rs diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e0ade283b3..1bbbfbfe61 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -39,6 +39,10 @@ jobs: with: toolchain: ${{ matrix.rust }} + - name: Install NASM for aws-lc-rs on Windows + if: runner.os == 'Windows' + uses: ilammy/setup-nasm@v1 + - name: cargo build (debug; default features) run: cargo build --locked diff --git a/Cargo.lock b/Cargo.lock index 41adad13a7..2472aaafb6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -107,6 +107,31 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +[[package]] +name = "aws-lc-rs" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fb76b0a64f839f9e2be9871ea670a197a3e1d4b9634d741ec1456102a4fbaba" +dependencies = [ + "aws-lc-sys", + "mirai-annotations", + "untrusted 0.7.1", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de27c152edd365909b8fe952bce7617c910bd413b5b4bb9b0238d37e412f7e2a" +dependencies = [ + "bindgen", + "cmake", + "dunce", + "libc", + "paste", +] + [[package]] name = "backtrace" version = "0.3.69" @@ -140,6 +165,29 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7dfdb4953a096c551ce9ace855a604d702e6e62d77fac690575ae347571717f5" +[[package]] +name = "bindgen" +version = "0.68.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "726e4313eb6ec35d2730258ad4e15b547ee75d6afaa1361a922e78e59b7d8078" +dependencies = [ + "bitflags 2.4.1", + "cexpr", + "clang-sys", + "lazy_static", + "lazycell", + "log", + "peeking_take_while", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn", + "which", +] + [[package]] name = "bitflags" version = "1.3.2" @@ -188,6 +236,15 @@ dependencies = [ "libc", ] +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + [[package]] name = "cfg-if" version = "1.0.0" @@ -229,6 +286,17 @@ dependencies = [ "zeroize", ] +[[package]] +name = "clang-sys" +version = "1.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c688fc74432808e3eb684cae8830a86be1d66a2bd58e1f248ed0960a590baf6f" +dependencies = [ + "glob", + "libc", + "libloading", +] + [[package]] name = "clap" version = "4.4.7" @@ -269,6 +337,15 @@ version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1" +[[package]] +name = "cmake" +version = "0.1.50" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130" +dependencies = [ + "cc", +] + [[package]] name = "colorchoice" version = "1.0.0" @@ -411,6 +488,12 @@ dependencies = [ "strsim", ] +[[package]] +name = "dunce" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" + [[package]] name = "either" version = "1.9.0" @@ -555,6 +638,12 @@ version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6fb8d784f27acf97159b40fc4db5ecd8aa23b9ad5ef69cdd136d3bc80665f0c0" +[[package]] +name = "glob" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" + [[package]] name = "h2" version = "0.3.21" @@ -656,6 +745,15 @@ dependencies = [ "digest", ] +[[package]] +name = "home" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb" +dependencies = [ + "windows-sys", +] + [[package]] name = "hostname" version = "0.3.1" @@ -775,12 +873,28 @@ dependencies = [ "spin 0.5.2", ] +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + [[package]] name = "libc" version = "0.2.150" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" +[[package]] +name = "libloading" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f" +dependencies = [ + "cfg-if", + "winapi", +] + [[package]] name = "libm" version = "0.2.8" @@ -845,6 +959,12 @@ dependencies = [ "autocfg", ] +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + [[package]] name = "miniz_oxide" version = "0.7.1" @@ -866,6 +986,22 @@ dependencies = [ "windows-sys", ] +[[package]] +name = "mirai-annotations" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1" + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + [[package]] name = "num-bigint-dig" version = "0.8.4" @@ -968,6 +1104,18 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "paste" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" + +[[package]] +name = "peeking_take_while" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" + [[package]] name = "pem" version = "3.0.2" @@ -1055,6 +1203,16 @@ version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +[[package]] +name = "prettyplease" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae005bd773ab59b4725093fd7df83fd7892f7d8eafb48dbd7de6e024e4215f9d" +dependencies = [ + "proc-macro2", + "syn", +] + [[package]] name = "proc-macro2" version = "1.0.69" @@ -1245,6 +1403,12 @@ version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + [[package]] name = "rustc_version" version = "0.4.0" @@ -1283,6 +1447,7 @@ dependencies = [ name = "rustls" version = "0.22.0-alpha.4" dependencies = [ + "aws-lc-rs", "base64", "bencher", "env_logger", @@ -1398,6 +1563,7 @@ version = "0.102.0-alpha.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34d9ed3a8267782ba32d257ff5b197b63eef19a467dbd1be011caaae35ee416e" dependencies = [ + "aws-lc-rs", "ring 0.17.5", "rustls-pki-types", "untrusted 0.9.0", @@ -1462,6 +1628,12 @@ dependencies = [ "digest", ] +[[package]] +name = "shlex" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7cee0529a6d40f580e7a5e6c495c8fbfe21b7b52795ed4bb5e62cdf92bc6380" + [[package]] name = "signature" version = "2.1.0" @@ -1832,6 +2004,18 @@ dependencies = [ "rustls-pki-types", ] +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + [[package]] name = "widestring" version = "1.0.2" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index cc32aa91bc..7d028d1696 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -16,6 +16,7 @@ build = "build.rs" rustversion = { version = "1.0.6", optional = true } [dependencies] +aws-lc-rs = { version = "1", optional = true } log = { version = "0.4.4", optional = true } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } @@ -26,6 +27,7 @@ zeroize = "1.6.0" [features] default = ["logging", "ring", "tls12"] logging = ["log"] +aws_lc_rs = ["dep:aws-lc-rs", "webpki/aws_lc_rs"] ring = ["dep:ring", "webpki/ring"] quic = [] tls12 = [] diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index ef087e89db..a7fb870a7a 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -201,16 +201,16 @@ impl client::ResolvesClientCert for AlwaysResolvesClientCert { } } -#[cfg(all(test, feature = "ring"))] +#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] mod tests { use super::NoClientSessionStorage; use crate::client::ClientSessionStore; - use crate::crypto::ring::cipher_suite; use crate::msgs::enums::NamedGroup; #[cfg(feature = "tls12")] use crate::msgs::handshake::SessionId; use crate::msgs::persist::Tls13ClientSessionValue; use crate::suites::SupportedCipherSuite; + use crate::test_provider::cipher_suite; use pki_types::UnixTime; diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs new file mode 100644 index 0000000000..e5b3f613eb --- /dev/null +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -0,0 +1,220 @@ +use crate::crypto::{CryptoProvider, SupportedKxGroup}; +use crate::enums::SignatureScheme; +use crate::rand::GetRandomFailed; +use crate::sign::SigningKey; +use crate::suites::SupportedCipherSuite; +use crate::webpki::WebPkiSupportedAlgorithms; +use crate::Error; + +use pki_types::PrivateKeyDer; +use webpki::aws_lc_rs as webpki_algs; + +use alloc::string::String; +use alloc::sync::Arc; + +// aws-lc-rs has a -- roughly -- ring-compatible API, so we just reuse all that +// glue here. The shared files should always use `super::ring_like` to access a +// ring-compatible crate, and `super::ring_shim` to bridge the gaps where they are +// small. +pub(crate) use aws_lc_rs as ring_like; + +/// Using software keys for authentication. +#[path = "../ring/sign.rs"] +pub mod sign; + +#[path = "../ring/hash.rs"] +pub(crate) mod hash; +#[path = "../ring/hmac.rs"] +pub(crate) mod hmac; +#[path = "../ring/kx.rs"] +pub(crate) mod kx; +#[cfg(feature = "quic")] +#[path = "../ring/quic.rs"] +pub(crate) mod quic; +#[path = "../ring/ticketer.rs"] +pub(crate) mod ticketer; +#[cfg(feature = "tls12")] +#[path = "../ring/tls12.rs"] +pub(crate) mod tls12; +#[path = "../ring/tls13.rs"] +pub(crate) mod tls13; + +/// A `CryptoProvider` backed by aws-lc-rs. +pub static AWS_LC_RS: &dyn CryptoProvider = &AwsLcRs; + +#[derive(Debug)] +struct AwsLcRs; + +impl CryptoProvider for AwsLcRs { + fn fill_random(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed> { + use ring_like::rand::SecureRandom; + + ring_like::rand::SystemRandom::new() + .fill(buf) + .map_err(|_| GetRandomFailed) + } + + fn default_cipher_suites(&self) -> &'static [SupportedCipherSuite] { + DEFAULT_CIPHER_SUITES + } + + fn default_kx_groups(&self) -> &'static [&'static dyn SupportedKxGroup] { + ALL_KX_GROUPS + } + + fn load_private_key( + &self, + key_der: PrivateKeyDer<'static>, + ) -> Result, Error> { + sign::any_supported_type(&key_der) + .map_err(|_| Error::General(String::from("invalid private key"))) + } + + fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms { + SUPPORTED_SIG_ALGS + } +} + +/// The cipher suite configuration that an application should use by default. +/// +/// This will be [`ALL_CIPHER_SUITES`] sans any supported cipher suites that +/// shouldn't be enabled by most applications. +pub static DEFAULT_CIPHER_SUITES: &[SupportedCipherSuite] = ALL_CIPHER_SUITES; + +/// A list of all the cipher suites supported by the rustls *ring* provider. +pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[ + // TLS1.3 suites + tls13::TLS13_AES_256_GCM_SHA384, + tls13::TLS13_AES_128_GCM_SHA256, + tls13::TLS13_CHACHA20_POLY1305_SHA256, + // TLS1.2 suites + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +]; + +/// All defined cipher suites supported by aws-lc-rs appear in this module. +pub mod cipher_suite { + #[cfg(feature = "tls12")] + pub use super::tls12::{ + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + }; + pub use super::tls13::{ + TLS13_AES_128_GCM_SHA256, TLS13_AES_256_GCM_SHA384, TLS13_CHACHA20_POLY1305_SHA256, + }; +} + +/// A `WebPkiSupportedAlgorithms` value that reflects webpki's capabilities when +/// compiled against *ring*. +static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { + all: &[ + webpki_algs::ECDSA_P256_SHA256, + webpki_algs::ECDSA_P256_SHA384, + webpki_algs::ECDSA_P384_SHA256, + webpki_algs::ECDSA_P384_SHA384, + webpki_algs::ED25519, + webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, + webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, + webpki_algs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY, + webpki_algs::RSA_PKCS1_2048_8192_SHA256, + webpki_algs::RSA_PKCS1_2048_8192_SHA384, + webpki_algs::RSA_PKCS1_2048_8192_SHA512, + webpki_algs::RSA_PKCS1_3072_8192_SHA384, + ], + mapping: &[ + // nb. for TLS1.2 the curve is not fixed by SignatureScheme. for TLS1.3 it is. + ( + SignatureScheme::ECDSA_NISTP384_SHA384, + &[ + webpki_algs::ECDSA_P384_SHA384, + webpki_algs::ECDSA_P256_SHA384, + ], + ), + ( + SignatureScheme::ECDSA_NISTP256_SHA256, + &[ + webpki_algs::ECDSA_P256_SHA256, + webpki_algs::ECDSA_P384_SHA256, + ], + ), + (SignatureScheme::ED25519, &[webpki_algs::ED25519]), + ( + SignatureScheme::RSA_PSS_SHA512, + &[webpki_algs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY], + ), + ( + SignatureScheme::RSA_PSS_SHA384, + &[webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY], + ), + ( + SignatureScheme::RSA_PSS_SHA256, + &[webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY], + ), + ( + SignatureScheme::RSA_PKCS1_SHA512, + &[webpki_algs::RSA_PKCS1_2048_8192_SHA512], + ), + ( + SignatureScheme::RSA_PKCS1_SHA384, + &[webpki_algs::RSA_PKCS1_2048_8192_SHA384], + ), + ( + SignatureScheme::RSA_PKCS1_SHA256, + &[webpki_algs::RSA_PKCS1_2048_8192_SHA256], + ), + ], +}; + +/// All defined key exchange groups supported by aws-lc-rs appear in this module. +/// +/// [`ALL_KX_GROUPS`] is provided as an array of all of these values. +pub mod kx_group { + pub use super::kx::SECP256R1; + pub use super::kx::SECP384R1; + pub use super::kx::X25519; +} + +pub use kx::ALL_KX_GROUPS; +pub use ticketer::Ticketer; + +/// Compatibility shims between ring 0.16.x and 0.17.x API +mod ring_shim { + use super::ring_like; + use crate::crypto::SharedSecret; + + pub(super) fn digest_output_len(alg: &ring_like::digest::Algorithm) -> usize { + alg.output_len + } + + pub(super) fn agree_ephemeral( + priv_key: ring_like::agreement::EphemeralPrivateKey, + peer_key: &ring_like::agreement::UnparsedPublicKey<&[u8]>, + ) -> Result { + ring_like::agreement::agree_ephemeral(priv_key, peer_key, (), |secret| { + Ok(SharedSecret::from(secret)) + }) + } + + pub(super) fn rsa_key_pair_public_modulus_len(kp: &ring_like::signature::RsaKeyPair) -> usize { + kp.public_modulus_len() + } + + pub(super) fn ecdsa_key_pair_from_pkcs8( + alg: &'static ring_like::signature::EcdsaSigningAlgorithm, + data: &[u8], + _rng: &dyn ring_like::rand::SecureRandom, + ) -> Result { + ring_like::signature::EcdsaKeyPair::from_pkcs8(alg, data).map_err(|_| ()) + } +} diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index bd43307ded..2e6c0acd59 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -15,6 +15,10 @@ use zeroize::Zeroize; #[cfg(feature = "ring")] pub mod ring; +/// aws-lc-rs-based CryptoProvider. +#[cfg(feature = "aws_lc_rs")] +pub mod aws_lc_rs; + /// TLS message encryption/decryption interfaces. pub mod cipher; diff --git a/rustls/src/crypto/ring/hash.rs b/rustls/src/crypto/ring/hash.rs index 49e9a3f917..c49b58f1f5 100644 --- a/rustls/src/crypto/ring/hash.rs +++ b/rustls/src/crypto/ring/hash.rs @@ -1,3 +1,5 @@ +#![allow(clippy::duplicate_mod)] + use super::ring_like::digest; use crate::crypto; use crate::msgs::enums::HashAlgorithm; @@ -21,7 +23,7 @@ impl crypto::hash::Hash for Hash { } fn output_len(&self) -> usize { - self.0.output_len() + super::ring_shim::digest_output_len(self.0) } fn algorithm(&self) -> HashAlgorithm { diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index 9535dc58bd..060731ae0e 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -1,3 +1,5 @@ +#![allow(clippy::duplicate_mod)] + use super::ring_like; use crate::crypto; @@ -16,7 +18,7 @@ impl crypto::hmac::Hmac for Hmac { } fn hash_output_len(&self) -> usize { - self.0.digest_algorithm().output_len() + super::ring_shim::digest_output_len(self.0.digest_algorithm()) } } @@ -34,9 +36,6 @@ impl crypto::hmac::Key for Key { } fn tag_len(&self) -> usize { - self.0 - .algorithm() - .digest_algorithm() - .output_len() + super::ring_shim::digest_output_len(self.0.algorithm().digest_algorithm()) } } diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index be83ba8b8d..10c24cd3ce 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -1,3 +1,5 @@ +#![allow(clippy::duplicate_mod)] + use crate::crypto::{ActiveKeyExchange, SharedSecret, SupportedKxGroup}; use crate::error::{Error, PeerMisbehaved}; use crate::msgs::enums::NamedGroup; @@ -85,10 +87,8 @@ impl ActiveKeyExchange for KeyExchange { /// Completes the key exchange, given the peer's public key. fn complete(self: Box, peer: &[u8]) -> Result { let peer_key = agreement::UnparsedPublicKey::new(self.agreement_algorithm, peer); - agreement::agree_ephemeral(self.priv_key, &peer_key, |secret| { - SharedSecret::from(secret) - }) - .map_err(|_| PeerMisbehaved::InvalidKeyShare.into()) + super::ring_shim::agree_ephemeral(self.priv_key, &peer_key) + .map_err(|_| PeerMisbehaved::InvalidKeyShare.into()) } /// Return the group being used. diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index f06b41fbe6..4931f8a248 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -13,7 +13,6 @@ use alloc::borrow::ToOwned; use alloc::sync::Arc; pub(crate) use ring as ring_like; -use ring_like::rand::{SecureRandom, SystemRandom}; /// Using software keys for authentication. pub mod sign; @@ -39,7 +38,9 @@ struct Ring; impl CryptoProvider for Ring { fn fill_random(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed> { - SystemRandom::new() + use ring_like::rand::SecureRandom; + + ring_like::rand::SystemRandom::new() .fill(buf) .map_err(|_| GetRandomFailed) } @@ -177,3 +178,35 @@ pub mod kx_group { pub use kx::ALL_KX_GROUPS; pub use ticketer::Ticketer; + +/// Compatibility shims between ring 0.16.x and 0.17.x API +mod ring_shim { + use super::ring_like; + use crate::crypto::SharedSecret; + + pub(super) fn digest_output_len(alg: &ring_like::digest::Algorithm) -> usize { + alg.output_len() + } + + pub(super) fn agree_ephemeral( + priv_key: ring_like::agreement::EphemeralPrivateKey, + peer_key: &ring_like::agreement::UnparsedPublicKey<&[u8]>, + ) -> Result { + ring_like::agreement::agree_ephemeral(priv_key, peer_key, |secret| { + SharedSecret::from(secret) + }) + .map_err(|_| ()) + } + + pub(super) fn rsa_key_pair_public_modulus_len(kp: &ring_like::signature::RsaKeyPair) -> usize { + kp.public().modulus_len() + } + + pub(super) fn ecdsa_key_pair_from_pkcs8( + alg: &'static ring_like::signature::EcdsaSigningAlgorithm, + data: &[u8], + rng: &dyn ring_like::rand::SecureRandom, + ) -> Result { + ring_like::signature::EcdsaKeyPair::from_pkcs8(alg, data, rng).map_err(|_| ()) + } +} diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index c1b6050d3f..391fe2da3a 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -1,3 +1,5 @@ +#![allow(clippy::duplicate_mod)] + use crate::crypto::cipher::{Iv, Nonce}; use crate::crypto::tls13; use crate::error::Error; diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index a8090ba928..e424ec8181 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -1,3 +1,5 @@ +#![allow(clippy::duplicate_mod)] + use crate::enums::{SignatureAlgorithm, SignatureScheme}; use crate::error::Error; use crate::sign::{Signer, SigningKey}; @@ -141,7 +143,7 @@ impl RsaSigner { impl Signer for RsaSigner { fn sign(&self, message: &[u8]) -> Result, Error> { - let mut sig = vec![0; self.key.public().modulus_len()]; + let mut sig = vec![0; super::ring_shim::rsa_key_pair_public_modulus_len(&self.key)]; let rng = SystemRandom::new(); self.key @@ -186,7 +188,7 @@ impl EcdsaSigningKey { Self::convert_sec1_to_pkcs8(scheme, sigalg, sec1.secret_sec1_der(), &rng)? } PrivateKeyDer::Pkcs8(pkcs8) => { - EcdsaKeyPair::from_pkcs8(sigalg, pkcs8.secret_pkcs8_der(), &rng).map_err(|_| ())? + super::ring_shim::ecdsa_key_pair_from_pkcs8(sigalg, pkcs8.secret_pkcs8_der(), &rng)? } _ => return Err(()), }; @@ -218,7 +220,7 @@ impl EcdsaSigningKey { pkcs8_inner.extend_from_slice(pkcs8_prefix); pkcs8_inner.extend_from_slice(&sec1_wrap); - EcdsaKeyPair::from_pkcs8(sigalg, &wrap_in_sequence(&pkcs8_inner), rng).map_err(|_| ()) + super::ring_shim::ecdsa_key_pair_from_pkcs8(sigalg, &wrap_in_sequence(&pkcs8_inner), rng) } } diff --git a/rustls/src/crypto/ring/ticketer.rs b/rustls/src/crypto/ring/ticketer.rs index 032d305835..9c9e0b9882 100644 --- a/rustls/src/crypto/ring/ticketer.rs +++ b/rustls/src/crypto/ring/ticketer.rs @@ -1,3 +1,5 @@ +#![allow(clippy::duplicate_mod)] + use crate::error::Error; use crate::rand::GetRandomFailed; use crate::server::ProducesTickets; diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 8e7f1fbab0..2aa3b6b13f 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -1,3 +1,5 @@ +#![allow(clippy::duplicate_mod)] + use crate::crypto::cipher::{ make_tls12_aad, AeadKey, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index ecf1894e87..8b8e13b6fe 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -1,3 +1,5 @@ +#![allow(clippy::duplicate_mod)] + use alloc::boxed::Box; use alloc::vec::Vec; diff --git a/rustls/src/crypto/tls12.rs b/rustls/src/crypto/tls12.rs index 2e8538d7f2..91d8dbd6d3 100644 --- a/rustls/src/crypto/tls12.rs +++ b/rustls/src/crypto/tls12.rs @@ -76,10 +76,10 @@ pub(crate) fn prf(out: &mut [u8], hmac_key: &dyn hmac::Key, label: &[u8], seed: } } -#[cfg(all(test, feature = "ring"))] +#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] mod tests { use crate::crypto::hmac::Hmac; - use crate::crypto::ring; + use crate::test_provider::hmac; // Below known answer tests come from https://mailarchive.ietf.org/arch/msg/tls/fzVCzk-z3FShgGJ6DOXqM1ydxms/ @@ -93,7 +93,7 @@ mod tests { super::prf( &mut output, - &*ring::hmac::HMAC_SHA256.with_key(secret), + &*hmac::HMAC_SHA256.with_key(secret), label, seed, ); @@ -111,7 +111,7 @@ mod tests { super::prf( &mut output, - &*ring::hmac::HMAC_SHA512.with_key(secret), + &*hmac::HMAC_SHA512.with_key(secret), label, seed, ); @@ -129,7 +129,7 @@ mod tests { super::prf( &mut output, - &*ring::hmac::HMAC_SHA384.with_key(secret), + &*hmac::HMAC_SHA384.with_key(secret), label, seed, ); @@ -138,12 +138,12 @@ mod tests { } } -#[cfg(bench)] +#[cfg(all(bench, any(feature = "ring", feature = "aws_lc_rs")))] mod benchmarks { #[bench] fn bench_sha256(b: &mut test::Bencher) { use crate::crypto::hmac::Hmac; - use crate::crypto::ring; + use crate::test_provider::hmac; let label = &b"extended master secret"[..]; let seed = [0u8; 32]; @@ -151,12 +151,7 @@ mod benchmarks { b.iter(|| { let mut out = [0u8; 48]; - super::prf( - &mut out, - &*ring::hmac::HMAC_SHA256.with_key(key), - &label, - &seed, - ); + super::prf(&mut out, &*hmac::HMAC_SHA256.with_key(key), &label, &seed); test::black_box(out); }); } diff --git a/rustls/src/crypto/tls13.rs b/rustls/src/crypto/tls13.rs index eb600b0142..987aa24285 100644 --- a/rustls/src/crypto/tls13.rs +++ b/rustls/src/crypto/tls13.rs @@ -239,10 +239,10 @@ impl AsRef<[u8]> for OkmBlock { #[derive(Debug)] pub struct OutputLengthError; -#[cfg(all(test, feature = "ring"))] +#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] mod tests { use super::{expand, Hkdf, HkdfUsingHmac}; - use crate::crypto::ring; + use crate::test_provider::hmac; struct ByteArray([u8; N]); @@ -256,7 +256,7 @@ mod tests { #[test] fn test_case_1() { - let hkdf = HkdfUsingHmac(&ring::hmac::HMAC_SHA256); + let hkdf = HkdfUsingHmac(&hmac::HMAC_SHA256); let ikm = &[0x0b; 22]; let salt = &[ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, @@ -284,7 +284,7 @@ mod tests { #[test] fn test_case_2() { - let hkdf = HkdfUsingHmac(&ring::hmac::HMAC_SHA256); + let hkdf = HkdfUsingHmac(&hmac::HMAC_SHA256); let ikm: Vec = (0x00u8..=0x4f).collect(); let salt: Vec = (0x60u8..=0xaf).collect(); let info: Vec = (0xb0u8..=0xff).collect(); @@ -310,7 +310,7 @@ mod tests { #[test] fn test_case_3() { - let hkdf = HkdfUsingHmac(&ring::hmac::HMAC_SHA256); + let hkdf = HkdfUsingHmac(&hmac::HMAC_SHA256); let ikm = &[0x0b; 22]; let salt = &[]; let info = &[]; @@ -339,7 +339,7 @@ mod tests { // // >>> hkdf.HKDF(algorithm=hashes.SHA384(), length=96, salt=None, info=b"hello").derive(b"\x0b" * 40) - let hkdf = HkdfUsingHmac(&ring::hmac::HMAC_SHA384); + let hkdf = HkdfUsingHmac(&hmac::HMAC_SHA384); let ikm = &[0x0b; 40]; let info = &[&b"hel"[..], &b"lo"[..]]; @@ -365,7 +365,7 @@ mod tests { #[test] fn test_output_length_bounds() { - let hkdf = HkdfUsingHmac(&ring::hmac::HMAC_SHA256); + let hkdf = HkdfUsingHmac(&hmac::HMAC_SHA256); let ikm = &[]; let info = &[]; diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index ec64fff858..d7d5dcb26a 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -41,7 +41,7 @@ impl HandshakeHashBuffer { } /// Hash or buffer a byte slice. - #[cfg(all(test, feature = "ring"))] + #[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] fn update_raw(&mut self, buf: &[u8]) { self.buffer.extend_from_slice(buf); } @@ -166,17 +166,17 @@ impl HandshakeHash { } } -#[cfg(all(test, feature = "ring"))] +#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] mod tests { use super::HandshakeHashBuffer; - use crate::crypto::ring; + use crate::test_provider::hash::SHA256; #[test] fn hashes_correctly() { let mut hhb = HandshakeHashBuffer::new(); hhb.update_raw(b"hello"); assert_eq!(hhb.buffer.len(), 5); - let mut hh = hhb.start_hash(&ring::hash::SHA256); + let mut hh = hhb.start_hash(&SHA256); assert!(hh.client_auth.is_none()); hh.update_raw(b"world"); let h = hh.get_current_hash(); @@ -194,7 +194,7 @@ mod tests { hhb.set_client_auth_enabled(); hhb.update_raw(b"hello"); assert_eq!(hhb.buffer.len(), 5); - let mut hh = hhb.start_hash(&ring::hash::SHA256); + let mut hh = hhb.start_hash(&SHA256); assert_eq!( hh.client_auth .as_ref() @@ -224,7 +224,7 @@ mod tests { hhb.set_client_auth_enabled(); hhb.update_raw(b"hello"); assert_eq!(hhb.buffer.len(), 5); - let mut hh = hhb.start_hash(&ring::hash::SHA256); + let mut hh = hhb.start_hash(&SHA256); assert_eq!( hh.client_auth .as_ref() diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index b2cb664b2c..abb0a95339 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -256,6 +256,20 @@ //! which is used for cryptography. //! Without this feature, these items must be provided externally to the core //! rustls crate. +//! +//! - `aws_lc_rs`: this makes the rustls crate depend on the aws-lc-rs crate, +//! which can be used for cryptography as an alternative to *ring*. +//! Use `rustls::crypto::aws_lc_rs::AWS_LC_RS` as a `CryptoProvider` when making a +//! `ClientConfig` or `ServerConfig` to use aws-lc-rs -- eg: +//! +//! ``` +//! # #[cfg(feature = "aws_lc_rs")] { +//! rustls::ClientConfig::builder_with_provider(rustls::crypto::aws_lc_rs::AWS_LC_RS); +//! # } +//! ``` +//! +//! Note that aws-lc-rs has additional build-time dependencies like cmake. +//! See [the documentation](https://aws.github.io/aws-lc-rs/requirements/index.html) for details. // Require docs for public APIs, deny unsafe code, etc. #![forbid(unsafe_code, unused_must_use)] @@ -407,6 +421,13 @@ pub mod internal { } } +// Have a (non-public) "test provider" mod which supplies +// tests that need part of a *ring*-compatible provider module. +#[cfg(all(any(test, bench), not(feature = "ring"), feature = "aws_lc_rs"))] +use crate::crypto::{aws_lc_rs as test_provider, aws_lc_rs::AWS_LC_RS as TEST_PROVIDER}; +#[cfg(all(any(test, bench), feature = "ring"))] +use crate::crypto::{ring as test_provider, ring::RING as TEST_PROVIDER}; + // The public interface is: pub use crate::builder::{ ConfigBuilder, ConfigSide, WantsCipherSuites, WantsKxGroups, WantsVerifier, WantsVersions, diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 14b7adff99..894f06e13c 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -212,10 +212,11 @@ pub enum ConnectionTrafficSecrets { } #[cfg(all(test, feature = "ring"))] +#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] mod tests { - use super::crypto::ring::tls13::*; use super::*; use crate::enums::CipherSuite; + use crate::test_provider::tls13::*; #[test] fn test_client_pref() { diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index b2749e305a..ca5db22a58 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -307,12 +307,12 @@ pub(crate) fn decode_ecdh_params( pub(crate) const DOWNGRADE_SENTINEL: [u8; 8] = [0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01]; -#[cfg(all(test, feature = "ring"))] +#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] mod tests { use super::*; use crate::common_state::{CommonState, Side}; - use crate::crypto::ring::kx_group::X25519; use crate::msgs::handshake::{ClientEcdhParams, ServerEcdhParams}; + use crate::test_provider::kx_group::X25519; #[test] fn server_ecdhe_remaining_bytes() { diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index de8338cdd2..6259cad0db 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -609,7 +609,7 @@ impl KeySchedule { } /// Input the given secret. - #[cfg(all(test, feature = "ring"))] + #[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] fn input_secret(&mut self, secret: &[u8]) { let salt = self.derive_for_empty_hash(SecretKind::DerivedSecret); self.current = self @@ -830,11 +830,11 @@ where f(expander, info) } -#[cfg(all(test, feature = "ring"))] +#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] mod tests { use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; - use crate::crypto::ring::ring_like::aead; - use crate::crypto::ring::tls13::{ + use crate::test_provider::ring_like::aead; + use crate::test_provider::tls13::{ TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, }; use crate::KeyLog; @@ -1011,13 +1011,12 @@ mod tests { #[cfg(bench)] mod benchmarks { - #[cfg(feature = "ring")] + #[cfg(any(feature = "ring", feature = "aws_lc_rs"))] #[bench] fn bench_sha256(b: &mut test::Bencher) { use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; - use crate::crypto::ring::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; + use crate::test_provider::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; use crate::KeyLog; - use ring::aead; fn extract_traffic_secret(ks: &KeySchedule, kind: SecretKind) { struct Log; @@ -1026,7 +1025,6 @@ mod benchmarks { fn log(&self, _label: &str, _client_random: &[u8], _secret: &[u8]) {} } - let aead_alg = &aead::CHACHA20_POLY1305; let hash = [0u8; 32]; let traffic_secret = ks.derive_logged_secret(kind, &hash, &Log, &[0u8; 32]); let traffic_secret_expander = TLS13_CHACHA20_POLY1305_SHA256_INTERNAL @@ -1034,7 +1032,9 @@ mod benchmarks { .expander_for_okm(&traffic_secret); test::black_box(derive_traffic_key( traffic_secret_expander.as_ref(), - aead_alg.key_len(), + TLS13_CHACHA20_POLY1305_SHA256_INTERNAL + .aead_alg + .key_len(), )); test::black_box(derive_traffic_iv(traffic_secret_expander.as_ref())); } diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 38bb621db8..46cc7c1c21 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -186,17 +186,20 @@ impl ClientCertVerifierBuilder { /// /// To require all clients present a client certificate issued by a trusted CA: /// ```no_run +/// # #[cfg(feature = "ring")] { /// # use rustls::RootCertStore; /// # use rustls::server::WebPkiClientVerifier; /// # let roots = RootCertStore::empty(); /// let client_verifier = WebPkiClientVerifier::builder(roots.into()) /// .build() /// .unwrap(); +/// # } /// ``` /// /// Or, to allow clients presenting a client certificate authenticated by a trusted CA, or /// anonymous clients that present no client certificate: /// ```no_run +/// # #[cfg(feature = "ring")] { /// # use rustls::RootCertStore; /// # use rustls::server::WebPkiClientVerifier; /// # let roots = RootCertStore::empty(); @@ -204,6 +207,7 @@ impl ClientCertVerifierBuilder { /// .allow_unauthenticated() /// .build() /// .unwrap(); +/// # } /// ``` /// /// If you wish to disable advertising client authentication: @@ -217,6 +221,7 @@ impl ClientCertVerifierBuilder { /// You can also configure the client verifier to check for certificate revocation with /// client certificate revocation lists (CRLs): /// ```no_run +/// # #[cfg(feature = "ring")] { /// # use rustls::RootCertStore; /// # use rustls::server::{WebPkiClientVerifier}; /// # let roots = RootCertStore::empty(); @@ -225,6 +230,7 @@ impl ClientCertVerifierBuilder { /// .with_crls(crls) /// .build() /// .unwrap(); +/// # } /// ``` /// /// [^1]: diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 2e33c79505..e872c79926 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -327,14 +327,14 @@ impl ServerCertVerifier for WebPkiServerVerifier { } } -#[cfg(all(test, feature = "ring"))] +#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] mod tests { use std::sync::Arc; use pki_types::{CertificateDer, CertificateRevocationListDer}; use super::{VerifierBuilderError, WebPkiServerVerifier}; - use crate::RootCertStore; + use crate::{RootCertStore, TEST_PROVIDER}; fn load_crls(crls_der: &[&[u8]]) -> Vec> { crls_der @@ -375,7 +375,7 @@ mod tests { #[test] fn test_with_invalid_crls() { // Trying to build a server verifier with invalid CRLs should error at build time. - let result = WebPkiServerVerifier::builder(test_roots()) + let result = WebPkiServerVerifier::builder_with_provider(test_roots(), TEST_PROVIDER) .with_crls(vec![CertificateRevocationListDer::from(vec![0xFF])]) .build(); assert!(matches!(result, Err(VerifierBuilderError::InvalidCrl(_)))); @@ -390,7 +390,7 @@ mod tests { include_bytes!("../../../test-ca/eddsa/client.revoked.crl.pem").as_slice(), ]); - let builder = WebPkiServerVerifier::builder(test_roots()) + let builder = WebPkiServerVerifier::builder_with_provider(test_roots(), TEST_PROVIDER) .with_crls(initial_crls.clone()) .with_crls(extra_crls.clone()); @@ -404,15 +404,19 @@ mod tests { #[test] fn test_builder_no_roots() { // Trying to create a server verifier builder with no trust anchors should fail at build time - let result = WebPkiServerVerifier::builder(RootCertStore::empty().into()).build(); + let result = WebPkiServerVerifier::builder_with_provider( + RootCertStore::empty().into(), + TEST_PROVIDER, + ) + .build(); assert!(matches!(result, Err(VerifierBuilderError::NoRootAnchors))); } #[test] fn test_server_verifier_ee_only() { // We should be able to build a server cert. verifier that only checks the EE cert. - let builder = - WebPkiServerVerifier::builder(test_roots()).only_check_end_entity_revocation(); + let builder = WebPkiServerVerifier::builder_with_provider(test_roots(), TEST_PROVIDER) + .only_check_end_entity_revocation(); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); @@ -422,7 +426,8 @@ mod tests { fn test_server_verifier_allow_unknown() { // We should be able to build a server cert. verifier that allows unknown revocation // status. - let builder = WebPkiServerVerifier::builder(test_roots()).allow_unknown_revocation_status(); + let builder = WebPkiServerVerifier::builder_with_provider(test_roots(), TEST_PROVIDER) + .allow_unknown_revocation_status(); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); @@ -432,7 +437,7 @@ mod tests { fn test_server_verifier_allow_unknown_ee_only() { // We should be able to build a server cert. verifier that allows unknown revocation // status and only checks the EE cert. - let builder = WebPkiServerVerifier::builder(test_roots()) + let builder = WebPkiServerVerifier::builder_with_provider(test_roots(), TEST_PROVIDER) .allow_unknown_revocation_status() .only_check_end_entity_revocation(); // The builder should be Debug. From 1379f126575b0918e8ad69c587f6bbc1a4ef3347 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 24 Aug 2023 11:31:19 +0100 Subject: [PATCH 0358/1145] Enable testing and benchmarking with aws-lc-rs --- .github/workflows/build.yml | 18 ++- bogo/runme | 17 ++- ci-bench/Cargo.toml | 2 +- ci-bench/src/benchmark.rs | 16 ++- ci-bench/src/main.rs | 137 +++++++++++++------ rustls/Cargo.toml | 2 +- rustls/examples/internal/bogo_shim.rs | 18 ++- rustls/tests/api.rs | 184 +++++++++++++------------- rustls/tests/client_cert_verifier.rs | 18 ++- rustls/tests/common/mod.rs | 90 ++++++++++--- rustls/tests/server_cert_verifier.rs | 9 +- 11 files changed, 337 insertions(+), 174 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1bbbfbfe61..9f20d81aaa 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -51,6 +51,11 @@ jobs: env: RUST_BACKTRACE: 1 + - name: cargo test (debug; aws-lc-rs) + run: cargo test --no-default-features --features aws_lc_rs,tls12,quic,read_buf,logging + env: + RUST_BACKTRACE: 1 + - name: cargo build (debug; rustls-provider-example) run: cargo build --locked -p rustls-provider-example @@ -95,6 +100,9 @@ jobs: - name: cargo test (debug; no default features; tls12) run: cargo test --locked --no-default-features --features tls12 + - name: cargo test (debug; no default features; aws-lc-rs,tls12) + run: cargo test --no-default-features --features aws_lc_rs,tls12 + - name: cargo test (release; no run) run: cargo test --locked --release --no-run @@ -116,9 +124,17 @@ jobs: go-version: "1.20" cache: false - - name: Run test suite + - name: Run test suite (ring) working-directory: bogo run: ./runme + env: + BOGO_SHIM_PROVIDER: ring + + - name: Run test suite (aws-lc-rs) + working-directory: bogo + run: ./runme + env: + BOGO_SHIM_PROVIDER: aws-lc-rs fuzz: diff --git a/bogo/runme b/bogo/runme index 0a51c8097c..cefcfaa7cd 100755 --- a/bogo/runme +++ b/bogo/runme @@ -5,9 +5,20 @@ set -xe -if [ "x$USE_EXISTING_BOGO_SHIM" = "x" ] ; then - cargo build --example bogo_shim --features quic -fi +case ${BOGO_SHIM_PROVIDER:-ring} in + ring) + cargo build --example bogo_shim --features quic + ;; + aws-lc-rs) + cargo build --example bogo_shim --no-default-features --features quic,aws_lc_rs,tls12,logging + ;; + existing) + ;; + *) + echo "unsupported BOGO_SHIM_PROVIDER: supported are (ring|aws-lc-rs|existing)" + exit 1 + ;; +esac if [ ! -e bogo/ssl/test/runner/runner.test ] ; then ./fetch-and-build diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index 01504b5401..47952ca0d7 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -14,5 +14,5 @@ fxhash = "0.2.1" itertools = "0.11.0" pki-types = { package = "rustls-pki-types", version = "0.2" } rayon = "1.7.0" -rustls = { path = "../rustls" } +rustls = { path = "../rustls", features = ["ring", "aws_lc_rs"] } rustls-pemfile = "2.0.0-alpha.1" diff --git a/ci-bench/src/benchmark.rs b/ci-bench/src/benchmark.rs index 9c1382c0c5..4d23de575a 100644 --- a/ci-bench/src/benchmark.rs +++ b/ci-bench/src/benchmark.rs @@ -1,3 +1,5 @@ +use std::sync::Arc; + use fxhash::{FxHashMap, FxHashSet}; use itertools::Itertools; @@ -120,8 +122,12 @@ impl ResumptionKind { } /// Parameters associated to a benchmark -#[derive(Copy, Clone)] +#[derive(Clone, Debug)] pub struct BenchmarkParams { + /// Which `CryptoProvider` to test + pub provider: &'static dyn rustls::crypto::CryptoProvider, + /// How to make a suitable [`rustls::server::ProducesTickets`]. + pub ticketer: &'static fn() -> Arc, /// The type of key used to sign the TLS certificate pub key_type: KeyType, /// Cipher suite @@ -129,18 +135,22 @@ pub struct BenchmarkParams { /// TLS version pub version: &'static rustls::SupportedProtocolVersion, /// A user-facing label that identifies these params - pub label: &'static str, + pub label: String, } impl BenchmarkParams { /// Create a new set of benchmark params pub const fn new( + provider: &'static dyn rustls::crypto::CryptoProvider, + ticketer: &'static fn() -> Arc, key_type: KeyType, ciphersuite: rustls::SupportedCipherSuite, version: &'static rustls::SupportedProtocolVersion, - label: &'static str, + label: String, ) -> Self { Self { + provider, + ticketer, key_type, ciphersuite, version, diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 2befd7a09a..4838ba323e 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -14,10 +14,11 @@ use itertools::Itertools; use rayon::iter::Either; use rayon::prelude::*; use rustls::client::Resumption; -use rustls::crypto::ring::{cipher_suite, Ticketer}; +use rustls::crypto::{aws_lc_rs, ring}; use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; use rustls::{ - ClientConfig, ClientConnection, ProtocolVersion, RootCertStore, ServerConfig, ServerConnection, + CipherSuite, ClientConfig, ClientConnection, ProtocolVersion, RootCertStore, ServerConfig, + ServerConnection, }; use crate::benchmark::{ @@ -143,7 +144,7 @@ fn main() -> anyhow::Result<()> { let handshake_buf = &mut [0u8; 262144]; let resumption_kind = black_box(bench.kind.resumption_kind()); - let params = black_box(bench.params); + let params = black_box(&bench.params); let io = StepperIo { reader: &mut stdin, writer: &mut stdout, @@ -153,7 +154,7 @@ fn main() -> anyhow::Result<()> { Side::Server => run_bench( ServerSideStepper { io, - config: ServerSideStepper::make_config(¶ms, resumption_kind), + config: ServerSideStepper::make_config(params, resumption_kind), }, bench.kind, ), @@ -161,7 +162,7 @@ fn main() -> anyhow::Result<()> { ClientSideStepper { io, resumption_kind, - config: ClientSideStepper::make_config(¶ms, resumption_kind), + config: ClientSideStepper::make_config(params, resumption_kind), }, bench.kind, ), @@ -198,7 +199,7 @@ fn main() -> anyhow::Result<()> { /// Returns all benchmarks fn all_benchmarks() -> anyhow::Result> { let mut benchmarks = Vec::new(); - for ¶m in ALL_BENCHMARK_PARAMS { + for param in all_benchmarks_params() { add_benchmark_group(&mut benchmarks, param); } @@ -207,38 +208,86 @@ fn all_benchmarks() -> anyhow::Result> { } /// The benchmark params to use for each group of benchmarks -static ALL_BENCHMARK_PARAMS: &[BenchmarkParams] = &[ - BenchmarkParams::new( - KeyType::Rsa, - cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - &rustls::version::TLS12, - "1.2_rsa_aes", - ), - BenchmarkParams::new( - KeyType::Rsa, - cipher_suite::TLS13_AES_128_GCM_SHA256, - &rustls::version::TLS13, - "1.3_rsa_aes", - ), - BenchmarkParams::new( - KeyType::Ecdsa, - cipher_suite::TLS13_AES_128_GCM_SHA256, - &rustls::version::TLS13, - "1.3_ecdsa_aes", - ), - BenchmarkParams::new( - KeyType::Rsa, - cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, - &rustls::version::TLS13, - "1.3_rsa_chacha", - ), - BenchmarkParams::new( - KeyType::Ecdsa, - cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, - &rustls::version::TLS13, - "1.3_ecdsa_chacha", - ), -]; +fn all_benchmarks_params() -> Vec { + let mut all = Vec::new(); + + for (provider, suites, ticketer, provider_name) in [ + ( + ring::RING, + ring::ALL_CIPHER_SUITES, + &(ring_ticketer as fn() -> Arc), + "ring", + ), + ( + aws_lc_rs::AWS_LC_RS, + aws_lc_rs::ALL_CIPHER_SUITES, + &(aws_lc_rs_ticketer as fn() -> Arc), + "aws_lc_rs", + ), + ] { + for (key_type, suite_name, version, name) in [ + ( + KeyType::Rsa, + CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + &rustls::version::TLS12, + "1.2_rsa_aes", + ), + ( + KeyType::Rsa, + CipherSuite::TLS13_AES_128_GCM_SHA256, + &rustls::version::TLS13, + "1.3_rsa_aes", + ), + ( + KeyType::Ecdsa, + CipherSuite::TLS13_AES_128_GCM_SHA256, + &rustls::version::TLS13, + "1.3_ecdsa_aes", + ), + ( + KeyType::Rsa, + CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, + &rustls::version::TLS13, + "1.3_rsa_chacha", + ), + ( + KeyType::Ecdsa, + CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, + &rustls::version::TLS13, + "1.3_ecdsa_chacha", + ), + ] { + all.push(BenchmarkParams::new( + provider, + ticketer, + key_type, + find_suite(suites, suite_name), + version, + format!("{provider_name}_{name}"), + )); + } + } + + all +} + +fn find_suite( + all: &[rustls::SupportedCipherSuite], + name: CipherSuite, +) -> rustls::SupportedCipherSuite { + all.iter() + .find(|suite| suite.suite() == name) + .expect(&format!("cannot find cipher suite {name:?}")) + .clone() +} + +fn ring_ticketer() -> Arc { + ring::Ticketer::new().unwrap() +} + +fn aws_lc_rs_ticketer() -> Arc { + aws_lc_rs::Ticketer::new().unwrap() +} /// Adds a group of benchmarks for the specified parameters /// @@ -249,14 +298,14 @@ static ALL_BENCHMARK_PARAMS: &[BenchmarkParams] = &[ /// - Handshake with ticket resumption /// - Transfer a 1MB data stream from the server to the client fn add_benchmark_group(benchmarks: &mut Vec, params: BenchmarkParams) { - let params_label = params.label; + let params_label = params.label.clone(); // Create handshake benchmarks for all resumption kinds for &resumption_param in ResumptionKind::ALL { let handshake_bench = Benchmark::new( format!("handshake_{}_{params_label}", resumption_param.label()), BenchmarkKind::Handshake(resumption_param), - params, + params.clone(), ); let handshake_bench = if resumption_param != ResumptionKind::No { @@ -276,7 +325,7 @@ fn add_benchmark_group(benchmarks: &mut Vec, params: BenchmarkParams) Benchmark::new( format!("transfer_no_resume_{params_label}"), BenchmarkKind::Transfer, - params, + params.clone(), ) .exclude_setup_instructions(format!("handshake_no_resume_{params_label}")), ); @@ -357,7 +406,7 @@ impl ClientSideStepper<'_> { rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), ); - let mut cfg = ClientConfig::builder() + let mut cfg = ClientConfig::builder_with_provider(params.provider) .with_cipher_suites(&[params.ciphersuite]) .with_safe_default_kx_groups() .with_protocol_versions(&[params.version]) @@ -428,7 +477,7 @@ impl ServerSideStepper<'_> { fn make_config(params: &BenchmarkParams, resume: ResumptionKind) -> Arc { assert_eq!(params.ciphersuite.version(), params.version); - let mut cfg = ServerConfig::builder() + let mut cfg = ServerConfig::builder_with_provider(params.provider) .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(&[params.version]) @@ -440,7 +489,7 @@ impl ServerSideStepper<'_> { if resume == ResumptionKind::SessionId { cfg.session_storage = ServerSessionMemoryCache::new(128); } else if resume == ResumptionKind::Tickets { - cfg.ticketer = Ticketer::new().unwrap(); + cfg.ticketer = (params.ticketer)(); } else { cfg.session_storage = Arc::new(NoServerSessionStorage {}); } diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 7d028d1696..2a1d4c101c 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -44,7 +44,7 @@ base64 = "0.21" [[example]] name = "bogo_shim" path = "examples/internal/bogo_shim.rs" -required-features = ["quic", "tls12", "ring"] +required-features = ["quic", "tls12"] [[example]] name = "bench" diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 15d2ead24b..a69340270d 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -6,7 +6,6 @@ use rustls::client::danger::HandshakeSignatureValid; use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier}; -use rustls::crypto::ring::{kx_group, Ticketer, ALL_KX_GROUPS}; use rustls::crypto::SupportedKxGroup; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist::ServerSessionValue; @@ -18,6 +17,11 @@ use rustls::{ SupportedProtocolVersion, }; +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +use rustls::crypto::aws_lc_rs as provider; +#[cfg(feature = "ring")] +use rustls::crypto::ring as provider; + use base64::prelude::{Engine, BASE64_STANDARD}; use pki_types::{CertificateDer, PrivateKeyDer, UnixTime}; @@ -358,9 +362,9 @@ fn lookup_scheme(scheme: u16) -> SignatureScheme { fn lookup_kx_group(group: u16) -> &'static dyn SupportedKxGroup { match group { - 0x001d => kx_group::X25519, - 0x0017 => kx_group::SECP256R1, - 0x0018 => kx_group::SECP384R1, + 0x001d => provider::kx_group::X25519, + 0x0017 => provider::kx_group::SECP256R1, + 0x0018 => provider::kx_group::SECP384R1, _ => { println_err!("Unsupported kx group {:04x}", group); process::exit(BOGO_NACK); @@ -445,7 +449,7 @@ fn make_server_cfg(opts: &Options) -> Arc { .map(|curveid| lookup_kx_group(*curveid)) .collect() } else { - ALL_KX_GROUPS.to_vec() + provider::ALL_KX_GROUPS.to_vec() }; let mut cfg = ServerConfig::builder() @@ -470,7 +474,7 @@ fn make_server_cfg(opts: &Options) -> Arc { } if opts.tickets { - cfg.ticketer = Ticketer::new().unwrap(); + cfg.ticketer = provider::Ticketer::new().unwrap(); } else if opts.resumes == 0 { cfg.session_storage = Arc::new(server::NoServerSessionStorage {}); } @@ -561,7 +565,7 @@ fn make_client_cfg(opts: &Options) -> Arc { .map(|curveid| lookup_kx_group(*curveid)) .collect() } else { - ALL_KX_GROUPS.to_vec() + provider::ALL_KX_GROUPS.to_vec() }; let cfg = ClientConfig::builder() diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 2f7a10c0ca..bc61cec1b2 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1,4 +1,4 @@ -#![cfg(feature = "ring")] +#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] #![cfg_attr(read_buf, feature(read_buf))] //! Assorted public API tests. use std::cell::RefCell; @@ -11,17 +11,15 @@ use std::sync::Arc; use std::sync::Mutex; use pki_types::{CertificateDer, PrivateKeyDer, UnixTime}; -use rustls::client::{ - verify_server_cert_signed_by_trust_anchor, ResolvesClientCert, Resumption, WebPkiServerVerifier, -}; -use rustls::crypto::ring::sign::RsaSigningKey; -use rustls::crypto::ring::{cipher_suite, ALL_CIPHER_SUITES}; +use primary_provider::cipher_suite; +use primary_provider::sign::RsaSigningKey; +use rustls::client::{verify_server_cert_signed_by_trust_anchor, ResolvesClientCert, Resumption}; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; use rustls::internal::msgs::message::{Message, MessagePayload, PlainMessage}; -use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert, WebPkiClientVerifier}; +use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert}; use rustls::SupportedCipherSuite; use rustls::{ sign, AlertDescription, CertificateError, ConnectionCommon, ContentType, Error, KeyLog, @@ -223,7 +221,7 @@ fn check_read_buf_err(reader: &mut dyn io::Read, err_kind: io::ErrorKind) { #[test] fn config_builder_for_client_rejects_empty_kx_groups() { assert_eq!( - ClientConfig::builder() + client_config_builder() .with_safe_default_cipher_suites() .with_kx_groups(&[]) .with_safe_default_protocol_versions() @@ -235,7 +233,7 @@ fn config_builder_for_client_rejects_empty_kx_groups() { #[test] fn config_builder_for_client_rejects_empty_cipher_suites() { assert_eq!( - ClientConfig::builder() + client_config_builder() .with_cipher_suites(&[]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -248,7 +246,7 @@ fn config_builder_for_client_rejects_empty_cipher_suites() { #[test] fn config_builder_for_client_rejects_incompatible_cipher_suites() { assert_eq!( - ClientConfig::builder() + client_config_builder() .with_cipher_suites(&[cipher_suite::TLS13_AES_256_GCM_SHA384]) .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) @@ -260,7 +258,7 @@ fn config_builder_for_client_rejects_incompatible_cipher_suites() { #[test] fn config_builder_for_server_rejects_empty_kx_groups() { assert_eq!( - ServerConfig::builder() + server_config_builder() .with_safe_default_cipher_suites() .with_kx_groups(&[]) .with_safe_default_protocol_versions() @@ -272,7 +270,7 @@ fn config_builder_for_server_rejects_empty_kx_groups() { #[test] fn config_builder_for_server_rejects_empty_cipher_suites() { assert_eq!( - ServerConfig::builder() + server_config_builder() .with_cipher_suites(&[]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -285,7 +283,7 @@ fn config_builder_for_server_rejects_empty_cipher_suites() { #[test] fn config_builder_for_server_rejects_incompatible_cipher_suites() { assert_eq!( - ServerConfig::builder() + server_config_builder() .with_cipher_suites(&[cipher_suite::TLS13_AES_256_GCM_SHA384]) .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) @@ -446,15 +444,16 @@ fn server_can_get_client_cert_after_resumption() { } #[test] +#[cfg(feature = "ring")] fn test_config_builders_debug() { - let b = ServerConfig::builder(); + let b = server_config_builder(); assert_eq!( "ConfigBuilder { state: WantsCipherSuites(Ring) }", format!("{:?}", b) ); let b = b.with_cipher_suites(&[cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); assert_eq!("ConfigBuilder { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], provider: Ring } }", format!("{:?}", b)); - let b = b.with_kx_groups(&[rustls::crypto::ring::kx_group::X25519]); + let b = b.with_kx_groups(&[primary_provider::kx_group::X25519]); assert_eq!("ConfigBuilder { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring } }", format!("{:?}", b)); let b = b .with_protocol_versions(&[&rustls::version::TLS13]) @@ -462,14 +461,14 @@ fn test_config_builders_debug() { let b = b.with_no_client_auth(); assert_eq!("ConfigBuilder { state: WantsServerCert { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring, versions: [TLSv1_3], verifier: dyn ClientCertVerifier } }", format!("{:?}", b)); - let b = ClientConfig::builder(); + let b = client_config_builder(); assert_eq!( "ConfigBuilder { state: WantsCipherSuites(Ring) }", format!("{:?}", b) ); let b = b.with_cipher_suites(&[cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); assert_eq!("ConfigBuilder { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], provider: Ring } }", format!("{:?}", b)); - let b = b.with_kx_groups(&[rustls::crypto::ring::kx_group::X25519]); + let b = b.with_kx_groups(&[primary_provider::kx_group::X25519]); assert_eq!("ConfigBuilder { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring } }", format!("{:?}", b)); let b = b .with_protocol_versions(&[&rustls::version::TLS13]) @@ -486,12 +485,12 @@ fn server_allow_any_anonymous_or_authenticated_client() { let kt = KeyType::Rsa; for client_cert_chain in [None, Some(kt.get_client_chain())].iter() { let client_auth_roots = get_client_root_store(kt); - let client_auth = WebPkiClientVerifier::builder(client_auth_roots.clone()) + let client_auth = webpki_client_verifier_builder(client_auth_roots.clone()) .allow_unauthenticated() .build() .unwrap(); - let server_config = ServerConfig::builder() + let server_config = server_config_builder() .with_safe_defaults() .with_client_cert_verifier(client_auth) .with_single_cert(kt.get_chain(), kt.get_key()) @@ -899,7 +898,7 @@ fn check_sigalgs_reduced_by_ciphersuite( ) { let client_config = finish_client_config( kt, - ClientConfig::builder() + client_config_builder() .with_cipher_suites(&[find_suite(suite)]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -1066,7 +1065,7 @@ fn client_check_server_certificate_ee_revoked() { // Setup a server verifier that will check the EE certificate's revocation status. let crls = vec![kt.end_entity_crl()]; - let builder = WebPkiServerVerifier::builder(get_client_root_store(*kt)) + let builder = webpki_server_verifier_builder(get_client_root_store(*kt)) .with_crls(crls) .only_check_end_entity_revocation(); @@ -1097,12 +1096,12 @@ fn client_check_server_certificate_ee_unknown_revocation() { // allow unknown revocation status (the default). We'll provide CRLs that are not relevant // to the EE cert to ensure its status is unknown. let unrelated_crls = vec![kt.intermediate_crl()]; - let forbid_unknown_verifier = WebPkiServerVerifier::builder(get_client_root_store(*kt)) + let forbid_unknown_verifier = webpki_server_verifier_builder(get_client_root_store(*kt)) .with_crls(unrelated_crls.clone()) .only_check_end_entity_revocation(); // Also set up a verifier builder that will allow unknown revocation status. - let allow_unknown_verifier = WebPkiServerVerifier::builder(get_client_root_store(*kt)) + let allow_unknown_verifier = webpki_server_verifier_builder(get_client_root_store(*kt)) .with_crls(unrelated_crls) .only_check_end_entity_revocation() .allow_unknown_revocation_status(); @@ -1145,13 +1144,14 @@ fn client_check_server_certificate_intermediate_revoked() { // that marks the intermediate certificate as revoked. We allow unknown revocation status // so the EE cert's unknown status doesn't cause an error. let crls = vec![kt.intermediate_crl()]; - let full_chain_verifier_builder = WebPkiServerVerifier::builder(get_client_root_store(*kt)) - .with_crls(crls.clone()) - .allow_unknown_revocation_status(); + let full_chain_verifier_builder = + webpki_server_verifier_builder(get_client_root_store(*kt)) + .with_crls(crls.clone()) + .allow_unknown_revocation_status(); // Also set up a verifier builder that will use the same CRL, but only check the EE certificate // revocation status. - let ee_verifier_builder = WebPkiServerVerifier::builder(get_client_root_store(*kt)) + let ee_verifier_builder = webpki_server_verifier_builder(get_client_root_store(*kt)) .with_crls(crls.clone()) .only_check_end_entity_revocation() .allow_unknown_revocation_status(); @@ -1351,7 +1351,7 @@ fn client_cert_resolve_server_no_hints() { // arguments. for key_type in ALL_KEY_TYPES.into_iter() { // Build a verifier with no hint subjects. - let verifier = WebPkiClientVerifier::builder(get_client_root_store(key_type)) + let verifier = webpki_client_verifier_builder(get_client_root_store(key_type)) .clear_root_hint_subjects(); let server_config = make_server_config_with_client_verifier(key_type, verifier); let expected_root_hint_subjects = Vec::default(); // no hints expected. @@ -1378,7 +1378,7 @@ fn client_cert_resolve_server_added_hint() { ]; // Create a verifier that adds the extra_name as a hint subject in addition to the ones // from the root cert store. - let verifier = WebPkiClientVerifier::builder(get_client_root_store(key_type)) + let verifier = webpki_client_verifier_builder(get_client_root_store(key_type)) .add_root_hint_subjects([DistinguishedName::from(extra_name.clone())].into_iter()); let server_config = make_server_config_with_client_verifier(key_type, verifier); test_client_cert_resolve(key_type, server_config.into(), expected_hint_subjects); @@ -1407,7 +1407,7 @@ fn client_mandatory_auth_client_revocation_works() { let relevant_crls = vec![kt.client_crl()]; // Only check the EE certificate status. See client_mandatory_auth_intermediate_revocation_works // for testing revocation status of the whole chain. - let ee_verifier_builder = WebPkiClientVerifier::builder(get_client_root_store(*kt)) + let ee_verifier_builder = webpki_client_verifier_builder(get_client_root_store(*kt)) .with_crls(relevant_crls) .only_check_end_entity_revocation(); let revoked_server_config = Arc::new(make_server_config_with_client_verifier( @@ -1418,7 +1418,7 @@ fn client_mandatory_auth_client_revocation_works() { // Create a server configuration that includes a CRL that doesn't cover the client certificate, // and uses the default behaviour of treating unknown revocation status as an error. let unrelated_crls = vec![kt.intermediate_crl()]; - let ee_verifier_builder = WebPkiClientVerifier::builder(get_client_root_store(*kt)) + let ee_verifier_builder = webpki_client_verifier_builder(get_client_root_store(*kt)) .with_crls(unrelated_crls.clone()) .only_check_end_entity_revocation(); let missing_client_crl_server_config = Arc::new(make_server_config_with_client_verifier( @@ -1428,7 +1428,7 @@ fn client_mandatory_auth_client_revocation_works() { // Create a server configuration that includes a CRL that doesn't cover the client certificate, // but change the builder to allow unknown revocation status. - let ee_verifier_builder = WebPkiClientVerifier::builder(get_client_root_store(*kt)) + let ee_verifier_builder = webpki_client_verifier_builder(get_client_root_store(*kt)) .with_crls(unrelated_crls.clone()) .only_check_end_entity_revocation() .allow_unknown_revocation_status(); @@ -1478,9 +1478,10 @@ fn client_mandatory_auth_intermediate_revocation_works() { // is revoked. We check the full chain for revocation status (default), and allow unknown // revocation status so the EE's unknown revocation status isn't an error. let crls = vec![kt.intermediate_crl()]; - let full_chain_verifier_builder = WebPkiClientVerifier::builder(get_client_root_store(*kt)) - .with_crls(crls.clone()) - .allow_unknown_revocation_status(); + let full_chain_verifier_builder = + webpki_client_verifier_builder(get_client_root_store(*kt)) + .with_crls(crls.clone()) + .allow_unknown_revocation_status(); let full_chain_server_config = Arc::new(make_server_config_with_client_verifier( *kt, full_chain_verifier_builder, @@ -1488,7 +1489,7 @@ fn client_mandatory_auth_intermediate_revocation_works() { // Also create a server configuration that uses the same CRL, but that only checks the EE // cert revocation status. - let ee_only_verifier_builder = WebPkiClientVerifier::builder(get_client_root_store(*kt)) + let ee_only_verifier_builder = webpki_client_verifier_builder(get_client_root_store(*kt)) .with_crls(crls) .only_check_end_entity_revocation() .allow_unknown_revocation_status(); @@ -2307,7 +2308,7 @@ fn make_disjoint_suite_configs() -> (ClientConfig, ServerConfig) { let kt = KeyType::Rsa; let server_config = finish_server_config( kt, - ServerConfig::builder() + server_config_builder() .with_cipher_suites(&[cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -2316,7 +2317,7 @@ fn make_disjoint_suite_configs() -> (ClientConfig, ServerConfig) { let client_config = finish_client_config( kt, - ClientConfig::builder() + client_config_builder() .with_cipher_suites(&[cipher_suite::TLS13_AES_256_GCM_SHA384]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -2820,7 +2821,10 @@ fn do_suite_test( } fn find_suite(suite: CipherSuite) -> SupportedCipherSuite { - for scs in ALL_CIPHER_SUITES.iter().copied() { + for scs in primary_provider::ALL_CIPHER_SUITES + .iter() + .copied() + { if scs.suite() == suite { return scs; } @@ -2897,7 +2901,10 @@ fn negotiated_ciphersuite_default() { #[test] fn all_suites_covered() { - assert_eq!(ALL_CIPHER_SUITES.len(), TEST_CIPHERSUITES.len()); + assert_eq!( + primary_provider::ALL_CIPHER_SUITES.len(), + TEST_CIPHERSUITES.len() + ); } #[test] @@ -2907,7 +2914,7 @@ fn negotiated_ciphersuite_client() { let scs = find_suite(suite); let client_config = finish_client_config( kt, - ClientConfig::builder() + client_config_builder() .with_cipher_suites(&[scs]) .with_safe_default_kx_groups() .with_protocol_versions(&[version]) @@ -2925,7 +2932,7 @@ fn negotiated_ciphersuite_server() { let scs = find_suite(suite); let server_config = finish_server_config( kt, - ServerConfig::builder() + server_config_builder() .with_cipher_suites(&[scs]) .with_safe_default_kx_groups() .with_protocol_versions(&[version]) @@ -3557,7 +3564,7 @@ fn tls13_stateless_resumption() { let client_config = Arc::new(client_config); let mut server_config = make_server_config(kt); - server_config.ticketer = rustls::crypto::ring::Ticketer::new().unwrap(); + server_config.ticketer = primary_provider::Ticketer::new().unwrap(); let storage = Arc::new(ServerStorage::new()); server_config.session_storage = storage.clone(); let server_config = Arc::new(server_config); @@ -4053,6 +4060,7 @@ mod test_quic { } #[test] + #[cfg(feature = "ring")] // uses ring APIs directly fn test_quic_server_no_params_received() { let server_config = make_server_config_with_versions(KeyType::Ed25519, &[&rustls::version::TLS13]); @@ -4065,7 +4073,6 @@ mod test_quic { ) .unwrap(); - use rustls::crypto::ring::RING; use rustls::internal::msgs::enums::{Compression, NamedGroup}; use rustls::internal::msgs::handshake::{ ClientHelloPayload, HandshakeMessagePayload, KeyShareEntry, Random, SessionId, @@ -4073,7 +4080,9 @@ mod test_quic { use rustls::{CipherSuite, HandshakeType, SignatureScheme}; let mut random = [0; 32]; - RING.fill_random(&mut random).unwrap(); + PROVIDER + .fill_random(&mut random) + .unwrap(); let random = Random::from(random); let rng = ring::rand::SystemRandom::new(); @@ -4087,7 +4096,7 @@ mod test_quic { payload: HandshakePayload::ClientHello(ClientHelloPayload { client_version: ProtocolVersion::TLSv1_3, random, - session_id: SessionId::random(RING).unwrap(), + session_id: SessionId::random(PROVIDER).unwrap(), cipher_suites: vec![CipherSuite::TLS13_AES_128_GCM_SHA256], compression_methods: vec![Compression::Null], extensions: vec![ @@ -4113,13 +4122,13 @@ mod test_quic { } #[test] + #[cfg(feature = "ring")] // uses ring APIs directly fn test_quic_server_no_tls12() { let mut server_config = make_server_config_with_versions(KeyType::Ed25519, &[&rustls::version::TLS13]); server_config.alpn_protocols = vec!["foo".into()]; let server_config = Arc::new(server_config); - use rustls::crypto::ring::RING; use rustls::internal::msgs::enums::{Compression, NamedGroup}; use rustls::internal::msgs::handshake::{ ClientHelloPayload, HandshakeMessagePayload, KeyShareEntry, Random, SessionId, @@ -4127,7 +4136,9 @@ mod test_quic { use rustls::{CipherSuite, HandshakeType, SignatureScheme}; let mut random = [0; 32]; - RING.fill_random(&mut random).unwrap(); + PROVIDER + .fill_random(&mut random) + .unwrap(); let random = Random::from(random); let rng = ring::rand::SystemRandom::new(); @@ -4148,7 +4159,7 @@ mod test_quic { payload: HandshakePayload::ClientHello(ClientHelloPayload { client_version: ProtocolVersion::TLSv1_2, random, - session_id: SessionId::random(RING).unwrap(), + session_id: SessionId::random(PROVIDER).unwrap(), cipher_suites: vec![CipherSuite::TLS13_AES_128_GCM_SHA256], compression_methods: vec![Compression::Null], extensions: vec![ @@ -4426,26 +4437,20 @@ fn test_client_does_not_offer_sha1() { #[test] fn test_client_config_keyshare() { - let client_config = make_client_config_with_kx_groups( - KeyType::Rsa, - &[rustls::crypto::ring::kx_group::SECP384R1], - ); - let server_config = make_server_config_with_kx_groups( - KeyType::Rsa, - &[rustls::crypto::ring::kx_group::SECP384R1], - ); + let client_config = + make_client_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::SECP384R1]); + let server_config = + make_server_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::SECP384R1]); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); do_handshake_until_error(&mut client, &mut server).unwrap(); } #[test] fn test_client_config_keyshare_mismatch() { - let client_config = make_client_config_with_kx_groups( - KeyType::Rsa, - &[rustls::crypto::ring::kx_group::SECP384R1], - ); + let client_config = + make_client_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::SECP384R1]); let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::crypto::ring::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::X25519]); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); assert!(do_handshake_until_error(&mut client, &mut server).is_err()); } @@ -4457,8 +4462,8 @@ fn test_client_sends_helloretryrequest() { let mut client_config = make_client_config_with_kx_groups( KeyType::Rsa, &[ - rustls::crypto::ring::kx_group::SECP384R1, - rustls::crypto::ring::kx_group::X25519, + primary_provider::kx_group::SECP384R1, + primary_provider::kx_group::X25519, ], ); @@ -4467,7 +4472,7 @@ fn test_client_sends_helloretryrequest() { // but server only accepts x25519, so a HRR is required let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::crypto::ring::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::X25519]); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); @@ -4553,9 +4558,8 @@ fn test_client_sends_helloretryrequest() { #[test] fn test_client_rejects_hrr_with_varied_session_id() { - use rustls::crypto::ring::RING; use rustls::internal::msgs::handshake::SessionId; - let different_session_id = SessionId::random(RING).unwrap(); + let different_session_id = SessionId::random(PROVIDER).unwrap(); let assert_client_sends_hello_with_secp384 = |msg: &mut Message| -> Altered { if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { @@ -4589,13 +4593,13 @@ fn test_client_rejects_hrr_with_varied_session_id() { let client_config = make_client_config_with_kx_groups( KeyType::Rsa, &[ - rustls::crypto::ring::kx_group::SECP384R1, - rustls::crypto::ring::kx_group::X25519, + primary_provider::kx_group::SECP384R1, + primary_provider::kx_group::X25519, ], ); let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[rustls::crypto::ring::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::X25519]); let (client, server) = make_pair_for_configs(client_config, server_config); let (mut client, mut server) = (client.into(), server.into()); @@ -4627,15 +4631,13 @@ fn test_client_attempts_to_use_unsupported_kx_group() { // first, client sends a x25519 and server agrees. x25519 is inserted // into kx group cache. let mut client_config_1 = - make_client_config_with_kx_groups(KeyType::Rsa, &[rustls::crypto::ring::kx_group::X25519]); + make_client_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::X25519]); client_config_1.resumption = Resumption::store(shared_storage.clone()); // second, client only supports secp-384 and so kx group cache // contains an unusable value. - let mut client_config_2 = make_client_config_with_kx_groups( - KeyType::Rsa, - &[rustls::crypto::ring::kx_group::SECP384R1], - ); + let mut client_config_2 = + make_client_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::SECP384R1]); client_config_2.resumption = Resumption::store(shared_storage.clone()); let server_config = make_server_config(KeyType::Rsa); @@ -4977,7 +4979,7 @@ fn test_client_tls12_no_resume_after_server_downgrade() { let server_config_1 = Arc::new(common::finish_server_config( KeyType::Ed25519, - ServerConfig::builder() + server_config_builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS13]) @@ -4986,7 +4988,7 @@ fn test_client_tls12_no_resume_after_server_downgrade() { let mut server_config_2 = common::finish_server_config( KeyType::Ed25519, - ServerConfig::builder() + server_config_builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) @@ -5225,7 +5227,7 @@ fn test_secret_extraction_enabled() { println!("Testing suite {:?}", suite.suite().as_str()); // Only offer the cipher suite (and protocol version) that we're testing - let mut server_config = ServerConfig::builder() + let mut server_config = server_config_builder() .with_cipher_suites(&[suite]) .with_safe_default_kx_groups() .with_protocol_versions(&[version]) @@ -5289,7 +5291,7 @@ fn test_secret_extraction_disabled_or_too_early() { let kt = KeyType::Rsa; for (server_enable, client_enable) in [(true, false), (false, true)] { - let mut server_config = ServerConfig::builder() + let mut server_config = server_config_builder() .with_cipher_suites(&[suite]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -5345,7 +5347,7 @@ fn test_received_plaintext_backpressure() { let kt = KeyType::Rsa; let server_config = Arc::new( - ServerConfig::builder() + server_config_builder() .with_cipher_suites(&[suite]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() @@ -5430,7 +5432,7 @@ fn test_debug_server_name_from_string() { ) } -#[cfg(feature = "ring")] +#[cfg(all(feature = "ring", feature = "aws_lc_rs"))] #[test] fn test_explicit_provider_selection() { let client_config = finish_client_config( @@ -5440,7 +5442,7 @@ fn test_explicit_provider_selection() { ); let server_config = finish_server_config( KeyType::Rsa, - rustls::ServerConfig::builder_with_provider(rustls::crypto::ring::RING) + rustls::ServerConfig::builder_with_provider(rustls::crypto::aws_lc_rs::AWS_LC_RS) .with_safe_defaults(), ); @@ -5499,14 +5501,14 @@ impl rustls::crypto::CryptoProvider for FaultyRandomProvider { #[test] fn test_client_construction_fails_if_random_source_fails_in_first_request() { - static PROVIDER: FaultyRandomProvider = FaultyRandomProvider { - parent: rustls::crypto::ring::RING, + static TEST_PROVIDER: FaultyRandomProvider = FaultyRandomProvider { + parent: PROVIDER, rand_queue: Mutex::new(b""), }; let client_config = finish_client_config( KeyType::Rsa, - rustls::ClientConfig::builder_with_provider(&PROVIDER).with_safe_defaults(), + rustls::ClientConfig::builder_with_provider(&TEST_PROVIDER).with_safe_defaults(), ); assert_eq!( @@ -5517,14 +5519,14 @@ fn test_client_construction_fails_if_random_source_fails_in_first_request() { #[test] fn test_client_construction_fails_if_random_source_fails_in_second_request() { - static PROVIDER: FaultyRandomProvider = FaultyRandomProvider { - parent: rustls::crypto::ring::RING, + static TEST_PROVIDER: FaultyRandomProvider = FaultyRandomProvider { + parent: PROVIDER, rand_queue: Mutex::new(b"nice random number generator huh"), }; let client_config = finish_client_config( KeyType::Rsa, - rustls::ClientConfig::builder_with_provider(&PROVIDER).with_safe_defaults(), + rustls::ClientConfig::builder_with_provider(&TEST_PROVIDER).with_safe_defaults(), ); assert_eq!( @@ -5535,8 +5537,8 @@ fn test_client_construction_fails_if_random_source_fails_in_second_request() { #[test] fn test_client_construction_requires_64_bytes_of_random_material() { - static PROVIDER: FaultyRandomProvider = FaultyRandomProvider { - parent: rustls::crypto::ring::RING, + static TEST_PROVIDER: FaultyRandomProvider = FaultyRandomProvider { + parent: PROVIDER, rand_queue: Mutex::new( b"nice random number generator !!!\ it's really not very good is it?", @@ -5545,7 +5547,7 @@ fn test_client_construction_requires_64_bytes_of_random_material() { let client_config = finish_client_config( KeyType::Rsa, - rustls::ClientConfig::builder_with_provider(&PROVIDER).with_safe_defaults(), + rustls::ClientConfig::builder_with_provider(&TEST_PROVIDER).with_safe_defaults(), ); ClientConnection::new(Arc::new(client_config), server_name("localhost")) diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 437e383152..8abec7d8d5 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -7,10 +7,10 @@ mod common; use crate::common::{ do_handshake_until_both_error, do_handshake_until_error, get_client_root_store, make_client_config_with_versions, make_client_config_with_versions_with_auth, - make_pair_for_arc_configs, server_name, ErrorFromPeer, KeyType, ALL_KEY_TYPES, + make_pair_for_arc_configs, server_config_builder, server_name, webpki_client_verifier_builder, + ErrorFromPeer, KeyType, ALL_KEY_TYPES, }; use rustls::client::danger::HandshakeSignatureValid; -use rustls::client::WebPkiServerVerifier; use rustls::internal::msgs::handshake::DistinguishedName; use rustls::server::danger::{ClientCertVerified, ClientCertVerifier}; use rustls::{ @@ -41,7 +41,7 @@ fn server_config_with_verifier( kt: KeyType, client_cert_verifier: MockClientVerifier, ) -> ServerConfig { - ServerConfig::builder() + server_config_builder() .with_safe_defaults() .with_client_cert_verifier(Arc::new(client_cert_verifier)) .with_single_cert(kt.get_chain(), kt.get_key()) @@ -140,6 +140,7 @@ fn client_verifier_fails_properly() { } pub struct MockClientVerifier { + parent: Arc, pub verified: fn() -> Result, pub subjects: Vec, pub mandatory: bool, @@ -149,6 +150,9 @@ pub struct MockClientVerifier { impl MockClientVerifier { pub fn new(verified: fn() -> Result, kt: KeyType) -> Self { Self { + parent: webpki_client_verifier_builder(get_client_root_store(kt)) + .build() + .unwrap(), verified, subjects: get_client_root_store(kt).subjects(), mandatory: true, @@ -181,7 +185,8 @@ impl ClientCertVerifier for MockClientVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + self.parent + .verify_tls12_signature(message, cert, dss) } fn verify_tls13_signature( @@ -190,14 +195,15 @@ impl ClientCertVerifier for MockClientVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + self.parent + .verify_tls13_signature(message, cert, dss) } fn supported_verify_schemes(&self) -> Vec { if let Some(schemes) = &self.offered_schemes { schemes.clone() } else { - WebPkiServerVerifier::default_supported_verify_schemes() + self.parent.supported_verify_schemes() } } } diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 9e93e1b902..0a5e80b519 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -1,5 +1,5 @@ #![allow(dead_code)] -#![cfg(feature = "ring")] +#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] use std::io; use std::ops::{Deref, DerefMut}; @@ -8,7 +8,7 @@ use std::sync::Arc; use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use webpki::extract_trust_anchor; -use rustls::client::ServerCertVerifierBuilder; +use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier}; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage}; use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier}; @@ -18,6 +18,15 @@ use rustls::RootCertStore; use rustls::{ClientConfig, ClientConnection}; use rustls::{ConnectionCommon, ServerConfig, ServerConnection, SideData}; +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +pub use rustls::crypto::aws_lc_rs as primary_provider; +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +pub use rustls::crypto::aws_lc_rs::AWS_LC_RS as PROVIDER; +#[cfg(feature = "ring")] +pub use rustls::crypto::ring as primary_provider; +#[cfg(feature = "ring")] +pub use rustls::crypto::ring::RING as PROVIDER; + macro_rules! embed_files { ( $( @@ -261,6 +270,33 @@ impl KeyType { } } +pub fn server_config_builder() -> rustls::ConfigBuilder { + // ensure `ServerConfig::builder()` is covered, even though it is + // equivalent to `builder_with_provider(PROVIDER)`. + #[cfg(feature = "ring")] + { + rustls::ServerConfig::builder() + } + #[cfg(not(feature = "ring"))] + { + rustls::ServerConfig::builder_with_provider(PROVIDER) + } +} + +pub fn client_config_builder() -> rustls::ConfigBuilder { + // ensure `ClientConfig::builder()` is covered, even though it is + // equivalent to `builder_with_provider(PROVIDER)`. + #[cfg(feature = "ring")] + { + rustls::ClientConfig::builder() + } + + #[cfg(not(feature = "ring"))] + { + rustls::ClientConfig::builder_with_provider(PROVIDER) + } +} + pub fn finish_server_config( kt: KeyType, conf: rustls::ConfigBuilder, @@ -271,7 +307,7 @@ pub fn finish_server_config( } pub fn make_server_config(kt: KeyType) -> ServerConfig { - finish_server_config(kt, ServerConfig::builder().with_safe_defaults()) + finish_server_config(kt, server_config_builder().with_safe_defaults()) } pub fn make_server_config_with_versions( @@ -280,7 +316,7 @@ pub fn make_server_config_with_versions( ) -> ServerConfig { finish_server_config( kt, - ServerConfig::builder() + server_config_builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(versions) @@ -294,7 +330,7 @@ pub fn make_server_config_with_kx_groups( ) -> ServerConfig { finish_server_config( kt, - ServerConfig::builder() + server_config_builder() .with_safe_default_cipher_suites() .with_kx_groups(kx_groups) .with_safe_default_protocol_versions() @@ -321,14 +357,14 @@ pub fn make_server_config_with_mandatory_client_auth_crls( ) -> ServerConfig { make_server_config_with_client_verifier( kt, - WebPkiClientVerifier::builder(get_client_root_store(kt)).with_crls(crls), + webpki_client_verifier_builder(get_client_root_store(kt)).with_crls(crls), ) } pub fn make_server_config_with_mandatory_client_auth(kt: KeyType) -> ServerConfig { make_server_config_with_client_verifier( kt, - WebPkiClientVerifier::builder(get_client_root_store(kt)), + webpki_client_verifier_builder(get_client_root_store(kt)), ) } @@ -338,7 +374,7 @@ pub fn make_server_config_with_optional_client_auth( ) -> ServerConfig { make_server_config_with_client_verifier( kt, - WebPkiClientVerifier::builder(get_client_root_store(kt)) + webpki_client_verifier_builder(get_client_root_store(kt)) .with_crls(crls) .allow_unknown_revocation_status() .allow_unauthenticated(), @@ -349,7 +385,7 @@ pub fn make_server_config_with_client_verifier( kt: KeyType, verifier_builder: ClientCertVerifierBuilder, ) -> ServerConfig { - ServerConfig::builder() + server_config_builder() .with_safe_defaults() .with_client_cert_verifier(verifier_builder.build().unwrap()) .with_single_cert(kt.get_chain(), kt.get_key()) @@ -389,14 +425,14 @@ pub fn finish_client_config_with_creds( } pub fn make_client_config(kt: KeyType) -> ClientConfig { - finish_client_config(kt, ClientConfig::builder().with_safe_defaults()) + finish_client_config(kt, client_config_builder().with_safe_defaults()) } pub fn make_client_config_with_kx_groups( kt: KeyType, kx_groups: &[&'static dyn rustls::crypto::SupportedKxGroup], ) -> ClientConfig { - let builder = ClientConfig::builder() + let builder = client_config_builder() .with_safe_default_cipher_suites() .with_kx_groups(kx_groups) .with_safe_default_protocol_versions() @@ -408,7 +444,7 @@ pub fn make_client_config_with_versions( kt: KeyType, versions: &[&'static rustls::SupportedProtocolVersion], ) -> ClientConfig { - let builder = ClientConfig::builder() + let builder = client_config_builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(versions) @@ -417,14 +453,14 @@ pub fn make_client_config_with_versions( } pub fn make_client_config_with_auth(kt: KeyType) -> ClientConfig { - finish_client_config_with_creds(kt, ClientConfig::builder().with_safe_defaults()) + finish_client_config_with_creds(kt, client_config_builder().with_safe_defaults()) } pub fn make_client_config_with_versions_with_auth( kt: KeyType, versions: &[&'static rustls::SupportedProtocolVersion], ) -> ClientConfig { - let builder = ClientConfig::builder() + let builder = client_config_builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(versions) @@ -436,7 +472,7 @@ pub fn make_client_config_with_verifier( versions: &[&'static rustls::SupportedProtocolVersion], verifier_builder: ServerCertVerifierBuilder, ) -> ClientConfig { - ClientConfig::builder() + client_config_builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(versions) @@ -446,6 +482,30 @@ pub fn make_client_config_with_verifier( .with_no_client_auth() } +pub fn webpki_client_verifier_builder(roots: Arc) -> ClientCertVerifierBuilder { + #[cfg(feature = "ring")] + { + WebPkiClientVerifier::builder(roots) + } + + #[cfg(not(feature = "ring"))] + { + WebPkiClientVerifier::builder_with_provider(roots, PROVIDER) + } +} + +pub fn webpki_server_verifier_builder(roots: Arc) -> ServerCertVerifierBuilder { + #[cfg(feature = "ring")] + { + WebPkiServerVerifier::builder(roots) + } + + #[cfg(not(feature = "ring"))] + { + WebPkiServerVerifier::builder_with_provider(roots, PROVIDER) + } +} + pub fn make_pair(kt: KeyType) -> (ClientConnection, ServerConnection) { make_pair_for_configs(make_client_config(kt), make_server_config(kt)) } diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index 740c0a1e69..1f3433fa68 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -8,7 +8,6 @@ use crate::common::{ make_pair_for_arc_configs, make_server_config, ErrorFromPeer, ALL_KEY_TYPES, }; use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; -use rustls::client::WebPkiServerVerifier; use rustls::DigitallySignedStruct; use rustls::{AlertDescription, Error, InvalidMessage, SignatureScheme}; @@ -264,7 +263,13 @@ impl Default for MockServerVerifier { cert_rejection_error: None, tls12_signature_error: None, tls13_signature_error: None, - signature_schemes: WebPkiServerVerifier::default_supported_verify_schemes(), + signature_schemes: vec![ + SignatureScheme::RSA_PSS_SHA256, + SignatureScheme::RSA_PKCS1_SHA256, + SignatureScheme::ED25519, + SignatureScheme::ECDSA_NISTP256_SHA256, + SignatureScheme::ECDSA_NISTP384_SHA384, + ], } } } From b5c428d22352452484d898f66d3e879b4db4762e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 3 Oct 2023 11:04:24 +0100 Subject: [PATCH 0359/1145] Fix HMAC_SHA512 dead-code warning It isn't possible to write a cfg expression that says when this is used, because it would differ over the two instantiations. Note that HMAC-SHA512 is only actually used to run test vectors posted to the tlswg mailing list by some random in 2009. --- rustls/src/crypto/ring/hmac.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index 060731ae0e..1499e4acb8 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -7,7 +7,8 @@ use alloc::boxed::Box; pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring_like::hmac::HMAC_SHA256); pub(crate) static HMAC_SHA384: Hmac = Hmac(&ring_like::hmac::HMAC_SHA384); -#[cfg(all(test, feature = "tls12"))] +#[cfg(test)] +#[allow(dead_code)] // only for TLS1.2 prf test pub(crate) static HMAC_SHA512: Hmac = Hmac(&ring_like::hmac::HMAC_SHA512); pub(crate) struct Hmac(&'static ring_like::hmac::Algorithm); From 6189d780d8d646948b5d143a852dc901dc1cc32d Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 30 Oct 2023 15:17:54 +0000 Subject: [PATCH 0360/1145] Run feature tests in rustls/ directory Otherwise they get altered by feature unification from other members of the workspace. That's more "spooky action at a distance" than is desirable. --- .github/workflows/build.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9f20d81aaa..9ee68198f6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -88,23 +88,29 @@ jobs: - name: cargo build (debug; default features) run: cargo build --locked + working-directory: rustls - name: cargo test (debug; default features) run: cargo test --locked + working-directory: rustls env: RUST_BACKTRACE: 1 - name: cargo test (debug; no default features) run: cargo test --locked --no-default-features + working-directory: rustls - name: cargo test (debug; no default features; tls12) run: cargo test --locked --no-default-features --features tls12 + working-directory: rustls - name: cargo test (debug; no default features; aws-lc-rs,tls12) run: cargo test --no-default-features --features aws_lc_rs,tls12 + working-directory: rustls - name: cargo test (release; no run) run: cargo test --locked --release --no-run + working-directory: rustls bogo: name: BoGo test suite From b742a4a2a6b20ba66f35d22740d8602b3f4be956 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 9 Nov 2023 11:06:24 +0000 Subject: [PATCH 0361/1145] Remove *CertVerifierBuilder::with_signature_verification_algorithms These seem no longer necessary. --- rustls/src/webpki/client_verifier.rs | 11 ----------- rustls/src/webpki/server_verifier.rs | 11 ----------- 2 files changed, 22 deletions(-) diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 46cc7c1c21..ddf4d64624 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -132,17 +132,6 @@ impl ClientCertVerifierBuilder { self } - /// Sets which signature verification algorithms are enabled. - /// - /// If this is called multiple times, the last call wins. - pub fn with_signature_verification_algorithms( - mut self, - supported_algs: WebPkiSupportedAlgorithms, - ) -> Self { - self.supported_algs = supported_algs; - self - } - /// Build a client certificate verifier. The built verifier will be used for the server to offer /// client certificate authentication, to control how offered client certificates are validated, /// and to determine what to do with anonymous clients that do not respond to the client diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index e872c79926..244f1d3808 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -81,17 +81,6 @@ impl ServerCertVerifierBuilder { self } - /// Sets which signature verification algorithms are enabled. - /// - /// If this is called multiple times, the last call wins. - pub fn with_signature_verification_algorithms( - mut self, - supported_algs: WebPkiSupportedAlgorithms, - ) -> Self { - self.supported_algs = supported_algs; - self - } - /// Build a server certificate verifier, allowing control over the root certificates to use as /// trust anchors, and to control how server certificate revocation checking is performed. /// From 653abcbf7f7c669e35c882eb83b9259c5aef21fe Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 26 Oct 2023 17:17:06 -0400 Subject: [PATCH 0362/1145] key_log: add Debug bound to KeyLog trait This commit adds a `Debug` bound to the `KeyLog` trait in addition to `Send` and `Sync`. Each implementation in the codebase is updated to derive, or hand-implement the `Debug` trait, taking care not to include any fields that may contain secret key information. --- rustls/src/key_log.rs | 5 ++++- rustls/src/key_log_file.rs | 19 +++++++++++++++++++ rustls/src/tls13/key_schedule.rs | 6 ++++++ rustls/tests/api.rs | 2 ++ 4 files changed, 31 insertions(+), 1 deletion(-) diff --git a/rustls/src/key_log.rs b/rustls/src/key_log.rs index 1b6b3fec70..677d206db4 100644 --- a/rustls/src/key_log.rs +++ b/rustls/src/key_log.rs @@ -1,3 +1,5 @@ +use core::fmt::Debug; + /// This trait represents the ability to do something useful /// with key material, such as logging it to a file for debugging. /// @@ -10,7 +12,7 @@ /// /// See [`KeyLogFile`](crate::KeyLogFile) that implements the standard /// `SSLKEYLOGFILE` environment variable behaviour. -pub trait KeyLog: Send + Sync { +pub trait KeyLog: Debug + Send + Sync { /// Log the given `secret`. `client_random` is provided for /// session identification. `label` describes precisely what /// `secret` means: @@ -44,6 +46,7 @@ pub trait KeyLog: Send + Sync { } /// KeyLog that does exactly nothing. +#[derive(Debug)] pub struct NoKeyLog; impl KeyLog for NoKeyLog { diff --git a/rustls/src/key_log_file.rs b/rustls/src/key_log_file.rs index 51390d0f38..2d69769c33 100644 --- a/rustls/src/key_log_file.rs +++ b/rustls/src/key_log_file.rs @@ -3,6 +3,7 @@ use crate::log::warn; use crate::KeyLog; use alloc::vec::Vec; +use core::fmt::{Debug, Formatter}; use std::env; use std::ffi::OsString; use std::fs::{File, OpenOptions}; @@ -69,6 +70,15 @@ impl KeyLogFileInner { } } +impl Debug for KeyLogFileInner { + fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result { + f.debug_struct("KeyLogFileInner") + // Note: we omit self.buf deliberately as it may contain key data. + .field("file", &self.file) + .finish() + } +} + /// [`KeyLog`] implementation that opens a file whose name is /// given by the `SSLKEYLOGFILE` environment variable, and writes /// keys into it. @@ -105,6 +115,15 @@ impl KeyLog for KeyLogFile { } } +impl Debug for KeyLogFile { + fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result { + match self.0.try_lock() { + Ok(key_log_file) => write!(f, "{:?}", key_log_file), + Err(_) => write!(f, "KeyLogFile {{ }}"), + } + } +} + #[cfg(all(test, target_os = "linux"))] mod tests { use super::*; diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 6259cad0db..3486f27425 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -832,6 +832,8 @@ where #[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] mod tests { + use core::fmt::Debug; + use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; use crate::test_provider::ring_like::aead; use crate::test_provider::tls13::{ @@ -970,6 +972,7 @@ mod tests { expected_key: &[u8], expected_iv: &[u8], ) { + #[derive(Debug)] struct Log<'a>(&'a [u8]); impl KeyLog for Log<'_> { fn log(&self, _label: &str, _client_random: &[u8], secret: &[u8]) { @@ -1014,11 +1017,14 @@ mod benchmarks { #[cfg(any(feature = "ring", feature = "aws_lc_rs"))] #[bench] fn bench_sha256(b: &mut test::Bencher) { + use core::fmt::Debug; + use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; use crate::test_provider::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; use crate::KeyLog; fn extract_traffic_secret(ks: &KeySchedule, kind: SecretKind) { + #[derive(Debug)] struct Log; impl KeyLog for Log { diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index bc61cec1b2..931abcfe42 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3,6 +3,7 @@ //! Assorted public API tests. use std::cell::RefCell; use std::fmt; +use std::fmt::Debug; use std::io::{self, IoSlice, Read, Write}; use std::mem; use std::ops::{Deref, DerefMut}; @@ -2950,6 +2951,7 @@ struct KeyLogItem { secret: Vec, } +#[derive(Debug)] struct KeyLogToVec { label: &'static str, items: Mutex>, From c6347b7a6152bfe7eae74574aa6e04fdc3a5d9cf Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 26 Oct 2023 17:45:06 -0400 Subject: [PATCH 0363/1145] crypto: add Debug bound to SigningKey This commit adds a `Debug` bound to the `SigningKey` trait, alongside `Send` and `Sync`. Types implementing this trait are updated to hand implement `Debug` to avoid leaking any sensitive data. --- rustls/examples/internal/bogo_shim.rs | 10 +++++++++- rustls/src/crypto/ring/sign.rs | 28 +++++++++++++++++++++++++-- rustls/src/crypto/signer.rs | 3 ++- 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index a69340270d..78a455411f 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -3,7 +3,6 @@ // // https://boringssl.googlesource.com/boringssl/+/master/ssl/test // - use rustls::client::danger::HandshakeSignatureValid; use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier}; use rustls::crypto::SupportedKxGroup; @@ -25,6 +24,7 @@ use rustls::crypto::ring as provider; use base64::prelude::{Engine, BASE64_STANDARD}; use pki_types::{CertificateDer, PrivateKeyDer, UnixTime}; +use std::fmt::{Debug, Formatter}; use std::io::{self, BufReader, Read, Write}; use std::sync::Arc; use std::time; @@ -295,6 +295,14 @@ impl sign::SigningKey for FixedSignatureSchemeSigningKey { } } +impl Debug for FixedSignatureSchemeSigningKey { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + f.debug_struct("FixedSignatureSchemeSigningKey") + .field("scheme", &self.scheme) + .finish() + } +} + struct FixedSignatureSchemeServerCertResolver { resolver: Arc, scheme: SignatureScheme, diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index e424ec8181..cb4e4120c8 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -15,7 +15,7 @@ use alloc::string::ToString; use alloc::sync::Arc; use alloc::vec; use alloc::vec::Vec; -use core::fmt; +use core::fmt::{self, Debug, Formatter}; use std::error::Error as StdError; /// Parse `der` as any supported key encoding/type, returning @@ -115,6 +115,14 @@ impl SigningKey for RsaSigningKey { } } +impl Debug for RsaSigningKey { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("RsaSigningKey") + .field("algorithm", &self.algorithm()) + .finish() + } +} + struct RsaSigner { key: Arc, scheme: SignatureScheme, @@ -261,6 +269,14 @@ impl SigningKey for EcdsaSigningKey { } } +impl Debug for EcdsaSigningKey { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("EcdsaSigningKey") + .field("algorithm", &self.algorithm()) + .finish() + } +} + struct EcdsaSigner { key: Arc, scheme: SignatureScheme, @@ -327,6 +343,14 @@ impl SigningKey for Ed25519SigningKey { } } +impl Debug for Ed25519SigningKey { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("Ed25519SigningKey") + .field("algorithm", &self.algorithm()) + .finish() + } +} + struct Ed25519Signer { key: Arc, scheme: SignatureScheme, @@ -347,7 +371,7 @@ impl Signer for Ed25519Signer { pub struct SignError(()); impl fmt::Display for SignError { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + fn fmt(&self, f: &mut Formatter) -> fmt::Result { f.write_str("sign error") } } diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index d582dd6b6f..dee9b7da2d 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -6,9 +6,10 @@ use pki_types::CertificateDer; use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; +use core::fmt::Debug; /// An abstract signing key. -pub trait SigningKey: Send + Sync { +pub trait SigningKey: Debug + Send + Sync { /// Choose a `SignatureScheme` from those offered. /// /// Expresses the choice by returning something that implements `Signer`, From e0766309869129fde57b08d6e30b666820f3a5f9 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 26 Oct 2023 17:47:21 -0400 Subject: [PATCH 0364/1145] crypto: add Debug bound to Signer trait This commit adds a `Debug` bound to the `Signer` trait alongside the existing `Send` and `Sync` bounds. Types implementing the trait are updated with a hand-written `Debug` impl to avoid leaking sensitive data. --- rustls/src/crypto/ring/sign.rs | 24 ++++++++++++++++++++++++ rustls/src/crypto/signer.rs | 2 +- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index cb4e4120c8..4c39096f24 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -165,6 +165,14 @@ impl Signer for RsaSigner { } } +impl Debug for RsaSigner { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("RsaSigner") + .field("scheme", &self.scheme) + .finish() + } +} + /// A SigningKey that uses exactly one TLS-level SignatureScheme /// and one ring-level signature::SigningAlgorithm. /// @@ -296,6 +304,14 @@ impl Signer for EcdsaSigner { } } +impl Debug for EcdsaSigner { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("EcdsaSigner") + .field("scheme", &self.scheme) + .finish() + } +} + /// A SigningKey that uses exactly one TLS-level SignatureScheme /// and one ring-level signature::SigningAlgorithm. /// @@ -366,6 +382,14 @@ impl Signer for Ed25519Signer { } } +impl Debug for Ed25519Signer { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("Ed25519Signer") + .field("scheme", &self.scheme) + .finish() + } +} + /// Errors while signing #[derive(Debug)] pub struct SignError(()); diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index dee9b7da2d..20e523ec73 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -21,7 +21,7 @@ pub trait SigningKey: Debug + Send + Sync { } /// A thing that can sign a message. -pub trait Signer: Send + Sync { +pub trait Signer: Debug + Send + Sync { /// Signs `message` using the selected scheme. fn sign(&self, message: &[u8]) -> Result, Error>; From 7445b53d582e2b06e0c42e797a9c761bf817f2ec Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 26 Oct 2023 17:53:04 -0400 Subject: [PATCH 0365/1145] client: add Debug bound to ClientSessionStore trait This commit adds a `Debug` bound to the `ClientSessionStore` trait, alongside `Send` and `Sync`. Types implementing the trait are updated with derived or hand-written `Debug` impls as appropriate, taking care to avoid leaking any sensitive information. --- rustls/examples/internal/bogo_shim.rs | 9 +++++++++ rustls/src/client/client_conn.rs | 2 +- rustls/src/client/handy.rs | 10 ++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 78a455411f..06235b2892 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -566,6 +566,15 @@ impl client::ClientSessionStore for ClientCacheWithoutKxHints { } } +impl Debug for ClientCacheWithoutKxHints { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + // Note: we omit self.storage here as it may contain sensitive data. + f.debug_struct("ClientCacheWithoutKxHints") + .field("delay", &self.delay) + .finish() + } +} + fn make_client_cfg(opts: &Options) -> Arc { let kx_groups = if let Some(curves) = &opts.curves { curves diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 3cae4ead14..443e45fb43 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -38,7 +38,7 @@ use std::net::IpAddr; /// `set_`, `insert_`, `remove_` and `take_` operations are mutating; this isn't /// expressed in the type system to allow implementations freedom in /// how to achieve interior mutability. `Mutex` is a common choice. -pub trait ClientSessionStore: Send + Sync { +pub trait ClientSessionStore: fmt::Debug + Send + Sync { /// Remember what `NamedGroup` the given server chose. fn set_kx_hint(&self, server_name: &ServerName, group: NamedGroup); diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index a7fb870a7a..0948e6aed0 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -12,9 +12,11 @@ use pki_types::CertificateDer; use alloc::collections::VecDeque; use alloc::sync::Arc; use alloc::vec::Vec; +use core::fmt; use std::sync::Mutex; /// An implementer of `ClientSessionStore` which does nothing. +#[derive(Debug)] pub(super) struct NoClientSessionStorage; impl client::ClientSessionStore for NoClientSessionStorage { @@ -160,6 +162,14 @@ impl client::ClientSessionStore for ClientSessionMemoryCache { } } +impl fmt::Debug for ClientSessionMemoryCache { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + // Note: we omit self.servers as it may contain sensitive data. + f.debug_struct("ClientSessionMemoryCache") + .finish() + } +} + pub(super) struct FailResolveClientCert {} impl client::ResolvesClientCert for FailResolveClientCert { From cee7e700e5621bf076855e1e70a09b068ebd0491 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 12:01:49 -0400 Subject: [PATCH 0366/1145] conn: add Debug bound to SideData This commit adds a `Debug` bound to the `SideData` trait. The types implementing it are updated to derive `Debug` or implement it by hand as appropriate. --- rustls/src/client/client_conn.rs | 2 ++ rustls/src/conn.rs | 2 +- rustls/src/server/server_conn.rs | 21 ++++++++++++++++----- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 443e45fb43..de3ef90020 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -473,6 +473,7 @@ enum EarlyDataState { Rejected, } +#[derive(Debug)] pub(super) struct EarlyData { state: EarlyDataState, left: usize, @@ -721,6 +722,7 @@ impl ConnectionCore { } /// State associated with a client connection. +#[derive(Debug)] pub struct ClientConnectionData { pub(super) early_data: EarlyData, pub(super) resumption_ciphersuite: Option, diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index aab6f77378..daa9456d97 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -751,4 +751,4 @@ impl ConnectionCore { } /// Data specific to the peer's side (client or server). -pub trait SideData {} +pub trait SideData: Debug {} diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 597d11281f..e47f061b38 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -22,6 +22,7 @@ use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; +use core::fmt::{Debug, Formatter}; use core::marker::PhantomData; use core::ops::{Deref, DerefMut}; use std::io; @@ -340,8 +341,8 @@ impl Clone for ServerConfig { } } -impl fmt::Debug for ServerConfig { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { +impl Debug for ServerConfig { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { f.debug_struct("ServerConfig") .field("ignore_client_order", &self.ignore_client_order) .field("max_fragment_size", &self.max_fragment_size) @@ -514,8 +515,8 @@ impl ServerConnection { } } -impl fmt::Debug for ServerConnection { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { +impl Debug for ServerConnection { + fn fmt(&self, f: &mut Formatter) -> fmt::Result { f.debug_struct("ServerConnection") .finish() } @@ -788,6 +789,16 @@ impl EarlyDataState { } } +impl Debug for EarlyDataState { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + match self { + Self::New => write!(f, "EarlyDataState::New"), + Self::Accepted(buf) => write!(f, "EarlyDataState::Accepted({})", buf.len()), + Self::Rejected => write!(f, "EarlyDataState::Rejected"), + } + } +} + impl ConnectionCore { pub(crate) fn for_server( config: Arc, @@ -817,7 +828,7 @@ impl ConnectionCore { } /// State associated with a server connection. -#[derive(Default)] +#[derive(Default, Debug)] pub struct ServerConnectionData { pub(super) sni: Option, pub(super) received_resumption_data: Option>, From a7f4ff9f4ee2dbe72982f0c9c9ab11060ab653f0 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 9 Nov 2023 13:11:26 -0500 Subject: [PATCH 0367/1145] client: add Debug bound to ResolvesClientCert This commit adds a `Debug` bound to the `ResolvesClientCert` trait, alongside `Send` and `Sync`. The types implementing this trait are updated to either derive `Debug`, or implement it by hand, as appropriate. --- rustls/examples/internal/bogo_shim.rs | 1 + rustls/src/client/client_conn.rs | 2 +- rustls/src/client/handy.rs | 9 +++++++++ rustls/tests/api.rs | 1 + 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 06235b2892..8aaf0d9a60 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -319,6 +319,7 @@ impl server::ResolvesServerCert for FixedSignatureSchemeServerCertResolver { } } +#[derive(Debug)] struct FixedSignatureSchemeClientCertResolver { resolver: Arc, scheme: SignatureScheme, diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index de3ef90020..d87aeabd75 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -85,7 +85,7 @@ pub trait ClientSessionStore: fmt::Debug + Send + Sync { /// A trait for the ability to choose a certificate chain and /// private key for the purposes of client authentication. -pub trait ResolvesClientCert: Send + Sync { +pub trait ResolvesClientCert: fmt::Debug + Send + Sync { /// Resolve a client certificate chain/private key to use as the client's /// identity. /// diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 0948e6aed0..727329adf5 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -170,6 +170,7 @@ impl fmt::Debug for ClientSessionMemoryCache { } } +#[derive(Debug)] pub(super) struct FailResolveClientCert {} impl client::ResolvesClientCert for FailResolveClientCert { @@ -211,6 +212,14 @@ impl client::ResolvesClientCert for AlwaysResolvesClientCert { } } +impl fmt::Debug for AlwaysResolvesClientCert { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("AlwaysResolvesClientCert") + .field("cert", &self.0.cert) + .finish() + } +} + #[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] mod tests { use super::NoClientSessionStorage; diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 931abcfe42..cbeb5764b7 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1223,6 +1223,7 @@ fn client_check_server_certificate_helper_api() { } } +#[derive(Debug)] struct ClientCheckCertResolve { query_count: AtomicUsize, expect_queries: usize, From ff86ccf1402072ebc41f3dbad551ca6ef70ac256 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 12:10:27 -0400 Subject: [PATCH 0368/1145] verify: add Debug bound to ClientCertVerifier This commit adds a `Debug` bound to the `ClientCertVerifier` trait in addition to `Send` and `Sync`. Types implementing this trait are updated to either derive `Debug` or implement it by hand as appropriate. --- rustls/examples/internal/bogo_shim.rs | 1 + rustls/src/verify.rs | 17 +++-------------- rustls/src/webpki/client_verifier.rs | 1 + rustls/tests/api.rs | 2 +- rustls/tests/client_cert_verifier.rs | 1 + 5 files changed, 7 insertions(+), 15 deletions(-) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 8aaf0d9a60..682885f010 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -191,6 +191,7 @@ fn split_protocols(protos: &str) -> Vec { ret } +#[derive(Debug)] struct DummyClientAuth { mandatory: bool, } diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index da87cbd233..cac30f027c 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -1,5 +1,5 @@ use alloc::vec::Vec; -use core::fmt; +use core::fmt::Debug; use pki_types::{CertificateDer, UnixTime}; @@ -139,15 +139,9 @@ pub trait ServerCertVerifier: Send + Sync { fn supported_verify_schemes(&self) -> Vec; } -impl fmt::Debug for dyn ServerCertVerifier { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - write!(f, "dyn ServerCertVerifier") - } -} - /// Something that can verify a client certificate chain #[allow(unreachable_pub)] -pub trait ClientCertVerifier: Send + Sync { +pub trait ClientCertVerifier: Debug + Send + Sync { /// Returns `true` to enable the server to request a client certificate and /// `false` to skip requesting a client certificate. Defaults to `true`. fn offer_client_auth(&self) -> bool { @@ -258,16 +252,11 @@ pub trait ClientCertVerifier: Send + Sync { fn supported_verify_schemes(&self) -> Vec; } -impl fmt::Debug for dyn ClientCertVerifier { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - write!(f, "dyn ClientCertVerifier") - } -} - /// Turns off client authentication. In contrast to using /// `WebPkiClientVerifier::builder(roots).allow_unauthenticated().build()`, the `NoClientAuth` /// `ClientCertVerifier` will not offer client authentication at all, vs offering but not /// requiring it. +#[derive(Debug)] pub struct NoClientAuth; impl ClientCertVerifier for NoClientAuth { diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index ddf4d64624..cdf0f35490 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -223,6 +223,7 @@ impl ClientCertVerifierBuilder { /// ``` /// /// [^1]: +#[derive(Debug)] pub struct WebPkiClientVerifier { roots: Arc, root_hint_subjects: Vec, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index cbeb5764b7..a7cb0bce8a 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -460,7 +460,7 @@ fn test_config_builders_debug() { .with_protocol_versions(&[&rustls::version::TLS13]) .unwrap(); let b = b.with_no_client_auth(); - assert_eq!("ConfigBuilder { state: WantsServerCert { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring, versions: [TLSv1_3], verifier: dyn ClientCertVerifier } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsServerCert { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring, versions: [TLSv1_3], verifier: NoClientAuth } }", format!("{:?}", b)); let b = client_config_builder(); assert_eq!( diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 8abec7d8d5..68a5597a37 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -139,6 +139,7 @@ fn client_verifier_fails_properly() { } } +#[derive(Debug)] pub struct MockClientVerifier { parent: Arc, pub verified: fn() -> Result, From cc0666e7952f12614e575680073413c112b0e9e8 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 12:13:56 -0400 Subject: [PATCH 0369/1145] verify: add Debug bound to ServerCertVerifier This commit adds a `Debug` bound to the `ServerCertVerifier` trait in addition to `Send` and `Sync`. Types implementing this trait are updated to either derive `Debug` or implement it by hand as appropriate. --- examples/src/bin/tlsclient-mio.rs | 1 + rustls/examples/internal/bogo_shim.rs | 1 + rustls/src/verify.rs | 2 +- rustls/src/webpki/server_verifier.rs | 1 + rustls/tests/server_cert_verifier.rs | 1 + 5 files changed, 5 insertions(+), 1 deletion(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 3e95b38e5f..1716c368b6 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -315,6 +315,7 @@ mod danger { use rustls::client::WebPkiServerVerifier; use rustls::DigitallySignedStruct; + #[derive(Debug)] pub struct NoCertificateVerification {} impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification { diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 682885f010..8ace5743bf 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -241,6 +241,7 @@ impl server::danger::ClientCertVerifier for DummyClientAuth { } } +#[derive(Debug)] struct DummyServerAuth {} impl client::danger::ServerCertVerifier for DummyServerAuth { diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index cac30f027c..9a18844526 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -67,7 +67,7 @@ impl ClientCertVerified { /// Something that can verify a server certificate chain, and verify /// signatures made by certificates. #[allow(unreachable_pub)] -pub trait ServerCertVerifier: Send + Sync { +pub trait ServerCertVerifier: Debug + Send + Sync { /// Verify the end-entity certificate `end_entity` is valid for the /// hostname `dns_name` and chains to at least one trust anchor. /// diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 244f1d3808..535e3c787f 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -112,6 +112,7 @@ impl ServerCertVerifierBuilder { /// Default `ServerCertVerifier`, see the trait impl for more information. #[allow(unreachable_pub)] +#[derive(Debug)] pub struct WebPkiServerVerifier { roots: Arc, crls: Vec>, diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index 1f3433fa68..d9e3ff3625 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -154,6 +154,7 @@ fn client_can_override_certificate_verification_and_offer_no_signature_schemes() } } +#[derive(Debug)] pub struct MockServerVerifier { cert_rejection_error: Option, tls12_signature_error: Option, From 70c93d16f0d800b372418f59d66fef0c779c0545 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 12:18:41 -0400 Subject: [PATCH 0370/1145] ticketer: add Debug bound to ProducesTickets This commit adds a `Debug` bound to the `ProducesTickets` trait in addition to `Send` and `Sync`. Types implementing this trait are updated to either derive `Debug` or implement it by hand as appropriate. --- rustls/src/crypto/ring/ticketer.rs | 12 ++++++++++++ rustls/src/server/handy.rs | 1 + rustls/src/server/server_conn.rs | 2 +- rustls/src/ticketer.rs | 2 ++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/rustls/src/crypto/ring/ticketer.rs b/rustls/src/crypto/ring/ticketer.rs index 9c9e0b9882..b5b5a3c9b9 100644 --- a/rustls/src/crypto/ring/ticketer.rs +++ b/rustls/src/crypto/ring/ticketer.rs @@ -10,6 +10,8 @@ use super::ring_like::rand::{SecureRandom, SystemRandom}; use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; +use core::fmt; +use core::fmt::{Debug, Formatter}; /// A concrete, safe ticket creation mechanism. pub struct Ticketer {} @@ -106,6 +108,16 @@ impl ProducesTickets for AeadTicketer { } } +impl Debug for AeadTicketer { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + // Note: we deliberately omit the key from the debug output. + f.debug_struct("AeadTicketer") + .field("alg", &self.alg) + .field("lifetime", &self.lifetime) + .finish() + } +} + #[cfg(test)] mod tests { use super::*; diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index e56fb03a93..92b3e48854 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -78,6 +78,7 @@ impl server::StoresServerSessions for ServerSessionMemoryCache { } /// Something which never produces tickets. +#[derive(Debug)] pub(super) struct NeverProducesTickets {} impl server::ProducesTickets for NeverProducesTickets { diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index e47f061b38..01aa7edcf4 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -66,7 +66,7 @@ pub trait StoresServerSessions: Send + Sync { } /// A trait for the ability to encrypt and decrypt tickets. -pub trait ProducesTickets: Send + Sync { +pub trait ProducesTickets: Debug + Send + Sync { /// Returns true if this implementation will encrypt/decrypt /// tickets. Should return false if this is a dummy /// implementation: the server will not send the SessionTicket diff --git a/rustls/src/ticketer.rs b/rustls/src/ticketer.rs index 56273ac296..ddadb0efbd 100644 --- a/rustls/src/ticketer.rs +++ b/rustls/src/ticketer.rs @@ -9,6 +9,7 @@ use alloc::vec::Vec; use core::mem; use std::sync::{Mutex, MutexGuard}; +#[derive(Debug)] pub(crate) struct TicketSwitcherState { next: Option>, current: Box, @@ -19,6 +20,7 @@ pub(crate) struct TicketSwitcherState { /// A ticketer that has a 'current' sub-ticketer and a single /// 'previous' ticketer. It creates a new ticketer every so /// often, demoting the current ticketer. +#[derive(Debug)] pub struct TicketSwitcher { pub(crate) generator: fn() -> Result, rand::GetRandomFailed>, lifetime: u32, From 7a3542f9a2597b753ea190198c3319ee37273496 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 12:21:19 -0400 Subject: [PATCH 0371/1145] server: add Debug bound to ResolvesServerCert This commit adds a `Debug` bound to the `ResolvesServerCert` trait in addition to `Send` and `Sync`. Types implementing this trait are updated to either derive `Debug` or implement it by hand as appropriate. --- fuzz/fuzzers/server.rs | 1 + rustls/examples/internal/bogo_shim.rs | 1 + rustls/src/crypto/signer.rs | 2 +- rustls/src/server/handy.rs | 2 ++ rustls/src/server/server_conn.rs | 2 +- rustls/tests/api.rs | 3 ++- 6 files changed, 8 insertions(+), 3 deletions(-) diff --git a/fuzz/fuzzers/server.rs b/fuzz/fuzzers/server.rs index 0fe7c1c9ef..67c7bd9808 100644 --- a/fuzz/fuzzers/server.rs +++ b/fuzz/fuzzers/server.rs @@ -9,6 +9,7 @@ use rustls::{ServerConfig, ServerConnection}; use std::io; use std::sync::Arc; +#[derive(Debug)] struct Fail; impl ResolvesServerCert for Fail { diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 8ace5743bf..1252192a8d 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -305,6 +305,7 @@ impl Debug for FixedSignatureSchemeSigningKey { } } +#[derive(Debug)] struct FixedSignatureSchemeServerCertResolver { resolver: Arc, scheme: SignatureScheme, diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index 20e523ec73..a5cf5c62a7 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -31,7 +31,7 @@ pub trait Signer: Debug + Send + Sync { /// A packaged-together certificate chain, matching `SigningKey` and /// optional stapled OCSP response and/or SCT list. -#[derive(Clone)] +#[derive(Clone, Debug)] pub struct CertifiedKey { /// The certificate chain. pub cert: Vec>, diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 92b3e48854..fc42252590 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -97,6 +97,7 @@ impl server::ProducesTickets for NeverProducesTickets { } /// Something which always resolves to the same cert chain. +#[derive(Debug)] pub(super) struct AlwaysResolvesChain(Arc); impl AlwaysResolvesChain { @@ -137,6 +138,7 @@ impl server::ResolvesServerCert for AlwaysResolvesChain { /// Something that resolves do different cert chains/keys based /// on client-supplied server name (via SNI). +#[derive(Debug)] pub struct ResolvesServerCertUsingSni { by_name: collections::HashMap>, } diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 01aa7edcf4..587e308713 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -107,7 +107,7 @@ pub trait ProducesTickets: Debug + Send + Sync { /// For applications that use async I/O and need to do I/O to choose /// a certificate (for instance, fetching a certificate from a data store), /// the [`Acceptor`] interface is more suitable. -pub trait ResolvesServerCert: Send + Sync { +pub trait ResolvesServerCert: Debug + Send + Sync { /// Choose a certificate chain and matching key given simplified /// ClientHello information. /// diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index a7cb0bce8a..00bfb7920c 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -769,7 +769,7 @@ fn test_tls13_late_plaintext_alert() { assert_eq!(server.process_new_packets(), Err(Error::DecryptError)); } -#[derive(Default)] +#[derive(Default, Debug)] struct ServerCheckCertResolve { expected_sni: Option, expected_sigalgs: Option>, @@ -953,6 +953,7 @@ fn server_cert_resolve_reduces_sigalgs_for_ecdsa_ciphersuite() { ); } +#[derive(Debug)] struct ServerCheckNoSni {} impl ResolvesServerCert for ServerCheckNoSni { From 7f8a332a23c0b70790b150261a57db8fe89f9dbb Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 12:24:52 -0400 Subject: [PATCH 0372/1145] server: add Debug bound to StoresServerSessions This commit adds a `Debug` bound to the `StoresServerSessions` trait in addition to `Send` and `Sync`. Types implementing this trait are updated to either derive `Debug` or implement it by hand as appropriate. --- rustls/examples/internal/bogo_shim.rs | 1 + rustls/src/server/handy.rs | 9 +++++++++ rustls/src/server/server_conn.rs | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 1252192a8d..3ca3f6d864 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -384,6 +384,7 @@ fn lookup_kx_group(group: u16) -> &'static dyn SupportedKxGroup { } } +#[derive(Debug)] struct ServerCacheWithResumptionDelay { delay: u32, storage: Arc, diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index fc42252590..d53df0a1bc 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -12,10 +12,12 @@ use pki_types::CertificateDer; use alloc::string::{String, ToString}; use alloc::sync::Arc; use alloc::vec::Vec; +use core::fmt::{Debug, Formatter}; use std::collections; use std::sync::Mutex; /// Something which never stores sessions. +#[derive(Debug)] pub struct NoServerSessionStorage {} impl server::StoresServerSessions for NoServerSessionStorage { @@ -77,6 +79,13 @@ impl server::StoresServerSessions for ServerSessionMemoryCache { } } +impl Debug for ServerSessionMemoryCache { + fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result { + f.debug_struct("ServerSessionMemoryCache") + .finish() + } +} + /// Something which never produces tickets. #[derive(Debug)] pub(super) struct NeverProducesTickets {} diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 587e308713..4ece89ab27 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -45,7 +45,7 @@ use std::io; /// in the type system to allow implementations freedom in /// how to achieve interior mutability. `Mutex` is a common /// choice. -pub trait StoresServerSessions: Send + Sync { +pub trait StoresServerSessions: Debug + Send + Sync { /// Store session secrets encoded in `value` against `key`, /// overwrites any existing value against `key`. Returns `true` /// if the value was stored. From 2f6373b2a58d7ea52349e0e8e6debf6782f911eb Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 13:06:21 -0400 Subject: [PATCH 0373/1145] internal: derive Debug for FixedSignatureSchemeSigningKey Since the `sign::SigningKey` trait has a `Debug` bound we can derive `Debug` here instead of doing it manually. --- rustls/examples/internal/bogo_shim.rs | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 3ca3f6d864..daf9b6e248 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -279,6 +279,7 @@ impl client::danger::ServerCertVerifier for DummyServerAuth { } } +#[derive(Debug)] struct FixedSignatureSchemeSigningKey { key: Arc, scheme: SignatureScheme, @@ -297,14 +298,6 @@ impl sign::SigningKey for FixedSignatureSchemeSigningKey { } } -impl Debug for FixedSignatureSchemeSigningKey { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - f.debug_struct("FixedSignatureSchemeSigningKey") - .field("scheme", &self.scheme) - .finish() - } -} - #[derive(Debug)] struct FixedSignatureSchemeServerCertResolver { resolver: Arc, From 875636e6ba8b41fa8980d34b0156b368091619c0 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 13:12:20 -0400 Subject: [PATCH 0374/1145] client: derive Debug for AlwaysResolvesClientCert Since `sign::CertifiedKey` has a `Debug` bound now we can derive `Debug` for `AlwaysResolvesClientCert` instead of implementing it by hand. --- rustls/src/client/handy.rs | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 727329adf5..ded6faaff3 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -187,6 +187,7 @@ impl client::ResolvesClientCert for FailResolveClientCert { } } +#[derive(Debug)] pub(super) struct AlwaysResolvesClientCert(Arc); impl AlwaysResolvesClientCert { @@ -212,14 +213,6 @@ impl client::ResolvesClientCert for AlwaysResolvesClientCert { } } -impl fmt::Debug for AlwaysResolvesClientCert { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("AlwaysResolvesClientCert") - .field("cert", &self.0.cert) - .finish() - } -} - #[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] mod tests { use super::NoClientSessionStorage; From 66524008a71d79f7b260595774c690310dfaf8d5 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 13:17:56 -0400 Subject: [PATCH 0375/1145] server: derive Debug for ServerConfig All of the `ServerConfig` fields are now `Debug` friendly, so we can drop the custom impl and derive `Debug`. --- rustls/src/server/server_conn.rs | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 4ece89ab27..1af94531a0 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -209,6 +209,7 @@ impl<'a> ClientHello<'a> { /// * [`ServerConfig::send_tls13_tickets`]: 4 tickets are sent. /// /// [`RootCertStore`]: crate::RootCertStore +#[derive(Debug)] pub struct ServerConfig { /// List of ciphersuites, in preference order. pub(super) cipher_suites: Vec, @@ -341,19 +342,6 @@ impl Clone for ServerConfig { } } -impl Debug for ServerConfig { - fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { - f.debug_struct("ServerConfig") - .field("ignore_client_order", &self.ignore_client_order) - .field("max_fragment_size", &self.max_fragment_size) - .field("alpn_protocols", &self.alpn_protocols) - .field("max_early_data_size", &self.max_early_data_size) - .field("send_half_rtt_data", &self.send_half_rtt_data) - .field("send_tls13_tickets", &self.send_tls13_tickets) - .finish_non_exhaustive() - } -} - impl ServerConfig { #[cfg(feature = "ring")] /// Create a builder for a server configuration with the default From 4196a010996a69ca2bbd3f49c11d361efd3c4b4c Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 13:19:15 -0400 Subject: [PATCH 0376/1145] client: derive Debug for ClientConfig All of the fields of `ClientConfig` are now `Debug` friendly, so we can derive `Debug` instead of implementing it by hand. --- rustls/src/client/client_conn.rs | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index d87aeabd75..e07aad8610 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -134,6 +134,7 @@ pub trait ResolvesClientCert: fmt::Debug + Send + Sync { /// * [`ClientConfig::key_log`]: key material is not logged. /// /// [`RootCertStore`]: crate::RootCertStore +#[derive(Debug)] pub struct ClientConfig { /// List of ciphersuites, in preference order. pub(super) cipher_suites: Vec, @@ -235,18 +236,6 @@ impl Clone for ClientConfig { } } -impl fmt::Debug for ClientConfig { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("ClientConfig") - .field("alpn_protocols", &self.alpn_protocols) - .field("resumption", &self.resumption) - .field("max_fragment_size", &self.max_fragment_size) - .field("enable_sni", &self.enable_sni) - .field("enable_early_data", &self.enable_early_data) - .finish_non_exhaustive() - } -} - impl ClientConfig { #[cfg(feature = "ring")] /// Create a builder for a client configuration with the default From 557da04188cc4b04540770ce19b040b9235e5468 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 27 Oct 2023 13:20:27 -0400 Subject: [PATCH 0377/1145] client: derive Debug for Resumption All of the fields of `Resumption` are now `Debug` friendly, so we can derive `Debug` instead of implementing it by hand. --- rustls/src/client/client_conn.rs | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index e07aad8610..b2e09ef783 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -291,7 +291,7 @@ impl ClientConfig { } /// Configuration for how/when a client is allowed to resume a previous session. -#[derive(Clone)] +#[derive(Clone, Debug)] pub struct Resumption { /// How we store session data or tickets. The default is to use an in-memory /// [ClientSessionMemoryCache]. @@ -340,14 +340,6 @@ impl Resumption { } } -impl fmt::Debug for Resumption { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - f.debug_struct("Resumption") - .field("tls12_resumption", &self.tls12_resumption) - .finish() - } -} - impl Default for Resumption { /// Create an in-memory session store resumption with up to 256 server names, allowing /// a TLS 1.2 session to resume with a session id or RFC 5077 ticket. From 9fc145a3dfb700ed54edee74a7638c1357857ce2 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 8 Nov 2023 10:08:02 -0500 Subject: [PATCH 0378/1145] server/handy: import HashMap directly --- rustls/src/server/handy.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index d53df0a1bc..89939c4f48 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -13,7 +13,7 @@ use alloc::string::{String, ToString}; use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::{Debug, Formatter}; -use std::collections; +use std::collections::HashMap; use std::sync::Mutex; /// Something which never stores sessions. @@ -149,14 +149,14 @@ impl server::ResolvesServerCert for AlwaysResolvesChain { /// on client-supplied server name (via SNI). #[derive(Debug)] pub struct ResolvesServerCertUsingSni { - by_name: collections::HashMap>, + by_name: HashMap>, } impl ResolvesServerCertUsingSni { /// Create a new and empty (i.e., knows no certificates) resolver. pub fn new() -> Self { Self { - by_name: collections::HashMap::new(), + by_name: HashMap::new(), } } From d3ab8f030b042ec966e2a5d8d0a2cae2e202c948 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 10 Nov 2023 10:38:14 +0000 Subject: [PATCH 0379/1145] Opt in to feature(core_io_borrowed_buf) This is needed for `BorrowedBuf` now, even if via the std::io reexport. --- rustls/src/lib.rs | 1 + rustls/tests/api.rs | 1 + 2 files changed, 2 insertions(+) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index abb0a95339..d5acdcadf0 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -316,6 +316,7 @@ // is used to avoid needing `rustversion` to be compiled twice during // cross-compiling. #![cfg_attr(read_buf, feature(read_buf))] +#![cfg_attr(read_buf, feature(core_io_borrowed_buf))] #![cfg_attr(bench, feature(test))] #![cfg_attr(not(test), no_std)] diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 00bfb7920c..d84988abe4 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1,5 +1,6 @@ #![cfg(any(feature = "ring", feature = "aws_lc_rs"))] #![cfg_attr(read_buf, feature(read_buf))] +#![cfg_attr(read_buf, feature(core_io_borrowed_buf))] //! Assorted public API tests. use std::cell::RefCell; use std::fmt; From e3925b18e6f394f5769075ad358426dd02c7ae54 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 10 Nov 2023 10:43:26 +0000 Subject: [PATCH 0380/1145] Use `BorrowedCursor` & `BorrowedBuf` from core::io --- rustls/src/conn.rs | 2 +- rustls/src/server/server_conn.rs | 6 +++--- rustls/src/stream.rs | 4 ++-- rustls/src/vecbuf.rs | 4 ++-- rustls/tests/api.rs | 6 ++++-- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index daa9456d97..aa75eee929 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -196,7 +196,7 @@ impl<'a> io::Read for Reader<'a> { /// You may learn the number of bytes available at any time by inspecting /// the return of [`Connection::process_new_packets`]. #[cfg(read_buf)] - fn read_buf(&mut self, mut cursor: io::BorrowedCursor<'_>) -> io::Result<()> { + fn read_buf(&mut self, mut cursor: core::io::BorrowedCursor<'_>) -> io::Result<()> { let before = cursor.written(); self.received_plaintext .read_buf(cursor.reborrow())?; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 1af94531a0..4fc5efcb74 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -397,7 +397,7 @@ impl<'a> std::io::Read for ReadEarlyData<'a> { } #[cfg(read_buf)] - fn read_buf(&mut self, cursor: io::BorrowedCursor<'_>) -> io::Result<()> { + fn read_buf(&mut self, cursor: core::io::BorrowedCursor<'_>) -> io::Result<()> { self.early_data.read_buf(cursor) } } @@ -758,7 +758,7 @@ impl EarlyDataState { } #[cfg(read_buf)] - fn read_buf(&mut self, cursor: io::BorrowedCursor<'_>) -> io::Result<()> { + fn read_buf(&mut self, cursor: core::io::BorrowedCursor<'_>) -> io::Result<()> { match self { Self::Accepted(ref mut received) => received.read_buf(cursor), _ => Err(io::Error::from(io::ErrorKind::BrokenPipe)), @@ -848,7 +848,7 @@ mod tests { #[cfg(read_buf)] #[test] fn test_read_buf_in_new_state() { - use std::io::BorrowedBuf; + use core::io::BorrowedBuf; let mut buf = [0u8; 5]; let mut buf: BorrowedBuf<'_> = buf.as_mut_slice().into(); diff --git a/rustls/src/stream.rs b/rustls/src/stream.rs index 5eb2629b0b..ef7ee66c9b 100644 --- a/rustls/src/stream.rs +++ b/rustls/src/stream.rs @@ -66,7 +66,7 @@ where } #[cfg(read_buf)] - fn read_buf(&mut self, cursor: std::io::BorrowedCursor<'_>) -> Result<()> { + fn read_buf(&mut self, cursor: core::io::BorrowedCursor<'_>) -> Result<()> { self.complete_prior_io()?; // We call complete_io() in a loop since a single call may read only @@ -199,7 +199,7 @@ where } #[cfg(read_buf)] - fn read_buf(&mut self, cursor: std::io::BorrowedCursor<'_>) -> Result<()> { + fn read_buf(&mut self, cursor: core::io::BorrowedCursor<'_>) -> Result<()> { self.as_stream().read_buf(cursor) } } diff --git a/rustls/src/vecbuf.rs b/rustls/src/vecbuf.rs index 64e89ee866..c7b9908212 100644 --- a/rustls/src/vecbuf.rs +++ b/rustls/src/vecbuf.rs @@ -108,7 +108,7 @@ impl ChunkVecBuffer { #[cfg(read_buf)] /// Read data out of this object, writing it into `cursor`. - pub(crate) fn read_buf(&mut self, mut cursor: io::BorrowedCursor<'_>) -> io::Result<()> { + pub(crate) fn read_buf(&mut self, mut cursor: core::io::BorrowedCursor<'_>) -> io::Result<()> { while !self.is_empty() && cursor.capacity() > 0 { let chunk = self.chunks[0].as_slice(); let used = core::cmp::min(chunk.len(), cursor.capacity()); @@ -168,8 +168,8 @@ mod tests { #[cfg(read_buf)] #[test] fn read_buf() { + use core::io::BorrowedBuf; use core::mem::MaybeUninit; - use std::io::BorrowedBuf; { let mut cvb = ChunkVecBuffer::new(None); diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index d84988abe4..e231e04dc4 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -200,7 +200,8 @@ fn check_read_err(reader: &mut dyn io::Read, err_kind: io::ErrorKind) { #[cfg(read_buf)] fn check_read_buf(reader: &mut dyn io::Read, bytes: &[u8]) { - use std::{io::BorrowedBuf, mem::MaybeUninit}; + use core::io::BorrowedBuf; + use std::mem::MaybeUninit; let mut buf = [MaybeUninit::::uninit(); 128]; let mut buf: BorrowedBuf<'_> = buf.as_mut_slice().into(); @@ -210,7 +211,8 @@ fn check_read_buf(reader: &mut dyn io::Read, bytes: &[u8]) { #[cfg(read_buf)] fn check_read_buf_err(reader: &mut dyn io::Read, err_kind: io::ErrorKind) { - use std::{io::BorrowedBuf, mem::MaybeUninit}; + use core::io::BorrowedBuf; + use std::mem::MaybeUninit; let mut buf = [MaybeUninit::::uninit(); 1]; let mut buf: BorrowedBuf<'_> = buf.as_mut_slice().into(); From 42cf372405444e73217164e6aca4cf2752de01cd Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 9 Nov 2023 16:03:55 +0000 Subject: [PATCH 0381/1145] General smoke-test for `max_fragment_size` `test_client_mtu_reduction` and `test_server_mtu_reduction` already exist but only check client/server behaviour in (relative) isolation. This test just checks handshaking and bidirectional data flow over a matrix of key types, TLS versions, and max_fragment_sizes. --- rustls/tests/api.rs | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index e231e04dc4..f3ca49cd3f 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4849,6 +4849,39 @@ fn bad_client_max_fragment_sizes() { ); } +#[test] +fn handshakes_complete_and_data_flows_with_gratuitious_max_fragment_sizes() { + // general exercising of msgs::fragmenter and msgs::deframer + for kt in ALL_KEY_TYPES.iter() { + for version in rustls::ALL_VERSIONS { + // no hidden significance to these numbers + for frag_size in [37, 61, 101, 257] { + println!("test kt={kt:?} version={version:?} frag={frag_size:?}"); + let mut client_config = make_client_config_with_versions(*kt, &[version]); + client_config.max_fragment_size = Some(frag_size); + let mut server_config = make_server_config(*kt); + server_config.max_fragment_size = Some(frag_size); + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + do_handshake(&mut client, &mut server); + + // check server -> client data flow + let pattern = (0x00..=0xffu8).collect::>(); + assert_eq!(pattern.len(), server.writer().write(&pattern).unwrap()); + transfer(&mut server, &mut client); + client.process_new_packets().unwrap(); + check_read(&mut client.reader(), &pattern); + + // and client -> server + assert_eq!(pattern.len(), client.writer().write(&pattern).unwrap()); + transfer(&mut client, &mut server); + server.process_new_packets().unwrap(); + check_read(&mut server.reader(), &pattern); + } + } + } +} + fn assert_lt(left: usize, right: usize) { if left >= right { panic!("expected {} < {}", left, right); From ccb79947a4811412ee7dcddcd0f51ea56bccf101 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 13 Nov 2023 08:35:57 -0500 Subject: [PATCH 0382/1145] Cargo: update semver compatible dependencies --- Cargo.lock | 62 +++++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2472aaafb6..4c9e93768a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -229,9 +229,9 @@ checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" [[package]] name = "cc" -version = "1.0.83" +version = "1.0.84" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +checksum = "0f8e7c90afad890484a21653d08b6e209ae34770fb5ee298f9c699fcc1e5c856" dependencies = [ "libc", ] @@ -299,9 +299,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.7" +version = "4.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac495e00dcec98c83465d5ad66c5c4fabd652fd6686e7c6269b117e729a6f17b" +checksum = "2275f18819641850fa26c89acc84d465c1bf91ce57bc2748b28c420473352f64" dependencies = [ "clap_builder", "clap_derive", @@ -309,9 +309,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.7" +version = "4.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c77ed9a32a62e6ca27175d00d29d05ca32e396ea1eb5fb01d8256b669cec7663" +checksum = "07cdf1b148b25c1e1f7a42225e30a0d99a615cd4637eae7365548dd4529b95bc" dependencies = [ "anstream", "anstyle", @@ -514,9 +514,9 @@ dependencies = [ [[package]] name = "env_logger" -version = "0.10.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85cdab6a89accf66733ad5a1693a4dcced6aeff64602b634530dd73c1f3ee9f0" +checksum = "95b3f3e67048839cb0d0781f445682a35113da7121f7c949db0e2be96a4fbece" dependencies = [ "humantime", "is-terminal", @@ -527,9 +527,9 @@ dependencies = [ [[package]] name = "errno" -version = "0.3.5" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3e13f66a2f95e32a39eaa81f6b95d42878ca0e1db0c7543723dfe12557e860" +checksum = "7c18ee0ed65a5f1f81cac6b1d213b69c35fa47d4252ad41f1486dbd8226fe36e" dependencies = [ "libc", "windows-sys", @@ -537,9 +537,9 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.2.2" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a481586acf778f1b1455424c343f71124b048ffa5f4fc3f8f6ae9dc432dcb3c7" +checksum = "f69037fe1b785e84986b4f2cbcf647381876a00671d25ceef715d7812dd7e1dd" [[package]] name = "fnv" @@ -623,9 +623,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.10" +version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" +checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" dependencies = [ "cfg-if", "libc", @@ -702,7 +702,7 @@ dependencies = [ "once_cell", "rand", "rustls 0.21.8", - "rustls-pemfile 1.0.3", + "rustls-pemfile 1.0.4", "thiserror", "tinyvec", "tokio", @@ -767,9 +767,9 @@ dependencies = [ [[package]] name = "http" -version = "0.2.9" +version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd6effc99afb63425aff9b05836f029929e345a6148a14b7ecd5ab67af944482" +checksum = "f95b9abcae896730d42b78e09c155ed4ddf82c07b4de772c64aee5b2d8b7c150" dependencies = [ "bytes", "fnv", @@ -909,9 +909,9 @@ checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" [[package]] name = "linux-raw-sys" -version = "0.4.10" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f" +checksum = "969488b55f8ac402214f3f5fd243ebb7206cf82de60d3172994707a4bcc2b829" [[package]] name = "lock_api" @@ -1506,9 +1506,9 @@ dependencies = [ [[package]] name = "rustls-pemfile" -version = "1.0.3" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2" +checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" dependencies = [ "base64", ] @@ -1599,18 +1599,18 @@ checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" [[package]] name = "serde" -version = "1.0.190" +version = "1.0.192" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91d3c334ca1ee894a2c6f6ad698fe8c435b76d504b13d436f0685d648d6d96f7" +checksum = "bca2a08484b285dcb282d0f67b26cadc0df8b19f8c12502c13d966bf9482f001" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.190" +version = "1.0.192" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67c5609f394e5c2bd7fc51efda478004ea80ef42fee983d5c67a65e34f32c0e3" +checksum = "d6c7207fbec9faa48073f3e3074cbe553af6ea512d7c21ba46e434e70ea9fbc1" dependencies = [ "proc-macro2", "quote", @@ -1636,9 +1636,9 @@ checksum = "a7cee0529a6d40f580e7a5e6c495c8fbfe21b7b52795ed4bb5e62cdf92bc6380" [[package]] name = "signature" -version = "2.1.0" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" dependencies = [ "digest", "rand_core", @@ -1655,9 +1655,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.11.1" +version = "1.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a" +checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" [[package]] name = "socket2" @@ -1778,9 +1778,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.33.0" +version = "1.34.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f38200e3ef7995e5ef13baec2f432a6da0aa9ac495b2c0e8f3b7eec2c92d653" +checksum = "d0c014766411e834f7af5b8f4cf46257aab4036ca95e9d2c144a10f59ad6f5b9" dependencies = [ "backtrace", "bytes", From 1bf56c0e5683db21a28528ecabc32ef07fb14f92 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 14 Nov 2023 13:39:14 -0500 Subject: [PATCH 0383/1145] lib: export crate::error::OtherError The `error::Error` enum was updated with a `Error::Other` variant that holds an `error::OtherError` instance. We neglected to export the `OtherError` type, so this variant ends up opaque. This commit exports the type so that crate-external users can instantiate an `Error::Other` variant as needed. --- rustls/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index d5acdcadf0..8acb600fb3 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -440,7 +440,7 @@ pub use crate::enums::{ SignatureScheme, }; pub use crate::error::{ - CertRevocationListError, CertificateError, Error, InvalidMessage, PeerIncompatible, + CertRevocationListError, CertificateError, Error, InvalidMessage, OtherError, PeerIncompatible, PeerMisbehaved, }; pub use crate::key_log::{KeyLog, NoKeyLog}; From c15768989c22483ba3ed73f17b5f67f37a9f4f5d Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 14 Nov 2023 10:27:41 -0800 Subject: [PATCH 0384/1145] Update semver-compatible versions (again) --- Cargo.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4c9e93768a..e220f1536a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -229,9 +229,9 @@ checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" [[package]] name = "cc" -version = "1.0.84" +version = "1.0.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f8e7c90afad890484a21653d08b6e209ae34770fb5ee298f9c699fcc1e5c856" +checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" dependencies = [ "libc", ] @@ -537,9 +537,9 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.2.3" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f69037fe1b785e84986b4f2cbcf647381876a00671d25ceef715d7812dd7e1dd" +checksum = "53a56f0780318174bad1c127063fd0c5fdfb35398e3cd79ffaab931a6c79df80" [[package]] name = "fnv" @@ -767,9 +767,9 @@ dependencies = [ [[package]] name = "http" -version = "0.2.10" +version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f95b9abcae896730d42b78e09c155ed4ddf82c07b4de772c64aee5b2d8b7c150" +checksum = "8947b1a6fad4393052c7ba1f4cd97bed3e953a95c79c92ad9b051a04611d9fbb" dependencies = [ "bytes", "fnv", @@ -1420,9 +1420,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.21" +version = "0.38.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b426b0506e5d50a7d8dafcf2e81471400deb602392c7dd110815afb4eaf02a3" +checksum = "ffb93593068e9babdad10e4fce47dc9b3ac25315a72a59766ffd9e9a71996a04" dependencies = [ "bitflags 2.4.1", "errno", @@ -1716,9 +1716,9 @@ dependencies = [ [[package]] name = "termcolor" -version = "1.3.0" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6093bad37da69aab9d123a8091e4be0aa4a03e4d601ec641c327398315f62b64" +checksum = "ff1bc3d3f05aff0403e8ac0d92ced918ec05b666a43f83297ccef5bea8a3d449" dependencies = [ "winapi-util", ] From 63ddf03a7ccb633f6287f8f4418099b30e938528 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Thu, 2 Nov 2023 18:03:37 -0500 Subject: [PATCH 0385/1145] add `encrypted_payload_len` to `MessageEncrypter` --- provider-example/src/aead.rs | 12 ++++++++++-- rustls/src/crypto/cipher.rs | 8 ++++++++ rustls/src/crypto/ring/tls12.rs | 14 +++++++++++--- rustls/src/crypto/ring/tls13.rs | 6 +++++- 4 files changed, 34 insertions(+), 6 deletions(-) diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index 2c9d410442..1dac211920 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -83,7 +83,7 @@ impl cipher::MessageEncrypter for Tls13Cipher { m: cipher::BorrowedPlainMessage, seq: u64, ) -> Result { - let total_len = m.payload.len() + 1 + CHACHAPOLY1305_OVERHEAD; + let total_len = self.encrypted_payload_len(m.payload.len()); // construct a TLSInnerPlaintext let mut payload = Vec::with_capacity(total_len); @@ -104,6 +104,10 @@ impl cipher::MessageEncrypter for Tls13Cipher { ) }) } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + 1 + CHACHAPOLY1305_OVERHEAD + } } impl cipher::MessageDecrypter for Tls13Cipher { @@ -132,7 +136,7 @@ impl cipher::MessageEncrypter for Tls12Cipher { m: cipher::BorrowedPlainMessage, seq: u64, ) -> Result { - let total_len = m.payload.len() + CHACHAPOLY1305_OVERHEAD; + let total_len = self.encrypted_payload_len(m.payload.len()); let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(m.payload); @@ -145,6 +149,10 @@ impl cipher::MessageEncrypter for Tls12Cipher { .map_err(|_| rustls::Error::EncryptError) .map(|_| cipher::OpaqueMessage::new(m.typ, m.version, payload)) } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + CHACHAPOLY1305_OVERHEAD + } } impl cipher::MessageDecrypter for Tls12Cipher { diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 9491c74dac..f8828b5424 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -132,6 +132,10 @@ pub trait MessageEncrypter: Send + Sync { /// Encrypt the given TLS message `msg`, using the sequence number /// `seq which can be used to derive a unique [`Nonce`]. fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result; + + /// Return the length of the ciphertext that results from encrypting plaintext of + /// length `payload_len` + fn encrypted_payload_len(&self, payload_len: usize) -> usize; } impl dyn MessageEncrypter { @@ -300,6 +304,10 @@ impl MessageEncrypter for InvalidMessageEncrypter { fn encrypt(&self, _m: BorrowedPlainMessage, _seq: u64) -> Result { Err(Error::EncryptError) } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + } } /// A `MessageDecrypter` which doesn't work. diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 2aa3b6b13f..decce960de 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -268,8 +268,8 @@ impl MessageEncrypter for GcmMessageEncrypter { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); - let total_len = msg.payload.len() + self.enc_key.algorithm().tag_len(); - let mut payload = Vec::with_capacity(GCM_EXPLICIT_NONCE_LEN + total_len); + let total_len = self.encrypted_payload_len(msg.payload.len()); + let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(&nonce.as_ref()[4..]); payload.extend_from_slice(msg.payload); @@ -280,6 +280,10 @@ impl MessageEncrypter for GcmMessageEncrypter { Ok(OpaqueMessage::new(msg.typ, msg.version, payload)) } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + GCM_EXPLICIT_NONCE_LEN + self.enc_key.algorithm().tag_len() + } } /// The RFC7905/RFC7539 ChaCha20Poly1305 construction. @@ -337,7 +341,7 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.enc_offset, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); - let total_len = msg.payload.len() + self.enc_key.algorithm().tag_len(); + let total_len = self.encrypted_payload_len(msg.payload.len()); let mut buf = Vec::with_capacity(total_len); buf.extend_from_slice(msg.payload); @@ -347,6 +351,10 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { Ok(OpaqueMessage::new(msg.typ, msg.version, buf)) } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + self.enc_key.algorithm().tag_len() + } } fn gcm_iv(write_iv: &[u8], explicit: &[u8]) -> Iv { diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 8b8e13b6fe..a3a28110a4 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -183,7 +183,7 @@ struct Tls13MessageDecrypter { impl MessageEncrypter for Tls13MessageEncrypter { fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { - let total_len = msg.payload.len() + 1 + self.enc_key.algorithm().tag_len(); + let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(msg.payload); msg.typ.encode(&mut payload); @@ -200,6 +200,10 @@ impl MessageEncrypter for Tls13MessageEncrypter { payload, )) } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + 1 + self.enc_key.algorithm().tag_len() + } } impl MessageDecrypter for Tls13MessageDecrypter { From b4f0bd96a2905ccca816fce0b54936a32cfe06f5 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 14 Nov 2023 11:32:32 -0500 Subject: [PATCH 0386/1145] crypto: add HPKE module and traits This commit introduces a trait for a hybrid public key encryption (HPKE) provider. HPKE is specified in RFC 9180[0], and is a pre-requisite for implementing encrypted client hello (ECH). Implementations of this trait can use the cryptographic provider of their choice to provide HPKE using existing primitives from the crypto provider. We've tailored the HPKE trait in Rustls to just what is required for ECH, e.g. it doesn't support modes other than the unauthenticated 'base' mode, and it only offers the "single-shot" APIs. [0]: https://www.rfc-editor.org/rfc/rfc9180 --- rustls/src/crypto/hpke.rs | 98 +++++++++++++++++++++++++++++++++++++++ rustls/src/crypto/mod.rs | 3 ++ 2 files changed, 101 insertions(+) create mode 100644 rustls/src/crypto/hpke.rs diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs new file mode 100644 index 0000000000..cd0e6a8949 --- /dev/null +++ b/rustls/src/crypto/hpke.rs @@ -0,0 +1,98 @@ +use alloc::boxed::Box; +use alloc::vec::Vec; +use core::fmt::Debug; + +use crate::msgs::enums::HpkeKem; +use crate::msgs::handshake::HpkeSymmetricCipherSuite; +use crate::Error; + +/// A provider for [RFC 9180] Hybrid Public Key Encryption (HPKE) in base mode. +/// +/// At a minimum each provider must support the [HPKE ciphersuite profile] required for +/// encrypted client hello (ECH): +/// * KEM: DHKEM(X25519, HKDF-SHA256) +/// * symmetric ciphersuite: AES-128-GCM w/ HKDF-SHA256 +/// +/// [RFC 9180]: +/// [HPKE ciphersuite profile]: +pub trait HpkeProvider: Debug + Send + Sync + 'static { + /// Start setting up to use HPKE in base mode with the chosen suite. + /// + /// May return an error if the suite is unsupported by the provider. + fn start(&self, suite: &HpkeSuite) -> Result, Error>; + + /// Does the provider support the given [HpkeSuite]? + fn supports_suite(&self, suite: &HpkeSuite) -> bool; +} + +/// An HPKE suite, specifying a key encapsulation mechanism and a symmetric cipher suite. +pub struct HpkeSuite { + /// The choice of HPKE key encapsulation mechanism. + pub kem: HpkeKem, + + /// The choice of HPKE symmetric cipher suite. + /// + /// This combines a choice of authenticated encryption with additional data (AEAD) algorithm + /// and a key derivation function (KDF). + pub sym: HpkeSymmetricCipherSuite, +} + +/// An HPKE instance that can be used for base-mode single-shot encryption and decryption. +pub trait Hpke: Debug + Send + Sync { + /// Seal the provided `plaintext` to the recipient public key `pk_r` with application supplied + /// `info`, and additional data `aad`. + /// + /// Returns ciphertext that can be used with [Self::open] by the recipient to recover plaintext + /// using the same `info` and `aad` and the private key corresponding to `pk_r`. + fn seal( + &mut self, + pk_r: &HpkePublicKey, + info: &[u8], + aad: &[u8], + plaintext: &[u8], + ) -> Result<(EncapsulatedSecret, Vec), Error>; + + /// Open the provided `ciphertext` using the encapsulated secret `enc`, with application + /// supplied `info`, and additional data `aad`. + /// + /// Returns plaintext if the `info` and `aad` match those used with [Self::seal], and + /// decryption with `sk_r` succeeds. + fn open( + &mut self, + enc: &EncapsulatedSecret, + sk_r: &HpkePrivateKey, + info: &[u8], + aad: &[u8], + ciphertext: &[u8], + ) -> Result, Error>; +} + +/// An HPKE public key. +pub struct HpkePublicKey(pub Vec); + +/// An HPKE private key. +pub struct HpkePrivateKey(Vec); + +impl HpkePrivateKey { + /// Return the private key bytes. + pub fn secret_bytes(&self) -> &[u8] { + self.0.as_slice() + } +} + +impl From> for HpkePrivateKey { + fn from(bytes: Vec) -> Self { + Self(bytes) + } +} + +/// An HPKE key pair, made of a matching public and private key. +pub struct HpkeKeyPair { + /// A HPKE public key. + pub public_key: HpkePublicKey, + /// A HPKE private key. + pub private_key: HpkePrivateKey, +} + +/// An encapsulated secret returned from setting up a sender or receiver context. +pub struct EncapsulatedSecret(pub Vec); diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 2e6c0acd59..71a1e21dc7 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -37,6 +37,9 @@ pub mod tls12; /// Cryptography specific to TLS1.3. pub mod tls13; +/// Hybrid public key encryption (RFC 9180). +pub mod hpke; + pub use crate::rand::GetRandomFailed; pub use crate::msgs::handshake::KeyExchangeAlgorithm; From b7a6091ab458467a554d62a57c4ff9cf48a552af Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 14 Nov 2023 12:30:03 -0500 Subject: [PATCH 0387/1145] provider-example: HPKE provider w/ hpke-rs & rust-crypto This commit implements the Rustls HPKE provider traits using hpke-rs[0] with the rust-crypto backend. Since HPKE is not yet used in Rustls (but will be for ECH support), a unit test based on the RFC 9180 test vectors is added. Likely in the future we will want to move this test somewhere outside of the provider-example crate and use it to test a *ring* HPKE implementation using the same test vector data. [0]: https://github.com/franziskuskiefer/hpke-rs --- Cargo.lock | 344 +++++++++++++++++- provider-example/Cargo.toml | 8 + provider-example/src/hpke.rs | 97 +++++ provider-example/src/lib.rs | 3 + provider-example/tests/hpke.rs | 88 +++++ .../tests/rfc-9180-test-vectors.json | 1 + 6 files changed, 535 insertions(+), 6 deletions(-) create mode 100644 provider-example/src/hpke.rs create mode 100644 provider-example/tests/hpke.rs create mode 100644 provider-example/tests/rfc-9180-test-vectors.json diff --git a/Cargo.lock b/Cargo.lock index e220f1536a..6b2c2d2331 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -27,6 +27,31 @@ dependencies = [ "generic-array", ] +[[package]] +name = "aes" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "aes-gcm" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + [[package]] name = "aho-corasick" version = "1.1.2" @@ -147,6 +172,12 @@ dependencies = [ "rustc-demangle", ] +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + [[package]] name = "base64" version = "0.21.5" @@ -400,6 +431,18 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "crypto-bigint" +version = "0.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28f85c3514d2a6e64160359b45a3918c3b4178bcbf4ae5d03ab2d02e521c479a" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + [[package]] name = "crypto-common" version = "0.1.6" @@ -411,6 +454,15 @@ dependencies = [ "typenum", ] +[[package]] +name = "ctr" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" +dependencies = [ + "cipher", +] + [[package]] name = "curve25519-dalek" version = "4.1.1" @@ -438,6 +490,19 @@ dependencies = [ "syn", ] +[[package]] +name = "curve25519-dalek-ng" +version = "4.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c359b7249347e46fb28804470d071c921156ad62b3eef5d34e2ba867533dec8" +dependencies = [ + "byteorder", + "digest 0.9.0", + "rand_core", + "subtle-ng", + "zeroize", +] + [[package]] name = "data-encoding" version = "2.4.0" @@ -464,6 +529,15 @@ dependencies = [ "powerfmt", ] +[[package]] +name = "digest" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +dependencies = [ + "generic-array", +] + [[package]] name = "digest" version = "0.10.7" @@ -494,12 +568,47 @@ version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" +[[package]] +name = "ecdsa" +version = "0.16.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4b1e0c257a9e9f25f90ff76d7a68360ed497ee519c8e428d1825ef0000799d4" +dependencies = [ + "der", + "digest 0.10.7", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + [[package]] name = "either" version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" +[[package]] +name = "elliptic-curve" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d97ca172ae9dc9f9b779a6e3a65d308f2af74e5b8c921299075bdb4a0370e914" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest 0.10.7", + "ff", + "generic-array", + "group", + "hkdf", + "pem-rfc7468", + "pkcs8", + "rand_core", + "sec1", + "subtle", + "zeroize", +] + [[package]] name = "enum-as-inner" version = "0.6.0" @@ -535,6 +644,16 @@ dependencies = [ "windows-sys", ] +[[package]] +name = "ff" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" +dependencies = [ + "rand_core", + "subtle", +] + [[package]] name = "fiat-crypto" version = "0.2.4" @@ -619,6 +738,7 @@ checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" dependencies = [ "typenum", "version_check", + "zeroize", ] [[package]] @@ -628,8 +748,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" dependencies = [ "cfg-if", + "js-sys", "libc", "wasi", + "wasm-bindgen", +] + +[[package]] +name = "ghash" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d930750de5717d2dd0b8c0d42c076c0e884c81a73e6cab859bbd2339c71e3e40" +dependencies = [ + "opaque-debug", + "polyval", ] [[package]] @@ -644,6 +776,17 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core", + "subtle", +] + [[package]] name = "h2" version = "0.3.21" @@ -681,6 +824,12 @@ version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" + [[package]] name = "hickory-proto" version = "0.24.0" @@ -736,13 +885,22 @@ dependencies = [ "webpki-roots 0.25.2", ] +[[package]] +name = "hkdf" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437" +dependencies = [ + "hmac", +] + [[package]] name = "hmac" version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest", + "digest 0.10.7", ] [[package]] @@ -765,6 +923,49 @@ dependencies = [ "winapi", ] +[[package]] +name = "hpke-rs" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be3c089364da994102385ce2bed54c7e86e190da41e0125e0213f2c061786395" +dependencies = [ + "hpke-rs-crypto", + "log", + "zeroize", +] + +[[package]] +name = "hpke-rs-crypto" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bdc863a0678d194f682f20790336ea8ef4ddc748abab61a9533ac5aa1e9d27d9" +dependencies = [ + "getrandom", + "rand", + "serde", + "serde_json", + "tls_codec", +] + +[[package]] +name = "hpke-rs-rust-crypto" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9c0b07cafc144f03466bf2692db1616134152a6f49afc42e86c929b756876dd" +dependencies = [ + "aes-gcm", + "chacha20poly1305", + "getrandom", + "hkdf", + "hpke-rs-crypto", + "p256", + "p384", + "rand", + "rand_chacha", + "sha2", + "x25519-dalek-ng", +] + [[package]] name = "http" version = "0.2.11" @@ -1081,6 +1282,30 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +[[package]] +name = "p256" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + +[[package]] +name = "p384" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + [[package]] name = "parking_lot" version = "0.12.1" @@ -1191,6 +1416,18 @@ dependencies = [ "universal-hash", ] +[[package]] +name = "polyval" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d52cff9d1d4dee5fe6d03729099f4a310a41179e0a10dbf542039873f2e826fb" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + [[package]] name = "powerfmt" version = "0.2.0" @@ -1213,6 +1450,15 @@ dependencies = [ "syn", ] +[[package]] +name = "primeorder" +version = "0.13.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7dbe9ed3b56368bd99483eb32fe9c17fdd3730aebadc906918ce78d54c7eeb4" +dependencies = [ + "elliptic-curve", +] + [[package]] name = "proc-macro2" version = "1.0.69" @@ -1347,6 +1593,16 @@ dependencies = [ "quick-error", ] +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + [[package]] name = "ring" version = "0.16.20" @@ -1383,7 +1639,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "86ef35bf3e7fe15a53c4ab08a998e42271eab13eb0db224126bc7bc4c4bad96d" dependencies = [ "const-oid", - "digest", + "digest 0.10.7", "num-bigint-dig", "num-integer", "num-traits", @@ -1536,12 +1792,18 @@ dependencies = [ "chacha20poly1305", "der", "env_logger", + "hex", "hmac", + "hpke-rs", + "hpke-rs-crypto", + "hpke-rs-rust-crypto", "rand_core", "rsa", "rustls 0.22.0-alpha.4", "rustls-pki-types", "rustls-webpki 0.102.0-alpha.6", + "serde", + "serde_json", "sha2", "webpki-roots 0.26.0-alpha.1", "x25519-dalek", @@ -1575,6 +1837,12 @@ version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" +[[package]] +name = "ryu" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" + [[package]] name = "scopeguard" version = "1.2.0" @@ -1591,6 +1859,20 @@ dependencies = [ "untrusted 0.9.0", ] +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + [[package]] name = "semver" version = "1.0.20" @@ -1617,6 +1899,17 @@ dependencies = [ "syn", ] +[[package]] +name = "serde_json" +version = "1.0.108" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d1c7e3eac408d115102c4c24ad393e0821bb3a5df4d506a80f85f7a742a526b" +dependencies = [ + "itoa", + "ryu", + "serde", +] + [[package]] name = "sha2" version = "0.10.8" @@ -1625,7 +1918,7 @@ checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" dependencies = [ "cfg-if", "cpufeatures", - "digest", + "digest 0.10.7", ] [[package]] @@ -1636,11 +1929,11 @@ checksum = "a7cee0529a6d40f580e7a5e6c495c8fbfe21b7b52795ed4bb5e62cdf92bc6380" [[package]] name = "signature" -version = "2.2.0" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +checksum = "5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500" dependencies = [ - "digest", + "digest 0.10.7", "rand_core", ] @@ -1703,6 +1996,12 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +[[package]] +name = "subtle-ng" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "734676eb262c623cec13c3155096e08d1f8f29adce39ba17948b18dad1e54142" + [[package]] name = "syn" version = "2.0.39" @@ -1776,6 +2075,27 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" +[[package]] +name = "tls_codec" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aee1e621cbf57f36f5b51ebf366b57ba153be7fed133182a9513e443ecdf506e" +dependencies = [ + "tls_codec_derive", + "zeroize", +] + +[[package]] +name = "tls_codec_derive" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3226440488120aabe7e7cc80292634a68e541c407d97b66eceaae787454dae25" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "tokio" version = "1.34.0" @@ -2141,6 +2461,18 @@ dependencies = [ "zeroize", ] +[[package]] +name = "x25519-dalek-ng" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf7074de8999662970c3c4c8f7f30925028dd8f4ca31ad4c055efa9cdf2ec326" +dependencies = [ + "curve25519-dalek-ng", + "rand", + "rand_core", + "zeroize", +] + [[package]] name = "yasna" version = "0.5.2" diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 943cb89cfd..b1b990e609 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -11,6 +11,9 @@ chacha20poly1305 = "0.10.0" der = "0.7.0" env_logger = "0.10" hmac = "0.12.0" +hpke-rs = "0.1.0" +hpke-rs-crypto = "0.1.2" +hpke-rs-rust-crypto = "0.1.2" pki-types = { package = "rustls-pki-types", version = "0.2.0" } rand_core = "0.6.0" rustls = { path = "../rustls", default-features = false, features = ["logging", "tls12"] } @@ -19,3 +22,8 @@ sha2 = "0.10.0" webpki = { package = "rustls-webpki", version = "0.102.0-alpha.1", default-features = false, features = ["alloc", "std"] } webpki-roots = "0.26.0-alpha.1" x25519-dalek = "2" + +[dev-dependencies] +hex = "0.4.3" +serde = { version = "1.0", features = ["derive"] } +serde_json = "1.0" diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs new file mode 100644 index 0000000000..4ff19724dd --- /dev/null +++ b/provider-example/src/hpke.rs @@ -0,0 +1,97 @@ +use std::fmt::{Debug, Formatter}; + +use hpke_rs_crypto::types::{AeadAlgorithm, KdfAlgorithm, KemAlgorithm}; +use hpke_rs_crypto::HpkeCrypto; +use hpke_rs_rust_crypto::HpkeRustCrypto; + +use rustls::crypto::hpke::{ + EncapsulatedSecret, Hpke, HpkePrivateKey, HpkeProvider, HpkePublicKey, HpkeSuite, +}; +use rustls::Error; + +pub static HPKE_PROVIDER: &'static dyn HpkeProvider = &HpkeRsProvider {}; + +/// A Rustls HPKE provider backed by hpke-rs. +#[derive(Debug)] +struct HpkeRsProvider {} + +impl HpkeProvider for HpkeRsProvider { + fn start(&self, suite: &HpkeSuite) -> Result, Error> { + Ok(Box::new(HpkeRs(hpke_rs::Hpke::new( + hpke_rs::Mode::Base, + KemAlgorithm::try_from(suite.kem.get_u16()).map_err(general_err)?, + KdfAlgorithm::try_from(suite.sym.kdf_id.get_u16()).map_err(general_err)?, + AeadAlgorithm::try_from(suite.sym.aead_id.get_u16()).map_err(general_err)?, + )))) + } + + fn supports_suite(&self, suite: &HpkeSuite) -> bool { + let kem = KemAlgorithm::try_from(suite.kem.get_u16()).ok(); + let kdf = KdfAlgorithm::try_from(suite.sym.kdf_id.get_u16()).ok(); + let aead = AeadAlgorithm::try_from(suite.sym.aead_id.get_u16()).ok(); + match (kem, kdf, aead) { + (Some(kem), Some(kdf), Some(aead)) => { + HpkeRustCrypto::supports_kem(kem).is_ok() + && HpkeRustCrypto::supports_kdf(kdf).is_ok() + && HpkeRustCrypto::supports_aead(aead).is_ok() + } + _ => false, + } + } +} + +struct HpkeRs(hpke_rs::Hpke); + +impl Debug for HpkeRs { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + f.debug_struct("HpkeRsHpke").finish() + } +} + +impl Hpke for HpkeRs { + fn seal( + &mut self, + pk_r: &HpkePublicKey, + info: &[u8], + aad: &[u8], + plaintext: &[u8], + ) -> Result<(EncapsulatedSecret, Vec), Error> { + let pk_r = hpke_rs::HpkePublicKey::new(pk_r.0.clone()); + let (enc, ciphertext) = self + .0 + .seal(&pk_r, info, aad, plaintext, None, None, None) + .map_err(general_err)?; + Ok((EncapsulatedSecret(enc.to_vec()), ciphertext)) + } + + fn open( + &mut self, + enc: &EncapsulatedSecret, + sk_r: &HpkePrivateKey, + info: &[u8], + aad: &[u8], + ciphertext: &[u8], + ) -> Result, Error> { + let sk_r = hpke_rs::HpkePrivateKey::new(sk_r.secret_bytes().to_vec()); + self.0 + .open( + enc.0.as_slice(), + &sk_r, + info, + aad, + ciphertext, + None, + None, + None, + ) + .map_err(general_err) + } +} + +// TODO(XXX): Switch to using `Error::Other(Error::OtherError(err))` once a hpke-rs release +// with https://github.com/franziskuskiefer/hpke-rs/pull/44 is available. +fn general_err(err: impl Debug) -> Error { + // Presently hpke_rs::HpkeError does not implement std::error::Error, so we use Debug + // and create a general error. + Error::General(format!("{:?}", err)) +} diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 2018665d4c..3798961f6e 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -4,9 +4,12 @@ use std::sync::Arc; mod aead; mod hash; mod hmac; +mod hpke; mod kx; mod verify; +pub use hpke::HPKE_PROVIDER; + pub static PROVIDER: &'static dyn rustls::crypto::CryptoProvider = &Provider; #[derive(Debug)] diff --git a/provider-example/tests/hpke.rs b/provider-example/tests/hpke.rs new file mode 100644 index 0000000000..a0164dc48e --- /dev/null +++ b/provider-example/tests/hpke.rs @@ -0,0 +1,88 @@ +use std::fs::File; + +use serde::Deserialize; + +use rustls::crypto::hpke::{HpkePrivateKey, HpkePublicKey, HpkeSuite}; +use rustls::internal::msgs::enums::{HpkeAead, HpkeKdf, HpkeKem}; +use rustls::internal::msgs::handshake::HpkeSymmetricCipherSuite; +use rustls_provider_example::HPKE_PROVIDER; + +/// Confirm opne/seal operations work using using the test vectors from [RFC 9180 Appendix A]. +/// +/// [RFC 9180 Appendix A]: https://www.rfc-editor.org/rfc/rfc9180#TestVectors +#[test] +fn check_test_vectors() { + for (idx, vec) in test_vectors().into_iter().enumerate() { + if !vec.applicable() { + println!("skipping inapplicable vector {idx}"); + continue; + } + + println!("testing vector {idx}"); + let mut hpke = HPKE_PROVIDER + .start(&vec.suite()) + .unwrap(); + let pk_r = HpkePublicKey(hex::decode(vec.pk_rm).unwrap()); + let sk_r = HpkePrivateKey::from(hex::decode(vec.sk_rm).unwrap()); + let info = hex::decode(vec.info).unwrap(); + + for enc in vec.encryptions { + let aad = hex::decode(enc.aad).unwrap(); + let pt = hex::decode(enc.pt).unwrap(); + + let (enc, ciphertext) = hpke + .seal(&pk_r, &info, &aad, &pt) + .unwrap(); + + let plaintext = hpke + .open(&enc, &sk_r, &info, &aad, &ciphertext) + .unwrap(); + assert_eq!(plaintext, pt); + } + } +} + +#[derive(Deserialize, Debug)] +struct TestVector { + mode: u8, + kem_id: u16, + kdf_id: u16, + aead_id: u16, + info: String, + #[serde(rename(deserialize = "pkRm"))] + pk_rm: String, + #[serde(rename(deserialize = "skRm"))] + sk_rm: String, + encryptions: Vec, +} + +#[derive(Deserialize, Debug)] +struct TestEncryption { + aad: String, + pt: String, +} + +impl TestVector { + fn suite(&self) -> HpkeSuite { + HpkeSuite { + kem: HpkeKem::from(self.kem_id), + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::from(self.kdf_id), + aead_id: HpkeAead::from(self.aead_id), + }, + } + } + + fn applicable(&self) -> bool { + // Only base mode test vectors for supported suites are applicable. + self.mode == 0 && HPKE_PROVIDER.supports_suite(&self.suite()) + } +} + +fn test_vectors() -> Vec { + serde_json::from_reader( + &mut File::open("tests/rfc-9180-test-vectors.json") + .expect("failed to open test vectors data file"), + ) + .expect("failed to deserialize test vectors") +} diff --git a/provider-example/tests/rfc-9180-test-vectors.json b/provider-example/tests/rfc-9180-test-vectors.json new file mode 100644 index 0000000000..514dd8bbcc --- /dev/null +++ b/provider-example/tests/rfc-9180-test-vectors.json @@ -0,0 +1 @@ +[{"mode":0,"kem_id":32,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"6db9df30aa07dd42ee5e8181afdb977e538f5e1fec8a06223f33f7013e525037","ikmE":"7268600d403fce431561aef583ee1613527cff655c1343f29812e66706df3234","skRm":"4612c550263fc8ad58375df3f557aac531d26850903e55a9f23f21d8534e8ac8","skEm":"52c4a758a802cd8b936eceea314432798d5baf2d7e9235dc084ab1b9cfa2f736","pkRm":"3948cfe0ad1ddb695d780e59077195da6c56506b027329794ab02bca80815c4d","pkEm":"37fda3567bdbd628e88668c3c8d7e97d1d1253b6d4ea6d44c150f741f1bf4431","enc":"37fda3567bdbd628e88668c3c8d7e97d1d1253b6d4ea6d44c150f741f1bf4431","shared_secret":"fe0e18c9f024ce43799ae393c7e8fe8fce9d218875e8227b0187c04e7d2ea1fc","key_schedule_context":"00725611c9d98c07c03f60095cd32d400d8347d45ed67097bbad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637abb05449","secret":"12fff91991e93b48de37e7daddb52981084bd8aa64289c3788471d9a9712f397","key":"4531685d41d65f03dc48f6b8302c05b0","base_nonce":"56d890e5accaaf011cff4b7d","exporter_secret":"45ff1c2e220db587171952c0592d5f5ebe103f1561a2614e38f2ffd47e99e3f8","encryptions":[{"aad":"436f756e742d30","ct":"f938558b5d72f1a23810b4be2ab4f84331acc02fc97babc53a52ae8218a355a96d8770ac83d07bea87e13c512a","nonce":"56d890e5accaaf011cff4b7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"af2d7e9ac9ae7e270f46ba1f975be53c09f8d875bdc8535458c2494e8a6eab251c03d0c22a56b8ca42c2063b84","nonce":"56d890e5accaaf011cff4b7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"498dfcabd92e8acedc281e85af1cb4e3e31c7dc394a1ca20e173cb72516491588d96a19ad4a683518973dcc180","nonce":"56d890e5accaaf011cff4b7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"6b0f4cd351730cd25993d8ad0f11bff1ef2c3a957cb4d8694bb06c60a2937385da1b47a11595dd7a9a28f76c26","nonce":"56d890e5accaaf011cff4b7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"583bd32bc67a5994bb8ceaca813d369bca7b2a42408cddef5e22f880b631215a09fc0012bc69fccaa251c0246d","nonce":"56d890e5accaaf011cff4b79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"23aff4f784452e70b6c2adc5c84237dae34a91246460f497b753822086fc8ae5fdd770f3c1637086e860535864","nonce":"56d890e5accaaf011cff4b78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"b101f7842383ab460f22dcf919e4bcc3f1004246db7b64a40e7add713838bda69c601c4287d351fc075de3f965","nonce":"56d890e5accaaf011cff4b7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"b46b92359b09f5b77efad33bd96c0068212a7652bb3db182c0e40cac71fdbae0ff213047384c969df46100c3ce","nonce":"56d890e5accaaf011cff4b7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"49d450f5d0bdb3d8850cc9fe1ca5ffece5075280d3aea7b1a309d0ef2dbc71f7a3a4e32205e5c53a14ffbd7524","nonce":"56d890e5accaaf011cff4b75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"2f8a3cbe444213a1fad01ad1b328e464f03edee81243bfdd5f1e67ca41ce14fbb0c00ae9a3f5c4dfe20e1a7bf9","nonce":"56d890e5accaaf011cff4b74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"f5575c1560c23ba23ea1d919776cbe6e42829097d918dbff28583ecd2bcbbb7fb2a035ea1038eb435812e8bece","nonce":"56d890e5accaaf011cff4b77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"7809bff8c8f0122f1ac5f179443983ad0486ec3a3420353a6d91eae9ae3dd67f871c99a46054e04b96dd220fe2","nonce":"56d890e5accaaf011cff4b76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"a5dadd95ac76b59aa9d2cfcace5c19eefa20ea4f9ae98f86bd1373fe19c930c2a9c31ee7fa7f96ff92885dfecf","nonce":"56d890e5accaaf011cff4b71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"eecfbd7cc0ff49800c25b9dc9f0881893b275b7654c8560048a2a982663ced5860aeecde40e7e99c5512947ec5","nonce":"56d890e5accaaf011cff4b70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"9325ba3d4ae25b7494432993a1feec051f20d60afe19953c7f41463774b154be00e52fb29e25566a32358fd9d9","nonce":"56d890e5accaaf011cff4b73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"cb93b418d2070cb290a01565c413fff6f206d70c7e85512c35d109486f8e28950b1951f8d420ff1c58464afbce","nonce":"56d890e5accaaf011cff4b72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"1d565b4c9b6fae2b7513a5a8ebb5285a8865734ce3f02cd7691449c60b1157c9a5b0d1c4b3ab8bf252a764a4f3","nonce":"56d890e5accaaf011cff4b6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"a376dd08d1fcfc7d2fcc1bcb519cf9e10b6249fa9c02662e3d5f6cdda5e192034f19477a07f37adf6612c863f9","nonce":"56d890e5accaaf011cff4b6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"a6d0fef032c38a97a76c95698270f779368cdefe837ebd39120bb867e34e3ff0e07112d48cf82624fb4996e5a6","nonce":"56d890e5accaaf011cff4b6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"75494cf44a66b3930ae98865028c415329c326da8d0370d404c5f36da228a08754e67584bd07aa3a4a625a751d","nonce":"56d890e5accaaf011cff4b6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"0f24fad490d9a581a635516006ad7ff4ffa196ceebd6509ba6e172aa1b59da60bd2b3fcc374f956672377c4b40","nonce":"56d890e5accaaf011cff4b69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"b4f5b4147bbf66407d19fe5947c91d0b7eeb80dd3d97f8d10bd248126e92468dceeb8d75c0c4f90a5c9d04e538","nonce":"56d890e5accaaf011cff4b68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"b95636af74f15ef84a35b7a15b5d674bf2732c95e24f5cba6621dae03087778cdbaa3ce526000c18471044ef2d","nonce":"56d890e5accaaf011cff4b6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"80893e132d80f878575a5823b5a0f53cefb909350faba8b2be46a700f254f8dc8b627f39287b5e7dff4685b5e6","nonce":"56d890e5accaaf011cff4b6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"3027f6ded51e5d1dc08055162c5ea4391ae78144a1bfcea76e78665e23b665351e5d294d785718b58bbf0cef20","nonce":"56d890e5accaaf011cff4b65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"115013b0e9571fe5adbd2e6c8f2fb342413b45fa8774112def20afd37c837657bee0561ce5958cc62bc996c0bb","nonce":"56d890e5accaaf011cff4b64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"8a261c7bf47ad9955f14ed7d23e3af4a3c49207fd3bb861714c9562e01df89f67f5b4c204a3f9981ab81c215fa","nonce":"56d890e5accaaf011cff4b67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"1c4813e184dc263c495b6944bab183585c24d3f68c719580a51e6e2bd78c219f9e01f7db082a3a41a33c19b4d0","nonce":"56d890e5accaaf011cff4b66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"fa873313a5d313bae4724d007072e1294a066994efc2a68c28318f750806cb98c0b58c8eee565ce3d2bfcabccc","nonce":"56d890e5accaaf011cff4b61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"a586d2e92499b32199a31a252fd5323c0b7483b0fe5568bbfd88d845d36396027f238b9a9a7a51a6921bd8786d","nonce":"56d890e5accaaf011cff4b60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"f4edb9b76d8c3152bb52f8d58940bab09919f7d5b53d776c57d7b7decb0aeaf94f34ef0b7a5f1ee9ef0ee94b00","nonce":"56d890e5accaaf011cff4b63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"ac143d5f263851dbfb7f6332664f7bdb8d944bb519e2f9bd1d01340400563847e24b78edb0f833b50102857f28","nonce":"56d890e5accaaf011cff4b62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"01b0bf550b7b39f6ba0a3f5bd39b8e35fe1721fa08b32ec7adcf7da3d8a605027b456a88da073077c567aa9c23","nonce":"56d890e5accaaf011cff4b5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"7712235314485e61455a897b7b7965c656a4cf0ed9bbb7f156983a24d4520bcdd5b65afaeededb3296ec3cc9d8","nonce":"56d890e5accaaf011cff4b5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"b7b5beccc1a1672179065992d1d4de75bf435509e0fd1a3ee6a4ea865de64f7387e54850ec463b878cd7808087","nonce":"56d890e5accaaf011cff4b5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"1a6d8d50001d875e31f0c6a491359605369b18aad9e94bba37fc12de53a96e84bfd3bad47b98519b5de9936c10","nonce":"56d890e5accaaf011cff4b5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"f58d2816634c7cd43a4dc5c904817a0fcef4ae72e75f38d5b7376e7397998be48e10691e105bf259c33a01d8c5","nonce":"56d890e5accaaf011cff4b59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"86edfe5fac0a7d0c91abd96b29be8617881c8dd60964628f93537e0d11f09bc4fa13abc4e57c1bc0df4f7b0600","nonce":"56d890e5accaaf011cff4b58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"922aa471310d038de267d919867fae99d54715563ae9f755ebd2ab48e9d45b8375fcf77e6ac8074f92d8b25546","nonce":"56d890e5accaaf011cff4b5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"79897532bbdf8cbbf3a1fc4aafe1fe12011810d25981ac2c1930a575cf3fe32324385c2898f7720a8764de677c","nonce":"56d890e5accaaf011cff4b5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"b8ba5849c031f8089eb724c65d5eecba4a02fb03f26c9e185a2cd76cd8a6de803338b22b8fe8799ad6ad8ed62c","nonce":"56d890e5accaaf011cff4b55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"0b64fb8a7eaf3be9e2d9e5e1ca87ffc34e812108303f6c983109acdb1a2b71ffcffd35e66ca16ebffcdde07db4","nonce":"56d890e5accaaf011cff4b54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"cc83e8120748d0c2bf7a37a24265047817c54892231dfc105bc87c7e05704a1102e1b6cba77e59438eb8da18f0","nonce":"56d890e5accaaf011cff4b57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"f2975c7f7ad4289936993a728334957160a716ec854d41df436a0f7ffd30134a3978d5161c86b3b72bfc667544","nonce":"56d890e5accaaf011cff4b56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"2901f92e3749d8d4827a69bbb002769ac17995f9dab380de0e8f9e082137dc30e289893d18a8f21834a7a5d54b","nonce":"56d890e5accaaf011cff4b51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"d1816064467cc47210eb25cab7ddc47cfb1a9aa5a3421f461e6266fa85c6de96afd430ee8e0fb29febbe947338","nonce":"56d890e5accaaf011cff4b50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"007fedbbfb53b8bed063e3dd5d0d0faf3cdaa8638c68259cc68e601ceebc3fa0d7aabf8eef6f6e2d356e8adcf8","nonce":"56d890e5accaaf011cff4b53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"0451a985fd7ae7a22d7fb2e93f7fb4ad5bd8a49dc723b438feafc4650c02f3764668e728a95c89276dcdfc1ad5","nonce":"56d890e5accaaf011cff4b52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"999cb87e121a9adb7b6179b9a1f70434a9110ca25b72eea89c56481f83757e1b013ea0c3a17eb771e9ca641179","nonce":"56d890e5accaaf011cff4b4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"f6f8c9ea5029d30937571b85a750e5ca372f437f02ded4e4ccebb8f9a69c1cbde753e4000f272268254b0ee05b","nonce":"56d890e5accaaf011cff4b4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"1497f44ec6d1396377a5f905fd779a4fc47779a5cc91f7471c52fa8d7e2355b779780919c762118b6d0ff4e197","nonce":"56d890e5accaaf011cff4b4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"302a216277bf30fd9907044192a2ed68c9f5bad7cc80f4a43b08d46199c21251eabf7f0a72349445d5553953b5","nonce":"56d890e5accaaf011cff4b4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"85fca2a350545edbdbc9dbae4ea0d53cf0c5c59e0c5ba3e0c78bc4191b83b775b7767a63175db8fa5d2b092ba9","nonce":"56d890e5accaaf011cff4b49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"54219f225567f98df7fa6c0843e08c382a352300c5f933b0eea585c97c83b8130f4fa006ea6f7d6c752f56f24d","nonce":"56d890e5accaaf011cff4b48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"1c63c110d2bd3382f2d01869e7cb0c9c3cefce54a80d4652cf8b4013538d9a517586587edb01bd4436f844c8e9","nonce":"56d890e5accaaf011cff4b4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"57150b1d36af3605fc66764ce07d5dafda5420d09c875a176945a43a1f718f1d868bea8b10ee8970bad900585a","nonce":"56d890e5accaaf011cff4b4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"ae7431872eb110de13baf39a3cdc7aaa19f0dcd8e4a7a36590562f155600d421beed065b99bd5dafb60501aa84","nonce":"56d890e5accaaf011cff4b45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"9158e15fe9608e89913c13117fb78d61aef4ae6e4e1cf2e00214ac84ceb0da7ee0175e9a903a23d2d3be06e8da","nonce":"56d890e5accaaf011cff4b44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"b1a6c9dffcc0ad109862cb1733e680bde703e726179f1df4dafbf832ac9b37a2cee9c997b522791ac1e166d175","nonce":"56d890e5accaaf011cff4b47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"8e12c961da22502ee54caf4ff7ef49a7197761a77ddba9f980077a0e7e5f025091e9762a79f4f6e06d793e6e8c","nonce":"56d890e5accaaf011cff4b46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"a9662af8b1c5c322f54bf9016e1418595f267918cd6efef045bce86feb3a5b9fcae884dd21bbd44fe45543188f","nonce":"56d890e5accaaf011cff4b41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"dedd1bae324ceb12428043686c4cde519e6f6e3b50977b6257a927f5cefea7c07fc2978f6aa3cc420e24a33ca6","nonce":"56d890e5accaaf011cff4b40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"c20e3b06f604743449534e3f590b4398e8101098571b4971e07dba987869d5f75e30106efba025e31d543a333e","nonce":"56d890e5accaaf011cff4b43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"aae857fa33d40cea2d5a7d7fc213013037709e86ed22d29bb7617dcb52c136a461d017d48d02006ff264cf8594","nonce":"56d890e5accaaf011cff4b42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"3404b8a603fafa37ce6377a2b65cdd6c53e566750ffe0e95d4f7243cba3d044507c6792400a91a551e03076299","nonce":"56d890e5accaaf011cff4b3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"4c2ed41a49485b292346afd28a798f2639f9078f9c5b0c318582e1cdf4cd84e723fd1b790f69828d4fb953ac1d","nonce":"56d890e5accaaf011cff4b3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"26fd94cefb27a210d6669802c7cd439ea940a83fbf290eb0b9b7d166d8a0d31bdd623e4d2c3aaec44db15e4bcf","nonce":"56d890e5accaaf011cff4b3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"0707c98968bfee0343e9fabc86fc6b3a6910a4d2272feb3654b6f6f1c19c3251bbe1349519e8b720eec2b027f2","nonce":"56d890e5accaaf011cff4b3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"27efcf37b480d38abb0e721e9c9e27c48c5c55f8d9298e2d532fd3bbdb94d9ae0bc93c9f30e23292d50ce9bcae","nonce":"56d890e5accaaf011cff4b39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"8c7a06799181970e5e37afc7ba7b9c363e46670ea907047ba1b2020600a9f19fd3b497551602d287a7ddd04da8","nonce":"56d890e5accaaf011cff4b38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"01ef6860434c054d0d1bf7325c9cbd4e929b0da00b1fb486321da6aa59428b3dbeaecc653ff1f0a8c4e81d1fad","nonce":"56d890e5accaaf011cff4b3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"5cb605f39231386b8d8566c1ccb7630475dbc2b9c98d63682e99102c63f8aa53e597a7ba0021d04d20c45ebf08","nonce":"56d890e5accaaf011cff4b3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"2f4be39a792de469e90417c537b00adb7dde3c5824126cb4d7173fce5f42ecf1d60e9ef94e7d46d2962aded25e","nonce":"56d890e5accaaf011cff4b35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"1ac5d5a0282b8feda589a0b23b47563beb031b985e7beb21a20e2fcf05e952ed2e6bf6a5728e78d1a0ac44b3ef","nonce":"56d890e5accaaf011cff4b34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"a612cbfcde1f6cc45960ca6487a99603cef7c6048b244702ecee87bd9fb4918ee1d9907c3cb2cb94f98aecb38c","nonce":"56d890e5accaaf011cff4b37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"a67d7a21299f8ae24fa49eac42136378b37430577e251b1a4e10c5d0536627eb552499dad55a02f31c423d4959","nonce":"56d890e5accaaf011cff4b36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"55e2a69619637bb660194b78e8abab23940be918de9c328d11fe8718fbf716d4b20aa5f5af03c04625ee1097e2","nonce":"56d890e5accaaf011cff4b31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"1e444851dbd27918d0b613584b57dba343db268fe3839e659400499c57e84dd07bdeb17241c0a63efaa5bff7eb","nonce":"56d890e5accaaf011cff4b30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"5076032b4803292150299121c39ca9dbf6f7e63a397140c3c735c9c1a7b7c903bb4f1181b913f4602e5298b06c","nonce":"56d890e5accaaf011cff4b33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"a3dafa222c1984f1a739c5438f64b5bcfeb237b18143e3fea787c01de8a06d07d148d9c89856643b65c850423c","nonce":"56d890e5accaaf011cff4b32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"86f3e8f09a8b6ffd31199a3a6589003158f7a264f74fdd90d9bbc1b5d1aa4d9832248f09499ed34332f37998ea","nonce":"56d890e5accaaf011cff4b2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"1ccda8e30aee17fe4420d55a6895316308b083beaa0bb4846044e842f70057f87813867a50ebf3c46a2a621e2d","nonce":"56d890e5accaaf011cff4b2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"9a8d9bef87933a6e6719f2d4b455898804d1f6b4f9b164d6782165ba190cf350c4513941d90bc1ef3fcff5f42f","nonce":"56d890e5accaaf011cff4b2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"72b9fb04b16ba1e4bf415508a10de5602dd220c70e2213698dde2093d976c14dd29d71f85165bc625764275a7a","nonce":"56d890e5accaaf011cff4b2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"c1e4550971e20406c6a4df36d82916b7ff21a623980efcb08f1bf3555b8a46ec6709088403dfec93bccb28082d","nonce":"56d890e5accaaf011cff4b29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"d1734abd432ad375c7d07575723e1f62db2222cc6587a763d75273a65be3f2114537c2a15286b232b4b755609f","nonce":"56d890e5accaaf011cff4b28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"fdb23db80f5b3f4cf7ca8372300d64dc22df49047f7ac08f2c87d61e565014064b9389af0b1b8ab192062cc0fa","nonce":"56d890e5accaaf011cff4b2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"9f7c1ae175825557a6bd4831c69b5c1b230310c5c148300b5063cf8a694dd68875ab99d9655881cf048ebc0f8f","nonce":"56d890e5accaaf011cff4b2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"fac0b84ca769e8127647616fe2c1bc9b82e6ea7e30dca140bb8d9f51c15c46a19a07a9a6b4c3ed2c8f861c1ab9","nonce":"56d890e5accaaf011cff4b25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"f8132abfbe8ceb59eb95e81d3fa2edf29a4edbdd1484fac75d234a4e337bb44c7c746df46dd7fc291368c91b0c","nonce":"56d890e5accaaf011cff4b24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"4b6b3757d40d0aabfdb386ca7dc035aff0db22792c4ed143c6c8974418dfb3b06716a757e7d57559e9e5bce53b","nonce":"56d890e5accaaf011cff4b27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"7441092041f5daa0ccc3039c69b5b632bb940249b7f78570b603d07004d72de0f6fb99fa9c571981d795d84d9b","nonce":"56d890e5accaaf011cff4b26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"aa32e2b8842f29b25f12ade4c13127c6fd35a54836ef41dbe60ef5c3a707940e5a965d1c3983aa2cafbb6b1953","nonce":"56d890e5accaaf011cff4b21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"19b5e18fed35df03ec9666383f175a0feeb992b793262a3931a39cea5952a9240957280e763756e8e42bbb3282","nonce":"56d890e5accaaf011cff4b20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"9e0e04a1169d08d1476b875ff38f08a0eecc92ae0594395cd7f23bc6639c5fb3954e2b9129775d21951f099b12","nonce":"56d890e5accaaf011cff4b23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"0ad315c17cd383eb41f9c0939327a6eb7cdfcd827a2941f2d3d8d1768eb031b7796a40570d2230616bb331e09a","nonce":"56d890e5accaaf011cff4b22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"111d003e82c2b867f7989fa420dead7e2d41ec416cdae69d65d7864733f2d7b7dacd7a17512780c1119505bacf","nonce":"56d890e5accaaf011cff4b1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"cc8e6220ebca8ab1053b893fb2460ec66ff28337b158c9efc5631af4fffe49cbc3b72a6524485bca11994dd0ed","nonce":"56d890e5accaaf011cff4b1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"94d7bf876d568146f05b2bf9bbb05a9debc2f64c1d285a4555a0de65b154d383c302b072eca2f65d12ce826148","nonce":"56d890e5accaaf011cff4b1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"8050d2ae9762a4c19bd422d6b94064bf8fabcdc87d98c8b048ab5ca03454201ec055488da7795cf06893c9a89a","nonce":"56d890e5accaaf011cff4b1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"f85a67e67e44d24b009872fdcb3084225c2805df1ae029793d3320d5e4ce97c756b08b9f0f829b5b37cc07d6f0","nonce":"56d890e5accaaf011cff4b19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"39c90a0c218625591ff0c8dbf7f6e8e0ebf92279b1199b58b55e0a278d7f24051b6c733ce74a0b806d16c59eed","nonce":"56d890e5accaaf011cff4b18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"db08e7fe6e307ae61042b2da2c46ead96171914f3b5668afa0aa55ecd00fa760b74bcad66ef8dce4e3f29ca2c3","nonce":"56d890e5accaaf011cff4b1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"309d3e5fb0c51342033b438002d6e846555952921017177434444683a95d225e7ec4a3c14ad6e6ad6411facaec","nonce":"56d890e5accaaf011cff4b1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"f27179ad35d2d96181dde3b6569a1ebcbf1fc151c5dbf14ce747fc109fb95e5732e99b08f91df32cc38be09a58","nonce":"56d890e5accaaf011cff4b15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"246386a4bd5d7fe9a386a0b76269baba96b16378a07825c72f676bc76a4fb5d525786ed10da6baeffb897848a3","nonce":"56d890e5accaaf011cff4b14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"d977676edf9981c83672c3e062a3251e2e07b6fbdfdc139f678afe90832009102f28fe4b63be25374c4dc20db1","nonce":"56d890e5accaaf011cff4b17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"ea17beb33f417dace9dadc51702e2baf43dcdce364abc1f70e9c73e134a102413e10916bd2d128b7f64ff24698","nonce":"56d890e5accaaf011cff4b16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"931cd288f6a18fcb9b836176bc49918d8c6b8d24fce3b26782ba6323e0d01f0ed542c666d69a5e1adf8e28f88d","nonce":"56d890e5accaaf011cff4b11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"d5dd7cc956759e1b2eb99cf049e8eea9d754de9617f308f9f215a3c1d7cc76b88c7b45eb66a1ea414f10f8bfa8","nonce":"56d890e5accaaf011cff4b10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"bb407a18faa9f580fc417725f6d8f3a3f5d7972711f7adcdb7a79d5e2db9668ca444d6045891590a384c3cc57d","nonce":"56d890e5accaaf011cff4b13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"8e7949a490d9e1893766586fa30ab84ad1de6379a1fcc5c73700b748576a3726da32036e08b166227257409393","nonce":"56d890e5accaaf011cff4b12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"d81c4ce027db2322d6f450736279d5954502a7b4a4a60e58a4454443ed9243de2b805cd6a44de1e815377fd917","nonce":"56d890e5accaaf011cff4b0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"d50c4ec8148090f231ed8c5beb042c01f12923fb8ac6043325434fcbf5075b1e629e23d7ffb50c38c61974527f","nonce":"56d890e5accaaf011cff4b0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"059f89e9d8c1a2a81fcb9fc08328396b83339ec2583d6582161af67944819283a2c8216ac717fe3c52564b6c4a","nonce":"56d890e5accaaf011cff4b0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"48f4723289cded2b3186dc81adec430dc462f3dff6a1fe76c113a105f15efdfcb61618456b4ea514b0f94ac049","nonce":"56d890e5accaaf011cff4b0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"36914027bc50597d58312645d452b4956d51730831d4087494bf55d243b682e706baf4af30fc140d4c7e8760b0","nonce":"56d890e5accaaf011cff4b09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"5bf15badff51ad5902e80fb019bf22c7de3828ac70717b0e093ce03d0d5e31f807923cf2adbed8d148a95e20c2","nonce":"56d890e5accaaf011cff4b08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"0afd4ae86b1006d622cfebc369ab16db3fdb6f5a35613016a015d1e99ba3e3c978df4d0d35d0a2f9f06fafaee5","nonce":"56d890e5accaaf011cff4b0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"961fe5dbee9b80900d894136c48d9b2f72f333d33c9e3dd6f7b6e220831805859fe70fef5c8d2e0779c035ff02","nonce":"56d890e5accaaf011cff4b0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"ea658fd7a0ed32f79b9bd882573c0868906c822dab424309ebe0ce6a88904bdfc21f1b7d623b43bb1801f15acb","nonce":"56d890e5accaaf011cff4b05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"8853f1ef5e1d958ba00066d6ced600ec672755e904073acf7b74df8b97fae9f6222c85a45c18e0366c29ea110b","nonce":"56d890e5accaaf011cff4b04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"503c748de0c1174fe461ea8df059c6adbda02c71e4ca7975265df346ee0e5447d7e1c99af8fbf987d020dc771c","nonce":"56d890e5accaaf011cff4b07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"1101d759affd853b3f4736a5d391fabddd995904d0ac652e54748d87ae86575aff30bbf9b7aef4f5467bfa255d","nonce":"56d890e5accaaf011cff4b06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"5e46ab28a07f3de79e03c243c7d0741aa614117c333ee6284d34ae3bec5d5344ba7104b22926c89d3b59304713","nonce":"56d890e5accaaf011cff4b01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"18bbc207f373454ad2bcc58e9b28aa1dc922143f75a87e3c11f2458016004b7c5cba4880487d8480b61d6000d4","nonce":"56d890e5accaaf011cff4b00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"235dbbcecc9392c8fba97a87f863cdb9784f1d48ac77fbc057246d73f9e6323ef85d943b18135e3e012e1e4750","nonce":"56d890e5accaaf011cff4b03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"60827c015db2567c68c661cf420e7c7bd5be7f661f4f1d216f9daa27c5a81d75863ea192a6718ebec30c2cd629","nonce":"56d890e5accaaf011cff4b02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"63a7e13e09042c69d0916be813447cc6fd6b7fee47490b3c5db971be9eaede73365c9366dd26c89287c3d8dba8","nonce":"56d890e5accaaf011cff4bfd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"f15b689482db2265e05c44ab8a90bf11a53b92a5f0d6e4fa51fee4a2827c601c7b9c122ddf61a6f581b2d85a1e","nonce":"56d890e5accaaf011cff4bfc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"bb0529cba02d94fc92ebe189bc617e9f571babd9c538dd7b523fac4e4a3787f6f7431cd647006be35ebc3f0e73","nonce":"56d890e5accaaf011cff4bff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"bdf79bd98a347628236e8e157750be734568ce7a7bcd809f02d8fa368f1b2abf919299bb95ba6758072467df8d","nonce":"56d890e5accaaf011cff4bfe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"8ae59a9f501b706ccaec2ae1d9cc1e3b7e7536ce597209467f0abb1d267f2e95bcd4110e3d273023e08fb96785","nonce":"56d890e5accaaf011cff4bf9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"1e50d69ca00c1baa367e275142c2cbb1559e9e10a85d884860a072f25a5ee7fd998d03b087b4ca08a6d2fe675b","nonce":"56d890e5accaaf011cff4bf8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"cd80cc084cbf005ab0c6b9c66c35d4095d4ad766c08679a3659f227c63d8f2c5cdc52120293d15832bbf60506c","nonce":"56d890e5accaaf011cff4bfb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"f2376bd77b970f0cd5eaa7e0ad3acd6a3cd26ab4983abf90c9e6539c6e86a9ecf811f81e8d3e783b93c79be8de","nonce":"56d890e5accaaf011cff4bfa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"d22ad9245afca25fab8ae95839627c441e7725a26af2c304f53f502046f4362d271b05eb18f47b7e05cde96820","nonce":"56d890e5accaaf011cff4bf5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"6d0366868f9b70d94473a970da7cc4c578d5bf524a26e5e6199081f5eb415927d3e26e09d35d63662e5df62fe9","nonce":"56d890e5accaaf011cff4bf4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"25f9c6fce909bbf3410cc30043a9bd260cc904596bdcf06d72222e28f064cd76af537a4fe9eb9af71177105988","nonce":"56d890e5accaaf011cff4bf7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"719e4a1b6614c03f9037c0a10003a049694e28058b68e3132736379f90d58d0be068a753e53a20c3d3b192e75c","nonce":"56d890e5accaaf011cff4bf6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"c2c152e46f9251690f55bdc7c5af4dae14c4f06582e4b5cb7a4b96eb5f701d1814cb45ae1ac47eae995f0f5d99","nonce":"56d890e5accaaf011cff4bf1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"84410bd0ec355bc8cc211ae24abf5617162482ce4ad5166e6f13b226f72cdb2cb7c0860c951236dd3d0160d0b6","nonce":"56d890e5accaaf011cff4bf0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"3e6a88dc89ffabff1ad6588fec8689cc52929971453196eebbe4b45c8f9a79500d9a3409f8bc27ca78c721b72c","nonce":"56d890e5accaaf011cff4bf3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"7fcaa5fe7dd8486979b02b54afcbb6f501dc34499be44ebc22cb4f784c418984ce24631c523e6337c5ddd2fa80","nonce":"56d890e5accaaf011cff4bf2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"88179dcd9ca8c32836f1af6fea05348fb324f4174e7d7a89e5a54cfd39d279ff2b7cf15c84e282bd1c0f178d1c","nonce":"56d890e5accaaf011cff4bed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"7634f5a7030b11c1705091ecf529c63ccec7f41be49aae971ada75a8fab0604d1492646379b7af472df35a86fc","nonce":"56d890e5accaaf011cff4bec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"4a7c938a42b31ac4e8f2cdb1041e81a091102bf594e23c757e383f402575680165359e7e2c9a3ed456aca43279","nonce":"56d890e5accaaf011cff4bef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"1f46e0f23c790848ca075e891e56e054d81be03cf8fda8a7dcfd9c66d00415890392feb0fe6ff9302491847198","nonce":"56d890e5accaaf011cff4bee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"b6da4466f0e2d1825294a5def483a7815d05b6885aee96748f765f81976429ce1b9c1dd172ca7cc7d2c2e54543","nonce":"56d890e5accaaf011cff4be9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"4789c93ecf8fc2e795141c476279e114c38f356717624212490d99c880ea3a758efb0a0704a852fcde39861111","nonce":"56d890e5accaaf011cff4be8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"e1b6edab620f9e8976b4546d76cb0a2202a7650a09da7f087c0b576aed17c3b55abe05cdfe4fb04646acabd894","nonce":"56d890e5accaaf011cff4beb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"d19badb722ea912916fbf04a5d0934a064c02ecfbf090fb22a38736543f3657088534da16fac2890c7ec22019b","nonce":"56d890e5accaaf011cff4bea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"27b3fd302f3ca57ae14797a83369d81c3126d6b3bc727769e969997e7845b396d13d666cf435e9cbe120b67b9b","nonce":"56d890e5accaaf011cff4be5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"7c93908f4105929b8aaf70b9192646770a6f1a71320b831ada5f37781791704207e54a5d661b4931d421699778","nonce":"56d890e5accaaf011cff4be4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"b7301cb3436295e21e47fec0c2a359889f37f08c73c6d79a33830b5c569cf6e1046b0b9a749fa74543cf85004c","nonce":"56d890e5accaaf011cff4be7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"f28de8114f5b7f5c087f69afe59ced3b604804eecff48117a0ad6d5f8ce04180a836f5dec8d7b9ac65e5e9c3dc","nonce":"56d890e5accaaf011cff4be6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"1b58a1930c3d7c4189236bf01b0ee9027ebe20b7b77fce05c071b876580bff086bdc7f11ce9c004496484f4911","nonce":"56d890e5accaaf011cff4be1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"ba598857d0babfd1cba4f71d20d4eea53dfa33be01b6f2737513e77a074158444571ec20aca80c8d551e63fad9","nonce":"56d890e5accaaf011cff4be0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"dcbdd4b149f6ae366db71cd423939a40aa45270caed006e75af1aa631f078b9ea1ef7a122a2c259288556eff94","nonce":"56d890e5accaaf011cff4be3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"7be6976ccf214d7fb17da9eb81f4e25384e81c130cb9befe6402d2b22abc8eb34b2eb9f6ac5c1689862c6d155e","nonce":"56d890e5accaaf011cff4be2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"512e0c36c83568e6bd92ed17a3498450a86ad71606b62506972e513a6390e671c85f0228dcb4c50fcf75ced46c","nonce":"56d890e5accaaf011cff4bdd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"38b355ae0f37ded45f072cc83cc87e5db9d9146ac0bd2385a68019ccef3cfdfa860299840781ff23bab90f721c","nonce":"56d890e5accaaf011cff4bdc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"475e9083f2dc04290d8c22d4c292b05e0ab5d368897a672603abceb6278ece0d5c1a98d866a3a95ad738fde731","nonce":"56d890e5accaaf011cff4bdf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"dbcb8b3a6dbd506d997cb38b24a2fbfa4fd67e1a2caaa04baa7c46f56b5bc73c89f7c1f9c16489afb4f5c67649","nonce":"56d890e5accaaf011cff4bde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"905f223bd677ff36128f9116c5914a1940ac6b5c6b43fea7576f01c0061e51fd44229d3dcf90d520c5d9bc64ca","nonce":"56d890e5accaaf011cff4bd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"199768bb108c0a1a8f06e7e7b5606277f9e169d25d3e1df3cbc6731e703f04dd0c2bdabeaf10322380f759740b","nonce":"56d890e5accaaf011cff4bd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"391ea01a5d7514bf1209856e8d3e9b54550ee3816cb8811f1e99eec6e029966a660e7b5a43e0cc15d15fa77887","nonce":"56d890e5accaaf011cff4bdb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"ed6cfd07e862b831c989e2a2e354c7783ad198d7bc43eb0fed5429ad6a4ae4a105d2a95e84f95ef303e6bafe23","nonce":"56d890e5accaaf011cff4bda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"6afa3f15edaa4f5d5f3f9ba43a81b85d472cadd7ddf57268131122def053aecb40df6f2efba6c6f182ca8f6e5a","nonce":"56d890e5accaaf011cff4bd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"a13e64ba419d4cbeedcc7feed6ce98baaea38eebd2444afa3bf3783c3cb365ab2dbcaae354d91695551c30f361","nonce":"56d890e5accaaf011cff4bd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"042dd17136514522d9e851a5dcd3f1b7a6d32f5f9401858680e29d07f5801552a976c80449cbdfe8ba42d76cb3","nonce":"56d890e5accaaf011cff4bd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"2197c7373ab0406d2b2a10b980412297b3b02a8703608b649fcb707dfcbae50fc2aa0cd6219e9008f226bfa63d","nonce":"56d890e5accaaf011cff4bd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"f11ecc24c15ade47ccc5ec7456d4d7ce0ff90d69875ecb901b1cb235cd11bbe94f5751784fddd5aa81071220f8","nonce":"56d890e5accaaf011cff4bd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"f70ab7e2c3a2aa02c025b04abaaf7f87157b1ba10f8701d6dbebd799061d3ffee2cd443db521a741b363b3dd01","nonce":"56d890e5accaaf011cff4bd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"03bea1e16afeee73ab161f075dd5b1c9b84f13d33e3e6ec56e50ee6dc69714348741994e91913a2cd624f99dbc","nonce":"56d890e5accaaf011cff4bd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"8e5f558d4df3e7aeb17ca1be524b6b5a33a2d2b644a96cbcd62c3d03b83c09b106808fddd1724591676dff69a3","nonce":"56d890e5accaaf011cff4bd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"9d933bf7e3cbd7902e37e0f30646edeb898ca0ba4da7f7ef75967d525cc074901933d70de411cf7d8a0c85eeb6","nonce":"56d890e5accaaf011cff4bcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"2cbce6bfca6f4951bb3a784054524e67c0d07239536fed8506bd873bfbf9067748e42e62541233f7508eab4e4a","nonce":"56d890e5accaaf011cff4bcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"716a28254162bc0219c4664d8f6a9e46b18cc036a714c414b46f7a204b1cf457832b1b8eadf722a533b70fdba6","nonce":"56d890e5accaaf011cff4bcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"6275dc094e6c92a7bc1d81479860fc2ac3ae072a8a55fbcdd98f0ea326eb6ff8363748cf8630fbecd89bf06800","nonce":"56d890e5accaaf011cff4bce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"84de0169819a6edf0e3dfefcc508fd852ec4d672fe95ca4bf435769b1a984e014a328c19278a03fa376cb1b03b","nonce":"56d890e5accaaf011cff4bc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"2ba22d3644fd8a8db6b78737e5ef13bfaab8b2e28d1996f3605a4003c32085fef13213399bf53b96dcb1caf58e","nonce":"56d890e5accaaf011cff4bc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"ccee2c9d252ba25e26a1481c207457deb29943e428c468dfa6fd8b2966abbf799314cc54c650241e721478960e","nonce":"56d890e5accaaf011cff4bcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"be78ccc2fda5e94b6388b8d0d5d0ef843a5938d1d7ca60177b035565de27cec31d93555dd2a002d0b93e52da3b","nonce":"56d890e5accaaf011cff4bca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"b31fd66aad180524619cefe6ade2d251fb17642da158e1aa631f709d4d105e61fe6b01195240a16193063e8ab3","nonce":"56d890e5accaaf011cff4bc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"af59d3e7a79594b3bbe8db4ce984f0ba255ca4faea025fff25293a4b9e971056f7ca2ba63d8ced8d011526bcda","nonce":"56d890e5accaaf011cff4bc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"12ba779fc44fb80985eba7f2386a350182bd744482c297689d4e0defde46bd3d5bd9bfb2565b24345895bf8bf2","nonce":"56d890e5accaaf011cff4bc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"115d0082028ba6c0320478122223c1ed244cf0072360a5016ad6bb094d5b2da9cf06187ebc1a8a079ec48b024c","nonce":"56d890e5accaaf011cff4bc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"3277b0ffbac6e471af3b7677c47d2b20e66357929fb25677b724c4fe7bafa318fad5655bfb655c0f407256ee1e","nonce":"56d890e5accaaf011cff4bc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"673ecb10c28ab0ccfd3deb1380c60c36b1e8e0d5c4f4717236410a42dd3dd9cd90f312ec8730cea961386530a2","nonce":"56d890e5accaaf011cff4bc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"94478d99db8d0a98f3e3051b88d97819e0bc33be2e78c812cb6244593bba7a53859b45e1e6d7b68c2915734fb8","nonce":"56d890e5accaaf011cff4bc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"2d6e3998937c32be83549ee659d16650f90d2d0c09c2c5eb5b0df28c2b94b6aa25ddf17528344497dfc49409e2","nonce":"56d890e5accaaf011cff4bc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"4048d5bc45e25b47b0017d77e8b3e2f44264d25cb8fe0957e8c80e0d124fa4d0e021b062e2009a7aecfe8f21fc","nonce":"56d890e5accaaf011cff4bbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"aadbc15cb8b2e2e41521a8bd340de45e9223c9df1c6b7a12a55dbf1b25ce4a5a617cc740030bde488f62de396e","nonce":"56d890e5accaaf011cff4bbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"fcfbac7cd22d7fe25e0a880098b2d75fce7b16315da1fdcdf2d3cd283dbeab28a4b3219afc9bd4b0ed6942358b","nonce":"56d890e5accaaf011cff4bbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"d218751ce5ece2e9ab6f3e587ea3d7cc0c50daed6be792aace4cb10e87a533dd1626d10bfe484f76acdc93ac9a","nonce":"56d890e5accaaf011cff4bbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"0882ae25221dbeea0b136617e3784a785e781155b71636bc49da7519a715328cee6b8c879c7388d8148bc2f835","nonce":"56d890e5accaaf011cff4bb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"f148e482589471084200325c984b56ecf299bacbac95ab75490ec465d675a7b6cf22d52c8566db75b6c4716d16","nonce":"56d890e5accaaf011cff4bb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"c1bd637a6a2b207d6cc5651086de001564c651ef65cad565ff5aa9280101388f22377241485784df3bd6634efc","nonce":"56d890e5accaaf011cff4bbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"acbc6056a256021ff7656fdec4d2dd666ab8b56cd6bf7e71e4c8b7869ff3b0e7a86cb9afec806f396bebd7eaf1","nonce":"56d890e5accaaf011cff4bba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"b04c4eba94ca076512dd4bd4c3c4de3a849e9a45d4d085ae0276fbdad1f0b38de7d72405affd06962d5157f20a","nonce":"56d890e5accaaf011cff4bb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"9f8e175be965e0b0fd6746cd1a834dd8ba515563a2b55b4e373e19a45d5ad781acc68d7d9bb92853ca3f9e4451","nonce":"56d890e5accaaf011cff4bb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"3ee67fba41dc7f010e069659bfd1e103cff3c481a6942b50657c53e64a0a39da426f3adda075bcf605d283d5ac","nonce":"56d890e5accaaf011cff4bb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"8774c1df4da8b2b2a31a9c422c9437189626721e265f26f5fa871d3f60c53e677bb911a870601608724f34d504","nonce":"56d890e5accaaf011cff4bb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"267afd21052c656a3dbd834d884e9fdb4c40b4b90f06a769d6b19735a991f4c33d147e1f3b088c3e869d47620e","nonce":"56d890e5accaaf011cff4bb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"e24a9fa31932da3acbc15a1295fad6e19289b58748c514cd26eec61b30ce899c5aca795c7a9d7ac69d9f497fdc","nonce":"56d890e5accaaf011cff4bb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"750b5c5aff3632b31a4db3c16d2f619244da9014c4df85005e9a4e4e64417bafe3f1fe536afaa6347c231edaf5","nonce":"56d890e5accaaf011cff4bb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"364a6f2e20856d6fc6514f0bb908f69c96406a86186b64009e3ee51345dac0898502413e46975673af776c3a13","nonce":"56d890e5accaaf011cff4bb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"9f7618df484f16517f8dc338455b24877f4a13edff575ae9a15a0c7182dd7b42a676334ad2d49f60280bf7b590","nonce":"56d890e5accaaf011cff4bad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"5fcad7847f7c3a09a360c910cb9902ac5de72abd9d665b837be1ebbba52c4b5aaf097b8f250cce2f2391755dc5","nonce":"56d890e5accaaf011cff4bac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"86a9b61e7f1ce39aec4561e4794462f6e26d901192320377a599372d20f186bfe4689a1bd28a477c32fd72d6c9","nonce":"56d890e5accaaf011cff4baf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"8eeed56b89ee9d09984582a43c774d09a9243d930afa527e5d8a0fe2981530e4f3a1b645875099195952b5f941","nonce":"56d890e5accaaf011cff4bae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"a1d4df87741154f6e27ca6b581b4f0920c7ccba250ad97aec67ea68885cd4a5e5df209505911724cda01490c0a","nonce":"56d890e5accaaf011cff4ba9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"a26c3dd33c49bd19c789f50d8b63b2aea70fc99ee5cb8018bb3909280a8a7e49cd0297eef454f432fe41411e86","nonce":"56d890e5accaaf011cff4ba8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"dd8dfa615c3915f066ce14069be8a46b87eca498831ce2814657545e00c25308fb57d4d90350cfe187dc02d23e","nonce":"56d890e5accaaf011cff4bab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"53c56d8d123062812b589b2546e0bc26a1f21c43210f3959465e072957742020eaa8cb889aea759747f1d3f0bc","nonce":"56d890e5accaaf011cff4baa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"29f3356dfab7668dcdb1453a603788d87b94cd6973c1a5621f81b21b74aed2f291c78982870b123ca3f6e914a6","nonce":"56d890e5accaaf011cff4ba5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"61cea4a7385001e55c5f9070da9301fb2f0d342ed3cbcc2d73790207dda81f72f5e7426abbc9c88099da54128f","nonce":"56d890e5accaaf011cff4ba4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"4fe3039e14b0f29339fbb51341e7c34e975fb5c88771555f97c7e54484bafd4576fd5f30de25e533b9012581f3","nonce":"56d890e5accaaf011cff4ba7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"9ed04bcf46533f6ddcbbf2d08a2ed12a15fc811bf42a642b7debeb4ff749eafa5b16cb4ec7b4000cf4c53fdf1c","nonce":"56d890e5accaaf011cff4ba6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"ae11d77d8893ccd77f25c85cd1916aff2b9d08ef726f27b8ed5a6a6a01480f235019204197d19d4e18269fb7c3","nonce":"56d890e5accaaf011cff4ba1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"05983cbb9bf73d6b78979db91e265ab05ccd892ad878334885ee1b59fdcca00cfbcf7ae78a7ce56b40391e287a","nonce":"56d890e5accaaf011cff4ba0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"49257b519caca28e64b4bce0905aba5c6beb6381cc1bf541a9b75cc0fad19bcb3c033b9d5ca3c094bf0f56cca7","nonce":"56d890e5accaaf011cff4ba3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"6d0564b09411152a344199bafe764ebd0a1a78c3ed2ec09b74fedb159ef8d73bcd08d0360898c85616d36436dc","nonce":"56d890e5accaaf011cff4ba2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"d6a4a22e7deaba659ddfc4fff641e540ebf4e5a45b4f69fedd2e06fae3d2f67cbb5c4ecd8320377ef358a82de2","nonce":"56d890e5accaaf011cff4b9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"6f0493e3530818e079ea36a379749c060cea93711b175595bc2a90d8040bd8ad1084bdbf5ca11f0d5f75683434","nonce":"56d890e5accaaf011cff4b9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"e66f93ca92944c7dd2001db9ab020c4207e63ad2599e37396c1fc637cffbca229df6340766483daaee69e95fcd","nonce":"56d890e5accaaf011cff4b9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"c1eca5247afe4c933db5e0bd8963376eb9dba1691149b256c18dc120ea3ce6176fa0317538aede743fa9642fbc","nonce":"56d890e5accaaf011cff4b9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"dfa1b227f043ad79bdc8c881168c7a00365e577238856fec72d445a210080c24064fd9498702c7cd8b03870e02","nonce":"56d890e5accaaf011cff4b99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"590af9651e02ec8c62a0d60c47c56d60f19e57fc3867ce1b064ae78beea37a4c6d4263d7e7e93ad42f2e668eb1","nonce":"56d890e5accaaf011cff4b98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"fd5f871f8806423284621ac03b819953baf5876b1f4dac817b2f263adddad4c20f76bcbedbd42ee0132d65830f","nonce":"56d890e5accaaf011cff4b9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"fa64f0a324bae6de6fc8722c515dda3395f54a5bd6ab4efdcebd019d0fe85a64ee3f3d741f7f78687fce73523b","nonce":"56d890e5accaaf011cff4b9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"547f4b565b0379029f44e39af706387b33ab6648a97ff0ab783b4d440eb7db3140b1064d400bfb53d7d86ec7d9","nonce":"56d890e5accaaf011cff4b95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"f3a39bbf0c8d8b56743929792849d3ef87bc4888a89c5ea531684f085181542bb8f0688b5e8ddc2773d74eeacd","nonce":"56d890e5accaaf011cff4b94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"0e968243ec434cf4404eb385f5d7a6ff5cfc1cc6af2727b099633e09756d9d8f26cb1489ef2fb3d032acbca7e9","nonce":"56d890e5accaaf011cff4b97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"995ef7b92fcb80c178fe542af57d55cfc18a6b29dfeb2704b2c2b03e88acc57219c600d8dbfd8916fdb5d433db","nonce":"56d890e5accaaf011cff4b96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"e2c782d717f5b85e73a8621768ca07e9a9b96bcc0c6ba07bbb26890c156d2cbd39fea55453fddbe42a846acd5e","nonce":"56d890e5accaaf011cff4b91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"c779ddc174b893b8a5ead7dc19af506d2f5ad25cd403bebeefebbef9cbddf0fd6a10886db0e2fbfb1b86444c38","nonce":"56d890e5accaaf011cff4b90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"8a6dd08102216ad3331cbd6431de11071961b9dd54e90421dba81635584c3943cbb2132a9f9dc5b090452cb49a","nonce":"56d890e5accaaf011cff4b93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"a948cc86fabc81c0987133a29ebc8ba1845c879f186ef535839fabf7dbeecbb121b3437f13a9da2ad8c5a48a2d","nonce":"56d890e5accaaf011cff4b92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"60d6dfa5156994bac2180ef5066b0bcb48ba87c1f536d26d722ff8a20c43724365e3e8ea0068171d038781cffc","nonce":"56d890e5accaaf011cff4b8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"2a1a9c7b573fab29b027275cc862c9f1b1a97dcc623f836ab2e20af97b69b576f5ffef41ff8f85d25a3476d25b","nonce":"56d890e5accaaf011cff4b8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"7a529533655d8f51640bf95469e06f9e33b7552ed1317804d7810f6376865290a15775f8bd7234f55ce2a7cf1f","nonce":"56d890e5accaaf011cff4b8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"4ac01212f7e04167219c9bbcf0b814072f9f65fa4f3a31c5212af2d402c74c8c01de3c03334c6913e5da9670a2","nonce":"56d890e5accaaf011cff4b8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"215c945d815eadbb50b4730f829faa5668678dda90fe88bfd2fc09198c000a60e3b88e7dfaaf9ef04420d0ae48","nonce":"56d890e5accaaf011cff4b89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"b27f5b4f1c063594de303b7c7f44f8e5c2f89c1890c2bbcbe31b5f52cabc1fc770c9a9f6e87128018b09153625","nonce":"56d890e5accaaf011cff4b88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"49f88fdaef767f6916a2a03a65589e7817807b4f43b2094797fdede6557bdeca3bb3428b8928cb3df940e18186","nonce":"56d890e5accaaf011cff4b8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"5d3a0833027462cc7832edbf0743f8aad86d4ba7ba5ed1c2400a28f86e1b78fa970cc56cfded2604255341ec0b","nonce":"56d890e5accaaf011cff4b8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"6125484ccc89fdda010b6b33f61f0afe10b1b054696a350ee7e11fad8e825f357583570d5ba9eb9e0b28768e9d","nonce":"56d890e5accaaf011cff4b85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"fed0d0d35ad396c05bab1ed230fbfcd8f73f3c099f73eed5818e210541de593cb8b693076c2a3f087e8bea2513","nonce":"56d890e5accaaf011cff4b84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"00f9721ca2fa4a05788164cb72eac9422393424b4e77f2901f673916cbfca31f38b7f4b1fd7dfb3bf5ed34c223","nonce":"56d890e5accaaf011cff4b87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"cd8124fce8c715d4491195b8e5bbb251539993077e9ca54729e3e42f3e4c8960532df32e8d7d1ede799cabbd2d","nonce":"56d890e5accaaf011cff4b86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"ebfbfeb6c55bb671f7a557e231f8f6cf745b0fa7f38d47f9118fb6cb62a638f4eb8e09719d2614b18dce1ae766","nonce":"56d890e5accaaf011cff4b81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"dc0339625b508a9836c1b54ccf43d76d969e933d0625c31e75a45c07b399dc3321a69718829a9571f52b714486","nonce":"56d890e5accaaf011cff4b80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"7650cc7b7a1b07eeda0b6de063a4fd423a5cce9dcde1720d210d3fd3a03968e4ca8889a2f18b6abab7f5dc1ef2","nonce":"56d890e5accaaf011cff4b83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"7175db9717964058640a3a11fb9007941a5d1757fda1a6935c805c21af32505bf106deefec4a49ac38d71c9e0a","nonce":"56d890e5accaaf011cff4b82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"957f9800542b0b8891badb026d79cc54597cb2d225b54c00c5238c25d05c30e3fbeda97d2e0e1aba483a2df9f2","nonce":"56d890e5accaaf011cff4a7d","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"3853fe2b4035195a573ffc53856e77058e15d9ea064de3e59f4961d0095250ee"},{"exporter_context":"00","L":32,"exported_value":"2e8f0b54673c7029649d4eb9d5e33bf1872cf76d623ff164ac185da9e88c21a5"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"e9e43065102c3836401bed8c3c3c75ae46be1639869391d62c61f1ec7af54931"}]},{"mode":1,"kem_id":32,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"d4a09d09f575fef425905d2ab396c1449141463f698f8efdb7accfaff8995098","ikmE":"78628c354e46f3e169bd231be7b2ff1c77aa302460a26dbfa15515684c00130b","skRm":"c5eb01eb457fe6c6f57577c5413b931550a162c71a03ac8d196babbd4e5ce0fd","skEm":"463426a9ffb42bb17dbe6044b9abd1d4e4d95f9041cef0e99d7824eef2b6f588","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"9fed7e8c17387560e92cc6462a68049657246a09bfa8ade7aefe589672016366","pkEm":"0ad0950d9fb9588e59690b74f1237ecdf1d775cd60be2eca57af5a4b0471c91b","enc":"0ad0950d9fb9588e59690b74f1237ecdf1d775cd60be2eca57af5a4b0471c91b","shared_secret":"727699f009ffe3c076315019c69648366b69171439bd7dd0807743bde76986cd","key_schedule_context":"01e78d5cf6190d275863411ff5edd0dece5d39fa48e04eec1ed9b71be34729d18ccb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637abb05449","secret":"3728ab0b024b383b0381e432b47cced1496d2516957a76e2a9f5c8cb947afca4","key":"15026dba546e3ae05836fc7de5a7bb26","base_nonce":"9518635eba129d5ce0914555","exporter_secret":"3d76025dbbedc49448ec3f9080a1abab6b06e91c0b11ad23c912f043a0ee7655","encryptions":[{"aad":"436f756e742d30","ct":"e52c6fed7f758d0cf7145689f21bc1be6ec9ea097fef4e959440012f4feb73fb611b946199e681f4cfc34db8ea","nonce":"9518635eba129d5ce0914555","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"49f3b19b28a9ea9f43e8c71204c00d4a490ee7f61387b6719db765e948123b45b61633ef059ba22cd62437c8ba","nonce":"9518635eba129d5ce0914554","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"257ca6a08473dc851fde45afd598cc83e326ddd0abe1ef23baa3baa4dd8cde99fce2c1e8ce687b0b47ead1adc9","nonce":"9518635eba129d5ce0914557","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"7c5be862dd3e597f9eedc4a939a6ff6791f55a7c7d879bf2a798d93a20004c3fc8fa4cb320eb61d5773156cf93","nonce":"9518635eba129d5ce0914556","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"a71d73a2cd8128fcccbd328b9684d70096e073b59b40b55e6419c9c68ae21069c847e2a70f5d8fb821ce3dfb1c","nonce":"9518635eba129d5ce0914551","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"a8c65b88bc628a4e839c181a5372bc2919bf62dd9c2f153e37137b71d945c641ec682bfab60e8829c4828d7900","nonce":"9518635eba129d5ce0914550","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"ef463bc52e001d275db1dd7458a5377eb65abffe611ed2f45a49d64ab71205611d588f9e05d44944b65b8232ee","nonce":"9518635eba129d5ce0914553","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"388fe0b087832de1ccb9dd2116bc7a95304d161c72e9262a28ffe88b9a6fe679584d3f427b8b205905d0f920b9","nonce":"9518635eba129d5ce0914552","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"553f7d6313bc1635cca2787e040842be2e06bc7fca3231e4c5383621880e4220ca66b56a7dcf174df4926820cc","nonce":"9518635eba129d5ce091455d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"2eaa4c540f6ea59d3683015e1dd3be8cb75cf9f19c4bc94d8bd574de78ba6233da845d3b704b5a2a63f85bf0c3","nonce":"9518635eba129d5ce091455c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"03d07bae072d9667f837ff35212f6776b91fb5802685001f4c3e1c366c7eec16d0e52031877d67089278f0c08b","nonce":"9518635eba129d5ce091455f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"e576ce2f70ddc0e8b403fdae951fae5c5e494c0f825d9506184272911516e54b0ff2136467a8060e083e61a24e","nonce":"9518635eba129d5ce091455e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"1d50d0ec82c6cbc34986c78b559273f3abb723291a05e86aff485d4370887f7b6338522dfcde3a81e3203230af","nonce":"9518635eba129d5ce0914559","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"1496795f47119c8e694fc82afb7a58d9b7f2ad209854dba53c01bdb9a6d3ea4927563254fa78c0e1238cb9c669","nonce":"9518635eba129d5ce0914558","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"676da9ecef101bbc7a87fc357a51c3873679710af6bbf9bd9efd7eee9ca0ab96c4715cb43c1b8ac4108ef29d08","nonce":"9518635eba129d5ce091455b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"a7b5ad5c41cf0c8c5a1258d6c5246dd14531a50d2a1a8a9ffe8cccae667b61c4414d2d23f8d1c72ba5453bd8cf","nonce":"9518635eba129d5ce091455a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"ec0b3fb325bab3a2f3111a6e72954438a5173b5c76e83edb52d5bbbbcfd9df1c29651af3a098ac146ac327aa49","nonce":"9518635eba129d5ce0914545","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"6193ad6ca288ef7fc3f73156dcad3929982c76985d381ed27c3c3ee2c179e525e14f978087da06ad2b29639c93","nonce":"9518635eba129d5ce0914544","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"e7f4b6324c38c21ebea742cdaedc03dde2a5fd5466c65a4690ad09df5dfd48a4a7dd65823924a42e768f776ee9","nonce":"9518635eba129d5ce0914547","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"b77463bf4f2d1682049e077fd97fc164a238211a3bb28297018ca1ad949a973c15758442f7b7217070be82e044","nonce":"9518635eba129d5ce0914546","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"1a0b84b9d8d9e8559483add64fa74290cf6498c9135c2973ebfc484f7327696c1fc58251b1dc807d8d0250dfb4","nonce":"9518635eba129d5ce0914541","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"f4b73b6bcf7408cfbe93bea491d030517f6c62876ea0c0f96fd1053a6d3ae3264cd6d65290edba35ea702c2588","nonce":"9518635eba129d5ce0914540","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"bb6301421bd982cff5df96cb5698c8e435f00671de884615f7d1bf58c0950a7536dcaab6fced043b2dc01905b2","nonce":"9518635eba129d5ce0914543","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"db4ff7ab5f488edf65ce1ca1071b50e3e3b68263f001a820214f3ca72c6fdf0f78b6b5af4bddd2dc5aa1b0ae49","nonce":"9518635eba129d5ce0914542","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"7fcb696fc4f21e9a53f3c14b08b9a31e0ed580b7b5233c8160be35aa1da485933fcadde2613dc181d1ee3179f1","nonce":"9518635eba129d5ce091454d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"76f6b443e104c0ea926674e7fb0fec937bb0f50dbb61ef683001ddcfbe8b060968a3b57bfb0af25e53a32e979c","nonce":"9518635eba129d5ce091454c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"e6eeeaf9b1582bf20e907e2d7fcc63d62073f45e756e2c587e30f3fef600829858825dd7c50bb3bc4bc83dca25","nonce":"9518635eba129d5ce091454f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"40b4c8ed973d40cdb6992aeb660b0252879dbcf482ea57479fbd702ae56804ed348a0b7fdd14895593965b00ab","nonce":"9518635eba129d5ce091454e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"fa07745317083bb3d351808f36aaf8983b3b5bd4011f450fa3247baabd4714aaf25fbf13136641fac3c00db829","nonce":"9518635eba129d5ce0914549","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"6fc61fff808d47228715c330fda550e9152a4c404afa42394c57ff47b0fb9dd268bb74f77db64cbe382da21e15","nonce":"9518635eba129d5ce0914548","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"f9e69bc9cd7dcea0a0c4b35065b9c29ba4666eac1eaa4d099dc2004cdf2aff8ef251146a475627454a5cfd94c1","nonce":"9518635eba129d5ce091454b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"6fd489186fbf84eea494537e9de96c7aa0dd7b36359b718134f948cb5e36771e9b389248539da5419e88b05f1c","nonce":"9518635eba129d5ce091454a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"3b71311d9d0a0de1ffae3a6549af63ea5c92a659ee1b8620095ac4e0e39c3a3cc0780f907130cf83166b2df412","nonce":"9518635eba129d5ce0914575","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"0368bb359ba5d8380dc03f0496c00b4829070c2ebe874ff6f5df6342a7d48656f56459e259734aabfab81198ad","nonce":"9518635eba129d5ce0914574","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"a1841dfca8e69614e6369111ec5c0e7b0010cd38b82d3632efd1d12bdcac5227e11c847904afee7a767dd63a70","nonce":"9518635eba129d5ce0914577","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"ccf1fd7850bcf7f18f00158e099ee70402e6e4352a29845e6ef370f2779bdcec9b726925a24d3c6c033e96ba7a","nonce":"9518635eba129d5ce0914576","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"fc6dadb50b103ded9ff028249b41baf8021c482e72f772b271dc8e5677ddfb280ed97db4f027248af1398da568","nonce":"9518635eba129d5ce0914571","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"c98ce17e20710117082aa0e3441ad116e2095cfdc9e1db433354e79da7b338d10c144b1e44554255b6e7c1cf42","nonce":"9518635eba129d5ce0914570","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"ce907ab1a084db5b48537f6ef1be81f224ab9eac87beb474738201f7eceee77f07f25f4502e3a1172960c8b097","nonce":"9518635eba129d5ce0914573","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"c8210b95adb21e436440c56773d1b9d0bdef57a87bdf1eab3f84954d297ed7cbb484bb496d178486ff7f61334a","nonce":"9518635eba129d5ce0914572","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"4bca8f84b758df04874b5955274a1821505690b5667fe4bff6f98b4ff274f129cd85c2cad44aa6fcd6299406e2","nonce":"9518635eba129d5ce091457d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"c36463a65a7da9b0c63fced7c1b2dd9d60a2358923ae69422520a2f2cde039341aa68913b0e81e144bfc5520c5","nonce":"9518635eba129d5ce091457c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"6c0c687e40c73d3f74ebc1559b3475342432ed5761574eb55bfa93603f99539562d45da8c713b8a4ac52f1c8d8","nonce":"9518635eba129d5ce091457f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"960c2aa18c5c34dfea18fec24dbef5586210667e4176acb9b83e50c1df500b1e1a87e869352e60e4a565e91be6","nonce":"9518635eba129d5ce091457e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"13915449f0927cd6bbf21ef5d0def4bb6cf9b67439a429b11fa787e91dcca6955964cf8ced8d8eed4f00b433bf","nonce":"9518635eba129d5ce0914579","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"9e08f9d6901cac2c6a1de64f351b4655bdd952592e68f1ca83d06d78987f7c268a43a49d11d6a7065093792371","nonce":"9518635eba129d5ce0914578","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"a02c048aadbb5e0fbbcdaacda18e1b566e8bf91e2f51cbe732f56ef25d0a1a4a56f283737f0fed6c979992dceb","nonce":"9518635eba129d5ce091457b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"443ea28f8d105e43ebdec6bdc1d67c7a1bb9446d08055fc2f177e1ea56821f38083315361fd19a57d0dc1d39c2","nonce":"9518635eba129d5ce091457a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"6679f5e9a83f781ee00f0094021bb7c06561d9f256362e8ae7d9ff63fc25c9c96736bfba27cd329b5003ace289","nonce":"9518635eba129d5ce0914565","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"1dcc63b6676ccdbd251d2f94617a3b8d7576b7b81a376213bd9b15353f6b02cd216d1ee499a57591faef70101d","nonce":"9518635eba129d5ce0914564","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"07cbf9dc81f111b324d451fb40dbb43c11e353a637f85449de8450ef617ae4ceabef0250beb035d39f6bca1153","nonce":"9518635eba129d5ce0914567","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"238546782384b7e4c258a3855304c3744884b89c7e4b408394bf6f90eb491c409938194898cfdeea6e1426859d","nonce":"9518635eba129d5ce0914566","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"91b374c3ef5ef7b1a439fedbc559de9685f2d8c5843462d874804e8d9683d6902e633e6905074bb16ead3b4969","nonce":"9518635eba129d5ce0914561","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"c8a942013ab30af11fe5fb7c1109ae26f48635b4cc5e9348afd4b83f91f1ea37990a99217ac4855a3689fa233c","nonce":"9518635eba129d5ce0914560","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"ed2ffc81301680cafe532f3f1f739bb374fc2e27e7700d722abddb19267c8ef2a810334ec4df48e80a30a10857","nonce":"9518635eba129d5ce0914563","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"c23748bf88b4e601fa369ef3d276d950d71e3104995ab5190cdd248275b9f409bc0b4eb4b910fd0e9b9eaa8ab5","nonce":"9518635eba129d5ce0914562","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"3b220a4a58d383ddd2ed57ac945b74411d6ba3857d02cc535168337acd80a91d7d746bddce103b1ffc194ebd15","nonce":"9518635eba129d5ce091456d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"f916be1471e09ae68eb2821749483fcefdd4e7c8ca5903c9e45b2da619a7aa928baa1f961ad49b04dd1a35f9ef","nonce":"9518635eba129d5ce091456c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"ec7230f23d1772a081b2de0d60756b83fe82ded37050d981d72d79a8af8bdc41adfd6abfe0b9811f670cfd4171","nonce":"9518635eba129d5ce091456f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"fb5966d3d7ef13a314b4eedee1f8c330ec7499b663e59687d6623cb8b2fb565f83117b50d1e649e5a43709966d","nonce":"9518635eba129d5ce091456e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"ae08a385d05e8b63edf04304d4758db9f5d28a3dc95c1cb98c60672aea16a0458d39cf488e216ae7ff4c28cf6f","nonce":"9518635eba129d5ce0914569","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"c1c696d4c96742d05486a2d2108996de9116c93a305bab7449e3d933537c3060062f091f6dc08494f073593632","nonce":"9518635eba129d5ce0914568","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"f989068e9bf1465d1b63b176c26d038424c96d8385e4886b428633ce5471a2d75212fac766f5bd1732fb9b99ec","nonce":"9518635eba129d5ce091456b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"7b0fda58702a15a3fd6c6f2398b85d1532956e04df06cf1ec87f5bc81d7f397eb15621a36628b8d6cc885bbad3","nonce":"9518635eba129d5ce091456a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"1c3ebf95ed54ab2e55e3645c474c26491f97a33484bbdcbf94df81394e91fe68f6f133ef979b7ae2eb7cf91672","nonce":"9518635eba129d5ce0914515","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"72dd11f12e810265356e019fdaccfff8fc1dff2e24f6d1b76855b431607dd5bbe53842f127fdffd4a0c4ac396c","nonce":"9518635eba129d5ce0914514","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"ba2278796e0933dba5d0396d6e9c976fc60422d4d879b26a22d50808f296c54a990b46ce78291ab6c849542356","nonce":"9518635eba129d5ce0914517","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"88bb955c76241eed530c1bc1ea31efb1daa9bec8529cf17493ed8c90a5351327dd0c0c2b93e58f32d4d51db3c7","nonce":"9518635eba129d5ce0914516","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"e26e3abda91b9bc9654d3d66e3837f0369a0deb093f9f8dc0f80858d6dd7805f540180a1b14b0c278c6ff80038","nonce":"9518635eba129d5ce0914511","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"0372005baa04df4eb61de067548098c40875cbc664fa741301389210f5b07d790fc7c4ea4f8f06a46ae5d258c4","nonce":"9518635eba129d5ce0914510","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"b5301ca2fee9e8c903ccac95f0825ff59cf63fa6441faeea94a2a1d0ea4a17dad14b1026f72654ba370e1e725c","nonce":"9518635eba129d5ce0914513","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"1c4a66ce0fbb18652549d33c90ed5f775918ceee0cb64e10ed94afa30d113e6df16a33ccf50a81d56ce4aea42a","nonce":"9518635eba129d5ce0914512","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"d4adc7ce686ca06fd1c87e188055eeee432ee4f04d3edcd051a7d990025d08cf024ead157c2dcf185c6266b2cd","nonce":"9518635eba129d5ce091451d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"36dc6b2475583398d339443ff36a3f1b399396cad533b6ad6d07c40aad67252e72e599297f53174bb1a412b53e","nonce":"9518635eba129d5ce091451c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"645fd2d46e51eb7c00c552e0c682d05926ef13e983e0747a3ce0be9a95fdfd889d336c617f5f5dd4b1393b01ce","nonce":"9518635eba129d5ce091451f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"c301949e8545243b799d65d5db85cd02ce885651549b40261a8c45ecdfe5ed6493006d37748ca0490104931853","nonce":"9518635eba129d5ce091451e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"2eed9562d75616f9045b201474fa38014bc3eb77f3e4ad54fe94b5826391461867b6f507e44a1eedd42fbd9f50","nonce":"9518635eba129d5ce0914519","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"7a25a53a8f8dbb5e7c778c7f819f74553cac12b3ad7d0f65684482b63a29583688eb7a9c48e9383bbd7f731795","nonce":"9518635eba129d5ce0914518","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"9376ae489f0948d95b635f653b18300409a4aad8e4a4ea31f3a6372c8c1cf5f5baee52c1e8a886f6df053478bf","nonce":"9518635eba129d5ce091451b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"08b22f7c3cbccbd8fa6a35f522d37659d4108815c22c43423f7ccafbfdcf1265118d5b28d379794425dc11d04a","nonce":"9518635eba129d5ce091451a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"54cada215c907638626cd7e0c89889dda8871c3a90fa0f2a8ddd988c45df5ebd2d2bd93e8d88985bdaf6436c3d","nonce":"9518635eba129d5ce0914505","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"a14c186f2fdeaf22a82914f323435bbd490342d64d63a32327080a64f365292000920d21b63f9da1247b5542c8","nonce":"9518635eba129d5ce0914504","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"0ae7f43578b77f5dc777913db24b9ee0813a61b71ea70484fa57a160f6827cc03104882b2da658209db8cd14f3","nonce":"9518635eba129d5ce0914507","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"90794bf9246c573b37b5754254db1e64684fc26592cfd802ac9c0cee990604de400fa9cabb8bd92c7c8f8329de","nonce":"9518635eba129d5ce0914506","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"04d1e106fe7c6eb8ec48613ba8f3c8c999c081e236f663312045af52c0f20dd00d6cda4730bba6ec39083dc6cf","nonce":"9518635eba129d5ce0914501","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"f5b0740ba3021f63f35c0ab8c07306223f34973af89e262864c2805ffc9d629853886ba5370c5ec337290466c1","nonce":"9518635eba129d5ce0914500","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"d6fba157f2e17cf04ffa558135fcd87e1ceb50a68954b0d13eb5a1eac966e90bb2abbd9f81f44b7422475c3976","nonce":"9518635eba129d5ce0914503","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"07dc9bb5f1630e6e3952492ceaaf9daaac5e0bd1b8419a396951840cf778cbe902f46afdfa14c1723ebf15845a","nonce":"9518635eba129d5ce0914502","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"728ab1e946d6b3a8986a6ffbe0f9bcf500c9eefa551640cd3c2c1a18df800686fc136c57d70abef8ea671c08ab","nonce":"9518635eba129d5ce091450d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"49569356717e13eafefcc1d3e663069c9e37d5d7a48852280bfc4fd0f997c3fc8372eab7c5778bf06125010954","nonce":"9518635eba129d5ce091450c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"c26c225d9e710b7f738d1ab67f670b73010d59f128ae7620183ca95a50c416e88d8158998ecb60ad3503da3bd0","nonce":"9518635eba129d5ce091450f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"8ba2e5f06e2b796aa794deb7c677724c5b48414e92b8a06e3a9ab6cc7029517794e541bf4be0d4fb91b1bf4a85","nonce":"9518635eba129d5ce091450e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"ace10c2fd5c8035bdf9f9dac3d34ac5e91df65c2c1651c7febe921ed772618c669412c5cd4bae089606c276150","nonce":"9518635eba129d5ce0914509","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"ed382f04e564870da76e6896252573895943081ebea93935aac857139ae37b851584f0dddf051dabe382b058b5","nonce":"9518635eba129d5ce0914508","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"d591e2dafd053e8ba7795e4d67ddb38bcbfc53e683f3e09c6e8d0f5c955162c3cc68f69457c2658f1aa45d1f6b","nonce":"9518635eba129d5ce091450b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"e43ea50910fb702df7781fb608a09273c6fc349b2d7890d126a08cbac15c1b649e0546c5164ca652e25b8a05ce","nonce":"9518635eba129d5ce091450a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"f4e9e18bcd14f523ee5ac10e988606e751a24fa876aff98582eef601c51f59e130e3bf00adcdb9d01dd4c989d3","nonce":"9518635eba129d5ce0914535","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"19263dba4fcb3b82dd8e02912d08f819c2ae9a416f1e3857fc60dc01d8e5133fe2bc3993c478fd4d721a759824","nonce":"9518635eba129d5ce0914534","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"dbe72bd105583b6fd7005bb09ac7d1195881004413b0d4110ab7d94a562701e5089d67a2408cf0bdb1e15255fa","nonce":"9518635eba129d5ce0914537","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"e15148e5269df7746a4347a2a224f6e7aff24c740202e09d6443937d2d80768234829b66b2607a0951e6f47e77","nonce":"9518635eba129d5ce0914536","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"05eb37fa29b867b45ed0de4767d95da6bf2f9252e368a0b85ff1e01ebcabc4fe5cbf35bc1bd50a246a54b006d5","nonce":"9518635eba129d5ce0914531","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"e12d06d76c33a8ca38bbd3c8f583ea32dc083f360d01a5a926b4d125feb46d49ca7d34c81851892537d8b8165e","nonce":"9518635eba129d5ce0914530","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"0e3a3a1675fbf7994cf5523d3d379a35fda4cc3386be83b007e6a042b06208301fe5788b2bb77bdfb703016ead","nonce":"9518635eba129d5ce0914533","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"4a7fbbeabee2fa08f1349fd8957048d0492d16d67c763855d3d5eb96f4a47aa36e88d28c7ef1ee5d84a57fa505","nonce":"9518635eba129d5ce0914532","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"28fb830c0737343bacd78bb47a543fea937ea8c54f3f44f1535dca2f73b00c690771d461f64c09a661445a503f","nonce":"9518635eba129d5ce091453d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"33645f9fcc856c41d716ec3799db4e53c551d66c73bb89cb70f3fac5611e3df17a66acd6698502f96f73992a1a","nonce":"9518635eba129d5ce091453c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"bc1b0358e068dee93015857f46a25c857bafff8a43ee1f65dbea93c666a71dd63aeb15fbc0ad6fe48e87eb632f","nonce":"9518635eba129d5ce091453f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"bd84c0daf62fe79d111a485fdbd3dedb1b8d5dff1980217d3d0a700b4495790248d2fc9adf305c5d9cbb3f03df","nonce":"9518635eba129d5ce091453e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"9d2e956b13a152b0978d65eaa781c912555edd4a7ce7389930969213b99e76d6b13f2368e96d4d575bdc2cc22d","nonce":"9518635eba129d5ce0914539","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"187a763bcb0f1282b2331d05d4cfe92f7d19182e520f810965e60ae441f13941b9bbe7dad54cf63429ed03f820","nonce":"9518635eba129d5ce0914538","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"f4c2aa80f584ed48157865aa570b566d8d958031604d24aba3b81d8f24c82e3b117ed5bc908f27c56d28db0403","nonce":"9518635eba129d5ce091453b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"d60dd9ec3b149fb304e290117e784e0a163f9e1f958e363e2961bd77b652bd7d10715fe5b147a49aca20db7738","nonce":"9518635eba129d5ce091453a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"034bf67b99d26ac6d23a181806d051eb8f57ffc8004d30921b79d9d720adeea92bc2781ade2cd89917de83a6af","nonce":"9518635eba129d5ce0914525","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"418dbe122aed4c5aa485603496ed8c91cf6e664a066999fc2eaf64793c95f3f0937ab8ef51a4e9d02fa76209a3","nonce":"9518635eba129d5ce0914524","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"91bf5b5dd494f8397acb46efcaa31f6c3ff1633b77fb3b3642ba9e266b1ea39781fd81d56dfb4403c1b0d4f8a9","nonce":"9518635eba129d5ce0914527","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"db1346763cfc281ed57009a11fc2336725415fa02fc62d1a33356a26af5f41fb31351f3a8e261c77bc14974ae3","nonce":"9518635eba129d5ce0914526","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"2a1795889c654a1ce561940e67130255ed861ceeeecea15c198f5a7188011e21c27dba280f9b81101cc4f7b95b","nonce":"9518635eba129d5ce0914521","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"12c92b659921da16cecd7b162caee72072cbb8c2a8683af004a45f117a2cd59c8d5cf1f523ae475ddf3fe90874","nonce":"9518635eba129d5ce0914520","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"371e81c9049c8191fb3ad32958aeee540f41e8ae5615c58086e96a1fdae630c3bdf0f86f616523f6dc5dd4995c","nonce":"9518635eba129d5ce0914523","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"b8ee800233774b060f9621c7d218ec73a32656d6b7c8bcdb24de9e7ddaf4f64e4f2ec53302c7efdac2e00b0a8f","nonce":"9518635eba129d5ce0914522","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"852ac0b912c9862a79b37863cf2cf66387319b1150b67de8e77fb3b5bdcba0d8ef3863bc1f463ea777dc1ee87e","nonce":"9518635eba129d5ce091452d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"e78b86b0695b39034179d9795b0b829dec2b2eede4a85e2e8e2902afe7e83c4634a5576398c13cd81f85ab8419","nonce":"9518635eba129d5ce091452c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"3fb14950a33d6bb85dbf26b41dd5e1b085004215d06210e447e2307377a46d9f2f75aec2c76dbdda274ddec58b","nonce":"9518635eba129d5ce091452f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"9d997d269dac8f9aeb405ec352780fe5c0b85f03cd64860834d7f6daa2dfd52ada2c441b4a16bb516d33f63cf4","nonce":"9518635eba129d5ce091452e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"964fe65babc420ecebd390453511913d8689f954abf5dcb91f40431b9c78b6c8fabbdbf2285c71180980172611","nonce":"9518635eba129d5ce0914529","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"daac631e174225107c18b57bfbb52a032efa7ea88fb7669d6bcf64e09807c32d40d28e8b97ec54f778bf5e1957","nonce":"9518635eba129d5ce0914528","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"642999d3fc44b3a5c25fe688472548e982bd6b201f548a9328ad1119a9ca467cce46a5058da89107db0b55772c","nonce":"9518635eba129d5ce091452b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"825a846ebfc420d1de0b31c857c5f37c35c15c3284ba2f8656b60b3780c6479c1d1627026e6c414d2f4989e9ef","nonce":"9518635eba129d5ce091452a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"20f3ac22594808320ef7ea0b00c1264a4f22fb3a0c7c25676bba9ae8928b61b127a13abca08655dcb629ef4fb3","nonce":"9518635eba129d5ce09145d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"c249d9f9890b9980dd83023993fe2e3c4acac23ab36c5389350960a38a1df862f167825bba71271a98f992789d","nonce":"9518635eba129d5ce09145d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"7d65527e1355ddc6fb5d42a8636f53795e25d42c7b1e5c443429b00be0e22c6da0a2a09e2c738b97fe01bac85f","nonce":"9518635eba129d5ce09145d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"74da24fb48d9a687d3eaf393c4b8ff42ae17cb85831ce1c4666f8c5bb9cbb828d68727a0c862af63ecb17f3420","nonce":"9518635eba129d5ce09145d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"9b5d50515f06a48835e797020c6e4650a8463000b42f91cbecc654794da7c098ed8760c07d7c48cfbce47640c3","nonce":"9518635eba129d5ce09145d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"1696ea95f190b2f29ccb47276ec62b32e964be9ad3478b0a1607d43724c98ce2cd8516f032121519e6e5863c72","nonce":"9518635eba129d5ce09145d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"a3ab9d0ac0bdeab0252e06ed69e18b1c082d3d102739c0f7cb21002bf41c05c374f0ba54c39d1ba11535657087","nonce":"9518635eba129d5ce09145d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"5dd83bc4a8791e912c2408a9c2207590c38b52505f3e840d2d928b7bca67c18c0f205fc804ccbe133f383d724d","nonce":"9518635eba129d5ce09145d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"1ad1608d8e966a226d7e3d2c546e2d90a5ef4d8819d26f10d8b29d57a6bb8c4d40984857872df7861e76ba39d6","nonce":"9518635eba129d5ce09145dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"e4752a93507e02b1f39e776efa5a680ba37c6345573cbe0da39604837f5b32f48a4a0fb313cd0469f49797e3bb","nonce":"9518635eba129d5ce09145dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"4c6e8d89371e6b49a15fb4fa695b3cacdd37f41c84f10b26a1a41e3dbd9327c68610b8acc04845aa94c0fc7f80","nonce":"9518635eba129d5ce09145df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"bd7a16d3141ef3f746be97f30243641c85bac8d58a8af8830f97a29f28c83a47e4176622522a2918028f4ed35a","nonce":"9518635eba129d5ce09145de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"a20842333b2eb15f55cf77029dd2947dc067080181ff25c303a54fd536219290f825db545cde90c83832d7f87d","nonce":"9518635eba129d5ce09145d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"f9797b8625ecf08daddb841a5b50c376939c68fea79fee5488131ee8d7d1991635dac352a5c07abd53c89a9025","nonce":"9518635eba129d5ce09145d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"478c6925f7cc325e36b2fd4c0c5d3a0b85228d36c96cfa4b438607b0e2eecf70be85beff5c87265848401b13e3","nonce":"9518635eba129d5ce09145db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"00db99455693fb466192a5abb10f82d2fcd4ebc7a636acccf3c7d8ac9575592f1e2326f3df1f765c253cc527c6","nonce":"9518635eba129d5ce09145da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"63c9f767c76fccb5a17fdf329158f533cbe63fb3de0edbfac7907843dd224c3796d5376299f7567402769e5c75","nonce":"9518635eba129d5ce09145c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"c59a6f5d96f277a8eb698b483c167d1b7f061d3c212deece2acbc65164b33511db20c267416ce36c1a2e9b36d6","nonce":"9518635eba129d5ce09145c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"a117f6e3d5210ce3e1a47caf52609048a22a553a3427a50c267bff1c2bd33f576aed4cebc6604adb3123796f1c","nonce":"9518635eba129d5ce09145c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"36f9e11a098d90353dac12555290a920dee2f7f84a19c0e13aab68e27c2097f9d9e54c41ff3bf871a4ed009fcd","nonce":"9518635eba129d5ce09145c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"d737cd0eeed07b032cb841734c5329b486c92e29a33a8969a23683faff7a527eee4abbc536567a8fae80ae1756","nonce":"9518635eba129d5ce09145c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"19574c609d3cb53d6d6a229d572c09051fbf25c13716266e7597bd8f2131aa8439806adb02a3299ae956b1017e","nonce":"9518635eba129d5ce09145c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"25d69e3f898f22b61fbb892abd2987957bd3a38d582812618800bec2db637e40b0b0c2671d817c96cbe3f7720d","nonce":"9518635eba129d5ce09145c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"0175d46496462afc9aee20e301f234b43088f17068e97a26fb6e0711177312491ee74103510d978e7c0cd03259","nonce":"9518635eba129d5ce09145c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"db111f4c852af159d8037974f9379dadad04f61c7580fc3290ef03bc52a859818c018ba9f787601d6cf2ee933a","nonce":"9518635eba129d5ce09145cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"00a97ee9ead9d4056a841150d6ed5c953f718275f913753d5024765c5691775f61f02f0b35a8ebcbf081e4a985","nonce":"9518635eba129d5ce09145cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"70d90203b5667931b0dd043de2e536309d98f5f7f7a9a0bf85e168f9c347b4ee956b3cacd5a1a20630564fb107","nonce":"9518635eba129d5ce09145cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"5e055a5d07a84ef392e4009423ac940f6f5a5c355e7f4c7ba951c4de8ac7c3a7c2a92ce3049434122f4b3b5462","nonce":"9518635eba129d5ce09145ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"8ad88f241e95ed1dcd30f551b1ccfc0f628e2f88873bed140f077b33dff7e9fc26eaa1e96962a5825e5ad6bd17","nonce":"9518635eba129d5ce09145c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"4dc486162e18919a00df1da05897aafb3ad186e59305621aacb6a64fc00963ba669d4b37c6cecd754510a5edc4","nonce":"9518635eba129d5ce09145c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"2d55177fa1b72eb3d205e131d6bffc9343063973e00d2a8e812a7ba1d998714b4624966422899c5be5e36b6d26","nonce":"9518635eba129d5ce09145cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"0f244fe5cc1c8b54f6faa3fd88c73f6e220ae268a1f2f177de6b1d27bfb785ef20836ae787e6fea23087a9b8d9","nonce":"9518635eba129d5ce09145ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"a3d8b4754c05fc11ce64b7293309ccadc300bac7a254735d540c9e1108c52c7f92950dc5faf997050374039ca7","nonce":"9518635eba129d5ce09145f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"8ec3f03c0704c81ad2a25430df6d4ea616f2726eb4c7ad0765ba8dc87d7b26e96168a7d8c66f125e2a06640dd9","nonce":"9518635eba129d5ce09145f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"36a28188264cc1189448e5d87eea1cc4ccc1432dc943ea49e04e7b69779baa458ba99870ac7674295c04cebd3e","nonce":"9518635eba129d5ce09145f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"95d86041fa339736c8dce3bb05c1a2b5d46a168b13f71dfeae6aee8ce789fed78cf5a4a6f38f0e4db89ec2fe5b","nonce":"9518635eba129d5ce09145f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"857b0198f78d89ff8e5bdeb9a8c3e07a1c3a409c239ab0fca7bdd9a16024f7a02d599db312cf7e36b938c29725","nonce":"9518635eba129d5ce09145f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"cc2eb46399b53bd6daf22c1eb83e2a2b4321e728c6937da7196cd9dbcb25d2f93b4dcad922d76adfe67ebd9b20","nonce":"9518635eba129d5ce09145f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"4b4abddafe1e771628fccc68290b9525168348af71722660720a8bf8791f64e8dc04a6bb0466f220e32b2aa93e","nonce":"9518635eba129d5ce09145f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"8899c8efdd65029ae0d09279caaab1d9a5b3aeac27f8682c9be5c3b12fbc84896e4478178151c4d85a475dcfc6","nonce":"9518635eba129d5ce09145f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"ed5e191b9e3193b1a23415eeae718c03b53754637baef92efde98518262cbc5a4d7fe8fc92d8cde9a9876c15a3","nonce":"9518635eba129d5ce09145fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"71eca978b8ed6237b53eeafd4ba32e1d8a9f253c8eedd5d0fc9b2e1718838f4b8a04885074a66bcf4c021718b5","nonce":"9518635eba129d5ce09145fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"249c741b36f5ce3da2649bd161882782127d641e749cff0936be8aea874cfaf1a5405d23633c427f896a3dffde","nonce":"9518635eba129d5ce09145ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"c11db7ada0470bc55c7867abe09b0991bf1bbc4e38579ad4bea016b6f1b4fa19eb1f7d1f6f643cd5c34a3fd288","nonce":"9518635eba129d5ce09145fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"19c500c0bb5f3e032d5fb29bf7d896dfa58448ba501f906af8729fc5bcb231befb74fac839473e234f3dc6fb9d","nonce":"9518635eba129d5ce09145f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"b7048627834926113bc18ca9a4d18ff28021ec72e7b4ce031ec25fa33e7040873b6312ac2c14cfacd68ca4bd54","nonce":"9518635eba129d5ce09145f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"6c87c7e9cd9a011db43b4efc5546932a0fd967ed7693b7c7e8a7d22e396413cbcb4ec1cc461b5635cbdb866bb9","nonce":"9518635eba129d5ce09145fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"512afea5a90c93359f879a5935286b28423c2697dc5b6eb285ef4bfbc86264ae7b52db791a618dc7018e8a41ed","nonce":"9518635eba129d5ce09145fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"a69347ddb067561d5c485f28cf17b9a0ce6b070d041765ad7cb8b8bd507c7659b6ff3520a54ab5cd9c04590a4a","nonce":"9518635eba129d5ce09145e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"9b0908af1e28e68bdfc1b1d667e34e48e95634d7e32ba5322ddb2747aa3d5333ff605c6dc4ed4e894860c16900","nonce":"9518635eba129d5ce09145e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"fe0834c76c49de12f1e43094e22bd701212a384127b676ccca2734958d6e8bf201c12b570252126b316ac2eedd","nonce":"9518635eba129d5ce09145e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"a37f2e09ae8bf8b7232a6147b49309634f466a2095ce9b58fb72a6bd865d55fdb711d5e163b6b6989eaa30f944","nonce":"9518635eba129d5ce09145e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"9c3d347f25d58d3103504190d304e839bd9ac8d9785b63a822d2712ce2437cab84ef97bb9f1382db97eb44c7bc","nonce":"9518635eba129d5ce09145e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"e57da49e9b47e21edda715da0c8dff9716db879c500e4dc2897d3871df017db85663cbb8b797f5de82d1f52c91","nonce":"9518635eba129d5ce09145e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"5695192749bf20212ae5e6f59b7e8ff6cdec702b4f869abb9f6669ecb82e0104e251dd0f9f1e4f3347952e9f14","nonce":"9518635eba129d5ce09145e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"c0e55e909ed445ac05ec122c8b91ece93f6607445fbc2307814360d25135b2ac0708e0293027027f385c9205c5","nonce":"9518635eba129d5ce09145e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"65ddcb3e377cee9ab2e8ece542be6517dddffc7553b569ee9b641aea7a34bf5884c465da41b4a263192009bd3f","nonce":"9518635eba129d5ce09145ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"59bf943b3747034dcf8d20eb19a2cd00bd176b24597b24c1aaf8ea3bc9b6c176a46c946aa1fdb938748742806a","nonce":"9518635eba129d5ce09145ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"087d0244fcba8658ced2216e43422b425c87473ed25cbbbd6a2c870ece57aa48222e13e86a94dd41517a482996","nonce":"9518635eba129d5ce09145ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"243adcb5aecf03503f5024aca668fdd210d486c22228d27435ca0bf9b0a6e23202fa18b52e3bef050bd7451518","nonce":"9518635eba129d5ce09145ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"aeffd0447be72cd5750495c29b0f2e937a0966983fddfb13a3bec2d55943b402f0ec21289d59495e2a49d9c67d","nonce":"9518635eba129d5ce09145e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"3bcf4b189eb0ad0a304e36805c32d617a14e56ace87025ddc4a21ae87a6f4d4672c4db130b31868fabd112b7a5","nonce":"9518635eba129d5ce09145e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"4cae53060ec735ec8010762dc2d6443326267b30f222ee5b30e2ce5f4f16d2ce6db44ec950f4f671c03d1ebfbb","nonce":"9518635eba129d5ce09145eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"63e9dbb4a464075cb206debbc1c829bdd759e4a04c198ed81cb33a801546679ce3ad2d6b7d2e9cf654d41cca65","nonce":"9518635eba129d5ce09145ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"4a735cbf414ad056aafa1f54296870b5fc55b873cefbd9e92bedb49d4b346671af4b5eb995bd301f9d19221582","nonce":"9518635eba129d5ce0914595","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"5e48f04b2e5cb64bafc12085adc7f4be5ba2de937e05daef57870130b2bbdf6b72b38c3a07468a49fdcb2054ab","nonce":"9518635eba129d5ce0914594","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"02040504645ebc7835a1b7115255caadf20327b728cfa9ce0b124ab646e42c1ac76ff91213277fac9b5856a0bc","nonce":"9518635eba129d5ce0914597","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"d2a0ae46c117b248e6476bf807c98b13f18b0544d432f29def305f846e04b74e76e11eaf5fe9fb0dfd04527aef","nonce":"9518635eba129d5ce0914596","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"8d879bca7e026fe86e410cbd570481ffd45e0a4029dd11fedbd44dfe132e51bd7fb7b04e8f5591aa7a1eb281c2","nonce":"9518635eba129d5ce0914591","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"41ee13a477c23f7a3d3bd92d0fe164fedbb719d457f76db6b656ee68d8b02a188f27d129c069ee78a50eba359b","nonce":"9518635eba129d5ce0914590","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"78cc8e576902f8e20877aefab66e492bac4870849844805eea6c87dfbd0e781ecac10768b61b0072cf9fe8304d","nonce":"9518635eba129d5ce0914593","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"799c885a70b99be01b22e00c153b6471dd498097d85ec9d6337bcceeb5d925e1a7886e399cdf27e1edcd0a90a9","nonce":"9518635eba129d5ce0914592","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"0eb311e64ec5b52bbabcf839940cbb83d202dfa141bf343726f2817a6438f9894372d3a88d86c24aff81122849","nonce":"9518635eba129d5ce091459d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"aa1b47f2b74aa4cdef8ae890613f3cd347ff9ad44d899adb9f64bdbb32891f052bfd030f1c0260caab27306cf6","nonce":"9518635eba129d5ce091459c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"17618d1cb3e29ef82eb42673d31b4dfe518911a8d087e39ce8d5a8f7e7dff6ff7846191e17d3b7efaf5e8a3e22","nonce":"9518635eba129d5ce091459f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"0318ed785243faceb354c79c9f75fb8f4ccfcf9e459a788121ea8ff6e2eca54398af5f17edaadc6a1c13dfed5f","nonce":"9518635eba129d5ce091459e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"71a2a8f801444cb466dcdf26d00712c34af8a91f03c1af40c731230c3fbe9e40bfd92b29af596e8a3828f1b257","nonce":"9518635eba129d5ce0914599","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"39e8c67f95f923807b4447efb3e99776978c8e2caf42f24ca5b0286320da52ef76885d621a05ab0a6e22301485","nonce":"9518635eba129d5ce0914598","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"990169b716256f9b12f96b2f3f941a99900704fdd3a653386b015f5b16c36c90d2c35dca96154204846df76314","nonce":"9518635eba129d5ce091459b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"d945e72f14a5f95d3429dd42da1bd9de320462901761c6e4875d0937e5f1edde35b755a6ba68e8b31a4b74c322","nonce":"9518635eba129d5ce091459a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"0c52ee1c0461dcf80ae7e217cc43d2355d28d8a435e6eaeedf65a9c1be07487e86dda8d5a9c7f99eb8da968f4f","nonce":"9518635eba129d5ce0914585","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"d6b2e2abe0988e1e1c0eb679067aa5e7adb6178f4e0dc6607d90fd215366fd19d5d003281542ffeee5293e8342","nonce":"9518635eba129d5ce0914584","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"e836aec75aa1d3f96e500e0e42022863906bf399b5aba1e1261a19090dcad31c43bf5a44a6a47131c2f2bb6401","nonce":"9518635eba129d5ce0914587","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"130e2f7fb4b01630abe46740a6c34a834b4a51896fd4d056787a01baa49198041d9a2e917e2a0a698cd88b8fcd","nonce":"9518635eba129d5ce0914586","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"e2c4f1c3620d494334c5abd19513ae17e9aafa6ac1df7b16f5fae197c77a7059a9e254421d34869b4c49bcd7b1","nonce":"9518635eba129d5ce0914581","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"bc4ce3ecc1e79e9ec9f1e89e59e1ced72a51d1f9b48e4798787c360f508b49c8066161b1ae5d131d36b451c2d0","nonce":"9518635eba129d5ce0914580","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"6731ee2066bab622a1637ad8f7c029a597a32bf8bc548cc401738a4747c69c5f400965e9461d1627568f646108","nonce":"9518635eba129d5ce0914583","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"63a0bbe2bee7b5c79e3e2a59b89c2c23001a2a3a3576e3b10b491f56a17614d71dfac44e1193a5a9fb159fd982","nonce":"9518635eba129d5ce0914582","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"958e99d99e9c12058b9363a4f173ece036e34ee2511126382eff5facae9108dd2e05f1155882ce6f87709b009e","nonce":"9518635eba129d5ce091458d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"7fcf1e9ef70024d8a5fdf4107d72797d3efb6c2c56e8541b1ca43ec8368cefe9bfd0ad2d05a65155d16140b6e7","nonce":"9518635eba129d5ce091458c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"7214f90dd36e534647ed3432b11534f9c2a0732c6c92cd3def13e3d4b851a219970a1f36d09b7aa768af03933b","nonce":"9518635eba129d5ce091458f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"f1e91944d9cc11f0f53d460ea019ddfbae5c685a367e4eff040e8881fb3b69fe45766dae76346260c340df5cf9","nonce":"9518635eba129d5ce091458e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"0d97cfe74c27d8e145da956a20e40a5c93156dcb07703663f7f8881c6f2bf3056213c313a3892ac860bb962490","nonce":"9518635eba129d5ce0914589","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"50489933bb77aca6b49f5303c639969b29970932f95b084dd8f36a3df2385fadb9da56d66c76bb02dc29cee39a","nonce":"9518635eba129d5ce0914588","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"91292fed87e325b43ac0c8773e8c2e61bdbc149cd85490148276d5d017d6a7621b44c8511b0ef3aac68b2bb79d","nonce":"9518635eba129d5ce091458b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"c9b4d7af6fe0bb4c4277bdd5447dbb2bf7ea319aaf4b159757bb64ed6ab43fd000382648174c037e3781f5cd30","nonce":"9518635eba129d5ce091458a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"cb9351cf3c7fa14383cc15b2ce0cbcf0c2e4a2bb3e0cf4a976472ae19bd2381afc09f1bfb1e512df3c00b83939","nonce":"9518635eba129d5ce09145b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"80d39898707ea77bbd7e75684d7e71e376616fb478f442008891ab1f1d41febca00baac6aeeab641c728d20c3c","nonce":"9518635eba129d5ce09145b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"92f3eeb4313c7afabe6fec9b166d4cd51cabdb58142d5b83b928c56ac73456ad65dd937d905abacad94af4a5cb","nonce":"9518635eba129d5ce09145b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"f3349c116240d7c31179f6492aff16c67881ae827d4822036a45ff7412af21fa2529271e9f2031414d6fc10d90","nonce":"9518635eba129d5ce09145b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"494a591d6f51cf551fc52f727410e3137febf91851a8281ba3985d2595f2099bf9deeb790fd11971f4c3b6addd","nonce":"9518635eba129d5ce09145b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"4ca39132c50ea26d4099476e6226ffa96209f310695b24f450bde94339ff44005b94ad6484fe5fd44ba948be08","nonce":"9518635eba129d5ce09145b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"df6db739617cf01d14cbf6565cff0fae6f770c1a5f3d1a8c19466cb9c5658da9e9f42d30ae5bb96cd680239dfd","nonce":"9518635eba129d5ce09145b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"fecbf7423845d3a4ce6492c75c620c9f506df22d15bc30f4f872951fd1c218e59be7f86fa14c6deb602a8e6f21","nonce":"9518635eba129d5ce09145b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"4f7b31b77d4bfed54503d1b084192b7ba35ac588634e02248fa2aa95892bf0269c0d649ab6fa7023fc7f172886","nonce":"9518635eba129d5ce09145bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"d15bf40d29ae428206fa2c78524f96c7de0cddf42c48c74b8ae1c8dca33f4836f0371a7c34df5619a2476c969b","nonce":"9518635eba129d5ce09145bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"4c89249db09617d0f902e77b5fbda9ccdd253ec5f6caaf7bb7fda5ad2ac7da25c1e454e161f188d4d9edccb18b","nonce":"9518635eba129d5ce09145bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"5ccf0dcf4819c774e7fc3a9eaed92fea4f766fefe2def1f44a8722ce901218e12a604cb484490237c53bbdc067","nonce":"9518635eba129d5ce09145be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"a67c527bcba0ee8d44444f2ad0bd1e526090589ca0f9a599c42407ea62484ffe0015098a404f78d7e0ab745526","nonce":"9518635eba129d5ce09145b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"0f65ef12e05a46302743337a17ce58c0cde7430d0d0ace3b05169bccd31bfaf636d343e4b207a1bf0f5310647d","nonce":"9518635eba129d5ce09145b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"8344888740e857fb218142c5e3a29d3c0a78fac5fab3fdc1acf28f94da37ab80083763eb554d63e3d1cb8b3c36","nonce":"9518635eba129d5ce09145bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"9509bb6a6c420970ad4bb9bdc4e9cbda39d6208e1685fc6576e72e3777b7450023f69b6d24ac519628addae33f","nonce":"9518635eba129d5ce09145ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"2eb5cd45ab34bf32424d0d7cad1f54274c02c2965019dd2d20dcd8855208c0c3790198ba6ecd96efd189f74a25","nonce":"9518635eba129d5ce09145a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"3ac37788b4d5523a6302cc0b8fcfb4a1e848afbad04d2fa845de26f1a02deea204394c18b4e8a04c58d9683da1","nonce":"9518635eba129d5ce09145a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"39e11185b6b65453c73e63de5c83a1f21d3bb637c12595bff79b10052f687f557265e2a963f206810e72227842","nonce":"9518635eba129d5ce09145a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"8aedd4d88e1f0d73b7b91c262017bae8146553ee147e9e8c05de6dd765b228456605eee7210a091a2adcbfe1b9","nonce":"9518635eba129d5ce09145a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"30a6d0a195f321ae384d13e36b584a772c9f3f7398de80343ecfd071c2987a51f7aae05953305fde48a9b09e68","nonce":"9518635eba129d5ce09145a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"26b959e1eacda7e386255009723d60583cd0d08dde9e273d9fddf490e9a85330b60e345207daac0a023f710614","nonce":"9518635eba129d5ce09145a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"3e6288537fc207d3cda47472851a6ed4b7752efa9e4155b9e56cf59d20c63430b2b5359f1e515283943ebeed0e","nonce":"9518635eba129d5ce09145a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"1f3422430c566ea1ed69603767e5291ae669f51653d861da2b2ee710260d69711ac210e2a42ff858d159089415","nonce":"9518635eba129d5ce09145a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"edb9f88b48f469a59fdcf7d64ac03415614fc2a9beb18d9d6369dfaf9811f6a2bdd71121c3e96cc29c866f6a06","nonce":"9518635eba129d5ce09145ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"998e9f7aae2231b39de36d39ce1c3b67234bda5ed9bdb219d903a7a0004c6fc42d1af9a4fb6b9315f02b937449","nonce":"9518635eba129d5ce09145ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"f5ebc2b026b8e03a52a2993fba9b8975d3e9c786c41bba307bdeeba1abd04c4068030985e62b6648abc89360a1","nonce":"9518635eba129d5ce09145af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"852446f84c8337feed5b04b34539014571f490b3d262ee2c640a2039b97f63e628620165b794ee22ad71e267a5","nonce":"9518635eba129d5ce09145ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"eb33cebfd9f3d02abdf70d8da7e7564188092ca24a1966dbe6bffe5329c15bfd41d647af9c48641be9918d665c","nonce":"9518635eba129d5ce09145a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"ccafd06f74d9c73a8186ca2cdd1799ea04e4fc7c8757fffeb105b5ef95e36ad378e53a06495411aceab211a94e","nonce":"9518635eba129d5ce09145a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"321d701cb568e5e43a554962234b6bbef6245fbbd29db494bec463ee5de5201c1d93e122b3808ffd46e96c271b","nonce":"9518635eba129d5ce09145ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"55f84b030b7f7197f7d7d552365b6b932df5ec1abacd30241cb4bc4ccea27bd2b518766adfa0fb1b71170e9392","nonce":"9518635eba129d5ce09145aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"c5bf246d4a790a12dcc9eed5eae525081e6fb541d5849e9ce8abd92a3bc1551776bea16b4a518f23e237c14b59","nonce":"9518635eba129d5ce0914455","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"dff17af354c8b41673567db6259fd6029967b4e1aad13023c2ae5df8f4f43bf6"},{"exporter_context":"00","L":32,"exported_value":"6a847261d8207fe596befb52928463881ab493da345b10e1dcc645e3b94e2d95"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"8aff52b45a1be3a734bc7a41e20b4e055ad4c4d22104b0c20285a7c4302401cd"}]},{"mode":2,"kem_id":32,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"f1d4a30a4cef8d6d4e3b016e6fd3799ea057db4f345472ed302a67ce1c20cdec","ikmS":"94b020ce91d73fca4649006c7e7329a67b40c55e9e93cc907d282bbbff386f58","ikmE":"6e6d8f200ea2fb20c30b003a8b4f433d2f4ed4c2658d5bc8ce2fef718059c9f7","skRm":"fdea67cf831f1ca98d8e27b1f6abeb5b7745e9d35348b80fa407ff6958f9137e","skSm":"dc4a146313cce60a278a5323d321f051c5707e9c45ba21a3479fecdf76fc69dd","skEm":"ff4442ef24fbc3c1ff86375b0be1e77e88a0de1e79b30896d73411c5ff4c3518","pkRm":"1632d5c2f71c2b38d0a8fcc359355200caa8b1ffdf28618080466c909cb69b2e","pkSm":"8b0c70873dc5aecb7f9ee4e62406a397b350e57012be45cf53b7105ae731790b","pkEm":"23fb952571a14a25e3d678140cd0e5eb47a0961bb18afcf85896e5453c312e76","enc":"23fb952571a14a25e3d678140cd0e5eb47a0961bb18afcf85896e5453c312e76","shared_secret":"2d6db4cf719dc7293fcbf3fa64690708e44e2bebc81f84608677958c0d4448a7","key_schedule_context":"02725611c9d98c07c03f60095cd32d400d8347d45ed67097bbad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637abb05449","secret":"56c62333d9d9f7767f5b083fdfce0aa7e57e301b74029bb0cffa7331385f1dda","key":"b062cb2c4dd4bca0ad7c7a12bbc341e6","base_nonce":"a1bc314c1942ade7051ffed0","exporter_secret":"ee1a093e6e1c393c162ea98fdf20560c75909653550540a2700511b65c88c6f1","encryptions":[{"aad":"436f756e742d30","ct":"5fd92cc9d46dbf8943e72a07e42f363ed5f721212cd90bcfd072bfd9f44e06b80fd17824947496e21b680c141b","nonce":"a1bc314c1942ade7051ffed0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"d3736bb256c19bfa93d79e8f80b7971262cb7c887e35c26370cfed62254369a1b52e3d505b79dd699f002bc8ed","nonce":"a1bc314c1942ade7051ffed1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"122175cfd5678e04894e4ff8789e85dd381df48dcaf970d52057df2c9acc3b121313a2bfeaa986050f82d93645","nonce":"a1bc314c1942ade7051ffed2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"81448cec70230638b6c6b8fab63b430f3ee3d506a96229bd825fe8139f3231c6e1db349beb18bdcd8bcf796ff9","nonce":"a1bc314c1942ade7051ffed3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"dae12318660cf963c7bcbef0f39d64de3bf178cf9e585e756654043cc5059873bc8af190b72afc43d1e0135ada","nonce":"a1bc314c1942ade7051ffed4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"f998abcc1c84c6e421d6b7049fddf1839e7c5464645b7c5376edbfcd4d74352648645b08f6803a56ea624158e3","nonce":"a1bc314c1942ade7051ffed5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"e0b80588421e345c607b6dcf7485dfa28ecba51c083a5e4c748deabf49cd8ce8ad64ab16a818d97c94f5cbcba4","nonce":"a1bc314c1942ade7051ffed6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"ad7d5a8737c52c89521932e36470236e171c6e0e020983b4e8f7bd443a743f616220c23ad15b6eba04a0490f7a","nonce":"a1bc314c1942ade7051ffed7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"12990eadd503e2684efd367ef6eb7c10bd901a8db1d7cbd76f1eab25b1770fda29756f2432334b7cb59ddc5ad7","nonce":"a1bc314c1942ade7051ffed8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"6df5a172c5ed16fc3d4c7e55e3bc931a359282ba7142f3fa7da6d7feea0ae0c8071a081876df3d38cfaea8089b","nonce":"a1bc314c1942ade7051ffed9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"ac214db460440110a9874b512e41384d7960711016d470a9e8059e6f4d46338742a4e0c8190e51b0c8a7d3322b","nonce":"a1bc314c1942ade7051ffeda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"8ecc6adb36ae93e951da72468b99141e38103e5d5e872577d1d5e4a7fb9d12729a678c4905471fd2b767b2cdac","nonce":"a1bc314c1942ade7051ffedb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"d5ae8d2f471d28ae1ec85a0ea544ccf9d828bdf76946556d705d0900f4f52edabe8b1b86f760d5b27ede114bb4","nonce":"a1bc314c1942ade7051ffedc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"d2d736316eb91cb3a019402f1ea2f95601e16a5f7cf2aa0493b9a0a9822e8a0c5ff701e2dc4dd98c7a4361eae1","nonce":"a1bc314c1942ade7051ffedd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"c98347b851ad8570f2a6e25a7d8ffbaa0514fad0a67a567cafb7f2f16bd185a2d366fbaeb993aade524c288c11","nonce":"a1bc314c1942ade7051ffede","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"a6ec1b6537df7d82ddd411da2fd2d6c80a6e1a81a94c14a04f928cc43f6595dbfb9820e201034b69d4361fa294","nonce":"a1bc314c1942ade7051ffedf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"64136b023c77e329b6c0585cbef0ef139b7da50fb37ef0d465687be24da10465e1a4dcb9f9d10ff8d4b8b2adf6","nonce":"a1bc314c1942ade7051ffec0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"4781db96aaca00e95d6a33a87b5aa4d4febc7a11cf984365651e793b96bb2fca0a5c5addeb0a4eda8558eb4639","nonce":"a1bc314c1942ade7051ffec1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"efbcd0926dddc95b33bca922dbadf82df2d928f211cd1a95059bca159cbb2ad1ae4b44983c15079c3f3e5548a6","nonce":"a1bc314c1942ade7051ffec2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"b00418a10ed979ddc5f733c8d6e1feac93398f99a03ba258ec3ce46b801028ca218de871dbf35a9f90230a2d28","nonce":"a1bc314c1942ade7051ffec3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"9a69b169ef765433fe6ec1414ee5c7aa84974d2dd47c7ca95eca39cc3016730656fbc2632dd8b0fac86bdb36e8","nonce":"a1bc314c1942ade7051ffec4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"781645d997518600d2d331939f4306c2f4ab72b4b8b6aac3d0bae922518821f5f3eef7356ede837d706c9e0ad8","nonce":"a1bc314c1942ade7051ffec5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"c7ab847bda8e799ce31cb751d8d8b40a44a69a797c61de5b4b26b5083ffd6ead2dc6c9c85e044ae953d59e9226","nonce":"a1bc314c1942ade7051ffec6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"e598a17f69b9f2516abea3602756f864cceb7e75c292e152c0fcafbe006321d6d7229d8eb7d7a5bc233daeb93e","nonce":"a1bc314c1942ade7051ffec7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"6c93a379fe85e3cb345d3f3c78983003900283ac7cb685796b739b77eb15da62834c87169fca6da3f33f12782e","nonce":"a1bc314c1942ade7051ffec8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"62be42591a5e2cdcf43ee38d4a01e36a46dd349ae5e25f0cf0f9d1d303a49788b2d782abce7a9015983eaac1de","nonce":"a1bc314c1942ade7051ffec9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"88ffba9f0cb873174ce8467e4f0101e1b4408ac8dc6cdd9f924551ba9eee57c96901ca19c592cc0e7aee3652d4","nonce":"a1bc314c1942ade7051ffeca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"ab98458f4280faa8a00d5bf65846ea270ce47b05e887fdb48b2ecc17e62d1399ba45eb23a370dbde5067b7ac27","nonce":"a1bc314c1942ade7051ffecb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"4181af4e773e309ce7a4ac04ad08828378b4644e8a33b8be02776659d1c13c25d1cf3d95de95d15e4f251098eb","nonce":"a1bc314c1942ade7051ffecc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"566c4c023069ac3a2e9ad94e29819d0846fcb023614f04fcc107b825a6004dd48082173da952b9466b898e9514","nonce":"a1bc314c1942ade7051ffecd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"14e76dca587889d13c87b6f9198e40bf708b59eeb7524a3330acde681414f0b563bb73681077ab2c3e49a34b2c","nonce":"a1bc314c1942ade7051ffece","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"02be122d5b3fa62dd45baacc13c060c726da0ed95e6cb64b75d91abd08c237a0e0f48b7442737c403a470ef86e","nonce":"a1bc314c1942ade7051ffecf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"608ceaf60a18be198b8b3ef4772a550f5803412108a8fbb97dfe7ddbb34900774f4c22056c48f9abec995be7ef","nonce":"a1bc314c1942ade7051ffef0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"c229036df4aff67458d0779e2d9a4a50ff775ff64dc73acde6abb01098c2b25b7e7075707d3ffaaa696fa2db2a","nonce":"a1bc314c1942ade7051ffef1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"b5d56ebb67daa05ca9b6c8d65742a8ef164b2ad5a108d61a77af584897ee41d349903af4e1c9a2a0f16d16ac52","nonce":"a1bc314c1942ade7051ffef2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"a9406787523a3fc63adf9a04a1df6fffe90a8f8251a623bc144aa3ee0efa0d5aee37d95f0cb769d49293e154c1","nonce":"a1bc314c1942ade7051ffef3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"9ed258258a8f8bf329162d322a3edb75ed1799e0543f39fe168bb1aae05ccc1a5532a3c4df7aae26fcd39513dd","nonce":"a1bc314c1942ade7051ffef4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"958ff65e212d9dcfe399ee93a921bd0235fca5a8e4836bf854ecc5e2fdbb664fa7d9ebd5d3bd52018290b793c6","nonce":"a1bc314c1942ade7051ffef5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"329831514fd6313f44895b2acc15657966fd6b800e63f7a53fe5198d34e30df848de3068b1921661ddf05681c2","nonce":"a1bc314c1942ade7051ffef6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"dc37ec0e2c08be44d9ec709138e811b116a2bdff4f89c8a0639783165ca3da21967e4d2c08927e5beb446662c6","nonce":"a1bc314c1942ade7051ffef7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"7b8c1fd6061641cef0913dcb80dec12274352bd94eaf46b631b1968daf5b3db6aa21336c9878a194957b466058","nonce":"a1bc314c1942ade7051ffef8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"09227ba8d90dafd0948dcb79cc661011b022ae576102c7ba67cfbc4b04fecd6cc7edd86718a23a11bf97100631","nonce":"a1bc314c1942ade7051ffef9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"86ca60e820b54fb1d39b4c23d3f390e9cdbbd4220e24267cea51bfd90021b2f16762a7bf44a66e79040c63933b","nonce":"a1bc314c1942ade7051ffefa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"e9108564d752c2c56faecfdf36ac2c849c8d1e923ad6bf331a60bc5bbb45aff7ea7c334193bbd7f4143b61c185","nonce":"a1bc314c1942ade7051ffefb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"87ffaa9446a4a80fad33fdab7e397b9376f8ca33e20e48a500446b60204f2937bae2836798735a3dac0ff5a880","nonce":"a1bc314c1942ade7051ffefc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"0da994a818399e05a41f120b7b84c1470bb33828908876b9bee7754a52b6487b092da01ca67cb021eeed43c223","nonce":"a1bc314c1942ade7051ffefd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"0217ccaf0e54da8efbbad4948d54e90ca3c3b60ad39e54ac9f716ef0dd33cacdb897f6973ec66024862829b0e2","nonce":"a1bc314c1942ade7051ffefe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"b700163bb5c7b11c8e8808199cd8a6cc82db500abaf3a2facfaf678431ec5bf7783d9395e450bb7d107463618e","nonce":"a1bc314c1942ade7051ffeff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"8fccbfb3882371b7a04af739edb48c87f1f1d34621563ce766815ff4a049da9045943860e5cf2cd1cc02bfb8b4","nonce":"a1bc314c1942ade7051ffee0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"13813c57857656d5dea3730a4e6430b300a1dc2942a5b1400cb45776533a407143224af56785e9149bf072721a","nonce":"a1bc314c1942ade7051ffee1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"975c0845a0955774ba4ae6386218491084b22a721d4bfb977ab50611fb5fe579fbd041beb05c04566feb1a7a69","nonce":"a1bc314c1942ade7051ffee2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"a5b8ac851160bdea05e5d85f5c4ff730c967edb4665134633dd2ca26a802760a8ff0f64096814698ed5eb0e546","nonce":"a1bc314c1942ade7051ffee3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"1da6e12454409f9ae5560fdc8274069345307c9b719d54d42c8053b18fad3b369aeaa6a27126aa846776b06c15","nonce":"a1bc314c1942ade7051ffee4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"50de3f90d54c98ca5e52d854d107b7f52c22576f1a9e77973baa6e9e9e4a69430e504094a1818294645f475cbe","nonce":"a1bc314c1942ade7051ffee5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"e8460cf57d8bb3ab36a6b577f1c24d4a7d55c71e0b47422b950ff046ae25ed41a66d89d70bb4b40edae7666cd7","nonce":"a1bc314c1942ade7051ffee6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"df0a371a1a83bcbc24105317a97e134f4ca95c2aa875ac86b99b36347159c25d84d84882e48bbc7942fc25047f","nonce":"a1bc314c1942ade7051ffee7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"5eeceae1e61e5ee09bab6d6c793226a642bf5dfc281ab2f8a6da7bbdaf44578b3fcbd3386685ed8e28b7af9aa7","nonce":"a1bc314c1942ade7051ffee8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"fa6dcdca295a350c7614f14b491ac3b25ee40241ae6ee36a2b416e1a46a6b3806ada8b7a525921e6b98b085498","nonce":"a1bc314c1942ade7051ffee9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"439423232f496bb252d246e44c7bfcb1f8a62c8fd3a97ca98107dad5632d17fd423e6b36265a67764f08db8fe6","nonce":"a1bc314c1942ade7051ffeea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"fc9eb541b325893b4a4818619b00b5988356bf07af8fe4c34c6dd0eca427a829fef7a3dbcf0172e868b0353d16","nonce":"a1bc314c1942ade7051ffeeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"23e5725b20a8b5db67fb9b64861718c1f148c1927533e2b499891f33c66b46700fb0c6e99f37b98aa278c1044a","nonce":"a1bc314c1942ade7051ffeec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"db051cd509ded5ba54169f883df5ec36dcf155242c24cb999aace1c2d05805814af27b5ac85bf5201282c5437f","nonce":"a1bc314c1942ade7051ffeed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"63436a676cb38ed9f79cef1a7a255e6ea5aeddcb23187a43628990dc4810049c3ceb87b0b603d9f0671ca17023","nonce":"a1bc314c1942ade7051ffeee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"3cc01a55b16ba7baeff8b99bad41156c284f12876e288ef0706f0bafccb6e1a02c9dba61e766a7992073f2267a","nonce":"a1bc314c1942ade7051ffeef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"ece18db78b48e32e9880fd5bcdc69ba51b7d4d1f9fd3aab4542c87260d15f86bacafee4f59aa743a38c0b15355","nonce":"a1bc314c1942ade7051ffe90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"a0523c4744573ac4900f9945c36bb8d85c36e890b302a53f310805f59295e66dc5276a9b4a3a2c320b957a1384","nonce":"a1bc314c1942ade7051ffe91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"4fdf4ade68a050e46002772274f44d948aa705798279fa4404e42b2e4edcac0b09f0099514e3a93bd7a0f8b68d","nonce":"a1bc314c1942ade7051ffe92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"63acdebd758d7776c0de540d44de08fac33a9eeff15b6c06e9ee74d52416e7c791e407486c82c88f46b4d50b62","nonce":"a1bc314c1942ade7051ffe93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"f86f589944e090e7bcad7eca46ff36e976a464145d3991d4ddf3381fd8683177d5ee87b1c8178c86dc183bae81","nonce":"a1bc314c1942ade7051ffe94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"05f5471471b5b660deb10c97bddd25dd194f7f43f256725f055110b25bbccf4033cc99da41dab17b650b6a88d0","nonce":"a1bc314c1942ade7051ffe95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"5fff11dd9778ac87d60b20639d261508326ddbb935a6f9fa71c58d20678bb71356ad42f0110f62a798b0941e02","nonce":"a1bc314c1942ade7051ffe96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"80b2e9bba9e59d89c86251450b7bd08a53aa618a0b555e74224642d43924f5b46d4e40efc5291178bd162cc38a","nonce":"a1bc314c1942ade7051ffe97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"c31baa7d0246c32738420a7c848f998be00e155022636b90a4e2f5957fe7d41ca78005d5562e1a2ed06e3f80ea","nonce":"a1bc314c1942ade7051ffe98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"a0bd8668746dd5718d0890b32df5a7edff64a31917f2174e124c64f2a9e454f9cbba573cd6a338f85c6570c437","nonce":"a1bc314c1942ade7051ffe99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"bf893670d1f7b8fc9980b0dcdfc7245bc8b27fb894f9607f0e2fb4cf09b50951ddab19165579b00421696ac21f","nonce":"a1bc314c1942ade7051ffe9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"aedf69ddaf28dae07110560ebb7d1ff2f20949ca874009b7c99c6c316f1592e72e48c877a859dbc506cf99e76b","nonce":"a1bc314c1942ade7051ffe9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"41e85cbcc31f046537ca10d1e0a66e3b6056a1f46a27cc96645d885aa6eeff6bb0a4ea4edab73fb544dfe58581","nonce":"a1bc314c1942ade7051ffe9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"f9e5f909b0a75b5d92b586597d4de6e740b5a83fa2d78ed1f32bc11e147c85496a16fcc85b66fce6ba94e6c67c","nonce":"a1bc314c1942ade7051ffe9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"9baf794b4d654aeea56be02d01bcb21d2b186809e138724cb6114d49a7a6fc3803cd4d864de78665d12c5a6425","nonce":"a1bc314c1942ade7051ffe9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"2f224c7f088822260ad71775444c01c71bc871a7f56803b95c13c9f159a523ae53c000d5c21f12fc76763d2074","nonce":"a1bc314c1942ade7051ffe9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"b8047bf627a69f930658561d2d005a7e2f12e90292dc16a9c629645409a4de2e86679db9faf011901a69269e1f","nonce":"a1bc314c1942ade7051ffe80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"64e7d452410b8d53713677ad165fe962cc08952f10f9d278f16f73806b64b14f8780834a1338a19924c4fec4a3","nonce":"a1bc314c1942ade7051ffe81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"a47b2785274a366fcfb0444ab8efd960194d6ca56d43c982c6b0b50fde16a9ee95a22cf54c985e2429b2c21a61","nonce":"a1bc314c1942ade7051ffe82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"200afde88045125efb6515a23c8caf595f05a35509095a967378bd84e5383a306f72f6d5cef6af15c4563b554f","nonce":"a1bc314c1942ade7051ffe83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"4b4843954a9e2ba61595c5d2b71b4feff5c84232e53d6593a702dca7cd0a5ccb5d0d3725d7f9795ba1e7689b49","nonce":"a1bc314c1942ade7051ffe84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"dfb69ecc70667ad3d2adf8d263d012cb44235778a61ccd579863c6bb8b2d2582cf1a391de20f155b2fbb84ef2d","nonce":"a1bc314c1942ade7051ffe85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"da056aeeac653289bbbab6a1aca568ae68103d1cb1295f7fd5491b2e285d26e0ce4502786495cdd6dea5119050","nonce":"a1bc314c1942ade7051ffe86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"51a2ddf0c656fb01e203dd54bd80f2626727c33a37aad2414e3fe5e07a9d9c53f7f035924c89ae068bf8005aec","nonce":"a1bc314c1942ade7051ffe87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"95a1a85f709d79b0a58e7116b6323ddad572c165ffaadac7ffa9598a262e30522603d4fe1761e42408c595d0f2","nonce":"a1bc314c1942ade7051ffe88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"c4c2c129dbbfe2b327352ef4a137159de3a85802c4930b744134a62e35868f3722053fbaa9a5f1cb16d49592ac","nonce":"a1bc314c1942ade7051ffe89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"e5992c2caf9e0596fcd502a4b554300fb454a26ba2a99e5fca0e8c0f2a1d640726e322e41986b600b94f82e8ea","nonce":"a1bc314c1942ade7051ffe8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"27887d96745fa8c476b816c1e8de4fc7389079baed2c0c291af27f9b802d49d768ab7ee7d8b8ad6a4b4efdf081","nonce":"a1bc314c1942ade7051ffe8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"49f4ab17cc03b6e18d393b56a3860e9d88f7177fad47678c94e15da52f3aabbba208803c1d3ebe630385a612da","nonce":"a1bc314c1942ade7051ffe8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"0aa5ff588989b5f855c507fbe0b002108bfa9aba5d3459041c6282216baa58b82a54e81ea4cd7ab8a6fc5d239c","nonce":"a1bc314c1942ade7051ffe8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"98b19c082e948172ea6a0c2e7bd1b99adbf828936f6d2b1b356fc4bb7545839bc56d81f7754f32110a768a908d","nonce":"a1bc314c1942ade7051ffe8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"af857d081486a28209db9124f78e6bebb651854092483d7b74e0c26b076e8d848918ecb6c7ebb0a3b86f31b54f","nonce":"a1bc314c1942ade7051ffe8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"7fb0ebececaafa792613ffc21ddd744cce2c117a7fb4f7dd98630d5aa588557502835d75375fce13af191f2c1b","nonce":"a1bc314c1942ade7051ffeb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"f5c519e52b8ff3f45f42eb20df56c11da4c44f65b14518b7d8fd663517cc33121f2606d7d0ebd28965ca7c79f7","nonce":"a1bc314c1942ade7051ffeb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"e215ae3bc8168ae5c1e24cd9ed4ddefee8a663813c98aaa94c97fc7299e27b749e30b63e8a63ba7d66a397c8f5","nonce":"a1bc314c1942ade7051ffeb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"d3fc389d3a47d3b4f57ec7bebe6df29561d5fd0d08fe087db6bcf11c3859cce5e31a43d123d3a765ae425db2e3","nonce":"a1bc314c1942ade7051ffeb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"d559c490d3bf31b205c1c24df652bee186bebcc9bf2798f3e3839a171765d4fd6064cfcab00d0a4fa924bd77db","nonce":"a1bc314c1942ade7051ffeb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"d94b85acd8b65f6c30d0928c4ab64cfd20b68cd32b6e9c66085255d3adfddff964f21f6a6a0de506b3d0e60afa","nonce":"a1bc314c1942ade7051ffeb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"844d58bd48a973956b27134c63c95abc6ed159671601f69b49e07d372a9df1c754c68ea906c4826d40979bf6cb","nonce":"a1bc314c1942ade7051ffeb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"98032e309da113a76dcd4ed0a1a4c1f912701b39a744070bebe648395d67cb4d7e45862a8b1e0bccc068da3658","nonce":"a1bc314c1942ade7051ffeb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"80586eb97612a4216cc17ae8a28e0f53ecc59c09cb51d48b59c546e067db7ca9080656297d797d1861b3f31aa6","nonce":"a1bc314c1942ade7051ffeb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"d881138799714f3c37801f45169a681cab1ca82c05f7ec3bbcf9dc46268129dd6d06696fcd0441bccd0fecd084","nonce":"a1bc314c1942ade7051ffeb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"e22d4de220344386a58c2c9227c390d64c629c896db4983c719117a3b296db4b8167d022416dae6e2577a1c831","nonce":"a1bc314c1942ade7051ffeba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"1dc52775bf6b3039aff1c911e795d0ff4ff8d33e11a22af4ded075c5d9c3d32082fb29e30b219776ace8e9108d","nonce":"a1bc314c1942ade7051ffebb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"319f7752f2922e1998b657deef0d60fdf8be55774ef2e092d0b14cda85b53fba177892cda90eeb8484f209ff67","nonce":"a1bc314c1942ade7051ffebc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"6bffdd2a91a76ef016820755729dd1cc762e3b96dd4e21a1a07522384dd59d027f4fbbade6bea645ceedb7cf3a","nonce":"a1bc314c1942ade7051ffebd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"11e601289456e29cadb4573105efe2d186915d7f1c45b77dbd2fc21d1ad78b9ba57d5a48f0713c46275eb61e9d","nonce":"a1bc314c1942ade7051ffebe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"4fc545841eb688bec47b35667bfca116d95f075e710fb3480441c4e0182f7d70b87fdcc4325c79b36ce6a46c8d","nonce":"a1bc314c1942ade7051ffebf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"f7097d2cdb98ee9eda11bf59d64b43aa10fb8b81b027df316488664f6720cf582b2ed8748aa1b76bf476056d68","nonce":"a1bc314c1942ade7051ffea0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"3af5a80b57cf7fdc0fe58c1d86ba214d79c5ef1412948d8eaa4047613b5b4e6bb65808fe2fcc559aa0fd6c0ce6","nonce":"a1bc314c1942ade7051ffea1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"073638839b556b5f816e00d901a84eaed65a1d0f7fe71bfd1c25d09a44a03cb89cea8c194bb497eb04293ccba2","nonce":"a1bc314c1942ade7051ffea2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"9cbeb946854deb363f3019e125cb4eafcbf05e29355736fd3c46358db24a63a97c727a49f49d89ae0b8e5c19a3","nonce":"a1bc314c1942ade7051ffea3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"02aa1edf942b970989451f81f00521cbde12a481a59ca407a5b0ab61ad25f861535af165f4c09dcdf8cbe6f4f3","nonce":"a1bc314c1942ade7051ffea4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"6f37b8476decd18a872a1662eae5906c0ef03bf6d1c6c33965723de049c54ddb7075c67b1330ebe3ac9ed69cfe","nonce":"a1bc314c1942ade7051ffea5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"e4b262588afcabc486d0dbcd4b84ce500bd171e88487766bb4d63e6572c2c614ea75cbd81818c42f30b26232a1","nonce":"a1bc314c1942ade7051ffea6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"662e4486489c51c83574350ae1f76eeea80ef585d7232a4db6f2ea5fb818d59e5219a754b6b5a4d86012e9389e","nonce":"a1bc314c1942ade7051ffea7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"5562be7291f09cf9b3c9e7622af65846baefa84b38a69353084656c9681bc3c33b7c3ec6d1c3c0111de711b8b0","nonce":"a1bc314c1942ade7051ffea8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"710caf513593d917cebb4a3d12a49f47b4316540f8c8446db7abc82da4710d43323d1f9fac121c36e39544c34c","nonce":"a1bc314c1942ade7051ffea9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"d8c8ef69c4ee6a0f820d6a8e45403fab4549192aaaf48ecb56cb3f2becb39657c89ddd45d1dec4972551c5cb19","nonce":"a1bc314c1942ade7051ffeaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"d77337383dae131898513e758d30af2f0800a418668a6d159670d26d2550e92703565d84babc97014e517d32ea","nonce":"a1bc314c1942ade7051ffeab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"8904b0c8f8dd8186e9434f24b62e28f9109caa6f74ba9a1881e5eaf76fd52904b969bb6dbeae9fadd82a4ee832","nonce":"a1bc314c1942ade7051ffeac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"983be08bed47991c01a1475d5dae7c24b20cf54ba0d7efccfcd5fd03567bccf7d2efb4668fda9b3e0f4641ed60","nonce":"a1bc314c1942ade7051ffead","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"0e639053bc508f725b7049bdbea8e4e14439d0b91208ec0a5ec3a2af4b9bcfdcd82a1cab379280af9401f4c87c","nonce":"a1bc314c1942ade7051ffeae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"59836a335a151ef278be252723abee0953fe521b7187f523b03690526060e27097e0387fcf4d54347a5a037595","nonce":"a1bc314c1942ade7051ffeaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"9d69bdc61e64e2bbb59ab52d51a5d6b126e9e7b2106198fe700381c8dc35064c9f3de37bb360da618be14c20de","nonce":"a1bc314c1942ade7051ffe50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"c55c37cad984284d634ee73db6eb5a76a4d683a86deb2f53be6cadf460f84a1a60b5035f3a0ca45b321bec43a4","nonce":"a1bc314c1942ade7051ffe51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"755a83c6d6a702070665eceb72f71d1e9a5ba1223445a251f8be5e3e218103b61f1926be9e0a86efc1212fba07","nonce":"a1bc314c1942ade7051ffe52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"6b7907669ff3987ee9c3ea832b7b19abe12623b141c6c1c4c6d6a49000026b3d90232da644fbaee197ab67df64","nonce":"a1bc314c1942ade7051ffe53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"1b32957f79a49363d4d667c051f76d8ba143207e4a91e870dd0106cb506336d261329002c92ef9f121094bbadb","nonce":"a1bc314c1942ade7051ffe54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"fb489163a7e7ac0b9c2d731919b0e484eb2d31fc9a5cec166b2dba01d6f18589e8da0c892d3b45dcb2a8ee91fa","nonce":"a1bc314c1942ade7051ffe55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"2e5e5092c57963424f18ac82cd2813f727f8a26a155f71e32f4e09d6887bb8d21695da3215acbcdc13c3514cce","nonce":"a1bc314c1942ade7051ffe56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"86a7d68707aeb690f327bace44b39f091635626446353652dde9bac18e9a2c4c477557052ba3bcf801b976b608","nonce":"a1bc314c1942ade7051ffe57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"c1bb44d1ce3a6796ebc9cf92d252de0e711336b645fb1f63459df7a3bed93d2fd8a76bf80ea3004041ad075a16","nonce":"a1bc314c1942ade7051ffe58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"b49e9cb962459433d55d940628e5f4ca0147cdfdbd63a8dbd6fadcde9f567be0d84f766bc0c309e1af83171155","nonce":"a1bc314c1942ade7051ffe59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"3c7581c6b7cd65668f29f99ea81ec939bf926e80ce6a585fcde3d6515d2a94ef5ce6e625acad1d6d0a10d10f5e","nonce":"a1bc314c1942ade7051ffe5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"1008b16c05c29ba352d69570147f63d7588115d43c2f4272d6d208985d3302538b44786f27e6179d1c8ba87d46","nonce":"a1bc314c1942ade7051ffe5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"6d10b989a058a5a9f08146519fc37dd98a54821a90a3340b93e3013a2ca87fae8a30c0d6dd633116516df9c1ef","nonce":"a1bc314c1942ade7051ffe5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"7ae87645153c2b643430bfb2f34ddb268381ec60e1b895a533cf4e5bf91166258f078f67f5b14922090a3f27fd","nonce":"a1bc314c1942ade7051ffe5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"6e52e215f4abd43ab4b1bea110953e5da9e9a6af452373f1eefe86ae1657f0f63560c394519f2c16294cd55825","nonce":"a1bc314c1942ade7051ffe5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"7346f609ab37a2819baa8dd5151bc0b60405dbe83b84730794f1efe0cf2cb40777a110095f23aee9adbb8e0e36","nonce":"a1bc314c1942ade7051ffe5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"90b135d13e01f5b2bd1a2fe275e771e960b1ddbbb7f8f297495a79cf0bbc221ffb6949561aa8e52934e654e653","nonce":"a1bc314c1942ade7051ffe40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"9949b6ec08af333d9edbec6f24d1492b4c86ddfad845ffedbdb976095a653f050aae63d2a9118c27d9cdf3e47e","nonce":"a1bc314c1942ade7051ffe41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"40edc2b843da05fa20c84b7e1051f623afd235270fcca29552cdff69c2f727277a287dc3d7d4906b5f0bcef44a","nonce":"a1bc314c1942ade7051ffe42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"0365c963b4ea7da34bba7484e803fd7b825f858ec3352610361b41d0c589de508e7b71296c08573018a78e2f59","nonce":"a1bc314c1942ade7051ffe43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"ed3d116c4af961f795d735338bac2b14170dcb5c3e6e2696804e55e3bb65eaebc23ae875268b520e48be029b94","nonce":"a1bc314c1942ade7051ffe44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"89752e534d425a179b43616db8fe503c4ee3fc6dfac8e85ef984565044982abcc7d46212c607ed81041ca9b85c","nonce":"a1bc314c1942ade7051ffe45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"a988260aec1a06011b2c740bfc4cae0482eabfd191810cd2fb95e342104a14d0d95176081d9be161bb597b6f00","nonce":"a1bc314c1942ade7051ffe46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"7363c1bc299398934f4fad4185c93573bc80b367c93f7605ee2ab97a3b18179dc4761177c0e2b0c3d87dbd7bf1","nonce":"a1bc314c1942ade7051ffe47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"83cd7966ea988b9fdb064c1282d30d41dc9c4f37de5ec390ca0a1d55c508bd0d3af1b481f64541830cfb9b0e5d","nonce":"a1bc314c1942ade7051ffe48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"c5a20c2cf5336d791e45a4e97a1df88779a79cc259ebd9ad3b7406c2f42f655ba5a235e4f3e6687b21d21c129e","nonce":"a1bc314c1942ade7051ffe49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"b84401ad73b092c5be750404eb74ad48c5f2193835495fcb2a6ac8f0bf9433d92d8d3c17f0722e3cfaff428c39","nonce":"a1bc314c1942ade7051ffe4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"233c14c55330a706f1269f1a81c7381779c14ef2cafd12054eaf740bc9ce13f7849a0143ae9ad5924c9c31121b","nonce":"a1bc314c1942ade7051ffe4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"4888309bc44a04ba1708d59d30495247c0eb1e55e68d3d814d8eb8d2d9df704babd92e5d2a3b61cf0fa0599570","nonce":"a1bc314c1942ade7051ffe4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"b8be632847c77c4c9bd4d6e448942a698a23a630d7bca02e4eed4e79b146032d60400aa41d5bc1d82799044b3a","nonce":"a1bc314c1942ade7051ffe4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"53497421c5eda1f339ddafb9d21842d5ba7e1e93909308512ca76044b5f18c5eeabeae194c434a3ca9b6573c22","nonce":"a1bc314c1942ade7051ffe4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"2bc98ea9344da4e9beb2b19100397809f75d5c4fe960c7616380111b5831096de6155c9fe8a16ccba73feae3b1","nonce":"a1bc314c1942ade7051ffe4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"61205ce18b656b2861cb38fa0ea5d91de1e27df60fd23c476a641ffbfa7eb0c50ea000962e2d1f1796bf99aa8c","nonce":"a1bc314c1942ade7051ffe70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"a6c01951f5e2a019ee77b4028ba33c2e204d21563795b2c1ea78271280255f98f1b903ab05d3afd089439ae6a2","nonce":"a1bc314c1942ade7051ffe71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"5c1dca44abdbcb6c895800e2d0a0e4112bc1b2a81e1953d80268c99ad235da2888ced02fa53ab60f2ce737fb9c","nonce":"a1bc314c1942ade7051ffe72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"bdc83d3cf8044b9b91ba3c4c4c5470c7bfffb1cf44762b977de0c79635253d71b8a9ba32d82ad5625e23ba3046","nonce":"a1bc314c1942ade7051ffe73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"ea6acf6fe36fc0e728874232c30390a5e2fba7e8ee95e9f2ca719f980bc6203deaa5d704ab3f8ef47ba3cdd789","nonce":"a1bc314c1942ade7051ffe74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"3b7823bb868dfccb41d9460742d3e845187ad100fcb1b4c0fce18c58bfb5e48d39f02a630cf2454dbf50d1ba85","nonce":"a1bc314c1942ade7051ffe75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"6fb22b75d0a26ae07bf894e54fb066976b45a386c4f616b13c48923613ad5b87a13dece0cfa6e35c4837ba73c1","nonce":"a1bc314c1942ade7051ffe76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"0bf18ee332538b314d98a0f850469e2c54827923565102712558bb07af9a6fb0297510dd46d0975ba2869a4170","nonce":"a1bc314c1942ade7051ffe77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"6d823e5a8fd645b8f53dedafd7a592975d8e8f0f124c0229d7c8b6db80b043cb2365f39bd8d63d468c70cba26b","nonce":"a1bc314c1942ade7051ffe78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"14e7e71ed3a662f1fc9d4f9eb9432ac788a125ef1d0d15941d98d0db8026eb3de49758d4001945046bc8d0fa7b","nonce":"a1bc314c1942ade7051ffe79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"1c4ede11879727fd70080e8d33106f1319a5aace4e35831d143c046f2acd1640321b9df29d606ceb29b479f95e","nonce":"a1bc314c1942ade7051ffe7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"778ef01e05e75d9ddbaa5e2732797973d0a0d40e53310f829b2c7fd31f96a50fdcd13229db146795cbfd6254f3","nonce":"a1bc314c1942ade7051ffe7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"25807db1f5a3a6481a240dab4a8173601600e577cad5703db9973ae5a3cecdbaa454a57064ecd7fde4f0ca5aee","nonce":"a1bc314c1942ade7051ffe7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"64cc1acc033bb52a4ece52d51500052e41c4f716a6b93f92351557184ebd3ac2f1c8dca0bde406a36f8e6cb03c","nonce":"a1bc314c1942ade7051ffe7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"1414cb7aa19771b187ab8847f9bfb3d8fbea142ac7e458779751eb357ea12fe5789aabfcd027576fcbf60a0baf","nonce":"a1bc314c1942ade7051ffe7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"aab3afdf79e28db0ad509fa8d64d35cda533a1da3e6a76a14b2ac1952ac2b573adb22e5c7ccd4824783f35e5db","nonce":"a1bc314c1942ade7051ffe7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"381cfc887f4a33bad777c29c9d706ca8349a887f72bece0826e49d87e964a5307e86d24f09c104cdc30f18fa4c","nonce":"a1bc314c1942ade7051ffe60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"0f98fc2a6d41379342df0dfeafd13a679dc166193bb40316383aee3397ae7606798be7414f941fcaf8c7136679","nonce":"a1bc314c1942ade7051ffe61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"f50864b8e23d0d56476113d7195a9878abcc16b1f1538970dfceea4ce3fb738ffb9af5ace7204fff3d62e2ad46","nonce":"a1bc314c1942ade7051ffe62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"123ad7cb5df5d0f172f1767513dc77543851ad63c15b90192a00f80c417079a02ac7838bf13640ad79171e58ab","nonce":"a1bc314c1942ade7051ffe63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"00ff6ee0d24c38b8ba9073824b547375381fe08cd921c4ae3ce9dd6dc51d595a64b2ab61b268e4883f12322e09","nonce":"a1bc314c1942ade7051ffe64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"c06f35ff7ed289407ccce5100e43833c86248e35be2eb60c365c87e2e189326b345c831ff639219bee69aa9148","nonce":"a1bc314c1942ade7051ffe65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"4adc642f976ec1de0e1177f0ea29f0da33f20e99f5f957b1bd219da9a2a90d6f38e8194ea7812b7b7dd6a2ed7f","nonce":"a1bc314c1942ade7051ffe66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"f08f65f247619c09c77f0c36b873d423800cbbb68b6012e39182be10f03fd05cb0df4a9063b8fea215ec613014","nonce":"a1bc314c1942ade7051ffe67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"795a1860ccd2777ec87e7691c8c7b87fa60905c973d5b4cb63fb4c1ac2d64bc2ebf5f3baf43b5388ecce3e3c81","nonce":"a1bc314c1942ade7051ffe68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"4eb24b8ef9de11652206ffd21185b00cb5738d4d3836422f64ba3da86e0b512141434cd91b189b3ad178975817","nonce":"a1bc314c1942ade7051ffe69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"bdc4f22e46b5e4bec8c7013d3e2419fd36b47d8b3d4323c508374c97c2673083a550a5a8e425b3b3f2952449f6","nonce":"a1bc314c1942ade7051ffe6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"0d2faa408d419e3fd7c39175b5052df2c9243843494f27e29721533446ff551ebfead78f2a19b8243a33915c3d","nonce":"a1bc314c1942ade7051ffe6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"08a2211770ded14e210dc9a5a711b011aec7283624be62d67754b7c0e37bf88e947180b7ba035ccccc754e7139","nonce":"a1bc314c1942ade7051ffe6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"706b1f001fa04d7639aa1838e6b94c710231a25f10d30426f098965961f13be8ecc9b9031b120e4af5652b1e27","nonce":"a1bc314c1942ade7051ffe6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"3550a384167bb99f123c4ab49ecd62e2a7c21b151ecd6dd0252465b45d532402aaf767f139708abfa31857037f","nonce":"a1bc314c1942ade7051ffe6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"d07ab8c75beec6f9b3bfa5b580aeba179c93f607828f43bb1acddcd698b12509db5a08f110d1d46fe124953e01","nonce":"a1bc314c1942ade7051ffe6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"fe1c8f5e53563225b7192250e3f07bc47ae46fa77c441a2479fe28241d2b83ac3f8ab24a8b16ea628f8f7dc138","nonce":"a1bc314c1942ade7051ffe10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"ca0001a376ec98bc5195d861f61d699fc08ab8e8933becb9a1d4dbb46092439e5bde711f817258a91ce864a972","nonce":"a1bc314c1942ade7051ffe11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"f5ec0401b4bb76ad6664bc88e104c84ab9e23aa3df077d4019d6e81efb838f95bc6e4cc0950db56dc7e4415969","nonce":"a1bc314c1942ade7051ffe12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"3287b895c5ab198fd61e498118d4c91ba8559c5a5feb2e1e1bdaa14691c8fa3b868a3c6962aa6905f8421bc141","nonce":"a1bc314c1942ade7051ffe13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"887a2c0746336d67fa4edfa866313be32b3950013c0aa3eb2bd666a6d277060f0f5913d8c0cfcc95b2e70c29ee","nonce":"a1bc314c1942ade7051ffe14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"9e246a263d6662f70f8d5a05487cfcc99965489ae233c209262bd0ec65b4994e1d7dfcfddef63a956f3cc91193","nonce":"a1bc314c1942ade7051ffe15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"5fe3f5242df92c284ea2806c0492e5c47837921cbfd8c49d5769ec8a54206ca34156358756681664090a8ec2b3","nonce":"a1bc314c1942ade7051ffe16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"726f0392cbd3f225064c5408c90c7486dc6028deb9fb3e60ebb84ddc0b339ad872dbac9aeae61985a3cd03a5ea","nonce":"a1bc314c1942ade7051ffe17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"82e3074ee6f828726fd8da9cb54ff24181e01a379e01bbc1d00b4ec69937ac24dc7e055aa5e9924531f907fbcc","nonce":"a1bc314c1942ade7051ffe18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"8383e31c4dfc253cb64eedb29bb50e3f03fb7d88216146cfd8bc46a6e24b259831df8aeefa9484a2b1c50b713c","nonce":"a1bc314c1942ade7051ffe19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"d1064f889c0a1c74c9e812980ddeb4db85ccae0b770d0d9797f79edc8924c3af354c92519566b1856e7d4da7e1","nonce":"a1bc314c1942ade7051ffe1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"5cc0e2246dc23cbcdedc6be5ff8563ea527ab0b7976016eb23d029f359816c998d980f4c30668c662260b17869","nonce":"a1bc314c1942ade7051ffe1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"4989fcb35d8c5d52e61f4a1dbd7de520fe36dce0bacde2832689f76b26ddd4ca326576562a939474b6813c0711","nonce":"a1bc314c1942ade7051ffe1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"cb2cf08cf6eaae26dc2824aed8b93627c570956427732c9e18e8f77b9c255d0c01cf546d9f80d7edd594c5978f","nonce":"a1bc314c1942ade7051ffe1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"7559eddc8eac912b20fd672610acd68d92f8e0d608182e3689542d69d8015facdf09ccd6e62ae902d4a7a31005","nonce":"a1bc314c1942ade7051ffe1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"ebe4067990f4439d84f7684139de6fa2f0abdcb9002738821e4e6c2392124f17ab77ddfec293ad790044b06a94","nonce":"a1bc314c1942ade7051ffe1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"b2442c7c263cf07bc84857281860c2b5e3e12865bfce9ed32b0f86af630d718f5b14da335658e256de2243445e","nonce":"a1bc314c1942ade7051ffe00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"2ef92ede552eb2a291d9dd81034f2b47ce79f6b9e88f87cc84b0c460fb66535197f5d3936c1b99b5ba66c0de33","nonce":"a1bc314c1942ade7051ffe01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"183220a6989012152186d775d6f15bbf56cae846e3a6c534a863b4287ab778851315d24621defe982a4c735759","nonce":"a1bc314c1942ade7051ffe02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"ec0704f1a68006acc6142b6294936199228144706a5cf730be95078585686c1501f57a97d2e7a1ce561dadaa5f","nonce":"a1bc314c1942ade7051ffe03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"4f182c1f81ab60e667c48fc78fedf17d3f4be43479956c06871b9935a28db8ef1fb91ca7a05cf06c6c16bdd3b0","nonce":"a1bc314c1942ade7051ffe04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"26da513d75efa918a650d24c738473713383f129ce85ad996513db0284dedfba7b04def48d985e3f77b24f31a7","nonce":"a1bc314c1942ade7051ffe05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"57966eb046bcd25b0f530cc8f844ba2999a0faf954e7106f40ce041d97f99e69d71e0bb20034a5ee46790753ea","nonce":"a1bc314c1942ade7051ffe06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"554122776faeec90d03157835252732eb116d796603cc16c075a89a01b943f80f334bc2b584590de10a082ac2a","nonce":"a1bc314c1942ade7051ffe07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"4a93387559a484b91fbd298b3bb2609270c48feb7a31c1168c2c229bf345aeee4bec0e4b71271413bf9c211c94","nonce":"a1bc314c1942ade7051ffe08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"725a88ae41bcab900b27b92450c3cc081de9fcccffa58afd0f23533189443d04659d8c6eda37f10fdf0a1573f3","nonce":"a1bc314c1942ade7051ffe09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"e37ed1b71ab95aa52fc9ac19f0a0b0449797cbaf5cc73f0da89025d52e11481801dc3de65b34845e193391775d","nonce":"a1bc314c1942ade7051ffe0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"3539ee61e9a5d7b83e44c16e7a814da6fb440a55f6548b4df7b9797309bce67f63959a8a237c59723cdac3ee77","nonce":"a1bc314c1942ade7051ffe0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"a192300578ca40a4d88bc195814c80725b01d479c1c4e7140c61963c5aeb0939e2fc9100dc0893da4a4ec0fa62","nonce":"a1bc314c1942ade7051ffe0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"aa9cc7b2224b57e280a0e56bd4a8dcacd4981d7516a4a7e526e925bd97260b6b3c75427da747e006bc2ddf3ae6","nonce":"a1bc314c1942ade7051ffe0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"eebe5ba2f3a25eb3602188a6fa7d7600f83b31e447e0bd950ab5064e6ce714df761b4599ba7818c2cc80365b20","nonce":"a1bc314c1942ade7051ffe0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"ae81d85a6a29eb394bd83ac3843eb61cd5e8f322d639c3a5b8ce3222c85ef0b058d1c34695fb783eca8aaf3658","nonce":"a1bc314c1942ade7051ffe0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"a3265e946f45a0dfc2d20dafaf4d65cd4595c9c9c9dbd3bf7745bdef26f35d1588906e122de8143b3e316dd43c","nonce":"a1bc314c1942ade7051ffe30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"b68e78ed1ea01475d0775a6e20be845084de3c7d68c58611fb8c9dda3b83ad980fbc4bf99e3ee9980ebef862ff","nonce":"a1bc314c1942ade7051ffe31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"1a065a204fff91b71d0a8d92858b77cd4d9ab9f7293dbfad8ae4173d6752be925bf7f996d40ceca5099f424484","nonce":"a1bc314c1942ade7051ffe32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"ae8ac359da42f98628985f27bc96aa25acc9a9e1354491a8325cbc4a5e17d30f8f77a0275761ec1d7e1c0b1dc0","nonce":"a1bc314c1942ade7051ffe33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"fd831d62c9cce5a711697891110acede3b5885dba0d1c1333c009a6715402e6dd5ce8d629f1056eb2eb990c798","nonce":"a1bc314c1942ade7051ffe34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"2ab45b2a78a28a874bca7625da63ced2e83c11d9640c428a5a16e311053152a04b9d8db7e1bb58ab60da47df0f","nonce":"a1bc314c1942ade7051ffe35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"d9221ea8c84f6dffb37fca1211eef538d24e2a180a5e24dc535291faf32c7ccbe03747a1d790d8e00bb1f1f61c","nonce":"a1bc314c1942ade7051ffe36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"d2cf65a555de09dc505b894dbcef2f72b4ed6fe15e685b41a15182ef1105542c462689bc16ed29c3e3badd0b50","nonce":"a1bc314c1942ade7051ffe37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"6dcc61746a8aa5c549fccec383e9a387039cc4ab617ac1c6b0014de3e02a104217e1c7f404724b8beb3f684803","nonce":"a1bc314c1942ade7051ffe38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"8fedb6438e1d014c4eed849b7497c681bb91fe6491752ee3abb61b6329544aab8896ea1a2b80b6f1291d99cc43","nonce":"a1bc314c1942ade7051ffe39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"1746236a4775e8841dbd4e1a3e95a1b15fee50a9e3b137bc094545989eada59ef1d4a35cbcd90eafa149126de6","nonce":"a1bc314c1942ade7051ffe3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"075f3e87792e9ec9f1c7b7f5af2e80d3e6b3db51a319cedf79d06161abffa9ea35d8b56caf2eaf5a6e06e225cd","nonce":"a1bc314c1942ade7051ffe3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"7c71f10dc7f02913ae8692e93a886119f6b5940a9c4bdc24850502dc163939c5e74364780d414774a0b0b6e757","nonce":"a1bc314c1942ade7051ffe3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"a7660bd0d3420f847c09a034d34e086049c70baf1d183fe58af2e4d8f581eab7fb043ffe2b75b54f24b51ff8c9","nonce":"a1bc314c1942ade7051ffe3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"173ea65a00440de994e2a6751b3d553641c57b4bf2cd9f41b10e4bb16c6b2d6c5ab715dd970114b6486d1f6a6a","nonce":"a1bc314c1942ade7051ffe3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"daf7fa1a6a83741e82f13262e7730447ee1c1f29cc60810b4f0f10001ae0c37858db6a3aace4a03f3e70d4ec5b","nonce":"a1bc314c1942ade7051ffe3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"6a581b9771b748adbaa26d20085da812933d5ecf2ab2d11dee1ad560a2333f9182d31f017f02ed6b47b2fdc50d","nonce":"a1bc314c1942ade7051ffe20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"abd6668670bdeaba122f577eb635e56bab0f9f861b3223e8e17facf19ad716a9457029a09174791322810ff81b","nonce":"a1bc314c1942ade7051ffe21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"7a2f1b4b5cab79ef46c15d764461ccaa4124cb98f019782013904877ee830de5632c551ddb8119cdd2e38de5d7","nonce":"a1bc314c1942ade7051ffe22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"e97b38dc3a965a1b2c7eac9071a4ac388145a9fc3d975c857859d3cc73574c65bf111ec3c8155ebec8a5d5452d","nonce":"a1bc314c1942ade7051ffe23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"6301deb287ffc74bf231704ad1a59aa60cb470953fa6bb7d0c03cf69fbc8c4fb89acd0162dff353756a73d6415","nonce":"a1bc314c1942ade7051ffe24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"1921a34039e2579c8e86fbdc731449bcec690214d157f3f9c528102f19d228ca36e8eee061f733e0eb64bbdf50","nonce":"a1bc314c1942ade7051ffe25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"4943f4dc007e9d1366cb4efbb5e71cb19e70ab4bd917f07770db6bb956c7bc00fef39fb5e7f1f5f0d116552147","nonce":"a1bc314c1942ade7051ffe26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"d45b763713b7aa7d36da691a52a1a6edf128ba72397fd20d2ca59afaf6df53751f04c5879e9a4118298944110a","nonce":"a1bc314c1942ade7051ffe27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"abb4bfa463b825b00ce013d965cb8c232593819411ed494ee6087932d4c088f3c64b0e75585726dde1b28cf37d","nonce":"a1bc314c1942ade7051ffe28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"17ca4cf2e6fe5ac0ffa1409a272e29766acbb73c3454be25eea8e3ceb5d3c00a37d9ff3b7400daa2039cee9d43","nonce":"a1bc314c1942ade7051ffe29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"8d73d3eac79d6462dfd82bc0f7a0a2532e2903a88259b3891a5622be390ccb882384557704ae7866fc623dfbcc","nonce":"a1bc314c1942ade7051ffe2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"24262541ad0b43fb8f007debefe2d0493863fe5ed9c51080c6a08e5cf747a0ff2c203b2c8b22e4647a3de753d9","nonce":"a1bc314c1942ade7051ffe2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"624fc58b855bda904dedecce0391e91b8cb2ff6e45f04f56311512b19de81337a6efa8685a33c36b5642fb7d65","nonce":"a1bc314c1942ade7051ffe2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"769ac35e2820405b0bf9b41d1390a57665230606cfd3e61aa4b3780fda6244b2c3671fac7e67cc2a727d671f3a","nonce":"a1bc314c1942ade7051ffe2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"31aa9fc2c5276ddf3e045df4a3c471146e834a7e827988654843999f0d0c1507c77c57069dabcef90a286df87a","nonce":"a1bc314c1942ade7051ffe2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"55d53d85fe4d9e1e97903101eab0b4865ef20cef28765a47f840ff99625b7d69dee927df1defa66a036fc58ff2","nonce":"a1bc314c1942ade7051ffe2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"42fa248a0e67ccca688f2b1d13ba4ba84755acf764bd797c8f7ba3b9b1dc3330326f8d172fef6003c79ec72319","nonce":"a1bc314c1942ade7051fffd0","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"28c70088017d70c896a8420f04702c5a321d9cbf0279fba899b59e51bac72c85"},{"exporter_context":"00","L":32,"exported_value":"25dfc004b0892be1888c3914977aa9c9bbaf2c7471708a49e1195af48a6f29ce"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"5a0131813abc9a522cad678eb6bafaabc43389934adb8097d23c5ff68059eb64"}]},{"mode":3,"kem_id":32,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"4b16221f3b269a88e207270b5e1de28cb01f847841b344b8314d6a622fe5ee90","ikmS":"62f77dcf5df0dd7eac54eac9f654f426d4161ec850cc65c54f8b65d2e0b4e345","ikmE":"4303619085a20ebcf18edd22782952b8a7161e1dbae6e46e143a52a96127cf84","skRm":"cb29a95649dc5656c2d054c1aa0d3df0493155e9d5da6d7e344ed8b6a64a9423","skSm":"fc1c87d2f3832adb178b431fce2ac77c7ca2fd680f3406c77b5ecdf818b119f4","skEm":"14de82a5897b613616a00c39b87429df35bc2b426bcfd73febcb45e903490768","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"1d11a3cd247ae48e901939659bd4d79b6b959e1f3e7d66663fbc9412dd4e0976","pkSm":"2bfb2eb18fcad1af0e4f99142a1c474ae74e21b9425fc5c589382c69b50cc57e","pkEm":"820818d3c23993492cc5623ab437a48a0a7ca3e9639c140fe1e33811eb844b7c","enc":"820818d3c23993492cc5623ab437a48a0a7ca3e9639c140fe1e33811eb844b7c","shared_secret":"f9d0e870aba28d04709b2680cb8185466c6a6ff1d6e9d1091d5bf5e10ce3a577","key_schedule_context":"03e78d5cf6190d275863411ff5edd0dece5d39fa48e04eec1ed9b71be34729d18ccb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637abb05449","secret":"5f96c55e4108c6691829aaabaa7d539c0b41d7c72aae94ae289752f056b6cec4","key":"1364ead92c47aa7becfa95203037b19a","base_nonce":"99d8b5c54669807e9fc70df1","exporter_secret":"f048d55eacbf60f9c6154bd4021774d1075ebf963c6adc71fa846f183ab2dde6","encryptions":[{"aad":"436f756e742d30","ct":"a84c64df1e11d8fd11450039d4fe64ff0c8a99fca0bd72c2d4c3e0400bc14a40f27e45e141a24001697737533e","nonce":"99d8b5c54669807e9fc70df1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"4d19303b848f424fc3c3beca249b2c6de0a34083b8e909b6aa4c3688505c05ffe0c8f57a0a4c5ab9da127435d9","nonce":"99d8b5c54669807e9fc70df0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"0c085a365fbfa63409943b00a3127abce6e45991bc653f182a80120868fc507e9e4d5e37bcc384fc8f14153b24","nonce":"99d8b5c54669807e9fc70df3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"bfaf6b89b04461b5a9ad6c95aff7f30844805a1b314ec5c197294bba30756322915681a7b76a8e8a8a6e2f9d5b","nonce":"99d8b5c54669807e9fc70df2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"000a3cd3a3523bf7d9796830b1cd987e841a8bae6561ebb6791a3f0e34e89a4fb539faeee3428b8bbc082d2c1a","nonce":"99d8b5c54669807e9fc70df5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"6d7a15975f41c769a0020c76e3a79e4c3720b767653430916e91d37d44495fc3f12d33f1ef67cf775c3339a7b4","nonce":"99d8b5c54669807e9fc70df4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"b18e03a6cbab1ca14eda8957c35a9020a2061e3307660ae7421f1c513d3178477b94eae77044fc4cf66969888c","nonce":"99d8b5c54669807e9fc70df7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"f2c7a3b38937cf566ee6a37278e83378d4e81ee5f6ada06e3dabb0ab8267f9c8bab55445a6ec97c784e1b29a11","nonce":"99d8b5c54669807e9fc70df6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"065e044d8f97592676d12b0c9d0b67264550254f5fbbe7b097cb75d252bd8aa7db8d111bab22d57547cf885fdc","nonce":"99d8b5c54669807e9fc70df9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"740c98317b4b36d40e57380efcd2cd3158048cb453113ab54a5b6d262aa1c9ea22a662cc02f6cd6ae8deabe542","nonce":"99d8b5c54669807e9fc70df8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"48de0be1d7e616bcc977b3d758ba3fefa5d968230f15e15eb20976cfbf71da43c78e36e859f6c79c84bb387b7d","nonce":"99d8b5c54669807e9fc70dfb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"d647c303d471a1bdb1868c3810188866c7a7e0135a568cce65e6422c552d2dd2ec6d73c528412283400e4931c1","nonce":"99d8b5c54669807e9fc70dfa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"5be6063c01a9f0dd43eb176b6000aece9777362f8391725e00f88884881b2ad02f4c45d9389f60fce1aafaa3db","nonce":"99d8b5c54669807e9fc70dfd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"189a2fe832fa1fa3ef4fd3583f85f170203f5cca49186d42d977772422c5878a39ce2205beb9b59a1c91122b7d","nonce":"99d8b5c54669807e9fc70dfc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"e4e4de5f608b2e84b6efc2d8c63f086dabc3621ffb88d63cbd0715c54f8f8c1bb22e15724bd5f5879c5ced60a4","nonce":"99d8b5c54669807e9fc70dff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"fc54e3e8a66617dca4379d7044fb9807eac4d193936810343c9938d14aa64029cf16a912209ef4e92f0ede893a","nonce":"99d8b5c54669807e9fc70dfe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"fd4f3f6b3422870973750bd634a33c22e86506a3c64413b00f2a30fca7fbdbf5fe8fe840bcd94f5707baa05f12","nonce":"99d8b5c54669807e9fc70de1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"63e43928354ca66e2e0e4b23e68c32525253195c69c297bacfedd951e8261b266eaa8b3da17bef24593c25db5c","nonce":"99d8b5c54669807e9fc70de0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"c8add9f7861ac8e83329e7250ef2b2e4f8e8807f314f5ed94e201dbb4c1b6a5f11538f5e73c005b97cd6b0c097","nonce":"99d8b5c54669807e9fc70de3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"a0f1dbde8711d3df8fddb3b0a13a6ad0dee9a1ce63860d28a9b6130fd62d39ca0d70dc7146b7ebf051fc0b03d4","nonce":"99d8b5c54669807e9fc70de2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"7a8b121cfc8420892352a388a81e0ce374603dd0a49988cc8c6e12ca74f69fa1ed88cb91edaf95ba39236623fc","nonce":"99d8b5c54669807e9fc70de5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"728e218d828be9c00f865c40e85007d9b36fc5780d8e94597f288deb8f0239444c2d7b3934c84c3dcb94e6343a","nonce":"99d8b5c54669807e9fc70de4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"08e34bbb8a1541f5cd117d2ef7beea628ae77bdf8cf8f8cf1a5fcff74c1d696c49a667e582c4fb51ea1e467283","nonce":"99d8b5c54669807e9fc70de7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"e5f1e017cc5f144e5f655b0dc5d5109528759bdca78197f91c16f639ff5dd4a39cba1d8a3cd14f7acb3ed87ade","nonce":"99d8b5c54669807e9fc70de6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"32431aead240067d7622b79b8f67cb4f97ab82d421a338f7564f37a7864b1436db3f25bc3fea87b6eb439ba8c8","nonce":"99d8b5c54669807e9fc70de9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"581478fd4f341ae61a1b90868330f6e716bddb817ca9ef0aee288e5071f8c95e612a24e7e32a3f71a985b10484","nonce":"99d8b5c54669807e9fc70de8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"9a1d5404e84719cb5711109dd878084a9beda7ab1a166f47101f43543769e7c5313b02c416c3fbc4a3a975df3c","nonce":"99d8b5c54669807e9fc70deb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"285f665c5033603c238e1e653ff99abc8848b49e700557123d149d3b41d2fd96a4b10d127c522086217558cb5d","nonce":"99d8b5c54669807e9fc70dea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"252b743e094e0876b14ef350b5c8445186e5740f53011ca75c6aeb32b10bd3bb4cad99d37bc335df97578f69bd","nonce":"99d8b5c54669807e9fc70ded","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"f96e1efcf756dc654bfe0838ba25e611e0fcacb37b8dbe819efbe7d7458bb0dd5b64018f8d8b3a373875a655b8","nonce":"99d8b5c54669807e9fc70dec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"2bf467c92f43bf6aac862fc5bee167c41893edc26af2a7dce6d66e6494d4abea22379a0b749709ccc6f8be9e38","nonce":"99d8b5c54669807e9fc70def","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"284afcb84c6a3a7f1be10b471fe6f7117ae5364c4d417ca15649cc4057efdf9efc978578440ebe7eaf3e50a456","nonce":"99d8b5c54669807e9fc70dee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"4ce2f065a013e5a2baf63b0d94111d5e0405405b67661e0a6c746cf91fc931f13f584254d535dc7cebe4afe5d7","nonce":"99d8b5c54669807e9fc70dd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"90210b442efe8bc37ea16a3067f62cf47212e2b936df49add4ac6514bd098d4f278715e6ab57161df3e43acb49","nonce":"99d8b5c54669807e9fc70dd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"3f0262f374fb751ccebcae0749ca799cbeff796b3f064b6aa4799ae01556fdae5f0d403a342d70cfebd5291e56","nonce":"99d8b5c54669807e9fc70dd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"12cdfbb2722feb8c1ff9acb424c7dd28ace46ad89cd815bf4df2cab00f03d1457b7f15b2833acd80c62173dcf1","nonce":"99d8b5c54669807e9fc70dd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"c876eb0ed08e9e2be18ea241fc6519ae9121d0047c23b3cfd68c8f1a0a2fd2e73ee4cfd56154db1b797d106989","nonce":"99d8b5c54669807e9fc70dd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"c086b531fdb2528413f137bb5dafd13627d896b88934ca4d953409c34290ef9f5b786c294474d0de6b4f03622e","nonce":"99d8b5c54669807e9fc70dd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"b074dcbc9a732b88447de065fba255611e35aa7e8ae4784a53c2aa420ef1fa2ec7a1610c5e9d040e77135f8536","nonce":"99d8b5c54669807e9fc70dd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"6bb8c5ae72b5e24ccea9a05d06f5b418ff105ed08e9b1f67d539bbf4004443aea2c1707618304f438744ffef40","nonce":"99d8b5c54669807e9fc70dd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"bc0a76ddc8c9a0701f9be9f8b191de52b6cf54edda039c7f65a789aae9255778245e63b4e40fecf1a83a2827c6","nonce":"99d8b5c54669807e9fc70dd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"887c53672b0a642f27026861d41c85591c2742ad78c74aa6552c5eb153cb9e45b8ad6018c2dbb1a0d55a56c3ca","nonce":"99d8b5c54669807e9fc70dd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"39e8acce06f5f5362ef62e954005ad37e8c81d90e4a7bb96579e08ffe82af329cf2d5b2299c71fa01393f4e94c","nonce":"99d8b5c54669807e9fc70ddb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"c7123b3c5e69239e3f21069d31e44e48f954e96771a7ccd755a6c0d05bc4afe9bd146df6fb02ea3f47a5573bdd","nonce":"99d8b5c54669807e9fc70dda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"820064998ea6de97c022c0ccba225d5c3dd2732486308d4c916097cffb27ff5501c56c97cbaf2a8ad8130ba61c","nonce":"99d8b5c54669807e9fc70ddd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"ee5cac6f7239b923f7506346be6b5064fb35af00d0c2b5ce1aec7b1673084b540f2db4dde165f40c1a0023ce6a","nonce":"99d8b5c54669807e9fc70ddc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"161409481325c4f40bf829d9664a0f44cfc3192e8134200ec1f53c5cb796fc4052441b3e873629ab4f10cd6273","nonce":"99d8b5c54669807e9fc70ddf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"0b0e3bb32a3c2d2317e839a74a095619295fee047b80c1d7a6a9b854a915aae5cff410aacf084d1002d1eff8d6","nonce":"99d8b5c54669807e9fc70dde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"c1beb82baa19a65a36dc124ff438dcc65dd687871ef5c29e3bfa87a51a8bcd64e45751ef72bc20a3be35f064a8","nonce":"99d8b5c54669807e9fc70dc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"956815046b705d17e7544e963ff11c48d202c2005748e3dc7763b148a6c8117f05c0e671e12f953a9218fec9f9","nonce":"99d8b5c54669807e9fc70dc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"1e69f9f659a114ca3033d75bc088a68aa359ae3671e492b86464cc52b61cb6038e095bdb7c5442d9e39baafaa7","nonce":"99d8b5c54669807e9fc70dc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"0fb55cac8cafe71c034ee1c4cf0583694e799945e1aced166c4bb18dafbf7d719fdabf18cb53ce66507d35d58f","nonce":"99d8b5c54669807e9fc70dc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"d68bfba174eece2b77891e9fcf9f395a0312319f20c4a26fff39656306660b711535e317507457b9932e3d01dd","nonce":"99d8b5c54669807e9fc70dc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"51655e007895e95c6cd85764eb59105ac5d3a2a345db8e55c44711a53135dbe737a1122c3c0e9741760d8af010","nonce":"99d8b5c54669807e9fc70dc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"073c256dff9eb8e2ffbb09f6ab540a6387b9b0d2d2e3d1893daa048b784fbf801c4a34dcf0adbed23bedea3cd1","nonce":"99d8b5c54669807e9fc70dc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"efef13d83c35fbd0f9f2782715b1799da9559be12e730309febb22c383ef5f6e9e1342a93e288defba3bb3151d","nonce":"99d8b5c54669807e9fc70dc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"59d891f292b91c2bc9abf9031881960ca37b376cca9cf33280662ae023345739ac3203d97ec217f4c49d9bd80b","nonce":"99d8b5c54669807e9fc70dc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"25269859af71be68b6a45e6e8a4f9056ad40371888a7180e082c5ab1dd5053caff2466e8e87a79046e36860568","nonce":"99d8b5c54669807e9fc70dc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"1aeb996730fdf18aba96fad707de24cc27a61c51ca8560ae5a56da7af08bb14ce3e2ce0fd1e94e4aab110237c5","nonce":"99d8b5c54669807e9fc70dcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"1ea052f8f010afafd06e706bd18cb705b64145cde2069dd64bbf855b367fa12f1362722ca0984894af1c5c7fd9","nonce":"99d8b5c54669807e9fc70dca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"677e19b3474507752aaec37791a9b6eaaf27fac61acceacce4e6fa9c8a88f3ff7eadd2b1d8719cef1de4a3b7fb","nonce":"99d8b5c54669807e9fc70dcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"f828da89b8b62cc9fa414647e9154e1617c501dc54d5b49c53afa3b834bff64f025d5d5c6eb814e2c7b5cc87e3","nonce":"99d8b5c54669807e9fc70dcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"21722e75700917230e657eae1f3bb1ab78894e2396a1b4cd4581aede2ba300e36f02e66e51309b386dbfa99f5f","nonce":"99d8b5c54669807e9fc70dcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"d912d12f9dc10df7429cb0fac416a677dcf8df9d25aa8e0d08b02c9ad31d91b679bb6c15181e137875e7fcb240","nonce":"99d8b5c54669807e9fc70dce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"1c6a79257c24cfaff6c2b73ecd69de275ded6c921617ea93847c29e953f49c4997be0c3a549a3304a42d9caf27","nonce":"99d8b5c54669807e9fc70db1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"3b9c0ff26162c31c05a612c80265ccc24a5138a3e2ca4910f41bf9331a5206529c6eed3c0fbf3e3a45bd55f20d","nonce":"99d8b5c54669807e9fc70db0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"92d1ce50e91d94d86202215032cc29d1185ac7f6d80b2b39f3f8a95b0eabc0e6c4507d5cce4e5ab488e0379ce9","nonce":"99d8b5c54669807e9fc70db3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"b094aadf387c74193b71c4ae36c81a0d8c212eb830b2f6bf42984e8c9c18a951b31a4db03e1f3f8361f5d25b1b","nonce":"99d8b5c54669807e9fc70db2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"9209ff2d1ce08348a3e2fd7cafb546b84ac577ce573278bc976d401440348e163ef37c4562e34a1c8ff96b5e33","nonce":"99d8b5c54669807e9fc70db5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"87b04d69a922c8c3ea10e1b24d84ca8d6e47806705b3f3bd9c99f39f1f1e455b59d18919da24ff3ff5ce4e801e","nonce":"99d8b5c54669807e9fc70db4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"cf93f40d84e5d00dfa0f55c5204f82f016cd8dbdaa7fb622a024b5c49c6bf30b172cd5436c047f89cfbbcfd2db","nonce":"99d8b5c54669807e9fc70db7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"3ae0eb2ff2d60ce36e0be6a9610f79672b10c53dffa703ab5a4fc258d649a59f3a0af383a2fc92ee7323af2d44","nonce":"99d8b5c54669807e9fc70db6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"8fcace2abea0cd2869babe48eccb60850f2264a44f5a91f4831abd3719b04be70833e400488df0b6788ba7a71a","nonce":"99d8b5c54669807e9fc70db9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"9ce2f4d25f7de383e8a7597749f9581259449ed1bc233ef6addfe8ef999283a478025f808086f11f203cda653b","nonce":"99d8b5c54669807e9fc70db8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"610ad780da4f7774c824fe615214120aacddbb004e9432d9b7a45a6243d58e558707b548166e6243406515984e","nonce":"99d8b5c54669807e9fc70dbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"4d84b74053e3ee5dd99ce2ade3357d21ae7e8f7815cda0e42ccde3afc847311558542a8b195f62e6fe701d5aeb","nonce":"99d8b5c54669807e9fc70dba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"79d8be43e9be8ef64841f70da8676d87978ff736d5418121ddf8e0b37bb8b6c5a557afe2c5a77ef283098c9de0","nonce":"99d8b5c54669807e9fc70dbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"2557f5e905dd7e10a0de535790fecadb74078a7ded44706fea9d43a9a47b1f5d375f7e11436e3b49bf35d56e8f","nonce":"99d8b5c54669807e9fc70dbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"f3d3450be4c0b3ae94b39839dee4546fe12d2bcef2c29d615924721344a98dfb7e507cecdb1e9d1cc8504090b5","nonce":"99d8b5c54669807e9fc70dbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"58c28e46645c0f9be14ace8ca99fdf4e783bd967d6aafbac1a004f766a30d2a2fa4f532fe2c462e8060169d4db","nonce":"99d8b5c54669807e9fc70dbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"4e2c39e194a9a62db51d3028dea086c61a386b6dd1fbd6d64b71e8519c19d1b260e0830e191ae5681a5f54b4c9","nonce":"99d8b5c54669807e9fc70da1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"59df14ec1a9668520af885d97b131b0e19339a52ed76235f2d6bc9cc1f57a4adfd2796f3ab17d0fea113321939","nonce":"99d8b5c54669807e9fc70da0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"b1baa8f722d90cc563c1d1a42f816eed908eae46b6295ca81754dd951cea0841f38f61403379ecb2a34c17ab5c","nonce":"99d8b5c54669807e9fc70da3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"1ca2666904337a167d4735a82d6d8b2019a6a80082619e296438188188bf538f80b3a37074725fe92c790a1be7","nonce":"99d8b5c54669807e9fc70da2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"a7429505b113e2bb2a4c8745af2cea6aae826b5a26fec4c1beb06ae875b7846a31b42589e2d44229cffe992253","nonce":"99d8b5c54669807e9fc70da5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"cd473ccf1c0dd117c0cc6a19913a0bfeade3c5d530c6be669adefa440c5e8a43e43c692349acc77a5152831764","nonce":"99d8b5c54669807e9fc70da4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"8651bc8342aea06a457e423974fda2ae0ab8f5efeaa9d19931b042988e6c2470941e01c19a054e1f13a3eeaaec","nonce":"99d8b5c54669807e9fc70da7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"1d9a74b70499bd6cfc72ac233f4f95d36bd16fa271cc96748321cde3c3c981f1efd7b5b8d9d170411febcc6e98","nonce":"99d8b5c54669807e9fc70da6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"522e6c24d3396b1b936f2e9ef080e6432d1dca5af19bee75942eb39e385216fb1a3b72d16f8f6aec991a42b9fc","nonce":"99d8b5c54669807e9fc70da9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"f78e736ea6dbfa6ca912fd0ea85d4864264b3c5774f06a3869de661e81781afbb354dfe8b12f3038e268e937f6","nonce":"99d8b5c54669807e9fc70da8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"3d7ce58de680d230f201da1eb60f8cb7fd75eff4c948a1e309e09cb2953ff774fa1d99934a58dc11e3eb007579","nonce":"99d8b5c54669807e9fc70dab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"38aa06b3f19aa86b180c571c9bd58c01ad959443a7e338ee846e6808b702f1de4e0ecff85f4e4fa2fe9aa6f0c2","nonce":"99d8b5c54669807e9fc70daa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"f5b79c3eda73e3cced4cfe9be3842adde788a95417e30d7df26b4dc91c4f2397855fb75e4c9b57095081018c07","nonce":"99d8b5c54669807e9fc70dad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"115702f8e5084f4064b9caed1e1518664dd9611e344a62769c83150a09c345dc36cd5625e6113ca843101fbce8","nonce":"99d8b5c54669807e9fc70dac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"096ae7c7a112fa1843dc845ae11e2bed56cf2033fcf761a658724535b9f8faa32d491058673c7eb28142e42893","nonce":"99d8b5c54669807e9fc70daf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"39d5095f07a5a4e8e62b27e1a9dcfaf1a343b904a45834bec0f4394bacfdb7f8608b51f6da0d9a3714917f6ffd","nonce":"99d8b5c54669807e9fc70dae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"3503a33ad437d38dac914d64af35ee05b4a453f99e1cb6d7c3e51fc3119240d8f06c65d04c888548d787b11b87","nonce":"99d8b5c54669807e9fc70d91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"a62e34b7ec24dd3952db0e45897c096969fcb36c1cf3818eecd4f1144834866a9c90994a1203916658fc677122","nonce":"99d8b5c54669807e9fc70d90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"a0f60e008bf3c9363bd730a27887248a54a31251a37a546d751d98e0b474c53f8a3123b14884a6481dc743fbcf","nonce":"99d8b5c54669807e9fc70d93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"52ce5ede6ed00e3a73011306f6ef7745f4b015bc64774c1c91f4cc282ffa7b2c834c1a7127ac45f1d556d1d5f5","nonce":"99d8b5c54669807e9fc70d92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"0bb7b1a9492dc542cdbec825dba34a46b41431df257eef51c01dd3b37507fa32d1c4adf2ae842cd33ba25854ed","nonce":"99d8b5c54669807e9fc70d95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"b959074fc35d4bd160d60fdcad6097c8d2eefee39aae9dda21bcb156181196b2bbf304a30f74faf4ce1bb4655b","nonce":"99d8b5c54669807e9fc70d94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"d25a052e47bb5f0b9e66d4ebfc3f476ca6605d5e167440252796550a65fa4af791e0867a4180d7c8a8baa6f6bb","nonce":"99d8b5c54669807e9fc70d97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"c8bf74c1d25ff0b20c0636b7b035a516fa286a75f513d12b8e05727f60fc8f4f5e6fb412cd6c3fba32f5ad5686","nonce":"99d8b5c54669807e9fc70d96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"f59ab89d7ca3c80b826d7860ec30be2f9f043578da3f7d9403c38e3d99f9c86673c50a6c9effa5e7d527abff3a","nonce":"99d8b5c54669807e9fc70d99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"a263eec91839e3dc9dcbedb1ddc2a889d0051ce4e3306e90183bfef763ee896be3f6c32de80e72dc9e958c22d2","nonce":"99d8b5c54669807e9fc70d98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"944a56730eb10815b40bcc42f140b6510285914d82900c85091fe8205a3de54d4dbb9b995a60ccdaee916717b3","nonce":"99d8b5c54669807e9fc70d9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"fda4da1bc0da0095924d162bb0314de871e94553697a236bc1ed57ba6c7d91c4ef2aeb16ccc7989e194bf03b30","nonce":"99d8b5c54669807e9fc70d9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"76625be21ddc4e9fbcde30dd838d072cd604ef980fb8245a0b8e6bf94685d2d55cd01ca700c2cb59a09c15667d","nonce":"99d8b5c54669807e9fc70d9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"74d1476e7b902ea34c976ee2f0a83dc7df0f90615d0e92cf8e23e72fed0621439762676a00569ddc3b4b6688a6","nonce":"99d8b5c54669807e9fc70d9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"9ed7a7d0f5f8d13b3a6282d4f12a432f1fa96949c6fe3770537a4bc9dfc70e4ae0c3349862e5e9985fe06fee50","nonce":"99d8b5c54669807e9fc70d9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"a3f4b3e6eee5a29a12b81f362824040c8f4c29879873971f8a73e87babcbe9f434c9f07c124621005acdc28d44","nonce":"99d8b5c54669807e9fc70d9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"b5e648f64dbf96c5d5a47a6a3b884698d75c65dbc984f3279256fa16b9210c92869639e4637c230fc911e166f2","nonce":"99d8b5c54669807e9fc70d81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"ac4c734f5a0ab482c375b8b9b7c0a54cd4a39b26ee367ca0da0842f941fbb9e4f8e688ba75d69092639cb2d2a3","nonce":"99d8b5c54669807e9fc70d80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"0f322f7277dccf021932cb6ce1beb050b5ec60adf4b40c5814b46077f4a27358fc8c40f5614a420d7fb37e9178","nonce":"99d8b5c54669807e9fc70d83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"ab38ff5fe4a5623bbf857e87fea30ec1e163988268c05acc60d0d767b4dff02a76325671a58ca0219130ce68f8","nonce":"99d8b5c54669807e9fc70d82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"85bf7028567b1c76b1d3109bca0eefd2aca55582e3f97bb88e19eabce6f1a7231864a104009596e753f0cd4e23","nonce":"99d8b5c54669807e9fc70d85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"876055311a106684536504b76ce45344973ddb6ccdedd94b2fdb27bb3e91a01d8c3201cf89410cfb555f4b6917","nonce":"99d8b5c54669807e9fc70d84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"06fffef2151979270e2cd972d73aeaf5bae4c8eb972e255a50d04e8f2aca49a4a93c727a01f6494f9b2edcc5f5","nonce":"99d8b5c54669807e9fc70d87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"bc45cf23b1fe4b5a5ace15d9437c154ed9a7e6424e755dc9b4731756d038843f6096020e4a2ff0f861ee15a437","nonce":"99d8b5c54669807e9fc70d86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"3173edd9cb984f1620cebefaa66d610fa4c9c6ce29264287ef2d4c57fc2a765b57cdd65522cd1f0506432d4bd0","nonce":"99d8b5c54669807e9fc70d89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"35132adb1332ebc5f7c6255ae81e355b1697befcc160aa8837325889f0958890edc7dc1af1a07cf9f4aa005fe7","nonce":"99d8b5c54669807e9fc70d88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"8794f17243ad0689bf56f0ff02faee8af42ef8da9298f3e5eb2f5d9fb9f7caf017d9b7093f0b452879ebd49501","nonce":"99d8b5c54669807e9fc70d8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"b16816f47a84bbc6e884a42275d068dbc81d867b48e68af9ebb9336b7ddf99062c5055aa21520dbd2b2efed809","nonce":"99d8b5c54669807e9fc70d8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"8df5375dad3e4d925b13499b3ee2036beb8412d68ea71c3e3916367bd7af8180e0921c674c62478d845975662c","nonce":"99d8b5c54669807e9fc70d8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"303d91b11f5fdd568a852df742f963e1a9146bd22b96d804b3f15c385e9d4f9aaada943b20be2795c30ed3b7f8","nonce":"99d8b5c54669807e9fc70d8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"0f381ec204861318784a65797c7ceb37f4275a9ed3a8ba43d13658c7e2d6a07abfc138c46b20da14b19a4a1891","nonce":"99d8b5c54669807e9fc70d8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"cd5e38029afbd814176452e3c7c45cf38cd028beba5e1a583beb7481977a71849241f41b5e916a29c4a0feb5ca","nonce":"99d8b5c54669807e9fc70d8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"90b550728a905e1d8177524fb92bd1caff8c9f08ed78a565ec50d00e7bd3d331fc5d95717ba7413f0839e819c7","nonce":"99d8b5c54669807e9fc70d71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"33821fd3015ee83a223618c1ca8b49f40a99d574c3e4b0ed10e84599152a14b32c6ca4181294721d8b54c7a67e","nonce":"99d8b5c54669807e9fc70d70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"4fdddc6cdbc9783d6203154e5e756a459ab15e6aefd83c34162c4081b6a1e6c6fe348b116b9ec03e32dc55c939","nonce":"99d8b5c54669807e9fc70d73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"e09f2efb71d5c8828f4d5b1da1d683771d85392eab4d6d0a29e924670b64aabf0a23de97bb9aff622df0a52b59","nonce":"99d8b5c54669807e9fc70d72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"c0557d6ad739c7105553d61229944e0a7fc0565f3d52d1cc5cdfd31ce4e1b84b48f007e105551671024949ad96","nonce":"99d8b5c54669807e9fc70d75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"6bdc0ca03393041b47964c20480756c5abd2502aa53529820a69c884901240ecea0bfed9838e94edd9083d207e","nonce":"99d8b5c54669807e9fc70d74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"e404e2c9e50bcb2ff989835b7e8237f4860f2f8e6efe6332dc1ff3a23ba3cacfb691c2cd284a2020e2506ad5c2","nonce":"99d8b5c54669807e9fc70d77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"477be97dd910bc4437a52d1093a21ac7055c42c8e6a4aaf334c752fd7253dcf67ed9bfdbdebad671b36bbb4d7a","nonce":"99d8b5c54669807e9fc70d76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"9315445383bd85c60b0c5244e631c7e483ede495767cb788bcb8f0dbe185dec14da01e4fda072389282bf23c38","nonce":"99d8b5c54669807e9fc70d79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"88078de619d49dd6fd89d0ceb591e63a72abf3750899435f43df721ad8cc945e5f1f6a0bf4b514782d6a0801ed","nonce":"99d8b5c54669807e9fc70d78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"7f5485b560e5e4ea73e0eb1091059612c7f56ba1f53b307be75acc6a16213d8865b8f40ea5452ff2bc3685b688","nonce":"99d8b5c54669807e9fc70d7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"9b9bb23e2e03f2a58954ea5c154a5a40e974f6a4d6ae95599a729f23b4bd3615bb1a8ecda9b190af6ba677d8cb","nonce":"99d8b5c54669807e9fc70d7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"199e33fc7a8748e3def695dec97d3959a6db38bbdc69610b3606bd7dc1b8ba279d615f67d1eb64a0a0059e5166","nonce":"99d8b5c54669807e9fc70d7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"36aff722f514e4a175c4546eea4bf03a88b5f1fcd02f78e19e324c192fabf2d766dfd96f8d567aaef4cd7b9a74","nonce":"99d8b5c54669807e9fc70d7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"ae0880eb4be1070dbebea7ea727c738e162253c933bc395fc15959864f26298593f40552ce7e6b6c76c6554da1","nonce":"99d8b5c54669807e9fc70d7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"f4eb7eac27f434b0f49ad204be4743aa71cdea2d993570d19e952788a0e5c046368b5b7ef79034a5f49baa5edf","nonce":"99d8b5c54669807e9fc70d7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"96a60373a84b6d484f60f9beb228bfbfe4dff550960796831625265ec1cdc4b99d28a17c26a0386678d06dde40","nonce":"99d8b5c54669807e9fc70d61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"2cd88befca677a5316672eeb3dddb981b543a4bed512721e42d2dc173982806d54b570ba20e61e42579693b2d5","nonce":"99d8b5c54669807e9fc70d60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"1ff53f673743b4746f7c8e67ca4cee2b0d4de24040742cf880b76df91ff89c9e54c479bd93670e8e1bba862698","nonce":"99d8b5c54669807e9fc70d63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"ff91ce4e60f497b0f23607d3b2d2ae504c8f6ee7546c6ae4050dbf533e4c3f78ebdc3eaba952c5ba73a9d8f566","nonce":"99d8b5c54669807e9fc70d62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"88fe69598bf20fdfd42235ad2c1ca5626a6df5ab8fed52b4e3e560d0bef5702ca4f65f67e9d788ac963b141e65","nonce":"99d8b5c54669807e9fc70d65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"f7ec027f3be1a7051bcd08c48fac842f6c9998c1a415e121c0aae775a0934d5ac385a5f56a210c8e5a03126779","nonce":"99d8b5c54669807e9fc70d64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"9875475a93ce628b7b99422694ef2458e2cab8b2cc81d81ef6e6dce24484da64d3f8846d2be69fa30e7e09769f","nonce":"99d8b5c54669807e9fc70d67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"6ead1522f8f3d985d5d2cdc6713b24beef42cdc6462aa164bb98850fa41f90c3605456f9ca2292bf6c3dacaa83","nonce":"99d8b5c54669807e9fc70d66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"73b9d4bd95ac3d5af819ef28911dc8a1e73346394bbcee1a0a2255a7d7c2ddf62eb06a4a326a2efe607adcbc86","nonce":"99d8b5c54669807e9fc70d69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"1537aba5ec40bd4606f7c236113a851ff4939a25d494ac4529080333dcdc29c29ed1292d03c67e5ec8962c0a99","nonce":"99d8b5c54669807e9fc70d68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"da4fbbb547e763585a5c00720a177c6ec6d4e0c858d59d36017f52b0fc2d6bf285a205f8dd53a9feeebb2ee5c5","nonce":"99d8b5c54669807e9fc70d6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"c8376b39ca7f0ede6d6b0d40799167798db9a994dc535d98e570f50a72b64bc1644548c22487ce717c76d700bb","nonce":"99d8b5c54669807e9fc70d6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"0fc64a8e98ec3817f7d8b94afe7e647b88d4477af7626d345fce9668505e824fcf91d54bc666f8349f2b13f37a","nonce":"99d8b5c54669807e9fc70d6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"4bf91cb0d5c4b8d118b5b6693c6cb476965478f7d34563d997d7317283c7c6aae5ffaf45c0eb29021fe8f8540e","nonce":"99d8b5c54669807e9fc70d6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"4c6faa65321861d44f93873d3d4959db92caec5c284f91bb4444d08c7a2122e4e626e896c80d3f999e9d46f4f9","nonce":"99d8b5c54669807e9fc70d6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"91aaf5aab61922b96bab40fe5e031f0ddc67311a5676feba060667eb97194da33f7b2ac336549097d5133f8757","nonce":"99d8b5c54669807e9fc70d6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"3685593fd10fc034b114b3f52385a351ad2b71c40de1ed7df3871e6f2e0f9095f2c42b0e25e259e4e0ddc9e355","nonce":"99d8b5c54669807e9fc70d51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"8a536a0f6cfae591e9baf10ceb8f14eebaa6cc3576c82f3abbc2bfa5d6e21823ffa1876904eb49c01f05cd2d22","nonce":"99d8b5c54669807e9fc70d50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"46bca003d6858df2ba7bf84e62ee06f0d3083270ea068b2b9bc0f7deaa50b9c58c1e4aa09714634cdf20f898ce","nonce":"99d8b5c54669807e9fc70d53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"cc850e6803bc7db3f4fe577e376349620d85478384227fec91c103af930784abd9686bc8e6471ce60a3b77818b","nonce":"99d8b5c54669807e9fc70d52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"ab736a36a4c6d841ef99524f0870f9e5060a66c4a3b30845a75d322669a6eb051cd126c138fd444611e9b8af9d","nonce":"99d8b5c54669807e9fc70d55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"1e65b765886978f4ca5e990e28a702330b1f611fb697edc2cd1267922b4ea24f73a98e8b43dcc9094226685e95","nonce":"99d8b5c54669807e9fc70d54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"ad1bf28a6fe93ad5145ef0514ea3870be67a48de175e0a3af202807d488b46e90c6e81fbee7eb540353773f300","nonce":"99d8b5c54669807e9fc70d57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"3a0d0f74d07cb80104040b6e7168ea3f1c560617f1523e78d074cd07e4e7a1d5d052f06724a3d889af3892e812","nonce":"99d8b5c54669807e9fc70d56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"4dd1d4df747998d93999ebd33aae3c9bdc26bfb666344bfe3076e3a7e9ad672d0bfb47bfd5ae16744767f60e95","nonce":"99d8b5c54669807e9fc70d59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"133ba546e928852f50dc20a08c96fc453d659107c3d91df267df8fc5c0fe3c427197e125fb539707b0b0318df2","nonce":"99d8b5c54669807e9fc70d58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"7e4f8de0f0671d30e6529b4c90c186f5853fbf067682cb4bdbcbd521f41601f89f158bdb724c8198becaf99f62","nonce":"99d8b5c54669807e9fc70d5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"c325ccdeffc8ec586af8b88ab100ec0c78c04cb6d0a027037ba3e05f1d2614aa7ae1c106fb46d92077538f3667","nonce":"99d8b5c54669807e9fc70d5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"9b07fa994b131470d6aff76eda355b465c0b5ff7fc0907dc858b3b0ef677fbb8299f282e82bca342c535d9b187","nonce":"99d8b5c54669807e9fc70d5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"06fb818f06387c97d915f5fe81dd0f9c878481e4b096f32a59fd1a6210f5a9bc20efa7448fcfdd2d4d3343e456","nonce":"99d8b5c54669807e9fc70d5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"aa380c660cdda23ba76949eb3eb1597eabbfb8fed659f4083cfc93a8dc03af49996826b2dec167e2d8535690d9","nonce":"99d8b5c54669807e9fc70d5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"8f14a9a0e5e424b9535e0a7e95849da1a7d6fcef33da64c33a2eff46f099176daded91f7ecf56a60c9cfc16dd4","nonce":"99d8b5c54669807e9fc70d5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"e6a99eee2d0d7b7e622b8494f2503200b9aacbfc91c9ec1be6fac84384b1665192d64546217e51ff72d2e7fcce","nonce":"99d8b5c54669807e9fc70d41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"327aa94336cc1ad510068f0057230cda8f893f7e436b4f224fd8b8dcbf78c8655eb6de0e48876c30bd8b17e082","nonce":"99d8b5c54669807e9fc70d40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"5079a0f9249773ed7eea33fc76608e4b7a39cc8e1337f09652693e124439359a8f7ef326067bcf479607f728f2","nonce":"99d8b5c54669807e9fc70d43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"972e82206ef1a1f00afeb4f45a1eb98b2f6b400a17563dc3acde6e8e2849e43b42c9b7f813c6159828e3991e88","nonce":"99d8b5c54669807e9fc70d42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"4fc428a32b68aab0218879ea63da30ad2d4312d46f8cdd06bf235fbad4c681af90e639b38850bbd7896436209b","nonce":"99d8b5c54669807e9fc70d45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"b0d6db3260dae3bf41d4e13f3f8e9dbd3a1dbe4b9bf51d87e3a715dd6e2c064e9b28f45113a79f1981230201b1","nonce":"99d8b5c54669807e9fc70d44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"f8878bd6fc37923514eca6faa6fdc4ca260da9466969a51f6dd2f0df474cb07841515e49f19fe1c320bfc9615e","nonce":"99d8b5c54669807e9fc70d47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"01163fec57625358cf9ba941f4ac944b49b8169e91a5f970aa7e60327a034953415c521c37b423697f9efad38d","nonce":"99d8b5c54669807e9fc70d46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"3e45d1bf69fe6b6686a93db45014424f5292a108d67706b9c254fa503953b42e61349b96cb0f3b6088cc57bdfa","nonce":"99d8b5c54669807e9fc70d49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"316f26b145a071e6fe8b879d460cb58f91c67aa9ee32dba9c1456b382d403f31cfb4a7233c3fc6303f49bad84c","nonce":"99d8b5c54669807e9fc70d48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"4c521442135e116fb44549ef7fa8d3fd3927eea6b53b7dec2a59548c3965f7671151c6eb8b246c9682f196ff77","nonce":"99d8b5c54669807e9fc70d4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"6039122805521b3b354e870f1470d238cbc8e24b4e835768b59ddbfa8bf0abdf44f6cc066e7eac4b071d3a98e8","nonce":"99d8b5c54669807e9fc70d4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"baa77010f04098efe4f1abf902ce592b771ded1cb521bf84a4594f08b534a017c787dacc47fafecc4dc0079a1b","nonce":"99d8b5c54669807e9fc70d4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"88b8938725f2b67cf305de36cc7bb525402c5cbc79d2997d79a2e2e90a9bca49279edc8c422ca0217b8be6bb87","nonce":"99d8b5c54669807e9fc70d4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"6bbeca0c0717ecd4e4fe1b7b1c20adf5ec1bf9f0cf4c030876135feb5a073edb554946cb6fa75a23f7045f3931","nonce":"99d8b5c54669807e9fc70d4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"392883bf615340b86aa5bac90900a16afc5b9cb9b59ae2c7a0d73f08e84b9eb7aa7f8f03359730b68a71f1021d","nonce":"99d8b5c54669807e9fc70d4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"e1dbe95bc86325e4b690403107a4c230f7ebc52c3440336b606fd57b213ec348f2408fccbd8ad396ae5b2edc31","nonce":"99d8b5c54669807e9fc70d31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"9dc1fe2002910c6f78d7f895e07fcf7c76cc320432dc245f43f3d90778208696c15898ac183d64b0ca6a20da3b","nonce":"99d8b5c54669807e9fc70d30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"518db211ccc909c0b776268d486baf15035f12c5fd5f471378df9d49405fa6dd0b0ed2cd1983bfdfe760fd6165","nonce":"99d8b5c54669807e9fc70d33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"65aee3282e1557b54f0eb90755d0ef0b641926cefd4966eba03eab27e643ee664da2ef700b88a0166d7702b7b0","nonce":"99d8b5c54669807e9fc70d32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"5a76b46709964a5ba9037ced382ec33fd92d77a2f53c19d7d9f71c314221a667854217fdd26c45570fedaf6ffa","nonce":"99d8b5c54669807e9fc70d35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"78d2ba972e229530b3b4c6aa424a419eae08d29404980665c01236fc1bac17f18c3fddf92f9cb8f3f4fd89d492","nonce":"99d8b5c54669807e9fc70d34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"d252db32be4e4e3bbc64ab726a26f7bef5d7190cb6e231f60edc0fb7ea244bf4c4bb77d43b79d4249ba8765807","nonce":"99d8b5c54669807e9fc70d37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"9bd628f82380bb6e25702eb09db6c0c818e1b61701912e3c949f31697da3b67c894272838a9132b4eae6b2f216","nonce":"99d8b5c54669807e9fc70d36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"f45b94eae5ed41becf83dcdf1a019a37c10704600f8a17ae8cc70cfa421812180c682a8169564305d654b2c808","nonce":"99d8b5c54669807e9fc70d39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"4080cc9d49a4f493cde97e35dbc89433793cd5f3be4530b458e3bd6937e35e59f7e8b95ab2a6e99e7a4fd38596","nonce":"99d8b5c54669807e9fc70d38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"ccb984de68673cdc48f0b12962514ae9721e1426682681c9656386d149d48e0cef4e36be6fa5a88c5483eb0174","nonce":"99d8b5c54669807e9fc70d3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"26edfc145e26cad9ab51ec13ba8ca320493f646414caf5a8988bc3b746e6e801b8b5fa88bce5828e695f4ff666","nonce":"99d8b5c54669807e9fc70d3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"273d58b280fb39415be0026df71522c93bef90dec48e57855c52031483ae994bc4e12a12c4d731938435855f7b","nonce":"99d8b5c54669807e9fc70d3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"565e9779d4c9724eaadeda66be119395074fa6510ac1c07fe4e4984ef81626ad60c54dee4e926a36dc41779af7","nonce":"99d8b5c54669807e9fc70d3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"14f6f65af12911ccd0b3386b10e5b73c7ebf5b0180d8c55cb475a0e925038313a4493741c544ecc8adf2da5832","nonce":"99d8b5c54669807e9fc70d3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"bf5371123ebc5e9c191d638b1dc8edc447e70efbd23840a4ccc4e2ad656d932acc3c3cd90280ef2a00439c560c","nonce":"99d8b5c54669807e9fc70d3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"98b76237f275b88b80ec30c2963745faa1805c19e07e6ba2b1ff314d58d641a16e3bb793433be82d1f59e833e4","nonce":"99d8b5c54669807e9fc70d21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"b8a98be536435fc893c46955e36b4f61cdb0be42ddcba200c66fac1abdcb73b9d896ef192c14a4da9769603e28","nonce":"99d8b5c54669807e9fc70d20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"a31380bc677ba6c6bdb32a381af9940c666983c5a8952b42b9b29e9bd78363623e9f46e23bfcd075ca7e865e89","nonce":"99d8b5c54669807e9fc70d23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"c4dc61ad454ff65d885640fc0f8335e805fac9c4194e58a115695d0ac0d52ba3e091de6903e02959c5a7b1cf8f","nonce":"99d8b5c54669807e9fc70d22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"db9eb42bd22d72de3abd35b5c5a335e59b180b748a0d21f5ac6b102439e46eb8a7486820915b5733c167cd225f","nonce":"99d8b5c54669807e9fc70d25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"af131f2dee40c84a57e716177ea43d6526793ceb4ee672bbb9ab3d2487452f5abf2c31f064f30cd01433a5a9c1","nonce":"99d8b5c54669807e9fc70d24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"9d8f0f332f775fb005ff154a2aa48ff37910c165bfbe67026761b4d127e4ec5fc87212d6557c49ba1f38daadce","nonce":"99d8b5c54669807e9fc70d27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"8d5d6122bd80d8b62ac5e714230046241c4b6af897cde03eaab867480ad70a8820fb767421c87a23202bbcb6e5","nonce":"99d8b5c54669807e9fc70d26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"6f63b96d1f535dc2c0b63612fbe73a3aa8399e43733304d68f48d19b310dd3f4709c1a71a55eabbf45d616c884","nonce":"99d8b5c54669807e9fc70d29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"01d6f0d9db527988910418c75fff2e4896a0fbde4e3d733d7db5a4fb6edaefc26b7095807f78b515c99ccdf8a4","nonce":"99d8b5c54669807e9fc70d28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"c5c7d13aca6c38aab8aad9c99050f1b81517787d2d58a033d4fc6b7fd990240a3aa5eb68102d48a304d1387e0d","nonce":"99d8b5c54669807e9fc70d2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"48ca02f3a49db4e9ba692250b2267142cd421d77e656808c555409e307523f9a483eb07182d2a1767a7e4d3445","nonce":"99d8b5c54669807e9fc70d2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"583b07ec117ecf8cda2b26de0a0aeddc8290a780671be896e0bdf1321ae28c418435ad2c9659c986c10538ccec","nonce":"99d8b5c54669807e9fc70d2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"36d1df173fe995afaef9aaa60774a493508c7c4aa12975aa1b838145bbb39b664439ac98ea7bfe8428a56339bc","nonce":"99d8b5c54669807e9fc70d2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"76872811beb5baacadde77cd12d1778c30827c5dbeef91b5e0ab6695cf6707b0d12e0c81723d59238589037678","nonce":"99d8b5c54669807e9fc70d2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"c095af67b60bbcb0b60175097dcad7d67e0353dcdcc2765bccdda41dc280fdeae211e560877c71a714eb45c938","nonce":"99d8b5c54669807e9fc70d2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"f9f863926385c5038f72cf65311293d81c85d7a3344707b4ff796523d04897a00d0209fb9be9190d64bd677f80","nonce":"99d8b5c54669807e9fc70d11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"cc8d110b8199e8765b3bc4290ff1cbda2ea40a91da15a3e97de26b386a353e673f591e119015be880b1efc3325","nonce":"99d8b5c54669807e9fc70d10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"9739861108eac602e2836fe012e14e0f25f7da15b639ffb87b2e931b0f0b1f213f67f45a45109c882f502d307f","nonce":"99d8b5c54669807e9fc70d13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"62db722f006aa7c79f5d40ab2cb80810a0b56446c192121b8667e1030eb2c7ac63399327bf38627c6b66b9ab74","nonce":"99d8b5c54669807e9fc70d12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"46b18c00dec877961504adb5a0746aaf80b0bb541d4a5e322e2c9e861a6c4d040841d9e948ec985b97577f4032","nonce":"99d8b5c54669807e9fc70d15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"cc4da9d4a032023739f516ca687a60177c666ce4a8391754b1cf8d6daa40d6fcb33cf7ba70fa4dbe31d815542a","nonce":"99d8b5c54669807e9fc70d14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"09e9655a99849a906615c9603187bcddc880708cf1bffdb252b000b1c2dc0b2b192c098956503af98d24a4068a","nonce":"99d8b5c54669807e9fc70d17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"3e0e175846afee5b6cd0929733b0a9626e87fdc402b4aff62d325eb68902948bf36fb7fa98fa2d0bde8df74434","nonce":"99d8b5c54669807e9fc70d16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"a225855cfdae0341fffebd72939827246825827779535d356341a27ff2660ede0fd3b3a8e657f6c79dd73f662a","nonce":"99d8b5c54669807e9fc70d19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"f950fa7d497f5b5a29a9823e0c4e4636fa201c66794bcdb6281592df2519e2656f08581f76770eb75f07f37a17","nonce":"99d8b5c54669807e9fc70d18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"b5dbab6af30aec91fb4205ab77ba154e2133b1b718d809daca54be69f1d973b8a142e39c5ed0c715b33802a741","nonce":"99d8b5c54669807e9fc70d1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"64134dee464133906bef57db56518724e590f70b5a669b7b0aba0ef1795a38a1e697901a59036ab20576df95d4","nonce":"99d8b5c54669807e9fc70d1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"b0233758ef2dc0de21d86692a2af0fa284fd76be9e9272d6b94c0ab7cf594f180233880a49f875bac68739c5f7","nonce":"99d8b5c54669807e9fc70d1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"6652c9c4b4bd82e0db1c6b6dab725cf719c6eeec418f2557390084e41687f73ae0f4d4906481ef4250ab2f3c94","nonce":"99d8b5c54669807e9fc70d1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"17f39f8fa319ee66cd0227aa8aece98f3c4bcb794fbe199336c301489412e1815d970461ff746cb7241e37f214","nonce":"99d8b5c54669807e9fc70d1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"c6705de5c072b8b6cde966af995e72ae610acd88eb6915094a56d80bf44b1846c007ff9626ae9b1507fd6e81f7","nonce":"99d8b5c54669807e9fc70d1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"4f3c2fec965f4b83a9ccda9e5f8b91e9e6be2d646a2c3ed4f9b93ba565786d9ae7030d867c1dc445d38b4b8473","nonce":"99d8b5c54669807e9fc70d01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"9fa637ca9f9946e3e55b6e082c8cc6dde35c88a041eb64a361a3faa50617fc3aed06073af00a90c33ee43ef99b","nonce":"99d8b5c54669807e9fc70d00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"e52f0d9a51587385c73c160af1bde8e575c7f2a4fb574c60a9a74a8cd7e2bab49a067e46d0aa8c1a61e693c92a","nonce":"99d8b5c54669807e9fc70d03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"f8a5e0ae8e6b90c71f904033aa6195f805ed18577837e0dd1b16bc679248238942c8943392a65f8c5d2b195444","nonce":"99d8b5c54669807e9fc70d02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"1dbd35ad3b10f776a01b9417381d0c77db414aa41732c5ead4effaa3bc9d77454008237610efe43222eaa93985","nonce":"99d8b5c54669807e9fc70d05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"7f67748db464bf8fea19a981cc3234b53471e1ee288e5c319a0f74c42fad03511c52e76cb1040d6717ff04a63a","nonce":"99d8b5c54669807e9fc70d04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"bb7018f9bdd35dc5cc046030bbdebf73f241d4b9aa8c9f13ed79051295ebeab22797f8eb009a3f408ace3de9c8","nonce":"99d8b5c54669807e9fc70d07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"88eb42ff53ab0c4cb3f35c096a03aac55fe6ef945b887abab98879e02e81150b3ee0a86be8aa575f149ea6029d","nonce":"99d8b5c54669807e9fc70d06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"297b967fc303c033592bcadbf92b7933ff82dc0616986d751c276a7322bfe50faa82bb85177883017ed38a9127","nonce":"99d8b5c54669807e9fc70d09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"49d501abd9ef9fbcf55b59e68fa5d9364cb5331ebcc8698ca2fac9980546bdcaa9e5b2bb45ca78fed1ec295c6e","nonce":"99d8b5c54669807e9fc70d08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"f177e7a55c31773fa0a605dde1c0484773abc630d9250b945e46227046134cde71c4049808309d6d05aeb77bac","nonce":"99d8b5c54669807e9fc70d0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"4b852a889830e1c3bde60e846b650e3c5cba4d531257f1d9cc6ab03438cb47b171f639220685c228739b2a3b28","nonce":"99d8b5c54669807e9fc70d0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"8374fd98a000068dc4b279d2ede979884cde2d952d149d8adbd35f080631d1c8f4fa5e4f0361adefac8ecdd6cd","nonce":"99d8b5c54669807e9fc70d0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"1d521bab0429f812254a5bc13519289d9b99b0aeda86de3ccaf1576b90072f827f563939b3655fb6b594003340","nonce":"99d8b5c54669807e9fc70d0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"eaa500acf9022470e3044f5f1904959238a2658dc79c158f315607c8120fc73c4492c0ff6765202e235d657a30","nonce":"99d8b5c54669807e9fc70d0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"576d39dd2d4cc77d1a14a51d5c5f9d5e77586c3d8d2ab33bdec6379e28ce5c502f0b1cbd09047cf9eb9269bb52","nonce":"99d8b5c54669807e9fc70d0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"13239bab72e25e9fd5bb09695d23c90a24595158b99127505c8a9ff9f127e0d657f71af59d67d4f4971da028f9","nonce":"99d8b5c54669807e9fc70cf1","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"08f7e20644bb9b8af54ad66d2067457c5f9fcb2a23d9f6cb4445c0797b330067"},{"exporter_context":"00","L":32,"exported_value":"52e51ff7d436557ced5265ff8b94ce69cf7583f49cdb374e6aad801fc063b010"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"a30c20370c026bbea4dca51cb63761695132d342bae33a6a11527d3e7679436d"}]},{"mode":0,"kem_id":32,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"dac33b0e9db1b59dbbea58d59a14e7b5896e9bdf98fad6891e99d1686492b9ee","ikmE":"2cd7c601cefb3d42a62b04b7a9041494c06c7843818e0ce28a8f704ae7ab20f9","skRm":"497b4502664cfea5d5af0b39934dac72242a74f8480451e1aee7d6a53320333d","skEm":"179d4b53b6365c45b600c4163b61d95cbc2f4d9e36f1695558dce265ab8bab11","pkRm":"430f4b9859665145a6b1ba274024487bd66f03a2dd577d7753c68d7d7d00c00c","pkEm":"6c93e09869df3402d7bf231bf540fadd35cd56be14f97178f0954db94b7fc256","enc":"6c93e09869df3402d7bf231bf540fadd35cd56be14f97178f0954db94b7fc256","shared_secret":"3101c54c3a4f87439eaac080699ed9bbcc726ffe44e860c0424ccb7e3e2ead7b","key_schedule_context":"004ce5472ecdd5093ba0aecb8f871ff13f1fbc90ee76f0e18ace1a1b7e565bafa306f6ef962c9ee7cea40407b5d60f0f26990472faae3ac44c78366f1cac1ecde1","secret":"2058ac9b02c1f52c1aaf08bedbec9198219751a94ef67b7d5f0c8b6e2b54ebfb","key":"f50b0609186798729ed0564b36ef2ef8044f1f9d05636874d1f46c819c7a669f","base_nonce":"151d9929e2449747889bc923","exporter_secret":"86017151bbff6a1940e8abae2ac9e0e7032e33df1eaaecc02ca6259b130d62df","encryptions":[{"aad":"436f756e742d30","ct":"e5d84cd531cfb583096e7cfa9641bd3079cf3a91cda813c52deb5f512be9931980a41de125a925cdad859d5b7a","nonce":"151d9929e2449747889bc923","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"2c43aff25343fdbff864506f0818b9d87df84ea01b1a2144d23b4d40c26bf655fdf197fe40297a8aebeed5cc2d","nonce":"151d9929e2449747889bc922","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"e0a8f2cf92ff61215edbb8c55dc31fe9e2eb42a5685867bb6854211542099f9e940c4b41c192bc390835b1a5f7","nonce":"151d9929e2449747889bc921","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"a8ea1deafbe4935d0d484a026301a339d4668c43c37f5e289bf758c7aeb3e2812d0321c12b71978855883420c0","nonce":"151d9929e2449747889bc920","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"448a8892f261cbb6bf5b7b64a4fae8a2c86492494b069c10525895d871c27c2f12cd17e0588fedaba9f7b0cd4c","nonce":"151d9929e2449747889bc927","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"97c746402aa3728594f8c4f217d1e4059dae56c5fb401025ff601a61da903f2706355685954b2fdd518b81ef79","nonce":"151d9929e2449747889bc926","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"91fe133508fe3fa6905ce19e6c8aba53994c168664088a2cd4300238236dcc90b5d2510d4315dfa8dc34bca821","nonce":"151d9929e2449747889bc925","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"641346e222a57bd4cf1f0e6a6039c77c1684e6d01c8983b568552d338f080f1bf22d022a5ae863e12191aebc7f","nonce":"151d9929e2449747889bc924","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"fc8446f5867c639c4c3f64079b2bee8987180b88e789a64297b91107886d739ec8f492e252bcdfb008cd6e061a","nonce":"151d9929e2449747889bc92b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"c21ce89d9947297e1de30d9a59c0815ff1508a8930f63a91d29ed89bf2a20029830728045cd54d8a00b06f3520","nonce":"151d9929e2449747889bc92a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"8c26159d7fb4c50cf29b0fd2d005d9a04dd42402f8e4e1dc9e2dd7cd0cf807f5b5a230554127c85510f95d945f","nonce":"151d9929e2449747889bc929","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"75af5386f4a2d4a27dd20a490d1feb261dae8206a3201c02ab48ede53d2a92523a6105ab80bda1dbc1fe8e8deb","nonce":"151d9929e2449747889bc928","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"1c8873e7af703e1e8f8085ee385e694173c9fe2d66cbdec2bdce1b3ace52c13d0ff321b41d8ce95bdce73c38ba","nonce":"151d9929e2449747889bc92f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"10ce2c23ffa22de0f547b33afa2f34552200ae764c65d2acf6a5366e4d2c6dbd6614d964574b97687963b93400","nonce":"151d9929e2449747889bc92e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"fb0e6d7705e829ab6509668862e65136cd0fd2cbe83a158c832ba630a2eceac6042019ec726aaee793961c663e","nonce":"151d9929e2449747889bc92d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"4bd36bb99b6035a3ccd5f41998b6d49d5562c72225ddbdc82e38d5be180e6b0e69abe68d12be85239a664ac672","nonce":"151d9929e2449747889bc92c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"1a1916713004d3a90c8651e9781a759e63eb70bf1d74db5d3871e01f4664ea5241035f9a09c50c7c64b877a2ce","nonce":"151d9929e2449747889bc933","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"510ffbb00d709b3ce27bea8b8202f2fad82632d6429992b4c0f71728bb3291f20f696c4d2abd942dc9a8960b39","nonce":"151d9929e2449747889bc932","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"25695fc573d452c33f7bb8f61a30d1719c75637cef9bd9c11e4b48583d926fed3a31ecacf54bcdaf42d7927f98","nonce":"151d9929e2449747889bc931","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"913948ede40a023565bfd70f5f47c37ba2506e09b22d4784374659c90da556d3ecdef17e89b8f749e266f11b46","nonce":"151d9929e2449747889bc930","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"3fd6c17dba8dbb2a4a0a5cd99aa0f1288f0f5bb02b720243d6b7c1cc92621c1efd0dae437ca54a67e2b3127f76","nonce":"151d9929e2449747889bc937","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"a42358de18cb5495cff2729069fe0eb7996dbaf2138ec00f570107eca2a7c6950b9670b4ec66795de04685c2a7","nonce":"151d9929e2449747889bc936","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"18b1f565922a8e9d58959adcf3cb25a3a907d2adb69d71e19c09268f173157f569b1d4279c93f840d08b746b4a","nonce":"151d9929e2449747889bc935","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"34355c72a3581d4eacb5269e76f920a77242cf7525c8d734afe8921c87deaa0780ecf5998af6e5f84ecd689048","nonce":"151d9929e2449747889bc934","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"ca6ded0b04e98db9bf3e62a3cd5604678e805c3ea8a8c5c390b29977662a344791b443d0aba785bd8b9fec65dd","nonce":"151d9929e2449747889bc93b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"d9065c203b0782caeb631af2ad08d685fe121033ba52b94608557bcfc8007adf68e2c77a4b6a475ce1171b70d5","nonce":"151d9929e2449747889bc93a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"27d600688c31400608c332d1af2bfadc89d22739e3cc06d6f0f1b356a61e214f5b0ddbf7caf47b71d2be8cefb1","nonce":"151d9929e2449747889bc939","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"9ed3e280b8605d721509cedbce556ee4429aeb48c0fcd400e30d21074ed902ce77589ac1f5d282ff1bddfa8cfc","nonce":"151d9929e2449747889bc938","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"3eb0855fa879f7dc8335b5d426a440f19acdc0fc721532304de51323464707643b40d54812599670936eed2208","nonce":"151d9929e2449747889bc93f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"fffd265116539bf8b564f012fe3ec3a9dfccd9a5b9dc4ad9e2964e794c764ed63a759dcdef61ad043f7588a11b","nonce":"151d9929e2449747889bc93e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"9e7fd0052e15aa19e46050a2661febaf6c5f326caa52dc439eef425662661388fb9a9be58ed989760a7494d3b1","nonce":"151d9929e2449747889bc93d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"3693b73981435ddc8b081186f7a7f06fb4a20eb7c39c147f6db5cddb47e2f29f60f909c4504b2b789ddfb8e40b","nonce":"151d9929e2449747889bc93c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"78fb4fbcb3de5bf9230fd0e41aab0b2899f331a4d806423d2a7cf91110b06ed76146a9b815fc0f5b1941d24de6","nonce":"151d9929e2449747889bc903","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"8030cb70867979059a6e5848feb3c25f7504458da998c831594371141c868715578f3a62ed71dff8aff1afa2c9","nonce":"151d9929e2449747889bc902","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"89488d044633eebb4a41f649bf3a5f1d17affd9d5d9baf5132c71f8ad057aea36fd31ff72fc78d6880444696f1","nonce":"151d9929e2449747889bc901","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"4ef51de05e1e02e6a15e30d313a8905ec12e35adb3fdc6ce79ae56dc348e1a636531fabf5e2c78962d492bc0f6","nonce":"151d9929e2449747889bc900","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"2242a8228e57ca15267e01abfe430f1d6e4aabada7e38f17f20df015657d81aa898d2291c631773628f8833e9d","nonce":"151d9929e2449747889bc907","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"8d71a286ec6f330462aebcfe15a2e3b3382eee9fd2e57123565bb1aeb319112e9e53418a2bd48d16f68a59ca5c","nonce":"151d9929e2449747889bc906","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"87e2b695e365860db3f4653bc16bbe0389dcf225838cfb1c480442899d38a204c474565039e3e120848257c1a3","nonce":"151d9929e2449747889bc905","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"86adae7eee8d06e9a8855672e7cb80276deba65f0b5d17e5e8ef0cf80189e69c62187605ec2329330264127063","nonce":"151d9929e2449747889bc904","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"ce603ee533d23f2f902aa82adf76c98a30d0c5865079840acc8ff62e7c774db66b3cb758137efd3134d790ec13","nonce":"151d9929e2449747889bc90b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"904d3c71ad0a4f8d6a0f087fcd93059cc19da7c9983b59da32f83a614ffdd9cf65f0eb8bc2fe3ee64a4f5c4981","nonce":"151d9929e2449747889bc90a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"71dfd30756f262628af5e5293a624eb219d2ef6d323d37096a2a94db6308e752f9659cba28d9072b71946d7868","nonce":"151d9929e2449747889bc909","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"4f0d84759f83d02f49152f5852121e863ff3732bff98915799be5c8d5cfebfa2048ed83c0380888028f7dc081b","nonce":"151d9929e2449747889bc908","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"dbb775112c824b1ff0689cb13ee056d84615d7c0604de71a825bf6998c41623d66124e7b871c7fc2ad4887ecda","nonce":"151d9929e2449747889bc90f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"db01d24f44d167d78a9bff68828aa4340f99ff89e045476c4e918438801a02bfae77ad4161c298d958702535e9","nonce":"151d9929e2449747889bc90e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"59ae01cfcc784d69f25c005e9dec4b7f74bc05f284166ed5a056918eae0d9e1a83fd028a52f9e6dc6ded369941","nonce":"151d9929e2449747889bc90d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"8a5e074f9f14ffcaead4aaf599a97a8dd791c44833bd6676a09b7b87e29f1237ee926550d80a44378f025f650f","nonce":"151d9929e2449747889bc90c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"c86b3b47535fd4c11610a1830a2847c6f7c7338d96656f8d04453edd1f5842af3397c6f762bbb39d4730f043fa","nonce":"151d9929e2449747889bc913","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"053e3ec87d82425c627ed4c2d84ada5cc0b5253d6ae1cfbacff5c78f377f3c09ac89257d551772f6d2e053b344","nonce":"151d9929e2449747889bc912","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"73a145c830aee75e0fea9e3c7bfa24c9a5b1c0602683a5502fc83dc4a087e0a9c9b142dccdbd3205fa22cad268","nonce":"151d9929e2449747889bc911","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"98d8fb2a4bf5f772880010e4cdfdd992360189f45fe418f3736255423e60657a2a01c3e60b54d3efa932d090c5","nonce":"151d9929e2449747889bc910","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"b8abe4d887990e1e527a8b7c2ffd661dd4b65c618d7afe742281bddcb39c8be07c143b061bc607b4a8f41a3fd5","nonce":"151d9929e2449747889bc917","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"1090be42c502b75570c25a9b74777a4f3c981992156a9dae81c1f3a637c388ad55a42782f3785eda7fc00ed9bb","nonce":"151d9929e2449747889bc916","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"2ed5cd3dd937bcc54bc8193cd81420350e5a94f233bf52428dade8033de59a4bd0d461c7680fee19d3eaa49790","nonce":"151d9929e2449747889bc915","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"da16bc9c2b04ac234af1d2bbd11bb4bbfe6b32864e7381ac73604b2a870e7b8aaf10b128d8ca39b4e3f0ece26b","nonce":"151d9929e2449747889bc914","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"f0d9acf36f857f86e02b06348e94d0fed7fb010d4e6365177ceba970c1a17e7f472240dbc585ee0cb137cd3b70","nonce":"151d9929e2449747889bc91b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"32199e20199904c07595fc6e9307022a0548f8f56ccf664497b840ca50176a05c72469c3231e4220544114054a","nonce":"151d9929e2449747889bc91a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"257884a96d90d927de623709a39cb34a5981007676ba96b2e1e4e3ff7dfc499acb265dbb4e1812428d5ae31514","nonce":"151d9929e2449747889bc919","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"6e37fd96cc41de256d9363d9eb27868304ed5d979da469fcac98b4509719b10a8ed0c205abb05c7d2c9afb34bb","nonce":"151d9929e2449747889bc918","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"7bfb5b966d1a92d893c0bc4ac5526a8a104ad929053d09481538b731c3e164ec46b4a6e6849ff1b6f732f3109f","nonce":"151d9929e2449747889bc91f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"8a70b13706ba38fb0b279449984a4df5203c05d242bd7e6af70c9e96cb556abd9088f8e9b28121d050ed74908d","nonce":"151d9929e2449747889bc91e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"44dd0d86d69344f086f4bbc3b75f04b1a5eade98e4d22ff130a28b4f0c60f7db23fe2c30c3e2f8269719b57dc1","nonce":"151d9929e2449747889bc91d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"946181d28098f47928bef7199f777dd0d2653f08c326bfd10090b47bcd294735dca636428bad26d0c186ff56dc","nonce":"151d9929e2449747889bc91c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"e080406e00c83bed2e94537263727d65ce99534cad2279dbf119eeb614cc5ba0b9103b7497fddd7b149579bad1","nonce":"151d9929e2449747889bc963","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"a86551ee5f2b9cced52e1fe1cca9a8f7e63065515787ea7f4f9f4ff51bbd7698a79bfb853913c96fd714694b8e","nonce":"151d9929e2449747889bc962","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"f450c832f51334c08e08461d087ea1d3b475ea1964e3075e41b227a57b6f8cf2b9ea8838d54784d0c533d5b5c8","nonce":"151d9929e2449747889bc961","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"c25e6034c2c2283f5b8e6b7f659ee33eeaf3401ef43a81dc3d8ffbb9e7a32370311ceeba97c6a6287d3786321e","nonce":"151d9929e2449747889bc960","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"5c30e2053f7f1501eb430edccca9cbc90f01b03200ece329b232fe0a4a9baf418adf846d402c2443fbd72aa360","nonce":"151d9929e2449747889bc967","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"9df08200e50ce71aaa016d6f18768803a8bfd20ad405345f4cbe60cb28164eb897e5ad2675c90595d0df83b662","nonce":"151d9929e2449747889bc966","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"56fb1c4a86f4642fe820f60b440e59be913ab632de2027defee6161e627ebd78fd30a606f119070460cba0aacd","nonce":"151d9929e2449747889bc965","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"a8163438d8ea48dfdaa8ee0286efb83747796263c11e97cf910f8b56adef3f6bcc12c2aa885323d641985116ee","nonce":"151d9929e2449747889bc964","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"10a66fd85dee2f3179efe704174f2fa4fdf0dc3839c6ba06a39f947dcd9422a32fb5b7df5d6a467bb0c5035d32","nonce":"151d9929e2449747889bc96b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"50384f9efe0ae3adb9c834114862e989995ce080f353f0727c4ab2d41911755d154b4eb0a693b0e72124c465b4","nonce":"151d9929e2449747889bc96a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"f74ad7b18fee3ca88f91c653102e6b877e1f8ceb73a3a5bd44323ba5194ac722e87e0656121001c39653bf2822","nonce":"151d9929e2449747889bc969","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"3d0b638910c26c035444b494342b5059eaa485d51d49a7526bf5a76cf18ce92be1e88922f1ba27db8f29a3bc17","nonce":"151d9929e2449747889bc968","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"4d17c2da2c4688c5ae15be76b2fedab1d677065ea79a452f3cd01c12926ef4991cbe8be7e7e5e69cf2666121d6","nonce":"151d9929e2449747889bc96f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"7aa7ebe84cf4c35dccf15682fdca996164f1ec056455ace8b9544b9c1b1571b8bcfc104fc5e91f5d68d7738707","nonce":"151d9929e2449747889bc96e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"c8300629a6cac3b1a7b408bb50e503191cbb79f102256d0bf3f25e33af30ae12e430af1bc9e44753a0e25a824e","nonce":"151d9929e2449747889bc96d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"37c428339a389e8ce35daa03a99f5c07fbeebdcfc3e695434f2eaff8f90cae8902fef683e2ad238f2ba037b5a5","nonce":"151d9929e2449747889bc96c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"39e65faf2c41d0bfeeceb28699042b62e976fbc3836e6a8a41ce5a5a85f9c428887792f725baf7ac68db824c9b","nonce":"151d9929e2449747889bc973","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"0a478a818d4fc9da07c90487cef008949818fcaeeb5c1cc83f45d487321fd491ad58aa1863c4a5bb75e9db1b66","nonce":"151d9929e2449747889bc972","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"32cf849851e83b92db5eccef5ad9464af0133d588fb0ecdc4a43ef0c03b1dad9889d673900e95c7e0051035426","nonce":"151d9929e2449747889bc971","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"ba1e5814a83a84dada756914f38e7069718ce13e97442003ee37bcdfcb54032f8cc3e50bec78c2b8c2e6402d65","nonce":"151d9929e2449747889bc970","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"3b91fac4f67af1a93f5ee312fe5c39bfa915a2317c2268b594e363d368d9df09022468a5719a3cc91d07f3c36f","nonce":"151d9929e2449747889bc977","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"5888dab7e84869c9ad8d5a80db2e89da750780da4e3fd59f317c4440ab2ade53aa855254f534e8abf7b030e1ba","nonce":"151d9929e2449747889bc976","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"9f8d979e4c9965a2e135e0e85849e8e51cb9edf27c5a48713c0342f78c6eb42f89c246884f42b925d508ac1118","nonce":"151d9929e2449747889bc975","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"1a3fe6ad4387133e6dde596102384e034984b26ea9c2518690e43bfcbba241b8991b1fc22f5301f50a6c067b18","nonce":"151d9929e2449747889bc974","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"35ec707cfbebcd8d29a94b2a53279f06d6dad1d67a85d26515b33805cbe9c8054de90590d90ecfa2e75b319426","nonce":"151d9929e2449747889bc97b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"98b90ba87c954ef7a61833679d2d9634cf6c9e0e2bd346b9240cfee3cae141f3bb886ebc195019bf61ea174fd2","nonce":"151d9929e2449747889bc97a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"29d4773ca7566d5e9e32701d6c46c70111d615f150663e76c62c8afbf3cde30395b424530e71fdcd91abad8235","nonce":"151d9929e2449747889bc979","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"a3ddd151493934a6d056bfb33c3cdfb872204b2e40494b2c12c298aa2443563eba9baa7a984b4627a1aef12b35","nonce":"151d9929e2449747889bc978","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"97fee29b1aecb67490fa440db94e8edb9d44da3db59466700235cd0613bd7f385621ef78bbd1a61207f61d58d7","nonce":"151d9929e2449747889bc97f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"bcf3f399b75f170a59b61b5a8e381f1254d4599bfaf906ec035aaa89b862616163b32c0078ee65f57e372921c9","nonce":"151d9929e2449747889bc97e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"b4fb4b40243ff48b3af21b81f86742faf71e9a2006c0dada26824262d3fddc428575c2b3fdebf84f777e6ea7b8","nonce":"151d9929e2449747889bc97d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"3e4774d43410c80bdd17e94276dc4c9e593dfe1be6e7e512fb0ec7e8321f0825ae52cec95ec88e0a73cee34632","nonce":"151d9929e2449747889bc97c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"149628f5c0a0c7a83a255124b93bae9acb5566caf56e2a44d425a045f5de8d8b99fdb859853195048e9a2c6838","nonce":"151d9929e2449747889bc943","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"23353f67794a1ab146b07737c42dcbaf16fe80f5fe275808900ba8b64f7c277710f99887617c315749db003750","nonce":"151d9929e2449747889bc942","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"7f682e36cd661cd0604d0d161b6747c9116fb2155698a880390b170c95a1a4ac56281296c3f92b643a43bd7bbb","nonce":"151d9929e2449747889bc941","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"5060bd31673101670052d60db668ba50e577282f2d04ac7f55a968df8f1e656f3e54c042bc376dff57881449f2","nonce":"151d9929e2449747889bc940","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"a1a9e8eba75c2d5492de5ac21b96067d86db723ca40446043d6b518ed99e546adc70e872b389c8b252f968ecca","nonce":"151d9929e2449747889bc947","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"265c2fd6d576240fedc1e9d2e54ea85d4c6f948ccae75dbdf5131ab9e34e6b7c546fcd2799fd70bbbd80f4a403","nonce":"151d9929e2449747889bc946","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"e5cd249047639b55351adec7054b4bad49ba504dfd012c24e6664b174aa7a96a8f43e3e74c24c72a2084a30f54","nonce":"151d9929e2449747889bc945","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"718f45fba90a6d7fe762a963a3afddd422bcfb69b4d67f68a07f0963542d11a9f93fa7becbe1467a6d4ba2bd59","nonce":"151d9929e2449747889bc944","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"83317a03f6e6f5c8a70c2ab5a13e594f71de479e37041bb665f2f7a1222cf3f989dba32842bcbc2e9d104eeb6b","nonce":"151d9929e2449747889bc94b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"abb06a322a83405b85f2921f0faa10d142e7957cf39c0f61efe8d4ef7aa408dee8af86032f3c16a2e103753a75","nonce":"151d9929e2449747889bc94a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"1846787cb992d807a28985c645ab2752cec1059250224f49da67cec65ff51d9ea1edaf496c1e35d74a39746296","nonce":"151d9929e2449747889bc949","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"5c272f93edda401fb918c03179478563bf812a7012faf8662002e4e8d0c45b4faf1f8f1345b3cf93efbf0c3590","nonce":"151d9929e2449747889bc948","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"b93b55d7382c44f03f7d5c376fb325f009ffa705b785922525f83d81226259cbf27d5cd1d5657eb18ab49c8f57","nonce":"151d9929e2449747889bc94f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"78f36217e54bba52f594bb8f0ea26e189abb484421b838e983d5432151f5ee702310a7da43b3f3477b6446e42a","nonce":"151d9929e2449747889bc94e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"98b9e8dd6a2e8dc8e2011ce879b160554365afb06bc62db992131c2ca3ccc83d83aac8157816921da8cd54933e","nonce":"151d9929e2449747889bc94d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"4cf48574b0986e1b19c19af1254c62403ba242ca7e379407095bffa6e65baae539bb9fcbcab8a915d3c633013c","nonce":"151d9929e2449747889bc94c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"94da1edb651a79419cb2c0ea1a89c14fa3a725335e3b3b10b71e97eca026526c9d61669ddef6fd5f71f15fb930","nonce":"151d9929e2449747889bc953","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"aba2968f77b8170707f3b7affa945289ea56986a10070956efcbb48b6512e22f960f7a07e05c77d5debd69daef","nonce":"151d9929e2449747889bc952","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"258e1acdaa6c7ba5e31bc1098ca42d844531b0039c399e05fac4c0c22a75fd4e308b288a24127334fdb1900b0c","nonce":"151d9929e2449747889bc951","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"6a6d65cf15054487bc8f4840b86d3de127c1a90080051cb0242f4b730d4a526659a7c059fafb0a83d937d62e48","nonce":"151d9929e2449747889bc950","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"b8bf351fbdabc9a5c4843b6ababef5ca9faf95868cec99c04d1d555e615005dffc6ad3e4eb84cf7379242575ec","nonce":"151d9929e2449747889bc957","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"5a042d64ab6da7841bfe83766b66d10c272ee4dd3b9cf9bad9d8980f8b1d191e495ecedd6b28444bb6431c0457","nonce":"151d9929e2449747889bc956","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"7198f5b0e7d9a041570522a57cfa5db3d488504339762fdba72e1593e164a7df5316c674a592c064cddc9a6c05","nonce":"151d9929e2449747889bc955","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"fed6055b80361e2493dbcc48b658a35afaf6247ac4532063fa5812f10b7e4f259d557bac0f049b1b88577dd67e","nonce":"151d9929e2449747889bc954","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"f6b7aaadedcdc89ef9147b3817494a3f43107e756990c415d4a2270312b0e257b756c0f1ba929ec722850fd762","nonce":"151d9929e2449747889bc95b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"d4ea7ff429ccd38d86a3a35f1a86de748cd1c3fee83e7c85dc5e52bc5134dba53d4c85368733037a3845b1f8de","nonce":"151d9929e2449747889bc95a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"86771ccb6999dc2085ed073c6f0216cfd8a84347456e7e411753a70b20389ca84f25968d4bcf3687b8250d2048","nonce":"151d9929e2449747889bc959","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"76196c59dd912a7fdf3da785b02edb0669830f23a40b23364d9a8417c25a44747eebf5f02173bf254bb6535451","nonce":"151d9929e2449747889bc958","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"6e5b768c7965f3292010ca206f966c30f1dd1c1faff520df04114442072c3890ae5bf14295eaf7cf8aa57330d7","nonce":"151d9929e2449747889bc95f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"7547da149fc7eb27d904143355133e920beb405a8c245e5ca8e418297f09cb96aae615d24661f834e7dffcb018","nonce":"151d9929e2449747889bc95e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"ebe8030330f423a2324eb863310d1c13c62ff7894c1495a0d31709ec1fe567e62954fdccac05064c412ac00409","nonce":"151d9929e2449747889bc95d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"99f8286c7921b46fc90023361caa5b4b2e0c3d3b71b65de596876eb70a2211d89b4a90acc225b24954224919b1","nonce":"151d9929e2449747889bc95c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"b9b31bc2dafa1c31154322fe4d23b5f130cdc8f6c92da9ccc937503f4173d5cbc6df18d7847b77aeaa11be32da","nonce":"151d9929e2449747889bc9a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"cfa6ab15f19877c4c030522077c18d442d1cf220c1b021e4a5fa45d14e66044ef18d894360237281b55745d10b","nonce":"151d9929e2449747889bc9a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"46dda78d75d4beb46b6e79c68abf242895d072602ff0984d22ba95281652a55a26d5a3209177bd0b78f80b6565","nonce":"151d9929e2449747889bc9a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"ac8ddded913db97734636b351b65a3a7ec32de7c95f9c2f7ea2ce186a9cf39fdc6734d9d33631ff7b679047da7","nonce":"151d9929e2449747889bc9a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"5a63fd958d7da5229b2ff04155cf5eaad8af24292de1b6f23dbc1a6c8b717c373171ff46e9aa6ccc87cc38739b","nonce":"151d9929e2449747889bc9a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"c3de57f22a0ef3147b395ad8dd1b920e6e331fe19ffc4a4436cb0587ee1f9fdff890ff1a02fb9ab220594b7f9d","nonce":"151d9929e2449747889bc9a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"ec42e72f0a8f228508141998a0007f59bf281a9a3648812ac0f53af320375a0abe4ccaa73712ab9de8b2cf8327","nonce":"151d9929e2449747889bc9a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"a8ef6cd778dcbb82e48217e77e132aaaf3434370527978fc6d68df1aadb1f6b1f534b9aa58e993044871cb7d71","nonce":"151d9929e2449747889bc9a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"59b52a68e18b64aaeec537a113586ca56f94190b4c8fc0074febe8238606534228854d2fd45f734ae726fe0b3a","nonce":"151d9929e2449747889bc9ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"595214d9c7033b1790e9ae70b739332711baa4e199f5457bc72c033661b559c0f1c3802bc96c63953b9e2eb5e9","nonce":"151d9929e2449747889bc9aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"f7970241897e25ef6c4fcb0224e5bcfb2cda3715c9baee3b3267c7b199c82459a2a95ac9c767d90d91962bde9f","nonce":"151d9929e2449747889bc9a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"7569b68ca4ff6436c0a9e68b289ecb0d9eda9a1a60a3934ce13a92f57004a4b41e69a75c3d2a29cd2c929f5ff9","nonce":"151d9929e2449747889bc9a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"1ed5e8fb578f67d31a061ce5853710851c98b8b61765f76299711d2e763af33ddb9eddfd537bb4b967e47d9260","nonce":"151d9929e2449747889bc9af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"92ce89e443024b7a80b61d1f58d638cec095d7d4664e8549e51aba582d219fc1dc5083cc1021b441560f58bc03","nonce":"151d9929e2449747889bc9ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"17103f6d8cb385452457040307ce7bc8f18705c9333ab51867f6cf62e51f76cf703b69b32e209c64e8777b05de","nonce":"151d9929e2449747889bc9ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"6441c689667add0ed50eeedc0dd5c487aed506f2f360e768b7937f3d06b0b43c2c3f9d9c883d105e7c97d050e2","nonce":"151d9929e2449747889bc9ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"1848f52015c0b917d755528d3d0ff70574ebbec2271d4c5c672a93caf37dc87695848b79b9f3caaf8937585296","nonce":"151d9929e2449747889bc9b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"71795a914c78062acef28a7e6326c106dae40f564c73fb63d9f52a0522954caf5f3d8b59406c1e4c4efb4e78c6","nonce":"151d9929e2449747889bc9b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"18b51007114b30a1ddf14efd7297ecc0a8ad9626408ed9c6bdd22676d9aa0c11aa3f0cdc525180d47b1fc2803e","nonce":"151d9929e2449747889bc9b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"1cf6954862fe38be7871d362a3836ced64dcbf2ff114ccddcb6f248a24446505f73cef228f1217647d3e70d7d0","nonce":"151d9929e2449747889bc9b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"41cbb2064d9db9f43e9fb550a057b07bf90925ff28df85dcc01e11e2160749e3a4003df7693baf73315d3052e0","nonce":"151d9929e2449747889bc9b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"099e43c3d5305e2294566ac688e4a4c716f3b81373e941b6d28320c4f48acf9c8bf4f3bc32e59ee4931fadae79","nonce":"151d9929e2449747889bc9b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"4f27075c65c4768779f33847f720f635de15d5074d3593391936e4f0db79abf016e548781313176bb83afd544e","nonce":"151d9929e2449747889bc9b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"b49d1947610dc84a71bec3407420f4351d74a6f97dc59cdbaa4063de82998480ac8d8576100f8fc1dec8fd0415","nonce":"151d9929e2449747889bc9b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"0452a34aad9eb57de1748b18570ee94d88d2b123cbde141525e53fad8da5e95fadc36d533d9ff158eaadddaedf","nonce":"151d9929e2449747889bc9bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"4034b6231f8e1809c54bf4d394cc05104fd223357e95a60597c7df32d2d1b69e0b78adebc088b4364970c9088b","nonce":"151d9929e2449747889bc9ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"f2cb80c67d9226f131dbd64963e27ca64e428e8f64c2c193c3798e2af548a4bf5d0b64d0e9a5105bea4340e40f","nonce":"151d9929e2449747889bc9b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"e4be8d8aeb13fad3db0e7d266e89ee5ab7e3c861bdff61776d6356e786787e14e6d1328bcea2001cc48a013425","nonce":"151d9929e2449747889bc9b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"c1084bd11719f15b3194ae5f84d278efe6a962c0b5f16123cbde523ff7ed2eb88d91293c22e3ad9683f5dfaf69","nonce":"151d9929e2449747889bc9bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"91e9c1582a12184b4fbf796a81ae583f865a2170bb09f2ca46121824f19dfc7944044d533c046ad093f7eb820e","nonce":"151d9929e2449747889bc9be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"8e4fecf7a15fc3b258900b55adad4aeb1386c6486193e4d3fda60fcb255635266791eca1cd76fc20b411955210","nonce":"151d9929e2449747889bc9bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"671e011d0e3c57f73508f885c64dab5124a4283a9430168033f11ec0f1aaeafb7da3224a62264d2013baf4cf72","nonce":"151d9929e2449747889bc9bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"8d27e076edbcba9f6a9e58b62914463dfa5bfba6f419807d6664659230a947e069756098429285b590acc89927","nonce":"151d9929e2449747889bc983","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"7ed3247399afa43f2e3db2697f9e37e94f71d4d210e2ba4f3896eb62bed1308df32e5a63a16c7915538ce7463a","nonce":"151d9929e2449747889bc982","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"535bc957326207f14417a5c79dfa28103f488169039d81986319c0d54ec72ee23b8154b26bfa9e1e6941bab038","nonce":"151d9929e2449747889bc981","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"b7a029e3486549bdb19fb063eae5ac28c646929b1f195f6f1bbdf9f99a65214e923d9bb03cf19f17765c62befe","nonce":"151d9929e2449747889bc980","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"11c717389193120fa6b61d9fdbfc74ec17309d744c1fd6e0d49393a5c32665c0b70a0a64916ae4a02d020762d2","nonce":"151d9929e2449747889bc987","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"45a5fc34bb9062b93a34063f009778d4bcc3af74a69152087db014bd88eed080c06cadcf1efd41b31a9bd9a65f","nonce":"151d9929e2449747889bc986","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"2ed43cae3a8299d0ee9caf4297b330ff643066d71af8465cc19a834bbb953343a7e165f646eee638ab0485b903","nonce":"151d9929e2449747889bc985","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"b42058802b285612ffc4c9660931a282125eaf820c116659672ea4cf4e901f9aa9c496ed515d6fed6cd72930bb","nonce":"151d9929e2449747889bc984","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"a5cda906160fc86a45c80cb2b51c07a0a1308626426bda2cb6b2e15aa5d650b6f59a97b503ef046c88f643e0cf","nonce":"151d9929e2449747889bc98b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"3c0656ff6ad0c678d1ab7f1c49118191a475882c66b9a771a9570e1b19a7bafe0e2e2b55f0d17a4d054d175516","nonce":"151d9929e2449747889bc98a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"75c7b335e15e94bda0851db69e35f108fc233a545da4b928ad14461e269694d8820956fafb4e44720ce8381507","nonce":"151d9929e2449747889bc989","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"d3d4208c7bca3519228b580237ddf552c0f479fd621b5751d797cd1d973f62702e1ddc2d743ddea6a14810981a","nonce":"151d9929e2449747889bc988","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"bd8072b89e773e49b1ea161dc308c1f47e0ba2900eeb8969feae8c69ede105660b348d2a6ab5251e192812a704","nonce":"151d9929e2449747889bc98f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"802ba6104adc7ec67dc96bad11d1540c37c7d09a1d8e588e9d037a559aeb8bcccf00199e002dd1b51e38346d01","nonce":"151d9929e2449747889bc98e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"170693138046e54de3f940047bc9c083905bd0d5f66ce4a21b447e8671662ebc13ee7cad4d0710fc453fd18c44","nonce":"151d9929e2449747889bc98d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"fe66bc839bcc84b49b7b2f74bc79f6b6d66d081b431a9f875738ec99278da15f562636f26a3305c06ff0ac1dd7","nonce":"151d9929e2449747889bc98c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"68387b231332367d7c8b6d57bd2053c79158bd8b364001f0ad10c2687266df9c2339179d7278db2c9b6a0a378c","nonce":"151d9929e2449747889bc993","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"5c15441304b8c28780c052b3354b85f05985dc83ffb718e4b680bd0fb1c052aa5741370ae14ced0dfb94d80fe8","nonce":"151d9929e2449747889bc992","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"a5b93d9b53f0134eb135abac39506ebde71368021255ad77964ba92095b370ca6bc1887266746f2f24a1ac68cd","nonce":"151d9929e2449747889bc991","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"bc646bd2d4af6cb3eeefec80d906ef332716d228ebc473fd543c51fd4c626ebd9a9ca3c5379fc935748b302fe3","nonce":"151d9929e2449747889bc990","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"baa95961ad3798f5ea49f68c7bd46a47f1e1b1f4c4410aaa23ffd29b539257dc6a519bfbdc12f48c2dd44f41b8","nonce":"151d9929e2449747889bc997","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"63350bfe96ec394c5df26cfec536c1e13c36f11366dada5c7fbc87c7a77824d3aef9f68420edcc90dba8840e8f","nonce":"151d9929e2449747889bc996","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"2aa46f85e84cd57b484eaafb542af4fc5be63a3cf0517924311c5014754cd28ed4aa3a7c6ace995369a121d919","nonce":"151d9929e2449747889bc995","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"7125de9a7ab93363e12742330ab38a0afc493cacd21fac7dfd8d6650b58088e5441b4612957290bd81bd9b51a5","nonce":"151d9929e2449747889bc994","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"99e607edbe8020e3d501f2d861864c65c0f3c7017f73a5ffe4a13f55bf5576848f3c74982cc59b599b10f5d16a","nonce":"151d9929e2449747889bc99b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"327928bae37c3ec8e3013157520df8a40fc82e554b8ab673f0785aa30ad582b3d5c16214668a9c02b8a3305996","nonce":"151d9929e2449747889bc99a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"970a798ffbc3d26f2d8d937ddfe93944b9b0a8ef5b5090cc2050c9e1cfa24ae8c9e383b5443b6b06498bfb4576","nonce":"151d9929e2449747889bc999","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"f9888faf2641b1cf17a32a2f1be9ebed7461bf164bef4d66f925d97aaa29890011dc5d32b1662a46e56422ad4b","nonce":"151d9929e2449747889bc998","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"c4b3edf0d1f37509c2571d4b5862f59b2ebe75c53553fec09fd4331db9e968beb517f1c48a2e1025a13d0849de","nonce":"151d9929e2449747889bc99f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"128a7f7e9f4840e993df22c6a27fe71ce85ea48e30e09cba1d61ed2a4ace07cbc6d498e10909b581a548facb53","nonce":"151d9929e2449747889bc99e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"640183b2b366539114dd437cc52c7e11ace537522dc32513d28a72306a0859bfbb57e88f0ed282c328b2811575","nonce":"151d9929e2449747889bc99d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"737920941a5416463d091bb39cc88fb9a8777946b3d491d74f873149c121a680f61bac1644fbbbf4e4e084615d","nonce":"151d9929e2449747889bc99c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"ee533361a9075cbd1ae3448b865d16d540869e232beb3e7b7fcf0982baea5d4a7634b9ea2bf3a768da75d7bf62","nonce":"151d9929e2449747889bc9e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"94be547dd7acb0e06fcf9699e4e0417b08da4248b09d2344ec5a3f3740cb6df8a2e73cb7d1f586e2bf81fbe01a","nonce":"151d9929e2449747889bc9e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"595ad5462e873d7289b871482889242cc322d57e840a826164fea4b240c18a951464d27444a5672cf0339cdecd","nonce":"151d9929e2449747889bc9e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"88fddd9846559b1e0165e961bf90d9320b8846406353174667f03d667e90da202b5dce27a32cfd2c4288e80cdf","nonce":"151d9929e2449747889bc9e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"d0b40335e694ecf36a1c628c215f8d1e59fdea2ec54d1997a7784c519440c58bf1cb2cef6f1787b84f75182726","nonce":"151d9929e2449747889bc9e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"3e7e536627f6b2bff437b7c3147e19b40a779ef2f9d46d0be7aa086dc462301398e912b268cfe8ac174535ddeb","nonce":"151d9929e2449747889bc9e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"61919626cf4fdcb05b3994b2b4f1cff36cde151621afbccbacf5cd30371328023548debe410f5fd510de7b3f8d","nonce":"151d9929e2449747889bc9e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"5cda7630909f65f1639d17ee1bf9af32a154e07a09d5ec0cd6d980b2246420ac3a713f64b747325ff98ffbccff","nonce":"151d9929e2449747889bc9e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"93a81809a5c145a51792f16fff011cda42b7955c15f8005eaac4b5a2c69edd7c6a30e4007a9d7a28eb4c916f91","nonce":"151d9929e2449747889bc9eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"a3be48ca8ad70c6dd6b2763088cdd9ec7fce54535369fa711895e938ef40b634d765976e74997bd6ce3334d691","nonce":"151d9929e2449747889bc9ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"3f060c4ebcf65552febaa5301832a124ac261aab14cb4987abe467712948466ef42a819442e857a7ed2d406a04","nonce":"151d9929e2449747889bc9e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"ec45590afff57643dc270647f6932475fdedd8c94c13c7834c44d0f80b48f409fc311063140819518fee6274a3","nonce":"151d9929e2449747889bc9e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"157c4157c5f1afaa789e304c096b751c3ac0174264696238dc614c0872ce6259261613938c14757173966fa5f4","nonce":"151d9929e2449747889bc9ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"df36b86290c7ba0b99f6b9ac4489d570af4941296ffb352cf0a2caec11e9edadcb61391e381763a3f89055f1b1","nonce":"151d9929e2449747889bc9ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"4ab902188cd8040ba6c4d325cbde2161e672e996f2431af34a94bc89be127ea99278e896082847c11029c94cd1","nonce":"151d9929e2449747889bc9ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"ecdbd21be32fae547cfa7fb4d665f3038b5ef47383b349700f53fa37808f9f971c4e6f2c686dbead494695037e","nonce":"151d9929e2449747889bc9ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"e4721d14e172cd2db536535a8452a247a60642a7645f56b30b2c920433f082a111e798d644e764eae231b9e36d","nonce":"151d9929e2449747889bc9f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"beb673981c54566d15239a625e70beb02dbe9ad49782a9589c6dda7db3409ec9b0fd5485b2b9ca89f51ad2ba92","nonce":"151d9929e2449747889bc9f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"e2b02be0b2a8b327c7a83d4c276e7fd9f8ebdee2e951113bf0622f2d1b52566d0b5fcd582b8f11f2891206e439","nonce":"151d9929e2449747889bc9f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"33ae0f52a3cef337a7286ae47e4f2939c18435135f3f93794507db9fb4d779a4af607683a3f837d6f175570ea4","nonce":"151d9929e2449747889bc9f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"7bbfc9c9e8a4b2781f1dfcc48c3a6d9e66ec91e39348a458736681d7cee6fef84102da9bab48aa3fbd295b129f","nonce":"151d9929e2449747889bc9f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"951bc3e3f3a302eff4cfb7989a6508ffd2bd69223d9b962a4c68cf04d209e37b056f92c4ff96e41b60e411fdda","nonce":"151d9929e2449747889bc9f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"031ffc754d54a488cb7bf4577e840b9257d81ea3605e2b1fed1c4d83ddc76ad7ec76d3cc2587636287bdd15423","nonce":"151d9929e2449747889bc9f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"7a88f024350986aed407259173cc4f1672ac1b0e4d29584c3bf4c717ca48e9d835ba99cafcc0ba9428368df5cc","nonce":"151d9929e2449747889bc9f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"ca06ec3e337014731f122f8db788f765083be95cb6abe2e9827d521f63a71932a304fc8f452611c02bdc8ae83f","nonce":"151d9929e2449747889bc9fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"44571995fbbcc50754e9858f45f81f9fda89f862de946f55f6def93c0703486a59675a28df6616057aa2962bb2","nonce":"151d9929e2449747889bc9fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"2eb20f3269a93720f615d25f908c9678dd1249646211eab665b4e15ab84661fd737f32d4c319d2bca171bc33c3","nonce":"151d9929e2449747889bc9f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"9db897191dba0aeace4709846d28d905933e576d8d19f64cb26cff759608eaa308752db430c41e6c1c13b51878","nonce":"151d9929e2449747889bc9f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"132911b40ea785d6becddf35b68c8edb4ce3bf81eb982bbe6e93bbd500c7804a62d66ed3e17ba1677e5f19693c","nonce":"151d9929e2449747889bc9ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"c0c3cb5727eae2624429233d3864007cffed7e839777a25d15dc3d46ac06dbd89004059e01a346feb05c1c81c7","nonce":"151d9929e2449747889bc9fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"f5d86b3e4a39ab7317273283244422d0a764f897b6b91ae8faebe925fd1ba2a15bd980e066dbebef574c894a92","nonce":"151d9929e2449747889bc9fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"681295d554e5f657c02531e84309c96abdce3ff58fabc8f969234e5f5e4c6726c51be58218063cf086abcf5983","nonce":"151d9929e2449747889bc9fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"c61b1a3724c8d67195ce45c0bd59886fd9b12c43f76379fb9c99d528bb8165ad41017f1dac1e26937e84c8adb9","nonce":"151d9929e2449747889bc9c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"5aab74d6eea92c635d2c751530d2f0361a8684a515a475277bfaaf5fbef1a2171a33c34a90302807c701d56790","nonce":"151d9929e2449747889bc9c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"7b998eed5008fa6295b94dac34ce9ec60faa1c4608d013cfa014aa3a96ea6687a106dde3657825e63440dac506","nonce":"151d9929e2449747889bc9c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"956ad989000458007af0b41eb2fb5a716db1b095594821fc305ee35ea27b41b2476880db3b4c86bc60c4394d05","nonce":"151d9929e2449747889bc9c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"21de030f4aa7fcb8650847deea5ab6a2934f2e0c1c5d592320a3933bd6054d6ab8498aaa4afd84592577f5982c","nonce":"151d9929e2449747889bc9c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"09ebbc42714876507032d57cd75862b36e37c258a60381c2eacd54df57b63866bb6638ba70b819c5154a8449aa","nonce":"151d9929e2449747889bc9c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"e00f7b42761478774b545ad968ba8065df957f3ebc9f08bd7c87883635ca3150d68a0762e366346610627d89af","nonce":"151d9929e2449747889bc9c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"d943ccb5bec78bb5c5456ce7e0c2bbc2710451f67f9398f81b1365dda8ceeada480e270c6bd39cd40fead78ec0","nonce":"151d9929e2449747889bc9c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"97e618976ba5b39d98d79dbb6e94f853cf2f231d32e6240929e4674d91789d7a3dd7199051d49acb92ff1e3064","nonce":"151d9929e2449747889bc9cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"3a089d31db7927069a7956793308cf8f59e3570fbf8f561888699aaf5ba4681a427d68748705754d6a7344ca24","nonce":"151d9929e2449747889bc9ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"a4e7bfa5b0a0b537c1832206561f764c88d722429340101906b380aff934fbb98f5bdfca0e77024805338e4e61","nonce":"151d9929e2449747889bc9c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"2396cc5b30ab05634f7fc6f6067eadd043e6263f1e68c6ba556fa99dd075a7f1b42b5cf195a469ef2443896fa8","nonce":"151d9929e2449747889bc9c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"8e419af52a43da88133fd3bccec458a44c82cc24dffc7475f62fcd69d9118c85505c0080811504b6b28d94c7d4","nonce":"151d9929e2449747889bc9cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"fa41df9a9badbb1eaad232e4bf7c431b17418b429cf8345e45b1b9aed9e8669ea2e19893f22dcf4dcdfd370f39","nonce":"151d9929e2449747889bc9ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"03ddaf89dd237786f561dc04711aeb5976a61f5a32f789f92867b39024ba0f5f09bca97ce2456b4d4c8ea1e692","nonce":"151d9929e2449747889bc9cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"185eab1d7ae0d33b774abf1d730abe7cdbc7e238ed7c986de2f41e650f0915f33e816fa9b0e08143cc76c76e6c","nonce":"151d9929e2449747889bc9cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"559b45bb28a558ebbaf55adf12130d45e18adf68249514e564437bf61d4c49fe9f252c006914429d96ee719173","nonce":"151d9929e2449747889bc9d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"6457329e5fb4296beb868c175f84f16ae889a3edeb37edc19b38bad597064287aca727b420b5ed8b1a0b677786","nonce":"151d9929e2449747889bc9d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"38f7ba2c57febe4b4d832c29299060d93f8fed98b6cbc95d0d6e95dd385d1fee063783ea774a770111ff9aa31f","nonce":"151d9929e2449747889bc9d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"c45408567b0ad94fed4067cd1d250db315561c9322db62e2d4604bd36aeaf1fcea7db541ab88197266e5d9d7f2","nonce":"151d9929e2449747889bc9d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"15211da2711b3ffd8f4fd59500a7fa1e5e4bc96e1ecb874671e455ae30cd8d993ae61f7f2c741337dae98d3514","nonce":"151d9929e2449747889bc9d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"ce742653b0a38f7c93e901f97379f074f875eec71299361ebf5cada487b9992d1e7cbb975ba8d5d44aab2d5854","nonce":"151d9929e2449747889bc9d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"83165d93c0178f0b4f73a46952457183421a3284b17d9d5a056c897b7021ce1cfe5295a44a6daec6da9a02e1e5","nonce":"151d9929e2449747889bc9d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"816bcd488508d071fecb91b9a0c792b93461a1b6eea76728fc29cc1791f47b9043adde84e0af3e99acf72f7c95","nonce":"151d9929e2449747889bc9d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"de13015f54f2d415dab8f63a47d8bd5799b169f1982b67b79890fccc187be7a1ebe08670e4ba6e61e98e4a353a","nonce":"151d9929e2449747889bc9db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"6f533ed89dbc3d56641e7c6baaea85455a24d7c81bba4c2c415e146d78c15b05acc144c64a392fdabd6088d731","nonce":"151d9929e2449747889bc9da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"43220fbb436a9269a2b8dba1734e8a9f77f443f32fd89dc78b6205a10817c38e8d26859b2c3aa62d4012dfd8c9","nonce":"151d9929e2449747889bc9d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"1a9acc8588317d8be40f50afdd9ff12464dced0401e6f8043e387a1b4d82c75e63cb0752a06d3d6aab8eb41cc6","nonce":"151d9929e2449747889bc9d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"1b6652abf366cb5106ee5e6676510d44de609794badb2672f9d5537fe32134955d8159da22d98c58780980de3e","nonce":"151d9929e2449747889bc9df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"f4048c4d1b9210430abe699016e1d696b9f67102a68d216d84bb99eb03f6d57d7968075942d4f6e56d462d25a3","nonce":"151d9929e2449747889bc9de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"f3e1101622e9c97c64fc58e58d71bd92acedbea1a5dbd90d09fca60470aa2c708ece6e8e845444860b37a9b420","nonce":"151d9929e2449747889bc9dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"f6ad1823eb0b932d04b6e23010eea64f1fe5edd0583dae5ba27ca6363f4ea104bd217331460ef4208040423641","nonce":"151d9929e2449747889bc9dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"53624f4f9f173453b14e633b45390ff54cacaa4428d44baee1bff8133fab1ab3afe60f88e4634b525c54e92eda","nonce":"151d9929e2449747889bc823","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"ded6cffafaea6b812cbf3e241e88332adbc077aca81512914213810ee291770a"},{"exporter_context":"00","L":32,"exported_value":"04d3cb6cc116b28ffd22ad5bc276c60d31fec71ceb87ae24db811c64b7507339"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"7c5ded445732c14fe09727d29b4251c0fd38455fe8440571e687f0886aac94d2"}]},{"mode":1,"kem_id":32,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"f1c6eccfde050607555cae11893fcfe895f85eadc7c77c42c1544391d0cb7a20","ikmE":"82a09463e824b97331c06be1d3eebd9a3e023e08b9ed22bc6a4af2ff024817dd","skRm":"d99132243a09c24a7497f3da8608f0ba808c21a575d33679f4b24603e96d27ad","skEm":"e24413c8dc5760ffbedbfbfb48d087f85ae448b62575db480763d430636663af","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"62a61ceb338540516edde460e27923a8df6749bc38e27b1001cd5b8b9102e44c","pkEm":"4f3e44d4dde1d0d12a724242df8cef0a68ea53617dab8a6aade4239d404a5154","enc":"4f3e44d4dde1d0d12a724242df8cef0a68ea53617dab8a6aade4239d404a5154","shared_secret":"cb095862cd41f4cb5be5f63e11d17728c84b4d0f66ebe6bcb1ed0ce8d895aa1d","key_schedule_context":"01a35894e1dbdc20fa21488d654d8f53f5aff5052690a045752fc170019f0d314e06f6ef962c9ee7cea40407b5d60f0f26990472faae3ac44c78366f1cac1ecde1","secret":"23e811532231ecf0c7ee8ff6d10a7d731cf4e84bfc03aa0a76ac52af4c5169e0","key":"de08a0822c00994ffd1a4136a3caaf2703b4ce0c083c2656e598345fcd27510f","base_nonce":"02b1fe14a5b6ad526ccff550","exporter_secret":"8bb2d1661275a9c505481682c41171dcec9d4c468276878d71c98a050bddd53c","encryptions":[{"aad":"436f756e742d30","ct":"316d9b4214a33182212888e86f23005b0706c30db2b1052c4e28c2c100fcdb85cc934b0a64c8db0d7dd339b64c","nonce":"02b1fe14a5b6ad526ccff550","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"d8d6bd66e6e43f33a40bbb3786cad58092b5c7c64fa4c596fbeea04334dd169d7a02a25556e95a0f9a043938f7","nonce":"02b1fe14a5b6ad526ccff551","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"facb3855d62ed8e2fc1060aa8c88c295ca414e9d62347d5525c02917dd97842d9bc3058af20694992fc8c3205a","nonce":"02b1fe14a5b6ad526ccff552","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"ffb2c1590e6e2f07b7f7dc2a2a33af4dd1d1528b78647c464c0909d801eee30d8f3c2cbbc6dc652c977cead4f4","nonce":"02b1fe14a5b6ad526ccff553","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"200c4547534bb3bec65561d633dd893fbcb4b0ff068ca02810ae7df16de2c2b10de861834710a72f796ec02119","nonce":"02b1fe14a5b6ad526ccff554","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"0bb8a9c84885fe0b592893b0d141ff0b4c6c3260b6ca6eb14361e2bd50b0fc7c4e282c2eb5d49ccd2937b383ed","nonce":"02b1fe14a5b6ad526ccff555","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"f60de895275cdfc25466ae6ca77aa865c07308f0705c51f54d2cfe07b7dc7b7272cb7d3996eb9f5b7fca17762d","nonce":"02b1fe14a5b6ad526ccff556","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"5ce56bb17df72d8fbbf1d3a66eba3c6c901c02f5d3583891bcabc659dcb2822dbbe4c7dd308d6c55ba064863de","nonce":"02b1fe14a5b6ad526ccff557","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"7a3d7c948235f0e1e7e26716f49d8f4c8f12f3d32312e6ef3e0c519f774fd3c942d14b57725f0a5ac867993681","nonce":"02b1fe14a5b6ad526ccff558","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"f2f716bd734718c1f826862d78a59d445c82b966ad147187dd8bde25be4968cbe58bbbd01cd905533db2b67dfc","nonce":"02b1fe14a5b6ad526ccff559","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"7f676415c27e43137b5ab8f1598ca65f00d0442d63d0992b2b63f08bd973268b7ae74825dd19fa18026381b13e","nonce":"02b1fe14a5b6ad526ccff55a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"bf8e1d48f8f86dc300191b21613310bc42a928cf6f25cbc975f9adeab323b03be25c03298c23147615c8142a99","nonce":"02b1fe14a5b6ad526ccff55b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"b44369bd6dafbcc8c292b5e4392be8dad2c64a913967883fadd7da9aced410614f46dad974137b2da2732e97e9","nonce":"02b1fe14a5b6ad526ccff55c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"0c717e65edcb0de053eae3cdb9948041516fd9a55e5d8b7223d3dc03803f274a7f07d3e313bc8dd77473f564f9","nonce":"02b1fe14a5b6ad526ccff55d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"ab9b18d76934c0602608269eba925de1d8b497099c3529aac8a4d569a3e08d333179f29edb4882416a7c542397","nonce":"02b1fe14a5b6ad526ccff55e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"34e189dd5723b42b0da804fd5cc1d7e2b9f6e62455cdf1d57101a09a2a1021891c30aa9001dfb488253d07f8d9","nonce":"02b1fe14a5b6ad526ccff55f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"3a15d029a586ca81c1217aede58e82ba216aed6d6df4d381ec37c04137658371cb2ab74c57a4011b3bb5f9b71e","nonce":"02b1fe14a5b6ad526ccff540","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"9c26ac5c799743f0b7035f5f30dd7b83dea21789cad15a304e10669126b1b3e80e99725131d613b8d340453122","nonce":"02b1fe14a5b6ad526ccff541","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"8fd87fce34ea7cf9d6d2e6023f66f424943eeeb962dc9792947b07be60b8fef514aa3c86ed98cf12c082fd8584","nonce":"02b1fe14a5b6ad526ccff542","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"37d0123cee2ac1a79ab9e4956a941d67c1e8d8aff0f3d9da00146c24127b3492547980974a0e966e24081a82a6","nonce":"02b1fe14a5b6ad526ccff543","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"1684a198c32a5da45fd2c0c79cf8e72638b1a999434a0a193e9808a2bea6908ff0c3e8c5190fd002c45d85a45d","nonce":"02b1fe14a5b6ad526ccff544","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"a7c57a2fee7e6a48223891a9b965c64f7d712b7a5457bd0a9a26ab8f123e3de282ec0d1033d0fb8b25d91bca55","nonce":"02b1fe14a5b6ad526ccff545","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"ef73bed01954bd928fddec54c2c7fdeedd155512432277e90236637d0097cc73c93446e3fd9b333473500df9a3","nonce":"02b1fe14a5b6ad526ccff546","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"0276311fc512a67798b1ca6a3feafe4ee8b386f72930a7503bdc4665179a2609579153be844ac95781b4eb2335","nonce":"02b1fe14a5b6ad526ccff547","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"6d9c078773b91f3d50d8969b07ccc23b943ac630fcf116a0af492526be1b3be5941a3d29c1cb63fd8ade8f9b02","nonce":"02b1fe14a5b6ad526ccff548","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"c69b462d3e65ffbcef8795a31ec2ba34841ea1e8851a052527a629e06042fb31ef6bd6abc0656e46c7d45eabae","nonce":"02b1fe14a5b6ad526ccff549","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"7830e5b51c1e5795b83ba0af126f0b823215057922aa3dd33211fc239ecbc9b6460553de72ee052fec825b2265","nonce":"02b1fe14a5b6ad526ccff54a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"d5ed14851127db51714ce48d9ce8fc9819a73619f48d2ecd73a47dcc6051f87bd4cd04bfa80981f9d800795b93","nonce":"02b1fe14a5b6ad526ccff54b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"0091c438bb1f6de3cde69cc9dd52b5bdc3e6451debaf9cc24e1869418a936344eadb7003a4ae3c527c86bd0fb6","nonce":"02b1fe14a5b6ad526ccff54c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"ef71dc39919356136294e3965f28304ae20470e6c02bdffd39464b08818054cb866132c6a07f75b8bcc9985c44","nonce":"02b1fe14a5b6ad526ccff54d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"fa5c45d13191b6407fe03200eb32f63a81b7d47dbba143da81583260078d0e52cea339702a28ab5c5cb94ed4f3","nonce":"02b1fe14a5b6ad526ccff54e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"9f76eb9d088aaba0d3d5b00d31fa94031598efb6afc699321917f8feeb4895161e75f1f7ea9d6b4960c7c4b90d","nonce":"02b1fe14a5b6ad526ccff54f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"3471be1ff949c5b89ac42d034eb321da6b19c20801f9840f7697527699beb08e1fbf80bd226d85d999df1259a8","nonce":"02b1fe14a5b6ad526ccff570","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"917260d93937793ab2e06504bf92a8c478c10405528e8b6528bfbb60ade410e9fd439abcf319383613dcc85d4a","nonce":"02b1fe14a5b6ad526ccff571","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"f61f7ceb93eda8e4ad8d088a21a4d57680516ac9ea099debf86404fcac5e51c4e725e9a93726b25fd59e9c1110","nonce":"02b1fe14a5b6ad526ccff572","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"0da5262c560ff5226caf212e5ab8f383cfe42af610c7d8fa3f60c89e01d0348ad08a4262b8d59c72582247c79c","nonce":"02b1fe14a5b6ad526ccff573","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"48b8de228f815eb27d3ca95a7386d66089001945042111f159ebda8a6686a1fa82553cf9ca6e225fe89b852f09","nonce":"02b1fe14a5b6ad526ccff574","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"9662e21be0d5a602701c5598833338d2a0a5a4c0ece80f4a8171b0a2d622640b05652ce5daa4576a74bca9211b","nonce":"02b1fe14a5b6ad526ccff575","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"8c03fdb8ec439e7f0f957e513be5013c1faf5f8019c21783272cea244bfad4a270e3c1cf5fa7f117c7fc497eb0","nonce":"02b1fe14a5b6ad526ccff576","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"449c21d8d40ee09ee467cf916c28a6d0b2eaac5f88ce579dcb654bdcbc96c157f85c03ada4ba555b5e0e922c07","nonce":"02b1fe14a5b6ad526ccff577","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"342f7879d411f7b0e6eccf54bf27a650a4f230bb5a501936d5418268939a16d2d02008ba8db15ee9189c08ec6d","nonce":"02b1fe14a5b6ad526ccff578","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"986f60e4a2727580c4bdf993b8b0dcb47df677372ca04583569d490a24c2efec509329f2aaf4eeaec57ccf06f7","nonce":"02b1fe14a5b6ad526ccff579","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"51b5b729d759035a6cda80ccc9cbdfb7d34422011d95c16090f5416ef4fd0a91c08af38027a8c66ead45814cb7","nonce":"02b1fe14a5b6ad526ccff57a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"a98a46c558f943f3d26bcc164d06ffc5f1b183a3f37845d7dfea2c2ac34d7c6ac8f06d061eac41d949c4d1abf2","nonce":"02b1fe14a5b6ad526ccff57b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"1fd1126692b8e9ee4808b31c207f7effc50581e7a7e0d813d87d63894f95ab8ce5096664957986d78701668f4f","nonce":"02b1fe14a5b6ad526ccff57c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"24e0a634f40b52d67d7fcfa29406b51202dd7e942500253c0f75433b6bad71f251c1e19bf7ce36adbcdb35a7d4","nonce":"02b1fe14a5b6ad526ccff57d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"b5078a7affdf0f751f65e705d7d30ce5a6b11fde7ae93d8863af888f9504784e1faf3b60432627f42fbd1b48dd","nonce":"02b1fe14a5b6ad526ccff57e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"828d79cf64b0fb0bc1e508ca7e7731866c55d42757ca2065169225cd3125546b8491f42c2437f0c3e3a4cb2d25","nonce":"02b1fe14a5b6ad526ccff57f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"81b4417af6d0fdf6b9e5b0f7b1fc3f35692e4fc71bc25a5b9ed95eafe8f5f484955618823c3469cbfb53c52af8","nonce":"02b1fe14a5b6ad526ccff560","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"a1ffe1a03007c02ce2f839a1ba38bd401f4689d2dd320ba6834d18ee2fce23fe50ec8ce6c550dfbb1288f1f547","nonce":"02b1fe14a5b6ad526ccff561","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"f93b425cc816563193a90ae24e2190fb2261a8be88500bdc2925d0f93fd366046fc7dd19e74f13709307fb7fa0","nonce":"02b1fe14a5b6ad526ccff562","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"a6974560c0e1b8de36719e01dd08e06e0fd55dac11364b7d68ba7015c77607fd0475672253f262fa2d6944aa47","nonce":"02b1fe14a5b6ad526ccff563","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"ffb7207db0f934bea4b97042971a4e3fc72cab8362ec604ea7a29fee19d60e6cb1bac47a9ac64f3e270354301e","nonce":"02b1fe14a5b6ad526ccff564","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"611fc271f36596046d1d57c97a741dccd763c4fa6a28a0688e0d9af7b52161849ac0a3eafc4a4f94ef44193ced","nonce":"02b1fe14a5b6ad526ccff565","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"0c1c9a243fcbfd825f2b4b4547ca6d2569cfc5d50843b12f85caec15f2b1933c6d681700f8bf2beb0052bb8d63","nonce":"02b1fe14a5b6ad526ccff566","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"16997edb5234ca48fa526a63c7846638508d8e2caf9ec118d2fe12fc73ed820b2b06e46013e73cb7980724ef75","nonce":"02b1fe14a5b6ad526ccff567","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"70f8a0873678004f6d1456fa15c588eec251de6496bcf8700110a887cdf0fee276ab90d94c414c6f77c9f38e0f","nonce":"02b1fe14a5b6ad526ccff568","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"9cb03ad6385ae1ca37d228878f3f439553e793b6b5a842a5b4c20050cb49dd13fbbc954c95d23587fe9a115379","nonce":"02b1fe14a5b6ad526ccff569","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"929b41de10d9f44cf4073656894e6779dd98bc3263a793f07368be4a803e52b69254c600b6a7663b9a6da5d9d6","nonce":"02b1fe14a5b6ad526ccff56a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"d89780fb7113e914710a4d9982a27fcdfccbc88eab31b5ef25cfc3e0f84ae4eebe7b76de01d3b4b4340bb2bdf9","nonce":"02b1fe14a5b6ad526ccff56b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"fdeef632e27ea15484ca2e84f304839ea01726ccb0af0df6b62d0422b3b81eb6709f5126fdd9c94597e5d39e91","nonce":"02b1fe14a5b6ad526ccff56c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"86a44c596cfdc42e9116851893092edb8f4cae7d1c2360e3a0f14a41e9fa610fd42881b1230997a3a8ab632070","nonce":"02b1fe14a5b6ad526ccff56d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"04bef3565f3e41927dac4752f8a53576d692c7f4c20c0f189615bf64b9b79b55e5cbd0e37006db9b513946948b","nonce":"02b1fe14a5b6ad526ccff56e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"6a20a9d3b5d7580f9c82084a35d407562d4fbdee5a0aee6dd5a921e3b70a9030901891cd29ea13fa3cf94af470","nonce":"02b1fe14a5b6ad526ccff56f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"e41eb45a1ab057f39e278d513f42fc223ecc9224714f0283ba4618048896828790a5a560dc93a256752b415143","nonce":"02b1fe14a5b6ad526ccff510","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"f9e8fbd6b751480e2ccbd78fabba5b14018b995a60d9916ea22b05ad502cb79eba4b6756209695990cd92b8d21","nonce":"02b1fe14a5b6ad526ccff511","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"a483ad3755c003a6817183f104afce14499cb98e4feb6ffec032d4b33f59503163c4b97ada77f7e7b2d36f42d9","nonce":"02b1fe14a5b6ad526ccff512","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"ac6bb5b68b9943d07d72ee4cb5e53dd307bc400aad56c400af983683a553a77dfcfd068aa8ea20290dda3eeb50","nonce":"02b1fe14a5b6ad526ccff513","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"8b0d79f419566e5a6a78e40571b6787d982ab2f049a3a15a2bb7d7a5cfd78a47be578bd8854a2abd842b014563","nonce":"02b1fe14a5b6ad526ccff514","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"4b67114d9c49ab7b4373400d4672de511aaada962cf2a69139973eae253a96ba27460bae9de08c97daa0478cf3","nonce":"02b1fe14a5b6ad526ccff515","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"d778385aac7b0f05bda5e8ac4e9ddf485cba5541482a037df3140bdc280818f964c6c6ef121990e7823eb40040","nonce":"02b1fe14a5b6ad526ccff516","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"9c4879e2f293350ac71c1fcc39fda38c5d566621dd5707cb45002c4ce7a52f2b06972835ac5819e56a92787fa3","nonce":"02b1fe14a5b6ad526ccff517","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"f33a19c772f052a25ddf22bd3a84222c2d583423469018dc0853fdd080afb6934bddfa20905b2e4ca029afcec2","nonce":"02b1fe14a5b6ad526ccff518","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"a04c93fc56deab7f29577ebccee222c955a33284927040c0001281c91a72c30007fe2df8aeab64a6675c7afc8f","nonce":"02b1fe14a5b6ad526ccff519","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"debbfc2ee94fdf5e315a816ad8e67d15493f2f50815437202e985bf74fe806e8b0385159c5ca0c5dd54a3b9a25","nonce":"02b1fe14a5b6ad526ccff51a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"24a868baa5e0638dff848e53c3f586d9ce4ef2dec496484444ae777b20b3a5ee1ac3eb83851599f9ee6dc56555","nonce":"02b1fe14a5b6ad526ccff51b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"5ff9df8208c9f6cfe3d4b23d8c52527f0ac09562e832369982e37b18939497d5a460ede01b4131402a6e5fd504","nonce":"02b1fe14a5b6ad526ccff51c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"0fb6a1efb4132c5315d95b7224b0b5fbf299397e03ac8cceae182f85b5c15c118afdf6c42cb4de99e9f435d26a","nonce":"02b1fe14a5b6ad526ccff51d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"e707e4570525114a57cf34f4bc36673368de6d93bcb31b5aae9c92315ec8c927b9f4c8e52c19fb7029e0664ec1","nonce":"02b1fe14a5b6ad526ccff51e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"ad81634a725fe78d7bcd469560a21a48c5d9669b229f5b441bd4b6b63b92d7dacecf251c6a0dc29d06e267bccd","nonce":"02b1fe14a5b6ad526ccff51f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"1974dafcc750bb4a5156e0245e080fe3761c2e11dfcf0d07b2fb36c4bf583211639fd50eaa929b3c0bb32f40e7","nonce":"02b1fe14a5b6ad526ccff500","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"cb6860d1ae32841c9fd317fabeaeec344e9c0a61a12e080b2357590e8cbb1c21eb11b4258054750065b31d8a9e","nonce":"02b1fe14a5b6ad526ccff501","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"b9cc51bb33a26869e93b1d41f09157d7b9cedc1f4fd64bc1a708ea9952b3f4481c4d60cb548ed1c96379dd3867","nonce":"02b1fe14a5b6ad526ccff502","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"aca18b74523e504040c245c431c814b678dc034618dfa2d45dbd3e8972fd75ba00c4e2c80e18c3782c343e0c07","nonce":"02b1fe14a5b6ad526ccff503","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"1091ed601a410db2cfaa68c1b6e5dbb3255df4b9dc121f9978c2b02962c43f565a4b49f0dff963ad7ab340d6c9","nonce":"02b1fe14a5b6ad526ccff504","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"6d065eda63e09a97902cff7a7651ba9550ca304b0d7ea39a1d5df7c5c132da909b376f0f927b33e41aef5dd1a0","nonce":"02b1fe14a5b6ad526ccff505","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"f0fb9f969d20777e3dccaa2fc9b61ce0e3a159449d74cdad25c2039dbc41cf3e8f8da118400fb91033a419ae64","nonce":"02b1fe14a5b6ad526ccff506","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"811da4981450a367f0f42ef1dd6fd821090a3337559a5ea156a54cc860d968046862d48a976af9ded593a80ece","nonce":"02b1fe14a5b6ad526ccff507","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"f65a1b976325330dce25e5edbae7bdaaf4fca9a1167cb809f7c6f979c312014f8b73d3c9a9a1212be46f73caf1","nonce":"02b1fe14a5b6ad526ccff508","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"576415fbb2fa0deb6e5bcb2ea2256edffe9ea3e4e2241be64b7716ac412d03d802fd6b7da1dd7c22f75008f8c6","nonce":"02b1fe14a5b6ad526ccff509","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"96c68c5f0690b99188599fbb98a89c224c0276d59748d9260aeb8312f29d43099281e4a722abc51d219b60e120","nonce":"02b1fe14a5b6ad526ccff50a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"fc1eb11c3d4c6501cfa6ff2827b5eca7a8d66f90560675e647ef21bd80053c205367f4d694e4316e331e574ef5","nonce":"02b1fe14a5b6ad526ccff50b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"42a50581ecb5d8b5d7b79dbba8a4ceebb8916dc863bb71027db2a14d4dbf2a19f153863fe414143338e62a2c39","nonce":"02b1fe14a5b6ad526ccff50c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"46159102e718dd83d4833e660e0dd6b6bb42f4d5ae544b05c0f537e6a5041d8d5a5001b2c266a53e934b57d816","nonce":"02b1fe14a5b6ad526ccff50d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"5e7a55db0249e2c1d3e65bcbb090b968625e8ca1b3ce01dfcbd6930e83c7f895d30883e6ab993599ebe5fe561e","nonce":"02b1fe14a5b6ad526ccff50e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"1968acca9e56aae24a53d6bf47a3b495e5c716bd819731c8e4724cbf7a0a786904586af0a6aedc7e15d8e3f258","nonce":"02b1fe14a5b6ad526ccff50f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"1c62b0a1eea78ae7df95052aee9f6648a47d68530c24b52d65ecefd9aa1b1431b70f4840e6355bbd896267119e","nonce":"02b1fe14a5b6ad526ccff530","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"1a7958b3bd5a7550e63b2e1a633c1ad41ab115ef120fbf712604b78fa05f5d9270811c9fb7eb8b6af899ef6ec6","nonce":"02b1fe14a5b6ad526ccff531","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"2cd329f900381480ccc531024462a627a0f5b66fa30c69fb3b71c6ab0e2bbe908896a42d20c86356b90329a2e4","nonce":"02b1fe14a5b6ad526ccff532","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"ebe0896fc4417ef5efd03a46632891a0b8efa5054785c90c37d00e6cf7d7a6bf713b7603a210dc8cd1753e71cb","nonce":"02b1fe14a5b6ad526ccff533","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"b4b41dfff2009f00b45abeb68c524c6e9c1f8fe1ce6fefdcb11464d04f304bb38decbceb90b57c40f75b33dbba","nonce":"02b1fe14a5b6ad526ccff534","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"c8e088c815d09e9a2896b0ac098f1d2463ccae04c32fde9157d5c6dcd428d37ff3830eee7fb9b0253c64d8a54a","nonce":"02b1fe14a5b6ad526ccff535","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"1d5efda3fa60bf607b8732882ea0b3fd0cf5829371f973768d79697999cd179c838be142419235e22c633280f1","nonce":"02b1fe14a5b6ad526ccff536","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"79b1bbf3bcd2d8d34f4e19cdc78b3a4e69e4e91860d02a71b4f2fc5a1e7ba1fcbbf4b55ccc0a5fd8ba3d51bea0","nonce":"02b1fe14a5b6ad526ccff537","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"98a59cb5898fd22e438b471c33e95c3290280756c5a34ed5b64e8c2140b71c55cf4f187c0f653721d6abfc2cc8","nonce":"02b1fe14a5b6ad526ccff538","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"a03624542bb3da71cd1470c36885b5a8ffaa6844d41887794bf26812aaa8c089846a4f96e671b99fbad5dfd128","nonce":"02b1fe14a5b6ad526ccff539","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"8a1235fdaca6791ed049b35cba66a7d1eb244147be34131c56f0fe958ca9dfc6d78b1ebfe532e76f82eed19cc6","nonce":"02b1fe14a5b6ad526ccff53a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"09db48ab2cc8b200bb408dfce0761b326c115ce9f54c76b5b721b4cf358de897c19157fc06efc45bb2f57fd9e7","nonce":"02b1fe14a5b6ad526ccff53b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"38026b88e59623abd1772788681d7da1be663bfb63ff4474a6b549d106dd6ad3912b5d8d2b88023ab5ea4af158","nonce":"02b1fe14a5b6ad526ccff53c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"985fe23a54b5a91817845b5bab3b7d1397dcfaa75c3724d155068e0e16db3f3411aee1359298d48cc73f201f81","nonce":"02b1fe14a5b6ad526ccff53d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"df25969358ec78b7431b29a1120a7e36183a83c43a2a9f0a64892b6eb1e1b08ed4ddc4ecd233df83898c4efd61","nonce":"02b1fe14a5b6ad526ccff53e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"99519feb96c7a7c0e4f3417572a94dd1f48e8b086bfe2463076a01b19fd32860eef741a6f80fa6f4a466b60ff6","nonce":"02b1fe14a5b6ad526ccff53f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"b167c9ad96c23352cf7f0c25002c8735b77686451284f27f0e98742b94d57efda6b9b7345595f08070377e583c","nonce":"02b1fe14a5b6ad526ccff520","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"b3d88c6b8bf1d5e51d36a97effa7cb5cd08a94f71b6bb98d6f5dac61fb44d646cd3686ed03141f16a33d9ecab2","nonce":"02b1fe14a5b6ad526ccff521","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"0880e97d74aad539de88200bdd443ce61bfb4316d5a955f2a50712ab8be349783aa730aac1e86d8089e7f4b897","nonce":"02b1fe14a5b6ad526ccff522","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"e7686b12006b0beee15425be7f3a5b2592d9891e13a24a1f6a8932b0a5c2b3627813df92d3b243a16744d32812","nonce":"02b1fe14a5b6ad526ccff523","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"c77c34fa00e3ee3622d0de7ff14312c04d6d89b9abe11dc0170e67f718e2e57a646ab6092a80d6e866d88d2157","nonce":"02b1fe14a5b6ad526ccff524","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"fad77b9d2e3a9c7f90b080ccbc51f3fa664430e652d8e52e3f62906ce71884ca607704269d44406e0eb14f7f1f","nonce":"02b1fe14a5b6ad526ccff525","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"e32566b8d6403ec063f946bad72ea2836e49d8d4848c78572dd155668f66f6064fbb323308e7574fcabf16d849","nonce":"02b1fe14a5b6ad526ccff526","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"5c6b7dfb5315c1d81ffa175c351ea5f2d1c0200be91bc17d4ad8ab63bd2402d3d342c346b7813431989b59af48","nonce":"02b1fe14a5b6ad526ccff527","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"41bd463f553d475195414f0d0a01df6fe32ba6013e4d8586a8b97fc84759387cdbbe1a47e92271378f9270d5d3","nonce":"02b1fe14a5b6ad526ccff528","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"4cc1d6a5df13179e8694f1a93e92c564a0e8e6f890262a84ed5b8cc21462747b1e8aed3d56e96d7585ab046c46","nonce":"02b1fe14a5b6ad526ccff529","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"d9e7a6db6dd953f99ac9af81d466f2db43984585ec13e8eff01487cc33a9be642b1d05a4332aa48fcca5648703","nonce":"02b1fe14a5b6ad526ccff52a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"8d1097022b7f9bad5bf6dda72bf1a8300a517cabdc35f29b4d1fac2ace43f70b44a051e68bdc0e30e864146dc2","nonce":"02b1fe14a5b6ad526ccff52b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"de72c3957d0e99b0aa3a771672eb8c4c633937de22de97fe6a910e304990a220bb3c77d51a7ffad8caf304512d","nonce":"02b1fe14a5b6ad526ccff52c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"d0abd031adc3db13740d17f78998267dff04521d03f4e8e9205d250b65d8fcad590861190018ab613e80cf9009","nonce":"02b1fe14a5b6ad526ccff52d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"40cddbb3137192b428cd241b0f6d3d11bccc1590fa96239059edf3121848b85aea0582ec227703d2f9a48f34d4","nonce":"02b1fe14a5b6ad526ccff52e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"e7d221d03fd93b705554a7061eb983bf6cc21f274d7b43d63c5213397e28c6b1c60dc330813247143cf6c2d29c","nonce":"02b1fe14a5b6ad526ccff52f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"b64e83b1a3a3bd9f1f65fe9fc12b6b503bdce3d41aa532e1f2886a463c19143788789507dca1c578049f7380d9","nonce":"02b1fe14a5b6ad526ccff5d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"50f6004e75918b75846199870b524eb179a9f6febead0088d0774157ed452cd08fe579b47300cd4d2b63078d46","nonce":"02b1fe14a5b6ad526ccff5d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"11b2aa72f956b6f62fc289f19ed6539ef2a8fd29c2dd90e30eabb0df257d4625b200412edae9cb6f0a562ded3d","nonce":"02b1fe14a5b6ad526ccff5d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"c4c7f664ad5bc25b9f10ec687c874d148967606a4393f336f1140203a960b0c904d0d61af88985d7e469761eda","nonce":"02b1fe14a5b6ad526ccff5d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"b18b2bd42f3923201d49242cfadce9311cd294b4623261fd8308b4467707272d0f9298bd14e57510ded4c6e8ec","nonce":"02b1fe14a5b6ad526ccff5d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"31be4a9919a170bcf8dba044de6d6a19366bc23946cd3fc94c70eeb6bfda0a65de6b1ad0ce1f7763c9d4bd66eb","nonce":"02b1fe14a5b6ad526ccff5d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"873d5b238a4ce5778f3389bbba3d54b6c1a75d175493fee8258e25a0d523b1d7fa9471faedd63e44ba6f6b12cf","nonce":"02b1fe14a5b6ad526ccff5d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"a35dc1d412adfbf5ab2a483fc7370787f174181d791457462e8c0c2f1f45a7ea85ca66cfb9180827a1980793b8","nonce":"02b1fe14a5b6ad526ccff5d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"0fed91db442a37140d9078b2297ae855fc9a69fe675d2896a7a5a2e04205e04d5b941ee3ea46bc48b025d53d47","nonce":"02b1fe14a5b6ad526ccff5d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"2bcda7fab650fd153d6f0b8e704ef45ea2f7ae76f64e62f4d374c46aae40a6f9f66878a552a07d664ab9d91a4c","nonce":"02b1fe14a5b6ad526ccff5d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"1b56f31ad0dd5fbe955ff04855b6b4e700bd37960a28a62aa81ab87334833f98c4a9971a9c17cf78dbf15b1f91","nonce":"02b1fe14a5b6ad526ccff5da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"a401e7cc0272c4d52d6ec96ffe1ac161af82ca6e1155c6797140f7431714291116ae19d061af31290e5244c403","nonce":"02b1fe14a5b6ad526ccff5db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"bdd92491c0046c18a7d98481045997ef65b20f974e9de673b0625e7ea4131c69ac972b48ad7e080fef19b3d436","nonce":"02b1fe14a5b6ad526ccff5dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"eda4bfc354cec0e66b6c52e0b9ffad17547854521392ab5448d2c79cfe426270912948ba2bfd436434874b4677","nonce":"02b1fe14a5b6ad526ccff5dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"8fe9b19781354e3f65a809594af51e2c40ee39cf6379f8db1b490dac835336bf6f4ee4b269c7f435035a4b466b","nonce":"02b1fe14a5b6ad526ccff5de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"e32a2e794de2743ff48318d8dca88f0b9892a95cb35a07a47cf42f897077b482103e421099c567ed47d58ba21e","nonce":"02b1fe14a5b6ad526ccff5df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"58bba6f481c3729e637f3c055db89b9047c3aa369214a9b1afa6337265e9f2725cf191d801c3d232796b1903bf","nonce":"02b1fe14a5b6ad526ccff5c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"a06cf3a4254dd9ad43c67621d36c426cff7c85a7a689672a8c4d6daad9c8d94b0527fc20318ebde8c478637094","nonce":"02b1fe14a5b6ad526ccff5c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"61024b8cd77966994117a96334564486764c13b31f107637e2fa4c82f2a7b704b091657a70a467997df9cb30d8","nonce":"02b1fe14a5b6ad526ccff5c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"d49299973d4d55628930c27c2b0ab953f19dd8833c7173302d5a2fa92734479f73505f807cd0fcfcee89442fb9","nonce":"02b1fe14a5b6ad526ccff5c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"369c96578c16b3e68355ebbdf363d883a34138de44659e17c1ff9fd57414bc00c778c829bb2a58643ee5979510","nonce":"02b1fe14a5b6ad526ccff5c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"7a59c69af1c97e9caf712a2b24552964e6d1c1e233764907390a7dea9dc1f4f2b4723e00fe6c57ef895629d43c","nonce":"02b1fe14a5b6ad526ccff5c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"f06bada34092c812491abfd078999a244d67de2639eea6c236dfbbf9978ab5825463d973a64875eaf10638d821","nonce":"02b1fe14a5b6ad526ccff5c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"3471061eb3de05e5bea6f4d88be22255df4c5e2dc61eff0eed7d5a1609c1cbe284f9f5c1d985b20dfa0d8acdd7","nonce":"02b1fe14a5b6ad526ccff5c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"7e49e4e907f4ccc37a8aa9d2d52e4646a999c2197f0863b29ca0010bc1aa47356122cc547bd8c7ed373ff10699","nonce":"02b1fe14a5b6ad526ccff5c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"fa682f69b71c54bdebb67b0efcbeb33de4e5608fd68ff1b30147d8aaa2f93a3c75634326b875bbbb0b613e4b0c","nonce":"02b1fe14a5b6ad526ccff5c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"03391e90cc714fd2b1dc48c38deec1ff7f68096ec09c33d4e9438321fcd44f2ae9f5efc52c3409ab5d3aab77fe","nonce":"02b1fe14a5b6ad526ccff5ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"89444a4b083f549b7ff4c702563fbf681575fcc780b37d977685ec9d9f3b2b4b1660cb3ef11ab5d86232b30f6b","nonce":"02b1fe14a5b6ad526ccff5cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"7c2705895719b1c9084cc6347948a7195f6df3bb593d30ac785b74c9b72c0a9963c1cfeb5e8c4ce83e3d143fdf","nonce":"02b1fe14a5b6ad526ccff5cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"db4aa8c9cf508b61feb7a9d6bfa5484c4365ac0d47145aff0dc908fa4e7f2c8230f75eca90f72cffb503d2c17e","nonce":"02b1fe14a5b6ad526ccff5cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"d37d73b65c91922772237bd92b8629bd2b8bb72aa62879e97b109858394af54a43678fce934ac95add600ddb8e","nonce":"02b1fe14a5b6ad526ccff5ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"e4dda801ee5234293eeb6cea54b702c077b8b8c763880362d59412ffb75c1c3f972fe504c6da37f71293c96038","nonce":"02b1fe14a5b6ad526ccff5cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"a21119144fdd291594b638bbdf02390737ce132a18dada74f2bcc5b78c7dc322ba3aa57205ad750c9cf047be6a","nonce":"02b1fe14a5b6ad526ccff5f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"72d7d164922477da73fb49d29c2c9617b4b96db4f504e2ec097d61ff9f879dafd36e975a48d24a460e5ab39e8e","nonce":"02b1fe14a5b6ad526ccff5f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"aaefd23b88de37be7ef9a00fb81cc00887a8f71574544e159891fd8115601057889089a87b7a56e85479c52b0e","nonce":"02b1fe14a5b6ad526ccff5f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"9589065bfbdbaccae88355c809d1e24a1032ac2c3ecbf0797cd180e496c41cde21eb8ef5bc6d9ee6f8a7d7e698","nonce":"02b1fe14a5b6ad526ccff5f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"fdff362ef9bbb67ee57aae1c552aead6f2abf8196c0876f01fe9763feb2f216a5b413fd9f824784efd38bf8ec6","nonce":"02b1fe14a5b6ad526ccff5f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"0570693ef2b00ab9830c28d314c00589d1441aee04f30b7ac6d4491c51a46c8d1a2fab01880b1cb98171f31d2e","nonce":"02b1fe14a5b6ad526ccff5f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"f9ce7cb64d56c692e734f0a6dd09df6ca58988648e590853d3c65c413d52f2e96a4fa9e17bcb46b836fbbae6a0","nonce":"02b1fe14a5b6ad526ccff5f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"12969236ca6f0a3a1bcb5e90ac8c77e3f79f2f86e0293d17c581962bf4fa73cfdd6cef3b97cdbb0cd88265fd0f","nonce":"02b1fe14a5b6ad526ccff5f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"b3d26f2b1712952e146717ee67619dfa8f76dbd580525fb44a64abd9d33b5472f93cfaff3213dd6123edac71bb","nonce":"02b1fe14a5b6ad526ccff5f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"dea6ecdbe1ea20245828f28263c58f1ff0bfd6cc05af51482debec218f1cfbf571c6ab2fc6f22021ffdd2d3f55","nonce":"02b1fe14a5b6ad526ccff5f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"2dba8cb85159f4118c03bccf7ea47f8fe2b1da5f26449692a0655262ffe26bb21f2662b45ba7ddb9c3c02a60a5","nonce":"02b1fe14a5b6ad526ccff5fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"64cc68c083184b1d9bdef0d416d77388d98ca275f67230b6bca0743e47237d5e514a7697718dc6c82e983bb880","nonce":"02b1fe14a5b6ad526ccff5fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"b11744dc41128bea9cf3511ada2677f9259b0c8a09e7ccf4003f771db92846139c6a98ff4820ce000f9ea439b0","nonce":"02b1fe14a5b6ad526ccff5fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"16d31b4431f3c31bb0e21ec2980694130613cea1160656836e054b5c1995c1a88a90a5eb306e911fd788fd4f87","nonce":"02b1fe14a5b6ad526ccff5fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"b3ce0339a010b33e5e11190b3e6da9c4e554557a4d01ea19752c973f8bfaa7629f2cbdad4bf4518c7d3524621a","nonce":"02b1fe14a5b6ad526ccff5fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"18f2bd763d75aea5e4e79bdcadd3d037eb21e93d505593431430b6f8bc1fb88db08c368d7968b80c8a9fe35173","nonce":"02b1fe14a5b6ad526ccff5ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"5556e65b1b21d33fd3bedcfa7e3e57a16d842d9a740d7a762b0cd8bf4ee0a556ce365656ab9c044ce2512c208a","nonce":"02b1fe14a5b6ad526ccff5e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"196da458294045ba508b78527db0f70e1fca58d4d4ca1d2796982914a81bb204f9fe26c3e43f1936c377034820","nonce":"02b1fe14a5b6ad526ccff5e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"f8863433ef7736ffb18bb334212b2462e391fc2f009d00ecb5009a7cdb399178bea0900f67bfdbdb8ed10f95ab","nonce":"02b1fe14a5b6ad526ccff5e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"98af004b6bc7b9521adb6fff6d9cb95510a858210ad794c802fb4cd5fd47565ba034ed41bd67f2e71d9caa0d4c","nonce":"02b1fe14a5b6ad526ccff5e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"177497c1b7c508cbce0f79b1db33b247a6643e7df6d5fb9246203643a1b886c5257455f7158a7f09f0bcb778d2","nonce":"02b1fe14a5b6ad526ccff5e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"a2bc6575416725c82803441b7108385ff68830efe5f3ec09593b56d33336a1b5da80e7a521b4a4cce5f8a48920","nonce":"02b1fe14a5b6ad526ccff5e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"39de6b6d2c316f56e2fc0ed76a0a06da0fe17aab8a957612d359bd1bce999e012bcc727983adff3aa99b69b6c8","nonce":"02b1fe14a5b6ad526ccff5e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"5fb43912fbb5a13f32c3519d6871ac3fddac8f2658e2c30bb6cba7205659a49a951ceeb83f3a770a1ff0c7bb62","nonce":"02b1fe14a5b6ad526ccff5e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"ab787e0f9c6de97ae040c66c9a5b5293659bf30115e974ae134ef1e0d9ef990bff41ef375911104bc3b3a7aee3","nonce":"02b1fe14a5b6ad526ccff5e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"3c669660be615850422e4a096016360ee29cc9f1e5e1f8d071f496d1799e42c5c743131b7f9894ec48edb4e499","nonce":"02b1fe14a5b6ad526ccff5e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"93315de828ac3c2b389cd00c75ef4904abf16bb305efee7f82d20ef9a39c514f500c3ecda61e54c5a9e1e523d3","nonce":"02b1fe14a5b6ad526ccff5ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"8681dff7e5179040d1656d0928fb406af91a4311bbbdbe2cf530b73633e5c9da12b806a5a7d9fa9bda12316e16","nonce":"02b1fe14a5b6ad526ccff5eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"e45850526c12f53e0430f46455bbecf58bfc9f519f877c4000b6ad59a749901be56fe1e37ec8ff6b677c8d8e1f","nonce":"02b1fe14a5b6ad526ccff5ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"45e70ea4e353aed02975096db525f7d6c542748d285dfb0909b8f25097f5b1ec8e536247ae0abf168b0499a660","nonce":"02b1fe14a5b6ad526ccff5ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"ebbe1f71d9a72b6d76fb97bd6be3d83dba61a263881afcacb7f6a38073b28f10df087e0373dbfa9ff37db2cefc","nonce":"02b1fe14a5b6ad526ccff5ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"4360a16c8439ee701963a42545d40105af12bab5b54ab24b49f46aada17dca54fc8df3038f5861902dc3497f73","nonce":"02b1fe14a5b6ad526ccff5ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"d4c56b972ee5e763d3b813f37c130048b23b1dac6b5d3382daa34502868e39e1f6e3eee4ef559d6a68bd516a95","nonce":"02b1fe14a5b6ad526ccff590","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"4375b2eeb6d2e3ce073461720ed89853b44d0550c32770cf32d579e96f31ff773be646d575ff142a9c5fc4c9ea","nonce":"02b1fe14a5b6ad526ccff591","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"9fb7b20970d2559a3c6d6c2ae8c5f7de24d2f55e76e231f59c15acc0d97e163b835b0edb2d2673ae3cfb4e2a29","nonce":"02b1fe14a5b6ad526ccff592","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"9cbef0eaf315fb96178881cbd44701f94e3d595628ce91cde78a55d9fc55b56c2555d754a74ed27567d1360f43","nonce":"02b1fe14a5b6ad526ccff593","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"7da76574dbad077e6f95d7c8afc72ad0d2f75f7c809c42df47bc6a3c61cfe6f9aee8d246add047637377dfc50d","nonce":"02b1fe14a5b6ad526ccff594","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"68204c820d1f93f57e6d298fc317ba56066f2e906af9e3e1d81c8b8535b87f65796824f0716fc9027709685a2a","nonce":"02b1fe14a5b6ad526ccff595","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"fe9430a314db46adae45db5d2bf52790359894b9ff718dfcaa13004ea04c1207ce8b64ccc97ea81084301914fb","nonce":"02b1fe14a5b6ad526ccff596","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"17b13338fa0b2c141ab61255738bf9aa658968ee61ab9ae916a5639b1e376bca8bdc8b5cdbfea670195a5c0e24","nonce":"02b1fe14a5b6ad526ccff597","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"e0dad225b4d5a4254dea5889ccc93361e69cb1de8b5e22744f4f71ccbbee3e9ef7d07151b8618be1a4c46f96c3","nonce":"02b1fe14a5b6ad526ccff598","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"c4a278904aec07082a9be03799cb973f4f946aff45da037cf698703d91ad0119c57552f6347af91f4eedfef95e","nonce":"02b1fe14a5b6ad526ccff599","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"e35a215cfaf993ec3c06892526aa4d3fc3614e6291c9aec753f5a1edfcf5b84c206635bb6620f6e1048057cf3e","nonce":"02b1fe14a5b6ad526ccff59a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"6406027f9b084523c7c7608da38a20e1e7779c40475f783290472dddef6e649c4e6e3da88417eaeb9465f9abfb","nonce":"02b1fe14a5b6ad526ccff59b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"c30fd09e8a6fc02ecc9935aa3a401cd6c4a6b33f7553bc1247815da7dddfd4f655c30cbf0ad715ab2f6e112787","nonce":"02b1fe14a5b6ad526ccff59c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"55510feee86bb6e333b559df1496f5f5d989a176ef562809426b9cede7ae6fb30515b61795ee1d126a0d330a6e","nonce":"02b1fe14a5b6ad526ccff59d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"1bd644020928138da0ec1baf05f57981565e3cae8fb42435fa60f31bda77aa7a3f3dcd1177f3ee556492498213","nonce":"02b1fe14a5b6ad526ccff59e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"a2bcf52ea982bba77a043a3d70a87aa88025fddb7f61c7a2fb9b67df4e3579708d50d08ed255d981eb71be94f4","nonce":"02b1fe14a5b6ad526ccff59f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"52e4baac65011487f11e1b2d15d834893511888e76422eb44ea3184e4ec86d4504bc5fc869db26db3b24a9caae","nonce":"02b1fe14a5b6ad526ccff580","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"8aab66cbbf1836f99519e9ce7e8080281e92ebfcad8f11e2806d26cc0884805822f454bf1825d91737253d9b15","nonce":"02b1fe14a5b6ad526ccff581","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"bd8229b701384d23e052ec821dea7b41bab885da12539c40d2cb53a93242481ca9e4cde224eebf572a87adf025","nonce":"02b1fe14a5b6ad526ccff582","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"e6a39b8180eac30c3857e9624e176123dcb88fdd20db7f29a7549632699f1d57919950a92ce413865f6912532f","nonce":"02b1fe14a5b6ad526ccff583","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"c8268687b94989774133179abe95a7e1a6ac1ce0663ccff1547f0ca87db03ccbc38c01456827fae9542b6aac08","nonce":"02b1fe14a5b6ad526ccff584","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"e88c81d108acedc872e5a0f35027fe8acf116e0acc13b5773be5cdef3b703b435189d610859ab0dd663bc47949","nonce":"02b1fe14a5b6ad526ccff585","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"a161d394f321ee168c7ce5a575b9bc19fdcd87c9ceab8c766c425632f63b953d685cad35d758e1fe5589888e5d","nonce":"02b1fe14a5b6ad526ccff586","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"a894cc5ccd886d96265b80f7cb1ddc22f517b4bf6dee5b39f3a8088526024eb204cbabbb6475bef0ffa43e86bb","nonce":"02b1fe14a5b6ad526ccff587","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"f76ee47ff5ed59fec5d4052d6c87723b0f9924fef8d29ab736659623d11aa43b9457f5dec0d400013817822904","nonce":"02b1fe14a5b6ad526ccff588","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"2e74c7c81202a152ca936808b068de9001be659d23ecabe400d6a89cc1dc8baaa13370eb281bf19c3ef538a321","nonce":"02b1fe14a5b6ad526ccff589","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"abe571fa57f40c98d9122de4eac9d09e6a68f509ae9568feb2e19098e853a29b809ed4ed3c4df5f6b82eb54adb","nonce":"02b1fe14a5b6ad526ccff58a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"e7e18bdd043ec4636c03afe643a6e03bca8eecea6525f01985b5ce7d07559d83a683ac8f7b6cf00a1ce71236f2","nonce":"02b1fe14a5b6ad526ccff58b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"86f7ae1fab63c00dc0428e9078f5a688bfbb119f24c64a7b82cdbf687ccd85be6c0089f705b329f0a987006d4e","nonce":"02b1fe14a5b6ad526ccff58c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"ba20d804c2da8e796dd2fdbd2d933bd84e63a4684d0eda43ce9623b187e4e28eb5df61146e01233ddb90024ba6","nonce":"02b1fe14a5b6ad526ccff58d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"9affdbc201ec8ad93f421a3d1a7f99b15c46c7e9207cc7b37f11032414d06c50a3da2d49a4e1d0dbb0b0301dc8","nonce":"02b1fe14a5b6ad526ccff58e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"110407b3048089c98644719261dd9d94aa39338ca0542e4e9fea4dee5b76b7144dc4e9394e122796bd044479d4","nonce":"02b1fe14a5b6ad526ccff58f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"2160f9055c38ad2ad0c91ca8ab5421bb43b68ca3ee576490bb3e373fad4c5fcfc066e666b10a0f4b310ca23a3c","nonce":"02b1fe14a5b6ad526ccff5b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"07744c30ba00a9911ffda13c786b282d37e8449848760833c31e826ed39171feacf493ba28812e4ba0a4bfd3fc","nonce":"02b1fe14a5b6ad526ccff5b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"5a33437fc2dcdc4587e8c28406dcae3ac92663907c646c699489c663f1c94a5b94589ecbb4fac4b28c85336e66","nonce":"02b1fe14a5b6ad526ccff5b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"eef172f9430a01574a1dcfa937297a179d2ad5ed1a79ae467ccb6fcdd288ca9d3f3b9e074f7fb902aefa00c669","nonce":"02b1fe14a5b6ad526ccff5b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"f6cdf81ec5ac2c10b8e7fa97b2e2fa89f2c9d5ee3da9b3754f03bb5fdf4e898d22d02150b24396140946518f21","nonce":"02b1fe14a5b6ad526ccff5b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"cd9c385df172865be176b18d8be144af7a6e4a865ff95d999b2ef94cc7145c93b166d7547d87767cc9c9c65be8","nonce":"02b1fe14a5b6ad526ccff5b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"fd57db9903eb023bfbd69b30cfca8ad833363f85724f980030aa5abf5477c586dbeaa5c05270d83212d8c12374","nonce":"02b1fe14a5b6ad526ccff5b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"03c72b90fbd7ada093f8a8b29736e0d11a0b47cfd48a57ece2579515160ff153e90ba2495f49952e3cb8d7b663","nonce":"02b1fe14a5b6ad526ccff5b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"4473a325b327226f986333821fae51747178d9be86cb6085a2500f70f904545719290c26b498288a2d3e9b68ab","nonce":"02b1fe14a5b6ad526ccff5b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"818e1a2fba476db4636d9b27ef70d0300603d5acf3840d9ddf4fbeed787202c74bd379d7d5beb299db6103e54b","nonce":"02b1fe14a5b6ad526ccff5b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"3580bd7b9d0b15d22fb56cf7495b884c123e46e4c21d2fa8338ed818332554c3ac8238846e3d5a0278f3efea95","nonce":"02b1fe14a5b6ad526ccff5ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"5f7db8d587939dc5e54bd73c665221ca701b8a1f9efe563515f566372d754d742aac6522325dbc674be70e1972","nonce":"02b1fe14a5b6ad526ccff5bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"923b781e4b9fffc44cf7c92014ca7c603589c784c89118bd40f7d35eaacb9d65ac4e169b8446d00f4cf7b1c6db","nonce":"02b1fe14a5b6ad526ccff5bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"fd9dfd8db0f0a48738e8faed7ce10da817b390cf6af01eba0aa9ed5b17a6e51328c03d01d35e8f3ef29e170b1d","nonce":"02b1fe14a5b6ad526ccff5bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"e688fc6e80d98b9f097abb3cd82d2d2d6edcfac8ac0500a0a49d110d1a29f3a0d36d14e6dafb42b051de6a1f95","nonce":"02b1fe14a5b6ad526ccff5be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"09a26ffeeb3921ce01bf48dcc4c5dbb36e27c8b588b459ca5445ebe74a0ad95a0af9b82c6596d496c00f914483","nonce":"02b1fe14a5b6ad526ccff5bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"0dc93e98290036bccf09577f79dab2db1e5b6cd64756244cd5eb2e1d4ccfa7640e3ec1eb3684ffd43006ec0a7c","nonce":"02b1fe14a5b6ad526ccff5a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"66ae65e89994de6cb20270d9a9294300a65260df14b984dd08ba78691d8a582eba3ab33bf82d1016ae9913c878","nonce":"02b1fe14a5b6ad526ccff5a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"b06d503ff2fb90239bec9d1501c2b50159d7b2662a462d4c858df74e2653093484ee2261c2dd823a8f12a3f325","nonce":"02b1fe14a5b6ad526ccff5a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"cfc1c669269aae1c77ba7a5b9d15605446b37e7b7d36d52260e23b4d7d07dcb413b70f179ce8ceab674d6a568e","nonce":"02b1fe14a5b6ad526ccff5a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"8a75920f6149d46306bd8d2bb70c5bbee3f6159b04115732b10b9f0319fa62719acf0896b985c00b5ac2f6290a","nonce":"02b1fe14a5b6ad526ccff5a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"002ca1009f1a01aa6701100e906d80799171dd2cc84d0189e1d7fb642dd662ecb043d1577af36941c2a66dfdf3","nonce":"02b1fe14a5b6ad526ccff5a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"8dddde42df1dcdf2c3c9dc8e295f8bde0f051c495293e8c747d02596c058ab96cbdd5651b43bacc839a970525d","nonce":"02b1fe14a5b6ad526ccff5a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"299512d433bee93ee9981ed20f1537f1694bcc5afe3c493b325cbb99b918079caa571c88cc45d6ba32f37db126","nonce":"02b1fe14a5b6ad526ccff5a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"435159dfa3c310e061e6355ba8006e36bfbe0364e6b913511a4426456e7234e29272dd41ea3112a99beeca8ebf","nonce":"02b1fe14a5b6ad526ccff5a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"22d8275dca8e9ca2dddb51cf07db8028d8eb9845f3c09f672f05d9e498539aea8e647a44542045d85ea260ad37","nonce":"02b1fe14a5b6ad526ccff5a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"1f42e1d4193d0c415655d426d42e919bdc90218a627ac80ec5424130aa3247c7c767bb35a29d9c2aabccde5f07","nonce":"02b1fe14a5b6ad526ccff5aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"c83367995861b676baa0e10a66c8c2c0cfbce633f13f5dd3bc00426df6f9c0e4aff2e85a6620bf3ec573f0508c","nonce":"02b1fe14a5b6ad526ccff5ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"ede3c18592efb7a6ef0348dea31120c9f7f9d84185b1c214597d824fee5881e82b8c690607d6346c106cfd698d","nonce":"02b1fe14a5b6ad526ccff5ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"3ae4e5ffb87f104d07244ecd56372cbbfdcc13ee35c21a0d880cff0a5feb9946e827ec256a4dda89351bbbca4f","nonce":"02b1fe14a5b6ad526ccff5ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"d1d54c01cb59509cec75613e42184bc8f5b523c4e114832e1e9b6e903d26fede163400898ac685d70d89ae5f98","nonce":"02b1fe14a5b6ad526ccff5ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"9d518a05dc8cb22efca7cf8cf02a01ca724ce92bab3a084a93666bc15c226e3f913d57e75b686dd399069c229c","nonce":"02b1fe14a5b6ad526ccff5af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"13d9bb62272359bf8006e85d5a2b8bd5c0d8d9ca1f9f8b6ae704c1bc715254c14c78c01053ff7904c59eda9532","nonce":"02b1fe14a5b6ad526ccff450","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"c2dccc00e2dda4c34a38e25a9ec1c0a43338b2d3c08ab7a870a978839d64af98"},{"exporter_context":"00","L":32,"exported_value":"b0eba64b7c69140740872216442aebbfbdbb3c5acfcd394d2272ae8b5694c1a9"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"83c8f8266bad56783567d44f9cd2a1c0070e1ea179d147e1424622037e7fb61c"}]},{"mode":2,"kem_id":32,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"f59761a1e479c2a291b91a5af2b35dd2cace1b2042b570f88a16b226f6f30774","ikmS":"87137373fe6b28a72534f38048b9467a614d3566fb3a16a50fcaf11c76051392","ikmE":"734369ab3061f71ee85e090fae308553cac8e7b3fbd45b4ba83d05e0cd05b1c4","skRm":"47f1eee3670dfaaf27c30a83d06ee9f257af174727c17b35328ef730dfc1cd81","skSm":"98fdf9b9773578a79d4ba82fbe483c74cc2e3b8d9525d148a18969fd79a74876","skEm":"805b278cabd22c9dbd461bf25771703eda4950ed3ef35b369163097899555356","pkRm":"3668d659cec6f338f4f8dc6da6733118d2a633f186a3c1415c895111a8eb7c7d","pkSm":"4a91c3d0893433f5e31a79fc520f885527a1bc60bf2b0c72693dd7f0b2e41a5a","pkEm":"9e59f4b1fa5c876f684765290c34e51145894cc4f244342b9fb1a4bdfd8bb426","enc":"9e59f4b1fa5c876f684765290c34e51145894cc4f244342b9fb1a4bdfd8bb426","shared_secret":"6579475ca739247fad60b7713b0077f1e966e0eaf6f95bff8fa41e446db4b226","key_schedule_context":"024ce5472ecdd5093ba0aecb8f871ff13f1fbc90ee76f0e18ace1a1b7e565bafa306f6ef962c9ee7cea40407b5d60f0f26990472faae3ac44c78366f1cac1ecde1","secret":"27b818ee96b7941c9741853455ae0df327739b575cd858167c0649548b47ef03","key":"db0218adcafe73ee2e320bd08146d232cedfbd45c7e43d1fae3f1c79dc179b40","base_nonce":"41da94323642095905a34938","exporter_secret":"ca56d3b4d84d60bc3cd4a0749adeb578ff9c19c9d49a5848632c23c5c912c5ea","encryptions":[{"aad":"436f756e742d30","ct":"10b964283ac2cc0bdc4c85ab617291b446bf3832e9359b2c3a0facc50ea75a3c1afd08aeaacd6041d02eb560ec","nonce":"41da94323642095905a34938","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"83b24287a5ac672289ccebf5ec303d3c0a85bc60bb7a748014d85179b51c7552ca93a70817ee3140442f92e23b","nonce":"41da94323642095905a34939","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"f42d890891825c1a57dea5a66baf2c940126704682826bc7c5caee60ca71578d767db256b0c2a4051bef1236f7","nonce":"41da94323642095905a3493a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"fab3f66ea4273bcc0e40858c346f4e12067b685dc8ad6d57f3d398bb3035c4144b578991c99df545c214a53373","nonce":"41da94323642095905a3493b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"470a09a528036f80a2f1e23bced44551e5da71dff490bd7de6e01e2eb412cfe69be650b201f10e55a9c289e712","nonce":"41da94323642095905a3493c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"96838a987715414de7048ce44f8bd0cf7634638d4d4ea25748baf44c65bed08692a8442f060bd87def25098d2a","nonce":"41da94323642095905a3493d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"2c088d57556144930fe7f52d49d8a451cea3aa6e307d794a034fd5fc91e69f56c8c31464dcfa26ff1b5782c80f","nonce":"41da94323642095905a3493e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"ef8b777272642c61eedb8bf809e92e2ea35f92a53f09b131e7f7a6004cbf0b7e6c528d27567638cb54f86fd89b","nonce":"41da94323642095905a3493f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"953a2067e752c7355f30364979ae55efc9f36346e6fc2c51c5fca956a6367080b045381612cd85aea2b41f8291","nonce":"41da94323642095905a34930","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"be96bd02bc6cfada4561a2655b4214d541bd812b0ecb45b4446d93785287a68dda16dcda9790603327996004e9","nonce":"41da94323642095905a34931","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"4b553762b63d15769e5b0594f87971776044b2e0ed4b58aa6379769a56334f87361dd5ac710b0a4afdb61e42b2","nonce":"41da94323642095905a34932","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"1b92f016ae4ba14d4662d6f65f2cf3d1df4b99bf98b1c8b7a7f9c7d722085e5a2cd7f242c4680dd896c08fb9fe","nonce":"41da94323642095905a34933","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"93cef4666cbb4c191fe7791b0dd46cfd09c7a9bccd3dd120e31e1592379c5112268661c738c27fd583d1a69aed","nonce":"41da94323642095905a34934","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"ec195f886d5ee74f79eae5cbd1b46e143a92a598b1c0b585c709d704d97ff256cfba127afb2a9f1a23f26ad6ed","nonce":"41da94323642095905a34935","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"b7a4f0af656ad0afeb7c3718971940a31f4822125943171520981b17473a5ee7b7f1192478534db62ebb79e546","nonce":"41da94323642095905a34936","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"fc8b1d895f7d85c4a07e756ceecf6add2141056a80e86eabbe62feff6cf69db47d6c3e9735d8c5befa973196b3","nonce":"41da94323642095905a34937","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"328ed2e5b69f06a3ee88aac0851952c7723f9bb28370db85a300b01b5a2d41c7355bc2286784cd0fcebc433ff6","nonce":"41da94323642095905a34928","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"19cd1196f10eb2df0b1fdad07c36ae1ef483d66c0a474cf82447d2a8906093880b1d8360c507ce0ea06fa16532","nonce":"41da94323642095905a34929","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"e281b6d64b0f97ceee63df5923192a42eed46a87551d476b5e6a01e0a6ddae36415394c3bcb2c2c51b9ccbe80e","nonce":"41da94323642095905a3492a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"d764613d9a6359243a9f37dc8d1b2fb384c9d036beba29aaa99e966f5624300da396952413ef482a5034c66300","nonce":"41da94323642095905a3492b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"f0d056ca8484082c5e08980dcce8e5bac8503d914bb6662c196dee3778f0ba795d108361e3b82c01883d6b4880","nonce":"41da94323642095905a3492c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"47d384a5108791541732373492c339e4001760802862ee2307ed01d8692f81efa8750d940a0f8ecc1d509053f5","nonce":"41da94323642095905a3492d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"c0bbebe48e5980326bafb7840ca6d408a4ab796acf26634991b21c34170c40817199cc71345c2e467acf5cab30","nonce":"41da94323642095905a3492e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"0ea456e2deb27ade97571f5c51835dda401585260eec29f29896bb7a6947667cddec9d52fbdd0155d33c0cb318","nonce":"41da94323642095905a3492f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"b525498a5ffde5bdd0c0c50b0c1d8c8e64ed47124d3ba52b0c5fcdb11b773f568906e5643b390f73abf178860e","nonce":"41da94323642095905a34920","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"019b344de40001e1d18fae03002be1be4d2e020c32a514ff4d84b15d066cbcdf045490ebfe9e4fe536cc001b6b","nonce":"41da94323642095905a34921","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"6542b6f3e9abae49d31af2a8871f5260648cb9d3c5ade0d7d3c43ece10186f6b1ab465d71c5503a703aee2d889","nonce":"41da94323642095905a34922","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"8079a278f77b5dc928f17125af7f62f0ce040ca8d90afef0de758da1694b056be1efde71258636c8a39a300428","nonce":"41da94323642095905a34923","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"2f4cbdbfc8e9e1498dfe1f20addcd16e00fba26f06fe8bf510ce726f4e6e38141a027eb9b930512300ba50d772","nonce":"41da94323642095905a34924","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"ef6390e3d57f95aeb00e6a8cdb3b545bbffee6755c8215d3b431a7327da4981bc3dc35b5b913b18de0abdbe721","nonce":"41da94323642095905a34925","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"0aa56230de06dee53bd6e405bac54899367a1f6d4dc4791f99a86f6eeced0b50acfc68eb49393482325dceb15d","nonce":"41da94323642095905a34926","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"bc0812f89e395491f19b70d43b4ce1be7d0d274352817134ef9baf7d9c5d7b93a272a79350b8bc541997097023","nonce":"41da94323642095905a34927","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"86980d73a1f515952156be21c6b42ecfdb40ba67ddc9c8af12dc4afab2e659622f341e84adf06ec71f2c4fb19a","nonce":"41da94323642095905a34918","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"97205bd532ca8dca11de6245d21fdfac06d6b48fdcbd399cdfc3cd18415a78bbc62bb9aae0ec326fdba7c1c846","nonce":"41da94323642095905a34919","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"625be4d9e0e0caa56cf6e7c24ceb7cb336ce4265b0177b93783d6225bf347b84b3c872de9992666d8d7255b3b1","nonce":"41da94323642095905a3491a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"e1957331f9fcab02fa9697924b1a22b7ca36ac728a4bd2c4db20b839987aebc6db741669ed96f63bc52d949f64","nonce":"41da94323642095905a3491b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"5d83fd726dd22802afb242f25923de6d55e1a481c1d5041c2dd05986b5be5f72d611efbaf8071fe2bc0d416438","nonce":"41da94323642095905a3491c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"ec453efb75c777cb1fe3322f3504da40c2fbb613bb4735a02b33280c1383748377bd33c35eae2f48930a6aeaa7","nonce":"41da94323642095905a3491d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"3a050cf76b072e1897fb498d090dc4591dd06200f8c74e8f7a6b43e455680b32fc831fd7891450c626a847aa4c","nonce":"41da94323642095905a3491e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"cd6a04939353bf21e3c68fb190cc2e450bee3403938db4fe9eb1d826cc15ee1f0b7b32af11a32310c2e4b49e30","nonce":"41da94323642095905a3491f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"2242c9f6d2b04a400892c3d7d7f4086f7851489e4bc86ac090ea5723585dbf61bace21248c2643e062329c32c1","nonce":"41da94323642095905a34910","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"6bcdf8d421bd9623a6872b1aea124a4b978312e29d24a3b0f019c1434e55d2de4775b256aa91096533fe51d292","nonce":"41da94323642095905a34911","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"4e02b9b212688ca51278baed8e57f3c948d70d096afb6842920b8fe504992b7920ebbd4e3e655ae6cc598244e0","nonce":"41da94323642095905a34912","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"c2acfa09b1f580da4d924247b5c98c3122c09a37b72b5aac9826e579bdf194d7a3d179e15a7085c9fa8c53de19","nonce":"41da94323642095905a34913","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"c7f6c9d6360f14a124bbee3624e2f03e34b73248576f2c83127eeba3fd9da799a456f27bfffd9211c5a40a414a","nonce":"41da94323642095905a34914","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"fb885e9fb8012b9d801ac0c1cab978b753ec391ececcae9582b360f0c28e6b58f7e432d3f0e020dfe0831231c1","nonce":"41da94323642095905a34915","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"b10033bc7cf55378cf7d919a0773bcc79b6878117071674df4028cf59ff3554963dc3f6a5edda250170fc55d85","nonce":"41da94323642095905a34916","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"3e62ec8300d4c6d0195a7403ba2d8c70c347a920a9f1051a9825fb5620bfad8aa139940b5f3a91e5409a00849e","nonce":"41da94323642095905a34917","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"a7d0016602e0501f39ebb6f4173005a5732fad028dee2a3dc3e087ac7b43afbe0f486c6267a883f223081dd89f","nonce":"41da94323642095905a34908","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"93c01585a1d1775f3fd3b1925c26bb6e810842a24bb69a9c2521db72f6d66a2e005bb875a480cccf2eca122d8f","nonce":"41da94323642095905a34909","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"ed18775671121dc68a6413f544a45a3a197faf39c43cc244b32c606ebb61cd1333f830414624530e43c5328216","nonce":"41da94323642095905a3490a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"4cdc7b5fbb3c8f392e84b238ab3cdc7b490cfe1476259d0db4eefe53f718f1f6a7a32bbbeef1574ddc41358b83","nonce":"41da94323642095905a3490b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"b47aee63fdb669daf990181bb75bc094bb9919b2df809615b3aed0ddfdef0235f79cbb95082bcb44f76513876e","nonce":"41da94323642095905a3490c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"55b76bcd5f44cab153ffb90b809f5cb504bd02f705b6649dcff9917bbc9df878e2265d96591d6d0bd856afd1d1","nonce":"41da94323642095905a3490d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"67eab42d7d1bd9a03221c283669ec7ade98f5b3a970f7903b9dc160501f643eb614625f35fa89c834d582282fe","nonce":"41da94323642095905a3490e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"95d31adf6ca4f047c5097816a6e6cd02e2c952f3d63710cc05df53da29bb37abb8caa037bfa2c50b59948ab656","nonce":"41da94323642095905a3490f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"a48d3ef0c3f065e7cc4b6ddebedcda1b27a8dc0664f4049521a3c446834a9cfdb76dd83a506c1f6f25178287cf","nonce":"41da94323642095905a34900","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"57d1902ba96fa509d930d5ed2c7cbd57fa43232b14c7c6fa3f33168fd543f4d96777902707cb02a1282f83856e","nonce":"41da94323642095905a34901","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"bee02243ee8196cdd8470528e5f2a0a366a0c48fe71827c07783192a762506d283c6903419e84404738f27a31b","nonce":"41da94323642095905a34902","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"da1e009146d60483a43a1518c2bd545f21392f98f5d2761b6b54d455d6903ed8f8a7e5794946b1d2c8b46ebdeb","nonce":"41da94323642095905a34903","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"99bd8213cf3e48db8b0cae6cca6088b3c3f25d8d8a4e1d38b1cecfaa777ca0975b579f2858ad29f5d292b59295","nonce":"41da94323642095905a34904","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"c49043927a47694c3e0c6095fc3fd7ef19b947b1c15d455504a72286238be0aca23bbb8c78e9c5c066d7d2d965","nonce":"41da94323642095905a34905","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"d056c8521b101402202aebbd5ebdff1085a1e0f32e177f44787c2f25b47c3ad598ed05a2441002637cb15b7257","nonce":"41da94323642095905a34906","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"3790260dba51810aa30b24f7e841c0c485b40f234ae1e0cc66bf895c6fc00e5515b3b4b383844eab29c706c336","nonce":"41da94323642095905a34907","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"6fa82757e4a3cd33d8480a35c303250ca6bfbc7584296ce67af456be72b58a9ff310c7ec6a50f86b20a92994f0","nonce":"41da94323642095905a34978","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"44dfa1d42f6f7e2acab917cff4536463a3e73c4f5dc0c2ddb189e28dd7c3e6b84540b98dc0c51e1f5d00f9805c","nonce":"41da94323642095905a34979","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"26a22d894060884040677def8afd4502c79873f13c1b4c5e0b093ce0e21e6c07c07106bdab1b1e57e365433a34","nonce":"41da94323642095905a3497a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"db85091e34637ca4b5d709285d61e13cbd5db120cadef028caf4d7975dd8f2eabf8cc33d0ad6bdd9f4b3d270b2","nonce":"41da94323642095905a3497b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"294b49e84bfaa136422bde1ec4d15a75cb8a8c0c7b9063d08d798e641c6aa7fde89ebcfbdcf7bce1823a9ff3cf","nonce":"41da94323642095905a3497c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"93ded3b6c98642921cdd0663bc2f3bd844b6aab133cadce857a06a9b125a34ab62fd21699f834c6c961c567ad3","nonce":"41da94323642095905a3497d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"41c05ee1b1d21d9779f39d8331945636f0e6214e0293da5c13457cc6e2ac700fe39086ab35fb700225671cf680","nonce":"41da94323642095905a3497e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"a26d2e109a3dcf33fb46f2283d3427b92275afaa1e8f0f8cc0129e6900e9c3278f614525851e1939a97b1acb02","nonce":"41da94323642095905a3497f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"4160b4d94a4c4f08cebf3360d64188de51b2a062463d6af30d8e60844f915528acbf675f86b6517c7b605979d3","nonce":"41da94323642095905a34970","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"e2396d75603d928144c116457245275f48e681f627fda6a888fb02b00bc61648e010d4b82a993c9d882fc9c209","nonce":"41da94323642095905a34971","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"cf469851b3a16878978082d773079252e7646e3d1c15ce10e11533ea5b89389baf5677679b792337b107d4cf8d","nonce":"41da94323642095905a34972","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"e5913c4c0403b0cf15e20443cd18a91365022f141e8e480e271d335c4fab1fc5c9e4af70107daa43f2869e1978","nonce":"41da94323642095905a34973","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"7a6a29c5e897b0df0f986bad7d073e3680f6447b820d36cdcc24c7a6d5881bfb8d42a812ee74dc3a945c3aa23b","nonce":"41da94323642095905a34974","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"e88641d6c70b5eaa39e00ab2a7d55188066e9520cf517aab36724dcf00de2e9614b10f389aa79044c21574236d","nonce":"41da94323642095905a34975","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"0f97f67f90f69d087390b081c7d026f4f37df0086c3dce2e9a02a930a39e68c894ddf92bbd7111e0451fe6cf7f","nonce":"41da94323642095905a34976","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"06b7381cb3efda92c617ba646a92e2e7afb22671c71f913eebfd6d3f9595beaeb90011d7e18ca545d3fc2a29d9","nonce":"41da94323642095905a34977","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"4d6f4638c2f8b3b8282c87b7d5881ee4572d0a8878842119d21b89d519fb4c7d063e0d553b4eb0da11df6d33b0","nonce":"41da94323642095905a34968","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"294110587b38ce5ae4b34f037a8ddef605754c6951b5f6c0f1288e17f6d0045acbd4a0f41e98b2178d9acf4b6a","nonce":"41da94323642095905a34969","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"5918e4d0b1dd3ebb1812b715a46a9674bee2207a1bbe77f810a3a481b0ed0b84f60e5adc2228915b4fc4da58cc","nonce":"41da94323642095905a3496a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"ea7c2a8fe7d6cc0237fef4002226d2b0b1dd9e9c37e0a7d083c57ea7f3118368f8337b972f7642d52152e16a37","nonce":"41da94323642095905a3496b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"e6ab7aecfd81e4808eaf4d160f726275c006761f4ead2e9c9637b81cdd8759a35469342b9066f65ecb8f6336a6","nonce":"41da94323642095905a3496c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"72d49670b3dff4551c1c6ea2a5cb7d74e9655a2bdb94048ac9173b5a5918d551a818bae8c78070aa580fadb7ab","nonce":"41da94323642095905a3496d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"d8615ddb96a5ee3a29e17f00fc1bfd64199bb4587f54a41b60b516a9ac590dc4ff2ce7ccef1baf56ba08d25a32","nonce":"41da94323642095905a3496e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"bdb6cb3fd276d11f8b3839f1daa23c25407b85e50d990becbc7548406664060b3e5ea7b8744cd6d01f7d6246dc","nonce":"41da94323642095905a3496f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"f11c35cd0da9d7986d34525226edbe665c332af3f265ec9ac3252349d13e2079d90e733e67d3a05153876f8b1e","nonce":"41da94323642095905a34960","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"21207c730b60ed9139203c845156fa9ed93166eaeaf33d91501f2a183e98d6f9941eb270df1d0fa455f028a9c2","nonce":"41da94323642095905a34961","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"febca60a4ef7ee6a73993ba1ed1d39427d96597d04e1ae338ff3418fc4323227143a6f5ab874cefd098bdb3b8c","nonce":"41da94323642095905a34962","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"08ec4f99873f2548a2bc8ae0de56543e927944c305a31543fd56d5f1bee086acf96387d918e7af898598fe427c","nonce":"41da94323642095905a34963","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"99b47953bab7e516974cf195a7f14d09ed9ea6f74fe612e6cdf58a9ef0710b2ea7582fdfd98c90a343c6110d85","nonce":"41da94323642095905a34964","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"b70561bf36b2acad3eb13d7c551af56e0e2fd6d81ba181489c857f66c88817fdb8b76b8d7d594585427b032c7a","nonce":"41da94323642095905a34965","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"2180d3d0a7d925c0af160101f6b334f0f94bbb32142fc1e6efca3e82e9099e382caffdd909b0fa7f4e5407a0d3","nonce":"41da94323642095905a34966","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"03d6a815ea1f2f88f0028ee0670e07bf4a0db028a5dfcacb9c281daffcd9226565fa56f92da3ce5eb36e095d8f","nonce":"41da94323642095905a34967","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"d5e0da3bde65864905f8f8c8f9b6082f22a18f035fb9c04a2973f71bda24eade1772c27faa8c3e2552f817996c","nonce":"41da94323642095905a34958","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"f13df7ecf2282a7aff702530d169134c0bad279a94e4de7a0604c4b57a2e394189bbf6c0237e6872e0614599ed","nonce":"41da94323642095905a34959","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"f9c348a57f3249fdce7612d3329293519f6a675d2a030ef812ebe8c7fe1c69408608152e5f489eb41671c36891","nonce":"41da94323642095905a3495a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"18335b721b8f80ea3c5b0eb16d6fd9eed45f96f7b11140d3692f2dba9ade5cc48a16b4b316ddc704b70e299138","nonce":"41da94323642095905a3495b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"3801b54b9a1d15b10a84eb78a8a84e2f70b4e57e0f6b7638a3d75a40720c101fdd92cfbca87ad22ff7dd20d317","nonce":"41da94323642095905a3495c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"7d1b5a06d94e07e677cb647b44f378114ddcb55798dcb8c98fc263f61f4b34d4bcd375cab0c1ef2224c9540961","nonce":"41da94323642095905a3495d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"08891c005d9ebc0f9f8d07ab3dd15a88c3d9c60402b9516e3c6727bd0b26ad70f78e8d1a1bf269077a35fc745a","nonce":"41da94323642095905a3495e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"ddabdfb862b8e4d6f03e2858e2a05976286fedcec6447355c2ea0f0540f0d3abe3d9dc17f7aec0f4684ac8a11d","nonce":"41da94323642095905a3495f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"533056df19cd99b22c522903837e9b04b38f072e869fcf98e63ab4e138116fb1a327090612b2cd01ce60a92c04","nonce":"41da94323642095905a34950","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"84a75eae557806a60d8dec4e0a030b31e2150299ebaafba2118e1d9f8a4332dd383c3cd1bf01bff70f235e7ca3","nonce":"41da94323642095905a34951","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"5288205e740e6eb70b52dcf29f44ade64979a07023888f5a098d6b386b926e5b2b3dbf1aac04a6f80920d27f2e","nonce":"41da94323642095905a34952","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"24f72645798f856137576f8044502e55f03c53cb3fbdbe9b13a3caeac07631ecdf5b30c11757f6d66697244aaf","nonce":"41da94323642095905a34953","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"178de8bef65b6abca9a55a1819a9573a248e0612832f255f4d307df38a8f29554fd664639a6a6277b5e33201b3","nonce":"41da94323642095905a34954","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"34613e05962717b7a5c60c9c3a2cc0c2039e584948c9a028da05bf31317efbfdb0fd86252e6061712e3b03a53d","nonce":"41da94323642095905a34955","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"bce0ba4438567b1570821759d9f6d84a6c600701b8632e9fc82a5e68f3568f05a00080bbc4c69d1043fe09a2e2","nonce":"41da94323642095905a34956","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"c848e35cec53b724b632a27d3b90abcf1044b93ab5db0a5e63c93f15b8e3e599f737826db5258ff8078d4cc379","nonce":"41da94323642095905a34957","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"2026cfc3ee0f725ebf11c9474bdda1560dd4046eda764d9656cb46c949cf0cdec3fa8a21cd0ed4eff3a7b64ee8","nonce":"41da94323642095905a34948","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"aaa53f387b1651d71fbe2b11f541f6f8b6d70a92ed1668a797d89be0862e2867a35b43f746482271bc8337eb79","nonce":"41da94323642095905a34949","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"426bd3f51bb64eaadcc1444282dc0d25edb2b4e777c2437910d355cf3e6cd09ca989a76a34ea8c415e9b9af767","nonce":"41da94323642095905a3494a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"1e8c313e38d847030c366926fc26029045fa4cf5523d86e883e386d348b9d2cb3ea727a0ebc586191f45017320","nonce":"41da94323642095905a3494b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"e44024793dd020b4a059346e2e4d325a301c643fccae7994b620972ad3c5d249cc08bc4c30d3434a62a93825a3","nonce":"41da94323642095905a3494c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"b608878acfd7c879b587555c43f5713f5b8c0f6abe2f1c781e72cbadb32dbec4697f23d8af80eabf32ab969417","nonce":"41da94323642095905a3494d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"0563bb0cfbb03d236e68090252082c866c2d05dc48c530fa5920b32eccf2d4913a190c12aa8d55f6a834458684","nonce":"41da94323642095905a3494e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"c0191c7b91f01ab891336ce5d77d97261632ffff8fcaaf25a0da0f563604a5cdcfda6d7d0d6a492d4bc8f8eb64","nonce":"41da94323642095905a3494f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"2e71a5a07fa44ac159d7eb2e483d46d59d4552895973fd7fe32f4919310b814c45699dcace887744d4bac9eb36","nonce":"41da94323642095905a34940","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"6c769767ccc92a2e3c6ef2f94df67d72b9c02b6d1993281d2ffdea0b40b5af09f25b3898f05ccdcebe4bd6f31c","nonce":"41da94323642095905a34941","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"5dcc6147c104f9f5586d88a7cd715830d70d88820a6b2157a574b96b7e9c37f834aa6adb957cd8e0aace79bf47","nonce":"41da94323642095905a34942","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"5839720b5f44874828ba95443c2685d53d079f83d3246895906decd87ee41a3cd7969e66c7fd5e88330b6f354f","nonce":"41da94323642095905a34943","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"b01ece5e6481555fa1db96bdead1d578508b9d601a6aab00a1d433e2f94ad75b843809b4d85aaa4f0ba88f0d11","nonce":"41da94323642095905a34944","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"bfef11050cca99cbcefd59be7f27a793de11dd74793ed2bbfeb600fb1ffb0e2d1e559a68e14ca6369dd48036ae","nonce":"41da94323642095905a34945","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"bedb06bef935d7035b316b485408a8c4bb745af2ca5214bfd87560f33fb2841618b431988373018adb03e58cc0","nonce":"41da94323642095905a34946","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"72d0e6266e19f5bbec3f4a5ced9dcfcce96c3d98ec677cb1e91953f0d3774a9c17d766ea497a25397bab478964","nonce":"41da94323642095905a34947","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"cab945a20e896773bc7408ac7e90e39e7530b2f6408c09693c241835a76d7a9f0894f9f7275a8c9ab78df0bea8","nonce":"41da94323642095905a349b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"a8c02c46ac55f9b655b547d29bd5b00be116094f1208edbc83b8b27aa1edfa4e3b7d7eed3199cd64ee4f451c1c","nonce":"41da94323642095905a349b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"878713ff6c3375f2ac8a2b38c7c0d8b49a7ec57811118b9990b0952c08f097d7f1f41bd86974e0b419246379a5","nonce":"41da94323642095905a349ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"36bc1b88559208bc331263d2ed1a16ffd8ddf3770290531f8a6198701d9b668d2819744befffa6d2d0ac01b1af","nonce":"41da94323642095905a349bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"94e5ac2d046cf385ab849a7327278e6d3c51cad5b5d38adc071a113ff3273b1ad5fb5289a01e4da180c77e8ab2","nonce":"41da94323642095905a349bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"7db0c79103f304fb6cbe56ffd5876aae98322e285fb705fe724f31e283bef9ed1ae4946c7e7dd8de2ea6073cfd","nonce":"41da94323642095905a349bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"516d927bc91d3e6c822fd7612af2b129a5ded8bf590faedeb8495b7493d12e8ccf52f34d630280800a126ba478","nonce":"41da94323642095905a349be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"eed3aeedab617f72af68573c059ef7e786c233a2420b58426f01689e65a5c89d48ad08713102536c7beaa37d16","nonce":"41da94323642095905a349bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"8fe4c52fadc9175a6468a45fc8b96be427e570531dd5ee573d70e5dd0b9b1a67cb3873ce2a7148a066b26c8c3a","nonce":"41da94323642095905a349b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"d506cd6d849069d44977b1fcd4233ea51f812ae84bfc912b7ad80fbc4b7eb330755ee73c037e04ea4d54cc06ce","nonce":"41da94323642095905a349b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"cbe30ec8e0fa8aa643cd53fd08c036f27ff2b56d46f2fb071bc9730c3bba256dd0317f14cd658b7d347e0eeccc","nonce":"41da94323642095905a349b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"f3029bda331c4e1c90960d60c2536bd0dc758e23d59ad17da680318fa9253f952e4fb019642920307f9dd59e94","nonce":"41da94323642095905a349b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"8d1b5e14384b86b38dfa1b837573247c3bb58ca07bd6d8a0261306e6a04fec85ce2e0999eb994efe91cef0d8a6","nonce":"41da94323642095905a349b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"de39ba2be428a69e47b70eee0315663e5d169da6ef2218bfe7f0ac59957022e5eda5c0b3e804f65138bfb09b8b","nonce":"41da94323642095905a349b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"d26d5406228c57ea78ed35a5d5725411b86b82a7f155d845b2e024aa86e2eeac11d33be3c986fa065fdc92ad68","nonce":"41da94323642095905a349b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"8a8dff67b3d101c00e48d1c6f77d2e6e123417064f5798e0efc7e994cd31a5e34c913e2262c609991e56000b4e","nonce":"41da94323642095905a349b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"90443aa2655619390b627e09daf3949f79e77b903cf2343b84ce5c109eb02238e442bbb9bd2a158c445c7e57fd","nonce":"41da94323642095905a349a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"a3df261a314fb20a519cb4b116832fcfca255372e9582c51bca30df529df7f8bea576390abdc25a8c09c030dfc","nonce":"41da94323642095905a349a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"764b6ef88a4ef4e00495eae59c83eb4d4da8512ad24982c04c332cdc0c39944bd322d74c89b78977c649e344f2","nonce":"41da94323642095905a349aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"c1149b45a6f6dacca8342741b452c3c0fe8ffe65f12ba4dcc731f38a0e29cfd551984ebf4d2850c05b05e4638e","nonce":"41da94323642095905a349ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"f5c2222655ded319eb73adcb75cfdab103855d43bc8e2098cadabcb6f02c75d5017fa95854d4dc16514cb85bc6","nonce":"41da94323642095905a349ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"67de8b5afc35709924eb1598c90d1f8db559e5d1f224e7549205cba6ba70dc4bb67b1f7f3f9a15d56692d3e88f","nonce":"41da94323642095905a349ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"e6add3f1f1dbad46769e62b770e0e79f795d43c64b76e46d578447bfc7c01e48a7bef0607791fa51b9f8f73db6","nonce":"41da94323642095905a349ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"d974c073ea225646215fef776186673b1c3b10c8fd130dd6c46216c90cdb05e5d899c55be32dafb2f52777be56","nonce":"41da94323642095905a349af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"dbb16370248672972c240fbe7558669713aa40221a8138789a4b1fd95edfbe5dabc361b95e1adbcb804fe38188","nonce":"41da94323642095905a349a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"0021cb3186fd692c8ab715950564165ee8f89a17ea7e308ce48c6337103a1a505ab2aac137e5a110b7c92260b9","nonce":"41da94323642095905a349a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"fffc59f2ff1d3a761d8e5005c25e12044f10875aad3ebd5e9346534aae5e4896eaecdf05f7fdc8c60952a0056c","nonce":"41da94323642095905a349a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"84d2ab92172e21b7251bf2825f3c083f474d891ca0b8cb7f5661ce37956446cbce80046c82bcec29eba26b4289","nonce":"41da94323642095905a349a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"e80ba09d1d2d7de13067e460755f3609840f017e8a6e4561b7b4078817696936ad19ff6b5c5cdac2b25ce809c5","nonce":"41da94323642095905a349a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"445d8be1d404aa0e508f7021b22e48dd6a349141c182e601520420ae4610791a8db67f4584ecbeafd3b4169e50","nonce":"41da94323642095905a349a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"aee6debdac56b80f9b55435fdf649d174fcb801a93866fdd8f6bde22ff85a3baba12409fe7f41b1c9b248711f2","nonce":"41da94323642095905a349a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"fe39078d272abc9c7999630c5eebfd1e1628a4a694430c105f119d20e524e99face043b5da613d3b11ecc897d4","nonce":"41da94323642095905a349a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"ae4193c43e06948b19d2c912613f772c6be49b16a4f7dca4991c06417530681b54821b94ad8ad6c0d388884ff5","nonce":"41da94323642095905a34998","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"114fccd21850ebd4069127be28198c5c2e9f270b598baa7be337975510299aa20c054f8498f51898eac61567ac","nonce":"41da94323642095905a34999","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"f11d3b4bc526d850043c454f9936f85bca7df5fc1957c55677d3dbc18a55de8a02efcfbd407cd8a4d0a30d366d","nonce":"41da94323642095905a3499a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"e59152496079561fe9f114ac73ed3356720542d395921f7a4c5c50da7f6afa3f492848361cd3a1a13f4b7a2fbb","nonce":"41da94323642095905a3499b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"c62cfe00dfced3a0d9f35f6f9bbbab100bf6d609f3d78230e1bdbc7a2b3f1c4713975b62133bec7cdb8cdd91fa","nonce":"41da94323642095905a3499c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"f7e0185224ec145225b3cf0451dfb014dd44137775617ee72d9da4f7b41ec248904c107d6c6db25f3f8e2aecf9","nonce":"41da94323642095905a3499d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"93c68f805eca253c23dc452302ef9ae791b4ffab97853c01f5967b6891cf2c5bde002ccd85a365fe348a57d6ca","nonce":"41da94323642095905a3499e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"eaeda86b4f90c1f66e5929454220ef8ae0cefec40a6c03911212810abe11d5d961f625fd973855c7d6d8bd6426","nonce":"41da94323642095905a3499f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"72ab591663e0fd2edbce4d5ee04997d259b834bfb7bc10d36fc14e04e2808ae38cf601af89ef33d28224301424","nonce":"41da94323642095905a34990","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"5da0811d6bb5b9d00402c1f803062e6e6db4da219d695ff502ed4e74f011cefc3c74bfe86f142a6d5ebcef873e","nonce":"41da94323642095905a34991","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"fe429d92e1cdbc0c738fa1b057762a61b6d0b3bf3d6c4a480504f3d8c07363d3d9adb50c5c44fc9ad2f80afbb4","nonce":"41da94323642095905a34992","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"73d7980299de66489e24e2b042d8cb62bf02a50ea4f6edfb3a265fdb54028a2284c5090fbd5bf7401d8f7d8c55","nonce":"41da94323642095905a34993","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"9b81f97ffded87a9697145b6d0b0210cc20afdd117311238a5354d1ac0a5d0b834becda5de16280c7ea3728e26","nonce":"41da94323642095905a34994","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"eb9a1e55a34f825c13d2b7b014cbb7db6249c4c511111af9ae9bf441a9b9b1a701f778f2bfdac6383a9fa79ad2","nonce":"41da94323642095905a34995","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"a0603640d761fba6ace56a20de14ccbc45baf0997755175d7f3e3742edb274368ce0a776eda420c0eff6a4785a","nonce":"41da94323642095905a34996","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"0abb86f71c0d2e456c4322bf4a26cc5dd898952a98b6fc815b5ddcdfba4308e6ec2c6260d7540bd0bc2a399141","nonce":"41da94323642095905a34997","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"2d076ed5858dd9f5441b6cdc386bc30eed7471a8f819de6eb6173f0704365f8043fb6e8fc4a7d7f9549457a3fa","nonce":"41da94323642095905a34988","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"c51e01a9dc463c20728a6d15fd59525709a8c51d9f46f15cf093773aa7a968d40232c9ef26d20257762ee49f56","nonce":"41da94323642095905a34989","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"6be4673041b4f9281b6f5f5b3a4a611062254f82d7d298e93ac3395b0f93ee4277f3d60d1116c5f559ee498c1b","nonce":"41da94323642095905a3498a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"56fb203d31045da80ade5e18a2a2e16b361fe1ed4edf4ed654d75edbe82d0326ce9dc51f75454fb7651d5d25b7","nonce":"41da94323642095905a3498b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"046305f4ac30a91936afe73f55363480558b476ffee4ba19a4a99a6edab9bdb712f8dd2abf16e37839382f1c07","nonce":"41da94323642095905a3498c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"cb90b1ea72f58b73984e41ef7297338ca0db1b4bf51d1bde41372e4e4bb9ca00f6da1a54e55fd20f1c21ee996e","nonce":"41da94323642095905a3498d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"33fc92d18d7aff541c2d8d3d0d590fbf94c7fac0f5403ef4abab82ee855e42a0753ecef6154dde04926799b2f6","nonce":"41da94323642095905a3498e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"1fcdce642c0628dbd694cf14df7182c5f5bc300ded6c2c9354866a52f4ebbcdb3a07f16cd66a1f6e25f1aa5c36","nonce":"41da94323642095905a3498f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"fb4ee64e15307f7209e60aaaf58ffa1e3348c3e6aff46cf95c3a15e96b65762cf72749898649aa4f2554ec973c","nonce":"41da94323642095905a34980","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"a64ad7dc7d7f2c272293f2c0fd957c4748f3911e6bc7242a3bad175a20b4508b0cb065a7ec848677ed9d349e5f","nonce":"41da94323642095905a34981","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"95eec59259b5fb711157229920349524e7e85756419492df26298ec7b16668a892a5fa41ef7728bc8929a1f942","nonce":"41da94323642095905a34982","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"8cc240907d8cab9b1a0168abfd01aed8cdeeda252e298de2f3f89190e1e03719e40845b9b5d93df184702bfd7c","nonce":"41da94323642095905a34983","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"5cece69c96911efcf1406c5faff0de7e7965ce0b6b661df3290ee4b86b4ced5db98d2782cf8ca5c7ec81191ee3","nonce":"41da94323642095905a34984","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"9a37d67894742202ac23904b65d72e40b7afe31f7aef8083e3f41185e402481f1f6466bd441a27dcf5a135f6c3","nonce":"41da94323642095905a34985","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"db536753e52ccee922ca4578dbfc8b24069dc526202b9e95d865ef7f76b9406ba6afbb665f4a2d048f0c8afb9e","nonce":"41da94323642095905a34986","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"015649389a63f9410008083f30a4ae626ac78d8cf4b35f701845a56ca07c58aea12908020c43890db3f91745b3","nonce":"41da94323642095905a34987","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"bf7df6bf223d74a821afeff194aa402a5f71eda3a2a78ae319b4f996aa7b0da67c221c87ff2a778b7a20030a2f","nonce":"41da94323642095905a349f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"9003c98d71b1aa4f531c51537cf538302b5b6036e7af1cb4aadae99921baa5fc30aa86abc8ac525495d92f8b69","nonce":"41da94323642095905a349f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"6b7980f6b429998a899dcd87ba98a96cbf03b9a0878d3afe10acc0742114a7ee003047deb911ca38ef760fc903","nonce":"41da94323642095905a349fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"4681f2b8075420e813ad70b9dd169187ee65779371d3f1abc6e62a99c8ee1cfe9be5088cdb20ebc11373d8af38","nonce":"41da94323642095905a349fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"66361f11cf2515e44be30d93a4a8d9497945f5cc8e7f06df6e4f3f58cb47951841d00ab8b4a52011303bc58be1","nonce":"41da94323642095905a349fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"09cbadadec104db37f240fcfcbcabecc92a03ec3157b789cc12c25e01c376a2f59189ff77fd8488b43bb81e8fd","nonce":"41da94323642095905a349fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"d490d9602e9e59f96b8aeda570e2e58428ce7c06a4e4dd3b8a3b61307d6fd4c6cb89d07776c30417484ad2f249","nonce":"41da94323642095905a349fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"fc5ae84ab4afbc898cb4b5712e1fbe7f75465bb6e834a50f039a0d2b7095cb732db60b053ded3c0e3df0626864","nonce":"41da94323642095905a349ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"8f1af0ac6b21371f2a347a007b9de28f54cdc3ee1db93552bd340732e61d1bbaf3194e24cb3707b018d97f5010","nonce":"41da94323642095905a349f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"45eb8bc519b8ffb448af0dddcf31b378029d916aef6c91dff98dc01a10d1a2a4c0e43445da2d2cc6da4037193b","nonce":"41da94323642095905a349f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"65cd2f48815dc6ecadc4d751cb8f9aab5e678d87abad28d4499670eb5b61c4d1c3c808d62cc946771a5673afdc","nonce":"41da94323642095905a349f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"fb0111868c29bc462791ef235b845450873cbce9d64a7d8851b993de034e13f40e9998046e9d29caebd1625be1","nonce":"41da94323642095905a349f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"6f6b24fe3698cb0c0a8b8b4f6c999aac265a81a25e85db60dd0847b8be655480e462cf8d3bf6f9beb21de26feb","nonce":"41da94323642095905a349f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"c93a9ae61a56dc361674f9e6c2570b464840afb49842807989c6d9f700552245151e85e06e37d7a30c09780cf4","nonce":"41da94323642095905a349f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"145048e595c7c405afbea4c8013fe3dff529a2cee5117c61d70150a3c0b97200809c03cb7d317ae9aa3c06628a","nonce":"41da94323642095905a349f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"29f01ab2a7ffa29fbd4c63a590ad7ecf87ae93a2c0eb1b5936b3a6d649e7803fc950a94810dedf18b930536170","nonce":"41da94323642095905a349f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"633d7ef1a17ff121485a82bf4bcbc9051d9768343e547ee9531f3b3c1cdcbc11dc45705553b1e16a1182488b1a","nonce":"41da94323642095905a349e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"37bc7fc586ccb2579fdb41d13865c8d9659bd8d383910e2474fad0dce89dd418404a458f02eb8172a1f56d8453","nonce":"41da94323642095905a349e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"92c1f5393dfe1325ffa85d86c1acdb492476ec7a5564820771a761a2df780ac6be823900edc2fb0b61a1ed5aa3","nonce":"41da94323642095905a349ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"7da1a3fb27f68587bfb66e54aa2b98b1217c1b274802dda873c2143aa69b0dc999537f07d473fe2f0b9dc6a8d5","nonce":"41da94323642095905a349eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"aad51528d9d7518519e3e610e9048077062eb164e64388c9bb8f63e0eab617be0ace7878cb261fa426fb051d12","nonce":"41da94323642095905a349ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"a646e6617fbe4e18d4908a1f0cf46500fe3b82cc306e249b76586865cbfcc39d7b5c73b3f372a18a135aee8523","nonce":"41da94323642095905a349ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"ba2a96778c42d5be2c036ff75cab34898896b62b1b2d0adee7dfa194e3da00a2c36967a74107c25030d1b23bd4","nonce":"41da94323642095905a349ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"b7c0b4fc91764f3935da56c764311e6ac6d3c8af44fd5b5f53901842e9bbbc6ce886dd615d6f6c4b6c285dc9c1","nonce":"41da94323642095905a349ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"3420f14b4463e393dfaaaf07d48b383d6f082e5d58708b2f2ae51e432c435fc9e2fc17f5db6b1575343e91482e","nonce":"41da94323642095905a349e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"0f37542535f680177a32128a9f79ebe52d34821fd818298d6dbba4a51c484d1426d904b5afe80f60e180dbff91","nonce":"41da94323642095905a349e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"67325db96b9572e0b1082446950019b05da85c062e9a5978c3065aa5bb938b03cddcb50575b8b3b5b689bb59e6","nonce":"41da94323642095905a349e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"c5211f82cc9a8261a0a5d93b005a241eb23404497b77689975437b19a2e42b6b7bb38a16ac51d813a413997e4c","nonce":"41da94323642095905a349e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"4d9571193ceffe27a4944d1c78fa0ffe3aa6cfbca6c970b0f93e32aa7a96333fd16abfe81de9114ddc45fec762","nonce":"41da94323642095905a349e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"aa0133057136602263f523658181fa9bb1e66262a9c79b97b1579bb0b5b1bf4bc0a0fd64b607b01cccf52d8e9a","nonce":"41da94323642095905a349e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"825b7894b5a6c4ade04f5f70cd98d975c5ae7707c5f8c1ea197e1faeb280562c77a3e5130d0037d64eb1c86cce","nonce":"41da94323642095905a349e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"46f11fa25fe412843fedade29098bdf448fcc6473ff0ee7503d1345667d75e74746905166924db804399ec2b8c","nonce":"41da94323642095905a349e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"f7fd8d51d9b9d2d5e24b9d4de9f61c9d604cab2bb65712f80de2d94e8daa307de22283c4bb8614504f71b4a819","nonce":"41da94323642095905a349d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"6f54ae130c8cd9b75627495187d6aacf564778a7bc9f6fbe7001b5a284592dd0c3e7ba3f14d955fe42eec72e31","nonce":"41da94323642095905a349d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"b0ead5ca3c514d405e22f57459bf3e4b3b10480bc5c5ed6cdc907eec7d7c55791c3ea020640cdef28995163a6e","nonce":"41da94323642095905a349da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"a0fcdb684a93d7a27ddbdf6c2dcfb191d9a9bfa0a7ec64ce88b408cf8a8deb19b966cb641d944895b85f0b954d","nonce":"41da94323642095905a349db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"616bc44dfe78f7f3ef9d56dd2312e8ac0d08de8f4852dae7794a7e7a415094f59665645ed09387507d00303def","nonce":"41da94323642095905a349dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"8929024200819b1fd946627756e9bee6efe49fc6a80c6e720fe00c2ec5689f330eaff95e77398a09ac8d3b9aed","nonce":"41da94323642095905a349dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"54e672bb9e4ecdecfa3526f5bcf1a6745f2007658f794712c8f68e2544c6dcc9946f4a81288c3e76475c1c929c","nonce":"41da94323642095905a349de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"9846eab40523dd43878ff150ee10a54c5fe54248fbbed57cfc64ca52aa5817caf0465eb934b4dd99b96e5464f4","nonce":"41da94323642095905a349df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"aa6e8697ae32fc0908b8f6fc79639f65f59282329f74f65d82bd23d5cffb83ad289b7400f25a87825658c551a3","nonce":"41da94323642095905a349d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"8412449390ae9f7a8811282c45109e2074213a282edee6014f0f9b51ad5a573de7c98d02c19fe9f29336d4e4e4","nonce":"41da94323642095905a349d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"ec413d776c28591efa625f57ac7b1efc0137654044c3763a103b86e94082b92c2ba158eabf8ddc80e232f184a0","nonce":"41da94323642095905a349d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"179626ccb1dda5d800312a158da372a184fd6f1803bdb472da045467f2d8e4676114881aa10cd1c3979be9cfaa","nonce":"41da94323642095905a349d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"6de796ba74b37a78fac00a329ec3e7c936425aceb4e36a623671cb39b04a571408fa1992bc592a44ac56f2a96d","nonce":"41da94323642095905a349d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"48b947a68b838f5393acc967cbb6f52dbd161328817438df5dfb9533cb1ec2f7f77aac3c8d1a487691ff3f917e","nonce":"41da94323642095905a349d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"bce1baf335f9a2a0677cac2bc6b5d3d2618e772f3af688bc82fa63d839c5e7fcd51535fcd9ccbea75936d90b51","nonce":"41da94323642095905a349d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"952e38288246111e5cc6a6f0fc5901577dfafd4e28bc544ef5e468e71bbac87ab338773f859ca87f3474fa629f","nonce":"41da94323642095905a349d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"660c6a8f448d5b0680cc1dc929628405e2a6c02da409cd3c6fe3cf7141811abb751b223ad789fd14b9e1602afb","nonce":"41da94323642095905a349c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"e5747a16c008e797c3be09d597b2884945db07314faed0f8f778d4b6b9cfc59620d53be6ed8b4aab2e4d9f59be","nonce":"41da94323642095905a349c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"07ae27bbcee503b65523d33d061e97316f061f7c355e633d3c4ab131fbf33f4c6792e947072774bdf8adfae78e","nonce":"41da94323642095905a349ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"3d9f2b4d7c14170cdfd535f6190d35e7a1abb2021b30b40ee8f3bbe3d54c02cf69f2b9da331a916e739d74f959","nonce":"41da94323642095905a349cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"e2c42282ea2f99db6d93c31bd90e7bbff5e3376d32303a99e358bd5083918986469f01263bcf60c38b7c822230","nonce":"41da94323642095905a349cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"db37f6664496ccd0cc0422c0151cbd0a5ae14cc5355504e76b52d7cdc0625eae945ff1c39f37a78de712d9d30f","nonce":"41da94323642095905a349cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"98c02dac817d309004e910ff1aad1ee768d641f717e68a951762dee0384f8a5fd09b47a5ce35aac62a1093db4c","nonce":"41da94323642095905a349ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"ffb8ec458cb1d80e79871777e3d6340e41acfee88b8a777d08f83a95e9e8c0806f23a5ae627b85c1bf67031d3d","nonce":"41da94323642095905a349cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"9666674453d6e55e481ac351253fd806f1dff6833c755f16737acb4e01a52a15eb51549892f08c039710ff17f7","nonce":"41da94323642095905a349c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"87faac25c2e84bbf72abc74bb8f86ae409bc36c1d7f4ee3583c6246a2cc4f72bd4503c92209f0bdcf2bf9b97c8","nonce":"41da94323642095905a349c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"9b779902d73179cc203b8551e595b2525005f1b963768fa742471bb8e399ed016806052cffe16ec1113bb92761","nonce":"41da94323642095905a349c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"9cdc91cd4dcf786f3d64b9e60f60aa39185aa9124d67474e8d5ccf252a486b8f99475f2391acb83cfc97572329","nonce":"41da94323642095905a349c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"5a8ac0f7e52b423a242ddf4a109c81d67d340f6c73115e327fa34768cd57e2b2f03b97b59040757a0ce78c8d41","nonce":"41da94323642095905a349c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"77796249ac3cb85b11d8a912f4e3ab18e941875e4fbfff3ed13b0e1e8b6f70199fb1aaf82c90e0106abd697fdf","nonce":"41da94323642095905a349c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"c62723610b47a9702d7226f58e4b309a3165e81425a0e0fac70dd6c3c2dad7230da418743a3f196a51c7cd06db","nonce":"41da94323642095905a349c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"f2783a56b5f0cac017424bbe7d29dc9cc45ea7a6050ef83c3284f5ad7bc889aab2cb46e6916a683b17b903b63e","nonce":"41da94323642095905a349c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"16bc024eb0af9037260c822d45fa786e3c259aab1b7a4a196a72c3e794e78446440ba42b531da44d3d36d0a042","nonce":"41da94323642095905a34838","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"8890c5615e5d6b0e1b212e26d80a7e8c0d03e796377f09e9377aa0497ccf89c9"},{"exporter_context":"00","L":32,"exported_value":"51f60f1d4505688a1aca99c9b789e44f38a5bfa177a6b4660ff57114bf50c6be"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"25f7c731201fe73978b5c66405f17de3e59b7f1c4bbe21e9ff57541d152841ac"}]},{"mode":3,"kem_id":32,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"cb00bcfe70c59318fffcba7e8c4ac10c0913e7ea68004b042fc12e27e205655e","ikmS":"a2cd7374f8bbe45930099e921195dc51bae913c6a08e0dbd256b2b9ea3b20aec","ikmE":"72f439eae7e59017d8b27ef1c19b178c1bbae606aed33a1c36e0bacf7dd3ffac","skRm":"a494cc9d803df57792c866f6ab716ba8ce953236e3ec71914908cd80fb721c15","skSm":"06d5b0b9a559a48588a2447b51f153ef5a03fae0c022c831e64ad85bb3d3ab41","skEm":"489982fb92e71f638c2957a971f4d635af14d725481bbf4db187006600a26557","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"49823d14040d46e3d405e21f421a810a4968a361bc96c5abcf2f36e66b15a36e","pkSm":"f94a4aad51983c18a48a960f2072c14818b9bf1eac2cc4575e32d8d029387a2e","pkEm":"d38af616e071a4e3717ad1575fc8df781c541b4d0cc02cdf98f2d156a9eda15f","enc":"d38af616e071a4e3717ad1575fc8df781c541b4d0cc02cdf98f2d156a9eda15f","shared_secret":"40d16ac46fa9b4c4c02937e106ecb5a67109ae60ebb66262cfc704880d907d58","key_schedule_context":"03a35894e1dbdc20fa21488d654d8f53f5aff5052690a045752fc170019f0d314e06f6ef962c9ee7cea40407b5d60f0f26990472faae3ac44c78366f1cac1ecde1","secret":"3a8c3a6389aae93aafce619b186796d5d3fed2cb544080877313138a4fa6cb6f","key":"501e5469a0814eb5e6be3c9711d884765835aaec5d15947054aa2b4c5a467efd","base_nonce":"1455fb0f644ca05dec2dc40e","exporter_secret":"23d5857f167856ec7d9200832e9ae284d046df2d9abf11aef698f3d6b6a2534e","encryptions":[{"aad":"436f756e742d30","ct":"49d13e16bc1f0e45805ac211e0c2e6bf5d436ed00df5f02f16c4c8eaeda0418d3f614636e2f026949bbd6dd281","nonce":"1455fb0f644ca05dec2dc40e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"3179ce5b24375e75dee632b551fe2091ee399ea2102e7ecb95068ca423186c3eec89cae7c4c580f2a82e014dc0","nonce":"1455fb0f644ca05dec2dc40f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"9f5408fcac20278c45adf43ade2f0c73228320c4cf78e6354e92736fedd2970955e80402aaae1204309f7567f3","nonce":"1455fb0f644ca05dec2dc40c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"7a4974c5d6a7b6a8bd1de00071a4298992258e9250cee9ca288ba8a00e380c1ee75b041c4ee9fb2a513b0c70d6","nonce":"1455fb0f644ca05dec2dc40d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"039da17ec8b7d44597c17967020a714ef79df420db42492dbfd0e597d56de663ebc16f2053d0d8fcc0e415de08","nonce":"1455fb0f644ca05dec2dc40a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"5d6b5757a67a49a92e7f3f511950b638cef3a4434a2cd8a2e7d26e3782269b132ef636b6c2d19c7edda5cd6408","nonce":"1455fb0f644ca05dec2dc40b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"601a0c871f120743aadd128d87bb85edcd642163e9e5dfd3895f6cb28962e98e87656a5d64ac266a3b227c8032","nonce":"1455fb0f644ca05dec2dc408","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"77ab750077c9bc5817f997fedd71b48fe1f0084e1ca1cffb07b333097fac5868e4f61a2cb1ced4bc48634c7ad1","nonce":"1455fb0f644ca05dec2dc409","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"0beb2966b758bc5593765862668cea6564b64c6a83b804bd1eb8152a23bdfcde50bf013850fe6d4f35ca92636c","nonce":"1455fb0f644ca05dec2dc406","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"d7264d7019a9a7169f667487b4e1e294fc08cdc2a7a013bf92707de9cee0f90299e48d6355d7fb78fece082d1b","nonce":"1455fb0f644ca05dec2dc407","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"e87c1f4c78839f0d816d2080970a93724dc638aef8c20dbe17e44a00b5e2651480f42a9587c21e3dc3de6ed6ee","nonce":"1455fb0f644ca05dec2dc404","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"a5d82307edb39a7f63d3b84bf29d5262f39e29910d826ae5b77e2edc2ccd5b4e6073eee31b6ceb7044f53f82c8","nonce":"1455fb0f644ca05dec2dc405","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"cb41ab70748af3628a4c3788f223c5d5c4c13578e8c9e044f53fa4b832e330c5260bc4c7d567d0b4ffcc0d1fb0","nonce":"1455fb0f644ca05dec2dc402","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"c31cd0af4992ac26fe2b16f78712f52343d6f004bfdea376c42b0353976d093d6d8b0d0cafa4a610a98360c431","nonce":"1455fb0f644ca05dec2dc403","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"6a61fc17b259c9f64481641ef8c760f183817db516ff95bbf1bf3fb271e93abfd8a57041261a524b3b08c19f6d","nonce":"1455fb0f644ca05dec2dc400","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"b3b4d4be440f4f753d2175dae5ad7cc8deb8f7fc68354f52b1f31d69b6937b6481cb6fd8d4500287f8cdc616ad","nonce":"1455fb0f644ca05dec2dc401","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"853853a8daaa7ec902a4cf06eba2361d2804d634e7f7602a7ee3dd784290e5b58a598f1b4cf5378b366ddfc5a3","nonce":"1455fb0f644ca05dec2dc41e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"0485d3c2c3240869ba4a9b54d6326060ee04728db8857f270585ca2da39f457266fc1fb2eade3a20430d829a97","nonce":"1455fb0f644ca05dec2dc41f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"f65fbb69ca9f336bf47717226f0890ac37540a86715f2470f2d11e1f5f29969a7c60183c16a45a5b6a9d85c06c","nonce":"1455fb0f644ca05dec2dc41c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"f4d9877ea7f7a4c07fc6dd94f24692d8cebbe0df690ac42c1af12fb5de8f7893883834b2a6d47ef6358b528b2b","nonce":"1455fb0f644ca05dec2dc41d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"7a5ec4f9ad97fca034f889ad35167ec24fadf0e4580056e670d92b6601e1a631d882c5a342f7a34bbc7431d7c0","nonce":"1455fb0f644ca05dec2dc41a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"ed8656e43a1d52e76c2381a5228c351b4edeaa2994d449dc66e9bca1675a1f5849557e2029e2b5a190c5b647b5","nonce":"1455fb0f644ca05dec2dc41b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"81e59fbf24e4f534aa0071c7212b4604cc36f4b981fac7a644f24a43f056cc7451fc6fed2956feb593fe44ce19","nonce":"1455fb0f644ca05dec2dc418","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"304cd710a2aa69bff91650081f3400372e31203f5c5ea0630961656abcbf6e2e8e501965cb810bb360034088a5","nonce":"1455fb0f644ca05dec2dc419","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"c3f4b52582c7aaa82bacf9fb8a20937bf9911483b4ab871b1ead96fdb89c74153339fd96a2c9b7e3ad3eb76222","nonce":"1455fb0f644ca05dec2dc416","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"e5396b6ccb1d7ac405c6437ed75d97df97445e5bc026c23b0d5a42d0c0891254512dd53d1a1b03af625fa5b9b1","nonce":"1455fb0f644ca05dec2dc417","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"a454d56b71f0be2da56fe8fe577495499fc434f1055015ed6a34289f56174eeba4652a8b067df46d1090eee7d0","nonce":"1455fb0f644ca05dec2dc414","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"247b49ead4bd666d83c610acfdde627b3770ea5d467045743adff3b4beffc14624f633434d401987c09754e652","nonce":"1455fb0f644ca05dec2dc415","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"93c9b7bcbcff44cb6ec3637e85bd6f00a9f3f7d5bce44b65d5620dbfb77e84b744206147d45d9d0de2c4410b88","nonce":"1455fb0f644ca05dec2dc412","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"cdee024de2bed4df9a4ca890a0873ddbdae94815aa923fd4a70d6406c52f8cb19a9c319b57f78358f6cdf1459b","nonce":"1455fb0f644ca05dec2dc413","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"7f2912015e6b6ca6250c1644de92a16909bf77f4b646c95c0d306492a552712937951572c2b0b88973ba0010bd","nonce":"1455fb0f644ca05dec2dc410","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"72a09ce30b6bd85620a85403d1013b80757c94be7a1ef5e4c5fae60e962d8247aec6cca44a11018543f74116ae","nonce":"1455fb0f644ca05dec2dc411","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"664123156e2395ba5cfeb81ec0507660469ccba26739062b41c4cdbf6dc300a339af23e49cb8772cd34eab7c98","nonce":"1455fb0f644ca05dec2dc42e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"af5ccebf8850bdfc8df12742f7f335e95f7e209146a67a7cf7f9e04e79a938f1635ca356c8fa102eae30885123","nonce":"1455fb0f644ca05dec2dc42f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"5025933df5ac639a5e3127fe4e620d20854b9441264b616d0033ed0769744699e0c447c41ec56d672fa509a6e8","nonce":"1455fb0f644ca05dec2dc42c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"23d5a457bd344a90a917d3f5f4b87d3b75f8d2a1d4ce2ffa7287011ed980f26acbe2738efb6003a57493e94087","nonce":"1455fb0f644ca05dec2dc42d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"1e5ee20acbb1ebae712ee8e3595fc32d665fce627350c5cc14a98bf05863b5bc5aee1fd4a5ba135e1b69eaa393","nonce":"1455fb0f644ca05dec2dc42a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"8e4126f10df900f22cdd15f5369163d01e868cbccd17326b16d90734df3c84f5f6b6b64757e9be7fab49ac292d","nonce":"1455fb0f644ca05dec2dc42b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"7074cb3feea731f346d9bc7652a13a9fe9780c3b07f79b9c995515e9ae4f5b31e5bc5e9273faf0e7a9840ecbd1","nonce":"1455fb0f644ca05dec2dc428","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"bd9b790df1f8a028e3d4e0a17ec97aa5109bc1e07a438d6cf6491ea865c588db6b3003ac11e1c25c6968622bb0","nonce":"1455fb0f644ca05dec2dc429","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"731f92776c2eb08896a3b0b3479c64b8164caa0f8acd79502e36ebe579717c0039f5eb35e925574a570fb72425","nonce":"1455fb0f644ca05dec2dc426","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"5816f9b8fdd147b5b0a6384cf29967a1198048216ac32556c02746fbe84538268016f8f26d278c8eb582580760","nonce":"1455fb0f644ca05dec2dc427","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"56fc5215623adeb106622a8e05a4407a7cc040908d7110acc1454d51f8c0031b1db15f16bbbd86e02aac4b8537","nonce":"1455fb0f644ca05dec2dc424","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"f195f5822f686236219816367586a5cb41478846a2e208a7198054a075680081c8579af596813231657f495821","nonce":"1455fb0f644ca05dec2dc425","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"b17707c8ce4d3cc7464d6db3fff963d073342b865afb30fc07154196b1f36c8b82d5af796fa3949317217dbdcc","nonce":"1455fb0f644ca05dec2dc422","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"a43c423245d1f245574ea060905ae00607e44350acb72f95265a32ebdf372a99d8f4c33373b8771babd24fd175","nonce":"1455fb0f644ca05dec2dc423","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"83f4af6c0f3b61034ae179680b663842b91479fccf6e76424909ff67026595ae5d7599b3766f5ea9c107315d09","nonce":"1455fb0f644ca05dec2dc420","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"bcd8444f56594d7d997a6b3813256a97c81c9540ffa6256db6ee45fe718724a676b500de9bbb8d2adb716ebb79","nonce":"1455fb0f644ca05dec2dc421","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"0ea5aeb98aa48c15c63481aed337cb46330a491088e66af65ecf669fa487c24427a954a328ec58ac7dd1fcf631","nonce":"1455fb0f644ca05dec2dc43e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"6aa810bdd24cb106b8f31d2ac09db77f4d52a07878f2b031c8597a77c674fc47f6957aae32e8678f19b5e2bcf3","nonce":"1455fb0f644ca05dec2dc43f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"e6d243213134554c38b8b05529c1dde842a9ae5298b16aa876506965edaedd214c24786f6a59e06037e51130f0","nonce":"1455fb0f644ca05dec2dc43c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"5becb822ed49b198fd5249dac1eeea68145416759bf3f44a143370f6335fa3e16a0b820da2bf2790bd8a0cf939","nonce":"1455fb0f644ca05dec2dc43d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"f160aaa815c41e499fe96691bdc7b5bb1d14c4d9862f88dec0c4acf724425c1b94462baed645791c701d6721df","nonce":"1455fb0f644ca05dec2dc43a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"5e35e54c37648ec02e80bfff94527d5f24c02e3dadd1c19063b7fda7eed71b53215df0e906d18809b0817978e0","nonce":"1455fb0f644ca05dec2dc43b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"cf60c5fb10ecb2b951530ab81d0c41a0798d74c293d5bd3fda9b532d704fc9fcc7d02e687767569ff35ef9c57e","nonce":"1455fb0f644ca05dec2dc438","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"7c5723ca02bc00e2a39e2e20174759baf16f1f766d3dc9de823a6266bc63053090d84391e606978878d81626a7","nonce":"1455fb0f644ca05dec2dc439","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"28113daf28b09d04506cda239850dcd514345a87e44a7b4f139ddd45e0e025a53eb6cad7f08c8b8a48cbba40b6","nonce":"1455fb0f644ca05dec2dc436","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"8510568941cca84a2a4d7562cba78ffb72e8148cd706e001647676cb484f40eb8fce1811c0c4b0967e1f184f39","nonce":"1455fb0f644ca05dec2dc437","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"26e404402c074d423f7a640df2b439c9f01627de90fef7b4f88846df620bcd393d3ca7cb79afe3419bfcfa85ba","nonce":"1455fb0f644ca05dec2dc434","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"ad013321452fd09bb3a5e41ac6bab02f18ced32682f0b2aad600f023e05e87035094d9dbad8e79e7a5b182184d","nonce":"1455fb0f644ca05dec2dc435","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"550c33f9322da0e26380c66517258b005239c256d2adabfded06a3ffdd75bbc20e64e171500388bf0e9b5b5f0b","nonce":"1455fb0f644ca05dec2dc432","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"994904bbeb8b45f511a5e94df83e7a35fb725e51cdafb71a1302f614c554699801094bf46d20d0d042a34cde72","nonce":"1455fb0f644ca05dec2dc433","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"7ff8435043aaba82d4d21b95d04662407f9be113c20f32092f7896507616a53e0a44d114ad44543f25015fc566","nonce":"1455fb0f644ca05dec2dc430","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"0e6857828baea073c9a5f9a765a87300d61c7d6c3e7e59cc0f20579ba5792fc9f12127f4796552236b8f774755","nonce":"1455fb0f644ca05dec2dc431","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"4fbd99d94baa4f5ae760862c8d296fdbcf0f188b27513f2e72215518ef0d888b5a17ab4e95e78f21c234bfd95f","nonce":"1455fb0f644ca05dec2dc44e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"f7763acb8759f47b0919aa20da9b55f4cde95cc0eef07888f47f82fb012624a813a176cac0bec35e0a0c9a305b","nonce":"1455fb0f644ca05dec2dc44f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"08abfabcc3c38a4909c8d3ccfa3f5862dc26cacfe867643e3ec252a704997d1ad0c89c06ff4db7ba840b0b0f3c","nonce":"1455fb0f644ca05dec2dc44c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"f1de2f3f9894d5d4bcb115aec03453ac5e0cc9b9ddbdffc6e14459328dc7b1aed552e854e1da085b42c5e96755","nonce":"1455fb0f644ca05dec2dc44d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"8bdb40246d314a7badd78634b92e6ddd99815601679bffd23243ccb6d87f2842cef301034e6528b5ac070ad29b","nonce":"1455fb0f644ca05dec2dc44a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"480141053cd8544c15cf9a909aff94b61404adc43d26915cf7932e6bfa71c0421f8f6614a1cbc855ca2c312732","nonce":"1455fb0f644ca05dec2dc44b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"168b8d9815d1973ce776561fd4c7e1ec4148821e642c0a73341515660a77719c3e0a85375462db7430c81b783d","nonce":"1455fb0f644ca05dec2dc448","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"12a60e8e393b28b7eda78efdc1fc0dfab676f94025e069fe892853aaf79db859734b1bef42039ed846a51b49e1","nonce":"1455fb0f644ca05dec2dc449","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"e1bcd1dbc09852b011e117b1caf77c4685095750745ea6c6ef7e062cdb9df84e39be5473890ce8a51a824ee22b","nonce":"1455fb0f644ca05dec2dc446","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"3c23413cace8e357bc915fedebba8cd74a7c2caf61e9c81d84a4d3608902ec54a998139eabea04be62fed7a011","nonce":"1455fb0f644ca05dec2dc447","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"52caadc01af9441b0dd84b67ccdd2d3b6bbb7f789b098a7721b06993e98e3295b126eb698e785d5645530d8de2","nonce":"1455fb0f644ca05dec2dc444","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"140eaa247f035cb22578b190532e04a3a1d92a3672d1c2227830ba7e3ed16286df2fd066166f9b8fb18db5987c","nonce":"1455fb0f644ca05dec2dc445","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"773231ca85153cb824712df0e09a7d99d2d706583fbf3ab3dff3eff6656c0ff0d8c8bd2a61871f11a4f5da9cdd","nonce":"1455fb0f644ca05dec2dc442","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"956a8514c13867a9643f6b92218cab3c09797305ad73941de9a96321b9a42f3291076e3c21cf1f8fb439d1fc22","nonce":"1455fb0f644ca05dec2dc443","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"08018b7aff0f040f3e7d466c791245d04c9f0cd37ca556b961f946e32c0c777d0b1a5cf49570fbfaa7f0c0c647","nonce":"1455fb0f644ca05dec2dc440","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"f6f7e8b56f846eee5e22406a5f8c3dc6d731e8f92840400b2edeafed086dd41cc538927cc266477a0f26ca2522","nonce":"1455fb0f644ca05dec2dc441","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"7c1248ab5f2f68ba121623e1c067171da912aebee783c60718d15aa3ffcf204236b3de136a31d7c413e538cb36","nonce":"1455fb0f644ca05dec2dc45e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"22b8131871d7692fe6d330c8494ead8c8a88325cc32d9d51bd9706b96c91c02bb306f58dd31c31f920d4a709cf","nonce":"1455fb0f644ca05dec2dc45f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"bda60c041bd5005ddd0d16ba93355f39028e9f31902d6dbea1e0c5a4951e10480c138a89928b5770bf61c143bf","nonce":"1455fb0f644ca05dec2dc45c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"4e6b879fd53a614f2deb641b9475d2acab097083b7c1893bc180794233524415fe423a6abe892f1f0b549bd5a3","nonce":"1455fb0f644ca05dec2dc45d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"c59af87d010d41c99e7717f146e5352bf2de90c113d379d6fec06f76e511ca4795706d00bc522799b1d0e5d47d","nonce":"1455fb0f644ca05dec2dc45a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"9f785da4b2cba1caf5a7fff89b264b1d41366d6e88f59f5509a07bb46808a36f62d480fe5c2feb22ce00033c8b","nonce":"1455fb0f644ca05dec2dc45b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"69a767a84d3f565853902e1290d771e12bc80e9d87d3063aaf60a183e174816d21dc546493eeba5e6e6d35d473","nonce":"1455fb0f644ca05dec2dc458","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"8c5a12916383ba4d98def50b7868a7de94e2e7aa06e0f42ac604498a1449c3894d8bebdb214e99f138fa567a47","nonce":"1455fb0f644ca05dec2dc459","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"ec4ce7164d110f6200d9ad25d1f32db1de92679460034214c6e36e6c2d2901e12857f8fd9714bd3b90184919e2","nonce":"1455fb0f644ca05dec2dc456","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"468c4f2fd14b0e109a23d406be5dafb6bc0a67b7d3d9b5671d3ced5ca6614f67815ef6f495969db98e9bb297b7","nonce":"1455fb0f644ca05dec2dc457","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"7af4a2666ac437a0a22e9fb49fd7871091011a4fbb0a0e82b33432d20d0a2e0c61b32b10eb40c5537d8ee169f8","nonce":"1455fb0f644ca05dec2dc454","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"682eb361b6a65a0989cdfe694410be31e4f2e10270ee7c5f3f4ab58f7fa59bc48bdfb9938d83955dd45a086171","nonce":"1455fb0f644ca05dec2dc455","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"c9554ecad52fd7635040bc9709ee6abfa9f79463ec83e777a18cd8722b03cc786067ee12a3d11e9b7902b8aa45","nonce":"1455fb0f644ca05dec2dc452","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"d8b28415aefd8def89e04aff2ebaea785e53ff84e21d3df8e2660f4d8af84bfd2c966082a25dd5fa182b928f28","nonce":"1455fb0f644ca05dec2dc453","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"2b5a6b751d7f2050b847acb86c778472fa914ab076935d69fc69e1266dc53a148940b85877f04c8666040b79e8","nonce":"1455fb0f644ca05dec2dc450","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"3f5515371690d6343c12b9c91c3f1bde8059ead965278667daaeef7469bc9c62d2f42bcaa3d24a3d3eb78331f1","nonce":"1455fb0f644ca05dec2dc451","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"0b69e754ab271ed8e134fad1bef7866df3907d4aca88a856b9bd4f1ad0812a8bc0614dfd66123d0e6764e2b793","nonce":"1455fb0f644ca05dec2dc46e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"6b2a22d5bf1c5258991ef42f1b6a0838084e0acd458ef5a516a7c7af916b8495630047f0a26d51305a873b1371","nonce":"1455fb0f644ca05dec2dc46f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"3277e53fb190a3d88c7060a1c1ac89bd2e382f6b3e7ff9eebf0255de156d7c6184e3ec857650b25fb5344df51d","nonce":"1455fb0f644ca05dec2dc46c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"237df9adc9cfd6fc29fd215c4b104979157f6ba02886b4d2b345eb974ed9b78f06da2fa632c24f641f52c3477b","nonce":"1455fb0f644ca05dec2dc46d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"477bff91c5db94633b0da105b0f0a77a6d6f7a443d7dc648da07eaf4a9e8cfe8edb9c9c4f195b2f1480173080c","nonce":"1455fb0f644ca05dec2dc46a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"0c286d2a9492e01c4ebf91655e48c7e61e12afb74528317d5e865ba3071fcd51670d4092dfa3eb6d940ff2ded6","nonce":"1455fb0f644ca05dec2dc46b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"c4e17b950c8bd0800e33ec47db3295415648628134abea5c776775271f4ce0e3d4d6f417d0e5cdef01de6c8a26","nonce":"1455fb0f644ca05dec2dc468","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"e09a5e23dfb25aebc9de413b285b46b3388bf01e75469d7ecb3acdcc1c6543bcd382f20f3324bbe737c0a88850","nonce":"1455fb0f644ca05dec2dc469","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"e722751f40ba31e858d1c50157be6c5c52dfec631b051f0622668b2e3120a827dbf9780263f3c106101b571feb","nonce":"1455fb0f644ca05dec2dc466","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"5423992bd040d414eebc2b7bc9c27bce245ac45ec2e6687fc3690fbf870f99975f84755eefde31d1cccf519bb8","nonce":"1455fb0f644ca05dec2dc467","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"2d23438f96c98a8ea2f88b3f2c3b0b292564f9e0f8d6fca99b2ea2f1668f17e54c196d63c1b16203deb671ea49","nonce":"1455fb0f644ca05dec2dc464","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"5ac34345cdef0d6a61e8f928ef84a9c5fcef0757556ca91b8f2bd2d1c0f9931cc114457111dc5ad632be74db4c","nonce":"1455fb0f644ca05dec2dc465","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"217e3d25cd25bff4ca3205f1099592db7d9c971a20a5ab3703a8bf9f658bbe1fe82445885eb5c77032d1595412","nonce":"1455fb0f644ca05dec2dc462","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"b857aa30ac82a458575792308fa73eec7e6265bf8bc2a1f50074d13fc7946c5cc6af35b104c75a8cba9c80345b","nonce":"1455fb0f644ca05dec2dc463","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"9142e1fa5bd724695ffaa5449e87723e45f5d9f3b21c8cc49b16e211c74e23db3ff8c189b6862bd8653cae8499","nonce":"1455fb0f644ca05dec2dc460","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"64fa893cb230280cd0b9f65377bc3e82aaf3fe3f88823a62575252ba993a0562b626f25da9ae45142afc9785a2","nonce":"1455fb0f644ca05dec2dc461","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"bdea98d10f3e03b48cbd281feaeaef0ea23f6aa44cf1a2b297907e98c8e5f5a057edd29e8dbb184ea464c2ae74","nonce":"1455fb0f644ca05dec2dc47e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"3e89e768595551a99673974eee2488edd26f25e094bf6fb343dfcda5d136f76f1e348d6121ef9d0d15d077ce5d","nonce":"1455fb0f644ca05dec2dc47f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"7de0b3cbd2b24b38a53f22140b0928dc6a8c1978594687bb83a2c522349234de2742fdf3e6e1c554746106bad7","nonce":"1455fb0f644ca05dec2dc47c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"80c0e111c51c7620f10efc8eac911abc5b42bf5eb72ad353446d91bf8a5dfa019176a572a7df70982abf55b876","nonce":"1455fb0f644ca05dec2dc47d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"66d3c9d20a038c1c742e01fed193d1462db590e13003ff00549f9a2a7fe7696cd399ab630a934ba3bfc4bb6ebe","nonce":"1455fb0f644ca05dec2dc47a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"6159e5aa1183e7e4ff2d160891ee573f31a034209d5604be312bcb843a5ad1c6819e274b3efae3d2b6f7ba86af","nonce":"1455fb0f644ca05dec2dc47b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"8d4d55e232bd87f3ce2a9a3c5f90677f419324605fcec79542be70baf8c63ac643941d4eff743c3e2adaad1851","nonce":"1455fb0f644ca05dec2dc478","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"636688c5a2bcbb3c6495f3ad15b651013e87afb1eda04ec856899a47c72654e5fa2370f46d89aa23bbf4ed494c","nonce":"1455fb0f644ca05dec2dc479","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"17badcf1952a3349bd84c65c493bf08751c79b7ae33baeae4b0a02e504f4ae4d71f78bd3bebba99475a126ad27","nonce":"1455fb0f644ca05dec2dc476","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"c89c54744f4964ef63fccf772ce43e0463db91d7434fa5905e7125887febd472abf9f215675de69addfc146b6c","nonce":"1455fb0f644ca05dec2dc477","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"0f214bb5d28fd351051ad4e8c6cb0b418248bd7b7c75313fcb70eba1621718e9092b69048f3786724044cb8715","nonce":"1455fb0f644ca05dec2dc474","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"beba35c1506b2d0c0824dc699b3e020cdaaff636c70a43b22c74de6f83f1b1623f188a39278affd0e93e46d783","nonce":"1455fb0f644ca05dec2dc475","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"0c6ea4327d835dac29b900f12be5a7057e530635f83cd6c50e103781eb491717de0a9a79683b7f73819bb7a7cd","nonce":"1455fb0f644ca05dec2dc472","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"f88c7a6f5fdcbe83fb3156ba2fe58611e6a68ceb18f27c45858f70c9993df205b7ad96e42c8bf1e18d6e7596e7","nonce":"1455fb0f644ca05dec2dc473","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"cfb3a68e00311e26ba7b6f0364498b30e6cebde745a0a3eda053ee86ef88b3c5443885d626e610379a61a9cbef","nonce":"1455fb0f644ca05dec2dc470","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"3b4f7cd5113cff6b8183b38fe7ff5af9045a3aa7aede2fee3d9a700308b87b52281309d4540033e3080544d4b0","nonce":"1455fb0f644ca05dec2dc471","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"7e76d1d087273572305c9767f04bb95560f3bb302c7a5bd5cc4b9a5d330e9bfeac3e5ce9c762c2c5b32e4c073d","nonce":"1455fb0f644ca05dec2dc48e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"52d0f936b6ae42959588c18eb0b0f4aa8ed53070baacded8abadd2ed72fae6aebd839aad4f1d90d58e49990dcc","nonce":"1455fb0f644ca05dec2dc48f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"ffbdd431404e7c0b72aca3c378706bfc44ee089c9cd51d28ab15b53c1fdc138643ff4b4ebf5c1b3b34688ed8d3","nonce":"1455fb0f644ca05dec2dc48c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"88645ef974e6f3db377e7dad7756738594bc1b42fb3e2a45587a4629f4e875ad9c1fdd2b423d24ce0131254e26","nonce":"1455fb0f644ca05dec2dc48d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"04a781d1758a0caf4b2caafafd7c62bf3340aff72337fb4fd1a886c1a2fce5d17255b82831c271c3b094cf3991","nonce":"1455fb0f644ca05dec2dc48a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"a0f1469a4941cc30b877f23b52bc3ba92966ed97d9a5c00f54e8cf779dd9aa14391cd58673a4b5b22f91186b57","nonce":"1455fb0f644ca05dec2dc48b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"759d7e862c8d1d4716d540a5589198325b46312964d05ca497dbb1fd3242c78242663076f2200e186b88f39f76","nonce":"1455fb0f644ca05dec2dc488","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"2cdf9958c99848620e9a89f4e2fccb9e2e60d23c4b1f84a0f1b3cd3c666d40baba831de50b4ed0bf29835d8eb4","nonce":"1455fb0f644ca05dec2dc489","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"c2e65b9e06968e3368cd509e79c5813b5b39b5c3db1630d83485bbb13b0c2dae109c00fbde6cc0de6377c5ae08","nonce":"1455fb0f644ca05dec2dc486","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"f539d101b2dfc0702223336e32c0467b7f639dce26621f2485ce9b89b4093fbb0eaa303aaf5f415d80af0430e9","nonce":"1455fb0f644ca05dec2dc487","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"79844884a9499524744086c6b984c63956c13338b9a6891104a60ee674cd1478d32f316328bfa5a688c0b49c80","nonce":"1455fb0f644ca05dec2dc484","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"ee1fa9b6672cc0b92e83d5a4c8b330108c4e27fe3a251c91e64bade5278133342f2b1646f7bc3f52ce044eecd8","nonce":"1455fb0f644ca05dec2dc485","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"3a051fc64d17108132557d7dcd6c3b6f3c5a4d28000c48d748d54cb74fb407f211a715252e02c3772bf12f9d31","nonce":"1455fb0f644ca05dec2dc482","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"1aa08887dc830138267ea1c679dbabfea93f64c0034556a4becf50fde6473561f7eddc57eb4873581bd886796b","nonce":"1455fb0f644ca05dec2dc483","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"3d57e3afb68388451bc29a6ed03d7c594675aa2d7ef917aa1f3993e39bd5c30b30b3092b5f7284fd51a1634063","nonce":"1455fb0f644ca05dec2dc480","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"2553d405a159ba08872df9d9626f177c5182ed0654bfb4cbebcf11b7c9d6f1b7721e793fbf727bccf6d633cf50","nonce":"1455fb0f644ca05dec2dc481","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"247aca5221a9cf47d35d42d3f887b96f4cf0a2cf944a23422e0be4a21fd0ce993703691e52b155215cbaa18334","nonce":"1455fb0f644ca05dec2dc49e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"c8396c5cc54a6288c5a8b59f6fb8e789f9a0c0d287cf3af04263e4be3a38b55e32a92554b61a4213a107b4b063","nonce":"1455fb0f644ca05dec2dc49f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"bf7e68ccc806ced972caf61ef64dd4821cedf1f50fd17a0f6d485a644b75ce775da056c5cf501cf12ac9503830","nonce":"1455fb0f644ca05dec2dc49c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"5e2c9b1959d2d20fca7d6ff93cfb180e75597c26dd8ac1ff76a39bb724f3768e9c2f1b8dc55dda84ee527fbdf0","nonce":"1455fb0f644ca05dec2dc49d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"cac89c3bbec909d0c824a657415ea25bd29c3b4b309c0085ccd6d1498df22c239ef6832eaaa65fa6e88ba8ec71","nonce":"1455fb0f644ca05dec2dc49a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"345eab631eb607a27d7524d60b29c01868f0c1ea72dd37757abdfd038b8cb4d0a3145e49cd2bf00792e885626e","nonce":"1455fb0f644ca05dec2dc49b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"9cde25061e5c1c855dbbfcb2f23b25aae57a8277f5517c07ffcddfdfcfd8302d238d8e51b51374e5846df84667","nonce":"1455fb0f644ca05dec2dc498","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"aac0cf617cc7bbe2283b1e9db4ed9b7a91fe7f1bddaea12fde72bad64afc55f2fc8301c8ed34f9cec1ec6727f1","nonce":"1455fb0f644ca05dec2dc499","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"fcb716eb32704dfbb06471d6e03df078bdce9014607a5c7e1570d4e660be902a69ae5b831a861dc442fd9a1f7b","nonce":"1455fb0f644ca05dec2dc496","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"53722b3966fbe9919aee87dbec2de2247c4c7c2db6f2a7f34cf54681f49ed8998540cc1959ff024bd5f793448e","nonce":"1455fb0f644ca05dec2dc497","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"d9ee88b65212cb14de60490444c9430f8d6dce19079c3df5e7023d481aab92befe23d6ed9d1a66abc1dbc02ca7","nonce":"1455fb0f644ca05dec2dc494","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"cc8bd2aff76d6a9f7d3bfc1f49b2c123d82f59fc69085fbe0a9cba6864cdc0c56d3b9114dcf02183ff01f531a5","nonce":"1455fb0f644ca05dec2dc495","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"2460acbdeadfdfac1c550638eb711dad1dbaa9b2bdf05a525dc695ca81bb048e43c22d0ee8215c7d756d45d6b9","nonce":"1455fb0f644ca05dec2dc492","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"1e1d3290e92830986da7eac57daddc58b9b717c3144dd9f8f62b4fa67ed7cf22d5c1f8097a7671905b94e02904","nonce":"1455fb0f644ca05dec2dc493","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"23952faec29a0afd41d2ab9df8b077f90efb4a74bcf3030fc9ca8076f8a73eb03bebafb7bbb8f56fd0acf5677d","nonce":"1455fb0f644ca05dec2dc490","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"96e212fc9b7185d754ccc90bf3cf577594316db6f904f09ab16ecc1b583a4f0c331c05bc849fd2dbfdf2a02277","nonce":"1455fb0f644ca05dec2dc491","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"91e16db4c8f41e89f0c3df68f6911913a597f66bd18440197d8d5d146a6c627485385bff33f9ab6088a2ad6abf","nonce":"1455fb0f644ca05dec2dc4ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"899cfbdae66f6b2aa1a9bc0012328ab91a58d4d5c4c257212df7b8c5faaa6dd6dd20387a8dcaa369b0c875b64b","nonce":"1455fb0f644ca05dec2dc4af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"9c6bb03b27cd1b7b858c053849e1afe4cd3b207a3fd8926c4f8b4eda708a2639d29c60c29744c96837afc5a5c7","nonce":"1455fb0f644ca05dec2dc4ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"a5c623f1332e6695f27b02dce7dfcbc0c8dee38ccb91b9857ce95bc215aed33880523559d53bb70f179fa126d1","nonce":"1455fb0f644ca05dec2dc4ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"71cb5f2150c2a1a51fb70a1f8748f6aac7fe0058d21e35783188cf8302df112783ef28f76806c56af3ed6436c3","nonce":"1455fb0f644ca05dec2dc4aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"010d9402e8ff3018c47722e0af4c607a0fc2399bdb9b862f458b80216ec92d503b5e16dca096fec030ab6dcd31","nonce":"1455fb0f644ca05dec2dc4ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"f6dda2b9be16b68e27394e223253d11bcad5ff4917bef9e5eb2bf1b91085290bf555910aab2bab3a87a38b8cee","nonce":"1455fb0f644ca05dec2dc4a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"11814bfe98ccb18b0451e459258b81daf7fc03b7ac425a12f9a2398960a7bf8f8b8af7821abb391dd2b3ffc3d1","nonce":"1455fb0f644ca05dec2dc4a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"2859daed5bee3a099de993ce31ea6aa1416e96e307e326ab789a5cb3bb101539a664348b8aa719929473d4c57d","nonce":"1455fb0f644ca05dec2dc4a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"16a75375f39dd8f165cd3dc1d279fee8b73f87c066576ad0d5ef1947740e19aea614600beb40827132a0726e28","nonce":"1455fb0f644ca05dec2dc4a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"c0e85e8fbb996a0496a4bd6092de23ced14792464a7efdb4698533e90d342e1cea08c1a9078d78851f6759109b","nonce":"1455fb0f644ca05dec2dc4a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"eea727aae17326a12abcd81d18c07cc6b0d513075cc30148ec3e356507a4cd34a4f856554be307dd51331a34fd","nonce":"1455fb0f644ca05dec2dc4a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"481870a1633a31085e58453dce18793e042d3ca25732e3afcde985f138b67a234ff9bffcd245b021ab3971c266","nonce":"1455fb0f644ca05dec2dc4a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"956f24b7a408905d0d798990a081a5396e58afd5cb87319e44d9a6fd63316ef6643d17d156740c46e2bf62cc10","nonce":"1455fb0f644ca05dec2dc4a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"651bb6fc32ae0a45e872a41f1f2df05af8392945bd115561993555d36743981d505851b2e24687fb0ee1dd3e06","nonce":"1455fb0f644ca05dec2dc4a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"4c17d0c834c5f0ae4eac3ddb6c89512e7a0bbdf83dbd8fb36037448ecc9a67b68a1b827b8c2b86d9684a728f0f","nonce":"1455fb0f644ca05dec2dc4a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"ec040adbe94b4614e2df5dcf602b6f4335134691d2d9d8b7dd5445b7e7a866c9e1c2a76c3cdd2544394119c6aa","nonce":"1455fb0f644ca05dec2dc4be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"0d246981353b6298b9a5903818178100e90da8de8b467a61fa2f60d6b01f1b70ce7cc6525301371124296b832c","nonce":"1455fb0f644ca05dec2dc4bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"813d15555f6be7e15d72bdaaf38b95acd63201c8110b15f0d36c72c0f40dd732414d5dc8704c82350f675c7070","nonce":"1455fb0f644ca05dec2dc4bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"074826fba0f796fb276317c73eac91ede35f85f09c33a62e1149e4f6f065963465f5026503c2f72be15a00aa04","nonce":"1455fb0f644ca05dec2dc4bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"e009e496aa74c7634bd626552af446102c3d92bcd9d0b90869828fd2c1acdd9011f8a8d869ec5fc2a67e19e7d8","nonce":"1455fb0f644ca05dec2dc4ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"b133502b0ede457ae0d16638d2067eab7f6031cbb8f257dc956148e718e53c5a4932b969174b597ad63882f4dd","nonce":"1455fb0f644ca05dec2dc4bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"0ae5ddf12e7969b4602eada0a23bc00b9a967d0236969db1b96b71bba71f943da1aef30259bc54d6230df50ee9","nonce":"1455fb0f644ca05dec2dc4b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"84aa15dddf0942727eb3fe531c193d2e14157369279b79aed0e9726aedee8d908d7f832a9ab1abb0db2e2f91bb","nonce":"1455fb0f644ca05dec2dc4b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"e6ebfcaaa3598eeacc0b488190f7d52f05abb593a023a87f882b3e601820a56fc4655ef1e00ccf6b1d138f555c","nonce":"1455fb0f644ca05dec2dc4b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"c38b21b87b8586bbf364be8e43e56ff5fe058cec2905a309e0a7d92fbff79c1b2013ada3dd818419a65ec18a68","nonce":"1455fb0f644ca05dec2dc4b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"56f60afa4f3ec513d52c6dca8998552e005001bea690d552b4c3dd68bb811437e6dca1668f0723022cd121ada7","nonce":"1455fb0f644ca05dec2dc4b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"93266bac47dc1113110961aef36a7b737aeab2cc9b88fdfa4095250ed08e7b334819ce6038116951a5f9f1a09a","nonce":"1455fb0f644ca05dec2dc4b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"056e39514af2a0fd2765d09c4d53c40f948472f4c84129b33244ab1d39d2339d125f1a1200b0df8c4183554717","nonce":"1455fb0f644ca05dec2dc4b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"59747e48871e9c3d394b7be59e5eb2e4dadb3cda60841eb91ea88b659e9b282700fd0202bdb2bc2bee0ced0156","nonce":"1455fb0f644ca05dec2dc4b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"71d91ba5d0ceb56f0b7a7a8c96e217bbbe523f5dd25940c45e4b525b314994779afb44e01f434a4905213486d5","nonce":"1455fb0f644ca05dec2dc4b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"ef5fa641f1a652c325c0013c1d0ed385245444c5f0f64e076c5193b06e21e9e279075865a42e62a5dc2dfa2509","nonce":"1455fb0f644ca05dec2dc4b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"c7bbaa0c2a37d087d7ed8b01c369b0c9c5a5007fa644fac6ebcf667e644ac4e87532979aba8b10f1ef42c57c58","nonce":"1455fb0f644ca05dec2dc4ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"c9d6ae5cbf197fda2167de2980586fa2f49e856e966edf14b0ad79852a84247ddf8be7c7a7ec24e052c561bbf3","nonce":"1455fb0f644ca05dec2dc4cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"e37c6ad95fa614c69ca8b745a3320cc21b6e3afd1b240472d8d95bd3884fd7cf79ee122e2a3287d904c94d0b39","nonce":"1455fb0f644ca05dec2dc4cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"9d7b9f5926008dff5f34b6c2866cfe71a3d7be9c826b7c94aab8a18a8693509ec7e2cfadeb0b4d3d62b648912b","nonce":"1455fb0f644ca05dec2dc4cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"381fa84129f9e3fabd448eb2d61ab3c1f99facd821295909ddd29f97fd687a3c68bd4786ba156e4a790c81fad5","nonce":"1455fb0f644ca05dec2dc4ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"712069093ce1da8e535a9fe42e89b734080608223cd02affe2eaec7bff0fd7198907c3160ca5c65b97b0315252","nonce":"1455fb0f644ca05dec2dc4cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"d2598465499c815bb32ef1637ea6af93885c15fb057184c9adb9c406941202e675bf27ddc70b204225a473ff4b","nonce":"1455fb0f644ca05dec2dc4c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"c588974a65ecc2ed2614a7fa60dc20d48a8c89bc3aa9a6fbb5e7f7b224639ca25c2d3f3aa177b50eab54046b0d","nonce":"1455fb0f644ca05dec2dc4c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"83d3915cb3cca592238558b9f297403b8214cf2c3c5237bb10b6b48dc1a09e78b4917a8887a222fd88e2120f82","nonce":"1455fb0f644ca05dec2dc4c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"4bc8fa7e1798f2b12c05634adf874208d6bcb9950590ef695414a6886f1a15db07b7fe7757cf2457f9061d2938","nonce":"1455fb0f644ca05dec2dc4c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"6904ef3d1d2c5bf5df941eca60a117b534eb1892ae7e992592652aed0c4c96fdbc8af7a93d213466e5095ce18e","nonce":"1455fb0f644ca05dec2dc4c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"9a1e75b2f9d70621a640f7e8ec4c752593ff92e14d437a12d2b47cd467923e7714775e5890b2a9f9e01090f1ef","nonce":"1455fb0f644ca05dec2dc4c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"3dba697604d54ea2eadf239a01bb8bab1bbf4a5e6cc515af2dddbc29aee355643339a431a5e799abf188a3b900","nonce":"1455fb0f644ca05dec2dc4c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"364ea7073e3e2546de2309401970aad4d60698d025aff1a6c70fc9ed411be29fe995922dbbf042adebf3ac6a53","nonce":"1455fb0f644ca05dec2dc4c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"84b8a6753024de3f7fb7a5202b5cc1e65548f14a0c4ef1fff3bcb7c9c833532bf0ebf5e757cd8372257765c68a","nonce":"1455fb0f644ca05dec2dc4c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"60efd00116596e2be101b401a48dde5c1a5dbd109ae6b7a6134ce5476d7a521c026e9875dd018b9f302b25c9a4","nonce":"1455fb0f644ca05dec2dc4c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"5b780a7531135d373941dbea67bce3df4930e158afb21d29562533c51c678e56212b7d620eacce83d69e00d5d0","nonce":"1455fb0f644ca05dec2dc4de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"9d156d3ab6a4990067daa8bff2b5f1de0ec5ad01e009f269bfe9a530e37e3987eb2f7b707b364bdd963fd36769","nonce":"1455fb0f644ca05dec2dc4df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"3bf8117f5501432a604e72c0b56d5d87d01638fa25354574725b0c46ea6291728481f31a79cb426eb8cdff89b5","nonce":"1455fb0f644ca05dec2dc4dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"eff74fe0f8ba5d016ada52ff55f1bc2cd716a8a723db82d974dd2e09806e0a42d0a4a3f9c9d8e4b37f9e1a2398","nonce":"1455fb0f644ca05dec2dc4dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"bfe96b5d3eb6db3a2f16505e225545a28965419b58826be731e294df3b42d18b88cf332bd4c69f96fcdc140a44","nonce":"1455fb0f644ca05dec2dc4da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"33f785efe358f09ece27176102cf65fc0c152aeb45f09b4a7f4a2910566afdb31fb3d72f588c52cdb5a578cc72","nonce":"1455fb0f644ca05dec2dc4db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"3ef8376034952676c2d3fcd7724cc2b793708eec1ef9e1daf2b71e85e4d4fb069e72d5e1b8ffc4335b578fb755","nonce":"1455fb0f644ca05dec2dc4d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"f0d4ac90b9e8136e96cee977aa426f763e7c6c5feea73ea9645623be60e07032a52f50cd210c8abdf703478c03","nonce":"1455fb0f644ca05dec2dc4d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"73d50363b7e58c32b5d701ed68de3846abd6ee96522e9aa0a93df4d6b01746e16d38440de20e0c2ff96a44de80","nonce":"1455fb0f644ca05dec2dc4d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"51008e0e847e169306b73b07136a9df39e1cb4cf12043f40be699497160e344bfeee24833afd3effdfce5d2e3c","nonce":"1455fb0f644ca05dec2dc4d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"228fb360f79292073837528b42588bd148dc550e3f2f54e58cad3af111aabfa39e92d747bb6e5c7d3f6949fc93","nonce":"1455fb0f644ca05dec2dc4d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"4a307e7ef4f3d94fe10003061b72fda73ef0445d16b1540363dcde42b5adb1d43ebdbf1a428fe555ea2db30ee1","nonce":"1455fb0f644ca05dec2dc4d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"28a19deb09c941db4aca24ecf10a619fb3b9bedf70c65cfafb4d7f9d317fb19611428fb5a9eb222b06e52c81f8","nonce":"1455fb0f644ca05dec2dc4d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"5be11666da5fc5bd11262c3ee7540cf50725a7c13f4a435376dd1073bd5c0d31f028f9e5ce87b585d39acfb5b9","nonce":"1455fb0f644ca05dec2dc4d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"ce811d1ca49f57cb1d71a062854d7c745e472b41f40a4c180c759b6687d39893de8ea9000b9d0f7a45dae1e4b9","nonce":"1455fb0f644ca05dec2dc4d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"52f0bd75d4df5620311d11c93b7a2321dad5e14b1400e230836bbd25aa2ef609d6463c7e42337ecbfb92dfe5ad","nonce":"1455fb0f644ca05dec2dc4d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"1490e80146ad84948bf5e190de6b06c5e963a68395b4f6dd5bbb70be4c917495a971faad725d4829c4c9a25430","nonce":"1455fb0f644ca05dec2dc4ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"d8647bd4d4d9d9c63fabaa40b312f1120a6ad5adfaba5b92ca885dd70b435a2fa7cb23854c3a474e6867405bea","nonce":"1455fb0f644ca05dec2dc4ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"e58a1cd197a866b1277d2947fde268a72dfd35cfd38802a93c20ed85a14401d21e250687111b0e57279d2e75f4","nonce":"1455fb0f644ca05dec2dc4ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"7a8542132a87aa4cd382dc4467cd4286bbd941bd1271f88493da7c7687ab219cd582927383c6a4256c273fa51b","nonce":"1455fb0f644ca05dec2dc4ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"c434a03bfa1c9b9aa9b5e3e91945bde665a510d15288b6b27c4cf651cefa2c4a774be5dbbd8b8b000bf8c62da1","nonce":"1455fb0f644ca05dec2dc4ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"dc64285fab624c0a84220ef416c139f56f722081ca5f662a0ef27a3b5a6c33185b8fa786ff4d460cde21776639","nonce":"1455fb0f644ca05dec2dc4eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"0bf714bb3c978075a4e580f472cdecc7c5eb5cef4f92d02bc042f44cb1a45668b4dd861e64c395bef43465bae9","nonce":"1455fb0f644ca05dec2dc4e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"90f5e3732e068f8c55636ec3959a4c5d9e9e5ab1af4dae64fa62645e92c969a6ab326d6c31ddc80550347e3369","nonce":"1455fb0f644ca05dec2dc4e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"6fabf03f29fe7c9afa3e3134af1f810613ace2b02f2f345ab050428e92094745905e6b91ced0a6288fefd1f639","nonce":"1455fb0f644ca05dec2dc4e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"e34c7630d664e9f086c11da16cef6943de2cae62b7ae155ee188271405451d548435bdb362681570324e02696d","nonce":"1455fb0f644ca05dec2dc4e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"b74a1c5956a450d84b0450065b36cbfe4cdf4e50bb3c7a03d16683103cd13be1784cd63be7c48e19bafdc1abcb","nonce":"1455fb0f644ca05dec2dc4e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"44b5877a2ca513053c5a6b29505d4002bdbb5552a9e7fbc7905ea029dbb3518a92edbad97183e6e10d1d481b63","nonce":"1455fb0f644ca05dec2dc4e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"4b2ee8416d928ebe2c30d4f23aff477fb21c68909c8887b376d8a09ebb67ecb4f0f13d2d467f800b9d2ea0404b","nonce":"1455fb0f644ca05dec2dc4e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"3ff56e4a7b7ee159f10a1b7d9a67b09230891a98317af8eced0aa99c5d31693148afae327fb9ede75962a1acde","nonce":"1455fb0f644ca05dec2dc4e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"b7164c980829e32bff8aa88350a6c928c572f4497914051abcdff1516c07a1f14578f3405a5b55a184f97a1928","nonce":"1455fb0f644ca05dec2dc4e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"2c6f9bb4649de9d069b57bb874ef99f516f268c8466348189ab8b81c8f8972254051624581a64d0e1b076605dd","nonce":"1455fb0f644ca05dec2dc4e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"419900ab636bfabd8abbf4ff21318876a4bd6e579a1f97c254c1e918853f7ae43feb4eaa565296ac6147caaf3c","nonce":"1455fb0f644ca05dec2dc4fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"e79be3bb9a7afbcdcdcd3986e4fc84368f348b8f35783dcde23d668b4ae4615a0ae860ebfc58bfa2f245fce803","nonce":"1455fb0f644ca05dec2dc4ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"59c31788adecedcf0272044ccc43fef43324f597e8bcddc0e3dcbcead6e13da220daed30f931b61803ac8236cd","nonce":"1455fb0f644ca05dec2dc4fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"92c48ad29daa5e534eb883c37ab2d270f81c8de1a9a7fb9df82609e2347dc7539f4bab741e39c6390d02f524b3","nonce":"1455fb0f644ca05dec2dc4fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"96e2d83a9c4a104e53c3e31508436ffaa5919590453635a57f8accebd3c952649ad26e62e65fb9f8a699ad7901","nonce":"1455fb0f644ca05dec2dc4fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"43b2338ce15cad4e05c63c35342fc9570dfd8d2ea46193013a4e6b5f04c40efdf24b38d724ecef4b501ccb528e","nonce":"1455fb0f644ca05dec2dc4fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"63c17e2e114e483d72a04fddc8f395524f4ce53256e6afe4a9041a0185ba0679dc12ae9aa7d1f755bf51e8a7da","nonce":"1455fb0f644ca05dec2dc4f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"8961f615890a10c91629f9107ad280315d1171c8bd54c83465e6f7dcd562979131b8e55b95fc18a63558147f12","nonce":"1455fb0f644ca05dec2dc4f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"3232f8ab82a40c6501edafecd585a774b3b6927d81d44d408e8403b25e78c27bec0741bd371d2aed3b5607bb9c","nonce":"1455fb0f644ca05dec2dc4f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"a7caa12e884e8cdf3ba4a298caf3a77bd71011cfd7bd8c46743127ae6f4c16d2f58397af7dd941f1da0bf7ce44","nonce":"1455fb0f644ca05dec2dc4f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"95ef09aa2f19e055601b34dc3b44552dfe2d453d55250112cbdd3c133f3d64753e4119aab0a8e850af50ef7152","nonce":"1455fb0f644ca05dec2dc4f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"0447595332a198450c447f86f3ac41795f0177c6e22a3948c64d279b8b06e82920c5abe7ebc1e7d128df434020","nonce":"1455fb0f644ca05dec2dc4f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"083e107dc30068ada7752a935977283d51166c9dda5790a2f2c6a76854982da3b6e68019daea7bf98123f7d177","nonce":"1455fb0f644ca05dec2dc4f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"a64ff35ca68fefecbb3c234468460d47ae8ea3f90da984d3307963dc8c6242cc74e2a4d06d1c127618396762d4","nonce":"1455fb0f644ca05dec2dc4f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"7b3d017b9e6d0315334b6553d90ce456c54e9f33e91560dcbcf707e824ee68d979c9f44eccbb79577efa8b592d","nonce":"1455fb0f644ca05dec2dc4f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"82f0d22a5dbf45ee663d611f1bde8940ee2cbd02c384fcb159fd79b51aa5ab33b2b34f51e3acd9290a88cdd802","nonce":"1455fb0f644ca05dec2dc4f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"111bc7955e6b95f96f39d8d8313dd070770af62b06362062d0d99eacb6f41aab1fd702ffec08d9e0e47466d81f","nonce":"1455fb0f644ca05dec2dc50e","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"0404bb6afcf9f3a2f8b10e0d2077b7829b5b90d97f799a3ebdefa3772e53137a"},{"exporter_context":"00","L":32,"exported_value":"b27b4d9756004ad06b8b57e680df80097ea5600796c1bf9235b8c3d9a28515ae"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"d4a4033268f372ee2725be064512c4de92591f94740efdb1ed4be226c5d4e20f"}]},{"mode":0,"kem_id":32,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"1ac01f181fdf9f352797655161c58b75c656a6cc2716dcb66372da835542e1df","ikmE":"909a9b35d3dc4713a5e72a4da274b55d3d3821a37e5d099e74a647db583a904b","skRm":"8057991eef8f1f1af18f4a9491d16a1ce333f695d4db8e38da75975c4478e0fb","skEm":"f4ec9b33b792c372c1d2c2063507b684ef925b8c75a42dbcbf57d63ccd381600","pkRm":"4310ee97d88cc1f088a5576c77ab0cf5c3ac797f3d95139c6c84b5429c59662a","pkEm":"1afa08d3dec047a643885163f1180476fa7ddb54c6a8029ea33f95796bf2ac4a","enc":"1afa08d3dec047a643885163f1180476fa7ddb54c6a8029ea33f95796bf2ac4a","shared_secret":"0bbe78490412b4bbea4812666f7916932b828bba79942424abb65244930d69a7","key_schedule_context":"00431df6cd95e11ff49d7013563baf7f11588c75a6611ee2a4404a49306ae4cfc5b69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1e798c0bb19eb9796","secret":"5b9cd775e64b437a2335cf499361b2e0d5e444d5cb41a8a53336d8fe402282c6","key":"ad2744de8e17f4ebba575b3f5f5a8fa1f69c2a07f6e7500bc60ca6e3e3ec1c91","base_nonce":"5c4d98150661b848853b547f","exporter_secret":"a3b010d4994890e2c6968a36f64470d3c824c8f5029942feb11e7a74b2921922","encryptions":[{"aad":"436f756e742d30","ct":"1c5250d8034ec2b784ba2cfd69dbdb8af406cfe3ff938e131f0def8c8b60b4db21993c62ce81883d2dd1b51a28","nonce":"5c4d98150661b848853b547f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"6b53c051e4199c518de79594e1c4ab18b96f081549d45ce015be002090bb119e85285337cc95ba5f59992dc98c","nonce":"5c4d98150661b848853b547e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"71146bd6795ccc9c49ce25dda112a48f202ad220559502cef1f34271e0cb4b02b4f10ecac6f48c32f878fae86b","nonce":"5c4d98150661b848853b547d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"5b23a1bb4a46eb6534d7929b88055d6a73fe36fa2209b7c851391a8b73aba3f8034e2cc588317ad35804fa4f0c","nonce":"5c4d98150661b848853b547c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"63357a2aa291f5a4e5f27db6baa2af8cf77427c7c1a909e0b37214dd47db122bb153495ff0b02e9e54a50dbe16","nonce":"5c4d98150661b848853b547b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"13e916caf926e56e911b1f114f4d3b91da26a5761bc475bb874e91fc625e2f15d6789a8bcb69907d03d618406b","nonce":"5c4d98150661b848853b547a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"1ae4fc091fddf17c3c18c8b7bb60063668e6eb7fdcd0abef5aaa8922eb73b4317cbe38301689a9bd876487e86d","nonce":"5c4d98150661b848853b5479","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"3034f34153aa2227884561ea011af79eaf74fc9f4540c7ef71bb49e80c0a38834ecd2a2582c0c6c7412b76fbdb","nonce":"5c4d98150661b848853b5478","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"d9f753851465e7153c1c0ec83c5d9804f52b2a984e6d8bbeafd92865a736ce1dffec4cb28f3adbde0d16acac77","nonce":"5c4d98150661b848853b5477","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"f3af37da4888aa0b0f1ded625e06a277429df8e8d89782b6d10e58e94bf50136abdb2b5daee5101213b0f49f5f","nonce":"5c4d98150661b848853b5476","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"cb8bc2f5c08dd4ad61b85ea2e0ad5d0ae244a663172d1b7b2cf0477f7c1f16d35b3c5145fd6c310db97fa56f6e","nonce":"5c4d98150661b848853b5475","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"7b21af3ffba9165013c692cab1287d60a93c82ffaf3f9329ee5fa9d8eb6f11d2432314f45d02b2dd5a3f73438c","nonce":"5c4d98150661b848853b5474","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"039fd4450d4c35b2ec404479975c3a83a526bea12c1d41653e758a8f84f41b7ad2c1ec84f6fe0e21dd664f36b2","nonce":"5c4d98150661b848853b5473","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"2f65411d6ba8e3113b67c7710502f7772bfc9718d37f21f2cc4d0f61f2717d0fdc2c2a380f8b84d006e8af33e4","nonce":"5c4d98150661b848853b5472","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"494dbc5558dd047c8e6f3c547cf5ae3010496f99d2ccbcbf8e3660d435d40ed41c441abe4a71f7cdc298a47512","nonce":"5c4d98150661b848853b5471","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"155dc29cdc2e5718756c572197731172cb5463692619d10c0f49142c858e7fe4c84a801ad74ee11277a899b17b","nonce":"5c4d98150661b848853b5470","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"554c22933d7d58c6689ce050d8e1eda0af1a1e6b0c9621ee5c3cecb24170be59b59794f78851bee7c75c9bc9b2","nonce":"5c4d98150661b848853b546f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"f14f868aeec918d8917b5e1c5a3acba3eac72500e2e1c5859e940b836bb5fc690c9fa666040e0f24235ef89461","nonce":"5c4d98150661b848853b546e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"09aa8c97325c57173175ff935f1545dfef19a3c23df9d650e6e504b0f38476f9c328e9f8545dc03eeecd397efa","nonce":"5c4d98150661b848853b546d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"aab8d8659b899dda7ed988788c1f753f65182fa46aaec3790c752c5e6d4edc66d1a29cb7775a06d611cc3ba9da","nonce":"5c4d98150661b848853b546c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"b53cb489b5afe8d32b8b7f06a85ea21eba5d95637f1b60f5bd065ca400176588edbacff42a2fd0b9b2319c6b54","nonce":"5c4d98150661b848853b546b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"2de0dc0045de431a43e2d46b8309c01755777174ed464e3076d1af20b0ea679e40c426df862d3d9e24885e815c","nonce":"5c4d98150661b848853b546a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"4e92189ed1d24e7816771cca561591384a644a7ace00cde6a3680d83032c3d74194dd478019cd89544fe802db9","nonce":"5c4d98150661b848853b5469","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"3992ca5ddc6cb82d81f1b317c3a1105ae1d0b5b7bc38649c7c350a4dc257753097bba175deee96426f96aee308","nonce":"5c4d98150661b848853b5468","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"e6f475061e9cf348298d4de1b3ed8e84d05b1a22210222d317092554b4b1b591b89c91f890da65e815294eb71b","nonce":"5c4d98150661b848853b5467","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"7081949d6353a8a4849adca6ab69c21873368cd5381f317cdfaf64d5e47b21499996a890b24df18e96a50ec4c3","nonce":"5c4d98150661b848853b5466","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"154c97813292de73d50275d18fba298c207e7c8f27f74f2d7566db9334348166b0be420c0cef431e085fd44324","nonce":"5c4d98150661b848853b5465","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"9e453e6146c12681cf1ad8c033c5a18cc28824c847a391413fc2bf51c0657499fcf3cb659cde1c0d00dd092d24","nonce":"5c4d98150661b848853b5464","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"53e99d1fe817118adf77c5eaab64ddea7f8880e5296c5261194e666931924c92d031cedb844f23f2284270e4b4","nonce":"5c4d98150661b848853b5463","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"f4337b127f13c333d1c979803fb31fe57673d4e68dcc907dccbe67cfa2de78ac154c63cc43510a821f7dba17c5","nonce":"5c4d98150661b848853b5462","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"f6ee59922b6f249f7d55f64d52692b06f6deeafae40f91d56ccf8d574d61f93a37cebe5744f40bf5b1451ef983","nonce":"5c4d98150661b848853b5461","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"39975125abc4f4647b5e8dd5141a375f9ba66bbff0c4f89fa26eac66abbb71f90044be9197283ed9b60516d866","nonce":"5c4d98150661b848853b5460","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"545ed2b3050db6cbbae44b8f59fd3e80635390d22b2a93114bd928fffffb126481b32ee539120ff99dc3138dc1","nonce":"5c4d98150661b848853b545f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"2dccce6855d90951971ad92eb2fed5961823e402af0d4f21f910465c3072622ef18e37f91e6e456a854256159a","nonce":"5c4d98150661b848853b545e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"1c614a68a70a26f0824a92d25121791d985e8f99a54f0b72475ae04656f8517f5124fe0c8d55d243e47f296f5a","nonce":"5c4d98150661b848853b545d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"9425385e046c183e19515b5776407f7cb6b8b71a0352598e57f8bd8808652e1267506432084d98b8397ae18df9","nonce":"5c4d98150661b848853b545c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"e5de6144eab00d48ecf33a175be12bd845fbd640ed9cef6c6a31340ab536c9a0f07291762f77f1638e248946f4","nonce":"5c4d98150661b848853b545b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"e402b0a9c028a1b292820d8e438506d157ce717b5c8bbd4eaaac9e6520363df7e108900f0f94eecbfa314c3c43","nonce":"5c4d98150661b848853b545a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"47a319e1ad50f8d95f55e2075f1d54f9af446636571d81b39ae95cd50a55543c74d65f811aea42de7ed79ce756","nonce":"5c4d98150661b848853b5459","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"c35d9f43b38e549c6c12a3aa433af0d6f3fb383259ba8292604c82f6bb2761a474a165c37f6f27ab816388af3f","nonce":"5c4d98150661b848853b5458","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"918222466085e53705e47e6162d3e715cc1ca21bfcfba857dcb1a4dd1fe45c0fe95f4eb2dcb7f27b100dd165c3","nonce":"5c4d98150661b848853b5457","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"bb2136e56748f6d78f7c4aa8093cbe651d0081d7046e66873ab849e7b155e83402fcabb30af22b607a3758e5e7","nonce":"5c4d98150661b848853b5456","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"7671268965a6bff9b8ffda26e5292eb37e1257d3952dcf37a65a6077d93651744d5e5c44643b1b0b53c20d2039","nonce":"5c4d98150661b848853b5455","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"17784b52a709bde67d6fcc6b6de937cbf80f9cea7405708f42bf1cded9da2f6c240a6d2063692bf2c896c6df86","nonce":"5c4d98150661b848853b5454","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"ddeeeb8ee50963740d7283ee5404581b0eb97619acba905588f66b5e79052ab61da7af7e3c9b54c201899565ce","nonce":"5c4d98150661b848853b5453","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"b4a4871ef73db1b66c310341e67187c30cc526ec5fa203e57848449f029d20906f8968a6599ba5b9b5a519d1b7","nonce":"5c4d98150661b848853b5452","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"5de1796b6b89f1cf0b93c88c41e7778cfb482a81f3bab287f636b10d0c10612cb884aec9b2514b0c1b7af59fbc","nonce":"5c4d98150661b848853b5451","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"041b12ea31a73f9fb5b80ffd373c13a938a1f7888923355e17bb47c62221383d614d485bd25d090c68f45dfa93","nonce":"5c4d98150661b848853b5450","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"96506b77c1a44ced490059dbda1578226c3514977d4ebb39fc334c92b71af1220463f46af1d9effdaf099d23e7","nonce":"5c4d98150661b848853b544f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"fc3dc86ddf279c9bf386c0161dea4a060f5e109484a4c0371bf551a5aeab963e0c38fd3d1562531572fcf041db","nonce":"5c4d98150661b848853b544e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"762086d44613f1c0a15ce6c5dbf89d314e3af3728c0063a8eee91cda202de81b678230eabed359421493113578","nonce":"5c4d98150661b848853b544d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"33f3cbd6ec16c70b1e639d455090c939732cecc87c7eed10bf57cd395b31c3b48f9a5a1655b48d3c471f57e969","nonce":"5c4d98150661b848853b544c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"515dd43217bd14c705e96f8032e58fb486ffd167c89215111ddcd88087ae0df6741180eea245e2f834aa3216d0","nonce":"5c4d98150661b848853b544b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"b93c95015ef99d815be1381fb27a6c5b2ba1667c859db56b2eccc2df9ec697aeed944f0cbd93fd8f952432015d","nonce":"5c4d98150661b848853b544a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"543a160b7a3025f401958732ca4892608bb3bdd362f6f48c3052e0b5599ddfda1b9ac57dc82d436bb2fd890728","nonce":"5c4d98150661b848853b5449","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"ebe8436ae2822e2f6c3ba59b8a79752d10201da5551caffde4e8421e35ff23918e82ef57c154882edf949412b6","nonce":"5c4d98150661b848853b5448","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"2e3babd04dbec3db0c25943f765409f83efe07287272d53fda796edce01604a24a409791b1dc6c9491ef951ead","nonce":"5c4d98150661b848853b5447","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"23d8e8aea875a89cd44d1a0f2f652f389a2ee8899c06f1b186f2d35b98ce2ca55586bc8304f2ad8f11ec6d4a45","nonce":"5c4d98150661b848853b5446","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"7fbd9f0b4ab1ebadd868ae523bedc740f19f619e3147cfd44626ac9e0148facf092c1b7a1439f12b66fab1ee91","nonce":"5c4d98150661b848853b5445","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"79901c340c134f34a87943df878ab284769a7fb6ab6b63c03107150a7c0bf02532c203b847f6b2e82b9dde4daf","nonce":"5c4d98150661b848853b5444","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"afea3edb11f087496f4e969455d323c65936376a11db5818717b3fc4729567140aa786e25a6420be379d9d7356","nonce":"5c4d98150661b848853b5443","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"f7ea8ba2c5aa0317e7364d13429d7db23aa3184afd9698fd368287043ab04b9b0da3477973aae8df7c95055467","nonce":"5c4d98150661b848853b5442","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"bb875e89ad36fc0be4ff873d25548e73c572f22af59cfb75db6a5842528720d0e9251a8d0d69d85fe4a44c23ca","nonce":"5c4d98150661b848853b5441","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"93d5bb5d990e893325555ef94928cff7e722dc1ea4be036e7803dc959c33cdc052a3da5af36ec904247128ef71","nonce":"5c4d98150661b848853b5440","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"1c77e504b276395a277babdcb14e96c02d44966bc1722e813e2ddabadfbe0893be0d5dfeff38abac3b4fe8c6c0","nonce":"5c4d98150661b848853b543f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"e54391814005400e0a3712f651ac1cc3a4d8987a75c03b111d71f80cb9b1491efeee7a2894e794e83ab3e65333","nonce":"5c4d98150661b848853b543e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"84e80b892d7f4b4fe505047d67f61d8a62de98429d4f34d5fae2508e7a38037ad8c67e85b9def05b628a0b85db","nonce":"5c4d98150661b848853b543d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"3feff021bc5491d7329b2f0521397af99ee65a301488697b3c96ae6e8216d92b43478e7f45a8950c16888e94bf","nonce":"5c4d98150661b848853b543c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"328bfd026fe81f27992e84d4daac65d37661c5f16c41b4901163eb0e4ec4a9da77d46b7f35fa5eb41ed19bd054","nonce":"5c4d98150661b848853b543b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"3f975f0ecf397b0e57e007c588bb93a4bd123506089a7c907f733cdf21c5359f861e6ecf36d137f3b8e3b951da","nonce":"5c4d98150661b848853b543a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"afbeb6001680eada34d532ed5fcb64f888eda521bf62ec048405c40433d6cac6cd1317f8309529354d581767ac","nonce":"5c4d98150661b848853b5439","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"bf217e3b30a4210e59173df68e359f806e9a1636e2c683d12cd1ec9443fbc1c7c2b14f54ffadbf4d0d8f32c300","nonce":"5c4d98150661b848853b5438","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"4dbdfc3cbd4dc0efdb3c8f9e660d07bc8f1d022679c0d0ce7108fd679992dbdbf4ea0e05caa1439fddc705b5e6","nonce":"5c4d98150661b848853b5437","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"2894e03bca52f3d6ccfa334a5e6832fa73ca18c75d21ed01321d7cfffd87cf56ac3b141ebb5dea1d611adbdc61","nonce":"5c4d98150661b848853b5436","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"ea1c4c156fbf85ca5e6dd5cadd8bcb6c9e19b3b833012560d5da193abe33752794f92e67525446502c0b684aed","nonce":"5c4d98150661b848853b5435","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"f7f162240ba707111097a7fa5030fa6e96033f3fc67551398fe06bb26779e33bc2e8130081ae237607e7a8146f","nonce":"5c4d98150661b848853b5434","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"c3343330c59be643478135ed7604e9f5a8e65cd6c38b13d51b0e3ee59bde00c2108116f9d585f0c5941c32860c","nonce":"5c4d98150661b848853b5433","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"252d5d39d319eb01e8723da3adec3197c6c012a058e7ededc5fea6ace3cdc643c45e17cca3ec4e8f22ee4cc373","nonce":"5c4d98150661b848853b5432","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"77cd702a74023299629f0f3ee73d1f1f9515939d4b82c0e4bc1cb608b3281dceaefed6dd604b51c28fffb772ac","nonce":"5c4d98150661b848853b5431","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"2d5636db4e74f6259a4a63927cccbc2393ccd024bb9880a475776432ba27e1c1045c73fbb74948a8d3d2c0f811","nonce":"5c4d98150661b848853b5430","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"8ecfa6ca7db677ad757d74ff454d1c8f076166bcde9cf71bc22a6724cb6e5ce6e963aac83650f45f36c069df85","nonce":"5c4d98150661b848853b542f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"3951a980d02ee0d047402352895ec3092c96687f3a4a81af987f808ce7a7df88cc8a2b04ad4dd7e1b93a3cde00","nonce":"5c4d98150661b848853b542e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"5fd41e209137f2bd71793de55445a4f4df44f732488d657404b335d0a5e21d737d3ced858be28d5f396dce8810","nonce":"5c4d98150661b848853b542d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"1516e99633edc73806a84334bf6a4b5ae77461de405fe6827da12c820a5eaa78f6aea9d41b22cb0c6c11ac3bde","nonce":"5c4d98150661b848853b542c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"b2ff502eff6663def30ffac7e432f1e580ea814b8513b1004af12d268de932e7cde5a55d99b6cf8517f34c4567","nonce":"5c4d98150661b848853b542b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"34aa152d2822ccb3c2efde62f6a7923d9bfa510376c8622c0148fda24c62a9da754f979c44c65e93020baccc3b","nonce":"5c4d98150661b848853b542a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"cf271c985cd39fddacd870f2be45eeefa6b1f7dd7d85d4865708847f3916656b4d05ddf593a0bbcbef0ed984c2","nonce":"5c4d98150661b848853b5429","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"5199c1fddf6fa7c089b20665662284fed97ac3c925973bee516767b4fe1e0005fe476fce94bd3deea4d0c9fcfe","nonce":"5c4d98150661b848853b5428","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"ef3a374f39725309cc9752d6e661c79cd8db58bdedbbd7d6b08fe1554644e5a601433bb035240dcf7a3d9a38f6","nonce":"5c4d98150661b848853b5427","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"c3e155aa10237e1043e28a7a8f681b91792e13bf78c897db601fec3d8c284b247638467a5a57dda646b90543c7","nonce":"5c4d98150661b848853b5426","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"0e72f2d5e27c37094638f2d0e3c1b1d8d7c745ca85546348acb4ab8fe1a3d379191509189cbdfc4245090487c4","nonce":"5c4d98150661b848853b5425","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"27ac400f3b4beb50ada443e43d74c46730e1b71eb72e97c636d0ff977d79cf91bbe87c6913d4f9601bc90ccb4e","nonce":"5c4d98150661b848853b5424","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"e8b2e055c163061a6234245f3e6ab72c9c7e897c2c2d00e298d3774f65c0f538e6172cb12ccb36a98278f2e3cd","nonce":"5c4d98150661b848853b5423","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"f61f2943d8a4648282206473fa3702cc74fb1d6931ef2a52ccc88fc4e4b6ce23667103f6d452f691e591e6afd2","nonce":"5c4d98150661b848853b5422","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"0cc73e09604e6bed58aecf1b365285c56f5a94ab35c3f4177fda4b52757a1f003c46b9ff528863ba9a2644dbd7","nonce":"5c4d98150661b848853b5421","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"2e5ad52049529415c2b24dc5949a128cb9045304e1645d428e9602dbdccc9f4d8ee5b7337caf69049d7091267b","nonce":"5c4d98150661b848853b5420","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"6146ffeeb44cf294c63962c4bb48cb233a5157eef4c1688a99b259cae5b0125b2cee8a4969a7c8736c3b959d3d","nonce":"5c4d98150661b848853b541f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"b0c71e3417967f477658a019ad720307e21287096fdf9cba517c81bdaad0dddd39a8ea1ba5e9b03d0adea8b4f8","nonce":"5c4d98150661b848853b541e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"ddc7ea7991cf45bbabed2c1fc38ca55b475a226bacdd1778ec8f90f38fb10ddd9e14ebcf57a8a472f89005fcdc","nonce":"5c4d98150661b848853b541d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"43b4c369a15522e7fd8ffc94ea8fc0ac4bfe6423f2140d741948b99d7f37a7d19b8c711cd1cab239eeb8b6a1c7","nonce":"5c4d98150661b848853b541c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"ebd8870f51fe43cfc1ff67bae967befad397f316d183382f72dbc8feac3aad0c06808a0f914d871be6ab3cf2c9","nonce":"5c4d98150661b848853b541b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"a5abd9ac1c787a9548b37346a4a6337e694fd42fd180623fbb860e9df75b0948e9558791d5729f064c11cf11d3","nonce":"5c4d98150661b848853b541a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"11b1858f8cd4668aba2d2c6b5f7a9b34fa4c2e5afa16ff42a3c05d58fbb2a994a387ad4deca4ad6f569d9a9f39","nonce":"5c4d98150661b848853b5419","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"fcb7d46fa9102974cedfb8e83aafd1dc2392042b8dc52dccbc0a6717440597fd710bd9c1ea3af0e3d7a362f122","nonce":"5c4d98150661b848853b5418","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"780f8f46e0c247ec2793933ad66e2926d6461426923e2f4821d021facdcf0271fa252fde7f640d3c2780932bb7","nonce":"5c4d98150661b848853b5417","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"0e0cf8a78acd8b57ccb6271c134fee2ee7c2ccaae1fd7869e91b07c9252a81f27abfcc14e7d5f79a28ee444676","nonce":"5c4d98150661b848853b5416","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"d6290633b09e5511d1c4e019a1dc35902c3ef1b3c6f25050a88328f615e737e0a5a118a2ad6ebab15ddf982c0e","nonce":"5c4d98150661b848853b5415","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"e1d7d3ed74c0ae1a55c25990813f19257aff7d518c9cea74e958c7e9da405fb0faf1b0890e5ebde57958eab161","nonce":"5c4d98150661b848853b5414","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"337be5b4890c40a215ec994a22c052271d190bb16c21a617396623ceab9c92c24659f365a825fb3d2f83a2a51b","nonce":"5c4d98150661b848853b5413","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"faf4e4ca80ab7165a7c438dd3408d639d81be2fd41acf359c7bf2aa36a3ae2b85048415582089ca077572c8127","nonce":"5c4d98150661b848853b5412","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"117a8924f12695b93ad2a524fffcdfea837ec279e587e23bb91baecf5db4ea35c54658dd57c3c4bcd4e7c8b19f","nonce":"5c4d98150661b848853b5411","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"fbf09a8165127a844b9d879a39addf98f08474e244a8db6dbe50d51944233086aef4ddb0cddb61fa9e9cec113d","nonce":"5c4d98150661b848853b5410","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"f2b6bc73bb81a7db754d4210c3e29addb2bb31668321a79d1673c258acc6aa35c62282f9ae89c4fe3caf816ea0","nonce":"5c4d98150661b848853b540f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"1dbe114873ed874af58808fe65631fd1ef2e29a4142e7f15c3e9c12abaa11f26e4a945f662a99fabc0def49caf","nonce":"5c4d98150661b848853b540e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"424df6475b58070d56590f81e287798ec199aeac5a96f8d39f29a78fbe4b0b0a9c2991413e815edb0266f48bdb","nonce":"5c4d98150661b848853b540d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"672f979899572fee01ee11addd53923252cfea452f9933149d53cac450ef7215a98407c997096f16a87bf316a9","nonce":"5c4d98150661b848853b540c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"c4158a774b811d3ba2bf11e00ea2b4887abfa329219370612935a8b22f4399718689be9bc54871f6a362c55f11","nonce":"5c4d98150661b848853b540b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"9a153e98698656d114ce7b45b6c24341d50d66fe45a170bc570c185eec7f0424eaf20db7118d5ddaecd911f692","nonce":"5c4d98150661b848853b540a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"641c90874675f1ad9131a995b632648e557edef53779e6572cd9ea80e684ed62b7c3cf25380634a0f34d3a2d13","nonce":"5c4d98150661b848853b5409","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"cdbb52dcd782784096133a696ba4d20d755f0f150f4e1c7245cb17e30a5a599e53850c53ee980492a0ae0a86ea","nonce":"5c4d98150661b848853b5408","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"d2d7bd0462eaf3320587507249643315a77da7cdb61d9e00b59b7d882142daa8d64ff910b637ee892b97c9542f","nonce":"5c4d98150661b848853b5407","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"31d62424dad797797679163e601da04bfb30b1b214ee56fc514f728d3ec1928175ef03b04cc0ec8ec449145a9f","nonce":"5c4d98150661b848853b5406","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"72890066793d4ce5851795f2bb11a702503d0b02091d8520e1236ca9429f6915e8b07ee41c560e9301a341b1bf","nonce":"5c4d98150661b848853b5405","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"cd427af93e5a6e662da9d023a4731972348a186fda02f2524f197708edfc7770e2395f0ba24c0e3a73827628db","nonce":"5c4d98150661b848853b5404","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"0f54466a39ee0e3cff12f715fff595576d925f76afeb50193173d744bde8679fae3dcb65be7e307b23ade40504","nonce":"5c4d98150661b848853b5403","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"a30fb4f1fa85c078468ddb6ded139106b6b4f19f4e0c9f51f32801a3f67af90fafd3cbf46c9692ab54bacfec17","nonce":"5c4d98150661b848853b5402","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"f5205006e1605b0f5b9943d5bea5c452c00261fe468902d948cb4e77a88c9cfbd9c4f765de197d67a0a2e7097c","nonce":"5c4d98150661b848853b5401","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"5a1ae229d393354ef6188759e73ceaef47c5c5038a4764774f996035000d34e9f8235f7a7ce94c1a6a29d982e3","nonce":"5c4d98150661b848853b5400","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"edec2520d385d5a75d4281d927865302c61dc3d99311ce987fe9ee87c2035fb93a5ebc2e5ec9396a9ecee6b973","nonce":"5c4d98150661b848853b54ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"c410d16f9eec0b1f2e6ab1a65fab63885f1555e3499d1883012cc94ee87490fab8e82d40b749a317b15b26494b","nonce":"5c4d98150661b848853b54fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"14f1d6f624b582aec247062f9f9d6c32d89c80d7876d41441440b324f9c769e4e071320fe8ecd30a8041da7acb","nonce":"5c4d98150661b848853b54fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"7f89975b443e215589978e9f61e6207cede48a6e5b19ad4df15688babc33eda041ae74f5476b6fc37f10798dcc","nonce":"5c4d98150661b848853b54fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"91dd02deb3f61e67ff45cd8a2c61aa6c39df18b4d5676f7b6c57c0c274b4a65c9d22a8b412ec9eb2e2fe5de3e4","nonce":"5c4d98150661b848853b54fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"b3c6fe76011eb105e4b1d5a511be0e863b5b3f3832ffe8afc84966b36ed4829c734b1191e7fc83ea94db64b024","nonce":"5c4d98150661b848853b54fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"baffbdac2c8c9a24909bbd467ee896625d9dd72eaaa11b7ee1520cdf64412c20a07fc60620ff17e9c19f5cb519","nonce":"5c4d98150661b848853b54f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"8a7bbc189f3b80d0777d94cf7e47270b0d120de46e76de9a896311d4b8e4bb1e946475641d987c15e1abbd39b9","nonce":"5c4d98150661b848853b54f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"e24362464d437c2d00bb59f020282c6a72c43bdff5c660c6d7184272157248edd7362e20550545cd9b7e2c54f1","nonce":"5c4d98150661b848853b54f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"9808dcdd8dd239d2405dfa278479dad5366feca0c6e15cbf0750c68e092c08fe02ebdb029f0719022265299453","nonce":"5c4d98150661b848853b54f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"6096422f4c0a38d68b4faf4364e22fc98534d594b7791cba71ca1e1a381b318158e34eaf30e4b030206792a859","nonce":"5c4d98150661b848853b54f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"21f71e717075903e15db104f6865b6f7047fbc3dbf65f9f648d15fde45c1755072c8a211c1c0bcf5d5b42e4137","nonce":"5c4d98150661b848853b54f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"636e85e1b727f382bd1d83910e0908bb3f47a204b0e04a77722c76f168919489727df626e346600f28d0aedd32","nonce":"5c4d98150661b848853b54f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"4f6c63ce156ed1168d83778579215ce35312166bbc98d02abc4ee03c60d02326ad07c51d08777544f0705cb7ee","nonce":"5c4d98150661b848853b54f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"8f8359af17b3a5c18343ccae2b5d553b9994dc6f7ea613fca8479529f842decbb118ee9e74ede49e7003b49f3d","nonce":"5c4d98150661b848853b54f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"221270c0f2ac46fee06b8b779eab41baa74d0ddcffef47b9ca30a33f76cdde4b22d5a57bd91953736d98b1cb60","nonce":"5c4d98150661b848853b54f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"23a8555e5165ef29e3d30d087f471c2b28eec5e94eb818d8d4fa422757019a3e1784271627ff2b526333b740e5","nonce":"5c4d98150661b848853b54ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"d375e5d6ba2387ab0f19fbf63a55af82b4ea6ceed080be285c6efcec7f1d9eaa7717d8bea52783beea0a8b06d8","nonce":"5c4d98150661b848853b54ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"d4747347e4f5b93863cb1079951819e9148ef5f5b830c45799efa13ac446987052d47b20b678621f8a223debe8","nonce":"5c4d98150661b848853b54ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"9d759d117fbdef4ebb9b70fabba081c3d2c6e083faad82999f9b2fc9ecbf738351594eee9d949df083d9c954e4","nonce":"5c4d98150661b848853b54ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"dc539696ac9a42698551ae070eba7dc1b540ab553dbbd43e1113e0f1079d3e6b092e90e9fe9b5a27d2b86dfa50","nonce":"5c4d98150661b848853b54eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"6f508b76afab6ec152f4a9f19013f37363c5f348ac098e172efe775f25c8726190eb17256fd91f21d6aadb18d7","nonce":"5c4d98150661b848853b54ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"0ea02391896c4b37451a3863344f606dfbd654afd7d58aeb29b09d19768dbafeae09e858f6726e6e708130db19","nonce":"5c4d98150661b848853b54e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"52b181eeab88887689810a72ab9ca29eac16910f635e5eb2716a47790017b3782c9f8dba0a1bce3bda527fced2","nonce":"5c4d98150661b848853b54e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"cd8c5f53ef7a6a19493d3fb4d88a491c3663c0a6d8380f53dfed5f727e583ca6de725645c128a6e739c4f928f5","nonce":"5c4d98150661b848853b54e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"5876a1c9b5971b0433f9dd08780fb47b4bccf298bcb9363c83a376ddae778d9ccdc9bf13f6f81a818828e48dbd","nonce":"5c4d98150661b848853b54e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"f68cd40a6d61712410ab2c2d3fdf3d5fdfdfebdc2e533c6e9150615469189e5854cf4424022aca568bbdebf527","nonce":"5c4d98150661b848853b54e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"3b982a6feb4b033b7b742c895c16d0c273cfe4a3e43453677626fc8eaf5867b26622ab8d49cafb444894ac1e17","nonce":"5c4d98150661b848853b54e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"3f283b4367614462aeea93abb6f5e565a9138e4b3fa3453b719bce40170210869025725ed494f9db4416b06411","nonce":"5c4d98150661b848853b54e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"549ed49d0ed44536dc6f9a73fcb6cb6420f0441b87a269c390974602259aa376f20e16c42da372d5c1b397da28","nonce":"5c4d98150661b848853b54e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"9f3229384c4dabb5e647618f501b66989311fb5258b19b4ad20c72874f273fb8a434dfdafc8803346be8d5e801","nonce":"5c4d98150661b848853b54e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"239c4c8a6dee032f79cffea36724709c2ecdde052ce0c9ae6c15f7757eadc11ddb0fbb949ec4720040d039a3c0","nonce":"5c4d98150661b848853b54e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"027b6cca81e30aa3f37c68f619badbbf4aa9d26c5eb279ecb57b6f5fddd4020e6143e49920301c8ce1dd0d60c6","nonce":"5c4d98150661b848853b54df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"b14f60943b33a79a398b225a517a0f9bf03709afa714375d4398371551e91834ffa11baa6e27c878593113596f","nonce":"5c4d98150661b848853b54de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"c8b145b8217f0b86a8c69ef1d835bfe6c2185f22d87b938cc2a4d838c830a75dadcc7b5b7b63823d3aba11c14b","nonce":"5c4d98150661b848853b54dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"53026edabb6dddcd3b63512641c2134801130bbbab6b1b21cda7d5e4a48af68fd56287552834f1120be8980424","nonce":"5c4d98150661b848853b54dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"cd52eff6227d1e8a9201acb50faeeeb476515857f0e127a0db69176d41e70ccc9c01a9d426120389f1d08eb5dd","nonce":"5c4d98150661b848853b54db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"4e9c7956a5fdda91bd84fd006df5b298edbc6055fbf8553c733eb55658fbb8a4d3b80d969838bf3eb2153c47e5","nonce":"5c4d98150661b848853b54da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"46bba4391f8c75515b7a2b2825071d09b44a73450185375540902cf86c47917fe9f19156db6555d6a8d9e4ec00","nonce":"5c4d98150661b848853b54d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"69aceffa957a4fb972a42bbbd1daa8a98d1dedadf925e827bd41b8e8e4adb33de639f2c8f92e69ce7669a63cb8","nonce":"5c4d98150661b848853b54d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"4b44cfa8a50a1eeb357b08f1659ed01fa0527d3c4ab59d72f0bf06301620cd2d25be3dbb3444c3884c5366dbca","nonce":"5c4d98150661b848853b54d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"5442eafe977df2fef456f9658e6e4a74b7c90180bf8a33d2d5adce2958bd343741fe1579ef2f78a52f5a0842e1","nonce":"5c4d98150661b848853b54d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"30b747860a4f39eeb11e3758a15cd554142490fe12c9aabe5d3c71fdce34e69a6c1d4c799d485f4d4b51a5c721","nonce":"5c4d98150661b848853b54d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"608dacb5aa99f31f8c957b3c4630aed121774138ace30d373dd98f29c17a6892e1a842d727671721145d93e5d5","nonce":"5c4d98150661b848853b54d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"6fd543b032740e762f04f6d90d83e75183a997214883246bc24d4236d6e26656124289b4b4b6accee4176f1dec","nonce":"5c4d98150661b848853b54d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"6e3cdf915393c8a4265055c1d2671b97776e074115156e10e7f81e69adf97871bb0ae58f15fbd7b1e31a395292","nonce":"5c4d98150661b848853b54d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"4bd80d3f79c99c40b5fa3913fc83f5a7d9486fca22f5589f2b4aa50c2b9d86e3c0f1a49aed3ccc1c9e6164e7bd","nonce":"5c4d98150661b848853b54d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"31ba0bc96f3a6db0ac4bd73b17d5a0f21ddef1668db1bfc5a3f3498f88a23033cce86933abc8831f62529df2dd","nonce":"5c4d98150661b848853b54d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"c3cc98fa65baa464cb950b3c539c5988ea36f73bd3ab13f85be6dd0df1f9d79a9fdbc369d9c286253f78126e93","nonce":"5c4d98150661b848853b54cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"f337704ea92c55ef28b1cf904f066c7b62187a313051ce165584b40a2aba61ffc04dfd01be8493e15967234c73","nonce":"5c4d98150661b848853b54ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"3050885e6e284811a759bd67884ab62f1d0bce7d790729d6cb224811c83b73cd3d708d85b826e204c5978f47b9","nonce":"5c4d98150661b848853b54cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"461dd9b8e3c50875b0f07519cdb9aef7d13f34df61dd97a093637b6ae09cd1e24741e40a2c309d0cd6b11394e5","nonce":"5c4d98150661b848853b54cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"9f795bed00dc2ba48760fd5c9cdc2006ac435ae471a69c8926019f7d71919829dfb6359bd54b4d87c04b3398b8","nonce":"5c4d98150661b848853b54cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"b557d7f6cdfc4707e99c047bc831a0558f19bd9b15ed607f143aaa85bcf73ecf2468752881c6e02b3e83d4543a","nonce":"5c4d98150661b848853b54ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"ac251b361aea0a771c028cc9ff768994d008389f126970d9c89d1b8713575833e3757fa3f9efa076b5e77ec318","nonce":"5c4d98150661b848853b54c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"b69c7bf9d7ef08541f4bb4d96030a83fe3fdd77005cb16c865c7923ba30b3236955db8b28e7beb3c0535b08f5b","nonce":"5c4d98150661b848853b54c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"615b848aa99f4fb56bf436f6673145784906fca3172125375eeeafc57d895d3f6cfb2a6305d8e09f4e077278d9","nonce":"5c4d98150661b848853b54c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"1d4006772989c69d4d8b41b189ba68d1216d003812524a1db206da42f111ab38da9de9c39b06d0b5a0f4f7931f","nonce":"5c4d98150661b848853b54c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"b9cd2de5a742eff0f508eeb3a43644060a88a73f5476e804e7be8d426b39b3f23324c89bc653e320b651cb843a","nonce":"5c4d98150661b848853b54c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"33d5a57af1cfa7fbc086b39770180dda5bd9ac8b7fcfd5ec8f3608a8e239ab39c6486b6733b4978c0cc011adc5","nonce":"5c4d98150661b848853b54c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"3f9665a5e33e089fcb79413f53e79c40ee93ad5b2a6de97a35843ded62fa277d4c258ea260a5c7e06f95a8d449","nonce":"5c4d98150661b848853b54c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"242b8fee457d1c21311ce60c7774b6262852fb64e1d4f61de6d11f002535ee6bd9d65cd7f87573e1d8cce8383f","nonce":"5c4d98150661b848853b54c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"0b6e167302c1351ed4b8543c0d2879a7a8fd58e42f906e57279e4b52d8b9773e9f6a10334a5dbc07eec5577708","nonce":"5c4d98150661b848853b54c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"f34086725af61863c42947ed52aadd66b4e48b475f13266384e48e2b536c3dfd2ec6fb984f3bdfbdafa84b213c","nonce":"5c4d98150661b848853b54c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"a53074ed3b88343c5b44799aa2cb6b323ef5b0615f948de2784c00af2709f7afa25f987ae24eb061b69c6ca2a3","nonce":"5c4d98150661b848853b54bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"d293b46b823f01385c458a9bb3125ac70cd021de4cdf5624810a9899d3a3ab4394a3b8407f6a49ade6ed95cbb0","nonce":"5c4d98150661b848853b54be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"b1c77b724b044ba27240fce5f840c4de73d13b00ce73ba7582930d725a9766347cd6e210362c6ad01eae100141","nonce":"5c4d98150661b848853b54bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"12afbe5e92bf061c3ac2cf48919616fc21f268cee9dcea2c9f61e02d9c37d0e2a27f55383b11ff4a8da4026a2b","nonce":"5c4d98150661b848853b54bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"7397c4a17f59b44a4530f2b1c2b766412244d31f340ceb6abeee44fda4a7e08bd390cc458b19ae003cd833143d","nonce":"5c4d98150661b848853b54bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"6181055e55e9f226013faba7694ad4f2655fb7c4ac9776b98fa9cfac6d4373a60199c6501a14461eff0ebd9eab","nonce":"5c4d98150661b848853b54ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"51a0413101207b176f54ff80be07e219d3c526633cc83a4d4dcb504e2f394ca8be6c927c1698cca387eff89f8e","nonce":"5c4d98150661b848853b54b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"4dda2afa170011d4a85928780d19d0874e6fd993c1994d23e3ab6abe2ea48e8b6cf72e3935ecb9f5db85978500","nonce":"5c4d98150661b848853b54b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"b37a22b46572fc97e5ae45043834d8a19bfdcae1b98111cd82135ae2f059d85e686d464e8ecd5ea42c73f20362","nonce":"5c4d98150661b848853b54b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"f8261dcdc908d46e6aa03bc25565cca2f2e6b86436ed94bd0ca94fdf28001b8b541a2dbae111b28f1a56a2e86a","nonce":"5c4d98150661b848853b54b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"64628718d4472b3f592cd09d3e1180ddcd7d2618129c0665085d3b377b3065c03b13c3e3f5cc57cfec3038c6b6","nonce":"5c4d98150661b848853b54b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"3f2ac05adeaaa8d70088302c09bcf3c2e29b11ddfdbaee8a2aee04608241ce8e663fffc4421a92abc69a1c9f80","nonce":"5c4d98150661b848853b54b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"44f72dfe1d6de08f95407f63ec7fbcd97cee0e778b74268d7a50c994653cd3443efd4fb50adb13a6d6c79ca9ce","nonce":"5c4d98150661b848853b54b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"8860128148e7fa751e2176bdd0989f81699f4a6f8db8b9bb9a740878bb98c1da926b34e7f10326527ba27dfbb3","nonce":"5c4d98150661b848853b54b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"d79816873a6e24b3738576e66ee2a3cd2faca1a8e6300e0bdd7932f7bbc2908f02af2bce13ebdd6cc108f4c9aa","nonce":"5c4d98150661b848853b54b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"6925df0f28576eff6d3a575e8917bd1b94d3f656299e6d7f10b6cef87d0a228051c21e8c4adb6202396cc4502c","nonce":"5c4d98150661b848853b54b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"45465e087d0b390d3a13351a12ddc2c20b3055d2868be79465bec9a5eeb114a034dc04964928d973313b3a9f61","nonce":"5c4d98150661b848853b54af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"92d94f52220fb8908a226599d67f101d8803a6b38a59ca1cd439cd42fb3e9dc3cbcb4449e36449e5f9823476fd","nonce":"5c4d98150661b848853b54ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"e95cf8938a01158d09ff66c37a5436d6118db2aedc449951126ebf4184da493803a7cb6a71dc0e09cc46d42a22","nonce":"5c4d98150661b848853b54ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"95ea0e88e2cb4b88c1669d9567de88a8f403849af9a74254e906ef595586b2e168eb0cfa2d6d258dc7b75e1ee2","nonce":"5c4d98150661b848853b54ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"e5c938d2605a5eb68fd5dc37a3ee20a83633ed5e5dfad218bcb2d8962eec2346ed040b4eab2a95b44fd98220fd","nonce":"5c4d98150661b848853b54ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"9f75c8ad1becb7a32fcb307c5b29a91c53c7e6a745ae7664071d4aa3bd23c8e99859f1c4731473948a01655e57","nonce":"5c4d98150661b848853b54aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"5b1e23823276f8ad3a202ae5403efd60eec67238703767f85e2f7d2191670491db06e109a0a23c47cea7ea7f0a","nonce":"5c4d98150661b848853b54a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"a954766abb4da6228599061eff24e6e488dd28e645044cd2ff194114dcf8676da441f5d3d6f6a95156edc01d58","nonce":"5c4d98150661b848853b54a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"08388a64ac543cf748ec47e7e6080a38ca18d40eb3ddf1efdbebcd57d3f357aaf7ce57f7433601175bbc2a97e9","nonce":"5c4d98150661b848853b54a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"41d792afa8a74fd0d9bf4d9cefb406d9208b3364dd9a4059234ec9c3d5ecc08d5dda0e8df119467663f8b770c5","nonce":"5c4d98150661b848853b54a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"a765697054b7d1bcf82d5a3869f01ad632fa412e23f8b517ac4745e2f34954c422f108256d36b7c12ac942a9d1","nonce":"5c4d98150661b848853b54a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"164e696bd9a10e227fe9a3582e40574fe59d225661c5cf09a7c75423f8ddc370337292bada80e48b9f7d88628a","nonce":"5c4d98150661b848853b54a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"fb6d6c347a61f7279767a92897ebfff446e929562315ab50adf47cea14d7f03b0d86939c0b0dacb245fe4314f1","nonce":"5c4d98150661b848853b54a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"61625bab2d94464510430ff6f74793cfb64bd87a5ca4193c5b80401058d082e351a36cac8881aa083018f9443d","nonce":"5c4d98150661b848853b54a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"6c04a3f61cc9bfc10a6e67e2adcb7818a61a0709bd49285c5bd069808799a4b888292a4a802c15dd38d75925bc","nonce":"5c4d98150661b848853b54a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"f4f8b3ba316bc1109069dceadb7809b2864c7857f8d9ed3f8523fee84e4033ea681bd941868e1190d40ae96b18","nonce":"5c4d98150661b848853b54a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"1ecd688ce744a684f660547887d910f0445b5b7167ea29ad646f2668bb064d83160205b5e977e7487bb4d06523","nonce":"5c4d98150661b848853b549f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"38e766640dce7ce1edf30aa96c4324763036633bb4d881fcf26225e3c021e333ca8aed8288c565fa74e9238333","nonce":"5c4d98150661b848853b549e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"8bb09de244855723d0b697b02a967bc98d064bd529819046640c1bb009f27c9bc85f68aebc1da97791701e4e53","nonce":"5c4d98150661b848853b549d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"5364e964cca737d51bd327276a0bb9340c4efaf3630b6086b4b0e20205a418d4fdc8855962da8b682eccfd53c6","nonce":"5c4d98150661b848853b549c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"fb7a049058fade2c1653b3dccbae8c4ce3c5d50cafdefc618695c8a8955a8b8d48cd792c97b9c7599ecaa08456","nonce":"5c4d98150661b848853b549b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"72ee72219b3239f96a902837a653fbea4a652f76e765ea4009e97f647fd0441f23abc6e6fd4af79c91bd206307","nonce":"5c4d98150661b848853b549a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"54215a6653acd4e6976d5230607127f898aaae52addddebe170515d8cd6551eafc0e653d3f91e714dcc2cd0504","nonce":"5c4d98150661b848853b5499","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"1375489e8fa717c36d15cd26c9519c7c798af560b41e354fa86fc242760cbc448fe81de05044f1e8671e3a29d4","nonce":"5c4d98150661b848853b5498","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"025b901c822275bbe1d6f72358f9919d76ae4062f9cb29f0e8c4c034e2c8791f198ed837c5a78c01ace2a74e89","nonce":"5c4d98150661b848853b5497","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"7a7d9406e7bf753493cdc3167253e53b21ab34b5fb906c13255fc63001566aee76f1f2ba9dbe2de613e4178195","nonce":"5c4d98150661b848853b5496","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"b192c5443cd1b4434c3d5f031f56fba802c965eab7803371c9702dd15927d1f842981c633b28e93f3bb9254df1","nonce":"5c4d98150661b848853b5495","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"1ba5f39d42dc02590901b8b2b755e528ca59085feda6c37318baeebdf6604cafd79a26369a5d55e58c45d90645","nonce":"5c4d98150661b848853b5494","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"699225fa0b0a7cd2350d4e6100ceaf21945bde25084b031bf2c83bdcaac73ae9563b5e3f60366d4f152ebb156b","nonce":"5c4d98150661b848853b5493","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"03a5d97ce6e8ddf07a3c2c33dd4d401eedbd09fc85ce68a5e52b1a2d63de672f9ed62e5e4e3a843560b4363937","nonce":"5c4d98150661b848853b5492","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"177a9525be60073909a731825a3622cc60dbdd7540e7fa6b706a45beff03f8d3c65220d439832a42660caf3beb","nonce":"5c4d98150661b848853b5491","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"dc3ca9a852da948fcb4659fdd6e3b8fa307ba56e8face0f3d723582fc06c090a7d817a82df0cecf86335b82e31","nonce":"5c4d98150661b848853b5490","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"6ca9b591de5234579a0aa90bea2f016d60cf50e77bc2a06d729579cb8b7b4c68e5dc6d483d337c5151d2989180","nonce":"5c4d98150661b848853b548f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"02e644e2e21b35f8868e786ab534c31a485b6e69097d10df2a25f24993c4d4d407f067796af1ca127de2f325fa","nonce":"5c4d98150661b848853b548e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"cc9ea8088634939f2e757726833e70ca2b00d7e617b1e525bc147fbfa9c6b3d29621d38a73e954944ff4e9ce5a","nonce":"5c4d98150661b848853b548d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"180bec2fc3e686d2f37f2b18a3b0a195a2277c28ffb49d85bcdecbba92f7cfd3d1832a310baaf01ca9396c3d8a","nonce":"5c4d98150661b848853b548c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"b067fc48293520ce29f528b1bad11c0d38dbbe942f0c27c0ca953469dcc88bb1fe4a6b156134ec7803a8f6d367","nonce":"5c4d98150661b848853b548b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"42bb52ae652c21e3a16821c1a7dddb127e42b56c1985cf3800090a9accd8eb8080861e00f69f22bd09af42e19f","nonce":"5c4d98150661b848853b548a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"6bb1ca4dceb6137e525632def5bb056f7ce6f5dd452edb7a69449e43e947706e970978d47554fc50707c30567f","nonce":"5c4d98150661b848853b5489","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"a37b7d0abd040300937b12ec5b6c3c43e594295f2b1d0f3292fdb0c38205d6ba925d0a11d3d1274b10a45c1d29","nonce":"5c4d98150661b848853b5488","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"729c0bae1bb680320852f4ab084062a0b143d535eff67da55999088f9f751fa7fcee704f524a9f6b8a94aa280c","nonce":"5c4d98150661b848853b5487","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"dcbe1ab062cafc3bd1c189007316e09bba8df92eb0dd9ece681a62e1d5bb9ab9ce4e5055257c96d70b43b62092","nonce":"5c4d98150661b848853b5486","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"b08f5a570d41d21d0aa528c9da0b68bc2006e2579a956616f40f46caa5c24f5bf2e6bd8bd5ebf4bce2b79fa282","nonce":"5c4d98150661b848853b5485","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"985991414c213e093e8ca144c4ac5c6d90e2f136810c934831e8623a64349dfe77ca188acd973551b5241754b6","nonce":"5c4d98150661b848853b5484","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"67c3d85876339d04e89d76bde220151c85f88b83718d50973ed5712373545ede91492b1f22b3c2da20d6e6d7f7","nonce":"5c4d98150661b848853b5483","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"7552addfff71040acd9740a8deda98cf23dbe410a9af5fefffb7d0a21d60cff55d0ef91eb295fc2e0ef51516e6","nonce":"5c4d98150661b848853b5482","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"8f531f2137e6b9d7b8f07af2f3fbd425c5ed60cdcd642c035f4354432d6f5d41870cf1d6bc18bb192489982866","nonce":"5c4d98150661b848853b5481","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"18ab939d63ddec9f6ac2b60d61d36a7375d2070c9b683861110757062c52b8880a5f6b3936da9cd6c23ef2a95c","nonce":"5c4d98150661b848853b5480","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"7a4a13e9ef23978e2c520fd4d2e757514ae160cd0cd05e556ef692370ca53076214c0c40d4c728d6ed9e727a5b","nonce":"5c4d98150661b848853b557f","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"4bbd6243b8bb54cec311fac9df81841b6fd61f56538a775e7c80a9f40160606e"},{"exporter_context":"00","L":32,"exported_value":"8c1df14732580e5501b00f82b10a1647b40713191b7c1240ac80e2b68808ba69"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"5acb09211139c43b3090489a9da433e8a30ee7188ba8b0a9a1ccf0c229283e53"}]},{"mode":1,"kem_id":32,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"26b923eade72941c8a85b09986cdfa3f1296852261adedc52d58d2930269812b","ikmE":"35706a0b09fb26fb45c39c2f5079c709c7cf98e43afa973f14d88ece7e29c2e3","skRm":"77d114e0212be51cb1d76fa99dd41cfd4d0166b08caa09074430a6c59ef17879","skEm":"0c35fdf49df7aa01cd330049332c40411ebba36e0c718ebc3edf5845795f6321","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"13640af826b722fc04feaa4de2f28fbd5ecc03623b317834e7ff4120dbe73062","pkEm":"2261299c3f40a9afc133b969a97f05e95be2c514e54f3de26cbe5644ac735b04","enc":"2261299c3f40a9afc133b969a97f05e95be2c514e54f3de26cbe5644ac735b04","shared_secret":"4be079c5e77779d0215b3f689595d59e3e9b0455d55662d1f3666ec606e50ea7","key_schedule_context":"016870c4c76ca38ae43efbec0f2377d109499d7ce73f4a9e1ec37f21d3d063b97cb69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1e798c0bb19eb9796","secret":"16974354c497c9bd24c000ceed693779b604f1944975b18c442d373663f4a8cc","key":"600d2fdb0313a7e5c86a9ce9221cd95bed069862421744cfb4ab9d7203a9c019","base_nonce":"112e0465562045b7368653e7","exporter_secret":"73b506dc8b6b4269027f80b0362def5cbb57ee50eed0c2873dac9181f453c5ac","encryptions":[{"aad":"436f756e742d30","ct":"4a177f9c0d6f15cfdf533fb65bf84aecdc6ab16b8b85b4cf65a370e07fc1d78d28fb073214525276f4a89608ff","nonce":"112e0465562045b7368653e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"5c3cabae2f0b3e124d8d864c116fd8f20f3f56fda988c3573b40b09997fd6c769e77c8eda6cda4f947f5b704a8","nonce":"112e0465562045b7368653e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"14958900b44bdae9cbe5a528bf933c5c990dbb8e282e6e495adf8205d19da9eb270e3a6f1e0613ab7e757962a4","nonce":"112e0465562045b7368653e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"05aa188f7e7cbf9773040d238164d7e5468c53efaa5c8b38542c963db90815499483ad875478acbe7bc4b44ce8","nonce":"112e0465562045b7368653e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"c2a7bc09ddb853cf2effb6e8d058e346f7fe0fb3476528c80db6b698415c5f8c50b68a9a355609e96d2117f8d3","nonce":"112e0465562045b7368653e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"b706493e92a3b4ea3ce4f74aa357668e4aad15211b644a8978ec2469403479f752f3bd3b80e64d4583383e9422","nonce":"112e0465562045b7368653e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"f4912508e42b49a8e29dfed19c09f9b4c7d7fe9ee1f41454b232d3222a22b50706a130350ad40f638e4523d92d","nonce":"112e0465562045b7368653e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"fdc0432eeb0378f77be16e0778441f6e3610b226499112a2257f5ce4cc7479c423e23db1d772c4947516279cd0","nonce":"112e0465562045b7368653e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"d9279192d9cc68f3907435808fdc0525da501aa9d5f8a99820bce6c33fef2d1b5ff12cfa0ac8a8db3f7c0bae91","nonce":"112e0465562045b7368653ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"736778cc1462b1537a746ec477b73230a216464172acfd6836746efaef7fc80f3dcbe0bfdf07a3898ef7507ba7","nonce":"112e0465562045b7368653ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"b2b98a490612a00ce0660cfc3bdd6b6280ac01012a564ca7251a3a29172225996ab20ae49cef8958cf58176c0f","nonce":"112e0465562045b7368653ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"4d35eab6427a15a72530ec0b89905c7c1e877ab3507fa99b529f0bef626a2dd5d439acbe167080ce61794abe3a","nonce":"112e0465562045b7368653ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"a9eb207db4502fbb9627ef84d3b7ae2a2f21bf561637570e33798a83240e8d9a6ffb9192e9fb17bc86b8f1d6c4","nonce":"112e0465562045b7368653eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"f8ec0b33238fc8a75acc4799c829940f8106ca1a6857c8e5b3bd81c629ca8f5270f2300181afd3b6364fa097b3","nonce":"112e0465562045b7368653ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"36fcc58221709d36a9c77a0360f12930be32374e50a6d86e6df3ab1d761b4b97af7a4a5ff2e8c7d3511e41e002","nonce":"112e0465562045b7368653e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"9a763f5f7eebfd1448db83427e73beed4a10c64cd790e2d915aaa9aebeb3fa770b4210eaf590ca773b48f59493","nonce":"112e0465562045b7368653e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"df6072d500ab32f8f6428884889a257249f64402ee7c372a3ff5e539e7d1de2fbdb1f7277407931e2bfbd5efa6","nonce":"112e0465562045b7368653f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"137d107575df99145bbba505167828706a7ba2a6951bf5224c916cb3794189c6aac61cd639684f3dbafc0364a2","nonce":"112e0465562045b7368653f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"c9c60a5af54d8719a29d3321d8e85da60c06ac2c8639dd0aa3a00eaf4209943bf8cbf034683e1ecec1580fc462","nonce":"112e0465562045b7368653f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"951b6317a6fb028ac16ff274de6c3da3176cc85a4795c74fa3036adead40f95de886623cdd26dc58187f2f3d6e","nonce":"112e0465562045b7368653f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"9eaf1c91811aeec5197271bf39deac3725d361ff997940a54fc30df3e72b819bef45a74b76f3786656fee9cf8f","nonce":"112e0465562045b7368653f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"ecff89abd67743482abaeb75208aef63d6bfe05a531ed2fe77ff5282940b5d563117e85552b7f21300c9f0af72","nonce":"112e0465562045b7368653f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"0d4fde51b7fa0a8d51d86902786dcfdf8f92fd2bd80865fb8cda666d53fdc5e94687f2349d4e6cf689e32e3931","nonce":"112e0465562045b7368653f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"6d23be396525a9fc36860d85c9ebca6fc9efe09ec3cbedcfd0fb2e666b85da8612e448fc1bd7e63ebfa2266c20","nonce":"112e0465562045b7368653f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"29644bdc807fb533c702003ddfc0d441ea8cbb35f558fd316dc62d7e60b02d5a6cf53c0c73e5e69af0fdbd4b5a","nonce":"112e0465562045b7368653ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"3a78db7297a9a17c6956de7777788666d72ff76173f4b29acd85314c96fbb8428f569f46746ad69675d8e2d033","nonce":"112e0465562045b7368653fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"9b702445a0b270ba7d84a6f7836623667e38d6db3a43a14552b6d3e167700c6499ef01e3978242348a5dfe3f87","nonce":"112e0465562045b7368653fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"978d9cd8f6ab7131df6e5b2a2774aa1ee6cb941446a3e3f27879f43c75f525192f7d111421ac7ed94207d353b7","nonce":"112e0465562045b7368653fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"34502cfb49b2651c50736770f0461542d2db13138e217000d5097f77527ed4febbe54c6eab1f9b74d08cd5162d","nonce":"112e0465562045b7368653fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"c783749f774780f0d0615b6e1c662dbb7289a7135abcaea005740206918744f6a5a27a77f9838d5986a87426b0","nonce":"112e0465562045b7368653fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"3e66ac3200056eb658056f92de24ec67bc6bf2adb17b5225be20d6f8745d0fceb2490e951b411194e5fb5488b7","nonce":"112e0465562045b7368653f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"02e373ab27a60d613792a92da6c7084492d76b5919d914bca99c6ba373e64b163dbaaeb4678dd818cc1c0019d6","nonce":"112e0465562045b7368653f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"f00848bdb2a7bb1d5ee20a839663c2e83cefd92cc420db6221916c889ff7e2abee4a488f6f8a1aae97e1bd0b55","nonce":"112e0465562045b7368653c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"5d87bdfd05110f4d88b5f7363966f110fb2bb7009deaeb13797b4f91428e4737547e8ff18cd1aba568442507e4","nonce":"112e0465562045b7368653c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"5b5b22cec98cb3bd74868b6318b7344250e43aeb0b44bea307128b6a6750ada272a6b910e123c7a23579efe3a9","nonce":"112e0465562045b7368653c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"936cca044c385c5bab127e091e468b91f8e9194f7a95d4a10f71253b5b18c100c8406c9612121af5707aea6c32","nonce":"112e0465562045b7368653c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"9554a31522537803f210643eaea28cfb252e538db96903813f7d7060a2ec99f624e966c9586f9ea1d7a50a251a","nonce":"112e0465562045b7368653c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"a227d653b1ef23a1a9caa65411edb1b85c0a11a7bce30f47fa7fdf986480ecf2ad60597df296f3a5b25f62a3c3","nonce":"112e0465562045b7368653c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"2d67e5d9fa6974b168df8eeb08d19e9cb9f6d4c1889d5a5c480b0d832c306662c89eace734eeedc38c5e41d9dd","nonce":"112e0465562045b7368653c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"590e22dbacd65d45f28f4513302dd5b63cac6b1c4ea405668ad78f91ae7febf652a696cac2b44cb5744a50a0e1","nonce":"112e0465562045b7368653c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"98e2318683f56887c8d6e3e68d207303367e952f7e01aaaaefcf224798c48d3ae73e81dd1ca992bd9639bd3509","nonce":"112e0465562045b7368653cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"74a3efcb96a12bbd14d3257e0cc87cc7a3ac4a93a6508002bb084d802334b7de0d9ebb8b44e125cba9b6100fb2","nonce":"112e0465562045b7368653ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"7d56ce4edbdbd24b84e4b915123ec96af9931cd5e1a503378ed8f0fd3a6bcce13d6cb0b04fba044f15830db126","nonce":"112e0465562045b7368653cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"f92f96ec6b33c5c6f11f76535848d3bf8ba38b42942dddec8fe2741ea3e4eb35774772d8c6703303a1d2f1c6fc","nonce":"112e0465562045b7368653cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"f24dccbab75b627fb93ccdbb8cda013e8ad147b34310cc2f193c51c51cc16df0fd250b2f6894e0eca267440423","nonce":"112e0465562045b7368653cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"5db8f95d004f07d71fe992db058a396589e2f21af6047c14d75dde24a3741305cdc4816adac16c4dd24aa147a7","nonce":"112e0465562045b7368653ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"6cbc707cb121e8ed9fc6a3e418a8ad2b7444d4c5bd5a66f461ab57825096fa084912e1b9c00e4f7bb463102d39","nonce":"112e0465562045b7368653c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"800c76e1c3c9a03b820932934c18b7500016283fe290bf6bddd2834cbeb9734f825f3fc47927f1a23772fca189","nonce":"112e0465562045b7368653c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"be8e4bfab797deb2684276ba8df852742f7fa11410bdb8286af46c88dcebe6702211e31515eceb1f1413568bc4","nonce":"112e0465562045b7368653d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"06d930fa309f1779901524ae56eb76999dc72b9d8c7f40b62e8626b7b524906d1da04a4b48c88b97819a9af3b3","nonce":"112e0465562045b7368653d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"a2377fcd0e41893ff8c404cc2233c8e360c8444eac0a8e22ca1540b8da52f8e7128f24f5c1d7047cfe9c3e1442","nonce":"112e0465562045b7368653d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"717e8964c4db9a9ef3dda1884d30d5ca534c412603b101bee46cf9818ce22c04662aa20e110cba5eeae761556c","nonce":"112e0465562045b7368653d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"0b5ad505a301890e76e2dcabb576a8349d147f535b021458341dc2823a4ea38a5cf26cd243ded71b4e5c4026ac","nonce":"112e0465562045b7368653d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"6e4db120656cbe9206ac7b7029258759383f8832b9c34d8f9f9eef74e8239d5f7f1339385fa645fc59025006d9","nonce":"112e0465562045b7368653d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"53c1499e509dec7faf2d393dfc806c1a9b1b572128653d76bc6163ef7cfcba24a71cfbf2b21a1faeee2d12ce6f","nonce":"112e0465562045b7368653d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"da24b03ca7dd45b5cc551b7a1aff27c9a580077f5da6232eaa0767f7c46a0c5ffb07bdb43860e52435459bff4a","nonce":"112e0465562045b7368653d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"1c694f6aa8827175278bc78e36a77bf92cdc23b833c8c1675e25961a98772f757de62ef79b101fe09601ad75cd","nonce":"112e0465562045b7368653df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"9857f24f14cb823a8fc25c79d2953d0e32dcc6f6507ef091876785eb69b20fcc3ccbaf63dc9de8574dbd52c2cc","nonce":"112e0465562045b7368653de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"8a5eef34dc56a48fa8c53f68eaedfc9e85f4d1132d94361fced3312d16351279094242e75d624fdbb8c7e70592","nonce":"112e0465562045b7368653dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"98dfb1c0ee434f8d5cbbf0a30e573164fd73f06b37f1f51885bca5ed6ead5d0afbcb12f8f9750a0bdd68eddceb","nonce":"112e0465562045b7368653dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"c124977d02267ee05865f5f486bd3ffeaaa6c371c87346b31bace54df9230e5c28dfa0538add5d8965d319430d","nonce":"112e0465562045b7368653db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"432d874c4aacb86fca9745f3bce0693391b77da01884e52675162306e3f40ad8c9fcdb8ae45655ebaa095cf7c1","nonce":"112e0465562045b7368653da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"c0cdb384cde491d1c91c4d4cad1a5b51043e4dd33550f62e57026b01978cff03555c1c6d0854540652accaded3","nonce":"112e0465562045b7368653d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"ffd4c9efe7693506b35049cc959940be3bdaeb407970548d08124b7b92b7e143b87e6d9c393f87b89454a61ceb","nonce":"112e0465562045b7368653d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"494f3a7521d4f8b02da0104fbff739948d4de2f1b7a66e6310e4462bf713e041738c832a906165b6bfead0a5b7","nonce":"112e0465562045b7368653a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"402dd80b894d225125942c1aaf336c69c3cf6f2e749433922ff9f3aafd020fe4e7aaa4d2042b312389d8efc561","nonce":"112e0465562045b7368653a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"a54047036783a3f9c49fb272235616c5dd71e5018d1d28b3c0a64c42d4ef8a836f55fce13ac3628467010dff16","nonce":"112e0465562045b7368653a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"77674ba93dce18c3fffe334b11825cc0285d34412f567c5a45dacd25905a8f5559ed4adf977926b2a2c8ae374b","nonce":"112e0465562045b7368653a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"e1dfbbcfe7bee6fa7c4d3c9e7d28c7d241fde32bba8418ce065a6eceeae62c26fb43cad8798fb95aa3998463e7","nonce":"112e0465562045b7368653a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"011057f89a50c7b6840fd2303e1d5e18e8c27d86ebc91d0bbd73f5e87ed1ad66f0b5ee26a88e7d8254739ae6ef","nonce":"112e0465562045b7368653a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"44932be93a090980942a5300109379a9d746fd3318eb01b7d208470e49f8cd8ef62bc5f9e65eee27301677a35f","nonce":"112e0465562045b7368653a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"211bfb139cb660282ecbd8eae7e7f3b22bf149ec42648a97c869236a85862bce182e487b2d72d1e4a0ee529500","nonce":"112e0465562045b7368653a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"4fa0824b2cfb9963342aac3d178017c23985abb7b0dd14623b864ad59a919ff9b36f847d1b9ce52a157672bb3b","nonce":"112e0465562045b7368653af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"1bf4713ef2ed391a2f49361314beae13cabe787a1e6fee5e61604dddff1d2fc1abd8d925c0cdc982429919399d","nonce":"112e0465562045b7368653ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"f8cb9559a8472c170368b947d7f21a224cfd3c2fac71155c6b3971e5cb3539c0d0e86d4de4a6c02a0599695623","nonce":"112e0465562045b7368653ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"8d4d20ae4253d8bd84473e2471ee701625f67dfa297c99cd7a3b7c9e2aa6eac2d8bf6d015237b1730b15835d56","nonce":"112e0465562045b7368653ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"fc464cc5a577551076bf73279993be4f8eb71fa02f3d060263c1ff518bc2fe92896409522a60c961a1391b37a4","nonce":"112e0465562045b7368653ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"55f078aa0b508e3f44911e3333eb384ecda17268a6e436eb35257bd765cd3221184e608ea36401c0ede398a8a9","nonce":"112e0465562045b7368653aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"5f929fa1c234f6d3b239fec191ff3fd45912ba5bccf034c4d2d73204081e3d714895fdf4b5fb53e5bd44e7f6a2","nonce":"112e0465562045b7368653a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"a446170cf33a85163790058477962acef2612430f57ca33752d67df3c4232338480dc9a59841e8019cb41456f7","nonce":"112e0465562045b7368653a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"7a5c588cfedc40022eb3756d41653663edd0c369bc676e2f8a98f5d2414d3a231d837b286a88c2f696df1e8f6e","nonce":"112e0465562045b7368653b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"f4cdb100a530387ae156177cdef0952b2203d8432a607080f2696b568650fd37df609e6e51c00b3e61b4a4d038","nonce":"112e0465562045b7368653b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"d545ab091103b871a86d9aebf4c10306e6d90c15462c9e5208b242470e8f1f942fe460e19e10600bae929b58c5","nonce":"112e0465562045b7368653b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"339d5364cf33b9941b2c3d2b023deafccf2c2a0341f59cd718b77bb9e9885c8b67ccdf2270cab610eeba42a6e2","nonce":"112e0465562045b7368653b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"8239e08ca3ed1a20f2a66b224b8206c4318b95037b97b151464593dee1b09fd1426c38d2c36089f5aed9a36a61","nonce":"112e0465562045b7368653b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"cec19e50810bc204747e64d73182d545bcaea7db533a0f1a243b4d840b68741a1cbbe847dddff82ce0e87befb1","nonce":"112e0465562045b7368653b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"bfc38e131f7e80322030230b2424a1a5833634232e5bc8e85e3daf3194a125098d0684159528554b8d8bd780a5","nonce":"112e0465562045b7368653b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"48bbf5534a885e063a7ca6055436d5da5862069401006501f459dd73f2b1d803577c63ce3e3b705fd533926a7c","nonce":"112e0465562045b7368653b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"ae764cedd18a08f31fbaec1de84f259a8c50227841703354e656bf794e045d85297a9e21b83ed71fb6e5863d20","nonce":"112e0465562045b7368653bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"55bd508467c40dfa5078a94294161959185487f62a0831abbe93d2bd04c2aa20cc32a4c76ef9f8f41ebe977ff4","nonce":"112e0465562045b7368653be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"b49b415a0373f1c8624283a4a156a7ac2bae2a5e9b56452056405be190d5fbf3eea65b66e7f5d7dee6668a7b9b","nonce":"112e0465562045b7368653bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"6a703e888f016c753932c1e94f0b54ee262fb32ff02f6daa3b8e6b40ac328e9aaf4e8aa7b21d2a7bf738a0aa90","nonce":"112e0465562045b7368653bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"ee661f9ed86e16b0b1d507118db89e00d2fe6cea6e87077c36e2015dce85929a5dcd5082a4e91c3323b96a75af","nonce":"112e0465562045b7368653bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"13adf49f8aed366f73e13de91749e4051e988091a9cea382534fbc1a1cdbd3c6ed8c7dde036fc89ce7fd7416ce","nonce":"112e0465562045b7368653ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"2b44fcbff8fd14d94005d56f69597096e680d6b67766ffc0f1e478900359df0fa2b511f44c0ec007021d668d14","nonce":"112e0465562045b7368653b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"35d15bea6aa70d0698539920af9c74965851634bad6e08964965433c89302194dbfc37532b1a5f165384bb333e","nonce":"112e0465562045b7368653b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"638343a373db4d4efb216b59cb6df8ef29166229e5876a4fab49c43266cb4be60bdd3838a089b8a128fa745fd4","nonce":"112e0465562045b736865387","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"d553cc02afc02354a4a1ba0e512bb4306b17f771069632bfd07b02dc7617e474aaca7300894d50bf0379c63446","nonce":"112e0465562045b736865386","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"e2503e15d040745332367af9a21a95371bf52ccd243cf741c76cae4e34cc13bd1d71516bbac3a25118e6b29a69","nonce":"112e0465562045b736865385","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"7d0b1aa8841df9dc5ded5d879203a92d56296bb17eabfca74eefb4b819cfd471b5ceaa0fe06bed03c83800d46b","nonce":"112e0465562045b736865384","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"e8b458e83fa291a861279fecb4c1acbcd4864561e074a9703c45542f3e3459b35b40e0f8ccf54b2fd0e6ed90ba","nonce":"112e0465562045b736865383","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"60a5659b5986438bedbce698cd3d2040d955069595517315679a2c70ad881e8290849abaecd9ff88ce4e213f1c","nonce":"112e0465562045b736865382","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"85437622d0d2145ced05bbe4b5ceffaa25c790753d7a141c834b7758e482ad670e09cc820157b914e8ffc46640","nonce":"112e0465562045b736865381","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"b12a40b16e2aef0b2b94ea03df8d620c8f7ba30c65a198b1d68f37c77eba1b8bea1ac0dc51eafce78a3745da87","nonce":"112e0465562045b736865380","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"243883b1d51d5068ca4d1ec450a9aa7350c76ea0b04f8437086e49d0c909264629efcc33d3adc20a63ec862071","nonce":"112e0465562045b73686538f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"89584df7f3e8ec873e294eacebf34bdf283c5fe2efc3d10be4bce69f5f43c5161d9c284168fb8ea6827da7cd5e","nonce":"112e0465562045b73686538e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"a1e5560ba086964c93529bc6f3eb4998a7636cc39ebcc6fd233f4a0347129dc042fbcdd1b37fcb88fea718bf1c","nonce":"112e0465562045b73686538d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"8aace5792abfa347a70a8d1554f7425dc3d0cff1678171a530c5fe8c0845a439abf14d7d4fdca7ba7ce6ee1b2e","nonce":"112e0465562045b73686538c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"121d15c937e90587cc453ffbe19e68ee89558c7a8a19f386e4be40872b4d3c3b228073156541ba860d71116667","nonce":"112e0465562045b73686538b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"41ce597eaf1448f26c0e261f6a4651bf0cdc17cafc1bee1c1899f367a0e8bced1fe685a571d7f8bf0e7645fa7c","nonce":"112e0465562045b73686538a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"f353954680ecd8b2f75544b8a5be8209609b8eb9a4cc27ceffbb94ce6853ff3522b3b0da6fabb4d5e7a5334a57","nonce":"112e0465562045b736865389","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"a67814220f7457868432dc6368f9e6ea19f5e79ed9a3c3b665c3ed150ca1f53eb88daa8adf2e8a9bcd1d552216","nonce":"112e0465562045b736865388","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"6f64e85630f163824dbd53f0e0892f106e1342d8797116208ad802edfe8e9132931e625874896137e8763bd91b","nonce":"112e0465562045b736865397","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"578e17c7e84e7fa45d1140d059322be8589996dd23079804f36fab827bd16c04adf3a79dcc4ae405ff358fc383","nonce":"112e0465562045b736865396","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"a3a7179cbc6a05181947e2289842d2296351ad461006b155730ce5f5c23c9a2e92b5bf288d3d85be2822f3d44b","nonce":"112e0465562045b736865395","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"63b4b84367f59c1bc592ac2bd230490e2bf9e838607605a11b4379789f07ba2d40fec72cc5977623b804ed9227","nonce":"112e0465562045b736865394","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"7e639e36ea8f42e0046593b8bbd0ef5573978c986fdf21c7d228012c131ec3ccb55ce48db5ac06eefbe1b4c448","nonce":"112e0465562045b736865393","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"15e5702bcc9b6ae00b62f171503353d952f98ccb870e3a245e58c8eb389a05adf8b03b92ad5fb2a8321f126f11","nonce":"112e0465562045b736865392","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"24d31bd0e36128542b6f0f5b61a5d477053839c56f961a05719041210973709d0fc3754795ae714feaa0930a6d","nonce":"112e0465562045b736865391","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"de9d23b378bf9c920b47200397d2eda5288f2710252e0c17c40d3948ee282b52f321acce6d68e1ce828ca20499","nonce":"112e0465562045b736865390","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"7972f77e5089c34c37abf613b66cd6907ad3a2d08bdfc0d32a83c308d7a2a766458583d076a55e5252628fb102","nonce":"112e0465562045b73686539f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"40812c967605623ca01e38d5f6e2370f0aaded745393c4fdebd96d996b00320dbd85958a60eb7a5c116579aff6","nonce":"112e0465562045b73686539e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"8a3ac12a1b78005675f73c59388ca0b63f42f977819035a1b1b2502dc7c24afae29aa854dadc0a5d2b442c4e23","nonce":"112e0465562045b73686539d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"adb2fc87dca6d0ba146c2abae5ab683485e0ca34956397ec17c99a7c9dd294986ef9f12bae0db5f821f304c3e4","nonce":"112e0465562045b73686539c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"e99abdc4190f068aa23d24eb175b5b024d26ecf43171349b360d5f21e27e00891ec7dc5e2bd0f58d122ca06aab","nonce":"112e0465562045b73686539b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"4a85d9bbed4210e19b4498089585836d37de1728054dbf544277c80684f0b192b2ec60c41f2a633795d9ea56ac","nonce":"112e0465562045b73686539a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"fde7a1de11dd15bc01a2bcb7ad0879735d400cfbe01f308e48f61f841a3d98590431479973c250834973a0f819","nonce":"112e0465562045b736865399","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"a69f34e48c749e3d4c8bb22c5bcbc49391f41bfa61f5d089ff02cd273deff5cf7cda006cde56d839801da76f63","nonce":"112e0465562045b736865398","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"e588770189c2e988949f8e9751f725ea065f3efd3ea382040a5be49416406491808d77c15905f92dd7d3339615","nonce":"112e0465562045b736865367","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"3629492118b59b530c476b9d51d3e41786ebfc79cdd96c756818245c927c78a733be78719ea4291cb3917fe0e5","nonce":"112e0465562045b736865366","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"4da3a15f5c9c0837e024d78d2e1d54eba3f6d0c1ac0b134b3f46af0697f768370e800d2ef14f489c4d46c6b65b","nonce":"112e0465562045b736865365","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"2773337d8cb33c5e1eb3344e266f8924986211d5ee65adf6b05eafa099ee57b33b0e20c1ab846dadc07b2b3564","nonce":"112e0465562045b736865364","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"7510018573cb46af272495f5611bc606fc3cf6c564295decbcf51bd96d3d41ac7a76bb648c91acc37e6f025309","nonce":"112e0465562045b736865363","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"568cfbc3e5ce109c2a2587930e7239c606e68681b02ace96cee138c8f6efdcd0f13e0a8d9921d47975395718a8","nonce":"112e0465562045b736865362","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"dc6708655e629a79c087151ec4a04d8fb735ae47f660f4a945a46eb9cec5b4be6772e03ec00afee682528855cd","nonce":"112e0465562045b736865361","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"0d8b6c57f6736ad81a4181f61d85e00f7591dddf013a52700971d4645d7698ca0093cb6503b21d1815baac0643","nonce":"112e0465562045b736865360","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"d5f8b026546b4160e72ebfd3974a91ed6513a5d8d504a41299d9ee1754c82b6b50efd93b357a89ff79c4ab4a95","nonce":"112e0465562045b73686536f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"97c7e6d3ea83fe9d43c70ac6e6c5381542730f678e4347d058b755780df606a105c3238596aa3ace1092823d36","nonce":"112e0465562045b73686536e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"be635cb60f566ac73abdf9b99e2cf3dc53862eb3872b65873058053d13612bffb5e30cf891f160960c3f45e014","nonce":"112e0465562045b73686536d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"5293097b1b8db17fd83c69162a3f5179621424711b08f8b61e04857dcc0daa5c5e7f883dd0ecd1d137fd3cbf05","nonce":"112e0465562045b73686536c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"11039e6e38efef2c198e8da4c52c99dfd8cd56452250a5c974e3640f454e8788f15a6149ee324eb490ce398e90","nonce":"112e0465562045b73686536b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"a9240cb54caba557d97b292113000e825a6d7df5174616a93e12f8ddf182c556b7f2d51971225bb85ec793aedd","nonce":"112e0465562045b73686536a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"351baa29cbe6d9ad3fba056606fba7cf07fd0e4c2ea9ac3ae3d0c0388702c31e905bd94e90545176a388e459e9","nonce":"112e0465562045b736865369","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"74ca2539135bd8f66f3a95ee8e3549ea34f61e71aef9593379c8393d295e3eedc64d16cbf1ef5024c17fe5ee77","nonce":"112e0465562045b736865368","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"164282b84051019e7b11c09962d7ad385f3ef10cd0aa700208943a632b145163f1feff0fd7a0e55f7f94d8e6df","nonce":"112e0465562045b736865377","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"2fafc59ee037415bf5b1231415047b916bfa09dfdfed039077a5069020621ece5206bdf56ddd96acea46331f49","nonce":"112e0465562045b736865376","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"ebe1b30d13642b69a514a2e7425f363b5e380f7f30aada6568a807c5dc2a6a6d62d73aedcdac0d38bc5f674512","nonce":"112e0465562045b736865375","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"a14027596e6686e12bddc8a41c594c677f6ae902cce9d8c9eacfefce0234025a716973c54452aff2baa0669741","nonce":"112e0465562045b736865374","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"b30c9afa7da46789d6a6a1e298c531d4f4899a09761759605a2410563dd2c4cf2400ceeaa73964a3d21d562ace","nonce":"112e0465562045b736865373","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"3c4774452fc47a93e88e35a4f564e4dc895ceb9c228600a5e82c4320732f2b2f547dbce37c1344dfb6f5ca16b8","nonce":"112e0465562045b736865372","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"f54717b3eb31211ce8db5de32d4abec348ad4bb7cd54a6f1b1e1a330adf7da9cb651cfb1160486bbded5ccb3bb","nonce":"112e0465562045b736865371","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"b2af470cabe8dd2e45722435d4bd26156593eb32ccbfaacd9b247d87c08f5bc217d7239dc8dcd058bf782036e8","nonce":"112e0465562045b736865370","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"125ff57f78ce4e77567bafd1dbbe57df2d17aea8d949d844fb6f66969262e27c449b6272a6bf6c65bdbd73f015","nonce":"112e0465562045b73686537f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"4488fb31e72053fc92da9cbf66d248d4b20c0eb3ae4364703573c6a373b68c38bca4b0d90c3ed7230475705696","nonce":"112e0465562045b73686537e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"2e72bff7375d08bb135295829c7a8097e09c1edab8b95d21b5e2672456dd0ff269dcb26bf9a966bd492b1ed2f0","nonce":"112e0465562045b73686537d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"7d26dec4b85f64fb17db29c58cc75537121a9b50b919fd4cdddeb09cc2c6e3fa094e46a07693f4e71af9665200","nonce":"112e0465562045b73686537c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"fe541b0c03e149959a9808af0dbaa04895b6aad809ffed0515ddbe12a8d6c9c38ec3ad69c0dd46b6628a2b68f8","nonce":"112e0465562045b73686537b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"38ce85c26ee40bb5359d6ab90f912d15b494f4bf3196e99d36c8a2f347bd883bc180b47dd7da2d1c5199844a75","nonce":"112e0465562045b73686537a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"5e2a9637cb28e07150b925de6f53f4b8fb5ebb2ba66997bc89c74f74f02c6200650c45f402d1c657b3dabd1156","nonce":"112e0465562045b736865379","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"1109b06adecf80005e05e602b915e6faaf571463de22e7344cdd27d5e5db42ead01e959aafae969e3b4d445eb9","nonce":"112e0465562045b736865378","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"09b0f87ef040894659f6d464384bc4f6500655c859681470f98a9efcbd81640f5cf0601eb8b272dc22258f5d49","nonce":"112e0465562045b736865347","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"4ca04b0e7cbd3295a2f157e9043c0940e80dbc318c46973c2e0bda075ddcd4698ebda4bc65f511a53066f121d1","nonce":"112e0465562045b736865346","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"94f84f250e079c540c840ec9f807f24cf3bf910bde510bf00ccbf33534675b70d3b84716d6df1eee6a4a72697d","nonce":"112e0465562045b736865345","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"a4b3612cdbff0e37e6956e96c89ba9660af6030ff2fead5c3a5ce472f99a08d7b5f01c2bc91c2f534a9639f33c","nonce":"112e0465562045b736865344","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"1af05c51a0828181358d77c91b7626ea797e2793dd1ccc41043addd86363536e31d4ff4ec0783104b163a823e3","nonce":"112e0465562045b736865343","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"9adc6da4083e356df9882dd15f3d0f34174e660ba27eb1b8d56bdfaf6ebe0b4c31eccd95991b9490320fcfbcc6","nonce":"112e0465562045b736865342","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"38a3d8b2b154f2061cdaedd19963b4112c51f80fdb7dc7133d14c02251ba567cb99d42d99a5e3c95041307e44c","nonce":"112e0465562045b736865341","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"47009b677788f6e1b9f76daa0ea8a2854caacaa64a78ae8ab02c13502b50ed63ed74fa69ffe51dbe5115925cd9","nonce":"112e0465562045b736865340","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"bdff482a6f72065da311e3a6a45dc8387c276bf5eac2c1f529ff91b5dda49006fe366c3cfde42a90d4d2745d64","nonce":"112e0465562045b73686534f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"ca89932e1b79f885dd7903cf685f1b6238de1bc8c8a0f82cf45930ff74176daaf04a979a969518c970537cc00c","nonce":"112e0465562045b73686534e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"b096fdf899335aa92d874b46f6d3091db2b032b728f5eeace6629528b2918a7df12f017650561dbea0398b4e13","nonce":"112e0465562045b73686534d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"4427a01feef6091256cdabd735c10b3c34e42377c557b6a31c705fb142d1601bf36ec9388985cef24223e31ccc","nonce":"112e0465562045b73686534c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"873102f763b2dd42d6f26f5f1b0966bf6e9d43e5695cffafb5f10ce4c2390fb26d6d4f9412d8bd35222dc4b53f","nonce":"112e0465562045b73686534b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"71864547a403bbb7e9bb72d49b8bf48f2f8fa1de9cdc4a50ef2dbd721f610b3ed1638f380324d24a6c49e0587d","nonce":"112e0465562045b73686534a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"492e1b54f1ca614b29071adb167f5f115f92f3d9be53e0bf9b43a4fe5c9d7a70c485a8728fc4c0f1fcc261c9bc","nonce":"112e0465562045b736865349","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"c66a4ed8cba9045c0839a3381555b60279a22a62c37b443a171f615dd3a573062df732dfac1730c967951fc6d0","nonce":"112e0465562045b736865348","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"b28156622590da68c75cf96fe756658fb40184f18e5476cc1d0dd0ff38be276cb46f7e0d4371d91bb4325cb8af","nonce":"112e0465562045b736865357","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"746785c56d435f9988b4844f99f69aa371e58a1208a7a22b142c08623f927a68c6b4fb207a18fb6c8a1b778467","nonce":"112e0465562045b736865356","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"b7867167778587ec0ce6f1b37a54a126e05d93d2fdca1438cf4c57360e15f77ce73724c4ab0471e0490980300d","nonce":"112e0465562045b736865355","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"36a73c254280c2279665042c8f334147b85f18516b693703749aa14297abe293029ea914bd8ba814b77163c3c0","nonce":"112e0465562045b736865354","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"39ca608475e2f6f50dd28c7f2dfbd02b4d51d073e5687d8010a2e2b874e460652bd4c569b448b82ba99564493b","nonce":"112e0465562045b736865353","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"436ba0a50a934b830d83d1390b7548596d026733514f67e924221f996eed63270d510d0cbe5a8caf96eae6fa59","nonce":"112e0465562045b736865352","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"ad5742646d8a8965af45cd630372c98ebf72621e3b6220a794add1fcad29a812e2e9e99fa06ce853c5d5dc6855","nonce":"112e0465562045b736865351","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"6f0003fe92ffee8494baf1601e5d3ede40d1e75d3d7596104301995ef18d7f575859cc2e5b8b2354b8f3a353a4","nonce":"112e0465562045b736865350","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"2b97a3fbfc97a12f00a6f8103f2dc31a652e71c0d8d020cdc40e35cfd27dfacc48e4bf66977d95867009dc7835","nonce":"112e0465562045b73686535f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"dc2f39a37e0170d959044b1959d5689d2f3fa9168df0ccb837dd89b386b972419fdb7a715ee3a13156da3bfddc","nonce":"112e0465562045b73686535e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"e09d768b1c836938942983a018b1403648a7c72edab5d812e71283aa770b357d0db4c1b231ec7f489810369068","nonce":"112e0465562045b73686535d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"ec1be1c1cd83ac3df00ea6e6fa56a0c97e5e37ac57f2e84f4cdf68c77cc54ad5de7bb4ed8d53678846ec6d81a2","nonce":"112e0465562045b73686535c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"2164b38598922600fee09f588ec1640c553dffe28df75e9be20232fa646c2deea928c40a12983dec9e8d584452","nonce":"112e0465562045b73686535b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"48a8866889b3a5b8b7a14623761b4f8aa509a6ef5265251291dda5743a7278bfc96010ec58efdb64cf8175a464","nonce":"112e0465562045b73686535a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"6fd4d1dc7eefd685b8213fadb7e3e7a71745e09473f6cbba702499a30512867a3007c92250514039e0691537a3","nonce":"112e0465562045b736865359","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"ffd354a9b4a8111def1980074dffdb8be76488631af58bf068dc731b8c4e7b01a512714537667a9a89e2b57f19","nonce":"112e0465562045b736865358","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"8826e86a82b1969e5b53ccbd3b759383286deb8bf66f2052ca13593559c935dda95304333e9d2fd75e3cbe3a3f","nonce":"112e0465562045b736865327","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"760dd59c169b0f3707419f5bd22630365dfb400873fab33aa1f9d1a1494969f7492c4bd2fc260596283df5ff8c","nonce":"112e0465562045b736865326","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"9105c11766a1cc939f773dbdb7972861e5138e25242643f30cea639ffc2e5b7e227737b67ab51bc669eadd2d88","nonce":"112e0465562045b736865325","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"11cb860c7dfa2523830238e744897262add943fe571514ebf88ce756b7f49d86aca316f7c9c13fc0f7be40eb98","nonce":"112e0465562045b736865324","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"803a5a7fd395a5d69798aafa943f36c55be1a88aaad4dfc2f4ae8496a4b8e504a20851cb2aaa8ba9c8b242a9ec","nonce":"112e0465562045b736865323","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"e5436af5b50732c98bf2add76f1906aa88e02fe96400bfc758e761220d1fddf4b39e4a9dd1ebb985f982aeaec5","nonce":"112e0465562045b736865322","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"608eda41dfb53a391027c64545cf6096a94b19fb2300a8951c263ab06fed08fc8f066ca2bf40a7f05574ba367d","nonce":"112e0465562045b736865321","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"492510253c76f6ddf672e25b21276a37eae76ccffcfc8931b648829eeac9e85f7a6732016043cea882cd257bf9","nonce":"112e0465562045b736865320","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"0965bc3d74b42403384a2c261b707f527d48e1ec843e29ea6a6ddd61a4a64b9e4e6f1e1f401bf2124f0570bd9a","nonce":"112e0465562045b73686532f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"7434e3a0cd825b0a051b964bb6652e25689a095201f43e963957065d6e06b7acfcfc3b1160c2b12203a6e3d7f0","nonce":"112e0465562045b73686532e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"01059ff0e9723e3a172f1029dfef5c82ce28a9bdfa978a2291187a18e1d912c351371babb56b13219e84471e4a","nonce":"112e0465562045b73686532d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"1b153aef0adbfe2c33b3193c3079661e95083cdb2ab45d2137cf98668b552d2b8342c3c95d004f228cc100541d","nonce":"112e0465562045b73686532c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"ba2a2ccb186f9aa14b0a041185e1771fe458224873ed12ecc788a497a11b7a26e87af5e946e20b7e8b5d5e99cc","nonce":"112e0465562045b73686532b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"d4343de1e618e58666e79d8b50cec4260342867aba9585a74be085559f70d9dfe3853a5fb55c524d77083f8a5a","nonce":"112e0465562045b73686532a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"035a0f99c9c7dabc8ce126f854d87f4be105981763e0e29dff8b9118ca7217bbbb89d77c18fc10b0cd0b7b913d","nonce":"112e0465562045b736865329","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"80fc2691f0b561b09d96f755e6512fa5305a0536af0201fc38f65ba4c6b4611faa05b7a9cdcafa30421a9f29a2","nonce":"112e0465562045b736865328","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"2fbc7f80b7f22aaf6a9f58533b464d127ab16e7658409994dc0e03feb2e6f2dc5f2fc09ccc02f3c68f87a5d097","nonce":"112e0465562045b736865337","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"f9077daadf84ea585cb42f1bfafa0c37295c23f02b5281666d90ace02fb54655f74c59581cca68ac0459e82f0a","nonce":"112e0465562045b736865336","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"435e9a12abc5b32b86f7b020bb9e54b0527ddeb815d7509d681ae3d24d32ed72bf51893d8b6847007e1ead4ca0","nonce":"112e0465562045b736865335","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"379a6ac363d8b94518bd8625c8b9532da061e74ada87c8d4a47cb68dfef35f96af2a76d8b8e5d5004d0aec7417","nonce":"112e0465562045b736865334","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"dfcc524a2293de9cbc64e6ae3071b957aa794d63aeb67e547b9d8f42f282b5454eddcc8b9ca85984c4ed85037e","nonce":"112e0465562045b736865333","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"c39edf89b27adcd90884b3bb827a2653fd51df7e8410d0ddff06ef307b4e3f8ce9ea1ac50ee5b5c50861c11c27","nonce":"112e0465562045b736865332","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"6370b1a67c95040c13684e98a8df5f29044fda849e5a929f0959b13d213aa5e7730dfe4d5968e14ad91cf8e66c","nonce":"112e0465562045b736865331","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"efed3882b8beb4d821ad7d90824e425caf99ecbd9c9bb153c07de07c04f0fe01382dc43ec8da21597081615511","nonce":"112e0465562045b736865330","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"420725d7b4e995bfb2c130e76109a281a24df68406a005748ac244e0162de343f654aa11ed46c3a600fdc06014","nonce":"112e0465562045b73686533f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"7bf200bee170d05621bc4fb732aa7cd8b50a0d02799d19b11134ec23bf8f30cb308835426dbbe170e2012d63df","nonce":"112e0465562045b73686533e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"8446bc8560153eb1cb116ed42a7f154f6e24ad46d588086db73050d04465fb75dbeaffc8f32760f55514b9aba2","nonce":"112e0465562045b73686533d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"47a9ce4b97aa49fc32d9a8aab363edc64c8596cbdebe8fbb640a8907c08eae128eff30404d995f9abce8ed6b08","nonce":"112e0465562045b73686533c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"c3b91b34db470a6423b432c2bfe32923f03b0e413a0c135ffc8dea4114aceb0fece3bed3cbe74abe12c157c118","nonce":"112e0465562045b73686533b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"a7870295918d0b89a153056e55e4110e5795eaeb5341ef0cffc89fed52573bdd4d51dc4bbe5e149f29ee5f356c","nonce":"112e0465562045b73686533a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"288ee6d94f87e0730846560d48cf6c6ff5068f9ccee5899192f702f5bb0b6fc7a9868efd482353e5bcf705c3b0","nonce":"112e0465562045b736865339","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"5d5bc962f4967ef6ba7529fef74799916608976d0dad15069e3b1ca2122bd6de9d78a5c1c170b922780c2bc640","nonce":"112e0465562045b736865338","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"c1d338836d2ac2de234f4531adba0a276b5f10ab6e2cce9b3e0c0e303a56f35f4c4ef3be0211bd12c793520098","nonce":"112e0465562045b736865307","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"61222e8483388aae700bd1236e8e449c5d2ba1f0dd831111cd5b5ac959578256c1eebea85b5a54b3b5a25dda39","nonce":"112e0465562045b736865306","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"50637648b8d94100d6c5589276e6755fb0b473b71ea6b9721bd72053d9c4b944be81ad2c0bcc6cc0d5ef0bf971","nonce":"112e0465562045b736865305","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"792dce1a2b7b43aeb7f6476d35d18ac60501067f6a62559a8acaf9009d2cacc34c6a296ca9ebc47237f5436309","nonce":"112e0465562045b736865304","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"1af412995de604245ca6ba44e8887f2920785bc9aee26bf73a901407d3f5266e6cd96fa0b137a9c7240a51ddb8","nonce":"112e0465562045b736865303","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"4b3df045dbac222944b3ae5502f62632fd7f8fc16c0413d863bcc36c40ea68dcad5c8e73965fc30b2a565d01bb","nonce":"112e0465562045b736865302","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"679072a52b2349fe6015e68512ba7d512cf92854b9b2e538c06b05cc3a4df899579c6e9b5bc2a188a1e942b324","nonce":"112e0465562045b736865301","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"af4e0989b83ba9d490542630e0ec759c39f8f62f06b08f802840f5e548ead86f4415dcac442477bb557bdee2d3","nonce":"112e0465562045b736865300","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"d0dfad35e2945d1888b6c12a7f49415c5e6238dea9a85a59c65bcd6f56bb28e05673707d36dc4444635eaed835","nonce":"112e0465562045b73686530f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"14e25753b5eb63356b40c773a7ddc97fc9b8fb36563b75661c5e06f9ba3c6503982acbfae37fdc4106e00987de","nonce":"112e0465562045b73686530e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"473dae8865a09a99a0e94d0f95c19e448ab06a6c240929b1a5b507004f993c429fe0f832fa5519632048c6c3ac","nonce":"112e0465562045b73686530d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"128c1c9db26baf660282fb4ab017e9da7b91bcce4c616f11b4813a7ea0e9393bfb3af1e35aa025d96f19388ac7","nonce":"112e0465562045b73686530c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"cb7057a453569e9712b964e917e237146e600ba6a28549a5b9be9015f450104d41e0889b211da9b16111953999","nonce":"112e0465562045b73686530b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"e1de5028daad760a3cef3b4c9a5d1e93ee8fa97b7a9700466b0e8bbb4f45e1e91021d2e68d775b621d4df7e9f2","nonce":"112e0465562045b73686530a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"83d4f8d3e63794b9bf4f576481cbd70fe68b95df78e1c9aed171226d25deb4069a391d2a345743611f751764fb","nonce":"112e0465562045b736865309","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"fe751a87626df22d710609147a095368de276f0df10300f17ce7c8a707f76d81cc3fdcb4a75e279a1d0a34373b","nonce":"112e0465562045b736865308","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"7bf39aa0e4a0a9380dd94b2f0595ea2ead48efc836314e724017da2f18f38360bed6ae29a55268131d51050536","nonce":"112e0465562045b736865317","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"ae5b5e10a054f85769dfd79bc70458b429c7a78e7bf990d95b13b8434697f7c285a02a9bbbae30a71a7c967337","nonce":"112e0465562045b736865316","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"fb933e6ca9630ded334c9628e76f35e4574d46cc27b7f7a0ed7422b8628add216f333fb6f6e050f6ea5a8e2746","nonce":"112e0465562045b736865315","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"29f9db4076b0d992044e710243c4edc2a8d8ba794f027311c76584ce9ddeffea9eb0954a6eccd0d0e9ffb42816","nonce":"112e0465562045b736865314","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"a0b56a9d832baa369a3a9b9f4f9ec8de52f654d05cfb129909ecc5a838758d560aef358e4fd20c9f60f4cab48b","nonce":"112e0465562045b736865313","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"bbddc550f86e988ff1b0ed393baf10d6debbd6513ffead5178719119f241e750d5d0e3ffd634b1a0f3915723e5","nonce":"112e0465562045b736865312","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"314261641072de4af2a342f912479c7cbc757786db121a96cc2ee16234d01bccb12497bc0b908c9988167a8062","nonce":"112e0465562045b736865311","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"c6376c6d7ab30bd9680b01f3a71b9741fced151a70b650e047def01c6bb114512dd1187d97241f1dfe099fda80","nonce":"112e0465562045b736865310","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"b4f5921871c244b1ee4b60b34304ad411632ee279f7940395561259d3229215bc9700bcb1d8477a678a1169b37","nonce":"112e0465562045b73686531f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"84d2975eb033e91541c20df786c2587a14265d1afbfc8b66f1d231fc7e0f86878c54bf4a9e719aca8caaea72e1","nonce":"112e0465562045b73686531e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"1e9e28e4ae5e16242006e512350bbb2bccce210291ebedd2863e118b4a86dc08165db188bb2e81496219a7ce55","nonce":"112e0465562045b73686531d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"077b2e5d5e358b425a172f7e88ded354087deca99dada4e49758c1495454cb526f711b360743990a56f92ca798","nonce":"112e0465562045b73686531c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"b8e8c00ddfdd89ebd5bb7c1a27552b9bfa4f678a821c8f079b177cad6c221adb1091129ddf6649afee71b1cd56","nonce":"112e0465562045b73686531b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"fac21f8b184f78ee0a3ff176afa118d00524d527a58b212c1ed083fe8a671346f851ffcde4a96615ed68ba56ff","nonce":"112e0465562045b73686531a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"ffd8bb61d72d234f0bc1cb35d35f235984fd356a8f40e6b08678a60e1419f697904cb88df403750db7310e0256","nonce":"112e0465562045b736865319","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"2414d0788e4bc39a59a26d7bd5d78e111c317d44c37bd5a4c2a1235f2ddc2085c487d406490e75210c958724a7","nonce":"112e0465562045b736865318","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"c567ae1c3f0f75abe1dd9e4532b422600ed4a6e5b9484dafb1e43ab9f5fd662b28c00e2e81d3cde955dae7e218","nonce":"112e0465562045b7368652e7","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"813c1bfc516c99076ae0f466671f0ba5ff244a41699f7b2417e4c59d46d39f40"},{"exporter_context":"00","L":32,"exported_value":"2745cf3d5bb65c333658732954ee7af49eb895ce77f8022873a62a13c94cb4e1"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"ad40e3ae14f21c99bfdebc20ae14ab86f4ca2dc9a4799d200f43a25f99fa78ae"}]},{"mode":2,"kem_id":32,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"64835d5ee64aa7aad57c6f2e4f758f7696617f8829e70bc9ac7a5ef95d1c756c","ikmS":"9d8f94537d5a3ddef71234c0baedfad4ca6861634d0b94c3007fed557ad17df6","ikmE":"938d3daa5a8904540bc24f48ae90eed3f4f7f11839560597b55e7c9598c996c0","skRm":"3ca22a6d1cda1bb9480949ec5329d3bf0b080ca4c45879c95eddb55c70b80b82","skSm":"2def0cb58ffcf83d1062dd085c8aceca7f4c0c3fd05912d847b61f3e54121f05","skEm":"c94619e1af28971c8fa7957192b7e62a71ca2dcdde0a7cc4a8a9e741d600ab13","pkRm":"1a478716d63cb2e16786ee93004486dc151e988b34b475043d3e0175bdb01c44","pkSm":"f0f4f9e96c54aeed3f323de8534fffd7e0577e4ce269896716bcb95643c8712b","pkEm":"f7674cc8cd7baa5872d1f33dbaffe3314239f6197ddf5ded1746760bfc847e0e","enc":"f7674cc8cd7baa5872d1f33dbaffe3314239f6197ddf5ded1746760bfc847e0e","shared_secret":"d2d67828c8bc9fa661cf15a31b3ebf1febe0cafef7abfaaca580aaf6d471e3eb","key_schedule_context":"02431df6cd95e11ff49d7013563baf7f11588c75a6611ee2a4404a49306ae4cfc5b69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1e798c0bb19eb9796","secret":"3022dfc0a81d6e09a2e6daeeb605bb1ebb9ac49535540d9a4c6560064a6c6da8","key":"b071fd1136680600eb447a845a967d35e9db20749cdf9ce098bcc4deef4b1356","base_nonce":"d20577dff16d7cea2c4bf780","exporter_secret":"be2d93b82071318cdb88510037cf504344151f2f9b9da8ab48974d40a2251dd7","encryptions":[{"aad":"436f756e742d30","ct":"ab1a13c9d4f01a87ec3440dbd756e2677bd2ecf9df0ce7ed73869b98e00c09be111cb9fdf077347aeb88e61bdf","nonce":"d20577dff16d7cea2c4bf780","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"3265c7807ffff7fdace21659a2c6ccffee52a26d270c76468ed74202a65478bfaedfff9c2b7634e24f10b71016","nonce":"d20577dff16d7cea2c4bf781","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"3aadee86ad2a05081ea860033a9d09dbccb4acac2ded0891da40f51d4df19925f7a767b076a5cbc9355c8fd35e","nonce":"d20577dff16d7cea2c4bf782","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"b7de2d672ecddcc77718bb6736d3982fcaa5362198e63690f0452b0137f55480f5d5d3ad7c3265f7aa3f72f140","nonce":"d20577dff16d7cea2c4bf783","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"502ecccd5c2be3506a081809cc58b43b94f77cbe37b8b31712d9e21c9e61aa6946a8e922f54eae630f88eb8033","nonce":"d20577dff16d7cea2c4bf784","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"0ca5f85ce4569e0ff208fc23c691c2fc85da677a270cae116fd5357f9c4548f5e08a3ded8e137649b86cb5cc97","nonce":"d20577dff16d7cea2c4bf785","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"9a953b1823973147329f2fb802f2944e5b01a889b21700374b3dbc2cf41ddacd04266796a47364cefae16db6b7","nonce":"d20577dff16d7cea2c4bf786","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"472bbda3a67603e6a242ef8fb037d033560cb9e8f95132e9a52f16d0d4fdce88bee88c00f682fea1798976b3da","nonce":"d20577dff16d7cea2c4bf787","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"2f1a2b7fa25d10af90c993c87a533da919c3d274e25bd74b4e5a299afb283138a8f1e6d85a08d6af19a384ed22","nonce":"d20577dff16d7cea2c4bf788","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"8afc7a43e9e8d575f8e09c71dbaf2259fab97b5f48d90a284a1b9e0d52c2974e22518e9c22076e7aab14c7dc7a","nonce":"d20577dff16d7cea2c4bf789","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"10d3c4181248ac1e01aa263439ad123ad9458e46da3d513c8eea06b4218a442ced2b27c68f2bb27b29b0f9fba5","nonce":"d20577dff16d7cea2c4bf78a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"14d77d5349d17d3f3cd787356180d424ef93835485e82593ce8b0403eca1e1924a7aedab78a2f3be37994bfec3","nonce":"d20577dff16d7cea2c4bf78b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"1665cc5b2829613ac24feedf9847207bee8ec2ad536aa0a3b1de5cf614e5eb419b00aaabcc7d9b85d03626a053","nonce":"d20577dff16d7cea2c4bf78c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"4beb712b2dc79cb2923affcc5ee55df481a807922b74894741f1a8ea1ca4145b3872ae617dc23c1b940320dc5f","nonce":"d20577dff16d7cea2c4bf78d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"d24b966c9ee0dad75457b0bfbbc0f204540cbb01e0875fbbf6e434111b0934b4a4d1cff94ad918135233021ced","nonce":"d20577dff16d7cea2c4bf78e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"64fcf95695b71766b8447d96ce5af5c8629268d6738e46032a5a14d7f69d280ce004876eee8dc3009987e5a774","nonce":"d20577dff16d7cea2c4bf78f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"0ab4da8253b8eb87f8c934527484e9b1371ea99bd48c47ec9060cc43803a8640ffb0c904f41d5821c3312a5d7a","nonce":"d20577dff16d7cea2c4bf790","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"e813a7fab6db458b5b819788c35671485d53b2647c8989e865cd0adbf9fdf21e98c69b9e49976b6d29611768ba","nonce":"d20577dff16d7cea2c4bf791","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"ef43d472e241bada94631ea7f713b553fb01df4abb004f56a4f0b0b35c2879259d94c48b087b9eb84393d5029d","nonce":"d20577dff16d7cea2c4bf792","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"87573897dcb5e2ded008addde56b4652b44b286662689a651bed7949dad1034c8751462d9e7d7c7dabb976d4ff","nonce":"d20577dff16d7cea2c4bf793","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"99e8c16b09b11d63912d23b29b9514c5a8a13c7f6d26352088b648c6cf1ba6fd71cb15c16a911d2538023fe4b6","nonce":"d20577dff16d7cea2c4bf794","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"e82e1588353a993dc57e713d9f1dffd711152edb7667370044424291877f93143751643a3d2b646de364d40060","nonce":"d20577dff16d7cea2c4bf795","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"c07ab9089b2406c2f8f8871e555042ad683c6e9182b3e5198032062b81c59850342b653085bef4525def9078da","nonce":"d20577dff16d7cea2c4bf796","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"882f8fde7e025247d9684126e08f44dbe6e8158804b9c42b652a471ba904ce19f8f3d3a9162230d717ae083815","nonce":"d20577dff16d7cea2c4bf797","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"e14ef552b77de117f9fa7384c93bce3dfc471e78853b6c35d2c5b18b57ba7940650805e61c3b915e1640aed9e6","nonce":"d20577dff16d7cea2c4bf798","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"d258655d099fb86e3e2740c0c1e11621ef7dc61c9e770ceb07fa9249a3dc42790b0e0eaa63f22bfeee9181ba03","nonce":"d20577dff16d7cea2c4bf799","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"dd836e8c628a4d794cd731a26cfd591985445be24cb5ce9eadafb86dc93e03b1b53dae2808d5a8a56ad4ce76b7","nonce":"d20577dff16d7cea2c4bf79a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"95dd4f0d739fa6d3a5c823af5be5cbff4f67681ff4e91da4dd60862e0aac191a01a2a786e3bc4ab17968c921fb","nonce":"d20577dff16d7cea2c4bf79b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"4826674734200324d6111c86c76cd574b2e6838b61fcdec1ff9166140791919ee848122aceb4fa39a4b00d487c","nonce":"d20577dff16d7cea2c4bf79c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"c23f7e91ffccfab228848435d09a8d5b540b3263ee03381dccbf268244e109b3ef00f46c7328e5bc5904a8e4f8","nonce":"d20577dff16d7cea2c4bf79d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"a1951f639b495355fde23c6097dbd93a2291c84e2e5d047e07f0db291b2a23a162106328bb257ea78c87ce1499","nonce":"d20577dff16d7cea2c4bf79e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"2efee285dce215c4d318a7e7cb3c79a5f4ed206810badfd13db42f4af0aad43675e2c3c7f2818018ababfc0bee","nonce":"d20577dff16d7cea2c4bf79f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"19fa32f8a868463888d6468a9177c2c09ef5eb09502646a6f2f24055d670e3714f5bee6c15a6fd3cfb8caf6a7c","nonce":"d20577dff16d7cea2c4bf7a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"ec8cf86893c64175c3247ab71f71669de7152cdf2735ee855b272535445d707a58c9188c386c9d62cefde9ad4e","nonce":"d20577dff16d7cea2c4bf7a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"2bcb2e07356124e3bf185777306701d48c3f007df73ad77ed95e87e18d503fedf881f9b428edefff6dcbf35457","nonce":"d20577dff16d7cea2c4bf7a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"d112973726df1719a6756479b75ccb218d5cd493f0a641344ceced3c1e7e48a62dfaf2eb27f943b321ffd11eb0","nonce":"d20577dff16d7cea2c4bf7a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"f7e38aa4187cb6f9f2b46990dc690a340b1244b0e96ff3b4599ede765b1982cdefdd3738be0b2e98f929e04cf9","nonce":"d20577dff16d7cea2c4bf7a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"43011ed36c336f6c499a33fa35ef185e08434ca63f9fa5478a533133af82c3bf38a31729af87a7ad1a0db6e886","nonce":"d20577dff16d7cea2c4bf7a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"3241fa612f4feb1f2dba73beef8a35da4b3650af9edcf0fb6d364b2028b335933e3dd04bcf013ddc5df174a8c1","nonce":"d20577dff16d7cea2c4bf7a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"195052ebbd8afd125f4462e935ded4c6cc999f41d11aaacf6d645fab1f6e64ab0ea600a480ec7c21921c6a49a2","nonce":"d20577dff16d7cea2c4bf7a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"d659b5beb44258ab7f5045a91e4ae127d1bec460fe58af259cd3ba8eba696efb4d8344e0438ff64a952955f16a","nonce":"d20577dff16d7cea2c4bf7a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"1e5d05cf7eace9542eada2db4f7579452febe6ed7f4b3b53b5971238ec182e0c2a898204f47338dc469b1a2298","nonce":"d20577dff16d7cea2c4bf7a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"1cbe40802bc5a0c96414ae9330eff0adf7bc160944863bb354f6602d49989076010cb8381892ea8f30384226ae","nonce":"d20577dff16d7cea2c4bf7aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"02d88f0941c79663d90b8f8603c1a78101242cce044fe72ec585b48bd71bb79636f04b04084b4007cb24bf1ddc","nonce":"d20577dff16d7cea2c4bf7ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"5910202f4266d349ca3b1e40f051fe16be784545bc8031f533d30e82b900b9edf5096f448d5e2de8fdaea4b72e","nonce":"d20577dff16d7cea2c4bf7ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"1f8e71b30e4a199f7ffd05a7feea60a09bfe3d052047def72c8f8bbc94ebfcdb9b6bbea97eb15a30ad80f67ea8","nonce":"d20577dff16d7cea2c4bf7ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"4feea6befa30b7318fbd769cdd44e4b30374993edcdc3bba868056b30f1f1fbb32b7ba9f17807feec73e646cbc","nonce":"d20577dff16d7cea2c4bf7ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"e62536d436e2bbbfcb8f01aa84671ca601ccf537b3288491b20ad62046602d8f3d1b2fef5e0af542b29eb7cb07","nonce":"d20577dff16d7cea2c4bf7af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"57e90938ec88919ad5c7de2e2ed9b410e8e8ab46e1983f71ba3a1a85bd8726e7a84777a97532165b0a1d00636d","nonce":"d20577dff16d7cea2c4bf7b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"056625bc0f5da4d70678d51a0b9e79278042a18d81e4c12362dcffbe91d53b8c5f357a9e0afde2b841fdd65cbe","nonce":"d20577dff16d7cea2c4bf7b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"2e4ae62382e4ae36dea0d243bb69e02195188eeb91009c6a02dc4295543452233e97caf6fdb1909b7c4c9782ca","nonce":"d20577dff16d7cea2c4bf7b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"6a5101ea9f65bc392d82cb52aa6e5d5e09262639ac5a7fa4684c3724c2c9883d20873b4a03816d0d62ce550820","nonce":"d20577dff16d7cea2c4bf7b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"8c3ee8a0bff374943428dcfd6d6fd0ff06103c776a26a04ea4c25c606e1442e4be786fd71c412ae9916f45f8ae","nonce":"d20577dff16d7cea2c4bf7b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"b382567d688e25f95da3b8d7dd290115b5012acf4783bb70336e192ec4c52a9769b29c20325d9a4caaa72e9ece","nonce":"d20577dff16d7cea2c4bf7b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"e048715bb0bfbd3c5cf4df882d03d5464ce682400dc4c349a2f1d1827473100e7d4dd88735e21cc3d9017c097f","nonce":"d20577dff16d7cea2c4bf7b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"17863a9136085e486347c5bb9e13b13d311c7453881a6632eb9711e6bb0aa8e4eed65a3f77025eec5b18b4b180","nonce":"d20577dff16d7cea2c4bf7b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"5eae326e0d64c3d2eb3ca030b86574aec87ef9aaa3e8f73e10a55f15d54cbcdffb1599a30fe765cbb4b01b1620","nonce":"d20577dff16d7cea2c4bf7b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"d8f57a7357b566b35bb59f12d7cececc675ff42a849cc0204b59fa8dd8f32e28367e194d5f0e6686b5a304d5fa","nonce":"d20577dff16d7cea2c4bf7b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"5291cd0c0007d0f903ea34a44c8416604cd581e135cd53388fccb2760e64c497148f510a74bc0bf8c5d9300dc2","nonce":"d20577dff16d7cea2c4bf7ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"8e686ad247050455bc96e7fd09bbd75b811479f19c74a4b9efb42358138c0665154508b40d066cf01786e5b14f","nonce":"d20577dff16d7cea2c4bf7bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"16b50d9f5803b951a5cf311bc2f974db9dab83290a29c892173400864af47909d89bdce645f43b18a40ad224c7","nonce":"d20577dff16d7cea2c4bf7bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"069c4eeb76b1fab4025818cd505109062398b57d996e16487ad944f97fba4225299801806753ed2008a930d792","nonce":"d20577dff16d7cea2c4bf7bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"0daf3b2ddf8acdf78228d418742f97a43bc4175c4490d627ae4b689a1b58187cd95eb8919031ef450b43b5a3af","nonce":"d20577dff16d7cea2c4bf7be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"0e87df1bb6c8e6c39bfc581703caa8c8c89283578766bf180bc1c47d297d42ce90e87172f7f7d75de175379e93","nonce":"d20577dff16d7cea2c4bf7bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"ca21ba4e95aea092d5514267e6fda85ecc1aae1b52bb03c598655e64e839aa54aadcedbb65c1d1d5d7c19971c0","nonce":"d20577dff16d7cea2c4bf7c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"b38a51ef7d68dcda26f36ba9430c841310fbcef1dc2b0656747faf4987c6da76e81cc098b6da02883c47e9cb80","nonce":"d20577dff16d7cea2c4bf7c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"1a8c0cbc4967c3da7ccc5e14748fca5b1ae0ce7b07b99c60ae133f493ad94fba50c2e0f44edb68a1a6d6ded1d1","nonce":"d20577dff16d7cea2c4bf7c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"4b232c97fa9cef6fea482bd90002a6637629e59e6839aa4b51a9698b0db79ec010bb06aba00c1b05f282115181","nonce":"d20577dff16d7cea2c4bf7c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"277542b55e05f4f5b6f1149a45e981973c860e140b0be9be700605be226b5482bdc94873971d7a03b03b180b1a","nonce":"d20577dff16d7cea2c4bf7c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"d1bd44f2aaac3cec6dad09ec5939c8bcfeaa45a020b104af54db92805c150ceec660c14be21114e691c17100b6","nonce":"d20577dff16d7cea2c4bf7c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"fe86fe64f4424a3cc43ae90ca90c4c829555be0d346195fc6f98c027326c5907f652e9ed292e88c262c8d1333d","nonce":"d20577dff16d7cea2c4bf7c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"4b1a3c565eb99b18edf4240a06cb30acf037dc1a932937f649c24c3bc313368f9c13aa814886886cb8250e33f8","nonce":"d20577dff16d7cea2c4bf7c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"82b190bd232d86589e0e1e7f37c0185ad0ddcf2b082c76429e1995b0d1f62acd588bba85b94f226da892db271f","nonce":"d20577dff16d7cea2c4bf7c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"51f98f99fa19184916e1b08c76345b5998ca5fa7fb5242aaa521f7b07b47cd53ac3dc9637e13b436ca617a0b92","nonce":"d20577dff16d7cea2c4bf7c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"323a32f6c87217db499ac6bda975371333f1189a618fbad68e0d8887d1c71b0520fc301f259598de1e48b1044a","nonce":"d20577dff16d7cea2c4bf7ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"43227f6091853dd20734cbb1f0aa1ca58d8fcada7a6b8366a1ad0f777b34ebd040abcaed06be5dc6f4c05df706","nonce":"d20577dff16d7cea2c4bf7cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"209ac341492e0d028320704c2af7c2a3ea84b86e6542b9b3f2a9a3b7da467d3faa471fe2dae932dccff31f30aa","nonce":"d20577dff16d7cea2c4bf7cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"a68f24e02ad3f221d11e3ccd7f6a749f7e3c1b2f37bf20108ab4996db6c599d62ce4425bdb4f596b84eef05e12","nonce":"d20577dff16d7cea2c4bf7cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"04309d4b824c4c2d7aa0586b90b18f3b96b8139e27ddc64b9a2e16850025b4e837b9c4e2965d46d69d5580a2b7","nonce":"d20577dff16d7cea2c4bf7ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"015dfc58fa0be8ad7b4fa8fdd2705a07c9d70a615abe09ea744535667f0a444616b888f16a744ba50bee990ca6","nonce":"d20577dff16d7cea2c4bf7cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"583194570397fd8c5f366627b695df81b281f70c97acb4f9e957739e7741e64aded30ed2bb892a082cff249d5b","nonce":"d20577dff16d7cea2c4bf7d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"2e8468cb395a1b361f4ae24d1fa7b080451edf50ebcc5a605cc0c64926a0a36adcbeebba318189e3a3f10ec1bd","nonce":"d20577dff16d7cea2c4bf7d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"db3a33983fec5d55e1152118386a3942313dd11a52b43ea2453e555619bdd8f2272c4ae6b6b2e45afa0708e62e","nonce":"d20577dff16d7cea2c4bf7d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"a55d4f5c9e4b54d5c430984040d9e3250a4ef60b51c6913ad9f0ffd24485c5220dce9368047b2bb275aded5d1f","nonce":"d20577dff16d7cea2c4bf7d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"7546ced9a69893f81e8a1fe01ee428f1fa989d81a91b67b37335d4e3d74f4c568e37673c8357aea9585f1bf8e7","nonce":"d20577dff16d7cea2c4bf7d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"da9ad2308781a5e98f26623db55632458b1213d6255d9f93eec34dc122d92882a573f4489dfe8819a33712a56f","nonce":"d20577dff16d7cea2c4bf7d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"8807ebf2c3017769a8fcdf49724b6e87ce6b78946f157fa7b596909ded7f3fc5a74c96e6a30bc94c693a10484a","nonce":"d20577dff16d7cea2c4bf7d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"617fbe2f615fe2d78e7ebd09d7119ab6aff2f6948f5b11b0fdbb38f0097fe9728d87478699ba2c4418833e3111","nonce":"d20577dff16d7cea2c4bf7d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"50a2a02f5394690595cb345db18c4da427fc31bd1e7aa225780a9f707296429f3ba7ea55dbfb4e9071ad46c33c","nonce":"d20577dff16d7cea2c4bf7d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"7ad5ce81fc409119042466e46b8b5f69a9ba6ef9ab8f774d6931971854ae54dd26534ac8ff8006c6c5b6bfc080","nonce":"d20577dff16d7cea2c4bf7d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"9ae0d06ce9213dbea68533a6f45db7819a38ba452251aca8c648fd4ce55fa98ea1016e9b607bc2a1c86b9dbd5b","nonce":"d20577dff16d7cea2c4bf7da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"7411c84f11d4b995887faebd4068eb91f4cc6a4210e78db48a5b95349c55797280ee86efbf50aa4979c4291658","nonce":"d20577dff16d7cea2c4bf7db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"00c70bb93351ff8c53993390f9739ba7c6ea01b7340d98eca81a48c833af3694586d80d9eb84a28609ae505e66","nonce":"d20577dff16d7cea2c4bf7dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"c1292deef48fbd48a60e5ceea9d2de9aa74d6a6c2f4ad7af550502d48e85340031608f7c6be408909723e96619","nonce":"d20577dff16d7cea2c4bf7dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"dcf02c0f52dad173ab81af5ba6a71c6aeab76a2f6bedb95a9686a11073ceaa555aad04cca16d61c3000d8f2707","nonce":"d20577dff16d7cea2c4bf7de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"99c731a1024760cfabed4c9e6e06ba16362bf9cf8af0984e3e524a35c57e1b70132b401e879ac25b5a19e52608","nonce":"d20577dff16d7cea2c4bf7df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"380da1568940ae8141c20d77a0c3ca063a0f742aad509a244cc4218a0894f2d4f70d442f2bc3f45e898e8709dc","nonce":"d20577dff16d7cea2c4bf7e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"577edaf7ba9b06c19d8b3afad647f1fbe2cfe0a1e56532a9942d4d3288dbcf2d65720c5cc5bee93b4524924e0d","nonce":"d20577dff16d7cea2c4bf7e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"b8819cad3a864fabdbf303f761b2622ef5f12599684c59a81618b3e8055aae2b62030fa487e672339abb772624","nonce":"d20577dff16d7cea2c4bf7e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"8d0ccbebe563ba37f5973677e0b3cfc333032d0c6fed82158702b1c39a3378b02e8a474079ee03e7be10c3f8b9","nonce":"d20577dff16d7cea2c4bf7e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"f7b0d944940dcb42172ff7f050ced108a040c92cd111f62f64c7c52bfaf0768eb2c22fc50371c6c73a22abd7d1","nonce":"d20577dff16d7cea2c4bf7e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"8a2759704dd2c7712e7fc09674b5c786a0c08fe6abffecb93eae0667adfc68f5b69a8dd1527fe7ef9260b665a1","nonce":"d20577dff16d7cea2c4bf7e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"be595d327a37a484b706780f14a48626426b35a61ca0c897304a8d3cdfa4e0f769bf7c489f207240a548494d1a","nonce":"d20577dff16d7cea2c4bf7e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"58081bd5e9bb449b50338e606a5c9ddb06323e0b30606ec2e7ba914e9783be9455c5864e5cd591cecda45d3818","nonce":"d20577dff16d7cea2c4bf7e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"5b841f947cb3000c81e0dceb2a647d87fce6fdb8ffc1b168b483ce2a7575f03a02a4a7ec748b21a18d75d94f69","nonce":"d20577dff16d7cea2c4bf7e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"7db27590c2b9d81f0c51505db4aff4aba0114977c04ab386078368f4a6efa239d94efb93c2291a031dae851324","nonce":"d20577dff16d7cea2c4bf7e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"3d3d4b63bf33ffe734df92cdb7ff38133c3661f985770e814d5961c8bf8934b7151f722fc0d801afa031cd9a5c","nonce":"d20577dff16d7cea2c4bf7ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"a123bb67617a8d49db372b9158d3b741b55c6052bc23ac936dc1c86371594fce34e40f7a85041642f2941442b3","nonce":"d20577dff16d7cea2c4bf7eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"e593774a7353ef7730ee7fedf79199fd47df3f4a0f35aad4a584112283d137bb7d1fdbcf9d8980ed4244b6eaec","nonce":"d20577dff16d7cea2c4bf7ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"a083192b5973ed1a6adb237cec62aad1a304ca0044e272fc023f3a906f696bd60f545f1dbc0ec7ff551619e0a4","nonce":"d20577dff16d7cea2c4bf7ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"7bfcbaebb82a899a39ea6c34bd76be9358f53e7397d40f76b46c7262510f264d547c56fed89a688c4d9a2b2e4b","nonce":"d20577dff16d7cea2c4bf7ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"fbfc7bc29317c97a62de2ec25cdef1729d169986b334f9272a50110e1b37a71b6cb1e12b762022d4f49685979d","nonce":"d20577dff16d7cea2c4bf7ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"21fa26c371405a806346f540f8c82bd562d517a1a9bc531f089819b7bcd66cd6adf4e93afaf2aa1b7ba2f06baf","nonce":"d20577dff16d7cea2c4bf7f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"6c254fb53652021322d5ef73a16b6562e57432f51ac20b364aeedaae603cd4f391b06f305d9a2fb266a2d3e55b","nonce":"d20577dff16d7cea2c4bf7f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"9d0e3c870e95145533491b24626dedfa8c2b54508ea88310c285e60d4064f3e033aa9ed7b0d06e759e9bb8cc1d","nonce":"d20577dff16d7cea2c4bf7f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"e18e654b8bfb3ebaa9a42de68fc117f1df0b50d1f690101d7ea5905441733f776a1bb789f6490dcd902b232924","nonce":"d20577dff16d7cea2c4bf7f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"44c2bc8b27fbcc94f7861e6d115203940d437c0bc10f6abfe3f7f54a1dbbf7e16d83a624de58d6d984db4629aa","nonce":"d20577dff16d7cea2c4bf7f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"40c149be04bf41e6edc15e40f44276ab6b76f9e2da3a6060680075467b696310320d3bb21ba23de62070cd2d56","nonce":"d20577dff16d7cea2c4bf7f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"582a5f80a54af024cdde0bf597d332f94b58094ad4930e470e9122a00da2823761733ed6efd7ebb208e5dc11c6","nonce":"d20577dff16d7cea2c4bf7f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"6fedb508a62f8119866fa2f77680511461d6acffd5fe5c9cbdf755d0d696416245e94efe70c440d02968f4682e","nonce":"d20577dff16d7cea2c4bf7f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"7b0baf62119a4aa6f261f840ff529913c0d430042581939fd5c4c706eca535d4bb8b27f4b85b063d6c4b672194","nonce":"d20577dff16d7cea2c4bf7f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"788717ddb583b85e508ed3adde0a02dd665d887ef538261718f5e08a1d25ccd6d3f669bed5ce34cb12fe94512a","nonce":"d20577dff16d7cea2c4bf7f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"2d306491874eb01fcbfeeb9ca73bb6ae048077b87f524e597cc87e560ae8faf08a38fcac3b1608431715b232a0","nonce":"d20577dff16d7cea2c4bf7fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"e5b3e678e0e0df8de042871dbc3d2bc3acbfbda12646825ae162340636177e73aebc28265cb0430553940e5cd5","nonce":"d20577dff16d7cea2c4bf7fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"6efccc349b12e2f49b660d577783681b571aa00faba56cc51e71c041eea5e2c855090a0183b395bdc5c1e649c3","nonce":"d20577dff16d7cea2c4bf7fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"5a43b00495f38c68f39eed4151935cbb44104f3aae74307c474e824f8f5e2cc4bc967c4b9fe8ed41a6e00c1704","nonce":"d20577dff16d7cea2c4bf7fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"884e27f01a7fc3b3c01204a8d4d21128c597a06aca13081e82305ab6b3369d0ea39c401088129d9484d511dbac","nonce":"d20577dff16d7cea2c4bf7fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"6708a8ab40099f4fcc5ce3a1f4c1eaad0959f40d52d7efde9805a1e309cda3da9a229e3388f7fdc5798ddcf8ef","nonce":"d20577dff16d7cea2c4bf7ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"2b59c9116a3cf4a2b1ff7b862f05d0a9f4fa5b21beb071a417f9ddd229fbdd3160fcf1f5588f85fe1583d910d3","nonce":"d20577dff16d7cea2c4bf700","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"05e5f0ef2c208da0fce32169d86aadcd206ca2b1a64f06b602cefbf791960f99c6763708362b0d321e8b917bd9","nonce":"d20577dff16d7cea2c4bf701","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"55fbb90f11eb01007b31682815a474280ab8718957856ad32b4dc0d86f71fd49ee1000957b76ba3f56ba5749bf","nonce":"d20577dff16d7cea2c4bf702","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"cfffd60cbd241199eeaf529be3cbef77a67d9c5b62fd65861c84056037c73149988be4d6031d036b9d5ead6494","nonce":"d20577dff16d7cea2c4bf703","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"e065c3fa01c9b0d1d2c20132b5fb21d85c50715ca55d85fbf29e29c95b4119dc054a02a7061e9373ee6ed49736","nonce":"d20577dff16d7cea2c4bf704","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"2ceeb7fe75ad7845efa4867ad23de6816467b5305f5bec964c5d4726e6cedc42e18654c2000cddbdd18e013382","nonce":"d20577dff16d7cea2c4bf705","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"b0a31296ead350554678e5460b31ce11c7f5928433ee2f948f441702112d838718170e81f4b3038139316a154c","nonce":"d20577dff16d7cea2c4bf706","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"d8e3e2a3c1452588477be454dea80c7ec1d84f63430fdc46143bbabd77348c37ac4eb24fa23ae7b4fc0e5bf04e","nonce":"d20577dff16d7cea2c4bf707","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"db487ed57bb04f39a39e6ae8e82e86ff0efb765c47bc49333671b6394b2b50f0e56907adb2a40bedb7fe70c460","nonce":"d20577dff16d7cea2c4bf708","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"7f7277bd1a14fb3843c88306b5f7480c2621b98d76a42e5cb6f3ca139443a2f3a07fdea341dff01e29d68a5afd","nonce":"d20577dff16d7cea2c4bf709","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"3fc4dc2569ecf94fc28f7a61109351c4ddb7648d7c42285cf33d732075e3852d528cb7e0858313b5be0f00c6dd","nonce":"d20577dff16d7cea2c4bf70a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"825c39e7cfe13ce352225b76abcc4f434d3fbf8e1209f852326ae195c669ce411b150149e14d4634b6eedf0b05","nonce":"d20577dff16d7cea2c4bf70b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"9de9581a72f883c91a4e160c2a9ebb75e41538a9612a930b86d5c86cef16c4c88c86c6cb9c4b4aeb91b9ca988e","nonce":"d20577dff16d7cea2c4bf70c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"e04a92935f4ac59e99aab8d602b4816bf7c1dec5d5d47e5d76f75bdddf80ac7f6ed46e6a0986c5d50a980a61d3","nonce":"d20577dff16d7cea2c4bf70d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"da4285f3b19a5a63611948f89a9141b060987ac46739c68e65d85e1265043efdb0aa5d390b9e216660c29c9185","nonce":"d20577dff16d7cea2c4bf70e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"72c1383d0adf2021832cf8e7be8565f68f2693fbb79d1b181331fb84c189d8543cba13e6b7a6dea80208bb6f39","nonce":"d20577dff16d7cea2c4bf70f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"7ffaef3ded32191024d313221da9a3652cfd1ec17cf65aff57b1b67224e5ff7a931e32c72ebf8b226911bddeee","nonce":"d20577dff16d7cea2c4bf710","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"8eaf068482dec200d6e13a15f23fcb59f30cb2948ac226aecd002cea99c89686daf77848f956933cc25fd26f48","nonce":"d20577dff16d7cea2c4bf711","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"264cc5d6a0b7a0b10f6b1b3248b5a3324e3d6f478145618d09c47fa28978493bf1aff64ed4fabd094d5ddabcc6","nonce":"d20577dff16d7cea2c4bf712","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"c148c4bcadd21fdcdd7e068507fa3ca526b14443164eaff48a81db46148cd2ae333bfb325a335296bd19efbbc0","nonce":"d20577dff16d7cea2c4bf713","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"098d1dc0cb7cd977948f0b44542af26e09aa4d6ea63b17b5e72a78723ca9efe1eb002c98a08bdaa8b3fda0b7b3","nonce":"d20577dff16d7cea2c4bf714","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"13fc200eb7d9ac3ec5672a9dab0e813903576fd05bf8fb7ee5635fcc8741419b869a7b8d9f863b12e88e2c5930","nonce":"d20577dff16d7cea2c4bf715","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"81a5873565aca0a8bf27d7e0a40b5190406a8be971a79e71a249fbba371cd6e95297140bf30a9a247db65b5573","nonce":"d20577dff16d7cea2c4bf716","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"dbc759f3edd826642105b502435edfb28a66c7c9053f77f701d019e8054a854c50ddd9951c8d329afdfc5afaa7","nonce":"d20577dff16d7cea2c4bf717","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"ddf2376a8e02ff6aae395fc4455a4c776c0c9783453a2e42b28b3ea3cd1dece1d6a87924307611ccab815bbc4c","nonce":"d20577dff16d7cea2c4bf718","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"87757e2c0821f95564bcc568723acb7171f293e955173726017985e9cb3383b33ed8066fa6f48ceaa6cac6df0c","nonce":"d20577dff16d7cea2c4bf719","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"036d4fd7e9e72929cfd2e1fcecdc572aea5bd5ef16a92e5b711cdd9646eb3a1008a2e7d39ce74e67df6b73f468","nonce":"d20577dff16d7cea2c4bf71a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"5cad074af3887ff07a8d3ce2e8a20e67feba06ba4893e26f14123894d7819392f827f646bb28cd29bfbf7be7f7","nonce":"d20577dff16d7cea2c4bf71b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"e52d575fdb08e3d2084927dc3da9c7084bcdccdc88d997de6e06109d203b2c030ba2cb79a50ae8e0e738fc0736","nonce":"d20577dff16d7cea2c4bf71c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"4c98fe2ce4b77757ee09bfef308f9973c2aa28939ab24ef5fe619124b1c94e3aaf67d7739b22af2f3e158a04c8","nonce":"d20577dff16d7cea2c4bf71d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"f74e7f2532e417fbcd01f4683bd5ea14e94dd4a42f0834819d283c39f27fed8c3dc8dd3e74dcd5fb525d099044","nonce":"d20577dff16d7cea2c4bf71e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"48aa523a358b5777f7dbe60c24eaa1240bd2fc186d91b7d9fd340a62cdee8a79a84785873efb9ff65bfec68f6f","nonce":"d20577dff16d7cea2c4bf71f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"ce4db0c062b8195e46f62aa014b1cd99c00697e6c04cb0adeea45f076ae31200cc03f32e224c585208e580fc87","nonce":"d20577dff16d7cea2c4bf720","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"a53b8dc05218c1f4dfcc2af880df86233ec8fdcf3697c4ffee694c0c042fd545e01a652fb30ce0c46c00f1c7cd","nonce":"d20577dff16d7cea2c4bf721","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"18459e8a46abe63533022ab99edc9417f41f0e43704e3146bf7b3638d9ee9715e89d2593f47296d6e287fc25b1","nonce":"d20577dff16d7cea2c4bf722","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"d3d522979eeb9e6be40d83ad69cff87fc3b1c7b664629454f97087a61de9743586c129ba27849449edc3e218dd","nonce":"d20577dff16d7cea2c4bf723","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"8ecc61ed64cea2091b3e5b13ebc92f91f3daff14b029c0741b7b7541b5e4c4db44e6cb3ead3f379ab6f7ba2134","nonce":"d20577dff16d7cea2c4bf724","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"2344551199f0e4ffd040d05ebd33ed4e72b8798bb9e0a48c3cad3c3b6953dc51eeb28ed9bdf7dda5c96faf453b","nonce":"d20577dff16d7cea2c4bf725","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"45247cc2629c2dceda0e9260ae8cd347d82ffe9986407b1d4279216ef9599dbdb6427d5a8b1ca999b6a86626fa","nonce":"d20577dff16d7cea2c4bf726","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"451db2902d2b4391c47be9a54d5d53b476b5d5d71ba02832fa5b28f35c5a0604d161f4b2baebb09013ea8d5d1b","nonce":"d20577dff16d7cea2c4bf727","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"97fd72b9c01b4974522d4bd494563f05404725034db95a4b4bd6dd147d6258cfe473e5425c39273302f654f09c","nonce":"d20577dff16d7cea2c4bf728","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"77ef019177e690acfe0eceeaa26094135271e14125c3c9d84d539bf86150cf2f4d5e1871fcea5ab3a881e98f10","nonce":"d20577dff16d7cea2c4bf729","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"89819d7bbe96c3cd71d90279ae98765d701b3b21c07dc287b6b5af0fab9e4569dbf57701e4e20a9a68840c04e7","nonce":"d20577dff16d7cea2c4bf72a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"bf4206d7896f079093d3e6fd309ce43999554b8d961f51e2070bd23850cba7071065369af22a56122318a34d9a","nonce":"d20577dff16d7cea2c4bf72b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"f10322e7dc93246fc9528b238fda0e8bdc779b908ac5dddf1411b2aaff19dddef9a5ea8eb464ac38939c5147f5","nonce":"d20577dff16d7cea2c4bf72c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"e2a426d1a686b4d994cc9a919c50a207f5c86c5d4f019592fd0c3255dea61a5230be629c77d69bcaebad454196","nonce":"d20577dff16d7cea2c4bf72d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"8b0ac7f5154a3adffe0463b0a7c86e7397bcd7ad1eb9db45721c6a472f55a30546de99cffd4042fdd7ac071b27","nonce":"d20577dff16d7cea2c4bf72e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"712953e4994fe54d6a5e02d1ab33df9b5f028726af60795aa8571ab53a1cf3c44024cd40d2bfccd79afaabd13d","nonce":"d20577dff16d7cea2c4bf72f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"929f4f028c846ed34b643f5bf111e7c2b2cc38676c37918be2cf1cf1432528194f8210eebb330415ffec3ee601","nonce":"d20577dff16d7cea2c4bf730","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"b5622dd7e3eec8cbb474ce5ec72505100f85c98725c2ab0ec69747b6a8ba6740417c1b90ba2d285f2e7e8aed23","nonce":"d20577dff16d7cea2c4bf731","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"b94bfdec74e4da59e23a0abdf35e78230df609e6e939e1590483ccd7168cc0d730afa2aae1bf5c04c10b5d146f","nonce":"d20577dff16d7cea2c4bf732","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"825fd8362d28d8c9ee2cfeefb8baa0ad579acd6380cadd617eb4241a45571fe75407f1c3c288476a1951f13799","nonce":"d20577dff16d7cea2c4bf733","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"e91fd4c291642964a2e3206668e41e7a833b3eaf3c73d8ae18224479d5e603ad0d266dba04d07e187dcc7e8817","nonce":"d20577dff16d7cea2c4bf734","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"e9cb31df1943fa60763a5883b2dd803f1a1e114b945ea746fe1169ee04206339a109b33d6dd4963a46c95b9d60","nonce":"d20577dff16d7cea2c4bf735","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"e907d69102325aaa155644e2fbf83402752bd7c769abc9d587eaaddf75fa196de4c100c9dde8ab273328f8895d","nonce":"d20577dff16d7cea2c4bf736","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"7ec7579899f8c4000fce0f7b6c5ebfaf4b65cf973181dbb4f8cae39256ab61843605f58dd2f40e5a375136011b","nonce":"d20577dff16d7cea2c4bf737","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"6470ca4f7442d31ac907fcf167ad10b185ea0673a48f0fb52e08df541707ddfce14df56e1f1ec136eceda5dde8","nonce":"d20577dff16d7cea2c4bf738","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"712c2484fee14b3eaeaf6e68f22016121302a6c4071e3bb4dcb41315bc056c7de29504bd30461dc61e2a62290a","nonce":"d20577dff16d7cea2c4bf739","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"1089d0ad01eb981b0e75d04ac8ff62a2a8b611b932bb524cde1a33f1103765022b056f0d082aa41d162e9643be","nonce":"d20577dff16d7cea2c4bf73a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"7055173920dab9eccfbbeefe136fc57ef767e1e8e6db8eae6783235755ae9b0cccdbca572fad83b28bcc7b4248","nonce":"d20577dff16d7cea2c4bf73b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"62a7f47491f3d31a422fc9e908823a8f2d7254f36131d363c32df985ed6dda80871e3829375f25a96d90b45235","nonce":"d20577dff16d7cea2c4bf73c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"192f865b9b0f87c8f3b35b2ce1900e3687554a48736e6188aba905ef472c7377db213d32d56b903f7be0acee06","nonce":"d20577dff16d7cea2c4bf73d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"d0f7f686a5225d8183394c33b1f10c707e7f085660f858d3491198b3a9b4e42f6a9eb365c409993c59093228aa","nonce":"d20577dff16d7cea2c4bf73e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"cf3f64e8b054cf660298d2e7ec7d644a2337429476a7108f14f491345c42e1164a6d96a83b0c56ebee45cce38c","nonce":"d20577dff16d7cea2c4bf73f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"9893da31204738a3f8f4c107c533f64cf8c01b81060308576cb94bfef56c7c204421503eda93d05f5f9ff3f7c9","nonce":"d20577dff16d7cea2c4bf740","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"e407a8a84fc18a3df9833de5ce4e227f338cbe0549bb70d1b30abd5c8ad89f0a0de24bc8dcdb8455c80f507cb3","nonce":"d20577dff16d7cea2c4bf741","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"c400c9a6494c2c62cfc420c7348f03b5598648842115975d204d7b039b3e6bec4f5a24b879d688b590ea0ad3fc","nonce":"d20577dff16d7cea2c4bf742","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"49ab830a7a7be18d1fce87538b02c4514ce2e33fe7dd0041bf206923270ce1eae49fa7afdcc23c2e7095ccd371","nonce":"d20577dff16d7cea2c4bf743","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"d5beef3acedf662be1ac545ff22e0968ded5e7f835082563cbf32f2f97e2ec57ac0a24ef9b69b311c08b2d0705","nonce":"d20577dff16d7cea2c4bf744","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"3200011bd93203e202108feb721f33cff9adf984d7b765c152c42c71a08f6a4b914f59aaea2373dede1d84f49c","nonce":"d20577dff16d7cea2c4bf745","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"0d546040e599350adfce92d598fc83b2f17b8210648ff39c91d7382f1ddf9316fd55762a863bd39ac183d71cfc","nonce":"d20577dff16d7cea2c4bf746","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"56d782dcc5ae009b8b10f486678fc31d04d3e2c2fd14557bc160540eb5b40eb2f4d76a2a54f6ca7debbc8f6091","nonce":"d20577dff16d7cea2c4bf747","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"57584651099749aa985fa971b34618aa8d30aa9c1fcbc8cd15d887ee5ab0fa3d515d8dbba66eb3b1bd53d5849e","nonce":"d20577dff16d7cea2c4bf748","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"d18e9ec60dfb849deb7f665a032f5819b9d047516a4be94a48e8bd2066662d183f7853b3baadfe8971e34a88dd","nonce":"d20577dff16d7cea2c4bf749","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"b05faf558aeadfc164859a477e9cbcab1d27edf19bbcb35a813aa49282b42f8a20bf5fcf943ebaa6d94f93eb32","nonce":"d20577dff16d7cea2c4bf74a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"c069204693e8b828a9ac4d6001f8b0c49a9e7f606a45a8829dcfbc7ef0c23618f7c5ac44a76b00d6b06bd32e5f","nonce":"d20577dff16d7cea2c4bf74b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"957d7c12afc411e4c87d7cc1bfac25e4f3391aa9d71bfd0b8606ccd7565a78c39b02c7c9d763a2d3529600f7f1","nonce":"d20577dff16d7cea2c4bf74c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"648a024a31fd41c542eb6bc1ae2bc234ad3cb899fa65b1d22e947f061c5804f86df390f8ae79642630c26ab5e9","nonce":"d20577dff16d7cea2c4bf74d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"a54a551ae735941e911b84b09c3a33b97c8324f745220f78a0514ad814502654b0377fb45e8628575a7fb14018","nonce":"d20577dff16d7cea2c4bf74e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"35dd21130084fcf97491b42348efcb8271dc611c94cc57d9f1d7700efdcb207d9b725aab10b33868cacb53b5b4","nonce":"d20577dff16d7cea2c4bf74f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"2d7946eaf65d501637c5a51139ffe27bd5c0189c986731e9519ae256f17cc2b363adc654e28622236e9517007b","nonce":"d20577dff16d7cea2c4bf750","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"2182643ecb216095a07ec8e341bbc3bbd9700b98cf6108caf2c6e6a99c567ae9650e18e7137784ea60c0037bed","nonce":"d20577dff16d7cea2c4bf751","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"5cb48c09ae88281008141e22f274be6aeab55d061bd0592388330518bd4e9877f14edcebcdaed09b17839526eb","nonce":"d20577dff16d7cea2c4bf752","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"ddb662da553a5f64f9e70dec7a00b5fe2492c5a8e7fac8b11a24225fec99b72b46a259f58d30ea1e565c3621d4","nonce":"d20577dff16d7cea2c4bf753","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"a812ef927ca2d5a7e6f6c25dba203a28b3749e94ceda1d2ae2f1e4a9607304521eb2b87a74ea8d22cbddee107e","nonce":"d20577dff16d7cea2c4bf754","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"94f9430c6563ac09a8fa019177cb0bf6be3e222e3299211cb771a2e3c39dc490ed2962621d18988f6a8494dcf3","nonce":"d20577dff16d7cea2c4bf755","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"88277b8afc800e1bb7f26f46223b8ec3175d1397c6f132f1930429397b40bead4dfbd194f030b5f9eefeb88c39","nonce":"d20577dff16d7cea2c4bf756","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"409e3d1897304b141d13abe0f59a4b10d0af57618577b340ed6d5480e4e83457b7186a3ea05a18f80a9a6cd637","nonce":"d20577dff16d7cea2c4bf757","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"7ec49da8a4de583b3edebc5b67357cc3ffc51362866c02523ababe69f6a5ee3049d737e25610eb0c3a61899f0f","nonce":"d20577dff16d7cea2c4bf758","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"4246008ed7b0791df31f88250292a3a1e26dd47b14035e9ee4279aaa5d51bf2dfb594d68761ef239da62d38d67","nonce":"d20577dff16d7cea2c4bf759","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"c5d310202308ed77fb3bef60298eac77608ae541bc5ab2d9fb3e43c1b3e2f20cb266927ca85af01353dbaa0166","nonce":"d20577dff16d7cea2c4bf75a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"812334975ad365ad977fe1df9fb18bfba5af83ee39455f877a9f496c1e883f64571917ce52499479270c7db7cc","nonce":"d20577dff16d7cea2c4bf75b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"7455ec4dafadc6a32c4a1482e78e7c80d34ade86bcf44860230055fedae26b642f2577dd5ec3742e06fc72b285","nonce":"d20577dff16d7cea2c4bf75c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"d99776edf6dfa1683b926c03a35a08f5fa6e5ed4307a6bffec785ebe2ad4663e824aea40958ef2fdfcca851a3d","nonce":"d20577dff16d7cea2c4bf75d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"e1773f8fd60b35fe8459a194b3ed05ba72f4d0f16f64169577e2ee4f0d1e9dd1fc5bc5d10da552ae5fbebb0605","nonce":"d20577dff16d7cea2c4bf75e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"b0977a21fb86e2f53605146703243dd713979041ad41b7f4e2eb07a81823a741dfd6296f7a021d0863cdf407a6","nonce":"d20577dff16d7cea2c4bf75f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"dcc76d9c0b453f3bfa0e93e4b21665157670d6363a0444bcc2cbbe3a82017712420fa62e5976f1eb459627350d","nonce":"d20577dff16d7cea2c4bf760","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"4630e92285a0940af56c00a34b93ef07e755000d4b1faafd93eb01a076798dc5304c9119ca4b458ba39742a4ea","nonce":"d20577dff16d7cea2c4bf761","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"f980e55d2dd9dfbd6f0d7f26e681cb6a99b01536ed287570db15819ebadea6c383970e5935faa97f3f7567d419","nonce":"d20577dff16d7cea2c4bf762","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"8b1b4be8257e2d2383b2b5236ac58a4bbc0619129a6af82201034f27bf762f14c9e113d36b94066a52b81edb63","nonce":"d20577dff16d7cea2c4bf763","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"79368883a496b5f8962d2dd3c54116730aed4a6652fd2c222490470b66a91fbf2d8abf8d1336cf596a0c89b488","nonce":"d20577dff16d7cea2c4bf764","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"6e0315642bc29b8a0f6eae9f0f3772c4af2d9451b6756847cefce570299cc8a09bcb14bd3c8e4e348dc60a80cf","nonce":"d20577dff16d7cea2c4bf765","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"d74717cc168f8cc3340346e442a7b789776ba2f5f3f50b18cb61608f1a638d57d5f6f819713bf617936f7193da","nonce":"d20577dff16d7cea2c4bf766","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"8885a9956a8864f070e8b83175dc2a76208c32c669fd64c84c7efbc9eae048e3a3bda1a6c5e9e014177985f345","nonce":"d20577dff16d7cea2c4bf767","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"8248c633eb511e4148c97a9d997288ffe3e9b130f7e1768900e07a3dbd0322bf5feaa3ef1069a69d2f63b8b5e4","nonce":"d20577dff16d7cea2c4bf768","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"661b8260a395a229aadb89a0b0afddd08f65597d5e2965763b4c8779bec4f5a91c6a73f395ee45aacdc03f244c","nonce":"d20577dff16d7cea2c4bf769","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"9e270862f567f91b5fc378247693a6a598dca076802c15f311ad977c862cae39feaf9da66ea276e3f6826ecf3d","nonce":"d20577dff16d7cea2c4bf76a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"9e07269e710dea587007ea36f823e5a6c361a7d852e411d0f608468b61a1a4cda1e79cfa8ae3e0398a471970b6","nonce":"d20577dff16d7cea2c4bf76b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"a2cd8eb604f9dab48b73b5e09a99be8b4fffb8eed1ae639866fa1626acba6469a4389f867c068601e1622a61a0","nonce":"d20577dff16d7cea2c4bf76c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"fe968506c8c9a82cac93961e2470e048eee80c4a2898677f624d8a1051412475ea905a499cf6eabe8c2ec58348","nonce":"d20577dff16d7cea2c4bf76d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"bb45acdb4652e760404402bf5d2a424e8fccc7c5dde8b26338ad64fe2b2cd5e53f32e9e3f69a896bfc3489408f","nonce":"d20577dff16d7cea2c4bf76e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"828fc85f305e3e63442ea0b178d182b53055c4ad909be23ed57603d9572f8c146e17648a3a4787c120daa8feed","nonce":"d20577dff16d7cea2c4bf76f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"b0bbbc30e91367092697057b87e49a0278d6783e7100e58052aae3d6e43d86acf15aa52826bc29b0e1a3b22790","nonce":"d20577dff16d7cea2c4bf770","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"2dd238f23bf4c01ec65d5a5852358a6179783673414daa0007ac448744072057ca090203229d79ad6fa7676219","nonce":"d20577dff16d7cea2c4bf771","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"1f086bb895f86ebca24d03d530e085e64e99194e4c4b741d80a8ecfda0a93c791b84b9c5df8fb054573bb3cd55","nonce":"d20577dff16d7cea2c4bf772","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"530bca4e6045806f7cbc7f47ccbfbaab6fb78470f1d722f039f37f9ce03dd0f7c466f0288cdd70bd76e57298ee","nonce":"d20577dff16d7cea2c4bf773","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"32d031fe93733f5494d4bf4cdf2f331e477e993daa98fea19601255e768848fac11410026b796e10b106ae8e80","nonce":"d20577dff16d7cea2c4bf774","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"0dfb7b313aea0e91dcd2ba7595ee587ec910e6c669f2518355538dd4be47e137873db3c9b34b2ac95ac3f7278b","nonce":"d20577dff16d7cea2c4bf775","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"e602015ac66b00e8b34b1091368b4e1f3eb1d94277d6dcf11829a8cf3a71a554e6e2df953c916f278aafcc072c","nonce":"d20577dff16d7cea2c4bf776","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"9dc47953aae535a27441e77b6eee0db9a884f69c6c3ba1e6ef046d04cad1b4028c34ae259900853f104e6d5edb","nonce":"d20577dff16d7cea2c4bf777","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"1b174d49afa1ed54c34a0d23921d4426b72133b094e5876c9f5089a20bd01ee740b9bf9623d35079b2a7f764ea","nonce":"d20577dff16d7cea2c4bf778","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"e9a9a9a54a5909f74cbaa86707b6a3db088f2a4458d3075be9d50795284abf0912ac094a17e8228011fe8584e5","nonce":"d20577dff16d7cea2c4bf779","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"5c21e68187f15c7d68c30c1d515567a6bb812f79646c97122de81e2f4603487f2398622ad573ec22d6c8d07b9c","nonce":"d20577dff16d7cea2c4bf77a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"5ebbb4ce70e2e65fd6efc03cf6fda8892321740fec30ea21fd742dbc1b53f531f58697dced5c6b1623bf659feb","nonce":"d20577dff16d7cea2c4bf77b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"0d4a1a33581ef910547ec8bde264a46441bcde2e06050b780d887bebc13f7853ab8b264fe4633cee8c4caed106","nonce":"d20577dff16d7cea2c4bf77c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"4e89d3f7b4f86e71601eb768ac42df8afeb983c18397fd4f277e3d1caa631d66960f923798e4b0fcd78c1ccb3c","nonce":"d20577dff16d7cea2c4bf77d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"b640e286eef2d6078f8d5a3e801a2466042121f5f001f8ac8f3461cc261c9f772904b9c15cead99bf305063f29","nonce":"d20577dff16d7cea2c4bf77e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"652e597ba20f3d9241cda61f33937298b1169e6adf72974bbe454297502eb4be132e1c5064702fc165c2ddbde8","nonce":"d20577dff16d7cea2c4bf77f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"3be14e8b3bbd1028cf2b7d0a691dbbeff71321e7dec92d3c2cfb30a0994ab246af76168480285a60037b4ba13a","nonce":"d20577dff16d7cea2c4bf680","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"070cffafd89b67b7f0eeb800235303a223e6ff9d1e774dce8eac585c8688c872"},{"exporter_context":"00","L":32,"exported_value":"2852e728568d40ddb0edde284d36a4359c56558bb2fb8837cd3d92e46a3a14a8"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"1df39dc5dd60edcbf5f9ae804e15ada66e885b28ed7929116f768369a3f950ee"}]},{"mode":3,"kem_id":32,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"f3304ddcf15848488271f12b75ecaf72301faabf6ad283654a14c398832eb184","ikmS":"20ade1d5203de1aadfb261c4700b6432e260d0d317be6ebbb8d7fffb1f86ad9d","ikmE":"49d6eac8c6c558c953a0a252929a818745bb08cd3d29e15f9f5db5eb2e7d4b84","skRm":"7b36a42822e75bf3362dfabbe474b3016236408becb83b859a6909e22803cb0c","skSm":"90761c5b0a7ef0985ed66687ad708b921d9803d51637c8d1cb72d03ed0f64418","skEm":"5e6dd73e82b856339572b7245d3cbb073a7561c0bee52873490e305cbb710410","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"a5099431c35c491ec62ca91df1525d6349cb8aa170c51f9581f8627be6334851","pkSm":"3ac5bd4dd66ff9f2740bef0d6ccb66daa77bff7849d7895182b07fb74d087c45","pkEm":"656a2e00dc9990fd189e6e473459392df556e9a2758754a09db3f51179a3fc02","enc":"656a2e00dc9990fd189e6e473459392df556e9a2758754a09db3f51179a3fc02","shared_secret":"86a6c0ed17714f11d2951747e660857a5fd7616c933ef03207808b7a7123fe67","key_schedule_context":"036870c4c76ca38ae43efbec0f2377d109499d7ce73f4a9e1ec37f21d3d063b97cb69c5718a60cc5876c358d3f7fc31ddb598503f67be58ea1e798c0bb19eb9796","secret":"22670daee17530c9564001d0a7e740e80d0bcc7ae15349f472fcc9e057cbc259","key":"49c7e6d7d2d257aded2a746fe6a9bf12d4de8007c4862b1fdffe8c35fb65054c","base_nonce":"abac79931e8c1bcb8a23960a","exporter_secret":"7c6cc1bb98993cd93e2599322247a58fd41fdecd3db895fb4c5fd8d6bbe606b5","encryptions":[{"aad":"436f756e742d30","ct":"9aa52e29274fc6172e38a4461361d2342585d3aeec67fb3b721ecd63f059577c7fe886be0ede01456ebc67d597","nonce":"abac79931e8c1bcb8a23960a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"59460bacdbe7a920ef2806a74937d5a691d6d5062d7daafcad7db7e4d8c649adffe575c1889c5c2e3a49af8e3e","nonce":"abac79931e8c1bcb8a23960b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"5688ff6a03ba26ae936044a5c800f286fb5d1eccdd2a0f268f6ff9773b51169318d1a1466bb36263415071db00","nonce":"abac79931e8c1bcb8a239608","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"b8b9ed4104033ea8118b7c4008d7c060671a7f229fa31ec5ba9b596c116f373f3d4f786bcd483a3001a113c2cb","nonce":"abac79931e8c1bcb8a239609","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"d936b7a01f5c7dc4c3dc04e322cc694684ee18dd71719196874e5235aed3cfb06cadcd3bc7da0877488d7c551d","nonce":"abac79931e8c1bcb8a23960e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"3c2159b430e24ebf880148bdf09e48f4ca0fde8a9bd994ca5fa812648b5fec2d3e586b2197ccdcad20e992507a","nonce":"abac79931e8c1bcb8a23960f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"b486bd9f413119f06f6a1927f39d2ba9d0186c5eae54f67e5d9fef00af68566a5b30948a50f2b4b733a65fcacf","nonce":"abac79931e8c1bcb8a23960c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"577117a3bc5305560455e3a9aadeca590028df1ed7837ddb747b9ad5ffaede5c7d941efa6ee2f648c985362628","nonce":"abac79931e8c1bcb8a23960d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"75ad3a3b5f732f2c45803cbe2c137153a6f788be0d012fb2db469d5f277b12397cf2e0448a13b6682dff72ad5d","nonce":"abac79931e8c1bcb8a239602","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"c344206b296ab444f00089e7e7bbe7e038bac39cc18c6cde8e379eb8bd97f9431e319d9dc3b0594996b78371ec","nonce":"abac79931e8c1bcb8a239603","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"53cfd8dda77e7a20d1e9c7bf84890aa795d3706664901127da8578db15b5a1025c6a72332772cc830fa156c9d3","nonce":"abac79931e8c1bcb8a239600","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"b674b031577cdacbd750cb80e5cf479fdba4ad081064e14f0c98e160df2abdeff420e2b981c8ef90320b5fff2a","nonce":"abac79931e8c1bcb8a239601","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"ea1c94e5ad7439ab5f65e15160ef4400b92c673d44ecddeb7529eeeeab5cd96f6f3e924e66cb80146fb8f86530","nonce":"abac79931e8c1bcb8a239606","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"ea625c976f70d15a2ac59c11d04304c46abcd5398239b9623e9a28358d0e2228a57ca68015b6937d533ba32233","nonce":"abac79931e8c1bcb8a239607","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"c4580ab63083480b34c38974684b227689a6153e5ec255d613716bf15112a9e17c68866c8d46d564ac1283bef2","nonce":"abac79931e8c1bcb8a239604","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"f7aca9dfbad1d2e665337efc5f9e3e73e1bb89c69ae9572f5d1d4e0f7005a563c9f4a2bda9ea3724b3498db2ba","nonce":"abac79931e8c1bcb8a239605","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"26fa487ee70140dacaa3ce0a5b070f032a60abec8e5450b5fb914c1259d54c0121bfa07abd4f4babe47829bb78","nonce":"abac79931e8c1bcb8a23961a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"b6c0715bc125f34a7fa635955410c6978b1460eced29c4dbaf81e97308986aa7b6a2bc458842e6547f2859686d","nonce":"abac79931e8c1bcb8a23961b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"6dbee3e1be4dfd8e0fb80df4c309ae828a447dd545f51aa5d07f784107ffaba45bfea8167aaf2631135e4108df","nonce":"abac79931e8c1bcb8a239618","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"bf03715b7de62dc661ba912e00a37fbb905840498b4bdee8502455685af0b7f8758788fddcbd5e9b61bbd5f1a2","nonce":"abac79931e8c1bcb8a239619","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"53bb20ae0f9fe9598183edfac90f691a870f96af127090cd3a1f8bac6d61eade2780f63f7142e08f10b0e56fa3","nonce":"abac79931e8c1bcb8a23961e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"ea550b9691dfefb99573ca884ffdbcfda1fb7211ebe92e78c204abae7a36df3f022d81e2d2d40748436908a3ea","nonce":"abac79931e8c1bcb8a23961f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"5c0175a5a32b235d903def13eb9b43346067ff761c88dcbadcef55af400f06d8e52056736f3b2ffa2c9f0d07f8","nonce":"abac79931e8c1bcb8a23961c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"4c01a11ffeba73c20a31b3ba872c708f43e1726a59a887fee73570e628905e5b323903ab7147dc413a5c2c6f8f","nonce":"abac79931e8c1bcb8a23961d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"acb4b8edb626e16820cb59253a8f510b80a61fdc91c7ea1d24b0fb022b5c25311b79d306569fbdda2d103cc648","nonce":"abac79931e8c1bcb8a239612","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"9259525ba78ecfa493aae55ef6ed1e837d9159fe00c3bba47e4575be20a3a3c5f0524e5ea9c1f10cf112ace718","nonce":"abac79931e8c1bcb8a239613","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"c285c7b10905807114a9409cc6a1c4a055df7b788c8b51d917e1f3226fc57182b56c05738724008a483da0dac6","nonce":"abac79931e8c1bcb8a239610","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"d308ebb159dadedfd75798b26ad8e0814ff5f6f8a6a3c930690146edbf3baee5c17c0a76ca4993d0772081147c","nonce":"abac79931e8c1bcb8a239611","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"9a533c539e1e4dbcd9c252171603762de4ab9bb592fc7c8d413f73fbabcf51337ab4c44d0f006e916391acb251","nonce":"abac79931e8c1bcb8a239616","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"1db21faa207ca33c9f29006805adb38e471279c29c565cef952068964a593aac7d0dcad5f766fbd459df91934a","nonce":"abac79931e8c1bcb8a239617","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"947c5fe231c7a6624bca7d27be1387e8130c8525868ee52e4352089bf69cd19ce2b1f986de2f120912b537443a","nonce":"abac79931e8c1bcb8a239614","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"7cf15cf0f359cdcf3ca403f83b55b08aa6b1f376d4033ab25816f9e039fc1b460c4528a1a6c10d04582bc78ce8","nonce":"abac79931e8c1bcb8a239615","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"6516d1eb324f031c455834ff66cd0b033da40ed51105c7c6a86d6477a6fd414c6ed9ec79642a97978bf4afc962","nonce":"abac79931e8c1bcb8a23962a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"ed2d53dbe77f8174a9aa4c9405c008894ae61cc99c4813d97b0f1b88cd8766b6651d3579d4320be05dc85b84b4","nonce":"abac79931e8c1bcb8a23962b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"4e00ff123b53e752de708350de73538ddee63dd829658892524ccfb22af4430693a1a2576f21947d071aef1e5d","nonce":"abac79931e8c1bcb8a239628","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"8be322cb828fa1ac995ba8b7f79b8ee6c767088d1054ec120ec96511e68c771ae8a5e7bf2b32215ecb5a998272","nonce":"abac79931e8c1bcb8a239629","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"b19800e8e9f2ebbc207121af57b1944c18829f7a61578267f0449c1f7fb599c945acb739703377d7fc62192350","nonce":"abac79931e8c1bcb8a23962e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"82f9aef420bf17899e9a73adc1af21075af30669b65a71692e189941e80783ef3d96c8ec8c8e96d41faf88ae9c","nonce":"abac79931e8c1bcb8a23962f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"5c1ea19c2efe8889030f5965a564f90c6aaf670c816513e893ea1b507dc6e24067dc6e499ade406c89a2d1808c","nonce":"abac79931e8c1bcb8a23962c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"2346a90cbf0aaaee9004a81cf8c8c2b63922a875b2103b0e38d887bfd17b7e03f361cecdc6b6c4d1447da904c8","nonce":"abac79931e8c1bcb8a23962d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"aea599acc5756414c4ebb0938696f2433afaed3696e347a02adc00e3b3f480fd96348f7cb62a9349b1e1b1e60e","nonce":"abac79931e8c1bcb8a239622","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"2c7f242d3f0d541ca4794a65dec41b2807e6cbdbaa184b9d70e277af6b961d14e6a486a29549c088fc3d21d1e2","nonce":"abac79931e8c1bcb8a239623","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"6829c236c9d4105535da80552d2da234bbce65334412b095cddc7c0c2156594ba01130cbc03487c00c8f259347","nonce":"abac79931e8c1bcb8a239620","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"5127f1e24d8fa4e190597062f3162cf9ca4aadc9c3c04ca0b55af40757800662b43410eaac18ba3953d7e0e903","nonce":"abac79931e8c1bcb8a239621","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"22f96ab3ade13f5a6f8d43c7534920bc6a14bd38d84e36cc9ae902532518da798397a5dc55f891b506e31c1d1a","nonce":"abac79931e8c1bcb8a239626","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"2ce792d9e42bd1801fe13fd95830989ecde83712c5a66a56786d864a2dc01cd2a4f434f5f92ae3ca7435558485","nonce":"abac79931e8c1bcb8a239627","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"4e9ff1beaf2c9d60434edfa3430ee634041507c517a41e9a9b963813043377412e2cb51de16e65905666ce7e27","nonce":"abac79931e8c1bcb8a239624","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"dac46ce99288bb324b754b86b9bd0a4ddb2e326bad810a87d8cefa869b92239159e557696cd35579a6e9ac04df","nonce":"abac79931e8c1bcb8a239625","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"0fd17a56e2ceadb76548a129394b78a2538f9c0dc9e86785f77605fc60161caf3ffb7102e892de490269013d2f","nonce":"abac79931e8c1bcb8a23963a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"d4e2168002765b8ea787743940af3d0b4e37c39315c9369f4415507eee2386f55879110ca2f16b7e323ad0b09e","nonce":"abac79931e8c1bcb8a23963b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"09cc8862e8fb911ca915441b43e9352104e714530471109b6ee9fd7bef1824ae68e52a55ecf2b9e8ea12f83b09","nonce":"abac79931e8c1bcb8a239638","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"c5c428c2ef80ce9e47c3fc5022ad9b21bbf9a38ee5d45b46c089f980243219e14defdcac34e65b18f3351bf292","nonce":"abac79931e8c1bcb8a239639","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"d51e1d0acc93363598b141539f9484b253bf6aeb69f83f751af559c2d38281d8e52c38299da52f9a636083aa1b","nonce":"abac79931e8c1bcb8a23963e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"e124bdcbffd32b651b7d903d643cfe989a9582c1ec07598e9ff42cbeb49cc9739908a08d658ca549461badbb97","nonce":"abac79931e8c1bcb8a23963f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"0ca2c89163de1b25daa63cb4bbbf5ce0e2545a20adf0e10ca91e10ccbc5db2675e0f7de091b7e5357275b9ec39","nonce":"abac79931e8c1bcb8a23963c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"64e69d2ffa81d5ba4898225f0a3abe9f3746e6785a104c89e03dc4b0e2ae46f076d29da1c8ed9888e537705349","nonce":"abac79931e8c1bcb8a23963d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"536c3bd442a80130802c453a2856e73c7970ae339e94e6be5b6f1309f05f89471e04cb82f854d300af1ad515da","nonce":"abac79931e8c1bcb8a239632","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"b90308205bfe929d2d7de74861d5b93607f07b0ce475acba5babfe77cc5fb1e8cdd50f9b3cf11d0b4482157561","nonce":"abac79931e8c1bcb8a239633","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"8b6ab31988e230907cb2f4e268c359efa2b39b76c81bf8273795b57d0a21e1c98566816bcbbb89dea5fe24ab36","nonce":"abac79931e8c1bcb8a239630","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"1367ff16c42bb249d5a1c09a67175e9a3b1e18a32c7b5a18bbdcbc09d63c18c1421809871dc626786c9250967b","nonce":"abac79931e8c1bcb8a239631","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"957bf42863875c655a00788cc5149cc14423f115a48333b5750b19f786578e914a8fb41e567f66a9d35e8d117a","nonce":"abac79931e8c1bcb8a239636","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"25db8e606ab26348b0b89fff01ec4a33b9a529de29b19d203873acbc3ccce95478e598b795b5faf2fb0f1e1933","nonce":"abac79931e8c1bcb8a239637","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"bf8478cb4900692c5761ae8694175980a6401f0e2f7fee67802862bf1c8350baeb35fb79c28a033ed9369484ee","nonce":"abac79931e8c1bcb8a239634","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"320990565beef70951c4187f8df2048eb0bb55ce5212eea52085c137c6d1a64c8e6dbb89b03dddc5b973d39c49","nonce":"abac79931e8c1bcb8a239635","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"7fd2e3c2566b42324106934267cee35a85a7fdaec2faaaa9d77c7ae5d77cf6cf979ac1c712a13a29319e2f1c39","nonce":"abac79931e8c1bcb8a23964a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"55cf60871958039fe6e648ed497a49a00b67fee265a0421f708b2dc1892ab82f8db176da596357c1569581bc5c","nonce":"abac79931e8c1bcb8a23964b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"cab5903d665b392f43e70b48609f8edea16656b9ea5573c4198422a890d3c9b9a2a8de01a268c2765a969bef4e","nonce":"abac79931e8c1bcb8a239648","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"0ea90af927d5fe4a7f4c7cf581ea16f30dc543f180e1aae6f88ed23014dc49d9fd1ecb72beca60d6b6856939a9","nonce":"abac79931e8c1bcb8a239649","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"1ae79502bccf2e276426f0ae04280696ffd20d55eebdb784653d9117401f0b335b53c76b4d57cdf323dff940ab","nonce":"abac79931e8c1bcb8a23964e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"055e97968976c0a4f6f03e1c109ae66df6c986c94ac9dca88610bc67953c583e23c082a0eed89eee85743cf85b","nonce":"abac79931e8c1bcb8a23964f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"02f5618749fce4b21113077b5ccc45395524b1ebdccb288e94b7c1f2bb9461679bc335bae1a42201943027ac23","nonce":"abac79931e8c1bcb8a23964c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"a2fdc1139c01e213a462ffa032231c3f9a1b63e578340da076b1bac2cd84c99acf28baedea963f007b015c03cf","nonce":"abac79931e8c1bcb8a23964d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"822317c92cfd221d37d49ae1ebb1f0f7727ae88903902829f2a9e4c55606912bb0a97bb1d56dcea447f388002e","nonce":"abac79931e8c1bcb8a239642","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"5ce7dd78485bc4fa5373d51bb2d91c7e4b0995114db971b3b27bf135ee60aaa71a056284b8ea6670a01a904fc6","nonce":"abac79931e8c1bcb8a239643","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"3a5de0feee63038839f4007a1189c60c8e86da0e908282065ac2e5a40beb6f7ddc69b9459190d684428bff0d17","nonce":"abac79931e8c1bcb8a239640","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"136576b274d088ad6f0a77f48e5e19a992a86b27aa7e0811bde5eb97a14dba6c539a82f704ae805acf8992532e","nonce":"abac79931e8c1bcb8a239641","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"b8d6617fb775ecf34608cf0eab1cc67f88368b3af7d7b35af93dd67726d0a9bd128713d2d7308c8fcce268192d","nonce":"abac79931e8c1bcb8a239646","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"1d03f6cb14f124d999ffc772a08b997a19dbd37830a80604c8d07a1a7e15cc2f255fcbc340bded7778cbfd7810","nonce":"abac79931e8c1bcb8a239647","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"c383cd8d608e437795788d289a75fd9050432223762cc76d329ad11e3755b9b904031c8905ee53925bd458b2eb","nonce":"abac79931e8c1bcb8a239644","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"c5f47bd974856116031e0ffd0d32571626ed6f4d48b23ddd0970bb77dd3c0f40fdc3b8a0bb72d936a722db16bf","nonce":"abac79931e8c1bcb8a239645","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"e0aef9dcc6908e737ecef3fc55f2960299ee69a6e6f0eb3ca8e0ffa71a5bf6afd204e31f50ada643c814e6c0f9","nonce":"abac79931e8c1bcb8a23965a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"e4d3758c8d08a309298ffccab9194d479e832edfb681038b38de9646236585265b5bb421f823039efa9b0d4229","nonce":"abac79931e8c1bcb8a23965b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"225472fe6587b39688c210891ade3d037ff56d702ba87ec2d2c46b91f0c818282ef1e77c9385275dfe716a390d","nonce":"abac79931e8c1bcb8a239658","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"1d2e2a69e73bd40b529500190345012cfec81192b9271866693433a878f2c2361c3631626476ff756c380df6e3","nonce":"abac79931e8c1bcb8a239659","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"f99c83db521cccc4f9d54a8f7f2f503a032b3333eb34d019c18eddd33a44cc33efc4a11cbf02f01a728fa54223","nonce":"abac79931e8c1bcb8a23965e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"df246b4ba9f42ce0e5df0f0b2e8a7f331ccecc6ed7e64e888f9babacecc92d77970f8d8563c1d36f547aed9bed","nonce":"abac79931e8c1bcb8a23965f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"4bf472f80221cbd3127adabeef449ebf9595033cf2fea057cb78d28d6fffeec0e0911af4ab719329a9cd3cd928","nonce":"abac79931e8c1bcb8a23965c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"9b39c6daa8d3045208dff4eef735f542ba531f36c5d928135f739306bff8a79e1773d2e060f419adb73aeca21e","nonce":"abac79931e8c1bcb8a23965d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"f1936fc692b66ab3452f95b8d2b6205bebeb3638bc775b04af7c359960c7c75c5847a3e306a60b244f3212564e","nonce":"abac79931e8c1bcb8a239652","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"5aee51b2c8bb3493c8927bc244300761574099a396eb7f5adc6b5c1c21ca40e73436d5a1b801033829f618934b","nonce":"abac79931e8c1bcb8a239653","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"6406a50bf5b0624b61adacd956519e474e29fd695b92a8f52cf61313f559d78daed4e879d64f893ff6e03278b8","nonce":"abac79931e8c1bcb8a239650","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"3867e62dcc6722208bffb525ec5ddc75df33220dd782af96ec6daad928e18fa8f91d9384d2f1f635c94812e095","nonce":"abac79931e8c1bcb8a239651","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"c568306753da5f799c9a547ed53f45d9742fd8e45f05cc93e8ab9e29273ed5029d9856935ec3450643228a44d1","nonce":"abac79931e8c1bcb8a239656","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"60cdacc201de5278bf69b09651c28fc20539a06f3718eb03619a6be718866fcac8e2262b0e2e48d40b295fd676","nonce":"abac79931e8c1bcb8a239657","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"2c15fdde72a9d3e552c14a44f5a9214995ca1e586f0f78da353b70cf7f4ec7c4e915a65c84734f19b95c2872c6","nonce":"abac79931e8c1bcb8a239654","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"089c9b1da754640e648ccad258d442e9c7168491c89f93ded0721801dc8d694ebd739aceffe2e216b38d9d701d","nonce":"abac79931e8c1bcb8a239655","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"416f42fed89a01c7b61f19855908d3cd1099518942c259a6de21320c3b2d194e215d2b0981376d02acffbd2a0d","nonce":"abac79931e8c1bcb8a23966a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"d4c2e2c42c5d40ed54ac891ae7dad6f3bceb893c28853361df3caccacc0a8604a4e0bc7639107633d287418e3c","nonce":"abac79931e8c1bcb8a23966b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"f2da6011e95775fee96179e10a0ce26c93d17a40b27466fb200e4a90e69d61c356407e0997a871df0edcd3adbe","nonce":"abac79931e8c1bcb8a239668","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"1a209cdedb5f1650f59731953269d711d5581d6525d21fbfc6628a27230c05d73dabc4800802fc2288d76e9188","nonce":"abac79931e8c1bcb8a239669","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"40f68331965d6ff1a49d96b91038c0122b0f6e88826e892bd42742d2d65bfe0e60ca19c6be05687b3b2955d4d2","nonce":"abac79931e8c1bcb8a23966e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"b14a557d6afefe079e92ef982ee51f90aa528423e7b0a1df171b8446d9d26deac584600ccfa1aa8dd9ca1eded8","nonce":"abac79931e8c1bcb8a23966f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"860fd67904895e02b042708e8bb5acdafdf77ac8b401bb5d5a8bd34bf5ff6b4f7de3c508abecbb9bcd0c230b74","nonce":"abac79931e8c1bcb8a23966c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"e52fd3c465ffe888a62cea4cfca0f4b65741c3ed2b77f257f577aedd4615be670078803588d9d518e33a41ca11","nonce":"abac79931e8c1bcb8a23966d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"3661da06e65cde52faf25535296db1c3171e5ca447225d9a28a7f32882efe421b4ce82eed72466011bc5fc0e45","nonce":"abac79931e8c1bcb8a239662","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"6e76c22088677fd909ffbc8243f102b1ad5bb99678c2a11b7f6f825f9dedeccf9c545d0747604fc1dbec22bd98","nonce":"abac79931e8c1bcb8a239663","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"b77b49d2844a22190ead1ea41318fa50d0a42b2f7e4dc6c71dc13c7a4bb6ce4fe9d9d3d2133c3c68361c703ff1","nonce":"abac79931e8c1bcb8a239660","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"8c34a4adcc24374f68c3385838fa900b55b1e4cb68391d3ca11c86c157010aac0c61728e9b00389883a1c1a4cc","nonce":"abac79931e8c1bcb8a239661","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"e3499d5ddbce273e2a3331e3e6d0859b523c0ca8c73de580e5aa38cfc82a5d942dec10be28c837e8deb79128f6","nonce":"abac79931e8c1bcb8a239666","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"eeb8e564a5f791c01d2343df446f6a41a30dd37975a60c040c8d3069fe5c7485862497bedaad751c23d8bc42d4","nonce":"abac79931e8c1bcb8a239667","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"55184eb1768d0afe9c7036cce7a879ffa0bcd9431bc86d31bcfed738ebab30e42d69191f7d4083552aaf7e253c","nonce":"abac79931e8c1bcb8a239664","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"ce6a88c145090ecdd2a4191e8563f6228ec1ef4a753ff0a1cb560543aa22be19b67efd6cc4437e9068cd5631c4","nonce":"abac79931e8c1bcb8a239665","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"d0035c63fe922792ab3467cdd0376d68de13f27add82995013db462f829d00129130e3a054c9028672926f41a5","nonce":"abac79931e8c1bcb8a23967a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"23c321a48c03fdc322c85fdf8ebc75e012b6944d87afa73cf3fb7356b464c5cb2c72a9817fbd1ee56c58505356","nonce":"abac79931e8c1bcb8a23967b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"2a8416115989ff76ee67e5f12e98e2ed52bc29cd47951981bf2a34f500b8234fd93339c64f4fdab9573b01e5c2","nonce":"abac79931e8c1bcb8a239678","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"19767ee0b6341d593c1a9b8f47f75fcbcb17df23cf85924f16ec938d8bd2f2dbc9772b646dcb68117ab4d9818d","nonce":"abac79931e8c1bcb8a239679","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"062475e227948cac5193bc2e2c6f10211414ae0c4e27fdfa6660ec83cdde09f54858b76f7d824232b7314dbde0","nonce":"abac79931e8c1bcb8a23967e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"6a9ae3585790c6dcc22fc8fc8af4d2715c1c62fd1f0e17e0fad7c367a32018ffd02d665af5bc4b4672acf5dcef","nonce":"abac79931e8c1bcb8a23967f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"4fd5f342270dbe9f6fbb419627cc21d915d80cba648cfdac0f7d018602c4681e675ba0ccb3fc094a038034bd46","nonce":"abac79931e8c1bcb8a23967c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"cb0b99b7905877600052de9e8257aacd06070f530be9f436858d14e9674483eae0e338411ce1cde2523a06885a","nonce":"abac79931e8c1bcb8a23967d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"9fab91da48ccfd82b796c977e9cde2f63f3ce1c0fa974f6cfad69306eb01e1f854dde7c6e5b6d6eec32aadd94d","nonce":"abac79931e8c1bcb8a239672","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"8ad517acadc96c18a1c83f71ef3900032bbabbcd646bdd29e5b94389a3a3f726f6b0123a193aea6132cb6abd20","nonce":"abac79931e8c1bcb8a239673","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"1e752264cf01052aee0cf6612fed64a96ed76830ebc006f6b9b98ae78aea15334b2f5e0192847b0380eedb75e7","nonce":"abac79931e8c1bcb8a239670","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"436671c6b08d5ad3bcfb89021e7a65782b9f93992c20109eaa39713fbce56b9b9b841671effd2c733cfe552a84","nonce":"abac79931e8c1bcb8a239671","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"5d4e519015ef4a3a32674714b6e3cbed1f7d482bbcd9aea36f3a989273759d39ec6c198512c14d4aabe7d61bda","nonce":"abac79931e8c1bcb8a239676","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"2286db9e272470bb41c9190e19462a86ba73bcc6a703385f69b741cc46640ca8226cddd76b170294dcdd4492a3","nonce":"abac79931e8c1bcb8a239677","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"2aa7670d3e3df9ae7b5e98bcad79ca65dd6f0ad111821bb45311f278b3c85a39bb6908cc5fb88eb97dd790c044","nonce":"abac79931e8c1bcb8a239674","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"ed9f62316e53bf0d344e99064b701f9d4248479eba52a9e5850343a974b7e8b7f34d8f0509a2c808aad9ee6997","nonce":"abac79931e8c1bcb8a239675","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"96499b8f23c72a49590b01d2be7c5845a23fc00648aa55a722445b32e49b5ee6b351b012db54eb556392625e07","nonce":"abac79931e8c1bcb8a23968a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"d733332738fc101ddbe0a58441f874fa2db092cddc5104df12c9c89283e5764580c26b091f3a63faaada07af5f","nonce":"abac79931e8c1bcb8a23968b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"d465c0bf7985376f17c709c9e00a9b9186b9445b4b490d94845a11e71c4082e3f777256a11355e7119b1d1caaa","nonce":"abac79931e8c1bcb8a239688","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"a49d4aac84fd32c3ec2017cf8006c766ba269a88b14ef17e53d05a3ef3426d090fc4cbdda81dd1d5b3be1d1cad","nonce":"abac79931e8c1bcb8a239689","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"c9fb1665e9da827ae5cb107ddf3bae0270be81550c5e4bcceb7ca68577d47bc64b03bf6c627a95c4ce97a48f7b","nonce":"abac79931e8c1bcb8a23968e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"cf4cfdd28c69f84893c6f746fd909d4055646e83b9d335089d8f1c61ee5aa1efeec8d9ee6464e09e555b3c98f6","nonce":"abac79931e8c1bcb8a23968f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"1e0fd836deb5bc28eecf206c6cd7ac96488c98633a9147de2324521420f42b3d1ac9fc07bc6b0f774ce655b800","nonce":"abac79931e8c1bcb8a23968c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"be21ebf295134d6c3c5eefb2e32cf4119385c24d22db8c54fbeb45c963843eae44a17ab92eaf7aff98ee4d1ef3","nonce":"abac79931e8c1bcb8a23968d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"0edd56712e22eb29df5d0f8b1e72ef14a7199508a95937190a66f8c4d0eeec860e85eac95c24be944d1ae29d88","nonce":"abac79931e8c1bcb8a239682","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"cd48de3f5238b8888550da4de48e69f027fbe5a2e979a005879bdd28a4fedffd965e639086399375e5c912ecae","nonce":"abac79931e8c1bcb8a239683","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"866ee5ca36f6d6814a5d3d348ac2838cef6c0a73475d67017cfcae3456718be4d9d4b948b50604f924fce42bcf","nonce":"abac79931e8c1bcb8a239680","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"b7717e7f51805b51709b418e806eb7009d96d4ce10cdc1dfd36e92253d05dbfbc30367c89e55cf4499d9863dc0","nonce":"abac79931e8c1bcb8a239681","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"73c36b52c281f1823174c4e4c9edf7cbd041f4f7daff6c59c517023755eeefa11acdf8c5df03d12acb9728fdc5","nonce":"abac79931e8c1bcb8a239686","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"bd48b23819a88cf0070194ac5941e6dd2a8bce38de10315c8c17232f2302f17b70402e59831ee1b6b872f2c1ad","nonce":"abac79931e8c1bcb8a239687","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"fc6636ef2dfd65ce928a4f7da47d4f2b697a0b3624512de2e19614f2cb5d09a6b89a452c742ab09efef3d1f7de","nonce":"abac79931e8c1bcb8a239684","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"ab21656dc564339b3356a3639172879f28c64158148baf6e2b05b0ddffdbcf9f6021be20f33832cc59f4bc5271","nonce":"abac79931e8c1bcb8a239685","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"47d68dbbc15f991e22574687138141b584a72fa7e20589169ca72b496e4434abef949fda9f77db85f73b5f2ecd","nonce":"abac79931e8c1bcb8a23969a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"35a0a479e47b3f51ea97077cb32183b9419af618d89300bd9422de90eda56b71c82fc9f900044865cf6ba87a91","nonce":"abac79931e8c1bcb8a23969b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"d27d9784f3dc502f04cd30d7e2bc7021282b39767194edae13bbc9d4e02c39f789f8a9cd91b8b272be98f363b9","nonce":"abac79931e8c1bcb8a239698","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"f5b272a86c906acbad52235a0e35e30bb039ab8ae3b5e3c927e41a16312de64d34f35a2024998388d3154e99d4","nonce":"abac79931e8c1bcb8a239699","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"0e5c5e98838cec728a840233befd754bb611912dfcbb087fe66adce52075f637cc1acd3d1fe3a7f1a762430fb8","nonce":"abac79931e8c1bcb8a23969e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"dc76048a9b2827593a9b14c094737e027039df0296eb4b7ab342dbcec7bde02e87d88434854c5779da0d31b18f","nonce":"abac79931e8c1bcb8a23969f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"0a04f96d01e993762cda6b981ba435a13ebaf3cf1f8f7c9e6b50160bfcee383a0e0c818011cdc87ba45025bc2e","nonce":"abac79931e8c1bcb8a23969c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"97de481158e09464b666aea98977579f0524eba11b0d67f435ad28d1ac3d166dddb0af3ef1b57ad505179be533","nonce":"abac79931e8c1bcb8a23969d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"c37848c778b302abc0a115c6a628d1ffed539ebf1fe47fb7d461fe5b4cf083637b20d080e09c80deed03e68633","nonce":"abac79931e8c1bcb8a239692","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"44c8dc696573a0bcd404eb197f245b50d53a39cdf2f024a3f1c92fdca639b323eb53e5da50f40e205789ca06f5","nonce":"abac79931e8c1bcb8a239693","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"8b6ab7a8bd0939524873a0ec930b3e7718c348394bd2b6350a6aaea24734bdc5bea7a5385129170030f503102e","nonce":"abac79931e8c1bcb8a239690","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"b155e3c9f1502847d95b73ef88c21106bd278b9d16d058d46695246546c57aababc2df19948773e4daa98c2cae","nonce":"abac79931e8c1bcb8a239691","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"9a9e8bf2912ffddcb209fcf559d9bea16f91d3b2ba3ae661d66b600489364213a212432265a312352f3c69a5f1","nonce":"abac79931e8c1bcb8a239696","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"5cb11c5a54c67cc1921386bff9501663d996f3d96a49b82c119519b0db9f16d1fad8d2650f41d4171c577b2743","nonce":"abac79931e8c1bcb8a239697","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"b15939ad21cbfd8b91028bd78bf88634b4cd627e97648f32a793895661d02ea36d5463ba9a813b14afd55e9d91","nonce":"abac79931e8c1bcb8a239694","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"20bb74f955ab72f85848675f5fb04a4d7fe24f69aa68e38aea2936ef2809146aabde0dc54682b9612723e89be9","nonce":"abac79931e8c1bcb8a239695","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"e578a43adfcbc02a91fd6825199eb2c868fdedd3413e26a9b5475ab1b30ba0d09b676bf5ed39401aefdca47405","nonce":"abac79931e8c1bcb8a2396aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"a224251ce18650b9be2d2b1ea4176f5e30facd7a3955c661569930fad7abd29b0c0231925e0501c59b4b49d027","nonce":"abac79931e8c1bcb8a2396ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"1fac5ae4857fdb50bef66bbd02d795a3147c9b29e567060c6e321e65a7c73af35993d5e527173f9bdabe2d50ce","nonce":"abac79931e8c1bcb8a2396a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"0405fd5a18a6dc493ddbcff7d222e07d45e80a0106aa2d1ec3a1010968f7a9965145299b1f1192e3f610582734","nonce":"abac79931e8c1bcb8a2396a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"d569d061eaa40567a9692cbc2fd0fbec3d578c6bcb49be12a42795b22ffbb559f1f4363bbd21d69e90e3631e7d","nonce":"abac79931e8c1bcb8a2396ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"29bdb423522c05409977634ecf14494dc0d01688d8fb9d73ddcb5523a7a79a5e5cee0f4baef4820b0bb3fec7e6","nonce":"abac79931e8c1bcb8a2396af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"d987106a571fb792d711ef5d63394150e8528c6f5d69c5b452e38579e833c543d8afb5b61d5a18e443537f88ac","nonce":"abac79931e8c1bcb8a2396ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"1cd12dcef7c9cd2cdb957bddb337dd37201d9840e6226158589d9f4a8a120c5567eb46870eed4cad017f0725c7","nonce":"abac79931e8c1bcb8a2396ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"30d71eeae771adefc0496df3d268362be8210b0deb0df7cc1081fbaca8423279c5bbd4c28d9d2762c9d616c03b","nonce":"abac79931e8c1bcb8a2396a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"f27f7cc24163ac1c1b9c04a95b1763db565acd9337678b698b322ddece65ebcfa4c534aee778697073d3e0919e","nonce":"abac79931e8c1bcb8a2396a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"68f4d6312e97957cad7f1fbcf8850a8c5bb206b488d2005ce38e22e87858843f28afcdc304622acfa7c303612d","nonce":"abac79931e8c1bcb8a2396a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"97752c26238b2eda300dde46faff931d42dd1dba9f0fa45a965380bcb334af23b24cf2dea4be38c32e27557957","nonce":"abac79931e8c1bcb8a2396a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"5ebf4fb7df24341c9c0ffeef5b9c914754dd804dab266245a4ab692c0934f3c60ae6b87e31fffdfc5ca5f5bfee","nonce":"abac79931e8c1bcb8a2396a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"c3d090ca4c7dc25ebf40dabb1f477203494b47c4c3b9123d8cd748a9ac7aa1a136db2a73859e7ddb3ca2c44edd","nonce":"abac79931e8c1bcb8a2396a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"42ae1b75cb8b2700b5f0489dbc13e07e3c6cbfb9359afa57d2348fc64fc038b6abc3297648c0d1153a780878c7","nonce":"abac79931e8c1bcb8a2396a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"2e199cb34aac18261d8cbe204b3115215e55efe45dc82f805bf66bee73d32c6c3642b0311eb02714d8370c8cc8","nonce":"abac79931e8c1bcb8a2396a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"ae30f58c9528869819214e5ce76c30117b3ef8da6d40e950b92870b829cb4f46d08b04ac835b955211a5fc1519","nonce":"abac79931e8c1bcb8a2396ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"dc7709a0ffdb8a0c3ee34d80013ee3e442bb37d29db297a112a3dfbffe8f5992fa605009b66469097f40ef7828","nonce":"abac79931e8c1bcb8a2396bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"c98fe7d4189c05f4458492d31aef8bb29cd4617ed4af35940ecc80c18b16cc21a16ef12e8e6224256dd1ee8394","nonce":"abac79931e8c1bcb8a2396b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"cf3c73e6d6503d11f848999c239527136deec9748434b711bdafd4db56e875b6039c0d4aabe567b7d9129a02f5","nonce":"abac79931e8c1bcb8a2396b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"24c6dc9664609378d212040f1cb0abcb3b2f2d10d8e46df58b8e39a2e57f9a4b26ee0afb49c38c3f2238522941","nonce":"abac79931e8c1bcb8a2396be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"2bae6a1649b3abe9d746f4df407db668f15c5f5e499661edf48622af7056c305447f7918035b6f567053c3eaa0","nonce":"abac79931e8c1bcb8a2396bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"df15f110743450da6d82d2a0b71917f9d4cd01383b939c6e905b803449a60833bcded06c85408a2664f580db16","nonce":"abac79931e8c1bcb8a2396bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"d27bff83cf94253aa3dce61f71da08913ca656f7994da0da277477a6e71a386dc7866f8e415741b55586e2a36f","nonce":"abac79931e8c1bcb8a2396bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"a1107940b1561e9da348dbb0a93a27af55a596c65cafa3355f0ff856d4b90a000f06da35b3a9ee7f478d2583e5","nonce":"abac79931e8c1bcb8a2396b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"c64f8874d41e3891efac8b73559a5953214dfa8771f605898cc3ee3b110fcb9ed4607a32ebc3d115d763d49815","nonce":"abac79931e8c1bcb8a2396b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"86ca75b199fcb48f47f86d061495b49dd7d02b8c7af3d0c03032aa84e9ed3d449f8a259afff35b5f5a3ec3e81f","nonce":"abac79931e8c1bcb8a2396b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"e40b4c8744de8f79e8c47ef4c45599bda844a61823455b0bd88a257a489b2aa27898dacbe156a7dd661a1e1b42","nonce":"abac79931e8c1bcb8a2396b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"a3a1dce1cf2f65f0da9612739c0f3a9208459fa4de5e1425062f33eb661a2f9706479db0ffd6ff8044fb0603e0","nonce":"abac79931e8c1bcb8a2396b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"28a806c004a72019acd2ffe1439e65e2535b17f4737d67647854726f8c968bc9ac97f40f8a52ba6e4a879eb7e9","nonce":"abac79931e8c1bcb8a2396b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"4fb3e1abe9f23795b95e1a4e092fbc42359b70fa59046079b718f380d6979569e2df0348c22654d5247e962d82","nonce":"abac79931e8c1bcb8a2396b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"650c40e904af0899c9a19525c6eb29b850ada17da63cbaa3dc4ea9905566a7438d90161e6cb4c1223a3767126b","nonce":"abac79931e8c1bcb8a2396b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"6865a2dca29fe02f406c29a43c8d78f74f39c275740ce81f40af90f2c6382fdd5614b6b047569f7aa259864d16","nonce":"abac79931e8c1bcb8a2396ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"db08489acfb4160e21f3ab40529d76041dec332ad9fe9504688b596b368be6deca684ec8330c84b306b321e06d","nonce":"abac79931e8c1bcb8a2396cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"b5c4a03c23f21a3afe962caa74e7e253e65cd1c78570114cbab914b6ef3f48ac5187564198de2a4157200df42b","nonce":"abac79931e8c1bcb8a2396c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"2e2068cc796d528a262667dccff6eb6e9e4bf7049ee5042e4ac49d0299d928556c0ad14dd2d283857f696d9f7c","nonce":"abac79931e8c1bcb8a2396c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"29c62b0ed6d6f792fa420d71bed70fe36af549b6b8653397e491164cf5b69a962800be8859a5ca50fab7c6e2e0","nonce":"abac79931e8c1bcb8a2396ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"80873c636e2bb73da0cd15b92c770f27c7adf6300b5aae57f704dda1802064590575bf285b8e4a34f98c852b44","nonce":"abac79931e8c1bcb8a2396cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"9cd602d7936e7adb1a3f54035ee872ff4aac56e54d7453728ea0b81377216e1e8687bcb20dc722c7e1a6c6b2f6","nonce":"abac79931e8c1bcb8a2396cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"1aa0f447a92a631b9b1caaa31245d19202b0be20ef2092475054598e419799edd501fc0bc8b775aa969e3036ce","nonce":"abac79931e8c1bcb8a2396cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"1874099b0b8c9fa506bdd8ca27e28b2da46b9cf2dbf40df0a3ca553cacca3361172ffea1a15762e6eb32c9aa7f","nonce":"abac79931e8c1bcb8a2396c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"a0dbf25280d4b8ad9a9bf9f921a9e978d30a63cc06413bad79e42c36fee2fc328b8eedbc74340292bae8aa3985","nonce":"abac79931e8c1bcb8a2396c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"fc6a611cb9d3de25c5a5f57cbc7ea96dc015599a0b3da3dd771e8f4c09fec598057ecec10dacd32e7da7d74fa6","nonce":"abac79931e8c1bcb8a2396c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"ca21b138e1ddbb7457310f154c08a1f62b4063ea779865c59e197be37886532d79c417e116952be597e697c550","nonce":"abac79931e8c1bcb8a2396c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"f8281c4e927fddac8fbddd3e984620893c407852c32851eb23039fbdaad4b1dbf1f596f726b9e10fc107a65f5a","nonce":"abac79931e8c1bcb8a2396c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"e1a62af15612ead514a16d0ecf2d34e7ac8618fc78b7647564356756627f65c0293b79f44f1304e904cb6982b2","nonce":"abac79931e8c1bcb8a2396c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"21e37403fa94148ad7e348299518e94c1f1a0144b34c7698462d2e94b2047d936f34c593f8f376b7b7cfcf8229","nonce":"abac79931e8c1bcb8a2396c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"c49796831fc10d107d9cb72750d3c875263b3d0e87993b9396ca8a977ae5925526f96dd02761a177114c2d136d","nonce":"abac79931e8c1bcb8a2396c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"89956ec56757a35e6b4e25eba6f592fae8f1b6b85ff37204fa04b2bce531801620aaf05613c2f6394e77e5d510","nonce":"abac79931e8c1bcb8a2396da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"709f1aa280f9cc9e4227ab43849b8bcadb6d297de2e66b5f09b41a6f9e7c6bc60c136f547d89c6d03f08046a4e","nonce":"abac79931e8c1bcb8a2396db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"ff844e5dfede06e12e3a459839152d06b9dde2a711d4dd8cdcbcf1b86cb35bb28eeca397f0054c4a30959c80b5","nonce":"abac79931e8c1bcb8a2396d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"2c85bc74172323db9833f0750588a1f9e552ad4d3038a7601361c9611629097c87ebf2f83c36501483b3b9ba0a","nonce":"abac79931e8c1bcb8a2396d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"9a98f60d3c35c4cf2a5e8774c642fc34a1ca9e4d2dbc62f1e0abbf3deedea3f947b72ec9abb9a0f1c815e09ca1","nonce":"abac79931e8c1bcb8a2396de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"46c8a5c0c57779ee9546f17a9bcfd7fc3fa8ed3cec824ca1e3f67d4d4d178b339dca18c133a3a0945da6b25b65","nonce":"abac79931e8c1bcb8a2396df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"edc17e5551e893b46c22c3d01f2567a6bcb5a4f01e157eca5dc0a630df7200034678035da2e0858fe31afd1ef9","nonce":"abac79931e8c1bcb8a2396dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"bbe31b70be144a7fa64f82e00896b0a11de87c658d68405697aa3d52952fc39c81b3269fa1990a7e50041e9b10","nonce":"abac79931e8c1bcb8a2396dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"da5eac769d56b9b80344188aaef992865e1d8024b49003c1664c757efafe8fe660e508e97f7f1e2c56c43cb61e","nonce":"abac79931e8c1bcb8a2396d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"ab49cce1c912da17ceea7ae0f8712923feaca38e0eb4e62e74d319240e213779be53ad6bb6775eed6fbf6bc846","nonce":"abac79931e8c1bcb8a2396d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"d03b8be1ed3335acf9b3b5477524cc626002a578e11ba9010cbd42bef2b08eef99f57fc997e9d053c0f497c516","nonce":"abac79931e8c1bcb8a2396d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"40d8363e04a6baee6028db64f87eb9666909d82d653d96269a3ff8b1fbf9fe567bb1b12228bb561983a96c86d9","nonce":"abac79931e8c1bcb8a2396d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"d23fdcd1ed71f0143d367d5ed6d17220825956b460dd8d0e0cc64640ada994b1ab424c733aaffe01041f01e613","nonce":"abac79931e8c1bcb8a2396d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"c8f30c89c98df32d716c31a9a3322c524678df3b2ac1290c69e5d0ece1e13175c2f74f530dc9fa9aa81b24fdef","nonce":"abac79931e8c1bcb8a2396d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"fdbdb3f3c825db1182c8504a769bb3c5535a68756a912cb84b615800a24cbd933ab425687b88c939a7a0e988ee","nonce":"abac79931e8c1bcb8a2396d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"11a9b7c277e90b560490c5a32b5db2652c2b01ec72e6cd338e7f9b629b135382b8bef6ba68ebc43056a15f360d","nonce":"abac79931e8c1bcb8a2396d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"897ce01ca7430543c75beda21c7552fbcb49133fb4556dd8d5d8efd0f07e64f333e40be2aa5b90435cc2ae1b8a","nonce":"abac79931e8c1bcb8a2396ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"360f1bee3f3dff9ddd6a1bf947793ef6880c97b0d1ec79352a3e5a6865911ca3ce4a62c45e695b5e6a9a4def92","nonce":"abac79931e8c1bcb8a2396eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"066fc382958f47e192c632188ca4002386745eb7c7c05a70d20cd9fa61829e1d86f3feb46163e88dc8e2b0e8b7","nonce":"abac79931e8c1bcb8a2396e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"95582bd3b1ddbc81c3ea6d3a2070debf2af20a923587f440d660413da4064336151cfb3dee22b1ec5e4c01f1e8","nonce":"abac79931e8c1bcb8a2396e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"cf8e954ff9236e6aeff7beb4a717846444a57667d16b4c1e0cd2278942ac95cef4f47ae96affc54f7297d9c57c","nonce":"abac79931e8c1bcb8a2396ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"53e6422b3303d31494683514b1d9f97e8012998b0f306bc3cf1afce596ac93c996fca83ff231aa0dd90c9c1254","nonce":"abac79931e8c1bcb8a2396ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"35cd1b522ae59f1a58255ea2fed6ceed3b96299497f6691c09369608f8f5b58b73f1051b63534fdcc751b8f530","nonce":"abac79931e8c1bcb8a2396ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"147602c60a711f20be66ceba1018dc64d28226b6e3bc03d9e98d4e3436846a60bcbbafb48b85e1e24f59bfa325","nonce":"abac79931e8c1bcb8a2396ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"6ee072a5b8a120676307b70cffce710d580957411d1e3d4d9456f246cc3e9432ab525ab507a469c1204e4550bb","nonce":"abac79931e8c1bcb8a2396e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"549bea0f1f7a2a6232fe3ed29257d7e4b63a22e75da1761c339e5a0f87c9bf7925af365a5764ac2b6ed30ea8aa","nonce":"abac79931e8c1bcb8a2396e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"d78186c9f5da777dda263a11ca4f966bd9374b7824808993c839986bd99a1c40eaf7b3c1a129e7779216c323ec","nonce":"abac79931e8c1bcb8a2396e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"dfaa95b19ec46bded7053e0a9c9d2fa05c3c75e3fe79bbb1dffc2faf0511bab3c4b3f9a785e14d3a65581189e9","nonce":"abac79931e8c1bcb8a2396e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"3d65ef28df5bc5abd3c40fdb8ebf45c44f8422ab5f3d82aa4fd82987ba65461b92ad00f723e867d6016fbfe555","nonce":"abac79931e8c1bcb8a2396e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"02812bf8b38056ce56cf21aa85cf173f55e7d18d671ef66818cee303043a0e038e59d91d2f41468e3ab5908680","nonce":"abac79931e8c1bcb8a2396e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"541a0837bce7ad17f6535ec00df256f142b6d4e92e6b30b999c66e603713c37bb5217757b9a3889f4b5faede3c","nonce":"abac79931e8c1bcb8a2396e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"fc5b2602d709b1ebb45c2bec25ed2cdc8ffbc15b7954b9a0ac95a66c12cdcc897eb26937ef8508f40ab1d42dfd","nonce":"abac79931e8c1bcb8a2396e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"0a6887edb6551ead2bcbb0112924bc84c13c58f4bbf0c47258b7f151c6ec896e63d4ace1326e1cf17c397fea3d","nonce":"abac79931e8c1bcb8a2396fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"3a80b13b566e04e9999c292821d611ad9be2fe9febd133d943124159172f2e6bd5d9abbf91b80201927140954d","nonce":"abac79931e8c1bcb8a2396fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"dd419d3e366ab5da4db2a69a43c901d863b4f5da18b9bf298d3207fe3335867d617e1e0edbf38914006b9842c3","nonce":"abac79931e8c1bcb8a2396f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"df6d017f4c88be71b46dfca8b569a9e7326f69d26523feb6cfcbdfd048d0000d807385068cceeb099d8a4ce9ee","nonce":"abac79931e8c1bcb8a2396f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"66a176eb762a013d98eb51ca45925b99575f4cb9b7d31ec8b2e959d991f4b7803e09833504aef694522e9e1453","nonce":"abac79931e8c1bcb8a2396fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"21ec55868c71366f29f361febeff4e80d65ed7228f0c2e2d28d3166f3ba9382d0bfcdc9cf17d1d6a983bf18a63","nonce":"abac79931e8c1bcb8a2396ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"d2a3d96c9d1a4fc2df6cdbb7bd7752d967ea7de7bab0634b46e717732e8ddda3db7b2fd993d9b22365a40387b0","nonce":"abac79931e8c1bcb8a2396fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"4a8d8c32329c13e415e2ace9fdb9a7f836b89b0468998cf4d320ea74094666eb931fa0332bd161a3324765880f","nonce":"abac79931e8c1bcb8a2396fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"861ede845dfc1fe760182ae3e4c34df2533f59f4833c200220b3a465c788e33ea565a98b921aba4adf7900a2fd","nonce":"abac79931e8c1bcb8a2396f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"c19f18115d3ca1a72411e690d8c9248170312bfe71fa60fcc15f7975d8bb87d399c7653edc40bcdc5f65c73be7","nonce":"abac79931e8c1bcb8a2396f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"3ad99dfd9923924c83ab52cd45b0ee55789f85006495c5920a0e91c9a26a8de92f2dea648216a03009172b6466","nonce":"abac79931e8c1bcb8a2396f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"21711cfde33d0127a0741078695e2b6c23d840547cf2444d4dd0098f6d3417b4831a637b0816f16d1b5a55e018","nonce":"abac79931e8c1bcb8a2396f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"d413c7e684ca2b7bd4c514717d237d7ff5a6f301f000cd34eae9de81fab9183432dece30d1f9c0427dfcab5986","nonce":"abac79931e8c1bcb8a2396f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"6d5da509b1fdf8a4d666c96cd59629f093b7d0599354ff339981d3b01c7b74ae2dc15710b051a208a9bee580fe","nonce":"abac79931e8c1bcb8a2396f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"9396c0020a4bfbce3b48de9e3cb5f779b69344315f6883d4d86af577fa18209420fec26e24b0136a5f5fcf6654","nonce":"abac79931e8c1bcb8a2396f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"4d4c462f7b9b637eaf1f4e15e325b7bc629c0af6e3073422c86064cc3c98cff87300f054fd56dd57dc34358beb","nonce":"abac79931e8c1bcb8a2396f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"9b7f84224922d2a9edd7b2c2057f3bcf3a547f17570575e626202e593bfdd99e9878a1af9e41ded58c7fb77d2f","nonce":"abac79931e8c1bcb8a23970a","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"c23ebd4e7a0ad06a5dddf779f65004ce9481069ce0f0e6dd51a04539ddcbd5cd"},{"exporter_context":"00","L":32,"exported_value":"ed7ff5ca40a3d84561067ebc8e01702bc36cf1eb99d42a92004642b9dfaadd37"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"d3bae066aa8da27d527d85c040f7dd6ccb60221c902ee36a82f70bcd62a60ee4"}]},{"mode":0,"kem_id":32,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"683ae0da1d22181e74ed2e503ebf82840deb1d5e872cade20f4b458d99783e31","ikmE":"55bc245ee4efda25d38f2d54d5bb6665291b99f8108a8c4b686c2b14893ea5d9","skRm":"33d196c830a12f9ac65d6e565a590d80f04ee9b19c83c87f2c170d972a812848","skEm":"095182b502f1f91f63ba584c7c3ec473d617b8b4c2cec3fad5af7fa6748165ed","pkRm":"194141ca6c3c3beb4792cd97ba0ea1faff09d98435012345766ee33aae2d7664","pkEm":"e5e8f9bfff6c2f29791fc351d2c25ce1299aa5eaca78a757c0b4fb4bcd830918","enc":"e5e8f9bfff6c2f29791fc351d2c25ce1299aa5eaca78a757c0b4fb4bcd830918","shared_secret":"e81716ce8f73141d4f25ee9098efc968c91e5b8ce52ffff59d64039e82918b66","key_schedule_context":"009bd09219212a8cf27c6bb5d54998c5240793a70ca0a892234bd5e082bc619b6a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6ddc9c64fee26bdd292","secret":"04d64e0620aa047e9ab833b0ebcd4ff026cefbe44338fd7d1a93548102ee01af","key":"","base_nonce":"","exporter_secret":"79dc8e0509cf4a3364ca027e5a0138235281611ca910e435e8ed58167c72f79b","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"7a36221bd56d50fb51ee65edfd98d06a23c4dc87085aa5866cb7087244bd2a36"},{"exporter_context":"00","L":32,"exported_value":"d5535b87099c6c3ce80dc112a2671c6ec8e811a2f284f948cec6dd1708ee33f0"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"ffaabc85a776136ca0c378e5d084c9140ab552b78f039d2e8775f26efff4c70e"}]},{"mode":1,"kem_id":32,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"5e0516b1b29c0e13386529da16525210c796f7d647c37eac118023a6aa9eb89a","ikmE":"c51211a8799f6b8a0021fcba673d9c4067a98ebc6794232e5b06cb9febcbbdf5","skRm":"98f304d4ecb312689690b113973c61ffe0aa7c13f2fbe365e48f3ed09e5a6a0c","skEm":"1d72396121a6a826549776ef1a9d2f3a2907fc6a38902fa4e401afdb0392e627","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"d53af36ea5f58f8868bb4a1333ed4cc47e7a63b0040eb54c77b9c8ec456da824","pkEm":"d3805a97cbcd5f08babd21221d3e6b362a700572d14f9bbeb94ec078d051ae3d","enc":"d3805a97cbcd5f08babd21221d3e6b362a700572d14f9bbeb94ec078d051ae3d","shared_secret":"024573db58c887decb4c57b6ed39f2c9a09c85600a8a0ecb11cac24c6aaec195","key_schedule_context":"01446fb1fe2632a0a338f0a85ed1f3a0ac475bdea2cd72f8c713b3a46ee737379a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6ddc9c64fee26bdd292","secret":"638b94532e0d0bf812cf294f36b97a5bdcb0299df36e22b7bb6858e3c113080b","key":"","base_nonce":"","exporter_secret":"04261818aeae99d6aba5101bd35ddf3271d909a756adcef0d41389d9ed9ab153","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"be6c76955334376aa23e936be013ba8bbae90ae74ed995c1c6157e6f08dd5316"},{"exporter_context":"00","L":32,"exported_value":"1721ed2aa852f84d44ad020c2e2be4e2e6375098bf48775a533505fd56a3f416"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"7c9d79876a288507b81a5a52365a7d39cc0fa3f07e34172984f96fec07c44cba"}]},{"mode":2,"kem_id":32,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"fc9407ae72ed614901ebf44257fb540f617284b5361cfecd620bafc4aba36f73","ikmS":"2ff4c37a17b2e54046a076bf5fea9c3d59250d54d0dc8572bc5f7c046307040c","ikmE":"43b078912a54b591a7b09b16ce89a1955a9dd60b29fb611e044260046e8b061b","skRm":"ed88cda0e91ca5da64b6ad7fc34a10f096fa92f0b9ceff9d2c55124304ed8b4a","skSm":"c85f136e06d72d28314f0e34b10aadc8d297e9d71d45a5662c2b7c3b9f9f9405","skEm":"83d3f217071bbf600ba6f081f6e4005d27b97c8001f55cb5ff6ea3bbea1d9295","pkRm":"ffd7ac24694cb17939d95feb7c4c6539bb31621deb9b96d715a64abdd9d14b10","pkSm":"89eb1feae431159a5250c5186f72a15962c8d0debd20a8389d8b6e4996e14306","pkEm":"5ac1671a55c5c3875a8afe74664aa8bc68830be9ded0c5f633cd96400e8b5c05","enc":"5ac1671a55c5c3875a8afe74664aa8bc68830be9ded0c5f633cd96400e8b5c05","shared_secret":"e204156fd17fd65b132d53a0558cd67b7c0d7095ee494b00f47d686eb78f8fb3","key_schedule_context":"029bd09219212a8cf27c6bb5d54998c5240793a70ca0a892234bd5e082bc619b6a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6ddc9c64fee26bdd292","secret":"355e7ef17f438db43152b7fb45a0e2f49a8bf8956d5dddfec1758c0f0eb1b5d5","key":"","base_nonce":"","exporter_secret":"276d87e5cb0655c7d3dad95e76e6fc02746739eb9d968955ccf8a6346c97509e","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"83c1bac00a45ed4cb6bd8a6007d2ce4ec501f55e485c5642bd01bf6b6d7d6f0a"},{"exporter_context":"00","L":32,"exported_value":"08a1d1ad2af3ef5bc40232a64f920650eb9b1034fac3892f729f7949621bf06e"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"ff3b0e37a9954247fea53f251b799e2edd35aac7152c5795751a3da424feca73"}]},{"mode":3,"kem_id":32,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"4dfde6fadfe5cb50fced4034e84e6d3a104aa4bf2971360032c1c0580e286663","ikmS":"26c12fef8d71d13bbbf08ce8157a283d5e67ecf0f345366b0e90341911110f1b","ikmE":"94efae91e96811a3a49fd1b20eb0344d68ead6ac01922c2360779aa172487f40","skRm":"c4962a7f97d773a47bdf40db4b01dc6a56797c9e0deaab45f4ea3aa9b1d72904","skSm":"6175b2830c5743dff5b7568a7e20edb1fe477fb0487ca21d6433365be90234d0","skEm":"a2b43f5c67d0d560ee04de0122c765ea5165e328410844db97f74595761bbb81","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"f47cd9d6993d2e2234eb122b425accfb486ee80f89607b087094e9f413253c2d","pkSm":"29a5bf3867a6128bbdf8e070abe7fe70ca5e07b629eba5819af73810ee20112f","pkEm":"81cbf4bd7eee97dd0b600252a1c964ea186846252abb340be47087cc78f3d87c","enc":"81cbf4bd7eee97dd0b600252a1c964ea186846252abb340be47087cc78f3d87c","shared_secret":"d69246bcd767e579b1eec80956d7e7dfbd2902dad920556f0de69bd54054a2d1","key_schedule_context":"03446fb1fe2632a0a338f0a85ed1f3a0ac475bdea2cd72f8c713b3a46ee737379a3f4c22aa6d9a0424c2b4292fdf43b8257df93c2f6adbf6ddc9c64fee26bdd292","secret":"c15c5bec374f2087c241d3533c6ec48e1c60a21dd00085619b2ffdd84a7918c3","key":"","base_nonce":"","exporter_secret":"695b1faa479c0e0518b6414c3b46e8ef5caea04c0a192246843765ae6a8a78e0","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"dafd8beb94c5802535c22ff4c1af8946c98df2c417e187c6ccafe45335810b58"},{"exporter_context":"00","L":32,"exported_value":"7346bb0b56caf457bcc1aa63c1b97d9834644bdacac8f72dbbe3463e4e46b0dd"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"84f3466bd5a03bde6444324e63d7560e7ac790da4e5bbab01e7c4d575728c34a"}]},{"mode":0,"kem_id":32,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"59a9b44375a297d452fc18e5bba1a64dec709f23109486fce2d3a5428ed2000a","ikmE":"895221ae20f39cbf46871d6ea162d44b84dd7ba9cc7a3c80f16d6ea4242cd6d4","skRm":"ddfbb71d7ea8ebd98fa9cc211aa7b535d258fe9ab4a08bc9896af270e35aad35","skEm":"b2ddee7e705637e56848f7d79722037df28ac5a4343502dd83a896c7133c1713","pkRm":"adf16c696b87995879b27d470d37212f38a58bfe7f84e6d50db638b8f2c22340","pkEm":"8998da4c3d6ade83c53e861a022c046db909f1c31107196ab4c2f4dd37e1a949","enc":"8998da4c3d6ade83c53e861a022c046db909f1c31107196ab4c2f4dd37e1a949","shared_secret":"3b5f8cba3b53c7d4711f5c6a5a0397bda23762e9a6a5319081443372a1c12e66","key_schedule_context":"00018d129f34a145043cba6146e7e397593164fb1e78e512e6f36be621c56f9f7023a14f35e95577ec3f6714ee332f48e829fc2ec336e71b204f5958b7067f47756f17ad5b0cda65d91049ff137dc5111687e0d4d44123d94cf2ad7b71ecb5fab6cdf8e044519fe1ecf7cffb6a3f3bfbaf6babfebe5d30a92e166f52849e8d35a3","secret":"5db1a303f2a43fbc85b94ee359ba3ef013ad9862800ade177dae91df69c8c41c9629e9af9aa7ef714ce54ed9d25270a34ed1252b22bc97cbee529d94475efa7c","key":"5470dd5c2a9dd27cc3afcc0a22db8b7f","base_nonce":"674e489fcfed0d05867cf633","exporter_secret":"80af20f76b14d0b2a62f6c8f35a8dbfc5daeec7ac991a3cd44296e4f1dcd05b3a03b97c1701629ac5f5408a00244d2c769b83c07462b15ff1146d5a0bf040187","encryptions":[{"aad":"436f756e742d30","ct":"d3a676359d7db814f1f7a12cbe98ab334c834e14d61def40616dfc7e53dc5fc92e1e05d8c8139596dc8e7b04f5","nonce":"674e489fcfed0d05867cf633","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"16a4364a06fd57e8fc2d536ed9eb81267ded43b7663340791ce069067b728ce5146feb50622314ad9129c77a16","nonce":"674e489fcfed0d05867cf632","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"3b1655ecb2bb72ef7b4e32aa342750b79cb997eb8ade1d898515173d56d8c3d76a2f47165ff9ca36763be07551","nonce":"674e489fcfed0d05867cf631","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"a296f3c5e9006bcea15036eb33c02198cca288653be74913e90aa7e9654a203dfd1885588d3b52417df7785b5d","nonce":"674e489fcfed0d05867cf630","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"bd902e383ca11c845a53331b9a27d57752000babec86cf73040f126999de1d2f37dadeebe5a4555df8b0fc45fa","nonce":"674e489fcfed0d05867cf637","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"b15883c1bbf043c795a32fd834b07a7fbb1a58728d5b37ecb8518c8f2ee456d9003c8c1b386e144490d47dd124","nonce":"674e489fcfed0d05867cf636","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"39e6a21e75ccab818820ca3cb060553ed681af3bbaa426143debeb641e7d393218513a941148d5b19592169e67","nonce":"674e489fcfed0d05867cf635","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"fbb7c1f222dc30b4e49e9b6e28796d757838fdb67df8882304d888a147ce26712edfeaf6e9062dcea78ef0ebd1","nonce":"674e489fcfed0d05867cf634","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"f7e9ca391e8d20074249b3359244a751cf636904278ce4a3c851420e1da34e6e53ee05cc8c76e3eff78adfabf2","nonce":"674e489fcfed0d05867cf63b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"41c78f13f5bac06e18cfbd339ffd136bae59538ec9bafdb00c2e1dce8f6ee5171f19a665b1cce841b43b02f4ee","nonce":"674e489fcfed0d05867cf63a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"f867736cfab5f1119b94c0eb083687bd35e4b905e6809eb47c511e053d1347d041e23a4d2d80e18517801d037d","nonce":"674e489fcfed0d05867cf639","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"aa4225d544b199ddc976770d754fc62e142b7fd29f08fff8ce18a30add707d0275bfed7681b113c1b2a0c220c4","nonce":"674e489fcfed0d05867cf638","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"277775d3ecdba91d0745bfa6fb4566d10568c54b73b7d8b2e9eb5d2065306bfbefc10c83b4eee41b1a03a3b7e2","nonce":"674e489fcfed0d05867cf63f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"2ee9e5fe264b74d447e66541635a4632b7bab7de7de332f580d402ea80127d0cdc7717f08de715d80c45fd4a65","nonce":"674e489fcfed0d05867cf63e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"9bc89c7ab1a6df02656453dd2e6521ff9a2f65941d9c38083cc4565a3020e6fcef2e8b7d01af35b45c12071800","nonce":"674e489fcfed0d05867cf63d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"e9afe448954eca51d6b3fa818354d75c887c6f5e51060a8be1a2831bad23d296acf1bcabcaddea17dd02a484f9","nonce":"674e489fcfed0d05867cf63c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"9f40b86e33678572daad262030408bb48e79a947a38ebd8d4dc3bcea1985a98b1283d04146c28e80b1017a5696","nonce":"674e489fcfed0d05867cf623","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"d660e33d89661a9b77fa380b22b0fbb991a5745149fe7429e118a8fc81c3e12f0d81c46a9edc8c18402f6d25eb","nonce":"674e489fcfed0d05867cf622","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"fb1cd51b3e9b157f666904fba28a26a7dcb5e199ccbd897c44da163d56319f22a91e18b0d74f1b48c0b0ac480d","nonce":"674e489fcfed0d05867cf621","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"771452ad6d545e42b1d228f9eba942c74879482c7d9de70271e1454231ccd86a907e087aa0fd3ea7bf1f0ef3a4","nonce":"674e489fcfed0d05867cf620","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"0adc0a96a28922b2f9c93318681bb7f50d57ae49b21c4eff29d1b559dcccb8aa3a8a22b418a3429eb77738c6cf","nonce":"674e489fcfed0d05867cf627","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"da50180a35367e83682f0addf77c3717011df9e8a93b921840d1e26076cddcf92669b109c6f67b0ebf2c5b9777","nonce":"674e489fcfed0d05867cf626","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"269c99da35c9621765be1db30ddc6fafceccb139353b9826075073ba0a1d2a7a0e2f7063422a549fe134135ca8","nonce":"674e489fcfed0d05867cf625","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"14af6057dec66fb93c2eb8c2c878c0dcb53e79833e2d35ec263ca1260f4efcd76465d93aefb29d1e60c8e38a14","nonce":"674e489fcfed0d05867cf624","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"59ad559d0dc186de3caea2deb808bda74223dae0685851853a18a96ff0165aaf90ea28029c31046f996c6720cf","nonce":"674e489fcfed0d05867cf62b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"d2fe4dfae338a7f13d057ee4b0d48536081c0a9d66e0d6cbf97246d3066d62d691b6a176d706b99ab1dc8e0241","nonce":"674e489fcfed0d05867cf62a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"54f01f2ac6c142be2d589e0c4f54bd8d18513322aa9b8fa67ddd0d427f299d419525cfb6966b3fda9cde1ece5b","nonce":"674e489fcfed0d05867cf629","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"25d808fdd817b61bf3a69eda31bc90d56ed33d15aaae1d3342a2087c9ab3d49310cf9f20e3691cb6532ebeaae1","nonce":"674e489fcfed0d05867cf628","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"00a474de0dc1cc6f64b71e116d8878d6fd1ac684feac6acca3a36d56d9db6f5ed74f51bc193f67c245afc9edab","nonce":"674e489fcfed0d05867cf62f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"e6e33cea6c37d0f5aa736a9a1585d1c5bedf08adf3ccb2355f1d64552370434daf34e941ac5396e8f50f41d3b0","nonce":"674e489fcfed0d05867cf62e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"e399dfd31c7454884d6eb9a89d560d4907202097a5f3f6036c2b416312143bd55e51e9260d3db61283497bde5d","nonce":"674e489fcfed0d05867cf62d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"d1243a81f0eb6089de91b0b3aae3756c30fbb7d979d51d181fad3f3dbb09b61c6e624f666c256fe1186cdac755","nonce":"674e489fcfed0d05867cf62c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"f1e3b31118d541d85dee2ad49f0c891e43a302dbff20d0117822accbd30d708f72fca2c7a80617494a72cf1395","nonce":"674e489fcfed0d05867cf613","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"5c9c1c0d8d69f3b508abdbc39f3269a351a31f8e296f3a60dbae9df00b58161732bd6c4b0c499547aa59b863b7","nonce":"674e489fcfed0d05867cf612","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"71119c47f23f07d8eec520eb062bf8782ab1b559762b42170c075747322e2a7cfa60dd47e6418c10ba9c94f256","nonce":"674e489fcfed0d05867cf611","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"c546371ac9270679af9fce628ab70901fb25d70f23f21f5e69f887fab1bd9efc9a06544e72bfe337e0f5b8519d","nonce":"674e489fcfed0d05867cf610","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"06effc487b16fc0456fbc815935af51e56eeecc34d6847a888815c89c561d62729c5a435047828ea528fae282c","nonce":"674e489fcfed0d05867cf617","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"c3ccaaf098196b6054cc77cb12680c006b5af4ba7b4cb95c0aa9ce3173384d4039569cca3f85d3022a9d84ac0e","nonce":"674e489fcfed0d05867cf616","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"49f7d007cef3341d6b568efdf6db6f662374f9bd9a5d91b7940813d7dd1e055d3a8d458ba567c44252f7768b8d","nonce":"674e489fcfed0d05867cf615","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"00e97353fd83012fb7c98774fc34b8033f6a4cd05afc15e58750478debfbf2b402132f86d85d1311b44db19c29","nonce":"674e489fcfed0d05867cf614","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"6d5903555268896064c44aa09ef74b90830436872bc66be01edf640cf7c6d23df8cd1180a3c825fd89108a2350","nonce":"674e489fcfed0d05867cf61b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"398dbd300a447f2835e32053e8a5d9c3747aa156e8c1dffd1cd32012314cc478693d71fa5df01987d913f5d7e9","nonce":"674e489fcfed0d05867cf61a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"8e865cefd0790fa11b177ffb0092f54b0f0ca8220c39c085ac4c13e2784a0a4e788e310495d4b4a9c80d2f1a5f","nonce":"674e489fcfed0d05867cf619","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"1662225b05fc77a5fea809ca84314a8cdc8080e1517ad6644f889bdddfadf4bfa031bc543c3654ade14b5fcd61","nonce":"674e489fcfed0d05867cf618","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"1f8775f5b8f137a1494972103cde7a4062809e511d18a57a78ba801c397f46c89c1ebacba27259f9f4d9cda069","nonce":"674e489fcfed0d05867cf61f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"6b1b86d8b5a87acd0969f4524fd01967163be433884283f087814fd9fc366c01b767ab31ffaa414fd0dcfe9a8a","nonce":"674e489fcfed0d05867cf61e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"2ef0ce89ee8d49547e894cc829102b9250d12308a27cba8a0d217383aed25c3ae8cbcfa37631a2dc02afb5a287","nonce":"674e489fcfed0d05867cf61d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"dbc0edd041b4d63da58b3297cc6258dc22358811aea848ab65f48eecb4ba20e6af0033b9973f93d12deeddcee0","nonce":"674e489fcfed0d05867cf61c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"784a60a8ef3077c165ed58f85d4f94c77b62c447007b0a721fd1332606dd7c2f1465e6392ac69dc0cdaa2a5c41","nonce":"674e489fcfed0d05867cf603","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"48580ec853fbb6d3abc2e8195d8a0bd34a3ecaa0dae64ac2e510b073fdee0c8f9fa55d6cb84869d82479a0b1a0","nonce":"674e489fcfed0d05867cf602","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"adee3cad1582024a7931bf77e95e19cfbd5e2a18711566e97706d91be4bf37e90cf7a1b09a7c41bf1ad2250296","nonce":"674e489fcfed0d05867cf601","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"98e79b45edbdc245c2ce0e1c0a505d2c0fe584f1f38fb610dfcd15e9a929ac631c6adeeea98fdbca0e1cd99d42","nonce":"674e489fcfed0d05867cf600","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"2999e5fa9be3814cd53ab94f255a4cbaa3907a8dd7dc0a2625eef1b179125f819de93a7625511b098d7edec01c","nonce":"674e489fcfed0d05867cf607","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"6c6c979c171948d2f8016b291cb9ddffe6330c5d91c8f020a218f77d073a65dd0b4c797f1b6ef441d962cc13b0","nonce":"674e489fcfed0d05867cf606","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"178a16dc2586431c67ecc214e06034008c7316413d813a13baacadd2fd9ef78b8e11d840c7150cf678083ee2d9","nonce":"674e489fcfed0d05867cf605","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"e2a92ca8cef178eae86a09f610ccaf6099ddecfd89707a38d339462f598cbaee6d7872d48300520c8af0284dcb","nonce":"674e489fcfed0d05867cf604","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"0164eaab37c278a7f19c15630924ee99f29bb311e8f4348124a01cab16ed72182e331de472992fb7b65366bdd6","nonce":"674e489fcfed0d05867cf60b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"863b9389727d4400103930d122d2da808675eaba3f0b02acbffcf2ea394c89d4e04c65ef59403c0e3d84a40fa1","nonce":"674e489fcfed0d05867cf60a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"64342e60ab5f407cf69f22e00b1c0f9e9f4e01d6525829facc373752e1f92bc82d7d37b2041a9a0b931dc21cf7","nonce":"674e489fcfed0d05867cf609","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"7869af9aaa98e67749d11a2c446609a21a5a83cf6bf89ecb8a25322a0020a547807eab801c1d1f64cb9d6c89e6","nonce":"674e489fcfed0d05867cf608","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"6cee5678570c409e1b97ca70794ceff9d94d8e6f90c335e09898b369ed45ee091bc3fb8f11fc170975652f9292","nonce":"674e489fcfed0d05867cf60f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"87a32a68cecf7a626423b0a4ea68a443ce4e3163df74760bc09398ebf8209f5a2d4de49d532287f3ebe23272a7","nonce":"674e489fcfed0d05867cf60e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"957900139cbb7b2b5fe113faf3d02d60e0245357cc01c2611276002460fa3d51d25ac4266ac73badef136eb3df","nonce":"674e489fcfed0d05867cf60d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"4e58b830695434381817c099c8b160e078a9ac840c7fae48d0997713c701952dad8a15661d86bb0c108a06e2b1","nonce":"674e489fcfed0d05867cf60c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"41f96de77464325445b31efc07a4b7db31ebd931c4ba8cb85e110db34e5ac57f5edbf08303b80ff9b90b2f3fa1","nonce":"674e489fcfed0d05867cf673","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"5c31a87225e5a5980c0e8b9a2f2abf3f8509cdd727a70102b525b0a3fc701d6c27a9c53acf17ecaaf74393b60b","nonce":"674e489fcfed0d05867cf672","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"964b81cb02b368e7a5f6ce5abeec37bd9e5641133a6ab8343bf25405ebd7adccb27e56a76fe76101892732bc2c","nonce":"674e489fcfed0d05867cf671","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"b2d3471bf3033e9122eea73a82f40d083d5e35ff98802fd5669b4165f3300e0e0a1fda2c79a56a682a2df7c614","nonce":"674e489fcfed0d05867cf670","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"03c0408c96b89ec441ab9cc3d0c7e128990946bccdbc1d3b295db6ebdef2c349b9076ce378837ac684ac17c176","nonce":"674e489fcfed0d05867cf677","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"b323622e1b50542baf28f69a0758e2566255d2fb25d86a564dac97c861876d1300df43e66ebbb997a54344e730","nonce":"674e489fcfed0d05867cf676","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"4e0fc88b86db3298da8d4bd38e7565bf09d420dd2afb7021101baae3e23cee271bb47b53a1384e583bc1b065a6","nonce":"674e489fcfed0d05867cf675","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"4a46dbe440d751c81a9ac0c79b5675419c42362df0d2d43689e3ca06eb3aefbcb196809ed85ce41e520ff84da4","nonce":"674e489fcfed0d05867cf674","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"ee0a123df2610072fae56839999006d6b238418ebe94d1a340957efe39a5bbd73732e72b8a797dd558200ae9e3","nonce":"674e489fcfed0d05867cf67b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"77597d6dcae28464e11fe3e76a2a75b8ff2c905de63a1fc8b32a44d4c18a1db79bfe7d5709422d57f851c5bc62","nonce":"674e489fcfed0d05867cf67a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"ef81717dac976aae0d2a5ba9b8c159389a16f0b3fa60ae47f79f59c56ab24d9d38975143caf90022b69882b2df","nonce":"674e489fcfed0d05867cf679","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"61147ffae70378d8dbe5f1839e2e7ad65ff611ba48a230d3c8b255a2f7488def99bbd6e4903f262ff474a7eb90","nonce":"674e489fcfed0d05867cf678","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"b8c1999422a031887078b55e3e2865118c79ed609eaa0efdcb7cfd5d4f373b29b3992176bf547668090bc81cb9","nonce":"674e489fcfed0d05867cf67f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"d1d343cf612279f45b20b8f9770340326229be7942c0874e6c1745f7c242ddaa95102198b71547b8c78c6a5569","nonce":"674e489fcfed0d05867cf67e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"f75c093ffb03e2e1d3d7f66d6b2801bba3b0e3770037afcdbf034bfbf217fea34c837756e9726330e03f7d60f1","nonce":"674e489fcfed0d05867cf67d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"0016644ad89f461e921b4aa5b79b07309dc5687d1bcd0bb7cb35819eb5bac20c53ccf8c4aa915cc007cced3136","nonce":"674e489fcfed0d05867cf67c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"915cccb995e025806e2b9554d296309e5979d1889d220dc1c69d914bb723895dd4adaf1b484a2e811252ce279f","nonce":"674e489fcfed0d05867cf663","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"c04cd7babd70baa2ac84cb345e3e671c4c69ac3d146c4946514311c64fc9c2860201011ac4ac9587c7d9e255b8","nonce":"674e489fcfed0d05867cf662","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"86571239c646b9793cbe9d82ff1e30861f59f19cb9c7bad6e76f74341b9028ef5920833ff190ba7cf83f41477a","nonce":"674e489fcfed0d05867cf661","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"dbfcd7d4ceb3cb00b1b3a539e5fed9e4fec3a1efc28d0e305019dcb6ec8df515c4587a6c46fb85144d9504db53","nonce":"674e489fcfed0d05867cf660","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"7422bab0545dcaac356e34a9ac5f6941dd0a358ca8031758453caf9526dadc7346a24fe1504160fdeaa75827ba","nonce":"674e489fcfed0d05867cf667","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"27b4fabb495fe4b327f7f9acbb4e2447c4d318732d3c8930e19eb3f75c2b0c7e610bac0820bfe45b2268a897c1","nonce":"674e489fcfed0d05867cf666","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"bd5ebd5ec32af78bfeac6532ee4bad5c5dfc80bbb606ea103cbb327df28889e02cdd2dd77339699997931c4240","nonce":"674e489fcfed0d05867cf665","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"ced97468636533a51c4de1f9953844e8238da6c9c2f7f5148fdf6c9fca9b90a17168c82c2fe26e1d4a215e4d02","nonce":"674e489fcfed0d05867cf664","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"57eded66a207a9c8358f70c5fabf9057f81b5a0abd8d2eac74ad0905af193947e67a9d1b05bb0ebb3a33e73fd3","nonce":"674e489fcfed0d05867cf66b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"6b2d28f88f1de3895ff279bb9a51fd0818985a7b1fb5c81b1bdad3f51ef9fcb334fb6400a554ddb674f4877112","nonce":"674e489fcfed0d05867cf66a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"07e81f87bb448299485689e68c92deddce466e17d34df8fda6efe8d3938e0dfb70c860530a136e06fb20205677","nonce":"674e489fcfed0d05867cf669","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"b56a0f2195844cf208bcb9574815b1a379a0d56753dac3ba8a68e3a8692e22b8bab5b2a894322b97e2fb0e02cb","nonce":"674e489fcfed0d05867cf668","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"d15a7b3b9905f54f06d01731684d01b6dfa5aecf5c45c7c3a5434d417b649e0598edbd752e2d19c0c9453f5a56","nonce":"674e489fcfed0d05867cf66f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"a8dd0e82635de4961f8531e5e632a515166c61864b9691ab7e61b649734be6418c6031675c32f5977b805a0d81","nonce":"674e489fcfed0d05867cf66e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"98b682fff5c4859d7352cc0e909971a6d06f6faabb4b6a12cb36f2b18c79b2120ed876315f295454c563ea17f6","nonce":"674e489fcfed0d05867cf66d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"237ead7533e34b93fee17191c600f41771dc2e64ec30925d690845179bc48d6fdaea186bd1096a06c6adb0666f","nonce":"674e489fcfed0d05867cf66c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"c213ecd9097d4525f121d8a80dc106e9a31e8d57a40cadf5ff208a5a6027ad39c6ce3f79575f1d39c2bfb312e3","nonce":"674e489fcfed0d05867cf653","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"4157264e0cb3fab9514029bc303b967627edd50496966a64d486bc85e21ba5f0b42f6b63c99ba8731932de7c0a","nonce":"674e489fcfed0d05867cf652","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"83b196cac9d5ee898ba057c62229a1f7ba0ac825f337e43166651f453f58c933b71aaf5d4fa2d6d3d295a1577e","nonce":"674e489fcfed0d05867cf651","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"39a3658616c279373270d0fae7d42b695f387eb87e7f8b78961db21c089e8f9f9149942713b3103e21aa494dc1","nonce":"674e489fcfed0d05867cf650","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"47ef1e16f4bf4e29c2561b19a239e8d0acf5cf8023979f4730e1c4112cb5448cad7aba2ead8746de2e250e4f50","nonce":"674e489fcfed0d05867cf657","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"ac6d1940fdb17675d57f81e23a68241536d19d7fa31d6cedb0abc156cb7726d72d378cf5f099a8c5fe0fde6732","nonce":"674e489fcfed0d05867cf656","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"546c98458d36bb0b745a3562db1a04c422d4b35b41e70c947d24897373c4d64fe87f49747615268103a41d0495","nonce":"674e489fcfed0d05867cf655","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"8b5625ba2f76ebdbf476c695087b5171dc6cd596ab74172aee4ae2995187c365cd65ccb9055a65777adbecd00e","nonce":"674e489fcfed0d05867cf654","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"0cb6d76783378ae9bcd89a271b5a5563d3fa44134611b80d3cf38282b529a46180d83fd698504d6bd25bfdfa38","nonce":"674e489fcfed0d05867cf65b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"064d15e0d5e93b6501b6f896ecb6b9514af727237d6ea7e3580324ed79e25334218e0d3e53fc480b5db392d9fc","nonce":"674e489fcfed0d05867cf65a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"77d59d65a0e44bacba41e1c1b8bff7011e628ab95cec9c16af6851420a1ce5925aa78c65fbe0dea3a070db10d3","nonce":"674e489fcfed0d05867cf659","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"b0bb88accc1d86c29ded6bf88d3db56d9d9db23857738a3ea15ef7f9556dbd54c348434c73d7762122f5e0e71e","nonce":"674e489fcfed0d05867cf658","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"49fa7ea063849cf39f675b96251f47f856ed29b508434862fa6ea9fe4edec4947510a238ce8712710ab8ff05c1","nonce":"674e489fcfed0d05867cf65f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"d9addb96200881646c99aa4c8094a91260bca75b2f26ae70805ce4243392499c83b6646d9eaf88202674303d51","nonce":"674e489fcfed0d05867cf65e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"7535d0e7974a15747befe34e2a089afa992dccedc78d2a813e4f7606f1c0fca471b3aebb077ac062a5a91d4b38","nonce":"674e489fcfed0d05867cf65d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"9efc5317fcc1dd33d9b17efb500f2676e552678f63a876a663074e42e11e4d1be665301bcff6006d1e61ca3935","nonce":"674e489fcfed0d05867cf65c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"e1fbf020445b691f0d858ebe0467630f1ae5f43a142e6bcc830cde9d76299869dc9943e43f2eb349f70e1ceeb2","nonce":"674e489fcfed0d05867cf643","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"cdd5d5d9fef072397818597e16cffdea4c18f6b266ed95b7b6e8f985a9a070c5a798f3f186433648681324b8b4","nonce":"674e489fcfed0d05867cf642","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"2e18b334be478dfce76833e259d70b05656895b73e4b2396f092e8722fabaa78c7b303c83130aba9b1714c4d07","nonce":"674e489fcfed0d05867cf641","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"281dc8a263641f3aff97f35cbac577addf21f556783572bbc2c5b32529fc6f8b8d71ec52ddd4d947811028a778","nonce":"674e489fcfed0d05867cf640","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"37fa7e47026753791e79fcffda7d234beeab90cc983bfad3a5329f2520fd6083cdde838e77a11ecd729a2c994c","nonce":"674e489fcfed0d05867cf647","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"e6fce9e745a37b883e4342020e632ea390c0796dcd2f249499d72b95faa5e0b091958a2f39c37f917a453b7797","nonce":"674e489fcfed0d05867cf646","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"12ed69656a5d7fc44c472cdc4dd40f812d97b3610b1455581aa5b1c2fed9ac1733c50e1923fa3f367d753de69d","nonce":"674e489fcfed0d05867cf645","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"e2f1d4d4fc0b56ca722b704d09425b965293848de025c8c06266f3be3dfe3644a912b4351baa57449f6bcd1e6b","nonce":"674e489fcfed0d05867cf644","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"de76442f0f44475eab649aee4b418e4c83ee98e581354bdc6a458c81bf210f7558f25cf43b2c953fbb8413ee59","nonce":"674e489fcfed0d05867cf64b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"6c6dc8ca1c5b997fae7cc30c73a1484a49d7a5bf4e74b361734bb40550f188914130fccfa685d4b54a79031987","nonce":"674e489fcfed0d05867cf64a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"b62a19a4de21f304c2798449ca4fc129924b2a72dff58c44d6b335395fc834c08b801f09398d794a208c9f1721","nonce":"674e489fcfed0d05867cf649","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"8d2077fdd57b97e16b4bfabab9870e46cf0913ada2296ab2b42b06418b625f4fc19a030fe66df4130a00b19800","nonce":"674e489fcfed0d05867cf648","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"b272d6505269d4ca76eab0842d953bb231cac836a48394da263720dc0d1af1b2b8dbd28b46a219fbe09d5c00d0","nonce":"674e489fcfed0d05867cf64f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"8d8ad5872cf7853f27944813a0cd0b1d9b1f561a1dbcc9e019f3ec4579ab88f1711cec54a953bf7f257ce7761d","nonce":"674e489fcfed0d05867cf64e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"c48e57d93a64eb6814fac0fbeac2df99a5af751bd51aa7ed2e232600db9ef00dcaf34083fc46a8542c57b40ae8","nonce":"674e489fcfed0d05867cf64d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"454ccf20d93769b4a9156f40ed8897ed8b76ef08d97271595b5651176c40cd7b339bc6f15b7c173772fe6c97a7","nonce":"674e489fcfed0d05867cf64c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"44aed4be9ce3a6422ed0d7c75ab9cedf06e6c6c7b53acde7cf9b25cbc778e9c4f74cf2f00317052a178501c5a2","nonce":"674e489fcfed0d05867cf6b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"4df1f918ccbb44ceb09ac15d1fac6aab93dad07ad2a95805487c90a6a2caedf1166a79d19f43fdb7220262a69c","nonce":"674e489fcfed0d05867cf6b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"ca7b514c474d0c96e8af2c9f57d3817bce696d864524dba2db435bd66b7a3a2a2755983805bdaeeb7f7c3f6f49","nonce":"674e489fcfed0d05867cf6b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"d7f19c6bdee204bca189824cdc7548350b12685eddfd8468d96e05a578aa33e79404d6801aae275642f1047521","nonce":"674e489fcfed0d05867cf6b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"71da13dd46602b8a5c9d3cdf66fc41e799fe65455fa6a5e11d7b1b545fcd99cde121cc15326dc2e0341885c407","nonce":"674e489fcfed0d05867cf6b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"256877fb59ba093b02b95bff2afadf0f556b570e68e4cf730427423b8fdb16edb3fd4c828b778ee43987ebd7f9","nonce":"674e489fcfed0d05867cf6b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"04e69a128b5a817814197dddddc852e5cce5ff47d36403b36812ff1a4f29dbbd63cf001ea641414ccfe8675f77","nonce":"674e489fcfed0d05867cf6b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"ffca989be71a4f1f44a3b9f910fe4f169fe38372505b10e2720f5c5a1dac4f8744073068c47cea881bf531f1ed","nonce":"674e489fcfed0d05867cf6b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"8450342be9220e4ec488818658aa323609955d23381ce22fe06c8ed94c52d3e8f66f1ead8f7505effdff8b7a74","nonce":"674e489fcfed0d05867cf6bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"641dfc0bb52dca164b7051358ce7909d09c2a4d93b99b1f1f692febb9c7396992108a218a97dbc4939db864f49","nonce":"674e489fcfed0d05867cf6ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"917f4b444e6958b10b2490bc2855dc0edf3edd498ef4b1ec1328d1ddf5f3c62fb4e53266bd4a3c7d039127763d","nonce":"674e489fcfed0d05867cf6b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"238c9c5a996fe91604189b750aea309331e5782c30a937d258bc7f73aceb8c68aa347be2c1d82a03efdb50a49c","nonce":"674e489fcfed0d05867cf6b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"a15be0ff7b19f33c8cf57cfefaf5f1606533d06764bdaabf1357518f9829fad1fbf64ba64b6ab11faceea23ef8","nonce":"674e489fcfed0d05867cf6bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"fb025c228faeeec736f6a6e9b1dd383949aa862ca9940dca8e0098d6356ceebeb431737cee52335d467ac3a830","nonce":"674e489fcfed0d05867cf6be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"62c90f750ce6c99a9831a077a8a8d82396f496720365285eebfb24d2d796f66cd9840101c79c8d1f14f2e6caf2","nonce":"674e489fcfed0d05867cf6bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"2abfd5d105b25adabde6ac348cbc03d9d9051324ff4847f71080fb83c3054a1e5d76a36d0ee83b21013f725a4d","nonce":"674e489fcfed0d05867cf6bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"307811e19ee53c4567cef0f3205d133a6e153df6b65991e22c6a4001a6d24b0cad50eb6b4de870b3299fd1a35d","nonce":"674e489fcfed0d05867cf6a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"0035174f008978e7f34ab9dfd801e900a691fd69e16555277c6445bd6ce8daba9ca37666096cfdbe7d9fba2b9f","nonce":"674e489fcfed0d05867cf6a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"50fc8314634609e6f0dc13c22ef2e013e1a77466a5886494123efb6ea7550db4897db5ca5b959979bd386bd195","nonce":"674e489fcfed0d05867cf6a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"2204755ceeb587d6532772e0f72ddbf70017cc997c29b024fa28dfb7c22216aeed731996285d4fa50bb1b21db8","nonce":"674e489fcfed0d05867cf6a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"a43bec53d2bedfe306288a8f8605dea0d0c1a0b566a1085b35bd7958c6a5384402821ad968a578d9a9dd27e0aa","nonce":"674e489fcfed0d05867cf6a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"9ac2416cac2b0641e4bdf5f5850d629dc8d30b76f4da24e1145b0225a542fc90400182dc5a33fbc85530390d11","nonce":"674e489fcfed0d05867cf6a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"7821b35e44095e09853e9a02a7552c5e6f5c207eecbe00195fcd2822a87f121c1c8b6bdc05c9a95840c6e0e4c3","nonce":"674e489fcfed0d05867cf6a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"e78d638386229115b0f94c24a352a213fc93c848a0d1be57bbbbb573257ed480a25111777a7447e2d0eb34ae68","nonce":"674e489fcfed0d05867cf6a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"b534bbaac770507ad7c613eda0720cf7e70cce37436b3d04442a7b1e9bdffe1913dfcbab1fe3e47f3c83d6f578","nonce":"674e489fcfed0d05867cf6ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"e963e3d3da33a68518d4152ca7094e60277aff7c9275b79f4460ac8972c84cf0ea592a92a627caf2f1ddada926","nonce":"674e489fcfed0d05867cf6aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"3a656bd65c6e0b40c40cbc2a3efb3b17ce466483980c634df496fcadeb40f23d74a9675b4b81060eb028f459d4","nonce":"674e489fcfed0d05867cf6a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"30699d96b90bee9357fe5dd5cfb8989ea89b22ea7339231d44a26647403f1733c88bed0c3219df886e85adc3f4","nonce":"674e489fcfed0d05867cf6a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"32ee17fc8be2b28a20a40f615cd842be2c78f6d3f0f1f8f553a83cace7292fc8e148d044f192fec90f4d5499bc","nonce":"674e489fcfed0d05867cf6af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"68db0bf03178e9d9920e701c7ba0c22ae007d366c3e94a911579ca86ac239a9a7a991bc66b1db5ad6a1fc2e824","nonce":"674e489fcfed0d05867cf6ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"318952e2ce06b488be91a7147576aaea17809a33ebb0aa18771e03cd9b51deab9a23bd2e71c291d416123b6433","nonce":"674e489fcfed0d05867cf6ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"223b2a3ced88e1053d11c7e082ad36d25c8e2f812e227d5d60328f9ee306343bb7b4617230b696a18b38ab8e20","nonce":"674e489fcfed0d05867cf6ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"d30fad7d6c3028de250cda65063b2f34ae1089dfd7a6867275f7c9ed088acc72818413e14ce21e337f00b230bb","nonce":"674e489fcfed0d05867cf693","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"a15f7339b25b9d799248b3785b105889a7e3ccaae935b1df45afe26b643dd33b409d96e5416a1d6a3858c3bc01","nonce":"674e489fcfed0d05867cf692","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"7e174e2078ff07783a142a7499b521ed8f11b36b9cac1c134ece9f4d661d43c6275d118377527d8dfe6e628c60","nonce":"674e489fcfed0d05867cf691","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"53a1c9c517d0ba8f5a1b9ff424ca4514c729de4dd6da741f293a26e9d3135c6507d10fdefdeb2496c5a83a9ec6","nonce":"674e489fcfed0d05867cf690","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"480c5f0769c2b87006f211eaec8e695e16cd7c7d30a8e9c71a3851b46b2789531bf1d53dcaadbf584ee810b0b8","nonce":"674e489fcfed0d05867cf697","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"5436260b278b325a499be8aba6418c96b6e2198813c808a676e30b9bd0cf017bd83a8e4f8dfbfc1c6fc60b0694","nonce":"674e489fcfed0d05867cf696","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"bca1c41acbf157da061c011456bd8dfd4086ee9aa3f71cf2f5195b2f40438f842dc165d37143e1c1d9af4afd7d","nonce":"674e489fcfed0d05867cf695","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"5b5abf6f45bcbcf8742cd8c9ecc5ed66a64277d106646570e9298fc53fff34ba6b49f99b05e1b1b6e488d307ba","nonce":"674e489fcfed0d05867cf694","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"fbcbe80b9e00c6f31d851790bf82d7c18317ef8831270a5b5f6835b7ae9b0754bc3a0fa0582c6ae08474a16d0e","nonce":"674e489fcfed0d05867cf69b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"640dd83661fe6e415e879ad09d9cfe399efa22e162904fa40d9ef6c4198c81d6bf0c5462f10d4351199907fb79","nonce":"674e489fcfed0d05867cf69a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"c0fd73f039a0f7f56417cee038ff9487a246ed3d301d52b14b8fa0fc772cef0eb91d0918119d09ca5086cd9a2a","nonce":"674e489fcfed0d05867cf699","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"93f6843042e83a67c3cc644d4043b2ae0e78da387d12a693280a3e342d5b01cd3236c7d5f28ce385df3725c9c0","nonce":"674e489fcfed0d05867cf698","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"59904831e4d6c82f657d218fa63c1b0460ffe2b195438ce1f35d9ad81414c65962c0b3cfeb31e411cf7cb2f329","nonce":"674e489fcfed0d05867cf69f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"2581df1c5de665adab551220c42d7860b14fe8db489a5489c856e0f47288cf390b3a4ef5d914620e6bafe5345e","nonce":"674e489fcfed0d05867cf69e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"dee8da45563dcfdb189ff125b5fa19c56f3d029fee2152a6481a0dd61dead99a319ff994b007e5f275a2a3af8c","nonce":"674e489fcfed0d05867cf69d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"3e548a6c5c41d8bcf40ec62f2bd9628ad0db6ce6c0078f964b5a5f2c04b65b3c6d4a4312937fbae88d18ba46c1","nonce":"674e489fcfed0d05867cf69c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"18a85b28c40234dfd8e664a25549a4e240a7f74539e0c36fd8c0aaec2c078301128325546fe02006fe9666be95","nonce":"674e489fcfed0d05867cf683","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"67919abfc6e2dacea3716da27c93a3e0e709d4744be03080fca13a6383fee3244697afe9f1a5a18d474943907d","nonce":"674e489fcfed0d05867cf682","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"c2c89a47b1c65d502783ec69a8c01ade4df0949fc4221285fb28ef00e9372c637dd57ade7187815a33232a8916","nonce":"674e489fcfed0d05867cf681","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"d8caed4cbd34646745db4656f4ba97030c0a60f5a3ee950174bf5a8bb9d375cd85fac0732a38b0d0079b2e7b5c","nonce":"674e489fcfed0d05867cf680","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"eb6690be668c5878d376f3df94af8828fbd1b037345941f6d79ab4ace518825c691d86e9fbed8381ff28a7cf02","nonce":"674e489fcfed0d05867cf687","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"f95fc1ac05445f7abee95612a82c12ef32627ca8dd9a31f37f662d2dfacc83dd15338dc82f39d9d2d2aaedce45","nonce":"674e489fcfed0d05867cf686","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"f080e912cd090ebd46a3c8afc3bb6905cdcca154ae9b4291a2e0c9a72693761e846609114db8b1a7e037aaa004","nonce":"674e489fcfed0d05867cf685","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"df1fc03bc90515cc0094baa0db55584f74200dd910155f6ee36683f5d26cd8d24e3375ffbcbf0fddc81d60dde1","nonce":"674e489fcfed0d05867cf684","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"360134a7be7ea27f7ed8869a11b33f822bac1e087ebdcb2603d4cef6744c1a28eb0087c5971d9cdd8666d1f834","nonce":"674e489fcfed0d05867cf68b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"f77a351d07da1f82415e6834b048601b86cac78f9179e723c00119764c31245cf75727dcde7350568b494aff4c","nonce":"674e489fcfed0d05867cf68a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"1d73da911736d2f6b24920bd0ea57d9d1dbbf02f85541ca40b90544e0eae04ef42abeb52d5cf103a9e2b9c8182","nonce":"674e489fcfed0d05867cf689","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"5725f1f673fe16793830dc9099438ad826aa5ab644b6ee0861abdede02077b4da3940a07e1e50520666490bd7c","nonce":"674e489fcfed0d05867cf688","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"9e367299f38cb2ada251fcdf49dce13133aca4501ab4cd8c7eb238c8c739a8304a23ba70be8cd0f535d410bead","nonce":"674e489fcfed0d05867cf68f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"0606c973ae1ed7717e89fa2d40adeb3b6d82a8cf670bec27940feca4db9b0832cac607eb4d494d7b14ae7a2686","nonce":"674e489fcfed0d05867cf68e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"fa94e4ac08fe6002b01e5c3d0290aa292b576d887f6ebf8868e83b6bfedcd88408ddb627a0f44aead3c7aaeb6e","nonce":"674e489fcfed0d05867cf68d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"168c525178341fa7a2c847dbe2be06cb9e2de49942971fb7b52923fc2a84bcb96722e94e9e8c8c70e19f8aa477","nonce":"674e489fcfed0d05867cf68c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"2d241a0fd23c92c585cd8e375252a5b1d0e819cdb3bc3752e1cb76537ece23e07494170889711e1737b819bb0d","nonce":"674e489fcfed0d05867cf6f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"4f342d16c952733255ef3b9c9101935fa12eb4dfae5c64709e6648dbd3b742d1c8c1017fcb5518795d5e59aa3a","nonce":"674e489fcfed0d05867cf6f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"4b6ca4d5f2c0778b20185de624605f96fdc22bb32dc33609ebb4eb124ce27db189c76cc6ac61d27d19811588a8","nonce":"674e489fcfed0d05867cf6f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"ffa7b16d191866c9952cd4baaedbb896c155190ded1effbc66348010124148074b344f92f18114e35646387adf","nonce":"674e489fcfed0d05867cf6f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"1f7cec6a3e4ce731b70d67d367015e15df229314fae1390575b7b28eaf1cf8ba7b50b153c3e442547351633fe7","nonce":"674e489fcfed0d05867cf6f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"bd7bc2adb6036ff4e4a1a4f04832635bea931ef6710f2dc9d36a53547c8a10b0309fa4859b6df0b3f0fdfaa219","nonce":"674e489fcfed0d05867cf6f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"5bd58472cd1746529a37943668fc682bcdbc80ce87baac7efe25114793233b21a63afd84aa486ed9774b80d363","nonce":"674e489fcfed0d05867cf6f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"cde02ba8662133f83db44c416a83ecb690bded50f516db584b45566a57116c56c7922b9c7437afe3792cce1218","nonce":"674e489fcfed0d05867cf6f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"eae0485b9609cb60d3f3a559cf0869230f4ead26cf61cf93edc8898ae254a5ba0fcd62b447d291afebb3097bf0","nonce":"674e489fcfed0d05867cf6fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"895649ceda6392a2ab0b1429e6e2d6353655ca13a20972d125413015a4a6d57c648490c3fe30c7b9c5b3960c58","nonce":"674e489fcfed0d05867cf6fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"69ac33e9744a3285d74a9cc88b6db9f63322afbd8ece3a8c4fe360256ea2b00a5a7144bf880c687f730918b414","nonce":"674e489fcfed0d05867cf6f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"75d54c3e0ced90491ea40183362528e4ceb529add75f08cf71e6f5bb6fdc10a43a4f88f09e6efe3fc84da7b971","nonce":"674e489fcfed0d05867cf6f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"11887604782334e8563211147dfc27c97efeb2eb64b256f2d4c3660b37a2d4eaa379c7360e5cdb5a4d5f83559b","nonce":"674e489fcfed0d05867cf6ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"478b00a01d3bb9754fc99eca84c83276820248c051fe8b720390b2a42893d5cd1d42698d21429facb4823431ad","nonce":"674e489fcfed0d05867cf6fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"a1f0fd54c2e4d572ed606302503979d7e94bfda0645978f1fccd4e2c777713d23072127673ce1e75951c5e9f7d","nonce":"674e489fcfed0d05867cf6fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"1ce846f1d6dc59594738ed86db2aed95e377f074e67b138087ad58ed48859028db372c778ee9c234f25f19a45b","nonce":"674e489fcfed0d05867cf6fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"e351be5234b719bae0b55c52ee87b06eade2d24f6cbaab1f76264b812d6fe23c3be836fc8957eb5207e2fce7bf","nonce":"674e489fcfed0d05867cf6e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"1d640009b9c9ddb3da8d5b1b4130c8f63931483e17d2901fb067320c0ecb785ff0bef0652be63cc38ebe966833","nonce":"674e489fcfed0d05867cf6e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"623c941789de41d63625c847231b7ef6f10b8d308bdceaad7d1002a2cf070b124d93ec1df28db8a3a45276ee2d","nonce":"674e489fcfed0d05867cf6e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"a0c7a45bef09f4f2ec2db713e98e5c6be75a4a55547cf7919d6df9134b643b1d0bf64cd186a6546f6e5db05cd0","nonce":"674e489fcfed0d05867cf6e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"71cbc1c240abfa87fdfc839bdc1ef1a44a2433b12beb542602f60b9f05e0826bdead4801c07801f53ae906cc3c","nonce":"674e489fcfed0d05867cf6e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"3fe5d877f09d929e5ef752265f47ec2da990dc9af3fa6eb723a1e5dbb2605dfef5ebcb9b564b5166558954eff7","nonce":"674e489fcfed0d05867cf6e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"e85f5fbf411e4a5afd74e1c71cce29e66adbecd50d0594651fbf7a4a1c0b2413ecbf04bf6ec1ba0c42b937747a","nonce":"674e489fcfed0d05867cf6e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"600c007bd175c540c581864ef2dadfdfce0088c90e6c2d474a81893bb2671e5e41d95259f2df009f0581adc83a","nonce":"674e489fcfed0d05867cf6e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"6f3ad00cac6149c1227a3e057f9d23ef794ac5b4b23be31e25a2d79d66e734226a08d34cb8076b7ca7cf9ffa5c","nonce":"674e489fcfed0d05867cf6eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"cb9c10ffd2f4a62f3b425df34b40c7106b7e8d37691680591681de4c1c02f339c35d4fda788fdbf4c2f0757a32","nonce":"674e489fcfed0d05867cf6ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"36e2263fe7e6fe4e70d638665d3cb77b4c8319534c286a84b6d44c9518712790c420fa4b8e633f82eb4d853494","nonce":"674e489fcfed0d05867cf6e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"7b39ec9bc184b8d4d7d399b6a2d6f07aa5dfd6cf62d5f6527228a4153aa96da34c665b6e7048dff0b853586296","nonce":"674e489fcfed0d05867cf6e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"e9022fdccc9ff4ec30bdac62999956e4a2cf75f837f541d9b79d256a49b3b9f17d892fdab2fc2ddf3869e18768","nonce":"674e489fcfed0d05867cf6ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"1ec95724ceb6b92bb11d92e292adec930da5123f8a9affc3498e2038a0670dce5f33e80f61cc700ce2e620147c","nonce":"674e489fcfed0d05867cf6ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"5d2568a95e6f72fae520d187c98b955104797ad344c489077824bb6a0f13295dadb65fd41a502d6501954df5f5","nonce":"674e489fcfed0d05867cf6ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"7639857ce746f2b381c939cd6488e12d1944d65300e581af92769bcf4aec3e9341c3060e312ff252dff8caf80a","nonce":"674e489fcfed0d05867cf6ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"0a5c1eaa80b67714136b0ea8d757bbc0b84cc089f8f3d053657219cafcf92bfc4025f159c03e72924fdb82701e","nonce":"674e489fcfed0d05867cf6d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"a1321682157c696971dcf4c1ac8e6c5f2e6a147b746ae851f19ddefd491c95ace8e6a77dc3841cdebc53111b91","nonce":"674e489fcfed0d05867cf6d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"aaa209da274951afef0db07265f028ccae36a2d91db378ea2d94f6742db72f4968ae1e21b4c4fb68ad49258b7a","nonce":"674e489fcfed0d05867cf6d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"0c4ba7b065079f73d04c79aab813d2b2055d389873c54b1dbb11641e389f0edf5e800d3bdf0ccec5d666347e84","nonce":"674e489fcfed0d05867cf6d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"53b6441fc74ee3ef54ec855fddd81c4fc1815c95038811efbc6edb9e7c5b795400069e0b4912230286617ae8ef","nonce":"674e489fcfed0d05867cf6d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"2901d144912e2f7e00db4e5dd611f44c571c142958c9677acad0ec103bdf5333c653554241a84bbed7bcec64ac","nonce":"674e489fcfed0d05867cf6d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"68251dec79041c042904cec808c276d1f7f7f2b7ef8399c7b9deeba1f5709dfa2b33b60376262ef51a3c3f1101","nonce":"674e489fcfed0d05867cf6d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"3bed35e2140b021618cac633ef047eac123595628a75dac9bf74eaed20e524d294a88473a9c9161e0a920df9ea","nonce":"674e489fcfed0d05867cf6d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"554d6cab58f07e9be9d96d2378d41b224b8816a44e2ecef3872724ad7b2df53cd1f307b51c605805243540458c","nonce":"674e489fcfed0d05867cf6db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"dd57b0bf8e34c3d13249a25b8892df3ac8d310f37f84ad4e6ae5e162e8b679fa5af00d42aad4f0e64a4fa76d82","nonce":"674e489fcfed0d05867cf6da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"0f99ada5726232b12bd8e9ac25d9efb614db3be85e4de4fe841268528fb75a4af7a797718aa3250eb6262f497e","nonce":"674e489fcfed0d05867cf6d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"c571bb899603fcf039fb340332a7e8041e0631cf970c6ed5780ae464f5684b3c8793be5c79f71a588aa6f7588e","nonce":"674e489fcfed0d05867cf6d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"f60f83c4da76eb47714ec7d4e14a9959bd4f0ae53a33dc29c31b96c246032dfb56afe5ae848101a4e5d21b8b4b","nonce":"674e489fcfed0d05867cf6df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"42e26e402624e7a77bdd8fe8c7044e94f31d5d586c59f6183c9761a3b5b0c50a59da001895eccaab914654a7a5","nonce":"674e489fcfed0d05867cf6de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"5847073e265334b7aad5a52ecc08a95088e9f12d1033df908322eea8fcf971c0774856732d49ee0a01ff2736a9","nonce":"674e489fcfed0d05867cf6dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"dbc26b54ef752f2d7834670d5cfe420e206aee58ac8e01b56c20a435aab10df8b79cadee3b376b930f3c671a56","nonce":"674e489fcfed0d05867cf6dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"2c40c25bdd9748baf4c28272ae38456ea03e76bb2bfcfda6fc3235d403e1cb47ce362938ff22875979fbf583b0","nonce":"674e489fcfed0d05867cf6c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"d7bb6ce040e3e231c8873235127107fb72de9cf6b976799d609cf0bd21eb2a8d222aad87dbe4c96fbe23e185a6","nonce":"674e489fcfed0d05867cf6c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"4239eaa4ecf2b3e286e5d8b0a393e9b284cd907777613bc7b4bee38040ea805e7dc7a46156dc91747bdd43c428","nonce":"674e489fcfed0d05867cf6c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"4ffa335773cc4596c29fa5222a68e673f200944f2de5fc61b03a75e19cca80fafeddd79db6aa9aa7d794f12a96","nonce":"674e489fcfed0d05867cf6c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"133ffa1cabb3f9939ee5300fcc13ba0edaf71bd0a6f1e4bd106b8d59187a2ac56ace3738452a73853dc6ef3518","nonce":"674e489fcfed0d05867cf6c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"e1e767ccc23651c437378e204a4b5643f4a6d437f98ad51cb76567b5751ba7317db9f8386e9171cfc6658529c1","nonce":"674e489fcfed0d05867cf6c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"8dc2247e4545fd1641800f0d08163456cbe4775c5a04cb6f5ea8e985d3ead8e1f65f981865a762d98784b0b9ec","nonce":"674e489fcfed0d05867cf6c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"efe1f13b0d8c5f302d853cc447b1af8a25f01eabd889c53a89f6619f2e8df02cc9ff136d5d90cab92a7b13c4b8","nonce":"674e489fcfed0d05867cf6c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"c8718e6f70e4bd91ad4c3aa3aa1bb83684ef2f57cedeff81e67e85cf24c45e54aeafef6bada61de37069fc9d9d","nonce":"674e489fcfed0d05867cf6cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"e8c04d8bd6343bd09936da693d1f9b70ee3a036866573ca110701b211de7b1180125bc68073a3f588b7f656405","nonce":"674e489fcfed0d05867cf6ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"4744a9f994e5b881fd7ec35f10a90c9bd1bd302b14cd780215254302e1c84c9459713b7d35fa986d423c3ca886","nonce":"674e489fcfed0d05867cf6c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"aad08c286cdc8ef203796bfde63e66619f51bf170741dcb7402cff469dcdfa6d1dbc3a6c3350f2504147636932","nonce":"674e489fcfed0d05867cf6c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"0d55810d9d0485c2612a3e06048bd2180ef2123304161f25eafe244868f7c02b18343c131cafad667f24ef448b","nonce":"674e489fcfed0d05867cf6cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"2c00292b907d65b500a5561868c536994391632aa4ceee56baca88929f9d95805df9a7e01787bc85e95bc9cfaf","nonce":"674e489fcfed0d05867cf6ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"7a6f5f4ec1aef5e49c7c4b0def08030aff490c094b5cb36f3d87be4403b140294dd68bda09e04aa21333b55336","nonce":"674e489fcfed0d05867cf6cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"10fd33010d0227ebca68cde21e293b45b2ca47bb4ee63c5b9e2e6a66adc7bd81981d425fd2481b0e3ba706087a","nonce":"674e489fcfed0d05867cf6cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"fbffd44e00cb6d71d0beb484b5989ef167dff313c8bcc3c1e61c9db26152b5f2436b0899744bfcd71213a28a94","nonce":"674e489fcfed0d05867cf733","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"846a732d3dd7d974ec41c3b3dcc871ad2e6bcbd4da9235cb9775ec7278d4aac1"},{"exporter_context":"00","L":32,"exported_value":"74556ec046a23049f4c9d9ca36aecf195a27a780c53766ceedf81eaa15ea6dad"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"8b9f09cc299227800f159c64a8026b27538f5be27c33789d511ecc0aaa1ad1ae"}]},{"mode":1,"kem_id":32,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"8582f3727a3dd1410542537ec63d0540c4aabcc291075c6a29dfc85c2dcb01e8","ikmE":"660bdad797e2bfbc40021b04b599b7e71eeba930c99614bdcf248302ad0851f8","skRm":"d16a548d4228623e62db73f4a1b3d1fe7dacdbc3ccaa99df9311afc15f2e7833","skEm":"2c8593887c023446e36e9027d2cac5e586c544da87360bdc70b9c794dbf64f18","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"a268e077bf5458cf2c1aaf7abc539598b32b7c4d22a9c9db18952b9a7182ed2e","pkEm":"557f2ad9994ecd48e299947c7a609621bb48a3675f91f93c379c956e82fed744","enc":"557f2ad9994ecd48e299947c7a609621bb48a3675f91f93c379c956e82fed744","shared_secret":"10a111d8208f53967c18f2ab4d9caf3281c96e31eb329a0318ff7d99e2d11be9","key_schedule_context":"011b6b08c282945123288e49bf5ff79e6dcda0afb9b4391857b06a196397b19c21e12683685046440266553074efce3b8b1d9d6f5e0c0a2544c426f62db07d748c6f17ad5b0cda65d91049ff137dc5111687e0d4d44123d94cf2ad7b71ecb5fab6cdf8e044519fe1ecf7cffb6a3f3bfbaf6babfebe5d30a92e166f52849e8d35a3","secret":"fb91fc320d5384dab1260875cf8e22b5366de635fae91e5f2903b3380242b6f5c5e880963b6a663c550718ca49dd9daba0e9720c620277797617e154e147f3b0","key":"c77cd5e8efef3b074662056ced6e4be5","base_nonce":"e849f28fc830cc8b4380b6d4","exporter_secret":"6d0c8d626d3f80e2910dbfd186ae10bf3d47b1c94668c6ba2b6286d048550eff9c6d1235be920142e1bc6994430a0d0e5271694b865dc4735b09778edcdabdc1","encryptions":[{"aad":"436f756e742d30","ct":"b8a853057198e1d230b5708d9eb9861086a468ddf649e60f3c5d1ca9e50d1bef7be47151bd8c297bda37d4c279","nonce":"e849f28fc830cc8b4380b6d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"1d9d0a01dde9d56c700e6996e5218c7e58b2cbe47a4b6e7c60ae6b903ac84106956f93460499b149bffe2bdd34","nonce":"e849f28fc830cc8b4380b6d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"98b57dbab61da0640cf37a572aec3291510cc1cd3c09e9310d30a5e749081ee906cfdb6613339b995a4b63e2ad","nonce":"e849f28fc830cc8b4380b6d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"a46bd7c9ea51185fa06a44d4df4b7c838a41294978a82bf283edbe0fbf66de057f28d53d9c4b3335d0c80c41f9","nonce":"e849f28fc830cc8b4380b6d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"4109c8832b4ae1b272842e29663bf0fe8aa91ffdd010247206db4aae9951b83db4c322f6c5412c8cb1308eb51c","nonce":"e849f28fc830cc8b4380b6d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"59af0ab70dbad599497199a1f6c5e77cb071fd830a35fc4e0cf92318a95508f8455c9f24f33f64b691a68f4094","nonce":"e849f28fc830cc8b4380b6d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"b0627350c67bb942c03aa393b27bcf058349c18bd6000b8bce09bf00ec5133139d7090d60fac512555a6fc7924","nonce":"e849f28fc830cc8b4380b6d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"13985846cd6ea3132bb9ebd23971560221a1680c5986c4bdec51ee771e2eb829628790db35bd97be0b495d8616","nonce":"e849f28fc830cc8b4380b6d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"b1ad7c297404eb693eea39f71a62aa17f8061ecb1d041231d91de947dc00c946e7173bed04a311e7d2b3e8db76","nonce":"e849f28fc830cc8b4380b6dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"83a49cd677fde58cf36c942819436ef56a5bac29a70a7f9f055192d583bc9ac387efb0b6d577cb9fbf3cbc2245","nonce":"e849f28fc830cc8b4380b6dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"47492c53c6920f99646f20110a6fb80e8bca9ca04c857bc8e9ee850b9afc93cd7b5bd88e84dbb3b05b067987da","nonce":"e849f28fc830cc8b4380b6de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"e77f1ee7d2b66db757009e9d8b92830490e7464b869bff03065a3a8601bcdba31af5ef4deeab5d0b071a03b0da","nonce":"e849f28fc830cc8b4380b6df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"ca2a20d7fc6fba9980fbfb8631632a77056c5921e2dc69b14f54cbe947b89fceda80193f2845e00957c4d1bbe4","nonce":"e849f28fc830cc8b4380b6d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"f2888ebf93ca2d9e30717dd707b00f0c33bd75622281e9db19b135a9adda259271742fb9c4b6cb4b998e2b605e","nonce":"e849f28fc830cc8b4380b6d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"a7ae92caa74e55355e171557421937fc631aa81616b67492ecad5ea1ec971695377603e4451ba981e3cdc7c5b0","nonce":"e849f28fc830cc8b4380b6da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"515305c475f857dc57b7cf3338142142d70a47d9de085350aa8f58c65987229380dfec62097010ca85d0627051","nonce":"e849f28fc830cc8b4380b6db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"f72671f8f30f1135d8d6b1ce305b436833c081b2b724813241a58bec13eed80c548f08379b9dab7542024bda55","nonce":"e849f28fc830cc8b4380b6c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"4add8f31facd556578d651c89fb554b84a4fe525c45586d5f0aedcc0a5ae4f3411dd870748f8da2540f16a2847","nonce":"e849f28fc830cc8b4380b6c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"d7943e4bb6fc1a16309ff9a6d529a80e06e6c6a2ed9ad4a9c7e937b53afbaff4c319d07b913b658bc0700e10c2","nonce":"e849f28fc830cc8b4380b6c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"19aed26b73ae7e586d83da79fa92cb9b5935351147b383b354a6491abf63461dd7da1d38934b4547ca76ce80b7","nonce":"e849f28fc830cc8b4380b6c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"f7e0b7f2147008bef5ee037f54b40ac405a30fe66fc0aae531079a88e674db3a48d73032ed314b72656aeee494","nonce":"e849f28fc830cc8b4380b6c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"75457cbb0659f82e0c71dbe683273b848b2d79619be56d9c9ca6d0cef7b4e6609a1e6f55bc4fdab14af8718ad8","nonce":"e849f28fc830cc8b4380b6c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"9c86976843f1e84e91676883155d562e494be62d209e2784ef02d66e247aca3de0a3c2dada50f3dc0d7857d954","nonce":"e849f28fc830cc8b4380b6c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"ef0ea918fad99dadbca33637188a244c93b6b75a419b1f825014f5e50ac027b288777ff163bcdf8b1027727e9f","nonce":"e849f28fc830cc8b4380b6c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"835eb57feb6b1a060757550fbf74085e0480e5b6ad0a678062a922f7e5a5c83f64b5669bca50b6bb67820666af","nonce":"e849f28fc830cc8b4380b6cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"d17633b89700d1746400e9664510386ec7165b2c196f19c0bd483bd4ceeb10e6010babe1978db15082635157df","nonce":"e849f28fc830cc8b4380b6cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"d094e04ab087f9490b3fef2433883c18ac15650c0d478c57a4565b5f100ae23fdd72fc2a9c735d8c5ccf40dd6a","nonce":"e849f28fc830cc8b4380b6ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"f70a4ebb055e14465a867a55c22009f3e9b330e16b5f1054309ee6d71d2d99985897b66c3e0033bbdd8c39a736","nonce":"e849f28fc830cc8b4380b6cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"96d0a825364c61f4d02bf95cf7d13ac9a83a92071b2ca7d91c000da9c9c13115a2015eee827a7e3aa2ce803560","nonce":"e849f28fc830cc8b4380b6c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"58f21234e6811a5fa2aa33a4750508793789b7a05fab86524bf23be354f30327cb7e2955ab050e7d57a9ed9657","nonce":"e849f28fc830cc8b4380b6c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"2edcda1e5e8913632fd78e9cbc848852c673db75d13f00bee4edb945e8c4589b45b094072322a30721000322d8","nonce":"e849f28fc830cc8b4380b6ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"004dad807fab7873970e1dd3ec2f1a83c1d940a8cafd050240da046b73fc45d7dade6790a63fb70f451714b28e","nonce":"e849f28fc830cc8b4380b6cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"6e4c364406502c1b05960576bd8f04c00bbbc737749077bfeffebedbe2a02ecd39c3a64a82a0da6cf4fae3255c","nonce":"e849f28fc830cc8b4380b6f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"7754b372b1882dafc8a3cf8a14377a2f6813cf1d563b7342892465be2664cad4bab79701b38f5768cc8d166431","nonce":"e849f28fc830cc8b4380b6f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"1ca7bea12c6ec8c2066ab6beea1772121d85a97392514e72f6a88dce49f1312fbc066eae21fe8e6f9543101770","nonce":"e849f28fc830cc8b4380b6f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"da39899f3a57d60fbd9453348c597e47ef7c3224ef15487862d1db2ee0b8f8c757ec904d2ce259c5e43f21ea5b","nonce":"e849f28fc830cc8b4380b6f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"7abcc55eb4bc89b34462dc69ad92a739bec75b5fcf3b81f738aaa3506272ebaabc51a9670e2347f6ceea54917f","nonce":"e849f28fc830cc8b4380b6f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"40614bdc85ba1bf8b58ebb462a36c265aa8f3f20a4aac6d51b7f73743d858a362098ccf13803b67e531de1548a","nonce":"e849f28fc830cc8b4380b6f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"f7a2864dc3d7e6b7e22a5d409277b6b48bff0693f11849bbc400219b6981e466e6f71373c403e09b02780db04c","nonce":"e849f28fc830cc8b4380b6f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"b46b3dd41c13171d08049682bd27b63b9139c0ee47fb923f4ae7c64ec464172ec519aad13df5aa2bc66460661a","nonce":"e849f28fc830cc8b4380b6f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"a57dba150908dfadc8b83aab0a9e2ca1d15b454dd07389694bb3bf2badc236dddfaa3fc1624b77305e4841908b","nonce":"e849f28fc830cc8b4380b6fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"59126f4e0509f0a03df1149badc2165c0935f177a55ce06b9316101555828c8caeb2215691907c8b29c7e9cd1f","nonce":"e849f28fc830cc8b4380b6fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"723beeb1040f2fa040c519a73860d9f106375798e2f1326a382c3a10bdd5bcae8bf6cae3fe03a14f638f1adc11","nonce":"e849f28fc830cc8b4380b6fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"afd045ed6e279d4c412a27b0849657f513992577226bfcabc3828e3e235d1cbb7d269ef13db9b3ea7d2bfe0a65","nonce":"e849f28fc830cc8b4380b6ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"593c4a5d0c9e7ab3cb81462789d3bb790f78b826ffc9cab7357f6d1dd9146b6a26823af208fc98b6e5b285ba36","nonce":"e849f28fc830cc8b4380b6f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"52ef8b4ae62692f0800dd4b133a0896946f01d4446ff1478ddd68ec2d133ce066af9492efa7032383b93c1918e","nonce":"e849f28fc830cc8b4380b6f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"cf2c497966c81a4554311bbcc6894dfa195beb676abf4021b51088807d0efb39a89b26f997133dee2142f8a818","nonce":"e849f28fc830cc8b4380b6fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"ff81fcbc2c903847f9c83103032e8fce4a7b6931b5b0c333794aa775cdc7551556b2e206e3bc1200a974f50a08","nonce":"e849f28fc830cc8b4380b6fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"faef63c82c67329b38ad903d371e440057559ca98a6fdc74aad9e3aa4d80beddb6afa7403124d87e9d7af93df5","nonce":"e849f28fc830cc8b4380b6e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"2bbe868fbc95662376dbd79b0e63e6da5861e378f1fddd865728bf0c7d33c53043145007fd52c063d6b9bef1b1","nonce":"e849f28fc830cc8b4380b6e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"fef19259a58b3a5532f76f944f322cf0638f5e0a5a6fd8a9b5d4e22592fe73c5ff552918cd45ce7ba54c40b453","nonce":"e849f28fc830cc8b4380b6e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"c74973a32d1d170b313cc17feb3fef86519c444121adb54dbe6e9be5c80048020beb574d67f896f97c6802e81b","nonce":"e849f28fc830cc8b4380b6e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"12b5379696724ea819185d2cf77f6ffcc540163f8a272897affa353af3124f6e017ea74647f6cc46583104e04c","nonce":"e849f28fc830cc8b4380b6e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"eec87dde2138bcf63c25df51b09292a974a5539661ef7b8fc590f79973442efea522dd8cd7b10d2400ea970aaf","nonce":"e849f28fc830cc8b4380b6e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"c82285f48bd56805981c849ef2cb883fd6284be14d3b951996905742fe2bdc6b5bd7f2f26ad341b7a18b57986d","nonce":"e849f28fc830cc8b4380b6e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"3e7f2298cc6c9773286a5e8445d89416b7dad4c046ca1819e54b2ba4e410c9f18dbe9275080711a91ed6b254a8","nonce":"e849f28fc830cc8b4380b6e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"c9ef6bf243e950623a39b1635ab15183490dd3f5b22537286921c46dcb6a7d641b2dca56ac186d5e9e05f6c00d","nonce":"e849f28fc830cc8b4380b6ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"b683e288742ef70115cf2f2e0fec8ea95c204a022c80684bc52a3e09faa2a65b0fe2655190006a6fdaf6a9d582","nonce":"e849f28fc830cc8b4380b6ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"1c34f1a9fdd939d1707429003905398aa79023c50557b80d37dd8626a8d7fe02a4d7652eb62fa4bcbd3de2b351","nonce":"e849f28fc830cc8b4380b6ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"a271d11c4895e3645792d50835d048fe1ec15b43fd1421848749668720e8a4872690fa2739f91924ac3dd7b8d7","nonce":"e849f28fc830cc8b4380b6ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"b8a9c71ae38556a8d731d4a6ddd2e3ada3a183f581e59b86f4142fe791d114c9904554222b22137403e731181a","nonce":"e849f28fc830cc8b4380b6e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"88d2212275cb4109e25528879ecc6a9a9c30987fbcd0febe7e31c7fc2335ffe2f6bd5f8c4ae74715c02dc5a384","nonce":"e849f28fc830cc8b4380b6e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"4cd775421c059539ba2c44f8afe4bab38f272c59a8beaa85aa41f8042b3c06fb9bafa88030290fe6687f08c920","nonce":"e849f28fc830cc8b4380b6ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"53740ab25bdc25b2ea8dd620d02ea533ae06fda71f9b14a0ebd6962fed329f39431ba9a50316111b12642fa203","nonce":"e849f28fc830cc8b4380b6eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"3fc46ee1f1fc421531d0b6ff92afd330fec85a7d41abb1dedc353c11473077630f74f33230384190e48a631731","nonce":"e849f28fc830cc8b4380b694","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"a59291844457372e363a42d966da6c710bb9881693da67583ddfa3c5e3349fd891510745180c1dcf984b59bdd3","nonce":"e849f28fc830cc8b4380b695","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"4cdcef4926f1ed591f28fd23ab6a8dfdd8d2bacc8a76e8710dc042a5c390d03c921ea993687e95c9837e372c2c","nonce":"e849f28fc830cc8b4380b696","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"54289bc11bbfa87ed25edeabcc3209894bdcc3c38e0e5a53c8b4bd2e07617c0e3295370c1abb18864894d67599","nonce":"e849f28fc830cc8b4380b697","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"998fcb6eeb59fb1c5423d170f87ffd43d086530bcc0fe0bbcb8743902bdfec8b18928fc827a1708ce8102ad472","nonce":"e849f28fc830cc8b4380b690","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"28f33345fcefaf0506c7459a991a588842ed5e4d2e8e7186d64abd30db15e61271915ad0a1b95b9b86797837c3","nonce":"e849f28fc830cc8b4380b691","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"de70b832c86411d4198916e0e8ba0f70e2a9910f76e5e686bbf367533bebc8ed7196b145a68d7542426132889d","nonce":"e849f28fc830cc8b4380b692","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"90c83c9144a420eeca8301a2b5c9c06a5225bfbce8ed33a36fad8ae630a4de598cd7f4bce3eb5a513ac9f0bb35","nonce":"e849f28fc830cc8b4380b693","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"c9447de76e32784fd9afc41ab1a2a5454bd27ce936f7a84651d85c19667d3768f53fdde29b05d52069b6ebf6c1","nonce":"e849f28fc830cc8b4380b69c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"28aa363b8b064f2bd7b3fd9447c831ea9049e958241b9195b8718d8663e03f1c559c590a83b0a8989dcbb309c0","nonce":"e849f28fc830cc8b4380b69d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"132703dd3e5aa2984ca5f12f2f8d5df72a0c1216cb088f23cf58299ddfb33c68ae97b0524a50004951f29ef846","nonce":"e849f28fc830cc8b4380b69e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"de90b2c9aee77bb8359dca572827bb68096b7e33ead9aababbfaf97e8104523a23bb674fcefa9b15db20d96059","nonce":"e849f28fc830cc8b4380b69f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"3929aa0645be38bdfa5f749731da5a46aa5c2afacb0c40b6224da0ca39d4ee46fd4c8e9cf8e4fdb9b3ad1dad08","nonce":"e849f28fc830cc8b4380b698","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"4b56d6da4e02c4c9cd2d2dbdab7d389131bdcc3fa7177a9d8fee711f1b63206bdb095f7f29230c049ac655afb6","nonce":"e849f28fc830cc8b4380b699","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"bf1fb4c7666b6b792939a5482764a165593382e5d7dc303575b0e53d143a6e0beadb18cfebd08500094e56bc97","nonce":"e849f28fc830cc8b4380b69a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"3ce3e8ed05335941eca6e469969c6febcda30ee2b988a7f4621f879b26e280e789fec4df138a545c673b0f85ea","nonce":"e849f28fc830cc8b4380b69b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"709c4e98c01297943e7965ad361841dc9419ca1e3e70245156f3c2efb998973a7f1e1b9596758abfae9b609652","nonce":"e849f28fc830cc8b4380b684","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"0b4fd4eaf13382be6f548357458eae2b34af1957940699c7a8f487c1f7f6d92a720ab5884d5bbd9ca78a936f2a","nonce":"e849f28fc830cc8b4380b685","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"bc62b4438a4a78283fe8daebf6fbff33a8474e91f513390db8a1d018cbeb6b51b80f4ebef93619b74f43bdec6a","nonce":"e849f28fc830cc8b4380b686","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"f733f20cb1333c52bbf997b94470d41d2575e0c2d2b24349505f1a609c25c63803ca3b171956f74e16e2ea7b71","nonce":"e849f28fc830cc8b4380b687","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"ee8f1cd1e800eceaaeefe907c829289efb8d6590ff4c05ca361fe44b864c44dcb67054814aaaa81533d25fa4bc","nonce":"e849f28fc830cc8b4380b680","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"2806bc0c3ead6691ef856b181057f6a29f9a43d0d19345f3a473402cfadd3eedcc878c31d9dfcbac10c9e701c6","nonce":"e849f28fc830cc8b4380b681","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"d9775b849e4222aaa23ea761b80d257534e9062891cf808af7ea2a291120b29783b6edcf49a907b21f1e4685b6","nonce":"e849f28fc830cc8b4380b682","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"90612ef6b79ede91d94c315a7b1c2bac5e423ddc891a86788515a06d5c39556256bc80a56f737790d81f0a72ef","nonce":"e849f28fc830cc8b4380b683","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"5b8bd60c8d34ed0b77882678295cb6adc480fc68a1988e54f8d6336401192de905dd150ffdbb9fe8921b31d634","nonce":"e849f28fc830cc8b4380b68c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"8e1509dd448c3321122eb55d6c7e6c0f4813d8b1971c794c8a7d005bb2e749645bf3d9114820daf8c8119bb2a3","nonce":"e849f28fc830cc8b4380b68d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"f2ea50104652dbd3dbe87c3ceba8d384e88f7b07a7c4d260931b85e4856b8f44d129b95603ec3671727c4d9074","nonce":"e849f28fc830cc8b4380b68e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"65ef947e3dfa5c4406d72050c0b350a12d5088fced531f05fa6dd61f20dd698db157d1f43c194fa09329f97f62","nonce":"e849f28fc830cc8b4380b68f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"273eba16e95098612c6849422d36abadd599b0b96de697e55a1cbe6fc9d412d0c4e39060292e162400bffd857a","nonce":"e849f28fc830cc8b4380b688","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"99e66e368ef4da84aa6a53e2023f8ff066d41a2778ca57ad8d6bc5931d0d3a69f201f8843f3f145d6a1740c4b2","nonce":"e849f28fc830cc8b4380b689","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"1cb46f0192e37215a9f432192a5720c669264bd09008e08b685019d82d0fc1e6547d69e893807d81f14f4fa0e8","nonce":"e849f28fc830cc8b4380b68a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"12ae267f7237b421415736b5f6856860923fc9438dd512ace89c9c36bc6c6d5776f8df6d97173b082e1d7bd6f0","nonce":"e849f28fc830cc8b4380b68b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"b4875b85da39a1d1a1121341ece60fe56e0af688465c898f8aedeb87a9b441bc998e449751a2982e54b85ce7ab","nonce":"e849f28fc830cc8b4380b6b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"2f0ded887b0c8a877eaa43739e1900f791a1cb4198bad0b67cab4a28c97820e4b8240ea7a6711524fb60a67c63","nonce":"e849f28fc830cc8b4380b6b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"b59e08316892c79ec162126d8753ada6cadb3c47369c1f5c9cddd6fd28ad495aee116d3c6a45f8a07657458bca","nonce":"e849f28fc830cc8b4380b6b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"d3f5cf17bfaa603f3c03c3c3db6299faffb11f7bdfe6b4ff28fd9979d1fcf5f090476e172384da76dc26240f8d","nonce":"e849f28fc830cc8b4380b6b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"d32b4ebf63629e4e9f07b3c8fc057ef559680a316874c5c8888a58d214baec8c04b06eff3870795789ffa036bc","nonce":"e849f28fc830cc8b4380b6b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"51dcb403323fbe33433286d12f1c3d48683bdfccbd0f387e320ad153d6cd88dc0f45baca8d5f582193127fdce7","nonce":"e849f28fc830cc8b4380b6b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"66d6e54da7b7e68a098a63995a76d12bb852bc3f81730c97240b3b7aa8590c26b0eeeedfe716dc7f9d80eece44","nonce":"e849f28fc830cc8b4380b6b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"22e3d9b09f1201f8c3b038145063b0560cac40dd0d94e063b76e3aecc8a0a532d88daf46f9875bf7be507fd942","nonce":"e849f28fc830cc8b4380b6b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"ff3ab509ae0b5a583f8645d1f9f9c0770f63e66816fbe649dc4e2d56ba220c2f06ee2bbc23fd057931496d3db4","nonce":"e849f28fc830cc8b4380b6bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"8acf54e93edfd52687b616df71810dabe463c9a6f0e72881862bcae2cb31cdb2bf502c038afe1fad5205e4c013","nonce":"e849f28fc830cc8b4380b6bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"9c3d6ca12bb2b853356a09a92493ca4ea481e1694073b56c3715ca3afbcdcbec47870155f664cb8f4f244b0f7a","nonce":"e849f28fc830cc8b4380b6be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"646e27e3d0ec3287bb0545878d79c4b034f5913d31035657691ca9165800066b9cdf59f016e8a0b8f60b78c4c8","nonce":"e849f28fc830cc8b4380b6bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"b5ab8ff95cf1560d5848f4013a3e8eab9cd8e91cad339d1e2ff6600793285336eeb4019f6e438b09b89fd13dcc","nonce":"e849f28fc830cc8b4380b6b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"91d184c980d8e7395119dada4a017399855a00409675058000ce96fbfd55f307037eb6a946bc40ee7061944721","nonce":"e849f28fc830cc8b4380b6b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"08a98d6e19f905d33db79b6e1f803ee3f6a1e05af360496286d919bcc04892c5ddd4c4884d6069d92b9395fd20","nonce":"e849f28fc830cc8b4380b6ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"719bb9af07088f0c7cf3509c73b1887d00d83508a8b9dcb3f43fecc1926237eb43cadaaf73f70cd25dd63dbfde","nonce":"e849f28fc830cc8b4380b6bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"840b4cbda5ca7184e6204e67b9c1d83b3213479d447590a5af17ae5bc58e205a82a3618ef1094abdc48f3af994","nonce":"e849f28fc830cc8b4380b6a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"dacb50cc51d5295ab66700d3dc4ec2345957b8e7d01bd84bbbeae787bd450cb242326c584c8487c1231d527b47","nonce":"e849f28fc830cc8b4380b6a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"7587bd84a60ddb26c8b823b44c9e9f11b6d32e0fd7b3480dd2223550117625cf82d7616f8b4221e3ee59dd87d2","nonce":"e849f28fc830cc8b4380b6a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"d265da611f1e2b5b77737ab1cbdaee4ed6f5cda6a2125072f8f5ae5c7dcd9e3be7536516b33097c2f317a1a2ef","nonce":"e849f28fc830cc8b4380b6a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"74b76c4f104ec3777020c835dfe5d70ba524d175b1f19d37abf5794c469e0ea4f0787f85ae64b59c206af0cf46","nonce":"e849f28fc830cc8b4380b6a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"55603c2e397446142569169545850a35aa54375ff5c8280bf1834ea8f56fb7c930d12aa8e5209006f2614f1fe4","nonce":"e849f28fc830cc8b4380b6a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"0c18e3594dc284f1e5e0677a6aca9846fb01405cae1e032887944ba77c3e88d170d41cf619ebd530cb4b234f18","nonce":"e849f28fc830cc8b4380b6a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"82ab054b6ed596fa17b5e2daee475fd7ced550e97516152870440d132b3b37b47211217edcfe53d67861b2f67b","nonce":"e849f28fc830cc8b4380b6a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"9f5d0194bffef3437c12b7a0884b547c82f79d6ca48655c24ef923b266df585744c0883a478125f8fac97a910f","nonce":"e849f28fc830cc8b4380b6ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"c95690259293b409dd97fbf1de611f3af2be07e0ca929ad68965875bddadd8d0f4277147537e50c0f207ab4bd5","nonce":"e849f28fc830cc8b4380b6ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"e8560410dbb2803aeeb541a80165cac57ddedc63f44ac2888a1fa3e8149ae58ac580c5d47eccfe12c21cf609a8","nonce":"e849f28fc830cc8b4380b6ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"77a9d9aaf5bddef4f83055480edde1d0e55903eb3d548d909c4eb852e314d580bb95ba888ca91ca42065d107dc","nonce":"e849f28fc830cc8b4380b6af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"d6654e6877c9c72ec81408f64d22011c43b9356904edc375027d44046f0ce1b1a998be1b821b75169496aadaf6","nonce":"e849f28fc830cc8b4380b6a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"2a734762f9e1ef17e20a4462c5f9305ec3f329f2859d0feed7528ae1fbac2dcc999adaf542ae18affa254fc290","nonce":"e849f28fc830cc8b4380b6a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"afa8f10a5f7d57f0b0350e39342d47c830cb781cb99c3c3dfb8d79c59f6cd35f418c86579f3ec957184284ef3f","nonce":"e849f28fc830cc8b4380b6aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"bd056582cbe3335073d926d3e78f43345e270ed7c17b9c8fd08ff3f4566dfd702671b93bba1472fa4590de1cc0","nonce":"e849f28fc830cc8b4380b6ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"7af076292632fbd66613ed671cb77f52e7d3918644292827bdb3806bef0bfef607bec053bc05226cb5672f5d15","nonce":"e849f28fc830cc8b4380b654","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"49b961fe2ee79eb6c38477e9a390cf4e640559139aaabc84d93fc4dff535daa9c2adea0225fce5c932271beee9","nonce":"e849f28fc830cc8b4380b655","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"644c68449e01078fb3e844acfe16baf2aa0cf6c290ed7aa099fe9db0e3f88a8ae1204639e352840a6a81b827e3","nonce":"e849f28fc830cc8b4380b656","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"5f7b8b88336e554b1461ba4f36324ab267bbdefc8d364f222089bea5017030cb5498283d85c63b55fde037c5da","nonce":"e849f28fc830cc8b4380b657","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"6306a4a984cdf8149256d7c9ae6120a7dd1731288ed20afab6e7a2d731d0230cb86772dc2e4dc9552655490e19","nonce":"e849f28fc830cc8b4380b650","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"c49cc276246e6099d404d2a30e54c82cbe6cc2bc21bccac1be550c2f89fe1f0fa8ba0c3a2dc6b92eafcb6340d3","nonce":"e849f28fc830cc8b4380b651","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"4a007efab1b4ac6cbe2da1a80c63c3f6c9d26450cca082158000be8311de44874e1afe3415020b05737dcd552b","nonce":"e849f28fc830cc8b4380b652","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"07aa00300d21ea51df639dee4e225e3d6f28191bf05c9b52a204fbaa5eabc110df4de3d60de7c335bd4ffc34f7","nonce":"e849f28fc830cc8b4380b653","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"c43059f5ab167a188a944cabb71073609f0cc546b0af63c0290236bc33569c5983b0b5f4587c9e8e00f2f51cc8","nonce":"e849f28fc830cc8b4380b65c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"7b89dd4c4217f5ceaefd93e24c291381facb6ee451adc1cf284cc68370d8d0a94202286db4a6ca390603d0810b","nonce":"e849f28fc830cc8b4380b65d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"917ec2068d4177133d272ed5b9dd87359a4ec5d336b6282dcdd14a96d11f8cac8a85c2675e8e71501cdb1b1e32","nonce":"e849f28fc830cc8b4380b65e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"a22b9329c7d7c5d06364e5a023b45fde4b65f86bc4110efe0a62dbf9399d90d5703370ab764d801f14699cdc7b","nonce":"e849f28fc830cc8b4380b65f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"3cc532caeea5dfc76834945d128f3532f133016eb57c1068ea165cded83ced2061f40c7dc2e5891f65c5e93278","nonce":"e849f28fc830cc8b4380b658","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"a168cc0d221894e02e9b236dff098180699ba080e1c7cbf91b3f2817643428d8e99bee296fca0cbb5606a6f09a","nonce":"e849f28fc830cc8b4380b659","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"203671e5a71a0841303238d532c3f98f7cd459f4a665b883ffaf8da7fd81c984ea7363b4d0c8a2b33543e8e6f2","nonce":"e849f28fc830cc8b4380b65a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"0c98607339392b28950682ddfc8c1bd74e49810c01e935f49d4c1fc5e6036210ce5787da1aabf52a9b2830b7da","nonce":"e849f28fc830cc8b4380b65b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"1dfaa70081e58e44a117852a0ea54eb0f4400341fdc149d30145bd5a7f45fc9263e0d1e5234c88f55d1133057b","nonce":"e849f28fc830cc8b4380b644","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"a3cfad350c5c3e776c35d8a42e6eb1148ab5e9dda7fafefb5cd63928de2c0ed894b079f085eb67a66c8e413b63","nonce":"e849f28fc830cc8b4380b645","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"9159defc4b383d419009fb775fbacc464788b45ae782189379cb9269e22d9bbe6cd5f6ab1ec877c5d498f22092","nonce":"e849f28fc830cc8b4380b646","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"b9df672c9e1686881fee3f8cea87f27c2b3268eca548a65829fdd538ae64682de64b57be6eda092df6262264e0","nonce":"e849f28fc830cc8b4380b647","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"fa5a36fceb0be4bd8c1e4e96ca3f0ffea0c555030050908207713c0ca1d45e8ae0bd1b5532e3c615c3d733c872","nonce":"e849f28fc830cc8b4380b640","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"b54611773b3bb636de94ae1d1eb636a3a9609f1bc7cfb74733d734aea9a5390f8c8dd514f3750a7770b120f9e0","nonce":"e849f28fc830cc8b4380b641","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"4f9f57135180746a2a2bc818e3f60bdedf64084aa910b727a7aec2d491814b279b779db66fc06fd2d1f244767c","nonce":"e849f28fc830cc8b4380b642","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"2e15f5933f0ecc474e29e8a97d08476417b9e4f966d6ebc6ae7e4c274316e871a727d5dab170248b40d558a52d","nonce":"e849f28fc830cc8b4380b643","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"b0ea41c6b1ab458021b6dd45eefe1524be3eaed3064f3de54c797ee7f0a0076b4a46c66278a7d4308362b5c9ed","nonce":"e849f28fc830cc8b4380b64c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"ea9db0daa7e1856e367c915cbb20460620afd90bd975b04d1e460b8badec884ef5da5dc611ce92b33411c0bb30","nonce":"e849f28fc830cc8b4380b64d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"da1f480bc4ec3e1c1b3b9f037dd432fc41255721ee403f08876ad21b029b8aae2dc7469eab9eb2af48f1a4ff41","nonce":"e849f28fc830cc8b4380b64e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"188b64a1d7b6404a0853a04a13bf3087efb24f59df162f5ba6677ee9ebcb1df13f1d51f2aa67bc746df15d160b","nonce":"e849f28fc830cc8b4380b64f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"d1c984cb867874e152c313808011c2e889d5ec6b4e98fef9a4f40f7a3e04cff9b35fe693d82c3788fb8ccd3f36","nonce":"e849f28fc830cc8b4380b648","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"812d02e0e55d6eb18c87d77fedc0bf685414fa1248ba6a2e99e3d802484d85ea68fb968eab60aba65a3efc9721","nonce":"e849f28fc830cc8b4380b649","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"d43cb36bc0433c09a9583a5ec828962bc88defaf4578c1836466ccb2dcb12baf5beb937f39bd66d7236260f367","nonce":"e849f28fc830cc8b4380b64a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"1f894ae43f99e0cb25514e17714f8d20dc3731722e9a231bf86f3029743dea7bd69c4140f1ee2b0772fa2a733b","nonce":"e849f28fc830cc8b4380b64b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"218acdd8e62d41025f0f0a6d5dd576c0ce457e9da90e9417aed9c97c54ebf14c0402b713581f84c345bb3f71c8","nonce":"e849f28fc830cc8b4380b674","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"db5530b01a5e9c8d5ce44d1eeb32f37057d2cac71c607a94b44973289e683725c254f48bfaf359e07be46b1e44","nonce":"e849f28fc830cc8b4380b675","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"053284b5f2ccc874a01379e46ef2dd834b75eda07c3d7861fb58961ae564c5bb95b0ecc049e9d49d119a188bce","nonce":"e849f28fc830cc8b4380b676","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"7122a6334729ed0bca7ccb2dd798e9753846738a5222fec2b2c8f9218227e1209f9a9bef701fd6da2e004a921d","nonce":"e849f28fc830cc8b4380b677","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"ee24fe7c2f45ff019337c6af6d9acec0f3462403306b9dc3b5ccbdf119d7310cd616da323db40e47dabb6d24de","nonce":"e849f28fc830cc8b4380b670","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"5add012386eadf8f63181799a6a48a15739db9bd87220a9839faf6e1da15530cd3ff40b731641f97d877c9d0a9","nonce":"e849f28fc830cc8b4380b671","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"05cd3bc0da44a1ee19c4ce990d367a0da844d904cf88bde4ea91124a4f05a54c9fe2e5470d7750c8404285ed60","nonce":"e849f28fc830cc8b4380b672","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"3b6d1cbc1379e6efd02bc5e19c224280993cdaa31b15010a3dd37e81235d2a87b61f52cf187837a4bce3321f88","nonce":"e849f28fc830cc8b4380b673","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"0a826bb1616dc1c3973fe07f8fcd8a33ad4b27136c0ba1c3b9cbab5ec679974882ba43a3b2af65363e483669cd","nonce":"e849f28fc830cc8b4380b67c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"f9516a332597aeb06554b407fd124013ea99fce8f237eac5a378579bade601a33fc993a92090ff8f1026bdc119","nonce":"e849f28fc830cc8b4380b67d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"9fa069c0dedfd28f2ce4162e74bcbcd9aa17b541ffe69cf124545269d9cc4b45a59cb22fed6de21762050dc79a","nonce":"e849f28fc830cc8b4380b67e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"931f50c30d54de34ee97b29d86abc8f574cfa06da8154b259d00f28a4be554e9afaa71ad364184076fe66f8d0f","nonce":"e849f28fc830cc8b4380b67f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"8c773070f46b3b3f55f554f8c494752cbf93c35a6861f9af47cb3f8ab8983915cebd73db06b7068aec128d20aa","nonce":"e849f28fc830cc8b4380b678","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"93899a2051875c21184395a958f3640e8bd8d59f061c6126db61f8232405147ee4dfbc0bc9028140bbff8697ec","nonce":"e849f28fc830cc8b4380b679","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"7978edf08ab48b54e4f7485f341e2f52637c00ea6018b941c04394338dafb104a8947edd77f089f5a4d88454a2","nonce":"e849f28fc830cc8b4380b67a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"550b72aba753a0dd4f90a643582aa71cc3a7a25a408ad0ca911e0d62dcdc1b4199f3cba355cf6d2424003ab1a6","nonce":"e849f28fc830cc8b4380b67b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"0e6eeb5afa834fd346c292cb7d39562f32c88289f3292c4364f05cfaa43f94e16ab0a4ea448cbb5e27662039c1","nonce":"e849f28fc830cc8b4380b664","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"4e06f6c1d58103b02dd49cb2b6c10a31c98eec4e27c29895cc906643efafa0f17c18767ca6159af13614925a81","nonce":"e849f28fc830cc8b4380b665","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"0772a924a7ba1f53dc8f549b54abd4bb363b911162b49d30b390ce7781eba07ec2ea62d7b6e92f3219010495c8","nonce":"e849f28fc830cc8b4380b666","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"fff0ddf572e77803b2bc56d7e4e18068323dae8efd7a5efa1097b16ba3bbc8f0791bc867bb3619a3d4117bf1d8","nonce":"e849f28fc830cc8b4380b667","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"10bd23003b883d754b249ab94c994747c7f676ba302867e7b4ac0aea24bb0d6da4bb3f3dac5cb43e5d0704e82d","nonce":"e849f28fc830cc8b4380b660","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"8195e6182a487deb7e43a8fa5f32b28ebfca5ef3819d56006f56180d9ff025bcbf30501a9811c676b9e59a4bcf","nonce":"e849f28fc830cc8b4380b661","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"0e101e95323b2396c5c9c0718882f83c17af1ea3dd50e687779dd9a797208743e8737d181614879249ee85bd12","nonce":"e849f28fc830cc8b4380b662","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"ce9cee0a36a5993bf101161d0a4e8f801a335f40137903b0ecf6ca41afb3ebea0f08a83284f3c869eec459c66e","nonce":"e849f28fc830cc8b4380b663","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"afee8bd1fa0501ae77de788c8e13d651d9a8f9c57bdf49650b8e1a2479758178549f00e40114e2bba3eebabb4a","nonce":"e849f28fc830cc8b4380b66c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"81c387a55bb321ad7d48a4d101d500eab7370a3532480f96ff3d5ac3ec38bb6abb25ad24db7474d9676595b412","nonce":"e849f28fc830cc8b4380b66d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"c06cb4d5738c7a8574ebe4a0e00eca35c5ed37b134056296ff118c0a721c70c78944662dd0aee3cd2e107e31c3","nonce":"e849f28fc830cc8b4380b66e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"623773119859c6138dbfe2b2c6e5ab51f92c1c0bb954b7599bd68e61c6f49dec4b3f20de580b56ac759a08d6b5","nonce":"e849f28fc830cc8b4380b66f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"49df0651770eafced35a2859cc21070792b8413fd98e84eb26d39c75abc887e84c2decf94e06b8f4617cc9aba8","nonce":"e849f28fc830cc8b4380b668","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"1322586bd42138aabc73b06aa1abbd3886113ba79c928530397fa79f1f06d0244098985cb1e859898d0c9441f8","nonce":"e849f28fc830cc8b4380b669","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"24ee345c48b7f88ff090792d636f2e411c9dfbc3fb61c640483bcda94441983524260386c0a84d92c40a084542","nonce":"e849f28fc830cc8b4380b66a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"59ef5637cd9453247d8e76e382b6f50837778ae9547bf942b53536f83290a08b5ab50d69a3bf05b8afe004a766","nonce":"e849f28fc830cc8b4380b66b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"a19d804bbb19463b13be699aa8d81355cca0b8b5a2e5744424de27c866b0b41550ebb81ffe4e716d2a170a7c08","nonce":"e849f28fc830cc8b4380b614","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"2f39d49561bb3c49e01815831db7797e5ab36b4c1cb046fb43941e7c3e7ae2c9421bbcb5a3ed9aff64ca675d1c","nonce":"e849f28fc830cc8b4380b615","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"44539d6a64a43f1682b6606e3f38b93c7f4d1e447c2ff64fc062f9a7114952690803b6dd601defaaedcdedb760","nonce":"e849f28fc830cc8b4380b616","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"d3e77a11e18f45e8a8638a2614daa9df827d9823026cd61eb497f99bab4e2d7ca418c0fdc8b39f093df1cc6654","nonce":"e849f28fc830cc8b4380b617","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"2102749fc2f16760ffa4ceb4df4cce00ed43b5e5d8d6d87556e5cb878070581d276fb07f4ae0fc5cddea72a65e","nonce":"e849f28fc830cc8b4380b610","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"fa3bbbd1b4fbf4f1d83ea6cd7c25456599d8667929db3f12039a7c54006c9cd9e603052cf4a8380fece7639127","nonce":"e849f28fc830cc8b4380b611","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"49155f6afea3678df86882cbd03ba70740af3ff1ee45d1cd4eea239719e2528b57ca4e06959bb091fca0c2b380","nonce":"e849f28fc830cc8b4380b612","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"32154b00a79ddbf0abf962821d87c5ca7be3211f2a8e8b3eaeacb3ea75c22f51f9f43892d2d2e75af2435149ce","nonce":"e849f28fc830cc8b4380b613","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"9e57155fbb0e8f37a2178c04fd95cbbfe588a06c03ee088870f21eaf74fbaa0939cd093d1679f158d0744c4dbf","nonce":"e849f28fc830cc8b4380b61c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"a9438a312f260a8ba7d06bc846ce9a04bd507376e0a36da53e7a5ccdd64fc05ff2da1842509950d2f86df471c0","nonce":"e849f28fc830cc8b4380b61d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"7e5e6bb7dfacccae4c033ab208adc6f18ab6d410f279c0328912711af5610c2de0f0189337c2ea07f5f60530de","nonce":"e849f28fc830cc8b4380b61e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"9d9eb4b4c7d731776fb0c9df4c58719a2142d83b9a18cb7ea0d599f15844354a6d476ce5f95e6bc1fd1c5b4992","nonce":"e849f28fc830cc8b4380b61f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"eb03c08fcae8c745c5dac881c86071d20243449b4115d7e117af8c1e46df005844a940716febf397b3d683a1cc","nonce":"e849f28fc830cc8b4380b618","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"feae9c404c893e5ce6dd6948cfe4ed16189e4148a5af732daa3b169b66b7e1adb15003ff1e81207c5d5a66d134","nonce":"e849f28fc830cc8b4380b619","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"d518e6c7956aff2431537edd2fefaa765d15ba538ceb598e9a243ef126e1e94887879405055f970e064ed65875","nonce":"e849f28fc830cc8b4380b61a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"ebebe5181b7a7a2c9be19e23b9d2ebc5181ed42478b7069530e94ea04ccf1ecf85a33eee556b6300881cd904d8","nonce":"e849f28fc830cc8b4380b61b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"3a87e041d83884c0a0ad4143aaefcbe2b28ceedd553067f532f0f14c9cf3b331756d6f8aff52d70a4f448ccd9e","nonce":"e849f28fc830cc8b4380b604","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"86ba5ddd33bfe97006843a1921c9ecc44a15f7c78cf52c277c9530a9c5ec76707946556641eafd077d1782a8c9","nonce":"e849f28fc830cc8b4380b605","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"c7e8afcbde84cc0d57adafd4973bf04f80aac45e46994a91a29ec9c13f8c7537ea548213a856cb5204a5749a74","nonce":"e849f28fc830cc8b4380b606","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"5a50dc4dca7f29d394c421b05a870f733f392d42ebc83bbc40b1a8e06f73e2b75da7faa75f5bc81bd4099307c4","nonce":"e849f28fc830cc8b4380b607","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"45a384f220feb2bd4c15a2f877638dd1c4b87b9fb4a6cb367c7b5e59c3d33ae788d18e215ac66c1251527f5237","nonce":"e849f28fc830cc8b4380b600","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"ae9de4f25c2d55fc8a0c75f506cffb19529b11c4954dbc006ac60f45c7414112ad546d449dbdd948d07c4264a4","nonce":"e849f28fc830cc8b4380b601","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"3ce843b985e8ccff8ae841e5e80a79616b4f5696b68615ebf271c5771b0f3ba6b22936ad78baed0dfadc77dbbe","nonce":"e849f28fc830cc8b4380b602","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"3fe2d7fc2a14f1a6f66c3780286e050f120f693c6f070684e3e31fdf3d08b72d668ca715bde98ed3fc99368285","nonce":"e849f28fc830cc8b4380b603","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"68b48c41aec411b9be0c0cbf64958d8bccf906ac78127517118d50774a2e5dcf71506863b1698be1d4a517ff64","nonce":"e849f28fc830cc8b4380b60c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"793939a76e712f4b05881f5400fc474b480ff935100faea34d0eba9673e39e3618004fc91e768f2cf0457253e3","nonce":"e849f28fc830cc8b4380b60d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"7b17d29e756e57e630e5c251895819aad632d5ee7c68a2645d101e9707bf32ff4ebd9558dfdf1184a8d15a1170","nonce":"e849f28fc830cc8b4380b60e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"ae1f98b387d51c6df50f1face0d51eba15d7e50f55a92ce7b467ff4fe27f1459b7708b976b90f1c9c25a475ecf","nonce":"e849f28fc830cc8b4380b60f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"69f28558024a8b1429a07202cbd466a22696b61db97d0670eec38404dd01acf8ed90580108aa521286321d4a5b","nonce":"e849f28fc830cc8b4380b608","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"4675c06bb1296464c26f4b3e8520ca44db0972fd723eb115d7b1b0f37e978fe1ccd347e991c502e2f0337514d1","nonce":"e849f28fc830cc8b4380b609","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"99362b373dcfac81ee91a3bacd099a7e0081f8805a5d5ee0031a651c693343fd7080bc1e1f4276a153bc8525a1","nonce":"e849f28fc830cc8b4380b60a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"3c820d74be11ec8fb36be277ddc3ba61530ae22d06ef426e435841fd418e1dac43254b84d36d01b47b1ff261e5","nonce":"e849f28fc830cc8b4380b60b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"3f18ddacfd9f3ce6ece7e193220634a5568d9fa970130360f976bd4ed133dae45f13ef2d2fe395a64e55fc0e4a","nonce":"e849f28fc830cc8b4380b634","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"d38e31807446a2e9a896b615360b4af72b522daa9d038e694cd985429488fce026a640436481c3831a2e9ebcb4","nonce":"e849f28fc830cc8b4380b635","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"f2a4c098da3c5202acdf34d9dda828a04ad214c140b23a3a646e3b44d9428da686c67c1e727ba9b99299df4ff6","nonce":"e849f28fc830cc8b4380b636","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"418ecdc6086487bbc2d6342bb3e28780a3fda010ddcfbccc879def4cbf3dd235ee2d770508afd407696aa3bef7","nonce":"e849f28fc830cc8b4380b637","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"b7db3571aff673d2b9be961ee1a7f7019679c5e943e938127fe87c53de3a0fb601ecefed9d68c4225cbd627673","nonce":"e849f28fc830cc8b4380b630","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"f6431f69b29b2f3bdc3eef51b1b9562ecbd96860f141004a1eead0dc5b39dada9ad37c81e1a44e73f2c755f801","nonce":"e849f28fc830cc8b4380b631","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"8803bbea1a517b6ea928223850d59a350c87b07a911d9711caa4a93f76daf498f41f79fb9a4a015d10f0188518","nonce":"e849f28fc830cc8b4380b632","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"8e5e3d9b4f426e9182b844d4a45bf6f8577b2c4ea5c11d19c308bf5045eea2cc79f682b4b3eefccec231c54f9a","nonce":"e849f28fc830cc8b4380b633","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"5a0a09f3f8f757446cf6ef1ee824069e384595a6d4524d1eaae368ead88778a150af562f8bb07a7dc3583e08e7","nonce":"e849f28fc830cc8b4380b63c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"3da2a20ec45fe73c9643ed97a78c28d58753beb59901286c752d7527be977d132b5b41a88ab3cae9ae1aea4691","nonce":"e849f28fc830cc8b4380b63d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"2ff7dde064e5fb86dac32d1596cf9c095a1434685b5a6d640f1c56aeef2d2b7408ebe7c323cc2fcd4b4153a187","nonce":"e849f28fc830cc8b4380b63e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"66770766e0c57df4e760a352df24295f3452e0091cd9fd557d6fe0a4994af876d3a459473ff47e406a4c75e61c","nonce":"e849f28fc830cc8b4380b63f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"6a53278916bc7a148653e8e3db2695dc0dfc6dd7e1566bffa214cf50fa81b5efdb47bb4edf4669e03a10c2ed98","nonce":"e849f28fc830cc8b4380b638","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"59b3a5cf63a4a732d00da67becb96f8cb9d5514c7f007298207f47306eae4439a3f9bf349cf3a1ddd5a6bb2896","nonce":"e849f28fc830cc8b4380b639","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"1bbae2971925521b853ca20efc11491f51b3aebcfbcd93503b6f52aa98efaf337ea9e43631460ff9fbdb932654","nonce":"e849f28fc830cc8b4380b63a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"687c0429f2645058ff3e2e944706fb46a24b7ffef34193455726c78c3f35f8a27ac250802289ac191f95953bdd","nonce":"e849f28fc830cc8b4380b63b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"b2fd7722123f2da5c5891058df14fa80f8e27db81bf41012c2313df1f4934813d19f8ea9c49fa57b9698188847","nonce":"e849f28fc830cc8b4380b624","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"6c573e3c922bcde150b085731403699e753411a845c8513643216841b03b5bce209896b9ba8b661b6bfcae398d","nonce":"e849f28fc830cc8b4380b625","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"bd9c0d34944a499db9381c163ee3ed72d2c423fa8c966a2e397b4c5dc77240eabd38fb581c4d2ec30defb0bcb9","nonce":"e849f28fc830cc8b4380b626","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"978b3d91e86f7770c098994a5f62a98e09f039f9c9c1f6d2d3899931b35b92da1d27b846081a993553c4e577fd","nonce":"e849f28fc830cc8b4380b627","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"3643bf4fed4c374a2969628b2923769852a528a550fc4e452dfa890b4bf5c208699a41a395b166a47a0eeb2016","nonce":"e849f28fc830cc8b4380b620","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"cea14955e696623d640aded789771306c7d4e3ce8e037c79d163877bd0a5bf592791a54297b4b3ef901adeb84b","nonce":"e849f28fc830cc8b4380b621","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"cf43478c3c7fe7483e3b761e7cfa118efc158939f31fa87f14f840d579ae72f2d642405a5e8d55f3d00d5070b6","nonce":"e849f28fc830cc8b4380b622","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"b2022e013b00cf62f58f52f87c6a8cfa32fe6999bf0edde5497b72eaa475272dd1102be5933ee048b30ec7b170","nonce":"e849f28fc830cc8b4380b623","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"644e7fa9a0dc8bf1b180640baca3a1c43c36851c1574299d11b9787026dd069eda51dafd212a506fd042d53ab9","nonce":"e849f28fc830cc8b4380b62c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"fe65f3c442fda2cc7404844968c99e758b96add83245159bb53691ff8064d5cec615690d205ad645fcece11c99","nonce":"e849f28fc830cc8b4380b62d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"dfbe1b05ed002f8d424ed063f0f4411a6f7450ffce33ef05798ae3b337dfb7317efca8ff3f789e3c50a31994bc","nonce":"e849f28fc830cc8b4380b62e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"da3c600508b6cd3e9dd6f716c2ca6f6011e3bfa2c0b560d68259456fc1ca9e790e004945a2406c6abab88a3857","nonce":"e849f28fc830cc8b4380b62f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"7c72609e6b2a03bf5d509578f668e889052f1f815c45ca972a0db6082bd50a5f42646f2b4365971a47cba4a962","nonce":"e849f28fc830cc8b4380b628","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"aacea1cd53273f236e890e1496e6eeddfa8f40122113cf2db443898abf6fb14addd0347cfb8643769561b97170","nonce":"e849f28fc830cc8b4380b629","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"6f3a948ead475a990e04a70971189cd6b2c222c739ab64a03d8fbb470cf681024a99caa7eb015f25e40d485def","nonce":"e849f28fc830cc8b4380b62a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"c94c682011840a0f46a555ffd9c5201bed2067c1ef0f8aa4304ee4860512402d054148d0af052777463dc4be71","nonce":"e849f28fc830cc8b4380b62b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"20e6e0ed34a866f91686700eea8772ecff7fe5032bced04f65eca9373cb51a5160fd39235d448b510dc9780b6c","nonce":"e849f28fc830cc8b4380b7d4","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"18c61daf1df392114311cbdc395fe433537a550dfd6411d4557a6ed0a6368173"},{"exporter_context":"00","L":32,"exported_value":"95e99529c6992276507e06cb7665b1d8a4af5367bfa0b04b3793200dbc39adf7"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"456d3bb18092c49437c3f84d4a33f02df323e6494ae1eca4b04f1878015025af"}]},{"mode":2,"kem_id":32,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"b456248e5f6a41868f17ac31def0bdc98ceafd38216ad45ba63a02db53bdbbee","ikmS":"c97e136cf8db8c7f06595253739aa27a888e4d3f062b9f92670d4f4e3a342970","ikmE":"3a7a2bb7ac023e7f2645c4ba7f9f63e0eed809c794ec5a6963b5dac1326b3c1f","skRm":"1ea5548fb3412eca9ca9d5165a382bea32877415b12253fb2c594b0cfa4e8197","skSm":"bee14df75c1654067db5b7551d3ebd0a5e2e18495733639e6a054c91bde97a17","skEm":"899bcc666197a9a9629248daaf7b2cae2020f450b42e2aa633a5dab67031c021","pkRm":"9144025cd5cf5049cd429d95efefa7e7ba1a896054cdb1d6c93bac79134b1f5f","pkSm":"4b65143baa4aaeae70c23e052972ca61467aa42883b1c3ef388821496f120717","pkEm":"cbbf4bf8393f27f04cdbc5e67a449cadc22df22dcf0c14f61d17471c8b49687f","enc":"cbbf4bf8393f27f04cdbc5e67a449cadc22df22dcf0c14f61d17471c8b49687f","shared_secret":"8d75921a2cfd345a076ac2dc64dd2af08598322dd3aadb90a43395c13445c654","key_schedule_context":"02018d129f34a145043cba6146e7e397593164fb1e78e512e6f36be621c56f9f7023a14f35e95577ec3f6714ee332f48e829fc2ec336e71b204f5958b7067f47756f17ad5b0cda65d91049ff137dc5111687e0d4d44123d94cf2ad7b71ecb5fab6cdf8e044519fe1ecf7cffb6a3f3bfbaf6babfebe5d30a92e166f52849e8d35a3","secret":"c682aca0024f41da2c1d13292db88fc5e92b34eb829ffecd9abc94a3e1e83d5376c86885dfdbcbb968ad0a8ae0d27807c9a5d56a23c96b6b23b9b782b37f2092","key":"d9d173d39d6b281a0aec686097a9ebec","base_nonce":"8895a6427778c6d6219b1056","exporter_secret":"0f22ca936c399d0c4041ff33cfbfac1e7786f4718040afc4a173f866ea09331bf62e6076512f176840ee2d7a42aff59c5af739b9b9bf5423e414e5f168279110","encryptions":[{"aad":"436f756e742d30","ct":"4bf8568019638be84f424742a6fa07b29acaa39d0b56f67ab9dceaf5371f49bafccf6294f18da4d32a1a563175","nonce":"8895a6427778c6d6219b1056","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"0e9e00d7ce8a5251abfe4551028aeafd4c8f7797090cee547f0ed221e791a054be5a976964ab3ada3bf46fb34f","nonce":"8895a6427778c6d6219b1057","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"eebb0bfe4b7fc47df10ee33d88bdd14306aa065f75a235970f02164b71bcd1dd74d124b626ce493d30491392a8","nonce":"8895a6427778c6d6219b1054","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"37f65e56af45f54d4a8a54e5b41e9e15f57ae456fa9206a23ab4d7dbcadbfbfa249139f521257c8daf64876b21","nonce":"8895a6427778c6d6219b1055","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"d45eb34ed75261a5ab36b086dda1c81fbcddd3824885efc94eb6c17e0e0e001270225899ec6852039e26991615","nonce":"8895a6427778c6d6219b1052","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"1115af34cbad16e96da78c977863b6b48cb8c1bd84a58a57ca360e3a90dff66cfc3f6f990bb344a610cf050bb8","nonce":"8895a6427778c6d6219b1053","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"f56f6b657a037f1f6e1f477c3aba5dbddacd787bccd114f9edaeac7b4f7fd8a9c49cfdc2fec06248b1b5112651","nonce":"8895a6427778c6d6219b1050","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"d9cdae7903abdf437a5426c7784d2556589834a3c5b487a3edd857a0f59c2ebf2f001e4099cd4f03938c6fc96c","nonce":"8895a6427778c6d6219b1051","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"525fafb749a41145c825b76d4f88df79e83e866dc5754bd11c64bfe13f6603fe1e1ca602ec9edae8a9efe4353b","nonce":"8895a6427778c6d6219b105e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"32dd16351fef0719e2d3f09550d358844965281ba477e4281234888807904b99dc902c7825cb03162d1a31cf42","nonce":"8895a6427778c6d6219b105f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"7b660553088697e3bfa96d7c58e0a0d560a7fb50ab535b36967cf4d495cf94c193b30898bc25799bc4bc0851f5","nonce":"8895a6427778c6d6219b105c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"acd673aed1d9d65ef3d1657b713295df8db5531b35e8e4beb513c7bd04085f0a1343f366d9fd518413dd6af5c6","nonce":"8895a6427778c6d6219b105d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"d6e7065ae948c3e3a1149a35e703252d478ca75d6d57644c585afbc7bdf124c6e70f90ce47cf331a0ec0b248ea","nonce":"8895a6427778c6d6219b105a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"2fafba6267f45c8ef03f6ef0015e2febfa5450993748c3156fc8536a695c91cb39b08345fbc1400f412ea990e0","nonce":"8895a6427778c6d6219b105b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"270036f2a36a54bd9e3413f7b21591b40a61f8550531a9044a1dd3e18b6a8f1b714224ed2e426a5e1397c3b0f7","nonce":"8895a6427778c6d6219b1058","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"2174d2fbf82737bae4c6386a04833b9442e53bb306fa94896b4f8d506e16897e56b2e3e291478126d8df36463c","nonce":"8895a6427778c6d6219b1059","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"43f9311c4d03762d4d2b886d0313e6a51375b3dbdaa07f90448e693dd2335831c9ae60769492509ac566d0e94d","nonce":"8895a6427778c6d6219b1046","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"60b6ba92ca77dbff661853d3aecae09b7c43744fce2540966191a8c9db3a1adb439d9965cc88850dbd8e701fb7","nonce":"8895a6427778c6d6219b1047","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"d469e62774a009d523591204e8851b4c5577f2f1c89901ed2e3e81c5bfdd6ff8e2be0f1be39d5b39627daa7a10","nonce":"8895a6427778c6d6219b1044","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"0bd31b37bc3e074fa4caa4bed34c78d2077799de464df2bc1d600f2997ffae3de6617d08463700d775c4a6f1a3","nonce":"8895a6427778c6d6219b1045","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"50731443fc1e3fb62217f992f34743f6b674d4a06666cbe2c8c7d76a6df26b76a5117a822543962d65ae6b3cf7","nonce":"8895a6427778c6d6219b1042","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"1476c10fb0d23bf2d0024d612793a515631df62616afb2a0ad808b7a3aeb7bf8e1898e8ce18ca2727724546bb0","nonce":"8895a6427778c6d6219b1043","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"23fbda6aed4324dcb7b2b7431e7a58af3bfd0af3175cafe2fb63f0d800b044e5e4fd575f73c6e80156cb0a8bd1","nonce":"8895a6427778c6d6219b1040","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"6062013655132c5c698633cfb86397540cdcabe48c5f24c0e89d2b5e9bcda832633c83514f20e92d0a2759fc2f","nonce":"8895a6427778c6d6219b1041","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"a4a58426fb9ca94f3a149402e215a27694a333ea07273f5c8a0c9eef1499a2a7f311cc37f44b707f4593458787","nonce":"8895a6427778c6d6219b104e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"03650fa93134f43b4819357e7374f2f2286c14af05dc96bc14cca9f32bff00a47894b77e490befa18f1405b0cd","nonce":"8895a6427778c6d6219b104f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"6c2893045fe2331562cdce42fcadb232965043a7405b0efc6e412d674b41062918ebe0461ad3a0b84790f8c458","nonce":"8895a6427778c6d6219b104c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"145399cc402605a5a5a5adaa33b0fadcbf625c0ec1f51c1ae4cdb803cdbffe5b4f6a37da920345f5d76cc6d32b","nonce":"8895a6427778c6d6219b104d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"63e11ac1c0c2dcd9d5180f83d07fbfd7926af3f6734bca8f00bf99c76960e3ba197963906749bbfa8491ffc156","nonce":"8895a6427778c6d6219b104a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"7312455eb5a402e901c120fc27928587a772e742be7f7b5464e3190c856989f358bbe67dee7d8c83f9a1c58299","nonce":"8895a6427778c6d6219b104b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"de26bd9003aef1fa5c273aac8532fafb662841a37e91091f59b1246ccf1e3d99813c1a38c55365cf55602a38d3","nonce":"8895a6427778c6d6219b1048","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"4ade246080ad95be9e155981226db25bbcc58f23f210cfd07ea29a050d30cd9ac2aae43c8ffdebb7691d617738","nonce":"8895a6427778c6d6219b1049","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"9e09237efa1668539abff85e8deea28ca4c97b69f65e9812ac00af0b3e883c916fd3a58c828c013b393c599c05","nonce":"8895a6427778c6d6219b1076","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"96f685a7e62c8d71ab40694eeab7f1b9b5830be8edb59d55b79e321626f0ba09806acdfd85923dea1acce9c82d","nonce":"8895a6427778c6d6219b1077","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"12deba53581f02ec649689d8761ffd3db042d15a128cdcb24c161b738dc14acfa43b589f1a2221c289caad2888","nonce":"8895a6427778c6d6219b1074","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"a27d1885f985ca670c39000f0f787a546b7573d2443a7e986162160d2a81b5250057b7f34c7abb2ab9c36f6173","nonce":"8895a6427778c6d6219b1075","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"81e1fb54530a6e0436b4690abd10a664c6b40c739548b26c6801eac239d929440f46ee8421f5a6e4fd87289019","nonce":"8895a6427778c6d6219b1072","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"7634dd8f74d475ed887a5ff4dc40e6dd1c55af770e70b1bc22dd65d7c5d98b70388cb82cfcc4f8c453a3d3040c","nonce":"8895a6427778c6d6219b1073","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"84c03f0a76722114a42e7e01e61560fd9adbbd1f2a1be53702d757797a0a8cdbaff91e981b9de3e82eac545ac1","nonce":"8895a6427778c6d6219b1070","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"dc0c5927a53fdcebe9a4af2587f4fde05c2200425ef7c7a752b61d6dc942ddf7f000aec19ade14f19020a28d62","nonce":"8895a6427778c6d6219b1071","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"9f260b2fa93524dd3d195a3ecc25271ee03e39f545ab48e80ae726b4508921aaf1eab24c61e9613cbfa627bd93","nonce":"8895a6427778c6d6219b107e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"65cb8930a8746bf6f9f3d3273d74c5088fb30df5bd08fc2a9d4ccba21cd60807283923ee5c07d6219051489d3c","nonce":"8895a6427778c6d6219b107f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"c9c4437e457aa2a9dd468a4e3c5b3d234d83085efed7edc2100ed5de08f1c6d0c8746def592e40860cdb6adc79","nonce":"8895a6427778c6d6219b107c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"ae0e8cac8819a8cb9a52a521258261d13ac5aa6e0107c993a61ffec61aec67c792eaa07fa31ed19112451dedff","nonce":"8895a6427778c6d6219b107d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"3cab9305b151038d14cd8beb6c52f2c2575a7c683aa576bd963e6444b4bc659eb519f70a229099321b8583beed","nonce":"8895a6427778c6d6219b107a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"03b6924211373894b13f0d000d1181039f1c7dfea6e9a47a8c3f0e0ff6c95226d9c09b6351a9038b690f26f004","nonce":"8895a6427778c6d6219b107b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"d214cea9f48268254af28a5c17fb23c131d7727ea70a97e8dcd8da403f883ae74c3fcc7787671d5ac57eb6afdc","nonce":"8895a6427778c6d6219b1078","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"6a70c40e033100375b9122b89be6f5cdee25e3afb5ed99eb2df7e5482c1c3d3eea3e0d195fc150ef1751d4288e","nonce":"8895a6427778c6d6219b1079","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"1b64deb29ce79abe0497dd05c9b94deeee917c75d95db0583e10d73c4912ac99947b0e4cc67af62ab9116afaef","nonce":"8895a6427778c6d6219b1066","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"7f176367c1044c384165eb5f716c09d3badcd4e4626ae1f3fc67b699e6f76d649b190c2953c18e02696659c606","nonce":"8895a6427778c6d6219b1067","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"6524053d7741ab95c409e08020019d0ec9960408f752996dfe8182a68c6fa3f4e9906d1e8dd52f2212dd02afb7","nonce":"8895a6427778c6d6219b1064","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"ed09cf893a92719879e70d9fa0870786109bc3796a1e73d154a8f978c183f993a8a6614de54fc1394eaa7b5e58","nonce":"8895a6427778c6d6219b1065","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"1d7f9fa88a6d27c8ecfb55fe70922975f41bd0dfc9d0c1170d04d6260214747a07b81f7131a6944bb4df6f4aa2","nonce":"8895a6427778c6d6219b1062","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"0d3e80caf955aa71e1ae3a1d33ade4838f4f046f9cd2fdcc0b1518952a34255cd1b515c7288ebfb5277ce58196","nonce":"8895a6427778c6d6219b1063","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"003655c7ab0e4b41290b5c6c70e84a40f89af81cd6d3f2c37c6112cd4c4b3c65a20f005e654febf994bd4645dc","nonce":"8895a6427778c6d6219b1060","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"27b448ae17774691a5b1dacd20ef02580d0d53b64c6cbe4e07fd2bbfcf55e43a89f5af849d1ccbae2a27fa15dc","nonce":"8895a6427778c6d6219b1061","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"a2233c8ae5f3aa127b84d9290066803b3d1492c43d6fe182d754933d6e0f19da0b9ec1b0a9b2d3b6d6959f8c35","nonce":"8895a6427778c6d6219b106e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"e5ed8aeb664aa201d6461ca8774c92807f88886e1391109274c0dd7725111dfd96579f3da0f7c03bd7f0132e97","nonce":"8895a6427778c6d6219b106f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"69904e3cfa81207f3abc1c57412511b7f80bb88449eaa3a176c8c0324e819d3010ec6e5cf481af05bd96b6fb5a","nonce":"8895a6427778c6d6219b106c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"e3492e6f172f8409cd141367a7c0201a5e0a6242a295bc41e83a58f62303eae0022539de134c00d70da2230936","nonce":"8895a6427778c6d6219b106d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"a83ca5f0b56accc93d5b87293e38a1f8d2897427507ae7c557aa2b9c07026b4c0951fc352f807d690cd979d38a","nonce":"8895a6427778c6d6219b106a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"8e55789c152c83bc722bef6be4bed97839f46c97fcba2d15230d125e855ede7e793015cae6d2e82071c9700c96","nonce":"8895a6427778c6d6219b106b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"322140ff4f39961bac32b9147a46f8b2272c5dece0a303cdfa337d9dd1d89ae0a22791a3b414a2b3aff664cc13","nonce":"8895a6427778c6d6219b1068","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"9d3f23fe3d01e7074bff07069f65f97e9f5b0cbdb8375ff3aa250cb1f79aab99237f51b0897a1ad70466cb06a4","nonce":"8895a6427778c6d6219b1069","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"e7c105825b9a59bfd09a0cf6bd0737cdcca6600180f338185f117be2b4fbbe6b7bfbd7af85986c6c7d0c3faeb1","nonce":"8895a6427778c6d6219b1016","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"64d9a3b3e4101f008b07ead5290445d5d684631a56382ab4c103659e4d001331639c42e9f640aac6954cc32af1","nonce":"8895a6427778c6d6219b1017","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"6a662a514f0c0a3de767ed2e78a3ad32b17183ca0ea7dbc6bda321257b27651ac76fa255e34ffa18bc9135b3c0","nonce":"8895a6427778c6d6219b1014","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"de52a91a8ada3502067a09e67501245b82709b4ce1a3410f88e2dbe51cbaea782ad177bf7a488164d6ae3babe7","nonce":"8895a6427778c6d6219b1015","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"58bde558ac8988dcc66cbadf63c06beda7c126237dfa3ccc1fb33cff56ae4537bac5c14020e54ab86c0e9ddd9f","nonce":"8895a6427778c6d6219b1012","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"fe192116e2cba3ffc39d4c79517956fce0ea15c654b74f172f4f2fbe3910ff1174f99add9824aec3483be64291","nonce":"8895a6427778c6d6219b1013","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"3ede7c0220fd3d7e779d8d0a91ecf7e5640e5b42c239de68392cacd53b0f038678f59e2bf25c220fca7ba9b58a","nonce":"8895a6427778c6d6219b1010","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"ba04c6a396f13d70f331c92128e0386859568b7facfa31c9eeb1fc84461ab0064f911f41704fede289147add10","nonce":"8895a6427778c6d6219b1011","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"810310e648af3f47f2b10169f944f4dea180ed7f1ca4ef5b5ec7f2dbf22ad7449da6b1ec381a61970bab6e0cf3","nonce":"8895a6427778c6d6219b101e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"f84331be4c27a9067caddbde391e3cfe14e465ebc348ea30369430e5e27222682714352e747722eb016fd5cc62","nonce":"8895a6427778c6d6219b101f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"ef62236b437b25d06ecaa6bbf8ee900f04a2d5a3f6b722e1206e2fec4118bde983ef689031e8e6ed37ee1cd470","nonce":"8895a6427778c6d6219b101c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"4d04184ff0f1aab657e713aa684ce83762bffb10dd5a510f90ac87523a88f13dc0e0d46de05e2de5a6bbdb2f05","nonce":"8895a6427778c6d6219b101d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"e448fd2ef00deb5720d94ab17bacaf3e8910a3a860ba0921aa6581f7d8fa443a84f3ae569c3e239db70d88af02","nonce":"8895a6427778c6d6219b101a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"106a84e6a6c10cbc127eda9e29f74a25120ec8a7ba56b9d32482645d8cab93d25c4ac014d77f023339f4ed79d4","nonce":"8895a6427778c6d6219b101b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"249a6009c7c12bee1687cddcebca3e4aa10fb969f11e8a31e37f6ac6b15d7703f867807fbdef405ff24ed4db8b","nonce":"8895a6427778c6d6219b1018","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"3280329a3074d6afb1c7fb6e708a14470ba23092719ae5e25d61c8eb6a1869d139a5f63c646af6a17f5484dfd7","nonce":"8895a6427778c6d6219b1019","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"7c6b22d0d713c5356fcca4356f4ce863751193704ef624ef78b0f172625f1c076d36604f23a009db256fcfc2e5","nonce":"8895a6427778c6d6219b1006","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"d081a9619e21d0e672968ca0bf91bb185865559831fe1421d0192f01a698397fbe61874245223425dde0eb0931","nonce":"8895a6427778c6d6219b1007","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"5010402b6107920c88abcf7c39f4aafcf74ad3a65a7c629c16d05a2c8939598c5b9a898484e2ba1adb850cb127","nonce":"8895a6427778c6d6219b1004","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"815c5f9ab8f7f638432bc30b40c624c4a0aa9f0dd5da799661d2086b5400d374fbddad46fb9d351d9ec1e14c66","nonce":"8895a6427778c6d6219b1005","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"c7f12251e0af4ab4f577b29b8f2862cf9a470ab97d11aafe4cc39678ada344024f36713c801bd68602dfbc4a68","nonce":"8895a6427778c6d6219b1002","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"d735d4f96473371d6c6cc0707e57c74473a001c8324d6ad147524af8f019c9211e8a826991815c169721522ec4","nonce":"8895a6427778c6d6219b1003","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"f3c3f8777b033fbc3d09f42cea7e7eee4afd479c8db9dd439618346a91e9f8160fdeaeec10af439ad05cb3e421","nonce":"8895a6427778c6d6219b1000","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"39d49a1bc5e8f2708149913a6ada10eab9f847fc48953c4890f490274fc53b4171730d9e1a2b89cdff3b66ecc9","nonce":"8895a6427778c6d6219b1001","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"17f94bbbf9c4e0854e558510b08726b8388df925a03f430eb82669cc2a3026ec69bbf8f331d9df6fe984f9f90b","nonce":"8895a6427778c6d6219b100e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"d73b3a920e21a64484a617f7be533ce709d5b4b131b6ac43ba97846a2e9cbfbe24db8306887ff112c6b3e5f6c2","nonce":"8895a6427778c6d6219b100f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"a1e41555a09fe6aaad970e4efc1bb9c28e6c7d892b839850a850e0dcf9b79c715e5df95a905193b045febccd70","nonce":"8895a6427778c6d6219b100c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"a58497fa3c03c3db0f3fcf94236a47f635200951d288adb2266f9a82640a1c4b4db27bf44f974109e6a0a8a5e9","nonce":"8895a6427778c6d6219b100d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"b5b27ace0c3347987e6cd3fcdfb2799a72dbea0978c961293e6e6efb4891a161ee8186ee9966066e5d45048c6a","nonce":"8895a6427778c6d6219b100a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"672f22e9ab9fa9f367226d2fa0f2b468a215dec042da56ad5923e9ff99ce48b03c7c182d6b18d3a92794c05e70","nonce":"8895a6427778c6d6219b100b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"b4441b0e2232715ab2839c0b1fb140697a82d457a4a55f16d8109e93241eaaebbc724a6c89152e6b39d1a878c8","nonce":"8895a6427778c6d6219b1008","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"8821cd62b5a3c9748d1cc722629633e1b16c7c7f53cd71f3862ad2115fab35769648265681ff921c90c333ad71","nonce":"8895a6427778c6d6219b1009","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"64f9b6c3ee3c966d87d7e1073c3fb008eedb3d53ca92a761811ea6f27dd3c7930a3f1e0bf231ed2e95a4380c0d","nonce":"8895a6427778c6d6219b1036","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"3ed834aa5c9d8b226e24ed43d034f6efa3fe2f72d901a5d8e531cd469f2b1e5513f90b7b74e400084e0df53298","nonce":"8895a6427778c6d6219b1037","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"3318338e3be0619e5f4615a7c6f1ede3e43168c6bbd31946648b10fbacc962a11d4195082f72cfcf13449bd425","nonce":"8895a6427778c6d6219b1034","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"470782725e5c4236bd5b56a640c7d3d69983212837836266bfdd4cda0d4b4cba5c879ade886fd72ee8b863a1cf","nonce":"8895a6427778c6d6219b1035","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"2a4c9b1422897837502321e8a90201aa54a0bbd0ff6b4f8dc0f3335f973d965079f6787c4b0621dcf747535883","nonce":"8895a6427778c6d6219b1032","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"a043cd0e87e3708e05e56663aed165214ebc21dade2cea84ea692e5f9481f646a39a406b57a57f7f048ae4a013","nonce":"8895a6427778c6d6219b1033","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"18eff5f0851e755053b1010446fe8fbddab480d4aa49907c875ed70e98268a709ccf026e3d47dd86e5200cdc9a","nonce":"8895a6427778c6d6219b1030","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"1ae6f807539f09562b2a9d75d58539dbbb1f8dc5e506ce10d5166d7231797309350f096424c6de44807a1d867e","nonce":"8895a6427778c6d6219b1031","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"fec8ccae508eff29933de182d8a4496a2fd2312f9c85cdcecaa8854de58ded846b283c6b46db6567a0d222f2fa","nonce":"8895a6427778c6d6219b103e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"75e4ed17afa459bcfaffc79ad32bb9ca14a382a935cefc46cce0a7b74877eb929e9103898be0995799d17d75c9","nonce":"8895a6427778c6d6219b103f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"3b8b9785027ced3fff198dca3e039c86ace7f665abe33c8e347d30d54baf7615f991615d8e86fd29e01f952389","nonce":"8895a6427778c6d6219b103c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"6c9489c44a84be48d9ca53bce234887b488418ca5ea3f3a1c7075e543069050cfddc312a66e87958c5376d69f5","nonce":"8895a6427778c6d6219b103d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"29797f0498c4dd44b6e551e95417fe0e1ad1bfe51487c96e22f0b5a152ca033243ac15d15efd323ee402b3bc75","nonce":"8895a6427778c6d6219b103a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"9cf83db739cb79d37e03ab362bef1594036bb1fe1cd92e459a8dcee59591e75059cb645e94f69e49e1171a0cef","nonce":"8895a6427778c6d6219b103b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"ab42e5bae83d53d138468a7bc2df9c347096d0b7987c03d51fc56fb89725e4239af8d9750f8138dca09056f09c","nonce":"8895a6427778c6d6219b1038","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"45678ac68e1dabb4ac92a7b69776ab2302e04d42fe065df592cdda538e64ed15650127a4662b6f14a368194bd2","nonce":"8895a6427778c6d6219b1039","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"8f5352c2d1f69ee3f52f0cee10e4298f64e34848c3a5ddf1f811efc8343545e5b2f6359f96b973dc074b7bcd38","nonce":"8895a6427778c6d6219b1026","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"c2a20d4176bfd23149ade367fa18a49b5ce1bf263d838eb4683642f97df7baeb91be846e73035ac1b499fce5b9","nonce":"8895a6427778c6d6219b1027","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"2a0af7dc14affd19af22deb56edf42362af27c21073cc632bb8d948529ec0b3c4492bc7ce04e7aae14862ec333","nonce":"8895a6427778c6d6219b1024","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"8a1196b021ae282f73aa46e5c17cf4ec244880b83abffaa3d4a9ebfe9e9f30dafccf0bb700fcc1b8d706c4e33b","nonce":"8895a6427778c6d6219b1025","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"c05542eee4dee954e71034f671f4bd2f64548eda54629c9199239f61db3419eef1e009b960b92927a74fef42ea","nonce":"8895a6427778c6d6219b1022","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"e93c203ba421d9d8e19ee1544a5cdf6508525482870d2567b3f4357ade353eeea5934d8f0771db697ac6952e72","nonce":"8895a6427778c6d6219b1023","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"537e5b103fddb5489035fd4e6471bf2778619d7b7b4e9462fb702a0f9b10d6448d7f91d27dfd003ffdae7d19bd","nonce":"8895a6427778c6d6219b1020","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"8129e97ae924e987fd5ddb0650497a2064337596a1c2861168ca152700f400f0fe557eab25f6c87b8063c3b033","nonce":"8895a6427778c6d6219b1021","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"753c17bd559e0968903f1b57f08bad936fa6386d83fdd5e4cb9a0fd0c3e537467efdbc2e96f4b5ed45f68379e5","nonce":"8895a6427778c6d6219b102e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"fb06da8a4de9fe777837e62834abd539b5140dd1da1f17008f59e94460298a4483421368bb069a7e4827e78045","nonce":"8895a6427778c6d6219b102f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"f4059e4131f83ad31db3c3c58b706d57a3250b976c5e952eee641b2d3c25163ae01f2323cdd0d7c6f5248a5f52","nonce":"8895a6427778c6d6219b102c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"87bf8c3e130cbd4f818444917c48b239abb4652e17095d58e6c488402bc2a166056ebbe97cf8454564e97cc064","nonce":"8895a6427778c6d6219b102d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"e941773c5ce0e1c57142cfbf1b3c2059e1e75ad0c33457ebc01d54c8158c0d9035ac8fdd0b6d9fba39ca4c899b","nonce":"8895a6427778c6d6219b102a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"1f4cb8793fcd8d88d4ccbc590e0470b1cf0a4b6bf7c8f9a5cbfe434fe37384c8524806d659c36e92c1a4858899","nonce":"8895a6427778c6d6219b102b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"0bc1e0eed0edc00e33ae16a2e7e5f04e9784cdfeb62ff7623e5f1df27c7a39821dc005f74e4ef426f9f80327d6","nonce":"8895a6427778c6d6219b1028","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"95ff190f1e91d1263eb1a7d3e62f972b82faa9fc323155c53bd271dd6a3fb02d82f953c6b2481ac3901224a78a","nonce":"8895a6427778c6d6219b1029","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"b7343d44bdd94483ec80e18bac90f35205fab8da328a64691171cdf50e75b1b371de978314a39bab56cdcbffad","nonce":"8895a6427778c6d6219b10d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"cfc2c7f6a57e280ef9324d64eb6376fc9bb5a1355016c04e0670bcfb63d36459bdce9ee165115a77d646f2a960","nonce":"8895a6427778c6d6219b10d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"e6ce50d023696169ebe918f644addac03bff485c21b5b09f9b7e3a71525bf91ce94222aacfdb837cffc3b5607a","nonce":"8895a6427778c6d6219b10d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"88fcf1acc098949abe555f33e5446c102eef6d6f982e62cf08fff6ec2c1d6cfe22204369a01cf389c7329d0a61","nonce":"8895a6427778c6d6219b10d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"90ff05e8454fdf8275cd43fa62365f30958fd31e5584bcd64672f559ab3f27dfe3607bb155eb6b86a5db0ac5c9","nonce":"8895a6427778c6d6219b10d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"b946692d61ab5951e6ad5eff644771a07fa65d023b4dc043dbceb7ad03d53a484eecc6d45b223bd688bd8b301f","nonce":"8895a6427778c6d6219b10d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"4df3906577fccce0f91fb4cdd0903d43b9c8817f938aafe4e7e3a8eea7095f24d607a7c51881dabbefc4e26b56","nonce":"8895a6427778c6d6219b10d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"d2961915780098807aa1757858b3565d83a9becb93ab3a7448389e50b8d093ee5138a86b6d7e36d1bd234279f0","nonce":"8895a6427778c6d6219b10d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"bf95b0e169d75e4e3636e24c3378920c093a3ac08c474621cc2f00c89e490551b5913ad9d589c3c450981c5ae1","nonce":"8895a6427778c6d6219b10de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"e3461a429b3de1206aacf800c61341f1cae80d15533358844964a94cd7f26ba311561b5704d1ee3dce0b9a7e77","nonce":"8895a6427778c6d6219b10df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"d342a5914877975a07b13bc2da80dbee8c1581b44166bcff14450a281d4f0c72ce93fb7dca309a8885311c8c32","nonce":"8895a6427778c6d6219b10dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"3a4379d854c18c43744d7183771813ac14c5385236e031cd3c6d2a4b54cd6dd16fa0144629e15c3e5b29b4114f","nonce":"8895a6427778c6d6219b10dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"83895e56c65a56dfe80f284ca257c905f83943d03ed8d76d4d964ee92f3cad6be7f74bdf468140be121cb5864a","nonce":"8895a6427778c6d6219b10da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"ff2e9d9f8e9970803cbc2afc047a3909574e1412a2c812ef1c8dc7cad21251899f6ec51e30d248d4417d5bacaf","nonce":"8895a6427778c6d6219b10db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"ac862646f4a0d2e5729b1afd59fa486a8c21aa3e1e66b71e19a2b87db40700663ab2cdacea7ca13d1820ecf254","nonce":"8895a6427778c6d6219b10d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"0c21b7c34146f2154c2424d0476d311b3643c5f621049b0445c575059b53243880a774315b6cb557ef925305e3","nonce":"8895a6427778c6d6219b10d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"af0f06925bc5848503544afcdcf6209cd65c78b52df99fa1997a4c2a0e34196eff8372d5f36b6b1f6f95bd8929","nonce":"8895a6427778c6d6219b10c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"6d53f66a13849447db024541eee731504394758a70b6d6273dac074a5a80c23be7e57ba6816b3c8a4c1d0bc36e","nonce":"8895a6427778c6d6219b10c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"efebcadffae29ad3a6f6683551fbbc529e271c6e846dca7ff621445d7a4cb41f57b0a764029172eabe77f56e6c","nonce":"8895a6427778c6d6219b10c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"4e483e60c81ffb2ee6fc6f6ab30e97a5bf08e8298383cb1c4a0bbfee0241b6247b40c2a3573388b16c7ba633ea","nonce":"8895a6427778c6d6219b10c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"0765159be53de536c2b36b44bdb86bae47af0d9adc2b5c8a95d94be5b85f3ed56d8da80160a02f34f7b01a00b1","nonce":"8895a6427778c6d6219b10c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"410ad85475e788f064ca29a6c76ced21bbfaf716336416fde3dc8db0c5bf18e0fa70a8e24cb4482099dd80754d","nonce":"8895a6427778c6d6219b10c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"b930d0983c710defc64b6ee1afcc0996ea47b5196fe21ce8d222aa2d1ae775fe110fa8de44b73189a1b1475603","nonce":"8895a6427778c6d6219b10c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"e365ea8b259c781287ea9ffcc3b2e7c3f9f74443b973f5f3374834d9510c4b6b663100c8906eb171e72364a862","nonce":"8895a6427778c6d6219b10c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"e3a29625280eed5f137100401c48b8b54677e35a54910a0af2c241141034c41d371b5d680b288661012dfad916","nonce":"8895a6427778c6d6219b10ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"dafd24ab384d2e3d5a2644332357800bb18ccd17f37c1b5ceef62ff0d806edbed69c9ebb29e2b9560ccc610f68","nonce":"8895a6427778c6d6219b10cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"75d18653e2f3766bcabdee798c6315d887c8726151a930b1266d3e8cca993f5b26fa9bd211c965b0566add046a","nonce":"8895a6427778c6d6219b10cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"e5062d45a5387a91731fc2baf6f88bf22ec4ea5900a13c859c9007b922a2b2e84d3f40928f8b2a2559c28a2797","nonce":"8895a6427778c6d6219b10cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"d9561db46fcbc83673c9546c406adeb1233167497560db634f7ca5b00cda5ba0cfc72ecd9f0eb93747286056df","nonce":"8895a6427778c6d6219b10ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"951ca4658868435b05423e7fee2ae8989767f50d437a79794490e6d5aa5607e76d228d2a50e385daebf2cbc138","nonce":"8895a6427778c6d6219b10cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"4357d6c5a89ec3ecdcddfc037daa510437657e672d4bb755b58120b3589515785df0a9fd06329f57819f226e1b","nonce":"8895a6427778c6d6219b10c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"6adfd98b06b8039925fff60a89396ec2dbaa94ce18c8b8a35d9d3a66e028e0420301cb8541d8de25e7887f3a57","nonce":"8895a6427778c6d6219b10c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"3984b0bb005a32a763dedaff8c57f879ca98b8014724d438c8fade90d649d10e8de8c87ede2775b20315e4e4b5","nonce":"8895a6427778c6d6219b10f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"77d401b7b197481e6dd42267c64b2beba5bf7bf6d95ae436f100a01670c4b53b29aa72945b1dcc87ed6ec7d362","nonce":"8895a6427778c6d6219b10f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"ceb2612c51b5536e01c8c4c30acdf921e29ae80bf2288bbb9eba6d6669fc4eb730bcfa72d3bbd34629c106cb57","nonce":"8895a6427778c6d6219b10f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"7131f4adda4f31fa0e8e9b972a44c5f0254c1076916cfa0c7194a877a50abc3960a58a7dcc7bddf22edb2ff0b3","nonce":"8895a6427778c6d6219b10f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"b6db1e4d6525c7b8ac22f2c061b9c93ffb8efb3893b827ac25a5780e219ba56c77c3c65a5d9a9c482a7c4a31b5","nonce":"8895a6427778c6d6219b10f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"fde80f433426b9070020226becab22e8b30d4cc754163f57ede6c3d9f6199400486c5a687342d0753c2427b6d1","nonce":"8895a6427778c6d6219b10f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"6cff30b4e2e042c7e3096178db3c1303f535fb94fa81105a94f3e9c7250838152880396f238eddd057f442440e","nonce":"8895a6427778c6d6219b10f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"719abc1abd24a1fd390bf565a4b4184d165a60767e1959d61b575b19f4ab74e6e36e394276807c288aa62278ff","nonce":"8895a6427778c6d6219b10f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"d349b4360561866864bdb31e47a3a242df74dd41b0233b61390ecfe56c78c597591d529aba0486a118134ca1a7","nonce":"8895a6427778c6d6219b10fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"87c8a36a050f410717eec7ff58e04b4b5e42cbaff891c833ddeca2ed2597c1f054dbf5f2c7662861659d4cb599","nonce":"8895a6427778c6d6219b10ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"f2c3c0f3a86738aac0cbf507ff84bf60e00fbd10b4a6a51745ea7af56722baf34bcd4ff37625093ee309e77994","nonce":"8895a6427778c6d6219b10fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"0f0d843e67bb8f9768ab996da90f993bc69d8fb89228e7b6943b37ca2596711b8527ebeaafc6458973e7afb5e5","nonce":"8895a6427778c6d6219b10fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"c1dbf5c864f0fa7fbd8fecf0c5ed25bfb5926f64d9502d302a8fbd7d8ae023dff93fb2489babb5310c86512142","nonce":"8895a6427778c6d6219b10fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"79ba5014a27d4d15f2b3d7e23f70a7b12578ec37159709897e12f53646cf1a303e4c30ce17660eea2dcc0e47a7","nonce":"8895a6427778c6d6219b10fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"beb8f4cc1ea2e3612196d84da461ebfd2700644e919efae33f919199b15e14931d24aa24cbc4163a3274c90fc2","nonce":"8895a6427778c6d6219b10f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"d65e07ca35584266f303bee0cc429ada98e67bdde66b71bfe9e49f3fff5a72fc4c73bb010f183c6f5bf3bec390","nonce":"8895a6427778c6d6219b10f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"4df19cdc176f0c243ff434b06856ab2b286e7f15ad51ba51b2267f548b4422e2dcad0fe3a9f4f2b25417e9b006","nonce":"8895a6427778c6d6219b10e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"aa648e253da08d3947b9f80743ad83ddc6ee798a1f5c446031153d683e8a567c0203d5a2c23ad2259eed030c76","nonce":"8895a6427778c6d6219b10e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"3be94f2ad9e50879c98fbeebeef9c207646b88689435dd39909682f15e0f17762dce5bb6e459bf8ff5da5e0d48","nonce":"8895a6427778c6d6219b10e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"daeb1d26fb44467df3f9bfd349ed707fc2af11ba322a85e5750d7cbbe9a2f991a399ec43ac3a6daf745f804e7a","nonce":"8895a6427778c6d6219b10e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"b24aec63998ea8ecc6a8493c4473930d58c331e8c1b597d2120c49cf9ab1414dc8a780faf03bb70ecc166eea5f","nonce":"8895a6427778c6d6219b10e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"2f56f571f77f415772810f0ad670900fea8c188b37b300424c4436cb639274e27bfa0cd3449da58bbe1bad7e25","nonce":"8895a6427778c6d6219b10e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"0f4f338a178bb8b29153fb5f89a880995996e25b7aae50035459e20c77c8462c15d5c44cfb4e6cf1547d15aa33","nonce":"8895a6427778c6d6219b10e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"a1f225537e06593ec85b31dde94b12fb102dd2b7c8161c14bfc1f1f942ee67d72b2bd3fa78cfb5b0c8a7c12eb2","nonce":"8895a6427778c6d6219b10e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"cefe0f453a01f0279edbb9c5da33be8e034c2f05c96151b505737fbde138bcfea5313544a88cf31484b7fe65f3","nonce":"8895a6427778c6d6219b10ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"c3c222f309341a2aee6499f839eece91d6a45482ef79fa48e687aaf9e6e8a01cb146d03b896735ecdff27a93c1","nonce":"8895a6427778c6d6219b10ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"0ea80cbf1afe2bc122306b7ca2bc13d696c58c0fd6d2006944a9d4887cab7808e985eb027b13563e72709fa3de","nonce":"8895a6427778c6d6219b10ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"ec3a8367a1a4b8accaab8130ed76c3733ee79e7dacfd28381b13357c423ee47818d737c1bcf02bef24ee64c99c","nonce":"8895a6427778c6d6219b10ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"2ea17674df4d9f8c564334f745c33edfb61d4e7f272bb8ae986b89aad828e88f189e4f49774e753700c8b92989","nonce":"8895a6427778c6d6219b10ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"401a090947837f8a51b0b19135026d903339b94c7e633aac304803acb7da79873895ec0026f683124c70262cc8","nonce":"8895a6427778c6d6219b10eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"ecd7426ad4f1cae03f17dad3ccbe3b38ad0b2f970e07eb280df2c9f3014bd739e9f20ade1a5663a82686293c38","nonce":"8895a6427778c6d6219b10e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"e065b3034ff68ff15f3277d92d62c0c2f775fbc68093d9a66c0b7512087546e254f56d669f96510546af7bb36c","nonce":"8895a6427778c6d6219b10e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"5a8b089111d4686dd97f5e3db5fdd5568acfcf5c06c1f98c37e4cc03f8424285f8ffa634a60d20624009f5ab12","nonce":"8895a6427778c6d6219b1096","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"2027145d0f2ff071c06466adaa9f754c2f76f6b5cb50ca15439ede76ebda61e346ac9420e23d2a1e462f82a679","nonce":"8895a6427778c6d6219b1097","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"6b3160f9c29adc1b75c979537b6212dae2c73671cb5979113712e2f1cf36041730f18f499e2b94bddf42b0fa5a","nonce":"8895a6427778c6d6219b1094","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"bbd48ce8c0723318b64baea6653ac02d101555137f22e3be4bcb8b29e6b0dac6d22a5cd146344bd8864c2c1b79","nonce":"8895a6427778c6d6219b1095","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"8efbd6114d6e470def71d430c66de9bd07c3c5f8d98433d31f35ebb8c4c771ea493357a18acc5b0cd1bf0d5b17","nonce":"8895a6427778c6d6219b1092","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"f9d0986ebc2a17c98d19aac389370fbf9bd206bb1226806d3e6f2b952fb8ba3ca8ec5d137811416c2d2d8cb757","nonce":"8895a6427778c6d6219b1093","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"265a2c4242d9e3c11d3e248aa5e97bf94d194375336df90dd01c720443bc222ea36e058b79f74165f2cfc3221f","nonce":"8895a6427778c6d6219b1090","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"57c6f9d522a6874a73d89ba1eefbe2f49fc49261ac498a697e5028b2cc37789fa9b9ee374a897f4220acd02c72","nonce":"8895a6427778c6d6219b1091","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"847ea83e2d71811361543498a9b85513d5388d8891c9dd90981d53de4e55b05196d81384834c2d6c6a6e1240ae","nonce":"8895a6427778c6d6219b109e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"f207a88d3b0fe0f782d5a291e74c5b779db092b8a316364fe56ef27dd5cf1d1679f1bb4a3611baf025751d3c83","nonce":"8895a6427778c6d6219b109f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"0cc6e37fc69c82def771be20756b9455990506d65ddc770018aa0ce6b35a010ebe23d2cd404d049fe807c6257b","nonce":"8895a6427778c6d6219b109c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"fb5e8e319c653d81902e92a0a37e21e14309d73a96e6aadf4eefe640998f67663f9857f38b619f3258bf7cccfa","nonce":"8895a6427778c6d6219b109d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"d3e0fb0685cb402c56efe5f27d560f40e4b3b0956ed20a73c232dcbe77bcf663ea3583609ba99928b1cf9aa2d5","nonce":"8895a6427778c6d6219b109a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"4216da1dc9c508c8c96bf01af209af00aa9e6b47b6391b1e4b9caa5dfcf36335b45e646e0955c2627e6582ac68","nonce":"8895a6427778c6d6219b109b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"e81b74df0af906de1eba85445b8e529ef01c91846e2ae50aadf418e8ff175065542ec42f3200bd4a65bbf40785","nonce":"8895a6427778c6d6219b1098","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"e56d9de2d23d863d7a2d41f6781999431dd948630276f9bc591f928a1347510e4436405dfba2c4dcc90dd4f268","nonce":"8895a6427778c6d6219b1099","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"677229ea3aba17930da14aec3a63cfd2932c37baf8d031b8d1f0a13b5f0d8b04fc820a13fb0f17cf767d53c426","nonce":"8895a6427778c6d6219b1086","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"422ebfd3285de9bb1ce706e93ce9cb15922221d3d57069068692b359968668566c344337c30e182b4e2deb52b7","nonce":"8895a6427778c6d6219b1087","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"009771a0b9ebd6b42c20394031fed646f9d7b87097681b414aa7ffe2cfde83b5e57680d52921cb530a6a1475cc","nonce":"8895a6427778c6d6219b1084","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"63d226633ac4a37ae97c5cb3e1e26a997b05c4728fa219aa7fa739d8f30b23cca571bbc5b8b945a29841886483","nonce":"8895a6427778c6d6219b1085","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"ec7b0b26ff568b9bbded9eca6072cc405b8794051e481d6f673df18203b903236314957f59ff127c909a291e6d","nonce":"8895a6427778c6d6219b1082","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"8edaa2934ff5f62339ac42c35a3fe48e670e7961666bccf4c1945fb4b71e9b2a9805234bce416a0f9e4997b723","nonce":"8895a6427778c6d6219b1083","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"411a8ec7d6e69e10d41ee1d20fbc8d892299d71ebb3387341c16268460b2ceba1e778c1dd874a5ef2b55b1b363","nonce":"8895a6427778c6d6219b1080","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"da666311a0aa8f8f879346c377b12e8d9a78e09d1a3b39a741d085c28abe5bf9a77d8108341eab39e75c430b3b","nonce":"8895a6427778c6d6219b1081","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"00263bc27ee0fab5e15b402a26d3e6a694ed65623df05b4981fbe87e680805cb1f7d28d5130e081997fa95b6c7","nonce":"8895a6427778c6d6219b108e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"c390ca8c2e5be53185048b781aa7b92d8c6439dfaa892d5022c413216deba4c33f956b57b85c90c4907993b4fb","nonce":"8895a6427778c6d6219b108f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"a559981ce6a7a9f2299e28bf287da484082c3ea579250089ffbe97440958601a3081a83b73c9911917700c786b","nonce":"8895a6427778c6d6219b108c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"b8f2c00e3d4b85745b7732e9bcfa3e9582c5cb591d9e335a7b11c3699b3a353a7ada4704d8de19b1bc2daa316d","nonce":"8895a6427778c6d6219b108d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"2ab3f92ef3abc86839279815881378c9416aa976b177f96dd70be06ba2b0df98070021ddf15d4d67dbf8027bc3","nonce":"8895a6427778c6d6219b108a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"b286ca5d72f1d8f9879871390b579676e17db4e863fded4c63235418d88596c4dffe083b7801b7c64e605471c5","nonce":"8895a6427778c6d6219b108b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"9969510d9571434048662db36a6456e9823dc86f7bb17bb510517ce43641b17724b1466231e8aeba8ba8887254","nonce":"8895a6427778c6d6219b1088","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"494c88047d44342aeeb886584663be910937378dd3046eb513cb92cc87cb07392851244674688ca0ec8c05a172","nonce":"8895a6427778c6d6219b1089","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"ff5f4a194560bb78f073b02c0d603b1bcfccc96be04fce734e61bf21605ea4a7ebf2887d3a1ada1dd79b9710c1","nonce":"8895a6427778c6d6219b10b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"aa0afabe61253270c03cb5e3abf3c8866b03ae68d5a6ee3ee94886f73c9e4818ca91feddfb6341d9a4968ec4a2","nonce":"8895a6427778c6d6219b10b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"70c649090def576656cae2269a773c08cb9dcd819d6b2876a9c9480b4109041cec3e98387137147ee2ad7f774b","nonce":"8895a6427778c6d6219b10b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"91bbdb623e718741d9be33374ecea8c39b247cbf248e641e4b519298a6460f9596bb91a4660d9d9f9211c882ac","nonce":"8895a6427778c6d6219b10b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"b479f260ac387f9abcfb82c9a85747c961d0ddb20ef8df7428c1fab0c7bfa836c19a86e784148690e422a580f7","nonce":"8895a6427778c6d6219b10b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"53039bc6675d23bd658c3296ab6f07b280ecf6fc9247b6a639992fbafd17e72ec7190f127464375f80d4fb3403","nonce":"8895a6427778c6d6219b10b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"00f1025322a6c2221b66e0ec7806f8235994eb1f64260214a83a25c6aade916fa423f8ab8e0491dde2c95c1f51","nonce":"8895a6427778c6d6219b10b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"065ba10fca08d5e4112602bf82572305e34b4da954aebd313e974161704a064a8c88fa49d34aeba4082d52a56a","nonce":"8895a6427778c6d6219b10b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"e60d37111cc196fae71a7a0fd68ed5d2c8941444e1b1acd81eb95c3286bdd28e92e67e68d60d2a5ba740dec4a6","nonce":"8895a6427778c6d6219b10be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"c4e30fcd164f46860d381bbe5905e3c3d1b89c41d27e9bbf17566b29e39da433d3ea7e88f085d2dda4d154f5dd","nonce":"8895a6427778c6d6219b10bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"7746f3669e6ffde20715305db3b64cd29b04e937d98a9fa9124c1ee44e80193d919d903933b35072fb7a465da6","nonce":"8895a6427778c6d6219b10bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"f2b42e86ca50a83598b552e15e29c586ab0a3df126137684650e81b7b873884bf50bedcc27e401868230e2563c","nonce":"8895a6427778c6d6219b10bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"1e6d4853535e54a8eab6f485e056f25bc7898c0fe7779e8605924ac36781784ec113cd543e8682346d8dffdc6e","nonce":"8895a6427778c6d6219b10ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"60abf04e19374fe4dbe622d1ebd22311174a60829289d0b06852ca1a6ec04d0ae9f404afe6098f8395cffebf71","nonce":"8895a6427778c6d6219b10bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"653e918582612b3fd2f2b9e31580a7b57b69068434e6a04ea436977fbee659c207fcf78dab913e05ce10256b90","nonce":"8895a6427778c6d6219b10b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"92ae2dafc64229d32a75669d19629ac17491d8eebafe125fb15c031ccce00a84c9ffcb33bc819fef965401dae1","nonce":"8895a6427778c6d6219b10b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"027e59316754344a4cde85fb74c84fe3e7b594e49b08a94534ffce17227c6deb1fd1fc3440d51bbd952f2f35d7","nonce":"8895a6427778c6d6219b10a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"69bae559dc17d0ae20e98148f7f808d2ea98a32be894c1a9ccb5ebc5783a3f9b34a16e6273f104a9469c3c5fbb","nonce":"8895a6427778c6d6219b10a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"c6473d35c2d7da9d8d87806b4a06b04ae255c94719f459738263a78cc6ae47d2e74f6b5286b39513e5100960bc","nonce":"8895a6427778c6d6219b10a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"1dc55fa94d1860c0062c3dde2bba9a575ab1453208cbd6a2af2d494cb148734079d11719a096d035738e2f16c3","nonce":"8895a6427778c6d6219b10a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"86e91d8290e19d0b8dd26179a41c7630068a5f598c82abb70fd6e518e4c7ccd108e8897771e6a68b8eae43a026","nonce":"8895a6427778c6d6219b10a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"bbbd5c282c729efb3aa6172b1f5af03368d3372453a6ebc02a17cd6be78174a798dd7f889140c1f6c6358fd048","nonce":"8895a6427778c6d6219b10a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"e4715d8207c700214e65c41ec9f4074541963b10a30c19fda119a30b93d46d685bdd4b11e175021f2cc6be2fac","nonce":"8895a6427778c6d6219b10a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"22cd0164e52560d9c32894fc812b6345c8bb09d7976736f25cdf6191431000a453ecbb239f7842d1ac8c63a107","nonce":"8895a6427778c6d6219b10a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"09e5cb98ab568834a3f6430fb601fb78eeda52be117dbfcb155e3debe63f8f6d5e75442cb03529fbf839d56c16","nonce":"8895a6427778c6d6219b10ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"9e9cde3d54b00a8bbaf944e4f17afbdcd0c36f37e3bbc736f87fc06d4f461344eaf15bdc114ce32511161203ca","nonce":"8895a6427778c6d6219b10af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"74767dc7df94f63907728f5aad15f967b8385d26bfabb47201c206282a1fa2025614128cf910737af2238d4663","nonce":"8895a6427778c6d6219b10ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"55fbee67c59fdfd80127dca55f19db2b15280465102a321dc80ed89b38ce473b7980b9c58c5ca3cea4f74e4a5d","nonce":"8895a6427778c6d6219b10ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"6264a137939f46afd339e79a72e83a838586db0f66a6e92efa67e20249cded4916975684d962e72b83d9ffc066","nonce":"8895a6427778c6d6219b10aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"7feb56d3d17bd4da68dae15d2f82d04a1a79e4914dda8fa39f5b919f0f2014ccd6d623095d064729dba336ab4e","nonce":"8895a6427778c6d6219b10ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"407c0645dd8fba25ca6c1a0dedfc4b325d757bc5306dac1c12ecd1d3b5774d7e355f1a3000b972da179500cb43","nonce":"8895a6427778c6d6219b10a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"fbdce8b199045f4f7f4ff3fc9daa73924c8c4d2dd147ea515e6593573367ee3ec1f63a1bbf25524291c82f58b3","nonce":"8895a6427778c6d6219b10a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"ddbf74069973b625f8853aedb1e03b119789e88bb26e9777bdecbce454dd1a0828d9a33c4229f3a57585ebffd5","nonce":"8895a6427778c6d6219b1156","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"3797c85ceed01733b5fbbd0a6cea8f11f7ab4aefb4b7efa5b0f6533c735be190"},{"exporter_context":"00","L":32,"exported_value":"9e9f8ba0d531498e8f9caedb9b51edec7285219f526b88a7b7aa5782922a2931"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"b7f6b8b0755634589c47321fe3996ac102e76b41a0c79c8440b065670de7d044"}]},{"mode":3,"kem_id":32,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"0ff3dc19ba7bf8d09850e072a0e5382001f9008149e4cc4bb4da8766f54efb20","ikmS":"60fbae389c8f978fd59a36fa960fcee803ddc02f4974bca06dae139d91bd8ee9","ikmE":"04b92f7078ce31fedbd8ca25e8525297f3ca828ca605ec164035611e7dc8fae1","skRm":"2e88db2354b96b778742281a8b7ed4053ca87e5fc7182875d5fce63c34f970f8","skSm":"d19c4ac7b0f6b25a86bccaafddc9e3e1e593cb4a54f517a545be8107633ce772","skEm":"4a9c54eb2bec2abf51d73b1debfe4c5c77706498ef41ea3d01e05d47002e8dec","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"8a3ee49d145eeda1ce67c97719d1549ea3db1f6e1ddc08c5a96424cb626af40c","pkSm":"29f9e969591e0dc2871e753bc917199865cd9c4777f5c02fcadc0116d0a26837","pkEm":"d16f9195a7ec9fa5bdae0492d8ba39af16170953cd0e14293b869f19248c511b","enc":"d16f9195a7ec9fa5bdae0492d8ba39af16170953cd0e14293b869f19248c511b","shared_secret":"4521e4db04361cb8c86b836ec49a0470f9bb6484bcff7ce27e602dcc956b9404","key_schedule_context":"031b6b08c282945123288e49bf5ff79e6dcda0afb9b4391857b06a196397b19c21e12683685046440266553074efce3b8b1d9d6f5e0c0a2544c426f62db07d748c6f17ad5b0cda65d91049ff137dc5111687e0d4d44123d94cf2ad7b71ecb5fab6cdf8e044519fe1ecf7cffb6a3f3bfbaf6babfebe5d30a92e166f52849e8d35a3","secret":"200439ebfd5967359166f5ea964673d9a770065bb26fb2e7734509eeaa4ac0fc4c97b59d2e0f277e7ac27f023d74f40fb8889f22b7b3f5758fb9211f8597436d","key":"ca48fc901a9d2b5badb98aac9b63fe04","base_nonce":"34846c33e043809eac003484","exporter_secret":"ea7f1197df2007ce693f297e2010a6d81cf070330eab8bbd8bd14072430d14bb81836e26a1a268feea24105122baefb2e024cc89d4d8e5d3a689b6512bfd7e9b","encryptions":[{"aad":"436f756e742d30","ct":"a0dd42c7babfcb6977040a71f1a387663f9904ac26ea8d8b9f7f42ec1d0c853449776887b76ea0c7a46bb19499","nonce":"34846c33e043809eac003484","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"e6c48a3ea84e184f6c56f131f23c28d410ad0253101adfa230a9f3ebac27766181525c596b392b19d6cf05f045","nonce":"34846c33e043809eac003485","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"6f06b236ac9e4cc5e238d38c453af6238b8f06b08c8a239dab609289b730462f1313475e08968a740d46f9d392","nonce":"34846c33e043809eac003486","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"6e65b875f400318db655af0fcac2617d387573bd127d18fe1054a3006d0286b493475068ed47512b13c3ba05af","nonce":"34846c33e043809eac003487","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"7686a8c76987755b1fa55a827fd48396124ee7e2da03dd67cfe5b2f039e741947fa3c4486643bd0fcef4dfe30c","nonce":"34846c33e043809eac003480","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"49584eee923d7c4c075ce543995ea938940fe56784b475ab0702f8e3c277e49b1b3ce3e1de663166ea2e00a3d4","nonce":"34846c33e043809eac003481","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"32d9a113c54dc9de43ca40b2e1d0d7b0cba375920873ad51c364a30857408ca193274069011babe57d7415e285","nonce":"34846c33e043809eac003482","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"20f404c70b104f0b93a1fba1d1d534448d9455df9e4e6c2feadb555ce27b3f217104bd86ad2723d4d59181af22","nonce":"34846c33e043809eac003483","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"bdb9bf6da1502bf602ba8c86babaef3bf5e717f4ad5d3b86152a139606ad0f4dfb32cc23e39ecbeed6c60ad0dc","nonce":"34846c33e043809eac00348c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"17a08af121e7060b6f6f30cbb08fefbce4efbb7ef6aa1a341b85e8785949e6587146c1470f6d9fd6c19713c176","nonce":"34846c33e043809eac00348d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"2bc68f1a717a6abb576f9256d1645da2c91fe642edfd996ac2e9fc79722909246e516ed1fd96705e67c8abfd92","nonce":"34846c33e043809eac00348e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"c30b0c806af824ea54ede5ef3229240dc2b1ad0684d88010478305d1451a3612a88ebcee0a4ae0c0d98a741ff2","nonce":"34846c33e043809eac00348f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"46d24ebb279c5c93f4c3f7edb7b210bb7f8085fc6d19b569069a6f3f7afa9048b5b4cccaf5ce8c46ae0c3dd70d","nonce":"34846c33e043809eac003488","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"6e3e9791b4356e4dcf5ba589623e91eb4e375ac0bbea1ecbdb4f467ae01acdac91720fc491a63cfc07bcf3a425","nonce":"34846c33e043809eac003489","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"aff90aef21ce3aad7c6458c66a956baa4e6f170b0778aba94eddc04ea96c8ebeddd1adbd040aa76d8c151f9d0b","nonce":"34846c33e043809eac00348a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"f9ae51f223acd442282eac3fac10ea677a1fb14a6e4039739acccdd78dd3c09e26b4cf1ba4d08d68ea64381625","nonce":"34846c33e043809eac00348b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"e6776f2fb9b29a182e05b9cf4c3c80fc7b6f99ab9cce8f694515c3b81ea497d55d24312c39469cca44e7d3a88f","nonce":"34846c33e043809eac003494","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"0308b4b6090eaaabfac32b25726d695271dba77bc328a352396a04580d4157602da0d3b535c50ca8ea3e3f0d65","nonce":"34846c33e043809eac003495","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"070538a044d40af8c3c2f59d2aa60dad1948f8dde73b87944670523ecb08b503093d1dd4197b5ada932b9d12bf","nonce":"34846c33e043809eac003496","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"74fbdbe39ff26ff9b0a2e2e42265bcf8fb6c156a66a0f88aa757379ee5593269fb2acdc13f41398e8642007f90","nonce":"34846c33e043809eac003497","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"d787c66d9a69bcbba490c57b713dd0e023cf8e54107e1a2b7e8a5560bbfa78d664bfbebe14d22356f975df17e6","nonce":"34846c33e043809eac003490","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"44510d4ceea8b9c7e9ee156bdf45596061dc05e8ea1c12779c4c86460d068572938246c57d86b7630f8155bb32","nonce":"34846c33e043809eac003491","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"0993391285c29b2e077371a2ddee5d2e124aa9fb49c47b159a1f76ae2f13c0c53145a5f36741a29595f9aadb99","nonce":"34846c33e043809eac003492","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"dc7815f7afa22edd1c1545ede7b9f75b57fa62cd3bf0292713d77e18de79f074a7e4dff934a68acd4c6c4dd445","nonce":"34846c33e043809eac003493","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"77fd0ebba8fdbc354be53a6ebfc202891bb61792c479e41c58f99e864f4aac22dc77e7c36f85d4f80ed70ff185","nonce":"34846c33e043809eac00349c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"48ae6eb59e6f350d245a20d696eee34843b0d9a2dc743c9addb7113e67660e2575568516a1d7e1776ff2db1c8f","nonce":"34846c33e043809eac00349d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"8d53b4f9d693b5def5a82a29b9bfd1080065c98a30163a706218f154f25d8da1ecaa5eac216657804af2f020f0","nonce":"34846c33e043809eac00349e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"5c78e29dd53ffaa17ece07f2043f12f1ddb76b270b2840a8f95b96bd6b2eb6381f2a1cbd722743e4b9c557a282","nonce":"34846c33e043809eac00349f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"65d24a9d08e65e3af01f8524a169d3c9031e46ddd4bdee8efd62b73f86721a1172b7a816512316c9f87b0a086a","nonce":"34846c33e043809eac003498","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"a7d6ec46bb43facc820fdd6ffc83d5244108173fd3e494a12b11fb54a3e32c8d3e4e6569da6b81690155b6c496","nonce":"34846c33e043809eac003499","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"5a3abe5f4f23e4b1502e23cec78677895d4daf88c8a4df0d187a0bb4d29040b5e1946bd6d0dcdfcb56495d8a89","nonce":"34846c33e043809eac00349a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"8c4a5de47f4ecfcd9ad5a6bf985e9157476be16df19402dc7fe084cea1fa353bee3aa2c217f08e476025aeb4b8","nonce":"34846c33e043809eac00349b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"094a2a2b650d94831060fb4fea750c620e8b61d5fdf612e476148258ba64592d827d676269d43e8aa3eafa7578","nonce":"34846c33e043809eac0034a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"608d364889e4230e08387a4c5cbb84f0660af9aa628f2cbf724e829bd2d7b1113cf6689264c254fd07f089bf3e","nonce":"34846c33e043809eac0034a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"5ab04da56da15fd8766ae6966be7e2f4e1b13db183a939de4f1f45f5b1bbeba84abebc8bc706ae4017ac6cbc83","nonce":"34846c33e043809eac0034a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"36395932f9b645cf428bc593424dc3b9966f46f9e85e80fb57385081893d425ea61f9db4c1566043871355cc1c","nonce":"34846c33e043809eac0034a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"d3c64ec3d27c9e1b6966c24316e3e3cbb7e5611aaf084b183849aeea9ea53f46e423da7fe9a3ddccd16092910f","nonce":"34846c33e043809eac0034a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"ec4771b49db4499f4d9e9e4663e199d27b5a9f9c0359490c61c885e92a15c34a92162d72e47f4c4d5fbc551c0a","nonce":"34846c33e043809eac0034a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"10b0f9e140802455504501fe76a0e73be402480456f0f1baecd8c623263811619a0091f02958fc4b8e7c107083","nonce":"34846c33e043809eac0034a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"c4819e25445a58b28ecfde2fb6b0559f84abb4f2180e9a2aefb949493274662b31ed41c2abb86e47c10b214a89","nonce":"34846c33e043809eac0034a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"da49a49af4d704d3663660baf7e9a0ee62673c4d4406473383c8d4817eb35598339d7170f72015313108f7531d","nonce":"34846c33e043809eac0034ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"d2e897a765299c242a443f7b5947e6f487130108e5eee12cecd5388aab51fa43be67f0c7ddcf6dee6babc897df","nonce":"34846c33e043809eac0034ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"8291aa3440199563169dec7cf3d310010cc7fb206d4af690d3ca4317fe59534e98cc85f04780cdb5217a9068f6","nonce":"34846c33e043809eac0034ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"6550dbb61c7e938e2c145c98eb44b1ad6b2221031607eba6799cd32638084a27ae0f2dfe824a71ce86c7a331b3","nonce":"34846c33e043809eac0034af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"53dcfc90e738be679be38bae45ebc2e79d4e7a364ecc2abca4b855580326d47016dd8c7e4a6b51ae2ecf42eb41","nonce":"34846c33e043809eac0034a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"296321ef0d67a733a4fb62a844cdd8d1384e0f566f074e0fc6f0a5793d2ebe6802b744d00e7e6590bdfef47e1e","nonce":"34846c33e043809eac0034a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"4ce59cece7d9095b6f1f405436c4cedff5c89231b12fa54dda9e5c3f602c96f4a0bfe2187353f92f5b691c5d32","nonce":"34846c33e043809eac0034aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"3aa879bb704c9a606fbc56d342d1cdd2ff85c2b3db36b33d6b70f8f3f2b147016ea7bcbdf67ecb17d7fc49e31e","nonce":"34846c33e043809eac0034ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"62e8acad9678d256bc35421f88fcba4565f49b3493bd226a380a67bbe116100baf84141f49dc4447842451ef26","nonce":"34846c33e043809eac0034b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"5509d811bb379197f135115b8e3f3626962c6a5dd2cf7786ea6de62396f26f9da4897520114b97a8d3c955d9d8","nonce":"34846c33e043809eac0034b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"b0f3370c9216b393d8fa5aca7cde0eb60aa4584c52692e7544b688b6d977becda447da0e08df1e1a29db859317","nonce":"34846c33e043809eac0034b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"c45fa6e93cf3501427a59332ee48616ecdadc670bba92c4b465e67ca13cb558b4da4e1c764ff08035edf35fef5","nonce":"34846c33e043809eac0034b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"118483fe5a1ac19aa5b63ae14af150b28225ba946eefb8f803b9f244fa616c2ceaa291d7c83cf0777091716624","nonce":"34846c33e043809eac0034b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"3b8a74cd7048c5698c223df17c950112da36578154d092d9a254dceccdc381a16560b2703c14ea9ada2b55cc3b","nonce":"34846c33e043809eac0034b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"224225055dc484b9f0d60af8e1f14ceae3ca6d878b7eacb20a1be5e84a4ef789c66d437134a235541d309f19f1","nonce":"34846c33e043809eac0034b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"b92930ccc68daadf82cab12e765d6fdbdc5595569b38ba99838da1436772cbe616a57516989e9856d80298781e","nonce":"34846c33e043809eac0034b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"1d669de3ea5c7b3bcfa43e818507cd7fa7a03f7f4924fe2f047e7ba3e771f456505b6e6febbe9cf1616e2f280c","nonce":"34846c33e043809eac0034bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"a4ba44f1e04b7bfe2c825a28b6cdd3593d86ceefa7028d8afd63e9b5aa1c9dfb093f8b1eb438bc16dcd60772e6","nonce":"34846c33e043809eac0034bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"34613ff6b7bea3a2bc908177e08a8a97755afa2e311e77d8180826f827479dd3dd0f9938001406542add1d5060","nonce":"34846c33e043809eac0034be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"38a135c82ef61d0202f2cd91cee0f18c3d738ebb691e77353e1556bb9391b83d2d1b6999a789b80370468aed7e","nonce":"34846c33e043809eac0034bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"8e2756fd47dc6542f3778783550d41805fc2bd6743529e279e00769c018747d265198022d6b1b588178e74bc34","nonce":"34846c33e043809eac0034b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"e973a36c6f10ef19dc56936b136b2155c95fdbe44e5d5ee8dd7a17a89003de60481e5544171cc0ffa918f6bb7b","nonce":"34846c33e043809eac0034b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"1e45b7e2e4915c83463e50fc7465ddc7fcd6d0f03bebfaede0460d580098518d781e8f00621bac53151f5d4e53","nonce":"34846c33e043809eac0034ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"1db80ebc6e2d232eefb2507e7918072a48114eb84cc88c0312192389f898da9929810f811a910df42739c1c090","nonce":"34846c33e043809eac0034bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"064177b0beb4cf8b23769aa5b5dc8146790d07c47ab58b5354041a73d0087693e205637249caebc37c1206d06b","nonce":"34846c33e043809eac0034c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"30944c168ec208a8cac7794cf4351d7a94fff63ee5c2f5fb1dc905f2e93c460b82039aceaf4a7b8b0a00289231","nonce":"34846c33e043809eac0034c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"59a22c08b3ba7663953218ce2fe6452ed91e983ef2bcdcc1b986487ac80a9eb4edc74cdc44d11849e136f4f710","nonce":"34846c33e043809eac0034c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"aefdd1cb120fcd0d37ab9d21b917af9cc671a2cbe855a6c39b3eabdb6aca551ab11111523d3cb73715fbd8da2e","nonce":"34846c33e043809eac0034c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"21ba60c3052bb84223a71c52b36858d5a39e4c3d4876277c6f2df9d2917e92ad9d871bb7596a19971a585a450c","nonce":"34846c33e043809eac0034c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"0f672e8db9346621345c7d37eaa4fd58c0cb8a16235c4a31b7fa90a1565dacbc76ad19515438333e629e23cd8e","nonce":"34846c33e043809eac0034c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"080bdec98ecd22cda2ccb794acca3357d2013697c577a4f6db6b2f3d56561d8dc80b8bdd9acf84002861373b80","nonce":"34846c33e043809eac0034c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"4689541661724829d231b2283aa65a4e65852e87cd9c261d7e61470d5d2ab486b2898bd741bc29b4beb62d2e90","nonce":"34846c33e043809eac0034c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"2a6852a47bb6f8c1e25bd12f48facfa1d24de107626aeea5873c07deca3d875c0e94a9a062097574e89ab4a91c","nonce":"34846c33e043809eac0034cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"21f31f4173a740850df11a842004ecb9ac645ffcf545421585d487599ab72a6db07db5b3ad42427346ff050d0a","nonce":"34846c33e043809eac0034cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"8ceda65ec3da76a9d42baaa406ad3d61262dbc6e03fc7b7a54d02816b73df9976889ae59b5d942cf9594f40ffb","nonce":"34846c33e043809eac0034ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"d76195908d0379a2eb8d6c84ec0f9b63c6bd7b140b2215ec538b39d3cafd1c52710a91f72fb1f689a74bab2ed8","nonce":"34846c33e043809eac0034cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"824b10496f6c64a15b3a3a57b0d8105946e38449e4dfdeb41f8113bbfa18d5436bd941e198bb4975096a7af9e7","nonce":"34846c33e043809eac0034c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"e84549f45519e99b2708cd9006fd30fb9e2e23e7f7f106dfc6ade60618a81270e8e9f8c2bad8c3633eb1b13898","nonce":"34846c33e043809eac0034c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"4f7fb7c4d675d360ea9d454278043f2dbb04471a93c8d66e335d92800566ea582a60f5f393a8f7b538f7d94879","nonce":"34846c33e043809eac0034ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"a06ba4042060bc1b0e9af3b1ba1993a6dd1be68ca60af966557029bb9a54a86feac70c3df5e8ad0502ea5bd2bf","nonce":"34846c33e043809eac0034cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"62a617b36bb6df8415cb3028a6a3c53b7e4f05c29c3d4c57072e8c15450abf38491847cee3e8daaf6f4bf09318","nonce":"34846c33e043809eac0034d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"8394f0356ec12e9b1169d6bf3379fa31f2073568be1148a8cbe73157bfffad0c33c4b6ea96092f399351f30e12","nonce":"34846c33e043809eac0034d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"7625facaaa34b96b02502fb8a1f19aa1b155cd80b42fefbed8d20a34ea8f3579bc024ba1d181e7945389c5f650","nonce":"34846c33e043809eac0034d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"2f28a1346feac72daec7964af73c94d3ca4cf3413ca8cf2f550ed5e86152928cdab7186d8270f76ceae4fde3d6","nonce":"34846c33e043809eac0034d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"f233e066d3e9fa76aea7c1d683362529e171c6526287a421ea48ad5cf155b8683de13c80a6d28131868f0ee504","nonce":"34846c33e043809eac0034d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"691499166ddbbae22cd2a2b050500750a0226dd05406dbb529b174f9e71389c17293844163b7ee32331c6c0662","nonce":"34846c33e043809eac0034d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"a63eb0396284f9a5e67a1434af784cd98cc3e189413b6a5b00e96539f6cb2352cd29b36862f60c04bc8b2f07d8","nonce":"34846c33e043809eac0034d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"d193b6705befc2f3b62e7d96076dc045718adabd205e4780b73cad3838f4c799ec84cfda9d54ef80b51f4e2faa","nonce":"34846c33e043809eac0034d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"d8b99bf63e6f68bfd23e896f57dd149948a7609d1b53724cf1be9bee1929670dcdbd41abeecbc96c86a5678af9","nonce":"34846c33e043809eac0034dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"0af45966c01caff06617d49a82e2448858d9a334773e6c77cba0dec9a7a305b2317540bf25ff27bfdf09f54dff","nonce":"34846c33e043809eac0034dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"5a56fe30e349c5106352c0e67c3c6bdcb8cae88708a77c9273ee104b5331bbe68857f518f795954922351854f2","nonce":"34846c33e043809eac0034de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"f646e1324c439068dec413f1f9901617b2d7ae360ee9422b3e63ff61dbf73b821c65bf55ce0b7834879f44df6f","nonce":"34846c33e043809eac0034df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"b2345adbdd21bfcb6b88e97e0b77c4febc70a45680fb609fc7a83214dfae4d828533a027ac5527ae83d9cbc2aa","nonce":"34846c33e043809eac0034d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"25f5a9d7161a74aaecdc588eaf5c919ef04683a8c47372ffece8b8b86f0ab1472d14797aff3e7b10a449bae3c7","nonce":"34846c33e043809eac0034d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"3bd4a21c7e010ace40abfa1ee00ac4b21852d8a7049770930a3e31edffe4682b7fc28d5a4f2c271c7ebf78ffc5","nonce":"34846c33e043809eac0034da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"1b5b3df9a4f400229aae5f751d958a19d226b1fc8ad68963c11c3be832903bfc1e7b937a815f495667dc66c949","nonce":"34846c33e043809eac0034db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"d8974de695c085e025bc7c653f8df3019478c2f31100ded682657253fbfa8e0367667c5786ad848daec18778e0","nonce":"34846c33e043809eac0034e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"b0de9d0ee494b014714895e30afd35314145303d9ccbff2314fdef6979399730688220bb819c80e8bd590a8ec0","nonce":"34846c33e043809eac0034e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"ce59a3e9d2aaadc0c6436a230ad3e09bad8c15a2880b4fa77909c788c08b5690e821fb8194361bdf03b9f3ae66","nonce":"34846c33e043809eac0034e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"adaf43e24af68a33f34c2f37450e2ef054a8415a3ec6db76c47670a9d54ece3544c81fc41e79b6181e94006606","nonce":"34846c33e043809eac0034e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"6bfa58e97f31cd3a16a2a4a0c1de22ee86643ddf5e6cbd06df44dcdc294da3490a078bda8986215c1f34411c17","nonce":"34846c33e043809eac0034e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"c9b8620bb561f2f1787ffc75c06ea97b44bec11bb8e75264526f5ab8814dcf5982282575f1ad6272c8563e42ab","nonce":"34846c33e043809eac0034e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"4a8a718d3c9a4c8d75cef6a030ca48f26661c4c850f0f038c7f993c25139a298e129fa459f05a6ab13319eea57","nonce":"34846c33e043809eac0034e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"45a109b0a335ae1909c6f096c8aaf4859d05ee62fb3b7a2d0108682f8935209261d71f967ae231a6d6d86d86f9","nonce":"34846c33e043809eac0034e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"f9a9f9e86fbd82de2dc55d0d6362478d94a52ec248e6042a616bc292f3beae40734b722b511fcebaa87aa820c8","nonce":"34846c33e043809eac0034ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"f553ae785c137491f8c5cb43c16ea9ced369d1e1abeec8350fd56e73b901bac2bfdad41a52c4387204f33c919d","nonce":"34846c33e043809eac0034ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"5180961c0e4c282d8ca063f2af6bb2d8d142062f803fa47bcef6711c920431e50f39a4039d4c02349a1c8b82f6","nonce":"34846c33e043809eac0034ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"5824275aaf22f22bf92de015dbb68d31ce62eadb8de7b22972a634105dfa98cdf6e727fcf289ece932a9076d5f","nonce":"34846c33e043809eac0034ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"b4e5deb85443464d04aad8341b84e0f52b8177efc25b5778a81f1fb8e0fb9f7e67df4c43831493675746d3d94b","nonce":"34846c33e043809eac0034e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"00a9a0bdb74851422c9d66e3a28ad03e1276911fc65fcf8ea1aa29f0d79f8aae0fa466789fb2c17c7c8ded4a25","nonce":"34846c33e043809eac0034e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"cec403b4e0db52f38c8eb865738fc2804fda4de2025bf22e84e0217d33b6f4a156e1b3b50379c679a9ded715da","nonce":"34846c33e043809eac0034ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"d407f96f289984f14355daa328d151a74a30d629bdae5d619550cb1cb074fe24e90089466dd89d643318a47b74","nonce":"34846c33e043809eac0034eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"729c1c514e64ea034e4fa68f96352dd5b9512aa67cd45bf902c116973412baf9dbb83a4e1364dc4b63719ba9ce","nonce":"34846c33e043809eac0034f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"6ff8a679dfc400578b739a4521efe1ff66225673420e41a11dc0efc4f41675eaa4b84f0ccc6d3436aa94ddb173","nonce":"34846c33e043809eac0034f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"61049a1a7fcaae14eadb0bcf496e074c08f19104747eb35e323dc37f74b246f105ad1117ce49f807db4e0acce1","nonce":"34846c33e043809eac0034f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"063ebc46bcb0f24d119ef46cea18fb06eb22384e363e8b29106f14c58fbc2cecf2601666474889e00661ebce62","nonce":"34846c33e043809eac0034f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"c19ba444a36924189a1cb670094291b19cb3763597fde497d8c19861bb09826e0792784dd6680b419c4eaaa6be","nonce":"34846c33e043809eac0034f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"c90364194e6996d01474857d0420538b385f475a228a50864f06618e7a49c3442eed11bbd4e4879d22df7eba46","nonce":"34846c33e043809eac0034f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"5975292097753856f1b140d9872aef7bcaa164d2a62226f491336efb9c62d6eacc60b8996346f9784bb80a742c","nonce":"34846c33e043809eac0034f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"cf61da9cbdfe007a6c0e2308669f3dcaafad830ce797fc576651dfe49ea9069e2d20ae4c4d5dd6a811ebdab376","nonce":"34846c33e043809eac0034f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"9800e9c01e6228965d8513630ca2b9948c6e110e153f24f10f0df0199ff63102151dd29f26eb378c2e25a01fea","nonce":"34846c33e043809eac0034fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"6b309635748ceacdd179ec9cf589d14484a43f125fa262cfe6188c6c461c401461d160053512fd3dd4102f4515","nonce":"34846c33e043809eac0034fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"63a93d4505e08da9c524a7cefd769d8f4f3922fc61b7d1dadcb03a57c01d4e9befae535e91dd193efbb4269ccd","nonce":"34846c33e043809eac0034fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"102d7584a052202529391adc991f1f3ca9dbc046b12e4465e5527b94e70e5a3c2a228639b709d7403f2ddc2255","nonce":"34846c33e043809eac0034ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"ce4703fe7bea5efdcb5c30d1034d88cc1bd4595abd11503d850b5e3a578cef95f6ece96057cfc1b333a3cb2b06","nonce":"34846c33e043809eac0034f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"04b84f311f394469c9ee1cab28b9405fabbb139322d32004a4012283b89641bf78b9bf1b72b200ac07a07eaae0","nonce":"34846c33e043809eac0034f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"69cfe74455b1f29c18575d3aebb9ad2e4316a26e74e62bf061d784414ec36202302b7f04e238f0e72923fcd344","nonce":"34846c33e043809eac0034fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"aa2070d4b9c96c8719a6ef3521c15c43a7ea9a7bfff1f29b76516273c6cc8ac8b4c298c2e845389ba03a18742c","nonce":"34846c33e043809eac0034fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"98390512f3a2729f34ed06172400c11f4d8b1cb6cedca592af88f6f46fe1327551b95c6e12a264a343fdc7ec9c","nonce":"34846c33e043809eac003404","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"45b4dc4857b050691124110248e38232ed5d78a0b15f05a4a30931f72079a4f6ae905f3ba9019113c5e02bcea8","nonce":"34846c33e043809eac003405","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"e9c03f26954417a38b501739fbc2158dd9e56f85daf1cf63d3cd65589caf7174abaf828f438253777af2dda271","nonce":"34846c33e043809eac003406","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"d6e7b924861898fe0271f41155323704effb803f8cbcb89544ec4f176c277323c782f604f66f22221e21778f8d","nonce":"34846c33e043809eac003407","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"41827e39c332cc4b2622f4102c621aaf02bfbc2064ffa5b26e257e1c478599c0bf99d43abe29b06eb7a8b3082f","nonce":"34846c33e043809eac003400","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"c7b2c88895af462addb4fb59dfe1e4eca0114376743be8a0eca35b745193861d21b3c6a46d9f522089f3a1bb82","nonce":"34846c33e043809eac003401","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"14b0ac70a485b3b403a9148d47891486e1833aaf2f37b076d7e9387130fe1afff749b161f194d4a9b87ee79e06","nonce":"34846c33e043809eac003402","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"9a583b284f1ff68b8dc82c4018432872cec3d12be43d75997b823f951a12c2c40dd768da2063332f8749f2175b","nonce":"34846c33e043809eac003403","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"428b8c9e50960d80d8a978a7078936dffff9a1faae1487ead88d9cd150aee725974bbbf632341dd225a598d704","nonce":"34846c33e043809eac00340c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"7303385c2a70190c90f97ac5e3c3559a57d9d84f86ed935ed6735c5e9bb73ce57df083ecf4506d0f70888dc55a","nonce":"34846c33e043809eac00340d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"b7b78fdb77a0bcfe94e3761249700ae3cc8649fefe469239383954a1a556525b64ccba0bd39dc8e20cdb055815","nonce":"34846c33e043809eac00340e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"a4c45cc95aba77924cce52c8c9f9d4649a4a28d8a6d18ebf11f8d2bf5ff9051af2c2d4c1c427568918d32595ba","nonce":"34846c33e043809eac00340f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"6583752c38ae2059fe604dcc263f56e0de0631aae863bf52b02923f526d79f79e218f2005720f4d2804463dd19","nonce":"34846c33e043809eac003408","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"fc902ce85ca4af03c59318ca2c2b8aaef3283ff8356b11813ea0e189672bb4be3fa1e384c223631ceb9f9075d2","nonce":"34846c33e043809eac003409","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"942a046b2b9e36ae30cce626ce138befbd4e46f8ff582556b291cf26a152939148e0f04e4a8636d5b0a91d9c7c","nonce":"34846c33e043809eac00340a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"1959935ab3f9be8c70fe9f30b62342c584bdff8c8142d47daf98bd4ed17df53325a632ad14911e385082935db8","nonce":"34846c33e043809eac00340b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"06ca503affd16ac0052cb6b130612969c95dfb1e231e001b5bea85e46caa18e9be1c6b7043b6a76a1e0e022068","nonce":"34846c33e043809eac003414","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"c5fe449099064f87d53db645a2f5e889920e4e2972c937395215a34204ea2126869ff572a372057ededb8026c2","nonce":"34846c33e043809eac003415","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"4a8525b58c248e2fa5af103f2328cba3c761d1ac813136cd657589dfd8b89a6d344104f55965fc5c8f2827d5f1","nonce":"34846c33e043809eac003416","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"dec949bde23c03724c2f41a21312c9792fa594787c7bebab2b3a87aef3cd83df03d56f1baedd5f2546cd49e04a","nonce":"34846c33e043809eac003417","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"02e478678381412bfb6cfc6c2ec06da4a7382c17c479c08f59a1579ab3adbe72a314a2984bd525db71ce28b8f0","nonce":"34846c33e043809eac003410","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"30c3829177c2f7a99b87c4e09cfd4cce8795088c4fe468c1db5ed1c22e1d70db1317af0360fa8ef037b3397a61","nonce":"34846c33e043809eac003411","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"34fefc8af50daa02412f19b2be710809b7039acb65b0db715291cc404e25c9b5f6e2ae7e9e4cdfd9e90674f323","nonce":"34846c33e043809eac003412","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"9350f6a8489c67a797f84d646c97cd0ffc8faf42f49c5afa06473ddb9f1d6749d6a67c6c1b627c173507d6f3e7","nonce":"34846c33e043809eac003413","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"37e580cd9ef597c107f4c103c8e9447be9fb18fbbc39676aa879e7e2669ae7ee01aae6887278eb22d50b52f0f0","nonce":"34846c33e043809eac00341c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"dff4a38d436501faad2638679d2b4f236ff69ee9b02721c6e6f219b99d98ec0ea07a0205f8745b718832058eb3","nonce":"34846c33e043809eac00341d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"4f82c50281b84d104a9a8041a88671dc45e8f58e7738471d9f902c3254fb41fac7efc0332f6b5a555e18462fd5","nonce":"34846c33e043809eac00341e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"7c2be79a88956f11402459f0161dcc318b1e5120c847557904a885a6dbfa3524d0917c9f52d6943290e24392f4","nonce":"34846c33e043809eac00341f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"72d72af1a6f3b5d4848b07659ed89d36e21cb6e05ad043fb271ab8fe31a9cea7e512e52e5180b49cd71ab09c8e","nonce":"34846c33e043809eac003418","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"9089cf4a4d2b2397a42844542dc40ba1baed123c3f52d7632c0be999b90942607498b94fcd3c35350202b3c8fa","nonce":"34846c33e043809eac003419","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"b73f4be78d83cd281a183a6bad0a0f34b69d50c9266fcd0d273e0c51e80a46d07beeb7836d8bdf0bfed381374b","nonce":"34846c33e043809eac00341a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"caea933d8744dcb86e098c8b4473fcc6e7d632611bc523f313fc9201c7e12dbe5b6bb5657adda4ca818a0d68da","nonce":"34846c33e043809eac00341b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"3ec19c6e2a5e01b8b1c2f7c08bd102b215fdedfe3ad7191b17fda0762a966ea4440af14fad82f3e1d42f1b2379","nonce":"34846c33e043809eac003424","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"26d13508c07839eedd6f1b89d154a7f849741541e2828a3c9a0920484879f5a00a84c93cb660e880b42db3d610","nonce":"34846c33e043809eac003425","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"7435c1a15bbb3d37bd294021ac2a3f1b3d843e8e5f01c33c3ee7409a61be824b284433c96ee0dbe46fd02372f9","nonce":"34846c33e043809eac003426","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"00f953f6c8d753430ba57b405d777bef2e449982843877ad0f2ebf9d265e577bf3493aeca0c02b2ec882cc7d59","nonce":"34846c33e043809eac003427","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"a8e489808b46a7644c86f5accaaf3b827d3b8c871f5f0671d5bb0644ccd4ca5c008187b7ecb483f509a4e8eee3","nonce":"34846c33e043809eac003420","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"0262cc26feab457736fe9fcba0f9713c4fadd03a055af8918f067b4e07bfd34beb1eba785d65f3e07e6fd9b616","nonce":"34846c33e043809eac003421","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"1f919376e7945b598eec475dbd63f2f5ca6cc859339675d93ad82ae231377e4100ef5004895099601d060e3a55","nonce":"34846c33e043809eac003422","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"d25806e02ff5fb3d3c90a4afb33d4bcac0036cb63c49c516a05c1cf94dd11be70144b397469b113dc93da3a40f","nonce":"34846c33e043809eac003423","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"36e3848ce15a546ee7c9ffc9fc2a30b8bc211c1bc4aeaad66b37d57b5b79187abe0075710bf535af55a987bb01","nonce":"34846c33e043809eac00342c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"8e4b024f2e8fd5ab5ada64a74049369125541e7753a8888bfcf30c07808f88748936fbc425a9a60bf0eba83652","nonce":"34846c33e043809eac00342d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"136ae2bbdeff29cef8a00c51acd14542be9fd5c91a07357fff5a9bb2f2b42aa6e79b7730876d809cd7bef7d036","nonce":"34846c33e043809eac00342e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"2d063d405cdc26ec8d1b99362190a719881a8936ad79b3c4feb7ad0c95bed96029f98ae1467ac8bd48949118a9","nonce":"34846c33e043809eac00342f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"6e2887d432d53d0d5e27c37b69760ba79bc5969d099f7bb3c622c2035e7711cdd7ebac192256aee224a9db3c1a","nonce":"34846c33e043809eac003428","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"06ba3873a1beb69f6a33299958be2e9d2e2259a245bfd2fe90ba9878eee98fe5d826baf6087f1bf6365ed0e5ae","nonce":"34846c33e043809eac003429","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"8938417da4470cd8cfb32e5d15cbe37dcb7e78a974c840dc73a11337180a06e3e6b40a056e29c7a569d77c7401","nonce":"34846c33e043809eac00342a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"1ec70d08e60e6beeb8f27131a50b689c3964c178438f1e6dd3c3314fd169d7ed0eb5f528cb65407aeb3798938b","nonce":"34846c33e043809eac00342b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"c5cd7c1c08f80135c4a02bc687f47d92058c522ade7c55154810c296189699e56978f317972e55ad05a5fb6c38","nonce":"34846c33e043809eac003434","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"d2d56ff6dfa17aef4e0cb0f910a7c72e838d381c37e15f376cf74f73092fde9d18b632275eb2b21eb25ac520fd","nonce":"34846c33e043809eac003435","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"7d692596bcc253e383b7d54425b289ac7f6173eaf4e74367a8943f1fed920cd4ee570a819f938a06916f55eae4","nonce":"34846c33e043809eac003436","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"d02040674653bdf5d2f11616775105110eb9f40982cfd4b3801d2af92ba0a8c27c431d5db84df895bc0a0572c4","nonce":"34846c33e043809eac003437","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"5cb236758b2b52702acc6d3d98c8d770049059913fe6d1f6d4d982b2a5fe5a11ea0fb599a07d40674e1c9eb86f","nonce":"34846c33e043809eac003430","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"bd603350d0fdf713772f1c9142410fb9a36f8e671e0231537b9eb608c9e7708d92aa97e31fb5b7953766d92fc2","nonce":"34846c33e043809eac003431","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"9e60c75810d402097162e4c802f19e38255e481d5aaf0e80a4df92dd75301abf83295c608e8a289c61bc7e2d57","nonce":"34846c33e043809eac003432","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"6c3b683327df175b0fcfd61b99114b45042209bb6a0b45b08fb154e02cb5c926e5f48f5cd3e3649e98ec4299b9","nonce":"34846c33e043809eac003433","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"c28ed5059f8847e3aeb0a77720e8b03182da230fb27c04ceea7794cba673ca0276abd93ecc64a443bf03b1c8bb","nonce":"34846c33e043809eac00343c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"accd9f536d6bbb2b1078589d4b2e7e2c71a5208c5732f31100f8b2b191a88c3ed8a44cf97f94cf794d6f19fe7e","nonce":"34846c33e043809eac00343d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"9426bd2e2887f2e8b20c624f8c8525a3d78a1455fea8cc1796aad4a16daa12d17c4d1d027e8bebe7bbc311bb67","nonce":"34846c33e043809eac00343e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"a3915136a307ce91e7eac1c7b1f415dc9340428ad3c178f01b109c6b337c989a3a5dce67f273a7831c5f89c682","nonce":"34846c33e043809eac00343f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"7204506d8d6586ef5b55e3f73740c9c9479ac111920b0630a35a27c6b3cd44f08fffb2bf305cd83458f82d00e9","nonce":"34846c33e043809eac003438","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"93894e8506c862752bfbd7eb32627fbc582fe30dbbe713c0a13f8c121dd11def4142086a0a48c8fdc434e57788","nonce":"34846c33e043809eac003439","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"512dc8396282ab5d46ccd8eb7c147495e6eb69a1e201ac1b0ee524cc4bfc3b6059163b6a6397804d1f9248f7ce","nonce":"34846c33e043809eac00343a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"17fa16d687d6689edae53b5ed1742dd7731e35ed1afbbd62ca0d13058b36c58260614df69a96ee82f61604e18f","nonce":"34846c33e043809eac00343b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"0639b9c2d8ff80945f581eb8360b86b6fd2a518c711e0c6b0492bc049b287b94bbbaf4ae3d03ddc1f68b4e73ef","nonce":"34846c33e043809eac003444","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"bd495191f18d2b87c84f87df8cf5759ae9c8697b7928cbbafe292ed770dbdc599665ff1a9e7243a33c902e1a11","nonce":"34846c33e043809eac003445","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"8c79670dec7951022797174f6d402e16924224abf7240c4f4ce38357fd6e0d4ca53a3f672090ab62c4de36bf42","nonce":"34846c33e043809eac003446","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"ba54f8eb0af472c7b8e7af3b83da50de12163e3489b7414af7143742636a520f8d5bbab8bacecd2b4e45285f43","nonce":"34846c33e043809eac003447","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"f0af2b28fcf6cff549da48a2481d281eb97bfd147a6c33fa8e7f3cd9066345e70287379c895f90550f4999ba2a","nonce":"34846c33e043809eac003440","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"caf8607c383b64da2ea9bb9049a16b31fdbdff0f793f45cf7c992f1ef90ce0fe09e1e7d8b9aef0aac7ed2fb375","nonce":"34846c33e043809eac003441","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"1c443746f951d36ec81adef87cd1e250cc9e89e31f97c5eadfa906bd2ded678d6184cf56057890064f332b0b77","nonce":"34846c33e043809eac003442","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"d2a6840f534c37dd6664b905307fd71a45665ff4f01908bb2216112389dee670c8a7355fb30a62b908e8897c07","nonce":"34846c33e043809eac003443","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"c93f91ca06823e7a2aabb365bc1bf6462770b6240a12f8b92e8e73a78c0400a4fba045d3be2b156d18c6d217fc","nonce":"34846c33e043809eac00344c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"68360cdb51d74840cea62ae6e7c9386af225d192ef46542001bf3ee327e6e99c428ecdaa19fc5e25acee8fd17c","nonce":"34846c33e043809eac00344d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"513eedd9d891fad1f1f3efb4bd8c6dc268e9c211b49ea7fa6ab542700ffd09dd83554cc5a6a52de4c7e88adc8c","nonce":"34846c33e043809eac00344e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"d69feb8c64f5e0df3ad41ade815cea887ef09be2be30ae47f875704f591931df1d8213df4d70e40d34f55f251c","nonce":"34846c33e043809eac00344f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"899eb53f009443aa1c30982ae05db70826d8b64519586b4201fb07c18118b5c1facd94c8dc1b96814443c84c1e","nonce":"34846c33e043809eac003448","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"9b5c80dc9ea365e9c35f071dbd716e0e3c62181e7dab0feda17f66a4a9bb4b26b827ab726f442a7db67c99de84","nonce":"34846c33e043809eac003449","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"74549d24ad762f8bb8963af163cd691076336da12cffb80545ff77dfe12bd3d8aeacb297c3b49f25c834e15e06","nonce":"34846c33e043809eac00344a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"9d79ff0e3e6b0917cdd3587407ba5f484146060b253634573bb498e23c30bbad633c0447ceed32a15a5b9f0964","nonce":"34846c33e043809eac00344b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"9e0976941128b357b8cf74c05cd8d8201915c97c8ef89624166f6cea4d02e12b36436da4bee3782f2bc6d0d026","nonce":"34846c33e043809eac003454","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"c51397e68c3515ab72e1c39e1735b19a6f8c69b5db77c0411e0c005dcdc6ea00d9be0913d6425f015c27897dc1","nonce":"34846c33e043809eac003455","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"e97603813e2a5bd743d0067a996bb50fa2ba397b123a0b6032fd2e434a0dd4a7aad4eeb865dabd80ca4ac86d00","nonce":"34846c33e043809eac003456","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"daafbabc4275c69666f4eafb21fb8f1e410171d7a431065da40d86897da6e1cc1cee16833c5edda371ea2041c3","nonce":"34846c33e043809eac003457","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"edd6f9b74f02c525deff0662dfbce6345f3071b21a695669e05d476244b293a7a5dcf8c4895d92e3ce8fcfab3e","nonce":"34846c33e043809eac003450","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"68e8a017a3db758742974aa30617d9208b1862266f6c68d7b00535ac483313ab629b0e5a72fb6011e4a129dab9","nonce":"34846c33e043809eac003451","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"20144e3c1416faaaff635287f2f70e01c4794ca0998842fb1e04d839547e6bb8a478d26a3945c86d235bb0b8d3","nonce":"34846c33e043809eac003452","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"9093845961ce7d42c693591a521b66c7b94f212f7d4af2a1a6dcd6154a65b4ddd51e9e1b8b304179f998c57b97","nonce":"34846c33e043809eac003453","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"8f61503688ab5449c3dee4ecf8c5d6d084df4e012398b9cb8efb5951d1eb0c2d5bc722c38ec1287159a200af35","nonce":"34846c33e043809eac00345c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"edaf5f75b4e4cc4ae911835ee9dba69d8751eb190a195776c433e9635b728a24462d77aaecfa74c2297ab3dabf","nonce":"34846c33e043809eac00345d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"f160424fd890f77d71c4b3083a0acbadaf83ee66df33dd82cb3b06455506cf2ee15194d7d5a9ab20ecb9226f26","nonce":"34846c33e043809eac00345e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"13c4212ffe8e934a270bab8168001f61855c86ecb439681eff77f3aff2c4f9fd613f3153aac20914c66ba361a5","nonce":"34846c33e043809eac00345f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"dff3d112458ab2522f0ed72da4c4783e378baa6c397d06d70ac1a8c1d7380bbdb6e474c833f8c5401f8b3198db","nonce":"34846c33e043809eac003458","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"324cf094bebc24a1f30040a590414f64e18db63f77f6a913c531bd671f917199b5228bfff34e68702631ae6b2c","nonce":"34846c33e043809eac003459","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"91a511c5bd965e35ab840a581334f0e6fa154dc70d69c14c9f9495bd9f1eaa23ffea3e1d9b685ae010fe68b675","nonce":"34846c33e043809eac00345a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"006fa2a1dc3673407b35328d6df665bb451ea39a99bbbdd24bb1b078dc456792470b7051cd71e1ba63b3ea211d","nonce":"34846c33e043809eac00345b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"3c267187fd05bde5babe6787cefb9d0d3601e453f28b786453bb2a6bace3ca85f5c2970b09671cce3e4c4ba819","nonce":"34846c33e043809eac003464","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"03c7838648e1c9926aabfe152e50a653e7e389e8441a8ba0842090d53676a76e317d77c04aece24423f4b088ba","nonce":"34846c33e043809eac003465","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"6d9900fca814aab6e6c32ec1fc5b17557ee0824c9786291e5fe91b1dfbb2f5383b18bc3142a9f0557b2c94690e","nonce":"34846c33e043809eac003466","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"12a51139774fbf864f779f26769d772a6930c2d3dd2d76ed4ebf8a79c463ea6821da4028267e5609c58b9e001f","nonce":"34846c33e043809eac003467","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"42ab60899a7c2588b7b6f926bf8b87420a5db2a5bb71c465b3beac1bdde171cdff1e4d4ce5a58a2b549afe2740","nonce":"34846c33e043809eac003460","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"e86ed330c3cae98acb77071b7a1b98e207ab880d0e465aa0412517a7741c4ee89f1c2d5a5cc65768632b3e9231","nonce":"34846c33e043809eac003461","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"bbc63f2e2c99f4d1867a3b641bddf193458772f9c85d8ce6e1423066737535355d2051f02341c6491211b80cbe","nonce":"34846c33e043809eac003462","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"9fb2787a3c2abb018f1c3421044aebcdeb95450cedb018a305d576c3a55c17cb07adff235366470dffb6ac99ed","nonce":"34846c33e043809eac003463","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"6fb72b820369d3c82374d1a0e40c5fe4137d80b2ec64f1c4b219d11cba5a3b28ab144f834c80acb9b37623a0de","nonce":"34846c33e043809eac00346c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"f46c6c23ec84660b3f559666f03b82ee1e6ee98f38712ca04170106a29cceeccd20a2e3af09db96f6ceb0bd72e","nonce":"34846c33e043809eac00346d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"9c3d5059fc7d62390687554d55612da0c196f139ab69ed97d806d3aec8d2d92c256644697033bf844e93f50ff8","nonce":"34846c33e043809eac00346e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"a6d8e637242289809e371b6b19067ccce6abf5a41f0418af7fed59944b2379211e4aa2ce98ab7c12420d71d9a2","nonce":"34846c33e043809eac00346f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"7733a91c7ef1cbe1a00045a7023bf1e25b11dbb1f6e6b31e6e0e331df577e71151e9b38b06139a8bfa3c442cf3","nonce":"34846c33e043809eac003468","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"2cd46895478b560911f9374dcc0d0e4d206109ad6b31fc50723ee1a65f50a3de7df3e8e36ba6bc3b0dba26a721","nonce":"34846c33e043809eac003469","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"7eba42ed85a2be55e387f96cd4242b0861835736304fec5f33d8ce079d5c7c7dd46b56f04fa2c57a23cbf9abcc","nonce":"34846c33e043809eac00346a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"a7e52687d0d0eba420580ddb43e4dad55f63d4daf60b1a69a441f98c5554002f015b12d291c8239531f487c9aa","nonce":"34846c33e043809eac00346b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"f763607ab1877f43a41ac530eac3538372df5daa0e5625e2861a25c9f5bee6c8c63a22ed5bfe272ade5f962a05","nonce":"34846c33e043809eac003474","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"4ec334e0e5d8f452faddf3acdfdda469f73175dd0d3a0b79439a6f923b43ef7266c77db2feb0b14915b730d8ee","nonce":"34846c33e043809eac003475","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"5beb4640766860f710c04f281466b77ff918cc4de2ff49a7fcc545a102644b708cc5e94791ea58baed2f665c1e","nonce":"34846c33e043809eac003476","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"aa335ed881d1888834b5b671156028ecc85f4091a4e076444b30f8ff6c564873d073c48f98cd0698ab69bb311b","nonce":"34846c33e043809eac003477","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"89ecd1d851c325223163ea388e3b186300911af1b886c66744d01e223b5b76aff05e8bab04eb8325e129ca0318","nonce":"34846c33e043809eac003470","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"f5209dfe61bd7528e9cb7413da9f02dcb37788bba2a604a3f24608d3ced2cbd93a2b38b7d65d12a3c0d26aca47","nonce":"34846c33e043809eac003471","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"f920ef35345db8ed3c1e87ea76da5977524b23e9bfcafeb57469e94e78433f9068a8d02f1ef0d5e31c2aed4da9","nonce":"34846c33e043809eac003472","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"62e57fdd83bf2d85679e7a23f4c87dbc00c6b96e37d1f017b426ad2d67c0e324e9b57348c85a3b437283c1d811","nonce":"34846c33e043809eac003473","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"af2fcaa1d8e2ec54be1a74835cd29d4e5a8a970cbba6e7303855e5d626c162e2ccda7e9ea62a4e3e17b5ee2ee3","nonce":"34846c33e043809eac00347c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"5c9edf60d13b57400b148554f8751f1b21920f94e52699120aee19e10f6732eac8bbedf91bfdf88e20ccc7c658","nonce":"34846c33e043809eac00347d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"0ccabf228b3d1b65c15434aa7cfeb60bd459cb12ddd132603e55a26ca7e5a97fcb04decf720f84e8fb87addfba","nonce":"34846c33e043809eac00347e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"b4776b5a6a087aaf96ca174a444ba3b724c9b0485dc69219cc501c3aa9bcfc0c9eafbd28f0bfb67619bcb9c19d","nonce":"34846c33e043809eac00347f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"f992c2d1ccdfae5048f4d1afa1769a275dfdb82d03cba2b4efb6aafba93bb9c6506c3f8f21d90c7cda334d6755","nonce":"34846c33e043809eac003478","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"721021578a57020e7daf9cd572e9fd10cc6fbd80302795cae0573273317480bbb975a34f10765144bf41613b63","nonce":"34846c33e043809eac003479","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"67d5c249eb482559c7f7f1a3e45e13c143c4b8c316bec41d079cce867c8e3bc36b4efeea10edc48b12922d7e26","nonce":"34846c33e043809eac00347a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"63422b3a6a341f4cad44fbf8e8ccd30e8035df09ee7cc156fe820b198dfe76b567f486fe802476b328d485fac3","nonce":"34846c33e043809eac00347b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"86da6f73bfcbae3556363062b8335ca1abe90eb187927794a2b6cc9795d8ab965f51f997f7477130248b31adf5","nonce":"34846c33e043809eac003584","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"8d720e83a445508d550edb28ddbe643351bfdbc45633ef73567b1fc2d17a8e5d"},{"exporter_context":"00","L":32,"exported_value":"c49895ffd569e451416e1e749fa19b47e9f8bfca505fc96c281aa95e4be82712"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"7acb7cff7302ea5c5819fea2f0b69d6ebabc664a17476cb7771af1598eb5c8c6"}]},{"mode":3,"kem_id":32,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"e10e1ad65ab26cdead9619c5cd75d54532fe4aef355f85280c6834590ca726ff","ikmS":"eb694e2d1f9cdc625da04e25caf43ee57966dcf05adf2c614bfe562ae01bbd7c","ikmE":"c0f45a75ec0ad58980873f9b10a6ff0375770ce0237e4119d12f908c39202859","skRm":"8dc885ddff9915dee8a360309675d770d4c9facb8f214d24f7baf130153e0a1a","skSm":"ac9e7ab12c37daeaa9b2098502a7db2118d536e6b3b9e8385d79a52ee7f71541","skEm":"5386934a3f61c6cdb2a70b18fb67106d7e7a77c8b4d4126c016a350be0ab3217","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"740730cdce9e8dab82ca0648a3cc2df40281d4c2166e9f6c3698e6aa666e4930","pkSm":"99ce50c3f04d367deac454e1c04c662fa2b398ea2fae15d93d163aa07d6dba49","pkEm":"473a5c15d5e0b488c7b321e99172e1663be514efe79387ffb1da4a53b806c461","enc":"473a5c15d5e0b488c7b321e99172e1663be514efe79387ffb1da4a53b806c461","shared_secret":"d22ed5c53b896b89c11940993dbc6924a8f0e17f11ca0d095804060bf9909106","key_schedule_context":"034c00167e070c0803ca14469cf4fa24410a5c52e941fe6042d618ec513da1d7689535366ec6bd0534307b1d59b0a605325c437890fe56676a1c507b6cf5e46e9e238f3e66e519a887ea3a0d096475a5defe5bfd1d22ec386b880d050dbfb6995fe8f7d1d0c661c4e10698687f757b1e981cbf025920074204ff660b9f490d7594","secret":"7c26381672abc6a94eb6b1e07375adc218849a01e4e0ef604f01e79fdee9310c9994d68fbe8d182655e360a0e344afff64991cc234248a80c28e54b12e223669","key":"d96b2d9043a9b875fc4b2b7079dccd0d6e2c7b431a0517065e73a349b625bb24","base_nonce":"7782f07d1ce3bd345b1de3da","exporter_secret":"b47dad6405736797e6583defa8ee9adab77fe62c3c0730ed6672a08c63fc10b8bc4fad3cb8c2016358419fc2266afd1856c81e9353baf32b007c5f7bbd55a9e0","encryptions":[{"aad":"436f756e742d30","ct":"2ea1d1a353b0aba7bb38ed44f518adf446e08fc09f0957587ab42c16986ec2c673b0c1b4874b2ef68f1faaa67b","nonce":"7782f07d1ce3bd345b1de3da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"037852438d48eae6c32b5aee5db029026939cd967dbaff83a7fd6a96d2f92f99b72ede907ac0795d8a6acaaa57","nonce":"7782f07d1ce3bd345b1de3db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"3559f8f291990760a54cf50a1296619d2f21e992a10008df60ad65e6f3cc2598a9e1ed5839e6cf8071afc26e03","nonce":"7782f07d1ce3bd345b1de3d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"c9a98a60e797be1bc14617970fd307e1b7730803461f7a0d2c70dbd1018a24a7da4e4d36a3a920116a4417ed1e","nonce":"7782f07d1ce3bd345b1de3d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"849596cf14cacd454d793d86f788f294040dace68a2bafc693e26d87f7a25cd500dc6dfce44d554678b8dd889e","nonce":"7782f07d1ce3bd345b1de3de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"416bf9099f0fe225a215071d043a9bd4ba42614cc3c23a5b8cc82c99bf9a65b015379be0307343f86684df3699","nonce":"7782f07d1ce3bd345b1de3df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"5b2cddd4c3e74705f3e0ae8da2b55ba95ca81ab3bc1e86cf991cc47173b7a588c407ebcc9e1b6c3872d464da2f","nonce":"7782f07d1ce3bd345b1de3dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"27e9b0954cce155905167dbcca8cf868e3cb67132bb713dab48b647af7611293a8abd831ea832a15b9612c3eb3","nonce":"7782f07d1ce3bd345b1de3dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"e5c1b0b032e3439e88adc618a65d0c60ab18fd7924d201dcdf9bbca83b8aa30bd2c302876db477a5faf7f9e0b3","nonce":"7782f07d1ce3bd345b1de3d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"57986e1b2d325857507fa8337f083569a856e7e4d04a7fafb9f5b00f1f14cbafc8a9b719275835f4d0c4a0d1b1","nonce":"7782f07d1ce3bd345b1de3d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"982119cdd73dd8bf4b992531a3fbfd3f77dd7778401977ec21d9977f5c28ff890853c340bc093951fa255510e9","nonce":"7782f07d1ce3bd345b1de3d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"d3493cfe375f8048122ba170bdd278da5fc818e2e0eb6b5f314ab262dd26c4996b0adc4ff01776d78a0ab002fa","nonce":"7782f07d1ce3bd345b1de3d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"196308bb1c99e13d7ca734a3e866d9e62d93ba7812fe0b39449a25033d77a187c652df68c20af1a77ebb0881d3","nonce":"7782f07d1ce3bd345b1de3d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"65698870acd217813c75ed688c241656f0f4d45bb120d7d2c83b5fe43b2938801c3c93fe2fca2b7728764d9108","nonce":"7782f07d1ce3bd345b1de3d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"0c1c1914b87caa68442c790c9f1b4ec53140eb151336816b729c42581f672004afc32c9c2b5bac887d905027a4","nonce":"7782f07d1ce3bd345b1de3d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"9e12340a41dbc1f8ccabc9da28f51ca053753b7a137925a75a714ba26ee417b1ff5bbc40fdd24db05ac567a96f","nonce":"7782f07d1ce3bd345b1de3d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"5b2850202a1c3a8020888dc8592ec4bb9a3de49ad2dae79076c436e6b5b8d37d030a54fb5e8440bea8c04d6301","nonce":"7782f07d1ce3bd345b1de3ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"7992889f979c6709b3e6a84c6612eebca565967d3462e1d8c0d5335eb9c7e9b4a4968370a9e094129bf2311fb7","nonce":"7782f07d1ce3bd345b1de3cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"03538d77971af98b3f3932d659565f52341ed076f51342e1fafde76c098643865169c425de09749d40a8794643","nonce":"7782f07d1ce3bd345b1de3c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"fe21d9508f8ee73f2726c26696316b041b03a011877ae00ad17052b58aa8f6cfcf811b7e45ff3aa01067432d14","nonce":"7782f07d1ce3bd345b1de3c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"0005fc8686552084be006a7ab4a8b54559a926a523ad798f65965c2a0a846c5e4d5a7e19fde1f715e4f9a4d618","nonce":"7782f07d1ce3bd345b1de3ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"c359d6dc1413019b7fb534747c4c55153388423af098ebdc2e3295a2c52934173e0601c69231ce32eb0c2fdb14","nonce":"7782f07d1ce3bd345b1de3cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"9a3a0e9f2d8c184312c0435bdd38f633fbfe2539f425ca11a2d07aaefda1bc3757b1c5fc3524b43c9ef0da1d3e","nonce":"7782f07d1ce3bd345b1de3cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"12ff8b3d2f64758d4bfdc2764e945b6c819fe6bdacbff3e91ba71e823f3e46127aee1bb5fc84c4600ea5ce21dd","nonce":"7782f07d1ce3bd345b1de3cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"ad597ccf4fa36377a4ee0c78748eda853c2fdc262aaf86ef2ceacff98ec97c76e1c426aa2b5274a3f5ab28c546","nonce":"7782f07d1ce3bd345b1de3c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"54f4aad118e84f82deaff08e03f601ae9ac414b6966085917c503a336f1e976bf67e7db8bad3fd7dfadf41d232","nonce":"7782f07d1ce3bd345b1de3c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"20a13bc791d13b1a2ea9e32f17ec83c41cc2ed4849aa78a81627e2c9b77f28c156a087106b8471a6832e3704d8","nonce":"7782f07d1ce3bd345b1de3c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"a16043741b2b5aa95cfb7d2ab234ae9eeab37af81a346947ad792214233a91717392a2fb0d49d0894dca34c31d","nonce":"7782f07d1ce3bd345b1de3c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"799da367c85718fda4c9f8544fa6f778f6a0e341ff976f63c6ec4dc1b9aab6548ad81562673e4b449eaa5d4aa5","nonce":"7782f07d1ce3bd345b1de3c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"e148d992e6dc6a4f90e8003c1b2fb7653bcd545f3232802a6a5e6bbea37d8da6e9320526b351bd163e144f3610","nonce":"7782f07d1ce3bd345b1de3c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"71a502f0508fb2823fb07369210dc58144b3e3addc8ec10e7284b7136fda2e34bf6a10d015f8e38e2b954e3c3a","nonce":"7782f07d1ce3bd345b1de3c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"e8bd322cb6412d533091b2f0f30748b29dad6851f1118b76b0027110728ece2ce3e6284e0bc62265d0678f7263","nonce":"7782f07d1ce3bd345b1de3c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"f08c810be77b1e16afc6a55abcf072ef7ac6a940d4769bad08473d96823aca382478299b35c4b27158f716f0b3","nonce":"7782f07d1ce3bd345b1de3fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"24a8d603c349c58ffb4855465874a75ea5007267613ef8388125f74b790557b75ed9865602be7a702fb919eec1","nonce":"7782f07d1ce3bd345b1de3fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"efe8d8dbdce689bcf6dccc9a5cc0e3e910ccc163a87f76534fdd5433c6a3cdd2a1ff5d3038a9274788449eb697","nonce":"7782f07d1ce3bd345b1de3f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"45a34e229f7b43427f3077856b5b3a91748ee940c2d0acaac60550c36cce8454575c9fc27eb6ef8f1d5107e838","nonce":"7782f07d1ce3bd345b1de3f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"bbe5e5b742e7305dc7f2d5ff7dd40dc61edc36795989a6eee7ca7bace7f4d22ec773f7f34337a7d295b7216ce4","nonce":"7782f07d1ce3bd345b1de3fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"103d06067728f822e4e74e9369aa5a18877df2b0ad3ab33afe41dfde74b7c4a71ef99b0929be8e53c9b84b8c82","nonce":"7782f07d1ce3bd345b1de3ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"2adc2f67708c0d72815d729603636721cac2c4d86c711e80246d62df8718386c314c71849c367162be8082a7db","nonce":"7782f07d1ce3bd345b1de3fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"bac98c3019c44862a5d322cd26c7cf797f5712dd9d48c400a5c24a0b6c30cabfc61773eab48890d0663ba1e131","nonce":"7782f07d1ce3bd345b1de3fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"395354879c1de2f4861ca61693bbf8ccc4e84eec65eab0507ba5f3b62a21c2c88a62a3110964e932f3a383b695","nonce":"7782f07d1ce3bd345b1de3f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"8e87612503f02d41a2d36cb88e5e83e6561fba261bb653c1c40b0fa587aae933006ff988ebfc664af6dc406e2d","nonce":"7782f07d1ce3bd345b1de3f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"42dc9513539788cf49c8dd4e3fbd56151cc60c9df5a1e39edd82d936a6adcc02577975bb2f31c245e0829d456e","nonce":"7782f07d1ce3bd345b1de3f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"8987e4360248364b151dc82d35e92b9d4a3c6ac358f1597277d89650b2051a687f6c1f799a8404da6d1901ed8c","nonce":"7782f07d1ce3bd345b1de3f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"9445e69064f6aeab2dad280d6a8d103b37d1d7f0ca7f7559bdcbc055f1a161d39fa0c54e79680b53a827129e94","nonce":"7782f07d1ce3bd345b1de3f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"71f0b77fe796a97792265527586b7915535bdb652af0d27be1f6eeb34d4e574b5cffec9a3e42f436ab82444f93","nonce":"7782f07d1ce3bd345b1de3f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"3a133403a79fbf1590b0a36c4387a38a40dd244cc08f7afeaf13f615f407dace13303c77ddea626267ecf008a2","nonce":"7782f07d1ce3bd345b1de3f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"f5b75c929073307e3ffe62579a4e25d8042649a9cd32e2b03dfb7ad187571c218b3e6fac562b67c2585b197875","nonce":"7782f07d1ce3bd345b1de3f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"87b85f8f6afb07c438dc8f44727fe9f9ca6f6331344a6f0e144119fe4b1edccbb3e03a54099e95c6f4eff6ecb6","nonce":"7782f07d1ce3bd345b1de3ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"c595dbdc7f277b17d0f310ef74c0a13294ecfc0e40f871885067f21dbcf5ed90d49a4a8a0f488a8795aae7700c","nonce":"7782f07d1ce3bd345b1de3eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"b754dbfa2a4226218f130d80c055308d662f33624de189641f2688844a6178f49e42513624bdafa9f48d19473a","nonce":"7782f07d1ce3bd345b1de3e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"91af1bfed757c862f6a19a86a15ceccf5a4da3cc529d5b839301641a03ef47533f700852439adc8d3efa71f0e9","nonce":"7782f07d1ce3bd345b1de3e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"ea668df7a871ebe7273f9db314e749069ce03729473077a3466f81e7dfbe94bd6c851bd1595a9a7fe1ffaa47d8","nonce":"7782f07d1ce3bd345b1de3ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"d0301df9cbfce0d9f06c5d3eb975c4d7cc30d0a9ddb76536154407ed08a851a34170b8e27db7b92fffab638150","nonce":"7782f07d1ce3bd345b1de3ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"b5cd4fef924bb7f2f88df4eab174bfbdd51c884fb39e5e12b51155fe727e780f4679af029086b715bf3dc1f83b","nonce":"7782f07d1ce3bd345b1de3ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"b277ebf631c62b61cafba890fd941d2f856bd315753de356354307e3949d2ed4678ba19b807341407061dcfb66","nonce":"7782f07d1ce3bd345b1de3ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"872ffdf0f3fd82c158c6fa92a0556e0c8e2d70a2598aa821c7b9f04412f88e01c3b3b6704f18708dbd237975a6","nonce":"7782f07d1ce3bd345b1de3e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"a29d9b6f665618813fd4beee434cba721d8566773e0928e3e8b2842623e6e5e6b95a6f2efd718da3d5c19934c7","nonce":"7782f07d1ce3bd345b1de3e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"5e92e6966fe10d31c3f0e56661afebff95ba11dceefd6730481aa7fc529272ca14941e8430517cea2b594deaed","nonce":"7782f07d1ce3bd345b1de3e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"f972239c461001150c0cae1bd4fa83eb2d6b016d86cebeff0c67b8f7181e3d080887b38d87d0e5427c93473ac8","nonce":"7782f07d1ce3bd345b1de3e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"7b9e463db3d89b8f521089af39e2219b76e0fe9279b0a850a4b0d3e52291e2feeed477e845ad8b9b14ef1eae2b","nonce":"7782f07d1ce3bd345b1de3e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"a1658b2b32c586d7735c19f1906c437ec1d5af6b2765eda0ec0e6103fea59b1611789117fb4c75c6697bec0346","nonce":"7782f07d1ce3bd345b1de3e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"66993ddcb62c557558c38064e0d11c910673d6e4d525e323f3cea87edb26de58614369b2e232e8ad3664bc33ae","nonce":"7782f07d1ce3bd345b1de3e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"4ff2af76cbe18ee5bd283260dd4881c71e575d9863732d3804be214913c1de2e23e6b33cf3e371e65cfd0b3e3b","nonce":"7782f07d1ce3bd345b1de3e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"55b459825c9cddddf2bdd554971246185784f2798b82a574ceb27cd0e86398fa129e04ce826316c902b71dd7df","nonce":"7782f07d1ce3bd345b1de39a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"b0bdbc68f55ae9e0932c8a0596d49defd08e18fd10cff7c284a42180e6fae71828f19ddb76a1d7cc45e6818303","nonce":"7782f07d1ce3bd345b1de39b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"b1e26e049a8d36e8f749806aeebf907a480f8f7839dede38b803b5e642b9292d1638c0586a576c2b05afd021a4","nonce":"7782f07d1ce3bd345b1de398","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"66f36bade757c46b6338f2b95d288d2019522cc3cab3f2a5ff7ff9b0b3057f18e441d2aefb0092f017f0979eab","nonce":"7782f07d1ce3bd345b1de399","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"0f09b2b2a7b7810db0d5b1a6ea75d64a0bc9da8508a1191c2ae9b578999aceff4019b3b87e187a188eb74ac1c1","nonce":"7782f07d1ce3bd345b1de39e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"ebf0accab0028a1f92dce37bcac3783793f78a585ab67ef9c1cfa76b94a7664dbebdfe4b91e0af8c633e379fb6","nonce":"7782f07d1ce3bd345b1de39f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"89eea0534c7dfe36b8687b28657b034dcb5bf877a8eaf9a32c8242c19e85bdfded0b46a1956001b41b2d83f909","nonce":"7782f07d1ce3bd345b1de39c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"b50042c8a4e04482837cc31a8c865b25a834c1021a66aff105bdaa1e254cc845c56aa4193a8ae1ab842cd90a7e","nonce":"7782f07d1ce3bd345b1de39d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"5313f0fb7c864e89555d7b1d74cf3e0ecf1e6dd650fc9dee2baff6470233227e32f2b14cb1574a9d12312ed5c2","nonce":"7782f07d1ce3bd345b1de392","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"1971b9a4d654302a71532a1b47111138a4ce673821b228aaf5c484aec65db7df28608896fc3451c2f4b498de6c","nonce":"7782f07d1ce3bd345b1de393","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"17c536a0d57babc20515477b5c9751415b51583dd2f035fcbb01ef100692910264b2344ddc9773eb729de964b8","nonce":"7782f07d1ce3bd345b1de390","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"8229d30d24925572c090821715ab9a1f261eaa2e3e2abd9c30840bad15002666200d95593e60f3f743e54f38c8","nonce":"7782f07d1ce3bd345b1de391","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"b697cabf5572da9b1bd165fa90c4a68113e0d96b6fb0fd40bb2e5b5e2728cfeb5f55be8d7cffd663f1568b39f3","nonce":"7782f07d1ce3bd345b1de396","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"3117e9fd07b3076780d1df806a69fa2a99e16f6f635fa4e387a3921c9b155ec3fe393ae8a3cd9ea97fbbd8e884","nonce":"7782f07d1ce3bd345b1de397","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"50bc9726790b98e0e4d2c057de274be4f402e92b0cb9a8995deae8585f2c913a06ca0e2194c1464d1854b1c87d","nonce":"7782f07d1ce3bd345b1de394","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"6062e67b6a4e2edab07f6fa2567a80927552bafddc038cf58637a6b10ab1287d392d59569a723946f4fc6309d4","nonce":"7782f07d1ce3bd345b1de395","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"bec934ad2fe988444ce97e595721eb46ee3b5194fa297b8b622b7b1f322349455a60e09a50996e8dc37dc0791c","nonce":"7782f07d1ce3bd345b1de38a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"f41c8c2134554493cbd292bf0a6265cff2dd2618e24f157ea3f3e9c3fa64ae65fa8d680609639e195085fe6ad0","nonce":"7782f07d1ce3bd345b1de38b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"16d4e4c4a06719f498ad4ff07a7e892762689992461f7dd73dc3660e8afdb22c562eb5f606ce9eff4c3a2a1d20","nonce":"7782f07d1ce3bd345b1de388","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"44b8b58202866537ab71ab2a5c3440d5faf4d481a5aa7a1144b901686597a9f74cc7bb8465b624ff26427f7cae","nonce":"7782f07d1ce3bd345b1de389","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"5465403cb5b12dc6284f3e67bff7ff2e6a65084b41fc872178641022131ae97ed9cbe79fe34bea76b79d5433fc","nonce":"7782f07d1ce3bd345b1de38e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"536273ef2af98ef90aaaf6da7b8b7fe8cf32e0a054b8611e88a6f58b090e9eeb99df382739c1845f5fd4d0e004","nonce":"7782f07d1ce3bd345b1de38f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"707b1fdf8eec4f1930a3083f469fc0f3b63daec6403e56f34660d56d6266b6667a9d15d29690988b211f39435a","nonce":"7782f07d1ce3bd345b1de38c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"f7e3ae939be5fce543b1e556d4877e450aab9f922f1d3a224e82093b76aaabbb2b8605c28dba29373f0a67d386","nonce":"7782f07d1ce3bd345b1de38d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"87361dd05ac7dfb4c333baa2211fa896720ea1449951890075090a75693fd8f9473e7f12273def76009d09883d","nonce":"7782f07d1ce3bd345b1de382","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"ae7eb8d9a1eb51c0f2fc5b81e6b608fef7cc4ea8d418635ed9fa583fafbea973408400f1e47a24993ad0a6db8c","nonce":"7782f07d1ce3bd345b1de383","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"ba5eecae50e43baddd659e5f8722ff0c4c9be145676f7a2079875b7205306481d2d01e7e39483290df2962acc7","nonce":"7782f07d1ce3bd345b1de380","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"e0928b09b05c155c29345512349061dcd83eaba53fbba561c8deecbc2468430b6d5960fc6d8e555a90f2a93a3d","nonce":"7782f07d1ce3bd345b1de381","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"759d10dcc4e05ab90c2f33f6d07cd65921a7f47b6bdb34127b330d20b9e5b017a342556adda70867d2cb88652a","nonce":"7782f07d1ce3bd345b1de386","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"e237092c141ffb73235553e00e4091a03b58245a3d4131e4fd35915dcbf142507559e365f67a62e38134f0a840","nonce":"7782f07d1ce3bd345b1de387","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"ea4f2d075bf0c82530c1af78116a9b6cf6d5e47259dd96cb5f588901508c29a10b279a11e4ca795dc906938f6c","nonce":"7782f07d1ce3bd345b1de384","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"d7dda0e03ba87ae96ca39420da31fc20f9161ac9e907d6ce5f86335e062e3028e55e6d75adc239936363273322","nonce":"7782f07d1ce3bd345b1de385","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"61af7e2cb256aee84a62e18c50be070deaae7278d6c2edfef61151a2d3b31b158f898b419ee296d2ddd1ec2c4c","nonce":"7782f07d1ce3bd345b1de3ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"18e6447fa5554a1b75560786c2689e2b9c3148955eef84889b108125820f65a52a52d8db761e3839b00ed633de","nonce":"7782f07d1ce3bd345b1de3bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"b22a31bcc2d46abdc88642034b6f46792ad76fb600f1faf62d1cc6f98d46b32d86cef18f06edde01444c83ba4a","nonce":"7782f07d1ce3bd345b1de3b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"2f1078fc8ea249f1c088cdae7a5c127509143a65f750bb5e89de2b6f71e3b970e58315f67b5febd1fe26f4aede","nonce":"7782f07d1ce3bd345b1de3b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"e96c183ad2899141ca1fb28e7fe1075468b799d44301fde3153d7c5b88cad3d992533256c259fe18b9ebe31edd","nonce":"7782f07d1ce3bd345b1de3be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"a0c80ca3a70969be73a4f1eb79598cde8a7fc0c117168b9fbf237644d1369c880f710bfc2c5ba0b4ad410cdd7e","nonce":"7782f07d1ce3bd345b1de3bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"e0c7f258a7fca148484a4da8d070e8d9a1462291effc441567ccbb913aeb4ea62178174c45d1aec60e8ffd5120","nonce":"7782f07d1ce3bd345b1de3bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"8a54d106f9169a1339f9984e02ecd9fbf4a227d62cdfe6e8601f3c6b8b202d8fb86b67864e7cf8c347ec7ed538","nonce":"7782f07d1ce3bd345b1de3bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"a72528ee0dcb26d49fdeedbc8c9392db6daecaa8dd0c41a07c2ffcf9eee541a20bb1e0d62621b11b4b8b58ac6a","nonce":"7782f07d1ce3bd345b1de3b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"198278871d221dafc58e8963bb5081576f8317e7e994c5a36ae77fdd32fa651aa35b88a92ea0fda81424c5c30f","nonce":"7782f07d1ce3bd345b1de3b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"3534c5b1885702241db2660484957b49c89bf48a480bdc509defa22d35b916762f9b93c6bf8b83ca4f38648b9c","nonce":"7782f07d1ce3bd345b1de3b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"0eaa876d2725d729a056ea372876c142483acac60ef6950f9de3908b138a2e35a62102dd3b6ba555c49c9f4d2a","nonce":"7782f07d1ce3bd345b1de3b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"6d96467daf5dc8ff67be34b458d1fd81ad3344ed32cec083812fa33d7f553b8aaa6607001c1e5350b04375d215","nonce":"7782f07d1ce3bd345b1de3b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"6fa47c92dc9b13f495f525747faf3d8a4641ac6391766cd5c1972584b88b37c5eacca9dfe37ab4db771c394d90","nonce":"7782f07d1ce3bd345b1de3b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"7fe79f096b59276e2da8fa5657e7a20ded1cd9303eeac72122f93c72ab44b329f81c6afb4739a50ae134f53b28","nonce":"7782f07d1ce3bd345b1de3b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"6878425a01f6b6b7f12b2eb9edb367241be105574a7b97028dfbd7df4f388d5a1da471200a8077ccb0e1e5c182","nonce":"7782f07d1ce3bd345b1de3b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"84ab5f4bae8b3f25cec8cf68a892edec0f727e13f433439754cd1800f812a586c6ffa4ee38eca4d3ff20e8ce83","nonce":"7782f07d1ce3bd345b1de3aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"437089b48667f8facb1917ec409b26e90c5baef9f796d68f9b8a39063929b14a6dcc69cd0e6c6eb94ef8dd3ddc","nonce":"7782f07d1ce3bd345b1de3ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"4746df437a785ec5b560f3b07c214c80826682eb452d4f2f1863975ed29128ba7ef8b0e4fbbf2371cf6b07e4f6","nonce":"7782f07d1ce3bd345b1de3a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"2d46d5942fe946d40c44499fd6cecb0d27b25497acffc5e79fd04ce15be0557041a30c0ad0f010c7e9af1248de","nonce":"7782f07d1ce3bd345b1de3a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"d74c61bcd9cde0fbfdc4951d53cfbb142e2c055db0a6d7ca95b95276a33f732b0d7e6eb592c05b16a8262907dd","nonce":"7782f07d1ce3bd345b1de3ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"2720bc2bdbec1def3983a8c9f25b651d6dac47377a4fd1d313a18acec8e33c379d445481d0c02d6350db2aab97","nonce":"7782f07d1ce3bd345b1de3af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"b2403ae1abb8a7c828bbba4451e9046964a384a906dd628be9083128605d047890b74a7e6baeccdd938cb5028f","nonce":"7782f07d1ce3bd345b1de3ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"f39cca711e390f5203763890d4ed16a93b95f72c553f2e0313c747c1363ca2b3571a59d5ba5502289725a8fedf","nonce":"7782f07d1ce3bd345b1de3ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"88859176da47e17313a18899951da8946061c2c25f1c794e5a7cf9b8b1119af26576d7affe1f366846dcee731f","nonce":"7782f07d1ce3bd345b1de3a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"73224be993c0dd949056138e6c34c72dfb1f78893a7bf9e3773fa611f1a34da16f3e3078069bb44d750d25bbd2","nonce":"7782f07d1ce3bd345b1de3a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"81fcb87d5bc2d523a1b5f9feda6572f17efa8d4c1debaa3dc0c44b3fe0fd33f8148f1a49aa782324b12903cdea","nonce":"7782f07d1ce3bd345b1de3a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"aab19a71dc4ac5d1f772470d1af3c9db16ab70d15cfb4f871aedae13c8b878b9479aa768b39e87c881a06add0a","nonce":"7782f07d1ce3bd345b1de3a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"9dddc41ff2ae895c0348cebfd2aa9c822f943e8bd4593bc29a0168a0a31181d800b240d3d94ee536eed377abfa","nonce":"7782f07d1ce3bd345b1de3a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"505840ff9fd280cee189907f0ea4f005a25e6e36b3937c119c0ccb1502586ef76dfedfc30546023148917bf8e6","nonce":"7782f07d1ce3bd345b1de3a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"bc25d0c547bcd58a87296e1344b740fe458e9b5c7a4a8baa5896fe5fed76720a0120d94a2fd35a1066b3f6f0e7","nonce":"7782f07d1ce3bd345b1de3a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"d3ccd1bd8885a99f204283f87076073fb8426240da60ac59ace4ac92ecc7d489848e147b47920bb1ca8e895612","nonce":"7782f07d1ce3bd345b1de3a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"85a4c1eb8794f6ac27678d279d056f9c60d7ed27dba0c3efa92afbd004f58b2426181d55a1d1ddb6eabeccfa8d","nonce":"7782f07d1ce3bd345b1de35a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"c4d1f3e633f43e89f24941d1ae6f2ed801f9aa08b40fb47eb4408b3ff5f9e5203f6ab6bfa506a2ad3f0b9ec13e","nonce":"7782f07d1ce3bd345b1de35b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"771472c0b8feb92d0c87ae032b9028b8fe54580d0f64ceaa9bb026d8508b4317dfbc5351f9d3700cf2eaa656e5","nonce":"7782f07d1ce3bd345b1de358","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"6d79ea08f69280e42f4ee8f3ef48ab54de75e7f553b9ac380b18d6ff52c3fc7422257dfd951e37525defd4ba25","nonce":"7782f07d1ce3bd345b1de359","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"972e20904c434483c8f8b5cae68c1410cb9550e8b6cf05eaff2f46a42c531ef011cb8db5ac52726b559dd49e51","nonce":"7782f07d1ce3bd345b1de35e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"7627dec318ee697b50e7a1c7cd60643df8c617072ce02d2c5b28e66e24e3d4707ee4d6da50cf4a9cff9596f6ce","nonce":"7782f07d1ce3bd345b1de35f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"85b79ed9d22c3c5262170976534e26d051df828457df687d08dbce8c38b8787e27dc01c2d18c6fc60e495cf6ad","nonce":"7782f07d1ce3bd345b1de35c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"7e16a2c7b5bcb0b1d9e1390a7326b9c1dc631b369b743e13c863859b40f665bcb2a1159afc3a6104f692f31e67","nonce":"7782f07d1ce3bd345b1de35d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"849c0a24c73adf63b865d92de2d0420995a5a2422cf08a5d33ee72e0d26304c41a3398231bdeedc3928298b900","nonce":"7782f07d1ce3bd345b1de352","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"fe9ea17efee00ffb6a5d763fe1e15d3de91a9ec028f02dba5b578d14c21d291e621d2e3dc0609fdce5e41a39b1","nonce":"7782f07d1ce3bd345b1de353","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"dbb95b8957b4bd948371072e9000ff0920e0a5aa8983a44add405d3c4ba731265eb3282bc2a4d2a58c1429002e","nonce":"7782f07d1ce3bd345b1de350","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"59968527ccad42206dd7f3600bee3327bea7d181ee526db315b886985f8179f67df6bdebaa9ae36fc1fafbc187","nonce":"7782f07d1ce3bd345b1de351","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"2bcba70d5a744ef2dc8d56451933f80921f44c6392b5459ba608ad1b2c31628a1c15cd8ece441008dbc9fa4d35","nonce":"7782f07d1ce3bd345b1de356","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"2d663fba6900a571d89603a773d048add35bb4b0844ff4f3d3186bb4a32787239ffd89748e3c1585f9724c4676","nonce":"7782f07d1ce3bd345b1de357","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"8a2bc376e24c58de43cf427bb0c0bfad35107f887564ca166702131338067ce077453919b5143d099627fdf645","nonce":"7782f07d1ce3bd345b1de354","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"75f5b2e3cc2de291a77521413a94b594517f2070795fe29fe3aa1a0b34a00429413a4a2f017e215b8d82e9f6db","nonce":"7782f07d1ce3bd345b1de355","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"4945899fbbaecf2d359ae0c2b6da806a9233a450ec672b18102667fd757d4d13daf90598fc7625cfd9232889fc","nonce":"7782f07d1ce3bd345b1de34a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"fd9741f9b7d3fe792a40ffb820252d68268f88a0bf7c8e540778a614a038511c6cbec4de9b4f8b94f8638d5a4c","nonce":"7782f07d1ce3bd345b1de34b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"9256a02787bfd1265074c3c80244c4bee31e8ee356d115b0aa6a314019c67aa37f8472cb69c0837d3619a948c9","nonce":"7782f07d1ce3bd345b1de348","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"3a0d9d5ded4c3749cb749e869e45d6f63039fec5afc1ac1b982675bee574b4b73653616263218b950cf6e1d9fe","nonce":"7782f07d1ce3bd345b1de349","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"84e9a0b867fdbc6670b942275729f7d09cce53e75d5ec12f665867887927c0cb2f37d2d644d53da70c7ebb3fcc","nonce":"7782f07d1ce3bd345b1de34e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"fa8fc6100353def3f6f6e76dc4929fbaae2f64f3b78fb272874a5d4ca3cea158d503ebd3ace0746fa7162a89c9","nonce":"7782f07d1ce3bd345b1de34f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"73df2292974b961b7e638659af391e106f7fb60c912dae13a7d2503b879708dff8705fb1a41785fccf09b551be","nonce":"7782f07d1ce3bd345b1de34c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"04170d152277bb4fdb8525c8355d671d92c0240d7b57c7a40a382f99f67c01e53697463b4e5176f2ae0738c96e","nonce":"7782f07d1ce3bd345b1de34d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"57357a2e072494eb2ec8213c484f21d1db9a55dfc863df77858d15d25b265ff9cc382ca5663816e992844c69bc","nonce":"7782f07d1ce3bd345b1de342","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"179fb4306405741dad72e078d541b34108637304943ebc60a5e59a85797c771b11be74b506e9caeeb1ec19122c","nonce":"7782f07d1ce3bd345b1de343","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"81d75856e1ad2fda341397de1305ed916f7cd949a0498bf282e62d30344ebb3e42c89b4e2a3c8802e072252a3f","nonce":"7782f07d1ce3bd345b1de340","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"3200eaa6ee3a2ce8dea7c050ca92313620b6b41ba9e35f225efd7766ab77ece5af339abf711c0b63f99db13117","nonce":"7782f07d1ce3bd345b1de341","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"d4cb6b9b65b8044e87ae3e69eab61f8a19a63ed15534307d64294e30273c99dd08f60a9d482b903a639ae250ba","nonce":"7782f07d1ce3bd345b1de346","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"5bca955a4cbed6f4b23976205e48516a25de65b49cda107b124111ed1571835e0b96d4956c9afec8522e750e2e","nonce":"7782f07d1ce3bd345b1de347","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"6a05996faabe10c87311e409a94c6adf9463edcc4b29895c7040fe9693c30b921b6ecf2afbf377649e907f86b8","nonce":"7782f07d1ce3bd345b1de344","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"a66f98bda920639a1c8ce1ef8896de64caae9b3b55db3ee44cb84208c2128dc6ba4ae02eacc103fedee6ce0f0c","nonce":"7782f07d1ce3bd345b1de345","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"c24f565661f214805c5f622371e808eaa996775506adb8ad25f647927d95ba30bed8671b8860f7329db469543a","nonce":"7782f07d1ce3bd345b1de37a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"2df6ee6318a63d701dffee294017b75d64114d0e063782fd81017e1ea4153997fad21f042fc67335bb4f255c9d","nonce":"7782f07d1ce3bd345b1de37b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"cbbe5f01634af7ae7e67409a3aaf972bd0f84ad01b56a4e95ee120026f5c4348f6feb687ae2a1cbe3b652facb7","nonce":"7782f07d1ce3bd345b1de378","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"4c43b0361f75a8c3d6d903bad8f9efa743f64355ae96d18247eed4354f96e7eacd7e6a18916eed1f632ecc42a0","nonce":"7782f07d1ce3bd345b1de379","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"11485d0a8121a3b019f93df28828dcc4064b5575b6fdb82f71db34377ae8c34346377d98e30097fd4b6802f727","nonce":"7782f07d1ce3bd345b1de37e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"0db6b09a362e7e2281457c0d48c94b2a23c7a934f1e1c5d4fdcd2694a1811a1911c19286e4a4d197e117c79a74","nonce":"7782f07d1ce3bd345b1de37f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"618e5feebd4c6d9227ec1803e96817ad59f493aa7ad4d71a115403320ad0d04f27ddfcb9d85dedf0735e3127fe","nonce":"7782f07d1ce3bd345b1de37c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"815af8efcc0a9ace800cb139fc878b3f194874d23269e134369b2d7d386c1b65c32d80ab447fd804b32cab1a9e","nonce":"7782f07d1ce3bd345b1de37d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"d314ae3490c884d244a6fc8c9e924ac5f4d423b4973789a45735431dacdef404cdd15cf5326b4e68f8671ec868","nonce":"7782f07d1ce3bd345b1de372","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"28b3510872210168f1821326ccad15caa87d9766a39d3f09cc22964e184f1a987ca63e88033f0341fcd72f3efc","nonce":"7782f07d1ce3bd345b1de373","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"36b5a01f035148819b44ebc1ebd98572ed3abe8784371d6ec1ca7a358b510d1c25bbee403bf56c391190571373","nonce":"7782f07d1ce3bd345b1de370","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"501bcda0c485d41bb10ef177b6d415fefb695b238264d9770780f761db47f108b0a4fae0aad80a9c166988fadf","nonce":"7782f07d1ce3bd345b1de371","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"6b239f6638e284f84f942cadd98b361f9fbb680e80ae8431625e08fa10ee8d6ba6ee54f36cd8aca16bc8c2e51c","nonce":"7782f07d1ce3bd345b1de376","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"d07ade2dee36abdcc5783b31697016866b9cbdd2e7fd8e98e2d0465e3a0bac2cf19dc43256a8f780f5d9c493ff","nonce":"7782f07d1ce3bd345b1de377","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"0f30ebbafcf1edcc649cb5f8a817907d1762fc696d2d187ffd5d0809d055feff300bd04d04574ebf790f53034b","nonce":"7782f07d1ce3bd345b1de374","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"39e1ecf3f2c143ad63dffe7fdbdf94d095a5776c295af1b30cdb9dcf3943cb3790148978f089207539989887b7","nonce":"7782f07d1ce3bd345b1de375","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"6cdf52c6aa1ca0889b8755b4be8457bb0e4c7554086997ffa91ab0f3e4b455db4c113f81529d817d2eb9092b80","nonce":"7782f07d1ce3bd345b1de36a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"57913a421feb70290bde003ca22816794b2b6399cc9d3dd0ca98a996dfd8139a093aab264f8cd189209a94b983","nonce":"7782f07d1ce3bd345b1de36b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"1a5d0c57d73d1c6829d988aa110899b7bea0048b2bc03d9091b64af3ba7afbc7fc995c8d30496173ffc9f34dc8","nonce":"7782f07d1ce3bd345b1de368","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"2f454a644d697dc7e2c5e6bb02f76633abc3d5ec75fbbc65a2e12cfbe59a3eb56b2ea0ad0c39fe32d92f8c27b8","nonce":"7782f07d1ce3bd345b1de369","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"aab0954d6d9f564e6d963a6894368c54f3888d7a04d8f04bfc71d3b1f2dfcdfaf3fb19390121ce271014648c02","nonce":"7782f07d1ce3bd345b1de36e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"25ea216b3e4bb5b945b10d410f086f38bbd0016f051cdfba51bfb19b8ae62a3b88ece9c807e3d0e907bdcea666","nonce":"7782f07d1ce3bd345b1de36f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"3cc6c0739f92d8ab7a7a685f7cca007eb37b82443e287ae00082c200b5d416e341326d4c06c23a2bc9f4525371","nonce":"7782f07d1ce3bd345b1de36c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"cefd57e529a3ba80ee3fd91ddab6782478a77dc8f07cd608cfa4a2b482c5201b8308096909c94ccce2e415bed1","nonce":"7782f07d1ce3bd345b1de36d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"9adc4abe5082586aa068d838f1c0aba1ed94b5976b4bb0f6dbf9f2dbac1cda540ce92948c38fb98f421564c7c2","nonce":"7782f07d1ce3bd345b1de362","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"be68ef1c097c275f22be91a3bed55254309c4a0191e7a80c78e5d070f50ce28ab802155317ab90725f68a5fe61","nonce":"7782f07d1ce3bd345b1de363","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"b448db220c7fd0cf8a2e6395d0539cd9f90c138084e1ae3bea5a5392d10a7ac45c2506d07caf19d0f78a54d925","nonce":"7782f07d1ce3bd345b1de360","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"8a091714c3dae502d6fa9662b09a1f38992126393e7a87293042a1aa0fb6e805a55b4e3740735a0e1e25efd5a3","nonce":"7782f07d1ce3bd345b1de361","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"4144291aacac0396ac6066ffa200b27e3eeee0c9e055bbd5ad45f98d70ab2ca5bb5e20f739bf34e969ab779ab8","nonce":"7782f07d1ce3bd345b1de366","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"cc21ea8bd7efa7aa0ef146c9cd846623f46897355f3af4ac9e4a6d7cd7a6a768197efff351e8f40618db529c8c","nonce":"7782f07d1ce3bd345b1de367","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"99189c029cbd2d414f2fd61cdaa898fc9019abf49ff1ec95c067cd887bd9d1471c589d23d9a0d03c8e2e130980","nonce":"7782f07d1ce3bd345b1de364","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"78e2515e6a413c7c62c2b4a909c5d4af1401ffc25808a686e8a990f972110597c93cd298e1367c897fe4523b51","nonce":"7782f07d1ce3bd345b1de365","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"e5cdd325b086b1b1c3d2779e075cfd3dfec472ef4b6ceaf61a1f7f4bfb6be07d284d8ff2db24270ef472a3747d","nonce":"7782f07d1ce3bd345b1de31a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"60eababc5571c9542a6bef27f66fe7febb7c7fcb10aecc39ecd67601bdb8979752f0d6b58c8e894652c8e480e7","nonce":"7782f07d1ce3bd345b1de31b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"4a0f13f6541c74a3690eec071d6470539a79700ea029ff9c61b4da56faa58741819f581a0a9865e92c3bdd88be","nonce":"7782f07d1ce3bd345b1de318","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"fd6b20acfb72621d5b63912dedf0feae4de6443b83d811f440062f072904670f5be94db550e96c1ab0a1602aa2","nonce":"7782f07d1ce3bd345b1de319","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"90cb779ed6b9f8870e31261cef3283976423579cb0bd5b66974e8209abb9ed2e63f60ef584169c67d2388c46f4","nonce":"7782f07d1ce3bd345b1de31e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"44faafabbe308408f069337539ca175cec5826ecfb4f1bbc1e02419efaa334d279a61b99ac1ee127a0c7fcafd6","nonce":"7782f07d1ce3bd345b1de31f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"5e73e3300a4838aaa345391bfa5a34f09008febf56d41a98ac0c7585e35afb17d59ecc32dc44aa98f112766f1d","nonce":"7782f07d1ce3bd345b1de31c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"0e2f7b36c8ad1ab4de63f85148292e7c2f1697e1716358bc8c12fb2c5221700535bfdef839b1d3f2e9d427124d","nonce":"7782f07d1ce3bd345b1de31d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"23af1a1e7f589fb195d25be8487fca8fc9cf15cf7318d089b2738cbb583f965eec755f867170d12192da4fe068","nonce":"7782f07d1ce3bd345b1de312","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"f32bf0fdfb3a63ccb76cc9fab782f6fe9d6b4fed782a1bedb023d0c14d3ad8ec4e998529785715d503f00763df","nonce":"7782f07d1ce3bd345b1de313","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"fe3a25c559e6bfdb09ab3f5bb7f94e952e1569e5bdd1173e0ffa9c1c9c0ff08d2546900e17783869caf67ea1ae","nonce":"7782f07d1ce3bd345b1de310","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"1bae6ed2c4ec89cfedc45ce67497721a749bb1a00571a6dabe2909c0901838d926fc5515c21a33303bb388e5c3","nonce":"7782f07d1ce3bd345b1de311","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"62ccc64df36b6898934d3b3fde572d4c0e0ea09447255d7911416eadd37acd0270c6b615918d5ec3f26fb5a4e3","nonce":"7782f07d1ce3bd345b1de316","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"0d205c8181bdece7c854efaf0ef2d2567313a4aeda6e18332a0184c14124e77ee7c1cd9b2467ca18a6b35bc2e2","nonce":"7782f07d1ce3bd345b1de317","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"2b6a72f0e63d795ce507d064986c24995ec6ad163d8140a5ed7b2f29351cc2d45b148e0d99ebf15040de70fb57","nonce":"7782f07d1ce3bd345b1de314","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"b8d809bd5598c0436a2db464b62fd6203c863e100cbb600bc5a696650841c29c1b099e4a1acc2c6d6df21a45d1","nonce":"7782f07d1ce3bd345b1de315","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"4b3f6181d4d8ddb19ba4f9b52900d8206ff8e97adf98f42aa2eac6089f6d16649263e2192512790d0ded19d60a","nonce":"7782f07d1ce3bd345b1de30a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"649b86b1f2d4a5832234815dbc9e4fe30644b8f5cfce4d45784e41c610b9b5ae71dd9fd76d9a91d000f9857957","nonce":"7782f07d1ce3bd345b1de30b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"51bb4ba68c9ddc0a5f29dc5a5b566938f3aaba574ce1964b71bcd25ea2758b6d7c1a0ea61c941b87d63cf63468","nonce":"7782f07d1ce3bd345b1de308","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"84e3c3d3e616406f8cdb983bb0a812676eeeb1d07324222f1cc422e38353567dbbb8141b763145e7692d0efd3f","nonce":"7782f07d1ce3bd345b1de309","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"eb41a4c12d94f67a7ff00b5702b8b2a0b543e82328fcae6857217d1e0bb58ec720ae995aa68c5e32b07102ba1c","nonce":"7782f07d1ce3bd345b1de30e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"1e5e7de80643961b006cbd9b5eddb6a4b8bf0c0c1d330a7cac67e8e55cd3878e5ca9505193355dea8fa5d2c0c3","nonce":"7782f07d1ce3bd345b1de30f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"6614ab9e4eaa945819499d2dd9b6d9d744316f0a0534322d781563d748575a5abcb411e55158102883f626cc9d","nonce":"7782f07d1ce3bd345b1de30c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"a5e29c18eaca5d5c8c30be3595b0ea87391c6b39b626797f903da35650fc0dc59df783d17e9a633facc70d3f26","nonce":"7782f07d1ce3bd345b1de30d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"8510aa5e432a5537f2486eef06350409e7f296ead985eb369e607e11398547c07e2817d0912e7826fd082cb52d","nonce":"7782f07d1ce3bd345b1de302","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"bf53acd6852c61d49eaa56ed20860944e11511fcd70247137f06eedbe2a16ef3557cbb73eae79de7e1bf20105c","nonce":"7782f07d1ce3bd345b1de303","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"231a0da37cd5151976f0ed0f14eadcdda8682348fb7529bef12dc6ca3cce3f24812f9862c4a8038f28a7b42bdf","nonce":"7782f07d1ce3bd345b1de300","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"82cb5e361a4ee8588956829bd673c9691e7ea8c21f1bd8e18f628a89a4617bf1c0ce0f8f1403dbdb47507c7473","nonce":"7782f07d1ce3bd345b1de301","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"d55e551b69cadfe6cb9aced9a2d97596c4661e69295532ca08fb1f9cc588f9c8ae60e0b42b0298a37e9f33fa6d","nonce":"7782f07d1ce3bd345b1de306","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"7a1da4c0edcd8d60edfff3975aaabb23a98fa771669ce15f775f72105a67f7efa670fbee0f90eccc119f14b800","nonce":"7782f07d1ce3bd345b1de307","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"adbb29e4878ad90d56c8399ad5742b007c9dde8c39ae54eb74e90eae5ea743440a7912c183c9423ebe8fc2dcc1","nonce":"7782f07d1ce3bd345b1de304","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"e0cc252252d55b7adecd339f9e31761d81400179977bd08b0c761dd6a76d76e5a3618f81f7ea51f9d450560e41","nonce":"7782f07d1ce3bd345b1de305","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"f5366fdbd44294646db90b0cf804b95f1999e9a423a2eff61834d984f07c3048a0d6abd9f08e8b44ed3603ac87","nonce":"7782f07d1ce3bd345b1de33a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"db6004557af3f317465fd666c5fe747a56ffdbd34daea2789d0a76f4b64ba7bb1f5abb078b8f561d9dfa58840d","nonce":"7782f07d1ce3bd345b1de33b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"a87b93ff87fb2ddcefe86964a6ae83bf33f5f5355eae334e5e43be747ab973e6cb987bf2a2121166ba71c267ab","nonce":"7782f07d1ce3bd345b1de338","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"41bcb9177baa9a7f0f3d06306f288740a5aa16023c4c308d0fbd01621fac0c6010c00582de092948fb9ed1e865","nonce":"7782f07d1ce3bd345b1de339","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"e406935bbff34d255d4769dcf44e8c9570b26a04196d3d06e73a3b0254cd5f04d6671d7b0761ffdf46c0854c53","nonce":"7782f07d1ce3bd345b1de33e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"ca3eaba217415008e2b2472e2ddf536d6f0454aea1212c11272d3ff24b7f8a55a191b52cfb7c2bfcb6012dce73","nonce":"7782f07d1ce3bd345b1de33f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"b0f5adb5633b19e3c1d3d927b457279ddb3fce9ecc6c4097a8ba46212695cc1350cc07444994a894289f99612d","nonce":"7782f07d1ce3bd345b1de33c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"d246fffbfad1ade5d14dc3cf311e32adef17f83abedf497c67a896d49f15d474f400e93aa331fa569080b00068","nonce":"7782f07d1ce3bd345b1de33d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"f1a08dda98951c0a060cfbf25dc1169db5d49acb4f97e936e9becfd7f7abc4a47aee9d8bc433c053f2382745a6","nonce":"7782f07d1ce3bd345b1de332","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"c6d730488dee3b69cd0a038695c6576eb488c7d595f8b8b7c2470e1b17470386683470416fd7f20e8c926cd8f4","nonce":"7782f07d1ce3bd345b1de333","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"ecbf803f56bd92ad223f1439a3aa4404a11674ef6c6c97a168eeb8d1671102295e89b173ff5f2a6b4b0b2e6e33","nonce":"7782f07d1ce3bd345b1de330","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"54aa3000658c02b6968d8b39c71ce580ad5175ab91cfd5c6656118488208f96dcd5491fe4b69495e05ae09d6e7","nonce":"7782f07d1ce3bd345b1de331","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"3c2aea3e9621e53819ca4676e1fd345a9a12b2917f03545977313282e9c5ddb9b4895905051ade2e018bd78f37","nonce":"7782f07d1ce3bd345b1de336","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"9a73c28f442d46fa13c5b8473ad53c8799e8d97e19dae274de9d750a3ec5ee035f9bd064bf998c36a7ec5314e4","nonce":"7782f07d1ce3bd345b1de337","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"7b57b97da1921a466a4764039a9e83c260d21116af9c8d64c39ac3515bebd61754199819d8a45f0f9ad3f0daf6","nonce":"7782f07d1ce3bd345b1de334","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"c432cd7a76e605f06dd8b5516f52a6144d2c54d0e3c177a424d6291e5bf6c3290dff3ab7d29dc8fd9d70b20521","nonce":"7782f07d1ce3bd345b1de335","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"21885f9b96de27d106c4aa81519eccefef6ee6584c7902baced1d071fc029d3b3f382819dc12d9fd54b055a99e","nonce":"7782f07d1ce3bd345b1de32a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"3f487b3fa8909fe1c96a792007c4072139531189790aafeabba00cd33449092dca71660c80a26ccf9258b8d87a","nonce":"7782f07d1ce3bd345b1de32b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"11e2c71b5b886d12564bbc8f7ba66f812ff9a04c826986d1b4f05ddf6d5244f1f53f074770420810102ee6846e","nonce":"7782f07d1ce3bd345b1de328","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"8517dce77d464c9e6c001918a81224f168a230dea384160cac369a12e6a4d8b83ef795a7056cc34c5be8169067","nonce":"7782f07d1ce3bd345b1de329","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"e5d7bde8ea414f022890807906e9c0f2c802f9cb87a09227a58c3817a7f6318f38d4edfa27c226d18ff8b943df","nonce":"7782f07d1ce3bd345b1de32e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"a2c90d5d693541a6fa514d061153f4cb90d33cb2c777db96cc82b26c3bae5514999254ffee4e81695755aebe7f","nonce":"7782f07d1ce3bd345b1de32f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"e0a7171d41cc5d0bb9e19a246740b896225c433fa8402a0dbf7c614af2a97af67c120f012b23c6441f5634ebb9","nonce":"7782f07d1ce3bd345b1de32c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"19717715ae368c9253ecb2b64cef2c38e828fb4da430afab0bc3a8ea76bf2ebe3a08dff1b5703d8959a289bace","nonce":"7782f07d1ce3bd345b1de32d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"da2769b8a6a623fb9633cfa6dc5c17cb22a4a75f4c913665ae847591f811d8545f632a12589a2977396687963f","nonce":"7782f07d1ce3bd345b1de322","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"c42d1a4a1438e05c8e97a027b5be356af2eff3340f29fec534b6e1049f2d7586bd125010b4309e18d7433d0f12","nonce":"7782f07d1ce3bd345b1de323","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"24d709669613ece011315cbec06aa1d5c4c08f54603b234a87f121b95819e4b250dd6bb079f8d4edbdf3939eb3","nonce":"7782f07d1ce3bd345b1de320","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"bc9eb860e96b126923df77ef9bdd76e835a318b3e2f54df1c20076d513035601ff13f6b1adb109717431fc4271","nonce":"7782f07d1ce3bd345b1de321","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"f6f3102c4a3ae05701e4112e98181f4cc25a122376201ce609368397fa2d123da3b70b65c66f7f2af990fa1e4d","nonce":"7782f07d1ce3bd345b1de326","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"3cb67d4714e8f3358f506678d7cde5744d43b3e84775d9d8e9a31825b1cee14590c3a2290bed6e23e496575f00","nonce":"7782f07d1ce3bd345b1de327","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"4b9ead50921d24d04abf86ed13666404b208f48d786323d14bd971f3b52dda25b104bb305d0c05d5bc5e3c6701","nonce":"7782f07d1ce3bd345b1de324","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"bb257f8c96c71e109813e5b84b30983fdd54eac012f4309b8fa7361ba19a7f9cb17f3d3748753f6b5a294e230b","nonce":"7782f07d1ce3bd345b1de325","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"97bd4ea0478d8dab4f1c89d25e06d166c51670dbfb1b8287794a419d583f5cc40ee7d67fe504f5530f7f1d3d80","nonce":"7782f07d1ce3bd345b1de2da","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"243c7c7b1461cd6c8640e728b32ae1a6bf9ab58ffaaa21d3e048bc385dd54008"},{"exporter_context":"00","L":32,"exported_value":"a0e09de8c298866898cd022934a8c5e3c9cb4b35e483b40fea76518682b822a7"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"cf3817737cfd63c25ff9fec3541fdc0ed2a7279dfc5cef3cdde9a18648644808"}]},{"mode":0,"kem_id":32,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"a0484936abc95d587acf7034156229f9970e9dfa76773754e40fb30e53c9de16","ikmE":"e72b39232ee9ef9f6537a72afe28f551dbe632006aa1b300a00518883a3f2dc1","skRm":"bdd8943c1e60191f3ea4e69fc4f322aa1086db9650f1f952fdce88395a4bd1af","skEm":"dc926085fd67a0338320c3b47944b56eec296981d646ab5e3492e3460bebaf51","pkRm":"aa7bddcf5ca0b2c0cf760b5dffc62740a8e761ec572032a809bebc87aaf7575e","pkEm":"c12ba9fb91d7ebb03057d8bea4398688dcc1d1d1ff3b97f09b96b9bf89bd1e4a","enc":"c12ba9fb91d7ebb03057d8bea4398688dcc1d1d1ff3b97f09b96b9bf89bd1e4a","shared_secret":"96fe0a805d100153533f0646095a652eecb19346db433089666ee539a796ffb2","key_schedule_context":"0088e94c0aacbd6d63a08e547dbda944bc1146d7483cba3d5ca0b0cdb26d2fbecd0d6d8d55178b4dfb4a648a4e3e54adc05dfd4cb2a845712a74539ccee8b4f781238f3e66e519a887ea3a0d096475a5defe5bfd1d22ec386b880d050dbfb6995fe8f7d1d0c661c4e10698687f757b1e981cbf025920074204ff660b9f490d7594","secret":"120ad251946834ca78e4d6bb59833e741b49cda5f2a73e3e81ef171453f2de8288459c12b14ee581a5aca143204a54ec118783dd89b022714ca93c6fb316ec2b","key":"f3354d286a48f67ca0c22029feb446938efb1b9b8a410852d7bdd3404acd0c09","base_nonce":"d654f65e557737ea2a0b5489","exporter_secret":"74536eda135901a81409ab3f8f4767d2cf41933136bbd194427cec8e6fe2253f3ac0beae54180a7837dea9277a3290749777f65a874fdd2ca69c7ef5ee5bbcfe","encryptions":[{"aad":"436f756e742d30","ct":"186cbeffd80fd68862b09d968a944c9f1ecc1c3f5dbcd1e26973ec30a9856f006f7bb472c3e30fff57ced669fc","nonce":"d654f65e557737ea2a0b5489","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"26f19180ac025f865e8383809317e472474b91afbdbd0e402800bca5c299157fefd833aec48ec220eedd683c31","nonce":"d654f65e557737ea2a0b5488","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"f88e47ddcc2c74544f29072db709386e2f87885bffb4f2a79ccde9564b76231e647bfa12e7d25949a844ec4e70","nonce":"d654f65e557737ea2a0b548b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"9d23dcf162e5d396e32103fdb2bb07dfded848055d4fbe81b2c1e7ca7566cc12f1587e6af96930fd292ca84cc6","nonce":"d654f65e557737ea2a0b548a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"4558f5d21269e98b9594f8c07654785f368062beb1cd4c139e58df02353c2f123e6e553f3e39241dcc91f95af3","nonce":"d654f65e557737ea2a0b548d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"38f8fca1124710a32ffe35010c57c6ac78ee3b93e18345b7c8c109c89752588670392a133ba99faf8a62608135","nonce":"d654f65e557737ea2a0b548c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"33e9b0a2c32abcc90fc187bfb74e7e00a96538e69ecd6792430f57fffce5dea413621677c7226ac34cc1b2cb4d","nonce":"d654f65e557737ea2a0b548f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"9f45d23a24c27bb7858cdf6c6c46ba57d8750973c2d2a4842b9951b61131c868f2a4b1fca780cb18fcf6cd4a16","nonce":"d654f65e557737ea2a0b548e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"fe2f4fb0b3836383c5b522eda7f4646477b7d4c3689bb2bfced5112c456578744f7af7c9e0dc79dd2106cde393","nonce":"d654f65e557737ea2a0b5481","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"6c013c371f068d86b237672d790510232b05fb030c8c1f7e481b18c323f350eb11f2bccbab3fe4c1b028a7ecec","nonce":"d654f65e557737ea2a0b5480","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"e13c87df8c4cd7a5f2662aba3a1afbf4b322445615bc2a2d64f3f2ab6e3bdab655f35ebee4ed48dccc488e8dcb","nonce":"d654f65e557737ea2a0b5483","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"1c2a89e31bfe3bec520b2fe7b26d36e73504ce82a6f9ad046143843b4a152ed07cb992ab4b7c00ae4ee5994a53","nonce":"d654f65e557737ea2a0b5482","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"5fb52d2850907336e2c7974909b76ad6b48d90584665999c462efdcbc40d9e4f3cde4eab9bbb48c1e56d6fac83","nonce":"d654f65e557737ea2a0b5485","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"c5dacfa2608f93fd541a3a9ddea2cca8a428080d8276327015a31e3e16f70bb8a1130a54a8163c302d259765b9","nonce":"d654f65e557737ea2a0b5484","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"f1c51950b5b5a0187bd90056b14bc0d26cf737c3cf174f95466b0a3728aa00c44474536df0e7affee1444a5fbb","nonce":"d654f65e557737ea2a0b5487","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"ea7278c42a7cd456d3a02f67cb2d64bbabce34f778dfc39b4dcbf94f620bf152b31301d5169913b01a0674d5b7","nonce":"d654f65e557737ea2a0b5486","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"ebc29cbe66a3aacdf1ff3bae20e1125e79e84c988b5d8ed19fa5bc7d990e515346f940b9adc5d3f9a95b4691ea","nonce":"d654f65e557737ea2a0b5499","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"c5989a6596390d57c3e1fc23864f9ec9852301ba6fc86638755b33c0546fad71ed15d633a7d2808da12a920fd0","nonce":"d654f65e557737ea2a0b5498","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"852b50a1bc1b68ad5e3b5960c035458db59a6223810e0dc9e7d114f95ef1ee1c16363bcb6a9e5f17a79d0d5ff8","nonce":"d654f65e557737ea2a0b549b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"c180259755ad72b436d79525c942fe41867d46750157e1eda5ee060de7abad190884b948cbeb08030379a7a0b4","nonce":"d654f65e557737ea2a0b549a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"24dfbe8d3cd130abd22a41278983515abe12f17f3446d51f1f55d5bce815fa95a82b494c652d0c69043487a90f","nonce":"d654f65e557737ea2a0b549d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"c0bf2669464a631b23cbd1d5f704cc42c1a19a64d3a1f9f2c3c1e4d2a0c229a0f5587c4ecc07ce435c6d2073eb","nonce":"d654f65e557737ea2a0b549c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"6848ce2f05cc098d5f3515ccc566548f9718ded55a897b0ca1039b5512d6f2bd390bd93734e952713824f81a5e","nonce":"d654f65e557737ea2a0b549f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"55eb4f8ec9922072be11ce6f5665d9384135d322c2593fe13875e3fa02efa4a5784309981802b5cae29ce835b6","nonce":"d654f65e557737ea2a0b549e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"f7ba4603bc38855eed1d6118ec05536730fa63c37d4ab79369d4b5be8585fd3c713bdada66f49924e0ca70d6b1","nonce":"d654f65e557737ea2a0b5491","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"6dc77fbfe835452a570d11076b427bf6c3be92d1bc08e300344c30fa98e1c335c1253bf5f7f7ac76419748cb91","nonce":"d654f65e557737ea2a0b5490","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"7b0c8eda5023f3395d8afdee5d7f493f32404641d69514d6c962dc4bd29ff712f148705450fe4507148b33b5e5","nonce":"d654f65e557737ea2a0b5493","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"f89cab186bd52c8f2f5b2dc2a8afe238baa2600f54292d74948c1de117ec6ff5bb26cdd4351bcb50241f257694","nonce":"d654f65e557737ea2a0b5492","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"74223b394da1f105e862d3f0709e141cde1e20a3328762284f7b8b92e29ee62db10db35fee0b8b4c6724912343","nonce":"d654f65e557737ea2a0b5495","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"a41acfa2b687547f3b135740096667f62bbf96104ee8b301c323999c66369c4b68b618f3f7c25af45234b1259a","nonce":"d654f65e557737ea2a0b5494","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"1c4027a235df24838881d519539bceeb9e880f2ca0c54db6e42e697495939961e9dba5d315730800d4f0c40237","nonce":"d654f65e557737ea2a0b5497","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"3130e9b1d40d43bd1b1617d37d2813ad732fb3f900792cfc3b0fac92b68b2e7276ca65aed95a1d7062ea852b07","nonce":"d654f65e557737ea2a0b5496","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"44910045afacc1923039e468e15e04f195615423f4f53309c586d97b8ec3ce7d1a25d82ff216aa4d9ae5167f7b","nonce":"d654f65e557737ea2a0b54a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"0afe4640442368d619c0c17f8f1403debf06cb3b9922062ff8a8a65be17f6fba1b88c9b1ff77a2f0be56fca0d6","nonce":"d654f65e557737ea2a0b54a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"61f25bd062bcdc083404ef3e045522839d07d3b48834caac85ce53521c826b6cea75370eb955e4058b2a3bc1ef","nonce":"d654f65e557737ea2a0b54ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"1f6f5017103d377c0362d6d1887b5e4d502e15c6a5cbc293aff7311bffd5ba03869aa0cde94ecab38b800563b1","nonce":"d654f65e557737ea2a0b54aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"ecc66f5687132214b100733a27353ad784be0506760ec93261469d24200cac5f924176d7378f3faa469c081cda","nonce":"d654f65e557737ea2a0b54ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"b6c99629da2aaf1c42814697722307b44db728677b898d8f72afa67e7d3eb5d3ec5078bcf53ca91681a55de903","nonce":"d654f65e557737ea2a0b54ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"d34b691bd650709ae13e16983f74a46b0e566d6301cbad2e87d8ca68a5a54186428379f725f7ad7a344d458839","nonce":"d654f65e557737ea2a0b54af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"1e11593a5f6b28554a4f5959b9747a149db55d2256462be8b525a49efa07e1d3d1e3eae3bde7601dc19201f4b2","nonce":"d654f65e557737ea2a0b54ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"db40fa35e6ca677c6a4aace211646330ed8275a7ba613fd8b1495bc0c1696dc4d2d4444ced60a4c2c5edad589c","nonce":"d654f65e557737ea2a0b54a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"89619bd6ae5290be0a7386cdf09ed446e28f69ff39c37303acd8f23d022c5c0a889cc56c06adaea230295ca220","nonce":"d654f65e557737ea2a0b54a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"d33903d777e474deb2ef667e10e440f6557a8864d471c0f40e65678a7233b2a7b26bc4a4bd153e685375095856","nonce":"d654f65e557737ea2a0b54a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"e63bebc704def827a76c1b142625438e5ab174635b00d85fdbc9775730bb0f795791d95ccd8a40571103782dfe","nonce":"d654f65e557737ea2a0b54a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"a3ca848c9d6d54f264b55706e13ee957a0dd748a21e71d2fd7227945c0b41321f46e0b14ee3cb3c956163d4ea5","nonce":"d654f65e557737ea2a0b54a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"deebfaf94c7b8a0bc2bb89a998dd327789e96007509faa59b8ab9c14e17092f48f2feedd73341aa36427fe1106","nonce":"d654f65e557737ea2a0b54a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"961fec94c97d5bd79122e0f1c8e19c4a982f8a697dece0ffe6e97eb6e3f5aacb8d53c005f5bf7e5ab7785eb0e5","nonce":"d654f65e557737ea2a0b54a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"8d9969b0b42fa239752e2867db03efb18b8a70000bcfa05fb39f16fa13099c3cd5d28784c52ffbc597fc79d1f4","nonce":"d654f65e557737ea2a0b54a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"212ceb40ff9dc0bc185235dd266cf9b488392a322abfa50fd2304a9ae654e2c61e7e41ebe04fd184d406ba868b","nonce":"d654f65e557737ea2a0b54b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"58c6b0fa5fb708dd3b200fc54e7ebb42ad0392349e7be4374c07a586300ac8951fd814e131f9e35eda427e9884","nonce":"d654f65e557737ea2a0b54b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"458baf3756bae5d68db2d4cf8bcfff34aa43941a6bf582d8773c511bbcfba78d49dd977c457250f9842e879c33","nonce":"d654f65e557737ea2a0b54bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"5ffa0d2e410029c7f72f7de4fcd87ce16d2cd8ff89c0a75d43e4e11679ff7947acbb5220679f512b03cb34da5a","nonce":"d654f65e557737ea2a0b54ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"447a29ef75bf3fda7db2c86626344aaebb6c72e8dbaaa24811a9e3491ea6df9f46e377c62997a919aaebb52699","nonce":"d654f65e557737ea2a0b54bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"46efabb264ff6e8da0b07e2a4acaa00044a9fac04f07124940ab26e599e3336a03aaa461d3e052824d0d62752a","nonce":"d654f65e557737ea2a0b54bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"9a65adb4f86f0bb5c1787afca8ae2204ec19abef322065cec9e01a1abbacbe32335da669087bb14a4c5733bb5e","nonce":"d654f65e557737ea2a0b54bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"6caba5d758718c93d1d68de16799c4f916680f0419ad123f7ac3491481963ca941652394dbafbf4c1a1c8d7a85","nonce":"d654f65e557737ea2a0b54be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"b6c159f488f2626b2997d1dddd84efa0559a25b5ee3f8f1f6b727d7d136a128c789866e5d167bc04e84991c180","nonce":"d654f65e557737ea2a0b54b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"138b5a666975fd80439a9d7c1a74409149c6dfe57ab2316b1d0c1f5a57513c91ff4beb387292065862e04f3db9","nonce":"d654f65e557737ea2a0b54b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"7e0bb1f6d97ae2cfc07e5e893e6f1f6c441cd96fe6822528389446d7806a2992f0ade7996a64c38255e18d7f9f","nonce":"d654f65e557737ea2a0b54b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"be25e65912f45dcc2775b2cb11e9453ec296f0c6ed56d49ffcaf5f668d3508a3d73b53d87f83e7f6b439abac80","nonce":"d654f65e557737ea2a0b54b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"029b301636c541eca40657c79d4ce4ff2ed13de9fec2f473a6018513903f55fa93263803155fccc8419e020251","nonce":"d654f65e557737ea2a0b54b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"e9c682e22d43bad7b20c2845932cc9ec969dbfcc7a8ed02a2808f94839652b60aaac943768d0e3ad07efb85eeb","nonce":"d654f65e557737ea2a0b54b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"08ce625fe9f317b8127c11b53ea1d5aa61d6abd53836e67d6a824443df21bee6b5944aadbe1640f2f332df5d73","nonce":"d654f65e557737ea2a0b54b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"f1060a410f173c7a9bb1a433b7e7c1a159abce9f4c9e791cb8c2b8472208ba904393157bcb9e922ccd3a08d9d6","nonce":"d654f65e557737ea2a0b54b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"2c38c637c0f0ff54b9b900137d5bd79cbeaebb7bdfbe43e392432a7d9d16e85e0c3393ce62f2674a1311e13a59","nonce":"d654f65e557737ea2a0b54c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"09caa5f2b564687dc3d5132032806d506f38a15ea021d16a91bad7d61c235567714639f81728d9455f70982dd3","nonce":"d654f65e557737ea2a0b54c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"048c024e7630cf92d98b54fea93380ebfc8e220e39401731101808bf8426c0ea13e8c3dff1de6763ab29d85140","nonce":"d654f65e557737ea2a0b54cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"24d09febf9784a67f1186203041fb94ae19acd5dfee354b15b828e0ec358335b5ea176938c41ecf47c24ba2dd0","nonce":"d654f65e557737ea2a0b54ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"c4abc9f5bb6dc45496ec3ed8122b1b919a0ac2eb136a2645ebcd18e2c3016a402c923a5b43cc2a26d09b3c471e","nonce":"d654f65e557737ea2a0b54cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"66b69f4173fb80e0bfe3e7e323889f25a26225f023c1fc179c3314a76a5ec3f5f82007fce6129b402e2163019c","nonce":"d654f65e557737ea2a0b54cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"cdbf6ca049b25706dbcf3bc7835b5551734e2ca20b208f44ecc10bfac77dac5c54abfe8016cdb0f31d41e5aa2c","nonce":"d654f65e557737ea2a0b54cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"53fc60dd4086e20b5061a0afa8381fdebd5873a3eb40de64efb5377c1a5b52058e8a3d9ace95eccc62de8c11b8","nonce":"d654f65e557737ea2a0b54ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"d3499a557a9da38748ca38da586e8bd871712db885cfdd8ad02cb485d481eabbfccf734feaa93fc858c6ff6858","nonce":"d654f65e557737ea2a0b54c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"88b8ae39987a071e8f4683bff005617c20820ec0285fa36aaae1efb9f458036a7b47214505ea8704b65b0426a8","nonce":"d654f65e557737ea2a0b54c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"801e42709c750276752cb423d974d9ca9fa9f2ff390f624d1747754bc4c9738e93fc16e9eb7542f54c256baced","nonce":"d654f65e557737ea2a0b54c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"da528b72098b7aee0bf4b4fe3ce54c37c329c49f95d629e1413b5078893d6efcac62bf9333451fdb7526f8bb88","nonce":"d654f65e557737ea2a0b54c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"c908de35b076beadb5adf1fdf8af702bb331fd20261f770a785005bd810b1ce2b7e9dc4024707d3a4b405205df","nonce":"d654f65e557737ea2a0b54c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"6a9569fb767216f45fe3726d562cfe8bb337db80eeb176adf57685e57b5ee5d2be1ef6047283793abc65784a74","nonce":"d654f65e557737ea2a0b54c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"b3ce40f16c968b994a50f28ea635d4c12301d20e50fc1eb49bd71f82cfe50633c4d66bdeb745b9a08e92478482","nonce":"d654f65e557737ea2a0b54c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"d1e89933eafec57a7501548e85911784a5b4257ecdcb9fdc04d29080b94a5a426f5f9039d6b9cc62eb768bad7a","nonce":"d654f65e557737ea2a0b54c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"cb5336ffac15f68903dca03f147e0c1c20b684dc92168b63e62f6440ae8edb1f488e0643f35a2193c28937b353","nonce":"d654f65e557737ea2a0b54d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"a2578e9f6910a3d49eae322e7fd5c4cc62f4c1c4fe40b0cbc2885c1197b3e572a5453edfef07b6500c227c0771","nonce":"d654f65e557737ea2a0b54d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"4d8447aca6e6eeb02df5d5ba16c38478472c77f0cec9597718fc02ac0170b58579ed9844f5c200ed62a2dba756","nonce":"d654f65e557737ea2a0b54db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"8ef4837a9b798a1e48cbb318ce49821b465b3f59c8c3ea77342f68cd79e8d448c633d9449511b93d5a87f83011","nonce":"d654f65e557737ea2a0b54da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"739182731cbb3383cc657bb47ea152a69ec64a36984edc8cd9eac29c7a10aceeddff8543309792c8b2f390860e","nonce":"d654f65e557737ea2a0b54dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"21cef0074bc0640fd2b7b8dce6372bced356ab8e9096f76559829e32679805b0a2100f847222c1288788f640f6","nonce":"d654f65e557737ea2a0b54dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"3c24d6e8fb4544f47f54238adb78bd48497877dc6c1b4950bb546c0b92407615973803e4061af8338b1fa1cbf3","nonce":"d654f65e557737ea2a0b54df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"da6c7b098584db56f2120b26f6819a0d511aea256659fa1f13bd395462cc4eca9e711de7c96fda0b182a3efb7a","nonce":"d654f65e557737ea2a0b54de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"9821ceb5d594c96da60a1a8d50b7f6031ac6633c4b320a6e256b9754141a7223ceb5d95d322d249a07461f6313","nonce":"d654f65e557737ea2a0b54d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"d33112e072a66fd14ce769926d8744269560157d200acde38f8e4af1793fb7f5416ca7c9e392d0fecc2a0e4323","nonce":"d654f65e557737ea2a0b54d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"2ea88e99fe3ad9c0dda49bac4c1bebbff0e55df8b5ed571cba48b2b08adad447e08fd06fefcadb836471ac7dbe","nonce":"d654f65e557737ea2a0b54d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"a41f3ce0747ec2b3942fb733b97c803ce9da369dcde5140f7b96ca5f849371ae58253c3d3a317c7f5209793564","nonce":"d654f65e557737ea2a0b54d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"c82623ad5ed66603f13f2fae7699904fa3cfac7966c2c67e4ac9480c0aba40833139bfea726813e098797d7fac","nonce":"d654f65e557737ea2a0b54d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"79ca4aca2b861c98bd27b7bfda0c4adc9bf239d73989d97316c5d2b99a2e9ae1223a4bc3356f15fe10faaa3aca","nonce":"d654f65e557737ea2a0b54d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"cd5abad9e86886c44bcd920ac6d3ba95329c79c79477efaa12a5163371bd0327a2e13283a9f0668e4763fed596","nonce":"d654f65e557737ea2a0b54d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"5381a18152f436bf952df4edc3fdaeb01263b8d4d665217a05f42c221b0aac304e290a35da89317c54ec830b2d","nonce":"d654f65e557737ea2a0b54d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"3b95dab4e43d0efee295361bd7426ac83ef25c09f2e0379e2a4cf5382ab258baf6f19817be91c72d136456858a","nonce":"d654f65e557737ea2a0b54e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"aee65ef5b4e93e9538fb1a3c82c1e68183bbc945898859ad4b0acb8b81f1ee0adae1d5e8992ef5875d1e776147","nonce":"d654f65e557737ea2a0b54e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"7c3658f323bacf550952841fbe0e141824b91c5b1aa61de1144f7f244cb07d884eaffaa60af69fb84379c72df1","nonce":"d654f65e557737ea2a0b54eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"1a9d407401f8241312579d5007b5ff12212cbe96940ee13b381b541cdf7f0aad73adb92bf339c91f332d51cf75","nonce":"d654f65e557737ea2a0b54ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"a8457ba6a2de653ae741eaaded86ead7618897867fb8963b00f479bb5eb767762b339e9315d4bd8d99dc4e13bb","nonce":"d654f65e557737ea2a0b54ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"c0ca336f7005111b17dbb775a4056fbd24da0acdc030b226d58c9a0e33410f484e28d423e05c6fdf3dd8744855","nonce":"d654f65e557737ea2a0b54ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"9c19651d30f17010697d6a315e0a66176b6c9fd475c6eef74962c7f0ce71ae123a1bdac26ebd40a2367f85a442","nonce":"d654f65e557737ea2a0b54ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"60eb349b43d42311540e54cb922e77211c6b1571fad94e3982d6691542e01ed937640e4122a97c7334f8e3954c","nonce":"d654f65e557737ea2a0b54ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"7fd50977eb2fbad578e914ac57cbadc434c42076d1f3ee1ee2365183cb3b3cede39e9d010766c6174353f82d91","nonce":"d654f65e557737ea2a0b54e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"37a065753d1aff1c2be52c0e4617268de7e970d448fd87953ca033a545d6957f67b2f92251f6f00227bf227456","nonce":"d654f65e557737ea2a0b54e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"e5803980bae04ca4785d9782b6325f2bce2418bd4a8ae20b4bf62380ddbc390083e3c7df6f99480080c94daaf2","nonce":"d654f65e557737ea2a0b54e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"05ba92c646dde382590aa0f021d70972435a1a10827edefcf4119a52b612fc776f7e7441ae893f9a7df07d9503","nonce":"d654f65e557737ea2a0b54e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"58c7b31eeee7d5ffbe65f37b1584d59c9bbbe1196a17cfea041da6d413317ca2bdd2f8f9d9484ba792e421066c","nonce":"d654f65e557737ea2a0b54e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"a84fa7431fa33e9f5710cdefefa50a331b2b13cbc51da3e374873b3159512ba1e9afb30c6d7113a78068e33cb4","nonce":"d654f65e557737ea2a0b54e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"682abcc53d40ee6cf3441e57eb114f15d5760abe557abac1d9c269b02b1dbe12e2afc1bf044a9018442ae9a0bd","nonce":"d654f65e557737ea2a0b54e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"95f3655a030adfc3acf6631434095523be4063c4ea33eb631ac07c07983ed4d9c256da0eef90fbb4687cc91433","nonce":"d654f65e557737ea2a0b54e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"b020711971c81cc7971c05b9aeca67216009e8366e26e29fa26f243e63544f7b18cea374c0b367ba7bd3bf50f8","nonce":"d654f65e557737ea2a0b54f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"03eb485bdeeac010a0c99c1726dc31ea4f06da579a0f73f23248145026e2336f6c6189add8729db805c8059b34","nonce":"d654f65e557737ea2a0b54f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"e5d9b53698b5dc72b9e89406d398aae389a045607d042b9f7e859bc0ce55e25ed576f118910e56622eb9342f71","nonce":"d654f65e557737ea2a0b54fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"fc3fc2a610c16d1ad7824f304fea00b4bd00e82c453ce132f92f6f599cf8557bbcf6b2c8ce18a6f6794a8be06a","nonce":"d654f65e557737ea2a0b54fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"f53ed03157ec88cf544a61dd4d8cdea459ebdc331ac31d39029af72fdcd8034f68f2cf81837e26ba96b0044ab4","nonce":"d654f65e557737ea2a0b54fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"2746bfafff9fdfde233eca2dc437846cdfd908b3b817679ed1f001cd4a771d6653d8ac83a5d5a465e1ee24c22b","nonce":"d654f65e557737ea2a0b54fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"dbfa8d377554299a9cc84e05db3ba64828665881fc363b17c97d1e42f9094863b0d38a98cdc0674c46a923ad0b","nonce":"d654f65e557737ea2a0b54ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"3bc3d5e92651e36c908ae8ed49b28cf805cff86b1a512267b18d2d07396e876984ea31a4597a6b6a76cc31af96","nonce":"d654f65e557737ea2a0b54fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"6d3bc29c492c96f4f1c9183eb2aa2b6c03f0b4454cabf93e3c34c27bed9d99661a52ba12352ad70c0cc72dda82","nonce":"d654f65e557737ea2a0b54f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"0b568306391816e9ed8be1f0d61aaa66499401dfb1ef31d1b81b62c3c6ad7af52e1e3ed2d2042e3d105ee1c248","nonce":"d654f65e557737ea2a0b54f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"70a4cfc04cc0556bd625cdf12d9fd6305166f89d837570ded7be7cd484c3908b29bf7277665a3cd060f2bb5373","nonce":"d654f65e557737ea2a0b54f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"cb39fb25b719743917472b575f552f9bb6462cbd34fb599867a72ed1054acaf5dbdb1dff15cbff65722a0de4f8","nonce":"d654f65e557737ea2a0b54f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"48aaf92065df7ab950593034882ac8863ac71a59433882dd0a797d1dd77a76a973ba290a96734f7d31bd058fff","nonce":"d654f65e557737ea2a0b54f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"8f822d34cf3416551b60e038130516aac720e7455c48ab40d7e417d7344797b2b2fc9ef05305e6e08da7f90bbd","nonce":"d654f65e557737ea2a0b54f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"5d86b431b512b1d19705ca7b6cae00498f7c1202127519709cbb044c61f00a643e058589e83dfd34d7594cb419","nonce":"d654f65e557737ea2a0b54f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"aef551197e8d03ae2a9b79085be4795c8a4d324f173ac6b0d4f3b5359a0852d0d6b62840050f3eb2992e1e5d40","nonce":"d654f65e557737ea2a0b54f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"71f82ac00de8d8d633b2163c349f11c252110fa4ec04fcd0778227e2e320cd483e3b004d2e4533d55901ea8ab8","nonce":"d654f65e557737ea2a0b5409","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"68b0773a015ce5f87aa220acb46daff2c88d2efbb95f6e6f52528fe2ce347fe56509eb79a8d848648fe2221058","nonce":"d654f65e557737ea2a0b5408","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"140a64a4d9cba5016ca62a054b565b428e767593aa349b8ad91f1b8e5591da0a945b28a5400556d87e33802a0f","nonce":"d654f65e557737ea2a0b540b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"b21a58e4994a93c9a83b4c14f078992c18760da3dc45d052b4b8cffdefba2c38f4e66e7928e9b4c4af6f9309da","nonce":"d654f65e557737ea2a0b540a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"ce0c7929e36cca8b7a7885d52e85d5549cb20f43217313a81b9b9c60bb59166df15d9bbb618844c820ed79df2a","nonce":"d654f65e557737ea2a0b540d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"eb9d2fa71d12e9538ddda60c418bbafde7fd59fb5914a75cc8cd14fcb1d40f6d94861e3e166f030d28783d0e5d","nonce":"d654f65e557737ea2a0b540c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"4f35d973f30a527f667944b65a8231db30a31d6b504f0124577ca5df2211182e2c115281726ef6e4e15b2e70e7","nonce":"d654f65e557737ea2a0b540f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"fbf80b6ba74c01ca7bca548f3612c9830f10c3c1e365bc9d2c795e5ada50f4bda6adbf092a86c965d6b509cc5e","nonce":"d654f65e557737ea2a0b540e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"4151844b772916e7ecd15838e120e09aadaec2b1a605ee5299700c4d379aac3fb340db65b0ff4c8a9f984e5d81","nonce":"d654f65e557737ea2a0b5401","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"1d1bdb2539e18ae0785d5dac750024f6435f22877aa7d7ab9f48bef9282ec29d898c2561533b83b47137aecb58","nonce":"d654f65e557737ea2a0b5400","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"bee72dc62dbd9654a53e1188bb5d61e3fa141b7ef50616bf885f3e1a503742df8395a8f4ec20831c4f286e3076","nonce":"d654f65e557737ea2a0b5403","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"41bf4ec1339f4e860fd5ab2b83b25891e614874912462da8c58d267ecfabf643edc02897a08fe31e4bee6b93e2","nonce":"d654f65e557737ea2a0b5402","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"fc1aa77547a17097ee47a2569c388ff381025a9abcafc18cac69e64a99b383d2f0df92ebb8fc7543e93904f01e","nonce":"d654f65e557737ea2a0b5405","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"d48e6cf23edd500e67415d7d6aa4ae9fc9092cde824aa9df569c14b39e7cfbfd61c52eb31bd57f8ee4065ed5bd","nonce":"d654f65e557737ea2a0b5404","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"21c9f381839720727af371cd4e8236ba62691c608fedc2ddd9837d8ff4ed7f2ad5d18e7531b5c638651b9d0539","nonce":"d654f65e557737ea2a0b5407","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"350afdea27dfd0ff104bd604887d5a9afa9df19497593d90d01a1138cc6196098c15ff7ada4b7490eed625b239","nonce":"d654f65e557737ea2a0b5406","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"0e724ebdca81618e56865fbdc84f7dfdf8ad25690686d8e32cb021f90311212c7de5d6300f9d796b344b2c9e42","nonce":"d654f65e557737ea2a0b5419","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"b6b568313df5debfa498a2d6ed534aa5239a97596f89a8eb39c43393633e51b046ba5d9be8d28928cd9a87ef20","nonce":"d654f65e557737ea2a0b5418","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"fb93f28746cdf89c463ec699034249683311c0fd06be3445aea6b0463b067be34c686eed3b1b40433fe6e1ecfa","nonce":"d654f65e557737ea2a0b541b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"043299c2bc4a263f12a1a4be8ae03c8a12a2bc2c790857ac5393feb32cdf3e797abe3b24ebe6577f67e9e78f47","nonce":"d654f65e557737ea2a0b541a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"15365f9b19370f25c2cf0352752e0d103a5c4c7d9f3955f97f5bd053070c78ac686b0319ac3e58fb1687a3c30e","nonce":"d654f65e557737ea2a0b541d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"03fb808b56227229b4ed5b39c9d64aef49db957cd5ecf2ea3fbca0da80660341e5cc683a33a8fdb4cd867ed0a0","nonce":"d654f65e557737ea2a0b541c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"dd6cf1baef60076d380d5ff165f2821afedfb0f47df125daaae6db2f6f7e006c66942acd6645833b58386e562c","nonce":"d654f65e557737ea2a0b541f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"8b70873d89743a8c878cc367e2119e34886295855c911abc19732916bcddb442d9575614dac67df2d0c5bd418d","nonce":"d654f65e557737ea2a0b541e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"d20e4dcd47f83898618fe03d877b9d1e3c9d1d3a7ed18d5ef35ea902a2ada278909ce805098c1a31cce23c696e","nonce":"d654f65e557737ea2a0b5411","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"d9930e767338e9304b877d6c344cb0461a312155fc35fcbad5e0f76c6648d8d61ad06a84880f42c8c89a5f3d5e","nonce":"d654f65e557737ea2a0b5410","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"8ed5fc58073b138265fe73418f102a9f0d368affddc35105863ae0e9a3ddcf1b711fed9fb6fbdf0fad90194fe6","nonce":"d654f65e557737ea2a0b5413","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"dc0ce77801e8f4af26526fab95e78d95123f25afbc46940c7a93324b980fe033b26fcb6acacaf45da5fa48c9d5","nonce":"d654f65e557737ea2a0b5412","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"a5a2a9d8b063bd951d23db08205a83d966ad734355c714a3097607cd1e0da98efd585c05bb718df3f5877259a7","nonce":"d654f65e557737ea2a0b5415","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"b0897e737828d59bf578f8ddbda061b49a693d0cfd74e1c9fefd65462d55872d1a237102ddfa8b49c2b6333e88","nonce":"d654f65e557737ea2a0b5414","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"c37147469fc2e9eec982c54799c11c7f520a9c64bae9a9ddf3b4e61799c94329ce6b8394d84ac22f50f648ef61","nonce":"d654f65e557737ea2a0b5417","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"892e215bbc69830f6f436a5e59795d52a38b10c063207b5a5c0742e533cef641619c86499c7fca91c57cbce27e","nonce":"d654f65e557737ea2a0b5416","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"08c33257bca512d8729253719c7d305a749c6e0f56bceebac9c3ec80c4dae596b1f4876b989c96f433f27a6595","nonce":"d654f65e557737ea2a0b5429","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"5ca9d8c7fde472fa91cf28f090e234a718ff574471a6f9d28190181870e19ce9a4f1c8e07e8abb5105d375593f","nonce":"d654f65e557737ea2a0b5428","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"8c698ea80870c86907e277b69b28ddc8bcb91bcb699689732e32b914f7c6034261d85bb4dc43d93ab33e520428","nonce":"d654f65e557737ea2a0b542b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"7a5e9c40d0ec92a1073b783e7d3b3c6bb1f2ab00a5dfb3c79b58002f794cbaae78a17be81b182c066cec7b9780","nonce":"d654f65e557737ea2a0b542a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"2c50b10e59a4a813a200e0563729c93fc692184dd530d13c848ca0f7baf3fb914dfb35c8b1685322937f202313","nonce":"d654f65e557737ea2a0b542d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"852d2ab0336e253bb01848e1b580378f660d17b4320d57da02dae094efdfedd3dc4d4c257013f9418d3b524129","nonce":"d654f65e557737ea2a0b542c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"0091610266c2bbc2e3a557c4b4ea1332dd7057665310571f00d9a24ec6c63db4e93b8e3b358d9dfb5ca54fcbe8","nonce":"d654f65e557737ea2a0b542f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"d429f49c0b3fbec652d21812662b7142ddbda45f681c571190328b63855ab3ba4a5c09af1d25ab391d349664a5","nonce":"d654f65e557737ea2a0b542e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"8a55c6b3d8a18e4e56499385e8d1f8793d06cf6d19d6be547afdc8b52b89711590c8d38107b0dfc0d3ab805930","nonce":"d654f65e557737ea2a0b5421","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"c2169ec90f6b23f51e0e0678c27f2620c2ee94c6e7667164729f765a7e3b0d6b6a5ea9397af0521939d4ba625f","nonce":"d654f65e557737ea2a0b5420","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"ce9b1a11f643e614ff9939051968ad9da7c4bffaa400ebe4ab240e9fded5cdf4eb26914d9226e7488d9946ffbd","nonce":"d654f65e557737ea2a0b5423","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"33bbc3843e636c1ef1b1d75e8dd72f097995283386ee4b0cbe7ec501e57aa4f32c5577289432832a605785c0aa","nonce":"d654f65e557737ea2a0b5422","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"a0c47cf78d1a220f4d5f98a0d3be54c9f02ba085e32163572ef5df35aa7509ad79c545e38d7d0c1ba9e2cfd873","nonce":"d654f65e557737ea2a0b5425","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"7ef29ea45eb7b2cfd84f63707b1642e6123af23a689dbdb93644f3cf21299115433b2f47842db9de9dc8f4742b","nonce":"d654f65e557737ea2a0b5424","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"2f9a934be179603cc59d9504bf4e71e670613a89d68474f17279deb8671d4fb2fde6d501cecc63a26de5591e69","nonce":"d654f65e557737ea2a0b5427","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"2427d57e235c1b1280a69f6c915b064edf67d92d169fe07836ff18556f367d901947171e81f60a8237761053a3","nonce":"d654f65e557737ea2a0b5426","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"1098260f96097049e077ce24db8dac6679d08e8109daa27c94ff0bf9aaa56bcbe187fcd1bc12c922a2be2f9e00","nonce":"d654f65e557737ea2a0b5439","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"f5f12fd4633e31da5b4cda60cdd1662c4e1ca2bb1d41aa050464611e61b4e03d441226748fad744c43f6769a62","nonce":"d654f65e557737ea2a0b5438","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"6b21c2c67cae9ec4fe319154cbae83b79c2afc6dc6ae521674f9f207c0ffbd5256ec4ad3343b31b8f87c3aa5e3","nonce":"d654f65e557737ea2a0b543b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"2435f5082ef19f69cf61519362368f8b60a3b31a25424a01a3d6b086439a94c3e86d1ab5973b9b5fe89e2b2683","nonce":"d654f65e557737ea2a0b543a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"d2feb9704f31259d530cafbfdad9530719f1b243e1b2ccdd395927d927d02fe2f3454ee73099a24e5041d0a45c","nonce":"d654f65e557737ea2a0b543d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"dbad49a150e14b30a421d7d5e07ef9cf81dfe8ebb3bb26d9ecff25cd04a67b2e55f7dbd2382cddacc870792efa","nonce":"d654f65e557737ea2a0b543c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"967375b232431b8504829d444a728fc83fdeca3ef200bd1b2d035ec3c7ce204cc6d6a00a4a4a235c780e2c23ad","nonce":"d654f65e557737ea2a0b543f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"c9e99b0bf6ce5539c110803979ca09bba216846b397fc2bdd73c95fc7f4144b3e719d9d5716ef94248b5b842c1","nonce":"d654f65e557737ea2a0b543e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"a4c6d1e5ab31f09d679b922b8c4e22eacf7ac3491f8d0764d04b2def47b4df804bdf4ae057aa5274e25bd2bfca","nonce":"d654f65e557737ea2a0b5431","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"d1d9fe6e81346024d9dca9e5f54de614d54799ff5bb92ad3ae3f56ec5456c6ab4b1e4425fb54420504b2b512d2","nonce":"d654f65e557737ea2a0b5430","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"e5d436a310e616eb92fbb8281546c433512e3cca6de03615ea7fea19d7fcf146c7eb123f672c59a96ba28cb214","nonce":"d654f65e557737ea2a0b5433","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"b64028802a18d0f9d092c80f0db9d3abb07d08a943edafd3681a031f275690dde67d7178cbb0281ae8a607482e","nonce":"d654f65e557737ea2a0b5432","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"75994bb6b7c116e66043e1e70e8d9fa6e6619a3c689c0b623ee30cdad6a4a9f54a7c2e300c8101a1437da1c834","nonce":"d654f65e557737ea2a0b5435","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"e7aa970ceb2e45e30dd1888391cccd3fe5142b91aa2f601067b3d22366898ba5b6e969493ea075b42c6f8bb2a7","nonce":"d654f65e557737ea2a0b5434","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"da49ef966200eab796b4a99989fe34b784ceff4ad0427de6176a4e2a4439a9c5ecbc2ec344cc81e21289bb9723","nonce":"d654f65e557737ea2a0b5437","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"44e15fff2d4d6ab85fa41ac41db6179aafafb7ef92db6c2ae8411640b60dcc187e8c550d21fcf8238d6a1fd758","nonce":"d654f65e557737ea2a0b5436","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"e6f163686ca9a1eb4be207a9e6b82b33b451066892c39b52c784f9b16015f411b274a695e8bf4cf9812d65ee5f","nonce":"d654f65e557737ea2a0b5449","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"2d8af829eb41284a19030c38200e37a66bb2c299aca734cba9d41b7b61d143c3847ce1a524b24376bd4e54eb4a","nonce":"d654f65e557737ea2a0b5448","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"01272725f2101f127f51acfb6b0174f887d5fdd4131e97cb7dfb5d3344d0920ab488b9b966487573cb6a8807fb","nonce":"d654f65e557737ea2a0b544b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"966d45b4df2400b89e9beec619cb6d6b4ffe1a2503b94e89c08430dfb3e3833e52ee1f57946531fdb075b08691","nonce":"d654f65e557737ea2a0b544a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"8b21245c521e089c005dbd4f1e5afaada1328cbf5d935f897e864cc4970e954d4a7ef6890623fc2b234e02175e","nonce":"d654f65e557737ea2a0b544d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"2675ddf858bc2adc0f6ba275d6e76179acb071badae9595ac9ede6351733f68d3d284bc7c2642479318f701cb4","nonce":"d654f65e557737ea2a0b544c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"55fd672c5b5a904837aa677677813803af77d4eb723545be1585ac49e107134921a216dd127c5b1b179dbcfb67","nonce":"d654f65e557737ea2a0b544f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"bc9a83cee0aa489fee987860bedb7d1fa0e8ef1e9abe4fa21cb00d8e93109cd9c4ef2df8a97c2d8211a4065956","nonce":"d654f65e557737ea2a0b544e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"5af69f3898f1b53015c100d5b7657d45659180dcff0ab5e3ab87f7897d3557da319dc636d9c57258b6a7eeed81","nonce":"d654f65e557737ea2a0b5441","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"4b10453af8f64d22017652154069eb2068e40425063a78d064ffa3508a5253ff9c9ffd95c883c9e1bb9f78c8be","nonce":"d654f65e557737ea2a0b5440","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"1d31d7b8edb31474607156fb346adbfeb41eebf6056b93b52cf157528a7b046f1b4c58104d2bf8c36eb50c6323","nonce":"d654f65e557737ea2a0b5443","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"fbb99ba8dfc9fed5c4846fe1bec1422f3d4115d12106f6fbbf61494405f10e925a71dd47715528f05f1ef7b4c2","nonce":"d654f65e557737ea2a0b5442","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"475b5c930a024fd04bc7f0f89a8dcb9196ae3f35609dc26a03f2a4a3e7d054ec7e2cb2780e47a0e7aff537c2c6","nonce":"d654f65e557737ea2a0b5445","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"6f9831388d0f75c0fe4b366bcf7c7fc9b356034ef0c0bf1116181278c8fb9a7fb6139dc21065026571d04a98c9","nonce":"d654f65e557737ea2a0b5444","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"1232dc5e6bc91002ef50d0294b643f56f84f29f5b4b892e65e194b32fc51546f7a450d971df413cb7b79f90473","nonce":"d654f65e557737ea2a0b5447","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"e3ea865b2bc5d83dcb3e5955d98b32bf9a5eb5dbccc15eb1fe9fd01129d42a8bc71490101d533f59fbf036c905","nonce":"d654f65e557737ea2a0b5446","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"49da43a45cc02c10c2c45f2298bc3de4fe9e41efe35de7e976dcc9d57f1da2296388128e3a7ef56a095c993fc2","nonce":"d654f65e557737ea2a0b5459","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"eba64d049005e7e6c762585edaafd3a535e7d1fc11fc270eff307d994ed720836553baa9da1dc86e95658aaea0","nonce":"d654f65e557737ea2a0b5458","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"4009765d7d8521749f797a3e74393b219476476f6923e5fb887f76efa3e0ff6ee9c711d4bf4a131a08d91f36bb","nonce":"d654f65e557737ea2a0b545b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"24eab4157caffcb649b9ae1a6bd9bf8389612a4595dcfac955cc71b89e3e4b955434a170cb4294fa8a64a5f1be","nonce":"d654f65e557737ea2a0b545a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"d5c934b0bc05a6a0c9215e0fe76135419df530dd6daf3b7fc3a9111853afe0fabe82852bac65c80db852577b0f","nonce":"d654f65e557737ea2a0b545d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"b5f9f75e6110cc5cccf7b831b12f3609ea3a5d56a680c118a3e34935b80495c376adb8b81d1f4ec6babd2395d1","nonce":"d654f65e557737ea2a0b545c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"73de273d13bf689d539a59623739005419ae491411f435fd5d5f1015517af902e862fa9ca92dafc79432fc77ae","nonce":"d654f65e557737ea2a0b545f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"cdcc9c9cf714683bd9f45814dd18b6fb21d24694ce567fe1c85afdcb7f3a95c4da041938a4507a4649ca8a3f85","nonce":"d654f65e557737ea2a0b545e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"296fbd0553d811431536fb2d5d951699483154e084497116428555f90c5609263769b98cbf8564d9d940ef73a2","nonce":"d654f65e557737ea2a0b5451","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"076023601c7f8478ba140d05025e61bf0805fe8501dc32f5e3be977cc969ca5ff5288c88e9718758e268856c1c","nonce":"d654f65e557737ea2a0b5450","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"4f672ffc269ad6245ecf33f39404c2986429839ba86401259627e916879da4ab688ae99fd3d69d942cf8fa865c","nonce":"d654f65e557737ea2a0b5453","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"197d2ebccf92bc9dfc83c8050ac3157f96b66c521571af17b1d408f4c5f10538ef5cfc5799e194ae7e6bffbf22","nonce":"d654f65e557737ea2a0b5452","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"e09f41b445200ed9ee90800625cc4a186aaef2ab69da9e2eeccdbf3c90988b10ae324f751623098925e6277554","nonce":"d654f65e557737ea2a0b5455","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"530c2f299bf384c2b9204d8eb76bfbeb0132bd8c6a47528c7d64e512266f44f8d29eaac86cb795cf7978e857b0","nonce":"d654f65e557737ea2a0b5454","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"11a1b1cd24d3fb09ef68eeb776eb8edf21104d6541fac84c440e414ed95705dd5a0732253dd53eeac35c507ca1","nonce":"d654f65e557737ea2a0b5457","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"de2a99e1894217204c2c9b5ac2a09f9fce45888c5dade823b4a002bf85f25f745ff0e15c3fd55f1f36fed9332f","nonce":"d654f65e557737ea2a0b5456","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"f7a931a13bd4fd4923023ab75f6f236b26e2008eff7b61f5d813ebaa648ea5b4a457318e56b4f03ce144a21196","nonce":"d654f65e557737ea2a0b5469","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"df1bded3f50014d98f27b2b1498c72667906b8a9e104c5b4d53eaf37bc40d0628a09c85e9b3b04660af8146977","nonce":"d654f65e557737ea2a0b5468","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"b36bb1fb1237bb54ae796a21b437edf6bbc325dec154868980afdc7277036e28e4e28a2e2de13ad9fd8c124172","nonce":"d654f65e557737ea2a0b546b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"913efee319ee9b38eb6641acd46a68ff76f9b041927be56dc1c98a2bbb0f499bcefa710fb681c7794b6920c0bd","nonce":"d654f65e557737ea2a0b546a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"65d09076972bf863b3e21a38516adaaa0a45c5e4ad3e4d209144e5f348e9c861e658d4270628cad3be2244eb0b","nonce":"d654f65e557737ea2a0b546d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"71619e3cd7b19bd4e39306b19b95662e708f02b9bf0ad8cbd12dc9dae862cea20c010f48fc453eda8eec50b234","nonce":"d654f65e557737ea2a0b546c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"d600e29a60fa95c2686e29e26df671dbe2585256e7ba69d7ff2766875ff24981b91c0ca20b7dba579d20c72e4c","nonce":"d654f65e557737ea2a0b546f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"1e8d37a1bb327a779c3693006241c807e1df49ead6ed817a37dace1270265e8e435879c374eae9207c77d27375","nonce":"d654f65e557737ea2a0b546e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"a81a03fe5f15a1e657b52d8e8af66f57307dc32282df934e6097cbb68527b3f1e06feb9b5db9f6eba20a33f50c","nonce":"d654f65e557737ea2a0b5461","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"7379096a545b10d46de3be898f81c81e623086e4df4c44ee589f3261e58f26f6230182aed9c2996ee98e85f384","nonce":"d654f65e557737ea2a0b5460","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"41053917ac7859dd3d99493b3b7ec716e56b364fbd140a6494a81defbabc7fb2b585ac18e93edd5ec934ef60c0","nonce":"d654f65e557737ea2a0b5463","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"74995d9f4246c0b8d0c2082024bc6bb6323bd7b7ebe32a067c325bcc7208ef98ee2de093cdc86d805ca40a3dfc","nonce":"d654f65e557737ea2a0b5462","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"e7ada6815bc8960c515f45f5e5cfcae42882b31c051daf30ff9d5341bb7a0f0239372b61a88076d836f3ee991a","nonce":"d654f65e557737ea2a0b5465","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"dac9cf5f280541f2846df38083716a66fccee9b969838b8998c4dc7d010aa7a533dbb5271c2c46b166b1858848","nonce":"d654f65e557737ea2a0b5464","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"8351f87522d0046d6c588de13de109a1aa176df3710baa2af0f9df941f52e27bc8fff88fa6be168fd51409c6f5","nonce":"d654f65e557737ea2a0b5467","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"16b5cb8721b628251b1ebc3a0fa71f83f854f30f8973fb4210de213b5a6af5f9939daf532d33cb632790b59bd0","nonce":"d654f65e557737ea2a0b5466","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"56dce0d2d8c9ff161bfd235d268362a990b94913d9953fc1c0e79a4a050fd30baed02c656abded424a63bb0712","nonce":"d654f65e557737ea2a0b5479","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"3befe2b33fe8a86494ddbc1120b65132d84acfd8bd1a92a4b51f1100794f1e044b8c8da7b072e1bb9cbe2ba77d","nonce":"d654f65e557737ea2a0b5478","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"e6a7b3e0d00e046b4985f37b70e2e3e1d2926490cca54860cbc23cfbf75a2ca0c73c7a5bf408bbdae9bc2f69bd","nonce":"d654f65e557737ea2a0b547b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"1c372aecf3eb5e9348819bc487f3f1ae999fb8ce43a01a45b2f6c2413244bc41c805860c37a19f81b4baf1b83c","nonce":"d654f65e557737ea2a0b547a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"e5b1f95f3d1cf76cd54df89dd230487241529c57606690a949281787ab80d21d24c35745bf07a4a9d396a381db","nonce":"d654f65e557737ea2a0b547d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"8b79600e5c56e22f3b6d2f38dfcf9717379fc1419613e9b9a7e7b040054baf95da3cd3a3138c9524386adf65bb","nonce":"d654f65e557737ea2a0b547c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"aaeb6a109d26ef0471a1b1e3a042713830bc2e6e774525c0f25f64859e71433d03676c819ab9758499ae18608d","nonce":"d654f65e557737ea2a0b547f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"a39681a998f7311123c86997a6f509be70c7a966f27601ff64be102e1ae08233a229f8336c67f48f3364c25bd9","nonce":"d654f65e557737ea2a0b547e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"4e421bae2e8539e53ccf03df344d138739836f93aed94d8e760bb6b1542a1434d79c3d8ac7a915391ce75f3b31","nonce":"d654f65e557737ea2a0b5471","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"683f1efa7ff61d9561e335018b7f628a1a08608507dd9ea9d2b00e990e50cd7f261d73f487b0ed349b7cf7fa40","nonce":"d654f65e557737ea2a0b5470","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"1867f05642c2b9ef0277cd1088bb8f12c61b544ed28e876dcc926005adfb49015e0d64210f15e7ab3eca8f4f7b","nonce":"d654f65e557737ea2a0b5473","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"6f9ea0858d432be613fe50dd3bf3d5c840ac19e08dfc0cb8cda3c67142da49fd90d571064107c58c0bea090e5f","nonce":"d654f65e557737ea2a0b5472","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"cb515f04b0d452823ddda542d6145c60a1911cd2de95b89cf6143a7769d6cc3e65f7c392525687c85ec49dd3ae","nonce":"d654f65e557737ea2a0b5475","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"96f7a31908a874f090951659261cb8602ea9f14055213ecbe469c3a1947ce19c3ecec28a9f41e2c609680b2b1f","nonce":"d654f65e557737ea2a0b5474","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"c0e28bb1332fc9ea2311fc2f9bcbbd04d5c33e6730cc5e01fb172789300dd84d717f0c912edc1deddd8f013ff2","nonce":"d654f65e557737ea2a0b5477","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"93c55dd1896ae569b5b411365a943366e4110c8160f94443a9f322e4ceb5f42dc06a37e1a8777da79c48f9525a","nonce":"d654f65e557737ea2a0b5476","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"ded681b1585b7fab0daff1bb000eacbb470dc304b2387bacdc7e230e54ccf86dd0fa9c5efe63f0c4ab7be889a6","nonce":"d654f65e557737ea2a0b5589","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"e0c5b2c8c3af6ea743bf51b48f75d965f5eb71fce668c550863b14b75f61840c"},{"exporter_context":"00","L":32,"exported_value":"782f53407c273fdd8ffe55fe9540b5c209dcf74beeffb38a807948b354fca3b3"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"af616a8dc3fa47900b8e68f878fba983134b4b608bcad9c0f743d2aa7c1a781b"}]},{"mode":1,"kem_id":32,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"e8124b9055d132d400a0a246f06617b06204e83ad35e8bd90b6ecbf06b4f42f0","ikmE":"3dcd4d71f3eab99ce6af93faaca0e3f837c952ba2be7ce40dbb5fbf16459e4f4","skRm":"7ef44e93d5b9df2b8c7f7e3bec24a1581b98624a6c0d4f5df9fdb383fbca1750","skEm":"245b6a48b7cf15a0d89b40b932804edb018b3a6de68e4f3f7c33f64ba3d8d2e6","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"7891026ecbfe6339d804da654cdd6797e9bedf85f3abc56ae46a693eeef55743","pkEm":"67867a1c41afa75cbce4f726304adda5062c2793c2e6b307dd0191a204a4db5b","enc":"67867a1c41afa75cbce4f726304adda5062c2793c2e6b307dd0191a204a4db5b","shared_secret":"360d4f9490b0822e944c012ce6dac05f3331a1ae2695a2e64d6f42e3ef63abb9","key_schedule_context":"014c00167e070c0803ca14469cf4fa24410a5c52e941fe6042d618ec513da1d7689535366ec6bd0534307b1d59b0a605325c437890fe56676a1c507b6cf5e46e9e238f3e66e519a887ea3a0d096475a5defe5bfd1d22ec386b880d050dbfb6995fe8f7d1d0c661c4e10698687f757b1e981cbf025920074204ff660b9f490d7594","secret":"e789d973776ad5d160ca107460c8abd6d9e3486132c4a4e2bf4277b8343c7416af78c6b6ff82f498fa07a74b8fd48dcd15865722d52dfc2016a5f66b2ed0e944","key":"0976c6d00ce1f600195b827db4d60232bda81c1f577d1de13e19ad00ebbc38ba","base_nonce":"fa603a394e9e6bd93d21cd52","exporter_secret":"348e036205f78026df40a27b87f7e474015a20e5a8e9a828cd396f18aa3fa0e38a943bda9604865ce99481c93c481068f746ab7e87fd9842f2c12b07fc96f29f","encryptions":[{"aad":"436f756e742d30","ct":"018c929f81250301f7839048f814448a679e94f0e19b944737b54ced9e623e535e5ebc439e6eb49ca00b04883e","nonce":"fa603a394e9e6bd93d21cd52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"e96fe1bd46cf4943536e731887e6e3557ff87e128e9244bb7eedd25f3e9a78a5c943a805052cd60e8d8f5f61d9","nonce":"fa603a394e9e6bd93d21cd53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"118dd4f3b68c423f7afee507fb5340ee88d1b5ba0b3d70fbdaae79000d0135be321b45523735235126cb041ea9","nonce":"fa603a394e9e6bd93d21cd50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"a310c9500ae0cf5b2e494aa8c28e6abda040f91d661fbda4907027531672d1f44ba065b3dc051d57fdc70be35f","nonce":"fa603a394e9e6bd93d21cd51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"303300501cdcfd043c6d5c107edf8c512ee77d4fbdb49a84f2617d6c97d2569b1b5b355588b70780b15e0cb39d","nonce":"fa603a394e9e6bd93d21cd56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"983a8d871610b376a062bb1651e2da3a730ddc7e7df8a11011620ba0551a5efb0affe7bdf9823f39731fb231e2","nonce":"fa603a394e9e6bd93d21cd57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"4bcaae9d902cf104d173f9db305900cb286cd1203df4cc6c7cb2c9ebab6a758ede71b9044a80371c7c35a3320f","nonce":"fa603a394e9e6bd93d21cd54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"934248aea6a7d2198712a5eeb2ab0162a8ee76165d673e561d64797f25b6e2c78909d3d6c158c9da4b62e3c3ab","nonce":"fa603a394e9e6bd93d21cd55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"ba4aedf130390ad641a33fef51ab409b0ec9937e9dbde463762801713a4a9065110080c091f0d4adf28033bac1","nonce":"fa603a394e9e6bd93d21cd5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"af26aa6c893e38959de239f550c8db6f0c0dd04f5e65cfc0c32ed570d12583cbce09ca986ffd4140f43ff288f4","nonce":"fa603a394e9e6bd93d21cd5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"7da79db809b39cbfbca9d1a54734ceeb3bd169071032a2d7620383a568166b44883a3f07e5aa8511bfc5002e4a","nonce":"fa603a394e9e6bd93d21cd58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"f90f13176178cf3de641c1bd29b088ecf45aa48d6099f89ed45b3f1644790cb89fcb1842c76377ac23be749b10","nonce":"fa603a394e9e6bd93d21cd59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"1ece3ac7f1f3541bbb7993e6f8b7d012230971188c676e24031f24ea224e1e1a1cb109880915091cca4383216f","nonce":"fa603a394e9e6bd93d21cd5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"3470774dd93cca7195bcce2bb1e570ddb64baad73557b24e371a44e1f0b63e57130f9ee0015864cb1045da8054","nonce":"fa603a394e9e6bd93d21cd5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"4b6e8b113d3576ff33b2894161a9103ec47dc8f7ef7bca253a40e79aa2f060e8a38605da0266884378cfe223ea","nonce":"fa603a394e9e6bd93d21cd5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"f5dbb79120041ed28c6711670206da8a5df87f5eafec5b4e3d295f58b3f328800d3ef7d9822aff56a600047cbc","nonce":"fa603a394e9e6bd93d21cd5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"369375ea060192fe1c8638a66af45aa78cf0ab5670be5f123bb09909c243e18d15e280b216f3c3c31d11e399ed","nonce":"fa603a394e9e6bd93d21cd42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"b67e88b750b909f81514afb3347d48036d713ff74effddb59f6be3530ef74b62489985c4f1ac7aedb275a63846","nonce":"fa603a394e9e6bd93d21cd43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"dd0f6ada3c1286a14bb6efaa8200d67360217e31ee47fef34df6174fbd064dece9f3433cf0a957ea328a26634a","nonce":"fa603a394e9e6bd93d21cd40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"cb503064ef181b6878ad2082870576da70d22a0578a0ceb8ceb7c86c9c7a4a029648a389814a9b4480a8a323fa","nonce":"fa603a394e9e6bd93d21cd41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"fae371d7f4375dcf89d48c34d9f3d4c1970f2774aa895c52568808ed7659ff254a561e5d0b61cd1ae77df5d905","nonce":"fa603a394e9e6bd93d21cd46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"477247a0a601a3df2762c82de08335581c442b60b38110b41674a2128fa03387b1dc4defe0f84d90f6a0fd5f7d","nonce":"fa603a394e9e6bd93d21cd47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"c601f8ca3dc9b89ebe0d6269cf4e3757ea1f63b5cc596dd9259b85e5095fbd4ae7fb10c63294e7143f5e75bcda","nonce":"fa603a394e9e6bd93d21cd44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"d89b4ee783a3786bea9e9c3027fcdc558147f0a423e7db7e4a2c29c1c0dd0cddac600937153ece22141f118a20","nonce":"fa603a394e9e6bd93d21cd45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"d2b73e5730cce033eaab5317c4f8a7a3513b18252994a344e8d2953fe04aeb6941b2efda4b1151eb97c643c9e9","nonce":"fa603a394e9e6bd93d21cd4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"5394711b0c76f08d61ee200f80f4994c59834193cce8b9854a6fed380dc78466135495bb58bab70349b2c95869","nonce":"fa603a394e9e6bd93d21cd4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"f1904d6765185af7385b62c5f23fbaa490adfa901bf98eed49a3f3f85ce9bad74138c49b03a777b711062f4eaf","nonce":"fa603a394e9e6bd93d21cd48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"24466944a27fd33edad5ea2557b3751d7c6eda3879bb1b3d4b5095318c99279959fda4ff9ee28a4ac6bc328ba4","nonce":"fa603a394e9e6bd93d21cd49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"842d84123038aed4f2a79925f1d072ffa3ae285374215c53c7eef51cc49dde914d117e3b5e09c2aeea0f3c7a13","nonce":"fa603a394e9e6bd93d21cd4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"4a6eaefbe3c16270ccafbba6561f7eda3251293f6adab141d564e7d0cd2aeb49aefa37e6ee5fa18d2a763de5a9","nonce":"fa603a394e9e6bd93d21cd4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"fe57bfb746ededd6a7b15c9bb4fe0a6a1668b52ca298ff5b3020198d178cb892f37cdc516c5a7287f1fb288b09","nonce":"fa603a394e9e6bd93d21cd4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"0ea4874a02efa23afb9b7f5f9d3c203f020e35e8b738a9d345235c3eb36be977f292340fff6a40af66af19307a","nonce":"fa603a394e9e6bd93d21cd4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"004947cb902a988ba4fa13e6bc0273efdff18eead773f03b6219b2a9a6df6b21424b14538d38e51d314b221af7","nonce":"fa603a394e9e6bd93d21cd72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"299f3e3ac6200ee34d648967d5bc23208d7919eb19327f847f02c370687b3e02b9d881d152a667d5d79c33f5a7","nonce":"fa603a394e9e6bd93d21cd73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"5f9d0ff4412dc11920c08bc24dd687232505b07e1999b461e912fd2fb0c48ff5a2f110079e46d08709faa7d455","nonce":"fa603a394e9e6bd93d21cd70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"3f69d22e658875b049b5186291cb01521edcd8c888729240f2260dcc975e5562d9170dd59037c2d9243aab9be4","nonce":"fa603a394e9e6bd93d21cd71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"eb6067878c844dbff8c7cc657a076d5ec41bc7e9f09c07789dbc6414b0708a26e670fcaebc489d06bd20b31515","nonce":"fa603a394e9e6bd93d21cd76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"66f1f814bd3f7086da24500f6c429281199383b1a5d47ba29a7855bd1aef544dd9ca3d539e2a3f290ae1f1ad15","nonce":"fa603a394e9e6bd93d21cd77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"149a5aa39affeedd6a90361f17e665284f70f229047442252beadee67dac30543f052e4cd09801e1b5d82199f3","nonce":"fa603a394e9e6bd93d21cd74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"724b9c8c9fe20d5ba8a444256097fc9730809dc10b99492c79bc36d6723683a96b79f8a96d5a38b94b3e3f98fd","nonce":"fa603a394e9e6bd93d21cd75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"724fbe351c705af2f7b29690af510f5401a69aac2331adba289213e6e4f210bdb13678eeb75b60fd3025b8b43a","nonce":"fa603a394e9e6bd93d21cd7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"e1e721a25f8579dd24b06a03820ad0af2f57c406a0162b8d7ba18e4a18cbbfc6f74a6c8ddaeabd104bd1f3150c","nonce":"fa603a394e9e6bd93d21cd7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"1a13db946f14f8cb2e60e8bf1a5364374d8863d4f57af959d3c112b808b3597f40f253f7543a234ae2441fd69a","nonce":"fa603a394e9e6bd93d21cd78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"a75d75df4b03c5286be8da1a3c8dd7ed8d99d92a325f281d7bd4ba22e064caa1fce6c3061cc12a840137d8385a","nonce":"fa603a394e9e6bd93d21cd79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"ce24783f30b59396cfabd4d5d165fa37b51a0d3f7a097902da43da1670daf56f870133b286873716157d7951c9","nonce":"fa603a394e9e6bd93d21cd7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"13e178a9dd5cdf6b7593d118538a747d6928c0cf3799ff71d3c76e058dbdf1b440a7d4f212f3ecd2cf7d4f99cc","nonce":"fa603a394e9e6bd93d21cd7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"f368a7ed201cb770b7b995df77d134c22cfc66480078c1f236d6844299e68f684dcb579bbdc50895d34a168adc","nonce":"fa603a394e9e6bd93d21cd7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"2240d79ae376c148cd644a2a12fc4f35e804d5d73e41bf1294398206cfd5465dcc1a149acda6f0cab6d48cd88b","nonce":"fa603a394e9e6bd93d21cd7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"ce4e55a657f01f298cec4982038e670fde582d844d2220536f432906188043010dba0fe95481b4420a012fd0a0","nonce":"fa603a394e9e6bd93d21cd62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"fdd3aeed8a2163582d2c8fa1e0936042aec0c45762d3c5fcdc7ec6ff4d645061cfbd1d689d9155badc996a344f","nonce":"fa603a394e9e6bd93d21cd63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"7a42cb69aa3b15b720719c60839ca3cdeb5ac8216bc704b53c05c03cbb884c4f3110dc7044ab12d82e119e68b1","nonce":"fa603a394e9e6bd93d21cd60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"72eb5cfb2bd7f882a616f602b98496e43b61fba18e91784d268f03645168ef30a6c3e8468a8c6d70cb3d4dfa82","nonce":"fa603a394e9e6bd93d21cd61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"783c0a3025eed1543270306522c5a5d34a2824f43ca2b56cb08d1f62a6487786a83cfebb786eb8c8c0d917d3eb","nonce":"fa603a394e9e6bd93d21cd66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"7f7930ad7db3ee0578849f2e63654634ca4d68976b0ead52dcfce9b65bd47540ea59d5390d994ebade53b0c8c7","nonce":"fa603a394e9e6bd93d21cd67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"29bc617f0d105ac9f8144c6b7ec7c5e1b037c06354fa5aacc484aabd608ac7c117075679e09cd931e42979c577","nonce":"fa603a394e9e6bd93d21cd64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"7a446f160492358ad21b142c6769f5d5bc96b64d2f7c4dcddb78eceeb6910dcec534ef6bc908d5c87e6fd11847","nonce":"fa603a394e9e6bd93d21cd65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"72642998586a927db4f3d4b64ea04f8411ef0d166d2ea8fa3007f2418434200d0c1db45cca1bdaa5f651ab3e2f","nonce":"fa603a394e9e6bd93d21cd6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"0b449fd726c8f8c63a01474c9d399485771dd04c5e628ce5b10905958435b0207a9ba5d600eedc99e6a1972e07","nonce":"fa603a394e9e6bd93d21cd6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"a320296c5eb0b646c56d799686ccc81c5598fd0c2aeb53c0128b7f9333bbaf2fb05fe4407273e5af733c0df2da","nonce":"fa603a394e9e6bd93d21cd68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"5487a36dd502654ee88fd77237aefc2698ff176da8f1298a2f9061024e5cbecd6a7cd0ed602738566456fbe092","nonce":"fa603a394e9e6bd93d21cd69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"d6120f886362e9e5e22410dc8b67224c8e012db7fe17a92000aa1272b8911c7b2b30b86707b5ba037c12c14564","nonce":"fa603a394e9e6bd93d21cd6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"c7b7d286acb3656fcf91bc1b86d799f9aafcc4a891f2525c076f0916a8615437b3882d383e2d90449571b8e439","nonce":"fa603a394e9e6bd93d21cd6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"c59f95f8c3ee9c0035d22e800c38086d5fa4c31038b067e24481afb169962eeed55334d9c435048f98e949658b","nonce":"fa603a394e9e6bd93d21cd6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"27229620bbe1c70d5190f9a6a7a97199eb95143d8ded4463d17151e36d3f64b972b85e3400bbfe5e04bbe1ae63","nonce":"fa603a394e9e6bd93d21cd6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"05dc8a9ff4abf8d92b899128174df17ad5c674ede7c4df495a629e17bfb4e844484bb352d6e4ff80372b4f0df2","nonce":"fa603a394e9e6bd93d21cd12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"6b60d4426c0ed7b26934e2d8624c3546ab518e0459dae7ffdfde5ff89f4fd1a21d6186b7d218610505b95cd0ec","nonce":"fa603a394e9e6bd93d21cd13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"73b658d33e7b2c5e027b8d36aab8ed958be25f56ec67b53f5710c3be93b39d3e221ad6b9617473979c978376c9","nonce":"fa603a394e9e6bd93d21cd10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"05115814c84f0ca1a924c832c27115873035046d499377ae55683787c9e3534933b247c549cf318c076f377f3b","nonce":"fa603a394e9e6bd93d21cd11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"861f32ae096cda7b03624519fc066fce74dd251229e530c340eb233fd88f9e4f3664ffc6ef293e3ea6a600ce94","nonce":"fa603a394e9e6bd93d21cd16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"68372d2b43657f2352845be78cebc377307003084639c2268707b0449b6ed1ac98418fa7f7a08858e0e3d27420","nonce":"fa603a394e9e6bd93d21cd17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"014c059cc5be2a2772aa282fa9944550ca92be44d1e25e5c0f0a2b86c0cb6c4dba0a5c404e8fc9f9a2800943a2","nonce":"fa603a394e9e6bd93d21cd14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"e0d7e2624c198ff45dde968aba46d78de79199c180e7e129f90dce49b4618bb1e9d9601db49e0c751c9c65cc4a","nonce":"fa603a394e9e6bd93d21cd15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"95f2acb3ad8a0aa863e9edc12083fd39e1a2ba8ff63bb1afeb22845b16d76a3203b08d4c60994ef1c3aceabbd5","nonce":"fa603a394e9e6bd93d21cd1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"b4c61725a44e15b566e32c708f33086e31f0768e5cf91822750e055f40b6e31522c73d629ef3ca74ea5c062a23","nonce":"fa603a394e9e6bd93d21cd1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"3b271a67ea85c1c967853465efb7e7fcfa6bf0a97e73b7bd84fffa100b1058974230762e569934a5f3998a975e","nonce":"fa603a394e9e6bd93d21cd18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"d63d04d8ac0ee507fc3b2892ecef4a3353f01ead0615fd57643b503c4e797d46c343c427715c8c38695c214f6b","nonce":"fa603a394e9e6bd93d21cd19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"9bbdad163a2131989d3e4400c92932b2b6ef1455bdedfcb8c58b91dd18cca36bb1e1ec516cb3e2e7b06effba2d","nonce":"fa603a394e9e6bd93d21cd1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"7043ccb450132f8910489cf3b2cf5af3acc24746f438d6f0b415046f5247676c249f30550d4090855a43245a32","nonce":"fa603a394e9e6bd93d21cd1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"33ee40514043151d8d3cc359f2c96ef6ed491b51523572f9c3a67412b258b9d97a0a727e0a7ebaf9555f9b2649","nonce":"fa603a394e9e6bd93d21cd1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"3094f13493d1fe9eab061fbae706fb1d686cfbef04c8ba0a7ceb0940e789ef3fa04ff6a98c42dc9a11fe2b9527","nonce":"fa603a394e9e6bd93d21cd1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"cd9af88d1cddb63f125e1047d6066c9678c102704667d729d6d2b581398d43143e077da8a6b18a03cbb8df2382","nonce":"fa603a394e9e6bd93d21cd02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"5cfb6ea92359848eabf99fd71baeb63d936ee1c45dd75685a82e537b262cc2eb6f180c81889832f7582a21b862","nonce":"fa603a394e9e6bd93d21cd03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"cadc17b63cbb08997a6bc31f855f3ca95d55324b51bb6a35c6cf22f0781b43f58f1f8ea52e27269a83d5100cad","nonce":"fa603a394e9e6bd93d21cd00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"5e63cf351f61d64281a65b5c21944ecdf01bb4edba383c0ab9328420f459f2a6b5913ac8cc168655ceb864a5bd","nonce":"fa603a394e9e6bd93d21cd01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"facfda2aeeab4dcdcda01b6ccac948d753a8ad252dd266adc2eae2ceaf640d8dec3ebd4e155fe1de0fc07454cb","nonce":"fa603a394e9e6bd93d21cd06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"ff5ce2057c0a61d994ac7c547dfe3366b96eec9f332011ba9565a3cf49ecf177fa4642586a1addff1eadb4fb6c","nonce":"fa603a394e9e6bd93d21cd07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"d9683bf5dd02a94f88b92ef90602ab57cd112585b96f61f494cb4f2242abd7158c527d0798f3702adfa73bfd8a","nonce":"fa603a394e9e6bd93d21cd04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"884bd7bdf3894f1b2c8c38bd46c38a660cf79ce881c48853316b2914d7876ca4c6cfe91d9ffe79eac859e00adc","nonce":"fa603a394e9e6bd93d21cd05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"d6090ddab049d5a2af8c6db4832fe1d30357c0e77f05ba4cd8a33d853a55ebee482a5120c842c4c136b8a8273d","nonce":"fa603a394e9e6bd93d21cd0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"0395f923c59a2aaae34488f094569ba67c5869f1a6c13dff50677e8e191cf02539a531ad6f5037fab7b5494d0b","nonce":"fa603a394e9e6bd93d21cd0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"fb7d9fa18d637d7cce6860981d9fa0d04f569a9df12db557a5f095edf89758c0add85e315c3dbf50146148a9f5","nonce":"fa603a394e9e6bd93d21cd08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"5c0f5eb9d4584e4e472ceb5a145b6b351ebbdced6feca87edd79bdf6d308012856e94f0f8af531a3a67bf02b1b","nonce":"fa603a394e9e6bd93d21cd09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"5b98d5b4d6e369b31998f32f77c546ac4cc68ec61d25aa46e314dd07d203175cb53057510af3be570b1fe08928","nonce":"fa603a394e9e6bd93d21cd0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"44c332a7ef079df7332e9ea139e520c6eea4871c091b468b40d971fac4fc5bc01631f0fc650e7c663784385edc","nonce":"fa603a394e9e6bd93d21cd0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"2f4a5d342f4bbc71d050707d40ecfff741602927277c82681c0cb0a50e9f03187a892c9d0661596847864947f3","nonce":"fa603a394e9e6bd93d21cd0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"b8527a959f32b697a00795e61ee0093afe9e9f3a7708013e185d2c754e301509298e3a460b85b019daaced2cfc","nonce":"fa603a394e9e6bd93d21cd0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"414a2423c4495f907be1f7d7117baf4636afd8deac4532b72430a4e8db27d7070fdd0bddeece4f03a6db9d9fca","nonce":"fa603a394e9e6bd93d21cd32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"d1cf8e087d8e99c5e300e76095c1d51f5c57e70bec04b0d359468ba631035c4f53e5c72107249cc41e9c26bba7","nonce":"fa603a394e9e6bd93d21cd33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"23ceeb6dea9715ca17c85f805d1bf26157d8da10f23cd551855394ab08178eac570cb685392d21906055a7221c","nonce":"fa603a394e9e6bd93d21cd30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"4e856869e9dcde920984f8dcac4abf1e064b095337b80072d5d15440ae9570081c04ddeb5cd8c9b04b51aacf5f","nonce":"fa603a394e9e6bd93d21cd31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"31e12a89e6b571125678130d67e5ace8e434049948a52605dbfbbfd25cd29b3a61cb0f312496f0a0fc822b6699","nonce":"fa603a394e9e6bd93d21cd36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"eaed10c9623925e2f68ccdd4983fd5f6c1fbc3ff31b3a9a032f98250f013502b6995a12bbf7fa69f9fc3e07cc1","nonce":"fa603a394e9e6bd93d21cd37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"851a9391a2968c528922daf7618e2e7d3da6232bd51e6f0aade04ab23cec3126387a7b0d89d73ea3f88152ac1f","nonce":"fa603a394e9e6bd93d21cd34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"a82d0e6e61cf577bca25bcb84c4314faa084ac95e6126b37fad0129ddc9c00493897abdb4bf675d25e8bd835c2","nonce":"fa603a394e9e6bd93d21cd35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"f045ffa68e4ec06eabb480a24e5ef37488fafd99618db19e90e0ce1f04e6c4ffd62d238efaaf44dc747795018b","nonce":"fa603a394e9e6bd93d21cd3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"e6b1cbaccbe6e166541bc416f0089ece7922a7e3b5c3f414f49a710b335bf479aafa9aa90bd0e2c78e18cdce6b","nonce":"fa603a394e9e6bd93d21cd3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"a8b4e24515be54b3c88b9589fecf77b1aad1c38246fd828f5f281bdcdd2441ef178e366009d98a52a9e510b0dc","nonce":"fa603a394e9e6bd93d21cd38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"4050bd6a59e94fef74e6937025c64e26da0af6e4b4da97fbfe380cc5dc6fb047fe9cbaae64d773e2dff95fe4e0","nonce":"fa603a394e9e6bd93d21cd39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"ec31e15e7c7a5141346ae562cfeb4720f4f270ea9def90b9e88b6ece7b70acd8e01d4fc708ec0e658db46f13f7","nonce":"fa603a394e9e6bd93d21cd3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"155055a3063fc02820f3cbc5ec95987f7639b7eb06e85af968ce5c110b05638b5f7d922bdc8dfb9933c5d24fd6","nonce":"fa603a394e9e6bd93d21cd3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"9f89052fde51c333d6fafac333176d305f1a24fde51dd1cd85944cccce2c74e44711c2cf6456b604fd11ce2da0","nonce":"fa603a394e9e6bd93d21cd3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"516f8fc78a681c4d7a431da8c7dfd343cb9abdce81c95d2524f1f39c05c712aa74e045de89296016dc708b28fc","nonce":"fa603a394e9e6bd93d21cd3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"bc04a792b342dc15b22fee5ff13cd5160c95aaf66f2bd74c690fa3ae013e8ca5a89897f363a3c25805087c546a","nonce":"fa603a394e9e6bd93d21cd22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"4be3c624609735cbb95e8a3749139355a5388cc8bce956fed3c70993079b21542cffbe3c82964bc75abd043ed0","nonce":"fa603a394e9e6bd93d21cd23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"af40368b67a1917fec7c0326e771fc0e3d509d93302efe7f848afe3d2d058e07bbcbfbaf98a0e3a7be2bbc1423","nonce":"fa603a394e9e6bd93d21cd20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"2fd01f7de05bf3fbd307567ecb522e3fd78aeaf84ae2d2b48def6fb50ce4b4403aed74535175409395afdc0ffb","nonce":"fa603a394e9e6bd93d21cd21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"151fbadf29f8d06d6690713e55d33de354261db26b9f8000867e7fce446a86125fea12b331d9c00857e11abe44","nonce":"fa603a394e9e6bd93d21cd26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"083adccce14085ec810bf6c2efdca0ce4054a821177e33e5e60c027eb0e6b90cf1717a2fe4cb50f0976699e850","nonce":"fa603a394e9e6bd93d21cd27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"5ee1e20d5a39f656f9c2604bc681e5785a89781c3f3e7b290a273638c5f462765217d9f1e57de88ea746ebdfe4","nonce":"fa603a394e9e6bd93d21cd24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"cbd30790600095459d64e9a6c5a38f2321cdaedaaa6a3d1bf171a84e6082f9e81ad92f89cfaf4bcd70e70a7754","nonce":"fa603a394e9e6bd93d21cd25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"c3de52e5d8ed8d2771b924560c623a5a93a8d711231f60f9da42ef3e287217a19cb0e9a20fbc25c126b4ecb435","nonce":"fa603a394e9e6bd93d21cd2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"71869c6d34f57a4cb05765b1a1a43ce8b2f44c95a87ce303420007b953b6ab816acc867584f8b04901f348ade2","nonce":"fa603a394e9e6bd93d21cd2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"d6cf0a444ef377f54ce4b96f19c42128d93be6d5d08b9959ef802c7b563adfdc9c951fa3993712ec7cc6d5ca49","nonce":"fa603a394e9e6bd93d21cd28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"b405f8c8391d9ce39b2844dd025f0db6520b6f735b615f4bd15ca1fa8862bdf4a746fbe763f17860e3b61725d8","nonce":"fa603a394e9e6bd93d21cd29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"a353234386ed4928a20b364e2a48643683efad0c6e6196210baeb9269523e500ee9569d730cfb8eeb8fdcb1a6d","nonce":"fa603a394e9e6bd93d21cd2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"19dacaffb069b51cba618e1f2274eac3173b81208033dd4258f4b23941706ec1beb93345a393369f4b4141eea3","nonce":"fa603a394e9e6bd93d21cd2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"90e9c038372d2903063dd78517567986f19a4c4bed8edf29c7f4ef60f763dc5ee2a4aee9eaedb26cb5cd1e3ef5","nonce":"fa603a394e9e6bd93d21cd2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"67da2270038f34c559e235c0b45b33b95ec209f680df7b307af4d901843e8cf72009cf478167d2fbf89f93aea2","nonce":"fa603a394e9e6bd93d21cd2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"59f9d49a36fe7ca71149d96a3aa7d0980c06aab489b5c47b8d57e6157d327ea21b67a2df8d2b80de8f731a4c57","nonce":"fa603a394e9e6bd93d21cdd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"e5231d8fe96d1e7103baeac442d381b6b77915c46998082cff6da18fe224ed9706bbaf674abec9f0d37037103c","nonce":"fa603a394e9e6bd93d21cdd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"603723135c0cf6ebf3b35e4a255ce13820a5ec6be12589a65bb14cbc94c9d28ad5a7927d5edb25b47753afb268","nonce":"fa603a394e9e6bd93d21cdd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"efabca0213ef463fdab9d3a706d718c52085388ca16317d03626d6ce14095cec63f44d6f389d5200eed1df8318","nonce":"fa603a394e9e6bd93d21cdd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"c631e99183a17429883b121d65a1c6dbe8ce347446f8540b07a0e6add868dcebcf1628d260f14d705859919f18","nonce":"fa603a394e9e6bd93d21cdd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"4387ecfd1feb5b73358ce519afef503130757e190818df9169c65dd59326f60342025e279b0371cd240acca934","nonce":"fa603a394e9e6bd93d21cdd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"a1ea7df58c808ff7c8b2fcd14ddcb9b3360ae7bf9a65b7fd94d48c34d274a7a86483b9cb5eee132f5276a23b03","nonce":"fa603a394e9e6bd93d21cdd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"9ab97e86329187b757334b79e204f228de39fd39628c35e5f70b86dfb7ed768a7e1d137b70d9177c3578240ed0","nonce":"fa603a394e9e6bd93d21cdd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"bf52354c6a9f95dbfbb50ba5fcc3fa4ba9ea5e05fdfce4f5e2382a31206fad25d308d4d6498078fedb9707bf82","nonce":"fa603a394e9e6bd93d21cdda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"5707252131f91d82c0ce6dd78d8f71366139fb93c8cb98e8c5b2f0fee7033dccd5b339e417a2fd9fbeda46206d","nonce":"fa603a394e9e6bd93d21cddb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"b25769a961c73a6d50726feb6c37e4cf9ef4586847d6ea6f64a3d178a3c47e4948f9cfefeabe49e73fed6ac824","nonce":"fa603a394e9e6bd93d21cdd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"07ec9ee0d162e2eff0afa187e3afb51e4fe7b8e48223ca6b3879b65d8bf93d14d2ce551ef3d1c4bb990b7a43d5","nonce":"fa603a394e9e6bd93d21cdd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"ab3d6dec263cf963d197f3d432d2afa0b1993c7de58cd7cbc9515872361537edbe57cf53935eec7354288e6c53","nonce":"fa603a394e9e6bd93d21cdde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"f77575659d05bf3cc6a498770c55ec4d314c9b83d3effa1700149e9d80bdf655610f68a6230c8ff40f47b44952","nonce":"fa603a394e9e6bd93d21cddf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"4768ca6895c633a6f7664545ed55137931970ba2a803f2e5096c01c0916e80ef1df1c4ea18c47d0acad3bdf4dd","nonce":"fa603a394e9e6bd93d21cddc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"490f290fba6776ba35a793e9898b1a2da380fcf7078be26fd0c41b1f9e13990ff38d0731ae4cc68cd7ba3786d1","nonce":"fa603a394e9e6bd93d21cddd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"0968941a7bc49bb0e065ad2e335343f4df70a74264ce571377f2d748bec398d67f5a3b1e1dc9a88218359236d6","nonce":"fa603a394e9e6bd93d21cdc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"8636060cbe1c5cc64fb48cf63af9ea2352538fa5ac4342560e0d4a4ee52a54dc80ab5b3c997d73f37daae0e5cb","nonce":"fa603a394e9e6bd93d21cdc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"47a5b13985f54deb638fdceb8ab74568ab136a75faee63615514849126092a4d065bad07bd1ea8e29e2b87ad85","nonce":"fa603a394e9e6bd93d21cdc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"0ffd6aa048e5fc7a78e1e3ec0c71a035faa72ef59517e7cfcc51f8512bc25a126641783c41cf0b764b0de81995","nonce":"fa603a394e9e6bd93d21cdc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"cfb7d23fdf706b33d8a18254f9424e5ee058f8bc45de868c58f181365a2b021c3b12e46145445b8c368bc89192","nonce":"fa603a394e9e6bd93d21cdc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"9a6fc8bf7f3b7c83ef41da17e1fac483869605709d48c3458a3a797064dd00a165c387381c7b195ea719a1fdda","nonce":"fa603a394e9e6bd93d21cdc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"8c122fd38ba751954bd3a6e23475dd797ebf9c5392be8825b1defdb3977b3900d872d35ddd7ef288d7649eaa6f","nonce":"fa603a394e9e6bd93d21cdc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"65b6c2de3f0496f259e237f08b2ca53e7fd188e835fc09b8db60fd0028f7e7f755a345718b78c2340bfe5bfb5c","nonce":"fa603a394e9e6bd93d21cdc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"b39c1472a74dafdb0909fe94ba7f334c0952bbfe93e66dba20890101679eccb0d7a8264335efed6184d84cb212","nonce":"fa603a394e9e6bd93d21cdca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"5e30e2c0213386df069c011c4a499b47e168c22f874e799f0599970eb4ac5c8e2bdae9e55d328263681043151a","nonce":"fa603a394e9e6bd93d21cdcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"d1c10978456b1de57f682ef5f14bc4405ff18f3008775b05b58f47e74e936b8dcbba0978dbdb53b389b369d823","nonce":"fa603a394e9e6bd93d21cdc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"2c6aa57472b0b69290eb55b0f4d9547f21cb07d42fadc261b18dbd7831009364d7ec47f38600f54d4b9e62edb6","nonce":"fa603a394e9e6bd93d21cdc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"1d53b2cdcf8b57899fbb828998bd95e33af1523549fbe6b526408ae250ac2460261dee85163b8ceba93c2a5dc6","nonce":"fa603a394e9e6bd93d21cdce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"df973cda97668a2d0b2b53b88c21077c1929e63c7e274cd9062877bc4b396df8062ef78844bb03f7ff599e532a","nonce":"fa603a394e9e6bd93d21cdcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"6230ad61c96a6031c49791f58c8e1f221fe317c4532557ad1332a0606f6b81667386446b9385ec46b5dfa77115","nonce":"fa603a394e9e6bd93d21cdcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"2e932426719ed856a8c2ed91702053404e0cacb06a10da37b9bb66d0f0a5a279b09479ff9e173b660144072f96","nonce":"fa603a394e9e6bd93d21cdcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"af57b77b980e647f84bcfd8a33f961e8c59e296eceb34d0311c07a970efb56e7cc562010d38b93ab0301c347fd","nonce":"fa603a394e9e6bd93d21cdf2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"b4398c626c4ae45ad0ecc39f08c4913dbaa7abe6769039afe4d2a852cc0e42bde1fe191fee1eb2796c7c7bb770","nonce":"fa603a394e9e6bd93d21cdf3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"397bf520566f5085ee636ae9242e37c010f7a0642581a9582100e492077476010adae525b0078fe2e03d91e3d2","nonce":"fa603a394e9e6bd93d21cdf0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"e2185dfd49bcf028afb6f9110d9bff454ae0b2c4aac5536c92f89c1b2541b51fdb8c0648ca602733c45913df57","nonce":"fa603a394e9e6bd93d21cdf1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"643f1cf85f62034b8b87c19a16d61addbbe6531ce526e8e5f003162ca4b7dd9853d0d0950f564e019b13801fc6","nonce":"fa603a394e9e6bd93d21cdf6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"351c80697a2b467201663eb8c68059db547bae6101a7e2bb419f7849b4c918b5deded201b039360c9f16d59701","nonce":"fa603a394e9e6bd93d21cdf7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"b83f8a9ea451899d304767f40231af3bd1398fb518b3f3fd7afab02837c368822796bc5d65536ce497ad72dd1c","nonce":"fa603a394e9e6bd93d21cdf4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"51f95c3689afcb08a23fae89a67122734441e98ab77354896fe107bc16b5ca7df4277ef90240ec5bc74ac3f8a4","nonce":"fa603a394e9e6bd93d21cdf5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"3a0fba4543220b2a201bc3bf1df831a8434d9f7e5a296f5abb95c2026a1d32f9159e63a1a8a0cc47624c7625fb","nonce":"fa603a394e9e6bd93d21cdfa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"c4bf13aab2e23302f7950fbb0b2128da9bf80d2c48ecbfef770f6a06191aed02a43bd9357b0a8046f6680b1aa0","nonce":"fa603a394e9e6bd93d21cdfb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"16a4486d226c7151c9a79115fee9fedf58d7c0afbf31903b4d1f1f029f9c26793a5ae41484eb5924bc8615f90c","nonce":"fa603a394e9e6bd93d21cdf8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"fee7b7f662f577a3fb86c52447db2e72fa5ce20952aab600422dc4725c0549b5b357bc224bb33d9ce4d6dc5a0b","nonce":"fa603a394e9e6bd93d21cdf9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"e9d77d492830defc8892e2d33465d1a2bb680f8cbb7b2254a9b1d6390ca713c48d52871da50bfc2feafe60c9fd","nonce":"fa603a394e9e6bd93d21cdfe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"384708c08d3ee6c10b84e5eeec124ad8ad9ca463f427ea3e6ba1be0b3b5f38576c4047baa8bccf6fe0514991b2","nonce":"fa603a394e9e6bd93d21cdff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"67f15f98d9b08d71745e704d5f97af9b95a76df5bbcd488b062c4ad9c49236db1188b112a64d6d9627b4f8a690","nonce":"fa603a394e9e6bd93d21cdfc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"30e4c19aa999ec54e7fd64fa8d40cbeea774fbe0e3539ee70cdafa5d4f252508f2dae15d3928c44a6ee898a60e","nonce":"fa603a394e9e6bd93d21cdfd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"c25842801615d1835c6b60e38ca0367ee2d46e4919275fc514656cc64642563708ce9ae9ee721df141d2353121","nonce":"fa603a394e9e6bd93d21cde2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"7868fb3bd21b92f1c27f1ef3b9dba59cd2b68a70e5523672fcaf303900f52304019f8b0fc657a3b0fa5d36c45a","nonce":"fa603a394e9e6bd93d21cde3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"3b9ae062a2328aa4cc34f67f854383dc0cac63fa8bc6defecfeba5ae52792d867baaf5f62274271da7fc1e27b3","nonce":"fa603a394e9e6bd93d21cde0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"e95c3c10b38e8af415736ba07be5fe192d154f9dbc618e405bd3ed9bba668a03262cb213515e935a94ea68aeb8","nonce":"fa603a394e9e6bd93d21cde1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"ff852dfb2126c92bf9303597743dfd912f26b74165206954cdf6d184c19b2fa4977dbda55672e418f05224fd01","nonce":"fa603a394e9e6bd93d21cde6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"1bce5c52eebe773226652cc6e99bff81527ec48f3de328776b4efcc28fddf4d3656abb2e2131d2d8e3cc3f342d","nonce":"fa603a394e9e6bd93d21cde7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"1a9ea3ca7a2a530fe425af56f7120ff6dbecab5c233066e3f15af4e31fc5f746bc7c577500d10d5967930fa4f0","nonce":"fa603a394e9e6bd93d21cde4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"bddffc36e496a64ea446e5c571b16c6f5d2d3b83f2d9260e2b40bab15e6b60cf33a3a07f70146662b203993143","nonce":"fa603a394e9e6bd93d21cde5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"36b30d5662afa9104097a329671c2c9620a70081455b8d658b0603c812065a427d9302e254efefb5f79b258278","nonce":"fa603a394e9e6bd93d21cdea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"197d3481ea04ea4912a5604bb1fb4961316df8e8adf86f79c1a30e33ad7710397c1123ef979d6e52c4e1de9466","nonce":"fa603a394e9e6bd93d21cdeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"21b068125557d70d71c583749575d94f0c82bda0053897f064f221ee612c3f4f983ecd71e30fb94012d9ae84a0","nonce":"fa603a394e9e6bd93d21cde8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"b315552f9935250875dc612d008d97116b84922407c288fc3b1764c3203819daa86932201509c4f82e4590b7de","nonce":"fa603a394e9e6bd93d21cde9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"174f0cfb3b3879a4e258af7f2b2faca6148876483a5de6b5a8ce82a84e700d7720a80ec1ee9e6c8eec4206fca3","nonce":"fa603a394e9e6bd93d21cdee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"7000e1d34e7b2e0db3a385ce516dcc882ef6b6a325823b3b6c216479b8e2e170807f8b0a8fbfa178b45e89a843","nonce":"fa603a394e9e6bd93d21cdef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"34d69afda9786278eab457561d4251271470ef1d32c11bc2bebd3423cc3ffbf8d29f005d3476f9ec4c7bb0c6ff","nonce":"fa603a394e9e6bd93d21cdec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"c594b1ef95e98e2d32b6eb81e69a527d11023abf30522800f90712d7b2837f20f5c59a3c2b4ad4042607ab9999","nonce":"fa603a394e9e6bd93d21cded","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"730ed47b1701a950e0c7ae938cdae1404bcc3b5fa9b05218262e6a472e7c8b181600171e846b03deed51759aa0","nonce":"fa603a394e9e6bd93d21cd92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"896013e5e6596139cf1350421198aa3f49177fcf65cee144f1b744e2523e9341d1f65ca660f344dfa3d79caa81","nonce":"fa603a394e9e6bd93d21cd93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"15431953fa6069b6c8c1d7eed3ca298bde3c1ba4259e0eb9e5ec78913c194366be2774d7e23c44396ea7841759","nonce":"fa603a394e9e6bd93d21cd90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"f10129d1243076219f283a1f41371eb53c9f5442a7573bf7826a09cbe395e2fb7f4636ebb807f276d4ea1aaaca","nonce":"fa603a394e9e6bd93d21cd91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"0022acc1bebb9c3e6a492037115539c1ca3ebf38c0914b4e81eae332737be44284f8fa8a04c4753880cd130721","nonce":"fa603a394e9e6bd93d21cd96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"6ba87538a15549cb673a2e51eeb5acfb86127344ad2c797ae8ce2fed1623e17276997e0a7b24a81b189374b886","nonce":"fa603a394e9e6bd93d21cd97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"8fd3ff44a5cb29fa3afb9be37231b54b51b16eb6be6aa3d7bb289606c1f8c0024cf302d4a7fcec7dff6efc6d41","nonce":"fa603a394e9e6bd93d21cd94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"51e527ff0ca56f17262e6d6288bcc36c64707f986d7a0012810107d5262383b2455a888cd1ee66fdcffa32b7b6","nonce":"fa603a394e9e6bd93d21cd95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"b0e72792f0844dd628ffe139df808e2c30914b8ec9ce9964f3dac46432a16ceee501565b61bdae23368fa5aa0c","nonce":"fa603a394e9e6bd93d21cd9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"f1bd2d0621f0253ea15fdd41ad5ec0c8cde02721bd127b0035aa84149715274f737b320c12f66ebf6e09ec76cc","nonce":"fa603a394e9e6bd93d21cd9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"1452213d8152f8111048f9d2a91ca6d8f7e8e6b10ef99c125f89decd5282a986eaed0b9bd25942e24ef899c0ae","nonce":"fa603a394e9e6bd93d21cd98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"b1a4b4737f913c3318cc34d6d1f1d19046de4e4cbc5019ac9a6b818d3ca231fb03e08f2fd50db17b258c674d84","nonce":"fa603a394e9e6bd93d21cd99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"6370ebc3662a13b7b621c06a35bf8de750a2556740150d43cbe2fdcdadcdf7b8cc8434413c1121b598cb99aaec","nonce":"fa603a394e9e6bd93d21cd9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"2644fabb30a7e98ebbf194291585245fffbb4577c6a9cb3f660ed09989decbcb451c52852ca278581252e810ec","nonce":"fa603a394e9e6bd93d21cd9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"c381e66f0889ce18f50c40629c87dbec162a5079ca4300ea12ed438e8fb6a70c562e5fff3a058979d0eafef423","nonce":"fa603a394e9e6bd93d21cd9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"03ff102f928e7db1d3eaa00cfa44609d41f8de5439d620f7197f5c3d05a578787c6bd9e7eb47c182db51f73345","nonce":"fa603a394e9e6bd93d21cd9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"760cf6bc668080c9adaf3f89bc9978c93bcef96be4f4064b948574973f8381e94951912da5a426d85e2f09e062","nonce":"fa603a394e9e6bd93d21cd82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"aa0580e18f1738a217e665a2d247394f89f7a4f17c637cfbd4920bbdc8d4c74dace51203b6e475a1e2b71b11ff","nonce":"fa603a394e9e6bd93d21cd83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"df27be51a42a2cb0fcb6493612f622b4198c5aa9e2c448128de9663f12fd484ce819f48e407c048b21ff6cb863","nonce":"fa603a394e9e6bd93d21cd80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"94d9b4a76dee8ac7fcf06ffceda6f5547018f6824cf041a0d5210101eb724434406496dd8ad848f4aa399ff4ed","nonce":"fa603a394e9e6bd93d21cd81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"b66f12b02e2c3aaa8724e7cc13dee0ef58bb82aa7ba6cad7d0a52a69389fc0ebed2745e68ef5bc59e9284b9ffb","nonce":"fa603a394e9e6bd93d21cd86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"4cc53244be76a2fcefccd191bc32fa2dcad9cfd99452064cd51074384daf5b4944312ea6820d3aadeafbaa4300","nonce":"fa603a394e9e6bd93d21cd87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"ce66e478a2c2da1ae4b9a67794e870bc6e40fb9c2f21b6ebb36ebd8e8ff37d444672353b120e2e3f13a4cf134b","nonce":"fa603a394e9e6bd93d21cd84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"3b7b987ac44f6089a0f7e378db629614b9742bdaefd13b66ad4bcaa0d08c2be0ec23fba675c0d99069a856272a","nonce":"fa603a394e9e6bd93d21cd85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"1d4ccd8cfa358b3ebf6453e935c11aee641a6c3c75fd6333572e2012ed04cdfb6e381db5cc87fbdb373b4868ec","nonce":"fa603a394e9e6bd93d21cd8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"c7b48d0ba9416d7350f708398fc2a5a4aff1956a642d87254fa7b38f7a83b7fb2575e8be78c263743955aa45a8","nonce":"fa603a394e9e6bd93d21cd8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"b03435106f0688eae273437551dd59df48c7889581b60d277dda6627192a6db6fc67cf2e6d7378980430c2fbc1","nonce":"fa603a394e9e6bd93d21cd88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"6d35429662db88ab2df6124d444bf628f9dddd01bd7e1d40d5ba70dab9976c799436cd3517fabaf58edf9d6f33","nonce":"fa603a394e9e6bd93d21cd89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"3a41d529c278c82b89824aef0e3adf645aacd2f039741e141fab5220c04f1cc3b02a2edb138e86e24d62bd47aa","nonce":"fa603a394e9e6bd93d21cd8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"5a538e99f64cb28a044bc48ca2dbdaa9018b874f7791c5d5bee5aa3104c522e12072750bfc143f6c5c91e54971","nonce":"fa603a394e9e6bd93d21cd8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"80bade8b7884a83db649d23b6bd85b2c961e390a79b1ed911a8a6c4b2fc17383db036988a18aab0ed71986249a","nonce":"fa603a394e9e6bd93d21cd8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"e48556b025a0bea3f131df24f03088d4427f1374c4366752215b408269be7f26d5e3177c1161ed12338fdac064","nonce":"fa603a394e9e6bd93d21cd8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"8da8c5082d1127b694008a9e8c782b0fcfb4442cca98d09275195c2dc477365eca27317546434f9888de7288d4","nonce":"fa603a394e9e6bd93d21cdb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"221ac0c862851ed6b38ea1fe1d7099c7b405d0ba0a0abb014b039bd048df2da48d76bb11bbd3869bfd18144500","nonce":"fa603a394e9e6bd93d21cdb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"d07c71fc92c8e50b8b81309f76ebe2ddc84c2200a69227533dd5348c95faae977154fb8f40949c0c072876573d","nonce":"fa603a394e9e6bd93d21cdb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"a24aa4b1b403587da758d217c21308fa53080b7c5e51343ec2eb7ccff866960c28d2eff6aa65b7e9e14ae3c46e","nonce":"fa603a394e9e6bd93d21cdb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"bfd6056cda735e819ecdf114f1871acfad23cb111ca050f23c27c197dc6d96c44928cae3b4dbb02ec017f2dbd1","nonce":"fa603a394e9e6bd93d21cdb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"29855fbf7ec84537477b3a0840e717d10b26d22fa1fa32b39b6c92608f1e653da8c4b220e26d59ef06b91bb4c7","nonce":"fa603a394e9e6bd93d21cdb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"7c2a96cf7a7330069973b4d347bc4215ddc8ab67f9eca0c1a88338bdf57af01c2441bf952da53abaa0caa2bbd0","nonce":"fa603a394e9e6bd93d21cdb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"9914ca663501d97773406447e80428c1dbc8b964da2df4b65bf0558f391c070ce5db36ddad8c969b77c19e8417","nonce":"fa603a394e9e6bd93d21cdb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"4240820dcc600492eda2402d18f68409b6d662fbc9a2701ba07323af9c70bdff79637c6c56045b88882278e0d2","nonce":"fa603a394e9e6bd93d21cdba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"6b7561be917bdc8ab2433c74a63bc7c32928d5d7c23356259989a7fbb512c8339296fd9617ff413459fc734dcd","nonce":"fa603a394e9e6bd93d21cdbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"9627e28dbbbc0a2e30baaeb096bcd5bf9d8ac94327d3a7062ef9ae9dea95097159e99c1653a3316c707819d86c","nonce":"fa603a394e9e6bd93d21cdb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"64c08650b83f23926fab60869819d78bd708ec477eca2ae0cca4693e7489d33a72005dc8ac40eda2b486faef12","nonce":"fa603a394e9e6bd93d21cdb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"2ead9d4378164f110e054504f6d382482f7b3c6b96c9368a4ba18bae03cccf3071e4657e3b42f730d0f7a2a45c","nonce":"fa603a394e9e6bd93d21cdbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"b494edabf350db700f1de493300d11bcc72ea43495f9c452338341bd228d51da2572e31a630d4a87b2e605fe0b","nonce":"fa603a394e9e6bd93d21cdbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"094cf2fa76264702d8b63013356fccd2434d43124578df0671c7e19c4d4c0e7bf8654a59b46c182844a057a6aa","nonce":"fa603a394e9e6bd93d21cdbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"eb62c6611880620a4f76ffe2c58ed4b117db4adf4a82abf2491b14bc5be27babb81d56cf95bbc9f6853ef07051","nonce":"fa603a394e9e6bd93d21cdbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"175ad878b3b2346e4218687f0b5472e862edeaabafe031531f3557ca138c76b33551a0d5de8f32a40dcbdb1f4b","nonce":"fa603a394e9e6bd93d21cda2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"b69cf28cb75145287f2fa360eb8f819ae9460707b9dc2edb7e32ec54f1bb6d731afd398a830fb8bd7e9014128d","nonce":"fa603a394e9e6bd93d21cda3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"c41ca2d0e758e7f5abf7c67e0538fd922bad5b995da6a09accdb413354e306c133ada28e45cbb54e37f1105dea","nonce":"fa603a394e9e6bd93d21cda0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"bed57390f6b157492791e36169043a9c91ce7fd524052174d68a468c4cc0a10e533ba5585f1aac1a65f91fcdf0","nonce":"fa603a394e9e6bd93d21cda1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"a419131f478168821fbdc4fe759acd753087fb88bff5bafaa71f7c8324e2820f6b0d570f103e60bb304dee59fa","nonce":"fa603a394e9e6bd93d21cda6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"1b71385275285fd401159df706aa466b4c914ce6e69ed35c782acae80a7e6ee7cc8f73cb3710f3687bfbb22c2c","nonce":"fa603a394e9e6bd93d21cda7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"7141d6aa797e87cc0ef7cee03f0012fdaadd27146e969e069e147f8398949cc98d95d3d346a99facd41743033e","nonce":"fa603a394e9e6bd93d21cda4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"8de48f40720c15e4a737cf25f7ce69a5f5aa95f94f02673e5c519d748c1a7e9693744c2a3428e69a41ec99322e","nonce":"fa603a394e9e6bd93d21cda5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"32bca58d51be77ebb63b2dd3fa42a10898194c4143e296593a1abec0f650a89b731a46bb0ee141f335ff5375d9","nonce":"fa603a394e9e6bd93d21cdaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"e2b9105854304c0369459a153ad504939d8c8e67376277a821b02cff7b5197ba6ba7086bd932ccecc14a17943e","nonce":"fa603a394e9e6bd93d21cdab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"dd22b2ea9cabf3f675eb41a142f98300ba39e5ed789b000972eea1b84b65bf2be61d13f5c249258292f6d5d45d","nonce":"fa603a394e9e6bd93d21cda8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"f6f4226a42b1f8af9b1b68e11cf4cb806a11d1d267df1e2691fca6b46be7f2fab83e6232f4734b66d5cefb6714","nonce":"fa603a394e9e6bd93d21cda9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"82427fed5d0ed809d31b0d019d48acaebebf39bb89432da4a26b8dcac160eab1afe2a1649f32c39ad7e4e88684","nonce":"fa603a394e9e6bd93d21cdae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"fa856847c67455fc00c2290db909d8474c065a4400659ac47230f7ecbc8a60502f3a3f26c7423c833bbbe697dd","nonce":"fa603a394e9e6bd93d21cdaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"43ace06318bdf6f4352222cf0728cb7d5c9c69d7a6c7dacdf594157cdaab9020011baf97a24674cf8aaac01d7f","nonce":"fa603a394e9e6bd93d21cdac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"4fc913542d9b10be1969d18c305fe91740cda44f5e3704d7dcc812f578fa4e52e497efa7c15ba5877c2270d029","nonce":"fa603a394e9e6bd93d21cdad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"fbb454b340faeaab3ef6c4633f87ec87e3371faaf9ccdd9900ee6081b672556023bcda2252af186bedf0363334","nonce":"fa603a394e9e6bd93d21cc52","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"75570a8d2eac7404054cd589d70987bbf69a7771a0cdefdc431fc97144085dd8"},{"exporter_context":"00","L":32,"exported_value":"b637f2a82362259126c2e3f955b3958b03d7c29561b825c79fd1b8f33e0f30a5"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"202e2a37a076d0e683cdbc27c03eaeeb2d73519eb018d8bdabe467743d1d3bfb"}]},{"mode":2,"kem_id":32,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"1bc10ced780691e8d6a2559fcfba8d7ea32ef2df8ffaa32954649b551e6d0083","ikmS":"248a1745b0d3a25bba889a27a2ce8f2826e5a755e9f1c784e047d9d03e86fc71","ikmE":"67aa79119924c7684b3db28cadd4abfe42fa6c3735bcf1fa4742ddc224c2f90a","skRm":"6ade1a44d2ee24ca4e44648119ccaf2e2f0de11fee18536f5b5b4ff543f1621c","skSm":"163665f9be4038f7f4b78bf097690ce1820afeca2d7502d6b342c4df9132bcac","skEm":"c38ab7cc90dfb49776bc0f1137eda624e62371bead515cbc93c69000eff747c5","pkRm":"c05b1ec51b2ddb9f226074582fd6e259cc9ca35e92c73a24c7b5062e2ac3f712","pkSm":"80ffae75685b9d176ad0ed7f721c64f3c274b50f5a1b113165c44915db7c5217","pkEm":"3e276b60dab1aeddce9176e30201795fc7c32736912f670c8f09e1334008a354","enc":"3e276b60dab1aeddce9176e30201795fc7c32736912f670c8f09e1334008a354","shared_secret":"039e572d8d6928e925dd19e3400d080dad8e469723897558bdc5694196556787","key_schedule_context":"0288e94c0aacbd6d63a08e547dbda944bc1146d7483cba3d5ca0b0cdb26d2fbecd0d6d8d55178b4dfb4a648a4e3e54adc05dfd4cb2a845712a74539ccee8b4f781238f3e66e519a887ea3a0d096475a5defe5bfd1d22ec386b880d050dbfb6995fe8f7d1d0c661c4e10698687f757b1e981cbf025920074204ff660b9f490d7594","secret":"0d2faf335f790e40bce76f1f68d90d2289b027f83bedafbd6f610ca3b86fef4a2ea13502a7af9a9c9efc717e47d706f783e8de3cdc3e64cc138cdc56ea8b6bf2","key":"948cd9484623c2e148e2294619ca39e99ebee2bd59494841458c45b99e09367d","base_nonce":"a46aebcafe409e3c97ed0970","exporter_secret":"8534e883089b983739244d4b6dfb5409e7bc8664cde57937b0322d9ddfb0047a92508ebe5932355004dc1050136d52ec5d8c6f47581a16995bb2c05a0188f1b4","encryptions":[{"aad":"436f756e742d30","ct":"3866644bbf36102c2360070942108b1459b725a28c6bd3d4224deff4ae11c04b7bb484cc688395222c0287a010","nonce":"a46aebcafe409e3c97ed0970","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"07256a9a29ec37e1dbc0308453de93e831061864f3d7b6f1192f921deba822212dea874769b4b98038f07145bf","nonce":"a46aebcafe409e3c97ed0971","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"50075800001d5057310aac8c57407d63916c3877e1af0a3e77994e6426be98f032170a3633ce2dfdce6ed4669c","nonce":"a46aebcafe409e3c97ed0972","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"4cd73d916084d2fc1d71c0297727745fda3136bde11277ed26afada8b5fbee441eb3fb21eb6ec31f2da795c48c","nonce":"a46aebcafe409e3c97ed0973","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"fa738a6786e2c86e801cf40f5ec13273e164bdda170a1bc494659065329b1522f98574a98697a0b61a16478f7e","nonce":"a46aebcafe409e3c97ed0974","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"99f9fe8d0f89aaaa17254d3e38837ec241ec106cf4d34cb404c83a09ca29602111604c7a1e3d28835ba6573c27","nonce":"a46aebcafe409e3c97ed0975","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"15417b6636f0aea0af2f6b1493e2d774dafbba79230c8410d65e683995f176edef08b8f0cc231926feaa2d9e2b","nonce":"a46aebcafe409e3c97ed0976","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"9ba2aa4a9b544859de0ee09c64531756b7597a53ac713f0b08de85e7a313a36e8aee382775c1e9304637c20633","nonce":"a46aebcafe409e3c97ed0977","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"06aa795c39e7c8524d70706ae3ad1216211a6706b87aa283bd1cf6bcc07d1c908e8fbfb38d9e3f07b3602707d3","nonce":"a46aebcafe409e3c97ed0978","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"ffc200b9653fbda42a007b7a983e5196613f35bfddd8fce46235740ec4348ed9dd968d37bbff490ef24445e7b5","nonce":"a46aebcafe409e3c97ed0979","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"a2639ab0ce3e466a1006bc03b130fa3d3d69502ee1b33b3c75723d42af07910130be4c4b6b0dabeae4e21c1321","nonce":"a46aebcafe409e3c97ed097a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"8c375f027722bcf65168f8b8c2a70cda28d77c62f59dd51f67621ee840f4d4e728246463046883476b5a11b95b","nonce":"a46aebcafe409e3c97ed097b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"6f24acaf51bdf4a7d0d453f1baed9811e2bbf4dd6b04d0c3cf16a0cd43bda6a698336270a1f3dbd1bfbc2a2ff2","nonce":"a46aebcafe409e3c97ed097c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"7d28b4c446202ece0afff4b74ed7bad7237aac55043f620e6319ff6ad7f1a2f2044d2bc8e2e93e4a77b423dc92","nonce":"a46aebcafe409e3c97ed097d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"1e9f944c2b6a603fe998050c584262b0f0e7c5314d136156cae372a33e0a652466426a4097b62903dc86e2b0fa","nonce":"a46aebcafe409e3c97ed097e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"28a8d8d31c5508f21586f3c5cf2014e65fa58121705c1781a8744b4d9afbb3ffd36e3df1bda9f102c4e66bde38","nonce":"a46aebcafe409e3c97ed097f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"f6855e6b393e372f66b707bcbbb2a42aec040f21b3c115af8c82d8daab76357095bc03161af44db157b35901d1","nonce":"a46aebcafe409e3c97ed0960","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"893ef64022e661353449439a06721af55bb15305ee038c740ad12664565f1c9e7498b09c5d457a2a2bea721645","nonce":"a46aebcafe409e3c97ed0961","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"d9dba62bdfc0df6c02dcbea9914137f3c2343cbb49fb535b63c4827ae19f8de3273fbc6b44e3d2bc7b857f89fc","nonce":"a46aebcafe409e3c97ed0962","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"7680c883ca8875c9c215cac9ec8bb605bb710ec8a7a7c8f95bbd31ff2aec91254d8c7798fa3685530d47a22dea","nonce":"a46aebcafe409e3c97ed0963","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"90db91a1ea79bd58b4331f85539733c61b0941c304a00c5878ebb4cd875bcdcd58f14a08e7cba00ed2e0bde9a4","nonce":"a46aebcafe409e3c97ed0964","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"4c1a400dfff5e630715f64a6bbcf59e730533a14de47c8f332fd3c8eb75a4f12a4728fee2708321ea783515632","nonce":"a46aebcafe409e3c97ed0965","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"5f56675612933ca3313df31f6169d6c10a7d977a386e400e85d9c562e03f7fcaec669583f406851bfac9516a88","nonce":"a46aebcafe409e3c97ed0966","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"b160a006dd479928867adfb7a1b828db70d557ce02e150db707355bcb5cfe8ba92ae120034f45367365f20f80a","nonce":"a46aebcafe409e3c97ed0967","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"4a7a68e9ac4ac1c2bc57894bc908de2e795a17425f95d6db07e9c358b0128c08a8829d7669c51388e788d43d22","nonce":"a46aebcafe409e3c97ed0968","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"1d8156407957f00aab62b2c6d515264c53d24220f92c1480ce526f374cf6695a609876b40fe41c29d6a1fc6824","nonce":"a46aebcafe409e3c97ed0969","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"4bc2e12f5d9fd2f0b90abd018da3d2f5081bdafa5d46548c79fcc9f2bf34d6e8aa8428888bfbe449ae87961b96","nonce":"a46aebcafe409e3c97ed096a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"567df00a66446bc7102a273f6c515f67d18643acbdd5b22803b64957e43b8b1032cd3fbb4e4692a63df4f74da6","nonce":"a46aebcafe409e3c97ed096b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"694a90f2533e85d5bdbee9818be8430098dfa69ad64e2bfe07a54b8ba140e448bdfa21105be0782269dc9e8fe8","nonce":"a46aebcafe409e3c97ed096c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"999b9a23d5a19a880902f88d97265f4b43c6a649bb30182f3b9270869686451dca9018d675444d213dc55f4769","nonce":"a46aebcafe409e3c97ed096d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"8e92389178760b1dc7367aad8a7e1819fda171a5e92d3882da5bcfdebed5645089a1ee71c0f6062560a8dd84da","nonce":"a46aebcafe409e3c97ed096e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"24a038d6d9ed566fd6049467169c76be9301a63a230aefbe194fd0bf3afadac61750dc0a566fd01c8bd89f4938","nonce":"a46aebcafe409e3c97ed096f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"411202169d0206af6780af51cb7ed96b2966e4e7a6ef21d6d8f331fb0fd068cecf559d6085a60bad92e835ef27","nonce":"a46aebcafe409e3c97ed0950","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"b15c2b4c75cc17a361467963b21f50cd2da0a58ca0a306e344e5b23545e6a259f62524b5e398ccc3518a75dc27","nonce":"a46aebcafe409e3c97ed0951","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"711d4f2a57384f296bcc666898691161e00715633675969bbff045d39c044eb63f65edd585adb82f9c63f19d0f","nonce":"a46aebcafe409e3c97ed0952","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"3005cf49fb73473290c4807e5a9159bbc1d5a05964cc253dbbb63fab5cab3562100df0062506ce71e7ce147acd","nonce":"a46aebcafe409e3c97ed0953","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"1cb5bcdf3999662640da82f0fbf488ea6654653ae7076ad675b0b0fd678386c93bf643e1a1f209b5f7dcd7b6ba","nonce":"a46aebcafe409e3c97ed0954","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"8941ab7abee570ead0963281ee4c7a8dceb273a786879c29371bcf208841cb4a65e68a66188e485efe4b4139fa","nonce":"a46aebcafe409e3c97ed0955","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"2c8cfb2955a0ee50da9d6f098efd40fcbe151d85e38df24786d5639dff0b13813300eaa4be1f1948a2c24d3da8","nonce":"a46aebcafe409e3c97ed0956","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"cf353bed45a157da87efb5eda20d6d1ff2f3fc2ad1c27cebf6841dee1421aae31587f956ca67d1d955c101b2c6","nonce":"a46aebcafe409e3c97ed0957","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"4d8298b5330550758417e2f9944f355596157a550422774db75dc23dbe6d09b806c49e0f0186317098ca869150","nonce":"a46aebcafe409e3c97ed0958","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"f3ff58be2743a592fa963356b9d22180c2783cf66b24244a36f9ac5dab2ac39df71ce16e2457115bbe79a1ec49","nonce":"a46aebcafe409e3c97ed0959","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"13e8e0773af1d213f7a1602c7109b6077ab682509e1866e6e61333947127a20ea733ec041371da0db32753a4f5","nonce":"a46aebcafe409e3c97ed095a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"4d3555ba5cfcd70794cbf1a51224a1b3c6c394543458d79c2b3e53dff5fdad94ba63dfe950460d3edcc10ad80d","nonce":"a46aebcafe409e3c97ed095b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"36fee11bb037635aac304c043d1dc934c26f5e25de1f1d9670ec2a6352cc485013d67c71d25fffe219285f95ad","nonce":"a46aebcafe409e3c97ed095c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"a33289725a9a59cef64bd5797889841dcf1151bf4f34dfc4c3409e6a34e81b3d7335c47d4e00345f56c0e206b5","nonce":"a46aebcafe409e3c97ed095d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"30f4df9426d6733a4f1ee967f0e09ba56518f807bce7fa18bcf71a386730f21b8f4dbbbeab0886effb4b5a8145","nonce":"a46aebcafe409e3c97ed095e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"9f85b74c65a7e58623e8d94db927429196de4be270d60c90ecb3152f205349e2ee6e4501baf381ec808d50bd95","nonce":"a46aebcafe409e3c97ed095f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"f41699d834e1b21b64ffb2830a63b71e505a882ce69d4eea428e3cda2db8e2bc0c782b0b09c134c1b8b5e99974","nonce":"a46aebcafe409e3c97ed0940","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"9c86e20535b8f8c8ddd27b0d08917ea648361c15b1ce783d97dabc8cb62a71cb6c053e292c95a4f659f4e5ef61","nonce":"a46aebcafe409e3c97ed0941","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"29ead403b8907992d3bd127e53322f23e8c22e1a573ae9fbcaccbe22c8f10d9a4148e521949730dc3c81586a85","nonce":"a46aebcafe409e3c97ed0942","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"447e7939f3173c320d4144c6e14296f8d650d10db140a4838c08ea63ca3384cf7830b438cc23c769ccb2bb3db2","nonce":"a46aebcafe409e3c97ed0943","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"0b8e63617da55e6d00b523188e8e71f49b7f56509dc7fdacd4ac3ec7ebe737f475e74f3d85912baf47a3544992","nonce":"a46aebcafe409e3c97ed0944","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"547feebd4d926d3bc7ab2ab3df3ede74c7f0a1445488e3f972e97d4fa23effaca89b5c6e32c592a897fd82aa9d","nonce":"a46aebcafe409e3c97ed0945","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"ae8b644ca046dd3ab66a5f30dfdeb152a8d542726ba0e211fd5cfeacc7385f09b259f58860bcbfa2e5abbbe50e","nonce":"a46aebcafe409e3c97ed0946","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"0e3a72c530c8b311ec6a98cb66e8192869bdd1754fba95559902683042a563ae970ddfb1b0ed1a4f4fcf5b444f","nonce":"a46aebcafe409e3c97ed0947","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"9f341616e11156c57075712fe6e5269ee5126dfd25cf15f8431f2940e06eb090eddc61992f19b40215d4724d5b","nonce":"a46aebcafe409e3c97ed0948","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"69109f7619bcf854b863cc758d3715089f2e548dfde6021daf98db27e3d453dc3caf48caa318b4b7c71033ec6d","nonce":"a46aebcafe409e3c97ed0949","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"c64ef59f94fa3e375f47aac8d5d61ed00f0b7f3085c31c13719f17159a123cce79fc7ae9a3aaf1f6e4255dd1c7","nonce":"a46aebcafe409e3c97ed094a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"4799d87cf14165ead31b05d858eb426eff60305df4387445bc70ef2bfd2cdd13584aa5d868ae4ada0c24214f19","nonce":"a46aebcafe409e3c97ed094b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"ed4498ce22148f8c725579dcc4fb8ac0378461b9f339919b3f31b258c561f5a998b99baa123bf883065b9934d3","nonce":"a46aebcafe409e3c97ed094c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"2c8aa0f4565b84a07ea4ef849307d1f3238492c608e9c7da12881be765de898e0d4d63fe4b4d2d0e3ee58ab658","nonce":"a46aebcafe409e3c97ed094d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"aa4a886499586bf9f049d6cb66a403ff8ca0e74530d418505c4134fd80fa08a02520d033ca0695bbf98da8c9d5","nonce":"a46aebcafe409e3c97ed094e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"c38d6f6f19d9ebe6fcd151dc6444bb15b765546ed55a3b7815c9abd7e130658467c6fc2f52d1c96357fd962576","nonce":"a46aebcafe409e3c97ed094f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"c7d868c26f163d86416ba6942723a8ddf1343ab3f4ceaf1c6f48dbf763896ea4ce92d1037dfb8991c58148166a","nonce":"a46aebcafe409e3c97ed0930","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"4d6de67b12f2be22463c167ce5482cfc593c298fbe749c2bf2832c29f3b7ae514a67579b8414d373523151393f","nonce":"a46aebcafe409e3c97ed0931","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"ff342723c6fe4867c2619b5f64677d6ca04ea7da610176f376b4afc6c3ec0ca7b91ddfae89f2119badc03dd7ba","nonce":"a46aebcafe409e3c97ed0932","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"2c3ffe46786e81e72a2d45b45c4965b747715bef824d01b7cc94041ad64bdaa3b3e5263276a6b39ba937c1f440","nonce":"a46aebcafe409e3c97ed0933","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"6e8308176b7a4cc0c4328d9a68c227b635971402934f3cb6cccfbbf92afce9027184d41876c33d02dc4676e3f0","nonce":"a46aebcafe409e3c97ed0934","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"ef616c7e0a8ec47a9068ea65cc8cc278839ce4ace8be67225b89be58c5fbdf76baaeb204e6d0c466baa50795ce","nonce":"a46aebcafe409e3c97ed0935","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"cf260e892f5a1db4429947634cc0ff54963b64f18a222b15a6dff3d65088c9f7c0232e2199dd177511abe8d9f2","nonce":"a46aebcafe409e3c97ed0936","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"bb35596850db0db910a55b9581924a6a00cc11b98f8461576a0dc449963c4d06ea6752d9dc22f6537247f70c73","nonce":"a46aebcafe409e3c97ed0937","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"3c4d6a131bef17aef33a53ec5ccab0f434ad57a584a73b4831852f649d940c75b3f2a070109b3b1a773ca066c0","nonce":"a46aebcafe409e3c97ed0938","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"8948ce799c54abf1ad81dfcb6c4150b87357a29701a619ee3d27a8926c82dc72117ba6aea59bc2d34674f4108c","nonce":"a46aebcafe409e3c97ed0939","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"98626027d1da8b893018e85ba6eda705e37fc7284efa90f37b38d8e5d8d88543df27d9454aa2ffaa27fd4eea04","nonce":"a46aebcafe409e3c97ed093a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"e9f1373789ef839ac75b23a365bab1229a71d44012e50aa5caa40f7d2a0cd0ef9c5dafc3b91be21dc1d037b06d","nonce":"a46aebcafe409e3c97ed093b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"248c92c526283a66395c9f11662b2fb3dfd895858ec6ee885a4955e37a1d2e3d8b3621283cd65bb3b451f64363","nonce":"a46aebcafe409e3c97ed093c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"9aa0b0d17cea2039487e1f78ccd6bf36c6775d9f7a122501db3e3a54837b1cf53594dc7be5aa0edc82748ee8e2","nonce":"a46aebcafe409e3c97ed093d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"6b7a7a5512620e1da003db1270f0b405e7437124a2a6f26a7dc088b06b4d88559082935b6d17a7d37269e5c810","nonce":"a46aebcafe409e3c97ed093e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"dc66f9b9944af1b203fc31798ec4a5aba174ace10a90ba07507f2786763936caac664cddb1455ee4c2fdc38316","nonce":"a46aebcafe409e3c97ed093f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"4edf3692381c9d52642c3bbc9439a4bed82286b815aacd2c99ac3d67711555da7c53c4886ce48efbfdb04d229d","nonce":"a46aebcafe409e3c97ed0920","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"8046210e5dc094651825df22b782e2d81b45da3f8d93f1306ff5e0cfb414566a4f6074f4c2e9811426195ae645","nonce":"a46aebcafe409e3c97ed0921","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"bfdd1439bc60ee2fe8df877d4b6c2d3389d86f9a2306a99fe70ab0eed60ce0744c8f92cf0d5e40509ad8787826","nonce":"a46aebcafe409e3c97ed0922","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"7a1a32b49e3b7d438121c81bf49a080a81a2c13f60f6b9e42dc4d1aeab1de15978313e5943b12ee6ced3829e67","nonce":"a46aebcafe409e3c97ed0923","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"21bfad7d2b56632256d700c1ce90b1f0e489bdbe4cc925b7ffcfe56731c9b149c5cdd6ecf1fc6871a40253e53f","nonce":"a46aebcafe409e3c97ed0924","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"33ab9ae43941e8942a076e9021af67115e3763f82d47487dfe2628324a8bbed272b7d38a3e7805506722f4d0e9","nonce":"a46aebcafe409e3c97ed0925","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"c70b8317a3f1fb6640ee4e02ac50cd7765d03670e94320c4b8f5d6ee1fb3a2fefcca471983430a769e9d1c2995","nonce":"a46aebcafe409e3c97ed0926","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"e0df81f63f8ffefab8233352b9a0c97f12bcab075692059066c3afa53bfa305d65fc71839bcfdc1574ee42e363","nonce":"a46aebcafe409e3c97ed0927","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"6203cf819002b832f2dd856566d2e9137cbaca74596e10b5fe3ac633661f219b44891b94f6d60c907432902e37","nonce":"a46aebcafe409e3c97ed0928","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"ab780a346e45e8c42c1e2b383d119d38183d9a25bc6e9c8fc7e6580ad0953a87f06e6a30440a334d018f7b5d79","nonce":"a46aebcafe409e3c97ed0929","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"53776b49ae449342966b2d28d6b070b23cf6932fe0bdcec981afbe25f396596da48ff89b0f26146e2886677d27","nonce":"a46aebcafe409e3c97ed092a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"a49a14301ad13233fa75a5be4669ae9f75d8e0f8da7316d02d8f895bc333baf63b12c642cf178326e8ce866745","nonce":"a46aebcafe409e3c97ed092b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"07d7be9a82814a387bd79fe1b442e44262dff6562ff7bb64896a94d9fa6bf7444fe95782607ff6e60b05620f68","nonce":"a46aebcafe409e3c97ed092c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"8a60dd2f631ecd0f6be6b2ca7673ca5f9fbe507180d636298bbf8a8c6b55f7aa79d27f0cb48af95c82a0bef0a9","nonce":"a46aebcafe409e3c97ed092d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"338d2491c896a8d817ee80ad07d0e044939c6d1278223003038b019eee4773ec56e3423675a6a936efda87291b","nonce":"a46aebcafe409e3c97ed092e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"d10cf4c3db95edf96789873d97a629f36a866702ad84a2fd69eea473a95c9b9e844adffd0e392756c893dc1993","nonce":"a46aebcafe409e3c97ed092f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"55e7575d9ad13412a06ae9bc34167959419b5db310bd29de48513d81c912c163c9db3c69d35c49d28bfde11e5f","nonce":"a46aebcafe409e3c97ed0910","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"8187dba474f1bfd097cc519ee08696fb08a3fe45e5a7f03716564b8ce54012e36781394a4691939dac7f098d08","nonce":"a46aebcafe409e3c97ed0911","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"5886ddbe54c603bb47e82253e5b60f050726cc1528be7de5adaebb11a2fc6363a76b9214f180279c24d5156b80","nonce":"a46aebcafe409e3c97ed0912","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"1cfeb9ca55a59019c4f76c3280b1356b9143c77d0156740bd0ce945276bc4bd4ff89c9fde3dce7fa58211f22b8","nonce":"a46aebcafe409e3c97ed0913","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"f489c125f73c8d5813f630f33231a2df8f85958c26eef6d22be5ede83fd7fc7c99b4a2871b4d50c2dbc45fe851","nonce":"a46aebcafe409e3c97ed0914","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"9931808ad7763f78c06c9f7866471c03f83e65cefdbecfa96e584f31879dec46f4f1ff6be3ab8edfa22c9d9ce4","nonce":"a46aebcafe409e3c97ed0915","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"31f4ca238eb84c4e1a1464f4d855002c8e97537b9f64fdb4b890050894c96a9fa8fa924d335840fae40dcb80ad","nonce":"a46aebcafe409e3c97ed0916","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"a04faf52d9dec164189780a1c8e74c2f5983e45ef3f019fc18dc34a89e8c1cfda322ab6db7876637739f96c180","nonce":"a46aebcafe409e3c97ed0917","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"2dc8b2c8cafcff4996992d6490bc95df970c6cea85e8aabbd8ec734412795f8b8d95f507ce4dd5e9719cedf1a3","nonce":"a46aebcafe409e3c97ed0918","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"045fdb1c4af67ea793339e9d1628f0261511fb26f3ded2fd081610605f4de04a703bebd2304c5a2dc3859a6d10","nonce":"a46aebcafe409e3c97ed0919","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"d2e88862bd5109448b6456eec061a2f9ccf5a3cc2a7f1404a91b15c98fe69685691b466fda5192ca7c05d56f28","nonce":"a46aebcafe409e3c97ed091a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"aad660be22a1196e062fefc3736c8fdc1304a33cea49310bad5d8df1af9b4e92ef68ea1dcb9f38d26997ac0bcb","nonce":"a46aebcafe409e3c97ed091b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"0439762667fba2332a03ae9407590c64e6e4a05c65278b5e899ff0ad7d334587eda34c74fba585b45d57167c0d","nonce":"a46aebcafe409e3c97ed091c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"739fa24b815e0f8196c6e1b3a0d4d3ae373545410589e0a71d3bac23b1bd9e6da287a7fc341f2147f949ce46b2","nonce":"a46aebcafe409e3c97ed091d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"a0911b233e6861a874ceee9dfd403510688323cd91cad72a67695a478c15dbda8cacf417fecb6f716395294443","nonce":"a46aebcafe409e3c97ed091e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"2272a7597be1e1c3d462e20c2aecfb27242755f3e8e5fb3791d33413c61cc5a941ad2bc22149e33d9e650e171f","nonce":"a46aebcafe409e3c97ed091f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"08aba5d0d428963aab670b8a171a505e6a4658ff8adf1cf76f5b678b081d08406a17ffab418fb82967d25d69e0","nonce":"a46aebcafe409e3c97ed0900","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"fcaabe1a85ed213b865e1e9dc35dcbb020836b58d108bc2624f2a88e4f8b706b2f7b87b550687e3102f2de4fb9","nonce":"a46aebcafe409e3c97ed0901","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"bcba843bcf633af2416a29a1994f7186d8d6a862cd6dfbc2422efa9e520756ff8050f3b6099725f616ca6abe3b","nonce":"a46aebcafe409e3c97ed0902","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"4875b0eb5c07637a8f79e5a6909bb67a115d64d5d73c671b750ebb1e54c5ba1d6e2e340cf9f0dc3631f4c6024c","nonce":"a46aebcafe409e3c97ed0903","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"cb2a2ad838d154a3fe413a8a7431c1fbbd7a7b4f883808c697642fb685520fd036eb5ffe1c17b3f2d48aaeee4e","nonce":"a46aebcafe409e3c97ed0904","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"37cffee20109c199fcbd7b3c8af94f80fa3aa64e3a348b5551c497e7464d0f92a893861b0ddfd210981ee06669","nonce":"a46aebcafe409e3c97ed0905","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"68c4a60ce0a6d764bda164754a81bcef2438fd0f26f2a77c9e450c87c39b6b3f81c2115b63111305251efef934","nonce":"a46aebcafe409e3c97ed0906","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"28383d65a90494b358a362fa5c9390f54c805d7b03682484fb19c4de1b8a98dd84344c62e9fd6adaeb0a78a665","nonce":"a46aebcafe409e3c97ed0907","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"4557b0797220523acf9cd9f2d88e6d6b95576d2331a8a40b70035ee1757343ed49639edb7ba3a9e7649a08f0f5","nonce":"a46aebcafe409e3c97ed0908","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"7d7cb82f1dc01f49573ad01d981f22b764242b3a03662446c87599f04ef4307b99ccc1b00636d5da6a84086997","nonce":"a46aebcafe409e3c97ed0909","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"37c959ce5eab1e231683f1189faaf0b9b8bedfb874b4ff99587944da29ceea4986bbce2a5a74fce351888ec667","nonce":"a46aebcafe409e3c97ed090a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"f507da72cdf64a8c52101ea371282bf10e7b689df8c2b91aaabe724fca6746ff7dca630d0b27e194a571498fb1","nonce":"a46aebcafe409e3c97ed090b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"8368d666706cc0760d48379732664270a176d403917162123edc09313c486dabacc113aa0bdb3417d992581d4d","nonce":"a46aebcafe409e3c97ed090c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"3673a7aad953fc1142a33bf117f63b903dad5928f06ee34b1f683d35f0bf022c06a13762957503379bff3dfa4d","nonce":"a46aebcafe409e3c97ed090d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"0bd85e610c95096f6a15a274465fb607c9ee2da69d0c897de43a512752014fad3e8312cddf89ada5dfaee3c5ac","nonce":"a46aebcafe409e3c97ed090e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"4a89441dd193e2e0bf422b2e3ea37965585602ed51e13bfd79631067d107377e477e3409aff2661f1d7ee57f52","nonce":"a46aebcafe409e3c97ed090f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"eea2b5a7ddaf2cbebae77dcad889fad02c4fb1034247041bac9162db8b219cb9d981d1851fbbccaa67d44fe2db","nonce":"a46aebcafe409e3c97ed09f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"e0b274e6a633b645bafb0dd6573c2bc03548fed3a6cba0ecb00997031b5fc10c05dfdd54f04425b667bae931a0","nonce":"a46aebcafe409e3c97ed09f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"f67f063839e80d6ab4cf27695875b1c36ca09a775388c306442c190927a0cc9b729a1aa46279db171bbdb53305","nonce":"a46aebcafe409e3c97ed09f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"a660c2c82d1f9c48a6e47886fc2f5476580c14ffec2183412634a0414f66fde25484a27a8a21456fae89ec26d0","nonce":"a46aebcafe409e3c97ed09f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"c3d3c8749080beea7323b0c815f2067c1b163e5d7b51ddd4c4af6628b89ef3d5c001aa4991cb093d361af979fb","nonce":"a46aebcafe409e3c97ed09f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"b01547e1f87a925acb5dd7abfe8655650f1dd270a779bd839dd18433c88823545a6d72cd944926dc9beb12e6f0","nonce":"a46aebcafe409e3c97ed09f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"169f626f24b02eb67f0f912bad3079310e5fed916c7fb41845ebf1947bd732ede04d54c8d9b6050ba1fc8f7462","nonce":"a46aebcafe409e3c97ed09f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"d44269402dcbd8f5455b5866343b50958dfd0dcc6e862d95ab28e705a472844ddf3470f364ad454c5c098b4f61","nonce":"a46aebcafe409e3c97ed09f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"ee379921ad6891c63f82ee6dee22557742750f626ca9d9123c95d4964ebf06f2d7962b2af838bc429f68eb7687","nonce":"a46aebcafe409e3c97ed09f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"a87aabfbb8ee036ef7e86aca2683288c972e99934d0e214444c23fadb18513a4abe7a2e15c3b12640ffbe19250","nonce":"a46aebcafe409e3c97ed09f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"d8b00bcd7d64a9b1e667dd79b7050e4fd56e400e70f34be6ffdd67dca89d5017c88d3520eceb3ea1b2198af6fa","nonce":"a46aebcafe409e3c97ed09fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"d9e846767566137ac7feacc1514b2ac7cd8e5da4e86d36929173584ada849d7f161c6fcbddef014db600745075","nonce":"a46aebcafe409e3c97ed09fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"8b289a81f49ffab0fac4145437f68473d83e693905dd26ee193f0ed231be2be07e18856754fc5b672ba456185c","nonce":"a46aebcafe409e3c97ed09fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"d4aca670ea60140a318057c07b331a6755aeba99ade799c8122c7b3a27a5b778388637def3f84a61b4bfedda53","nonce":"a46aebcafe409e3c97ed09fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"ee086d127f35e5bf58c9ee5ccb76462ab00bad4625e139c783b329a08680b07e9deebc97a1e93a38832195a5da","nonce":"a46aebcafe409e3c97ed09fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"7911837ba5e6aefba90a6ae02103c5c43db80e7e95e771fd2db9356f6f38e377f7e9c730bc964e02805e1c3d70","nonce":"a46aebcafe409e3c97ed09ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"491a5322427fde1267ed5195304e8e7920f3a1893e47ca3359b11035945363cfa77ddf7ae373b31680fce09a46","nonce":"a46aebcafe409e3c97ed09e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"ac0092d7a87d84a25aa5f2fa04d33d6802c7e50b37424ba715b4b0790524a9a1c6551cec0dea37103d02ddb68b","nonce":"a46aebcafe409e3c97ed09e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"3b6b8bd777837ca8a08aa3cb49708a5e709cb47dc61fae6837ebec05277db9618b4cecc2ab5ef234f0118b556e","nonce":"a46aebcafe409e3c97ed09e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"6b1180b0b75428d71d48303d44e0567f3f7c9fcea6f432947c28fc666bb0a3e6755d0d9133dccca04af000ea2d","nonce":"a46aebcafe409e3c97ed09e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"05941483dd59cfd9f36ea6c5d85bc0dc20b02045f10033b0418694057651c8c8ddd7a29f9cc26f34a17cd71504","nonce":"a46aebcafe409e3c97ed09e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"cd6ee042bd4995119004bb851cc6459a8edc6ce5de3bb529ce30b835fb3241c4dd146053326ce4541b9b7dd80e","nonce":"a46aebcafe409e3c97ed09e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"fada044547513cf6133cdfd4547e069328c4be3d306f73cb600c9f380aa735972359d54a38e2c67b8e9af96a24","nonce":"a46aebcafe409e3c97ed09e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"4b2127a12fe2b8ba2427d133db4cb8be448e50c287be5f0f675e47c57f56bf077bde95e00ffb41d5cf4d163513","nonce":"a46aebcafe409e3c97ed09e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"fdd1dcb56fa839a314be320fa3591ef40edd326b567f32d3bb16505514137e91d80c4c924afab3ed5ca3965756","nonce":"a46aebcafe409e3c97ed09e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"c29bb05890eb12e5ab1271716b4dfe60892cc81ecece85d2265029024a7e44f36292f958f8cc8a7b3d614114c5","nonce":"a46aebcafe409e3c97ed09e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"15ef8e94e896aab4fd2ca7dcaa170eb16d408c34f6d47cf7ca73b35b7578d06aef17a14a5409a1c7be33605613","nonce":"a46aebcafe409e3c97ed09ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"d79ad8f53babd77caf9b8df929a58b2e952ee50d218e8d6c3605e4a0ca4d8be612d284fff844c494b1ac8fd16e","nonce":"a46aebcafe409e3c97ed09eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"21f010512cc07b50c05249705c5fde889c29ff3de0a629d22ba89d33fe3ffdffe547f655fc10d8d13e8c6e3664","nonce":"a46aebcafe409e3c97ed09ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"3dcbdba97e1c866d1c6c288f4272934c97ce11c6d45a26334298db9fa1e196efef5f3659d9e734d267bf2fca79","nonce":"a46aebcafe409e3c97ed09ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"5ef028b8948286d8e9fe7623cf2274a9900f94e122e34a0dd782dd7cf3d8e0e3dee15063b6fe1d50ff921e6bac","nonce":"a46aebcafe409e3c97ed09ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"8b88b1986b67fe33adafca174ff31ee576cf5a86fadc6d643041dc40668146658605a44fb990c984f3839ed8fc","nonce":"a46aebcafe409e3c97ed09ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"d0e268daf9c69de7efb20ee4fa3240cd92ee31bca1e3867d439c8f3b7b6e52cfcc04c24e134b807e7d7cf311f1","nonce":"a46aebcafe409e3c97ed09d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"e73d5c0c12988894c78959831246cca842fb5773f1ad9ab347352962bfeb111ec8d482a9a771af016226ef6389","nonce":"a46aebcafe409e3c97ed09d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"485b6dc6bb5c8ec43219b466704a348acf9979cc77c403c7f9b1ac02a44ee9b65e0a98f0eceb1cce29c9f9eb46","nonce":"a46aebcafe409e3c97ed09d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"61dad2d55570727dbcbc95451e91f284b3923a258cb20e14d4ea55bb4c6d37178e934ea7dd40958289aa17e2f4","nonce":"a46aebcafe409e3c97ed09d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"69e73e74de06f732aca8a14c04c4f3434dceb1dadae40d736d1662236f1830e97a3f448ca71d2516a68e0e0fa7","nonce":"a46aebcafe409e3c97ed09d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"7ea4f1b39496af3f7267aa573929f428d9c7e1e48830abdbf394bebaebd8a6bd4fa526a18fd11f730813da50c9","nonce":"a46aebcafe409e3c97ed09d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"895cc394f8694b53bdf0ee22d8791aa74744685d3fc58268bda25a0681e000bac984d186fb74ee8de9b08e00a9","nonce":"a46aebcafe409e3c97ed09d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"a627a4046746f09f01188f34727a181177f5ea8c85a5db230e27f5aaa5f0c1cbe03a00d2ad6b11d36ff13db06a","nonce":"a46aebcafe409e3c97ed09d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"1dfa4a3238dba54bc01177293f69d2a1b4125c4f7a49e5b180a1fb4bc803580bf14121de9aaad5956d008963b4","nonce":"a46aebcafe409e3c97ed09d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"169abbe2bd305b4bf2bd6eccfb36f6f3aef5fb9deb19fd786508a22507bdc026cbc87697f97bf175353d28a468","nonce":"a46aebcafe409e3c97ed09d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"2a8c1a76f99d7e221fa4a1ac77dab614717eb16d7c42f8f6fd90ebef317b7ec8fb2e3d4c29eb89c3b7d88b7482","nonce":"a46aebcafe409e3c97ed09da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"8130986c78db20c03b99fa070b47af4e9911e3e4abcab75b71c54d05831b6369274805269a232f02bccf2bd350","nonce":"a46aebcafe409e3c97ed09db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"20e58c6e9149d5145ce152ff34ed498c60f0fc2081d874755710859145e25c282a5a8704261e60f6d5a03fef15","nonce":"a46aebcafe409e3c97ed09dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"94b1b319e23ccb0a52b738f8d6cefbb154d57ce33fad176ad8829de40c8d1ff2d6805e9a4466541b8673238887","nonce":"a46aebcafe409e3c97ed09dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"90ba7a16c632081fcae0d3eebf83eefbb815aaf67a8749bcdd923e6fc5a853c76680f7ea06c031d5a16fd41c44","nonce":"a46aebcafe409e3c97ed09de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"d91844fb53c63f6a9d6b982688246062070c18335567c2d9b987c3c82a5fd0df01a29e6c39cdcdc4f0727fe622","nonce":"a46aebcafe409e3c97ed09df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"1d773e210559f83c9aee8b30eb92f750c615c6bbe32dd76dbb646a1b95635a36ca9ed03d76b2a250c68771a960","nonce":"a46aebcafe409e3c97ed09c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"8eeef7282e8b727de7647eaac7b8c30ec322edcf18b8e1af41ed27b8a7c92a80018fb7fbbc98888cffd4f5d22c","nonce":"a46aebcafe409e3c97ed09c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"ddf1b15bba7296801f4819dd3e0de52e0ab31031bc8343a78f8e4f37e1aa0a52b67cbe80d336d30c43982c9024","nonce":"a46aebcafe409e3c97ed09c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"86649600fe473540a167e479f10f9505e50289bf6441c18dfea9bde912a03c9d67ee83ab60a6ef2912f905b473","nonce":"a46aebcafe409e3c97ed09c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"068e8c3639bc9fb1d0e1d3f404ea3c4f4af1fa3488485b7d875374af6e3784459505d7ecb3f05e0599e8ef0dc7","nonce":"a46aebcafe409e3c97ed09c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"60c816d515a62f585aca45048e5af09301e280c40b0757382160a4f224996137ff162201cbe5a1ddfb7b581946","nonce":"a46aebcafe409e3c97ed09c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"1fb35823c6d25599b3b26d54021749e8440854d0dc7ada43a14b66ecd2bbfe402dc6ff4b25107668eff6df1b0b","nonce":"a46aebcafe409e3c97ed09c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"ccff2799a18da717859cc217b7ec38153057f1e4da4c8500c3b5784aa21e1301e60bbd5a42bcb8bc904ed77fc2","nonce":"a46aebcafe409e3c97ed09c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"3b59403f07cfbf1d4209b3d3dc24da2f31ed5be209eeae96292bbc34089eb15c88a272c5f168c9a084844283ce","nonce":"a46aebcafe409e3c97ed09c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"ad49edf6baa0e9cb77bc9d145a2693174077cdba4728552c76ceb3a43ea3eebaa8da546bd95354ed74436f8660","nonce":"a46aebcafe409e3c97ed09c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"7bb257995fdd177028d9e6351aae21097ab577c5ed780e33151c1852d98a28dd9da84b70dc97fa2ed7eadd3fdb","nonce":"a46aebcafe409e3c97ed09ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"4a7993124507de5f7cd3b6940d1d7069dc698ba36fc0e9c35e905a1e2a438aaa115be26dff024b388b4beffa23","nonce":"a46aebcafe409e3c97ed09cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"54feda8215c78b70dd0c42bf58a6e5398b89c99b9b2a5ba8eaa9d85ea50fa6585607ad5a098b64ff41274b836d","nonce":"a46aebcafe409e3c97ed09cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"a44fd1f2a7fab15ed19fda10fabebe488e0e33a200bafe5dba944116b1d517584dd1cf2a7a4454befb151ef700","nonce":"a46aebcafe409e3c97ed09cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"2a2c075ad429fd4279fce2e6c20be9f645a2f61c9ca014fe70786a8a7bc20d4c4dc4c5c1eea9b61770252e5262","nonce":"a46aebcafe409e3c97ed09ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"fd569c1c8f04a74835676081b2df4f39da3e35d3f7f0ce3acc257a15dec617fee56c5ec352f6ed811c132ec68b","nonce":"a46aebcafe409e3c97ed09cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"90f2c451f84a6a6710ced01b7cc48bcd7c94d004a1cbbc6f969219c069ff33ff00027dfae6fe125df4a001ebf7","nonce":"a46aebcafe409e3c97ed09b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"316c199a7893838e95f81242c0ed7892cab773698f5627d33ffa4b41845d046c061b5b108dc71afcd619401fad","nonce":"a46aebcafe409e3c97ed09b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"0ead3f58fb163cbd1710ec45d350fd7827ab0cccac63bbe9961f225e597cfe1807486a8c65c1c2eb7ebd6dd099","nonce":"a46aebcafe409e3c97ed09b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"208df89f170e6418f55427dbc0b0c9c23da5bc641033c55b17fd50aff469db53f6722b019fbb50047ab68333ec","nonce":"a46aebcafe409e3c97ed09b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"34987145066bd8af17193e9028ad50e4f7975fa513fde436de5b89aee53f4ed16b65a1ee173eaca0b33065bca7","nonce":"a46aebcafe409e3c97ed09b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"92da1d1797491f6b0ec0c3ad4b5c71ca2d47fd2d3230ca5a541d19d348341ce50df398a615fe26479fae72a738","nonce":"a46aebcafe409e3c97ed09b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"1b1f7386cc257c5382648d7a0717fae5cb503bda5f4784529ba375fa3b9075914881074e4760b5abd0a3df7f01","nonce":"a46aebcafe409e3c97ed09b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"8b7075e4c2a0edeca4096e9e931b24a24299eacc9ac82cf219be98a80909abb0969593ce0b846415e9afaea06d","nonce":"a46aebcafe409e3c97ed09b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"dd9ff1c827677245fe265659c55eabddf271932252150456b8bf98d8e00f9969efb1d3a132315226fd75230282","nonce":"a46aebcafe409e3c97ed09b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"8c05bb86cbe60ef2b33ef84f25d98790a0a32edba488bd9b69ba4b4111cc7e7d481492de1028095fea1c9f2530","nonce":"a46aebcafe409e3c97ed09b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"fb3088e045af149a41af43e910f13a5df9fc42f92d1cb06752a36e9222d6d203084f48eb060cd061867796e831","nonce":"a46aebcafe409e3c97ed09ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"496672e815d5908cd3ef62c8f4347c1331fb577f1e72368a50ddac6a8afb04c307ab4853ca4136a5b620dcd692","nonce":"a46aebcafe409e3c97ed09bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"72d9faa31e0138bed27f2b08c053c77687b456d727d6775a927ddcdc2f81f6aaa0b8a78d9d80442fc726bf6865","nonce":"a46aebcafe409e3c97ed09bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"a05b7ecb11c04540a78b64ff9ef9d16ab6acfcdeca0faabcc2586515047cdc0c6f96f876aa7b73d1dfff31e1f1","nonce":"a46aebcafe409e3c97ed09bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"2007c2432fcc281affc7fa00d382d77ef1675239c24665f546fa28e2d4a2b7e069213b8c24332da0a8a157f74f","nonce":"a46aebcafe409e3c97ed09be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"7fd756e2a8768f22046ba2671dfa3aaac529de07d2ebdcf4217b00ec731c2c3fa8237786f7dd63305424c4b975","nonce":"a46aebcafe409e3c97ed09bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"2b0aed84f9f1632b5195c9184abc2b3001fbdc3662fa6807764ed5da81483ac082a5157f080344c8f8a799c6c2","nonce":"a46aebcafe409e3c97ed09a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"af0d3d56c85104b9b6f1e809ead1d7e4fdc5845dc2f1bbbcc443e3fabf1cfce72fb7064372ae79d65e6cf3d737","nonce":"a46aebcafe409e3c97ed09a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"371f813d0306349c5c82caa76f9616cdfbb543dfe6ff4e6b7e9125b0d91e6650c80a0d165e93df2932dfd42e42","nonce":"a46aebcafe409e3c97ed09a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"8de3484a8634a80213e12f4b29ae2386ca4fac2d00e408ab9cc1ba66fc56aca9939678a640269febf64ce8b3d3","nonce":"a46aebcafe409e3c97ed09a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"4ecb27158a5a54c84ee9d1faefc730c506fecec36b499d3cdfc57e3175f6c66d8011bba6b05b303f8e012e84a9","nonce":"a46aebcafe409e3c97ed09a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"790056ddd21da3b433f05a5c389096f00e98d33bd62c8bd7bd1b108b595e4a5248883f171b3c54023df738c081","nonce":"a46aebcafe409e3c97ed09a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"9738431d6f3037e7ca493fab53e1502108277ca0a6f6c2cb488bd9a05ecbe7bcd2de598c981f47c5531a8f1aad","nonce":"a46aebcafe409e3c97ed09a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"a00934e80dfb2cfa7c2806424ef152f2a306d403cb2f4988790056445b522811614c0f22434bb7d6fd92810219","nonce":"a46aebcafe409e3c97ed09a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"ba7bd321279ce9e9870577f838baa72b34c2e1271c238cf4238e56f1a6037247c9cbfaa2dc9d99c4e3c7a11e18","nonce":"a46aebcafe409e3c97ed09a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"f334e7e790cff65dede7178a2c0091edf95a9ddcc9718d21df3233909b4e408b5f5cdbaeb12ee60d2a2b55145a","nonce":"a46aebcafe409e3c97ed09a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"81b6f46ff8079755532aee629952d96d9b696ed4bdf96b4ee8530b8236d059896c477baa121080283ef710ec56","nonce":"a46aebcafe409e3c97ed09aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"5958e230892549506881adec9642574090e447b9a0e71eadbff62827134bc93f3c094af714e67d372e85bb470c","nonce":"a46aebcafe409e3c97ed09ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"1a29b1ba8f62b984ed3ea040a62c613a84ede7341997ccba0a4139b1007485e668ab1a13caf3b0c1e47d4cf881","nonce":"a46aebcafe409e3c97ed09ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"c6b6bca0d2c14bedeb509cce5f5b009b1ef760aa599f239ea248487b15f24f7cb4f814a746edf4fa6559060503","nonce":"a46aebcafe409e3c97ed09ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"30078a6c9785d71d5d7e1a50632bdb20caf8ea8c9faa877016b8f51f54437cea59343ab8adb65c55d56fe1b9a0","nonce":"a46aebcafe409e3c97ed09ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"a47c0a40d740cb52e6a620991b2c0bd0b433540a38f243157d9158204e610049028a563edbc95cee693151571e","nonce":"a46aebcafe409e3c97ed09af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"eec19c37b9b14cf5266447a77e1474c929ea46a0f1ce5b8d0ef8d6343919e2e8b4891686d22df4a10e0618cafe","nonce":"a46aebcafe409e3c97ed0990","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"e42dd1a59123bc6692a5d4a49f35df7d049f5eecbd11392ffdb6a4e5743a10767f69a8f926d56e077edf4ee73d","nonce":"a46aebcafe409e3c97ed0991","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"a6a885e8a3443eef7d203cde568e19cc5ea740bf8ca0f73b549a402c2d9166bb53619583ed3a3cc67656033e27","nonce":"a46aebcafe409e3c97ed0992","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"e95b8a248209e42e226ff0349fadf44401b94374459b23d1c12829a84cce8b9fa34f77c85d24175e523f79b90a","nonce":"a46aebcafe409e3c97ed0993","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"46cc38afabf66faea0044ac9c2ff9cf023203456894343dc81aac83719c215d6972a391eb9d8e1306c2f2f4677","nonce":"a46aebcafe409e3c97ed0994","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"21f5b3f49f8fa57c227bd559fc5ce8af491bff7344a7fbb268313e6fbbacbd4308f235e8901344b12ba21260af","nonce":"a46aebcafe409e3c97ed0995","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"c32a5a0d37bc43061ce1e1fc9f2ce1ac2d3ad300b5f7f36901ce510a9678248bf8bf312641adc56619927be4d6","nonce":"a46aebcafe409e3c97ed0996","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"41f520006f65a7241b14e2b367b2d5ad58aa40f7651d93c1251b2ee4eb9a6cc89c258d239b62a91bcdd3c70025","nonce":"a46aebcafe409e3c97ed0997","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"372400fe0e7a1f08e454de40c715153c6a36603fa84fd8b566811523de8a4c9c45d6d02575d4cff194aa7fbc4a","nonce":"a46aebcafe409e3c97ed0998","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"c2dbc0ba9a6e904d7550b638ae9048cead112e400e28dcb997d805bc9eb54fe2823d0d6bf58c1ed81a0e3a4da3","nonce":"a46aebcafe409e3c97ed0999","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"57294731d5cff95342a5ecb50a8e573f17660f2c1a673302ad7f5be15eefaf360f4abc64fb6fce456d595b1514","nonce":"a46aebcafe409e3c97ed099a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"cb6cd5b0fb8d0ee29149da25da7fc84fafc83dc31cded7aa51434184ef5ce09333f32703fb382aae43b0fa1bd0","nonce":"a46aebcafe409e3c97ed099b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"3cff2bb15e0f942cd337a8b1207bc15831c54891fcbcc4cbecbca7d67cefe0f5f1c0b12908d8836edef5175034","nonce":"a46aebcafe409e3c97ed099c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"b8ee5c82d861e4274cd9887819bfc0ededc8188edda7e1362da528a7235fb72dbff64206ef723521d258a7b67e","nonce":"a46aebcafe409e3c97ed099d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"2a6b54a8c4c5723416063a8acaada5f2deedb1179f0fa76c0023c7e1b36eb4a432935ed6660291e95e1ccd58bb","nonce":"a46aebcafe409e3c97ed099e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"d7e21b8f30e79a458c3c9867250cdf110e66462962ed04bacb8b0d5784369887e3e32bc7ce1623f84234168bf8","nonce":"a46aebcafe409e3c97ed099f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"e756061e0a875075256af869948795fa6d013e14289aedc6701c7057f05b974c57013d6a2ed53f9ea6826dcbb2","nonce":"a46aebcafe409e3c97ed0980","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"7e7c309f79693de972fc4a3986a9f55380419e39adffbbbeb11c150201b6bdafda2bff833e798a73f9be06b73b","nonce":"a46aebcafe409e3c97ed0981","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"46555d04ba74917d1510d0655eda643e9c844f18e73aedefcfc57038e2ccac01cedffd0b7983801f4072918149","nonce":"a46aebcafe409e3c97ed0982","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"073eaab963c5c7e1171471c113fdeb907d3f436ff2216839e970a86e6a9fe1ec33cc04cfa6168952e1fa29d140","nonce":"a46aebcafe409e3c97ed0983","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"5ec5a3e2dd91fc1c895cfdf70fc552c3c20f9432223d7c4b834a7cc21b29bb217b21c931649751efa99567a571","nonce":"a46aebcafe409e3c97ed0984","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"5c5e9b637afcb087d6faac73c7656944f0d5f380ee1c9f0d653bb5fe7466cfc1695c21c74c9988d423d445ab5b","nonce":"a46aebcafe409e3c97ed0985","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"fc9336dc582a687922c145e9ddf34ae1d21c6eb6cac9fb8606b8f7f5646b22f57829e2a1d95c7e8b48d159ed2f","nonce":"a46aebcafe409e3c97ed0986","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"92090273086146c2a8988365f705e2daf1d00bc4b787a9c76ea51a78b0ea10eca50b30bfcf0ac1bdd7ebc8087a","nonce":"a46aebcafe409e3c97ed0987","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"75e7d8abe7de261d4883a65e2f7f9145e954c7607b5c438cee022bf6997402425964528138ba54a73287c955c4","nonce":"a46aebcafe409e3c97ed0988","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"d66f004c1ddc5a2d18e0934dc7f0bd8bf41dae870b28606c3470fefdc1d847bdb219676f58227d1a444c2d7bad","nonce":"a46aebcafe409e3c97ed0989","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"bf2f2ae07fe281002e2b82355440aa9104f2688de9af622e8374b172411fd6c46942b539c3b2e3b8989b7c8ea7","nonce":"a46aebcafe409e3c97ed098a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"df097eae20ee2e4e5e6e290f960a68dcbbe037b8454a90623519eb0b916d7cc2c0313e0c3bfccf95094c5aa6ff","nonce":"a46aebcafe409e3c97ed098b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"71bef1f50998a1117a87754f59510d2994a1c4e6e73f0987327eff297931bfafd023ce94cdd1ba6a460d7049b9","nonce":"a46aebcafe409e3c97ed098c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"c971a55fecd15bebf60b9076c2dbcb7568e9466d98a68bb2a49701ebf72cddd3f5b432e8926c5e9f0fd87bc96b","nonce":"a46aebcafe409e3c97ed098d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"b4615d98de67be0386da370c56e7405cc48078f909813b88be188eb9eacc0d4bdc6ab5ba8c80c9c78828d9396c","nonce":"a46aebcafe409e3c97ed098e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"5fe9292b08d532e6959d33cca4b9c9da34ca3139ee795d89cded7551eac1897a8bfea213eabac3867387ff5b87","nonce":"a46aebcafe409e3c97ed098f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"b20478b3790cf63e09e578fc84bb699f54abc06326de816c8e03bf15c0c0fe711a4a41f239ae15cfc651e031f5","nonce":"a46aebcafe409e3c97ed0870","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"53e2ea7a4836acfed06560f2c3e9e4769c64c327ebb8b935dbe48545eae3bac2"},{"exporter_context":"00","L":32,"exported_value":"d16bdb8c2e89e98f01adb67b812a077be2a70ed601fe41d72fbd566792bb394c"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"7080e8ab74a5c901cb4556cacb48570737ffb5acdf895c2c9e6e436cf865b773"}]},{"mode":0,"kem_id":32,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"969bb169aa9c24a501ee9d962e96c310226d427fb6eb3fc579d9882dbc708315","ikmE":"636d1237a5ae674c24caa0c32a980d3218d84f916ba31e16699892d27103a2a9","skRm":"fad15f488c09c167bd18d8f48f282e30d944d624c5676742ad820119de44ea91","skEm":"76bb47b1f20139b5506a2f44fd80210e92a6fa32f8ecaf65a42c1e8060c8eb30","pkRm":"06aa193a5612d89a1935c33f1fda3109fcdf4b867da4c4507879f184340b0e0e","pkEm":"1d38fc578d4209ea0ef3ee5f1128ac4876a9549d74dc2d2f46e75942a6188244","enc":"1d38fc578d4209ea0ef3ee5f1128ac4876a9549d74dc2d2f46e75942a6188244","shared_secret":"7ca45a4b0fd3491569e88d54471bcc83777566e88b02244493720d412dddd03f","key_schedule_context":"0083803015629a22448332cff137aea9ef69ae21d9319186694096d72c7f14d7e493d3883e171235c9b358f9907d0398275a86ec17f0c3e2e74311c05ccf329d94f18df7d7fbda3c938157f486a23f47621b8c7bc4ab9d89fd902c1d406709ca1b281ef1b7bc4736dc044ee497d5dab805fd38a9f4890398ab2569653a0a7ff73b","secret":"77858495c150022a1f55e7e084bb3b3d79ad5abcf281478b0dd08b01087dae3dfcc2ce8b298f90b2e8fc0e1b883e6f08411dc46689bc4db932864df8c0c8e4d5","key":"855901be1fd77ee5e6ce4a44e74fd553fbf0940d090d3a3fdf913c723b84920d","base_nonce":"6a6a5c9d22e9c26961fd202d","exporter_secret":"3d29344e6384990232ec822334a97cb099714e3f778b604e919743010929280f8d1d8cc4fb13093ef6257abf17271097b9d2b9231639e69667a7e0d0fdc05994","encryptions":[{"aad":"436f756e742d30","ct":"72da9627fd7eb3a8b7169c6d97419b80adefca751c6b52b39a2e084d35ce3eb4487aadaca5a9c590e0938c48b9","nonce":"6a6a5c9d22e9c26961fd202d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"bf59c5bfd8b31c3debc4a050388f7a047a24c18559902512d1146177a320616a6b527b194c92cf91d8832db1d5","nonce":"6a6a5c9d22e9c26961fd202c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"a80cdfe1a370a2db7e664c4acc69948d3a095be78bbfb0160f1aa0313cf0ed440154e913e5f9bc6756d7693982","nonce":"6a6a5c9d22e9c26961fd202f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"d5a0610647847c3716019ae7fb52d02bcddfa4e8c0c5d341798fd97d1b129470e5656aa6d0dfdf0a20fbea5bb6","nonce":"6a6a5c9d22e9c26961fd202e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"2dd8d67f1dcd58e5e2cc15e37f468278781a035f5828149dbeead19c9a2cac3a69311f27c6bd67ccf313491b6b","nonce":"6a6a5c9d22e9c26961fd2029","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"1730fafb0b25c719dc9d300cd369843b42133e6a8f7ae579d8828026112e38fb70bcb3687c72f737654175a843","nonce":"6a6a5c9d22e9c26961fd2028","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"4b05982fcd1aa43c92c540a567dd8c78a017e59896b88a44a851cdccf8db62378dd537c82076f5c3b403a6f75b","nonce":"6a6a5c9d22e9c26961fd202b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"63debe273f121d7cd65b379446c3f7864a68a3449dd832112a68bbb71ea7370470f26f08feb9e8db33b3a629e9","nonce":"6a6a5c9d22e9c26961fd202a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"41c30d97ecc7581507544b4fb4adc9daa618bd90689b32c8e9cf0bb2c72b5317fb9c13e12cca76b6752c454d1d","nonce":"6a6a5c9d22e9c26961fd2025","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"637ac608145cc39167c913f1f691525c0e091eea54bf0648a75d51c8ade1e01c0189c6a0ba90a87ed58831cbc8","nonce":"6a6a5c9d22e9c26961fd2024","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"b10253b0eac2a9cb6703c31ead878f097b6b8562026b0c37694fa2b237a5c0233049b779c4e0d58f7ebc7d3d5d","nonce":"6a6a5c9d22e9c26961fd2027","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"224b3adcba8a2f3ee709dc933f5a652f41a20ebba6f9ce9a9908e6294a8be27c899ef2424a2aaf5bd4bb89a599","nonce":"6a6a5c9d22e9c26961fd2026","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"f85ee593d5d0d108522126a71ce29f57391acc82f4dd385b1f48a75b1299be1c92208131eb498f25a8a27ffa4d","nonce":"6a6a5c9d22e9c26961fd2021","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"320c617d205c39e7f07d4f3f99ae047ec0b7256ea18c905e1e6e60f4569e9cd3821aa24e2ca2cd415a9829157c","nonce":"6a6a5c9d22e9c26961fd2020","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"10bb60bf2efb9be642ff9087cb7a0e2f613d1b4ebb6b5f7333857fb4d22103e3d6b7ad646a4f557e1310390609","nonce":"6a6a5c9d22e9c26961fd2023","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"e3b53254001f2bee1214b3d1f31d6010124e3e67cecba76396eaf4f9c6876122f6743cbd2df50279ce29db3c91","nonce":"6a6a5c9d22e9c26961fd2022","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"39e307c929d023dbd18b057d207b1c3fb4a259112290b03f2945aedd6d2c5d5bf3e15df705950553067e369050","nonce":"6a6a5c9d22e9c26961fd203d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"af176262a2b3ad045bf4b78121794f9c4f41fa351e5eab63db69ab54228106d89d8b06d94fb120b9b7a112bd51","nonce":"6a6a5c9d22e9c26961fd203c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"4db5f6b8742d1256010b92bb9a2942822cd348917c177983b4ed7eea9a2b980633a85c506a594d9e8564290411","nonce":"6a6a5c9d22e9c26961fd203f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"ba01ecd3205c50efd7f8681e50ceafc6bb272e592f3ae8525fdee06dade825c214e1d63d365936f6c6c59c4105","nonce":"6a6a5c9d22e9c26961fd203e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"ed3cb99e24acc0ea88ea1921d898eeb220c54c60c671d80dc0ea16bccfb20643c31dceeb3682a63b01799a95a5","nonce":"6a6a5c9d22e9c26961fd2039","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"f513a782b684d72172c6e81f7cc65a72f095c45ad9a6e104dc2cc5ffd081b0616fc5f2323dfcdbf11b79730932","nonce":"6a6a5c9d22e9c26961fd2038","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"b88e1813cce33438cdd1640949b54036cf1ba4bf11929f3bf34285036cbb273e7349ae485f0250e2af152db4d7","nonce":"6a6a5c9d22e9c26961fd203b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"091ec528fd681693a4a555e98237d033d437fdb003a0cb3fa2db534503e1362a86ad898eb741f618f9ac0e58a7","nonce":"6a6a5c9d22e9c26961fd203a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"f0bbfeb75a25039f9f9774287b1eb0ebbf2e46f929d0d7c566a5d67a1bd9944dc971cdf676561d3f65689db685","nonce":"6a6a5c9d22e9c26961fd2035","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"dc576bae04764e04b3c756c6c2e85e0d6f2132249875b09c40c54e232290962c6e6e27f5b09b7250d2abd481ff","nonce":"6a6a5c9d22e9c26961fd2034","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"9a5ff8d4df07b5ef7c90447fa90a95a194ad3265a023427fc403ae75e36a87b448ee5b01bcd4a02526313df9a9","nonce":"6a6a5c9d22e9c26961fd2037","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"b755844c01e1a66163cf27bf22c85aceb3c0cca2c9e01e2d559bac29d8172d99bca967152cb4f465b982e828c9","nonce":"6a6a5c9d22e9c26961fd2036","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"c747e8246901267703857991ff2943e55fa08d57dffb1903a52cbccc8df9052fa14e929ad84a85a8bf8adb0e29","nonce":"6a6a5c9d22e9c26961fd2031","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"978a9e52a8ef611ed94108d38dec35c74225f979fee1c987ea1154f13d0942e57fe5f7c74b47a8e0224f45bdae","nonce":"6a6a5c9d22e9c26961fd2030","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"ce3b4ee568b3ed0f93d50cb96d067a899522e974edc2044de4ba98e74bbf60ad706fa0d4710f131f858da62029","nonce":"6a6a5c9d22e9c26961fd2033","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"191d7c92c158b17c6c6906193b06f4e8422dda90251ab342b891d72667dfc1492d9ca75cd040087330831b5ec3","nonce":"6a6a5c9d22e9c26961fd2032","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"bf86c4bead94a9b0f4aa6bda7ce5db3d113310fd4275833a35f83da1aed7cfef24ba59a205323be7eaf4c3fa8e","nonce":"6a6a5c9d22e9c26961fd200d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"42d8fe3e8a0a8e628492e4c3671cadbc1f4c8cee27319399736396902abe93baee3854b20a88c24fff8b01b929","nonce":"6a6a5c9d22e9c26961fd200c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"25c40bd44f7a12b914ce8b382c1f1a2767c42529f9f5e791223651c2d76f6a08ef7814526aec3056735f6c1bc9","nonce":"6a6a5c9d22e9c26961fd200f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"33705102939eb46d924e9a5462ef34218339bf268b7f716446619a6c164a8e4754915695cfb9a50fb2f57fced8","nonce":"6a6a5c9d22e9c26961fd200e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"b7b757defffd43b4de05f3c9b5a25496bf564c37e0462b5f8ec45a0febd3b1b448d7270e28c778c104824c6445","nonce":"6a6a5c9d22e9c26961fd2009","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"422c51c6ae3d5ab063c645108c8febc2f1ded79e9bcddf3a763bcc046460578401f74ec3977d848b1a62fb0f33","nonce":"6a6a5c9d22e9c26961fd2008","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"d249764ec28bbad67cdfff766987d42b2920beba593baa016cf9f8d55b12af94e0f585cdf2974c43fa0ec0fe4f","nonce":"6a6a5c9d22e9c26961fd200b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"cbb151caf000ce707c2142b174335d39816902a35c79730e20f1fffa3249aab105759eccf15eed87bb51f32c44","nonce":"6a6a5c9d22e9c26961fd200a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"7327c2f080a3808bc97887f44e370316b08359b5d898f1e64bab1964cdd0d792d17821ba6d1b61b79028e6f95b","nonce":"6a6a5c9d22e9c26961fd2005","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"26b679cff1448e20dcefa8de066c502b89e26671845a537aa1199660ff38a307f8d03744b6975942eac7b85172","nonce":"6a6a5c9d22e9c26961fd2004","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"ed8da2658335651f953d3fdb51004f2b6953c1eefb5e90cc20414d8b6b20e3d56d81afd012417f2500da263dac","nonce":"6a6a5c9d22e9c26961fd2007","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"49580f6e71fe4db96a8a6d28c07bc88f1a28ff1526ea4453d2dffd6e22eb7272b2a65236b8ae25a3e7e4d0731a","nonce":"6a6a5c9d22e9c26961fd2006","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"939bfa140ab1a182284c87b2866dd73be1c8f9dcaffefdbfdbeefe15f7e3847619230d73e2b76d060b6c7abba6","nonce":"6a6a5c9d22e9c26961fd2001","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"f1ded8fa4e7fa46638b3c4ab380ff4d6b9a4a6222ec7de4c8551df149521a60c14d8f001a153329fceb169bd92","nonce":"6a6a5c9d22e9c26961fd2000","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"fa713bc8115bb5e9a5b7031a7e20a5ba25924b60cb0786153b692898a667d9c3e9f8cfad8c08d710d7bb73c4a4","nonce":"6a6a5c9d22e9c26961fd2003","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"8b4a4cc6dccfda0ff1b4f9d558c51102a0ffcc76514a64adeeab39b3f23076e727b244fa56d26b7b1930a63f9a","nonce":"6a6a5c9d22e9c26961fd2002","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"8d329d54e7ae292972f33468493310cc5d1fca09c11e000050226193822749c255136868e89d0e55095762767f","nonce":"6a6a5c9d22e9c26961fd201d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"b0458c8d3503c62ccc72d21e07398ebb0c6ccc4bcec6cd69c5ada32f8bb963c778e38e391bcc2e885eec71e1d2","nonce":"6a6a5c9d22e9c26961fd201c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"9f605ccbe94908f192301054c5ffd03d0d1e51b6d5e6809030707dcdac315be86efc37bf906d9d29f0b05cfd99","nonce":"6a6a5c9d22e9c26961fd201f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"79f6c651086804d4a53a6a2fb5960d9a8ef68b5d42a0cc0e7f6a6e1e1dcfa40be3aecf8bc8c8629c71589bd0e0","nonce":"6a6a5c9d22e9c26961fd201e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"523d706fbd728b9e681ac0d093606d7610507114a26b3a9ae352c77eee01780bdc6d12e6bafcdc500d66fc82aa","nonce":"6a6a5c9d22e9c26961fd2019","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"f155df167d170617d7cc757e35783e9fec1af01823abb8b4f9d9bf42404f720716c4f54ca2b0265eb39144ed5f","nonce":"6a6a5c9d22e9c26961fd2018","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"62617d8753331681b593d735f9c0d6badac61f36cc3bf370e5eb49217cf172e0150a75d9e283c37012efa820db","nonce":"6a6a5c9d22e9c26961fd201b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"6cbedc0941b0f8018565d52eb772891c476992b6181309b613ae20cd992acff3dd908f624ebb1d26f22847f8e7","nonce":"6a6a5c9d22e9c26961fd201a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"dbaf6766e6641b8dca212cd896a4ed062975c6f21cb600bcc2458fc98aab61c2814321137a490b175d174cfe2d","nonce":"6a6a5c9d22e9c26961fd2015","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"08d9c132d409269e2a60105fe7bb76aa99ea6941dc4bf97ba3f8d54ed44825f77ca844f870f4d82a6c097421e7","nonce":"6a6a5c9d22e9c26961fd2014","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"23a71f07095ee29843ab0955d77f80553f2bdc744219eb2b83243c05570d66fe864234483430c449a2ae3f98be","nonce":"6a6a5c9d22e9c26961fd2017","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"8774c148b6a8cf8c26c07d6814442249d0b5115070f8efc3813ea739dc18062273e3de153eebb491e4177f81e3","nonce":"6a6a5c9d22e9c26961fd2016","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"442032dc007c1a2f6e0d342dc7ffc3073219e3cc243e7beb5f2490437fe586077a05703998c4acf2a1b1e5b3ae","nonce":"6a6a5c9d22e9c26961fd2011","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"4abf2ba0449b2ec559671b14e9fa24e424efc9a5ebe6fe2be515fa6ee050bf12af6d38921b4723158602bb1f9b","nonce":"6a6a5c9d22e9c26961fd2010","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"fd8ea832cff95726ede3b5eb6d6d0d09323dc4e2b80c47147335ef9deb122190d07cac076d1322ad63cb42b017","nonce":"6a6a5c9d22e9c26961fd2013","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"944ff223adb1edb01d7ee739256172315bbeb340114cda6bfa705d3751fe580e0ee9cc65db314789f059931ac8","nonce":"6a6a5c9d22e9c26961fd2012","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"30c1161ac621b58173d2802587d24b5fed2babef21873c62d18afa60aa64ee0bad1075da67ba32562cd3dc4b95","nonce":"6a6a5c9d22e9c26961fd206d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"122dc8727601c24f8374d4f453e8463734de674b7726450c9fe2e3236f046ce7f805c1dedc4f123076081b2f6e","nonce":"6a6a5c9d22e9c26961fd206c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"474899fc1eb294b932c9b10950f927d4533e079919d952fe15b479fe5b5e5a6b328b1050ac01fd175292689755","nonce":"6a6a5c9d22e9c26961fd206f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"7122730573b4ee342cbc17ba7cc257e449bfed6dbc9cbe2356e543e6b812e4a9d504ff01a5c813ce8a17bf46ab","nonce":"6a6a5c9d22e9c26961fd206e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"3c9475782f51763a88c5ff217568ea3988547d03463cfdc50354a662107db6c57929fa3bb35f7f9b930aa975d9","nonce":"6a6a5c9d22e9c26961fd2069","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"96036a18a06949a49fd89474a2b6cd0eca8757b77c8764cc536028d8a2fec256e83462775b7bbac548e8c2ba53","nonce":"6a6a5c9d22e9c26961fd2068","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"13f59ee5fc736214ab9d4b06bb7cfa892ae047758d0e071c10a1e9a453991fc018722d108c8893345f4e4550f7","nonce":"6a6a5c9d22e9c26961fd206b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"d81bd5397fd71ccf710dcf12868d060facc5f75822a970d3bdd52ed048741c07f93ba9ad8d9460c1768bed8664","nonce":"6a6a5c9d22e9c26961fd206a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"6014039c43620c100ab610729c627b0fd452424de101167d29167e0906808bc0c3f460e3719bd0f2abb88604fb","nonce":"6a6a5c9d22e9c26961fd2065","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"386de654a20e5f179728e91248cabf56b6ae313ae27d221a1697b75d3cf77db9400cb8ef3e779cf57cc8201533","nonce":"6a6a5c9d22e9c26961fd2064","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"c80ea31ed7d7a6cd596574f9bdedf08de86e4c1abd851ec9c3229650653e575d261c4425b6ef87b9d1fdb602f9","nonce":"6a6a5c9d22e9c26961fd2067","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"8306962c20ee48cbc41ea440172f9be299280badf9b0706b1fac40da08d7a3e99ceff0e4a27965c3698b7e1613","nonce":"6a6a5c9d22e9c26961fd2066","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"6d37300b588c71e3d08f83f349fc36e0afa4a1cdb653f5bd7c5f39965d20bcc69b452716c929ed84ecd7f2a253","nonce":"6a6a5c9d22e9c26961fd2061","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"d24cc55975a04bfd2df06ed3ed6559024abbf9dc1fbb55275c8ff337ed4e28c22647e5e869fbf10085663047e3","nonce":"6a6a5c9d22e9c26961fd2060","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"458db9f4c9673389da19eaecb419db182121f0baee1fcc635a3cc0d1a6ccd5e44ae833808886ee1bcb55e13bb7","nonce":"6a6a5c9d22e9c26961fd2063","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"68b839e365ff280dd5ad31737b51d832dd580fa2d4b376ac35007e16e27ccd76f4b0ebf497a52fa5c41abdee97","nonce":"6a6a5c9d22e9c26961fd2062","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"85bdf9fbf945f4d956014eac78c0e594aeea9b1836cd6f9ada702c67fd9288ab2d69378ae258752796ff51338a","nonce":"6a6a5c9d22e9c26961fd207d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"866b611ac382b7078ed1d59c4f4e6e2ac0ef0c273890171bf3c7ab4bc86e08a74d20b5b128169d1b77e9d8168d","nonce":"6a6a5c9d22e9c26961fd207c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"79ef162e8791ffbc6a62733d6f8119b05e86efb893cc71dcd89bb28e06fbc2a227f374a5bef6e628c7254e900e","nonce":"6a6a5c9d22e9c26961fd207f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"686c961a2c2049ce20e29ab6413cf052572b98c80b183026c031338bcf0c6f4769a020296eb2d3462733015355","nonce":"6a6a5c9d22e9c26961fd207e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"ddb0890eeb995c6cb26634bdd8d722585db4ed04a652e8037b5ded859a26004b1fc5922ce7d6ae549f79ae3120","nonce":"6a6a5c9d22e9c26961fd2079","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"d1c26fb7d0e8cc8911d83ffa71ef7087fe58a74ca71b4fff1712e9092aadce4faa016adf820a6d3cf54e88943a","nonce":"6a6a5c9d22e9c26961fd2078","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"0f8bb457d7f958075bc9cffcdd044ba3da29f040dafd9231cfe50fca6a2c296f8bd38ca88b73fd5550fa2e341f","nonce":"6a6a5c9d22e9c26961fd207b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"6e0bf20e5c9658b73a02549376c4811fe0ee4c2596369cbd74e6f1d2e4dc1dc0b43c1daebd4d1cfa3751c72196","nonce":"6a6a5c9d22e9c26961fd207a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"2e101a2bf4b4c8b2873bf0d07552f2c63df6f3c6552d7bc52095cd83530e68d38d7f755bef4ce2c3d51527ec91","nonce":"6a6a5c9d22e9c26961fd2075","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"d5f857b306b5548cf8232f684d71246de71697adc4fc5a4f6621d28e11157b404729293e0cadd6bba3b48dd6b2","nonce":"6a6a5c9d22e9c26961fd2074","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"0c9ed6a35ad0075d694a6b207c13f422ce2e806378ab274a32a25b1c864cbd9fb212bade7dcac5922a22078375","nonce":"6a6a5c9d22e9c26961fd2077","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"e19fbb05aee22bb16599472f41818f20f01741581075db0ffe4143c762f206a4ebad43930ea9cadbc31313a39c","nonce":"6a6a5c9d22e9c26961fd2076","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"59013bf6632cfa5edd36fe185eb349b3dd9f5c8f53d71c94c6b8e2950be3b5ccfd7a686e75167d68943146d67b","nonce":"6a6a5c9d22e9c26961fd2071","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"8670495b68096be6837b1f061fa70e6139d0354ef383c9368cd642c75e735f03f90b44c0594dee215f9fe376b8","nonce":"6a6a5c9d22e9c26961fd2070","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"f694c511a348de2090b6b72c96667cd9323af78be4fdada383294a96abbaa07e8aa2e66c986bf7bf89a50e5a34","nonce":"6a6a5c9d22e9c26961fd2073","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"43d8d1d018b8904b8c8e24ec02941f060f32dab05f0cd1a53bb28a37a04b868d549f339c6643234589c4148988","nonce":"6a6a5c9d22e9c26961fd2072","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"0f526fac6c832b4440e0b01e276f1da44d123532d6bcbbfc466a7ff2dba6aa178a4637b8b73fa030674a106f49","nonce":"6a6a5c9d22e9c26961fd204d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"5f2d6fd4d5224cc5216767405d0cb02673190cefd9693776852832ee07f8e4b94d0869d006e54d292da3f08532","nonce":"6a6a5c9d22e9c26961fd204c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"eac728dc00a6321669da4b606e491a0c2db1be7957d335ab3e0ecdef7b92d6010356eabaf914750d1216d653c5","nonce":"6a6a5c9d22e9c26961fd204f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"d2c03003906689a245f9a98f5ffeb52a00530b2e4630f32c1f1196fd7317393e55855b06ca041daf177e52c8cf","nonce":"6a6a5c9d22e9c26961fd204e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"749865ee83979677fa4d6b7e688da53d03c5acbfa780a3602c0afe4baf130047b034139a576a87b5a13637dd7c","nonce":"6a6a5c9d22e9c26961fd2049","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"50c2b4da71c26c30c9af25a1d10dadb00bc93e477e5bf298d93155b01853b515140da0b7cc3ae9a869676e00dc","nonce":"6a6a5c9d22e9c26961fd2048","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"e89cdb56c1a643d7a9c878772db3ea00b09dd08c1b5f509eb6cfd7297275f7d26921d0f62a61487f83598a75e3","nonce":"6a6a5c9d22e9c26961fd204b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"9e33488b683e73ae80a29b0415eaad429ebd58998400d6398f6289bca9c2a53de466c26390be03c4b8ccc73848","nonce":"6a6a5c9d22e9c26961fd204a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"d8707a5b6200f6c4ec4ab9d68658aaadc7b01a2e284a8aaca183aa35a9c44c9e50aee596b4fa453b705b7e9674","nonce":"6a6a5c9d22e9c26961fd2045","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"1e8132bb02a9b19c453571dfcdc99414311271c9a8b423a33bf05344d69c9531f55b177b303f1185b5560e389d","nonce":"6a6a5c9d22e9c26961fd2044","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"8a9b5917b7e011b0fd68047ee554ad08e0eb6ed88824b5379e920737cfa4aeb63be7a40f88ed8075b852b2702b","nonce":"6a6a5c9d22e9c26961fd2047","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"ef9f885e709900694ae06bffcdc8ff51fa1d900d9c0e54dc87410e91e0f4f48ad1ae538693f623d0fae7307085","nonce":"6a6a5c9d22e9c26961fd2046","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"ca8c671dccac8d72d652efdb9d903080e049389204911e3a7a20351524bd877cc2eca339fa0fa574949e30fc28","nonce":"6a6a5c9d22e9c26961fd2041","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"ea3485a84c2c8117645f3eb9f697fbc5bb0cec36d7ce91d068e35f86e265b3e45c61335209df4d0f26daba43fb","nonce":"6a6a5c9d22e9c26961fd2040","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"edafcd16e54dc3a7485f702940dd5b5419daa2af02283250b3cb2332e4b04e6fd29cf96a574e5f22af422f56ba","nonce":"6a6a5c9d22e9c26961fd2043","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"73e59cf5be5fdc9215424902110cc5740716d74d68e1600aced12553fa43feba16633ccc5885ae1d2befd7f436","nonce":"6a6a5c9d22e9c26961fd2042","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"6b07d80e7cfc4002595968956b75cd64d5635e0457e2cbc5f0509b05472ef1c288012e3d71c0017641b8481305","nonce":"6a6a5c9d22e9c26961fd205d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"b892ac05789a84450ab3f901240b91b64e6dab150d8a2b9192fc282efb8608122837d9149767b0c49de828b38b","nonce":"6a6a5c9d22e9c26961fd205c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"ca2d7a8f5c6f6a8ca2b2a4cd202b024835405633e9fec751a35423149690da9c9265aead6071b9ca0a180eb7b0","nonce":"6a6a5c9d22e9c26961fd205f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"a2725877c84ba467c98cc5a5481213ae57b461e84252be049e292843db777bc0e063d837ec04e0ebf40e2f2f99","nonce":"6a6a5c9d22e9c26961fd205e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"2d2576be598207bc4731955a80d043c92bcc2fd05e50c7500a139436403edf4d53468b5a37a25f068cbeb48695","nonce":"6a6a5c9d22e9c26961fd2059","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"621dc3902352093a109dd280e63a4986bca0c92e289f628b50ae9c5b8005b16ff6de65616394058663a37b4f5b","nonce":"6a6a5c9d22e9c26961fd2058","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"a95976b10e2b12771c5400db12e485ce6face21313f56e2e497139051571724fc7ed1bd983006276b938b28b0c","nonce":"6a6a5c9d22e9c26961fd205b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"ae7fa45b7a3c290cf7cc8d430d7406e95a538635b2adb4fb702b12bb498550eed7e6196ad3df0327ce8b9f1c8a","nonce":"6a6a5c9d22e9c26961fd205a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"b2cda3e9e22a6a40529d347655821c4d15d13a68664e573e80bbc7dd7ebd264dbed4316a6335ef4e6b42ac1545","nonce":"6a6a5c9d22e9c26961fd2055","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"d449cff1bd9bc4530ff84460a3473f593665cc1f1118fdd4dbc33cfde4688e2b28af44c8f61bcdc95d55d16b83","nonce":"6a6a5c9d22e9c26961fd2054","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"46db456aedbffab9f6366d6e408a6c7272cc28fad17d43fe49783c7b74db4b87432feab104f5e4720c6ffc30ec","nonce":"6a6a5c9d22e9c26961fd2057","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"90a3c21ccce891357e93dc06cc02363547ec2c6ccfef06b6ce700dbf2144642ffa78611d95ebd94500d32d40a4","nonce":"6a6a5c9d22e9c26961fd2056","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"dd2bb08777a8225487a053016bd74030d091518b95c255704794e7974a111bf84377984c64d6d494093e65c9d2","nonce":"6a6a5c9d22e9c26961fd2051","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"5f01c3d5b6d1cc41494de742932439eded35c4fe0cbbe1a037d13f30b029f9b6399642278aac119652d8bb9ff9","nonce":"6a6a5c9d22e9c26961fd2050","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"a061d040e8080516f778741fe77c4aa1bcc4fec035ccddb45988fff278315f237429bd77113f4e2a75d3bfa818","nonce":"6a6a5c9d22e9c26961fd2053","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"5b0f4161076aae83848b6405090216f84da70df6a650585b94b2b47cadef324dc55d7aba513a2282101097f9b0","nonce":"6a6a5c9d22e9c26961fd2052","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"8194066e3c2ddf41fb5beca0f3b36d39257affe213916dc7f40b29b636d33f064e4773c533e93f25c59a866095","nonce":"6a6a5c9d22e9c26961fd20ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"6bd6e21c19e213026115ec525f0933a4a1187cea33644bb5cad6253cac61e47c22bebe03e3a2353406f7de40bf","nonce":"6a6a5c9d22e9c26961fd20ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"c81ca1ef697d1d085634c29ce44037c106849f15339441abcfcb070938344a63a603607fee808b4d04bc583518","nonce":"6a6a5c9d22e9c26961fd20af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"a26a5986a58cab88442898497989bf59c5faecc422c462eed5f64cbe7ff73e5ac5c74b432299540cf20f380f9d","nonce":"6a6a5c9d22e9c26961fd20ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"62b2e6fb5c2240209d03085cbaa4b0cb258f098902834efb6d0007d9fde60eaa0adaf12e173c9a1bca8366d842","nonce":"6a6a5c9d22e9c26961fd20a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"626b8a5070c273cf4d5e7a94756dd2596cdec9926ce92b1cfeabddb296f5e4c51a0405e38329b6b3fa414aecda","nonce":"6a6a5c9d22e9c26961fd20a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"7f609cb5f4817d991269e2c1c38ef5601e2dd1c8a4af7083567f2921649d4c7d802952e935f3faa745ec879514","nonce":"6a6a5c9d22e9c26961fd20ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"503f821e47c7aded32b5d419e68c8b69e377775e7f718ffbb3201a6dc59dfce1f05649c01c7a70b04a923efd45","nonce":"6a6a5c9d22e9c26961fd20aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"02be17945f47c4fdde3d3652a971586961b901fa4eb870165b9969cfc812a086e3dd8fea39a97f75a4f84dc281","nonce":"6a6a5c9d22e9c26961fd20a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"1bf2cdebbaf84031e88eabf8095a43edc86666580478bc172cd6d8800d720d1147db9264c4f56f737d8c7d0908","nonce":"6a6a5c9d22e9c26961fd20a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"bdb1dcbde4b4fe9753acc73c0f878cd3a03fa033b52a0fc949bb6ac18de7bd7e2a49caf0da05a1db3a6e12f434","nonce":"6a6a5c9d22e9c26961fd20a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"7661d598bfe0ab72cd8107845caa2887fd7f89a9d1b3e125c570e1da80914b06c472b2ceedf2bfd64e0ea02caf","nonce":"6a6a5c9d22e9c26961fd20a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"146d6881b5f6564eea0f166d3a7632ea9f64f42baac0600b85c7e2f5b0c7dcffd9901521950ded86750c071469","nonce":"6a6a5c9d22e9c26961fd20a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"8accade3d1163a6120d6ebfe30464d67ecd66915c5cc3e126044204acf5cf630eda135c660f664680d5bde5e9b","nonce":"6a6a5c9d22e9c26961fd20a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"35cc36d3ac92d29c9035b97ed42de13c22c7a705e7623b5a5ac008c8b48fd48a96078d5d39b442a9c775fb66ff","nonce":"6a6a5c9d22e9c26961fd20a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"bcfeaa90a9fae552d95bdbbf43325806d992c8908c5abedf80b29e3943d1fea19b655343301012033dbe4ece8c","nonce":"6a6a5c9d22e9c26961fd20a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"5bf3a26686c05a74f8f86acecbc30c49340a73769159b4485f86d3a2aaab6f95f936ef85ef09a18a7d11ec60a7","nonce":"6a6a5c9d22e9c26961fd20bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"a7b9f5f5399d33473b368de532a06dd9ffcf0472ffdd6251063bda599ba7fba461d244765b6ebe06c06b06606e","nonce":"6a6a5c9d22e9c26961fd20bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"edbb1092491f0fb51263c6848f91ede7b7f92d57acfb53b3c1ab1da953b895a63255df3ff499bcc2056a108a8f","nonce":"6a6a5c9d22e9c26961fd20bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"ae2b5b0a408b4c991086782ffbcbddb5f1eb050eacd04e9dbd3c563c02067473591996579e300cc0e6dbe53936","nonce":"6a6a5c9d22e9c26961fd20be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"b1e72a2688cffac56578c6aa330a618e058492f139a57b8011f177df4d27be4b877c2740dbf750e09a790d5c5f","nonce":"6a6a5c9d22e9c26961fd20b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"5788d87fe1fca6dfa4a13c3abd668cf5f668792ea570c4e4314dca8c7ea2d3fdc02652ae8d781203e57a593e7e","nonce":"6a6a5c9d22e9c26961fd20b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"2fd1add5b7e6b0be55321b8889fa5b04476c4c3300af630e8aefb5f2b35a4ea42e8e0b52f86f0d0fb6b7c00b4b","nonce":"6a6a5c9d22e9c26961fd20bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"519d1138ab3eb3210f53df4798400dbef3475da36a24d58ab8076ad1190164c12b328609adb1cf894e089cade5","nonce":"6a6a5c9d22e9c26961fd20ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"5041f2176ed67ff16091a7602e58c2e492565f9d337a492a2bbbb032df123be202b35d6ab47e223acaec1dd13e","nonce":"6a6a5c9d22e9c26961fd20b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"820b6d874c62f4532f3f59fb86756765fcc328147c51e4091218d69c2e6afc856bafa9f9bc0f4370dd99076235","nonce":"6a6a5c9d22e9c26961fd20b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"20acd06f0449fd8fb34ba81d65a13157c7be492c1b03b86d2f607fb560091fdcad69ba0c84186fc190bd8da70b","nonce":"6a6a5c9d22e9c26961fd20b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"65a9540d62cc16e1fa443838c1529c57ad6a16940d83c894aafd6372970621c6adf5ec64dcadb696cd1a09500d","nonce":"6a6a5c9d22e9c26961fd20b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"a8d6de6fff000f5cf1b16c69aef6d8fa94ec958588d4320b8ec2efff000945a2cb42f2e5ac862646641f8afe6f","nonce":"6a6a5c9d22e9c26961fd20b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"72527e291ae4ef1ce8de776bb66a0bbc3a87b5767a526787d8d9b97c1ffe88c475f06a36c8458e38dacf43197a","nonce":"6a6a5c9d22e9c26961fd20b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"c53cac33439800ed6a4bcd4b04940aa6e031a01221c782e4cb0f89d4a1a20905cc773ca4f177fde02e3cb403af","nonce":"6a6a5c9d22e9c26961fd20b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"af68653b217f326e6352eb11ef20a6435246fe63b0e80f4d0219264e23c92999a06f3c152de528eba67c03e6c6","nonce":"6a6a5c9d22e9c26961fd20b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"16b65c0bd113812d5b8de5c222ea0ade1b4fc66918cc3795d6289f6bea8d31b8c59b38c6f18074473ff060778c","nonce":"6a6a5c9d22e9c26961fd208d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"a5369cf3f747582836237a9e74bf3360c866e07f8e13e7f9be885e9b842a9fb5afc98918aaf7613ad0d8392991","nonce":"6a6a5c9d22e9c26961fd208c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"be36156961ca814b4b99d3c0bfc157fa8a361f8b59cb7e1a2be22d2d7ad938eaeebcd5bedcc2eb0750dc3c0859","nonce":"6a6a5c9d22e9c26961fd208f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"64dcbcb7837a9602a3987b56ac1660d18c0c7a3b2c211482a7d480b1e5a84fd3e8862ff8e23cea23a5e4cf86b1","nonce":"6a6a5c9d22e9c26961fd208e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"0163960b9f76dac1c225823237fe915a2d5079b51edc55072b41233548fdc07138d6f0ad05c1d911dfbc8597ee","nonce":"6a6a5c9d22e9c26961fd2089","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"5eee50a9c49d31216f0272420b764ef1caf9a02687a7bf99359ba6f34889909cc8d45d45d1301bcdde971f363a","nonce":"6a6a5c9d22e9c26961fd2088","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"b4c6d581423fa133c14fb9cbbf0ec9d21dd55a3b257405c06593ef1a4f997c48c8f8bce32179b1e6f68ef16797","nonce":"6a6a5c9d22e9c26961fd208b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"3c4fd79052cecca65e22441add3b8bcfe99c021b3826fbbe447a8d26f141c96b619164fe1132571031b93fae6b","nonce":"6a6a5c9d22e9c26961fd208a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"dbce88bf012949acf8e728f31aa818f8238fd2b79ba7b73393d18651e52525f15d365cd95e5da9d72a88c77562","nonce":"6a6a5c9d22e9c26961fd2085","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"2095f787fe0c7600114c900c4c4d313f0f3ec80dfe464b880855f04aa28c066b9bcbb577e1e4a4e9f812f7fbd2","nonce":"6a6a5c9d22e9c26961fd2084","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"1dc88c657fd151265b5566bf59a9f745f5aba75786ad0859bf722be3b63d5c4e1155224e4991574876cc4e34fd","nonce":"6a6a5c9d22e9c26961fd2087","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"3ceb0a8ca7a7b75abd49e1f4296ce7092e433e2e6a0f5d839f7037747148bad972f3df5a27b73785d91124fb78","nonce":"6a6a5c9d22e9c26961fd2086","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"d18873419a61b6bc025efa63e96778871fd0f6e96b440151f35a8ed8216327668454b4b8a74bda5e42378d1b68","nonce":"6a6a5c9d22e9c26961fd2081","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"8f7dc2174bd178019001ff27e304c44c1c52c2a98289f7e28f539fe77d28f67fbd38bc1a222ad7ac0b9431060a","nonce":"6a6a5c9d22e9c26961fd2080","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"05d69beb6d0b471dd8eb1e677fd04ca08ee653ac66cbd6def1fd3ebc8dcbb63d8a8b4219f4c8aa392ee8444b48","nonce":"6a6a5c9d22e9c26961fd2083","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"e41c40e49620d8f8e0b5c535d6634d17786b2a2b924f91568d957686dcc9413d28ddd3768b2a43ace87bce0df6","nonce":"6a6a5c9d22e9c26961fd2082","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"ce131da556ae2595f1f95e5433f2c1a8ce63bb1d4df34d1cb971f32a453dfbe191f1fc59807b5aa2ab64f07262","nonce":"6a6a5c9d22e9c26961fd209d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"f533647a07c0ce3900cda876027011caf573d66ee0c649481caba1f40fdd425dd6a517bafc201efd40b60c21a0","nonce":"6a6a5c9d22e9c26961fd209c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"c0590d46c14c6d50a435d2440a4f1e3e7e26d1d0f63c60979b73ddb6814e25d5578d9124b890d74423bec89f62","nonce":"6a6a5c9d22e9c26961fd209f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"cd8036153a324814697d601dee47f89ff60c91b03cea2ee29c0a769556b4d3045b5e2ad0de3e29cb5ce6804d98","nonce":"6a6a5c9d22e9c26961fd209e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"c644c88b9ef2df53a9d6fc50ab8a60d64f7c01f832b9ce4557ee7555c17391757fb153b453827114ae362dbc61","nonce":"6a6a5c9d22e9c26961fd2099","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"ca41de15da2e7634162dfa292c73f83406baf85907314c7b2d94549ae5255fffd4e44a5105d0d16ed646830ef4","nonce":"6a6a5c9d22e9c26961fd2098","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"60069d08916370c1c8f01fb614fa9c356010177417e0354ad5c84b15164a7cc7472c531c700bb6db98182ff5f3","nonce":"6a6a5c9d22e9c26961fd209b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"2e1519f6014071b39d5a54be739c4fb371c65d46d3eb144579ba0e37ea7f403077ce7e44560907d15de7871551","nonce":"6a6a5c9d22e9c26961fd209a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"e3bebcf59825c96c198037eeb05e46fa28ef61135b1d74e4f38c41e9c19dca4ca7f8ffb6bcee6d0cf3ed030edc","nonce":"6a6a5c9d22e9c26961fd2095","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"b9a54772f2611a36e7f5e06581599e1aad2265d073c16aea7b30e7b86abd35b61da91925da8a829579399fee3f","nonce":"6a6a5c9d22e9c26961fd2094","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"ded574f5cd2d5ed719d8b8a917ff468df1e932e41220ff9bbaaf2931948a374c5726f440c1f345bba0f6bf4d97","nonce":"6a6a5c9d22e9c26961fd2097","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"6e9cb3923a4694d019f1e7db261ae040f9d05e9e4a4bea734c853680841000b95f3fe473eb55e31bd60c0c2280","nonce":"6a6a5c9d22e9c26961fd2096","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"a3361b41c577484f0babdb53b0192137ed51d5c5f1b3348086012ebf42523e1be0cb0a73e2366d02b4d71b23fb","nonce":"6a6a5c9d22e9c26961fd2091","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"22c6c4c866f956b85bc9b8aea949f48a921601f4d1e9f00e65f0de50ebd241fd2b29b7047a584c0be65be4b2a4","nonce":"6a6a5c9d22e9c26961fd2090","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"145229128501ccb4e3a4aa74dc514b315aa0f5b4bd15c3a731df4b0ef929b3224d95ddacedf3b3fc3112b85e82","nonce":"6a6a5c9d22e9c26961fd2093","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"8d8be5b0de53c110525b8f9605daa339de48b24ecb6ab692e79c3dec274ba377a5f73ec258a1c2e7456934824e","nonce":"6a6a5c9d22e9c26961fd2092","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"d757a034dcd25835b80e626cacac9dffcc19cf877f9f094efbb77f7e4256149c664045855d191793b562c1ec4c","nonce":"6a6a5c9d22e9c26961fd20ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"e4752a0e0b28dd5fa38c90ea910c3c9f709f199a487a4a00a4bd3bb59b18e46e4c3fece0b2a4e8171231e82388","nonce":"6a6a5c9d22e9c26961fd20ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"df511392fd24b56e876e9b98c598bbf21860725af40a6b1a47cc2c15feadb69a21d9b791dc83c901c469dfe810","nonce":"6a6a5c9d22e9c26961fd20ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"b15b4efbc8bca2faaff35ddf42df2cccf9176d1bd5e50f2dbd9689ed6821de7e10d5904a78e56a28b3845fb549","nonce":"6a6a5c9d22e9c26961fd20ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"58ab447f3fdc39f67996fb559e2cdb7d7ada89f4a8867aba893ae23c2c99ae186798d80c41cbe37fa79a5838bf","nonce":"6a6a5c9d22e9c26961fd20e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"943ef68cbd547ae07905885f642c1ef3d9f0792be87ab11fb69d60af560340427f11e7ea3301d7327d3b337c6e","nonce":"6a6a5c9d22e9c26961fd20e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"aa290d1983ee79b069e68ca7f765b5313a4158fe75e515dc4378ff6dd391e8d96510c62e3b905dceb33f4131a6","nonce":"6a6a5c9d22e9c26961fd20eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"71cc147be92aa35a5ed0b3afd08013ab9c2341cd2da2cbfd806242478561dd72972683d598494ecda945eaa94d","nonce":"6a6a5c9d22e9c26961fd20ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"61d0104bde81d3c50af5250841a4c8da19cebe3c94d51c3be700b3d5ffc3a6c970e0fd4056e1da6c0829a0922a","nonce":"6a6a5c9d22e9c26961fd20e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"eb34175f0b47e3a082821e348dc1df8ac56353c48b6fcd68beaccf28ce85be9caf8fae51b758dd03858fc05f8c","nonce":"6a6a5c9d22e9c26961fd20e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"9587a2a2d57fad729177e866f9b5ae9b9b25d6d9b5542ef4f94e937aa7c98e9a799a4faa15d4437447db61317c","nonce":"6a6a5c9d22e9c26961fd20e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"5a6a504b2517a4bf52b83fc90928ebc10beb2bfc6a332b1bf9996178b49ca4e2a96086b78c0f3c79689b3940f1","nonce":"6a6a5c9d22e9c26961fd20e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"07cc77c7841c996e08db5129981faad8576b1bdf317b36bca05002974a430c83f34f7a6d35c4faa62370359717","nonce":"6a6a5c9d22e9c26961fd20e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"0c19235b0e38a05ea50070526ca0e3a3d0b6a96afcfae2711a9c8335b9b53da792ea846a3e2e4bd420917d53da","nonce":"6a6a5c9d22e9c26961fd20e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"ab9ebd62cfcf0678c09d66da0e5f38c5d054f84783be127d5600e372860721f228e02937053bfca3763f0456e8","nonce":"6a6a5c9d22e9c26961fd20e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"a9d351344e64d073f6e4ef48538e39bcb24b1261de6955b3760e7a617b8618e128fedb378aa51f06571bbbd74b","nonce":"6a6a5c9d22e9c26961fd20e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"77006621af5fdbdb007daa129182f11671a8abe140205d244115820bfc9c6b98bb3af11753d5cbcc4e5c3a4806","nonce":"6a6a5c9d22e9c26961fd20fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"1fdbe831da17d6b27bffc978e8175e86fdb177572dd249ca2888b04b63e194a3efdfd5f3110a15edab356bb8fd","nonce":"6a6a5c9d22e9c26961fd20fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"e58f3473e714a7ddf88898dba2deee439827c05cd365eb86611482cf718d222c02d239274882b9337ddce1c414","nonce":"6a6a5c9d22e9c26961fd20ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"87c1c469797a7ef397d871977baf145eaaf265d3a8814edb0ccc0cd85f21813ee1f32fa414e0a5f20b43b40209","nonce":"6a6a5c9d22e9c26961fd20fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"dcb23f095c4752fa38fd1e2267328e53cd3986addda4cfcb2d4dee7efb03dc681a5686f8a67ba0eeb71d7949a4","nonce":"6a6a5c9d22e9c26961fd20f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"7ae31e1e2c02c9863ac03f3686f4c76159a95f8e92a533fddd3d31ab7ecdeb36b7bfd5e5e5a68af9fcf95515fb","nonce":"6a6a5c9d22e9c26961fd20f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"f2e35544c0197f14dd953e406882f4b042dee4cd552e914c5edb52bfb45bd5701667f22e5c823ac3f72b97292b","nonce":"6a6a5c9d22e9c26961fd20fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"0649ad2f6b33da1beb4233a7745118cba1200c240cf994474a9da02e313b06e193f6afd04a97036b8410e4f49e","nonce":"6a6a5c9d22e9c26961fd20fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"31e515924013a2e2ac7e9f9bca37e308202acb297be8b59da98ef5388efafd435089fb04b2d8e574958a27e087","nonce":"6a6a5c9d22e9c26961fd20f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"a9cfde41cc1997404892c971fdadc6005d839501fa300c0640d3659e65c0979fc16d75b1665dc120edd39a83da","nonce":"6a6a5c9d22e9c26961fd20f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"1dd221934eb28d7effb441011afd2027fb05c6da92da7f88cb227c74f07165df304fbf662f7d92cf5e35a59d7f","nonce":"6a6a5c9d22e9c26961fd20f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"f987d10e47b7b960dcd3c9f39f8de85f6d7de15724751ec03aa775d7fcb8b114945c6481ff8d2381c090845067","nonce":"6a6a5c9d22e9c26961fd20f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"f2e42901c1aa7d0365929c03e610100befec8ae946e3de1067d6e26d798fe50f32c2e2fbf2b9c6e0e08c200c44","nonce":"6a6a5c9d22e9c26961fd20f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"5e44094db4d4c36e2ae406add4b91e7c999d4232aa5622e1683d6cf6839ae4d7a3057f4a9dcd7470060ea64d48","nonce":"6a6a5c9d22e9c26961fd20f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"5bdbea127aa20be66667fa9cbd737950386bff336a0598850366bedbce59b2cf89f369966f4d951ecbc151340a","nonce":"6a6a5c9d22e9c26961fd20f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"3231addea5061cf4c00e5558d67678e4cdf82642c0ce12d3d1c253ff125fcb5d9e91be1102a15b2ab36e859a02","nonce":"6a6a5c9d22e9c26961fd20f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"9a0127d5390ee82af3d96190712bccaedfd51efd8d23179a8ea57ff436e2040a94c0e54120df9b0d5cf0b39fc3","nonce":"6a6a5c9d22e9c26961fd20cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"3c9c24dabbcdeedec536032d5b1829aa96896c1947ea6fc12bb69b54b7d349694dd15e188956c7c6b346a5a547","nonce":"6a6a5c9d22e9c26961fd20cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"8ccce4ad09a5531e715206b4502fcf7e1a89f858d436609d431e29e014326da7dc03b20e02f864b50e83b6d84f","nonce":"6a6a5c9d22e9c26961fd20cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"a6f04c863f94781baf6c91241877b495a76fba94812af43bf311aab0816c457e14c537f975ffdc6d93d2575a00","nonce":"6a6a5c9d22e9c26961fd20ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"14f11ff7774bcb57597fb47bfacad59d981cc2e88a463d54255e2139955fe3055ffaf64cb327b81b6f542a8466","nonce":"6a6a5c9d22e9c26961fd20c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"566673b39de66cc68ff9b9cca0f5c5dccf32886f53ad66a3f0435a7c257efc65c24321a90d77502e90511f0c63","nonce":"6a6a5c9d22e9c26961fd20c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"cf093011ab6e29e407c0332dd2a41bb128ddbe1cb5d875b07b97ee499033fa12e9216f189bc71ef09463166b4b","nonce":"6a6a5c9d22e9c26961fd20cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"a1be588b60995526d4ed5240c50802f2b700a494770c300e7d063687250ea9fc72a7ba44445bfaaea4982c2590","nonce":"6a6a5c9d22e9c26961fd20ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"e74b0d526b1e58ed1b8b89ffc3533c2d596c4d88d8557f7bbc8ef38dce73d09b8790a73de5b819ebb1343d3ccf","nonce":"6a6a5c9d22e9c26961fd20c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"e510ac724f3be64eea1b7edfeb2b5ea954a87a488440d623417fea411fd9eeef76171915f42023a273c152791f","nonce":"6a6a5c9d22e9c26961fd20c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"a42868be9fa41ce13cbb7569d9d4ccc7e62314b04562dbaeb3aabd33635d6e89a72d1e9a2f8ecea000f3d9a0fd","nonce":"6a6a5c9d22e9c26961fd20c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"21785f5c3a15557f5bf5756031187eb959925aa3909ef05fc8ad50d81b1c6c20eb202587f19f00de6233e45c6e","nonce":"6a6a5c9d22e9c26961fd20c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"c0451f5fb575c9308d1e4385837d9c9cf3b25b3c4ec143e9c7487bf7f82107b92e474069725dd4fbad8ed9b302","nonce":"6a6a5c9d22e9c26961fd20c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"16a86218e509ed412f7d09d448e64f200d0f5f1869fdccee848a42c6c6a83c9645b793ead59cdc40f9b13dfc98","nonce":"6a6a5c9d22e9c26961fd20c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"583f0351b22efa881f396d6e28625bdf207b08445c81b5fa7f99b79cde0ea21109ab34fc8583e638b38b7597be","nonce":"6a6a5c9d22e9c26961fd20c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"a1694c19da267482596ec9d5e70f48275a4449e60fb4db6c3e7f3deb75810860b063701eb70ea4573c9a4eb3f8","nonce":"6a6a5c9d22e9c26961fd20c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"34121a63e0c0eb8f7a4d1b7c8145b9dc92b7b92ed6c164f3cfaaefaa5161d6eca3cc23182c83ddd8c0e712b7aa","nonce":"6a6a5c9d22e9c26961fd20dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"5493a8f2b07ea4884a7ccbb23c221bf3431f732662efb1e3dd2794488d5a7d1f8d988991124ad95c77e6faa652","nonce":"6a6a5c9d22e9c26961fd20dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"8cbf754b9359cd2da21f9c9a1561e1cd697ccbee7e563b37cb422bcc4c4e9b9a099d5a7de1ef7fc879f616cce6","nonce":"6a6a5c9d22e9c26961fd20df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"b15e05f397a08573e2f9e90d9cdc499473916479ba2287a7a91609eb83c9892bd1956b8718dab1e1eab60c9bdc","nonce":"6a6a5c9d22e9c26961fd20de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"f0978d725d1a625961d2059ff23b268bc351f69ab62cd120de2074dc58069453cce1fa54a74ca6b42710366e34","nonce":"6a6a5c9d22e9c26961fd20d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"f5947656d2cc53cde48fe79e6cc1eb387d7ee15ee51e12b21feb0d53feeb663b91d4fcaf5be80004a356f9ef67","nonce":"6a6a5c9d22e9c26961fd20d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"c004d8b71f0e5da1e8a6bc8db882e03ac9c617fd835e7de0042fc483ec2e217a3dc03689c8151a4cdc7b6e4535","nonce":"6a6a5c9d22e9c26961fd20db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"84d393ffad6f4ea8dc1a595c845d1f689d0915b025985ca0c8a8beac74aabaf636b83e1931d3321514bbfa41d6","nonce":"6a6a5c9d22e9c26961fd20da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"e05054f0b6d3dbedcfc8f3a88ae53ccea60875ff118e090a88fb8e0105c54ed7d4dd7b19f502904fc960a92b41","nonce":"6a6a5c9d22e9c26961fd20d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"cde3ee9861b95609722963ffe6ae55646593e427f93da8db8634846e2849bfe606c4687f8fbaf1b86fadc05389","nonce":"6a6a5c9d22e9c26961fd20d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"9aeeeba134209d6dc32f2a4334079cd94181b9aabb61a9ca70ecb4328e43a1531299c510fb57ba9b54c29caebe","nonce":"6a6a5c9d22e9c26961fd20d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"479fa24d7671e61de314acc771786604c115dea615f4d42ff1389fff228a14b16295f5288fec6209aaa5a7ea04","nonce":"6a6a5c9d22e9c26961fd20d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"7fd693661d52f025edd59828e341a5afbe1d94ad63ba06d33e9075d7f5633de31390e812817b8373510d9855f5","nonce":"6a6a5c9d22e9c26961fd20d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"0404f13153a92abcb813ce103aa5c7ad91495604b2f004f76c78f68d72b2256e51f1272cf0d58c9aa2076eb0be","nonce":"6a6a5c9d22e9c26961fd20d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"0e390d4f625db22beed0803e0048286d7ba7e0dd4bad6b951287b5147ca388ecf730429360a2a057144aa44cc4","nonce":"6a6a5c9d22e9c26961fd20d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"9c788dd8285860d0be255000918950e62aed3d1cae4d9a5ffb36e077f1c720a11a3b2876658563af21b46a2b25","nonce":"6a6a5c9d22e9c26961fd20d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"72ee01b4e386712f8147d357f6506e5769f5cb8c38dd0bfa7c77fc498bde22d43d84200e5c213042ab1e8a9b16","nonce":"6a6a5c9d22e9c26961fd212d","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"5b6120165c82456080db3c730b886b07129e0aec9b5f7beae9e5bbd103c67f2d"},{"exporter_context":"00","L":32,"exported_value":"30890b81a37b14b818c462ae5b680b4273cdc7a1ce5ca86d30d482fbe4323e7a"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"b0b5c19ae0daf8d005593f5755d6e8cab29bd3c5c8245823586d009d15aa5237"}]},{"mode":1,"kem_id":32,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"92c0e581f1b0ad231dd7346d69071afa23eb4dacdf0b868b644a20bd5121dc07","ikmE":"16854ff5f1184ebfc559f9d21a595e45212f4658f2804bcbe4375d524353ecb0","skRm":"408882e1f5e554b270a1174ec38e6c647ad1394a408ebafc228c0410dbf98a24","skEm":"eca9fe586030d7de742a2fc531685684d9c4cf32ea1af4aba1f85895d9c2f563","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"2b54cf0ed6c4ef3ef5c2303a85abd3db8f540a5c53a22f8bf9639921c81a324b","pkEm":"bc441a64a700843a8efd5cd574c20e9909c3a2ff7d35e260f9328cbb8e555d56","enc":"bc441a64a700843a8efd5cd574c20e9909c3a2ff7d35e260f9328cbb8e555d56","shared_secret":"cbd7eeb81ca7cc4b76411df346291e840990b7f059e507b055158575e656ff7b","key_schedule_context":"012bf29bba14d4c88e22c7637cf6fa2c279836a13308286be2fbcae87dad2dec2c47252d8fa4e8b173b715aae0af06bae18683a6c022c2b1c6e28a096f930585b8f18df7d7fbda3c938157f486a23f47621b8c7bc4ab9d89fd902c1d406709ca1b281ef1b7bc4736dc044ee497d5dab805fd38a9f4890398ab2569653a0a7ff73b","secret":"8d544a46aec100a2de3b251bcfbaa33b0fe267d2340db483ed91cddb097ff3f8a9b8f1f12502665a1a81a4dfe1c3ee302a033d7fb2158f7d0e834564db6d9043","key":"a6185e8133becdb0ee3acbc901c6085bd5d5a3e7cce9949c57647a7f81c437e3","base_nonce":"f4fee6a6f8e2f5657369f3bc","exporter_secret":"bc3b934f4bba7bf8adb625c8cdf255d8db109aa16ef4a99f180cdd817a0c90e04b857a6a42d669b6f52eb1f2264495b45c827a0bb763656cd199a3bde2b3974f","encryptions":[{"aad":"436f756e742d30","ct":"65a46e483d921343f20cba85da69976b2e0e52f450db7919f7796604977d6708d884a40d5e4fd5b820211264aa","nonce":"f4fee6a6f8e2f5657369f3bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"02019423af9256981bc0a8a7675494efee2244faa2be5b572d9470e451ea3f831e2c08cd47bfc78d6d1f11cfb1","nonce":"f4fee6a6f8e2f5657369f3bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"2c952be30593914a95b09841ded2226e703ec27f22097c3c6ace42442f5b7464233735ff78204985a3d9fe5b01","nonce":"f4fee6a6f8e2f5657369f3be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"4c70c21100cc86f4775239e47513aebbf529fcde8009582d05d11450ea3e9cc4b636f86e98677d0c7bbe0de8ab","nonce":"f4fee6a6f8e2f5657369f3bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"00597ba695b0d82e19f0ea6ca2fafb83dbdb40e499d3315dcfb22af084b8eac96d44fd50ae1c03173ebd621fb9","nonce":"f4fee6a6f8e2f5657369f3b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"0f398f28b17d6879f14c50a594f3dfdf76dbc2e06158610d4cdba33fb7404b931d4d6b43513facf8f83b8e75c8","nonce":"f4fee6a6f8e2f5657369f3b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"4a078b0c51c546e2f044290c87987f91cc90d9cfa8d77dec7669739867efa95ec8971b44d28d4690d577f2de74","nonce":"f4fee6a6f8e2f5657369f3ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"379628ec01a5c7dd82973d39b17436793edf1de05fc3bb1ab5f44e4a309052ee6ed5a1b70fca4569026d17859a","nonce":"f4fee6a6f8e2f5657369f3bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"b4ae2a9384db3f34d5ed7506b0f58b9efcf03a047d150edca4e231496c91822979ac6bae150b0105185cfac73b","nonce":"f4fee6a6f8e2f5657369f3b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"fb9e0532390bd606a3470a39524101a1614b03c10db110bc6b32248fe0706705847ce2eff4d4c66706f6b7c19a","nonce":"f4fee6a6f8e2f5657369f3b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"f816d5b57be1350fa46e6a2b01aace3ddbd5f54f2ddb137df3a8d59d3d0c7537492c3f879c34444b5e590d4ee3","nonce":"f4fee6a6f8e2f5657369f3b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"e18519144dda72fdb59056092b16a9b083ca6e383405493381c668c89eedcbe5b6808f1a17c94d00818a126079","nonce":"f4fee6a6f8e2f5657369f3b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"bde7185d386e2b509e8a0f3d877d8af83403ff3cb6882aa185b7ce2f24e0c43e9637426aa660eaa6b6c05fdc0e","nonce":"f4fee6a6f8e2f5657369f3b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"c9b5889c82ca9eeb1add7cfb662dc12da560258101baa03f33563d184525959973443ac993ae00e6a74f59b210","nonce":"f4fee6a6f8e2f5657369f3b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"d44212fb18e1e4818936a719282a8ca4de29e193cd5b5886687aa7659c6034ce41b6fcef6eb56d68d4aeb214d5","nonce":"f4fee6a6f8e2f5657369f3b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"1fed04f178ed17a9e73d6d75d63620a47e2aafa5afc3047750f3fe91ba2e8b292e8ae6ce87a8b1ecb0155ba708","nonce":"f4fee6a6f8e2f5657369f3b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"320f386d967249a7a4311a3b43e08627a3c7c7d8b8a21dd9ff51aaddbef8160b8fe81cd0675fcb1915a686c40a","nonce":"f4fee6a6f8e2f5657369f3ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"441e3445093e4dde29f6856bfc8419feef50ca8298da1c066b63680432632765e0ae9c47043291ea9fb26fb415","nonce":"f4fee6a6f8e2f5657369f3ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"bf597a0ae2ea74826ea548b9dd3a1393d93f0aab5087ffc84ef61e94d297b134a2dabf6fbefa3e9a6c13b860c1","nonce":"f4fee6a6f8e2f5657369f3ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"a397db5ba2e0d8fa57c3dd55e3d57b89e7c34ebf598cd3f3062fdd28e6cd92cd37b1365cf1dc6967cbcc4fdda3","nonce":"f4fee6a6f8e2f5657369f3af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"21d23197e216fa0840385e7f46e2682307b9812c26d1fd760032ce58b4c56c3153cab3b5a504514406452edf6d","nonce":"f4fee6a6f8e2f5657369f3a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"21137c6e0fdf7259898470c7afa620528067e702a215de69880e552dd80852b8288667183717f54320230104d2","nonce":"f4fee6a6f8e2f5657369f3a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"6db3f5ab343e4f7edbbb03092e7ebbe5658b643180a5bcdc648a19d25207fc4c41c033df2951d7a895b726aacd","nonce":"f4fee6a6f8e2f5657369f3aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"8d50482dca53dd4c71ffa87f00174b243af6a7289456665ac1b90abc725fad405a8753949e156555c71e03d0ae","nonce":"f4fee6a6f8e2f5657369f3ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"c9dd0a405e5e7bd66abad9b0949368a1d3ef98d05a10bf490a898e4c0786bf7d603993704ae1147e05f1e583d0","nonce":"f4fee6a6f8e2f5657369f3a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"c40972feb1cbc9a61d4bc8c612aa4286c7cf0e43284ab3675bfff187ab6679fdf71843a754deadb2d4a938c0a3","nonce":"f4fee6a6f8e2f5657369f3a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"be45aab26648077f9f2ed7ef225c4d73e7185f9e6c74d239b8da2514265c1f540b461638ddd101ca18b3c1d305","nonce":"f4fee6a6f8e2f5657369f3a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"e09bc82eb6623c7763f594128887265e1222af6fa7944cd7a3e64b72291c8870880a1f0887b13e1f0740739d70","nonce":"f4fee6a6f8e2f5657369f3a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"c8e3f33927063b3fc2920329ceed961e429b02f66e131627210d6d83d3ede05016d32e733a1bdeb8d9e8a7384d","nonce":"f4fee6a6f8e2f5657369f3a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"8adee65279952a4506a59abee59046dc8918015ecc406d17e1976aaeebd73a2a41cfbeffb32e9766f8ac66fde3","nonce":"f4fee6a6f8e2f5657369f3a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"4615040c559434d623ed5b9553dd8444338944e72c7a92e004e66fb776d124eee9fe0bcc2f0976b772cdd0332e","nonce":"f4fee6a6f8e2f5657369f3a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"4e0882fc5a13ccf73e57dc6b613b270378ae42071268040ec1cbb696f8cff3f87f8a8e151bfda564e111d35676","nonce":"f4fee6a6f8e2f5657369f3a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"a15d875e8887954d4cb43dc336f5a78407d051b22d3c9417e6adc9952ab1ebe242db3273a8964e33bf7604fd7a","nonce":"f4fee6a6f8e2f5657369f39c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"b31e9b8ec7c2699c3b98ccd23ede9b27b931409038c2959d4ad2269d28137793f4f2c7479ca905b117faf25a42","nonce":"f4fee6a6f8e2f5657369f39d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"0fec21d24d55d8b40134fdf0a2eac54a31475295ca6672fb0689764cf95a60c351ec57fc5014bc8a6640042f8c","nonce":"f4fee6a6f8e2f5657369f39e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"7996eb19bda4b384fb6dbd6276a7b3523983067a6098980eea7a263ffb67f4fd2d2f0360d0be0f7b1e0602cc98","nonce":"f4fee6a6f8e2f5657369f39f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"9fff87b8660d34a08e3182766ffaec868c638c4dae4392443900af988f4ae9e65cf7789acce723e3a8ab2054b4","nonce":"f4fee6a6f8e2f5657369f398","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"e0201c0469be3ea3fdf47b7871e4ea81d9fc699041648c5b34faa9f1088a9a14ac5f1c24b98673e45102714f9f","nonce":"f4fee6a6f8e2f5657369f399","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"d8f3ce1ed945cad6fd18fee3a8ce5ecca7b344e1ddaf6fade9903ce8233734bbeae3f6a98a768ce921dc8946bc","nonce":"f4fee6a6f8e2f5657369f39a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"6d2a94827b4b1c9508d240bfcb7ea59373242548c47c0ebd12cae593949935c392fe68fab9850015531ae90d66","nonce":"f4fee6a6f8e2f5657369f39b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"f5f5b9b341cad677c17396a454cd098de850b664e68fa2485fac13ac729e4250b7afbf8694668f521bd3b17126","nonce":"f4fee6a6f8e2f5657369f394","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"6cc2a3530061804a088418904d14076193914005525b14f87870e08bad3e7d2d1c70e2bdb08fef837d87dd113d","nonce":"f4fee6a6f8e2f5657369f395","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"12da131ae12d19f9ccec230cdb37971cff2905c275b01df83f64e1edbfde26f660d643cc023904a744eb2b7451","nonce":"f4fee6a6f8e2f5657369f396","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"602484f3d43b6c71a61d1bd0e7c9aead0f39262021e5c5830deb8db54c15dbcebf7f4f2ae4109889a34e8deee2","nonce":"f4fee6a6f8e2f5657369f397","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"5d1b2e1050c089ca9e3983f6a7cefd097b96b73ef4e5a64d30afea7dacf241a6bf8b2e223dbf1298a1c42b14c7","nonce":"f4fee6a6f8e2f5657369f390","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"95698ec8b98c88f06053db797c8dfb5d08bd0d1c4fbddee7acfdc0e8117b160abad44165b8e611e68e3e018446","nonce":"f4fee6a6f8e2f5657369f391","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"1980378c9aea4203294396dcacbd27695a211af18719ea9242348efaef9c3c4baf00ec967e2849e3e28da320ec","nonce":"f4fee6a6f8e2f5657369f392","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"51da3f5a7c4675cd332593714e1a15cd4748352798a132456ada3b3b1ad58655a0474c2fae89d4eb0a6aa75af8","nonce":"f4fee6a6f8e2f5657369f393","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"b353be78ff3edfee4c015d8329a46e83cc695478ee8f6726b232ace80f0872d88d4f8215a611ef9ab4ffdaebbc","nonce":"f4fee6a6f8e2f5657369f38c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"ec3419bd0ed8d5fd1483fd6c28f0b644faff89e62dd64055db2e67f0291ad288bdbd2c643bbf9bbcf08cb993fb","nonce":"f4fee6a6f8e2f5657369f38d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"165280bf143d606dd7ab2718905d15f02181cc86d25b5626d86a7b2a11d4d5aa6578344bc7eac139f62a97860f","nonce":"f4fee6a6f8e2f5657369f38e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"e96dd352cec4f0a37c74231b9ae2a5f015f71541a6205922ee7e078f9fa8efd9718831d2d7fb9b72d768104f9a","nonce":"f4fee6a6f8e2f5657369f38f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"50010f307ebefcb74d6bc8e028441b6c08dbc9e349e64749160a4717dc2b31c262e29417769bc1b9377ba09938","nonce":"f4fee6a6f8e2f5657369f388","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"8278373ebc47bbe474d94942920b9d3920c6f029571d69f48abedd5fe567d26f2c8d3524093ccb8b15d100bcc8","nonce":"f4fee6a6f8e2f5657369f389","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"06fef6476a32e45c0d3a14f8432069ca12f3f8d06ee088933009ed4de3779865c0c962ec37f04ed13df8f113bf","nonce":"f4fee6a6f8e2f5657369f38a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"01ba3642752fc104990ecd454b5becfc312f8dd427e0e0f642513be1c954b181a8597e209b46f78573b44746da","nonce":"f4fee6a6f8e2f5657369f38b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"822f25f06e4fa064e3984e89d3d51cfe40240a112a0dd12c6af3b9186e3d77af1f820f0890dfb4d652592b3b55","nonce":"f4fee6a6f8e2f5657369f384","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"d3a6e9b7a8c0c3c05beeb2e5d39a6524a3ae3e54e35d438fcb86886353b30d41c8d81e13cc18fe374fc05caf44","nonce":"f4fee6a6f8e2f5657369f385","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"e4a18f685877f6953a299dc509f3f5dbe1673c5a9c89ca040603d722f4da10d45c6179aaccf394b832b1798e86","nonce":"f4fee6a6f8e2f5657369f386","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"d0f48a485a50a7d7cfcb6410a75bf3ae6e0f0e8df9421cfb18fb81658349dbca7cc55163fdfaae36e69590c5cf","nonce":"f4fee6a6f8e2f5657369f387","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"b32415d6a84a54bd3c5b6b7edf9d90a3e63982875f06a45a0847b631b12206d18f62d9c69bf49ea7e2f27940d5","nonce":"f4fee6a6f8e2f5657369f380","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"72a830359aeb1a9d7131d068b5f4e00b9f36a8b05f64d4b69ca958eff9ce49e94054cad24d982625a5e6a4ee15","nonce":"f4fee6a6f8e2f5657369f381","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"22ede39c1acf64ccf8488d0e1c7a299fcf90568e4e9f9effed9033cbe8d273b4aaecbbf695c3e94085857522ba","nonce":"f4fee6a6f8e2f5657369f382","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"2fb7f9a6a99ced49f40e24e6e0cd9c2f6ca9528107c4671fcbc6f74a356862f78d978ed9c97ec94bb7bd4f2788","nonce":"f4fee6a6f8e2f5657369f383","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"5ab3ece838d7c35b6b8d466856ae9b5dcab57557cf33e2a39459af082ddecb96f58c5d17f63b2d1fa5c63fcd38","nonce":"f4fee6a6f8e2f5657369f3fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"2411c676a6420b8e8ce67eb41f89e722c03780195e90af1e167225f7866b297dbfef21b697ea541dfd98ef48ef","nonce":"f4fee6a6f8e2f5657369f3fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"bc849bdad8c33feb26cee34b44c74849bfc709e197920e1aecd00da72dff0ea10b54f11b38b809c6caa6a01262","nonce":"f4fee6a6f8e2f5657369f3fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"2e7f20aa21225f6f3e2626ae58e30632000fd24fc91f228a6b65e2c165ad534488bb6c90f1fe8b09d404ab3cd4","nonce":"f4fee6a6f8e2f5657369f3ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"b6dd48f3ca9ea32ee6f5c81d704458af1530fc0f27cb130b19138d84a5f867bd86873b7c95d166822307c178d9","nonce":"f4fee6a6f8e2f5657369f3f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"940f491070df23f9b2f6f7ac87841483abf31e1fe4b7d9eb23c585b374416b397eeb6d282dacda2f63f4b32111","nonce":"f4fee6a6f8e2f5657369f3f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"7dd0f389c66e78ec8692d042618f30102b2d139db51645b045ed0cc590705b3cae417b1abdf891685ca21d04be","nonce":"f4fee6a6f8e2f5657369f3fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"3aa57f34a272d82bef7a2202aa039b7b87451dd0544f049658d7814b39fc7284981a490b033abc4d832f712f29","nonce":"f4fee6a6f8e2f5657369f3fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"33cd9327716d28c33a4b94df8dc070ad2b265439925d38546e9c9e8480016c249df39ecfaacece85a2c6e78c31","nonce":"f4fee6a6f8e2f5657369f3f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"3dcbad7e82c256757ceba60578f7d4ff73475017be91ae7ef1df252378771d5b31748020bc06dbb02df899f690","nonce":"f4fee6a6f8e2f5657369f3f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"f9b90b2c2209d8f23606680bd37c367fd8cd3ae53d7b22ebfde894443a53005d27329a32c2846df5a36b66cb67","nonce":"f4fee6a6f8e2f5657369f3f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"0b3323e622dd81d91ea7190cb91835950ffd7ac2dfc0f884493e0bd1f0e7e79386234f30da25560bc7a551ce5c","nonce":"f4fee6a6f8e2f5657369f3f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"988bf058ed15cc7cccce9c443b53b0c235aa1643a67cde0fd66d30a57bb9297021a5bc15101f9ccbe70b907dc9","nonce":"f4fee6a6f8e2f5657369f3f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"0fc42b6c2c7af81c182f002cdc928289508965e7d52180aef87d3e141a5e1b1b290890924ab71dddc92e6631b3","nonce":"f4fee6a6f8e2f5657369f3f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"9c5000f482d6ea388895a492e492b61678f4645a06a519ec57a8ed6956eeb0c55af50c77fc87645c7c38b84fda","nonce":"f4fee6a6f8e2f5657369f3f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"fc268cef051849699b5747bc53733d9d04bd06fc077f6286b5422cb7f65cf3348334d0e4c1f97139870fd72392","nonce":"f4fee6a6f8e2f5657369f3f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"66ba29c374793b37e20c13673c96a4b38164134c620d2f37234da1ae514f85c37f51783ed13358933537d6f9a8","nonce":"f4fee6a6f8e2f5657369f3ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"b051fba56e1d0654f98a1e9edc95348c39650327e1e2383cde1fc7d03a23268d59558c1962ffc9b79ddc88525b","nonce":"f4fee6a6f8e2f5657369f3ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"e0584690ef99a6da4db6ecaa9f8e10915e29a9caa3e2762907f44d94522fde63318f05cb5b17443b6ccf93373a","nonce":"f4fee6a6f8e2f5657369f3ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"9d320bf12a3ad95e7bcf44614d3f116cd072fec354e0bae49ec9d25dd13e97f6d3ae2d2a6ae4a0aaf22a328a5d","nonce":"f4fee6a6f8e2f5657369f3ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"410d78abc4b08b4eb22fa14bcae77399b90ce6e7e30bc7ae726dd2fbaa7b542555ef98b889748255515e701d79","nonce":"f4fee6a6f8e2f5657369f3e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"241910c899bd271c2b1ee492de4dc97ffaf6213f2aad774a20999d5cd79cdb9538fffdae19c21a5e0f31bed8ce","nonce":"f4fee6a6f8e2f5657369f3e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"27e39a2f6038a998cfbe668d0c959dd5a9292753e95c431f6becd2ae378532321236f93aaadd618052e8aebc5e","nonce":"f4fee6a6f8e2f5657369f3ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"7b0d8df0c8f1c06bdab0bc84538b56e5407c408a61923774041cb381fd4e9920ebff03592820d09f460b9d6329","nonce":"f4fee6a6f8e2f5657369f3eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"af62932b972229999fac7b0103b2ebc0b503c3e035bb57f4640dbd5269ec8366303fec1fdbf34072c8b60a3045","nonce":"f4fee6a6f8e2f5657369f3e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"179a2f930cdd313f62321ee399a09c262c477016f8a17c3a595b16707d05290756ca8264492bade443dfb89fb6","nonce":"f4fee6a6f8e2f5657369f3e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"c4a739859f35bbc6591d116c1902ab5e73a7271a2db0110ba7eb609ea6c4a97d612fa94c46339ebb337b8d74eb","nonce":"f4fee6a6f8e2f5657369f3e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"360c1aa360aa196072f08effc6b97d072f2c6ed9744d0a20110e9c3f710aa8a82d294b203f47c52691a1a901f3","nonce":"f4fee6a6f8e2f5657369f3e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"aef1444648cb997c1dc3bd9b3e1fdee5d32a3fced534876390e76980fff3e92def8cce6e8313b1e3b41a233952","nonce":"f4fee6a6f8e2f5657369f3e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"bf31a8a676dafb8011f5e7a331f3e6d2eacd459738305fc4c71b28ddad55dbf8b64234c754b5d97be22bcfa28e","nonce":"f4fee6a6f8e2f5657369f3e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"3b24c469d5eacf4ba55c871bbfb60a32391bfeffe176bd8f4d3064c7c3d16e47b21d41fb4147fe95e510687c34","nonce":"f4fee6a6f8e2f5657369f3e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"a6e46fdebda906b8cf3809ad693fc2e540021e1e2a84430a211a6d16143f6f98aaeba1afda4e85387cdabe2446","nonce":"f4fee6a6f8e2f5657369f3e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"0d71a4e2ebe7db9dea005a19afa36aa4bdcf2bb1b934e2dff228cf8c424ec2640258abc4a069e2691068c4f955","nonce":"f4fee6a6f8e2f5657369f3dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"55e05b32d1d40a933c5c9fcf6b069d38d13e4afbcd3775ece489363b01874b993bff9b180a3f06bae62d9a682f","nonce":"f4fee6a6f8e2f5657369f3dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"7afcf3893ebf256e58cd45efad85f8fd84b086ee74b79b11e9d57f78f2f18a8451ccee66e2a7989ea9fd72bc6f","nonce":"f4fee6a6f8e2f5657369f3de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"d2d4bec9b205c6e5f494699d9d552f17fedbd009d2fd4022da7f02195a4b192f0c7f45add3450d34c3049aa38e","nonce":"f4fee6a6f8e2f5657369f3df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"c72aea4d749e8ae487beb5d2a431aaf3efda74b3b948f974f98c60eab482f950003324a7d458398acd7c0ab758","nonce":"f4fee6a6f8e2f5657369f3d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"85e19671919aa0299e8b95629bd56cc4758defc2c9155d631e7a5035545be154055dedf684fb9c617149c3484e","nonce":"f4fee6a6f8e2f5657369f3d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"80e876c38b9c5a636f041a9c2cb694190468f234711fa8b087703af93b49219d0715766cb3208fd4245915d034","nonce":"f4fee6a6f8e2f5657369f3da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"54f603a9c00d5c71b50e9fc8a77ae7d294bc73c6e564a30b3dfa4fd32f0445353a4a2a54bd189ef2f00e1aa277","nonce":"f4fee6a6f8e2f5657369f3db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"701af96b175e0ef0787fd13428ae8559eb30ce48edce79d8f52cb94973346f391d2e1505faf768c58833275886","nonce":"f4fee6a6f8e2f5657369f3d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"1faba3ea5240112aeaaeac006949420bb465ffd3832260f4d45d6c6f62964c9230bdd8323ff97c08a63a635c25","nonce":"f4fee6a6f8e2f5657369f3d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"aa1a1678f3ab8fab8db45050f465dc944a69b5c41e9074a2e4a9fb24e0279d3d11da02de6b57a30fa5a7505dc2","nonce":"f4fee6a6f8e2f5657369f3d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"e5e1066f18de437e8ff50ce69174e865df553975ba6703002076115dfc917ad1de78622a53f204b33e05ecbce6","nonce":"f4fee6a6f8e2f5657369f3d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"31d1251f7ba530c81b3e1c9dfb5d8af23e1145d99a0af2b05cf778131440f5d82d4209ab3c13f84e4e1d591545","nonce":"f4fee6a6f8e2f5657369f3d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"bd97ac2366930116d204d417eb9d709d72e9cef09106070682cf41b93957f906cb83ad9ff166dd88e19bf0c8cb","nonce":"f4fee6a6f8e2f5657369f3d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"46380c6cb5762461830dcd19a16ae907a621adc380bfd2f88a819dea530bd4f458c2394e5f9e5eff45c62fea44","nonce":"f4fee6a6f8e2f5657369f3d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"5a38c4de8e3504f413aa2ff009efbb1ed8b1bc3dd33fdbdca13ccb09d7513c1285c70c5417a51bf0eec1f571bc","nonce":"f4fee6a6f8e2f5657369f3d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"0f4d5d976ece36ba9ec316861012c1cb4407a9837660347f3251d14905494e0a7b325360c21e2a20784e44a37d","nonce":"f4fee6a6f8e2f5657369f3cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"fd3e4d8869b78ac6cfe74dd34b462cc9cce95742dbba5a59d26fd747c032e19e0a077a2388411326d53f692a20","nonce":"f4fee6a6f8e2f5657369f3cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"c97f4470126697a8ca2195dc74126b5488cefd9750083f6d3c103ce630a08c1b8207d434e1a550040e114808f2","nonce":"f4fee6a6f8e2f5657369f3ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"5cb94a8f51acd555194df9893bd7dc7735f40eea9e6fac238203bd5b6d73262ed177c5ba73c04b5959e646b790","nonce":"f4fee6a6f8e2f5657369f3cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"cdbf22ffa5cbebf2bbb9865cda2de36c4c030a39b08cd914d09c709f441dea1c3ae5ef167d75e3d3aa1890a503","nonce":"f4fee6a6f8e2f5657369f3c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"f26af3b079b7195bc6c73aba061df6a0ff4f3ebf6537aa400f36fe6fc1c3845c6c87bd1c602adf12d90ec8acbf","nonce":"f4fee6a6f8e2f5657369f3c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"2e61d18490ca3dc834f2141f10cd7fc0db9a920dbb3c7580059fd193d3affb1072792195e79974d8ee3bbf46eb","nonce":"f4fee6a6f8e2f5657369f3ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"923c8442918e3615ff651a630d6e1e15d6287ce590c7861422a8368600717ee52ca3c976d085fabfb70a0520c6","nonce":"f4fee6a6f8e2f5657369f3cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"a2a26300deb7cedb86a8b6f7b2f5eb8a97e86b3ad8152e53d953e28a804c65606be45a0e1ac7ad050c4fcf4cb8","nonce":"f4fee6a6f8e2f5657369f3c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"0d1fdb54e030388eb8470c66244382382bed1fddcd98ef4e0adf44dcbde73fcb8b2757ef351a2fc8399c5c89c8","nonce":"f4fee6a6f8e2f5657369f3c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"d1373b934b9730a07bc6c6b9ce8f8d17fc26206f0c1a82e438c2b4b44e3a83c2a650e425248192e0c8091b7bcb","nonce":"f4fee6a6f8e2f5657369f3c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"29caa7a0c675d5dfceaf345e80047dd69ae1aae5c57675817655ec69eb900a1f5f64d4fff516a67fe31d3b3a9f","nonce":"f4fee6a6f8e2f5657369f3c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"c1df6e555592d4b005a37e9f1cc8a9682b574bc3ad795612ec30f3bf9c93c5e71bf25136b57931edad653f6fce","nonce":"f4fee6a6f8e2f5657369f3c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"af069ab851affacb38edb8bd2a54f7b4f2c25af7747dcb90404fca037d6c1bd4c14d8b571e3433b1975b03ff91","nonce":"f4fee6a6f8e2f5657369f3c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"521e213141f3a9ccf0a40451c35f280a944206a4551831f61b5172e659570a4b31b6cf34bce85ef6ff84fa0415","nonce":"f4fee6a6f8e2f5657369f3c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"5ef470e735d6c07210ada47322d26ea5ec29eb2ab3483e275b7794f687d5396a909188e7123b729e3c9f05a7be","nonce":"f4fee6a6f8e2f5657369f3c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"9e2c17000c86dab689dfd8df35f99e101ba9cb8e10d6af65346384bd9a86c30a9f0190f8fa79d6f41373a383e1","nonce":"f4fee6a6f8e2f5657369f33c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"3dfceb5621d24a6edd3180746def3aa32c1a37f48a39305a612eab1e51743a4f38502f4b1f1e38ef9eab4365bd","nonce":"f4fee6a6f8e2f5657369f33d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"f6a883121049ee511acde01e4740fdbd55d1fc516b8d7424143824dbe324611ef4ec1ce6e96ed1afbc29d6a614","nonce":"f4fee6a6f8e2f5657369f33e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"7f781104c139fd66a65946b5424889bf3b59d2224a2865c015a07903cc227c775480744ce811e1f3ab8feb2cb9","nonce":"f4fee6a6f8e2f5657369f33f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"d2c535e658685bbcbdcfb79e35e775db4c98af2bacc2042a59a59fd52196821d94e492ce7378769270fb45ce54","nonce":"f4fee6a6f8e2f5657369f338","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"8556d67d4acb35a20a087591031428429f30e71dcde48b99a8b4b6aa78edfd8dfd4c799ce708ee61abce7cbb3b","nonce":"f4fee6a6f8e2f5657369f339","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"4b47175f33691da03696d1eb736bcb0c4f5dfe401a388e6e4517ecc9578058ff83736525fdf06068951036ed5a","nonce":"f4fee6a6f8e2f5657369f33a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"30a8e7eebc25a589b886a2fb25231c132527293c8c444454d64be73737b0cacba337e5cd1595a10da98e440f90","nonce":"f4fee6a6f8e2f5657369f33b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"a7e28a95df693a029ebe9fa4c8a280022de512674ca4889c4e0c8a6436ecb906ba93914827c147f1dedc66edb5","nonce":"f4fee6a6f8e2f5657369f334","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"61ed62a0a2c00e7b25adc7018fcf0e46410fc9073b5ae381f51a568fdcf6b2adab4b8306b582bb7ac35bd02616","nonce":"f4fee6a6f8e2f5657369f335","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"0d657418dc80e4a5f7135682f8f2da6141a33d22728f67edeebecbb3ac8bcd76518528eef648d86fee25fb617f","nonce":"f4fee6a6f8e2f5657369f336","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"184eab3580fda38da8edaad000b1b7732f27d40928ed61010da198c42c12e14385724a51254dd7ec06f4850bc5","nonce":"f4fee6a6f8e2f5657369f337","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"258448020ff6b18ad04b322f21dbd17943081b00714b3f00baae2ca7e37e5f11026f0f8fa276df2860fceb5de0","nonce":"f4fee6a6f8e2f5657369f330","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"99d0126ee6f18ae874f3703497284530c49a3f9d9c07a301547af37d9ab6a8f5c7bb4cb9ccdd0ee14b6995610e","nonce":"f4fee6a6f8e2f5657369f331","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"499bc58f6141d2bd11443ef475d5df58eedf5158ef6c6360296cce02c94bdf7a15acd482d52326cf0978484dbf","nonce":"f4fee6a6f8e2f5657369f332","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"eac9e35f4f35acf0d7225ce0716144c1147208f6534b47655f51ad046c223a0b0c7646b9a200be00584faeb6cf","nonce":"f4fee6a6f8e2f5657369f333","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"2b79bb1552418e6aa5702baebee12f91e2d23cf7ccfc329d66917dec9b4516915a1269a087bf3c02808f2d5ace","nonce":"f4fee6a6f8e2f5657369f32c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"21d8912eecf390ad553525f40799995626882e9da19b89d5cf8078ba7779c0e3c803542779b20422ab8cd7711c","nonce":"f4fee6a6f8e2f5657369f32d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"cac3d6287bf81c76e5c6ce763e4515a2197c7d4c3f406df2689b9b73f5ef5cb4ee5fd57e8aee77516d0220a2a7","nonce":"f4fee6a6f8e2f5657369f32e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"6959e4e26acdfca3bcbb61e600b4f3fb3ab6b4484c98747d8be5d2c76d4162fa55ff3fc2aa9ac4955a6befbc24","nonce":"f4fee6a6f8e2f5657369f32f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"6fc9ec3f13cc8d19f213af05a8d527309e1bbad2d8aeb754cf1df1c0f622274a0b631c05c54aa4eaa421c98d40","nonce":"f4fee6a6f8e2f5657369f328","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"b9976be697b7485a8984f7e1553e64c1f1ccbab1e68ed381c42f2f074cde633b11f037ddcb8b6b07f94462d63b","nonce":"f4fee6a6f8e2f5657369f329","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"bfba3ab7245bd65e051fc9e7519e653c9b3ccdd719c0e6ea95d1518d6a3f7c70ecefad5cea2e867ab54597f003","nonce":"f4fee6a6f8e2f5657369f32a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"a6f0afa57deba665584aac9e4ea7d727020aee562c329413f2307d2df918ee73c98887876544aef81eb989e3b9","nonce":"f4fee6a6f8e2f5657369f32b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"405e939dfafb4170d4b6e455ec10d72a130ccf3f8dff937a5a44afa966908edc45037d9edea58defa40de6af82","nonce":"f4fee6a6f8e2f5657369f324","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"06edad99850fecd632edec4659dba2a4b379eda19db1e60d7624df2e88c1ae47411f374b76353eb63192f3218b","nonce":"f4fee6a6f8e2f5657369f325","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"22fcc620b17b27db285cd046509a147f7e3377c91b81b74482ab243c107d8fcd98d051bfb3390249c29e104a2a","nonce":"f4fee6a6f8e2f5657369f326","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"1ade14d9b11943bfc330d267144efeaa61d81395ec63caaf0f13e36c469666cbb4ffa5674521f4b72d25992f22","nonce":"f4fee6a6f8e2f5657369f327","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"75d8fc919af3e788d783e5a16e9e60ee00da30053dc2092f2c77a23c34c54626e872d13abff9e4aaac727001f1","nonce":"f4fee6a6f8e2f5657369f320","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"1030cbc2ac6897e3c957f4e67c974dd416d214f1550ef807444812c87561b7c46c5674300ad9e0042b53cebec8","nonce":"f4fee6a6f8e2f5657369f321","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"7fd7b3a94e835c852b9eee6dcfe38b24781950ed4ea9f27339363b0aa64c5dce92547f4ec48430e6d00f1cab98","nonce":"f4fee6a6f8e2f5657369f322","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"58eea2f7a3e53c8eca9fe861aff04d7220e38888644e0c7de9dec7d7c9d2628b1c4b55fbc5bee5a3eb52f36387","nonce":"f4fee6a6f8e2f5657369f323","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"03a40ce564ccfabb6b4ce7f2b81a2facf9f3dc0fc8d7ed7815af6039d035476fda73b0d7e00a1238946cf539c9","nonce":"f4fee6a6f8e2f5657369f31c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"423bf5388d444631d399066de934a61ff2b56ff6bc78f02164d5de242d4b0407a0761126de3720487602708881","nonce":"f4fee6a6f8e2f5657369f31d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"3155aad98dcfe4e448864553316208f25e5cda373848dc42f0545d526fbdd04dad85cfa0f24a40abbb443cf46d","nonce":"f4fee6a6f8e2f5657369f31e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"1c4e8af24ce79844751875f837fe7863096937a5585c85409043f5617bda161d735263398c4c63f481846ddf4c","nonce":"f4fee6a6f8e2f5657369f31f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"2d25aaeff0ba401eee0a9975bca99a955aebb25b311f3fe348c61726b54443d9029421e6bab67cbc575f01d8fa","nonce":"f4fee6a6f8e2f5657369f318","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"be9768eb96ac0d39b4f29b89e41f5c2e274ebea07e5a5a81f7426d7077a2b9d992660fea486e1c1da6d14220cd","nonce":"f4fee6a6f8e2f5657369f319","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"9d525f38ea724978161f58ae2ce8fb6edb470f84f57777ef1b793615e644d096d5347f77758a62354c9c7e5b35","nonce":"f4fee6a6f8e2f5657369f31a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"0c3567aa67d05dec0a39171573a2e15eab06c28db6efd7518f5949c1ea5d243c59d67c318612157bfb00270905","nonce":"f4fee6a6f8e2f5657369f31b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"fa64c7f68190f87a26aea9d9acbb174676086ef281d653199c4b6b4235de510b2a04072a0bbcc7905decd76588","nonce":"f4fee6a6f8e2f5657369f314","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"48f440f4ce674d9c58d2edd87d4c3e1a98ce1aa184256be20577c69e5176eae8736392b5bef69b0a1075f61cad","nonce":"f4fee6a6f8e2f5657369f315","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"c9f6cb02fe1112fc6ede3779111556cd5cec45c2a1c0f857db667798119736b451338aeee960f627c2825319a0","nonce":"f4fee6a6f8e2f5657369f316","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"0636311c43c07ce446aae3d7f2b26c3f11a3162468fff7b16ab38c22831956207601269c6a804c3d655df00458","nonce":"f4fee6a6f8e2f5657369f317","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"1d0f973ca7071248be6d55831846fe8e4ade0c9a79e05493951f1c231d42b549d5ac91a9c4217594b9c63e1726","nonce":"f4fee6a6f8e2f5657369f310","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"6668f166558e3f7a47e9720d6f4dc1a5a95b0c91e58ddc38548fd4e7c55effb6291389068ddb28579de7248691","nonce":"f4fee6a6f8e2f5657369f311","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"67a0239bd471f3b7e80d7261061ad1c526fc4e3d1f0df1d5d7b3febff003215b00470ed920f1f5af5cbe76146a","nonce":"f4fee6a6f8e2f5657369f312","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"f06e36792d0e81717e404332e211989af9aa8303cecbbbf0ea30839a732e087bc28f5dec4540e18aa23f5e12b8","nonce":"f4fee6a6f8e2f5657369f313","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"d232db45434e5d29d24c8effe4c073e5377ca8bd84d01c0b170d461ff8f6dd9bc49204021ee2afb1300b054c49","nonce":"f4fee6a6f8e2f5657369f30c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"6f960666f544efcb716dce7a2da5af975f52b53475daa78fe8421e4b79f2f9866a883ec35a0c0469ea12d799a0","nonce":"f4fee6a6f8e2f5657369f30d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"c06ec1f4331f6709edd137dbc005b747d1d372646c1a713b95e41e37768dca9b03833f092e8de6759f6ebc66e8","nonce":"f4fee6a6f8e2f5657369f30e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"8fc595f85ec924f954cc40f727ddbd02e120ac3b9e13976dfe481b6533dc925ad4f3954c7642af0375b44f5e44","nonce":"f4fee6a6f8e2f5657369f30f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"2840bf3b10dec01804a752df6d3fd38314e755684a69c5267442170303390674f2fd630d2771d996fe77edb18c","nonce":"f4fee6a6f8e2f5657369f308","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"6c7e7020a1caaf4743fdd384af5c9a6c2bbf7b26d30ca5927b2532570469674445213ca8ffc5642bb144c3652f","nonce":"f4fee6a6f8e2f5657369f309","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"d6130be3581468675dc49ffb39cc97daf2c5641e5a8a895dad011763f619eca2ce04cda864961eb5a8e7a8ec6b","nonce":"f4fee6a6f8e2f5657369f30a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"2d5cd5d5e1b9eef9ee1b87445b2f27e5db3c211ac4315f3ffca9b40f9677bd54475d07d03fc71f4a39343318b1","nonce":"f4fee6a6f8e2f5657369f30b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"c862598872230eb85a63833729e38afd6e847bcc777c4c13eeac3f11a6a2fa7b7af5038ba385ec81745ee9d57f","nonce":"f4fee6a6f8e2f5657369f304","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"639b54d258412a14965ccad18221a14f80618de9c0fefcc777da4dcb8130fbe4eec594b61552281ad294c64dd0","nonce":"f4fee6a6f8e2f5657369f305","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"f7ead0b7843612a8186e3c8d6bb3715e6fae118e082531c6707cd3e4d28bd20cc89e562c113fae24a935300f60","nonce":"f4fee6a6f8e2f5657369f306","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"a38ea201405a6a51edacc7b5ec8bd674f09f5d8e83aafbacb79bcec6768171ab242ea739b1e145bd086e85843f","nonce":"f4fee6a6f8e2f5657369f307","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"747ee2011c766a7a0dc53a0eb1cf75c2efb83b8477b67978fb3a0985a770f3ed54e9cd0b779f06226770c01ef1","nonce":"f4fee6a6f8e2f5657369f300","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"1dbac7fa99fa7e04e556efa3925952a44d714dde8d753760f6aa7452c0fab6aab75aa11350f88763a444330861","nonce":"f4fee6a6f8e2f5657369f301","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"eb2962a131338c14ed215367cfb8e6a91f4bcab44c1f91f9382c95355bf13b362d9cff1427bfd15b8bfbb5fa85","nonce":"f4fee6a6f8e2f5657369f302","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"0a35316bc8a51b0848cbec4386df44e4645466784aada3d4a3bcb1fd73f41e03a3a20edee36305bad86ec72430","nonce":"f4fee6a6f8e2f5657369f303","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"490ba56d4118a3cb1ec9895ff1432533db5660654b63a1b66b39587ab13db027adfcef0f6b193e2f91b91e2e9f","nonce":"f4fee6a6f8e2f5657369f37c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"13865fb409c2bf00e46c759d3320e72f4c98e7c148d4b002c6b4be2c900dd442b51a12a5bdec7347f5899e1c56","nonce":"f4fee6a6f8e2f5657369f37d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"2ea046acc24cb170d3a627721ed6e9d9bab1741525b0d9d4637d80560c5d71005e13f27e89b8c1a76dc65aa9a8","nonce":"f4fee6a6f8e2f5657369f37e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"3864f106ca16a40eb35bf3bbd7cb621d8636db6ffce19946024e1b266c25632a2e9d758518aea5e965d7ae0de7","nonce":"f4fee6a6f8e2f5657369f37f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"1308a0e25aad8dfbf74ac0180dda1be917a0e48cd85861ab86e035c3abd2910b422b86a9930ae287828361bf88","nonce":"f4fee6a6f8e2f5657369f378","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"b32c8e2885e7397211e16844dff271b224b9ef554ae316836cf4f9b289640c08ce4ad7d3ba22dcdad16a5b8f21","nonce":"f4fee6a6f8e2f5657369f379","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"a7307750804d44adaf86e6020b092c5a282b99d70ce0dcb2e7db1701254b14f05dd3b8250cd0c17c7430487723","nonce":"f4fee6a6f8e2f5657369f37a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"76fe355c76c42230e003bcfe39081200ceb016ed653fde03e543d6169033bf8ce9ccd63ecb4ce422907ff38a2d","nonce":"f4fee6a6f8e2f5657369f37b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"909de12d1bf070720b007fc04f86788b65a9162607f423c7b244f703bf3400ac7ad298319f51d27a91328a1bc4","nonce":"f4fee6a6f8e2f5657369f374","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"0c8a75a7a9dc18c5581b8a67e6ac83c3d042b339bad26f8fb3633e32c73a4f865a1a2e28dc9934cfbb1feb2887","nonce":"f4fee6a6f8e2f5657369f375","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"8d4896beb46a247783d27e7920aeabcf96ff2c4b47ba62c8b582f34436254898bd4c70d68fb6dbbe191e93fc21","nonce":"f4fee6a6f8e2f5657369f376","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"02290847b7ac33cb44e19dc991402216a3f68ace499c4aab801e5fd2ab06366a129178354eaa2266008e37a392","nonce":"f4fee6a6f8e2f5657369f377","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"90a05910db0a8c20da76edd5c34486e39de3d3d6a480ad00a27480a09d87fc0e8127f576f42184e79243d79b2d","nonce":"f4fee6a6f8e2f5657369f370","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"1144dbc64dc741735039f830bf9faabac71f54a229beef3c723d04457d4e827f606aad76ac2f84f5d73ec8a131","nonce":"f4fee6a6f8e2f5657369f371","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"2a88f63650523146a679c049653ead631cff86ac4460a93b3cc4aa1639cab5d35f44fe8eb7c8b05e3f32bc101f","nonce":"f4fee6a6f8e2f5657369f372","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"56078d28e37651ebe08aaa31224dee9b933081e9b9dc526e5a410735789b6712b70c7485772e11770f70b0708f","nonce":"f4fee6a6f8e2f5657369f373","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"05818bcb705802d27a23e1231c62edba32a78b7d7af01ef923f420d564debff9fdbec013d3829bcde032127c17","nonce":"f4fee6a6f8e2f5657369f36c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"19fca16dd5ee8c62b8082408503cdb4d8e41e7c38772109dc16c0a9fea09b922be497c35e0e6ac11d9fadbc690","nonce":"f4fee6a6f8e2f5657369f36d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"9ce3139cd2366bf18500a9fa96de318ac1b09031aa2603846d90d930fde20dbc56b42bd6ba597e416a43772d2d","nonce":"f4fee6a6f8e2f5657369f36e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"ce20e756b3bdcbf4cfa1745800abf7f9d9564917e5e9c4919f745d1d1508de89f04412a6f9c62222fb2c9544db","nonce":"f4fee6a6f8e2f5657369f36f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"aad6480bfe384c13b8ffc7fe85adae6c0d952ac29546fd695b8ee1162f72f88fe5e70c00b98f54951edd7328d1","nonce":"f4fee6a6f8e2f5657369f368","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"84f1204295903b273799015f75529efab0a710da41acbe1c86d61f3628022318cca0e827b9fa663246ca0ad121","nonce":"f4fee6a6f8e2f5657369f369","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"b772c4533994b449be3ff00e49130571ae27b4aebe9f51063b51afaf70ea6aab539f67dbb47436196dfddc1fdb","nonce":"f4fee6a6f8e2f5657369f36a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"470807ec5ce716445f405726d05c19799250a7fbdae77d785629f2884a7b98952debda9bbd0269f9caf989ba52","nonce":"f4fee6a6f8e2f5657369f36b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"5d9cd11d343cdf3fa76e112127080e4d1b9712d14f3e9b7194ed88221336f784fe41b8400bd94f78ddf3b6d8c0","nonce":"f4fee6a6f8e2f5657369f364","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"b4f11508af19686016e649240253bda4c6f6ce2e15fd710971f62bbb9c55ad7e48d5eb44956a800b428680e167","nonce":"f4fee6a6f8e2f5657369f365","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"286d6387a95aa54992973d28373174e4a516067d2f378872efcf33a7eb3a312b3688d7eacca9ab615076c26282","nonce":"f4fee6a6f8e2f5657369f366","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"f54517e8ba603466aa9e5b7afb45f76d78fe84455cef6d2b3dfd9cefda2af3be9d4dbc14f73a70e804e93281e5","nonce":"f4fee6a6f8e2f5657369f367","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"d4172d4e1a2bd2edae5a2315494f3bf506bbe3c7a028c714cc6965ec4ae1904670aaec9d11c8d2373f3e3f046e","nonce":"f4fee6a6f8e2f5657369f360","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"2ca392d675300cca8788166ed3777c93be2245a986d0d066577c5d7447d990b0703769b56f4e9a2a6188014f79","nonce":"f4fee6a6f8e2f5657369f361","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"4db7827ff2bae47f681229dfc6259c8a6a927b3cfee1215d94d7d0efdc6adafffa0fb39abfc50e850db3aba85a","nonce":"f4fee6a6f8e2f5657369f362","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"6c8cfcc2b1f59966a6a37deb1388ad91fc1ed91cefbcf49a380ed24508a48bf8669485ddfbb1b1c583109312ad","nonce":"f4fee6a6f8e2f5657369f363","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"deb88bfd20ba7366e171b55510052f743b90ee5c1ee3e1ddd6f641a9f222fedf7bd35345f06c1bd06827cec8b2","nonce":"f4fee6a6f8e2f5657369f35c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"69bc97efd57ecdc10d54ce48eaedeb1043ce94e0ce4d5601cb188ea137cdd2552197281a647db48026b5105aa2","nonce":"f4fee6a6f8e2f5657369f35d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"c1f03d5e07b8b0a018f6e2c3ad06f70ecbf9255a55b7a0697f9a14c3dc639b0b363fd3976fbbca7a6859d7a483","nonce":"f4fee6a6f8e2f5657369f35e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"bce5da709dc88d64d420b4493fd51ed99c05c7e4b49e363eb0fe41716de8d401fcb68f5e2c79e55719e9f26bd0","nonce":"f4fee6a6f8e2f5657369f35f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"358ed76ee52c66626432351fa52182616aeb8904f0df0d7bba6b6c137f051798c7ce1bf7f46e765e348bc5243e","nonce":"f4fee6a6f8e2f5657369f358","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"0d8c92f60cd027b1a36abfa02d0e24a7507710ed2b621399a93d8b8b7d700e90a19aeab77eb4fbca50b8b4c981","nonce":"f4fee6a6f8e2f5657369f359","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"6723d18d7ae7e70c8322e57195fbf358ba8474d8316e3f5f6b2237da35bce6d09545abe4126506722bf64ecc32","nonce":"f4fee6a6f8e2f5657369f35a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"6a6604efeba9cd09a5db61296c3de29666fa47cb5d6da8a8fc388867222f8223a8d859d0e714bc71c7400cffe4","nonce":"f4fee6a6f8e2f5657369f35b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"b7c4d4c0de0542309409fe3732ae4a59dd6717d142b977a9e8be8e79837beb07f6af083a9651689940bc4a3fbc","nonce":"f4fee6a6f8e2f5657369f354","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"9e6a51faa5307e533ccf31a05e3a4d1034cf791e624823775593b107349ce7c872f8e6c61277540e2c806fa1e2","nonce":"f4fee6a6f8e2f5657369f355","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"f509e809ee07d4554e8b4cbb8946b0b00295e9f1fc5f193f8e2de21389cf8b87aeca2df3c6778cd49e42060197","nonce":"f4fee6a6f8e2f5657369f356","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"2cdf8414c338edaf9b61207b8ade59a4704cc45431c241f4e8585479601277c5ef6d949e015fb972935e2b70ad","nonce":"f4fee6a6f8e2f5657369f357","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"6cd1d3aa297b7209859271fa4c9aaebad1b167e408f4a46ea3ef9efc0c5a549de832afe8ee4b637a8fb96557aa","nonce":"f4fee6a6f8e2f5657369f350","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"307c77051e6a60a6f379ce256ea1bc719ec80fd165443e7105fe58c13e27f2cbbdf9955aaf1487d7c426824516","nonce":"f4fee6a6f8e2f5657369f351","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"6c5969260e4991072307666d938d955e7f9e3927904686737302de1b69ea6aa1ebf55590f3362dc4642a76648a","nonce":"f4fee6a6f8e2f5657369f352","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"5648772fd861da1f4d75caed29a167c51d055399e2a211555e12088a9f8b4d1825a796632e43b60672e9e9a107","nonce":"f4fee6a6f8e2f5657369f353","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"8d807258693e3017b66cb5fb75d593bfda252a8722853f93417d22cfb4903eadd1a8adcc9116b293ad01d44871","nonce":"f4fee6a6f8e2f5657369f34c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"179fa3d7bdcd3a0f1414e6acedd54f7a944fca34babd9e70b8f637793bb65a1eb99973026badb4ecba20d710a1","nonce":"f4fee6a6f8e2f5657369f34d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"c05bde906f60dfd19c5aee35bdee7b8de5f08641837db6cf8a85f34f90e8c402ac5e5280a11331a0747e2ff44a","nonce":"f4fee6a6f8e2f5657369f34e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"07ddb42e595999996ea5802357103f6949d3f8af54a9a9c4483337fce85d57df90bb5cf6eff955de7966af8a74","nonce":"f4fee6a6f8e2f5657369f34f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"b18f1c7bd34f2d16aef1c33cad22eabb402b0a5389e2bfaed87f0fb89c8aa03ddb584610f6c019bcfea3d5b120","nonce":"f4fee6a6f8e2f5657369f348","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"0ae129dbd2f2bfe673ef1f7bf7135602948f25190ad88ded5c97b19a26e1fda9f8f2d92b221bf576a2dec3d36b","nonce":"f4fee6a6f8e2f5657369f349","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"7d0a217bfa89946a647085384930cdaec6e58ea42c6cf14083e0f6dcdc29c827d075ae588d19822f5a77b66f06","nonce":"f4fee6a6f8e2f5657369f34a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"0ee245a15dc2c076f79c9b5470015554b4e5670e01b49d935100c26e24401029e3c2f11d0f51b8e942b41e9c4a","nonce":"f4fee6a6f8e2f5657369f34b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"1334068a6e4793050a70892fa7a0d1c1afd8af0a8fb27251fd82fa787a9ac37a92520071b386c125f3c9482ecd","nonce":"f4fee6a6f8e2f5657369f344","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"480becac23432db9ddde63141f5d63975b8f850723decb9b0c8bfbbc6b8eb07a004625ec5da61cad46d5d3de02","nonce":"f4fee6a6f8e2f5657369f345","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"5d9bdacf0da8e2663fb6c63cd8adb26632505a1c0c24995ae95b3b109445de65e2e3e940c8823bc1003e030b48","nonce":"f4fee6a6f8e2f5657369f346","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"c9b53dc3a9bb4b26be4388ab5c2992160b698c1585b5c5bfaf2f3468fe63b29fca5cee679730713e2db03dfdeb","nonce":"f4fee6a6f8e2f5657369f347","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"a67b3141a81e92b6022ff62035e66ddf41f2d3020e7ca59fa30907a2aee62212f6e8027d1314f6d569a112c7f0","nonce":"f4fee6a6f8e2f5657369f340","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"d54be6a8db9fcf127dcb0024101873e1c20bef9e153fdde2d90fed709df1004e7c9b93b4f4e43bfdd18ece359f","nonce":"f4fee6a6f8e2f5657369f341","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"4d57171b90dc036cc33723e63ede857ead6bd2af070306d283f040131932fc75b735b101764ed18b187d3530e2","nonce":"f4fee6a6f8e2f5657369f342","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"0af33c08700f9b9400df4ba26c38c10c9e4a673e14849dd948e3360202df3444df8e40ece64767b8ec67a13aca","nonce":"f4fee6a6f8e2f5657369f343","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"6a50e3b6dcddf2cc50d4c81ef4a06de0869d70bc09573a08d529e8114917bd7a4d416c76173e362f91db389542","nonce":"f4fee6a6f8e2f5657369f2bc","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"722aa34bd26f69aa1763f46d7eae6cf461ce74b6952483f3ea7d490c88882982"},{"exporter_context":"00","L":32,"exported_value":"ea0c03bea28f6a22f5c93c52a999fdbd386572920a2838304e987d6f930d5fa4"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"3a3980d8a63287c12db540669ded019a0643e236e25896f2f3197edda044b3ce"}]},{"mode":2,"kem_id":32,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"25782afd448caad143f0416f19e147793ecdd2d7b42b75ca3605ab7a1573c05f","ikmS":"883b282f787ba9452b1f76cd8a5107a96264f7e7be9e089cb17887343e393cae","ikmE":"43b5c9e73526213dd69a4fae8bc905f4303f1f8ad78e601144147daf1bdb0764","skRm":"b3e6af7ec768ad8afbf7d4b1686f055dc5607d4dfbfff43ef798ab7eb9225400","skSm":"cec1b09bc81db8f6087e86fe02586b09e5e68166cda9655d5221a7be1528d5e6","skEm":"6ccbd501372c8976c2ecb9d69949311a23de77b6dd1cbd917566e28200f2ab8d","pkRm":"f14842fb034d3725cd7c6a2fd86daaa1151b7d3f6e732d42d2fcd6cc90c11617","pkSm":"679cebc8fe9b8b0e559e938fce8e91d52aa703de6a7b1ffc9ba968f587f08553","pkEm":"331597d5612993d3cad921fc4ba43cef927b0e371b3a2881e6e7c45b10d6ea35","enc":"331597d5612993d3cad921fc4ba43cef927b0e371b3a2881e6e7c45b10d6ea35","shared_secret":"aadac9b340124ae5d0d0793b56fc50a9d3b7699fb44d8e583d4e863dfeacd406","key_schedule_context":"0283803015629a22448332cff137aea9ef69ae21d9319186694096d72c7f14d7e493d3883e171235c9b358f9907d0398275a86ec17f0c3e2e74311c05ccf329d94f18df7d7fbda3c938157f486a23f47621b8c7bc4ab9d89fd902c1d406709ca1b281ef1b7bc4736dc044ee497d5dab805fd38a9f4890398ab2569653a0a7ff73b","secret":"9fcc9482580ef8b9ee271aab6d0e99bb20949588f8a4e8f6eb04d9307be1f794dd845b20445418afda330b1a48e3802efe06b2130db6cd9f8b82341292764a5b","key":"fd6ef19ab54900b95d3dd5a524c53ee6abf7a2646265ef676c4138d6aad6e3fd","base_nonce":"256c397646960f5fe361c7f6","exporter_secret":"987ba4ffced939f3d55945ff86bfe4beee4461fcfcc4dba0cc00d04b47629b926b255f8ddd15134ac538a1d7d81000f2e04b539ebfbf8e67af35e385ecf38484","encryptions":[{"aad":"436f756e742d30","ct":"adbd321208ae0bcda6521dcc01a1cd232aaab5b882730de597c580a9b6222d0e6038af6dfe09f3d46a1fdc7f8f","nonce":"256c397646960f5fe361c7f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"5f858a95ad3702f761f74d1ddb07c6040ac2d73961d08ace71bdfa6cfa22fe01ea13c198370025fa6dd7f1025f","nonce":"256c397646960f5fe361c7f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"04d99862e56ed44f0b74b929ff6f1cdc2452703cb21653cdded4a2025ab02ba0fa7a0364aeefd9b08d3cdefb03","nonce":"256c397646960f5fe361c7f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"5b4787043823ef2d3c3fff16d67af96fc55716e2f495271796923c441712bd2545e1dce62b0c4e41ffc3510a92","nonce":"256c397646960f5fe361c7f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"352f1feb9571d2a7d52fd180f03a629ef21045417087081b179343c6025fc9850012398411a916bd11f2294a43","nonce":"256c397646960f5fe361c7f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"0e97ba884dd89692904c17e066e76461fbb575f3d56071bb764bd22d4e94891c8bc7e8abbef12210f839164497","nonce":"256c397646960f5fe361c7f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"16a7658cc18aba22dc3abb1ada1577f1505cb60c06b409f090786fdc4832a3024e908d3f02885f68c5b5c1065b","nonce":"256c397646960f5fe361c7f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"fe2a99b94963d8a0751477117bd47606a0b982afbbada6a8746266d7e0b94be507cbcd0c73d5918059b27db742","nonce":"256c397646960f5fe361c7f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"90dcb946a9fd695820df0f836924a9253caef2c94f0bff6b0bb87e3f041f45d5e7107cc6df29c170a77a984fcb","nonce":"256c397646960f5fe361c7fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"c35a427617974bee71550b2c5b95b95772d8756bcca88d121cac3bf629d23fa038a46e34a18c13d0a3159d765d","nonce":"256c397646960f5fe361c7ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"a1fcf4831d6f4c77f909a58c0fe4d2f221bad198fe7d9ad41e943097375bc79d5e37fcb8a137e46f2ebbee2e5a","nonce":"256c397646960f5fe361c7fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"3987c1bcb3edfc6ecea6fad40b8b1a1d844b79c46cb264ced67d7ee93497592708d3f448d8d6495b860afd07a5","nonce":"256c397646960f5fe361c7fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"03d6916031846d10fbe8ec4d3f06549586b7e4902a4302135a5526c41caf6a65ba968bd461639f6924dfd4eab8","nonce":"256c397646960f5fe361c7fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"a55a7bd0714e728651e7040ec7ab21bba4b5a94a696c5c17fafa6a4d1b5d18f1c7a7492c8436f4018085764fdb","nonce":"256c397646960f5fe361c7fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"647ecd2d0f372a4fc065d5ede8e9a704c228c09660ab505c42a00542e63f5a2952f9f04900f22455a484b42a71","nonce":"256c397646960f5fe361c7f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"c96b9e91ede11ab39bb5770d90f2f452f1625c609286e260e0a0f6c609c97321d3f0c10c21637c51898a2d92f1","nonce":"256c397646960f5fe361c7f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"c43bb717c25a5a91ab381553eb8e8c999834c4cbf763c7ea54afffb710fbeb2fbc05f182024698b8b3b7035479","nonce":"256c397646960f5fe361c7e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"15b2d6d202eae26dee3a6cba6fbafafe9411894db3f9a1d79a9926d9846425ed025cab3e235b9176fddfa0504d","nonce":"256c397646960f5fe361c7e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"42d19c297d48adfeb0c6e88c65721e2b640dbf804d238d149912a1970f665aaf6183ad80c7c1a8db5db5791324","nonce":"256c397646960f5fe361c7e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"568fda22c6ac7e88f7308406d314661097de78fe003bb52c974d5c70a0ecb27ee2bfacf0c879ceb8024dd31634","nonce":"256c397646960f5fe361c7e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"e3c5df6e5d5eca43a710d0fd8f8ba8e3095a20815f28ba1f925005b0cf66ccf544e2cc9602c683500013b4d98e","nonce":"256c397646960f5fe361c7e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"b83150914d55c7e9361536d4772f96f6ce8666d33bed2da9a9f9ce8e0cb629bcbef93ac7749258b1bb3d1ed348","nonce":"256c397646960f5fe361c7e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"7faa61a3a64810bf5081f7a7b7ab4ecb596cc55de522c6e4c6f2bac8373c1052a9b3b221dba856c8d1a1e9b726","nonce":"256c397646960f5fe361c7e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"aa87859d925dc32f75a17abc91d657d361e04f20764f214aa86af365b52fed2fde10a0508798943bccaa8af12d","nonce":"256c397646960f5fe361c7e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"4805f6034bcfeb8228a15597f18eba6ad3a39983db83880e61e71248453b277642c1e15a536b0970a021a87307","nonce":"256c397646960f5fe361c7ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"8a8e55a191756e95fef781ef20de2d3277abb82a85ebb074093cb2efc7565cc61fdbdd88900c94a63239bf7753","nonce":"256c397646960f5fe361c7ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"650f0240166af8cabffd346f321ed6005c56ba47f2a3df81794bdd2093849bd5b6a1f865fb86558cdb943cbd5d","nonce":"256c397646960f5fe361c7ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"21405d05f32818f929d771fbdf1493159a2d9c251ef8b3a043f0ef73c40284a48e6cb1d315dcaa0e4d14633a2c","nonce":"256c397646960f5fe361c7ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"b492dc5a7e2b9a91f5adb361aa4c5ca1c25787a4d0ad97174b80dfd850317b3bde0974d8fdb79f3cb5b9647970","nonce":"256c397646960f5fe361c7ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"d1bec00700af6cfbb1ab9b4e6455b054fc9bd3f34af356e18f29e8d760b9a8fdba49cd903bd5bfa4ce2f54576d","nonce":"256c397646960f5fe361c7eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"088b9626610e6719851dd6946558b8bb562bed6cc399f6cf7293151c529627a045dc66c835d0200efb7525f852","nonce":"256c397646960f5fe361c7e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"2aa9910153815855311e4f3dff5759eaff2c40e3cf8d1b5c26238c369e02e3a1c7adffada664828270dfedfc8c","nonce":"256c397646960f5fe361c7e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"89f029a8249df6c1edc80d0d026a0c28db48628ec8ff20cefaa925cd34f9d01f5a79b167696be1834cdf9cbeed","nonce":"256c397646960f5fe361c7d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"99b46dae13e890237547f49c4c67477d72e1d9036c0f62dc5e5102ae097fc46b7513cf395dda0fab7720176633","nonce":"256c397646960f5fe361c7d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"f9e2bb5b3e755a19533b1119a6ffa6ef3fda00ed133e32e6ca796860746692abd2a0f5d2b164c6e4f8086a9f91","nonce":"256c397646960f5fe361c7d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"8f76a4108af261e623f338de3cc8de4c5f77ddd5d91a1b49ca4436775caee81825e59c5a58b1e301ac69041f71","nonce":"256c397646960f5fe361c7d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"ec203cf1cf71382182300ce3dc2dea58fc616df1c34f54510e9b826e8fa49efe1f51cacedca933bd937689e64a","nonce":"256c397646960f5fe361c7d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"e690ca9bbe6bc6b76d2b5ff345da263393121469ae4ff69ddc638646e1a05b48597892473c817c3c1585ce2605","nonce":"256c397646960f5fe361c7d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"b1936acae0a4d17f0b5793e55e1c9b6f5dacc6317ad43b9d57779710dc7cc792652bbe48fcee699c3080798c74","nonce":"256c397646960f5fe361c7d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"8f5bd20580e127baca8dc3a82c26d33c8e55d2ae9b678a666fd00edfdcabce0bc3afbacc39358ac87058258535","nonce":"256c397646960f5fe361c7d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"50041e2ddb2ff6a01693aba3bc85ca603f789317392b3ab11112727ba365c36ee0890f65f7441104246d6db8cc","nonce":"256c397646960f5fe361c7de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"57ea201790704e673e91ba405d12a5b9c6778b14611660a7d9c28d6db5e0504e17f9fac4f3822b7f7bb1bd5482","nonce":"256c397646960f5fe361c7df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"22ce1dc53c6ee56b28fa39ed200a7f4240a82743564d81adf4b6eae8a372aced2fd5b9cbab975b548bdb6188cf","nonce":"256c397646960f5fe361c7dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"3bc031204118658361916d332ba357d2e88b97bf30f1b57cf29b877d9076311308ab99064b25471e0909b31d54","nonce":"256c397646960f5fe361c7dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"e0c9adf46f2d3669c53558be1358ff1ce17c3168d02e0641db770468678c014fc1761a9fd21d59e263acd0f87c","nonce":"256c397646960f5fe361c7da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"ad15d108295740779f143d4681a1eb5d8e802131e4e05482060f7384224527ad1dd17361b8e30c1905afef1ab7","nonce":"256c397646960f5fe361c7db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"163d9dcf887820afbe041d0202fa01bd6efbc23d42bc9f3e17c396cf8cdd53aa9f44b484c2b1e31b60ccab6452","nonce":"256c397646960f5fe361c7d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"7a97fe0a2b0317ef73ae3db0a758a7f11a4a5703dda6605291c6d4cfdfdfb979f95bbab24b2bccf615145e99a5","nonce":"256c397646960f5fe361c7d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"fd91556c10c41656360ceffe597cf3b973c2a39d74fc704b96e8b34c360524a543039217a8dad9c4d937a9578a","nonce":"256c397646960f5fe361c7c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"3c9db1fa970ad27b0d7c83b8c7ac00e6547a5ab06c6b3ee6322123d01e1ce6d5a7e5060b52f86117cc9b40b8b0","nonce":"256c397646960f5fe361c7c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"046221c7001ccaf129fad8f229feb65802bb60d914cdf4e4778100a23f519b6c6205e9f5a6130baaa7d56e81b5","nonce":"256c397646960f5fe361c7c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"7ce6c25e7dbb6be7c0233c1669c09915eb4113d7a55a1f8a3358dcb6f4e70526b9d2affb67a05cba08e8575ff1","nonce":"256c397646960f5fe361c7c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"a2b544152c0e3ad8b212f9d065eff54d0cff80c2ecec9155c6b08799ba563ea46767b94f4a3599a2e5c41d15d9","nonce":"256c397646960f5fe361c7c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"7b56bda57561f3d2dbd51ede8a4cc24061e8f73cc01e3299086ea04a187a88a77c9aa60111b1a61f44b44720f2","nonce":"256c397646960f5fe361c7c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"d76bb5c1f900d891908c28d78715b28b7299bff3ce1951f4e00fa9a6e4591309be650a340f284fe5f76c660ab6","nonce":"256c397646960f5fe361c7c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"d1ca79876f0d4a1d3fe550d404fa8d5925e09326f58bb93ef5c5d3d115ea71a2a30f4459d822f80e83520ce904","nonce":"256c397646960f5fe361c7c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"213d7cdcad24562228b045800137c64a191eaf278e3461fbd38a089f5d481b1b2fb3b1c7b2f75511bfc99435f5","nonce":"256c397646960f5fe361c7ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"40a029e0dc7a54f8209762b880e547b1947b957b3450f134380a139235cc9bab4261b92f4d91d6d56050c62cda","nonce":"256c397646960f5fe361c7cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"c70b4b7031ef7e7a4412e60beac0b1a224bb0bab756354e88122df7778f731dfe9e8a8587ae07a4f507c85833f","nonce":"256c397646960f5fe361c7cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"ca0b147f914fb89c57da3c32d3a096f0a5229ecd8321ef548341c8768fe3558b09fdf575ccec159460e1f4529e","nonce":"256c397646960f5fe361c7cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"a23f4245d9d12ff656d6d9c84dad001ae79c141ba6519a4c90b62586f07bb07ead28c40e5259e02f704cbacd02","nonce":"256c397646960f5fe361c7ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"fa6401ca827b2eab9a2c636d74b6b038d1ad0bade96d9b4aede66f683411683f66db7a2a7bbe23fa47ba31d972","nonce":"256c397646960f5fe361c7cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"8afbd0593d31ced1b44352edd0aa4bd57b5d87d5a010b3b8464409fd24034d99aa97af09ee10c21b5fd6e5954e","nonce":"256c397646960f5fe361c7c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"e6ec1b0e8bdb40ac9da578597751bfe375d15869c27e8a8a0e8d7a5c29603d5d131355644a68a6a5867bc823ba","nonce":"256c397646960f5fe361c7c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"e905db7154ac1bfe320ddc756c882f638289dc1d30d8920a6651e4a902881f901cbd66b66bc7571df656e93ca4","nonce":"256c397646960f5fe361c7b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"b98e289331b605eba38b6d57663a4fe35fd785b96362c443205760ac850c2c31ec44d086ba6482d0ddba870a5b","nonce":"256c397646960f5fe361c7b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"68385b6cdf6a5ed3ea7162b08e89ac90eeff380f4647e7dc6ed91fcceae5729c909abc902670f0b7eb8f1c5ed4","nonce":"256c397646960f5fe361c7b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"5985388dc6997dd3c5d060b2e850f301347cabf83787d6d38ca873ff4633b63feba60ca2abaab1a22f6442eb7b","nonce":"256c397646960f5fe361c7b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"5378e47a43521b3efcce6b095b907c31cd17bea057cb338ef9e5c68a938404c644f2d6cfd60c934148e86cd91b","nonce":"256c397646960f5fe361c7b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"25c34878b5ecf6dc232d1476254fb8b788c79c6e3455241b3d0cca500d2d51c1e163a9a57bb393ae0de358a1ee","nonce":"256c397646960f5fe361c7b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"e08d7614950ec17c849bfe32967a38e359d9f743def62c339a8f40944fbff1d79878972bb92400cef12c9c0a08","nonce":"256c397646960f5fe361c7b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"0de32c3a2d309aff42a025304f05592e0d6010af88a128f4dc12d7624c6a10dc0f5af1e5878ccc18ad26f98fba","nonce":"256c397646960f5fe361c7b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"744ecde9ea43711eb2caeed75854f1749525e463a976464e9a4740ffd2b05c699ab1a80ff57b7021f5ab96c60d","nonce":"256c397646960f5fe361c7be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"bcfe5c229ff05a359bd7e2972938862fe26ad1d65ee6adc31d7417f9916bd6b77cb239a1e26c99502dfe819ea3","nonce":"256c397646960f5fe361c7bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"0121b73d342bda803fecbfd9b45a1008ec334eb62cabbc5292a458c5d6c722bd04670625475423bf4e3812dc25","nonce":"256c397646960f5fe361c7bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"6f44a86f096c007c98604f1b142d7bbb5f39a36e510010c797db131e699656ed49bade39d8a5677213975f29ea","nonce":"256c397646960f5fe361c7bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"e5d57e101440fde7151ab6ac42f5d05a8fef46be9867bc5db6bcec8e05122eb5e0f9b00356726f20b8e7590b36","nonce":"256c397646960f5fe361c7ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"a71ccf2fc9868b1449c31813ab640e0b03190376a5083e1706d1b05fa1b7a22a82a2d163df189c2444116ec35f","nonce":"256c397646960f5fe361c7bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"f3c526457c293104e123d18897349ffda77ef9cf1ad484adbf47ba170779f5d59054f3c2b686ba374869106cdb","nonce":"256c397646960f5fe361c7b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"312206dc0f2b3bb4d8cd1cf71772170b821858f3f11a36b0ebb67ee3b77eca20cfcfc27f88ccca944d01b9cbc1","nonce":"256c397646960f5fe361c7b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"4c9f0b06438d504a04926429a1b7f5039de534cf74668d6917eb58dad4ed20cfec4be41ddcea92c8301c05499d","nonce":"256c397646960f5fe361c7a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"87bc00d8a2acf5ac07bdd353a22557f31935eae4735ec19a2f75f72493d3d9b3ad45aaa668ba17a143d0d29dd0","nonce":"256c397646960f5fe361c7a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"9f2958f511651c27e149d8306c4c022a7e1aac2bd3fc2fa3795d7aa22d5a863788fdcec51caf6841f44b3f4e4f","nonce":"256c397646960f5fe361c7a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"a9a9c5f281792cee17ae94cc334d67029cbe4c87c0efb0b87beac855555db4b5c6a2896facc0132fc7124f95dd","nonce":"256c397646960f5fe361c7a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"665b2e78896b66faea9f6374d0ff9e04eb13a25d03fe2e7d03813ff5da5f000a4905d89bc504a7d6aa574be203","nonce":"256c397646960f5fe361c7a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"ebba67052cd37338d9044d2e9ddf383a0de61aa413384572fbd14edb8e39e2f6675c344047452954d067b2591b","nonce":"256c397646960f5fe361c7a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"03ef605fc3d5e6d96d1a847ca9497c750309444cea38fcab14c8b7fd084794d22ad309e61e4e843263888dc64b","nonce":"256c397646960f5fe361c7a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"7bbd755b4b862237888e70a43a4b5814a31d75008c33c8585a60f19a49d4e78affc7cd3559e4bfe0db300ee829","nonce":"256c397646960f5fe361c7a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"432a1290b8ee0f865f3a5748fa44fb8e9010514d214108c801b293adb75b2dc627574859f4ce5311f4e5487d3b","nonce":"256c397646960f5fe361c7ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"4d29052aef87bc778a8b8dc1466bac5351b3780e2d3b6e771e638d5ba32f6f471e479b1bc46ea72634b496eeaf","nonce":"256c397646960f5fe361c7af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"fc6ee1565b18cdfbb13606931c67ec1a6a7021c95ea16a7dcce0c0e360fc5916c0e72d246b6a59c8e819f778e2","nonce":"256c397646960f5fe361c7ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"d0e55c51e7dce86723a77d28aabcc5cb4b2eff48a5914e5c283c4dd733d0b4c6ccf9defda758f789d4f878df62","nonce":"256c397646960f5fe361c7ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"fbbc8e865991b7bc76bc9a185fe0efb1ee8af549de42423943947bb4aacb1c70e651bb5ab6966e4d8368516f1e","nonce":"256c397646960f5fe361c7aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"0c66a0dad81e0012882cd27f21386d7fb24df4ed3d46aaf1939e6637e570de662772068026bd072352fd4eef2d","nonce":"256c397646960f5fe361c7ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"2c26f65420d1a5f51394c8dc1e0f9b50070fc9775f197302376d5f6e7c9da9e5a6d17cc51111f2c289b51d13da","nonce":"256c397646960f5fe361c7a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"7448e00f976c196965a1b45d7d49d64dc60c9aa618292a62ec71efa3525fdaf27bd6050ef05cb4706b4490ca64","nonce":"256c397646960f5fe361c7a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"d80c1ec7293b720adac66f78e97c39c87110f783ddcebfa1087b229309751fd2d2c03412429b5176f96a1e04f5","nonce":"256c397646960f5fe361c796","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"a69c89315c5bc681da737995d19aca6815c061ca8adf90fac229326f1f9cace6607baa7339fe7ef73d36071d49","nonce":"256c397646960f5fe361c797","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"dd4ba3cf75377f0cabf8eba6e789eba8443465874148aaa8a2062d220753ee28c0d0ca3a64fe81eda0c530f420","nonce":"256c397646960f5fe361c794","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"cae123f79c57a056c9a028204da347f521da3a6f5da4048682aaea56c3346f4e6d02c90c2ba5ee606b64183112","nonce":"256c397646960f5fe361c795","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"9a07a1f03037839fe6ee49e5a4ac4022739e4589abbb14ebd6d6d49b11ee44ed00cbdaf1c9a7f221d4d6a13c68","nonce":"256c397646960f5fe361c792","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"54dedf043c61d3d2239fe9e4fd03bdab6083d3667898aa37f70fafd51bd1a3caaa60ff26e8eeca1573c63ed6c8","nonce":"256c397646960f5fe361c793","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"6e76c22813593bc80a668154c7f9ba0cf2076561fb550c1e821d0211b18cebfc84739dff6df0946d83f3176705","nonce":"256c397646960f5fe361c790","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"fa70ea5b0554e0442c779ac22fc17edfd0d41d0f2355b1ed843db1ce74ae9165388dd4bca3fc9d406b5fb994e6","nonce":"256c397646960f5fe361c791","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"edae595239cf8128a1c87d5ce8b5c5bcc98ff090d8b63a39863922f4e260e6139ff1e604a98e8e6f2de77e9659","nonce":"256c397646960f5fe361c79e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"56d45daf3a0cca29748da2ecca1dfcd3825a7a802c0051a022dff93b69fd318e65c31729bb6e8b805b60d960a4","nonce":"256c397646960f5fe361c79f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"1abdbe84681e78461c9527b46d6c9581837697b6d3d5d214504924be71f38e2656e90990f0fb8976b6b8a7e7b3","nonce":"256c397646960f5fe361c79c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"5aab1fd2687ffb3f3f1e834fecd45adecdf58021cbb87c263ea9b200594852293cef50222dbf0736efd81605b8","nonce":"256c397646960f5fe361c79d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"33d4c1cd1e4a4f93e159f990e0dcc76303bdec20e029cfe875015d78bfeaa4fe181c6278025bc543606ceab8db","nonce":"256c397646960f5fe361c79a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"f825586f82d2047f15e9f5bf0d4db3ec5f72a736f3c25b5fe73edf8626b18066e2d69f86ce92d724367f8f2163","nonce":"256c397646960f5fe361c79b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"7ff3b86940ac1551e7dd3c738ec4e349cac3d474b9b9e006b22e6c180ca61e97f447fd70d6a0b43ef04161b635","nonce":"256c397646960f5fe361c798","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"6d432ff0d07e897a9d69e1ce0565d9c266336a42a7fc84a68fe71c6be9a920dde79d34dfd7481ac1d70d3647e1","nonce":"256c397646960f5fe361c799","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"36fc83fa60e8c2f1bba88e48ceb864bb075ed025e2d51c1377baedb6594c944387b577432da6435980203a7a8b","nonce":"256c397646960f5fe361c786","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"9c2548e05d206b9867dfed7b4fda2ff84637807d1022fed2df9284dd64a9b6d89f09ffc40d5d23f2ebe60cc864","nonce":"256c397646960f5fe361c787","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"77bc1c00f8f1fd66cf5d01bbda6afe839d4c2e43d7402491793d5b389cc281596ec8b2a3540feaca0c8d90a5ea","nonce":"256c397646960f5fe361c784","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"9771def4feca0d8096a4e6279396ca478ebd257b865a576544f4106ad164061b936e27ac417df502aa04315e68","nonce":"256c397646960f5fe361c785","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"4970b13ecf9940bd4dac05b9fd098397729ee69a8b6b35e0d4081304ca6ac27f0df47c9311cfdb4fa2ef94f447","nonce":"256c397646960f5fe361c782","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"61da01864c63aa0593dc96bf160fbf62f2a26c5bc01e886909f7f081c57af8e3b0b775282c39ff84ac10e72645","nonce":"256c397646960f5fe361c783","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"fc1db37d4dda2543acc6468a3e6bcdeac54da3ac38ffb2ccdc632c9f1c62128bece9a153813de2cbfd1f8118f6","nonce":"256c397646960f5fe361c780","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"1fd15e922dce8213fb2fe02f6bd4233e9f03c08baa55d243915af8f5b0135fbf8dec437c79a76bddfe8e88e054","nonce":"256c397646960f5fe361c781","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"18aa89b59c3cbfc6bdf9b38543beed722b097f1f742df5ea014bf7a1f761430a9b95d8ef74ec1627642b4d6ea9","nonce":"256c397646960f5fe361c78e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"73570a62ed8db7d49d7fbae1a0e55be8ca988c2ad0d109faf84ffdc3ac24e873b16541defb04125d3245f38353","nonce":"256c397646960f5fe361c78f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"ad88c8b96b9eca106ad8093789ba9d45e6c26207a45935d49b98327ef4625a277b4b78d1630c0ac79f6a548f0f","nonce":"256c397646960f5fe361c78c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"b09dde91bd4522195f1918908c3b82ba9464d1dcf12b179815980cd39eb342567b902b900c5bdd99bfc6a06424","nonce":"256c397646960f5fe361c78d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"2318d90968a1887efbc6f467743ec9addf5a5d760b906297c4900869ce266b317babaa5073bed34cd5e3334168","nonce":"256c397646960f5fe361c78a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"ebcb13c06c1c43f2710c40c0c40e4307251f09b3af7020eba59635665a03250e08e05653effa7e178e6662235a","nonce":"256c397646960f5fe361c78b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"edd8bf2311ffd8f988be8c69dcf66c6bd233bef7bbbfa2120e91d6a2ac02bedc76ab55bcb767c65171d4d00c4c","nonce":"256c397646960f5fe361c788","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"e1b66f5d2056253ef852773668d001c3b2d776c97e714c73a7a7ec7254627e207f934e7ef7c9d695343c2a64d9","nonce":"256c397646960f5fe361c789","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"c2fdaa56c1c7de7e5163d4d889f25f48e2bbdd520e8fd9ee64a64c73f137ce3d66333a0ec39a2dc2f0585ac20c","nonce":"256c397646960f5fe361c776","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"64dd21a6070609f1a6e6dce93b06df7195fe183371f151117c47eaaa584c70bea3d9ae8e09b802ecfbbb8af087","nonce":"256c397646960f5fe361c777","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"7a11cae45d95f31f3ebaf1076f44658e86257945c8287ed0b63f5528d40146802aada92a04d02599b15e71dbf5","nonce":"256c397646960f5fe361c774","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"70f595334bf22c30be0cc9524eb7d2d94ee15608a92fb59c6ce2b8f3f8db84892f5c1f3492bdde5820d62f5f6a","nonce":"256c397646960f5fe361c775","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"602af04507255f51f0446cf132828637aba65867832ab734ea64f14038728e1a77c555773c600e2cc2e7a0aab0","nonce":"256c397646960f5fe361c772","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"e158690e3567f931a0e4511be00f7dce517e618016e3ccd38c8573dc02a2e3d9a5931079bf2315401a8dd1d568","nonce":"256c397646960f5fe361c773","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"34b81349869a99eeac5926a55cf4511aa9f5b311a2d020df90697f9d62f61efc5735ead37f82a6e9c47aa05f2f","nonce":"256c397646960f5fe361c770","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"46b9bc8799abf32e372f0f66df152c71157e28fafcd572db20621eae9587faf04eb48fd2e630aebe329b6070b9","nonce":"256c397646960f5fe361c771","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"dc15924de74e5aa80c1a79251beb15fe146bf2ffcc3573de1271f65e416ea9568fdd4a18f63da8c8d021522a90","nonce":"256c397646960f5fe361c77e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"95a28d679e716ccf7353b2c1b8f2406291e6621590fe4c4e657153b126c2ea610860fdca8b1cae50d91066b44a","nonce":"256c397646960f5fe361c77f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"8a85ae0ddd06b14e4636ea09fbfde64a5dacd0ba22cf494abb753974c87047ada24e9de21c1f5e119b0d225db4","nonce":"256c397646960f5fe361c77c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"af4dc49ba36204b147f83d23b8edd3523f4879ace45921a3349aa468787c39c54cb6573aa205bc5911039a0481","nonce":"256c397646960f5fe361c77d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"4cac66c5cf81c91b1725bb6c73a9faafab1e6152938d2d170b9a2f63505f8642e00528e9d3a164b16314b88e1d","nonce":"256c397646960f5fe361c77a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"329c29c60895a7380795d1c88632534bfdc36fd7bccbdad8ab331eb38c65bb5c1ef2a04658c6a5e460d06e1d38","nonce":"256c397646960f5fe361c77b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"8d8572666b4a6bf38fef241f92d51a8a010811164da72e4307b1ed4d3d119f2e1e8d18d9f93f33dd3bf948c0ce","nonce":"256c397646960f5fe361c778","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"dc5e2ae1789dec5314566c3105d08e92980e5df3b5f4c1669de23b03cf7839f39c1476055ff45094750a9833a4","nonce":"256c397646960f5fe361c779","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"90898f959e994635cc83471939a90d5ced450f9fa88bc4b7ca4789023e723add12378b143ef054c391d343a773","nonce":"256c397646960f5fe361c766","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"8b62c69fde0cb11975cacc13d68a1790235eaa6b9692daa32f1e5a321a5ff045f8355078124d4510052fd9ba93","nonce":"256c397646960f5fe361c767","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"e2c78f51ab515d951043f086dbfebfe78cc53866b9e7b4dbd1045f6a9015a7dede4d03831be02a51ba4519c408","nonce":"256c397646960f5fe361c764","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"470167ee7707f983f27c6b682a3ec91d0d49537b2f88b8f6df90342daa105ed8b4f84e38366437232959510fbb","nonce":"256c397646960f5fe361c765","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"dc656bdf4c21c3f88bb8d9116947af04b09a73e0c3e158e47be1c259e1c00630cfbf36ee13eb7d15ba09fdbc1e","nonce":"256c397646960f5fe361c762","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"618a13af4d68cf74e5cf7160214834f0abd200c39c359ecab09b253b2d1e65b28a2301fdae304f8b96076681a9","nonce":"256c397646960f5fe361c763","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"7027f57d30f82442997682631e18ca1295d4c0141e7f611b97011e6fb19f892b891b8caa65e1c33c41a3677888","nonce":"256c397646960f5fe361c760","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"721a8eb96f7092f158492c6e350dd28d041e30caf9a0faf90309e30d98bbceb181f9d2defe32aa7b01b82c6feb","nonce":"256c397646960f5fe361c761","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"411f7b0fc33ca67281453ff1c75e5d46e36afcd69f7a82cca2063c1ebe7d6886d7fddf4667f2d68244b38ec7d0","nonce":"256c397646960f5fe361c76e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"b4bfcc480f082bcf70de82c306a9c5e1a83f2e6d12d4efea2a654b1b60e86ac388bb57f1c182ea0da9356fc0f8","nonce":"256c397646960f5fe361c76f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"cd5915e729999d561f819bc3395387a44ca7dd0ad5d61c8d3018a4fa824d1c6536e321aa2d492438039c51ace9","nonce":"256c397646960f5fe361c76c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"a0dd1d17766f47c25ec2089ae1965bbb403ab0885f7812c8f528365c183d891e328da3cf4a5b5eeecc51b65fe6","nonce":"256c397646960f5fe361c76d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"f20ceaddbbf4fd25dc5aa8083ddd10d9d92d738f0ae067692957324dd0ef86fa272e685afa5bf6f50372686f37","nonce":"256c397646960f5fe361c76a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"bc4eaff2b4651f984614cee420d5de3621b562d12171dd056e80aecc9f0527d7e9a6bd6a3c1134d6c1b2af6458","nonce":"256c397646960f5fe361c76b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"bd6fbaa3d225a1f05324118ae5f9d40e24848ab3086c28264e5aa24a300ee31bf4ae82a08ef75f7b1793f29c65","nonce":"256c397646960f5fe361c768","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"07a43ef133cad9c793140b147220d5f3e2246467cb6a75212d09426a6c5109377731b06517cc9015e90888eacb","nonce":"256c397646960f5fe361c769","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"00a930746c775ae4bcddb816312c926f0be5b2c1b5ab035831d9766bb8be3fa158a1d355983fc33af4a1e3f995","nonce":"256c397646960f5fe361c756","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"aa3e679488d10c0b44e635de1660172017241d2fa0c5d66d864dcedd8c2ca882484cc77d55f8b5a8bb1714f257","nonce":"256c397646960f5fe361c757","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"4a834ec38ca2bb7965d991aad173f8bd8137b92b873682560214061fcab181d7de0d0407ed3afabb00b448c7c6","nonce":"256c397646960f5fe361c754","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"9e40a2f4902a2ca404c4e0873d24a692272ec4bfe0e4acf68476c0e44603c123f80cca906d3bae9b2e67821af3","nonce":"256c397646960f5fe361c755","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"75796e7436b6b4cd1c42baa3f4665edbb65e59cb9d520eaba6b8f4d1eeda41f8609d0b6454d1b6dfd1a990f759","nonce":"256c397646960f5fe361c752","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"1e57b6c6ae6fce9723d53d03159f700d0fe5c6d26cfd454839c5418a03f5383c619092decc65e0a921d7781bd6","nonce":"256c397646960f5fe361c753","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"2b843909b6abdecda4147a80d62b25a2d0dcb3b47098ea075485ad91a338ac3f59e18755e9b775925e51c722b1","nonce":"256c397646960f5fe361c750","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"0135f0ffbf815a614efa11fe1eb444178d5f0643759be8add379e14d8f6542273d945ad9f016be59a0912ec386","nonce":"256c397646960f5fe361c751","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"184a942253a164963e3bee5043eddd8a14fb686a70e9a95b0818b03135331cc8e988a2ff30daa468431ef0a7ee","nonce":"256c397646960f5fe361c75e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"9c1d3d7837defbfdea324b815abfa3e5e411955bcec3a33e112e0d034af986894e300b1516cbfe5a7c01665d52","nonce":"256c397646960f5fe361c75f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"e764533959900c5e1979ef38d956292a54e888bc34b1525275fde52d05420e84ac719cd476b956074b2615e540","nonce":"256c397646960f5fe361c75c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"9eb2fdfb84b0239215c33044f8471b1fee1755e387c08f950cc8ba82396e67fc2bcc125f27741d1b1ad0e4d9d5","nonce":"256c397646960f5fe361c75d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"f873c66cd93d668852cb3e827748ddbd936e8b554a9810332294e29345814bebbf13d96903fbab698e3dc03974","nonce":"256c397646960f5fe361c75a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"292344596473e805208036cc77ba26da582bc03c740b4b35edfda5bfe10fb10aca9b3fdfeb03e6bfb55691e484","nonce":"256c397646960f5fe361c75b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"6f2784cf829d2847aee7054404c3e5b4ccc5c349eda079e9f78d8db459e185e162f339c43e8db307db43cf09c5","nonce":"256c397646960f5fe361c758","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"a85ef54d20f52a54ca7fe958b35c1795bcb66103b013f1c9275edb4d72311b6dc6ed8529ebc051f583eb203dee","nonce":"256c397646960f5fe361c759","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"dc0d2ca97c4db343a5eaf630d64c6a856202f98e80d52e68545a7648860db6165bc12bdb1e2a602670e95a33a6","nonce":"256c397646960f5fe361c746","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"e4866d938eee3e5275808cce23f860da5d2f82f6121c08c7a6684f1988dc6f00762b82564f235df0d88c8f7775","nonce":"256c397646960f5fe361c747","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"1cfd3caf585c474a47cea2f5bf5b8ea14c4aee62394d76d61cc9ec2f54ff7f2de39de533760eaa82a5d50322bd","nonce":"256c397646960f5fe361c744","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"0a7bad28f8e5860fc857b4ec528dc77e16fce7120a74d4d4e76b1620f1d12b98a1aa074326950c1716ced5fc75","nonce":"256c397646960f5fe361c745","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"55e73c0cad149a8fc18eed3d84bbd9f511a7d264e5745f791ab6e98fe465c4bd856c4fa63a35450e432012409d","nonce":"256c397646960f5fe361c742","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"9f8dcfa4c2886581bf00782bd68a2910fc2669a9a97b779845911623a2cfc5f69d0733ec341d38f2a6588f7a7f","nonce":"256c397646960f5fe361c743","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"39e2253b1f3f72b8cb1743019d7bac0bc171bd15e7a6290ccc4a6b109265f77ada8f0d70187d6047b4c961b56c","nonce":"256c397646960f5fe361c740","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"7a0667d869e480faa470af93709a1e48d7e529ecafc34d2529a1efd45d378624762ebf5e1c7acda91cc2f532dc","nonce":"256c397646960f5fe361c741","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"f5b1eaab4fea95778c5e633a7628b8cc7a95c500d48e803f63e7534f8d387d69e2ac1f8b170fdd093ef8a7e3ed","nonce":"256c397646960f5fe361c74e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"bd593940ed983a6c8680233f9b1d719e3efd67b6a97295151b3a4855db06355445490d3756b6016e7f152b2836","nonce":"256c397646960f5fe361c74f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"58762ece471788a313b47a75553aa7f3b4ddf9182f96a08f838e4bcd2eec07b2c9269cf109ed6108e43db4c492","nonce":"256c397646960f5fe361c74c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"7d0d967cf5dd8a35f3cf06911e488a07aeec99fa1ee636a2781184c7263b46b77101fd3d1cb35f2a4ab12a27a0","nonce":"256c397646960f5fe361c74d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"d5a7713082acda45a1b547cd7f746800845d463a36f0f162ffa053d479e6fbac523be02b6ebeabf4fe192402ad","nonce":"256c397646960f5fe361c74a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"63aa5055ab2841f208411e1ab494b71e1628ea07e8b3f8ad6dc9821544714262797e374d9a4f266ab5624428e5","nonce":"256c397646960f5fe361c74b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"8608cfd7ed84b936a1d0dc9597dc063db8ed1994fe6bd48472711338cbf02dca0f346771042544b6b03be178d5","nonce":"256c397646960f5fe361c748","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"987f8cb4c55f6257f850b7a2059ebd2821046981c7cb7680242077a769da98048465aa814c1dff01c2956b0ccc","nonce":"256c397646960f5fe361c749","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"cc9fbd73ddd3e66c5d12b939f6a0017c773cc5d6b8428d1cf73a6302ca6e948a12a4b446e9a9305970607cd95d","nonce":"256c397646960f5fe361c736","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"e54876a51eead9910fbef0c7b0b5795e9686a0f7852cbe0487f08975754bbcd7d09ae119b55be1e521b436eb60","nonce":"256c397646960f5fe361c737","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"cec82ae6d372811e52b95e96aecf14b08074e90944a7406243179192b08dc8978b80eb3aaca00888b44fc540e5","nonce":"256c397646960f5fe361c734","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"257f5e05dfed93f129e3b461d550b99eae5b9aceab844101b663fe1cd6909070f99f3b883f6abcea8fa04d9c90","nonce":"256c397646960f5fe361c735","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"670eb734c3840f6a01e122952088f780bef416db2aa21cca18de582b9461b966f5bebb6cbb98778a1f07adfecb","nonce":"256c397646960f5fe361c732","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"e674265c68a73527fd19dc5568da6bcc78e47476f6de06a3a458f314704faf7183773564fcc89e2b6aee3de86d","nonce":"256c397646960f5fe361c733","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"35a16bb6fbe521fc6d22b5a52b09b2b4b9fb4c5940da2b0643d05f06032a68fe4a8adfbadceeeaaa1936083926","nonce":"256c397646960f5fe361c730","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"61f76f83628a94ffb2d7baf8639f3ee0df97dfc4dac8e876982086c278909ac938f96736bb0090f1c9108be323","nonce":"256c397646960f5fe361c731","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"3c2f068661a9d9447535aa3e0b0aadbb40dc0737b593e1f184cb62fcc07afcde70af83f697e86fa2b19a9192f6","nonce":"256c397646960f5fe361c73e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"d15730bd7e4c40c57b5f4cc48efcfeff035dd1ce85347f9e5853f353b9df9ac4cff7bbbe44127fba190fee353a","nonce":"256c397646960f5fe361c73f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"d2ed373de2ba91d3b64c53413a0a260564e8a286dca5b312834addc5cd545b6beb2abb94f82fec2e00bee20f66","nonce":"256c397646960f5fe361c73c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"e67d8d2f8253f201c43e9fb1ff38bc1a2510e9abb2fabfbfa8df8645545593a1a1a0839c2e24b625e18226bd15","nonce":"256c397646960f5fe361c73d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"258adbaa8f5975eb88c27ba95e2c58c76210ecf9139ea9578ddcb9733f44d2d269000daed9ba34fc20ccc6eed5","nonce":"256c397646960f5fe361c73a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"8cb25c558f2b9c6a93571a8701ea481af9d2f4655659a2c1facc115284d70f873aa3cdec201e377b9829c01a93","nonce":"256c397646960f5fe361c73b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"74c3c9e8809141ced284cc248b49dc4e7b242a930e267cdd7152c9a4680d5609662516a5ceca2fa6c9c9e2108a","nonce":"256c397646960f5fe361c738","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"9bca081636d44cb2f2385913b7eb734f42d1c65a0a8399ead2d543ad30debda069a530c4fc6dc73bc411a22cb5","nonce":"256c397646960f5fe361c739","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"fd950f99b67c46992317acbd94e646b66eb57bd799e7b405af73c40bf4508f7cdd385705d4d7b2460640cc806b","nonce":"256c397646960f5fe361c726","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"c2abdffa8cf35587fd912b81ccbf313871e8fd51aaf9ffbf8871300b645771245c17617b484073ebd49742c5f2","nonce":"256c397646960f5fe361c727","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"1f2e0d56ddd14aa8194a42650c0a1c5ed57e94b22088af34dd28c70a05f6c321c1ec272e5e4da098094ece46c3","nonce":"256c397646960f5fe361c724","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"5b547e526b11f23dc90ef19e3a605e60e3391092ed63cd79299f09f3be75c5055f37846fcd63127108d9551f94","nonce":"256c397646960f5fe361c725","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"cff192de60d6b7a44ec799aab0e9cd2fcf0bd2733fbd6a42569ac1f15a9df568442a12888fdb4de70adc1c20a6","nonce":"256c397646960f5fe361c722","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"ef23aa84904e910634b20cea969f262b69b8cdb2dc91fbc63a59d3cf22db3d28b1a11368f96d058caabac488c7","nonce":"256c397646960f5fe361c723","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"f0e9b4f904f032463947db343721dd17378a91090909ea39b70bb1b58ffc9da86c90d2a27359bf35f88e210cae","nonce":"256c397646960f5fe361c720","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"3f9c9267b41cd6ab73bc835261a2e5a373aae2b14346bf4b8a5a07ef15e3b41253642e4e8b205a61afc6dcc802","nonce":"256c397646960f5fe361c721","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"746c001e1ce6595032f4552b3614edcf6a7fab24639e4546d6641bc0b6ac7ac42105a4632959cefbe4b6a04da6","nonce":"256c397646960f5fe361c72e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"3dc72cf3e989bdabd650ed70cd9a31374e90ed29c082c122e8e695e9097727a4ca661b5d40fd6c2dc7c41ab3fb","nonce":"256c397646960f5fe361c72f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"3b0ecee2ca064f81b36d04f64aa3ae6f64bffad5c1a8561780758adb6ec5eebfa0021f04c1db1e65bc90e1dc5f","nonce":"256c397646960f5fe361c72c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"17fa5e63cec8d48df7fd23678bd7f57b0b6afc51f837fdd8c6af8492a98bb2d01e79bcc86aaa73e4e7c6d9552b","nonce":"256c397646960f5fe361c72d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"709e4bad57499694e304e99b99e8c60dbcb938d83b2f4143164f0133d2a2ba1bc5fdf748cc716ca451d6ba4ade","nonce":"256c397646960f5fe361c72a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"ce98b5a2bb65fb44560b852864dd20affa5a7a72895b2d34b99501b7af3377e2ff438de972ccb216033baf3b5c","nonce":"256c397646960f5fe361c72b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"1bef27c22338703b2a6e10de5e664f915c9a0d8417d261b4a5c85fb2eedc3d139a827f0fbd5b0e1a4887ce41f1","nonce":"256c397646960f5fe361c728","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"c4d87958ad458a3c487b3b706c3af17407800b86f02dbbadaf19a609454e1833614399a1d122761bb2bdd68ca4","nonce":"256c397646960f5fe361c729","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"ce6d5ed45cba0556401cbfcabcd55615fc37234d9e59d99173e41d4c8f6cb95e4c769f6b3d800871b27af55e89","nonce":"256c397646960f5fe361c716","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"d87c9cbba16403ab2e5ce05490496045df8f96cb46950a7143a69788ca2f28312ba018bcbef32e0997b5cb2a77","nonce":"256c397646960f5fe361c717","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"4341fbe784cad6d3843eef6b59d5c7e4fc5d6c56333a04644e9d5b3f3fc3633678d53cd939d503fd65f65e7d2a","nonce":"256c397646960f5fe361c714","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"fe10966a25767ff3c09cb4559ddaee74515f505f5a7c174522216f32f532d0901b2ef344263934920b474df590","nonce":"256c397646960f5fe361c715","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"a03d65b51637b155356eb76875e4be93a43a6b3a19117dd09d88fa0c4c4efdea7689791aca142abf2036c60670","nonce":"256c397646960f5fe361c712","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"0394ac19745530d422b9467e29b762ac0d8685b1a0f1b4c1f25b35a54989f7c339f989d50a67224745de995496","nonce":"256c397646960f5fe361c713","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"682acde778736ff895e7afda2effaf91d344f67f069d95eafc8af941972288c89db608c8b816a9f15c60fc9170","nonce":"256c397646960f5fe361c710","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"2eb1c259090f9b84504fe151d067495640a750d6add0172617dbbe9b08c0939da95c365197216fa0cde559b617","nonce":"256c397646960f5fe361c711","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"354276860f6e5e44a9e5cbf13e2b62626548561fbfeb08d7fe557b604b949ebb4c7cbfa21ee80df876dde1cbf1","nonce":"256c397646960f5fe361c71e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"790947e03413dc7d95d82b7e15e8ea5510470534f424a70dc11a6df6fe75f46f44168793c92ab3c2bc23ba6073","nonce":"256c397646960f5fe361c71f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"74ff6d03b288e2db904b02f1aa91c54b58a08fc60455c270978397a1b8d76da07b02499cf4734f73474e58d1f9","nonce":"256c397646960f5fe361c71c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"3fb0324a9a0eef5a32c1cdb454b062fbcaf1408f2c2be66e31c6da030569f87c79570ba53252c1f52a1a56ec4f","nonce":"256c397646960f5fe361c71d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"aa7f8c5873fc79e50d3e5691c41d52f01ff93758c80b51a5d4d3f358f547c62d7d8be441a50075f2b4a488afbc","nonce":"256c397646960f5fe361c71a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"ac9038dc39d605b38eae5d8caa69f1b0b16ece305d6d631e3eb75127e6cc87bede4245507200c171703c8d71ec","nonce":"256c397646960f5fe361c71b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"f9dd791c11aaf64fdbcc2c66557c3b88bc0c70f56038d897490624d6e30cc5e827c053fb1fc9ffb5a715a483bd","nonce":"256c397646960f5fe361c718","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"b50306db8a5af4575f07b752fcea33c87d8369b7236baa2a83f68bd9f10e6db85ae5342016c91a86612a714a5a","nonce":"256c397646960f5fe361c719","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"072e634b57818b95744e9bb3304667a9a593d4e4df12f09ca6cf7bb6974ff2d9ac34e36537fec1e44e8f6558ca","nonce":"256c397646960f5fe361c706","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"aa60add434aabe99563c933a8ee8047daf529c6f1bce960da22189e6f99eff841a15c8fd19ac0a4d39eba6ab82","nonce":"256c397646960f5fe361c707","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"30b7d7cdd734328693c05b45be7c8f085c357b13aba2b616c44562288c2b1b79033544a62ff5073152c8ae6949","nonce":"256c397646960f5fe361c704","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"601a3fd0fea046020f2af1ec10883c4db0516485251552c94b77126046e79b4bd29ce56cc5cee079f02ab25281","nonce":"256c397646960f5fe361c705","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"a9b26159190ddaa1ce6999420e6fd4853918c3717364eeaff028c0ee91366013637f65bb526afa286ee4bf1b86","nonce":"256c397646960f5fe361c702","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"16fb0823bf8007ffcc83ec5429d0efbeb3203b5671508676aaa13e1505c10fdf24c19125e34b309c2459ac3995","nonce":"256c397646960f5fe361c703","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"e179bf922a9b55b2803771144b51ed4b82ebe235e1a50f959cd7535495083a21b62f236dd9c1afcfd36a63f8ed","nonce":"256c397646960f5fe361c700","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"78af183471fad6d73222984c5b0c5328a25ce7ff64f69fce76c8a5b9efa67409de8c22e521ee765e778d04f6ee","nonce":"256c397646960f5fe361c701","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"82f0e4814eaab138eaeb963be5c1c0e57a26a74e113df98ef52038558de048fba235e319ecbc9a0b8b9f06380d","nonce":"256c397646960f5fe361c70e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"572a308fbb1cce40e08fda3b1f66d1f5549013ab1da7a8442a7f1c1d0a7e987b5187d9e5eefaeaca7010d54d3e","nonce":"256c397646960f5fe361c70f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"4658bea957e728be82135c71cda658701442486a747e5f66df639441b3eeef825166fa88452ac140071e125e5f","nonce":"256c397646960f5fe361c70c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"b0e4473de132e9a312dff13471a2341fa5118cc947d79090e77536c6d7f1fe286e93eb5a8ddc8026f3ec52be72","nonce":"256c397646960f5fe361c70d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"bfd8995f16d457c903da567af3669911e410afa73861852789a1a9c3610938dd02a450c06b7bf3221ce9111715","nonce":"256c397646960f5fe361c70a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"b8c645ec1d12e7bc03431e8e849371f1bc128c813bc1bf946af21a2ba9686231819c3256c130249b7e93a0071e","nonce":"256c397646960f5fe361c70b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"719630798ec65107ce98fcec8e43fc908e740f000797de64290ea0d2747e1cac242beb72a5262692ad9feb0476","nonce":"256c397646960f5fe361c708","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"d2c2f38ed017697136fd70eaf28b80201b1bd22c36ac43027997207f37931c6f0b4271c625c8891eb90bce584d","nonce":"256c397646960f5fe361c709","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"1ccec5f8bc5ccdf558a5f51fe924d91da8531c95fbb03961cbe1f5e0f37d25b5486ec1d351aa6e3ebb63ca3915","nonce":"256c397646960f5fe361c6f6","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"2c0f19b5c89412626afe181c1d73655b138d9552b71a1903291d83db49439727"},{"exporter_context":"00","L":32,"exported_value":"f25f481149e39535f644fce32eff3b1faba30c83515f5c28a65656dda576cfc4"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"2014260af052a892da042c3c5dd83743826660d84338c1d4bdf36e810fda3c90"}]},{"mode":3,"kem_id":32,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"b4ea665372433059a456b9ee3dea173ef8e5a4846242db8f5767c917128fb8ec","ikmS":"25605296d116451db070f76bb76fc8085bcc753af8bb15f1015da6bd3fbbd963","ikmE":"e49d29b7a4619f656938e1e6cc162bae09afba0937954e5a3332d794a59299b6","skRm":"d791b71bd90aafed576683312da4f0d6b43bc026e614db1ab99590b5a8394772","skSm":"5924132e9437a0728d80b8ecb9f0fd4bf9cb1af869deebf98ad125e6e704bd29","skEm":"e819eee9d9331740deaa7acb05789f106fb85fa9e5a1888387c715b1df3c8f82","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"6a8e4ccc7a70b66b4682dae9fa35e4e53869e15bde9d21ac100f4efa1c099e6c","pkSm":"50c0cf51b4a336fbc3bfc085112e87a41fc7a43d02795bac17d5348903029833","pkEm":"75f842965c219379c24a25dcc7985ef4fa23307de9ec96d8700b1990a907ff3a","enc":"75f842965c219379c24a25dcc7985ef4fa23307de9ec96d8700b1990a907ff3a","shared_secret":"3b38cd8e6540ef714a0b21a1cd82bb85af3159f1fa0eee44c3361d97e6f84cae","key_schedule_context":"032bf29bba14d4c88e22c7637cf6fa2c279836a13308286be2fbcae87dad2dec2c47252d8fa4e8b173b715aae0af06bae18683a6c022c2b1c6e28a096f930585b8f18df7d7fbda3c938157f486a23f47621b8c7bc4ab9d89fd902c1d406709ca1b281ef1b7bc4736dc044ee497d5dab805fd38a9f4890398ab2569653a0a7ff73b","secret":"2062d5973adf160ed2d327b4e5bea4276b3fb65436a81815749f00daf22a313783a9b6cef2dfa98d0726b8b60638ca81b0e511342a9e9a2aeddad81762cf23c4","key":"387a1a482c6b659c86f74c6bc5eb6dc67bbefe2a74173674af7279f535286e47","base_nonce":"4ec80a1044d5881196f55265","exporter_secret":"50ce7c982b0f0a9b9a986b26124d226202bf18b5182a7116751c0f6fe3b22e9e441bdc9105babfb8b75298fa43b63ffe81d8d833e8158c39345d1f7877a5f2e6","encryptions":[{"aad":"436f756e742d30","ct":"1782237de6ce3dc25dde59dd1aeeb242d99f46a3b625f4ed83875df5ac029785a954f290663eb40913307109dc","nonce":"4ec80a1044d5881196f55265","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"7fa18dcf815013313e28fbbfdad00508fc28c68b9c487b1abac809a8197bf70db1b8495ab44521cdc62098a88c","nonce":"4ec80a1044d5881196f55264","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"7ca841b9e33ac1488005252d122f98c849222e0bf96eeb5c0b13a2ab3dda502385ef0b533bca78f5eb1467b799","nonce":"4ec80a1044d5881196f55267","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"b716fe413c71eb4210581d1afd65418c744162d176ae4036df02469343da217340a480233ad152cbcf802bf960","nonce":"4ec80a1044d5881196f55266","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"8e5c9bbe62c02723dcdd997de78af7649a67171c1bd4c6dcaeee181f7887a0c49e5207a82df557816d17202c4c","nonce":"4ec80a1044d5881196f55261","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"fad050f18e7678f22add9b5ace48c099b24ef62e9ff2313b75d1c316e31d140332e0878131c1ad11d752a7718a","nonce":"4ec80a1044d5881196f55260","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"63505ab6061cf6cc83ca7386d5e13ca286facbce7cabea725e6f9998fd6a30b46532ba4eb897dd56bf33a6c2a5","nonce":"4ec80a1044d5881196f55263","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"c5cfb0b89f50bbb37cb346f8cb703b630bc48288d7c401c25c5494c71a5942b422bcf212843ee9318351db4306","nonce":"4ec80a1044d5881196f55262","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"880ae985a6257b2f7549ab84fe146c931f75858a258d64a6342c0c082cc877ea3c8fc77f1c783d119badb9cdb1","nonce":"4ec80a1044d5881196f5526d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"48fc183907a525a2c2d9577afe40d2dad60b289af002d7cef802aa69c86171290d3b01176a56241ac3d0796ec4","nonce":"4ec80a1044d5881196f5526c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"1478fabe75f96b495302fa9e9ccc95d623968e13bea9a3ac0ba3a216121b504af31975d9368876fe896bf698fa","nonce":"4ec80a1044d5881196f5526f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"4f6ef1d1f9e365b98acb47c607d1cf8864b83110e2fbe81b88cb7ef10e277c951ebde056bb37b5dc1c113b2de1","nonce":"4ec80a1044d5881196f5526e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"ea88e12eaf100e621f6ff47d677fb7d3b94e95a491eee58d9cf3c31a505b02cad9cc47b8138ec4a8f6668b7634","nonce":"4ec80a1044d5881196f55269","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"d96bf615b2921dcfd2453a6ee454953960bc9037d65938aaf36b5dda1f63fe282466c4adf3d2503cdf67ed192c","nonce":"4ec80a1044d5881196f55268","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"2c2af1b7a8e06db532ff790767b024beb62a9e29193c97804c2685549d183dd217426cba36350cb70a2183fd8e","nonce":"4ec80a1044d5881196f5526b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"01031d6d965f519b68ca1199fe428705624999a22b303549cf5324ef465c2a76b501cbe62a52a37b8a390a38e2","nonce":"4ec80a1044d5881196f5526a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"e2b0ed7da7bcfe53534ec3abb93657e532a60aee76b712985c8d2e9edb464a13ea9e4df59c596c9ba044e29ad9","nonce":"4ec80a1044d5881196f55275","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"b1a8380f5bdbe00407fe80f6f39a2fed9c491c8ce2a2d2bd1cf57c492fbcff4765875097bd09623fdbf452ed67","nonce":"4ec80a1044d5881196f55274","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"a909348615ba409c662dc0a04dcdf147b4ef45b33e02a661c265cc09207f46cdf4614efef9b190f2c4c295fae2","nonce":"4ec80a1044d5881196f55277","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"e0a2e2d83d296d148809da90b28f9f9f0d2b1f3fab9d43091ed064d7bde327322716809ffcdab353827bd59c56","nonce":"4ec80a1044d5881196f55276","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"7c9578585de5af78c7d07c4572b4416d93e75d0d7e7aa936552a2d0e3fab5bb6393bebe71332e0120baba9be98","nonce":"4ec80a1044d5881196f55271","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"96ed0a58c9e91509377b0280b4e958564cb2071f7d8b5a947b29f42029e1692d2d5eff2928c7f91ff6608f0da2","nonce":"4ec80a1044d5881196f55270","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"56f61a7bdaa3d0804c2eeca4f35e9387b924c90023ea28d683d39c9669e6eecce72ede28c39a3a15c9ccb24009","nonce":"4ec80a1044d5881196f55273","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"00e657a555cf2cc954ffaa8c005fe2be36ee1f0834452e851322805dc2f25aeb4e41bf05237b38e2e5fe3aba85","nonce":"4ec80a1044d5881196f55272","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"0254207f1952677b8f29fb0556de5934029ce5f1d4de9fe1d405f800302f51d995c150d3f8fbf353f7eda12945","nonce":"4ec80a1044d5881196f5527d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"2ab5480ae834d20a443e0afdc44d6416f91943092e853fd5262c64db389c8f1803a97c97b10ef81f06469b6fc5","nonce":"4ec80a1044d5881196f5527c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"c14dff10ab5bae10aef2b10e62a25b1061aacaef8f3e617fe8aef8282fabb4c0dc511b3b9a35ea46a448bfe254","nonce":"4ec80a1044d5881196f5527f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"3c3d2c4bffb7f944432021b243a187d477f6d4841670adc7c6a2c79b7f9e273e561d9c8fe175dc26f638aa6952","nonce":"4ec80a1044d5881196f5527e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"1f4ecf17ba6f038f355635b99c7d07c820059b0ae59234acf545cd70d63e514275ec516b00ca704320edc1cabf","nonce":"4ec80a1044d5881196f55279","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"6c54310af151873df8326aeae514780e568d40375b04c24edb414fab9c78e79739221e1e0bc9f5fc684acb811c","nonce":"4ec80a1044d5881196f55278","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"9019ced1e6152dc4311e561ff4c4935c4dc4663a7566ab95c208b17f57a0c5ddf089143a2f7c142d851364fcee","nonce":"4ec80a1044d5881196f5527b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"4af1d9b75d7cb433250664a9ac04350e809f95f307ab368165a8d1190108f570e6f035b51095311cec3474c23e","nonce":"4ec80a1044d5881196f5527a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"45c2f4d99d27642b612979de59130d3ac2c98b9d5e3edd81c86c7c79a7b4671055f23a99e0de3797fdbb1616a2","nonce":"4ec80a1044d5881196f55245","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"8770a22059028976e044fc81fef50a7dd6419a5cd237374d5b70790b56879bbd39af4469d5b5b7e3662cc096fd","nonce":"4ec80a1044d5881196f55244","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"bf785690e50e147216c02ee2b9bbf2fc6c39b9ac31e3053263cb24bc0db99e1e2c7dbf2e0c1f097037e79220dd","nonce":"4ec80a1044d5881196f55247","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"b95b8d57f6495b744ddded975b160f5b606eca1b629c5a700bf68e6b101ae876e2bb71606d6e2ad5793613966f","nonce":"4ec80a1044d5881196f55246","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"1cd6003d1600f8c763fb27855ea648e649ec45b8284a73f0dc1afd312838a1cbdd5e04234ea77be449d9495124","nonce":"4ec80a1044d5881196f55241","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"f1eba95dd4124781db61d43879ef0e411ad9f85452eb35f85460a83e29dd45bd55cc545e10abc0be7d94fe72ca","nonce":"4ec80a1044d5881196f55240","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"ebb3a491dc52b83ac50dc49b086a796e1f1e594f4f093886ba50c1868420afe63f5590a06deb020d0201ed8b6f","nonce":"4ec80a1044d5881196f55243","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"780a632561c6fd11ce7ed3528e4a887b6ffa407e59bc6084b85e90728db41ad45d39b2fac0417e8618bb8f0294","nonce":"4ec80a1044d5881196f55242","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"c96f1705b8e0156d3fa079e6df297aee26e4894a416190355ecde9a1fb235a29d9b42dbcb0a983ca2c9faf4cba","nonce":"4ec80a1044d5881196f5524d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"5a2e761a34355bf874a0ee77d51c247ee349c0ad798d5bfd5770fe7b26da1336ce84809d881d849803f196a597","nonce":"4ec80a1044d5881196f5524c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"e0b41fe63db48c24093806ad9ab1efd141b38241f1254c085aa4fe5494ac3eaee9baad5bc3771ecd295f6357d7","nonce":"4ec80a1044d5881196f5524f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"b2226ec50248e0728e2fa5ab8b49767a81c1bedabebc94e1ec597b333b774f4801a7a6aa2e64c2e9e249157e83","nonce":"4ec80a1044d5881196f5524e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"730bd6ec6db8384003bc8fa9f614e0d783d7d1aff09e0d9b7fdceed43c001e8b435a0f9a819f7e0b9a8f272417","nonce":"4ec80a1044d5881196f55249","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"cf0ef4d48f7309e41120c7927349d02c2659e526619680742d33be3c6d109fa9cd599e8151c2c57bc84bafa558","nonce":"4ec80a1044d5881196f55248","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"f1fc0d5c1391523ee6f68fdc36d35010d59aea6e07f1326df708003ee5a0771d7e83ed9a64eeb8d4e7d46a5b71","nonce":"4ec80a1044d5881196f5524b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"8a35f059cffcae1ca8734c02191880c62916013a4ac8c1c353c71bcf862debd42191623021916be27a53ee8160","nonce":"4ec80a1044d5881196f5524a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"58effc8bb73f6720e586c3dc1db957ca22ca6b81d4c855f9127147dc7ed190bd44e6adba899fc055f94c980445","nonce":"4ec80a1044d5881196f55255","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"cd58f8261796f4ec85a84d532f7d9c3fd6c2e753be5c746991b600ea6378bd1d90e546aee0e17a0ac020ce07ae","nonce":"4ec80a1044d5881196f55254","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"e6ea025d1d18aa8e9bb8c659e7b34aed2b6cdb0525efc8c12071b9b55f516d63d4b20b5180f5382b62d9573b25","nonce":"4ec80a1044d5881196f55257","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"0ecd9264f55bd3d9a78a4c9f9a3ddea6b610e76bdcc67ddfb2e4ce237192c395916efca1e0ff117dac74242e5c","nonce":"4ec80a1044d5881196f55256","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"efbb127a2a87774cd51c49a7f708cb26c0c1b75b0ed3504ecd086348c89203241572e642ca18a8e4250ed78826","nonce":"4ec80a1044d5881196f55251","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"73c95c846ba4e5ce2171d0fe58d9c8dc6aa8fae8fb73a6f5fa7c6b66bcbb33a09669170e906b5fe5d4eb32c047","nonce":"4ec80a1044d5881196f55250","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"6ea39069ad87ed584d43c37e0e26167e0aa89c31ad81030dd33fc8fca31c76c0bfbf5a7ff82f42ad5a0dc61ea9","nonce":"4ec80a1044d5881196f55253","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"0ba03c255f0db5ddf6bc03f9da2765bfa1c43228ebacb053fab57506556e7f9f8d4169aa1583c41ccea456a791","nonce":"4ec80a1044d5881196f55252","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"32abc01e97a83d03fcce8a0d22552e30651618c56bc27bab22225dba9146395f9ad99c7b3b1357c35e29721928","nonce":"4ec80a1044d5881196f5525d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"216bd8ef319b25c18bec9ac959e19efded33a330820809466fd39f0ba796e8accee94b93507034cc337f4bebbf","nonce":"4ec80a1044d5881196f5525c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"e3d9a45c02761c38e764c71f926e81a25c6fe5151e6f7f333a9bb01cbf26815df5aef97fff242c2c5a89e5f4bd","nonce":"4ec80a1044d5881196f5525f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"e4ce69a9967a507277153520656060a28616bb1d078e54411d1cc2c4ab130a7280e7d997564cbdf8446fa58349","nonce":"4ec80a1044d5881196f5525e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"6eef941586acec5470d8be8b0039825235ac2df99003b716234c351d9c705b7a6e7afebd69f3ae023412e12bd3","nonce":"4ec80a1044d5881196f55259","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"45a536aef36ff5b0be79ccffa1d19d8e0bd59316a002c7f0e66dbcb488f514eb01e0fb8d5191e9aab4feb2c60c","nonce":"4ec80a1044d5881196f55258","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"08f0c20389d1bb3521dba09092ca4012f832c626dead346e219141f576156a977b3cf77b989ee328cdb4a36dee","nonce":"4ec80a1044d5881196f5525b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"7afb5f231fda48dfd17b4c87923462e9bc43bacfe55e41c38688ab2a20672d77d0488c9b1f6af189cf0fe1a9e0","nonce":"4ec80a1044d5881196f5525a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"c47c2dd50a2e7041ca81bb32433fb7b542a9c7bc21f8ffa12ecbe7a35485011ff6354907197aa535d9985c9763","nonce":"4ec80a1044d5881196f55225","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"d0d0906458c54d69ffd61502d610c8d3d171fcbb6f021f874619d5b11c36b028de08214d97279535ebbd7cde9c","nonce":"4ec80a1044d5881196f55224","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"fc3acd6b6715bd3a7dcae0317c6b1587911bb9c04239c309683950d670c099915f930257747d53e4f259971db9","nonce":"4ec80a1044d5881196f55227","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"4e6d6d23e8f0dedafafdea526a08ebd4a1e50f429debc6e5f153a99894160b0892d8d6673e507a9d5565f9905c","nonce":"4ec80a1044d5881196f55226","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"9a4317d83980ad6c536c7b00494d2f4a8f2f98e511fe8ad410bf37bdb9d0899a761d3b489ed5749c5a8ea4ff05","nonce":"4ec80a1044d5881196f55221","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"b0f6275b608dcb68715f41f46e951f40c03d40d568fbdcd93cab838dd41af31e129dce1813600abbb5c3d0ec7b","nonce":"4ec80a1044d5881196f55220","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"c81c13eb60014479aedc7773d88dd8dccba2c8abfdc9879078efc4af7d7928ce6880da317a8d2e039ae95255cf","nonce":"4ec80a1044d5881196f55223","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"de9c4f4a96b504f008baf6cd228b1cb64903a790e6d7802089687164cefc949bc2b17306e8eb09be9bdde627e5","nonce":"4ec80a1044d5881196f55222","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"d011d572177e1621e7263942451522c4b7e04c55ab479b626d4e0ad158a0f7e1984d29c1efb543dadf695e4e20","nonce":"4ec80a1044d5881196f5522d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"6f08d4ef0a3b3418ab730b90b0e128c3f30091a1dfd18112dd24c0bc183385ceffd90d224e69b2fa01ab0d132c","nonce":"4ec80a1044d5881196f5522c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"dd7e6ab40be3a02ed0a64dda7700ef912e64b67f4775cd5b19a771b887fe5c56c227646d14de5be630709e0c1b","nonce":"4ec80a1044d5881196f5522f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"7178c0f7fcd649cb98813bafa1766f7779a68544fff904234501728a773f4bdb6e5bac0884c99d3f0ab414462f","nonce":"4ec80a1044d5881196f5522e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"0cfb9d221f6dda8842581031cce2be68c69c1a9fb57ff616ba40e1ea876866abb0090d6d3889a7c66af6bfeb25","nonce":"4ec80a1044d5881196f55229","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"56d558e8b806eea71620a57a0a526a509237c1b88de9ded54a69624611146825f60cbae4ef9bf0a1d8c7408dfa","nonce":"4ec80a1044d5881196f55228","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"ab54e4513467799e46ad5968a0a05f167d8a10065d93992a5d1afddf3504c496d38e7a17c9c9c20743e3d35be1","nonce":"4ec80a1044d5881196f5522b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"991bf8fedf8baabcde83bd37bb19e29ccf27113a424af997886934ff014f342a9e013e07b612b31817f86deac4","nonce":"4ec80a1044d5881196f5522a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"be38dae82d70b1537b6ddd1140ea10450c27cfbdeba18552d731ea8ba69a48a09e3980d5218ab9e73e761be068","nonce":"4ec80a1044d5881196f55235","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"5ce44188318c4b15ce7225c965eeb9920eec084392fb322ee6e929d63ae5bc616314060fd601baba3f4b746b67","nonce":"4ec80a1044d5881196f55234","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"f29ad87327b1e1965ec36495bec3b92c323f4097ca5e50651d4f24819c19857880acce00ca16e6cff2b7f54f42","nonce":"4ec80a1044d5881196f55237","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"60c7fdf834769941ff208ddf1f04a5fbc1f91673f2a589bfbb7847ee63aea6b87409198c36b4f4f481249eb85c","nonce":"4ec80a1044d5881196f55236","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"055ee87873c3ae75c8ce633ddafec693821742ea90b58667bf1a93960b724f8dcf660a5689c7f6f59e2083262f","nonce":"4ec80a1044d5881196f55231","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"d1f7f05dfb3748d56c7065a2baef258a029e84c69f3bbf48b7682755bcd3c133b0b13ca4a725fd2fc905907a97","nonce":"4ec80a1044d5881196f55230","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"6fceac0dd6a8bbf0beb7bba8c08703a7d49283f95963bba0b80f7f1e1200c6e0ff3b627eab48cf389119c6f447","nonce":"4ec80a1044d5881196f55233","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"0fe845474ac67a5a2dad4ecf4072de2c17abac7c747c6ea538ccfb1f3463245ee14c5e65800cf9aa986f38741f","nonce":"4ec80a1044d5881196f55232","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"3cd150fb6b974c4ed09ceb39b61016a309bf23099e06e9230c3dccb1afaf66517a765424868c10efbe832ba86e","nonce":"4ec80a1044d5881196f5523d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"730c032d7653a40e80be3fb29c44f8a525614d308d22ed7251d66c3e868b448e15d32434faa8bf0aa47c01c4f5","nonce":"4ec80a1044d5881196f5523c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"b96777f32eea28bf57fe80a581b1aff45edbcb303965965c55e058cc4126b85f81757cd7de837fd236eb4d9a82","nonce":"4ec80a1044d5881196f5523f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"359314634127c1b452cb9ae8556dae9953d151d6615b6b290b47567bb8f03d5da11f25935fbdf36eeffe09b36d","nonce":"4ec80a1044d5881196f5523e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"eb66eed4f2a69d7ab218c43cf996b04de8b2645b40ee5de078a5794c15ffe557f6a36414ca9c035d04ba3eb31a","nonce":"4ec80a1044d5881196f55239","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"2a02d7e4479c74a6a268a6550796d3aee245067aad1ae4460776e680d690974f3d6fb239b0be18dd4a4e265569","nonce":"4ec80a1044d5881196f55238","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"62081584964b2083a25709276c048885747385086e614ce10aa82460e939ab38713a169caa87768d021cec435f","nonce":"4ec80a1044d5881196f5523b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"794fec3e7c5e622b696a35cb2c053e3751ec8119af081eb168f6e911a23482860c7e13783429d82e471de50136","nonce":"4ec80a1044d5881196f5523a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"8ebebcc984dfe3c3175f17e1b949c33b4a0273a77a71152b01ec384cae8d9929f6b34821055d918bf03756cd3a","nonce":"4ec80a1044d5881196f55205","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"c37cda361b814a7ac0a0b888def481e622807cfdcd4c28741d27d09652ad17e6a069a31ba5aea2ac71d28ae38d","nonce":"4ec80a1044d5881196f55204","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"6d7c30a3550557e58a99dcd770c6221b6230bb362c722fac343a7d201c92069e8f0f5c9a0c2f34e27879ffb2bf","nonce":"4ec80a1044d5881196f55207","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"32e1c4aef3082a0d40e402ec1dfe3f37a66ed69647f7c9832dc845572d038ed41b74b949fd20d2760932baca8d","nonce":"4ec80a1044d5881196f55206","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"3150b517a9665e4d3f0387a22fdc5ec408c3db1e325be2e54a66b11e8ac9015967a7a907e57c0a30e11860b66d","nonce":"4ec80a1044d5881196f55201","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"c16bd7eda84076be80201262b4f74355b87f26929495c9c54e604553d6a4ae18a64f91935e5409fdf2ebbe22d2","nonce":"4ec80a1044d5881196f55200","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"e41f34434c23f7ec52143ddcd9a3e3bf2df817a357ec2c0fcfebf68807775c374f7fbd80614f10e16460397a89","nonce":"4ec80a1044d5881196f55203","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"6a48a29a323ccb638393dfa66c789014f3909d05d820fbabafb7315d39b0c37f6dbf4731fc4bea95a76d003312","nonce":"4ec80a1044d5881196f55202","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"1c0ea04de8909753e5ff3688524fe4018683ca5cc1cc819ccf14ad364c5afd0dfc0a551978c0b9a15954940edf","nonce":"4ec80a1044d5881196f5520d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"b154dc54bef9021c4b14aaadb6d3b56a9cc9e7ff9a386e6354cc8d67467b8879a77b28281157713ffe2b48a355","nonce":"4ec80a1044d5881196f5520c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"799c3cfb080618d354e2436b55a1c02fc07fb14833b6a03ccb497eedb3a956da52c4234e7681f2a3801a420e73","nonce":"4ec80a1044d5881196f5520f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"080b707979006e306e85d4f4206706c80a790824e54d38f596f0c300262572e71d8e46fdfd1aae1bbfb16bbe4d","nonce":"4ec80a1044d5881196f5520e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"cdcd440805a425128552bc19fc480b9734b306ef712441d6b11be5d29ee35afbbb103376708535fcd0dc5f4a75","nonce":"4ec80a1044d5881196f55209","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"b26dd2f660c51133c1c64c6450ea2b00cfd880895459de12e2fedef1acedd80a473909fe9e7d552560575e8a4d","nonce":"4ec80a1044d5881196f55208","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"b8d9dd81e726c880bd8b8a44b7e69b223cad1dba0e13b60405f86ce1bb09468ddb18f5cea99da6b9de89c83fa9","nonce":"4ec80a1044d5881196f5520b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"7de9e05400a3244368a4bda88047b96a4cb278ad7a5e985be9b64cdfc36514ff9ee3b9b1af1d33fdacf16e7a8d","nonce":"4ec80a1044d5881196f5520a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"83fdde6ada7394298c0218fa08adcefc992c7549568b08940b1ff2847c17ab9080e62c050fc446cee9193378c1","nonce":"4ec80a1044d5881196f55215","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"eb389f42d9e04b61064d123c036613b49aad8bdda63f4bef2b66cbdb04e85304c7ad44f6aa76f8dc665875ea0b","nonce":"4ec80a1044d5881196f55214","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"7bc1378e7cdee4f0a67adb7debbfcbda54e200e8629cef0749cdd67a50df3a77f62005c7379745b7899b8eda7b","nonce":"4ec80a1044d5881196f55217","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"95036cf6dd3fd49d4ab78fa38faf6c91e9fd99ac303d8809b7fca02f90593ce27d6a95685da4ad5acacad6f2cd","nonce":"4ec80a1044d5881196f55216","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"d4d86783449c4291c121bfca70d623ee6d76ea623bc3a955eb566d9b698d8e9ed6024c5bbb28a6d0e73ee84738","nonce":"4ec80a1044d5881196f55211","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"b4e664cf13863a76d142770d59b27c4a3fc3bc949befafefe394c74d659964c866262ea78b6d97df9bc7b6a583","nonce":"4ec80a1044d5881196f55210","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"58dc109f649842f958f062df9c9fec52e59c6a55cba0ad519f89b39fcafd15f849d5cfc156223f0873af855f00","nonce":"4ec80a1044d5881196f55213","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"a041e0ea301b5a2c76887e3ac1b2b2f6060ad4fe2f8dfb8e5ccda4187a1b2a703b30a5121630000f70f9a11b5c","nonce":"4ec80a1044d5881196f55212","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"7cc90767af4995ca1b0e3ca2f5e1363722904dfccd8470240f88a82a3f2635f0033dd4f32f89f55bd6b2e471d4","nonce":"4ec80a1044d5881196f5521d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"370576bc1388e3ea7976e4428229913823b5009c6a9512734596276d909253a5e87e9b498ffac710818b292c70","nonce":"4ec80a1044d5881196f5521c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"00f4eb0a6608581fff54f8555fcf80c3da61d6f18c717b235578ca20b6bf3fd1744244106b9eea61fa63a546d8","nonce":"4ec80a1044d5881196f5521f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"d3644d88f9b7df4186a2ac971dc422c06efa4aeaea881e97c87424b5d702560589684f4a29548a6e788eac391b","nonce":"4ec80a1044d5881196f5521e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"98269cfbc00282378048bfb0779375e303915c5f32059a10483725ef11321b5f492fd5aa8288514b5a654d88c5","nonce":"4ec80a1044d5881196f55219","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"73c153f1fdac7a4e9dcd37e9854ea35e13a2693c7982a5896158a2b3396ac9cf33d5dca4f763318df04ab3f1c1","nonce":"4ec80a1044d5881196f55218","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"68e7944708202e0aa334cd5ddc9a86bbf60cfad5200592653165184c9e133189deb6055afc8458db9c8764f1e7","nonce":"4ec80a1044d5881196f5521b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"661decdc255dbc87a8157e3d5179ab34480d0febf8bceb9e9c1bbfa428172e2a5fc75cd2aa1fe7119965fb6dc2","nonce":"4ec80a1044d5881196f5521a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"5b54b9e6ddc7761e6029bbccf56d5dcce89ab9ddaaf5b09d912bf4b1bd810c9b170af0ab62dca0c69ea61596b0","nonce":"4ec80a1044d5881196f552e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"c89e1f03c54e1fcbf3cddffb69d49c439e1e195981172735efacf377cdc64195fceb58a3a169d147a7f3d2ff09","nonce":"4ec80a1044d5881196f552e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"494782f09b08bfd36ed7ae38ddec7a168508972a139cfe3d31de2fa714157f9dad325d87f88fdd81057e315ef3","nonce":"4ec80a1044d5881196f552e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"caeed194fef4edec89d2d00b85afc3438ffac6ba380685094e3a8e4c6e2720f94d93bf5b1984d3254bc446a5f6","nonce":"4ec80a1044d5881196f552e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"fe481541a03d72c93570390e84f686de7ef490d4ff35942b65ed2a10bf77ff4f3b1676c4aaf1dcb468520580e0","nonce":"4ec80a1044d5881196f552e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"aa491fd06930068bd55804c00214cfc1a264708cd1344ffac9bb4885b3eb3de02b4a3c0b23b275c6de30e78882","nonce":"4ec80a1044d5881196f552e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"fe2e3295066d8e8e2f139fe978ee036c5ca7dc4882fc11877a0a2490daa2ef9e4c7b057096eea36938feddafa4","nonce":"4ec80a1044d5881196f552e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"4d6dc58e159d25c7c643647ae7c71a3948d9ffc3f56db8ee0933837f43d34ac7272f4346fa7d8b92f356d1b349","nonce":"4ec80a1044d5881196f552e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"ab2c8b3c026df21e0d32060ead632f26209e637615bfc854b41dc9534d3732772ca532c4643ecd4a9eb4af29f0","nonce":"4ec80a1044d5881196f552ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"13f58ca9b0c727c16cb9eaba06e14ffb7d0aa7b150d8053d221c776d2a5d968ec2557b0f9c6d5e003c92c4b6bc","nonce":"4ec80a1044d5881196f552ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"105ddfe03cf1821120c2dd81136681602fbfd4f09c58a4597308869b05d74c07198089297804ccd06bf0ef0ae9","nonce":"4ec80a1044d5881196f552ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"bffd12f10d1827f3a9fe403a8556ad6432ab4c6ec327165f4423d4bbbec411bdbefcfb8c4e2e7432a0c94f91c2","nonce":"4ec80a1044d5881196f552ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"6d2bf6f491490e923e4f0153a1aa540550e19d9d9f192bc89e3482b5ae65e98ae0313c5523001aac0c823fe982","nonce":"4ec80a1044d5881196f552e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"c0c3f9db0f1a6116b9bc0021bdd685ee0c6828d8240e7f9da01afa9d79cd9bf82756e699b4a6ea078e606e88ed","nonce":"4ec80a1044d5881196f552e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"f55419e647cc97210cdeddfed0794b8f12e098d2b31af1943207d7270f34c28f5fd8a1f32f63d8aa5243d41f02","nonce":"4ec80a1044d5881196f552eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"ffb287ccd386058f57b5534dc82b8f953d8f4598d3e260a39c3c24c39c884e618a8cc5da51b2cbda9d39723755","nonce":"4ec80a1044d5881196f552ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"f3961b10893cfc2294a2b1190f57658d896d4ae84f01350358f0103004db4bf32b95d5d7bccc5f04e24ee83d60","nonce":"4ec80a1044d5881196f552f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"51288745f5c1ca7c53de96c75a1629e521be1f1f357c15f00f557fb020e7b0c042c17f776a19533262793cbee4","nonce":"4ec80a1044d5881196f552f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"585d139e20d730ed5b23fefacb2acde5a7c1df002b4b536a4a0f083d982855fd80c1cd4edffbaa211ee63af451","nonce":"4ec80a1044d5881196f552f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"19db83210843e894a45c34bd088f44c308cb82f0e2d0236e5a77e0aeb28d1644ff75c858b8ae91014b3045276a","nonce":"4ec80a1044d5881196f552f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"a362b4a41072ed7ce04db6e2796e4de76fb0b640063061c480940fd3837533942e406ee63ea6ebb20e4e8e9db3","nonce":"4ec80a1044d5881196f552f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"966fffd0ceaf79f2389fb42e09aa7da02168cdb9f2fb44c993ab22a52570449b7763ea0ff8e8a9651df8f8b8dc","nonce":"4ec80a1044d5881196f552f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"d26fe8e60ba6334deb49161f5efcdd72bfa8050c4ebdab6025dab4e42c6bae8bebe28715954912d82dd952ad27","nonce":"4ec80a1044d5881196f552f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"0d76d347cd5c9119eb04a6bbcc4a1296f337fbd796db41d5ffc454eeb72df57c50cbfd48cd4a7af06e3cfac850","nonce":"4ec80a1044d5881196f552f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"6d8619a332414815a0a5c29bb46ae192abae3017768fdbcf338bc3bf16a9a8ee6c683513ac4148addee293cafa","nonce":"4ec80a1044d5881196f552fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"21fe2c397d004bb83dc8524aa83e21f38d7b85d65385734a4c252e22ee77c33ca1359570133f71e34fa19008b6","nonce":"4ec80a1044d5881196f552fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"2006587b6717b2021e5df835e0a6549e3f5b1da4cb89b3a62604c8d3910b2ee5ea1d5e5a7e833c599da603edd6","nonce":"4ec80a1044d5881196f552ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"eff787d93b1746c61546182ace6422e73ed31a14a2787779f6e9541c69e2799edcd7e0aee07412f09d1d6d1105","nonce":"4ec80a1044d5881196f552fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"0e92752664573a8ee098166b761b10c2e4c32c2c5775f5efb9876430533c566106e5179ebbd563ed02a36fa385","nonce":"4ec80a1044d5881196f552f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"638c1a7c07b7a063780bb16c52a84c216df486c16fd26660911d0e0cf7066730a9b901506e13f0cf8a77f7db50","nonce":"4ec80a1044d5881196f552f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"32595a64cef2cb0e02c878f32cfac0f1e9ca7c80259fb4f22372dc706a4c5498947eefef2f9e74b5fa2515a1f5","nonce":"4ec80a1044d5881196f552fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"36072c5a307fb6faa4f2c518ac410b430ac6834c84910ebecf497e0586820bf0ec3a59f13376087df02dd2185d","nonce":"4ec80a1044d5881196f552fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"db50aaeb3cafa8d639e0b01595d3d13cf77a095425b39a4df56dfaa9da13f3e68ab408b08b9d509c12362b89ed","nonce":"4ec80a1044d5881196f552c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"a94f9b1df69af1b844d9837546c36253c09601351ec4d000579382eb2045f958f236ae54fe406f890386840431","nonce":"4ec80a1044d5881196f552c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"cf80e6145256bfb6e2d73d2611bdc1acfeeea3f10650e44f5f1baef6619416aa32a30e5201d92d1e998857d4ba","nonce":"4ec80a1044d5881196f552c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"33df54b9634ddc89d717dda8f10dcfbb66202f44c218d8303bcb2d7b3b9d12dbffd8348568b8f81f81b84c0eb4","nonce":"4ec80a1044d5881196f552c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"d31b986bb5397bae0ec48187b1321775348e7f3c778d29770166119843de32232cdcd4412a177ad9f0827b8f62","nonce":"4ec80a1044d5881196f552c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"f68cd7323608f7cfbd76980a97657494da8ef380c447a2c2888dfa1efb224a751f8636e96dc3c44a7e5b815e58","nonce":"4ec80a1044d5881196f552c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"fab6a0de782ff750aaba7ee70facb2ebc2d903fcca0f7b4f9c16a7f8ab3128e7a4db7b35a3f36e7e0401efa8c8","nonce":"4ec80a1044d5881196f552c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"eb44a758d60f3f5c41817ea0b9208963e06a5f696b658b2e379c810313300bfd31eaf14bc57abcfb74319b45ad","nonce":"4ec80a1044d5881196f552c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"385290b3cc24f9a863018e5463e471bd181018c9fa160a60caf144b6fe8475de765d48ad5d2576c238dab72ff7","nonce":"4ec80a1044d5881196f552cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"f362e88a4bf377150001e2f783fda06c5c3e74964fcdfe1bd39c30f5307c9b1d9fd8116be2de7671742e502d31","nonce":"4ec80a1044d5881196f552cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"3102d3e32bd2c588bd817c65409ba860669d34359dcab380896c897b865b511066dc1311a44c475f39c83bf6c5","nonce":"4ec80a1044d5881196f552cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"f566a9a751f9b6bcc98364e0d3a4ce9ec6108101a98da8f8d9aab4859889b2701b89e168d4e44b1e09f688270c","nonce":"4ec80a1044d5881196f552ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"cfe6a6b56729383502882b0542d241f0a7c015ae5e2054c3db06be9277e4e250d970fcfd477b56c39b9f859a49","nonce":"4ec80a1044d5881196f552c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"3219f856e690946d474593657b45bd4d68b4605999e54e5fe8cd4db73ed711d06db8b2106399258f2b4b19b9ae","nonce":"4ec80a1044d5881196f552c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"a68d62082115dcccbe4819f1dd1e9f41d4a5bb891d42be1b47acca421aa994085a96417294b64b7d7114ed6212","nonce":"4ec80a1044d5881196f552cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"1fe2b3e6df4d5d3b8e5b43cdd4fc9619706ee0eeb989836de44a9ba2059a49e51cfc7e59c906161235a0c1ea8e","nonce":"4ec80a1044d5881196f552ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"8b6229c6d54a45d8480ffbc408c1467c7f6c28cb6336032e4f53ce855b1c829e32259e54e7e2485515820680fe","nonce":"4ec80a1044d5881196f552d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"4f0746226ef5c0ed58a9c07fed32d03d7d0a1bc4f5802eca1fd3cd74bff6bb40dd9102da99600ee74b1153f614","nonce":"4ec80a1044d5881196f552d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"778c6339c7c80b09fa96a39f86c4455b1a6af3fc804f86543b7f842c6bf0f0e4c27ba9f2c3543b3757420d6858","nonce":"4ec80a1044d5881196f552d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"01c82715898827c14cab5fb2b1a9cbaf007197948f79fedbaec9f7f9ca6a16fee2d03cfed12411e5c8ab4f0ba4","nonce":"4ec80a1044d5881196f552d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"1774a642b5318b4ce7ead522f7e60e34637434d149d14799747313cd1a443c3df5f1cd907f08507b2c05765876","nonce":"4ec80a1044d5881196f552d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"d44a486f62e29a67cdfbeac2ed4de97dde1dcd3cec7efddffbcbd554acf9e653f9d9fa29ef51d63ea21458f9c5","nonce":"4ec80a1044d5881196f552d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"07b8afa574a31ea19e8812c8666da041d0e69f2ba37d5b624ea8c03c8bf2b86589db9c6578153daab37a3a05a1","nonce":"4ec80a1044d5881196f552d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"c16020e60bbb2060f403822ec58130e469961dd4fe3c5cad314436ea9b7ba9dcb8f81ae4549c9a556b82286330","nonce":"4ec80a1044d5881196f552d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"1dd5c2ab4eb1b54a83c4d5394358804eb9e024c7a40708394e5cff7934d0e454e06035471078cf0f0ddaa9a8fd","nonce":"4ec80a1044d5881196f552dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"80e8db2d8c0f9d89856115070b2058d00dcef013e5aa648996c3e61a194d729bc3c857eaeaf6ea0cc291306765","nonce":"4ec80a1044d5881196f552dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"d19592077abc499c53ee88776348372a6947bf65da2bc2c893bb35d963370488243821624b1a0a33dc28313ead","nonce":"4ec80a1044d5881196f552df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"7e8e678a6393da9d8cfce435a03e70d644c99b3bb915a31e2fbc2237847c7f459bd12269e596ac279d274a6bf9","nonce":"4ec80a1044d5881196f552de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"23534f4c012021e3a53e5ab5b22f80dcb6febdd8834b0080398e4054c44ff5e35e1c5bb75a3ce0babd6a4092db","nonce":"4ec80a1044d5881196f552d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"807f6669ca2b8d8ed2b5bafda5a1f738d38d320d318164f7afe6e7f618eaf4c0369ffb8a714bf3096825669e9d","nonce":"4ec80a1044d5881196f552d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"47fb9428d92d567719371b1d8f273ecdb748c39f5a3a24d6d75093fb0ae15ff82822edf8380b9bf4cddd7e81dc","nonce":"4ec80a1044d5881196f552db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"1d53b64954ba2b17d2f67c9ccfec49618bc3c81ee0e2302fda0e06f03599b28fbc59f9d8fba66584f515c5c763","nonce":"4ec80a1044d5881196f552da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"5f91d58b386cae74ef0bd0bccdfc6abfedcc3a2bfaf6e4c37019f80d797d96023d4bec3a2aebfe380de0a7d045","nonce":"4ec80a1044d5881196f552a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"4e92f22a219ee1b0a41086d6133db96c59ee2389ee663eaf8ea92a83a91044cb728c550b8619924b9ffa94dd66","nonce":"4ec80a1044d5881196f552a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"d983fc832233a7411976ead1030d0ec66f86e1f3cfff170b3f2ff3912c7ef3ba28e551938a7d4375f3530b5307","nonce":"4ec80a1044d5881196f552a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"aa9648f11fc28ca3a992341fc7b18bf9e3413cb70d1516dfce0d54cd0918947b909e18bfd46772e1c31b607c36","nonce":"4ec80a1044d5881196f552a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"7884eefd7d89c1be8bda28d26cdc17f98cad7bb22f87606b22038d1c9155a64d1454df947e03af27fbd1b6eb02","nonce":"4ec80a1044d5881196f552a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"d68eb038ba5bcd6a78e914bed0a24cba8ebabb9f1060535cc0e86184f27804d87fc8008570ea4e56d45e534376","nonce":"4ec80a1044d5881196f552a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"a9e2f0b38bb02c346f14f2a74b3c5a8d721b65e1750600e79427a460eed0b95a197308472ddeb57322da2879f3","nonce":"4ec80a1044d5881196f552a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"e356f191a8a3be1b2e5aef62056990abf9682e3e81a43e9fddcebe45b67b039405a542540ea378f0ee54af6657","nonce":"4ec80a1044d5881196f552a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"285d413ebeff8eab2c1ada395649af9185d50fb24d7922343c82cbaee7f07d3394bd421e5b3377310bb8970c09","nonce":"4ec80a1044d5881196f552ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"61e55cb65778e58b360bddfc8812c6928f19ef1c1c96f31f089cd6999f5c674887b6dabaa140c9393b84644c37","nonce":"4ec80a1044d5881196f552ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"cb12af5117abb6d31bad9edb1df3724c50cbe4a3cd81c612e3542f4fcbacc3bccf728c4eb32df2595ddb98811d","nonce":"4ec80a1044d5881196f552af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"f8d6a0c41915091f0dc4923891e3d2cc8aea63f248148a54034b3eaa03f56d9779eaef0d3018858d67637e71f9","nonce":"4ec80a1044d5881196f552ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"292bab0ff312620227d401f1badb46b21a04139b8479ae2239c5ab40def9f3a0302d9e93ad7be01d1d6c250d9e","nonce":"4ec80a1044d5881196f552a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"11011b16363d0cf26a29240852f2495a778a8895e75ff8a2d2ccd0d3a3edc5c28439a4990fe751d33121fda56c","nonce":"4ec80a1044d5881196f552a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"ccc80412bbaab7a79d8d8081341c4426889eaf25fa13008cece624b9416606f7b40bf798da98d830fcd29906d0","nonce":"4ec80a1044d5881196f552ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"ba57f5c437f4135481833ba80875241217cf5aabff8327692b95d1a6ef2b52a63e2f6dd1e5de5f3a5c06d5ca14","nonce":"4ec80a1044d5881196f552aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"a836e0dae459eff2761158e0454baeb3e94aa85a2086c87a95d78a12dab554941bf427e3f4955ca38c2f5250f6","nonce":"4ec80a1044d5881196f552b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"40e97b6fa4fe3b0313614cd530da54528f11ae0985cc9a9092f27169c8f3f02362d3a7c716fc6b9dab1ee73b79","nonce":"4ec80a1044d5881196f552b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"90be41cf98cea862d613d7afe1539a5b5a3a62417c9e0a216ed4b41a14565f69a40279788179174d316a2d0194","nonce":"4ec80a1044d5881196f552b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"6dad128d2263c74a8723fc88378ad3169adfd734f10ce63d6914ac91452c35681e7e24e87b8be4bd1dbba073fd","nonce":"4ec80a1044d5881196f552b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"029c166af712b894d0eac8384200ddff7c95f8f3009d396531810d51c6a5f2620ceb72043c353828fe125902dc","nonce":"4ec80a1044d5881196f552b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"05ac64af99c29dc88b8625fbf250e82e6cb6f05447b3d53b5d98376bcb703cfd26c6adc2c2a857830443535fd8","nonce":"4ec80a1044d5881196f552b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"1329c7e74d9899d8ea6ac71b2946efb08a18b0cc570dcd525e5fa31a45e0b619ea02512e25d2d88241b34337a1","nonce":"4ec80a1044d5881196f552b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"a963c7dc640d8d2880feaccdd3da1842570614224cd015c73764193a39e1fb4835c2699d2bf0e4b927e509b5a1","nonce":"4ec80a1044d5881196f552b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"d0a2c1ebff14b64d6b691c2dc48f8428a34fe7b272e442af856a7b8f7427587af41433965923bb688205fa725b","nonce":"4ec80a1044d5881196f552bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"b450e6c4d075f7b83329b534ad881129b987b0c9469fdd5a40c7ff55ac99a4347fb036dcdadaa01ddf76f047ae","nonce":"4ec80a1044d5881196f552bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"c5483223ef326afae52e85131dc3e0798023188c6c8004e9d21fbcdd86a4775bd809539c361c69a1acbdb0e067","nonce":"4ec80a1044d5881196f552bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"3cc3fe46ebbf37eb753b779cc1bbf9033ebb2cdfea236a25786b17845b89f2b853f481278800c4d4c64f2560df","nonce":"4ec80a1044d5881196f552be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"2d660dfa9aa2c6932ac58b50203d0854d7729c70c6ee3d1762e27f26880392e4ffd3e8437ef5ab9db85ed5a83e","nonce":"4ec80a1044d5881196f552b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"2cd128e79e0f2e3bcc2647669873cb6126e2bc246abd67cbe892f5271796baa2478f9c356c79066c78fe7b9004","nonce":"4ec80a1044d5881196f552b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"082c4ad086c18d3100812040141df54a0970d40c545437e0da80a581e8d672768f9f6cb5f9a6e2bcbccf0681af","nonce":"4ec80a1044d5881196f552bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"00722d51758aa3ddf37124c5b7e68ef5fbfc1789fe406646c1ab0f0b9e0f0ea7093c64396dac31fe10a4132bb7","nonce":"4ec80a1044d5881196f552ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"ecbdc03d169797489df6131163f83653db2dcb18f3a5845469a629686f5bb8346ee8c1dc488bc1f4421966551d","nonce":"4ec80a1044d5881196f55285","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"8b8a27c031e8612061647449869464f2bb6fd923e471f61aeab21a5aee9e1b0b4d4e2379686b54252abba93871","nonce":"4ec80a1044d5881196f55284","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"8ded192d7299a7c22633e3d4e599a34582a3a560c8a3008d3731aa25c4cd80f281c749b2cd154794ff91f55095","nonce":"4ec80a1044d5881196f55287","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"e80a9e1301b6ab060eb1799164165ed6056628fa49e93ec0bbcd1ee1e00cf1259692a54650249e5ffa74e31182","nonce":"4ec80a1044d5881196f55286","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"698fcf3611cd53674d920c8ac326ec0e3262f3988af959c18ed312b838b2314feff4d5caba73e8ddb33d35a43f","nonce":"4ec80a1044d5881196f55281","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"9b88d91a7d1407c5742eb58b1decabd8a9b9bdb5c534eb561eff67a1fd608ea7bcc08644e86d73e9832c348669","nonce":"4ec80a1044d5881196f55280","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"cb637dfe2685f095c4ddf3bf61d21b14c2805c57ffed9f33b0d1b80a471a6d8c5c66c9a12b4db64f7136de6b77","nonce":"4ec80a1044d5881196f55283","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"6dc3ffa0765afc630a4b6ca2b9915538022874022ce7ee1000e39ab821e9ecb26b2eb9919598c53fd15f90693e","nonce":"4ec80a1044d5881196f55282","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"1d16084647e6d48068a940bd8f102305ca9a578850b91339d7d33653312f5839460ce4a5f0802aef6d526ade5a","nonce":"4ec80a1044d5881196f5528d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"29bf9353bed4c78bfb795b09a915fed3e76ba06fcddb7229988c10fed0dd4eec9039f4ca3fa597358fefdc1784","nonce":"4ec80a1044d5881196f5528c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"8ee765ffaf967d60fe3dd4676da93517122e9bd3e7a812884644d5964283ee84f97f27e71504393874bb388a5f","nonce":"4ec80a1044d5881196f5528f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"0c8e3323539e2bf8513194f205b8692a8bfdfe065e41e9de4030d8f770612bd82dbcdd06c88cc6e717376e9aab","nonce":"4ec80a1044d5881196f5528e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"42dc5c61daf2250fc228a86f942c3810db9528b768b1019802d1f9c347b460f1c5aadacecf3282793bfe99e603","nonce":"4ec80a1044d5881196f55289","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"c946fdfc5b7b616245c3760ec1007bf098f711ace5eb895e7f753957b4de683242b2932fdd61fe7ff3c12413f5","nonce":"4ec80a1044d5881196f55288","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"e4323fd1e9973ce83affdf8e1d45023126c3375ff4c9d6079bb9bd2ae28312e1bb2796b71e6af436cc9bc76e7b","nonce":"4ec80a1044d5881196f5528b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"ba96062862caff7ddc2cae5790f57d81f74d49d138c6e483bf0e86e1191479f0893b7ad1023ee4090f0e524d71","nonce":"4ec80a1044d5881196f5528a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"e3bb08ced2f074760d5b9a39f48aca4eba08e3004111b765d0b09074f41d02a92fc9a6bab447148898e99ad472","nonce":"4ec80a1044d5881196f55295","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"9fa6423d062dadbe9f3398836e3cef8711f64219c09f902d83fb3d5780433e760bda89d92add8c6d2f94eec1ef","nonce":"4ec80a1044d5881196f55294","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"795ff7211193968c37887cf2e2c741c942ffbed37ae7e4eca211554d578cde68b828a1efa83fd72197250b9527","nonce":"4ec80a1044d5881196f55297","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"48602e9695427f35aaf898fdf9e66e965e0bf2b33c6e9fe37cd7f8fb04687ed114c7f9666790a5a11304ef4201","nonce":"4ec80a1044d5881196f55296","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"93b9ee00736abc5be834bf9f214984f5b990211d648a1d095008a8c7fd9f39ff24c55bfd1bc9333c9ee6daa427","nonce":"4ec80a1044d5881196f55291","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"2adee8dbb291c559f7b589f17ddc88894b01058fa5164b7b4c7703b1ac4651c880c21f6f0f9ec8b08edffde886","nonce":"4ec80a1044d5881196f55290","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"190779c335fe9288fadc2a6241ec76063787fc7e557237c47f7176bbac6f8b23baa40106d15862d75f943acbc6","nonce":"4ec80a1044d5881196f55293","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"aab4bfe463087eccbb102374d4185e5c2fa8e8bf074be0a7bc2fce20cde6ff756b650c25ac99bd8b4918def5a9","nonce":"4ec80a1044d5881196f55292","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"a654d2556a9102bf9baeb1b8bca651b401ba7a78606eb261cf8a9fc58d3b9310a29a3127174d8139c26094f7f4","nonce":"4ec80a1044d5881196f5529d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"aab03f58c1ef3ca489c8b168c6da608c6056ad5e0f68cbafe41baf0c88f2aba7e575f7e2de2cb7a39a3655d080","nonce":"4ec80a1044d5881196f5529c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"62bb2b0443c04284813085a738834a244d5bd9b6892b699da70987d7285f2ea9942e014afa1d3752c2bdf69e52","nonce":"4ec80a1044d5881196f5529f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"3032d2b0b36fc08343f13eb3355a221c267e98b19f6198ca0fdb1f56958c0bcca8300f91a9315b65c84e45336d","nonce":"4ec80a1044d5881196f5529e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"bb661b87747e8b49aea2d394d227acc948e95a761c6adfb4f91444c02306902084c23c52a2a4d47320c5dcb9f9","nonce":"4ec80a1044d5881196f55299","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"cdfef04852bcaf1424afe6f6731d94ecbe75078c78bcd8bc4d009f99171fa47cd8521c72c3e7164ac4daeb671a","nonce":"4ec80a1044d5881196f55298","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"0a53340fab22cdb70216e41f4c0c3c24ec36f20b472ea7391a206f679638d6b4169987bbbd5374333e4987aa14","nonce":"4ec80a1044d5881196f5529b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"3f08d1e69966f495f15ec7b8a3bf187d96748636bd1d4dbdc9d66589f35af4fdad0f946d9ca340707420ca5047","nonce":"4ec80a1044d5881196f5529a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"f119ef2d90455a706185974a508100f8dd0098b463c31db699971f3c20a3f6b8783d4b99948edd6c2663f68781","nonce":"4ec80a1044d5881196f55365","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"927a9af16036e67245bb2701c1c381be93687eecce24281c5ee23367e7d2c6d8"},{"exporter_context":"00","L":32,"exported_value":"fdfb03f3a9359ded10ad52954f432481fd1f7e64303be022fd5546972d20cc81"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"ba08d8f7983e7256dd5b0d2cd9bd341524d70a01c1049696ed41deb507dd91a9"}]},{"mode":0,"kem_id":32,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"dff9a966e02b161472f167c0d4252d400069449e62384beb78111cb596220921","ikmE":"3cfbc97dece2c497126df8909efbdd3d56b3bbe97ddf6555c99a04ff4402474c","skRm":"7596739457c72bbd6758c7021cfcb4d2fcd677d1232896b8f00da223c5519c36","skEm":"4c58cfefe23a4b358a6478b0a354a17c775a1d97ae3eafc83116d94bbf685404","pkRm":"9a83674c1bc12909fd59635ba1445592b82a7c01d4dad3ffc8f3975e76c43732","pkEm":"444fbbf83d64fef654dfb2a17997d82ca37cd8aeb8094371da33afb95e0c5b0e","enc":"444fbbf83d64fef654dfb2a17997d82ca37cd8aeb8094371da33afb95e0c5b0e","shared_secret":"8640e0fb0f711034cc9d4172db55f24bd6ed92e26c094ad203ed55f4a9ae6d0b","key_schedule_context":"009c1a42b966625d8f49a6891417e3e774785966900714f2eeb46c4a861c46bc3e58d12f70c2229ee80fde4c8659579fb5777cbcbae107b5bf39630df436fca2c5bb9eb0c9438ce51a3d15506a2bb334f7908dd2db2484418f7c6ce086dba4dfde1a676a2c891d7ac11bdcc0c988de16be10c8b8f8cd38ce906bd92140c74124d3","secret":"2b49298dd1fe0aabdca2038126dddbf4b0c3d9f9500fe8dd1f09671664618226657d774914304eca9d010f1ef9a2f5ee49f4d4bf5b7c47ab45ffd71b03688ebb","key":"","base_nonce":"","exporter_secret":"d764d7210767209a17580bfb2d4579214d7d874a88d66c957750a6f737450ec40b3e2553e64809c6199910d5b08c9bec5caff7aa4264a93c5163394abad8458d","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"de6f58a2f01bbdf050d262c11cccb40313c454ebd438614b73a77b9a29d003e3"},{"exporter_context":"00","L":32,"exported_value":"b226100bc74552085b115aa2078fe5063a453c32f59ee096893fd7cbeeeb3ce7"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"cf6fd26feb7a558cf682dd0fb9852120036763024338b0b2622e44296b828cfb"}]},{"mode":1,"kem_id":32,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"3a5afa71e1fdf1687c12b706810d31a9721f0eab4db5bcaa484a8afc805b0905","ikmE":"eb4b7cc486a3b7cb0133e8a6dba14dc3af7ffdd254aa9c5c0c2f9cad043c0d4a","skRm":"5d3a033fee5d8d878dc762af58daf6587543c6772db9ddd1118a40bf46da95a9","skEm":"2a925c28080d915008368aef7235b52997602c7a12bcbcd660a4996a6965bad0","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0c91b07699f0d3ef774098af66a9f5520247fbc2ecf774adca2b10c0c0d05141","pkEm":"35ae5d785f67f181f4031f834b05feb36c19317e38c9f687e30d89dda09be01f","enc":"35ae5d785f67f181f4031f834b05feb36c19317e38c9f687e30d89dda09be01f","shared_secret":"609ad7e1d3760159e09fb3a2cb9002744c746c75413718cfe3378a6e04c4f7a2","key_schedule_context":"01ea4d5f2659071c69c80731d91136e9c10cc3e4c5872ce150ce8e117a90f7fda90fffac95ff45e3c3d976ee37219e448533d94c8c956f5a45f3ac6361d27663ecbb9eb0c9438ce51a3d15506a2bb334f7908dd2db2484418f7c6ce086dba4dfde1a676a2c891d7ac11bdcc0c988de16be10c8b8f8cd38ce906bd92140c74124d3","secret":"bd314209b876d9ae7abbd267d2f3b46d2700bd7de2834464d35ba7de17cdb4826a186da5799b3d0bab8712f5df365f7d28c2460b62139083eb2c08e229e899d9","key":"","base_nonce":"","exporter_secret":"1eafd45597a3c51986b95770fee742f80a0dd5aee3608ac07f4e2fe2ca4655171ad0f6f0e126a64c70a7bc2d63c03c50465dcfadcc5b8ec63fe9f53e00a776b0","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"c1f7c61dded687ae75d16b9249c97bde1de1767bf0bfb875cd15b7a18a20ddd4"},{"exporter_context":"00","L":32,"exported_value":"b86273ebec0b011f7bf6b414baa4b6cd0fd88043dbb59551b2d92bdfcf05186a"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"5b8bc279941710c9fe22b3e4f00a2efbed4fce662057ea2b6e37f3081fe050c5"}]},{"mode":2,"kem_id":32,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"5531469a99e1b97a0d87d1a6f96f82f852b1be47fea61365a044282c25f089d7","ikmS":"f1b4077a249f54d69501a13d07da8297a9a13d8150807ec0a3fd708eceb4abb1","ikmE":"95b7da893cc742334319b331f4a335dc04e1f5a06ed7d515844d0d9866f84435","skRm":"e5522733c069d8c0437a4c3a35170b8e4b328a9636eac315c38f0914260335f7","skSm":"b65a9bf6ec32e934640e35c60b3ff783eaf9939ec5229346a65756bf037a1e23","skEm":"c2b48c51d6d4684b41a2ef482055a4296252eb86d4aa3e46228b1a925b3764d6","pkRm":"2cf91c8e086e8c7954534ff96b22507acc103d07ef8545d53a16edc6b0b08538","pkSm":"fc43f7df334080185c2d9a8869d7c25845b3b42486b108dd59656b69f4e1885e","pkEm":"c639727ac6313c1b0dd33c67a5f62ef9a6a97ef058a229db84f06ae9a113fb46","enc":"c639727ac6313c1b0dd33c67a5f62ef9a6a97ef058a229db84f06ae9a113fb46","shared_secret":"c32b36c3e550e4a3ef44e5b59f5bfc09309a3763f348fa173a11a4b87cb5c2f8","key_schedule_context":"029c1a42b966625d8f49a6891417e3e774785966900714f2eeb46c4a861c46bc3e58d12f70c2229ee80fde4c8659579fb5777cbcbae107b5bf39630df436fca2c5bb9eb0c9438ce51a3d15506a2bb334f7908dd2db2484418f7c6ce086dba4dfde1a676a2c891d7ac11bdcc0c988de16be10c8b8f8cd38ce906bd92140c74124d3","secret":"4cf88e3a29cf571f4e1ae38deecada3fc9e9689d955dd560fbcd05bc70d045386ff7ca873e81c1ed8a87e647f6ad14d5ad8fa76b6372d592b0ac3296a3eabcd4","key":"","base_nonce":"","exporter_secret":"b5349942ee5bab24d97d011614ec126ea49f0b988c8716d70971fab4dc4797d19792635ffed3bf0bece5dc79cda417c1ecde386f0fa8c23b4ba2f8b976ffd1d7","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"d8b6787667dcbc1b251305b5705c6465c47021618fcdf7e07970353da3495853"},{"exporter_context":"00","L":32,"exported_value":"b7e267610c9a00247761a71050e6fbfdaab6aaf34cccda5e9b8667cec289d9d6"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"f3c619054300478ad0a04b3e2eb29fdcec895ef16a7a7cf46b8b3592bbe45cfd"}]},{"mode":3,"kem_id":32,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"60d057243e87d14e50a393ffda20ceadf6ae05d05457d58a718f82fa82bcc0dc","ikmS":"acb5aba17b60e51a31c8b058d20c6e27a1a2186cf44622328ad0cd2e15184c73","ikmE":"4b622248df8f6433a3f5e2e665c6e02dcd4d0e7ece7706def74b9afadef983ab","skRm":"e37c2a39eef41660b611bd807510452fe2f6e44e56260419be372a09f356818e","skSm":"427ce55904f92d7fde0bb527dfe8b4ac5f5f1df75507839b33ad1e3c9b6f8ba6","skEm":"4f98adf00e32206c66254454a434b2e804f798b01be15a97b83220dfc791aed6","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"016b76f044f44547d79ca3c93dab96b88472232390ba1c5d613dcce8fad85826","pkSm":"8b379ee6d1a8388c78ad9dae16deed3268ceb6377dfc18048ccbe70517e2ca28","pkEm":"6a36791cf5ff1dda9df3fb6515b41febd56fa722a839b9b9343a8e38698a1740","enc":"6a36791cf5ff1dda9df3fb6515b41febd56fa722a839b9b9343a8e38698a1740","shared_secret":"cf92a6a79d8a1a0672c6834171272eda2098f6ce354e5ebed594f4224f04fb93","key_schedule_context":"03ea4d5f2659071c69c80731d91136e9c10cc3e4c5872ce150ce8e117a90f7fda90fffac95ff45e3c3d976ee37219e448533d94c8c956f5a45f3ac6361d27663ecbb9eb0c9438ce51a3d15506a2bb334f7908dd2db2484418f7c6ce086dba4dfde1a676a2c891d7ac11bdcc0c988de16be10c8b8f8cd38ce906bd92140c74124d3","secret":"fc19be79881155ec56556b0eb0e7f1602538bc66e43f2601a1915fee41b2f1a7db1f7c4cb7881ba6a83c5fc7c990fb1dec3b854b10d8f8e760c3ebcb1b4e24cf","key":"","base_nonce":"","exporter_secret":"48b47afc93504a070570021bce776553f03e13ef18dbd24af856904d3622f07dedb1bfdaed3b7b7b42a51cf599eba3dbc2ae6e4c2448f9c654bb2847bc021e45","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"8e8da2328b6f2da97ed03b975549ba06fd2d3bdcd7d120a587e5a2a59e5c35e9"},{"exporter_context":"00","L":32,"exported_value":"cb1668b42bf15013968642317bd5f7e624ac5ba3e53e390e79841b26b7cb3a7e"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"ff79e3c7d5bc241c2b53aaee182e3534b5ecf59c9e983cb2cf5cfb54f43a0fea"}]},{"mode":0,"kem_id":33,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"d45d1652df74920abf94a2883c83050f502ff512ffb56f07b6d833ec8dda74b6a1c1cc4d42a22641c0963d3c21ed8261f344dc9e0501a81c","ikmE":"6e7c63cb3a0b77cdb1ac289e1ac02749f97f0f18b4f2a6e0e3ca170173d0c02d48838081b9c5d98af919e8a79ab93e17fa7093a6af6fda01","skRm":"27a4354608f3bdd38f1f5af305f3e0682efe4e25808249d8fcb55927f6a9f446b8dc1d0a2c3b8cb133a5673b59a6d55ce754ec0c9a555401","skEm":"a284fb66158038679a7c1106afe253385ed683e67cdf5c89e9e3e6f0374190343a1d81ae18626a0f9a75f17a7cd9b14aaf27206a5d2eb6fc","pkRm":"145d083ea7a6379dbb32dcbd8aff4c206ea5d069b75e96c6dd2a3e38f441471ac97adca641fdad66685a96f32b7c3e064635fab3cc89234e","pkEm":"71b965384ed06d5ddf43ae816ca30d8cd61235e98d13fe011cfdba7d19488134c626f087d3fd9b6aaa4d4115ef80e9074b53f2c0fa3d5ecc","enc":"71b965384ed06d5ddf43ae816ca30d8cd61235e98d13fe011cfdba7d19488134c626f087d3fd9b6aaa4d4115ef80e9074b53f2c0fa3d5ecc","shared_secret":"e0f1ddf832f530335c9aabe5274f61e354d39f32ba4e33556446ee01877db6150b046748d1f25d0c7f66bdb2632915c8d64e04649d23b4a3f0249c5a835434bf","key_schedule_context":"001106b1a1933067c87d4d746f7db5f197ad5107c4c5c2b8755555b63f50bf121e2030461bab15fdc38b55e526b9f9cbf3342bacd78553d0ce4eb4260c52b61d24","secret":"b5e2e1fbe1937297af6983e98d4508b21ef38dd1b0adf81b87b6bfc26cc640d9","key":"d4d5d94e1d939765fcaa90743669ee31","base_nonce":"cdd67aa5eb2aebfe64df27c0","exporter_secret":"3c0234b6819e09215a6d9d3b399e15520a037e9a66e7aa1f7d424c309c356100","encryptions":[{"aad":"436f756e742d30","ct":"fd9bb512ccb5032a34cf289f1c1bcbaa4e4df667b39a2c9d1277ded6255c375388308668d6e7f80b93764528d6","nonce":"cdd67aa5eb2aebfe64df27c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"06831ed366affbbd1cbb9579a5622c233197cc20ab0a72b1aff7277a6ea14bf0a9e2e0d0787654eadde328cb46","nonce":"cdd67aa5eb2aebfe64df27c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"884a8b8f76ac47a6edaad9ae93779673cd39d5a50eec287f75be71e46d5a376a3dbabdf827ad105d3a37cb0cf0","nonce":"cdd67aa5eb2aebfe64df27c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"551790a1a57a39c63bfe2de8939ccaccb053278d3441995ac07ada59e5a56e6cdf90078e9151a7a2a2e4b64763","nonce":"cdd67aa5eb2aebfe64df27c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"2d4794743c16fc92b9a3f555e000ef74646b47b4503cc7c04281fa91977d08157dea4c6f908fdd937e55ea306c","nonce":"cdd67aa5eb2aebfe64df27c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"eb8fd559383ecfb1c6358ecc3f97aeea4fd7b4b023a417e686a66f78b168a806f27caf54fae323e1957577b487","nonce":"cdd67aa5eb2aebfe64df27c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"ed763c7f49875e06ec55a1ea0e57e84e215020550a74377ac6b0700c99417d43e3b6b8c40c086523ad19c8db65","nonce":"cdd67aa5eb2aebfe64df27c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"52aa8d2a50d63f178b20e6903fdfee53743455c98c364ff945b07c815a9694fdcb265b9a20f44e143099c53f94","nonce":"cdd67aa5eb2aebfe64df27c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"c05e9a504bf2f8c6d666c509192a43eebb792f176045433142d81d4cbef3c95de7d0da711f903322a213b2294d","nonce":"cdd67aa5eb2aebfe64df27c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"0814ca3d6fdb6d5446443c1c4782bc0d6aa4fd1fc881682526e03d6ccaf22f1ccd5330b38737c1bf3788e374f0","nonce":"cdd67aa5eb2aebfe64df27c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"8d9e3d30e31d68e7786a31b70ab935b41a9ac12e6f50b2e482663481209a9b2efe85b7af0fba42a583cf240b25","nonce":"cdd67aa5eb2aebfe64df27ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"f1e5c5836aaeca88dcca23f92e4ab422c63a662f106b004f2a872087b4180104ce47af4dedf31fc5b35e658160","nonce":"cdd67aa5eb2aebfe64df27cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"3aa28b09d3e87267586a42eb975b0350e6aa07ad4b9bf065ba4f1e671c3b18d3708a6baee0466a41c6eacc913e","nonce":"cdd67aa5eb2aebfe64df27cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"077def18ef61b7803ed39582f9ddde80d31ec5a397809064f9f05f61cf54c50a657bb0fc9652577ec9ebff470a","nonce":"cdd67aa5eb2aebfe64df27cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"1bd5b313e9646289e2e6ddc6cee3875eebe23089c9f49fe8d4c6e118d30bb4d790a77ecb1552ff6dd6b3900bea","nonce":"cdd67aa5eb2aebfe64df27ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"e615bb90c5b681dc0d76c98659b7e6397544b755c131963a120ce040454791abe8bb42655a57178dcd759a6fe8","nonce":"cdd67aa5eb2aebfe64df27cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"dcccf0c74d47d8cf49bd4f0bbe1fc82b73c6fec9ebcceab6c83d85ce94e9e455424f7128f2470c0eefb50bc43a","nonce":"cdd67aa5eb2aebfe64df27d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"0c7cc36eaf758f93cbd5bf0884b9efb630f948be8165dc922176f7843fee5291d05900e08d9dfc7bd6d5ab4339","nonce":"cdd67aa5eb2aebfe64df27d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"fc7b269189aa8959ab4893a1c96c6385b9182cfafd71818cdc0462983c92e4c0eb92c64f99c93b1982a87c3021","nonce":"cdd67aa5eb2aebfe64df27d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"e31a067330382748ce4c8bb0fbc0dd07c167f0cba3039189c48b3454ed5a00a3974b9a6e7382f4437b56ef3ce9","nonce":"cdd67aa5eb2aebfe64df27d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"450178d047a429e42124981ac1c8176985c7243895e436793a4380f3258c2b803f8359c135bead045994b0c397","nonce":"cdd67aa5eb2aebfe64df27d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"6d5355aad37ca84cef6663383bd43b1a8e7d6b5963ef78fc9e29283b56be7e132d01507a07b48a736379bb0eb6","nonce":"cdd67aa5eb2aebfe64df27d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"456760805621b8bbced449f3dc4915d391f181c6a94455b4fc2f7f039a20f849bc92753a7cb5ca2f75aa83e5b5","nonce":"cdd67aa5eb2aebfe64df27d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"37ff0f0cf5b329cf0dfb7fece5703a2fe74b76b280f6bde13bb884e876875468214a3584cc25e88642f3dbf15f","nonce":"cdd67aa5eb2aebfe64df27d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"13a860a5001d7e1845a8a11737824676ddc5d33aa04388a48f67d16ce2b757b27a7c2d4d46c8bbe0d4d8e6b904","nonce":"cdd67aa5eb2aebfe64df27d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"376ecd0b487601ed22e3c99bb9ff8ccf9f6fea6a8c9dbc7e6eecf759ab489f562fae116cd5c1464cc3938c9d1d","nonce":"cdd67aa5eb2aebfe64df27d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"3106f9d1bde27dc7d355bda5dfdc3b045472f732432ff44a1d759a778f494e7ebf3319b689769b5a6bee6e1e52","nonce":"cdd67aa5eb2aebfe64df27da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"9d9e153a7d52aff74d1779dd3a933be90a7ee9141a6c0291c61b0dd136514ecbb0f4151abcd7d8d65bd950e797","nonce":"cdd67aa5eb2aebfe64df27db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"0b313d877140b025c97c9f59bc215a2c4ce3affbb80ff25c51957054f0d5b2b3ab56505246da1dcc48cf9ead9e","nonce":"cdd67aa5eb2aebfe64df27dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"89398e839336ee538032c1b7504e14cbe0a5785a0fabb198be3eb0e332dd15ba3df98440eb50b752aee9c0c7ef","nonce":"cdd67aa5eb2aebfe64df27dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"4a40e11ad0edf70f6852aadabeb16208f59c8f7705caca0fb7994d38a59385edbfa6079f95698a0d4abdac359e","nonce":"cdd67aa5eb2aebfe64df27de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"57078d36ad7377da3d73496125bf1ced36e4bd666cebe0b6b81afc2cd3746271109166fce2e68df02aa9d1f1c0","nonce":"cdd67aa5eb2aebfe64df27df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"ed92dd5e788d884941807dcaa4546d61b1ab6ba12d4ef522d206c6a9261fe0c43cfd963cf6802cf3ef7a946cfb","nonce":"cdd67aa5eb2aebfe64df27e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"a49ec939107a1d4f3a4214fa0b150184fef9c88010bf323a4dee617a9404cc7a136ea6b676c40d2cd30157dbe3","nonce":"cdd67aa5eb2aebfe64df27e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"0f8a8b7a536faeed647cfde5f7cf953ec02d850355da4a5912c2684d97a2542d4a80c65e59dbf7474d5cf1ce8c","nonce":"cdd67aa5eb2aebfe64df27e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"64b7767a952bab374f959f5d9564095d5cff5c6913c8e175d567df985c3dbb22f34cbdf501b5072b2337547368","nonce":"cdd67aa5eb2aebfe64df27e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"cb56e7bf2616b3d4de1cc4752771a181e34f2c26ea09bb2efa114366d07f57df70be152e81b313f188e2189840","nonce":"cdd67aa5eb2aebfe64df27e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"aaa07493c5a668c0f2e6923600784256a5d202301157c721abe9033bef67c59e696cbda3abd5866b6756ccf140","nonce":"cdd67aa5eb2aebfe64df27e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"187f1e41f252f95aacca04ca8f283ab089e276c3b6d1077faf7a85b7c3892474050c9c82500ad58f3c0a5542f9","nonce":"cdd67aa5eb2aebfe64df27e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"7cb61c5fb3a8278d96620acb1c6b3ed09fbce1d9d1a999bd96f4fdd4c524e6a7162f2478f2a07392f88e5a4320","nonce":"cdd67aa5eb2aebfe64df27e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"3e93df02a1e0de251563d7857721720f5311d957e366bd1275caa6f4cd9bc71fcb9e9446c36ab9cb9efae3db1d","nonce":"cdd67aa5eb2aebfe64df27e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"01775d166da9494d58d54b9246b5bd5a04a6e9de4108c663e6946ab6337702743bb5fed0adcb3a9894f87ceff8","nonce":"cdd67aa5eb2aebfe64df27e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"9c0fd0c731e71ce4a3a63b9ab4e35245edff310c74a2ec7b135b4111ddbb01ba07596b968f5347c0635f8f5964","nonce":"cdd67aa5eb2aebfe64df27ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"c82675cb4acdb8abff7cc0edebc394f0e37539fc56fd0b8ca41dd08c92b3df81085591920b90e50090556c99ed","nonce":"cdd67aa5eb2aebfe64df27eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"b889b16481a3a94953038eb2030f94643634dd06bc0bab86654dd1bc7f29bef7c1272b3ffa8776fa6fa2c2016d","nonce":"cdd67aa5eb2aebfe64df27ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"c45ad059c74fc973b45c4fb881398c3f55de92b36dea9ca0fc202f6e97f05329231398dd551a6814b97a40ab41","nonce":"cdd67aa5eb2aebfe64df27ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"eb91127dc899694aa7ff1744ee1569419cf98d1beb16228169875fac9883e211f3feb408c6edbda0f7a229ebd7","nonce":"cdd67aa5eb2aebfe64df27ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"adb9cbaed80d1e1dd0cf9a2e127466c5d29b8e6fbd21e31955b8a5acba95f55da313847fc124d9132505b2d862","nonce":"cdd67aa5eb2aebfe64df27ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"e56ae933f85f0520f30126dc5754a7d5074e0d620d512dbcacce766d33657496066519ef76b4b45a1370dde796","nonce":"cdd67aa5eb2aebfe64df27f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"efaf5c4cbb9604e64d32ea5d1c56b8750143793fdfcf53b9c25d70f20ad59a037243f0bee3b5ca366753b22721","nonce":"cdd67aa5eb2aebfe64df27f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"fcd47b6288bf862497508fdd4548183d16a02c444b735eeba4d7da79938ecfec6719bd73b567d91659790b1b6f","nonce":"cdd67aa5eb2aebfe64df27f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"ae406433f86048efabeb79589821c4d01e181636107dc64bd787efb8e47dd706e97af98b3a13334defa1794f68","nonce":"cdd67aa5eb2aebfe64df27f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"08e2658105e8b6b903a75d03a2bb61ffebd19fab412337188b00186d37eb2086aba832cfa5edc00fefa7246fee","nonce":"cdd67aa5eb2aebfe64df27f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"31cc0787f308b6518c5ac37846f188a12bfaded7f5742dbd0ddd0859fade515b6493098a794c63fbb37c4aeece","nonce":"cdd67aa5eb2aebfe64df27f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"67a6f4350a74a7dd507ebd34b67c3bd0dbde1f670a54314c9bc3df16f10b00134df05e3f754ddc419263064cd3","nonce":"cdd67aa5eb2aebfe64df27f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"8a2cd2bc15fc26d40edae5d8a8b63a12f78298e5fa4b5a019610f981fe9d70d3ad45b9ff69516ff34ba2954713","nonce":"cdd67aa5eb2aebfe64df27f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"8f6555f829f243a01bfd6b4545711bc91232993fd868ac7ce4392f2224c02ea5542b7282c00af22ad9eb85935e","nonce":"cdd67aa5eb2aebfe64df27f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"c0a1721f61895a24877ebb6b36074f14809522d8beda33d4670acdb1877f8e553870f837275d7a68a4563b0439","nonce":"cdd67aa5eb2aebfe64df27f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"812d1984f7491530f77aaf7e4b1d5fa8f2606dcc9ad9830ff19ba1b5d8c2a3276949322320fb763c2a40449a8d","nonce":"cdd67aa5eb2aebfe64df27fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"583550610bafc288724b597d3d6cd2cc348a616226951ec3b3ea316ed8bf229545ba79104bb533feee722cf798","nonce":"cdd67aa5eb2aebfe64df27fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"2d889b1b3093f663b0c9e8c1738595d381f6d6319ddafce5d4c2617a6e77f16db1793f1c04de47dab2b589c8a5","nonce":"cdd67aa5eb2aebfe64df27fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"705e0484acc8c137106d3c0ef5f35d70fcc8f8e17f646d5d23f94712134b253a39cf6b08aa23873b0c80a47c3e","nonce":"cdd67aa5eb2aebfe64df27fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"e669716f41a8a09f502c313c508bc7ef25f631a1b86ec49a385ae5ac7b171161093c99de65ae7b7cbefce53d36","nonce":"cdd67aa5eb2aebfe64df27fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"6afffafff9f01db8ab3e43d53f52bb6415f43d62240979c787c1f60b18a63bdb5ee29d0bc8da42f1cca422ba24","nonce":"cdd67aa5eb2aebfe64df27ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"b3ef3a71ce6522350bd5d72a9daa69b56b7968d152d440b5d9c923456e5dbe2c4c13c53d4fb68d7fce2eff7026","nonce":"cdd67aa5eb2aebfe64df2780","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"0d6c282c8e50215a4e581582b94d0c2d55e232d6285f9ee1e3908b3947b3ce24ef278bdeb2efc236b03c034f07","nonce":"cdd67aa5eb2aebfe64df2781","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"27115fb4e9961ab27594fabcd5d5b2c8b1b9fcd27be2423db3c650cb22daba0f3371dab617d8a3668591521304","nonce":"cdd67aa5eb2aebfe64df2782","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"4477eb2d116bb759d262132cce4392a71dd372cd181929a2d58670e5e554ad40e5e3155a3838778e003a3dff05","nonce":"cdd67aa5eb2aebfe64df2783","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"8418145a796c636cc313f6d3fbedf1f1ad912d6c5d89dc7ace764f1df749047c660915e76bc4b4837197d2e20c","nonce":"cdd67aa5eb2aebfe64df2784","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"bec29ef42d5883b61687fc898254a43cfe9f56033f110eae24240bbb352014a6a2cf23f54ea3c8e42ed504462a","nonce":"cdd67aa5eb2aebfe64df2785","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"a045bf5089e33093ce0c1e4a6e482528cc967f1a91cdfa9ca9f39fba26d9bfb8c3c9e7041db291817fdf2edfe1","nonce":"cdd67aa5eb2aebfe64df2786","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"09bad1b2b8df80e708f487cc6742f2eefde7f2fcda5cc02592612b9a1d8c014948a02e1a494095079900bbbdee","nonce":"cdd67aa5eb2aebfe64df2787","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"2da2d8e91b396405832b5a14f28dbcd49f873a627f493388da52ca8a8938f4dbf580767e76da48a2ae7cbb8785","nonce":"cdd67aa5eb2aebfe64df2788","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"5857911625c92ab5d3612ae8dd312440455dbe7e2cd02a55de88f25a6dd8c0e399508537162a8f7492c126e907","nonce":"cdd67aa5eb2aebfe64df2789","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"1a215b83159805da557c5503223c57a2b362d6b50f69f02809e95569f7c843898c32712dc61c5b3c03d31f8d20","nonce":"cdd67aa5eb2aebfe64df278a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"930b947aa4d4d6cac7bd27e0a52aad5701bb0b16bfb0b6abfc36d477677bbb7e2e56b58dcb957edbbfebcd1701","nonce":"cdd67aa5eb2aebfe64df278b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"f4cf0d0ce0bbbc8d70951c3bf986d6c56973648fa715cc8324b69b8ae849da0655cd781faf8ccc7085fbf4ba75","nonce":"cdd67aa5eb2aebfe64df278c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"8bc25ed5044979f49c11c8a9a142e48d1c7d158c1d6b76c8c9c9174c4ef9af4778c16e61fa0a142ed15c2df0fe","nonce":"cdd67aa5eb2aebfe64df278d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"3f43cf47ae2cdde55289a3164be26394f737015fca960e2384adf1541bc5cd692ca1f969f9d7d70278c60b1a07","nonce":"cdd67aa5eb2aebfe64df278e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"b07e4497c291bbdeb9b3a10d6fec84f75f0746d984979df7ed31db2a863e1d6f4962d3061f0415cb6d1083e0b6","nonce":"cdd67aa5eb2aebfe64df278f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"b4d0c0d653f561512642e55499d38cdc875d86c81674c777dca07ac1dda8569627a40e30ed23dd04ea693e5ba0","nonce":"cdd67aa5eb2aebfe64df2790","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"7018222357f6b5f156cca818f1e469c7d67dc75948f7f70484e83f93868c3547e7fe7ea9b22a44ad6200b51a67","nonce":"cdd67aa5eb2aebfe64df2791","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"8bd7e52f84f274e0ad511f4b306ba81106574801378b1c8b644446e7590584064f3694e92bcca9a1122fec37a7","nonce":"cdd67aa5eb2aebfe64df2792","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"9d7063bfba25b3b16dad795f877c6444e6d49ed5805e1ab74f3f3aa9887d4e244a3700de204941ab5501c3b445","nonce":"cdd67aa5eb2aebfe64df2793","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"8438ca8f3543e449b8b71ba8b3acdae6e7db31f73dfcd7cb53078b156a97b1d1d84cc8e1f87be0bf5736fb2920","nonce":"cdd67aa5eb2aebfe64df2794","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"d79e7405c2fa058570757d2901ca266bc58d75e0e94b0a2964b389ba9c363e1c27410060b8d81a88678c8c3426","nonce":"cdd67aa5eb2aebfe64df2795","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"b844ca3c0f714d394f4135353772b17bafd3405285d35087cf31ea0c4e603c282b3e39829bc908cff4b95c9659","nonce":"cdd67aa5eb2aebfe64df2796","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"2bed282a5d0523b94edda7204b87a737262d172f7ca9f90b396acda7675c57206d2723975a1af410fb42476a28","nonce":"cdd67aa5eb2aebfe64df2797","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"c9e293ec4dfe75791224c0ca91594805dcbb3aa70204751f7e5584063c4667c0bb61c75800693217d7edb3c636","nonce":"cdd67aa5eb2aebfe64df2798","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"d5ac6a17032b6be87b4335a4ce5fe99e1330ecd7e2dd2b2c6b915bc7791b99fb528101b7b62d520ec445b6eee9","nonce":"cdd67aa5eb2aebfe64df2799","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"90df281ae58cc237d5be9d49d81303c8aa2ccd91cbe1677a374d31474e67b3a94eb336569548ed0040408c31f6","nonce":"cdd67aa5eb2aebfe64df279a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"1dc1f251b0fbdec3532cdcb25a19b390956ad499456c62e536d15d8b807e6ffdd0cfc4c345cd503f93d85ed7c0","nonce":"cdd67aa5eb2aebfe64df279b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"24412661ca2663922a3116f70bf442a6544ed5c6a2b0df34ff494fa54c5f497739dd92af687f3ca0d4c53aafc1","nonce":"cdd67aa5eb2aebfe64df279c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"42dd8709c6285c62b67e8cc7550137433c5170f8cc577f270a8566b711a6d9399248a3609fc298dd43db3add05","nonce":"cdd67aa5eb2aebfe64df279d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"c095b04057cd6a3604b8f0abf6984832027d9258040ef36674ce51204a286f8eb2f3fd815ee173ee9d40e79b03","nonce":"cdd67aa5eb2aebfe64df279e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"a0fe07bce2998297f2258f63cd24ef4803d5003c5e7610bddf7d9e79c501f4eec46e06a241e738cbf2dd550b28","nonce":"cdd67aa5eb2aebfe64df279f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"f23e9ed66e6a6606011f0ec4fa833e1bb693fbb46065c8c967674e9b18a878a49fa2ae5491dbde5a71078bccc8","nonce":"cdd67aa5eb2aebfe64df27a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"48304dc9f19464c1c8d5f52b83b50275eec63b859d891f33468ab0f450c0ae34f3dfd445fecc269146726c9802","nonce":"cdd67aa5eb2aebfe64df27a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"b4ec1e247f49820c432143739459cf13982a7e0afc3c868551068ef4eb01968ff4ba7c1fb8a6e486dd7b89d2f1","nonce":"cdd67aa5eb2aebfe64df27a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"11231c7d1ab0b3aaf8ab38496824841c5620a549008f849d2d7bf2ade97649557783049bac5b9ae09e0ae8bca7","nonce":"cdd67aa5eb2aebfe64df27a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"51af746cf8dd05332b7a4752cf7be7bf33bb691416ccb578f72361eee2263e4fb69d920c9b62d892901ed599a0","nonce":"cdd67aa5eb2aebfe64df27a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"3c9b25244170eead6c9737a8ca1b5d52eb038dabac5215d473b84f02c09b5a09c31fa8ed365c01bdc742072df2","nonce":"cdd67aa5eb2aebfe64df27a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"9df3c47133556ca246a49e796a75155578db455102212aff015ff3cf68ac53515e4b1e6b433eb39711ea90083e","nonce":"cdd67aa5eb2aebfe64df27a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"bd6b13e3ae2a1e26ba5e683ca8cdc960b7b35089ef849fba559b449a60592b013fe2f164077ec5d15b6c48a04c","nonce":"cdd67aa5eb2aebfe64df27a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"12657afb5f80c03ad192938a338f0d5eb7d2cae66c88c1676ba32b76c89026aa1b2cb1ae15617552cd3ef48a38","nonce":"cdd67aa5eb2aebfe64df27a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"a0f4f03283c73de0fc2a0f0a4bf5d47268ff7fee16b4c8a6515f602e22720bd5b80ff1ee4115a441b1ff07c378","nonce":"cdd67aa5eb2aebfe64df27a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"78194645b69d5b762af78adc7d346efbcdd4ed54d7e0c3bd5d60aa7cfa3c5881962211f43753214a776f54e45a","nonce":"cdd67aa5eb2aebfe64df27aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"a3f007386b47dea0ac6974884511c66b230e9c8413b297a283b2c219d2221fd5a5c976eb489ba5aff5e333abe2","nonce":"cdd67aa5eb2aebfe64df27ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"115b7119c4950f6d30b1d7ffae8531f740f272f74c550a3fc948f9eda66bf4fa56c3379956d5b95cbc3180722f","nonce":"cdd67aa5eb2aebfe64df27ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"a1146db66f82568eea03c8eb2e48a60231b07149b8e64478fd4ded51353cce2617f9cb5527f36c7b8ff72acefd","nonce":"cdd67aa5eb2aebfe64df27ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"ca7402f841c4debe072b532d247e4a61cb08b19366b794796d28c8bd0c17de4bba455dfa05208baf1c7166f5d4","nonce":"cdd67aa5eb2aebfe64df27ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"655bc2b9f041e00fc083e0d1827ee8ba11b4e87c0fd057b9c9ada06278e0550b039128ec03de8e685a004c8c1f","nonce":"cdd67aa5eb2aebfe64df27af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"65243e193ab2149a3acc3b2fb00e2b7ed8068f466c1190c05d692d7a29e0ea31233a92906176d9201659678bd7","nonce":"cdd67aa5eb2aebfe64df27b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"a30dcd863ea5bf74dacc3eedd639875204758edeba01aab337664fde479c18397309c9f3d70593cf9900d337b0","nonce":"cdd67aa5eb2aebfe64df27b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"ef51117d50ba82d3f3a06174f51fc4284911abab1112d12b20fc658bad4e1312acb0e3b1688f564af84f783ba3","nonce":"cdd67aa5eb2aebfe64df27b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"b065f716c69f7109be68f2ef83145e5898fc8f714fe46be770632f8f359c9febca5dbe74edf1df3de7182e7bd4","nonce":"cdd67aa5eb2aebfe64df27b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"03f394038745bc834cc5186899aef8beadc5d2d7d4af9e32f24353ffdd6c7675d41c33a7a4c629635f3282d530","nonce":"cdd67aa5eb2aebfe64df27b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"63f16003ec505566ba7203db1afd142b9124e0513e7164963aebf341b3de926c19caf5ed3244c7d5aa17e90eec","nonce":"cdd67aa5eb2aebfe64df27b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"3eb24c2a9ed677a2e8e58151bf68c6843c0bc5e595cd73df44050a826eaf7f72e242f7d7f393d33753a972a0ce","nonce":"cdd67aa5eb2aebfe64df27b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"46fec3c9b9a5077b24f8a77b912373aa6f88fc0e07d5b617e766b509fa4fc78d1abb42458c299162cdf49ef199","nonce":"cdd67aa5eb2aebfe64df27b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"ed8c1ec856957eadc3c80e2712b479529f6fd988a0739ca2d800c1e97ec7593dc7dedb5892195e49acab8dbdd4","nonce":"cdd67aa5eb2aebfe64df27b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"ac43046120806c8adf56da3d06a59d56eb29d2a1dc79138f30749de7e002286ee52581fcf6022c1f715a9725aa","nonce":"cdd67aa5eb2aebfe64df27b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"65dc2d24e8d3d5f9b091539a8b6216729e2eb6d15edbc5b79537e919d49676aeceb4d44df34f6a64cd60e917a1","nonce":"cdd67aa5eb2aebfe64df27ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"dcc9c84afc47d6f8daf03e2e8c257af4ec12b4b58585bb4a662c828eb70021b93fad782f0bd65c96de6341099f","nonce":"cdd67aa5eb2aebfe64df27bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"ce31730a9af15b4a4c0adfc45bb116932fbed228415cebb5f0748b47b4aea9217c0a933d74ba6033a7c8bb6b30","nonce":"cdd67aa5eb2aebfe64df27bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"67a0f39d09ba4e21c167a005d576d544affd06400e110474101dbf075dcc80e8f7fbefe0aeb26ded3c10f4b706","nonce":"cdd67aa5eb2aebfe64df27bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"81ce1e28986a55da3308cf1482fb21c5535773717e0a9c180b378de61f5d6cf60087a4b1cd3780d0f3b9e99418","nonce":"cdd67aa5eb2aebfe64df27be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"b988fc47655528b0c48a874544bce3fcaca27c811cc1f0309986cc8dd3b3f3d23e4776273fc4a0b492a46e5579","nonce":"cdd67aa5eb2aebfe64df27bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"4733210bb8080a2441ee2433e6adb85c8e816e574836ad0e1f6e856110d6963a7a9d54a9136275dceacebeddc8","nonce":"cdd67aa5eb2aebfe64df2740","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"ea642d0b7459b7ccccae7bc8b7c84fc5cbd93fae6b63bd0ade60f0a471544b8602f71c1dc7955dbc947f36bd94","nonce":"cdd67aa5eb2aebfe64df2741","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"08ba313000dd2392ee1d1a9cc41a153bccd193982bce81b62b925af1b7c799f563f2224ae1b489847c95fb1a12","nonce":"cdd67aa5eb2aebfe64df2742","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"f0176ca9e0aab33fb9a7f163b3883be2e0cbc7873f5d06a5b2d30ee1c901c051fba4e3c1f842d6b66c0a8410e7","nonce":"cdd67aa5eb2aebfe64df2743","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"a4a6ca1bd9cd6243415436f7401cde77b34d5b1c41df69fcd217549fd856a71815f29304f84d5f8c3197c88d99","nonce":"cdd67aa5eb2aebfe64df2744","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"fc9300818458ff973b070514b90b304b771af54ecc8ca2904faf728e433c84695ffb9a15b63d708004403bccbc","nonce":"cdd67aa5eb2aebfe64df2745","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"b077a355b82764e436f0c87adbed0be5bc59bf7f4a16ffc8a5b97b6274320d90d89061d39088fc2bf9f53c6ff0","nonce":"cdd67aa5eb2aebfe64df2746","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"e8ab58b7807cb8b16a147c9401609702bcbaaf68ae94abd4201bb2d8f273eebb4bf022372530a42a8a9e879c89","nonce":"cdd67aa5eb2aebfe64df2747","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"ecb50bdf5243848244dc9cd766dd715b4b7849d10337a79dbbfb0781ca7d6bb93750f61ab7a995c867803669a1","nonce":"cdd67aa5eb2aebfe64df2748","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"c6875ee74e0f07ef0c209659804936010ded67d64fdc2dd077951e0ad4273179f17fe5925606abbafedbb032ca","nonce":"cdd67aa5eb2aebfe64df2749","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"17f6723548eda410985b3a75864fe1bd5cbe8227fc640d65f4328642ae69276fa27101138c5882445e6c74326f","nonce":"cdd67aa5eb2aebfe64df274a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"0d4e1127bef1dfb46c93234d49927d252fe9b6bb7fc4891fb29a665526b0b865144b23104265bca83e12a5d6f8","nonce":"cdd67aa5eb2aebfe64df274b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"8b219b510a2fb56997fbc3678e0fa286a662be892b4ada5e9fa374bd0611077f8843c88d178dfb31a1618bd366","nonce":"cdd67aa5eb2aebfe64df274c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"7add553eecaa008186ff2d7a83eb491434e4b235970667e47df058d43bf1d42cea63c9047ed3c69a8e1337538d","nonce":"cdd67aa5eb2aebfe64df274d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"915a90447170a7699436be7b05ff57e21b366c305fa6ad68d30a655f6229c76200a49bdefb4e4c907017f5595a","nonce":"cdd67aa5eb2aebfe64df274e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"75e52d7fd33e4f65379620bdcf65397dd2bdc4f695f8d9e5bd833e1c9c480baa1f421a42257716aa9d4108a79b","nonce":"cdd67aa5eb2aebfe64df274f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"41f7fd47f834540a03eb37091e6c5fe734149bf1482de8b4b2ce5bddcffcfa04709c034a1d18559fe4c0ec3a49","nonce":"cdd67aa5eb2aebfe64df2750","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"2f4cf9a59fcd11cebcb245c0bfe490317a89f2565cdfdb8d67e1e0b4e39803b07e51ffbfa601d289bb7aee2b9c","nonce":"cdd67aa5eb2aebfe64df2751","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"5575e5bc03fc392704d6e5cc8ffab69d815c43b79c2a0e81935fb116b8aceaa0aee5aa61c0883925793b58c882","nonce":"cdd67aa5eb2aebfe64df2752","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"7e72abbd4e82cda344041eb8935ad3822292e47d89896356e7bb2e1eee92624045155fee2185aa901ce80f790b","nonce":"cdd67aa5eb2aebfe64df2753","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"fc92184aeabb8ee7f74a832ac6d2beb1e93b7a587e04b19e9f1c59e838306ca8839c6584d2cc939b72f2fa6c79","nonce":"cdd67aa5eb2aebfe64df2754","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"50e137a7cf05c3ad09a89e022b48b06dfd5113f39090fdd8c4c03c09f0e9089ea1ab8c560340de38458f2741a5","nonce":"cdd67aa5eb2aebfe64df2755","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"f9c610b66f41e364ca0ad2b04c39e1634d967d02ae4820faafe808ed5006b2cb0cc4dd82367ad7c09bee1fbe2a","nonce":"cdd67aa5eb2aebfe64df2756","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"559fa7a30b553a3c4302396c3dda87c2ffd51dab3b8a4960df6a13e3eb9902cd243495702545e6d2529b10cd2b","nonce":"cdd67aa5eb2aebfe64df2757","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"a44309e34011c6673e78f903cec27b14cb66f87894049deddd2100cd1dba0c71d4510a746b9945e216f39ddcf8","nonce":"cdd67aa5eb2aebfe64df2758","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"119fa7e2c233adec95438b9cd279eff5308eaef4008c2109179580efb8e44bf97c9e804f477434e9f23877aebb","nonce":"cdd67aa5eb2aebfe64df2759","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"f632a31d1391af61be19c58b40be77822e67e1c55a9c1fd17a4beb3ed23db4999dbd31c6c13b9ea488f1fc0537","nonce":"cdd67aa5eb2aebfe64df275a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"3e9276bceae7fac362cdfde70c17487ca8a31978da6df9b757bf50eeb1eacce0b8185a642e5111474318eec962","nonce":"cdd67aa5eb2aebfe64df275b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"850114310af94ce7a1b0bc35b134bd9e50a0ef8ac8e0d1a5f95d81977d6578399ed9c6300c89d260d4dbb77327","nonce":"cdd67aa5eb2aebfe64df275c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"8ce6062feca8903ed86620fd4187c3bec6020cb900174db2796bba84a982518147bb51ddd0c633e524c5e5a984","nonce":"cdd67aa5eb2aebfe64df275d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"89514157b302a594ca0ea14c0708f616bd5698c5a4ddc55c8ff5c1c5d708d6b4fa09094436167de371a9a1b00a","nonce":"cdd67aa5eb2aebfe64df275e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"b36ffbfee26a3f48ca1611c95780f8b2ad0000222a1bb1b1de75a16ab523fb10cedc629ba62fd010cf8cbb1faa","nonce":"cdd67aa5eb2aebfe64df275f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"874907cff75ade05f6e9cafb7f8f63831f068090dc3ec19088f764e80e63032906aa4a8cf725974a367616cdbd","nonce":"cdd67aa5eb2aebfe64df2760","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"b7bc9f9abba5c4f551256bdba95d8cf5f5ca6d2e47ee7c5ada33c4ea5a8fd08a10eeaee0d6f8e213ed7ba5c3c3","nonce":"cdd67aa5eb2aebfe64df2761","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"72d7d359df875f5ec179f14eafbab4d515586af962ec1dc29dca93d7b6f4896ea06b1da1e42437ef638f3d43aa","nonce":"cdd67aa5eb2aebfe64df2762","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"a5d935b096de426b68d6467dfe7221378a07f51e7678cb1ae8373e87f31f7381b3c3d8a17acf228e9561dabf51","nonce":"cdd67aa5eb2aebfe64df2763","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"3542a8ddc93eb8bfbcd6b3a4abcdcadc89ebe563e6f630623b96843488adb07aadfe7c7ea27b0a26030ae3e89c","nonce":"cdd67aa5eb2aebfe64df2764","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"e3a79d2e28aec90a259f179f57fe8b04cfc0657fa022a846832a4cd6e28033e4ed6a130d66cbe28a228c4210b8","nonce":"cdd67aa5eb2aebfe64df2765","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"e1fd2c3035dce324b05f8e192c156394a9835ffb57b2e35349fc35ed9a12234c090defa894d22f727275d60e38","nonce":"cdd67aa5eb2aebfe64df2766","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"96eef463cd98da7e6e1c5a9975c4820610d6d6fb3b97e14a64e4c59b703dce974482731d5b6c588193a67bf463","nonce":"cdd67aa5eb2aebfe64df2767","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"ab129306760f971a10bf3d9f067947bc9a66f6be7edefe0df9e59877f5c401d81b0850af56e0da5f564d70a77b","nonce":"cdd67aa5eb2aebfe64df2768","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"f22e45786401e1a46a9417083e356799810a1d2d14bac6708f57b6e21a2f042888af56e8c2d17980a234caf759","nonce":"cdd67aa5eb2aebfe64df2769","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"ea10e347f29bc9f27c118e2d319d4b8257ebffabc5c79128976514cc6549d12f67ab1550f4ed605dc21257596d","nonce":"cdd67aa5eb2aebfe64df276a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"b11fecd2778104d0491050fac36c2111bdb63d916a19d431cce06c8f4cd22e60ed8235179a8a267c3623d37e2b","nonce":"cdd67aa5eb2aebfe64df276b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"1fb5fb2086a574d9ecdf3fc045c9b6e2919926dee53eda00b5665efb5c2ea1a91a419bbf460e372b67ae26ae45","nonce":"cdd67aa5eb2aebfe64df276c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"11677c648ede59975cc61790ff54a04b35098fdb0b88622e14e7b21ae2f1d4f09507ab59d164d29f38b1e0ce9d","nonce":"cdd67aa5eb2aebfe64df276d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"b72f77d6749c7d04ae8753ebe2ba0e56cfe27a4067dfded847b43a42c0b93dea500f323a9f839638fe758b0f0f","nonce":"cdd67aa5eb2aebfe64df276e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"f7dba5fb3a791f18db73a37498e80673ef580794ec47784b969b4399d2da49e641138dcf0f3e0018f56c80e5d3","nonce":"cdd67aa5eb2aebfe64df276f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"031c313b569d60e8c9d652448d2bff0d0834b9713da0e41e6547547850cd800882a372879476a54a6a92087ca2","nonce":"cdd67aa5eb2aebfe64df2770","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"3f5775cd7bf88a23c1f9f3fc89d986953cbe2ef8ab96fa0bff4d4cb4b340760d3eec6934983ecfc13e5c5166b4","nonce":"cdd67aa5eb2aebfe64df2771","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"48d74934a95ee3d6f3593d97d25a4196550317db4437151d9849542250adc08acc909ec4ece9ff2c33ca82960a","nonce":"cdd67aa5eb2aebfe64df2772","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"f81add5b07ab5d4e3157d66b35ba5d084ee7e3741be77df44466a61c402a18d37063406d93cba58a4c40db2cdb","nonce":"cdd67aa5eb2aebfe64df2773","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"ceca6e011f3aaeed7ac2c4189e8509238dc038bd2624e4fb901421236655910eecd60fda56a3389b5380bcd13f","nonce":"cdd67aa5eb2aebfe64df2774","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"b5acda1f5c924ee8beab1c2aa3641aa0fdf3b1d242f8066ecca6a8c563b4c78b88b54fce01d6033b445cca2cfd","nonce":"cdd67aa5eb2aebfe64df2775","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"aebb7dcbecece174a74fcb54ce56afb4826b8d5c8c3fd15d6591ef44fc3345b3b29b0266a5002c00cb11adb72d","nonce":"cdd67aa5eb2aebfe64df2776","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"35c6a81023b0886d1d2dc03108a6e8763c09e4b71e8548e0b191559517f9c2fb42fd322be8ac32c5921af79f47","nonce":"cdd67aa5eb2aebfe64df2777","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"15fe02da795fadd342d892efdde70e56d9e8d41c6c62d9d089428d7b43aab7daf735ebe7b10d08f57bea12b70d","nonce":"cdd67aa5eb2aebfe64df2778","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"7df563d0d84a6c4714fb2c18a498218b4beaeb79c206c4fcdaa3edb6b2629694c660b7bf60cd2df4bf8ea550e6","nonce":"cdd67aa5eb2aebfe64df2779","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"b3ee80659d052ba363e2f19d4c4a1f5a122a7f5cfa7d628f1829da4dfa474bd6f917026d0aa9cefc9756c0c1e8","nonce":"cdd67aa5eb2aebfe64df277a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"bfef45867aee92c64602e54557f0914a89789fa45658acf527224ad5de80faf12152c5e4234a65883f74fffef3","nonce":"cdd67aa5eb2aebfe64df277b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"4fe7f7c60f392c69c2cc281e1896a2984e3ee4083096739aed6ce1cb5af90cde4d4694133f2ad01b9afd932a12","nonce":"cdd67aa5eb2aebfe64df277c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"c1f1bb10063a97f80866b5618cf76bdfaa24a2714a65a0661d5eca5bf610cc197197c51b4048fc5feecca90b58","nonce":"cdd67aa5eb2aebfe64df277d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"1afcc7011dc77f17b92f56885a773dede0d245fa0c934ca44346da273ac32c245d536989bb46bd57f087510f5a","nonce":"cdd67aa5eb2aebfe64df277e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"070d907398b02b912ee968dffa84d3331cef955cd097d0ab212f37a5d881a3c1615f71d1bd4b55435bdf8bd92d","nonce":"cdd67aa5eb2aebfe64df277f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"fa919d9a3077125bcd7b71e88318590284cc1616608a4073a9b7921086d3efe0ef0c715ded34ea706c677403bd","nonce":"cdd67aa5eb2aebfe64df2700","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"0b91935136fbde700b118b48c6e4be536563f54088d7cdec7839ef4053bc2007236d395df4e2fec457a1172613","nonce":"cdd67aa5eb2aebfe64df2701","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"45244e3314fe9864152aba9e7d3803d3117fe1a775cded633934f5ba25d511fc3d7ef3726de0e765b442944b72","nonce":"cdd67aa5eb2aebfe64df2702","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"e812773e6066ef9bc9c6712d09679ff93b3ff93da24961d34f957c8725f95dd259c94ce5704034cd6af18d7856","nonce":"cdd67aa5eb2aebfe64df2703","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"ac972c382bebaacc2bd997b5121f75f36076aafc68bd29b79eabab0551119ed8ee8553af6d2689f65993c6d787","nonce":"cdd67aa5eb2aebfe64df2704","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"e4b82b1fef4e53ad66d80db6b82c6c36916ec9013b9fb90f8cd0525fc478e9335df3c8189a4d7ab8e65b74fac2","nonce":"cdd67aa5eb2aebfe64df2705","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"a2b910e7152a4ff97b703b1682231246d42f4185c74556673aef27632c38a8836ba1e382d55e69df26983bfb3f","nonce":"cdd67aa5eb2aebfe64df2706","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"2759b016164d30b7f54c0fb8106834c7788662591e5bc12413a6c161da1361818749094c246301681269f804ca","nonce":"cdd67aa5eb2aebfe64df2707","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"45431e7db1ff65336812e0aad47d8e40ec4a4dd2fca68d9d663861d1fa5294a9089d0bbefb29269dffdb18f69d","nonce":"cdd67aa5eb2aebfe64df2708","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"ab13ee23369e197e7b523b2aa8b892a385a01f857435de0659d894822577fd40240d2292175c797f762be7ec67","nonce":"cdd67aa5eb2aebfe64df2709","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"919a038cf38b42cb5361d44002ef4bd3b3427eb948feb6c2d806afd3acbd8b80273b97c738628c6b8615381e45","nonce":"cdd67aa5eb2aebfe64df270a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"6e9d9350fa5d8a8d5c6f6505f8111cf2f2a889257aef2d5596ddc62e97409fc0af3abe9517c805813e0b06ac9b","nonce":"cdd67aa5eb2aebfe64df270b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"7e536c77ed93eb97d4785e2b41494e157127d67cd2ce86ef510fb75882f3cd2b3bb75f3098e83f80ed8fbaf5ce","nonce":"cdd67aa5eb2aebfe64df270c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"30a20248b20742bf5fb48c38d3e502f62bf0db922e2d7f141c6125822f9a25f56298324bc34eb8a6ccb43131c7","nonce":"cdd67aa5eb2aebfe64df270d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"481d2f31c729624e8456324d1fe99523eca0cae76e13dfbb9546a092e214135bd695d0b11e1936a2dc79902d53","nonce":"cdd67aa5eb2aebfe64df270e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"621f5a2f50ab22c729f43f87fc8e6d59f97012b56035f10489d85c730529b468632e0c443f1e04c8a104c47f06","nonce":"cdd67aa5eb2aebfe64df270f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"1399c2b22e02fb7d525f7722c18a41b771dc3c422e82ddc262d986793e53991149a18f67c881d32fecee034002","nonce":"cdd67aa5eb2aebfe64df2710","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"ed82ad136d7abc7af8adb21ebb27e56334b12986f830efb2a11aa809172a2329ccdfd8ad179a7d52e709da4f83","nonce":"cdd67aa5eb2aebfe64df2711","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"b74066ba7f9a347e5e9f1d0b583696e037aaad975931806c16e339132be49036ba75672dfc2a98178f12b43385","nonce":"cdd67aa5eb2aebfe64df2712","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"3a792020373569c0c6975b28cc8832780ca86df293d3b1304f7a1a57d70e952f3f6bb98d6e333f05c578298b2d","nonce":"cdd67aa5eb2aebfe64df2713","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"443d0f38cc1ab9d8b3062f4afb1372896a84c3f56abd41a93303722e42c8e9ee33d5a0889d9adff4d101a103a6","nonce":"cdd67aa5eb2aebfe64df2714","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"0462c43fc28847a294e93fdcb28b8b92e7b050bcbf7a5339ed8657c14c345e7576c88cddef56ac849c2e5ae8cf","nonce":"cdd67aa5eb2aebfe64df2715","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"ec72859ef255b6c7d2690c00371c564041130fed205ef54aa4ac016c81e0c77d90b5f00580b983973f05466524","nonce":"cdd67aa5eb2aebfe64df2716","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"50e82326c0dbbeed0e940f4b88cc7cb07943accf11a2bd45a050b61165f731acdf83b0cfb100159403e8542045","nonce":"cdd67aa5eb2aebfe64df2717","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"92929ff3f8903c22940523050e0ea4f56253992666b8517b484a5fbeabb9586a62ef5a871268cd4ac62200d38a","nonce":"cdd67aa5eb2aebfe64df2718","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"92d525937b530eb0c3ca0001c7b2e76a03be1874dd633165ca293f59594a5c12102f13c9d21da5b284044c4da6","nonce":"cdd67aa5eb2aebfe64df2719","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"2361d626d5cc1702d108414e2f637b45700f144bc10230f82dacb418c18a380816354af676f795d2fc26f6075a","nonce":"cdd67aa5eb2aebfe64df271a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"23cc286a04e7bf60b442b1a9e012c732d4318ad37c9ab615828c847f0498f4e4e49026c9ed73740813a4a64589","nonce":"cdd67aa5eb2aebfe64df271b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"3e7e192fedaa6ef7f4c992c86b9327e61ac4ba4fd8b15d43c87fc5c9647430a94539f970a178a2b26618b9c09a","nonce":"cdd67aa5eb2aebfe64df271c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"b5c9a41258852395e68954f00fe6a1dc0b2ff20f8e341d23d1bc797e484c41ac09ad4817cbeab3ce4cd183a5e4","nonce":"cdd67aa5eb2aebfe64df271d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"215aaaa50d33aa13f061a6b9a933e9dd86a447157d3bccd6308ac6f50a408d14421a1f7f5ae805c45f54b5c75f","nonce":"cdd67aa5eb2aebfe64df271e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"cd6eba6ba71971f9541058136ddd40e1787906902674a7139adc7f2c3c5f8504fdf38d09a8e5473d1a3f404f00","nonce":"cdd67aa5eb2aebfe64df271f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"50594a60cf62e10b5b3af8b647913a7345ac08e5fefd2767b61c6d1d0d176ef48bcf2b6c9ba59daf9b58b24994","nonce":"cdd67aa5eb2aebfe64df2720","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"6879a23b9390ae222f70c413324e51ad2fc5ab76f795935b6d7b23dd65c23ea057a0c5ad31fcccea6459e1e28f","nonce":"cdd67aa5eb2aebfe64df2721","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"6eb6de70b8f86bdd2434b7f29ee46b6ef4234d02b2e0db90da3ed8cc233b423a6ceda20bc2055294b5d00117ac","nonce":"cdd67aa5eb2aebfe64df2722","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"722b63da63893ae32ca0ec73a3143f1e11b03362ec428ae006e059b6a8597c4c0acb0654ae0550b267039f46b1","nonce":"cdd67aa5eb2aebfe64df2723","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"2e07835bae19d2ad625e68a423ff4aa1e3acca4484159b3f6029b1ee8dbec2d9b79c26a685f70e286c8be42a83","nonce":"cdd67aa5eb2aebfe64df2724","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"639a5c769745ab1fbd2b2be7985e1255cfeb8a943298df50a25b1aa7d98ccc3439e325854f18db8493006ba8f2","nonce":"cdd67aa5eb2aebfe64df2725","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"88d99a8281597cee54be1706c4b1fdeb70bb2311dc815e12745e34a24394df92757870ddf977344857b44e3775","nonce":"cdd67aa5eb2aebfe64df2726","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"c2c827123f9021e250ba68561f045b4e547349642b373d4f5646d3b71ebebed722b53216a1dea0475c43a0db6a","nonce":"cdd67aa5eb2aebfe64df2727","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"b80a422db335c212af1cb3bf0b0475d1bbaf587502482883473caa523747ca9905b75b15ca2915eab466ce401d","nonce":"cdd67aa5eb2aebfe64df2728","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"9625bfc087e37387fc9874bc1c64efe5991c3aed5bb91418883e1826e911e1450e34c477f97e6ffaea1c4f10bf","nonce":"cdd67aa5eb2aebfe64df2729","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"34fa613e66f39c45f284dc9821c3ab032776f8cffea99c5198303b223b4ee8fb4e2566ecbec3886b7c13925395","nonce":"cdd67aa5eb2aebfe64df272a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"bce0b60b14f25a90ee854180179a748fb2c02634755e9071d36b25d8470df06f1d1b064c7059352b6f9b8501b6","nonce":"cdd67aa5eb2aebfe64df272b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"2d7040e81a77a801bcecd791004284f884dc897e641d44ac34df3d948e9d48f48076692fd330af4d1e02019c81","nonce":"cdd67aa5eb2aebfe64df272c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"d8663c16ff5520435b6e396cf670d48c608f4e230b72b5293191852ec5a28e4cb861311099e316babaf7660e7f","nonce":"cdd67aa5eb2aebfe64df272d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"9c6f6fad55d3024799e5d82bd163d6c565f9222345a3677c185c222e3ee661ae5fb40095754af36e97fad1949f","nonce":"cdd67aa5eb2aebfe64df272e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"7b8df2b4b38f224d74c5371839321b4e2df8c9d7ddd473216ce7c212c1b2774bee3d3c0a7a07976fc86e07dbb4","nonce":"cdd67aa5eb2aebfe64df272f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"389c4c9a9fc5561183125585a6f9ff714e2e27ea61ecd4cdfce5fc903aba941a421e951394f9a87c58daa90232","nonce":"cdd67aa5eb2aebfe64df2730","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"0a52edc90547dce3889074fc55d7786e376c3499fd3f865e2e9e26432eb2c321822680f34157bb2dae5dc4af7d","nonce":"cdd67aa5eb2aebfe64df2731","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"f831c74e29348e6088d6e7067132bf2c629f0d9f982e1166f5e19d10f31f254c41e848341d9587dbd84e7998b7","nonce":"cdd67aa5eb2aebfe64df2732","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"71d56afc0750c47ea3086fcabf1d6b299c7ca498968f085838edabbe16b0346df8e4eafd81328ec89e67e303b3","nonce":"cdd67aa5eb2aebfe64df2733","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"7058d4e04079409cf84223dbdf5d7ea08d21cbf2cabc57ac2f570b29d7a69fcd1936ac5483b1e4dd7ed9a5079a","nonce":"cdd67aa5eb2aebfe64df2734","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"a80fed2856556cb25feb76fec1e27e5aa36d05393d370b17e74c7ac1015c40aadb0d53036e822243f22c964155","nonce":"cdd67aa5eb2aebfe64df2735","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"cf53c6d0793eaa34b96741b8b1f4f3d5a5d8d4f3cd23c419064d0635513bd23c0c71bf3284ad64d149192628c4","nonce":"cdd67aa5eb2aebfe64df2736","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"f8e27e692d4f95afbc9f7d4f6a6a9761185153731f68f75113fcf771f888b88ad3e796f931443f55f0dc11be68","nonce":"cdd67aa5eb2aebfe64df2737","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"346d4548730dfe7d2be1b2ad3701cbbfc7362d8a1906ed7aa76f42fdbb41d4936b39a6a39cff129943c531f2df","nonce":"cdd67aa5eb2aebfe64df2738","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"0fdb231c511da4bf1e05ac4561961a0b5d8093ffc66bab0fef56a416bbd3619f9d30a93cb525eb6dc2f0a30557","nonce":"cdd67aa5eb2aebfe64df2739","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"6d15da0f66daf999709a570b8f6a7c0534804bef84e69f53a6ee9fc065d0165715b4b6ae21143cbfe213dde1ac","nonce":"cdd67aa5eb2aebfe64df273a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"2142a636b4124807db954cd25fdf4e9e7a564cafab8a275368585aef9aa03f471140dc13a51719cf8d0c8ba426","nonce":"cdd67aa5eb2aebfe64df273b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"ef73f79ac751b15ab23ce43100fa61759633a09ac5652309a06b3ef6bdb1e1aa18c2841780adbe254d0af1c037","nonce":"cdd67aa5eb2aebfe64df273c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"fe1b87d192b2e9f8ccfb6d4c7ebbaa031fbf487ab52e4d457442b19fc6a90037c51caf49e840b2d205a3904f8b","nonce":"cdd67aa5eb2aebfe64df273d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"ece99947d98fa1cc76b6aecec4da6afc18c80401cdbb482b6b012342f0beda2d9edcb907e64f3237b38d0bfa29","nonce":"cdd67aa5eb2aebfe64df273e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"05e7c2f2f9f8e26268b5b33397ef91dc3925ec57d92b042133a81e797014cd0df0f1a89ea10e20f7d5b1ce0797","nonce":"cdd67aa5eb2aebfe64df273f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"b2768f0dd87ef18e65b540e8fa8e2c2517754030887e691a677029a1405fd1725a0391ef8134e29155143f1af7","nonce":"cdd67aa5eb2aebfe64df26c0","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"65cb9efe1eda6b51e743667f1f10e6c44f5d614e892ec39b7a9243d5bbde1b78"},{"exporter_context":"00","L":32,"exported_value":"f6dba713196eaf278437af0d5db9fe7864643c60583a688230ebeb7ccb77cb75"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"f0a800d92eee73ae8951c6e2ac108cc5b71a6025173c6d1c0bf3cdd95537db17"}]},{"mode":1,"kem_id":33,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"89e7b6d416379de85a002fa859e80f164a5e599eabcfcc4b5acf7d1d0bb8d966d960e18bb910ed4512ee1bd6eea9fb81d9098c24e299f263","ikmE":"288b0fff7ed610f7a301c85241d502f1e9fad2f11c81eff7e5bf2ed36e0271cccfa1f2bcce754415cbc5a858eaab659845844ec3549506d6","skRm":"f6a70984d2724715fa3b876785ad79fc22fb828df3dafb5c8f90867db41e0302de019d37ae2e95dd04a8cf7f0602b5dc2fa2bfb14684c95b","skEm":"25945fc54c60e0b10989a335b31348cc8b971da716f45e00698e1be0549bdcb105ec0261003fc99e26a88b19da6b0bcf49d5ec31f912110b","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"f09bad30f2fa351f70947d372026a1106683150aa7f0d5ccc1f45dd7821e3df8cbef56342a12ade1beb16e466b42418d32f06ad4c688ee58","pkEm":"ce3c6a238c40cccf3f63cd48ea0aea71d4a8518945f37f14a5134cd65b8b66886a44aa63dbc2f99c7951384ba8fddbcb51382f110b38af0b","enc":"ce3c6a238c40cccf3f63cd48ea0aea71d4a8518945f37f14a5134cd65b8b66886a44aa63dbc2f99c7951384ba8fddbcb51382f110b38af0b","shared_secret":"0a651a537afc761c441ef57b9b058fea1e0d443e77ce3b679c236d440c6f2bf1e67c2faae0d9993333980d160949d04b8939770a20cb2931eaf3836c0e19a1f0","key_schedule_context":"0113d73d3bc6ad29ada571507511d24ddb61ab73810d32ab71079f9daabf4ee3dc2030461bab15fdc38b55e526b9f9cbf3342bacd78553d0ce4eb4260c52b61d24","secret":"b91c971440de58632253befcec75dde4e4565acf6359bac685ba63e6099d2e9c","key":"96b97b194d24170da7cdc9fecef8f12a","base_nonce":"35b0f52854df93c8e1b28843","exporter_secret":"7f2df2dd16d695ba0f4d762ca6c80255e5f4d6585e6a5a90c111daf840951f55","encryptions":[{"aad":"436f756e742d30","ct":"e50d1a2bed3b67d869ac0506d318dfebd8377d786fcbea89b8a9baf1c43a0d355039a1fd4c2806c318fe667243","nonce":"35b0f52854df93c8e1b28843","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"320e04c8c4b1ce79774174f838f09cf7ecb889d96431a254e16d546e53d941a60a39b5d29d3c34f0b93da7645b","nonce":"35b0f52854df93c8e1b28842","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"f7bb1abf1a2f460053056dfc731be00e2f319e33f8481f8712a26741323e0d2f0dd4db7eff5b32c52270856014","nonce":"35b0f52854df93c8e1b28841","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"0f73295e4dd08434339c7ba35eaf5e462a2d8e6d46befea899689efc4e75366961eebcb3f4b2f45830d6b5bd60","nonce":"35b0f52854df93c8e1b28840","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"a7c2133e522550210789a362d0260108da12a2d87b4f99d4d7166b825a23591958758b8c41f8920cc0fba534fa","nonce":"35b0f52854df93c8e1b28847","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"f95c1f565548e061099be91bd123012db0d32338b44f706f175c81ce54a8211c7e714cf6b9b00d140c61b42f79","nonce":"35b0f52854df93c8e1b28846","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"670867a9ebde0f75c4b1b73fba39a2f8a024dabe0d941f80d7a6d60d3a654d4fa796d6f5c12d5874ce42a60346","nonce":"35b0f52854df93c8e1b28845","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"3f877886fe55afcd16755b0c0fe8a7a223eb23f93bdd29100de1ab9aa5c11efb62392bf510f270cf951e39819e","nonce":"35b0f52854df93c8e1b28844","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"01ed724c136c0de00d3fdb19fc831eeac1c6c6ffb64069620bb04633785fefeeb63d42f74c98cbc0d61cb40ff2","nonce":"35b0f52854df93c8e1b2884b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"9b0faa568fcee3772ca0ca027582bdba2e9046e796f9c061fc827031b1691670154fdce78aa2e1fd83f7199237","nonce":"35b0f52854df93c8e1b2884a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"7c3aeda92837caf034e8b63148c3a89b9593f1b3ef96b3e1147caf74e59fa304b8dce63a1746885e812dde88ac","nonce":"35b0f52854df93c8e1b28849","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"7d1cfec3c9c79dbe1fea992149a5450da2afafc8a2729c791c987a302125a7c3ae028be6df0a1757a51096808d","nonce":"35b0f52854df93c8e1b28848","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"415d663daa8cbbb7c1d09a2e2de3f4b690961e289b3e7be09a78e56b5434e3e486fd6a1a04e819c4799a367628","nonce":"35b0f52854df93c8e1b2884f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"42fda920263adc11d6138d5eb9c8953399e76eb46230c0f8762618b464f76a095eee5af9580b264f20d4a98e3e","nonce":"35b0f52854df93c8e1b2884e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"c4788d3574c08e26a711b55224e93a2355e45b04967372878bca516c1a6b3dad0e7b3ac08ee15d2b18f1ca496e","nonce":"35b0f52854df93c8e1b2884d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"39eb6467994be3f0b109a62769a88c7ed6c5b86da5f024fe5806b0715875cd139e015a4caba2674f3985bfd536","nonce":"35b0f52854df93c8e1b2884c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"3b1a7438a148528425c70d49e443c2012919671ce2fbd248408a02e14276614a8f1fcc4b8017a6cc0897c4b6fb","nonce":"35b0f52854df93c8e1b28853","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"d3052dd603ac5ac83fe53280ed2eb802abff9b21fbf6e11906c97419c94c1a38151d00bd09086a13cb4a92ef0e","nonce":"35b0f52854df93c8e1b28852","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"57a1e0212c4615fafeafcf8b03c8bf1ff6137220643f4236cbf8d0fd3cfd3337ea789a12b14a97c05c12c97034","nonce":"35b0f52854df93c8e1b28851","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"f4222193e60a66efc97d4ebfa00ed6ff817cd62f489d9a7ac630e862724e8eb9f741006132aef9f14d1008d8a7","nonce":"35b0f52854df93c8e1b28850","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"f5a6f8fd91d7d458e891c4fb132b0454b67291d187782b616da683b83447a6095386ec9b31cffc95d50be94f62","nonce":"35b0f52854df93c8e1b28857","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"59e1e98cbd8617d22e65dfdbd7e11331c12856d9f052c3ae2dcc5f604d3815c414ad650d08a18f9296d3e5e435","nonce":"35b0f52854df93c8e1b28856","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"c568100b61d9bef958a84e531df0d3896930dd1ed8e6384d8151f3fe63cc733759b2f76121f9cff5c16f5b47cc","nonce":"35b0f52854df93c8e1b28855","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"5238b6c2f1f14746a92437da6a40cfd42545de9ce4f1726e703b015814fe4459f6958acf6855719b0af76b9881","nonce":"35b0f52854df93c8e1b28854","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"552d057032b95fd1dc9c30f5ca1d598c2133b8c38a353edc91d64259eab0d2537a1aea60e663ece21fdb38037d","nonce":"35b0f52854df93c8e1b2885b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"876ac7a7e011a436f37f4a0fa5d9b0d511fa2b16e35609ed8eb3186d7619ed42103413e32c5dad7403618afffb","nonce":"35b0f52854df93c8e1b2885a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"d9a239d4267b3063e0e050cd43b01ee2bf240be8ab2b17a7d5000ace03c23853d0213fec84d03eada29bd55442","nonce":"35b0f52854df93c8e1b28859","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"37cd0d88228e92cca8f1f5bce2f71f26a592b8101423c0e9d9a7adad6b606994d650cb4357b1dc028113ad93ed","nonce":"35b0f52854df93c8e1b28858","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"9689336d1cd4e5d2b41f9f0784c2c3aba57ac970854e3bfdde2dcf36ba3627b963a8e67397657bcc6635d5e108","nonce":"35b0f52854df93c8e1b2885f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"8f4483a615f7d189cbd44044ea1284d5e38ae775db04127ede0afc7557ccc6aabbe4697ce706ad121d8933fc56","nonce":"35b0f52854df93c8e1b2885e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"60df16277396cf3a67beb71d2d6acb0c0c42561b080fdbc62a067965f7658c835893593aa0062f650b685c9c22","nonce":"35b0f52854df93c8e1b2885d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"048e12c7e0bb8cd66c28575abfa5759efdc6d8e3632af54bef719b0fb7860be84d915d8be92949e8fdb9f8fe05","nonce":"35b0f52854df93c8e1b2885c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"d5adc335161fb673eed507bc51c3dea25c45916792de12d785d2667b14e61da92ee8da7c5e15a9e21ae8f37aa0","nonce":"35b0f52854df93c8e1b28863","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"4c48433e90e354229756e066b9fdd84c43f5ece1ac71feba8b3748293208daf0ee673ab14be750fafda6e9a701","nonce":"35b0f52854df93c8e1b28862","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"f9cb0a9847b4606e575b0542d6c75cd0909e32894cdc2faf0cd3f2f6f277fd73b741a270d33723549d01afc2f8","nonce":"35b0f52854df93c8e1b28861","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"d34192de6d36768452eadddd379511e391cfe2c1e8be3725f7c58f49c7ec9038f2d1e9bca5fc4c6043c9f00116","nonce":"35b0f52854df93c8e1b28860","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"cbc2411644e6ad871dd1fd000c9b8264f1cbba8dc2fcfae868bd751c06b79b0423228840ba92a70a85c5a7ba2b","nonce":"35b0f52854df93c8e1b28867","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"45c9bfcb94b183f9c72d3a4375115873a11875e663212e581132630187b4a0fdbba729c40a0c9f117b791ddfc7","nonce":"35b0f52854df93c8e1b28866","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"7a8546fe490e503f70f3c33ee6e02b3eb8b3f430c3aa5b84ba54bbb5ef049fedadf9eb70d3700c65b2b2a84f16","nonce":"35b0f52854df93c8e1b28865","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"48ff3ed662fc8214215b7928105b2b5a29f69c951c996b789eeaf41666aa1e6d270d293c6dff99cd232a671c4a","nonce":"35b0f52854df93c8e1b28864","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"53a81451756ba8d01b5cfba71c5fb8b7c92d3a6a38e215bbf9615b9a02e43e1aa0b2bfa03c3f33bc5d94c0a944","nonce":"35b0f52854df93c8e1b2886b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"beb253acab22574d1c588871ca720c91332b8f935d0a75d3d29cad789df086ab07554ffc0c7e25370096b90da6","nonce":"35b0f52854df93c8e1b2886a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"9c35d9c5605c98a48bf2707b5bab8cbe2cec73f653471d4f2d2f856fdaef6e3285c6fa4c801f31ee1fdedfabdc","nonce":"35b0f52854df93c8e1b28869","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"e607b7f49e86e4d61c07f72090f4912f25f8701baeec39e2e42e34264b19bc92ea3dcbebb54238632ba73d1d35","nonce":"35b0f52854df93c8e1b28868","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"1a75a9ec84b8716ad40fb38b3fab53813f0fdaca36cc503176daec86f0f009233686c1fb71612f14073c47ac12","nonce":"35b0f52854df93c8e1b2886f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"628d4531ac6be268b8f86a363593390bc48825424978bdee4e59bd15413f276f190fe29c260c2c17340300532d","nonce":"35b0f52854df93c8e1b2886e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"e4d4c1ba123b569ad501b86be9e56a0d2f1a0b1f4144b72b8efa9904d647ad577de2b3decaeac4cf2a3334f782","nonce":"35b0f52854df93c8e1b2886d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"fa0abbbebafd4765589bce5c2fdd91d47571c5fc4c665ed3bdbeda0b72c5c012acd975f42d6855cd394a020072","nonce":"35b0f52854df93c8e1b2886c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"6c646c89ae11929020a0966ca1be4e9edda1a16ebe74dc876661f95c28de4a2e475bd6f84327c82d435f3231e6","nonce":"35b0f52854df93c8e1b28873","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"0f31acea9b70f1d779f566ce4b35eedf294c4dcc402f9c265d7405edc731e177bd392aa690278032b57726cd89","nonce":"35b0f52854df93c8e1b28872","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"741486dfddd9d486e96f67135a3d6441febb118c03164cfa580ef22926b4e146912d2e0e97cd053658e62ebe9e","nonce":"35b0f52854df93c8e1b28871","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"35f7545632c95ae0b9074c3229f7544acdde22effbbffa50c4734a024b9ac84c74da2e47f5e73b259a99f09819","nonce":"35b0f52854df93c8e1b28870","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"c3be52f44c8a11f14ba64317117671d2928bbdb7d942632f4853a3fd893675daade7902e4e4967c76a0aa9734f","nonce":"35b0f52854df93c8e1b28877","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"517633a64838c8dda2d4c0be06264bc3fcc4b56cc57ee0f32f503ebb2d768787bfbcb937d67199883bd588ff8a","nonce":"35b0f52854df93c8e1b28876","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"9a292d77aa27ce55817e57c9f0ec15ca6d724fe7acbc09b88d04e9e37a1613602d4fed6f0eca60f14e4cc0a9ab","nonce":"35b0f52854df93c8e1b28875","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"5f065eea126921fdb0f85ec0192efaf25e6075b7796ff3188dd2300f68060939f023de6840131f0b0de1f7d608","nonce":"35b0f52854df93c8e1b28874","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"3f95c414b803f4c9d68a36cf786d6ae592cd03a08d2d452fe50b3715929ffbf7700b8152e0b6f17c8ec9b230a7","nonce":"35b0f52854df93c8e1b2887b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"ba09b485db3425fb3000bb1f4c33db2c5ff528f0d25668afb461e87544ea292aebc42769a43a33a55d150356e0","nonce":"35b0f52854df93c8e1b2887a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"a983a37cd1fa04a206e2c2d1c4354dd147768768172c8fd1d28bc15a632eb98eb1cc33b696be33ca7b9ebacde7","nonce":"35b0f52854df93c8e1b28879","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"bb29c4505d4e645b297326a3fc6e746b2d9e95ac62aed3e534f8a51c05a4ed939c29f736f2dee35e624cbd9917","nonce":"35b0f52854df93c8e1b28878","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"3fed5fb12542d6271e7abd19efdcd48962faecca48965f801d723632080a0512d616326aebf42df5df38846144","nonce":"35b0f52854df93c8e1b2887f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"cf437934a0865e171c763009a65dd82a346023bb511b9c924dba8e168a43547d60e90d394e6353cd57dfad2f7e","nonce":"35b0f52854df93c8e1b2887e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"4b3fe238c5a25b0119f82738efead0dc6e41205c96636691e0eee48e9c172682113d3725be0175921bb67a020e","nonce":"35b0f52854df93c8e1b2887d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"c7459e883d59603da281a513f002c2aaeaab122700aaa54f8776097e1edfe404a04a2423ce5b5ce5116c8df0c7","nonce":"35b0f52854df93c8e1b2887c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"ea42961c51abe5c696d5d3c3d2ee086dc0feed6fa21288a46a04be6cf3541e7b6c185c04644a01f33749201535","nonce":"35b0f52854df93c8e1b28803","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"9c0e9d2b3670aa07b9d8a63504ef4388075bd611ec9deee020d7d9c288f0fb73a35ce798eaac5a210c821c1852","nonce":"35b0f52854df93c8e1b28802","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"923616372411aeae80d142623f81efee7ee96a6cdd2715694bd9468bb5ad59c13e0dbf5c28371b51636cfba8d9","nonce":"35b0f52854df93c8e1b28801","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"328c725f02166d7d5f2f6c7d0ec2de31640670895c86261845ad753405a3a86d655a472a6867ca4fcc6d3d13ef","nonce":"35b0f52854df93c8e1b28800","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"97595aeaf9f55818d194acc2923f54d23379d7cec349a21b5b74e3ee8976114686001e2d1548e767133233db29","nonce":"35b0f52854df93c8e1b28807","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"0fdc1989ee31944f198f816d3671137837d31f5d58c98f81c3b0c8a0e021c2a9684f45895887b90677368e7135","nonce":"35b0f52854df93c8e1b28806","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"54f5550117aba9ab33b477c5e93daac45bb44cfaefea803d2158951d82ba78b8152b9054700adbe975d4dd0285","nonce":"35b0f52854df93c8e1b28805","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"0581d99c9e9e0afe86114f434ed1c7f4a33d4e9f676688a94e5be9e3c0bb2b9b52dd18a43a77326de154573234","nonce":"35b0f52854df93c8e1b28804","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"19e46f2827013c6705d7c178c954de0ae75f5518ae4898268ab173bfd56bb0f29ee36dbc082ef5bbaa8d117883","nonce":"35b0f52854df93c8e1b2880b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"cf34d332e3722cef1265c030e57489b1e2a89109689da61a540b965be9e8ab1c3c39f5ef87b5643c8cc4660898","nonce":"35b0f52854df93c8e1b2880a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"90197c57c034f77c1d202ac7c7a0ab4e575c10df2a98bb03190bab39240d9450a143a099ad95eb8be8c0e053f8","nonce":"35b0f52854df93c8e1b28809","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"2fac1a66a9ef241ebdb1fbc357447e45ac2ba2175efe9d847c35364a62a478278a1f5c74699de304f12de9fb61","nonce":"35b0f52854df93c8e1b28808","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"c0b554ef10feefbb84b01e615bbd6b82dfec5750ec25b8fd45e9a5c24aa60f8febcef5b6afef1a81ffddab4b55","nonce":"35b0f52854df93c8e1b2880f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"7e7c7faa5f30327213df10b32efddd4a64623e574c84e8ca40b17fcfa92de6457d354f8edf27255c341461d809","nonce":"35b0f52854df93c8e1b2880e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"baf1931000a3d2a40210c229a40ecd471d96d7f4365d61de696f346bb23b39346bf51845b68af6c2d218c147f8","nonce":"35b0f52854df93c8e1b2880d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"84c3b93c92923a8b31da41b35ab20e406a00fbd1336e43a0f08cc35f165800854ae30c27eb04e66544578843e7","nonce":"35b0f52854df93c8e1b2880c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"6d5311d33c0824da2cfe8427cacecf715f475f2705865b8ca3a10234075fc4e8570f6bf37697abdefd06926386","nonce":"35b0f52854df93c8e1b28813","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"e637eebacbb026a367a04e68607c3e7f41874c89a1df2dc91de151641cd56e61a6733fdb5fb9dbb76d7e2eed03","nonce":"35b0f52854df93c8e1b28812","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"1e7da56e0c52f63d2290317ff651e4834214d7a024b08efb0017b260930912423d0b22a2eac3b86e5be0c0188e","nonce":"35b0f52854df93c8e1b28811","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"91b7d6a07878efd7de1b1354763b6562710f477704047e99ed22a1be75ec7addd5aebe452eb41d73ee420e14c8","nonce":"35b0f52854df93c8e1b28810","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"cea6ee8e0eebae78a0763b5efabc4e2261c3fcfe74dd2ac62e5acb2e14e5d9deba66cde720e10bc2d7bcd7f91b","nonce":"35b0f52854df93c8e1b28817","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"c49148cd96e3d136239aad641851ada45dbc099d476e6d80d0ef79a725d0c8ac7aa4bc5db668349c2fc1b3a5ad","nonce":"35b0f52854df93c8e1b28816","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"08cd260db28203f0361af7928a6017e11bb47ac4f6f14d7d884b2a1b7b3dcabb68fa8856bcf56be10c2ea3f1e4","nonce":"35b0f52854df93c8e1b28815","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"358fb9595b9521c7e30f075e6a39ebf880228f6436b696a89374f11d44458c05d68bf93d9bb1db3e9fff16aaab","nonce":"35b0f52854df93c8e1b28814","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"464d061dae63c118b6586988eb19cf24e34ea70129461816a51e6dc8dbf0c3f9883ac84b7b0d514479a3d6bfb3","nonce":"35b0f52854df93c8e1b2881b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"195e39693247c17ad5cd0f7986825a56bd3ffaeba5e9506978105349df14c2dee9178ad8e0ad4426b9f8b08bc6","nonce":"35b0f52854df93c8e1b2881a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"45ae6dd15480f4561e5b566dbce0cb9406f94077a52eb69dca8402db67f5e543b32310cd580a303cd065280a9f","nonce":"35b0f52854df93c8e1b28819","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"61d83faf1000b0316dfaba7ec01d6b3d26d01f0df4cfd268fec113af8c3d401c10c4ed08e317229991a957dd27","nonce":"35b0f52854df93c8e1b28818","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"585533cc96c0da9f3d6b4992089d331218f398ba4e430dc4ba71556e2f11ef98c30f2c629b149c80e3addb1086","nonce":"35b0f52854df93c8e1b2881f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"acc38fa89104a38871f2421126e2f6adee1c164bf40a90d5811f656739efd888e9a565965cde98504ed71d457c","nonce":"35b0f52854df93c8e1b2881e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"e84966b5863f6aceecf38b072f421bce3049b3c3c712168ba73e7175c3b1e66715ae4e85fedca39df2b7b474a5","nonce":"35b0f52854df93c8e1b2881d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"b4265163367dfd6ee1476453026255887489875bfc690199991eb3e0cabb16d2c49ef48e738c3f437c611fc12b","nonce":"35b0f52854df93c8e1b2881c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"b75622a9e0a6d013d0c8015d83a3b1bbbcf4de56faa1af5bca1e503a6e7789f2bf35910e78258c1c3700d1b57e","nonce":"35b0f52854df93c8e1b28823","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"ec3628c5a5d82820851ffb5261a797e3b1e89e82fd91ca7651d90a01fe1a64fffeae7a57a27d364141607e7cd5","nonce":"35b0f52854df93c8e1b28822","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"51cb3c90ab76be89a83d6ae9b17a695afd8cef0596b384258139356b155d6f3bc9706810762006b22c889a9e15","nonce":"35b0f52854df93c8e1b28821","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"a91979833bd2a14056dda6254d95dc19c97e9efe9cc5c53b505801d0ccae6b1b02b56eaf7c79c3d99af32a0049","nonce":"35b0f52854df93c8e1b28820","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"4ae1fb2e3f9aae5933d1f0e2c1e04da991eefe005cc78e808f522afd4271a975bbc786c21f296fd6abd6a780b8","nonce":"35b0f52854df93c8e1b28827","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"e8af37cf11b70427e13d4de6ac38a7777d9cb9c64dbd22159424e9e8c8255a134c0189c8ded9274300114634ee","nonce":"35b0f52854df93c8e1b28826","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"0bb7e85c687a1c7fe833e2f195847f50fd3f89e9fe4cb465f422fe657fec336f4af6ee65c1a889e62cc7eabcb7","nonce":"35b0f52854df93c8e1b28825","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"2dca77475017041ad365d92ad8e8888e87ac6dc49f814594612a69a8fc3e4cf951acbb3430155840a57417c27c","nonce":"35b0f52854df93c8e1b28824","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"917b33b33ab6a24e622ad3e4ff9b315a141ab3e7e92c1377aa88de0365e6c9393f624877806527b918432938d2","nonce":"35b0f52854df93c8e1b2882b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"4d6aff122e05dcaf13a7f50eb681be7283f98eb43055a46eeace79ded8bf8fba21cfe8c837948463ee0bca738b","nonce":"35b0f52854df93c8e1b2882a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"96490c43b51e714d3e32ecdafc697647413c30d51da228ae4b1b817857b58576dee4e6b8b7ec863386794edaab","nonce":"35b0f52854df93c8e1b28829","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"598a518e3863dcc6cd603daa2b0592b92295467d9abd0c371272b18aa6014ce227d7974eb35b4f15069596f660","nonce":"35b0f52854df93c8e1b28828","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"7cf93e18fdc1b7e5ce1878b73f3da58a5c1797c05b2f66d1792c4e56da2563c10639215868d2f613c14c377f56","nonce":"35b0f52854df93c8e1b2882f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"5028afea8e69bc81a80c325348df5a70f82f2722cd0e4075cc4f678173a07d1590154f7026a9da44eba60dc075","nonce":"35b0f52854df93c8e1b2882e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"7b10b2c12c634a7f43742a1818f25bf0493d3b8e13b45ecd75ee2566d0678ce7bdacd62acbf0e7ee0c7975f5bb","nonce":"35b0f52854df93c8e1b2882d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"2bb50e103161532fac39fcd2f75f927e16249ae5dd3603cc71452f3ac90706e2b614fdd6b7725a23e7007e59b7","nonce":"35b0f52854df93c8e1b2882c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"900c518be02820599a58484313811112c6591c0fc7c0afeda1219d3fb7de83ec53fdf04e7767705807b8a459c4","nonce":"35b0f52854df93c8e1b28833","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"93c29f107baabd5692b39a0c84c44e5704e5b0a34cbbde069b730591ebf9a03d851847deb0d588c8aab1c2f548","nonce":"35b0f52854df93c8e1b28832","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"2e6a1b17dd9376f2591c2868c9ab03a6bef7e429d244e63d13a26c407f6fae619977b586d8329735a543a74aba","nonce":"35b0f52854df93c8e1b28831","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"551273b44b52c74a1e821fc837194f5f08e4d88bf6f203b5aabde8d7837f47c5134c3ecd7cb495cc11653b9987","nonce":"35b0f52854df93c8e1b28830","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"a0cb1e94209f253fa6c695263d7958fc4b73624a53389081e31592c4e879f4e47b82d9ab76b4c18e8be82307e2","nonce":"35b0f52854df93c8e1b28837","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"326929141cceaee68db7734b8507e057711b58cd717e167b09ed81a4c75c556ae44a256fb82f964adef866cccb","nonce":"35b0f52854df93c8e1b28836","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"8bb74a2fd498104107917882a213ff4f66b6df854e466aa039b1c8289988aaea90edddd4a3c5dbeb605d9d8b59","nonce":"35b0f52854df93c8e1b28835","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"b5e12ec050e23d5b6d86b31a4f75c0315986364a3773367859d21514034f30fb8d62635b46ccc0788760567740","nonce":"35b0f52854df93c8e1b28834","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"b1ceb81978c963df868b8db0ab958229c1731ee4e743fd3c08bf99b29fc835c60f499c40a0821232f818607b10","nonce":"35b0f52854df93c8e1b2883b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"55b6af07393e3f7905a352e0e4b3a24c50457308aa0b474607334faffb190a9f206c25dad93ddf4300e7b8fd92","nonce":"35b0f52854df93c8e1b2883a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"2609c8c015fca4cafbe43ca76ea53f0afc7c0652149f34ee9da3f29bafd9636aaaab03fa80f6e516cdf9a4e443","nonce":"35b0f52854df93c8e1b28839","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"a975cce5b5335731854b5d92f9cf1503cb4e9633252eddd5b2328df6d89a349eb4942ee37b419338665734a6e8","nonce":"35b0f52854df93c8e1b28838","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"5aa264df37a406b38b39dc202a46cfea3924c30c378ff575e8330a8258fc60fbecdb0a5d976819d476a1702f00","nonce":"35b0f52854df93c8e1b2883f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"d3b4d2b952bb94cfec0d00b0ad9031615cc6d8fc559f3bd871989cda21cdd38183adf92bafe82089e758a8ac52","nonce":"35b0f52854df93c8e1b2883e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"50d03f62ebd4fbc06939eedf2d10c1f877651b62e420f3b9b0958498416fee38d4c409661edaeb48393134feaa","nonce":"35b0f52854df93c8e1b2883d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"f51ab0550ace9283ae1a806d144cc993b602786c1385f7c0f73279e7884c8044bd188d466862c8d6464a0db93f","nonce":"35b0f52854df93c8e1b2883c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"a8aafdef025d9894d30b83f7dc949108d97742e4c0e5cd040d3f1e9cccbe6b5728314f97149dddddb1353a6883","nonce":"35b0f52854df93c8e1b288c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"c93093474943bb66e9b1965e24087a892b656560d7b172dafaa763bd1744b7b50a5b48aba291050fb8fa488bb4","nonce":"35b0f52854df93c8e1b288c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"51f7702ca91a011530df0549f08b72d780a8ecda185ad722b90af5500ec2e61248cfb6173a38733650e20ad2aa","nonce":"35b0f52854df93c8e1b288c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"a8f33a3e0c8afec06ec12b36363b16c4d85f95f2fc10b2e0130c1881fc92e4fbff911c2050d6336d4670a083db","nonce":"35b0f52854df93c8e1b288c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"966c3d849df3eb435bec1aa81c401c1623e25be05bb3a2ee39431d5f8ffff6ff59858409dc6699b86c40af9423","nonce":"35b0f52854df93c8e1b288c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"6a74349d4537593f119ba733520d3837d50d6e201dc0756532b5177eb5d74346df26c16c499f3d7ed0289a27b4","nonce":"35b0f52854df93c8e1b288c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"c12e4d4e19a12cd52aaa6e01c673c50f19f0bbcd41c5fc5451224c4036976708178babfa39e2aee0ccca9129b5","nonce":"35b0f52854df93c8e1b288c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"7606b496571474d7138f61cce0866ddac4623fd0f2cf8d18f509d07f337107fad3089349a4bbf90e958b1cfef2","nonce":"35b0f52854df93c8e1b288c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"18b4eec5f59bd4f027d311e28855064e32d4dcae9c884676f43f8cad7765c8d536ed0b0fa113ce8cfbecb2b455","nonce":"35b0f52854df93c8e1b288cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"52a3a8e0b1372a9d43c9129b8e1946afe241a1ae493057c6848521320e7b1226df27c849fc762b7de0f73ca87b","nonce":"35b0f52854df93c8e1b288ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"8b706261c580fce5f89464e1aee987e53e4a17efee0a9722661a6f26efcbfa46913f6bf2d42d9db640456ac1e4","nonce":"35b0f52854df93c8e1b288c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"feb30b4710eca8af47306c690cc6408173ef573afeac446f63ac31b6c51c472682cbbe99c830512081a2552a59","nonce":"35b0f52854df93c8e1b288c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"a1ca939a739faffdcfee2ab22cad524ae6bc35ff43e7f114c379b9eed223e4a4c95fdfda5dd48965daa4a96446","nonce":"35b0f52854df93c8e1b288cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"45ccb95ee01ee6b06499fcd6a3056218fbd124bbfc633a8a3a913a7c648cc8a9bd542d8c3f095e107da468e756","nonce":"35b0f52854df93c8e1b288ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"d679f05f34189777fc7c1c316cecdc8de3a634e7aacd51bb4cd0ac42f60ae27dc5c39551dbdff6d5e840b2c4f2","nonce":"35b0f52854df93c8e1b288cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"dedf7e09fb362fc2b15fd4961572d1ef03eb65d16d1545fc633e6a3576323db0c08bff7bb0c0b8aa76e7561eec","nonce":"35b0f52854df93c8e1b288cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"f74feb28cdeb626d7830e55b40bbbba83d557ea97390c0410426bb335cea884c4f8b7963cb56e990f13d813fd1","nonce":"35b0f52854df93c8e1b288d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"896b064cb398019a428aa451eda374b6e8a91c5b2feee73d43170c8ae47bac87cef38629bf7919972929c29653","nonce":"35b0f52854df93c8e1b288d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"ab163aa075bf420cbc357aff43ac7d2d0827331a30347464a072e4559f4da675fd193e21161ca4a1acfd76f721","nonce":"35b0f52854df93c8e1b288d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"e5d2fa64547a776d11c6e10b5499a6b56946dd89c474d94218c5a0729d8e2297b17d092427a9ddebe8c2d5e6bd","nonce":"35b0f52854df93c8e1b288d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"3b70e9eebee4fb4912bdb413348bfd1b51e67f409af00d014b8f6434dcea64ec2361c71a02b441a77f34985b28","nonce":"35b0f52854df93c8e1b288d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"da774c701e200a6e226dd7ce91a667d8c284a9fcce371dabe588e63178a904def1a8722db20fb2519ed55733c1","nonce":"35b0f52854df93c8e1b288d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"e093f927a64f1d9936861310234b32c2fa9b80c3dc41ac22231fed681de7bd35a92f6a96257f92560e7a4dca8d","nonce":"35b0f52854df93c8e1b288d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"af6b1d02227a699b86a1927a04efcd4fd99aaaf05f70a46276ff2aba419eacccfb7b46c6f55dd4567c925357ec","nonce":"35b0f52854df93c8e1b288d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"039185afc4248c8a7ee263c6d964363b96f57ab82bb1e6c5cdc729f54c72fa89ed6fe777a422b23d635cde92fe","nonce":"35b0f52854df93c8e1b288db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"32269db5289667d9d88effe9e02bfe5371f8a6525bf7bb36c4357dc17e518b127a9044f11b80a953eb329a3a55","nonce":"35b0f52854df93c8e1b288da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"a2fb121216f860c5123978c0f4965f66a938bedc28009134b51b41e57e6f6b679e084759d9c300ed6afd3eb322","nonce":"35b0f52854df93c8e1b288d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"0251d6b68b05d6f8dde01e76d797ba1f5e468d6f501a0d5f1ab25a9e54bb50d97b22877afe800966272aa8e50d","nonce":"35b0f52854df93c8e1b288d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"d5473da3ed7f21431c0d021de2c8e91e23b187671d9daa8f620057cff1c85b1f4e276dd7a6eb583f4002f0a0dc","nonce":"35b0f52854df93c8e1b288df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"de8f0cb988b56c194fe0d1d0bbf65d96c8c733101b0b7465819489d3b84b829d76f0bfbe61f3b08f7e76d8157c","nonce":"35b0f52854df93c8e1b288de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"901e8a93c883ad4c9bb32de367deda6cd98389103b14a375092ca9ee1a661ef410161c638e1e114f2f7f243a90","nonce":"35b0f52854df93c8e1b288dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"fde90bfe12e669775a60d986f34384c4f69cc9541e3838019583e2597ea97e66d62741d643f92d0f58dd6c2f7f","nonce":"35b0f52854df93c8e1b288dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"3fd0122a9b4ca2f6cf88a92d4dd7608de7310fa642186efe7934dc2e313e8e868d3d696c7857f1ed4aa886f2ab","nonce":"35b0f52854df93c8e1b288e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"9324aee3bfda0072d7759c1d0e9accbcda7f4d7558fda725ea123428e5936ce4411c096fc4fc6f1fa9ece32df9","nonce":"35b0f52854df93c8e1b288e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"9f81987cab50425e3cb0dbca6005e4ddb7a5b268ce8a97dedbd0786a254ada07a703714d106cf1cdd98a3ca473","nonce":"35b0f52854df93c8e1b288e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"754fb43f23ea0ad61d41e8429ad9ead87f95860f82ee9e1b53bd7ecae24c2d555b931067bc11106e46464ea4e5","nonce":"35b0f52854df93c8e1b288e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"32386848db3a61114a3c6cc2e2fbfecd2dbd179621b19320001a034e3a3235d3d7fc1ed4d4c8d76906d855870d","nonce":"35b0f52854df93c8e1b288e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"c72490d3c007d6a8d7adf22c1d9a041873fbb658341c2a695560e7dcf3b13e783ddfe4bb4c29aa0b6cb8633619","nonce":"35b0f52854df93c8e1b288e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"9a68b87b5f79f8ac33c6f592d1d7d08669365c47de0b3c3f7a212ced1c4f0f477a64dd7272c9968731893ba5ac","nonce":"35b0f52854df93c8e1b288e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"86abe2c5a1d832da084b1d4b2de53a1fbc2f522c674f2ee79697c5adc6ade02b681e515bacb5e2489f4fd9a06c","nonce":"35b0f52854df93c8e1b288e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"7d389707149be6e616fe1592cd86e8002515066997cec893f8151aec39e8a8311f6b1bad954a781819ab7c86a1","nonce":"35b0f52854df93c8e1b288eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"10bc263aeea7a2c33bfa44ca83ddf61cf44e749f50a6b06837977752794ddc71c523950fbe3f5913794dc948db","nonce":"35b0f52854df93c8e1b288ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"bff9df231d77f5c0379c9c1ea68861641da62c2669a512d1ad76fc9fbb0d03737aef4d43a38f52efc19776de65","nonce":"35b0f52854df93c8e1b288e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"5136d606b1a9ff1abd598c4c97dff327774d5eb3824a9667335ad3caa4506ec239c77b46ec32f30d9e4c710169","nonce":"35b0f52854df93c8e1b288e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"43e2167d78b9c5c2ed29dae3a96901229ef7a669d000f256e332a9945e821f5a3011419e3edebe68343929951e","nonce":"35b0f52854df93c8e1b288ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"cad06ad4ea6b475b9eb1a67e8475a3be16251c998c64e233117baf538e5ddd597aad3967ba49833b1a0a13b621","nonce":"35b0f52854df93c8e1b288ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"00d5f2976ded8318cde86b9b1e70045311499bc8bf5768cb45971d98dcea7e9a67f399d89ef7279c13c393f3fb","nonce":"35b0f52854df93c8e1b288ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"69d36686ca86ef44e39d8e83ff3b80fb0b5a8b4edf887670fae3ad82c927bf56aeb0fea956b626de58dbb8c65a","nonce":"35b0f52854df93c8e1b288ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"d2ecf227ebca9a8aaeb6a89b2947d019c616de6c6c02c1a69020e63b3d2a34b91b074beb707ad54a4b69dec803","nonce":"35b0f52854df93c8e1b288f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"89153dcf14117fb23dfe0fb376a986f24e8ff39cb01c6701c5f700dc4f5f569343ea4493d723dad2fc7889f014","nonce":"35b0f52854df93c8e1b288f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"eccc28898cb002e8280331d1c0a8a226253df1a22527cac68226bd87d3bceb1f0124287662394f36e8894960ae","nonce":"35b0f52854df93c8e1b288f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"97d814281cfea773213289e3ed094fcfbbac1145da0de31be7ed6268f26b10ac66a01c118cd24d84f5a0b6c5a9","nonce":"35b0f52854df93c8e1b288f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"0a111db47be261cbbc52d73911e8b337a60024b5d70c5cab090ab9b6d6ab973de00c47bdd6e3cddda75ff28352","nonce":"35b0f52854df93c8e1b288f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"16490d3bfa9caa28525b1545a01aa8a22c83204d57f6d26ef9750dd3bd0eb5eae413ca3fe65908f0d4b0ad79ff","nonce":"35b0f52854df93c8e1b288f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"8e0dafaeac37e7d3656e2c0af8c71bfcc30461fdd4e2bec7782a0c7e9f6542b7e9a0cfac17502b44a941e332d3","nonce":"35b0f52854df93c8e1b288f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"b66a0630e8a00f7492ecde34d8a4dcb810b13d3269b798f24cc830e415db7b17f707b80930fad613e84d43af54","nonce":"35b0f52854df93c8e1b288f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"97300272b436720ddd211368e357c2ef9b3d7346953c70543d3b2a5ab4bd95b0d0222642b38af4019492daec27","nonce":"35b0f52854df93c8e1b288fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"75012688350213de9281a4f924917dc23374cfbe710093d2b32bc52fbd32bcc833671292f28cdb2f602583fea5","nonce":"35b0f52854df93c8e1b288fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"caa35686eb6dea17d1ac755ba9a13da2ce9d588801002ebf2da29b45b54b19309d86e44d8ff656e50e4f56133a","nonce":"35b0f52854df93c8e1b288f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"4201f9f0adf3f7996b97e8e797f95b0cdad02548bd780111d623d206b6fd195563898ef7ea292fa0e255c74aaa","nonce":"35b0f52854df93c8e1b288f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"6afbc026850feacfd186afcdb6f7ab8abffb64d4b4794936cb1c733f19a00e7b36072a4764cbba5b3859890a43","nonce":"35b0f52854df93c8e1b288ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"ffffa8a67c0c97088433cf7d83a518554708ef612235494d5500d992799705e6e6ede04e6cd54428e5197aa0b0","nonce":"35b0f52854df93c8e1b288fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"89fc7936736ac86063c06637c1cc91bd244f8a57999ea871c25129845bd6e8406db0c968a67f62e4cdc44a4560","nonce":"35b0f52854df93c8e1b288fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"0c69a0f2e56963ff8238915f49adba81f9e52ca5ccdd1b21a75aaa4e6409a473e3d9fe0f5b4487c1b2d35582cf","nonce":"35b0f52854df93c8e1b288fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"31ef34331ed601897b7c268e643665f0d287d19ea079ec77fceeb9dffa251971e87b941178ff03b9ab96f61fbd","nonce":"35b0f52854df93c8e1b28883","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"0cad8ff4583f89829eeb531ca130c3f2d591ca30420cdd6e1f27bfa2d677106c1a3ae1c264d2317bce72a51ced","nonce":"35b0f52854df93c8e1b28882","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"2e852982305c1e41a0075c9cdf7ffee2a548ccf6167e572491ee5cfb201f2968fba783bee8603d8404613e452e","nonce":"35b0f52854df93c8e1b28881","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"3bdefeada5c323d41e07919fbc441d3354b802d4ea16d86b387ee64abdbe053697faa71ba35bbd1e4cc0b1b187","nonce":"35b0f52854df93c8e1b28880","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"a9eebc4013652af22fc3b18ca772698038b1a5797f9074dba0d82e7862f118f3253119cfa00ee358366d7cb624","nonce":"35b0f52854df93c8e1b28887","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"0b892dbfd8efa3167053e058a7e00024234691b2edaf280adefcc5b3d39afb60effc89c8d696b2e03d17d0ee6e","nonce":"35b0f52854df93c8e1b28886","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"e2f6b9dae6713474b711ea23cbaec3b7129230bb044bc9e5dae7f731f7b7f863abcc45033ced2ba4118ce550f0","nonce":"35b0f52854df93c8e1b28885","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"a0f5a4f5a136735498e7acba47abfa5093a3554bbf6cf49f62583eff511297e84dd3861dd7addfea6d3469c7e8","nonce":"35b0f52854df93c8e1b28884","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"f378bbcb27274226ee87aaba23fbef941b1a34a3c1455e93bce9669b32c8f5a241ada737296a683fc20c273a21","nonce":"35b0f52854df93c8e1b2888b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"2254c4b00409076d500a61be4bc2d8fb38734da733f404aaba6a804482b10bfac8a635d5dbdf148a0d58572e7e","nonce":"35b0f52854df93c8e1b2888a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"8e5941ab5c34c9b28184200dfcb86d947118b0d9123e35876cd9d3a684ad82ae1d91796ff0cab48ead20d6c8d7","nonce":"35b0f52854df93c8e1b28889","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"0eb770886fbb5b2f6ea2d412dbc3188ee374afc563bcb27d5cf91e410fa92669759958820bc2e706d6aca7df05","nonce":"35b0f52854df93c8e1b28888","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"d0043b21f8085c298087c825eae8dd47af9c0f97d7f9089ccf647e7a6195064d30b6fa5ab013a9ccbe0eb10dea","nonce":"35b0f52854df93c8e1b2888f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"a76c50afbbb82f858ee76156f2b67f2dee7ff677ed8d41c3905b9240c581a1ab84f651763b8e0d93b405e66688","nonce":"35b0f52854df93c8e1b2888e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"9dc20cf1b34932604775cff5190a01fb3bd9b974a90a7cb7b42fa08f4ba7d5eb96a9ac7e06c9a1dbd8dfcadaf9","nonce":"35b0f52854df93c8e1b2888d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"b5a130a48f4f4dca2638393d6ee226939c347a5f9cd363f36306d60f70c856d3e819b1920c36285897d3ebee8b","nonce":"35b0f52854df93c8e1b2888c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"075cee0dddacdfda74aa070a7bd8b0dcfa3922ecfa92bf7401746e0b201bd3312907ac59a78c54c1e653a7481d","nonce":"35b0f52854df93c8e1b28893","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"ce49bd59fc9a85a56357a5e3bf4a09a933b0882022f8350a3b72357be33267b3567a151af95b2620a45508678e","nonce":"35b0f52854df93c8e1b28892","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"f918d688823b00812c65b5e8cd4567adbe535e1a3f58b6bfc63ff19e8c5cff03a11cd4c6e7850cf67dd0bd8cf3","nonce":"35b0f52854df93c8e1b28891","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"896fbc23360a52e1454c317c6067ca54f38231c011a51d6f052d1d65948e56775a8ef25c75cfeaf3073c925be6","nonce":"35b0f52854df93c8e1b28890","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"be0076ff3ac9a6bd1af6a56451d7203ea3c635a595c2889925249183b387c316b66f974e33d4fcee92763c2a0e","nonce":"35b0f52854df93c8e1b28897","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"e9c6fc0280ddab962df4bcaf3fdc1975dd8c0a3742d45157cb70f0b5291f147cdf67644f508ced5306f26d33e2","nonce":"35b0f52854df93c8e1b28896","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"ff647f6347235b306a99b90ce83fab6d3d4abd3ad8d26b943e17502dacddb83bf5846d278603195358618bfda8","nonce":"35b0f52854df93c8e1b28895","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"10a98673d7da07302de048b250b2f6854854764f876cf089faef5994429b8e20ca99e035e1646f087e02f9d528","nonce":"35b0f52854df93c8e1b28894","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"34dbb8b0951e63c1ef4380b7efe0c3ce276ea55adad3a86aaf7f7f4f4d8a468a21243365ba9385ed58099be7a9","nonce":"35b0f52854df93c8e1b2889b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"a6b6240db54953d71b0e40b9be444f1039c2ee98d36c6fc3e25cd72e37f568bd8e58e4b4dd2545e62d7ce68583","nonce":"35b0f52854df93c8e1b2889a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"c380b5280f21835e9765118b0b5f7ba092f060f2d600f84b140122d67635527b0fcb25d2792fef685c89c6bcf2","nonce":"35b0f52854df93c8e1b28899","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"486129566e232a509fd124e41c8fb6447396157dd3ca8b3566d90a1519eaed015a8f5d3bdde314a645851fe467","nonce":"35b0f52854df93c8e1b28898","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"98b01f10024cb36144c0f7051e01ac2cbbd77b7c5f08ce43da16f34b3effe493e74465d718753490ad287078f4","nonce":"35b0f52854df93c8e1b2889f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"47ad64d09fe352fff21ecb91f120282e6484e1f1d9bbd32a45b2a0e564f481bcb7dd2787882be03bb6843d3ed2","nonce":"35b0f52854df93c8e1b2889e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"d12e88d1f94b06dae41bcbd9dd5e719719d7db6a4c41512c9c7ec6b645d0bd241aafabdc7dbcf8c6dc84483449","nonce":"35b0f52854df93c8e1b2889d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"5b12546352c027522bdde5dc5883936cede91949c49df6f735f867b995114f7d717990a1f6c0cdf6918a3dbc67","nonce":"35b0f52854df93c8e1b2889c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"90b5b1b5d05cbd8ef4b95a7db8a2af6d78a5ab9fe445af8a914c1db79e52b59344a4dd7d0dbc6c20a3fb186047","nonce":"35b0f52854df93c8e1b288a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"d3dc031a54a1dacdee11b6c540a48e398a2bccf9f2611ab1e3727f70e8f96299b3db5e3482fc2f2d4f60b1ea5e","nonce":"35b0f52854df93c8e1b288a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"f4ec07da091b56b3350009990177245d5cc827e05bfeca95d297772f56051df6d26c43cbf09dcbf3e53d9ad5d5","nonce":"35b0f52854df93c8e1b288a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"d9ae99bc767a25e47ad11669299ce6686b45feb451c15bdfdcde143335b5408eb03dc9d7e3b33ed293d8c0b06f","nonce":"35b0f52854df93c8e1b288a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"90b4c6a17e56be30b6bf8d2d2b126ff2a151bb2408c4f326b27a475ee7c1c4b37a7ef9b82b56af4a93782b4c10","nonce":"35b0f52854df93c8e1b288a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"cc6f40fd6529857a3977f6cd087990cd2420de3ce37e27f08e8dc47e767989af4fc3fd3ff9d5320905ccf669fe","nonce":"35b0f52854df93c8e1b288a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"135b6085ff88a10ced58a923b8bea2690800534b76c58e72ed07cde26096e833d1ff299659d980b9c0db5e1458","nonce":"35b0f52854df93c8e1b288a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"baf82251cf67775c4869a4c037e7bfeb4597c594d246b01cc4899492c8e5bc628346fcad5cf07c2b0a1ea735e6","nonce":"35b0f52854df93c8e1b288a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"3ee4724f7b412270a82134b8d2fc4fb55d3bd12d162a96eadb8f93dffbf70688a46fd78cad99957ba681c038c3","nonce":"35b0f52854df93c8e1b288ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"e76790474448982da9d22c5e5893136a25fb5da9fde280b833c0c64af7f22b667bcf00191dc522f38e014247e8","nonce":"35b0f52854df93c8e1b288aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"c33b556e07587bd0eb081fb0c1b97d2a39089f8e9df4cb7ab95915dbb5769c54f67286e9542e181c85d5af2347","nonce":"35b0f52854df93c8e1b288a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"6654c3f1cb4ab90079ba54a2b746448ef1c5c2a7dd1fb20f867e9ee014f81181ff60b194b74f06b76ee129295e","nonce":"35b0f52854df93c8e1b288a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"265b83463107db5ec8db598a18f5d7acc17de9a034ef782d65df800fad8a8d4f14eb9bfff4df547418ac59ec9a","nonce":"35b0f52854df93c8e1b288af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"b366cdb24df6fc45866fc3aac8fdd8f8a78de24cd10102e1118ebb8ac39e8c1cbf1dad7bd001e941b268305abc","nonce":"35b0f52854df93c8e1b288ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"5b2960293ac8fbcbcabb319926977eeb27cadc2540422f4b944e207bdc6c2106d105b10433c180c04d4557648c","nonce":"35b0f52854df93c8e1b288ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"9cc723d09483be772290eb2f616bd9aec0c935a4f831e701e78d146fc518fbb68fe6122996bed50e3b5ecc3d5a","nonce":"35b0f52854df93c8e1b288ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"5757ebc8338963ef9f54dc2fe5247cb3d2e9fd614d89a3bdc74f74365dd7eda1e959e2da6c618a87b590ec0963","nonce":"35b0f52854df93c8e1b288b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"98cbfd8fabb4179b0593848bd62a6c338603d0d245f96676f926db62b9a0c4b2519c0d8997b649dbdf357d8904","nonce":"35b0f52854df93c8e1b288b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"9945b789b294ec3fcfb419b489af6dfb61cdc5d307b42cb8c23644cdfbcde5db418212cb10fb33e7617bcf0a59","nonce":"35b0f52854df93c8e1b288b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"84fcd7a607e1da60e32b2df2c178f480a40eb09a5eebd203aafc63a38ff6a895191ccac985d8cd99d4317b9061","nonce":"35b0f52854df93c8e1b288b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"a5716f25db3d9806be2a851eb82f2df270d498855ee8e7ef9391b6fbd31c643e8a29123882f73e5e02ff8c886e","nonce":"35b0f52854df93c8e1b288b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"06db8095871597c0d9b7845efdd05197abd93dd290db493432a9aa57d8f17d9a235cfa5b0632b4754fb5b580fd","nonce":"35b0f52854df93c8e1b288b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"496d10c11c674265bf784deebf300f187dde27fa88abd60368bcdd89023bc6f6ff26fc31b6c730c3796126e21f","nonce":"35b0f52854df93c8e1b288b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"e2415bf48c20ec4dd840e511334ef499a6903273e52f77f61441874607424f715b88c751544b2586d4b6c738f8","nonce":"35b0f52854df93c8e1b288b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"8711fd18df853a6134e74fc9d57cd2d26b4c2732f9666b6b6ecc20183841a7630a3a8f0c1733c7a06948d27bd2","nonce":"35b0f52854df93c8e1b288bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"a64768969a3b9a5807e7786b466e93de30712621079ae85ca3ceab8c80028050d42d764a00a8e27283b330081c","nonce":"35b0f52854df93c8e1b288ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"088d835017cf55e1529f6996b4aa4054b2f51af096025aa385508bd61680fca7e724143515ff2722c15f3db0d9","nonce":"35b0f52854df93c8e1b288b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"42f1dc2d586c4e734f4cf8ef7d5d546579be26de29af0d5ee492f2aa224344fc546433b72667c8c41994c33839","nonce":"35b0f52854df93c8e1b288b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"26ebc313672dba555bac78bac26ad7cfd8d5f746c789cddf5753cebfa38e0775a66e22b0c5fdb07ad4200fb05a","nonce":"35b0f52854df93c8e1b288bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"7223be964a620573bca2a876c026341b21951a9204f7f7399eb6aa561df6f50afaa3dd7d9d4101d57b0b2dabf0","nonce":"35b0f52854df93c8e1b288be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"6412cbb8e107a0abb6f558621388fd7c5cf977092929ae8abb33665c9c2f09f6b6c358aa2e6e133fc7d1851ef6","nonce":"35b0f52854df93c8e1b288bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"653ea9865543ca2670320a2be6623c92a06e93808061c1c1f6c8a27415371cc1d4a76cb49406e7315eec2f4191","nonce":"35b0f52854df93c8e1b288bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"8b677fcbb5b409598bed2384d3d3c7b01e08fa5d9223cf1c2d135f66b200d44c9d80629175e3af3bc043177ce5","nonce":"35b0f52854df93c8e1b28943","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"05063dfe389a7a2eb6df3bcb8b64476811dc01c9b3ec7a53bf9447d846e4598f"},{"exporter_context":"00","L":32,"exported_value":"d628dcf7807b631568af094291c31c7304c081604b5b1e087ce20f118046295f"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"56c8460b24deed4c6a89d1cb21037c256275f20f558c35e439d5214a98e43714"}]},{"mode":2,"kem_id":33,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"b0f9ddecb790b0866097b119b8252aeb6076d44f95fb5e9bc06c71c6db0d4f2c59a1bec8e11fc111792155eb0dd46b8de06d0388101016fc","ikmS":"2c831dd4d97d2e2de000103cc264411f69e12e96665e249c2c767825f441ef783a44f9046d2cdca75d27ef80e906a3b72de9400ad945e91b","ikmE":"57f1c4769946dec8d5f1caef27dd2b97dec19c10873ee486bfe27e4f2178f9040847b59b08ac740c18bc555fca466964778d117d6031838b","skRm":"7bbcb2dcb4b0228718b6f01609feffe7e29ebf11583106df319091415e54e82fc6360d7dfa6b482fff6690fadee2c6b85aca4eee0ccddb7d","skSm":"435ba58b5b6790935e4b108815e4fe6dc3cc87e296d3717631b1251c910c516799d6145c05352ead3afd820f5ade1fd07655eeb42d8bc228","skEm":"f88037e8f95744954e9112ae595e17182a199d85d34091ef2be5b78282792d88f4db54a1d4ab5825f71adf7200b908e752b3970881bd689d","pkRm":"8aa332975597c3c5185199e63daeb2b3de96b6307d01ec670287354d7090c9febf19617f18142cfbbec97c710875c6c5d2b728c4132280eb","pkSm":"51aa49db2c674fa0fba4b1aba7212af16b7b08166330149573680cdce0916e6b9a2245666af06ab54203e3e986365384306f677e47a73cbc","pkEm":"6bdadccd4639d76f6a75148a173b01ffbbaac0396d39fd5bb76e7ceda46ea1afd115bd8ce24cfa165b92fae3b29240285fbbc6d4c90705ad","enc":"6bdadccd4639d76f6a75148a173b01ffbbaac0396d39fd5bb76e7ceda46ea1afd115bd8ce24cfa165b92fae3b29240285fbbc6d4c90705ad","shared_secret":"1df5567445202c83908136b0c9dcb777ca19b36bb3a901ed75fc5a4d460c90b43bbf4a30e67b938c87fe796d9e63caad08715f69ed413490876cf5e0c0be73fb","key_schedule_context":"021106b1a1933067c87d4d746f7db5f197ad5107c4c5c2b8755555b63f50bf121e2030461bab15fdc38b55e526b9f9cbf3342bacd78553d0ce4eb4260c52b61d24","secret":"aaf6e99c5d36335aaa9f694607ca784dc194a188222b260157df9a265b28dcce","key":"3500ba3adb6e5592b4bd746b22e8bf59","base_nonce":"3c7336d68f6e9b1ad104c198","exporter_secret":"f91589bae4fd9adb9ec7367e6942e51f7fd4dce40241f6b46a3c3f1bd6332e85","encryptions":[{"aad":"436f756e742d30","ct":"35fb796ff99d8b6bbc8a93a7a301560eada91ad7b4ed42dc90001bfa5284cba662ab4a101d172dd0f19374cb40","nonce":"3c7336d68f6e9b1ad104c198","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"75e85fffd758e8adb1b0f5f4a175b129332a48e9160f970b05cd3918f85b940502553ef24130cfef1a5e1c1694","nonce":"3c7336d68f6e9b1ad104c199","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"21f609fbad5b0eb675d5b7e7d1261c57e8fc27098227f2a5330140a7db651a79fbd2a17964719f16f15723b6b6","nonce":"3c7336d68f6e9b1ad104c19a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"0cdc08739a6cb9dc0c4866591ba9e03a4bd9d6823d1ecd6eac39386c103db6277b63e7845962106cc893d16e33","nonce":"3c7336d68f6e9b1ad104c19b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"c826fa60fa2c5ca4693cb9ca0397197e141301fecc3148e0b27dda69f9d89a3d105b96eb6e34c14f4fbaab13e2","nonce":"3c7336d68f6e9b1ad104c19c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"5e7b7fbe19220c25edb1cff005fedf6d60ceb41093959ae5bdac752270c54ad2228902032ba33529b9928fb3d0","nonce":"3c7336d68f6e9b1ad104c19d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"0f08f093ba715dfd6033ef3c5f98c57bab8848495cb87b20da662400723b3de806bb281d825dc7901428dffd66","nonce":"3c7336d68f6e9b1ad104c19e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"5ef61f8243e021142190ae8c40bc48fc6fb70c8e40fbc9273863545fed282c2c48b968881711b326021b1ee5b3","nonce":"3c7336d68f6e9b1ad104c19f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"553904bfbb40d8469b079951b77a73b57e0aaff66a5458f72fce575cc4f7df19ebf120c3a3e6f0b12dccf24a65","nonce":"3c7336d68f6e9b1ad104c190","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"7c3560d1f344de20b1e5b3ccf486de224976220b07f47681df9900d807f80b667b409275215c39824776f3b021","nonce":"3c7336d68f6e9b1ad104c191","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"8d166ffe7706a0f5339d26f20f2cd08bc34b9c789233ae23a13e073ab80863e5aaea909f55103fd28c14983373","nonce":"3c7336d68f6e9b1ad104c192","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"633d663e45abf04c56d5a060e4d838894023d581901e8ded220ee06aee88a3bf9ef4bafe5bc6ceca798fe8111e","nonce":"3c7336d68f6e9b1ad104c193","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"9f54a4722cfa7e54f664c6325a1909b11a5856058d5846188751489829f41bf0ebcb91ca9281c2e0a1bc8ada48","nonce":"3c7336d68f6e9b1ad104c194","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"acbfdee83a3a4fd4d2d61e0a07b11d05e8fa397ea418f39f617633b2a5c0bc3b41f4663c56ad7ef13734eb158d","nonce":"3c7336d68f6e9b1ad104c195","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"c050dc08f17cacb3f37ee35638a58a5f841e4e85b8bd14e781ff0339add7d7be860f0d7ad4d71d747de133edb9","nonce":"3c7336d68f6e9b1ad104c196","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"04ba5c4fd0b0b4867b5460d5bd25bbc5944a7c50721f0c66cd5f1d1afe7dc346f585368860b651815ce3707bc1","nonce":"3c7336d68f6e9b1ad104c197","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"274d0e2b971248ad60d1b0c9a53fe2fca85dc5c3cc804b0945ff8704c81eda22e03a9ecbf11ae64782c0da069c","nonce":"3c7336d68f6e9b1ad104c188","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"26d60199216681d222d419c82bf8ae7c2b7b1b20ef6687ba71fac7e502cef296a11b8a9c9ab626f23c4cfd3668","nonce":"3c7336d68f6e9b1ad104c189","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"e3cb7a5a121df4b19d1a143ee06e13113cbcb5bb4f02f9b45c933bf536ef14fa845a41a56ec87679e28fe8dcf5","nonce":"3c7336d68f6e9b1ad104c18a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"ba3087a122106ebb4f27998e507c9c2be658446cd0d638c30e780344d8a9cd2fb42cc308a76a27175cfdccc651","nonce":"3c7336d68f6e9b1ad104c18b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"46b00907ab84ab79e03607b24488a853c6fb63c59ffd410df759eeb764a62192c7c17d474ee8d0c0d9b8b14856","nonce":"3c7336d68f6e9b1ad104c18c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"a9a826fa8b7ad0a75b032e539e90f17f220d92635312883d427b0439881edad487643870d2e762857edc1218a8","nonce":"3c7336d68f6e9b1ad104c18d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"743e4e6794fa3db1d1f0e58aeb81979b1ea1579fe5d3d89e9149a62594065d9f51d19fc0660dcc5bbd61cd85c9","nonce":"3c7336d68f6e9b1ad104c18e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"58aa4ab0d38f42dc43e90643e19883f4ad8d11d9820d5131ebdc0a0f05e3a9ea717bfa411cf6bb9f0b39b09f13","nonce":"3c7336d68f6e9b1ad104c18f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"fe12920f4eb96e1f9bfc1fa13235586e39cb75e8d475544cbe79337fac9c282dbcd1a13d568db60d7ef69324aa","nonce":"3c7336d68f6e9b1ad104c180","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"4076410d38bd392150141718fc9ce2c57a8cf4476b165a03fcdef421ba48825bafbf1cd2061ee318935c32cba3","nonce":"3c7336d68f6e9b1ad104c181","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"adf61c234a8d5f7dbd3600fd6865b81d0443d2d9b2c3ba6fbd06893b2823695b8624b885167c951153f21311f9","nonce":"3c7336d68f6e9b1ad104c182","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"327e743c0ccd443f05abff363065ffe74ec5aa8a692f3adb60c8f43b5f877569535703f727ffc920c3850e903c","nonce":"3c7336d68f6e9b1ad104c183","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"6c454d91cad59dee14193f582ff842baa73a306ad65ebf1d045e396eb508eac5147bed260db9e4f2f441ba53f4","nonce":"3c7336d68f6e9b1ad104c184","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"9d6f16b5d102305007025c7afc21f0b2f86cb00d89ecadf5dada14f11b5e7f2f48e32e38acecbd371ec3642880","nonce":"3c7336d68f6e9b1ad104c185","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"03093c6a2e801475a5ca30a6d364805d11982c8734701cf8d41801c9285076224641f1feca148d21a749c897eb","nonce":"3c7336d68f6e9b1ad104c186","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"5c49f94bff68906b2d879e3e26bf3d6db13e5cf4efb3a1805467cbca584aba1a59e515c470c8d20b1e5e4b2f7a","nonce":"3c7336d68f6e9b1ad104c187","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"34334f7d245ca227239979144ea36c840416e789cb866f9d418470ad23e9df5d75963897fb8842ddf6060753bb","nonce":"3c7336d68f6e9b1ad104c1b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"29f6388afe31500675c28c9dd51b590463a1b023f7ec23ef401ada678b0eec0b2b3bf806159f6150017005685d","nonce":"3c7336d68f6e9b1ad104c1b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"fa1b60ef815fa5c595162a8ec36aa280237ebc1870996acc69f46a5186a3f421803519f93b9bde70957b6b77fd","nonce":"3c7336d68f6e9b1ad104c1ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"af42f379becdf3327e32cfd3f2b0b804c1abeeae6dc37c6cb8347dd5bf1d1e05e94376975251ca741eff4420f5","nonce":"3c7336d68f6e9b1ad104c1bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"94764206af0df27e6e4a113d56134cd91d93ff8346c0c7b4f8f9f908d6f2f0e8de6d74be2632de88ce8d9d7ab9","nonce":"3c7336d68f6e9b1ad104c1bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"7c7d12cb06c005bb827dbfb692be3b738e1e4d085d2cfe5fc9e7bb0e3ddab57cac0a7f0a9109e78835e93f789c","nonce":"3c7336d68f6e9b1ad104c1bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"fe436ff8bf58c60be7c139499a0e972ff6f15549e928db8f439812091d0f75dab705724295ed61ee1f327b8116","nonce":"3c7336d68f6e9b1ad104c1be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"b6061d046625d3b0768cf5c86cf407b10539802052dbca50e956948d804568aa33d5949500f25518ab5bb1f7f6","nonce":"3c7336d68f6e9b1ad104c1bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"2a3d747deab8ba4d10bea93f8874c66bebe70ae086bda3f1bbab1cdd68d4c5934578eff94fafd59479c65ac246","nonce":"3c7336d68f6e9b1ad104c1b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"d6ed0b62e9c93f48fe2924b2af56bf30d0d29d05a9de49858a98174f75d08cdd5ec0e1dbc11461c2061b2867ca","nonce":"3c7336d68f6e9b1ad104c1b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"ee84f6fda235a38d582a30613a3c8b5bf259b5fe7d8010d0d273a42a58c955aaf1eadf31ff4a2aea956b2696be","nonce":"3c7336d68f6e9b1ad104c1b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"4121232f3e28186ec1e018f0a93f01b6e1837a3d99b16b653bfbe475a62d83e18a78112a6b32e0363dcfb4a78f","nonce":"3c7336d68f6e9b1ad104c1b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"c5c4692be8f801b58337831273ccbc8aab1fe3ffd5a120262ee9ffacd91d1245bb8b5fce0ed622346e527a0663","nonce":"3c7336d68f6e9b1ad104c1b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"e9bbbaa3dbfaa7f787a26b0f21ba5df0d0679258305e311561ebd8175a54cb663249b770f1c429cb0daa984461","nonce":"3c7336d68f6e9b1ad104c1b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"b3e681b13328f448a9c2004cc6f50107d64a6cc09b2a796865f80f5e1de554e5c91a3d5000c1bd4019521d4afd","nonce":"3c7336d68f6e9b1ad104c1b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"da3f1d697baa76ed0265ecd67acc6d4e95302aca01809edc402454ff50d16d5dfbabe53c780ce88341e59fcd7c","nonce":"3c7336d68f6e9b1ad104c1b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"0edefe99ed267887dac975611d5bb59e016fa37efbf2691b926054ec6cd59177ca423ce828ef14a0bee494bc73","nonce":"3c7336d68f6e9b1ad104c1a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"658d7ff7d13ef833345bc8e58a2aa3655d46eda56fda2796089e4b58f174d0135535c7ce96803c37a3c2b5c3db","nonce":"3c7336d68f6e9b1ad104c1a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"22e75aca402b6caf3ac22d67453111d2e82547ea57267dd7b9081d7951fc82655faa1d95cacf86eede59d60af6","nonce":"3c7336d68f6e9b1ad104c1aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"107ea5b58f455a1fc80abf941a2e3cda543967f64711a4c6a59c8b5a89c88516bcacb7f5a6035a8ad98412f0bc","nonce":"3c7336d68f6e9b1ad104c1ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"374a3119a836720139ab87e4e67595010cb36d5459493c9cef2772c4c77e615bca2d3b6b10dd50acd882026cd5","nonce":"3c7336d68f6e9b1ad104c1ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"b3fbf6eacdb6ccb79293ca5f81cb434350cd253b96601f4f7abd4e611167ca2db4d407724155757508534771c0","nonce":"3c7336d68f6e9b1ad104c1ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"db40de841aea3731016bfb30d06d633a7d394db773280108417dc767c56ab80e36494de904e2bb2ac944504805","nonce":"3c7336d68f6e9b1ad104c1ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"6f39484e3bf4e894a5e209c1ea03ce596b1ea28e9d03260bb336c51f183c6cb7bf55027004a62277ca6c09d094","nonce":"3c7336d68f6e9b1ad104c1af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"4b83d7b4034d7e25afb0c73bee555e8ef6ca55db0ee24c7e8ad235ef742bbdcec138586a501ee20c68652f75f5","nonce":"3c7336d68f6e9b1ad104c1a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"0131a4db7d9bf8f059f3df09b01b76ebcd306465a5a80e3da28d457eac3811b5107add310c71ff22603d4b82d1","nonce":"3c7336d68f6e9b1ad104c1a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"cd30f3701aaa1f59c0179edaf2d3d0ab0e8ad8764cca9be2c2e628a44368a283be4cc500629fe5efedad458896","nonce":"3c7336d68f6e9b1ad104c1a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"d2b80b6a8ea087364a2dbd8e9319151194ad77941c33e476d5a3bdea3e379992978c69fa41163e14c33899ebd3","nonce":"3c7336d68f6e9b1ad104c1a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"7c61a949a747fe5b490eec9b4dd5587e9c08f5c888f7c6e660f6393c255470ea04cb090c884429151824ff5f70","nonce":"3c7336d68f6e9b1ad104c1a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"3541aeabf028677c94c0d12f6a1e51c30be7a915fb0c50d8fa8206faf500817295e0e504766d679592486bfa70","nonce":"3c7336d68f6e9b1ad104c1a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"45837fcd00d43a913aefcb816ea561657e550efdddf2697484844bc14725bb15e051bfb36c87ab9c3590be862a","nonce":"3c7336d68f6e9b1ad104c1a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"8b470a0096e07dd968a668300d7dcb77fb63dbb217b4cde978e06cb5cb61fcbfe62fed8069f84530282576bebb","nonce":"3c7336d68f6e9b1ad104c1a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"48834ff1a3b576ad102ae40d756c68a74c1671187d0a70a511cb9182c4614020113945353bc946edee6ce02ea5","nonce":"3c7336d68f6e9b1ad104c1d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"3853f268a24de012d24e14beb86787675b5ceb784790dc549d07e91c75881adddc4834946b410ad6fb6ed6f037","nonce":"3c7336d68f6e9b1ad104c1d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"d1a75e243b9583023c9e64a7af62fd20928c9bfda404cffc3922dffdf0d1642042bc81b80b07f4f45196a40c2a","nonce":"3c7336d68f6e9b1ad104c1da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"37aa3c53d8bf7d67d36ed9fc90e7e63e2496ddd075ab311c5db6b8e8d9863fc95337b163e5bd2a837f9714f34e","nonce":"3c7336d68f6e9b1ad104c1db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"ca448ff1f2dff48eba474ac5dfd4c1bf1427a05dc59f840bf56fda383c6398325ce28ae99a953c1fb2624577ab","nonce":"3c7336d68f6e9b1ad104c1dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"d8878eaef7bb4c94b4954aff3f1d955d1329be9f650437a019ee8072627967f9fd9152344d7241929048f92051","nonce":"3c7336d68f6e9b1ad104c1dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"95e6f154d8b5229c763558b7181d22296dba1d918738fae7501204ba19d6a52d2ab81b3ff5fcf90602f9a1dcb7","nonce":"3c7336d68f6e9b1ad104c1de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"802b7848d56346c46296350adb6501f788197468a04fe5060bf75bb130c13efd5bd3779c2cb6451b4327b4fd53","nonce":"3c7336d68f6e9b1ad104c1df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"1799f0634154dd36d4febe366844054034bf8e4645b045f027818d00d6f263440d6f3dd6068ac962df3aa5ff32","nonce":"3c7336d68f6e9b1ad104c1d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"47e41689a0b75ffdfb8810b359249ea56a97b5b888093f92a12d56e0c549bfdd14540bbf59684b36163d442248","nonce":"3c7336d68f6e9b1ad104c1d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"2982cb2b475e4316d668f8063ab722492e686ceaae182ec7d1292893bc1f9791b22bd4f944d72f20aafaee7540","nonce":"3c7336d68f6e9b1ad104c1d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"63ab050deae9911d2ec7cfec4079152e33ba95c2843252af145da4aea8d2e72e7e5a05b16f01aaa4b52db61e92","nonce":"3c7336d68f6e9b1ad104c1d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"651815f52f968b003bc8ddb43c62fbdd035c36c42f4f8fe71fb5b7de994dd5ee6bf2b0ff99c0a4a27467cd1517","nonce":"3c7336d68f6e9b1ad104c1d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"397b0a9a2e5c58e2edcf2b911c711029dfb3eedc7b5527ed0f97b43c142409d543c7a2ae819fda77955dde3f98","nonce":"3c7336d68f6e9b1ad104c1d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"5aae54684613c18c0489c18ae132bedf6de460f4b68deda3470e00f39ec8bbf53fc46fc3a88d54cfb18a5901a8","nonce":"3c7336d68f6e9b1ad104c1d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"78573039b1e18cff80d3ae56b4d311dd2af08467d1123bd068096451f9a5b237ef06ffd69b26081200094e1d8e","nonce":"3c7336d68f6e9b1ad104c1d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"476fbcbfa7ab9d034ed42aa3b8f92496989d762bf5fe92b3db35d477a1a73ef277816269f9c53abf5328513d8c","nonce":"3c7336d68f6e9b1ad104c1c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"a4a902db3948c815dd893df51913c781635dd0a0a6cfe7356abd3d071a0fe9b02537f4aaa235c6412ae24a37de","nonce":"3c7336d68f6e9b1ad104c1c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"76d29625dd0442997dbcd3b1ca3d4b43478d1c89a5efaf68a7b1e2ea189ee865200698710c6730438498c85b8a","nonce":"3c7336d68f6e9b1ad104c1ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"fb613719b426c11abedcdbbfd2d9e3d95a7f9becd79b59d4cd9de7325c897acc0d968779d1ccfe8812aa3f0219","nonce":"3c7336d68f6e9b1ad104c1cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"ce774d0e9cc65cf032ac994cf003a9af4f084f426ad2e646347b2172b8332b5d66fdf2e8f2288de4419c90a3ce","nonce":"3c7336d68f6e9b1ad104c1cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"9a96ce560877c231fd1a2b4c7d989cb38e549de1b841a78be8aa25589906be1fdda08dba77eddd45ec1c1742df","nonce":"3c7336d68f6e9b1ad104c1cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"5fe2f9e85b35af4e04f910edf25efa8f1f87b760e4ad343ee3309d2ff5be06fcab92e5f80645ad9c78def1ada3","nonce":"3c7336d68f6e9b1ad104c1ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"479f45031e6692a269d265046912a41b9e3f0a5ea6efc601b8920473959754023aefda87d2f3c77ab45ec36e43","nonce":"3c7336d68f6e9b1ad104c1cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"1c6ef108fb802b55db96f6eb7ee6a72d7b1327016afef80ebd5dffcd7c66e4aacce18c7c4a0dae5b6a87b7b32c","nonce":"3c7336d68f6e9b1ad104c1c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"448b507bc40fd8d68f8cb312a33364ecea7559820759e6cef4a76b7db14da3dece0f238179d193403c9d1040cf","nonce":"3c7336d68f6e9b1ad104c1c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"6adef5ae5da61f378c2ab18b69e7e884f8e3eed10e0f0181994adab5fa8d688a65771875c16aec9c73330a8976","nonce":"3c7336d68f6e9b1ad104c1c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"7adc43fb6f7df702cd486ff80e5298e82af566e2264b704d841f14a3b9a99c4929661b745aab3a3554f4c87530","nonce":"3c7336d68f6e9b1ad104c1c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"594862bd39d42ca39db9b1ee3938f09c4dc5af17fc2bb48c71afce1e28296afe34653101f71a4967562056754d","nonce":"3c7336d68f6e9b1ad104c1c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"c1b3f6cc86c8e497bea68dc4e384c3517a375f6a6cb4ac909186fcbf7a558c0d26dcb9fdf2cf3c48d5b7fac678","nonce":"3c7336d68f6e9b1ad104c1c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"b53d5e95df7818828b46db208f75762d0c78b0b38dd3ed14a0e214c44cd89cbd775c259ddb30822754986562ab","nonce":"3c7336d68f6e9b1ad104c1c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"8a6b7a2a5d32faf6135f45c5e09713e73db37c0da86807ed218ffd5650baf89955ee9f059c220326e01822a0f4","nonce":"3c7336d68f6e9b1ad104c1c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"8c87c6d6bb26f0aaefae582e5de491d7a728e13258825f4c0818dc19868bda9c5702ba54ba804007e63986c6b9","nonce":"3c7336d68f6e9b1ad104c1f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"19b87d721b89a4455812f97365a38d4fd6be0d723d2e22f7cfcc96ec9494bd670693e279ac18897a2720f92914","nonce":"3c7336d68f6e9b1ad104c1f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"712e1c77a0788a37ca991aac5dd688a8142f9ddaa49ae6b97866a3cff27587e55e3423299dfba65d9adf325396","nonce":"3c7336d68f6e9b1ad104c1fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"68a7bb361d67fb8194752899c275038411cf1912f5a61ea9c600d27ef16bb0304c8fc7ddb8a4acc25c8bab01f3","nonce":"3c7336d68f6e9b1ad104c1fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"e82733a01d8ad10786efd166054488ada6b7db74e6012e7392a9c335c0e4406c112873e147c05bfee0e7ce4915","nonce":"3c7336d68f6e9b1ad104c1fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"074be184f74a7e33d9967b7354923a748617e10d5c570bc54a77c3b2a59fc7cb04839a37e7838e070089bd653a","nonce":"3c7336d68f6e9b1ad104c1fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"6e1034ae38f88f5a5887d7132d4cb74f7c019a9012cb716232de1877aa7e9128af6739bfb6fa14ac6b754dacb2","nonce":"3c7336d68f6e9b1ad104c1fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"c2adcf8080e09a9e71b5b2c313518e0dbd399938bac4440931dafd0abfea6abd9ebddd391440abb7131adad2bb","nonce":"3c7336d68f6e9b1ad104c1ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"eb491711fcb0e6ca79a783fa4fb1d54b711246f811249c68a2dfe848fbe7e50c0bfbabe539e4e943363d23d228","nonce":"3c7336d68f6e9b1ad104c1f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"f300c97277fbb20b22a034fcfb39abd97652775f30979599acabea19a3ec4d6f7bbf1b843169d6b9630d17a134","nonce":"3c7336d68f6e9b1ad104c1f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"9784b3f54e965b2d5e1b8a5d7fbcb8b03ca91ab3c460fe9549a1be293e356fcedfc87573339b27a3cf6477ef36","nonce":"3c7336d68f6e9b1ad104c1f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"2ee3e6749a4c4c080c0e25938b47cdf131e391993cbb58561f4b6312fab4709e66fb567f4d7ed8a34db7599eba","nonce":"3c7336d68f6e9b1ad104c1f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"38a2f5871a1e1589af43fb9f96e359d8237529681445422fc508cb227b1b23e502cbe0ae02b2c2f70a421547d1","nonce":"3c7336d68f6e9b1ad104c1f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"56f3758de8ae9fd3f5cdf97ae3370d47facb337534e0bc4a240e802e320c306044e8323f7b0f1157df0f064a71","nonce":"3c7336d68f6e9b1ad104c1f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"cb18b244cf095bae05326901689757e38e3003279119bad1773648739bedad1ff0606611dd1c82fac6ca9604f5","nonce":"3c7336d68f6e9b1ad104c1f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"46e34ff969ad6c13e0dc616db7b3ab1c4f76679f6c4a341a35aed526522a615a60be6845d17a3c4f417a27c270","nonce":"3c7336d68f6e9b1ad104c1f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"abe6ff0c680bf7b6b3ca5416e577faa4e2bd90b93777629ebc03a7a671892b88df278ddd28789d51a3a0fe8e56","nonce":"3c7336d68f6e9b1ad104c1e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"036123ac12246d1b26af841bf56b7825b14849d0860297e7f79d1af89db4353a69ccc2c6f8944591b48a5ffa8e","nonce":"3c7336d68f6e9b1ad104c1e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"eddf4228f58390a4a91d506b1d5993c195d6153b0c65db7a303f66f1df78f39d92086575646244422fc9c8fa72","nonce":"3c7336d68f6e9b1ad104c1ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"da3e678c047178af52b95803d9d1ae7ab7093d898b0b0413d28b05d75fb3a4a0ccdcde3159e36519941d029ea4","nonce":"3c7336d68f6e9b1ad104c1eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"ac3275b14b0fe4b3bcd310ba4336bc575687e290919127da49040cfcf899912e460e4c7b08f64effe68476d5b7","nonce":"3c7336d68f6e9b1ad104c1ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"e1285956e2ce12f8e0e4c60a40f65bbca58d888d0da63563ff17957e4ecc6b3b2d46072378f75534ee15160caa","nonce":"3c7336d68f6e9b1ad104c1ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"664fdf518c2abf5b6ea57f0dd9a130851e54d1def7c54f1ae0499c7e8c7c8afac0988d26cf127c068297357a52","nonce":"3c7336d68f6e9b1ad104c1ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"23dad94c5bcf6b573e123e756ecac479d3a5833952cebdb17f6de67bf6cd227992ca480ab343357a4df152f25e","nonce":"3c7336d68f6e9b1ad104c1ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"4e0c51ca1887cb6e6060958aacd4ffd1178289228a2b7ce13c561e6b14a51f040160210cb7e7e5f15000ed80a3","nonce":"3c7336d68f6e9b1ad104c1e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"5c4ba231292db5ca463018c3101185bf131647bec9c9c89397c1b8d4b934e5ef332733826f4487f476e5bc26b0","nonce":"3c7336d68f6e9b1ad104c1e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"caddf7d4407ca9c2591a6ce7d90005e7e31870f3d78efe78c9718aaeead9cc26066bba884238c06de989211145","nonce":"3c7336d68f6e9b1ad104c1e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"10746e8ba9660ee562571ad79a4a08d65beef4ffd5e4ff04516001c825913c87576212525f86abbfc881febbf0","nonce":"3c7336d68f6e9b1ad104c1e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"9f2e64531867a416858807b0f61d647525871d94a5ff2cf7b80e3d8cbf431d3eb8a4664f48f52eaac4c338927c","nonce":"3c7336d68f6e9b1ad104c1e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"c696c0dc96cddfe7c42e5a00e6e70338b259e0023c726faaec6652a9c6824e3f1288567ecefa7043410ce4dfa5","nonce":"3c7336d68f6e9b1ad104c1e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"48b9a7586ae1b1ad51c5ccdfe31e5132df8b4e68429c24a9c964870bb9d8f9b221ea795479dbefcb29ef36049b","nonce":"3c7336d68f6e9b1ad104c1e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"b5c9c6547c77b12f5c89b8d6df5b6dada77635efc4e1d5206b7fd990cc36c8707ba8208ccfb2b58d7f7cd0bf28","nonce":"3c7336d68f6e9b1ad104c1e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"ba323f8ad8615635ae5cb57dc091517c89c1d18531e69fa0bbd8262a2c3d379434dd2f34d0206b4f2ab11a0e94","nonce":"3c7336d68f6e9b1ad104c118","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"05a1e413c732805def30ad8e17e3d27b9fd20d7a59a4611c20e4e9b8c97aba2fa4626265add4b44621e02bb1ae","nonce":"3c7336d68f6e9b1ad104c119","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"b812e7c66ca477bb613da09b748a968638570af1380f73813d6470fc0bae50250826acd637da13589c1ff8b018","nonce":"3c7336d68f6e9b1ad104c11a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"a8880180906e782166738c0e61e2e391ddc80312f5178884480dfcd29ee23c9418dbcf1730dc22c5fce956da86","nonce":"3c7336d68f6e9b1ad104c11b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"7ea09691d10839e1b4cdc5a5fa66dce85d7d68d617bfbb7b58298abd2179b2ef4a0d0530314c59176aa6e77325","nonce":"3c7336d68f6e9b1ad104c11c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"d41cb493a4c885a2aa62ff32b3a5b98ad436f6322737621a5ba38b5cd014a620c579f8feffdec1d30a5b197903","nonce":"3c7336d68f6e9b1ad104c11d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"6a36411331df64f2e76e11c780758b5f583a7319f7030880dcdfbcc5b69b6648cdcf03d8cd7692713a8c0f4f8b","nonce":"3c7336d68f6e9b1ad104c11e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"c5b1a0f19af6f6b86c0fa7ca436cf4de8790115b4b0335abc66f83964dfe9bc766f73cf3816b9f737ade768532","nonce":"3c7336d68f6e9b1ad104c11f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"c76e1cdc59db8669ebb5fb2f6e54350be918217557d6389253b13507c50fce3daeb82d818fe09aa96795a610d7","nonce":"3c7336d68f6e9b1ad104c110","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"81ea42ee5397832b269aa5b36149b378bb7ed44ebb525eded60001a8386578f2f5affb3fa8f1f5d4921734cde4","nonce":"3c7336d68f6e9b1ad104c111","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"9161aef320d7a8f42b3341b9d051f928a66a815d0c67be96f7d17f6ec231af4d035034ba5347dd36fff79e4ab9","nonce":"3c7336d68f6e9b1ad104c112","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"d3cc3217db063f442125599b5f57a3cc905973746875e2914297e7ddc330d51a7b6eacbf6773ce63e09657e46b","nonce":"3c7336d68f6e9b1ad104c113","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"96488556445479ffef6e153f955b139493da4260fd3bb2dfa36d8fcb8dda14d560a9bb12757f48c9190af933f9","nonce":"3c7336d68f6e9b1ad104c114","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"a0fd8f43af7fc1dd0e9b5411c082f576191a4a071aa1509d1d1bfc60901e8a152e4abca08294eb3aaac9412417","nonce":"3c7336d68f6e9b1ad104c115","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"9a0d34281cac54edfc4fffbb8a49befb7996da592c8ad202adb11050c09a02718552f309d4e89719ffbc10dd05","nonce":"3c7336d68f6e9b1ad104c116","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"c32865112e676863c78182bb279eda93bc251188f909b4b954ba88d6573e4b76932162f3ad8f105012b9f578c8","nonce":"3c7336d68f6e9b1ad104c117","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"e4931c47115332d6db766e01d902d3e4583806eef0354590cc0ebbcb4b4df46414f7d7d83bb91fd6540604dbdf","nonce":"3c7336d68f6e9b1ad104c108","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"32191fe0764bae1b22d47fcff9ca4e99c43b2aa2ad9e94a65b3a9a2101733537987df769c53f8d1bb40ae424a4","nonce":"3c7336d68f6e9b1ad104c109","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"17fdd95b4f4edbb870859d09ab239e8a11f2ca18a4c27643b04fb2f9363a81b56efca7005f7b4de368134e14a6","nonce":"3c7336d68f6e9b1ad104c10a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"9b209ac6e2752d2e39b382a7b99b6de669fc88d4c9c120c8c5f3c2055a5547ee127ea4605f8d3ffa5d1f78c825","nonce":"3c7336d68f6e9b1ad104c10b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"4d1880bbede7907f92140a20bb932c2dcdf52882b1d6bde5fc5544719f1c51f53663b90191800f47e3e177c0f6","nonce":"3c7336d68f6e9b1ad104c10c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"09b61d1237f99b27a95e8b8f85ca88faa3a53cee72a848d84fbf281167df39d4aacf02b060ca11ab0c96800c4c","nonce":"3c7336d68f6e9b1ad104c10d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"0deb8d4fc3490adb7dde5664182ad39d6370575a79ca528c4f678dbcdb2548f21da757aba37dab1ef2a6a9a050","nonce":"3c7336d68f6e9b1ad104c10e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"e8c69c7dce1215161bf07a8b668bee7f3a34d1244dc2d54ba1b4233be7073772f976a67bfc4c8e7ffe3260fa58","nonce":"3c7336d68f6e9b1ad104c10f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"5ea425430cf7048d25f9d47d8e64e994630e8b862639527d7f55c17401136e63f9fffe3a40ecbff6c67a8c1a76","nonce":"3c7336d68f6e9b1ad104c100","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"a965c25aaa55cca2741e4c62ebe55210070e587e358e32b6f7a7e351a91e70bfdf596fa6402d31771c2b53f2fb","nonce":"3c7336d68f6e9b1ad104c101","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"a40fbff1abadafaa125ed9523900b3eb64655681cec565b7755158837a16d27f0ed80e48dc8dba33c4114f4a16","nonce":"3c7336d68f6e9b1ad104c102","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"ec2baed7ca933f6015c3df7cd0cefcd291af2d8e6149d7218fa84db105e87775265e43f942b5b6f071f09732c9","nonce":"3c7336d68f6e9b1ad104c103","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"ac1befad4ecce0b5948f3acf4fba96cc9c84e49e6c9bf78ac1fdf2bd85687170a712a801f8a118a24c2a011a2d","nonce":"3c7336d68f6e9b1ad104c104","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"5d0d1ae585cd30018508ccdc03c42b313b137d20776134cd1b4e2488e146a95d151f039ed289c3fd28fae18187","nonce":"3c7336d68f6e9b1ad104c105","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"24d99075ac59947e7ce8875a1a6cf721f33ec7d52923bbb2579f99ee29be83b35c6233cdd73d51a55a0fb67da9","nonce":"3c7336d68f6e9b1ad104c106","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"591de8ead3b7ac05ddcdc33eef0a6c513eb29e25b0c4ba7efe63b0bd12ff89c7aee1fede3b3baad9a48005b9d6","nonce":"3c7336d68f6e9b1ad104c107","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"aff51921fefee63a978a0b4e2046609720828b9eebcb8a27f50539017a9111ed87cf10a2f96dc9ce890e4f0700","nonce":"3c7336d68f6e9b1ad104c138","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"bffae22b5fe48052c3337410de5a7d8bbf4bcc77c9336a509a05c150c31662c9fe04f87691198bf9e52ff1b228","nonce":"3c7336d68f6e9b1ad104c139","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"a94346094cdd7f076d2922695f55f1b0513483f1e2716dc3c354ef7e13b53f7ea7cfc92854949c0834a40036d3","nonce":"3c7336d68f6e9b1ad104c13a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"ac67dacad673d76227d06313ea01ac40e12d631e4f5b84ae5477d586561b39b4ec95cee4fcc8e734ebf5c5a9bd","nonce":"3c7336d68f6e9b1ad104c13b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"62739202a7d0e0737e393ab25720bae24796c89404a7a562272fd7c7ae5081669803bc354992cf015b09a0ba8a","nonce":"3c7336d68f6e9b1ad104c13c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"4b332a6d4b4eb7836a14bd4cfa7d50e157ae6abcda2a115daa98565bd47eab881eef674da57afa06c2cfabb9ff","nonce":"3c7336d68f6e9b1ad104c13d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"b934e19623c5267c662973b564923563c138f86e1d308e04e4458d00ae7688123f9f0984f29711af86096909ec","nonce":"3c7336d68f6e9b1ad104c13e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"2dee63327d59f1a810222d9892b5a58c803979575e645fe35b88112bf7ccee07ac46cd895d0899ee3e49de2a52","nonce":"3c7336d68f6e9b1ad104c13f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"f02284c874f04c2a40e1e953e01b9add11e85d571a249b28c89b9f39b1ff63c1166793d8be97b2c59cc4df3bf5","nonce":"3c7336d68f6e9b1ad104c130","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"9bec9c38a391a14e1f1d2d4a6142f58e35ad3e73e6c718dc63044138a37ef02e5dc26595e00ca8275b137430d0","nonce":"3c7336d68f6e9b1ad104c131","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"bed7fafb7f738b48eba046695f255eb07d47e4ce58db6b3fc2e32fd9697fe464841af8b37cb71615f201360fc5","nonce":"3c7336d68f6e9b1ad104c132","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"eae05ec8a32e99ccf54726b27a938a957dd1f8eee49743d74f96493ddf983b207d5c24c3bfa31c453a21efc45a","nonce":"3c7336d68f6e9b1ad104c133","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"d74effdc46ac4937d49514b2d2619a4c361ba904d3f606158a9a2ff2fe811d17d95594fe3adee811a635048afb","nonce":"3c7336d68f6e9b1ad104c134","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"36a3af9abc423846d6e38e9b28d5d605a9f8cf7da8da8809456c940987c1401a347c250b0164046bf5e90dc7de","nonce":"3c7336d68f6e9b1ad104c135","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"78bd645213e484cbafb2c99420eba306f411a35b67dc97488f072132d7ccdd3027a64a2c197aabce1afb8ca55e","nonce":"3c7336d68f6e9b1ad104c136","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"252e7faa499ff5c85d04078d392a9634a1664b2ac43d30025028aa58790d68dac571398a31f9bfbcac99135b7c","nonce":"3c7336d68f6e9b1ad104c137","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"d90986c7a73fdf0e2b59afa3cdc725136da096215c39058a6b7e8eed6dbaa463b48afb57c01c2dbec208217649","nonce":"3c7336d68f6e9b1ad104c128","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"e0f8974ffac0122cae8f537da5753f81970ca279a70ee0829ca81cc224cb2b96ac215764f524f930102555422f","nonce":"3c7336d68f6e9b1ad104c129","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"4d09b24493895310171e750a5c807b2dbaea134cc3a26ee97cdf031daab61425549ce2101c6b8002b1a68a2379","nonce":"3c7336d68f6e9b1ad104c12a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"1c0f7d8d965b96959288c02da2f52b448dcf0ab937fde92a8bd13c1646bcf272c65480a6a39275acab89a54cad","nonce":"3c7336d68f6e9b1ad104c12b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"4959456b2fcaacffd504d666f62d53c052aaf39dfb2a18b2692516f635904393127aff14c489b1eb9bd193ace5","nonce":"3c7336d68f6e9b1ad104c12c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"e7b5178c7d1a2b50a87882c9a4f80f61bcde7fd45519150bcf5e41df909934b6b509371a1b1f72230d6767ddd4","nonce":"3c7336d68f6e9b1ad104c12d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"b3cd6958ba54a3f36ff4436aa4165554cddcaf62112f28cd3a0a5802f756bb6785c884697dc399ac94e5116a3e","nonce":"3c7336d68f6e9b1ad104c12e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"f0420b7cdde89c2249ef857fd67e7aaeed851d094b5d89d43af3c8a4de8f3ab354a2a8eca65abf5503b461bde7","nonce":"3c7336d68f6e9b1ad104c12f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"479ee09293bc7d291439e2873550575966ddbfce77d08387e4d7afac94d9ee25a8a8dc65e79c1052d9761151ec","nonce":"3c7336d68f6e9b1ad104c120","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"f73f87418418f47c209dfb4c322eaeb589abdb1f062f70d2c444cb4fb68a204815a09348657fbcbddf346973c7","nonce":"3c7336d68f6e9b1ad104c121","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"57ada747211ff4a76ae96d7d925b6637320cdb34f005c9fca9ca00f771e8026ca7c73327773b5c201ec97d95b9","nonce":"3c7336d68f6e9b1ad104c122","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"56f72e76396de02584c22b64566d5de9961cb51e3d2fe9ee74e8856105ca4e8cb0967314563a1f6d2a5a8ac7e1","nonce":"3c7336d68f6e9b1ad104c123","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"ebc3c69e6599cb84e5f1f8aecbdcd3d9ebb69ae105719d5a689edfc945d3b7b163707d2e16b237bcd83d0b7e10","nonce":"3c7336d68f6e9b1ad104c124","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"376734ead733eefbf5191c9e922031a9703a064fd20f9a4adb48b736b88a91915d5a8870a0dbc3984bb968e0d2","nonce":"3c7336d68f6e9b1ad104c125","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"0276a91be095ea4cb9560ed75d642f98a0ddb35255589be433b5d355aab1961f5700ffdda731b566b8a254bdaa","nonce":"3c7336d68f6e9b1ad104c126","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"800ea75824a16b6cf120e3b5cba334302d37aa4e4888dc742760110b7e53382d69fafe7063cab639b4b980d524","nonce":"3c7336d68f6e9b1ad104c127","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"43ce3d5742e344c64fdd0299c5b3724d6f32d879fe751257f2fb457320247fd1f84c0d45259270c16a977fd73b","nonce":"3c7336d68f6e9b1ad104c158","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"fff5151432fdf7b21c76e63f203fbfff9a486c276b8b34cee7a6c4dd62d6e2b4cbdef3f4b132004f5215767546","nonce":"3c7336d68f6e9b1ad104c159","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"6ca17caba9a297d99ffc8ecfbf0a1b071b1248cc3f442025493687f1b5b6344b27f1c25d94f61a204e5f356033","nonce":"3c7336d68f6e9b1ad104c15a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"95ce6379cbdd8ad0723ec45f9a46f52758738ab02a5b9a56be6baf1da9708461b7390e3ccb465b0beb6da014de","nonce":"3c7336d68f6e9b1ad104c15b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"4a9354329765af5ed6eaff4d38b56725e71841ce8baf31b462cd72cf5e3415b5fb8127237836373bdacab2f99b","nonce":"3c7336d68f6e9b1ad104c15c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"56c34e9f2c52e554ded9f9779b893ff6ec66e02ff0ad5e4a7d0d0cb414b7dc4d66a4e9811a6127a8083791b258","nonce":"3c7336d68f6e9b1ad104c15d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"42ac6ce56ea31174e7905173ffe49b119df206f3482ff55c004c46741a71f1c6ca713bca58f828b11b14fb7fa1","nonce":"3c7336d68f6e9b1ad104c15e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"1185f91e3156662d7a133a20f6bbdc04622d33ef064bd23f8ed5afa7f8c9a56809c6f6ebcedcf6f8f1e957fba5","nonce":"3c7336d68f6e9b1ad104c15f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"db052e1f00a0df5f636c9eae6f23aed8de7d78af6a8fda68e8cdb9b767756872eb0bb9f2f6666a90f36eae6586","nonce":"3c7336d68f6e9b1ad104c150","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"027b48ecda407d66787c6d625e1b310ad05ed382837f36bf0e5100c1512128d95f36259dc8d45d540b8cc1e6d0","nonce":"3c7336d68f6e9b1ad104c151","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"13f8c26998d73872db61a1a5f3859a0df3cb5dba55ca47f2b38fcd906199e33c8206d4cfd2160633cbddf8abcf","nonce":"3c7336d68f6e9b1ad104c152","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"b39b4a8eac95828e5c34288b963712d5de2d936f2c0f4238c77e9808a03734a4f7f03e4a2e4d069e8114b8743f","nonce":"3c7336d68f6e9b1ad104c153","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"135987b20d2b3df6d959bd0bf17b34079527f4e8457c4fc77c0ff5f5dde3194bbf452c1cc2db038bac2232a922","nonce":"3c7336d68f6e9b1ad104c154","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"22a14eb99e66ee0f022d0bf3a43b3a2364e4a11b250ff0ec7d259d185be26bcc974737d3e2c41120bff7b54b87","nonce":"3c7336d68f6e9b1ad104c155","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"fb6fa733ff6a79c50bdc971071e2fd468881a4433df6881359658a1f8fb3317a896fd580633ed0385e41000cda","nonce":"3c7336d68f6e9b1ad104c156","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"c73448ba91761017c0d00aab68276212bd385cb2ef6cf458bf47109f762b64a887f2f7a136e0bab79d6b2cb204","nonce":"3c7336d68f6e9b1ad104c157","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"d787afb983f14b61a4935cd8c0fae3264c48c0b7d62fe9cf43f465ef0ee88e1e70ac5f717ca180b040472df7a5","nonce":"3c7336d68f6e9b1ad104c148","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"9a2b6b9fcd7e61d0bf027770ef56704efe13cdc742225684a0eb28db44fb1171d2145eb6bf8d7134cfb2eb0ac3","nonce":"3c7336d68f6e9b1ad104c149","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"32400f89fd204158e02d0ea6e19a2d4f39381386edfec434beb2bbb7c6543f10e5e96d0f5db71ce77bd919ce78","nonce":"3c7336d68f6e9b1ad104c14a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"bd7ea33ce141a75daac9643058a067f5fe66b1fb3334535a96f86117bebc04afa362023b420f997544e2b78b5d","nonce":"3c7336d68f6e9b1ad104c14b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"601c6e04b9b592e9303b10c6b8d161c64e454709d0976764681c2398c289942f1424ff88d2c503d0a49273a5ce","nonce":"3c7336d68f6e9b1ad104c14c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"20a204d1b114b80c40ff544b243947c9e4d7e374e1f9678dcc8aa7426ea54b60c6470088abbbb4212253b7f2e7","nonce":"3c7336d68f6e9b1ad104c14d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"4b34908cd1b1f75ef12d7ac970e66738fa46058cad28ddaf5e3e5a753e112615913cd6cb5d21f60e6d5dd2e0a9","nonce":"3c7336d68f6e9b1ad104c14e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"340bdd7410ab27c5e52840eae70d7efcea651e8c775973dd18dfb04141bf043e8aef8ab50342013b72db24530a","nonce":"3c7336d68f6e9b1ad104c14f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"b1f3b6806eb366101bb8bb4a9cd5b07e10c7f78242517082fc5c4120e7c37fbd22a604499366e59f867a0dbf78","nonce":"3c7336d68f6e9b1ad104c140","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"6d66b3eaebd861452f7727555ab2b4d0df568c5be98a4a2e7ddf7760d6543a6406f69b263a0d8a385c6f4a9c5f","nonce":"3c7336d68f6e9b1ad104c141","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"ebb304e09adeb9019af741f21bf87f1d1646eaa7f532da1a133e8d82a89ed9c200ff7ebbfc7ecfb9358cb617fb","nonce":"3c7336d68f6e9b1ad104c142","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"fa4114083a1740f051e229d1ab01e12561d3c5b2410285458bb448377f29e40be9302f792f96b3c3573f6a8fbc","nonce":"3c7336d68f6e9b1ad104c143","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"afb05231eeb4954071ea303b6e06bc7fadcb3745b34ade12cf475d660496d356cd360dd5153b14bb26ee81e55c","nonce":"3c7336d68f6e9b1ad104c144","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"ec43a520e9a01e08cce26278124775d8c0a6cdb5fd6f6c16cc1b301179c2b169ad06378ac557ec2a459faa6c20","nonce":"3c7336d68f6e9b1ad104c145","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"c7d1f5f48e32fd58550c31ea3f8ae92aca6a8e5486782f64ec238b0e8651caf33ed61b7f40099e9a759f71adf2","nonce":"3c7336d68f6e9b1ad104c146","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"a61fafa8af6ebdc64253954a0fba4be45afc743a4471ef053f6ae7067bcea4783fc32987fbfd04fd2e209d8c2d","nonce":"3c7336d68f6e9b1ad104c147","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"f77a4711059ca9d1a38c2855fd683c416ac8d7b84aa31c66a85661306b4818bda203c574c614eaccb6a1c74ee9","nonce":"3c7336d68f6e9b1ad104c178","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"c757355e457cd507349029c0faf9ae4130256e01fd6856f9d20e9a2f1c908dcd2d763e160ba914a865e47c45ee","nonce":"3c7336d68f6e9b1ad104c179","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"1a1197d6f84ce44ae381f8d1a99ba11ebd5aa791d7466ca28cfd2cebfa853af77dd7791d9c808dafc808b55cab","nonce":"3c7336d68f6e9b1ad104c17a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"3330e9bd36978545f5690ff513587f22a546a870776262921980bb69c2c7c644360a636ab1da1e1f91a2aae81e","nonce":"3c7336d68f6e9b1ad104c17b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"cc12cb19a7477704e4e8c0e6bcd2d6d9929c3792f2e443d70b5f6d9768638b419258e2c2c49f36ec3b42709098","nonce":"3c7336d68f6e9b1ad104c17c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"1a97bedcd132bbb5d726bbaecc484df43c38c19c622d1084a9727137eaa00910d8035e47c20eef17ece4ab3bc9","nonce":"3c7336d68f6e9b1ad104c17d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"b8eb6fb040d290cb8bba3d7741b67ee024d7113a979200d693c1eb5a62f81d6ac85037b9794677a1af0e46cb2c","nonce":"3c7336d68f6e9b1ad104c17e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"c93c1f89adb45532d616b689f593e49e9638087bfdebd570e8abd7824c7a2c05cdf460871b6384c68c8a42aa84","nonce":"3c7336d68f6e9b1ad104c17f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"bad456060f9772788e3a7e1fd412bad56fd19441eb1bfaf7cb81d2abed2a5072c4f31e04945c542e38e74cc53b","nonce":"3c7336d68f6e9b1ad104c170","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"133ea50553074dd4aeefced463d2647115522c0016ec5ab3211fec3adfaa37ef13cb4e7d80072fada66851f3d8","nonce":"3c7336d68f6e9b1ad104c171","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"f1c5f632cbf7af16f87108a1178d3cb7f735040c157f77c368e9964bf89c78282d1f8c5a69e5a78c1ceefb8fc8","nonce":"3c7336d68f6e9b1ad104c172","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"3f420c04549678a8beea9665c8a649c5e6a0719aabb7ff59f9b1bc2f89dad81a37962795a35fd4b65f998ba3d5","nonce":"3c7336d68f6e9b1ad104c173","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"83c535afe3f3ac12676622701d8857dcc518c9377a5e8bd275f3985b31bf810aa79fb36ec3551750151bfc4b57","nonce":"3c7336d68f6e9b1ad104c174","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"d36a817a7f7aa6c64dac7bc1d1b3f7599dc33963ce594ce824e06ffd5e1e5441066bc4fe04cb3f566a42030704","nonce":"3c7336d68f6e9b1ad104c175","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"f38710c318c5c22d262ce8b7a9c8c484d5ae578580273a82a3d70d1725f4b747cba0541eb1718ee24eb61f522d","nonce":"3c7336d68f6e9b1ad104c176","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"f9398d7594219f7ef099bc11d4b2c207967cd2acb276c756c5dc293b2c092bd877687cbe5c8f055897fe770207","nonce":"3c7336d68f6e9b1ad104c177","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"a4cd0c9ed41389f457930589fa411a70b00a3a3cf8153e73f83864040479cf585444fe17ec0642776f41f1f5f7","nonce":"3c7336d68f6e9b1ad104c168","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"6afe7ff386ad18ea6217b15da5f01a8f5f0316bf7d9bd1241365473ab5ce46759b5121ff6ac1b7b3a2aa9f5600","nonce":"3c7336d68f6e9b1ad104c169","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"8ebbc53d7bf10a7d97a010bfbd6d06e22ebbd53befa202a2b960080434f0fb7f43ff9f83e4995df86764504d7e","nonce":"3c7336d68f6e9b1ad104c16a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"deeb6fa04163c928fba6a23d2cd5c6e84b8f1d87aa9f183ef4e959d827d708413434a7d6424c801a930928915d","nonce":"3c7336d68f6e9b1ad104c16b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"d6cb995681b9aa2dd0594167f5fac691130126194d60ea88a5f1afaabe480f775ea6ed6ef30e2325e4c7631ad5","nonce":"3c7336d68f6e9b1ad104c16c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"e0813a245090440bc75cf121faf93cb7808cb861d60672aaf3875381aa4cdc69888f9123bb55c43dbc4baeacc1","nonce":"3c7336d68f6e9b1ad104c16d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"851eb1bcfea1ecf900e2dd0e023755cc24623dfb129841f1944563b89e0190bf6f2dddcf2002eee3a0587e543a","nonce":"3c7336d68f6e9b1ad104c16e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"bb62bb7e7cc8787bc039050261a51661f99129dfb574afe30285693311478de5c0f65cc95f1656fef520a3690a","nonce":"3c7336d68f6e9b1ad104c16f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"c0c05c9243ccfdee9c6463dffa484a814bf259a52f7d281d3369febe36c66b13d68a84c78a4042f021c0d0f5d0","nonce":"3c7336d68f6e9b1ad104c160","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"df0b3a8796829acd059ac9c97df79ccf07cda29e89d2e3c2dab32f1d1a5230d3bec31aa5504998941914d50221","nonce":"3c7336d68f6e9b1ad104c161","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"06397faeb394becc77039b24b5ced86d4c6f19721094e69904ec2e17e3534e64a25eb033d9b1ad2d1f798c9753","nonce":"3c7336d68f6e9b1ad104c162","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"f9690e51ae9e15a212dace87ca7bbdb84a241ff3d3c89baf392562c0f7ae61c28a0a482fe6e997786a20adfb0f","nonce":"3c7336d68f6e9b1ad104c163","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"d62e8f273d8aafe14d118fdc449afe3d3a4129b658fff1e9d40f317e685daaeb04c533b0953368c79ea9bbb633","nonce":"3c7336d68f6e9b1ad104c164","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"7373fb91ad90da54ea96115bd1de50baf72e4a1501b4c5c3523f87975f80f1f49ddcc9ed557a4b02a3f3b15a67","nonce":"3c7336d68f6e9b1ad104c165","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"597074e1a25a117ebd0fda6678a95a34baa8ba97c210b92950cc3aedaa23e306e96d8b533d28ea8bdd69a98c23","nonce":"3c7336d68f6e9b1ad104c166","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"40c39e4630ea460be645b5cd546121b6a36a630430337293bb947f97feea0fab78a9b5d2a8178e0d3ff64428db","nonce":"3c7336d68f6e9b1ad104c167","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"1970ea1ac73414c2a635866a42a2193f3b4196432c4bd90a2e05e88fec56a8113c67cbfa5611c1bb60b8ce2644","nonce":"3c7336d68f6e9b1ad104c098","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"c252b9b96b8f61a1e3bf256fcd90d44f8436c1c71832118ac217467d6b17c890"},{"exporter_context":"00","L":32,"exported_value":"2f88aaf3a2d06f10330aff435062a73c59d6f819783af2aeea122b09c9ffb036"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"6e16ef83a1b33eb3823e3f3a9757f0a87f2a5452d2abe407f4731d94c653c60e"}]},{"mode":3,"kem_id":33,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"93935a76910608461cd0098abdcfe8d0cb806f271d241060995319e023f081e04b1ba26aa7681f6960abb30a4ef61b0f965fb7101228deb7","ikmS":"d39a762d7cd2b691293583b68906994323f9b643a5f81f5d5baea29442712ffa08f30f91625b751b4b35bab01229ee522d4f9481bcb28a37","ikmE":"a370c646146db2ff94bf8e1ec3900e30b1751037cd94950395333d121d557cbd378bd6923594be784b5e0a4f883ca14ad2ff1ae5d74a9663","skRm":"1107fe86fe7d3c495919045fe3ede1c6fccce9975153f31f9bba05cac2ed85ea79b64242a463345cdb9713476097cd38000ac10aab92ff7b","skSm":"04d5983629c10b0f6d9fb75672b66446423f3899b77c1d3c7b42793fed08781caf31c0b8f54adc5d22ba1db3efff8b4aadcbaa5a65f5e32a","skEm":"c53c1a583c3574b590a6f777a09376b36c4fbfc6804d277cb1350365ea9edcd471463622bf259daf73a58a6787a9e21e8ad4bd0551e3a262","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"c8ae5c36571653a57cc199b17bb90ea5efa612707e20134a934bec38409913b362bf9fbf316da01f69fe33376bfdb940d129b28ec5cdadfb","pkSm":"987cb72c79c992bb0a92b00ab2954d9a84fadd9a599fca2f78768b237a70ccbe7bb84b1662788586866fc1c5ad19c95dfe7fe972219799a0","pkEm":"71e09a0285d1e9a01431a4616059427f2d1d797961486455d080c928d05f2cacbe04174ce6c5719cf13444d433921d1045547ef632fdabaf","enc":"71e09a0285d1e9a01431a4616059427f2d1d797961486455d080c928d05f2cacbe04174ce6c5719cf13444d433921d1045547ef632fdabaf","shared_secret":"4aedee0ae0a588bab71cbc8078bf142e1d7683d3adc138ec64368578f8942d8bb20b8dbff96028a212cc0f86d65ddd4abd4308d46f8829d2cac4097b214c8129","key_schedule_context":"0313d73d3bc6ad29ada571507511d24ddb61ab73810d32ab71079f9daabf4ee3dc2030461bab15fdc38b55e526b9f9cbf3342bacd78553d0ce4eb4260c52b61d24","secret":"f0117776a58755e796177a0408cbcbf388aa52423b9364362f8f1e894f3dd2c6","key":"d276d31e1adefbc7bdce57a0738b7cff","base_nonce":"0347719316e747f1ed3d5ea6","exporter_secret":"fadf2b5bd48a97fd10599a6c7e0502f0233767b4dd7a93e47119716a8ccf720a","encryptions":[{"aad":"436f756e742d30","ct":"a7e09436e88683eed891c2fdb80d215396e2be9bfe63f011ebd2dcfbb552db34f91c287c796d916f75a1e3f43c","nonce":"0347719316e747f1ed3d5ea6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"11491ebea3d562e6b7cc495e5c4ea66957015a17362aa236455d1cf890157da8c98729e76408f67398fe5432b0","nonce":"0347719316e747f1ed3d5ea7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"21a3ae2ac03e251613cad7f5b86971284e3fb7646c73b090993d5241c6a42f18c2f11ed4246d46ea45450d5ab8","nonce":"0347719316e747f1ed3d5ea4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"fca452baca1c84938fab1e529cc906816e131b74f2a337014088a38c9b351919ead2c5ae20ec2586585c8601c4","nonce":"0347719316e747f1ed3d5ea5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"5640efa576ca5e143e95467844dfcca3b1aff2ef2e30e99b4095088fc94a6be29c888ab32a4c3213f7af07a2bd","nonce":"0347719316e747f1ed3d5ea2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"057d087cb726a4b0a154b52fccb3b1e8f62741ec4f4fad8bbad006c901aeef2cb5393ad00a4897c68d69ad1914","nonce":"0347719316e747f1ed3d5ea3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"2f0b7afe391eb9a2674b1435cb42ccccad9bd73a64b7c5574e3662294be21166aeaa1461df5fd8c6d3e87ebcaa","nonce":"0347719316e747f1ed3d5ea0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"28d7d778015e81e2cebfb38bbf78240f89f1352f787974cdc09d73590968635361da86cb118825e40e508a9f83","nonce":"0347719316e747f1ed3d5ea1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"fc5da162aad711729ccd4530b406e2c3d318e507ce5833dc885b8a73259f801ecda90680cba96cbeff2faac4d8","nonce":"0347719316e747f1ed3d5eae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"7ccb547347226b73e493b17a042537d7019049cbcf9d0d880ef50160dc08a1d9a8d41309ba18c30f6adb530395","nonce":"0347719316e747f1ed3d5eaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"093d2a30731f0de354d284adc6905941d80c2ab31b18928883508c58d32a5905623136bb13dbcc5c45bea03c97","nonce":"0347719316e747f1ed3d5eac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"c87ea3817c63814245af07a92a10585b7f49349213f15445d04551096de47bc50cbfc1f86556b805652dd30c0f","nonce":"0347719316e747f1ed3d5ead","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"c0c7513b7e7f78af687cd2c89caebeba87736f3b8d2a88e300c8781e5871d22a6e8dd4c06939c88f7ffd4e4d98","nonce":"0347719316e747f1ed3d5eaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"ed80431cd468eeac83b54a1349977bd9a4cbcdac6fd0a9e1584736bc6a3c5aa117c6cd44df92ac9df117b2cbc8","nonce":"0347719316e747f1ed3d5eab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"eb46f9ceca6f8aecc8a08549a19cb0fecfb66a7451dd3ef4dec9b266bc9f78929e655eb445db251a7dbd9774ce","nonce":"0347719316e747f1ed3d5ea8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"c0bcc479a7c462c68aebdb5e80cf5f80e73a16a685092c1e9b046a8972c66976898d1c01591770f43ab5dbe8f8","nonce":"0347719316e747f1ed3d5ea9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"5d86f8bf04c32de3cdf9a03a7b19cf161b0dd241bd717b65a651b2b5bfd1023c8e5b62f059dd80d45c0b0c4fe9","nonce":"0347719316e747f1ed3d5eb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"c305dac1cb9fb964a01c5f914a8891bcd79942a49d5812b47c17855827ef0757dcd92a08d14924de9eb02a4966","nonce":"0347719316e747f1ed3d5eb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"9559b3da8083a2bf40063ca4f3535c8a1a8f63898a987578fbe95e793af24084014077ede095487cdf9a224eec","nonce":"0347719316e747f1ed3d5eb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"94e527e021a36ba58cc42e7cb91d8f476dbf35ad76d733da00f4f6c46714c05efeb4ab79a33b838fa313a50e46","nonce":"0347719316e747f1ed3d5eb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"81ba9c19ffb1149e42f304eccee91c5a64fec2f2280aa87ed94681aaf39a7e6193579b6af5372ac057d19d337d","nonce":"0347719316e747f1ed3d5eb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"9dd0ec62a5bff144cb641cb524a20c6469592e31b5e92a8cf7244437c0d3a682fea5a5eee1fcc257e9ea7a9bde","nonce":"0347719316e747f1ed3d5eb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"6e4f13c2fd7f4acc5d2f9c656ccd09e71dc2bce7e48473944fe87ecd3a8e4054c9c9a38ecf3dd4346ec21903bb","nonce":"0347719316e747f1ed3d5eb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"1a5daf55857458034b2fb37b2c4eef3ef213e65265fcf16066d175fcb0a5099eb80d9c98a702060e283d3b952a","nonce":"0347719316e747f1ed3d5eb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"9ed528e92e42fb13337d837e6fea00246943bfa97d7891eac2bc47580dd7b76adf4a823152204c213e7a3cbb70","nonce":"0347719316e747f1ed3d5ebe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"fc27369f3289f5276732447aa381ec2ed883363713e167b24279b0e5fc85fc53549a3351d0bcf8bd7af735a0ec","nonce":"0347719316e747f1ed3d5ebf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"b592f5e0163638665ae3e0c2645b4a26ae16f9a193db334ec8e68159e5c2c01a5adbe96a5dbbc8299ece7d0e3d","nonce":"0347719316e747f1ed3d5ebc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"ab770a2d339ac7391d9a2435653e3f927e05342a99912f0657fdbeeabfea50f1a419e1f4502908682f514d135e","nonce":"0347719316e747f1ed3d5ebd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"2d8a5fe3aba53151c25e3bf20675a24c2240657df430301466bf7c85052fa2cc01b573375686197bccdaad2dfd","nonce":"0347719316e747f1ed3d5eba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"5317b5281e64e7e4b0039a05077ee9b08b3fbd41e1679cc1ad3c12e5d8d96bf250856658808e0408f12bd633d4","nonce":"0347719316e747f1ed3d5ebb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"a257b0e371c97d9c02db2cd3dee888f5f5b1161db32c9b56ecacdf8f2ceb37429903607283e4843a92a8a5ba23","nonce":"0347719316e747f1ed3d5eb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"245ef057dd60e54c329269ed4f346d5b389c34c9aff0809232acfe985717b98cdd2b4f639c27fdac41eabaed32","nonce":"0347719316e747f1ed3d5eb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"54dd78b8bf82e87d817e28491e48a38ba1f88eca27afeb8d37e860485b3a173102c448b4f51a7a5d61e3875260","nonce":"0347719316e747f1ed3d5e86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"a0fe688cb9a2c05a1c0b919c3667641b50d48a725eeb53f11f5312c35d9cc17e370b55789071d5a3e18d99405f","nonce":"0347719316e747f1ed3d5e87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"8c6763002d44a27c675f610840a8e236f78b0324b8ce346e0f5b871088c61774e68668d61c4839bd4c0bc71a0e","nonce":"0347719316e747f1ed3d5e84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"181604a8aa219f9b3eb0541c5003035913bc7b2d03c4afd5c992a124dcd2c6650dbf38723419f0c1baa0ca371d","nonce":"0347719316e747f1ed3d5e85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"b4195612b02aeb7f373aae0cbbf1129777e7adefe08e555b4fb3fe31a19080aa13b4431a03362ec9c4966a2edd","nonce":"0347719316e747f1ed3d5e82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"3ea6829a4b1b1662eeb7e391bb1ddf8922c87264ad46d585d82efdc2ede4dbee1cf0a6fe8f1dd51f5926b30915","nonce":"0347719316e747f1ed3d5e83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"b657cd7dce08df8045e141ba73e9980c3dbfbc1865644baff8136c8228458eb789ce9e3e9eeb9f578919e40a7f","nonce":"0347719316e747f1ed3d5e80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"e2d5a3c403274c8049fe9aa6fb97a1f244f9f859cabb87e4427cd97d35e4043c9e86b1464d30476faf200514fc","nonce":"0347719316e747f1ed3d5e81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"95e5ec82062ef97acf27ef0971f025dc17cc778c105131f47d28f0dbf3906933a2403fd0ee330becc1f2c08e53","nonce":"0347719316e747f1ed3d5e8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"38dd625a111f6e66c6eb4873abe996e9d4ac2fce3f6c9f20cd18b7943c9470ca9cf548028ec297ccbfb67db1ee","nonce":"0347719316e747f1ed3d5e8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"9dfa92bcb43f80f4dda357bc33eaa0db16d3c08afacc42a5f8c51f0474b4e8354f0a86a41d0aaa7ba16eb74749","nonce":"0347719316e747f1ed3d5e8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"c24a22e07c2412320604778518c59029440c2da312d260e13b34047774e69aa68766ba5bebfead5ded74a1472d","nonce":"0347719316e747f1ed3d5e8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"7353cd347b9b7b3b159f2be1d5214352bdb7738d1d8a35c805aab6a844a268d412a5d5e897f2ef98dbb28aff9b","nonce":"0347719316e747f1ed3d5e8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"0a1e0cad727a50401602aed586f4330df9d257ce930132898527be96cad14eb5ffa37d17b94f43f4c8001d5308","nonce":"0347719316e747f1ed3d5e8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"f51f35fc44939a1d823f87304ab922f5876ddb74ff143803a76274d265010e96756d8c7bb8ad11a3bdee09952e","nonce":"0347719316e747f1ed3d5e88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"6ac81e7afd698c00b84b7eb0f8ff1e21be060d6784ef516fa9b35fa5a1853dfe6fab940741903cd4192c556389","nonce":"0347719316e747f1ed3d5e89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"df215904b8805db278835d5943109e2689efad038630c97f75b9a421b00083982f84470e3ea0b426e7eb639b2d","nonce":"0347719316e747f1ed3d5e96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"1b672992d94d63c970f5723d409cc3880f41b603c6e35c23795144ba29bf42d6c15b6e9464eb4ff7f1ee144015","nonce":"0347719316e747f1ed3d5e97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"feb96cecf8e3eff0a7e55a0ae95f4a6fe0d377659542fec400e1f1974ff4f25a3eca16aae480b5a96bc776040e","nonce":"0347719316e747f1ed3d5e94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"5805385cab70d5b34d941bc4e323a1a2250e5df011a754d2b617de80a0a8a89517663e47d76ebf0fb10abf4a0f","nonce":"0347719316e747f1ed3d5e95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"32f9d7b3f369692754154d4a778acf060888f04ccafda0ffdb60a4784b7239de89879775f5dd30eb81089e206e","nonce":"0347719316e747f1ed3d5e92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"9c18c4fccf5da1a087ab31664bbbcdfdd1c6604ee043263c89ac45621f2b5c230af1877dd56c5a330673a9e6a5","nonce":"0347719316e747f1ed3d5e93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"a54f83461285c4aa20a140b845c59e6cbb695080f0ac1a8ff507ce1f8201674683b222ad264b7fffefd33c3f2f","nonce":"0347719316e747f1ed3d5e90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"a5cbd67aa56344bbe1851ccd55682b27d5a7342856f5df898431680baa11da1930db30321566f57d2a90ffc889","nonce":"0347719316e747f1ed3d5e91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"5316882f4581c80414425ed8afcae17bc341d762e0ed52b69f084668ce230a5ebd937d87e9e17c4be2640a2487","nonce":"0347719316e747f1ed3d5e9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"132ebf3664bf358bf3d3da8feb470bc382b090e080d7edf21f8868e7902c0270f262c6b11d117441cea90a33cc","nonce":"0347719316e747f1ed3d5e9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"b916e6a653ea32e115cf34b7bc815148ee344071f98da128d8b2399a56f81b8fc4ac757b0f3b7b66de005ccebc","nonce":"0347719316e747f1ed3d5e9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"d7da8483670aae9f0fa157536390c887544518604783178947e88e8adb041318be56ab6c2a7e143cccb64b3807","nonce":"0347719316e747f1ed3d5e9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"8a3076be82d4b7d5e1661eb91691c7acf301dc75ae89db19ba23c522a4da3bf90251b844159d24d59e964b4630","nonce":"0347719316e747f1ed3d5e9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"8b76d2c61528b84fc1863f920e1f1e2c30a33f154bb7432bd41e8809c689cabd9388b8d4f7deebf5c5f146300b","nonce":"0347719316e747f1ed3d5e9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"3bdafe83efab8f29aded1632958076db9df6dcdfe8be69f00dd3d77cfb18278591a92955207893d0b04a817a23","nonce":"0347719316e747f1ed3d5e98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"e517a8bd178e3edc5fd95d27a75aa37eeb3e3a41375059abc9bd6a64d55776e9639cb5f778a5279b2d863bd56b","nonce":"0347719316e747f1ed3d5e99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"fd27c9f9201dd9b182360059d123436712403fbe8db402336fa5c688262f5e5286616175c6937e48d91e4be6fe","nonce":"0347719316e747f1ed3d5ee6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"43304cbd49f870e2a81a779990637dccb0bfb044b306c11a183d6612ea7e0f4628ab030063c95d808b5206f9f9","nonce":"0347719316e747f1ed3d5ee7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"49ebc2b06abf3d5252ddc56affaa6b3a6c71b42617e8b83cda3de0ca7ffd32b326cbc4f2cbb3656a5bd8ed0cb7","nonce":"0347719316e747f1ed3d5ee4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"6286422f7f839bc6bab394a80ff8d4059c530b762bb93da26b94aac70eb4bb77f9abd04230695824b45613591b","nonce":"0347719316e747f1ed3d5ee5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"71266ec23de7f8ed96e127a40ec63420797af29d05999d4020694e2a68fa90c0541ce6694de55b095c30e2d0a7","nonce":"0347719316e747f1ed3d5ee2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"feaa8b06dfd138f06116c59c214aca27719137f06e45d69e724719279ab51b8c684914959c337a81f364eb898f","nonce":"0347719316e747f1ed3d5ee3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"90956537dae2093317c4f4f8f9b324e8c33b66221ea7749c240156d9104a4e57a2bb3468105d68267b776da367","nonce":"0347719316e747f1ed3d5ee0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"ac2cd8ac1a1a13231e4eb9c5073476498148fc6a0bbc26640ec8970b0c82885f7bafe38ba9589c0f32b9a8d59b","nonce":"0347719316e747f1ed3d5ee1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"ff1281698e575c8377348a70b23e1ae32325c48ff1670ed0e84877ba13265bdd8014d11492d30c50c190aee815","nonce":"0347719316e747f1ed3d5eee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"c37e67a855c0cc458c1cca86b5634373aa7440c858bbf4a078022dc570551e2837911de84b8f5f828ad2e238e1","nonce":"0347719316e747f1ed3d5eef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"e7d9fb9ee010b2a722bec2aee3e691be09b8067bd8cfd01ebfe4ec597884cc855c697e5377b1a2b08f76ff7107","nonce":"0347719316e747f1ed3d5eec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"5477f13d95eb966c38a1589f355ad3c84b70835840ed47e08f0a8274fde4b121092bf41a764d74c499e7679b06","nonce":"0347719316e747f1ed3d5eed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"ec0e59f468e9cc2814fb8df9d527dc2dac17e2410a3ef38f1c4183b259dd1e1edfe5b89ad515034cacc0b46710","nonce":"0347719316e747f1ed3d5eea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"5896312c8c92bceb93b69592d046e8cabd204d7c719ab049f49971ef872077bea07d9f52382bdd1f0d66324750","nonce":"0347719316e747f1ed3d5eeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"b33f8a904d0d2d0a3229308041d3739460ccfb5ce7c7e02b2c03b79f23e24b7c4626a3563725f72e10c0af7b1c","nonce":"0347719316e747f1ed3d5ee8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"c20eab636bd8bdb943b34a40f4012b09a6c45963c7e96a1f4e98cc67a4420b379cf16354bee7f1f55291b1d846","nonce":"0347719316e747f1ed3d5ee9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"a32d6c144ce2fbb3e7c4504e8dd9ad0ab88f8b14754b396a4cdd38b0d9449b08221d359e526a50700db19d5c07","nonce":"0347719316e747f1ed3d5ef6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"85eb23f9aa5250b85af51e423287d1392fddd9b00a60c0e58686cebcfa3e3113ed1341c233bf129b63987136c6","nonce":"0347719316e747f1ed3d5ef7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"091dfb68508dd88e17888b22216a43b6c46e4de6c79ba2f3e146bbdbdab116ddd094ab0389b11adaa8d7ffead7","nonce":"0347719316e747f1ed3d5ef4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"b5b1806a8e4c9a30c4529e752c032b668c46d8a98fb1d044a6179451e17a06ad868f0dd70ab8fd8f4d91b8141f","nonce":"0347719316e747f1ed3d5ef5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"cb23bda6599e89d7eda597f02566088e3fcd699ee88be8481527906bd8fbebc104588e7b9578bd98822592fb89","nonce":"0347719316e747f1ed3d5ef2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"1d915b3d661c95b95d4ea37e37f6b7e571a2e95987423767838bee629a3bb8e0f6cceaa86c8d67cd49e50620df","nonce":"0347719316e747f1ed3d5ef3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"b0453766c5c6c484ccaf8cddd861d9aef477be7aee62ee8f26d5c902ec06be8e8f740425642b77e2ea3b4980fb","nonce":"0347719316e747f1ed3d5ef0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"cce5436d783bafbce07b40fde552a1b348dcc2321ae6a199ef5ac79a9c01ef2561e247a6bd9e8e3e9e6adc03e3","nonce":"0347719316e747f1ed3d5ef1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"7f64eda6bdd6147b410c2bb5d72fdd3acde5ad12e7c56be407e59955d25beb439a326b6efa4fb27cee8c4e17a5","nonce":"0347719316e747f1ed3d5efe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"d274735e73281471dcc88f8719efeafad9279a7dcb9917c3659649df214740e3d7a7bdaebf3b36291e2844408f","nonce":"0347719316e747f1ed3d5eff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"b17b5353117b98f6176f2a7534dbe9e74a54984e1e9b15346b05109c70c02f8c25e526681d6a9ad66288be7267","nonce":"0347719316e747f1ed3d5efc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"4549ee96da461276f2b91eb4954fece7b36b9eba0cc09c7164b6d29e8f9c786bba94741312a63d64fee6431125","nonce":"0347719316e747f1ed3d5efd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"c17a151172810f7c8ee6229d9e8010c3cb3ffe6669ecccde05e89204a4dc1d6cd44af0f7f64e81361189087cc6","nonce":"0347719316e747f1ed3d5efa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"a5443532228a1db509eff64da6b9c6ce6b1c26519a110fcafe5bf04cb610fc2ace0c4c16e885dfaaa3775d8375","nonce":"0347719316e747f1ed3d5efb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"ee40f11c4aa2026299b8d2adfe7c77eeb9098602cf694c3e59869714fdebfb84100bea9a90f5958c852b4ea6a0","nonce":"0347719316e747f1ed3d5ef8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"07a56281753fe53bc22f184e59cb899976e92bdd2e411fe9ab99141ed18c7e3c69413c0008c1a87bba0e19919d","nonce":"0347719316e747f1ed3d5ef9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"11df544d0eb6de5c24d5391ea9c27daaa2049f1dfda3a43557f2b62e77da8b0dde79fd8dd29eedb8d662349d04","nonce":"0347719316e747f1ed3d5ec6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"8272db9541ed2963b211e05218ed78efa1d9ded8fae1a0deef7e5e0d1aefb00294c6c75320fdfd48195cbbe1a9","nonce":"0347719316e747f1ed3d5ec7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"74009696b093a01101fb904d8f39a5057ea797bf3707616761b23f027d714483969199ae27773668898f6db10a","nonce":"0347719316e747f1ed3d5ec4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"d35534b9df9070422239b281ad65fc4a7a107a93e80653ad610970ad09fdfb48aaa4ebfc0a53cf7e159c3c4bc4","nonce":"0347719316e747f1ed3d5ec5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"5224267e697dab52f0f1526479e8c7911d099f147b4472a3c7d798379f9ddeba8b33918487505ac78f14e937de","nonce":"0347719316e747f1ed3d5ec2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"093ff096b38a9f0c81d85023c9389833be540bc310d75a6599b885d06f6558cc7dc4038d66cd9e51ec73360ea0","nonce":"0347719316e747f1ed3d5ec3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"d02e6ec3c3382ef56a04cf8102ce19686ff9c160486335b2f6ffd003b6c23362a5569f9cc826afdf62aab56d06","nonce":"0347719316e747f1ed3d5ec0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"efe9d13a5a45f29df21921c70c9368f5f82e5ffb4ae7df93caacf7a3a85b983416fcceae966c5d9011f2d16164","nonce":"0347719316e747f1ed3d5ec1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"3850f3ffc76e3f3897d56c5df9bda0a76c44828f6fb68a8df7814fc6d3a954cfece8ed1ab837dae07c7dd091e3","nonce":"0347719316e747f1ed3d5ece","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"5cb12f8167b757498335589d6dde1c2254b5b814208bf17d92e32d26e216027617194a4ae82111fd19277c52ff","nonce":"0347719316e747f1ed3d5ecf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"3e9185c2a05421c0fafa0ab604af6144a1a4492ef9299fe86cfc62175e49861173e8dc13875bdc2ec09a4eb521","nonce":"0347719316e747f1ed3d5ecc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"a7c20fad342efaa45cf62a3595f205e7e8fc37bbe22c1bf2a5ab36028e90255ab095e90f4fb5131423db439acf","nonce":"0347719316e747f1ed3d5ecd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"755dc174476876cf3779e4a3accb4dc28aafd65a02b7f85f83c5efd1b3d0b5ea9017d3e6f1d118fbe2c5554c05","nonce":"0347719316e747f1ed3d5eca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"479daeba7e409f1a76ed0d5a1473e6ea2a7ccf08089aafc33497f262735fb8723a0efd381427bb6b08abd9b6e7","nonce":"0347719316e747f1ed3d5ecb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"38f8b5102a53f67b93e89b9016f6e458ee46814371a16a10c8e32a730bfa10b5d5e4bb738723e49af64a835c8a","nonce":"0347719316e747f1ed3d5ec8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"cc5ffbd651f3bf5e7051ada744793ad8d37949eb470c1f0ff68164120c8346a3fbd97148cd11faaad4bc6b78a4","nonce":"0347719316e747f1ed3d5ec9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"ed26aa3a7b9f14a511839c7b5d1a121c9c55b89d9787bee314f98b7fe4c940551d5a9cd8fd63bac08809fc8bcc","nonce":"0347719316e747f1ed3d5ed6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"dd7a988addcf83803a523cff9f8af5b4f5ff2009217f226b28db465fda0f16685843a1adff0feb0684288c4ba4","nonce":"0347719316e747f1ed3d5ed7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"3050c0d8e2a2f9123d5ff8c63bdd63e4aa8ba35a96d4e89dfd476cf51468314c1f1d67752a0b151fab2982198a","nonce":"0347719316e747f1ed3d5ed4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"97ab5e3079ba22afb9f1f63a2e5d808b335ea9a521eef2c9080a38543a33a6c61ec09c58d1500792f1aa5b390b","nonce":"0347719316e747f1ed3d5ed5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"4bdd18eb1d1a1785d89c3ac3d8ab6ce94ead5e676c4c03b68c2ce3021467a75f0da32927ddd88750b9dd8e2b5c","nonce":"0347719316e747f1ed3d5ed2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"193110e539231a00772f0c705ad9636df3c714502d62fb2d2fb79ba5f97cf3aa4e078760713ac3550e9f94e568","nonce":"0347719316e747f1ed3d5ed3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"60dd9aa96f6150b5d7ac5dcf446717aa6a9208cd13e7098f9b9fd85a7813b92e4bfc8e2e767b5d72b81bd8467d","nonce":"0347719316e747f1ed3d5ed0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"607456b510810413bc9cb5ba632463aff68d12d1af17ee52c952fafbdde57351391ef8ac681e297546cbcd1b4e","nonce":"0347719316e747f1ed3d5ed1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"4e4413cf028a3d8672dad18c6d3a64d9da944751974bf43d48cd6fdb865ba439c41637a4f2c056593db800cd04","nonce":"0347719316e747f1ed3d5ede","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"bb094b7e76be758ebe88c18e65f742d35529937a58df3826757412f3c97cd74c4c0a1d76f595e74ae4f55313f4","nonce":"0347719316e747f1ed3d5edf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"875d57d42e7be7d172bb172d85006f0bc4d2dd03dca35bbeebba691afdd5a9f6e7dec1a02ac3a01a5bf39d41be","nonce":"0347719316e747f1ed3d5edc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"64ba07d53697b57394c0a1608be27c4f5c6829c958397df3fbf9c79c09ad38660b5fb7446e2ab9602c31cfb3f5","nonce":"0347719316e747f1ed3d5edd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"c37a5671cb3c54f21ef084808132dbe67678eee662f98600ad6405ba0a42c97e9072d44905870a3e94518cf61c","nonce":"0347719316e747f1ed3d5eda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"c532dcfdb99dafe8fd1844bb36fbb4c06de8dee07dda293c67b69d02d2a78a5732c517976a95cd25abe646a5f9","nonce":"0347719316e747f1ed3d5edb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"9396ad61eac9e67ff8fafc0640b563a3d36d0e42b5aaf0d6659599f35d1ee909fe088ad2b1069d1bce2a79ab1a","nonce":"0347719316e747f1ed3d5ed8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"e8615c07b3090fe614a279cfdf8b231adbaa4a6da261948ada9bc7531c451397b932ecb6e09973ea4b5c4df698","nonce":"0347719316e747f1ed3d5ed9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"e15e8ba6b6251ee28a3136454921f62c099ba010c9492207365e2eda9f586fd8d102132db647d689f22cef7e30","nonce":"0347719316e747f1ed3d5e26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"4c50b6425ea14a0356fba01325813042ed9841fbe60cb9643d81cbf66bdf5854431db47a4849c3b683650e73fb","nonce":"0347719316e747f1ed3d5e27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"33ea78d2677892ead95e8d5faea3d9ed2b079514606d6a9da9ff16f527bfba643151a1e34759a965ca9226ac49","nonce":"0347719316e747f1ed3d5e24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"9af9966a7a845be8cd6ede7409dc200d977e6e47f74260fc6960c128c28491513c9e0c091eadbeda74478b9826","nonce":"0347719316e747f1ed3d5e25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"e62064f239c0f0d98fb0aa57ac5dca05b2704b72603a84402eade6b9c9d62b331aab3fb777c396fbd4f3c00ab4","nonce":"0347719316e747f1ed3d5e22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"898db24d4c8594a2c5cff13f2b49c65075f4d9a0fd57ed061d23693481de50f9734cb99c7b007cedf4bdda4894","nonce":"0347719316e747f1ed3d5e23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"35729ce451c96377623dbe450676942ba6517ba1f63f1013478592f60e00e840e539adb213369edccd3564da70","nonce":"0347719316e747f1ed3d5e20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"16b8ea91b05517b061df5f6b591f0015224e22fe9fb202d29f0dc1c239be6d008c8b71b4191e2ef50305529687","nonce":"0347719316e747f1ed3d5e21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"9ffcfeb1589a3f50e95460dcb016c529e8236fda04c6c757beb3a460b131bbdc410ddc99b1bd057419af6b71c3","nonce":"0347719316e747f1ed3d5e2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"cddea82360b6177ffb3d9c3dabbe9e0b301daa25a67e591bb6a7997636f654469650969ded0ae69576da67f732","nonce":"0347719316e747f1ed3d5e2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"eda60d5f28d29288da25ae269199e86cdc0a5bbd565744e109b71ddfeaa1cd2641905d7c9abc675258d86353ba","nonce":"0347719316e747f1ed3d5e2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"161a548e710f641c6ec2dfd36c0254c968ec5a4d300b1f0a7eb100ab5d0a77eb952bb677effe69e2d4ae4f5d92","nonce":"0347719316e747f1ed3d5e2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"858672558f02c44317f1757ed5b172369f19cb83fb9a85ca76f010a533d134f35923089a2399dadf531baffa46","nonce":"0347719316e747f1ed3d5e2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"e7cbec339d42b2c570add0802693ec107db8971956f68413ab7bdf5250471324a8a78c27aa69d8c6fc5c00cfb3","nonce":"0347719316e747f1ed3d5e2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"97974e334cd39211c0ed375eafbcb137177cb717daaef16d87d1f56ed61ffad24d6eb78fc1c46407927c3b3aab","nonce":"0347719316e747f1ed3d5e28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"bffdaa66ad7c7b6dde1a4726df0b8b24786537ac297d9bdc273f78bf7d00513085c768b9f6fb5e64f1639507aa","nonce":"0347719316e747f1ed3d5e29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"6b1f870b166b4a5388fc115cd0ee879306d90efa35d2c93feac64b6a3a00dc57fee6c2ab39a2c7581c70fe9588","nonce":"0347719316e747f1ed3d5e36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"6f9101febedb4358867355fa53037ae6629542573b611a1bdc1f89fd9b62f57a46393bd4ce0e505f65196ad8cf","nonce":"0347719316e747f1ed3d5e37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"ee2263af643f540a4f7fc3e88529fa42008e486d2376109863cfbf81f1a4fa385d856d18d5b53cb55a2710503f","nonce":"0347719316e747f1ed3d5e34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"c6ede25b48bde4e78b75cfde61b8e33766eda64aa25f76034e538793034ac87638e52e2f53d787ec9e47302226","nonce":"0347719316e747f1ed3d5e35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"3a0e22f51c506a55b521a851a601a13ec661bbdfac82b8609f4a04747f10bebe979a490dbee05176a387926949","nonce":"0347719316e747f1ed3d5e32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"f1a391f633eec17777e6a20a003124bd689f07c615c693e9d11ea2c6326a633a5fedee9f7a2708f9809ca67d6a","nonce":"0347719316e747f1ed3d5e33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"e4f6e5ae0523b8727bbf58132bbc6669025b925dc84317af20260868ee46a99c742b2a05edb5dbcc470e44bd8f","nonce":"0347719316e747f1ed3d5e30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"52c5ea95d1548fe353314c80368c6e8baddd155bca24ab20b5e0f02d28717420edc1f113ee4b15efff9466bac4","nonce":"0347719316e747f1ed3d5e31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"3cf4cfe64debb31ceb04a0e225ef7efe9dd98fe18e373b52650c4ce4207ceca7d3c29030fca24fa46b5b48454d","nonce":"0347719316e747f1ed3d5e3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"43d3977765c41c689874f9cfd85ce72bb10accaed45927beaec764ef8734e9270fe40874c8d996ee21630c6321","nonce":"0347719316e747f1ed3d5e3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"bc6847f1755deb4479faec000a55fc47952bf29bd53ff0d650d4c8ca7c1f3281ab14982223a55d13e22d52d7f5","nonce":"0347719316e747f1ed3d5e3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"7faf1d53404c0c67bcc87de7282e1f8ef9526eb9425dba271e65fbc28c2072636b95970f31e204c732bc649ceb","nonce":"0347719316e747f1ed3d5e3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"66f773d8de7f205231d5e91458dcbe780bfc208b60eb089b1fae87d3192344b7a43ddede980a4dcbfde49bced1","nonce":"0347719316e747f1ed3d5e3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"79d29c50066a1c172c71cd2a676f19847e75d6529f0dc1594a4907da8b5ea7ebf556b993f2faf7bf7d2f267e54","nonce":"0347719316e747f1ed3d5e3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"80cdb607e51bc48ba9b17e4cdb954c88a9517b1bbea570150a6b0911086db14228f333320f8459be7f066181f8","nonce":"0347719316e747f1ed3d5e38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"25e6c480ace31974992a6276ada15b4015eeaab2d8c3e82f72bcff6b5a0f0dff8a047bfed992c655b58103f8ca","nonce":"0347719316e747f1ed3d5e39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"059c90881a3859b00d1bac4bb600de1a0ae35e49144630f725c159cfbcc6ea7abd14b5ab6f4a1e9c49f18714b0","nonce":"0347719316e747f1ed3d5e06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"6da75b5487537adeb3b85b529d56b900f6cace2f4f029f8266d35c5270a13651df03f04685e5ba0f31eadc6f11","nonce":"0347719316e747f1ed3d5e07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"5f64b074fcbe5b7237bde9a235c60a95bc08003691f5126e56625d61c5d9128c493df3fe561dbc69ac3b943d53","nonce":"0347719316e747f1ed3d5e04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"bdc276d70dafdcbcbf05f00e2689b9ad004ac9cbf770a7e48f4e798a27f266df0e38604ba2e49b6694ce7b0189","nonce":"0347719316e747f1ed3d5e05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"14783afcc7e0273fbd657da735a9e16c0b6c5b06bec7428226f724d6f157b44a27124f5ce7cf00ac7cdfb75a5c","nonce":"0347719316e747f1ed3d5e02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"16bad596021bae43bfe2ed078ac66a0aa2d2057d244389cd42e1ad5af8bc0f51ba12b8d3d10bb4af925e089393","nonce":"0347719316e747f1ed3d5e03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"78e0e8737ac6d93a61ea2f80cca7991915d9702ead84377550ce9c223db4ef8ebb40208ac50cf99471a2ddbaa1","nonce":"0347719316e747f1ed3d5e00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"aacb58c30c965742f1cc8da656058249dc0122431e0693efae2fd023a21f0dabfa57944634628d83071e0f2046","nonce":"0347719316e747f1ed3d5e01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"2328975ad97a819fcc7f2ef6327154591f9a2e4d6ff9f175d9e278ec84f685309e55eba925247608aacc9f2c98","nonce":"0347719316e747f1ed3d5e0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"3fbb36d310aca25a6a5c129e06a340d54949cfb87cc1ce2668c55a57e9039c04e162484e0aaa72d8da6f93adbe","nonce":"0347719316e747f1ed3d5e0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"ed470f8a2e14fc8394d10e72f08cc26e5401805de2b57755585d3b22b9403e3e1bb35e97e399c16414e9e6ce1d","nonce":"0347719316e747f1ed3d5e0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"398deefa344193836c0dfe8a7e7d049bedfa56e4f5fe8e69f864980acd7215fffa2335e5041702c3d05ceb61ca","nonce":"0347719316e747f1ed3d5e0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"1bb96ec0738184733b4c6dccf6975f7fb822b6dd12c00ab5cc487822692a9b85bdc20dfa0c64752040793eb51d","nonce":"0347719316e747f1ed3d5e0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"77ea982c920913fcb3fcd48eb6ba25cc6ea82104fa9b775c984e0b2153c1702665d09270ec900c4a94aaa5d2f5","nonce":"0347719316e747f1ed3d5e0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"a482e80a34381c75589a4c4c3e5b7e9f2af576b01b6fc5da8e9762f5edf41a5f3daab2d0338f87c9524a780e27","nonce":"0347719316e747f1ed3d5e08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"51ec38eccf1422f5246a039f1d510aa4a4e9ea5cae43824d25d05608dfbec197212a199ddb6592a0d71a84dfe1","nonce":"0347719316e747f1ed3d5e09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"d292e82fcbb1303eb88c97101acbbf441963386a9285488e25b2fd49420254266a91a832118bed5e8bd6308ba1","nonce":"0347719316e747f1ed3d5e16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"50e0a0ba52c5c06a58a4eedfcb645190cffe3157d4a45654e4b824890e77c787a8c859aed463e2c88d3c42a96e","nonce":"0347719316e747f1ed3d5e17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"64b03dc42ede31342b27d1173c89d30a1d926c2170639eca0e756def0e2385f90b170ef6739ae467c2df2c385f","nonce":"0347719316e747f1ed3d5e14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"ef1f974735ad14a192817bde8565156ad11ad66ca8f38889c6c88ec5dc9c3f006e0e3c44f92ab7252eb0c1cec3","nonce":"0347719316e747f1ed3d5e15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"4288798fc47e7f8f7b43331adeaf09525e96ca7b009bd409516aaa7ef93977b692ab2d3b3ea6b3de6f61ba40f1","nonce":"0347719316e747f1ed3d5e12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"a2c6f04771d14376f6640527bffa7a2742e8f84aefb29c90f83285167f907ea7f434e182200670e15be2f26596","nonce":"0347719316e747f1ed3d5e13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"56ab07bbd96bd25977a181d29dbb09dc3c5be281a8c1c4d8958be735571ae9f79782e1a98f69eccf9b6b518d7a","nonce":"0347719316e747f1ed3d5e10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"7ba1a1c37b1eebcd0ae2c5f7047b870b0f56632a33e0430db60d363c0be029256829740ce15635de8d60408195","nonce":"0347719316e747f1ed3d5e11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"5ef4955ca0a27b61c87a30223c6708a764aa8a546dff0c453d1ad32368079457e8a449f5cd819fe6bf1bf63f12","nonce":"0347719316e747f1ed3d5e1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"d58f812cd8dbeb0e153c8c6be57706b8fb6f9e18e40c5c76c6dc9366adb223657da651cef0ede1400097a07d47","nonce":"0347719316e747f1ed3d5e1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"e56218f620862d98ff5d86fcbf3436b57f0bad2d59ff121f77cfce7147c39e337eeedb28992d03bb3890120862","nonce":"0347719316e747f1ed3d5e1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"b11dfa1a9ebe4cfcee51a1d7099428eff69e7b516dda243b8c3b4df4ad630174d39e495d4e2580068c450b2cbb","nonce":"0347719316e747f1ed3d5e1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"4d6474a9ee7530e0542f8844cb899961573035dc9c430f91d4aa0a82c81396343b3d7094221a5787dd3b4cc37e","nonce":"0347719316e747f1ed3d5e1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"7245612902b6b1a6cf4ec589af4156fdc8733745c80814169a5140745a3a82a4e9763ce70039531e3f75dc1747","nonce":"0347719316e747f1ed3d5e1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"8aded9b2ad4a8f769525dc41aa73b46e14a226a7089f5b65eca99e5602769aebfa4b9e3c785067c30fd1081164","nonce":"0347719316e747f1ed3d5e18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"3a1b4ad15d0890faaaa2876e2157c7f9a737a47c4b71ea3b83b45984dc3afa58a8dff955096d95fe3c0cc01c0c","nonce":"0347719316e747f1ed3d5e19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"5fb6cbb20aab1c31bac329208099eebfac4a5ffcfe3a84319b601bc329e4019335bf87fb133996af320d35fc75","nonce":"0347719316e747f1ed3d5e66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"0e9c45c4380d9a0bc383963d1a9f55f4bf92b4adbed9ce91d8ef3679f01c88b7cca28922f904c8e4b044e9fec3","nonce":"0347719316e747f1ed3d5e67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"3e812e01eee21e32438f2d255585fd3a7d732015bfefc976066cf5dd65caf954f75b9e71ba778c06b24bf0cb20","nonce":"0347719316e747f1ed3d5e64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"cec6e4163a9631f8fd7b052611ebe3019aea2b740bdfab0e45ac8853c2e82acb2775f51e9cbc8fac3797d08cf8","nonce":"0347719316e747f1ed3d5e65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"c0815aa7c2229db23e8fbb9e20c50842a79a3945297e344bacee012629c7d85cb2f019b336181ee3b69db2fa9f","nonce":"0347719316e747f1ed3d5e62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"8148c00aa94747c8a4f15b1843502d99828d2b46f447b7c52261a1958aa382a516123ee69826f8a7c8e81a5383","nonce":"0347719316e747f1ed3d5e63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"d575fbe4a345ad6682bb7a9d252dcbb3f4f12b3218c3b016d5e345b3a8c26afeb7bbaa194f40c7c0ab7adc2396","nonce":"0347719316e747f1ed3d5e60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"6b03ad8d68f016d0b5426122bdc03ab2d28b8373ce2ec5dc25933475686afb8b796029ddbfef35b3826edf828c","nonce":"0347719316e747f1ed3d5e61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"ac349f9f68b3be90c8e1cde3bbe72e776efa2969445981795d43e6965016e64b4afccd08d72e382b390bc4209a","nonce":"0347719316e747f1ed3d5e6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"79a9fd8bb1d04c2bc9a9e771ba5e54647e960da390e4568af7d3117bfe8be32559662e7bfee51b9c6d68f9a6fb","nonce":"0347719316e747f1ed3d5e6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"3721189592505e6a1a455bfd11520404061db13141732414cdd2e691336884b6471dad88e2ae6884652d001e02","nonce":"0347719316e747f1ed3d5e6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"dd58db40c2508d8b4964879ad80c3c4ddd8bf9433b94977f5fc495837d536cf48826b0e28d3d1f1f88526c2d1d","nonce":"0347719316e747f1ed3d5e6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"369b615435ac8993628400fc8ec8fefd93471aa592c9987f3ed5b5d3ea5ddc743d7e16ecaca9e4983ec24c06c5","nonce":"0347719316e747f1ed3d5e6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"20b1d4977e212a5890ca4ff28a5d50c8a8d9135f6766bc75cbd1604d25de4bdb954a067632e71c4041293265ef","nonce":"0347719316e747f1ed3d5e6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"22b4736144fcecfff193528825935698287f9d4595ea46568a40482b9f0b81d75982a3bcb17982cec3f95dcd78","nonce":"0347719316e747f1ed3d5e68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"2913332f356f976a46d776882ee38795b83ff0410003847181117a17569ab687ffadd2867d6c6cccdc1773469b","nonce":"0347719316e747f1ed3d5e69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"6882fbbcaec384335c3305202d29fbbdad89f1727cb905c39e7015f02e509947e05639aa6aaf1647f9db01a104","nonce":"0347719316e747f1ed3d5e76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"c858707712607a5dc628318bd6e8794746955d1a5f9bfd0d392ec0601a3673fb5cdb4d22ad9c5959f848ee34c2","nonce":"0347719316e747f1ed3d5e77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"c4d41aff873266f8d22b8ac7bebe6c9b98f3f5996e1cb7313c18ca1b8e2f0fd20bb21c1573af9c41605bd9a716","nonce":"0347719316e747f1ed3d5e74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"2b0bf2e239578c640867949624fb6dfc11c5e90b46a0e5eb4031fab6cac736e51d6729cf91a00a2a52be04dcac","nonce":"0347719316e747f1ed3d5e75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"59ad723e2c7dc2245fea618aa7b57f33448081635d77b175de05b09e72abd5893073023f9e4ff98888d0a33b40","nonce":"0347719316e747f1ed3d5e72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"096aa3b37e08c1ed82d4a7c0764e74d975c72d224d00f787520eb6c9a69232714e947bf08ee6f1dcf79c36276e","nonce":"0347719316e747f1ed3d5e73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"0f58cecda2b300097b1376f7b7b84c829cef7a3325c5b44f9f065cfb6adbd21a47fbaede12196613e82c7724bc","nonce":"0347719316e747f1ed3d5e70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"a7fee3aa0fd7519eb522369ea4f863231efec7c3602a0ec3432e9bd584d38007e442225c01e5c2a1fa1d8fdeb1","nonce":"0347719316e747f1ed3d5e71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"de26a2c84e4a6c9f51d5a5f9ea2051863fde99fdee08656728ee3c3b978d370078aa42dc91ab30b43cf9f44f53","nonce":"0347719316e747f1ed3d5e7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"a7ba5cf6dc123a8469d0f9e7729c7d21f1dff57f111432d4441cde083a8b8f83173be51a600d008409c6a097b2","nonce":"0347719316e747f1ed3d5e7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"0bbcda5ea3e1d6d979d707316e8b67f8a013824aefc12600645fe70ac10081efa61b62a129096d388c33c41b55","nonce":"0347719316e747f1ed3d5e7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"1e908cc91b589159aea8eb288e43f773bd14131f3fc5f55af2d3912e3321dc4d9c485182106ebddcf8d75e2a71","nonce":"0347719316e747f1ed3d5e7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"7ad9d911664e4be8c1790912fec51ca04975e10e7601ea44d88d6e570b9c9c97d973cf2e3aed601519640858b5","nonce":"0347719316e747f1ed3d5e7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"a380b477af3ddd6c4a4d631138d3b27d8712af6b5df2ae3c026bf9427c4452341da6a0fc6a4b34bc0a1f3e2a62","nonce":"0347719316e747f1ed3d5e7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"5ce8138b3ae34194d657924506eb10af7349ad4c3961d4c96c8f257542767fd7ff0498b57682257b91a38a1fad","nonce":"0347719316e747f1ed3d5e78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"afc59104b1849aaf0d40e24c92060b1fee8b03c383444b5b5774adf834de5ffbb460b0e7f526eee4ad0c99f7f5","nonce":"0347719316e747f1ed3d5e79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"a3c23645063fcc361c3f88b536987617134cd9c35f61689095d07a85e386cf6928359d4031de8ab19bc5ce4e92","nonce":"0347719316e747f1ed3d5e46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"2750ca6c6a162835514272ccf8007bc39ef3e99bb18c0e45c7f9c3a92f43574670597dfeaaa032c46e493eeb7a","nonce":"0347719316e747f1ed3d5e47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"81bfa779e724c2709496f864fc24c17b55ffceffd4debd044cfc2286e7920d7de7be570893d5419ee6d2683a84","nonce":"0347719316e747f1ed3d5e44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"2cdc0e0f1329baa2850f72beaa855f1e5880c604b54c10ef2a3513004459136fd9fdb2b248d6ee5d5ca0914552","nonce":"0347719316e747f1ed3d5e45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"cc9ef2a444bda8f6dfbc43a0df549c1e201743e2371fb7071bb48aeb4e3dc861e886b7573ddd3d934af0e359d3","nonce":"0347719316e747f1ed3d5e42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"cc3e6e37110ca04c71fb23c994f1d3cdc62ac56c13ed7b4f1254b3a96e611509a57983931046e39fd3aeedd40b","nonce":"0347719316e747f1ed3d5e43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"a5cef99e6fb4df9efb02431e6da1e3e30615ac1bf0f0b929bd1216b3900a86b4137b6b57924dc27c141e1bd96e","nonce":"0347719316e747f1ed3d5e40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"e30c34b3af6fce7151eefe250ff35aeeeb081c9828ab99462f308dfcfb1554b4205b2a7cdaa891af2a4fa72887","nonce":"0347719316e747f1ed3d5e41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"7067fbbd71eaae66fe73468afb5e64f423331be176422d68d5f4da70739537f090b1d06238fd65f296f0510cf8","nonce":"0347719316e747f1ed3d5e4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"64fdaa6ead26ca586dc95fe67fa33447f8b4bb7238e2f5a2558d630b649c146cb783bc11a6ea64e2516ad52b47","nonce":"0347719316e747f1ed3d5e4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"f52d6ba6a7df068d0ec489de92c7f47a6da06cca1aa15ed3f8fb0a2677ff5f64c0181db630897fd41c29fdab4d","nonce":"0347719316e747f1ed3d5e4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"af360bccbd88c03b15306d93c55dbb3ae637d7f56325b96d7c289937a5aebc5b93533072d38f45324ab6772ecd","nonce":"0347719316e747f1ed3d5e4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"69db40b3818736ce93ffd5090f25767e3cee73e4eb1e367daeb570a8b71833fb001c34c698b3a897bd0ace1f03","nonce":"0347719316e747f1ed3d5e4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"fb9137f9ef54c96a028666045a8f555dd9ea894ac6d34a9d60f237f495b74cf8eefada52d83054370026c75129","nonce":"0347719316e747f1ed3d5e4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"c298ba2bf947753246f3a2241ecf787d0efda72b332891a25626fbd5a503224f0a6d55961458602107c4803faa","nonce":"0347719316e747f1ed3d5e48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"0e1d2036a75ad65c03771e4694356c0325dc9e1d3512871413a62b63157b97404bae5d6286d5a9bea2a5e621fd","nonce":"0347719316e747f1ed3d5e49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"d4246ec1eb6618156b9add7814dad55cac1016fc882a7a4cec70df85434ebed9416dbd1bbc03efd70bb304e82d","nonce":"0347719316e747f1ed3d5e56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"b82b16c6e3adcebd84072a2cbdf11406655f179e6988922ddb4bce5350bc9d2caa030066f5a4563f72fc61a65d","nonce":"0347719316e747f1ed3d5e57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"649298ba0b106e2853f83b0ff8bcf5f30007e7ebd66509aa4482307354d0f8d5ef364b9f218b06765215b785e8","nonce":"0347719316e747f1ed3d5e54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"14296bf2310665012d333e0e899bf22bef9ea117c731f9d0ae2108ac089163251632f9d2f729b7b52c0ad5682c","nonce":"0347719316e747f1ed3d5e55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"9a300628f9b00ebc3fba9547ce06fff10aba83f3a301c6e4de104e4bbe261ab8e0acc73ab60ee2ea93eb5d7f3b","nonce":"0347719316e747f1ed3d5e52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"93c14e955ff1dbb4d7e85d0ac112cfda4f51139363c3aaaf44d079d4ce740ac2d454c5e143dea183463f11f89d","nonce":"0347719316e747f1ed3d5e53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"875cee5bb49defcc74bb9f3bda5f2dd163ad498d725ff03ec41b0b87f243ccadc7659713d7e450f1bc3141d804","nonce":"0347719316e747f1ed3d5e50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"81cd2c1b6ca2c0e9f06f054987d8f3f553491f6042a9bcb7ade9cb9b03c02f23b509aa74567237c507711ed114","nonce":"0347719316e747f1ed3d5e51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"7cbad0e463fbfb9e06bcc5f4951976caaa8dbc2cd3ee5722faef5903f73052c807ee9e3aef7c56f40f7c512f42","nonce":"0347719316e747f1ed3d5e5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"2d0c0fb23729ee8ccfe5eaa1a82481291c3b107e0669d8f55eb3b6652b3074b3ca7b85756c45cafee75746fae9","nonce":"0347719316e747f1ed3d5e5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"337bdf29c8eb9031fe3689a22c5f5f4911c08f372b5085f07a00312d62d416e84895bcc63594c2c5255a5d5532","nonce":"0347719316e747f1ed3d5e5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"ce08a9ba6e19669e4b05b0536bd9527606f53344b78232af08801fb77ca1f8df82038553f58b2ff8230153b857","nonce":"0347719316e747f1ed3d5e5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"563aef754b7297e48405744e762c1fa49c7607b298e3dc2e980caacb2ff8cbca89b82849174d236f0f65315b73","nonce":"0347719316e747f1ed3d5e5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"7aff4f39905e0cc0893ac0400e7948e7b03814c168912bd5672c0060f61550cfe949add0fbde9c7c21fc7e09ed","nonce":"0347719316e747f1ed3d5e5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"e32b8cdc5dfe4addce724de0dba51652ac3afb8ee0a6ecc0fa3adf3c30e6b79e55396c6fed586cfc76057d5ec2","nonce":"0347719316e747f1ed3d5e58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"475371d9012441e41efe68fc09a6396b6968b6b9839774efb4bc57dc0d45f96a3e1520a753e9d576a8e523a738","nonce":"0347719316e747f1ed3d5e59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"598dbe2c80d6678e965b934fb8da9663564797c21dec6bc58dd911d7525a9b1019ac2079b86f5687e876bb1c98","nonce":"0347719316e747f1ed3d5fa6","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"f6486ced5d45238244ede4374d3f6aa7f52682a1075b44812c6501e9c85d8847"},{"exporter_context":"00","L":32,"exported_value":"92753650700b872ed25f8fe2e1ca2a9b1c67e3a0ab3abb39f188ee80da4367da"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"939faf04795b38c5a4136564d24e04ff070446cbefcb9126c90da179e6e7fa37"}]},{"mode":0,"kem_id":33,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"81dc7034d30516bfbce0a0730637504181416545d9f49910144dec573712c38b60cf197196ea4a69912af00fc48cfef76ced9e167fc71208","ikmE":"4516b1d53d96f6287ac8b2adbca0c15115841c26ee6bff8d4430995b58cbd9c0f1628fd0b73a2844a092da7defb6cd091b02c5d646a57f3c","skRm":"4ae89000eb6091df4b18f6600387c3febd8b77f262f74b8e973c28e0fd34bad7097c69ad13bb6a09c62af89d488883faa67b73f4f2890a51","skEm":"befabaac1d2743a03bfe21f0e171c11d780084fdd2971f1462de7f0e5d827ad45ed8b2293a82d7b44162439b3e9fa778f4554963ecc7a95a","pkRm":"b8217077a587f4d980c7feea2d6034d279d1896857beb957eaf138f360c8d77b1cba04f0b1ae44e72e41bf58aa07c425d0797f0045628b9f","pkEm":"c604eb4407cf12aacfd66c4cc9710ae2aee02b1569b67d58b914a47cfa6b73fc26600f96207d7c9ac851e4ba7cce467648079d01621dfb1e","enc":"c604eb4407cf12aacfd66c4cc9710ae2aee02b1569b67d58b914a47cfa6b73fc26600f96207d7c9ac851e4ba7cce467648079d01621dfb1e","shared_secret":"ff4c150016ee5f9b154a051ddc7677dc4e78f4d6f7d1c904273f61d5a88082687818575b2e0630b7568d182f2639f8744168077cb3ce83b092d7804bffcf1b0a","key_schedule_context":"00fcb1dfaeb0f739e1fdef674e3bead6aa703796379f96c738934a64ac77c79a0539b47ef10fef9d74124a76b6079f61957d5b791d37ce9aa2fa2a910a7e47ca58","secret":"a5f62a44420267371a71ca9f4c2ee3f605d8b765721c1dac867b4c7d904b9a58","key":"14e19f216bcbc4f47fe704dfc843eea270d54974a9ec86a77c320ba9640d811b","base_nonce":"8b6f664c2d04568aaaf762d2","exporter_secret":"a6ca25f8b7850c4e06e10748b97b0e2afc87fbba3c2e5c1024704a7d69187b06","encryptions":[{"aad":"436f756e742d30","ct":"0ddc9bbeff5ce00ea28569f79fd57b5a4a88d0a8b921f877cbca9f59be2ec1ce139c468897d7fd3fc4168d76ee","nonce":"8b6f664c2d04568aaaf762d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"ba92d01533d7affc62fffb5a7014f40efe55f591debc389ec6e6ef9acc44131531883a8741e401ee98afb7d3b6","nonce":"8b6f664c2d04568aaaf762d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"afb110b215873dd81eba326eafe71d50abf23bbd79095614ce9d27dd4cf6c7a18e58b72ebcb1fe7dc3ac6635fb","nonce":"8b6f664c2d04568aaaf762d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"2fa31d5235c872e672dd86b36bca7f92c01d9fc8672072488e5000f95d3e8696a0717e5127f1b6b25add960999","nonce":"8b6f664c2d04568aaaf762d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"9ed5b9d324ed9812b35206e7677d007cd4629bc811e4ac24d51d678161d04c8e3f48dce3b35857229424542eb3","nonce":"8b6f664c2d04568aaaf762d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"bc007b1a0bf3253517a109857d2e0bb6943a1095e9f1fef93a15d203776a9f62baa19f2410cad3ec7a42e27239","nonce":"8b6f664c2d04568aaaf762d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"aadcf7711c9fe961c7635cada36f69a1e106f2205e6768586a0aa9eba23e8887ea54f2d1e5827b3f49f4fd9981","nonce":"8b6f664c2d04568aaaf762d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"8efcefae90d7141bb2b4925f5938f7d0605e32a963fdd9ffd96270506994b56adca19710ab90509a8b9034788b","nonce":"8b6f664c2d04568aaaf762d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"4a47eaea021ac13d6c9c48a851ff650eee0878a92c9f2a4c4a029f6fbf1121ac23fa6cadd211d659b839d2534e","nonce":"8b6f664c2d04568aaaf762da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"e795243d8ee8f229a6d31a4e3b9e6482188ca2314aba11f372385e19dc8791675b1960082bf73dc383e404550d","nonce":"8b6f664c2d04568aaaf762db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"9a4c4735eeb568cf5fe09dcae8d176def474bc7602b0bce36eb42aa8f83672f5d141c9108e472fa1699db723f0","nonce":"8b6f664c2d04568aaaf762d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"56a6cb5af8a01c62938bf3c1cedb273e2ee56e8b3cb711a2cabc0b48d87ad3679eacfb4bd8cc176992de24dcbc","nonce":"8b6f664c2d04568aaaf762d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"c2c6d7f0a91aaa5ba53aef85ad1fb9bf967070008ee5217fb1728a7f103d228d09099697664ebdfe77246a525b","nonce":"8b6f664c2d04568aaaf762de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"7ebfd094fd4827cacc28579fc8484b27d2c8fc4dabd8e0eb4b11208ba6b747c3e9d4a789ed0eba98693e04d524","nonce":"8b6f664c2d04568aaaf762df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"fc08ca44100c38cfad7d29f2c6d94cdc03fcae04555c21d4936bfd2225e29e440416bc118651dfd0d6b222f7c5","nonce":"8b6f664c2d04568aaaf762dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"70c03c9e1fad881ce2130a6f7bcea578b97b7c1e50ce7f394d9faece042ebdc6cfa1c85c6b867005ff9e759a91","nonce":"8b6f664c2d04568aaaf762dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"a36418549a0b3434ae1198a21c2002c4186595cb28df13ae29ee888bed12235618d72ecd4ae21204fb152ff51d","nonce":"8b6f664c2d04568aaaf762c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"295215159aecfd648ebd61ec38cb025e032cf5e51b24c4cb79690b3fb96257967850b794e69e0d16cd7809da6a","nonce":"8b6f664c2d04568aaaf762c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"ccefe146fda035eba4e0b3b873d347394ee9d770260466ffb971298513b5e7f7a600e5582da47dfdf40acc7825","nonce":"8b6f664c2d04568aaaf762c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"48ad4eeeb3ffca9f83ddd7d047c30314477f5c0409a803f706ebb051fed5121ada66328d94020b82b664eec54e","nonce":"8b6f664c2d04568aaaf762c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"73738c46ad1a7b72aea4bc646f0f9c1b0215e776d757cf9d3a8ca7ff2c24349f15dcafd7dac64513aad03ea394","nonce":"8b6f664c2d04568aaaf762c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"fc7b1074137499a60e5c31a5cbf59c04777ce8e1941d634089e17fdb7e54bf3eca93f2190203a9573a6d479ce7","nonce":"8b6f664c2d04568aaaf762c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"d75ba5c5a4172b85b10c98f0ab707ceec19eb59948bfcd56909217bd1c49a0fc69b9c905243b229ecab2812a30","nonce":"8b6f664c2d04568aaaf762c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"ffe0eb9e47d91edee65850db2f7c5938264c8815970e82d74b3126e5642069ca6ee6caefeba0094190c7a830c3","nonce":"8b6f664c2d04568aaaf762c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"aaafb14cd03c506797b9cf7ed8ccbfa0b1d3c6a9cadd391780e07ad566f31bda92e4f71f8d4f9a2dedcfc679e4","nonce":"8b6f664c2d04568aaaf762ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"40bc6f9a94d3d88a437009da010921a78244e487f462e24d3bac04a50ce287bd552ae4458e53514bdf7d7696de","nonce":"8b6f664c2d04568aaaf762cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"3669b0084a2b83a23f1a9a08a64f0301fe25ba6351cf0c216f50981849b69fef7d7a04d09611995ab39c4cf119","nonce":"8b6f664c2d04568aaaf762c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"25d819f3f9b0ccec8afd4c6e08d63ddf70f99de9a8673ada32562a6d782de96efb9ba26e20b5d4a8fa7280cfc5","nonce":"8b6f664c2d04568aaaf762c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"644a609e7b034b971cc3b1ffae7bafe8737e19b828f192d704335695bfcf34d6b3259871dac3eb1c5958ceafcb","nonce":"8b6f664c2d04568aaaf762ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"efff8fa7efbb28237585e641654b47743c1726dfec447abff3ce3fe797622b81c2ca4f41bfd734c6948bc8717e","nonce":"8b6f664c2d04568aaaf762cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"a804f07b20e33289e3ad97b5a1e6a4be1e078a38c77ea86edbfb29103e5555bf8f5e8982e13358b7befb42f265","nonce":"8b6f664c2d04568aaaf762cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"6a3681b31e6031f4a061842df224270ac1272af8adff09ffe12e1d1adfdfbd6d04794ec89e61cc4048d5645859","nonce":"8b6f664c2d04568aaaf762cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"637cd43cff7e2147fb49c92a609c24500a205648e6388895680771cf2e624f7611e13500d02a919bb297ea610e","nonce":"8b6f664c2d04568aaaf762f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"f257c0bcb3f3e15d4ae5b1e032ab485d6b635de6c19c70671b226bf0640405a2c0f4c46b740cfb43854aaafa44","nonce":"8b6f664c2d04568aaaf762f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"747c918a7488579cea99cc32ca6f6c24b769e1d2539905197fbde0d98e5563ac3f4e5c5e4f4400cb15be7d2cd0","nonce":"8b6f664c2d04568aaaf762f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"b8ec7a6aadee60c021f22acda8faceeeada3cf1e7940d2831af67da61948821d5301ca8ab63b967e3565526205","nonce":"8b6f664c2d04568aaaf762f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"821d9fa632d4519142b27a498be7d4082f5c7c43d4de1736ca2c495e7a029a4739e7f63f75a661fbd848019e8e","nonce":"8b6f664c2d04568aaaf762f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"cb5b1b3b1b4b4cfe19d572995ca648cbcc934010cabf9c3a07c933b37b66f8593467f25b61eee4f48633e9a888","nonce":"8b6f664c2d04568aaaf762f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"c33ee68e97f997cfe9550bbfb72aa7b1e4ed21f58d88a7e0d0c8f5df9416601d23b70f85a08e454eed8ef3e993","nonce":"8b6f664c2d04568aaaf762f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"7c865e5f52d1642cffe62e809517c7354cb3ab000c183a1e70490bb4511d69e858eeaea8d6de48f6c199049062","nonce":"8b6f664c2d04568aaaf762f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"b248eb559a1311cb623b7a381f1268447d28730d64affba426cd709295a1915ea5d972c61ab1cbe344c26642e2","nonce":"8b6f664c2d04568aaaf762fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"54021a8d9bcbcb9e50b4b8b458c0e411ac1d443660af6750f51c603cc6e8ab628cbe1a6575fd1488664d6b5a3a","nonce":"8b6f664c2d04568aaaf762fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"5c3f8ed69f971385a22997edf93b3cb3dc2ec25677b1be80cb523ae7760430aacbe9316b95ce7a7a146a3d1320","nonce":"8b6f664c2d04568aaaf762f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"2d39add5f51b08dc76520d19c655ad8aa1a9890270b1651136849fd796a785d7fdcaf68c0a039e6462d3495be7","nonce":"8b6f664c2d04568aaaf762f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"7f9ea9a6d4e6813740dac6be02695e745e2781bcf6a1dbee8199f3b0a072df357d2bef860de1ca15e07b41513a","nonce":"8b6f664c2d04568aaaf762fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"7082636c26e7c1637d634ea3870e6345dc52779f552b766a83657eef3fb7129952d098af1a39b7669f9d9465e8","nonce":"8b6f664c2d04568aaaf762ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"2e2f77e9806b659543b8f1d0b8c9033c715070d6054fc03d205bb4c90c77d8ccf9b03b862168aa247a8747a18f","nonce":"8b6f664c2d04568aaaf762fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"16bfdf938c4df45031c4904746624e8430560301c6a77a615d45b05e38e8111fca6f48a9527a84cd6d3404a5c8","nonce":"8b6f664c2d04568aaaf762fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"fafdec933df0400196a95ff4b80d817805b84b494f54b259f1fef6bb9bdc720c38de6a4d7b7d7dab37a2a4bbfd","nonce":"8b6f664c2d04568aaaf762e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"5098e42b4b8e006f9865b6432a09282ba197ac06d1dc1403df7cf474f9e2fc8a563fa87b0b125a6d6c25b7f0ae","nonce":"8b6f664c2d04568aaaf762e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"0cd00862547dca958df8e327357107ad7c46d1c9afb25a432f4299886f8b8805a98017ba7a194bba4b291a3ba6","nonce":"8b6f664c2d04568aaaf762e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"2afe2cfa2594bac36ec2a45a0d02bd9596f892a1db5c7572791cc9b40c0f1666ae099bc9485fa64c4ee7060442","nonce":"8b6f664c2d04568aaaf762e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"ea9b23c7bffb58082dc164c47061335d401a6f35330177cf40f306db26906af3da58e96fe88dba62eef5926305","nonce":"8b6f664c2d04568aaaf762e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"2a01d8cdf0c8b7b5635257a69b0138e7e79f67a5dcf938fb5ad5170aaa93d8597d60959502654b8b631f30a86e","nonce":"8b6f664c2d04568aaaf762e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"b4708c5c25706aaebb3da142f38ee10701d204bb56c16e94c3f917c9da298bb5f0066474f615c0235b1865b090","nonce":"8b6f664c2d04568aaaf762e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"5044a2c2bb1ec3e426c3b33293f44e05027ecf0dcff53e52007c11a323cf0dac88e564bb1bb8bed125532d99e9","nonce":"8b6f664c2d04568aaaf762e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"b80893c0d11f0760ae31b805988065f62f92f2f3bfb320c2518b1b97eba328aafed6fee3a18ab660d15801adda","nonce":"8b6f664c2d04568aaaf762ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"31c613f0c16c44013ef649417d69abea896c26be642dc611aee25af481053be42cf4acff529612a48ff52ca1fe","nonce":"8b6f664c2d04568aaaf762eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"c0b38672f94ef6da425966f0f78259a0f9adb7087bae440c7c189ff3c323930fa9b7685938d9ad8d6d989050a0","nonce":"8b6f664c2d04568aaaf762e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"9793eec1de78a111d1ad35124112e27a1f510d75218d7d38f1dee6fdf154b7848c6e915af55994f35d527e9f01","nonce":"8b6f664c2d04568aaaf762e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"f287f6bc2c1d1702cad5901139d15ec57703647e6e1f4f12d0d9c35bb4f5284b5acb538e2006e0ef7ee0b8ac01","nonce":"8b6f664c2d04568aaaf762ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"a3cec2c5f0d2400aa475dc1995aa4da9f4cdad5732ddef9e17da3b359a312b5e649b90ba52493f6ad4ef34ea2f","nonce":"8b6f664c2d04568aaaf762ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"3bf5db3648141ee24a9f8fdb94442e6e8f2665045b779fcd1f18e3aaa1af93157a1b9c21f573e4382bff8b1031","nonce":"8b6f664c2d04568aaaf762ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"92080104f87d69c705400b160403a473bc058db02feeff4c2b8b33a5bbc8a447a5db74c2bdd2d350c98c377d3d","nonce":"8b6f664c2d04568aaaf762ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"6187eb0c5e140c6d0e47ba99a2a7a34e0562994c86a3ea943c4a3cb374a3f2ad9c36ef66a070d9eff78515108c","nonce":"8b6f664c2d04568aaaf76292","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"31342f7ffc55cf53ecb77bcd340dcf7ed369f1d9e360b2471ea54a49a27208a5207fae150637ef3b19ccd6ea93","nonce":"8b6f664c2d04568aaaf76293","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"0d925afcc180f380b0ef642e97f871dc67735f3cf76d3601cb73d67d503474bcf3ed604f748c673f91228b3cb8","nonce":"8b6f664c2d04568aaaf76290","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"feab603ef3f83dae807f6068c216f848bf4e61d4a25d24fcdbf89ea70a74f89c17934d16d292ae03d2231ed308","nonce":"8b6f664c2d04568aaaf76291","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"ff0edecd68f0247335d49ffcc255b06e4c098617bb8fe42c09928520a8a87f41e5dddafacde430d9f1d2ab97d4","nonce":"8b6f664c2d04568aaaf76296","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"076472bdf683c0963f4273026cf4e56340fa4949b344be4cb0b54fa64d0991d8442797899a36871f1e2f7d0fe7","nonce":"8b6f664c2d04568aaaf76297","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"95a38957d7956581c7cc55cfd4e47f9b388dcef54dc556992e5c3c56edfd5d87983a5c981af0a3479a92c58fdd","nonce":"8b6f664c2d04568aaaf76294","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"254a15ed54095972e155166047fb3f138e95dc985df595ba938126e975699b2a07808cd9200f2c5373c5be5117","nonce":"8b6f664c2d04568aaaf76295","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"5a359bdaf9d4173d105019c96094e27a4eaaad3a3d585d4404b69399710e25eefd8a102b22612710984ee48ee3","nonce":"8b6f664c2d04568aaaf7629a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"267c94fd21090a0da32d5ec0a2cf2507309abea3b1d499f68def491c09d41630f98d51fe85233f4f21f8faab9a","nonce":"8b6f664c2d04568aaaf7629b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"b7f279ee7d337938af2c8c7f113cb1f4edb46ef7a8fd5e1ec74981408269e0ddc5f2c2fcc0eca2bcd89b7e3825","nonce":"8b6f664c2d04568aaaf76298","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"a73edee6f84a3c81ef217e4657d7674db69d3703113d9ae04a1ce2e9dfa7fd7bcb8866bcbc4d591e8f1b830a96","nonce":"8b6f664c2d04568aaaf76299","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"572aa59cd95dc271a37ae20675e6254d00aa4d41d94fba0ed276f8ae845e31300cdfdced6d6d8029c24832d66d","nonce":"8b6f664c2d04568aaaf7629e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"4b30738da2130aab74018a9a57928dedbe0b28fea1b4570d857ced7211cfe37a3491b5d42c1a507b190d0604cd","nonce":"8b6f664c2d04568aaaf7629f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"f356d859fb80a8e777096ebeab54f9232ad98f414a0353d32a42b66ab19432fe62e5daab6b1beab21a2435ad9a","nonce":"8b6f664c2d04568aaaf7629c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"846976421f6e205c1d35f3281879b9e997338d7d2a303d00ff5a40c97fcccc6ed99394f130bf9213e42855fdcb","nonce":"8b6f664c2d04568aaaf7629d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"ca2e5e214498c69540c90820c30fb78da7f1a898e19eeab19bbdc8b71999489a341decc38aad6d153e56b392c1","nonce":"8b6f664c2d04568aaaf76282","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"31b03a6480b58bd6efb7e1c16b9946f3c8bb66510cfad2a8a10a2510139bc5e3fa8faa287d34eaa8f2c38c9593","nonce":"8b6f664c2d04568aaaf76283","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"cad65ba6206b054c0741b950b8f56ad41ab36ff6bbcd95f13b3610a9dd76882c7008394ccf1f4d597097a7309e","nonce":"8b6f664c2d04568aaaf76280","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"49969e8c1c2d22b5bd75156fb231f7220279b4569ec8f6ab693f58cdc283200e118024938ef0a520468cd72585","nonce":"8b6f664c2d04568aaaf76281","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"dd51bb803b17a906cbcfc7cb1074f234d56318e334ef1d88efa2cee974b695b3b4975dc45fb9c5ad14b1bae8e9","nonce":"8b6f664c2d04568aaaf76286","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"3106ddb0272254981b32cc6a882e6c2dd1df808fc3e7c2e6f35de4dfb7b0b4355fea4d3b00282be3a3b014a93e","nonce":"8b6f664c2d04568aaaf76287","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"0b6a68a8d48bffeac2e0656878d695a0f871bc4f98c428209c444c5a056a52a89018173171ba65fd0ed1206992","nonce":"8b6f664c2d04568aaaf76284","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"b67ad49006c3d42974379b557bd5c31a1c5b54c52f6ea5fa2f6c0178dcd3b0c13d890fed59d82a66dd264e01e1","nonce":"8b6f664c2d04568aaaf76285","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"9a9386410c4029544c76e6c80f9489cb2d47b2485de0b852f782c5aff55a1639e0bb5266ed379877c16c588391","nonce":"8b6f664c2d04568aaaf7628a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"21fdb9161783226fb8138e9af543b801d844196edfc9a7ae7ad0c6c4b1ccab0405ff8e9ec09451b296384ee277","nonce":"8b6f664c2d04568aaaf7628b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"dd30e5aea8ea18004cf0147d63f2644d5ad2c0230c91dbbe39d418d39c11215a46206296db9034d8ffce196333","nonce":"8b6f664c2d04568aaaf76288","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"3557b990bcca11edfbdcf75526b9f96354ecca7d3329e73d6dd50081192158851903f3bafde59550714a63915e","nonce":"8b6f664c2d04568aaaf76289","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"431349c5cdd86351caed5f17fd27a907d47e182b2d38055dd003fffb434c60de3b6ea56d775a64eff425908fa6","nonce":"8b6f664c2d04568aaaf7628e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"08291c0db4888d950c63f5413eb9c399ffa69512c4d39b6ab488660cbefc12d7d624aea7854665cbc146760e96","nonce":"8b6f664c2d04568aaaf7628f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"a620f5fde06082f552d1540185b10a7c956aafc41f3fcdee4ea556735d3babb9940a9a872ce63eebe78df6f9f0","nonce":"8b6f664c2d04568aaaf7628c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"8eba9983027b0a8d6687e06e9b276f88a32b4a6f4583bf321fa20574a223d1d35754db16fa294b26c289e2d89e","nonce":"8b6f664c2d04568aaaf7628d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"6d9cf7e46560a06eb18299a6d9911fd1bb274fc527e7c247f2b5efc10faf547f0fdd5a2f06c57f7d808b381ccd","nonce":"8b6f664c2d04568aaaf762b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"008caca3d5e7ff1cb012e97ca7a0ab749a8c9f415f0bdce2ea1a222fbbde08263760eb166c5df3d2fafc724866","nonce":"8b6f664c2d04568aaaf762b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"c3ad92a0468e5d3aa7ead530a5da3980638523eff15a39110f107f59a5da7fade1cecef8da6228cf74ea6c250b","nonce":"8b6f664c2d04568aaaf762b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"3623d4a4547fc82b379265db04f90ae0d91d7764ff7c1d0d846610037d64a59058f23b9927415e0ee27b156ba6","nonce":"8b6f664c2d04568aaaf762b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"8973389d276b824976257ac349399cd0ad823f6232458ce70ea235d59526b37272dc5dd2d4a97ce4e6e860a442","nonce":"8b6f664c2d04568aaaf762b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"8f90a5a2839427e41ae27393c72f4f0cfaacf24a14bfa0cdd564e71c20232ddf95831c3d82ae1b787bf7fa8127","nonce":"8b6f664c2d04568aaaf762b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"0f9c2796dc7f48f24c14e57ff7461b81a9985bfc0d790330b02ad67775f9e0fdd1d0066c56acae5311dca7fc46","nonce":"8b6f664c2d04568aaaf762b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"198d3f2d554dcaa3e576157c6b04d0d261538ff00d74ccf78cfad72dfcdfb90ee57b71edd65612a000c69cd328","nonce":"8b6f664c2d04568aaaf762b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"27b57a9b5e340aec887fcc395f2f442c9b83f314ef60dfd4dedb9cd250bc46232d70fba20dfefd8c038a62c88e","nonce":"8b6f664c2d04568aaaf762ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"f264e875c6268de9ddf96d4f99e6ee8a0004305c172203f4126565d351ee3df104d6ba19de0d24656ff623bcea","nonce":"8b6f664c2d04568aaaf762bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"6a28f992150b43bcce43bb43e5f55d85809ed2017374fa81833b89237a4d29f3845cdbaa2c1fb815b226a7857f","nonce":"8b6f664c2d04568aaaf762b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"cd8c1eb0312811c3493f09239150991cbf48a8acd38f87f2811a5692eb501ed44f6f7d4e5360622e64095d6d79","nonce":"8b6f664c2d04568aaaf762b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"d4d30a36e1161d4074387ec9bdeeb3a182467bd11af7ce7412be40e902dd84fa96185386f3e5b9d9b3abd14b9b","nonce":"8b6f664c2d04568aaaf762be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"3c935d0bedb1fea69946c6e6ee3951ea3e13448f7b5315ae7dcba1a2c0bf15ca0f69c4705d9fa0bf7c0f1c7842","nonce":"8b6f664c2d04568aaaf762bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"6a6d4b4279b3c1a41f97cbb3c9f384d54071800ba81920b188a020ba31a14e68ecd4fb1be3aea9322341e24b4f","nonce":"8b6f664c2d04568aaaf762bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"ae3ab6cad3205f485910e48a019a122da07dd7c17414f5fc0adbce828ef46c25552decf43d6bfc1f12be04d985","nonce":"8b6f664c2d04568aaaf762bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"56fe205d4958dd4ddac6bd75dc022bb6bdbf17148f657c8001e6e0293d033d3e5a6dec0eb4e931623e5e89440d","nonce":"8b6f664c2d04568aaaf762a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"349691d43143f67b5793ad2ac730a62a036901263e74d7a486bc3569fef46d5b37fbddae3f3e342dd9883c466b","nonce":"8b6f664c2d04568aaaf762a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"707b8935ceb229e3b364b59774c96d30aa7e4aba4284c0ace2bfe32c1ec0ea903b9ea56d145c63dfb13d157542","nonce":"8b6f664c2d04568aaaf762a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"f5d7e1104d6b0a0f456a74d6598a8a3603a69222015635f032e0dd3dd7cf84c1ee71b8e98b6187bdf2027632a1","nonce":"8b6f664c2d04568aaaf762a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"572b4adb6aafd11f4ed5a728a431a273bb03414aea94db6409c1d310556d3b71d637a2530f82c58163773691fe","nonce":"8b6f664c2d04568aaaf762a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"6628ad31ac3b01714b7dcf636d4ced87833d82fde549b96ec3ee976010156fc1b6c7f210ad1b9dd23644cc9bf1","nonce":"8b6f664c2d04568aaaf762a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"85e56eb6988bfcc4664f740fc75b42912dd328df8511ea4db3e417c15a0263d6cc22b91ab56efd81dd8a2067ef","nonce":"8b6f664c2d04568aaaf762a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"1fc6b24f56a7920709a4acf0098b868b041688fa6abcdf25979cd0e36c3b8eb0d8658c7c6f241605c7e8c6c384","nonce":"8b6f664c2d04568aaaf762a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"2ef329deb5e5c64a784d913ecd5cc5ca90b74fdaef389e3c470aab82c048d4ab6edd05232411e0d763ffda6133","nonce":"8b6f664c2d04568aaaf762aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"da38b8e5f7649875ec75665d45046a6e456ee77d6325bb866a1ee8b581ed964976b6fb4beb26364049919b2aa6","nonce":"8b6f664c2d04568aaaf762ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"dbcdae542652eb8648b00752e182f35de439252e79d1627fd02f1a82399394e73da8369ccdd80958efd12d3ba6","nonce":"8b6f664c2d04568aaaf762a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"03f56bc178bdc6d1ae7a5089538dab7ce4675e11927d12c61d221486d63f8c901057245e10ac2477a8efe9c830","nonce":"8b6f664c2d04568aaaf762a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"6196b84436cb709bc35469ceae632d9bc7157eeb57e4bbac2421357be1b834c141e1cc704a878af3110876150f","nonce":"8b6f664c2d04568aaaf762ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"f13cc51ea3a610baa0fe44b0c67a15e2052a0f03b6121536c56b5969ec62afbb564c711b95644336b5c18a0a67","nonce":"8b6f664c2d04568aaaf762af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"f8d92482842479823af9d9bbd5b505426885fbd1db42974af4c9319e621d6591793390fc41a055c4c0211af37d","nonce":"8b6f664c2d04568aaaf762ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"a003bb60c4a41c921ff644fac44380a51826d556ba4e8958813c30bb48a3a5248558c7dbaefea6d4ecf31b4ba7","nonce":"8b6f664c2d04568aaaf762ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"00eee31533463099538a758ffbfc0c102c272f2bb031a3172a8f44671efaf5abacaaeac644e7036fe278f4c92f","nonce":"8b6f664c2d04568aaaf76252","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"95d75b1988c9ec1ea2901b3b8a98f7c02aa6594a0e3e71b3968eba18bc492c270cc8f55cd03d67d7df75de8f91","nonce":"8b6f664c2d04568aaaf76253","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"89b6788367a6545677304fc90d1d1b7c075cfe2bc622736c7ede86487b57c62f7d9110a8ca819be9eaa5b8f6a3","nonce":"8b6f664c2d04568aaaf76250","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"09b183a6e66b8b9c7e56cdfc3b391fdf493076c8f090edcc8fc49818211181b11f426a178c8cca467370894eee","nonce":"8b6f664c2d04568aaaf76251","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"178ca947a8d30ef1745d2c32e0126cc5e75d0a5e03ed7281107290154fc178a09fc588b8a01e9610304799e387","nonce":"8b6f664c2d04568aaaf76256","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"5a40b225d1fe603c8539a5d6a797b819688101681723377f7143fb8faddbf3680112884448e37700233998101f","nonce":"8b6f664c2d04568aaaf76257","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"c7083004a99e60a76b193a224abe8b2e00ff9f74d494ead5dca8ce1d18200be25751e267aa826ece51b078f4e4","nonce":"8b6f664c2d04568aaaf76254","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"1c06de0867d9efaaaf34de46dd613fff964fa44a5d9e8940ac77b87410f757bc203d8d2eae9b5b8e1465425cfe","nonce":"8b6f664c2d04568aaaf76255","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"103ae65dd4dc6caf750ac50bb8b7ecdf625b961622ac8ad7dde18d0bd463b2d7887566eff81576babcbff13254","nonce":"8b6f664c2d04568aaaf7625a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"4f0a8e8b46db62e3495f8f53ed224dca5c8123cf46112e72872a8a2d141f8c6e32f05f3cc9a9320cc48a479e67","nonce":"8b6f664c2d04568aaaf7625b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"c128f3aea24c605c6b5b074ae065bc60a4b267bb0b0c76f1d0e6ab6bdd8ec07ff83cc40980a7ebd58b4fddf0a6","nonce":"8b6f664c2d04568aaaf76258","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"99edf78df57a5dd4d0425d792cf43ee61fd111e887e0b4483aca2874fbd4f768f9c14642f159c5b97f1e7da73b","nonce":"8b6f664c2d04568aaaf76259","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"f57e069489fb48bb68103b9427333805c01f9d1028088d6c25e261ef92b600d2560cfbd32e57642207ac194be4","nonce":"8b6f664c2d04568aaaf7625e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"3154ae462946b4e6c65906b56a00b07282b09446c01f13992ec7cfbdc9db137c2de3e753671bdc4deed5bf30a7","nonce":"8b6f664c2d04568aaaf7625f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"b9587a28c248bd892bf8d255c0b39b82923d94f7c6f40a4b22a46e608e0a0740ff05e771b36a618449e573ddff","nonce":"8b6f664c2d04568aaaf7625c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"633d580f8c43f4ad05dd0c01268290c63ae708a3eb4903e6b0fc233560153934184254c4b6550a7fd76a85c8e9","nonce":"8b6f664c2d04568aaaf7625d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"38295d4044b018465c059325620b8963d7dd15eca3350bd3c52eb8f2f6225fa8f98cafd7978593f565e95b70dc","nonce":"8b6f664c2d04568aaaf76242","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"30eff8d10e054a3d4b7336d308fb120b510b15532610cf61bb2c3bcd893de46778ebe0976986b5bd295f14d5a5","nonce":"8b6f664c2d04568aaaf76243","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"cc3f3f150f4298d94c5e6e3731d48e59f00ae5b689aa1e2a628f89bd8769960bee4f81216e2c940972ab4d1429","nonce":"8b6f664c2d04568aaaf76240","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"761eacc5d5cd7b48d809791ece7fe46ac87e120542cbc8f49b391bcc3ca4f6c5e33a990a7cce2c505bc00e4e8c","nonce":"8b6f664c2d04568aaaf76241","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"399907f942df347446cc25e5b2efdac2b0e2d2d904766b4c902fefbd8b9321402f964e0950e73734c5452b27e6","nonce":"8b6f664c2d04568aaaf76246","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"fad0ed0a34e92559739d9b02123fcecdf2644e52d9e16b0c138ce025c6b9ebbcf93dfec92bf52a88cde1d18cfb","nonce":"8b6f664c2d04568aaaf76247","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"aa748c8b7c191e38e441946c825ed5b91836a333d6415560cce4dc5f6231e271643a5cb8eb7126c30009b1dcd7","nonce":"8b6f664c2d04568aaaf76244","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"4da062405d48cdc14a667a1e04ff70dedfe1f062434332c92ec6eda23b1ce16936a6bcfac50d18651790014d34","nonce":"8b6f664c2d04568aaaf76245","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"3b680c4b627bd500e6e29cdc2946e7bedd52c483a23555ff417f2c5bef0f8dac7f8b6c268c03db1420ba569b41","nonce":"8b6f664c2d04568aaaf7624a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"20e234cde5115cf15a9ce86a7ab0fe82764cb03dcb1f3e40905e844155bc6a60babe4422421b0e1fc09087fec4","nonce":"8b6f664c2d04568aaaf7624b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"454dc2ad2c4905d344abc0b35eef6382890e998aaf69434ee78fc18a685edf67254ff34850ff399fe60cb438ad","nonce":"8b6f664c2d04568aaaf76248","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"606805fe71fa78d5a709fec0829d9f2b44fbd524b808304a6899fa6b948d3fd006df3d87812051991f093dee4c","nonce":"8b6f664c2d04568aaaf76249","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"44c6139ffaaf5d2a9e7ab9eed8d0fae34608132592967a0ff5d750ac666e3d08ea30c61d095487e8412d74ad68","nonce":"8b6f664c2d04568aaaf7624e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"440265cef49b93d785488817597f6b13f2433a5b1154ca86145fb72410bf13fd6e09474f6005098b0493d5c84f","nonce":"8b6f664c2d04568aaaf7624f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"e0c349e74aa5f8240ccac00d7390e0a1f1c82c91d0ee4cb5e3210ccb8753bf9a27ac0c973ab98c739917b3e3e8","nonce":"8b6f664c2d04568aaaf7624c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"4b1f0f63a17cb2a59f201ed009ae587cf3a194a64e80990bfdc0a52e5e9cc02d7ea131680d44aea226914ee603","nonce":"8b6f664c2d04568aaaf7624d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"55139ade675efb87aa8e238e7249e9283ace5629132cf89357564de91909b18bdc170b71ef933d71ce980b16ee","nonce":"8b6f664c2d04568aaaf76272","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"651b4a3fdc548b55fb9285b12f7508f526b2ee42c645dd9fe8913036c8b40f35b3779cfa8701625d8d148341ec","nonce":"8b6f664c2d04568aaaf76273","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"9fe6243ab073dc305beecff9d3d627f6ee12abe8cf854ceb470d8a38a746bcfcc3f5373cbfc4a331ce846e6f4b","nonce":"8b6f664c2d04568aaaf76270","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"e064cf6ab2eeb1b9b1112059d0efabedd0b9a68b4084c0513f7168e224eab07246c38230d6f53d7697167469d2","nonce":"8b6f664c2d04568aaaf76271","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"7eb285563135e8f391ef0680faac3bca75784adfc2af73d19ed64eb38a7219a445e0bcf59cbc6a645c41890edf","nonce":"8b6f664c2d04568aaaf76276","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"ab3a385a55002591aded765307ddadfbf64a022234be8049315f7dfea89ca72bde62cf4545d1df04cf12729588","nonce":"8b6f664c2d04568aaaf76277","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"856106b4988a9fc0d1972822ff6369483233d72640f6eef6044a491379e59f54774e8c595ce70c297f5ff87661","nonce":"8b6f664c2d04568aaaf76274","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"58602b75fbc5d84f624ae48610517ecdb92b02be9a8ef10c884e30cc273bd763adc4b60e75959e82fe43292ca0","nonce":"8b6f664c2d04568aaaf76275","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"aaca1098235b05bfd718514869f9f3a00edaeece723e470170de88343c38e265e63b85d42b70708daf3462790e","nonce":"8b6f664c2d04568aaaf7627a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"9dfbf8064b48650e2cf8f1cb5041f027b84541de0b82c11ca7fa796f316531fa9051a471e140b9c88241e39f8f","nonce":"8b6f664c2d04568aaaf7627b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"e0405616f9cbea08676a5c0be62c4af1c2e5b4a97c946e69d4c087550c3de166efa15206cf90cf350d9ae963c3","nonce":"8b6f664c2d04568aaaf76278","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"989748a5f82384491c2b58c0aab05fef5711a38b5b4eddb3db6abae51cf64907d53e976e7af1a46ea9d35473ee","nonce":"8b6f664c2d04568aaaf76279","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"571b13f65b52ea5174ec7830ad57181b7cb1ff548948c743bc0669c5cb2f35c8d0f018c4e42100a69d3475b41f","nonce":"8b6f664c2d04568aaaf7627e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"e5c82e392d292a4a8c52c5975524ebba488fc1ab4f7e2d21fc82f830bb0328ae57cc22d3b96b2322fcc151981a","nonce":"8b6f664c2d04568aaaf7627f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"b1c85a95354f337aa96b3476c5455d1eb94523ade2f3f678f8533149daa6f7513e2172d2c321cc6633d5f593cd","nonce":"8b6f664c2d04568aaaf7627c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"d447781ab6ec99a401f0bc95197d530dc718c4957a51f0e37fd80e27b45263cea7718e5f2ed93b1b952d33d8e2","nonce":"8b6f664c2d04568aaaf7627d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"604c42873b39671aff50b008e5459903be961798ffc1a7be858113da8b98a872ce623741095d64200b56d19682","nonce":"8b6f664c2d04568aaaf76262","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"f1e53b5fa7684706bd58de606af7970b88594f54fdd9d0229b31926c92365ec1d7d3e3027e6248b8ff8a2ce683","nonce":"8b6f664c2d04568aaaf76263","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"53944eeab927906a8aeca6735ad53d3bf0fdaeda79e1d0d435741311fb169207b95afff306f6b968456ec85f94","nonce":"8b6f664c2d04568aaaf76260","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"c72943fdf06c9e1101cc90dcd9a98a25f9a4b7d46718d3c9caf319a9e8abe576158360d148cc76572a04169b36","nonce":"8b6f664c2d04568aaaf76261","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"ef5bbc05a5bdd21054da30c384321552cf7af1d810322b3f77dae5782e8d6c572d0a49e7900a086e2adfee33f3","nonce":"8b6f664c2d04568aaaf76266","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"134621f6b855e3058badfcbbafeb769511cbabc6650895168a5faf01d89db4a10cd5cc06c1a502aed996f31ae2","nonce":"8b6f664c2d04568aaaf76267","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"f5eefff45c7385a865dd68b189a3b60e4e733f1c7e10afbd68ebdc06d81dff2e67f8fd27c5e71958b9345c8f8c","nonce":"8b6f664c2d04568aaaf76264","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"a2cfae2c619828480609946af83ae2ca95dec29f5310621bd3b3a8a99c55ff580538a4e8fd6dcccfea71421fa9","nonce":"8b6f664c2d04568aaaf76265","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"34b14310b8fe84aaccffb0ed6406ee3a6150db5311f620ca0efd1ba45fae8035027805cc9ce0665df6ad4918cd","nonce":"8b6f664c2d04568aaaf7626a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"264c25c75095cf9aa9e983b97ee2357182bfae6eab3a793cb238990a2134876e1df02df063fee46eefd480dd22","nonce":"8b6f664c2d04568aaaf7626b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"af6e8bf3fdbb4ed8d44387de4b71b31a05673e393c14dda162a62c5fef2f27ae8df20beb9b12c3f572fe7f0a8f","nonce":"8b6f664c2d04568aaaf76268","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"9d224303473bfa5f0f6ee8f0fed665d864187019071180953541adb7461140cbfea8fa3f978759f4e7391ce6f8","nonce":"8b6f664c2d04568aaaf76269","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"b3acf8d849e993dc45ac9f1bb2937a9fa4e338ffb60e18a6da83717bb39237c28e7c2aad78622d688fd7096a09","nonce":"8b6f664c2d04568aaaf7626e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"324ccdbc9e65e1cb021e2ca9a7b24a298ccb9e409f3f00cf562a6cfa38385050ae5ca42760adbddfa4a072df0d","nonce":"8b6f664c2d04568aaaf7626f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"002ab98eae1cd0fa681551b0ce41df6ec4f6f383a29a01a8f3ef423e8d5b3094e2c766019927c7ebdc5323f084","nonce":"8b6f664c2d04568aaaf7626c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"b08377b7b63eed3b7eee310986139d25163078fa5f53e6b19f7065cce2ca2887d16705a1a9f2d436ae3a7985f8","nonce":"8b6f664c2d04568aaaf7626d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"ac84de8dc950488b8963b6b7270d77c2db222241936fcad93fc9768fe61353c9a2ae2d54ae702c56491f1b096a","nonce":"8b6f664c2d04568aaaf76212","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"f19080c54226043bf486e97d437499e714cca2c4014ff5ccb82dfaa27af39413e3683784ee4fc29060aea8fc54","nonce":"8b6f664c2d04568aaaf76213","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"07af59aaf7dda2dfb7982b60ff3e83d1e7478bd61e473a94734e51dafcafff06a12f2948629c98063424abb9ee","nonce":"8b6f664c2d04568aaaf76210","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"6aace1e0cef946f205ceb9f0d56818777511da536c2e056a01122d18c11d1637e14b153e188d73f3ac48a61fca","nonce":"8b6f664c2d04568aaaf76211","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"337b42a7543697b1151b2f387384c13a8f3251e1f80bd4d034b2818d2eb5ac64ae95045ab9440390a2c64772a8","nonce":"8b6f664c2d04568aaaf76216","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"06ac4dde8ddef51e03e8583c6404123e548612a4d644a192b3b6701183c6d04641e480d1a2148cffbfc37c6a65","nonce":"8b6f664c2d04568aaaf76217","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"d66cfc80f38e98417ceb6862536b55938a521f33e73783157c9c64993e8e5e56f110846a95b7225b21ed1b22c3","nonce":"8b6f664c2d04568aaaf76214","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"9883f215d277f2777aae6b65e75a92ea41dba6636ba5727e42363a9a138ac0594755781833398ef21c7358ddb0","nonce":"8b6f664c2d04568aaaf76215","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"f7353a4fca8ff7dac8aadb9074e1bb355897c82091704c7c1142826bba91253c73a90ec5e585a03ceb81f5ff34","nonce":"8b6f664c2d04568aaaf7621a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"d9d06a6f77f58373eef53f10bf8e3a83c0a734b0bd24324a1797e65c82a7a353b9109895ce1ec1bafe8ea29643","nonce":"8b6f664c2d04568aaaf7621b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"9030a5a9198cd71a566931f0e6fcce35917be68f20e909e4a2a822aafd3cbdfc23aebbb6cd35a6ac8e26bfdad0","nonce":"8b6f664c2d04568aaaf76218","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"a2a81b3340a3e4cdd3a3514a33ba84ddb56a09e443c9c97f5c7892664eb0f19de3dffccaea4e1d9921d87e553d","nonce":"8b6f664c2d04568aaaf76219","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"64eafd635deb994dad9584dde6f20b86d6de98acb6e2f28eed52efbe3d9f8aa30165317474d5fb3e76532aefc5","nonce":"8b6f664c2d04568aaaf7621e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"f638a923da5b184a491eda38e89de2283a014e56ee04a8986afaa2443aa661b5588d1bee8c7b15820615737e3a","nonce":"8b6f664c2d04568aaaf7621f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"8057587e412e1d7c08edb9752c87fb9f1517aa06898c9f558b86325088be1157815a876d06a592fe808aa9de87","nonce":"8b6f664c2d04568aaaf7621c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"831c81a857824407fed8aacf925e966d917ef4682da17299aa166ca725e6be0539f940e829176eea7431952c87","nonce":"8b6f664c2d04568aaaf7621d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"7a50d5e836b6229d633318065671c31bea0204f72606b088f6cd303ea96458966cbb5a4416c357746923b67dcf","nonce":"8b6f664c2d04568aaaf76202","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"9fa74978779d70fc8174cfbf22d9627292be4c3f783c10491c02cb3704ba0c11b9bc0535eb4f4abde5bea78f9f","nonce":"8b6f664c2d04568aaaf76203","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"c365f91cc3d94abc9eefc88a1c214b9333d24796e67501d6fb0973181dfd8a07242ddb78067e766a23d6fa85bd","nonce":"8b6f664c2d04568aaaf76200","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"27b65888a5968452ca276a6a7151701d45e4b3ba1b8d50cb0604f8fd04670d9b49f77c1c8c5ecef6408fc772f9","nonce":"8b6f664c2d04568aaaf76201","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"f29dc0ede4d109141a9ac6ccff248cd216c6f5d1ca5e9aa36e3b850a9f3a0e46e798b11902d9dc6edcaa89f5e4","nonce":"8b6f664c2d04568aaaf76206","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"369a7a54bd8b5ad1c0c202b806af785a92658e00d8e6298b5626bb5ac4dbe835d3b436662739fbb982761ed396","nonce":"8b6f664c2d04568aaaf76207","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"9e25c4906c4e324b81cd1320d039d5833d641d055bcf8278f20b12634e599a61b385bda4799988c59eea972658","nonce":"8b6f664c2d04568aaaf76204","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"d43aa9284e85c985ebee5e9471c1eced131d89eb5d7b9aa1f683f34732f50a3e6cc8edad8245bf059929173fa7","nonce":"8b6f664c2d04568aaaf76205","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"887a2194e9080abfe89d61ee819fb465f6e70cc1e2f5f27e8a8e31829a4ea1a7ddea760d0c31f507e5f58e5ef2","nonce":"8b6f664c2d04568aaaf7620a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"9e40247ca1c454a51531a4edae046758fb3ef846728d1a62b294b8d6e45fae86834d220ad4e84ce416a8c56e05","nonce":"8b6f664c2d04568aaaf7620b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"028d627ff2b7e48801b64f624c1e32924c7b2cc7e84e0ed169a343bbf312b1d9f088e68787f710c7ec55e46ebc","nonce":"8b6f664c2d04568aaaf76208","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"547749f3913d009346e3f885019021060a06dec9d87f0e841748e53929cb80201cc2af40a760c5aad3e74b7485","nonce":"8b6f664c2d04568aaaf76209","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"a959edc0950acd510347fabe3db46c587b9b5d3375f140e2dc54267d278a15b87f79d4198b77f6857a441b689f","nonce":"8b6f664c2d04568aaaf7620e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"467252635e9344c585b7039106c5c14a50aeb21ebd9d1ed6288c31ac9afd1d9825d39d0e7e2547488b348b5d03","nonce":"8b6f664c2d04568aaaf7620f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"dbe53fcbae991583d26857f080780efced1e319f450a3b28b94e385019b307987e97de4694c2935b1562aaa1c9","nonce":"8b6f664c2d04568aaaf7620c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"70c90b424f7403bcb3d4373d724e466ec8dae603a040aa41c699a3fd41a5ffb5f2258739b369151cde1cf920f5","nonce":"8b6f664c2d04568aaaf7620d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"26e74b470afeb1674cc3a64cb8070a6d87c9ce6e78281c1925df5c9934af93f2c0eae326b12012b5c545bde587","nonce":"8b6f664c2d04568aaaf76232","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"dcbbf41eab57500c2896c44f8984ce7ff0b64c62490a81c25703a962d48c53f58e4c00dd0914ab4106bb969ab6","nonce":"8b6f664c2d04568aaaf76233","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"6da51c8c6ab7a1bead237fc430be69565bba2c8a2ece967722ef19872252e40a0f728f627063f3d0ee314db590","nonce":"8b6f664c2d04568aaaf76230","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"cdd1589b9b24c217c76119de14281a09c5dd02c7dc65af50a2db20cc532f2aa023a4c2e7d44a851f91e69a07c0","nonce":"8b6f664c2d04568aaaf76231","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"506ef3b13bba99f4985b3465e06670cbe78764a26b3eb655e18dd26fb2fea6f75f721161d9b5949895bc2edb7b","nonce":"8b6f664c2d04568aaaf76236","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"bc4c662908e3739672d3ffddd261c6bc59bf69f395b4be226424c8ef825395cbf003f512fc87cd35e53a7c2ec3","nonce":"8b6f664c2d04568aaaf76237","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"1675744f61eab9e39c28027119e4158844698b3904d62103ecce509fc5e4ffaf0a03f8ef54db99fd151b2a3be5","nonce":"8b6f664c2d04568aaaf76234","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"dd1da7347da80301d75124a833235c1e451e7c34e47004b7a9a3570fb4bb73150ac10ee28f121819f7e74f1380","nonce":"8b6f664c2d04568aaaf76235","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"32de7a49c22b5fe8932f10b6d30b65cb633eaafaf9bc02f3711f78704ed8415b2c69935d0489e0c5e79f476fe2","nonce":"8b6f664c2d04568aaaf7623a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"aa50d64ce5047744b4d62c6e7da11228ed8bc0c27aad315a43fc3979379ac9df6768d95d16bf452f9d420f73f2","nonce":"8b6f664c2d04568aaaf7623b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"665e2048697a914f244774923321a71ce386ce1c2bcd852152e79d15418da1d547cbe8788958005bdcaf0457e9","nonce":"8b6f664c2d04568aaaf76238","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"6015f54bb0044fbce1a6643e359b1d155c286c8a5fa2170bbfcff0580d77e21f90ef23190b5a84abff6fe0b7b7","nonce":"8b6f664c2d04568aaaf76239","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"90260800f351157d4e1137ca00281c4ff321ec315e01ddad45e98e96f0c6e3126549c15b9f2d1c20b2a70f09b0","nonce":"8b6f664c2d04568aaaf7623e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"fc0699e9edc5e45f8635d1f6c082194a762969862b68f7a1a5214bde083049b2ec415535c6057cf1ebac950121","nonce":"8b6f664c2d04568aaaf7623f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"22beb143f2dad7a753022b62ce36f8dc89288fe15ae573e24adf439523fe2b8a3962ee18772eae73a901a32430","nonce":"8b6f664c2d04568aaaf7623c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"518ecabf41b867d53dd915bf14d6c35f8f1a6123dfb5ad9b1148bbc0fe2ae5e3853e6cccf5520bb16c8bf99030","nonce":"8b6f664c2d04568aaaf7623d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"6f9d25dc673319e1bd69c26beec0f23305fcc696b588f8eedfed63593396f19e33c203b1cf815c4e46e3122b54","nonce":"8b6f664c2d04568aaaf76222","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"363baa00cb05b70edc8ddd9c081f5d53b420c7fd2e58d93976e571ed97a31b501d1e2f7c04339da8a1e73183b4","nonce":"8b6f664c2d04568aaaf76223","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"68c1de35730af4823a3a2c8ebd6f414332817dc6bbf43824e6bcb6f946fc84b6aab954672db01b5d7c99a5107b","nonce":"8b6f664c2d04568aaaf76220","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"90f63fd6ebf6e726e1edfa18157f77ec76ab05b502effd6311e279c1d39b5637ec3cb16e78b35109bd0c2c55a6","nonce":"8b6f664c2d04568aaaf76221","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"8018f391183e17519ca98eb119dee7f625d2d133073a0cd268831d092b0704ffc8b714628a30816156120fc4c0","nonce":"8b6f664c2d04568aaaf76226","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"6e42606cfefc640b473ce7bc197a77b2a7abbe6cd938a4e70d9293f5a6a2b7e1b74a0fea09997cc6d29988ff80","nonce":"8b6f664c2d04568aaaf76227","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"9e32a0d960a2a07a6a478a6c1db813c03d55f5929e3034253efeeb2d4830e7af7c6c9d158e59031d6ee392d0af","nonce":"8b6f664c2d04568aaaf76224","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"153de2a84fe365ef9ce4897ca933185d304cf09801af7304c22265217b6a2b84513dfd8867dbbacfdd530308e8","nonce":"8b6f664c2d04568aaaf76225","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"2109255734518039ec13ab1a3791caeb63647243a7e3fa6be514e64a1b42b09f316b36ee0f302a6a77aca3bc9f","nonce":"8b6f664c2d04568aaaf7622a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"2c4f0d608bc5582e375f424f80d6a0ad5cee72309710f90fba091773411186a0f6a2d7dc83c4bde41fa4524403","nonce":"8b6f664c2d04568aaaf7622b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"f8793a72b8388e0e9c07754c34bacb77a41aa2e0c6cda2bd7f850340be59da19929ee3f6df7f191df917969b37","nonce":"8b6f664c2d04568aaaf76228","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"9eed084b587d8ca8669ac0e1f154600be105839b7d0e5a4aaee00d13a5229ead54ca7c110d598d70a235263f96","nonce":"8b6f664c2d04568aaaf76229","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"a499cc7dbc5a423d14b4859c09cfd2f4e9b568bd830fde21006d8dfe2e00d8bc96b17140e628e16f68aae19c9e","nonce":"8b6f664c2d04568aaaf7622e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"156c9ac7d09f28b5f3992d84bdbf9e3a69d67b3b184c1a8ad526ffd993f0d23cf0d75d00015fc7e279a6273449","nonce":"8b6f664c2d04568aaaf7622f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"c0b91b48ba93cab1bd03fc6ea3c335163a05d60638c01d5232f701574654abc9650942447e32ce2d5b122fdbe5","nonce":"8b6f664c2d04568aaaf7622c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"090ed86a6cfdcd26fc9ce8390355794bd718da62d0c776f2d7c469a9ba3fc1b7f9bdc01aedeeef65007c71615a","nonce":"8b6f664c2d04568aaaf7622d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"60ca071fb3f7033bfe8aec7575cf51a75011f5c7fba80479de91209ad7456c2c834c4bbf1b7059c7a080b1b821","nonce":"8b6f664c2d04568aaaf763d2","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"51bd534eaa4e8284d43a433f826fe24fb898a26ecfb51977c3ed807d18f712f5"},{"exporter_context":"00","L":32,"exported_value":"c4f8c5af4ada37eaf3b07c7cecfaf7764416269380f0264b79a9425478351534"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"ddcf3d00bdd2537cd2bf5c3aea15ab70cb5b163ffe6a49058d7fb69bb851299b"}]},{"mode":1,"kem_id":33,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"8941b742736e9cb71cca9102b83ef28d5fce4fd4797bc6d2b74e88095f2b2830f559167820db7e20519e8308f964c36389a88a0541ce257a","ikmE":"cb29ad4ec154d7ead2cb72290a82674a43815021e4bafea2a1bd83ecc2da2f4ef899a70604debf4b0c26e1006c50d5c808f6f3dcc9f8eea0","skRm":"c45d5053dfc27f277dc210d6a9c08b88672eb7962ceaf7d6378dba5acb4e02b942402b224cf1fd237910abc62f188a7a48db3f90fd893d7e","skEm":"f512e685095563e4aecb3fdc49c99b631480e990a13996ebcea4116816cb4b4f5bbd1113ee96098d7252fd684ea54cf0c3ee64ac01aae3ab","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"6c0b1af495eb8e1166b7d9ffeefff1cb0752fb98a87a696d66b6700ff93e8b267b629b37cefc504391fd7010e6e9395868d633259a9b49d9","pkEm":"55fb747ac31b562c1ebecbe67b805ca3229a4d700173b2b323188cd99916ef79fffd397ed19a42f12793b99a6134661f372410b0d1fb9801","enc":"55fb747ac31b562c1ebecbe67b805ca3229a4d700173b2b323188cd99916ef79fffd397ed19a42f12793b99a6134661f372410b0d1fb9801","shared_secret":"09095f1e3a0dd824b2de5ae79723926a0bea197b4a5decebefda6a2aef17ffdb3ab3e9e4773d5f250cfbc3284f9aeb36697b15dff3e3a05b7e759327688692bf","key_schedule_context":"017d7450e446db15884bc2ae4ec24768fd9f2ee0af660c339d91d6a4d54834361239b47ef10fef9d74124a76b6079f61957d5b791d37ce9aa2fa2a910a7e47ca58","secret":"d3888664aad5e0c0ad4986ed86fc220c0d17aa5b110b29eb0e3776235790b3e7","key":"e8036058ad004764ff9fe90da9e50b079af936103927a2131c0fb2f12aea59f6","base_nonce":"5053d83aa9e4943c9d7277d6","exporter_secret":"3828f89551abf8a8f25339d88d6c3bece7504274326ca140c9399d2b103feb7c","encryptions":[{"aad":"436f756e742d30","ct":"178ed869a7ba019c318e35b0d1fd2b998a735eb1ea5cbd02ffcd4ce25a81b508b9283416cf6ceb33836a257f7e","nonce":"5053d83aa9e4943c9d7277d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"130eb22c54e2811e16bb7b91f56a81d0c606eefcd5295e16cb0e35ed1639c6a69bb8ac55a458ba283c38fb5781","nonce":"5053d83aa9e4943c9d7277d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"b9ce109d1f967f6a4b080ed599881e1204c7e3c30d0ad19d486cd58ea51ba6293b898c85d3333bfab2c07a2d24","nonce":"5053d83aa9e4943c9d7277d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"f4a62c910d6909dfb9dbb3e3b666f26414fbc504cf5cac24c3b94904915df7f5df7473da65f52444d117ca8a12","nonce":"5053d83aa9e4943c9d7277d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"2b6314cebd6bd3d6e865a19340179c476c0a878ac51bca4df715dd55082a3e3b858dde6bd275cb321e8868de9e","nonce":"5053d83aa9e4943c9d7277d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"e1a8aef1fcd475bcb3be029c74376f8f8cf7561538826c157ba6c013eb6a1994d33ce3c7fe4157d9d5080bbb55","nonce":"5053d83aa9e4943c9d7277d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"2b4763bd6a0f619c88ed34c61ae056dafebe9f166287747aee1cfb09071f6548f152ca41d91f9f603741dc2df0","nonce":"5053d83aa9e4943c9d7277d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"305834d1f6e0ef7d4e5d96baf9df38fa1541ce8d013e7ef3a15c3e8f5aadf1ea2150ec14fde8712051f4aca28a","nonce":"5053d83aa9e4943c9d7277d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"4ed8756c2f37c47f287574d5fdacac930bd65523504ba8307a7bfc26200a4e550408975ab9c87981cabfbd5046","nonce":"5053d83aa9e4943c9d7277de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"58715319552240f800fb9b85d30582f80ccc822640b63ac9a95152fc11aaa8af8b3445eb1a30cb8dbf00bdedb2","nonce":"5053d83aa9e4943c9d7277df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"296e3d46696f7f3e0000e460bfa060927b2298ed6f28ee6429e0ee21811e92a4fb004016e02dcd9ce8f95807d9","nonce":"5053d83aa9e4943c9d7277dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"ab6a472f4c147d5bce64ee9be84442d79e97fc741359abe5391f641205ce6b137bef12360ad08724e57c37a0b0","nonce":"5053d83aa9e4943c9d7277dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"e03bb41c34882708f0c0279bb5563dde2ffb7534a078eb0d045c60c57c245f4759b73157dca27c79cee986d0b4","nonce":"5053d83aa9e4943c9d7277da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"e722a87b290364229a363fe13c12f9faa958e24e8b455b24cbae5a0dc5298cc60128e6acc8f19bbd31b23700b8","nonce":"5053d83aa9e4943c9d7277db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"2ab6567cae26a674e4fe9c3c11f197182dcba9cd5e3156c08079be9e4e68be738b0720ee16c3c9dae08323ca21","nonce":"5053d83aa9e4943c9d7277d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"02ea217cfdeb49670c3eea5d39ccf0b053d4ced9fd9e48f11366382ca0e541a14ea7b7af6d44b16aa6dc8a814b","nonce":"5053d83aa9e4943c9d7277d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"493b471c5a9503e67081eb0592fd374692d2b25079132681282b779561f72be5c6b4db76328b45c1daf39e9749","nonce":"5053d83aa9e4943c9d7277c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"6328738a10967c5ac8d4f9b75343058eaa7b69b3620ef187ae64ed10bb5f467974340a909461d268efcdf0eb85","nonce":"5053d83aa9e4943c9d7277c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"b18fe3457ee06c60ee2cdbc6910900e1e809e16eb29216d65550009fba621b2e402243ee3ed777cdd2d6a24309","nonce":"5053d83aa9e4943c9d7277c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"8c6c8ca2b100675b2d4fabf8d2658fc9997142a23566362bf77cc22395dcd1cd6b4b8a06711db1245106e9e90c","nonce":"5053d83aa9e4943c9d7277c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"d5a8652e96c2eccc98ca43d3c00d24d1e02a6c0e270af619284a10ef7b2021694c5ce21de34853649252df28a6","nonce":"5053d83aa9e4943c9d7277c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"4ab842e00f2492680d0ce2a551ec2d4be0171807b3aceb1caace568a81ab9aa5bbeb982b29d2f6726952eb32a3","nonce":"5053d83aa9e4943c9d7277c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"78244dada4859a4d903df910bfe70fee2fc3a45c38678f8bb99568c2f5ba371997f08392412cfa181eb270c3da","nonce":"5053d83aa9e4943c9d7277c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"b54a5d042d26958d409e88a862fb8b544c9403848b0110817751a766e47e9a40c3ab17fa8651138675a4136bf9","nonce":"5053d83aa9e4943c9d7277c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"3e6194e0f93e6a2fe6e0b2b091812b7f711bdb3f08594141468a4ffd63f6d7065d6b4f9ab1b0d46ea3aac150c6","nonce":"5053d83aa9e4943c9d7277ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"dbf03aa9e84044df4f6e52f8629f60543ff634f6ecb8260ebf35b6c7286fae5fff352ec0162c1461c4244ba20f","nonce":"5053d83aa9e4943c9d7277cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"43d4366e52edb7a3bd908c0f276dc4429ac892be8709caecce3647ea208101e2f979c9f9d895cf15a41b8bfb49","nonce":"5053d83aa9e4943c9d7277cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"7be5d8d2afeb625ddc03a2f83d5b90ca6b489bcaa7374cc6390fcc13bc14136dcbcd54e095ab306afa1e5a06da","nonce":"5053d83aa9e4943c9d7277cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"d627653d290be4d2be29ababef233e2f06806d7b8b0c76ae0361739f8d040d3d7565cb6044a658e74334ff06a7","nonce":"5053d83aa9e4943c9d7277ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"50c2f53095d171bc12a2b489cfbbe44afebcb1a2820dd02927124df09fcc556958303c5bf8712e7ea450823cda","nonce":"5053d83aa9e4943c9d7277cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"1eebe37c12a8fdef50cbecc7281b478bfd20b2762934217c1a2ca2514e3868ee18e26e68e1d2ea3f0fd96e0f91","nonce":"5053d83aa9e4943c9d7277c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"016474caa2417b5ea3e1d975ca370d25d753a291b46d3b4c812ba1a7821fbc8a5d1fd010a5105af9cd0eaebca4","nonce":"5053d83aa9e4943c9d7277c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"bf4a8eac8540161a1771f8c846050107f6b81b025a43c301a0aa5d4ebe4f6b1c9b39805aa9b654d929b861a9a9","nonce":"5053d83aa9e4943c9d7277f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"7b0779f88538c4ceba2eeaf8bf9ea45196172a996e65f0dff1faf5529d36e0dfcb73bd824e90ba475a5bf9b751","nonce":"5053d83aa9e4943c9d7277f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"f33d2f91549a02028bc7b5dc8079661a76212bbd8741b26b542a80e6074b231c863bcb9807c379968ed13192f8","nonce":"5053d83aa9e4943c9d7277f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"2063281929fede8eac97ddc3eac67731d90a1c3949adb138804cc93bc191c2384fb849bd130f74bba6466acc4e","nonce":"5053d83aa9e4943c9d7277f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"cebba302949042b1c7e2209272d0b096409da5c6ad6a659784e23fe8344f6de89423c9a9a8acde20ed75dda699","nonce":"5053d83aa9e4943c9d7277f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"b0bf5bc8b3c3b27da838e047e28a253561b33272803800c471808b7855cf01db2ff38d51c06cbcbaca627bbfc3","nonce":"5053d83aa9e4943c9d7277f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"29bd75608fd06577d67473dd37547303e561968bcb57861e108dd48d606896fedc5b8281801827b9f8d82f09b5","nonce":"5053d83aa9e4943c9d7277f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"dd6ff2b549ead534adcbff5c8997c09c26c854c0f47e27e2f91a9cb83f374b458eefbd9409a95f6ea7b8cd0605","nonce":"5053d83aa9e4943c9d7277f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"888d49003d70914dba624c7fd8b1edb1fe245964996f5b38d39460bfe7a8ccf94d660b61f9e3f84433a963879c","nonce":"5053d83aa9e4943c9d7277fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"ee600f466df821691c46934ee8f569f807217d4b88b9891fefa7ce4a9b8f2b64d09724ab24fdfe6261b8c62297","nonce":"5053d83aa9e4943c9d7277ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"7ba5fcfee3892e3889851119fc081b671508b9b319e5605d0b66702c95e6a3afe6f79d562d2ce067255b7ee66f","nonce":"5053d83aa9e4943c9d7277fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"cac46528360d197f5bf715f021c1f01936cf9dd7b5d15f3dfddff576c04ead09d79a7f9b9fe7e19427ea658552","nonce":"5053d83aa9e4943c9d7277fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"496d9c76881ddcdc4700f51ea25b95eec34b6029b17210d5f9d9b81c2f85603c68fd6ac7da3e2e68cd728fcfb4","nonce":"5053d83aa9e4943c9d7277fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"7c65df6a210ff22ca90a55a70c4b088e76cf172a884f8fea1a4f91ff154070e0f4056fcbcd2e739ec5c28c0f02","nonce":"5053d83aa9e4943c9d7277fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"617efdc237ed0ae444c61d78a1d1d50bc12e9489e2fcd89843d275f187143366e47680083e1158796156fd1f2b","nonce":"5053d83aa9e4943c9d7277f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"a0c4977c5dbcffb3809fa5c50ba6e63d8f27a0fc1a31637ea20af6144457f8304918ef1b3e0669d7553bb840f3","nonce":"5053d83aa9e4943c9d7277f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"68b4b6ff0b77a599e3f056e5bbfe6894453c0fc6adc650617e4078ac674d8aa1c6378e1f6205c854e747e67997","nonce":"5053d83aa9e4943c9d7277e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"80d863c277a30b6c19b3f067fa2a1e321f5fe7afc55ed31d8ca3112ff2cd70ff6d6502b34150fd3eaaef5f556d","nonce":"5053d83aa9e4943c9d7277e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"c110cd44079818d7ecc9d4df83f72b328531e08946f9876a92b7305550fcd36527c67e2dffce42e551d69b7d22","nonce":"5053d83aa9e4943c9d7277e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"097cbd6a57057d3afd8b64d2d38433bcf09fd4066b254129ad14167fc79b8cf91465bd705ce4747045a664df0b","nonce":"5053d83aa9e4943c9d7277e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"138ca2f02f00771c7feead991d1ab45c82777299b19b936f866571b9c3aaf343eb6d01dbf287d47c5d6cfd7d86","nonce":"5053d83aa9e4943c9d7277e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"2aefb4aef34f5166d06b74293b5cc36d64a701ed47dc36eebaa7223ca17fd73648f9378c483833c3843c4d6df9","nonce":"5053d83aa9e4943c9d7277e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"a0ad1e0547565081f908595fad915b82e8497e3f6753878d1e966269ae099fd67fcef5305f71a4100dd6d2f5b0","nonce":"5053d83aa9e4943c9d7277e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"e1d1c8e1430b2de102a5b119fa92c9612089cd3cfc09c95652d8680590d192dc49b0d31887413921f13d61c1f2","nonce":"5053d83aa9e4943c9d7277e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"a4d1038d7e6531f098349dbd07e929aafc076be6006c3451334fcbb83fbd5a1cdc26a6092e723f7c2d7803bd51","nonce":"5053d83aa9e4943c9d7277ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"3c05b9072409a685477254279fa8fdd51b7db20aac0c436f000fcc3970e9a7df266bb9310cb4ca82000dbb3e8c","nonce":"5053d83aa9e4943c9d7277ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"3509cb04be0a0626c636806430244d58e838c13ae98d79d1a5d3d98bd2530a4f12a4dcf53173edc9fdcbd8b9b5","nonce":"5053d83aa9e4943c9d7277ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"61cdc02a7429c68541fc769ad8f6ca15ecf8b7f9307e4b6386e9c7346fcfe53d0f77af99933e042f4e457efac5","nonce":"5053d83aa9e4943c9d7277ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"8fdefe24bb4d3bdb2b061563378c60941cb2d19d6b2f84fd6e4a21a3de02f28c9b8d7918f53d42661a78fa7534","nonce":"5053d83aa9e4943c9d7277ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"84251e70d4b4ed23baf3c97e92f4af112da7f5be7a4ae6d37c25807e8f911e53854348c73d2e214c50639f2001","nonce":"5053d83aa9e4943c9d7277eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"e65a556fdabdf36a747fefee075bcc732c8e9a3c2620012e681547d6b0990c59cf70a169d7a0592d83ab10b5f3","nonce":"5053d83aa9e4943c9d7277e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"f71249409e9bccb076f2986e685de2204f2d43ed1cdaf21bab2cb04dad07648d93199f5eff47c8a554640108b3","nonce":"5053d83aa9e4943c9d7277e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"75111c5243edbba12885365c618d25fa6eb17c621f1113363f70df4300aa27c1c8763c78af271225d0067a7722","nonce":"5053d83aa9e4943c9d727796","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"3dbe15262ac6b412cdc013d74126559b6350d7dc0bdb2a2e260de71e6e801ba816bba60899a48f8a6a1e08508c","nonce":"5053d83aa9e4943c9d727797","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"609abeea87591ac495d1245d15c4716a1259955c8e914d0ddb8e09a9dd9037ff7033df8ae26e11224d8bd5d735","nonce":"5053d83aa9e4943c9d727794","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"6e5d488e3251bbc4c03cbc34f1cbd0a7ce18c3eaee43d1ee4bd6b5ecb2262ee84286324eb13a003356ea3aa52a","nonce":"5053d83aa9e4943c9d727795","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"2a105e35a6ff9f0102b9242b690bffac7644274e5043ba5a37d1fbf81fb5b763e43047e0ede0b333a59e8e6b38","nonce":"5053d83aa9e4943c9d727792","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"a926834f92c738b422641ab1f1889e8d1754461834f311c917ceead3fa143ee4d22ad369b40dd8dea61897ea90","nonce":"5053d83aa9e4943c9d727793","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"6df0d1f4b95adb4c26f41c18485aa994c4a2e616224e8e310b417bde4dc1215c78e9205197ebc322bfb6b18e0f","nonce":"5053d83aa9e4943c9d727790","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"e13bf0d1cdb3b8defb854fcac4c583066a6297f0ab1cb0743205f17f72572e1a4e783c9de9b5e7d8c4d9f9ddfc","nonce":"5053d83aa9e4943c9d727791","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"2db125f3acc03c3c3399889353e4c7e1df327cd8f756403e31a4eeb4c5c5e199ce6916190977cfbac0f331913b","nonce":"5053d83aa9e4943c9d72779e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"598fca1847d28d44730deecb8d523fbbedd894c90b975f0de15a5dad65f2d2ca6222fbceb4e4bd63c74c8bb0e5","nonce":"5053d83aa9e4943c9d72779f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"d6f72f18414f8f8b8f8be25c2e3a327a2551466e2afe34e7688eabd44be39882281b3c66222f333c07523307a6","nonce":"5053d83aa9e4943c9d72779c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"5ac8d8c5fb905af6a1c55b8de48f3e433df938f1d6593f2b6c7f8e5aa08490711ea03a4204fc5f58e1dbcbc3c0","nonce":"5053d83aa9e4943c9d72779d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"a21b7cb311d51f1fea03addac79670c098448ee7f4a9ff7a06e61fda4a07987c5a8b3ab85effa5333cd950c2d9","nonce":"5053d83aa9e4943c9d72779a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"f4e063a7a7ec623d2688e91fe6465b7dafeb613b780632c161ce18f423c36f03256f3a4249b43148846c6a3fe6","nonce":"5053d83aa9e4943c9d72779b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"ac8a655f784ba5dfb4d7b108017b0f49c7f80c7ef4dfe12eeea5a5febcda5de67c60ccd8f1986afedd43f7fca7","nonce":"5053d83aa9e4943c9d727798","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"324098942040b3fcaef4824734d09f0c45ec1e7a5aab033569efc7b065f91f9f7a81bf6b5834518b0666dd4172","nonce":"5053d83aa9e4943c9d727799","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"1ed4a1cabc27875763d41870e76ca435b26d4ceebe1886d92630240467b0e506f988558902e50af3f2d1fed1c9","nonce":"5053d83aa9e4943c9d727786","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"b4e810e7749c58da86ea64e32759524f04ecb3f4bf38ce47fb698ebee290142fa33040fafed56dc433c180079d","nonce":"5053d83aa9e4943c9d727787","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"dc46b20dae59e614cde1208564d55638f4b320dc05aea401af2f3ba4b1bb2391c243587b8419c13198545fc54a","nonce":"5053d83aa9e4943c9d727784","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"d52ffa76a7bdbc464e1057685a2a6e48340fe58085ddcd6e1aa8a02153220e55c2921e9b8184d8cdc111242f2a","nonce":"5053d83aa9e4943c9d727785","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"5af4a387de7555f356a9f06affcbd606172f111b44d5c411c22e1832a426ad06240c959eee322ac5502c130ea5","nonce":"5053d83aa9e4943c9d727782","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"cb2bf920dc00159e17b827fdabbb9118d5f7c5a130b47a8b69cc3684d963f0b2fe44ff8f7a4be4ae230bb1bfdf","nonce":"5053d83aa9e4943c9d727783","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"b338d9608a9a974ee1cccc1d51d137557a602e1471ecbf4a22b684a4ac56f71e3fa495f2bc54ba065cb3f1f51a","nonce":"5053d83aa9e4943c9d727780","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"ff95fd1ab3e97e9335c2a642cab8fa62082d0b49dc5c1d0685046ad6e13c825bf4c2256358e6fccaf8d27a6e58","nonce":"5053d83aa9e4943c9d727781","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"83a248d59826f715380ef6ade80e0c5d0bd2fef2178230da6786607d1e73105f31932915dcfc38fbdf2ecdcb1d","nonce":"5053d83aa9e4943c9d72778e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"ce520dcc2a8eeba9f50003ec8716726ae58aba251299ff6288af425afa385d0233f220606e4e4d9d242b883253","nonce":"5053d83aa9e4943c9d72778f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"41026b36662569c7141b9696e7d14667a9ad8e70e43269cf09640b2f43ecaa980785bfc127943c69e97c9cdd35","nonce":"5053d83aa9e4943c9d72778c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"47ba458e9f2c8e2efe93bb84f308beffdf58d7557997d40452e3ce2509056a482539660ae416928003422fd594","nonce":"5053d83aa9e4943c9d72778d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"339b3d91cc7ee8078d1666c084433adb540a004ddfa54914fbc0b8a386970bd921b83122542e85151fd28d5266","nonce":"5053d83aa9e4943c9d72778a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"f14b235e628a997a04dc387ccbb639ed1819fa41c5119e94e215787089ef66f61c5fc410df9f559fc625da5680","nonce":"5053d83aa9e4943c9d72778b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"47c49230c93ff94ab4c98bb1989137d960ce0c83457fee664128564e1ea28386f1a5a283a0b8221be0de8c614e","nonce":"5053d83aa9e4943c9d727788","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"e10ff2de3354ff409b6a7e8dbd24c7a5463f278c0591e3d74371f6e297dbd94657c5702d48f11214931f92accf","nonce":"5053d83aa9e4943c9d727789","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"cc439593d415b06aa4fe3d2aa1c4cb8314455be18dcab674fc1b141d417b8ffbbeb2e6c13c8a8f2d8b5242ab77","nonce":"5053d83aa9e4943c9d7277b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"75b9acd14cbcaa5e91a6a409cb18e74242dd519b04a097cbc8d641b63833ac09622f5fe23a61f0bb058aeb4ef1","nonce":"5053d83aa9e4943c9d7277b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"94ea207b9e4db988950c9a3db667556dbb881f3f57ca6488f7e595b472c7a076389fdea67085c1d13e433d53a2","nonce":"5053d83aa9e4943c9d7277b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"bf517a9572316bb1963fb8ec995b4098781de8c43595fdd6c46dd2acf2c866c522eef05826ee12e19cd13d3c81","nonce":"5053d83aa9e4943c9d7277b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"701366a635a117d349399abb7f1bc496d7deb0f7c24e859e0ce0a81ced16a02b0ad92cfb8d99ab1d8bdeb5486d","nonce":"5053d83aa9e4943c9d7277b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"8134677698a716183a8bbf51030f69bfd914854e0d2520c8f38dc059313900bce70c29455556c93e6f4a9a714e","nonce":"5053d83aa9e4943c9d7277b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"7aaa23f1d396033973612bf89f870acbbc91c18bfd57918bd059e753419ee4ce3cdc186bfa03654ddc9a427b04","nonce":"5053d83aa9e4943c9d7277b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"bc90d85145792246a4b4a42c54db2dc190cd2437016901f53fc21edcfe2e4b269334bc732b4d1750b6cec5a6b1","nonce":"5053d83aa9e4943c9d7277b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"c51fea13bfb269011b5982764b655680d32ab67a9db31887238e31a01d598ed1f15f8dfee6469d3f559ac2f89f","nonce":"5053d83aa9e4943c9d7277be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"ed3439304e676c63fb03709038f9e2f9cf24bff6d707776003b7235bb29748eb391731bc57ca99d71cf1aa8a4c","nonce":"5053d83aa9e4943c9d7277bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"0594c19bc684f3ac735e0085c03decc6b71e69b825e89098999bd70a6b985dcb304877f34da9f1d0ea8e0d0c3b","nonce":"5053d83aa9e4943c9d7277bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"6be6b75b202dd50faf6047d94f04b270f91ab612d36daf3ddd7ee54a696e3e8a8ed17da8d92db4e7a6b342fb65","nonce":"5053d83aa9e4943c9d7277bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"6197b3624c8122f72ae89f0d64127e019d537f94485e63980e2479948e8acc8e0585f6ae702693dcb9f3b52b9f","nonce":"5053d83aa9e4943c9d7277ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"295d8fb955e0b98d987b15f80aa416b61ed68448d0418701d94a424b930d3093d3e3a82cf2444f1cd1bf283775","nonce":"5053d83aa9e4943c9d7277bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"d760de0bd5f0e2f5b74d429e90ce16b4edc9908c93500f5c539f4d161f19235717b3f4b7bfc27f7dc23ce85852","nonce":"5053d83aa9e4943c9d7277b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"317d010a1779cc576c82ab84234e5db4f6762011db703f1737c239203db2e4ffda55689c0b8d3187a6a1243ef3","nonce":"5053d83aa9e4943c9d7277b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"b34e6bbc78f13dfe51375edb5ec3d820f31cbbef8719ef3dfc17943cbb0fe192a663022ce58506bfee7ea0aa1d","nonce":"5053d83aa9e4943c9d7277a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"d39c51f306935568e289a3b80a4802372b0578f6dcea007947bef0d429bf25485c2f90323abf9a464edf185874","nonce":"5053d83aa9e4943c9d7277a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"4e0e81498d4fd78b3b630f8e0a22f15b68cb2d498a2ac6f294d8d9b051f17db05e35b24501b77e2b1d839218f7","nonce":"5053d83aa9e4943c9d7277a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"668f2b08af67cfa0be9d60b65d4dfc0cdacf62902d93da34f629c9e3e51113f237437520806af1ad9adfee8eb2","nonce":"5053d83aa9e4943c9d7277a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"e5914597416c0084554836f4619cec58023d20ea3c387285f0df55625ff7b85f5a5d56ccbe65775c24cf42174c","nonce":"5053d83aa9e4943c9d7277a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"ce6ce8c08252876e66ba826a20cd3b067f2d3bdf753dfdabe3ca2b4d1a5bf813b6ff21c60ddba1aa02d70f3c6d","nonce":"5053d83aa9e4943c9d7277a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"174afadc402f006df0f106352aba6af693de29142774922198e2e0258a1f5cca5254b0b4f3dce71670fbb3ac5c","nonce":"5053d83aa9e4943c9d7277a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"3dcba391cd0de3254cff7bce37d963df7e03d2473595af2517d8576b972553d624178cb36d52c0fb8a6d21fcf9","nonce":"5053d83aa9e4943c9d7277a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"86c91073afda00d74de8b026f41d1eec73857adc6259d301f4950002eec0a9d6d25f8a343cd56e42e9c9d1129e","nonce":"5053d83aa9e4943c9d7277ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"a5324153caa198ba018ec45aac31c41bfcd0648ccb4c8724c15d2bffcc8cd1011c81875f29024d1ab1b6cea41d","nonce":"5053d83aa9e4943c9d7277af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"2d82d2d9b5390d3064794b7efd9feb5090ba39fb3828ac0753848f940aca543a360e638825064f393f5046f896","nonce":"5053d83aa9e4943c9d7277ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"ca42f05ead07ebcdb4bb954a5dce42f6761e6b38070ada45dfc349c636ea5d54a692dfd747fd829a3f4efefc21","nonce":"5053d83aa9e4943c9d7277ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"e069ce47f5ec364caf1e72616cf09738cc1397f5ea3d361db45902ed5eb7a6c5dd8e01c459475a6ae92568f53f","nonce":"5053d83aa9e4943c9d7277aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"ca7b463510ee91577184f2cd258e54b69d2132007d04534b1d760dfe755f291db26f16808076eb53078cba91f2","nonce":"5053d83aa9e4943c9d7277ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"d4744ff936b75a0d2fc806bc37fa177ee505baab4a5dbe1db50e2591d5d31f001149c5d9ed82ec5e26c950ad5e","nonce":"5053d83aa9e4943c9d7277a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"4aa3755ad6c732a9bc79c3294b1a0f4989c7e0a5a5af33c6e5e64d8384bd53f66e05c822c975de462ca314a675","nonce":"5053d83aa9e4943c9d7277a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"640819a93665f0123c704b91620554c464df3513007e6c43ec743bbca359e7bf2eda6d18a575106c97041b2b24","nonce":"5053d83aa9e4943c9d727756","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"d8d02829baf08c8edd16e8d0f40cf51781b74e4bd44a0603aa8a44df3e625c821903d86b4f2400ab7a27963355","nonce":"5053d83aa9e4943c9d727757","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"4f45e3fa6a97eb10cd9ac4dd7bb08d59273ef59f22060f376ad0ab2a446d3cae2ae64a3b365c51c7ef216a4764","nonce":"5053d83aa9e4943c9d727754","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"c51a5920cc41d02fe04603bb88d1f53a4c2ed56543dec0200e5aef99ea88817be06b1b10c02525652117ec65be","nonce":"5053d83aa9e4943c9d727755","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"76f6aa9d5477c60460234613bc0b6d18e7397e2550b07407dc2e34399a5a9a25ff9ee2256167e52a3af4f9c59f","nonce":"5053d83aa9e4943c9d727752","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"e2952ee14382529d65056385f73ae3e1131bb340526b2e3c25f35b006e23e5c5650dd90772d5fbcc972f435dcf","nonce":"5053d83aa9e4943c9d727753","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"331abc05cf691e4ed702265b42fa435cb5a830ada261073895cf5d9ba91b71e97ae9f3844138f6247d9a05e784","nonce":"5053d83aa9e4943c9d727750","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"2487c255eb7d6826429a1d21b64ae4b198c4f3c121339b4707ba1dad8530ac9109ade852ddd6af0f74bf48280f","nonce":"5053d83aa9e4943c9d727751","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"29a2ec2186c8efc28b85df6c444a961dd5f58d3f83a873ab498a88e94369d7d21f9cf6d37429b00b7e4bca38ef","nonce":"5053d83aa9e4943c9d72775e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"960334d917c9993ea5aa8c8d30c6d5527bca7fec9ae74d7b0b33d33b97ac4a14e8e77fb31bc0fcbfa09be7dd52","nonce":"5053d83aa9e4943c9d72775f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"6c75034077d5d3af822b18bbb22993903a59bdf386585728303a5d04489e3bb52e6b5f78c8776e224bd9462126","nonce":"5053d83aa9e4943c9d72775c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"b453be7c18de76f616d7a19c85a88bb19629674a00f8a211d2da66981b465783e4d9c7ae88fbb98d37e9ee3f8b","nonce":"5053d83aa9e4943c9d72775d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"336cf86c6d9f4ce64ef19bdd91b67c296dc5e8b576443215f563929477524c41a86dd39325135e9d2ea1abfcf6","nonce":"5053d83aa9e4943c9d72775a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"72879006f7c5f9c5b83cdaee62f845d20e15d0644c1e450538e4ca3b61a87740e8322f3d753414c68ed7c09e37","nonce":"5053d83aa9e4943c9d72775b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"0fd1f683f5b7dd5c9d913744a4c452a0d63457257ba6eeed9e5a3bb7f7311e370b4b7cf53d79d3fbde5e2459ed","nonce":"5053d83aa9e4943c9d727758","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"de97f6e5a787323840487dd1f2a430d781cf237bac2097ba84f0bdd2cc96860bdf874b987e37c0b9b4ff3eca33","nonce":"5053d83aa9e4943c9d727759","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"6aee5bbd7d8e37fd8df9e13a62550601ed10f47ef5a6dd0750002a3789b532ba26f2e3d693a7c61fa0f4164276","nonce":"5053d83aa9e4943c9d727746","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"b5ff52a234501367f9c9108fee2b037f69f5b7dca965f6e689fd3ab6d120c80b07b5db3516f766e2c57ea92b7e","nonce":"5053d83aa9e4943c9d727747","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"819bce903c8032afd6fc01000c1a1afb458071c4045f3175b8ca68a8fdd19d5be847db7700487fea835ed2067d","nonce":"5053d83aa9e4943c9d727744","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"3ab4126d57c4edaaafb405e73a90b6adf697607f6e7ad140cd15dbf3da17a6b0ed367ca3d3f16f6b945487da90","nonce":"5053d83aa9e4943c9d727745","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"8f41bb448747369167e0731d8c8dd067b058cb1c1538dffe94cf7fcc78db333eb0447759778b924cc3034a912b","nonce":"5053d83aa9e4943c9d727742","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"a108b37e46b0127daef76540339fa114412dc8fa62f5372396b5885a1766ad6e33297a33444d15ac1d9afc97ec","nonce":"5053d83aa9e4943c9d727743","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"7992388661f4eae5f9f300cbefbc26f75e60c49c55972ed33167578c9e38c35e4488ccae7233b5f85561652a22","nonce":"5053d83aa9e4943c9d727740","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"f47bff6fbb8d47146b10e8ae9c171ecfcc7ddee7e8812c8d49e063ae3a0077b83cb1849c1e925ae509c8411f0b","nonce":"5053d83aa9e4943c9d727741","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"ce696385f76654def8acc7e2beee9d91267b3f28db05534ac514ca9e4ee57273fb5ea6891ea26be6a1fd45771e","nonce":"5053d83aa9e4943c9d72774e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"4622e887816671b79ee2ef54b3ffe945cf6d06295d809b80b8633dd22731c979c0286ddd3042ed08ae55d40ed0","nonce":"5053d83aa9e4943c9d72774f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"7573d6a599a27a29ef82bd5b77c1831a076c10293e7504091f866a4cc745c364a9ef7003b39963b433af63d8ca","nonce":"5053d83aa9e4943c9d72774c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"0a17540c3bea6fd5c591b7c0d512ae7e169e87a5fb837ccf6bcebe3a3ff135ba5cb18658913ecb5822d3cc5a04","nonce":"5053d83aa9e4943c9d72774d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"5e82553b784d3060454e7bff5abf36fac5b0e8342edbf709b648ab05abf05289cabd2131c6d9a74b12c77ff543","nonce":"5053d83aa9e4943c9d72774a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"bd60249b02569b3d20eb60d779b7a4c0216b27001431fc2682034cf22555b6763098f7eeaffd3d8a127f06c7f9","nonce":"5053d83aa9e4943c9d72774b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"4e4258b5d10408b21445800e2ac1cd4573fd84d91ab9f9a8dd63d63ac97a949592e00217ed6eff6fe5194e6081","nonce":"5053d83aa9e4943c9d727748","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"cc572bbfbcf276bc9e32d62d81da625fed5e7c582ea88dd3dc5f5f661b15188555a64271cd8478d856745306c9","nonce":"5053d83aa9e4943c9d727749","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"a3a0352afe01b5cfd26341bf6c0c62aa146899b3d2853e9bd5d5af7e56ca0df4deb021db240ff3303f54d1f204","nonce":"5053d83aa9e4943c9d727776","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"2fe1109183c2279c9f96891b9855f54a01863432bb7639d8eb88cd9536b67926089e2cff4eb435bcf3b830db1e","nonce":"5053d83aa9e4943c9d727777","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"5cd61eaa6e6f9e70b5b346bf5c509b279d6742eb4fe96262779b647641b5b9f4815288dd282d000ff06e15283a","nonce":"5053d83aa9e4943c9d727774","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"cbb0f01b8ab10318e19feaf6e6aa09191b9c361e79606c8464ea06dfdc73c1a63852b23802faf91aff74019326","nonce":"5053d83aa9e4943c9d727775","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"16d11658f65a35ec75ae0f5ae3c79d8b6dfd955ae6c62f3800de4bda3c12588de56c5aa37e7b54f5be53355dd8","nonce":"5053d83aa9e4943c9d727772","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"6a8e123cc492d81428173ce869452a392c05ed21ddd397e4b499f31e9272411d21a48d4a837fc81f70773ba82b","nonce":"5053d83aa9e4943c9d727773","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"5e5efc7ec864d60e0cd7a1ac3157fe067bcadfc840e347b4587af8a12368750f56c0f7fa666a2124f900f794e2","nonce":"5053d83aa9e4943c9d727770","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"61e41c5c0d2abbb73419bdc0af21a788ec644468b6c35558c2c1845e8ae4faa656b0ac971616a4cb89a5f3f9ac","nonce":"5053d83aa9e4943c9d727771","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"69b203dbe52fc9d933477c65c0b2165bf1193d8d0b8f9f41320538bbafac27f84deef77202aac905ef30d75068","nonce":"5053d83aa9e4943c9d72777e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"1bb013e42b6ce0109341c90e7c3163afa818b030ce4cf479c2dd40fff8b3498d61031c84ec9afdf158d55a1c74","nonce":"5053d83aa9e4943c9d72777f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"b421138e1417a9bf546db40bfa2729d8fe963776e3ecc6af81b2cc63fdf82d1ff03c65ae2ae2cdf94a38187d56","nonce":"5053d83aa9e4943c9d72777c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"7c4d88f04fafc2a074a3c2148611375786a91d8ff149428ecf8a1082f73bad88a3283008c58ae633891c094cab","nonce":"5053d83aa9e4943c9d72777d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"2f690d4236d477e8256d5d779d17cda70f498710dfccf0e32642d1f3aa21a4ce29daf5d9c5fdfb0b4532d43787","nonce":"5053d83aa9e4943c9d72777a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"baddb59cd2111d5c32c425a7ff8cbba1df97222152d3306b46b0a46624d2feed125e9a0563c88fe1a27d74cbd2","nonce":"5053d83aa9e4943c9d72777b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"90a0dcf07b9263155e217cf39853733aa6b35597fa1d169dc1fc456cbcc8374df1e8df5edd16a68d9f544d3cb9","nonce":"5053d83aa9e4943c9d727778","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"b2bae597c15a87ee424301b29bb2bfcfcdaa9394ca869249a7e54068307e53620a1b783deec03cfd905909af95","nonce":"5053d83aa9e4943c9d727779","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"624bfe1b8e4f144927a2cf6fdb526524aac23e20f02c308de0d7e8335abecfa8af437f4f6d22c4a591aa4fe25b","nonce":"5053d83aa9e4943c9d727766","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"e788963f206f3acc4ab26cfc483c69331a27cb27a002b3a8d33318b2d7e88081e7e052b9e3f0404fd7ebc68a5b","nonce":"5053d83aa9e4943c9d727767","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"306606586cb2bbb51037e88f799cbf161c67c3fa927dfc4adefd844e2a3248d8f988f42be119848e102f93f57f","nonce":"5053d83aa9e4943c9d727764","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"7a80eb838d59e36d4a025bb85c6e375580827454552de6c79fadee51ca6dd4469a7f6a6014f9194a5d8e3eba60","nonce":"5053d83aa9e4943c9d727765","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"3d8429993c1b1350c0b267943180631840d9fb75d40babef08243c8ea91c15c51e826a9f9ac3bd1f32c1917b9b","nonce":"5053d83aa9e4943c9d727762","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"d758f5e65f971cbcbab70d66c15c207c175b8be000bb4a9eca51af57dc371eb1269c284e4591cb88c3cf4eedaa","nonce":"5053d83aa9e4943c9d727763","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"a50769f8b64eecd234f51cc0042029aa307d3a9cffe93cc57b3a59193f4ae2b7ba5c4a0887bfb90de33f3b7efa","nonce":"5053d83aa9e4943c9d727760","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"381ecf325dfafccbfada2e268685af24a71fc0fb2ab43d187822469b0b4a8a65d761c19b63ac4569a5fe1d580b","nonce":"5053d83aa9e4943c9d727761","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"99a3b8d3fe20ee3d8669bb820e13dd078457141c183a68a8d914d42a3392af2539b1982e57c9a36800a0fdddb4","nonce":"5053d83aa9e4943c9d72776e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"0d0d4a14dcf0f75efadffe4e1e504019117f6c4d840d7c0d848130090fa519f41051894bce837bbde990708c4a","nonce":"5053d83aa9e4943c9d72776f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"2b5fd2cd9ee7684d960893579def98f928334aae40bfec4cd1ad545b26c8b1c98f50f137a1c1cb427616deaa16","nonce":"5053d83aa9e4943c9d72776c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"e01eb6d371384054860f520d915a1ef16bc72be5da7ddbfa23be4bffbe57ca9157f1af302dc817235597b0da9b","nonce":"5053d83aa9e4943c9d72776d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"cacdaf671464e6409b6ccd7bf3621683e5624743739c3365499182ca0e6c014245c3b9d8d6a1d6c4344a9f55e8","nonce":"5053d83aa9e4943c9d72776a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"98e0b4b1aa70750437f2b7b9b507a107cbfb21b75a5f5fe43076d1b8a348e4b40346ccfcdaac6bd7219daefd15","nonce":"5053d83aa9e4943c9d72776b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"090aea2c4df141a24efc44316a8e5ab6e4c5822a6fedd19077402dc9b6f3a14ae6736ddffb17041fff2520623f","nonce":"5053d83aa9e4943c9d727768","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"79ac9d774a4504351256bd542773a3555e8e7fb51d02669c8c1825822c9e804e076293e172513232a9c8a7b686","nonce":"5053d83aa9e4943c9d727769","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"bf8bb7a229eb84e9ceea5d18ede8f2d7b2f63a628c20cd215321714626498b7e5a15e03fa2fbe14a9136134d8a","nonce":"5053d83aa9e4943c9d727716","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"20ff9f11e821d1fa8a60ea4b89843c564944297b5e2f3e3c78b8afae4a1bec5b9a8d96c8f88c1a5b9cea64c875","nonce":"5053d83aa9e4943c9d727717","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"01941b78ec4375b0f55472bb28de917338d6d1a673ecd5a0fa632815c27178e6510673bcfaeac5c46862ee3ac2","nonce":"5053d83aa9e4943c9d727714","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"5d20d36201d415bdd2330b6fe358d25370771bd49006e4c3069d8965e5c12d7ca4ae511cc90edbcf9ce2804118","nonce":"5053d83aa9e4943c9d727715","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"5cb64fe6dbb6ef42c523471c484cdee2721bd6b012493b8478d477d20e6cf4af02b97a99ce17cd157a6977b25d","nonce":"5053d83aa9e4943c9d727712","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"cba488ab27322840c468b166dabe207729f85b72990c3daadde19af00edc0094cc25dd188d6c3a2978058e629f","nonce":"5053d83aa9e4943c9d727713","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"f5d54d187bdd9d4deff4cb4b2e1f233c157d24b9c4bf07af1e286366e1ef286a5488560471df8108c4b37b9e05","nonce":"5053d83aa9e4943c9d727710","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"ef5515404414a2184a7cb4ccad5b6a04d38d0f0d11931c75420a20c4d879c2fabdd44627fa57fcab78bc97c6d6","nonce":"5053d83aa9e4943c9d727711","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"416d41c1d0bc50e40d469af5d154c1ab31b97dbd2fd2e9c1901c72bdf3c7c7831ffd9686472c2e4de33024922f","nonce":"5053d83aa9e4943c9d72771e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"c7893f09ac6f9875fe2b33bf77cb7aab50de304a8bc088bdf30a0209f27080e1b91f3aac3942e42134d44cf3ee","nonce":"5053d83aa9e4943c9d72771f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"34c20cf4a3aa4f34e06cfadb83a33dc0a2a9761ae02b2f63ce11a09f006ee2cf070479277d479a3f2680b78b6f","nonce":"5053d83aa9e4943c9d72771c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"c0dc3bff1817d04d408b3bb4f75798c0e27fe7d17aed09a9385dd212171495edadf478d8bea22e7c43db45b9ce","nonce":"5053d83aa9e4943c9d72771d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"bf589aa852e2b8a81a7e0504486721db23106b07da496adbf59916947d9b3fd634e70b4f3cedb872b7b1196cda","nonce":"5053d83aa9e4943c9d72771a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"47af69171449bb3c78615a9271fdf59869bb5c2c98b8e6d83e0c18892b94f3eb2904202393d0ab4247b84d74c9","nonce":"5053d83aa9e4943c9d72771b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"718717d8c252c8a2b60e9143155dab68949656fac366b14b0d088e3c811833106dde092412bc4847aa5da64b4c","nonce":"5053d83aa9e4943c9d727718","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"7fbe9268177f9a6468d7ddf65aca0733e3d631e81dca7714dc8d8d9dc34f96ae0f51e5999b6de0d1896b20e7b0","nonce":"5053d83aa9e4943c9d727719","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"072f70500f08016049c84aec98dea44f6e287f306385333fd8f7818964512745dba126f9211839dcfe0bda6471","nonce":"5053d83aa9e4943c9d727706","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"cda4b1ea737aa7c13c45137e4aebac46d05c40a144946ac79e36d7f3d6e2da040c5f0a2d64ee464d4e055b6dcc","nonce":"5053d83aa9e4943c9d727707","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"d74720b60e0c19e2b44eb29f502ed5afeaa3fdc26f95ec6643e39eefb724de016844f03dc4d987d682dea7040a","nonce":"5053d83aa9e4943c9d727704","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"7d1335e7ab25f5b0278be9fdf3120e349284c918980e7e89201e9c7414a17777328bcbb079346ee585c03c2e40","nonce":"5053d83aa9e4943c9d727705","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"11e28667b0b759ce18e40c9851303995caa127be8293bfd2eb84cdba922bf5c5f7e07b1f844a664a9b2368ca9d","nonce":"5053d83aa9e4943c9d727702","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"29922e749d68705fc96a1ea23bcd1d52b618b59bd273a2624c7d9a142cc1d0bf6fd478d990d87d1f823059f0a9","nonce":"5053d83aa9e4943c9d727703","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"db941a01f5d13cb4017f3ef01ce146b80aa13baa5378a081bde3b8d0bcbc02a0a9f55b1813a9678428ed0024eb","nonce":"5053d83aa9e4943c9d727700","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"89aeea5831c3ecf18a9e67b4838b9028bdaea71453a978119fd616b9aee7442205033f1644b67aa87b8594e6fc","nonce":"5053d83aa9e4943c9d727701","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"658fd2244f3ee49dfd9ea4641a73f0e418e17cc916d5c54b7be553aede7dcfd05f3cb969daf7e77f081e192164","nonce":"5053d83aa9e4943c9d72770e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"508f2a3bf1ed81e83bc7cfc92ad58e6cd4251ae080172b33abd74b6fd56a9be40d16111df84247d786ab9eb9a8","nonce":"5053d83aa9e4943c9d72770f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"d202145b68c1ac08d0b4b7bba9d557009c4f7030fa0f63126938525193577cce62cb20f106c62cae331fa74b07","nonce":"5053d83aa9e4943c9d72770c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"0fd1c8d59eac99891f7a1eb2ae568aa0f479e6d71746ab853e8f4ff6b81919a7c77ab6196d8f871fc1fea0212d","nonce":"5053d83aa9e4943c9d72770d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"2bf5fab7f9abfbada278070da86a5338618fbeabfd50508f3d6d5f0fb99356b94a3ad4e708420cb5c057c97183","nonce":"5053d83aa9e4943c9d72770a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"c6eb5e98c68320aeac95cd5f77e972780092c0a2f40b16d25cd35ce6896d79940d9bb33380a4767b34d220eefd","nonce":"5053d83aa9e4943c9d72770b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"4ed6138deae9792a81daaff9258cf6fdefd6b93b0b48af511d239bd9f2af5b068c6849ebfec0042e3c73bae37e","nonce":"5053d83aa9e4943c9d727708","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"c031dab9cc2f0f240f2a37bd72c3d562b2e9dd75fe6089f48ca9ca3a32bb37de8d8032d4aa62d0168e6ac8947f","nonce":"5053d83aa9e4943c9d727709","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"e37885ab05aa0827811529d046843be04434557d8a040c970dc4ec0ed4bf0e01ac0e859187ccfe578a694d2fd4","nonce":"5053d83aa9e4943c9d727736","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"3a099a6e391f08054cf1d943089dbf349929c9bf11ef1599a37de9959f71f44fa0f67f39a448420adfdc09968e","nonce":"5053d83aa9e4943c9d727737","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"5722e2f68aa1885ffb2622abe1689ad14fd390849c794ab7380df53d78eae333d88cf7270f106b1b8a8261e934","nonce":"5053d83aa9e4943c9d727734","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"b2e375d399a0a2302dda339338ea5afabba4943d83b792b2a8cfa3f4f53757623adc301cb1e22ea6f1627549f1","nonce":"5053d83aa9e4943c9d727735","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"f8caa51f7884cb46ba6ff113ecd79c0f4edca652ff973a6ccaf9663cb38ab4eaa48712d3065e0094202df07894","nonce":"5053d83aa9e4943c9d727732","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"16395c7b767cc84da73d079878e3a555884892845e8701ca0ba0f11e807501751a0b238847c5d10f1097a54a0c","nonce":"5053d83aa9e4943c9d727733","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"9866ce879b19c1a72a826a99a598192e6724ee56e3d65ec4c6e58b8f49ef0e1667f7ec02e881b1c4af5c0eb062","nonce":"5053d83aa9e4943c9d727730","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"696bb9bb28010334ef71f6a5a1b8adcc3f6da178fffe39fbaeb8b489d939e6af81228bf49dceeaf4db8680d3bc","nonce":"5053d83aa9e4943c9d727731","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"65e54b666c33641338c4f2d7da3199b35932ff13a2ccce9aece9ca219438f1052f5d8577b0c804e72128ee8695","nonce":"5053d83aa9e4943c9d72773e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"cfdebd9328faf1963c15ef448c34b1a99c64288cdf30d769a7d37082dcfb5f8f5928ad19cea64710fb68925bb2","nonce":"5053d83aa9e4943c9d72773f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"ee636911e27184853fbc96967cde46c10b9a6025853edda561d68ba6507919ba4548cd51a114b0252592ea81e0","nonce":"5053d83aa9e4943c9d72773c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"6b6cb42401c3c5e28f13278d77b6049541bfa609da5aa6ced2b60a47fb76c6954b162405bbf94109c19df34c38","nonce":"5053d83aa9e4943c9d72773d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"2196a775b6754a5c783edc8689df143e300db56e8a28e5207d7f1c6944cbd34c142267900d4bfc3e9f8d74d3f6","nonce":"5053d83aa9e4943c9d72773a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"404ca16914497a74ce2120614aa37b01d1548586b33b87ffdf74593a409da4e57d915bf79893809bfc0a88eef8","nonce":"5053d83aa9e4943c9d72773b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"f7d421b01a6f2f62221536ad4d7693263da89ff7b0a19ffdb4271596b06663259b522d9573347a022c6ae2e30c","nonce":"5053d83aa9e4943c9d727738","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"90ca8d4c7753a7c094bd6cfbe2301283ec4d911f848eb5099ee3eb2bfcf4174ed014577584520be4dcd2229ced","nonce":"5053d83aa9e4943c9d727739","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"a90e683249c0b7647e12e193347c0537d6e24d59fba1cf0ea2085a9d75a89b560c49e2cc9777ad71a1fa4f9014","nonce":"5053d83aa9e4943c9d727726","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"30989d35f97d65db5f07f56f615cdf91dca20d1a27f4d0c9d78fe0cff06823f3adb7d133ff2a95f3436c552783","nonce":"5053d83aa9e4943c9d727727","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"8f14ff97b1be326d8291f8e8e018c7fcfff04769d60d11b333a82d86c2f05e8c978a5893fca345efa8b0934cba","nonce":"5053d83aa9e4943c9d727724","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"f2c963a8a1997e9b48f77f2243923c4f6f41b764bb03a23ea63b31351f3fcd279f0902b64e2086a83aaeaf56eb","nonce":"5053d83aa9e4943c9d727725","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"aa542d86145e2e0211a6abb47ecc7c2614f907b78940e623c59d2ab900766dbfc5479b4c5cd5cfaa8fbf4b82e0","nonce":"5053d83aa9e4943c9d727722","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"c5e375f3494dcffa489131fc96a2e057a6ef2c24e2823d01102d95c0ee2b39695132f406a8a2a0c01fe2b60b66","nonce":"5053d83aa9e4943c9d727723","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"9d70ac25a6f26798c0e5b0ec87a307e27791ff2b930c8b6919f5a432add7c4167cfc49c7b70c8afbfb9c8eaeb7","nonce":"5053d83aa9e4943c9d727720","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"5e25f5ece72c26830fc48ca4725f0fec2bc9c278aa2cd267236cb19824b214968f33b638df507b0e47005d47c1","nonce":"5053d83aa9e4943c9d727721","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"031ce994de9e176fba7261cd94fd320a04892be1985c15b8c4d90e7be22fabdc0093f57dbeb97ca5947b4c588f","nonce":"5053d83aa9e4943c9d72772e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"bd912eb529c5f443d7211f99d2b6872490a703a43e0e0e091c17088f7aa7492dc666d79d65b645d2f3574e3dc9","nonce":"5053d83aa9e4943c9d72772f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"23a55ae72d1ca2353a807cdab8f67f682376173b166d20ffe3e23ebea955e65ee9df94770a94ddc371c26a3fa5","nonce":"5053d83aa9e4943c9d72772c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"6ce31d9f99ed6333414d27b629268ba98371fe21bbb383744ac06b0343fd8b793dcef2c11b6834891d556f46a2","nonce":"5053d83aa9e4943c9d72772d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"380b602559987d687a5138878d5701cd5c46f1612d8eb48d40fbe72f97b86df25d606e6bf29fab6f871447892d","nonce":"5053d83aa9e4943c9d72772a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"2a027bc77861297405313525a8019146af79a610be565fc318022faf2ccdbb929eb7f1329f8e2a72549867e49c","nonce":"5053d83aa9e4943c9d72772b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"924910ba9944bd163be99d61335fe582007cf420d1fa3c0e44b2f4363c6d3cb7a3bb17d15799b883c554c2a758","nonce":"5053d83aa9e4943c9d727728","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"db425f07892e3ded5d609cf4ff0b11d3dd57c6d9a64b014c46434cdf3a788752eb72198f3640f0ea6a0314639a","nonce":"5053d83aa9e4943c9d727729","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"88b4e48c70c4767a51e2e4fe07b8415c4335c59e494ead733c0ae710af06f7c94c8c9e070eed17e677cf26e650","nonce":"5053d83aa9e4943c9d7276d6","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"acbe107ebe603c94046a91f6219e64a8bb7b110f57cb05d30d719d6c66b1b10e"},{"exporter_context":"00","L":32,"exported_value":"664851aa8d5bbf3a0c0e56b671b1b9b8fc828513af1c4fd104adb4337fab4476"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"390b6f1aa233267bf10c60efce4c3a02ac0b8957f19a56ca3861e36d7090a36d"}]},{"mode":2,"kem_id":33,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"465269748ce839d35ca1c9042ce0e578bc798a6bd8cfa398638c6bd625c61a6b9501cf131349f783da3e9f97694998a72982d4879d45fce3","ikmS":"229c432cb6d8836ddff214fcac9fa5d79a7d9f9f580e1e2918c6ae46abe94147e2cbae01e135cd9c2ad766450c774fb17274934fccacce41","ikmE":"342aa4b1d6f00726aed24cb3a84cdccade2c6a6fc8cbcef398ebf09e6a88e597b9f74cf144ab7b50cc822ad44981c8793cdf66e079ea273d","skRm":"ea6d19624778df8951d7e44437860cb2b0aeec8076173ed3d45d6704fa2761e4317826b24ef7bf6cb87bba0dd2f0e519fdd460ca58952f16","skSm":"77c5e5fb6a88b1e12a97b5c9c1ee22be6906159c07bbc7a8eed2d081dc8259079dd7d84b724fdccd861b403bc4729726de0be85c8bdab3f5","skEm":"8b70abe5e84d750ebac2e09112a3ac38a23e8dc28aec946e8aa7957f6a4d5b32a4180c6d98f13699629dc9b75cb556139d0b35724c0ba6fe","pkRm":"c6eb59c10ecd7a904e10cbc297ea9672dd6a4cee0b61e0ab91815cac8e053efdbc34c3e02b90c0e2c630e87e2eb2d9be9b45e68caaa12f1d","pkSm":"624f3cc5a220b100a2f0077bb91cf79778bdd3b16a36c31c4a737c3b511927abb18b7d3b7c95990f83cde7e64ecf2f814596d23ecfc47ac7","pkEm":"ce777d61261b29770d11eabd4ce8a5926d143694e73e33046afecdd1ea6d92e857ee65dc3daedf883788d850fc9ff3a53a0a417141a758f2","enc":"ce777d61261b29770d11eabd4ce8a5926d143694e73e33046afecdd1ea6d92e857ee65dc3daedf883788d850fc9ff3a53a0a417141a758f2","shared_secret":"1d492822a8a88096462edb4b403579c9ca4d0b3b418f7626aba4438f166c62b613054f15d6cd08cfeda95a41ff8b6cb2d38196261331c4c5a3803b815784610a","key_schedule_context":"02fcb1dfaeb0f739e1fdef674e3bead6aa703796379f96c738934a64ac77c79a0539b47ef10fef9d74124a76b6079f61957d5b791d37ce9aa2fa2a910a7e47ca58","secret":"2c1aa6ba60b777b300283eead054c0c022204745f832ceda5ffcd30975dbf056","key":"951e8a518a609d9dc778de6442709538c93a3d700d04d869e63b70d045182e8f","base_nonce":"11fde49869f0a0f13c03a5ac","exporter_secret":"f42de42b885acbae636e32823485f804e7b233973bd2b188d7710fee0795c2bd","encryptions":[{"aad":"436f756e742d30","ct":"120c5cbbd1560432ef5b1ef8a900dc4a1be2e0de548245b4cf34b510a8f6df720d3fa93df07df8ee560bb32caf","nonce":"11fde49869f0a0f13c03a5ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"66b7521d375f5bebc0f21c32d91788f6a9a39425a9be644224f299bf3c6c6fc2bd7ebe0ac3f02f1f2d274ab2f3","nonce":"11fde49869f0a0f13c03a5ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"558da735199d37ae705e33ce2828a4289e029b08c2807ee7ff4405df96d2ba10e902087a08de43231e539c2be9","nonce":"11fde49869f0a0f13c03a5ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"42d23b60f194f5f7271a84bc75504c1f3a098e6f8f793f43ff93c8158abf704908f9bbe3de69f038ea6afe0ca5","nonce":"11fde49869f0a0f13c03a5af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"35693bc200f34eac5d76b24f2a959aa86f42fac09d71f73342d446e9a865749bc469c2d7ac47b707f1c7b2a4cf","nonce":"11fde49869f0a0f13c03a5a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"8cc590b0470e3b471015c409f803dbcc14e4104a4bd1745cf901a5dc153832e29496df55363c09eb37cbc1e833","nonce":"11fde49869f0a0f13c03a5a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"63011584686a8f6af5e29bd4dc95e267be42ff642b87be6194a3c8c14ff21fb0206665c8ea3d1d8ffc953b201f","nonce":"11fde49869f0a0f13c03a5aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"df12ed67a1fd9149ef3e4029a616e8b270f0cd70dc6f7e5c68cfbe1ef013f260cdcac71ef4e42f9789f7c5d368","nonce":"11fde49869f0a0f13c03a5ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"3ddfbd6c79e91466330d3c5af4b0d425f6e2ddc04464a1f23c3722af0f3f381f4ef0a73ec6a39fd453946ead42","nonce":"11fde49869f0a0f13c03a5a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"6fb37fd7583589daecb581fbf95f6523b8eb29a5843edcbce8c264972e4aa88d915c676f5eb1b70d57f70b557c","nonce":"11fde49869f0a0f13c03a5a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"71d9e3268408884bdabe2e797cefd4fd6c048d5895afb5035411c123b060702ce535f9e0413bda7b09bcfaa085","nonce":"11fde49869f0a0f13c03a5a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"e5babf09ac952b0a68fc2f00310ecd6a3d17637dfcebec1c22ca449e0ada4b91aa4dbb9282a86466b5af32616e","nonce":"11fde49869f0a0f13c03a5a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"c1c30518a3cbab7cc06e4e68c17480be476646803821a6e87b8e2b2d18a085bdbb6de9dc897de1854a2156e8e5","nonce":"11fde49869f0a0f13c03a5a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"91779d297ee6c1f8b3937f3de7bba35e4fe944b810c85c25487a85a53d8725e79ad8789543695b6647d924bc9d","nonce":"11fde49869f0a0f13c03a5a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"223df7eaa58016e4499581d34ca163b99cb491b0ad7ad7d57edf611b34b490d9f8518a3daa5c3c26bbb573fa97","nonce":"11fde49869f0a0f13c03a5a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"c67e7a74166ba6ff621fef9dbbcc8aeb1874b250415c1d1801d3198161162097ba5f73935d8449296ab8ed9c5d","nonce":"11fde49869f0a0f13c03a5a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"ff6e50d187b98c5968881148f60fcf131c2e6318cb237ccc02863e617c88a9260cf54d25e5acea6b7b738576aa","nonce":"11fde49869f0a0f13c03a5bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"9c91ed66954c57ded4fca6174dc4012c44596b1880b620b6595ad46452db98657d227466d8caa4198a18abae24","nonce":"11fde49869f0a0f13c03a5bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"4086a681683176781e12d24cce8f0169a1d1a95654d7f1af0c9097dc4c81e82904b95a781ffb91f5c4264d1e80","nonce":"11fde49869f0a0f13c03a5be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"ffc9fa96a89e38ea235380d2a8dfbaf4012e607f71d84fd716153ae4ceef9eadf7cbf9b9a7b6877eaacd05c0af","nonce":"11fde49869f0a0f13c03a5bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"bfea32888d458962d7127f01b2f1b17eb02768c5037a94c2f1c6e09e3bdd4cfafb5c752479066017bd83fbdbba","nonce":"11fde49869f0a0f13c03a5b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"541e648dc83fd6026f8fef4c94dd2ed1219ce94dbf7e9b487a45b9f2ada9cf8415c2ea43da60be86ca9a961d99","nonce":"11fde49869f0a0f13c03a5b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"c08e494bbeda2ec42fe3f3d3c0a73c7b076b52454c1d8ca2b1df5fdd620afb762f2e3aee248900cb12d2122f19","nonce":"11fde49869f0a0f13c03a5ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"c928dc04b0b10a8277fe03fff2424f7a59592e4020fb6da05f1c3e89efb489f39844afb96f6e7deb1f452283ac","nonce":"11fde49869f0a0f13c03a5bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"13c56ffaa8b90790d7482b2e6023638c7b1453070568e99ed0f9a4acb39ce97988bc9bf3df0ed6f8e52a6201ce","nonce":"11fde49869f0a0f13c03a5b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"128f3d1593bc3fed276c1162e63b2c2f832552f8669d5367a40a4092ab97aa405377a4a6e01c6114043761ae42","nonce":"11fde49869f0a0f13c03a5b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"34986f401d2fbb1e468104f66df84194baeae7190375c59861f8e28858fcb980c5a893240f31e6586e22801f45","nonce":"11fde49869f0a0f13c03a5b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"ffa123a8f10b053814608c65d173ff3aa7b41d72b8c266d2554521f314959efa0b7c65f839b0a804830decade7","nonce":"11fde49869f0a0f13c03a5b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"56bd2bb4bd5b75d22f09e4a8ce55a5977195852f28ccd35f1a9c8a5992bc5acf8e85ac7805293bc1b3d80fa81e","nonce":"11fde49869f0a0f13c03a5b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"e55c5e78cc8a31c2933fe7b5f20f181cad31c44fd743abcef56231059ea5596fe58b33ea2abf91f44b0c115b10","nonce":"11fde49869f0a0f13c03a5b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"060d5771cbcb99171e4493d80c4506c8497f9aa757a1c91769cfc71ca748a8e740a89b48d7976838713808220a","nonce":"11fde49869f0a0f13c03a5b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"2adcafd562d67fdbb841dac767b0d433baa4a897b41f099b71e1b4e506c9ea716f0018c804eba15c0edd0228cd","nonce":"11fde49869f0a0f13c03a5b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"ab114551969fc4ad7883f2ad4fa6f1427dbfaa178a674d1a840f2baeec62780e58dfd1d2810b272ad732e4fd65","nonce":"11fde49869f0a0f13c03a58c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"4b76e1f257d4b6954b81b3f2f55a448ebc896f1792478cd6fd44f945eed1a9bb31f2e6b47ab87899766ba9b565","nonce":"11fde49869f0a0f13c03a58d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"c99a11f4a7d51837cccf8f459671ddc399b9a0a31a939635bffc660e3a2e132737d7d6443cc7ae039af241428c","nonce":"11fde49869f0a0f13c03a58e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"aefeb1bf7a511ce22191340f087dc6df65c4894763cab7b87ec433119e829a1295e0d6623b0d26821d646ca30d","nonce":"11fde49869f0a0f13c03a58f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"5a0f11a98adbae3bab6a1caf07be9b51956e14ba9aaf4f25ec547eca1b4d86bd8d18fc3ed76f002e15b4b4bd1a","nonce":"11fde49869f0a0f13c03a588","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"019d95c31687d31f2fbd1cd521be7367c64278016f2bd454fdc23f8fb48ece2945ea6d0b19f21aad1056f249ab","nonce":"11fde49869f0a0f13c03a589","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"6fc59d9823ad10a8e5d99df180a24a8feee7acf34b403cc736d7e527a532b414eb74ae32902e23fd7c6119b04e","nonce":"11fde49869f0a0f13c03a58a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"7dc37982af8089d32db9e8c32f300b97e19620484602592c3702646d5b8910566268c84cd03950a4971b9c0ba2","nonce":"11fde49869f0a0f13c03a58b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"a4b24a42ad46eb04ab33894617dd4a9950a6050897e43c737acbda6c6020dde2f18a927aaadae221106cdbfe18","nonce":"11fde49869f0a0f13c03a584","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"5161b4ba2279dbed16d768591940c929d72148e55f77ca11b4f632093bb6c825068a454b01e8a4aff9ae0d0ea8","nonce":"11fde49869f0a0f13c03a585","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"9b43fb7470b9127664a6f8170f16d767f12721db1c4bc918df0cc9272a5f80471b988be9c6ab22bef1203d792f","nonce":"11fde49869f0a0f13c03a586","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"e31fd813a0bd775ab4c9a111a1552d0c596fd9a0558922aa26ecfb78d9bd86163c17e400d2564526fef59bfa41","nonce":"11fde49869f0a0f13c03a587","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"d8fa9a76bf9317d31a2aa39da7e54d946d54fa11412d5feb52f8e135f44dd3424bc9bbcb08fff32c10c9ae4130","nonce":"11fde49869f0a0f13c03a580","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"c89c50be553e822e1f5e958fb91eb99dd9185b52e7b95e513301ea0b8e19c709772bd5aa4b7fa25b45fb0389df","nonce":"11fde49869f0a0f13c03a581","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"4cf501b793e191650d0109af7899b8d674e80bcd1bae43b036acb26b931e91a9ba4397b988b884f9a008cfcb45","nonce":"11fde49869f0a0f13c03a582","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"9bc2797c5bfe81bb63705fd09c8520fbc2f11f59968afc1bea7fce4ad7a739d4b5d08d5da2f954a71d78ac15e6","nonce":"11fde49869f0a0f13c03a583","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"607871ce82eaf7766c0cfdb5b16b3ad65799948cf1fe57e27b0f6fc6766d56ebba576c99f8f0c1ded81ca25d4a","nonce":"11fde49869f0a0f13c03a59c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"63fd651dc6064e43110526c1377d6324de11b909d20fed9822928d4aa59fce4519ba206b16d92e4148c0371c70","nonce":"11fde49869f0a0f13c03a59d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"91ee7681fdbe57c0c732f9829c73fe13ca6e7507ce1ec1dec2daa82713a666b169f81e7c6c3e9cee9c0387b015","nonce":"11fde49869f0a0f13c03a59e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"eead7c0008a12ce5ea35ce86132ba16cf4a2b598b4d03cfe7af9a4aa895fb0482386e4436ed96b4690738e0099","nonce":"11fde49869f0a0f13c03a59f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"408ec35875c58fd872a1b4cd216a693cc2e4dee5f25ec356794546bf40b8b6f492cba57c339519b7b9fd0eb13d","nonce":"11fde49869f0a0f13c03a598","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"485a255b2079d6221c8176e5b4fc3fbeb7952bc919f8e0b8bebd3fe30fe209b3b2a20f0a709c221685778ae51a","nonce":"11fde49869f0a0f13c03a599","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"3e96cdf3ebb6eb7a2e82126b139ccf91ab1b0b978791b37081e0caa8cd8822bb0610647e8285f669039f0020f5","nonce":"11fde49869f0a0f13c03a59a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"0c45de0058e8bb05b735ab00ed883d36d264191bd88a9bbba78e317a148dc2b8aa4f981de1faefa58190c1f010","nonce":"11fde49869f0a0f13c03a59b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"4df7d05e4f1d2ffed6344c419bae1f0a9a2cb634be25f6748a68e3b1fab1de2f2a553d9db6375daeb55e656464","nonce":"11fde49869f0a0f13c03a594","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"946ae60dbc01212f91ef30987308c5ca972a06e6750a45e4c2764d154e665a3466df316550bd47bb65e6fd2a5f","nonce":"11fde49869f0a0f13c03a595","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"ad9b9ff16093be4fb971539bc7dca51f47f84dd7714f9f10f6168202ad6b0a6ab10f37803d8140202ea8f52823","nonce":"11fde49869f0a0f13c03a596","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"c53b25f3eef1192d5f2e5b972346bec23250ca4051d9fc5869e345a57acfdf4a903187c2ee1e8a1c538889d2ce","nonce":"11fde49869f0a0f13c03a597","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"a790e971fd3fe5901636cc2ed23a7e267708f7000ad9371e2ab20e7fded006b9c65f805e9b62078ccc64e99d29","nonce":"11fde49869f0a0f13c03a590","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"5e9fcd1c53d3068d021abbe0cf5a3cddc70e0f96c5565ac1421bc06e2611e31c5d4f7da52e3acb57cd0476f363","nonce":"11fde49869f0a0f13c03a591","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"f6005ad2795794ce266b38d20e79425cf8bbc9c73f7dcd57a6fb1b3a9608554b15f6b1c5464dabdc074957cc9d","nonce":"11fde49869f0a0f13c03a592","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"a3b340fb8d3cf9d8fd3b9c6bf78aef679359b03fb3caa209f9f32a8a068b586548d05a82e24e303fa11f6308dc","nonce":"11fde49869f0a0f13c03a593","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"9da39fa2b98f3f09698a5485d425a1aecafcbb86b3231ef4fddacf6489c307315ba3352abf34d36de6e8833133","nonce":"11fde49869f0a0f13c03a5ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"259cfc9bebdd463f95632e7aad9aa949c744df808d38cd4628d63e98851998c6e8efb1884929321d33f77b3ffa","nonce":"11fde49869f0a0f13c03a5ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"aece1d947fc448e2d5847aa031bbd94f15e5121e91a04098e6243e9dec896aeecad35955a7412105b7e6860d35","nonce":"11fde49869f0a0f13c03a5ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"48a886ce32a9c934c4bcb826c2949d25fd4130220918b8bfc236635fe78f3481cd37a44e106ea895b32a7c1c04","nonce":"11fde49869f0a0f13c03a5ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"9c725722af70565805ccab65d488df35de082b541ead92402a19b7f366458985784dda87b08410f5f62f281399","nonce":"11fde49869f0a0f13c03a5e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"66d5715fec27f62dcb4fb937a8a1d25cd88b087ef1736542a1036b5e58c04450327a2be6cc4523065d36e0fb63","nonce":"11fde49869f0a0f13c03a5e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"ee41ca4bdf7d384bf33dd3fea0006bb1bac5fc38ad0247b17642768ff1df0bfd69690b3fa76feb272e7393d2a0","nonce":"11fde49869f0a0f13c03a5ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"7120cdc9bd3974cd9adc1cb29b038304134267bdb7c05beac5d3dde8156e7d4345d46ae42bbbda82157fcfc8d1","nonce":"11fde49869f0a0f13c03a5eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"334befccf65392c358358ab77e44ae245c9c319deeba4fec373f4a2eb4abb90dbcf1111111075cf7e814e6efb0","nonce":"11fde49869f0a0f13c03a5e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"b0cad977d82ea97ae4d5c649c732d4c5625adce438d744b3e83c95b0684ae9c49f10e3a66a4cd011057a4a10d5","nonce":"11fde49869f0a0f13c03a5e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"613cf332b82060e5e67b8cee18813080ab9b33894e07a841d764a608a7f686d2bdf94ea34d1855b767277c9ca6","nonce":"11fde49869f0a0f13c03a5e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"4fcadc7fea2af82857a75efe226c7c57e0bb22ac87e3fec175919182bb8c20ef5aec223642bbee7ed077a34fe8","nonce":"11fde49869f0a0f13c03a5e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"9772ddf96a046820f8daa619e6fadd46f73ec3dcd0e74cc9f8b4613fd18248e36513738c94962b0ea03a0cc1e9","nonce":"11fde49869f0a0f13c03a5e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"4550d027e1e8746304e4b30721e39101936001f8bfc45fe2ad2e1d2c1585fe75de9b0a403aff41c95504adabd2","nonce":"11fde49869f0a0f13c03a5e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"8dda8e7860288e0c1cb2f5ec03566a992e98028cfe80c3e46d4a22e5c4a4d55b38889dec86136d114ccf5d95c5","nonce":"11fde49869f0a0f13c03a5e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"a67b2deaf0f7f2ee88de50f232317ef29add278f6f9eb34f0e00fd5db3197286b8e9a42082958b5ffb52f5211c","nonce":"11fde49869f0a0f13c03a5e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"a82a238e324e4ff191aa03bcbabdacba0659f5ca63e9aa82982768de58e4116af794374089627fe455955680e9","nonce":"11fde49869f0a0f13c03a5fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"d8194800584b9dec0f6ff07231dcec579a591d2d17be106a7643203f791ab4e7306de005ea3637e75f4c33876c","nonce":"11fde49869f0a0f13c03a5fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"b306c14dfd268a87e370740187b7ecceea32838fd01efae822e21faaacd69538b7ac5f46558ca1f62e44e7035f","nonce":"11fde49869f0a0f13c03a5fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"0bd7215850d1b24eef26e75c0b0e6dee55244f6bfe9df1f9cffcde6af6bbca3f2ac758a11adba0ddc7a4aa2363","nonce":"11fde49869f0a0f13c03a5ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"7b1b65849fdc2de0cac24b79ec724940005b96167aa7e3d325ac6ea9fb9e2a0b0c7c080f8d8ac16c4d5ae0ed1c","nonce":"11fde49869f0a0f13c03a5f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"e6ca95ddc82ab9c8eac09261e3ddccf103e2a0cfeb432754a92265f61b313d39378e25ddf007cfa16ae5cc8a20","nonce":"11fde49869f0a0f13c03a5f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"08a40d6f5a5a90db47720900dfb5a17a5bba26b06931b06e2eb58c758888623458658dd197667926f0120eccfb","nonce":"11fde49869f0a0f13c03a5fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"01e92f5388f4308bd9d231a5b3e47b9026a2e064d395829a8dd3651d35647679c0bda8081a39e4d3fc9136c862","nonce":"11fde49869f0a0f13c03a5fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"482c7111e11bcfe147d98c58ea483f01dd62f036dc2a06524e83526e7759725b6509ec9bdd9a51bf20644e91c9","nonce":"11fde49869f0a0f13c03a5f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"95a75eb033d0de358d068a2c4a7bbf7e28bb0674a5d8befde23b20b682f4bb9021d462fde2ec18a60984a77339","nonce":"11fde49869f0a0f13c03a5f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"a73d658a4ba186885f321620a22a5af4a9358a395d08a87cb63ed0e9236535c9417aff6d574f3202c70754c442","nonce":"11fde49869f0a0f13c03a5f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"f538bc3958920dd456b26b0ead23232b9bd371ff27c4297e77921017c15cc0fd3d982ca05664a767178e273711","nonce":"11fde49869f0a0f13c03a5f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"5a81895f1d2c03478f4b2aad9a1da8d1d27200d849e2a7dff7a3069ed000ceaaae40d7e8f8535c55bf346ae2fd","nonce":"11fde49869f0a0f13c03a5f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"ed907849936ce52003d50d172baf3418a3f5ef67aec656f31c595972e89f2d1a166273760847422045fe743f0b","nonce":"11fde49869f0a0f13c03a5f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"5a1933acf2db44a433e8d5e95c4bf8fdc07a26e38bd2fed184cbbf3bc2277ea1cb1cd654128ce46b8139e5b0e7","nonce":"11fde49869f0a0f13c03a5f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"c6a9ffce205676c948a3f40a1aa1f013b3e79bca7819b53eeb6c0b507ede7a6ebab55f006fc2f00e7c6f0e2322","nonce":"11fde49869f0a0f13c03a5f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"de3927a3f70cf01157c59b58aade660fdf15d1da47a9b34ff39fb87bb6b63140c0d9a550eade0f3f5138896e01","nonce":"11fde49869f0a0f13c03a5cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"96f9721c87f053800f649f142647663a7c567c4c47003a6c76598dffd70f7e5a0eea0313970235de2ee1a5f26b","nonce":"11fde49869f0a0f13c03a5cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"f7e65e81fb4df1d86fb1829a3d7d7bc61599cb8c780cca03fe7202fc6f2acfa43cb6af72eed6ff22b3cddf232e","nonce":"11fde49869f0a0f13c03a5ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"79a5f5d6ea5f03d104d925f076985317c2867f7b58940c68c757d9b4101f59064d79317bbe1e3956ef8c4fdcdd","nonce":"11fde49869f0a0f13c03a5cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"d08ee89242d21d258f87055d49a45896bec27e92d862f5a7f71d161cf532a199474545e56bad54849f71ec94e0","nonce":"11fde49869f0a0f13c03a5c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"9ec299563bfc3f4995d95cfeef841272554a2b8cbfddd2bd85a49d54d775de33a1d12f7dcde520c22845f24276","nonce":"11fde49869f0a0f13c03a5c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"b8c03c2c22e32c05edaba93465c7042cf1fe408fa45319f88c9ef98e16a81640ea6a4e83bf189c7eb119c29b3f","nonce":"11fde49869f0a0f13c03a5ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"1ed1a67920dfe11876b0493a10dd537148bcc6d76d2e8fc963c40781388f72d3a906acff5eb6a19840b5f33d25","nonce":"11fde49869f0a0f13c03a5cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"19ea7daa479539b4bfc26bff4f37c7cef83d29c6718746c622f7b5293b4cc03ac2520a5679da6e3cd58bf7428d","nonce":"11fde49869f0a0f13c03a5c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"d47a424a4e1b75e2b9120e8ccddd0f807d07e713c1f23e9dde35988c3d92f67d3147c0cc97013d775ab7370c12","nonce":"11fde49869f0a0f13c03a5c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"a7cdeccdf5c85fed3b96e19ac43c3dceffd9acea484fb909f64f68dd68e5696887e2386ea3cb55b56943c740dc","nonce":"11fde49869f0a0f13c03a5c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"714eaa2d2e5b4b638cb8373ec107f49c7329075a2f6c298ae79e0938579ae2a73d56d3057d7e164d139cfe9b44","nonce":"11fde49869f0a0f13c03a5c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"9894b0b02c9d1ac888ca939fe456553e396252fd5b38b3a07c02c10b22827c9ab0f1ffa6c5bd88bdc409195a58","nonce":"11fde49869f0a0f13c03a5c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"95f7a8e937793d95d5b45020314cd7caa666f98cee5785a798a667e0672678b17c8c325f36d9db6eb72188e9d7","nonce":"11fde49869f0a0f13c03a5c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"78dcdbf5a285d1055a4a986b8ff2e0f0f7c2e07ad2dae23e3e2657293803bb085c8feb3f642c2d986b14ce97f0","nonce":"11fde49869f0a0f13c03a5c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"fedfb4ae568a065c35be462febe5b8a0c7e84984c6b2b71a44e28d65f981be06d29a5dc13b3c9dfd2e242d2971","nonce":"11fde49869f0a0f13c03a5c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"6b306772130d0648038cfdb985da68df8383f399a34951ab9b763127dc4734f34a3a7d2628d39f861093366f54","nonce":"11fde49869f0a0f13c03a5dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"08e1ca6b78eeb1ac8659a7ad350ad1ab72d06150a78e135a67b6d5a8ad4e6f44c66f589ee334a22bb4f6abcdf1","nonce":"11fde49869f0a0f13c03a5dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"5d717f898fcd62d553b35c23503e271dc1477030b20b0bb130f74a859885946097d8dc61f5ae55e417b314eed6","nonce":"11fde49869f0a0f13c03a5de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"657aa483b0237b76da4370e0f7cf79295677761abf25655a67212bb757d069d1a37940e90cee15f725fadc1209","nonce":"11fde49869f0a0f13c03a5df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"8434f54a512b4203f3aea63b135286da313baf5f4ef7e2987e822f7319b75bff2b7122a4a0ce5d2504297a5348","nonce":"11fde49869f0a0f13c03a5d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"8074f66d5bfe2214bbac130c44997cebf76dc82556c1097c8519b5ab3da0337f59379c377bcae8a0b8fb89b22c","nonce":"11fde49869f0a0f13c03a5d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"b7c2d9a04d5ea7d44a87699da385902c93cad158a1efe3afa88fb7ef8ed01d4cfaa808c43378603959c57fa7f5","nonce":"11fde49869f0a0f13c03a5da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"6ddef5205a752b8352247bdc20e667c7a0f363c258ed0d3f46a186b1303fcde2c9465503c317fac16b4a7c2974","nonce":"11fde49869f0a0f13c03a5db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"f7fc34045b18ead4c82c2077591b5086b8058c1313858088af23fd4398aa1543ab5a55bef5e7aa7cc53c49a5a1","nonce":"11fde49869f0a0f13c03a5d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"c5f179981898f0777753b5facb630ebc99eb19504adc918c4e22680366c915df1135e0e3cabc58b18322e0fe35","nonce":"11fde49869f0a0f13c03a5d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"f2fe0d1156ccbc80311cb9dae7e8e6e54c3edaf16eae11c6d542852801e3fe66eaf065cbe85c0de688ac0365d1","nonce":"11fde49869f0a0f13c03a5d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"243245668e877b27bfffcfb364bd597540834977a3096720b4c2d11a97f6fece18978ff04101b844425cee4754","nonce":"11fde49869f0a0f13c03a5d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"b1367d146ecfc30c8485b6457d69f05845b607a046ae42a15a9fc5393236b0d86439295bf489f25c82010eeaed","nonce":"11fde49869f0a0f13c03a5d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"23a14d53134986867e7bed3101628f40791dcf2488e9ffcfd6e716f75b1509bcd1ff9ede3a9898f22ad4f2f356","nonce":"11fde49869f0a0f13c03a5d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"cdbb2914bd681bc5a852b241662a723c9b946ad5482101d4f3acaaf65842a4bb9537e665d42d037e3f8f0e906a","nonce":"11fde49869f0a0f13c03a5d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"67b9cc79da279c4d9660d6ae2e5935be8c82907de925aea6230b4f9fbb5f506932a3df17a1df4ecca4899aa12f","nonce":"11fde49869f0a0f13c03a5d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"510920448df79997eeee71ca63704cbde13dd1c4bd24e29927fb17813d08b1bb135e71326a388a3661c59b6e15","nonce":"11fde49869f0a0f13c03a52c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"7a2236ff2b6f9864f2ea83239f3105b2d6d579084321ea925c4736471eab10a4fc6bc8ba78b8aac910f0ce76f8","nonce":"11fde49869f0a0f13c03a52d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"59ced061348fc339c977a7435db2e0f5d32435344745c120c840891c192fcaa4c51ed51bed866cd3ae5d200a8e","nonce":"11fde49869f0a0f13c03a52e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"697f8c1e6e761f80022c40cffe213d0619964c704f5695235e2616e5dbaea029c8d23ac42e673f40ecfa2cba2e","nonce":"11fde49869f0a0f13c03a52f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"4c2ac1985d4cb4135f6ca534913c8b2ad608a6c7e1dc0feb1439798ef2984d6e75dad5fe2111a6a1347846a18b","nonce":"11fde49869f0a0f13c03a528","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"78e9cf97f89f8c47c088879540853f264ca07ef03b314f914b15fe639f5223aa670d7b9846557eebf1ca1f4a26","nonce":"11fde49869f0a0f13c03a529","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"c026853f4bcbe0454a982c1cce9ecb1bc22a5a4c79ef4ce268f0f8379bd0b429289e1a979aee671ef017859fd9","nonce":"11fde49869f0a0f13c03a52a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"182ff1b857893013758fbfbc410a50520adc4659ac60da295e4fd5cd3b12c7a12fa38f1e660017a3be02e3c3e6","nonce":"11fde49869f0a0f13c03a52b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"dfc08ebc7607c45db90c493091b811c5ff17a4cbbbdfc179031d8b928650620d3879e10213153e3a147a896f21","nonce":"11fde49869f0a0f13c03a524","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"75c69895226df72b0f21be35566a949ff0949591bd58c9f69eefded2c9e4c31f459e52e06531a7f178e3e55b4f","nonce":"11fde49869f0a0f13c03a525","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"7d7b6f44832c91166f305fc7855a680bf3a9b215f70bbc3072220d6310a48b3dba0cc601c22bc191a072cc3398","nonce":"11fde49869f0a0f13c03a526","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"b8010449112a5647ff9c0446e80d40b47efaf395872334f439c062df085b74b047edaa70ef29eae535c8e58bdb","nonce":"11fde49869f0a0f13c03a527","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"99f931367a8b50744ebaf82181b1809f4e3664187b7cc7272715a95159320e79236233e4eb478e5de22edf3f5c","nonce":"11fde49869f0a0f13c03a520","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"eee71e47231eceb546f495808142a72a4e2204f260a5fb2dfdbc29addd41af459c2e2def1b8c8d641ad5cc1c3a","nonce":"11fde49869f0a0f13c03a521","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"328e41fb3a1532612549ab716d51dcf91818e8670fefa4ddfdbcb5ea6a1aab3c9f08485a72085d415021d649d2","nonce":"11fde49869f0a0f13c03a522","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"3155294a2b886013133d67a8573804664a9d4d9f5ab4853423e44189915db1b9f6419a9c405fef82f0dd385740","nonce":"11fde49869f0a0f13c03a523","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"dece35c03e499d16497c49004fd6e86dea45b072a6f94c9ae23ffc8b3c58ea573fe5c356fa125367362febb3bb","nonce":"11fde49869f0a0f13c03a53c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"d30ff5b297b322cf22ffbb10fe744ec8ce57cd84f5fffe2c013866a614b19e3d6b6e393d9c949090b561955460","nonce":"11fde49869f0a0f13c03a53d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"c8a37a03fdfe41075fd9ae0190c227fcb9372965c6e806391ce177647bdca352136df01c1bade515534c321675","nonce":"11fde49869f0a0f13c03a53e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"776a521d589d903b606c334baffcbd124cf8b9ef794eaaf5e2f8d7f1b05617e256b747e657b62d66323ba92e85","nonce":"11fde49869f0a0f13c03a53f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"fd1dc396dd48d3ea0a97c85cd115c48b88f39df956f489c92afff4e0c6a07d5c378c61ce804f4f5741286d3594","nonce":"11fde49869f0a0f13c03a538","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"a76eb9e0e274177e3aa768699bda43f2e2c9949ee3804ad58135995226dd87fd30d4dfb88dab9cad44680d294a","nonce":"11fde49869f0a0f13c03a539","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"34d0f9defc8557e875868f09c7f158010e73e0a28e2059264c5bee92c919640af564d63d2cce1fd1d58268c9da","nonce":"11fde49869f0a0f13c03a53a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"4f9ddae96a7cbf178ed06e26f8d003deacc05282734149f3212ae725e2c2080adc11d13a4eb93b1f15d1206a58","nonce":"11fde49869f0a0f13c03a53b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"c580cac4e89e0008bdd3a28371158ec27f6035ec10a4f8e47428e9357072ee4c273b1d7724a4557766c7ef80f3","nonce":"11fde49869f0a0f13c03a534","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"1e54d38f723fd91cf8729b244dc1fd202b82cd25af4149b3fe227e88d9ad7d9814f583ec58e001c6fc5d55b4fb","nonce":"11fde49869f0a0f13c03a535","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"491bf63fc44487c759552bc3c72f7da1e8c8626c8d5d182f0252fedcf783a5a75a7ce1f1186c3e6eca1ef8fb12","nonce":"11fde49869f0a0f13c03a536","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"f8986054006ff7e9473bf4154d0ca26196bc96d74e82394ea63ce6f43106bf6438c4b17d87183d09943e05c205","nonce":"11fde49869f0a0f13c03a537","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"e2c47d66a302f16b6cb605c2ac8ce452cdae03fed25f9a3c20dd194c4b78b01f995e8cf63a840542e9154926b5","nonce":"11fde49869f0a0f13c03a530","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"84580406e9598b3cf8d8526ecc622a08561d6d41ccf9c8ad5aa77dbe16fa692626709f6514a297c1b67ea17dba","nonce":"11fde49869f0a0f13c03a531","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"0f3f44ab482229b5df819285dfda414af73d3757350cc65b6bff6046c140fe91b0dee47e97bcc5801e494e1e4a","nonce":"11fde49869f0a0f13c03a532","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"a21408283f6baac8829f49099ca11cf504442a9485b5473dc160766becf6183d41bdb4644d2a78f198695ff56c","nonce":"11fde49869f0a0f13c03a533","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"ada62eea033b9faa86c9eb01bb3bf9536a2e7c2310d2d6222c75a350f1107053bfe5aef07925ce64e04ea6ae8b","nonce":"11fde49869f0a0f13c03a50c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"d70076b035ac6816285ba7741b6ee0b0b92f01d4f1ba0484a1eb9540c4b753f408deff8d280b69540f05971c7f","nonce":"11fde49869f0a0f13c03a50d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"82e321be61069eb79e0a5d2b53f607b60a8148cd9d8251067775cb30d9dff9ab4f04ba66974c7c7cf2e51ca177","nonce":"11fde49869f0a0f13c03a50e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"7625e1f914447ce0d475c5f3ae17549499b1069f8098d3bef6b84b81edaa20a34e23bca4bb59b73e12a32ab665","nonce":"11fde49869f0a0f13c03a50f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"c20988ce3821cbbecbc638fc4b62bb78264be2375fbda37c4c62008f3a1b05996f83143c79da24085dc4821a98","nonce":"11fde49869f0a0f13c03a508","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"5eb72529a948495161e5a14d51f401d6e550bdfadbc107129eb627a017c49448ba154a145d079364d3416e99c3","nonce":"11fde49869f0a0f13c03a509","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"af281d83d17f8b4caa65ecaa28825f780e7885de38e59568311c4124140485bd5b41635c43cb4002a816910e08","nonce":"11fde49869f0a0f13c03a50a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"27d87a4430224358e78dfca0dc295edc75175a5c1f78dda2b2a1938d5a6796dd442eaf3654dceef153748e7b4e","nonce":"11fde49869f0a0f13c03a50b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"7d4999b0fd82b6885ae87b5a0bd84ae4333a79f92105f61e09f3b6293be29cfc7aee8312d2330a16726fe5cb2e","nonce":"11fde49869f0a0f13c03a504","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"48e4faa20bad51f6eb65328072902c81f300c37a98819319cdf975b73d3afe546edbc2ab0eb28680cfb574a732","nonce":"11fde49869f0a0f13c03a505","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"8c7901867c294db81f5f8363d3b0118a1633b8997653980361873dd70f002566b0db4e2f29e461f1e2c6402983","nonce":"11fde49869f0a0f13c03a506","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"2624f5a493e84b537b3786fcf436f10e5c6c8ebc43a7b1651f7fb567357d48b02e6ed48ca81595d54d0c08ac41","nonce":"11fde49869f0a0f13c03a507","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"a45b7bd1ab8b6cf4c7e34f2c7d3cb22cf42a7f985546bc9f429a342554a134ce456c5cd9ebbfffc84d5f0bd842","nonce":"11fde49869f0a0f13c03a500","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"8696caeff47d47a12cac815eefebf1696c6302fa91a4f8f7aae1b8689ff7662cbd03275dde3eb428526db85b55","nonce":"11fde49869f0a0f13c03a501","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"65aa7e4ab3324a42214240ae86bedec9344d4bc82aeaca66144a071337a99f5dc3cd0578ff06348a4922d21503","nonce":"11fde49869f0a0f13c03a502","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"c08b593df6ad8655b0e185f0e8098b829875b104ad399207e2f87b7412342a04f7e6b55c88c1b63ed5438820a4","nonce":"11fde49869f0a0f13c03a503","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"f0fbdf61c64527a16971011fe1437866c7cfdf83febeb9d36c48fc33d21370f1b130d7b6c8899c357aac195a86","nonce":"11fde49869f0a0f13c03a51c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"2ebabf811c4d6dcc56c375864ab6a6c8e18a7b7f1072f40e505f1136a7561af8a86926d5b9251c21356ba1e5e6","nonce":"11fde49869f0a0f13c03a51d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"775fa4457d12b972fff2b2e52b38348d41eab9b0aacf43317615037a304c2141bb115ecf625cfbe3416924c0d0","nonce":"11fde49869f0a0f13c03a51e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"d45c8bd59cf088a9e74ea174323d4b67f9093afd8813214adc8779836951c302e1be6c8f8c6774d717d4d4b8fe","nonce":"11fde49869f0a0f13c03a51f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"f9794c2922edc2cbe4067648729f694498bd8749a6798211f5fb5289f7f701f880cb03c2e08155c1dc4e7e9a1e","nonce":"11fde49869f0a0f13c03a518","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"d7b54d394b4d1928a872128370953d03edc3f23b75d650ae8d3c867421d780fd5d6929a3b8683cf0e5c0823bbe","nonce":"11fde49869f0a0f13c03a519","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"8bdf67fc6a03e136c6c11186ea6a9acb23de8a3b18f48e9f29176c3f4cded2085713e9b47dbdcf81b4e7951c7d","nonce":"11fde49869f0a0f13c03a51a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"08a7aebd837ff2b738d0f49a206693fe2aa58d81630e487002c5be7407d9a9b6098804ecdf3ae167ebfb1b7866","nonce":"11fde49869f0a0f13c03a51b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"690dab21ce66272b478632fe383a0f0ecc734e5a7a339071f68234b0687ca81b6a852996963d427841e28fb4df","nonce":"11fde49869f0a0f13c03a514","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"be496350aa86905d3ec1be0be5f59ed9719f54659254eef1453eaa9d304c53fa9092670e30ca4139be5cc611e7","nonce":"11fde49869f0a0f13c03a515","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"f1692fb2cf00a999478d4864e4f0cf92e570a64afb7e13ee5fe18eb23c6184dd7575ce1a9fbf6c1dc8bfd17806","nonce":"11fde49869f0a0f13c03a516","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"cab65008fee250d2406a33da49e5b38b93933d78047cc7b98d9b36fc9c5c0a461609e40b58c7ac7532558e2cad","nonce":"11fde49869f0a0f13c03a517","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"bd06e65cfaa74f3c946930de15d89b9364cad353b2065fe3011865e1366c6c3511ba889eccfaf58a4edc52e20b","nonce":"11fde49869f0a0f13c03a510","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"5b397258c6b4437358fe26adeb5718bb538e3fad5572c30483be904c809831856afb1039f680731ab86dcc7d1c","nonce":"11fde49869f0a0f13c03a511","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"9964474b73d34f63799b775aa0cec6cc8acd550361afe9651877ded89aea3d63df68291fb928a279aadba7b30b","nonce":"11fde49869f0a0f13c03a512","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"452801ead11326d6552dd0bae38b927ea16cc0dc0993c3e38922ecdb9b66565f447090fd884c419e367cc3a60c","nonce":"11fde49869f0a0f13c03a513","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"0b4b4394b33aecdef02e2940dbcf8edc18d19a1d80a2f38ecf10acfa7913c986d85fe043bcb0dfbf34d41f9d37","nonce":"11fde49869f0a0f13c03a56c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"92d0ec8adcaf849d72b578f9095d7adb84fcdf901d738a67423482a4b40f569b120d0899a8d74eed7f70844073","nonce":"11fde49869f0a0f13c03a56d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"ebc97185314c79e9f790ad2bef25be055755d530ee5dd8359d6b38f6b82e50f62e10b649d82ce257b1aa32d061","nonce":"11fde49869f0a0f13c03a56e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"04c8aa01d7db454f120f0f4d03cd0fefda0c201716dc559087898d378de42ad91e84d92f02955a70fc1745e792","nonce":"11fde49869f0a0f13c03a56f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"0ed2158817071d9e39f0f8c24acc24ddcbbb7099354331226035f8e76fdb87329e2a9fad15b4ae34e5e560ebbd","nonce":"11fde49869f0a0f13c03a568","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"2f922a4588d2fdd9e6428955372a22c15794ba56042432d0676a34ffcf6db58ffbd6736b0404b681702381f450","nonce":"11fde49869f0a0f13c03a569","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"a98ce07899fe2a5f52d1db2fea03e435e32d5b5bac94c9bd52b95b3a335e0ad213a16338936f64dc61ab36d3e8","nonce":"11fde49869f0a0f13c03a56a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"b368faeb73730ab875b2f721157ab686f9e07a97a2362a576402d11538d99baa8b5ea427bdba8673b13ea6737c","nonce":"11fde49869f0a0f13c03a56b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"3202ad92b387babfa37445920850005ab811c3095ae459ecb1e7b89029098cc44b064f6e17bbc0e2e01cb3d4c2","nonce":"11fde49869f0a0f13c03a564","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"8629818d562bf43988a0dd5a4a41724ee3565eeb1013b970963ec4eb759c671b4f6fbb2e2dc573a011a08375f5","nonce":"11fde49869f0a0f13c03a565","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"7bba7702272a9438c348e80b6a12110d98db80d21411e1b3e549496ad5ec6fcc469c9572dc119338cb24360b7f","nonce":"11fde49869f0a0f13c03a566","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"9b561b72b95dbb1b9126fc61fe5b71055303f21ba0051a7c23be8e68721c6931b4a681fa18dba6bb5a6e5f9f93","nonce":"11fde49869f0a0f13c03a567","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"d7fd2dcbd7d9e41afce2c0605279460b2d4b29ff28f57270cba5de24a55659cd4b50e26c59ae4fdd9ecb505255","nonce":"11fde49869f0a0f13c03a560","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"e452e58f3445944599c2ace16f3788edb46cbecc2cebd8bb4a6354ff566351039faa74c0e9bda401444dc31f59","nonce":"11fde49869f0a0f13c03a561","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"02caca9341ff00a37948bde7c635127a4652c75471d1d05ebb35101a2b78775580305af302bc76b4c8268d0266","nonce":"11fde49869f0a0f13c03a562","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"8f8f6d3b48c837022a981e5a9a1ff763e712c03a099c08d9f7dbd779e41ff19f123462cfef1cbe287204f6728d","nonce":"11fde49869f0a0f13c03a563","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"9e8bcf7a05d2d1c5bdf9cf0faffb083384b1a445d95f06056e86d828f2f5fc2770c0bb5050e3c9a3ab15e634b4","nonce":"11fde49869f0a0f13c03a57c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"a18907e1d53def4a758766d2c1ae4794823a7bc38cf6cb68021b30f45de553b48b6bc2f450562d9498aca3842a","nonce":"11fde49869f0a0f13c03a57d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"413c62982214a397fc73b516d64c5c0e1092c2e2e96b8c00d8bbf1b224f1463d5e5b74e2e90de04b28b73e9206","nonce":"11fde49869f0a0f13c03a57e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"af85d99d180c067dd7811406113b9d94c8e871468bc3ba603c4c35877e71f67e87231b9af52447a01d3bb9a3ee","nonce":"11fde49869f0a0f13c03a57f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"af71597ccc63db7f28a6ec9c75eaf1bdcba6e773beaade98f1cf0270bace191aad562c1e65d6f6fd5748ceaaf0","nonce":"11fde49869f0a0f13c03a578","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"896190b2e3c996e49270626680881ffea03509946487d544c98664ecb1d3ad6ea020ccf3a8077d6b26b0bd284e","nonce":"11fde49869f0a0f13c03a579","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"f5934e7664f21da135733f66fd97c2256d1e88fb4f30887b600e1ecfa186c750b7d896a0fb06be64499add9e01","nonce":"11fde49869f0a0f13c03a57a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"78e2afcd471b1aef9923f84426de3943bbf402485de91275d773d72398ab3133e6f90be766bf42feed8dc38a78","nonce":"11fde49869f0a0f13c03a57b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"4ae50c636d91cbcbc5527cd3aa4d5231499b542d1cc841df798f05e1a896674473597f632fcdbf618f012189b3","nonce":"11fde49869f0a0f13c03a574","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"93283c0701eee4eda5d850b9268c7c5eb3993fcb24b8c8c18c24966c503cba0351a20d722b123590724611c14e","nonce":"11fde49869f0a0f13c03a575","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"4b268d2c2f003fea58bb722363c65880b1d5bb16ca8744fffbd0a13ab78af294c7acd84fdc4e4cf7b2ba3890fe","nonce":"11fde49869f0a0f13c03a576","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"1a3db0665deb57f853f9a1b66fb41ebe329f2681113b4e4fc72e7adc31e29d93803b1508f110aaf1364394ee93","nonce":"11fde49869f0a0f13c03a577","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"5077a9b135f018e00ac9070a4b883657833e908c6fa1134f107ec438b340fc350654fc6556b5776ee30295ade3","nonce":"11fde49869f0a0f13c03a570","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"1f74b9d71fd022a2db39050077e118732c19fdd17d28ada3fd686370e1ed6575a45f52f24dced168c5dadb197c","nonce":"11fde49869f0a0f13c03a571","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"ace6e186367a71dc99930f8644391b6c0065e38acc21c2ef6cd3a7522e8dd14d4066e466c06d08c0664cc00a12","nonce":"11fde49869f0a0f13c03a572","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"e68461ab6e04a7d704c4c994b5a614a9b01e0591f27d4f4eb5935dcce02ccf74433e9b77d61e24a6615f9df920","nonce":"11fde49869f0a0f13c03a573","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"869c1247ba53bb92b236a55c237b6c7de42e0cbdafe3ef1c022f29a08e93905d922d20bec0463baa6c1a7f3fc9","nonce":"11fde49869f0a0f13c03a54c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"3362af11124b25f97b7d460b1399ec52ec90ef257b47cae7daa0b3e06bbf778d517822991f7c8cdb649fdea613","nonce":"11fde49869f0a0f13c03a54d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"b00a3d09220864a4734df75f7fe0fe50c5146405e0216cef5339964e5da47dcaa28e4503d2e87704a4f7d9d566","nonce":"11fde49869f0a0f13c03a54e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"d9d9b5eb0f4bfa153812c252fbbcd8b2e8fe8d54cd0547c7e9f643eaa0838fba31fd74543de155afcfc0b447c9","nonce":"11fde49869f0a0f13c03a54f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"5e32fa2a9c82d022792eaeea8bed8f208fedc60281337de7e18d241823177bd67c4a0af78737c7424f9f0a9f09","nonce":"11fde49869f0a0f13c03a548","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"6530532a2be5e4b642e3fe0020ea1b30ffa35a49f9778404af0fee1e8e737bb52260906cfff054a8a4ef189ac3","nonce":"11fde49869f0a0f13c03a549","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"cec137d8c159d73ad554065496dab3fd2ecc1a55e39b7f9ad2e6d483e7e876aed08e4312a3a8ad2192148d65b4","nonce":"11fde49869f0a0f13c03a54a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"d6806562205ade1bf08ccbc197b90465ac4e5f2f55b6636c987cd52e73ac6d5107f3075e05adb67a57148272c8","nonce":"11fde49869f0a0f13c03a54b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"b5b36db7b648b10572fb6bbe878cec538eab3039d2549f0069adc9755cc320e8881368a351740fd42c03419631","nonce":"11fde49869f0a0f13c03a544","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"c421311f7110418b187307acf496ff0607987a6426f575ac473690957fdf6b84eab8081ebd3ebb0b6e3cbb94af","nonce":"11fde49869f0a0f13c03a545","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"7e9f5212e305cf3a0ae295e84df5d5f065ad6affbdc3ce25b7ac54ab8b3006fd9afbd28d47a936992943e40e8d","nonce":"11fde49869f0a0f13c03a546","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"bbd55997b51f3fb91cf2a74b8a5cf4cf314408ce6edd0291e6901a4f83278ce13d6d2c3c051d17b67b731b5aa5","nonce":"11fde49869f0a0f13c03a547","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"8da7b6f7baaedc53764c176162be4da26117b200d60e97af33e451c995b147a50b2c1f142fe2b95fca904badc8","nonce":"11fde49869f0a0f13c03a540","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"1a20f814901d96a0ac62616e90e3c41c8406e5697c1dc291445b08cb955ea3f3a7f870724ca2a38571496cf038","nonce":"11fde49869f0a0f13c03a541","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"f134e421dc817d0881afd334d0927719cb59488a130edd2312a0ee9a8ff0bc38aeee2ee7704002df1ba58943e2","nonce":"11fde49869f0a0f13c03a542","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"a9143c2a2605f6eb6b1ff62baeadfdc8be9288f4b8145bd19bff61fa6ccb5b6ce6775d3fde9c27c903d0928329","nonce":"11fde49869f0a0f13c03a543","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"ef531e4a64eae8687bdb2ad2d1f6d34fcf37389395488f23b38f0aa7485561feab485ea13f643d46776a334d0c","nonce":"11fde49869f0a0f13c03a55c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"ea4bff7417dc1887c841920dc118e0d935880469c6bf040c0cab6f3c8ce0583e928fdb97e4d5da8d2bba7d5baf","nonce":"11fde49869f0a0f13c03a55d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"ec94b6d1c28ac58a873ec0258b49723d563ed6505efee8c0966ae40a66fef80a1a05c2fbb4e9bc713a3dd5d62c","nonce":"11fde49869f0a0f13c03a55e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"f5125c0b5e25ef1317d654770f4baabbf57138de9f94fff4f5622d926c112b55cb79c7860b247fc49d3f379e92","nonce":"11fde49869f0a0f13c03a55f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"ab6903c6baa0a5c0ae12ba811b9421d59fd9ad741b0d2d50863d8a6b7ace8bf6560a42a207f69f7bc72a39a6fd","nonce":"11fde49869f0a0f13c03a558","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"4e5187b4c86167f62d16f46e5a93bff004a8bab04096fc63954ac56669fb13222345e95ecf42acce214ca2b571","nonce":"11fde49869f0a0f13c03a559","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"7816f19d0a6591d175cd3538b929696cf8c5b459fcee9c894c90a7108480cda4f47f306dce272dd55d319a880c","nonce":"11fde49869f0a0f13c03a55a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"40e4665e0f321577c904bcbc24d947f9776837b59a06d81a2ae4721493cdf5e24bd3076c8d2a9af8a9d5028a92","nonce":"11fde49869f0a0f13c03a55b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"930915feba41e5a2fea72697cb32d77f4c1a81c668d8bc04797a03c2540c250f28f282800c11e6a7d5b39d87d1","nonce":"11fde49869f0a0f13c03a554","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"cc3930879a2153a3a14c4f497e3e70ef472ae4ed2c6399350beb3d641d1d2be57cb9937f31ef3ecaecbeb1ed34","nonce":"11fde49869f0a0f13c03a555","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"0778debb19b1230b9c0820c1735b8e1787a5a9be6a8dfdfc4e7da71395c406b89128e8ec1e019940328a7ce4ca","nonce":"11fde49869f0a0f13c03a556","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"56f5376411c00cff87e654ee99cb9c3800fc7b3258c8deebcc5b056a814c947ded8e98ce58187dd765bbf40ede","nonce":"11fde49869f0a0f13c03a557","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"dc2eecebe9e40c5f707136129f67226a8ab440a4a6b69ee2fcb33036d7be658387850f0a1bb5c8190c77eb582a","nonce":"11fde49869f0a0f13c03a550","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"f7dd0d9582f8a0807627ebbc895af0624d35cfb164be1eef38594e313c21702b32b6f1d561d02cf014fa102f44","nonce":"11fde49869f0a0f13c03a551","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"4a88ca47a62b65df535ec1ab4bcdde9b6b2ec6af0e615f09cdd5de5be8a9071baa2da0b0f5aa2361e325115cfd","nonce":"11fde49869f0a0f13c03a552","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"fea31f07c1aa21f6707c50059647e1a41a052807f94e30dd22448464674477872e84ef2424d60e634175cd5255","nonce":"11fde49869f0a0f13c03a553","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"ca14250b8819cd91833ea7591255bfbb5e8a5577385ab2899671465fa334f20011825e94915ba1dffd5d5f6342","nonce":"11fde49869f0a0f13c03a4ac","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"bbea25555d382e1285b49b5fb896b35c29c92a53d70c215b411f715772a463b3"},{"exporter_context":"00","L":32,"exported_value":"c23bb3b009684c7d745933c433a7303638fb80b07a41c3e667932f2c4dc7c78a"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"5781eb8582c3617ccad506776e961a8870fcc7218839b928cece508d956f4fc4"}]},{"mode":3,"kem_id":33,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"c0a319e88cd40381c1bb9cdd3c74c2ac40e9a023133997376180c2a6241f911fb7b8b69b6798362696bbfcbd9f9a399c73643d030f870314","ikmS":"d75d9c34fa4ed1fbff2a24b2fc1d0014c46691dce7dfb3d4fe403825bf1f1d5cbb9cbafdf328bd90a48a6dd01f1b67f5beabdcc16765b394","ikmE":"a87407737c19509698b4f32b2c71843b7c461b667df620053c2daf965bda1850439af9e9554bf7be5e27e9318dccfeaf4459a7163bf0ea41","skRm":"3686635799e49ee07e962469aaa246deb3332aee2e848470cac2be96cae194ef96e484d93f12942e8b240a6b95b9f7673308891053e17a99","skSm":"c1c4dd5e6c82fccf5e542d68861c7994282c186ed1396232b927206a075583bc46db587d3e8f429619d3e7fed5d44ab794a7ff8226ccf1e7","skEm":"54b703b618635120cc1aed0015910c09a7b3ff1c75f49dc03210e25f9cd72ef3d123aae26bae960b4d5245c63ec8e1ff5261552668ecb4fc","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"2798eb814338c87e14b856ca47f3f3d6ec953be4835c6c8c4e0b651e431769405370c74051201f0f44f1d74c502902a7571626c53a620495","pkSm":"bef0ae8d22fd4f7bc978a07b4561ff9b26e48cb109f1137f5da08c46b99fbdd814d66cd449740b9d088ca47b9297d92c4f72656476c7701a","pkEm":"cbc1f684ca4213d3589800116ff1bfa72e22f3076f7292e1295b8f98a0cc2adeb65b61c5aaf016e3b3f51ff6964f952857cce1aa6e1ef7cc","enc":"cbc1f684ca4213d3589800116ff1bfa72e22f3076f7292e1295b8f98a0cc2adeb65b61c5aaf016e3b3f51ff6964f952857cce1aa6e1ef7cc","shared_secret":"3c32430c641185e09a591d232db99c7c78a5a73899be31e47377a0bd0951feb0e74b83c570cce6f17a9370d21c80b802d87227bb6cf83592143fd9aca30de9c9","key_schedule_context":"037d7450e446db15884bc2ae4ec24768fd9f2ee0af660c339d91d6a4d54834361239b47ef10fef9d74124a76b6079f61957d5b791d37ce9aa2fa2a910a7e47ca58","secret":"7a56f12ce25b4134435a97de25971bf027847d7a6d1bd16afb6ffa5468f89e95","key":"5281a6c2efbb56b2f7241ed4285fe9ea0fca2fa50b580889cfe9a9fc65195bf9","base_nonce":"dbd4628be6344767aa2831be","exporter_secret":"483c6dfe9690d9f8de1ff3a643f76d206e893ff5ff4619ca9ac5dfc71c502cdf","encryptions":[{"aad":"436f756e742d30","ct":"da45e62c0c80c452b5905012bfe4163fa8634f4a7cb109f34a567d403ba21f352739fde4967f07e735c28e943c","nonce":"dbd4628be6344767aa2831be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"f8b774004602a9ad544203c63adee6c5e07cd5316b3f24a741b3be18621359c8a8743e9b78c89b0c6f419dbd22","nonce":"dbd4628be6344767aa2831bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"ee781a073427e3acae31acab1f486dc5d1c91ab762f8ede647c7f274f45602d02a5d5bcccecdf51cdf085f0f7f","nonce":"dbd4628be6344767aa2831bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"e040cce74457faa842b9730f77df2cea66397629cd0d386685c6cec044f169bd55c5d6ee18a76b3b0da25ab73a","nonce":"dbd4628be6344767aa2831bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"be515263881aacd429145cc56526a2dd2d290040cba88b832e4d253fcc4cae519fec9a6d7dad989ddf2bdb044c","nonce":"dbd4628be6344767aa2831ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"b17ee3b28e5c8a34f2c73efaab1a7ff5e2560e05a42bc38a6fb20f821ea2466f3a8f4a69b4598a84c9c9cfa33b","nonce":"dbd4628be6344767aa2831bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"1e400840047b721d4d9accf2f34f87bfa84fc11ad881333d06febd10298d80ba83dd8c812dd7bea72f86a9f160","nonce":"dbd4628be6344767aa2831b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"378c6a34ea7234d7a3acc19ff128f4b75989065b6f4fb879b504d98b569d7aaa765ea2334d489c1a852eff4bff","nonce":"dbd4628be6344767aa2831b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"13263f59ecb3ae7559c50af1041a5f064f8031ef16a4d0d5f25f362477cf191dbbf0cbbc9b1bd1400547264d7c","nonce":"dbd4628be6344767aa2831b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"27a42234319e6565b78c295ed2b35bca29c7a7f39ed21669492d1c676f0eb3ebc25a61c98ef27a7fe782ce9c50","nonce":"dbd4628be6344767aa2831b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"4ce80e8781f10d0bfa6574a9fb6ff481e07b9817d76b3578202aa4bd7b0ea5c6337a29ae77da5e65e7fef1922a","nonce":"dbd4628be6344767aa2831b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"d78abad1a47f841d11922edde1e243af4a7d32c7edcf9779336d73b71b96a912e8c3c188e1ba4257370c8072e4","nonce":"dbd4628be6344767aa2831b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"e14291ee31907a864bd8382438a6e9782e8b4baabc34c6abfaa8cf7c4d1babf017108e9f671b471bc555f70811","nonce":"dbd4628be6344767aa2831b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"5b2a1642394e14b1de418e4c850514cd2f241e0447b287b1ee8323487cd242814caf152700629104375199da1f","nonce":"dbd4628be6344767aa2831b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"af7e5d39b0b3d941bafd25309e455a813b67c382dd388bcd16b22b73bf67b98b594abfd35ed7ee3736ab50f5c7","nonce":"dbd4628be6344767aa2831b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"7ce78b9901ed5406ab88b4ee87b5f529b6378e401a997d4f9b8940e834158242eeb95f2e65b10fa53f64b30061","nonce":"dbd4628be6344767aa2831b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"b12ab8387c1f490f474fab19d735703d29af7c02d460f61e3cc835a9a74e7e4e1539aaacdb2012a1311b426640","nonce":"dbd4628be6344767aa2831ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"bda9a811bf25a166ac1084ca9d85159bb752e7ff613c26aeaced94a5cf155019c98023be784c0c17cd03ba4541","nonce":"dbd4628be6344767aa2831af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"2710f51e37d2c133043ea112c6f8b0aadd32c379e8fa19a56bbc5c6c52816b07bbbbca33c748108bc28e76544f","nonce":"dbd4628be6344767aa2831ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"ffd0e175e6f6ce9f1843f78d194d452abf91ae9e7d9eeeee3c0c9ab4ce741e6657e9e30100159fe64d4f47ccf5","nonce":"dbd4628be6344767aa2831ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"0dca663c70914e3a3a83d08e8f442a81b52c6c11564d5208cf053f9e66aa64933119681b2bdfc4aee701c003a2","nonce":"dbd4628be6344767aa2831aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"86cf450b25b879a1813fb94c13a4e1794a4f6c2fb44ec4b93f3257d3932a63bc010bf7f592384e7df8d8cf7fcb","nonce":"dbd4628be6344767aa2831ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"512936573da053fc91a68ed1d5f8373d33e7474cc17e98e86bda9084898976bc4ca25f6d21fd348d4cc3fbad81","nonce":"dbd4628be6344767aa2831a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"e35b8fca20b9c11607e1e0aa1388b191855d8cc8541e437d89c3304f64c738fdc66200213d9958972dda0f5d08","nonce":"dbd4628be6344767aa2831a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"6d8eb39a5a2e15f42b50ab4398f353351ea316fbd55d8dc2e1f4d36de48217650640d9b10d13273b825022f819","nonce":"dbd4628be6344767aa2831a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"917d864c34880cae590e397cd50ca0b1c63a48769124ac91ecf1cd90740239709daf8b04a2cb11884c372c5bec","nonce":"dbd4628be6344767aa2831a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"647af48f6b6b5cfe2fe6c373e1e1cf449720f1c1dacb0e0f1d15010f698520f9352be36a9ba5ff9fa7597fa881","nonce":"dbd4628be6344767aa2831a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"ca000d8640292fac252f043e42c02d9bea99b76b1a90dfec8cb0770dfb9c494b894b0f2aee01bd279d9585d917","nonce":"dbd4628be6344767aa2831a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"ae238a807b49402ffda3bd126d439a29390c17ad1ceb8c22f93ac50cd8d4899d220ce336b3d2d704ab1a12e50a","nonce":"dbd4628be6344767aa2831a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"6214a52d4c6500f521616f401f9883e9e2f57dccce17ce57b8c1745167715240a593ebb6f39026ef703fd2bb6b","nonce":"dbd4628be6344767aa2831a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"bffa8cb1f6f50469df3b93da74c8ae184ffa55500e9ad5e96bad48e9f03bd99ad3b0d188ad771270b310ccaf4f","nonce":"dbd4628be6344767aa2831a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"b8de221ddded92a6a3ea54310e34cdb9649cbe063ff9cd275ed8ecfc2efd50c360bc3b02d138d4a20c091bbe24","nonce":"dbd4628be6344767aa2831a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"b1fb0a0f8a9a5edef60e16eddcc3279485acb74615e4789d4f07c5cf3a197377d4e6e91a42493afd1adb2602b3","nonce":"dbd4628be6344767aa28319e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"71c7eef17f2f2e9281a14a1db87094d06492bd2d7895463ef3a3a85e1d848e22ee9272c1f95f1ceb6dd8796a83","nonce":"dbd4628be6344767aa28319f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"d16fb9ae1f031cbe2031562e517b00ed5bba32c27e566663310eda0dca57e0af3ab1c659ec42bc16b2c16e38d6","nonce":"dbd4628be6344767aa28319c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"6515b9329b33e76c45b8fbd273bdc24a0906bcf47bda8160886391f43b80895d074eee5623a009c98e5352b440","nonce":"dbd4628be6344767aa28319d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"c0d2475388cc48b72b35510990b6924ba3ff70cbcc98d53e349d5563f3b301d0a7b7e8ac120e4e67b0712c1155","nonce":"dbd4628be6344767aa28319a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"0a7d131058ad5e16625fb85b746481ab316672c87cfed2f179013c11e5bd51040e7a512e33c2205b70142aa5d4","nonce":"dbd4628be6344767aa28319b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"468baddfd25ea14bee0e55a3c0b9a41651768b415d563fd9fc5a1d69976e36037be30e5fc9cc20b363a31b3afb","nonce":"dbd4628be6344767aa283198","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"384c2e7641f20ac1b9b4c4bc06c3d0ca1423ee03de08b0e9da6ea881233c241cd30dbaf6bc5734ef2f2a6f4232","nonce":"dbd4628be6344767aa283199","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"6f7c2cdd8cb16539ed30ab65d52d442e2d55e806d1cedba50839c60f8d9a9c1164c596a48c404e1245876ce5f3","nonce":"dbd4628be6344767aa283196","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"cd03c054d824b71e0b546cd634b71fa0437d26c1230b83baa8977fd26401bd312dd5cb4f845da8fdbd7204006a","nonce":"dbd4628be6344767aa283197","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"c7a4b0095add14ea275fd7458a31a2d0044e94e2e7b5df2a1390e5150cc686d86c979aa756f522a6fb8e4a1984","nonce":"dbd4628be6344767aa283194","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"6558dd10dad5d904690ec427d6cf690b0b05c502d2b20b5d3f5287faac9fef258f0d8844fa4dfcab3fcdf08d64","nonce":"dbd4628be6344767aa283195","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"8d00654b02a466a4c3aeccde0431c461312cbdf6ee5937a5b74daac8b42a9d6506afc0cf101c05db9828e06370","nonce":"dbd4628be6344767aa283192","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"b6149c61c010e3307d123c78283fba8e5c77ac545ec62060d26a733dab3b794045c4545b1c9f4517bd147b2cd3","nonce":"dbd4628be6344767aa283193","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"06ab2644c7f2c5412162bc090d544504604d335a2c5cdef9a51cb1197c5fa5aed26d9fad2f85aeb1ebeafed54e","nonce":"dbd4628be6344767aa283190","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"e31696cccddebd2b0d3c39cbe63ad3fc19e6381064683d8bffd2af5d8b71ce60cbea4c7db8a8f1e53322686330","nonce":"dbd4628be6344767aa283191","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"23a977be1e4d3d085403c2d0820fe63a8d66b7af5b7c39d41b97643d8b1db99788bfc41fdb1f595860eaae19a5","nonce":"dbd4628be6344767aa28318e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"1a94b95d0fbc7f45d82536263a7064e85ed12acc8330d7dd0bcfa0fbaf5540a105d870e849a7eb4842408a18ae","nonce":"dbd4628be6344767aa28318f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"247c1f19389e88bd913b6ab391fe62be6342455621909b105e6c9844589a94e8f8c9c1821f2eb28ca676f5fd45","nonce":"dbd4628be6344767aa28318c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"42ff309a9c409338e1f000ae15095a023f0db81b6542dcdfc8f1b5a7bac6326e7f31e9a0388108bf9443ee325b","nonce":"dbd4628be6344767aa28318d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"e150f3f2a9b3e0418b9e0d0349304bea148b37b1728fb9505e7438909d5eaab199bee2f9e0319b17a5addd7b45","nonce":"dbd4628be6344767aa28318a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"42d158693843ae12a6228726e038752e62fd0ffdf30beca8c024600ff13a88870f00650a9a56feff5497a3f8c2","nonce":"dbd4628be6344767aa28318b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"1a33e31c05f314b04612be663601013c41a65360f098356e98d4277762b1f743809281ebef1e6ab7c5d3ab3c20","nonce":"dbd4628be6344767aa283188","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"c202359fd38b79294e62cb341fe63aa2f2becd7337b80da6a8b9d8056efa7afb5cb133f13872ee25462dbe9d6b","nonce":"dbd4628be6344767aa283189","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"efc3943994aa79169bb48facfa8c4bb893af83d0a928604a64e61f7f5f5ffbd0a54d23c3bd654d9d4a418f1373","nonce":"dbd4628be6344767aa283186","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"9d5b0d2f3b4b7f88954b306c9d8ddcfd8924f528909c937b183deb5ee2a699b62f13115ab150c0242f21a65b71","nonce":"dbd4628be6344767aa283187","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"298999cc6eea2b277f65465de5576e07f9f40f095185092deefc61190911499e0a925aa07ab7f7c0aef5a9cf08","nonce":"dbd4628be6344767aa283184","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"519dd0a14f4aa33c61ac0b3a156b86a74fadb628726b848ced70646445b8dd5f417af920eb95e294ae895a466d","nonce":"dbd4628be6344767aa283185","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"2010ddcb53872648a21d4854ccf861051509c60599d24fb14b252bcec1ec59c51ef3d62491865d72b25e710d19","nonce":"dbd4628be6344767aa283182","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"d1966df907761b88421edda1fe3401ee581ed683bc31235fc45250b68ad3f898369e6b0487bf6d9f888eed9c69","nonce":"dbd4628be6344767aa283183","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"eec52624765334355dbad75f13423ea27200e4e930c49602e0aec379e163e30bd73fb04312da906f096a530c5f","nonce":"dbd4628be6344767aa283180","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"e03b74148babbc47de78761fae13faf5bfef3bbc63fa1c9c7c28ce431a3d291362714f3132a276259d41c36856","nonce":"dbd4628be6344767aa283181","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"e7ae88b4dca8a8242cbc7f9d102c9903fad4ca398dc72a622f6b6e4fcd668bf61ccc3f2a8da14f50e7f9c178a1","nonce":"dbd4628be6344767aa2831fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"356e283e0357eeb2637bce7c67e2cda10b9626bd4c995f76cea7629353173d54d695dd5d5727f21c123a18af7e","nonce":"dbd4628be6344767aa2831ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"62d3b4f2172f1b0fb3984f9d8516d40ea8bc6b9d8f5705f702a69281fafe04a591dd61a64d32551691140b0f6f","nonce":"dbd4628be6344767aa2831fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"766547aed0f5a61bac147ff25d2f65be9ac61ee25adba3f7463c92e37982681344b7587575b0ee4a0f5c5faa59","nonce":"dbd4628be6344767aa2831fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"b509265b6cc5ba87a3e188179ac4471b26a2e430f904ba61e7dbf30e8ff22012df8f6e042012d016a7f60ba9db","nonce":"dbd4628be6344767aa2831fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"e448a5c38c2befd9d07b3422d2476a67143ac25cedaac42dd15c3400784c77f8bb89f90a186aa85e9cbb8efe41","nonce":"dbd4628be6344767aa2831fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"51233233558365785674b33e88e9f3759f7898317d5d9a00e60bbfe0e74108328c1da088dba20e7878b8be9b4e","nonce":"dbd4628be6344767aa2831f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"2bf287c09bc25e793cc9db30e8ea79c430c53485badec335c348e57de94abf8fbc7aa0e6fed2ced7914ff47fa6","nonce":"dbd4628be6344767aa2831f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"0c3e1ba0c8d5af618464f165bfdbde8e12eb623214f1fc065d82657e8a3bf9a1172620fb8e674eef14f592bf61","nonce":"dbd4628be6344767aa2831f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"75ef42044b4d09b2949195f8fdd7709aa7dbfb2009fa24adf3e333dba813261bb07497565d702751448072f5b4","nonce":"dbd4628be6344767aa2831f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"493490bc21b4f088cbc3811780b16fd0c144abea0a1e5bfbee948b043d2701391b8a01ff8acfbd83402d4951b2","nonce":"dbd4628be6344767aa2831f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"257d1b1fc21b94454ef9f59833e93a4200e592494cf6a31e2a643a928d7c541264eb1f33a70c30b6d61427f819","nonce":"dbd4628be6344767aa2831f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"e54ad68e2d26cc046104b2b78e4ec0a061846d9ca4f28be79492a028e4b7d28408673d7636d2a4fb90c9971c81","nonce":"dbd4628be6344767aa2831f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"24dd8940c205606ab81650fba4aa91ec4ddc01c6e4a7a7eb12f8f91a56232ac31563f5608168ae2cb3da3723a7","nonce":"dbd4628be6344767aa2831f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"d41a8ce79d1eb58343258407b1489473b95afd540c8b73ab39fbf511cf783fa700745d90be45fb911fec394764","nonce":"dbd4628be6344767aa2831f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"b34d81d8845baa04ca910add4f2757d1e3550ea92fcd12a2b45145dd792675a71aa95f9da731e1b5424b84d753","nonce":"dbd4628be6344767aa2831f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"859a2b753a29f2c4267206471f211e11925f2bfb39ae2872d99fd4266b8256c9eb2ac0dc5528532355a196cef3","nonce":"dbd4628be6344767aa2831ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"5084e3b6ee2cf52cfa7e8f8010bf280d3f30c3fcfa2aae16c6976c18c40d7c48554e2de66ec7de8a1448face1f","nonce":"dbd4628be6344767aa2831ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"4f98ad53f15a89e10c2460cabde0438e8d94e673bdd2226d2c720b21f70183400944aec0db87d6fbcb6ad00c77","nonce":"dbd4628be6344767aa2831ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"da6125be3868e537b8b5e20931a6b291cf22520a7ac3caa18cb2dd992f4de200abdbb1bd4b1577a1e46c3f15ae","nonce":"dbd4628be6344767aa2831ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"efd1ddc9060bf796f85e828653aa567eac63f9d26b60127d62428f2affa453fb2ac37770bd6c8726cac11a5fa0","nonce":"dbd4628be6344767aa2831ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"d1d1acb6ab4fcd260cfca2a4d941fcaa8e8786812f0aa8037195563b885435b1ac69b88068de868139f56689fa","nonce":"dbd4628be6344767aa2831eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"c0d90fe858bc8edc47794bd3dfdde6ce239076372d6eb0c747342e3e70f4b6b89f7f757b8df4003b40a96909a0","nonce":"dbd4628be6344767aa2831e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"9dd3ab9015778428cfc037a23da7f5a219d58fbe5d5eb9113abe9db0be5f472dcb0c52b62f16ecc46b5dacfc04","nonce":"dbd4628be6344767aa2831e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"0c2933e53b8b7ba820dc79b5e19a5608fe516b6a95b6ed50f4f36e1c2253e3d58342356e1ee01b65ea64c044ba","nonce":"dbd4628be6344767aa2831e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"0221abb6f57e4efb0d63decc2bebf4209fd14101975bd1710cbf59c580d31457f4bcceb71aeb67ec85c3ced452","nonce":"dbd4628be6344767aa2831e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"469212fbc1da689ec197148d85af14b289a304888868848978fea0075c358d91f64b1bfa611d8c32c283fbdcbc","nonce":"dbd4628be6344767aa2831e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"c671d190c8e64153b445aa2227bda4620a50c2cc3c78e8e1fd0c5df0e1fc48106bb509fb5a37fce31e13a208f1","nonce":"dbd4628be6344767aa2831e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"20dedc91859985542c78dcf261565d14f95085478fec3425b430f94f2fe8f25fe80297471abfac15318388397b","nonce":"dbd4628be6344767aa2831e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"1b339c3cc1dc3bb95a952bf8db2311b1ed43334c63be12ca305687fffdfc81c06fc8f1cd499d8b085de09b9ea0","nonce":"dbd4628be6344767aa2831e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"ede2d2e49cd10e89dcd44f306430e101ec809ffb5b5b6de4b00b90b7a1d2011869a28d65e1983fc5ef3a17ace7","nonce":"dbd4628be6344767aa2831e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"2872c3a35b93090204b2557af328cb7de3bf02e1fe081c4a528fd2e016f0ce5fe1c3e4028693e4f462550851aa","nonce":"dbd4628be6344767aa2831e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"573c8817f0d46f7da292a0d93427e6828404f23d90552967b072f42bb3c234031af9e48fd6b1cdaa8c256d5eb6","nonce":"dbd4628be6344767aa2831de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"27ba5a89ac8716540bc846e42c7a726c66c064e30f71e5c47ad62428343322be084239c62f520fa0bc77d05452","nonce":"dbd4628be6344767aa2831df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"713031466e0c3b7c9c7687ade57e555e9ad909f5769da3a234b68960a2e44e04c1c52b666185f42612e6270283","nonce":"dbd4628be6344767aa2831dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"98184056ae50a114bbc77895798635decbf29a550d4c1eebdb574d3c8ae3b95ce2a72d7380f0be4ab54699cb85","nonce":"dbd4628be6344767aa2831dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"f5cc1e22dc2b1aa2f6bc7ec31b775c97597657cbb48afae1265c16db981d2fb326428340d8b09c339f7590ff01","nonce":"dbd4628be6344767aa2831da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"8999d47161f64b60f8b575db49dea77ec613728e83fbad489db160b73dcfb35f6cd12af620c073316e990ac2b5","nonce":"dbd4628be6344767aa2831db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"f952dd56b73d35fc63652b993a5006c2726899feb09edd18a6543cdf2d7adae83e07ce3ea14f716970d5a0da8c","nonce":"dbd4628be6344767aa2831d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"ae9e713d75158cfaf93ff2ce21942ad4695a4f1b6a52b6c96236d4c31b829439615c8acf9bb2826fb5635bd967","nonce":"dbd4628be6344767aa2831d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"f6f812b6666e570d8f2c765d5f61c00ccc75c6df338c446884ae8fdeec595bb339b841a3adb48cdc60e06778d8","nonce":"dbd4628be6344767aa2831d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"caab8ae78d4f0b680c98ef6a14dd36822164674e93876a73b6fff2c010bf93565bb9ff6932bce5fb0761576087","nonce":"dbd4628be6344767aa2831d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"1ec382a88154b6692fc83c8b112c99a211769222eb5ea451f62b576ad353bee544159d206821fdfc487d473284","nonce":"dbd4628be6344767aa2831d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"a21e87a2a5c455ad8f5a2b362076ccb4d286576036d2f0cd970352386d470493a99ecafb7387e6c1864d9f27b8","nonce":"dbd4628be6344767aa2831d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"1b79defc3004a3a1d336e874fd47ae7a4395185c6bdfffa858ebb3216ed6a914ea1ff597cadfec6158c293df17","nonce":"dbd4628be6344767aa2831d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"75d0b1e8c180c9c2b6192f9ba5a08c7821691b65833f6308d6d3fb6bc03edd3fbef906460f157f1a14295d7e5e","nonce":"dbd4628be6344767aa2831d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"e31603950abc34eee0d59b8423e5e4e0f06cd6d2b9e5fc6d72651f64d1dde65be2f5da7a807d39162d210522f7","nonce":"dbd4628be6344767aa2831d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"23235682c76c9e5a0c97b5bf19adeb0b597f442849857bf4853ddd9334bba00d7240417c5519ee499a81c9a7e0","nonce":"dbd4628be6344767aa2831d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"edb0c5bee91961971a8fc03b125e36a7e1c537871d5bcfb990b3d3a02c3446abd5b07e4323a926c032cdf18f32","nonce":"dbd4628be6344767aa2831ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"dad1c6cd522e103e8ab9c63883a1363dbc72f9f94cce999630de2af67401a9f30d72456494676ae6c37202ec1e","nonce":"dbd4628be6344767aa2831cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"b7cf896107bb2d86020acf3fee67d66c0e0d84927437426ab4cf68f03f81fb7926a136ce64d0e090da31b78503","nonce":"dbd4628be6344767aa2831cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"ea15edaa2afdba4fd241437251b3d004ac33dbc48dbe300735fccb112567b0d984156e4e22bae54a8311635ca9","nonce":"dbd4628be6344767aa2831cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"507c81291a63fc1b45d8c03aefa686d86c354e707d0902ad1497e5500982874669fcfc256870c45345be4fb539","nonce":"dbd4628be6344767aa2831ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"119d3036c027a8329eceaf7afe83d308aa75eaff2825f342e0e1498466425bd264c8a06b9417f3400ef62f3112","nonce":"dbd4628be6344767aa2831cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"3893865ded5ffd07dd7471bd03ad062e729d431ed5f887df105d2b8fd8b9f5f838f81dab27d7b1f53242f38091","nonce":"dbd4628be6344767aa2831c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"4c4483102b794b3762527e896d0cb548cf1b380e2038117127c9a8710c5cdd0d38c42c25680e42a863229d905b","nonce":"dbd4628be6344767aa2831c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"cfcc606e421cacccefc81ce09d55f80ca89e7905e49faf39ceab93e40bff95d507dda94d403f5c9828dc244c57","nonce":"dbd4628be6344767aa2831c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"199d0d20e2fe87700d38ef4010a16114d92d93dbe8056e0028beb4b1f10836d67378b313063d55e6c1c2848d4c","nonce":"dbd4628be6344767aa2831c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"439f4650e362485b505b5d2b1e1896ee3f3ccc83edcf569b1b6c39f6a872a86f9bd4a852b3db5994f6e73ffb02","nonce":"dbd4628be6344767aa2831c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"1dcdbc988f38e534116ab7a0e0ecf2c3754d5154d7900eb1b3eece8b2a966e423bbffe746edf080cbf3f29fd41","nonce":"dbd4628be6344767aa2831c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"a861d0ca081e757f0b9240be89cc3d75982fc50f1180e781b97034691d18c33e87c5cf02375f32361dec26d5ab","nonce":"dbd4628be6344767aa2831c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"98d82bda3a335b88f328404c4986f748d96e5d2228c9086d6746cf2b7f74987e64f7a4ab21dc6a6492d8d946cb","nonce":"dbd4628be6344767aa2831c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"3c9102a0f54b588d551b08b324c3eea358d819a4d7a39c82d4439cdfdcac39dea384cf2970308e909a67e4a5d1","nonce":"dbd4628be6344767aa2831c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"dd3cdf10b4a752418aa815cd1af58eb4aa20b2e8ebd2b4a3f99991e274beb4effc8b5636c8c6af24708037299d","nonce":"dbd4628be6344767aa2831c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"05b9a07cc8c809405d07919167438a5d389132a1172adaa7c26d62079eb695ce3e72c96f7e6f7a95defdbe4f52","nonce":"dbd4628be6344767aa28313e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"7168f2aada6562c483cd6a6b6cfcc75923b5741174211a28a486141c35a58e59268c27794a5de5ef0ac2b23257","nonce":"dbd4628be6344767aa28313f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"a56d36e717edbeba773b2c1df799351d6b2cab030c1d5c5cee8a4245be89275cfcd46c341c5ffa60751f52f5a9","nonce":"dbd4628be6344767aa28313c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"57fc8503b4f3a121275791d9b463405f8f9d8b2bea8ca97108410860b69e155bc5898249eebb2a7d6b3d4ce8ca","nonce":"dbd4628be6344767aa28313d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"a322d85e500b5ebc165df0d39e78a298a4f17e7407f70b6a8493da6fdce946fae2299315c970f19adc79683d87","nonce":"dbd4628be6344767aa28313a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"d260264e23c221a1730dd443ed8f054f4f167b10727457a4f83262a39d092230c404235d031514e1a526b965b5","nonce":"dbd4628be6344767aa28313b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"085e087ff0da944ba213786aa5f19110b7754942e8a8c1960a0efbd82a11d3267708e5f1ddc444c9c4d350823c","nonce":"dbd4628be6344767aa283138","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"f55dad511662254ee21d4f6bcc54fd060ddcb1662ccc6fab5fa52defdc0cc5a0b9985b84c41211a5e797da20d1","nonce":"dbd4628be6344767aa283139","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"18ff20f6e6ee94c45a5320a1b7294a69777ba67989ec0aaf9a37684d9f012836e336dcf09feaa80be277654562","nonce":"dbd4628be6344767aa283136","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"f508f52dd34ea97b46db72d83e3145bac1aefec84850f14d4b26f24fa65674d03cfd2807fbc18420664a964cea","nonce":"dbd4628be6344767aa283137","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"b89befcf35e3b4a28a90bf774725a83b63c2ae2e70b163fb77bfcf6d5619fe56edea914479179135e42510eec8","nonce":"dbd4628be6344767aa283134","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"34e0241be23032a16ebf5a9fa37eb7fbe6fbec2e3ee863cd1450b7f5c8ec106ba813787bd85df440f0fd8c578b","nonce":"dbd4628be6344767aa283135","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"aa6e50ed2c518bef89b65e7dedf004c5267be0aab5828bac508ff4365e7c2eb38249f5af85d3b07fcdae173744","nonce":"dbd4628be6344767aa283132","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"d91c59b781df2f5acb8026e1c94a0de3b0afd2fdea43764a30874591c61acd7a265fc04f2ddf6acfd025c85ad3","nonce":"dbd4628be6344767aa283133","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"a2b6415626c0945a8c477bdcab4b711f37fee5e2b7efb0d565879d8ba5861564bf2bed6e2e0b6557ebd2fcbf73","nonce":"dbd4628be6344767aa283130","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"08e2cd3c9e7af1ce3195f20af6211d93ac2514953e6fe444fc8b73bc0a2baa02446e8c2bd92e0c81dbb97d22c3","nonce":"dbd4628be6344767aa283131","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"7077dbb9b232032606bb7fe5afd012bfa4ff194ab9345251c88f37814ef6124d00288677f18b2e6e925825520a","nonce":"dbd4628be6344767aa28312e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"a6419bd2de5890a05e551d743828b89a9f394213e243561aea3f13a55ce3f4d4b04cc76b04febdd896cfef9738","nonce":"dbd4628be6344767aa28312f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"02072b9812b5f7d97f1a2323ad44c59d7b1d2c844bcd10640cc0aac2080e505776f6a180cb8443b027fde7b973","nonce":"dbd4628be6344767aa28312c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"2da22d856be244d35fe185ac3bfb0ff7be0faafdec95d7084f6bfca5a65b9211309cbf4a67cf60e69961fb92f6","nonce":"dbd4628be6344767aa28312d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"30200a18433d4a51952f9ac17cb2d69665b793f5695efab2ab781f574a6826fcad702dd8639613eaf768ac9468","nonce":"dbd4628be6344767aa28312a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"b87234ce0ce5226520e539018b6c8e56957fa3ddf1e3f84b9c7b2d91b97570060acdcbb34f7aa30f08f0513019","nonce":"dbd4628be6344767aa28312b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"51bd5d02f5228af19242996144a17a7fa1d65827c6472e32464bac07aac3c77972482c3c7b7df3704960cfdc36","nonce":"dbd4628be6344767aa283128","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"6ee3faeb0268a355be8a83c40fca520ab21571ba5834b2246a3fa93aea30bc06a6f8069127437add35b0b90faa","nonce":"dbd4628be6344767aa283129","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"eed3e9fc2f496c3142a885b07a97758f0e53e73af5faf8cbb0ab4861a776c5c14449ae9ac8f1b160772231484e","nonce":"dbd4628be6344767aa283126","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"7585679767447efe2431e5de0f7ffafd98989fb6edc74469a58a33d06b9d501ec1942b97b067bdd1f9a7de3f9c","nonce":"dbd4628be6344767aa283127","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"b3b872662607e641bea6d6792573edb436579870b1807e3d263e2731e1d18f029d24ed8d2b8b0fcd7b1c9c32a0","nonce":"dbd4628be6344767aa283124","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"db24e3aef8e53d3738c56e134a2e004e2f6dc5c314c2562f933d734146ab7a72158f3babd64f98ef049aa50827","nonce":"dbd4628be6344767aa283125","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"0ace8da86cb952dd00ec1c86ced36b523f067d350f587adca42743213140cb5bb59ef63dbb69b14869365f22e5","nonce":"dbd4628be6344767aa283122","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"be54a7397e15ec9ec241329ee9936eb3121dd5c72f538522329b3f1a49c3641a409469d17cd7eb5d3eaa33620f","nonce":"dbd4628be6344767aa283123","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"64560341b47f6d5ae3d34b2b659fd551f698a0fd49f57bfcee9be4aaa6dffc445c414e15045a838a15e436f8f2","nonce":"dbd4628be6344767aa283120","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"abcb0cd7fba215fc32802c3bc23ee1b22a3930ed35b70fc1cb0a0893f43c6640237878d0ac25a1a9e5870c42b8","nonce":"dbd4628be6344767aa283121","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"a7b400012e80c43abf45034391a0d6903f5ef0c46f99dc96552c96e4f221a00881e198475f53ccaf7ac83ea8e3","nonce":"dbd4628be6344767aa28311e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"b50fa7f4ad98af5e00241d880f909ac9b10b7df1e7cf2306b9f7e58d2294af8a84661a0fa7ec63afab48adf68c","nonce":"dbd4628be6344767aa28311f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"ae47686743131bbb003b7d775ba15c126d63d855653b7cc502502aace1c46661c57e29096e34cd5ab4b90215f4","nonce":"dbd4628be6344767aa28311c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"88954899b316f7cbb8da7f1ff0e38f734ebd24e5b457bdee56e47fc83e53f5da74766d5977bcb23e1a31f5c070","nonce":"dbd4628be6344767aa28311d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"f5c19def872c9ac80585a7c82f600be7c4952d695940b44e9f9b41c358a57ce96ea08e0a67ce407707d2b99dac","nonce":"dbd4628be6344767aa28311a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"1899f3e79867d135cc9fea51d6d5abe4f2205d8678db074842eca73843538fe3468772e2902c093982b67dbcba","nonce":"dbd4628be6344767aa28311b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"dd85671dbb7b32287819e12385450aecf56a2e8f4052b576ba75a0a157e795154505fe759f1d32204862ed4212","nonce":"dbd4628be6344767aa283118","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"eb29c47f775810ed661301fa7c83ae0fe9a69e19dbf565fae7d0db6e0e857313909279327dc2fd0115108d8b5f","nonce":"dbd4628be6344767aa283119","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"b7647794639c62a89904d59801ad57ed38dd479f0f29e07f38a9782b3b0010ec00dc7c98a1a3ab9b26899cef2c","nonce":"dbd4628be6344767aa283116","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"04e5dbd5d1c61fb663c87d9e3e63db3d184e7f652bfca6d1ecc72096cf5a7888c672d9465a7645ac4b05b605ac","nonce":"dbd4628be6344767aa283117","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"92218f6bea348e927525d9ef17b34082143a8d13666ebf39a8e6b09af6e87f64c574e9a8f1491463fb9b10417e","nonce":"dbd4628be6344767aa283114","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"fc25ce05dd358fa3d4d1ed74babc0bac5df26a41d915369096822d95632de7b6678a180380cdde3909d5d1a5d4","nonce":"dbd4628be6344767aa283115","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"1f3b58da927f10a42abbcd47caa2f7ed23b62ea4b41da9c75e4cbf7dfebf1506dc0e0392cac16e8a58ae596eeb","nonce":"dbd4628be6344767aa283112","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"9c09abba7ba50a8492078997210c8742138444bc0984d4f7903a5016160c2146c4a4dc30806432e27847e97377","nonce":"dbd4628be6344767aa283113","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"c664901edc1bb8ccf2737c480d35df7a31b8b7d888c5c1598978f95f682da2c1a0b29f2415761b58a4046c4abc","nonce":"dbd4628be6344767aa283110","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"741d25de87295f84a55a4c18a928dbefc15644270b3b3fbb10c13cb2b604d42652837d7ddd6feffe568d318491","nonce":"dbd4628be6344767aa283111","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"51f4a6c2ee8af0b232d434f8858418d09f69e65f19f77a4c41b1993edb79f4a01b42aeb1838d4f1dc8e61a68a4","nonce":"dbd4628be6344767aa28310e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"e024ba40cc0e9428c7aae2dfc38397b861015b6fe0b80bb3a9079ac6afdd2d573d8a128c04a93d8ce3c7018d3d","nonce":"dbd4628be6344767aa28310f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"944d65ae2a72d2320aa883e4b82b4821dd2104bcdd6664b2e1564e133540b58fa8e2a7d64389f9520a684248fa","nonce":"dbd4628be6344767aa28310c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"b532a1c1ae2e8a8ed6ba6481eeeadff09493a8da4981a78e3be788deb6cc808f2946534b956ee10dfcf2044b54","nonce":"dbd4628be6344767aa28310d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"8b6e47e28b2357d198ce75fc025ce4409b44d5b44b6ddc492ddea628f5990c8db81dfff53a26122f3b1ccd857e","nonce":"dbd4628be6344767aa28310a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"e0e3cd4fcf6ad8664ef7a5d1121f492c4a146777e2ca0be1efd0266dea4b4a231ff068c5cf287c9651cc160750","nonce":"dbd4628be6344767aa28310b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"50055c837d749b1c5a05a4b2258e0cbf3b80f6ea586c4ca566ea29eaa8e3bd5abc7f769f300494fbefea1c9d6c","nonce":"dbd4628be6344767aa283108","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"10673e26dfedd20712715bbd782f49fd919e774ee636c64d6f71317943bced03d4a94e610910878d0d28551b3c","nonce":"dbd4628be6344767aa283109","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"52d6be542d224692b614b1f4bd117aee73532ad7f805fd71dac94d9151656bd5389797c550108f4d6d6769ad32","nonce":"dbd4628be6344767aa283106","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"b22350371d87b4d8e7ba019e5abb37fac996ac3b947a85eb7f0b88050158ee6fd5eca0ec24108667c709e998e3","nonce":"dbd4628be6344767aa283107","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"5f815754b17e1b89d03975a9b51baecc7fe30e7fb6af054bf60c22aba320e2f08fd47e83d988094a1f4d5e87f9","nonce":"dbd4628be6344767aa283104","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"05b0b1587728a9e1fa8f76a1f0db0d0f2d46eb76ac3c6327de59a42150e14a72d728dc8c1120f66604a3c92186","nonce":"dbd4628be6344767aa283105","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"14f0443b85a3b46322704ed9be01f24e70043c98d48207999663ac87be10eec12ba90a57c65a74e7015e444651","nonce":"dbd4628be6344767aa283102","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"bb75e2bb14168c6ce83da4ec93aaab9d8bebf0d80342d58f41d5a191ab2682837865687e8054b801f86d865a7e","nonce":"dbd4628be6344767aa283103","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"15301f9f58a2bd6a6c524de52d5fe3c08e9af975dadd554ac8ffab6b8788bb19dbef6d7448aec80e0f00708f75","nonce":"dbd4628be6344767aa283100","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"f0fd2593581c0fc2997ad607831c622d3274b5d9d2e0d5197eeea5aaf79522ff26ffd51f44bc4d94facef5a38c","nonce":"dbd4628be6344767aa283101","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"daff14bb446da82a7c044f539250f80b7e7a891b8e6a21a63f7885cd1abe8d404615b1cf565784c6c562335b8f","nonce":"dbd4628be6344767aa28317e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"9aa51382b7102e6031ae737cc410f8082330daffb67113ad75b1b99025bea680a90aa242f761a9cab6504ea340","nonce":"dbd4628be6344767aa28317f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"16a317291774cbcd269ff8433b0d6de8bf26bcf2881749b47d055358b79c062730c5acac463bc0b705843dd4d3","nonce":"dbd4628be6344767aa28317c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"ea2a0a8619159819e2ad8b98beac00762f1bc8d239020a903bf5323fcc1f4381e3b5894c417e6ff01a095df838","nonce":"dbd4628be6344767aa28317d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"31cdab5f6a13f63a0b5f73597395e6f83ca3e0e51268fb75236ec5a6c81281cb092f059415a66b50075b7b89a9","nonce":"dbd4628be6344767aa28317a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"a7707a175c8094a63ada2b6cc93f34739d00417ebabe0b8bf8d0dcba8837adea8a3a9ef8ed2ebc2f22ca41faec","nonce":"dbd4628be6344767aa28317b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"4919024bbf4a3bd6e83930be6dcb83835265e9cdf7fe787d3738ee392e36ada46bcfc145f21f8f8fdad3ef81e3","nonce":"dbd4628be6344767aa283178","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"bf74bedaf7ccb20a4ef617762e1506a193abc66872e70526a1c8a603226f6b224fa0d88a1b73255a4f7dd9330d","nonce":"dbd4628be6344767aa283179","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"dd1376e58caaa6fac799dde531dea20b75fc9286c58cc1b72e9616e5542cfa11c96044705fffbba346bd0dc3e0","nonce":"dbd4628be6344767aa283176","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"0c51f71cdaca3a986e6d1c7673d0208f7d6d4f8d0d5219bb0bfa77add9028c8ce713e4851724783838499710df","nonce":"dbd4628be6344767aa283177","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"096133f0039ee2d0a7330ac43583d6b2be3e7cd8b9a012a9345ded4e64b364c11a19df2d37c4ed266d8cf1c2e6","nonce":"dbd4628be6344767aa283174","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"3bdfb7345b5c0e9cc2800b9b360fb81263cb5d2fe78170a10cb02a4a1f7aa929bc402d0c8569af18dfef00c6e1","nonce":"dbd4628be6344767aa283175","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"bc4eb9782c329dba0e331ab5866bd366e8b070a995d339d211391b4dc92261d59842cbce6408c0d4e61257de61","nonce":"dbd4628be6344767aa283172","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"19ba3b823b0fa3006e8b6f548560542d95cbc339e833003df72fa38c237dd5467f794f16deef0a3da01d4c4315","nonce":"dbd4628be6344767aa283173","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"371b0f0884230faeb9884520a49d6f5e707c6ff1ad332a9d8982d0f1424ea9cb9debf1a2dac3dc54de85d3c889","nonce":"dbd4628be6344767aa283170","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"1d8458e8014ca66609d7e8109b85be6da139ca6e58a4c63dd062814c2638016ed9c7bb75f8b4eb938ec6d9a818","nonce":"dbd4628be6344767aa283171","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"2cbf6758321b92a0bbc8fa83a82c62f92f65c83fa669416358e37db6870e839173d1d553d43b0397c8e169ba77","nonce":"dbd4628be6344767aa28316e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"7e0fafbf487f825464294d2813719708df8cb5b1437a71908cae9734707b57f594a069834d98e41c655d6b05b1","nonce":"dbd4628be6344767aa28316f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"4dc0ac42a66db60de5832a3357f99909f009512cc4ff32d8c8cd7c1ea5c0a4276e0d8390483b21750e7a289b21","nonce":"dbd4628be6344767aa28316c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"a692f748c011e48eaa6719b1be69f050ab04eb3648bef8da079d9e2a21ef2178e48102b80c1ff77b538a631c3a","nonce":"dbd4628be6344767aa28316d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"73c5f75354b75d6b0fc80a1775b43da44d092185396015e9beb2cabfad8c8032b0137af42e4632770f19e7038a","nonce":"dbd4628be6344767aa28316a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"41a7a89ab720c32ce0f8fa19a1e9d6630adb36445b29e82b94e41ebe63f69739fd76da6b4d97deb9abc6d7b7d3","nonce":"dbd4628be6344767aa28316b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"73bb158f1a7851acaf32bd82d5020417f0b077dcc2c1be664a4a222c1c2abaf5de4207ac5a6e203d98b1c84199","nonce":"dbd4628be6344767aa283168","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"8d53cef8f95a4572f238276ce741959ade644a8ce0f84961a744c45aed5b3f0688bdbe613b8676397b0f2113a9","nonce":"dbd4628be6344767aa283169","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"38e1c01d7956b9c360efdde18d970a800898f9d2cfbad867dad0faaf112e18961178d17d5fc010f92575fe191a","nonce":"dbd4628be6344767aa283166","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"058dee8c7c928d2f1c6575a943ec466f52c9b3e5f8db14da526eb0c8f2633898f4a2250bf25db590945d910fa6","nonce":"dbd4628be6344767aa283167","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"9da7579f97656ebb249d44cebd6308e37515af125d8894a2a5164e6dfcab95ad6b87c7a3efe14773799b257060","nonce":"dbd4628be6344767aa283164","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"b53baf5589dfd4202803b23a8efc5df8043455aed51e88c76a7d62d899accfd4d4ed5ad40accfc68e984f43936","nonce":"dbd4628be6344767aa283165","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"3380fdd9b88c82f01abb12164ce5e83fd3bbd4eeedaa78ce48cc475a363a48b9a70d2d6fd65e4f72017e82192c","nonce":"dbd4628be6344767aa283162","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"2dfd35bf729835cfc22daa92756ac3a04dd1677c465df052c628652303a11130fab3cd547367f8001f1b063a27","nonce":"dbd4628be6344767aa283163","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"c80923e8093c8e81f5fe19c4562c454ade54d9b7bfb114a5dac297cbd022f530ae7b630cf5bd3dc5e865804c97","nonce":"dbd4628be6344767aa283160","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"13b2fb30b726963490fc5349905633a72cf5327ed025a3555973ba805a233f3811a40425ac0c40ca40ff9db00d","nonce":"dbd4628be6344767aa283161","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"134d8bc166e2d3b3aaad3127332b66a5bb619f04887621b7cec9a2f6128d68914b74fde23cc5901a8bc780a329","nonce":"dbd4628be6344767aa28315e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"6bdcdc081741308c7fa020aa8120d0ae00f95935c5967e13093220668de7eee60f9636e237d3b008e3475f4423","nonce":"dbd4628be6344767aa28315f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"4ad2760a30a2876b6a897b89fbab6cd22475bdb74e5c355a88dac1a032d020bee6d2a93068cd1b9ba0502ca80d","nonce":"dbd4628be6344767aa28315c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"6a11661502ce4e9db10f4b0f1889a65861968f24082542c17a3aa908a6d122d4d19af2d0d669a9ba499ff7b7eb","nonce":"dbd4628be6344767aa28315d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"466dbba88e7f2f76332be0f354987a96e169ee6bcd0adede9c751e70ac914dce3c83df569e87ef328cdb2cd804","nonce":"dbd4628be6344767aa28315a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"e3855ab4d25243dd102e664fb6aee3530c3eda61ebbd8d16f6367520e99e7867e996bfac06deb52f54433c8e18","nonce":"dbd4628be6344767aa28315b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"310348a0e1d20f0df636eee6f0f2f6296ed20c715f5ed0e7d2ff7ece7f5e8404ed222b183a9d87f67a1ebc3570","nonce":"dbd4628be6344767aa283158","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"4d2137d05099f1ef7bf021817f429efb534c7c6dccad80d6ded1d52376c8fe3418e96075a1377dbb9925eb537e","nonce":"dbd4628be6344767aa283159","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"c6f8f3091084cc1ec6c8430ee7a891eb3ac09ed0b3cfa1ce769bc02c133a682a0da26b6b6b5703256da8cccc6f","nonce":"dbd4628be6344767aa283156","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"5d71d9ef5a0ac842aead1be43fd95618c212732eead320fe4568dc43cce6040325f53830bd8c9396d1a84e7e6f","nonce":"dbd4628be6344767aa283157","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"3864997aebf4e9e9b8dccaa41d82d58c45ad379c088290306a89445ed3ff48681495773dd5cca206f0ca8a0e8e","nonce":"dbd4628be6344767aa283154","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"340bf76e5a7680bd95602181e5bf5d89441c834da0db58449672570dffbf910096e00c8fbac69d08f02d7f8122","nonce":"dbd4628be6344767aa283155","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"6ea317a2969b80f6cd36958045f2bc9154b6681372e75055e0be8d9f974dbaf5d166e5db9db76cde81dd8a5a3d","nonce":"dbd4628be6344767aa283152","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"f0eca22b7ec8c7d7c68789520030a292bcf4784a74a10e415e9d5f12b03edd26f28d816c5f11278d3b10fdf213","nonce":"dbd4628be6344767aa283153","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"93bc178f532e15056558e132d3ba501c25fd6b188ecdb32744c3c413e35d00fff7bbadfd1e7db74ca90f350aee","nonce":"dbd4628be6344767aa283150","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"c1e3f34860295add77b8b374885a3ca15708d7adb453b3ac4cbc91f5c9e36c475df10669145441746fde1e054b","nonce":"dbd4628be6344767aa283151","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"cc94fa21a633f85e26f3662a2bcbf234d19c29bb225197f0bfd0dd631169157e5d5200e769e70a2032097a2920","nonce":"dbd4628be6344767aa28314e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"292cf3a2ff03b88f6196fb7c9566cedb4426bb8cc2371840c93fb107b2409056d99a5d97be0ba3f3655dd9ba68","nonce":"dbd4628be6344767aa28314f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"04fdb75f4290422826b5e3082f696c00ed82aab21449515ad66daf11c3534b1fc23196bd25e75d551b129408d6","nonce":"dbd4628be6344767aa28314c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"43b98a4dd083a57e7a6eca3face8457f85a4a54918c4f726737df6f602df3d5b3646274aace19883ead947424f","nonce":"dbd4628be6344767aa28314d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"75212636a70b3ef905d8c9bf76fb009a4dee08758337ebe8c4451eae28a8003be488059951b995a643ab0d8655","nonce":"dbd4628be6344767aa28314a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"52644f6de0b00830b9c8e9fd80fce44891e2c5e593ed37095944835619bc9bf97382f2e2fe9b7c46439257431b","nonce":"dbd4628be6344767aa28314b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"d4edaadf21a0abc955e9b93eb25d682aecbe9f5de30cfddc9013aa80279d162a4b647137aad92e9b88a8ea34c3","nonce":"dbd4628be6344767aa283148","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"cc5491875ecea04dd483d80d2eb15e1ae074f8f37f6416447fbca2c3b5d147ce6340723c6f64ff137dbc0a7554","nonce":"dbd4628be6344767aa283149","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"6bee3160f3378fdf75f3104539b5d75aabae3969218d6ee07ba2eb9e42dd75f4e5fc87e880f63fb2c8f19a98bc","nonce":"dbd4628be6344767aa283146","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"88d42377357b98c8852db43eaba4a7c95bd4f6bce79da5af28aff8ab9227a0441d7f05acc84899199a6fb5c995","nonce":"dbd4628be6344767aa283147","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"b13991afcc9743c87a5c405070a655138fdf7f3400092bca1649b5fe81d698c5d3894af366c85e7399f07d08e1","nonce":"dbd4628be6344767aa283144","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"7303f2ddce9236dab38f2169d24b18b118a380977e55775a5a20595b3c550665b2b0e912bb3813463337e118bd","nonce":"dbd4628be6344767aa283145","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"f1b7d524cb22874b59d2d6103e538417230a79530ad8f361c1f340ca8b3aae77f071bfa7d339bb682d2b6a708f","nonce":"dbd4628be6344767aa283142","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"791bd803b9205898bccf93b9cfc925a64a80b3adc1aae65e9c43726d9ef6ba23e508f404e3ed6bbe78eb459b04","nonce":"dbd4628be6344767aa283143","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"ae3cd109ce9e864bd1ebdfc9cf096aa9c5371ec56cdb94a83aa034e2d8c2bc140541cd96278d7f1a33315440be","nonce":"dbd4628be6344767aa283140","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"27d57c7b15571bdaccbd8a4132f67da67cf40d1309c86d0867d446abaad2f82e1b2fa3498b11f68be533beb4b7","nonce":"dbd4628be6344767aa283141","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"d9a41b2feff54d1788df4191e05a3747c2b954383a5274c14972ddc0e9cccc5ff89dc2d88489c8a3409aaa2c6d","nonce":"dbd4628be6344767aa2830be","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"457eb6cbd37674ecb32fd71e4bbc9ef000f8e6770f954e8be615d5c45b018207"},{"exporter_context":"00","L":32,"exported_value":"d52931888e3ca5d41a4b7b0e109345cc6c0171d88cc5189e90fee79d0ffac9cb"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"0f147c1f6999fd42f3a3725a3a13d40320e5dbb1cc16bb932b61f5966e0f7595"}]},{"mode":0,"kem_id":33,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"d3635df911ad963d5a2b758ce9b55b7af2e2d0a497ba925c8be77b4fb71534d8dc413cd16290b948ec1c3401c0c2e987269f1e6a641cdcb0","ikmE":"ce9e5c87d4c79ee6028006d37f42baab9cc891a20c7a07cb8c4d37e293d18479e942053eb01992e3cdbddbf912575752e1979b713ec7e8d3","skRm":"94bda07103ce810ab9bef5b3c4e76312b4b9064869a8594d08e6379497046ce8570c29e227e64cd7d57dda9dd6d3e9c3006fe23f1abe72c8","skEm":"56d9fa8f4a54efa5817404ae375c018fd7f4ead03730cfe8030dadb8607baf06bb2acdedd7796d4570897014eeba6b7d6b05b7940939bf80","pkRm":"c70ec25a5e997736b9c395a74a683fbf742bbeaa4cd93f06022462c150a67380c7e800609d1716d5f8532e731d1d2231b95d7a365e17790f","pkEm":"c64ddfde61fb5bd108572adcba96ca0a113a45eac9e6e337b98b116b052f46ff2d92d1aba0eeee1e5ffa15899823d25345147bab7274f3e3","enc":"c64ddfde61fb5bd108572adcba96ca0a113a45eac9e6e337b98b116b052f46ff2d92d1aba0eeee1e5ffa15899823d25345147bab7274f3e3","shared_secret":"0d3ece252ccb001e47224140b43435925e43f5d6b540f6f5a5ad93da02d92b6091a57c3fc859e4ab3d461b27274baf99050e59117fedb8acd1985b2dbabcaf24","key_schedule_context":"00501f6956afc1d37028100b38a48efe15d0352c7da3bfecd089af8d3f55c7171387399003157c2bc488b6f17e65efdb0a55ebff5dd99ed2ce3d97d3473e69c23c","secret":"9e634d2b453c1270f02982a7e8722c3ccc0aef4c734b1b21de915ccea23fdca9","key":"4302f647bcb0bee815af1a991ad7cc4057ae9e378b006c2b862a8e3e86e661c1","base_nonce":"4adcf8c45d079e82e55ff144","exporter_secret":"56bfafd499504d64edf66204ac530aee1e67a401b0aec3ea7ccfb78ad05dae05","encryptions":[{"aad":"436f756e742d30","ct":"515186f105ce87114afb7bef27634c68b1d459bc2cbf72704101fbbbbc79300ffdd54de55e13de9ae4b124e19d","nonce":"4adcf8c45d079e82e55ff144","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"68e7016772b891e695c88e430b9794082789d13c71ce2ce53afb882a601815c32593b04bfc3edf8eeaa26d7cdf","nonce":"4adcf8c45d079e82e55ff145","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"028d491e2e01c42b516408b8c6f8960f35ebaaf36a8260930817c306f6fd02d6589357bb70111238817010ca5b","nonce":"4adcf8c45d079e82e55ff146","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"bcf291b8f30ebe8e08113e1f1b5f4097b626b8150000e750550b1eaf5bd711e144e5f2edb82012796583f07bce","nonce":"4adcf8c45d079e82e55ff147","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"75ca972dbdd378b1abff0361aa3520d60706374b4b2fec52702dce0947f295591108237ea697a6720409dabad6","nonce":"4adcf8c45d079e82e55ff140","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"3bd634316f7566504d3a7e5f11da98231109da41a46b6ce9d1087276413b583dbc4b05249eeee55477915bd4a1","nonce":"4adcf8c45d079e82e55ff141","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"e1046b45dda20ea530ce3b0af18ff04ed157ff580f5e98cbbd19ad3d991e91310277e975bc95f8ceb8b46e4d5f","nonce":"4adcf8c45d079e82e55ff142","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"8a5ebd7e93c37a5c184247d704f293bd1c24a4fb692d340734ffd2199eefc3b124d2933e7587cb0e4d72472cfb","nonce":"4adcf8c45d079e82e55ff143","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"cf42f194b1c14cc562d490ce67b0e357dad5aee6d6d7abbf59318208381536b80517a9e491d4c6043630d34ae9","nonce":"4adcf8c45d079e82e55ff14c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"32b5b9a819a4340ffcb0e2c54ee54bd129be65888ace32d9e616998bb1c0493ff4eb6db391913b9c5bd681d1f4","nonce":"4adcf8c45d079e82e55ff14d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"5135a3a5e122f6415e3fb6b8f36b9e2926bc1f623cb325d7a74dc39da9e809b3bbe1db5c70b6181f0dee254dd8","nonce":"4adcf8c45d079e82e55ff14e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"a9f4f3622866241d0282d61d8d4b5c95c9b38ef6188161bb2e0fc158e8e39e64737f79b34db51a23d300a94163","nonce":"4adcf8c45d079e82e55ff14f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"0789729be079bf706799d44547f93038b8d4956d5b0cd61018e9136fb519389c18fe6af722a58adcf041ab476a","nonce":"4adcf8c45d079e82e55ff148","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"96deb8944d390f45e36883eb3797e337b46e92826071bc83cc46a6d0ea96200cf18565ff77bc6bfc69ec004a65","nonce":"4adcf8c45d079e82e55ff149","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"fafa2981b78e60881213edf0c701401e77739f3c2aa1fc1d6ed4a2b52ecc6bc319238e854231e0e2d771275315","nonce":"4adcf8c45d079e82e55ff14a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"1a439b0db65af2bcdc3535f8848c8ae058e790fea0dc2bbde845314431c5064ce2bb84373e7d749fb0cce0aff2","nonce":"4adcf8c45d079e82e55ff14b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"677655c5583f1ed6476d9c2a5f6cc3086fa140de55813efb5b66db7efd6641f025959d9f40cbdc9e109743d5bb","nonce":"4adcf8c45d079e82e55ff154","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"6cb1a3d15d312ad6fb0db608c5f3fd243d7669ee09c2dc2e5bdc010813d8286186398d3f871c05a84eb8fd00c3","nonce":"4adcf8c45d079e82e55ff155","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"31229d5cddfa90197641082c1853149116d2962d4903fe50f5e6ccbef3161fdb0a121915cfc097fe923fee3579","nonce":"4adcf8c45d079e82e55ff156","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"f1771f87d50b2eb872822754dd03566b3e797812040048514de9d105f1ac4e3a32dfa2c624a985ceb7290456bd","nonce":"4adcf8c45d079e82e55ff157","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"e2be501c498670582b2026b586ea6c518809024fff69a6640f30fc6798a166f59842ee36111457b8ba8d5b5e35","nonce":"4adcf8c45d079e82e55ff150","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"b47c98c10884ca7f419e154e46ceaeff2486e3a658a32441214a28d54f80cb51e3be6f7ef5a7bc2216ca0f136f","nonce":"4adcf8c45d079e82e55ff151","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"3e16e8eda766d76f0a0befee0b6c6de0a65fc0537796ef200cd210f09e5d450ba1357a7d39d9d2414c4613a37a","nonce":"4adcf8c45d079e82e55ff152","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"d8416e481908305f068fc2e3b45850a03b573c16d7fa8c3bb900f590f7a72cea51c190424061a007f5d20f0e6e","nonce":"4adcf8c45d079e82e55ff153","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"9f45a0c4025a427697aa8c269c173565b2ec2d1db98a98ded55d56cc5e2a2690cf8e191755604c11403dacc4db","nonce":"4adcf8c45d079e82e55ff15c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"3f4cf48b82ce85eeb74377c6d565d76b689c8c29705eab60cb8ac4bc9525e3f2130f61689fb6e37c3a7db743c6","nonce":"4adcf8c45d079e82e55ff15d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"715cd4640bf535fe882602909746504f14dcff0816718600f030a657c65a1695ce8b812997ddea0e9455832e2b","nonce":"4adcf8c45d079e82e55ff15e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"9d8bdfa6523c5fb099de9dc9156c304d8d0a6f6b9f9f4500965db4c0fa821e77a45897cce858bfcf827610e0fe","nonce":"4adcf8c45d079e82e55ff15f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"2db39fd5befb98ffd541e69796a2eae13c1ce667c323e07a4266f22b57ee4ed49a10aef61089b26d20b11e5c5e","nonce":"4adcf8c45d079e82e55ff158","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"e039711fb40a56e906251a3b8d0a88b2e9080cb7658b49209a52c975b68157b7d241a571a8df537218ba459d71","nonce":"4adcf8c45d079e82e55ff159","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"84b9ec5321a9ce52a095b5ea219287cfe9e30810bd14e07a5055f2703b5e6ca533be74e430c6ed453e95661b5a","nonce":"4adcf8c45d079e82e55ff15a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"45aca1563c3b13314de2a18e11e6e985fc3e6461ba4d5f3ee47921c6cfe270e54c6e01642d137038f735c914bc","nonce":"4adcf8c45d079e82e55ff15b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"576a9d89093ee0cffa32d40bf99bebfbb2438362427e278a7f9c89b7298c0973d817a29bc0674f5aac45e0c1fd","nonce":"4adcf8c45d079e82e55ff164","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"e55e32302293365ba174f01944b1334bb2cf39bde21f8c99847d49731b3b1ecdfd2fee6f267f0d954f1ce88394","nonce":"4adcf8c45d079e82e55ff165","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"62ca7356492e2618d2f3b8f05b7a2de2a7c7549afcf279dd80988c8391c792583ff420dd27e9121ac6f2f8c066","nonce":"4adcf8c45d079e82e55ff166","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"3a1abf06828e9b04a112143ef6a0c0a8818153519c2d9cfff8f8d11b1b75b85bce1312f38bab7a0e85fd2502bd","nonce":"4adcf8c45d079e82e55ff167","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"671765c6a957c4775f2ecd13b87df5414bc9dd6d130fdbfd33b95b59702ffe0b084c252b4b8c3e5ec293ff9252","nonce":"4adcf8c45d079e82e55ff160","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"11943a88e265c7e372856ac56aa9bc930c7fc4f0dcea6a4870e97a4d0b469dbb3f624d91c829c0b4f83878e7dc","nonce":"4adcf8c45d079e82e55ff161","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"3ac5acc00c41f6f6abf6e0279ea0125782537e1349f0ffe0eeac4b99011c34487b6075aa239d80ee770a0281d8","nonce":"4adcf8c45d079e82e55ff162","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"2a4bdf4d8a0b48fd5c89b4187476bbd83346226cbb3bdb59ecaf1d4958d01cac8904ff0b6c8114ece402feba0d","nonce":"4adcf8c45d079e82e55ff163","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"64b028c37f4d9076561863476c08c7bca2aec65b95ee1983a7db6e07f0d461a96cb6997b61595c8d7b04fa2aba","nonce":"4adcf8c45d079e82e55ff16c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"89d8c111da4c443f4065092f7183cc5b2e467a63885f9178ff6b9339d8b2fc285babdf0c549aed7c44b9d1e17e","nonce":"4adcf8c45d079e82e55ff16d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"d3669a8356ec8f848d959b50378f9fde841613ba679053c5fecb0072b3139331fb10221bba1a63bb8faa28a402","nonce":"4adcf8c45d079e82e55ff16e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"21aeabbcc0695eb016cb556da14ac3f79aeb9af88fbde7b47f3b7ddab845e89655a26858ed41d959f1cf9fc3d5","nonce":"4adcf8c45d079e82e55ff16f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"6aab165e0088822ece3fd78faad494656430a92f6b8e63a80841383aae6d899707a79fd1827706933595d5ffe1","nonce":"4adcf8c45d079e82e55ff168","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"409a5c249ffb83e504bfa009391eacd58d960500a0ab456bfcc05c4b679b0c8ce4f694919f2508b069eaf059eb","nonce":"4adcf8c45d079e82e55ff169","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"a90714e6a72d7cdf59a58b0a05134d673b13b10f3ade9210c87a9c28524cf384628f3dce93bd076ce10c02972a","nonce":"4adcf8c45d079e82e55ff16a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"2c93e3a287b715cf4423f8ba576169ba795cfe18d749c428a0f7fcc40f875359dfb79f27a2ac26947be49ca001","nonce":"4adcf8c45d079e82e55ff16b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"16f8c24de59c810207e869bfd3bbadefe1cac3ed800ceb03f6d55c31a47be2a80cfa77fc3e4cc5b5137ea5e9ae","nonce":"4adcf8c45d079e82e55ff174","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"404a13bc02b7e51d123a88b59f8433b82953123831d1ddb0fc39a64bd258c9ba143a8890a14ee45d748093e5de","nonce":"4adcf8c45d079e82e55ff175","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"2d2b58fc811accab303c901154dd2a0cec6ea4dc03de52d6836e21cf2b7ce520d4bd809cee49ebe605dd6f0201","nonce":"4adcf8c45d079e82e55ff176","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"9da67601ac8bb7585c919554efb8711b09ea66a988871a7d53b8c058e6c5e888a43d7768ee84fb42ca78306ba4","nonce":"4adcf8c45d079e82e55ff177","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"f6001043611522a06bf86e39b3fa429ebaa9a9baa8b277751fd5c6e9192c16341cae212e009046f1ad1a2e64f6","nonce":"4adcf8c45d079e82e55ff170","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"845e55b936246073fe9523e044316c6f2164ce5557558748b5d2d21d7beff2ab14824ebb769724e70b87a76ed8","nonce":"4adcf8c45d079e82e55ff171","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"896e7f7edf7577e5cf97fae1a950b4d8a8be1a498c33665d6528aff1883f3273cf5ccf90ddbdaaad9fbc8bb84a","nonce":"4adcf8c45d079e82e55ff172","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"85a4b1b2ba4166143110c8c5703b977b3395003c470ef6fe06351616c4c87201db919848fe58dbf65822de9a2d","nonce":"4adcf8c45d079e82e55ff173","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"957309a8f630cf68d084ec48a476e1480ca0f24eddcfb8fb6ae51a934db2f920c5e1a296d0be812d38617c6699","nonce":"4adcf8c45d079e82e55ff17c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"37252cff4d259194378fcd67d7a9309954fc68051b762011708cb0877e03288cd6c7d0dc874d554af1ce7659a9","nonce":"4adcf8c45d079e82e55ff17d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"bc07220f29c806a94127bddc09c2cd1c8533414a2ffadb6a3c6f19adcc619dc11c6773ddcd41b940344b2bb5b1","nonce":"4adcf8c45d079e82e55ff17e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"75cec868cd85496fecee30e453ea9cb1d3fbd4aed633e19ad5582708f76cafa1c4f911c24599bf0a57bb4e80fb","nonce":"4adcf8c45d079e82e55ff17f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"7e7f61d8651ac5af4c7f06058ee6e5b252c38bfcc23f36b3b065f0d440eb116679f8131a300eef588befeb5ed0","nonce":"4adcf8c45d079e82e55ff178","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"8f6f28d150b0c838271deed73fa2f487f81d734f3a21cc9d7344e546e473c15c54cdcbd96586ef9342821a6ca6","nonce":"4adcf8c45d079e82e55ff179","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"9548f575414cbefe26f051b93391db94a86e4331a40aa182b655c4b503e4b33490a6cc95d28feabe89caa64692","nonce":"4adcf8c45d079e82e55ff17a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"274406d50e2146d36cc6be6c713a8d2f8e424bd188388064fbd7fe8baff71573962c605c06b064f544b94c206a","nonce":"4adcf8c45d079e82e55ff17b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"822d9168653edb18afa800c666a241c5c43e489a628f7b024d83dec7d295282ceae0292d49a08e72dd78d46974","nonce":"4adcf8c45d079e82e55ff104","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"92d273ef1cc55ac4053eb9e8a9b914aaf9b6ef18bb10a53c89e2b62412995017f215e6c832d3e86652337b6620","nonce":"4adcf8c45d079e82e55ff105","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"9ad01d2924135211ae4bb39432175334733fd8fe2c827fa2bd7d59ea866513896a4bba3cd33c1348facde1946d","nonce":"4adcf8c45d079e82e55ff106","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"e21021950e3d5ba43fae56994c55af40ea25fc435e98182373f8ae9b3c6f68290fd650569c0b16df2fe074e04f","nonce":"4adcf8c45d079e82e55ff107","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"a46fa4ea3ee4418f5daa3fea39afd1c22932bc5e02fe5142d5f8bc09ebaf9ef165d11b2a68ce725fb6265b6b8c","nonce":"4adcf8c45d079e82e55ff100","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"6ac9b74cfb975e93f65beb0ff67e5b4b7488ec44fed2b9c8090b1cb47e90c8d6f806cbb30e5e9493828f339c5a","nonce":"4adcf8c45d079e82e55ff101","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"d09a1cf1a7b47613c68ee2e4adf22aae6dda44f908db48265f8ecfdeb25b256bde290cda409ec47b5327772f27","nonce":"4adcf8c45d079e82e55ff102","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"d18e20b35bf4e808f6c93266298ef80c5acfbe861541c18ba4149b6d2bb41509952efa2215e2a8e870005a2ddc","nonce":"4adcf8c45d079e82e55ff103","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"afcef3631fe9af271814d04fdafe3b82cb2b3cee29d571555508c07eb98fbbdc2cc2cfde814939ccd63b4f258b","nonce":"4adcf8c45d079e82e55ff10c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"d49baac4331f7d207de63c9b7bf2e96a763b5a81c66abbb18dcd96a0ade8a6eacfec18a132198f2d525a2c2ec7","nonce":"4adcf8c45d079e82e55ff10d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"42c503caac17d0ee8bb6e932a31f447b5e9b80432ef08f03b4be2a25782b1abed7467d8ab68065b18ddcd48c0e","nonce":"4adcf8c45d079e82e55ff10e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"f63ffa99289ef18ecd9f900154985b502c274a9f1e23c76bf917103f2416d30f79e2fa9e8940710b96306121f4","nonce":"4adcf8c45d079e82e55ff10f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"13edcaf3f5c16b29f2569a90ad602244837870698e86b57319332a86cfc6efdc58fe0b97a02267139763ebbf5b","nonce":"4adcf8c45d079e82e55ff108","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"daabb5231a4bb8519aa1d03c797a5d7fbaca77ef5386799fc6644615f8e0bff28777157be6b5089015c90013d6","nonce":"4adcf8c45d079e82e55ff109","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"de0a83fa282d85fa89b5d576fae3d6db0e385a80e33381937864c78d897958c9ad1b6cb16555d960f1480226d3","nonce":"4adcf8c45d079e82e55ff10a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"28b6f1c4687a8c13d8c3bbc12f3d5f3a6ae47ad1e02195e8bc5a384d2562bfb39cdae92a2353b549d6815b2d6d","nonce":"4adcf8c45d079e82e55ff10b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"373d65fb5ff5e12e5d6316ebb05f8288e0998a43c239ca8799795939b090eb645a426a87c3e8ad9809129ce148","nonce":"4adcf8c45d079e82e55ff114","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"b41aeb7b49186f6ee11bfb139bba42e7c678fee7f4d00e08cc60f2fd3ebfec2561500cd31a0d95bb985ae25de4","nonce":"4adcf8c45d079e82e55ff115","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"7f9f75d1a3fcf7f6966d1c5fea85ef6c0c52239f7b4c1b986feef8185657fb309a38620a8533701b05d12a2065","nonce":"4adcf8c45d079e82e55ff116","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"49fc68625cdf0b12b3cec730266536635afd1a69257f2779696f607356987127ceb4f154114f282f01acf57754","nonce":"4adcf8c45d079e82e55ff117","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"b5a710d7166ba974fcf456f1a6cba00afdfd48bc3be616a776b943d822b5852518d8fc1c59831e9a280b03cb52","nonce":"4adcf8c45d079e82e55ff110","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"0e94a160189494ab15eda02472f1753e7343080d3edede288224abc848943a74428ce266c489ee2c3dc95a578b","nonce":"4adcf8c45d079e82e55ff111","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"cb952f842f7fc298b40f7bd416844befac9a6104e8e5df91e137eafc22a765598f73ff6cd681749cd97c1110dc","nonce":"4adcf8c45d079e82e55ff112","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"c04909945b577fc600dd21e79dd6851f359006e234dafa3493727e7adb728f7dfb20d5f82fdadae26034fc5076","nonce":"4adcf8c45d079e82e55ff113","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"0bfedaa25e35e52810a7bddb36575ac2b51309d10ba1c4ceaf22a3f3089f17f7bcf49c4bde175bb295448752c7","nonce":"4adcf8c45d079e82e55ff11c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"e426f66d42aa0e8ead6e2089801caff0d9ae3eb44f36fe4504d1827bf4402de3e34ceaaca0988c277f0850b354","nonce":"4adcf8c45d079e82e55ff11d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"1a449a748cc272b543040593011e6ad42af9d9c1692d173f9bde6fec35fc09b4e8e20798f70cf18e42fd6f3eef","nonce":"4adcf8c45d079e82e55ff11e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"8e861053b852f37029b126b725551945450b98aa3ef294708f60ebcf8408e46e9d23a8442aef7ec16ecb2c6ba9","nonce":"4adcf8c45d079e82e55ff11f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"7df8cbf5d04d8e463e4c0bf6a603ae96356484131c8eac89c3f4ecdbbaf2f0b39627c25024ded4a2d1cf0d823b","nonce":"4adcf8c45d079e82e55ff118","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"c19917e6e82fa31ac5e41eba4cdc46969b96e3da54d2048fb08670480feff2e969dc326b2bbe8ca2bd98e07009","nonce":"4adcf8c45d079e82e55ff119","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"61d51aceadbd08db9dd2affe12c3a347aa33199c7484eb6d53f55081346a2d01bbd7110e76a3acd20375885752","nonce":"4adcf8c45d079e82e55ff11a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"d2ca3e1cfa025ea76374324b909fb49cb813623b632e80485b3c58e1ee47b9b04ce0f979fda8d2dd01251f63dd","nonce":"4adcf8c45d079e82e55ff11b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"82ec27ef65cc22eedf250fea9d9cae05cf69a57e5295802be5e1dcde4623d4068beafac4d0b6a3244d888fc7de","nonce":"4adcf8c45d079e82e55ff124","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"0205e8fc61f8a58ef084ca7acf006b73376e7239a9631c22ccb3b2ef2a6e83d4f71f77fccc22500aed9c4d5745","nonce":"4adcf8c45d079e82e55ff125","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"98c2b33a91f794ddbeca51cd2b794d56ffb9f18251e67129c1f8036f4ac3c7755a6dff264485bd7da29755c1fa","nonce":"4adcf8c45d079e82e55ff126","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"4a13b86335e23ceecdcc018953098e25c4d2a87b1b1a3f9001ed02c80fcc1e289682cf0d1c50c84692f860b044","nonce":"4adcf8c45d079e82e55ff127","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"3c6a58f12e317099fedea0f5eeec8b1fae619d1cdacdc974cb3f9312fb8b9f6b1774aaf6e4d4b2bb9b5ec12843","nonce":"4adcf8c45d079e82e55ff120","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"79377bd66d72c150cd60505db46b28522d40bb139ce9bb0c1fe200ac4497521408e2e4a4d0c9c0051fa47dedfb","nonce":"4adcf8c45d079e82e55ff121","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"02b994debd1d965e117a5dc412ec62f5826e3773a35b9b0f85b3a102370a32cfdabe04becb5085c2caff847837","nonce":"4adcf8c45d079e82e55ff122","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"5418da17a51e7a374a37a3f04432557b6bae56578aacac7bda673d2680d3db59d800e98507a2caded4a3a8bff1","nonce":"4adcf8c45d079e82e55ff123","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"8f68f0c5009274c851a76c6c7cdaf722b70ddc7c685593a1410d33da7d749556264cd998f309b05ee7bf0b871e","nonce":"4adcf8c45d079e82e55ff12c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"1e5ff182619d61e3ddb6d53a8ee41d8373ca9f113dd9e7b925ed0d47228f8e46c8e0ae632c04a8f50ce92d1eb0","nonce":"4adcf8c45d079e82e55ff12d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"39c365a217c5ba5caa0a2662ce67ad92e2e71d0dd772b00ddc799d6d9d4a7047ad54d371d182b00eab778094dc","nonce":"4adcf8c45d079e82e55ff12e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"880ef3492c456e7d807f4606670b0aef56a52f0bcbc0ccde33f0003a5087b82a6f6b364870781ee118eace1117","nonce":"4adcf8c45d079e82e55ff12f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"68fe78d33947136b4bee182b456b796f094d34782c8c0907a60eb288c80c977c0d596384bedf9d262b97b72d7b","nonce":"4adcf8c45d079e82e55ff128","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"b5597a3cfddf7710a28e412184a89eda28d001c90bf7f7ea8969da8a18a6ad699eb73e4198e2218ffe771bfee8","nonce":"4adcf8c45d079e82e55ff129","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"ba179a0284ebd6b75f57b4f15f3271dbe1c77c769d7ae264b1b9625940f802cfb98dd42e7f83b96de8bb491549","nonce":"4adcf8c45d079e82e55ff12a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"0eb396fd2a5a3a017a4b3a3f490d6b3b8dbae623b10266461f757687401bdaba9ce9e0952635e63c9adad2b4f0","nonce":"4adcf8c45d079e82e55ff12b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"576145d63b554a39c0836e662ffeee28673e3d4cc65d267b88a294ca4442f3046d786fc0e57470a30b8f118b8f","nonce":"4adcf8c45d079e82e55ff134","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"cf19f0968ebc7a74120166bae59f1e75c2f7010a39d178f7d123111f32537050380478a17dcf21ff33383e221e","nonce":"4adcf8c45d079e82e55ff135","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"7c279159bd500be26e9228bc4cd4c1a58d3a6dc63a10338edceddb9107a824d6d2a32565fa5cf4f561181cda53","nonce":"4adcf8c45d079e82e55ff136","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"3589154604586206805337242d39da136591053b0fc9d0018e53d09c858e72a923d11fb245d3c5935b5b6a822d","nonce":"4adcf8c45d079e82e55ff137","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"019a89d89aec1c88ce19c5bd423356ec12376a746a479e196309db68a273d8b99db2776e7c53117d1c9b583ff5","nonce":"4adcf8c45d079e82e55ff130","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"148ca0394f6a9be4eedf25b9ad434f2ea35d2c92c59bc7962f02f3e94872c9a9f73f3157959a71f3936191c668","nonce":"4adcf8c45d079e82e55ff131","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"c9a11e21a6e8b974f870457c5ddf0c2d5d426df035ad46cd4441a83221d1d3c84c815e0ea21c4786ebaf3264bb","nonce":"4adcf8c45d079e82e55ff132","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"ad5801815ec04b8430243c77081080af3f4f084cdec3c573a92277a97129783c7d48a97f0713037ada9ef7f9fe","nonce":"4adcf8c45d079e82e55ff133","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"fdf2736701968fbafa42d8774475a74b3f5085b0a070b3fcd6ffd89095615a2c1ca99d2768948a5c8e9f24a1b8","nonce":"4adcf8c45d079e82e55ff13c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"6b59920609f4a927c1fa16c5d66c75b9cf7390fc3d01623bfd7ab80f1dbb9a1c59d4b778f47687ade96b2af724","nonce":"4adcf8c45d079e82e55ff13d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"dda2c1e99c694329c19fa1150e10b20133c0e7174511f64514e81095b8264c0cfe2ce965d3bc97d252f834a4ed","nonce":"4adcf8c45d079e82e55ff13e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"043ab7aa057188542c6425c547746ac76e5c95f49a8703e3c1047674dffd5d90d2e4334003afee3b1ad186fe86","nonce":"4adcf8c45d079e82e55ff13f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"5d64fa74d78d5dd396b9abfa8ba534408c6b77b74f21c51cbeff8dced8fa046e013689d79fb4326104496b016d","nonce":"4adcf8c45d079e82e55ff138","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"87b6f77538a310751e420c5bcf6044f0ca18b40587ecc08dc9ed56636f0d2a625c928e616b5cbf7428f8ee02b8","nonce":"4adcf8c45d079e82e55ff139","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"02a2989cb91b7cd401bb8ec1b76157c70a6ac4bc5d8425bade3d88accb886395bf92a1d49a9493fa38996c321a","nonce":"4adcf8c45d079e82e55ff13a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"5f9b1efbc2807516e0a765593fbdcb30b28cf937922238586b18c5e0a2c178f60ec9efb50b920a2eec5ca2ada8","nonce":"4adcf8c45d079e82e55ff13b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"f96fd122e3a47a59ca8b08d942ca98ec7be4e7be831a4b10dcafa79a7285606815c068a238419cbaa780c3cf6a","nonce":"4adcf8c45d079e82e55ff1c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"7bb9dab030c852780c4253069d6af5fc9e5d8341a2af66c29f45c5da436f08508b329dcb00e97a59a8d80ed6e9","nonce":"4adcf8c45d079e82e55ff1c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"e36d74004bf248401c941bd4fc8bc111cd866f30a2251e15d81cdf7a4018f9e0aac5d917ecb2b391f957fec44d","nonce":"4adcf8c45d079e82e55ff1c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"bed10fb5e73edc2c001a2ccbef59c8b077a0c8fd6e76ee6be8bb31086cf1ddc78dca954f931c8fcfc76e860603","nonce":"4adcf8c45d079e82e55ff1c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"9fec922d020ace0424b4f57a8189e0a9479573964632d649bf96dd71c796f9dba30e39cb5693d784e4aee3baa8","nonce":"4adcf8c45d079e82e55ff1c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"4eab0c92dddc18f67003aa0b7ea240153412fe7a50f73cd09acda255edf26c3d04155456fc722164d4c69dfc3b","nonce":"4adcf8c45d079e82e55ff1c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"b4b3fd7cfc37fc81cb19d8ee2381341c4207f1e5acccddf1a3ae6e7921d7829c9cb3564b2679382b271d403634","nonce":"4adcf8c45d079e82e55ff1c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"5b218183e323da32bd2970217f976713381518c5e3e038520a5043d75eb2da5785cb7df2a6bea52703d431a99c","nonce":"4adcf8c45d079e82e55ff1c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"346b54d69b670c194dac9537bc0e3902e5fbea279f30ed70a710d1bc3a2360eaaea25ae0bde8f96ac7d489e467","nonce":"4adcf8c45d079e82e55ff1cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"7fa2dff59caf0771be37ffa6bea650e5c219ef4f6cc3512f9ea53d50245a815b6175dcf0a7984e5592c4c86f1c","nonce":"4adcf8c45d079e82e55ff1cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"82d4005adc05e240db4be2b217c81fa3652eadccf3acc4040da3f4766fe8a9eb06f95412f5440b5cfbf0407528","nonce":"4adcf8c45d079e82e55ff1ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"42756ae2181068a95b3332b36e5c05cb3b1e7138871693dfdae79e654d2e1eb7a805f80cd9e89940720bc44f8d","nonce":"4adcf8c45d079e82e55ff1cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"11490014c3b8d5753e0c69f7a39d5629ac4e978d0b7b0db54ce1f96cb246bdc755f9f09f040fd73fa164eeb0bb","nonce":"4adcf8c45d079e82e55ff1c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"54cab1656613dff8c977734a7a4a2a0ed8880e03f903a16cf94e91e5d5ee573b1a0b95f8dd689c8ab629369a2e","nonce":"4adcf8c45d079e82e55ff1c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"2704a20327c366728c03a78dda9654138d7ac93e557906bf7c242de9327bfdf7f3d12b08bb236e00cebd8bc8d5","nonce":"4adcf8c45d079e82e55ff1ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"2be35f04fb5d3ad6ed5054c4f0eee488a258524af2434b9a014b587acdf155f593f69ca37eb3f956b7a2d7a0fd","nonce":"4adcf8c45d079e82e55ff1cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"04f8a872d7bf8af7b3d41b413c2fc1edbfee14aaef0a115cb003209a59120be03144c685f7b6c1f3a1eb6c27db","nonce":"4adcf8c45d079e82e55ff1d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"44884fc1bb2bdc2741733144409f872defb677ce7e422dd0291fa04c1a6e7b9f8b063520e655acd434734046fe","nonce":"4adcf8c45d079e82e55ff1d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"a1f6e280fae2a6b47cf5b02b329bd15a196af2a0935d4612435b203fc4e553064186c6c1f3557723654151e6d3","nonce":"4adcf8c45d079e82e55ff1d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"efe1b3e253e331ac1929837b4662ce56148ca76aef8c09c63915601053f082f4f7e33935a0e4d262c89ee97d95","nonce":"4adcf8c45d079e82e55ff1d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"00371e3d7cd7523027159c57547afae905636ea9c7985c2be72a0b200931a603a548c86eee64e9da36e45afb85","nonce":"4adcf8c45d079e82e55ff1d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"3b730a3e77136d1e6fffc7bdfec0c33183dbecc0b801e6f6a73e76f32316a1914c2f6376125d51e09a87a6fdef","nonce":"4adcf8c45d079e82e55ff1d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"f4d7731d716253899b16488230f9160b662dd33faf594ab06f17af5de2615584da26f61484e192f0ecfeded627","nonce":"4adcf8c45d079e82e55ff1d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"1f96da84b2ed12cc11c7c2b53f530a3d29d6ae8434074081a3f323f2f80bfac44c159b5001b3545bf6d5981438","nonce":"4adcf8c45d079e82e55ff1d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"27d427e51cdf3a956eeef5a72b41295916eb3e07615060f2f675df328730f7712c49b530852830915e67786359","nonce":"4adcf8c45d079e82e55ff1dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"423dff6c9c40696f1f476568fd4e8337733c3473b9044155f94443e01324e0cddabeaabd27f5372b625ed86c9e","nonce":"4adcf8c45d079e82e55ff1dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"2b94cb3464c623b1d90e731c32f69c4e42d28614cf6ed95f7e8dae7164163e2f1e1501eefd56faf7a8716aba2c","nonce":"4adcf8c45d079e82e55ff1de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"f8bce66fac9bd2759dd013a5445e35fdca8964576faad79c0fc6e0154e7572544d3e7a6a61462e7a05db83b9fa","nonce":"4adcf8c45d079e82e55ff1df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"858ea3019e5ae7845984bc80899c82da50e65973b44f32420400d133c85bd353054122a47941945d1d9ec43160","nonce":"4adcf8c45d079e82e55ff1d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"05eb576ed8db03e4a307fb227c38a99599b3deb3f77a044ab8c44f89ff7c11b75d4cd2d711812ac8dd77050044","nonce":"4adcf8c45d079e82e55ff1d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"d2c29f88bd0776e2e76c82881a07eac5c5d0af449451508a5267da00b2da5bfaec88f354c0f86d49e86b4b2434","nonce":"4adcf8c45d079e82e55ff1da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"78efd9a40f72ebe27e8a3e073f57403292bb7aebf6867c8da7b6e4f47047adc6a68f807bfa51d4553bc0c04aae","nonce":"4adcf8c45d079e82e55ff1db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"49583c8584324f42b0519507e90d0f6fe006d3c8bfbafa6af0aea5e6d4438973b9a27572d9a689ffe38b3daaf7","nonce":"4adcf8c45d079e82e55ff1e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"619d4763c50f4913f36f3a18e3db67a1edc354421850805770743d5affb3fc2c1d9864b59c3c31821e99b0b0bb","nonce":"4adcf8c45d079e82e55ff1e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"4a22483b511f58663826f98ee4068977f87d7f80a909efbe97e7b72867eb0f13474c9e3cefe29dcf9274f07e6a","nonce":"4adcf8c45d079e82e55ff1e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"d75b73aa73fe5a9ae9a9ec704cf388c2e65bafaf798f2a8bed41e7c12d0d0266371ebbd5abbb80517b8bf212af","nonce":"4adcf8c45d079e82e55ff1e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"75b3b98f9dcedaaae6676bd6b824252de7309f42783ee05936342f8c39de0deac7ad1dad3360de7b82d3c479e8","nonce":"4adcf8c45d079e82e55ff1e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"456f57db58c6fa2fbe3c7ee6258f6f200c57654d7bffc0d20840be90f21c842231d0dd852d3ac69b2fb1599e48","nonce":"4adcf8c45d079e82e55ff1e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"be9564352d170779c4a51d2c132ae689e21a3780603a32e8dbe4aa8ae23c3ce510890e834d087357144b386ec3","nonce":"4adcf8c45d079e82e55ff1e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"0ba891a4d91c97d91f195d2d4adc3f8a309e7cad040b13aac6ee35c411616784800119c9b907bfd65a1829cabe","nonce":"4adcf8c45d079e82e55ff1e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"d807cc81f2b65cbad9b035fa6eeea5b2b5d28f1bef9b4c551061d640da44aec93dff0bbf940af00795faf2be7a","nonce":"4adcf8c45d079e82e55ff1ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"0ff945f474fd66f7fb34d220f9cf0befbbf99cbea4ad1403bf637a7866c80d9414b0cb6b08bf1ebfaa319e6583","nonce":"4adcf8c45d079e82e55ff1ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"0c1f064cd8b04a5ecdd7269caeb0366eef8241c2a20e0437186cfcbeb9e5680c4bee0662af22e04cf2505bab99","nonce":"4adcf8c45d079e82e55ff1ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"0671b77d3eb3278d6b635831afc6112e6121f9e42480485ba59b9be238cc6e13c9b6219c28e47df4fb7ac8f003","nonce":"4adcf8c45d079e82e55ff1ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"f2960b6efe3cae66558a1aa9ae10d4338125f21d7b5a2db60d51526d9fa8cdb1edcfa8c04b8e74950d73e37564","nonce":"4adcf8c45d079e82e55ff1e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"88a90ae0d371b6b78b1d5e7179058e9ce730f094bb531bd089842fbf973dc22ddf224315eff05737e2c1b1ce78","nonce":"4adcf8c45d079e82e55ff1e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"f5b57105cdbff3aeb67dfe66df4fca69f8499c3642a8b7ae47fd619e9fbaa6b51eaa600a0c6a889de0b0606bc7","nonce":"4adcf8c45d079e82e55ff1ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"a3678e52ef7780307400a86c274473f029c85b95dc4342b40ff07ed27a587de44e8a21c869a7f7b10d62446c7d","nonce":"4adcf8c45d079e82e55ff1eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"3166bae5e762a8dd8f286c6418c436484d002f9d9ad8886d66f17106b9e1cad90b4c5cff6afe891365b73216fc","nonce":"4adcf8c45d079e82e55ff1f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"bed0356a6edb6bd35efbf8c324bf3e3c05fbffc94726541fe64069ced01cf91c467eb6a952767a3e0b15376bc8","nonce":"4adcf8c45d079e82e55ff1f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"171d160b7c6cb1fc61bb5cbb063c2f5ceb8333cda99ad3949099ca8076aab78f938936653cc552b25892ec3257","nonce":"4adcf8c45d079e82e55ff1f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"a3a2ca6448abcc8f41e4ea2dba472a311e3877b0188e469467b6e32ad22486d1804cc38bc1d11c6147b7ea799e","nonce":"4adcf8c45d079e82e55ff1f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"5d5ea567299a1e6979367e362448ff020c06ab008f16d6196587a21cc175358151962e2dbabe6a8d3661e9e75e","nonce":"4adcf8c45d079e82e55ff1f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"33ceeba6941f200515ddae34ec241000c28cf6a5b96fd0100c160c1954b3ce7b3da146cb3156715a91cb6d0e73","nonce":"4adcf8c45d079e82e55ff1f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"19d28051323a6359eee672d2a02de90e6fe60659506037b7eeef5871b47adedf086bf573ccc9067fb15030928e","nonce":"4adcf8c45d079e82e55ff1f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"e2054f18654b2450ea92d9c64466830993d423771664ce987d4a3067d22c7576a409f3ceb0ab0fc6f2408daa50","nonce":"4adcf8c45d079e82e55ff1f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"c339bc780e385a29df794f4a44da851dfc9d4e604e3f5715d03a882b0af20f3537cf3d8a172c398016542c85a1","nonce":"4adcf8c45d079e82e55ff1fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"cd4eda4dc52c59f7180fe1879906062199a4ab47d9d77437b6525e4c7e0b5bcc15d48e441d51da761e828f572c","nonce":"4adcf8c45d079e82e55ff1fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"99e5327e26af3a680a06bf61d262a404384b803bf8db77e4c6ea02adf79417003258d8ed5bf712d889503f1126","nonce":"4adcf8c45d079e82e55ff1fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"589479180de9e660159a20ff8a21d227eb028083fcc419ba06749d5e0b267067ef6ec4ca40e718306526f793d5","nonce":"4adcf8c45d079e82e55ff1ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"48fba4031ff968963595091434cbcc6e5bb93857b1aaf9597855579b83a087376d408bdd0a22b42b19f45c28a2","nonce":"4adcf8c45d079e82e55ff1f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"c72d448cec2946766858a18a1bcd7998c923fe220063af499b580325a3d5a0ea25342b73ef89a6adff87c2a12b","nonce":"4adcf8c45d079e82e55ff1f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"6005c19c2aa8f681fbc81a881516005c2043c3e4865085cdd4a8aa7ca90e8deb6cac1d598a7262386b46f86afc","nonce":"4adcf8c45d079e82e55ff1fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"e7d0e09d302e1410465b843b7615060e5e581b9ce00b4efaa4e8c2c1628a348abfa2e7e03a8f3e4727479507cb","nonce":"4adcf8c45d079e82e55ff1fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"e7b7570cc9aa61bf0663da859f2e5c6301ad01e687fa6a6c1c5342c68a191feba97eb82e70ddc4abfc29f240e4","nonce":"4adcf8c45d079e82e55ff184","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"8f2140110b3e9328319382d91c2d46aeef5f9cc2d4141ab6af940996bbe7a8e462c9e57a3602f303503e0c2aaa","nonce":"4adcf8c45d079e82e55ff185","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"7057f66c1fd34ef44a51402641942c9b4cb9ce2b7d65c38f9974ba02073353f986e243f8b744ca85a05f8c872b","nonce":"4adcf8c45d079e82e55ff186","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"02b6a1fac2e39205de6444223640b8cc5f873b3e5e4ff90b4f1eb3e830b26917e6b3dd97ae415a177f5b09c0e2","nonce":"4adcf8c45d079e82e55ff187","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"5d832d53fe3afc9c4628d13ad508cc6bf551b5109112ac3208d402911902d1e8064d15259c0d5bb4ffdc9af554","nonce":"4adcf8c45d079e82e55ff180","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"e95986ae5c9e46a1af0df571b1aa4ba86e47cc5184e52885000ed4fcff7f5a4f883c862286d9d42116a767cef0","nonce":"4adcf8c45d079e82e55ff181","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"c67db39c4d35ab299ee95d49ffc8c2eeff58b9ad8b2a64d120bbebb0cdef8a61a3c42a08daf3aebc960292762f","nonce":"4adcf8c45d079e82e55ff182","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"30ee22832bf93dc373b87b3bca5eca3c78fe69ea258794878ae4ab251d8683958b6f8368c0cfe258d43a22e47c","nonce":"4adcf8c45d079e82e55ff183","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"7acfe002c9c47f91081281d2b9b99a42b02de4d4ee29d47a32c8f223245d93661747f1b09c884ce0b3c6fa13c7","nonce":"4adcf8c45d079e82e55ff18c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"ae853649a6020bde4be9857e0e4b57e9a4f212d708e9cac5db2bfcc7ff3a513563e885b4500dd5a807dd114662","nonce":"4adcf8c45d079e82e55ff18d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"253f6eb28849825b844ee05385754e16e689c9da8ca819d5fb9d64e2f7c4b66f405b3e2c079fd8f26f580632e0","nonce":"4adcf8c45d079e82e55ff18e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"6e7ee2da32c6a22552401fc0ffaf7f0e839f66df726fd773b93d3e6f38784b31aebdc9ae8e7e4d91183f89a8e9","nonce":"4adcf8c45d079e82e55ff18f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"f51b4a8e9609244fc8ab831aec532763b99406579cee5d7beb0699e2f894ad9f39db33a84b760b4005f1a7aded","nonce":"4adcf8c45d079e82e55ff188","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"10bda8e483335162ce24efd765d34fc823f172bea196fbf0492e05864ddc1b1fe28cfe8a4b89b97b51374b20cd","nonce":"4adcf8c45d079e82e55ff189","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"d4b55bcf161a4a930d110eb39e868503817673b082ffc177026605b3500f698b46494521a7b3d5abb73959a364","nonce":"4adcf8c45d079e82e55ff18a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"004203ac14ad621f930a204775580509749bf588f875001a8eda3a712597a04aaa2d12a2cee51acde7bade9c15","nonce":"4adcf8c45d079e82e55ff18b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"e453494278145bbb94fbea35744727babf41aad55ec02567197ed861fe1db66b9c37a45f0509f59f360b09b46e","nonce":"4adcf8c45d079e82e55ff194","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"af4002b79b0aca36d2da2ce29dabd6f0c6805028ec371092c719a9cfb8276112c7cea884d0c321dd5d32a755f4","nonce":"4adcf8c45d079e82e55ff195","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"6b03789de7bd4f0ad96a3bae3a1951cb7a3b11b3d306b357338d08f0025958e1b67ef1ebde10349a36382f910b","nonce":"4adcf8c45d079e82e55ff196","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"3c684d06628eea09254e92883e6fb0fdef36a567ddadbc43048aeefcc3bd8ba8ce7ab47b0d04fdb9dd91c85bde","nonce":"4adcf8c45d079e82e55ff197","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"cb1af043533701fa5d6888dc675ed913e82a8597c712557775413f934ae0ebbd8b9aa87138f9a7d391e5263663","nonce":"4adcf8c45d079e82e55ff190","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"ead2f8a0916d58ce597050a3b8cf7c9e3af39776358ebbceb0ab4a2ffcc565a9305ede13ccfd2ae5ef7170bff3","nonce":"4adcf8c45d079e82e55ff191","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"74367a3e31ea6449f5dfcb4ce572abb9e502c989674a4d775bfeb7d24537868e7ec02c6616f9549fa3503bcc9b","nonce":"4adcf8c45d079e82e55ff192","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"c30a73ff69074a2afe2c00d1619744f167d7bef88be2228dc48837fa7aa81f4c16236160d8468aee439dc31a2b","nonce":"4adcf8c45d079e82e55ff193","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"c36be7db3b4d45b29f3c52f3c40e7b88cc8fa500936d697ebaa5ac272623f6de2fa01c1b235df662130e31bc1c","nonce":"4adcf8c45d079e82e55ff19c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"d94bc2c09f56dd375a31729dbac2f465351df054a034064248a2d232191f679fca58b09225551fc4fe17cc2b25","nonce":"4adcf8c45d079e82e55ff19d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"0ef9ba0d2d0914e0acf6546a383fa42f5bee8601e4e8de7705aa42b8573f49c6cf303785fe542d7ad707645734","nonce":"4adcf8c45d079e82e55ff19e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"8b487253903299344682b56a209842a34e706d32ff1aba44722a996c3ccee7b1a39ab762e91fe1f5db06c179c3","nonce":"4adcf8c45d079e82e55ff19f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"6825609b13525e75025c1029a00dee8ef5a7022f71e85a3a88ce33be7c20bbfe26641888a22d9e6ba3ca304f6a","nonce":"4adcf8c45d079e82e55ff198","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"fb032d707ca8f01cf0aacca582ee6c12cc9a36e918ae6d7cdff75812e517e4114a5c506d4fa5fe530ba2e3d578","nonce":"4adcf8c45d079e82e55ff199","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"5fe2a24a4cfe3e038a716a3aa9ebf770abab268acf7947a14a08c3f47ca87de8f8ff4f7cad11d89db16d6a8bdd","nonce":"4adcf8c45d079e82e55ff19a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"ab61a6adb08993646093d547d90c92b80a5fe85aed8e8ca7ae51a24b662ca137d76d746c52276097c08152d25d","nonce":"4adcf8c45d079e82e55ff19b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"3b7fa8cb03a7135d92a61564b5d1d2034ea255efd80cce33284b09c5099187c4cdec5136c233a8f0da2faa4f0d","nonce":"4adcf8c45d079e82e55ff1a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"c82f0cdf74b4f5fcd6dc0dfb513bc0a3279027a90e8be2c670107fcacf3d498809993e0a735fbc7f25191bc4b8","nonce":"4adcf8c45d079e82e55ff1a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"421d4351f712df93e139f847823282f6e060a9fe050b030a02880c203517037fbb4d3a9b6184b2c6229024e137","nonce":"4adcf8c45d079e82e55ff1a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"6b9538224cfa76ae063de5fd92cc7490dc36f782ac0c2cfc31000354c948cdf2808e04830c7daa5822106d8020","nonce":"4adcf8c45d079e82e55ff1a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"1e570e96796a17eeb986ebe8a638be3263a4a7138cb949020ee3c4d4e3f2650590bea9bf24e6c22f1e6816d8da","nonce":"4adcf8c45d079e82e55ff1a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"8e55c07104cd59eb8e5b1355990f4b2d574dad093a715615c480b1fdb32c53766ea048244236c5474b0687e13b","nonce":"4adcf8c45d079e82e55ff1a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"d5c1e7a481d657afe15c3fe5a689e2f9cee9eab4d191eae3b9e7462c4ada97a3060db1802148e565833cd99253","nonce":"4adcf8c45d079e82e55ff1a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"5e439acb8a96652d4c302594b5061da16a487a6063a0dc03aacfcd0d45fc847909f01d061a87e335238e599caa","nonce":"4adcf8c45d079e82e55ff1a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"975250c1106e007f900639241d1728dcf03efa2e8dc95a8c86c74e405099d2214757c2242502ceb7cd6952d6d0","nonce":"4adcf8c45d079e82e55ff1ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"bd6f377df8e535722ccfcbc31e767fd56298dff6cee84782b94ecab619263048f35ad67759e90b39e499fb800b","nonce":"4adcf8c45d079e82e55ff1ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"7e07c470d737fb4e73f48687ab1d1e59b2a50b8574e83c8ab4630092a9d0bb66afa2980306ab284a6f45f1146e","nonce":"4adcf8c45d079e82e55ff1ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"ce7f1073e12c01b380a9c6c79aa82466f40993900afd7e1a419baa378f4ed506883dfff301c0866a2834c7e884","nonce":"4adcf8c45d079e82e55ff1af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"0182efcbf3d2eff5f355ecaada50c5d7ee91f2960adb9aa97a525afd6acb90730565a7cf5767e5d2ac687f2a41","nonce":"4adcf8c45d079e82e55ff1a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"03fe946cf3d90a6b7b2e93f40306f64d7287557e33e59e0c3e954d675d9c109056d9cb1511761bdcd456d70d15","nonce":"4adcf8c45d079e82e55ff1a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"0c7ab2050ed2d47151b495419667fae12cde4a7cd7c966e2e929364a19893d3bd75bbb901325dee7ef7ef380f3","nonce":"4adcf8c45d079e82e55ff1aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"de5815cc7ae0eb65c2755db0e907e4c51f797e2539073f5726c487de574d338e57cad770130118b996f35c6b6d","nonce":"4adcf8c45d079e82e55ff1ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"ed98d04b8156246382eb5ea0fe2f59fb7d23c83c3b57ab305cd7c4a73d9b6bbf9f82d6c0984eda363a209db25f","nonce":"4adcf8c45d079e82e55ff1b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"683d00e80e95fbbe7172be73f776f4c9bab567489afadcc584d394fe4e13439234db5d8222b17fc1723e753d1f","nonce":"4adcf8c45d079e82e55ff1b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"5e81eec4bc74f69713eec25f0dc5ea7aa4b886a08711da7e832ac85ffd80267a40f759890d35a3695a1ee8624b","nonce":"4adcf8c45d079e82e55ff1b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"6b36f84287c726c4639d8f3e10d812e83147ce6449485722c188651cc176befade20fd0ff893c77fc0a69f4a9c","nonce":"4adcf8c45d079e82e55ff1b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"fca7a77d12b1476415d6ed27b937a60ec31757b8163ac63fac378e8309aed0bd651160547d739d1a7fa0fab333","nonce":"4adcf8c45d079e82e55ff1b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"180d7f8dea5553ed18a2c6fbb28eceb35fa9a862494c32a695e7f60d395c3b30fd61453c3f056977fff4ff7998","nonce":"4adcf8c45d079e82e55ff1b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"56212ca4dedb0c4c86a99c44b6c2a472531db1f894748f0f80133723d8e254500752c85c916378c96da6dd4c4b","nonce":"4adcf8c45d079e82e55ff1b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"35f72186e2718d3377de06e9a0a2ce19dcd4b599e7e0adce98924b8fad2263e56409bad5d20d833412ed64da28","nonce":"4adcf8c45d079e82e55ff1b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"5e5f5dae19d022e7f5e397df352dc6f7d68b8395b20b8dff74bdeafba4ac2287ac986cc8e1694d954663d163c7","nonce":"4adcf8c45d079e82e55ff1bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"c148e715432b062f89736857d1f40192a8a519ff8b8420a63eb377a1867c35246dd3ae3d2ff2fba881063f39dc","nonce":"4adcf8c45d079e82e55ff1bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"e1e4bb043699a484f053b36bfdcec15f6d9fce0ca01b5c105d7c30c1a9b76abbed4aecd3fc1acedd140bc19da6","nonce":"4adcf8c45d079e82e55ff1be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"5e325c33d060d604375a13c3737b96a275a60a18dfe84d0961b5112175fe8c4c196c6938e90e69f5e08450134f","nonce":"4adcf8c45d079e82e55ff1bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"17d23f8384006511c400e4fbdfcbef7fcb9d1ed7ba4f504a3fa052d5017b5f31aed8f4eecb2e4c2473db528fc9","nonce":"4adcf8c45d079e82e55ff1b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"ba062feee02cd02fec25b48f57a7f831a1aae7a53f5d6d118dac206add123a6cff04c5f105fadec6d06fc0b54a","nonce":"4adcf8c45d079e82e55ff1b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"5388310ee561169606546f95f981110a8fcb383a13f473f50002c8ce8a87c380b812fe0126ad8321930a440f66","nonce":"4adcf8c45d079e82e55ff1ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"6cc15fa2affd1c3f8376c993a15fe0742288f62592488b63950636fd2184956aab670c03b5c7ed2f8802cfed60","nonce":"4adcf8c45d079e82e55ff1bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"9b5f2cd10f5cc75ba83514ab2c9d663e7d8a6e1599722011ae2601cba9d8d4a53d97fe5922a7ea507cb9263a6b","nonce":"4adcf8c45d079e82e55ff044","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"8ab752195e24aba020129399d5d7763311ced2f5d5f2391480741fa727f4453f"},{"exporter_context":"00","L":32,"exported_value":"21b1da6f120091fc8cbd3072136c8be1e5c237ed2c69d12d93b632ec41eb955b"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"f12a3e4d4b39ce777247eef171fcb0d2428961309711d82cf16245d8b77091a0"}]},{"mode":1,"kem_id":33,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"608fe9e61ea86ebef92b661c12371842a5dffdd4c32a01a7bf3c911fadac5bd6508be1589a14127f5caef327371822aebec642001b85d21a","ikmE":"3298a68e863532fc24b5f10dc82c502541b12eaaf4d645e3bfb82395ae4b7644ac5ea07ccf1dc79d43c8bb10038d8f385a71359e6298d459","skRm":"b52ef8a5894934a06645f8bcbcb718fe484d27b5bd9f1994e4c0c9ab336f55c04ed2c656baf5f45f4e881444a095476303f938b0db5fa6b4","skEm":"0f66e14292aa5afc74bf3da18329b11eab905e0eb32fe5181959b738f704460fc6d68cd618ddaaf08f73a5c948f3da3d666ddf2e9d373b8c","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"a95a6becd206fd64769fcf76b28faac3d7e52b545cd1f2e9eb7968fbc05dba5bdfcd6544979658a3fbcaac9c82cb1c3991dcd512776e467a","pkEm":"6a235a423e95b2006649ebd4d7932bb1a927c7df309925e0762a6fbeb86946e5050e26608bbbedde5f7e8f80f5b5b18297bcb2bccff0176f","enc":"6a235a423e95b2006649ebd4d7932bb1a927c7df309925e0762a6fbeb86946e5050e26608bbbedde5f7e8f80f5b5b18297bcb2bccff0176f","shared_secret":"33bca4f15c8be101fec6005bbf5b2a09a5054caf03257e2d1d8898161fde08fc726d587ba00f52ba9cd3d05dec9fc8253054b6b1f19bd2c6a200c6f2281017bf","key_schedule_context":"01f122f8796db694193e9c25a9085e064a650b1dd3739e34bfd9a653ff471adc1b87399003157c2bc488b6f17e65efdb0a55ebff5dd99ed2ce3d97d3473e69c23c","secret":"bc961695ad0f4ff072382fbb3898fa1e28e14d501d63d6b02b2124a47bf31cc0","key":"9fb12061a1fa7a02e489a06bda8ada3aecad975fe12260b9ae3d06c29f5330a8","base_nonce":"8254fae617fbec374ba350f3","exporter_secret":"df582c27bf56952e026046b2ff9b86221e8897c50aafe86c08d7ed90bae63e7d","encryptions":[{"aad":"436f756e742d30","ct":"7bbf9864d9e970a6315b7b7bb7afb3638d3fc8375fc5127628d0cd15f4484a5b47187f63ca3f231094054080c6","nonce":"8254fae617fbec374ba350f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"97e115bacde895006188c074e2b1afaf11aaa46e5c2b48637508edb84fb0f23ed026542331a1d3cb1ea27375ad","nonce":"8254fae617fbec374ba350f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"2fa247086679093d30a43c5f50e384f4a0ec79c649e9faafb0a8df1301675ed99b10e798fcdc316a1cb12f57f7","nonce":"8254fae617fbec374ba350f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"79c74cb6a6b4f2e6807318fa1079667d160a5c961ec4f92e35f5da37e456db143f63be3b850cef071ec71fa2cf","nonce":"8254fae617fbec374ba350f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"63c2562aa7ed7a3e2d0d3c0019c53494b7a7a828d1478d9cc11108269e6223556dfac76e54029873f98e034b96","nonce":"8254fae617fbec374ba350f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"b448da653eb99431074b43f4502a3c7203b8fc192857f66d5bfbb8dd93c80cb9de9bfb57429f0c1016c81797fa","nonce":"8254fae617fbec374ba350f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"0528243a179effb15a1e546d6b7fcd39e0e01585ed3b3e8138681f1953d3803534278bcc0e51fc5200009150a1","nonce":"8254fae617fbec374ba350f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"42023651e342a8b4c005e24dda80c62f9f92af102a0bd95edeba21865c03e90500aaa64bc12be47d55bb98c13e","nonce":"8254fae617fbec374ba350f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"50d9dfa32aeacc4c89a92a6bd66f20405f74c1b5b89b9c7bb02a20e68a8fe2aac6bafc4db2c6f66e966d3e1d37","nonce":"8254fae617fbec374ba350fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"a6fd8f6f20051057a0452f37ee385cdcbd532e35dc47508d0fa68c445ac1430f4343dcf5e24a2d2eced8c2d4d0","nonce":"8254fae617fbec374ba350fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"737a61ae6963087032f8149ed5d198ebd6cdf3ca33633c2bfa5884e7ab00b04679652d2ab616090163bc93c17f","nonce":"8254fae617fbec374ba350f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"168400a95a2608df2d88e31b913b1a0cbecac734a76d85bfd53d1bb978511c251635582f6617f6747fcb85696a","nonce":"8254fae617fbec374ba350f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"76bf087ea5df55a0e6d007b0a9440ad9a88881edc9835c954ea563252f919c64d254d024824afb4853a72663e1","nonce":"8254fae617fbec374ba350ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"134738d0dcbb214cc28c38971f22bb7a9a8f2bdeb0e9a30e0f5d3c58f7a9ee3b798cfde8d4727b9a6484fd669c","nonce":"8254fae617fbec374ba350fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"46222d4900404da9dd09e9e152dd2f6dce0bc9e98911bebcccaa5c9ac2f936e8a9664c8f25c6db28462f06b4ee","nonce":"8254fae617fbec374ba350fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"980f006c98b83a631b8f0045b12833edf7ef6d39fb2f2aafb08fb694daf380f8f5cdb084341c898b3df6fd5bf1","nonce":"8254fae617fbec374ba350fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"3b76a8eba82610d6683bd5cd1e08ee368517269c608a8e46f82ff0355bbdd485a7c4a7aba62a434cd0585c8266","nonce":"8254fae617fbec374ba350e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"3ced0b35305c83964b6ff09e2ac1c632ce7cd32ab8a76cd22b0a9024611789666e5ef833ab10c9782dc49c35d5","nonce":"8254fae617fbec374ba350e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"d54afcf560003ada56c610bec9bb9d4e11f8284f4c6b0bb2e772ea812f5faf94bd1fb27f0bbbd5942b099f6a8e","nonce":"8254fae617fbec374ba350e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"2cf9e4273a03ff379ba23d3de903e0deefca8e862425564715e5f9ae0948be785c34a40b10a19687c0f3a0145a","nonce":"8254fae617fbec374ba350e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"6860a5b5f4b6ec2194d9a65b95e1e9ed231699a60fb9cf4bdfcf60250a02ba549c746ec6f38b2e6d1406efe716","nonce":"8254fae617fbec374ba350e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"9a6be60504b254c13a55c60a5bfe08e266ad5c2101d179d1408477bb87d395cf14d0c80f34aff4e58a6e40b82c","nonce":"8254fae617fbec374ba350e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"fc7cebcd6a85576fb48b695e81eadbb99eccaaa083fe7c1ebdcac292394c583aa8c8295e66e51eeef4a8cc7484","nonce":"8254fae617fbec374ba350e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"f26ff5124e52807511211a2a2336bdc0ac959f14c7cd29af0c741601dfac6299f48134fe69655f35e5fd07f541","nonce":"8254fae617fbec374ba350e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"91bf364ec430e91fd7b1de9a9788a2722c2c9acf2b3f1424a80892a9c1c241297312f0cc71727ce33f196c9cfc","nonce":"8254fae617fbec374ba350eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"7634db1b97df23bb4bc75ed2e37e34cb8de714323b6f560f305dbeefcfe7d0163b0274e709708bd890ed3d7dea","nonce":"8254fae617fbec374ba350ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"be0c09906be57af888e0463ff33713405ac30ca842fedb3693ad2ecdbcec171be4eb66c4eb74add9605887b6a4","nonce":"8254fae617fbec374ba350e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"30e24b9b2456a8d52458bf0a3fe95b48ef6603cc16406bd02dde2120066cb8584d594732c3df0e303bee1327e6","nonce":"8254fae617fbec374ba350e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"8e78329e8b3c39ca71605a385604e96ec25fdfd574064242305b5571b4dec8c2ac19c9c9480dc12f49e93e2861","nonce":"8254fae617fbec374ba350ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"46ed926dd542d05a399392c75cddae2593ef212c304beadb8ab73569b1319bfee96baf6662b7d8fc2b10685bad","nonce":"8254fae617fbec374ba350ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"97187f0b457d212fca7e1f013e14515b9386f451123000eae0b0a085d54c9a753b701264d6b379fe92644ad247","nonce":"8254fae617fbec374ba350ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"2cfdf4885b72a8306af89d04eead7191f7f5d9e4602f3ac4639d5b5b3476022501247095868c645f8f54342f60","nonce":"8254fae617fbec374ba350ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"40a42f68ece95c60f5bd35ebe96bb637e8852dbd26d10946df538158269f589f8a94d601c59c505def41690bb5","nonce":"8254fae617fbec374ba350d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"63d3c4fee7f4d5bbf937066e244fb34732383bf61f481dc339183ce4359cf5b948b7e385e8b4df2d6c29fc6f7d","nonce":"8254fae617fbec374ba350d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"9ed337a926b0a1da784ad6259945545559233db9d0a06c0ae3487c0d51feb2030f46ee8a759885c1f2d3fb225d","nonce":"8254fae617fbec374ba350d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"0a7029cf74cf6944a958afb49f1c8ad2fd7c0c5243ca4c4ffe354f03bd7295a3169158ccddc76babfc80dfc9c2","nonce":"8254fae617fbec374ba350d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"3b10e7c225b45914848210226fb4997444e10628af0598d0a3ef177b580c97ea9fb87c95aebc6a92d74528cd09","nonce":"8254fae617fbec374ba350d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"a71d20804feaccecccac62f362b716bb1a5ca73d5094907f97975803355e2f0913720237de83b7c92c9c745296","nonce":"8254fae617fbec374ba350d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"ef96a119896b73b56cbf466fe1aa0e1f57564c9fa5b9c2fa6b3e37b4c05822a8aad81a0274f1e1e11581d8d258","nonce":"8254fae617fbec374ba350d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"651c9e5f8d1cceae9de7a27e94751dd1dfab8cd4a18b8c301a802ae8a7f251b19bb3022223f56f3a0323777734","nonce":"8254fae617fbec374ba350d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"a97143dc5508e033357f564237aaadc19d8d140adfff4526daed40c80fd148aed9be3918a681794e9d72d1f814","nonce":"8254fae617fbec374ba350db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"23276f6ec3651fce6c4729b059524b9418b14ed46867b5c8a24a1a7e7ca63a0a7caacf89e462fda3755d83ef57","nonce":"8254fae617fbec374ba350da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"bdc0ec05d229ce2dee2df0e250cfb697d7d0c369ac85b6e30716ac4ef46b30ef0511f22f83f979a64d67b65f90","nonce":"8254fae617fbec374ba350d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"7f2bea24c498430b41d9f16073ba34f1a3b0f2c4e4700a6eb8175a02d51387be573dc60817133169fabddaab8b","nonce":"8254fae617fbec374ba350d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"ee5a200efc354fb0d3fcc5cbfa1897f514c0640d9f3574d9330eff73a78301e224d58706b02f9650d7ff3d339b","nonce":"8254fae617fbec374ba350df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"5d3c96474f6737cc7c31979326017d8e413f7788485d2b1fb936d3fb6e3cbf65e0d4d7d1c7b5e0ab2a09758fda","nonce":"8254fae617fbec374ba350de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"8f3183fe92b47d5cef5454398395389128b66d8afc43a3292fa39ba4324bd8c60bbebd0551e8d50a7fa0180925","nonce":"8254fae617fbec374ba350dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"3130e3eb13be4965651a4b24c55904529ec9bc0ef0d490f80dd03ea157b51f659c2a0e74d687af9e59d10f41d0","nonce":"8254fae617fbec374ba350dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"97a28520468884f10130e5b0d6e2ff09513fee8fd4cf29ef5a7c882e4de1a245ceb18f5b9198627fe23da6e9e9","nonce":"8254fae617fbec374ba350c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"12beb1b46e20f33994ecf2b7521901278316f1accfc7607c4f2975593f10d00910a635e5b4fcfa06dc417afba9","nonce":"8254fae617fbec374ba350c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"254b130366e0d5982d94ffed9edcc711370009fe3fa3bca5a0866a5e7c3a23efab917d481af38ea6f76b4bf84d","nonce":"8254fae617fbec374ba350c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"74aab72a98d6363fe393b920958026dfe2dccf4b186462d2b27f286120f574a7ab0fbac5427a241064f7dbab8c","nonce":"8254fae617fbec374ba350c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"9a2206658d4a86121341e72e6014d2e451bb4e41587c2335d9658132488af3091084aa34b55cedd34530cf98af","nonce":"8254fae617fbec374ba350c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"b186fd7c53647f58f0fb224cd29dc0069d3bc120d7260afdd052d1021b8be25e676122edc908a5bdbd333aa592","nonce":"8254fae617fbec374ba350c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"875b24327b1b655d97074fd44bb67c49914da69d1f5e06e5b9de93957b2890830ee510f6810e1fcb5f1f25e40b","nonce":"8254fae617fbec374ba350c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"0fd64b7101a1fe5c92a1fe906f40b78dfa76ae2e8f4ac7693d4bb8d7bcfe30a20f1efeb999f209761da641174a","nonce":"8254fae617fbec374ba350c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"caa6c9cda72fdd88bc59c9ab7314aa43e7b3e7dd4ec1ab8693ece65fd9f305057d7a2f33d7b2b2bb5aab89233d","nonce":"8254fae617fbec374ba350cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"8e29ab6e3ea378f9af613ed77719bc21c6c9e98446c753aeed7cc9e217d7d4b98e6646c463c5f38a0b38f31f58","nonce":"8254fae617fbec374ba350ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"e39a6017ce46c0e82c566de88817128be381f5a0e0673f4ea8660314f21e764de90a1be0202f8875b54f340992","nonce":"8254fae617fbec374ba350c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"4221a3d58ce4715b10bb656c123715e3bd2487738553b91c07f96a8897e714a89704d2618276a1d85fe964ad60","nonce":"8254fae617fbec374ba350c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"800dbad09bde4d95fd61bad49d002c14ed46788f71b42291200643169157b2321c47c39e67d40c6da24dd7abab","nonce":"8254fae617fbec374ba350cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"c8bc6b35d42e5afe66ac098d99ec356796f4c653ea90c42946832f511bd3c7e37c217b57279689efafb2a9f519","nonce":"8254fae617fbec374ba350ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"9d3b497631a3a4e64e121ec26bbe86ec734110c7a91d38eb35b063e250f4c85536733bcc8ce79626aefe1036fe","nonce":"8254fae617fbec374ba350cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"0404e0238e68ec9c46f3b67d910d7e33f0b008738b8507f655efe569ff685f5130064120869ad924c46f9f98ff","nonce":"8254fae617fbec374ba350cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"57af1d19d6088f5a5e6f7f4c6bad2a08b8ca54ec8c5ee203515429151daf86302001d0bc35bc8a33e370718396","nonce":"8254fae617fbec374ba350b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"08e91b491c788b275477ec75b7727e029953e23a24e9cc0feb9d178a31b96026c1ac9172d771bc926ef93b770c","nonce":"8254fae617fbec374ba350b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"eb3a3b10139c1784c968169e4af929d602aad2aa4f3676f9138902aa1434fa1b5b1c1f1b447b0c96b4c0f6bb59","nonce":"8254fae617fbec374ba350b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"8bce1dfc76213004414b54be519d12d20925ae948c8005a14fcf234fcd9b591d97753cddc814441defd6ef186b","nonce":"8254fae617fbec374ba350b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"93f06c55a0430fe9027ec8a689cb1aa91a2c7c307f79e961c5f1163558e44692590aa07d06ad666398d7a17aed","nonce":"8254fae617fbec374ba350b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"ff14a51a268885a391bda4156efa10bae80332e265141c8b34486a83fb0ba480d616816785faced98770a3f62b","nonce":"8254fae617fbec374ba350b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"f0790cae080c83184a4d2018bff2b2afe9fd080efbcb70b5f208780c1cb6c189fabda8a493774702e8007ff130","nonce":"8254fae617fbec374ba350b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"fac2034517bc7f212b0a612b1d267fd5299227f174e6c304866586ba4d8648efbcaf46edcf07283335b6b9075e","nonce":"8254fae617fbec374ba350b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"d60467ed223ccb339ae6261ee4babedb5df3c5494d084fd610447872d6f994bc47e3780326e0215a9223208522","nonce":"8254fae617fbec374ba350bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"b12190f21b8535a525b2254dfa014f6b33d8763d44c4b7cbd346e46d6dfcad7e5e0b4eebd44645d9fd28f5cf4e","nonce":"8254fae617fbec374ba350ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"0b432c0b6ab8b7e3bc6e4e5a5f249d6fd61627def1ecd373b7b9fd84a176c337dad521eec625cca4d52e869c68","nonce":"8254fae617fbec374ba350b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"6a741af64de05394f1fe8061fb90efc1d8c97e2c2734cc661344c0874db9b22c62ed6d4201a60676f38024ce97","nonce":"8254fae617fbec374ba350b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"58a316691e328bf32e593e826a901cc1889defe42844d230bd093e11bc66151d1902f7fe65cae503ccc68e1238","nonce":"8254fae617fbec374ba350bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"df66c362710cc7d8cf5c623b2e0dfbc4e0ad17774cc8e37079cbbff0274cca0f010685da56b05d1c9bc74eaf7e","nonce":"8254fae617fbec374ba350be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"d004eb3b02b98cecf7e20fabe71c121776b820b988e9fb6fb208e7f9038da66f4bae0f5b3ec6736d30344f6b8f","nonce":"8254fae617fbec374ba350bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"5508034af6a138ecee5d66c494bee5857859baec94d6a2407d7d7461eec920c6ff993abebe2bdfec21ee72ff72","nonce":"8254fae617fbec374ba350bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"e5d9932017ad6c1ff3d5bf08cf943eca872e47ef6d3e0f26d562749ded8cedc8016f3b8eb75d1ce11555fc0925","nonce":"8254fae617fbec374ba350a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"ef8cfecfc3e7be26af1cce30abcb2f076f4498b5ed97e804216277d625ca546101c0670a05317973bbd7f3f4af","nonce":"8254fae617fbec374ba350a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"d754214d06649174d3187f7b5f7f42012fdcd1db5c6d42b69454543986d270ff23a560fbf388373555bfb0e2ea","nonce":"8254fae617fbec374ba350a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"4dde1e43e89aa3fed0aaccd343d2f2b542f6989f91ae60754aed96a4b2c5ae1f4ba5ae65d896cf2841dae12d71","nonce":"8254fae617fbec374ba350a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"f65a78fff1d1396530479e1ed73159d23ccf832ac0aa8e938d9268a61502dfea166a55ac272d21eb18b957ea44","nonce":"8254fae617fbec374ba350a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"cef448175e8832d08b06659d7d8d280ad29121bcfb398374fa60a30e81154fee66e3bc296b9b2ef7e8b464e9b3","nonce":"8254fae617fbec374ba350a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"b2f9e6b7263b496891d6037c9a73fa585b3f45175c79c95dd0f004b732d9a07687ba51b6c1f900b11ca8fb68f0","nonce":"8254fae617fbec374ba350a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"23af1b01c96f6fbe403cdb9ddc00fd7d6dabf0c26e34a5aba6219e3f6fe8c7fc79b5f7937f9cc74f4f53514a36","nonce":"8254fae617fbec374ba350a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"3ee92b539e2b26bc16a0019d03049c6eca59a0cdc95126670d426000d9b52296f9de4e6bb396226be0cd9d44f9","nonce":"8254fae617fbec374ba350ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"d85512978ce711d8fac84a70a881a33f0f9691d787cf30536e183ec21fb13be95427f50990cf8cdbc7aee350bb","nonce":"8254fae617fbec374ba350aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"66171b97caef9439b44c89fa4d026750d567ef86626e158d6c1f4a33694805e0d2a282e158cba8cc11957f6466","nonce":"8254fae617fbec374ba350a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"35beda0f9faaa002eb3fb18f15c1eac6ff19a8652963d86e268008b4179974e82247e7d6ea13cba2f862a9abd9","nonce":"8254fae617fbec374ba350a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"1b8505d4f9678fbfdb53814b7e8db665077baf3c5431b75925019524a51f86c74f0b7031a4c3e0e466c6ea0fba","nonce":"8254fae617fbec374ba350af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"69343aa901aae90e84f3b73213960c0f056be38e5a572b69cfbd1a2b4d727daa4ae767f09e39dfbd2ed32df127","nonce":"8254fae617fbec374ba350ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"cefb9f5eb1dfa3bca93fbfb869ad23f4f8f910f6c8641f7f38254acf479ad0946c7fd5a77dce2032825e2249b5","nonce":"8254fae617fbec374ba350ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"4fe0614ad080790211807ca5f9a6a8192cc91ef83bf02f3da13ea92fc281357b6466d186e285ec79efb2e4b454","nonce":"8254fae617fbec374ba350ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"3f663ae8beba077eae8b800f68f82d4be895cc91e2a9bc14258c8bf443461ac61b0d057cc9e1a2a9f21c966bd3","nonce":"8254fae617fbec374ba35093","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"d60ad80ae1a48e1e617a823bc7c499801eb5acda3e0c10e00df79d6d04d28ffd3d662f3c0c5fd066e09b2b792c","nonce":"8254fae617fbec374ba35092","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"b9ce617337122f3c5517d067226894babe61f94809754e2a317ccb18ceb71ca9e456819e5daa06a551b76d44b6","nonce":"8254fae617fbec374ba35091","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"51461656f912df77dc6ca9160d9cf580c4cad55465c06755cb5ff198d2295385601848f7c6ce2748e849fa81bb","nonce":"8254fae617fbec374ba35090","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"8a794a641897acf72170b3a8f5d170b4e41479639c2f624443a2200fd0d295bf5027fad40beae3a3d5e3405f47","nonce":"8254fae617fbec374ba35097","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"89a6ca86ab83b4c73ff559d54ba46d3bd41e2b0445e6f747838832485247f65510356a9158906ff8c73ec8454d","nonce":"8254fae617fbec374ba35096","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"923fdb110f71a848093e6b6a81bda8ac55109ac1cfb83d32462ee4bbf8ac5823b695d05bbdfb96d2cd2bebe7d6","nonce":"8254fae617fbec374ba35095","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"d2001932f7c7c4df3b4306a11ad86c7cdee0c1de185a931683b29a6fa19d454faeededb4d17f5982684389a359","nonce":"8254fae617fbec374ba35094","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"a8c192f8a6103a5bf7b81acaebbfcc2eecea07bce6d9dd1e413da8eb752e01cf50daad600148aea10239b3d156","nonce":"8254fae617fbec374ba3509b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"520610e0c129776f5932065c021486402c7124c96f4493cb9fa57feac8e31066aca49861472990bc075a491291","nonce":"8254fae617fbec374ba3509a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"0d5c98e4329753e1002ad6121370f85efef40ba01fa4493fbbb60334912c905a44dd07d80857041c7844b00c59","nonce":"8254fae617fbec374ba35099","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"c2ef356a0f9953dd8247d0f97b56f9c8b3d07d78191417c95c0c60f1427c9ff89325f4bc152a7d8d0bcf37ff2c","nonce":"8254fae617fbec374ba35098","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"0424c8bbb7f910cbd6d3ea93c382bc80fcfaaed558bfb1d9fadc207203cd75bbad71680a26779674e07ff1da0b","nonce":"8254fae617fbec374ba3509f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"3390b12f927971edaef55258b324fc3ed41a614188df5a65c81178586d14b52c1a709994dee6afff6e322dbf08","nonce":"8254fae617fbec374ba3509e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"db0e3961afd353bd90d52b7772d3e8d372939905e4495912e3c94c3ebefb6fadba8b6464d3e5e378925483be99","nonce":"8254fae617fbec374ba3509d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"d98267a0522a9688f558738c266722e64bcd52cbebc5af7e97d64362d1466bb2b194990a8aef048a78c5aa6184","nonce":"8254fae617fbec374ba3509c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"18524bce91fb1e03d96b7f6b75ea994841aaec5fd3fe1c355c7179468d2db110c8508e3341ae7cc9282839418b","nonce":"8254fae617fbec374ba35083","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"28971dbfee66acfdff6288822673848d11a7e0abbc9baaabd4ecab922eb93d63e7f8570d68fcab81c941334f9c","nonce":"8254fae617fbec374ba35082","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"c6b5eb286502e8f10893fd10af7ba927370b7950c2ea5b79d3b6fbb8591f8443fe6e0df742de0992e460fff723","nonce":"8254fae617fbec374ba35081","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"ac3aca8f13f8145139552d74c9ef357065531a25f75d2299a8a5966bd834503288e0a7595f6643ab901628f4d9","nonce":"8254fae617fbec374ba35080","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"5a5c0b8a6204f7309fd0b2728add9154dd9552c43779b81c384392188d8b0ac238180a17679eabf3e98d880a4b","nonce":"8254fae617fbec374ba35087","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"1f1a9f5f475be3881e869dec0c8e5f04f3f910b81c922b3576516baf7126e048f50a34e2234ebe7f96ded0d71b","nonce":"8254fae617fbec374ba35086","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"43e5c23edba69e631033bfd02e33114d219097bdb9745125b6399bf92eb777d219c4aba42e5d6696a8b517469b","nonce":"8254fae617fbec374ba35085","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"351eb0b3b299d7fec18f2def433561f1af775dd6430e45de0daa5b23cdc6aad445ff68e6828aad04cecfe77694","nonce":"8254fae617fbec374ba35084","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"4d88b8ee655751ed7cb5d7efaf5d0ec4d52dadba973b83ae6e2bf30a797622f65f34ccca229543141b4c9252f5","nonce":"8254fae617fbec374ba3508b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"6b51bdce50737c7f47f5f51b47d4096fcfca9443ab98c4d99cde02b8287b32976d25481f30e9f2e80f768dfb8b","nonce":"8254fae617fbec374ba3508a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"6e46c2105ab2bcfe891a10ec1b2347518d6858e1353f107ac52de9c3bce879319db1b0b99936c865de88769d66","nonce":"8254fae617fbec374ba35089","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"8fb72f5ec18bee8a92d0784f3b9ad832115757f0872f5b7a715ec5cc0e670e0b395177ae185a11c1cccf3ff717","nonce":"8254fae617fbec374ba35088","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"0bc2b2ea2049e39158784a5b91b4e4a140bd5b86686042bd0e1c7e1fdfeb541fe18fa8431076fea72b82b22b5f","nonce":"8254fae617fbec374ba3508f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"50ed2120157943d2d260b9e99b82213712d76239002fb690f4eb4e92aa2a7df627ae47aece1eb2441e2e14c193","nonce":"8254fae617fbec374ba3508e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"08d50ad03cf21dc8dcd078dae1da6dcf3aac656e427dc12c9457620a644762d759adfa8781120d29c526b43cae","nonce":"8254fae617fbec374ba3508d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"22d39add312b8765260354f211b971cd323707a6bde03275225d29b02f3911d01a4809fb5b3b4a6bc876dc67ae","nonce":"8254fae617fbec374ba3508c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"cf1f3c4f66210c0bbc8dd024f1521f753fd219a3573f06d225a2b7fa448718aef300577af4b45923e6d36d9069","nonce":"8254fae617fbec374ba35073","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"105bdbba2ad9e509a7489548beb38a9822224207a41e05c0790b3ab345c83de1d596e5dcf736d2f9e0436658df","nonce":"8254fae617fbec374ba35072","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"6686d6bd092bc60f284a3d428ca70945f686abf684f9d80ecfa6a504b0d24ec540f516dd94ae9c263e308f2ff8","nonce":"8254fae617fbec374ba35071","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"7328f3906b3c3db1fb5ad3a674229abdbc0386947b06b4e01dd8654e38d8233a94edaf617032e86841059246bb","nonce":"8254fae617fbec374ba35070","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"1ecfd2bc242297e2e43ae0b7ec31ca76c2b4d32d12e20ff0c8799222a1cc0c973278d64781df509783ede5410a","nonce":"8254fae617fbec374ba35077","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"a6a74d1d09ae0d7f16640f38475c8b4a62b3ad1ad7e33641bdf6ba52185ff4bb92a0459818dbe199982e78153d","nonce":"8254fae617fbec374ba35076","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"49b1fa677dfaa48481019220aff1b819d3249404d771ef46a760e39f139598b1cee126ca3097da568ad61f1181","nonce":"8254fae617fbec374ba35075","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"c68f901bf9dd391f9009433bc8f8eff4e84ace8cc95ad2e63c8760780fa209dd5a343a733067b917ca7e59e032","nonce":"8254fae617fbec374ba35074","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"8e4a153c7bd836b7e0c49663c6d2908d2a4543bca92016764730b879c46fb32efc775302391fc9c8a313fe940f","nonce":"8254fae617fbec374ba3507b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"0d724621a733147625d1ff2185b54100731a2681c8f0be8adbc1c103945f387d0dc4c79d7705babf840a2f18ab","nonce":"8254fae617fbec374ba3507a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"0f8249e94b88c4315dcdbd3299ba9c072d1288602ce6263f34841eb9ee676c21a2210441657d4ead8991956408","nonce":"8254fae617fbec374ba35079","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"c2260d03e7ba28e8d4c933d8a0093fa69034ff5b42c254fe053fd499da91e6bd006a9d06a2cdbc566ebdc2ef01","nonce":"8254fae617fbec374ba35078","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"673dd7e69fbe0648c3bee2a735a4f415819de5310752f02d0d8bfc8c030a868ad30f3d6014605f0fcfff4855c7","nonce":"8254fae617fbec374ba3507f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"b3c9958ab636629ae867a6f1e90e545e938786d1ffa6f9254748dfca08f140a977c5ddbc903dcaf14f08c967b7","nonce":"8254fae617fbec374ba3507e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"2ab3997502dcac29d9f78457671d199ab6f49df1f33b363d4dbed8755fe6b80b7d4f33b82f0cf4b8387a23573f","nonce":"8254fae617fbec374ba3507d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"7b9f6fbf911c5a6de1f0be698c4d17404f681320f43fa96e25b70691d12e0d6c13f3cb9a4524fc4d267938ee2f","nonce":"8254fae617fbec374ba3507c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"5deefd4158c97de5871bad752693fb4780c510dbdfd49a048dd44a39737f9e9ab0163d2ef4a315e24bea2d02bc","nonce":"8254fae617fbec374ba35063","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"706d879d7ebc3c371aaf53d9e02529da51fc3b087be75febac93d5eef2e0269027818f10cdaa61ed077894aed6","nonce":"8254fae617fbec374ba35062","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"2299f849c6d3ec6995ca2892f49fa7de51751921640972c03a3179808b67da70efe9b4cb95bc43672235eb5995","nonce":"8254fae617fbec374ba35061","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"a7f51ae45167e6ac2f7446df184979507ddbc5fc66fa5dc3999b10dbc71323b9be937c6e67c21868830f206c8b","nonce":"8254fae617fbec374ba35060","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"537921c341629706128302e6d33dfee7dc7de30caadc83fbe30a09dd371ad6dc998df2616a0f4846975f7e3f83","nonce":"8254fae617fbec374ba35067","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"64929cb6e3e4e29aeea677f981a08355c331e59f757e8a4d6ec5430127bd586bdcb0fe8e19a70c7707eff3f99b","nonce":"8254fae617fbec374ba35066","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"d616175d95c6cc2a7799cd7e080b75aae742d49d8c9b71d52ddc466bda16e6bc1f8ca5ed56cb9f34893feb4c36","nonce":"8254fae617fbec374ba35065","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"03c64b02d474e824669a08a4940774102640b77629bb22cf7acdea6fc6493fdcca734fc0dffeedebc0ffc09b73","nonce":"8254fae617fbec374ba35064","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"73b2763cb57f011e7891334d679044f1144b62d5b106e084855ce0c9e137f2d6e19c769920a44ab20b3467df93","nonce":"8254fae617fbec374ba3506b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"8426a98fdbd608083b70cc13c3ac8dfd51c09f1790010c9b6b682db1f9e8c9ba3a1c97032f1aa68263bb934c5d","nonce":"8254fae617fbec374ba3506a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"430301f3e23ee58c5cd63ee9ff4f9b13063108c97154a5a20a671a8e77c97805349068104676d38c452eec6c43","nonce":"8254fae617fbec374ba35069","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"a1ccf035d84610a7707994c52d99f0110100e3bfbbb58cbc280ed64a1cfe4c6a5f226d45a55fce4051a1f8c35b","nonce":"8254fae617fbec374ba35068","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"9f7d7ad0bc7b31d76c76287018cf9fe5be12e75fff308e54a897d53abb757d4dfd9f36ddfd5f0ad3b84205da5a","nonce":"8254fae617fbec374ba3506f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"22c99a838fb8f1b402a4b8fc5446c0689c9d446487e5f36c6dc02a453bc080e13e002eb27a993d21e7ce7b0b75","nonce":"8254fae617fbec374ba3506e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"984be7b091b83c2e254af58b04db3f02b9341930bb287084d0fd15db001511a85f709927287da00a6edaaabd3e","nonce":"8254fae617fbec374ba3506d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"5faccadaded233f843131c85a8a0ab92a6e1f94fe9caad70680c5761ea62b6296434db2b03f588b02aa502d265","nonce":"8254fae617fbec374ba3506c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"e79510eb1888692ffa14d81e6e0b3df23463d2e007888157f5e035939db370c325f9f69062974a1b3456f12151","nonce":"8254fae617fbec374ba35053","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"68d342a3b89dca38ffa8786d8e9c761de4cb577cdc21928945dcc2181e76144b55cd17391e082c62076fb87c7e","nonce":"8254fae617fbec374ba35052","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"d4fe82c1f914c7247d215e5dc40a2d9d22ae0c8b6724e01f5b0131aa58d50a848ce004a662232bf255cb465ab8","nonce":"8254fae617fbec374ba35051","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"c322520e6232575f491bd99d966b57f41efede8651315f665862c07939da0715f553a49bc72a408bd724772747","nonce":"8254fae617fbec374ba35050","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"37d33e5bfa5b22d541ca5eef5630ce62c978d08217d1d490af467d900fd8832c91f4b462a02c1a5f06dee873bb","nonce":"8254fae617fbec374ba35057","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"46aff07bb9853f50984950edda906085acf8e02eeef0b5a9482d29e0bbc1cbad68b430e40d2dc290677dbf0ed2","nonce":"8254fae617fbec374ba35056","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"3041ffb30b0c35bb88a242c9814a4b6b8f3c79522ac27f4abf94d92e211ea0104dead624b7ede62e11e81d2af2","nonce":"8254fae617fbec374ba35055","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"33b712453e33351ed46a4d18a4c263b86df029bbea2cdb8bd54ab6fb209c5d311c6376b753ffd1b517371d4bee","nonce":"8254fae617fbec374ba35054","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"eacff120fc2adb9baabe640a07ded44b583e9b736942004d0c4f11e07df3d4b5ea917f4d29547dddb6d87c4aaf","nonce":"8254fae617fbec374ba3505b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"267a920d300377d0b10d9fa203cd6aa68edf542a235a9addd0b636123be74285224fefefe68b30b3c3aa3ffd34","nonce":"8254fae617fbec374ba3505a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"3bae25199b62d1b5bd2993d6974d39089fe3a08d1c33058773993edc93025895d581e70598518f41609346dd59","nonce":"8254fae617fbec374ba35059","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"f6a7afc4edcb4cb0188508dac500ac7ab2433505f9802b7ccccb93dbd657e0c76dbcab390da1bff35f17fb3d89","nonce":"8254fae617fbec374ba35058","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"58bc3021b4027a6bd651d04d6c2898ec4dcb73423701d403ad1c76e33b7a7bf5ab3b362ede88feb85560b89988","nonce":"8254fae617fbec374ba3505f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"21d883b0ef09cbfa220769613b00bd8f43226aed00bafa57368b78e71c5f91bf11e0e0c6abfe38feb595dfb5e0","nonce":"8254fae617fbec374ba3505e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"92a1760d369b745caeac6af8d3b1d22e986f0b4944b1aa6b5abd915463bba0a3f75ab1ac6fffc40ffc0d3e7570","nonce":"8254fae617fbec374ba3505d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"ce386d510654fee1e7be1f3ac41c2147fbb0bd9eb275c4ba761a707cecd97c405d65865d7a860aeebc214a645d","nonce":"8254fae617fbec374ba3505c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"3db463ae7ef633dc8fe4e62233e98f89118846349b50c5a0b28e197602906c65a33f33069bccf5bc1a73d4fc64","nonce":"8254fae617fbec374ba35043","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"6a5c15ade4ec19242e44b6577f36d9599b483611c0f92c10b8b43b6dd862627bbdde342ad0d85dacc7ca85b321","nonce":"8254fae617fbec374ba35042","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"1cc4bd0aed8e24a18f6062054dceb9558bc92824e79f40793abfafc4ccd6c2cca9283009448c3c97167a64b792","nonce":"8254fae617fbec374ba35041","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"8146d4441e361bd76e578a69a67b375d83da5e863d6a6d0055dbc4f853a2a31aea34f5aa114415b24054f28c62","nonce":"8254fae617fbec374ba35040","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"e34088d51227c2654124aeae5b539758cb7c3e3f206470f0af6e352f0df1660bf3f486ed87aaf23678e557938c","nonce":"8254fae617fbec374ba35047","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"c487c63116f21b99ae59d0c8ec02961f0770491227c2be47190d3f55f810436a339ab5b3a95ac4f7dea7266a6d","nonce":"8254fae617fbec374ba35046","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"f287e66edbb93b83b939dd01f6560ef50f75e2f6d68824f2ed9de694345f707fb3d2c0722f02fc359d7d5fe2f0","nonce":"8254fae617fbec374ba35045","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"5b5bdadc15bd4e5f6af8cf2a1dada8bd24bee48c6e8627848d89dbd739edf7594f839746e8d9bfc5ccd0b7af3f","nonce":"8254fae617fbec374ba35044","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"057faa767dc2211b3220b99b4e67ad3fd156bb566ffc224bb9250753f40b1ba7e9e535bbe00a3afcfc852ec40a","nonce":"8254fae617fbec374ba3504b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"f7a6c67e8b84ecff0f8a142d5e3ab680b90d7f2c68b79c07e73737a8e1fe394fbbf9c76e2685c678aa1dccaefa","nonce":"8254fae617fbec374ba3504a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"c25b3b8c7805e131b578704ded43a1ed56a46bf215b798b020579203eacd234393e239e5943df9531d9182375a","nonce":"8254fae617fbec374ba35049","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"9e954d841ad143445d5c8f9726c98efcc2017b11c3510e609702e4bdb3842eaa93ba2fc7f04afa2b963ef71e4a","nonce":"8254fae617fbec374ba35048","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"22cdf8ae07457a1fb82a380576aa976cb4bf54b3c779a51db7ff0a7be13324430140a8b063a589e2148c51f5b3","nonce":"8254fae617fbec374ba3504f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"7d579297a82958f088bb915fc1411a2151db5101acf90c68c5a53c544420a23b928f16188ed0caa51366b771a8","nonce":"8254fae617fbec374ba3504e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"b1a6e2548a8cb5386912719f5f49844c577365c99fc3d7eee6c9960e013f35d473f807ac058044b02fd1c0cd66","nonce":"8254fae617fbec374ba3504d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"8c04f4eea7da5b5fb4a0fa6114964e4c6434f509caf884231e22697cd5761e8fd3812de7b6a05dab07a0227f36","nonce":"8254fae617fbec374ba3504c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"4e191a839e9dfb4cce20622366e45de4a45b4d972359218d7b01f509fe88ddc3e7e7bc167824212878d77ce53b","nonce":"8254fae617fbec374ba35033","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"4016bea11260188df1eccbe7b2108fc386dd08ed7882c2d7c4542f171c75721f09de59bdd06e239529e31eb73b","nonce":"8254fae617fbec374ba35032","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"867c6935a9b4bc0bd68d6564915a2ed9cbbf01d24ad89b00eaad9d0ca40822de7c3cd081c7b2f4c27c12161b2c","nonce":"8254fae617fbec374ba35031","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"528d6e0e19fd85f8beac94e0d275cfc66da62452e14eb738d430aaaaa1d9561312c37cfbb98ae5952affb99a18","nonce":"8254fae617fbec374ba35030","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"bd995c654959180e1d48d7444e40c6c70edd0324db15c824c71f4307ad61c71ab96dfbd58bafe0c45254622724","nonce":"8254fae617fbec374ba35037","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"a0cba6e8eb4088542e12883f9473017ca03f45745296b57a4e5e0ce2bc39c320642250dd8549a96e5ca1ed25e9","nonce":"8254fae617fbec374ba35036","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"6b66a6b2b6813572829de386c7aeb0816d7a172173b2cf86b41da34ae20acae127cc02ca607876e1b1705cceb0","nonce":"8254fae617fbec374ba35035","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"af2e99d861c7a20975bda4a02496ce0317d0060880780d0ff1c315b951065a0fbc34ae2a142bdcebfb32595307","nonce":"8254fae617fbec374ba35034","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"1e1f0e1c4f1a89d7b34c32f6d0f95c1014702b15c69edf18b684cd3f7faf16015e8455d9d4c1d32605b9111809","nonce":"8254fae617fbec374ba3503b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"d0ad1a265da5ec336898de8ba2a8a249d62edfc9f4d4eea0ee8d6ac25871fdcdebcf5e9efc211af77ba068ecfd","nonce":"8254fae617fbec374ba3503a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"a36e01010d755f21a8863c3be31c2718debf630b28b12d9498b7af30316a245f0667b1a26546222f7b5f570ad5","nonce":"8254fae617fbec374ba35039","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"95fbe2865c9a204f7ca69f4b7468da1e5319bbaf72040e7362515fe3494bf04ac510248dfb22e0d5ef1ec0bcb5","nonce":"8254fae617fbec374ba35038","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"90651f3e8f0905990fccaad8f612838183571e162b3f7f29b792696da7946bb37ee3abcd3340af8094be477aec","nonce":"8254fae617fbec374ba3503f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"a2efdbd98b3710f8762ab144bebeb4f0456893c3d14efa2801cd2a1e33b05e85131a4cb0606804b2c6daafc2b2","nonce":"8254fae617fbec374ba3503e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"b1a9fc023abc3fe94cabf63cac436ad93899afdd37aac12ef8c504aedfa0e28e24df0288eff1b563a573c450dc","nonce":"8254fae617fbec374ba3503d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"9211e405aeaf71ec12ab4128475749fa634aba612a4406bd11860324b257381d989ca037b34260b360185912ee","nonce":"8254fae617fbec374ba3503c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"a563860a0eae9ebe1fee070c00fd05646aaa14e759a0ff227c4c011bd41f2436ceff585a5049f735798c14469b","nonce":"8254fae617fbec374ba35023","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"769387a7f696902ebdfdf9abc900b084961420e2c4c09f52836428c1f5dc52df48f5d1f199c168f9fda3e9df92","nonce":"8254fae617fbec374ba35022","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"f85c7ae193d287c3543b381e6183eee90323ed495110a73d90a21971ed21fd3366c3795481fc02cd7206110720","nonce":"8254fae617fbec374ba35021","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"025ac262025ed61cafad9fd15e4f8d97fe730c85f3288fb27985a73d17755300e66ebc585236dba964f546759f","nonce":"8254fae617fbec374ba35020","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"f996866ef1ac07f15504d1f1bee9300b133116d07b7ad1f34939caae1c568c4743db6aa21284ca0c6674015730","nonce":"8254fae617fbec374ba35027","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"1871fb2f6490e913759f6341a4684285894384c0e760f86322cc0cb8ffd396b46dc42297bcccdfd06125f4a589","nonce":"8254fae617fbec374ba35026","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"bd13fb0d053feb9b529dc181c40d93046d8936323dccc42d46be3d553eea1a80df9777428b213c085ec7a9106f","nonce":"8254fae617fbec374ba35025","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"c4d834339cfd09da4c34c7b2c96a5f9c6d7ae9f6d4c4a8953dd7fb89c8552b89b0e11309377cd17fbb5f17dd64","nonce":"8254fae617fbec374ba35024","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"92c75158c80a246dceb7ec14e4e8aa73f702417ae1ce8b5148ef98c1e64a06a3de050acdc0cb8231737255b447","nonce":"8254fae617fbec374ba3502b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"9b4aadc70a784828d70e7f4e8795185e94e7c2bc02d88b871e301eb1d8a5ea7511d8bb669eedbb15327b63a9e3","nonce":"8254fae617fbec374ba3502a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"56a6aceb105bd2859e260b4f8dfaca5187316ab64d2d0c2bf78b4a91568b148e96b495bf3622f23f2bbed1f535","nonce":"8254fae617fbec374ba35029","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"db198cceb2d284ab5bfb7c9275fb1234b79fe91b470b0554e5be989f03371ed46a8d159fdb50e7fdb46f007733","nonce":"8254fae617fbec374ba35028","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"e289beaadbe6b8b5b0380a809cea7bba2da8d90be6979e116990547bbe5f0d6b2a3f5c19afdbfdcdda740aa750","nonce":"8254fae617fbec374ba3502f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"93d3b1c6df285c03f2c60b96681edbbf668eb92c096acdd97c9ac97511b08139112964852c98c5b0c53d397c76","nonce":"8254fae617fbec374ba3502e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"e27aae8c04eecd61ff05b0bb499da5405dcc0e70bacecdb9989a471beaed9dfd16d49adb88663318889ed94861","nonce":"8254fae617fbec374ba3502d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"71c95480fcf4dbdec92c52c7b6150d042079be236b267734496f96fe42a6c6deb43af5e37ea7701f38ecd40f5d","nonce":"8254fae617fbec374ba3502c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"e73c0f89bd4b5309412eae49b48035216791eb52dc16843f2c65fa20e4314c58c5e59d697cbf9a3aff19e30db5","nonce":"8254fae617fbec374ba35013","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"c0fa99aa5a817b88dbf993f85ed49305215ef3251ff1c9a9cbbebac8edb7c5dca35565a2dbde03bbff3c28d5a6","nonce":"8254fae617fbec374ba35012","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"a428213ec87796acc04e9db518e7c201e6e8a5af8897bf57bf0318f3b1ae9a871bbc9285f9785990500d5f516d","nonce":"8254fae617fbec374ba35011","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"10186bce94ae6ae8d6f81ad43e129c5e59f87b0fe33f6928263a6b62ee4ca7e57b322b834d1dd77e6aa80f9ba6","nonce":"8254fae617fbec374ba35010","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"6fbcfd397168e700ed8d1f2b0620af7f4a92a1a6180093f59d323283bfef1905251d5bfc55bc6c8b1c77daccb3","nonce":"8254fae617fbec374ba35017","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"ae43657d263d188a8e4a46ecda1b029708d7bc511f865198264ee36f242963f9933b4b436860877bda23b4ec80","nonce":"8254fae617fbec374ba35016","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"ce2ae44b2b449745388e809e9157da15cbc5a73f4db430fb5cd7693c7a95937b0c48d3b4b28c423e651078f966","nonce":"8254fae617fbec374ba35015","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"4cd0e829b72e020a930694b48d94fb97daa4d10e64ca88b81f87d3708b02877a433d90c2432316cde467b42b70","nonce":"8254fae617fbec374ba35014","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"8b71bbdab25ae40c6c0b5411565234819df9639fa98fedac93a752e965e9cb58618ddfd4be24fa32c4e1a7b8d4","nonce":"8254fae617fbec374ba3501b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"008044489ef9579011220a77b9e3f92f85f52d26c637600c8e7b89aeb51fe7006cc8a8fe17a472cd384c86291c","nonce":"8254fae617fbec374ba3501a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"16e7489f5708035541dc65cccd34d4b8bfe8a3e961c31a62815d4228333558097da981000d48bc2ddd81aa5bf1","nonce":"8254fae617fbec374ba35019","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"17475bdb1a2be5e19f8a91b7a03b6588fd04f041bbd6b7b0f0abf8e8422bb27d8e17bc24dc561e15677541bd3f","nonce":"8254fae617fbec374ba35018","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"fcb81cf20bb8aa93bc534cdec84db510949b8ede3a9ce061e5b0b4179d5cc4f3e2e9bbd40c2b71a5e439a42523","nonce":"8254fae617fbec374ba3501f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"9a6bfe200b1db6dd12f0cbedfbc9e7001468787663d8a4d0c05c0713d0b110f038271c4889b463ead95c32facb","nonce":"8254fae617fbec374ba3501e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"d9ea910ca80403fb49f0f283751f0f905da04114250d2b06d524eedf19fcbbcdfc7ec8157d405aefaf64a586df","nonce":"8254fae617fbec374ba3501d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"588dd0d750b9e5efa26b6137510d35e4e585e0aa60497592c2c2025e9daa8fa5e581da08cb8616c3e15a2f9fe7","nonce":"8254fae617fbec374ba3501c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"f55459e8fa8b35fa4193315c4b9ca332a1b2193b449e3baca4220724b564702eb4ab53be152da4285b539b82cc","nonce":"8254fae617fbec374ba35003","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"9645ebd5402897ef46e379931ee6b55c1af7a70c1791e6dadfb3cd85cc3c7ade6b4cc9f5d25e2586f1e2d793ea","nonce":"8254fae617fbec374ba35002","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"2e81e8bd04f9134cd12913da76abe49657a1dc6e0ad41467736ed6829d5cfc0485e20048097a3e681b172d4f25","nonce":"8254fae617fbec374ba35001","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"f9f2721764f7b7782af7d9e5337b4e5b778097c7e871020b8b14a519bc72aba14af93fa6c6705e50b005e4a516","nonce":"8254fae617fbec374ba35000","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"4ba5a7337b98a46addade1c0b53ee1dad3435c5b9844486a641f084cbba6446a960a4e9f91c848b41c75cff276","nonce":"8254fae617fbec374ba35007","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"77a44525d1c8b25e013b0c008337aaf6d6925cadc150d5aa4aea76d574dc7c51ceaf2ddc74cc642709e2db3b8a","nonce":"8254fae617fbec374ba35006","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"c0ce8ca89ff4a538a44840dfdad18ffbfdb4880f6d98de452e6273d0c4134c7602f436523aef7a9aac7b376d83","nonce":"8254fae617fbec374ba35005","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"468f1e2e1ea89d33ea8852c2dc01f1c003ff6696ab90f19d90bb727ae3e26cc00c53178f00b1f2109310138b15","nonce":"8254fae617fbec374ba35004","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"57fe0179fc1d5d055881bf0acbaea43f00a8469a83db59197068308ff1402578e6ccb36bc0200fec145973c821","nonce":"8254fae617fbec374ba3500b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"4ccac11ac15015a53766a0894d85068282bb97e13736a48d3354ca89ed50b90fade4cc3fb7ae81e37677f42a8f","nonce":"8254fae617fbec374ba3500a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"e227fd2c08ff35b4515bb51bfc5f6cfeba6ff3a17c161135fdd91f13b80d008f6eb56ddcb1362a1da950778a11","nonce":"8254fae617fbec374ba35009","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"c5e38c7593e3f88b8f18b758763db6e7454eef9a5900568fe1338524308ca558fd83849ba5e0178369fffb7eec","nonce":"8254fae617fbec374ba35008","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"f343199dd781cd3c3c7ad8168cf7d1158d1c2e8bb17dc0618a9c30ce4cf40c06d9ff435380d073adf8ddb6376e","nonce":"8254fae617fbec374ba3500f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"9a16e8a0881d801f38dc0014453c3007939633ed6af5caac0623d49be0b6b8f1dd76e72d696608dc674bc05459","nonce":"8254fae617fbec374ba3500e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"da184cad2679fba69d03e243b530193063ce274822706acde05f6ef5a874ec16eee6e7328965fdec969805e360","nonce":"8254fae617fbec374ba3500d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"2fbdb471404903f63dbc0030bced549e5b01bb9add1a7e9b266bdce0ecfa6df8d118e9d002e9e74403a0323597","nonce":"8254fae617fbec374ba3500c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"2be3c7e24695c013178e55d177c61597db3e23eb4f668e51a68c71804ff4c2fdeae17ad2de8d8ff730d79d43ee","nonce":"8254fae617fbec374ba351f3","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"32b71d86b5a790d097a790a5091ca79ce9941ccd0bd79011c5635154597126b6"},{"exporter_context":"00","L":32,"exported_value":"181002a1724a8722293a7052a836f7e4a97de6d19f6cf87e355034344cf79d4e"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"3ad68ce8719b87225d7bf1baca77adb0fb521f342408f5a1b73ea743563774fd"}]},{"mode":2,"kem_id":33,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"0268a009c00abb420442b56cd7065228c26f9e8a59754ffd161640e896b833d959421e66e107879b16783f6a15a9fc39fd6df09e75c87323","ikmS":"f5f274274c415b456a4293bafc3676d65fff9be218bf0f7ba0237e28bb9521df16daa2a6c9a7f6970b2c2e1ab05c9ae8816ac01d712aac41","ikmE":"6b650d09f40c56f49809cf98300dfb3083432152bc7cdd2783ead4ea0128a811bc6e3a13ae3e5c657609cfa808ef255834ad85411db9e425","skRm":"3ab544b27bbb8e09a7a4abaf71f67f7ff04c74113295741ea623032ac4728dd289661e6a1d0f850fd6f49b6ca4d308feb83047eca5aa6a2c","skSm":"f8c34d3370f43c7c27bf3386b23c93e6849b78c32d25176b1509aa67e66e8ad033839458adc4bb74b15c697b38901bb54b11a1d4ce6877c5","skEm":"989395653f469791e8ace5553fbd7506049a5142f4b0df4bfb503a5caba21fcb374c4458e606685a7771e19a84fbbd8b979b263e9e53ff1e","pkRm":"e7a7f36ba67b811b44d0b021fed67274f895cfd5bfcd4793a1ecfa2681abde2b017a8dfb44f859a2d20f410d070019b48635fef7cfeeba85","pkSm":"831ab21d939c7fc9c4e692f51dc813e0510a78002378e977ffc09549d91cafc9414e02fb4aa634620e72aed53d1691531a0c600a59b67899","pkEm":"3e9715bb5997ca103085325b83950e083edaf742ed2ac9a2d6c88e82ea8a50238b6565c99875bf72657e140a3b9429202bda7651227b139d","enc":"3e9715bb5997ca103085325b83950e083edaf742ed2ac9a2d6c88e82ea8a50238b6565c99875bf72657e140a3b9429202bda7651227b139d","shared_secret":"0e8a20e01e3745f347ef28f1eefa0812a9066aef4b28f4adb28b391b098adac514d20eb6ee591c488ab9de89b8cb52fde9e605736cc8198317ac36fafaead8a2","key_schedule_context":"02501f6956afc1d37028100b38a48efe15d0352c7da3bfecd089af8d3f55c7171387399003157c2bc488b6f17e65efdb0a55ebff5dd99ed2ce3d97d3473e69c23c","secret":"4abdcc1fe4b76a81a19704c42cba29f1672977bd4e6253ceb95a963e6e6401f1","key":"568d92be5fb16be10597b38fb82732efd13634a9e5441ec1f42ac6c164dc29ee","base_nonce":"9b995c1946a6df0f6cd5f989","exporter_secret":"6509e5b43638aa036023b12c993cac5bd7341350685c62dd3b761098bff767c9","encryptions":[{"aad":"436f756e742d30","ct":"66325502b4b5ac234005ea1460a25cb18233dc6173e2e789854e36a6629be8fb5a57780347932a3a670e05dc9f","nonce":"9b995c1946a6df0f6cd5f989","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"4d3994bbb3c248899d2bc68b18aab3f47f1daacc0d54162059efb30c0bfdf20877eb550baf1113873e962e0b1e","nonce":"9b995c1946a6df0f6cd5f988","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"7cf12c321fedd538184dca0ccdbff404e721550d501cd7e508ab0351e982bc95b6ffb79d84836984c6f4177350","nonce":"9b995c1946a6df0f6cd5f98b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"b90bc3fe47a2c2031295161f9eedca8e8b4787aa8fb04967d3faed5c9231b2428eb73f0fa75832baa6d6f0a26e","nonce":"9b995c1946a6df0f6cd5f98a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"cea09829bc84df195c7f5bd3c3d95fabacb64c2801206e06d02ff16b3af9a1590afd6dc271a5bc779552c6bab8","nonce":"9b995c1946a6df0f6cd5f98d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"84c32d841bcbf94c8c73d7315f5a17cc26ca8f758ae7c5149731f58f9aab0d22c4bd132dabbfce21a0705624b1","nonce":"9b995c1946a6df0f6cd5f98c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"329901a1c982f96447fb0b65ac0cb9bd230cf17bba2977960f61ae029d6787245fe1f896459bdc6fddf3fa60d9","nonce":"9b995c1946a6df0f6cd5f98f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"94f8f849c14e63dcf3281217a5db689a5d3e152d39105c6ec16df25a6b024c705037d7b8d76cb0ae478d881302","nonce":"9b995c1946a6df0f6cd5f98e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"191536ddf24c1548d543b0840bbc5d7f1584faf342f53d9bc79db6a8b92a3be7693019870d4c42ec799b8e79d5","nonce":"9b995c1946a6df0f6cd5f981","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"67709569c20d15553feb6b62f0e6c9f0cac7ea266161e6e392fbd5b89598a151436b7ac0ed597e39a605746ba3","nonce":"9b995c1946a6df0f6cd5f980","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"4cb0600da1c277d2066661e41e170907cfad250703682c51891d4d40b2fc48be354e4d657234f49a1da3c24ded","nonce":"9b995c1946a6df0f6cd5f983","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"cc13096537d79c11fddb9b6a90c8608ff394fa17d3421bdb7704b21f56dc454fcab85e4cfe8e2cceb330c8f442","nonce":"9b995c1946a6df0f6cd5f982","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"d86b85c7baa2381e2023fb272b6c2b4d23da4c97cf6bde34e6ee3b8aa235a1e9ae7129b09311e50504971faf17","nonce":"9b995c1946a6df0f6cd5f985","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"34dabeadeb1c73e337f2940a0eb5062b1f1978b0ad15e94795cfb3e8af0265385eca8becb3662a9f169566fedb","nonce":"9b995c1946a6df0f6cd5f984","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"6324e2dfcb05dbb57744215fe20cbb8396a9c465f342947827768b68f30d391c9d57c82c11e2f9dcc7f329dbae","nonce":"9b995c1946a6df0f6cd5f987","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"be6aebc6febe927a1cd8429e53246ab2f241aaf99783c2e22edfaa53c12488c8877f7cbef0988ab593ce789dca","nonce":"9b995c1946a6df0f6cd5f986","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"9ea45ae5de48413bb0c51988617f9688df362663030a8ae46aaa485d3209c16864ce2074cf1cbcd94508594979","nonce":"9b995c1946a6df0f6cd5f999","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"73836841166297d74632ce35da5ae14a53bb9d8c53655411a329f12807ef2f574984c7f1b1215c98efdd2522c3","nonce":"9b995c1946a6df0f6cd5f998","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"1d893b09d2e3c69ae9f8d8717bd439d189faed235dfef2f0fbfd13f297510a04905eeae591e694e7d0e7d84c8c","nonce":"9b995c1946a6df0f6cd5f99b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"f76b04a3204c6daee2faa8d8c7aa9c394c5536b040eb6131fdd39c8e3236aba3f9526787e6f92b08cd05c71084","nonce":"9b995c1946a6df0f6cd5f99a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"56feb53b2b0d38cc1715e65c721d5c3cfebde56b47b682ebd5efd0db89a47cda7683ec1432b66d6d7b1e55ccb1","nonce":"9b995c1946a6df0f6cd5f99d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"9c788debbb65438d216dfc4ef6074028b575354a1ca469b2a913bb23b84c72fe0828edc3c2743e093748fe5a7a","nonce":"9b995c1946a6df0f6cd5f99c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"cc5d43c3fe9872bb478d2367708549cf71b37c85a6c82a1ebcf09659c5aace0628a2d9959a6f72152b65ff269c","nonce":"9b995c1946a6df0f6cd5f99f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"561bb7338e5cff0c19e36c93f0c5d9017e90427b37e2effc2e7ba2d6e21fa32ac8d96374cd094776b85387d51f","nonce":"9b995c1946a6df0f6cd5f99e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"0e094c31d0e61c50f6b0e7c73870ecb4699cb8b5a200f8c76091ff80b650ccc27cf4fc125483201d29e389c0a8","nonce":"9b995c1946a6df0f6cd5f991","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"01d284e04f7a3ea0fa8e4a1462edea9bf41b1c638ab7c9fc703d250f536076b1bcbd4cff14eb3eaf359d19ed2c","nonce":"9b995c1946a6df0f6cd5f990","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"9c8e69bdedf1dd8b497ac47722404a44d863b5df56c4d1c4d1e5facc5ad3ffebfeacd5b9adc16ae2a0428bccb1","nonce":"9b995c1946a6df0f6cd5f993","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"841c13ce687c50f5d8a842b75be18fc642a72370920076e46389d388b56cc9f0a307a2d417464e16d4f202419d","nonce":"9b995c1946a6df0f6cd5f992","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"b9d48adae3e500098ff9d5156171fc93146e507ad4b3264c65884127c824576c9bc56515d945372841322fecad","nonce":"9b995c1946a6df0f6cd5f995","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"960f8c957ec4fc9e95cb42292719ead45f6113dce411e4a6c65f1e337cfec0ddccc0287cb04d18a228b15ec060","nonce":"9b995c1946a6df0f6cd5f994","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"0c37273ddc308db8550f10519328d497043461d0f522f12174d0ded5c2cd3c0d2ee6db59a7cd03a066265796d1","nonce":"9b995c1946a6df0f6cd5f997","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"05a90b7bd5f828c6b3d26086107366093ceca7a2f44bb6d04d6e7471a767473559d648ce0efbad3efa56c9cb26","nonce":"9b995c1946a6df0f6cd5f996","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"4505564b6d717a302a19a464222959223eb8ed7f001cdcf17e1595975c7d7ce3d9623b836b57266cff544f0f16","nonce":"9b995c1946a6df0f6cd5f9a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"ce2634ecfe7ac001336ceacb4877d768d8d80633329b81e1944ae23160f9c86d958b1a083dec58e2899b2b4ab9","nonce":"9b995c1946a6df0f6cd5f9a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"dd9430c0fcddec19cfb46121f4fd17e8affd9ea805f921023c5e0bc6615f076cb0f8556aa5c6da737c96c880f6","nonce":"9b995c1946a6df0f6cd5f9ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"8ecd33cff924ed0b2836511e30abfc3ee508155fbc83fe95b819edd2d6821be191f5a424222d032e1db97cec76","nonce":"9b995c1946a6df0f6cd5f9aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"ff167ca0c8ad792bdcde0b16adbf3392362dd746a1ac7ed8484ac89e2e3ab925265d80736105e1806c1fb3e2e5","nonce":"9b995c1946a6df0f6cd5f9ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"61ff33c3ff96c610827d0e92c50f4fcbf7c95c706f03a88547762d6bcb87e9b80e1a92ba7aa84ae1f06c119268","nonce":"9b995c1946a6df0f6cd5f9ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"3e6cf02cfd16d617c493e6e1b8d4f33c42ac55662d1581fb884f79db77cdf0ec785723cd769b9ba3d88fca631f","nonce":"9b995c1946a6df0f6cd5f9af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"d60e6e7ea9a54719830a52c3a55aa95799fd86d571466109f15582d191c1d749d7d65859fada88f01e6a4a7318","nonce":"9b995c1946a6df0f6cd5f9ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"d4cd792db3ff8625f17808d5a8347c8fa88ea6cafdab8bfebe2e2ff717301e9c120916bdf26a1ced97671428ae","nonce":"9b995c1946a6df0f6cd5f9a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"089066b34f85cab3d89e23c9df42b6567660d565869fe8ff314c050911b90a784325bc21c71a31f3a466c142fa","nonce":"9b995c1946a6df0f6cd5f9a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"03aff466120b9a4a620e0a83734caee8b670bcc22ac21b1e205529d0676070523a566a9c6d8ec4275aa238bdbf","nonce":"9b995c1946a6df0f6cd5f9a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"a76748ed8a262a119c4c023c47cabb00e2127c7e738fc9e31a91764d45f9e072c338c98d262dd75d0f1aea509d","nonce":"9b995c1946a6df0f6cd5f9a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"2e5d3e4089d9626ebcae57e09132d2d4ca463d4a57633f6c05b6a9a287bf49432c9c8494692282d3b6dcc7dc6a","nonce":"9b995c1946a6df0f6cd5f9a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"471637b9e6b8f5d82568cef522c8e3a6168cc55e7bdabfee2272a561d26e1f23ede1ff8b446be601f2d50bbac4","nonce":"9b995c1946a6df0f6cd5f9a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"f191bf5194f2424e66f8d4f9dade21f8db2f2e4d090d106b856082175a2eb5e44e34db81f93cf965e1ba9d22a0","nonce":"9b995c1946a6df0f6cd5f9a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"a05cf75662c2534c4b980898f84e6bb1af75a3aa67c5eb11abfb75ea39433465f4a5eec584c06bec335ad3bb68","nonce":"9b995c1946a6df0f6cd5f9a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"4a2ec75eed92b118131d5de820c0eb2b20d197104f5fc86c0e3ed2ff826a1089f32e5532742f8ec0db1b43a675","nonce":"9b995c1946a6df0f6cd5f9b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"4ea64719bf03d918a28ede9855d79e31f89f0d66656c44dbe647a61e9f4f806f490f3265797224c6a11e24ff77","nonce":"9b995c1946a6df0f6cd5f9b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"ae28a81935cb093cbc6cc7e6205a3c226bc1712dceaa1f850fd50de53f978bf4fbe7d6e9214c4c8b2691df1c31","nonce":"9b995c1946a6df0f6cd5f9bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"c2a0544ebf771d26d669c3d9e06ad5dd8febcd07f391720428b25f1fc498d39db4605172123821153c56addb63","nonce":"9b995c1946a6df0f6cd5f9ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"f16313cc612acf1573a4fe5121f0b0520d184135da307ed2533588abb0199d2343e24282f777841d5ee05245c6","nonce":"9b995c1946a6df0f6cd5f9bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"6e16d15444f7618510360845b9db7d92559fa88e556edc404bf54d50574accea4d13a262dcb2ef4a046191eecc","nonce":"9b995c1946a6df0f6cd5f9bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"cf465430778877d7c82a6804b3622d2259d73d8da25a9a225c2ab7d749d3b03aace97c6bf57d69ccb7efe6d626","nonce":"9b995c1946a6df0f6cd5f9bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"a107ce8e3a94d97b8f922145576f26cabfbdb16aec5f749928403d81f27271f57f39f7d03305d87be456b1bdb8","nonce":"9b995c1946a6df0f6cd5f9be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"94dcd62c07748c950897013d397be2c7d34691acda0c37a7dd892574c5875d702b2c3d048d2fe11b57f809a3c1","nonce":"9b995c1946a6df0f6cd5f9b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"ea6c241daf8f20287c3a28bd740b82bdd184ecfe569530acb114458dd59cacd5fe7f5b28ad63547ef73439b135","nonce":"9b995c1946a6df0f6cd5f9b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"c09668bc157c0b644867634322ddb1fa772ffaa6b08be5e6fcb87320945ec9df78b3916cea1019296f2cd9ba52","nonce":"9b995c1946a6df0f6cd5f9b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"1e2816f83d5f905ea5b3eef5200afdaec741c660c3f7ce4e2b2b0d5b0704961fe2b363abb4ff0142c7a4a50aab","nonce":"9b995c1946a6df0f6cd5f9b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"019d97a8c721e6e27a811d4bee96e1f4b346eb848b773310a12b27bf6e67cf475f7d6ddbe0b641ae22e8b9cb22","nonce":"9b995c1946a6df0f6cd5f9b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"51b01b9e10f6ecf097f41c8d146e067c9b789420daa78d07269ce9f4f740f5aefd5c5c9eb1c5cdfdf8d4d8e871","nonce":"9b995c1946a6df0f6cd5f9b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"28f9d14e93408c322c05e219edec3072aa3589e3786002b7309f27e409ebf66603186488990b2592e057d051fd","nonce":"9b995c1946a6df0f6cd5f9b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"858046e60d93a9d0944b9848ea80ac7dae7a66e8f23904725268282fb2cdcbb3c11d50e4349167fb8ebed9ce8b","nonce":"9b995c1946a6df0f6cd5f9b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"766c9e8ebf3d1576fb0310476489ea96644819cfbfd4e294dfa5e33dfb5f8b9647d60ad0b9ee8ee54ed45e4c0c","nonce":"9b995c1946a6df0f6cd5f9c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"8e95e1f6f79733ea18064cd1698ff0a7d6cc4dc5466b87034230328fb69f46842b1246e304e36200517a569902","nonce":"9b995c1946a6df0f6cd5f9c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"4ee3681e2dee48e4b8f4edcac7a86cb0b6cb21a7aa318896dc91019a8bb27cef792c034f2215ed0e2a05597882","nonce":"9b995c1946a6df0f6cd5f9cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"be02f2782dd2a6b1635117df84a775f68e2e02408056ebde5b9a7637fecdc2fb3aaad0eb0cb17b793c6edf3280","nonce":"9b995c1946a6df0f6cd5f9ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"be26ceabdcdc3c2fa6b4bff7b50e5b27750293fd1232b649f90366f7b7f1db1e680a10ab88311086fc626a0161","nonce":"9b995c1946a6df0f6cd5f9cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"96d868e4027a7e2c8fa2078a8ca5e720dd0ecd8bde4ff92f8f9f78794b74ddcf663ad86180f76fc1b611b3f0c5","nonce":"9b995c1946a6df0f6cd5f9cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"f81bcfc59e7616e418cfaaf24c8ba127754b5b603ed80f20debf2c5634cf0f120da9283c4e23d84ead4f6a810a","nonce":"9b995c1946a6df0f6cd5f9cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"5e6d4034e6967fec8afe580814b4c6e7d5015477dc9a9f343625098844d7393fbeaca8aab39497f7b3347e7841","nonce":"9b995c1946a6df0f6cd5f9ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"a3af77f309542941b6d0c7b0fd3c7e5d5415ba3b2c52b313e7df701d3398f25b2cbfedf2ce56c2e9cf7ed7810e","nonce":"9b995c1946a6df0f6cd5f9c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"3c28b0791577e814ccad009f1d0c40696e652052b4e4c45d8ef33a2bd247a552b4e8ecf60eb09be6cdad3203fe","nonce":"9b995c1946a6df0f6cd5f9c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"9bd604e0ba14961de48ddbb7eb23e8ac2ded25b5a09cd170add00930f03be67cb7f1ad7785a8848e35a4d738fc","nonce":"9b995c1946a6df0f6cd5f9c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"b163ad1a74fe8b2c93a8afb61c6da938fd4e907965d6d0a6962082d5046549e5fd394c9ee44a3fef28451f13b4","nonce":"9b995c1946a6df0f6cd5f9c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"7da7b6f2fd3fe4f54f62b1922c90431f170026c853363380ad69fadf5b89b8b3ae8ade7e5fe0881b8cbb5347ee","nonce":"9b995c1946a6df0f6cd5f9c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"190a8fea566890e217fd330f2717f8046fa1ee936abe780f6537c7562fd21cb902f42b3e9b06d41d669edddd9e","nonce":"9b995c1946a6df0f6cd5f9c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"fc9fb9c46fa93d3082b88a9d4f55d8c4093b4e9da09ba52db72a7a33c3c7d8180cb99495422bd1b9c431f0a3e1","nonce":"9b995c1946a6df0f6cd5f9c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"096d3cb279614cbb0b188cdf3cfb01ca98fac4cb8a6db1617dc9db0eac9d89d9152353c435212d8beae0985e2e","nonce":"9b995c1946a6df0f6cd5f9c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"3d8ea27c3a15483dd5f2ca5d709e272095006bc3c7ef74f9f282c42475ee6d74c98b7ebcfae978fe9f5631b5c6","nonce":"9b995c1946a6df0f6cd5f9d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"7820ce3d5022b5df6084a59e5f14778d47fa6ef8cc77f76cf92d6f65b2d940b3ecb95fc0a7f38d6debe045f387","nonce":"9b995c1946a6df0f6cd5f9d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"db84dab0b8556f229862b790641a02c43684a841f7b73520de1cd8eb18512fb275da53957cada1ca2616612844","nonce":"9b995c1946a6df0f6cd5f9db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"bef4b6f8d49fe2bd4f227797095bbf42922e903801e6ef67b7fcd3372f1b96d7eafd23088cbdc697f6d177d527","nonce":"9b995c1946a6df0f6cd5f9da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"8b0d87ef73629fe2d4a1ac051e126d5460c24ad55cf65c350b31703388030a4739278c5a455442557b753d3e91","nonce":"9b995c1946a6df0f6cd5f9dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"c88a668041bf22ef206e92e7f47104bbb151623396f42a7d396ec4f601f08f7a3005600aba1d93af722096a399","nonce":"9b995c1946a6df0f6cd5f9dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"5f80dfaea9c47c3fba4756d11e2def0ddc8d8851a1d9521596e8dcb24449f1dabaa1c0359233ce711174ec0002","nonce":"9b995c1946a6df0f6cd5f9df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"16f07f14d8e5c915492f74acfb42fe2914f32fb7a9604e98fe3661e711da20384e64fb90f4e32782aba3e7f412","nonce":"9b995c1946a6df0f6cd5f9de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"8bb257ff4f1a96c43a6d175d1d4247306fd84b13829fb34e1da90a4c066966bf2f028579945bf0821a207c0335","nonce":"9b995c1946a6df0f6cd5f9d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"6aa664d124e7599af8922acd2c63d5f2e81e7f1c29b0dcbb60d4d7c09af1eeac84decd447d6c1d9f5a330ff396","nonce":"9b995c1946a6df0f6cd5f9d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"7101191fd0bd0356325bfa94df5f4c4f76e2d5e52bc54040b281e3445df0004e2fafad2130120c689fcc736e1a","nonce":"9b995c1946a6df0f6cd5f9d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"f11b9c785f4604a34f545961177d9a29876ca710afadb7f90aabf9d304fcb55928b52790ccb4656563e5dfab59","nonce":"9b995c1946a6df0f6cd5f9d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"ee77ef8308c2dacd6814ec94c9392a6c0bc728761195bfef3d7103e90f866ffc6ad47590c67c31f429cb18f554","nonce":"9b995c1946a6df0f6cd5f9d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"d05ee3f91f9abdd3d3917f5e68062881504b585f8a4f0be4524d5810f2a2c6e34bb89276e5a708b032084007de","nonce":"9b995c1946a6df0f6cd5f9d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"0504ec5b2211143063664dd7339406c39b517ed99e1deb4f631e667601dcef9f32bb74eb812612591a72a47f3f","nonce":"9b995c1946a6df0f6cd5f9d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"02fe7c538a17caff3fa84b37109aa28a22d636868126bc55f52a3922032e8bd2dbd4f0bec5d40e17403082350b","nonce":"9b995c1946a6df0f6cd5f9d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"d4c9fb8612b3b0885f4e782b817711a42aa9b808160f5947074753371c56c19544ff09fe24360e90124527832c","nonce":"9b995c1946a6df0f6cd5f9e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"9d53a42bf606820284e07873393da73a17af522ff53ef59e4672af7dbd9821f99b5549550b944a5ee1b0887ede","nonce":"9b995c1946a6df0f6cd5f9e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"5941ea219589afa4b04875ccbcd85dca1022784989be2fd9575c9234c3eed2c8a8607095c1d317bb0df4664db1","nonce":"9b995c1946a6df0f6cd5f9eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"b8f7c10c8eb5ce13f3dba156c838f2edd960a374fbf11de6caeeefc17743320c0b5735f9cc16b780732af6b18c","nonce":"9b995c1946a6df0f6cd5f9ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"405702b5a8ccef97c76be0a86c394b95505bf7af9f387e1bbf64f4eb7c41f33d660ba68d865d30d84c01bcba58","nonce":"9b995c1946a6df0f6cd5f9ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"07d8a37818590cd5753c53f314caa192f38e04b7846420faa708ba9aa29c1bae001e783520433a5b23ed52524e","nonce":"9b995c1946a6df0f6cd5f9ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"f29aacad8fb9da202ee796cd4947ba6211af1cb81a33a2c7ab66ee135317c9037c4f890532bc830cd60b0eb5ad","nonce":"9b995c1946a6df0f6cd5f9ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"19ea8b55d3cf763821f16b00e896f84ac3e6d6d6d8f4d0f609b1a4013fc84f0f8b745e45d00f15da742dd44533","nonce":"9b995c1946a6df0f6cd5f9ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"320ff07396286b1ea32d0570446edd8b231b085a8339fd3486bd8b8166e34f78115af1b27296acd4d1f5b8bf8e","nonce":"9b995c1946a6df0f6cd5f9e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"c9a2b443e0884ebeba8eee72089dd34ac6d303ec3e135ed16fdd2c74211aeb71132e5087476aa1a4890f8eae2c","nonce":"9b995c1946a6df0f6cd5f9e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"77f10cb539faf903ca4fd3c5556eee04cca7107884b860e0abec6b63c2d94ce2fad9f311d43303fb48d6ba32b0","nonce":"9b995c1946a6df0f6cd5f9e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"a46ff277daea2d7305916a224a87125cfb052f4f612004fc44e6957ca13145eb2ff256de7a2b30eb0d1ecb3c9c","nonce":"9b995c1946a6df0f6cd5f9e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"ac35b48ea38ed102856f8dcb5d5e558fd31482ae4cdf26c19f3b3e72418702d566981a9482b58cdf8b55f072fe","nonce":"9b995c1946a6df0f6cd5f9e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"a8c75746377999869be45b0e0832d93389e9fe879033299f93f6513ccf2e43ad96d8b3897007660e454bb4c9d6","nonce":"9b995c1946a6df0f6cd5f9e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"a0ed7dc7031c32aeda6294020a10a055fb4313134aa33b10b5e667dfa043a2dc2c0f4e92edcdc8cf4144989db1","nonce":"9b995c1946a6df0f6cd5f9e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"dd86ab2899be4f8bcb3c476b755d14a39eb498e1a2a5e0b636c504667fe6c4cf3fdf26dcc332535cf30f8b2261","nonce":"9b995c1946a6df0f6cd5f9e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"3669e742b4604ff4817e07dc8d8cbc03d44ce7159a6873495af3862be0f7403829eff3b463b5c07ebfeb3fa0f7","nonce":"9b995c1946a6df0f6cd5f9f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"fe2edf80884fd5c00092909cd1f8d90d8b3e565189ba10aef5e2372c3a635d85ffeee53081d89050d596b3d32b","nonce":"9b995c1946a6df0f6cd5f9f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"40c34a6640428db939729efaafb655e312294631d62f88f67c3f323af2e9f38adb6c65a78f17e58aa6580a9465","nonce":"9b995c1946a6df0f6cd5f9fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"1c4d9820f08c4c079cf244dc4584143321104a679426e8b6e8277b6392149a4ebffbc3af695cb05273b91906a4","nonce":"9b995c1946a6df0f6cd5f9fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"e3c87a97fad108336d423e108c01d9f83617e64ca8c534dd0f094ef12d77b42ea7c4379dfb8a3c9d949174633f","nonce":"9b995c1946a6df0f6cd5f9fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"56a3f3398ecc27eb5615723ae3980ab68e1486437020e11e8489f0f9ab435ceabb9856866eb57599ec09431338","nonce":"9b995c1946a6df0f6cd5f9fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"f29a2cabff855f07d4d1b3115bf2abe567841aa2b9b384cefa59b7b0c85a96a0a21b6ab464de1909373aee1388","nonce":"9b995c1946a6df0f6cd5f9ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"e3eeab3dbfe28b976ac93ff10bee2b5ec38f0062e0ac01926df2f878bcd1405280e8652bcb2a25c8f4388e5ca3","nonce":"9b995c1946a6df0f6cd5f9fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"edad86f664dafce3066399d6a1ffbcd743235143cb35d966077f99892c42fbf4000d6b4308c09aca4a12285dfc","nonce":"9b995c1946a6df0f6cd5f9f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"f1a136cf1a23c9f87f94b93f46ccdbe8d184cc7dd14bfa1d0ea88e57c06f62a9366a4f487569efb255f02d042f","nonce":"9b995c1946a6df0f6cd5f9f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"6e85eb4106be61898322c9f070b12879b33151d9de3eab64bd354d9ca0632ae6d72b43378478a4be82f7a01c28","nonce":"9b995c1946a6df0f6cd5f9f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"3c04f2c468a84dfd186c3c3cdbd86dd44cd95579dfb749323692798f9a66186e75e023ccf4c1e0f5a376bb5844","nonce":"9b995c1946a6df0f6cd5f9f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"2efe1e53d6490cb977840e4f8fdf9556eedda16a7d06b1dd0f79ffca97e0830cfe223d08b20f5cff7ad9cea72f","nonce":"9b995c1946a6df0f6cd5f9f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"ae22ccc28a26e8e4df707c87283ea437c4cede177367518647648771fa0280c4788e5c880dc4891c06ed6da540","nonce":"9b995c1946a6df0f6cd5f9f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"b5584a77002d40feb4847ebefe4b2410556bf89ccb1518076af63e6d8099c1203183f1588c37d8385ffba6733f","nonce":"9b995c1946a6df0f6cd5f9f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"811e2f2f67e0fe1c14ad9de71069ce7e2244499f79e760d2676295a0c49adef7e1e2c39fccfa87d8b9ca86f21a","nonce":"9b995c1946a6df0f6cd5f9f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"770513fcc46d5ddcc89872f4a66f5a1a77a6cf85326c54774e1c09dda44f6642b2cf9a012c89d38e8360c6c6d9","nonce":"9b995c1946a6df0f6cd5f909","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"cd5e06bef7e20adee08069889a5e92daa367c52ac8602a364f75b8ea63448712574c499cd1938d5d52645c6031","nonce":"9b995c1946a6df0f6cd5f908","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"87b5c43f5581a943063ba59a687b78b0f217f172112113a57331a3e329c3e7c36f684f30d170776c7835f7e414","nonce":"9b995c1946a6df0f6cd5f90b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"de94c66bba769ff1c455cc72881097daf44fd38ecc84e961023a79091b94a79ce690d3de37cdd749e2382e7b39","nonce":"9b995c1946a6df0f6cd5f90a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"b9e0e9e4117e7f12767473a4a6def7d71a1a51c942c7def369a0163317c2538c273aa13469b9d1feedf12c597a","nonce":"9b995c1946a6df0f6cd5f90d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"4409daf6192a066aa2a1f410abc0be13f1fe74f58900178519524e45d5a1de52db275aa2f3b65280cd63bde7d2","nonce":"9b995c1946a6df0f6cd5f90c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"b3f321e5a7125cf5901482c1abe7f9f166b666ff63424782da2445328005ae8cf211526fcbb3144a7fb188647c","nonce":"9b995c1946a6df0f6cd5f90f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"fd3ac1a299c0f86844d53296100b5fdc434cb33c438379ef041238f7205bdab1f50227595fb521cb10c324b5c3","nonce":"9b995c1946a6df0f6cd5f90e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"2582f23b491cc61a1fba46add4a71e79e0d04185c1d9ed2cbe8863b3a01ade9e773e51be03622c5e87b254c767","nonce":"9b995c1946a6df0f6cd5f901","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"6504df910771952f86550c5323e420b5673fa198e3f9e0fbc01a955d59985865350204a991899429a31e7b1fac","nonce":"9b995c1946a6df0f6cd5f900","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"440a7e1c3ba1daf2b3c1431b6b4fd29399f47fbe5b81b50bc96f5ac7a06a831b45f733a7084dc638ef0afdd8db","nonce":"9b995c1946a6df0f6cd5f903","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"ae57206bcd0f256bbcddb61aac2580f218c8fd231a254c4a7caf5dd6560a6540ccdc929f5c87d1982b79b92b27","nonce":"9b995c1946a6df0f6cd5f902","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"df25773ee42a48cc526bffc1da6ffb68aa659c16cb3d9109ab821551473ad2732d159a1ebec9fa19990535cfd0","nonce":"9b995c1946a6df0f6cd5f905","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"37364c3badbcbf0e0531ccf57b2a059eb1da34d0b310dfe51acb359841ca166cd29f6f1548578161ef9495933f","nonce":"9b995c1946a6df0f6cd5f904","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"1ae3db95910ed8d44e908a9c7379ec7a94ba1853452d6c4c098c285cf7c0b882474b8ecdd635a2dde7e431c193","nonce":"9b995c1946a6df0f6cd5f907","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"d96fe5d8fc048d3a5c2014b07566c34fbd4c3d881589c3d27beeeb8196bbec72f1b34aeb707ed52f073492d1e0","nonce":"9b995c1946a6df0f6cd5f906","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"9f700043a7ef4ae02875d1434f6164f1fca3f19f30d05de1b0e880d79462addb7c84b7740eaae2b57720198725","nonce":"9b995c1946a6df0f6cd5f919","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"b74ffbf03a1cedc829646b5995fb6d7f94f4d84f219f45c3ff909d093f6b101e7b0e3caba087a29a175528076a","nonce":"9b995c1946a6df0f6cd5f918","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"6533828f62592e77ff82e523de3c9fde73bdcde89d5f358d94929021b0194d02c2584da5de7b9cba79f3a446af","nonce":"9b995c1946a6df0f6cd5f91b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"4194fbbff0b0d6de86c342d2e27dd614580717eae516ee3fbc15e95c866f56adc6f36ad159b8a04bbf44d467c7","nonce":"9b995c1946a6df0f6cd5f91a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"298f8c762d2f57ac78908871fd7b38bfc17e7a49a945033028dbab5e6fb779fb127356aa5b9b0a35c3e85242a4","nonce":"9b995c1946a6df0f6cd5f91d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"1176c2ac55513739e1e0c55ddfd1eb24df5efdd7127e155450af1158f5b9519203e6f5b91b299b6813100f8fa0","nonce":"9b995c1946a6df0f6cd5f91c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"2ade472687ce179606d22778d55534898e6148f6f6a86e5b6076074bc67efb480d4a71b65072387c145f382636","nonce":"9b995c1946a6df0f6cd5f91f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"ae0fdc099d1a74f9d603178fb74b3fc521f8088a4387655190ee0fa9fc8c546cc0ed054835cb5f468c44fa6962","nonce":"9b995c1946a6df0f6cd5f91e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"f7c2db333b926aa45be85bb4f63dd4565438014e390943bcda56ae402f93254e53f1de82e5cbbadac720543906","nonce":"9b995c1946a6df0f6cd5f911","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"3b2d4cd2cf355618098f82f428fade2e939e4d487cf05fa757c03a298a979554805ad0bef5d12a9b28b720be0b","nonce":"9b995c1946a6df0f6cd5f910","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"59a4209da416aba96ec52f233ff5cbe45c6470c82bfef10a4a96ace36a74cc9efd610e436b3a09a9197d6e7d3d","nonce":"9b995c1946a6df0f6cd5f913","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"4e007c5f9dd9d385153664f649c5a897dbde3b81e2a5cfdeefafc53870e48e3a87ab3c097d741db053aabb85b5","nonce":"9b995c1946a6df0f6cd5f912","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"d2fe9d63ef95ff11c563963d610e9ddc38610aa946949eb45fdfdd6c874773095533667afa0aaa1b287240a73f","nonce":"9b995c1946a6df0f6cd5f915","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"63cba485d128990796f6b22cc83af317cb774e976625eaefebd943b44014a7d71dd1827ca90ad51d64dc161233","nonce":"9b995c1946a6df0f6cd5f914","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"f8c26ee7d668d030a3749522f35098c2701e04ac3a0f18f1d9311e67b7b98801ed6d8e6fb86024e22700b44347","nonce":"9b995c1946a6df0f6cd5f917","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"76fef097e49b4aeb62245acfece935d43ac1d632174229df541d69a9208228ad6a342d817a9241d43053e9b50a","nonce":"9b995c1946a6df0f6cd5f916","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"af0244dc32c4930a61cb3e2f5932031ddd5a83381d575e2d2534f452c3d68008857e3a61a71dd397d52615ad6b","nonce":"9b995c1946a6df0f6cd5f929","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"481770f3039880198647bf98d8d230c623ef089957803167aaae601ab559131a771530e4712cc842458f99575a","nonce":"9b995c1946a6df0f6cd5f928","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"878ba3d57d8884195ac716c4bea3780c527147d03b315bc358583ea0fc5e2cd5fc390563e9495cf30ece841077","nonce":"9b995c1946a6df0f6cd5f92b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"84f817b6fe027c3d907b71767b66549ff125af4c173932bc71dced97f446b23354ba2e5563606ebb352bcc78fe","nonce":"9b995c1946a6df0f6cd5f92a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"c5c7d65df67cd41910722e37b1fc55c76f43791d73235939ffcd211d46d17ddafac683ad03d4c9e86eaa041409","nonce":"9b995c1946a6df0f6cd5f92d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"168fb5d7e2577a0a2e52abf9bb417b2d61361a4cb639241c68dd7ff9dba7c6b6a9b2c1f7c3912e657380fe3e98","nonce":"9b995c1946a6df0f6cd5f92c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"1adeae7a7bcd6e6c75746a947cd91be5046bf87c511a6325c7810af9ffe63a33396410b46f6ab965eda53d1c16","nonce":"9b995c1946a6df0f6cd5f92f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"0ea27f3df264d2bf5ba50d95f5d25416da01cf38cb9affdd8e87299cc6a3b954836c4816e260af2c08f89455e2","nonce":"9b995c1946a6df0f6cd5f92e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"1a2f601300eb86acfa64faa02b0b1183aaa69a992fdeb63ea0062dd1310fb05536b53fe5a95982cb8ab196839f","nonce":"9b995c1946a6df0f6cd5f921","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"2498521df6845e345a98e4b8d74f239ff0d29aae205db273febd1b726616dbc421c0e01b5889f1beef023fde87","nonce":"9b995c1946a6df0f6cd5f920","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"12dd334f76a7b16bc17d9f027887490bffb8c9de3b6c81c2c1394d36b09574a4e5fd9cf1f92f1cfa9e724e8751","nonce":"9b995c1946a6df0f6cd5f923","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"f73239bbbe583a804ca72de4e49da18a9955cb679f6e88fe3aa6daa1b60ec099d58d4f11d3bf0bf36a03d48bc6","nonce":"9b995c1946a6df0f6cd5f922","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"ef36084f52885c7678c18b7c08c64ed6de823a4f77bfe643be5cf1b2d54120f119a70b606e83ec85ff724e73c1","nonce":"9b995c1946a6df0f6cd5f925","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"7c88597a2f4c191ebc2378bac25538bba9b3c5290d89677a53794628414f44ea268e30b168e80eb43e5083df7c","nonce":"9b995c1946a6df0f6cd5f924","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"278f5ba60fa0ef7bfba7fd911780fab4adf298fd32ca7feb65fb5753b8e993dfd62711f252f8c2cb4f3226d939","nonce":"9b995c1946a6df0f6cd5f927","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"ebc805820dc5c5b2c846f5d236059b38dbe7247fdd2905ad7ddb3510e4923265e40af22671f0a74510a7dbcd60","nonce":"9b995c1946a6df0f6cd5f926","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"345b1db1c9e9c4565fcbc8c64ebb4f50898b0f1ae47c1d153199f7c9875bd4e8d20e6792e9e66d266c0cd3c9ce","nonce":"9b995c1946a6df0f6cd5f939","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"da3e0cc19347a4d9c9c3200092af74c378d76170fd273ab32237b8a3ea29c19fdae12bdd8be03017f6b04fed02","nonce":"9b995c1946a6df0f6cd5f938","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"bb3a2e091ebd71be567e5fa79a0c50c9402bb1873640c7509ced65374a5f67b4555a75fb820616164b13eabab3","nonce":"9b995c1946a6df0f6cd5f93b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"27e4cbc21d07266b199e150761057bbd07fdebc43da3dcee577cbe59e4893ed791df4f65a01f164ab7f7f04238","nonce":"9b995c1946a6df0f6cd5f93a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"392ec489876b10c187579c35bbca5ba807cc7ec9e7f2f461741c8a5654d7f090d36dd5cbaa6dad3523f296d47c","nonce":"9b995c1946a6df0f6cd5f93d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"22f83db945adb1890f0bdf8ff6456215fffee70a69e731bb5e35540af3d2564fc8946c47a723b3ad3eb1defa2c","nonce":"9b995c1946a6df0f6cd5f93c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"ac847e1aab9048464e96046182fbcf86ed5ec046a79dcf542798c1c1fb43ef0a3ee3e4453a424a9f81be17dc96","nonce":"9b995c1946a6df0f6cd5f93f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"5f0bd86a8080ceba091b6a89d8f86633f8b806f505503fd8e13decefe2ac32fb88f4bafcd5e5ff888c895c4401","nonce":"9b995c1946a6df0f6cd5f93e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"34265527a05c316b3c0a6393324b1aadf72ea9bc953dec999694e9314f15653a8907fadb9d14c5480e3a8d216d","nonce":"9b995c1946a6df0f6cd5f931","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"c71ae1868f9129ef64da29aca8ef2e4ed53fb1d899a6cc98875897efcc7c5d96443cec5fde8c18cfa724b4444d","nonce":"9b995c1946a6df0f6cd5f930","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"eed9b8cef3413543e05a6c7fdf79b22e8a31103c15d559d4c08e40ee80aceed851719d4559a4d277b7f1d5603d","nonce":"9b995c1946a6df0f6cd5f933","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"2a27c3057ca6b1331d8c70596eae02e831a61655338cb4c9aba034b5fca594d9129c0b700c3a86750015bed75b","nonce":"9b995c1946a6df0f6cd5f932","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"d970aa43076261ded5d1f594313e49ac7604f9c54a2822f8ad52db3f25c0c134f387caf9f97e6fee7af1e51439","nonce":"9b995c1946a6df0f6cd5f935","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"788a3691576d0ed6c8804c41a645ceffa8731f99bab69efbf320b9d2d3fe680528d8a2113e77473babaf4a70da","nonce":"9b995c1946a6df0f6cd5f934","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"9fe7dc94168e6c5f47511a9b304e9ab6abbf115214580f00c8c577c1607c77956563b42d0a6f3567611b722733","nonce":"9b995c1946a6df0f6cd5f937","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"b6abde477eb23dffdf8ac79cc8532924751fdf0f56fbaae6d1525a452cea10d23081108c9304e9cb6d041be982","nonce":"9b995c1946a6df0f6cd5f936","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"cd0ba6e60a9065cf6a3b3341ff9c0e2e1ae5d51fd97e150e048f86eb6ef9077ac48ffdab845b02fce462ea71a6","nonce":"9b995c1946a6df0f6cd5f949","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"38de49192d0087f664fa846620f9512edcf07730ee2e6d30dd3c5b6de7ef2a8b3a229c01994d06dd2829917016","nonce":"9b995c1946a6df0f6cd5f948","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"571e51a422bdf561ae89e9ed2b17b0094e13f37f82a4576c4ac0d387cd5d97fea2a061e4f6c85350af6d60df38","nonce":"9b995c1946a6df0f6cd5f94b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"dea4927f7ca16591a98aaedb6dce75d289f7a58bc3cfdca3fb398a094b83144f179934e088784a3efbf3711107","nonce":"9b995c1946a6df0f6cd5f94a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"abcd6480fee6de9339b759772c186b2e88770dd36cb524ed71659e31120c86fdf803f0e8c69af1d529b451a515","nonce":"9b995c1946a6df0f6cd5f94d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"bc69b69a64a4389f3de1101bbb4455971ee696c101228c32060b50849e10721fbb7dce415d250e88d0b83cbec4","nonce":"9b995c1946a6df0f6cd5f94c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"8283408431b18451fb5e6d6551669a40bd3e549335195c0082dcb36c43a7c1c44ee036726ae829d408e136e288","nonce":"9b995c1946a6df0f6cd5f94f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"5e66b32984e546c451484b3f7bebbc3f60e3e93afb35a58e619f492b653a4bde5fd1ed93094ced6ec908d64240","nonce":"9b995c1946a6df0f6cd5f94e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"1728618fb66de6a2098590a61ee4d1af910c376ce8187cbc1c4796b65112788f7a1e873eabc0cc04989cfe0a7d","nonce":"9b995c1946a6df0f6cd5f941","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"1993d87f2a3c5f5b9101d215852d364adca164e2552b2d4a5958b2f1d0ef237e148dd72692895400741ddd7cda","nonce":"9b995c1946a6df0f6cd5f940","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"ffa8a45cdb4064b446c7e9d30f3a58b6a61f7929e8ddf34ef17a8fa97be805fec4560a533c4e337c3855a8077c","nonce":"9b995c1946a6df0f6cd5f943","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"090bec8bc972c62383d2d44443582f8d617421df1f88aa458ea1ad7ebe4b489b64dcbc08d8bfdfcd283dbb58f4","nonce":"9b995c1946a6df0f6cd5f942","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"5bfeb7699c2658786513d2118ce9ca8b736a7cc21b4683f622dbb6bcc3d15809da510cdcc9dbf388ca7244c637","nonce":"9b995c1946a6df0f6cd5f945","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"312ba4109d8e019f5545822ac700834191bf41a73f7ebdefbe67b02029fa6597a9a842db64c5410798556e4300","nonce":"9b995c1946a6df0f6cd5f944","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"af589888f89c10b085b13326aac6b0a1a8152d1292c3529509df1ba2fec558632672e81deb101c797eaefc4d7d","nonce":"9b995c1946a6df0f6cd5f947","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"4a262596f3cbb91ac1f437c373bda9f0eea8f45b55e35830698898fdb7710bd91e763f0d259f8148ed7e57886e","nonce":"9b995c1946a6df0f6cd5f946","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"c5c3311fb3c844dfa5866e205bc7a5ed1e2d4a0e3cce68835bee2d514aa9c6e49309267da3db099083116d78d5","nonce":"9b995c1946a6df0f6cd5f959","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"38711a53e049ad262cfb77d6e75a97fb8b546a5e6d18a7f482344540da44ca334d7525b9143798cf8fb78764f2","nonce":"9b995c1946a6df0f6cd5f958","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"1699b5c00766cc6a6bc612d8667708d267bd1beaf1a19f8549c9f6993dc54f238d06ac7e9c0510e716bcbb3726","nonce":"9b995c1946a6df0f6cd5f95b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"1677364d54a6d236798209898dcc7dd85cda3fef600db6eaf9089788b9f63548d15ae1ef242d28ff900284a46c","nonce":"9b995c1946a6df0f6cd5f95a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"50cc4415d389b472b35e434b657f6e01d9f58346e5796586b2f75d4bb46efbf90b691eea1b66eac9eb9dfb79e6","nonce":"9b995c1946a6df0f6cd5f95d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"486930a9f94d7294d32d40f90f32fb40f1273dcc9068f11fbf934f18313bac654e9d7e82ca65154d33d0a5b079","nonce":"9b995c1946a6df0f6cd5f95c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"acf2b27196cd86c82b1490b1e4f157fcb234307a05b191ed8edb052fb1f113d4677bbbb9e3886ee4feea5cbdd8","nonce":"9b995c1946a6df0f6cd5f95f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"13852d655b2507054d7571f7b5be116719258cc7218e5ed225a25b432460d4eec179999ee8fd8f1b0865dcd286","nonce":"9b995c1946a6df0f6cd5f95e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"e03c90f3eabcaed5cbe5edee1488160f3880e8e1ce546fdfeb02121257735897251783d30991326c9cd2cb9cdb","nonce":"9b995c1946a6df0f6cd5f951","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"2c02ecf36a9fd2759f44cea07dea0d534a44d1e2be0d222e31cf31d740d34e9307dd03023a98bc711707c280fe","nonce":"9b995c1946a6df0f6cd5f950","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"024395e1ac977cadbd86c084d6588dce8f2308ff94447ffb3c5ef19cb90014bc079d79942cd3c6bde84df110bd","nonce":"9b995c1946a6df0f6cd5f953","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"09f795c49e9d558f2c4ec47873d887d2fa7a68c1e134454d25ef9f602a6c075bf05b19954deec2513ccc675abe","nonce":"9b995c1946a6df0f6cd5f952","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"737b1b2241dbe0885a4008c5f5c72b9a127e65cc98964954928a6a35859214b4af9f7d4757fc83b21280738a67","nonce":"9b995c1946a6df0f6cd5f955","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"15562d494c8898dd24c8cdf650ff51a08c2a5a45c7fc8bd085e8f398c0e49c36bbf712a1ec81b29e4451ee0466","nonce":"9b995c1946a6df0f6cd5f954","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"490cf6558553bb0b64f8d7868f9ec84d0665e9938820154a2726a845cc408243204fa2a6b2501afd89493e9a43","nonce":"9b995c1946a6df0f6cd5f957","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"37bbe4705f9dbc5aa6c47cd0bdb3a49db4706eae548feeb4beca8a6b2d4027128af8f3326d264881910cbe585e","nonce":"9b995c1946a6df0f6cd5f956","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"79c21cff5cac8d8742b29485a58c24710d3f2fa887a1920db20c6b9bcb31592bed9fa8727c6eb36dbf85f689ca","nonce":"9b995c1946a6df0f6cd5f969","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"bfd0f8ddd48a957a81d517129cbccd9a5b258e914c2650e2636022ef2ebe5ca19cb05d7df2f99a2ee972e93502","nonce":"9b995c1946a6df0f6cd5f968","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"8c9af80ba4b67264627093dd6dfc10749b3c377a45924a19008ad8f311e9bd51ddda7557b968857d4b74b85ddc","nonce":"9b995c1946a6df0f6cd5f96b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"46692fb7abda0eff0d9c813765008e3f1d2ee06676c3fa1d39f9e592fef95efd59c5ddd9726ecd341cd9cebfe1","nonce":"9b995c1946a6df0f6cd5f96a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"1a27b47936fad9f61f071195fc18095f9fd4260f582daa45c495b405b241d0699436c9c1b610a1a5b19cc2498c","nonce":"9b995c1946a6df0f6cd5f96d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"61cb95e56860df543c19326daac540507fa57889741ff88aa0c3a82cc3e842328d53919ebeb57c7285f34f6f37","nonce":"9b995c1946a6df0f6cd5f96c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"644afd2ec6b618192fa295dcbc7eb03d2abcb5fe4e2726791fc1a3752671f4b2a6da073edb339da6211c63c22a","nonce":"9b995c1946a6df0f6cd5f96f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"15feffeda61683d31621854c9e0efdf83cf1c175c17a5de525dc3b898e48517904739ab809ad35b74a6ce2abc4","nonce":"9b995c1946a6df0f6cd5f96e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"248ef28f4923a5ed92bac845ea8b21001c15ef47884e7a8c63f092215fe4d112bbcef19f415ee459cc0c8c2437","nonce":"9b995c1946a6df0f6cd5f961","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"4b15c40d81b6a704cf7af56066762ff3640031bcc6b94cd98cce3c616668f00858e7965b0fbe0347d5756ec3db","nonce":"9b995c1946a6df0f6cd5f960","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"2dd80321897293af6f6da626af167156f1b2e00434098bf6209a2e6e369d6629363252b0e7c68d3034698bb910","nonce":"9b995c1946a6df0f6cd5f963","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"73f200d37eafa7d11e6316e95e3463596a6d2fc65ca2ffd21d5b2005b5a987da3031ed5dc0282e408c0a872022","nonce":"9b995c1946a6df0f6cd5f962","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"b2c239be045b79226bf1a4ab948d992a056c5fe6ef35c2e4295e3362a736701beeeea7499161b0e590a24300b1","nonce":"9b995c1946a6df0f6cd5f965","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"4880d49e531931183cb3d7e0b9250d841458a6c0a6728c735a5c3d602354442a7d95e1f1aa5b1df615989a2c4c","nonce":"9b995c1946a6df0f6cd5f964","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"dd0df841d536bb557ddda4f43c72dbd0bd139ae036e0ce40529b7addcf6e51c93e7230ac3ec5dcfd4b4f2f05a6","nonce":"9b995c1946a6df0f6cd5f967","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"21a7790efa2200007e857f7748670625310063d8870c50e51ab80131f8c89aa3885af8635ddb04b84742884fbf","nonce":"9b995c1946a6df0f6cd5f966","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"8f06b5a513a98397c2d2eabf807146dfd32493424e06bc4fe8970f127304e4683b43428b87fdc95cc7e936f249","nonce":"9b995c1946a6df0f6cd5f979","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"1dff4c319a1842097a64e971b385df9ee9e58b1ab3bed438b55f3b79cc245cfd06882bc88f1a3b04ae0ad02490","nonce":"9b995c1946a6df0f6cd5f978","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"f75ec25114859c22ae35a0db8688c67c59ddda0b3e6fe56716add372553a6a1668d2003a9503f688dbf14e5e92","nonce":"9b995c1946a6df0f6cd5f97b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"4f6a3c663cee2bbaffc926895f727c23120fe239b1dbb03090e3d5bdd7d7669a5dc9975b1b7f67ccd86ef8e157","nonce":"9b995c1946a6df0f6cd5f97a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"e6b03d26812a112ee9594c220ed2c682fca5355d1aa995ab363c8c6cacd51854af2dea0e0dba0869a6cb1b6cd2","nonce":"9b995c1946a6df0f6cd5f97d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"642949b0aced3a9240c5c25f08b5ad6ca29f496b8a8eff96b0e7332d676aed6f39bf7ca1e9e9b42821e58baed5","nonce":"9b995c1946a6df0f6cd5f97c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"5557778e8bbcba535ec4bf9780d8c1c9cc466accf5496e69340203dd71305f75ef7f470ef1a16e667e3f81b80c","nonce":"9b995c1946a6df0f6cd5f97f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"46b822da51bea5b289da1a39c6d9cb1f172b3cf376842321ccb74464c206317855b2d30e684db4fefbc9924bc7","nonce":"9b995c1946a6df0f6cd5f97e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"34818dabf2da6e6fb8f5a1473f1aefd0911b31a2d489c4da1d9dda711cacd888a92d2226bdb260d5891b9c0ae4","nonce":"9b995c1946a6df0f6cd5f971","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"decc636a8097ecf72e6e3b4bb5fd96c2e76b44e2eb3533bf4fd9653dd6c763eba75a5436635689ef14d8880088","nonce":"9b995c1946a6df0f6cd5f970","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"3a690dc7b667566740fe42403bc9df6091534f9a6ba51811cb05066be4ee42f4e60d0d23dc1a8d37527a2e3034","nonce":"9b995c1946a6df0f6cd5f973","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"16c2345ce8ffada79be7c90ee36b56311a2744e2d2ceba0b106427fe24c7aeb202b5ad3d4190d32c6980e66b87","nonce":"9b995c1946a6df0f6cd5f972","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"26ec674b861583c408def5641e4b997fdaac015b2180be9c54be93b5c1dc235f8bee965a82f8c99b43eabf8f5b","nonce":"9b995c1946a6df0f6cd5f975","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"7857930f4a8140419be0454b68eb8c915c97bce29dddb284b6b83fede86fa9d553e9e22ec058acb8857c8eea1d","nonce":"9b995c1946a6df0f6cd5f974","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"c8abfa905272fc94a099c84c464433d46133fe545e373851f5aa8b5e0e27c9090c374cc8458f6372b4e57ab445","nonce":"9b995c1946a6df0f6cd5f977","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"8a8c19541f528204b6edc343f8a5f07e66bbfb6743d8777934191c0735de58e48ed9cdb60ef28c76d93311dd73","nonce":"9b995c1946a6df0f6cd5f976","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"91fcee3744a7330b2cf7045ae38f59ebc7d74a062bda0efd8c3aaf4ed422dcde32921900ca2c3bac8324dd6848","nonce":"9b995c1946a6df0f6cd5f889","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"5309b6a9ee558ed7e9d61d97beebbbecd4ffe7e19e0e6c9352c2eec05ef8f8d9"},{"exporter_context":"00","L":32,"exported_value":"e873084c4d8b65c4f875cefe9804335dffd0e6fe360b7576ecd4eefd78f1d929"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"f5dbdbf9f63e89131d302b687f43780a92de3514bbc524bedb3de818b4c1d5d4"}]},{"mode":3,"kem_id":33,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"543c5f4943cb0812554172f952c030733c767ab2934889200000000000000000000000000000000000000000000000000000000000000000","ikmS":"fb3f35b20746a1c5436f20661a9c44d8d921f10870de2d2d54719e7a43174b3f9144cf02c1be4c247b1b654e2f8877653a9a694cf9b1cb5d","ikmE":"47788d5e4d665f34d3a20b165788e2acca4ece447ab106bec366946b41646a5d0eca436c6cdebc14103eca35017c2d0f8073e3c14eec432e","skRm":"ef27fa3ddabd365b91a6adc7d38d7210c81317cd2ca648b6c5e95cb757e315ad86c61b299433d3e86441d097fce3d6bcedc967d32db77984","skSm":"3a3a692d85797d53c0513dde7f1c483de77277559f6b8779568b857066e46217e427bb14b041b5c333f16de596c3a976183dae5b0bb6b212","skEm":"0c634f9bd5547923fc122b7291bdb2234d310677892828149bbff104cc8e31a2d8765c0707fe58daa768257d6b64705d389d31826a6b419d","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"4ee65833d14d0ffa9e670b94fc8f64b49208262c9e8f9f544a2fa4353d99aa93137b99c6e703a4d0b2713d5cd3799418b3b23be266442a58","pkSm":"f2e136485f001925ab5a4d4c7715d84f658453e2922435420bd77160df5cc27f5e76e8ecf21911acecd3c78170ce02310c562e3ad9840af4","pkEm":"802fed8c9e8dfab9d2b4f84a368c0ab6ab8cbf0f4595a2aa24c246b6dc7b1239023c3a457cf78182507466d0430a358a383b33dbf37a99fe","enc":"802fed8c9e8dfab9d2b4f84a368c0ab6ab8cbf0f4595a2aa24c246b6dc7b1239023c3a457cf78182507466d0430a358a383b33dbf37a99fe","shared_secret":"a82470e4149c14882b4ac24c6c20456ede0801e9d7f908f1e6393ada5c35acf18ebce2599d5327c6ae01dd1ae80686092793dcf3b5e9b4bf7ebaf6bdd8f4feb2","key_schedule_context":"03f122f8796db694193e9c25a9085e064a650b1dd3739e34bfd9a653ff471adc1b87399003157c2bc488b6f17e65efdb0a55ebff5dd99ed2ce3d97d3473e69c23c","secret":"0abff3f9e973a16ba6416262fa82ef1afb44e60592e4eda71628239e999d849a","key":"cc453f24222a0051b555cbf2454a74c405dd240d6e7a70d0e2adfd40c4faaf0b","base_nonce":"58065fcb2ba37e0945a53db7","exporter_secret":"a8f80fc85c76e30ff88e0d8dcb3ad46d8664c8bccc06ebb4d6df1e0d210cc32b","encryptions":[{"aad":"436f756e742d30","ct":"820bd9d668cf8c47e4d5e0f16d41240cca1efa83f368f126996c7359409436e5cd1b8e57b0e914ea5a4c9903c5","nonce":"58065fcb2ba37e0945a53db7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"4b5d60f09fda6bf8779a95f43ec1b7dcc71489a817b1b552bfedcca15159653626c31d05df1a7b3dd9411cf8a6","nonce":"58065fcb2ba37e0945a53db6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"b9e181061a7b50361688a162fc0be59062ad1c0e0b2f40a593f6a67ea2804f1401493383b7cf618bb91b039240","nonce":"58065fcb2ba37e0945a53db5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"fcbdfb574f9de756cebea4e6fc94afd4059fed94d93b9e7eadfe62d5d1a4e9a9ecbf6e0001ae037e43685e1cfe","nonce":"58065fcb2ba37e0945a53db4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"86697af879699abd8dd9e3fd46a29009acb59608b40af65ed811aaf49e12b4ff98e617de3df2325ec148730051","nonce":"58065fcb2ba37e0945a53db3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"f5883a51a35c35761cf3c911ba78424727e48464a2fa6a54a82cf14b38234cca4bced2a832b37d6af468c5ae34","nonce":"58065fcb2ba37e0945a53db2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"8d07361470e96ac598b40def4c3176258e9c68bbce9cfc07de4d8ebf75d5fffc6b5b662ec290941e2d1488a7af","nonce":"58065fcb2ba37e0945a53db1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"56f684b36fb6543c5d45242814887645f6c336233ca95029ff4ac5436864cae04de19f486a38465768dbcffea9","nonce":"58065fcb2ba37e0945a53db0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"bd4653e722b0e84a7ef7bea06ae22745ae828d72f9b5175786b6c6f9c0b58d003867814b645283e53d02726b84","nonce":"58065fcb2ba37e0945a53dbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"e8aa6bbf924731e54598a643fea64e5c1b8f79ee1a05aff37e327d38937a030c53bc87c0fe2f64a6c0b5300b55","nonce":"58065fcb2ba37e0945a53dbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"e64e97589c14767c35de431e6b8cb924e344727f093796eae22b743c823f567ac1c62a2a627e155c0e5a121231","nonce":"58065fcb2ba37e0945a53dbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"05a2d4d86ba987fecd1f6d4c266f1ffe7462e5348968c4a7854efef4ca8b0923eb260ddbd4ee2f5369da0c0c97","nonce":"58065fcb2ba37e0945a53dbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"8d380ff422de6689adca4807ffcf0d2a51cf28730e6e35c450865f782ebb548bd27ae5599c72e1d2d0a3314112","nonce":"58065fcb2ba37e0945a53dbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"765b02084781f150671c9ec1c0256ad4d35fc76858090c3c4bbc9f34be874704c59817215f701e62a242ff1807","nonce":"58065fcb2ba37e0945a53dba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"c03e1e3911b88b27d074f7f99d7672899245570f6b4c157ab3dee14f111103c37cbe915cd9b5d29cf0dd31f818","nonce":"58065fcb2ba37e0945a53db9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"e60ebd1f0f4ec727d2a54f12635f4ef71978fd5735459af2a1a80582bb8bda43042a8fcdd92ff275a0f987ef49","nonce":"58065fcb2ba37e0945a53db8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"4556beff323c1d9cbbd87f88740a57b4384248b7b8b9e734986539e4df1e37ece016336dfe417c626381a038fb","nonce":"58065fcb2ba37e0945a53da7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"09524cb21e2e781e15bafe7c942c4ad09136668441266cd35b0ac6d4b7a6a498f0a9d385f6ad3bb16bdd836c41","nonce":"58065fcb2ba37e0945a53da6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"6b766ac6cc8a29f6274173bc34c78b0e5f016e8713cb58eec443da26f0c869e181b7c0e39c7c009d20585cc21b","nonce":"58065fcb2ba37e0945a53da5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"1dc2fc997057224e9dec1c0cc0f86b9a649640beebaa7bfe4f9c89237338f83e6d3be95e72a1baee5e01210783","nonce":"58065fcb2ba37e0945a53da4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"69766ebb966aa435b4be2031e5d7149d1a1571dfc0414b23b6d396b0083058eb2e422f8707b5690450830e3bb2","nonce":"58065fcb2ba37e0945a53da3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"5f8da831bc45ae29d087ee86d2c55519ed522876b14dac81d201e9260f74295c82921c784fdd8f9588bd83bb54","nonce":"58065fcb2ba37e0945a53da2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"f7f773ec5b17e32bd59615710f414a9b0922f9a07b0a09672b241b8be06764dfcc4c5f5669c53f7e3d049325c5","nonce":"58065fcb2ba37e0945a53da1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"b2930131b5d62d4e14db456d41d9f97027580b9db0a879f917237d45118bf3fbf49a77114f4d13ae420cf62c83","nonce":"58065fcb2ba37e0945a53da0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"e1762747a6980ab7b1b4b5c625805805c38d4b7d37da1072957767c0f144a29a62c2b52b38c2006af51f6e4c86","nonce":"58065fcb2ba37e0945a53daf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"0def5c71a0dea8db81880d5af5df483092622cb1910a264cde8f80a15925464022a1ad4f19468db9fc5a7c0bf3","nonce":"58065fcb2ba37e0945a53dae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"fe15ca0019701df1dcd2d1d2dd7a3d53ab85526f7e1c894b4cc625c7ee5aded4b1f91f2c5c701fa0107db5461a","nonce":"58065fcb2ba37e0945a53dad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"2cfb20f0885e2d5c63cd3115e498f8342f50efb182d068502d81d3247405ddd65d9daa79ace7b7824f34a4f72c","nonce":"58065fcb2ba37e0945a53dac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"66a57e8df175575fcbea37c51a2c3e524c8dbbd6831e87878f6a4298a53fa8d4571ec55a97dac4c749ee26a884","nonce":"58065fcb2ba37e0945a53dab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"eed0e3d8a95a9c075d1fbf4ead97bb1fe30a6bab7fdb422658dfe80e06ecb061aae34691fbed1a6366795a694a","nonce":"58065fcb2ba37e0945a53daa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"5ccfdb26fc1aaff8d63483f65c193fb2d03971ee8eb521301b156b0a899aca31a0a7d4e0998ffc878267e98b55","nonce":"58065fcb2ba37e0945a53da9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"c3e4c1ebb8ba86e509f72de0f041b6969c2aa513c53a5056f302bf130b2d8f183f0057979e5f216ce25ed2acec","nonce":"58065fcb2ba37e0945a53da8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"257fe2a5ffd07885605534eef375bab7ef4eb93aa4b7d267dd87e856a295518f739c729d6fe3b70eb1c9ba42fe","nonce":"58065fcb2ba37e0945a53d97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"8f9b24692fcb9d787e1f5f95360d9412f22a246c6b9a06c042be31f25f40561b9b0b83de6ae08c800c3d8eefdd","nonce":"58065fcb2ba37e0945a53d96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"6b2a9f1f97aba219e8ec84b204bd52897f1552544b2cf862fcf04a39cef289107664b0bf9c808c9d0d1ac2bd05","nonce":"58065fcb2ba37e0945a53d95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"7a981df1bb4664f062dd9959486669112d49e2316c0f075941a95ca3d3b1169fe681d908e78ed2ab4e37f53bd7","nonce":"58065fcb2ba37e0945a53d94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"6d09228cc9e79ece57f39896ccb3f9ca30852aa501a5157bbafa284686a1bbae1be62e56b4333be31385d69b44","nonce":"58065fcb2ba37e0945a53d93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"9241ff33bc2fa7626d7fe7179912fec237df804ab89e408700cbb9b9356b4907b9ad537ba99d827dc31ec9cd8f","nonce":"58065fcb2ba37e0945a53d92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"df64818544e0407172aaeb95ad8956f4dbe91b7cbee3ef7b352ab1b2f77597a56e3654960c28fc83b58b0a0478","nonce":"58065fcb2ba37e0945a53d91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"a1462d6f75f3936f3d088eefac3d67ab0eaa39459a87a5fdafb9f970373d530827b9a35bb40fc7c8166bd2ffe7","nonce":"58065fcb2ba37e0945a53d90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"69f0c38d03be804f266cdd4191651a5844c2d765ea0339b42a4b1335fb3afb4a82394f52af1ad8089ad486aa19","nonce":"58065fcb2ba37e0945a53d9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"07213ff2403eca75832e407b6f8a14f1e9ba4f70d43f379d3f09f3989e2e92790f78df9799f8ea4c4bf9bb25f5","nonce":"58065fcb2ba37e0945a53d9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"45c717e26aff642b7bbd6d0182001fcd1d32ceb877508211121f0b65995f489b6168f2933da2cd2fb0ce578d24","nonce":"58065fcb2ba37e0945a53d9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"b0cd4655e6f3b70070f74583ccd9d96d407076ecf974177054861c37e4e6a187fc732693cc121e46f127be9be5","nonce":"58065fcb2ba37e0945a53d9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"2e787aa481d03c74fd99f95a124074931cc163b0f881a07b523eca14bda0519a561b316409c3e35a762e3efea0","nonce":"58065fcb2ba37e0945a53d9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"3cbee49c2be45f34ff6420f5aff67c59e61e677594cfe7177433b8325df0882c39c00d1dbba0ec7d0d180d264b","nonce":"58065fcb2ba37e0945a53d9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"e229dad4ee00f9c03a3de760b63fb13368818654af51ee94176c47f818bad7976c12def7d3fde3a08d76c1d030","nonce":"58065fcb2ba37e0945a53d99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"0bd08d54d2bc7112d3ad96b65537d5c7ebe5c574130d0ba1672c44e18a539daa89d92e01ee47d4ce1d6237ea8d","nonce":"58065fcb2ba37e0945a53d98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"3bc520c7b69f7a3db68378acc89aa0fc03a43cc81d88742b625844d0f3b92147cdacc2ca5aa48ab7a0c7be013b","nonce":"58065fcb2ba37e0945a53d87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"07c3b5fd14d08d0701557e2a14497275c0e69885f1dbf40f3eb9e12aeed25345d93112c218605b1b28611e3ce5","nonce":"58065fcb2ba37e0945a53d86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"d2b41557ffe7631130f5f0c425387f4ea2e62c7f530bc911dbede381a74721a3d61488f9d1c2b207e62b9bf528","nonce":"58065fcb2ba37e0945a53d85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"840f1e008451b26c18055e91c5cd5913259b998cb2f520487aadd8fe9155f5cf2b30d9ce9fd8066aacb20a19ee","nonce":"58065fcb2ba37e0945a53d84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"d3b27254d0b46352a2b6c905d2cb2bb931ed67594425b1a34549d74166789a35e045ab74d068de693be6c6f4ff","nonce":"58065fcb2ba37e0945a53d83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"112e89e617deabbc2cea911f15731bee05912e8b47015533d420fd776e639e175a85157207d2e86001cd4c7545","nonce":"58065fcb2ba37e0945a53d82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"dde9c37407c138970ae4a02b5489621306471122cec10ac298567081bb8f30632538446e517d0373b9e1f2a896","nonce":"58065fcb2ba37e0945a53d81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"395f213871499bfcfade51b2d947cfc78ae66a3a1f5044a12a0f361202caeffc16390d283b07fb3d05e7f9664c","nonce":"58065fcb2ba37e0945a53d80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"20b062641c8155b4ac290bdfb93fa5f18f28aa5b71df5365ac940ce6532b3c1ab74670077ffaf52ac92cb0c57c","nonce":"58065fcb2ba37e0945a53d8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"59dd3a0cf1c1db812780383c09b1d6343fb167ee4c9be81056d86471e027139497229ef7c2ae59ea2d5e6e49d5","nonce":"58065fcb2ba37e0945a53d8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"ee73946e6ed26fee419e101c4050a22a755a61c60d03ff185725adf8db4f7f0899c719076d5baa12ab934ce7f5","nonce":"58065fcb2ba37e0945a53d8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"f953fbca9ed3025da0f53f86205502ed1184a53b234a4f2e158676e5882977f470f65de64585491a9e8d243964","nonce":"58065fcb2ba37e0945a53d8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"59e3615bdf3d589f088989f888ba47c6e618097f417c93c368197c0bce4fcecc168eea34276a3fb7335b83cccb","nonce":"58065fcb2ba37e0945a53d8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"513e331053c41255df1c6ecfd974deaa762995451fb578402f179641c1458d502dc894e46dfa0a586ba6f10565","nonce":"58065fcb2ba37e0945a53d8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"d3744b48657c09f9e47e13420caa3d7c4f3c8d2bc521b28a718f513a4e0ca9e3a054245a4ab0289853998eaa2b","nonce":"58065fcb2ba37e0945a53d89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"a4eb34a41e93b316d27bf48b0b0c173f04c8eddc5ce3e52819814bebf07664eca1bbbe3f72ec0f4b46f78b9377","nonce":"58065fcb2ba37e0945a53d88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"a2a64791fad76c4f3ac67a713e860cbc3dafd0bbb5754c96ddfaacdb1367155067c9a65d7c84468904653a932d","nonce":"58065fcb2ba37e0945a53df7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"c4bc90ed7d95331f0a3ce86c448a638cd138999283c20c8235eeec9f3f5e8a71f4ee4a52f2e0f86da389851fa7","nonce":"58065fcb2ba37e0945a53df6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"766b99f23e544639556ba3ef70142c95ffc50cd078119d6adf988bc08602c0281bccec7fb7ba8a9ba189997c66","nonce":"58065fcb2ba37e0945a53df5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"61179b811a07e5ab95daa71a2223a90573dc4b525126e5ccd3b6d414625ec1f4bc7bf5b79fb86ac1121f440a31","nonce":"58065fcb2ba37e0945a53df4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"4b4fa8ac94f8363115a04c3defc75853c7861a47176402251ce93f3282e70574f2ed3056ce81facb43d20cf3f0","nonce":"58065fcb2ba37e0945a53df3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"9051a60416a36560273643dac5304c729aa205b74d317a974f77c32affb55ddb084422a800de3fe6d81ede3208","nonce":"58065fcb2ba37e0945a53df2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"342ac3c049ad7190688369e6aeeb5fea7d23adf4e9fb16f0649985c121a96f729e929a126d3bf89b16b9357526","nonce":"58065fcb2ba37e0945a53df1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"43b97f4d926f251f9c46d93910cb862d52409f9d762db2a601a7f13c74e23e419b903049d77a3277cf508cb1f8","nonce":"58065fcb2ba37e0945a53df0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"5be41ff851ed542b6671b7231dd5f9d8ac05b563139ee8b4e9336b99f24a14d8f5dd0a92acd460fb7c404069c9","nonce":"58065fcb2ba37e0945a53dff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"425447528528a1975ca75f3282b0307bbffc739b471d3f9b5c9758d39159a7ed851be5e36afb3efaa772300b2c","nonce":"58065fcb2ba37e0945a53dfe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"2ee234d480f870789c8f01efcf26326135fa0b7b90da9bd321cb5fed59d8af1c8347d56aa045ac0b98a1630891","nonce":"58065fcb2ba37e0945a53dfd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"e8e077574bee3ba12943b85476b3f5808916ab2bd3a463c0d67cffba58f2f5bc659c0564d55fe9067dfee52ad7","nonce":"58065fcb2ba37e0945a53dfc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"3a5f462cf9e268aeb77e0add07d6edac1b0b1e3f78586b96697218223a7dca5b550c9e079b2cdd2b08ebcdcdc6","nonce":"58065fcb2ba37e0945a53dfb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"16fd134a6d5472833c61ff60dc443040827e637b1238fa1b6ef554070d707606d3b5a70cb22bbdac27e7c4cd46","nonce":"58065fcb2ba37e0945a53dfa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"38d374aa801f427afdf80b876118648adc2d9488ed1ba99d375bb9c036de33c78acf3c9befc1d2641b408b2f02","nonce":"58065fcb2ba37e0945a53df9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"945fda397371bde7936e4c61dfe68fbbf12a52d8d1955ee2df37057f8fe158974e835c95fe0a6b5d2b9e634234","nonce":"58065fcb2ba37e0945a53df8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"3e6bdb6ef16850b5f290b9c6146e5834f051ee608fcf250772148e023d54b0b5dfa5c8a5c9df85f7a200755192","nonce":"58065fcb2ba37e0945a53de7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"0aa530b7c533dd2e0735dbc45428a93ef3481c629bbb9b31cb5dfbda0d52efeb5c0df7c4730b8a859203166e5a","nonce":"58065fcb2ba37e0945a53de6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"4725c9aae6dbc18742cd4f7f2bedb0b8e51d1a45877a186d8e7703bf0bebd830e100ca004ba14fda5d4e1a904d","nonce":"58065fcb2ba37e0945a53de5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"aece7525122c89cb7dcffc088e74f9c8c7da2ceda6966e2877f2e40f6228ec007da0ee807a99ea9f62324a5452","nonce":"58065fcb2ba37e0945a53de4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"5e7fc19e2403083ab173f83ac310632620487d44e0ccc5a5bcabeb0fbc710d47c4d91d9ae7e79a6f1bbaf4b4a7","nonce":"58065fcb2ba37e0945a53de3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"7ffba5fc070995e0a7275371a0b0fddd6397c5ee3872e0305a0dea9e56e3f0c051b0cf6b75f5a31508c7fdb6c2","nonce":"58065fcb2ba37e0945a53de2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"12b440f6f3670e2dbf4b0044d16c90c6a009ba5d1027095bc31cff9559f36bccb6e2e582737b92cebcf444970e","nonce":"58065fcb2ba37e0945a53de1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"edce37ccc23f5a899ae4b1a213f355acf5346221ede67ba4ebf4b2e21d001715285629c5d21e86595da5f5c075","nonce":"58065fcb2ba37e0945a53de0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"c0180ec1254ed73a79c1d2a67dd029bca2d0183a713679796b628d25211d1b8117fde1fe294cdcac763bb34916","nonce":"58065fcb2ba37e0945a53def","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"7a5162c9f97e324061ec42bf75b08aa8d2303c975da6a25000d470e4514c9f67d6113e0f14a6488fbf4da5c010","nonce":"58065fcb2ba37e0945a53dee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"70a56b636153692aa4bacc978f3ea0881a3eaa1a7a06e621baa571d67c4ad4519740d77ccd3bce837ceb38585d","nonce":"58065fcb2ba37e0945a53ded","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"89029ab0ade4d034d364b92c6e28073e3d9600a2cfba74db00677a375c623936cda1a2e1bbbd2d720755f06bfc","nonce":"58065fcb2ba37e0945a53dec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"1118d09e2c2bfc68d6960fc5d126fddb81548b2fe7b1f61d7f0dd5b321bf1578c47302cf7103346dc3054edcf8","nonce":"58065fcb2ba37e0945a53deb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"939f520f3998cb944dd96e356ccafb2fa5c480ef68357e98d05efdd8a8b330ef08d6e3cd582d0705910f001009","nonce":"58065fcb2ba37e0945a53dea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"ff646f65826375acd46322bce7c88c049417d928993a756087fda5af5c4dfdc8e0a3a854d17d1e9a72d75ca906","nonce":"58065fcb2ba37e0945a53de9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"af63d621930c571ebfab0d942767f391a4eb8100984fd8b7cc85cd92c594a1a3c74a5d942d13af314f7cd29325","nonce":"58065fcb2ba37e0945a53de8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"f1279dfbd63782ac153887cdfec255a15a2e485e2a738134b54d8af1772ca40a5404e82be2ec32fe5f14cf2586","nonce":"58065fcb2ba37e0945a53dd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"82de494a91d0253414e5b8db7b9e53293b31a7f4daf33219e31450c594d573791bdbe264830ade6bb513eec762","nonce":"58065fcb2ba37e0945a53dd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"ccd9e06b381bdcaf1ad2897e8b9e4d4543b31a72bf39b71e9623d7bd8ac933b96b2b0274954c4111fb35fb7f5d","nonce":"58065fcb2ba37e0945a53dd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"6b8450975973b3d65728feca43a3b038fc4b75f42b76e5afd0de4be5a8e7994267e68b3b25467febf95316217a","nonce":"58065fcb2ba37e0945a53dd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"36667f4340efff8d5415e44705df2e945b13b4afb3eb618c1578d759158c425ffc5e511c20ef2e30d692527f2c","nonce":"58065fcb2ba37e0945a53dd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"021a9d89bbeb6a66b100ff6bf098cf35373200b72dffbe96c17bff2daf4f6ecca863940c55ddc540576b4110d8","nonce":"58065fcb2ba37e0945a53dd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"17419e3b936e5aad05c2f5941148000bf660546a0ef5250c1008b6a29122c5d6e4010f860f3a350a3c01f228f7","nonce":"58065fcb2ba37e0945a53dd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"77dc37fc6f5791799fd45d6ad56691bb122c843ee5a44e0970c6db406ac08e16d8d6cb970bf4ca365275565da7","nonce":"58065fcb2ba37e0945a53dd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"8e8386f7de9e7d6984c3f6e15aa19077266ff123138dbac0b72cefac46777360bcb2958c962b079db5922a8915","nonce":"58065fcb2ba37e0945a53ddf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"9d73c6fd1dc4a6e1e5ad56fea31cd77cef1acf63a740d60eef3be074efead45292a5efbcad63e9699509a86361","nonce":"58065fcb2ba37e0945a53dde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"ac33c85e675cd1577b32ef506a83beb64d139518c5f843b3f2274882befecd81b8c6b2282e858c3ce45cab6a56","nonce":"58065fcb2ba37e0945a53ddd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"3ae0372dfc069a52221782a1c1572a4d8a51e7451dec0d67c8087720b0f0c90352322532f1be0fea960cfe0f4a","nonce":"58065fcb2ba37e0945a53ddc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"df32ef2107587fdd5ef865f03c77671a1e41ca795fed5cbee40884b3cb436f005a6534dc70913fc4fc274081bd","nonce":"58065fcb2ba37e0945a53ddb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"4079e86974307426e161ce7bd9ec5ae737cb101de2bcc3f390649d720e8b9668bed5fa988df01409b06c217d3d","nonce":"58065fcb2ba37e0945a53dda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"d1bd73caefc4973fc8c22a3747b040e155350a2e7cabf92f8bc79c363544ef74aee204132562d56bbb1a361d74","nonce":"58065fcb2ba37e0945a53dd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"7e7612a61eee869f635cc4616d08c9ad9b1a6de7b80f38d845efc9ea5a8ad1be464372fdfb2858c20188e5a5cc","nonce":"58065fcb2ba37e0945a53dd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"864ebc9d83a2ad3fd276f1bb2cea10b39a7c1dcae6f9eccccb6cfe1c6d4ccbf112af966cef30e94a9b19d9d2f1","nonce":"58065fcb2ba37e0945a53dc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"a1c08c5fc966cfe5eaf7be07a7702dfdf4bb84b283a8cbc1bda9006d2ffb804e9782c97f673e7cbceec55cf8d6","nonce":"58065fcb2ba37e0945a53dc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"abf9f42227045d2899b204a76296ae741b3b2ec58fa6ce5718cc52f5803b7b47ecddb4e018c7e82774399d1fae","nonce":"58065fcb2ba37e0945a53dc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"d7acb31625e94a7c918d6e457a55e3229f611469bd80f5a15058cd3d110c604460fa38432fd6c7ea757424b60c","nonce":"58065fcb2ba37e0945a53dc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"9761339631db847f75e23c7e1adaad89adde5ba75be6c03817ec1c193dbe15d843098ea94bf4f2e0a600a292c2","nonce":"58065fcb2ba37e0945a53dc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"73555abd4193475036753a13ed3e561af2533e76554460e739c197a44caf7bbf45e9b097279c74daa17e13df45","nonce":"58065fcb2ba37e0945a53dc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"5b44e67181f16e448b2e1a233e5bff2d05f76cd3a92fe79afba7332ac0d14142c3dcb9009b1e2fb2161ef87e12","nonce":"58065fcb2ba37e0945a53dc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"883be9c08bfe9816f21e51e767b99d2235b9416caba0af2c2068149ecbe00525ad143dcd6dd0a7a151bf46066f","nonce":"58065fcb2ba37e0945a53dc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"bb2117c09b7f7e44cf765eacca839ee313ce0fbac500ac7e118299d18b105090a60cbbf258424a494b2342718c","nonce":"58065fcb2ba37e0945a53dcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"2b16b5712f8ab6775962530e5dd1b2445b740b4af5181e716c97dbcd511bf6d388e2f6178be1cd8e1d4bfa3b0e","nonce":"58065fcb2ba37e0945a53dce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"4cd936128b4badb4651215633af0a9dfb37ed516ab0321887515fc8fadb5eacc9e74af2ba6cd999a628d7f1b5f","nonce":"58065fcb2ba37e0945a53dcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"87f22a6c34140fe0fc75cad3eb80e45114b082de8e387dee4585d9dfddf563b32414ce92ed2675ceeae0de27ae","nonce":"58065fcb2ba37e0945a53dcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"f03540465864e68b4c877f8ab2714f0c64769d2a0c20f533fade1fa5c58cfe2c785aebdf975cc582ca9c6d98a7","nonce":"58065fcb2ba37e0945a53dcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"585e309be98c7a53b5d24361802d01ecfa9feaa509b1d827dc80c962871dc5a3427492117fdc7e2c18ba8f6ad0","nonce":"58065fcb2ba37e0945a53dca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"c03ab4c590c0fdfc4635cbfb5b8336964c03e74258b706c398ebcefcd38fcaa567339e3860f11dd991c6a2dc2b","nonce":"58065fcb2ba37e0945a53dc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"6f235cfd554f37a8b7aad25c6347b8281eb99618741cc674199500eca3c622be9864ad35c034c03cdcf3e0c120","nonce":"58065fcb2ba37e0945a53dc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"4d504d71fb6e95f103a52c76bbed167bdcac0906074ecc8f5766008c04cd441a49e16c979e560b050aac81dca2","nonce":"58065fcb2ba37e0945a53d37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"e143b79addc61bc0a8ceaf54b7bffb9a19400bdf733cc1e1d73c06a12ac50a1d257bc563f21742051409e0a8e8","nonce":"58065fcb2ba37e0945a53d36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"b6d61063b5df4a8c93edc10e31f3636d18eee41be46aeb1b629eea79cd19facec763525ec200b27bc2b4370560","nonce":"58065fcb2ba37e0945a53d35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"d5cb9b2080d221553d44ebb1275c6e4f414b9a340140497257da5d7abc9586b4f150fd6e07524dfb43497cef7b","nonce":"58065fcb2ba37e0945a53d34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"be49c3a2a6524ead071e834f85f7a55729e0592b1dd6642115759f472439dfa89941b37fe95637962d04cf1973","nonce":"58065fcb2ba37e0945a53d33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"836bb3ee5ed8b8b4448cb7498742bd43414c2ac5e021e87eb6067b0ab4b5bc173d36744660f514d75e2cb39066","nonce":"58065fcb2ba37e0945a53d32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"977b9a18ad611043cc62868771f1c34366be2b082aa3d30f6f24f2fb10746a826d1e5b43ad5c234556b2a36295","nonce":"58065fcb2ba37e0945a53d31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"23769f831a7c55740da0216c862d44fc63557de4d97eff9a6a915d713b6d608ac8df5ed4410a92f7cfb3fe9e98","nonce":"58065fcb2ba37e0945a53d30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"495c097b2520520bb84655765715fdd6b665133840ddb15edcb06981fe22f30b9cdba5d829c64aa02d4464e0e4","nonce":"58065fcb2ba37e0945a53d3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"384fb6c910beed1b56f4d1a534c00be0e7ea6a6ab7c0581c018065b7c29a4334ced13c82a1a6fb348b30086950","nonce":"58065fcb2ba37e0945a53d3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"c0f23e956aae20607df8c96ad45e7a543f886c4dd723420cc888116c66e56a4def2b88abc05be7d93f730ba822","nonce":"58065fcb2ba37e0945a53d3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"6c7ef888aaa6f9b14bc9a95246cefb5c085ee959038be67a4d6b9e2095932bfb567b60b413a5b61ce8753748a5","nonce":"58065fcb2ba37e0945a53d3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"ef2176bf005bd605b715eb473a751a1fba33c5a50ca466fcf6774f6851f957cb96c7a074e6b0f960ea8095f2c0","nonce":"58065fcb2ba37e0945a53d3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"c9d4081153aeb04548755a20b1050704852aa83e15e6ad8d090e4efca9ccb0ded36f370981d7765f645dcb890b","nonce":"58065fcb2ba37e0945a53d3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"78b39a51f954173e6c8e66e9af68f5e8952423b5c270888b091778bdb587b35aea0ca484f15a11bbd6bf902eb9","nonce":"58065fcb2ba37e0945a53d39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"e2ae1e937daed708114cce295aa9c35cdc2aa58536a47ab117d671fd956e488dfef29fb12af7b48c6d21827b5c","nonce":"58065fcb2ba37e0945a53d38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"31bae2098a6e3f2d837b4c7982b0238981c9d24751e452b89a0649b568937959853eb7daea4cf100a5ad10ba6d","nonce":"58065fcb2ba37e0945a53d27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"e205292875430103b74d60b1856f21a6e5dddd5af3028630587eeeff896a0aba30f74e2095cb5d78005450415f","nonce":"58065fcb2ba37e0945a53d26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"5249589f1d7c86be68e0b14c3d60164f25fcfc0f851e24d57a6a8b3a40095ffe80556fd609e447871389f02e42","nonce":"58065fcb2ba37e0945a53d25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"eb96b1258ceb4737e6adf96416b1af918fa5e8b1aeb56010870e01dad2cde7cd72b62850d795c96c5e6ec33256","nonce":"58065fcb2ba37e0945a53d24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"2ee9e38d9f4c9bec3d79a022d6a2462a57dbb4a79dd1c8bec43aec8a71233dcfc02249f856d7630ba3d681c60d","nonce":"58065fcb2ba37e0945a53d23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"8d3cf0070af0b97e86455a0913537f194fd66f20e57105056e001c70e45e1502bbd38a9377a938f16ae9fa22da","nonce":"58065fcb2ba37e0945a53d22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"c883a67979be567b258180a93ab4bf1bfc6249a73d88764be4eafd9c3c188b1ca017a200701cfa49747e174cb2","nonce":"58065fcb2ba37e0945a53d21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"6ce753797d9df54d0e03a38bd606f2daa4ef2eb8421ed732dc60fd918e16c0191196e0713168a5a6b1096ecc81","nonce":"58065fcb2ba37e0945a53d20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"e6900151dd8336096d3d1b77d8a9a47fab2da093588085305e8eb44a869623ddff0c04019d772111d3ca1f57b3","nonce":"58065fcb2ba37e0945a53d2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"0e1c516b6ee0d523b2dcced9748a277f498272a5f70120851069c72b9912e9b64c8c3741ddf3e5707dc11af0fd","nonce":"58065fcb2ba37e0945a53d2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"fd3bdf2e77d9c6fa1c80f3a18f8629ebf9060795772a265cc73d9e39a7ad82d44a68b4088171de3ac20aad722b","nonce":"58065fcb2ba37e0945a53d2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"7bea430445964f80a6c46d12cc9d77e6decbf7d17fe53ba50da36a45a53e2a5354771db324069c3e00083fb041","nonce":"58065fcb2ba37e0945a53d2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"00b24fa8d1ece825f0546dd9546b904db2778f1cfbcef616f32e2bedf63aa4a186fed128b83dc3e978d8663b08","nonce":"58065fcb2ba37e0945a53d2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"48134760e0d19c8c4fce7f2fd3ef8336084dc4e6ffda2c036c7411f79776d2e9aeaec8568ad371e06304449ec4","nonce":"58065fcb2ba37e0945a53d2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"48ad623c1efc47e732084254076f313ce2717dae2e084d941d64810cbed37ff4388316e87190539c15355fc438","nonce":"58065fcb2ba37e0945a53d29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"1fb04e8573d0a362e33db1831c31a6c38d292e30a2eeda820a13a1b9f97bed4b01d0bf4daa54ae0c88ca870aa5","nonce":"58065fcb2ba37e0945a53d28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"61c5745b4b24b0642433e10b461bb1d730e273a81eba9895d18e429146d2b4adfb3fc74ff401d8bb13b8ad56dc","nonce":"58065fcb2ba37e0945a53d17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"c40470b6bf3cedd0141f8d22945204369bec527260ab5401e79e5f4b95c02cd31dcea8ed74f7308cae4f3d53fa","nonce":"58065fcb2ba37e0945a53d16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"56f883f6b91d0b7674af2ad3ec00462d1e961488d0f0f6a4188ae8aa2402cbee69f16cb13ba62bd3c55908cd74","nonce":"58065fcb2ba37e0945a53d15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"8c451d9d887cbdf4cefc2646f863c835cdddb003fc9f04ee0bbc54c437259182e6a5d8fcd1ada6d31118181081","nonce":"58065fcb2ba37e0945a53d14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"2d13ee5a508670714b56c3f7b700330e6cea19f0d3da540a4b89c7ded46253b80fc531f7e6f98f2e9e01387e90","nonce":"58065fcb2ba37e0945a53d13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"495667be8881aa52fb770600be1bdb4138d0ab43e073324c7d571d6d61c4ad1b3cda46d87c8a21c308d71be452","nonce":"58065fcb2ba37e0945a53d12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"ef5f3cbc7916813524f1c962dfbf4ac20e0d1db025a79ae870682aa41f00f7c8d44eb220a0632ea9d981c3d9ab","nonce":"58065fcb2ba37e0945a53d11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"325cbe9781c2ea8d3d8449e125c597fc08d5b24b28b77a5b513420f4c527439142d9435645a1a66a130c7de438","nonce":"58065fcb2ba37e0945a53d10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"70e94e80724d9bbf7d21eb062e2ee820016ae0f80c55224eaf4a259b047febc039d2e31c338a2e0df4c808b9db","nonce":"58065fcb2ba37e0945a53d1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"02249c37b3fe2050ab68528a4e11c03734f1b33c7c6466356c43151a5d10adcef656138350f2b55d869cc51c08","nonce":"58065fcb2ba37e0945a53d1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"89a3c8e122569adfb10dfc3374a8652231cc6fc84b0d686ff2a6c1f19c59d9d39bf432b4effb330439055770a6","nonce":"58065fcb2ba37e0945a53d1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"186677c4eb195a6e97e0adef8150f0e6833c8cc2b31d7d8fa03e0a142a74907b898f500a6aee3d0ceb65b1e7fa","nonce":"58065fcb2ba37e0945a53d1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"cac8acaa2c75336010c6647036313b62ef7260b65da473e2b309d033f9d843e4d0e992135d08ef332f283f4971","nonce":"58065fcb2ba37e0945a53d1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"cd2446b0f184cdfab5043f0055f8d854593b493f23575b1cf9479045e0c25531a8573860d97a144a628f6dfbca","nonce":"58065fcb2ba37e0945a53d1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"2c2012aecb4a2974cf9766c4001d25a372bf5109eb09895f446525b286fba6d187ca269fc0e2048a1daf07dfea","nonce":"58065fcb2ba37e0945a53d19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"f197d53d3788520a70b75819a1830fd8434cec500eb3162ea415649d7ef36344284497592bab3d06ea2a3ff4be","nonce":"58065fcb2ba37e0945a53d18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"155b8b6c3204a8aa53ff2cdf938ec80fb502c59134897cd8532b4dd4b7b05f258b59c941ea8838f5bb80484f75","nonce":"58065fcb2ba37e0945a53d07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"03245bb45aad4059d2e6ee375e498bdfbe90df0d187b89f2c2867ed28760e3eeda7b41b36e8893f7829815c04b","nonce":"58065fcb2ba37e0945a53d06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"08b4025837d06d326bc094fdc856b9fef05786913747cce06436f5c87d5e8632c750fe9753e080ce6f09bccf50","nonce":"58065fcb2ba37e0945a53d05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"a4e44844f3f138647e380b1ca6ab3f45fe3b7108eb6e935ecd9f21f309816140294f9d8f61ce4b9c2a812f6b77","nonce":"58065fcb2ba37e0945a53d04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"08a5cd6d81df07c4c30fbf11c6ed59ba1739bf2bc388a4f09b51f1859e616737756ff129e4b42a54fd26429fa9","nonce":"58065fcb2ba37e0945a53d03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"adc282afbcd9dc3a02902c1406f380688060ef990cae6dc18ed313dcbf18ddaa619dadbad2fdb11538ab499d4d","nonce":"58065fcb2ba37e0945a53d02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"fe947c1364e1baef17c1a1e4fae71c6dc61dff807993e47488dcd78ed116b1f5a48190b434e2f9bc7a03fff71b","nonce":"58065fcb2ba37e0945a53d01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"0a35be1f2ddd79cbe65477698b9cf3229085477b307a2ed21166bd2f261f3cf6c02bfff5da2b59f6d1772c186a","nonce":"58065fcb2ba37e0945a53d00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"8d5fe8bdb465980a9552d3af42a80d4bc4ba63ea4e30ad1906d7165be1676380e3ecaa1dcf7a68397dab10c896","nonce":"58065fcb2ba37e0945a53d0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"b4e96a51bc9757b81c734e8c9dc0fed4cf0d8597764563e5e5b0f195512c31691a7c376d80e89a53a8e3abf8a4","nonce":"58065fcb2ba37e0945a53d0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"f5ea56094103abedb5b99cd09c1235e4e7f042743ddcc61e4a05141bd3d2d833258ed65f11b62022459d1f9506","nonce":"58065fcb2ba37e0945a53d0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"8c818147b850c9f45c420b019834aa4e4f52a1075c432897ebfbb99ba8cb94e6c69fe817cb0c824ead8af0c0cd","nonce":"58065fcb2ba37e0945a53d0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"51b58e21276ea86c63108a0d9ee494589218c5571f9da5b48a31bff15b72fe0dde4e57de34dccd9f4b3b6d8977","nonce":"58065fcb2ba37e0945a53d0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"772b8ab96a9db6f1f298e03256d1b4f6f322465ba7893b1a84c72a7297fa19c5e81c5e0df782f4d45a09c575aa","nonce":"58065fcb2ba37e0945a53d0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"02dc39920ccace87c3b72e4fc23f9eff1b3b9f7524466da4f3bf4efb52999489af82f0e8e710432fee8e5736d2","nonce":"58065fcb2ba37e0945a53d09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"6a5f8f3ba51e6d2092c5f651ae278cdad408179e9439dd33ec2bede154f2297acfd078726162bf11130a5a9945","nonce":"58065fcb2ba37e0945a53d08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"6c44a17f89e3ceefa928dbc8c89d2f397c2e73f3c2a9463eae12a6ab6a68efd2a0d71967b6676d6d0f0969e9e4","nonce":"58065fcb2ba37e0945a53d77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"e5966191ede6ab7290e32d64c9fbe45172dd66eabd067b4b91328c9005f9b687991dd13824eea9fa65f34d744b","nonce":"58065fcb2ba37e0945a53d76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"f2d2ee4d368d10d5153abab3b9d2f4dbd5ebe8816e24f8b8dce88f620dfc7235ea0f6d47c90145a4bff1494309","nonce":"58065fcb2ba37e0945a53d75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"310bd13e2da376335fad48e2afcdaf3444108c8cfc36166cfa3cea9da0a082ee203d520df9eb7ed37e3e9f51cd","nonce":"58065fcb2ba37e0945a53d74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"16676dde0c4f43aeea370a61534f334cb4056e1677fdec4924d691749ff329e17b019b985f6f8338822ceb2b5a","nonce":"58065fcb2ba37e0945a53d73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"a695d6f98932d8e48efb0cb65c5d5cf9dfbc92ff3bc002cfdab29a17aa32356979a2ae77e487a4bd3da976f1ec","nonce":"58065fcb2ba37e0945a53d72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"5ab2c8277981e63f6f5a052656dea6be8c05c92bcc842972f2259fe813d71edfc1f5f40767fd1fa2defcbc6bf0","nonce":"58065fcb2ba37e0945a53d71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"29d149367606164f9a1cef5dd1ee7b9e4fd51d9764ae9c9c76e9af8ab85fc27d53a4d732932e987592fb1f168a","nonce":"58065fcb2ba37e0945a53d70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"1502836730dd8b9345422b8616576854270df307b82e7b65c683282ce6567edf0f30644736929db2c889c12811","nonce":"58065fcb2ba37e0945a53d7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"d95c137db2be14c4af59e0cbad67a6ac9c274aa9a5f5a785203f96fcfd9324527a2440f36f672aba05fdb05b4a","nonce":"58065fcb2ba37e0945a53d7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"0ae4ac57a65c383ef7bd51f40c6b41962b367b386125680d0b64653c81ab60806dc6950acab083b24ac43b6a48","nonce":"58065fcb2ba37e0945a53d7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"10039549db1c9c6cca00dcb945f0d12af55d3c931257edc1d0e53181fdd102ae0eba3e33c3a9ba6b3eb2677bb8","nonce":"58065fcb2ba37e0945a53d7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"996713e649e45a8810ac0a6da2e68f9f397def913175a21c92e0d6d2dce7ccf782cfd4b143fe1029a6cdc4dc38","nonce":"58065fcb2ba37e0945a53d7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"b596c276ce31564f1e7a7b5b2cecfab959b4b56771136b4ae657b0a7f8e2c83932f010bfb06163414e4fc14933","nonce":"58065fcb2ba37e0945a53d7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"ff9ef95a8a05478f02664fa925859e1c8c8ee3223d44de8cdff883563a45785abbe9de050c8d7a582e8d9f5609","nonce":"58065fcb2ba37e0945a53d79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"47872c347e2c7fb23401c0a384ad56ee912de0eccc4716d140e96cbf7589778164fb7f0d1209406a1de2f28fe5","nonce":"58065fcb2ba37e0945a53d78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"ffdf811bb3be663640c41d0bccad45987084bcbe3103bd826e911adc3951977c6b01c70009c49adab50a910723","nonce":"58065fcb2ba37e0945a53d67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"0269b4e22e135db60da7c46671693353e670cfdbe4579e1daf55885f26179ca8b82233fc4b605111a9973d8fd5","nonce":"58065fcb2ba37e0945a53d66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"15502f7f8ed9f8272a42e52c590b577919ce83901726d84c25067663009ee9b695403ac11f7b751bad0ae89908","nonce":"58065fcb2ba37e0945a53d65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"773cb828860ef396ed66156dc443f6c0c6273283496b54ace17d5db6b1ef915303e8d10737f6a61fbb717cc92c","nonce":"58065fcb2ba37e0945a53d64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"17d814ddf29cf97629b1335480566f4ebe29e58f5909da61e41cc66f813e1920b3ba000b8654856446a587526b","nonce":"58065fcb2ba37e0945a53d63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"985538f7236215f56d2e7f843e559d03173da2677852dc2f299b65f70c6770b22249a329263a7dc8573e93481c","nonce":"58065fcb2ba37e0945a53d62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"597e80537a18dca5373126a6474f521027b981451be739700ca4e771e7080da956b39b9ac595792e78c9bbf549","nonce":"58065fcb2ba37e0945a53d61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"5ea27cbf12e43cc3a1165d28184415ebdd2a332808322a855b5540c2a9b071c03c8b293a88dc06346151ba1c63","nonce":"58065fcb2ba37e0945a53d60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"e3245a49207d5661a9848efe986106c4894690c0a89c84ade024abebb377e9a5b4a841b396d9f5fa59acb10082","nonce":"58065fcb2ba37e0945a53d6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"01658310c9a50052a5016d0ca89f99220a4096cf4e693a822a5ea4e404346a1f6548c1b299aa28ffa69f532a5a","nonce":"58065fcb2ba37e0945a53d6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"7ac54040a1102a0767629a3c6220a8335d425be0d8e47542bc2dcac5ac0e03a181434d59e339ecbf7a4d6d02eb","nonce":"58065fcb2ba37e0945a53d6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"93574f8df7cb90355568fea83cd8fab58b21951501cf189ad49f5c1997229b6ec5efaf3aad74bc3be396dcf1b8","nonce":"58065fcb2ba37e0945a53d6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"5a89c6f2bae9d950f2fe411897c4b332ba46b86674cf3d3551d4a1cc851efec1c5352418ea71e7a25fbdd91b8e","nonce":"58065fcb2ba37e0945a53d6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"c7f2fdb3d58f38fb862da356adeae5ecf6bcb4dc5d83da08898a93d680def20c56bfabfd1e5a777de3670c57f9","nonce":"58065fcb2ba37e0945a53d6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"5f60c06f475050d7c15e7227c94ea0451c61297c754c885398335bf82b2fcb8bcf69b45dc6d4608d664321f510","nonce":"58065fcb2ba37e0945a53d69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"a921b7a0f4c0d0b23ff6ae984fd78c7c77a7512ce534612bc5d13d1a5c85ca617dcc433dfad6ec78be7ef256c8","nonce":"58065fcb2ba37e0945a53d68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"cd29074378a977b338cef419c16b82993ae8c2e8f21cca41526ff67dc96c174ae7ccc1aedf4fe78d0379cc10f5","nonce":"58065fcb2ba37e0945a53d57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"3a5603ad87057f888370b0d72e2ef9f95ebf9a15d132ab0d9b7d65536b8db7ec3cbb49df4557c80cfdc7680835","nonce":"58065fcb2ba37e0945a53d56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"4afaddd9bf91fdf93252c515291e073bf069636d7982f047cfef880abc6b89eb94c08ad636a6436325f4d28f52","nonce":"58065fcb2ba37e0945a53d55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"952d37299989ffcec34d2edaab3d9ecf390ceff94e57c5eb99d2c7f2ac21d76799e105b83ef39178ed1c891630","nonce":"58065fcb2ba37e0945a53d54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"dff1caba685d80a438973b640ba5efe848c395809771f1e4c98f0c2095703be0bd3f1943758636577a2a401199","nonce":"58065fcb2ba37e0945a53d53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"24b4e0a6053dda7b9b20499997394e9288ea4f87353a001cdc9244e1035ace3a796116eea6105a0c1513ec1cc6","nonce":"58065fcb2ba37e0945a53d52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"9b7a1e4a1d298d9c0c764226a8a9111a2d810c66d67f60cdc376f49ed022c2386193b56de16cc9459b48859a4d","nonce":"58065fcb2ba37e0945a53d51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"0b7e3fd21f181fdbf476d1c68bf951786e7eea02c815e93de3204a269f17234afbbbcf6501a5e4500169b4172f","nonce":"58065fcb2ba37e0945a53d50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"3091431f36618b7edf198d043cc49e3bde88711b7915fe54e5a16113071957dac00cf496b08b489ac9948eb2d3","nonce":"58065fcb2ba37e0945a53d5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"8376e403841d9eb4db747181e13670994925e8bae008eb1a94857a2b8a82cdbe6aa99f335d1f2d47d7ee962855","nonce":"58065fcb2ba37e0945a53d5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"8ceb9abad50f7eb917b4cd6f771888f1dec3bcca96ab9d57fcff2f3578a29b4486d8bb935409a5fa6f22a95399","nonce":"58065fcb2ba37e0945a53d5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"624ecf6bcf2be1f61190e589801bef97de0d69a7402be32204d0602d41483ef7d850e2c65877b9ee3c71b5bd6e","nonce":"58065fcb2ba37e0945a53d5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"6888b3bc3121464e268ad654a5e51cd703201da489b2eefe80390413ae78e1b9240c256eb3a86f2037ef0ab68f","nonce":"58065fcb2ba37e0945a53d5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"8a13cb28e73b9b2e7a4f4fb171749cf279a3034c4ac52e9d9e97b7749ab30d6fc49883b8807bba80635a742895","nonce":"58065fcb2ba37e0945a53d5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"40f65006c87b99bb25a7ef401e8d746e56718896966ed72c2c0ddf4fa39f157518d548f047f9c8efcdf1d75c27","nonce":"58065fcb2ba37e0945a53d59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"10d64102837a1ea26effed91543ef08133f93196bcbc2bbbbc69e6f4b2dddcdee87102907dc747a51b81f1e878","nonce":"58065fcb2ba37e0945a53d58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"7be45c031549774bff5b0564f8fa796222b4854c6015c88d2c53b8ec9bd7d5ba8eb1096ff74a85acb390366b98","nonce":"58065fcb2ba37e0945a53d47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"12bcaf9f31485092048c93661903a9fe8b9f8d938e4b3182568927f0918ee1901221b63801137a8207cf91b557","nonce":"58065fcb2ba37e0945a53d46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"4b3976eeeb54cdae16a40c8e224c8f889ebbbeb4ff69721c3d37c79d642cd152c45f1a5ab1b809761d950a88be","nonce":"58065fcb2ba37e0945a53d45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"64cb018cc80a56da25d25ecc95cd35ba9d27f404037604ddace585264edba64873ec59a01c80d64e5e89d072ae","nonce":"58065fcb2ba37e0945a53d44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"719de36d79afd9d309b27e50e06f0e04fd4d0d24df8dfc6d49d5086e48453045b43625eae211e4e6ae9a6336a2","nonce":"58065fcb2ba37e0945a53d43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"770c660eee1651d58c9ee1142d2c03e789a6f66c44b82696bf349f1b86a74c06dc75cddadef56f7f2f762ce7a5","nonce":"58065fcb2ba37e0945a53d42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"af358c7a0a9668488a9eaf24c92445e60500fa17f7645d195378d0563aec7bf497daac85b7e7c4169c4cd1d203","nonce":"58065fcb2ba37e0945a53d41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"85238b212282bd83585b41d0d32f619cdce484dc56fc58fc445331ebf347678059f37e5bd3de83561afc2784c1","nonce":"58065fcb2ba37e0945a53d40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"017fd0e3827e0a9fcd4b35054aa1ab949415181cb0519d80afd8ffba98ec2e9fb0f8351484e5cfb3702ee89d66","nonce":"58065fcb2ba37e0945a53d4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"c872954aef6927dd2cfc589d4b8f2c0aa7e19b65ff1c253444865a77875406657c60923eaa50605044aebcc2b3","nonce":"58065fcb2ba37e0945a53d4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"dba14eb5501f5f9bf458917e52eec7a347f4ee56a912a9fb234f06a614554906ac9b5766b8fc6289c778761377","nonce":"58065fcb2ba37e0945a53d4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"dfe6dfd37570e2ca84c5bb6158a7b52984b3ad8265a4d3da6d5f5ec924fa80914fdf290759126da6a8286566e5","nonce":"58065fcb2ba37e0945a53d4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"c8b6e7f9b2cf5c2451e6c77cf1e512622cfc2d0f3be0aad05ec18aaa52dbb31381808d8fd1ab064678851752ba","nonce":"58065fcb2ba37e0945a53d4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"ebc3633a42c9679473c6476bfe2b067d4aaba3c2c615e3f216e56d4523c7d2f2c240bcc68bf7be7a2f75766560","nonce":"58065fcb2ba37e0945a53d4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"4a544efd4c19ebcb3123c60af596c7c04d2d77568173a8dbd2098d861373e0c0944d4ba31c1102c8a985b5fda5","nonce":"58065fcb2ba37e0945a53d49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"15b583796bb03522b5263bae0f869320e34e1ed5527262a3364442ce78d535bf9ccc46600e61d6f1983f0368c0","nonce":"58065fcb2ba37e0945a53d48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"79b85a9c95084dc0905190e4a25f8c5b5fff4f6b8c9e5fd240532a3488ffe88f985fe0dedebbd2adb6eb2357b3","nonce":"58065fcb2ba37e0945a53cb7","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"27afdac6e8db1ead140e198cbe511a5cca806d6a660b625ae080086dfd493b7d"},{"exporter_context":"00","L":32,"exported_value":"19f3d3baf9c8eb1f96eb602ad133c3433277861d7d46786ff8b84dc3818df974"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"51c5659a772834d42e8c0969ec1849976ed842c25fc69add5b52d601aa1d6fdf"}]},{"mode":2,"kem_id":33,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"e09e98faa275b3cf0530b525b49ea140f08cf90abfca34879671a0930429685bb55204f6720369c15bc718dbd5f44d1a67d605735b4e14a6","ikmS":"5a32de729dd2e3fe7c19373e7459ca87fa247152c41b87ce46f2563663a9cfa09e78d185aec917bfda90d2cd06611dd406662892d9912ae1","ikmE":"597c075bcdf5b29a07b0aeed46afd82bc5dfa73633964f1c2a5128b7a522ac3eb0077657f105b62e22fd4fa2487833cf0610b599d44a641c","skRm":"24b518cbb90dca7b9c9ee8cd44ce743705d3db0cb62c7b25dc4c45911a4af59d1d514fb9b0b848540f8fdb029f7d547d3dad784708da46ca","skSm":"2f2e9cea55f428b7ed841da95b50a1b75016db4e3f5ff76489384a07b3512611b642cfaddccf3684595305179b8c401da30c06b6dad91656","skEm":"d183d9261d3aecc1ed7203f6281fc05dcaabd5cc4a6c946ef02eb7252ba79ac605790696989ee4e32f1e6d20ffeb246cd8f4093707c177fb","pkRm":"e3d4ba6d08493787a4cb8e815639ff37a586e0f3d248b83d1e24ca4ca7d7086646390edf72b07d9e8234a30425b5f7853cb9c0a692156de0","pkSm":"cc9143b9430e3869b40c287f7db3ccbbad6ffa24952af770e6d0a478ab5591cce58445205e5b8528c6afc33a1e8cf1795f555622b8e00c6e","pkEm":"decba1629939ec19de5ba970a65939e903ad8bf0de12fdefea3cda538f4399d0b7b3566205df1f07a02a6d997c3c0c8ee80d1692eabcea56","enc":"decba1629939ec19de5ba970a65939e903ad8bf0de12fdefea3cda538f4399d0b7b3566205df1f07a02a6d997c3c0c8ee80d1692eabcea56","shared_secret":"9ffc6e0f3fdad2d69f94e5dc9663f3398abbb8d4c82afd063a0bcab436a40561f18d90ed0c53b8a41bf38b79b0b9da48e289d2ccb209e236ded06d5e154a074c","key_schedule_context":"02d48cc5df954e70a3d12964fb237eb8af46ca0a5ae5746c4e4db3a4811432ac0102adfc8d4a9a21ce5ac967d155f2cb11fc23851d6fa84717ba59f097b4bde4a5","secret":"1cb926c54e266e78d7f088d430a33ea49316b96bd661e8b4f3711db9013e9f60","key":"","base_nonce":"","exporter_secret":"3c89edb3d2510b08ecbb250b2184a767272bf86bc6c1191f6b79e5a3b30258d0","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"84003a61f902d75395650c9ffd8c26bf2e871b8dddca99c884223bc942b0165f"},{"exporter_context":"00","L":32,"exported_value":"0dfc4faa6b3470f28f521b9f987c6ee7b98ee628170da2515f0ef56293bc586d"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"7f5b9b4c35ae1038e8def604abbc402a7f947966c76522b8e8b13e01aeb3cce3"}]},{"mode":3,"kem_id":33,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"5be628a9b85c32dd14f47a72396f366badb75ec168491879aca639e205e84fca9820bd2ab6aee73dc9ffcaf6c58e42fc5728d31538a1effe","ikmS":"a11a0f34d3519619874a2f48ec284cb84513ffb5a7f66108a33526a336ad07997cb71a0a780e6bc8e5c739941152954e99d702db861e1072","ikmE":"c4ba3dedd565e618f0769c2621db6c960623cc86396b9f4e03b42af463324dbc39295658572c538a5f40e6369cdf57f2879039bade32a4c0","skRm":"394b563e6c50b482b229e1802b279f04571eb887c449fa2f79ac1a0b30c56e97cff75cb02ce73ffc3e8bf4329966e933375f0cf4bb824127","skSm":"0350c6835e0413d4094e9094d4f6b8b9728b2d60d01904edede5ea631be7997b9444ec6d0095ed0ca1f630218132b4af5176571ceb778e5c","skEm":"1e86d571df884a080870dff9504a65bcb7a9973a536c15f9ac86b328ba094c3769a268d6c8e7c2210f26c3d1d7bb2e3b10be87a702f467f8","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"c4692f670323b205cf696e1b12d9930854dca24b8caa1b109442d1dfc36bb46077ada797704a3a089273431a28ef1144f009c6bd8617c246","pkSm":"6ddc58241eeafae58df984bb58670a24f0a450156c0e254ff2236efb284b2bbcb7ac88d9fe7199e2df352bd09936f7d1aac3a8f8e4852d7b","pkEm":"52ae9c67e7d194218758ce16945552f65f61d8ff12fd0f427b98a8f8875a111359c4313773275c12638de1d737f4ae041ec1e2e803bd5bd8","enc":"52ae9c67e7d194218758ce16945552f65f61d8ff12fd0f427b98a8f8875a111359c4313773275c12638de1d737f4ae041ec1e2e803bd5bd8","shared_secret":"18b3bdbe56a170983249264db97912131fbc9ef2593fcf3ef37d13ee079cd9d230f4838f2bba3d0966092028925dbd057836365713ea6b40630623f024dcc5a4","key_schedule_context":"030235bb7ae0a1ed819dc1a6b1b2f4a2afcbb2a29c4e4f5ba1ca224b81970c390602adfc8d4a9a21ce5ac967d155f2cb11fc23851d6fa84717ba59f097b4bde4a5","secret":"44252c1b496e3f41d50b3d636861ea435897dd65d3a602df0d82e7e2d86fc6e4","key":"","base_nonce":"","exporter_secret":"c8cff5b79308f3d62a73774692ffb28a1e6e1226fdc12aa11957312acf6c0e72","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"301c6b2536f4a2a1b5271ad7c49f7e13d4c07029697afb3967d0c16d56552990"},{"exporter_context":"00","L":32,"exported_value":"bfde7908be90a3d461d4da8238c1a406e9fdad2ca2d914147c6855ed9fff5cd1"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"76d035753e462a41b9ea2ed1c3157a8fdf2f69cb29522858fe7f7a483bebe156"}]},{"mode":0,"kem_id":33,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"9961bcf84fe5dda13e56909560105b19aebfe4b567d14f60b1e4956f0fd380736f3cd44b9f9b5c0237956458fafebe0c711d8e48a15b9bb5","ikmE":"828cefdb56ea2d8c352051f526af238d699c8d11f2b7bfd12af5bf66c9c9331419e68bdd47d6ac95ac8703ed64b9456ad5b2950158cd5f62","skRm":"f862acee5e4c5cd7972c17131336f16592705ec1f3f5e5d4d8bb683097aba592d5bab308d77c98ffe46e9fb6475189795bfa68f27faf8153","skEm":"06bd67405342463a37d9b87c6b003febc253bfcd94f7211b7b6358f1593a2d156d4106882cacc836118abc86cd75fada64628c3ecdcf29c4","pkRm":"119ad846c810635111122b374ffc246e3cb2f65f386da982609723f0ecb3293b53a394f35bb674fea3bc86542c7b173322518d1bb5dba4cd","pkEm":"b78deed63727d31261a710e9fa65f1687daf1d5fe115145cf92c9e21b734964ceccadbdd7da26d7660c5084f36e8a0dabe1bab51307c9e7b","enc":"b78deed63727d31261a710e9fa65f1687daf1d5fe115145cf92c9e21b734964ceccadbdd7da26d7660c5084f36e8a0dabe1bab51307c9e7b","shared_secret":"3c770c37c9a14158ebdd2be64dbb612f1441b8f3c523f3cb0a95a1d01f8c8210a58b0ec265df6cc25b026ecb311d9acaf397ed4ad9dcad00c15941faf1759777","key_schedule_context":"00d48cc5df954e70a3d12964fb237eb8af46ca0a5ae5746c4e4db3a4811432ac0102adfc8d4a9a21ce5ac967d155f2cb11fc23851d6fa84717ba59f097b4bde4a5","secret":"775cfe3b2ac7a50d50faf13a4c7c441307a523bc77d5ccddb5b66e21b0a9814b","key":"","base_nonce":"","exporter_secret":"c7dafad0ad4c93d1673c31cb48b941c11c722a3a6dd9920903898b0a4071e038","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"0fcd6d55b7fe700d987c4053a3d019c9836bac56a9f0131b2cfed53efe5feb60"},{"exporter_context":"00","L":32,"exported_value":"be030a645c2a46c3e9edc0830e66c3d8c16d5b18147e30fc2e4c82c5b6714d11"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"2ea59ce1213bd38c795de75ef3f322c98fee8da66ccbe9442a9d114d54ee0926"}]},{"mode":1,"kem_id":33,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"1d8d7fbe0b138deaf54ddbd806fb32c0e5d7ef73da400918e87e3526d4efe740f572db621b8bffc1e4b42ce5353e086416fa7b339fb513fd","ikmE":"45bf39a645fbb6669d6981a3ec14e0158a5bcc94232ba1755a949152c5d5c3c615ce745a77274ed8e33bc9b686c251cb995662ee17c54268","skRm":"fb90712a77cc381effd4afafcca104d6b355138ae0494571a4abacf64ac1bb2f496e5b1c01fc3860789dcc3ad5b610a86e4bd3bcd2e394e8","skEm":"33a3e684cd8eb38c6346c8c0fe7d9142470157b28969b1ed8619c1fb94d7fa7d3f74ea506087540b38abfa631cdb3d5f7d285fdef95c484b","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"9aad2f6ceb015a9d492ec8f3ddcdad5451a344310910ccba512992c59f906f3d88b53049d08d64c2c286657deac152db861e1899525f8909","pkEm":"3edfe68a7987ef178ca81678258417fe3d15d4335042c18d3d90c18ac41c9582939ffbecd864cd850a62d939db29afea7a75816a19b78134","enc":"3edfe68a7987ef178ca81678258417fe3d15d4335042c18d3d90c18ac41c9582939ffbecd864cd850a62d939db29afea7a75816a19b78134","shared_secret":"962f61e0b1dc7c2417612333d740eb53e419ec32fc61bb1f490ec6ea7b784db5601e14008d54b360c23aed92899e2fd01867fd4462801d2633438ec4239804f2","key_schedule_context":"010235bb7ae0a1ed819dc1a6b1b2f4a2afcbb2a29c4e4f5ba1ca224b81970c390602adfc8d4a9a21ce5ac967d155f2cb11fc23851d6fa84717ba59f097b4bde4a5","secret":"fa71378774e553fe021d7a0dc5e4c5d511facd07ebd5d7d652e6ec62f4aa3320","key":"","base_nonce":"","exporter_secret":"0085113dc6c7f66dd6c344056db13a8be3c3b92a0145735c2c46e06fe0c1e2d1","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"87469a3a65269fced00a14743bb672903447efcacf1f721d52329414c392bdd8"},{"exporter_context":"00","L":32,"exported_value":"b8b2e96d98dcaa14be87559840ab51bd88acb776b01f51d9a876f3b11b04a65f"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"a8efc9af050a0bebdde5437874d56dba66dce0a0786e7b8affdc9f5ac725dc13"}]},{"mode":3,"kem_id":33,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"1b5825b7e4e12ffe9850bb1d6fcae6c1993380982cfe3b328cc0c83558aca1e05fde8d92f0ae82308a4c0167970a9c3d2ae4a722e3e56ae0","ikmS":"0bd9e7fc70aeb8c8372db9c3f9fb19895cee7c049b381301a05ad7cfd2be2de46598a895dcd1fd3e6e0e95eeda481ebc14dd64688d17c24e","ikmE":"da4a83ad6352dce79b6a0d7a96338670fcded42abc00de8cd155086a9d0dc91bfe0961b0645279f68cac01b6c99666861331a36ed0b88305","skRm":"78d6921806284e036415bb7288995a8edfb6378ed27bb4fe119299030c81227b324afa94d79963903240f2bfddc9d8963a529578ae6909df","skSm":"e9f06289c943d691d24da22c112e261421de8cb4e281ec1b60ce99b3ace245dc9d6031346b35829956acba95fd95b6f652c764e327095f2d","skEm":"1825898c853f498c734fb5d657ceb1d34ccd3e0d8d73eb6306be8bfe7eb5fe410916d61463811328898ace64ebfddb960f158ba8031d76b8","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"e932b05161f2ab2de7c7e9ee7da7e9ad5a6c61b1d06bb5fa1f510d8066b974a1a7905f83908e0e78b50224ba45b1d01f5e719358b1930ff4","pkSm":"906a22a7b4eba6e3620646e9ee036b1b9ebcf8f914cf5a0e2dfd32df67d866715ce5c6f90fe0b30e1d6fc6e2439d62239f77963e024e9257","pkEm":"47b06ca32bcbbac329566113c27752ba508bc89d8c69f8fa8d8355764ac1e784bc20212b14981fa2d45e82d77b9f7e97e0d468e1398861f3","enc":"47b06ca32bcbbac329566113c27752ba508bc89d8c69f8fa8d8355764ac1e784bc20212b14981fa2d45e82d77b9f7e97e0d468e1398861f3","shared_secret":"066fe8b6193b3f5f31e8727711fcda2670bde7806b85ab30f530f60175b544dee3bde5810ae7b38deb249611462eb2ba68717e09e345e442cd10a40423cb3fef","key_schedule_context":"03b6f77772f75e969afc66fe6df70331fdabcbfa9c5fc9108db02ec7e8ae117f5b28f74e569a9bf3df79c9e5507a5441d7483b9da3d3394b3f168e40554f530893574a72814c5d8e45c985c4252e66abdfe846113c17cdd7485893b89e0d5cb23d409145ac095bcceb628874b68378897f77c36eaaf45dc932c30eb5841015517b","secret":"bd3f9f7abfaa46f5df2f51010e32f367ea70529586a1d73e32ce7f975263631bb88e1a1fc6eaa96fb58a9b8ab514fd3d0f469719404af8182b5be2afcf5d15d3","key":"fcf4baa0cf9fc4fa01ab2829fef9f087","base_nonce":"c88b7e625d7b6ea3e834866e","exporter_secret":"9dc95cf4fe755e506a8dca9ba68b6016a5c78decbb298bd57e3c1acc1f4be13389c26ee15add9f52140aba723669c86a81f0b2ce528a3f9f830b45a340d96401","encryptions":[{"aad":"436f756e742d30","ct":"b56a272eaa9635cc682d47f1e44b4f26499a07618c4f09f11b48ebb8bafca4ca88f39ad4c1c2867373f37605b3","nonce":"c88b7e625d7b6ea3e834866e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"369e7e28df86be4fe40ee1af8c8c2da042fef27f8234dcbceb3be5f6dd07c96ef8a0815779fbf53db4ebc61d37","nonce":"c88b7e625d7b6ea3e834866f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"e5713729edd0623c59ed86f8657a35c206112d8ad02093720ef138f4f5c0d351a9d7ec944f5c40566b85aa2c37","nonce":"c88b7e625d7b6ea3e834866c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"69c9f0fb9bca3ef5a9fefff4f1bf2e051a22b6f514bbb46e69c37e457dfaa572db1a62a128b5aad3f9162de7a4","nonce":"c88b7e625d7b6ea3e834866d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"6f08ea2594b3b6c40152a81521ef40db6c003c286ae8f6a3087f93f63424e4d6106584dd673047ce946b8d1f65","nonce":"c88b7e625d7b6ea3e834866a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"4048cce4e09362f5179fe2bba18bdf97251f9ae3f30ae85c2512edba34441830aa79d7ffa0d7f4d81b509a1564","nonce":"c88b7e625d7b6ea3e834866b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"0414b1ceedb957bc8573024f975ccf56f0904741ed700bd2202df92165761a462e5356e2afc44bb480ebf05ca0","nonce":"c88b7e625d7b6ea3e8348668","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"37605716816c99fe2097ebcde10d5ebca93147fcee3ae0c9cd2116c96ce96c44cc487843a4f3d40f6adfaa22d3","nonce":"c88b7e625d7b6ea3e8348669","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"b833fb9e025d7ca2edcd7cd1c2f9a63c87e97ae5e397800a7a1964ce037a9f68028b16c3dd85ec0d89a2598cbe","nonce":"c88b7e625d7b6ea3e8348666","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"de5b03c48222c606dc5cd99b282089dd75dafd5c4f1a83e1918a3dd46b094411976e530a2f7b2592f277645a40","nonce":"c88b7e625d7b6ea3e8348667","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"a159d06b5b9cd7437e58b095b0b4c9faeef17e849ecc5fbd39e61652a8db234711dc0a238cdc2a70f6ab6e0887","nonce":"c88b7e625d7b6ea3e8348664","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"699f08cbae9bb1ca20f400572537859c937bf0664d1aced164207a89ab46805fcdceebd9ecc19450fc9c3a965f","nonce":"c88b7e625d7b6ea3e8348665","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"828df45623b7a868a86a3fa2bf1125d62173bd1817c537b75870b3aa8d753c7c00dcb85941b23060e938d7501c","nonce":"c88b7e625d7b6ea3e8348662","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"28d50d275713c356f81b4f1a103eae25cd623ccb84179833c23b720a7ef3f1c6b748ddfa9e68d3be4d1c89f849","nonce":"c88b7e625d7b6ea3e8348663","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"31727b3f179ac93e3fe1e57b187b2ebbd2ee3d42647289ce30650d8b4b31a7f9faaec66dc1e8e53fb5ea49125d","nonce":"c88b7e625d7b6ea3e8348660","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"30429920df1a3e88414383c17b815ca620433fd6ebc632671d9a1c5d1af5ac56cece6f9ece7946464db257b6e7","nonce":"c88b7e625d7b6ea3e8348661","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"fa8760fa14abf404f4aca435bb5efd2a504408cc964b732203ae5df88b0fbf023fd91e0b57318c436c39a4ca98","nonce":"c88b7e625d7b6ea3e834867e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"3e0349e6858385037a9e62bc77cb7c7890ac8f3b617d1973f6be81d456bf44917532e501a16df6e8107457898c","nonce":"c88b7e625d7b6ea3e834867f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"a99d22d2e6f4e254e069088ea46fd55c84ba001561b32985df9a97ab988053c4a280b6b0b0c898a2f99ea8cdee","nonce":"c88b7e625d7b6ea3e834867c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"a78ced9bd277c569047a14d4afcb7763699490c0a23979b2c934e65e4b3ac46280c841180122afa332f26348b4","nonce":"c88b7e625d7b6ea3e834867d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"499edf25dff506b68973b3eac09ff845f439576fa47b2f48efc3d477089dca448fdcfa76a067b5999ba0f2c04c","nonce":"c88b7e625d7b6ea3e834867a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"f151ec2cb6293a4b4bfad48ec4fcb70de286f1f1a9a7d9011b8e1699c08bb1d5f5a918de6f5c41416f756afc53","nonce":"c88b7e625d7b6ea3e834867b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"08d144b5a1de532f05e8650d692192596cba24a83c56a78455b2c9357ab39565a1410f24693a9b089e41a7bb0e","nonce":"c88b7e625d7b6ea3e8348678","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"73ed04c644819727c464a7d28bb10e933a0895aa17f29878da1bd9d44e687bfb228e56e70989215d03695a82ec","nonce":"c88b7e625d7b6ea3e8348679","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"fb18487797aa6b10a5b40996111c3a04589093bf1702cc6d6aca8a1de35f371bc7c29f306c090831306aeb59bf","nonce":"c88b7e625d7b6ea3e8348676","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"a8eff96047ca0ffccd40b826c2500d14a83a96dbe2dc326e5a82056afd62d979d99fd3b2b0528f4e2324d08a4e","nonce":"c88b7e625d7b6ea3e8348677","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"785b7d4b7f73df7106d1673c94b0307e239c8d7969dd9d8b99332c67b26b198d403de6312db3d1631743a9ca17","nonce":"c88b7e625d7b6ea3e8348674","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"5d14ef0bd8fb6c4bb1da0aac32d3f7062ee29a5c8bc695b9c7025db96e3573fecfe7f7842c8dcfad77ea9f3999","nonce":"c88b7e625d7b6ea3e8348675","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"8157fc22892d5feb98fd3ee99f7dbff4736be5c0f256e41c3cddcf4a43f0321d1c52af7c181a49f78d5dcce957","nonce":"c88b7e625d7b6ea3e8348672","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"7475c8bdd3019cb909412c01fb28db971f304cbf944cbf0e84b56697529ec97cd49b2b86c098127dc2dd894705","nonce":"c88b7e625d7b6ea3e8348673","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"f90e514d3d31660146170bf4a8395a8e31afd20af2d20d83710ba21a0185cbdae394ded44fd7bbbdcffaa90f74","nonce":"c88b7e625d7b6ea3e8348670","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"2b81ab819c6aeddf0ac8df992d7f696627af36a4e5193f689037479cf86bb21d0c30aedcb4fb13eecd9d3e04f5","nonce":"c88b7e625d7b6ea3e8348671","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"05f68fb2ebc6fe28c3d2bdd2ef48515bf397ab00c6a951bd4ac3e0e634d875584c153abc52a3560102916097af","nonce":"c88b7e625d7b6ea3e834864e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"a94caa768e1378c757ab6b048906308bd30248c22510448b26cf71add66f338bc6805480d70acf4cad5ab8bed4","nonce":"c88b7e625d7b6ea3e834864f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"049827e1ed6b71025fb68e31bf5f1852973c2d9fe8bc4b61f251465d1134c08ca1aa95cd6d807d75cb8cdf61e2","nonce":"c88b7e625d7b6ea3e834864c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"1535532636d1f5f4cd4a451aa8b2cb6af2f260d7356098850bba9f0f332ebd65c4fe012b9f33dd987cbcfb0ddd","nonce":"c88b7e625d7b6ea3e834864d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"f84ad857986c9b8ff9bc976120f507eea0bcf4c19a3ca123f5b30faaa54404c5d6c58a7b3988c7f710be1c445b","nonce":"c88b7e625d7b6ea3e834864a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"927907ac161ec8c2cfae623a87031e72985df811d97e37d2baee8a8f4f6761c90234437d1ebea6dd7822f36054","nonce":"c88b7e625d7b6ea3e834864b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"e9e60860783a23a56930be3c3d168011f674d21f73c1822fa4293bb6c9774b3358536f9ce18aad93127854d746","nonce":"c88b7e625d7b6ea3e8348648","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"a376788680d8b8d5df7caa4e5d4d6ed4137617117d1e9cb9a622121891efc5ae4be82dadf39495d5b5b6fa0115","nonce":"c88b7e625d7b6ea3e8348649","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"9d92df738466c99b0007afd598b91b94b0a07a470660bae2b956c82a64dc91e9084b231bc95d8237eb3da2878f","nonce":"c88b7e625d7b6ea3e8348646","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"85a003fd5800ca96576175526d94fd2f63c7ec7fded598565d3f415fca6846bbe61733521ff3a216c564093cb9","nonce":"c88b7e625d7b6ea3e8348647","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"4995a51968ba169d9cc30aa4603192a404e0dc7cc9da005a52d85bbc8a45466a8fd58e4b442e2518a16d50d76e","nonce":"c88b7e625d7b6ea3e8348644","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"dc6d79479ea320914469ecfc3f89dec1c0e630cb18d81d19a1e87ea01937d4a1f7c80c1c53d2f5e7b400f3bee6","nonce":"c88b7e625d7b6ea3e8348645","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"d2cc0cfbb4499975c2ddcb2b029397d712ce4b4f5cfaf421966b9a031bcd1648159793ca7097c805b1bbe106e3","nonce":"c88b7e625d7b6ea3e8348642","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"a34da6ccc443759e65afb7ac05739965011f6824a7d42777d98d1a5289022e9daf956a610e829be2851237e94d","nonce":"c88b7e625d7b6ea3e8348643","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"39b393b3aeb00a5ebc46407b1c3551d6ceb550d7a19a0d0ffe4f9036c6a2f95a3e6fd85880d2667e159cc5318c","nonce":"c88b7e625d7b6ea3e8348640","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"14fb6b3d7973245d62152988ac31264b7268b316b049a373e304b43c66bc4e936c9f2f601c6d01977f2c50ac56","nonce":"c88b7e625d7b6ea3e8348641","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"c476434b93f9b45f2514c4d592f34fe1d18d6333bc86914fb37c873e913a88ecffea9007562e3f91529680f191","nonce":"c88b7e625d7b6ea3e834865e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"fadb3a5f13951110fcff36d4ed6f7c66c15ae8db77c302a76f09f72c427d212956c099553eb2386561f7a09955","nonce":"c88b7e625d7b6ea3e834865f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"5fb8786e59b995db6f3b845ab7bf299318a771d04e811c7d776b317caa4cbbd708f59cc6e1884aaee2e0c3a28c","nonce":"c88b7e625d7b6ea3e834865c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"11af2230c516ed88aa344681ff9b985e74ce7c1790b9ee2b54788cc58cc04e2b9e3c03dceb7729e2cd891aed06","nonce":"c88b7e625d7b6ea3e834865d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"181a640680f004ccdd94d9289f414a3880a8dd117811f432d6b0fa85af91caaec4dd089915071b23dbf66ef4ac","nonce":"c88b7e625d7b6ea3e834865a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"94ca5480bba2192b962e17bd54649bc5fa8855017c3f90efcc9f8c20ab4f5c8b21e24d36a01979844be0dccec3","nonce":"c88b7e625d7b6ea3e834865b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"87ba39a8d94c173f79fad9be6be3ef90058e63d9c1cf9242a5d2bb7e7d4a235e5704e321e8af9a147ca32f3cf9","nonce":"c88b7e625d7b6ea3e8348658","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"0cdc623a9aedf6a53cb35f3d8ab710a0fd5d39899fe2ae1805d3bf92359898a29ae34a5096602dd0f0526fd2c3","nonce":"c88b7e625d7b6ea3e8348659","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"1ff904c05aba42ed20d273075cb997cc1923ee13680c7462a92f2d58ddb4dad735452a99855f414624a919886a","nonce":"c88b7e625d7b6ea3e8348656","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"46fd2d67a0d280ed947646e715c2bc8d49ca177a4b19354d366ae3cea518c5403b0979b02cbff9112520109889","nonce":"c88b7e625d7b6ea3e8348657","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"8df72d45018cad038a8d8266efef804b0275f688aad205e74535ff772c29a2aa52847cf76cb7c403e9a0e93c45","nonce":"c88b7e625d7b6ea3e8348654","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"b637f5abf3315b00df4f220e194890a93b0e8c7028d28184cfd77df8bf7d60550056ecbeacab1ba62ce4219bac","nonce":"c88b7e625d7b6ea3e8348655","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"3f74e854d7510d63f06b73bed040e1dccf3dc51ddf1d32bd188a9486113ed2265366dd0eefb07c5644b2e297cb","nonce":"c88b7e625d7b6ea3e8348652","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"3ed5fda562034521b5526aa6d19b53facac5f63afc1ab92c6383c13aa23b5c8acd323ae744fde3d067257816c2","nonce":"c88b7e625d7b6ea3e8348653","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"860565b4d692dc46a60cecea8f7e8b79bfc8b623b6a96fa287a5e02fcf1fb147f229eb61f4840e6af87b3d4b9a","nonce":"c88b7e625d7b6ea3e8348650","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"927e72c3896c74f6850b10d2e3ba0a5fdf90f1ec581ae5722d1d794555b1568ba6c0e6bb87feffa40d08b3db07","nonce":"c88b7e625d7b6ea3e8348651","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"2ec86b46a7cbdfd6c6f0dffd7ceb68ed077859c7991c05f35e63460a3263086f5f8b209411b39276f3f356b3b9","nonce":"c88b7e625d7b6ea3e834862e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"62a28b2caef389eec1cc7800ecb77c3726a4cd9af7c9c6f74d009772673f41022d5ddad7423ca93bfbe0321f33","nonce":"c88b7e625d7b6ea3e834862f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"13c7decc6e81327f41677c013afa4b2ff1b5db74a5e901a20c4c58c38c29243f716ba457c626a79ac90de0e159","nonce":"c88b7e625d7b6ea3e834862c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"38baa65f27128382427f1289a2c02a1b9a896d158fa7cd91dc873fb2ba84ef157d1b0710ed3a98aad699b3ad02","nonce":"c88b7e625d7b6ea3e834862d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"82ffe21d05e6d366503f633815ac5a53d360f2c35c1b39a3bb781b7b1d6f86ae5a6ff33975aae15e772156a0d7","nonce":"c88b7e625d7b6ea3e834862a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"adf329ed667b48a5640a5ac75535781181b340ac0d81f02ffaa432cfcf8943693432365c12f86afcb5d797bdc9","nonce":"c88b7e625d7b6ea3e834862b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"fbe6e3a2eed5d073b6361b2657e06123ad26eea50fb56b00d57daf7c8ef5f791d44778bfcbf7e020e0e74b8ad1","nonce":"c88b7e625d7b6ea3e8348628","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"8aac38c3a819450582833f1ab50c780a08ddf61cbf47e0a5ecb6d4b05cf596ff8a2ec2c8923b10450a225dacf8","nonce":"c88b7e625d7b6ea3e8348629","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"40dd1f7ac753a5daae2556a3a222a2b90a13a4eb9e4e96c1f48565e1f1fc3cbdb50fd22969bea4fdca15c275ab","nonce":"c88b7e625d7b6ea3e8348626","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"a30fc1c379af99fd3671e2cde7dd1ce886e95cef08ba47b6db6ade6236aae3b9900fb83e588b7cb5fa1a0ec1c6","nonce":"c88b7e625d7b6ea3e8348627","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"f53f699044334a7a19369aeda92018dcd5d6608f0687a6eb5cb0225997026dbb79413f917370b054c70460d973","nonce":"c88b7e625d7b6ea3e8348624","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"139378fe78210b327686f2ebfe0c3eae3ddd958a6351598ea36017f9185e12c99c7f3316eb97238405103d2e1f","nonce":"c88b7e625d7b6ea3e8348625","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"af5fbbae66c8de4fb9758f1ae989cd10b0f6237b3af9e5708ecde2778d17ebcc908481ebcf491441daafc51ea3","nonce":"c88b7e625d7b6ea3e8348622","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"a59bb49b25f5c4cecf91aec173aac11f7772503c2503e78f242df913a5ab1a826fe3643f87fae4a2862d83ed91","nonce":"c88b7e625d7b6ea3e8348623","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"99cbc057fc3933980cff6ab480d172c0485ddeefc5c1b358fd909f9ecbf4a53a99ffcc949e08c99dee2266cb62","nonce":"c88b7e625d7b6ea3e8348620","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"444f52de1ae0baf3b9401d1e1cf71d59b15dde175427a9ad0ef9b04470e8a19e2efb736546edd2787d3b6ebc4b","nonce":"c88b7e625d7b6ea3e8348621","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"a42fd697f6677e979db2b295ac03d6dce6dee45560a4d955c249ee5e6b8e074379eb856ffd5d96f64003899871","nonce":"c88b7e625d7b6ea3e834863e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"ba2e2e9de7d68b9fe0d2e8fd5d7b29f611bf580b20cf8a753d024315b6972bd016244a748a1f563f61df69caad","nonce":"c88b7e625d7b6ea3e834863f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"93942b132757893a2b2cd2025cd0d03e8a9aacebdb6fa9ca6906c07160bd3a2e0b3d14a55e71e6a0f0ecc7a80f","nonce":"c88b7e625d7b6ea3e834863c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"d25fb8e388eb1c4a232471f068507ebb6901e9f5d87e3b255c04d6c44213eec634740541492bbae1cc76af9ca6","nonce":"c88b7e625d7b6ea3e834863d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"9b94d1511e7cbe157956a5163ff837203a4433c1071fecd1c50b979103531952fd274a428d0c5b3510e45951fa","nonce":"c88b7e625d7b6ea3e834863a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"d5d2e0775870b9b3aeda1cc798c88791570351b9b2c49845ee308940e26976b54b5e938a18b241c92ddd3091d2","nonce":"c88b7e625d7b6ea3e834863b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"1c15281242085a36324db8c170ebf384e69dbed3f4b108627992096710af9b5f8ac6a60f42a8829bfb080709c7","nonce":"c88b7e625d7b6ea3e8348638","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"857e50ca71e73f0801d91d4ae3cc94335b3ed51fcc3728143ddc2ff8c9ebd6160ccc4d9ad7383fddcf0f37160b","nonce":"c88b7e625d7b6ea3e8348639","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"bfd9d11145e05af549baf8bedb6e114f428d7870e460b51e080ccc0144df5ae10513b6b4e817282b5322bf3c97","nonce":"c88b7e625d7b6ea3e8348636","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"2bcc9d9c60156308f906ecaa806a92e72cfec72c2b38cc2aba509d7736ca06cfd8abe9c857b045181fa4dea8d2","nonce":"c88b7e625d7b6ea3e8348637","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"ef6ae3688cc7ea0ceadd3ccb1a7b48c878459f9ac11d7786850bc388f3c4a656a85251eb5cb5a6454996988332","nonce":"c88b7e625d7b6ea3e8348634","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"b0419e5b95eed6f3dd13756eae584f59fa072f1305e775fd146e7ef10eebfd1a2c631d04332ec3313c6d5844fc","nonce":"c88b7e625d7b6ea3e8348635","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"76e8b088212bc26b57b84aa94da309a37587d79722bbbe2d82965887195820160963eccdf08b682ccb0d077e2e","nonce":"c88b7e625d7b6ea3e8348632","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"176fa6f627792c827f2e3047d81019c502554219203fdc4d57ac3d4f38d28c982178b7152779d52b55f30e9c21","nonce":"c88b7e625d7b6ea3e8348633","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"e056f66421b49abdf6a4f118862ab0ef585fd3418a79793059ec2ac665996c3fceeabe7369787132711794920a","nonce":"c88b7e625d7b6ea3e8348630","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"9e58b2cf36f83fd0af8376a438f690b420f97d523e684db360d9a6497eb9071d34ecc17846227cb9349018d4d7","nonce":"c88b7e625d7b6ea3e8348631","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"3dc6d46e0405c41bf1278cfcf080e6fcc8ad8f3205628ae97e5333e0d09fa176e6efa5bb7b178ef58e6161d414","nonce":"c88b7e625d7b6ea3e834860e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"5ebcac30ab76e159150b344f267cfb8e0288ebac54529400e9e540ea3137d6075332c83a0e50dbd3676a9e6a5f","nonce":"c88b7e625d7b6ea3e834860f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"cd77525e1f12d6f566cd466e852fe44f71da38ab808ee74506da0c1ea5a4ee7a20396d478657896a9d3a91c4f0","nonce":"c88b7e625d7b6ea3e834860c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"fb2ba3c83172071d249323cbc097fca3ea2db9404995cb3df825aa6a057500f35cef24098525b27e4089bfbef5","nonce":"c88b7e625d7b6ea3e834860d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"512e93b4c3a9f2f0d47b6109a6ce921ce789cb09548d9daa276d6940628a928c81b4ed7ff462b00c55c533daab","nonce":"c88b7e625d7b6ea3e834860a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"fd89378ab016401448d9396c15c2a8b8b8e3abdd77a2f8160cde16d8da8d0197e00dc1e687599b342cb73ba6de","nonce":"c88b7e625d7b6ea3e834860b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"35f514a701e726a5adc1698ca655922c3ebac448a384e3803b58b3af0fd3318460c24b6e2ad914fc382087ee50","nonce":"c88b7e625d7b6ea3e8348608","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"e940f1c1278b96278ee5835cfeaac05490859386701a9a0b6156b9d6b169aafc686cc9fbb8f76eaf9474e9074d","nonce":"c88b7e625d7b6ea3e8348609","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"79b78f319c4a179be06941568f5bd764699d9c4fddc6898811efb598bc06b56b396770e531455a3df8e03f49b5","nonce":"c88b7e625d7b6ea3e8348606","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"b7faad46a487c32e6630baaa2de547b03837f16fa4519a2bbac10bbd16cd1d2f96f8597d32b9c823015c6ded8e","nonce":"c88b7e625d7b6ea3e8348607","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"8ae8e65d93b00d306953777fb5f2ea981402d47c65cb609cf0b9449432c994c8480512c190522fa46dd309b2f9","nonce":"c88b7e625d7b6ea3e8348604","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"23c46c22bf12cf9ab363474d120ac0c614248998e36f98a40436ade348f2058a2c6b26f81b72a2890af63eff2e","nonce":"c88b7e625d7b6ea3e8348605","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"50a1732646247619ac4ea3408825c95b85917c5f12e7dfa1acbdcf7c07f059a0f3697086aec17120df72a173e3","nonce":"c88b7e625d7b6ea3e8348602","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"83f01de4e9ac4bf5d45062a640fee0bf5686fabb91d5cedbad9964e94bf89ce0fb2e8e91eb3094f76d9c412cb6","nonce":"c88b7e625d7b6ea3e8348603","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"93f98cefaffe3835d14beb5ce7c332c29bf9403cd4a2fc0ef6c6a505468fa862c843ca6b3d9d91765906a0f3d1","nonce":"c88b7e625d7b6ea3e8348600","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"2df54e9cd1e4d43a63c774d3a7936a3689a77ffda9777b2b248b3bfeadd058dd35f795c7432ab136c2df2577f9","nonce":"c88b7e625d7b6ea3e8348601","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"94d967c96e8a772a4ce2e622e8788fc72130207cab9ba7a8ad9198dc1a707255695d1e174320a0235e5345ed01","nonce":"c88b7e625d7b6ea3e834861e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"1115b53282a2824c6f70b1f6fb840e5f6c175acf8bae54a162c399a93227e11156065678875fa57c5b2193beaf","nonce":"c88b7e625d7b6ea3e834861f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"65dd41686858ffef139db72017555b1c17a9a4bf0229440f891715da85ddcc658e88920dbcbf0c1444fb181fde","nonce":"c88b7e625d7b6ea3e834861c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"eb53db3350b98d09bfe1ab9efda16445a09f58b69b2a58e7df0668120c38832b3705fc2920bbdd09ada71388c3","nonce":"c88b7e625d7b6ea3e834861d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"6c5ec5d66074fb16c399c17e4beaee9edf4fb89de49da1ae5388036fb14f40f12aa6e5fa2222d341fd6f94a581","nonce":"c88b7e625d7b6ea3e834861a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"ccaa54b38544c8f0b543c79fd49e084e229980ab119a31cd96133958fe320b9734394219fb6d62583a63a86dce","nonce":"c88b7e625d7b6ea3e834861b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"ee3ddf02b200efbdf3c06d5a163a81fe22406564355ffcad69567630762b972c32d90ed390496294b731c5a8a1","nonce":"c88b7e625d7b6ea3e8348618","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"8bf6791f989d424396bb19a1db6f45aff49b2b145649a8a52c18b85d0817a9b1d132e37b991072e605f287ec47","nonce":"c88b7e625d7b6ea3e8348619","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"dcd128d10c35663179f84683b8b6e32308166c4f202a8c16f45bced454463c89cc640b9e26cd7cdeb0c144bff9","nonce":"c88b7e625d7b6ea3e8348616","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"252ec7c3709e21ea078295498f34bcb8e26de2501bc3f1343803508fc90aa399b78726eb9b3de11f69c97a194b","nonce":"c88b7e625d7b6ea3e8348617","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"d5aa05b379eddb37db5a9aabdcae954e53c7f227859fb97f017cf746f8ef9dbcad72085161b0e219a787fc0905","nonce":"c88b7e625d7b6ea3e8348614","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"3e61e9774b34e89529527d11e3627421d15880d6fc29eb2bf208f03c7b95c234e883e5997f2a7688e4dae3a047","nonce":"c88b7e625d7b6ea3e8348615","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"ae7cb78b94bf6bdd3116ec5ec7c41d687ff5d3101b53fdacd0bd2be8d4173d027a9e196a8aa51fadadae28c03b","nonce":"c88b7e625d7b6ea3e8348612","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"a891b62b35187c168f4ddf4e360dd3801387fbf1878160df17d14c79666eef2bdbfeb2fc945dea9dbf3a20cd38","nonce":"c88b7e625d7b6ea3e8348613","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"e50bc42fed2dd377e94267f1396aea976f8e94b80c18a15d6d0bf966b32d48d94f894298a8ea47bc25f508892e","nonce":"c88b7e625d7b6ea3e8348610","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"117ef98a1d079215b4625ecd823cdd4a34c7c56cbf3c490f2d658e0faeeb0f9b9cfbde71fe1dd7d54aed8cae72","nonce":"c88b7e625d7b6ea3e8348611","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"8c8e664cdc4d85b80b2fd086e80b527dd3b22cf41a5729b0bfca3c19c038e1ac4177a05447ceb7241c408a4dc3","nonce":"c88b7e625d7b6ea3e83486ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"6984a63aa8c65f7ea10abca2534b5c544ed0758bcfb77a5291f9ba97c1690fcde88dae05edc05a788566c5cede","nonce":"c88b7e625d7b6ea3e83486ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"f219384ca363f1aab65225c62b187fd33ddafd04a617275418abc807b4cafb90911a983d68eab3effc3db51a54","nonce":"c88b7e625d7b6ea3e83486ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"94f979cfeb522cec625453d39b0ea3752ff561e5bf8204a73accbfd7495b462e73ad2a60dcf6ac966d8b94bdeb","nonce":"c88b7e625d7b6ea3e83486ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"667860d5e9eaac8289cec9012842659574fe709d71a0323c8ec6c2d6765044880f8e711912dd38b15ced6d32fc","nonce":"c88b7e625d7b6ea3e83486ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"c5175c73982e0b067a4af2769db31fcba6f39b742e28e35df15ae5f3be35b2bdb2f3aa05621667600c8e0620c1","nonce":"c88b7e625d7b6ea3e83486eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"85787e5bdc520559562176e27da9e1e18b0656f6204ae2e9e42347ea014835fc956d994a5386f36eb5d6a20b97","nonce":"c88b7e625d7b6ea3e83486e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"cd403bd419e3bba583c3fadc303da74b6ec5f9d6fc388beda1faed6adb23364284713f6a249bd68daff673709f","nonce":"c88b7e625d7b6ea3e83486e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"fb52e8b27d8f55857e587d513e72bc08b87d3224810f8c589be20b0cb259a62ba12c47665cfc53d7e9db58e4dc","nonce":"c88b7e625d7b6ea3e83486e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"ed1b2ab0472c4bb8acf807977c7e94f2c81127064424249047e086fae04ea5f6f93da2a1a120a62a2e52f7c628","nonce":"c88b7e625d7b6ea3e83486e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"8603b5d8929184ea6aac591308df04e557501fef1f3b4891831007d1a186f9be6c59f1e60f3757b7a01bdb212b","nonce":"c88b7e625d7b6ea3e83486e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"aa91dc194da9b5a67ab03c76814c73efdd22e4a30119f3e7d15f115e996ee24b5f5d1726ff8fbee0b844bff77a","nonce":"c88b7e625d7b6ea3e83486e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"ff5101833419d60f3832998ee98ae67dd64132d01eccd907116963ddfaa1c299bcb22dd288eca0ce6be26aa408","nonce":"c88b7e625d7b6ea3e83486e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"3eefe609a9b22d87f7e73d2e5a6000a32bd23e61c460512a571533069caee2f0dd4a3b8ec5096e856cd99d91c5","nonce":"c88b7e625d7b6ea3e83486e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"dbf2a9eddfe8a62af77c00a0c661ebd0946fdd7fb5b4e2f13900c2a4261d822a56f7fbbb2e227725f8552f1843","nonce":"c88b7e625d7b6ea3e83486e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"6468e68c390edd45ed2e8b069ed16853289ba4c4dd3d34e7c346a961a0e7ca31100b2f4afce8fe8dd910ac4ab0","nonce":"c88b7e625d7b6ea3e83486e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"045729a177ce825f2f19b965ce7b302ae3c2b3507bc6e95e9bc25f7d451e532330047c509b3d89cce71f93def9","nonce":"c88b7e625d7b6ea3e83486fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"7a883420d5dd8ff4bf4e8f624108da519d79280c8c91ad1b3f66c8d17e59d3beb08f14b967ff1fa2e3da5d63db","nonce":"c88b7e625d7b6ea3e83486ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"c31a6a61e32003bec587bc3dbeea6b549e711e7c6aad71dc2b798c3717165110b614d63144bdfff13504c1bc07","nonce":"c88b7e625d7b6ea3e83486fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"4e86f597bd41d074f03792e28f660f9cec6fad968623c6534cf619a4338be8a395fda1006a0367001ea7b3400b","nonce":"c88b7e625d7b6ea3e83486fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"e9ae24bd8f411a5b39ec8522bc073395e3793e929d0e90a0d88a25d6081df09aee6cfbdb21e92711929acbaae0","nonce":"c88b7e625d7b6ea3e83486fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"4eaec83650a09c0b1c35a3488906fdde40311fee34b17237002aeee1e15f11c01c0a44b79d465bf3fd33b2c6a0","nonce":"c88b7e625d7b6ea3e83486fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"5cd0bc282305594dedf74d20f4fad69f83ee18ca721a31ae31b776cce393c092ec840a6a6fef452cb3013df41b","nonce":"c88b7e625d7b6ea3e83486f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"73354c99f38804fbc4559dbe9ba8cd347a3a117993d93af5285f69fece7930186ca2268649053baf7c71877385","nonce":"c88b7e625d7b6ea3e83486f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"570d31fc58c1ae44a00494be5b28ad6582cacba07b9b974392a5b7cdd0b71e01cf155e061d2c6a0c5dbf64aa9d","nonce":"c88b7e625d7b6ea3e83486f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"8817888dce90bbd4c7256d05feb99529f20af545e8244a3157c134a6d1efdf9e5dc82ca416d8b3df2d793f9e35","nonce":"c88b7e625d7b6ea3e83486f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"bcaa7200c48cef643875d25539f00cb7a16bb19a9a494b315c999264a5e833a80f02b62538790bf947f4f3910b","nonce":"c88b7e625d7b6ea3e83486f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"31f240ac3eb58afb6ea25e97a610178bd537a3bfb37ab6f96c9642b66bc8bede35c69b6de36f1cc3316c21b2e8","nonce":"c88b7e625d7b6ea3e83486f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"5010f1a3f9168ee7a0895eefa85888f2898a3a1a599cbf5d24e9c6668b0ae761330fec79e599458811334ff7b8","nonce":"c88b7e625d7b6ea3e83486f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"1dfdd3cd9d1cc3e40d1df070b899d898f5c9883aa71203fcfa7b4ef611b6c879ee5a587bba216f4109be551fc3","nonce":"c88b7e625d7b6ea3e83486f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"8322b82eb6db2f630510bf7fce0d148f94109505eb7fec426eeeab6f38394ec1795d18cf158f55a9ed16a76403","nonce":"c88b7e625d7b6ea3e83486f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"e96579b6d6ef7c54286ce5e6dd42f83af63f2c995146951f989d12fa572b18d481d68143de4dbbf04b30d5e6f0","nonce":"c88b7e625d7b6ea3e83486f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"7ecb42c7d9685dd837cbce8c635a7ce8e88214487df080d0b0f7bd2b234d678516621f7723ff0c57ba74524957","nonce":"c88b7e625d7b6ea3e83486ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"a4d518d15328527a786c4682caad0e2146a67a74da7f2771437130989cfdca395c3cc52f2a478a5d08ca16ec12","nonce":"c88b7e625d7b6ea3e83486cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"4ebbb094033b57c0836ce41d3111192d41d833107687aa3ebcae5c6900fcb8c9e291de504f44355ce005dbff31","nonce":"c88b7e625d7b6ea3e83486cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"bf7c3595b19d4dd8db3f8d968a233a4b1283650201ac684743e8220ee403cac0006cfa3a83d1f55d1f74597120","nonce":"c88b7e625d7b6ea3e83486cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"1b8f922a6fe0b1099e07f6f37e0dc2a74f6b55fd14c21f1613cddb7f35d39d9456bc03b2803737ba73daf1f1e3","nonce":"c88b7e625d7b6ea3e83486ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"c89fce7812be0089f7b04c2160bf5354e4fb599c9a11df0a68dff2c0d51a4542c15fbfe6d451295281c8aab65a","nonce":"c88b7e625d7b6ea3e83486cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"2444c344cd6181161341b86e381e804dcd2cb0c85f6af7d7b1a88565e2fa8ba5cd0834f87204b8ac4fc414d0a4","nonce":"c88b7e625d7b6ea3e83486c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"f0568afca1f3ee9162934deab29e162542641921d6f3fed575d607215de244acbce52865ec36583e2e4d6c355e","nonce":"c88b7e625d7b6ea3e83486c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"341b3d63d14c5af7accecfc5d8bdf7c2373284ffe3bf1edf5f1aeb3967b3766ec29d1627c561ae49eef5af34a6","nonce":"c88b7e625d7b6ea3e83486c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"5898a9aa4ff370d01d8521961f1b0f1568717f5ded4ff9f7e08a6522c55e166a7667a272dfb6f798051bf87381","nonce":"c88b7e625d7b6ea3e83486c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"6d4f2dd58e368d1b643219cb8f888dc6bfb629ae9cb0c291d4912885ce8fef50a25ccd00d4155d31f39d907071","nonce":"c88b7e625d7b6ea3e83486c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"4e86b87e820567b972e1b85ca31bdf7f522f48be809e9c9452bd5cc01e0727a5cb722ff4dedae7f57140e7209b","nonce":"c88b7e625d7b6ea3e83486c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"f73e5f4d43f3ce9a35b57e01d3cdeed1f526cd3b9eabaa93235a793f98d981838b751a9980d3b883e768de8373","nonce":"c88b7e625d7b6ea3e83486c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"36dfec1acb67b07af4f05cff9806e1bf2510ad7583dbbf2086603953c40d1d00f07a4337ef36b2d5c0dba51eb9","nonce":"c88b7e625d7b6ea3e83486c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"484a73bd2904a3c8b5edadec1cae6fe15af218c62a8366eee1c71002cabe9fa32db7237f0ef7c23ce315e26d73","nonce":"c88b7e625d7b6ea3e83486c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"4539877b499ac75722060c08e795384417c338dc10ed1839e8a6f73339e1d397f58228d8b1a0dffbc2d6129679","nonce":"c88b7e625d7b6ea3e83486c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"7886393a2a0c24d45087c1a9634100a4b227f296dae4302793b4211add0031a27202005bb900fcf51c550b3428","nonce":"c88b7e625d7b6ea3e83486de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"d66ecfe6eb2740384e4dc67edae005c087b281cffb20f15a067566bdc8cedece8e0a80888014a0bd15b8b5526d","nonce":"c88b7e625d7b6ea3e83486df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"5bd8166923e4b18fa04130587f320ad6a10926d5d37b6572c69800a1977fe8156126cb0c1cb8d09ec09a57aea4","nonce":"c88b7e625d7b6ea3e83486dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"7d963d9c177219bb0952b48a4b8fbb651271401cb6ace4a3681694f51ceff67668706550ce7201491a70991c44","nonce":"c88b7e625d7b6ea3e83486dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"18749d1768cc9c7f9231db114721af63acd76cc2ee9ad7718ce00f56a8886757597be085b378b0551488249ee7","nonce":"c88b7e625d7b6ea3e83486da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"fb0bf14cafefe962ea0dfe06c36e37a59a12ff42db1fc3e13559ada62e40e1a66b599decc9d3c97a58cdc4f173","nonce":"c88b7e625d7b6ea3e83486db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"9c91172107820889d05a6ecba2aa94d70100f0c678db33c123c6fb5e2334efc383039dbcd09d54a1ce1377572d","nonce":"c88b7e625d7b6ea3e83486d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"6fbac816af859154abb52c07f37fc9c2d47a9544547d8b115fcba11a24103e3e5386747d77a08ab6b862e27e36","nonce":"c88b7e625d7b6ea3e83486d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"8b6f2f54e5bfe042dab2b04cd83d7ebaa4325e4d5a8c30349d3d39a4f3685ff2cec20252afc67b258f0590a8fc","nonce":"c88b7e625d7b6ea3e83486d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"d74a005843b7e385754794e7dea1096219947b2e46f86229fd053dbbed3de9477ef2d71b9ef98db4f5682ad137","nonce":"c88b7e625d7b6ea3e83486d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"b54d468c60e1a586d9f32e4099f148e0d1dc4946fbd58b16c17dc591aba36e8ff3c46449bb3407beb732679a6d","nonce":"c88b7e625d7b6ea3e83486d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"381ffa78d7e7e5764462c9eb9eae56702967a1fcf2bc0f3a32ee5a8775e50bc82efafcc1d45f9e513c631b0d44","nonce":"c88b7e625d7b6ea3e83486d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"ab1310d350d6d8bff6549ecfb710336d91a623123a7f32a82bc2a07511b5d31440971b7d9a18aba6304314777b","nonce":"c88b7e625d7b6ea3e83486d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"952b0a18392999ba739546978bb63e06e8d2ba48ee7d83bf2684b725fa40e798c3eaa8c1ca3ae2a5e68279d649","nonce":"c88b7e625d7b6ea3e83486d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"086d4f8056f894c3bf02f12f626119e5b4f0c3661fe0f0da72138ed8903ee81f8c3df332a990362298fc014393","nonce":"c88b7e625d7b6ea3e83486d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"79d2811d8aa17d365871c39555fc08d03b5635e93e3e754b3bcf70381f1cc5bde9b547734b8135155081d6e870","nonce":"c88b7e625d7b6ea3e83486d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"a13c8604811bcdd7ea9c6dd1c5a7c5328d52f5c0855bdc3692686d8fc58aae7d4e41094e8ef73572d107bfd94a","nonce":"c88b7e625d7b6ea3e83486ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"fb5b48dfaadceec995d2f9d4c6b7db1c1ba64f362fc58a86b498f9666254bf5338925143cc2a02f76e7ff33c9c","nonce":"c88b7e625d7b6ea3e83486af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"b3f9438054abed7ad31b47c833da967c394d7cf0e7957dc4c84e2918b207f13013548d448b93f5531dfec3cdf8","nonce":"c88b7e625d7b6ea3e83486ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"dc5b6e97fccfda1795d96ee64c8dce7b21b637c5f3dcbf8bd9f8f83f72057a29dfd764d53abd2f4d38fc4ac085","nonce":"c88b7e625d7b6ea3e83486ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"39404c88a6abb9c679c9c808d05f80e76a105347ab3f44cf83c41408b5ae68cddf491a42de12cb13db87ec2574","nonce":"c88b7e625d7b6ea3e83486aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"744a68c0a9435d98d9c9d4bddde6f89b8b26fda22d8f168be8d9667fde3514831d370e4826471c6c7627748af2","nonce":"c88b7e625d7b6ea3e83486ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"bbebf1e7063f0f13571d8ba6e0b575c354bb156d6fa70857fc4ec43ea2295e89661f598a3a0655e3273fe75f02","nonce":"c88b7e625d7b6ea3e83486a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"45aee32d606423c3d5298a94b7c7020dcf9f3650a6dd9a534b31f92795cbf6b2937a8c8ff911451715e5ea3aa7","nonce":"c88b7e625d7b6ea3e83486a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"e834f52607fd81c6c75f19dfbe32ca8b70f3055508e7f4fa2b1b59d5b4b4bd097c27e29784a6a88ee8e959a68c","nonce":"c88b7e625d7b6ea3e83486a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"f07c16faae9bceb548498b4e5f1aa0f91cf5c9aa416598d38f99f2f97c9cd59ebf21361b64330bcef12b39403c","nonce":"c88b7e625d7b6ea3e83486a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"b37d2f358872d4d63647ffbce53b7c8c331a63ab4e9ce3f36625b514c2053cc9229730cf8556d2bfa9ae9b5d07","nonce":"c88b7e625d7b6ea3e83486a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"08c4be3aaf60b00b6e031a327e293f634e5d9a7cb3a844b98c317235a5993475e7a155a1efc31884b7d6560505","nonce":"c88b7e625d7b6ea3e83486a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"00ccaa6b5a553d6ade86166b0b9532521c6a37d29fd35dd56fce63e3c26115198762560bb9c2ff4b6eb3e2e9ae","nonce":"c88b7e625d7b6ea3e83486a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"786dc62753ebf4170a2914ae0886f53df9fe30b9a1ce4a3dad38b493109fae726c8247c19a1a2c3bbfbffd84da","nonce":"c88b7e625d7b6ea3e83486a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"9801e45c33674d4781a4c9310999dbd04df3ea6f1f8e3d270f2fa4ebae368aec099def9cf8b5fe0d4e505adfb8","nonce":"c88b7e625d7b6ea3e83486a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"0c252815ab01a22e34da4f3aaee001b2136230def714710259ab2e7935c0b0242864598912a217b8fff0fe181f","nonce":"c88b7e625d7b6ea3e83486a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"f3cec1ca71a0c6371887a25aa001bec467165aaa68496274e4b67e9afdce5d9d6d653e05d9c3e91e7f93cf6361","nonce":"c88b7e625d7b6ea3e83486be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"98db22a856710897fbe7c389184c75c920462a8d98368048ae4227cfe85ae733810a6e6911127d144af249fb1e","nonce":"c88b7e625d7b6ea3e83486bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"242fe5391608945775b3ca3caca468098e09ea04e8dbc2a07b7722e43c5378e4112fb442cb2fc0a021808fa09d","nonce":"c88b7e625d7b6ea3e83486bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"f1b6f8c38cc1652d4c2d3e9c419ca8962dafe6caa74038e9c3907edd51366cfb43572680487d96a58e6fcaafaf","nonce":"c88b7e625d7b6ea3e83486bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"1fb81529f772d8e681e906d099315bb9bfd073893f6e7f9e9cf9587b7ab909542c7a23fecc68c2ec1b4cd9585a","nonce":"c88b7e625d7b6ea3e83486ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"bcc4c1ac3493e510f9b3bd8f5dbdd566a470b850a43e7b65378b8573b2a0b4528ff82b079e02d40d4849b7b90c","nonce":"c88b7e625d7b6ea3e83486bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"f4b6d61c37d62248d550d5e5f758dc0da82877c98fce144fb877c181089dce6324225d73c97a717374b2c30d1c","nonce":"c88b7e625d7b6ea3e83486b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"71a566b9d38d470c2a8ccdf81a9b366a5c1f8321b79d96bb2afc7a04d95b2f9b1d93cd289e554017f8e3a78213","nonce":"c88b7e625d7b6ea3e83486b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"72e894c40b3cf58bf5160450e174ec1d65809e2e472665c1d22e4f6074d05d0c7130b8f39bdfce936fc75206d5","nonce":"c88b7e625d7b6ea3e83486b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"cc3584addd0b46760391ba23a92258118258bb9298ae4a7459dc3d52b1c1af880db48ecd2a952059cfa8db46d9","nonce":"c88b7e625d7b6ea3e83486b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"914a2b4c93158938c88937876dab0e3a7e0d27180066aa13cea76f2b6d5ea3673ee3bb78496b2146c40460f8b9","nonce":"c88b7e625d7b6ea3e83486b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"d997ceb7499dbfc664914052b27a929a5bd68d51c0eb8bc38dd1e1c802a348089f3764d5faba5f7bb0cf028acf","nonce":"c88b7e625d7b6ea3e83486b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"39657e8d35698bc6947379036e34e8af413bae0beb19c13dd260c23000d8338c2e2d92ea5d656f762150ee8003","nonce":"c88b7e625d7b6ea3e83486b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"699bb697e4cb5f2739481951f86fb18cce37657a8bb4c32d3641128c34754e805e537f5381e8eab4b936914094","nonce":"c88b7e625d7b6ea3e83486b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"62a776593811877e83abf91540df32500d58c5776cbcf9340b2da95e9c80adc86e01a8edce8e68dda4fb68f44b","nonce":"c88b7e625d7b6ea3e83486b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"40867199699b2d19e52ac3bb2632315e034ff4b7ff6ae4fbbcb3778a7afe6fbc68574185d07342b82e8c305f36","nonce":"c88b7e625d7b6ea3e83486b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"5c84360bf62d8e787b41e8bd2260e47fd233c1528acf2f4787f7b24d0a6f45c47ff63746efb4787a09f2a76dde","nonce":"c88b7e625d7b6ea3e834868e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"2b0d9a9f3cd803440b5b3096fe5a5369e2862cff46ec86715e1db367332bde37337f1a57656eff1a15445c3f88","nonce":"c88b7e625d7b6ea3e834868f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"337b3e040d7e71b483f4c51f0b37b1df80235493d337d3e900d7dd3b1eaaafd9808d9e1990096ef187dc91b777","nonce":"c88b7e625d7b6ea3e834868c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"60866bfcca71871f71a1b953d96c9619e74a1d8e4cbdcd7584627a6c4332e4bb95429a34c4a8531fcac076ad32","nonce":"c88b7e625d7b6ea3e834868d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"0c0d2d343173faef87a633fc70e1bfa17c45f33ce84fe2e1c97b53fcfed47ee3d59bdcd3365c09d21031da293c","nonce":"c88b7e625d7b6ea3e834868a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"c2900c037b1ca1436f35d4e0931a8613a7f080a1c7c0b08c5d48b4033c0c1c6db8378d025fb47cc4e83beb199e","nonce":"c88b7e625d7b6ea3e834868b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"9b954a4e121ae8f09113b09ecd954efe9b43c91edd499df8a6a5f3a1b3bfa6a32d24055c6d773fc553e0723e90","nonce":"c88b7e625d7b6ea3e8348688","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"6da3cd96cfc45f12503f8244649eaf21f4cced050eab5288dfa906cb1fa5600bce53bd62d9c5d5d5d96edd7b68","nonce":"c88b7e625d7b6ea3e8348689","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"a50f9bc3a0b18d8757a1ddf56247f34569c13dd93bd48727246fc879a98e54e9a1cd4464ee69a68675f80c274e","nonce":"c88b7e625d7b6ea3e8348686","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"e6030c994dcca12de108df4acbf4ee0ece6c02a6663540a7a9da1d973fdf583facd488d80260dc8bf4accf41f7","nonce":"c88b7e625d7b6ea3e8348687","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"9d4c5ccc0b8f2bac82b6b2a90b248394af9a3bd3045c61f209c0d4d59723b1262d378cf12830222029de7c3fce","nonce":"c88b7e625d7b6ea3e8348684","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"1be621a77115284f6910b7c8b697e2aa132c07c7a3a04dfd19b5ba21ab7e956a08cb54f339b38a4deff8996193","nonce":"c88b7e625d7b6ea3e8348685","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"6ab566514030c2e7d2bd77bae22650dec606af3ee3dfa761cf6521efa19f255f23cb4f8a74c9be95d5d9819fc0","nonce":"c88b7e625d7b6ea3e8348682","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"249f3ad50a084ae877dd3a760c96ebfd098032c3335180401209a36565c38a20b3ad08446d648ffd12e62839f0","nonce":"c88b7e625d7b6ea3e8348683","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"c3ab0077641e9c583feb59b2d47def752dbc158a3bd08ad2aebe0e731b784fa9696ad94c1eff79bb8ae145c311","nonce":"c88b7e625d7b6ea3e8348680","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"5f5055b8bb7eaf6fde50ac5ce0751d4ce7b63acb6dd06e36cb90854053d5e9c167d0e1ba11fcd7af86b5ea44d1","nonce":"c88b7e625d7b6ea3e8348681","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"c3c09d967e9bb3ed47c632aff2411619919f3eb27c6de04e56a394b6f1fd4806fcc24abc942daf0aeba840ace4","nonce":"c88b7e625d7b6ea3e834869e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"cdff4911848cac092a853a0805172a5995cc4ff5968b64f1e31a8eb5b36e1c5fb396ccdb2fdfdf346f2d9d75b2","nonce":"c88b7e625d7b6ea3e834869f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"ce0a0a4bcbfc593a14dac8cc63f7fafe9b9af64b16e34e3222717761eaab7fd11f9895e4ef3f7b14c11699e61b","nonce":"c88b7e625d7b6ea3e834869c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"9230a4ae50c9513584ca39f0038675080bfa7b465283cd1d1984a165cbe48da5003e1bdae716c2c4583710e55b","nonce":"c88b7e625d7b6ea3e834869d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"c7cca8a423078fd958ce516c32ce86d881098827ff1e91c54a06ac7ca0f2e440ce9cd6fd2f7baad6a027e5aacc","nonce":"c88b7e625d7b6ea3e834869a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"01e37bd7536883a4309f241d7f664b72e9ee55d566d66bc64e608284109b8397cd9e433d22c30662402f321715","nonce":"c88b7e625d7b6ea3e834869b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"36e8b900830b9bfb90623fb0f3a8c1aaf6cd17bafde017b8f91602c65de35f7159a89d6d9747361a432f83bf28","nonce":"c88b7e625d7b6ea3e8348698","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"da3e1ea5a803efbbef6ab1d0f0e7900e3d9d97e0c2cbc5044d46f71a7948deee4f6bb2b032e165da2bd99b5dd3","nonce":"c88b7e625d7b6ea3e8348699","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"3a3a7d499172f325ef246c8c8933999328151ba1f6435d84ed7515d0f33b1297f110f07474f6bebd03065231ab","nonce":"c88b7e625d7b6ea3e8348696","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"21f690578f9dcd4baeaec4ad64a9588e22247b208d2d902b711e8e595cc8befd81cc177a9618f9a20b7517b89d","nonce":"c88b7e625d7b6ea3e8348697","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"a583e249dfb1d829647d2aa18717070f5adcfba885792909ca286a8459a0159dbe17b1df67eea60e88ba89223b","nonce":"c88b7e625d7b6ea3e8348694","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"ef0628d833b7b96ffc3ff414ea5f90a8b1da83705f19c8812af4cddb39a0ed0ca175d767267516b0eb590c4e86","nonce":"c88b7e625d7b6ea3e8348695","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"66690ab1855106f8c6b75716bd21d50e97d26468de6b84d817dcd382c78dd80b77eea2bc01c77bb8e65212fcfc","nonce":"c88b7e625d7b6ea3e8348692","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"efe348a20c112a4499784f63e0e1820e82365d5d94cf050553a2ac718da586720f0878ed6e24ee314bdff1df68","nonce":"c88b7e625d7b6ea3e8348693","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"042c96e72381e53668f88d648eefc78fb7e2a43d47a3c3dbde98cb9f1e330b8432950445f3643179fa5367065c","nonce":"c88b7e625d7b6ea3e8348690","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"faf3946ce1b358e5f93baaf80d4fcaef7efc9e9dc4d92d8a784af11ce4521ea15668356ded08d4f131add3ccf5","nonce":"c88b7e625d7b6ea3e8348691","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"3fb96669eeacf6248cc3e021cb16a4e8fac7ef809c2c252eb10e86156bb523d3cf9af043dcd4ef47a42b042646","nonce":"c88b7e625d7b6ea3e834876e","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"1b2b9ccc981f6a5bb6b7b102321c6ce7ad8953f4a52b2ef04c18531af4d48adc"},{"exporter_context":"00","L":32,"exported_value":"ab988e047ab4ed198a091be0d7d6edac1ad9e34e7b441a9c1c8a4f6d0b175407"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"14c1213dc56398617089c7369f6b7bcb42f319f38eb8d0645ce50bcb37e6b877"}]},{"mode":0,"kem_id":33,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"e4228208165477bd7e6fd51dbd5e1261234b4e5de5e83643b99bee8d4c6d76e0e702a14535b3f7748399d5e95e6abaedf88ab9ed08e627bd","ikmE":"28001d9a01eb2f2738a713d4785d139b8fc68a9393eb4e13fff9678c83fe26249748c692cd3f7664b930a40b37906131377f9481ba84a885","skRm":"b59d33ccc522678b38224e14f46197b9f3d54d23ee6f3d93b971d6901863038b6c2d0a1ae85cb0b0f57e6f738a571552a1d4d2a69321c4f4","skEm":"f283abf2888eda7b0db0f1bdbfc7f4fad526041bdc6cc8a3c3a6961c926bd2749e9b243c31a76f830f99aa2ac2a07a3391b7c94c18167838","pkRm":"66614788404568d059741319ed47991d42a545a56c2ffc51738460b4338342aa4ee6d48a4eaf6b4490f86185cd17f443925964f3dfbf03f5","pkEm":"0aea40233b445e66f997ce3efe0584e4609b9f4ea217074aed73fe4b36aecaaf55897530e55bea8cd18360ca4dbcac0966cb3deb8f5aad85","enc":"0aea40233b445e66f997ce3efe0584e4609b9f4ea217074aed73fe4b36aecaaf55897530e55bea8cd18360ca4dbcac0966cb3deb8f5aad85","shared_secret":"377c79f666ff19c3bdab01902bb4321d6ceee377fab181e7862a4f4b08bc0812b018e08cfcc94914b5c9b4139fc0b5d0078dc96f9c901634e4c45f1139ff92e1","key_schedule_context":"000fd8a8635a1129ed4cee7f5560a60bac8af321092b45499ffe0eda28218c8d1d910e2ee5eedbec01d33683d6f9f923d7ab0a69b4b8fd0d53307f806ed48cde59574a72814c5d8e45c985c4252e66abdfe846113c17cdd7485893b89e0d5cb23d409145ac095bcceb628874b68378897f77c36eaaf45dc932c30eb5841015517b","secret":"56c7370fe944c6352b8bf76be0057cd5c036e559e5cc5e761944b3b408319560f5772957b2c1e4b04dca56ab062f1a1ae819997b253ce82189d500d0dd82cf9f","key":"7acd507e78e52c19d8e0d77046e97fd9","base_nonce":"ef8694a7ae7a9c221d36432c","exporter_secret":"6b0b03ecd48acc6e7a9661b2397b8cc66fd5bdaedc584250bd094d39badf4a0599639742194d1678337338d6256bae82b529fdaff13ca81467552cae3b83c115","encryptions":[{"aad":"436f756e742d30","ct":"ede82da58afd1cd19165542875456530df4c92ede352d427bccabf08884a22b81e3da8e0055c637d549fb11f40","nonce":"ef8694a7ae7a9c221d36432c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"e70a0d29006e5e8a7009caa16a3499d2ac0f661f18e7f9cef3fe6813ae58304ab5df756cde658e184d41548382","nonce":"ef8694a7ae7a9c221d36432d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"1d60d16280e463f924f26b9a95703df45ca6909b1e6a5dee8c1afa323a56c7cffb41af9dd739a62c15249cb9a5","nonce":"ef8694a7ae7a9c221d36432e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"0044fe99a9650e415cbb87345d73625e12f1467d29a476377bef845d5bbd0b56b177f19cc9b740061fe9ec5614","nonce":"ef8694a7ae7a9c221d36432f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"23b0e4460d4ea1516b4203c1f73bc2f85fde68a06701ad1fed8890e9770333f96c2999778ed788f44b3bd1f0aa","nonce":"ef8694a7ae7a9c221d364328","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"1212b0980ff40e0f12a3a5700470d75289f1a16ff94a27a1c00c978294e862ac63756f4566c2bb8d83b7b96283","nonce":"ef8694a7ae7a9c221d364329","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"1e15f1a9a25609763e3c223bc721d47eb34de7d7de1e5efae573d8676af58e87a44b33f2ca651179e5b3bf12db","nonce":"ef8694a7ae7a9c221d36432a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"0948f3bc222bbcf08e2aec71a58400ed581ea8f9d02779f34e64136e75626be8b3efcdff3346f032cc58c00d90","nonce":"ef8694a7ae7a9c221d36432b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"1c98b0572b927f64fdabe0c77d92cd4f1654b4886302f043e5ed9b79917c1785264c4697553eb9d4add1a731d7","nonce":"ef8694a7ae7a9c221d364324","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"3990e99bb67843ac933d8e482541049b5ca71d20f06ea72d3001d727f49874d64c6ad05769268f7f66e86a22df","nonce":"ef8694a7ae7a9c221d364325","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"6cb06e8cdc82130a0c660eca8b65bb6774044c22a46afb24f4e135d1c50ee71e0b0fd7068a8973e1e31f39b659","nonce":"ef8694a7ae7a9c221d364326","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"0ea78067f853e0dbc6536d848b8ba0a0857efbe5db6312a1cb1d037b58e9b6b0f333415728bdc667c07daecc21","nonce":"ef8694a7ae7a9c221d364327","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"bf41ccf018beac30f88f7e5977bf408e0a40117bf5cda755b768cd50f315482a0c75c5dc103f3f155854abca8b","nonce":"ef8694a7ae7a9c221d364320","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"e7f36925f33b6256da097f1dcff872a716b78a681c092bbf4f688c5d3340b843a706f8d644eb1f264fff174b70","nonce":"ef8694a7ae7a9c221d364321","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"8b4f491beb660b862941f5e0baaa1cdaa75938bfc454f2a8e242092f7901c5ee8875fd8da85409bcaf756aaea1","nonce":"ef8694a7ae7a9c221d364322","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"9c62bd45c9a2299cbcf9313e591be53802b299046117d5817af728ce4516e9d828c50706646858148d9e1ceb7f","nonce":"ef8694a7ae7a9c221d364323","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"d0b480070e8e02f735922cdb72a6cbda4fc908688ce485b8e5641e7f4c475f3498c74f7e8633f7239518a3eb2d","nonce":"ef8694a7ae7a9c221d36433c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"8e712915176a13c23e362ac1757bc9ba5107248ff55b1172ffb33d8d2bc7353f73364d46f514018368a6f4883d","nonce":"ef8694a7ae7a9c221d36433d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"761698b962aa86d1a99ae07e2216d3bc2e721ee03dbed2dd1e765eb6ee4757d2deb18a9324fbe6980b04300866","nonce":"ef8694a7ae7a9c221d36433e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"7abdddf91734c4da8696db936e1a429884f81da923c31157af18870d32b1dc16b17381425fb27716ebce3d951a","nonce":"ef8694a7ae7a9c221d36433f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"0f9e4fbd2541844dfc57deb17dac9747f9fe8324aff45b60fc589e3fb672bbc79d5dbbad9fddb3e7bfeaa37751","nonce":"ef8694a7ae7a9c221d364338","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"5259a87f7116cf6bef464ca91bc5ffe2f57eb0431319482ad65a6dd31149b9c3573913a5a526057a7453763ea5","nonce":"ef8694a7ae7a9c221d364339","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"c4c25d1a94202a52977aea138e9edcc6cfbf97d6b38636ca47925576f5c4cc89fec561e526853eaf44fc15467d","nonce":"ef8694a7ae7a9c221d36433a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"35f03ccdac48c58412695884f53de47f59030436d3b67bca49cceb616dc5e6b5c7c76998287539e74b067c9703","nonce":"ef8694a7ae7a9c221d36433b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"eb1854d0b8d3e902169edceedd679afa1a591ab1f27e7f0d2328215a354b2fd3365b1ed8e9df48f5d3a8927334","nonce":"ef8694a7ae7a9c221d364334","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"aefa400827ce57ac1de89b2fe53f08a277f8f1d39cf5a977cfef422fcddefb9ed159cfe5521ff1c4152da50a9d","nonce":"ef8694a7ae7a9c221d364335","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"08425fdb26742a85de06dedba1aad2f1a1806758fcaf6a8082e2ddcd4e38bb5596396c3b98b9f01c435a431cff","nonce":"ef8694a7ae7a9c221d364336","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"fc84cf3f21ecfb13b5cb4572df0a4de0a32ed6e17c80629270253ecfd186e8872b5d2082f1ee17e06bddc09bfb","nonce":"ef8694a7ae7a9c221d364337","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"0fd63be61af1d5289bd91c09a601fd9ff2d7a429a55ba97aed64548338edb5c34bb5ba990189907f6d14b3c2f8","nonce":"ef8694a7ae7a9c221d364330","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"201b3a0a34352a2ae256f5993d0708c30e2192a7d2b9cfc381d7e2b67947660706b24577e52d93a954c45107c8","nonce":"ef8694a7ae7a9c221d364331","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"870d3ccfd8f7dcca4d9ecc96c1f7350556d059de75cbeed6a5c673e612d2b60f04f856aafa7a0f589229d05f76","nonce":"ef8694a7ae7a9c221d364332","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"a595a4b90764386eb1160f3356ad3c8633c954beafe127d640034ead1897737b55fde4e90b3f1384c74ff992d7","nonce":"ef8694a7ae7a9c221d364333","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"9a7247fbfaf69fef4cbf49cb22cd46813b62c87d288059e235ca51ef2b62a66519a3314573580a71410f2a05a7","nonce":"ef8694a7ae7a9c221d36430c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"a34a3ee3ade81d8514c20d14e30d872ff4c1e217a0c0f47674cf872e472f65d9ef3a585010cb81c66365605ec7","nonce":"ef8694a7ae7a9c221d36430d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"f731397bd7b664a101532d3e1154505e33dda77f545cb39e7b84af192e10f5166efc5a32d798835915e2ce9787","nonce":"ef8694a7ae7a9c221d36430e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"f0ddf3e37d64a3014c0808916a1b8d0a168b758df164e0f7f7f5bef7d03fcbdba0155eec01d89a1000f0c764a9","nonce":"ef8694a7ae7a9c221d36430f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"7c4191f2a1afcbdd7ab4562a96808db92ce55be31ca09493e8936503479c399e2a493935ea13690ffaf9317402","nonce":"ef8694a7ae7a9c221d364308","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"94b066e2bdcf6ac733d68fd6533160bcee9d95ff216cc06b401cc2b189c4cd4bac0ec696b957aa1be083360fc4","nonce":"ef8694a7ae7a9c221d364309","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"f458a8b4eb2d36aa2978653b36e4785f7dbf0a0f2fd99f76523b7bf4ac25d462ebd72e5e87756199320258a29a","nonce":"ef8694a7ae7a9c221d36430a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"7937f454d291fd3bcae846deaa3b180c5a3544ad55b1def7054ca1ab702a6a2d355905e905909add5a146179f7","nonce":"ef8694a7ae7a9c221d36430b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"6fb89891862c3dec0f38b72500730d5dfb1ca77af8cf0f9c021d5e22ab874b40b7e58bc4faba4f910ad306f7cb","nonce":"ef8694a7ae7a9c221d364304","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"9d0df6f5dc6eacf08256d2807eaae83de2b3254b0a589266c2c783c0ad4656cac541ca813ffe515d38bc9792b3","nonce":"ef8694a7ae7a9c221d364305","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"af2239f6ba7556eb4525eb30bedd06b24104587fa63226451528450727fe61fa68d3bd34414b023479b52e52fc","nonce":"ef8694a7ae7a9c221d364306","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"1ddf664ba5fa74423914e68e83cb45f59ef8858c877aada4b07bbc87ac505bf1f9f98814d6539cb44a49a8f2f5","nonce":"ef8694a7ae7a9c221d364307","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"d712dd56cafa8bf08ab061e562c59b1c9d7a012af8e3e0fc0b52b674c06b44989919586e5e92e6beee65518b23","nonce":"ef8694a7ae7a9c221d364300","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"df967d46bd0ba1a4173c38c084d18053fa54fdddfa47b4d48280f441338028668a7a30609113117516bf410fbc","nonce":"ef8694a7ae7a9c221d364301","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"6c71ca082e6113c357b99e4fad86463634287535f3a2108c0625776ebd94b306f2021989589a7a1b321a477b47","nonce":"ef8694a7ae7a9c221d364302","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"d4470f57716989fd4ae6c935e4f2bd2fa31d776afd4317e2a8db52189a4c6bc4ce339c577215f978095ba214be","nonce":"ef8694a7ae7a9c221d364303","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"bf17e2a5526f917472a8f5eb03ad88eabc6088b93da66056bdabb66bb0266e2bb2ffb64037d249afa31840dcbe","nonce":"ef8694a7ae7a9c221d36431c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"25d086c006deaac8996169c853d64b7449a7b8a10348f12a53124760d996530ea2751fe0aa39524705e5c0f366","nonce":"ef8694a7ae7a9c221d36431d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"153097ccf3ab62d7b11a8daaa41ed247ee99467e474d9e9c8198c7ba971898f3aa4aa85facc27b647b9a44d964","nonce":"ef8694a7ae7a9c221d36431e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"b08160aa30bf5e5de66cdea044bef6f5bafa20abfaf1a579f5480e14c3f68d896f7a5916f817e3ee2ab5721712","nonce":"ef8694a7ae7a9c221d36431f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"02e7354bd7f010d6c35058a06dff1792b95425baf74d953fbe2f98a3193dfc087adf41064ceeaf6659e5a0b7b3","nonce":"ef8694a7ae7a9c221d364318","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"2b71e7bfe94a99534e871574741537806eb651f55ac358ad1be4602ef03b940a1c37e77bfc4d1be639506ee704","nonce":"ef8694a7ae7a9c221d364319","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"483af8d2619e23ee0bab82cab093fc44386fbf1cd7f61714a9e634087e34dc14aef095e2ca755e449131052f1d","nonce":"ef8694a7ae7a9c221d36431a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"be44fd13e688534263df9d9a0bd07413bff36ba2ac9a54680830b7bbbc9287a35e40187540a56f033319a2e1e6","nonce":"ef8694a7ae7a9c221d36431b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"e285a4b37d0460a4e0f15ea8dc9a33bc84eb3eac8844c089161500bf817331149b78faaeabc791241500a34984","nonce":"ef8694a7ae7a9c221d364314","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"dbf0babaa8e4df3ca49570bcb06bdd1c139a26a131ab11e798890271bb035faea4abe75ddb85ec0520a7a1da2d","nonce":"ef8694a7ae7a9c221d364315","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"a7555e1407dface5e7740366341dc5c6ba7a57e2b3abe78536124c61bf941b3001b271c7ba426c1312b455c12d","nonce":"ef8694a7ae7a9c221d364316","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"06522984dc01d676e03a06aacd70ffd9e2bd2b9d444d6bbe0718550425be3321ece65be59587e4063e51bc2675","nonce":"ef8694a7ae7a9c221d364317","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"bcf77c6ed5170ff7af744af4b4d9ee6ed7ae126dd50cbb0c1516a7779c0388d2ad7a09ea290bbfb9dace2a61e8","nonce":"ef8694a7ae7a9c221d364310","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"536506873273d37958dbe10d764c4291845dba8f09d9106e26aebf5d1475ec1f137078cca138333e255682979c","nonce":"ef8694a7ae7a9c221d364311","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"90259ad5c6b1c6f2139adc8fe92756d08da3d0445453fa2a77e45b0a972766995da212de18005b5a06531487f2","nonce":"ef8694a7ae7a9c221d364312","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"b50d92a909ed806cdad28a6dee8defb6c92281e6dae18e5a9fe6f83edf4cd10d5962c8f1fb32f42c9b6b7deb7f","nonce":"ef8694a7ae7a9c221d364313","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"7a8ec97b80cf51307386390692e03a593a071126c12ac611dbdf7b6e3f51d0836e9a63a265fcba78732c21892f","nonce":"ef8694a7ae7a9c221d36436c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"ec26733e8da935e0f95423ee941458273256b51ae6657a33a16b0910be89c9d98450aa09efc2296ffd73422dfe","nonce":"ef8694a7ae7a9c221d36436d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"08d2641ef3b5171a0cc219858c8fd330124594e7b2705b033f02a4a1abe08e9aaa0edb9e9804df77f927fe9bd4","nonce":"ef8694a7ae7a9c221d36436e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"8d1ea9a6bfada748f2e693305727b4fcd37496c7ee8a878182ff8cc1e60348863a2cc5190e3c4be31f95cb4fb5","nonce":"ef8694a7ae7a9c221d36436f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"5bf1efa993ac095292dcede46817297e10a0868fdc2f7d3023540235ad9891bc832e91593dbed3c820126cc566","nonce":"ef8694a7ae7a9c221d364368","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"f6e16156d6295b14203056c6e3c4f184da9d4dd7b6455b09e1d92acf55c51c385cb02740ae9f9f3df4415d974a","nonce":"ef8694a7ae7a9c221d364369","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"b7388f163034c59aa43f43cb92971c8beecb31a384cc870e9b721488634f4759480a97fa03f54eaa166470ea74","nonce":"ef8694a7ae7a9c221d36436a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"3ae2627258013f73a3b603e0d7736443452a2d7867ea542dc96288467ead7038f4acc6eaedbdef4c1d3b0e9cf3","nonce":"ef8694a7ae7a9c221d36436b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"c47fd8c342677ede259ca7bdfc3beb5a80003094ec674ef9b42f5931fecad7d95413f3c041c77d22407ec8d665","nonce":"ef8694a7ae7a9c221d364364","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"cd039f537af4f8ef3b81c183c82f3bb9383b2c3cf61d06f23b5906b013c411f08240d908290a9679c32a531eee","nonce":"ef8694a7ae7a9c221d364365","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"cb9c62d1ebff5f7a9acde18a24f6ee9b832dc9e1dd6edf8c0dc4bc38ffc53db2447a86b3132040478b8af13f26","nonce":"ef8694a7ae7a9c221d364366","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"9a7094f247e79e24cbbba9f007a02ef07a8a29a5b959a159229d5046d02656dbeb1096734804539db0f7dedfeb","nonce":"ef8694a7ae7a9c221d364367","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"0c48c2aa6eddab378ab47a8a814cdc207cce647620868f767f42ffb760c0fa4a8bf26ab2a6ac35a0758ff40aa1","nonce":"ef8694a7ae7a9c221d364360","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"f3c976928bc834179d84a0beeb4c294f46f64a2cefed00c2944f992cfb7fcd4de524ba003833f48e889232db9d","nonce":"ef8694a7ae7a9c221d364361","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"7ed5329b821d661b875f78254ea1334e1062b4b84b235ef52172a0f7eb0b5cd9d8550a5e90d98fa58de21b9811","nonce":"ef8694a7ae7a9c221d364362","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"06a9f5401a3067268ef3d62e46e1e65dc621b8333568315c4c84778bee46fe839a3169968403b14a2d59a4c42f","nonce":"ef8694a7ae7a9c221d364363","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"cabed36c3a9db819a9fefbc3b515c44e4f6f096e458a0585ed8a1546f0a702059411acde76445732309d9805c2","nonce":"ef8694a7ae7a9c221d36437c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"565d915934b1ebed100df26c56f752ec005c8fc4be1d1cc5adacb7fac2f4adda7bef07362bcfa29ee9c4743a76","nonce":"ef8694a7ae7a9c221d36437d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"1bad4a1cf2e1a9850941b8e19896c2c47f8cea01679712842707bd385a0b791292a82a1c43580d0f99a28b41ed","nonce":"ef8694a7ae7a9c221d36437e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"8d959ec53806f344a94b0fa7698d24a7eb1d413e89fdf43978a25eee57c85e89480f698d3f5c94e452ad11373b","nonce":"ef8694a7ae7a9c221d36437f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"a95ba567c5d94960f7696d5cef495cecce28a20d6608d01db60fca21fd596609d5c840008510d2b096e405803d","nonce":"ef8694a7ae7a9c221d364378","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"df998031dff9135be668c2d726d9001bd449a600d45d2aaddada8512ecac761a673a32565d70039c3f03c5eef2","nonce":"ef8694a7ae7a9c221d364379","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"7d6b53540dcfb51e6a7b003b3f84301a897d2581cce92f6c2b8f08955e041675502759e689594fe9bf57d6141e","nonce":"ef8694a7ae7a9c221d36437a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"36ff12e1efc1935d222b44abc06279613e169111ab82076b29952636893f3e61a784d02a4f0a4f8799d74b177d","nonce":"ef8694a7ae7a9c221d36437b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"26cf3239134fcf8f2a19f849e88a5c0157fecafe7ebc033374836041570986f3265720e77b727c4e462f4f9c1e","nonce":"ef8694a7ae7a9c221d364374","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"3720ee4ee76189022f85fd84e11861769218a504428108f5c306d0988e254728dcc6613f2ca0a88f6c892764a7","nonce":"ef8694a7ae7a9c221d364375","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"db57b37bb41efb93abb2aeded68e3555ca3f12a9c5abe68601e7fbd5ce7b5cbbfcd000d04a594a917a27c21688","nonce":"ef8694a7ae7a9c221d364376","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"b478a0e668285ee4008fb1d35fef87c786d10e0b00787a94ebaf67649f57347cc5b3c097ca196a5c5aee67b83b","nonce":"ef8694a7ae7a9c221d364377","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"434d238dda49536e4b028f2b35e5fd8b95c679bd3fedf0917220a48f082e2f149caf6746a3e3a2311cbdb17682","nonce":"ef8694a7ae7a9c221d364370","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"3f911f448864a002c25387ec539e6e70ed9822977c40f6f1d1a2c6a8f588c46ce811206054ff1102d4cb895f5d","nonce":"ef8694a7ae7a9c221d364371","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"3c8113c55774a597e1ab9c9dbd60878fe268a1e6fa1141ecc97f66c0ad683cfac684bcd4e43ba64b68dac3499e","nonce":"ef8694a7ae7a9c221d364372","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"c574b29ae0f5a723c8b11146253f36d4b000508addc9252a73142f0d4f5764cf36c1a87409d4f2b1410186b69c","nonce":"ef8694a7ae7a9c221d364373","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"c37f7dde4b3013a939ab36f1e0ceb237d700e719983f152972418d33fecc3cd19423ecfb1d5e046c0962dca106","nonce":"ef8694a7ae7a9c221d36434c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"cafc9d31cb185ea72c868abe3fc9e731b56a5bd7c583af729b144bf4e18dacc05e2953a86e21912e151d017d4b","nonce":"ef8694a7ae7a9c221d36434d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"9c0a06963c5f66cefe0055d65b3a134250771519ceca2a842ce085f49b85d225f31e4cc931808ac7b8343bed59","nonce":"ef8694a7ae7a9c221d36434e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"78e01930fe200c6a994c4ba91b9d119599870475df7093a658651e1cddbe588688bc10d6a3573cfc91902792d1","nonce":"ef8694a7ae7a9c221d36434f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"70cf7c251738695d5b5d716ea17eff3b0a97b651b8eef6485ea6a5598c38f3d0b12acf62be9b2abfd4d57b67de","nonce":"ef8694a7ae7a9c221d364348","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"e492333f44244f82b770006d3723183578653fa1a0b122d187edfebdec4afcc3599d9f46747b425563f22ef003","nonce":"ef8694a7ae7a9c221d364349","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"6d0dd02de500e9e7e41611e11e7dbfc3c8456d2f9006b8cab3fd6a562e02b059cde8795849e326a6d4722cceb9","nonce":"ef8694a7ae7a9c221d36434a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"b135103111dbdf3a9a8e3cbc12c4facf9224ccf6a56d848f20531443ae147ad6fd27a51b0e029b3da143985448","nonce":"ef8694a7ae7a9c221d36434b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"8cc8f205e7cbcab0f10df8d4b28711c2a9c3392104c59840d85050f8433b3f3aade348569e9c99a08677a398c8","nonce":"ef8694a7ae7a9c221d364344","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"f450429d7a29f7a4239910532a2aeac2a30211e8af1061dc383081a83750a18586d5c7d1dadc9eba88fd3d4fc9","nonce":"ef8694a7ae7a9c221d364345","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"6282a7057fdfbc1b2bdb881a3e9f2333fa85e406ebad4c3c69242c1c3c51157c30d84730dd3a0fc34e19508575","nonce":"ef8694a7ae7a9c221d364346","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"bcee2e09ff172b9283fcf4aafc188dc9fb0640c491a6b6b0031682246596d85e4bb0dbf3cf47aea79bdbc9bcf3","nonce":"ef8694a7ae7a9c221d364347","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"a728ae196eed6877916b189af9beac0b47cb7803ae36a1ef27a1d1091af6abd7a9d5fd25ac1b7da6946e49fa10","nonce":"ef8694a7ae7a9c221d364340","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"6ecffaa86808ef603b220067f0728a1a9df36fb2f3dd69de89bc1f89da177e2c8517c968d204de386a0903c142","nonce":"ef8694a7ae7a9c221d364341","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"fd48fb82fa357e82e1a7bb091031753e733392a94ce91468d2544ffb1c2faa734bc081d84026b3a1b850a04b3a","nonce":"ef8694a7ae7a9c221d364342","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"a2e74a2dd3c6d67f1e81f8e03ba4a9d1848b8d9f5aa0d1bb8e22070032769fec1a14a4ed4138b188e686238874","nonce":"ef8694a7ae7a9c221d364343","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"7f8ccbaa327d04818690752acb16e593c15b7d9c7632703a6cf8c1c127541f0c6b99d3285f2d2a76e88a7e85e0","nonce":"ef8694a7ae7a9c221d36435c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"98c445194c9fbc0b9665ee851e10e5b106097da6d5e20dcc6c33478e6e556ff50b1343f07538bee6fc58d1c529","nonce":"ef8694a7ae7a9c221d36435d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"3840bdd7e0239010126624eeb59c2a6d40bdfa9702dddda0f3656fc0f17f5038e9fd847b7502a75a31a539ad7d","nonce":"ef8694a7ae7a9c221d36435e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"e3495e929116637d5bd7981ac1328da317ce0547ca25965c56179f9d149e397fcceec37683a3fe0b334095370e","nonce":"ef8694a7ae7a9c221d36435f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"e981210a58772e3f969aee25ca9cc147555bc8110c027ac5e4f9316f57fc86187b2fffe3c99812388721b3e689","nonce":"ef8694a7ae7a9c221d364358","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"3bbd699449518364947f7b8c9d8e97b90d4e7bb8104edc4a4e4822b9f77d752b08d0577cb0ae3efe6c89f73347","nonce":"ef8694a7ae7a9c221d364359","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"38ff812784d4d723f23f83d3f2af83448deeeaeaf6de6b066b5c209f935d89bfe1aa86ed594c8b4c3bc09913ae","nonce":"ef8694a7ae7a9c221d36435a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"bdc021f7ac53fc58607776cbbf573777a5fa21e22beed2d1568ad8cebdb46036274cc8d6e93170ff6c9775046a","nonce":"ef8694a7ae7a9c221d36435b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"302f4901c536b74e7689c0eeb4cf4035ba8dd28c440ad30c1461ce0890a6e3eb30a37cd2d27a08eb31d07a220f","nonce":"ef8694a7ae7a9c221d364354","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"d672760989da2bbfd2071d9b37e88b1a4f525c3682e3b40f23107ba431397dce0962ebe4705ae6bf6bc7bef1ed","nonce":"ef8694a7ae7a9c221d364355","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"eebe0b50b71f540c1c0c9ea796da7747586b5b6424d8ee4495d6ca935b47e83d193d90d47e6be65d86bef55897","nonce":"ef8694a7ae7a9c221d364356","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"43695fc0a81a174597a18334d54916c68100e6da43cf9599a6ea232e7d555180654bb926ea29a86ab168b934fd","nonce":"ef8694a7ae7a9c221d364357","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"2da90c6aa85d35cfe513834247fc61e25d97f135dddd0dd8efea9b4ab4213150cc863fa25ba2450ddd75a5c71d","nonce":"ef8694a7ae7a9c221d364350","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"23e8921eb4ac2e8c43e3f6b5bd18587ab652e20e2a4cdca062364555002600fc7e8268bb79bb890a641ee5d7ba","nonce":"ef8694a7ae7a9c221d364351","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"05d8e4e43d3c4fd16e08f0dcdfc7062288595abb16e3d42dcfcd52b9e22f134c04b1d85a76334484778509a787","nonce":"ef8694a7ae7a9c221d364352","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"3e618717f904fe63bc77a904bb612e13021156d58b6da0aabee508fb123c1b467cf0a07e19dbabd7947b84aa40","nonce":"ef8694a7ae7a9c221d364353","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"acdb9b89c15d15eed5983920d33c809937b792671f2f958ff2c87a5defdec76146939f4c245980eec8b64afc8d","nonce":"ef8694a7ae7a9c221d3643ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"7763363179bfe759767e3af87225791dc1865a10786ffb86bc01e294a3dce68408a972e9f8b62450a0119e7db4","nonce":"ef8694a7ae7a9c221d3643ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"119b4314d62d677d8c5ad5646854473770da99e39671bea7a2b4dd773499a012e2784d7a71e2fa6a549e815447","nonce":"ef8694a7ae7a9c221d3643ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"ae8d88dc297f925f9fccdd3a5cc8077fa438ba845cee888aa028070aa55853ebe7d0c395848642ff9a5c5e4b27","nonce":"ef8694a7ae7a9c221d3643af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"a5a84ca2581f32b016555b9b489d54cbcefc5803f5b59e9f693724d75a38fd44b2aa3f5f4b99522c3be27611fd","nonce":"ef8694a7ae7a9c221d3643a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"fc114c1cb745ab7addd9209b4f93fcc22a9a0b02893bf708ab335b488bb54c5661e9144043c9b7f585d6023f01","nonce":"ef8694a7ae7a9c221d3643a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"cabfba06997be317495777b5deca9beeb8d806c84b1349c8f6a755b86badaa81536ee0d2536eb500af88b695bd","nonce":"ef8694a7ae7a9c221d3643aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"db178864441190b3b225547d01737201fd9a80861a9e6d5cf21ebb9a069423524bd5cdf44b12ca51aa59d28f6a","nonce":"ef8694a7ae7a9c221d3643ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"74fc1f302519fccfa0450a6b493fcc8e14999845346edaae9f863b30b401370a46e6a1e345bb5c16a21b74b43f","nonce":"ef8694a7ae7a9c221d3643a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"bb04f9c18e0c9f1c200fe5fefebeaf7d65ce0f30f0dd7193a4a859bfcb7efe03c2d649ce3a90e3475122882f97","nonce":"ef8694a7ae7a9c221d3643a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"40eddb43b15ce4bb56a88c56122287cc7feac7aacab01b0fcd4ab787d18564c3023c7ea9b3a92d62e0a69bd168","nonce":"ef8694a7ae7a9c221d3643a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"138c93091f18c2724e2b8189ce596c393f9de9223d8a00390b16cc02581742a6e05e50625a3729bdf6600f15cf","nonce":"ef8694a7ae7a9c221d3643a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"6c3559a3fc192fd8805f30e245067d83a479c50cf993ca6cb824f44123201f5493cf4f88264676d753b887b44b","nonce":"ef8694a7ae7a9c221d3643a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"5f86cfa376a0c552b10cde428f1307203d79dc67b80225a4ff3137ed5a39e774c847a6e81a4ed87be131774b66","nonce":"ef8694a7ae7a9c221d3643a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"cc1f194be797c6965c701922ccfe6b405b90bf4b177f2a06df1e7b11d827a114753d9e769a6fd3caa1d7ff4f30","nonce":"ef8694a7ae7a9c221d3643a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"e21d2dc4bcbbfa025e0324253851ad23c8a8660c90e411c3a4b4ad3f1f4f597cf56cefdd357eac2a3bcb817cfd","nonce":"ef8694a7ae7a9c221d3643a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"cd7423269fcb6f011dd279390479013370a97e3f986386cf9597fadbc4ce128c33aa76d323223c2caae5cebfaa","nonce":"ef8694a7ae7a9c221d3643bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"71572b112fe7bba382178eff6d30fccfad4c08ff37bee2360cd59e96d4280391ca997f817acdad61de6f629523","nonce":"ef8694a7ae7a9c221d3643bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"61dabf2a1838d1d8210a260ed085fe1b408d793f6034e457b3602723af362b686e669fe14b5216c7358ffe3b56","nonce":"ef8694a7ae7a9c221d3643be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"3734d4d60736fe79bb38df8962e1f7b5c3e0716c47109d7733de13f743cb18150cbae95b6371e6ba11e7854715","nonce":"ef8694a7ae7a9c221d3643bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"e46d455a710e4c3b9f87a5ea0fca7dd77634810d65aeee9fa94fceaf86b4871e40132317cd9d9f8834c5c0fb7a","nonce":"ef8694a7ae7a9c221d3643b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"2d7779acebc4483df29863aceab03ca1346cb033ff4b553aa35507303a986eff0b2e37adfafce05a890fa53b3b","nonce":"ef8694a7ae7a9c221d3643b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"b37361f4b63ffc7d5d5ab884d667c1c98e69144739e289f662e6fbd3ad24cf6a9caf897878a36fbd53d0224f55","nonce":"ef8694a7ae7a9c221d3643ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"41eec41e40b2ed45e515d171200d86c669884caa6207de20aa7b314d9794466095da026b01c74a703711f7e121","nonce":"ef8694a7ae7a9c221d3643bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"6eba3745a6385391fc8c22399f13fc930629e0f02b3442dd677c906e822039a9dacb61e47164d21e775fb85ed1","nonce":"ef8694a7ae7a9c221d3643b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"1dd877eeaba051930ae0fb295a342308556e030e9375d270a875b830d965b6ef95a755fb5b3b96f1a62f57b5dd","nonce":"ef8694a7ae7a9c221d3643b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"53424f7d121b777a409bf646f1d4ad214f55d5b17d9f085b82c4862715a96b956f5a14a49fa143da9a2225ed64","nonce":"ef8694a7ae7a9c221d3643b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"8d5e7c93e5462ed77fc5dad0244b880114a059dfe4a59d35bacfe3d40d7c032555053f374ef9c1fa9407ac925e","nonce":"ef8694a7ae7a9c221d3643b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"01d6b320bd397ee674977066a6770560e8eb9060992d3e32c5265bbfa64b597353d916277ccbacb281b54a2720","nonce":"ef8694a7ae7a9c221d3643b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"3d98bcda672c0af176009f78ebb55d5132ea92d60db9826c4c208b4bbd6e1063fc6f499148d260903f7c85f7e7","nonce":"ef8694a7ae7a9c221d3643b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"2b95e5fe61d56f5a8e84c8a1b5c26785a67bf9d074e57e0b8bd86aa74745ec59b4cf4a0ad5093cd32a99658740","nonce":"ef8694a7ae7a9c221d3643b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"2f7a8bf971d77a29f96382da47d931505955fb1bbefb07541287779e37addb44b6213175768f6f64ca2e1a8f0b","nonce":"ef8694a7ae7a9c221d3643b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"d79e8fefdf77312775c4dfcb37c78249ddd2c205416eeff3e6084f5b4ef4db50daa343f38667c26d6ad45a8c14","nonce":"ef8694a7ae7a9c221d36438c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"ef9caef5d848bb631f3ac4a44f2ac719e5b82b95ef5a62dec64393ee1fbeae470e7ad88afd8610bb4d0d76dcd2","nonce":"ef8694a7ae7a9c221d36438d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"1eb656babbd4385fea419a910a5dcc14afad97f0a5a9afb2bb0cacf849fc5af919c6df9ba5275faaa69b8a6e3e","nonce":"ef8694a7ae7a9c221d36438e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"24c24b4e3fc5b96e5825bc3f8bb8097250b4f4bc35cb6af67444713bc50769adddfe673b55c98a220d8d50edef","nonce":"ef8694a7ae7a9c221d36438f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"86f3b35ad5d66cf2349c8f3f9e6b137379cb366ea6895055a6099dd1688401cb4b1add98615fdc58287b6dd25a","nonce":"ef8694a7ae7a9c221d364388","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"dc6fd1b05008f603fd8d340d50090fb8662042abc4d54603aa62265c9f635825bcfe2b57503fca67e525b19cd5","nonce":"ef8694a7ae7a9c221d364389","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"5eb3ce4a3d7cbdec0b67586841eabbe3f308a870aa1c6ef92ccfae7e0f1a98ef80b1f1de74203f812272b871b7","nonce":"ef8694a7ae7a9c221d36438a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"c189a7df7e13e80baeb51e1ced7805447868d8b1d5686c016c0160248b0cc00d8485c9049492eefd69d8deb13b","nonce":"ef8694a7ae7a9c221d36438b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"7d85464d849e7f36f1208a32335330bbfc93a7bc645caeda57916293ac60a2032cb4a828aafa79dcf588a74780","nonce":"ef8694a7ae7a9c221d364384","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"76c45d96b6a08fdd0584766d5e0c61d4ea4e9f8b6d59a2ec531169f993d155800257e8b0fced381b6a014a9167","nonce":"ef8694a7ae7a9c221d364385","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"09a7159b6c93165d018e042d6a6eb6b3bb6c12da3e01c0b96e3550482a6c6a405502f1d98348d3836d8e75a2ef","nonce":"ef8694a7ae7a9c221d364386","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"2c5de26e64461d99089db2aae9d3633057e4802f51d38a9277abbbae1dc0b1e60efe0038107a43372ced8877ec","nonce":"ef8694a7ae7a9c221d364387","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"eeafc56cf19367f4896b46b8e77f68e70461ba7b03664073a6913e49121997a5335f30b11f385eff077074812a","nonce":"ef8694a7ae7a9c221d364380","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"61ef40b80e8457ceaa0253e6a54ab1fb9d3a7ce000b58a773253df8710753d6bbd9280aa6ecd246de7a674d78b","nonce":"ef8694a7ae7a9c221d364381","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"ad7338cfde93d616f9ec127e96612c7cf03470aae9f0bb344189193f29294ecbb6817e518bbc70467bb939011f","nonce":"ef8694a7ae7a9c221d364382","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"429f6c0e75bf935a64acda6ca7e7ddabb4c51312906e29bd59ba9bf8dfc9e3591b0a71fbe59d8a5808e1529bf7","nonce":"ef8694a7ae7a9c221d364383","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"33bdf69f9af8da6889b7c1e7c2efd1cca8ad3090fefc118afcd4708f621228b7cf6ea321d62e6381a3ce326b7d","nonce":"ef8694a7ae7a9c221d36439c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"90d411203456a44cbbe8746041274389d3d0120aa5bf5a8d52e9edd9b031cee1e9285a109cd219885e9a493db2","nonce":"ef8694a7ae7a9c221d36439d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"8bfa259a432b1519081e3a4c60ee0a9ee23985c90dd2631a72563b540b96d561eff002244ec73cc6d0523036fe","nonce":"ef8694a7ae7a9c221d36439e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"22f64b7f19e0aa5e6f1c1ffe965493350c8342c985045e21f32fd42b057d8da947459f7548b99be3bdbb6d9fa3","nonce":"ef8694a7ae7a9c221d36439f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"bb40ab96d584b35f653a6bb41ecb160a9930f65567df8635e7595ced81b5b107e60a84e94375e5e7ad91d87ded","nonce":"ef8694a7ae7a9c221d364398","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"457b04ac6e07f3d7854e420913e75853fffb2a729dbe221e78868dbb86f177c00723aba39b32573d300696fe55","nonce":"ef8694a7ae7a9c221d364399","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"a7ff5cfcfc43d6aa8cde98b05567ba8826a17919c136f6279b145ae0e85f1e7adab3332c2499289e31974949ae","nonce":"ef8694a7ae7a9c221d36439a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"d87bbd9d39b82cb8d4376faff1f822be83e7250bbb87793da06da1a5a0ef2aa2fb89050e8fc851d65bf741c3eb","nonce":"ef8694a7ae7a9c221d36439b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"ec75c42e613edafabc4c8f6eb350c45d65447f1a319576395c2fcf775e33dfa880d215b0c75f7e656a4010ab5d","nonce":"ef8694a7ae7a9c221d364394","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"479275e080a79d0732c7c687e22bbbc3ad589280a960bdc16a3866e4f333a35902b28881300a398aed9e2c0ed5","nonce":"ef8694a7ae7a9c221d364395","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"1b629d11ad2619a7e281fe0d6e233bc5a07ac2e2934b1684897f456efd53eef4231c1d940efb6423ed3e6b2dd1","nonce":"ef8694a7ae7a9c221d364396","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"0b5fb9eea3d6fb82f6d7555f1890b5af9eb41d9027a3ebd8b9635446a4c08cf3819bfc339426fa9cd0a9f53bac","nonce":"ef8694a7ae7a9c221d364397","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"fa336126333a29eece800b6e8877487235734d58497191e94d2ab26e8272bb2239fa81d93aad953071c5588578","nonce":"ef8694a7ae7a9c221d364390","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"a9fc054743ff7c8acb50b35b77037fef074bf23708bb2b00680b139b17e3a6927fd90f43c363efe6646483c8df","nonce":"ef8694a7ae7a9c221d364391","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"0e3907703a22ca12da27d83ff5d05adcde2eb1034b12c2dca7c7371e6838ed831c77fb1df46a59c28c9032d120","nonce":"ef8694a7ae7a9c221d364392","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"1c72ed31e6f9b8d99bc716b18546f861bb563d4be6d5550e4de750dc72d5104de7a8feb73a65511197641621ac","nonce":"ef8694a7ae7a9c221d364393","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"380d0abb99d30d3098dc151f4877ae329826702217e88154f0d15b3b0f7f63660d596e7dc0ee4a756b0d987458","nonce":"ef8694a7ae7a9c221d3643ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"3f661305e15bbadfa6ec816549297fae1fc2eab147b01f8d431cdfa93dcd2b71609e19c0b9a6d1626f440baaf3","nonce":"ef8694a7ae7a9c221d3643ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"8b79512a2ee71efca3a8644a9b84c575d7aa933f1f9ca4f309f29b203aa41b3dc93c454c83cb5cef6f32ccd7fb","nonce":"ef8694a7ae7a9c221d3643ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"d5d9ed18383d6a225250f3a6e7f6190e5b19d71ebcb76f889d22c415f4481a0e61d2bbb1576187e79308214335","nonce":"ef8694a7ae7a9c221d3643ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"83b0765553b0daa1d85173ec7b92773bcfb818bb3582659fca6143e461d64b4c4c41b922d37a243799fe94da43","nonce":"ef8694a7ae7a9c221d3643e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"031c8f32c02e93a198e74db0b528b20d5132eb223cc0c4e09e591fd4d79dbe074ed13bd43614e049d7f5cbbdce","nonce":"ef8694a7ae7a9c221d3643e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"3ff972a1c359b32efb902225c63858d489c017a2b31a7f6bc3bec0fb13d5da7da2a621eb27e0447db0ce42eaef","nonce":"ef8694a7ae7a9c221d3643ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"bd2a708a6ada73d2b8c4bc0de817ebc0a874edc80ec0e0279b7450ea4cc2a84d245da848e6d766fd0da4b56e92","nonce":"ef8694a7ae7a9c221d3643eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"74edabc944d01ee0780a6fbfe516f64da431bf302844f4d5d21c896edc056f5a5077e11f83c8d6533c0d9984c7","nonce":"ef8694a7ae7a9c221d3643e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"ca9767dabeef87ffe17389943eb1b0bdfebbfc7c832fbb79380eb0089d82e26d3f1295e27c6408320d65d5b3f1","nonce":"ef8694a7ae7a9c221d3643e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"6aa20326bcbbbeb70bf98cf7c81bbca2b09636a28f2192dde0e75fc3ff64795c0d454f51eff8313a2501a07110","nonce":"ef8694a7ae7a9c221d3643e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"93c3f335c3a1f41fecfb542f0f7658abcd0f5dcf4b8dd75c16012a11b647ef684d59a90dfbd3ebebde89171adb","nonce":"ef8694a7ae7a9c221d3643e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"eefd20bb11d9cd724bfbeccdd40ab292d59e8b6e6ba9fe8029ee9e5e954d3c0af088c476446d88afadbbebcc99","nonce":"ef8694a7ae7a9c221d3643e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"02ac2c50057b08e5ed7ae681ca35250027b1293680e742866f87c2719281cedb6837b7f842d8f02eb0c0db5a1f","nonce":"ef8694a7ae7a9c221d3643e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"464e673d2783dcbca9f4d021df78f2386b26b642cf125aee6985da13e56ee28ac9526572c29afa8ea6c606cafe","nonce":"ef8694a7ae7a9c221d3643e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"ab43082f15898cc00ff9146c3c5f45c3ca6d95bd47ec38109a00126fda866dbafc9f29664bc10523b2a0027e2b","nonce":"ef8694a7ae7a9c221d3643e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"8bc643632db864d9f786317487b37977522e3d824a2c7c28f2176ef4988092b4a936df29ddf8c76b7965ea266b","nonce":"ef8694a7ae7a9c221d3643fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"9793bfa351d8a35a2ee5c788a2292148690ecc69c489a86af21775d3f619a734badf8b2234cd80dc73628acb9e","nonce":"ef8694a7ae7a9c221d3643fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"46559ff1bfe47237d40681da2e00c8726e3dfffcf5c9fbec8dcc00fcf5a0227260c614341f0d4c91bca8d98551","nonce":"ef8694a7ae7a9c221d3643fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"2ac33714f44fcc52948d0bff70b5682cd9b2f980947eacf36ce3fdf378970860e27f7ff9b6201b67203606da9d","nonce":"ef8694a7ae7a9c221d3643ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"163de1bb50cb5ded97748263e42048cf116ca7f7d326a316e42631f228672e684954cf2fbcf24a24cecb15d742","nonce":"ef8694a7ae7a9c221d3643f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"c9812d40d359eeb3354aa98fa7119603965b3244130a197625578c4026895500cabac54e4963d425ac8fcc581a","nonce":"ef8694a7ae7a9c221d3643f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"8d6e3a8b0ab14c1732897419dfbc7425ddb1fb0392d8c490a8dc17d5ee5854393043bdd5feffd3340f0cee38c8","nonce":"ef8694a7ae7a9c221d3643fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"a99d63376e528428703dcd0baf32d07e4e0dbd0eadad325645deedc9888c7d12b5b5277c8e919096d1d9cf0240","nonce":"ef8694a7ae7a9c221d3643fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"e7cd5dac7f7990ece8ded7e16421589fbfa749b1c4cfe60bd8cd4735837735734e3c55cd23d4ed32d306f53b0a","nonce":"ef8694a7ae7a9c221d3643f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"8f7706e3d4c5a37f991f05d236e80a760240128e2a45ecfcea4db5c516ca721663fa61fd48f248f49d21f241e1","nonce":"ef8694a7ae7a9c221d3643f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"6f31fbc65bc209b3b4c4f158c7a6496c7b1c2673676d13db83987eaccfb81dcccdb87d8aacdd54e9a6a028fc71","nonce":"ef8694a7ae7a9c221d3643f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"a6c13145cc2fa7fceec28cdb21de0588c2e8281690db4a3b2e862e3762c9bd570522111002f3cdddbc03c2f809","nonce":"ef8694a7ae7a9c221d3643f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"c4205321b52b75c8ce1923abed43106520f652525cbfa942a5170ca5e23c0c4942f9396736faffdacba3e1a0ac","nonce":"ef8694a7ae7a9c221d3643f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"9ea848806a162da2c6ca18b244bb445c01bb40a4c4ada512d659ed99d3693df28bed7397135a553c8ba2d30cd6","nonce":"ef8694a7ae7a9c221d3643f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"bc7a074d2b6edf452386ee5b2ef49b882d38ac1ec8d2de3ebb2658b3615001cc44f9c80d2403c0e3047ab547c2","nonce":"ef8694a7ae7a9c221d3643f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"49bf7bbc10f09b058db90b8e12010d34fedb713eac61a9f960b11834c069d038b161681ff3d97e41629e1b12d5","nonce":"ef8694a7ae7a9c221d3643f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"0f5d414c3b814b0ccc2325f095877f2c3b8c45fb863b48e9387e5f93e57329141d03ccc0a9db9917ed52c9fe1f","nonce":"ef8694a7ae7a9c221d3643cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"7b865dc96cbca6fd1263d2b4bc515155c6c3fc6ff6644cbcc4d9122989902c22ee459841c288ccf0c9a2b6dd7e","nonce":"ef8694a7ae7a9c221d3643cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"09bd6d0fdef53ea97788202f6cb20e412a88ee405629ce2dab18f1260c2808594e2e14217ceb75b140c71e9edc","nonce":"ef8694a7ae7a9c221d3643ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"cf8fe3e282e0ecf8ee11ae559a38b653b193c79d8c5069704d471619d4f46785c26968b622af83d4df9d9af0b5","nonce":"ef8694a7ae7a9c221d3643cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"2a2d9508a6b9b80266562aedad0f2c163cab5ee2734da99146e59449da0487b72ae6f1dcb9ab9414674500da28","nonce":"ef8694a7ae7a9c221d3643c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"07e1995807c19a913774d45a40f5356d45882153434c0327ae41b5c42e86cd983f1dcb148464ac08ac29a3a93e","nonce":"ef8694a7ae7a9c221d3643c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"f5e06abae53f4ffa9ab6633d4569a8950aee8e8ee98e90b3443f6926b823e2bfaaab9f84f54daf40be1df7ad8b","nonce":"ef8694a7ae7a9c221d3643ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"f5c74dd18ea22aad1caf669b2bef4f4b9b8fed8d7cf9d5745b7572139183f913c39035591a7e7373101996792f","nonce":"ef8694a7ae7a9c221d3643cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"2f28353d551d6508edd7daca9bf0a4c04daf96a9affac3dca3efef39808a18bfa9da7f3eeb11272b0e1cbb09a8","nonce":"ef8694a7ae7a9c221d3643c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"d68f97309f66b1d71a05a8de0ad19bb0f672d40d4ef34c8200d1dff625a8ac190b728166bc923e3e3257561c64","nonce":"ef8694a7ae7a9c221d3643c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"d1e87e8c74245b6079559ee74c8df98e438c8043df998c2ea2ff6faa54a8aba2eb678b531e50898bb91a79b518","nonce":"ef8694a7ae7a9c221d3643c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"b4fb62a6be185bcbd2d836cfcdb2a12938f22ac64e52220cef7dd208692f558180004d80dc52fc7e53f43f3753","nonce":"ef8694a7ae7a9c221d3643c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"fe0da551a2f364d09cf2fe2793f17637d3ee84ddd340b22b63442b0289199c8cd6d77a8f441514f8654a10143c","nonce":"ef8694a7ae7a9c221d3643c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"20728cbfbe792214aa2991f8981417b1ba9351d9ff2cec5cd8f57845b632b6463104e71bbee5adcc9d069a5e41","nonce":"ef8694a7ae7a9c221d3643c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"8212e4cebfedadb638e6c9744dea56c194f6a99871096c9a7c03969dfbf3d3d5f670f1e8033d8abc70063f7de4","nonce":"ef8694a7ae7a9c221d3643c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"336ccfee74ca7a6f69b209473861120f3048b68108404ab9abe4efb05b6f808c68733780ec31dd35b9f907b181","nonce":"ef8694a7ae7a9c221d3643c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"1dcd20041bae56302116c3f4b5e12dd48ca3e72af82b71d1bf45e4c7c58a956603b28776b80933278abdd4393a","nonce":"ef8694a7ae7a9c221d3643dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"bb6b66928179a0e5a7b6a99b2ab24d96126fea61dc4f8ddd268fa337d7bc3bee519a2eb216968cf5bba48da4bd","nonce":"ef8694a7ae7a9c221d3643dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"90da1d3ebe9cab7458725ab17252c4bdcad2f9220a8450c555296be3834f975491ff90f90e5e274e8ace2d4759","nonce":"ef8694a7ae7a9c221d3643de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"bddfc81f5ecbb9a24b4f7e28d14fc0778b0fe177a79c434c2d8990f58b20d1df5d132c4fe34012be51af75c385","nonce":"ef8694a7ae7a9c221d3643df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"70e8e3f70ff63dfc5f831e27849f5268ccf7342015f5796fd79466d17d033c9a09b2037e816d201e991f5a8004","nonce":"ef8694a7ae7a9c221d3643d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"9945964683a3d55ecf7a95fd12a92e98acaf0db23add7431da0ed81b1827dcf05e0294cd1796a1736a362a5034","nonce":"ef8694a7ae7a9c221d3643d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"9a2cd2bfdb1d2ac55ac28b5c1dd411b87f9282182319011836f6415e7c17d0b5b651b555d2cc16a9f27fa006ec","nonce":"ef8694a7ae7a9c221d3643da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"6e18c48d4ec1e571df8aae91f3c912d158c5c7440d54821103ed57d28974666ad944f0f16bc0060abc93829a43","nonce":"ef8694a7ae7a9c221d3643db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"fd5ad1af684b06a3232508baf160890824d07c2256cb7465db061655cd0903f3504ec402a4bf9a1ca501f7ea8d","nonce":"ef8694a7ae7a9c221d3643d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"fb46311810d8c05b35b99c1ec0ec87116d45aea97a6652ee688aa51fb2c3d3393ea4baaf97bcc5de1b22a86ed7","nonce":"ef8694a7ae7a9c221d3643d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"8213fe7e898588b0f31b29667346009522e13381a4008b710db32dbd576ccd8a87f802d573b4a1a17fb2f6cd5b","nonce":"ef8694a7ae7a9c221d3643d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"67862f164720a5b30d8093e68e3c59f4a0c19f3973665d39bf7e9cbc8d4c48b502f4b09d2ec16f971fc18f6b15","nonce":"ef8694a7ae7a9c221d3643d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"e84a926e86d6780d3c56e26785ac44e50e954e2cc2337a098a0736e981e49615ffde7cc9d8d1046809c1ff94cb","nonce":"ef8694a7ae7a9c221d3643d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"42c343e2c870523a8702d8d29f23f5df6ccdf18357ea8c9560ea995981551cb0c17678005d3b3518b75ac0df35","nonce":"ef8694a7ae7a9c221d3643d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"d67a25b378e0dbf183bf8b91ae7914daa8f0a8c8fc9a458061320f7870d4e0ddcd80ccc67ffd01cf2269b09784","nonce":"ef8694a7ae7a9c221d3643d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"9012f1d424c01db4f3f11ab88ef45e4e50eb0c50e28214467a715974f970bf2562d4537d3bee35b44c21dcf3d1","nonce":"ef8694a7ae7a9c221d3643d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"890896f035e4c2259df91c5741d68c61b119596634b7f17752764075b6895d36f98e73254376a9fb1b4fb04d1a","nonce":"ef8694a7ae7a9c221d36422c","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"ab89681d22a7940e702374bbdb782d5cc911feea6f1c27f8cfba15367282fca2"},{"exporter_context":"00","L":32,"exported_value":"6ed2455955d533ca777d60bb24755a1467a747fc3b37d9eebe154014321b8f7c"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"1293be0746dadac170a94e56971204b34b1eba8375f1e8acaf5775f171796723"}]},{"mode":1,"kem_id":33,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"659d357f67d539ea93e85be062b62fdd1c1d805b2e60dd3617eb86b8a3e135e5304fcb8b375df7b44fd60df053ca3c93f9ede651a8c5c7ea","ikmE":"8cdbdcdbdef748c6282896b51dff1c92e3d6151313f02725cfe4dc69da4ced34cb49748bc7fd987158352abe9f0638f79e6751fcf7202e3d","skRm":"ebb63c56b0e8248374a87b8cd4ae3fb3122651bbe89a7fe614972dc10a89a391e5d32429f1c9ba32a7b70f936ee5a285766e7480714fc923","skEm":"7b6862262ff4d85da11998e5d10b4eba6c2540a2c3bd9ddfb4700b251988d310b894922de1fcff8556329e0dad7a676e9e82f31ca82172b5","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"407a582531f4d45125732a39a315fb3ff1665e0375cd1b975364474ccf9fa83f7b8f9b4ab4ed154619bb4130f299789bab01473884595c57","pkEm":"4b0e5a62bedd3ee8ce257f048675980a2c9431bc4c2b3679887e3675148a690376c5f8ab73fb5db1d56251cdb22c2d7dfe3452a3c1f68886","enc":"4b0e5a62bedd3ee8ce257f048675980a2c9431bc4c2b3679887e3675148a690376c5f8ab73fb5db1d56251cdb22c2d7dfe3452a3c1f68886","shared_secret":"74e8c9b3684f742dccf142a8a65999f3ae7b8609bc6a2af66aca1fb928f537a6dabb19f8b49313bb1066f795e1719fcc1bdfd5e4e314305ed972122d720a8e66","key_schedule_context":"01b6f77772f75e969afc66fe6df70331fdabcbfa9c5fc9108db02ec7e8ae117f5b28f74e569a9bf3df79c9e5507a5441d7483b9da3d3394b3f168e40554f530893574a72814c5d8e45c985c4252e66abdfe846113c17cdd7485893b89e0d5cb23d409145ac095bcceb628874b68378897f77c36eaaf45dc932c30eb5841015517b","secret":"6a87ccf5c5bd0a5e539d2fdafe0776a1e17508dbd6ace70048bba972f09927c840f151c92c6689c731519d8c81ab1b4e5fb1553f4277a45ab3276a67d58f0430","key":"39f795e15e3b297f7cb9bfb533c14036","base_nonce":"ecb7926e7ac3de323dd0b6e4","exporter_secret":"49bbe2cbbdaed6e3c4ff5702a53a0c18c638052cba22a18d8854c5c3603a964bf0501ed548febd35da3d88fcfa3c77b8cb097258e80759441cc38ed6ba608408","encryptions":[{"aad":"436f756e742d30","ct":"cab1c86059737935d9288d666c9f97e56bc4d51417a7cf16683396f121d893806fda0c3c11f2095df8a9b87a54","nonce":"ecb7926e7ac3de323dd0b6e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"5bdb385e55730ba9b03bf6b6d91fb05f190d83d4dced275d69753964ce533bd1b17da8bd4f13b65d2fde7eeb2b","nonce":"ecb7926e7ac3de323dd0b6e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"36792be467def2eb633e8bb6def23aed08220612a532a096a4c7cd9916101dfebc501a944e18792e7969e6c532","nonce":"ecb7926e7ac3de323dd0b6e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"d84980d72a9406fa9f70cabff1dc2a56f47169a9e7fddeb61634c47dd4512abdb87aa8ca9764f41e6fb884fea1","nonce":"ecb7926e7ac3de323dd0b6e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"4bfe30ce61925228a9be25040e84aee116120b2bd180363915d7694bcbbde1feba2318072aaa73af5adbacccd2","nonce":"ecb7926e7ac3de323dd0b6e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"48a3a2d0014ff45a385b04a9a9a829b33a9a377874a1366a22e4a8956c326d98865b794e748f9f315c7c59cc50","nonce":"ecb7926e7ac3de323dd0b6e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"ddebcc4a2bfef72f8704bce9c2060f32114d862c6d752a7582da42d2ef5748898a5a609cea70b3f8edf2b6806a","nonce":"ecb7926e7ac3de323dd0b6e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"2cc270c5b4690e810ab26c5c45fee129cbf0780effdcb03a9228913503ef541ab8089120ae3d947667c3d2f276","nonce":"ecb7926e7ac3de323dd0b6e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"a20dbb922e6ae093ea63fbdaf5003fe15e2fa2bbd2ffb48fd2c42e4e74b0f16e4eea87d8abee5d954da2c4e379","nonce":"ecb7926e7ac3de323dd0b6ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"67f9f4222764d1a52f3d1576c5e2818dd996a7e16b2099b46e725b5685439b303e0b9856097b400e43e403c213","nonce":"ecb7926e7ac3de323dd0b6ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"c2d5aa99f8fd3d9eada34ae977f407f87ab5a00154ea4c3928c256e0fea0a85e770edb6e28b1c584bf2d8de01b","nonce":"ecb7926e7ac3de323dd0b6ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"7ad175de3faa80922e8f6c9a55b33c8c1d5819e03bf100083b0d7c0e79536dbf59e28de4820e7b449bcb6a3e16","nonce":"ecb7926e7ac3de323dd0b6ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"2a1cd941a62355c783cc9e1074c9f4ca3bf7817fbbd6cdc85ead24088651864dbeecc11688e8866c0a9d1ced22","nonce":"ecb7926e7ac3de323dd0b6e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"dcad7100421eeb48543b165ddd44279005982ba9cba430a9dc7d9d578b4edc22109c10f7db9dc1a6f2978644fb","nonce":"ecb7926e7ac3de323dd0b6e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"19f29cd3a6e2469295a897c7433a87ab8c168284121c90adec3ed78e2352ef893093ee0b5dee901376279cc2e0","nonce":"ecb7926e7ac3de323dd0b6ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"79f56a6637ddce0c0f1b2a557a418a42bbeb723bc481b3896497302f89e9bd0e4afe21a4c412387e5e59c67171","nonce":"ecb7926e7ac3de323dd0b6eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"382b9a5f2ae95251af40e8f524f64fc28f0aea495fbd05061041ce683fcd4ad4feb9a2b52fe42357694c66fe4c","nonce":"ecb7926e7ac3de323dd0b6f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"fd54d7a5de3bc93f28ef9e0f39170cdd821d501be479d52d204bdb165cabf870eafd4e3f3579721f9ad85578be","nonce":"ecb7926e7ac3de323dd0b6f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"528bb478ac18c5cf744b7d986beeaf61128c3e855c1db0c4fea4652d37719a429cf9c138be0954a7732210ea51","nonce":"ecb7926e7ac3de323dd0b6f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"b9e930a22a18ce2c47571169105ea83b97fc458e66f26ec155ab8ee5586c26981187e180063575350abe998280","nonce":"ecb7926e7ac3de323dd0b6f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"6c97da10ebc010505380a4f3e855278c317dcd8c53958487d0332ac549132d73ae2e6393a0f8b470432ab5bf0b","nonce":"ecb7926e7ac3de323dd0b6f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"329f858e001c9ee9f824db2cd905fc11d44d476c831f87d4fa1627e06aabc1ae3f5f28435583e300853ae636ea","nonce":"ecb7926e7ac3de323dd0b6f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"c1cf8ae00754e6c37456815736b01075f541ee5ce95dea9ace04344b6f24a25520f9a066e62bb3ba156310a0f1","nonce":"ecb7926e7ac3de323dd0b6f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"d09b9b72875413a548b10d5a9dbb93eb388a675c017524be79326583f668e03a6cb652068e2bbb7960f11584aa","nonce":"ecb7926e7ac3de323dd0b6f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"fa2792a795a8154babc929604e686c96312582522ae0d6a82d0e8d9759f8051181120b273446bea3d69d18d597","nonce":"ecb7926e7ac3de323dd0b6fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"219634172b04bff0cb6085f825ee57438615d55d4833b060e45106f6b2f4bc764d46b2fbb4fdedabbb71325266","nonce":"ecb7926e7ac3de323dd0b6fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"08a1f0496b2a0e2406b948ef925800820f549157a1e8e97a561239fc2c2ea79c5ac33ee4f64fbdf5de719286d0","nonce":"ecb7926e7ac3de323dd0b6fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"d2371cfd0872ea0b634c114a86fdf5aba102b79c8dcffd5cdd3ca730532c40d460ba1e6521c77a04e4dcdc9dfa","nonce":"ecb7926e7ac3de323dd0b6ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"b6675121d390f307e1a7298496adde298c63a6bc99aff0f5ddeb0c0052067adb094df5455a861eede566508644","nonce":"ecb7926e7ac3de323dd0b6f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"53e205d9fa1f9dfb4ca4f829ed4fe34b4caf7463dab471db199a0599eb6e8fa47a9784f25efef9c57de399c94c","nonce":"ecb7926e7ac3de323dd0b6f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"a24ae140150de791b5a6f79e3529303dd512fdd5579205017368876dfd23f9078dea5920a49a2dd1f9f86bfdf6","nonce":"ecb7926e7ac3de323dd0b6fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"656de77be21922f7c3d2355d20820f2b3d60a0b3a7bf3d68d6a2651843d53605a44a3d8cb7913c2c05972aeb87","nonce":"ecb7926e7ac3de323dd0b6fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"948fe0a9957f500a69959ce9a2072e4cfddde0ee673586f497a6bcaacae66101100d1e0943ebc0d8b7ba5edffb","nonce":"ecb7926e7ac3de323dd0b6c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"eefe6ef6490a56fe992700031193fce4378b732fb0dac42291cfcec9d777f7fb6938b4ff027dde5aa1cec76d01","nonce":"ecb7926e7ac3de323dd0b6c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"0f6bf264656db7441d0bf0c62e3603d5cee5fbfe87285b76a0a5bf285d8d5ec3711d86e5df10ec58128387a11d","nonce":"ecb7926e7ac3de323dd0b6c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"88608b5e6c0dffeef25e1347cb7808ce7d9ef49e5d03ebf51c22abe41d14605112dca1475d5e80fcef5b02016a","nonce":"ecb7926e7ac3de323dd0b6c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"b007c5332cf2f6746efc97b26d33cb675e1e95361f29ba9069231c08f5809c0eea797738fd249be5f93fcc85f1","nonce":"ecb7926e7ac3de323dd0b6c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"4fae76cc77b3d13a7c3ff2a35298e2688ae833aa4db2972867dd5ca6141e3313a1da556ed7e309310c2dc2988c","nonce":"ecb7926e7ac3de323dd0b6c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"1308d1adf871467eaeccf0a968833c076e80e8e5e191f5022fc48174fabe4c9e0e649448a1eadef35b88adc1b0","nonce":"ecb7926e7ac3de323dd0b6c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"e05f47f7aef17e573dac9b7ef160da2d9e6b25018af60abf05f18717dce5385cbffe06c0fdd8b10f645b23c8ce","nonce":"ecb7926e7ac3de323dd0b6c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"e294ad86e5d79d29cf5115fed4526adc9dec212ae0a6b2c4e94c3750b7edf324759461bb4d072af17f0c678142","nonce":"ecb7926e7ac3de323dd0b6cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"ad402f01ce2e095c6c87813514861e85e45ae6ed0a0a7fc8a7bf7501305fe77066c3338bca7cb349e134d13c36","nonce":"ecb7926e7ac3de323dd0b6cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"a93fe9bc5d6fce17074f952d9feef161a02f46d208756e24e458cad305ad506144678eb6a878e7bcff4a260efc","nonce":"ecb7926e7ac3de323dd0b6ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"86516c337ac67125d043f3a74a71604cd807fcec4fc28c03296b0ae1ec93f869f932d693ae8d0dc0f39b76af89","nonce":"ecb7926e7ac3de323dd0b6cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"9e91d61d1bdbd698f3acac2389da9c59c60447d044cdb8858d4e4ca04c42d08b164a16f386ee482e6cb3e4d619","nonce":"ecb7926e7ac3de323dd0b6c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"51cb67da4c6b1e7669a63e73c7e42f5f742484407afdfb77819bcbecee6710df452d2e12c513076843b19f9fed","nonce":"ecb7926e7ac3de323dd0b6c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"1a2b411a7129d65dbf42a315843d35666c8339923a1dbbf08b2fac28d500276762c769bb183f8e0bd1d8ce28ca","nonce":"ecb7926e7ac3de323dd0b6ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"fdb792e5376b771264f5ba7a505bb65b4250ad7e615bb64681fe26c240ef6087ace547e0ae23fcb66b702d1d5b","nonce":"ecb7926e7ac3de323dd0b6cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"f05ed233b17282cc0b025c0b279ada7891a520233f924bc05b31e01439c9581568a30e04424fd1eda2af651c97","nonce":"ecb7926e7ac3de323dd0b6d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"c8654a7ef550543df94662634ae4e9b0ad08de67d351fb0f1a120fe41664963f12caa7dd4d8d34e59f445a3c2b","nonce":"ecb7926e7ac3de323dd0b6d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"5e0d2e7a73a31b5094d6cee650bfd3ad5504b22a24d7dbaaaf3b90509fd30e85abc1d2d4ff8c172974c1a42890","nonce":"ecb7926e7ac3de323dd0b6d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"6d95338b814588beef6a62e05d962b3adb16bb36b9853614f4af7f8257a02de6eebfc3a5d2aa17b4106bf0f453","nonce":"ecb7926e7ac3de323dd0b6d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"97e9eb51fa8789ac51ff22e4f17b0bbc3554ef771d424674cde26b913fcfcc2c06e683101d92cead2619243041","nonce":"ecb7926e7ac3de323dd0b6d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"5e2f43cfb63dd7030bd1367f19f64abb384c4650b8a8cd2b543bc952eb7e3a7e1f5ffc7cbe5a4a37cbc175c4e4","nonce":"ecb7926e7ac3de323dd0b6d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"0b930a678cfc4b9d73fcfde0f652651faf684fc417011f5915284d26944fe97549b1263d0b6a613996cef68db9","nonce":"ecb7926e7ac3de323dd0b6d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"3c9b61a8acd2580824cb8c82c1900f63d77d866ba0f6f4837ecf8d3e744a6b06e366d9d20afdd4d830bbbe8102","nonce":"ecb7926e7ac3de323dd0b6d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"66012e919262fc0ea85409a68aef3b563a4f7022fa8c958464525037a50d5a29ddadeecbcaa43fdfc51d897e3a","nonce":"ecb7926e7ac3de323dd0b6dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"3d219ea47c69473898cca2cc85ab0e0dcdd4e486f951c3ed97194489ce3fa82d6bcd27fa8182b4c817e87a7d98","nonce":"ecb7926e7ac3de323dd0b6dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"a97d1c1260acaa07dd723e8e66974bb5b9a6778714400d6729621e13eac79532b0159bfb3722838c79256f2f08","nonce":"ecb7926e7ac3de323dd0b6de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"6ddd2cf6279b0236ecea1f0c3150dce9febabd69768ac601f1ccadaa347a17e880a6db706c4b48e9af0f15ebf9","nonce":"ecb7926e7ac3de323dd0b6df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"15716119973e7d5575f5ed026f080d0fd71dbad1c5b57764790e182ced34eccdc4a1ff72d3c40b18335248d0f5","nonce":"ecb7926e7ac3de323dd0b6d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"46fba3db8c37a9ddf1d6b58e2a63b9d6c9c69ca9464093ba42e71e42f546612c3cb6d313872abae8adcb758d62","nonce":"ecb7926e7ac3de323dd0b6d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"1c33fd517c4c46f647f9e8f70ea0bc8b569ebcee49dec68198b0bf826ef1fa32f796177ee8be81016802ee2bc4","nonce":"ecb7926e7ac3de323dd0b6da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"9ef1a965479516e451d7e7ca9122262ffcebd21ebaade01846b22a02a2963b6ef81da5d45ab674538823a54ea2","nonce":"ecb7926e7ac3de323dd0b6db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"fdaf3e3ff5450a0c2969a7f6f81f9ef09cb8d73f88763eb537471890fb61e3fe9e21fe0f9c7771423331f86c5b","nonce":"ecb7926e7ac3de323dd0b6a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"b16dda55321b7439d814925f7baf14f02fc432d5fc215dc4d76d9dc0bfd055ba6ea5e2c8303134a4edd2200d4f","nonce":"ecb7926e7ac3de323dd0b6a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"d5b8f7f2c396a16811e29d6218a4110fa05893aa9d6eda23ca274dd91c4dfce0fb049957112650a01bd0fb3df8","nonce":"ecb7926e7ac3de323dd0b6a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"2897530c95ff5b488541f9bb776b64953e1bbde6ce62f52ed361bf1840d597dc2350fefc5c65a44fbb794bd2af","nonce":"ecb7926e7ac3de323dd0b6a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"e9f498b2b249ef6609b1de637ff1dabc5796106d89e6d14385d40d528509e126307c15f093569e16e4f6d29f02","nonce":"ecb7926e7ac3de323dd0b6a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"67d81097e0a482f94d0ea5f9e46a96ee4a9d414f32b4ef71439f4e4e8e30743bbabc33ad04bf14cdc410717ebd","nonce":"ecb7926e7ac3de323dd0b6a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"19b3c3e7f57a4b07f85fbff5e43e2022f347d28bc9908426ca8897ec44606cc62c160bb73c2c44d7dc4c490a71","nonce":"ecb7926e7ac3de323dd0b6a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"3dc0b350eb2d0e45e2b97d41bd862d608c51f61e549d315ef609b8ae90a0310ee2d42c894d3f5d460d1667ffd1","nonce":"ecb7926e7ac3de323dd0b6a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"59bbbda47733a2d1faec5333af4c1582e1905b92ba1f9b8a4502296730d6d36560afd850a9372325cc339c353a","nonce":"ecb7926e7ac3de323dd0b6ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"5a3a3f75c00c1e70536be737d7c718d42d2b929fd0cba93234eb5e5d2410d151a0161abebf784fb09ee171e347","nonce":"ecb7926e7ac3de323dd0b6ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"e320fc208cf3389f81d6ea5621a49109b1e530dadef8b4cd12ad33e01818090353a9c2202e3320fe3c88e9f445","nonce":"ecb7926e7ac3de323dd0b6ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"4be11d1bdd377aa3272892079f2e8fb8d081b7194712fb6487669c9a0f1c405fcc8e46b861d94095128487ae15","nonce":"ecb7926e7ac3de323dd0b6af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"ad3450fc5790644cd79ff9e1875508a6d1b85c87cb830d255ca483e2f3f807d07c255b373338cbc1f100c37c65","nonce":"ecb7926e7ac3de323dd0b6a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"1deaa70a6da94cd14ec8b5641ddcf10b277ff9bccd8e675ebb4f946d575a353c37a1462d25dc18e172f1aecb88","nonce":"ecb7926e7ac3de323dd0b6a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"5bc8c1f3e457b094012d59111b32f381ed76f462782247fc17d8451c0c550ef9edf7ea0338daaeb4c16aab8dba","nonce":"ecb7926e7ac3de323dd0b6aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"b3a57e026d3f6172298bdcebe260e91d132f6522fa7ddb0f718e219fb539f14b16f743dbd9caac3cfd28a1ef03","nonce":"ecb7926e7ac3de323dd0b6ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"7b7dd15897a62845ac39db020150498c3be54a9fed40afe0b82b7f510e97f6d8a679bcbda90e94dc67e898bc0b","nonce":"ecb7926e7ac3de323dd0b6b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"25803e06719b28214fb217db2f56f5b173e57a5cfdfb1c75a266da35f3d62ebcc94061414ced151cc471140090","nonce":"ecb7926e7ac3de323dd0b6b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"11630a376410dce265a2d819ae08695b9e39287e0b02354a561b4b4ad0c00685cc4d12f608042f7bb936aa1d14","nonce":"ecb7926e7ac3de323dd0b6b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"dfbc4e1e63e12df1a8beb4b293b58b5e60d5452be3520e01feea9d042a627b684e3570c7aa689b95fe2ddc2d30","nonce":"ecb7926e7ac3de323dd0b6b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"dcc5afd1fc724e6d95b05fa42669d2f76674f89285a6afca72cd76dec62442e5b67e4c5b08c4c370299f0c20b8","nonce":"ecb7926e7ac3de323dd0b6b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"b9f69f8f5261df12594fa3c033a980faff5a06320668de35bd11eebe5319333a0bbadf24d3c75b10d8f03625d3","nonce":"ecb7926e7ac3de323dd0b6b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"6721fc811f6e18411d70596f51ac9fb4ead9feca076107ce230eaf6536c20b74f6916538b777e17acf2e7159a6","nonce":"ecb7926e7ac3de323dd0b6b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"6957302917282ed125043facdd65e3003904fea3c2c15bb7c56af83a4a61203f42e429c208f8eef8de58cd1d27","nonce":"ecb7926e7ac3de323dd0b6b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"d3ba8a7eef2666e573e1e8844a852ab4abd40c6cc2223e9ecb5e78729d450fd31800bfefd127a83cae2c41d867","nonce":"ecb7926e7ac3de323dd0b6bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"c31607780802c3d7f1e701633adba423b78bdf44c2c8eed359a173ca40a16a09f40f528c33bab65e43f8c2f2d0","nonce":"ecb7926e7ac3de323dd0b6bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"469df292bd0b55ff7e46bc33b32ed85a7ef13016da3f2c02f5e83148ff9405cc95d74ad077a61f64d32362c565","nonce":"ecb7926e7ac3de323dd0b6be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"49eb2980e0bc086bcc7c04816ca2af7f4233bad4b43ba79a861e9964cbac689221b3eae393efa858e6ba59bcf1","nonce":"ecb7926e7ac3de323dd0b6bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"0f91f32072d8648126bb100fa7afad6784c79a1d531a389d4b0deec68d1d3f603e8cdac1f20f6ff157be66f010","nonce":"ecb7926e7ac3de323dd0b6b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"22e0f59f982c16c7831c8d2e0237d2ce95865b572eadbf0e1f5a721922315871f92f390186eb0d848c97277e16","nonce":"ecb7926e7ac3de323dd0b6b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"093592e8588242d28bd3c1a53109fa18b54483265893cd122d75e8d7188b5360a1fa86e56bea354b4939fc05e3","nonce":"ecb7926e7ac3de323dd0b6ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"c556f081fedeebc0b6f134ef8f11d37e69cdcc9ace648ac097179394a976cf743edc782b4665d7f0149fbddf27","nonce":"ecb7926e7ac3de323dd0b6bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"98b336757e82dbb42fa72f22b28c2fd1b8f238de194ebcdc02c5644eba839fadaacb302b0def03d32d397a4afb","nonce":"ecb7926e7ac3de323dd0b684","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"2747f6aef3f233eecfbb038eda093f8f8a9dcd676c7eeafc8ce77e3fb8062d69dc02bf2a8852a82f8a8dc8dcb1","nonce":"ecb7926e7ac3de323dd0b685","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"960fea84d19f9501ba95c1ec306c6e21e8fa45310a8537d1b68c90b85382246cc1d36e5095d8b3a6c92f411f66","nonce":"ecb7926e7ac3de323dd0b686","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"ac3a191030cc953dd173f273d74133172a26e424ab802f4ce9c0c1caa1089a80f15bc5d01da50ee89ebd4f87f1","nonce":"ecb7926e7ac3de323dd0b687","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"49a172dbcd5d8d475f9c6f78c4f1380fbe59ee63a62d355f27b89f71b15baed09148d0491a55a3f3f589a51fe7","nonce":"ecb7926e7ac3de323dd0b680","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"4b29b3a4da75e2688e091cdf544c4019d12f2924ec4a7dcb13fa3a90554b900c5f7510c1a1c5d8b38066f80e11","nonce":"ecb7926e7ac3de323dd0b681","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"34dc70d6004a4fe9cec57527954723ce851d9d1f150b7c01c330ce10e87f2d3497df2bf4aa0c5fb384975ccc76","nonce":"ecb7926e7ac3de323dd0b682","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"6aa3bec85f1c70a523d7335214b8fdb166b84b3ff799843d022585b5c123a24b4da6d3ef35fd356fac37f0fb0d","nonce":"ecb7926e7ac3de323dd0b683","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"be3e540ee438f6220f0d289111eeab5f3b5086be83acfa05bcabc31e1771db9ab8bf9dde16ac9170572a94e54d","nonce":"ecb7926e7ac3de323dd0b68c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"21a9fec318d6a91287efcc81da78ab23bc2e021c8f0646d2a1f7c3ca4b1c30a7708f82541c4cf57d19400ab0dc","nonce":"ecb7926e7ac3de323dd0b68d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"6faacb532ea799527f64a81ca96deb806e1cd539306e5e594ab75a3d283d62ce7f4668dd274c02481599b3daca","nonce":"ecb7926e7ac3de323dd0b68e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"b1fe66548faae69d675c2182ad1e0a313fb515d666d22f97ea2482d2cb9495ab3dc5821a4528b8a40fe9917267","nonce":"ecb7926e7ac3de323dd0b68f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"a7e37be3ee3fe98e49ff69ec1286aec3a89a817ebece7c3167876e2c6a6b38129ec63b158007f99d22fec919d7","nonce":"ecb7926e7ac3de323dd0b688","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"2797043cf60b58cf6167e8fe7b471d2114e8f0fa60d24b0c02f732dd4e7eaf17fc6ab8dd9b7cc106d6122554a1","nonce":"ecb7926e7ac3de323dd0b689","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"5ab3c22e37a6a38928251f027422563ce4605d951d1bf7fa2ea624b8d6c1e187b2129a369a578ecafa82f685ba","nonce":"ecb7926e7ac3de323dd0b68a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"3110c74b6f5037c5e695f4668d07aa3070cdbabeb2e1437e683e680eb4ec6fb4414d5613f59a29655fac162a7e","nonce":"ecb7926e7ac3de323dd0b68b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"cac42a22a2e2f520027bfca6865136c85632dd5f0c03e139a0d44decaaeb5e2adff175b8e1de1166d53a74f063","nonce":"ecb7926e7ac3de323dd0b694","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"4fe5f445f4d1197a5d4cc3c31e685dfbb14224fa96f7a10b4c5dfe20c6d0ea285c217c0380447d3b436b257ba5","nonce":"ecb7926e7ac3de323dd0b695","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"f8341737a866c9dce59545ecc2cee39cf20e8bdf07a1753a54df67082c5fd2c68fe412ecf6823eafb2ee2f3fb2","nonce":"ecb7926e7ac3de323dd0b696","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"b36fa06e8800db285852d7bfe9d72f66cb27a541b0a0f1b1f4ae3d36539be6a5dafa4aadcc19f25273ad0565cf","nonce":"ecb7926e7ac3de323dd0b697","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"b0dccaf5abe9fd36c70db3ca9a66ac4d606ab160bb23524a4e54806002dfd79a5d4daa87acddebcceb7902659f","nonce":"ecb7926e7ac3de323dd0b690","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"28eee8dbdb1d901a142dcb8ff0c1fbe39091222c46f0897022c952e6a053b339de02244818d9ee38779af25330","nonce":"ecb7926e7ac3de323dd0b691","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"e1cef410d50cf93e884b13b5e25602b0ea513902eba46c9337f31cfa7c82a9d1b8c39787a22c8cf377c93facb1","nonce":"ecb7926e7ac3de323dd0b692","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"dff1e795fa9d7af557a928f67cc4f6e40c996367da4ece2ef4f1f1c447c9cb3a851e281fde90a8dda1c8b84e3c","nonce":"ecb7926e7ac3de323dd0b693","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"11125ab119c4fa253949591f4a14b6375dd44a50b20cd1560759b9df2950ecca6aa7d7c68a8613bc66ef304dea","nonce":"ecb7926e7ac3de323dd0b69c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"b9de607ad687d2f972aaa7af2fc827da999087857810b7495fe090a62f73e8dccd0273e6ac7c5fa060ba4db75f","nonce":"ecb7926e7ac3de323dd0b69d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"e211e40fe5e4317f602b51c70626df1409ffebaa08ad9715d23c78aa9ac42779ca630058537dbc5fb3f6a4bffb","nonce":"ecb7926e7ac3de323dd0b69e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"11adbcfbf52d66bbc9a4548bbd0fc7ac4cabb2b6e509f52cec77ef5612d6ea908b96489c69afa2e3d82ffa9c50","nonce":"ecb7926e7ac3de323dd0b69f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"68d252ce22acd31c7048790281120a52d98a7984a2e3184b83c3b6f09db4956f66da098d9f72a2183206d49f01","nonce":"ecb7926e7ac3de323dd0b698","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"389223c76eda41750b4d662044ef48fa8e74eb3ce0f2262fe53d948b7263b397606cdfd8437978145aa59157c3","nonce":"ecb7926e7ac3de323dd0b699","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"16429e6b2ff7edd9ac233b5a17cef813a1937e2e81d908dfb9763501b8d7bc22fccd4acdbbf05581937a6b2d18","nonce":"ecb7926e7ac3de323dd0b69a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"f94a7a99b8cf1d8b098514d45687a2f371bcbc63003bc70a688313abf9976952bf97f01f6186e04f6228b8ae35","nonce":"ecb7926e7ac3de323dd0b69b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"f48ab4f228b6773352a1e3958ef289a5017bed2e486359ca7820c3ed5f4e857da42469916bddc12c4a91c49577","nonce":"ecb7926e7ac3de323dd0b664","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"d4695ff42b129d6dac8da4ed4ab31b4ad2f66ca6808307410692f247a7bc5754daea00a0ce666af80abb2d6dcd","nonce":"ecb7926e7ac3de323dd0b665","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"486a2215a58389d96dd328a30e1fa13066227deaea159a9cbbf9d6a78a6dcf3a7eb73a7a8d4cd64ac32ecdd90d","nonce":"ecb7926e7ac3de323dd0b666","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"bbfbf9b31fc8df75f15aa0f3e83ee4c77c15f19e8779905e13d7b38ddb494f4642e08c8c6bc68f65895c60d4b8","nonce":"ecb7926e7ac3de323dd0b667","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"b73330fee3e4b35df848c9d2c55cea2f1c0fc47e511199a4747c1732c1d9b36db3b9096db4dbfb36a55b46969b","nonce":"ecb7926e7ac3de323dd0b660","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"317bcc0d82c08d90acedad2b43883974776d5523eebce65f6008a9b1c66ae77b1c76cac250245c64be4f60356a","nonce":"ecb7926e7ac3de323dd0b661","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"a2656f6e1ea7588be333699b7e1033ad3372f1022848ecf516c5d2a4ecc516c21ad83d8d6781e36f8cf4e28f55","nonce":"ecb7926e7ac3de323dd0b662","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"9cfae445cbbd8a93586d150fbc38c438b9c71ad197e9fd329bcf76057d3c8f1872d42a8925985199a59168583c","nonce":"ecb7926e7ac3de323dd0b663","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"50f383f0ba6ea6c13b30536a3607b03fe82eafeb2254c5f79e667618953720a9476f382ece4db7c0716cb617ac","nonce":"ecb7926e7ac3de323dd0b66c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"8ca0b66fe534497c25500dddf77f5fbe63da10fc26df170b1b4e2e0fc0871ba98e67652029233c991009296306","nonce":"ecb7926e7ac3de323dd0b66d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"8e6014acde0b556bef950ae2257109ef2ff5fa10b3ef58bde9663e6c7c4a48ca0e33ddaa7777662ba46d602b77","nonce":"ecb7926e7ac3de323dd0b66e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"fb75851a29e68ca98d9c82e2de18b7e5baf62f27e1d649839e0aeae44d1786d7e6d390175e6212ee297c75151d","nonce":"ecb7926e7ac3de323dd0b66f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"419197a834201387f262ed2a79d6a4fbd5ee9970a9a03e1d25361e164d0b9bdea364d6a7f446732c06692bda2b","nonce":"ecb7926e7ac3de323dd0b668","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"f9a9a1a6d682a6bc1e82c82b86f8ca3806282e68c1ec7a2a128efbfd2189e1be9f4e9af708dc52ef6f820ac1f8","nonce":"ecb7926e7ac3de323dd0b669","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"9b20e98697d10fab3870dfe6ea20b036cb1187b4721ad28e773b82f913970a7387d54e9696d9dfa2b6640a5fa4","nonce":"ecb7926e7ac3de323dd0b66a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"74c0998daaf587182e1fd4b945de1dda1b6b5eb7249158d0a7dd71bafeb6be0305eb2fc8f918581f99aa4b270e","nonce":"ecb7926e7ac3de323dd0b66b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"09805279e1122daa107d854b0c118b3e92a35e651e54fc3661a052d4928855aa70c5fc65695e284bb0de9bff54","nonce":"ecb7926e7ac3de323dd0b674","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"bf2c67c8173c22df8f30ff9f51cc198445cd2f7c96e97290a5ac37c071d04b714b3d4f329309ba90ee426e16f2","nonce":"ecb7926e7ac3de323dd0b675","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"3f6dfcaec232734d17db0e6b41023d727f1a061b0dbf7d09296c72b8ae3b57439e6790192571d0d3a70e6ae46b","nonce":"ecb7926e7ac3de323dd0b676","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"15c62ee0489f24d4e8925cbb65e83ea1332c86e3cdc58533e0bd80b27ed73ed2af148bb2ced4f0d22cd0abc8e5","nonce":"ecb7926e7ac3de323dd0b677","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"0c23db612d2515a33ee0a15f68db71cb2256bf944ad9ca9bd71c45dab7f61688d91083d6446072cfc5d0d39709","nonce":"ecb7926e7ac3de323dd0b670","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"d9c888712bc4cdc57ff3d79a52acf5cfd5448c2451e6698123531340a0555efce2f8d880c41b20ec2a73406802","nonce":"ecb7926e7ac3de323dd0b671","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"dcc142d992fa361e53b4586de41080e706de37d98faecb5f4a7d6e1573dcd4d70af64081323ff9c92d6482224a","nonce":"ecb7926e7ac3de323dd0b672","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"4c69f4db7192f6a5404c31ed6ac4472d231e2235ffc2f2858c979e66cbdf6ead5b20955c206b96fdf63e88392b","nonce":"ecb7926e7ac3de323dd0b673","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"1728c0989fd9cd61e858bbe4f0c4c923765f79ef0be32bd53511a670bc8471f9542c0dda03c16c40b24b0ff7a4","nonce":"ecb7926e7ac3de323dd0b67c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"58eba3166079f9c72639eda6688204f12a0553fc6ee97e29fdc4a5fcb4a4ef886eec7b742def5709e1c51c33a4","nonce":"ecb7926e7ac3de323dd0b67d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"75401e83124904117cbef6def12919e61cc58c16570fc7395a93c7986dd21f040f5e5a63bbf21786560931d56a","nonce":"ecb7926e7ac3de323dd0b67e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"1d6874982204f88f62e1fa718a72a92aa7f72a7d63a5344768034848eab962d1e2dd4154cc627c95ac54129c25","nonce":"ecb7926e7ac3de323dd0b67f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"11e76fb19231bcb3f964a668db227490a911d74911933cb977677d4f0031a6f91559777aa0b452a621b929b9fc","nonce":"ecb7926e7ac3de323dd0b678","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"28b34267747bf3d313b86979b50b52b5e97a7c8af1b4d3f13f2eaa2a5743eb8ba90cb73bef9afdff2876ea4972","nonce":"ecb7926e7ac3de323dd0b679","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"997da1fcec7194d2ae575b2a2534e16f8a1ff353fc4be4b4cf69b6d3f81bfad6d3acb6c7d9463676c05bead642","nonce":"ecb7926e7ac3de323dd0b67a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"dc863cd9cb8e11f68bddd6b73d7611803b6fb2b1db8a7935a83066a6b00bb78eb38e3ff65aee47dfa73f39c275","nonce":"ecb7926e7ac3de323dd0b67b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"eeea997e3b425113b9ac1bc3dcf951b97c777b8820abf42c75cda8d57f05bec4c843992902300b07eee89fe93c","nonce":"ecb7926e7ac3de323dd0b644","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"55a2ce5996ab50aaf1185d4fff00c9f433074472e81fc6efe4a5a397bbddde66b4cf452beb2021c49537f8fd9a","nonce":"ecb7926e7ac3de323dd0b645","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"e51c7dfbd1cbcc56100a2c3cef994075a37ac1bec013ec9b147cc231e21184d4e1c075a0af4058ce0782362506","nonce":"ecb7926e7ac3de323dd0b646","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"2825db1e55cb7771674efd2c683e51bb010e936aa08fb7f0917508188630ff60d3dd54af8988d5cb2b2a1ba026","nonce":"ecb7926e7ac3de323dd0b647","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"d5815b9c3035ca224d7d60ec7ffdd4d46dbc46129d253387015de082887dcfe926c944f8f90617bc1d63ee1bd1","nonce":"ecb7926e7ac3de323dd0b640","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"1870312431485b7edcb186882d3a4c29dbdfaf9315bb4c507f009b655a3f3c478a5ce4ac6da1c89174e4497a85","nonce":"ecb7926e7ac3de323dd0b641","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"34ea0b78d6b78d106e0219194ab3ecd27d38067a8e22130ed4e62c735c98e16c18e0bd6d39fecbc683d89fef33","nonce":"ecb7926e7ac3de323dd0b642","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"b5517b984bb7e26a2478a0d6017b7f082178853ab52599e35783ba533baf045194d9ebdbeb91e470d29dbb1d73","nonce":"ecb7926e7ac3de323dd0b643","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"38b865bdfe334224361024c2f2420759c3fc7a07f184591b3f48684306f609e9f4cf0f69fb5bad4261f17c8d87","nonce":"ecb7926e7ac3de323dd0b64c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"c6f04dd8d4d326626b40fabd005e3780f52793ee3038c4b666a857eb02963c263037989c467eacad40b3d49ba0","nonce":"ecb7926e7ac3de323dd0b64d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"8e6d8ba4256e0066e8b6fb5c7a70217cb0364a613181675740acc304b3699a121e16ebd53b8751248b96c60d02","nonce":"ecb7926e7ac3de323dd0b64e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"a22ae6ccf796089e3d7ac532a4a671e1b4a20d26f79771bd44e42a165cc384ca6f7fe42ffe602f1f220b7a02f4","nonce":"ecb7926e7ac3de323dd0b64f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"e3259e49a55a7049ba08f38640b5b925b8b5dc5a79b9081a75c400c05f99778b778dee7aa4f1d630daa5afa080","nonce":"ecb7926e7ac3de323dd0b648","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"1a1ff32a0883715b185b44021657e9a3583b46aa9cb32cdf80188e880da087a75810cebae763ab5a99ac93130a","nonce":"ecb7926e7ac3de323dd0b649","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"41c003880764da8df3e90693b862f277919e6d65a89acfb87fea7d8f0b2d3d42713e988caed68451851519058f","nonce":"ecb7926e7ac3de323dd0b64a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"bb41b1c22ec1d618189922aade34d196932a9756ff341ade733737b68cf804a21fa0a61762539459a59b7215c3","nonce":"ecb7926e7ac3de323dd0b64b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"35042995c834dfcf587516ed77334004c41ad471358fc300fa7d204889376fb710ecf91215ea9601a98627ce48","nonce":"ecb7926e7ac3de323dd0b654","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"9ce4377c5ed68d66b4c1f0fb0238546de110eb3c1b11881be833027ea8f8603aa071e82b8c34d384ef29fafb94","nonce":"ecb7926e7ac3de323dd0b655","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"736a6bb3b48c07699392264f6753448d3221bfb330717ded2d661f076b15e31b7822245a1a2681caf0e834535a","nonce":"ecb7926e7ac3de323dd0b656","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"83c362138c5239747066877b1be0e2cd4d51e4c6760a396f5a715917a7040bc5df79173ac34352cd08c4fd3441","nonce":"ecb7926e7ac3de323dd0b657","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"8a40233889995765d7ebdeb4192f3098c2e008070b1c51da65649fe6e9c1026015d6aba93187abb3af92abc430","nonce":"ecb7926e7ac3de323dd0b650","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"3035cb3bb9024bf79c2eeb2e95f41cffb615c83a797e0383bf059e43d164a1be9ce6a33ad588b490f214a980ac","nonce":"ecb7926e7ac3de323dd0b651","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"1dec94b8ae675fae8f100333063bcb615f31d7d03df465a2cb0c5f55c54a8406a08283f2830bccacd0faaa4655","nonce":"ecb7926e7ac3de323dd0b652","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"00255279ed448d35b4e7850dcbd7b0f159abc1b9269e5a477354e147dc2914411d093226f3778a2a97c125a987","nonce":"ecb7926e7ac3de323dd0b653","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"42c771d4cfb50597186d7b8d54ac28bd93a3464557da622a85daff4eb3ea4594116d3f3a565fe233188f5b0609","nonce":"ecb7926e7ac3de323dd0b65c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"972b46eabfe3a0471c96bd26a7468f1bdbef4c259654c2090656d18766c254c4126ff0f1dc7f2171b43e3f0d6d","nonce":"ecb7926e7ac3de323dd0b65d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"603626593a2bf154323906731c4c318fa5c08ddaf05a1c88fd0324976aea6f19d5bdaba9691a6130a17179ef8b","nonce":"ecb7926e7ac3de323dd0b65e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"746c730b28385545162be75703e25c2a643a06f6beed76b1ac092b101533bbae226c963e935f7ab40a24eaed4e","nonce":"ecb7926e7ac3de323dd0b65f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"417bb497f5150831b4b820657a1dcb944f2bc4e1d892ff4d50eddac2fa7c96427b9147a34c6aa96007837df8d6","nonce":"ecb7926e7ac3de323dd0b658","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"4b6bd03fd14f0f8946b7f0486a924ad59b2179334f8dbcae4d042272a6338239655e220dfaf65e4413cb0d603e","nonce":"ecb7926e7ac3de323dd0b659","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"fe03410c8672fd38ec4b884dc8058bebd000393240ff517e771a5683f4173dcaf44a2f567daf8922a1b8ee7ea1","nonce":"ecb7926e7ac3de323dd0b65a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"bb624180eba7607f9378a216e73fb86534bcdaeb5a406e810afd63c4a7855f0dfc191f8f6f070d190b517e6a2b","nonce":"ecb7926e7ac3de323dd0b65b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"fea34defb1ab974c55fd21792ce90cbf24ddad6eacb62a13bcfe1f3d5fa6aa7d796c778c95f4a52e1e8c23963b","nonce":"ecb7926e7ac3de323dd0b624","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"ade375d6ff91c5a0b9d718f24245aa8c193ac227af622ec04155aff391483b10b1661e2912e95b1c73a5920e76","nonce":"ecb7926e7ac3de323dd0b625","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"eaeadd18eec731125d583de13f6f4e1c17aa21f9ab083918f778eaa00b302176d87b8c041577f4f838b750aa0f","nonce":"ecb7926e7ac3de323dd0b626","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"a8b72902d5bca95b8b961b52e1a0f7a67862440229cd97a4724c46fd309beca3ae76f7a1dceba528197c2c56e7","nonce":"ecb7926e7ac3de323dd0b627","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"597d10cff6627d32bbe23f3c3bfa5a81ce8e022697abb3e8b1159a6c51402d1cc50d55e88e6933aaa8e51ddda6","nonce":"ecb7926e7ac3de323dd0b620","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"fd9fc7ab58cedf7ab4439fe23f0b1bd25083b65501062a88a39b8cbed7068898b18e5d0ebdef672c68254a682f","nonce":"ecb7926e7ac3de323dd0b621","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"12dd8e4400c25e5fecd6fd3b821e3f154153ea8545a5773c3d7bbe0de90023608169a5352665f50d8133d36366","nonce":"ecb7926e7ac3de323dd0b622","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"59a55019164ca7a900d1e1ecc1766ea56cf2f36fccb2bbf0bf847b822f5d2e33e68c20d75423a9b82f311ece62","nonce":"ecb7926e7ac3de323dd0b623","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"fddac07966846a3c2ee447fbda07dcc1cdac28cf71e53e37cc2ff66fa8574b2bf4cf1b5df48e6b9b861ceeab6e","nonce":"ecb7926e7ac3de323dd0b62c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"5159cbf15cd53a0621027a87e5212ea327fdea984e4b9792ce660ea27a7db9e20d7f052c129c2f4220bb7118eb","nonce":"ecb7926e7ac3de323dd0b62d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"eff0d15ddd21a1f5190d791c961397b6bbc4fafb5670c21e3e169e2ed560f427a304401056896b2fdbb1c6f548","nonce":"ecb7926e7ac3de323dd0b62e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"57dc6676bbc9f1f364be24ec4868007ac46d4a3837a2447a2361182adaeeecefcf4cdb39a722f5aef6127e26ac","nonce":"ecb7926e7ac3de323dd0b62f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"602877132f35dd7603843055ad8894ee946ce4850bddaed49ab80c7cbbcddd3f8529234fba90fdd8acddbf37a8","nonce":"ecb7926e7ac3de323dd0b628","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"f3b616c1d0703d59b9f42987fd9e4557349deeaf0e89b863fe9b7ec885f50877185d6c4a7cfe97fe729549f675","nonce":"ecb7926e7ac3de323dd0b629","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"cb3bb5909335af52d4d291a533e992ce5e58c32b0e8ce4730a8ee52498e2b0a4e0747d20ca82b8becf7116c5f2","nonce":"ecb7926e7ac3de323dd0b62a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"f922552fac4065506d485cedf31cdc4fb6e115dde9209dd7bdec0769804e09059292c22986b51478a42d75b9f1","nonce":"ecb7926e7ac3de323dd0b62b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"b62dc215db0fb7740fbac2fa4b8fce4270f0a2e18952b65a232073b54f2be270ccb65d544bcd2259bf157cf57b","nonce":"ecb7926e7ac3de323dd0b634","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"944c6ea453465d05725a618917cc50d6a0e23361c214733d6ec0dac7bd6dcaf01cbc5023c43326275ee8719119","nonce":"ecb7926e7ac3de323dd0b635","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"e7bb2d153494f300aa48f2333d6673cf5eb23ac33ccdd1346504e336a96b63c20237241b3f146faf6add3cec4a","nonce":"ecb7926e7ac3de323dd0b636","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"043813de09966cd2b42ede6f70b0a28a3129d35a56a4c6defdacb11ff1d7b29baa1a241226b174743038bbd687","nonce":"ecb7926e7ac3de323dd0b637","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"bab2dc88ae5e3a99fe74da91a534add1109a3f34f86ef73e9a0ae6a5794e6d0f8a497c2222930922a16eb37359","nonce":"ecb7926e7ac3de323dd0b630","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"87acf03f77f60f107a3346819d0c64be4b08c00ff31fe41055e36bd1cbec1f095d5327260ba1d2f517ecb07789","nonce":"ecb7926e7ac3de323dd0b631","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"711afb710307ed87da6c8b20a9e61bb57e921d04fbbb7e50225227df7c81eeae1c625da6fda138351e11f3fa31","nonce":"ecb7926e7ac3de323dd0b632","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"e1b782047a32f18064ed5c54d10d081fa8c3fbf22ed206ca1e1a2d56960fbdb4cc86aa160c17d93ff907670ce4","nonce":"ecb7926e7ac3de323dd0b633","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"ee40ec16d9c1fb1f6e59f0db84610049139b9b75f9a427d85c2a11cd30466e8e181ce818ba6a92efe3709808f0","nonce":"ecb7926e7ac3de323dd0b63c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"c450dc8f847c684792dab489776c16a61aa2651f4bf5b6e32df59d057dcc662006a8451eef5d48d402d3bb8cfc","nonce":"ecb7926e7ac3de323dd0b63d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"2ac6c7f2e7e3405cc9a949de38ef852d2a9baaf62dbf3f59de45194603ea9967d76da6cb81e1953f5246de118c","nonce":"ecb7926e7ac3de323dd0b63e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"c5d1c61ac0708ec482a6644cc88227c223d33b0dd14f9423c8e4c418801cd8666ce6c83e62d49242a4c3afcd7b","nonce":"ecb7926e7ac3de323dd0b63f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"d0cdcfcf24f5bef8f8850808adf849263dfa76250e22dc3b2fda5b417b4cbf5ba3c5b0f20b23dcd3c10f1b6245","nonce":"ecb7926e7ac3de323dd0b638","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"63efb8b97e3c98dd9ebdb7205f64ee38f0f3c207119e277fc969b07d54f836a8f37a98351b16cfb32a715a889f","nonce":"ecb7926e7ac3de323dd0b639","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"baff8461b41c59fe3ca86ed0629812c162c6626627466603a9c3b0eb7f23253d0a2e720fbf1b4efdc75cba6817","nonce":"ecb7926e7ac3de323dd0b63a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"775de07afce71039e2061db634e429db2cbb1ffb381a5df5f1899afdac70bda98a309693fce7adcb2e1dccdf76","nonce":"ecb7926e7ac3de323dd0b63b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"6dd2350c68e1c903cb1e6c32a440f7fe8b6f31fd472778308cbe5902184a6901dcd26d9be2d71bddd4bf69a88b","nonce":"ecb7926e7ac3de323dd0b604","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"045921d8f0b950cceacfb30c65686556b10ddc4024dadbc68d451cb5e72e02324ba99ba5fbae4400f3d639423f","nonce":"ecb7926e7ac3de323dd0b605","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"a10c6323ac972158a8569a93a5be0bc3a6ee307d4423e7eb6ed1a332ec3fedd223c2538f9ddfab02396b597fd7","nonce":"ecb7926e7ac3de323dd0b606","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"d2e11b2e6087ed3f015ed65fcd40a4331f2fe0ccab5afc466332a5f3a87399ae09bdfd155fa7388e87f701ec30","nonce":"ecb7926e7ac3de323dd0b607","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"1762872f71d0e3d0a5913b67237b8f0641b7fae1cb4a50e18f00f69db5c50df6528fbd9f96679511da207b5404","nonce":"ecb7926e7ac3de323dd0b600","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"950c3f698ce450a1efd2a33fec9c109442c6860246aa7f55617a919e3b34c0e3020ddc324f492e6b5a6d15de30","nonce":"ecb7926e7ac3de323dd0b601","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"294ddd5b0d3f180e31ac65497cef9fbae95455a50d6aa7384953d08cd4be88d7ec4d6bb087995db3d50b2b242d","nonce":"ecb7926e7ac3de323dd0b602","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"84cac77d2fef4951f6d4ae6e7fc286bb37b582ef2409fc1950362f9148b5382f21478f41110b84a9126f923d6c","nonce":"ecb7926e7ac3de323dd0b603","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"aaa10a14af4b958d353d119c7d8fa023f3808ea35d698edb5ef899cdfce04505d0adb0f67dc0718a9b90469629","nonce":"ecb7926e7ac3de323dd0b60c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"35914d74940368de213514adafc6c0eecb22e1e9b736b4908c93bb17bdd208b08f3698a8d5bb31428e3ccc6e27","nonce":"ecb7926e7ac3de323dd0b60d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"3636f7abb879a7fbe45dd3c71d05266b87336be09ecd2efa9a73e955ce951774cd237b6eb4afce25207d3806e8","nonce":"ecb7926e7ac3de323dd0b60e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"6e7d2012f4e29ffbf46e2a51bb9835524c729faca3227ae67154929e9a7278d1bd57599555fca481d341ba7a30","nonce":"ecb7926e7ac3de323dd0b60f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"099781c1738ea1c9513102c5ef7026212005448ecd4d7a1820148a40eb917df093e7cea93a91f3a1eed0196b3c","nonce":"ecb7926e7ac3de323dd0b608","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"2a5c3b6dbe77371d3d746675ac0ee07b24cbe24f0fef055e47cfd2ce426ae6fba992503d78a46a6c496a528b6c","nonce":"ecb7926e7ac3de323dd0b609","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"b2d0485be83cda5ffe64a3da9b48cf93dadd67861e981b00f40bc7741ecf987ac55918e52e22f98d0c081ce513","nonce":"ecb7926e7ac3de323dd0b60a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"0464a7b859baee9566083c9b91b42b1fdbf185d3102c0c27ee9979c7ca25895f97e63c9f6aa35ff86d477aa6f0","nonce":"ecb7926e7ac3de323dd0b60b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"59ec931553b2f4125b5b08d1b5e19cccd831e6c641ffaddd6d9da5d124e07848817b38c188634d89a74704ec4d","nonce":"ecb7926e7ac3de323dd0b614","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"c1cb0b035ea6546f6f6ad23272f547178d50499aefbd4c78945ffa1e3316460cb1ed2041bafea60264c0760ccc","nonce":"ecb7926e7ac3de323dd0b615","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"8e4b2e822c876e3eb830cb13ac647de2f5a3fe3790365608e2932e2204a9b4cf3be27422480f6be0ac962834ae","nonce":"ecb7926e7ac3de323dd0b616","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"a51508b719b3b005b6c97383523706e9cdf8b1e3268c2474b2af11cbabf1e8753b3db0614c429562f927ac1e53","nonce":"ecb7926e7ac3de323dd0b617","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"cac097fd4cda54ef1f4862c4a93bdd028fbcb185fc057f986197132ddad4edf46a753366a029914187615fd91c","nonce":"ecb7926e7ac3de323dd0b610","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"e003740a0b69f0066e3851c548d55f5243d40ccb2c8b4654c3070db04bab7840c1d08ec39d4bff4d0d71323f7b","nonce":"ecb7926e7ac3de323dd0b611","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"fead2da18fcd011a40ae66c2c69b523d11346a47ad47a97f4c666fcfa88a1513f82ccefbaacb9296747b662c49","nonce":"ecb7926e7ac3de323dd0b612","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"362731744c642e9aba05f04258a89c8748b37663b44bf97f456fc7e8ab658694432a80ec748ae4b2eb581580d8","nonce":"ecb7926e7ac3de323dd0b613","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"9d05d9934919e2a55d88e64c28182b998eca5c1c6d61027cf161b36ecc33e78ebab23bf32ba774942e987cf89f","nonce":"ecb7926e7ac3de323dd0b61c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"6321e2bdf58e8d39c251bbbf7ba1338007bdd2b981cf541649b82d606550bf309c19e51553d61b7babaa5d017a","nonce":"ecb7926e7ac3de323dd0b61d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"bd166ae27e172f31f3ca177f79e5c9c5678da0158bbed264166fad832b8d1cf7ca12cbd1db1f9501c09b17911e","nonce":"ecb7926e7ac3de323dd0b61e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"438dcec9a13b8a997af6ea382195e86d08ccceaffbf38691f2afa4625bda632184ba718094603a0ebad3655373","nonce":"ecb7926e7ac3de323dd0b61f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"3a721293357d5e88cdd0ea68346b426da9c87cf3b83766a4b2f81dc35e4e5bb9bcff9f4a7008c009cd35a4557f","nonce":"ecb7926e7ac3de323dd0b618","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"1381f16767a8b9ee51f12a898785f30204a665468ed1473678b5ad6bba275398da7152421c5ce3a6f2f5e24a2f","nonce":"ecb7926e7ac3de323dd0b619","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"0961bb4b126217e56815cad9f7125e23c30af7d42678b98d05e04e002e8871d8ea743da8e171281d3746f2f8f4","nonce":"ecb7926e7ac3de323dd0b61a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"8107a83a236dbe46f3c13644361716e96d39a751ccf17c55725d43226efe313b5fcbfb110fa29cff5e4245ee4e","nonce":"ecb7926e7ac3de323dd0b61b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"8f090288c322341990513e294cc5864db3b646d5ddca1e9f6cacd6c2e7e9cf7b0f1c4f41d51e62c22bbd9ac65e","nonce":"ecb7926e7ac3de323dd0b7e4","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"9c4cfc5497fc175da27edd0904e7f8d7d232ffaace6832446a67a8ea581e2428"},{"exporter_context":"00","L":32,"exported_value":"ef02beef8d82835221a053d2fb483a2509ac68897343bd095f00a2977ad652bd"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"1242eb6b4aedb5e7f2c5d996d109b30e446541ae4d5864eabb268448d7170cae"}]},{"mode":2,"kem_id":33,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"1263af791f251d642bff5763141389f31e4afaf77f67f420b51e0e6764acfde0c618d0628f91c4d4151b56c646c4c683da1e72caf476e030","ikmS":"b80515f826811be1eef89883071c97b9582138815de32cfe166d360bb34d30d4d1c8d01317352d84bf09c1eb86e31035e416283c077bc917","ikmE":"d0eadd52d001c27c4672a95e2acf070a0de416600ac31a8ee1b523b748acd13241a25bbd19c043b5d93a7eefeaa1e2ed213edd4921978da8","skRm":"7230e55eccc935b606d814b8c8f52c5652f2b77755ecf25f27ba748f4b44e7c9035efdcbb62b8709d0ffb52008530809f607931277b4cc91","skSm":"a79d5ad1a19152341311da382aef909216257292165ce26e1dcfbfea51c7e2bb06ff93c0ef2a419be3a9c84b2ab4dc109ebee6e5094a0019","skEm":"20e9cf8d559daa347d71df7e3c18723f2e84e03dd51dc92b7e6b481659d92a2f10afb67e9792eb3e867af4080ec8367c56a832638e04a4dd","pkRm":"5f340db11681ca2c98546235ccaaf5b20f633ec750fc09c353a28df0cdd851a89d1b31df61e8b5450b08bd77a4d3860116b2e16f8db358b0","pkSm":"c04dab742a70bc1626d85013537c7595997e774c12d1b48b938e05e0df26a521fb519c458565f2dd062ee3c90310f7762ba8ecdfeb26495c","pkEm":"169096591292f2dd46698209f820eb3fee58610c801d375b7ab1d05797114ab6efe206a026cf55209ee3e5be02515c2395d66e1ffbb8d7a5","enc":"169096591292f2dd46698209f820eb3fee58610c801d375b7ab1d05797114ab6efe206a026cf55209ee3e5be02515c2395d66e1ffbb8d7a5","shared_secret":"72b8ee5472ab3759ab36cba38f262e8d38465fffd68361591b00b30d77bbf488d5f72b0f2174dbeba18842f4525dca95712351e4d26d3dcf37ce1e7e86ee9fef","key_schedule_context":"020fd8a8635a1129ed4cee7f5560a60bac8af321092b45499ffe0eda28218c8d1d910e2ee5eedbec01d33683d6f9f923d7ab0a69b4b8fd0d53307f806ed48cde59574a72814c5d8e45c985c4252e66abdfe846113c17cdd7485893b89e0d5cb23d409145ac095bcceb628874b68378897f77c36eaaf45dc932c30eb5841015517b","secret":"167467e02c780c7685284573fef69e45a21f73597d75237e4580499dae805c1cb21b88446265ddf30e96fbd1ef53928eda33966505c50de45fedb9559cfe96ab","key":"39f928fd01ab69fd1ae98745d3d5cee2","base_nonce":"e763503a1e4610955b238414","exporter_secret":"5b25b3709d57a5d1acbe3fb78ac63db0f2aac095206ac5a9c64f63a55dbb4411338f083809660e782fedec79ca459fad155ae15abebcd959e1e5a5861e2fc7aa","encryptions":[{"aad":"436f756e742d30","ct":"bae206ce434275939be05eee854becce0ba3c2aea77c5991bd88ac5d440a78b80f538f0cfc1dc0ce7a60711f97","nonce":"e763503a1e4610955b238414","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"f8efe1b52090d5c50efb2d541228689b8c7ec0019dd17886b5f86cd8e6001fd95f92edd9bea9dad91a046ce576","nonce":"e763503a1e4610955b238415","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"769f4da480ce473890e08856319ab74f1a286aeff7eb9798ec85ecc01e8e9950ac00cd2481aa99efaac6171e9e","nonce":"e763503a1e4610955b238416","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"3c9598a72dfef54e8ece6f1c4c698713c8802979ab1b85a5bfe5b99e7d9b99a8c927a942aabcc7bbe3d2332362","nonce":"e763503a1e4610955b238417","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"ff50a06cf6c1ca36e39ab4e4993ae73cdb35676697ca4eb5847a7d1d45f2d9d7b882ef8d17cbdbe180e9aceab8","nonce":"e763503a1e4610955b238410","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"c9a7b7044fb18d1353ed85953dd610232b30510e70af543f5427ee6c82d6a03f9e5b18d62d1a0170850ea49190","nonce":"e763503a1e4610955b238411","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"90872b73f1b738be751089b189dded956356adf189f5d1a68ca70c084323fcdce51da11c6432dbcf58af3f484d","nonce":"e763503a1e4610955b238412","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"c433d57dce059077cf23ac061a5de582ce8fa42eb7909c67b60a26d5aecc4aa3457a4233af72890389749d1b96","nonce":"e763503a1e4610955b238413","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"6a9d6a21ed107f8d0fa5966c620b8c1953d5cad575921efee30ac3b02f67572f0a603217d220d34288b0c06877","nonce":"e763503a1e4610955b23841c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"85d4a5d1853df0629996272ddf684b5c11eff52c9f6851a6c8a0deea9f663dc34b4517433349c749fa459aba8a","nonce":"e763503a1e4610955b23841d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"bdf97caf79732e687345a942f8711f3905d9316986f9cbd659ff45390ceba25aef2889b495b64b08aae06cd320","nonce":"e763503a1e4610955b23841e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"fa3828dd18f1f964df2090e9524d365c62f4a3d74d66d0a04a66fe12ecebe3b2883b57c40c7b2280c98b914b68","nonce":"e763503a1e4610955b23841f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"eee602f48564e60769bffd80a9ec6ac70c4f0f245824949bb7694c873c223b764bca4d83fe86cd1fd8b197ecfe","nonce":"e763503a1e4610955b238418","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"92cdeaec569d9e85ac193b5138964afc57d8457e3540f3e02137f1dfd8cf98d6df00bfbd75cf505eee1cb90787","nonce":"e763503a1e4610955b238419","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"1514a61dc19cd08fa843e18297ab5212df6bf4b6ed70ff07626747d1b5faa2359502bf61eb30b52f9fc4d3b7eb","nonce":"e763503a1e4610955b23841a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"77e22fdcbb5d798d12616e834a39bc29ead4a9d28416300c466d5631d41afd73708c5038b1764c239f81a19bc9","nonce":"e763503a1e4610955b23841b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"ce55b571a6055b5f64b40281f365c3a538f43617d4f05a43469b93aafc06b6a9a6a4f36415e19489ce9d83aab1","nonce":"e763503a1e4610955b238404","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"80e01598985ff417b80ec05bfec50aa7259352b6bcc1f1fe3e682edada7ad5318dad1053477e1e684074187438","nonce":"e763503a1e4610955b238405","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"4946acbf06bf10c4a66758aca00d5f57bb5523a6070397eff838c1147ca89beb07a96462f83002129b2c21b792","nonce":"e763503a1e4610955b238406","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"07ec42b68a2287b0a9de96ad6ebc832d4000d7e7fcab21b63bc15ef9d6646bcae3f53cadb1bb0e1e0e6fceabf6","nonce":"e763503a1e4610955b238407","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"4ec21ad2e41c53fb370ec2f512243b63e607b1edc43bda64c99c17ec74de0ec18cfe048267c2dea7fe23b1ae98","nonce":"e763503a1e4610955b238400","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"7d614f425ba3b7d112ff9c265710e4ea74b2b6a6581ae02dafa4a0edba0e8d3162b7532fb198ea357b19fd1634","nonce":"e763503a1e4610955b238401","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"7866b22a5530d30b161b3d6c6981638e230af54662a843e9928c2ee599b6be71c9ca6685e1c82350b200a350fe","nonce":"e763503a1e4610955b238402","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"f609601b652e81926866a8062e817ba4fe4a8d9ffb683b2dd9b912f1d95fbc8d1b13ff0f117aaefac8b3490116","nonce":"e763503a1e4610955b238403","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"996cd662ef941c15f49b3252481dbf8c06eb33482d58ed435ed2155a5b6258aabb9792315f2b8e5aa010c79404","nonce":"e763503a1e4610955b23840c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"c99fb20e5f158f0a4984cac8118786e1fd9e58bed137f75c91f2722f778813446888c8a805becb2e219c09f034","nonce":"e763503a1e4610955b23840d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"373c57dd55a4395d5664d40431d23d93ed158579be0bd1e357bbc9f84b1ac91acd9b445d4d2b01f4817b6f0aa8","nonce":"e763503a1e4610955b23840e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"f7f0bc46c0d44f06442326aa92092bff8f4da79900cc403585d142bcaf34f8386f42c7cbf4ef9afc0d8bc3b0fd","nonce":"e763503a1e4610955b23840f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"f0ddcbd426a689e3183059582d360b97a95a922a5e191480b185a394c96100dd8961969458c181f7fdcb5da6f8","nonce":"e763503a1e4610955b238408","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"e8e30ba5faa7a0b2844022e218c81087aff98573dca3e1379b8bfe419066f4bb4ff6268b3197d88932d09bac59","nonce":"e763503a1e4610955b238409","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"b4af1639bf653b0d2cae907f317505d23cb32be3e2543c1b2c74af0b8a0f18f9052c2276c49fd9ee6bf5f57832","nonce":"e763503a1e4610955b23840a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"8dbdef7f833c8080ce720a6d22bc35303495710e0098fa94178537ef75b97fb71949b9d120bbca3ddb3759e8d8","nonce":"e763503a1e4610955b23840b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"90e5a9b4074f533a539d4ce40f478f679e09fe1d05fb260a21179a23598d678a1276fbf2c4f1a766d1ffbc2cda","nonce":"e763503a1e4610955b238434","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"27b379fdcdef0d549c3790f110c4aa8b4f3872a4b274bc7c8cb72d88039f7bb067338da785f4a2c04f76daaa02","nonce":"e763503a1e4610955b238435","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"b368030194b503a95d13214a51faaf7afd9e4e800d9829b60417dfe77849bae968836aad66b76301051a1b03fa","nonce":"e763503a1e4610955b238436","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"2c62a24884dfd4737ccbf516134354f18d5e8e4ff240b379c01a93e878c205555482927b96c6a4448784e660e8","nonce":"e763503a1e4610955b238437","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"02467adf585ee268121a09519cc42b5658de96d0cbf937d4d2a11778fd92168045d0572908cc2fe84ad16486c9","nonce":"e763503a1e4610955b238430","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"3336287d93beaae4b96ee0d1087c51c6a43973591e6279554df283891b92b4ac47d99dc8efa1fbe97d97c34f04","nonce":"e763503a1e4610955b238431","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"3ae4dc87d138586813414d8a2e9368f192e4509683589c9f6cf7ec9ca4921a3cf6d3dde8dc19c6fe8d1a69ee8a","nonce":"e763503a1e4610955b238432","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"ea46a4a7ba6b3c3f3cf22188ad401322556736d226bddbabd84deaf826917aed12dc6498f2288427c80317b269","nonce":"e763503a1e4610955b238433","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"a995477aa9d55309e42d68ac817c7a211e20d1ccfcb9a9c0b5abbae7178f097e77f847f63040f3573e91c7dbff","nonce":"e763503a1e4610955b23843c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"1bd2b800c1d581005865b510123bc90a497f76b4428be30f6a2c5e7826420a2223f8966606333fdd22f7490ca5","nonce":"e763503a1e4610955b23843d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"8802f93e53721eb2d07b170e19a8845b315a52dd6c4bd0db319ddc184e204834537fc30087e10157ceadf0e52a","nonce":"e763503a1e4610955b23843e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"221741128f41e977a32cdd2118633a4651fa8d708e9172811e7e84f7f9f9d6ffa8d9aaea566cc0a6b6a285deb5","nonce":"e763503a1e4610955b23843f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"02380d31ae2bbebebc273c6b6002c79bd2591fb29e669501cabed4f7659728ad897b1a22ec50507ec4387d64bc","nonce":"e763503a1e4610955b238438","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"241b7878809f1fd7c5196e412f3bfe370be5d2d26253d370928ff918d6893889337027ac896a453e20bc686b5f","nonce":"e763503a1e4610955b238439","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"6bec703a338f2f1b959a1cf28f2739aec1a6a06c7119d7aa5612f1c68cca0efc41fa80fb98df0cf62631db7ad7","nonce":"e763503a1e4610955b23843a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"5600d864e4d0e0d2a83a24aac854c9b8d67ab3ff941e551b9fa1c058b375630e784a4f76d25a867b93c561c7c4","nonce":"e763503a1e4610955b23843b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"b9f79c6e744e5e5fba56a99a191fe4338f8f05ef06c2035df3ac6ddc0d10e71f2585ac3fdf219ae9a62cc4b9d5","nonce":"e763503a1e4610955b238424","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"b3ae7766eda12515cf53afdf39750563bea9335a286d2b5f0778d882ef527a403909b7353dffcb8eb24175f4c2","nonce":"e763503a1e4610955b238425","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"de5928a989061837b7921e56decf45dab9daa23a419670f5bed945c5fd06e3108c1b7740e7f8cb4b35e6399d5b","nonce":"e763503a1e4610955b238426","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"daaaf23f5aa682450e04e71154216f81c454537fdb74eabd3fc7192ba0524f08a0027f9375a2c24d6d0481ec17","nonce":"e763503a1e4610955b238427","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"43f110c5acf61f2ff9ec9017b8e7505d717e9fe7a202e3e705f94f31fe97f2a0cd85c6d76e6b8405c8f90061aa","nonce":"e763503a1e4610955b238420","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"e1e1a81705700e4877f86d810408ecd53d54edb53100903572d521b179023836dc7c2002d49b40b18db768d079","nonce":"e763503a1e4610955b238421","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"d71a44ed0787effad08f4ddb55c26cfce920438e08c8a8ca7a64b51370576a3cce1cbe233466fbfefce3d22aa7","nonce":"e763503a1e4610955b238422","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"4a9b83a10004b67130a68ecf982128f6cd053d1aa6d1d97746ff18b451610ac69ef0bb82369154b307e22c5495","nonce":"e763503a1e4610955b238423","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"14a25760b035a0add7c6e36bc123f9769222582b89b41a1dfffa3ad63694595442858c1ab12e15416dfe3bc567","nonce":"e763503a1e4610955b23842c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"43933feacfb15272a0597661f1d6ccbc1f306c86d59428897280b2b6e4b5005c859451b14b6761750983bb9bd5","nonce":"e763503a1e4610955b23842d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"149fa1894ce308961c5338edb8bbef6c11852ccac5945b9a8063e0472d2ce42cde011d78c195c087480be58c5a","nonce":"e763503a1e4610955b23842e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"e4a94150955acf19527676c32652aab3cab98b97f2b04401b847dce8deef77393cb498b634928828e5f9d42fd1","nonce":"e763503a1e4610955b23842f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"9d0a6d3c7a077dc80d1a8b2fbbf2911818eb45815916be82219cf7bcf15549d46e471b6ce888c58e35d677984a","nonce":"e763503a1e4610955b238428","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"476199e32e0ec1176a4e7e2e041d82b473c5d62b54897650bfcec6a731d3d49bfb655fb0baac47710f311d2557","nonce":"e763503a1e4610955b238429","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"670c97608399255b221dd7cb403a5f5cbb0e0f13329961263bf2cb6c9d2d2e67342347a4cb87904a6105d28eb7","nonce":"e763503a1e4610955b23842a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"deaba0c38ff520dcf07b79d3a9a12d869cfb969744a945faf0002c21a65ed09874e6735b09b6b9c831dd2a76d1","nonce":"e763503a1e4610955b23842b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"abb6993f47ad1b89f4f24efe43d595fec90f7f87228cd3ad344b0461cd42d33b243c623f1d455874dffa91305e","nonce":"e763503a1e4610955b238454","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"faea22b739e5e47523103a826944e5443e74c2024094c5d37cd39114bb8a0f9c923bcead4824dc14d33bbb93da","nonce":"e763503a1e4610955b238455","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"b581c53925c9296c7417c19375031e48b6bae98c6ebc6e41f672618314ce7672754b2ed94232a59213637d1cbb","nonce":"e763503a1e4610955b238456","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"f958fb68034e631f14796503c9efaaefa5fa316c319c46a6203cda9e212d239147fd6180fddf7027f58baf2e1d","nonce":"e763503a1e4610955b238457","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"6b1d97dc8e845f2e492724b35719908b670d65dd2122a174f528ce857077012bfa43a5d6adb76573f1a099d51e","nonce":"e763503a1e4610955b238450","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"4ab3337381d98126dcae72252b8216b4ce7fca5ab271fe767878a7f047bbef81557b6301428e4b44bc73b7ecbf","nonce":"e763503a1e4610955b238451","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"44ba79bbcf2c4778bb1dc3ee047ec74ae3b936f70640c6bdcd05a44f676d40ae149c30045cc9e9da844dc4d69b","nonce":"e763503a1e4610955b238452","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"43b21c3ab5117abd501d8fce5f06003f2700de323522538139c32c70918ea380de30da21d4ce5739d9a2780677","nonce":"e763503a1e4610955b238453","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"ead857fb321b1c6ec4414660c38a1c743e872d734b88f3785bb95d975555236663d021aca3b989039a14642d14","nonce":"e763503a1e4610955b23845c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"a4550f7bdd4e9574362eed2f5870cf7309ed2a806e31dec3a167cbfb2d646154cf4a530ccfb89dd305ff882b64","nonce":"e763503a1e4610955b23845d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"7e8c72ffe64d68c5b58b90610632f006b35c077567339b5bb58766b338d355e828614d19e5c9bef46b85cd7063","nonce":"e763503a1e4610955b23845e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"b10907941dadceef9782ea040eaa95f2de65401040025e65210f4bf6ffe9ba092c54f5137192e8562adc803e77","nonce":"e763503a1e4610955b23845f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"0508f34dfb052724f4b5e6c795ee488979b454e96b8159c823214eef1436b50e8f782ceb53c6ad38b80d1b4751","nonce":"e763503a1e4610955b238458","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"78298c1b027ef1b2a581cd982f59bbf3d72684d77ab91b85dce039be35dabdd8725b286c133f191ed0c04ba7ba","nonce":"e763503a1e4610955b238459","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"2d21c722af62bd6ba9f4997b9ff4cb1e33cd626b3e89959c5424a497599e9789d616d31a7c65b0c1103004af47","nonce":"e763503a1e4610955b23845a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"f7afde35d2414307020e599503ea05e61a94516d39ae28ad216db210bfa77ad0c2599d435b42be1a587973d7d1","nonce":"e763503a1e4610955b23845b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"be32fe61071e99290567c4c242e7f227b29af27612b613f95faa42afa190d60c287de9d0c36bad6c8f1b9a701b","nonce":"e763503a1e4610955b238444","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"82fcacd322be06fe020e5abaca1b9cde10630eba3bf116654f2e973685f30ab02fdfee849e316bc8596ef81f5f","nonce":"e763503a1e4610955b238445","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"246f414be9829caaae2ecaa01a2800be0d569449c713a535e4ea3c982bf4d9bf22d90141000bca9dba2aea3fc2","nonce":"e763503a1e4610955b238446","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"7a358e1eaba2633ba6f942c535f42ad8962dc647d18b3b39ae17c1eb4f88e4f53bb802c0cd66bee82cae72b36b","nonce":"e763503a1e4610955b238447","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"e6597f8dfaaa4de53846efc06018cabbb178ab08b30ede5b082ae1d33c1f9085fdbefd9c84db6031ab182187af","nonce":"e763503a1e4610955b238440","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"188401ce1f14c64c4db9786fbb7b6dcae8277d72df908dcb1fc933b2ea0f60efcf7b1bd2b3d034335f06c1b757","nonce":"e763503a1e4610955b238441","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"353198fbcc3a8a04de8b5ca2e0d9cedf4100bd425638dcb449e76249ce258d622cf01ad05b53af08e47470ad75","nonce":"e763503a1e4610955b238442","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"47d2e707124aae0684e24ce3d0b511516de0e17c1555694f165712b523dc3e35e0f6c1a13db3910f3dbb860f97","nonce":"e763503a1e4610955b238443","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"d4b09c9a4cfd0341ae45bdee9b68356728c096da5992f46f4b28f2f78ea67d0c2c8883a01d7d84a114b18607f9","nonce":"e763503a1e4610955b23844c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"2c9ebd9788a1c9359f4cf327f7d0e1ae2f7ecc7594164746820c92dfcde1ce88f42f51185aa52bb4759c87f317","nonce":"e763503a1e4610955b23844d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"5918eec311bee7767975358d29ce43d981a5ac091a4300f86ce89a3fc1b67bd87af8a5ed13349e4e6f01a4a870","nonce":"e763503a1e4610955b23844e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"b89fa192e0ad27bf28222f39c8943157c3354f32bbb7581cd73d3f2315057a5941871bc69898cd2232fe21d2f9","nonce":"e763503a1e4610955b23844f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"69adc80df631b84c362da2b4fecf6e806c89c900ad63a93660580103029a75b7c3223539e854ad5ff98b765993","nonce":"e763503a1e4610955b238448","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"f5bbd4a5ff8a9cd41ab747f6d8bbda03fcedaf8b8b99145e83a64249478c536a69d7123b166c1a69fa6888d8d9","nonce":"e763503a1e4610955b238449","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"b00126bd17fee024dabb4ef8078b554c14162421af6a449a8d6b343a8fa9dfda189f01fa592782abf5fbb38f38","nonce":"e763503a1e4610955b23844a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"5c9a6e23ceace5bb72b178d2fc541ecae4f4d0891f737e86e037d90a1d2e2976c8e7dc8f00de2b3cddec79a20e","nonce":"e763503a1e4610955b23844b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"c4bca50edbe3a80cbf6f00cf77e100f9f4c6340e6042d5bc7dda8adcfb87dd4b7799e10cd92ea55f08d50e7bcb","nonce":"e763503a1e4610955b238474","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"80e015d8ea010dbbba906bcab6b691f37abacbc7a1e12e45ebcba6d0200774548d4e9edee17e31329d25dfbdd3","nonce":"e763503a1e4610955b238475","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"609acb8baf810464d379cd62feda0dcdeb152fab2f934da34549401e340d747319583d85f8f57172c0e83cd11e","nonce":"e763503a1e4610955b238476","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"e7d7505e559b6f257d841abbc871609a57adb835e23f3084c7a0b912a3754d639281c85a66419211feb03de37e","nonce":"e763503a1e4610955b238477","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"b9663e2d53e5b4d67262d7f798b738936cfdc6a97004e4fe7ee1f53d53816a7f076bd9efe97e57ef777409a8de","nonce":"e763503a1e4610955b238470","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"527ecb0a72163c57a0714c73b54d6aebdae5ec9bfba795660c4761a73fda3c571cd5dc3fe60d826a40a1fd9772","nonce":"e763503a1e4610955b238471","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"2ea900de573647d5597ce16e42875e77469811de2ca2ab5c904a537cf40b606013aec4bb0ff489b65c07d7e3bc","nonce":"e763503a1e4610955b238472","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"a9d7cfd5e6675f3d63c3f0e1da8ea5dee69dc27949c16c50af58ce277e37f92410f05db1ac335bbe286cf72478","nonce":"e763503a1e4610955b238473","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"d96481ffafb3151a4a5c83ca65d9b2e1c461fdbd968b0bf85c29c315ee123d6d59dcf57abe6289e0fb00e60afb","nonce":"e763503a1e4610955b23847c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"f091aa36acf33c4082b10704f3dd1b5b6955c56667f0d391ba0f4e1e212e40b5f4635a0c6e4db6dcb02290056a","nonce":"e763503a1e4610955b23847d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"5131ef483c7a0de0702ad6705d4828c83ead63165c739bb8bf358e4a6193a799610077f1df272c837672589539","nonce":"e763503a1e4610955b23847e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"f845f0a29921c8169473c31d46718d20319a03db88813485463de35489a05c9290367b4d9957f40fce48a4e57c","nonce":"e763503a1e4610955b23847f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"c54a7072eb5579365357a2786101504894715df273f535381155767d4756e222fc1ba16bf0f86b44f2aa760daa","nonce":"e763503a1e4610955b238478","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"37206bb68a6f3e4816e7d075bf9848a059613f11177f5620b008328b96e925bd9fa37da5d9a8c5e8a786fe2a6c","nonce":"e763503a1e4610955b238479","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"5a0abc8b402ae21c680b03526fb7afd30872fc797e8364686fc77c064ce691b4466a0d1c705edc2291072acbac","nonce":"e763503a1e4610955b23847a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"d7283a3fcbcc5ba523c8431b93810e58ced6683b525ebcf0cb75bf7ca3808a9c792f56e3762207a4ae9a0b6c4b","nonce":"e763503a1e4610955b23847b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"be13a644be77cf712b10a11fc1259c8a7766308acd8358920b9571cc6c33ab69459b7ba4c94a338e7938431361","nonce":"e763503a1e4610955b238464","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"298c6d79299b5caff5fa453f54483965925132ebdc9d725498ab727388778396480821e2486036578a7c4ef2a3","nonce":"e763503a1e4610955b238465","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"0d428088843ca2a02479ab33bff03dd473708e930d97ebdcdcb1566365225e3fbcc0a1dc5b2c9736180e63a99d","nonce":"e763503a1e4610955b238466","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"7d31324ddb6d705dca582499bf4b0b29557e269e40ca06507da9af9cbde0ac8aba0eebc0d1c79e7b596d190b10","nonce":"e763503a1e4610955b238467","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"daf099568ba791594f035c5aca0a3611c4e1fc8b04f84c8d218a035a4bee12a7b6819850d1cfce627093fd94b1","nonce":"e763503a1e4610955b238460","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"8a3c21271a003f075b53e8982f91245f026969f08c790c63bc766d97e85c050dd75acebaff3474bb00a344edc4","nonce":"e763503a1e4610955b238461","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"7028fe40541fad51e21453c821c6a8f5f5909be4283922acd806b18f157f03bcd6bfcd87dc1d0882e1ae68f7fb","nonce":"e763503a1e4610955b238462","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"ab6023181b81732dffab5d2ccf2595a529d18fe6fc643f3eb99cd82ccbbf13f0387375dae6e9d31c1788f6fd9d","nonce":"e763503a1e4610955b238463","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"4ad7fbcd53758bc425103f28958a6bf131342005e6e876c70ecc13b7e351edeedb3c6732c10276cb71b569cf8d","nonce":"e763503a1e4610955b23846c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"97eae1e9f8acf099c010cc5736a2837873d687e79683b7e37464c292ce32ab117ab2fc0c3dfa519712914879f9","nonce":"e763503a1e4610955b23846d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"de8fba02884352cd6b3806619443e07b4faa2c36ed73cc44cad093923ba1dce6e8e438d56fa702b0ebcaa04680","nonce":"e763503a1e4610955b23846e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"e18e2708369c46e5a2d014e623a5efad70f3732ae3caaa7a27a1a8ccdd8fe504f82bd41c54e9a08828d12a275b","nonce":"e763503a1e4610955b23846f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"14baf8803e9390094f06e765a1a6ecae9e12f1da21bf30203aaeaa5e9b7ce1faf52c09c3ad40a2c8cd362a893a","nonce":"e763503a1e4610955b238468","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"00b0cb30aefae3f2642a5eaab6722f53b009f11b5bdffac2dd3e16dd4dc40754e8a9dc5a33621984777d90e833","nonce":"e763503a1e4610955b238469","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"07dcca3a09a88dbfd8ba81daedbceb0a0f0eecf7f6f2811a26e509d07b9d5c71c502b44ef0dbbac9d905139110","nonce":"e763503a1e4610955b23846a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"749c5bd345e372b75a03572d19e76c8e2005cb2cc8f66cad82698f7c39df08e93163a0dc5097f138025e0f23ae","nonce":"e763503a1e4610955b23846b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"0a8f3c7dc12b7e56d9b9ebfc33cbbff8f1c7407b10eb040401956ec4af1e0f4d7e15477f6bfac4ac9bf39a18a4","nonce":"e763503a1e4610955b238494","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"9defa0405ad9bf922859c7edeafbbb656b77c3726826413de72901a9ee94970d3c5046de9b3b17446d68667c8b","nonce":"e763503a1e4610955b238495","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"cd836eb90a47422a86ebdce32fe58c4cb14b5954e47fbe2b47200af027f79babf26168a144a3bb974bc7edd057","nonce":"e763503a1e4610955b238496","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"92492757d79e7eb44365056139805f10002214ca459d920ded866b3ee11a1977d3f94451eb7e6ba944964fe204","nonce":"e763503a1e4610955b238497","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"ceea7ec3dec3d377d333a55efe36bed6fefbb58b55b85569f6acc16f48209ebe30dab37f0e287e690687ca2e5e","nonce":"e763503a1e4610955b238490","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"efcbf84e302503d1e4d9635d419d3759e34e8c4672aabfe6d876687f4fc7465d23279052cf93b29e8e7916f95a","nonce":"e763503a1e4610955b238491","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"4f69415a4e7043029fb4973a98edbedfea490c6e5ddec1965e75eabc7a60fe2b719a53b4a58fd1a5290818942b","nonce":"e763503a1e4610955b238492","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"04b28ec4703940788cefa387b76db0e9222b0921c0113816759b5aa52a4df2bee313d7e60d661de32603ce6259","nonce":"e763503a1e4610955b238493","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"3bf8417269614452a7892a75360c189173a16ab6de6e216b2d077c4aa64050ce31da1d5325765c2af5d6b4eece","nonce":"e763503a1e4610955b23849c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"158ec5b121abac04df2d1e88eb0752958e6a51e6548e409ae72651d650294cb0d9758b169989d8c56f7c87545b","nonce":"e763503a1e4610955b23849d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"732106663170f68f3669e52b65eb4d4a6dbbd5ae18a77a281ba25bfcc673b2cb8b8d01319729a38fa2fd923970","nonce":"e763503a1e4610955b23849e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"50e0344f60f8f4d537a1a4e182946dbfe7bb3bd88d16fa85fbc2dc1247540225f50884e948f486e62017d58f27","nonce":"e763503a1e4610955b23849f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"04834a4e2fef658f6d37395b02256a41c48a608aa0a983ae45cbef51d77e272c5989b526620b6b8f05855a3901","nonce":"e763503a1e4610955b238498","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"bd7218556994e0997d9f9105adc3f266c9969abcfd2893a13f6c8f3298e9adaa7b008ee1ef24c11713a68172a8","nonce":"e763503a1e4610955b238499","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"539473eccb4be3665b5f2d0f94f66ed11796cafa4591c7cdb866cd904f979f44bfbb2d010f721d7eb41eee15ff","nonce":"e763503a1e4610955b23849a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"caa9a12dded44cd3273fd145d6d33368f3184e096ddebb4b6a2fee2e012fded0a37581c9ddbb652bb484785c2a","nonce":"e763503a1e4610955b23849b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"bcb81f0d7f845f15ba9b6545ba5c0f6760038ddd2edd935c347e873955cb322aead50c6792819883bbdf1a6169","nonce":"e763503a1e4610955b238484","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"e92060de4fdd1cb4641a901ec74f2055c5469b35a55c736c685346f72f3052c426127920e726fe5b6c0afef93e","nonce":"e763503a1e4610955b238485","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"0575c63b8607606c80f39bba4a51c034445b20eab14dc24fa9307949e6ea5a3403a9b4562c75fe77d14d82dbe9","nonce":"e763503a1e4610955b238486","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"9bf8ababfd92e68e8fbe87643e62f39125db583aa7f2684f4c51bf2158891dbc6afedb536b46ba72dfd2c831d6","nonce":"e763503a1e4610955b238487","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"acabe70285897ce2b96158669f25b5abd19e942185a619e7211a697c1da1235e500a4092469c5d157e17be4837","nonce":"e763503a1e4610955b238480","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"b21e54d1e99663a2186cae8e3bf7e12231ebb7ab7bb02d937eedec2a6632b19a79a8c7320ab913e4532fdc9003","nonce":"e763503a1e4610955b238481","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"c193792619882c937cd2d95d961d549dcac25e5160c5d39b620e6d9aabbeccdb2fadfc02dca29ce2841a653c4b","nonce":"e763503a1e4610955b238482","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"35ad1ac73ebb8b6a8666bc5d90c9681d2c5395ec26c4128222154ca363f04bd77d7595e2bbf2b1b85f125bf938","nonce":"e763503a1e4610955b238483","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"f0bd02483f129397167a94e95b5f8bda98590847c213291a4eec630f7dba625a709953f7fe9306de1d04bfcda2","nonce":"e763503a1e4610955b23848c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"17a0df965ffdb0dd500c88e44db1f42c0ae338c5d58dbc1ec3cc9e37d0ed75cb525ae203524e6be60e8fb7d363","nonce":"e763503a1e4610955b23848d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"9edacd75476f5dcdeeaef63663f650f0b0d4c3f81222dcebdd4a3442bdcb0ae6cf61d2f221f81d3a03155593a2","nonce":"e763503a1e4610955b23848e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"cabca8f48c0e3f2baddbe502abdf03dc6ff3310bac1eaba1cef6f57a5031f8a04702782e812c178f82c4acbc83","nonce":"e763503a1e4610955b23848f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"5adacb4fd2259d2b64e866088ffbe8e5e3eec70a3e5466b470767c5a3ca14ecdfcaee95de70c325dd30381d76b","nonce":"e763503a1e4610955b238488","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"6d9a52cd8f1c8cd31bf511948802a1a1afa2b858768023f2ada604c1041086bdbbc3c19a7c08c54a8de7b0844b","nonce":"e763503a1e4610955b238489","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"977669ee47073f6a0fde0b07715c21d7b32559d34455fb1bee40a03c2f74481aecd9b044a05b77a48f769a09d8","nonce":"e763503a1e4610955b23848a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"1a94405f58c5225e578cb402e8df592d36ed694d130e461a5f0e4ff24dd708f851650a360c2964b2fc2a24a32a","nonce":"e763503a1e4610955b23848b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"4b223f6cb545954cfaa1f045fd6bab239105583e1945642a6c11ef86592be6e6a95d37a0d50e8af080a3582374","nonce":"e763503a1e4610955b2384b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"bbb97149363bf551ec7c8ecc1bd5afbb72c2447de5b77f12583c936b883ad60b6d0fa3b1ebd3330fb03ab12387","nonce":"e763503a1e4610955b2384b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"fafd570834c3d4a1eeba92525cf0d69802f7cda192a1ec98b403cb85847e6e72297970bd59c26f97f6a31d14ae","nonce":"e763503a1e4610955b2384b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"508b67bdaafdc241a51e2cff3d16eae06dcea9a368be78a9799b82118b8eac55ebf6f586ba2f04fe74b16d961d","nonce":"e763503a1e4610955b2384b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"c819dd62ff6abe2f50d331ff1156052ab7ae0eae9c81dc0a960f9923325eb63a728cde8e8b892fa27327486a51","nonce":"e763503a1e4610955b2384b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"92919195e4daacb6bccb2628b76be12edaae0927fe09b93cb2fc34b4828b610e6cbc279a203b53e01fb2aceab2","nonce":"e763503a1e4610955b2384b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"7bce843cf234fabf02dce63a3c6ba00665c8a2338d4eeab62b65f6defa7caea5badbf17f79e58bfe6e0bb505c6","nonce":"e763503a1e4610955b2384b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"5d79563602dcb09b3a46ac5363ab6abf33a7d07f2525e33141e176c60d9f5d89d9b15f3df901f00f14fd567f36","nonce":"e763503a1e4610955b2384b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"68f474a027557f3415c9cea60b045071ada0ff29ac3f2a8f8a133ed30be98d4da967aec1191c04d369ed338029","nonce":"e763503a1e4610955b2384bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"a27cd04b875cc7f45dad71cb692d5ff26fcd2fbce595b8f30d3a1a572d79b3ecae9efc20c30ab9433dbe9d3297","nonce":"e763503a1e4610955b2384bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"29a4862e062dc1d7ccfa2f1c98460f51124da952b407531c426e8f3ca5ec798bf4a696473bd32b2bcc3d5de48d","nonce":"e763503a1e4610955b2384be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"6f29ac766475bf45c3ec1e4fabf1ab29c59e87ebe9843ae830037e45e44563d8784268f1204184d171df307f65","nonce":"e763503a1e4610955b2384bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"81185408ad4403269c9ea1019c16721c8e5495c0ddfdfdc1c33dba145027cbbd7620ecc61082026a0e51da5585","nonce":"e763503a1e4610955b2384b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"68b438947897ba8ec128e1daaf6eb3db0d85f2ab04e066d4a6c5ef988cc41b4fd732327d37d6b8bd445de6fa44","nonce":"e763503a1e4610955b2384b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"5be1dc68f64502c1477d67b11d4c124be729733e10c702ba9f21b0f9d69ce68c57159644ffc2f33c90963cc901","nonce":"e763503a1e4610955b2384ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"4fee8db83a9202e30f597c1e70a0d505766f42755f6c2cf0bcc63c3102e8529e83d1a25aff32aa254a8ffc2c3a","nonce":"e763503a1e4610955b2384bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"93257a0086b08203b216d9ee5af485adccbe910f65466e112f24b4c34b3882ad2b06a37fe2e18713ee82737b1b","nonce":"e763503a1e4610955b2384a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"3e64c2e3d04ad17bece524485af246f5f01edd1453e59306ea9978c196df64fbd9469667006e5019b2f2ff2ca5","nonce":"e763503a1e4610955b2384a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"2910d60da46abd2045b0ad058714443d3b05184c560c33a48e5eea8f0bff0ebc9f0c789cd7a5afeac4cdf009ee","nonce":"e763503a1e4610955b2384a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"9df75ad8c60b915566b52b9dc60075fd44d1b4c3eae99b4f783b84b2e934c16c77bff5775eef1bb0f280ce7686","nonce":"e763503a1e4610955b2384a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"48eb53381243bfa49355687b9edc4b0cb82f646ad530863528c554af47d54dcedb924ae6002762ee9f5bbc8bc8","nonce":"e763503a1e4610955b2384a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"66f4d53b63502e3c35739b2a96df51e371a42a3ac150489165f5f10ea954fb18c76edd10bd4b27abf02659ab5c","nonce":"e763503a1e4610955b2384a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"db841a6bf1007b122414efa8793b9da7b6ec9e3b2b9266eb6738b53c5243e5c8d1617222bee0e6fd8d90f46789","nonce":"e763503a1e4610955b2384a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"4d1368048316047082fe8c07811944f7cb007e82594117dd6f018d80965ea642e868a05195dec6cee8ce5baf14","nonce":"e763503a1e4610955b2384a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"c5fd4c7eab7ee292edef18a9e9b22b31ddccc2ff6b7b283d809f56d847280f0c8e284e4d3e75a3e5b223bac2cd","nonce":"e763503a1e4610955b2384ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"733de7747753097f62b64c0129ca03f12826f802f7f6b22e7f2cb255f9e021fb5292a95e2850ff2d6ddef7e7c1","nonce":"e763503a1e4610955b2384ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"b9032caa1189171c4fd75cb9c77db057e804b053753813b010bf4886821ef8dd073bdb48e67e2bdd4e8526e150","nonce":"e763503a1e4610955b2384ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"2a4c4ec0a8b7562c9cac42823fe23bec7c33862e7b229651b861ba2185b177f43eabc899db396dedc8da55341e","nonce":"e763503a1e4610955b2384af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"96e027623868a0e115d4dadddcb886b05314fa9aaec4ab2aaba8d73b4176879ca7885642cdff5ae3f0a11c27f0","nonce":"e763503a1e4610955b2384a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"615ceaf1dad98c470ff7fb58e7790c05450b4e42625d7a0e670fb97726943a7b183089f6d422bc52c808c1771d","nonce":"e763503a1e4610955b2384a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"a58a5858fc16e5b2548494e15ae7c262471ee43cde143e219d6948fc44d5d09ca70e8aa5c7ce30bfed2f4dfc4b","nonce":"e763503a1e4610955b2384aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"13b5918670dc8c62f59db0c9a38bc98f3fd102cf05448d7f3dd51e9aa1801a2ec4fd5be4091a0cb0cd0ce02b3f","nonce":"e763503a1e4610955b2384ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"0d744e18b9d4525b311ba0355071972b224c9a09ecc5b9dee3b3b235e7b08a8e7845a3bbe4efcd6b2732ee7aed","nonce":"e763503a1e4610955b2384d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"c97099e87e4729cff6882ffc7c88dbc47b9690a36b42e44e425bd56fb1f2e10a55f81f1ca4e4e5cf43a4eb2b77","nonce":"e763503a1e4610955b2384d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"be3b492a54dca472c501afd1f862279f03f9d52bac6217477f97408a5ac76125a9d422ea6b2a2fb30615bf52a3","nonce":"e763503a1e4610955b2384d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"58e2fe85497851ffd453f77c4053307c5b316b647b23a78a969abb728640ac9eaec8d57c9d64ed84358fb8093e","nonce":"e763503a1e4610955b2384d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"73fa17baf2960a37b836b31c6b5adc2e7e834109c140ca324c4d2112a847f6f4ed6d0a46f1fc462b458bfbfb0b","nonce":"e763503a1e4610955b2384d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"68093c8c53588173405052fb27a864fd0ece31132c343c09159c9d83c93fd13bff71b7782cabc06c0324c33601","nonce":"e763503a1e4610955b2384d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"d1ab8f73aecda1630ab89684d103d18a538caba3cdbe25fe5b56ab0e44cc87fc6cd57897da075d196abcaf8b14","nonce":"e763503a1e4610955b2384d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"cfddf68a28d25786bbb04fb8c94c8944244ea0c2105331ae68d0ee6eaa47d8a6ba9958d8b71f2caf683969e414","nonce":"e763503a1e4610955b2384d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"9ab1378584f064b14d01f28a2cb020659bad900f5e6dabfbc527ab65b0dc2dddaf76eb9708b22cfa94f4345832","nonce":"e763503a1e4610955b2384dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"d29f631052912b2fd160f532e1944b9aafa4607de140ae280ea34b4252d34ad888d4a698379fe7ca5e8db0103e","nonce":"e763503a1e4610955b2384dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"a4e8caf254fba3f8dc7561bd83b760912909e88852d31fce1c9bd069bf64094c8925b3364ec38b4c918e43b85a","nonce":"e763503a1e4610955b2384de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"3ee66164daaf50920abb6c15275f5f9a331d8aac0b625774b2e3bd7c0e701df470fc8a04f8004233bdcb117ec3","nonce":"e763503a1e4610955b2384df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"379b9f42a24caf5717bac3744b19ef76955d4f088694126314911d7b6c9df74ec6e5f8b1c64d3e535cc8c3695d","nonce":"e763503a1e4610955b2384d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"9b4f3624a2dde8baaa71cbb1b87b22d6813c0204401a950a43530ef339df66b5eb6d81db013dee120530dedb40","nonce":"e763503a1e4610955b2384d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"20fe2c7acfd5c1edb3e74e6f68799ad5951eca17f7b8fd8cb8bc3c8d27f9f31d89941e0566ab7b6bd79969877b","nonce":"e763503a1e4610955b2384da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"8024bfdffd824b3cf8ffbe65766415ad040b2f8d84d643c2d05a47f794c9cfc627e7d0140e1ad314379d15bb8d","nonce":"e763503a1e4610955b2384db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"e2dd058f5188a307b66e6d1dfb0ca2da4c4e0aaf1829ec298b59bb15469883b3f0804f44987e1dd7b0462f3314","nonce":"e763503a1e4610955b2384c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"1d6526cc1850e95b74663def8a4535944218a1bb76330847c4effaee1b10e69edd6278165482ece1e748c143be","nonce":"e763503a1e4610955b2384c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"745695693f877796461a21d0519a1d9fc5e606d567dd9ecebe5dd0d2183cc2da28496e1f3a64b0cb7ddf423b02","nonce":"e763503a1e4610955b2384c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"d53e3d1e5eac65947609b5c08362c1dec51a52ed7ddeb89059e822123e9adb075133548db4e514834416a22a48","nonce":"e763503a1e4610955b2384c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"6c4348163179dc8e58fa8ccc3901cc4cd0f696645e70695431ac172d6bb27778cff8d58c0664a4dff8fa440a91","nonce":"e763503a1e4610955b2384c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"c53e578d28482ba30e46cbba44e3009f66bfab4adb418b7fc90c54ebf340a4afa61f30ada0085a1f139abeae43","nonce":"e763503a1e4610955b2384c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"abbe62bee1bfa73ef83e2039c4e3edf47347cfa9522daab60d78f20b9c3c32136bec9f69cbfaef636543f3a880","nonce":"e763503a1e4610955b2384c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"b05d49eba7805a3e873d7b5dfe6ee7b492ba7b53f6c3942d3cdb668393272c571a6ba9bb717ed109dc13e93e37","nonce":"e763503a1e4610955b2384c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"61909cb7b2503bb97096293558d9f9beab9a16a6f8ed056970c126b12d1a16b7fbf3b0c5cc399a4d3b81a57e19","nonce":"e763503a1e4610955b2384cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"d0c1a78859876338e0aadaa972b177afa22e93a20a61429dc988877d44788af579243008f4b0adcec56a8f4913","nonce":"e763503a1e4610955b2384cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"9157f5b6b36b7ad6e09d62d9f9ff8ac0cca9a6fb45a5232df6323efb8d275e894b24a9fe65a7e20b10ed2475a2","nonce":"e763503a1e4610955b2384ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"efcc83fd5a5444e0275aa5afe14404a07927d52090ffc992af8f934e07d6705fd324ca59be07ef7fc7c6d727d4","nonce":"e763503a1e4610955b2384cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"126306891e2bcd9475b374f31aeb6ab1bbb1ed8c9e4e528219b39ef87e4c66fd94190b619e6422ba8fca2102eb","nonce":"e763503a1e4610955b2384c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"75c07e6318b263289836f50e6e0bc9f08bb2491b4523cd34ee596e1d4fee85bfac0b369b2515a12561c78504dc","nonce":"e763503a1e4610955b2384c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"ac68a2205315d113d2907386610958f8a0ea2d5ff8f8d6733109e06d562ebb093667172eb21788f4c4df4362ae","nonce":"e763503a1e4610955b2384ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"ef2c9133d89743cf205a24256a9af5eee4c12490e3fe6a51f52261d72772864f2b88767282635aecc55ef26d10","nonce":"e763503a1e4610955b2384cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"9272903019f3cf1f696712ae715ce11bba880863f91f0fc8be685a9c0d9b9a76f7bdc50c38fe675548bfe5df21","nonce":"e763503a1e4610955b2384f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"731aa841121b79ef82aef66854a783b87a8c40816905e9ae069e1db86a6e279b73629826c060a1f85317705656","nonce":"e763503a1e4610955b2384f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"6b738141577722fc5f1b781f329640dc5c49ceea0367691949a2cb69382e2ed668f499073b40340a283e87df68","nonce":"e763503a1e4610955b2384f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"38228ecd31c53801794fef8de77e8aa0ffdb5f525c5e58096b1553d3d1e897e71e661e58fcc334ee3d738ae8ad","nonce":"e763503a1e4610955b2384f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"a0a40f65a882b8855e65e0ea389d51dcf99fb5e87086ce422b1d069e8a21da3f737a4fa30a670d8a7e6da08999","nonce":"e763503a1e4610955b2384f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"0d04fd7a68c54b478a664f0fb78ec024414c99d1415ee6bea4eafedf8b74c2d8b220572be9924b2370e7ff26c4","nonce":"e763503a1e4610955b2384f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"cd1cb5a5cb9719eb6992bbc8ecd5781c81dc110d7331bf3dad8cbc36afd1002cd3fea34a4063bbeaaf807e6ff0","nonce":"e763503a1e4610955b2384f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"d388bbe789be5e1d968cbf92642a7852b93f595ed8df93ee5bb4390de799e577f3ac73a3203af232625c2df5b3","nonce":"e763503a1e4610955b2384f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"dfdca85fb009ce6a990411b0342576aff9282f8687b6b91b2dcbfcbe1f8f512bf7b78a85ef77ef834874d00433","nonce":"e763503a1e4610955b2384fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"4b55bfdf8d023384b0aae0b442baf0981c250785eb24332c8838ee8b5f4c56377fea74520c66d0daa32549a0a7","nonce":"e763503a1e4610955b2384fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"4c7a42b62b7e038260927e6eec0b58b94ead5361266a69cf59599ee155fb5a2abd334864b40c0224d08006e5be","nonce":"e763503a1e4610955b2384fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"67f0b673877d2c7668d72eff99de99c94818c62d415e4205fce764768dd5809c86091213d4da3123561f28bf3d","nonce":"e763503a1e4610955b2384ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"1362444a1aca7f515d016e4f594abb1614aed49721708e01ae045e6603f5df4924023a79555e3bb387f167d220","nonce":"e763503a1e4610955b2384f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"2ae835c8e3bcc5f6535e1ba92cfb4c068094b776948a0d57e37d80ae10416044d806c8a0c320675424a7e2e3eb","nonce":"e763503a1e4610955b2384f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"151d5a210d28b7a3f7cf75abeab1246cf3dd829b129d3db3916c5ce87e01478e316d63382f6e0d7033290a34e2","nonce":"e763503a1e4610955b2384fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"37991fcec39cb03054e2dcd8c6bdfe5a5acfd289c36684cb5d7c076c881885ad3e5a521a11a9f7d2eabf42536b","nonce":"e763503a1e4610955b2384fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"d6b4c88bfe0ef887b3f461b27d592f647e6f3af9b5ca7e2245c7556ecdb05ff2b08ac0c674ddbb8d194e7b6dd8","nonce":"e763503a1e4610955b2384e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"4b3a1eefeaab6c845bdef3a7cd94a6a332f7c6ae080877e1a6bc279027ae9782528105e47fe4ab38aa7a2c5ff5","nonce":"e763503a1e4610955b2384e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"a18488570158832f0dc33c9b00fb2404e70943177a24f8412b9705d79603228e1ed545798e4fa77e110edd127d","nonce":"e763503a1e4610955b2384e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"2d27ba12bab58cd2ac35858e41bf2e1f953a608662802efe9055402cc08b9e0e071288ef5dd4e69d9a202f4ed2","nonce":"e763503a1e4610955b2384e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"41e29ffad4ce8c206271523eb91f4fb29e4a8e38d2aa6b93851fb9448ebcf1b5f1f50b38676cd5dd141b146fcc","nonce":"e763503a1e4610955b2384e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"6121434894f84740f43db6dcc3d27673bfde345d255883ef44c67f689896bc45e37fd2c8760f9b65df8bbb6ae7","nonce":"e763503a1e4610955b2384e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"91fb89d0a5a026b70d9fbe1b562561e40ad543daa62dc010e3c46e4674511c2cffa3feffe7242eb1e13cb2bfd3","nonce":"e763503a1e4610955b2384e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"014371fddce4553aa55045271e9a9bba9e8648c8b5932e3fdafa8038ac76d3816d41fa2be5f7e915cdadbf6525","nonce":"e763503a1e4610955b2384e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"6869f00f34d22cc0e338903a1a0b4a55dc5b80aa1be98e6b6da1d4401c80fc81595d5c08cee82953878be2f821","nonce":"e763503a1e4610955b2384ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"f29fa149ca35172a56902ae5f4d9bba190bc7be97f84fcf907578750a598814718275bd3ce48831da24a451ccb","nonce":"e763503a1e4610955b2384ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"91da0da63f344fb2919560d4f66cfa8a01c119053894fa8fa3b4d158ae40aeb95dd16270c71b7c400ce540b2a9","nonce":"e763503a1e4610955b2384ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"aaf422993ff6ea418882cac9a93d9eb1eeb0cdca5b01beaec37e094f742b048749a8cb3f53e1cc6284cf7dc066","nonce":"e763503a1e4610955b2384ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"089a04bc6e21e7c15465a633ec88d70af9b27192e084b85d8abf564c9bdae3291bb9a54def89eb45bb9f9bbfe8","nonce":"e763503a1e4610955b2384e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"72e0ead6c138c1e275160ad793b5287cc10f0424da2654de5343f0f3f322b9e1779a61ecbfbd9679096e9b3969","nonce":"e763503a1e4610955b2384e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"d54c7eda977a171abdf2b98b38ded352e2f04ac6e995441da20be13a2d8f1f7c6813f9885c5239f31e95b73137","nonce":"e763503a1e4610955b2384ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"ce2ff1c01d6acb444ec47141d5b26e169b6769d84612429dfeec6667f2c2c5a7befbb1768443f73710e794c600","nonce":"e763503a1e4610955b2384eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"05b5e4edd5dc07247b19e83b4d109bd755c20d47c35fb1134f375a066e6520baa8ce4e383dfbf6821acc0f544d","nonce":"e763503a1e4610955b238514","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"37d633b43ec52edf256b769114701b6152f8d922536a115d680ed9cd58d2292f"},{"exporter_context":"00","L":32,"exported_value":"ad83c91132fad6c70e5d8ab2ee6de38758a1c740cb6d69baac5f55b1d6713ca6"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"baa58363eb069726ac344933a11b0bd82292c89a1f5ef75b393176886cf379dd"}]},{"mode":3,"kem_id":33,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"e0c80e89442ea1bb8d19d98baa6daf1e49ebeba73f293b916857a99a29ceeab0a33f5c37aa6ca859486394dadb613f057208bf9646909d7c","ikmS":"78aba87f0e1995b1dee80b7e125e955c10abca7e9ab3a958e3a640a32d6fc22d4a8a69f702da8def817c1d9a931b0f441f6f3d577528bdae","ikmE":"a6235e664b75eabf4bb1b94cbe9c68e40e3a4c289ad1d2304487a2e064538b91a7b2c87cfb71746b4837f61b284a268ba5a639f70abff8cc","skRm":"42de52528e201c54e957bc3450483b746c823c5611dca14e72d10c15becd26c857809572de29fd62f85ab2b7be58c1fd0b3e2b71edfeb80a","skSm":"7705fe76fb3db2fb7dc6234aceaabc6156997a4e6bace550c60942d7917b4df5d4965b0c4b6fa1b1b764e63dd1a9774e00887ef4e78b5d7f","skEm":"9d600d585e200b8c23becd299ec8b7d27bcf5e9afb5e73abd3d9718e730af9260f7ab94e2badc10e1b6f2592232a9a6edc19fa26e75d4867","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"c7ee35fad5e4f037be232a42ae3fed719cabed1821a36bdbca6c0744666b8c89107f6a45f446a03e03673ba794d277ce853cf611fcbaaee6","pkSm":"c8624a594b38255672d0a64da532e19c690f8ac596a8691b702922f4b35b4132b3fe737f0db787ca5400b85f8a439f9b4147d9f8c395fecc","pkEm":"ed3d98b01f655e7b018dc5d5e4db776eb586e2f32b17e89cec73ddbe17992b76ec7727e2df9236045e91d54e4778bf43881747d9516028e0","enc":"ed3d98b01f655e7b018dc5d5e4db776eb586e2f32b17e89cec73ddbe17992b76ec7727e2df9236045e91d54e4778bf43881747d9516028e0","shared_secret":"28da730fef73b72d4b1317b2a111107a4a8644ecdae50c9cc9bafd733f8b68a6043b4730756c374ce324e314eb3f5be82dbaa773cf9423242295cfa77c89d79c","key_schedule_context":"030a7c8b9e324bd689cfa3b72dd78f6b347be3666df100fede193d2d7564373b5859fdea4160c82285f4d0f8e5c644ae33714a93e91c2c82a980a152a8ad127ada94b5b0e6ed9749cf5a584367aeee9665bfdcc13ea89374b725e4d30a351bbcc95bc70b4c35cc84a53ffd1e1877059f35f9f9c98ae168ad89a3a7087d7e88b855","secret":"cbf678e017b8062cde579e6eea1ff76d52c695d78504055a02b06b7c864c1b57df741fa93d1f47a134e5d6fd5f625a611e35d0ed04a0a6a69af653cc34b6ea7d","key":"38dbb92d983980b56701a447e5fa57cb2bce46802fd37d36b832f8b6040c921c","base_nonce":"cbdbb5c8aa3799f442ee9e39","exporter_secret":"8abfee6d498f464a2e9857ad9fa23b9bb10851a98e6a7bb4b92a3562786cee90aff55722b677cf9baeeee516e92be25d2b0e0b0e4727381c4aaa867e2106d65f","encryptions":[{"aad":"436f756e742d30","ct":"d4780fa0c76e5becfeeff3edd769c495a546eb1c38632912d24a1a18c749943bdecd03a4d5d30ea8fc78d1987e","nonce":"cbdbb5c8aa3799f442ee9e39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"bdb2ce8ed6f8d424420f3dce4f80c413f2558b0f99fc0f50d5b26dd5944255ecf1a166e52fcea804bd62a503c1","nonce":"cbdbb5c8aa3799f442ee9e38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"f595e441411be1da90ade05013171548b88b3d69ab2db7ce6fe6473e6c2aed7e41b30fd4301eb434894566d42d","nonce":"cbdbb5c8aa3799f442ee9e3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"b8370749948cb1bb4747c20b765378b135ceed2c2ed547d7bc9097781836cea0149c1c9edb09b541afc100d553","nonce":"cbdbb5c8aa3799f442ee9e3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"082136a5d61f9e8a45933da09ff5545c76196441ffc74bf1979d67d009edfb99af3164badad5e4487515f25250","nonce":"cbdbb5c8aa3799f442ee9e3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"f67c7c28f69840ad8877b7aff2cf98c5906ac70ad27ec1710e37bd88cbde7919672583633011f3475c2a016322","nonce":"cbdbb5c8aa3799f442ee9e3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"32f291e9a890647f1008674662fc5c44822a1e31e9f934509d271af87984f9ef98c6f015356a3bd991216ce123","nonce":"cbdbb5c8aa3799f442ee9e3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"5908c63d1c587c202c38f0cbb202a9cb8d50585d4897d7009b45e3edbd904666b43ad58664ed0504234b80e4f9","nonce":"cbdbb5c8aa3799f442ee9e3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"6236b0def0275972fca4d67010b8ff509c9c166110a0679c9291cf3d75a8979c9efefd3e2202dffa0258d1813b","nonce":"cbdbb5c8aa3799f442ee9e31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"adcb2887d03a3ab9b8400d8f8c817051f0ef955bcce3d6b127e60aec09d43edb6d3f6288f083cecaf044c2f527","nonce":"cbdbb5c8aa3799f442ee9e30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"d7b6970c7b25a5d463c752c188ee43c5ce014505e7536b4dfb82808afbea95ab93cdbe95c3949c71f9ca06e88a","nonce":"cbdbb5c8aa3799f442ee9e33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"c5f508822d02fbf11d0085e5f615ed0b3e36c91fe2a9ce750f64b1372f3dfd1cfc8ba7c2428d8bb1aa7fa4b6dc","nonce":"cbdbb5c8aa3799f442ee9e32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"bdfaacf3e56e12c5b5b47c377db48aef65df60902e120a32d39688b044987723c712ff8393767c874c6074d624","nonce":"cbdbb5c8aa3799f442ee9e35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"3ef373c514638a2d0a31c38d1e91d93f8759507c4574181afebe2e156b73ae9608f00ce7a7843002648f982779","nonce":"cbdbb5c8aa3799f442ee9e34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"d5ff4dd9fea07c0fc78d14a5c85c624468cbbe19ca2b723c3a2599312e106afd8fe0ea5a84fc101a49eeaa8b5a","nonce":"cbdbb5c8aa3799f442ee9e37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"901493f11687a7bbb7cd75f635e3fc02d4a631f450dde6a0c246bd4682da2cca342111cf2aa0902aded4df99f4","nonce":"cbdbb5c8aa3799f442ee9e36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"97c39b75efe76e2d6775dcdbcd91cabc5e2e927dfca6f43703e0eb7c5fd7e3dd3364512ee62c9307fabce8ef87","nonce":"cbdbb5c8aa3799f442ee9e29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"1814b779bac29abe5b53b67d171c73ff7468b834f322948e690abc8414e55b5d3af2fb4f2ae6f8631575e478fd","nonce":"cbdbb5c8aa3799f442ee9e28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"8470db661efaf4cffef5453a6d4412429914c6a58f907beba6ad6ef85cddb2c8861fb9cd302eb2bfbc313e146f","nonce":"cbdbb5c8aa3799f442ee9e2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"247da98b28d6a8964064a6aeaff3c399913573052cd47bade694bd855c62cbef63467692dc4564e4f565213a5b","nonce":"cbdbb5c8aa3799f442ee9e2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"660c5f429ed605c386cee2c4a38ceda03775dce55881d90d01231eec81c2d0b2d2a53331ef18b3e7303ec76afb","nonce":"cbdbb5c8aa3799f442ee9e2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"ae84ad3424af5085db9c3233f5d8e3ae0ffc7a37a8d4500224fe1d02f503da7f3a406ca75cf30a832eeb104e88","nonce":"cbdbb5c8aa3799f442ee9e2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"01fa5d2e03c219f2f4e2ef9f239c300b47de19c595f782c39e72c4ff17a028575242b4fab6740d8d13f3ddfff2","nonce":"cbdbb5c8aa3799f442ee9e2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"b573d94de8099215726d478584f18943df4ff25ae9ae8a3a4b107d646301453226deb98a3b7d7eb02b589e58b2","nonce":"cbdbb5c8aa3799f442ee9e2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"5b46061a8babd0a2376e194216535b1d5266dfad5706932976d96afa8851daa3bf989c5357360428e8ab606bf2","nonce":"cbdbb5c8aa3799f442ee9e21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"7f98a78c593738eddb9e0957c2d0ebf644d7711ea9217b974787fdcc8b12e0f60bd843eabba36229ef9265f8b0","nonce":"cbdbb5c8aa3799f442ee9e20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"95df47dc49a7fb3e5f1bbec4713a5e5b91d16df862a4c4311ba7dcb35f3072382f79fcdf0ad7d8295701af42c0","nonce":"cbdbb5c8aa3799f442ee9e23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"d83b9e0d97735e479120330c0d9bcef892b5b8036b91e291f21f4e1fe4cedb1476d8cc9b75e8675a57dad26407","nonce":"cbdbb5c8aa3799f442ee9e22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"9843aec31a94151c42efa497d4c601a633f4992ff46030689300a6ce93fd165a1a64a046a4d2a210b6f4cb5c5f","nonce":"cbdbb5c8aa3799f442ee9e25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"1838b6d25e8bc797717390e72c71bfdc7a3e0bfa268bc49cc0006224dc3c61a7798c68784f9ada0e8f6e79e058","nonce":"cbdbb5c8aa3799f442ee9e24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"91ee61731101fb3f7a28ebfe3e7d5c92ee34fd5fdddb1ae791e37862f5b6fedd8fbe7528dc6a943800b630b6d3","nonce":"cbdbb5c8aa3799f442ee9e27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"98b8b76e2d960701120b453b82383f9651c91fc754ae88bad0897e993ef462d0e427d3b4027a015a1332a902c4","nonce":"cbdbb5c8aa3799f442ee9e26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"52b480282a6a5d4e16b485f627e06177de8275c67b28ae9b55d42edb88f7f833ac0ad8694b7757407ddf67b7d6","nonce":"cbdbb5c8aa3799f442ee9e19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"2dfeb3a23d346598e2375fc4b7f982f16c24804548461e818daf3c800b2722a2c5de48b62902a93d73fc259c98","nonce":"cbdbb5c8aa3799f442ee9e18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"157faed1d2547808861d29dcf25dd828682558011475b6c6081463c8309d37cabdae822e5c25d47be94dd9d264","nonce":"cbdbb5c8aa3799f442ee9e1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"a2e520ce13c5567fa92a19f9d9a358987bc2c885797b5e1bcf905d001edf653558d03ce461ffafb2ac11d680b5","nonce":"cbdbb5c8aa3799f442ee9e1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"889549d7130cc4802ff955a405c1986e0b133067a9dacd5ece91a7b38380e544353b545b5ad55f3feab2b7eb17","nonce":"cbdbb5c8aa3799f442ee9e1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"ce231cc903c82d6723784c167a023ed277dd2e6bb7f50d6bb58de52be853fdaef08c11c1a8c0d2904524f03ba2","nonce":"cbdbb5c8aa3799f442ee9e1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"fce46f059ac4436800db6654c63c558551d956f6b73ddae9e9570a1801030ff318192e671214f7c96ef7727079","nonce":"cbdbb5c8aa3799f442ee9e1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"36a61fbc36a76a6cb490b4084c09fcbe28ae3c12adc5f244af3b9d0cc5a736b9779f3e93b2c8e76f6bb1132bbd","nonce":"cbdbb5c8aa3799f442ee9e1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"7d1e768b1a6a0713ffbca2bebf9172b8606d0a717616173952193d3dc68f9b3de1670cb52c9ae0c8b0daa577ec","nonce":"cbdbb5c8aa3799f442ee9e11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"1318a1bb58289e377e282f3751c8eb0a833dce4560fdd14d34547a673f866bfb9cc94f9cd050b77961a662ec1f","nonce":"cbdbb5c8aa3799f442ee9e10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"dc8bf8c5f593e56ec77896952b569031a25a720857905e8ba4bdacd836f4fd4abc61cca08ffe17fa7dc34055db","nonce":"cbdbb5c8aa3799f442ee9e13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"0df2325319b8265225dbf3a438afe7258ba2befedd976153e972c5354a26d26eb16dfad189ff5e8f960fd25ebb","nonce":"cbdbb5c8aa3799f442ee9e12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"b183e4cb0971e9185fa49a0c2b7b57df436a9086e75e9369e1874f561f3f72a3f43d012d2057bc5e194c197642","nonce":"cbdbb5c8aa3799f442ee9e15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"5c762e7984c5c298dfa5934a1892606917a9af3a671be2282e01f6e927103c9e247178646b5d52957886116160","nonce":"cbdbb5c8aa3799f442ee9e14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"900d25975757b21b63ed83185187235781b51f2e8fbec6591471acb0ef16aa557e2b84c7b7ff33fd82ba561db2","nonce":"cbdbb5c8aa3799f442ee9e17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"4fe44d2653146cea786a78f065695822cbe13350c611da8e248f79e2b6e5349cb7927dbb487f6dabbbdc7539cd","nonce":"cbdbb5c8aa3799f442ee9e16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"719260fb23363c461bd840477011b2636374b0186f96899f5750f44a67fb587fbf1846ea30dee1bec3a60e00e7","nonce":"cbdbb5c8aa3799f442ee9e09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"7871ace4eae6b6a1ad15d376bd676b1697d14b75ad5ab237abb20746e8653d35e50b564917ed2c8fac1559aebb","nonce":"cbdbb5c8aa3799f442ee9e08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"079959a7dce7d9a885e31e16a580b42d88a043a2a0241e761f8f3a0a304df3e0fd6ab691b388f708bedeb867a0","nonce":"cbdbb5c8aa3799f442ee9e0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"a3f3106d321486c8e9d292c7401b7f77eca5d798ac775a2a5f051a701f34e712c8a701deec64a7f327998dae09","nonce":"cbdbb5c8aa3799f442ee9e0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"9c51c29e6a7dbff72df8c3d9cd9c1dfd37971cf7d503c5f17beb9f2382534263c11c04b98af54d5caa897f5940","nonce":"cbdbb5c8aa3799f442ee9e0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"04d6177e3091d7579c482c6c8d56762e3ccc88315f3aeb9932e176a3fbbaa80397058fc6606af5cb8d211411f2","nonce":"cbdbb5c8aa3799f442ee9e0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"87152006c7bf2f7e7ee16580ba2aebebe18ae767be792f21acb7163bed8d8c2886947707b8e7674d0cb89cde2f","nonce":"cbdbb5c8aa3799f442ee9e0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"ca8961239d6d57e31d2cbce43d4cfee009974b09ffea7a8391c6539a795d7fa6eee76f14b7e6cbd6a652ad37bd","nonce":"cbdbb5c8aa3799f442ee9e0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"fe39539a2026cb948601c3c412a5dd0a35e1430ce2062d3560f61f4481053acfb18114942f63e88b1ad4083b68","nonce":"cbdbb5c8aa3799f442ee9e01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"f8f77a1fc60bdf35b8a58350c75e1b9dd725c211240fd00577c83264ff881022ea8bbc21abd638ae89db24b71b","nonce":"cbdbb5c8aa3799f442ee9e00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"c7ff2d91581914651d9101fdc0d0f053b120eb37dabea2eba59a45ec5e9524c3a85a730c78d2d582be136c04f4","nonce":"cbdbb5c8aa3799f442ee9e03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"bd175690f78cec47ae830df8ba16b797aae5f14b525d36593c48a1a552b0efd636cfbbd6c21a27a1c8b5834a82","nonce":"cbdbb5c8aa3799f442ee9e02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"4edc0fe6b603615a89b120559b80e58e06af02146097579ae164198cc0725a47b513beb6e7160dac022ab0eedb","nonce":"cbdbb5c8aa3799f442ee9e05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"3c152ec7f36a27f03484a7db829b08ec779c28f7963c5b9954feac62a8e24f5763b26fdb852be0a173e1c85d3f","nonce":"cbdbb5c8aa3799f442ee9e04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"7feb55c8ad3c51fc9b3f3ea9358eb7017cc712e151253d0ebada8e8a38c0ecb556d482f98477464c4c93b8a01a","nonce":"cbdbb5c8aa3799f442ee9e07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"dc78836d3cfbb94b8ca54976ed07d26b6dbe632a3a85be90114c943de6baeadcd8f3068449640787dea4ee0ce9","nonce":"cbdbb5c8aa3799f442ee9e06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"e1bf7151d84b100319b619a4ee5049aa2f44465026a1b98d466f1e935071b36e9cb6e7b6936d08b31763367f75","nonce":"cbdbb5c8aa3799f442ee9e79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"2fe499304a6e079575463a9555fd9e3af88b9358a663f2524093b8f69d1b7693784970df128fae224ba8bf2d3d","nonce":"cbdbb5c8aa3799f442ee9e78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"a10c71744ccc33ca1a697d7d4fc6e56d5abb9bef74428678fd087ba7ff4bd9dc961dc9dc6d180411123e86648e","nonce":"cbdbb5c8aa3799f442ee9e7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"1edae470455cec53ea0e2dcd7e92e5fc586891e4a409b9e75cd0514f7ed3242ef67ff42f72df7fd51f400c0463","nonce":"cbdbb5c8aa3799f442ee9e7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"2c69a3611c5d318724fb6d8dc907adfbe87d1ebd1df661d018da0899267e839f75e1292f854ea52a94efba7c87","nonce":"cbdbb5c8aa3799f442ee9e7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"a9576d1aa361dccd0aa2d22e7639a7f3fe57202a443b9d914bdd547a15d2b261cc9302279d2725221f4d3a3c27","nonce":"cbdbb5c8aa3799f442ee9e7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"c3634d63095646200e4082912f02d332f6e059f9e2654cbf556eec1e98436414c9e5484a682f0d04c1b8eb3712","nonce":"cbdbb5c8aa3799f442ee9e7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"d136eb5d7564790771c2a5ad1cec05b7bb648d6a9c798efedfc6a5497087294b94d8692131abfd7f0b3c76c99e","nonce":"cbdbb5c8aa3799f442ee9e7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"8d8ebd92116f3a4a761cac674171a6ebd45c7d6834c348ae98415dd299bf509755b26bd72acd99efd6f96afaef","nonce":"cbdbb5c8aa3799f442ee9e71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"33f01122554aadfbed471fa0e0078a39d09d50a57c3be73a0e20bbafd40436beb86d49b3fb93b909c75496815c","nonce":"cbdbb5c8aa3799f442ee9e70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"0619a7082710ee6420a49b8d78144a58667eb777730023ba569b793e7fd7ed7378905bed07dc5e018803b2233a","nonce":"cbdbb5c8aa3799f442ee9e73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"ee3c4bdc5b78702a8613771753342dc2789a640369d598ffb366871e077163d9bcf1cec5666840cdc1a01e8128","nonce":"cbdbb5c8aa3799f442ee9e72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"f657fb51b4bef8e73034e58c481d0f77fbf829c20564e68c79b4afcb0e28334a67b73054e0de0b06c0ae0aded7","nonce":"cbdbb5c8aa3799f442ee9e75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"61eafe34735f2fb90c9dd86eba83669c74d0c317cb05a3ea756f008b7330bb14b24fa252699e776a14a79c36a9","nonce":"cbdbb5c8aa3799f442ee9e74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"652b95e54d5d238b96f73c233abb8bfa206f4ac54b08e5e3c3e31ef3d1cdc001ffbf6cb4a03e31ebe35937a172","nonce":"cbdbb5c8aa3799f442ee9e77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"3df2a0f19e0bf79d4d41c7bc6c50828e7e0654aaf5687c29dd37df4b07156f5d0208fbf3802cd16e14284fb0d7","nonce":"cbdbb5c8aa3799f442ee9e76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"26e59c2177e8d69b84d75f41a7d38eb634e87f8134e923c40bf89d5adc73c4bf178eb9e6ba42899d07de774d6c","nonce":"cbdbb5c8aa3799f442ee9e69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"319f5e3bd26a3d98269c01de0100730520bbc49266aff7e231465e22731b71175ddd14aa9bb4debfcfe248fab1","nonce":"cbdbb5c8aa3799f442ee9e68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"f2c43d5a91fbff33912e98c5221a6ed72359148722b02621c4e5348e0b189d71411746419b836c5e9be415e129","nonce":"cbdbb5c8aa3799f442ee9e6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"785544364fde0adb3326811fc06f4a5ac761c233b6e095e86df7067bb2cbc1185e5b84bb26c2aa2ea687249779","nonce":"cbdbb5c8aa3799f442ee9e6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"2f397af9f515fdca170256bc50db53cfeba80e2bdaf93247a0c945c25981bb1e4bc6e223cd711aea00a497b743","nonce":"cbdbb5c8aa3799f442ee9e6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"4bc8e0ec36044fb2a9cd359ef8ac9efac1e84ea0b97e58432bef3130fad9485df329b9b6a2fca7d043c499c2e9","nonce":"cbdbb5c8aa3799f442ee9e6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"16e37e8c2b904c937f9a1c5ab394fc98ae056e7f93544aaea893564e170dbfeaf2aa24e878b7f44df69b4b09a6","nonce":"cbdbb5c8aa3799f442ee9e6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"61ae9f33997d9a567b1b6f324d66e161f05a9307833bb871e1c8912577d354da7fa328a48fa4ce9e303dc347c8","nonce":"cbdbb5c8aa3799f442ee9e6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"786e1dc433408f88eada3d43df96310c0b49f483bbb91512ad2942b288280260b4ede582230bd45ff34837635b","nonce":"cbdbb5c8aa3799f442ee9e61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"f1b35c66cad905d33a36ac629009b3527451b56caa0b44614b5ef0de744b3682ac5ba633f5f41d676dd04fd070","nonce":"cbdbb5c8aa3799f442ee9e60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"ff98e98ab742a9e88dafbce618f3a22ee7935698da606ab87697f72f6b81debd262590dba5c02eb2959a487ac7","nonce":"cbdbb5c8aa3799f442ee9e63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"c8bb2f556c30b8ec95bf3dbc298633e4d511c626d97187376878a8ba4035162ede522f13c9ff113bde6e34cd2b","nonce":"cbdbb5c8aa3799f442ee9e62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"83233942f6614909a98fc5335c7156000d59d56db7d872ade37090226cc66a9c4b8e1276f3142318279e92148d","nonce":"cbdbb5c8aa3799f442ee9e65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"0bda7fa14852e67c8fb5040a5e7926aef561d43fef0a70b31b6df54f609667f013515f50300f740e4266b9ddae","nonce":"cbdbb5c8aa3799f442ee9e64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"d2824c578e946ba03de2153bb7b3ea943542825b54d2d5e13e43609779d764ca70df16ba4eab286e971df2195b","nonce":"cbdbb5c8aa3799f442ee9e67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"ef3998f1c67fa4cbc0516a28b0dcb399e583dc978e22307f3ca75c82b00d9640824c2b5861b43738e034c63b46","nonce":"cbdbb5c8aa3799f442ee9e66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"d4d4be93837a62a8e12b89c543d0db97503b5692404cb19686a82b90be2effe61a60a3a52f5b61f26fe3200ed0","nonce":"cbdbb5c8aa3799f442ee9e59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"fdbee69156db98d262cb1ab39e6f5a5c7547f06e35da0947134f73ec0d60f9e866f01ebaddb5ecf88ec663282d","nonce":"cbdbb5c8aa3799f442ee9e58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"2d8951a6ec1671ebd6be1effa6a5e307aad2c8ebbde075d478bda87e7f4b27fb1d2f8a5a9ca0cc67613a726de8","nonce":"cbdbb5c8aa3799f442ee9e5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"fef16957bf10032067e498cd2de66a6ea4e66eeb0809c6c1f26c148f89f2638cff34b5cf7a96a7ab0876642979","nonce":"cbdbb5c8aa3799f442ee9e5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"bf8f75370f27a40470ca169c27210ac1299707353ac05fc44b2e0ac9ad12f13621c60a2410b6e96899604af97a","nonce":"cbdbb5c8aa3799f442ee9e5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"7eaf3938b758f7cba8c9dcd267c07c789dc47df5e7a7ec7da3370e98e9271d0be75a7f344adbef982b29265555","nonce":"cbdbb5c8aa3799f442ee9e5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"aa4c85dede116abf0d9ca3bc41574ee288906656f9cba1d6b475b946978276d0c5219c8601e0ab89851d8cd36b","nonce":"cbdbb5c8aa3799f442ee9e5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"634572cc3d1fc3a563e8889b70e6ef97e645d8fd42d6a208aca7fc743333b89e2b68f0938fac873f5b593ef062","nonce":"cbdbb5c8aa3799f442ee9e5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"9d5b28b71b5ed12201ad501c428887496e7fc12f63a4271d8e9266fc4842ab6420e9af53c0dcb2edbc9789f6ab","nonce":"cbdbb5c8aa3799f442ee9e51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"38205593f841932c81c1f0db88eda5e93b2115c01a34b78dba013b3d160abf07eeb7c59dc41bb808a96b9fceaa","nonce":"cbdbb5c8aa3799f442ee9e50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"900c2ebacdaf4504405233235726dd6f7a4c636c524f477e7df3d627e82a917d2809131c65758f02d0389fe6f6","nonce":"cbdbb5c8aa3799f442ee9e53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"828bd518b39e80000d01d22c3df1b735bf603209105d930d13f10677e5873de48c70d7dae6cd084c6d53cfb987","nonce":"cbdbb5c8aa3799f442ee9e52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"10399bd1d1609d0a36b52eff37493b883545e5c90d4bc434fa14aee409d5a848e1c16a0a2b140c29a5198a1f6b","nonce":"cbdbb5c8aa3799f442ee9e55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"842240a32c1a2b1ddb8e70a58f40c6c97c78e063804de8136d355360857bc158499577ad86435fe1c1ceb38fd3","nonce":"cbdbb5c8aa3799f442ee9e54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"f44dca8ad6928bc0693cadb1be7c65ecdf70501a870dc311032ac2711ac4ce893763c47f126a91af717d0d9d40","nonce":"cbdbb5c8aa3799f442ee9e57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"c2e7097ff59dbe96c37bd7ac712b57b6b13a4abc620c97cdceb5cdfbd0b4f71cd54f6cf87b800e2c003cee73b4","nonce":"cbdbb5c8aa3799f442ee9e56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"946a37b59e8f8d26d36bf8d47b69998669f49554c6be317ac6580cddd76de84c096c47b0c4c6e5eb10d42a7f74","nonce":"cbdbb5c8aa3799f442ee9e49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"d21cd47964f103bc9bd4d564391abe723f1dc44362134019dbe1601b4376446e46de8d142ba68fe695072fa4a4","nonce":"cbdbb5c8aa3799f442ee9e48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"c300bc0404b299d9c38cb76c1b52294988ac93084e91ae9262d2dc2341097369aabb750bd277150208ec06b901","nonce":"cbdbb5c8aa3799f442ee9e4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"fe26e7266418e5a83f8d670a43d0194222376bb1d4b3c5514629bafb5145e6f0665823f415c86e294d29366bdf","nonce":"cbdbb5c8aa3799f442ee9e4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"ebae9318c28f509368c4b98210dd9136819322bb91151976a76b27cb7fcdaee97ca8c5eebcbcb7d50f92585a9b","nonce":"cbdbb5c8aa3799f442ee9e4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"33f6e79dc2052e711e2b5e6580226dd418a3d3b069b92cc3cf198e852fd4b83eca2a8c813deabc3535d6c89607","nonce":"cbdbb5c8aa3799f442ee9e4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"de1bdab4e75506eeaaf907f3848fb4a79a17f375aa9447450c96ac64bbf7129e57887445081894fc3e2892c56b","nonce":"cbdbb5c8aa3799f442ee9e4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"aafcf4eac3d7a3a362f65464dde7d6cd12aef9d449b496e8ae4d00ed3d7519da3fbdbc45fa681eb36f84a49273","nonce":"cbdbb5c8aa3799f442ee9e4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"50068115cc98e017a4ea67b48a7d0ba06447e22c3eb249f4010e6d6936870baa317f01810bff6bce043d35826d","nonce":"cbdbb5c8aa3799f442ee9e41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"0c240a7e97f2d286a84757e89b849936c3c5f070d5def56cc801997301ec6c424bacfbc7eb50fe104d72a4e2ec","nonce":"cbdbb5c8aa3799f442ee9e40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"cf8ccf443dfb5cf3fe46cbaf7eaf85d405aed8b8aad97b0db19055c630f11025303e4db21641166f547125f008","nonce":"cbdbb5c8aa3799f442ee9e43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"a9f276f8dd4a4ccccfa8dafd1e5498ed733848246b3489e51d0de215e5ae0c08f0e44b0c437c451b58b5c2130d","nonce":"cbdbb5c8aa3799f442ee9e42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"f7059ded4eafbb6abbe9a1f0c5c160c285c84b9e5f2ff34c59eb65e1ef501a2ed994c27d85b57ced9723428d38","nonce":"cbdbb5c8aa3799f442ee9e45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"cd221e840bc33bc191eede063b924af9541960077c05e5b15b6c81bac3148927d1a06c282da2c58d90667ffc2d","nonce":"cbdbb5c8aa3799f442ee9e44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"f11d9282aeb38405e198799fc2ed3fe355b61292615f1ada2e2ebc9d211f256cd152286d44be3eed40b18c95bc","nonce":"cbdbb5c8aa3799f442ee9e47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"1cfbb85d8f4934e6041de716b010b07e70bab7f28cac00d80b9bcdea48c6a567e3e1cd9f34c5fc916485a21f00","nonce":"cbdbb5c8aa3799f442ee9e46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"598b3c3092920ae3d074eaa191188d9195f4df1f69e8a2df316f0fd227ea6b0b7b8a927aba394adcb9cabdba92","nonce":"cbdbb5c8aa3799f442ee9eb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"9d607e5b3867fd0225cf9de2dfbb14889d249c454aa5a9aa03eb1b0f080ec1971edf6fa6abb42f14be8287c471","nonce":"cbdbb5c8aa3799f442ee9eb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"9f56b80a68a2b5b49432b58f7cd3988def39442884a3d9609e09a1667ced47acb24aee0f9631e395e7604ffc2e","nonce":"cbdbb5c8aa3799f442ee9ebb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"31b0cbc9f63e4b8cda68318d86dcc6dbb222f8b2c05fa43aee8a795679b9a8864a8eb49a88a3af136f9e92d006","nonce":"cbdbb5c8aa3799f442ee9eba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"c39ac177cf16924a43f43f749ea0e06d9fe0e7256848b2ef252cdc40ac297da6a64081d04fc3fdecc66b49c185","nonce":"cbdbb5c8aa3799f442ee9ebd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"c42962d07474e71f4fb3293a93ceca1681e3006bb8294215bd53e8a60738f5071a6ecab0a198e7f45cc4c8c780","nonce":"cbdbb5c8aa3799f442ee9ebc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"27146fe4b67c236d52f02eb88304f6766a2a87d6deabfcb8fa944722a7529c6be4e56c86ae5a5a1d294facbf4d","nonce":"cbdbb5c8aa3799f442ee9ebf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"14b740528cbeb8c72a0b695e86931ee838660a225a657c076155798c9907b450b2b93ce7da8123beb4bdbca10b","nonce":"cbdbb5c8aa3799f442ee9ebe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"2f34883b212af922778e5813293ed99d3bd18b3499f640e92d8ddf5afb44180bc94bdc46b1f9686058f874744a","nonce":"cbdbb5c8aa3799f442ee9eb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"e754ce2a110240b6e6b508a23cecd4e80cde72fa4a9160cb38f8d18a5c9da22d5a187cab4070556f5d61dd57e8","nonce":"cbdbb5c8aa3799f442ee9eb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"06e5efca98c83bf5effc5b50ab1bf836d792781f88999fb4224b82b1dd696b19a7bc1af7144f517e59a1a02885","nonce":"cbdbb5c8aa3799f442ee9eb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"8fe6df5d1678d6f125b67e1c8f01d97ad87d7022743ad4044af035d2361fa500922c47cd9159d57be6eab8ab37","nonce":"cbdbb5c8aa3799f442ee9eb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"eb3464036026fe6688393b98a316881e688b16ce7f6aaa181d68fd3b84d55ff2c8847a47e0c7b2368cd0fd7cf3","nonce":"cbdbb5c8aa3799f442ee9eb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"32db5ecd6202ad9250bad796f416cec5ff556158a7b8f79ba71a8fbc06200d0c075f2add4260cfebe21ecf1dac","nonce":"cbdbb5c8aa3799f442ee9eb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"16ae3fee0f0cfdbcc8c59840ae8e4781f3a501ccfef06de523fca23073cb07d7088a9b0510601ea2802f72f68d","nonce":"cbdbb5c8aa3799f442ee9eb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"0577c8ec0e395189d70bb61841764b7b2f2bee6e69973a1fecb7fc3e51b9e97fb1ca94556daaf0ccf26bab915e","nonce":"cbdbb5c8aa3799f442ee9eb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"2a1e543579445a52b188a64d21ff19e72ee02ced479f8ea1a5e9d5d10461223ac6d61b0c3d9bea6d19a6ef8acd","nonce":"cbdbb5c8aa3799f442ee9ea9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"b8205183a4d67a0324013478a1cf530447cbdd98512b46cd6ee49e05c0b77390f161344091cb199ce86587cdfe","nonce":"cbdbb5c8aa3799f442ee9ea8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"5fbd296ad2dc21165f5b52128da908846499c308a194eb602a441f392c652516ab4d2c253479e49c47a6d00f0d","nonce":"cbdbb5c8aa3799f442ee9eab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"84ca20e2a661052c95166ef4341afda82d5e7fe464b9c56bb8b1a29f18c899fe6aa1c829d9c8c604c58a0e226d","nonce":"cbdbb5c8aa3799f442ee9eaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"d285e0ad4bbeb2bd20f308cf379c2e0d19dc209d01371e4e0a7fefccc8e1b92b45caa83839cdf742d8470e27c4","nonce":"cbdbb5c8aa3799f442ee9ead","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"0603dbdbc3d4d2046d8a76b0c2f5f1b4aa29b47c8b017b7640f99e36d31815549f6ae9cfe0202b20b75ffe2e3e","nonce":"cbdbb5c8aa3799f442ee9eac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"c5627a1cee0be98ac7aa42ee21d79d9bbac8327698f45320c012d9335d8fbad850b742653e9491cdd24989751f","nonce":"cbdbb5c8aa3799f442ee9eaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"f55c0f8c297be77f6c6bf83c1419d7ee56018a79ec8398e176b3026d17c0e40651b114a8e06bc2d324ffe2749c","nonce":"cbdbb5c8aa3799f442ee9eae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"9938ace96831feac6a7815da5bfdcb603f7d132c01b71a907276a5cb5adc93283da7a9dfbd36d527e48a9a667a","nonce":"cbdbb5c8aa3799f442ee9ea1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"9c1d51a1eca124d3a72c4e9bc838cb91ba1b5e02b91021ae37664733ba3893f3d73eb5fa78d9214f990c0899c8","nonce":"cbdbb5c8aa3799f442ee9ea0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"52aaf92e8732e7bee8f13d37af726daa669c4190f2d1f1a7ae8932331851391c52f81ca3c41aa6c2435b25e5b9","nonce":"cbdbb5c8aa3799f442ee9ea3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"283e07d2392b86673d595aceaf24010fba43bb50a5c69c439bff14b352c40f217f1464dc46f003d5ccecac3622","nonce":"cbdbb5c8aa3799f442ee9ea2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"0a97706393ae5b34a6e0b7a526aab42a7f71051709669e772fe03632625b51f712d02d9316821bae6a8091ca3c","nonce":"cbdbb5c8aa3799f442ee9ea5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"c2ba1e18ab4a8f9ef4531981d2def20602aa7f6e05e535739ff47ce865704896c5b36a03104edd9b972691357a","nonce":"cbdbb5c8aa3799f442ee9ea4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"5aab9e27e86345fc47e76da9268dab34d2aa1045f8236be39dcedf96125de51d9740da1b21f23407c29f2afaa4","nonce":"cbdbb5c8aa3799f442ee9ea7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"1016ec02d0cac6528c9fce1fd6e4570e88cb44094579928d7f47252e34ccd4e8915c3ead8fdb15deecbc877dbd","nonce":"cbdbb5c8aa3799f442ee9ea6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"9cfb1b999a8193e54228d7e3d5148f14879cc1f52c15e73be770ed4d6733574a04b3d733c39f387b33bff0ad48","nonce":"cbdbb5c8aa3799f442ee9e99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"346bd1978e9df34c23a4b68f9ea65442ea08982a19312fd8535c162260adb3c63edcddc74527e3c1b3c231a336","nonce":"cbdbb5c8aa3799f442ee9e98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"2bb8744133e2ab2912160c692c95ae716ab178883afff45e970b9b00f4914795abc64caddecebb9b7ba0ed2bd0","nonce":"cbdbb5c8aa3799f442ee9e9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"414caef0e48df742bda20f1e895dd389d4c9f722db1bcfcf44c466204951b3589129bc6959fbfdf723c5f63779","nonce":"cbdbb5c8aa3799f442ee9e9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"7cd52ec30a344ebffb893d80cd7d9a137de987cc51540a3e7071bd06fdac339a157ca798355888a5c35c29429f","nonce":"cbdbb5c8aa3799f442ee9e9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"787d75ce1ef2cb2c1a78bb4a56b305ee1928e1164ce767d1031ca5c1415eaff668ff21006d9aa11910b9e64afe","nonce":"cbdbb5c8aa3799f442ee9e9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"356946e3480b6f14f62c6025b31b12238dbe32c588de3dc41c7e040a40a8c590d51462e2c2d799b2663ca9d184","nonce":"cbdbb5c8aa3799f442ee9e9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"3b6171ce48dac8e28c20e0eca4e84ea102c80ae4ec10381a45cfb01e2ea8dbb3fe03d85ac408c4d4ee3695983a","nonce":"cbdbb5c8aa3799f442ee9e9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"511eaaad31f07790db878eaefbc155f78ad3ab73073a29dbc9864b004d1b99f1e62fb30d53d0c5fd5630722382","nonce":"cbdbb5c8aa3799f442ee9e91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"4a31ac9977b578515e87a7c0153c6f48fada96f553ec42f25945ffa2a02b398014451a8b807e51e1f2e5a0a8bb","nonce":"cbdbb5c8aa3799f442ee9e90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"3b36d7103c407b6504c9dbd4bcb012543aad5a5fc1f914f67f3cc743e512e4efe3044610907450d38303390665","nonce":"cbdbb5c8aa3799f442ee9e93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"d2a25aaeb6dd7463ca96577e108b1ff05d24bbc873d72a6dcf32937a404a2d56818b61557993fbc52eb0b7ab33","nonce":"cbdbb5c8aa3799f442ee9e92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"76a59eba574753b4c46f1e4a6df1e12fbe9732b7ce9a7ebe71fd6a4288c39ca96b9b4a65d543dac6b2c9c1d326","nonce":"cbdbb5c8aa3799f442ee9e95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"0dd9d09ee6bf2f163104835ff90f2c6b7015e400072580a2d2343bd0a6a6fa6862c7b7cbb37fa00791aed4386f","nonce":"cbdbb5c8aa3799f442ee9e94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"4d7923f7fe97f104ede35e4f4b396fa145b10296da54366109685e401f5ed779d0ec9e8042861bc8718be72f29","nonce":"cbdbb5c8aa3799f442ee9e97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"8e6941fa8c7e69e9d1c3413c77d71342be19b36ced47c81bcac5eb5f331ab4965a5171139be0c317a070874d0a","nonce":"cbdbb5c8aa3799f442ee9e96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"7e253276f407856031089e27c39572ed5f415e27e7d3f0d271146273164c4d584ea664915df6e2bbbaed12e82c","nonce":"cbdbb5c8aa3799f442ee9e89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"380bcd022a75de7a031c57346d9bf248419e09e6d61920e8f92c704c9eae493186220b55db57b0c5f0e5e6c964","nonce":"cbdbb5c8aa3799f442ee9e88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"32f426397ca4c9657309887bf2e8fb86261fa147e1cece1cf11966273814054bd00c4290fa6cba4afdee006d76","nonce":"cbdbb5c8aa3799f442ee9e8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"7963b99933bd48f729ab6a4807e6443c9c8430b11f55a656098647e982ebe8731ef41c2b00283501049741a0bf","nonce":"cbdbb5c8aa3799f442ee9e8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"4087b66f9040f848f7e330c880dda50781f0b3a8288e153043ff386fa98ae2920bd93b1f9b1e2ececb609f8aa9","nonce":"cbdbb5c8aa3799f442ee9e8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"d4f6edccab03b6de7aefcef082d92cfb52d3508000ed505d24bcb75a971026cca8bf1c858d18607d6f43aa7dac","nonce":"cbdbb5c8aa3799f442ee9e8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"007a6fb5af25f95f709d091738a2eb4b2d0e714fe51dbdf32f0dd18bf4456bcc977d24e86417260d7ba62f38a2","nonce":"cbdbb5c8aa3799f442ee9e8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"1cb3e659197d26a9749691897cef215f652a80b3a8e276f8189895c2d846fee0d728e826a3da1849f4c9dfa7bb","nonce":"cbdbb5c8aa3799f442ee9e8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"11c570467b9502e4c52286023050376acf4b2b77873f11c4fa2d4ca11f90d7fee5da7e742a460bbb52fd30f5ad","nonce":"cbdbb5c8aa3799f442ee9e81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"83215542aa948a785ca5c483b6015f448724eed23df8fd24ca9bb1eaad57f61627a56fbeda4db0936bb6730b5b","nonce":"cbdbb5c8aa3799f442ee9e80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"341d7e4da6f721d40ddbcd5826e4a3343d96a9912b5fb85edf070670601c9aff58c925443368570142f0bea94e","nonce":"cbdbb5c8aa3799f442ee9e83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"bd235e65f01c632108f0bcb3089e5f4dabab38b829dc15a451af63eb5510c4a999637f74a412a02f3f821fcd05","nonce":"cbdbb5c8aa3799f442ee9e82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"37e78a2948a47fead569a534742eb37cce0a13e3c5fb838fd35a8559d671179a7825be9aa0b12a798344187be9","nonce":"cbdbb5c8aa3799f442ee9e85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"ba9832d98282946d9e9a4fdfd47959fc0515b22aa999aabcd9065f1677d230c23649d86a861f93484e08b8dcf9","nonce":"cbdbb5c8aa3799f442ee9e84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"dc10165e1667a722651b920110efbe9227db726db224bebcaddf678b6b90318c8dca93528ddcdc331e5f034a5f","nonce":"cbdbb5c8aa3799f442ee9e87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"831c3d6c6a7d8dd64b3f72f16fcb19f36aab501b0b2e6c4d4f7c2709a85e17484eba1075f3b265964c85dd53d2","nonce":"cbdbb5c8aa3799f442ee9e86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"3c75cd547e291b26b288751dc0cdb7994021013379f1918b607c2ed58b6bc26b55c54f8b3d01f74556efe77795","nonce":"cbdbb5c8aa3799f442ee9ef9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"14a7ddfa387f1e397ac1aeefda3508358d8028354b23d8b4473bdb3ef9fcf4fb38c97326c4dd81b25020fa9711","nonce":"cbdbb5c8aa3799f442ee9ef8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"b3bdee5ca748bd7236b169715c4784467070bbccba8c09034ba6f8d8fb1f9605c8ee4a46e3421a136ef4f8f033","nonce":"cbdbb5c8aa3799f442ee9efb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"f3bd13f16543c6d371175b0b83ad227b1addcd7d4d5648385731bd893de21d59d34f67f9ed239988ddada87986","nonce":"cbdbb5c8aa3799f442ee9efa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"fa80b6a0a8577802415a06a7d80a70288f7d33c261845f4d60a5924baec28b57bcfa2bec8fbe932ba3445ed847","nonce":"cbdbb5c8aa3799f442ee9efd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"0660b0912202ab09daf43658afd60c55918a6fae60fba10a0d59477206d39880c9590cd7d35b5f80ad6cb80a49","nonce":"cbdbb5c8aa3799f442ee9efc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"79a8d67745a3ceb72eb18fb944698c9a70cc586e9bab03bbff08b8a11b56a200c7c29d58d35f265f9eedf0067d","nonce":"cbdbb5c8aa3799f442ee9eff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"bed4326859d681c5a20ee927da886936e3810f25c09fed6a290821c08a6942b11662d92cd8d243b8980383db2a","nonce":"cbdbb5c8aa3799f442ee9efe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"8e90c182d13b431ea4192b4ded02984b23269ccd2d596fc278748c89f4ad97459c2499026fe11f520aa975733d","nonce":"cbdbb5c8aa3799f442ee9ef1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"0dba736fd8f39f62e7635597786a85f56e14be1d8af172878b1dd910593d18a746f95c8bb5bb0f5a6baffcac31","nonce":"cbdbb5c8aa3799f442ee9ef0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"ae38445e8b6e024458281744860f80cba35bb0c860b59846ba0173b96e892b205c764de618afff5f1b2725d1e8","nonce":"cbdbb5c8aa3799f442ee9ef3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"20cd59b18b20016a171d026dbaa161204723f40d337faf25a9ab19500ff5a42bdd7307f9130a359e374b634403","nonce":"cbdbb5c8aa3799f442ee9ef2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"ca36a369d39c17c6cf8171be0374d8644b9b8798753d938cd215a5e9479eae8851fe723726990a668599195253","nonce":"cbdbb5c8aa3799f442ee9ef5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"a8e1578c9b629a5194413f0aaf000b6c9398e517573f3817c7e93e074ac045f5ed62403dcc8f5ad3f3b71dcc22","nonce":"cbdbb5c8aa3799f442ee9ef4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"cd1f2f3c0c174db6a47c9d4bbf7477fd6d141ae2f94dbb3c9e6a994dc3af65c50c63cb2794c2c28c6f4d91ce3e","nonce":"cbdbb5c8aa3799f442ee9ef7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"54b3b76d2d9479dd933ade15d6fbd4c18297b407c7d0788bc1fd2532146932d3df6d5ec7f7cf9e0eef00c1f85f","nonce":"cbdbb5c8aa3799f442ee9ef6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"584b35ed7f088228c4ad91bf2ecca45e12b5a9a827a23a60ce1eec990f9cf85443f9232b9cf36a40d2a5db5f4c","nonce":"cbdbb5c8aa3799f442ee9ee9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"0f20629d0b31460ae6fa0dedd20c77732d86a3e3a3aeb887d4cf291bb9683d80f67cd1b04445e8a410de7d65d6","nonce":"cbdbb5c8aa3799f442ee9ee8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"2d4e84c375943a2eb80fa02a756423f78b982d5d39db251d93d1909c4cce2b3cb48e603188c31022d4cc73336a","nonce":"cbdbb5c8aa3799f442ee9eeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"20b68f545065b419b60401a57cc1358aca0acd97fdba5e26f07477d65d6a4adce85ab643f473ac8509e68f7d67","nonce":"cbdbb5c8aa3799f442ee9eea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"ed3e7097f3cdd7045ca501ca62ee4b6ee16bdd0808b7d5aefd50f193468b1dc7b35fecb1b9c5bf8cbebed960b5","nonce":"cbdbb5c8aa3799f442ee9eed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"881c4c53430cef8abe0c202dcccb64aa9b258deb3dc7a6e2f546226cffa075bf7301632b3db6b8fe9a5fd960f0","nonce":"cbdbb5c8aa3799f442ee9eec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"9b39293bcf73c12c2f124d44340ea9f447f928131bcd058ff6bba176eed9d3f97395338be991e5a4ac6ff9788f","nonce":"cbdbb5c8aa3799f442ee9eef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"08efbb4a3b23b721593f93b0295ecf1e89868132bb5fdf4ccf479fabdfb88ac6bd2e2d5e40c1f6389f1366765b","nonce":"cbdbb5c8aa3799f442ee9eee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"73ad3795424b4a2056aab28226663451b681790c92f2328f45f84a9c4455d51f663f7178bbd8087132b887b65a","nonce":"cbdbb5c8aa3799f442ee9ee1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"a79a22b4df7303cc5de9441a10e4163d77a963fc6b311ec27e5f4c228204042cd66d8dad989ec1454c121a3514","nonce":"cbdbb5c8aa3799f442ee9ee0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"ceedb8cf4715046d97d30284fbdb63ad63c35d6fab2068c02d119e57342ab1b2603cd179ddd75f7515e3eefb76","nonce":"cbdbb5c8aa3799f442ee9ee3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"2ede09cde334380f9b5f51288e2ed923572923db23f1717f399e144f6389bdb8bcf259093d5f86953ec452f658","nonce":"cbdbb5c8aa3799f442ee9ee2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"c20957a3a97b568a2cba0fd0583ce3e77b2b4e6ccdba2d09e340a1fc95218ef0624a5c9f8513b8c732798e95af","nonce":"cbdbb5c8aa3799f442ee9ee5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"c3f527e4a03a66169d2043db2a191c127a38eb1e675e3402d46fce870a946889d989132281b9dc43a4f986d995","nonce":"cbdbb5c8aa3799f442ee9ee4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"c3a019adc09d9a141b0763645765295cf6322a26e30bb3dd0663340a865d84bc59027b427325c9cc94e7aa9099","nonce":"cbdbb5c8aa3799f442ee9ee7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"3b44aaee3bb713e5db682138ee4e27bf9f306303995e641e9ede0452b98cdc304c4d3423898890766756e9b317","nonce":"cbdbb5c8aa3799f442ee9ee6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"59668971ce8b0ca0bba2fd20a7122200e73d9e72dd1fe58793eec4efb12ad3bbe5c8b0aa929d8b8e17568f163b","nonce":"cbdbb5c8aa3799f442ee9ed9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"dd213a03bc839b6e9fcedc723755702de7a185144c93456f9304b456a00279647af2ef195aced7f57e59a92048","nonce":"cbdbb5c8aa3799f442ee9ed8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"cae655d2e3a9c183e20d4e604b116adc75bf16de1087254043f91c938fd653e470fac8564e1f890589c6f9e611","nonce":"cbdbb5c8aa3799f442ee9edb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"c8cec6d1be918996e4b62507f83ee021efedfc6f7e2d0ef6ce4d198d2fd06d3c4c46ec67a781338425122d1c73","nonce":"cbdbb5c8aa3799f442ee9eda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"75656b7f5d67b3eef63e44c70ce25cb7fb8883be11f78f0225127408027385b76a0cbd2fdffb7ed4fcf112dc0f","nonce":"cbdbb5c8aa3799f442ee9edd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"fceb24559713f570dde7b0042f83994729fb47e6b57123c3011bf421f6000e28eec642f0581974a460a2329bb8","nonce":"cbdbb5c8aa3799f442ee9edc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"91f3f6111f498c1ec7ea91f17a7ca71646f08036e666a894176e68df825e19ea9287a3baf0526ea9908e2c9b6c","nonce":"cbdbb5c8aa3799f442ee9edf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"e8eaeb9a6ea58f15bb051e91cffa4b6d3fb14766b2cb04fe2156d7e40612e5ff8d420aef23ee9dc192bae2d569","nonce":"cbdbb5c8aa3799f442ee9ede","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"5b8c2e895cac414b78d88c7b2b9065a8321e385b106be084244d4b69cb4b4731baf5b86e42817a2e2145fd63bb","nonce":"cbdbb5c8aa3799f442ee9ed1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"4c4dbdd44a8562a67131377824db62fc0f8a2348bec9cab4520e3c3de039dca5fbe75e7969c07741029c848775","nonce":"cbdbb5c8aa3799f442ee9ed0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"52303cf9961676592ba87dc9b51321047b25f14d59388fae89a3f4272e668502e364a93c4d0120925c6bd33a04","nonce":"cbdbb5c8aa3799f442ee9ed3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"43f0cce01962a8cb2dcf6502722fff4de6d7e4921be79fa08c5ae5f21c64403bbb20a7ecea10077742a84f669f","nonce":"cbdbb5c8aa3799f442ee9ed2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"a45404ae082f58ee89dbc6fcfb3c2bd51fef08af7df66d3351831d36feedb999fd9612870616259dc1f40d91b0","nonce":"cbdbb5c8aa3799f442ee9ed5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"566a12079c30a45b5b2e93860787d7eb0a3c4463c3bd3e7becf4ec3d19099c7b969eef98742ff8b053b1913458","nonce":"cbdbb5c8aa3799f442ee9ed4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"6bbd59418ce1312807234893d57fdee531694c4ec7af4d2f9ad0ced51a34c90e18fb2e9364d6329eca86aa1e57","nonce":"cbdbb5c8aa3799f442ee9ed7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"07744c5ee2496181b2fe20f3a476e2ae17e1560e261ff70b85699f3bf864316426cfd71797ceea2d2216a4df27","nonce":"cbdbb5c8aa3799f442ee9ed6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"1c017f132fcf70f0752bc72f96e8e60c5f4cff9d9b27daf3a4ed28a6e52b113df34f4cefcca7477e3bb86d6eb2","nonce":"cbdbb5c8aa3799f442ee9ec9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"1f1cf5ce561f04501a40853f6896660d7498204c79c90c9f720d82432494de97702ad125af8ffcc085c35c74be","nonce":"cbdbb5c8aa3799f442ee9ec8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"5aaf309881b03fde29021b5cb875855bfb0d473fd76c06137725020a3086707d706dd04ee5a7da33b8568d9f0a","nonce":"cbdbb5c8aa3799f442ee9ecb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"ddb2f71ce14a8de52b52e8599896c3c82d790d62d2a1c41412ea2d90768e2e484acc31f417ec23324948291429","nonce":"cbdbb5c8aa3799f442ee9eca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"fab22c23a6dcc8b346f0c6db7311ee48ae7e7da4b13dc219c0f912d73f13970359bb2240485f625e378ca1bab7","nonce":"cbdbb5c8aa3799f442ee9ecd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"e8eb33c13894ef71bbd241401501412ffe9df130c9004bca9627fabb312450fcca593b1bfa8cb49cdfae851b7f","nonce":"cbdbb5c8aa3799f442ee9ecc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"c2d445d1bbd4de4aba5a1b8cea834abe4d6e315d1cda02bc30f63104687d4b9268f46f827e3c8281bb2582770b","nonce":"cbdbb5c8aa3799f442ee9ecf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"8745f7b50c64dc6b3253ea59bde4417554c6778a43009fd49373b3203baa919819dd57563057124a1f532533ab","nonce":"cbdbb5c8aa3799f442ee9ece","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"cfb78668a272ddd587f898350f7d734bc34e0036f9e6f964e63cd6b53de00b59a0a2ecbe4c4ec4150c8c350fa1","nonce":"cbdbb5c8aa3799f442ee9ec1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"ded3919a2c4ffa6b30c236dd59b1382fce8292a77aa9f80866beaf038afa79f406497a7d0140f69d4e05a12e2d","nonce":"cbdbb5c8aa3799f442ee9ec0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"7b381df4f2cb9477e490e2cc9100a8121d0c8348669d8493b47358ff4c69a00174bf7889f7043e48a66550b5a7","nonce":"cbdbb5c8aa3799f442ee9ec3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"34ad7452478ad5967ef16b475556d81b29578556f8c03bff44be7b606d70dbe7082cc281a43081d175a913ca55","nonce":"cbdbb5c8aa3799f442ee9ec2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"847f6509dd4c813162c2e0eb854d1e0629efcb230eb5b5798f13f1c413c8ce2f6478b7ab86ca6c673290ae2d20","nonce":"cbdbb5c8aa3799f442ee9ec5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"48d08e7d4738519a2a3621c78369505048b024cc69f526db4cad4e361223065810b63fdb8948db1969d4c52ab0","nonce":"cbdbb5c8aa3799f442ee9ec4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"d027a38f4be0d34e1eeb2779bba3250a45ead6cdd77f2d1d612983ddade6ab23c4944c3ac8539213afe65d1abe","nonce":"cbdbb5c8aa3799f442ee9ec7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"177df8a60db9afbfcc3bd16d008075b43e6a5aee00ad2e1a0af39e457888be6469d9eb407c2e153306aac211a9","nonce":"cbdbb5c8aa3799f442ee9ec6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"fbc6a2aa4a8da1d6152a3edd6351625d7305802106b5b49e900d6f7da7342dd72d0a68d8bdd21c68e7b3ad3f6a","nonce":"cbdbb5c8aa3799f442ee9f39","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"a925ac731d0b507db78d2de971f8aec74bf422999dddacc1e0aba3cff80383a0"},{"exporter_context":"00","L":32,"exported_value":"c8232c4edd1e81d7f6a1f26b857eb1cbb747ce1ba624fd06dd29e464319b0811"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"1db995dafba45d278d9a0c36c90ad3163b54c827cd933fe19798da8482fa6314"}]},{"mode":0,"kem_id":33,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"93e714430d3cb00e8e8a03dd820dcbcc7f0141f93c63a7dede2dfb152b5b23982a1a55f2d86dd9e0f5a0f53b9c21605257ec1349d7f89e53","ikmE":"39ed47496020ec7c2afc214425fc6a15fb6f1e16759c2b066265b6624c84ed50ee6c3129d9ed71318b19a96e5c5cc6b27aca5e1ae9cdc7e0","skRm":"c4e72a57af1640806c01617b947ee6d1bbe5eb1a5b4616fb705a5d2ed30b7f4317365c504249750e090805d44a2ddc2970172414a90a09e5","skEm":"9abfbdf9132c22e95f4d25dc6ae16ca1269d3692e75f32e3aeecd4aee7cb8edb4e26da9422afb940c42caf388a1d1215b405795a28d43a60","pkRm":"d920db89afdb25df110a44cf0d7dc4e4d4b74f09ceaba5e76a12d3cafefcd962e244804a58bfd12303732be21d511f877ddc2ed694447b3d","pkEm":"390f2971ca97d513915a2bc5aac0cb81b832d9424d2264eaa9e868d80862edd7918276883a8d0434309e049408fec2340ae5799702f948d7","enc":"390f2971ca97d513915a2bc5aac0cb81b832d9424d2264eaa9e868d80862edd7918276883a8d0434309e049408fec2340ae5799702f948d7","shared_secret":"081f8572019ac78daca420cf23c5183027e9bdaa7fe4b5f8e55b2ff24bc5cdc8bf4362965e6ccd2b832af12b0ed6f2f669b15b42cb6f4361d36d99b88b7dc5a6","key_schedule_context":"009f764d157beae4544a48cc4382cc0eaaee23564072136ce01ebe7b274f54ab4420ed990cd86d7ec33fd88dc1a603491ae460c58931a78178cd8e1af2fec96e7994b5b0e6ed9749cf5a584367aeee9665bfdcc13ea89374b725e4d30a351bbcc95bc70b4c35cc84a53ffd1e1877059f35f9f9c98ae168ad89a3a7087d7e88b855","secret":"f8a6e8cf481204ecef4c24d419f98ad50accce3f266b27ee7dae90671376f11817bf3350dd20e0d739b2518e7284f4248b74b036ea9fd490cae8693238b1bfe5","key":"5011eed55726d94fae0cd116b80e7832ecde3a457ef816a4a42f862ec2820ade","base_nonce":"c9899ce0c487a96933695f69","exporter_secret":"775a6404afd0eaeec9e0806a55332118f5fd7ec983e1cbf69d0fe9ce197d8f8ab64fa31de4b7f4db637eea2157a6d9c294840ad4db7b3d2542f310e04be2bbfd","encryptions":[{"aad":"436f756e742d30","ct":"6a5ef0f8c88a17c6d26bee63b4468cd43360eb69804fb392d8c9b8eba2f9bd806726c7d99cb9073022000ce41a","nonce":"c9899ce0c487a96933695f69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"0f1b8fa3a61ead5f4cee5362eff2bcbf0f9a1c16c550365f022351fd939e91714a59171b00a7bd642b5ae929ed","nonce":"c9899ce0c487a96933695f68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"11879319f51d49f9fcef8dc8f97ca7b686b8ae074e184129bb05ef369dee1797d566bae58991c0695ed5635179","nonce":"c9899ce0c487a96933695f6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"d2ac000cdeb337ee55f72c7051f3932083d4248b5f58739a43c50707cf987f78e339152409f043069acb9aa99e","nonce":"c9899ce0c487a96933695f6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"51e6aff4b667fc51affad07958c99ca1b2ba3496e2e96454a1b4f5564d964ea1ca666f32af7f79fe1f459075f3","nonce":"c9899ce0c487a96933695f6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"49618d91ac0f395e34accf04fd9486662a2088ff9befc7effd60d0a4f9b0b0e91110cd48b90676d14c11752aff","nonce":"c9899ce0c487a96933695f6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"056309ea2eb1600839624c4448d9f8cdf2121f7e089fce545ab08757ddedaa664c85e2cd7787ce4ad83524f473","nonce":"c9899ce0c487a96933695f6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"d46570da185ade38eb46f63b86775cb2f36d242881af7544bc062748d4d0c99e9e1b7c9514daf437f52ff41761","nonce":"c9899ce0c487a96933695f6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"22da01b4091c1ebd393f3561818eae602061ab546465422a6774dad0af83de6fa8d88a725068505fdbeeecbf59","nonce":"c9899ce0c487a96933695f61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"0de5e5d458d99648f0ee96bad8e18e84b28245d41d7a2a1f286ff13b557a0ae2f51c1469b8b52d7df2e024a382","nonce":"c9899ce0c487a96933695f60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"8fedc3180a92473075526a85742d20d0c562b971b50c8180e889b997f3bc73650a3a3b4852e5d4558a1fb5fba7","nonce":"c9899ce0c487a96933695f63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"e4af432e5e480479a3217273b242fc1ef94fa6b656f6fd80f704f6399d9cb318f3bd13326b9209184a874934d5","nonce":"c9899ce0c487a96933695f62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"f80e82c36fe88c0fd56ad9b94570d4d78f56f68caa3d6110e421629eefa2eae31654b9b011623843bf54ba4b36","nonce":"c9899ce0c487a96933695f65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"41590c4fdda0d627cab8856c7ad45880d855f5073b5d66bec0f6c37653a0b1152293eaeb7979fff98dd82d2a83","nonce":"c9899ce0c487a96933695f64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"124c4ba772600bcd017a80f92b7506ac7c6c76fefa0fa72424768c8acd88e905b653540585094856430e081dec","nonce":"c9899ce0c487a96933695f67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"696676a77be79d005bdac3637ef57af1afac08e4cd3e10cd84acb21718a29e6038aeda0f526979a37e914c188a","nonce":"c9899ce0c487a96933695f66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"7a83d510d0a52f66a6bae317d7b91a85e362a4980e5aef38cdd49be72e2ad8f79f3d351473cda9f813fc868698","nonce":"c9899ce0c487a96933695f79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"43688291ef1768f7ef620acd7a0c10496a8b4a482dea6c115772ac81126036efb484ff7a3593acc48cedd1a0a8","nonce":"c9899ce0c487a96933695f78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"db75ff09bdc83a84f41b8ba95d902f94bcf461dbee7918692cbeea5c27a0d8a466de1a75d8922c14e3998e0ec0","nonce":"c9899ce0c487a96933695f7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"b423769761ad3531cc9120c2f34466f3b2faec3cb0527cb73589c56c16048b66a9ed1a85ddc464768980b5f5cc","nonce":"c9899ce0c487a96933695f7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"7405178140d8b0421ebf5fe24a6cf8987924125b66ecd6ef26ba1045d0c5e620b6d52db54bca7eabc0e8351211","nonce":"c9899ce0c487a96933695f7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"1d0b24d75f0a64dc670929c48607ab5881b07ee4fd2f2f6d10039b415cde4c0fe427117e7a0a290042039e2afd","nonce":"c9899ce0c487a96933695f7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"869e2b500cbf60be15dd82428b74eb99ba9dfea68958cc2db60f9c637c659e6ccfc8f63c61111ae630eeaf959a","nonce":"c9899ce0c487a96933695f7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"279cd9ed5a530376b1f2fad09ab4881990635d9df02c30f415d49c81ce2c1f4cd4dd0b9a30d25c7c76c53f4225","nonce":"c9899ce0c487a96933695f7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"8bf10382999b27d8289b3926b0e60d9024af40e444da032ef3179fd290c2cbc04d2b73d3d3972e203a751e5ea4","nonce":"c9899ce0c487a96933695f71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"852d64ec975d988d64434283c085b9973c4636102c84913f8d0b837d90e756c340829685b1e7f6569ac0daf91a","nonce":"c9899ce0c487a96933695f70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"eca5f9783ac6455ad671c77b719282a68cdc9bb4f2266f82240b82269519dca99b2f977b5227572958451a8cf4","nonce":"c9899ce0c487a96933695f73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"0c8029f766f9310071481d4db12f3ad188e1d64b7acb760fe0281b0182a14c105fa399631fb43a0c0c0ac26601","nonce":"c9899ce0c487a96933695f72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"2dd49ed13f5bb111810d940379e59c1fb2f04fbf87815fb6a2d197e0aa5f81c2ea8d522b996d1a2c61739d6e53","nonce":"c9899ce0c487a96933695f75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"2eacc0f0268bb93d292d67e9c037d0fe9a44145e820fe11eba8c5d8158cc325f2399b91c72f9ec36ca4ff4b0d1","nonce":"c9899ce0c487a96933695f74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"3108f48e0791ce1c69ac3ffb8cc6c578b08031df2fe072b6afe75fa01b9a15066e0f0942c7b99c1da85a4ff8ff","nonce":"c9899ce0c487a96933695f77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"229a2eae39d159d3a3a2fd28ee91a5fbbb7ec67243a081950432e6231b28b4fc442cf4bee6d68a6b66ceb2bfd6","nonce":"c9899ce0c487a96933695f76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"d26823f52b81e4d2a9d8eabc76f6a0cfe996bee48cbf450505b8ef38391309befaedd01e0bc5a58e9980bbecfe","nonce":"c9899ce0c487a96933695f49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"26012654aa17adb20d34ad0b0258b083a1944cd11c0b2607e47b54ec2e2fa7ebe64b8130e20a07137ab13c06c1","nonce":"c9899ce0c487a96933695f48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"4a42123f00ecce88f5188130e88594083c9fb8fc0724827f74211a7e82bc356f7fd1829fe20aa39a7ad63ca7e8","nonce":"c9899ce0c487a96933695f4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"9c60e77beec6f4447e3d695fd66a3cb3837e79a6505f535ddaeb5a7e4e78bf4c3a1138372b939a98ca92d48417","nonce":"c9899ce0c487a96933695f4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"8d00e65ea009ef2c3926385bb8865906eafd97c2706dad15279468a2160a9ff6bb965c9bcf1152e383a3a9680b","nonce":"c9899ce0c487a96933695f4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"450ccca0d032c19a16831980ac8b742234152760bc617f66312d57a8dbaf7e699c372218c1bac13aa287316be4","nonce":"c9899ce0c487a96933695f4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"f1994a522a31b6c4377b62fa4bce0640a06f4c32cee8b5875301137d204b02c827ffe9728588117024dbbf1136","nonce":"c9899ce0c487a96933695f4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"336db0dcca4d5f2ee97c665c3ee8b59f5cd37a56874010419ef26e90e84c6871cb1c1761678bdb3062ad4fd367","nonce":"c9899ce0c487a96933695f4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"cf8e33c184377005535ad8cdeb13e93971c318f08dea88cbd1731b23a32b9d4b9f1afe39cb645575fb524c3e00","nonce":"c9899ce0c487a96933695f41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"0ea9285f7f6107c53dcfd3a3581b85688652955baaa9c8493ce3d55786e9c8d8538bbb6e84d24aaa3418a0ac25","nonce":"c9899ce0c487a96933695f40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"f024aef97d7e577e00a99696c9cdbb06ba7a3df7ada9224f6cf46c88c6f8e014ce47998f7b4af8d6078147b459","nonce":"c9899ce0c487a96933695f43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"81db246f350a3bd92d4d8010b71108068cfa24784936e7c0047d25b5ff0376397d2db22016c03cfb6f94b000b6","nonce":"c9899ce0c487a96933695f42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"06e5d994572449e5404ef62d58265a9425e4ad93ca05d176277a856680bdd7a4f9df9c266ef107ea5a0db9cb3e","nonce":"c9899ce0c487a96933695f45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"5d0b16b9d4d726672329a26f32889a90d818a16b57ba0c3c01f1ccc7ab0f7fe7097e294ea08d0a6bf602a675e6","nonce":"c9899ce0c487a96933695f44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"0a37d2c2ed13beb8b5d165d9a82dc7eca18d521c4e2d413ebd0f6465214f6d996eeca8d5ffcca0b3f2230d48e1","nonce":"c9899ce0c487a96933695f47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"328151784802184516d05cdab8048e5226575dbf998556201379ffe43ced566b9420fc949c356230a190971f10","nonce":"c9899ce0c487a96933695f46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"d196fd6490e1d3735f1f1ca7927cf1e0c8035e77b7ee91809abfc011bb3783a7cc49fcd3ae2d60bae8dabc8ede","nonce":"c9899ce0c487a96933695f59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"e60b142c5e388b0795d48109a50df34e73e467c30121bb70a4fe554f05bfdcca10fe6b1d6002fa1549d440fe2e","nonce":"c9899ce0c487a96933695f58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"33a07409c901973d1ec4586ca81d3c14693192d7262f21163d2b7c788422154974676d1b65853006d3244f7bc9","nonce":"c9899ce0c487a96933695f5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"a35e3224afd84670c204fffe5cbdd4439875666b72b25d8a45eab96d983908a56df3b30cbcc620fbf10e5e43d3","nonce":"c9899ce0c487a96933695f5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"13849e156d2b46d6856c9c71de1490ff9911cdeeb9e44139fd2a8a12b40d3626f696410612ae71b7827f85073a","nonce":"c9899ce0c487a96933695f5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"fca41a97962ac0facac25c00fbd951d02c3a4e37f10f46e6613dd6ad5fb67bffdebd5d60a1a7f544b3254ab05a","nonce":"c9899ce0c487a96933695f5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"e975362cf2310c7eb55d48225c21cff7ad19a8c6c826df2057d2fae11b257b8fd0f1984902bcaff2b5830dab38","nonce":"c9899ce0c487a96933695f5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"f8a5b809b42a469afd0eaadfa6ad53057350df3934d26754dd6e44617048ecf73a72dd1216eeb6c19588120229","nonce":"c9899ce0c487a96933695f5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"2709934c64c388d8b0acef90e4722635c5b28c9d0ed9145b748a732a7adbd36728919cb902685b0ad65c7a243c","nonce":"c9899ce0c487a96933695f51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"f1c817994eb94155e39ec0b151ed976b48043767b615cae3b13f0f1c7888c00d9006a4212ed4319bfd776e85fb","nonce":"c9899ce0c487a96933695f50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"83e0a43015384efa9fd2637d6e270f3110f21e8ce85e294021e9e9760bddf93531b921a2bc04cc95dc89bb1eb0","nonce":"c9899ce0c487a96933695f53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"88ef845c1b271fa965767f12168a22b51d40aaab5b921184a41084253f316cf9b66ddb7fe350b058b7d39526a3","nonce":"c9899ce0c487a96933695f52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"b28b495c12d7a817a1d67959d3f9602b4c207a24b8ce09f4ddeb226df651767b50ed23ecbed463a6c8ea704d19","nonce":"c9899ce0c487a96933695f55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"3f8a22a0baff926a34275928c6b80b6a5563ea88ed0baa361064b8006b7d245db188dcc52fed65208622e037d5","nonce":"c9899ce0c487a96933695f54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"f726b9921cd49dc7ef632dc379f2ac336329cf447981ac6113a9255cab635b616937a23b13eeb02c0aa977a297","nonce":"c9899ce0c487a96933695f57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"d10fcc5668866d836dc21144db6fd3f96dc0d60d8f4a30724f28c9630318904373559b6b401f9aee04b3534d51","nonce":"c9899ce0c487a96933695f56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"5fdb3a474aeedc0348d1333a63478392a11ae284b670c3df07dd18c4924feea5dec431496357325cec025e4bc3","nonce":"c9899ce0c487a96933695f29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"228dd18a02a2a5a97651784e6420c961150b6efd88340c351387ed8970b4afbd9f895b250e202139646653a711","nonce":"c9899ce0c487a96933695f28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"c6a8238496213c08246da52f8e43a8d2bb0cc85f784c79fd6f1c9c88d53494c45137fa599cb698d24463bd4f50","nonce":"c9899ce0c487a96933695f2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"fad0c832b85b3d00b32166af4e39a7e30c35512b74602457b26b9acbdb95962d0dc03fcee17787aac2e7daa65a","nonce":"c9899ce0c487a96933695f2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"98c485e36775541e73657f13a4c0cc5487599590038a5bde46718c7d928495a3fd709238f3e5e62c524003c57d","nonce":"c9899ce0c487a96933695f2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"01eba27d95e52a2ea7c9fc30f14e1af481d6c0627797f26c3b97335c02b81e5631405536b3ef9d154cb50511a7","nonce":"c9899ce0c487a96933695f2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"1032981d96431647adeb42de04dd503e7c14441188fb7be58ad91dcd2983872f872190adf26001057f80802cf8","nonce":"c9899ce0c487a96933695f2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"9a18c7afe82f02955cc54d9e0bad53583f957284e3da148d0c26e28171bebeaad3687fba65fcbf5a99f3beea64","nonce":"c9899ce0c487a96933695f2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"da422eb1f2808c59b2152dac3eb64532d54b2f4a2a578d422a2303d20046c681a55296e7b8b474e95a8733cb2c","nonce":"c9899ce0c487a96933695f21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"c865c32876523dfa53ea9a6bdc4fc0a35a153f01ee2a72a4f1fd0b110355beb6e79ced14c90647384eba40fa21","nonce":"c9899ce0c487a96933695f20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"62ef0839a33a1a2b2f22dd096259b5c64647b9f653b3fc7808d559b47cdb4e253d0eb9716418b2dcdb67271994","nonce":"c9899ce0c487a96933695f23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"6b16dc8a695c085028bb4df7e4bc23f1765171710ab5be13d35aea86a1ba482f1db462fd6e55f44ebe92442531","nonce":"c9899ce0c487a96933695f22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"822f31b094b96ba5f6bc18f09eaa863228a73971e1f6a88b818f0ca5960ddffb97d32c033913a088d003108ead","nonce":"c9899ce0c487a96933695f25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"a359131b13b19e0900d55b674618dca175ac3a7cc3f738c04129d1a7ffca47e022769f2161225504c953309ce6","nonce":"c9899ce0c487a96933695f24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"6ff8922ccf63670152d5f4a91d0a479123add7a4effb0e900c618072f7e0497cc01403a85c588f7d25024461a9","nonce":"c9899ce0c487a96933695f27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"1c9ed049cd117ddd0b65f572575c087d83ce848efafa43e30485dd537e1d4d78b57dff93eb5292de47f0c0378e","nonce":"c9899ce0c487a96933695f26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"7dd2f6e0f06c8f1d1f12053c2a4fe1478608ebe413e8ddd1562fb67d1a34a8ecbd101591e201643ff6f7a4d6aa","nonce":"c9899ce0c487a96933695f39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"c1ba8ac2262d64636a2a1d1c9622d4bd9d7672eff284b76f17b204dab3cc60d968ae91e2ed8934f9510f3775cd","nonce":"c9899ce0c487a96933695f38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"26ccfe8c2ee5b6af4eb4b114bd8f83830a434ecab343a2cfa43ef23b4206d2977a4337f02484ee5fb0f17e10f5","nonce":"c9899ce0c487a96933695f3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"5cf2be157a1feda78e035599e56d7c2ba941314f34d8933c7b3d879cc9e7e9226786a7a41b21894e0e4bab7795","nonce":"c9899ce0c487a96933695f3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"e2024704c167e2103fc79ed0c6c1598e8c241a20bf29653eefcf176beefe33fcdb23f64e4e2857c47bcdea519f","nonce":"c9899ce0c487a96933695f3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"0a296f958b1c10f1dc301c225067e910bb14ce7db54fdf131b8354171cfd250278bd8773f60975a3ca9c7088c4","nonce":"c9899ce0c487a96933695f3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"50db1868ffc785c55fcbd43ebaf432535c197b4730dce19dbe5833f37987efb01315c29045fca1005fe07fe4bd","nonce":"c9899ce0c487a96933695f3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"1eb061a4130f58d18971465759618af44114b87b8e1d94e2ff60e1523b65cb3dfee53883ca08db97f83f241dd3","nonce":"c9899ce0c487a96933695f3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"228a4eadabda23956ddf9ef1a817e08b959817856bbab7f3897cf34251dc1612a46fae1d6c0bde2f482c242a0b","nonce":"c9899ce0c487a96933695f31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"ba3e905c41b6e799dff1158e962d1bdfda3ea5e9afb7fbaf475435a7df43639ce03a34f7c4f87a199a4705ce0c","nonce":"c9899ce0c487a96933695f30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"169f30f2989b889ef1c1a79ef2fc61f2df763d1134759b377c94d9a3d64e8759446ec635e316547a1041fe6fad","nonce":"c9899ce0c487a96933695f33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"10216d49fb08dfd726cc022cdaa23a4af9331ca90d8b564316175fe97552343c9285d2831d818bade4b18ee3e8","nonce":"c9899ce0c487a96933695f32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"58c82c35c357a2481041a27725a3524249cb6f44a8e13bba2b644ce1d69db1cb74a6c20b6743724bbb55fc2fa8","nonce":"c9899ce0c487a96933695f35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"6d434a24e2d76a76f5a75d6535d58f7a18c754a61bb87df77024f39ac36f36e27bcff69f9f82120253cf2ad30b","nonce":"c9899ce0c487a96933695f34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"ef74cab8059ab9e460eca384f82062dabe3b55625d3cafd399ded0954d51e527465d5fe45c2925b7348bcf34d6","nonce":"c9899ce0c487a96933695f37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"2d7c14a58a535989e39f7495a89624c9d72a5a8de47b23749961e549fbbc83c8948999855086d18368b3ea7179","nonce":"c9899ce0c487a96933695f36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"65eeb9ef511388570d1fc0eaf78e23d1eed2bde627f2e61411d924a93a3cd7993225395260183cdd05628b3448","nonce":"c9899ce0c487a96933695f09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"d6cf6b6513b11f68e67c3daa88669bdb7c357c60e516b8d625455e55000387600f279605157f5d47cada5810ec","nonce":"c9899ce0c487a96933695f08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"22a9cbdc0b32d937d30ff836240f29e0da4838244b7e060dce2969919e9c6454d4af93e44f98109ed8ae078e8f","nonce":"c9899ce0c487a96933695f0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"ee92c02de976da3b75c66ba3583e6547562cb3eea5aa9a7317715a3384741693b78cb1e38fa4be3bb894d3ce6d","nonce":"c9899ce0c487a96933695f0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"bae294bce2006ad759c8407083631f3e9ea5729357ab3a96e162c9227fcb752d77d32338f619f3060ee75a5c59","nonce":"c9899ce0c487a96933695f0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"c0bbfd8cdeec9378f1f7f05bc06d78d4e4fa5c526ad934c12b769c41d55a043027b11a855451ab3686215d9465","nonce":"c9899ce0c487a96933695f0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"b22b78aa8331c31c9a83fddfd7ec174c3261b56ba59921a73cf25f7ad2f2212dc55714c5211b8f042bc0ac4bf5","nonce":"c9899ce0c487a96933695f0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"35cd1d9dee5f08898129d240960ee7294aab4370b9edba5d586c76b3f7bdb86ecfdcf1eb71b6b7ce09292f94f7","nonce":"c9899ce0c487a96933695f0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"afad6335b0295c932a146a62a3407bf4f9d1a77e3cd7a8d34dd14c9d6d20a4b5761c429c897c9cae60a1b7d252","nonce":"c9899ce0c487a96933695f01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"4286e4ed41f043419c52d96ff623914f1fbae9c0ea99cd42ff8451ec79ceec8f15e91ca3721fb264ef8eaff2da","nonce":"c9899ce0c487a96933695f00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"a9bdf6e7b81030c420c68c15ec007b19d64d54741b60b8ac3fcaf2cf14557788225d36401b740495e1e196dbe5","nonce":"c9899ce0c487a96933695f03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"26c2ca52101aabc15de419967eace97d8a3c5aba2f7c355f8c13becde9cc4e9278e2a0304144ab302d08b24151","nonce":"c9899ce0c487a96933695f02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"af632bd326eab178bb1d8611c744eae3dc920f052887514260579a12d8aa9ff522c332b925693917581a462fb4","nonce":"c9899ce0c487a96933695f05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"de437e2a80b055414f8f2714a3b3e760112638933cf5bd83c5c857edb04fbcf6f9b044b56fb2f481dba9df8950","nonce":"c9899ce0c487a96933695f04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"de1a9e4b614b8bd04bec422816c5c784b3311f50bd26ed37f66d26dcefaee3ae7b3a7d37ab042d081450dcefd5","nonce":"c9899ce0c487a96933695f07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"10ce1c632bc899595a7a924e500e1aa91761c29da4f93550407774af35bef1004040d5140b862e95adf9983af3","nonce":"c9899ce0c487a96933695f06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"bfb412786a706dec95b897207007a1b7616ca66e9c3f06c4075f5cb1c20dacfb37621f47a692443d029171ada0","nonce":"c9899ce0c487a96933695f19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"eb131ba53eb84f2ef135958fabf862ff340010af0761778b0b782204fed22bfcd6b8442f6ad91fc767a086ece0","nonce":"c9899ce0c487a96933695f18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"e68692fe0c26ff171bfa11c16fe83d66f03f0f6b5bd5d7f68c81c56de2d2f2e323c44a0fdaaed0a84af358858e","nonce":"c9899ce0c487a96933695f1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"6fb3da6f11babf171590a0a0c0ecf8242d9dfa9d69bc12adaf84c5bb1d8cf5e826ce68ecef207888487d33771e","nonce":"c9899ce0c487a96933695f1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"4a3cacbd8247afdf05cad05f65a6e67f6d1155fbbf4750e46b4e8e9d1140b0c53512618cc27de475661d5abea9","nonce":"c9899ce0c487a96933695f1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"ce3992af04205d2ae58ada349482d809ded30ba2481a15fb5ad21eeee6d5b2ed793e366e61c126caf717243705","nonce":"c9899ce0c487a96933695f1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"761e6fc616959ed45ca69924c2dd7a3ae400006e0deb1f68162e06ccb016840b25b699c2b41c38616f0f6484cf","nonce":"c9899ce0c487a96933695f1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"033f7204e193c6c762267c0160c50bcb24747cbcc2dfc760b5c7b0c9425c913d23c82c20b4fdb6fb164e014226","nonce":"c9899ce0c487a96933695f1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"ca2b73ea3d22853aaa93839c0336c842071e47b93c6abd1fb81cbc77b4e78c5601a64c491e3462f2ddfb0ab14e","nonce":"c9899ce0c487a96933695f11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"acff92e95702c7e75b0bc8a07984fe32117981b45170064ef84d8c26617294cbf1885f8e5560fa41a62e39fc94","nonce":"c9899ce0c487a96933695f10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"3adc4de8845b297f3209c9fcee196aa3c48b8a5448214b60c232e08eb0f1835fe60e332e5bbcdf67fa5b477f7f","nonce":"c9899ce0c487a96933695f13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"00752718e80043b9e545b4a96e407f901a07388c21b1046b3a1f49b4311770ff9bc3e21d5604f16dd46d90d1a8","nonce":"c9899ce0c487a96933695f12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"94758a3f5b5914360659cf7a755a66e0551de9271662778c7f6815c85f81905877deb604039a4ec56761ca34ef","nonce":"c9899ce0c487a96933695f15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"15c2111400965fa3cbcad3e3441ed0250f9edf6d2e0c2d5a519b8dddff066e80fd3dcf2eb97b1d08e2010a48a9","nonce":"c9899ce0c487a96933695f14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"1a5f6e264fc8a9031ad1d3d94fc31b9548cbcffa5b8cc8807e8818efb8e4d71744af6b62a07b9175b227fca44e","nonce":"c9899ce0c487a96933695f17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"cc5fb4a59fa1b6d22fa7a7707e725ceb5c51ff3d14152c1ee3ea314742cbb214d5e6dc0848e2628b7e9078caea","nonce":"c9899ce0c487a96933695f16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"8cfc5360dc7e58fe9c2c93f71b534353a4e00d43ff3c97183c798fbb6abdc5b5c14854e0adcafaa772e6097a68","nonce":"c9899ce0c487a96933695fe9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"e6fedf4ead7fdda5a47544084437ee311020e9284d54abf86267f6e6aff3662c15bd9088614155c95b69d99da6","nonce":"c9899ce0c487a96933695fe8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"d3f5c6989bf29f5531ff311c0ac95e21ad831bf551cb6fe245e88b2136f8214d2006c037b227a3916bf6666896","nonce":"c9899ce0c487a96933695feb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"4120186928215e1e73090143255d3db9840936a11c732b9ce82177a8f97ae0fca87a9a086e7acdf345d4082a58","nonce":"c9899ce0c487a96933695fea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"536b5017fdc8e6988f84c0223123670cc4376e401f2603204eb2c2dc8fb4daf266a5511fccc4ac53e9d2c4a338","nonce":"c9899ce0c487a96933695fed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"60bbe4e649e32d787c229cc528af801998c86e75b936b439934537e4dd94e4706e101a7aac48b9716ec5f73fe7","nonce":"c9899ce0c487a96933695fec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"8ed9107239173309a5613a9e9ec556eb4df6dea03e63229d6e3d6e43ded3f312b3ea56727dde3b8776b3cd7bf2","nonce":"c9899ce0c487a96933695fef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"13c80ae4d93aeabcde8beaa2624907f460fa08494928b44298c162179c7abb80da2a17e58642751daac2a331c3","nonce":"c9899ce0c487a96933695fee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"943556f7b3c8f476d9fdabccb2128d931fabced8e904ff6235297c80d19dafe3e4aa229124f76db1461efbbf48","nonce":"c9899ce0c487a96933695fe1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"98cd898ea7b3877467a31e91f029f199b908a6cfe25c85780ed7bc1d56bf2323f03d44a10ed18dedbaa737c6d3","nonce":"c9899ce0c487a96933695fe0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"73e1756102a31e4849b937d3a6f6db95c251d9d35091d63513296605def6d8b23f821c9dfbb427e05f845d1283","nonce":"c9899ce0c487a96933695fe3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"71e7769dc630d26fcb7d1f4fb289315badd7a86533fab3899b30e8d7ef2e21a7a4b6ad43a4f99e01004756822b","nonce":"c9899ce0c487a96933695fe2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"367c4a5c5405f8b21dc2876cf0b80d35f157bc4f62fe8847ca05fe0d1812e7e990a29b0d5c05a038806400b598","nonce":"c9899ce0c487a96933695fe5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"571275c510272d050445829f9b73b352f757e0ffbfff1b91293c2db1f324d2e3bc0816f0ba4f22a32bedd5a7b8","nonce":"c9899ce0c487a96933695fe4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"b176338cd94b9b55e98a072c35f1e699065f0772a82cd0b691e7c3a71e1bb5d12ed4a4f90045f4132ff2a7cda5","nonce":"c9899ce0c487a96933695fe7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"c81745fe3e3f4d5f7890bf277ef169595b3470f6bf1393994ffe37d74b4104bc20032b6f799fc489ca46855208","nonce":"c9899ce0c487a96933695fe6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"cb1896dad071fad563222800948a7581ca64403b2aa14e749a6373d8bd2f9defb97712eb1dcc3ab21d509d7b2a","nonce":"c9899ce0c487a96933695ff9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"276262eab680f7e317a918a447510252cc108db09d2ed0889336fb1534e80204f137fde1ade4a91bd36c1527b8","nonce":"c9899ce0c487a96933695ff8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"1ac4f081c5250ecb96a605f3088c7bd9f23294951113d8fd7161866938e0f376c9f2b1ec86c5fd493456101032","nonce":"c9899ce0c487a96933695ffb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"264bbd67f50e9dea97d4ee3a5fa3dce01c924b4e4aff139e7688ffacf8dd82efbeb3a937dd52aaeabac64552cc","nonce":"c9899ce0c487a96933695ffa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"d3915b0d8a4a5df8a3ccfeb3020955d55553f728baa34b83f19db1191c9a3ce95f43fa218b330cf6aed2fd2c9d","nonce":"c9899ce0c487a96933695ffd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"4e4f75a09a9d39cb38005fae43eaa9150cd6bd243dd04f83bdc36e599aa354a806ddb45a344b86cabe7a8c7043","nonce":"c9899ce0c487a96933695ffc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"343cb22859ea82b1756a660be660904b87eaa98ff5058625677df749956d5ecee036c05e6ad3cf68a4d8f585de","nonce":"c9899ce0c487a96933695fff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"97da2c044b9ec6234ab3a7d26210839e8f006ce5ac4fe93916435b37e66099ab3a974cb2455cf2ffdd388da747","nonce":"c9899ce0c487a96933695ffe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"06ee342c84740307de5800e9087ae699c802d5fda780de6a1c8227502e56ae3b0bf398fa51671eea3e13b1148f","nonce":"c9899ce0c487a96933695ff1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"bfdac3f14909db58bece7603ec8ec0e55812b02bc356a4f3753552b409b18282958daf8faccf547df7be0ce806","nonce":"c9899ce0c487a96933695ff0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"d5ec6c7c38af39dc134875e837ead8e62c2a8d5754d1e589510c6999e2f5542d36935ed069ab8deac469bb7cf6","nonce":"c9899ce0c487a96933695ff3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"081b2b368edf5ac883212dbcdd017b5b07e023b7b4ae9e5b20cd0f98d3a9814a50f94ebf01a9a3153e271f9be7","nonce":"c9899ce0c487a96933695ff2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"b8fc45027880a1d03f3f800bfc97c6403f29d3ba900cd04b1e5fb95f806afd5ef8acfcfb6bd61cefb58f7efda6","nonce":"c9899ce0c487a96933695ff5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"e83aa70f7f3aba62f170ef85987c7815a339ebad704de97f0f00f9b2fbba386b84caa9cc3fc2b6a5c7d6e69d70","nonce":"c9899ce0c487a96933695ff4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"059e1d7c3c093ba0388f63e74ac802d4d6f6960d89bc154e88862d7f65b0564fd26e62434b84c7d8cfc9f2d398","nonce":"c9899ce0c487a96933695ff7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"2beb2025b981a30518a25e95e196c7b86ce0c393ead832dbf2ef11c37bb74b3201e3b759e8d200e42236fe66ff","nonce":"c9899ce0c487a96933695ff6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"8d0e227106762fa1ca8eb7e59f9303ca6ed039e7acabc6c225e30c55385891b6d3e199a45b5cf87785ffb99845","nonce":"c9899ce0c487a96933695fc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"eb7e1ba003534d02a68e5162d257efa6123da9a9448c687446d9af53ea74202804648ec153039669d41ef79c06","nonce":"c9899ce0c487a96933695fc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"f8c16fc653c684b7b08254847129f3352557b5717dc639f1a232eabee8738f92bd799f23d4595d569059945b3e","nonce":"c9899ce0c487a96933695fcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"dee2aff44121c55aa65874ff1a0465ad77eefe7fd640497f9a49ee3d87bf5437da31506ab4852559061c228f76","nonce":"c9899ce0c487a96933695fca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"4ad08f8d560f7becee5e6925819790df064cf9663dca6456b3bbafbf363fa739a9a45c88221e69badff1bd4872","nonce":"c9899ce0c487a96933695fcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"a63d683d1c9e793ace74f87b2b9df38cc9c6d55dcd8132e5c24d84993ce928a64b82021965cf9e30daf272c812","nonce":"c9899ce0c487a96933695fcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"f44ceb07ba4b63ae212e87180c4b8ee4a4994f2e47ce3b22c45df3c0e4f0dec9e0e27fbb3813afbb1886115f5d","nonce":"c9899ce0c487a96933695fcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"71b259296b7a0a288d46bf00d0ea90f26177c49a8e625c622f21e21c8c1c34c1457443690bc23daba37067dc90","nonce":"c9899ce0c487a96933695fce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"164a59656cfee29993aec198f9470784e6cb29494866e35c109e609421059ebb06ec6a3c3272ba696086014804","nonce":"c9899ce0c487a96933695fc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"94e13fd6860ada5013e8951e62f66c1d046a5c3309c667a91e06c76312fced6242681eb52e913ffdf978652f7b","nonce":"c9899ce0c487a96933695fc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"3743c826ff974855cd2bd018546b592ac7e108cf7f1982856296e105210f369a8a8b9c6d6b671df141375c8576","nonce":"c9899ce0c487a96933695fc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"ae000bc6c7b18137819bd5fe9695d083c28364f88732596eed1fbfab4c4ba14421d953d0c0079e31eb85808c15","nonce":"c9899ce0c487a96933695fc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"0bcb85ece44d181df7b22b925caadb2998d3068a8e41c34f62d48efda3f4eb488a8c03ba513cafbd0f733470a8","nonce":"c9899ce0c487a96933695fc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"c33294c3007d9024804f7f7ab4448d5ae66c7aaef173e159641cf207320b9daa618ab936e07cc34ed0e2fadb6c","nonce":"c9899ce0c487a96933695fc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"ee256adb2ce69638fd2d83cf299b0f191beb515d0d8569d17b9e54e308ab0e4a26b224e243fae8d55ddfc0d0c2","nonce":"c9899ce0c487a96933695fc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"7bbdf6ef000ac835f4db63b543caa0822a82f5b677b1517d3659b374a851fe31870a5f69379251671a1b26fc66","nonce":"c9899ce0c487a96933695fc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"cb50965063807149e8f719182d58160eeaa17c7fe412ed45b3097bbe1c63a8e91e02ae0d18a6190fef695a931c","nonce":"c9899ce0c487a96933695fd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"ee38360393d7a2ff92012a6d2806e6dc617d2589a233b9afea74aa1d4fb4aae066f566d42d6cea32174cbce446","nonce":"c9899ce0c487a96933695fd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"5f6d07f4649e1c6d6b7447ae51f6c16ead7eed106a3efe61ba8b1e5ba68a13d7c6eabb9a048798b0a0fd6da634","nonce":"c9899ce0c487a96933695fdb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"1342b38e3dbe3186340a6d7a60df4fb339357e72bd9443ce8095358930511579c35b944e2825fc8dfba64459d0","nonce":"c9899ce0c487a96933695fda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"16baa8704aba8c73c05e734ad868499bc90de8c087b40973132cdad44eb89300b55e8dd5f11b4a524d020e3704","nonce":"c9899ce0c487a96933695fdd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"e1d99644ed89970a7838c347fd19a9f31ad0a979c6866eab6ee9edda55523da5c237e854bf959de297a0e7dfd4","nonce":"c9899ce0c487a96933695fdc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"58c4270202154a34459207d8f0c8b52ec898d49f8ef0becd9b568ad1993a47c89a25e99cc40017c2e3758d8d87","nonce":"c9899ce0c487a96933695fdf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"0cbe7ac781a3d614bb7f0c82968b9b966f03bb7095bd9c1bd19daf7d8f819d8f3aa03181647cbbbfbf4d6d69bd","nonce":"c9899ce0c487a96933695fde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"8393b3afc496d59d9fbae7fa1fb8c39e44368b4e888fd9a8ab83ff079140dd6dd7275c6258e09377303bf60573","nonce":"c9899ce0c487a96933695fd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"8afd0524d10c3e120d39d749c25c62b17971842680fc0557365dd612fbda339cdcf3514b952d1f0b359ca93ca2","nonce":"c9899ce0c487a96933695fd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"87e9cdf6382213672bb86260dd850b2a06fc3a92c21f163ba602c3da8be544ccf31b747f406b9186d728fbaaa4","nonce":"c9899ce0c487a96933695fd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"b15d7f3e66f54e43e7fd85f5657b1bf8803c77205cb1f7a6a7b7dd97a563d6636e31a6542adaf803cf8a555954","nonce":"c9899ce0c487a96933695fd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"639df76b582c0dc32f206d070ecb3bc8db68ef38a42a194c685c3dd5a30b2c13b6351033f9c2a67b045bebd79c","nonce":"c9899ce0c487a96933695fd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"1b435eea421b5984d5f0d0837af7abf972dc5674617340af1f01f528cd2f891fcc9c3e2dedb21ed88298f3edc0","nonce":"c9899ce0c487a96933695fd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"3d246a0b6f36714d34382a7362604b72ac2c1834fc2b8cd544c40ce3c4d6a02dc074ba40b2ad5533e5ad0d9073","nonce":"c9899ce0c487a96933695fd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"f81f33ae611554503b0ae3a0f837f94fb7d7e1df9fee6c8865ccafd4f18cec77af9d40f27ce76ad0a44c00e0aa","nonce":"c9899ce0c487a96933695fd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"67a98a16633fbfd29938c686d1215758392b084906a74463b61c0c1327cbda01339526cfc45ca1afad570da83e","nonce":"c9899ce0c487a96933695fa9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"ece2e63b01868b1c9a6dd2c9495c533511b5d3faaba13d892a978cd6b220d0907779edc77aec4f982c71cc7352","nonce":"c9899ce0c487a96933695fa8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"56e183f387cf447cb4407bec95caa1e8fadfc4362795d337d4257e330965a37fee50358bd66b328d899552de07","nonce":"c9899ce0c487a96933695fab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"13f7cd1ac2bf05caac38f7a397d0822658ef8ff75f8fca63412d9e8b6bdcd3a5839010e90c5bf8337edbe3f9cb","nonce":"c9899ce0c487a96933695faa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"78d071bd086b96ab7736872e6dd5d26739ad9cd7628afb1f9b8cef2be56b70b1312e96153b0b234475fcc262d9","nonce":"c9899ce0c487a96933695fad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"de058ad81af99e5b06bd6a606ad8480051935825d4016c5a99bcf41c11763f3978883e1f22eda63896d840dbc7","nonce":"c9899ce0c487a96933695fac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"84a29bc5aae4104c0e16a7c40b256335a08388edf14a1f4c895a4530113a987d26fd9efd5f1f6e0e39daec0a9c","nonce":"c9899ce0c487a96933695faf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"a1ed0fb273205a5db8da690ae29be6a33d1874516f59985d0b73c3baf92fa0e64beb8a1acd6fe59bba84af93af","nonce":"c9899ce0c487a96933695fae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"76a3832ea1e2c640d08e14d86b780558a1db406c30258033d8f2f97147f7c8b12178ab659df66ff6719c30958c","nonce":"c9899ce0c487a96933695fa1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"0d6a024fb44ae6103dfdf1e567ad65f3f86fadf550e2e4d1c44b06d86620857b131ab91a473290e93236eca3a6","nonce":"c9899ce0c487a96933695fa0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"b18f30eb5b6f0bf31aca98a883b9ac176d411d0af000368e57486b2df2bcfbf260eff5e82442085b7a69245fa9","nonce":"c9899ce0c487a96933695fa3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"0bd71ade31310bfbae2601a1bdfa188273f1565ebf4a0b192d63b1ed2e6ec6b8c7ae01b1513d46d377d2699b7c","nonce":"c9899ce0c487a96933695fa2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"cbfd7553d7a9b8bfad23893cc3a2bd332108b79d63783efdcc87f1a398e7f8e0670a7c2f11bdfe0157bbbe67b9","nonce":"c9899ce0c487a96933695fa5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"6c2a92e111324fc88827e76d3bc8d5f58dd5e7d3277c1c600a5e577c70cfc69fa83fd3c71bd3b2a449b654637d","nonce":"c9899ce0c487a96933695fa4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"a786c289d16ea5e9006e23ab20a58416547475007bd84d3f0b9ee9a923ef584d542f1ade37dcfa3fed12931e85","nonce":"c9899ce0c487a96933695fa7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"337e41d4c4790fbebee4544e8aeb6f5b5d1b8ef0957b5b7e6ebb249cf527049139f40aa4b6d307ab334ba6c24f","nonce":"c9899ce0c487a96933695fa6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"2b034e36cd4a7ffc3694dbac5dfd267666c366f76db6e1931bc5125eb7305d8cd5580662bb39215037fba44366","nonce":"c9899ce0c487a96933695fb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"2eac15766e360bd151b8a27600b9f1273c4622e7a447db5ab030411a36bae70c628057c77dd64bce91d70cc6ed","nonce":"c9899ce0c487a96933695fb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"242b4d88c6bfcba7e13d2ce6ef61211ea435ebff0ecd2149e245c9b03219b69daa0f4c59e167853507738c17b7","nonce":"c9899ce0c487a96933695fbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"354aeee55f6bf5c5c1af7920b36445e0bdbcf2a7e9f040963e67f2ab6f1d9b35d927a8793898c71c39f3ef500f","nonce":"c9899ce0c487a96933695fba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"43ad5a8b90de14ea3f79e36eca095f03254deedb43833be4064b9685e9fed6a0b0b1166dd56b8a0208234e5440","nonce":"c9899ce0c487a96933695fbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"adafaa2965dbb62191759d124e8b2f6d941d079467603228878d434261853d4586f41a743c6b406a5c3ddff753","nonce":"c9899ce0c487a96933695fbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"10eab7eeccd3ee65f2fdab1c61545c70b45f464d55d6ab4d8ad76c675fcfc50269e6cc2523014f2a2716200a5c","nonce":"c9899ce0c487a96933695fbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"2e8a35c0f7e196e7d554cb6b1c5d554a5fc2b0f34924c1c8981ff6baba0825db9984af1f85484dd21746892929","nonce":"c9899ce0c487a96933695fbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"3130cd0250c32869c66dcc789bc48b4f83efa0b6398a6381e9567104b09fc713023c7a5900bd94f1327fafc604","nonce":"c9899ce0c487a96933695fb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"81c4419e5e541321107775d8a5168fe706b78fed5638c57e12ed81db316e6c0d5a553fe6da4aae8b336b88cb32","nonce":"c9899ce0c487a96933695fb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"a9d98bfa255f788c5d0b2e5ad829927de8ef3588a230c7f0182e2da3f8c1c26f69f784b4a5cf0940b012ec3669","nonce":"c9899ce0c487a96933695fb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"b97202da07a6172cf0216a1c4521bc802e1eb498ee109ec4166e05d98db069ebcc8af9f9a99cd2c40d24aa54b5","nonce":"c9899ce0c487a96933695fb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"c6d73bb5fd357f62db2d8c54d8e2803c21f5721e681394037ee60cb0346c3f9c63993094c79d34337fab53361c","nonce":"c9899ce0c487a96933695fb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"4ce9e7266ec2756de02c4a78a10dea67944befd7314417f9608912ae763dca7c47d5efcd682a3037f744e7eb6c","nonce":"c9899ce0c487a96933695fb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"fdb021589dffb36ac82425775fada569b0012560709a28f53fa4f1882e031b6933b220c0fafde83485243ec208","nonce":"c9899ce0c487a96933695fb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"751daa438988866611014e98b8903213ca457114640c0b9653d283b3d8305a24cfce4dcaef6ef8a7a789b21dda","nonce":"c9899ce0c487a96933695fb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"642fa2f50d87c209cda64f6904cb76d4b8cd4911633500feecd0fd09cc365bcb7ec08d775256adbde0195f5843","nonce":"c9899ce0c487a96933695f89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"a58d5fc41f00f95b4ea59d7a14cdef07be99ad3ca97f7338e8b4aa795a59ed227ec0ad95a58db486b515d921ca","nonce":"c9899ce0c487a96933695f88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"5def21a534d2cf1bd3fbdb850ea4ce54e5ad044692867e62ee953ac69a8a7552e44b913f967cba35dbeb61ee05","nonce":"c9899ce0c487a96933695f8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"5d911dc808a861f0720682bb7406edf6c78938e08a04faff61e0959934d3a968deded01d9a4287d189aaba4400","nonce":"c9899ce0c487a96933695f8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"9847e19df3a256e7b18ef3a1113bf70a0f9005e2fddeb19bb78efacc3b698fbd8f74e8ec8f599f9dcb183baea0","nonce":"c9899ce0c487a96933695f8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"fb63b12024421cc43c30ed40703ea2527b19fd1e9d1b92b10e985b8c7ce539c416dd304dcf967f2495129c4995","nonce":"c9899ce0c487a96933695f8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"c2e66bf8518116f585193b229a4b5cf5de27050ab23ae07730873a2b09fb306435a4fcc580f92c69705d44b9fb","nonce":"c9899ce0c487a96933695f8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"dd94f174cd2caf1c61deeabcadcb49e8d04b424a0bf4e39e592403804fb296d9479658a6e6077b285d958a1036","nonce":"c9899ce0c487a96933695f8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"5be3fa01a8f153dd5d38a55a049a91555cae3487db97be74ca316ebed040e81847f0649e7a17a14220d0ac6838","nonce":"c9899ce0c487a96933695f81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"056dafe768987b9303e0b5b1b2afd06ff748df4f1042816b72c5f511d3f186c42ac137e8f78ea302ee90084d9a","nonce":"c9899ce0c487a96933695f80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"537b3d5d9cf837c42f63c3e006e29d8dd4e2e4a1b92870b2abdde6cf075158d64292ae6734d3e312a02e95f5db","nonce":"c9899ce0c487a96933695f83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"aff799b0ffd451637aa1358d3e79514e4f801c508d63ef40e5a0bda966d4b781ebe06501808d7f1f0ed8aeeff9","nonce":"c9899ce0c487a96933695f82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"6e9f6ad1491ae509309b93503ef715cd32f3710c0f36e6d3f3f8d6109283dd589877561a76b0ba0f5b1af89d47","nonce":"c9899ce0c487a96933695f85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"8a2fc809cf8f0afb78377b889690e2829efea2da64dad6a71063213c4b14ee0f793183f4b822fe53d33011f090","nonce":"c9899ce0c487a96933695f84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"96c950d4f24d2116e55cbca4936887719eb32564ebc021d83a9912fd7f9096a63b8078398da3d7c5766c6a88be","nonce":"c9899ce0c487a96933695f87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"4f04dd48391bce78e4da765a1311c18b4f1733beb167d85ba1cb37ca3a497de3ac3a9f402c68138bf11b8563e4","nonce":"c9899ce0c487a96933695f86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"b136aec49181225ea788d30e6772b3cff651ac26a0898bd3d15ab815f326cee4ea503b5d5f7325c3e1f939c20a","nonce":"c9899ce0c487a96933695f99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"4121a4e7e028b2c16f7595d02f0134472460c677f0e3ddd453ed4d291498957177260b75522237f1c010adf31e","nonce":"c9899ce0c487a96933695f98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"e311fcf926bc4b6a9ec17350093dfa4fea7f708fe61efc0a6e81c32f2d333de38d8a3feead563184f50790f66a","nonce":"c9899ce0c487a96933695f9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"71562da9b67b25c900e4f6c434c995f9d6971f677e0bc5104cdaef94fe8f27ff7515700987900a35e0bd103e33","nonce":"c9899ce0c487a96933695f9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"c921eebf4788a67ab31f702cdb9013fd2a0b4601c7ae5e36527094ce7fce03c8a64427e9b3df3b72a8c789a067","nonce":"c9899ce0c487a96933695f9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"5685af01bb1a5da121375c3482658e5a61ab51cf3cdb04df0ad94936f5ce4cdb0e6e25d72296f8a8cc3f4fee5c","nonce":"c9899ce0c487a96933695f9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"5df4252e1300d018eb66fc1ff4c5bd4fa81620a84ca30a05bd68feae627a28d8d13ea0f8c71e5fdc1fe302392b","nonce":"c9899ce0c487a96933695f9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"c53b33e9dbde473254305accda63d49ab3fa941a223e8c9e25315062b105b03ea0bd077cfa49f62f85a79535f0","nonce":"c9899ce0c487a96933695f9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"beb26fce96b202d192fc3d50548406703e1bed12afcdc13d8d9229a6133e48464fc572a862b1a1bc1a1e5f3d6e","nonce":"c9899ce0c487a96933695f91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"784ca2bc733690c1864f956a1283e582d425db964a6e120f6c730431cb3c355e4807b9b65a8c124f4d0953f40d","nonce":"c9899ce0c487a96933695f90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"0dfcf20145817cb162f67ccc5ac4664041a9dbcac7a7c58558c60f2b1a0a2951260ff095d79e25055131e663df","nonce":"c9899ce0c487a96933695f93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"3133736f3081b685d8b05a5f3501c20c3a21380cde1de5a67d977494a16234388d5a68f281e1e505d29c40775a","nonce":"c9899ce0c487a96933695f92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"11ec9c09a0cc5bb03eb2d395938a72ec4bc0c4c4377a0785d72aa67b56934dcb6782dd10a3760cf82a104b5469","nonce":"c9899ce0c487a96933695f95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"348dbb44ad410fe0dabe425ed81e05d04e380059cb67c7cc79a0c5d12bd6899f325577e0062d3aaf5cf5869ea0","nonce":"c9899ce0c487a96933695f94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"005891b503d4792bce8c99d40abd472df898196cc875860c37be739d1faf1617c25cae9da84ce24560f1027822","nonce":"c9899ce0c487a96933695f97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"cfcbe563cbf55f31b7e955eb3a6706c84bf0aeb02bffa4958bf61be35cbfaba691d0361c1fbfa012de0ab7d23e","nonce":"c9899ce0c487a96933695f96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"b95626b3bb9157add21d649345efbfcf56e5ea9861d067cf1d7656879a3c51e4fa4c3b9fb4d259ac445269c5c7","nonce":"c9899ce0c487a96933695e69","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"596003579117f3edeeeeb84e602b1ff316fd6771ebeb9bd400fd5ae9155199ab"},{"exporter_context":"00","L":32,"exported_value":"d0a4a36284288e3bffe9da9b84bc99da99d7912011bc26c462504e2596229246"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"419d16ff65523a00452d37ba2fd5f2b1a9261aeb30f1b1736cc2f3febb16c884"}]},{"mode":1,"kem_id":33,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"a0d7afcf2ce0b11135e6a7632f92a491f9c58afb6b90262ef50ecc422d3a666f69992cf4a54a70dec6ae29f0fd13f01c60334bd1d0b548f8","ikmE":"2870b40c892dc1d110309c27b9e9531e3bbb50bae8e07decda83f7d9d2c9a1fe18aa4b7881c8278b006a27f8c705b8e75dbca9c5f3956b29","skRm":"33e82a078b98ef25c903ec4c358445a0a7bbe943ea63d38b8e06d3b90a8564bd8013824d48988f0b63dc6d262357bec1de7961f17b85cab0","skEm":"df8e495103958d61652e287eb0a3db9dd1f43c4d08de2ea6dc07ead691862ba5efdeaf3081a5370611265ca50d2988730045dda943a5a5d0","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"2934e6cfda250d153cda5fb2bce3aa1a97792f3d07e625057370b2eef1c83836d2ebad17239ef6fbcbdf88e0d45f6f88fa5ddbb1e3648c98","pkEm":"47bbdd48e99178176f58289b3c6cc2bca1fc39576f671aec3d96a2f2801e328446c62f0bdaf6d6465eb1ceaec310853e76bb08dde233c104","enc":"47bbdd48e99178176f58289b3c6cc2bca1fc39576f671aec3d96a2f2801e328446c62f0bdaf6d6465eb1ceaec310853e76bb08dde233c104","shared_secret":"a329b2a09f82c1f6e951b8e2c2db0109220e3d6c8f7326e8e234e10b448401919de5c0e1a0aa74e2d96a59b6630a179b8c45935ccbee20765a7b9da81aa51999","key_schedule_context":"010a7c8b9e324bd689cfa3b72dd78f6b347be3666df100fede193d2d7564373b5859fdea4160c82285f4d0f8e5c644ae33714a93e91c2c82a980a152a8ad127ada94b5b0e6ed9749cf5a584367aeee9665bfdcc13ea89374b725e4d30a351bbcc95bc70b4c35cc84a53ffd1e1877059f35f9f9c98ae168ad89a3a7087d7e88b855","secret":"7ea010cee4cb077571633add59c03ea55af61e024744d110d96941beda546e9e59702fbb19e379fe527b15be96b39e842c9f7794941801dc3ad238b99a6f7d9a","key":"88eccd78107f504133e82467cf28e9b5df365b8f721affd2e74813f533ba68bd","base_nonce":"d6d3dc03d0dd0182b77992ca","exporter_secret":"39f49a049c608c5a5b89029fdb552b8a203e3cc64bd9d871e876a5aff994d9b6d2d3820520e19b9b4a58fbb8c618c58e55bc96b55e7bea0fc22e78c74f4e5fac","encryptions":[{"aad":"436f756e742d30","ct":"8896497920bdd942d19178c2f1544284c437cf164be998d6b502c85fd7764cb0f8616f2ae2a19fb47418477f64","nonce":"d6d3dc03d0dd0182b77992ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"13c5f9ad0281750848685ba8f51897c4f557e3a75d9044b64630aa212ca22e5cf509e09d1b626bb2464e33bca9","nonce":"d6d3dc03d0dd0182b77992cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"53d8695040e1b26307c8625bef3c3037733cd7fc5a823355cc48b0a81bea03097647ce7d9b9f6f755e8ad21c71","nonce":"d6d3dc03d0dd0182b77992c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"e9272958e9644f0de0754dd1ffec5fbc44f35b27861db2884124117bd23fbd9b740cf7dfbc7dded0529aec03ac","nonce":"d6d3dc03d0dd0182b77992c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"9d3d9ef75df481c1a1695140f37dd9b43a25c154d6a895a13d43a48ff8e252188bd67b43990fd61656269b9932","nonce":"d6d3dc03d0dd0182b77992ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"d2b4e82539d8df0a5c221d2064f103af253ada4bf5a14559671dadd3bd717c338e93baefd9322a132a2b3cc04e","nonce":"d6d3dc03d0dd0182b77992cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"713618a04a41a6a6940bcd0a37b88bade298a698f40679b26af34b8b42356bda5f8ac1bebec794008ff6827bb9","nonce":"d6d3dc03d0dd0182b77992cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"49397e0c723929e920518a06e632fc3836a02b4f2bfc3163f003aed5400a5f5e6306ca7f7e80d284cbed9591a7","nonce":"d6d3dc03d0dd0182b77992cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"ab727862976e747335c3aedb9ab0d678079b20c2b0759e4acd164dd57653c3974b5e9a67c46175f01abc803893","nonce":"d6d3dc03d0dd0182b77992c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"27558a2b9a32099d4928a0081b85a061586bfedfef161117b88b58029d55f788598fbf382dd2efa461c7c15a66","nonce":"d6d3dc03d0dd0182b77992c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"2db9a7ef61881d23d844aed2e66511b2a34f6fefb84acaca8b76bb5a228f5a517c0c6029037baacee59bfe1e3a","nonce":"d6d3dc03d0dd0182b77992c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"533ee931c51d36bf03c7065eddacd0c5ae39c9d78014299c9b3d2469fcfd040690dbc9597f1dfef97856fe08e6","nonce":"d6d3dc03d0dd0182b77992c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"92236742834f30fe13a3bcd7bf0d0209afe269b674fe5c6c13727dbdb221ac363171f6c40e3e71cb3a8392bfda","nonce":"d6d3dc03d0dd0182b77992c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"8c358fd9667ff1fe615e818ce63fe89a9d9db77a194d81ac33a414d474a661076df666e0f4aac5cb13a80f3433","nonce":"d6d3dc03d0dd0182b77992c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"4936a1a78663c1ad2393fb606a38c7c01455fc138b6ad6db7a424947ba0dc19f042ae805941a29fefe14c08c91","nonce":"d6d3dc03d0dd0182b77992c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"de0cc517afd168c2b1a5e9b0b26ad5f181816c9c151d86855e2f4cd6c84ff13251335f6219570d39726cfa06ed","nonce":"d6d3dc03d0dd0182b77992c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"84b171909a20c53db101461458879ff65f7bd9240888a7becb66cab2d1e0e21415b48f0a7c76884b700143e9b0","nonce":"d6d3dc03d0dd0182b77992da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"e4ce82040f115086a20a1aa34f86a95248f9aafbc01c9a15614f15f924ef3808abe9cbe4a4434e22431b676474","nonce":"d6d3dc03d0dd0182b77992db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"fefaec1c3ff7037947c29b69399d0dbddfe40ca06a116849f54c7d81a6217a786f16af74b2ddffe9e17ccd2abf","nonce":"d6d3dc03d0dd0182b77992d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"1fe76f66b64bd9d8973ac8341c18eecab890ea829809ea49ebce23fae5100745c2e38e3dcc331f081db24c13ef","nonce":"d6d3dc03d0dd0182b77992d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"34711b8941fc7918e6c768478517ea04bfbfffbea7175219f244b0911d6e46e450108141e262686d6b862975e8","nonce":"d6d3dc03d0dd0182b77992de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"b0d8c7f1f0a24a2b60a277417ab1e7ff1bf400dac56f4c7f00ce4d465460d66845e084ce9f48b48938947b29e3","nonce":"d6d3dc03d0dd0182b77992df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"90129c7f0d6d8f484460a27f72f0c55db732fe8b2f6b29538244e44df9ecacab7a3eadd6eb4343a3f48d524755","nonce":"d6d3dc03d0dd0182b77992dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"bcb306f7c049b664085c76cdf0c85d1a99c714690615f39ab52a7a562d55764dfdb2d25a4f666986ea41939526","nonce":"d6d3dc03d0dd0182b77992dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"3afd2d419d737525c36785d55e0eb3f86404244e6bbdb75ec11c92c9ace571da24501059a71b60edd87a9f43f9","nonce":"d6d3dc03d0dd0182b77992d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"a62903d0251e6d90a32bae91a49502c1f9ac873baeca95eb71b428ced41514ecb79b5a73135cd0f3abf0c2150b","nonce":"d6d3dc03d0dd0182b77992d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"3c19980d184bfee60e1d1674efac19afb6bfbab9aed03c831a2491571ec0a81dd4a70cfdea72fbeb9086f6ad97","nonce":"d6d3dc03d0dd0182b77992d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"e4fb4eeb5978efad9f5758e65c8f81e16a9bba21ebf9d042bffa38c6c97d4aec7a17b864c4ece5669e18b74d06","nonce":"d6d3dc03d0dd0182b77992d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"3223c475beaf5d36882a27bccd602e83ef6eb7e2168b26785b180d147a4f0d7de43521dc819066d7c29c6809f1","nonce":"d6d3dc03d0dd0182b77992d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"18dc546da63893d6e61727fff94fbadf0a0ad03b0605d624065c119db39797e7a8f40f35187e54bd12eff8f565","nonce":"d6d3dc03d0dd0182b77992d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"2ced308d18878f2464cdd953b46da78a8cc878831abca6bd9411381a8528d504928a6dc0afa511d79dfc1c4e44","nonce":"d6d3dc03d0dd0182b77992d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"a0941459004801db519cf54de3a01845c77e7e528a0446792cdf6e413c47ba82d7a2251ff30c2375f8bd2db02a","nonce":"d6d3dc03d0dd0182b77992d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"60fa8d4633df2c4c1a139cc860daf677ed8cc91aef4e93851ff9d61fdf20234511d499bafc99162bfb331b1ee6","nonce":"d6d3dc03d0dd0182b77992ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"cc0c3b379f45ca85b1a490c7ab0f85b9e85f0a2d782a0b92b77e7b796e7f68034df81ef98a3712b2b001e291fe","nonce":"d6d3dc03d0dd0182b77992eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"b2bd2511f13d99ddf0e8b35c92e93fe9965eeb49cd7e184335645910c16dc36a8e4d24b5ac427000ae48aacaa5","nonce":"d6d3dc03d0dd0182b77992e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"100d757c0d04e5d48578ff5e2eabe390a202a9de3964d4ef0fc368553408bdbbfe9f002c583b98ee1fc4d63f5c","nonce":"d6d3dc03d0dd0182b77992e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"611176db26e6467bac305f8768bb0cff74794d59fe80d337593415a0586e53fe5ab5f495f11d95595b0bc3a259","nonce":"d6d3dc03d0dd0182b77992ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"707d3a62e137342055c6926ca7efbb41fb1adccd4f279988252adc34caed7a70071248f9897634a8124dec125f","nonce":"d6d3dc03d0dd0182b77992ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"6aa09daa81389de02930a6bce4f98dd86ad09334643fcf64bbddfed0080d1a7fe6229b902a58ed4edb1a5b5fe5","nonce":"d6d3dc03d0dd0182b77992ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"288af27c076bac00c33eb86bceaceb9814a4c52f8b0b11672920b40974f0b666980119de99dd97a17a67d86eaf","nonce":"d6d3dc03d0dd0182b77992ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"a1f16d76194e280dca3fce71988bdfed33c9dca40f995ee3d3e3b58ecc46ba8bc15b55f81a6fed8473d7fa478f","nonce":"d6d3dc03d0dd0182b77992e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"6345ee1aa1154a394dbce27152e6df797b41d289754fc3b1c40b0a7a0678e975107510b5e5e6743d1afcee09f3","nonce":"d6d3dc03d0dd0182b77992e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"721b179168355e03ad6c01df6b1dafbdc6167710dee6c882d9ff696ec93ef46bb43a89af86a7459023025e7a17","nonce":"d6d3dc03d0dd0182b77992e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"f6ed4c60cf6e853ff833b7422cbc37793bfbfd9d4b8e1c929903693403c8ded4d00e12ad14efef70722605a750","nonce":"d6d3dc03d0dd0182b77992e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"0d38e2eebd8ad8a58c7232fed2ced4a816ffd01c197989dcec0b4c91d4975d6d8d7de678756890f60b0ce0d228","nonce":"d6d3dc03d0dd0182b77992e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"9171939813de0af25ee8f2591f012d1679222249ee3f8dc4ec7a82f088d6e3c8af66c52340e418831821ec4405","nonce":"d6d3dc03d0dd0182b77992e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"a4083a16e6cf1f5b706f94c598110331813f7452e97d03760838561885a4bb909607a2fe18f3bf82a83f6963cb","nonce":"d6d3dc03d0dd0182b77992e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"67dadf4c4f60974588184e1b4ce8c8fe0afce465df792e202fd5452738ab20ea5bfb741ac90b70775655efb836","nonce":"d6d3dc03d0dd0182b77992e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"663249cce9730f10505972b79fb5a0757e3e05545af626538a7123c489e088f9a7a1b097508134e7e2ddd5cd95","nonce":"d6d3dc03d0dd0182b77992fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"dde746f748a1af6df5d92fd41f54d004f69c038043675bd0fdd1a435a13f2c62d190799a568e55b2bd148ffced","nonce":"d6d3dc03d0dd0182b77992fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"ab38a30fc76fcd10543840a6b035ef2328b47455d8b5c4b2d25b39b9fb15b2dbcb908e67b4d5aab0d3e4a9569e","nonce":"d6d3dc03d0dd0182b77992f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"45a1d5accf2359f77675087508d2489134ad8857b17a0bf30da974379ea8cd65db1ebf003e44a3940ce5464030","nonce":"d6d3dc03d0dd0182b77992f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"6caf400b016a6957d0693c8ffdf537e63b816ca54b4a9ec26f85bfd4bca3fb2cf4d8879e6a888c60cfeb68282d","nonce":"d6d3dc03d0dd0182b77992fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"35eea63c036df216ab59ba4190f5ad7b2005a7647182968eebe43af011b66ef1c881f70693385d9dd4e17a583d","nonce":"d6d3dc03d0dd0182b77992ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"989b428df8695a046b6d2140776f645238452ec56eedb97db235e409b25b1377852d37ba5ac7c2142fb787444d","nonce":"d6d3dc03d0dd0182b77992fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"969b43450f110ed643207fc47cf6fa628dc1110c365b1904b5bd8cd84e13fb9d36243d17353d7398b1b1dde6a5","nonce":"d6d3dc03d0dd0182b77992fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"35494cec103e489a53102df6a2c00087704250ff8edd25ff3e9175f6bfd70f36f88208ddb1f981d26e2eeb0c2d","nonce":"d6d3dc03d0dd0182b77992f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"ff12a8efb61d3709a558b61a9228b6aae39d0269457dc39fc3d223dee6390c062785d4df60736217f95751ae84","nonce":"d6d3dc03d0dd0182b77992f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"1f78799301c0cc73f116d58f66d30f91b9f023e1672819b12d2ce0ed31404ba1f5b74d99b3e894f8a82a40da32","nonce":"d6d3dc03d0dd0182b77992f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"139f7ec6788ceab789389c1998cbcaa7592e712e23f06b85a1217dd4cd2d85f3ad7d460245a7f480aebbeec30f","nonce":"d6d3dc03d0dd0182b77992f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"a8533028498d8af270825cb6d7f6362fd4b8da836d05fdae0d3606faabd8eebb3a09f0d13829104244f1f4b9a7","nonce":"d6d3dc03d0dd0182b77992f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"0b14affcf444532a16cf0c663934abdc505325e233cf442eb0b56cdfa80ff2ac3dd58b8a4cdf8a01f92fa2d538","nonce":"d6d3dc03d0dd0182b77992f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"aefe98c1d4756ed72e99e276b37cec3f7875cea5041206bdbb4ddec9ad3e87ccdb41ca87e65918acbfcd0069fa","nonce":"d6d3dc03d0dd0182b77992f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"5330cc2ef14c5445fce5eb53c94a56d0e0cc26467531d8cce461dbbcc34208bfb35499ecb42285be1d90030ca3","nonce":"d6d3dc03d0dd0182b77992f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"ee9c0d7c988c0165c878c2391e824480cba145273e3f66dec5308d26e0a2805d1e2dbd607512a8fc30181b6b21","nonce":"d6d3dc03d0dd0182b779928a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"2b1fe89c82aa376207cdb98c5d4061111c5537b89f6e2d2ff36354bce5368f79b4a2e7e34e6a21802758fe4e72","nonce":"d6d3dc03d0dd0182b779928b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"ba73133e00f5a7087a545d66407cc24bc0e4a65095744e82e0984e824375e0ef9c7f728997b3be6cf9ab8b1104","nonce":"d6d3dc03d0dd0182b7799288","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"2b3f3f9a1da55bffcbfebc66938d4bff3f8c562384dd4e044e68b0eb36e72e517bc8628e9bfa3ca3bbda4b6fe1","nonce":"d6d3dc03d0dd0182b7799289","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"e62dc7d7109cff99e7177137103aecbd8c8d903908cb8caba9c8348b76bab98604559a59fd301287abc70660cc","nonce":"d6d3dc03d0dd0182b779928e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"42189d786fee48881e1ba2119a3c6d07fe11bd3c9dfae79fd8e51de89da578a8fdf6b482d2eeed4054bd8dbc97","nonce":"d6d3dc03d0dd0182b779928f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"434e8dc14779ca90dc2a2c876be69a018c7df0e865156bb4302aac08463c551bbe0a98a27c25b291f9555f3d4d","nonce":"d6d3dc03d0dd0182b779928c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"54f7727562858785e785d0620cd24a18136f3a055c8bed6485eb1c5fc12bdfac2c1cc06c7866ff0062a5cb0879","nonce":"d6d3dc03d0dd0182b779928d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"96c2f8e9d69951528bb9e9d00958689b24a52469eed8fbfdeed5688084c4635f972e77c079b10fad4f907dfa5e","nonce":"d6d3dc03d0dd0182b7799282","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"6ec496a4f9c7903f712abe97d1261703b1c23b7f7dd1cc6c4e884d25aefe5d33099180442e2031a83f41f53d32","nonce":"d6d3dc03d0dd0182b7799283","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"7bf1114f527ace9d87d81b4450f036a43988efa0dbde94de74666b401074fa279d637c5370d36f45cb83a810c5","nonce":"d6d3dc03d0dd0182b7799280","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"d91ca151cf3a768c6e351547c2fc984cec5c21b07b3321ab479636c792787831d227a2d32d90662c90a372350c","nonce":"d6d3dc03d0dd0182b7799281","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"ba0d846b95e9e863b717027cb87f74acd9a5763395206de91b4645a2c2263bc4ea1f6369f4c6e435b9d2345625","nonce":"d6d3dc03d0dd0182b7799286","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"0be975c299c9a53dc63aae8c6daa89f5cabb0a9217dc322e18182b439eda09eb9c235517e5a268a08e680467da","nonce":"d6d3dc03d0dd0182b7799287","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"163efdc4196f636f07125a45ef6ab5a4b2caf55d5754587b1878d8a1a9f0bb1ffd263abc2d941062ce0efcc170","nonce":"d6d3dc03d0dd0182b7799284","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"eb33d454838fcd7c0f36f636c468ba09b97354e11a7219abd9a653360ca91e3972641e092dd58d095f95342e48","nonce":"d6d3dc03d0dd0182b7799285","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"1a4ea2dd8963f499c4aeb4ced7ece4d8787bc0a65e57e31c7746d5f96dd1a4ff36d174a5880d5565fd0164468e","nonce":"d6d3dc03d0dd0182b779929a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"b8b38324be0c94f197b193acf4b27b9e4434d30a3fcc02f6d87cd11dfe918f8e265c025397d3bf78633d2c0384","nonce":"d6d3dc03d0dd0182b779929b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"b9e2bb3d80c034a5e79a1802929ea11e2f47022ef51b4326b037ae5af3665ca19bd6dc8afcb151687c62a68ad0","nonce":"d6d3dc03d0dd0182b7799298","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"78c7e947b45351e0188869db0690e5038e234b687dbbfb8ba2e05b7282952a19ba49eb698f0c78347e4e748df8","nonce":"d6d3dc03d0dd0182b7799299","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"9e493ddb4a7e8adae046f3b517c2c6b8da1f637ddff3c162b0e6fc0910db75d3cb767d2142350afcdd7b370ec6","nonce":"d6d3dc03d0dd0182b779929e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"2004891f3c9bf7a54a0e5f3e01e41e35dcb7c10c79d6304594fffac65b92d4fba34755caa54094f759c0a8c115","nonce":"d6d3dc03d0dd0182b779929f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"f7e45cb6414cd5d04cbdc61d2538d6304a34e81c93d1ef0c83788c887033beb6175a0a7bf03702100bd7b6cd94","nonce":"d6d3dc03d0dd0182b779929c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"70eab994a00f8c8fa9acb2056c30a274d7611406dc68da71a96997c3f07e50f782bc905c6511a25c6802feb8f7","nonce":"d6d3dc03d0dd0182b779929d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"5d74b3bd81f34698fcde2b419d33325d4267e60f5705f0e4d743c00ba2113f5123dfae7ff63e0aee9f2cc08578","nonce":"d6d3dc03d0dd0182b7799292","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"ef93542043a519e74bd5644aa64ff2c90da28dd26ebf129243759b2e54662d401d78e30f2e9d95dce84b48dae3","nonce":"d6d3dc03d0dd0182b7799293","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"e9f1c3df23469404efcdb059582ea460050f86855c003ae9b31dad0fe7d40aefb4ead8fba1f330aad1971e4a43","nonce":"d6d3dc03d0dd0182b7799290","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"863c232e37d40c423e0156b2a82d6f87d4b44eafd7b36929aae980303c9a48aca9e1b9fd105267ff01163ae856","nonce":"d6d3dc03d0dd0182b7799291","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"80b87f052e6a90c27d535f6d5baff4b5689841e79407f5e2b601de6a471e4ba827428e7f398be2edf9a0ab55c6","nonce":"d6d3dc03d0dd0182b7799296","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"7efaafd0f8274e7fec5b672c1eadff27b9a33280f432bb07afbe8253545801c55bab9bf61330471147a6d2dbc8","nonce":"d6d3dc03d0dd0182b7799297","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"a8427392e3fb08e89221bfe3b1861b16cd75863a07a32c78ea06d4746f9c5532b37398905fee6fd00ebd40ffee","nonce":"d6d3dc03d0dd0182b7799294","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"7cd2fde90f8bb3b39ab0ecf94470d3c010dcde4b1988ee85692373e1faa3d4839e519b30d4ecb07a06cde36f91","nonce":"d6d3dc03d0dd0182b7799295","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"762b06e72d8993c736ab2a45623f61867232c7366fd406cae4046ad002cf1183ce36b7062f9f94713e82243e83","nonce":"d6d3dc03d0dd0182b77992aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"f58b503137e8c876630ccad7989111036071ba524dc96c505eb08614d65a47611a7b2e8f9ac00dfe8ff7cd52d2","nonce":"d6d3dc03d0dd0182b77992ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"e2205e1a5ac2de5ab85f21107b91fe91b2eaa0da170f497fd518f87e74cf3c23242ad56af1ae1e09d780301dcb","nonce":"d6d3dc03d0dd0182b77992a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"38aa0a412377410a92f830320637948eb5a5ec189545b7fe9ffb015723302e16d7216544937d3dc449403b4d6a","nonce":"d6d3dc03d0dd0182b77992a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"01509e06fffa02eeb5044e66d1acc470ed2d3038c9b5b2e69a10434de856ff20e0b08fa528cbbd67bf3b8831d2","nonce":"d6d3dc03d0dd0182b77992ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"9e0dc1ca93e3fbd73ba19bb7879e3ede25d6d23f807341ae754b070eda8a6e1ae6fdd0d94a5af8132a0ac9a198","nonce":"d6d3dc03d0dd0182b77992af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"4656937153037263187bb73767ef6da97cda5db6abf611091154e2ff52f290a845d7b6fc034ce922ba42f3fd43","nonce":"d6d3dc03d0dd0182b77992ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"83002fcf56fd7e2f84efae9f5d0c64eef958c14c9a5d6e65d14d0a28f200ffe2d4ab2c0b0247177ba252fc9065","nonce":"d6d3dc03d0dd0182b77992ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"06c7a4ba16ed6549f61da96cc8fc0e009b3035bca8107cb4a3ccc73f95808891ce426f3c0a00e6abe6992c4b0d","nonce":"d6d3dc03d0dd0182b77992a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"03411ad65b99566853d724e36f39889e9c13b2046c464af73eb6f7af1ade51078477f4e72ab6eda8dac840c392","nonce":"d6d3dc03d0dd0182b77992a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"da94efb33a163d8bd2116f6b10926101b957e9ee487a2f26e04d4faa260d8df9e9a81299b986768b3518614520","nonce":"d6d3dc03d0dd0182b77992a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"4e9501b3f5b51d5d8311a90257ad61d0b468e98401ab9b3a797973914883c09b8ebdfe1987b66ff66d30c14aa6","nonce":"d6d3dc03d0dd0182b77992a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"445d51506fa29a817ba8c0724bec98f9e5adf0049cfa5dd49d13c8aa91ff38f853c2f2cacb165678c6127131f9","nonce":"d6d3dc03d0dd0182b77992a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"47c3c505d3eef31dfeda92dd70530b04bdf5870f67ef4713e1b97df23030b82cda5fc54d2d0b6d8931f575eb6d","nonce":"d6d3dc03d0dd0182b77992a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"e6538bb281d1592010e479a251b5a4188c862e27f356684021ecc0b87e120cff9a79d93f57953c706382917fee","nonce":"d6d3dc03d0dd0182b77992a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"ef528b8469e5639aed7e7f8e9a0cd01e45ee543d16bc2a58d41b167a37f4efeceda8f1013af6a8d615ff41f3d9","nonce":"d6d3dc03d0dd0182b77992a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"584ea4c263613c8c7e70137b9b44ff01166845f1f8dfc2719e229e33000e068c537449b9cf52dd60ac30198e96","nonce":"d6d3dc03d0dd0182b77992ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"1902f24d0a42e5642bc79ca31a99d292ecc9e79dab4cacc820eba0780977bce9d9b835bb57e3e84773b6f4938a","nonce":"d6d3dc03d0dd0182b77992bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"dc68787869087f43eaf6993ab0f72882e25357098d569ceaf76a36faca80e7632a437a30c12428ddba9d38eec3","nonce":"d6d3dc03d0dd0182b77992b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"561cfb701176ee179f25a870b53f79e022f93f55da19b6a723be2b3590d44ea5c539b64413474e6efd9bfb79f9","nonce":"d6d3dc03d0dd0182b77992b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"7d86577abbcd113639721e270bdefb325bbfaf36c8790c62ce3d4b0babd23b361ee60d9a6a42cdcfca62eb57ce","nonce":"d6d3dc03d0dd0182b77992be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"37998b2727cd8034ee1f231059a39b38097434e017ebaa12ed031ff94c43ba44f666b9b66a40ee5445ac67301f","nonce":"d6d3dc03d0dd0182b77992bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"bee3dc2e2aa3f48638be816bdd04d3ed8a9914a8f2d87dc014594194ef0998b0a10be24fade7102b4b57e32a33","nonce":"d6d3dc03d0dd0182b77992bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"a52fece5fbc071a00badff52ee1885b596dc218611e1b4f16af0f85e36cb6354d41df6e0fd24a9edd3bb07f6f4","nonce":"d6d3dc03d0dd0182b77992bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"cff9a3ccb2aa283c6e25b163b0eed26a0a1cd79c4e7d0fd404bb90230873e8a47e848c2ffc9297da86ad1310fb","nonce":"d6d3dc03d0dd0182b77992b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"f78ae3d61ff160b6007eb3b4d556b8fc8e619b70380b688b81009620d69a91de4be67c67678a14bdab1340c983","nonce":"d6d3dc03d0dd0182b77992b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"a3fe587f69b605b2d17023fc6e39d363b97ecea9aa97f90138fe27d454d16b0d4bc49153874b76a17c082804b4","nonce":"d6d3dc03d0dd0182b77992b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"3b088679364f4c997a08aa152d52068bf641eb3185b9904d8e1374c833b925cc6f9ee96cca84e7225d1864b345","nonce":"d6d3dc03d0dd0182b77992b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"e8073097365967648875bb5a7e22a864f8a1f4b4e548375fc1624d4860f453cb52f33f2937944ced50be111d3e","nonce":"d6d3dc03d0dd0182b77992b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"9d113178a7fe248c4d388b09ec18fc20a05ba19f66d1260cf6e735a5da9dccfefa498b8d60bee20bd0af881ef6","nonce":"d6d3dc03d0dd0182b77992b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"0486cce54f9d121670f0d0bfd1784fe6bb4ccc90fa7c951ec3d9cdef543bd3ec18bcf355f2cef5bedd0139c6a8","nonce":"d6d3dc03d0dd0182b77992b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"5dcdcbf63507b2870faf0b59a5bd8c9ff2507fffa1a77e65b6b7ffc2110f21c51f35828a163da2475b9071bd53","nonce":"d6d3dc03d0dd0182b77992b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"4cbee72edc163b0213160386ce9817c812406614f1e52eea432daabe397a57de6c455ec5bea20e06d25ad24b3f","nonce":"d6d3dc03d0dd0182b779924a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"da85203909c72a5307c6d420370487c5074de6be34ddd912b95ba0d00187f599adbd37ee8cdb6b3f7bd9c12f5f","nonce":"d6d3dc03d0dd0182b779924b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"e12acab887e92b0f30471ad911b1bee022d5adf64c8ac63261ad3205e840fe50969fb2522ff0f1f3d191441fbe","nonce":"d6d3dc03d0dd0182b7799248","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"cb42aa96879d7914084909705fdbe43777dfab9d3a054f5be7af0660a6e9e06e43ee02ba16acb1159bd65bd770","nonce":"d6d3dc03d0dd0182b7799249","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"5da9a8863d3e9348cda6575f58728d68a20184731d38066adc9d2a3153eca0cd9e35a09b9a31c1c5e2679f3b17","nonce":"d6d3dc03d0dd0182b779924e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"e89d2a37ed25d605fbb234efdbc4a9aed59f25502e8b28f173774f84b3882ce4e50cf60afc83f30447828937c5","nonce":"d6d3dc03d0dd0182b779924f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"0b45da1c89140586b44cf26b940bd7c363765028bc5aaeedd99ba3d62eeca00d3a506d91cefaf83f7818ea4739","nonce":"d6d3dc03d0dd0182b779924c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"eb6f16886a1dc3cb40ca346f7234a289fbc0ec0ca1aa5a76313167921512b1c3db1511c77c089099bc04afe510","nonce":"d6d3dc03d0dd0182b779924d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"450df3554c82d23af9801981ab181ab765a144e3b848ee91c2fd91df85f6ec0a7d5d59ecde82bad0b721c33c58","nonce":"d6d3dc03d0dd0182b7799242","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"2cc418028aaabf2d637a5785c66d554c0af01edf720ca1ac4b53d7d673c335660454ffb349718b1a5e721a0371","nonce":"d6d3dc03d0dd0182b7799243","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"d0d4fa692f66b2f5132ce01344c00718addf4db5b8457b73214dacf3b5212cb3193426569ca01736a9575babbd","nonce":"d6d3dc03d0dd0182b7799240","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"7cf58a6d3035b7789a949e2b88c5b1a8017db3c68e404ac8ecc04c1c99f954108176ff776f7726d3a89f4461a3","nonce":"d6d3dc03d0dd0182b7799241","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"de81fa03118441ba78f64462b8abeb36e334e1f8ac63a46171a39bd0a7bd0d1a88ab0a682c51c31657ff443fe7","nonce":"d6d3dc03d0dd0182b7799246","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"8f746d7b5d0fed64b206e613ac676cd2fa2bf9b5cfe8878f74e535546abaa6b856d57218fb6c3255096312acc0","nonce":"d6d3dc03d0dd0182b7799247","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"9ce1f4d3f4924bdb2f2dcc6227b44364d0937a17aed6ab61f023e589d0dfa87b08cc8d354fe6d51442432acc14","nonce":"d6d3dc03d0dd0182b7799244","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"027d23ce7258fc62da9d9792223ae83b026183b187aa80382ae4cdb9aba4955b675d1a75d94c0d095957d28efb","nonce":"d6d3dc03d0dd0182b7799245","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"a6ba4b60a80c17611f194880b074d59c2da351386f229ccbc646b728c946cdc82f8bd607578cead883ce22583b","nonce":"d6d3dc03d0dd0182b779925a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"ee82c0964be1c689590da96e34185b29b877c48a53870e910e37d12cd9f587f2d50c97506be4b97ca29cc92f30","nonce":"d6d3dc03d0dd0182b779925b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"c3b6e7216fbbef945f122c2146206d132f25698a292774d2cbffd87b2967f85e4059b1b2363047b77d7a27495e","nonce":"d6d3dc03d0dd0182b7799258","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"22b51b7d2998a5166973f13c043165993790a0ccdad1c03322a718d71cb3c8646e46748a80d88698a092715549","nonce":"d6d3dc03d0dd0182b7799259","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"3bf6efde5f81cd34515999e6633a78aea90ebab4cb7203fc4fa57f4d58a1aa4fa299b073e41343c02ac0e8b388","nonce":"d6d3dc03d0dd0182b779925e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"f1c580f4e24283fa3c0721856e889f3cf1511df2c61986260eca7c6e4b7b4e94b5fbb4c58195ce0882677220c5","nonce":"d6d3dc03d0dd0182b779925f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"f3ec8a6dcb2bdf0dadfe0d5909d575b01671ac36216a37f19a03a0c54a6c21c61cdb83ca58a64c2b0bd58e04fb","nonce":"d6d3dc03d0dd0182b779925c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"51c21716714c49a1fbb9d35a920f12e42a28dd7f7cd3aa818c3f82c2be1c125fb44985279c045a9f3d14f10fa9","nonce":"d6d3dc03d0dd0182b779925d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"2d6215b76f80cc45d23fe7f86352c5d66b41e7cdd97d3ea116b0e7739918a18a3a6e08ab5dc02fd431196371d0","nonce":"d6d3dc03d0dd0182b7799252","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"d99d5c7066c2e7ab50a62edee64a9764bfa88ee1d5015d8626e09ceedeb6fbc5cc9ca2f6c2abaa475382e3a038","nonce":"d6d3dc03d0dd0182b7799253","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"db8cb2de797f5593eac631be5f98128dce4f065fbb787e1104ca6b868759cd6408f66abe49047ac0cee4aace75","nonce":"d6d3dc03d0dd0182b7799250","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"56c5af65897aa6b864e9fbfb7d3c8405794a053c21943d7dae0e57c8403082ad991d2acc0db91a6a9817bb15d5","nonce":"d6d3dc03d0dd0182b7799251","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"39f4183f820509e7cf9748fcd77ea1321af962d5aedf8a61b9b85c9cafe2b528425efa0ebf21afddea06c0bfc0","nonce":"d6d3dc03d0dd0182b7799256","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"0cf6a89e0e0fd3531e2ba5e4b67d96a673e071b167060084d6417ad6ed1087bb604743001b5f927578b491c6b0","nonce":"d6d3dc03d0dd0182b7799257","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"aed99bdcf54d750a339e8f91d180f129aeefb836c110a3d32b01e7e5b38243dddd2626301da2a59d965eb60ef8","nonce":"d6d3dc03d0dd0182b7799254","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"91799c42a7f1df54dace28f1783357bbda2ea3ccca6d19fa67db94e16b5e736ff0c8949205580bfe72e1407545","nonce":"d6d3dc03d0dd0182b7799255","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"9e6adb1ad39e400d60bd02cf09c29dd3727b11875e487140595f1cb5078bf227ae7e0651896f93052b7a0fc4f1","nonce":"d6d3dc03d0dd0182b779926a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"b5062326bd82a70c1f8676b76014549147214d6870aabe501dc93aeebb3de49bf28da72b0155f3a6d0ba452c44","nonce":"d6d3dc03d0dd0182b779926b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"6beffca9e3219b558b9e3a6c4941016e598c861d2352cff8849c08523c712dcd94697981391d07d1249b26b3f0","nonce":"d6d3dc03d0dd0182b7799268","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"35ccef0dbc399398827ef22404cdb2498ad3f3ae9dafd9b2f6e1528592acdebf17103fe845afde29a87bea386a","nonce":"d6d3dc03d0dd0182b7799269","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"d36eef5e685bedce32d050624d09882f4064e82932b248b52f93ea8c22a6bdbe9de482163f620d2d101baac5b3","nonce":"d6d3dc03d0dd0182b779926e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"960a522378b7548fc47e3649e6e118033f83fa0b031253a39cca5a69051809c3f630f61e512d323760cd706792","nonce":"d6d3dc03d0dd0182b779926f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"a0e1c49d009f5185474c3b3f47d9eedbcd067f24b794d60d6f822025a6c07b299c305ecc626907f8c3da3dee51","nonce":"d6d3dc03d0dd0182b779926c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"b4fab4f46f4c5982fc050d21e4cb5a985992d878aa73ab56ddde3949dae36eb8d78b7328e612b8eabf6ccdbf5c","nonce":"d6d3dc03d0dd0182b779926d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"95a1c277f1de1d85094054df22e64351e37f5d78d9e24b33370ece4183077550f0e5331ce349d273d8f83586ce","nonce":"d6d3dc03d0dd0182b7799262","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"9a133046a70f7ce12fbbb452742e81fbcbd53ffb22ac61ca37216f581b121550a2096b8f3311bdd4188dfa4a19","nonce":"d6d3dc03d0dd0182b7799263","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"c873f95fd81897ab925eff6fa6dffa309eb6d08deab6ff8aa59308e93388c72c423e345d4e65e94466ea2ee5bb","nonce":"d6d3dc03d0dd0182b7799260","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"32b7f696f4734de4f173b57d097271cd447165e4309832206837d6046c0e2195de7ccdb48391457a4670b7fc04","nonce":"d6d3dc03d0dd0182b7799261","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"08ca91b4acba5d09766c7829c9473aa8802fe0568b1c9d22c8654b9e94fd3e55aebe035afd3b24ad95ccb381a8","nonce":"d6d3dc03d0dd0182b7799266","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"3b36cccd308c61b7bb4a4a90bf6538d86c27087595a9cb0ab7c594a1742583a46f35a5c791626930caae113324","nonce":"d6d3dc03d0dd0182b7799267","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"ad5d337b5ad684b9888bef39765dd29160953b4f821ec44f67dd57daf4b1cb3118107c3655905b88e5aac34c03","nonce":"d6d3dc03d0dd0182b7799264","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"b15c602c030e6cc0be3a9636d39b40bf11fd49dbf0f77788f9b755769dded60fece60166fea25a440ffbb225b6","nonce":"d6d3dc03d0dd0182b7799265","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"eae5d1272afcbf19c8b6d76274ae28807590985a540a475cdc5e411149d1ce41c4296c779c4962027b914515b2","nonce":"d6d3dc03d0dd0182b779927a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"062be4247209e3d9b759e5e07c7e77c877cdaec1fc0e268d35d305506e8c64162e3937f9f4f415b34dac2579a1","nonce":"d6d3dc03d0dd0182b779927b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"938070931f000c73b8f0f0d3072f0289d81af7b0632fdc7a6b970308ab8a4a5f536e28a2ad71268e1054205df0","nonce":"d6d3dc03d0dd0182b7799278","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"750ba875849ea1800524f1b87b11d72ee83cf1c9c73277789011b9711fcc2aae7b32a6955abbc82774e6496bf5","nonce":"d6d3dc03d0dd0182b7799279","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"bbe63a1cffe5a0b5eafd5d7a81375e2750bdf3b477dc80ade675f0acfc32640b1482cf542be8660ba51d010e90","nonce":"d6d3dc03d0dd0182b779927e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"4e96397e274842ed09e98dad7598edfcf8375571b83365593d526269ce256ae975017a85a7550237dabdfdfe00","nonce":"d6d3dc03d0dd0182b779927f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"6a68dfcef1005ec88625cbd3ea55fed966c299b6563e0b206ac49aef9284a89310c460e31cabb83c847a2b4fa3","nonce":"d6d3dc03d0dd0182b779927c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"eed175f3ee604eeba87aa4d1e586fcda1d7d23fb7962870421f566c57eaed06e599466a266149738a73d3c0ebc","nonce":"d6d3dc03d0dd0182b779927d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"c63a6871a25ae947426d67513c3444b7902a727666d8cd1c44138fed2d71ff282821d7bedf1c4bc26f0ab75a05","nonce":"d6d3dc03d0dd0182b7799272","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"f60d65376c5b9ae3ea65ec9b83684d82e6d8ec7bbbfb5f47c2e5f2b99d95582ac0b2171ec164c08db976da99f2","nonce":"d6d3dc03d0dd0182b7799273","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"367369b8a25df69e10597a0efa443fbc5b517f0683056dfdcb5d0c52bcdce21c20a767e7a53ad667d6efcf4e70","nonce":"d6d3dc03d0dd0182b7799270","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"5f578e6362ee8385d22921deda1736100653ff091e378f20a674125b97259a370b947dc4dd6b56eb0bac8592ef","nonce":"d6d3dc03d0dd0182b7799271","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"515da836fcb188f0e7e87f93ab39185afa63f230ec6f40ddeb1d342d1d4152a2788e4314478e1fd9ca18650aa1","nonce":"d6d3dc03d0dd0182b7799276","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"8db0715bd364a6698d1ce6a3d81baac1dea675fe89e9e6f059cf5d1e42c99ac02cbd6cb033fb28fbe8e590e3ad","nonce":"d6d3dc03d0dd0182b7799277","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"455c0ab845ad4714c547f55537da6cbf87d2b326fd94d078a284dad8a4726cbf57cc8980b3e7b901ee01332eb3","nonce":"d6d3dc03d0dd0182b7799274","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"d82bc78dbcb551660a4930003b6af44d3cadfae519c46e93d87401f8d7183171d169cf75a0edc4162b30ce6bd1","nonce":"d6d3dc03d0dd0182b7799275","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"3e16761b93248b50203ab6dcff53db4e7627f8b0fee42574ce7839a37ca6b40ca1396a8dc79619b5bdba9d6d1a","nonce":"d6d3dc03d0dd0182b779920a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"9bc9aa2a144457fed2bc588a8add46cd7727395d8aa1113819c097507870dc6142ff6fc893b013af394c70ce08","nonce":"d6d3dc03d0dd0182b779920b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"780851ac0cbe7b66cf2f644ff2dd52b32f92ad1dd11bf9ec22623d9ecca6146001cbec577679afa19afcdc4e0c","nonce":"d6d3dc03d0dd0182b7799208","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"4aaea2f45c67a4f2078c8817001c0495d349dc358935fbf7ec08e4372123688b2fe728134b8a741b4aa065a108","nonce":"d6d3dc03d0dd0182b7799209","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"a8e773b5ad730311dba5b991ad901c9774b9644c7a521bbbcb3e6b9e6995f7a091e41d8c62ee9febde791e5b22","nonce":"d6d3dc03d0dd0182b779920e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"5bdc7c60854434615760e226d38ba46c766b670d6da87d615c232dd688653d1e1eff5f6794548485e74af3d3fb","nonce":"d6d3dc03d0dd0182b779920f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"0404a7fc277d5936cb48c7475596c139e8875ba203c136c3f3d1e9edbb7d4ea58c753120a4be5fb9d354dd2597","nonce":"d6d3dc03d0dd0182b779920c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"e49b63f8ce7ff0ba6f428cde2c4b0b67f1fadfaa1a6cde318423f6245a27537345c47a88ef92930d31a4694853","nonce":"d6d3dc03d0dd0182b779920d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"8a8339fe0d56637c0f1ac138a3c47c2c136d7917552d67d8f1bec3f2dfd85ac0147b0260c773f686587f28cad4","nonce":"d6d3dc03d0dd0182b7799202","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"14ef4f542c207b3a8fe6a87912687120975ade6e78e3c0b427a6d2685f968900a4def9370d402bf4c51e8f1bbe","nonce":"d6d3dc03d0dd0182b7799203","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"11a8b78b261cee6406c92e876a4fee137c15ceedee4cac016de62ec965c5b5ba4141117663e8c45da077e30ac8","nonce":"d6d3dc03d0dd0182b7799200","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"9f20176d2e31ef53630905f2c91003e856b222fa878ac1f9769c1b75162668d1772579dedf5cc66885d1583756","nonce":"d6d3dc03d0dd0182b7799201","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"7788f393881004c5dfc98c050b178da1b2695d4102604b654c74f7a9b9e546d38f33d253db5dbf49c3be3fd3fb","nonce":"d6d3dc03d0dd0182b7799206","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"cdb01038ca271de0a9a4abb17118b8c084719ba70f8eb3ec0b331a4dfcfa160b34748c27c4445d191bf223f700","nonce":"d6d3dc03d0dd0182b7799207","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"4294d59828460ba59a2f5c0feda7fe88a4c6785a2e5706c3f50098866091dd3098357fabbf4ebfb1d4744f1803","nonce":"d6d3dc03d0dd0182b7799204","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"61231f3605c938a44a29714a9063d44d6b17ab5d2ff7bc2e9b21bf21e6c4ed8bcab7c14fe21f2d82c1dc225b05","nonce":"d6d3dc03d0dd0182b7799205","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"3e19b8325286382fb3f66992bd8939f2e3a8f753bcbeb49f79d5924f2e0f0f9b27ae7c4f5085c45a4c3943e2dd","nonce":"d6d3dc03d0dd0182b779921a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"613de28813243374c01c9657806c47d6bbbe8238702c4bb3be154f94779bc00772345f80027a3a3e15e4aac69b","nonce":"d6d3dc03d0dd0182b779921b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"bd036b938382e38cda7298660f4355c7ede4150cbf9d930fec1d60d71f2704143405594030203e472cd9141f7e","nonce":"d6d3dc03d0dd0182b7799218","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"4cbcacb1d498ed2f22185daec4323b6dd0006b22d5e4d143464f86602cf1b0d7d212adb6e949df60252d567f23","nonce":"d6d3dc03d0dd0182b7799219","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"f44d29a07133906fd5e74e92e168eeab9561fd7414663e483198d85ac440c8174ac1b9195c7b090ad5ca30850e","nonce":"d6d3dc03d0dd0182b779921e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"d5b479b2ce28d2f85bdbc4fc5e6d887d1262e0c51cd33273b4b11873e0596e2ab98573bd73306c08c893c0952a","nonce":"d6d3dc03d0dd0182b779921f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"4638c3fabbb8f3e0cb677207e1a6532af7e43391465dcc502cb7b9ade65d57570780d786090b4b6d632e7ae8d6","nonce":"d6d3dc03d0dd0182b779921c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"7f7a6b88494c8c29c2929d2f618f4d7fdaa85b82584da88a33d4ced9b95eb0cc1f841b6fa7e4838f7fe43cc4b2","nonce":"d6d3dc03d0dd0182b779921d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"5954bda72aaedee103520cbadfa3b09a7e1ee3f5cb0ffd4d17ed31cedd060662c519f51f6740dcdc08fb062896","nonce":"d6d3dc03d0dd0182b7799212","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"e353bc8d2ee6fcc45f7bea2d701e42fdcc6b5ef8743be30010cc7b801b9ab250b71468faa7d199b3291034b44c","nonce":"d6d3dc03d0dd0182b7799213","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"4ff086af1dfcf1dc8946d3dcfc75c5adb8e532c84fdc1d720f59cd92c17e4cdef1c7111265c1bbc4acff8fa46d","nonce":"d6d3dc03d0dd0182b7799210","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"1fec5101e0c6fe4d3bc013c274d9ddd0e6d7ba7c9c99d917716224779b715d74fe06bdb12c32d71e8c24da929d","nonce":"d6d3dc03d0dd0182b7799211","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"458a7ed5f0d8fcf7f451a4cfd4670ac2fac6bd077a68e0819708b5f85afc7193ad5e47bf5686c55814dff4038f","nonce":"d6d3dc03d0dd0182b7799216","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"183129cc924f06ffbcf9d02dc800a0f8eff7e2ab0d437602b916857e4f9809a1915a80cdcdd05307f18a7322f2","nonce":"d6d3dc03d0dd0182b7799217","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"3eeafb0c174380e81f9560af4e963048b1910a4ffc25129c09dc7b343494aea645a3eda40b47c6f20acd9bee9d","nonce":"d6d3dc03d0dd0182b7799214","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"404995632d172e0194ac4864e5eeee35ecf64dfd3588f694a9b088fb1f743044dfd238829b7fe09cf1c76544b5","nonce":"d6d3dc03d0dd0182b7799215","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"089f39368cf6d14fb9971605ee795804845dcb9b0f922d7755b0a20c7e992d9f7a37b075395515fc33d426c470","nonce":"d6d3dc03d0dd0182b779922a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"ea3e469a60c206be6231ba7af0ae9836aed1db038f8bcd22ed6087e3897a2bde305c5188734455dfc6d5c88342","nonce":"d6d3dc03d0dd0182b779922b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"9a4e1f50b3b8a8b74c4bc36f6daeea1eda5f43060f58a2a022712984e5622e1171a9a3110d4fc9280e442483ff","nonce":"d6d3dc03d0dd0182b7799228","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"79a8341bb9fab6cb41ccb4fc0f4beee76540c6211a5690d02031de3596d741bb9c76a4de479144d0ec10de6226","nonce":"d6d3dc03d0dd0182b7799229","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"967c353f491b0da3b502eab99e22b7dcc73972413e97075d8c0261a6784eb6aa6ff58831d765cbd3f79556a900","nonce":"d6d3dc03d0dd0182b779922e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"bcde9797f14074d237fcec26e00fe14556d859f2e36320a0f7767d50adad97c7beece9c4a348f5ede4d3f71dde","nonce":"d6d3dc03d0dd0182b779922f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"8165498d30c0c8489474c325b577f7a7225a75e8d84b6ee1ca6cefb2b227c0ba0f5eff32e952531c2bd91a5cf9","nonce":"d6d3dc03d0dd0182b779922c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"83c078f80f100f934ccd71148e920228499fcf4764493743309f141135a2d72b9ae30187aa531c0c49aab0d181","nonce":"d6d3dc03d0dd0182b779922d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"0afb44fefe8957dd3d5da983c19cc722ca017d85752e59d46d3fc24d8efbfc6f49f04445a319db2bf3fbc145d8","nonce":"d6d3dc03d0dd0182b7799222","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"123fda3e5d6dfe3656de6be743e380528fdc19cb649b10dcd9d5a9e3e791bfb6c8af75f16524dee6124578ffd1","nonce":"d6d3dc03d0dd0182b7799223","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"4bed97dab66b0d196ab7072d34c6090c741888fb784135f3718684cf5a0ec90b51201ff84e961f5222f6404fe1","nonce":"d6d3dc03d0dd0182b7799220","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"f81a07854df4cffa2c3de2fff8c9cefcca6fa97f1972886a03ace921c08a8dc89a4584f16888eead4397d56b00","nonce":"d6d3dc03d0dd0182b7799221","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"b109b0fba649e7055f5e8e1be43793362629d1be595a475fade0d05f06366ca350e162906b54e7bc695bb53641","nonce":"d6d3dc03d0dd0182b7799226","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"2bf234b042fba731ad394fa1b97aeb5ce5e26b27d45a89d8dc819445f3cfcae875162a479ace74405bcf1bc750","nonce":"d6d3dc03d0dd0182b7799227","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"f4958828d34f983e311a554bde666a64b2f6895e86cc0db247341e8c13fdd2b6953b855592f5c08cf80769046e","nonce":"d6d3dc03d0dd0182b7799224","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"4c11e66e1a2ce2378e061fcbe20d2fcb3a2be6e10aeab1ce835f328cd33ee5de60569c8e45141238ab99b5020b","nonce":"d6d3dc03d0dd0182b7799225","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"4597783afd3ee21d1cd590c7269992ece6d1087476faf6737f304cc64e222ee27536b0d84fac09d264e74e224c","nonce":"d6d3dc03d0dd0182b779923a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"f9c49fbf0dfc0ffae818cfbdfd4fcd309878ed77420faeae3094ec86138ef911448be3f6cec0195243f8404b13","nonce":"d6d3dc03d0dd0182b779923b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"261be7b8303f34a9c4051f14d46223647d0d1a26a71b0ce2ed66998e0ef4cc2f6b85b7eddf68283803c664346f","nonce":"d6d3dc03d0dd0182b7799238","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"310b988f54a25c641b641f156f95542f16f34e3993ebdb4d0ba1397173a99954cec062ba4503023b82f43e2af6","nonce":"d6d3dc03d0dd0182b7799239","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"67b2106ae3104f1329f2caf275ec86f16244b2f9eab654026513ba6b16249c6ebe1e0f4f221bf4ad020ed18066","nonce":"d6d3dc03d0dd0182b779923e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"f7fcb852d7bdee26803528fb8d26d98e108f934fade0e54e1c9034972411040896a79f88621c6c6d3d19c12153","nonce":"d6d3dc03d0dd0182b779923f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"a65921921aab62c4d50d3b2cf3f6085687378ac5c9e8091806119cb513a3d22aa483c9f371e7f2616d11a051d3","nonce":"d6d3dc03d0dd0182b779923c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"451e009ffb43eeb1ba898df414e1ac5a75d7a711b91a5b64b41b22677689e9a9f7afd4ffea84465a763bc3174a","nonce":"d6d3dc03d0dd0182b779923d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"4aa9e08f6db20169c3b4cce04a92b285139a3b32b7265f21e3e2cde5a644730695c7e5097ce6c93621417bf33d","nonce":"d6d3dc03d0dd0182b7799232","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"f98544f22349fad8fc4ccc075134335a757788876b2d29248895685f7feaa350ed61ccd9642d159b5f19326d40","nonce":"d6d3dc03d0dd0182b7799233","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"38cb568203fac87432597c6083010ee67a61eb8fafe13137dd87fb53d97dac064e64276ddd2a75b87bbbf4be58","nonce":"d6d3dc03d0dd0182b7799230","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"fa44124abc51a796f12570fcaa5aeeab6b21a6efba7e9140becd6f519f5072f2e9b275426e7740875d36d6f0b6","nonce":"d6d3dc03d0dd0182b7799231","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"67fd33254bec2237effde38efc641e0154a3db5854537a672c4771a3ba12db4d137ad57b560c4dee7ff9e4f7ae","nonce":"d6d3dc03d0dd0182b7799236","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"74c988ccb13b27396627e2c8d57808f8eb8f97f77f209cb1136e95e43451576b45c2c41022675756578ab353fa","nonce":"d6d3dc03d0dd0182b7799237","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"d8bc2bf20b03fcf58beff21711be3e97dd0e84add11a7c47d3b26d19dd4caeb62245f9fd3397faf2976c62a84d","nonce":"d6d3dc03d0dd0182b7799234","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"2fd3574c0eed01193c5781953c04fd8ab7c05f37977a87edad28e176dcf42663abaa9f7f15cbc5b97ca7034179","nonce":"d6d3dc03d0dd0182b7799235","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"98b118c1587bd057ec65202a7b9370282e0a75b61ea1586de87dfc56fca114daf27f352a7587dbcc10b3849087","nonce":"d6d3dc03d0dd0182b77993ca","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"e9809e4036087c3eb358244c4ccc75d256ba5caa212d6fee631554f12da14497"},{"exporter_context":"00","L":32,"exported_value":"e60f51acb218236c2f624a1ab96612df69d8903670bd607eaecb3adb264c2e8e"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"771c2ea82258393ff55bc9517018c5a2e2f60ce9a7789178ae202709d356032e"}]},{"mode":2,"kem_id":33,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"8ce253179fdbc6a04ad80fb469ef659b1623d3109dd85f3e163e019eeb02c9bdf88ca11891fdcbed524d23dd93e54453085be5c57b961d5b","ikmS":"ebe7654af94e48cbb67b7916da7ba665c577f262aa866f52a322a8a5c8d72c91aee94b2b77efb02bcf6739fa09fc8e973d1954be7a9d3705","ikmE":"594f4608f2570cdf34c7d4e015d89770f18671c42845f8a154f30931bf3ff08fe65e0eb8db330056761fd1c604d3b227ad61df504955430f","skRm":"f3cbc1c35a482ce6b2ca5b326411de4c6a3dba2ab872012c220f54a0893919e5c3110f91cf96eee667312620e20fa637970d9cd12e564f03","skSm":"4ff9a267051e4c818a4977453145582aa0771554fbceaf9b42587658cf705331c3c9cd7f4edf64e242d4b9ce4e7b05719d683678860482e9","skEm":"0c2285ebddd4dc41568c651c0b9b43768e79170226aef39636163bed641896083224cf6a381c3e897fd510ef2cc6870332605ead83fca644","pkRm":"ed1edd4783b6ac84d2a44d30d65ee03f30453a8ac210b16c89cdc2a34f89715d435eb02ce775567768f9fc059ceceb90f447093203ef8de1","pkSm":"17a980c6d157cd76dd6f280cf6f51a30a27050ef13502a20907eb7918a82064ca1be64bc223c129877c7432e33479fe43d118cf76e91058a","pkEm":"92edc3d24df7517ef897b3f139d4f200d1b640894637c20203390b4cb8b7a2098d8e22a46630d21ea6413fc788c4c29469407240f7cab9a5","enc":"92edc3d24df7517ef897b3f139d4f200d1b640894637c20203390b4cb8b7a2098d8e22a46630d21ea6413fc788c4c29469407240f7cab9a5","shared_secret":"8e1d19fd62f5500572e4776d767e109595117194871f7bc5624a5633a379a8f5aa1dafaf43eb728f1fad7b562e3d25a275fcc6f50ef0b02d53bb17dd560da00e","key_schedule_context":"029f764d157beae4544a48cc4382cc0eaaee23564072136ce01ebe7b274f54ab4420ed990cd86d7ec33fd88dc1a603491ae460c58931a78178cd8e1af2fec96e7994b5b0e6ed9749cf5a584367aeee9665bfdcc13ea89374b725e4d30a351bbcc95bc70b4c35cc84a53ffd1e1877059f35f9f9c98ae168ad89a3a7087d7e88b855","secret":"a035de059d20501ab7d5e30e74ea30be807411599375665bcdc6e21bea45f864ccb531f97322b72283796c9f679ddb20c1acbb34d580dc108c6de7d8af31ed57","key":"57a79f5e6d9523748300adebbad4497e1294b76b947c8827ced1d8ec2454f085","base_nonce":"c670655429970de87f9ece9c","exporter_secret":"9a55848cb33321279335a1b49ffcb2c6ecb878cb67a294b2ab0a94317a5676932352284d4de7cfee9a2aee6c06f709e4da22007c6f2057a6f948460210142a0b","encryptions":[{"aad":"436f756e742d30","ct":"f4946f817008cde92398ed079cd9ad910e9d415f9cba3590f78cc24516211d7a5c66f285a6c6d5cfaaa5c02f92","nonce":"c670655429970de87f9ece9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"cd56d3af314909f228615ae2b509c013b3cf73c3064b8f170348549f6ed4912d2ec13dd1070c070929ab5f6ae4","nonce":"c670655429970de87f9ece9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"9b5282f838e9614b8d3a405d2ee833a4437cbb708d3e02123caf90a90be68b7e6115ed6afce138d12cc02ca495","nonce":"c670655429970de87f9ece9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"adb3d55ae00701506656b3306c4a4119ac40589702189d547855df970b349e3a4daceaa60d25832092ce08a96f","nonce":"c670655429970de87f9ece9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"0fd0578442706fe89fb514f98cde90bab1ccf0ef36ce5a13f0c74498c311c3df0f6bd0cc400662b0c102babd2d","nonce":"c670655429970de87f9ece98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"d80f18f822fad85f81971c1f3af64c8bd69c64036d004fee92c377a19555d29c8e67a90d5c93a43e3dadea0d2b","nonce":"c670655429970de87f9ece99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"1e33a4faac0ef1be4e527a33b5c8069e4ed546625dc3be62a29cc7247407db216871fc0cfbb09ac510ce98b946","nonce":"c670655429970de87f9ece9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"1a796eff3982e7e29b50deeb87c8c50ed9f86641361c526ac46339274f9fec2f07c492611d9f96d6976222fbee","nonce":"c670655429970de87f9ece9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"54eb5710ab336a2142d78c45a0c96a9a22f23c27cbf454607ef5266bc67a5b43d06d7d63d0a592d29426cca6f2","nonce":"c670655429970de87f9ece94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"3dde2a414b572b1a796c40479da08b36f9a587d0bb8d7c8d6483920bc65d0f856ba8735035e31ba5a1e0b75a2e","nonce":"c670655429970de87f9ece95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"78289f3cc11a870ec695c2ba2edf101c5290fc7a4ec159678508aaa6f59dad2b6f9e8e188363a6ed4c0ebae703","nonce":"c670655429970de87f9ece96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"564b858f3dee0b9f28abacf7fb574be1fbeb8f5ccde6747bc435b412a35393ad1c8a272586eef4b4d6842dd5e1","nonce":"c670655429970de87f9ece97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"f242a45f50d0b6f03b70d946eb302afb512eec6ea6fcb81ed9244424da4c28f5856093ff8fbe0bdd7b64af9598","nonce":"c670655429970de87f9ece90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"ac4213bc38a99ca2c9d8a35d72756096ed4b0e48ed7fed67d4b760a91122ca4de1492151527894cda42e21ac63","nonce":"c670655429970de87f9ece91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"565908e46a1272a9839449a2412f656ea8017c089f89c131a096bd149a8922a812cf08b72180614c13ab2c7b52","nonce":"c670655429970de87f9ece92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"fe9f71a128d65dfeb9c7363111db05a7436dd3a31321b6595dd26e7bbc4350bd0dcfcd93146994c68ed40075ef","nonce":"c670655429970de87f9ece93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"56669cdd955f0082c1f85ebbaf246a06cd123c3e4c93cb38e7e161362aa610bb292c6025f5821bf9140b5c9061","nonce":"c670655429970de87f9ece8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"85a53d97cea4e88d00434ab139f26ff508a7753cf39b1572f5107e8cabb44be82513021862ec18ea8e4515c96d","nonce":"c670655429970de87f9ece8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"f32a4b3cef132b6c87888b1495523ffec7e3c7b8bfa3828fdf6a9699f63f0a32bc300ef91dcc074c5fef2d9a0b","nonce":"c670655429970de87f9ece8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"33501a6309125e54df3443d78ca42ab29e2f480ce8980cc0f2e8496a5b5735acb2b758ffb959933b68273349e3","nonce":"c670655429970de87f9ece8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"cd32914bc13b293813de9bb9dcb743e93710e27c6a70b0b3395908e4338c93c761e52c5d336687d42709269b76","nonce":"c670655429970de87f9ece88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"06ffd1a4970414d1fe5304c78f7f6b744c1c3f62a74490ccbe621f20f74306691a8b35a32e28c0b0cf682e7233","nonce":"c670655429970de87f9ece89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"2e9b9a283baa0a6ec97222b3e1cddfc0afa2453c901495d3a30da2bc57eb9cc73c67635d194e5e5af47388550e","nonce":"c670655429970de87f9ece8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"f39fdbe9ac4dbf26d2e107d8aa29f304de6afc85c009a02ddfb33aacfcc844570b1caad3ce2bb53c17860226ea","nonce":"c670655429970de87f9ece8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"75e907126b33c78303e44ed73ef85a3c86eb267f91a51f246991bedc5839d2700a2138a78db1264e8f604b62ef","nonce":"c670655429970de87f9ece84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"0af961075e8a222d80b6c42f70dadcb00178cc4d255cc808dd8dbbf63c4d23aea9f717ae802a16e774f1dee3a0","nonce":"c670655429970de87f9ece85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"388cb4c405ae97e7f764c465c1a6c50d610cba4e430a7f57fa0cc213b9e299199cd0eb45a577992e5b61d2987a","nonce":"c670655429970de87f9ece86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"d380864ca18502be435535e07d1d864d14b7e02e0d506c5d981c24dc2243669e165153c935f76ebb2fa2ad0026","nonce":"c670655429970de87f9ece87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"d31b2923a584844567ed24f08cb3bdeea1c5857b8bcda2eaa4ef0c6444b9a486e0d4a8815c268e161615036866","nonce":"c670655429970de87f9ece80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"424b2d882a51a2038907f60d54f3d435fee9e811a199f5829b805947515204b49830f7e501e58200fa9e2d1210","nonce":"c670655429970de87f9ece81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"42bee2e8dbe24e507076aa9049e2c514a310b806156dcd294c134501114994dabfd3dd5df080f5c6c269f8d3d6","nonce":"c670655429970de87f9ece82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"76be05fd6a39a41ac643bbd72b001de71576e5b89e7caa8b0ab41e6f364704a5a0a7955d799518154c1f78604e","nonce":"c670655429970de87f9ece83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"a6ffb665c4edb9e9fe5f47f38abbf095c60b7427f86ec0f2ae7c9efff9ef6f5c0475cff231d1186ca437ebd5bf","nonce":"c670655429970de87f9ecebc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"b36bdc80acd08401173eadc6deb0398b0a3082f46ea23789df19278b688db99fd768eb3551f1d7f7c675d4d54b","nonce":"c670655429970de87f9ecebd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"9d5244811b4e2d374cda48c649a82c59319fadc710aa6236d335da1b17f9b00a65e33d5c863557b16506fd6fdd","nonce":"c670655429970de87f9ecebe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"f5e74e540203f947ddd56d11afb2bd03e0e28760888e3165ce48a26fda5d15f715ee0729b003c26e680a74210b","nonce":"c670655429970de87f9ecebf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"c2460a17cb09e990c248eb342f32ae75efd4dcdd95e11328b940b7ddd294808fa337c8cea0ad2888cb681d373f","nonce":"c670655429970de87f9eceb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"34cb50166dfc16499ac2aacecfbe908ab1db6ce4edda51c5d4fb909ef728ff7a2034fcbe93986cc4212e9b2123","nonce":"c670655429970de87f9eceb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"4a150c6fda040d2b9b9406fce145588af8bdbd21ca3b9918f71f5e424c94c44194c60667e9096344996944bdac","nonce":"c670655429970de87f9eceba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"f5f7321ce13298f69a784cc9d13fbda4d104f7791454ad794754d05fb53ea8b6877c36f36103bdfbb3d410dff5","nonce":"c670655429970de87f9ecebb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"b988031be9864315efbedc5ffcbb491ed24cd33161c03078d8fb09d853a21b09bc53a19a0492c3e78471f89fbb","nonce":"c670655429970de87f9eceb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"84d6d292e0a5b4b0b2500bf54502ed2b4db688a0ce9b20c977e66a59e2691e61aa9a460328d11b270434809def","nonce":"c670655429970de87f9eceb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"bfb56e18e25e8f76ff780cef891b9f3d7fd94e58c9e7339385a5ab0f70bd2cb5c4f82018265309653633f21e69","nonce":"c670655429970de87f9eceb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"fb63864b0873b10c39a49c310a52432d6030f1b85331690807d2d01b3f0f54ea234547bc62cc8851995a827356","nonce":"c670655429970de87f9eceb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"a87f40966959402cb97b26b8c14b16b51d1133690f023716d1ae7e02a6080c36a30d51f943eca154f0331045a2","nonce":"c670655429970de87f9eceb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"08049860c0ef6002de4a80d3272984b265bef0dcc64c34e45b8d76e9e2571d42f25bf249a08de5d9ecf4b15d9c","nonce":"c670655429970de87f9eceb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"93a3af65567e271c3ab13872e7c4eeccc7d9cbf26c531b393ef94f62732941ab7c02c8095bbc15e2be52f3a967","nonce":"c670655429970de87f9eceb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"f61e83552c5fb39bdf4dfeb080bfa29434bd7acab21832a9cbf8a3037d91a725cabc269eea390fdc2f66c3cddb","nonce":"c670655429970de87f9eceb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"f0cafd85d590583c99cb247df764eb3e24125873a2c2362590fa219df090dca467613a44e4d496e52e6308477e","nonce":"c670655429970de87f9eceac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"313e1c16bea1943efe580e9e8a57553c701d79798f4f179135baf73a078f58d260fb3d53a4903a3873d7667016","nonce":"c670655429970de87f9ecead","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"638685d02e3b8d0d3c2da2b00493046e82510a544e9df5bf639cdb9b58fe58787b50f144aed2942e3ae8ce01e3","nonce":"c670655429970de87f9eceae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"0b73f717ffa77ce633bb0cbe270b909061158be08d4a42d278303d39d4b5171ae35fc2e05a4e94ea2407dd29e7","nonce":"c670655429970de87f9eceaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"1284a6de5901946da61345350db58dcc13fd6f70130b06f2d43802b033fc8a78a18ba94a28a0014262d77c1fb0","nonce":"c670655429970de87f9ecea8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"f59e187326887f38b8f859b18f904d2a89025ed5f25fe7b5285c330ecd890619212a906e4fbee28ccf3f2b5498","nonce":"c670655429970de87f9ecea9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"82fb015e97025481cb28a0e531b73d0373234d18931a0b1f1539824d144bac662438a402172b66284ae52f3b64","nonce":"c670655429970de87f9eceaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"24eeb92df1f1d95b716c7e9393da474abe51145184041fa989a5e0c191c62089d0a02ad8bc8b19d9048e536ec4","nonce":"c670655429970de87f9eceab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"82c2787481900128f7eabf9795225c314f0ad0ad095956f6c805b136b0fb93d7e0f7911aa028540eafde66f430","nonce":"c670655429970de87f9ecea4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"58ba1eb11a6cd281e14b5f44078a7d2b448eea9d2419d1bed74dca787f8add9927cd63e058f002c3f7f3b3d1c1","nonce":"c670655429970de87f9ecea5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"dd659db0525386c06c5a5b57b4170109b98fb77cd712f92d3a3473eaaaf25aa41e9872226f5401c44fe0731a1e","nonce":"c670655429970de87f9ecea6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"9e71fcf22946a85076a4a7d9cf70008d3091663f5f7b031c3d8476413b3c67b1824a62dfea3d25901b0491ff2d","nonce":"c670655429970de87f9ecea7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"914620f3660fc606e0c01bd207d5e20398d0519d4b220f17fe72a8d18bd3b99aedd70b3d33bebd7b24af546f1a","nonce":"c670655429970de87f9ecea0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"74be9a9ecbcba33113f4d17886d45c0d81ddaa304a69e07d7376425eee25caae611b086a43d6003441af732817","nonce":"c670655429970de87f9ecea1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"4d348f26394148fc8a536619c0cf41b4f90a98a38d2423afd6c0a02d0b381fac6e403ca7ea20e772814054ecdf","nonce":"c670655429970de87f9ecea2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"d467d97e9a9ba85fbfc0d1110a3f896c67d975042437d1ee04dfea390a686a0939c3fb12593b28e8e5c175756e","nonce":"c670655429970de87f9ecea3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"cf6fea63034745168e4ff43233838f2b9cc4a7118a9d585df548de211d29da1c2541839b6e6a92407d8d90aca6","nonce":"c670655429970de87f9ecedc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"a64ead76c7bea2059998879a940cd04eb4010dddb404a284a10e8405a1cef9a947ae41532284601cee612f9df6","nonce":"c670655429970de87f9ecedd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"7004da2fe5e070fb11a150a89266c6cbd712d055a3c1e5a4630af8fe6deb071492691a3f7c0f720e4db79434c9","nonce":"c670655429970de87f9ecede","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"d2ebc2936ab37a1d2bd09e87aa863f26af8e0824c64f07aefa31da02803778bbfc75c4cca5ad29a55f6b711857","nonce":"c670655429970de87f9ecedf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"0acccada42c20777e759ea5d78d5fd994380fe6545f846305e6bc843662ae64b7302abbc0a057ace9b9e757d87","nonce":"c670655429970de87f9eced8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"3630919dc63b21a54b77df1ff24827274096c6420e499514db90aa05c7e40f57ddf9d9abcc0c3d7be671057d36","nonce":"c670655429970de87f9eced9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"5f8cc0454a192c89fc845dae0d434eae09123b560c4e571364a5328a203c60c2c360000735ae9a78f5baf592a2","nonce":"c670655429970de87f9eceda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"14d0939194db9c2f86148f5104a49edce227ef59e8accebb9845afffb0950a37e05f91c191748f47c311d75174","nonce":"c670655429970de87f9ecedb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"6b2afb11b28b49bfcb4526dde5a61682f181719aacbec6f27865174acdd50581cca27c0ea46023c283a1af4a01","nonce":"c670655429970de87f9eced4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"8991529dc7773ed25f34550f33261dd0326f43062a9fff5f9c066c0086bc0f3e9406b0fd1859fa04672d40342f","nonce":"c670655429970de87f9eced5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"ee44f4d0b8ac13bd56dad3721d975070dc7934a16fc725da951372b817f8a580b0ec7875dd0b0d29cc007e3497","nonce":"c670655429970de87f9eced6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"0e38a1476b803cc1b5d63f48448b63601408063066b3969b3c375c4346510e8965f30898d4ececbb9fdec8e994","nonce":"c670655429970de87f9eced7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"01fa0cf4a2c1278a4b1d290ae82dc78b2144afe9da820c1f64bdc24ffbc6a2b586860c74ac3da7da5b6d71808c","nonce":"c670655429970de87f9eced0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"75ed68b57f4107e48539e9f393dd0d587de9b4eb62d9a6e98fa46fa4dd21b1a94d61244cb25291ed570648e785","nonce":"c670655429970de87f9eced1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"0ba8a297bba83116f92fa7ab600d128b3740b877479b723cc708739b511b31cce5e4f256d442120d25952f5663","nonce":"c670655429970de87f9eced2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"b79fc797d6a1709148c636071cfd49a136f2e0e69de752295f29861315e8770e422eda1a7ff0979bd8891e602e","nonce":"c670655429970de87f9eced3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"48bfbd74bff0d391b5aff37b3478f262b2efe6005d35745e253f10eaaf45bf19425b28273389589cff101eacd5","nonce":"c670655429970de87f9ececc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"4b029b15e98406748620232f5f0ee828414cc434947910d22ee57b3bbcb49396ea5b423fcc3921787f0d33a193","nonce":"c670655429970de87f9ececd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"eb21e5e41509faccb0e9ba4a6aac06bdcac867fbf8e9759d8a853ef78e83c37b22153cc792231f9a677d0a2f54","nonce":"c670655429970de87f9ecece","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"9eea3251af7b49091c04589e29a1f15f26757cc879201148eb641e5fafd6787a6384e389666b6f4ea84ca8eaef","nonce":"c670655429970de87f9ececf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"38ae907805d2db1debfa474ddc4f23ac10c2e7fe4426c031a762cd64b6563fcca6e8f8b2ec817ae36720c59cc8","nonce":"c670655429970de87f9ecec8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"253e8efb153509e7cff2da30d9a474ce5c64a4164446cb6772d3a880483c25012f5f62cf30f7bd8623a65c0e81","nonce":"c670655429970de87f9ecec9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"4e5b1bc1175c4dc720c6a6d80d32cee5597f6062ae6c83930a0ec2f2f394a5b0d1b8aa94e26631764057537943","nonce":"c670655429970de87f9ececa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"c26cc7dd5fe7b384902482366b265ed01ebfc6acfe98022586a8f8f6401c721aec6c92caae4fed8b598fc86708","nonce":"c670655429970de87f9ececb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"27cc7d6b80cf670b59cf5e7b77707497ebaffbbd709becb6346c1dea826f750923cd2bc8b5e197e9d766c25b46","nonce":"c670655429970de87f9ecec4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"47c778bad7973c3d378172726a1030d23e69dc86f532950571706e363568a8020de6e9e130527bd60c89693ccb","nonce":"c670655429970de87f9ecec5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"eb305fdbcf68ef2a80473b477efa2b1649fdd8777bc8918e654683fdb57cf2011088b02f350c28cf1a96ae89e1","nonce":"c670655429970de87f9ecec6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"6f9b453ce5f623dd9425d95d7094059f2dc406cc752f96b9862b6b75cfdbb226c7ac435b23cbc679c4ec584394","nonce":"c670655429970de87f9ecec7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"09ed2496b689dbdaf31a82a69ffd3a604b5b0931180f42dfbac5b3e8a7e69ed5f268b1c92be7044d8499df6891","nonce":"c670655429970de87f9ecec0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"eb5557fd20c265eba1ec60e42ff2842a26de7d10437d3d3258c073315fb753ac5a11b051b79ba1ddb02ce81eae","nonce":"c670655429970de87f9ecec1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"00fde65d2640db92f32452de5975961907f7a1d9b120034e4bf2ea6d0ec7a6c6fd0dc99336c0021280bab7a86f","nonce":"c670655429970de87f9ecec2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"b1f69346f69978bc2f76e3dcf81031419c277a6f8d6bc11892a7422822b4b4ca8009efd6526c4623e11a129953","nonce":"c670655429970de87f9ecec3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"8ce52a27758829df30d715e919b27427805669c37db19b8222dd879fa42da9dbd37101750b08bd6e1b542d6f4a","nonce":"c670655429970de87f9ecefc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"0cb4429c11492f181b520ac8337e9023f6ef7bb0834e41efc52ae90c6970ed7f00de3e0d464020fc6aaffefdb3","nonce":"c670655429970de87f9ecefd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"0bc4b9c95cfc2adbcaecc573c3a9514d6429d379a4e86e12faa46b7e41f6fcd94ce335c82ec881418d21f0fb1c","nonce":"c670655429970de87f9ecefe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"1f666a47535ac3a3aa02e505700b49f830fad60a38c7458f4370d301e6a73c213dd8d234e133c679660c865b97","nonce":"c670655429970de87f9eceff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"2a3fbc39421f865635d17b80764ccd57b3f1c739239c33dd0b975c56b6aaf5bbc2514c836acc59ab8f6fc226f8","nonce":"c670655429970de87f9ecef8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"e6318b5908dc8bc64aab667bf3f8bbd27625026be30eb0d7c004acb7e6113afae2c8b07ec2859fe5552a5bbf39","nonce":"c670655429970de87f9ecef9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"4e9659b4622b2b1c401197877be91bcd96a5230a831d876972504fa45dfbe1145d3988cdf406a6a3b248c48267","nonce":"c670655429970de87f9ecefa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"6ee0d8c139b43cd145402b85f173cd411ba42927ee0bd269fdd2c71c9e78fb00304923989f54eda157a0608bf1","nonce":"c670655429970de87f9ecefb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"72c07208b2357d3e2b4b59c1c387796e952332c899c29031638f5e069e83d7468f07b6fb345d03d55f8c67a7ed","nonce":"c670655429970de87f9ecef4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"e6dcfd1a31a45a09e7bda9b2c4df8899363549df34bd53d3643b16629abbe8ba3091b78c81f7804c3ef67e1282","nonce":"c670655429970de87f9ecef5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"7a4f5c2bf8c7291c6436b589ca11f17455109cb53659d8ac3dbd5a0a655faecb97c9fffc754c3ad8585dba9b7d","nonce":"c670655429970de87f9ecef6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"37bf2533783eca7779474d1d6d677ad6d0a297f9e9c5fae2cff74bc0cbc91a1d1c896dc4a54f7b742e07d3bc65","nonce":"c670655429970de87f9ecef7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"7b5a3d334ddaa40a1fc195ce6083a7f4e13da43cc9d44d9976111c729c2e429a93674b51ed533b19ad632f9cc3","nonce":"c670655429970de87f9ecef0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"f3b3ee3276029d42b2c727244bcadc26cd7634b16fde0af195abda183f0e5674ac81b42c6589fed560038be017","nonce":"c670655429970de87f9ecef1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"dcec7814ad37a8ce4c896b43c0c2a680143d21c617deb484fe51b2435978fa0cafd2ab6ad9b76f62bfce14455d","nonce":"c670655429970de87f9ecef2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"932df615bd1fa3dfbf3db541ee037e86f0d2a44f9d678d7215a26f25669a4cbc8eb84bbabbd437ed2b911087b7","nonce":"c670655429970de87f9ecef3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"f0203ba897bb4c1578687de4210e9b0056669536b47ef905f1bf47ebc155cb178c38e9157f04658e053f8f5a26","nonce":"c670655429970de87f9eceec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"3f679b60c6341b9db477dec8d6c36d03c04767f235c90d48c17521d5781e64a5dbe4c769e6be8ba0643b927845","nonce":"c670655429970de87f9eceed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"919d2aa933f8fb6096559171eee93fd677ff5340ec06a3966f34813177e3e4e8ee4a6e953c90857893df31b88d","nonce":"c670655429970de87f9eceee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"aec77199d8a2cdbe2d453a6c7a00b34ee5750cfccc312dc52c77994dc1efc15d6264e849df55324e7c6766e046","nonce":"c670655429970de87f9eceef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"c3b2b032ce7d951df678c4129ee0ca7cc7055f8d619f016f6767a432cf61be8a31e816fed93eea737336df7a40","nonce":"c670655429970de87f9ecee8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"d8e69ffe3e69eb6e595a74fb8d1e24bf0ddedbe136c4d93f3097dc66243ebf73e920fe36177bbfbba0e3680bfe","nonce":"c670655429970de87f9ecee9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"251c89021893042059dab7b4d698f9feec196c78d6993382daf4a6c86c667ff881d901f1842fc98d5a5399ed0d","nonce":"c670655429970de87f9eceea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"1522e5cc231e32df6d3043ff96e829d0528aa032c7ee58302ede439928beab4ad074444e0a88c41a4788bcbb2e","nonce":"c670655429970de87f9eceeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"10455816dba1901d84bd10996c8c5aaa850c1938682b81284a146afb310fff5e738ce6d6d0f54589c40549bc38","nonce":"c670655429970de87f9ecee4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"d9ceb4198da0c15145d530f90a0f629af7df0ae9da8418efe20a0e7ed3b6df676165fd7452f9f4d96043c72490","nonce":"c670655429970de87f9ecee5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"4286f0f150d7ef532b8ad4c7e13e83b765f548c161f11db0c5098c8c892018afa5b108fa8310cff75da762a670","nonce":"c670655429970de87f9ecee6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"b81dfa47fa715693274c445d5325aa68898a18c2bf42b38e20fe5160677528a5cad5bf41e25f97cd5e63c4496d","nonce":"c670655429970de87f9ecee7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"feaf7fdb8192599f7f5963cc32b6e17180b01698dbc66c5ee07732ee002ba08e6eca70fdbe9e21175cbee41173","nonce":"c670655429970de87f9ecee0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"2d755a59a76bf032379ce29646fb4ef8dc42e8800bf1a4a9de31004b37a1c14c5595bdbf6ece21df0f18f62df1","nonce":"c670655429970de87f9ecee1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"53c640bd91fb73dc942e5ebb8777b88984ce5f95ffdb4901fbd18b03dd1a545d0b3513358c90049a841988e8fd","nonce":"c670655429970de87f9ecee2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"a0fc98f446e2afa84dc043b30ff1b7bf6cbbd2360fc2b100b87c091b8fad6570740fff44523e4a4cb74bd1ba5e","nonce":"c670655429970de87f9ecee3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"dd9eaa8cfb3b74dcc36d8a3508caa803d645aa5a9cfd89c287233f1920ac24d31dc8650330db7f8e0794e4d9f3","nonce":"c670655429970de87f9ece1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"4ad6657fde74d077787084ecb5f2a521e52e5e4d807577c11c89fa4bd11705dd0bbc733260f5eee51c7668feeb","nonce":"c670655429970de87f9ece1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"eb0423721bd1f6551b5388c0f6b410c263bb003e0a356660e662381bebed7f770deacfd63e1031f01b8ed4b4c4","nonce":"c670655429970de87f9ece1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"1255c46f7debf758115eaa2d938de28dece18f77d6e01c9677cd827d9771da0dbf31147d482859ce3cf39f0d38","nonce":"c670655429970de87f9ece1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"e19c6f8432707de69d848336908feb0af6646ba9d5a5134a73bb1fc340ffe584d581bb747b72d281ebfca41666","nonce":"c670655429970de87f9ece18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"c93e85226df3193ee8c566f3c8a536abb5aae433b8379d138d3651a04d4dd47ab8db92f87783d60087af75e740","nonce":"c670655429970de87f9ece19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"047c15bf439772f30db00ab7935616e2ced7867ec5618a7d09b1960db1735ddd992b618ba0ce7572903bdc6ad5","nonce":"c670655429970de87f9ece1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"82a9988e736fac01aa851046af3657d2f37cc3b64f2904fb95ab4c18499be3760acfb1b4b7174f670edfb84533","nonce":"c670655429970de87f9ece1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"d809b1401c91fdfdb3839609ecdb445a333da56304d203896f0974f069f76a74b5423bb65499e5be3cbb65e81c","nonce":"c670655429970de87f9ece14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"02c232c0bb3427c32bb35a47c6f94a8112209d0e237e279a6bc886ead6c50351253be648e172508d23f2ecfc43","nonce":"c670655429970de87f9ece15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"f5c799be046bb7afdb26584ffaa93d0733c73faa583793d3d0ca993dbd40e59070cde3c8b8e879c5fe5d210cf4","nonce":"c670655429970de87f9ece16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"8daa664e6c0586ae99d900672d6e48217de849256258ab884d30dc2103dff545d947e5ca73200454e86590059d","nonce":"c670655429970de87f9ece17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"15711bee0ad413ed763d899b42ffbb85c73dd6b23d85e9c727b481081cd350fd80f3b3382433122d884aa19fa2","nonce":"c670655429970de87f9ece10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"66934b2444f85556c4f31ca16599483e745c5a3fe12831429e9594f929d1cb5571bf26371c6a4e6480c92b85c8","nonce":"c670655429970de87f9ece11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"169c8247db4194d211e021839f2cfecf9b522c78f553830d727a37910812b9a7af5e93db095ea2eb1b3ea53e4b","nonce":"c670655429970de87f9ece12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"cbed896a57cda51cc4cec61ab080d1013fb8ab2622bdc5cf3fa47b0c58e0fe8c9b0fda167c49bdc47360cde62d","nonce":"c670655429970de87f9ece13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"993fa271c52148f74f180e6a16655c64e0fbdef4e82d4a48d1b86ec0c8a4b5292850d82ec19250f30e89180a21","nonce":"c670655429970de87f9ece0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"44ddb45176b2945a4e6123123ca59d4dbdc61825fe08277ddd3052b45b1f308dbb48ff1e31fdf8a31da34fe02a","nonce":"c670655429970de87f9ece0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"3890db4dda8dd14585d8c141974564c6f43b091af577ae95dc1ee79a343b6f8ed5dc507264f263826f97581044","nonce":"c670655429970de87f9ece0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"a729770a94935e56d33255883ce94f41131ce80368e8e5919bae2cb336e81b46707a12164581326eb89420611b","nonce":"c670655429970de87f9ece0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"6a8019d9f333db5af0306d8e53c2f7dd5559993ef5e4cb965795d9f792246c6b280dcae8d1c3f5651074adc6cd","nonce":"c670655429970de87f9ece08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"3b1cf4832eff6bfde6f9c0e14dcace38f454269383270b6cba6c3e65d13762a631c9cb3e16383f6300dd8742a8","nonce":"c670655429970de87f9ece09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"197294263a4d422de18ac8fa7cc37ca779ebf679f0007b91a1f1f637472db202cb9b526cded2dd3510b2412cdf","nonce":"c670655429970de87f9ece0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"f2fad3ec0d31ecdca9ac38ff540bf746c650abdaf290dc29971b928c521eff76c7503d46b2921b9ea8ff346bbd","nonce":"c670655429970de87f9ece0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"c803412630e6e0d621e61b8ea47f280e17a5cb3cc4eee29ad78e2bf009957effb8731d25e6892a897863ef54de","nonce":"c670655429970de87f9ece04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"123ab40fb746a52097d687adc843e5db370870f51afb30dd4a07344dfb3f59b40ea5bcb32f37aa07dc861a765c","nonce":"c670655429970de87f9ece05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"57dac03d87ef939f59aec2712a5d6eb2a63627381e102b1b12723f664f72cc3305b8fb5d2525c274ced43e4aef","nonce":"c670655429970de87f9ece06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"af17f194917097527e4e53afcfdd4b98ca8cf77983b18893d93d1d5dadb5e8fe55b9d0aebb7aa8803df730d9d1","nonce":"c670655429970de87f9ece07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"ce89291364407b15c2c74fc2548dc413077f5f486a64ab1e2740f19779be2f962fb7a5cffc9c030c5bce8f827f","nonce":"c670655429970de87f9ece00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"34817f4b7ff7f57190fe0d339abe0b207b8c864a3cdeceb879f1608d11cdc4a7ed235d3b2f5dddd69d0ca32aff","nonce":"c670655429970de87f9ece01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"afe9b8d5e5e61d4652fb3d46bfde3c6be5a29d67e3fdbbf516ce778dec5ed575e1c323d2e87254ec8ac97c3206","nonce":"c670655429970de87f9ece02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"ab27e0e5dbf1df76c665dccc30e5f7bddb01515b314e410b91a05b44b540b9d48121d6d16733acac1b77b24dac","nonce":"c670655429970de87f9ece03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"98f5569d6de63501ebe1bf70feea9527dd82943e37b479a1511191e15e99ac681a58b5e005fdba31090930598f","nonce":"c670655429970de87f9ece3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"36af31c36a366d81e0e3e27eb5b089b32cee605999d7abe53f27d2ffd9a5e9a48285a794e04cb91581343565f0","nonce":"c670655429970de87f9ece3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"a57dca82783182e6c31b14733ae2b24626d0ec385647757a8be6a38c131745b3b4533ea5d4e2ad328264c9bb70","nonce":"c670655429970de87f9ece3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"b57f47411fe1e479cc8eb74b337197e798403018aef3d78a8b75229bd5dd7c22b23c0118366ac22caf05b8817e","nonce":"c670655429970de87f9ece3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"5db7155d4cf3c76e8f2d1b7409715e21a994fe4d2a34732ddb46d943e32157fbc92190be57b79b13a2c26b1331","nonce":"c670655429970de87f9ece38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"96383dde385639c4a1a1a01a42c4164c14a0b5872ac3433d518cea159bcd17b0b336ec6355eecea198304954c7","nonce":"c670655429970de87f9ece39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"ad5263c0c6e32f160e460942e660f5b2064194e4fbad76cdea5a11104ebba5b41274b932bd524d04dd8a966a36","nonce":"c670655429970de87f9ece3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"15aad9be8d717733e7d2c7637202ef87ae7ec058738885702bcced4cf3fa7591de21f259f16d646414bec1a97d","nonce":"c670655429970de87f9ece3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"e7f84f078cee05606b6acbe5fea3648989850272ce8d925636f51a90ae05f82d4df5babead6021b1af8ed1bf40","nonce":"c670655429970de87f9ece34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"dd7bf037b1a52134e16d0cc7ec5887f880428f018c8b68e92100b19affe0c309d91e6357fdbdb5f5d5503b0cf2","nonce":"c670655429970de87f9ece35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"8ec2decad81b5d75e9e37cef4f81875665d8406e48a1a7ab9145ae5febd0db4593c595733be5aa43fed356f015","nonce":"c670655429970de87f9ece36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"1337ca706812354b77f46bf2af5bda2e4d48fb65d8ddcea15eb6772a3e50093dcfcde93dc9c00349c9da6dcf31","nonce":"c670655429970de87f9ece37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"20a19d27cf79d6b1bf881806cc15f4be4fdae709c2dc7513b9d41d582901b60a57d77aa2312589909c03ba96a6","nonce":"c670655429970de87f9ece30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"441cda60b986d756bef94d7d8db8d5322ac750528c5c609c1c90fd549642c623de855cc0d1b666caf379363d08","nonce":"c670655429970de87f9ece31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"4c73004bac616c27279d0054e2a3732dd73a2c9f55be4f1eab83d96bf74c82e383b8e43f0cc6cdb91e6846760c","nonce":"c670655429970de87f9ece32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"1915f060093ed99f2cefb84bc1725c0915761d9a9280dec53321ecf5e2a317b2127604c747831a99c928372a9f","nonce":"c670655429970de87f9ece33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"17fbc8cbab68e763ae8c73e4f0022bd69dcb0a0bff04e5c493fe4a6bfea90d8a5121a9a69cf63f0c9bd198f704","nonce":"c670655429970de87f9ece2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"fec7737407262a1b2534c8e1143f1b646f527d0dcbc13faf69e7efb49806303ca84fbf1ab46d0b8d7420a655f3","nonce":"c670655429970de87f9ece2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"0077a9a03e378c43f9eb18783d0b660a22bfe480cba3134d926ca31af9d0509fac7d285cb08c157f952406d0ed","nonce":"c670655429970de87f9ece2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"74f62ae2ce43b4448ecb7cee6fd67eaa2dfd78615bd9677e8ff44b177acef2950489940a8c63dbdcad7f37db7a","nonce":"c670655429970de87f9ece2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"d64ae424ed39b1a9e80288bfc8569ba2af9d105e69099ba85bece50daefcd0fe650cefd076d72b63668133b28f","nonce":"c670655429970de87f9ece28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"179a67a9d18c58a7175076a5f59a9d5e0f89a52b63837ac4de4da6664859578557db8b99ac55bd3c300d47117f","nonce":"c670655429970de87f9ece29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"30b0cffdaaf3f6d67b501ca9926cde1bc2675458810c42e866f80e24298649462f829aacab78d552c1b7694b6b","nonce":"c670655429970de87f9ece2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"1434ec9a00fd9e395e9073c994433fb2f9ceefb350a26d632e3968baaaa4286fd8e2adce892624516fdef84f81","nonce":"c670655429970de87f9ece2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"59102041ba6554bcfc0dcc36371355e636e8848bc559ed3a074e6e5f184eafba624b87ae2a6fbb4c08dde8c51e","nonce":"c670655429970de87f9ece24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"4c21c647c455fc2b4121dd787f59ca86b7b2d507f59006e231f38e44f126c1931ed9fab02cde97c2d8c64ffbb0","nonce":"c670655429970de87f9ece25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"e5469f8b13afbeed3e0b45f46da03b5991ac7d170899dd2dd143973e8e8a16d6738f66e8213a5d1227bffc9790","nonce":"c670655429970de87f9ece26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"6360d150b65ac7e96c5214cf3535499dafa2043ac8c2dd5475a30159226cfe871b49d21688262de8f6ddf2814d","nonce":"c670655429970de87f9ece27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"93496bb65771d8cfdc5dca0e5ed8047f8966df2b28a927f26845618a5531183339be7876ee96b069bc675316c8","nonce":"c670655429970de87f9ece20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"c488f623bf05aa24d0e4f799dd158d56cabf83ed6256fa49a4f0a71ea642737ff366c83604d469744b54e8a08d","nonce":"c670655429970de87f9ece21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"d19ae06e175f1592bddc3ce00df9b38e3df9ff9fb8ec4a9c038b92c06756ce66ec13c9d4423c1d5fb35f71d7dc","nonce":"c670655429970de87f9ece22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"6a1307980dc880e7771b52917e83cef217af04f0e8d3ba4c5b4992e6df605a8f80b586b0192ff64ac4bac54d41","nonce":"c670655429970de87f9ece23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"6f82da2b24fce4d053501fd838eb3c8e5b8f01772d964d62a7e6ed8eac2ac570f4dfed1bc788a5aa7a09653757","nonce":"c670655429970de87f9ece5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"521ff63ed9268cde82d93dab4830625859efb1371c869ec2264c0ab16e45272b29a18973ccdd7f943870769c9a","nonce":"c670655429970de87f9ece5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"069c8e3976d9c98143bd143b220d5729ed4dfdfe647ad1d84b6b2a334a95717f1ef853a90b1f64d1cea1902238","nonce":"c670655429970de87f9ece5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"a1bf3f3bf66bdb385130ce5db429a4d281e9fec4db0e1c34002fbf16ba5db37bbe5581837b9ba1572649903242","nonce":"c670655429970de87f9ece5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"0cc5a605f5592b79b27647a00745e4a7f62583bb653050893395a0f2f069db413e6b900ec6f307ac6d6951e705","nonce":"c670655429970de87f9ece58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"d18bae550d94a921ec22a39acea0d0943017090baccdbcb1f67588fd8d0b6275d4b8776fdd454903042ba1f922","nonce":"c670655429970de87f9ece59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"2e4892cb9437301b285cee83020d7cd4f1768329606cb2cd6822f254154a6bbaf9bfa0e03b33839a5310f85e00","nonce":"c670655429970de87f9ece5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"04794431d60d1256a95e2f4fe2ac49cafdb903e866424809830a372037371d32fb87ce4a3eb6188c081fa10c37","nonce":"c670655429970de87f9ece5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"cc227e7d33b83037d398e67f092877f5c8b9f892a7696b66eecdb3eb6b95c9f8cefa76802aef9eebe27ebfc90f","nonce":"c670655429970de87f9ece54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"6b01a097872f5bd296e1d0dad4ce65409e72ee87e6bde4dd718f0b2fc68b9afde3ce2e05e338f23dbf1abf6a6c","nonce":"c670655429970de87f9ece55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"7a43781c4325973903420bb82b95c3d5853edb1b15653ab578a788605ebe0f0c1dcdbffc0d2d3bd51ff0dcf180","nonce":"c670655429970de87f9ece56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"48db25c9e41f658fe75cd7da63253d738a6fb264abbc01ee4956faab8d5db048755e2f82706ff1434a3b5ce550","nonce":"c670655429970de87f9ece57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"b3ccbb1380063ba1bd7c81d8991b1ea8be6c3cee4527a0ecb2c5988f527c31fde0a109c4f9727781c655792781","nonce":"c670655429970de87f9ece50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"536f9d27bca529422ee6d9f15db76eee2877f0545c8f5712bafbad66e5a98a562c0bb920b02ad8d38e8f2d25e8","nonce":"c670655429970de87f9ece51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"e34ae04ce20802d6af27a77d8089925152c0b5f7defae030e48fc25d2954dfa62fe076f82752692dad9d8ac6be","nonce":"c670655429970de87f9ece52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"2211363b056dc4ffe0d55019a70a412bb5111803bef24661d7c66568bedbd10ae4f17837702434e6bae3fa7e64","nonce":"c670655429970de87f9ece53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"c540507c03e725e825429e83bce403a751f9012e2503a377d6625e61395574bd1585dedf24e51c16c21755abe9","nonce":"c670655429970de87f9ece4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"45d6cd7879ed1f23dd6034f012ce4db8390ce3a5359822cd2b795569111e44a48c606b88213f0baf1458feae01","nonce":"c670655429970de87f9ece4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"ce8ccd7c027eb23a910fe9b7c732e64266470d7fef6c09a6bc04243ad162203e4f88bfe1f8434feb078386e3ee","nonce":"c670655429970de87f9ece4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"667f48479b2372d7356a07f77d06f665cef23bd877c68e0f370dc8da1c722c5552f20effb5e9fa02d98a4f1e47","nonce":"c670655429970de87f9ece4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"f971b3628b5eb6a08104362a4c0c6b41ffb7343944ea40b0d836f891182478ae807ba3c8f1f805f4b5c3ed3d6f","nonce":"c670655429970de87f9ece48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"2f61d25c0cb39e2d894cfff09c60c2e693c9e6d9104d83f93d6e816eb8346a64903d5cc44eeed2a616b5dbc348","nonce":"c670655429970de87f9ece49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"0e827c6aad02bf995926e542c4e4672280cfca3035a4d98c2a93990b4035888ebd26738b7b418a92b96c041e79","nonce":"c670655429970de87f9ece4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"4aaabdfca41f26cd2ecc9a882c6db68003c63fc23be266f8fc9c348ddf8891342791aa2f1d03731599d7868381","nonce":"c670655429970de87f9ece4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"f7a7fcd68d1931d42222226d6142a4239826bbcc5691ecc0879b390edb189cbb5f12bc18ffa8251b183c710dd1","nonce":"c670655429970de87f9ece44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"a57cbea7f5496b5108e3c7b6c70e7b32bdb1aaba74768f4b22897caed0727c9375dd1a2778c168e24a3d2006eb","nonce":"c670655429970de87f9ece45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"b4584ca947c21ea3fd9e4572539cb120c4beccb6567844d3b92921bd0c916994b96c3b5b843fe85f2ae875c0ed","nonce":"c670655429970de87f9ece46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"40fc098fe7e7d0a91fb43fc5e25cc4f9bf4573de70c4aba58539eab416a424d9a5271ab5a15db5f0ee2e88fe05","nonce":"c670655429970de87f9ece47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"10b3099d4d0ddf3b56121fa9a5dd69e2b498e3e8d5ac8b837f1e68026e0f8f12e05f2df65bb52ee9444740de39","nonce":"c670655429970de87f9ece40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"0172d3a11506d32e7553e722f9c4f5621f38ba6ffd97eb8cfe13abc51171bc529433e0742482e3722435866557","nonce":"c670655429970de87f9ece41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"6e457e4e0da6f61d31c226e64ab6c765a3a8007f9ed31526a176615796cadd5a350d48bc4a49bc3365a850b52b","nonce":"c670655429970de87f9ece42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"a64d806aa244f54a78634525dc3060ceedc12c54a7ea2b788356e440bacf133b977c06ab86efcb94096aa69327","nonce":"c670655429970de87f9ece43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"29e681d060f15046b789e7d93cd4c929f17c2a04714703331fa64ae4db2dd9834b26b15034b24fd9df9c46ef51","nonce":"c670655429970de87f9ece7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"c3e5bb2dadee9cfd8567381b24381596b78268dcc9b602b71f76d6d993e6a82830ad1cc286ade0f7bdb3409c56","nonce":"c670655429970de87f9ece7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"157c7cdf38079566ceada7ace77d4edcf22b25ca1135c122bab23a55406328ffcc31aee1520d06664cf8c80dd4","nonce":"c670655429970de87f9ece7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"9c52f4d8fe0f69ba7ff08e742495279e738824525dc0e7d1765f3ec68001936e3758f4a3785fb1d9bfc3476de6","nonce":"c670655429970de87f9ece7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"1475c2d7fc2b27f291eba585a3ae1054ea7a93e3151ed34a3dad27c93ecb1f0779aa3f34155a096cb2df793f5a","nonce":"c670655429970de87f9ece78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"b4bc2285b33c1ebddb68d4491afa00dd9099b0ea101c0653703af9da63ad817c5c749aeefe66341620e2a47b94","nonce":"c670655429970de87f9ece79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"8b41028fbb7ca0b868ba0a65b0232151f5bac5dc53371611c0164e26d2005ff6f9ac6cec598b364d12c2c5c7a7","nonce":"c670655429970de87f9ece7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"b6140c83c361434d4873177dc273b63b30fe2c8280a6b8b7f96f8d6b670c5c305b41656c81d5b297802da2b691","nonce":"c670655429970de87f9ece7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"82fd01920713b12823b6f79772b2219a9e9cc308555025d731f832619faf8c2f15dc1b6723e834b3306a4e918d","nonce":"c670655429970de87f9ece74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"c919f3b42f6fe63ff5ae23da4e012335db084dfed0c07fb5d77a70216849298a3a9b2ab9c673f146b66a00c10a","nonce":"c670655429970de87f9ece75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"702f269ac46fe94f95774c545a86e9e95f73e66912c053cac1a6b5e4f07da477ab708bac2f60c39d84a614b5cd","nonce":"c670655429970de87f9ece76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"d92177fa7d2962d4a81786bb75a7f915b95319095a141879f89edc08c97c95a581218ec299d86e5bcd304cd018","nonce":"c670655429970de87f9ece77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"fad237d3aca288f5a88d944a76441aceb16b1844c9555e64fc39a70fd5856054198fe997e81d965079c43e9350","nonce":"c670655429970de87f9ece70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"1aeb6faf07bdd15d79d3a7a6be135947377f6d708b0c36cab593717a49b593643da21892831d80dda843954bbc","nonce":"c670655429970de87f9ece71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"4900d5b7c68b77a0d3ce4c03402bb87511b19a08a859219585a230371014d218cd6d7e492493af4e56d4eefd61","nonce":"c670655429970de87f9ece72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"ee2448edbeb929c2cc2cffaa866a3426345eb98865a0c57852a5d7469eeba9fa1e76dc567751ef730b9ea964c1","nonce":"c670655429970de87f9ece73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"5fc47c702d2cfd52a3368c99f5bfd3a242de83d220b58d69ec77f701c2483254e4518cdf83c7641f9dc5ca7408","nonce":"c670655429970de87f9ece6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"d873d3d6a8f470871a7bfeadb0f100fb8c43751aae1b9d924daecd27f5ebdca18aefebd7929f76c1d1c1330757","nonce":"c670655429970de87f9ece6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"f1f33949f54f74541e525ebcbd6e4c8e15d333321b440aa6f668d3e05869288957e4925f7514d8d5fd9b202056","nonce":"c670655429970de87f9ece6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"0108e1cf3ae083aac52068be03deb1841c637e24c306ea4b64681d572479d98989cb97f29d8d9c768a8b748602","nonce":"c670655429970de87f9ece6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"2cf384bd1cdbae8ef16f7ec9e69d4a92a2ad64a7d391c806832dd3a5c285cb8d7d9e53b1a5fe6cc5d6d256f61c","nonce":"c670655429970de87f9ece68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"f3cd953fc5471b517e8cf744630163e2e38abb6e3c27c74d11e47c049d1b82766e080e834ba8c795f0c364a138","nonce":"c670655429970de87f9ece69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"589c8e1f1e766fb10060d49b7eee9b1002e1f4041b586e16c384b19c216d35f2c23f1d7abff8d2f176a22f7707","nonce":"c670655429970de87f9ece6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"78c05d91d7bd58749580c18e7fbf10b88113ab99b6c13266df0b71e329fe3b6209a3bd24010afccf3e7fc552e0","nonce":"c670655429970de87f9ece6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"52d5a63f71e2c176c7394758ca01a86d2185edef6dd9f09175eaba8a919127e44b0eda8e0abf921e23ee4c05e1","nonce":"c670655429970de87f9ece64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"2a41849c45bb36effb22659bcd8b45d0472da29780e74f3ddcd1df861eac77cc6a0390a46363d50e6a68596d7a","nonce":"c670655429970de87f9ece65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"9268a83a4a2cd398b9dccc645316e118d1894486e9364160a9d6cbe8dab979b8bd52f6639047ade35395083792","nonce":"c670655429970de87f9ece66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"e10c3e535b6fda3b54dcdb465165a6b8c6e7f18f91cb3654546fc7340b2af3609ad4eb9bcb1ed595c62156e5c3","nonce":"c670655429970de87f9ece67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"e246e89f8254d8815297651acd9a8433a603220d180be86b8d73b7bfaa2b71a09e446e403fb600474f417b4d35","nonce":"c670655429970de87f9ece60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"e5b638551a8b28caffbe1a9ecee0b248e651f4509758531b95576261d406b67d8ea43c5ca5d35daa963ede28d3","nonce":"c670655429970de87f9ece61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"1be5a762080a977bcb8291028f72cf2fbc2f2210b3315355eade6e5424b6a42886f026216438bee1ce86526321","nonce":"c670655429970de87f9ece62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"d01d5eaa6969f10f8de7a341c22027dec9b7cea3f1a62559587bef88ebc5e17a33f1ae57332782eb760eb6956e","nonce":"c670655429970de87f9ece63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"dd3c0e3f64119e4c82408120cc404a44ad06bb3c089b445305be6bb59571490133a1a2a914cebb1b5d9441aa28","nonce":"c670655429970de87f9ecf9c","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"6c6657d9871567c29d733f00d9d861584719c0b1d710f6f1647cbd9ea3a0ff19"},{"exporter_context":"00","L":32,"exported_value":"1739cdfcee29ac8b99855c91a1f1127b79427421470b041231f32921fed63bb1"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"9a084c4f33bf9dc46ee6a04e38514f50a1a31995a8dc06643c9ba765cf49dc87"}]},{"mode":0,"kem_id":33,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"1a91ec4a112661d663caad07437e07486dcc80b499c83c6bf17fb2faba77c180404d983bd32ed4284fa1aee3bb3887b61402036b058c3c8d","ikmE":"178e4db14a03ebf5b5205e11a3c3918431b4d4bb143b62a52bebdd61d107d23122868395cca3dbc46e98964d4c1dfdc4b0e05cbb2934d9e5","skRm":"c2f51845154d6bb6917e44ef0fa0a1fbf1d80f61d199486e75295e8a7e50432d548a7f8040953826c4f1bce79e433dedb4469391c3cc98a1","skEm":"fa7562b37eef0c60126a0cac505c9a8854223794ee5c195f44ede823f9a74c41697c8927d056f8920ba7e021bde91b749751a1253a964aa6","pkRm":"f2fdb31a7829a6d2d78b9d8b670397457c92cb2417af37dbe0c1c12a9547e4eda9fde09fc3fe0f359bb7b4151e8a6fb592530af71d9dc0b5","pkEm":"3d4f6aa08c635205bcd96a0791695d08638714474b4d2c0132b69e25cdb826e1a2a84bc0c40c4fc75f52051b034e0afa82b8457e28794f92","enc":"3d4f6aa08c635205bcd96a0791695d08638714474b4d2c0132b69e25cdb826e1a2a84bc0c40c4fc75f52051b034e0afa82b8457e28794f92","shared_secret":"cc20a83a9af44bc5a03a53f06beb01af474d5a85dd3c4f2082197ccdfe32a275996e497433e58460726459a1b40e31e6141e1fb605fb8ae0580b90bd7398f318","key_schedule_context":"00c88fa84728b245b308fd6933bb5039e92b2d3dfdfe95d8786fd110e7eef15eeeed01013a4b3649cec0160061020dedf2ff1a5a9579dd7f35f82ce7e4da7034b2817d22761b0e30bbcdab3759c3f6eb30117e5901b4813c6a7f4a98cd855f07b790aea87cfe90b91c465c22904d4128111352d6be737eaa757a0e2a1834173707","secret":"8c9087d4bc4d0d53d3047ba0672fb1c99804e0f9e2a3ae291f0e2d0713f02dbd42d26db08d8082ac790c2b0af45f3debf665d068151af9e1007b6c46d662de99","key":"87ad565738a70049699288c975dc90faddb076f6280136cee4c26c3111f64e0d","base_nonce":"b76f001f82b908e92ad2639a","exporter_secret":"d42d015324e068d95aa4e5d3dc53a7165f4963a5c30c8d073ce286ee4ecd29e37df81b897e1698e943d4273397f860299c37db445aafe499ece9f6cb1bbfb768","encryptions":[{"aad":"436f756e742d30","ct":"4df124bd68d45b84dd5b82146597cdab8b56ab618166f814c2fe98ce35f43b09917283a58810aac71e852bff0a","nonce":"b76f001f82b908e92ad2639a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"5b78efb13bcbbbc2bb69aed60c30287c20c15fc708ed19fe007ffa796e5be0832cb09ca389b4afc15101acf3c4","nonce":"b76f001f82b908e92ad2639b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"2ad61b49efa413e9242f0bbc2056f109494aa567a9bb749341a4224ac881d61159e7c09481632949e3a23885c8","nonce":"b76f001f82b908e92ad26398","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"3fbfee979b749e2fa62c3ceb3ce8931b21cdc52c33446d97a4429a7d17c84a4415701b8071dd264a3151224796","nonce":"b76f001f82b908e92ad26399","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"840a8d06f7db7e34cc16459c9695064126521df71ec4717df779b2b52296480f51b4f51633f651f68139c1ede0","nonce":"b76f001f82b908e92ad2639e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"e96e6055dd573c1ee0703c803afb955961cb895bdcb8e78f1ac8a284d9ff91038a7896cbc2c3fb6669681d1fa9","nonce":"b76f001f82b908e92ad2639f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"b57e8c161df12b10b55cb88f4a5c92ed201a82e8d2f7ce78fb4f69c95f94562f0d2c4e4385e4acf9c070b054c8","nonce":"b76f001f82b908e92ad2639c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"d99016f4c0db75a840cee150175d1f5f77fea4980fd8f53052c77a02616c071aee074b64ce37b25e89b60324b2","nonce":"b76f001f82b908e92ad2639d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"cc6e98163bf57179617b7e0b0cbfbca8c4c6a03a9bae4afb557b621f6c07412f91589c8bb229193a33adc8a381","nonce":"b76f001f82b908e92ad26392","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"d515d8b6fe2a840d89dc0c7fa27543b8477b181b48ab7e6613e0a42e46c9d02579883ea112f5a8edbb6bfff29a","nonce":"b76f001f82b908e92ad26393","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"c021a07229c1d3faee9e21d4d22d81628024d04c179e399b0ef17b3c10ae4c653612f52beff5a90cbbe064771f","nonce":"b76f001f82b908e92ad26390","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"111725f69cc2c1d639c4fa754483528bdd824b371b16fb84c99b4b0002760ecdce881baf174bc80a2fc1fee965","nonce":"b76f001f82b908e92ad26391","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"e85e00e6f8b34ad0ad21824ce1926eaa29774f28c898f6f0755797c95619a1c009ce7af8dba047788178e0a3d7","nonce":"b76f001f82b908e92ad26396","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"829f87fb6f06fbb5278eaf121e5d59124e3cbbadacf8aa63f20e51c2f883ea20f9748aa2562e60206ffaea5e44","nonce":"b76f001f82b908e92ad26397","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"d2f663fe2db6cef3b15c81aa89ba24487611e0f55a9686b310e998b0683dd330d207793f79142a656afb712655","nonce":"b76f001f82b908e92ad26394","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"1dd1e69277cfe6c0d8855433683b9274728dbaa3119da48e7e703f3b0d0d8fbb0ba80a27bde3a1dd9eaec2be2e","nonce":"b76f001f82b908e92ad26395","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"28cd2e356e3da6a1e32197bf28e512c3b2e9916e64c67b3b37b59442fea381809bd8b7dd1c940a0dd9cc2544b9","nonce":"b76f001f82b908e92ad2638a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"0c9996ea06b2e03cf05c75337c852b62125bb2ad039e9b5d414e8a9b46048a23be1c318b3855b61d1d9d0c4806","nonce":"b76f001f82b908e92ad2638b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"ada0d546f9c0f7533e4ac87b613ab93b8a0e93dbc1314f15c0b5b017cc681c7950e5d5760da22af70382be01e1","nonce":"b76f001f82b908e92ad26388","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"286418e0859d7c9c05351dea777e39dbb8f95c3a65483150ded88b58d064a4321787d0eedb54a05b77ba9bfa02","nonce":"b76f001f82b908e92ad26389","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"7a7f9d17155fc86f1768cab66c40d209e5e5012d88e855fa6a5a7d86592c06988ea2b8068c93399ac74d93ceba","nonce":"b76f001f82b908e92ad2638e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"e1f2a984ebb8ee7dac3eb2ff4930252f2432b4ae22a03cf05a3de1fb93251f270e37bc86f2212b60a474de2038","nonce":"b76f001f82b908e92ad2638f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"e0b39150ada692344af012a1d72e652d07dcb4fbc9280b4444283cadbb459ff855ba41a2eb667c27a9fb06640a","nonce":"b76f001f82b908e92ad2638c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"ed04dff4b835c1c080a3ee3e77296858cdae415e10487ceffe70bd27a98d78c12b426a957b22cb5f017df7a585","nonce":"b76f001f82b908e92ad2638d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"e6a5f7dcabfb3d5419dd61c3d3f32ea6a7b003df01a71755ff0d8c79a78bf16af84919bb0b80cb7ee08057bb84","nonce":"b76f001f82b908e92ad26382","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"6a64755d568e72e493100b32424f461f6c8a28a6601d28da0992e2397972533e7de97f0e4ef5f0bfdf5f90681b","nonce":"b76f001f82b908e92ad26383","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"7f9631951a44335e19dd3e28779fcceb04e4a4cebbca419230c5a2ff6bd2ae3d1fa278ad8d3b60ba8dbeed5014","nonce":"b76f001f82b908e92ad26380","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"17768d87b9123a1bba99abee025fc688aa0b4780244089703dc56990c9dac061c4c4fd713ad6291847b89e6c86","nonce":"b76f001f82b908e92ad26381","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"8c4a9570ad92553ec14a00ba97f4210b9c23266d091e02a91b0207206fc552490c2f57c90a42b3cbb03fbcb5ca","nonce":"b76f001f82b908e92ad26386","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"670f3b8924304222b75138eb0cf0236556c373459f3ac6bbeb6a691fa0242ef2bc8e87b48f8c096a4c2e9257e7","nonce":"b76f001f82b908e92ad26387","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"2da87aa2f4de2d5d750fae3b9cc4eefdfe7a6d1b4a2d93e98e2f9b983893a9330366b4cd943347057e774ed2fe","nonce":"b76f001f82b908e92ad26384","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"e3d3900216a8921f935bc69ae1055e4f10d6ae967f74b54a297f80e73fa0373888024b29eab7edb95f82302d26","nonce":"b76f001f82b908e92ad26385","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"3d5ef1986fbe83b592574832a89432c75e8f354f41654bed31dbffd122745aaf2d83fa22461a473813ea0b643a","nonce":"b76f001f82b908e92ad263ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"8d207966740ff492a95621b7f71522bd919eb13afd6788983744361f8b0590f28cf81d3f89f3f167d95c7968ac","nonce":"b76f001f82b908e92ad263bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"0a6e1e31102bce0fdb57765fd488ef67ab8fd6a056e492918921f686284e09adc64f7325aaaa47cc4c22c6b708","nonce":"b76f001f82b908e92ad263b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"b454fd6ac3352d8dfc09a6baf37b97ac6c1ee3ba459d082408e5373b67f455a6e9120dae71d011b9389323e287","nonce":"b76f001f82b908e92ad263b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"3445dc0a9b5a81ef51d7540b6ecfef24bd20c475a0d263755cdb6a29df10582a42a339db5317bd77882564185f","nonce":"b76f001f82b908e92ad263be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"ebda0f48927fa205015881d6f9694e9af3877b701315ba2ada3f827d054592dd780ff8fd7fa8fb805d93c270f1","nonce":"b76f001f82b908e92ad263bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"45d240b5ba5e8935f0e92bf273a6a5ef60b49d92f42e54a33d39a7b09b67ad2736dd02f14cbf9db026a7f14fc2","nonce":"b76f001f82b908e92ad263bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"150a58381612b9572a732f645addc36df5d2e37cabde2925dda4544d63955e38b9926f48a07dc41810a5002a85","nonce":"b76f001f82b908e92ad263bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"3e931669e5ca574fb93295459e3b0bfa0673f86ff6c9f4bae52d4e780b60ba976724a7c5da2d41c045d21b29f4","nonce":"b76f001f82b908e92ad263b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"87028e2d706469283bd0da532ed92ed8dacd9bbd968198c3b6f75bccc0c1c2b661a35e48090119a9a6aa40aecd","nonce":"b76f001f82b908e92ad263b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"14b87796178151f5e7e33d3fb8e56ab75f45a401c6dc6b34e3684e650ff0adc310ce6727095eab87eb836a3e67","nonce":"b76f001f82b908e92ad263b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"340b926f9941290fdb73cc4460202c5ec9d6807ab64d0c8269360a544733cf3396717edc1c18382ad2df930802","nonce":"b76f001f82b908e92ad263b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"f2c94e8fab94657d45d236cff2cf8e4c075d5b85c84d9b3d2a87a686d1c0c1f9cceeca0bb34d663d17830ef805","nonce":"b76f001f82b908e92ad263b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"546ec5cb7626a49a5f30f56018bbd3e3370f8fb0726f9fabb9bd1dd4d8d533a0d244630222aa9ded9978d4f00f","nonce":"b76f001f82b908e92ad263b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"646069e2c45f9c421ee4de71fdd3163d03fd72b6ac1788e76c9141952eb0833a33e2f3cff4bd2701a4fa825a6a","nonce":"b76f001f82b908e92ad263b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"c7d6d88eec816bed7e7db10c9f028d0d6881369e1d9ffb3aa4de407db33db704b3a1a84155a54bc493d9419f31","nonce":"b76f001f82b908e92ad263b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"75348b22f2401bb3b80974a0b88debd17a49d23027e3a81f430f9f1fdbf6a520da5b753cdaa9012e0e1a9e9d60","nonce":"b76f001f82b908e92ad263aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"29c7560b392eca97529ded15a871bc1bbf2c62553fbc8579f8c3d53e3ceedcbd1bcea220999ad9fbf88f84e03e","nonce":"b76f001f82b908e92ad263ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"7cf500ceb21864c610f6c443a45646ac8cc9abc52ae6e946872bdf51600b5da7df617b5672b6bea6c96a515039","nonce":"b76f001f82b908e92ad263a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"4755b399fe43b5a1a73826fdb0e46f12e02535543c3f7bdc1117d47062c547961ffaa9e07d2f892c3dc8aa6dc0","nonce":"b76f001f82b908e92ad263a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"d09bb69f360015d3b8414cce4381662df759f61307cbce5348ec4a9f98537bf7087ddb4131e2dc574892dcc110","nonce":"b76f001f82b908e92ad263ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"0f303be497acecaf6d6e14cd1fe5fdd1866eb47a43a147045395d7abb522be16522edef1e40de3098a56520c3a","nonce":"b76f001f82b908e92ad263af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"46a85a05fc5fddff2c6f167d8ef7a20b65f5553f939f353231a022c38e0e79e0c264a6ed2353f6d45f08b33caa","nonce":"b76f001f82b908e92ad263ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"4d438d76e4cfa99986dc50f58836fc5ea1eaf4689aaea4676ab8dc2e34059e800fc598d8480e8e55b837ab7754","nonce":"b76f001f82b908e92ad263ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"1aa79fba8005a1ab894c1bad7496e9618fc9434fa1b7238f1aac7bcfa5e8a4086feca418dde86038ae842952e6","nonce":"b76f001f82b908e92ad263a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"940d514582fc6e964af86b134f864a6c2196587b5c258559118360fbccc42dcd67709818ad145963384723b5a0","nonce":"b76f001f82b908e92ad263a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"8291b2f863599b60a238cd7f16105665d72c678bd27eb270abc6df16b107e0e32d1614810dd10ca92305faf976","nonce":"b76f001f82b908e92ad263a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"c38cd6d5696d0e54f6e99bc40a97eea0c819cf66745e443e70697d91d9d6907e47f296b980c2381a596c271ea6","nonce":"b76f001f82b908e92ad263a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"037cc039ac4b500b9a35cd8d1b22046dba392de8cc1ac9f906a3eaece13fef8753f7ff7313f47c1cac29b8193b","nonce":"b76f001f82b908e92ad263a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"d8d0ab048a08bef43292f12d50ed18ddeaaf8fe0cf0cb7c1cf3783721b5390ba866c35680b7e90688e5940c944","nonce":"b76f001f82b908e92ad263a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"797b84ef467fb73af470d1b9eed1b92267d433b5c7171d3a71ae00774cc1e7b24082c1a3806807f4e57b696f63","nonce":"b76f001f82b908e92ad263a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"328f6d06d01bd5d4c5d7ab6979bdddc27dffee7353e0624f111691007976f8c39394aa3e762adc9047f8997da1","nonce":"b76f001f82b908e92ad263a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"b5fe3446ed38fca2fb0ea2cde327106ee391a0962e80c63cef669885d698cfb758e3ca472d8781e8f33728d0ae","nonce":"b76f001f82b908e92ad263da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"953a26a0dedc9891f9ec360c412684354800edae969551ca5e746814ac70a69bfe22e4f8ba2bf136513b85a37b","nonce":"b76f001f82b908e92ad263db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"f7f5057e110fb2467b07e4c8a0ed2192a494e749cdafb05dec92c4218309b3190f12c732e46f92bbb826edd1d3","nonce":"b76f001f82b908e92ad263d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"e3395ad6e26c68a67e9c29639e8120ebc5c011aa577226640b18e4b2be0f8db429a427ed5f0ae103fe64f1a5ce","nonce":"b76f001f82b908e92ad263d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"659d389c0f1afb2b741c9a08371d3d1b174b1d2f31a6f3bfc01744760ed1d7e8068496fce54290329a16a95d2a","nonce":"b76f001f82b908e92ad263de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"bdd4399c937e2015e23cd6428a9759bbdcd24bf180f381f9ae589f8dc77dd74be20b3981f7de41b6ede48b6142","nonce":"b76f001f82b908e92ad263df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"e8853ef46934d492504f160d93ae81c69328a659b87abb049d067b54efa26b043f0805dc2575d5ab7ba2f67439","nonce":"b76f001f82b908e92ad263dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"03f7a70fef360c6d75b6aad77b9ee60827a8d55d5f287df33f7305aae89f86aac23543f4cc35ab70b8cb5fe244","nonce":"b76f001f82b908e92ad263dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"4b2c272cf9aee5614ac8b1789b0f21b2f94d61d655520d368545e03e878263649f67c5053758723ff597959865","nonce":"b76f001f82b908e92ad263d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"5e74fbb1517f8065f4c56fea2b0721169f6ab8a6c14c1cc2075bfa4033d30608bee22d18bab71556b6f154b14a","nonce":"b76f001f82b908e92ad263d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"17fad22a312736cd16cc4e1939f3c94a286f5adc11511d81dc03bd15e7f14b312a90fc6134ff6ef6c6711a7acc","nonce":"b76f001f82b908e92ad263d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"e1d0ba639fccfe3c8426b9df284b3c85b5a575062937923a189953346069bf2ef67a877c08789740ffbeacc151","nonce":"b76f001f82b908e92ad263d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"0e3f1d31a26a3ed14955209ef75100a7ecfea8f15038243afa3bc7f1d3895d389ada280f32599338553e6a4e13","nonce":"b76f001f82b908e92ad263d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"10361c807c11b4c91f7fc824259d248b7781b5f56f1fb66af99af2e62ca38492802945dafd41d77a1bb02329a6","nonce":"b76f001f82b908e92ad263d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"08e0223cc5701df328ecf30fc56ddc8021508fe73db7f35aa78520bc970aab6ec3c6974edd230642c372a67a1d","nonce":"b76f001f82b908e92ad263d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"36128521a074704c551c8c060f73b0aef705a5b0c0a284cc6b2e34b3056d754295bb4968faf9ac96b69637d6df","nonce":"b76f001f82b908e92ad263d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"0ff41b60a764e19a81bb2a16f44416a123dab0c119dd6757081ec77798a29dbc935721b3942913124ae2203440","nonce":"b76f001f82b908e92ad263ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"699c8fd13f7f857a9699fb8be985a96bb14044023dfb4cb2993028f1e62810bd63fa7129502116c3dd39ce11e7","nonce":"b76f001f82b908e92ad263cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"693dae20da4d1da39cc3e0fd876c5d3e1fa2b8b565007117c4bf7c77459f61eecb69a214dbb0e8cf6b13184cd1","nonce":"b76f001f82b908e92ad263c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"a9e788d1824f42b6a69e223ed2130907c63e4697624d99074a4ca7a599f44489e351d2d7e8d03cc39ea39efd9f","nonce":"b76f001f82b908e92ad263c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"78d860cf8faf342008e6fd2abd33b230b16e3da31269f8b396a08cfd92a6ba37a563c1468305c5febaa5544845","nonce":"b76f001f82b908e92ad263ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"f14590336b9171e4f73381fcefa5316c3da071ab724309e6f9d43f3c98b6cb95bf651e9cdfb4359314f548902b","nonce":"b76f001f82b908e92ad263cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"46ec2f0e63d20720e582c1b77054e4a1b76caf2441a131728e896fdb30d310b954e5a949908a8366321e7ce74d","nonce":"b76f001f82b908e92ad263cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"af037942ac94ac47c977f039b34dc5310ed4a3e3531e55988adfe11766accab901b822e1cdae51490938e95cbd","nonce":"b76f001f82b908e92ad263cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"31bf2437d08008dcbb75a98e97dc53588a58257005869ea921e2f816c3c4cef19836c44d4f18c25ca28f5bacd6","nonce":"b76f001f82b908e92ad263c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"77ca8e251fc53325f5a7aab1d6f830397dab4d4112aa2c0ff3d8606c93ffe059349d645c92ee1d712016d211f9","nonce":"b76f001f82b908e92ad263c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"a09496b10bc37b5b7adfe3fded29e8248a21fd5276046ec2217b3ca004bbb7ce148fe188a8d590a0e350a35616","nonce":"b76f001f82b908e92ad263c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"1eba5cb6131c0352e51c1bd0b8789c1e297f94f27dfaa4c99a2643151d764eedfb90597fba83471b1decf6f73c","nonce":"b76f001f82b908e92ad263c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"3401e1772be61d0792d491764adda403e908fbe10b383c70f054c397b3d2994ffaa9c52431a94e87240a8c8b4b","nonce":"b76f001f82b908e92ad263c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"2509e9a2bad624db3ac484f87fc008c05fb216cbaca532ff28a442372fd499afa3999bf0ed2f736039ee22bd6a","nonce":"b76f001f82b908e92ad263c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"c4ae22eca783be888f61d261339533116df588f7d5cab1321416da541fe78a8613ccc8336612633af7de27c6d2","nonce":"b76f001f82b908e92ad263c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"d2bbab412e286dedbcb2d325ccd2276c5dfbf79d157e27e033eb7c881067afcf5791ea62e7d44b00254a173d67","nonce":"b76f001f82b908e92ad263c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"1bcedb7cea83b1328a326ef36a5b90542a22aebe72b30ff8248dc0780993ea02c6e53d58a23262b3c699bfac99","nonce":"b76f001f82b908e92ad263fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"3653957c8c828c5610a31eb02f711324e03fc3f145455e56b2aaa2f2a1bf3a8af3f8103d2747c9394fecbae232","nonce":"b76f001f82b908e92ad263fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"eaa2fd22d4d7f95e8cf2c2f214a15001e89488255df3ef66e44d38bedb1b86d3a02f21e5d11a6c8485de5d4a61","nonce":"b76f001f82b908e92ad263f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"55d2468de9cfa67ef435d62565704f3d56369a77aaa787a7487f9d95c2dbd49c9cd2dfa41d0894f52ad4b733e6","nonce":"b76f001f82b908e92ad263f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"29d6b3f4707aa14945ac4c80d103b8082db4ce85ad2b853845a70714115562429f5e1177bd3191c86664c4d035","nonce":"b76f001f82b908e92ad263fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"816421d487fa0835a21646f8a230bdf783e9da7342202eb389dd936883e6122186503395141193e6ada03d0946","nonce":"b76f001f82b908e92ad263ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"46cc4aabea9b5ad05f0242fbb4aff2476ed453cb2ea2afa1196fe7b6e8c4e8d9bc26c7e13de9de3c1e52011aab","nonce":"b76f001f82b908e92ad263fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"3672e7d9a45fb9c47b759cef319c3c798f613111a66c7f3260d9364af0f144dfca5920532b4ccb74c961f5d199","nonce":"b76f001f82b908e92ad263fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"62438e8184117051c48ba0d21516084da89744eb6c39b2f2c5cb015862eb53e3df46253029e62f55db56388f41","nonce":"b76f001f82b908e92ad263f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"f79c2449d21c31aefa5fa3806e847f612a63059335fc7ed7d537b249980c865cd8c367e8020649641ff95ff03f","nonce":"b76f001f82b908e92ad263f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"cea0063f6f327259e5e26776782073862e9dce1e2a13af15b19f4a5f0742e8d5b5edb7897f0c79d0d420ee1593","nonce":"b76f001f82b908e92ad263f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"8336b222c36a433e62f6fcb144c4b01bccf300f7b3f96d7726f8c1a02e45bd2564d729a03090ae01ad0acff104","nonce":"b76f001f82b908e92ad263f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"a6df24df7ca29698717cd3e1841f675126fc76d6e0bdf8363d12da580599f195c3c2ed9158cc2ebf7e85d34254","nonce":"b76f001f82b908e92ad263f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"ad3bbcb0d894a3bba93d8af2db1c593baefe0b76db8acac3592e485fe8fcf330b2f03e3d6e4a1139ab36b2befa","nonce":"b76f001f82b908e92ad263f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"c90ddf9fa5231ed9e084d0170d6691791673380ba04fad536eeff83dce9e05ed2543e12ac25d0b807b6892b54e","nonce":"b76f001f82b908e92ad263f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"7e5f9791cb56c492839b2ae5a5fc00eb97e602bb6986fc8647e3016dad8268bb0fb9d8fad2c685003b0ff921cf","nonce":"b76f001f82b908e92ad263f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"fb7452cdfbeb382057e6fea4a3d93451c219438ee6978c1e4538e11667ab36d9c10a61d26ff8fb31ad6f22e691","nonce":"b76f001f82b908e92ad263ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"d6d3ae4428d7b263a3121ec7096a1fe0b49c508133a213cd00017c67fd37a5f5d4e53dfd85099486e0d845a848","nonce":"b76f001f82b908e92ad263eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"3c2b8c793bcf8717823c18637100eb25a6e2330fc74cb65ab79505bf5d7a045316b4f1c128e0b762bf1582a3b9","nonce":"b76f001f82b908e92ad263e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"a36c711fdd68781efd855748ee86bbe8451b2bdc3bdda9eb8b0b4349d1b6f531bbd21108d910c8384fa7ed03e7","nonce":"b76f001f82b908e92ad263e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"b9273f5d8e2aff02f5b1e6f5234739858da52f1a9f6d9e88edea96cd038fcdafce75f59361f85b651947a3316c","nonce":"b76f001f82b908e92ad263ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"1d67f96503eff4f2eac87beaac23660da316d04e69eb2649006c345a846391b6a1c6f9f632e175b873b5ab4a37","nonce":"b76f001f82b908e92ad263ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"18bb25ce0d3e312904bda5f812391d010fc2a9a7e76b0d2f4e9d6fa6a2e774bbd67605f0e78383714c50ab3cc5","nonce":"b76f001f82b908e92ad263ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"394b57aefad7c0ee413381244c2ae24b6a714f421bdccd3ab669f3e629018403d953a23a669dc09087edb37d5d","nonce":"b76f001f82b908e92ad263ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"170c77c0f5d489c783d43f4a3798c0808022f5388bb4c57650590e976c13158b811cc1f60e92a3798d89887316","nonce":"b76f001f82b908e92ad263e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"4bdffaf3eed7bc6933a086f68ee782227141403071f592aebaa5ca3a53af362bb8271fa409225771a9ed2ec585","nonce":"b76f001f82b908e92ad263e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"ec29128e69f28297f570cce3dbcdb112fa9701d11c7af86da3e2b048bc62450606000ef7db2363788e5b6d1a3b","nonce":"b76f001f82b908e92ad263e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"3d2ef2a1606fbbba0d2b1c9fdb601ad98cc44ffa92974962d2c5f2cc2b6795264a799161fdeb825ddb20fdab52","nonce":"b76f001f82b908e92ad263e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"3bd7c53b799ca13988d1b573c1a579a578871d953687ad52c38f1dc5240c1d68879bd6b7f9a72f35dcc6b351bc","nonce":"b76f001f82b908e92ad263e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"df477415ed4f54f2748716149304600c1a293d7121ac819e7d92c27ee20cbeb6de43a091669e6bcf84ce1b51ad","nonce":"b76f001f82b908e92ad263e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"5fe102a76b1ecab960c39e3e440e0354ee28a8248487d64cc6bb44752b101377951bf770559d23a55e1220c586","nonce":"b76f001f82b908e92ad263e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"e0d4ee3f8fc63b45f7ec09bf30fcd4dbbf478c85df5183d53dc48fb2ba0bef30a04771b68d3e81ff95b9714b19","nonce":"b76f001f82b908e92ad263e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"3527038134dda92138ab052d7e7b7d37cedd23e42aaf06be1e9d54d9a6ea6fdae3681437429635950c465c57cb","nonce":"b76f001f82b908e92ad2631a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"ac278acaf7d619dae015945b6e915e8235f23dcc39a6ded1d6be2b0ea9d99a6588ff3ad80d0b94e383a24d5479","nonce":"b76f001f82b908e92ad2631b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"60f6c869f453f286a468867451bf61923a52acf62f37dfcdc4f0b1c59733b447eb57262a9f1a384020e0b85d5f","nonce":"b76f001f82b908e92ad26318","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"b9ffa0a681f4af26321f442c69ac86545f1a256568d53765b852071fe56d28dfc05bed61627396f6cf478a5883","nonce":"b76f001f82b908e92ad26319","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"c563315a448ffc46841087a76f7efebfb8ac17d064f048bae758797efb2c3885be4cd93fc1bf1bd16d071e1858","nonce":"b76f001f82b908e92ad2631e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"3fb895f0a705101239d5503f578cecf3fec971304788ca5a04f78c0a035389fafe16e979a5015389fa0be9ccfe","nonce":"b76f001f82b908e92ad2631f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"1495f1247b0df7ebe3c785ba198225cc63643d64c108a8b4bf5ba0a5ea709c0ed380e3a0347bac319214dc0bdf","nonce":"b76f001f82b908e92ad2631c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"c70f5fac90701b5809f21791052583be54aad763b5476351c2ceaec6a953a8d26c5cfdbd4093e0739de88ec67e","nonce":"b76f001f82b908e92ad2631d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"8be39eb10e1752ceb1574e84e384a881a5875d4a9712f0d8904305e5dad0a5f966055f40981d4286e1d2a3465c","nonce":"b76f001f82b908e92ad26312","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"337499c9cdc2f6001f66eba3abbd55666937734b3eb8f663e264f0a7aae8075d1960fb677c10e5a546a0440b52","nonce":"b76f001f82b908e92ad26313","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"9787179a77f4b859a88c734530336b229a3848fbea9598c6d7a9cca53313c897394ad648108db3ea79ce394986","nonce":"b76f001f82b908e92ad26310","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"fd1f28d4f93cff1c37d289cca05026cadf4d1556b46cfa8f1fd1c381643da57bf3d0253858998d4d9150542df5","nonce":"b76f001f82b908e92ad26311","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"26bcc163a7f16512f6147041b4bb0ea7afd950da9ce09a3232fbef413aee7c982469b6f14fbd835a65b2f1e1ec","nonce":"b76f001f82b908e92ad26316","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"3c60b4f631c6dbb8da167f22ddd0bae3b673633c36ceb65a226802c092a1edc8b6d240081756d31c2a7cfe9a5d","nonce":"b76f001f82b908e92ad26317","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"f377c7f386906ca890893e6607132bbbd6f0a231f962668f34db4788966852752fc8549c2e811db6b30b061778","nonce":"b76f001f82b908e92ad26314","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"6b5f9a1242125990900a30dff81c00b3c7ff0bab90a63542ef75a5e2c25a8c0c88fb0fb19a46ccdf67e9626aaf","nonce":"b76f001f82b908e92ad26315","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"043df297c65442dfdeca9f0c41657dc4cdc8cffe728bfbcd12fc0d93b790eb9d1cf3160fd2503fca41803c8877","nonce":"b76f001f82b908e92ad2630a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"c73a7f29039a17879dfb3efa066bd14c2e781f70f61987315731ece580240021d2e7499fc794441a3d4477733f","nonce":"b76f001f82b908e92ad2630b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"dfa271dfc0258e1162562e1be03e944807d547d49a5c7a957bb46fe58caeac2a43eecc9ebdd85ad849bdcdb40a","nonce":"b76f001f82b908e92ad26308","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"1e23dfc16f33d6d2b079f6478300d40386c6916f12ac92ee44697fa05b06450fcff674051ecfe3a15599e84844","nonce":"b76f001f82b908e92ad26309","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"adb23608a55425ed47dbebacc275bf6cd7a0327ab521df8bee1abf4df585b4b08aa891a99b9249ee231d588f1e","nonce":"b76f001f82b908e92ad2630e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"ad7b9a5cdca485eedde3f0cfa389d8cb06c0f99c258eec3240a838d338f563ed1f18588b40c9f8fee9bbf2abb7","nonce":"b76f001f82b908e92ad2630f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"1dced6df76c5f9fde388502dcc581fc9c2945b5bf6cb89c5ea51735c535e493d43eb1af220a7d5b22088e86f06","nonce":"b76f001f82b908e92ad2630c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"bc996be1dfa62f7f86200d785a9d4f346ca3ccf2b64527331a189f4b260bd55aa412f504d82978d69af2f74a3b","nonce":"b76f001f82b908e92ad2630d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"714e9d847526e01211be21e14d478ed53010054bfbcfafabe12014ee4628ccf255ab49a9f6a2fa9bbd9d16e442","nonce":"b76f001f82b908e92ad26302","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"67605e054f91a4e4ed87ca48736e943f81a7ca50aec5362c41da734c057c2e564f907644027ede0f0a4236034c","nonce":"b76f001f82b908e92ad26303","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"7c7848b845e56b92ad93cf59230e806e3445f4b75fc7b39ca558f9c0156517f1988a34cbeb7b4a0edf5897d2fd","nonce":"b76f001f82b908e92ad26300","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"a643feff8d21de26390186895a4f9069d7b78257fb14369ee8f25452ec707de51568caf651dd70760fc7cc07ea","nonce":"b76f001f82b908e92ad26301","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"50ce0e792db95b46f6058292e9156d951b4428bfeba6ebed242a4ac8feef99f749f5440b2d5e55ab66480e6b56","nonce":"b76f001f82b908e92ad26306","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"a729029d83efe06e0f372c0051d47432dd153d81470660ccee9d2406fec5be71dca1b984aef7f1fb131ca8e607","nonce":"b76f001f82b908e92ad26307","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"91e94a2f38249822405de36de9ec4f28db05cce19b7d69cb7155c3da37970c485dabd85544b352b2e6303f4c7c","nonce":"b76f001f82b908e92ad26304","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"7d03c496ee6844b1d9dadfded143a9e623de13ea98b2dbd8f449c01de9262a84bd55fc832f3102d3dc922d1fb0","nonce":"b76f001f82b908e92ad26305","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"d31b3c2cd35a15ce671a884a95775266d2620188b2b34a1d8c679c5827bbaf664a350deae9f4d764120f1072ba","nonce":"b76f001f82b908e92ad2633a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"b9d42bbdc90dffdce6d39378ac0c5fb44567d16415ee6d214fe38799431ede4a9f164d08dfa75c241f12ec5834","nonce":"b76f001f82b908e92ad2633b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"82c7c611fe04be29d14b195dbe9b54ec084efe75c4035f04c9057ed8c9701602b86cbf90fd081a81382d0c6ee2","nonce":"b76f001f82b908e92ad26338","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"25b9a68a911c6d0e1ad0332ceab889be36f8838fd00713271aabfeab39533603c1962fca1bbe838bfef20e159d","nonce":"b76f001f82b908e92ad26339","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"4eba695a1ac26b1bff7556a4cfc4247f40a8238c04b5478ac5c966660510cc6bfc89b23cf70fa9a02764f90d92","nonce":"b76f001f82b908e92ad2633e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"231adbaf1737b5b13146778280856df6f16c06bd034f1132dd161cae86c2bb97eca44b0d466eb33f47d517f17f","nonce":"b76f001f82b908e92ad2633f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"47f06948b4d46216e0645cd0531ff01c39caace9312584acc236a7a388e51e3b8aaeca830d736caf572cc37079","nonce":"b76f001f82b908e92ad2633c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"34ced595c5fbf56e1c52a5d68d0e4a1909ce9d443fbc9c2fed2489a33887d7139935b591ac70fc0a93ea0ffa6b","nonce":"b76f001f82b908e92ad2633d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"1d4c0870266785f2ef30911be507f17379cdfbc78663e9eb1697b06848c28e3f0ec47b6e6ac3c782cf6dd2691a","nonce":"b76f001f82b908e92ad26332","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"05ff40600bb1804cec33187af757d51d55b888d2ff366cb4298a3d1842c4236014a9ed300d92778eb262d23a57","nonce":"b76f001f82b908e92ad26333","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"1c4f5df31945aa396c1ca7bcff7d658639e04fdbcea32ba7a285032db184748fe6cb1e4d1f224a0924a351b6e0","nonce":"b76f001f82b908e92ad26330","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"a95372929e4b1543c68a87c95e4118236474cc2b8aeae1c8039823dd70130c208474cb324d71d97cddfaa1a768","nonce":"b76f001f82b908e92ad26331","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"30d0cf5a2e901a0d981f38ca8928e0fffdc7103e3c1e84a537046d108a02c0c77e3ec28d9323c4152ea1ef1353","nonce":"b76f001f82b908e92ad26336","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"271080c628da678a8e070853edf01000b5d0a2123773c54799c8e35a1372e174e20a2f2d948b7ffc8cdd9e8d27","nonce":"b76f001f82b908e92ad26337","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"d4b99e369f0e7c0663960fd4b5da6c3553b65278b8dbff5bbde7f2a8cc2dedba7603ac26ea2584086dd7226787","nonce":"b76f001f82b908e92ad26334","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"018734fca5e53a23aa61c54a7d0b997bf1d50db52d9e69c9633f77b8334c67154a8f244c2933669a776c3d23dd","nonce":"b76f001f82b908e92ad26335","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"58d62d21a8737e30167b404e0a176484cf1d8b1e2513667a89d4d703291ca9e9f4a1d2ae144099065177610d7d","nonce":"b76f001f82b908e92ad2632a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"a2555c2f29b5e79880a367a302bcbc221e19173303fadcf409cfc63a8336d5ba056af35e495a898d7a74dc89a6","nonce":"b76f001f82b908e92ad2632b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"befc8039d3055b562bea95881bb4b7a58b70dec49d9175cc3efaa004ff5c573e13afe29885a6974f6c057929f3","nonce":"b76f001f82b908e92ad26328","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"587141d7fa2d9d75785fcfcc83f0e4022d6fa3360f7b1af2abdfa69c9ee1a3d5bec5102406252315f1407a3e9e","nonce":"b76f001f82b908e92ad26329","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"791c81fa8fadd6dcdea750f11503f3e34836c57124334fd2e81a2c3a237750ebcc957fb33000a8528d76601016","nonce":"b76f001f82b908e92ad2632e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"41374e6df3b8a2593c4288d075e8cbeb4502f779783422ef4d6efadceebc362f77902b7cb191ff29f5785f97e6","nonce":"b76f001f82b908e92ad2632f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"8575d77ea49d6e410e9b43444d2e05589a8dc2ed389999428b9f138ccf8b5a9c55cac4b5d417a3387e7e626b86","nonce":"b76f001f82b908e92ad2632c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"09cf7ad51e7ba44b47733ebc9239463a11eb63b487ff027f563ff320f0da665395117f07b648fb36f533ed921c","nonce":"b76f001f82b908e92ad2632d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"d60339cddb00925eb3a70103ab3f389edbeccb20e81c9c47a386e2bd7183d1b74ed64870a74ee20edcee2b7f5d","nonce":"b76f001f82b908e92ad26322","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"cdf3dbf16fb017fe90559e43d53dd14b873b289869d5bf790b8b44b5834ca3e612c3954efca842107bca17e83c","nonce":"b76f001f82b908e92ad26323","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"1794421787dec0b478528d0b64236b31049a183b3ce6387971ddfe087ba662241cc0ff489513b65e88f4ebb612","nonce":"b76f001f82b908e92ad26320","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"5b2465f5acfb6e758063d52cce07abb2ea32ff39e8f0fb27ee88b7da6b8286ff6042583262dc477500dfcb01a6","nonce":"b76f001f82b908e92ad26321","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"e430110a105adcb1e73e45a623809a46127d8c6e6997e33c4b0da125a5eeeca13eb01521f81796f59bc1b27188","nonce":"b76f001f82b908e92ad26326","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"13cd7490a68f12d07c900a2a9245efe4c4c9cca4ac6ebded29d92d3e0ce2c38aa2c3675c366be16fdd40d8a3e3","nonce":"b76f001f82b908e92ad26327","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"9f5978f0308d94a29869046ca18869bf8132de3065d64bd83c6bef05362cc86d4cb464d98f9bd00ec0f1083bd7","nonce":"b76f001f82b908e92ad26324","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"84f9cd3539f5890f6338fc4bfc3356d6232ec82d7bc6a55026bf5dd51de52af63adb5c0e6b65ff1934e979c4a9","nonce":"b76f001f82b908e92ad26325","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"929a8340b50e2ba3bc6ab4be7f7089b72e1b073586044ec8c0dc48573040f1b5a0fa549cdd7b2d0830bfb3e75b","nonce":"b76f001f82b908e92ad2635a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"ed74b41c30a40fd89465eecf6b8ba6af1835f0d1136bf87b938390f5ea8cb0ccf477b953d429a01f8315d8f2c6","nonce":"b76f001f82b908e92ad2635b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"9dec4612b1019ed1dad78d680a9ec2a8e00fb7ec719cefce73204c6f5d8bae47c5287c483b452c7e342b200d6f","nonce":"b76f001f82b908e92ad26358","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"24bc65a4ef9729d89b68089c881d3861fc0743ac2daad9b27e041199cacbc677663f39a47db8430d0c1912eeb7","nonce":"b76f001f82b908e92ad26359","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"c016dc6fb4946d3455bd2b5841a190bc3490de616cc4a7ada0989e62e8bebfd634b1489f83ab47493f0fac95a5","nonce":"b76f001f82b908e92ad2635e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"6f1de3ba80788861bd6fa3c1859187b87cf2512e7a3d6e1506fe8a936afdc9c15036034683714384528089337c","nonce":"b76f001f82b908e92ad2635f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"5915cb9e9e426035dc39cd5662c08d918a2fcb2ed355582d7882f03d1b2a60da86544da92e12b37108d8c27cdf","nonce":"b76f001f82b908e92ad2635c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"700f11b109f3907696d05b0e59d43c81f231b54f4ffcc6d6a68eee83d94503f5a85577623afe2d6199ad2cc071","nonce":"b76f001f82b908e92ad2635d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"4182fdc043c507ec67a20ea41563487ee44b28ca07286eb9ca8848e2094425ea5ed88f2a6d3b1dcbc0c251d5a0","nonce":"b76f001f82b908e92ad26352","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"ba255578154cf28ab5af35ea7bf46d26d527baa54aed6904089fc5fcb383948a4431c65cb8b58235f51c35fb8a","nonce":"b76f001f82b908e92ad26353","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"afcdb3f8eb7ed442243d7e513821f9f98d6f0d4211606184f0457cf789bfdc9285235caddec5e03b0b3155f75d","nonce":"b76f001f82b908e92ad26350","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"680e2a385b9cec9ae3374bbc9b2e377b829e396ae9d55e2da47c91c033b34f27578f809a2832b91720e519e20a","nonce":"b76f001f82b908e92ad26351","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"28b284ef5fd8b103cc14a1e4084e02994e7b0f9381e40f39df4e3f399d6bd832b3c050a40fad07c8561d3a22c1","nonce":"b76f001f82b908e92ad26356","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"ddeaa72c401d8931b129b81c4aad6e980e9a3f3924083cf20a69651959f8bd4764a127e3ff6517231f33e25964","nonce":"b76f001f82b908e92ad26357","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"d2ca8bb3f1701eba06ad533e449b199ede254887992da060052bbdc579726e7bfd3bb36ff8262bb4594d50e96f","nonce":"b76f001f82b908e92ad26354","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"7cd619f9613e1b6601af801c1b29e9ee1a5d5eba9c6a8e808a65852e85a838c95c5f947645034fb1ed760aa289","nonce":"b76f001f82b908e92ad26355","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"9d857da6a921d6b7a374a8ae067f4e793b06a88f122af5d67081f0ca9e68dfaee200a0c6f128ad0e7c95d05476","nonce":"b76f001f82b908e92ad2634a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"baa60bbe36f2ed1a7810d5bf495a1bb9d0e01b744b977c3ffbd230659911f2f227dd5161e5cc33c1990cc392a7","nonce":"b76f001f82b908e92ad2634b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"c55d5eea07cc269237167ccd627d5e4b14967a8fea4d08801678a9d267a72971b076d408d745f37c8baaba7150","nonce":"b76f001f82b908e92ad26348","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"49fb0721dac1d3217cb046ff60cf89da4cf3cda89ca6b405a8a4294bfae3f9c2e7ad2a592e18978e7d076421e3","nonce":"b76f001f82b908e92ad26349","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"52e4489a2c3cbd1707c574c351fbeb19345ac9fd8fe2522f1df51540249a73fcb1f417ace8bacff83c2a009240","nonce":"b76f001f82b908e92ad2634e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"27f32363afd5fd3f9a7085b16e3b499b19ba0b9c4a7683685bdedc0162a935da67d6e5efb88b53899e4a1dbfea","nonce":"b76f001f82b908e92ad2634f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"58d568b73ce722bdfd1aa847b93d49a7df9766a431e4f472290cbe092dfc90d5216c5a531c3542445703a47604","nonce":"b76f001f82b908e92ad2634c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"ac96605e8857db841c43d69e76fe5985052e57f5235047fd239fca72a88e5e14509abf60eda52c112c4d2eca8e","nonce":"b76f001f82b908e92ad2634d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"be4722993e8dc003d379c1cb4b5cb54f1b9d3ae01f0fbd28d00c4f03966bde368d8c436917c381576c05566d80","nonce":"b76f001f82b908e92ad26342","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"dd09e39459b4f8d44f1c5d97f47cf74d40a06fc3d4414671f1633848a35d29a7a331cdf3dd93759db7dbe9c4ed","nonce":"b76f001f82b908e92ad26343","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"1760e169b8c7653a9edd7fad1ca32c07abd086ab06e88b4ef562d7fed62f235a50f0c707b01d90808a80fa941c","nonce":"b76f001f82b908e92ad26340","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"6ca3fe739eafd5ac9ff7fad4ca687113d81c303dbd7038de46df4f2a5f9661ca566cc06500aac791f33994a079","nonce":"b76f001f82b908e92ad26341","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"e095d733c5a93113505746a15084eb14f2c40fe93416bedd8a1af14eb7d8ff62d63f10928afd688b5636a945b7","nonce":"b76f001f82b908e92ad26346","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"135aa07d091a646dbb0f5d06dfbd38041f238c33da2dcb8fb747a8007d30643344f7f024ab1c477bbed1fb6e2f","nonce":"b76f001f82b908e92ad26347","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"bdd9a57156ba58ccaf7c078523939837e504450af3d88e3442d27e6dcef10fe42e48d5e9bcbf7250abcf439ac8","nonce":"b76f001f82b908e92ad26344","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"ae20faff7569891ed2b36ff41bda34fbf1313e268da06b2c9dca83976d198f0aa45a0a85b60b97c2f3a194fb0f","nonce":"b76f001f82b908e92ad26345","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"4a464db0a22c598787ad87e525e7c12b14ab920bb9fed98314c93344cf3a51ad511d2fb14ec5d3df630351ef69","nonce":"b76f001f82b908e92ad2637a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"aeff14ce7262803bdcfa8b247c744d48021994366f6420f31578d11a8c996c82348d2bd161d3a17f0d4ba1bc0a","nonce":"b76f001f82b908e92ad2637b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"8abade4074b0adcb15748fb20c8d762c380de5b07adfb0cc156c78eefbe50bb6444bef531fd6007fde489d5ac3","nonce":"b76f001f82b908e92ad26378","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"09b70ec3ae34e984c08016a56e1065bfc86e5f9a3056b810226e3bf60d25f537d503ed35ac140797a9f5c23ad2","nonce":"b76f001f82b908e92ad26379","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"c8344f9d955c547d6cecb27e66bf369c96889c0d10e02ccb387a4e359305fd2057c7e353684d422780328286f1","nonce":"b76f001f82b908e92ad2637e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"ed797f0b02b14d67f6b3e084f439b165979f50615e913c97f27f00ec58921629d3bfbac9bc33456fbd0d49cefa","nonce":"b76f001f82b908e92ad2637f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"55dea52bd209aca15155a0f0aa6789cbde5dbbba3a76cff33dc673e2004008821ac5dd2d83eb03b81c69613e29","nonce":"b76f001f82b908e92ad2637c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"0996ce162f4eb5c911df09712a7da52294d08d6d5e00b75ad3accba8f23f2b43c24d4e0f4107e1017197c9ef0c","nonce":"b76f001f82b908e92ad2637d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"1a91da306ab8716062f9334be83cb6dcb2578497057a6dd5ebb01f31d25a186f4bfa2c0815b5695c95020e9749","nonce":"b76f001f82b908e92ad26372","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"ad102201c5e2a5ecb342dfc8dca74c95fb04eb4a01eab16813483e2a546dedbee8f5e40a3a43ccd4b397ed8496","nonce":"b76f001f82b908e92ad26373","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"e6885c99f5bf3915b2e2fd452886625e0064d459ba1abc01407942759c31fc5e51932282f5fe29712656fc9268","nonce":"b76f001f82b908e92ad26370","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"a3c65ba993336b8c2762f5d07ed6b4220171e50f0d36778c325021aeee830cbca66796a9bd22bc75baad6e5380","nonce":"b76f001f82b908e92ad26371","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"3285b5f3899c50e56116c57571e606862deda4f74f578423abd202e2cb9cbf55e7167d46792375aa4ceb620b07","nonce":"b76f001f82b908e92ad26376","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"784594fbc9257fa08ec44ca9d5e98421e42fa5b10bd3d1f3c349acd94fa6477ad40181a322f9bae794893d1045","nonce":"b76f001f82b908e92ad26377","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"91006b59f702f9888d79cfb04a66523272d4f9f6786b2dd2c303f470afd329c4704a3702da0d77c5b2fea4ceb6","nonce":"b76f001f82b908e92ad26374","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"1436f90da0e4ccf0a95fc60fe83a29aca60f6b2319e72725bc0a8788430cddda8493d25d63a5f43c8c4868017c","nonce":"b76f001f82b908e92ad26375","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"b13bc61745d70df2a8024be6b7edc27b510a4b2fe0a39491325060f19a76946cea4912dde7bf9ab0b07087930b","nonce":"b76f001f82b908e92ad2636a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"342cbd295f581b519953a76663a679729ea30336283b775fce00f5e934a36c2a17c7e6293a00cebfa741d6deb2","nonce":"b76f001f82b908e92ad2636b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"d948c1d04bae69eb0a4c3ead3d50e0d73eeae0d4d96ca41e6ccd8327f77fbe54c9065bd89c6383178b41b0b6c7","nonce":"b76f001f82b908e92ad26368","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"abc2f7a3680a6e65f4dfc777a49eb2e20acbdf3a4c3a963da10b823920ef364e2d0b5dd49b7070c8d1647ca910","nonce":"b76f001f82b908e92ad26369","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"dfdb7ced1a3ff4228db510d93c4370487207e3eb1ae218253673edcbecb40bceabaec29ae13164037624214353","nonce":"b76f001f82b908e92ad2636e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"7c4b3eb33e204fd9488ca30c3131c0ab53f0a3e31ebf3fd869ba50092f5eafc7eb3b5af8734d97a1b4183d920a","nonce":"b76f001f82b908e92ad2636f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"271f6b32e5c235e5a92f03cd1744c1b89a7c77c6a70c6895f07cd1289e653981fbb4f9c8863e70b8ef8ea94f7d","nonce":"b76f001f82b908e92ad2636c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"fbf76920bf2e243d0b33aef7981f43b7c945b714471290b9d03dd3b9fa3a9fd2bc30e1893cbc9825ace90da936","nonce":"b76f001f82b908e92ad2636d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"d57b5b0e66fd6deca0185861b2f15598f10e7fbc806623520aa0c845fdd832bd3da6e8b7c74b777415156fb682","nonce":"b76f001f82b908e92ad26362","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"996f75db3221e3c726b6af7faccaf4fba5bb3bfa38c914987a95fe3c507a828b2b04c5768f0bb2e09db2c2a0f7","nonce":"b76f001f82b908e92ad26363","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"45656f2969bc528c747392a710fac9676cdb8253017d02bae726f84acfb8b43ea001f0ff29c89dca2b3acacaba","nonce":"b76f001f82b908e92ad26360","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"472c4634c7e1ea67833c5c1dfbd18894f3494e1aa2c47318994ea57edf60986d60cb721c544957d37d46724175","nonce":"b76f001f82b908e92ad26361","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"43becb4463f96855480fb29a34faf910b7f491d2566d2607ec938b59a8ea1e69ebe6efdcbeb6dc532a4e917a42","nonce":"b76f001f82b908e92ad26366","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"fecf80420d43d76217b1d717b3053bdec97bdc56a72e92e764bf99e5c83bd9e20e1ce4b1a95a3c0119b728404d","nonce":"b76f001f82b908e92ad26367","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"9a0642edf372b6b1675010d4772441337dcf97af2b88c90e9c17815ab93c049d764b7c7278eaff11b6cf6454a6","nonce":"b76f001f82b908e92ad26364","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"a885da1b85ed86ad90efa627c9f891ba12825beff2c4aa41518421208102701297d4a691bccc3dcc525e6f5b1f","nonce":"b76f001f82b908e92ad26365","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"5fb4eb4203afa6d24d86577d09062dd989cdfac0ec2b979bade53cad9fd9972a2426d58337bbe4d862f12285c9","nonce":"b76f001f82b908e92ad2629a","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"d13d9f30a9de3369f25b8de6a733d9c5b68a79b148a662a44cb84e9296419ed6"},{"exporter_context":"00","L":32,"exported_value":"e584af331daaab516a39e2ba8a3421e428918e108c88dda9e921fc6ecb86fd5f"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"f4b7df9f1f608657f97084d9847cab976e88083fd2d35f3636dcaa9a14ce62e5"}]},{"mode":1,"kem_id":33,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"4640f81db9dd5ee1d80263c4a72728025fff429abe005d6baafc9d02e9ef5aa46ff85cec12ab80942517034ae6a0db6e0b770121801fd7fb","ikmE":"b7ca83ba7dc1b760f4cc288d3fb7a0a0fd8ff1488a161e69254dfef16e2f062c9206feb81b842c622d94a8c4520cef0f2b876ca5732bc3dc","skRm":"9e01ad4b9f9a1170dbfac72f439bd97e3f01a930fc7daa1535e0e8eeb66ef654816ac5dc219b35c1a6eb6bdae0d69e63750f717480e69ecb","skEm":"0fe661eaec30be6399ebb6eab01bdda3b17b1d4d96eb937f8838671b07040416df38dbdc2eed33bcd4be66e58eb30f36bd14f9dbffaf5e57","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"41033113ea776a299d8eaf4354dd5477818c8f14265f73d191e3252568f388d1b989e716008404cefa00745771311531d0499f6481ff6f42","pkEm":"75741f5d9ecd9ab8b3d15666b5856d4243bcaabf27fc588f5bd468a753af612d306c0492436b8f26291e907d832c9ff40504c40bbd90398b","enc":"75741f5d9ecd9ab8b3d15666b5856d4243bcaabf27fc588f5bd468a753af612d306c0492436b8f26291e907d832c9ff40504c40bbd90398b","shared_secret":"b4155c5a688af2d5e64f314a289ed6280c505865349e2701ff9bf17de3cb306f5f3646e6d32f3465d4c08ae41999f9345313b665fff90e68273742439e17eca8","key_schedule_context":"0125a22652318d3203b17a5dfe9a97fe6ca95fbe1bc17e0b9e19de28ab3294f256dc1c176ee71c44073a5dc3a585f607e7b1950e6924d36128e509650a0bb8ceb2817d22761b0e30bbcdab3759c3f6eb30117e5901b4813c6a7f4a98cd855f07b790aea87cfe90b91c465c22904d4128111352d6be737eaa757a0e2a1834173707","secret":"05d90580bb754c3026e1beaa7995066ca924b0f34a7cdea3014df9d045f3bdda47877388db08e47f4284217af61ee67e5d429190be243e88ad8704bcf5da0f64","key":"dbb43009e430acca43e9f35b103e01557d21b8a67dd0cbc8f4a0a5a37bcb1337","base_nonce":"b3149427bbc69e27327f383c","exporter_secret":"a36aa73981119571d244a76f0b89a404a40be82221f8c7fbfe644b3406e1b37cbcf175b7a65a1e3a3cac164302c0239e8f9c24f7206e8c2528f22f4b2fc2fe64","encryptions":[{"aad":"436f756e742d30","ct":"17e4a47f4cdb783c5fbdde94e53faf106e320518c82205af8786e2f3e0a4ad8d5079e411239cba9ff9bc1ec5de","nonce":"b3149427bbc69e27327f383c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"a4636576fcbba607d5852e81b7b9ad46215d3fab8dd61d3005a9a4c023cd0e4ac2f2caa6de485ab80426d4174a","nonce":"b3149427bbc69e27327f383d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"ab43bd0a0236cc031859cd6a252265cfb0317de1d6a0608cd6ad39681337bd3912707aee98121d59f6a4de2c76","nonce":"b3149427bbc69e27327f383e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"e2210d7b22735402222377db446451aba00553dc8472366369742b06cfe7cdf29ccdf05c63d4788d0f21b3742d","nonce":"b3149427bbc69e27327f383f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"11238dee99b3c41b4d08b373db6b0dcc4a4d692c1bc784033472902136cd9e088614ec2ad9efe5918fd5313e42","nonce":"b3149427bbc69e27327f3838","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"3e02ea92f2a6bdb55784115003db495471052bc5e92df41acb6c6b44d3a4bd1c9b080e2f4b55d010f53508467b","nonce":"b3149427bbc69e27327f3839","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"09aac06d2a77e1187d1ea2e25fd5d9270d4a84a85e6b793eceae90c107f3b2cbfeae136967b9635df192c6ad29","nonce":"b3149427bbc69e27327f383a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"c5931abae82e26c9bfd523df175c5134b94cd553c4914fc3c69aaa74491d4282aac97320a2e699c1f29db625aa","nonce":"b3149427bbc69e27327f383b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"60ef60810097dedbe6bf223f1ee96adda4b7bcd379e8da974c300562a00899ddf0a6b27bf9eafd608247eee79b","nonce":"b3149427bbc69e27327f3834","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"399231b49266a5cae5dd3e798386504ed18187af25cf12421293c244769f5f1a068ca7ef1a09785ea108b1f2de","nonce":"b3149427bbc69e27327f3835","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"a31001a10e4217d8fd6f4ed0d77ddcd5643a13bac53fdeee2d85e549aee577622a11e082e8bf5e0b3b2a43d14a","nonce":"b3149427bbc69e27327f3836","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"427f55cab13c38c649ae66db4b8c131dff1900c372fc2b5a821d00463331594be49c7dfefc72e581535987fda4","nonce":"b3149427bbc69e27327f3837","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"f73300adc69cd433c8203e24ec712496a2d19fe2cee19f8d3f6cedc1835e1d2b7067a7d9e4d0287e5789b3f2d2","nonce":"b3149427bbc69e27327f3830","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"7f4a0cfb2a588aa3bd48e2cfc78c328af0691d6edb2fe25c87db7faa5fa962cad429f9ae65d5d8cf16d4598fba","nonce":"b3149427bbc69e27327f3831","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"4810fb83b31ff8454d7caa00693c6ff31ef03973949f22bb4383bd77552a57858e29b7bbcc3ee9c90e5ef0ccc5","nonce":"b3149427bbc69e27327f3832","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"79e19e2fed28e1eabe67dbf22da94fb6e8f446979d0ef4fec1b5eec8eeec2dbb9e97ff60194bf47122fbd727d6","nonce":"b3149427bbc69e27327f3833","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"c85c552de19247b3fe14adce6b85c91cdd0aee56c5c5dc191ccb08337cfc7542654c90986c9cfe038145480cb1","nonce":"b3149427bbc69e27327f382c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"7f6e8f9d73d7d9d5123576122f7d50a00821512c72fbba82c64382d7875a92a3c5779b29bbb07c53ec971dd8fe","nonce":"b3149427bbc69e27327f382d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"61964a1bfd624b74829ddf6df5257c824789f022886dce0bd3393776bd18dfcbdc61c981a3f21db223c2615420","nonce":"b3149427bbc69e27327f382e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"1e5d7557bb6bc7117ae3b7270d88b3e01a370c1842dc27a53639cf44dd55d928969124fab664e7ee988fcbcfc6","nonce":"b3149427bbc69e27327f382f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"bae06002130dc18bebe4f56be01b850f83c50b168d2093bef992753a6a81b61b82f90a1dc106f449d2991b97df","nonce":"b3149427bbc69e27327f3828","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"59fd88b5d9b36df85dd58a8c92f3fc78de2afe2bb01c93481fba4723a2ae03e2c7b37742142fd1fc87ca525940","nonce":"b3149427bbc69e27327f3829","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"009af59ef8208645ecd7cfd539d3f9e9b2c2b9f8fb84577950be6ad71baebc4e7bd109c9c8ef75ae7340f10f59","nonce":"b3149427bbc69e27327f382a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"a831c1a37cb451b5021df2717e13ab60f2c7aa93817148ecc5b1b7ddcb9d982d186ce47e7a652799da7f0ade54","nonce":"b3149427bbc69e27327f382b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"120254d90af9b11cf3a0c5c63a34f57c9233b91b0e301132e35f123d1a5ee4ce51e8301533cc48a368f75fd881","nonce":"b3149427bbc69e27327f3824","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"701777bf0bb75cd8b91975fa748321f5245f1488685979fb91ab377656acc7c87a8c462a7385bbc20b21c03abf","nonce":"b3149427bbc69e27327f3825","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"54a8b1258a6601c96fd7102788e2cfac125e604fda9f45f82b25d6010f9ae7dfa78a6e476f4220f6bc1041f03f","nonce":"b3149427bbc69e27327f3826","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"a3a1d04a016f4b6aadc92b0b2ff0ae551f6ceddbd02775cc5a60cd30ea687eb610694ab0f60c838ba149d46f8a","nonce":"b3149427bbc69e27327f3827","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"fcfe1680190cf435830104bfb7efff22696e7ace00165d3e52cf66a7ac586a94791c8118470daef89da7c6760b","nonce":"b3149427bbc69e27327f3820","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"9300ed637acec6823cb3808eb13b175205db4bbd89957e365d0434892299392447c9f0727f37d51749f208d447","nonce":"b3149427bbc69e27327f3821","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"55ade696e09ec4287177cc84b30a56d522bd28bbf257df3158675018983bd10db71f6926678b09aa36928729a7","nonce":"b3149427bbc69e27327f3822","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"3f530ea2c1c57625d73218f47ace618585e2ee2fe72a3a045dc4fc100c7d0c3cb2758daef4fe5263d61a1bf6ae","nonce":"b3149427bbc69e27327f3823","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"5519bd94cf0c79c003753e2631fefd09affc3e224d8641fe7248f25e7b125fac04e3b8307ed739c575a9db547a","nonce":"b3149427bbc69e27327f381c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"9260a672299e4ec11896a69f6240ad08a852a4618dfd9e3119b8bd99adb035f62440a8e44455bf6b58138c9329","nonce":"b3149427bbc69e27327f381d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"1d65a46f614ec87ba65e9ac3c69f218ee743931b3df99b2cd949d52dec249b1d7fc9e0ac4ea7c62b7d0e5b44e6","nonce":"b3149427bbc69e27327f381e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"34b59529aab6d9eecf8bc4991e13ebc5a700bfe9a05bf092408c4cd22927297eb718a6f511ab402c7fe7e8b833","nonce":"b3149427bbc69e27327f381f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"977fe522bfd8ab8faee57990cb23cbea88c4c037749a17c783d82b2cadbd37dfa28d146e535ae13d8c5920a319","nonce":"b3149427bbc69e27327f3818","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"e1d03b97e1df4bf45069227f16a73c82feeefbb78f4a25326ceebb6886abb63f7d8ff798b7b6fdf687fc0035ef","nonce":"b3149427bbc69e27327f3819","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"062b2613c1a6093bc5bf4c6eb89d5fea605160d487bc06cde05bf4461d19ce4381bfab754d83f2f29f1d8ed41a","nonce":"b3149427bbc69e27327f381a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"21a8fccc9f3e727efe395f5a19c3e977147bfcf0f79826867ed77d6f979b427ab612fb7321e89e2501b5d01a49","nonce":"b3149427bbc69e27327f381b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"c5817592e1aa4434ff48aba516b03c27a9a5f37050e8d7b32ee60e17a9eca562e797191a1578ba4cf8f32b9ee3","nonce":"b3149427bbc69e27327f3814","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"c1b19a54bc32f785dd5c0a84a673308c75350a88a4c7893d344686c9657a1650dff8631966e31c2e9ef5174fd2","nonce":"b3149427bbc69e27327f3815","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"528d9f5198222a292df33c85c613d63c0aee94ae58e0eee035ea38f415f8dbb19cfb3be84d57086970b6a27ea2","nonce":"b3149427bbc69e27327f3816","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"e2ef1c8a8725563525042e78f08cff5c577c8d45d951cc3f5d0f49469a791c7456880575c144874cfc6ee5256a","nonce":"b3149427bbc69e27327f3817","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"77fda887c64d33337cca87099ac53e572fc344ac88f07175703303a1a781932220cd34dd069214155ede6c0d68","nonce":"b3149427bbc69e27327f3810","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"485c0b95212e82b5e75b8038678237c7f593c713298a72d6423e1dd9f05ec5f80d026d4bfe88e4070b5d098bb0","nonce":"b3149427bbc69e27327f3811","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"f0b0aebac9e7b8822456be91a7860c9a7d3bc96c97a359c2e2c290ec80702926799e5cefc9b13165e42c900c43","nonce":"b3149427bbc69e27327f3812","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"77cbbf75fb1a37226e711ee1b6146566a6138a6dd0eb85c51924a113969d7548056208d9bd0ba6f3e72694d36f","nonce":"b3149427bbc69e27327f3813","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"a6129799e64244d28d7821624a0f516c89562569b2d9293b5b06ff4a07ada20cba3668a8ee6c81dbd3cedf4513","nonce":"b3149427bbc69e27327f380c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"447791da160da297e75da98e221386f9c07eb0cfcd2abbd7185bdda467ae0038ca52b36b4d294441fd8e6517a2","nonce":"b3149427bbc69e27327f380d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"a3984ae591cc2a7d430a4cc7a3c7eb9eb06f266514ed8fa02fcad64d232839c4b4e32d53b3148c3875a867fd16","nonce":"b3149427bbc69e27327f380e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"57891f9b13ee4dbe54d2717e10d155b5242b94a7d7cec00ae00eefe7800f51c6ef4dfefeb500f115dfbfd1b620","nonce":"b3149427bbc69e27327f380f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"2aa7bf64869cabfc24f694086a4ebba2ba37a94988fe7d73df527f020b976a5825a506a9ff06e5d75ef7c65981","nonce":"b3149427bbc69e27327f3808","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"15f7742a74b143b09845ac225a7f89f890fb88284d7437492f8d1eff08a746ae50f18284e967e1b2db171e115c","nonce":"b3149427bbc69e27327f3809","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"4d35b6d2db127e8be9ca3c2067d30baf65b9cbf4c318d259235bd2f9d4fa37880f79a2f41d16f01c1c79f105c9","nonce":"b3149427bbc69e27327f380a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"44bb9fb614eac1474f215d7e3c6d6c6d6bf934de31c3173dabe5fc7d3104a10838550d928187115e9a672acdce","nonce":"b3149427bbc69e27327f380b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"5d54731876ccfcee4c2f04c4d31a2a5d37cac423868ecfa5aa96bcf8ae83e87acdaf82725cd5b31333a5db323b","nonce":"b3149427bbc69e27327f3804","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"2be9e1cd0e0ace9b8bf79d73976f24209c6a8934dbafce3b0d7d916b603bddaedbbf67505391f62fd1f0349e8f","nonce":"b3149427bbc69e27327f3805","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"725251002983ace2ad74ef5d6916d4d971e4bfae5629e1dd57e6cd4bebc59d6b5e3d47fa17d2a41905a3badf8c","nonce":"b3149427bbc69e27327f3806","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"97752a3bc9197fe1afb4b5ece9e1b5c76b56b71c3c7a795e09e620d4acb1a76cfda17f56efd3a26e5a10a82d0c","nonce":"b3149427bbc69e27327f3807","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"b46529db074e63db4819ba9636c43c3adcdf79b7b206c98edccda3ffcdc21437be7bed54a5fd50ad90e17b8c8c","nonce":"b3149427bbc69e27327f3800","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"9c8bf37969be58348a7652f986abf5439d1ab82faa717db3e6bfed4444e98527f5eb1bf72b23cbb30a251543cd","nonce":"b3149427bbc69e27327f3801","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"23004219c859a789607bfdbaf1785291ba82691e908a9976b2cd3fb6896247ac71c5ba0fe4fa0096a7cc909c55","nonce":"b3149427bbc69e27327f3802","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"10cbf649dc6397a6eb7a2b244e5b1e03421e53030bc72a074ec1e8882b84e79f813dd1df771789d66445652e08","nonce":"b3149427bbc69e27327f3803","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"c0b4794945757baefe514eb0eddd55754b618eb890470582eddd63ad0d1934f7ec45476c88f7074f303a0adc60","nonce":"b3149427bbc69e27327f387c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"fe4907fbf281cd263ee33b55351f5dfbff24d7d53bddc0eb631c549809cc10e75078f5fb55640f35e37d7b0d0d","nonce":"b3149427bbc69e27327f387d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"1fd6ed5f8384f49c49f92d6a922bf96db911eeccdecbe4f201c463fac4cc84c3f1b5e1898df85c1eb1432442f5","nonce":"b3149427bbc69e27327f387e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"9a2cb7438422dadf1d1a9d3f1c3cb160e5effe0e73e801ea8ef4066d702575def72614180cb2f6ded4f5a94716","nonce":"b3149427bbc69e27327f387f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"0db0cc188281871d14097db24a06bfacb3bc0d32800fe250d129f0c81147e60b79be1979918fa86137b46d4fd0","nonce":"b3149427bbc69e27327f3878","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"324b83b1e212b4fb7ae2d6f6ed322f009f3459a68fd597642a00e0ca0ccb8aaac59cd0f42190dd24a33f4b6b4f","nonce":"b3149427bbc69e27327f3879","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"799f18c1ae0c7187dec214b9e012f52af03796fc9b5f52cd613cfdd9a28d5b7c066ddcf98201342bf210204a51","nonce":"b3149427bbc69e27327f387a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"7562fb2f6fdb13353491772b800de0cb7082c0353132f0a2db94d78e5168d47f51e0d27701426028b304fbc111","nonce":"b3149427bbc69e27327f387b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"8731048a2322938ffb9a92e824a316ab52814cdf42f5ba26540ce7b51b85c223af58afe0f4acc7a430b587a64b","nonce":"b3149427bbc69e27327f3874","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"057c45469a25a8024236e24c8d48b08d94414ab80b596fd57c40e475f29f43114c7417b0902e24830434426cd2","nonce":"b3149427bbc69e27327f3875","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"db1ad1ae9c9d67dba55dc6ada83babccb14bd3777e6afed453f187c2e9020d339169f914bcfe6f77b4c70a4c9e","nonce":"b3149427bbc69e27327f3876","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"ce6248e778d1080db63538d9a5e68faa25c4f56e5f983f322cd3d34cf7079b5dde41526147fbd211d5c685d6e5","nonce":"b3149427bbc69e27327f3877","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"3c2ff330d1dd79cb4ae3cad20b2b6116e94ad120e77725d723269659e4bf4683879766222a78e221a0360066b0","nonce":"b3149427bbc69e27327f3870","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"db41e4ca75d92209a0af09789368ee303a1d0898ebd88fcdee3363344605b27f2049f92cce9a8baa08363be6a7","nonce":"b3149427bbc69e27327f3871","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"a680873e55dd83805f9a5bcca6287ecb28a13ead2087f950c6b493357715323014176482c6c3e755ece7f4de09","nonce":"b3149427bbc69e27327f3872","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"b1b06abd8d71a2c1768d15c72d927196095fbdeb35966918d982037a66e8929637f8b6944a4471d73bb0f569c4","nonce":"b3149427bbc69e27327f3873","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"52e5fad27b51426ca97797dbd4e184f9ee485ecc3f130047949256b704b3f7458a7a5c705fcf2be30bf1fe1a17","nonce":"b3149427bbc69e27327f386c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"614c12dca9ab55efc4abc6f4181bb1160d1a2c7e019651becf70d18b54830c5f77172778b8883c59a4749e2818","nonce":"b3149427bbc69e27327f386d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"f2dd35e655b71cc7668b70b5df67d99a4e7a606b6c7e288a8192d31226408bdfb493655d7c613ec1575c651114","nonce":"b3149427bbc69e27327f386e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"eb53ed13fdca481eb21fd0653abd3f064dff85fcd91a3d5ee482e6b2886ca31314d9a54adf0c3506fd971d4d67","nonce":"b3149427bbc69e27327f386f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"b7c492c131da6f09ffea27811977bdef6a0ac433eab1aa9afd82311c794136b2a1ec8b37209fc239518c15c3a9","nonce":"b3149427bbc69e27327f3868","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"942e2288481c9935c8e6583df6c0f9143e07adcb8889003e021ea808898a1f76ce35311729562be26184996834","nonce":"b3149427bbc69e27327f3869","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"406b60eed6b5d9fcf5de3fd0b21c468c3d8a97b39b19f1750577fc3d73d2652bf3a62378b7a3cd0f3e5e8d7130","nonce":"b3149427bbc69e27327f386a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"309784599b5362de2e02e35dc43e33972a0b5b529970339b7ff719ac9145a81bec91776fea8551b9420c6b8964","nonce":"b3149427bbc69e27327f386b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"d01d404322886b98ef0cfaa8ffd5680768dfb121edac24925eaa2eb30eee6d34e06d9b59f70b5ee09ef2ea0d53","nonce":"b3149427bbc69e27327f3864","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"a342934adc0813d06507ea48095ae5b0d8b888fc3d45f8a01c7132c5dc7660dd9ac8b70135ce6280c3687df542","nonce":"b3149427bbc69e27327f3865","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"e0ffe615f2ef7ffcea6d419c0698dbf6e47230ab6e0f8e8e6ac174669763a116e804f43c7bbed334887bbdf534","nonce":"b3149427bbc69e27327f3866","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"95f14dd9f174f507fdefe223d88ee76e97b2b41067687de934e124838a9954c7ac6ba13a503f4295fc9861358a","nonce":"b3149427bbc69e27327f3867","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"0d896b051fc992f197c66cebc3d20ca95ed34c00f734fbc1332156dcb3af39dde7d776809c7473e09117189b7f","nonce":"b3149427bbc69e27327f3860","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"303da1daf017844b07390bbab94e96c5516d8dbc33fd1bfdbf38f5c92319d682d6ba15330198e0afe0e2f731bd","nonce":"b3149427bbc69e27327f3861","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"234c6b54f6cc45f6bb5d06d7bd1053f401b01ad0579524908cb15ee19c318674fccc8e99cfe24d433398b70d4d","nonce":"b3149427bbc69e27327f3862","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"1c07127d62d82ef4f326e486ab8b82bb59d5f3ebe992abc68fed4a9f272fedc1c32a0f3a47ca5df5e8cd35ef96","nonce":"b3149427bbc69e27327f3863","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"a824e1c10cdc45b8cadcd3bff6bcfdcd070f4b6cc00814db2bdcc7a2ea95f211cb1a151a622d500abf577380a6","nonce":"b3149427bbc69e27327f385c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"4ed9e89158b3c41e4f3ff82a6a7763c5cf074edb34f0fb456edb6e43d26806c27651b8726b32b0a74a17a29ba7","nonce":"b3149427bbc69e27327f385d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"d630321e0182568e6f5eeb7ef61f795d655f02d60dc55967725f424486a0b82e583c23c7ca25e6a4d30cd9b627","nonce":"b3149427bbc69e27327f385e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"2e9a5d5c47ef6543b4467b25d5f3f82bdc5b2afd79f0b86071a86e77cd3a042600122f7c823dd11ffcafe1d6da","nonce":"b3149427bbc69e27327f385f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"190ee4ed0ea0110c29635a674a29cb72bf13e57ae48c808c39ad4f54194651170822c8079ea5ff1c15221f8c12","nonce":"b3149427bbc69e27327f3858","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"3981b7289546042e64f9e1fa6ad25c69c441eb922db51c607d28c601ba865b61a17e8c0972a475f7bd0e13f678","nonce":"b3149427bbc69e27327f3859","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"f8d030fec6636d4a8d5098384082d606806ccc14b681cb3ab8a19db649a889ea1c13abfd9615126a0f832df7e9","nonce":"b3149427bbc69e27327f385a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"26bff7475f7108e8d7e9ed667b913309e19c0b30d0a2beb0e13cb0dda5983338a54f812725232cf1678a71b30a","nonce":"b3149427bbc69e27327f385b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"b1429abb6c430671131813ba9e98ae05f18050bdaf137f70fd39b4cb7c2b21f355224b240e6842662ae15bfa73","nonce":"b3149427bbc69e27327f3854","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"74d57a970234bcc4a00e6e8221091b57488fac2cc003655b61706a84a8b6c0422c66814f0ca99c4a481e2b3b91","nonce":"b3149427bbc69e27327f3855","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"98c2faf1e00809d1150017867265a032d5e5dd99cef72d1536f8089c1ecce0f6bd2ac675e56610521b17d397e9","nonce":"b3149427bbc69e27327f3856","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"20015d8d2cb7e0314dbe4a95e55b17bd843b9a83d9bb9cf0fea4d6e33c15f43380e5fe1c24406380b08446aa1c","nonce":"b3149427bbc69e27327f3857","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"d875e55a6da76e0aa68c1ae2b14ddf3f577dc7149b7e028bf5487e58e464a0e1a64aedd5684bb409d2e907d154","nonce":"b3149427bbc69e27327f3850","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"779bd3dd422e7bfa141c1a6f9a6c153782598cd52150447996b116f68c703a8aa9b64846938738ed6637e977ed","nonce":"b3149427bbc69e27327f3851","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"e13734b91de5af32827dc39fe1bd9d0799ce05315bd32645dffa32ee43258e2a7408b3414867adf5f830caf132","nonce":"b3149427bbc69e27327f3852","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"7b4c841606289e7a7b01f66a15eb90880edc64c5e5ddc7223f5f493c906ebb03e33b99a4895164533ed7d0ff28","nonce":"b3149427bbc69e27327f3853","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"c84a537eeabb1210afdf4cfa0c367d6c9c3f05265fa2d35048ba6e8fa058dfca7ff04b825c80a089c1e0bce103","nonce":"b3149427bbc69e27327f384c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"18cee7f5ea6e2095a06eeda4a094381cbae104abc3db48a0c1e4012955b8b07800a640e5a31b576f627a7e4aa3","nonce":"b3149427bbc69e27327f384d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"e3232e77fa2cba9bbf473c73accbd8f2f8807a1ab98cf7ae1d75d67ecb2e3369017abccc3fec6a8268d7cc2f3d","nonce":"b3149427bbc69e27327f384e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"82495d1bb533158840f4873ef6a4a8e4632973f395937ea842496cd65c916157a8196a55a7f904960763f5dd5c","nonce":"b3149427bbc69e27327f384f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"a192791b29f3b22829ebe85f3051b09115b40a780994706b9998a5bb66b3d9103ceba881f3cc83bc307510e20c","nonce":"b3149427bbc69e27327f3848","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"7e2cedb18d8f99e55498713e0f18816114e69452c0aa1b5d84832b5c6707b8daa7924ae62b7551dcd5a1bff3cf","nonce":"b3149427bbc69e27327f3849","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"c450950cc08f3852db13f5798cd3d5ad01abb9f5dc73ea7e879ef1ca6422d581d5478399f4f378d960b27f4c62","nonce":"b3149427bbc69e27327f384a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"3e34c4358340fe37195c71e4278661e0f35822fefbb5e2d580fdfddf304524ffba52a77b6c65a79402b06d0020","nonce":"b3149427bbc69e27327f384b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"7c5817f8ec156c2267ec1d7bca0f9a0964b54852045bcbaaaf5bf14300f18c61af301b7a91d3aa768c840044d8","nonce":"b3149427bbc69e27327f3844","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"c0cde75627565fb5db4d11e75196cfe3f0404894a57fcfe2d00199373d59f361e4c6fbd75bdb2b5dd76ab92cf6","nonce":"b3149427bbc69e27327f3845","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"f952ea0328869a412e00972cde5398e913a008ba01e50017ae625794311ad0ff55c3246034528d41dcbe3a3130","nonce":"b3149427bbc69e27327f3846","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"e9796e937f9a41310f274b6b5b2b1149e17500c2066c2809928a9445a9802f60a202561387e25083bcda43ad82","nonce":"b3149427bbc69e27327f3847","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"5ab3efb94603e229ca5af39f89befbaee3d001a340707f13af4ce654a3bd74615a49142d080ba6c0099ab84416","nonce":"b3149427bbc69e27327f3840","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"23c79a798a3934d6e5d1239cd55a180d36035052c187a887406a60e4092661f4b7c9be4ceba40e1a7898f66f30","nonce":"b3149427bbc69e27327f3841","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"af199bfb10009e90aae76eab1843b8200d58083059f92cc8a893ddae4c0f62318329e5afd625ef02e4012e2868","nonce":"b3149427bbc69e27327f3842","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"f18c66869a0c79b234364ea2fccd6114e6b2989c5484194ad41c17a4184aabdeef1b627c837c7531c9a9f63cfa","nonce":"b3149427bbc69e27327f3843","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"0839890ddf503d5887e7db341a15b028978635eef2f7f9d3246208f4f20b8e9490b1149583644aa6203d5888a6","nonce":"b3149427bbc69e27327f38bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"80bd01c02a711b93176d66d1028e84e96c2ed12db316f8edf012934f74701447e420ec5bdad17caee82830fee1","nonce":"b3149427bbc69e27327f38bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"0a9f0063cfceeeb03c9a11ceab725d6c318edc28c19d0c7567d73132b35f6b81631c7d9ad935ed3b0ec599a162","nonce":"b3149427bbc69e27327f38be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"932d9119d611feb8eedc890cf88cd1c20d731d352ecf9c3797b707a5afc637962b4fb956422f9f015f51440636","nonce":"b3149427bbc69e27327f38bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"1977b4e696ef8c2dbeaed91d0a73fc69f6efe6b4af898bedaee52de423c6f559d26cb03f24514905d1ef79c0b4","nonce":"b3149427bbc69e27327f38b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"289e8615ec162d1f8ca0581bd00b12af5d23f991d9c935f224ce5b3f583e973b708fa66899acc4c4ec79cc6957","nonce":"b3149427bbc69e27327f38b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"d300b854c3cfe766daddcf60217f40d39ff68e06fad32505251b7b2545d2a1c9b6e6a00713b2e78d79e86361b4","nonce":"b3149427bbc69e27327f38ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"c046308c869c019d52ed560e34b2a4541528b493be44d1d4a18aef22b35028926ef57ae89de779966804a5ea33","nonce":"b3149427bbc69e27327f38bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"72467fbe9f2fdee4b41fa2ff3444d0d43cd1dae481c62f5578603802ed5aa5c3b74ece7e6f0d6e366326f1c701","nonce":"b3149427bbc69e27327f38b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"4afda44721d3b3dde6a1d65ae69ac4d4320b96e324cd2b2822dd00bebb79ca45a030d15b68d9b4632447a1521a","nonce":"b3149427bbc69e27327f38b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"64e6b044dba70ffad0f3d83db614733be958979af3c54719f4a0151e7e79b5fb6dc8f376e54e994cb956db8686","nonce":"b3149427bbc69e27327f38b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"ed3757c19cacd153298e5e9c4f799ef3373c1123bb5fb578b59975b4754f395582751a67e272fcc6d274871e6c","nonce":"b3149427bbc69e27327f38b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"9e74deb4772601dd5d5e8b718e3ba56d3c66582c63b5bffd77422afeac9b496ce3d7b95ec62b42f2bc250ac150","nonce":"b3149427bbc69e27327f38b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"507707ce72076faa96e8130a792e5d3747f7df2b5f61eb256d5e37e8af1457a9ccc3fcf08830e21fa13800bcb8","nonce":"b3149427bbc69e27327f38b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"f4d54bd502286c49c1146e3a481a599de13c2eaadb9a9f51ddccd049f6eadc67570c28ce9687745c9902dcd448","nonce":"b3149427bbc69e27327f38b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"0384fc70422e7e775e2dd3bc750a04238516b7e3c1fd81f71e41ccde735c24ee663863ee02f43cd4d29d32be8e","nonce":"b3149427bbc69e27327f38b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"bcfa1269bc8c4f25d4d9c364e3ca270f9491a51ada553e43d237345b0c2a863b0a58aeaae77fbc5c72d981b648","nonce":"b3149427bbc69e27327f38ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"6b4b5544376d64041aa4c953e158a2c7c81c05f04e1e4cb960f9792ae7722634726fe2adf39225210c0f8d5156","nonce":"b3149427bbc69e27327f38ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"affb507781b0636ccaabe30cc9126ddf86ecacc42076ed1df913715fd25fca53f56346a98383810c4083dd783e","nonce":"b3149427bbc69e27327f38ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"6df96fa536f325725683de537bc2ef1f6e1d3d4f6db655cf3666e9fa9f267e5d5fcbca20239e51ee9887a85a63","nonce":"b3149427bbc69e27327f38af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"71bfc1e011a84cee2c63ea7376d60532a362aa40bae5e01aa4bc2f043651bf7af0e0d6e698044f313735a0014f","nonce":"b3149427bbc69e27327f38a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"7ae157bc078c8f7aeaac5645b96af19fabdb89ea8aadb620b237b610f2a66ee190f3f82f2d00570a327ee82a1a","nonce":"b3149427bbc69e27327f38a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"268c9fa28d21137a79ecbe1fcf672cf45dc1b4877b5d15ccd4e32c7ce4569246af5ceee31b2dbf8dc08fbff048","nonce":"b3149427bbc69e27327f38aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"a87fae5e81de8fbd6ca30dd0e89801de2e0057c3a15a75d063e3e177873c2251cae91e1a2b996db71c973fe975","nonce":"b3149427bbc69e27327f38ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"a1cb4044e68a0d074b13db9f7de90b625183950fe1c876b02613f0854d03021386fe7912f1c861ba0042351021","nonce":"b3149427bbc69e27327f38a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"f3f4d8979f751c6d54ec3f942360b86b2b2aff030a682b1a291dbbbc69ed78319d1a4c3373f5dbf177fef5db0f","nonce":"b3149427bbc69e27327f38a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"20262d75034cb9a89ff2985cd12b42271c05b1b57ad6f024b5c689b29464142f86727130c141e561a8ffb291cd","nonce":"b3149427bbc69e27327f38a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"f74557b66a6305acb35e65916505f661bb4e5b95e4a2bac14adb91ce70a2ed85720474211385002a1982b05a59","nonce":"b3149427bbc69e27327f38a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"dcac10c08bf8408a1cc141deb22c855b54008491d0c193f6a908465556e6f8cb78c0b5c8c066e232d4f304f2ae","nonce":"b3149427bbc69e27327f38a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"f734593cc6e2cee949b6723fc8d61a28991b7cf3a6fd779fca6615ce83018ce6002527909796077e3f68c2622b","nonce":"b3149427bbc69e27327f38a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"880b41bf8cc4717c169d018a07afc1d9d4b9704a063caffb51585cea0273741ec38120abe5becf12e95ff340af","nonce":"b3149427bbc69e27327f38a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"e824288e2d948b277c9cbabea0687d40407513fe8e898c89d04ca7de31da2be084e2a612b48b7b65c7b5e19fc1","nonce":"b3149427bbc69e27327f38a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"6e258b794718f9ed85d870a1ec8474f620aaab6ece2ebcf66307d557a824a737e2bff424f87379163c9bb2e083","nonce":"b3149427bbc69e27327f389c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"50b3e947c91f50e942721def868c3adc405583b9c77ec62f26dc02f1f557cb9b3bb2f32d33afd42b2d4923d633","nonce":"b3149427bbc69e27327f389d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"3cf909a8d0beaadd014858cb4e4567294eaf8ed5436f0870535fe341843a71ba3915cf64f34809c8f52a97eace","nonce":"b3149427bbc69e27327f389e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"cc1310130167e6a7cb1083272cc5a3d773a684f690cfe11568f97973eab9e6eb98c85b4a1f1f4561f00c3f2a36","nonce":"b3149427bbc69e27327f389f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"b1e8cfefa7f0eb4a413fb27321eb29689ed8cd4a67f25a21ceee0c00aa64abb13a1937406fead597e76da69ff9","nonce":"b3149427bbc69e27327f3898","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"4c91fb6b2e492de1b3ce96df95d7c9d7b4930b55533a76d9a61d4a2961f7c753e3fb7b4d96789809638cd397ab","nonce":"b3149427bbc69e27327f3899","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"1f40df79861fe171b5a6e7c42910a65ac37aa4bc9f51a2feb5441f78abd44a38106ccec10541d2b7ab6c014e69","nonce":"b3149427bbc69e27327f389a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"2203e14634546d25a949bb49d6be65878db65734a1e39bbb6f830ae3dd950c0e31e09cb2e823149499f8fd7565","nonce":"b3149427bbc69e27327f389b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"8ea42e13832cf82222a76e19d7f15159efc9571a35405652d0e22055b49d8cc8f3c6a290d9c04cf06636999761","nonce":"b3149427bbc69e27327f3894","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"24a37f958a0c7b747c2424f6ba35e126b2af7568e45086824e5266099d0ccce601849cc76787f747b690d47911","nonce":"b3149427bbc69e27327f3895","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"9806eab630d47ba49b22f58d018476d07c1e1359bfcfb5f717cf5fb53d39dc23c65c1b69c2ebaac378da418ca5","nonce":"b3149427bbc69e27327f3896","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"1988f3d2fa550c9e493cde652107cb45faccac8b8e0b42b4451b74373c6c56886d7b883cddc7002fcfa448b360","nonce":"b3149427bbc69e27327f3897","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"da81e78dd7d390461fbe5354dc5dab74ebdd27f8fac6e6792a84737ca8df14fe8a434445c44eeed9074a9f3f6a","nonce":"b3149427bbc69e27327f3890","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"4c5c23a3a9f695c857ef3345c3f107329f612fc8d9848561fce68c3087c6bc56597892da0fac993e45fd2cf497","nonce":"b3149427bbc69e27327f3891","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"a2ca464c066bef369906bb33397e8978b7ef3274e4ff4f55d07b69bd04b7f0e493e72c65b1279c6e0f94847e46","nonce":"b3149427bbc69e27327f3892","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"90c5134398d12502819df13b08b1dbc4e5bc2c6c8d3de3f241d0b22cc47f36a5acafe47128f6a55397b64a88a2","nonce":"b3149427bbc69e27327f3893","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"e43dce00790d6b3d53f0880bb026f32f579844101a3364037d91111ec6acce7f127e8831641cedefd38121388a","nonce":"b3149427bbc69e27327f388c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"dff04e27dab495cd07d3a9aa7957e16e580ffb0ea5506e88ba28b3f44db0ef10ce78236b7fb85d9913b36ee48e","nonce":"b3149427bbc69e27327f388d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"ca08c578d416c13391fe20e829aa3e6304d66fe346fb2759418b7a263d494a2d1c79e0ac2fea6e1f388a695bba","nonce":"b3149427bbc69e27327f388e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"1bf0bdcfebc276f0668b3c6168b7374d3969cb0a6499c125204d135d80784d764616010aec8288a6477f95dd35","nonce":"b3149427bbc69e27327f388f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"70aaea3df4ea5e9ab08acb8debf93d443f752370559108e44ad1d4c8484c596ac8113453f84da9cf172dd5eaee","nonce":"b3149427bbc69e27327f3888","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"e83631e7a2cfc3bf15e8c639193d43e29eed183ff348f39e05f2ca14f57d5136d2a77501c3ac4fa37be0ac20f0","nonce":"b3149427bbc69e27327f3889","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"bee8abee56bcfba2f5e58398cc26493e78abb1e7cc61113b8ebf2e2f2eced305ae0153e08362337cc47150c93c","nonce":"b3149427bbc69e27327f388a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"70facd2c751d16b2ed9c02534c2839a3c32b0936d7c95b144a1b3d35b6fc238ba515a4dc21fc40360c701b85c3","nonce":"b3149427bbc69e27327f388b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"0ae8f86926ad707fb5d88892d1f082c1b6c7a6c9e6c5202d67b1abc6f0b8a835988dca642757e2e8d5a2ceaec9","nonce":"b3149427bbc69e27327f3884","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"2fcc66ece744d4a5975c4b1e82efa89beda895381400a1330822368a9f9a9af7e4999a69c242836cfa847e4fcf","nonce":"b3149427bbc69e27327f3885","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"83fd2072022992156c4afdf914160cdf4adf52bfcda26823016cbf2eaf320b2dc187da8d2803e3afb4975ba42c","nonce":"b3149427bbc69e27327f3886","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"3ce6acb49b5f0fb50800c47e0de6fdffeb5b27fe2809b303a10835e07a378ee1da3a34cb47c2d5d9e761517e45","nonce":"b3149427bbc69e27327f3887","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"bb83cbc6561f66ce29e7a072390db844559d31ae345dda0d93b569b986d5372e96e3ebc7f82dfab44b21b313a6","nonce":"b3149427bbc69e27327f3880","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"e3a3ccc1891acfcaa72228122082bee92159fc42ecf5c875b8713496ecb1a411d745d4cc111b7ffcca77545499","nonce":"b3149427bbc69e27327f3881","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"99dcd87a12f75ff5b601f6c95fed9c6ac2192c1299fdf8f1d54daed1701adab325dbde0886153409d4190d561b","nonce":"b3149427bbc69e27327f3882","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"76a2adc398306f7c0a53bec201b3a5b5d6af0d507fc03d040241cf911f0c1848db726c8c1d76f007302f36485b","nonce":"b3149427bbc69e27327f3883","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"237ef842d5c8c81e0130f56f8820d57bc7f6c444740cd15f5bf7f8f1bf68fb0dc801516b8e255ba554eacf55c2","nonce":"b3149427bbc69e27327f38fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"21b0270647af57bc06c72b34ecdd769ecd13f00739e347861faf55bb5e4f3b4716bd5ea4efd5d2d8869b045116","nonce":"b3149427bbc69e27327f38fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"951b2e9b84dc5e4eb3c062b41f91de41a9e8cbdd95d5df46872d1512acd56f6407d5ab0649629db1c5e39c9a28","nonce":"b3149427bbc69e27327f38fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"85c5c0c242e640d834c320b6708ee82f355ee9cca91bf7b55e00f46e7cb034566ed03524647c4ee3f4d9e6b4a1","nonce":"b3149427bbc69e27327f38ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"66d13df142e0ad6b8a45024cc45bc1080340c4cbc684de74e4b3a36a1640388bec0e617ca3ca8e05da7aea89e9","nonce":"b3149427bbc69e27327f38f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"92f91e263c2b130ab5a712df06c75510af86b5712cee900c3561c8c940f480629fb456162372f0f177518f1dd0","nonce":"b3149427bbc69e27327f38f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"9d119be7c62c9af4b51858f0ba5f713fde68c0c67e003c7ef756c44ca0378389615b27c1e1e84166b93260fc56","nonce":"b3149427bbc69e27327f38fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"0b1d1e5d7eb7d2a813f43b8e87f166b17326b02730ea89c859c06d689186208be38579798eb61f908b01267ccb","nonce":"b3149427bbc69e27327f38fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"ca1521fdb6be66b6e4f44765e7f48ae5ba15ba21b1fc516a690a5e8f4404e4539a41dbd258d391251a1956fad9","nonce":"b3149427bbc69e27327f38f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"de992af388fb7ee01ebbc4dbfac9551cc83360021e9ca7e1e690aa52d684c8f1b9f9695816ae88c84e1d047684","nonce":"b3149427bbc69e27327f38f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"16ae94f9e76f8ce8ed3b7ccf41a701afa8af4f9150273ee8ef9e01b4dd98591d87f0d104aa1796c6f2c733b52e","nonce":"b3149427bbc69e27327f38f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"d464d9d5a9a3ec00d48243a2d9c96f736ee00160f465fb7ec8a1bf5c09db96e5b917c71d5db78154930616607a","nonce":"b3149427bbc69e27327f38f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"bb0b7ef056dcb867700a61a568e3de3568c604f71b5c30b95450a8100246ceb984b7ad0a79eebc8467bada7801","nonce":"b3149427bbc69e27327f38f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"a083fd0a29273060380b801453ad655fb79b2df8035577156e4a8ad24fe418444495dc5f96aec034008ea4e81d","nonce":"b3149427bbc69e27327f38f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"f7951f3564c02a82bc8ba46c7e7205d1cdf62881008c42d4e407ef7b337c98704ffda0ad4c4420f995bdf0c02b","nonce":"b3149427bbc69e27327f38f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"8793d8065f69ae8b9612144d731ff41f33008ed1c93d8d565a0e2e2562d94d6c8274399064ed9a93bcabd8f6d4","nonce":"b3149427bbc69e27327f38f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"aedca385984e75dcddf569f7ea6eef04135cad05e4c20bbe350ec5325c603190d8e22b2d21b456bfede86a5741","nonce":"b3149427bbc69e27327f38ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"176770ab60c0f3600c250e4ae42dcfca10c05c9a39bc29fbed2c0a0a622a1c319d9a42900a47a9b36a363c573b","nonce":"b3149427bbc69e27327f38ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"114b7afac1d67c81779f67437b0d23ba35cf86382983ad6848f31951bab544394bf02df15fe0b7bee5b031e21c","nonce":"b3149427bbc69e27327f38ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"8e3e4cc4fe27460b131de5be9461bbd21a084b200046f30e68c2da8a7c98a85c32604c7e6a60635547a632743a","nonce":"b3149427bbc69e27327f38ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"0455fe1b0690ed652ede838e97a1f20871868ffc86c1b6ab7e2f9d52a491e4f5994ff8a5dc29513c4d8f8a3bd8","nonce":"b3149427bbc69e27327f38e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"dc09643bf365caaafde9c7822ec54509c7216d1e5e93a1d5d413453bdcbfe1ba11cb92916f267360548a1a3771","nonce":"b3149427bbc69e27327f38e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"f8621c54c0a22568af62804bd161d8b5f64040ae3e8b37531315fe9f22000460f5e23712a6f95c87ab91192234","nonce":"b3149427bbc69e27327f38ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"ec60b11929ff0e662ee46d32e8cfc4677ef8bccbdfb6f2c4ccdbcfaf28214ba40f12604c165fc7259aa57c169c","nonce":"b3149427bbc69e27327f38eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"9a84bef99579bc176d56725790471e8fe00e84deec3888f339428f9f678c3af109eca6ae1bb7a2c7476e5a07d2","nonce":"b3149427bbc69e27327f38e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"5c160cdafa0e5151e8debc0bc42091b5689638f896c069880ad1120082fe63ad3751f6171608cc48a84180e359","nonce":"b3149427bbc69e27327f38e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"0b10edda94c4cfaac59589b00139043dd153d8db1721a996e3f6936572f3208af63bd5ce051960e94234372b85","nonce":"b3149427bbc69e27327f38e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"873527af07b8a4d7ea4a5fe932b757d1d828cad31efa949c234d1cab36d330933cc0c216eb28be1368d24a5213","nonce":"b3149427bbc69e27327f38e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"82bc1b9e810ec137216910b4a8d788f0331c03746b883d43f0bd086c22003a63ce2effd74365fe1c75a8f4597e","nonce":"b3149427bbc69e27327f38e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"83b6c6b0d8ce1227be4629d69e30765b9ce5401cf43f3e90ff67c7d7348a1f7e465428cd9605b5db1979eb200f","nonce":"b3149427bbc69e27327f38e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"72d353a2b96594a0f64d3d1b6e93b541b26f007c41c6e233540daf5d9c6680b986c57e6842b5944261b6db50a4","nonce":"b3149427bbc69e27327f38e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"d71df675a7d524a13e06a6c87e403c533254ee0e6f0fecc5722d87ab464497d10879e7cb823438ff780aed77a7","nonce":"b3149427bbc69e27327f38e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"c5482ef36a4143b753224ef73dddbc2f571894c272b389e091e230e9fd210e3f2163d286dd415d33e51dd923c0","nonce":"b3149427bbc69e27327f38dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"f9630e8e999a5f56b06d5d343bd62f7e5970446a5e61673d2044b790f44419ee066103ca137f896c743d05cb45","nonce":"b3149427bbc69e27327f38dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"c4503a65af1eee42a7eaf7be2b1a93d9a19f2429b96f9c6863e5e3e3173f8541ac632134d0fc12880dbbc89de3","nonce":"b3149427bbc69e27327f38de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"2d47c3838fa89769a06223ade3864f2ce7798811cc7b536f4e2881962879bb7653e5c63b3049dce93207221570","nonce":"b3149427bbc69e27327f38df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"83b6a042840fda926a7f25e0b15318accea6be3c3c9f66c9952e8274731aa72abf45d051e829bba256ddd8ed43","nonce":"b3149427bbc69e27327f38d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"374fd29519890b3d0fda8b4aa0da9340271355dc09168a627efb4e0f10e25a4537ca49988129a6f7431157dce5","nonce":"b3149427bbc69e27327f38d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"b45239cf097247aca5bf020b9317ac1aee316a256400e2b91cfef2deb1c16d35e5dacd13f5d9b728f8a84794fa","nonce":"b3149427bbc69e27327f38da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"9a67a90aaef27f3d0ab37a887d10d3f8a944dbd8d65c13a7d06d531d28fc26b950f6ddf450dc6f9725fc1bfc07","nonce":"b3149427bbc69e27327f38db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"0d2d68d6cdf2e5f094fd2e1d09898b8192a6cd1807ffbf6e8ac417c61ed9415f87b5397e0e173cb38e898fb528","nonce":"b3149427bbc69e27327f38d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"33df17787e08d08364b584665377b109890c70d1f865439b23ec22f144d843d6357902f3c08a27b78832385c47","nonce":"b3149427bbc69e27327f38d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"8bb2b48fbf31ac61fa08314b02d76414a57a8a1f17f32dabfde699ffe11adc270433213711774152700bf51dad","nonce":"b3149427bbc69e27327f38d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"ad561ba77a3aa1347ab8f37e2bea88b2cad1c8ce5aa30edea7b7b9d571661b8d4c96b081c0df9cd18ef5ca9441","nonce":"b3149427bbc69e27327f38d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"255d7982e4aa7fe416dd29f5beeae00b6b4801d3ad90b2a8b99f13a46d3ba8faafa54547f0deb6a5b3ec33a2ff","nonce":"b3149427bbc69e27327f38d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"8dc615e6046b085e19dc4408102a94b8f7e4ea62020041702c25cdcd44523ef112d316925dd65585b06dda37c7","nonce":"b3149427bbc69e27327f38d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"41f4f734eb7ad69e75f4875465c19d35829e310fc85e792ceae2b3c14c8e6d53b18d06978147f093c018b6c70f","nonce":"b3149427bbc69e27327f38d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"9aaf76baa3ea577b879534c27970d69599b4b94fb2545b4321219bbedbacbc6507d4d94145b5348caf111f6a03","nonce":"b3149427bbc69e27327f38d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"b4403cc0820d0732391176dc99f5d65f31fd297f44eec0fb4f22aa18fbee782a9e6417731e4f398b4af3bf5526","nonce":"b3149427bbc69e27327f38cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"c8b470bf08b32594236b2f7a369c4153c8f9fcf3ae953b62885105e8974399316ebd6f6fa3d76c8212ccc1f50a","nonce":"b3149427bbc69e27327f38cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"da4a49750aef32f81831ce7483264efeb8bee6c73a60c3cfa513f59e611165b0534d2c9c3a32888c9cd5c16fca","nonce":"b3149427bbc69e27327f38ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"2a7f805c2e9ee93efbf454756d9d9a7b656073b734e9d1f7104ad7b62a6b56ba4875fbcadd2955f10896df4a91","nonce":"b3149427bbc69e27327f38cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"1548e0ec6ac52f61e04ae33c0ab52e828e603213a5ddae1a90ce8b4fc5d340941a620d9df7c780636dcd104b13","nonce":"b3149427bbc69e27327f38c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"1f84fa05f072c3dc8994a733394da40066c911d492fc4b9dc3d28c26ad78a2cecef67a268bc85a757ca0cc50d4","nonce":"b3149427bbc69e27327f38c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"ed225ed838debc31498f2503e6039c52ead245edb5203f95ed89147d8740fde872d58e95d7696f0292b02719ea","nonce":"b3149427bbc69e27327f38ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"c9c6c620d536ea6697e442ee383aa6dab32ac5c314fca9ff9d82c8240aae36468169bc738c6b61b716783f0b72","nonce":"b3149427bbc69e27327f38cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"92f81d2d49e38b9b94669d42663bca91aca4d4ee054b382be32d7bf92d26e84c549d1b6244112247f097abd02c","nonce":"b3149427bbc69e27327f38c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"8a00af3e26137b4cb6a3a24ff9e3b8f3fc087defd3860e5a8fdf2d82993acd8b702f2b2e2e4f9c314b76c0ef0d","nonce":"b3149427bbc69e27327f38c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"ffc073f229b4173498edcaceabaf54ee6464d2261f73e54a86a6517cd5bd589a9a66c752730c522355aaeb5f83","nonce":"b3149427bbc69e27327f38c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"d99e2b47d1a90276e11838d8c153c7076af18b8f3dc13fa25de23efcfdf4c0c11534ae64c01342ee304b73040f","nonce":"b3149427bbc69e27327f38c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"a4cdbb855e6c327f2da333204d5145f3d6aeba06e817f22f254860efc83c7df3fa6c39111cc4b691e5503a8e93","nonce":"b3149427bbc69e27327f38c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"b9d319c7c608d3305578da6afad0461b93a7028eaaba0e59fe70ca88bae84772e997d494c40f14ff15d7d12287","nonce":"b3149427bbc69e27327f38c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"09ea0f91f9b0e6b7261299a9563747d27e4b41cfd75d29207cd298192e57bbff4c99bfbbf41f6392f892e19004","nonce":"b3149427bbc69e27327f38c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"e3e25114f75450ca18cf0a8fe6f0fb9c29116afd325ac6834312ae1f1f0bc5703e368b07fdd4a0bffee5e0762b","nonce":"b3149427bbc69e27327f38c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"82b7b46bb449aeb561c5a04caa92919a8f103dd7c2c7cb9ecb5829423ab490ea943865f26a9a988f151c0c3bb1","nonce":"b3149427bbc69e27327f393c","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"472424ea8c1439e6901191ca11a3018cb930db93a99ba593801e98cf6b7c2d63"},{"exporter_context":"00","L":32,"exported_value":"b8ef500e5368588f52b56225694bb800fb594d417718471d34621165efac8177"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"8ee0a10d83c0807f3832a6db6f5f33c5824a6759ae924b7826bdae65d6489fc6"}]},{"mode":2,"kem_id":33,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"0b032c5f415e7158cadf0c8d57817781482953bf6c980c23e93eda3a6a3743786f4e225326fd26d97c2c42bb9776370c436756c3dd9e3c89","ikmS":"100bb3304d7f7424336353e49d63477ff97323d99f24d79e106918ac48ace681b3c07234c31454623363c2aa3891decc8a24e3389b28014a","ikmE":"c5b7f9eac5dcd7b4b5ed8a196e5860ca006d803541de8a447a722305aef7d0e1821150f37bd6c379dcbc3cc3c4d750960ef24093b43582e8","skRm":"0a5586f2c06b5d7a3d311f6f67b083ab407328688643a907069d5dca4fafe56c1ac33b560a43e58a01eafae32b0788f009f00bd92d0cdcc7","skSm":"58a37ee25f8d9ad8b9e898f7cbe4b8496edf792252e709fae1abaf83ed2e6975943a19d31f8c0079b146548d50f34899663bc24518649369","skEm":"09bca5604fc75f3e964120d246859a1fc02877433cce0c793a2da0f7e50952c8ef40dac04eb89383ec32061fdec77850f6248f6fea4153ea","pkRm":"9c561c7c3d41e3a66cc914c799dfb5668303c4d1a85cc454feba58352a3ad3498c4e41bd6d320570b4fd01efd7aef2f00952ae1e0049395a","pkSm":"da84339b04c25dd373a76444fa5fd4528594f8955b80f99d01cbfdacd275187aa83a2919ba13dc5f6b6fdca4a4e07b736276aa6afefbfb18","pkEm":"7ead564cb686f604e7188879d5f99ceb2d254f856870b9241337d5da9ffb06caa11df0d42e93b2baedc9cee31e7c2a2cc84db1f85b3d5a47","enc":"7ead564cb686f604e7188879d5f99ceb2d254f856870b9241337d5da9ffb06caa11df0d42e93b2baedc9cee31e7c2a2cc84db1f85b3d5a47","shared_secret":"ec59b59ffa9829d6aa08afe7db6f2cb6117f8eb695c551d6cd652c69249a3a58bd9f1c098820d580bed15b14e47de53453f63a89489055f35a9fb250fb2f0b9f","key_schedule_context":"02c88fa84728b245b308fd6933bb5039e92b2d3dfdfe95d8786fd110e7eef15eeeed01013a4b3649cec0160061020dedf2ff1a5a9579dd7f35f82ce7e4da7034b2817d22761b0e30bbcdab3759c3f6eb30117e5901b4813c6a7f4a98cd855f07b790aea87cfe90b91c465c22904d4128111352d6be737eaa757a0e2a1834173707","secret":"c793bebca9d6b8a5fee047bb291d9a615a884fb9f291976e7e8d6385ae2b5735e93715af87a55928fc31504cc1954cc0976998ed49b07baa38ae01502f85f3ce","key":"459bcc9df3d480b8323d558f1fc6909bb1bef3eea7b996c64e97ee4605c2f6e3","base_nonce":"fa64ed7f04d78bacdee5e0dc","exporter_secret":"e5f15f90064b627ff6892d7804d43c9ec9737db85d0b0993e8f8bc40a6eff74b3016a2198400d7e6e2a604b30848caf3803205c81316fe6a013d15f223c143a4","encryptions":[{"aad":"436f756e742d30","ct":"9929617b88e456c7729143607900ea33582c07725052a9e0d85017fe57307ed1f14a05d0c213ee1292436c03de","nonce":"fa64ed7f04d78bacdee5e0dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"fde955fb276b8892850fbb922fe4248ef364e6e1c5e90feffdacab443d1ebfac575572d5577720464f3ea66c95","nonce":"fa64ed7f04d78bacdee5e0dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"0280175796c51a0e95b6546f68a58662600da01cf052d882888d6304e7deb4b18ab3db70e5d009e11580f00be5","nonce":"fa64ed7f04d78bacdee5e0de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"3771f0d997a7057fe1a386e442811319fe034eda04d4babdb6977d833ffd0c20d388cc84bed4536064f85008d6","nonce":"fa64ed7f04d78bacdee5e0df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"d8f9536b362698931145bc1c9ff77f4fd7e24c82bd9660aae848a32d832130fbc9d2b03e1def64fa48a228b694","nonce":"fa64ed7f04d78bacdee5e0d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"fb37b25c2d9e57a5234813da464eefbc71cd45da5f87857fc21c0babd597b146d7381ff45f8345fd42e81f03e4","nonce":"fa64ed7f04d78bacdee5e0d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"ceb7d2041a78583fbb5c7699a08242c2c9cdc2b9210b2197ace31b9b92cfef010800e0a51a5c455fdfa82681f7","nonce":"fa64ed7f04d78bacdee5e0da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"f2b2801793a681e48978ea404deeae0bc4ec1e0ce7d8409197d61501a403a0e4c6c578c2165858e8c84da98eac","nonce":"fa64ed7f04d78bacdee5e0db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"9250913acd17ea73d2addaaea035a45e5457d0170e2045ee82dc10f5bb1546853d26b0d38bccdbae336c254cd6","nonce":"fa64ed7f04d78bacdee5e0d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"a6fa75e911c583ac01fbbb1456568cbe97488a0d504d60eb184840f79127702a99182c5432327c7d44b1de0be5","nonce":"fa64ed7f04d78bacdee5e0d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"ccad8eb2ff752a33974e96708490434ff8ea40c4cae2408a5505c21d3d397bd4544e844316dc9cac18685d8e1c","nonce":"fa64ed7f04d78bacdee5e0d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"9fa3437eb1260bfcfbfad1eb4d8e0bdd4d520157d7679af3bb4ad65ee5aa9813a9ef2b96b7d56a21fe2f435209","nonce":"fa64ed7f04d78bacdee5e0d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"f3e06689dd972b645d3659ea57369dd2e4aac9989212dc904623f5374ca92e97ec77157fc1ca44a3878571c3c3","nonce":"fa64ed7f04d78bacdee5e0d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"c74b06bfebe74db775dffc51db24d2291795da4530ab02f59b51b3f347176bccb5c1ae0e0d18fbb14568a03977","nonce":"fa64ed7f04d78bacdee5e0d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"4681c95c549ab1e754b13ca944fae1438a8a542a1e35ee137fa967e1b2c4d35a8a54efc5fb8055785acc9a8c95","nonce":"fa64ed7f04d78bacdee5e0d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"b07e65c4bd6278b536753eff99d832b1d969962eff24e5d949348dc4975e94509c9f58f90039842bf91bd2da74","nonce":"fa64ed7f04d78bacdee5e0d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"9172345a52339c50134dc3a134ce954285fe0978a91cbdca6154c1fc20eec65a9257f2fcdcdd80564d1e2b8c5d","nonce":"fa64ed7f04d78bacdee5e0cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"1561af216947cb39cca4cc8201656423c72d67becfb238083f0d397b0c8ecac8daafc7160fd2f9b7f83d4eac73","nonce":"fa64ed7f04d78bacdee5e0cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"33f083b8bd999db6702c1593607c0a28ed8f5003224f7cb337ac94492bd793c4c87c5bf545127ce1d8038747d8","nonce":"fa64ed7f04d78bacdee5e0ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"8bf905af032a1056924f77b8ba493470fe514bbadf915d329a4cd0667bbab450c3c326d37d073bf7e000a75b2d","nonce":"fa64ed7f04d78bacdee5e0cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"9aa62f077ddc02c326881fba22982e4b967785c293e236ebd23ffe6aa68bf6f040a78f1c1a0c990c57620318ca","nonce":"fa64ed7f04d78bacdee5e0c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"7cb592a9c6614c5062a3e4305735f78cb7578c49ad42f325c38f59eeab0da3118295dd8870d5030ad5531b7040","nonce":"fa64ed7f04d78bacdee5e0c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"17bd43b66c235a3c4ddf60069a5c403a43e55cb7930c7067d623be5600390a4345beb1559ead24b3bf9a2627cc","nonce":"fa64ed7f04d78bacdee5e0ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"817f729b5dd57d75b249db3f201b8f714ceab08d86f7c0fe8e3268e2820287819831b8264e46b92641a2288fa6","nonce":"fa64ed7f04d78bacdee5e0cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"38ac0463f2f7995f4b55c936a23d8fe4337d47b508921fae93b5a03572625f290785778028b274f5085119a1b6","nonce":"fa64ed7f04d78bacdee5e0c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"813e8306721d98c2b9f6b00282e1f0f1085c45ea72a47e58078ef1306b11aa2929307018d01fa6d32c5fadf9cd","nonce":"fa64ed7f04d78bacdee5e0c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"04df176869859f0947921dc2f24cd0e153012652a21cb293cdd86a4db59ee68da36e96ce804665c99af7b10364","nonce":"fa64ed7f04d78bacdee5e0c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"6d4156ece1ba2d98eda686b30460fac3e3985e037dcf413a08062aa76b2374215523d2c46f020041a79ad1a2b2","nonce":"fa64ed7f04d78bacdee5e0c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"e2bb0c4cb419a15d95d0902a8eac455ccfc0c564a1dd6152b2af60792680032884a96c285a7bb3bcc96394eedc","nonce":"fa64ed7f04d78bacdee5e0c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"c5f9b9df76d2e330b816b88c6b8d4b5285b4683270fe1b3d8f5954a20247d91c229acd196469455dd00f3e8458","nonce":"fa64ed7f04d78bacdee5e0c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"e0a46207b68b8e40ca1c77509f5f477395ff7fb016225a247a6ad7681f42fba6a3919badde548daadb45767090","nonce":"fa64ed7f04d78bacdee5e0c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"04d0cc7e3d8160a98aa0258e7638b0f119afbced4ba360963270cdeb2b644685e19110c2786a1a97d7e0d19a86","nonce":"fa64ed7f04d78bacdee5e0c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"99e92f0fbae4bc5eef50305b7a9ab5aa6608d9221f57c5251055e8c5ab3bc5534f4b06f182eb4d2ecad3750910","nonce":"fa64ed7f04d78bacdee5e0fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"5c4c2827665565a15ddaad6d79cbdf92a4d2c6fc79c77d88c61f5d7bf89e151c703f722912edba2d625616c633","nonce":"fa64ed7f04d78bacdee5e0fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"fade9d4c5ebf475c7219f796b1dd63f5c0323141c159ee373ac734b44df9818525116cbfabc447716beefd0b51","nonce":"fa64ed7f04d78bacdee5e0fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"a3dc5d2bd3b80a2b4d2ba34a45974a45910e043d25876d3569c6c11b97d20c2a553369b725019874a0e1bee26e","nonce":"fa64ed7f04d78bacdee5e0ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"90a617cdb9a978d8ba2e1234076b2d17a284e07c821a39c1d8abf4cff1c1d797c7f5e91c33f3081baaf7c65277","nonce":"fa64ed7f04d78bacdee5e0f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"6bd5e3684d399554929237053cecd96a7f7e81fa0e8290dc8d7f06ba0bcaf8c97cc49559d2e4bfa2c595a3ff69","nonce":"fa64ed7f04d78bacdee5e0f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"f34b7444ef3cbfdfbd8684dbbf3b4bbb5a5c5466f1245d2c10b11a597e3d843e08ae3d462691221c2f8da9a83d","nonce":"fa64ed7f04d78bacdee5e0fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"391165dc7b51b50a9da4036fb1d72c986cc6151d85c00a23df1b7bd3ae8500b9d14fd195d66adeeda52ff4d37b","nonce":"fa64ed7f04d78bacdee5e0fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"b6fdf36d6a2fb815e0b150715deac219aaf4b96ec923dea7fda83a87fe62bde8abc43e12d32f71deb2471c3c05","nonce":"fa64ed7f04d78bacdee5e0f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"244cdce1c840b7b382c64c7e61fc99abf4a8f0d6caead84e416ec796150b9d087dda8d08b46a0470c31fb37a78","nonce":"fa64ed7f04d78bacdee5e0f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"139112f2a45850e933c895f3789b67c0b7038b81f628c06f5200f7ca74953bb48382551e2e1baf210273cd8471","nonce":"fa64ed7f04d78bacdee5e0f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"b2794340a150991f019c26584e65d7b7c35d3965f2e180d9e61b439ab957c50cf4f0fdce0604257f58544abf58","nonce":"fa64ed7f04d78bacdee5e0f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"925776085df1784353738ba45c8dff5a43bc5fca0e6abdee6cd0433c7a4b41fe5c43e9678f0563e2a7c065c10c","nonce":"fa64ed7f04d78bacdee5e0f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"b408a57f3096ca5ea84168f21e8f12c4531955e625b0a360bda27cfdd03ea54ba3b6dd0c49736d94c347ef023f","nonce":"fa64ed7f04d78bacdee5e0f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"e0482ad76d951b61e47e4c42797669a057fb0be762619451ed9c20d9da25c7ec78f79ddf118291a11a3ac5706f","nonce":"fa64ed7f04d78bacdee5e0f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"fa933a98bb74629faf9845d1630263d8ce2536f76b600f53498b0391d32df12a8881cbe8c46e603e001f40660f","nonce":"fa64ed7f04d78bacdee5e0f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"82a9f6cfe918e5cba58afe2779f54a6d0918bd6c074bf0c937b67d561f7f828f0336bfca232d0284bf1691f1bb","nonce":"fa64ed7f04d78bacdee5e0ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"e4a25f2bebecaf4b0fd7eb6356b9070f033b1e85404838b13c206baa3092ba47ee492b438e40ed5b1800d4ada4","nonce":"fa64ed7f04d78bacdee5e0ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"40bba0951d9014f4be3c13d8267a451bbf1ae87e6589c7960bb1a1273079d7c68bf319a48efda821dde1dbb350","nonce":"fa64ed7f04d78bacdee5e0ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"7dfc509d807753dba5f738dc01243d5b5de865976be0502c039d0367e8de5944cc84d4a3281a07d28757dc7ea1","nonce":"fa64ed7f04d78bacdee5e0ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"fbf7188e3f50a8519f32c6ec99fd33d671afc2b935cfffde4ad04e512f4226fb863dd648588b28d8cf79ae6847","nonce":"fa64ed7f04d78bacdee5e0e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"0224f6d5c5608757df051782e85ac76f75d522d9597819ff330c8d5f9e41aab962ba03cf79eb0f24e721df27f0","nonce":"fa64ed7f04d78bacdee5e0e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"f22fd115da4f11067a1ca4bab54c85b5cfa9e36eed10a3fa85067e861d4469f127312cb56cf905a639224c6b28","nonce":"fa64ed7f04d78bacdee5e0ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"79499f541a7975d1d8dca41d99dc2c68e2a6ff97c816aaa109d323e579658a2f25d737b80d4e9e06305130bb69","nonce":"fa64ed7f04d78bacdee5e0eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"51c929bca40566e605f3ed347c36159318c2699aa6b07fcd2cd3ae4cf55cc8814a9e99846205f66403f794e3f0","nonce":"fa64ed7f04d78bacdee5e0e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"632416e3465716ba8ffd055920742821c97e28c628684cfbf4a5a4e84fdddd50b75e6bf980d0d939a6b14ebb50","nonce":"fa64ed7f04d78bacdee5e0e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"f8ffdb080ebe5a5f103cb5e6007c35838dcbe17c617633fdd39647e9862131798810b673fe1a8553894ede75a1","nonce":"fa64ed7f04d78bacdee5e0e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"f47d166adfa4411c7add2a2884c0963ee7508f383659b40f250e91a09ef3bc5d7fb42fb273ebb8ea2fefd746b4","nonce":"fa64ed7f04d78bacdee5e0e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"ab3d63f3391a63e2406c4491aa76980bde77b06c682debfbba0eb5baa81194112db1358730584a822ac39c3736","nonce":"fa64ed7f04d78bacdee5e0e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"f5b484213b8f204be382975a308bb76d123319174707d1220e3c9b5968592cad2c61aaeb87c36b70e1720e9146","nonce":"fa64ed7f04d78bacdee5e0e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"7e322983995ff72ff0a53c5fe24f607f4623fb88134f43ae11af6efaaec34d208b7a336aa924928ecae96a1b12","nonce":"fa64ed7f04d78bacdee5e0e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"9448c45176130dff7c8d1f760b07277bd988633e0a4bea66374ca8b364c2144972e39e758f5cf4a56915a01c5a","nonce":"fa64ed7f04d78bacdee5e0e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"5465d86b233e40051a92001e5ec6b32e833941c29c3ab379c18afae4893cc677b64686153da4112b419eaf6d4c","nonce":"fa64ed7f04d78bacdee5e09c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"3861568bcc6ac0f734e247663545a0d2d4d4280acab344d771e839bf7d051a518914fa87c87483089ee2f097ee","nonce":"fa64ed7f04d78bacdee5e09d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"12f9f05fb44bfb6945a5a173ce98c255ec384e7b2a7262a6de4a8972110a56f9bbe4221b46881c2bd02a8e61e4","nonce":"fa64ed7f04d78bacdee5e09e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"9439671da6ac3e1defe47ad6b005303532f1b00a3a5001c765f04c1b0a520694b196743f5bbb8c1a7b131af41b","nonce":"fa64ed7f04d78bacdee5e09f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"499e69a17bf7b4f3fd52868ac9e4c804455108074caf7a1ded1c4fc7665cd689c8f971c80cb12b2f945b9df64f","nonce":"fa64ed7f04d78bacdee5e098","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"c55a1969ab324d678b14aa3130a0333cc66016da7a913112869b9c5f755d06965d11f10a3ecb42205b78da1dfa","nonce":"fa64ed7f04d78bacdee5e099","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"9cfd8d0eb268b5eeffec019f42da49b788364e1e6011249ca1b5628041dc80acdd3b28a0d44f057264778b04a3","nonce":"fa64ed7f04d78bacdee5e09a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"a597af18b66cd9abc66886fb5404b470a684016db7ef06b62366f573dd5b9b1079f2d51ac7b06e1b3ea07b82a4","nonce":"fa64ed7f04d78bacdee5e09b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"234f6b97f1218e15bb08ac5c55f85bc59704e6ce59d0f7acee0fe1ee23e44bce359947ecd4a16fbbfefcd11d3c","nonce":"fa64ed7f04d78bacdee5e094","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"b4770842830e42b57b6f1dcaeb31f4883bf43663b2d6302b35e199d1476936706737b91f17589078c45cd75093","nonce":"fa64ed7f04d78bacdee5e095","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"467ec2d0a74805459d31e6818f0abbebe438e1635925a8383afd2d09a06991773bbe137e3b54b7dee05d00d4d4","nonce":"fa64ed7f04d78bacdee5e096","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"639d3d3fb051b111590d59d5a8e53b040f7e765e62cfb4788bac8a9bf23710c9836fb7b7b4e0c58cdd34b74faf","nonce":"fa64ed7f04d78bacdee5e097","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"191989c98e0889a70ee0edb7ee5bfc5f5a04ecccad3384234d1fc6c9f57d3c22b8839d599e9a2b0532a49f67e7","nonce":"fa64ed7f04d78bacdee5e090","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"9a26354eda2d0a5636c053ef87e68a0b9c3663e00bb646544c667b603d3df94851f838b96fb97d0848037dc6c9","nonce":"fa64ed7f04d78bacdee5e091","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"730b58a5ea4fd0f780910e4c5f418b0873f1c1c82fbc429bbf3ef8ab3c3d79864b3ac8d84b0ee49c41ad5c3c03","nonce":"fa64ed7f04d78bacdee5e092","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"31df0b5577787049ff855ead57d0657656ecf0660a6f4a5fdacf9dd11468d19a7e5f983cb50f61d5b3a3f57859","nonce":"fa64ed7f04d78bacdee5e093","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"e7190c96dfd9623292e0678f721995bc8e84fcc3fff0a221bfb8b06cb4ba46d5aa951df4870215fda5c4d76bd4","nonce":"fa64ed7f04d78bacdee5e08c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"f7d8c69f683c2a75d8502217a4334da4a7bd540b312bb5ca2f9d31629e11dea273a66d3045cacfa154ce1ce945","nonce":"fa64ed7f04d78bacdee5e08d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"6121d5d55cd38ab9766e7db02fb6d5f6cdacdf7c8d8d424e4b5967416b31b26df7b3ecf6da8ee8d72612b7cfa3","nonce":"fa64ed7f04d78bacdee5e08e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"b9af62c4fde28ed623301c2b0230db0f244e6c51099d93a60b6c2cb02c5bd1bef8d4a6a1a5b018a6cf8c7c65ac","nonce":"fa64ed7f04d78bacdee5e08f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"db4cca4f3ff57c197e0dcca07ab8c6f9e59f0278993a3399f773e52e518184f49270b6a0fea1af70297426f99a","nonce":"fa64ed7f04d78bacdee5e088","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"2d3214ff8767f3f0795636e1db1f746a9a763488955945276c791dd526d85a126be21691b1e52c541092652838","nonce":"fa64ed7f04d78bacdee5e089","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"c293f8196766e67b96a0a53726fa66334fb8c2437145f9f992d39b368befee6ca6022cf3888e466a478b0a3406","nonce":"fa64ed7f04d78bacdee5e08a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"d41f0ea1fa35a16f965a7cc0c471e44a21af0d2f809dfc0aeffebc68f1136f79a3720f506bdf89ab9c9480d21e","nonce":"fa64ed7f04d78bacdee5e08b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"8e202d5f907af73344304f477f8bae2db1da140ac3fe581710839696716cbc5514fe2c8cf165d5832348307b35","nonce":"fa64ed7f04d78bacdee5e084","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"fb3716f1b2485287ad939a1e5be287cde863eb63d60e83100a1ac2237dbd7cdbced0b6b8a9dce7c3f753b7de53","nonce":"fa64ed7f04d78bacdee5e085","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"ba21f5ecb984249a06d6dbcce029d6d29408a4cbff80c090279b0653d2ece552cd3995da1beefc70f17a02389d","nonce":"fa64ed7f04d78bacdee5e086","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"214b45029b674baf3474892ba8d0ab6a8b14359085b52611a34178551f8c0a31348baefd287b98482ebc8786e2","nonce":"fa64ed7f04d78bacdee5e087","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"d3331730592a32ae1480bbf40e4f10fe72a3195736b627c482cca3913a70ffe1a9e812c270d24c3f5da5e84c5e","nonce":"fa64ed7f04d78bacdee5e080","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"5cbc2380d998799dd257635f692f1a9171a2f4fbe99a5630ade4015707e04786b941ac3216f22fcf6d36e68c10","nonce":"fa64ed7f04d78bacdee5e081","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"b22672ddfad9e41c039973e061381edb034df7a0841cbb95f9cb547205b248a510c4cb0a59e6430d41648db290","nonce":"fa64ed7f04d78bacdee5e082","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"8b84a25afddb2a702507e9884ebf4314d73bd7444a35e0d2423d75c917cce85f23258fa8649e84891644c96e26","nonce":"fa64ed7f04d78bacdee5e083","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"b97d8be8fe4f181158917620360ec081ecaf37227df1f2b9de33986d26b9f1f4885338d55ed0cfcfdb7c3ac9aa","nonce":"fa64ed7f04d78bacdee5e0bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"e82f8f3a03e11b80715909e3ffdfdc5fa09b6fbac25e303a73c548fc2a4b1037d217d3434052bbf5bb03eb1400","nonce":"fa64ed7f04d78bacdee5e0bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"b9bd79339be80dec49005f8886da2868f8af0f7cb7953c60132846a7771944455d1a82112b4daa8af27263873a","nonce":"fa64ed7f04d78bacdee5e0be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"c825cab019be8322f792aa3c83d5c8d0f1cf8675a1c28d50c1d7c98392b9f3dc28b13e686b4982410527cebc43","nonce":"fa64ed7f04d78bacdee5e0bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"760f1cc8bddd6aef955de39b592b4bd3f7b16dccf403d87b4b1137f95902f7f58f821b1811aa8a0be594e4c517","nonce":"fa64ed7f04d78bacdee5e0b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"9d00bd64b02c619a27c33ae4dc4f2d27e127724e3e699e89107b526c46a03ef709009640d7fbc2d4e7c014b062","nonce":"fa64ed7f04d78bacdee5e0b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"e4cd0b227fff78cfd679b4a1186bfddf6633ed685aabcf3f7d32c61e83900f77d30d2e148bc1410e7ec4422b7b","nonce":"fa64ed7f04d78bacdee5e0ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"ff01a7b0409e1b37c488c485ec5ee871254c8c17715e7d346c50c7887454f6a3f828ccedc43306aa1963d46fdd","nonce":"fa64ed7f04d78bacdee5e0bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"394373daa8728859bd81fe223147fb351c6af8f22287ec84171513269028b21dbee094e3072b16e60f2ac7df8f","nonce":"fa64ed7f04d78bacdee5e0b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"952dc772758feae589393f11a7544d268ed614be15417fecd176331b389171ba11009f12e5430d58882ae3332a","nonce":"fa64ed7f04d78bacdee5e0b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"9a16454266ffd241ace0c0498c8591085c195a5a37ba8415bac230b808693cf330833833f74afd8005074c51ef","nonce":"fa64ed7f04d78bacdee5e0b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"35618068fda637f5f86c8a52fe822346b6bb59773516803308fdd2e4dea855693475abbc8487650204dc47ed2c","nonce":"fa64ed7f04d78bacdee5e0b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"636d010a6e520e776f720f5b754e69a321f2ac859118c8e9ef93fc9b99d54e9b82430eacc958e33dd9eb01c490","nonce":"fa64ed7f04d78bacdee5e0b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"8bd86ba4a0d52906ec01a0999de12300837ec4fc04aabef6d77f04a075d4963fa6d50cee96886f92c183a63042","nonce":"fa64ed7f04d78bacdee5e0b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"989c73ecb4c2aec73d27c4000d3fb99fd9821f718e835fb624482c091832f2d88e112554932fe66b87b8edebc2","nonce":"fa64ed7f04d78bacdee5e0b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"2ff3e4c227a49398674641df7a213db44ab31a47051f07ee90facca7384318192031e493e9941e82fa66500235","nonce":"fa64ed7f04d78bacdee5e0b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"19ac22e49d337db44bb99cec6021649de4849abca55bbd1e2b3b46bcf74bd0ee2c36b11a50e2e77b9850b4e70b","nonce":"fa64ed7f04d78bacdee5e0ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"9e5f667c519f4bd643da4f4902564efa164b71ee88d0a6b35d0058183185f4642f71c7110034e37bcf77530bb3","nonce":"fa64ed7f04d78bacdee5e0ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"126e6a1e812559ff0ea4a47963a31cfd84265c948ea3bf6841914bbebdf66441783eb6d2a9da12f7a33c8a9027","nonce":"fa64ed7f04d78bacdee5e0ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"64c60e517a77a3b6054ea02dd0b2b241e2c558c936be3475b82f2cd2ff277354b23735e31b01b915d3d55ca92e","nonce":"fa64ed7f04d78bacdee5e0af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"e8631aa68d27f92c0d4cb18475d420b65068a0dd034bc8da3865e799ed5fcedab1fe9d309dcd7483a4a3b76c01","nonce":"fa64ed7f04d78bacdee5e0a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"c469cbe14848498945457e68311c366095c76a4e746e92fc445c68fcc95c1a177cf056e208a9c258778330a9b8","nonce":"fa64ed7f04d78bacdee5e0a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"e1b6b4cf69cdbbc6c9c646b9fa72469f9e3bbc5416bf1aa50a5824110bbbaa64820377d64a58d65b8c7b88bd32","nonce":"fa64ed7f04d78bacdee5e0aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"b0573698cef5c141ed48ca36fad0cd1c7fc268ca91d1666c307e9b262916e1046640d9b682bde943c9fcc62a0f","nonce":"fa64ed7f04d78bacdee5e0ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"b72da08b1a1f1283cdf3008636a906f680664d7e7c85dae3998a3b6905f4cad05909fd9b7cbb8ac484bec537f1","nonce":"fa64ed7f04d78bacdee5e0a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"227c40a78f46ab8213c1a9ed21f64a84dbc970527ff5628c3481a4fa2b14b90924f89335d0a3f71811ea167ce1","nonce":"fa64ed7f04d78bacdee5e0a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"73bd2dae2df00b803429e9043e87066c68a92ac4aa7fee0396d78ec10b59b7ba386a1bc69377d8dd92a6cf810c","nonce":"fa64ed7f04d78bacdee5e0a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"35307bd497dbb4cb9b3e2468a8880de062381d9f902c87222250de53f0619bf7df21315a2269800e71fa2ba4a8","nonce":"fa64ed7f04d78bacdee5e0a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"46bb51b5b25e2b2983b08968d17a56de90c2539670440e9af69bbf73ebdad3d37622993a18628f92ac4c0b583c","nonce":"fa64ed7f04d78bacdee5e0a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"a2673825c9ab1068b566f41a420ccef908b2e343af4863bd105dd64f924cba19f718f3127b8e80ef69886e40df","nonce":"fa64ed7f04d78bacdee5e0a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"4a69f73be1d7a0cdc68aa0a0654d8a1d53c7c28636fb70fd445796c90f075a9471cfbf9a8ab9694aa0d563dcb0","nonce":"fa64ed7f04d78bacdee5e0a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"a547f8ac9e571dcf389fe23fe917521b062bab7850695edf5ae3075370441b2dcdc2fc444e838a33008acfcffb","nonce":"fa64ed7f04d78bacdee5e0a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"04bf8273039faec618200d046df41f323a94e4bf6fd55ad430007be3c237cc0c6cfa5802faf9ac5b8ed1323de6","nonce":"fa64ed7f04d78bacdee5e05c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"8878d2dd89b1e41bf5fbf9dd3bdb5c6abacd287a2b82925677fc7cfa695dc8169ca9e94961ec0399143f905534","nonce":"fa64ed7f04d78bacdee5e05d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"ae49c69d0ee2e3e027708a93336ab1334771bd7ce36efbe66cd43aafc6c7f66990618fe991d50bcd08a3d2f019","nonce":"fa64ed7f04d78bacdee5e05e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"2eac045ba934a8fd591ebf1c31e6514260d21d16ed7187ba60166d6134d965df8ca3e6daf5b99ae4904b9e53ac","nonce":"fa64ed7f04d78bacdee5e05f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"8e1939dd69702961ceefc10efc962027eaea35457438359c48617952a66664999f33b5ae2e0c279ec47e0d7309","nonce":"fa64ed7f04d78bacdee5e058","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"c4f11c958da12bee7332b2dc1a42b50024f71a7ba5a8116f2c0f67b0ad6d0da2e1a097acd36200a3e079fe209d","nonce":"fa64ed7f04d78bacdee5e059","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"f2988ae7ab4498a350f2cb11c5654aa6e68f03a403d5d1f2932051fedbdf97e89dde7ce9b973c64149b1dd9814","nonce":"fa64ed7f04d78bacdee5e05a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"819dc01906890675b3fa641c13b736678129e4619f1682b158076707e944d864a46ca108e12c4dbeb6dffdf360","nonce":"fa64ed7f04d78bacdee5e05b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"3bdcc31eeb4469792b260d8fe2ff90225c2475bba75bcbb1eb2d376d8f43b6d3ece14fe3d99244aa2bf272924b","nonce":"fa64ed7f04d78bacdee5e054","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"afd96ea2a33de57dfa2c933b24f041e5b34267a6fdcbb5878ce1104e0095f8a1d031bd54ad20ba1f569070ea41","nonce":"fa64ed7f04d78bacdee5e055","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"dfabc3dcc15ba72d3f43e5333176a0bd3cfad3bb90e6c93f95284373be4d62be8013855db644443aea46d0d7f9","nonce":"fa64ed7f04d78bacdee5e056","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"261d5e4588f4ba46757b48e62888f5f34e82dbbbd3563bcef6223070c8594b27f2a2c3ecc2f7306b8ebd6a6508","nonce":"fa64ed7f04d78bacdee5e057","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"5aca3e839dd559db73f392af80a7b07127ae246711c6689dc482b2e302cac9ced235020f34ac2c94981e3a3f34","nonce":"fa64ed7f04d78bacdee5e050","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"0b4e6561731721531880dd3d96477219b71609390c9f6808b7d3db46c20001b840dc6977d1840992132169615e","nonce":"fa64ed7f04d78bacdee5e051","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"b0ede5621514fcd7611de3299068ac6d9b13a383a8e34103cceeafa8a74bcc57eb1cce20ce86e97d5d4071ac00","nonce":"fa64ed7f04d78bacdee5e052","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"f7e2127ad780bbb23eadc16b8c6bbccf52d2ef215dcb2b42f524c14e09ca5df83f69fb3691ec064cd514f81135","nonce":"fa64ed7f04d78bacdee5e053","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"67676894d3748f32426ef01fd1c8346fa625ee6b2a452f99afb6e60acfd6c427efa836608142c4e6845e15951c","nonce":"fa64ed7f04d78bacdee5e04c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"9de00d4a24429ff660f5d91167afd3e19530c626e3668a06a26e43a5ceb87b318c739670af1b381e0ba2d38318","nonce":"fa64ed7f04d78bacdee5e04d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"fb9a5dc49e2f566a77385b31a7aace262d1edac742ebb141638206813bb5453dacf825678563f1a6577d2f97ac","nonce":"fa64ed7f04d78bacdee5e04e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"4cd6e06e0c1b0e59e0b12703fbf4d358dcc9dce4cb9739319f6e0aa760b0d51a03164daaaf50684dc9d14b0799","nonce":"fa64ed7f04d78bacdee5e04f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"51f9732828f7aaf7fedb31039d7b016486e486ff65830b9a0c5a4a4b92c773e4bf1c2a1bdc1fd22ebad3deb213","nonce":"fa64ed7f04d78bacdee5e048","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"54a881a0b6047c383bd8dcc4f336dbd97d51bea83b2cfcf5f1b11de76bebb1d3f29326cfbcf330736e08264293","nonce":"fa64ed7f04d78bacdee5e049","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"e96e0930c636b3672a8e7433b519b94d51f6b88108a5a39da21c8f6176a7e602d7c1bb56c5c71019c6933121a2","nonce":"fa64ed7f04d78bacdee5e04a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"e1a2f20fca28aa38e0047befa52a3da976331b655a9d5f4bb2b41efb0593036c1a0d3615743a228c4bfec855ed","nonce":"fa64ed7f04d78bacdee5e04b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"7642fb70c6022de4d7b8a01908bdb2222f216ffdeec1498b0504f26033808c5500f8c9130cb7cfec185f26d1e8","nonce":"fa64ed7f04d78bacdee5e044","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"7362c9b0fbde3657f42846b79e3b9053fad82d6b12d8da1cb0f4c60fc1194c723b32f93c378b649f1591d030e9","nonce":"fa64ed7f04d78bacdee5e045","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"0b61ab2721280472c1b08742d0d229e703c7508c95437ce941422d263a5894088cf2925f8369394ac248bfbadb","nonce":"fa64ed7f04d78bacdee5e046","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"ef9a68c00b6c1facc03f00491bcb4a0e5c2fa87a4725f0d2317727cb799d3a461d18a194f6cc6a9b8bbc387ae5","nonce":"fa64ed7f04d78bacdee5e047","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"7bccc02513f40f39e3aa70deaa0d23d337f892888f22af35fa0a3e9c79f0a794d3bd3e34cb90ad1999faebf6d4","nonce":"fa64ed7f04d78bacdee5e040","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"0f608580aee1898bac786bd8c1704c921b6da3770796edb7f1c66d8027791bb81092b481859ba92e9d4a1b04f1","nonce":"fa64ed7f04d78bacdee5e041","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"72fb5407dee3879bbe0f8a14700b148e9aa75863a313d80e2213aafd9e49d31b427bccd3d3bab14a089142923f","nonce":"fa64ed7f04d78bacdee5e042","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"7cd6b83f9d1c1ce1a31d06475ab0f880cbc5fd216baacd79eb3ad49bf064516939be6d200c8cef05b143cda772","nonce":"fa64ed7f04d78bacdee5e043","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"19dfff04f550d96f6babf2596464895f43cc86caf5615cb62648e36f638de84c91c3ab3709ae3c049d445b8bf4","nonce":"fa64ed7f04d78bacdee5e07c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"a72df54257b8207708afc3b0d2474f6d6abd2558fc2f0ebace3d647dc783441a4b5aefde4b49720b37de9c38b9","nonce":"fa64ed7f04d78bacdee5e07d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"0e503894d57c99dc99222131b94b8b5dc4cab94bf47faf36b692f477caf1a9557adf6d103442b08728afee9f9b","nonce":"fa64ed7f04d78bacdee5e07e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"a14ebcd7a122bcf16ce963a90f60053b8ff483c3bd4a9421f5c30d38934e4ab08b23d156906d08b6ed98e0ce26","nonce":"fa64ed7f04d78bacdee5e07f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"de6926a46d3c7411757aa91f158c5ad3b049ba17d453174b751948896e4dca0f05f179f08e5fe446654aa183ae","nonce":"fa64ed7f04d78bacdee5e078","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"758ef26dc42887da1a0242596cf0398a174b2d8d8d23d4175246dea3d5fd30385807bd6d1e4cc02461a692106f","nonce":"fa64ed7f04d78bacdee5e079","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"22a84e7b1d2732a9064638fc2fbb7455213eb41bbf0c3d266d9f2baed323b553cb2e0b16502f5e21f11eb3fb49","nonce":"fa64ed7f04d78bacdee5e07a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"f3fdb25fedc80bee4da59f290684dd354cdf770429a33656ee098108096cbdf2f94117dbf00eb834c0bda6e407","nonce":"fa64ed7f04d78bacdee5e07b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"4e11900e8fd772847c41fa2788665651f9ee1f59f7a39c012744e531aa76a75e8863cdefdc51f091a0ae6057c7","nonce":"fa64ed7f04d78bacdee5e074","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"3b9b53803f501488a5910dd60f3daef8df94a56908b3db407cba358edc05f24bcdf5bbc63fbb193bd891cf5bde","nonce":"fa64ed7f04d78bacdee5e075","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"47760dd7fa54ffce51817402865c7ad7fd520db175d0503bf8bdf0388ee8c86a781b5114605b45d637cccea06a","nonce":"fa64ed7f04d78bacdee5e076","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"fe064d37a33c2676e1ed72100b6c8b50b01592f6a7accff850e4b3b612b683b17cee7f4e5600271bbd6f0368c9","nonce":"fa64ed7f04d78bacdee5e077","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"e1c9a840769e2377ccce4afc3006736a0619544521d263988a3a761c83c337c1795cee65f4d3d7b569e5a9c79c","nonce":"fa64ed7f04d78bacdee5e070","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"dd0a01bcae1a19436b2dfb56b9461f5c860f0bfca3d3d8389769ec674ca495e006e261772eb0650d778e660f56","nonce":"fa64ed7f04d78bacdee5e071","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"10340fff813b1dbaac3c904767d28baa90cbb1af5191a5f513dfe84b8790af5aaa3f71301bd12bf60932d89873","nonce":"fa64ed7f04d78bacdee5e072","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"cd9b43f92328b1865e1cafb19810cd02e6be160f07f63ce9492f0bfe9886e30cd61e8cc2e75920657cd417618d","nonce":"fa64ed7f04d78bacdee5e073","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"00bd6769a971855dcae078adfa725d021a6481f3892d9f1f723b2d35f841d937e9afaabda7320a133b70242bb1","nonce":"fa64ed7f04d78bacdee5e06c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"405fe55fc4c30974fca3d935a8015c26e80c6790d3554c0d49f7f0ba906ab4f75d309bdfb944545fbc6f5b5f0f","nonce":"fa64ed7f04d78bacdee5e06d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"7641637276b665cbd4c08f633da2b45ae94eb34b6974477ca9d79d68825beee2395f4746e9c2b41f420ec39d11","nonce":"fa64ed7f04d78bacdee5e06e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"bef21be525f88fa3ddca76f3f6da2d8feb3126c4765102b4a4bf449fef2acccebf6bd93979fcea1cf698626442","nonce":"fa64ed7f04d78bacdee5e06f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"e3b6327bb0ad629d5cb7427c5507ecfb5948ec88acd4735e277142a7ac34de2a6dd88f5663b183b1a5864e61fa","nonce":"fa64ed7f04d78bacdee5e068","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"2f268cc81f0e078f8fa6aac31815e4f91de233879d2dbacece49287bcc64dc83bc6f36420749ffc8bf60280a80","nonce":"fa64ed7f04d78bacdee5e069","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"c2163941b70af51aa5573bdf554dc97217de7fa3c92b89d2f859e3e36313ec958b28bdcd5a8c9a9d480cfe3c8f","nonce":"fa64ed7f04d78bacdee5e06a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"e099abdc272c6370adfca3155e69917f18c76567807f2ccd9e51e9b953b611396802b340174c92a34124c49fd6","nonce":"fa64ed7f04d78bacdee5e06b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"06667724ebb4a32a8896c8f17ef22236812d51f447de354150fadddf0c4c62271a073d28c5bc6256f396e0cbb7","nonce":"fa64ed7f04d78bacdee5e064","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"51407d041f5541bb5bebbeaee8efc4422333d2361533433bf560270c2c69747cada34f26d239368dad5204f78a","nonce":"fa64ed7f04d78bacdee5e065","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"420e7c59ff7288c98cbf24115c754dfd7863c6baee3b52fecc42df5413036632452792ad011a0726b380979799","nonce":"fa64ed7f04d78bacdee5e066","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"cf1010872b2485c4c06a172fb25cffd778914e91711eedcbd9d522f7513e875ade18845dbd28074eff2153a38c","nonce":"fa64ed7f04d78bacdee5e067","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"071796c13623ab9d291be321571678043da69dd1d302618dec8571b83d7e72bd97aa6098510ca134f35af520a0","nonce":"fa64ed7f04d78bacdee5e060","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"c5bd98369cba762df8266250a6af7fee5d67b4e7fb7166d1d77126591b096f5449051f845c2db91658b38456ef","nonce":"fa64ed7f04d78bacdee5e061","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"dc2310e37d86b430a881e436d00f40c2dde79fb058d4a3a9a2f44bf5c92b7e9b96429c537f0f056972fd9c4b5a","nonce":"fa64ed7f04d78bacdee5e062","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"dce338d426da066d45fc648825d912ce3fa89efc01586891d0758cb1af34eba38104613113e5ad491c8a0ae10b","nonce":"fa64ed7f04d78bacdee5e063","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"7f4683b7c98fb6978cfb3b0d9ed22d64e4afa235f74440d41e3ef08294421875603570ac033217ace3664c2608","nonce":"fa64ed7f04d78bacdee5e01c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"af31694cc998c7e0f6d1923a389987ea066d1befb128fb04d921fba733d7faeacbb21db322d31be9681ac5404a","nonce":"fa64ed7f04d78bacdee5e01d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"468e80482ced20e66a3061261c34f3843642dc4d8e8da23edbf6269709737ddbda3d018ed155eb35b2de790f7e","nonce":"fa64ed7f04d78bacdee5e01e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"b0ddff19ac1a2a68e05ae8c9d0fad25cf3e5e6dc4c2b4f8af2ec0396f48b7ac857cd27dcf92faccbcd4db00c75","nonce":"fa64ed7f04d78bacdee5e01f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"8746a2435b1427c78f8c0849d4fb2e213187515917d6c6b2ca678d19f88b273ae41ba3dab26ede40e3c3c51112","nonce":"fa64ed7f04d78bacdee5e018","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"f19ccecfa2193efe704578ee04f8f160e37d00082810c06ec9e0c357dd60dd628dac69c7e10c772168ea656517","nonce":"fa64ed7f04d78bacdee5e019","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"4004905c222f4dfa1c190a153e2d157313be1b43623de359f94f08324ac9b0e71bdbe1e297163f93e4f7eb459e","nonce":"fa64ed7f04d78bacdee5e01a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"acc09655d1317a7da426a0ad5162cc0a5413cb2e69fee1f13dcb95484c5c61f54eb0642a491d461c6192fedde7","nonce":"fa64ed7f04d78bacdee5e01b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"7664ce1dc935d7f759ae1971ea7b133e0b069550cead93f8ca5c21c81867686db2f071c631a9e849f9d42356a3","nonce":"fa64ed7f04d78bacdee5e014","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"ea2d08f86cc9b1ecb0cb43241001f434b510f5a862651d48f16ee53ffbd0aa78adb36e77fc91b3b8e068e668fe","nonce":"fa64ed7f04d78bacdee5e015","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"efc6eb6e60c832489436339cd083824b6542af1d37cd6c6ae83bc1d77385ea4675e7931bd3b5e60ed44d1eaebc","nonce":"fa64ed7f04d78bacdee5e016","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"89e7069a8397dac67b9e5cbc867c79079c0260d2e46f8b9ca27f643bd5cc0f1beaa34e082189f2e1a37ba8c7b8","nonce":"fa64ed7f04d78bacdee5e017","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"effcb88cbb48b28f7bce653cfbdc70d2566e56a3168c088317785bbf23f31f63cd32520cb3643ffd5b085b79ad","nonce":"fa64ed7f04d78bacdee5e010","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"1d81bdb0916a93978766146be1d2586497179a760d2404d3315e0d4e60b67409edcad5464b0d5b1d87aadc55fc","nonce":"fa64ed7f04d78bacdee5e011","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"c58e4c46f6e3ed5447ef48b5bffa18afaf8b7ebd867847440fd26bf97f9571885e0fb7cfde12e086c274f73352","nonce":"fa64ed7f04d78bacdee5e012","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"f7a12fbe64ae5a685f5965336f16452a3b2988fe590f0bde6c8f064b189b73a0209f3be3268c4869bdab7c7020","nonce":"fa64ed7f04d78bacdee5e013","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"316b75ec0fa6b654929fbbe0f7fdd80cfdce102c7f8cf336ec808f9b687104a4737c195a80a21e16523dfd75c5","nonce":"fa64ed7f04d78bacdee5e00c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"3cfd44f892ebc741126b0de9c9964169d554c4bc65c27ae581fa5d8e2125a0af4cb82e9e61e3302c6cc57afe8e","nonce":"fa64ed7f04d78bacdee5e00d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"945e820a6dd0cffdefbc0f3584172639d0dfcd2bb40832ce2fd74ba6d3d75771dbd5a21dc417d247c8dae3423a","nonce":"fa64ed7f04d78bacdee5e00e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"c7909fd95d6af6d614d04759788f60c6cd166176b3414bed9041bbeb006a47c7167ff481867da5fb164702f2d7","nonce":"fa64ed7f04d78bacdee5e00f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"41ef04322c494065607f23d2649125a9f5edd29c69257e85bd8be8a8f96461df99aae7f57b94d1435db663fb2d","nonce":"fa64ed7f04d78bacdee5e008","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"ed89c576baad6bf004aacf92eab9f3971a63aea157eac71fd1993cf698b7327506b52c3785cd9b7bd73417bf88","nonce":"fa64ed7f04d78bacdee5e009","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"4fc153f6e4b6e5589124ee0c859dcfc7e3dd79dea9ea0a0f66f8d2b9c8dd587d080d00badb3b969731c1e21bcc","nonce":"fa64ed7f04d78bacdee5e00a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"09b48feccba86142d26f8cb54dc3ddbf641d81b4d12057aab12a8ada0f0830bf7788c79c8ce614b5d82b0dacf2","nonce":"fa64ed7f04d78bacdee5e00b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"518cfc70618f1f21c4337f3d9eb09476359dc062be61cb184146e88d17348b79ce811263ccf5afbb08d10cf5ed","nonce":"fa64ed7f04d78bacdee5e004","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"58dca6ed99570ba18f22be800e7c82006bf9d223959176cb9acedbb6f68f79d024abae9d9775edeedbbe26f3d0","nonce":"fa64ed7f04d78bacdee5e005","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"7530faf1219d0b90a0fa41bc6665674b466ce60074503bd130cdf1d17fb14f6a7b0724d8357ddf63d163a643f6","nonce":"fa64ed7f04d78bacdee5e006","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"6f7907463e34b096e3f14bfb474939611864529c9deccc881665e44efea91367366c9d2b0a7f186a8d43f43fda","nonce":"fa64ed7f04d78bacdee5e007","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"aa9970434402c5dc78df0be5d5fdb60d89af29f676dd29c7c2d9633e89bf1ca0b15c8fc139d356c2a12febb13c","nonce":"fa64ed7f04d78bacdee5e000","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"5e1f6e899171d9b4e65c4e22bf2f4f879050e987358f144857ba278d871eff7f25c548c2102388f74d3af8087c","nonce":"fa64ed7f04d78bacdee5e001","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"30c83c1cbbd7b64ebdd4c461d79809daf5cf3a475a27f213587a22b5fb818b3bcc70c4c033587fba55330f66f4","nonce":"fa64ed7f04d78bacdee5e002","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"f22d1625a155fe0257e4f2899f31260e82a3487c767e7e3a09a64b5c08a2670117b7be5312e645f1d4f105e8fe","nonce":"fa64ed7f04d78bacdee5e003","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"46cfc7d81d730fb517657bdb932220c914a7649e986be0caa8db4a745e0397e81d2dab72b4b56a5088c6c350fa","nonce":"fa64ed7f04d78bacdee5e03c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"16008d9ae788d446dc8495d5558fb6a052c6ec758e9530d85f4f428217c1a423590d74533724526c75069e05b7","nonce":"fa64ed7f04d78bacdee5e03d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"b7f482c39d9a1afb0a804effdfd993deb3f44807dc28892bf1192f7f9009ad78d841d2bcdd70a1249668b49b82","nonce":"fa64ed7f04d78bacdee5e03e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"d5d5686ce0e2966dda6af5f2a650c0585513e985ceaec5af7848fb44637a41c4cd164d166697e8d75f71a045ae","nonce":"fa64ed7f04d78bacdee5e03f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"a54f46902622bb5c95ab556ac23e0da6fea72a18949ecbab8c65f8f027ca278216f312174ecf07651a225a28e4","nonce":"fa64ed7f04d78bacdee5e038","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"8e3446800d576c4e689937e14f68d64d03817f6de59f34e79d2af6c4f5556931c94ee26b605bfbbfe195f824cb","nonce":"fa64ed7f04d78bacdee5e039","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"ec5f6a4c4462c8eaabd2e0f77eafb23e572935e7889e3f96c4c9061e1891b1441defa166ac65b267799114ba3f","nonce":"fa64ed7f04d78bacdee5e03a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"74a947bf270cbddeb75da09c02bbe8c0187f4c9d0c6428e9df61b9f2bc7993082f8e09b3d01b970d9c84fb8fc9","nonce":"fa64ed7f04d78bacdee5e03b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"cbbaa7bb2e14e69326fb980dda7ac359733d60b56774b178c344c144d457c721200b9107912ca7a7cf7c120ae2","nonce":"fa64ed7f04d78bacdee5e034","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"e1a3fa0696b52cc530c2d477a5d0a1d55098f160de94c9754200079a2e5be945156b5cce9600228248d26826ed","nonce":"fa64ed7f04d78bacdee5e035","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"cfa6694a14534e1af43c478d08c0863cc5acf52c9fe66a52248bbfb84f62835a39bbd93b247d2b5eeb34119767","nonce":"fa64ed7f04d78bacdee5e036","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"b3710afee8a259c3ad4474d8f76370f89f0c822ea5dd5a62b34f06d992c77e1336cf0e26fabbb2c6a859e081a4","nonce":"fa64ed7f04d78bacdee5e037","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"6cfe19f6f4524238ebb5dae6cffd7809dfcd139946032681ffe14e418031313db1942957cedffa384528263ece","nonce":"fa64ed7f04d78bacdee5e030","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"f99652cf2060ecdb46ea90074e4060e171709a67f214a2fa7eb540fed55d53c8228233b7aad7cfa9e49fd748b5","nonce":"fa64ed7f04d78bacdee5e031","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"719c44c1e88be0aa3045d7e8880a3e0ad0c301904f45a92e4a6cf5dcf55a0c3b1318cce14dfff42f179cd9d2ee","nonce":"fa64ed7f04d78bacdee5e032","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"34fa20669b07d385019d287283bdb7e035e0773f990c2e581260d0609f1a48bc535d6a57a4d529b323e4f74e8e","nonce":"fa64ed7f04d78bacdee5e033","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"d416a51723a7e36ae3d76b932a09b160f548bea11125912ae8c424d99cb36ee5e12bc9a77b0a029721475740c3","nonce":"fa64ed7f04d78bacdee5e02c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"559c3281a5b438b4fb5ac4551423a9cd6f2232291d56918f4fb29c75440492f244ec880a9d44619601fa1ac695","nonce":"fa64ed7f04d78bacdee5e02d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"a41e348c44235da75bde5d85dc24b01a0925fba61f43c88706add181508e7bba01410bab2b9e2b5b43962a4092","nonce":"fa64ed7f04d78bacdee5e02e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"e2978609cf5ec37b36060ceba23c011690fac6de79dd9f2678cc335b428243a2cebfbd12ae4e8165d0c92544cf","nonce":"fa64ed7f04d78bacdee5e02f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"2f839250c95ba6fdc7aa2885330819b2ead6836739353a80e26877941fb9deb341bdf725e775854255871ceff9","nonce":"fa64ed7f04d78bacdee5e028","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"57b94561fcc806075f548b890c0f2bc4345a9933b848ac97166ca57d1eb619f670d924b659c7d26b27be15f540","nonce":"fa64ed7f04d78bacdee5e029","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"d19c92775d836cfc2b0684739fb6db68d3d93fe1d163c53dcd276a82f675770f8bca3831b00cbefacb1f99ee14","nonce":"fa64ed7f04d78bacdee5e02a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"951f3ab4877e02e449208feef1ea9f420456b79627d71ff9e4261d7f26e21d67d086e61b015bcf273b47da7d83","nonce":"fa64ed7f04d78bacdee5e02b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"b0a3589916ccc7a983827be19e6624a5a0429f67234e4bff5f8540857cb45c3dffa287fe9da358dd9b8cf624f4","nonce":"fa64ed7f04d78bacdee5e024","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"78d52ee298d63be9d5b45786d709e498e125f7818cbb667534e5ad6a886bc4fb3abbca7d770d5a25878ca50512","nonce":"fa64ed7f04d78bacdee5e025","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"473869e4b8cc9cf07c85ea1c5effee806c61045371c85579d5451d3473a80fa36295f252f2b5b40fc9e6c76ec0","nonce":"fa64ed7f04d78bacdee5e026","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"f67dd29a7722bfee370d4a64c5339d5f867a2d424aa839036b6201a455838f76bec26dc964a20335c0b6ae7153","nonce":"fa64ed7f04d78bacdee5e027","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"0489d8331e2417d101407aceb9f4ea79c9d35f070d06daa1605061513d83a466e369a85b09188df5614bafc2d5","nonce":"fa64ed7f04d78bacdee5e020","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"ed2c7ed733fb11d4d25b6aa1ab7ad872220bbc916431ab6d561ade77bdf67c9884f7748e381d3e942ebe258aa6","nonce":"fa64ed7f04d78bacdee5e021","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"8a76c6e6be27efedc6c3d1edfd6d1d89f3c4b30ee0ac7f4275c8789ad22dce1569426c6cd4ed0d158e33c6fa3f","nonce":"fa64ed7f04d78bacdee5e022","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"0b37f381cef7e72189fadc6f14425fa78602f2362bcc744512eae016c819bb53c71b069047e17365b831825f51","nonce":"fa64ed7f04d78bacdee5e023","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"6d56478f2796860f846a1d495c89730ce48234fc66b8fdfd6ff32eaa5fdcb395c4f9cc9500387b1b7c38d2e7fc","nonce":"fa64ed7f04d78bacdee5e1dc","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"fa7a085a5a7be3dee733bd424d54e762fa6fdd78c8c74f2a9a0ceda24b00fffd"},{"exporter_context":"00","L":32,"exported_value":"5a5a0a82602249079d0173d5fcda4b71b85b252c5bf0096235894f05679dd6aa"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"5f56f8dd5c61a47ba30dbe92797f5ace73e7c29e2f7f51dceb59eae74d7bcb77"}]},{"mode":3,"kem_id":33,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"abb2f8e7bece4050fccbc8ae0a70ea83bb2d829dbbc20d480238f3226cd8f42a93cc83e72010fff033c1638a20421ceac4288ca372d2c088","ikmS":"01cbb9affb519cdae3e479a5d76f5829e9fb3b5ef81fee15e33ee7244508fe41263168780a23226d601f4cfbe04a6e94165a684f72e076c6","ikmE":"963266c3f339c24f0bd233a2951a8b829efcdb7b598cb48b6c5cb30446f986ffc2a78f3fdebab08c58431f2b67c6beb4a2167e9b423feca0","skRm":"c6c5c40c8d6e90140dceadd36207a3663d63d1e3c77ce66c64eff2f7842106b2e1f7eb27308c1b5059937dcb1d0219ac7aada27641913810","skSm":"bae3d60bb34fa70342191b76605d27b3a2efe762e48653516bc9ce1d0e9bab920d3cf3da28ac6ab062495037af2a8f5a95b3cf943b29e499","skEm":"78822c96c182f144f076b84bd2453b8d14318b3677dbf991513517a8dad512e947433ba387c14482a9aeedde292386c3ced1b1a168c3346d","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"3e594e34092e43967bb2de3ff8238240ec42ac0ead806f220909ebea97e5bad54dff5ce4e42cb9fec8f9e1080cce7bab3e432d6c4e40fcab","pkSm":"a30529359f7e0c3d9ff9fc337ef7e58bec802f8a70c1e5a79eb7b0a86f37225c79d337f8d450b329bba26a2afbfc807fd3b6061903ac650e","pkEm":"154435de9c8b92bf3619abe9ec981b1d4116b77fdcd38da89d0bb6e0dbacfe1921f08e8afaed9dc2972c14c24516aaa9de168fcb14a65344","enc":"154435de9c8b92bf3619abe9ec981b1d4116b77fdcd38da89d0bb6e0dbacfe1921f08e8afaed9dc2972c14c24516aaa9de168fcb14a65344","shared_secret":"31e8b5febfc8894e74800635f796de9ff7a2dfdbb7d8eb2c54be131572b6455886808e4a862b9c75a2255811d6284e18c10c6ae4d144c62a26760fe2c07fe6b7","key_schedule_context":"0325a22652318d3203b17a5dfe9a97fe6ca95fbe1bc17e0b9e19de28ab3294f256dc1c176ee71c44073a5dc3a585f607e7b1950e6924d36128e509650a0bb8ceb2817d22761b0e30bbcdab3759c3f6eb30117e5901b4813c6a7f4a98cd855f07b790aea87cfe90b91c465c22904d4128111352d6be737eaa757a0e2a1834173707","secret":"76c47699657098f35b6b040341c6e0a7f212309ae380b34657fdb34251238cbbaef79867d3e58c7d0ca2d6e5362cf0fe315ae1699fdb9cdd097a254e4d142195","key":"c4f74b6c33abac5e5d38f8d6dd7ef2dfa22102bf1183ddd3a635882ce328ac83","base_nonce":"3903dda4a1f7d6f915790a0b","exporter_secret":"afff14fec0130383cc29c6d36209271ea5f6fedaa91b46dd1b58eaacc27cd208113456e84a774bbba159addf3c6450af0ca02e2b4067482d92d84445a45e0c92","encryptions":[{"aad":"436f756e742d30","ct":"b792898afbc2f976bd287e3975d4f1ef838e4af161f77f1d78dbf0027fe846fd33a4b120e5d67a0acd12d904d4","nonce":"3903dda4a1f7d6f915790a0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"94fe1a8f9ab2c2408be2593636b6c6e746bb95df8910f79a47cd8eef3aab3b570971ad94b6e5e6351c40bd98b2","nonce":"3903dda4a1f7d6f915790a0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"487877e5321470107330bda5ea8130da583debcb92954f848e75f701adcee9113bd048a6822345a80785d91bf7","nonce":"3903dda4a1f7d6f915790a09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"953c2ecc69fdce50f6442b4a1b1893301134e6b39a31dffdc97d1d3b0768e34d8e502d06969c03adebf5b3e665","nonce":"3903dda4a1f7d6f915790a08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"495bdfa7ccf2c58807db151aa4155293ef5f153f8e2409b8e9b8dd1d4d109776b0cc829a35afe8490283cf8e99","nonce":"3903dda4a1f7d6f915790a0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"835a8aa18f321f4d31d9a240e6e0cf5e6e767ea4fc5788cba6eb017ca216cd0be4dbae8819cdeb5afd285591c2","nonce":"3903dda4a1f7d6f915790a0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"a5af71e21a33d33fb3c4ddb7c8752bf274acb77c9560c189c377e9c9fa47789378d938f59774da3b6086204c3d","nonce":"3903dda4a1f7d6f915790a0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"d634fae1c6ec9ae5bf39a9097c9b8ccbfad540f8a874e98231887774279f5758a550feb8054156d220d6284645","nonce":"3903dda4a1f7d6f915790a0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"2a24fcc7a2e944bb11dc3fa13dbdfbb8b8b2a8f4d54d07b2ade80329d9c9e3b323e3b0f89f12b568077304e8d3","nonce":"3903dda4a1f7d6f915790a03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"857b7ba1d80177640f8de10a95e7d47a3b9a0ac13d9cd337dd3316bcaec42b236cf2427546be17771096c3ba6d","nonce":"3903dda4a1f7d6f915790a02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"50b5f4f3e14c15e8be39e9201a12b1dd759650792aa503a3e01f2f2456a2fbb25154f2b0c7c58201ba5f7610db","nonce":"3903dda4a1f7d6f915790a01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"f3006e24eed8ca6ca04da6a8fd6ce23d87d45ec8512f15793c0dfde065e2409f6bfc1bb73f46f336c8ea6f1446","nonce":"3903dda4a1f7d6f915790a00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"d2c74cb3eb945fa36c023055b567089cffb5d1302d74de2990db264c66718dc43fef8f1462d42050fef0ca89df","nonce":"3903dda4a1f7d6f915790a07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"5b996c6479937b80fa09b3d432720ecd47a624f122e2bcf4ac2a8d702b45117f3e0ebde7c2eb1f0baf907d377a","nonce":"3903dda4a1f7d6f915790a06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"1d7e8d6af4b01c3209ace3c0a243cbf2b1ea60e7035ed9104afb7e603dce46a27cfeef87a886ae354703aa3ac8","nonce":"3903dda4a1f7d6f915790a05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"8ebc93a6ef26127f2160335b57d14b7320746c23969eea95f844517a52ba26dd6339c1eba8dad1ab35fbd34e95","nonce":"3903dda4a1f7d6f915790a04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"af092954d1ea9f962b8cf289465691a33e6b78cb0586a575e5304fbc3b923b4c1d1e58875da40b783de5ee3cde","nonce":"3903dda4a1f7d6f915790a1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"1e522488ae6dd5b3c551e13bd381fc69bcaae3a8e3347b06d8610df7e677c1afbcc6fe71e1dbc2d3b8991a194b","nonce":"3903dda4a1f7d6f915790a1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"1f4693eb7c534ee6a556b8e2591e71d56726079947046da1c0d7f87de5d526e4a9604941a7924c6a2a5193427c","nonce":"3903dda4a1f7d6f915790a19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"2ec9c5c7b73085e1b5395bfd8780a90c1ec776a9464a1aa997df23d240742abc549a9c28dcbc4ae9696102583c","nonce":"3903dda4a1f7d6f915790a18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"afb8702d1d88d64d06c311b1702e085fd72d24e61f143386929740f03c46e3600431473712b8b438e4adea0a15","nonce":"3903dda4a1f7d6f915790a1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"2150f8b5f47be31e6ad4deaae45561af3592d48afac35ed7a544be1c319ed9aa8fead76620c2791eef4f8986eb","nonce":"3903dda4a1f7d6f915790a1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"73b23ae203708d5fb805c0f4f35a42ce2a517be5022a56123c2d1c3156b2ab377b0b853bfc3713abdc1a2a6fe2","nonce":"3903dda4a1f7d6f915790a1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"f6d15322ddbc7066326d723b8a11d80598b65fd7a56941bab373bccdffd7837eff2cca592af5b3c604f57971b1","nonce":"3903dda4a1f7d6f915790a1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"c63712e96176b03ea76f0354e02bebdb98b41ba929b19b9b1ede1c2800ebe8d86bd8792246ac65299d7fbf5c36","nonce":"3903dda4a1f7d6f915790a13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"a14e19b0d7c06643c064a596e1246d7728bc563b59780132e81681c2f1a75bd82abb3d0ef9a636cd8f4fe96b97","nonce":"3903dda4a1f7d6f915790a12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"5c32313b50b21d328060b8b0a1cd669715cfc014ca6fe3d56ae98a0cddadd0446a129bef2189a9888943021e33","nonce":"3903dda4a1f7d6f915790a11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"e2e1e43ebf27dda1caa57a9ab3b7ef2ed447d8e1355a2c1f3881d31db5449d5bd45cbe4ae4ce4252496061d80f","nonce":"3903dda4a1f7d6f915790a10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"b44de183ee11611b3bf6b6b95ced3c1a8719f86a1a8df7ac102eb51247f0c6af535aed7568280d802337df2955","nonce":"3903dda4a1f7d6f915790a17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"8203411830ad4dbb3bba321297f89e20863b0a24f481834a2d3f88cd6d6fc8b9b15a7d366c664aadc736dbc607","nonce":"3903dda4a1f7d6f915790a16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"c59a59c13747d5bfb81fffb81048eed4e2f51f69c5bdfe117e0426f1553c032a43d11608d2bda7b2fccaa5c5de","nonce":"3903dda4a1f7d6f915790a15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"1204e451ac45ac16b0ac03f5956ef523d871718472b54f73823695837f8242dbcf12c3f6c9338ba1653e57abff","nonce":"3903dda4a1f7d6f915790a14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"00023b37ea00be85c7249b051fb757f022625c69dc1cb884614f07add4170895a718aae41a36d411b96f1acf15","nonce":"3903dda4a1f7d6f915790a2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"d440acdada576f910cfab8cf73d7149ed28d767a2bb0a6e7f9202ffb9f28a7da122d1a43141fb3e991f84527e5","nonce":"3903dda4a1f7d6f915790a2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"7f0b97dc51cdbaab0ed669fa24a44a25086b5650775cbb2bf9d8f09ca9ce9d631c22ed8e0fb11e1c42c98e6f1c","nonce":"3903dda4a1f7d6f915790a29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"eebcb80f7df3e7f29d59cbb109eabf22ff20a67036b8d20dc73fe13a4929468e3442ce9970dd2644f40a2fa746","nonce":"3903dda4a1f7d6f915790a28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"dfcd281b1b625c611ee162bebee9f84e44e46d01dfa0320c441f16a4b13d4d2c58a3c09800f4e2999615f15e3d","nonce":"3903dda4a1f7d6f915790a2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"f2eab536607d720c7746f8ef8a1b64a353e3b4adcaa600a772ef764d2ed8333375c257f5686db5945f8f5a713e","nonce":"3903dda4a1f7d6f915790a2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"182ae224f958b053b4cc45780df6460d1aea83dd082131cff721d0af220b59b166ad465c2b96775713d0b981d5","nonce":"3903dda4a1f7d6f915790a2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"78744fb80ae5d6513bf48879dee0d8ad0aeb9a3eb0e205c778f78fc210d53ec7947a0bd6076985b3bf9b280b15","nonce":"3903dda4a1f7d6f915790a2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"92902f4699bd091d8ad0fe547c3fbe97e29778a12c6377352c90dda4f72668fe54ddc26653a90ac086b1fea187","nonce":"3903dda4a1f7d6f915790a23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"f5228cdf4caf4bf18b81c1243f3e764d6c6b965c5a6918bc59876a0ef708382de5b189e286f1e6bac2464fc038","nonce":"3903dda4a1f7d6f915790a22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"314782c4b6c4dd16cdf90cb47321bf17145ec4c67be8ec4def5c2798071ed4009dcc3976f3465aa99456dd539f","nonce":"3903dda4a1f7d6f915790a21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"24cae77c988c913fa7081b93b313b8d0e19bdd0f83e19dde07999b9c80dc2dc25ea578335c0292d3fb43cc36c2","nonce":"3903dda4a1f7d6f915790a20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"1784563be1e2b4610a5fd319e8e830dcac5d3db8dade60456f1b874acefb3d6a52cdfddfd9a4ea4694e64f798e","nonce":"3903dda4a1f7d6f915790a27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"88ce968d39ec5af3b0f584658bd179460e3e1b0a11f5cf84ddd380f5660870db464f418016ef210f9b4a4afcba","nonce":"3903dda4a1f7d6f915790a26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"da0bf0a5c157a603b775a058faffc71a1aa123b69fa946eee31f27645dee83f2169e8f1b898cc6668f3ae5dfa5","nonce":"3903dda4a1f7d6f915790a25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"150d0eb7b54486ad17faf3357c2ffd3875dd1f0f354fca39a2f5ac79c996e9bca6209a39f435abd3bd425358bc","nonce":"3903dda4a1f7d6f915790a24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"b98ec9dd402f6d183e87c94063fa5ab900eda05a5d49d2cbc8839ea6598efe9438154a507e9ecece4a5322122b","nonce":"3903dda4a1f7d6f915790a3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"c226a46b120f6e11d5934721cccf310086ebcb657a01db9649780cc8e3c4c8c1f09a88a0eb0e4c4c8e30fd37c7","nonce":"3903dda4a1f7d6f915790a3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"ac10ed14eb287dcf0b88b8b018da7ead3185192942e7297e1a4253cf0adbbf2577da592f04cf35f0a60c985d63","nonce":"3903dda4a1f7d6f915790a39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"f10a3eafe08102fda4dde666d1d65254997d444bd47556f3cbee8cd2a4f20eea515466e17290443188d007baa1","nonce":"3903dda4a1f7d6f915790a38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"50903b5c882631ef9ffc14f977940c9de8fadc5fb1ea08319091f91e1974d3ceaf2a2ad2b5b4f631850ef3be7c","nonce":"3903dda4a1f7d6f915790a3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"e2050d1d5f25d859d4ada05f67a20a61ff2b3312d687ecb8607d8b0127186c4c7efd739df6aa47ad5e88d50b59","nonce":"3903dda4a1f7d6f915790a3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"bcecbd6fbc49be55b20d7febbc11ca69cb3e9f1ab888f706a2c95bbf5a55e1cbf5c15ab3eddfed40385a99383f","nonce":"3903dda4a1f7d6f915790a3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"16f4b3001da865b02b26377b1c20eed96841a5a85921207af58305000bd058d01f7433fb40ccfe0d4e2a7c3823","nonce":"3903dda4a1f7d6f915790a3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"a0b18a63156db141a5f323de7f76cb035d6617ff7d85f416a3c68fe6fc13341e7f65e03757068d618690f7561b","nonce":"3903dda4a1f7d6f915790a33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"3a2c07e4c05c5f7e4360dca80c9e8f61a038b5a2e687a9452af58e90d5fe16e632e741cdf52482973fc75021c1","nonce":"3903dda4a1f7d6f915790a32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"0a4fac9484e9e5b5bfd488eb2e6ef8e07e7d5466db3ca9d701887eb5cf535903efebbc2359ce837da1dc1b94a2","nonce":"3903dda4a1f7d6f915790a31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"e12375cc08c0c274536858ad8a46500ac35af55c68fcd1d7d1a7b1becfae5beba0e32ea1a6c5cff9b1a6abe22b","nonce":"3903dda4a1f7d6f915790a30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"a0468b14cc2df0f17b29e56ba830c0a5d664ba820be099de74a25e0b8235678094f437d97d7a08a37760b1da9f","nonce":"3903dda4a1f7d6f915790a37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"f2982cad7708539ed9a4cc9b48f2ada4d81c33bbf5bb6dac31f29435e7099e64ce357f9c099236d7717c992089","nonce":"3903dda4a1f7d6f915790a36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"a42f3046b538b4ebeac7a9c0771dd9e488cfaaf55f4531f6cea4670154942a7922cae9f802a85eced0d0f18217","nonce":"3903dda4a1f7d6f915790a35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"5ff49ae1eb1e6aab5a6d2b388a2f9c7bea97f954a8d5ebf13c74d5ccde38dc3c7463d8735e17d030f5c73a9cac","nonce":"3903dda4a1f7d6f915790a34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"3c43f3a6b9610e18da8f0c48d76a56766cc7e1696a0a61009e4f08174f732ba8001e13ee348587405dc80572e8","nonce":"3903dda4a1f7d6f915790a4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"ec93999254d626b6afcd83dd3584d572566e54855c66b459c54a0596a2807f6ebac698997cc24c1ab829d2eb11","nonce":"3903dda4a1f7d6f915790a4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"ffb74a0c1178c928e1b96590277b3dd2e5f084f2f75f05df493c9ca4b663efd513ba1f715589986b8c70e656da","nonce":"3903dda4a1f7d6f915790a49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"a92d2373c50a26c3a86a4dcb6108578acc3235b3b23fe57a4a94084e4093b8749b5a1c0121a97e5867f726a8aa","nonce":"3903dda4a1f7d6f915790a48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"af5c5691ac476d6723040afdb3c3d31c24a42436f5081ac348fa0f70f841ba9832c10f6af19f49154f2782ecb7","nonce":"3903dda4a1f7d6f915790a4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"c7873886e6aa21a9fc55ddf701a341fe994cb43dd6ce842f7ca795fa70a82fc6f466afefa02b5a5b5509548b79","nonce":"3903dda4a1f7d6f915790a4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"e3437ad3430db2a12bbeaaf6516ad4e2e0123768d2839879fb1800d6c9eeeeb077bd467ae441ec6d370390c6ce","nonce":"3903dda4a1f7d6f915790a4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"d76316174bea4e48201f34e49bf33a559a50a8a37541bcd80ee0fab8764894c179060c8644cecdf6fad320b561","nonce":"3903dda4a1f7d6f915790a4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"dd7822718b1f911decf7cf43eb2d981684ddc1c5528a09c37ce00ca55237b27386ff51070326a8dd053e0c6dbe","nonce":"3903dda4a1f7d6f915790a43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"555c294ccf5af108bdf42b26c1084bb051fe2f303eae170e47cac31c6e3214130611a556a602ae6ea9610a9d62","nonce":"3903dda4a1f7d6f915790a42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"9ac558513024623d6d1118eac01ad311ecaeaa1bad1a8269446da364cfada52c5b231e13af03ec9cb5d22c2fce","nonce":"3903dda4a1f7d6f915790a41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"69d6b6db4d03505f23df4151c0e62207dee810bf2de4272bd077602a7579a52036f0313e40c327e8e54b98d4c5","nonce":"3903dda4a1f7d6f915790a40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"f057b8874a7d69960f16bf0b97280717194af8027b988cc842d45887c33cf44b8e0d4b9754e51b9307e6c297d7","nonce":"3903dda4a1f7d6f915790a47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"c19a2a301540614521c2040029ff899b1f3bb95d4a033a6455bd3310e25eae5e8f729421fdc8156c302a3c7db1","nonce":"3903dda4a1f7d6f915790a46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"ca9b30e45ce512c641d8ff17fd63943efefe4200d525717bce6068638e82a6bd322ff1cde6457027bf4090edbc","nonce":"3903dda4a1f7d6f915790a45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"b84a411e40b44e9992f2e72087a9e28892fec2cda924a14bf6696991a3bd32db3af70547ca84e2f4dc450d6c53","nonce":"3903dda4a1f7d6f915790a44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"e2244757aca37c7074717702553ab3289db1514668bba6cc6426bbb9f7f70084c3229f813734af26cb2bb895df","nonce":"3903dda4a1f7d6f915790a5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"7cfa1aa911091857317d3f94b4a0c4141f781c3c5a0d9f6f267bbf53f35d8ff917f81bb187fa09890e6b05aac4","nonce":"3903dda4a1f7d6f915790a5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"e9c1b9b15e9a8e3dd15604917b6bc02f75fe146934657c43db0b3c643d4a87bb03f4bbeefe5ca272a4646fd167","nonce":"3903dda4a1f7d6f915790a59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"f72b81f7abb637d7bd18e2084ebd3f2f9604fcb37883d7b76027e3d9dd31ec68998bb3354b4ec972644dcf9e68","nonce":"3903dda4a1f7d6f915790a58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"1b5bde2ad2a4930154872993250ba8ab94f22c2663727dad27339f70f1c8f4783a58fe863404d723428043b2c7","nonce":"3903dda4a1f7d6f915790a5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"6b90ffdaa9e06200b2ebfacc1e28ea3a30ec13eda97592ed99b49b2e219a7fcfbaa008180c1feea10dd46fcc60","nonce":"3903dda4a1f7d6f915790a5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"3215d436556ff7937f2cacfafe6278861e13860996cf1977ce563cbbc8e6e4150af348c13df2e157a6e0044b97","nonce":"3903dda4a1f7d6f915790a5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"0454883c187dbd88bfb03032d0756782b667e6e1fee8ed97b723b6ca7c6b6669245369c8d71df74829187d1c6b","nonce":"3903dda4a1f7d6f915790a5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"ecc094eb256459de639fc681479a4f0adf39fccef2a748c8605308b5046f1da416610dc5376be0345547dff7c0","nonce":"3903dda4a1f7d6f915790a53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"85ee1a7a02cdcf02a9611723c02f59af2fe5c7563f5f12243ecaf2182964439e1cfe728ce8db414eef0f1e5fe3","nonce":"3903dda4a1f7d6f915790a52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"c3ff61ce648b3e5ede216fab6ede5c2f227eb022f6c8b9294b476a3e80a5599cbc953eaf450f311c0fef375068","nonce":"3903dda4a1f7d6f915790a51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"d56ee4c239e71670ab7cab53459951f6a9d3db8d53adda2ecd2d30a7d6793ce6d4feb0984fdcc66eca4571134f","nonce":"3903dda4a1f7d6f915790a50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"35b9e4686b380e6e9f56ec1adc85674aa104c9386dd21c23eebdd4c0e6c24c3093060e0d4d6255d98b03cec78a","nonce":"3903dda4a1f7d6f915790a57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"b669f1f391be3d7a2030ed34f484fbc8fb921ed2863a3120b34832da04a8e04029b26424d1e542775487bae7f0","nonce":"3903dda4a1f7d6f915790a56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"f38e29e547e9e5cfc8269640dca8ea075ec6e644723059c763321bbb39274347633f1a76b2de22cf9e55fd6afe","nonce":"3903dda4a1f7d6f915790a55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"bb424f5e434fbab763f2a892e78a38c81b49d149e6b466961db54578be015ab2716a3d3baf311436ba8c9a2c0d","nonce":"3903dda4a1f7d6f915790a54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"4d3bf6f86b5f6c0d0cbf2a39b2a4638987cea25a5e7f0d4d58abebda7c1094726c56c82c019b100dd19dacdc86","nonce":"3903dda4a1f7d6f915790a6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"723992a5cffc48c776be663e821c6c9cb4601ecdb44e35f239bc9c331de7e3235d15422febb04894513a8d4936","nonce":"3903dda4a1f7d6f915790a6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"834f716a6950132c2b33dd16f408b10f643a28c7de68b3725a7dd3d2aaf816d8ccf7e76d75761ec5293122caca","nonce":"3903dda4a1f7d6f915790a69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"5ab5c227c4d383b7249fd6c169760592bdf3365a5997fd997578d647f199e48b8d38901de11ba49236d4ad1db4","nonce":"3903dda4a1f7d6f915790a68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"f3afc7515350054a50398f194ac48daf359e63224b6000da90d449c55f61fc2551b20708e244eb80489b18bb8f","nonce":"3903dda4a1f7d6f915790a6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"864fe5f0e34268f74c1302aafc22ef5108b60f0299b2ca01d735589ff84816d9cada27c99824d0a5d2f44decf6","nonce":"3903dda4a1f7d6f915790a6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"f776c395970e3eef0dc26d11d03db76cb4d5173bfb6057a8b20174bde809871b7d8e7df27ac45500a36a993745","nonce":"3903dda4a1f7d6f915790a6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"127ebc8c9293a58a5c88e1f78a4dd927119ec5f29ab0d7c6d8312f8ef4a089b76732cc55ac7d6137ad7baece21","nonce":"3903dda4a1f7d6f915790a6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"f78136d1d1431f59e125bd523a3b2c678ca2f60a498a5628a7feb8ae51276ebd4d0b5e34c6ae11b78779a36d67","nonce":"3903dda4a1f7d6f915790a63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"e591c491c1c7fc22e0abca96957eb49f59ee5d9f213ae5d330e303910a062ac210e27ad051098888e1c200cda3","nonce":"3903dda4a1f7d6f915790a62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"0a4ae8e1d912f6f445621625babd0580e85088fe9ea71a5e8aa8737d162194995db7d543f0e046d121b71cf5e7","nonce":"3903dda4a1f7d6f915790a61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"f7c7c9a2224f6a3e28755c60875239edbf622d8c6b97bc7d5e26f50cb34b1afebd1a219807f68244e3e9c493ef","nonce":"3903dda4a1f7d6f915790a60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"619a53c0e14adafe3dc24b064a292735f32b3c0416c1d9cf181622506263461f094a854ae32e5cf6f236323865","nonce":"3903dda4a1f7d6f915790a67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"4d9b63cdb7840197e47cbd9361df6798a5707d03c076ceb99b098be4a711e14af7fa331ec919f41ff39efca636","nonce":"3903dda4a1f7d6f915790a66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"baefb0d8fdf55c19a4ba08218a212b99601acc7c39c75ae6cb46d924d7217c58bfb59f85a04e8df4f88d69006a","nonce":"3903dda4a1f7d6f915790a65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"644c24882aa6742a645e5ee5f732d1596aad2c88259399cd8fd2cb742ef5e1a8ca1acb1eb8fd1048725555913e","nonce":"3903dda4a1f7d6f915790a64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"aa64e5936164a886159302ecd925c4332d8fb651e3599dc4e9d284cdf5e7dcb5a4dc20555b99bc63ee0f62b3e2","nonce":"3903dda4a1f7d6f915790a7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"f186d02a028b7b1155e6728410b7f4e21b84fa236b8535fa3542ee674c9f0e9974c2d0b23eb2f4c9fdd218215f","nonce":"3903dda4a1f7d6f915790a7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"92275446ffcfc739453f34d9228cfd34eb6349c8fe332335f8157d6bf1543a9cb8648f94773319d8e46fd38796","nonce":"3903dda4a1f7d6f915790a79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"16c82f7b2fa5613fb13dcb2d1d397259cb5143562958513244dfc39d9b48f71a4e2ee02036f6674a617ab4114f","nonce":"3903dda4a1f7d6f915790a78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"1911f491d67556067e44d31bb0f1156936f0d92e3bd39d546e71deefef50f263b4cc1238b4e9eaad791efa120e","nonce":"3903dda4a1f7d6f915790a7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"81247f68b53849fd7a0de1f23717d0de580b8a3ac811ff5cb638199d9a0ba1e4f42ddd96bba87ca751afa03601","nonce":"3903dda4a1f7d6f915790a7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"e4ae404cdcd260cfa526be39b95fba9cedfa2b8a9918a2e9121029ed3c7e4fa5558286ef8bebaf4dcd61555a07","nonce":"3903dda4a1f7d6f915790a7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"02a9e89603fe049cd7893a1f07d5bd9ec37320dc8bace3fe29ddbc240ed93d55be014732e1a3e2231208468fa5","nonce":"3903dda4a1f7d6f915790a7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"abf7fbb5cf50157fb6e07c1ce792f11171e7598e6e92cbed1b1cee62d156e3b5208eeed1fc9ad8e0f56019fe14","nonce":"3903dda4a1f7d6f915790a73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"2ef6ff2baa8f0e04132d25b16f2ddf7009c6ce1bde69a71498d1294dbac82260e715954d1f098a861823a7fbcc","nonce":"3903dda4a1f7d6f915790a72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"d62ebba2feb1b6d65d2c6715897bcb14fca5e451776d61d242af371ea2c02e21cc0cef3b52232cb03ccbdb1a6e","nonce":"3903dda4a1f7d6f915790a71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"4b8716fe536622f29954d9329f4514c296481e2a74881fec81811946c59023a9b5f9c251b5eb9627576bec28b3","nonce":"3903dda4a1f7d6f915790a70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"3c2c437f54e5811fa1165a767cba5df4d7e4f4685797d92169961e3ec67e52b2ada9293f049d0503ed7184f487","nonce":"3903dda4a1f7d6f915790a77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"7faa4e22a5c72901583a3c4ef1b366432c8bee1f0f335d8b6ce02945d6db32bed1eb6c69724ed9ab9de94029ae","nonce":"3903dda4a1f7d6f915790a76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"f803f6c2bd1f6e4baef84e5b7b07c62f330bf918ce45f0f70dfcb8df0f07b8443b67bded7673c3a1b96ecbaf5b","nonce":"3903dda4a1f7d6f915790a75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"ef23069e614f7f7008465cf5f1e00f38bfeff89a02c51a979708e5ce10ff1c6960a5206ff9dac4d7c9ad0046b6","nonce":"3903dda4a1f7d6f915790a74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"0a58b69fa0ef6daf77f66bdcbefbadc6ec546bc6b8c48e05a312f3e4d31a26f34dc688b8e240fbc96b89bd7121","nonce":"3903dda4a1f7d6f915790a8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"6f8fc2f646700790411512a640b0d33d722031dd8ffc147b12f844c060a9e800a98fc2cf5ad88ef0e0d112adf1","nonce":"3903dda4a1f7d6f915790a8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"5310a532805e6f4ea6dacb187ebed9a6e5c4e31a47f8d178bb9e30553bdd439625c8eaa3f7f0a0bbb9832a8b71","nonce":"3903dda4a1f7d6f915790a89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"f20d99880a10196ce843c0f0a70f5f865ebd6bdc66af75e1da5054d46ad925e893f602c476ee1a4f7a62dc2311","nonce":"3903dda4a1f7d6f915790a88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"96d0f251bba0e9f044db7577c1babeb7d8988b258af08b094cada21d6212af3e9dccf2805e73046435440ca5a4","nonce":"3903dda4a1f7d6f915790a8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"8104f320087d365c6de88fad405bab71e550c70188014ac5f76b30c12292b6cf84332a40338f411e46d74d6361","nonce":"3903dda4a1f7d6f915790a8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"b01111bf808a763f8a09865f95d60519836b431654dc074838c1272a1b0c8f731970326083864b922d4260e58f","nonce":"3903dda4a1f7d6f915790a8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"9c6605b5077b422b7de863d4b5012e1b97224007d807f3460c01fef151e6fe47b0cea87566dd6a147a0a686063","nonce":"3903dda4a1f7d6f915790a8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"1784a760304053e7d72392913a603388b89cd3efa503e83a4dbaf983c749ccc8dd576b919a12a8ea87b261a07d","nonce":"3903dda4a1f7d6f915790a83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"e2165ab19bc27f561fc61189884d4397cf68cff7c885dd8c014e5c0920fd5934cd88e7d10f4753b86233ef82ee","nonce":"3903dda4a1f7d6f915790a82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"ade8adfc3c4872fbada7b90af841c5eb082a1f74c67642db17080eae84a84375a18ebf1e5cb509d7eaaa944d4d","nonce":"3903dda4a1f7d6f915790a81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"53758800adee47912aa7fab084bf3ad57f4e576ccc31ea68092c843b1076b1396e723155af71147fbbaa6cd62d","nonce":"3903dda4a1f7d6f915790a80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"f412e250931ce119d8703229aca9c870aae68d8056d272ee2e53095151bb013fcaa7cc05a8309cfe0d0345f9ff","nonce":"3903dda4a1f7d6f915790a87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"d2cb7d7ebdecd1005d17367411c994a42e8d6c5a7c9e637a24121dc32a0dc7dd9947abd04701b71c506a83052c","nonce":"3903dda4a1f7d6f915790a86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"45924c3026f4feaf35c7c0c7852bf0be2d423abcf35b5ea028a83e899e0c70ad6e4feb05d65defbc729bbce9ad","nonce":"3903dda4a1f7d6f915790a85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"6ffd64477dd571caf12f412d7a80009957382f23e71a0af06ec77c417e0f77423f12adb6151871ec7b52b55573","nonce":"3903dda4a1f7d6f915790a84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"4056d0554b5ecc23e181a52a63db2faa01cec9d4cc371da99cc3916fefcac98c87169e0d1ae8699a0cec350d6e","nonce":"3903dda4a1f7d6f915790a9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"d8a7e9cc2192ffa1a5e4c92e8f1a8d1f5f780b05d4ad01b887f48a8e73bf20c72e6e8b8027107c4dfc55dd14be","nonce":"3903dda4a1f7d6f915790a9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"07aa07acb4a35a3e4dbc494bcbcb0dbffadddbcdd3b647c35b020168ea0b69018c8f7bf64ed836d613e7b324f5","nonce":"3903dda4a1f7d6f915790a99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"a9c35ab989edab537172c9cc8bddca3cb2dc35eaf607e9a564dd03ec3900e4a46bef19e681d7dc99fdbe32309b","nonce":"3903dda4a1f7d6f915790a98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"38fd8a03ea0c0c17adf659f576efd148f968e1d5b671e5921af11fc6ee105e100c01a1774a840a29b5fd81ec09","nonce":"3903dda4a1f7d6f915790a9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"581eaeb5776ef6f8227c3faf1f81a82384927f4e0bdbeaad32a7c0dbc6ed1ab4a79421ec2970f09ba5b86d1936","nonce":"3903dda4a1f7d6f915790a9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"8e276ee91e58bcb7ca7ab75419bc6465879a2c605ee523549136f5e9c2ee7bb6ae13887376d8a11373e27a35a8","nonce":"3903dda4a1f7d6f915790a9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"bce9c47a3b876d8ef7585c5e411d96522bbabc52b065346d5563a9b6a9672a11c9c35be4496aaa87f5232306c7","nonce":"3903dda4a1f7d6f915790a9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"40b5bc5b30e7e86dfe11f26909eb57f408ab7d0867ea0ec8dd5930de1476dd83382bb57a9b00b54623d2e4f7f6","nonce":"3903dda4a1f7d6f915790a93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"6919dc6b336c8604bf6f08d366ebc88d731f622e2b2a56f2110976b44de82b256ba408fd8a4ff9d68ff502bb1f","nonce":"3903dda4a1f7d6f915790a92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"a9a44ea26813204eeb35aff84fe596cdc491f2c46aa1443e6cf322d8c9b349f2870d7724c2c17d30846352d7bc","nonce":"3903dda4a1f7d6f915790a91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"948eb2c87a77db89ca752962917374ea0db35f5ee937cd87d1de471e42569feca79d8862e2d4d1794b1536ca32","nonce":"3903dda4a1f7d6f915790a90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"a4d84b661c0d1959bb2533c5f991581433bbc29366244b2bf47dd0ac54402274923a7c9b5d5c0bbd027670b4ad","nonce":"3903dda4a1f7d6f915790a97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"48cc2d3fd33f2e2c0df376b97b681190a70a821bbace1ec9565af6adb7b3eafcf8b02aed9c7f440fb6545dac22","nonce":"3903dda4a1f7d6f915790a96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"59a05c7086b9b28cef67180b53a3e3c695d5d93f40c1854c1f5cb86d82b2b404e36a6455ae258d90f17df21c2a","nonce":"3903dda4a1f7d6f915790a95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"baabf07898c9d91d5cec4d0124ee71c62e85d99d51350617878179431ac5b875a4d205e6fa6d60c0f38cf06c65","nonce":"3903dda4a1f7d6f915790a94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"4c99279d67d346aca08186e52efe9ef1c8b3d315d993460597680c7f0e2ecd73728a0019812261c03eb8a652d1","nonce":"3903dda4a1f7d6f915790aab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"d7141adb26e9d9c782104ca6609d6dbd47bd2ef1f3b3801840fec23d249522b98c829004f298ac036e276dec12","nonce":"3903dda4a1f7d6f915790aaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"6f2f649615581ab972039c3b2d2cbe726075586f96f3c34737682d6ff0a501adbc2fe6571c6d8c07c51f86fe8d","nonce":"3903dda4a1f7d6f915790aa9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"91fd9a1a8f2dc46d8b13d43477688dd682f42faf2101f9f408334698d8037ba4550d3dee5d66ddd75ad4ae750d","nonce":"3903dda4a1f7d6f915790aa8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"438a6c05a39b8217559c66372ebf0c1ef3a7de162f6747f4f3e55f053645a537b6c2b444e0c94188a09701c579","nonce":"3903dda4a1f7d6f915790aaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"993a62c1da5a2ec2c6953f94e1a517078c80f7e214c3d334c77e5eeddcb5c626f197d960cc7ffffedfc1f73383","nonce":"3903dda4a1f7d6f915790aae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"3055f2b228f436202ab77e7a115a685d649d32ee7e0ca0582ee038b006b9c96c911e96a5de13bc3acf76560f30","nonce":"3903dda4a1f7d6f915790aad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"c8e8178e932e6659cace45775c528215e575c9b8eac9bf94eabdaeac3bda84645a8c8a951160dabd8f46cd240c","nonce":"3903dda4a1f7d6f915790aac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"a5de59024a29c30ca8c2eeaab411dbbe0b14b696befc87f4f9bbebbe71af3eee831a8ebbf2b2ac7ecd5d482c4d","nonce":"3903dda4a1f7d6f915790aa3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"8fcd3f2464772d43ffef8bbff41e1b6a7581ec98eae9cd843f8d99826c000d3c12486806580288fd20fde02698","nonce":"3903dda4a1f7d6f915790aa2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"2bea86c24ce9284941422b347a143b84aed952ac70a2bf2433484621f4d9b763e8cced9475ce06fd900c389fd7","nonce":"3903dda4a1f7d6f915790aa1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"26ddaa0539a6a4e91b9214322cbe71161b96617dcb996b1e1997af90bc20fa08043b16f18b5dba374053151f57","nonce":"3903dda4a1f7d6f915790aa0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"817c7aa21cf6e15b3c0a0c9ed21dc68786fe78278aa6cc3f6e35b399bfa9e0be17f1af18df74b8f6f7f8125417","nonce":"3903dda4a1f7d6f915790aa7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"ddc98e36ba3191d5ce3d3f080aff78272e1d30608a89d7ce0bcab59112d405536f8121b283abdb61db5fb45b2c","nonce":"3903dda4a1f7d6f915790aa6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"199917bb93dd8a9a479a33a993f52de1f7582b5eab686bf9e7bb61cf6d1df6d1fe134c534e89b66ac56c3ca036","nonce":"3903dda4a1f7d6f915790aa5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"64a5503979cd553e3cb7b4fdfb59b1ef29c96eae114af71c071c87fe6ce9c5c2f464a4643806cafbe074c69691","nonce":"3903dda4a1f7d6f915790aa4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"947ccbb0da76e3b56c3697499196ff9402b037cd2f93602b0a7960f7d03ea7aa7e706e266985d38655cca62c02","nonce":"3903dda4a1f7d6f915790abb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"92fabfec7e8c19a0609e32702194336329e9955954fea532faf3f835b5d7524a9a043c67fa1518d47920d2fcf6","nonce":"3903dda4a1f7d6f915790aba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"8ca7f9a025a4afed65f6414ca034e5fed8b3fa6b0142147aea337d11b0b9dc9bc8355a376b90b005f641fb53b3","nonce":"3903dda4a1f7d6f915790ab9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"6a01ff3b8a7b9868d8de8dad06f2164b9c2d0e7d5d681169dc2252b0a317636fbfac9337a6281584b5e89ef763","nonce":"3903dda4a1f7d6f915790ab8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"460870d72eb89272bd2e9c84e60b118017b74c6f47638429acb889ae99c057068ccbecec10f75702dc1e3da0d4","nonce":"3903dda4a1f7d6f915790abf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"844c0d4b0969ded0fa993b4aa6c51c9325acad17092d36c4e902a1e2a6293f3debca2f192231f4ba3c349af17a","nonce":"3903dda4a1f7d6f915790abe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"a5bdf216ca8e28fe3ad695e8fe560c34e4044cbe352df76e1da584b9f5e8a4dac23f39c007a3e3519bb270bbb2","nonce":"3903dda4a1f7d6f915790abd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"f80a98b8b076d6ec9b87e8afa3bb9bcb59cfd97e547235e2fe88b02a8d8a267890f833342cb07fd8abdab377af","nonce":"3903dda4a1f7d6f915790abc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"93d67f1fc27a97441a1f3de0c5c2a5bcb4ed053a411ad3d81d810bf3623ec158a504c727c25c0146be9e68be73","nonce":"3903dda4a1f7d6f915790ab3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"e20d499f4fd6dee589457a6e8c0bc4f5de00488f1ea3a0f33c32c09a16175fc626cb5ce2aa0a666d1c846d713e","nonce":"3903dda4a1f7d6f915790ab2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"9d26d7c1604d2a25f4d49e46f7646e613dd5d861f805818ac7a9788a196105349efff24e5eca82ab69982f274b","nonce":"3903dda4a1f7d6f915790ab1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"5d62768ad63137b455defcda9cb944bf7318ca20cad3e6549592730c4c337a9f65027001eb64c2018fc939b0a3","nonce":"3903dda4a1f7d6f915790ab0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"ce6d74c14cf76cf53eff7ae86b73b5f8d0340dd7a5dbfda032df48ace4379fd3af446f62526be9d5bf2f5c74bd","nonce":"3903dda4a1f7d6f915790ab7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"d3181773881468d5a9474b568dd0649e210e1a56fa28ff9df14992411c2374075dd0a5f2c57113489c7cf739c2","nonce":"3903dda4a1f7d6f915790ab6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"272917fc4b76d1dfd1b3b82092e895bba66c8228db7f596a79dbf25531e7f5882d57c91efe3b8a9445de42f6be","nonce":"3903dda4a1f7d6f915790ab5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"c95741b25d9c7ae99a14a31c0eba7fb673d2949540249b5dc2280b6ff7255d6a2f5768ceb0a44d4e1011d8a7fe","nonce":"3903dda4a1f7d6f915790ab4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"b6ebfcf70a92063d3d5a662b714f13cf9b8229a66ef032229f4db1035fa4b1ed919998d0514fbe4f89cc85648d","nonce":"3903dda4a1f7d6f915790acb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"5bcc5d51a4c27bef9966a8a4606abd18293286cdf1164fa1a426b82b2f0e0f036c6944c7a27bded4d2571c85b3","nonce":"3903dda4a1f7d6f915790aca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"1d2fb1bf7d65569b66ab293440f096eb7c721a5c99719e0b7be3cb937c4edc9d5d53f97ecf6adaeb41797f4add","nonce":"3903dda4a1f7d6f915790ac9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"5f5ea15d4118a0e100ac1d3aae286b7aab7c975c023892b97890f7f81fe93c62dbb0d6e2c1cd66ec3321f09519","nonce":"3903dda4a1f7d6f915790ac8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"0f935f55cf51a3b7498aa882e432798bab5311514215d31bbd180509f531fbe16cc353d2d5cbeb1c8720016cc6","nonce":"3903dda4a1f7d6f915790acf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"fd27a6a47e445c375230fab1e6b75b6675cc81bcc1ad86ac547bb93aa65eb84a5e05af78aa1487a683e7623352","nonce":"3903dda4a1f7d6f915790ace","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"edcb82e83c4ce86206930d50020ceaf13d96dbe22beb075621557417df9f8fa32fe7e7e5ed6588d9a06423d27c","nonce":"3903dda4a1f7d6f915790acd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"98a8e338cd00c8b1d67be1cefd7269bba533800aac9587089f352e99c140415c7460771aaba0e3e064bb9a4cf1","nonce":"3903dda4a1f7d6f915790acc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"137494d0846f5598857c3565aa8fa9d6ce7b1067caaaba918113b6a710ed9e674bd639f5c2661643348fe9c77a","nonce":"3903dda4a1f7d6f915790ac3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"b81ea25b2a72535b28d816b212b3e443f023563aa26c0dcca3c836f85e929d8feb53e68a78e7bcd3b090b0c00f","nonce":"3903dda4a1f7d6f915790ac2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"c8318c82d74c21681e5b5668fda95d0a7712af90283d06d3bf9e12e9123ea78549305583ca65e3438a7071537d","nonce":"3903dda4a1f7d6f915790ac1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"59f1b59c303f4a77f1add29c5610af7ff00009726839acc142103f17208f8ff6b0e5e3a3624a5b669ccf3ee629","nonce":"3903dda4a1f7d6f915790ac0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"03677cb2c0b16fc83e746f5012da29842749649f0f168aef72d291a5835a79d441b6c140b2b8b26e05f4a5faef","nonce":"3903dda4a1f7d6f915790ac7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"6c007080291901789fcdea3f5073d6c91774ee2456ea865075d4992902aa00065770c640a5e6d1345d4eb500a3","nonce":"3903dda4a1f7d6f915790ac6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"9dc8233831106caa0a48c544fe47d4c413404073e42db1abdd400cfddbea0dc50802f23d8e043a51d6fc8b9cec","nonce":"3903dda4a1f7d6f915790ac5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"7519102a0563d2fbee276a111cdcebfb6d0445d6fab2521eb0f9205d46b187896bcea4ac8f18f4608750906cc7","nonce":"3903dda4a1f7d6f915790ac4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"9a616ab973b53241c6c747b771185044a107591f1c1f76eba4a595b892411b8dbcaadfe267a81bd51eb2552c06","nonce":"3903dda4a1f7d6f915790adb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"cc5f55ea80d7c1c74f47a9ceca5b436ff77730b4f2b8c9681f16a60fb6edfe0f899bc972f50553e20a96bef79c","nonce":"3903dda4a1f7d6f915790ada","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"542025da82802e6a1bfefb5bd06a02e5e0dca8d3c46ecd6693375f52f886930c1b30100d62ed9fc4d57447a342","nonce":"3903dda4a1f7d6f915790ad9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"780095b81cc51faf2ebd203c1c2f391b9cb978e9be6d244231a23602a5b817945dcfa247c925a7934d9452d6c7","nonce":"3903dda4a1f7d6f915790ad8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"af8609242962a585997ab6106c4ff509474635d313aa11fe5e5676cd4a15ef0da44e95028813cfe21fb6035fa0","nonce":"3903dda4a1f7d6f915790adf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"2d93d4dd491a2de2d4159029afca4f9bf2e59f0eac201b84523bf85582cf0857cc79467f376628d41f8c2000ef","nonce":"3903dda4a1f7d6f915790ade","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"b4e7897f8193d79a2add4d77b42975500b4f33a2b3a884ffb427af3d0e8d58bf14a5a00062dee36e38c4e37f96","nonce":"3903dda4a1f7d6f915790add","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"82b107b508fa96ecea8e2eaa05ec31e5261fdbad263c2bed227e005f8d73e238d7a8774bc809057feedcb41434","nonce":"3903dda4a1f7d6f915790adc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"538033ca7fb87cb484343a250ac2b682eaf5b4723310b5bfa22397a943ac5883a23d306183230cadf2a2938353","nonce":"3903dda4a1f7d6f915790ad3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"c2cb687a7e3a56b4785e47b32359f7c0c359f3d63aa586db214a00b54b679d8de8a63d48a8faa77afc59924be2","nonce":"3903dda4a1f7d6f915790ad2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"1e359d0ce5f5f1393afc88280c26d70dc8bb8ac37c24e709be4e569e5b3e20048b6fe2adf4cdb0c43f15f77575","nonce":"3903dda4a1f7d6f915790ad1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"55babfc16c7c743f0b66a1a2ca004199d5b059328b42e441791f09f270e13210eb3fa5e95801fe00251052120f","nonce":"3903dda4a1f7d6f915790ad0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"fc1d1db91f742458a36e5e3afe43ca34e30d37923e0bc0369ad049d305b0c2662a1b7495d64903918a97dd964a","nonce":"3903dda4a1f7d6f915790ad7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"4a7ddfd70d2dccd6e8f60363badaf450311ba5fc4c92cacad8de7e5b14a72627256e4f0ae6de3265026b76ec95","nonce":"3903dda4a1f7d6f915790ad6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"bd7090e9cf43f4893e93c7ed3fd9646c9523af200e46e3761859218e5ace712310dfdb155161ccccd573e15269","nonce":"3903dda4a1f7d6f915790ad5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"7762d88c90e6c00e3a3a7487e7a817f11ff3d1b72ec1764a77770e6cadf82e657a0d16e3ab59ed253cd013d4dd","nonce":"3903dda4a1f7d6f915790ad4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"f92269d29cebdb0d240587ef6751a46e15d29a4d90abba1655c1463678879401844ed0859fb9be955612fe8bc9","nonce":"3903dda4a1f7d6f915790aeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"440f85bdbffc43caf71ead8e225e8968ffb42004ad6826a327078860fa9c2be37c5fd55aa99579c4b7b88f74c4","nonce":"3903dda4a1f7d6f915790aea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"1fee9627d725203c13e0b29f23189f38d0152825821930dfe0f2666b58adf10ef2d3f3e9138924ce5aa96a0da1","nonce":"3903dda4a1f7d6f915790ae9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"d85a43cce43385a24ea1a5d94f81448a326c45c68cc08276b25d32af1fcf7b2779c028db034808985b31f1c28a","nonce":"3903dda4a1f7d6f915790ae8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"7a013bab41028099e389df59a0dde321daf3c2d4714762364a8ca7c9c0dedbf08d1f451a08f6ddad7a39ef334f","nonce":"3903dda4a1f7d6f915790aef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"bb9693208fccc20fdd6b27a063c0ba0281f45a08ceab1b30c47c2a8e357d05557603a9559d0097c07f32116368","nonce":"3903dda4a1f7d6f915790aee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"d30792cf89cd65abd38c64eb0139f55738990f89c6780af13474bda4898f24feec761e6b36568cf8b92045086f","nonce":"3903dda4a1f7d6f915790aed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"3eee2173c1c27c3554e184dc6fa64ef942bb59c1e8bdd01423182c8dfff823f2205be7169eea8fb42baf685d7f","nonce":"3903dda4a1f7d6f915790aec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"85bd9cc554dbf95596c5236979de3b4bd9f2e2f8ffd3eaaf6ab07b813231b4e4dfcdb5cc544dea4e366c4c8c0a","nonce":"3903dda4a1f7d6f915790ae3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"d89ed73d40d4dc07289a723616af33d14545982e003a9fc2e0618c3b2bfc5cc33893c3a68a6e94eb9ebaf47dca","nonce":"3903dda4a1f7d6f915790ae2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"8402d7e9c2563133281f6f77e599d7ca53292cc6932d7d4ea421cab9b6747545c2ac2cf8d5f2c30b727c75a383","nonce":"3903dda4a1f7d6f915790ae1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"7d01e4eac655a1138d40f361513840dcbd73b79a788d2ad7f91a70a75d1f39ea9908f25a51669c6aa8838771bb","nonce":"3903dda4a1f7d6f915790ae0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"b4633cf287534085375381208066977d59c0c00987b777c6072eb27a9cc5785a77a91bd0f78fbfb5d0b6e6861c","nonce":"3903dda4a1f7d6f915790ae7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"bd3d26726e6b72716d25cbdc3a1214a9d49d08775c7ffd4284e77b804de354cdd886c0a11e042a8aa8418fb0be","nonce":"3903dda4a1f7d6f915790ae6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"22799226e5e19b0ab24c98a199138b92a82a1c755b9e4297b40c2e0e4a1867153d7d5423d3c78b31c53cb7a2f0","nonce":"3903dda4a1f7d6f915790ae5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"b570cb363857001d941bc6038a6346b9558747778d17ea1f6788befae51d65c8cdb72a498b39cead9f74e69227","nonce":"3903dda4a1f7d6f915790ae4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"db8d71ed326d0620cae72e3ad4b2391c17630075ebef34a85c16a746ccf791bf8cafdb1cc8d7b5a0f5f1800f80","nonce":"3903dda4a1f7d6f915790afb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"42050ddb54d02858865efcc38055e9b7f0debbe31467a16eb3c9dc877395253865bc9f49bef5d3d63ce0b174c5","nonce":"3903dda4a1f7d6f915790afa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"f315aa6fbaf1ade9b8df5c887522362a5732b44f9ca7fae6f1212937e85ac309a89a545b27043f4cd750ee4fb3","nonce":"3903dda4a1f7d6f915790af9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"3e82298d38280d351df0b4a9979b244ab47c57595ed9869e5406dc78883a69048748b2124a270e9244cba6f317","nonce":"3903dda4a1f7d6f915790af8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"3821729116dcc20498c8c95206df58ae2b744d54ab80f41f83fdc93cbafed4d519739a2cadee9ec8a08d51350a","nonce":"3903dda4a1f7d6f915790aff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"eda52cf8f2f13941df2df4714770b1ed396a5b9b8250f6de24ba61e99ecbd217ff0a655171d6df8da280a9d23a","nonce":"3903dda4a1f7d6f915790afe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"489ace7edbb374ee78a8bfb6711a3cff61038826d2e08d72b2dde93f3b929d9d09ef31ef3dbc51a3372bcd7a41","nonce":"3903dda4a1f7d6f915790afd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"d0725447d67d0f223a8c43892971810595fd0988c97b0e216247a50256c3071a0dac24b6be6959c7a0d038d76f","nonce":"3903dda4a1f7d6f915790afc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"10715a2897ab3fb22c8bb6298940747fb873afbadc0dc0f950d31b00ed8d26eebc370a8943436f84529693ca1a","nonce":"3903dda4a1f7d6f915790af3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"beeb6a8d6f4bda11a9cb057f25eab6537f90bab790679c18ad3847ad4f1342e2aadee62fe4743b8701e08ae7c9","nonce":"3903dda4a1f7d6f915790af2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"7167d9c869c5573e350c7a0e9df10177ad4b52ab4d135868072a3774e492385794f946c92d82c205f303ce9398","nonce":"3903dda4a1f7d6f915790af1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"178da5f6a516c7f84cd7c7a05d40c750a596a5ae94c04346737cc48673a2569d60a204cd0774b934c0c6e9407e","nonce":"3903dda4a1f7d6f915790af0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"67045a9c9bd0cd3a0cbe4902d2ca7c0acdf028dba36801f1a9ea154104577a974e20062553dcaba653c69b0bab","nonce":"3903dda4a1f7d6f915790af7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"a02748fab2b599999e92e2e4ffde38bb3138ae931e10a7d07e53f16459c5f2ab35061080ea2ea78b8e4a661333","nonce":"3903dda4a1f7d6f915790af6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"24785476cdd5f0243d55fd1f6f6a05622f9703b8707c1559870ea667a69000c75cc96639553ac8c7b2232ee932","nonce":"3903dda4a1f7d6f915790af5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"55384803840ad6db297eadb25547916a4cf8d7151647e8145355e6cac1dab04f1ade83c2dd2f091ef4418de413","nonce":"3903dda4a1f7d6f915790af4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"f6c7c47c6fabde774f6e8cec6ced7d05e1070f6aa456125d6209f537956d7528ebba2c06dbb4423ad8c259974b","nonce":"3903dda4a1f7d6f915790b0b","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"2394e29f37a25f70847dae21097ec400d70a89e808fd7169b58561ebdb41157d"},{"exporter_context":"00","L":32,"exported_value":"bffc1b9dcc7c4037bebed54b315270a703b99cd9fbce2caad7115dce707c6fdb"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"65bdf3ccccae2d2b1dbc3fe2939b4a88d43f068105d149aca16356174abe73cd"}]},{"mode":0,"kem_id":33,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"52ccb09542f76169c8f36836dcd62868d664d168ff53248da4000e2a33bd42fdf7cb1d29704543721f46e025fab4be7a2c0bc5ea7ccbb1c7","ikmE":"e69397fe1aba5d55aaa486996aed51a104d32f0e566d1bdf4d860ac5c8b04b191f1cc7c28a06080f192acd7eab45b5b8aff0db40e2b7e7e7","skRm":"86fca43d13352c8cf2b5ff9ed2e7c350a31cba8a556a5fd0e2d0669edcb773a601a76a29f7db13838880dc42399a720fbf548ab19352d6c5","skEm":"c25cd08a7271de72052f14c3376cdd15df67d82b3e3085dfa22a56e50f36755732b6ad79e1c85784748f03f44b861dc61934b2c76660d5ae","pkRm":"e049b8fe98be54332bde59c76df7b178bf10b5a32b559f5090f29921a29e0d528b447edd468ac3f47e46906f791383fef836387c17fbf0b8","pkEm":"dabc59b3963c151fbb7c6d442f2c3440312a1078207eb11fb62c034cb85b85912c7500fbb992f28ceee449405a8b776c79746b2182984f37","enc":"dabc59b3963c151fbb7c6d442f2c3440312a1078207eb11fb62c034cb85b85912c7500fbb992f28ceee449405a8b776c79746b2182984f37","shared_secret":"4484abe672b06e8de5bab2dc066e8ca9aff3bcb41a76ab7504e581a355f6bdbed693a86a8178b8f03f8744575eb9f08c93c3b064e3a1488f29a0a5b0c045db03","key_schedule_context":"00ee4fca86c518a1057129a790470347c02bd27b4a6e36f17db1186907541583ecca9a8d65aaafed3e87e030dc2227f68cf7ff612167b37f12f245ead4ba4c0afa69461ad54024dd0d2a7440f1cff5f3c5a53e21372d18bf6766592554919ce44969c417418d86d6855c4df20dfc189556f20d520a21ac7fe152ad7899d597fb87","secret":"a1add9c0f81cdaf878a86984198c2e3eed68f00a186d0525bb90bb3cc36a0178e4b23e749605b874cc485bae6357ca0777640b1f2a5fc420c6613a30bc5fc407","key":"","base_nonce":"","exporter_secret":"0618de9b12ce06835e1daad463e21f4c602edced632980ed7fa4f876a649cb7da3c7890c21e8061f943de1fa5b963af855e37b8a6236358ef179f59c0d3502f7","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"c75a00c8028d2c0724eca7cb9ff99c5134a836ed92f6662ea92ee614e4f52d80"},{"exporter_context":"00","L":32,"exported_value":"2eb93c0f358c9a1716b752502efeb3fb5352839670442b11392d5d4a62b4cb99"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"9aff60c41fde98ca6d10591bc2da1cb4dccdda0b3368c12cbde5a6a3bd864582"}]},{"mode":1,"kem_id":33,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"a8e3880aa3fc80acc6ed74f348c5f16db551cd4ee2a348e538410a862cbf11c444851f31f7b0f00ace94ae8f4ca5210877f6b7a098629f15","ikmE":"f08cfbd83ffcad7e5f24cf24d7f3de8237d2c1abb78c8b69c716cd7e6ae9493acb5c8d403293b27a390c83c60f5bbb28f1204cc5151dc832","skRm":"01b418c973cbd7faf011a128838667520fecd527aefcfef885868a94548b2888e1100ed9b6dbf671f1a3d81d824469e71f137dde5cd6e30b","skEm":"78654d588f42855c566243ad801565619fd567423ce97c8c18b5aff805183c4950962c886aa876c362fda96d23ad45d2fddf821f8a3ec413","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"d47fd94e4ca6fa56a6dba5806cf88fe103e998d1b026c77ad2b12443c2b9710a1b28463639f49469847c8e51d984c19de3bdf18934617963","pkEm":"3c0a177580fb4e30dcf1e6a3682ce1aba7f619c6c67b9fe5ec9e2d6d6cd67e243a5c1ff98ef035550f2e42e0cba998668451557f54f022f0","enc":"3c0a177580fb4e30dcf1e6a3682ce1aba7f619c6c67b9fe5ec9e2d6d6cd67e243a5c1ff98ef035550f2e42e0cba998668451557f54f022f0","shared_secret":"d8d9c7aeea827e39324eba3bbf105aacdc7f63413db5b591f08fb2feb52adf0017e8f1770d8ae0c6aa61cb3579bc07be7ee8425e010a1247cad3db12c266955a","key_schedule_context":"019d56ead53f8b69840e6dc5a1395be5afee0e65ce75192384fc5b9ee231b1609791732ab7e49c63c751bb1400c6e1fbe3df49a9a352d1f68d790068dc4f0c37aa69461ad54024dd0d2a7440f1cff5f3c5a53e21372d18bf6766592554919ce44969c417418d86d6855c4df20dfc189556f20d520a21ac7fe152ad7899d597fb87","secret":"e798a86ba3f1ee639bf6157e073c65821b0f510551153d61426fabbcaf404d888d6459f29f3db08e08ac2c87551cb8019dfd8420e732cd22dc944dc6a217bcbf","key":"","base_nonce":"","exporter_secret":"2c59e425a2715afa79934dbcd5dd928923e03e662e3ca60b04700910f8bc46fc7ae95e5226cc346d4a70078ff909add6e5a4ad92665a9a5b03592d8d9e5d85a3","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"001b335961c74e250f538cb17abf8ca66a2c49399c60545d8236bda7e5d3fa5f"},{"exporter_context":"00","L":32,"exported_value":"724598916387a748a22dd57f30c7cb3add3ff65b2d66fd0d4181616c1ca1b0ff"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"7c7fc1dc707e4ac150b6dc4754db7bff3f3652536888f787529998b39948fb8c"}]},{"mode":2,"kem_id":33,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"5f6bbd044983e434dc06925d5389c1284fac66dc2d3a78736cba9a5a8e33543927c8ee556b94902983258c864908d2e6ccc2938bd6bed479","ikmS":"453042f0e07c99a9c58ac1876e19fbbad10a2063a1b46515af18095de7c2c257fcbd34002cf7cf8f05d7a94a467b4a1f48102801901484bd","ikmE":"f3f0b097d7c60e6f73d19f7b05ea277ea123e331bae592b7320bf07fc6f43557634aa83d0ec44b96ded475384fd99f776ad2c64a167fa178","skRm":"4a872305a80eea80870a1f400514f76b89bc5e2a4ae76e8f2a36f26c23c6bcc80c492828ec4cb86df50661ff40bc33b13eb815b8a1a5e709","skSm":"b3bb283c65301c70a73b371abbbd4253578132f5d2297c0c395da007d86f2f9c4cda644fefcab1f58f3e5d8b41c524dfecb7a6badb2ba414","skEm":"ef4b5f50dcef5b432f377d052c27aa1c027b4897d93ffeaef1dbaed14c599da8507f0f1287c20afa5ef5f8a4b74b8ad9095cda499eaa995e","pkRm":"34fe4d99ec57a7be7a742f2e1af494a433879f8f124f92204f6e32ba06a471de83a84598ae8e4135abbb848bb3a31af15a720f4c801d9e2b","pkSm":"b95b9cc3884a5b92cbb80226d607109fd07a735cb5925acee629898a1d2b7eeee41d75ba9a732ba57e5652a9a78eba4d8e0d3dbb4ba5d31b","pkEm":"8583b27ff0edb74a9c051ebafb1850fb31887d3e6a1b0fb9b42678fa8ad403e4cf18db3048857a911b07adf4f9002bdb561e5d7b7d4ca4c5","enc":"8583b27ff0edb74a9c051ebafb1850fb31887d3e6a1b0fb9b42678fa8ad403e4cf18db3048857a911b07adf4f9002bdb561e5d7b7d4ca4c5","shared_secret":"f25f7893107af6a961d8ef131db152e185f05b9ec15e1983456f4e7449032cebf99d4ca9a6b2f53b82aeab307197a8836e83349842a8f42adbc1582f3df4b1aa","key_schedule_context":"02ee4fca86c518a1057129a790470347c02bd27b4a6e36f17db1186907541583ecca9a8d65aaafed3e87e030dc2227f68cf7ff612167b37f12f245ead4ba4c0afa69461ad54024dd0d2a7440f1cff5f3c5a53e21372d18bf6766592554919ce44969c417418d86d6855c4df20dfc189556f20d520a21ac7fe152ad7899d597fb87","secret":"e043d3de0bbde9984a1c386555c2fdf001bc4d33d626c635e0d3f18397065817bc092d9c4c35fb9dc6ec9982536f5f6ac7a16dd65c0cdbd3d8e0b96415f80bad","key":"","base_nonce":"","exporter_secret":"a27c6f313ba9896a6261c7fb8b0cf9887039ae703a05929ae783fc24b7fd25edb0226def30c28d0f4e1297f82f77643f23415b9ac0c1b132b6ffcdfc4f4d4c8a","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"35bf630f50ae97534bba469127d4aa38df4dba933a78a8dc1b43be6663084f10"},{"exporter_context":"00","L":32,"exported_value":"3ecf159c9df4425b6df9de01ca155e669e7d657c5bf3ab12f1f88e0e631b077a"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"6ebba8143e42b092a4e7a2f7b62a9f6068281ac9b7145c4b4936680451dd6f61"}]},{"mode":3,"kem_id":33,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"f9521ace0192f9e7878482d9dc27707a7b322d46e75e86e55a2b8c54e56f4537816a1ca27e85d9724bc437b010a20b730c20bcbb1b4351c5","ikmS":"99ad055c83d879a406f20ef7853ba4bad4b8030a99ab4b1297950eccb77357d5ad1d21e2c14e2715ac2ea45f0c6e5b1c04ef7d80f5dc76cc","ikmE":"48b2f7b629ec684d6fc45e33d29d960037c4c301bcb018d81cc1cf4b686ca74897c62f0d74b4960ee80959cfd5b010286f8342e454e656d1","skRm":"48d7abad68078fd1bf06739152b7cfe56b27bed70d83df6d2b9292259e46ec91806270c0f7b402b8d9e25e49a336800834855b35f34c61a6","skSm":"acc9dc9cdb923d306f1595d763705e47c36602b0610d5b1b89f03fb8cb672e58111ce0ed046dd0453cbdd40fd3baac31dfd4b91b7f728a25","skEm":"9d37082cb11239c37e347d2016c7d00a2e5ab379fe4ac434b1aac9577a16d139f22fada469596711c0c6530e120a34959865b58c0cb0d654","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"d3fb0e65e61290932072eea3678149dbd31cf154231334081af5a0a0fe88709e404d4acd9d4d899e3942262325af1de443d2e5f02f79c3f0","pkSm":"4b17fcf1f56912df85e463a17f512cb6a255a0006b3c07de7eb4cd508c6fec60b50da73aa9854d80ad93f445b584beae24fa3b0d67cf1ec8","pkEm":"b118422303e8b206b9052e283ad57da6dedeb445d1de3046a007b00e7e1f328ac683c3c98148182eee443bf55f9f151164fe15443a70df05","enc":"b118422303e8b206b9052e283ad57da6dedeb445d1de3046a007b00e7e1f328ac683c3c98148182eee443bf55f9f151164fe15443a70df05","shared_secret":"8ff25fed3d6b19bb06117ee110952ecfc2f98666a030f94f9a668e4c71bdc800d8f7724be9984097df4d42a0fedf4dc6585a367658e51313dce4ae45f12d4396","key_schedule_context":"039d56ead53f8b69840e6dc5a1395be5afee0e65ce75192384fc5b9ee231b1609791732ab7e49c63c751bb1400c6e1fbe3df49a9a352d1f68d790068dc4f0c37aa69461ad54024dd0d2a7440f1cff5f3c5a53e21372d18bf6766592554919ce44969c417418d86d6855c4df20dfc189556f20d520a21ac7fe152ad7899d597fb87","secret":"6a59889c750e219a7559ad724c154273fb51d634ad1a025c64f537c1a32c88577388d48316f61c0d0900cf77c00bcdd98cb3a178137c2d19810865da66867080","key":"","base_nonce":"","exporter_secret":"ccf37f8db74226001c6890970118cdf5f5985699020b0daade098e97e5cd8d24bf4726a1f2a72932e4c360b3617827bd8f3769524044a991870f1fb0c5978738","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"44e961a4684d12b78e2f5bdacfb4394179dceff54f2f65d42ae3e153524762a2"},{"exporter_context":"00","L":32,"exported_value":"b42d3331e147a87243ad97d6eb88d7e91d5938a75555b836914d1ebea56e8d82"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"e96093211d8750b6d993a06f4470256bb7c8f006fe5a198df43ff0a4117f2428"}]},{"mode":1,"kem_id":16,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"d42ef874c1913d9568c9405407c805baddaffd0898a00f1e84e154fa787b2429","ikmE":"2afa611d8b1a7b321c761b483b6a053579afa4f767450d3ad0f84a39fda587a6","skRm":"438d8bcef33b89e0e9ae5eb0957c353c25a94584b0dd59c991372a75b43cb661","skEm":"57427244f6cc016cddf1c19c8973b4060aa13579b4c067fd5d93a5d74e32a90f","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040d97419ae99f13007a93996648b2674e5260a8ebd2b822e84899cd52d87446ea394ca76223b76639eccdf00e1967db10ade37db4e7db476261fcc8df97c5ffd1","pkEm":"04305d35563527bce037773d79a13deabed0e8e7cde61eecee403496959e89e4d0ca701726696d1485137ccb5341b3c1c7aaee90a4a02449725e744b1193b53b5f","enc":"04305d35563527bce037773d79a13deabed0e8e7cde61eecee403496959e89e4d0ca701726696d1485137ccb5341b3c1c7aaee90a4a02449725e744b1193b53b5f","shared_secret":"2e783ad86a1beae03b5749e0f3f5e9bb19cb7eb382f2fb2dd64c99f15ae0661b","key_schedule_context":"01b873cdf2dff4c1434988053b7a775e980dd2039ea24f950b26b056ccedcb933198e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed11d493ae1c1d9ac85","secret":"f2f534e55931c62eeb2188c1f53450354a725183937e68c85e68d6b267504d26","key":"55d9eb9d26911d4c514a990fa8d57048","base_nonce":"b595dc6b2d7e2ed23af529b1","exporter_secret":"895a723a1eab809804973a53c0ee18ece29b25a7555a4808277ad2651d66d705","encryptions":[{"aad":"436f756e742d30","ct":"90c4deb5b75318530194e4bb62f890b019b1397bbf9d0d6eb918890e1fb2be1ac2603193b60a49c2126b75d0eb","nonce":"b595dc6b2d7e2ed23af529b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"9e223384a3620f4a75b5a52f546b7262d8826dea18db5a365feb8b997180b22d72dc1287f7089a1073a7102c27","nonce":"b595dc6b2d7e2ed23af529b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"adf9f6000773035023be7d415e13f84c1cb32a24339a32eb81df02be9ddc6abc880dd81cceb7c1d0c7781465b2","nonce":"b595dc6b2d7e2ed23af529b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"ff8798137875f09f24a6165cb4aa40d453175c335f2754e128d6cedc375741648d07bede4fe3b693f4f26c535e","nonce":"b595dc6b2d7e2ed23af529b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"1f4cc9b7013d65511b1f69c050b7bd8bbd5a5c16ece82b238fec4f30ba2400e7ca8ee482ac5253cffb5c3dc577","nonce":"b595dc6b2d7e2ed23af529b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"da8303d9a734274bce0e3e6868dfb307e1f3ee2e5c14a4d959296dd80c92f277a7fa9e80f92a3249b9d61d50ef","nonce":"b595dc6b2d7e2ed23af529b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"43718e3a13be71fd952093670ee31c4428bdc7bdcb0ef789c8eafef2dc6628762852828adf52d8ed2139c79ba0","nonce":"b595dc6b2d7e2ed23af529b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"aada3015e5a255d43fdefcc7ecb3948570e80a1dc87eaaa924151c40d46098e262d2f989d6f3b59c0c2481cf4f","nonce":"b595dc6b2d7e2ed23af529b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"1a75e3e07701b56e9c3508344a4f2f110ebe22f78e0f632bc1406493bf6fe5a7cea676b521b2b8f30d7b89b7aa","nonce":"b595dc6b2d7e2ed23af529b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"3d36ab90f3fcc351aedd2f73594ae4a645fe19b76a1d2575fddd21cce07d4010b562fd1f7cda5e0a7a3d86ab77","nonce":"b595dc6b2d7e2ed23af529b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"0b5a61c38485f65dcdc2ee6301d2bdbadbe4516a513d1b768f04e2715bf63354af7fb0c4d28b342d53d5622c3f","nonce":"b595dc6b2d7e2ed23af529bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"1c3a1fc9a3c45769e57b2caa912d3e2538fa19dea5486309a1b48a63f3effecdd2dfa3b6fceb4d63454d98e73a","nonce":"b595dc6b2d7e2ed23af529ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"4d2e430afc9d7ebca3cd50a7158a357278ea3ddfdb2c26cc051ed06c58c9968112be701936eff5890b991cf1bc","nonce":"b595dc6b2d7e2ed23af529bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"a95e68997d683c5bab397c62f81d050fba38906d73c02addf9c57e6f326030885fe269f6954caeeacf1978082e","nonce":"b595dc6b2d7e2ed23af529bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"8e363d3f9c2999cc7ae6186539e6de1ef0e71b7b18b5228cbe7b70716df875ef84bc7640046607c7f7f31aeb59","nonce":"b595dc6b2d7e2ed23af529bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"26ba87489944c21c2875f2397a0fc7cbaf87f31504bb5ad41ceed025caad53b249af609e6992bb5291a4dd8a48","nonce":"b595dc6b2d7e2ed23af529be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"8327cd010571e4246cdb76e83cb031852313c31665c37e7c173967b8a867f265d953ba44aaba9f9f3c88ae032f","nonce":"b595dc6b2d7e2ed23af529a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"e8fed51a0388f5da95e987226507d58eb02cc412345631c1e774618d21f7ff1c3ec010d4ce78e798f3cf9ecdde","nonce":"b595dc6b2d7e2ed23af529a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"43731bba9518f7d54cb30ea32e9155ca2386100be76ab5b805ceabf3215164afb8eed6106ac4b85c30edb2c001","nonce":"b595dc6b2d7e2ed23af529a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"424ab21f6aff85f5665b186a79841f29def87c2042ae3cecb47d584f74d0dd3d63981f1bc814899cab8f9b76e6","nonce":"b595dc6b2d7e2ed23af529a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"acbdd62bdc640c3208318a20c38b371e599a037b9c6c150a67f14b8f5e5e6fb3f59df856cf4e30efafb71e68c2","nonce":"b595dc6b2d7e2ed23af529a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"be8a5cb86d4e950443ac0511355885752553b68f7766d60c539db89029b7a2c7da193915a34effba8f5c8ac68d","nonce":"b595dc6b2d7e2ed23af529a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"df4aad89664f2d87f833c62d8ca1cfc53e69ec7c3bee5f0d4376566ca0b78089be7ffe0ae6a717b57726bde582","nonce":"b595dc6b2d7e2ed23af529a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"603922948e4b101d61f7651cf8636f8ace8ed6ad23c7ff43bf135accf00bbd205f7d844dbdfea02919b6378dde","nonce":"b595dc6b2d7e2ed23af529a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"8bda81264b9aaa8014321778d4645cec1efd5c9e22c0dfd418300029350a411b2023ffdc7303fe4fb450b59994","nonce":"b595dc6b2d7e2ed23af529a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"8a5413730ac437f7acb2205f7c34a934bbc0a49af96eb2b7a84f315b7894373c25bbd2e543cc3cfa647c0db834","nonce":"b595dc6b2d7e2ed23af529a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"def8dc6861f0189f93959fbf6b24ac7a15840e7130e22e8d243a33773a9c8f2b451de4853eb1358605a841f414","nonce":"b595dc6b2d7e2ed23af529ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"13e2fcda010e23c5510c57f546f5c1185a6fe5f4658d91a77e21ef1947c89afb105f567ebb520d54106615eb3b","nonce":"b595dc6b2d7e2ed23af529aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"c9162f4a92fde24568df17116d0d32f4017d5bf5ae3be1b10be0d47f6ae6add8e92df0d705b4712969cb27f161","nonce":"b595dc6b2d7e2ed23af529ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"49c54aa6a9dc5e2af06ec0e3284257c983d093ff65e7465e83b50b60cf020bf4d361588de50da98db0b7c261df","nonce":"b595dc6b2d7e2ed23af529ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"ba5ce6f21b67d241392d872ed677770fc510e47078fe6b0c3d666026ea526bd770072fc15be63c047f8eeb49eb","nonce":"b595dc6b2d7e2ed23af529af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"26d2a18f8ee88edde2d04eae2f7e7e427ce4092d7290a582ce3c55f1b7f55703022846359d3ef6950bae861c0b","nonce":"b595dc6b2d7e2ed23af529ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"214e058c518a641cc0fa17fa4d584130ca71e65be8acea92103c13221e32115aeb2598db82256f8331b1ce6a69","nonce":"b595dc6b2d7e2ed23af52991","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"21572df4275a3afa46b184037ed9cd36d8ca264a74a12de90a12bd55486ef204a2ec2f5f77b2a3407fbaa7ecd8","nonce":"b595dc6b2d7e2ed23af52990","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"8bd3848323dce5a3b7bea3aac51b668d9853e3175084268bc88a2eee2ab99403afd78764ce356502a002c6887f","nonce":"b595dc6b2d7e2ed23af52993","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"3244072aca0e20b59f6812304b9b4ce091a765b1f67c1fcb1151a0c490c76fa6cf88703589ec555f4930c968f2","nonce":"b595dc6b2d7e2ed23af52992","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"81ce2bac9bf5f8af7e41d0ed6cff18de91adbf90296be2b82c85a8e729a587523d71ad7157780e80dee84b09f9","nonce":"b595dc6b2d7e2ed23af52995","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"875f629c88728a925cc9273ac0c6c37793d1bb7f5b44f96ced873d7f5cd5b549a58417140488a36a9b995236b6","nonce":"b595dc6b2d7e2ed23af52994","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"2ba54408325f9c996e4d87753e066b2247a839e5237f117b97d1579aca72dedf1f3bbe513eb1707a45cf02032c","nonce":"b595dc6b2d7e2ed23af52997","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"7411af553f48047167305d5f5e97c0282c2316e8fa3ad7538c071b0f204ecd19944b3947855720f1e316c67f96","nonce":"b595dc6b2d7e2ed23af52996","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"f8deaee73787f5dbbc6235c73ba2c52c50461968a0dfdba2fb89cf7fb0bc8aa3116309a14b089ed54dcb57f77c","nonce":"b595dc6b2d7e2ed23af52999","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"7090b0fa14bc8037f3c00429b405185e9584f2415a7e4dbb48169d3d0e783d9524d784f772146e866adcf90b09","nonce":"b595dc6b2d7e2ed23af52998","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"7d3460fce92bca6eb37aef9c972565459a9fcbfd9b21394e289a05f327e6cf2d2b7ad9093e4809add4c22e3f29","nonce":"b595dc6b2d7e2ed23af5299b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"b1ceaedb6229dc9dcd6e219957911a8b17299cf4f021fcfdc7acfc39ff60306498bba40722d771f3a25ded1021","nonce":"b595dc6b2d7e2ed23af5299a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"3b46e41a865e8c6e910bf05d751173a100fd033b1662569419f0d0743f800a8456c331908ef75f529839a52a35","nonce":"b595dc6b2d7e2ed23af5299d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"636bed0560ddabdb3beeb51e607a2c8a4bc8d59fbae27f39ebf3951e649fde4352045dfaaba16395e1e8eec075","nonce":"b595dc6b2d7e2ed23af5299c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"cdc6536dd7f882f9efae5f9da6ccdbb8821a9b0d53571a4792311466ea9bcf6ba51c172223947fab918ba86e1d","nonce":"b595dc6b2d7e2ed23af5299f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"137ddda19d57a2c99b6b529e8e90ecc53eb4b4aa04bddefc1aed217b01b9ae26c47e4670d9776d899f5b7ea7e7","nonce":"b595dc6b2d7e2ed23af5299e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"28118380390d83244885f9913aa49ca6b76544ede6204c745fefb163da0b71de4628e926f135634f8a6242c51b","nonce":"b595dc6b2d7e2ed23af52981","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"9d830ec825f0b74e0b8d00ccf66f3e4c89c7ca2f62ff6e384b8850d55012dc2dd82f16dac2158da55012edd2fa","nonce":"b595dc6b2d7e2ed23af52980","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"b7766beac8e180e6e48fef7d2a47c666a56fdfbb44ed3b30f02fd11db00b1a9d83699e50c0b99c72bafe09fa5f","nonce":"b595dc6b2d7e2ed23af52983","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"432b685a276d1708152d8a39cfe864e52f3e7e0c15e7186c9ef96919cd709b4ec048cfe4a9592dd28d6f84798d","nonce":"b595dc6b2d7e2ed23af52982","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"0d48767610ed6ab4a208ae61704344bc07c7e1a28c2184ee0efe9cb7df7abaa55d103e53dd05cd3ef876e5298e","nonce":"b595dc6b2d7e2ed23af52985","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"92c071ce15cc5a0d2704539847e39c69fd789c896eba55e8f60cd051b67ce4dee2350ba1813d7675b97e8aa74c","nonce":"b595dc6b2d7e2ed23af52984","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"89cae0e73e4a55664730ebbb586e470821935cc24d3490d749fabebc63a11978e03188c97fecfb9a1ddca8b685","nonce":"b595dc6b2d7e2ed23af52987","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"f6a1207777bf50c3c0a7ccae0925d770cde0452e8cc22e5beb56664592fc0d67c7fa33822cd3a64dc01452abad","nonce":"b595dc6b2d7e2ed23af52986","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"691d111410645c4951841bc947d755d3efd81106754f5378a2bc849341ca0f64ad845fcd3f96eefbb18ffc61c9","nonce":"b595dc6b2d7e2ed23af52989","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"fb6693d51d81b9693631b2c86b1924ee3fe66151c871ad1d6ebb27c1f2251a773c1506ecc24dac506cec3d9fe2","nonce":"b595dc6b2d7e2ed23af52988","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"19c97b9ae5b5ef512b5d602a9ef18af4528ea6e1095c8d6afdf250b03643bb74e78bfd35be2bf4cf292b14d9b7","nonce":"b595dc6b2d7e2ed23af5298b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"a190bff0391035502a5b0ee0710182c9e1ab0d7bb89d9afa110ef88039fe7f2be84f501b48d01f4c07b7ee6837","nonce":"b595dc6b2d7e2ed23af5298a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"fae13f8d2173103bc541133916be3114a73af317dfdbd62c55017ac82744c43c6fce78820bfb6d4ac4cad134b2","nonce":"b595dc6b2d7e2ed23af5298d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"591f053116bd4d985c6efd2781ccb4162754bed1e275db949ed4f6a856aff270b759cfeead0fa21ccc9fbe2af7","nonce":"b595dc6b2d7e2ed23af5298c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"087f701442a3584c2355566f336a976309b56b9c8aff243f691fed025b528a717913783522047198f57ee17db6","nonce":"b595dc6b2d7e2ed23af5298f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"14cef62d66c165dfcaf02c3c3bab7bb9b974ca50aebc8d396aa536ef716add2cba64401c309c6c77a7f5f78ffb","nonce":"b595dc6b2d7e2ed23af5298e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"a81356cbcaa063a8c585248aee1e37dccaa8e53b8e5baa3cbd626f93aae2da02dfd843d4a14bf0021ab814d216","nonce":"b595dc6b2d7e2ed23af529f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"9182828db77671695ae7465fe36f920a9cd5bce6970dd353958f9634ac2f34209988a19ad183a3ae4f6d5e68da","nonce":"b595dc6b2d7e2ed23af529f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"86e6522d8e86e88646c000be0bc2715ccc94a9740277bc314d1161903012089cb22fc8ff827a7d197301629fd2","nonce":"b595dc6b2d7e2ed23af529f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"22690236d111c11dfffb0201e64091b9c29c222540be11be39818e1a9e2c0299a6353fd739e166afd4b80c78d6","nonce":"b595dc6b2d7e2ed23af529f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"cc7432932731e83b3b538f9068ffb42d68396e48e25880008cdb3e49fe3dc33b2d3597c6e5fefd52d8695b208c","nonce":"b595dc6b2d7e2ed23af529f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"5c1c57cb139c99314a796e2fe08f00888eb7b88e4692b6b5bfe8945c8c04e267039785a1a3a939cec3cf17ca26","nonce":"b595dc6b2d7e2ed23af529f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"b6acc3c4cb01e3e3e8ea09a8183ed37ee5d92f30c754bd54df6f44ba39d996925f01af144a3f4762c18ba77221","nonce":"b595dc6b2d7e2ed23af529f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"1bbccaf46e1499ebd96437c33fae0276caf49daf2cbf56d80a0e753daa5edce61076a8bf69211542b1f991d9f5","nonce":"b595dc6b2d7e2ed23af529f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"f6054c1746263ac4cf68e05221784dd59c4fedc8f29d8fd2dc8f926f8d47e457150d31ec58f2349f4e75a27662","nonce":"b595dc6b2d7e2ed23af529f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"86fdd7a132978a319038ff477d9df671dcd9626dbcb518f5ab68bc0e5b67221227c4c3f9026632e93b7a417a9e","nonce":"b595dc6b2d7e2ed23af529f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"7da8760f77753fc11229fa46c96fe3ec0372815c06a219d990410a5b7add6c71f82df2e94e750a34b7458c93c6","nonce":"b595dc6b2d7e2ed23af529fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"9c4801b929cf43dbd17ac0fd21790cdfaa588b92a69141e5244373491c7c738b65ad9769a2944cab0d3e626d47","nonce":"b595dc6b2d7e2ed23af529fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"6f63f44f04943a3a17ac9312d880ade67cd1c29cf6176a8dcae56fd7565a675af9cb5eb2d152359a7d7914c061","nonce":"b595dc6b2d7e2ed23af529fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"6b2c47f2d1ac2c14244a7493a4f5fb64b301a7218981a98a14dc164223cf95ab1952f5e57f85c3d48c6057975a","nonce":"b595dc6b2d7e2ed23af529fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"043fa42d0df83fc77845b377452cf109e3ee2b9187886f5a5ea3af459b0d12c1416e39f5518db12f4a140b734e","nonce":"b595dc6b2d7e2ed23af529ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"3d6fd87d17cf79e2f400a37c13b6c6cdcfa46fff70842cf0de7334b8d9da0434d1cd6483b52821e0996cfba555","nonce":"b595dc6b2d7e2ed23af529fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"f552cd1d51e79b55948049ea8e3e76aab683f362de1efc38ae5fe89c7aef049a12051ec2365e4887be2178ef80","nonce":"b595dc6b2d7e2ed23af529e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"1f4b156022d388ab2d341621d0207ea8616d9976f90237b81dae04082569b33817a43427daaf37a4c5d412d5e1","nonce":"b595dc6b2d7e2ed23af529e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"9a72d23b42e274caecd0c2bf1e436f61d9637cb8ada88a63079cd973a06e02b7015750eeef6690a2a1385cbf3d","nonce":"b595dc6b2d7e2ed23af529e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"b59279242aabdafdf2732c0c22a598ae64348a9dd94b6a4e48113719d30463fbea626177dc6319f747362a4c9c","nonce":"b595dc6b2d7e2ed23af529e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"03b77bcde69ca79f7eea69f709489954b8f0ff2d6d21253f2c02f27ef6bdc8ad850ae8629710ef09d5a3f614c4","nonce":"b595dc6b2d7e2ed23af529e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"559e0ca99097327abd8e51a5d39431e45191a97ba9746d3785e0797ccaf48b9e29aafff3994e52fa2518498d13","nonce":"b595dc6b2d7e2ed23af529e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"b64ffd3e14fb06f44e95e984c044d85952cd1546af25aa78aa48e45b3458cf40e06185bbe6b9f7e68c2f81f854","nonce":"b595dc6b2d7e2ed23af529e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"6d8a9d319845f612bf22c2e5e70f553641fe9231fe956e2c8e79c6b597bbc3d3cf718ff1c1ec634e957e842e2a","nonce":"b595dc6b2d7e2ed23af529e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"abb788cd19cc9cea7f17722417687153000a249f64ed7c08fab8738ad5f4be50b2336d482064a4e4c435021fbe","nonce":"b595dc6b2d7e2ed23af529e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"6e1439c9c6d446cec0b69f5b1e4fbde087fb5c695e86bc162cb966f4e596979f95ae97e379f11c485319124314","nonce":"b595dc6b2d7e2ed23af529e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"e604c9f568bd6c327699061214e2f6c560d25a09f5a71623237bb49abfcaec740d11e534f80600a8aa4df64ff6","nonce":"b595dc6b2d7e2ed23af529eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"e624ab35fdf18a21bf91fff53aa6dab77e8f825de6523d3592be5a5d87bb3e9a8f112c1017f229eeab96b5d9de","nonce":"b595dc6b2d7e2ed23af529ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"7530331fad816aa367d4f28ae66fbcc52a126cb6b1d209ed9583cfb253bc7ed026d1e2be841d4f7de5dd64637d","nonce":"b595dc6b2d7e2ed23af529ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"e0ff4985f64be1b6743211df39677f71c090a059de34b822500a0ccb6b7d1af30c06c8fc3888516a8bcf5cb2d2","nonce":"b595dc6b2d7e2ed23af529ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"1599ba64f41e837faff602d99f54806f40dd56ba1f7791455b35edb83f0bc289986b07d73033609d01bca6a22a","nonce":"b595dc6b2d7e2ed23af529ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"1e9312f3ce6621fca07f0a7b481e88431069db81c6292e413a8fe37b236271d7ddf51668007cbc1d22ac09c96f","nonce":"b595dc6b2d7e2ed23af529ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"12b5c711d72841af624691a7055ecc39900fd85de1d624beff6fb330f274ca158ec824f112f37a92c09a7f54e1","nonce":"b595dc6b2d7e2ed23af529d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"d97d9d7337fc594c18a64f358ad7a062740647bdf3e063b762a851eb473776488e3eb0e8d35c11f2104e3dd999","nonce":"b595dc6b2d7e2ed23af529d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"1dc7039d18bbc8855e272dcdac75c5aa6b1e8341865fce55eb1f2338664c8eee06f88ea39fb8f3ad317361ccd9","nonce":"b595dc6b2d7e2ed23af529d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"7ab42575d14ea0b4cb4aec0918d7b625d66b5c68a70e8ef88ac07c61f85f373bf4493b9b312b222d8cc3a39751","nonce":"b595dc6b2d7e2ed23af529d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"215c68a3d8f38e9e5d81e844767bc73416acd7468bc966c35e75f6a02fbc09c88369b573ffe5c2e8b07b97b097","nonce":"b595dc6b2d7e2ed23af529d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"99346e453a71ed0ce531c4c035963e85aac3f010d3c88116f6014f9db18d0821818c47dbe4359cafd9a9d05c8c","nonce":"b595dc6b2d7e2ed23af529d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"779919b3cf5599540e57e975d0f7f2ad4882175540adda0a3f33541ef2cc2a578eac4ed1427d3be21af7d96a88","nonce":"b595dc6b2d7e2ed23af529d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"8fadcbaa40842c650fbe5bfec754d79dbcbc87d796bfb55241e4abf7d9cd9ca18220a63a7ab455e71dfdced724","nonce":"b595dc6b2d7e2ed23af529d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"ade869ede474e13dd30059bab336ca75da25b0a81a23a5b2f08157a8348e0f2848ef60184ddea1c172a67378a9","nonce":"b595dc6b2d7e2ed23af529d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"fc26ee406313da97ec26f33b800cd86c8aa28755e8b065b2fd7cd5a8b45fb35fda59c399c755d6f4ee8232aec7","nonce":"b595dc6b2d7e2ed23af529d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"7d96c30d63cb748d4b53cb23cf5c1afc0ee3c066044347043aac8b19236e23f23d3ebe66abfae2c8ba9457004e","nonce":"b595dc6b2d7e2ed23af529db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"a78ae69bb6cf5017fdeaa32954e3bae90771032021f3789a8a1c4e7c6d8acfabd55bea7af8a0d8d986c595e142","nonce":"b595dc6b2d7e2ed23af529da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"337931f9db536fd88eb8a0d83376768dbd6137b9b56d7207b4e01102f9a9c364aa9866dc8bab47b60e0358214d","nonce":"b595dc6b2d7e2ed23af529dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"e1289f5e232c5e8b956fab185c3fe56229d1f3d74e5974f9d68bf150043124ac2767fe3e2b572c012975096467","nonce":"b595dc6b2d7e2ed23af529dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"6276cc21cc8f91f0d39472089f850442c217387f59dddaf657fb0efe0d272b3392c60ceb9931d4df817a12c7ef","nonce":"b595dc6b2d7e2ed23af529df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"11c1190f6875b92973074cf8a60ad63ec0df4bb300739ef378ea683d1a49efa179a03238dc8d867b197c971216","nonce":"b595dc6b2d7e2ed23af529de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"993d3ee4f5e53f5dff28354d2f910c7d8f4db4fe40240ccb406e5ebf319c44544345c9558cb747ad48f45cbfaa","nonce":"b595dc6b2d7e2ed23af529c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"438074b5dc8c04031df8ff765451efed2a763488e75d4250c0972d203cbf4ffe23e4594450bdad09cb3ec56aef","nonce":"b595dc6b2d7e2ed23af529c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"ed9ebe02342c524df393225ef9e0a32c5a3e6b9da99ff1b45e17e03800ee3226f45c92e143062f2180cf2d42f7","nonce":"b595dc6b2d7e2ed23af529c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"a275854e2e609fc19c6437fa33e3df3259703844ba0aab9a3d1fd1b98fce256432244a78421457954fc2d513a6","nonce":"b595dc6b2d7e2ed23af529c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"50594a6917610313c3a20413b8652eddbe515a82163e50d4c34264886e193768bb60cc7ac264a55ccaf660d7e0","nonce":"b595dc6b2d7e2ed23af529c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"adbd828e9f08b13e8607385e2e78e5fe192cd0145b3bb76710e15c2d2e6b7abc94495423dd546379a4a32e1ae6","nonce":"b595dc6b2d7e2ed23af529c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"1e72019920d0defac8a462f4c2f39cdb811d169802aedaf6f3506c847d37e4e091b21ef8477ec4919a4c47b9a6","nonce":"b595dc6b2d7e2ed23af529c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"acee6baa23eb2c83dea82dda984783ee6352f1d2f3f4a4b7df78482ceed5cbf26ee95e20e4a13fe6a034678b4f","nonce":"b595dc6b2d7e2ed23af529c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"244df53ec9790705ed24e7d7c5e2883f0e4fe093956d75627bb75a0b0e4d452f2302232f7563c091ec98958b4d","nonce":"b595dc6b2d7e2ed23af529c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"f448bf0567edf8ef1415c26bfd7380987f8673571e7b2a6f776d931809c903c4e6a0b49fc0e78abd7e39990b54","nonce":"b595dc6b2d7e2ed23af529c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"3454cba50d5c006b5b3877609b9079d8dd4419d0b03f16bad09b4e305e67392ec815704b0b7a32753d145f278b","nonce":"b595dc6b2d7e2ed23af529cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"7bcd7e64f1a9d92326a5b2866f6d5b8c043d284437e76475fade3400e734d9ceedd13af530c9a097d893391e7e","nonce":"b595dc6b2d7e2ed23af529ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"78d3358735a8f5b9c7b8e67331a4db8e3d0a5b863461e40bcf390a44e9cf61dc8a9b78e97f3233b26b76df96e6","nonce":"b595dc6b2d7e2ed23af529cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"5b16f7a3e01d37d7d5f53e1528a5191c1b6b2914a87de05ad4e499f346c56b6383ecebc4fd440be6aedf8bae5f","nonce":"b595dc6b2d7e2ed23af529cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"14380cb64ba17f7041c27301f3670753d1abe65a594830890b0dd3cf1eaa0512219e8745882011e014edcb5987","nonce":"b595dc6b2d7e2ed23af529cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"61784366de82d4b19a9fbffd2c58bf86d550090699944495d8b35427accf182ae0b15c2ed91f33ea372b192cad","nonce":"b595dc6b2d7e2ed23af529ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"739c5aebbf88170d54736bfa5fda3fb7207a7a037ccdf51bdd9b316a54bf5991f83a354ff908b20d36a0c2bfc8","nonce":"b595dc6b2d7e2ed23af52931","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"15ea8beab30c4f1e5e3ec27cbf92b16051b9992d445754b24cfd396f57213c7ab2ba96486bfb4eec2e262ba0d3","nonce":"b595dc6b2d7e2ed23af52930","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"9c6498e15e689d86a50a69295062b49582d8c7c2e2aa4e86af6771f611a5a415e6218eeae67f464ead89fbc85c","nonce":"b595dc6b2d7e2ed23af52933","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"f54ea860c3a5c42de61355458eda89efa113431d1729b1e3f653bba117fcf67e5d0566a8cda20868e12deaf2b2","nonce":"b595dc6b2d7e2ed23af52932","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"8d84ef350c71840395b2d0be76027d3fa786bbea65dc1dfc0df89d863faf8ab41a6458fa37e852824c806d344a","nonce":"b595dc6b2d7e2ed23af52935","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"4898b5dc634ef2f0cb0a90f19a51eef72ffffbd544383fb7c6044cde60fa4427964daed81c6900a65694e2cb7b","nonce":"b595dc6b2d7e2ed23af52934","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"aa2b43cf57acf71659c459f08e2ffcbff7ce7424a75f12bf770c71db2b1715f4e4145353fa268e120b0510f4e2","nonce":"b595dc6b2d7e2ed23af52937","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"d2b2e79a0ada9c67c43d3ca3d5f90016e30d66b1053f87bc06159a8c7da190985e3315a8a52af13d851b27a462","nonce":"b595dc6b2d7e2ed23af52936","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"1ac2e994b7dc9ca3316c466858b92c3d71520a6dfc9c506a42908c96780f5ff7b23a1e2cd1ecee63260d1ee3e6","nonce":"b595dc6b2d7e2ed23af52939","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"ca7d597958c449a7e1970e4c49445d028fe5640a178763ce55ac35764b897a3621c83fdd73d1c3b7fcc39602f8","nonce":"b595dc6b2d7e2ed23af52938","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"a14bbae71de5afd433b30b942d1400bcfa43ed858ec9f39d60c06f45dfbad4d72d959a65c0eae74874dafd96d0","nonce":"b595dc6b2d7e2ed23af5293b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"9d0dc461a45e9cd2a41371b05e5b144153a4fbfbc8e66dbbfa03f25bc54150e5ce75344f8a4249a21edf13d562","nonce":"b595dc6b2d7e2ed23af5293a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"88aab7b55904c756f29aabebdc919eb6cd0eb69ea8ede02d049fb8622bc2a962c8609225dae455800b52bb93d0","nonce":"b595dc6b2d7e2ed23af5293d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"2c005dbc8fd66e15442e6997dcc7a5a80fba2343e45711939a0340db551033cd7cabe5b0034f0fccbb0c607c06","nonce":"b595dc6b2d7e2ed23af5293c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"80d85e5184d2db7354e8967f400d926afa060d125458f99e5d73cd90d35106ca46ebf61880fd52a5ec6e04f659","nonce":"b595dc6b2d7e2ed23af5293f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"b4006a57ee176bfcc4ec8982413ff03d4b550f01be6a38dc3587b98c61c1acccb21f20c8bd6321cf163af4189f","nonce":"b595dc6b2d7e2ed23af5293e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"ff7c6c432dbfeb18143830fcb8c24dd00cd36e41f00d81936fd7abba7b87cd6bf4589ab81eed9f649ac59dfe1f","nonce":"b595dc6b2d7e2ed23af52921","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"fbfd15373e840cd4b09b4775adfe551fb33bd92c01b412c550e116acd03e63ce46ce34b8cd62c9ac052dce43d4","nonce":"b595dc6b2d7e2ed23af52920","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"79a0b849d681a13f2d010123c8db2e85e714daf888fecc15392d93637a7c89e1e1b64067048fe78b739504ce4e","nonce":"b595dc6b2d7e2ed23af52923","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"d74717d704245bd3954836db7cb92094ce4187cd4b9dc2759588838bf6fde2d1bce89728f0997f93b9a41a8539","nonce":"b595dc6b2d7e2ed23af52922","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"70f48259cf92674c2c08de9713afa94b522dde7a0619cf7e2d10d8f342ce9085fd8ac20429780a7b388c967ceb","nonce":"b595dc6b2d7e2ed23af52925","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"a64c2d5f5800fdb231c19ac410098cddf6df7d8364991e7debd0c34153ec325d53c33159d2fb0d743f2f311470","nonce":"b595dc6b2d7e2ed23af52924","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"6569e147b46c6f2cddc03be18b6e2b6b1c08932ed9f446accdee4af01b7e74c7ef8a14fc2c612952573cad71ca","nonce":"b595dc6b2d7e2ed23af52927","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"31da617e9941554345aa1b246bd95c1fadb980665873149deb1e8b976168b2d148a1db9beec3465f70ae03f326","nonce":"b595dc6b2d7e2ed23af52926","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"2ae9ceda0104c940011c9cfc1348ad7ce8778d752144abd7933f5cd64e879abf7d1b9f459b021303b29beb500f","nonce":"b595dc6b2d7e2ed23af52929","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"6c4d84903a5e46dcc5d72907f6c3170684e9ec48940b799710d0d5a441604ba572ab1cfd6749ca43dbee63834d","nonce":"b595dc6b2d7e2ed23af52928","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"592047f88da85aa609130f6378674458dd39ae5e3d552c57838c180b9092b925a15456633f8dbb6715b47e2681","nonce":"b595dc6b2d7e2ed23af5292b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"6736bce16107f7279d26eabf576a6a2d6ce680698d86e246cc985d1732027041c611e7833e7c3c0ea581e2ba0e","nonce":"b595dc6b2d7e2ed23af5292a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"ba8908a88d3fcda990d6a1c92490e4cf16a3fa04a41c1d0ce1e77a77a213c5fa25c3c2343c5963473bea1425fe","nonce":"b595dc6b2d7e2ed23af5292d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"8a0bc6a2d3751b29fdccb69e5e9007e177b5b5f2c8125170140c2f34f35fabe368cb4cecfe4161d59b72ba1adf","nonce":"b595dc6b2d7e2ed23af5292c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"0bf1c0ca6452017af7f2308ce87ab840611b9198cb0857b83417c0c11c02bbc6753a251b5b5bffd6d50f44030c","nonce":"b595dc6b2d7e2ed23af5292f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"128e0dcbc0fb2991862b4976fc0f5f27d09d94fbdad93f8f92b2eb81eb3b8b25b5de5ecd79735856986c95c017","nonce":"b595dc6b2d7e2ed23af5292e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"f7d13aaca95092e5b36f77c5241a4049e0b6ec7fc0c6120d367e067111b48dc58cccd8b6064c6ec4df1b979456","nonce":"b595dc6b2d7e2ed23af52911","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"3f2e08ae6b155c1cac3b67b114e253889ec38f95fa980cb8ba1319f8a032414e0b4e403e2f026d902fd7097ae8","nonce":"b595dc6b2d7e2ed23af52910","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"8a3006298f38f7cd2c1a003e7ee08a30429f56a48ce59773709afedea189747c0e27d9c50aef8c663e56856150","nonce":"b595dc6b2d7e2ed23af52913","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"628862f0b84b7dc3d2068ec4a96d131b507f041760ce81c85e66f6a4a680874943d7256df33523695740fbf826","nonce":"b595dc6b2d7e2ed23af52912","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"6270a5f118983118f8c674d18ddf550acf27a61a3ea05e1923e40b03ac433d7afc90e00e67a78b5e8d73ce093a","nonce":"b595dc6b2d7e2ed23af52915","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"f7a702374411d19cb4295dacf51d169864ff36071683b594323f52f17752b5ae464e54853796f1d9ca5f7e0485","nonce":"b595dc6b2d7e2ed23af52914","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"1d69cda57f7e576a0c926933f9de34a8363f1469e9cde6e080ad6cdcdcc4974e0affae587c72d58479835b60c2","nonce":"b595dc6b2d7e2ed23af52917","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"7f9224bd9d015b0d361e69706c668c2853c2f6ab8e6efaebb0504db2a502b06b5d6f14967844923c11141a4ffe","nonce":"b595dc6b2d7e2ed23af52916","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"92c916ae290a9b496e64659e3d233c07178a9b853599f1b0a9f6eeb7a52d62988124eea944d13f90dafff88294","nonce":"b595dc6b2d7e2ed23af52919","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"be0fb4bb1aaa4ad0e962e9717255346384b88e2a10614a6600f9ba9b8fe271c17019c3347e6bf6378928c6a48e","nonce":"b595dc6b2d7e2ed23af52918","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"931774f6416eb662fd356ba3f6e4b332617c1b8d813eab9fd677d624e14368c19210e1084aa32097b8ab84e7c5","nonce":"b595dc6b2d7e2ed23af5291b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"e52a86b7d54fd26e4e7dc4b6dde4cb79f7da0a46c4336f91715a720e4c34568c2b2b70da53ca80133fa724dfaa","nonce":"b595dc6b2d7e2ed23af5291a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"f6d1d37f1bb35759af59a41a725831be78fc3ef41877354d962fe1f2a1d478b5941d97fc69708266f1b6800bd1","nonce":"b595dc6b2d7e2ed23af5291d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"778d3fd4f81b02b9ceb7c0257ec82f9431f8ab3b4b8c6b620d45ded5e7121d8f153d902bcf3bbe2c9f01e9b7ec","nonce":"b595dc6b2d7e2ed23af5291c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"8816f67c16db8e6574ec73f4d10524f289daeecf3e62f96b9cae8dae71d68ebcd9e0173f3cb866220cf5ee84db","nonce":"b595dc6b2d7e2ed23af5291f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"7da006c56ca3ea5afef162f1313cc721119a06913ccbd3d72de2c7a6e3af1e3e5e3841ee1e24fc5827f9d97e2e","nonce":"b595dc6b2d7e2ed23af5291e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"db9df85ea88db171754b5b70c2e223390d2fd8498117af686d8afaf72fae32b518260e16a829a2ab7aa19a499f","nonce":"b595dc6b2d7e2ed23af52901","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"62cd22431fb63bbbe01c4e374adb86395e669d3316ba893f385455eb8425329f9c91d4b2ec518ab8aed826e716","nonce":"b595dc6b2d7e2ed23af52900","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"6de23a0a87f30bc2d39665db283c2723072f5095a51f37261a02adc36d8b96d2314c1d584fedf0587394f38d6f","nonce":"b595dc6b2d7e2ed23af52903","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"23fccbf14f5216f3fd81e73bd53688d3b7f1d1882dedaac7dcda890f19b6b21fe1c39466abdd7a47244a7a640e","nonce":"b595dc6b2d7e2ed23af52902","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"14a5ffd23f973ad781ede6efbeb73aba3eeff5e54c3cab4b68879c60a44a38d367060644a31c091a9ddcc0f7c6","nonce":"b595dc6b2d7e2ed23af52905","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"9a93e6f9cf46ee137074f68d776492c885243d8de434cd5276af1ee8d01ad6027827ae54f42f94708348dcd766","nonce":"b595dc6b2d7e2ed23af52904","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"c7c66b2cfbef54ad1742dd874e7dda8ed931141ad303695373aed4a673d96bd785f34223296036374e24b1da1a","nonce":"b595dc6b2d7e2ed23af52907","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"effd102c97f2e104aa51ad9874a3b2046839e4165b7e85f39f2764c6eaf5af7f2a839d247f87b272b866d525cc","nonce":"b595dc6b2d7e2ed23af52906","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"855c119f395a76dbee363b550483960d9346b4949d7c6e1be351b4f4ce57463f922aa23ca6a3dafb40eead91a6","nonce":"b595dc6b2d7e2ed23af52909","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"ab6955be923e7ae3011000b281cc2592e602343b7c4c1418883226658b932c452306c2885d416be157a613def3","nonce":"b595dc6b2d7e2ed23af52908","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"6650d89e121039d9ddd2ccf88ff27fd029f0f37ff106b311cfadca2580b987c749d02c74c0d1a49b802a09cbc5","nonce":"b595dc6b2d7e2ed23af5290b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"98fda77007cba7a839e87e4ed5972dc99d6d43f70bc09feaed7ddd0e0177ab31002daba0db674c24ec004d6392","nonce":"b595dc6b2d7e2ed23af5290a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"8b55fa073fe7255361cc9341a7501c4782230178a4c1c73cbe155d6c09dd83f11d36401c9eb31e3866ddbe863d","nonce":"b595dc6b2d7e2ed23af5290d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"d6c6eb34b1a413e85132fc4589e638fd859fcd197fab59d86aec31132fec2c250f97e046af0805e506b586d1ca","nonce":"b595dc6b2d7e2ed23af5290c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"8efd35b4dc4c3029dbad34b676371c3910dd92dfdca8118c59e5d4b35ebe4407720ea9847c9a8629b13954b50a","nonce":"b595dc6b2d7e2ed23af5290f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"b40d87e2d5df3f21fd9a578c1fd6920b77b0ea2fd4b78586a049f927c7dc0875acf9faf7182d0ee07e0f23f0ad","nonce":"b595dc6b2d7e2ed23af5290e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"79475c59a3156ef08775ea175129c178d6011d13a36ef1f6ca31a47b6a3f76322ac21c263c086b789a0319bddb","nonce":"b595dc6b2d7e2ed23af52971","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"6f87f0bb7b414cd20b8ddd5768cfeaa53524474e870883b609c9f18f2e43b05e034d3406f0093adf38ad65af8b","nonce":"b595dc6b2d7e2ed23af52970","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"18f1e65748126d8311c2998261bc9b401b331ce4b428cb986a9fd406329785677aa8bb74e1f79d38cbc5ce48d2","nonce":"b595dc6b2d7e2ed23af52973","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"3793abee477f02aba08c2fffe82d98ade7d4b6d2a368c476189a8f78166d46fb78191e41f48ebb7fd37ee8b762","nonce":"b595dc6b2d7e2ed23af52972","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"f3f86f2d5235618a891248a0a3a36b66531458990a0e59db068cb4326d711959a6165961a4f42779459d874ea3","nonce":"b595dc6b2d7e2ed23af52975","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"0b641bb680fb115702ca5d55bf2c29a22faf1d72685b6525ce4d8060a558d0d23b52f872d1e60f99063156c7e9","nonce":"b595dc6b2d7e2ed23af52974","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"25f61ea5e7ee528edce110418835235527345e45c4ac557fee4248efbc303de40036fda6cae543ea2b35d419aa","nonce":"b595dc6b2d7e2ed23af52977","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"8a515cb1a5eabbbfd64cfc8e65724bc5af57cffcc5e954a35f19d67cc7426b2d3b3dd7da9a32b2b98dcc3601a6","nonce":"b595dc6b2d7e2ed23af52976","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"94b74518205cd6892cbf1121d9c1326df55a18bb1806408c68f3e88f15dd7384df98b1a43ff1d7167205707429","nonce":"b595dc6b2d7e2ed23af52979","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"360e215de1007962a0e8abf4edc13647c543480d4c28d6af76a6822c04e2596d2648d87196bf1fddc89309762d","nonce":"b595dc6b2d7e2ed23af52978","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"26cca97b2481c4daae02c531b74b27726a09c4e5c5c6b65a72ee7c90bf133b531671afacc5bab211aa817ce5bd","nonce":"b595dc6b2d7e2ed23af5297b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"42b60c5a2569ce65a0659e1e87053a3d624d033703d1ecb7e2d23f4cadc204163cae1385966c500e95cba688a0","nonce":"b595dc6b2d7e2ed23af5297a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"fbb0178c5610b68baa953d621e22d482ddd20bc638dd6152865686e7710799421c08bf578c098139d492200f41","nonce":"b595dc6b2d7e2ed23af5297d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"879ddd1dc6447a5ad87eac52d801b820586af0bf3e19243ba08d757cee4b011f55cccbfc371073abfa3064c347","nonce":"b595dc6b2d7e2ed23af5297c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"c2cc6f8f73110e9fca8021ffd79c8b5624737620bbfb2dcefd87a608fbf9545b9407685192e6ffd771c7d911b4","nonce":"b595dc6b2d7e2ed23af5297f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"4ed8897ea8308ec5673d3592c48381236f05e46b125982c182cdfcf7c4ace5cf6959157491c27db2ea035fcb4f","nonce":"b595dc6b2d7e2ed23af5297e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"fd172ee9b09b2ee39e138181b97db3be9c5223f500440fa547febef6b6a1afd1f313a83d7daf3c1c8f9974c490","nonce":"b595dc6b2d7e2ed23af52961","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"a14d405a95d05b58fcac10cf04da226ea8564a79afa5b8101eec4f0b493801c8fb20ec168ce720f10ae6aa953a","nonce":"b595dc6b2d7e2ed23af52960","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"b9801596001d7c7b068dc21e9e04515a08861eede6aeb0b8d42df495a3b255be8a5a21e1a8ee3991d944bf88c0","nonce":"b595dc6b2d7e2ed23af52963","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"e95e4e168ccb0698b5fc4869e5c4f0712cb026391100885e7d5e67b491842d3f6d522a9f7064df3d3413177234","nonce":"b595dc6b2d7e2ed23af52962","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"2047a7dc172f3c821f4b325961811bb7286d7183ceb77867329cc3d9e517fd467c01b8e50b3b7167e669653fd6","nonce":"b595dc6b2d7e2ed23af52965","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"e179934882a2e7322267d1d2d098fef94b0052572b0d8aa76500864808a88207ff8d41bea5695b7fb8804455fe","nonce":"b595dc6b2d7e2ed23af52964","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"2dfbaaa9620b2ae66ace3b7a54b99cb487d03b5102db48da21541272d0ea3ce8ed8e571f4ec3496e036840cd3c","nonce":"b595dc6b2d7e2ed23af52967","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"db21df0f63a118dfffd5ec92aeffeac12d51a1f89431a7db176c657d8181a50bad556ad1dc6c69506cb79c82e8","nonce":"b595dc6b2d7e2ed23af52966","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"313c7f95272e4f2d1a64537a2cb984a52bb88dcb66da8d4c19ef8d7b7b4a0b5d51255114b10054b6c40a2b803f","nonce":"b595dc6b2d7e2ed23af52969","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"c1b7c88674fc5e47321d5789e717b139b7970df0fb81f6e8d30ee46a8e09bae4c70fc1847b203fa95567d83276","nonce":"b595dc6b2d7e2ed23af52968","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"c5176cf6bbcae32ce84cbc853b3a47a98b56889521d224a60a6df0b07a7ee7552b40483efc015cb336881d329e","nonce":"b595dc6b2d7e2ed23af5296b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"a8fd4359f91149fa82724ccb38c4fde6b50f98432e36bbfeae9d90546e9b3967521e5e2e74e85d52c12826ed6d","nonce":"b595dc6b2d7e2ed23af5296a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"2a2625385b37a0347df4a99ecb112dab8c4fd5fb3efaa3e455aeaca782b3dca6d3004b544cba586b98134f46f8","nonce":"b595dc6b2d7e2ed23af5296d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"149ebf558f33e5718d862abc72b2211e8197763e4f499b0f072170ec64cb36f150c295c1f9993e516721605378","nonce":"b595dc6b2d7e2ed23af5296c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"76d5e4cc51605a02aba469395f129e7dd6c8e35d91bd77e37f5caad34e02757c49991987438151ef78ebadf361","nonce":"b595dc6b2d7e2ed23af5296f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"19be80021f98746dce0158c5b3579e4b5328bf8db8948b05d0a1564caa897d999379cc10e4b97568c9f23c04f0","nonce":"b595dc6b2d7e2ed23af5296e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"6d34ec23a6fa525dd806701583275f7e2c2477b662644bab984d61db3f6bd6a85cb813cf1537b85b688690d394","nonce":"b595dc6b2d7e2ed23af52951","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"fbcdc6b358860045cbaed7dde736b733dcc129650a2bb16b9fe8cdd72557c45b57204d1877c5165b6b89ec1133","nonce":"b595dc6b2d7e2ed23af52950","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"630d3372ff89ebe0c30f54244024508d9aee6ce7d93e9557571bafa0dc8c84b2bdabcabda82d25fff43581eb41","nonce":"b595dc6b2d7e2ed23af52953","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"46303d4428f774296088e3683d761fe987976aaaef6a0e9c9dfb96681d6f069512e6efc90af11aeadbb03c2bc2","nonce":"b595dc6b2d7e2ed23af52952","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"7f5b5a027432e9fb410274f17997ec8df0f99ac0ff70d4dcabc96b2eef3392a4bad61c0ee26391bc10f044a283","nonce":"b595dc6b2d7e2ed23af52955","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"d930137c418c625dd7cde37175a50c823cab69b223b1712ec416f15f218227097758a05de54a1a44542d21ca72","nonce":"b595dc6b2d7e2ed23af52954","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"71c914bdfd4dd786d9206138cbc5af90cbbbaabd57d9366b03265dc60f5febb1e3db17b33977f27adc25784c98","nonce":"b595dc6b2d7e2ed23af52957","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"2f43c770cb8ddf939f6f55a119941be62f54114bbfda7c3e7bfe150fa3a65c0759cddf5691b3a8f287800c983d","nonce":"b595dc6b2d7e2ed23af52956","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"465c541b2100ee00b2441a354c85566f644e1b7cb16fb39d5de7a1e67fb76b7e3e6bf9cf75309865a614f5841f","nonce":"b595dc6b2d7e2ed23af52959","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"4f6fa13af56f1b40bf96f6438d593b7560aea1d9cec75b418f76a50a1fdc08670feb4ec2a9f7f207b3e9b733ae","nonce":"b595dc6b2d7e2ed23af52958","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"2b362981061b0314f81f35c094708aa28995ff8a99a06ee206754ab1734ad88a8b36efe1fb1a0e1ec3a09750fb","nonce":"b595dc6b2d7e2ed23af5295b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"f73913a6853cf5c07567a87f7e0a6f17c7bba7a01377192f9b9a7ada6afa2bf44023a95ce21b9ca38b7fb56356","nonce":"b595dc6b2d7e2ed23af5295a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"3138e5ad4334474afa72bf513741b34e6602ee66b09dbcc8203317e8f0a01c48a517fe7dc18073ccf66a609a9a","nonce":"b595dc6b2d7e2ed23af5295d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"31d81307c1635d2bfc9644c3333368e079344b6cac36480871052335d820ad9ed1dced19cef80a0cfc74595cfb","nonce":"b595dc6b2d7e2ed23af5295c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"28aab965c6e18e1bc99ca0a121431b13b4ba924dc1700e7d80b6b86c9a4e9c51a10c0bd1e4c818c7bbaf7dc94c","nonce":"b595dc6b2d7e2ed23af5295f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"cb3e9a71ea765395801a89fbad8a205cc7712735c5a70049f7eead102b18c21db125c5024de5d416c6e3062df2","nonce":"b595dc6b2d7e2ed23af5295e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"6d993315ff70b50016730e483374c5f317bd7ee3fe89e8adbf61ce2ec3482e7f6a9bb311c62f44a887b331072e","nonce":"b595dc6b2d7e2ed23af52941","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"6a8bd921d3a90111d751f917ad2d5527bcb1d1dd4511c0bb5a9bec2431fa7a704e183e74d08e3d109b79d680cc","nonce":"b595dc6b2d7e2ed23af52940","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"2e5c7dcd03efba79ad9abf67e82a3ffcf1e2c1497fb2d237d001c1743ff5777ea5e560d4356373166dce9e8b46","nonce":"b595dc6b2d7e2ed23af52943","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"2e069458ed1fe9d672fe5e5789724c4dd1a59af33f7f88619b3b85dbf8a7aac2eae266a9b266876d81b17274b0","nonce":"b595dc6b2d7e2ed23af52942","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"23e9f0ecb5b9f1e0d943e0293a78aab7b8a87eafd3695a4ee170c4fe2e908ed66f2651cc7a36364f36c13d513e","nonce":"b595dc6b2d7e2ed23af52945","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"a2595cbacf45b3be80ae60e50a5902b1b1435235c1aab93b3e9c8ca432a69ab9f4612d9d6a04db4f4db7de6673","nonce":"b595dc6b2d7e2ed23af52944","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"7aff62699c5656c93e9f4872c8da765a6f37ea1b19e819ff71cdfb0856cfcd8f306dfd38723da526138f250214","nonce":"b595dc6b2d7e2ed23af52947","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"7079e3bd76d8f632172306943b532c2f2e5d07503b2a3749b239d02d1b402f7340eabfeadc96d0c9b3ae99528e","nonce":"b595dc6b2d7e2ed23af52946","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"fc50fe4fd042395753015dea34f2b2107a1f0c6185adc6fa1248df4f1ec82724a1e48bf235d61f0fa05f07ad28","nonce":"b595dc6b2d7e2ed23af52949","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"fce8d1efcc7a25f38b3b436a4ca3fcb416cf953796bab025b1eeb05d9757a5bd8549c1503c2f59bd89e357d26d","nonce":"b595dc6b2d7e2ed23af52948","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"25ac1e99875610a45f6b855cbbec67ef6c20e6d2a1024c37132eaa3cd1aadf2f7f4880933e9c9c9c5a0a17f42b","nonce":"b595dc6b2d7e2ed23af5294b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"73bc4dd40c6a2ac77964e78dd0ec9625a2a3a70978dd57eef31a5a73d2438256015df2210b3e0958d39cfaf87e","nonce":"b595dc6b2d7e2ed23af5294a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"8b1c487db0b8ea909fe65649d7c39368e51ba7bc40709e6e1e531bf37aecb77175ed46060d967dc6a876aad6bb","nonce":"b595dc6b2d7e2ed23af5294d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"933c10d73cda03240a4702b736f2b1745da520f24cd20a1f0232ac3160138164d9d07074c764977cceeea91a65","nonce":"b595dc6b2d7e2ed23af5294c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"68e3df0353a53e7ec89ed00ca4eff679eeb2502207dcd621ebe676e409c4f6cb0dc5bae40545a4cb6c023e0716","nonce":"b595dc6b2d7e2ed23af5294f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"cdc541253111ed7a424eea5134dc14fc5e8293ab3b537668b8656789628e45894e5bb873c968e3b7cdcbb654a4","nonce":"b595dc6b2d7e2ed23af5294e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"faf985208858b1253b97b60aecd28bc18737b58d1242370e7703ec33b73a4c31a1afee300e349adef9015bbbfd","nonce":"b595dc6b2d7e2ed23af528b1","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"a115a59bf4dd8dc49332d6a0093af8efca1bcbfd3627d850173f5c4a55d0c185"},{"exporter_context":"00","L":32,"exported_value":"4517eaede0669b16aac7c92d5762dd459c301fa10e02237cd5aeb9be969430c4"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"164e02144d44b607a7722e58b0f4156e67c0c2874d74cf71da6ca48a4cbdc5e0"}]},{"mode":2,"kem_id":16,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"7bc93bde8890d1fb55220e7f3b0c107ae7e6eda35ca4040bb6651284bf0747ee","ikmS":"874baa0dcf93595a24a45a7f042e0d22d368747daaa7e19f80a802af19204ba8","ikmE":"798d82a8d9ea19dbc7f2c6dfa54e8a6706f7cdc119db0813dacf8440ab37c857","skRm":"d929ab4be2e59f6954d6bedd93e638f02d4046cef21115b00cdda2acb2a4440e","skSm":"1120ac99fb1fccc1e8230502d245719d1b217fe20505c7648795139d177f0de9","skEm":"6b8de0873aed0c1b2d09b8c7ed54cbf24fdf1dfc7a47fa501f918810642d7b91","pkRm":"04423e363e1cd54ce7b7573110ac121399acbc9ed815fae03b72ffbd4c18b01836835c5a09513f28fc971b7266cfde2e96afe84bb0f266920e82c4f53b36e1a78d","pkSm":"04a817a0902bf28e036d66add5d544cc3a0457eab150f104285df1e293b5c10eef8651213e43d9cd9086c80b309df22cf37609f58c1127f7607e85f210b2804f73","pkEm":"042224f3ea800f7ec55c03f29fc9865f6ee27004f818fcbdc6dc68932c1e52e15b79e264a98f2c535ef06745f3d308624414153b22c7332bc1e691cb4af4d53454","enc":"042224f3ea800f7ec55c03f29fc9865f6ee27004f818fcbdc6dc68932c1e52e15b79e264a98f2c535ef06745f3d308624414153b22c7332bc1e691cb4af4d53454","shared_secret":"d4aea336439aadf68f9348880aa358086f1480e7c167b6ef15453ba69b94b44f","key_schedule_context":"02b88d4e6d91759e65e87c470e8b9141113e9ad5f0c8ceefc1e088c82e6980500798e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed11d493ae1c1d9ac85","secret":"fd0a93c7c6f6b1b0dd6a822d7b16f6c61c83d98ad88426df4613c3581a2319f1","key":"19aa8472b3fdc530392b0e54ca17c0f5","base_nonce":"b390052d26b67a5b8a8fcaa4","exporter_secret":"f152759972660eb0e1db880835abd5de1c39c8e9cd269f6f082ed80e28acb164","encryptions":[{"aad":"436f756e742d30","ct":"82ffc8c44760db691a07c5627e5fc2c08e7a86979ee79b494a17cc3405446ac2bdb8f265db4a099ed3289ffe19","nonce":"b390052d26b67a5b8a8fcaa4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"b0a705a54532c7b4f5907de51c13dffe1e08d55ee9ba59686114b05945494d96725b239468f1229e3966aa1250","nonce":"b390052d26b67a5b8a8fcaa5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"8dc805680e3271a801790833ed74473710157645584f06d1b53ad439078d880b23e25256663178271c80ee8b7c","nonce":"b390052d26b67a5b8a8fcaa6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"cc35c0fd3e2998284d171402560813c524c7274dbd870d93523270e5a4bcb7cdc7615def30b73ee0ed6f1d1162","nonce":"b390052d26b67a5b8a8fcaa7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"04c8f7aae1584b61aa5816382cb0b834a5d744f420e6dffb5ddcec633a21b8b3472820930c1ea9258b035937a2","nonce":"b390052d26b67a5b8a8fcaa0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"0513439a7dad9e0ba738741a0329c5dedd2af432a9022ca15babb7cf5bc94eb9c98aac568cf65f1a987d6b283d","nonce":"b390052d26b67a5b8a8fcaa1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"a0954bd76aaf91cb124b1473c321c26009bb253426169e26f6d3c1753d79d68e8cdd7d4f6421087c8fc3e5c9be","nonce":"b390052d26b67a5b8a8fcaa2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"5b2f48266f85efaa9d3fb8bc14ae818c58fbb1adb9083667978f50ebcd2f7008fd63f42e58faf149128cea6df3","nonce":"b390052d26b67a5b8a8fcaa3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"20ef0bac7e91ebdbacbeaab6991edb88f4555a20e3f05170fe523ca740858c7e4196b3ac4d22e6e10d8d1c8a7e","nonce":"b390052d26b67a5b8a8fcaac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"c8fff6563d728171579e2d10cc48b7940b1a9cdf2cf6efb75e9708580a4436d93164cc17f97716e30f9eec43a4","nonce":"b390052d26b67a5b8a8fcaad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"451cb8362d47a6bcc6ad763facc1957b6755a8c8f3b667ffa0c99e882e198bd489e4491d19a9d8e61f49bfe08a","nonce":"b390052d26b67a5b8a8fcaae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"747714928d9d670171dae177699c9655e7139666cc8dc5965fc1c826e442703e39b42580d91bb11a4d4dba1254","nonce":"b390052d26b67a5b8a8fcaaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"1beaf0e462bc5f65ad94ce70d48f4d94419da23f825683fc882ab0f533089e25c26c9935adf64dfb27cb9a41bc","nonce":"b390052d26b67a5b8a8fcaa8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"eb9dbcd6f96c75f7a4e37eb3914ec08c7997d7160eb91fc85d93a07663d84cde5cc8eac735e34fc6455424f80d","nonce":"b390052d26b67a5b8a8fcaa9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"221bf3ad6cc96665dda3e679127eec7ff4929be494e5929461fd726ec3e755fcba8390d4cbc19b55ff55eaf75b","nonce":"b390052d26b67a5b8a8fcaaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"01a9baab218c5cd0b37b782b96eb61daaf0a9296cee6348a87272a7950df285841867fe6aaee76fdd48e9169cc","nonce":"b390052d26b67a5b8a8fcaab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"b959f18a13b8d4784b775149bfc703aeb1dd05ddeb632804f4651fb1de864439faa90baf1945aca45b7f4557d0","nonce":"b390052d26b67a5b8a8fcab4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"8f2db45780c061a86bd3ec4fad8061a529ea4285f90b125c3684796642d26d893d160addd64ec75fabd9f8e1d5","nonce":"b390052d26b67a5b8a8fcab5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"6863a4983a5814744f7460281ef3c8efc5270f43febf562d711c028793c504b96dfa90cc741a55e54865f395da","nonce":"b390052d26b67a5b8a8fcab6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"17abf58e0caaa4086052ec0c0e42c031c3d4dc89fbfbd58de60989b2e274dd32ad3cd1fb9c9dd8babca53b7167","nonce":"b390052d26b67a5b8a8fcab7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"2ca4c7ce9a7fe6f1b86b6fa0c4dd379d546e05a8addaf2583a3270dea7eb9a57f474ca8e77059e52c44d83e167","nonce":"b390052d26b67a5b8a8fcab0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"9d57a8e3e5ad786831f10fc6dc2b14865cd572368434c999ccfab85924adeafaaf7a82bf67bfd2322558bbff54","nonce":"b390052d26b67a5b8a8fcab1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"c7c124f10ddbff77b0b14557b9d0a36f7f88cdd6699513725f9d68974999509a32edc59c5e6b7a15a26a6fba0c","nonce":"b390052d26b67a5b8a8fcab2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"7274a4d2cc76c31361ac4b5b538b9964409c9e840603ec9d922e0bfa37ec69f9b0240de579e87e20558be0995f","nonce":"b390052d26b67a5b8a8fcab3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"1c0c942a42d0d42216446e89ca7b9626d822f091ebb7bc35c17b89642d176ac4483501604bcec4dcfa2cd75176","nonce":"b390052d26b67a5b8a8fcabc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"bcd0d249ca97ec229c6984249bea29da4ca44a04d2b13a8715df815f6b694de185c74210c65db7d3cfa8f724d5","nonce":"b390052d26b67a5b8a8fcabd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"e96a96d451a7eaf41a4e933168a547369ad729eb6da303bc22aeb721f3db057aa4b1365cd73366aa8e0fc1379e","nonce":"b390052d26b67a5b8a8fcabe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"ee5b2f874a789a8ca6a8368a68668ff91e7cc5ae64d92e01687f177158d9fc5996a04959986bf46ef51f1ba6a9","nonce":"b390052d26b67a5b8a8fcabf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"93519240fc4c497adaefe6a02ad90a7b7de72b9c5c043fd1a67abad107fbab7f6a4adfa30896d929ad232196a0","nonce":"b390052d26b67a5b8a8fcab8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"779f6d046b2772318833fd75265526823ca459ddab1bae98be0aba3de4c31c58302de698fc060b68b98c0923d4","nonce":"b390052d26b67a5b8a8fcab9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"69cd8a4f0c952e6e3aeca7c77e1bcf51cba1480b076ca5b6014e99220c21e1279d376b8d36e77a1b76534af8cc","nonce":"b390052d26b67a5b8a8fcaba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"4087c3567292a07ad926e8bdb4c8c0ef9e18063e77d39645a1201fc98ff5a5d980f25779f236389a0734fc7274","nonce":"b390052d26b67a5b8a8fcabb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"3bdc256afafb2549dfc57f1a6a706e4b265f342612a988a653f0c2064f87d15bc798d6c81a15b29d1e4cc8e248","nonce":"b390052d26b67a5b8a8fca84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"47385ef79eac7ba5f0b1b391204999b3b0f614e426486a77529dfa88e0aa380e7cd430ee123243b34e13cf211c","nonce":"b390052d26b67a5b8a8fca85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"9fb326eadd21158d94318893e51b9fa572da1502fa1f5dfca384c4cc3b1c9ef9e326cfb23affe5a6eaeebe2619","nonce":"b390052d26b67a5b8a8fca86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"d332ff6fe6d48a95b576880e2b3ead3f2c22f5daa276356c43fc304a03ad6a3253cc3714c630559569d70dfeb5","nonce":"b390052d26b67a5b8a8fca87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"fe1d051185c9a843c42335f8ce14c9dd8cb85beb96700d7cd4541bf345888f8c0f9c9687a5352d4318a2380cd2","nonce":"b390052d26b67a5b8a8fca80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"da87ebbc6243872a814316d5ebde612beebb1f964fff7ffa631c28b1417ccf46aa59149876b1efd1e1a4403397","nonce":"b390052d26b67a5b8a8fca81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"7e6f06ded34d51a8c670e98fd51bf8a8720a26ad9c9933f31c512e5cda74a889284dc3b7081c047d4d10575dd6","nonce":"b390052d26b67a5b8a8fca82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"7f1451c62f9e891448a3ab6d6282dd284dbf48d9af70b641a23ce0910d5cd106e792871a8ca7bb5fa680785724","nonce":"b390052d26b67a5b8a8fca83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"b02011ed371e7d4d947cb6edb5fe537c777cc7b9abcc99b4dcfdb8e4e8f56fb1d8589a0f07d861655fc62efb36","nonce":"b390052d26b67a5b8a8fca8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"31eb0f8ffb967108224e7d71adee293a37ed5bd281cd1d166df3a1f6e39733ff0305337957c1c98fa0423a97cf","nonce":"b390052d26b67a5b8a8fca8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"2bf89dcf26bd9d1ea25f3e66a4b83b08264e2cc0f876baa8d55af8d4244f6c2b31b5274cf165b6fbd35ba09b8c","nonce":"b390052d26b67a5b8a8fca8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"f6cc54173ada7451a3263477317400dde987116490071525555375f413ed6c8fc0f45c550f4de69986da25ad03","nonce":"b390052d26b67a5b8a8fca8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"010460d91e5d66dd0b64062d99deaa31898e0428125ac0be762bd3f50902ef378777e0f3823f4dd1b096e2b6f5","nonce":"b390052d26b67a5b8a8fca88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"8f96a1e7f0f9cf5c5dffa16307575ae3f27438fb138e17bf0a9e19d103a38ed0bde6a798fe70dbb73b7586006f","nonce":"b390052d26b67a5b8a8fca89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"68ffb9a55548caaece8f8bfc039a83da2120cecf8562578da0124d0714eee9994a3bdca707a743f69119b9d230","nonce":"b390052d26b67a5b8a8fca8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"07601385d208ce73898b3843a00ab7ec5d19af2ac3417df93eb78fdc3882e4537681cf28f1cae8767ada515024","nonce":"b390052d26b67a5b8a8fca8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"4962ee2c18baee9a3d7fb87743760bb93136acdc597f75138567d6eb78e63302a9c354a64a86ea3c58dd5a9f6f","nonce":"b390052d26b67a5b8a8fca94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"cd7e008bc7dadb7035fc682211cd0df077e5fd295f554b5f19fabef4c498874c81a04d178951692f10fca008ff","nonce":"b390052d26b67a5b8a8fca95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"bac8714d30b56b85d9cdc82d9594c22e1e0904eeb0e8df166709a86b4198da262198efd7493c6a8c194206a9e7","nonce":"b390052d26b67a5b8a8fca96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"780c1ebc2171e613e044d92a1d97931a266356a7dcc60454b9648f91a9b5f12947f38bbcd06320cbc1d61dcdea","nonce":"b390052d26b67a5b8a8fca97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"505a6d4631121fa982097085b598b127739cd38e7c01cfae5a3fbc44d097ed16f4d14d5117af8da48d9d05429a","nonce":"b390052d26b67a5b8a8fca90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"dc4b4678f84b17442e47398ec52e9e178cf86f23dc89fca6edcc56954aac252141f6beb3631c039e1239c94c64","nonce":"b390052d26b67a5b8a8fca91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"9283eb8923e7766aeeab69bac737530638111ebface6e87294816489e3b748e72c5b359ccdd7fae6458abbd494","nonce":"b390052d26b67a5b8a8fca92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"66e4e22453189607f22cfe62472edc6b54cdf759ef0aece63d70ebc28a1e473dcb4589ce6e575704137145cf3b","nonce":"b390052d26b67a5b8a8fca93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"f2ecb6a2f61562a43e9f9ce84e1365c6e727d4f8b9794aa8aa39cedd4e8916f70e93efa2ff0fc0070eac8ed8bd","nonce":"b390052d26b67a5b8a8fca9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"c4fc43be3182fe9db99ced85c8ff61e946696395ec57f8c7bd8bcce251c5c48a48798bd3679086b463ec261be4","nonce":"b390052d26b67a5b8a8fca9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"219f7a76c63aa13471bcf8429a125f048fe8e930d83fe792bca79cc9e52ae22099659cf050d261b9af52d883a1","nonce":"b390052d26b67a5b8a8fca9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"566264cd25de5e08070dd8f92525bb0967e25fb8bd9eab039f7aa839d1cc23ee69d5d0ab4cde2ef1189402c1ee","nonce":"b390052d26b67a5b8a8fca9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"19b17bb66dc70d7ff358227df6d9a1bf3228ff38597fc00b76757c3b48d163f1e22f03c8b1481b69bfa4d0a263","nonce":"b390052d26b67a5b8a8fca98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"b8964b1c339f6a4f18926482ffb7c5223a90279718e7dd1ddf373cb135a771ba9e3a6e450c092a7de1132db18d","nonce":"b390052d26b67a5b8a8fca99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"9c7204d79ec69bf6ea27bbb657e2df909f7808ab2dc5a427dbc265f3b8f1f72e1a2d9c76175ad7b702ecb1ea71","nonce":"b390052d26b67a5b8a8fca9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"18aad49ef73852b7e516b393bf43093b53b629ef2302eb43557aaec20b9eb3942ced460af26535239d6c05eb1c","nonce":"b390052d26b67a5b8a8fca9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"ca2f264eac3ecb457b65be02ad73616aa480ccd4f8f23eea21ddb43a7b77a954c023560dbe12f9869bfc9fd223","nonce":"b390052d26b67a5b8a8fcae4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"d0aa955f883d872b8537a97256f471cfadcb211524d8a8d294a7516d497a4db466387ba33123e637f13a0217cc","nonce":"b390052d26b67a5b8a8fcae5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"480aa3fdcd0045986e683f70afb231e251efb3e7adc2cbbfdd389a4c0309757554f32a730f2523d1e9e43037c3","nonce":"b390052d26b67a5b8a8fcae6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"c0439ba1d7844b9915a4a0ee760a5bf250eea1a860abe6f7aea233d737e7b7786f736b564ab8fd11483640653e","nonce":"b390052d26b67a5b8a8fcae7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"92bd48b1aee9cc5dd09762e93bcd25cf30981dc372d9f0b55e92c10d9e6a0454475cf7a72d278aeb4106d9a4ba","nonce":"b390052d26b67a5b8a8fcae0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"021f2c650258f5d1f80608a312af36c618ac04dcba0ed38d5a4d2926885b840cf6b717187aab6cf354b3cda8c2","nonce":"b390052d26b67a5b8a8fcae1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"cb4a0aae8895af44ffe7dc200984fbd856a8b7868b9799c7d136e634e9e132d34144508f92dad4d815b311960e","nonce":"b390052d26b67a5b8a8fcae2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"3a69b1fd2c92a7300549f43d4d7abba29e682e6eaec12b436b6323ad00c1ab0e81323dc107a4e79d85a87aa2f9","nonce":"b390052d26b67a5b8a8fcae3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"0e5ab035413e4f172889ecb7b76a3b80c7e6b2c6f48827aba04772ff544f7a80cf099e96770f09e5624f3ebb44","nonce":"b390052d26b67a5b8a8fcaec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"bf7710d26d5b1bb18519ca8c5a4dfaf392b6a5497832bff032e34cd9d25ab5d1abe17b3c4705b4c3d7a2f67011","nonce":"b390052d26b67a5b8a8fcaed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"a793526bf5abaf1ec66c621d3f7bea32da7b4d42fc13e107c03bb8a88f57c3ab3686f60ef2100b6ce4952c0bf0","nonce":"b390052d26b67a5b8a8fcaee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"748d24cf6e532010ba655849327654818a2d09478054bc265c1b37454523883a48b1afe9ecc31d56123d01cfc5","nonce":"b390052d26b67a5b8a8fcaef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"8eb344d11433979e3a285160b39030014f32fe2f0a55c66e768057a82b1ea1fac9e06671bcf2b920721228cae7","nonce":"b390052d26b67a5b8a8fcae8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"9bc106f6597dd9fff73ef6b22957457a2dde226717dd30692560149db6eb6d3fb4872f853f8cd3e49aa9d41144","nonce":"b390052d26b67a5b8a8fcae9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"f041e5388f4c82e0b16ca8346a1e27a19da10c31c6946d742a3d712c96902e388ce239d1c28285724474f8aa69","nonce":"b390052d26b67a5b8a8fcaea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"6340c8041d11f8440fbbbc59ba9f280540a069c63d542dfc2ef7007aa7bc47bbdb14fc1c62c655bc8351641e7f","nonce":"b390052d26b67a5b8a8fcaeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"471e3e06850edd1155af62ade403ed1c2328d7c2f1b127d91cac57732970e447fe84849db91d08254cdbe23f75","nonce":"b390052d26b67a5b8a8fcaf4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"2bf94ebb5defe180fc4da36e44111a6da5efe44e0f3cae24caa01905adaef290bf4645b9ba9a08521851db708d","nonce":"b390052d26b67a5b8a8fcaf5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"9aeece90199ac5cbf5ef570817454edd5b51d2b90f6541a308984c33687f104b2e08a5b156accfaaceb9b165a1","nonce":"b390052d26b67a5b8a8fcaf6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"c0b5f111fe9b59fcaa6b834504b5c2cefb8f4be0ab3b2fc6fa078c5630428c0890766c9a8d9e19376252119422","nonce":"b390052d26b67a5b8a8fcaf7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"d6dbd373a39e67dfbc00ccfd3e5aea30490f5d60fceb233c6b74a382374524944a86c7b070d57abc68e7a51323","nonce":"b390052d26b67a5b8a8fcaf0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"c84986238247d710c712e9baeb23c824e26a4694bcff4853ed72acaf292c10ef0615009f8b210ea3788d29e4d2","nonce":"b390052d26b67a5b8a8fcaf1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"a1aa3c3939a188e9845304046a233f3afc69bd7013a30fc132017d35e1f040215d2f9e6dda6f5afa67fb6f2caa","nonce":"b390052d26b67a5b8a8fcaf2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"bd07b42f1f70a2394217132525a3d6c49369029e72c21485679f6c0bf1e94b4e89f0f30167a42396c0ed8ddd67","nonce":"b390052d26b67a5b8a8fcaf3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"f659c1e0a17fa505aadc91054ddd3a07c42f85859529d3491c28395b5fd896c4d0fe0a146e72c8f35aee21340e","nonce":"b390052d26b67a5b8a8fcafc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"61fbbf08026f6450bbdbadc5b0981071c0a5fde7bacee7bff05e13259b434413a51fb26389dc35bf73aff0131e","nonce":"b390052d26b67a5b8a8fcafd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"9e106011c0344551dbf533418d81355d794a069c4676ecc79e30b1de906e69cb36700720ee3932f46c49f4b9ff","nonce":"b390052d26b67a5b8a8fcafe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"16b5749e1b1858016c0e9ada53c8d83748663f09826e9215958e3132e1fd24615eb6ad08e48a0cc4961113a151","nonce":"b390052d26b67a5b8a8fcaff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"d3fcd1c16bafeb7b5b0f80aeb198066fdb288531f86a9c1a7af618ccb122f1765c6986b6c6ce653d7e87caeccd","nonce":"b390052d26b67a5b8a8fcaf8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"de05b2db900bd6bbe16c764e4e593f6641d4485a4fd202b4abc3b3ea23793577c7692e3215afb0d0087d5ae6ee","nonce":"b390052d26b67a5b8a8fcaf9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"8ce1366b6011a5997e626a4928eb7bd62fda57183a02b29bd2b673c4fb4a07c50dbf9abe7b3a098ac42712e9b3","nonce":"b390052d26b67a5b8a8fcafa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"0d1a5283b5e2c273fb42508a28359cc854c0d2da85c2b0e074c5fd3129d4b2acec87f99832dc2c64596b660724","nonce":"b390052d26b67a5b8a8fcafb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"86c67a4303bf1588c071f6ca6d7a80e1f2d173338d978912016a5d465ced446e1b11dd31e2745c4c856dcdcedf","nonce":"b390052d26b67a5b8a8fcac4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"7983060932542f0affddcd2339f0d46955e5524a8c7e2cd574c7170965727d98f0e26bb548397f0e02e0512a07","nonce":"b390052d26b67a5b8a8fcac5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"1e3a270e8cce15c458c57dea83fe2a63066c55a7d56c155c1eff644d53edae1b640d8dfa3c0bce672988c99d10","nonce":"b390052d26b67a5b8a8fcac6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"6cc1ac713c51b9d949e58bbd46e1e0b48adb639df06ae5470f844cfff13cfd686032c9809ba1a16bf7ae05a1a4","nonce":"b390052d26b67a5b8a8fcac7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"10a83299fbac1b34322f99d4eb2651e3e72d010de05c6e88d180653904dfb2fd8ce64de69a0fceb79cd83e0507","nonce":"b390052d26b67a5b8a8fcac0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"eda9344c6ed73fc70f4a53d5d43d07607987c3d70389cee07fafdb511bed4312028e73c22842ccf4712f5f6000","nonce":"b390052d26b67a5b8a8fcac1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"f49e64e991c420b679c2ddaae89182057a949df6accb7c30dba088c6649a5f9391d762e755ce41f6e50789aa6c","nonce":"b390052d26b67a5b8a8fcac2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"1963344be0a36c2365fd3dfaac5f6d7452f6e01deb7f2ac2cb868980dc7fac5a7bb8b2b234de39798293c78756","nonce":"b390052d26b67a5b8a8fcac3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"3532f27a241229a8046a3162b3edf1bbe1b718f7bb13d5808a293f2a3f17d366f3b253b1681960c218baa1b426","nonce":"b390052d26b67a5b8a8fcacc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"3785da6436db7d9ec0b36ed0a45883770f4184582c455167ec48a185deb283153962917f6e6b38f3f415970c2b","nonce":"b390052d26b67a5b8a8fcacd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"fae0dddbe46dc5ba4868d896fbf1e2e401683201e47f1c6c66b8e15bf59fc0928f0a759aa73547d1270f51c9e1","nonce":"b390052d26b67a5b8a8fcace","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"c57d85764663981f4619a43e3a5eaec84c48d464b2e41d681447aecc32eaed96a012482cf85dc0ae6362826097","nonce":"b390052d26b67a5b8a8fcacf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"1dd931732518c3dde6967afcc7eb7fc65c1d0577e3dd18a93d622f2c50707255ca1b177aa68cf836fdd88b2669","nonce":"b390052d26b67a5b8a8fcac8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"3d752fbfc152dba7a18182b00e9b5adeb614bb596abc480d439846f1a1b98b89d84795a42d7ac6bf453276f35e","nonce":"b390052d26b67a5b8a8fcac9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"678b292f4917626e9e7339993da52f91848fee889f99afd63ce914a2c26273bda3fec931271981ed413526b33c","nonce":"b390052d26b67a5b8a8fcaca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"b7b850a4ec1e779feffaa562fcbee0f3b79c52fd695fa03101e3451a6e99e4536fc9eabd0c678fb5b28212ad31","nonce":"b390052d26b67a5b8a8fcacb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"8db3b41c5c645498adfb624b759afeff8c3e25f3ad0ba73bbe5fd7b8635102511d6642694c3e7a2fee7c666f28","nonce":"b390052d26b67a5b8a8fcad4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"d5c45fdb70cae06f86abc4e057e9ab8acbfc8eb06f8548b61b71d5ebf7dac833f272ffef38627813e66ed75cdf","nonce":"b390052d26b67a5b8a8fcad5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"fb7a628d6e07a5639d793a22af188638a01c5fd7a33dbcddc93df89aa9d6d9efc9d470e98c57b0d92a121c9d08","nonce":"b390052d26b67a5b8a8fcad6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"61f356b0e97f13fee2947bec8f7f7a26fafba8a275831af7a82e64095eac0ec047d92583cb501627885fdc84ac","nonce":"b390052d26b67a5b8a8fcad7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"a31ae8ffc853b180897659a711a05edc7f8556cd78ae8f53f2e86cfb5c53aeb02fe70b0993a62d414d9821ba04","nonce":"b390052d26b67a5b8a8fcad0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"7830541d21fec85e6626b6c003edfccd086a4fb6042d3bfdb5e3c58c97b1974abf183f9f5b094c34096d69428e","nonce":"b390052d26b67a5b8a8fcad1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"8140f85966013fd30775f51aca8fbadc6374dfa401ab3d6d2711294e4536a5e0ee133061cba806c47ab7dd8c83","nonce":"b390052d26b67a5b8a8fcad2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"fc8d1a89bba375a8ad3816ec42d9659726bc3f6917c60b18b3f31e3d027f8ec2a2264df38d58cf158914f65c87","nonce":"b390052d26b67a5b8a8fcad3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"b455d275a4f26c7eb1bf26cdbb676a52ef9f840e51e7ce1bd8d6d0e5db40b4f0bd74a3eb8de98483a0a45a00a1","nonce":"b390052d26b67a5b8a8fcadc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"441c6278fe3ac57d30b7a9e5942a0b65590540d05e14978106d7ca823d3f827eae85f2c35d1c5cda6ab09b04f8","nonce":"b390052d26b67a5b8a8fcadd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"1572354ddbb33b5ceef115a05ec7b0ce86d544294560a42edcc6b3d1107e90135486758d395e81d2a41711d245","nonce":"b390052d26b67a5b8a8fcade","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"6dc4a2f17a081cab07e6cbe6389af40b6c92a0b2e092d847e68ad74e147a1fd0a4af9cdd86d9b52a0bc9f0a2a1","nonce":"b390052d26b67a5b8a8fcadf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"e825d3e61e7169cddcab63075d6629be00a68cc8240522b940884a5a6aa70b620665338736266443427fcd5181","nonce":"b390052d26b67a5b8a8fcad8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"556682e628047e2db1916824189879abf1939f1b06976df10bae9fb99c1d7ae4c03391a4cd5839a2b75e6f95e3","nonce":"b390052d26b67a5b8a8fcad9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"341b04bfc000612feb516d0fb151223138e0fff6aa4ff83be424a19295739a33273e0a31ca4ae9c0ecb31d067b","nonce":"b390052d26b67a5b8a8fcada","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"ad94dd6a30adf65160e412504b89dde2fcbeb299df43886e3efc7841aaa13956839ab7cb38978652b2be1be810","nonce":"b390052d26b67a5b8a8fcadb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"468975a64b0c5cb337488c0c6a820de3a146f2764a194257a45965716a4fb8e1c3dcfc322530d1503b9bb79740","nonce":"b390052d26b67a5b8a8fca24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"f5e33e011f5dc572339856702447379bd44bcf9f3222d08ce0bbded7a6b2eae38b1415a49e3a8b322c4c563e2b","nonce":"b390052d26b67a5b8a8fca25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"d81cc080b2eb77c9f15f50da756fa99647e0f79852170fbd898f78c7fff8601487c8ffb7feb5e9e5b70f15ffd6","nonce":"b390052d26b67a5b8a8fca26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"34f34ccba3784f9e8e8b82af09903d8027faaf71cfdd590b4f7f86e8a8fab49a1ea25bfdb56ac305fb68356316","nonce":"b390052d26b67a5b8a8fca27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"726811aef1d409e1ab11cab70d93eae69b9e50f48d5f5a7734d13d6f0d63886976ac0a85eb6e1972e97e1962a5","nonce":"b390052d26b67a5b8a8fca20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"7ddf463ac7c0dbbf49f6c3b380fdce798708d3b9ff3911cf43ee00e6831dfe37d7b5b49677dee5cf231c386bb9","nonce":"b390052d26b67a5b8a8fca21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"d4e15db1c0ec6ed9d5a847ca77e13e8076e81bfbb8c38540bb688e936cf6ce782ffda11984fbad08f5385b8ba0","nonce":"b390052d26b67a5b8a8fca22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"920db1aa98284f04241070b70debf8eb61fc59e208613f54123563c59789e2bde59d4e43210ed5e4f1f1d949e9","nonce":"b390052d26b67a5b8a8fca23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"cc03d1f50b12077d82cf4ad81305975f1b9842b72a975ec1b0a8980a4dbcd14202c66a22abffa60ebc7d35bead","nonce":"b390052d26b67a5b8a8fca2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"68c5abb56e7afdc9300eed88b5a88a2db2e46e14a899f80210170a8a691b22d36c098d2a9dc09e1c7c32a4a37c","nonce":"b390052d26b67a5b8a8fca2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"ffa15b0eff9d966767cc402554defcaa04530405b25a4913d1f8dda5148de16734de2fa8a805b28be92e0a81a2","nonce":"b390052d26b67a5b8a8fca2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"4603e08e1d3e9e12e9eb8a10735e939aff2adff5e8341758cc1b4a7e822b91bb7e182060c058d7330cf3decab6","nonce":"b390052d26b67a5b8a8fca2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"75f394f9ae956124f7961ae4bcb3f3e584b43ab425ca7b96c756723ecb22c9add2d8a660c5e28a36679ab48786","nonce":"b390052d26b67a5b8a8fca28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"50d15f1a8c2c946552a24809cf9c064ab2a6f0cf97cd19cea9c96641bcdff1999f5b634304528e7bc7737f9dd1","nonce":"b390052d26b67a5b8a8fca29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"927fc7a4c1d2fe10b0ab90bab4a03cb7358388430e5ff0b6b483570137d763e7238a01c4aa91781ce03e6cd79c","nonce":"b390052d26b67a5b8a8fca2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"b52cc4303472e7e2022608ae8d0f4269bab37017c54808f9f8bedb7cf1c680f656ffb444a85d996726c7d22fe7","nonce":"b390052d26b67a5b8a8fca2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"cbb5b99540d267e492ce238bce77fe5fc19f62ac4917536520cf3944696f876f08d84eca302cfeee361abcdb63","nonce":"b390052d26b67a5b8a8fca34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"95c3616aff82a5736f9948b1c3128e9ed4ffa78d538e6d3b3459fcf3c02a767ec3e2b8cdabf277256742c6da38","nonce":"b390052d26b67a5b8a8fca35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"d5a3b35f2212d04b8b6c4b1ecfc22fb9bfe2bfb2368c93029d94bbd1ccdd3191424c9143d13177c5f27b7cb05a","nonce":"b390052d26b67a5b8a8fca36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"eb5393126c66f14f0011161e9594dee31f46803573a3111e8955a6cf6580bf7229710c798d9d3be47d476f5ecf","nonce":"b390052d26b67a5b8a8fca37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"38b879efeab4c1d016afd55c40b41518cb80c0d0edc81cac04a480f45e3b81e375e3e5f3fc1a7b6a7f1e63df01","nonce":"b390052d26b67a5b8a8fca30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"4891797c4532856c50fd48285ed10c8b59be0ba0e765ee472c96c6ab7cd3c5f22dc8b08b148097b314cd5848e1","nonce":"b390052d26b67a5b8a8fca31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"9902bfb956a946e15c4bf8b358d0d22d7f5e3b2258124ead5f40fc594aa6581ee021315808d979ae5123af77af","nonce":"b390052d26b67a5b8a8fca32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"347324c0fa081dfad51da7ecf2e485adf4458c501f95cf61e809fb77e871e3f3c81e192436714dbcc415f21832","nonce":"b390052d26b67a5b8a8fca33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"b16e86f5823a89fb0c1d3b02564732f68d99bc2cccbc7a5bdb8a6a884282dbe7c6e667177a7f1070b32004cd99","nonce":"b390052d26b67a5b8a8fca3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"c4b105e6cecc8cd38bed5b3531ed884df4a6046ca9c237bb35ce65a7d4cce5f16183ea95b5fdaf1aee8ca16525","nonce":"b390052d26b67a5b8a8fca3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"3c1fd5c4aa2a3f5e31bea58f12557a3bad1c4fa4c005d6994ab5407de3f8660ed3518deddf0bb74679061c8a9b","nonce":"b390052d26b67a5b8a8fca3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"1acc2b1a62d423c1390c3c2543cacc01947e6597a19a9e2826e5f8f7fb08a185081682e5f4e4707f588963e313","nonce":"b390052d26b67a5b8a8fca3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"c34f8f974841cf86b90c6c5c4f6c41f2b0d0a1ad13beb23cd28d3f3de2c8141b3da1a51fa1cc6a2dd972f8d8b3","nonce":"b390052d26b67a5b8a8fca38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"3972d6ce132efa6706870da92c871d6ddc6c73c5612a4d4a15ee3368ba30c9703d7c6460bfbe1c104a1e0cbddd","nonce":"b390052d26b67a5b8a8fca39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"846d64fa83e3ae43ec0e19c837e729382a9de165d41d30437f4713e21878cc697a20aae522281244322f58e138","nonce":"b390052d26b67a5b8a8fca3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"d46ae72d9078c8aac5131219971ccac1d63c13d8c0c2b459063dd7909d3e6eff2d8cdde6325d9338bb823dc36a","nonce":"b390052d26b67a5b8a8fca3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"160d50fc70301ee86ddad93ca078135d74e6c1e6c77b84e62323b18bd70285061eb6e5a946c3fcf63ba8e5c066","nonce":"b390052d26b67a5b8a8fca04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"fbe2accd2f6c9520b44441a6735717cf96c8f07a5a9d7635ab1e9ea061f237a862acec34854ce4b8a332912dd4","nonce":"b390052d26b67a5b8a8fca05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"89f8ffc7a0c066541af7ce3e5c1fee7a10f3932997db80cb46ce65a2b9f72ea9db3f9969c1f79418082954dc2e","nonce":"b390052d26b67a5b8a8fca06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"fd6127dac88bbe921807b55025c982b9a8fbcce13cc6b37479104cacb242bbf546cef063fd3538e5a44e34ca0a","nonce":"b390052d26b67a5b8a8fca07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"a8bf88008726fe27c6a8dd9fffc98d1d4e373543aa1016a0bff292606c52c89b58b3c7b7d3f5b2a496af5061b4","nonce":"b390052d26b67a5b8a8fca00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"fc2ced6b902d9303b5c2a461d472806ebc9c449024bd9558e1e6830988a5bc4e850368465010c6837f66e8bc73","nonce":"b390052d26b67a5b8a8fca01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"9f1fda904080664e931814d169e8f9f16e215e951c2450be55b534b90f0eb75de659604a6da07b972d25e266f8","nonce":"b390052d26b67a5b8a8fca02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"9fa1a1a6c532d2f74111084d51200e5cc46100f2b1218a7568a6fd51f164651cb8c7f38860d0dd8f8ad126361a","nonce":"b390052d26b67a5b8a8fca03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"c45681d9e9f0dddfaf1aa01427ee7054cb663de8cb67f0d7eb5402babc3d12504e5da83fb093af446c7d873e81","nonce":"b390052d26b67a5b8a8fca0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"927603d560ec509a0b4197183c000220e25920c2d0e483b995f7c07e105b7f7700b0b7c4590283e96c47bfa888","nonce":"b390052d26b67a5b8a8fca0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"61374644b846d7aba661f5aed17c528f47d5c5cd3557d91af072fc782e95032c820d48f677411cc9705c8cc496","nonce":"b390052d26b67a5b8a8fca0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"42f1a767233a4e30187c25108a9f9e58b77d2b96ae56712d7bc910ffa9369b15655be6d731f9cac5a80e8faa04","nonce":"b390052d26b67a5b8a8fca0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"d4c219b856ebd943d265a446d634c138719df3985afbf5aabfecd78c224ab26d369ae0b697975883ec6761f5d2","nonce":"b390052d26b67a5b8a8fca08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"343a9e95c1a376e9636cc2992b0f45e6ff34c0be8876c8f00030adfd8ccd2c59b0a35ab39f1108e8d84e48fd2d","nonce":"b390052d26b67a5b8a8fca09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"3de795966f3794b6b65d8f27da552fc485b39a24c4086f8da58db68429859bc2c68060c334eb6eee2675b44c00","nonce":"b390052d26b67a5b8a8fca0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"83c7ce4c12a4880acb31dbdd3376ed4add1debd3767aec3ee51e5e10cbccdf01e09fb98a5b45b68dba954f3dcf","nonce":"b390052d26b67a5b8a8fca0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"302b33c9e9e5642861f9041693973a0b3030aee9084cea2bc85e8b9cf5a64181fe37ed2491a45bb41d2a810548","nonce":"b390052d26b67a5b8a8fca14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"8d42ee8dea6311fd6fbc55e2b39e9a78272e530238d2c4ddca68033de2981dbaf00f9eecbaf2e58a27f98ac5c6","nonce":"b390052d26b67a5b8a8fca15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"23fcc515631cbfcdf17332dbcaa5bc24d9c733cca3b2de35b65ee954a32ad3a03de1b4780566da24464a5b058c","nonce":"b390052d26b67a5b8a8fca16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"1da79f56ca85528b72385484cee9f58bc39dcb5a0c30c010f69f79055bab5f3c2e260aa33995bbd14b5d96de98","nonce":"b390052d26b67a5b8a8fca17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"37f87413fb2f2c9acd1a7be008ec51d3285e2a3831fd634de58f7c70447b9eb49e91d30d9517e838b59d14dfc3","nonce":"b390052d26b67a5b8a8fca10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"f6fc619ede4904fdc014de61f908d0abd151090caa06106131815b763244d39bc8d426f9840b832cd9fbfb010d","nonce":"b390052d26b67a5b8a8fca11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"33a40f23555c6cd9de9f8e51cc9d0a1d727916f35ac8c802140f32f2d9b38305c6200c8891d2f2e584638d19e0","nonce":"b390052d26b67a5b8a8fca12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"3fa7f48aa8fd49f768dec63cc4bb069616f1b3ccd093710ec4e65a86e3646071465d0d1fbacedfec7faa8c46d1","nonce":"b390052d26b67a5b8a8fca13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"7c61d84f822d449ffd208677d7197278952a0073a98a89e1545068289bceb6a1bc634a795ac2311f884d93afce","nonce":"b390052d26b67a5b8a8fca1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"08e70ae20466312e1671a55139e0adf92513210d49539242ccdf278aff3fece7db412b9281f913ff1f9c53d4e7","nonce":"b390052d26b67a5b8a8fca1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"49d18d2be787092bb2e70a043ad467c5a91ba6b419a3e0eb74a6566227dcfe852edcf8df4e7fe363a79bdfc75d","nonce":"b390052d26b67a5b8a8fca1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"6f8cf5c12be7c2397bc38490c040aa8e08cdc1864934d17aaa3029cc6dc71b97d28d998d3de5c47a7c7f308c12","nonce":"b390052d26b67a5b8a8fca1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"0baed9c4752a2b02c1f890fd6d7830d9884b89f676048e974257585b391c622e6313bc111b922ae9590f43c87b","nonce":"b390052d26b67a5b8a8fca18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"8b1f8aa27c91f7552802befb4efd07af12b742aefa567bc192bb432f5e384b1dfd6dccb2090be647d8514c180e","nonce":"b390052d26b67a5b8a8fca19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"49e52ddcadce8e6297b3a9363ff54f467ab5cbb590fc0179bf44c907ae03e30235414ddc0c0073351837048e07","nonce":"b390052d26b67a5b8a8fca1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"8a40c858a6b101f8d69154e43bcfadb6d404fb4dc8d2dc3cb588a666dcca9e5e1e96b2ee276dfc77a87ea36407","nonce":"b390052d26b67a5b8a8fca1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"e412a4fc5dd48c805b238cb14e460683211afd3e7fb952eba55e606ab27bfddd11821dfc194ba97e1b72d96148","nonce":"b390052d26b67a5b8a8fca64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"dfe909316e6c8739ca5706acc1eec1638b3be31009b96d6fa62e743f97a3adfec88466c2a3ffbe7f8224a2ac0a","nonce":"b390052d26b67a5b8a8fca65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"1cf7a1d08fc40d4c12dfb4315d303559610fdc403b705547017b02a0e67c09d4c690846bad63997b6c6ff30ae1","nonce":"b390052d26b67a5b8a8fca66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"853c6c716013b9a844e541161a9f6714dd244b482ac734421df3f4c0e257daa21dc225c67ae1c54525e5a84897","nonce":"b390052d26b67a5b8a8fca67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"5470a3ba10f7402527f5139899ada8a6114ccc440b6d090621fa1c5817f3c116c56d37fd631473684032fd4c30","nonce":"b390052d26b67a5b8a8fca60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"d382b19f25dd197d2f534292d6232cb5d94b8db0f6623c6e1f295a8b5bc7d3793298ea0eb1a0a75fc39e91da2f","nonce":"b390052d26b67a5b8a8fca61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"3e1528f12730ed377efe325b341dbeefb1649d879b12211994af311fe1ab33b9de68a36bc82b325f5123d987e1","nonce":"b390052d26b67a5b8a8fca62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"efbb6044efa5f07ea7e84777e943182ffa3becf358c3321e37ea309eaea85dba56f1ef8f16eb030d4f00cd17e0","nonce":"b390052d26b67a5b8a8fca63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"fc90337ff4f1d750997dcf82cc25b9343937327312166fdc531adf1643b3556074159a522aa9c63619d027ed96","nonce":"b390052d26b67a5b8a8fca6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"1273d4d24c04ed1b77aa7e816a92643ed7c841293bea5eb96ea479bd9f1073d9d89c3e0751ff4580ff91628a84","nonce":"b390052d26b67a5b8a8fca6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"517db6405e0633063b78b52516c444cdae7a422d7d587a40c6a50129a2fc1ebeae8722f666180061440729594c","nonce":"b390052d26b67a5b8a8fca6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"07afcaf9f707e1091e4ac8a317289f4c23493b3d8797668d57c9040b174f0b772c06b6f9df814fd5267de2a5ef","nonce":"b390052d26b67a5b8a8fca6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"2cfbceb950409ce30626e3faa09f36ce626fc0037d549787fa5c7bd748b20c7c1c236bc191a7b9a047055bc865","nonce":"b390052d26b67a5b8a8fca68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"2772abca213e9c3dd5dc9d4a04acd842c28f46a0aadd18daf411f04bfbb0ad55a70ef7344e247a5a0256de900e","nonce":"b390052d26b67a5b8a8fca69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"0b2ffac4f6e1f5588e9c2df6ca8cd9b1cd9c0353b4bce366921e37a056e7d8875ca79b902de3a8ab5674bef0a0","nonce":"b390052d26b67a5b8a8fca6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"7b8919fcdedce1731b0d21b75fbcc31f7f06e3d59d5c0cf3e9eeef465f1d3e54995c2c6b77b5f0ad4ab7b64104","nonce":"b390052d26b67a5b8a8fca6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"cccb7243642e297f4fed345afe3bfc6a0438bf6d148189d9aee9e89e9436f70f01448960c96137fd91d5210c39","nonce":"b390052d26b67a5b8a8fca74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"06187d7f139f579b10ac79defa0ef23189afb2fb4fd1337ea7142b3c48cebb5c6ff70944972525d6e43886496a","nonce":"b390052d26b67a5b8a8fca75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"55dce3009af4c824c2a97175dbf174eb69c96b6daf7c306714523b6e3371e7a7ea4e2b13480a6fe802af16e706","nonce":"b390052d26b67a5b8a8fca76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"9b049a425eb6a996857e04f44b67764c8faa880ed031a4c8eb9b6facf5b737d856b7e0a8a5d2e799ddeae6e7e7","nonce":"b390052d26b67a5b8a8fca77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"8ba6ae21494f76137bf0628ccc70ffbc92ce1fe081e9da9d43076e6f272461c1ab9b5364c6e5a6a3428d5d5eea","nonce":"b390052d26b67a5b8a8fca70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"608f6035d9bf233f9885c3a3de15e55d0bc09a771546c7682d2cbfa526a513ac66d38ca7c061811418ab48ffc2","nonce":"b390052d26b67a5b8a8fca71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"f84d5e4e7d574819efc3093a88f1025db1a79d264ee85d85bf7ff2698aafec6fd9a4c20b35f6d87733ac39cbd0","nonce":"b390052d26b67a5b8a8fca72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"613a0eb95693dddd3d7e39e8674244921024c49673f1019937d564e41290423b9d5148c1849e3f3375c5b35822","nonce":"b390052d26b67a5b8a8fca73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"bee7e48b6b39b120d7b94f06d8c4abec8643a6aecf71857a0524d45854ebf5f6fc9339c8c6c7c859b06ec43989","nonce":"b390052d26b67a5b8a8fca7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"e4af23b158de1724bcb5b6c625ad0624ab6a84ce777ccbadd19141ebe4fa70ef493453d19e04fc5cebf7640419","nonce":"b390052d26b67a5b8a8fca7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"a8c6156d08b5d73bdf5bf4f04724457fbc1bb3c3fb5c1b8434900cae6d2e8ca8020656e650a003e2c59ec35fc4","nonce":"b390052d26b67a5b8a8fca7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"667eb135ab2b06342ea418ff19149dc75bbd0f25134627e2f58f9161b0b851311a8a883995b5313afc87a63ea0","nonce":"b390052d26b67a5b8a8fca7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"8664e034a0a805db1dc46b3250a315d54f8844a9eae30d1a2dfbbbed551a9cc18fcba2473dd9a2480a78b88288","nonce":"b390052d26b67a5b8a8fca78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"60d3757fa43fe025df8e0e99388a7c51730628cae837b57e0f795a83db4da608c90688a182f09442bb2d0ece56","nonce":"b390052d26b67a5b8a8fca79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"262206471332267247b1efa89ae4b30b8fad7f5aca53a9b5b2cb8f3e6bcbbc0e6e4e420c24b57898d8f7bd5beb","nonce":"b390052d26b67a5b8a8fca7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"d2e1e3c96d2382ec38cf9336768c6b75bde332259c9a6ec7a40849f4ed7d38e2c82251aec985d4d6f7c4ff93a8","nonce":"b390052d26b67a5b8a8fca7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"b29758025ff3011b4ee8e43090656000d2fcf046544dd48fa26d1d73c18fd793ea230731ca6b84672582bb6618","nonce":"b390052d26b67a5b8a8fca44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"1b24d89b1cfbdeb6f0dcdce91a70949393680d209ccde723ca80930098deb735b82988d1f1107acf74d2b4ea9f","nonce":"b390052d26b67a5b8a8fca45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"d1ee6ca1878bcf775b957214704173c011de85a0801a25ca8fa7bd211547b3d0d113d058e984aff0db035fa3d2","nonce":"b390052d26b67a5b8a8fca46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"705bfe24ad09c8943fe1b339188667ac026aa1f7a04d45ab9d81d61c8a2d5762ecdb6894bc9baec205f73bd91c","nonce":"b390052d26b67a5b8a8fca47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"35b693c0959673b29b3101adf089d254dd2531986982b2cbaa5daed5782f06609aa8b27f6dd4b22647044f758d","nonce":"b390052d26b67a5b8a8fca40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"d4c88e4a8d6b9b07bc54489e12a9d45aaef964a04354d4c96564f25e4738d0c1e52bc3bffbedd222c9a54831a6","nonce":"b390052d26b67a5b8a8fca41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"bbfc08df732a4ab87aea62eab27aff9aea64009fe6affa814c5b6afd2d484e43a733210e7006090681f5250d6b","nonce":"b390052d26b67a5b8a8fca42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"450b66bfbd419429dd1001d5073c262d218a6c531b744036a87f8b47b3d2672abedd4814f3baa06426972a5301","nonce":"b390052d26b67a5b8a8fca43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"6fb745a4e92d4d77db3e6ae7b29b5ee8c6152ea7d04165a75a32ce572d4eae96735b5acd42f307b7a563abe4eb","nonce":"b390052d26b67a5b8a8fca4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"f0677355130f4868abff6950db2563875b920734115f64d8752bc1dcf0fd9ecec17eaf01d963690dcb964a5d22","nonce":"b390052d26b67a5b8a8fca4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"296d053592bfaf41cb61d51dcad9426c36c78ea4b14140be25390f9c717f1444b648f48b0dcbf74bee38a7133f","nonce":"b390052d26b67a5b8a8fca4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"0487ef073dca0105e835c5904d98edb45df567fa9087ceb606c93ddb24e0e54a061aaea6e93a137b42cf0ff9c1","nonce":"b390052d26b67a5b8a8fca4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"3ef882bc97987ac64d5ad583c5541fc8c6b0f05a6aba8737c9054af2370ddac0a51593e0c3893e035759cd034c","nonce":"b390052d26b67a5b8a8fca48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"eae1a1eaa9187b77d09486f346de984a7af85ca20e6d5f32ccfba94b976666c0a9a47386fd3e8f5f612fc2a88f","nonce":"b390052d26b67a5b8a8fca49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"442a2a287db8198423cd4ce58a7d74d83a583161b22f0291a9a3e99deab262f6689226e7a8ea57bb86cc4f76d5","nonce":"b390052d26b67a5b8a8fca4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"2915250392892b3fa2ee274b26d48330a20feb58b175e145eeb5a0bbf4a88f6609c4bded25acd65b02885f9392","nonce":"b390052d26b67a5b8a8fca4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"2fb8e948ea5528356458447215c196e6e4b8a4a96df9f5d4def234d53e9a0072615d30e2c34e61d3b8a6d76d75","nonce":"b390052d26b67a5b8a8fca54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"3eb2d444f318a0a2afb7b0cdb4d257bf26b1acf75b6df81f41461a9453985f8e489b07b87ad6d3d6d47cc57a6b","nonce":"b390052d26b67a5b8a8fca55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"0545d0e9c01e8e130832f42594edbfc217bdbc3cc4d516f06f52867237b4eb4c39246a6072217ea2e6c06d2efc","nonce":"b390052d26b67a5b8a8fca56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"4ca990704b0db86375d2773000503127a8f82b0af0b8bc2d6e7cb7ef9ca2aa8d146d58e1cef2e633a3a76e1bed","nonce":"b390052d26b67a5b8a8fca57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"7c09b2ccf3064f49cc401d21637f60980b082f42e7db036879e3d32ee0f6e643db324e9e7829090b4db2c01c6a","nonce":"b390052d26b67a5b8a8fca50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"88ed1919a6ab9840136fe01df6b962dab03295a4410b32f3384ca4a6bc7439c1a84b5f63028bf4c85c7feafd64","nonce":"b390052d26b67a5b8a8fca51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"95b6e1d0147a1c6d196c8ba5e3349d67d5e542a8e8fb23cc12e4d75719ab1e70bb5f90512dedcf3000d054ee10","nonce":"b390052d26b67a5b8a8fca52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"54b5db1dc4876c43f5e52790bdfea4941c4d0ee5c518a95888263571e64f03743aae1b04dfbd27c96f0e82a796","nonce":"b390052d26b67a5b8a8fca53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"a44826009e56f6bde082697f13b3c95b2c2b34c1eaccb506b4fb00b2a59b5bae95e847eef9695d016ea8647c17","nonce":"b390052d26b67a5b8a8fca5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"bf1fae5c1169436e6b5faf99a71925c0c36a5cc24b51826c9ced3ac3ed62cb3cfd1a0d7cb7614b6adfadb350b7","nonce":"b390052d26b67a5b8a8fca5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"f589e10a190e1cf499c2ed7bf789355f968002c68f32fbfe5b3dd98f68db7433cb53f71f1f56b917ed6779e0fd","nonce":"b390052d26b67a5b8a8fca5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"a769a73fbd53841050214c02ba91b2afebdda30da3198407ad4fd1f402c715e58c0ff1a4d968ef0d8032dd8532","nonce":"b390052d26b67a5b8a8fca5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"34a6d89a55a24fa10701cc085b277a8507bb3386142c34fcf3eff3d079513f57275361e8e3afa14070b71ce12b","nonce":"b390052d26b67a5b8a8fca58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"651c9b9c599ef2574bc423ae8fa1d2ec607f599f767288c8b06e94677efd9edbf9a621a2c51e2a7cf0954e30ce","nonce":"b390052d26b67a5b8a8fca59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"478529435684490f1e0e4c9c7954e67a846fd79db7aff74bcce29850b3b29fff202ff715296aea39bd03cd5695","nonce":"b390052d26b67a5b8a8fca5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"4a319462eaedee37248b4d985f64f4f863d31913fe9e30b6e13136053b69fe5d70853c84c60a84bb5495d5a678","nonce":"b390052d26b67a5b8a8fca5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"28e874512f8940fafc7d06135e7589f6b4198bc0f3a1c64702e72c9e6abaf9f05cb0d2f11b03a517898815c934","nonce":"b390052d26b67a5b8a8fcba4","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"837e49c3ff629250c8d80d3c3fb957725ed481e59e2feb57afd9fe9a8c7c4497"},{"exporter_context":"00","L":32,"exported_value":"594213f9018d614b82007a7021c3135bda7b380da4acd9ab27165c508640dbda"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"14fe634f95ca0d86e15247cca7de7ba9b73c9b9deb6437e1c832daf7291b79d5"}]},{"mode":3,"kem_id":16,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"abcc2da5b3fa81d8aabd91f7f800a8ccf60ec37b1b585a5d1d1ac77f258b6cca","ikmS":"6262031f040a9db853edd6f91d2272596eabbc78a2ed2bd643f770ecd0f19b82","ikmE":"3c1fceb477ec954c8d58ef3249e4bb4c38241b5925b95f7486e4d9f1d0d35fbb","skRm":"bdf4e2e587afdf0930644a0c45053889ebcadeca662d7c755a353d5b4e2a8394","skSm":"b0ed8721db6185435898650f7a677affce925aba7975a582653c4cb13c72d240","skEm":"36f771e411cf9cf72f0701ef2b991ce9743645b472e835fe234fb4d6eb2ff5a0","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04d824d7e897897c172ac8a9e862e4bd820133b8d090a9b188b8233a64dfbc5f725aa0aa52c8462ab7c9188f1c4872f0c99087a867e8a773a13df48a627058e1b3","pkSm":"049f158c750e55d8d5ad13ede66cf6e79801634b7acadcad72044eac2ae1d0480069133d6488bf73863fa988c4ba8bde1c2e948b761274802b4d8012af4f13af9e","pkEm":"046a1de3fc26a3d43f4e4ba97dbe24f7e99181136129c48fbe872d4743e2b131357ed4f29a7b317dc22509c7b00991ae990bf65f8b236700c82ab7c11a84511401","enc":"046a1de3fc26a3d43f4e4ba97dbe24f7e99181136129c48fbe872d4743e2b131357ed4f29a7b317dc22509c7b00991ae990bf65f8b236700c82ab7c11a84511401","shared_secret":"d4c27698391db126f1612d9e91a767f10b9b19aa17e1695549203f0df7d9aebe","key_schedule_context":"03b873cdf2dff4c1434988053b7a775e980dd2039ea24f950b26b056ccedcb933198e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed11d493ae1c1d9ac85","secret":"3bf9d4c7955da2740414e73081fa74d6f6f2b4b9645d0685219813ce99a2f270","key":"4d567121d67fae1227d90e11585988fb","base_nonce":"67c9d05330ca21e5116ecda6","exporter_secret":"3f479020ae186788e4dfd4a42a21d24f3faabb224dd4f91c2b2e5e9524ca27b2","encryptions":[{"aad":"436f756e742d30","ct":"b9f36d58d9eb101629a3e5a7b63d2ee4af42b3644209ab37e0a272d44365407db8e655c72e4fa46f4ff81b9246","nonce":"67c9d05330ca21e5116ecda6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"51788c4e5d56276771032749d015d3eea651af0c7bb8e3da669effffed299ea1f641df621af65579c10fc09736","nonce":"67c9d05330ca21e5116ecda7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"3b5a2be002e7b29927f06442947e1cf709b9f8508b03823127387223d712703471c266efc355f1bc2036f3027c","nonce":"67c9d05330ca21e5116ecda4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"60b17df18ab88d47f29de9fc9c52c3450c20f724019d5584e6b10daeeebd876acb964b3466d7669548e8a29719","nonce":"67c9d05330ca21e5116ecda5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"8ddbf1242fe5c7d61e1675496f3bfdb4d90205b3dfbc1b12aab41395d71a82118e095c484103107cf4face5123","nonce":"67c9d05330ca21e5116ecda2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"0b123d259196bba82e57f1ae6a9d3674b347d75b7e9aeedd21fbfd377a60ab358795d15c78dd0fb9c502fffc50","nonce":"67c9d05330ca21e5116ecda3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"9a6de366816320ac3b691d13ac16938bbe8600bc04ae6d143d83218dc1213dc2329b8ad95b231208b836213d43","nonce":"67c9d05330ca21e5116ecda0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"f5658eb5daf6d9c4ab16c87a639dd642a85e30501b4fe8935e7f07661b382d5f83642a29769c6eb3b978ed8489","nonce":"67c9d05330ca21e5116ecda1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"2ee2b96d9c4961d723015e3e0f3c96c53fa887837a56c24098d7c070ff33efd073a9cf89f086855df8133f4912","nonce":"67c9d05330ca21e5116ecdae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"91c513e8031a65552fe9b735c6e48af8b09f577726899dd6d7de29745ae8d2189d4ae848994ac052abb5bc609d","nonce":"67c9d05330ca21e5116ecdaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"62c117e7e52eb87b306d003451e3081c90c993072f537d99644dbbae6f16110d53b4df8c4e680282f1aebc4ff2","nonce":"67c9d05330ca21e5116ecdac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"bdd26fb87a4262285c0b692c172d4b92addf791cf60b9314cd92c1f90bb85888d92c1e167540027f2dc604613e","nonce":"67c9d05330ca21e5116ecdad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"fbddc3c99a7f35ef6b392dfa94f50acc5e862aae614d202e04a82539a7cf90ed39d4a1ef4f99923e2c9209159b","nonce":"67c9d05330ca21e5116ecdaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"02eed8ff67a825fc9ebd5c409816f10d9744fe486e11f7aaa64c07dbba807646d6a4446b57e03fd54c9db7501e","nonce":"67c9d05330ca21e5116ecdab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"cdebbe1a2fdcd03cf148bf7e6de12738d19804a4adbf1dfa0de7c0cbcd1ce0093ccc9cd0fc47f2d973138af4d7","nonce":"67c9d05330ca21e5116ecda8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"8a625f1cf9494b03e84245acae2e8aa11f35bebfbcae951f1894d5187b4057771a45452509bc6e36ef7ad1b669","nonce":"67c9d05330ca21e5116ecda9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"581f8805ecb9a4104f9069876e95624cb613816467bcaaf5d1bb614335fbb885aa8acff1c433a7e5a20d1f1541","nonce":"67c9d05330ca21e5116ecdb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"f95048eaa938c25bd0528b922fc3ad0cf1cb6a6a0edd2ce8c1f30d48ab9a7576b9ef1436e4323b263f13c2ed34","nonce":"67c9d05330ca21e5116ecdb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"524415fa3c2dc231245fb86af7b5c2e96d84b5db63e6318f12339369692fc7a715e824bfc4edb2e912506c30e4","nonce":"67c9d05330ca21e5116ecdb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"a8f576e40ad8bd467e21b3e2dff0a9880a0378f080eb063a08a7966ec9ff2a6ec59becf0093452f8b9e2347d2f","nonce":"67c9d05330ca21e5116ecdb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"a23786e2a66bf50dea405b259f85d2d93115fc80e6860d518df998f5a6e8ac31f1752b937de10ae84f54b8870a","nonce":"67c9d05330ca21e5116ecdb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"1cc56353511b8ae012b3abb736ebbf6dfbb7a54706d5571593ba22748c742fbcc1b7fb3696c71a06048c51d079","nonce":"67c9d05330ca21e5116ecdb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"3bc6df0776a60bc80562d22e29ee8b71470e2476c56c30eae513bd0ca17cf805d3ac0a970a34d2df0fce2b8bc8","nonce":"67c9d05330ca21e5116ecdb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"bb2c1e225c0ef702681827a159e3f63b0783850c8eea0096a6fd458c61ae9bce7f77fef0b06e6a3d3c066c6265","nonce":"67c9d05330ca21e5116ecdb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"a1788f8532cb1432667542326278dbe8c14418ceb994c0486c5fc252da6554a175519bffdc79e96bda8a2a4872","nonce":"67c9d05330ca21e5116ecdbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"fe8edf9d37f6d8376e9ff8d59eff6005487615012056a8a46b279d5e24a1010cedd635e18dead684d7ad4bcf19","nonce":"67c9d05330ca21e5116ecdbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"123652ba226aa4cf372f6050bcef9ed8069fe83e91d4ef5638640ae54200f1a96a7b79275e4ffd2ca921de4f1c","nonce":"67c9d05330ca21e5116ecdbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"014caa4fa3b099b9f0fd9e9f4cb7d405b0b370eefaaed846bd3ecdaf1c1f4c2b08cd31bc5d56c85f94652c7da1","nonce":"67c9d05330ca21e5116ecdbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"333d81bc63ebbb5a174b3c454c2751320d84ab294e8c3b422edfbec7b7ad9491deb7161409cb954bc364e5d423","nonce":"67c9d05330ca21e5116ecdba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"5a199f4a3631692c4b4ae7d110f56c0309a49a643c5d6b4fcaf8216924887ea9a63c1ec04b99a5b3d83421d340","nonce":"67c9d05330ca21e5116ecdbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"154a0a61d203eeb6cbf5c2cfed4e3545f6590ec64812899244d855e02d007e9b55fa92c1401f387303d33d12e6","nonce":"67c9d05330ca21e5116ecdb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"eccbba6a8a876f938cecb2191c0f38c1f36c78793a92ca822d0b043837ab31cf8e294a8a41b2fb88642a48ac35","nonce":"67c9d05330ca21e5116ecdb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"bda1ff7c116096c2cb69a01d233f4c6125ee6c4c72b20f068dce3ce6b4afef1e807996307b8008140ffa8d99d8","nonce":"67c9d05330ca21e5116ecd86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"4c9aa9087b020819cf3ef184d0672392263e56ca1f7f8ec07f91c3e3ad0809f1e8def8173488d681e66b2be09b","nonce":"67c9d05330ca21e5116ecd87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"3e9ee15950ff1777640dba091a33626faffe8f4cd3c2eb96ccf472213eb5fc59b8dd5b0a23858a78f7c5d26a95","nonce":"67c9d05330ca21e5116ecd84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"4a5740943adcedd1cccf7417c673acea9d3c042372471540f394396fcd9f87375e002855a400cff3a6ae98d8d7","nonce":"67c9d05330ca21e5116ecd85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"b5042e0cd948e3466920465367330908b4964fd1bd73d5b0b52e7bf591521b9327c258b6522025e8e6f8292140","nonce":"67c9d05330ca21e5116ecd82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"e108cd438fae6d5decbdd7a1c0a420c1db52b556ffad9704af1ef05b3219045a644a78faa7a16f919d9a3a2cb8","nonce":"67c9d05330ca21e5116ecd83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"5c0e7157c48b7857eaad62bb63e5e9f7541752ef7a5a6efcabb138ba1189b2e6f156a630adf675bfddc57a35e0","nonce":"67c9d05330ca21e5116ecd80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"81623075268d040f8afdc38d330735574105f64ac0d8a036d6c46e0a8f883aa0d64fa76ddadbeb301a9da5a26f","nonce":"67c9d05330ca21e5116ecd81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"3065b081d0e32a41561d71dde8eaaac4c0852fd4b891ee7cd3441867526c5e36d5731e561901dafa432e613b3e","nonce":"67c9d05330ca21e5116ecd8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"7e261198610cdaad3595dba81f8f0be152d7c73e97856213b38d7f1c5a8e1f24f0a38c93adfae90a72ca53d0b5","nonce":"67c9d05330ca21e5116ecd8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"b98957955ae1042a4418b292fe4b042a70ab028f45d2abd7fcecc5630866867ed11617f6b74ba227dffbe33476","nonce":"67c9d05330ca21e5116ecd8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"e58d9835b2a2141579d95a2ac32d4365b7d99c1083c0c8ccbea5759ec096f58d4bd508fe38ec9257ce0fc77053","nonce":"67c9d05330ca21e5116ecd8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"846b5004f98646d195d5dc77308588a78fc0449bcafb7f072b5c44c95e07f2dffac2bf7325ceac4752f71528ab","nonce":"67c9d05330ca21e5116ecd8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"5493f9122e4798bb322db4b9c4c1c6bb12ed9c0abf99e6a9319dc7d2f6c9f50d9135f8372f95d9001387e1afc0","nonce":"67c9d05330ca21e5116ecd8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"71e8cb55f558900efe9b1513862cdbfb41d641a7856f2b6c6c247518831e3d8037a068cbcea6fe8ffdc0b27248","nonce":"67c9d05330ca21e5116ecd88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"eb007897bf32b0ddfe92e01405195ac5bce3d6f8ead669b134b79eced5b1f5e8f1d469603302ca75f67d287b2d","nonce":"67c9d05330ca21e5116ecd89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"5a96df4dde4351b6dbef1f2c0e3cb3e3d443bf788d2974ace398ea53c75e4f92c7674209c147de318652fc7344","nonce":"67c9d05330ca21e5116ecd96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"8beba71ae85efdcb6db274fc7572a5b3890424e0d74335198df387b2e4c3a3e95e5b8e36771319369ce13786f7","nonce":"67c9d05330ca21e5116ecd97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"38c957dfc8905705461e807937971f0a692a90d4f2cd3621e2967f6695e5ab98eee71ebe0c6e1d88ff018fdd81","nonce":"67c9d05330ca21e5116ecd94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"9793b784cd51593c4fe51603c6c9eeeb7d9bb22b27a1ed381815fdecd3c8d6a4c051497b36ce614b9ef6d67bbe","nonce":"67c9d05330ca21e5116ecd95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"f19ee9aa0aa9200f5c5e68a2b179b673120642270cef242c39d61e90ff7a8a130b57093a3eecf5592c902e073a","nonce":"67c9d05330ca21e5116ecd92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"0873eff3effb6a044e14cab46bfc3167d7ef48f74f95c70e624d9ad813a5a0c54db03c516de8127c7afa17e80d","nonce":"67c9d05330ca21e5116ecd93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"1a5e68ac183d724b2742d3be46e5a01847145abe1f17cb80e9747eddbd191d9bc44b4210f4874cf3310158f8ed","nonce":"67c9d05330ca21e5116ecd90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"8d96b0a048effa18b2aa7300df35fb7c1016da378c5bdc525259456408915572507b27437159c7d5f85fa21ad4","nonce":"67c9d05330ca21e5116ecd91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"2af1a9334289ea2fcbd0d622be3232156be5ad394b0a757b9bbc4c9cb230db9cbf3a40b7f42ef85774c39c72b3","nonce":"67c9d05330ca21e5116ecd9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"38eccdafd0eea5b897a551cd366a89dbca8a4d52bb5d1dce5c8e928a2e05780b00cdcc6cf3829837ba04f43a7c","nonce":"67c9d05330ca21e5116ecd9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"bbf6b8a65c85872c917fba0f083ab768c3a9a17f78c9983ed88204796581c7a8719e63f9e2c1f6ade430f7ac48","nonce":"67c9d05330ca21e5116ecd9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"b5d8802c314a2fb02a8b70cfa4d3b2276c9e99ac6e5ec5b610f079492ad9aafbd8494385e3b0b869d8a050d1e1","nonce":"67c9d05330ca21e5116ecd9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"559fc8309511a30f5136165a4c5c50675d5646b1ef223d22f4bba954128da1d81279bd07c6c43a8179f4a00861","nonce":"67c9d05330ca21e5116ecd9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"a42b4e52b2bb418cf01da03790f3b0c2b68a6c0342efce49548dd17fba849b196cb3ef325da5e1e56d194df59b","nonce":"67c9d05330ca21e5116ecd9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"65e49e02f937a9203a497188c566ac1f0d348ade83f883f7996693a58b0ff73d316a9edb99bec12ccff52e3981","nonce":"67c9d05330ca21e5116ecd98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"722117a566f8a5913f5e383d521605a6f1c8dac5e11561fbcb96ffc48c19e1c079928bd390f4967194cef10327","nonce":"67c9d05330ca21e5116ecd99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"69d1b5cbcdc74d69abf1bc029f5031fe1b11123f38405ef5d612530c9136a213bca7ceb012cf3ef67aa6ba9109","nonce":"67c9d05330ca21e5116ecde6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"5200b62b890b8d175a7033032a74058fd6538624f67cd9735ce73e870bf870794f5eee93fe6503dc5ea98015ad","nonce":"67c9d05330ca21e5116ecde7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"a1e881a3d7049c9ed7f7a7acb7ba7f640fd4280451a2da7b025deabfe873e6c618e2eecb7a506be5767ba99b53","nonce":"67c9d05330ca21e5116ecde4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"c095dcb6529bbc5de342069baf83c6ba1cd6e1af0da34d345b367ad65bcea08d55698f3f6dbd47f54d90f9d793","nonce":"67c9d05330ca21e5116ecde5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"53ad767c0e221642d8b4c5e76fb693de954cc98b214be66fe0d436064f48f8182cc2f4f10060bd7381cf3b7796","nonce":"67c9d05330ca21e5116ecde2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"a49008f5e88bd4502edc4a45000f5a34956ed427e3562467ebaa421383616edca25d671bde0d024c64aa6d2640","nonce":"67c9d05330ca21e5116ecde3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"de24356cb13aa2c8f03b629ffacb86f0fe44d5c4d1818db6dc98765c92e705e5d9cc3e6a7df1b38b0b77355743","nonce":"67c9d05330ca21e5116ecde0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"a267557925b52c29b07171a8d01941eecd6dafa220b3c524b2c9a1f8a5ca6eead4a3a45c5869c55b169877268d","nonce":"67c9d05330ca21e5116ecde1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"0e4c086ae7d5ae721c64722287b966af564229bf8f9c706c897931c212dcaf325b3c475d6166a973b731cd9657","nonce":"67c9d05330ca21e5116ecdee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"23bbf4b519488801c1fecb0e08e121b1a23b3661d3ef91dacdca9b565e0bb42d039c34558347a155ec22207e13","nonce":"67c9d05330ca21e5116ecdef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"cb5ad8d828c20e16d01d68cd1e98f96a261ba861aa0ff0da0f4ab190cbe803bf09206104fe4098eb733558d294","nonce":"67c9d05330ca21e5116ecdec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"2dfad4f016b92cae68dda7ad71472275e6ee9496236f19c73aca6b0c06c520baa60559a91fa8ccc4eb4cb35f48","nonce":"67c9d05330ca21e5116ecded","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"22cd6c2d0f6cf56bfdbbffd6b2d2260fccb2dc79b57577e83a50a0f11c29a8d8546dbac9e543c5eec2dbeaefb2","nonce":"67c9d05330ca21e5116ecdea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"50f1910292e281ee1ded08ea29ca7895477608842b49fb2f0b08d844566cb82a26014cccc6ccd2798fc94ba236","nonce":"67c9d05330ca21e5116ecdeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"592fe6bbfad050edddb3eeedfa97286a644ab80b447d338b585cb26516b8cfe05430d73f34ec4a3d7f50d22219","nonce":"67c9d05330ca21e5116ecde8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"fabeac41a6de765075fe6821f3cea8c72894fddb0d314dc8716a2ac062f8600d8acc2b23b732839c9a2c520f41","nonce":"67c9d05330ca21e5116ecde9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"3d0ff7e65af8bd971be7013db9e02990232b78c3f54b4b7539d0da051a184c5f082ad1f089eaf497b425c11965","nonce":"67c9d05330ca21e5116ecdf6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"279f30baf66b1a83314fd4bd0e4ac42170aca9639a9efc9f20e88f7aa4cf5648c6bed80a78c7cc8b58a4b2f387","nonce":"67c9d05330ca21e5116ecdf7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"ac4bd8fcceb8d158953ff6bd9791fb93dd8032640ec46b6af5041f396dc756340097dcff20c57726acbc78d9b6","nonce":"67c9d05330ca21e5116ecdf4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"84b17f3028c480dab26fb53d29f13dd0ef5cbb75ab9b77a1b24a8c6bdbdb88f68705f8b1e84acb8c1cb39ba29b","nonce":"67c9d05330ca21e5116ecdf5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"bb19cab0979976c199337c4604e1b1490346fec1f6f6c6699b7899099a0ac776586e14274f228d595ff9c5cb1c","nonce":"67c9d05330ca21e5116ecdf2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"cf3373ea3689a67cc481ff9a3054ceb13d5b3d7a45f09c7812dec0afd111a1ce9ed57dfbb981b69eff964a34c3","nonce":"67c9d05330ca21e5116ecdf3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"1b305bdbe3aa5501d2786f875b35008ef5520f9eef3f336f6b6ac25962d021b0ebd8a47a76d8ffc0035f1263ca","nonce":"67c9d05330ca21e5116ecdf0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"636b16bb732dd0465285a7d225e8145ca4d8f004cff4f319129dc1134855c1855f3274d2fadbe086d8d5aae1e2","nonce":"67c9d05330ca21e5116ecdf1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"84ac2fd4a688955690dd261dfefa8695d78c0fa626670c4960f2b65c444fbaf55a92f2a3bbad38711bac663c7e","nonce":"67c9d05330ca21e5116ecdfe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"11d3b982c32d5aeb9babfbb8863f50f544c4edb5ae555997be9148e64e8c8313af335c816c61ff66d8ae365865","nonce":"67c9d05330ca21e5116ecdff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"b0c8837e81b041ab7c1be0a7617163680d0561493d0135ffd40e2b58fff536628ae8e98a38eb243ad1ad5f263c","nonce":"67c9d05330ca21e5116ecdfc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"07c56ea7c1819d69b63d5394b069d7ed82dfe6a8b2725e1735720027ebbe51e21b4830a759bca1895d2494889c","nonce":"67c9d05330ca21e5116ecdfd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"db1fe1233c45cfc3a70f7a90048d50d4b56c9fec398349599f1cd0abe3e56bcfecc5ae2e95a7fac937a8b8ad51","nonce":"67c9d05330ca21e5116ecdfa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"2e158faa2198fd58514af6b5498df712b393036742af382f58821fd0a486522633eafc25bc1d6d70bb9dd778c3","nonce":"67c9d05330ca21e5116ecdfb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"8aa4e569a1c54e7d15bec7871affc2ca604906d9cf0b0ee127f9f3821a0bc07a92ff1ab25541f52fcfb5660a68","nonce":"67c9d05330ca21e5116ecdf8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"66903f674509880907a118f196bbaefdb2963b3ba3a788d121ad255a78d03b8947e92aafa63b6e12303231d992","nonce":"67c9d05330ca21e5116ecdf9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"41715049fac57c62ba904a30f06c4abfb484816d4ccbc756e76a46318632c1e95395663f9e4759d782ac1233e4","nonce":"67c9d05330ca21e5116ecdc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"f565219dd2509d0a111f191483ae01bd99c3946cb19900c3835a625941e607ed6d46ee5390e91fe2f71d614154","nonce":"67c9d05330ca21e5116ecdc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"e72d952914176e1ee6f5dc405a101650b9dd0674271b683634bc10fe8dea5219149abcc301f48ed8b3fc35a3db","nonce":"67c9d05330ca21e5116ecdc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"74a9584cf3232a5dea614138eb81118072782696edf501031d0c944e6af4d185a3ff3bb473512f4e1a9587b54e","nonce":"67c9d05330ca21e5116ecdc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"38a526cc39ccf16cd60511f0be0f67195af6ec5ebc33c4c040b3156483f2c4717a3528da8dcfe26c65db25a37c","nonce":"67c9d05330ca21e5116ecdc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"f5c6ad92c26573191f424538d5e25f9b19a4f81631ec963249dfff831af121711b3e859b322e1156b4d580d3a4","nonce":"67c9d05330ca21e5116ecdc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"aedfe4ab685b10c98fd255b40df3cd7c268d328d809ecc9e3fba613fbda61dacb3c36b74e4e3f5faa2bb0a98a3","nonce":"67c9d05330ca21e5116ecdc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"9247829aedf3675669b5e5b7976da011121036b34d880e9f002cef6f324b478c01ee20f34540e7faf97604f3ee","nonce":"67c9d05330ca21e5116ecdc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"5d8f882ace409d705ec7b5fc13b9fb7ccc99b87e781bd747e08b6a96891d320f615a504d191574832e0200d357","nonce":"67c9d05330ca21e5116ecdce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"2ee1b844c882056d9bf1de70ec2844db198246f2ef47ec570d5ebbead6228a4c5f936deeda1b8e1b76cb18d677","nonce":"67c9d05330ca21e5116ecdcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"9512332ce2e8981d268308cb1e445c7933947126f1e538a70774b50c62ae4e32b566ebb9154fbbb168b606b940","nonce":"67c9d05330ca21e5116ecdcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"7c4fbe356ce2a1f4a992757204ade772235737e07c5f57cb9df1bf74b43cab0674064623dba069f8d0f8354968","nonce":"67c9d05330ca21e5116ecdcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"ef13a690eff2e4031740464c45af649d95586eaadc50c734222f996b356ff8d0e148c100c67ea9f4424df3e158","nonce":"67c9d05330ca21e5116ecdca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"65f29f25cc83a9e200cf4e53f6f4ccdd2c95727d52f9105ca564fe9cb2354a58fc120a7507104dff82f2db8928","nonce":"67c9d05330ca21e5116ecdcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"ae944dc7a8443fded73b753d8b5728bae6f92fe5047504be93e961b07af0b70b2fe5d2fd88e68a5726903e40f7","nonce":"67c9d05330ca21e5116ecdc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"e8342c756e85e8a7927b3fe8568e2d3b4385f3426ed941e5771cb51b49df11c973a6375ee847cf9437fd214b19","nonce":"67c9d05330ca21e5116ecdc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"25c246a9c11e6b309ff47e67a9f1548ed6852392cfeb2f4ca72260c581a5223c9c74ba3875f27fc830753edcb5","nonce":"67c9d05330ca21e5116ecdd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"24cbe8b8ee525aef83b6f31aa77321591d50a5725a1039e81decda0d89a04a69bf9c230c6929b52ea904528ad1","nonce":"67c9d05330ca21e5116ecdd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"71817f98307d9868e767ec5be2012165a3db842855aefdae7149aa3a22b66d9019ea1fd3ebbb4217cbe085939e","nonce":"67c9d05330ca21e5116ecdd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"68b635801b64120912af2a228ef93a0aa573a6619decd0db9d879e92f162b7d67ef3e8ae76fa7b4d281f1c25cd","nonce":"67c9d05330ca21e5116ecdd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"4c4ea83a93ffb96a05b3bbdb94499e626228a4044809fb22322df7ed7ffad75134e4f5412d7c5d81a601c7664a","nonce":"67c9d05330ca21e5116ecdd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"39ec8bda9778a2fe9048c3c8a290edfbeb0ddf1649eef980b7123055feb8c5f913048cef0b7427a93e17b614c1","nonce":"67c9d05330ca21e5116ecdd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"e6400cbac5c97f94ed85e74bec4c9753773d5012b37f963caf602da76b56a6020eb8aee49aca5caf1a97f21563","nonce":"67c9d05330ca21e5116ecdd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"6e4d2d034114de733f33473c9683be2830afbcd3f7a43b6c125e16e4334bd44d9654c0acf2f89df10abe60441d","nonce":"67c9d05330ca21e5116ecdd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"9bb149fdfa2d31e51285572201c04cb4d30f0422654fc0f648a3fb02adc6555de311d7d8c04ddaf9f8257e6bf0","nonce":"67c9d05330ca21e5116ecdde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"8fddb3fd9e6bd543e79e7ac33e89d91b92e591d2bafff4a107cf9417659f59dae7065c620397c4efbc16b1d08b","nonce":"67c9d05330ca21e5116ecddf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"e139f4b0f6a0524c3c2e1bbfb32eb74ec764592245ef8f4d40c5a06aadc6fed0c06d8db7fadca25d4e966ee0e0","nonce":"67c9d05330ca21e5116ecddc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"ad7934b21e8a6268284ee2462fe24825122cf06745ce3de319b9fce9cab676b529e2da426659464a3ae52acf78","nonce":"67c9d05330ca21e5116ecddd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"145276cebad6408ce0f6310eebda1b1e85c6408c0f04218cd10ed9a440367a452381aae5d5b8335a421960ccf6","nonce":"67c9d05330ca21e5116ecdda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"b09fae7698ba9d98f666f09913c4550315ba62cbaba2ff9abc6c156746def582a28c1f8baf91ad419dac2ff3af","nonce":"67c9d05330ca21e5116ecddb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"f368dea86fc6ea083ef9b469e0036d2f73a0be76d431bf85ea81cde2bf4abbcdbb11066587a50bdc92e3bf107f","nonce":"67c9d05330ca21e5116ecdd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"ef18be0f5115d57292e6737fcf392403215e89420ebc1ce49b4fa896c30c1f7569c0610fac7d7899a9fccde7a6","nonce":"67c9d05330ca21e5116ecdd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"f65c2b480195695c464eda7e4e06406900bccfe1342b495b9afc7cb618f4df581955ce783a786ce87f6d621555","nonce":"67c9d05330ca21e5116ecd26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"738a94c93f53e2092971af0820e9dbf4890326dcdc33d3f0d50d4be1ec7e1e80e9f4e6f74e0eb2206f9f039407","nonce":"67c9d05330ca21e5116ecd27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"d79a712cd3681c505e44b614884f651fbebfe04e5d85554d19fef359e0a52a8e4c9c713e26e7eb3303c6ee0d91","nonce":"67c9d05330ca21e5116ecd24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"727887430d5252439c28f6b84b672d2a8d21c5688d1a34f151737fc75b0d9aac990d1351b96d9596332a5a158f","nonce":"67c9d05330ca21e5116ecd25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"b9433b8c2a110ac03bb9d859acf85787baa95852a5d0cdf5689f1149a2223642f1f69708293d584538fc4178a0","nonce":"67c9d05330ca21e5116ecd22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"dc8c27dca8a9715b90d5b7ad2386a9f0e58ab249114b42462eacacfac884e3604262fbab04e653da92265d4c9f","nonce":"67c9d05330ca21e5116ecd23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"560871e76ae2c3a868568f69164e325e0d58bd8973f26cfcc42fed6f92da44e6f5713241ec6699260ead7a703b","nonce":"67c9d05330ca21e5116ecd20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"32f282c950975352a542c32565c7f1fdc34cf3f3998a3defcb3d613948b4cac558af02b6d2b804ae7c1a41d310","nonce":"67c9d05330ca21e5116ecd21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"e874867c8132f9be01030bf40f16656aab6f255af5029945a9fba6b7b90d48f3d9481a2b7dd59cd7e3960eb84b","nonce":"67c9d05330ca21e5116ecd2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"e5df25d244b26d349ca5d9c5ec0ea14a0ea37580457105260b9945a18e293c93e505c0c71887332995f956aaf8","nonce":"67c9d05330ca21e5116ecd2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"145206efdf3ff54ee29214e2337f6d1ffb1499a9d2be7b9f34326bdf21c27f38a0621f3e3da09d8e07504658a6","nonce":"67c9d05330ca21e5116ecd2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"5be84c7b8d1bd4e6951e06f3e0ebdab38cda0491638d52d40e3a7c65750cfb3f4e079330dfa2cdc0c1b999e36c","nonce":"67c9d05330ca21e5116ecd2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"b50d7ae02c2ea8c9548ec0aac8828c704cc6eb1dfbb4374f9c6f26e5d6c24d9e492f376198a1da0a9f90ccadd1","nonce":"67c9d05330ca21e5116ecd2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"36aaad83de480623a609a6b619f3ad003bede0d8c38141c1c575b673add02da6fd5b827ba1099bd39bce99762f","nonce":"67c9d05330ca21e5116ecd2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"bcebedc8f5642fb055e55b83f282d984f5e1f880a974c883f131f546ab21f717509acef7638db86f398212999e","nonce":"67c9d05330ca21e5116ecd28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"4dd7e9e25c893425be59c10cd3c228b219cd02ddfd099cbf13d83fcfad72a3775d5ceebdadfab6fb9e76d7ff40","nonce":"67c9d05330ca21e5116ecd29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"e05d805bc1e6709d865309248f2b9a6deb6ca871f741b3b10e7d23f52493b8c91145ae8e427dbe3ffbe9234f2b","nonce":"67c9d05330ca21e5116ecd36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"713a34447974a41aff693c4d5424920d1b609e03b973f2a4eab5ac2edc6c7c5b456fdf700259c598f63a4967ee","nonce":"67c9d05330ca21e5116ecd37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"d075a0e791083aa6fb4a2520100e68ac57c25f243c543d4a86568b2067ca1b4cf7e23339339544cf4a5eeb7a62","nonce":"67c9d05330ca21e5116ecd34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"a275d50e8fe42be14062784e511979d4554c44da68ef912e7f8b24defe40b711e4823748dd108b97c37497bd77","nonce":"67c9d05330ca21e5116ecd35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"e2122707289b2407b6503fe69e54c4295c8c691fd65ebcc9cfaaa7a508b3cc7464257997a3d7583cafb8c4ebe6","nonce":"67c9d05330ca21e5116ecd32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"3b72b9d9d2add68d7f5619bd8740434e1440e63190082102cea6310d8eeb3fd59dd8957a817e177ddad262e9a4","nonce":"67c9d05330ca21e5116ecd33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"848342c3cb273b5e53c29209c97180d1b4ab01c3e2631111c6c423a0ce19ab8713447136c0b0e227fe9fc06b03","nonce":"67c9d05330ca21e5116ecd30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"0235fc6b0d4a440e2105339271d8aacdbf0b6dfa52c3a1f0eb39286d26c9b8fb1f2db21b407aa0499e4f65dc1f","nonce":"67c9d05330ca21e5116ecd31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"8b0a77016e3278f8ec835cd334aed69cc8a948a173dbbdd6d12718cbbfd07b4b3be49df676d7b6bbb9494e21ca","nonce":"67c9d05330ca21e5116ecd3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"8557c76cf4fd05924e66a60be05ff62f40d8f3ebd71ef1147ef6ddfcd3418bfb6a2460b0395394a834e55556f1","nonce":"67c9d05330ca21e5116ecd3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"313f17f5ff15021bfbc18f5a3b6d6391198ad50290a8bd22ea1375581748aa21e4ddec7a5cd2b7100e2998b468","nonce":"67c9d05330ca21e5116ecd3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"303b027ebca7231bc52990d22305eb4bc79717e2b71be304415c415edd068306582cab5f277e751d11bbadb274","nonce":"67c9d05330ca21e5116ecd3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"b38a5a01b0459d6ebd6f0573759260a8a8d798b23cfc16754bcc8e53c5b0673aa619154d3eeceb7c7739e21dc0","nonce":"67c9d05330ca21e5116ecd3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"f2a340383c117e2f44eabd8cd33f9bcf672b95221b68fbd48dc0bebbdcf90feab1af131125a066b16ac5a3e458","nonce":"67c9d05330ca21e5116ecd3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"ae35e6b9bc8e2791880563181bc4236282413d66d954636085fffd6516cc80a49545a5b3071172198c01f1822c","nonce":"67c9d05330ca21e5116ecd38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"f2ecc3d483955466f74023f956cf3daaa00a617877a16227f7ad76a5e317cb67a4351f3a0aa5e5b4057707ee19","nonce":"67c9d05330ca21e5116ecd39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"b905dbdb11e5fd1d31b69ccddd9050edb34ad5a900ff42538c10f48caf002367501d69a36bb72583af25d01eb6","nonce":"67c9d05330ca21e5116ecd06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"9ea94b4f3f75b0a0d6819ff8ada5f06413ab75123e6a31e085dc705618b738ca735d9ce1a06e48754b7925d971","nonce":"67c9d05330ca21e5116ecd07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"c1e41502f8c5a5c6e76421cd28724b4e7d2f9911a124e19326ba31c3480185b347e50cf39fd19b41f14ad4916a","nonce":"67c9d05330ca21e5116ecd04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"63866f80575963e43b81ffbdd3bbe13e3cbac77be431667a1226c4cfac071217dc685d2f065c1e7a299b86d507","nonce":"67c9d05330ca21e5116ecd05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"747ac5dcaf202566184b726e56250a7a25cbfba5803ce528f300da4c7316bd9ca379bd7ff9d9b650fc50ca1ece","nonce":"67c9d05330ca21e5116ecd02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"400b2a39ff76a61347ff63cb5163df664dac0f50d5c0b02bf274c3c8652c0c5a0b56f4698299db4e1f1e9b79b0","nonce":"67c9d05330ca21e5116ecd03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"24d60e3dbfa3aa2709923827422537b037789c204520409a03d09c6d95ca008e9df90ea69833207d2b702b2ee4","nonce":"67c9d05330ca21e5116ecd00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"bcd2fc21a0f92af15bf690ae8c5e8bf09c8a66689c84e3396a23201c1a878e075d7cd760abd7ca7a79578d0366","nonce":"67c9d05330ca21e5116ecd01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"691c7b5ec492fc5e8c191fa15a6124c374c87521d1a7c19a51d61449ac2147eb79d88828c66be34a89662259ff","nonce":"67c9d05330ca21e5116ecd0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"5c636a2310a133b2e93d26563dee0898570936da0f878ed551eb14c9f3fac86ced1eebf41c9fb35d5e58fcb159","nonce":"67c9d05330ca21e5116ecd0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"c2e7d16e8c7b658e835fd35484604399f8ba8d9562591f94e766e85f305bb64a7cf2b910af5af4a9b6cfa1f59d","nonce":"67c9d05330ca21e5116ecd0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"87d8af4fc7534492f0f5f4cfad55d7997e8720c9d138b4b4ddc74ed14c261692fe21abbbf9531b4247c3c188eb","nonce":"67c9d05330ca21e5116ecd0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"70b260868b845d916ac035bf33ea442bb327fedbb0281126c6bb56851db52ff04f1026e0380d31fe2278964e05","nonce":"67c9d05330ca21e5116ecd0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"cb70449d272028ddbf8c8596e35ce7d78337b8411778aeee0774301fc7dd898f7916339dd5ef61e2f345dbd827","nonce":"67c9d05330ca21e5116ecd0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"3821df33bd5118fcf0d249579e3ee710052b5647551eafd2760c62bc4b4909ab5ffef103d0518bc2a77af969a6","nonce":"67c9d05330ca21e5116ecd08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"27f57839eed073e3b1f1f4ffea5429d283da71c6acbc8da6cd076537b3ab892bd2eda646034678bf2ff513cf99","nonce":"67c9d05330ca21e5116ecd09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"fc723f0ede4841f0446669bb5662bfc9b67204063f14eda30ed17e9a962cfcf123fa28cc10d552f80cef521b54","nonce":"67c9d05330ca21e5116ecd16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"23a0e99d2290f10fec660b8013210de584fc6b77777e1ea77e8db1ab4ac20ded2ee22a6601cbcee3617adeb835","nonce":"67c9d05330ca21e5116ecd17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"eb11f69f89c0541fbd7e2c27447046634ef116803df2e25e24787453a506eb03c1654bc8f457586ef987718df5","nonce":"67c9d05330ca21e5116ecd14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"f6cd21185ca66e40631fe4884f89857178e4708d355518be2c558f0320707ec40d8dff0b3b32eff76768cf9a4c","nonce":"67c9d05330ca21e5116ecd15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"61b04d4c63b32f669a355024789ae354a4e625f00bf937653e314d58ecaed3e6df218214fded02da3d860f22fc","nonce":"67c9d05330ca21e5116ecd12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"723815c3f96b50510045f507653e048919c820c3dc3afbe9a2ba4afca21e53d308e4b25a8069a068a59e7e3a9a","nonce":"67c9d05330ca21e5116ecd13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"ddd2aa902f363d77ecf1d503595df8f698d0783632990b122d6521ca1f78c1cd4260608006b91002191a446393","nonce":"67c9d05330ca21e5116ecd10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"ea400ed839664c5feb50e5d2745d70602b022b526b939593dc8bceb2436e86e10b4058d6577bd789a2593c0300","nonce":"67c9d05330ca21e5116ecd11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"6b63366fc87f5c5c25b132d7e5bcd3c7bc5f5a7f83a14682c6a8a74a6e9b41363182fe4d6301deedc829527c97","nonce":"67c9d05330ca21e5116ecd1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"8705eb21b2bc21545db12aa099d548f9d12786f0aef5cecf9abed9555d4e81ae078a9ef0320d17a0a7f12350bf","nonce":"67c9d05330ca21e5116ecd1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"5a1875c6d702287515377757e184d76744597d58ced60b666794e4bd222ebf2a66d837d261932e494ce846fec4","nonce":"67c9d05330ca21e5116ecd1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"1a5d886a2e7b3dcdf0574843ca254472e753f63a722bb883ca5b5a1ac987ff415f63cdc79a682b58e80da7b7ca","nonce":"67c9d05330ca21e5116ecd1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"d2f45a3874e1f9c19a4686f772108cee88e52e333a1e3a0845970f5e74d9a41014b5e3f29ae15b51cd13d17e11","nonce":"67c9d05330ca21e5116ecd1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"e064a2012e418ac061db368f4dc3ee79f22397a77b465113577f75fa0595f6a2e51cff05a1202f12807186eca6","nonce":"67c9d05330ca21e5116ecd1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"4c528f74edc05b1de264306d8c119fe34d4e943c551bb252e4917de01168a3f563f4c0cb1affe448d08c489ce1","nonce":"67c9d05330ca21e5116ecd18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"fdc32e63b391c6d6bbfe1138c1a076acc0a816199bd3f6b9ea052a156c72409f27ee21bf3c005de0036db3342e","nonce":"67c9d05330ca21e5116ecd19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"66dd842de4b1b89b0eaf9a4822181089d857f4aa1f8b33fca0f61f03d917bb1b7612a5dc19be55650f61d1c2df","nonce":"67c9d05330ca21e5116ecd66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"f180f665d84305cf5337d146be92e4afa8a0c14e7e5fd2d7585d82a4c8c25aca8925707ac6b36143bff7eb4d10","nonce":"67c9d05330ca21e5116ecd67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"85217b3e0277cee8f90a7093f890ab14b4067265c67be8ee83106f382ed657af7b925148d2f84dc45344425a7c","nonce":"67c9d05330ca21e5116ecd64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"ceb37e08c3be4068d7c369f576e59e9e7429aa7f09cf18fbe84df2485ebba01654dc30382ed90a3f8c657ee6e0","nonce":"67c9d05330ca21e5116ecd65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"384590d7453c83b5f784cf81689759f837a8bca068c86510b0353ac41e14d2f8dcceb8b079a1ca806bf194ca9f","nonce":"67c9d05330ca21e5116ecd62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"c31ad1d907e52118580552071f1a956cccbf6ff97d8b37e1243d8b09e7bcd119cf17595b141d149bde585d7cb7","nonce":"67c9d05330ca21e5116ecd63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"4a73133f5e6ca91847cbd92f2f96b270ceb44f5747a2de24aba61993b6d10ac208f1e99d2256300b6770bb302c","nonce":"67c9d05330ca21e5116ecd60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"fca1d3246e1dc9f1c6c528c16cea526ff46c13ac567166bd0ee94d0f8db7e73c219089b0ba5af41f7322661a4e","nonce":"67c9d05330ca21e5116ecd61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"158492cc226b1fb3d20a092aebc875638ad184b5a1e0d62f22a91129ad5d34bf1099a767f06f22606cafc99cf9","nonce":"67c9d05330ca21e5116ecd6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"3a8e97b345d482853bea989262f06a54ddcee7fb48f644bc69b7af6393112b33f203a323311bc52813c9ebb364","nonce":"67c9d05330ca21e5116ecd6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"f73a72e72f9e16ce6d9f61f15afb870313002d13776984892eb1cac18809b895d22de12888c5eb2493915fe8c2","nonce":"67c9d05330ca21e5116ecd6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"7fe4caefc5482e94f0577f254226384a732916489547ce8121db05d7e36a71c5b66159939047c15e19abc82a38","nonce":"67c9d05330ca21e5116ecd6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"f7b63c102585c17f0b4195b92461ed531e0d4c24bf30b5da14cd6669cc74c329fea0fdf52dda8a5340f0e6fb44","nonce":"67c9d05330ca21e5116ecd6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"0f3e0c3203fcce95f6b32a5025c8f8e1d28d5bb37965d1ad62f6df22c4daff2cdd5c42e9e1f17116e55c6b39bb","nonce":"67c9d05330ca21e5116ecd6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"22dd0a1c62b01cff5524f837812eef7923eb6184a3ed57f04fadfa81cbcf44950a05ce0acdaa48abc0c70b16e2","nonce":"67c9d05330ca21e5116ecd68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"834496270dd3cdec43af2ad4c4b12674e401279bed1ac533213ce3b9cfb88b2bdd9f0aa7f07507eb68e854a29c","nonce":"67c9d05330ca21e5116ecd69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"bd20e02fe1779186582e7fcf1a2a16fc4d845bb9914c7a87231a307f07acb6105f132ce4dc7ab3ec011f8ce8b3","nonce":"67c9d05330ca21e5116ecd76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"fc636b26a8f635381cf7a0f540780c26075d8f3606f308cfafe84af69f25a8bdfe326173ba79204f82bfa4d276","nonce":"67c9d05330ca21e5116ecd77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"2acbc49a5b00c17e15d0e02f5f12911515175df3ed18649891c0adbc52663cca834b1db9064966c0be40faf28c","nonce":"67c9d05330ca21e5116ecd74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"d5428fa6892abf6b8c0f058c4a261c40e73a127e2f7ba15cd14143895f1f18151016368728d65abfb15705ca42","nonce":"67c9d05330ca21e5116ecd75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"eec8e9dc342e9d0632854df26d10dbba55371ba95d207b190695cc3395efe08ce4a98df77b1224f66ebe969abe","nonce":"67c9d05330ca21e5116ecd72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"fee549ab39d2d4fc74c126a3691f47b1e46ea4fe24b12b9676422dde54197a264b2f94fd50534553e9c401437c","nonce":"67c9d05330ca21e5116ecd73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"228fe846ce4d4f9dfabd7225dc61801845d70c6357b022bd12d08709821cbde4703509c6708d83fd2fd5f3c54f","nonce":"67c9d05330ca21e5116ecd70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"642178b5f8b6a9952523d9f3f7387c73867b3012ff3a1626977eeb79ae4c7e47572d2e59c9095cde26c3d145af","nonce":"67c9d05330ca21e5116ecd71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"491a3a573ff30873bb26d9ddf6d91ea1f9467e2ed8f113a4a7cc312ce7a768589c35f5e1e05bfe2c52439e9dde","nonce":"67c9d05330ca21e5116ecd7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"ca2fe8c4b1111ec866f61efc737c91e0142b834ab074c818b4dd6fed6d8b820ba4ef9bc1bb0dc1b14ce8788a85","nonce":"67c9d05330ca21e5116ecd7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"4272addc34f0e148f508d955129f1092732ed429e9707613a1e30d1a13c94f24f47453136869e9b8ead75adc51","nonce":"67c9d05330ca21e5116ecd7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"7b655305237d170da242d77728dbca93ac23acd002227f46eeb140ebf8a8e2589b88116f6b78fc8407bcce635f","nonce":"67c9d05330ca21e5116ecd7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"2168577802a89b9fd71e8066f174b48e62a5fbacbd09455ac0be4defb46c7a016c751e15eab3f2b1a72c4e709b","nonce":"67c9d05330ca21e5116ecd7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"12272a87cdb116720789d73538e7281e927bdd2076b5778771195abd75e887f3eabd5a01e097a8cf0f7e444ac6","nonce":"67c9d05330ca21e5116ecd7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"238244387f04d69893b7d81e93d2f12d152499e6f4e0c217f6bd0f911f2eb60053128aea1cb4ff3aaba3cf0116","nonce":"67c9d05330ca21e5116ecd78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"d99d7b8829f6d6fcfb4e25943ae37860e7c4ec632c2884ae29d84ae1d171af6b0fadc50fc11012719ca2bcc48f","nonce":"67c9d05330ca21e5116ecd79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"4a3ec45638bba080f53d58cae992315ce2f2454f4cb98dbf893e55d5c71a54ce69b1bd5adb6f0e0fcf678db795","nonce":"67c9d05330ca21e5116ecd46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"b2c5e72b28cda9f4c84919d16907096e7dc42b45d40a705be45dfea28be86f460267e9f851ef40991cbed5f38c","nonce":"67c9d05330ca21e5116ecd47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"0efb8627b22b24facb606bf318aa7b60a51aff0f5ea5d57f6300551ffff9b16784b0ac06ea9553001a7d04ab8b","nonce":"67c9d05330ca21e5116ecd44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"2f39a223cfa2f68a4f9273cf11c038bace6ce04332a5c22827337d85d921648c9dc8b2b4bc1307cbe55c340fa7","nonce":"67c9d05330ca21e5116ecd45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"c33329b6351e2903495bae0b23de94433cefa21eac9648c47bd739a902865d55c35bb9b61a9232070293855b13","nonce":"67c9d05330ca21e5116ecd42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"eb6e9beef55551201b428747d2fa87f8d0ed4dd02e780766c78263ffe19e5e05c539abd75b85a88423b03fe3eb","nonce":"67c9d05330ca21e5116ecd43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"ac534af2d1dc9b4a9eff9a4597af802a08bb5c1a55d03882fd661f866b1a94f7727291a300e567ba5af99ca368","nonce":"67c9d05330ca21e5116ecd40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"29d68a6c4c1d141cd548bf8082e19d7c3c65fcf562e19edab6babdf5365145f7f34d4ce4b566c79e622abe6bff","nonce":"67c9d05330ca21e5116ecd41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"f7479d4fdd36ba9e67b7b8e2f626701cc222e8197e0c25b5c0d0249e4d5d2b599cee7f5cea1eac928477461e29","nonce":"67c9d05330ca21e5116ecd4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"6c0ae74fcd8036eabe9694043b81354ec25a8b06fee6d90dbff6be399929a8fa8a7e3062692061771926333f1d","nonce":"67c9d05330ca21e5116ecd4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"b55fd203c71880b68414f2dd6efb20d2c98b76f8c81624e65b8c1ffa9822ee87ed6887cf96072b18056f12b9d8","nonce":"67c9d05330ca21e5116ecd4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"6d9f2b28b63f3e40608b6433b05c261298b857e97d2258602a574b1aeb1b7db02fc2308afb457d3a21237761dd","nonce":"67c9d05330ca21e5116ecd4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"0ce3927557c84fa4c510258c70d03ffff18db98d379938a17fa6489127050f362152c05691a454812b95ff6ff6","nonce":"67c9d05330ca21e5116ecd4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"fe869c8cff9773663630e84d49475d225a64b3fcdb56a2b92665a1598addbfd3d465b543049780260ca75dbcd2","nonce":"67c9d05330ca21e5116ecd4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"9222eec2251443d0767c0b03b282917a795e46a2cd60cb799848282228197d03b36f4247dea332ce460bc4245f","nonce":"67c9d05330ca21e5116ecd48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"ac10a3d969c335b9a4f1794c6b0dc904a03ff64a3393716d703fd14b692af71e88f1650ea23948ff4d9187f722","nonce":"67c9d05330ca21e5116ecd49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"7f1703899fb2d9db1c1aea0b5eae9fb3fe411111c5e73ad088763844c5b8d7d0cd68f1ab613f65c2c6907ca966","nonce":"67c9d05330ca21e5116ecd56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"50d3f173d35931e5832ebb59173f1622aa786e0277e5e645b0577a57571f18d95c69eaa1165d1063a292274ecf","nonce":"67c9d05330ca21e5116ecd57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"2f8f052b909f995eb57a27f3d30d5d3f9bc4642718feef2abe554d58aa9e36f83ca21bea5aabdf3d708b8ea4e9","nonce":"67c9d05330ca21e5116ecd54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"9fcc78b2bd9c185daf8d5421b613a85c9af4aff569ff03efa356f193dca48ac7de403fdfd02e1329c7d4534ef2","nonce":"67c9d05330ca21e5116ecd55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"afdc3f792dde328b0b2f742536a8b6163bb759c04cbed7b56deb48e67ec6b98ae47f0ee47d19dba0c931a054af","nonce":"67c9d05330ca21e5116ecd52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"849bc5f7460abbc5eb01df12f22f7c21bb5a43edb6988a42dd3179ff2c74fea434356804f114065f24c7921108","nonce":"67c9d05330ca21e5116ecd53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"d750d23bad7e0cfe35963e2800a4e7cbb8320f486374f857c48909273ad3c7f239b361f25e80fc6ce7b80962ea","nonce":"67c9d05330ca21e5116ecd50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"bdbda0c0fc4ef8ce9fa81c104ddc01643e8da810cb8d9f8fa5083c95364b3762d6f7af56928ac7ce5f8c284ca4","nonce":"67c9d05330ca21e5116ecd51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"f4bcc1d1ce420a49740f56343c3f92d78e548a73e0a69a8321c7c7d9b12caa11ea61acf203e96fb1a91d91695c","nonce":"67c9d05330ca21e5116ecd5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"03665bcd55e3ab0813667a4b66cb7f5a6ad0de8e9dbe28f1f75326b98aa38b6d1bd0603e85bed80a6eaa8d0820","nonce":"67c9d05330ca21e5116ecd5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"e999b452cf4d81935b08911e2a035e1290a5d7e180533c73fded338b9a716a4e7d4968a37df9053df0010d9824","nonce":"67c9d05330ca21e5116ecd5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"147883a18ecae0b71a366c50e714d6e46f9d04fffd709e7aeaa502bcc4c5b7da16de61a8eedde61b947db526b3","nonce":"67c9d05330ca21e5116ecd5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"66a3ca558388432b22567283a8fd8a592374c1b1e495753650d24cadb31000246a940b0980e513afa73a023227","nonce":"67c9d05330ca21e5116ecd5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"bcc2a8452c6405bc92d44bac13433cd839e67572dd775a4eb635fa03f78d6e898a2b35b767a899515dda78d68c","nonce":"67c9d05330ca21e5116ecd5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"b3d9f11ddcd2169a0b283b953dc81fb20e9f8ed2ba974a1866279cb02c9c1376dcc622b72b6e515fd2c6602c94","nonce":"67c9d05330ca21e5116ecd58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"6de25ceadeaec572fbaa25eda2558b73c383fe55106abaec24d518ef6724a7ce698f83ecdc53e640fe214d2f42","nonce":"67c9d05330ca21e5116ecd59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"f380e19d291e12c5e378b51feb5cd50f6d00df6cb2af8393794c4df342126c2e29633fe7e8ce49587531affd4d","nonce":"67c9d05330ca21e5116ecca6","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"595ce0eff405d4b3bb1d08308d70a4e77226ce11766e0a94c4fdb5d90025c978"},{"exporter_context":"00","L":32,"exported_value":"110472ee0ae328f57ef7332a9886a1992d2c45b9b8d5abc9424ff68630f7d38d"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"18ee4d001a9d83a4c67e76f88dd747766576cac438723bad0700a910a4d717e6"}]},{"mode":0,"kem_id":16,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"668b37171f1072f3cf12ea8a236a45df23fc13b82af3609ad1e354f6ef817550","ikmE":"4270e54ffd08d79d5928020af4686d8f6b7d35dbe470265f1f5aa22816ce860e","skRm":"f3ce7fdae57e1a310d87f1ebbde6f328be0a99cdbcadf4d6589cf29de4b8ffd2","skEm":"4995788ef4b9d6132b249ce59a77281493eb39af373d236a1fe415cb0c2d7beb","pkRm":"04fe8c19ce0905191ebc298a9245792531f26f0cece2460639e8bc39cb7f706a826a779b4cf969b8a0e539c7f62fb3d30ad6aa8f80e30f1d128aafd68a2ce72ea0","pkEm":"04a92719c6195d5085104f469a8b9814d5838ff72b60501e2c4466e5e67b325ac98536d7b61a1af4b78e5b7f951c0900be863c403ce65c9bfcb9382657222d18c4","enc":"04a92719c6195d5085104f469a8b9814d5838ff72b60501e2c4466e5e67b325ac98536d7b61a1af4b78e5b7f951c0900be863c403ce65c9bfcb9382657222d18c4","shared_secret":"c0d26aeab536609a572b07695d933b589dcf363ff9d93c93adea537aeabb8cb8","key_schedule_context":"00b88d4e6d91759e65e87c470e8b9141113e9ad5f0c8ceefc1e088c82e6980500798e486f9c9c09c9b5c753ac72d6005de254c607d1b534ed11d493ae1c1d9ac85","secret":"2eb7b6bf138f6b5aff857414a058a3f1750054a9ba1f72c2cf0684a6f20b10e1","key":"868c066ef58aae6dc589b6cfdd18f97e","base_nonce":"4e0bc5018beba4bf004cca59","exporter_secret":"14ad94af484a7ad3ef40e9f3be99ecc6fa9036df9d4920548424df127ee0d99f","encryptions":[{"aad":"436f756e742d30","ct":"5ad590bb8baa577f8619db35a36311226a896e7342a6d836d8b7bcd2f20b6c7f9076ac232e3ab2523f39513434","nonce":"4e0bc5018beba4bf004cca59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"fa6f037b47fc21826b610172ca9637e82d6e5801eb31cbd3748271affd4ecb06646e0329cbdf3c3cd655b28e82","nonce":"4e0bc5018beba4bf004cca58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"895cabfac50ce6c6eb02ffe6c048bf53b7f7be9a91fc559402cbc5b8dcaeb52b2ccc93e466c28fb55fed7a7fec","nonce":"4e0bc5018beba4bf004cca5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"4ab96a526df7d39a8ad3139c91f520612d0a21f572f1d5fc3914fc48cc2ba33f1dddd106dc4044772e79cabde6","nonce":"4e0bc5018beba4bf004cca5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"8787491ee8df99bc99a246c4b3216d3d57ab5076e18fa27133f520703bc70ec999dd36ce042e44f0c3169a6a8f","nonce":"4e0bc5018beba4bf004cca5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"9f825be34f4dfb3509c01afca5231c76e9f76b2b063d041db3e5d86853ca507222d5111e5f78aa02dea4d6f68a","nonce":"4e0bc5018beba4bf004cca5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"6de5485b39201d7b95b7fc2456a20a56095b9908276e249f8193ae4dff7ff36482c0ded2f9beac30283a9e8f31","nonce":"4e0bc5018beba4bf004cca5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"49136f7be7079fe97a7bc93bc139ba728c63ec6bef5e0dda1f81c5ab8d96863f1f349ab7b3f5927851b4ec5fba","nonce":"4e0bc5018beba4bf004cca5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"e80e0db25bbaf74ea456358cee4c44d9b2d6b23bde5f325f3405dcc2b068ae8c03ebec5af48240b064383929bf","nonce":"4e0bc5018beba4bf004cca51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"6ee69ada709f075fa3b77b4119cce49472e748f04a8657a1181f8eabe64301b9860618b8453688288c65872e97","nonce":"4e0bc5018beba4bf004cca50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"8f79a2f706a71a800daae1af8a4ebb49b4e9c996b88e377c7c0a48a3e4116d5a08791bcf24b234d70853d95c33","nonce":"4e0bc5018beba4bf004cca53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"c30924418076b64e9a4b5d222cfed16a61e2830fbde6931c794c5d6155fc52cf758ce20da45cf86cb6e1810c05","nonce":"4e0bc5018beba4bf004cca52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"7a072d19fe800b4319105df2cc53cbce0c32896b3980a6cb4847316a972796ef2c95bc37135ff90ffb03dde437","nonce":"4e0bc5018beba4bf004cca55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"cbb9576f12f4c3d7e550430fc33d07903bf30946525698b7c53bae4b3444262d97aeee2d0dfe6adf35e74c518d","nonce":"4e0bc5018beba4bf004cca54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"b82046769c1fee60f13bb86e6cc3dba44cdbd313acec9c95fe8f46040db10dbd19a7c8e2047f45d1f50cdf3585","nonce":"4e0bc5018beba4bf004cca57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"f18a2ed6eb086b98f4fb27ce5a2210fe3bc1e3680559ce4bb75640f9a4bb2a34dfb20b7e79023bd5b80f6b7710","nonce":"4e0bc5018beba4bf004cca56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"236bfd7657db6ba995f46e7dbd796dcd96ba5005126daf372fe9b723c1ff03524dcac70f31ba8ddca9ddbdad61","nonce":"4e0bc5018beba4bf004cca49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"ee57083b9b4e70b2506d81ea1e8381d179a5091ea22d7be45e657e736b79de4706b7026f4205efb694e8e60402","nonce":"4e0bc5018beba4bf004cca48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"fd7086cf7f0ae885160bebc44925bb7b29d7c3e8c215042b822fb037a034190031e92a449c83c5ff673f096f8d","nonce":"4e0bc5018beba4bf004cca4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"8066121a3f9e81053496230cf6cc2324ddc75902c0eeb122c7a3b62242d56a470de9d75022458f4bf274fcd1c1","nonce":"4e0bc5018beba4bf004cca4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"955626af77d71180106ab27951ffa25c62e8b4f06c320d23526605fd061ab8dded41d1e8b2923128c75048f78f","nonce":"4e0bc5018beba4bf004cca4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"83ba6271d7b68570472e1f9ada53ae0b5929d83292e2ec404cffee11f7a8e24080b00117e340d6d6073c617e13","nonce":"4e0bc5018beba4bf004cca4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"bc708b20326bf452c4a02a330d63c0ed51426b5f3d617e47a06b7cf597ba1c87633684ed074a1dcdb87e67ad46","nonce":"4e0bc5018beba4bf004cca4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"e4c13c8916084b407646fec28e7ab75d7fa5e564208aa4fd036d3f84bb678c93ee6ad7dd4f876ab66535956dbd","nonce":"4e0bc5018beba4bf004cca4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"2d7e101619219709b53c13c4c471206dd951de757b98e43881511f8312e71cc57ebf7802487f101cfc01657f6a","nonce":"4e0bc5018beba4bf004cca41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"4fed57e92d473165e1b08b7a699ac6f8d30d90d0f49d869647fd5e1b5394ea3be58a80afdd343a22a5a89babcc","nonce":"4e0bc5018beba4bf004cca40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"573db430efbc399532efcfd30b6d3cfb9dfac89f9bfa77b08dfec9a689491464204ddce0aab718265a58b4b47b","nonce":"4e0bc5018beba4bf004cca43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"7786d2cd1eafeeb0032521e2224ea3c345351760bc1e57b81a3f6dd3442a8dd6c2df828503882fe6d0f42c05c8","nonce":"4e0bc5018beba4bf004cca42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"e88453413086de1c7f4fea766d4ce5bbe1f177a713ab2b149a08b87114ab22ceed13be2562034dd05acdafbe77","nonce":"4e0bc5018beba4bf004cca45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"88aaa8d7d4066c61480fbe8f6b7267fbbc75e5a57b9edeafb591ae10af6c31aef6787d7fc5caacc0e936883c5e","nonce":"4e0bc5018beba4bf004cca44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"cfc34609d42b0fae241fddcc0c26e51454fd17df824e54ef0a4c4db7133dd2e933d020c1f02d7c14828c0647aa","nonce":"4e0bc5018beba4bf004cca47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"70a113fdb3ca03b60bf4eeefc733d079492a5f8c2f637e517a78ee42cd468016965f5b9d4ce6953c266d12c2d2","nonce":"4e0bc5018beba4bf004cca46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"2bd82576cb583567d6abd3346eb5795cd57b00a1925a6f4e7f659d0c2b26692fdbe6e0f750f519e96e163ca7a9","nonce":"4e0bc5018beba4bf004cca79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"2663ae54e1a0dd750495ec7e5cc7f6de54c10b55280716d81ab769d73c3094ab598200fed9368ee62445c73bb6","nonce":"4e0bc5018beba4bf004cca78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"69628a0e1730efca3a05ca2e0d0623b138017e13e6d4356dd241e9b04b5fee30cb11c1583398c00c379f707b2c","nonce":"4e0bc5018beba4bf004cca7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"42da6c1d37a473c1f076a9e53cba96e93f53582b5e66e0a85f604954c44899c03ac4e21b3aa9d796b3b2d365b6","nonce":"4e0bc5018beba4bf004cca7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"4e65bc65ac07ece62cbfd7f03a98a75160f5cb204a965e30a0e83f17bae95762c1267777a6b622be1a6e6e91d8","nonce":"4e0bc5018beba4bf004cca7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"3e94693fc7ce2d59457b6c31938ae2301697dbd8e5d4630603350e2dab3cd89785706861abb61eab7d541601ca","nonce":"4e0bc5018beba4bf004cca7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"c99288cc1cdc5790220406c018015f19f35dd6e7cf1c12eb408b77c0b92bfa6277f94cc3331cb3b57d2321a0c8","nonce":"4e0bc5018beba4bf004cca7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"1b71f9ee8d135539c7438e63afe62cec241309def6dd6afa6d720bccf7329d91fcfc92bb7f304def6d95b0eca5","nonce":"4e0bc5018beba4bf004cca7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"6cdfe63ec0ed3586f77fb5cd9693e234377c56ddfbcf7be0deb693afb6bcb4f44161a7a7f843730fc2ff2be2fd","nonce":"4e0bc5018beba4bf004cca71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"0339b3ed1ef11e7647bd8da7f5e3548eb644a441231cf131f43b92beb0a2758ab30a3b777b372d03013e058d27","nonce":"4e0bc5018beba4bf004cca70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"9a1126d6777a35085f6577466374c935b4194883f770a16993baa730fccbf317779a4dea0db1cb491f12cd94d7","nonce":"4e0bc5018beba4bf004cca73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"31d032319df0160c49c7b331a835cc5c9aaed92c750d3a4542096ade969e86653f0edfe24292af6da7345329d2","nonce":"4e0bc5018beba4bf004cca72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"4a7794c0cc67efb3e88c26ba37cd20f79cceaa361da2d5a7e791f0b7743f4c0730826b23b70ed7cb51bae11192","nonce":"4e0bc5018beba4bf004cca75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"99594c81602df4a89f2ea40f10c09e1153fcb0e5006b6fc92fded00f3a044fd9f37ad508425a466f43065845d2","nonce":"4e0bc5018beba4bf004cca74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"c8d9b6d5f073d247637af651d6da3b301d71d0e3a09247181f0da9e84fcd489c66288276640278f16f86f4263b","nonce":"4e0bc5018beba4bf004cca77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"c0e4db34fe316db6c51d36e91251bfea479672252f14658ebb8f13ac1d81a6f8c8121026c750ea0e700471ebf1","nonce":"4e0bc5018beba4bf004cca76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"02e9f6d276d56f94db6bfeff5d106a970d11af6954721b0e7d42641d6a527be7a2bf763d14fbe028f552c88652","nonce":"4e0bc5018beba4bf004cca69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"f32b9d614cfb89b72f498c65173b7fb58f76b39da837cbec32c7e7c9cb8cd2c899e9de90a341e3f2c8560953ac","nonce":"4e0bc5018beba4bf004cca68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"2c12f5b5a5a7f92941dba58a826c671f8613e26fa9a7e0dba32fde5ed2e62328552901a70b5d532c79eb0f2328","nonce":"4e0bc5018beba4bf004cca6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"a0de8145125383ca6e28c209be99edf745282c932f922ce6fa201e2992e0e8bc9c4bce230451a6cdba40a00d3b","nonce":"4e0bc5018beba4bf004cca6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"5eae9a359d2717c3841ac7235bd135578474cd3a117ebd035e949b88f16526cf5c345677a6d3e3b1d9b57c2d23","nonce":"4e0bc5018beba4bf004cca6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"041f7d31abb8e384316aa88cbaf1d1fd89445b24dbbd2bc6817e97fa9b1bdbff54a83b1633ffe8ad965ab89cca","nonce":"4e0bc5018beba4bf004cca6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"b6526be84dc74d9542bb98672ca1868da5186016a6b92e7806259329323fe44aefd156b91f8da1f32a05f76a6e","nonce":"4e0bc5018beba4bf004cca6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"d74900c262eea9456a4d03dc1d431c3e7861a2bc2605a6c6650ebcc36bfe77172a8cecf8f7696b5c1a87d8e45f","nonce":"4e0bc5018beba4bf004cca6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"7af5ad97056b440cf95267954b582db0325bc24b61ff847bb1701f7130e378dd9614f801f41005e99eb0bbd101","nonce":"4e0bc5018beba4bf004cca61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"2c36c1e3f99f3d41f5f7a1cab5fe644b92e0babe3093c7a6e9490b99ed3b1186b36bfb4a66e60642a1a051b4f0","nonce":"4e0bc5018beba4bf004cca60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"0a4b1894a02ab3d59cbec1082b3530950a04a2161ac83c6f82257589650267959645ce2cc9873b9ba256daccf5","nonce":"4e0bc5018beba4bf004cca63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"9dee14a8ca496fdeae2a5429861e15998dc47caa3e70d2ba66301002f3b03229bea56a17e9fcbd83da11a2d305","nonce":"4e0bc5018beba4bf004cca62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"8b00b1f07d7a4186f9d229c4d57cc964ad2c88cab997f52fcbbb28a645b6ed56b88f344cca2ab617eb27b4b265","nonce":"4e0bc5018beba4bf004cca65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"ceaab7e6bf1ee846abae5cdd5f4c6a8bf0cd6c144297c8aee4ade50681b025692be1f00db555f51726d0cc5033","nonce":"4e0bc5018beba4bf004cca64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"3fc15745e52d17682d879b2a13542a9439b669a08b8086cd0f7315e9826d49f06612c637bd61591ba690092fdf","nonce":"4e0bc5018beba4bf004cca67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"620b448d832f1ed90646683b8d54c476d244d393607de8aa06123503e848e7245afa637136f4e026ebec52bafc","nonce":"4e0bc5018beba4bf004cca66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"905993359de92349d2dded5c730dcdf82800a732053db5245d8b42f1455a4df6cc45257ef1cb8af3f73161d2c5","nonce":"4e0bc5018beba4bf004cca19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"379957aeb3fe1fcfbe0d089373bec1a1a55ecacc316f50da3b08d8e9907c5e99589e7c14a057e93553e503d967","nonce":"4e0bc5018beba4bf004cca18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"5c176e4a52eeda7e567b6194fe9df00f0c1a2a2e0d55e18579af4f0aa04db24bc610a0a3dc3165014d8a0d59e0","nonce":"4e0bc5018beba4bf004cca1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"26357bbb4d20c9fe0ce953dbc864d92e7680a9f35e3c12642a8649d8f4efb7b144371de26f0f105f2f27a80eca","nonce":"4e0bc5018beba4bf004cca1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"f55c998d00c446ec6ce1d3cb477f9ef7bb32d8bdd04c3bcd4d412caa2eeb2f80fdd2292b8d122c92bc77ba6628","nonce":"4e0bc5018beba4bf004cca1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"d44afd98cf32932c8ed51e952d850489d7c313b341a833667dcbe8b710d4ccbbe117106e17ebca4850d7c37688","nonce":"4e0bc5018beba4bf004cca1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"52ff3defe047fdd7bdeae7aa9666c8ada219fbb22cbfc33405be4cf68907c96a291c7529cb98e1078ebf95ccba","nonce":"4e0bc5018beba4bf004cca1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"29cca878ae6dad218204bd706c467c4ab0a51d45511188f7d9560cd8fa63e63c6858f7a70f8dbf0d4ec971fe4b","nonce":"4e0bc5018beba4bf004cca1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"f4d5d0a0a0621c51b6aacb47bd78569731efa9307184eed137592cbf0b90437d9f1864fcfb4b743770d47fff46","nonce":"4e0bc5018beba4bf004cca11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"c6b5d9014f690f0bde5e37c75ee14fa7da14b17d77c3df85d2744d27aaacc6991246593d3794654f78f65a80cc","nonce":"4e0bc5018beba4bf004cca10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"d8df2f8c476cfbe842f19257aae63c4f8be78a5ecb251ea1c1eed519a4d02dcc0601c0de373f5850e09ecd38f0","nonce":"4e0bc5018beba4bf004cca13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"dcf060a676b022ed5d5ab48bc6fe39561ef608e9a4d55e7a7a45614b77c7e1cb2dc427a62aa6f937c81b40fe81","nonce":"4e0bc5018beba4bf004cca12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"1db9a00c5c8f07e542fe4f8ab77644df70d96c688220a0405b85097042c3f95ff849e1510aa099af77bd461aae","nonce":"4e0bc5018beba4bf004cca15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"57e1eaaf1a151fbcb535959e3d8b55dbd53ccb2a1ca606f57ec80afebf8c3652f9334c427d031d2af1e1103af7","nonce":"4e0bc5018beba4bf004cca14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"c9bd2eadc91a7a95d303f761a0fff77d3f3f70fd8743c9fb53d8fd19d3434e1bba66b8a22774158b6cf5120020","nonce":"4e0bc5018beba4bf004cca17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"464c7938cd539cfdb2f334b40b185626ab84ac0ae3b761d0b5f31654ac23b91fa1560315123614750f6d520e41","nonce":"4e0bc5018beba4bf004cca16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"6be586fda05072caba80ba189b53fb4a013a8f05f18f1ce9df6d6b25e32c9f4b26e74a4ccf2008224528074f84","nonce":"4e0bc5018beba4bf004cca09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"ed53d654f8cb659b92270e0270ac9149d5c49833ec21e1c4aeb80f783bfbc57c2e1b3ab29fc1d1193e29995b43","nonce":"4e0bc5018beba4bf004cca08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"f3b8d95998c852bd891454fd4a5b6b2f4dc5fb290cea3d626e713d9bdf546970927dad1b094891761434cb764b","nonce":"4e0bc5018beba4bf004cca0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"ca1183c80c6bbc96f91bd6209cd135ee95f7c83f38db619d25275086cfb81304a3c6e6d0f7b2eb376e5cfbda63","nonce":"4e0bc5018beba4bf004cca0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"b48f67140eecf635d9e953cd212d7110c5a4885d7219dd2c9639f6b3dceec58bba48c42777dfcec297c15487bc","nonce":"4e0bc5018beba4bf004cca0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"60511a9b6a3b1e8e362ef61ee84a3ddedf6ffa30a8cb2e52624c28a9e7b81bb7056985214da701ba2d8614e887","nonce":"4e0bc5018beba4bf004cca0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"7be36d392ad0dabd5dd54b3a9e1d0d760c334fd51fa673b36ad18a40b221cb714b9592060b4592b8b8646bda5c","nonce":"4e0bc5018beba4bf004cca0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"862c3a9b4e8f9081d24349aa6bd23d0bd0e518f257f83aae12bc146308a5a3d0c2cc5c1eba6c98ebe5e6b73a9a","nonce":"4e0bc5018beba4bf004cca0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"29243449987ba2635066632eb8997d92754dc21c6393ff640b711ebbb663c4934da8b36745a7e5bc7688dd894d","nonce":"4e0bc5018beba4bf004cca01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"93cbeffad26bfa2929d07104b98dd2f31f72906f1b67d2af4018096029ba5203b3976005230bd7c1d4bd2858a4","nonce":"4e0bc5018beba4bf004cca00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"63181c98a38e1aa6458dee22114e4ffe50f6ca808caea84edb723edb0811f9b4399e548d46e6616a4dc85cb7e2","nonce":"4e0bc5018beba4bf004cca03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"b0b548bb4b8707617ea344cd5cca4819773b04dd5269b6a088fc4f5a67c22263ee09b267a3380d71f36e85ffb6","nonce":"4e0bc5018beba4bf004cca02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"9150c50593e50caf0c6669c0211fa7a0f4c1486e7a94cfee37e07451af7fa0b37b167324bc24800d0119b7ecc6","nonce":"4e0bc5018beba4bf004cca05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"5ca6288bcf25caf3d9363d55afcce4d29d33c9bf196bb5bf28abcfbcae2c5e913be9af03e3aea760279da35b2d","nonce":"4e0bc5018beba4bf004cca04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"055a1bdb75647d0dc005618e52765cc393208ef9f2d944e4b4ea5a679e55193ac41bd33ab297d59816a393c91b","nonce":"4e0bc5018beba4bf004cca07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"dbb85168a2db6da3441d6cdcb7d57edbe9ef97c46b59fcd4899b0000f2268d1e3dfdacc6f1ab4b18811ba80241","nonce":"4e0bc5018beba4bf004cca06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"f2cfc0ddaf37d1dc56b9375cc001f859feb44f8e3a3e1897c97d34a380bbd7c8f41ae001c5ce23f61fb6173842","nonce":"4e0bc5018beba4bf004cca39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"3a152f5f01ac07ea0cd3188fbae846ad5a9c6adf1809ed82fb326ad5e9d800a1b7cfc526f1d54fccd6d9e14880","nonce":"4e0bc5018beba4bf004cca38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"30f5ab9eab4082e661cc599a2f892d093660f3c11f3f303c0b19989cda52f92b1478f730c7893bce847094fd1a","nonce":"4e0bc5018beba4bf004cca3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"88f1e6652156cbc808f287530d60f3db2afb62481c7fc5788c98bf39c752a35bdf18e485e67451a4843b824280","nonce":"4e0bc5018beba4bf004cca3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"2bdba5dcf29642a9a842123ea5c50d9814f91fbfc71c4d13def50139c896b867a401478a54420c4f662e75fc41","nonce":"4e0bc5018beba4bf004cca3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"6293cec38b846d72bda60516bb7f4a7be816eb322d9e9fd04dffd300afe6bab0a8a25cd9a8e1251ccd0e3f4007","nonce":"4e0bc5018beba4bf004cca3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"8f1785a3af455caacd1b5a6dfb0a7c814a664f11ecccec968c0bd866213ffc22ff90f4360dc55ba30b94855a96","nonce":"4e0bc5018beba4bf004cca3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"b66162a9603e188a207156e469d6d045a5cef814b0daa71d407a7b9418d56538ab8f00a8d57c59b42ea9a9c00e","nonce":"4e0bc5018beba4bf004cca3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"e02f6021a0d70ec5b16af769b96abec249c8acb375ab12a1accf7cddcd5103ce4834d133d353e2e8d769909789","nonce":"4e0bc5018beba4bf004cca31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"9ae2fd2406781c10a9426540249baf56945995503b931ef9fc03b82b526814f6b5558ee414e9088fc7ab60ab9e","nonce":"4e0bc5018beba4bf004cca30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"0667b926d5fd60bb6c0f523b96082907e6af0b2dfc6f3ef9db2f8c0a0c39f25411e993b11266bd76b951d40a38","nonce":"4e0bc5018beba4bf004cca33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"c7a764a36ae234f326b0a63575edcd7013ff5ecd3c9f9ccbe103785d9936b370a0d341cae8798651044f433535","nonce":"4e0bc5018beba4bf004cca32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"ae1706a3ebe8e0b57674a9a43074ddd1191d9483e3d85831ad07ef8ec06fbc471551143b796f56a2349c318f70","nonce":"4e0bc5018beba4bf004cca35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"0547d14f42744ac2bdf338e7d34f94061caabf4522ef9107132e603d5d0bd5d9ed716f3af960b12a1af2b4a386","nonce":"4e0bc5018beba4bf004cca34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"f90728a7fedb9e8fea512120e9de7a5832d971bbc6bde9f320599520dbf878587912789f8b9fcbf3e59e6e4e03","nonce":"4e0bc5018beba4bf004cca37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"8db26dc2f31b4340c9417484d59da7b47547b5d5c18d5aa2f791a0337a3dd93301c736dfd2a48b72fbfe5791f4","nonce":"4e0bc5018beba4bf004cca36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"5a900bbe3809e755ea357867ee3b458673f40ad20fcdd46ef9c7ada0f9bb88f7381740a13b1800fec28418d72c","nonce":"4e0bc5018beba4bf004cca29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"694c61a5266dd7eb8f915194f4e7be3afcf92bb5f708ca3963db2cd7d902e38361ed4d9a22fff3e45a663740c5","nonce":"4e0bc5018beba4bf004cca28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"3c0ba86b0254f22651f39d495cdd706365b0f04ce87f7769d4ca18c0d7a59a765c5aced7b0a32212c5e41f2d97","nonce":"4e0bc5018beba4bf004cca2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"d4951017df1d0b5b482f96fc2cfa54842a9fae633b820050d082b85235630d3c96c70f92fc162207581abb19e7","nonce":"4e0bc5018beba4bf004cca2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"3f87cafe919be4843c06a7ff9a8aa03db875b6b16f69736f824a935e0e0c0e0743322471d5097ac47e7f06bb35","nonce":"4e0bc5018beba4bf004cca2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"8a2d97024fbbd46f976ff9670832d7e77c19c2f90dd9dc26884fe1daee8c1690b4087e3df948c9b3140e27acda","nonce":"4e0bc5018beba4bf004cca2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"b62c5f031bb3aea5f2381b9aed66566c9720b3b9d2bd3836f2b1e520c626b9992334870cf3a7dfbe5137a9c4d7","nonce":"4e0bc5018beba4bf004cca2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"e1faa84fb5f3560b958c555605cb8047e2b15e3303ea3e739b6d78746a5d3f12e978b8f3464f4de6775c7523b3","nonce":"4e0bc5018beba4bf004cca2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"a388056087194ebbba48bc7e8e1e9d173ced6f9804fedae7200203e24ce1d76c5268ea39134471d8d2eee5fc84","nonce":"4e0bc5018beba4bf004cca21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"49e8b46076f4086f7055c19c2b0042127ae5d427f9292e427f73bd4825b1faa640dc1be7d89400a5788af4d902","nonce":"4e0bc5018beba4bf004cca20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"609c7187b6c2d9d2a768d14b419f677cf06bbd2fe49743cce1d6c8efff07417782fb9d4cb37af175aa211d06b3","nonce":"4e0bc5018beba4bf004cca23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"811a3569f9a7e836c33157c7d2982d742ebc084265311936f93035baad9cb10aa741a5ddca934de64a8d4ba56b","nonce":"4e0bc5018beba4bf004cca22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"cbadb596ab9f789a4bc4b8c00a3202725b6bc68a22a84b68ae73f9b4617c717700ffe83595f511a7a5d975be82","nonce":"4e0bc5018beba4bf004cca25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"957ac0432441f30416398c5f949b43afba6d62925d55949810ee54849bf1190e2d9bf6d39a614df7f04ac3edca","nonce":"4e0bc5018beba4bf004cca24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"419b88161c391250630495d348fb856b9e11d5e883f92d89c59bc0ba2d8b2ad778de562a45a9c132a4db4b475d","nonce":"4e0bc5018beba4bf004cca27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"b14205ab85bc83cb8a5f3b89a9959e35e43ce37ec3c3b13b2f03dcf7672e4ba74e0234a70c4fb71d61b6492d87","nonce":"4e0bc5018beba4bf004cca26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"e25d5710341ecb29722d7b7b121584c4d391faa9dd37e1300441971439e0364460a6c89626610138a8b7c76763","nonce":"4e0bc5018beba4bf004ccad9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"0e2398af413f1f7a96e73c282c822a7b513297f7e41b129bdf9c3ac5fa3b605f01745ccb5fae75b61621eeeaef","nonce":"4e0bc5018beba4bf004ccad8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"8cce27999c04796fb0045da8d88ab468a7b26d5951356c89e8345cc35da2eb04799cb798a6fbb68d3d9382ce43","nonce":"4e0bc5018beba4bf004ccadb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"3bbaf65c260c8632f5cbbbb843e2e2a888927bedf185e69f8788d58edc51172306d01c32a86f7c17748f1fe241","nonce":"4e0bc5018beba4bf004ccada","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"5b3050ba3903a23f2811e738d8534f3314c18f1c17a7ae0d64ee53c3ba322cc14c07a2be81da501f4534592a11","nonce":"4e0bc5018beba4bf004ccadd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"1527d28a3ae0afd026dad11bab87a5b5dbec60b40086b78dd84532ed3771b956e289bad4fd475219071f9b68fc","nonce":"4e0bc5018beba4bf004ccadc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"30d1144a985741de4c2470224f1f21c3c33ae7c98268f8d6fcde770cbc38d18fca7d964b995ffbf1ecbc6790ff","nonce":"4e0bc5018beba4bf004ccadf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"f65b36a5d54a55e5fe9fea59f02017a30e64f81cfa9588112bb064ac3ec04e37b1197a346ae3249fbab8cacce0","nonce":"4e0bc5018beba4bf004ccade","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"0f277590d26a7a9731de3f4c0d2c6176207ea55acf8647c87e90062c6770a001e5f400c1c8ee165af49742edc8","nonce":"4e0bc5018beba4bf004ccad1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"53f3b290b0ebfef5844ad220b1d7be3b1792947dd732ad4d4364dc4ce3c546f84ac8c10900f077fc286c133a39","nonce":"4e0bc5018beba4bf004ccad0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"3589495ffa3d54c27c6bceb9bb743b810ba695becbd6e226d6b8ebb76f408a9cadc5e98c6dd947bb6d96dce07a","nonce":"4e0bc5018beba4bf004ccad3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"78e377dd0f1c47657179d1e2baa3ade34c0879f5d08f629b068ba04b0c18ac76ee49b9ac1fee3e3565a7bb37e8","nonce":"4e0bc5018beba4bf004ccad2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"0c65151f103685631ac87fafe21507bbc9bb2b555e2385fca3c721a5d8684d5ab5956e3097aec08f543a047997","nonce":"4e0bc5018beba4bf004ccad5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"cf0940026c91fb7d63e7fdfc69f2bf408624566922caf887125f3498fabb58f5eac7821c50cdbb2f31958fe332","nonce":"4e0bc5018beba4bf004ccad4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"1bc1f648113ba5b778d400921ec14f4cdc37c90d821fbd7fbb08618d00a33e543b5d3759bbe6969abea39bd1c6","nonce":"4e0bc5018beba4bf004ccad7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"119db0344f20633f478df36846db9cbd552aead3b03cf93f6d152a573b65a260d77dcd4da2bbad0d4b50ce349f","nonce":"4e0bc5018beba4bf004ccad6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"6da5624d72fbcad4133187686178633f39e1e84634c8075b3b3c45d80a047d0a242364fc5d2e717023184b6104","nonce":"4e0bc5018beba4bf004ccac9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"4c75166c173dba53ed0117538452a03c647e2ab80542b32dd956181857d5486e215d8d2b0abb4b0df80e0fb2b5","nonce":"4e0bc5018beba4bf004ccac8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"71dbebe3af46f78b08dcb2a1884b2ab17d190a93353c27067094f2f99b20c62e8abfae9bd820f37d4a9dcf6993","nonce":"4e0bc5018beba4bf004ccacb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"f3adaf920128e0e5cc496f32f559bae20d9fa64b6be726128792a25d117439392b1ff64e3bb8e47bd92df9a385","nonce":"4e0bc5018beba4bf004ccaca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"23d5bde5655636862d6f1d8245997d68de5833802d545d237b253954446f672a18b0489436e1b4a9e2ae0df331","nonce":"4e0bc5018beba4bf004ccacd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"8e2ac512a1d5bc6eaebf42bebd2bf122871a17391d1352811dbae0848bc77b7b9151218e360b252adfc29f06b5","nonce":"4e0bc5018beba4bf004ccacc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"9196fd6547b2ca38dee914cacc4622d3b8ba0e5bbb504051cfe4d51e2ae5b166ce70493389d2326ad2e5fbb9a9","nonce":"4e0bc5018beba4bf004ccacf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"65451924e32c3d5a000f89864dd226aa7d7181e1957841393f959122502de4ae6e9491813b34a96d14b57b9bf1","nonce":"4e0bc5018beba4bf004ccace","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"554bf60dea8f46e5cd163f64895408cbf7dabdf2a51a9b76c59fd683f5ed74f22d866d6f46c09162d05a33753b","nonce":"4e0bc5018beba4bf004ccac1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"9b190de33b4ba0bf50cef622909d197fe37403819c1381198d9a4064b4c09a52666678ff93a9f5833cb9d79266","nonce":"4e0bc5018beba4bf004ccac0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"a99cc95c8c096277d90752ffac2a40a2579b42fae050d0effc4c50b4e37f701e2985b7facf385175eb4c8b0a41","nonce":"4e0bc5018beba4bf004ccac3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"216300374d79ec99d612559afabbf4a7732d36b0f66b99c1939fe214c7aeab5a414279a4aa52d94b71ea72dfe7","nonce":"4e0bc5018beba4bf004ccac2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"790e22643db52d78745a82df9746aeb6cc7de7ccc01dcf4f1799ccec3dc1cabaf7973322dd657ca82fa6a3a99f","nonce":"4e0bc5018beba4bf004ccac5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"ca7e014dff9d36eef663d04646318cd4fc3673c1f1e49e34999098ff93dd4ba2397eb06b5e9d612bb1651540a2","nonce":"4e0bc5018beba4bf004ccac4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"c0e43ac2206ae5596a4be443ff1f6534e4bcbd049b1260e28715a7f5f989e513cf3377f362d4cd51027b8f9cea","nonce":"4e0bc5018beba4bf004ccac7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"2e6863dc62e30dedb9188c20a19635fc5e4a59cc6994fdf784fdc412c1f417d2aaa2a43963102ffabc182f3857","nonce":"4e0bc5018beba4bf004ccac6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"0e06f040d7ccf00e494e90d26bf65caf07d6aa5d9c40997dc4b964127e20d82da5c777ec495049769b12a12ed1","nonce":"4e0bc5018beba4bf004ccaf9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"e7ed292c7ff769739a430d9b427f3fd5b08c75535db41948cd7bc29c94afe289f14f3e6c58c3a7703ddddfdfb7","nonce":"4e0bc5018beba4bf004ccaf8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"3d510b67fa8deeca7f7d4e09b047bec0ea5b902f7de8f2ad8ebe1cc40306df0cae9367b8a0d3765a0431234191","nonce":"4e0bc5018beba4bf004ccafb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"0792bd0a95a84770d324007234b879944f0cf308dc9b198239c7473cc8210470e67a15cd64aae44ed2d704b124","nonce":"4e0bc5018beba4bf004ccafa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"cf2e6a5f930be7d9ef5f0e83993a6a61aeea9b08d17315756e7c7758c349276037d43e1cc931ba6f47e8c7abc5","nonce":"4e0bc5018beba4bf004ccafd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"add83d78c5a8c4832a74705cfd3f03bd32de25d6e880028e59cc534e9eefc79c69ff1afac23b786ccce6028bb4","nonce":"4e0bc5018beba4bf004ccafc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"644ce561499a9dee1f76cb03c3405c44610fe0a6339ca2e5990585b23f108ff0515cab0022b92920d492e9608e","nonce":"4e0bc5018beba4bf004ccaff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"e9d832a415c23e8d480b666d54e66c436441c02064159dcf42a02da93005cd602bc4cdb73cd4ba437776974ffa","nonce":"4e0bc5018beba4bf004ccafe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"2b7cfe0d9da74b6178e9f66cb39f1c11c3dca070066a2e9035dc8d16605caa65c48bbfced07f7cb0f8cb937403","nonce":"4e0bc5018beba4bf004ccaf1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"d9253765bca5757683d7a99cefcdf86d284243517d4650325aa58d4b731a4306683d4f055be4f23452282e8ed8","nonce":"4e0bc5018beba4bf004ccaf0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"4a0d003b485624bbe88cbde0b8e8367f31dff00a5bb0b0280fe35a95da1b0f662bd07b705f1698dfa33375bf1d","nonce":"4e0bc5018beba4bf004ccaf3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"f502f419bbb7e276154e2c5f2ec9fbdb13c61f09ee5993802fb50cc6003b17a4bf1179b7d8a48a0bf7528f5331","nonce":"4e0bc5018beba4bf004ccaf2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"e2c055c53ba7827e2056fabc95ff186b1b46e77268de695cc8efb8022ee33a6712307ad5c881acb6589d2a6e54","nonce":"4e0bc5018beba4bf004ccaf5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"bfb51460c63906d604c22260b2cc229e177dca34a78439a606faedb80c681268923026f989a828534ddd2913bd","nonce":"4e0bc5018beba4bf004ccaf4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"961e84353362d00492a262c88de810a009a5af6e6f3f0d23c1a823f0a706d0a8b539d3be3933b193c31461cccf","nonce":"4e0bc5018beba4bf004ccaf7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"96572f433efdecab271a64df421fce559770d47723945e9f1bc8c2a67febff80cc98d1678f7a34d6e7de5d5c8d","nonce":"4e0bc5018beba4bf004ccaf6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"7f8d13b8b7a80ed582a10e13206b266a7279acbf7285cf26c9f75ab73c535b55eff698b25de0558a0455143d9c","nonce":"4e0bc5018beba4bf004ccae9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"834fbb6ad123cb0d9325cffa05207a3caf63e45843faf0b2d98fd3103e8411efda32125e852f1e468a1c0c7605","nonce":"4e0bc5018beba4bf004ccae8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"ea2e4eb5aa8a8e0de8f4c7e29ac10fa49989fd6a5935f64ff331ec2c53a079556158490edbe013319f49a88af6","nonce":"4e0bc5018beba4bf004ccaeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"7960018fbfd627cefd5023953f8a007b7fbb5ebb4153d8185d1f55e0ae656084f5595c29da0900d71989a7f445","nonce":"4e0bc5018beba4bf004ccaea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"4b6d1f9ec27c3a9fb79ebdb0d69699c3e8cb8da4802d38d9940fd0b129e0ceadd1e54588de95f5199f4925fbd0","nonce":"4e0bc5018beba4bf004ccaed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"044115025d4867d992e8c2cd9242b12a121cbb0fee497c3b3ab6c1d0060dd509adea13f843522d67a9da62fba3","nonce":"4e0bc5018beba4bf004ccaec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"4d3eba6d2f517de074a0ef40c4e2b261adb02ca1537d6d315d6816a556d3167b352f574e06cdbc423d08b84146","nonce":"4e0bc5018beba4bf004ccaef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"de308859ad3619c7a646877d9d00ebb7ae1803904d8d3accb106c897266760becefddcfc9551ca71a04db519dd","nonce":"4e0bc5018beba4bf004ccaee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"3e58f3c052092cf02f0d541cf7c9adfb9dfbdee15c3973e6133e991e12f6289af3bdab52540881d688095f863d","nonce":"4e0bc5018beba4bf004ccae1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"210158e10fbbc2b36bf11668ec53651c73d73565fbaabee553c67c6d0e2c474a7da11b508313324225ebdce308","nonce":"4e0bc5018beba4bf004ccae0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"1fa300121fe7e77efda23d37a9ebeb65e5000ed4133d53ff054ddbafa6cd9286a1d3de12fc7eab261ceb75593e","nonce":"4e0bc5018beba4bf004ccae3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"db5bc3077939b1502c365fb5b1d7e2be7c6afca14932e830691f84b0e2160bef24663b6c1c78be4ed8d9fe7b9a","nonce":"4e0bc5018beba4bf004ccae2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"df983a3ac65db3d183ba2f1a1adf5953c18c609d895d14fcbaec9647580d4d57d4e9dd94dbd064551f12409132","nonce":"4e0bc5018beba4bf004ccae5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"b5af595fdc9dd2a63dbf336ad3680f0f302b2c76bc735a85bc23c09f8a41e3a4fda7f99178d28e4e6d21ab3d86","nonce":"4e0bc5018beba4bf004ccae4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"dca5ee65bfc2a10fffba96d15223080c2f95e95955fb234bb8c351568cbfa37f2507d6836df412bd8cd2dc8486","nonce":"4e0bc5018beba4bf004ccae7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"de477623a0ae487d3f61166f9df4531130a1132e8cc66147fa72b337e283f57af59fedd0ede725ade2d62511dd","nonce":"4e0bc5018beba4bf004ccae6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"52cd962fd79948df00241bb57c46f67a6899d2a352f94462ac33740aa1757b0d30f22bba33824dbc680f7654b0","nonce":"4e0bc5018beba4bf004cca99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"03e73c975d9926fa1bd03a01b500f691ab45bfc85c1d466d16fba530c039b66e0dac2202612d676fd9035bfc04","nonce":"4e0bc5018beba4bf004cca98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"2870c08149a4817df9255ae20540a95b1fa092eed1ef4a2f261315e61026a2a25db9681192cfcdc6ee0ff5fd7a","nonce":"4e0bc5018beba4bf004cca9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"88db84b1d84362dd1a9f397e9f04c301a8aca3099acf7c570985879668d949c7c18d8ac22647e5475094bbf6d0","nonce":"4e0bc5018beba4bf004cca9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"4dc54261bc14a107fd27489d6c268071f546baf6734114ad43baf0817bcb52e755db1314c1f540e5e7b0f4de62","nonce":"4e0bc5018beba4bf004cca9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"5e87a7dd33ec05bb1183eabcb7ffaf2662a693add0b0fabc2ad87ef7a4cd7ff31154c6a5432511acd214221dd6","nonce":"4e0bc5018beba4bf004cca9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"8b64c5cf6761b4336f30450be1988b9300f9c1b52257a18fd4297aec107e0ab7e5b345d8e1f47adf6bb0e1f492","nonce":"4e0bc5018beba4bf004cca9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"8fb02ea317c1b87ffccde9fade64e6c06c883e446edc3e810edfa55dc0b682dc57d94f1a62c504f833931b097b","nonce":"4e0bc5018beba4bf004cca9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"d3901ccb35d7c62e91bcf8dee378f31e6148d0a371bbac78ed3f8e4cce79a05b890eb53a3eeeefe2aee9aa3e46","nonce":"4e0bc5018beba4bf004cca91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"6ca6c30d03c4619f4bead732069e5b96229c5a110ae7faadded15ea6fcff07342820a177e3811f9b7bc0c66370","nonce":"4e0bc5018beba4bf004cca90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"ec971166f9ead0bb35f83d620815e62b46eb18a065d63dfa645e1815cbb669e1cfb2dd1527cd585fe1f85f65e1","nonce":"4e0bc5018beba4bf004cca93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"357b934c9c45ce5f14ca5a18d53de9313b9a9ea632fd3fb837ee51b8458ce7be02418a4868ad11cf2e4f4fe436","nonce":"4e0bc5018beba4bf004cca92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"79c9f6e50052f182c7d5cd5c6054e4c0a32bb4a9a502741cefbf710807ba706053ecc8927d404539651ee5f40e","nonce":"4e0bc5018beba4bf004cca95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"106799ca941b484cfc4550969cfd2e35e1f9a9a0e7d2601c887c1217a3071979598e1382b89df4e42fe7b3a597","nonce":"4e0bc5018beba4bf004cca94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"ce08f178f830504c0015116120599671d24d948b0c3e225818d9e3bba1988efc3a943047379b6a156111a07d5e","nonce":"4e0bc5018beba4bf004cca97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"b408451c9a117151cf4bcf28643f3a217b611d154562f0f8981605668e5447b851175382356816aaea55fcdbe7","nonce":"4e0bc5018beba4bf004cca96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"51b331c98b4d46a7ed1da70e7add84c2e044f8a617dc566966b7874516a3f928a6ca129741fad2c0ef1fdd4dac","nonce":"4e0bc5018beba4bf004cca89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"7f1851d0989f501acf173bcad523760d334f2cf18e8776729cdebd6d8cdccd16daabe61a359b5e1ffd74ffa558","nonce":"4e0bc5018beba4bf004cca88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"958ca68ad2ad0c28e6d0f604c72534c349488b768f8059d6393cf3ae0031262ae7e5fbf59a33a77e88bbdaeb82","nonce":"4e0bc5018beba4bf004cca8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"68f77a61d65dab6d3bec119855d6984c9c1368a260e7cc1d2ba907af4ef4ea5b8fc097f9c61971db4c87aafe3c","nonce":"4e0bc5018beba4bf004cca8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"1b3536d96ede370fe40c50eb3f0b3ded484ba4e7f3c4c02f5f8d25e632592e41e71b154c4762a286c12a03481a","nonce":"4e0bc5018beba4bf004cca8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"826ad46e5ec20d7f46b7508a65efea8d25b07091274b1912fdfb6a019c4d0433ca435661b0fedf3e9ff43857d7","nonce":"4e0bc5018beba4bf004cca8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"902225b74060425d24eb1c47f4f91ac3945c443df703859c277575436dbbb5d58895ce6012d4f5ecfee288e3ed","nonce":"4e0bc5018beba4bf004cca8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"6e9a574a0a47fa757a00684802ae8dda5505da855851541f78aca8ac3591d25e2ff84d450593562ad34c1cb07d","nonce":"4e0bc5018beba4bf004cca8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"69d597812778d5f4e7ff0f336f838d4ccbff4d12f54e39d76966310077ec2c67ba21f9a32d55e6475543322618","nonce":"4e0bc5018beba4bf004cca81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"de56450a6caddce46fe760855735abbf3ae9dc1e541ccfa961c909db2cabe6389184b9cb01bd0b96b46fe0b0f4","nonce":"4e0bc5018beba4bf004cca80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"0d7b93c46ded46227697f7886e4bac6eca99466938e3c89d0e005d61c538f637d405dc442b37739c7e34560fe1","nonce":"4e0bc5018beba4bf004cca83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"9d01cb547317ae506ea6613ab2eb6b3ae2442989963ddca4af7108c11bc0ba2fe3b59a627333cdaf1c744a017c","nonce":"4e0bc5018beba4bf004cca82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"006f435acbfaf7a6ed08bbc1f05cf2e020815ecb6408c6c6c434c455c9c38f5a89eedbc98f56674e4ec5aa56a1","nonce":"4e0bc5018beba4bf004cca85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"8bb90c45f00acb583b4736029e2e004c4ebacab469e27b4fa8f25a3e9b7964d563c4741bdb69a62fb35d288006","nonce":"4e0bc5018beba4bf004cca84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"dd035c22cd9787a94b676a2ae678a86b6933a28d08dfc82f0c10c10a70718d06d512e830c61c729c56dc8df363","nonce":"4e0bc5018beba4bf004cca87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"a0fb4876b2e9842aef734363dec6ae9d7aaa4406a48b7b3570b1bac9d794312fd2978261cf9c14176318846ad9","nonce":"4e0bc5018beba4bf004cca86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"2955bf52356ada6d7b8fd6f63901f8465af7d1086fd71fc3d8762361ea00dc133176a1261d3751adee08b2a05d","nonce":"4e0bc5018beba4bf004ccab9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"8285b14f5ec9d04af326907364cc307af89427d7fc6cf48b209ea4f9127f35fc99faaac7c368c357474be2e8c3","nonce":"4e0bc5018beba4bf004ccab8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"04ad464cf7c86a16a2e613aa3532be7dd9f4042438eeceacc9c46f0eace743bcc0a2e5e01030bcd3d4d9c87a52","nonce":"4e0bc5018beba4bf004ccabb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"0272742c7fabb325c0a1a783b12e70d2eef8f8842e531975e9190da33d464034d1ac0ac392129f967c006de460","nonce":"4e0bc5018beba4bf004ccaba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"624ccd043db9e7e5f270e6459223e6e5f0d18a769b0f3ddc7eabbdc870e7cb30e807f3ddfc60acedcc4c8fcd2e","nonce":"4e0bc5018beba4bf004ccabd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"e3ee4bfde0521215849453557a7229a06b5a4745840cd242fed7da89c69d6dc8be7888881b31969cf7c4474e0a","nonce":"4e0bc5018beba4bf004ccabc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"08bb0a7ab4eeaa885449b1d406f74ac85cd93f7a17778304421795370d050ac1e834a27aa0ce78d8955e4d07ed","nonce":"4e0bc5018beba4bf004ccabf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"50543ac1b94754f97f17c78a3060e739873e80baffdf38fce2151826e87a5df048c311d4249701d35fcc02447c","nonce":"4e0bc5018beba4bf004ccabe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"f74ee5d04058f1741baafa860b21100ba21f9e628dbdcbc7c3210eb9a86a3553ed2bc56d23a461bcd0c8c1401a","nonce":"4e0bc5018beba4bf004ccab1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"d0428979f51e27805e241bf2a8fa1b8d206bf1f76912e82b3c4f8d10784f4bb4c492163f82e515a870de816f6f","nonce":"4e0bc5018beba4bf004ccab0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"7782af1095311b39681bf077f7e2ffbbdae5fb3d27c4c5dd6665137ece20e2f4e8060fd9ba02f5b5cb185aaa95","nonce":"4e0bc5018beba4bf004ccab3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"974cc60e64fb836c473915b7309c65bb013882c4f334b09be51f9b21f154317a6e78422032045bcad37af11703","nonce":"4e0bc5018beba4bf004ccab2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"539a5b49f91dc7c8596b1c12681006f1d6dcf4554e5a375b6d66241bbe54d798c0858681250afa7e6e817d993b","nonce":"4e0bc5018beba4bf004ccab5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"48286f131c4de8f7a55765574db9c58e0d4a79af2c101a85b071f99ca932c64dd3f5ec174779ab8fc7bc312f38","nonce":"4e0bc5018beba4bf004ccab4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"32cbdd7caa041ee6e0ecfd7c90cc853832800f42a907c6a7a15c66cfbb4f09ebbac0b02979d7bcb430dfef3f5f","nonce":"4e0bc5018beba4bf004ccab7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"ca225692cf8e9019b1843d11e8a8fdcd6cb27a0f94b787ccba62b8d88fec27d5190d021d37d0b7040084a08c54","nonce":"4e0bc5018beba4bf004ccab6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"b0a0d8f33b43586b2d995c542ad2b14ba7a9b8dc0858c0b6747b89f41b6a161cb1077ef1d5f8bfe2998f734693","nonce":"4e0bc5018beba4bf004ccaa9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"fd3343b68504a65e5e59fc0012bac5ff977101ab27a1da21dbd61ad503b294dfaaefb0418179287d41915b88d7","nonce":"4e0bc5018beba4bf004ccaa8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"9b05f45d5a05e8b5c62c313c76a4b768a8b76ca4a67c057213f3a680ac4aab106dc85ef9a5e0ead38172a3d7c8","nonce":"4e0bc5018beba4bf004ccaab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"9f77de1a4dfcf82ce8b86c24921963bd728481bf4c5b1020c1ba199f1c59bc2af68cfee5f9655d721223c4660a","nonce":"4e0bc5018beba4bf004ccaaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"2e75785da7ae915c77f8627a8a5f2a46952de0909932223831229810fb6a639b729667be05d098bb9992bf0d87","nonce":"4e0bc5018beba4bf004ccaad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"1695cfcc989632a479f06679e33f8ae2f2b709c82bc8acab6352cc755f5fd77dcd9fb38733372c3a2758c60c5d","nonce":"4e0bc5018beba4bf004ccaac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"86f18f25a6d22ddae560fdcb059d20c7849597a33b0804dbfbf8f44a138a423c59740379aeda2a8400768c4338","nonce":"4e0bc5018beba4bf004ccaaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"f185d8244b8f6567e96c842c421ecf840a46efe536a91be81645f9a8ea00461d9c6cb46cbafe609b791732e06f","nonce":"4e0bc5018beba4bf004ccaae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"8eaa04b9967b246afa58bb1ee24efcd3f2a648be6e70964272db11e8b0a4f6e03930e7998fcf468e03a85fe997","nonce":"4e0bc5018beba4bf004ccaa1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"00ca60f328cef563a4bf2142f1f8994158851a2b538d42ab2ea8d10c91313aca28edbd38f93eb6b5d329abefad","nonce":"4e0bc5018beba4bf004ccaa0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"5622a6977ab2f16f0d76ace5f0b3ef0b8f3f73574072623379ed817fbad20a8cde063f3e4fcc75fd74d8aa4837","nonce":"4e0bc5018beba4bf004ccaa3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"4784c2e119249a1740fd811ebb2317326a627f81b2e169df67760890c509e5b638d36f9c8ca54c4ef00af7abda","nonce":"4e0bc5018beba4bf004ccaa2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"a2c18824022168516291143db1db221a9118c1cb79c52bef8698021c8cc554b08d0364313aeecbaebd8cd60fb5","nonce":"4e0bc5018beba4bf004ccaa5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"64d963d35d9e850d659d8bc93b55fa98a84a1a53ac626b8d5e6e4fda21dc63bb069d71840304fd3e61b3b6dfb4","nonce":"4e0bc5018beba4bf004ccaa4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"0f92cedd2d67a377ba021bc92154937359b1f4bde22add8030b7c29d1ca89417390bc25a6a5609266b4f5ea615","nonce":"4e0bc5018beba4bf004ccaa7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"2ad71c85bf3f45c6eca301426289854b31448bcf8a8ccb1deef3ebd87f60848aa53c538c30a4dac71d619ee2cd","nonce":"4e0bc5018beba4bf004ccaa6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"10f179686aa2caec1758c8e554513f16472bd0a11e2a907dde0b212cbe87d74f367f8ffe5e41cd3e9962a6afb2","nonce":"4e0bc5018beba4bf004ccb59","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"5e9bc3d236e1911d95e65b576a8a86d478fb827e8bdfe77b741b289890490d4d"},{"exporter_context":"00","L":32,"exported_value":"6cff87658931bda83dc857e6353efe4987a201b849658d9b047aab4cf216e796"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"d8f1ea7942adbba7412c6d431c62d01371ea476b823eb697e1f6e6cae1dab85a"}]},{"mode":0,"kem_id":16,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"a0ce15d49e28bd47a18a97e147582d814b08cbe00109fed5ec27d1b4e9f6f5e3","ikmE":"a90d3417c3da9cb6c6ae19b4b5dd6cc9529a4cc24efb7ae0ace1f31887a8cd6c","skRm":"317f915db7bc629c48fe765587897e01e282d3e8445f79f27f65d031a88082b2","skEm":"90345e3a1d116c1dd39ae76d95ab858c142223a63e44f8f85318cfa91a84858e","pkRm":"04abc7e49a4c6b3566d77d0304addc6ed0e98512ffccf505e6a8e3eb25c685136f853148544876de76c0f2ef99cdc3a05ccf5ded7860c7c021238f9e2073d2356c","pkEm":"04c06b4f6bebc7bb495cb797ab753f911aff80aefb86fd8b6fcc35525f3ab5f03e0b21bd31a86c6048af3cb2d98e0d3bf01da5cc4c39ff5370d331a4f1f7d5a4e0","enc":"04c06b4f6bebc7bb495cb797ab753f911aff80aefb86fd8b6fcc35525f3ab5f03e0b21bd31a86c6048af3cb2d98e0d3bf01da5cc4c39ff5370d331a4f1f7d5a4e0","shared_secret":"48893fecd82f7c3456af6a42d8f56325d21e08c10fa81299986aaff54cde7b49","key_schedule_context":"008fc3aeb832490a4b5ab3e42023287db29a1f4bc7c222c0df228727b70a4021127f1ff3fd1aa97af7e5d473e1cb01ba74831133d9659b6c26b03a038a49a84074","secret":"520da82c752ee6e0be7aafbad57a62535d266b6333513d3eb94cb497dceaf94e","key":"ee16802a936d5f544771131900ee6973d0551de9e852ece2ef34bf0d5f9e1d1d","base_nonce":"9bc50980832a7b4b58c40161","exporter_secret":"a8e9a7e62621879fdc89cea7da8e6153458f463e2851baaf009a7461d699cfb6","encryptions":[{"aad":"436f756e742d30","ct":"58c61a45059d0c5704560e9d88b564a8b63f1364b8d1fcb3c4c6ddc1d291742465e902cd216f8908da49f8f96f","nonce":"9bc50980832a7b4b58c40161","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"b4e7c90d1dd62cb563694956eb517ab55d5e7d1f6366a0066c04ababaa444dbaf60a30d7bb7d3e91b969762dee","nonce":"9bc50980832a7b4b58c40160","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"65463cc0e5fd16e1650a55fb37d5b6fe6e5ac5b6f6e8c2640cfb0fcd528dc37bc0963b5c53d6238c42d447ddf4","nonce":"9bc50980832a7b4b58c40163","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"2e68d23899ad26f5b2a427b558b764978f36ee5a77ff5d9e41b53c9ed92e68e5432fbbd802426118fb33679597","nonce":"9bc50980832a7b4b58c40162","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"8537ff19240d613badd398dbeedf0338ca9f549bad6775ae8c3a672666057f6709e0931155cd1cae7071c6fd27","nonce":"9bc50980832a7b4b58c40165","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"93dba4887656ffd2924f3d8818d9d5aaff0d1f418dd1308b3b69831ca31c3b5cbf6fd20be22de60f8a68f94cdf","nonce":"9bc50980832a7b4b58c40164","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"bde010a4e30ce2b2af854c9dbb2b1bb62fdda53a41ac9910f62c78c57f2854fe24c11ebae198702b044f9f2937","nonce":"9bc50980832a7b4b58c40167","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"0c84fa1e7244087e4bd96bfd08292178da1aed05f4763849683cf17eec00d58d69f22f0246acc07746fdddfd71","nonce":"9bc50980832a7b4b58c40166","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"20df1d3f4893d01d7cc2fbe59a600b10e7a3758cc9e1a1045b21481e0c740522e68e6c676443782e04ba3be60b","nonce":"9bc50980832a7b4b58c40169","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"ce71912f47141cd2b1d7535e410391478a743cc7b0f90b9ac20a4768dc096eef7bf08184142d256881ac9e951f","nonce":"9bc50980832a7b4b58c40168","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"71ec0f258dc41cb776869f6031d2370d39c456bf28187ebe6995939b40dec85505d61afd51e5c9ff6cdbd0e028","nonce":"9bc50980832a7b4b58c4016b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"4936401ca3c26f29f1b26322d5290f7af021c50b51fa47dca831eb0e7cba8311d7293c2d770e63af532ac35b23","nonce":"9bc50980832a7b4b58c4016a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"7af21109276221df3e9dcb5581f09f28351e8006b70ec004f8cebcb9a00e42554239d6abd6ea276df50d7622e8","nonce":"9bc50980832a7b4b58c4016d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"3022932c3ab88cbd009fbf64244cefeb86c19570118d023e072834db0b0b83f047f39e69d520be4045a99d121f","nonce":"9bc50980832a7b4b58c4016c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"6b30a55affd6545bc9687e08830d97710cb44ecac7be84f27ba18a779ebf31ad83aef583fbec69eb13d3960496","nonce":"9bc50980832a7b4b58c4016f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"28ded6a52fbe302e81be11cda2c8ef0e88c8814ffd529aca62c08a993087c0f2b816da46670398dd0901da87af","nonce":"9bc50980832a7b4b58c4016e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"05b890d8bdba2f446751c8eeaad1338eeb679cd949b1e779977143e3666bca367ac65ad86ff4ae2b981d145c89","nonce":"9bc50980832a7b4b58c40171","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"c8417704006862f5737e74dbe8f1d920724387bf4c428879bf1dacef245834be2e91a2b4de17d112dcc3271b76","nonce":"9bc50980832a7b4b58c40170","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"55ece4ca7b2134c363b6801ea5aeaf38a20773703144b1948243871ef38a997e529b4cc8b03f15d3a026c5d880","nonce":"9bc50980832a7b4b58c40173","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"0b07273f9f319d28d58b824f100b686109f27aa3b1fdf60f87d0f613e097e1d67ffb29b8a937638dc591b4f18b","nonce":"9bc50980832a7b4b58c40172","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"01963e4e888a6768438c4b4b646cd8fb0f10d4d99bf740c7b69718d3b1213fa9638c3f69b798902b15f52c5602","nonce":"9bc50980832a7b4b58c40175","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"768976087f86ff47e89865ecb2b8a0e174abd835d038633bf98efddef59c18643b22c7f3a71c68f37cdd1069ab","nonce":"9bc50980832a7b4b58c40174","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"b8a67565c21c3fc62681bd09df0388cf007b1e0d3dedecb8284e7e9602789c20b2187965df5aac68ce892f03eb","nonce":"9bc50980832a7b4b58c40177","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"afb1f0760220eb53ce10996a2b190d41ac24ee667479a6d889acc6c41e78d7b6166842655ce192d63ec1c8e937","nonce":"9bc50980832a7b4b58c40176","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"e18b46f780379b66f4a0ee776a6f5163c5c4c01f05a5ac915e1415f2c95db61c28c7715091164958f6487b723e","nonce":"9bc50980832a7b4b58c40179","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"5dbcb634666536cdb9831e672c735b1039b78bfdbf1f572c544eaaa7182dc0f5c6480636dec0b5c4922e68c5ea","nonce":"9bc50980832a7b4b58c40178","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"fc9a107a34e3331c7998ea6c9b28bb6104913c1c484048b90c9e4f57860f53f669e525ff50e0889e78c1bfa791","nonce":"9bc50980832a7b4b58c4017b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"7150c64214d469ae219e431a7b1247a417c57ba3455d3ab1db419e278764749e01d4e0ccc0655d69193e2db995","nonce":"9bc50980832a7b4b58c4017a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"954be16c9412c55f8e5442a17b7a495a7ad57595b88e39a8b224d1f04730a78e69d5544f71390a5c58253d2d67","nonce":"9bc50980832a7b4b58c4017d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"7f81e1aaa9dae29b32719e09517204de49a0ecaab7edcdd7edffa314337d2ce34be7ab8da8451d5daf483e577d","nonce":"9bc50980832a7b4b58c4017c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"e886b07add22cfc3559e5f5abd9b55c4b490f7f18d84d7c702ad598f67bfd4093bc07027fb9ee7ffe3a43b4b7a","nonce":"9bc50980832a7b4b58c4017f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"bb52c993e86c06cc4ace06469195acef9e975a06edf829d3dbe0f5be0034fcfaa0943294d63fd1b27cd01046c8","nonce":"9bc50980832a7b4b58c4017e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"dee4b7773c03a93fb4fa835e302e995a6f3c5772f717a5f95383e115c239dbb60189ede839ad0048aac28d6e73","nonce":"9bc50980832a7b4b58c40141","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"754461a303cb9ebdd82711c745feb24c4d0a1edf9740c95174e70138d1f1ba30e582b53d26f06ee6d71f85e47c","nonce":"9bc50980832a7b4b58c40140","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"f057a81c40ad3e72ff7c92e58a2cdf40b13d34383d2f8b4200fbdc38904b17b1dc6b25d1fa6c4ec2d7f4864f64","nonce":"9bc50980832a7b4b58c40143","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"6132e9004df23003d720426f8dc95efe94831e2da0c2e714a9195199694c1966d3390cf944b707b1ee301786ec","nonce":"9bc50980832a7b4b58c40142","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"c36581ed467b912cf5e602fdbe0b4243b042f5b19aaa23b3ad52bd4e0b0f24f6ec7d36109ee7c7d053589e9f2f","nonce":"9bc50980832a7b4b58c40145","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"b373f222a8daabfcc127e9f4f595db359d0bb1ac7a40c55a7a7dd22e5628d84372d3931963c57b347afe8bfd20","nonce":"9bc50980832a7b4b58c40144","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"754f54315a5ce55d84d0b4f92b44fc6a6ede8668dca52b374dfedc5d6cf48f6844dc09c5ea0c628f956186c4b2","nonce":"9bc50980832a7b4b58c40147","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"0e1a114e38f37bc8fe7f6e9c023c83171c49499575c8a6b5091908cf411672802af082ed5f912d30eb848eaa76","nonce":"9bc50980832a7b4b58c40146","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"557670c484a9abe08aa1b8c16b7eae6eaa7de88ef26f68ee47a8d13d61bbe3f54bb79795556a8456da82be8f5b","nonce":"9bc50980832a7b4b58c40149","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"5fce41c624c951c87e57023277c04d9b59515b55589aef25d54d591a8e8a3aa2eaaa4e4c346983d6a9763c2040","nonce":"9bc50980832a7b4b58c40148","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"36cc682909c82a0ebe13dc06dd0db4b4e8166aeadc1dc5f05b2dcb50a177390a7e3a2b318cc13f715ad29d5766","nonce":"9bc50980832a7b4b58c4014b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"0493f72b9ca22469510f23993f402e21eb94e95169ee52bbe9fca40005fd337a98488efe419405bf593e35bd15","nonce":"9bc50980832a7b4b58c4014a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"033ef82bac58fbc38bf938205eb74cccc2979465d1e040371c7e243d13e64cf6ba7c7b499192f1a1e1e7da696c","nonce":"9bc50980832a7b4b58c4014d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"e2ee0343b9f79e307d25365f3b108cf0ebf33270eb98a8c6df044d7d9aefb0b8581ae6e1111dfab9bf1d7513cb","nonce":"9bc50980832a7b4b58c4014c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"de280e42b4c9235706be1cb42bf4e4aece2ab4edfa55a17b6f6d3ed358f1d4b57ddac7753bc754410f43cb2932","nonce":"9bc50980832a7b4b58c4014f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"0f02bc6fe2af1f53fe92f8bf56530a073d114940083c4589350829220124d4a56e88109426a9d804b755b43dfb","nonce":"9bc50980832a7b4b58c4014e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"8b7544ac963d287502a4f37023e7fd7b8baa1819877c3705202877239c5b488a130c6595c7e2113c10e76b7058","nonce":"9bc50980832a7b4b58c40151","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"fa2b3ca7d0071b384c7fa830bc3e8b40c89f82173881a2f16f06a5728cefb866262559f40f834df63054ab192c","nonce":"9bc50980832a7b4b58c40150","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"1673414d896d03227cfa0bed2c93fc29403254a52691fb706326f128ee8406f92cde86107a202130bf78c1a93d","nonce":"9bc50980832a7b4b58c40153","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"98a2b8988be0b9e74bc42626cf1c2bb3a7269ec373fb38c6780ebe1fff1d4d3ab70da8f149fc8800b2c84523d9","nonce":"9bc50980832a7b4b58c40152","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"cf6f638130a6a21e43d7b6b6894a51c96a2dae72ca3c1faba6309d0150a9fb42bea2a4ca56c83af96075a23df2","nonce":"9bc50980832a7b4b58c40155","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"8cf476a1fb16f06f498d2e3f63fe9e925da66e6cea9c601de1a51a99a63f93eeff625ae2abdc3bbf93c4cc9b9b","nonce":"9bc50980832a7b4b58c40154","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"96ec5364196ab100bfe0685ce99a047207d8177880e634aae8a78a8a2a7458a52bfcfe29c59a08743f87a9b864","nonce":"9bc50980832a7b4b58c40157","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"f51be7a72cae005a571ab65b8b57e6590c4aa6c7219ff53503044b1fa2831b691ab060cc659ebf3593a34f3d1f","nonce":"9bc50980832a7b4b58c40156","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"b6554bf53a770e4a9e78381c3a89b3ad43202a8de32fa51353e37962a9327a348dd09ac754c74eae0da4a63fe0","nonce":"9bc50980832a7b4b58c40159","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"5e8904ed01007df71370af9ef82349c5a4ac774c64969ae5a5f4379f067a2f92a18df2bfc44bf30f09ee22c513","nonce":"9bc50980832a7b4b58c40158","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"422d307dcb93bc06f20ff1fddf05d4c7e5fd774f55b40c2dc4e824d35201be5944d78a9f273fa34864d3f9f3dd","nonce":"9bc50980832a7b4b58c4015b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"d5fa197c04bafe5669c4aa873ba11d9d05bf62e35c2f64e64ed5595b3eabf99eecc4557d91b85f8738dd1ce87c","nonce":"9bc50980832a7b4b58c4015a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"6c2c3ba14d09fdd68f8db39ba45ad94ed318da11baab81cc2cff02c9f9bd1d31465254b8fa091971282b60084a","nonce":"9bc50980832a7b4b58c4015d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"a3a968e5a3dd39463dfe636aee7dfeafd458c146d53422d4a7738ec988d8bec3de9ed78038a041deb45763ab10","nonce":"9bc50980832a7b4b58c4015c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"1fb4a5fa806b77fbbe3ce10cdc9a8d85bd719a53cab81ac89190207c3fab4b5bb40a74e6d2d62abc37ced12480","nonce":"9bc50980832a7b4b58c4015f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"43f92f114a6c87e70a32baad32b185868cef62e8a70edfe709f7efd016a6d685cc819564a5539536e1c694d984","nonce":"9bc50980832a7b4b58c4015e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"2fcad61503b2481d6476c949506bc24cf987db31a063bfc276c4c4f38d1b3171b88b717fb789a9f8ce68f3565c","nonce":"9bc50980832a7b4b58c40121","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"9801524455d33ca0b0f0f819d7550a3249fad3ac8a1a558b72c0adfd2acf43fb5ba717c1418ba2eb3d20ba87cc","nonce":"9bc50980832a7b4b58c40120","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"b658c3d149fbb94270aea88174dccffbb9548ab266ca97fc7fcc7f68442323a64be2fb0d3b4c9be45808342d36","nonce":"9bc50980832a7b4b58c40123","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"911f82eb4b18e8623c632152c73c02f47f51df4b5b47c3c1ce3f37891a395c4de424834d7be0704487be340a8f","nonce":"9bc50980832a7b4b58c40122","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"5a86ab48fe6446c31771e6b05ce24d5836f59cd7c8871a4eb3d484cf49c38571f8c99be7d09517febf60931c92","nonce":"9bc50980832a7b4b58c40125","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"47cd4e7465422a83deeb899712fb14dbe1733bfe32f56ec44b63bf835745a7bc0f7e16432cccdd52093c6ee79b","nonce":"9bc50980832a7b4b58c40124","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"0141a1267c31e0f11d47feaddf1343d0ca00ce39e6b8b20ac8ec1610142ba80ad001b7d06584c82398fd11f0d4","nonce":"9bc50980832a7b4b58c40127","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"11e21f6a5c91fc5bbecf84ededa8073424b3525ac9eabcb94c741083c67b52486f953440b705ea74f7d1c0efd8","nonce":"9bc50980832a7b4b58c40126","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"1ce3559975034a9dcfe653368cf7ca9cb9a11ad18d5171fa4b58985d949e5bf8629169bcf1d613b8727ad18baf","nonce":"9bc50980832a7b4b58c40129","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"0e1209427ac849678325771cb1bba6f805a30c6b389a876b641480c7d7d9e405a2b9d2fa7b5bed7af48737e549","nonce":"9bc50980832a7b4b58c40128","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"44ac63ea2441f0831347ad2cca500b61530bfc21fd61e373e897386ddc08d31a7e598d60fd9e0b3e9d81e42357","nonce":"9bc50980832a7b4b58c4012b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"899e4d2a540575f9720795d1ecbdcfce75c2504fcdd286a66d70500ce80a5fec40a82e7629b9b6cd44f8cf32e6","nonce":"9bc50980832a7b4b58c4012a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"186a8956210d989b3b00c7eae09a227c9b10edae34d2029616fd8fdf18cd708ef0ba9070d576cf9770e6a9769b","nonce":"9bc50980832a7b4b58c4012d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"f054c375786a9eeb58ed632b1028e5b76f27055ae9807ff483671295a55839ccac7c6a848092caa2914a517923","nonce":"9bc50980832a7b4b58c4012c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"8fe98f5b79911ec02a451e5dbb6132a4947832885a7317d6410095e2d4a5acddb0054edd1d3b474945e08112b8","nonce":"9bc50980832a7b4b58c4012f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"48b5b9f3bc4f659859a629a50bc54488d795d22c24aa7d6ca0293f8a5202bea83121ea9f4cdb05fb0f8afaec5b","nonce":"9bc50980832a7b4b58c4012e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"48238b403ab2718b4eb19ae4ff93544868da01f09c32f7a86a89b102497d93cc912074ce64d03432243dde21af","nonce":"9bc50980832a7b4b58c40131","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"ea72cb191df2f927a19edfc03650df67169f434d7be7f473e2bfb047218675ddbedc17a66c7eb75b72489f724b","nonce":"9bc50980832a7b4b58c40130","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"00c021f18e213364838db5fff8c853b0da8983a1cbe76b49a2106be73bc7f62bed3b1130d21cb9293a70c9ab92","nonce":"9bc50980832a7b4b58c40133","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"981c696bfc932768445274693455bf6366b7492ac10fb25c904cd062c8774f04b9fb1c7bb013ea35c9f058ddb5","nonce":"9bc50980832a7b4b58c40132","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"a2bf39eb69977f497c0bb48b86ef745adac5109b1baac317c173ed8c24abb49c7a9298bed6df89f5f4ab88da95","nonce":"9bc50980832a7b4b58c40135","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"df0b6e01311ea310baf2f49a038c5db13493b3bb9f4a32bb0cc87d86e6e2f7ec99e8f9593bca202ac43b280a9a","nonce":"9bc50980832a7b4b58c40134","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"a13a5d9bbc2ececc2baf62ddd3261b947cb522b78bd316b3e860b9f13d93e3433c6267cb5d146534a9b12e55a8","nonce":"9bc50980832a7b4b58c40137","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"3477d12b0e255978b7fd63235eed4694f6d16a86d45e56f79adeda986d2f1a8a88aede64a074604e4b1b05d251","nonce":"9bc50980832a7b4b58c40136","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"2f9b0fe5b65e38c07f25e1cf0a728f22661997e6e426935a992045fe3c6a988b1b7a48ae2d2d3c24d964719300","nonce":"9bc50980832a7b4b58c40139","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"2d7c3b66c5940eb464d8087cb709b999836936d939487ecad2185eec1274d8338e82e9f18044d0b5730a0915a8","nonce":"9bc50980832a7b4b58c40138","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"3b43d2386e9068d7966f02ff62cf2be38d59cc1788a437e735c67440a56cd03ca1643880c77f7c4d6afb8eb35f","nonce":"9bc50980832a7b4b58c4013b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"7b15faef79708b1a356ad6480086c225d496ca5b0bcec93d4bb437e73f99c3911721b7cda7f3e8a45e756afcbe","nonce":"9bc50980832a7b4b58c4013a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"1decace5cbf1cc2ad160591991537c10937e7f08c42bab2624ce37662d6314c5e00ff8799b28cc3301a4cf9e3d","nonce":"9bc50980832a7b4b58c4013d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"eee516fa95506868259bf3d340e941d6d8794651f51619d49630a68a2d50b4f3ecb8e03be81eff93cd4d917fcf","nonce":"9bc50980832a7b4b58c4013c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"5333774e2e6634463ae3864c46c3c2e93a35e6a54307f7c3da27810d9015c2acbd0006c05f415e9ed33440ce0e","nonce":"9bc50980832a7b4b58c4013f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"5e846713ecb89339813e80232c32826c8b45604182c1e7d01400310b96c57e1a1d926d3864bb251c2c3ceb4b3a","nonce":"9bc50980832a7b4b58c4013e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"c4b219f565e4d9b4fa92e21df665f34bc1b271f6d9ba0d621c7130de531e4c923fc32293c026ec5ed8568a913d","nonce":"9bc50980832a7b4b58c40101","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"18e14d7072eaa87dc94ecababc928391fd7fbdaef6d82191d06cff7b04b3fa79a98043b6615eed85a1549e7fd0","nonce":"9bc50980832a7b4b58c40100","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"7367357272b713242360fdc9dfddf9504d3e6b67db9174526d7c2f1d8f5cb9ead2bf0fdf0819d0d903296f36c8","nonce":"9bc50980832a7b4b58c40103","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"d26b0ad0121fb86b53f34a11de4f4cbdcb78feac12b8ca19fa3e7e4ad2e52a5c80629f176245f6ced9a8de195d","nonce":"9bc50980832a7b4b58c40102","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"20cb464393cdb97ef69c793c19e642191dd8b6d3b2f59542add2db291aa969f3bf34eed8969de952a43350c325","nonce":"9bc50980832a7b4b58c40105","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"38d1e08e64a2b9e8af0d1ed988243ce49dcdf890fd9d26c7be0587afbb64aef7b9f12694d37de2be6754c7835d","nonce":"9bc50980832a7b4b58c40104","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"0fcc7b2fc9928e82c53ea8fa98be6d1c31e3d25b02dee5dfc6490d24a0ba24f7c78ccb045e074c1a15898194dc","nonce":"9bc50980832a7b4b58c40107","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"0e261453977cbfb7fca5478b5aee5c48522dc44f22ff68cc06230e6a0b99a0b379b06d44eb5162c5c8c9451612","nonce":"9bc50980832a7b4b58c40106","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"150587697a2b169c56b8abdbe3d8036ed6574c62db1374497eb387f538227f3317dcae1af3d75b7d4eba690d4c","nonce":"9bc50980832a7b4b58c40109","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"c1dbdfe24103fbb9e900ee4a7640257a34e6f296164a184f7f1a068b3ae3de0862001146c477f0a3364c735b48","nonce":"9bc50980832a7b4b58c40108","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"5912a0723775b7d745c9a2786ebefddbcc3774f2941530adf762b45242d7d59144e2960c2e0d8e9cdd9824d3dd","nonce":"9bc50980832a7b4b58c4010b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"9e38eb4eab9c42735f76b05f5e4b99a4a0a86c09b06023c5f8d0876027b7b2e431e8e93e3dcbca920b54533adb","nonce":"9bc50980832a7b4b58c4010a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"bac8cfb86ea68e4b6c4bfe987bca537d117062322208c696cc932bdb5150baaa7e2fe89027f5363b5f4d92de1f","nonce":"9bc50980832a7b4b58c4010d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"e9637d58acc5a04d36abae4db6f1955212eb78702b4f96720e59ccf461dc25f38ab33eccca9519e2f7154dd7c8","nonce":"9bc50980832a7b4b58c4010c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"0d1952b95e37cba38396f8bd616e83441ef3cde2b6adf17716ad953129802efa476161605dbe723a73beef7bc6","nonce":"9bc50980832a7b4b58c4010f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"da485701db47b70047e12cb6f83a7eb8d40680170930e0b163624802675ee9b08f7a09e533fc0c4de533859c75","nonce":"9bc50980832a7b4b58c4010e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"2a1610dacd49bf2054ac346efbc090edc86099df0de77b02d939d918e9093acd6acd9c0e5a4454fa4274dcbfd5","nonce":"9bc50980832a7b4b58c40111","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"e2307c1d57cf3b4cdf288460b56ef52239f7ad1c595c1da67c1fabfb334d35bd70dd7a6b40a7c13072892000cb","nonce":"9bc50980832a7b4b58c40110","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"b0f5828bbb5f0a1d55faddc03cdebd729f57b6f70df40cfce027d266cd4ba3134fb77a8323052bc379f14c6a4c","nonce":"9bc50980832a7b4b58c40113","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"305052d4b93ace0eca6a6ca6066021027bdc34371920982c1a8c961a3794e1bed5aa94d838f930d20c1ab5c434","nonce":"9bc50980832a7b4b58c40112","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"2718f4cd244079fd54441f08150770676850866a8d98bf59000b8f3a5e384fbfaee01ca254ac9fa324a518ae4c","nonce":"9bc50980832a7b4b58c40115","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"d5a3c83afee8332cad4f48c9773e73ab9baac1c53de8ab8e764229fb3caf2050929710f633ed526f8c3a8d2073","nonce":"9bc50980832a7b4b58c40114","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"4d8fb5099c6046e9c0f1fe109d9c90b9cf78339274b47fb9653d5d11c82d18c840f966e9e28f2721a95c9cc11d","nonce":"9bc50980832a7b4b58c40117","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"4b84c6f4bffcd4776e198d84ab52bd82581a62b0282e78419148144c89384e35dcdbcfc0cefcac1f98c71407f2","nonce":"9bc50980832a7b4b58c40116","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"26f24f06b083b30b15080d65166e66d37fef98c19eeca9a2107a44e7195dbd39fb0bf6f40a9ad3aef75b8fe61d","nonce":"9bc50980832a7b4b58c40119","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"36ae4463ff2b6defab19885a03a0dc3f2da7b6553fc2d8279af776eeffb36c3c168ec53ecbbc7d44e592af9177","nonce":"9bc50980832a7b4b58c40118","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"1e6d90b7c8dd0d0629584422ce026b68cb8cc95929b667269a2f7b7171f6eb783cdd0e8bf86b11f92750f623ff","nonce":"9bc50980832a7b4b58c4011b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"bb5ceecdb74a24aa59143bf4112e770979754de41205a374847286ec7ece719695109d13ecaa37735494902fb1","nonce":"9bc50980832a7b4b58c4011a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"ed4e9961b54e3ab8de86898c94f4721792a30e68e8a4328b9b556e1ff2c3ca67be1982756b6906f4fd6bc57ef9","nonce":"9bc50980832a7b4b58c4011d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"76fe81bf2afcd2c0ce6ccb39d51d28c87eaf7b4cb3f6a93d6d2dc9e1e4746416d93327286ba533aa17c4e26363","nonce":"9bc50980832a7b4b58c4011c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"1e62098a4ea22130b957d0bb16a85dc34d70db47041e2b5b16db21c03d09031ace65d7f430fe55ee575f0a1eda","nonce":"9bc50980832a7b4b58c4011f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"1cfd4a556026b975f8ebfcf021b2a4a879f2c7d096042b36d44cb2f85c928d708111c7b459408e8ecfb6f1add8","nonce":"9bc50980832a7b4b58c4011e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"41d0528d981691e4b417d78a509e23bb630c82d8adfc94b2fc7c9d5c18fe98ae689d012a7d377db6d64859f949","nonce":"9bc50980832a7b4b58c401e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"5e303bcaa39521d3800368da6770bffb8077d231ac20e9f9a472d11adfa23cef5fd18e74fc6a7e44f7ba8396f2","nonce":"9bc50980832a7b4b58c401e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"b4cefaf367017302c9a2788f0a874b582a883cfececea59faf4c800dd14fa34c8e1b8e30a63b91add6121b4c6c","nonce":"9bc50980832a7b4b58c401e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"9b570b7edaeab8dde5abdce55cd230e702dd2b6bc8bb5f3fc5492e9722ddb4621cef8b81359c519c9eff41916b","nonce":"9bc50980832a7b4b58c401e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"5c5abf7dca7bd2ada9f03c3e06b532bc42313ed7578fbf6c63a6ef032584bba80095405317ac1bb81b75c4fd49","nonce":"9bc50980832a7b4b58c401e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"05ed41d918f9a2cc623295a7bf787db3115af7eb68e7b9831c35c229a51b963c2d6acb6054e66d216317a932f6","nonce":"9bc50980832a7b4b58c401e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"9c9f35e7dd1073bbf1574935884f1bd8b2357c2e3685dcd3d703b53a5d618c25820e559bdb151b9d4496e4d392","nonce":"9bc50980832a7b4b58c401e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"bcc289c85b85b8a20527174f98d3a3bd7380a3d7713a8708f595c7564095129f290ff6fdc54e42ffbb73a8a321","nonce":"9bc50980832a7b4b58c401e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"65cc7eaa4811db54a49590af8ee72e5e1d33693abf9aa6e43a4c735935ff0e76508e15e3c4715ec3b4554196ec","nonce":"9bc50980832a7b4b58c401e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"7b91b36acf5c77a0bdc60fb162c9daa3ad0a99e698fafd8d4b59a47a9154431fda8ea42b83b9240656a221fe95","nonce":"9bc50980832a7b4b58c401e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"a7e22183e539f184374bfe9716c679fc9fcd344c31a4c75d4eff4168bdf73738031dc900ec971f3f74a4db072f","nonce":"9bc50980832a7b4b58c401eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"3ff559a4b001843d4e462c9e1339fe81393391085a852b2d157c1262e01b0897470072dda71ff7d650c2ee7a55","nonce":"9bc50980832a7b4b58c401ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"5790127d90225cb0f7fecf3eaed8ce14ba7557950bcd59ac802f102c57d1586703fbb8b2c656a08cefc2fc7198","nonce":"9bc50980832a7b4b58c401ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"dbf2ff3e3ead46069374d26086210a08185712ff345cc555d752de237b4b90317a6222e6e6f9bfd6c227ac801f","nonce":"9bc50980832a7b4b58c401ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"3a98d105f63edeeca19676fac7f8998884fdc03efc05dcf33b5b5fa3d77857ef7c33b08945d95d77db5fd2e19f","nonce":"9bc50980832a7b4b58c401ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"7a6cad72d4b6ac9fa33ba2be4d1dd87c8a7a1486bd33137c61bf318f248e46ac53a494325f073eaae4e84e4d66","nonce":"9bc50980832a7b4b58c401ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"8120ca927f832cc30ec130f5f2ea61adc56d87ada2086474e8a39b7182bf8cf8d20210888269d2ac52f603d307","nonce":"9bc50980832a7b4b58c401f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"31501680983a7a5e933ee84fac62b7a593807c36f3ba79fb9a6a4c8eea09263cb3bf61dba1e43b33332c12e35e","nonce":"9bc50980832a7b4b58c401f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"5ec3bd53e282477ad24e2019f803315e1071ff20f427c745313012813d6517feb2f8574dea10702c0d55ce102f","nonce":"9bc50980832a7b4b58c401f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"06d7bf8fb48712629c82e21da3be5143c3fdccaddbc61c2283e3da02beb0d4e352b403334ee1078338ba287ac1","nonce":"9bc50980832a7b4b58c401f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"2fc6f0514feeba0df06863676043dd8123a5df627740818d6e1bc673d8a39edbb2d6412162f2f99c773aaba272","nonce":"9bc50980832a7b4b58c401f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"9a20d1c19cd3fd23e3170a9f7968cd2be736c80a180c512e8c30c75250e52c1e2c6b82772d2c67a2fdce4abed3","nonce":"9bc50980832a7b4b58c401f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"d227b1d63eae29a822e3f824560e6303671c5ae9289eaf26b123c391315e182edac7a7f237a29a416287d2d2fc","nonce":"9bc50980832a7b4b58c401f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"7d3eed666457a66d6661ea5fc2186d2b5665ec8e72e6a79918ccd17ec426c88d97d14e67a5607ea227d77670a5","nonce":"9bc50980832a7b4b58c401f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"5046c437777423f4f8e12621d23d36ce883cf256c4a63a2661f9994cb23170618f87d218bd9c91b33d6de38bdd","nonce":"9bc50980832a7b4b58c401f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"804bb98c28d3aa1fdbc7fe1ebba5b12fe6362497f8f8c09b9dcde243172987d69fd42c68f2a437b98ae2b447fb","nonce":"9bc50980832a7b4b58c401f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"4ac65437c03ffce1a76577e44b55b19b562415b99490105afdc931ad74f268307a973ecbf3d61eb35a4241c6af","nonce":"9bc50980832a7b4b58c401fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"626b27971782cf1460b6d4d19bf1d7685a7d5bf8411ab07410e83c260cafa971af3c6627adf06718b8720f8a6a","nonce":"9bc50980832a7b4b58c401fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"c4a82cfc13325ac6ffa7f2ea1da775682a7ae82e33ac985beb9957ffa46a1a3cc69bb37121577807e35335b69a","nonce":"9bc50980832a7b4b58c401fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"2d84b348de56ba62fc3aa06abafb2b488fd45509d9042b51fbf4d243e3d8282729c752db2f5c4e99021e1bdb81","nonce":"9bc50980832a7b4b58c401fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"0f41e70c04ca0ec3b6c661d6226eb24244391ac3a7e4b1563ce606530e0f3b8abeca36ec9969ae79cf296be580","nonce":"9bc50980832a7b4b58c401ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"65b09f7c5a73d76f6f833481277a83e9508f61e4024984c68a6ad7a6cbb3e5cf616f8dc01b39e82f4705441626","nonce":"9bc50980832a7b4b58c401fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"6bdb900f76303a845a4d11c0f7d958fbb421c861b6a4880fdabae1e677a927666df03fb358b6ae0c1053be3054","nonce":"9bc50980832a7b4b58c401c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"388beeee3cd781ab7c083cf1c2ba227c629a25cfdc299d7759f6e89cd93403dfdbf09bbfe195d607ed42da8856","nonce":"9bc50980832a7b4b58c401c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"39f4ca23857ca85371cd6be70f61bc6387ff2a1a8c3923cae241086b8550e30747f85113aad328d57e0ccdcfb8","nonce":"9bc50980832a7b4b58c401c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"e03bcb5bb28f5419e8a2c61c5e188e5e37b2a3930892d94b9bd511e4f4c7409c919ba34aa849a0100302b97a6f","nonce":"9bc50980832a7b4b58c401c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"5ea25e27994e04514122785d6ab1c6b3a46b18feeb7ae04f08fb3bce693e5fe8510d6a24ff5adcd3fa5b693b32","nonce":"9bc50980832a7b4b58c401c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"369a3a287c187ff09a94926d07340599d2fc01515df7ba632cd5299595624f30ce4360a6df6db1dff1b12a12ed","nonce":"9bc50980832a7b4b58c401c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"a5284959a2c050c2910094cf494a42f4018f1f9359ea40f6acf53aabe4c7f427aecf37539b1ea94af479e5133d","nonce":"9bc50980832a7b4b58c401c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"9b51bbb65631491fe2d49b87d606f1b4c4116c5e60fe1122b133d63b98091b4df6152be1058150e424b8dac605","nonce":"9bc50980832a7b4b58c401c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"966006e532f970c4233236fef50c05848dc4e14081473cac150b946cb0967751076dc15a8eb2107fe4bf1dbf13","nonce":"9bc50980832a7b4b58c401c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"96fa22aed346c5d4457153603cfc12843b04c3929ea5ffa458f650d6f6d730e482aeb132da9437ae4b42b0e9a6","nonce":"9bc50980832a7b4b58c401c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"598903ba5f42a43c6fa079352195cd7a77c8f9254026e1f1f355d0530778baf3ac8308810c4a6082be837b159b","nonce":"9bc50980832a7b4b58c401cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"6b07f656c3d6503e72a7c8cad6f64acf3da4b9f29347648c607a2b1277c769b86e559d58ced9eab1d3ab84fdd9","nonce":"9bc50980832a7b4b58c401ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"4fa818fa43135e449c77d763b6d2e25eb872c6c1fea07c75a649449383c12607a6cef659c05792fe805f0c09ce","nonce":"9bc50980832a7b4b58c401cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"7540fca217cbde4a5f52244d09bfc282d4c474eca6e30f8a190f2bb29831088ee56df26238e59821b29d06caae","nonce":"9bc50980832a7b4b58c401cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"c0af3a7d3844014484a3ad886a444d13ea8d460601452832b4a1e48a4cf145785ea23ae2516e0787a387682993","nonce":"9bc50980832a7b4b58c401cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"b2b8f6e0eb74d9c1463c33524e395311e5846454b1de337b49e03b15bf791c4c06a5a56f2c058f80b4f5e8a29e","nonce":"9bc50980832a7b4b58c401ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"4c3faaa98e9daa0fdccd8c20eb31a687325c6d023e11ff44ecabcdde68899092d23bd354bd3078aa9138c78894","nonce":"9bc50980832a7b4b58c401d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"2c4277398005527c92e40b7f32ca4c2b5e1a5b1d36c019ae78be57c4bfa582cb6db11ccd1ef40aa647aedfb80f","nonce":"9bc50980832a7b4b58c401d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"1eb31453e0bef86757bfb23688fb8f547b9ec6a3d75db974fab5233488ec26fc2e5d061f660412a2262f50bdf4","nonce":"9bc50980832a7b4b58c401d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"514e0ac6534bc0a89cefbbf34f8214ca35dc440b47642226d1866b88a6653641a9f1630e2c2b238bdd18d36667","nonce":"9bc50980832a7b4b58c401d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"2769941a05911f56d677b0f04f37484bba94fa7f62a900a88d54fc1f988c7f013b558ef3c6d77ea5ecd522e4d9","nonce":"9bc50980832a7b4b58c401d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"7e6a6dedf7310ae27e4356893ae4d2be9b57c639f06b96744c5058f650a525de3b23f6d5e24977061b7ada261a","nonce":"9bc50980832a7b4b58c401d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"9dba758de21e2ab6a01a82fe8bfceee3bb3479ebb0e09499914af9ecadaa6690bdae28aa23ae84bbe42f2952e4","nonce":"9bc50980832a7b4b58c401d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"c4c7b5ac97933c962ba4441c183e2ee5a3c48ac5c87271167262495b7b6e47679c2e018f62b5557f5cd66a57df","nonce":"9bc50980832a7b4b58c401d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"d4b193226b76d73837e608fe63651ced76726028b7a12ceaf1a6c81bfeb8830a2b695b5a559bfa7aa56276a935","nonce":"9bc50980832a7b4b58c401d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"13d48bb4269622b67d5bf20da4caeecbf748e98e6130a519ebb9b8c425615f7fcc533b18b64ba19b689dd1770b","nonce":"9bc50980832a7b4b58c401d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"97d89483b449271cf6c6c729db7c8d6396f491c8dfbad2faefa64197f97b2f6ae04d774da85f7c6981b51f17f1","nonce":"9bc50980832a7b4b58c401db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"47b305d4848d22ab3f7f2763cb2a02d1f4efc70af5c51e551a029478ead7c38812614872f750a05df8764fe925","nonce":"9bc50980832a7b4b58c401da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"634ad761358bc697b286fd4a8398a01db0c979c04dc04725cc043aa1a609c1a099c16430615be257dbc36ec7dd","nonce":"9bc50980832a7b4b58c401dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"88ce58ed2241ae9d1510d08057f968b314c14ed5fecb453642af612690e49b6e9d43b94d10bcb811abdfaa0df0","nonce":"9bc50980832a7b4b58c401dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"df350a67fea8246638a8f8037854422abef0ce87a3e108ff9daf7ed32e6c48b662a4f85b21f5c6450d1b59729a","nonce":"9bc50980832a7b4b58c401df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"3240f3d12664d2564d9e36f7fe6eff6832a17f36ec43535feeeb063fd3a93ea7e5213545b9bcc16475d00e74c5","nonce":"9bc50980832a7b4b58c401de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"5848649005fb4567e0e899de31477173ac16a7088cd0219e777d02debf1c0eafb0745472002cfc078fa70b1043","nonce":"9bc50980832a7b4b58c401a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"225695d095d659653562570f510ff55d561170dda65ec259cf50e36a4170d03fb3fa0b2079a6c2b6792f070ca3","nonce":"9bc50980832a7b4b58c401a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"7ab79b3b59b2fe3fb23738f275e40b6bc37ed5c0d423da12f01e5d7b73ff42e3ba0dda47ccb71a17334997e8b7","nonce":"9bc50980832a7b4b58c401a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"674ee77f888c8d4caf488b4177aad01667f8bee30ef1c92b7b48faa002297167baf22bdc2dd9308fad464d6713","nonce":"9bc50980832a7b4b58c401a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"8b1a1ca3345adc176fdde22eb0ec8b7b265db15df7903ce07cf826e040e1a576e829f48ae9d325d40fc57cbd29","nonce":"9bc50980832a7b4b58c401a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"fb7c6f9f925c6fcea3c0c5964edf5fa582ba1547742ac28ea881e905849c292809a0c753b4b75075c96f5c1ea7","nonce":"9bc50980832a7b4b58c401a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"84d9a86a07bb27313d8fb22d93b816df673e90774dcbe86a41bcce6a4075c05666dab044b01376c9d7e02b99d1","nonce":"9bc50980832a7b4b58c401a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"6fa05e5c7900e7316c728836e302b725eb9da89ef5db5b14fe7b3149c310ae95113f81f3ff84123f8dbe231c07","nonce":"9bc50980832a7b4b58c401a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"1d1bedf36342020112baa3bf62017d173b23157cec92276633ecc551db13483b255d7e3f76d262679715f3c12d","nonce":"9bc50980832a7b4b58c401a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"9fbf4c01708e37e378ddd2d5ac2cd789b23a04faabf2f6ab94ea707c182670bada0abb735d2b4da4930a3d9fc8","nonce":"9bc50980832a7b4b58c401a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"d0d72d4f87111ab278ca90e3936abf3dd578e43ad827502502a46d90f86d48502b79074814b07245f0395c22c0","nonce":"9bc50980832a7b4b58c401ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"cbd2d8c711e4fa974742d03264b3971dfbc5706b1c6662cd8f0bcd36bed8582dff0b5c83b00a7f02851d173ce6","nonce":"9bc50980832a7b4b58c401aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"4ca15f793120c8bf5cefdd71a84f18ad183c8fbe5242e6cb7b45776d9da4546c93a25334835834725337023fda","nonce":"9bc50980832a7b4b58c401ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"9137e9818afc996dc0b0e09545a99f721ae1f2fa351d4eec0cddd62d61575c2a7fec1b14d6d55790a6f4b0b947","nonce":"9bc50980832a7b4b58c401ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"05b1034c79f05f14994246a6a643899704651f5b1756d89409f66c996aaf56112785e644f7542e0040e1f4159f","nonce":"9bc50980832a7b4b58c401af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"96b7c0dce2059ccc371f5f6f06999a483c66b0061d1e7f83a3343aaf829894814b22d5197861414db179c52154","nonce":"9bc50980832a7b4b58c401ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"e4f83e35d42321c57acbcd5d6e6dca9bac75fe1781742b5ab11387243566cf9337cf59c2274852f1ea63e77ef4","nonce":"9bc50980832a7b4b58c401b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"0f0db823a16fcb0f0c1fd862514b5857fc54b05f1c4deeba2ea21816ad6b6b63983c8f39b74cc40ed8fa605fd0","nonce":"9bc50980832a7b4b58c401b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"a03d812d7c48c1e9c275608a66a06e558285d4046aa7111119375266e4328925e140ea1c6952c08de27433695b","nonce":"9bc50980832a7b4b58c401b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"42bb25497e2af0f4aa59152a0b60ce1b54cdbc2754a681d734d6fee05a105fbb54427157a63e5f500af8551ddb","nonce":"9bc50980832a7b4b58c401b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"c0e7b90d8c2eec4a9d12925c2e862e5774a46d5b6b5f8ba19f0af5891df9dc2bf902459f3a775a90e1c894c825","nonce":"9bc50980832a7b4b58c401b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"0cb8ff2ee045c5fea3058a5f9d6c6b28176edfc8bca922592cbdb79d32fadac7357017472cc61ddc2b3f9524c4","nonce":"9bc50980832a7b4b58c401b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"c37df0757efe3b346d6cb75fee9249fa78afdb1a7b83ea961f9c8681639d14a0066a5875819254bea036d2bfb2","nonce":"9bc50980832a7b4b58c401b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"8d4f80b5f835e12165e0f01af36bc97774c7e6acd29a70f4bd1b99c259b46bcb23f9acce3243900af05be402b9","nonce":"9bc50980832a7b4b58c401b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"870b7446a6d44fcc6140815897032d3a4f460d5d3d930bfceb99ec259293718ea4d93844b30a8da4605461e8c4","nonce":"9bc50980832a7b4b58c401b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"f964f0294ffd1c4a2cb01467cb5fc0c939afc69140430856d37bb43d921beba59b1057b4c7ea6831d82de4be77","nonce":"9bc50980832a7b4b58c401b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"ca6b00e550a23aa694e6d55ba3d2ba9968da38c6b6d59ad10c4a0455e3a401a15e32691d6889e35e9cbb19dc6a","nonce":"9bc50980832a7b4b58c401bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"578c912cae3dc186ba3d2c2d3c50486d6d43e0214f23dc729d2dcaf8875b8853e58788d7f9a25569a0b4fd60c6","nonce":"9bc50980832a7b4b58c401ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"e0c2496a2de8dc3481188bb14756894cc915dac114fc2abf9cf538cea0493525d43ae36cc530c151f2d64871bc","nonce":"9bc50980832a7b4b58c401bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"ac0b22b4be57bb6bcbefeb348cb37a8cd7c8a8d496f64166ee53fae3e9f5f68c186494bb86a937e7e217002e8e","nonce":"9bc50980832a7b4b58c401bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"b550c04e12a36932b22cc535d19087390ae6d0f0e56caff919707c6364f612ca83ae826f7679564d5f1de2e82b","nonce":"9bc50980832a7b4b58c401bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"a26a6f5968a83df2fbacd8e54bbb844b9127c77bee7ba50e6fc7024b536bb4f3b5996c34952193c2141105b6ba","nonce":"9bc50980832a7b4b58c401be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"81d10682fbb15e5685865391a49f7b6e43c67d31b09581fac78cc529726eb26a34dbe1bfb77748cf5240b76981","nonce":"9bc50980832a7b4b58c40181","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"a0ca2b72bba86f0e3eb79a01c88df12d4589b4e0df3ec5a854e3a23627b8f2f2a49ebe054437a731a78d17ee4a","nonce":"9bc50980832a7b4b58c40180","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"927c9fabf3d620a98a8691c5d4f6e0922ddbdb03a1db7496f5e020e0b46f9234c5f930c15029c1b733aab67041","nonce":"9bc50980832a7b4b58c40183","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"e7e76452710dbe7910dd30b60d3583486c354bc28a5d135d183f0d9913c6142071d2d4ed626cfe98fcbdc34737","nonce":"9bc50980832a7b4b58c40182","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"d1543ed54c7e130d07046610590de4d68a1a6bc4ce400c68bf041b805ed3f5268f44b9ebbeb1a32a1dfd5028cb","nonce":"9bc50980832a7b4b58c40185","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"fe417d0bc751bbd2098e7806e8cef20b6c23e59e7cddbe6b656eb132644bbabea3feb2ce46d506e74abddaa815","nonce":"9bc50980832a7b4b58c40184","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"c723e78ef1a08bc759c6a82763e95d57fc7f3c49c34763286ade6c63a6b306dc732a5849259cbdcf7dbce53c0d","nonce":"9bc50980832a7b4b58c40187","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"0529dd391c6de6078c42c2776d815f93aa1cb5536fe12fbf899f486211012c1b0383c202c0455d2e32d50ccfd3","nonce":"9bc50980832a7b4b58c40186","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"0b0864095b50904d9c540edaa8f2fc9027c6e49decdf2716b5b60d16a9b8d88fd76b018c074fad56c323e185f7","nonce":"9bc50980832a7b4b58c40189","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"8dfbe825713d5df87d656df66823dbe5267d38ea38f26fd5bfd1f4f7527cf88999ee6c3212231145868cc5717b","nonce":"9bc50980832a7b4b58c40188","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"a291bb3b7673741343831ee12226295219c75cf309345011df2ebc8dc7dc976a4925cfbabe43bf9ce36da15ff6","nonce":"9bc50980832a7b4b58c4018b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"c7f06e926b3576cd6c8d47540529cc8a8f6ec9e00e7ca4d524a9e3e150de388dd0668cc81ffea01c85b661b8d1","nonce":"9bc50980832a7b4b58c4018a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"59862f4490f9ba2dec160b81484bd4881d62950383009fd7680145da48a7442985291b01d7552441c4d7bcb700","nonce":"9bc50980832a7b4b58c4018d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"c29d76482e187f2206f6927e95179c20e876d6f7982bb8002d065f37fdc46a73e971b2b2915d199a65d2696c1f","nonce":"9bc50980832a7b4b58c4018c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"1b49fb7b4f28baba5b16e0287bb762e9a8ba03e600551922beb9f465463289130a48fb7259c227f2c7ac83c373","nonce":"9bc50980832a7b4b58c4018f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"e71a0c75333fb95dd4f2ac02b15bfd2c4dea782caa78ffbe553cd0c0c708397a0fca98e4979afd358722c4bcb0","nonce":"9bc50980832a7b4b58c4018e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"51f0d56e443ec3e9f78a9621e0e3f3b6d76372764d7b646a324a03b076821d04035ccb1b75e637cd304102c4d6","nonce":"9bc50980832a7b4b58c40191","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"c94b60acc216299a15937ee6a4e27ba3a479b39c5b3bb12b49274f55434423790833913f907ed64ca666c77036","nonce":"9bc50980832a7b4b58c40190","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"0bf5ce64d627ea43b996a0883c02704616457f0171069952e6fc3d4c12d038b97ff2114630268de7cd56711d4b","nonce":"9bc50980832a7b4b58c40193","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"ef7ea9656cd4041e24440da0e72b40f94a021545c7d031d462fa9ef214eec7dc98ee03de9edab8b7c736ffa5da","nonce":"9bc50980832a7b4b58c40192","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"b2ef51d8d2e7cfdf3499db7573ac601a125d601834b893606ebcf76071a111085ead2ab1e460831f81244f0048","nonce":"9bc50980832a7b4b58c40195","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"dba09d466f62f4131ea00d7df748edd6d06225de010e0b280675eef09b263752f69c568a51e315deac275558eb","nonce":"9bc50980832a7b4b58c40194","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"54a7dd45bbbaf5cccafe27126b9be9aa772b5f8845fdfce20bb25e46089f1eb544d75e64a1d952d6f6fb91c451","nonce":"9bc50980832a7b4b58c40197","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"1145da26f65493481f0c72f721ab23892d02cde0cb88644cc315a49c9388a0c5c377cd74781b07792ae70623a0","nonce":"9bc50980832a7b4b58c40196","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"cb18762d59d61b1be986f7433cba34586f2ba519fc9b77f605640a9c81850279d1a58cbc58bfb0eb6f356bd3bc","nonce":"9bc50980832a7b4b58c40199","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"a958b5306f2ed9359827a38aea0902731a20c9f01bba503695b28dc67ecb56a20a047de565a9212d595b41f7cc","nonce":"9bc50980832a7b4b58c40198","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"df9f6b77c274684b9506b604be1790e59f3fc7ef7d285125cd41299125051f0b321a76252f9574d50807dbc4d5","nonce":"9bc50980832a7b4b58c4019b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"6cdda328174fbe70265ec8714e044c4ce2d82f57a95d84aecc0fb5740d9ab58ef706277bcf4e10df3e6cbd3fec","nonce":"9bc50980832a7b4b58c4019a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"865501a8144d0dbeaebe1cce36b015e92ae52efae2cf4cceae1b92dae616cc8536c86c0b8357fff32d3e7ed344","nonce":"9bc50980832a7b4b58c4019d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"f9b5a0e1d43a4e2b82a8e1a7903e656812c686bce240ca6bee10c6c40f6daf84159b906dd52e0aa630f8bc7d7c","nonce":"9bc50980832a7b4b58c4019c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"f5e00cad4a903084b7f33dbb0a0f6edd488809046fc3b8d5958d560a1e1f143a6144f3a32c7c371091043d4908","nonce":"9bc50980832a7b4b58c4019f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"2bcdb6aa31cf9b85855aa22c18ee7feb783b26d5f8fae4554a409845810bdac0fc06bdce6c60a37efb45a106eb","nonce":"9bc50980832a7b4b58c4019e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"fcc4c798b73d45d4a241f4d05886befed63b8bdf0252454072c9f6170f6e262f2738cf2ea290053b2181ad46d6","nonce":"9bc50980832a7b4b58c40061","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"7a4c2b89e1909fb0e3ca42d5040f4c2d8346dc0643d787b8474e804f8f72798e"},{"exporter_context":"00","L":32,"exported_value":"3ca0e7e10b601a32edd2f91c49bac766892c52bde2df01a6126320c6e6eb8af1"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"76c6b4f404990ae362be3efe0d60d9669d87017f9dfe33b8c2ed9fd31d295182"}]},{"mode":1,"kem_id":16,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"0af0766dd39ca8eefef6b6f6b782bbed2e44f85380b794759d490b5fdbb1cfd6","ikmE":"3f9edbfb0f212a16692104c98023db64197b8c94831cbc0c1e62d752d0a097e6","skRm":"dd70766222d5a88e72c247bd8ad9c28ea49125ee463a63902cc6db68c34f76a6","skEm":"5171dce7db66a978110f345b97bfbdd836338c368d1b819bc125daffd90703db","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04349f377dc7fcbb0d52d09e7caa97f53a1badc59aac6959f74a4f5a965f1015d4eeced4cd89f4b3d06c7a716e741d4a9863d8313843c987b96f756b111080f07c","pkEm":"04a3cd1fd41bb0915973a14325a6c7612b336630e6c2fd3f3ae5a311bfe950d493155f446f3fc4a45d439073e998624fca9490ac7eca4c312271d8720f8e6d7a74","enc":"04a3cd1fd41bb0915973a14325a6c7612b336630e6c2fd3f3ae5a311bfe950d493155f446f3fc4a45d439073e998624fca9490ac7eca4c312271d8720f8e6d7a74","shared_secret":"aeb4e12a4b956e80588b330a6105a9158b580382427a40dc7c480472dfa346a7","key_schedule_context":"014347bda95dee60516b0482433e06221b26075bceb38f3931c30f869f189cdf8f7f1ff3fd1aa97af7e5d473e1cb01ba74831133d9659b6c26b03a038a49a84074","secret":"bb6d4948ea3d4a78f4806790eede4955400024adb313eae6612471c5be58577a","key":"2a3c038fe08ade60865e1ff54064471a20dcb4ef90bb692fff3d036f68c03b24","base_nonce":"2b272740b827c1e16070c32f","exporter_secret":"b24a488883ad4461ab2b218b48b82063038b5aa6d7d71fbc6612a32539c26fa2","encryptions":[{"aad":"436f756e742d30","ct":"1552f6db424acdef53728dbfab35b85266681af9f9c42fa60e30cc858da8eb1fe05437fea881290cdeaad317d0","nonce":"2b272740b827c1e16070c32f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"63f621439c282094cfe95d1c51f76ae3904dd4c801fb5de01619a0fe20e224859e59278e386312e60376bb34c9","nonce":"2b272740b827c1e16070c32e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"48419d35936c3ba5d88166a9b2545db2b972f98b2e3720bf786af569bdbf3c48fe55182e8df43bcfb4377c4cc6","nonce":"2b272740b827c1e16070c32d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"7d0abb259c8dccc80fc37be062161f844fa8d6b3fd4de11421076169c7028c2d6995577f356c2f93bad95f3c54","nonce":"2b272740b827c1e16070c32c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"4b9a3798b500e6954d4063de5f81a3e7fffa7e2769a9385176d7451a84fb0296fb415b825a998400ebaa7e1842","nonce":"2b272740b827c1e16070c32b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"1b5d521dd9fed3d35f6ebaaf88a9c3e0040da5ff5de79ac2207fe3dd912939518da903b85dd531b91772c9f9b0","nonce":"2b272740b827c1e16070c32a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"baf5fa46b4884f542a1c5a51eb159682e49e1d8a92bbeea163328fc3e9788a339abf7390a1e9884c591c79875d","nonce":"2b272740b827c1e16070c329","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"4083e35a286823c6c7a12cbc22737d8a4daf80c7ff0aa448345eab1378e6e8c87bd7cd37beb1cfa6983666eb64","nonce":"2b272740b827c1e16070c328","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"89f57f90c4820dde59be13e00af1279f3398cae2d13436f9fe9c2ff2169dab033643865103c35b7448727eda70","nonce":"2b272740b827c1e16070c327","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"0ac32eb9cbf6b83bec85a171fa85b5e0c9c67c903b331adb50a1bb9b506858f78117605dd3f2b5c23300a0580c","nonce":"2b272740b827c1e16070c326","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"44064f555166614f3bfd627b9495fc266f019fc9557d67d7060fe98e0d3f0ea80f968212bb341754ebba681b1e","nonce":"2b272740b827c1e16070c325","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"bf3001962d4c6b485a11fe2a7e26854bd04776ea1b9c9731b029bc47fdd3e0d65162d8b73339eddb23c223ed1f","nonce":"2b272740b827c1e16070c324","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"36dd6c23c7efd7401134e5f06111a33757061734abcd6a48d266548b10675df213f8d954ede2ba172fa82d3718","nonce":"2b272740b827c1e16070c323","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"da8821ea95610d2ed35fcf27b95ad93d64ebde8f6050c4562fe9d25c04b5cec1f7c3f5510cafd508d08ad1d0d4","nonce":"2b272740b827c1e16070c322","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"094fbcdfe0b626e6f429ebd344a28fc58c9ba842b0cc7aa8c07e2757114e3f1dd20f95a7d84103c4787254b433","nonce":"2b272740b827c1e16070c321","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"8080e3a1c8e7a8d4ed31d5f6bf484a55e35a2019d64362417e31f04e49cf25bdf4e697319e215f88beed2d58ca","nonce":"2b272740b827c1e16070c320","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"4093e97eddb367606ef0c1ddfc80c63a282a577a56b0849c8ac95655889ff289d7205291f131260747311d8b83","nonce":"2b272740b827c1e16070c33f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"56a9904d0ce94268f73e75fa39f94e7472320273c747a9d232c6c21d1e311613ccd2720609ad80968ced64fc3f","nonce":"2b272740b827c1e16070c33e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"6033a22994ca7bb5cdfb80d0924128b708cb85525571d2f08b4b8bb279a5d8926da306aebeb6d893126df0e2a8","nonce":"2b272740b827c1e16070c33d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"2ca576195cb5a8ce3d72ffd16c5bcb7a318f5de5c39295fd595710e46a1f030169c5423771da73979ca1656711","nonce":"2b272740b827c1e16070c33c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"300dd6c529e6dd64440894ab1a5ce30f2db258d91e7811a8fbb116ac1c013fb2e4875b1fe8841a54bffc2db095","nonce":"2b272740b827c1e16070c33b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"bdabbc618e537908a610c17c1618c9a8e1ba710093c90b38c36716b45b8133859e4a42d9c3e11f2aaea29d02ee","nonce":"2b272740b827c1e16070c33a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"4df807e6e9920313275931aaa3f72dea45382425056af5bd5a7d91d3bcf9655e84857f531990214819a2145c8d","nonce":"2b272740b827c1e16070c339","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"e1b521270d714e7e4ad745aae432de10db02f5a37b39d191ce30aa0fdb92850b4ee7353fe1a1beee2e5fae1a52","nonce":"2b272740b827c1e16070c338","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"654653d2c2dc14c4d48bbe7d948c78ea9fefbe1d8893b31e0c0bbdfd45f8cd7fe6183c3dee9fe8f0f0c6154d21","nonce":"2b272740b827c1e16070c337","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"346c74bd8e13bbb1c1993b3053b00623a405c14d546aa4a94ea533f8bbbdf02151c2cb61a77fca5325c2375132","nonce":"2b272740b827c1e16070c336","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"31c7a8abd3e119bd52731c75cd9043ad5ef023de5a233af08a12e818770d48ae75d37d1068c4acf728788ee56e","nonce":"2b272740b827c1e16070c335","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"efd06488b5212811ec893463bd1f88fa2642d3c5c97550312540b43cc63121d4116951fd225bd9995e759a4f4d","nonce":"2b272740b827c1e16070c334","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"cde450d08010bb6a549321c7a2d6e36898895a44284e3d98ee29d468b97a8c113a3e1d1bf66ec3fbabdf082447","nonce":"2b272740b827c1e16070c333","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"26e08b5fad72ad5f0b0df641a33992c26b589da60c491e6cf4b8bd7c543668ccf17fde18a0747214a455dff7e0","nonce":"2b272740b827c1e16070c332","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"0a35847ca9d64b899d34680fbb4b6be545420f42a28655b49b659230df3530c470c9935a1520ff39f62e83d408","nonce":"2b272740b827c1e16070c331","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"752638ecc56abdb91c62e6a97453fe731fb2581b3891f68128e19afdb0e135e8483b536f1542c3d00464dfe4b4","nonce":"2b272740b827c1e16070c330","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"c98dba1692701d7838ecfff3c6f372261995664f405ecb7265c7e1950e53aa2d1d31e75bdf3ada6301dc708e98","nonce":"2b272740b827c1e16070c30f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"3bccb610d790570d8dfc4624c68096c485c5a3b8f65d3e5ebaae74bf90917a364a0dad7a4edb3f3f77d364ed1d","nonce":"2b272740b827c1e16070c30e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"3484ed173674cad0923839c8a846bcec4fe918021288c0e7ba63dbf9fcbb13098e2742b717f0ef942772d9575a","nonce":"2b272740b827c1e16070c30d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"cb60012d9f178a138785cc94291308005f5398e53eca254c90926becbe7a17a5a1300a7c1a74a8b8862b0f2bd0","nonce":"2b272740b827c1e16070c30c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"b3e691cbc5a34f51a1e90b0c251590aa652506f2987bd347c4e2d020545d632d75850ebdbe72d45fb634d85ad3","nonce":"2b272740b827c1e16070c30b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"dd8430fa46522e074f273ac6a24755ad3d4d2c8f0129ba947f6272995885a570ce1ee260837dba47c1e95dde6c","nonce":"2b272740b827c1e16070c30a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"6aa6cf6b6baa6aff82336bd08b10e3e439d2c2794d1431548d0e2e966a452551e0db8b1dcebdeec2375db0222b","nonce":"2b272740b827c1e16070c309","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"e3c63ec8e4fd9bfb13b1418a050d6cae6ad1803566f6e2ae2e34a556a0223228fd941414ed994f7c6f83625d57","nonce":"2b272740b827c1e16070c308","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"9a6b26cc56d52ed40aa68aa3c1d8b6609f2420c2a5343d507c1bba88a3160449803b260b03f7771e8ff7226bd6","nonce":"2b272740b827c1e16070c307","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"977259433ff760215b8ac2647527c8e614c7f08e8c12a1ea5c525726ea297105f84d3b52e3b8bccb34f9d86edb","nonce":"2b272740b827c1e16070c306","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"e1e475f7776e3518bca1addaca0c6eb44c6d5a04571c29dd2590e5fc42e4122eff6fd17c891b182b0f5574bce0","nonce":"2b272740b827c1e16070c305","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"096e50056651c4d6626d75cd040b119cedce6d61651ec8c23c8980cabe790602de38e5734535c32fff0e937dcd","nonce":"2b272740b827c1e16070c304","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"a11c1173a7144953f81271e71660a7fd7b7aa02e4829cff84f87812ed97537d8deff4cc74cf70d90dff84b4538","nonce":"2b272740b827c1e16070c303","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"5f9df1e0dda3bb586110f06fe79dc799fbf51be2cd030597f45b33db5ebe9fb3e1adfddb6c401184367bbb626a","nonce":"2b272740b827c1e16070c302","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"b75ed23351648b0f82cc878c039cd6d7508ce03349a05d03daa1b0172d03a114df7b28a5a9e57b33e20469be4c","nonce":"2b272740b827c1e16070c301","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"260546b9c7bd6edf3f3b923eb56b0ffe21c67efc803370bc947ac5b2d48d7af43b6ce00aa9604972c3ab871baf","nonce":"2b272740b827c1e16070c300","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"37c306f744d37c611efd400cb11b6f4abbc8e0db9a334af34a34718f08c2965041b1102443cb293c98dacc7f91","nonce":"2b272740b827c1e16070c31f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"8d86569bdb5a286108da6649aa3864b03e0bbdbf8e92ee11dc18c2fb2b79f460c21f602f43be2544803ac0948c","nonce":"2b272740b827c1e16070c31e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"2be8982f94acefaffe486c38a60d0841ba576a9f1e8ab64e732bb14daee8b4989eb0163ef99e554a50f14d1e82","nonce":"2b272740b827c1e16070c31d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"a4ea0a192f0310d65c7e2737b73fc175fc000d2d6271a66b8fcee09025edf23812590c5673e858a997330a4ebb","nonce":"2b272740b827c1e16070c31c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"7b7bdf976c198448f39c983e7d11d92d3afc56f15022bfa3117b995d83ceaa2b3fc07c6fdf2309847b62e86f0a","nonce":"2b272740b827c1e16070c31b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"5c428301aa0950af5a4f13fdef828e9f12698e78b1958cc0d531eb39ba5bdb11bbfeffd034463e76336b7ffb4f","nonce":"2b272740b827c1e16070c31a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"fd22025abd6c82ff9a56aae568e950a0fc66343ee254b69f2e1e18b69293ec1661995e1d8b58252b553468091a","nonce":"2b272740b827c1e16070c319","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"3052f5b991081bafdd27a0e59059c664cceba39716fbd8fbeba3850973e247a34ab6a681738f987e5148c0f872","nonce":"2b272740b827c1e16070c318","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"535c2a8a79349326245becc549aa520a866242631aee28e53e26cca4e097bfa03c6c5359293a96c7c53d0b2929","nonce":"2b272740b827c1e16070c317","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"f20d2bdb4232dd60fa2f876712e2c6143e08edb1f1b1cfb8a9fc0d7aa9562fd04f391fa4a7bdd550113e3a4316","nonce":"2b272740b827c1e16070c316","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"ae51274deedecdd2346146fb75f6989567ba436d2eda4adf3b48210196b3f61524e053ea4b70b204dbe3b911ae","nonce":"2b272740b827c1e16070c315","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"25e5a3cddc2945706345439d917d4dce506f6d9434c0ca9293693db673ceecea70534b70cb976f3400e624ae09","nonce":"2b272740b827c1e16070c314","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"f338da573c234011e7719ff4aaa2b7b9beab678095507ff663b015381af132ca324bf6fc570e793baf41e51441","nonce":"2b272740b827c1e16070c313","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"89e450c05b7d0e31269248859b9b5a110f14ac5b73f7b210e055ee519d4e3728bafa032ad7f3c9fc27ee43c776","nonce":"2b272740b827c1e16070c312","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"369e9ccaaf79d1700b8b7ee9b3f14b6c8c0bb60c28d21831d5cbb19fdf1c948e7fc478af1a52cc431ad6ffb504","nonce":"2b272740b827c1e16070c311","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"2957dc98c14fdf27f84287ad52ffddf185f1ab7927e0a1fc7c9d07230b17fffa24db5b9c98f848ae291e6b4897","nonce":"2b272740b827c1e16070c310","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"e55957d59ce4e21ee98c83828fd825a483d6a90ea861e37fe2d676c161df9bae89138c2ab4d9272ba0ffea136c","nonce":"2b272740b827c1e16070c36f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"f79dad5f89b76a1a6eaecec446edc5019d2f563b87ceab870695c4299fe6194680eb39e6958a915e3a44773bfb","nonce":"2b272740b827c1e16070c36e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"53af0b2a8910da0568f67d15372000c6ce8958b4f08610f1e0c50bce1517a5a9362f071d138d8db6b7acb46671","nonce":"2b272740b827c1e16070c36d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"cd9463be4bfd0ab3839684b3820431d54d2f255e48f54da691ef3df426d674dedfc16523e5a490625419b8de75","nonce":"2b272740b827c1e16070c36c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"fc8db064a756a99309a996e7efc6907adaa19e6913925ba5981b81cfe899d523b22e561d8eb5a1dac37723bb9e","nonce":"2b272740b827c1e16070c36b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"dfef0ef0fab27956086d41749f8b832fd485a23f8f66b8526cb48f67d1e9808cefcc84ee4fb8bd442e75e6dbd8","nonce":"2b272740b827c1e16070c36a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"501e2c6d78f8c86273a9d173ce0aff42637e8678f3ec570ffef66e7f17bebded2d92a40957b1a266c6cfe4b349","nonce":"2b272740b827c1e16070c369","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"7e69a85cee3aaf22d2c794eb5e6adfc4b731844c2c59777cc6e801760c712fbb87504b9840a4f034db8d766433","nonce":"2b272740b827c1e16070c368","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"b9d7b6366da1f962b68b02f2a381609758efb01de00de872e21c202de15015de434403f1872db756a4ed41c781","nonce":"2b272740b827c1e16070c367","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"2904889eb31d9c0b1349c6c70123b664512a87240965e572f8e04bf26fecf1fe7ebb10eda1d05fb04217605ba8","nonce":"2b272740b827c1e16070c366","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"0291edb646db1a3dae549864330f32d9738aa37c712bd124ed3dc37873ee410fd858eba56dc6780f4d2be68819","nonce":"2b272740b827c1e16070c365","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"556c6c5f0d47a701949e829dd01443959a8e92a826ec7b83239f31f665908274d3da6bdaba92953894888d0b2f","nonce":"2b272740b827c1e16070c364","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"7ab624992199a57a8c182a8a783ea0609ffe8d1424104eb83d022ff30a98cfadbfc8343827f9e06c55c85bd74f","nonce":"2b272740b827c1e16070c363","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"f3a2dbc8dfc480017bb5beb43b4458c1d6171f0877a8c80b1f74d5a6bdd8077a773aeab6eec0b0e6ce38abbe0d","nonce":"2b272740b827c1e16070c362","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"cb378bd8adc53c23055e3b4ca2f168fd2c3685dddc07366692387fec28de28e53f04c40d45f578ef2f5ff135fa","nonce":"2b272740b827c1e16070c361","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"a4a365ffbb901c3cd0d3ab0db78282d91ad1246cc9cdde1090c601ebeca1c8ab261f6c5c22ef4bf3a89d5b5dae","nonce":"2b272740b827c1e16070c360","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"d7eb6b9dc00c4f19fbdc22aac7e821c9845d6b0df28aa5ab18203ecec000ff45e67b57ce9195e47cd37124c83e","nonce":"2b272740b827c1e16070c37f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"da7de54a048d9d4537e7f37b9092c652d72cdb62a3449b42d0f7d181a83fc1605a763c70a12a119c41290b20dc","nonce":"2b272740b827c1e16070c37e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"db2ebe909cddd7d4f2308c3e0c1390a7f2bb4bf89eeb87a66404e9066360155386deee440f941d66995595605b","nonce":"2b272740b827c1e16070c37d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"f0a54e8572b9c5b14de4e9458cd2a4651be19737470c840aae7914cd4e809d33c0a78e99656a3828b35f985984","nonce":"2b272740b827c1e16070c37c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"4864a55d4d8a46bd575557ada49b40870042a32b153081bfcb0999224fe1126a2f231161e8cb13117f5bf1ae93","nonce":"2b272740b827c1e16070c37b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"a4de3a94c95315e6de91d5cad3c2d895f1852898f37396705f319cf2eba3242557d6a1b293702936a542e2adc7","nonce":"2b272740b827c1e16070c37a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"18d9dbde04707aef918dab813a816e971d8c2f6857252f2b63f430a3a46169a608fd324146da7a4b2497a963f5","nonce":"2b272740b827c1e16070c379","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"ef3b713764217fb10bb9c4503e4a2d5e80277a2d3c217327228ac8019075dddf571715d746928ec0b2c27235e5","nonce":"2b272740b827c1e16070c378","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"96c029bc1ea6600327f4c0360c04191e1e20712264bd3b80fb29f45e6ae1f710e5100a3d490bff0d22a4936d98","nonce":"2b272740b827c1e16070c377","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"a34147885dfaf72add28817c14c336d5dd620ff3d74851fd641fb532e70393887858095b2c4e20eaf520d1c850","nonce":"2b272740b827c1e16070c376","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"06eb16fa02c38238d87c7af664275facfbf67b9df3b9146b399163d26896d81483e65d6b19d9c4698d4ed2cd34","nonce":"2b272740b827c1e16070c375","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"1d22da27c1db94cfde59fd486dfc70584f58153bec6648b8fc2a59612a531936bfe9144b9aa0770f5e24d58df2","nonce":"2b272740b827c1e16070c374","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"f28670ff18f8b8ec8d74d6aaedabbf7f7e636111748a11644208e49214ba4eacfd24a05c6f24abc67ded459ce4","nonce":"2b272740b827c1e16070c373","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"29a84baf692c233d44c8d4d3cf40b844f6002d6a4cd85665d4f2815645058b918f2d2116da7994b6b9fdedddc9","nonce":"2b272740b827c1e16070c372","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"7955e9898816ce8f06e95cc8e2245df2883daeab77b0b5194f1279e6643775b9c0d6996f026e2d9923230d019a","nonce":"2b272740b827c1e16070c371","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"bf57d68245cb63b6a947fb89172cf0f5ccba6a6e96c0eb992b074ef1d2027359009c5c97219fb0521862fed0de","nonce":"2b272740b827c1e16070c370","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"cb0fb9c27589dd1c55a381bd1def15e1e2b7d832c3b0a587272a8fed9d1d2913ee4e507108da6501d4728b4c99","nonce":"2b272740b827c1e16070c34f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"a93f3d3b57ac8d23730de64fe52f2d8697cb85b6836f6e6bcd45b35e36d87e66f3ed6012d0e84ad55d4af91c8c","nonce":"2b272740b827c1e16070c34e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"00cec9e550dc0e605d8d9d5b3a67d838f3aa594f4b352ce99b549e53074b96653b787a48a06e3317a2ad6e0446","nonce":"2b272740b827c1e16070c34d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"9b0659705e8e5fbddcfd9544fe6c1c49d72e6d991951590ebe118c7a23ce5fad4c365f6f6563c04f74f6f09001","nonce":"2b272740b827c1e16070c34c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"dcd40cd38649f7d2c9250ea935003e889adb047d75bc5319fd6c8b25d5b7de9090c63a9ac0aa8319cbb93c4a28","nonce":"2b272740b827c1e16070c34b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"7d6b99aca469edb0cbad6832db1f91999531ba0824d3fc2c59a1a5c42fc3a7da28e95d4cd4d25b4405c6ddb341","nonce":"2b272740b827c1e16070c34a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"e48d4701508bb9008be17a85791fdafa2a7ba9f2afd4d180844de65f9be68d33a229cbf148ed654e4caa72cbe4","nonce":"2b272740b827c1e16070c349","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"549401fbff2f62732c91c807bff7bee7ff89bec5ef0bef86933920f3f57a79a76d16b16a12a581b3da5a26b3fd","nonce":"2b272740b827c1e16070c348","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"03c1bce109a77790d9bbe5fb343cbad66e83dd5a9dbcfbd0f2a99fa1054e6ef3cbb2b75a48417c75ed997fc454","nonce":"2b272740b827c1e16070c347","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"d92fc105ed15716bd9f0b8f4af653d421f713383a1effee5bdcaa9b053eb0971b8ab2b0bc617cc62412c195df6","nonce":"2b272740b827c1e16070c346","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"12ce2438a15157883519d07269c65373f8f18b817a253a9f29568620445f14282e1e32315eac15f4f8ac5d0982","nonce":"2b272740b827c1e16070c345","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"812e095734f0aff5a6d41537f38e7a5518cdd262f9dcb78208bae8f4dc69c6583a28d5203aa7b24430db62438a","nonce":"2b272740b827c1e16070c344","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"ca2acc0cd62168b8c0be47d0db36e29eed8855afa55e79fb048d9004ac184e58b2dedf8bf6510d226b0185687d","nonce":"2b272740b827c1e16070c343","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"cdee92530ac01af769b54719d33c17320f8703d6cf767050e62e84765ec99342e2fe04f458e1050de2f435c3c9","nonce":"2b272740b827c1e16070c342","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"a08f343b9ad759f3fc2f684ddfa0e3d5607d626718fe1ceae836c9044676c18f718e48520e407e2aaee8ce13b6","nonce":"2b272740b827c1e16070c341","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"c510ac306b3d527d897686a7321479cc193b604115465e1237ebb4b7c564bb8f63c1b1d9e400ede594f70564fa","nonce":"2b272740b827c1e16070c340","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"d051c132152c7a20567e0182ff80044a4a4390b7145c84df306e5473d95518aba0021a4678ce144ce1254b22c7","nonce":"2b272740b827c1e16070c35f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"9dabbac5efbad97cb1b3359ea42f0dc07cebb697fa64604d128be72832b596e88296caa65d80d273e7a785b56f","nonce":"2b272740b827c1e16070c35e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"ae2bf70dce793223555f4c89a4f023dac6394d57d6c6ad91b657f5d85a1c114abe2632d016d504408e508b69e9","nonce":"2b272740b827c1e16070c35d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"87600e032281229cafdc80bd334ebd464094dd0ad584b98f373b78a38c552ddb6030131d1876bbb30e99edcde8","nonce":"2b272740b827c1e16070c35c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"a51ce950a77d6e582286f0504012cbc8e545ff09d78dee2b027b1dd71a63fc2b5357daeac889c9e26aee40e33a","nonce":"2b272740b827c1e16070c35b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"5b34692a525f9ac28374a3642dcfc86baace58d13c6ecec4878d74e2bd697b5b2e50e4235bfdcfb1f20332f568","nonce":"2b272740b827c1e16070c35a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"675fd6266209d365f4092f6b250c5acac7629b615622ddf0d35e7b9abacc5e90c91b7970c08a35d4f0b137fbac","nonce":"2b272740b827c1e16070c359","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"e252a4c234b38e1b74848792e2c326ae7f106670f26c2f5c72a6982ecd4dcaac17746de7216c6001915f88f3ee","nonce":"2b272740b827c1e16070c358","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"60cdcf349970a3da470e387b45985a314834e96f94379fdfe9a3168e975874f5451592a9a02dfaddeabb21e2e8","nonce":"2b272740b827c1e16070c357","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"c636165f191abac2a2b6f8157d07464d9bce306b543780ce5d30331eb156308337e3d4b48577d4aae5d4e835b5","nonce":"2b272740b827c1e16070c356","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"1bde8c3c5aaad9dd341180e3c49cbfe40c171ae11230b9d19e0cbc3d70d7bf0854807566a5e69cc3b65720dcdd","nonce":"2b272740b827c1e16070c355","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"6e508741f7a162070873a76acb6bff6d5ce29123a60ee6b84697a784da05711ae71c40a2db3dff190f278c4fab","nonce":"2b272740b827c1e16070c354","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"c090f765f1b59a794c1bf4138347e48c2dcb8b02be7721010aa91920fd383b5084bdc242f816256fef84aa3b47","nonce":"2b272740b827c1e16070c353","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"c1b9543ffdb10b0d70156105c8c6c66940983217c80620677653a17b9804dde5ac9a5a7a9167cbfedbed070e8c","nonce":"2b272740b827c1e16070c352","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"5e175ec886b767a2186789e0afa2db1376f42b8d622085489a70b5ab071930c6d50f4b8b9a3c966d9895f317c4","nonce":"2b272740b827c1e16070c351","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"bcd54493fa54eaccc3b79db39bc1a820c2d47b339403d12a6395f52f88f70bcc9fa92be6662afbdcf4c6682967","nonce":"2b272740b827c1e16070c350","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"c9657441654107236ba18eeba8f69e2362cffa4080b69daf19b5cd5db3febbb9aecc477f1351df23f8c3661b98","nonce":"2b272740b827c1e16070c3af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"f8ac3fbbe014c4bda44e180907b5d496349e54adb6c79d514455ac28b6225a8527576d4ed7c0fad47cf810914c","nonce":"2b272740b827c1e16070c3ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"9914a7f846c7d62425aa9a7b1e865ea8592a66ffadd5c18e1a7f2149011594e182ca5b6d01040d89ecdbdf4e7b","nonce":"2b272740b827c1e16070c3ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"56111b8036728092ddb41d99e56e422fa8b6a4899c6bfaf10ddb8449a299ccb5dd63a5026ac43b7df9e0cf0f9b","nonce":"2b272740b827c1e16070c3ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"52bbb064d7b1f737f27612a4128195e5922c687813446a2998c26ff4b967250637d56231f97480a304e3dda30d","nonce":"2b272740b827c1e16070c3ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"1409f98b54da35d8e2cf7506a65b955fcf20282f0197c534898b9489f504f1c7216cb4116de4590446732b08de","nonce":"2b272740b827c1e16070c3aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"fcd267eaf652c0578d8538eebb97426ab0f33d169fa102729286e3068b9613808da1cb81f810645c727facb623","nonce":"2b272740b827c1e16070c3a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"26063c5cfab924c79ca85fcd3981d0b424c8eec3104284677a014a2546c907aacce45fbe5ee2fc576593ed3198","nonce":"2b272740b827c1e16070c3a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"a3528b67c415180cb9bfd29d9a5d86a6dfe30536e8f92bf302d3a057976afe22af33418a256bf6cfb2ec79b04c","nonce":"2b272740b827c1e16070c3a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"18f6c21637a6ee3ce5860a0eb84bdbd1477739aac7e6a960150993e53b25d56a66cd6ff4f39f9ef2af8428e2a4","nonce":"2b272740b827c1e16070c3a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"21c8149ad1c72d07fd778838e0c751b7a6e2092f974c06a689eeb3e468365a6ff43526ee50a13cc6566ee1b5b2","nonce":"2b272740b827c1e16070c3a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"d5221ecc06926b4b14c4ae33c920b569454641108ab1566eb8fef13f4a9ebc98e941c77ea9103b3fde0545e91c","nonce":"2b272740b827c1e16070c3a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"0c079150170cb49937ced8088e5987c04b8293c6cc671b30154ce6424f75353413ec5c759a9c2fe8052f529796","nonce":"2b272740b827c1e16070c3a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"d105928a8d9b46dd0c49fc4978aff33621f33c7ede9ca05aee05dc0c7e8e5528ae17c6d6771ede35a0bb9921d2","nonce":"2b272740b827c1e16070c3a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"b57fb1a61e019b878cf98b8a4b23fba8c1f94cd02d03e2f2e433bd1a1fa5445b26d840516cae9bcb0332dc420c","nonce":"2b272740b827c1e16070c3a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"453d66aba2531bb5f305369980d911f01bf6da38ee24eb7af965d4d64372a415b92798e8f5ceb265ba1cad6c95","nonce":"2b272740b827c1e16070c3a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"ffdee5de2d40ce3515adeae43eab8d510feaa152a04206c5401583bb907790a2786744279c11bc30009b66285c","nonce":"2b272740b827c1e16070c3bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"d67a74825e71350bec5edf9dd401cb7c28d849829b58771c48a54d6cbd0785e23bfc938c02e4cff8a416a7e00c","nonce":"2b272740b827c1e16070c3be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"5eb6d157d78333e604e5c7527ac14a727c879f5d0573663c33ff39aa381539df8ebc1edf6dc9711e58bfd5ae96","nonce":"2b272740b827c1e16070c3bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"fa3227137cffa01463013409587127cfbe161fc23b0d01f656300c08af67946706d78c0a31238fa06069714166","nonce":"2b272740b827c1e16070c3bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"665f5cd5426de2a7b04b7a6e8d0118467156a7353b5d7ad1dc9b7f315795bb8f331c7ce2dde690a72c471ee630","nonce":"2b272740b827c1e16070c3bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"86d117207c365796c1a3c6b947b5abb5070448e83f1c32a50dd368d1dca264764f818a714fcfd0fb8fafc5bdd7","nonce":"2b272740b827c1e16070c3ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"0b8a385bdc8af78c081d540601c1d90099d7868a434f7aab9a2e0a2f32b34585cdf7367eb279793fab6baab50d","nonce":"2b272740b827c1e16070c3b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"4e0a352533490fc20a5ab13a2f6c56d966114f3dd59c1930946554784e15da8ff217860279e6310bf4896c6f0a","nonce":"2b272740b827c1e16070c3b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"dc3e69829788d0bddbfc3c28f1f564c9877308df369f7b3e9bd2f8041eac7c88c2933b3f3da81595e727fe5c6b","nonce":"2b272740b827c1e16070c3b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"2453a9ba601e856463dcefa6fd5a30bf06f2c88d1673b7345d81d82af54b9862f998958a119e2229862c41752b","nonce":"2b272740b827c1e16070c3b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"07c3f01e90be72cf5c12a576c47ce24c3b74c49d84e711c9016955c7d90eec5e21bdb789652416ea240891dc0d","nonce":"2b272740b827c1e16070c3b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"889e71da7497b095325f7e757c54c259233eb2507e333890860db1467ce43ff88de5b2843245f99cf6ad7295c2","nonce":"2b272740b827c1e16070c3b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"0bea570554d069d2188c797491d6b222fb7389914669ba53c7a3bd0de8f60bf3207b15c966c729917ff06f4009","nonce":"2b272740b827c1e16070c3b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"8443294d5822b7e36db3a081ee2ada847fb19d409b25ee7c69b624c06aed56a1ed148b480249068af9c839abac","nonce":"2b272740b827c1e16070c3b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"6347bd8f15a105f59c6216b60debe1ea00bcf8c606b5ef343b7a21f79d044649e7e0ecca91e38dbe268fa00f7b","nonce":"2b272740b827c1e16070c3b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"fdb7b96916dbf282bd375c33e250c0c5c4bdd1f0d7844fab4fc38f2e05d1e82884a854f2cf6a30fd857a490c74","nonce":"2b272740b827c1e16070c3b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"405ed26ddee96c22c6ab03c8f92e9b13d04eed0fe66090dda472e8ca319dcaa39531337541f38aa6baee1ffe46","nonce":"2b272740b827c1e16070c38f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"a6762b3f0a9bd0e973df89a2f6420780f6eaa641e51a65c983345eb3a14d6b7b0d7092eb51a7d2244c909b0ba2","nonce":"2b272740b827c1e16070c38e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"e64a74bbe45e1ab0f662c5316230382233d2096b729f906d6e07455f4e3448e48eea1947727f912cb55f7aa0d1","nonce":"2b272740b827c1e16070c38d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"d2bd5e01e60f06b051423efe0e6f7a80e02956c5bce7bd40026383be84713cdfb6ff3253abcb766833cf0d3e07","nonce":"2b272740b827c1e16070c38c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"cd0402427d481f1db25fc5a6136bd084a14dc7e7ae33e2dc1fc982645e16e71ffdd64e56c4b7e437ec76c8fb61","nonce":"2b272740b827c1e16070c38b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"2064b2fb6b44f54d881a83c5c14a8c3a65709beadbe9139e5d7b0e350e75a80dcf5e922946e2ba51099ef24cb3","nonce":"2b272740b827c1e16070c38a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"2b6859103506afe4fed2c8aa662111e7e42e22b513ffcde23931dc8d82385fba5de7ed2a15277dabe968dee387","nonce":"2b272740b827c1e16070c389","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"66dea52bb7cb4ac6144f6595775af362d2f70b82a3783800c4aa3b4a8270b481e487308ba66456fdf5ce8165bc","nonce":"2b272740b827c1e16070c388","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"22fa876aa044664d8f32aaa39adb90725e63383ea4db5401441b0d64b9a8d829cc6ad4925bdd69dd7f03a3e56c","nonce":"2b272740b827c1e16070c387","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"1afe2cfbc089e3c55ff1df83ba14e25a8302f016b999366fbf9c5caee9db2a83205ed1e8f810cec256112eada6","nonce":"2b272740b827c1e16070c386","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"435d58111092201ecb20e4ffa862f7b3e11fd3b222ea27c0c73add54dd032f78c561d77901ef92df8cc7555595","nonce":"2b272740b827c1e16070c385","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"97a67d7e30db8acaf467b888e5a126cc8ae83458cb72e4b6af0b0e6a4ee42e13be0760b9f0bae81b4ce2b6647d","nonce":"2b272740b827c1e16070c384","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"7501ca50ba005dc43316ccda9b0d211492ed30bd8a97f9c9f940d6de3a5702a3c24217a276832f7fb6489eceed","nonce":"2b272740b827c1e16070c383","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"888834091e2a11cc11f8a59e019cadccf2493be9ea770ae1e2f6edd767585a2ea89ae2217d9230ac8055f2f366","nonce":"2b272740b827c1e16070c382","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"374aa5c7a1b77a9cf661ae36fe6a47f9cbd6590c480cbd5fb87eddff15013cb57eb4a5b60eb8b770839ea7b6e8","nonce":"2b272740b827c1e16070c381","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"8bbe523d626c8ed404fce534c4958886f92a05ed24e38eb8f24f5d62d0f3a035b52b66d4c48d77c7cc9777281a","nonce":"2b272740b827c1e16070c380","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"6ef4a8b1a361df2d7c909b10895d571a0c369d07ca1766e7321f4ebc9db5d8a1336f0b04c32f9afaba9d43734d","nonce":"2b272740b827c1e16070c39f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"411aa63ee57562c0b392766b8ebd659dbbc5801ba13a103be03c37284a2143cc47ef3670930b9856391c22c44d","nonce":"2b272740b827c1e16070c39e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"e1d45180b30e3ef681e8fc783ea17fe061d1f9b7b7fdd3abc2732376d08b7d14d754ba8e99f9799a043641773c","nonce":"2b272740b827c1e16070c39d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"6bd617aea793bc47cb4f2e145ca6579c679ad1d44f2b9088410b8dafcf60d7b86694b2d269a8dc3a7b7bc5e895","nonce":"2b272740b827c1e16070c39c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"7e4f60e1c5eeb2f2e1ffc925a3769b774d3900db05ab91f03b578f95e4d1504f62114a83b264442c7ffa2636b6","nonce":"2b272740b827c1e16070c39b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"88ddf06f57509ce1a08e76e34a569b5d7232534d8be5b390c3fadeaf19c8a5d6687b3770903fa61528bcd3513a","nonce":"2b272740b827c1e16070c39a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"ae4c14af45fc147675d90419dab0fecb24fc32811c7d02260cf2600c74a206f5be45378e14eafb084d3b58005d","nonce":"2b272740b827c1e16070c399","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"4a8f515b56472a9a3d679d04539847d0d01477374e0494fc2bb684d21fc2ad608ad1a025029c016d01ccf13f19","nonce":"2b272740b827c1e16070c398","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"26e51a56eb6920496f0cca84952dd0e77fc33bd7fc6ef6127e958ad0df46fea00c1b9d07a2bb27a3d1273fe38c","nonce":"2b272740b827c1e16070c397","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"b4521ebdb961c486c8d5303d8be28ff1d8f0a753c3ccf44840aea0168c06dc792d7d7ff5dc4a1cc54f300bcce8","nonce":"2b272740b827c1e16070c396","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"ccefd3d854b6f448291e97fb4042f85270f5b0c3dd751856349117316a95604083d220799abe6e2c236cff8214","nonce":"2b272740b827c1e16070c395","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"ef4e27842b103270ac1fe9666bed109156bd1b7dcb29a815ea2d79480a7b1529a9c5641da296ca509eb238be74","nonce":"2b272740b827c1e16070c394","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"9bec040bb61fabd7255513aeb808f293141032a2aa2d6bc2cc6d3cc2da2cf39d4e256c4870a73b664277f026bd","nonce":"2b272740b827c1e16070c393","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"0b00f1d304093c843d7156989cc9b151947b3500f867c44b83d3452e8a956d74f9a179f38f0d000df59bb85ea6","nonce":"2b272740b827c1e16070c392","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"ffafa9b702b2bc2f63abfcb70d1eb9a10d0a10bf31d7cc251e28c54cf9a9a0b3a2bdb0e867bc0b6a6ff0a232e2","nonce":"2b272740b827c1e16070c391","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"34f7b82f25e6e3ddac3f042b11b8deb7643d45ff55c2cf98ebac842f46b534e88076dbdad43d573d43ca91f770","nonce":"2b272740b827c1e16070c390","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"6f4d1d4f0550df55620438359156e52248f8c0f9ef9bb8661843edd1d7ccc20be00e964a80d302b969563bbd50","nonce":"2b272740b827c1e16070c3ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"2691e93db860e39e1784e481a4c7363f553b89a5431b2896a365cc6aced6474ea6e44dfd22d4381ed9acea09fa","nonce":"2b272740b827c1e16070c3ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"560ec0d770e756b533ab39a91ad842bddae6468fb3b8465b4bf12fffb293dde193b56649dac60443d779a34f21","nonce":"2b272740b827c1e16070c3ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"4b166006ed2e954f9f94b566c3bda7d94e14a28a82a06c5dbd62a46e5d794da08639393ef63d3f027697d8654e","nonce":"2b272740b827c1e16070c3ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"2f595c671e6d6243159b5ee6e6770567c5a375ae4f00cb49496251b71d4dbfc829004bbc0106b97981aa09ff5c","nonce":"2b272740b827c1e16070c3eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"0e7afdda4aed1083e5193f024e415bcf3d868dbbd92a97de472cbf65c4257656f6b1e9b610674fff23b2c83973","nonce":"2b272740b827c1e16070c3ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"b131f361ef2abdfd627b6e7d1b7981b78d66e68d10fc8fda024a0e7ea63cd09ba237b323a5bedfbb20fa223357","nonce":"2b272740b827c1e16070c3e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"819231e82da3beed37e25bef321a85cc57dfee5ffaf510a4a0bae603bbde2df50d2ccebc0868f8df9f48236e59","nonce":"2b272740b827c1e16070c3e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"6739403f045a01b770f12571983b9d3682f3317f0a17a049ff4165e7d3c50312ee5dd6eb2b5c32c14e15ea35c8","nonce":"2b272740b827c1e16070c3e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"4cfbe07fbdb3966918789efb3f033ae6c118b922518903cc99c89ee8c0adacd432008ff5fc83739f654933b345","nonce":"2b272740b827c1e16070c3e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"0a73f7229b8dbe753ca0460a022f5d90bf0d52d797888151f8325fdd8c85049ae7fb845d32b2aa03895c21e591","nonce":"2b272740b827c1e16070c3e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"cc3206eddfc9116fdf3eebf1282a39c6a0180f2a7deab36f2c686291c3ebe0554681f535a33d62412bcbfca401","nonce":"2b272740b827c1e16070c3e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"bdd6587151993fc165278a372f01d0d0d4de4af74651086afc892a411bf855f75475fcba4fab10abd66815378e","nonce":"2b272740b827c1e16070c3e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"7a79334b23fec6b7995965328b61b6a29247ef0fcf829cf5ee717c70559852e6c20d48a50d0da069714a95de98","nonce":"2b272740b827c1e16070c3e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"44fe6800fd6dd4aebd8dbc90fdc5e6c72fabe0c75ee57ebed20e3dd832d65db4677a2064e4336f0e36a6a8d2d1","nonce":"2b272740b827c1e16070c3e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"8ff328c34a16048119057d29c66f30e2e6c23efc63e724ff61bcc2eeafa07ce3f320452d8260cb513702929c6e","nonce":"2b272740b827c1e16070c3e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"13d7f5b7485ff20db7bfab2853bc751ea7e9fc7a4e970fe3cd52460ef4ff8c6ddc26cc7373f87d0c4a75f3a860","nonce":"2b272740b827c1e16070c3ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"122284c01ce3bb373198c317c423fdb7d21570a24af92bedf6dc3063f42db9a5f5d416d49000264d234500fea2","nonce":"2b272740b827c1e16070c3fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"9d512a00ebe2c2c23bad0dfb8d7ec360cb08a3368697af9c61277fb33bad77c84c8c2817ef2bef4611759efec2","nonce":"2b272740b827c1e16070c3fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"f17f5107b5d771a53a15884d4bc39e7c857c221cd57840dd1294a03306830bff3d2f987b24fa0cc6b5a1ddda78","nonce":"2b272740b827c1e16070c3fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"171cadd7f9cf2651ad99e65b31d9dff7b5864d9facd5448fb050e0746b2eca92a4dde1f4210708d152b3521f35","nonce":"2b272740b827c1e16070c3fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"72cef742f9bf7814bd62647eb2191b5adf343d34cb197112b13c4d9463561d64b7dc0cfb8d4b20a93241f4b59a","nonce":"2b272740b827c1e16070c3fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"595854ec7663144aed2a3bc28ad6d9b611be6ed9fa89f20eed01d89c67c653d162085d36acc1ee76636ecb23b0","nonce":"2b272740b827c1e16070c3f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"38850aa7ff0f34ba2d3db1d254e4140a91900c421985c864f30e2ac6d9dc0bf03d9cb88a28d8d8988d6b3a42b3","nonce":"2b272740b827c1e16070c3f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"d55e8dd3c0f5130606e0bae93fe7fe5f430588f81b1a4cd46d4c2bbaca7dcf02c3a2cab0b784886422a93bca75","nonce":"2b272740b827c1e16070c3f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"39f35c5ab622b93ba60cf536631a35f2e03a321c7e0159c316e42bd34c88425cd5b5999a8aeec7d7709dfbbd0f","nonce":"2b272740b827c1e16070c3f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"5bb88fc4dde0ddb149dac907267f1bacf9a24442b0fb59e3e4e43ed6180b5304763f6bc84b9a0cd2d3a178350b","nonce":"2b272740b827c1e16070c3f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"e18c24ba84dc0b1c3e9432ddb2f1099de6813f115c513bb7f01b234e6e64a6326503e2c18cf74007f3c36621a0","nonce":"2b272740b827c1e16070c3f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"536350a2f3633871d88e115d3a50785b157749af9620105001a7466cb705343c3e12db824139e3dd6575c0865f","nonce":"2b272740b827c1e16070c3f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"a35c3b19c868df5b77b8c7d18809217c39ba783d5adaa58f16b4b59ea85d865a78ff612ff70919d01818f41e7e","nonce":"2b272740b827c1e16070c3f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"e6437078bc0e257b6738daecbd7515506b33b99f46a084a6946179f141e34c84acd30f49b2ac86cf3afb54e52e","nonce":"2b272740b827c1e16070c3f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"c7f506db175e8d364f275b76651ac089750296ed6629cc05626ca8e4337880b08016ea46a78e70a3d89f0d05f8","nonce":"2b272740b827c1e16070c3f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"75d4c23c83fbbeb4b55e62301d73be15470aa5984119aab3f2a6d759b613a8e666fd69ff5c43fe611123160a52","nonce":"2b272740b827c1e16070c3cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"37ed47fe086ec6a23c0987ebc11c60e1a3244c3da29a9767c2bef0cbb94452e73151a05c0af74f985524f91b1d","nonce":"2b272740b827c1e16070c3ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"709305ab55c7f63840ee89d27967925dbca4e561506a23669449e779b0eacd67adbb6006022a56208c966ed925","nonce":"2b272740b827c1e16070c3cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"2a1422a282e6ff849bede71041e4adb36852e4c77073a7558f8ff6226db7c33a4edc055f196cb388b769deefee","nonce":"2b272740b827c1e16070c3cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"f769572bc3cc99b0153198e893d03422de4b73d3d1a921eabecf8baa5cb667f244d28c7c7bd45ed9408acae9c9","nonce":"2b272740b827c1e16070c3cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"d1b2b77a4e4e77749997461761064721239a69929472496c50fd980353d1dca1acce6e7b0c7d97d8074c6a23d8","nonce":"2b272740b827c1e16070c3ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"4cad0d6141a854af6810ba80b78156cfa04cde16963f996447eddeddf093977464a9be4394ccfc2d10adb15ad7","nonce":"2b272740b827c1e16070c3c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"6988e33e000065597da600f3231f1dff84fa6edc52619ab60e20964fcf664d3b5e6d2d57ebfb8eec7f99f2846f","nonce":"2b272740b827c1e16070c3c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"fee54b281d4e17a5f18b01a23efcfabe364add236aaef134825482b1fea1a94d7bbeab7690e555cdbbdaeaded6","nonce":"2b272740b827c1e16070c3c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"fb46b7e03fe081821d3930abc24ba0487132aefaa58b640ac8a6005081e4e27929658f6f82a288a58946c0a357","nonce":"2b272740b827c1e16070c3c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"d2b920b0add0722ae7643a79d6787b742bffd15cb265939a12f4a4e970cf51dd907983e05936418fa3e9e427a8","nonce":"2b272740b827c1e16070c3c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"052b3fe24633f2baee3581718b4a27336eb43632e6744330a45b329e42dde207a7220a55e925c646863356d2e9","nonce":"2b272740b827c1e16070c3c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"adae6661da8be5826367aed76b93513c5e5b253bb5c6b737665a1032b1dc3301cecba430c257484e3e12479037","nonce":"2b272740b827c1e16070c3c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"568d773608174e01162ecb98a81608bdfb4823bbcb717612b8a31f91bc197c684123a5285d5d5d7272b044d53e","nonce":"2b272740b827c1e16070c3c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"0394deaeeb3fb0e2c35159b94ee466a7bb62077b22ccbe6ad0eab3477d3d3cecc82fd442fd7b3892be8d636dd9","nonce":"2b272740b827c1e16070c3c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"2a785b6b2e8fc262bea063d4202e29d0e2e5845e847fe6b2403233fd64896b567989e08777a0d3a72093747d11","nonce":"2b272740b827c1e16070c3c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"d2ead513f5d48b58fdaf1a5c6bf9bc886935737fdc7a88f75052686a7a21845b857d7bae2df2ea53bca12a2aaf","nonce":"2b272740b827c1e16070c3df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"effe07fb086f20e758c99880575a84f075b5cf95b19abc7f1e0cfa43665d4bcfdc250264e8ce24e5a62d081f74","nonce":"2b272740b827c1e16070c3de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"57875e09d1239db8f256564965cdc2eabe519b97c37d1ada77771cff4f373ff9f590d74f9443e784e83e006443","nonce":"2b272740b827c1e16070c3dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"59137bb987fbe91040254f9079d677bb489c2fc449dfd9f1e868927566ba8f601d24ccc05329cd217abdd2fc26","nonce":"2b272740b827c1e16070c3dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"9c2cb5105797b1f45c72dc5942f9cea0c94c51211a2905e5613db55599e7cbeae2ead7ebe18af5f2783548a0f5","nonce":"2b272740b827c1e16070c3db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"9d56039d2cdd3e79f810b7835a7782113a9a26f514358170fd18cae3f8eb54bb0a52dad6048009d728482fd82a","nonce":"2b272740b827c1e16070c3da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"cdb6fe6e936e256efd4cf7e19d75cd09adca7375853d42000a8a70baa8d4cb5fbb1a720ad39cc7abe7d822b54f","nonce":"2b272740b827c1e16070c3d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"c9db74696b027ceed265579a8b86a092d9c7f40af0da8a94ca5523df10e822772593b269c92098f53ceb39ed38","nonce":"2b272740b827c1e16070c3d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"21dc2dbdf81077fb7289476033f6881253935d30e5df7f05dcad3a02dfb03fdf3f8eee4fceb170fb48cd83e086","nonce":"2b272740b827c1e16070c3d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"bb0fd4e4af31a2e509174f1c4b94c7bd5ef09ce30004298d2c11a5de5f41c285db1616c69f1b8c17b1599b7364","nonce":"2b272740b827c1e16070c3d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"0bc3e26232729a24e2a772ca2743812187ed006ab2a1cf04f8abf84019013afec313528b527c0b34f4b338b833","nonce":"2b272740b827c1e16070c3d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"64c5a3180e1ce60f588430fa87411e5ef94f6ef2d73f5b03d64c0805becd6858bed88b894521ef9278768ee444","nonce":"2b272740b827c1e16070c3d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"4a6e6cee95cc9e44502c0f55a342d7fa4101d79dcb586af158fadc7982097023e16d9ebcf812df5603aaba8186","nonce":"2b272740b827c1e16070c3d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"b77174d644f09488b2233ee3e8e1b9555af2afdaaaef346c854d6cbf80780445f3251c67010fa4f83c4def8334","nonce":"2b272740b827c1e16070c3d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"1e10eaf7f303735deb174d0ad073a8646de9e23d9411604208fb889d5482692ffb4ae63c2d6e076081bd646010","nonce":"2b272740b827c1e16070c3d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"d769b1f17240a332ce07818b053962c0662fa19a3afb3c9477ccec352a0c087d242e64da669a363d030542f562","nonce":"2b272740b827c1e16070c3d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"321901b5c0e9d2327de5f12ac1e2c0c689d6f473e6f318141ac84eb52e0cbc0509c5984996a08c717294663e05","nonce":"2b272740b827c1e16070c22f","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"7424d7da93e4b3a2f65b9a0779a827fe764c236ecc201ef4b88475afc692113d"},{"exporter_context":"00","L":32,"exported_value":"3c42c9b4238f1eeb9272e7fbed204cce2f6f77317d43053cb4241c7856c2e990"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"86f23bd9b57d6fc2ca1501d9707b83ecb0309f629cfb5a3c8a98a8f0da6d5a0b"}]},{"mode":2,"kem_id":16,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"3c56756948f1c27aed3eb27a923c891dc073eccf94bb6c1b64a8bfaa95f1f8f7","ikmS":"0f3def8cc45967f86c566f2c2a7decedff0d5f8b20a34ab65318144c80cb6b2b","ikmE":"d6c49e442aad90bcc1bc0d166e5c4d3df845c803ba08b8a4d891af2eeae4f97e","skRm":"d9f10996a02cd6c9dbda1d1f225f18f781ea3c893b8c2a6cb2e266e59f3cd9a9","skSm":"6e7b14befe49443dc501def1cc2f0f293d9c5cfa045a23e9a2e0e7703b42705d","skEm":"7a6cb29fab4e249d1796f95645288a6504d2167c7ff463bc447ab6022462af42","pkRm":"04cd38ef80923e26f157e06c9887f80177c97e1005a41104127271237f946df22eda13d40801bce6184f1a631c44b0807a1a5e8d039975ed0f6079fcbd2dfe6652","pkSm":"04ece9b48cc98ee03ba742fe1218a3fbec960cc34b6e1defdcd3285276f39028e95b90f9526607565888766a1101f429dc3ec87364b5c8c613f0a081881950427f","pkEm":"04a7aeac79fda402674ef247c12d6f5fdfd21498d896b67ff04ec181382d4516b7662be32b4a2ae817c2d57104ecb6fcaa527438939810612d1b3d0af36ffc66ce","enc":"04a7aeac79fda402674ef247c12d6f5fdfd21498d896b67ff04ec181382d4516b7662be32b4a2ae817c2d57104ecb6fcaa527438939810612d1b3d0af36ffc66ce","shared_secret":"4b6e403bf494c60342caaa46b3738ee0423892720751607338034b0a067cc1db","key_schedule_context":"028fc3aeb832490a4b5ab3e42023287db29a1f4bc7c222c0df228727b70a4021127f1ff3fd1aa97af7e5d473e1cb01ba74831133d9659b6c26b03a038a49a84074","secret":"163d292303b7947b7b4178e7e5dd259e8ebad6644d6e0a3fb2f2b69fd26c1f16","key":"640064834667025be3ce7abf1eb42ccc0dea2db9782b9823519f474e054524e7","base_nonce":"29240057274f71e55bfcca28","exporter_secret":"5b03fe338463543c9d4b195ef8f9c5a914a7503a2a490efc6b6a466f5f85f306","encryptions":[{"aad":"436f756e742d30","ct":"59b9890aabf94c1d502c39d8d356989ab0880ed43e984255db7b32a8d7b0ad5beba799a4ec326a0ddca3dd5e5d","nonce":"29240057274f71e55bfcca28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"0af0da6775648ef8311c9267819d46ac3b8453d1e2bd7332ed49257527c7f789009ea2d3e80d61218d40d06755","nonce":"29240057274f71e55bfcca29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"8cd5bcf23b4f26a96f8faa323f336f5fd46837c15f405b47300a4de88a82d087bf3b7129ea9a53154586c960a2","nonce":"29240057274f71e55bfcca2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"99b5b19e549bad1e83419e0e9cbc2ecdad7ab27cc96c9bfab5200e223070f1ca6f52587c5cf25d15501cf82e73","nonce":"29240057274f71e55bfcca2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"c475dd501f14a9834952e138d16be954b8f1104e0709213e55c2a02f201eba4ca3156b65401bf81d5a8e97461c","nonce":"29240057274f71e55bfcca2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"e9fe10b329f5ab0a06c2b2d05a0efea24eb4ef37b5634858be9a3101c1edc0ad0fa98df2222ccce0424e1276f7","nonce":"29240057274f71e55bfcca2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"d9ab153ccafd6506672f4172db5e1558a28210f1ee7b07eddefd87a5604f89ffdbe769285e82a259b96673d558","nonce":"29240057274f71e55bfcca2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"c27393f90f079deeed5726cac2292b1916b0ea044060b6fd673973b10784fd94753803d9b155487f80ed134551","nonce":"29240057274f71e55bfcca2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"a9e74c2ed7ee3880a37b419bf87189989dde63045b57a1f49438639a49a499a3de11d2365806c18f1860bd03d8","nonce":"29240057274f71e55bfcca20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"abcfc4606a79ac117bbd2dc8485026705ae2d42530f586e458559efb97fff43170dfe8c0373c228bb8c7be5391","nonce":"29240057274f71e55bfcca21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"c9afd76feebfb8ab9346b2f03d469cc86c4150cd664b6ffe9e07ef006e866516e23e8e0ddea3832b7f8769b242","nonce":"29240057274f71e55bfcca22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"62c1e735efb638ffce2914918ac738dc0732cbfd5b511cfd4d6cb5232566e9ef18b6b337400cd93dfbdd246efa","nonce":"29240057274f71e55bfcca23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"f60e951ba2555ae3223fc92346d452fbe5fdcea90a9d0d2bdc9db17d14d946f46565f7f16246256de5dede975c","nonce":"29240057274f71e55bfcca24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"7413fb259b29ddebf23171c945c6162aa435ee62ad47e4814678facead53987619da5ff534c5f50a33df23f3c9","nonce":"29240057274f71e55bfcca25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"e5e838c2b4ee873c3f0aaf79df7576ee1e6e9b13f4d2bdc908fd6df9468c05a3f197ffa8ac7080e6dfd8ae7fef","nonce":"29240057274f71e55bfcca26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"c92b6fe0c5cc09700bdbc841935213bb7ad59c98d4aeeb89ac4152cf2f3b9273033977e1c27d7d58100a3da369","nonce":"29240057274f71e55bfcca27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"7e9a775ffc531f632d1e293680097ca9b6f5be0b457a279651f0096e20a8a3d63c0768e8e8fe0949de8358cce7","nonce":"29240057274f71e55bfcca38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"f2805e74b554d26066fc0db9c1b4cca31452a5fbe5caafcef389e466b12da51f6ffac2008662c4b1c204d57e68","nonce":"29240057274f71e55bfcca39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"9fabcbdd1a2d07234be7e37f23b85e76d0b27915889b429bf401feec9f8fc90ba93819ae10df4c17ebc0bfe979","nonce":"29240057274f71e55bfcca3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"4b4446f6d8f4c17b51c03ec027a781ef75fd65ede67927bb5eef32314c60901bb0253fe7e2704314659f44ffd6","nonce":"29240057274f71e55bfcca3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"e0f15c3e942cfee52e10fdfcafb40b92bce8a67ca2c94ca54c012685c1283310830ddc309e1de1ea85b30af310","nonce":"29240057274f71e55bfcca3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"7c61942eb224129c90c1b8cf552f2dc1224deddbbb74f325e6f180f8480a35eb5de180da2ae58cf7b1f560d351","nonce":"29240057274f71e55bfcca3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"dc6d87f70f16de0d16e27cb093f9cdc68346cef023fc7fc1eb9296e4050a498b8e0f264ca52017b440e136fd4f","nonce":"29240057274f71e55bfcca3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"ac39ed7faa8844ea7be25b352978139a1dafc203c6b6949737ef0c56d334971909ec9778f4b3593cb274fe1a4b","nonce":"29240057274f71e55bfcca3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"eaaed2bc430ed7fac24abe0e59c7f76c00226691cd1223d0e8032afd96faa523189e267e3c4ed3809e2106b865","nonce":"29240057274f71e55bfcca30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"0ed4ba609a0f718e0fad7869c762c34f768d2090a09be2beec86cd5c1eb3528bd3f427f708ee52e828f8183b62","nonce":"29240057274f71e55bfcca31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"99ad34d57cd1e7dea9f517546ad9919ad9eb2b68ae36ad3ddf4d3427fc536cf58d6d4a02c19036e135c8ee3464","nonce":"29240057274f71e55bfcca32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"1df7a3087dd94c788a992e23764c49ffeb069eb8ee1ae1a20f7e215ad9891d6f123416afc607844e59eb5a970c","nonce":"29240057274f71e55bfcca33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"3bfbc6b167c04452de5dd5ca89fa1db9f089a1b5e0f020ebe4d96e4e47edfe49a8f6712516cf029d3de864e38d","nonce":"29240057274f71e55bfcca34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"4c3b38a0dc4eb15a0f4f7b3e6569a2940695a3b29a23d048a8ea40f1ad9d1f91633008bbeb2c8beb2803ed94cc","nonce":"29240057274f71e55bfcca35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"cd97da637cd0f6eb84fd408fdd7464f6423d87958812924725c9f3e2bfda6edb58ea1a18dc87b7395b90a8df6f","nonce":"29240057274f71e55bfcca36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"a7e9210cc78c0e7db4a7b99358e32729503f7847b8e58bccc4351c29204f90e3361a34dbca2b6e28f4265c914d","nonce":"29240057274f71e55bfcca37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"a98a6ffc89f553fdddfd69957ab6ccc8ba87ca560bb1d256c2c6ee6659f6045d1deb363098900692fa3daa05c6","nonce":"29240057274f71e55bfcca08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"1a8773066558667b6bd5e897b94b6b66f62fcde55894dcdd95b88293c08a8d114afab2fe90b40670c52bbb3fc1","nonce":"29240057274f71e55bfcca09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"0eb35de5671a17f3fb76ca16f1e19a3729ee4636924a092637334fb58c7099f05189a28e9082f6c673e69e44c5","nonce":"29240057274f71e55bfcca0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"7df13cb69d425deaae100d56c6f7280c2cdc17145da3d75fc4c94e2d16fca0863abafe7d4e4530cae36bd9e07f","nonce":"29240057274f71e55bfcca0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"cc9890779b40676bbc3bd29f755fc4daeac8134cb1d74a9313fa57946c32b24d1e9593722825dce7797cd72766","nonce":"29240057274f71e55bfcca0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"7ef833c9ec74ba23e62f33eeb707ab3f6bbf15f9fe3496decf0798a47f887e3e94893669fcfaf0d6931f3be35f","nonce":"29240057274f71e55bfcca0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"f1b263dffe7ca8e975895379aa4c011713fc2a5d58bb39b9984aea15bd34da51853624b9e2a9629693420497bc","nonce":"29240057274f71e55bfcca0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"c83daabb56db2cf652aeaf7428593f443b831add508b09a1a774a4211e580b1f7e7005d81d947c565d089772df","nonce":"29240057274f71e55bfcca0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"015f61763e4cb1c2f534248ea2572fd57de6a988e785e936bdbfe7d9c3a85df6c0c916ced58f720e0fd5ae6dd5","nonce":"29240057274f71e55bfcca00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"2d9213d71a67a13b7aa20e09e18add767d641cbff3ab4a2b2399ec02597d75bc9dc4ce6830925be0ca25e0a0b0","nonce":"29240057274f71e55bfcca01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"6e33df266859881e8ef857bc8e5c9b213fae79c1e1489bad050cf9827741986636f83727bce369ebcba69e5867","nonce":"29240057274f71e55bfcca02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"05ad6da8382f8a2e17495913967e4cb3aeec1e8e7ccb75000695a2ac568ebb6761fd936e4a7d62dea7a9e7c252","nonce":"29240057274f71e55bfcca03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"2c05db7a6b5238967ff8875465adcedd5e30a9cac152290ce495b0cb622bdf33fc378b2615fc2a6a0afd77cb96","nonce":"29240057274f71e55bfcca04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"396ccd2e281f8620fc72b7439ea629b470f4ad8fd3506fcbc93f6bd569145ee6ae79b5387f5768b92d89665302","nonce":"29240057274f71e55bfcca05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"5293f7fcfd4980aebfc9bfd7014e95268615671ce3936c6ef2b3a216415ce754dbb58f6b380747c1ac1570f9e7","nonce":"29240057274f71e55bfcca06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"e26dbf773b736a741aba1840d913a049ab8294023304c54df34dd7ce799f6ad6d40eae478caf4ecc063c844575","nonce":"29240057274f71e55bfcca07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"3685edfa9c146ca2f325337104bc6671a4df86eaceb088a9fbc149e860b122518417fde30f1f2f6b540a712462","nonce":"29240057274f71e55bfcca18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"b96701f686abca63e9b1c40f9e61939b622755c75e7f1a54e50817092b0795f6fe013db997ce5ad595960c59be","nonce":"29240057274f71e55bfcca19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"1bccf49960d4674ce076f7b9e94573377a344d1158e9d5b2ad40419ccb3f37c97258b652b64b06e1c3d9e2f8cf","nonce":"29240057274f71e55bfcca1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"ef35e4f55222b5a0b8faf3e13769a76370f03f17a694fa69f2d609f2c344f6ee3d85937ee055f104c62d65aeb7","nonce":"29240057274f71e55bfcca1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"4a46cc7510b45f38bdb363c6e48ec7ff19bd3e9b9bb113808da891dee6fc4cf6dd21af91ddddaff06c765d107c","nonce":"29240057274f71e55bfcca1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"a83b1a798bdc315a905b18cd7a4febd9075b282b94ef1b75f428193a159d7820906394a5fe638cd51af9626e4f","nonce":"29240057274f71e55bfcca1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"2ffe6d20ce2762229faa8eaed3fe3b6c71cb7d5f8a6a0c8f7a5832d1ed64473e813e15d821463d988804956568","nonce":"29240057274f71e55bfcca1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"d028a86e8723a366f1b76d6f984fc09e44a9541288350c89c8a91c7b6bb132d0c973e1aafb671979958bc27a86","nonce":"29240057274f71e55bfcca1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"87a56fb91bfcfd95f7d28a9ee5cdf2ebd2349c93835af18a76105c4e5841778f4f22f5b0b305f9fe3a9e995693","nonce":"29240057274f71e55bfcca10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"04bf810cbb8a65881aa851d7f58fac3f257b02503b5d518ae94d73efece661bd412ebe8535071058bc325cf3b8","nonce":"29240057274f71e55bfcca11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"1542332b5b7ac8fc1e96f9d3d158259cee1f6c99277efa4e347ab2a9cba72c54a354b9335d1cfd958490779920","nonce":"29240057274f71e55bfcca12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"32daf19a8e5d39612d0ac27e81032b57fa978a551af5bae60f93f313b2a1e20aa136d1fa6ad1ace7b73ee04e62","nonce":"29240057274f71e55bfcca13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"c26ceb072dea305cd6d453aae7953aad4b82216d938714358b5a7d73fb22446a163b02e7e7c3e5e7ea213c8cce","nonce":"29240057274f71e55bfcca14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"e91fbeebe48fd78b59bd91da1aed255235c364b6533ac48fd8a2085e3988845abbd5b1736969cd33e6d96a0ae8","nonce":"29240057274f71e55bfcca15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"4c2715a0530df505ea4644641f4b3ec4c974bedcfbc1cc1d56d0d56f08effe0200b481af53ef300ed83328a0ae","nonce":"29240057274f71e55bfcca16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"bd25326af16b847485946b927e3cc8055beeeb63d164376c0adc00ae58cabc0186bf795aadea67d3700360f06e","nonce":"29240057274f71e55bfcca17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"f4a8e28d0817586e0bf335abdac031ee9f0f3531eef440a59200d80f648a555f7e528bb779e7cddc3931b9b60b","nonce":"29240057274f71e55bfcca68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"fff1859bfd036d445a270b6f2f97cc0c7c126ce6b5ad958b28530a3a8787dd0995a018dd66e05d5dbf9831155e","nonce":"29240057274f71e55bfcca69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"adaca9638550a254e87b4183f992b88ff0591e9741f38796696ed8b7a3812f7556b684fa7348f0c9a3b8116069","nonce":"29240057274f71e55bfcca6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"cffb3b43eb582d7aa0d5ed296f61df6b0e6daeb69f068cdefc5d65ee463ad84bcb5b78f54485b6ebcb149af12d","nonce":"29240057274f71e55bfcca6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"2f656279ae9b9f4f7f2ccadc5d2d7a78fd71c5b104bedec6e5b62c28911e9056cb88670a61a8fed2be3753a1d5","nonce":"29240057274f71e55bfcca6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"ebe1ef40416fd7ca9dc64545aff7ede16cb48e41dad174f92e254f705a35a7556e24423744e1d15a3f89076a4e","nonce":"29240057274f71e55bfcca6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"3f147801e17053e9ba56820d1c0bca3454554665ff4c7f528d12b7a9598aa6c18718f3e03c1ff6337668583b2d","nonce":"29240057274f71e55bfcca6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"d00e8a44b2c6da733f916cb390889f8f459a1dcc98939a71534405b9cdd537afcae909a2a452c037246a075266","nonce":"29240057274f71e55bfcca6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"31cceb720265a61b5884dc9792ea1c178b2c6f7cb82fb69029127738111404d130fd15a15f5e9b58a5c5420de6","nonce":"29240057274f71e55bfcca60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"5b54870e40fb0c2b5151c9b66ffcb59dcc195d94ccc90b7b97f8fbd5fdbec1bd151b2863808cb733398d42b9a9","nonce":"29240057274f71e55bfcca61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"b6d860c470cffac38cdce59ab2e006af3cfe73893f950a655759dfd15ad83d0cac7363e12d784dccb815da76f3","nonce":"29240057274f71e55bfcca62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"1de5e17beb9658cb6c937f03f134c7f3057d7def2441ee897f53812f61fc973f1d3f1d965bcacc81104a1ee037","nonce":"29240057274f71e55bfcca63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"f2f22852003a8c69c1b2e17d42b4ee47183ded64536a689b981d5c45ae0d6efa7f9b4fbc3598b8a8202e087f98","nonce":"29240057274f71e55bfcca64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"2e029e11d7bc7e17bbf60986bff61bce58e738e3cbcbbbc755fe4c588b0945e24098beed96108bbba2064c60c6","nonce":"29240057274f71e55bfcca65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"4030f283855f7c3e31b1f9bd203ac2e0df2fb4c210897eb916eeedd27299bf6128b6a43d43e6933fb9c94aba57","nonce":"29240057274f71e55bfcca66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"bb3a869f4d9f2ca59b4e1f4addcfa4c9ecb6f5647c49c4610a89c032cfb35db555f28a12bc126b7d2b9911098d","nonce":"29240057274f71e55bfcca67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"5ba00eb7257fe76410b30628bb9480544efb3e2e4befbaa962dc78df45504e76ecc7029dabd51d58996fc3c99d","nonce":"29240057274f71e55bfcca78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"3f450200528c91fa29cf2517df6e5d47daeae0e5e953323bc99545b0b320fe6d15947268e0b615fc546c39bf6d","nonce":"29240057274f71e55bfcca79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"f41ba4860b3a81da3d10f53fded7cb4f8bc2fccb6c0c1e0b7bfd9379850d15a8e09357e2734bea03537ad418de","nonce":"29240057274f71e55bfcca7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"1e4cff317a533d3ac40f3336f85a526e6f93fd007678df4c83bb7df699ed4e0265277234e1c7454954874a2259","nonce":"29240057274f71e55bfcca7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"c97cf286ff12a25f8cf4de6fbb697b75ac2bfcd7ac590682eb85c63630e91531a1e3e13e0bc8cd7704cbaa1aac","nonce":"29240057274f71e55bfcca7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"3d84092c3277fda0c44fb60032ff060947ea84abc1f5edc9e9b47c9af839f3f7f411ef972e35f13f817407987a","nonce":"29240057274f71e55bfcca7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"2357bb47318ca10de4ef71caa0f5caefe1d06d102516d5eb9a8de137defaa4699fb344619c2bbb849e7534c9e5","nonce":"29240057274f71e55bfcca7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"a4f670a0543903af7cacf03f24d1eaa77b3aaf11eaed180d6243cdf9943de7480926156da7840d5abad425fbb5","nonce":"29240057274f71e55bfcca7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"5f72e25a4427b58dc163cc259e7ca42c154e286adaaf0d239a32c32f61b85f9cddeef44dc5f3730eb3ba4ab430","nonce":"29240057274f71e55bfcca70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"704e2177054c3710ac1f93fd49ed046764bc28aa1cd0295d26ea3a52cbb734aefa5dbce031e024f3e6a54be64a","nonce":"29240057274f71e55bfcca71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"9650a24cfb2619474d7c4f5a6760cd3e451f881f949c23728cb3099c60f2c173b18f5d38e4bd214c6f45d6c5d7","nonce":"29240057274f71e55bfcca72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"903604194d86a030b8400569c987a94eac50eca96218915d7097a05b0c44a52c7b52ac907fa20d34fd8d70354d","nonce":"29240057274f71e55bfcca73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"5f07675573807316ab9138f79596359cbb0abd243f4f670a385b07358407aa501cd5bff6d6f0a18fb1b34375f4","nonce":"29240057274f71e55bfcca74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"f2ad15f8c02a71073ae1f6892e7b2baea25090fd1f3f02598637a66e3fb741eee470ee71c4b2b7f9f7421ec994","nonce":"29240057274f71e55bfcca75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"df0f17b0c4a6b2e60027c3038d1e50488169707f93d35c16de7aa8bcf752588f28f63e20b3032061d791133d28","nonce":"29240057274f71e55bfcca76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"46b0892fdb4cccf924c96b2a8f10a1fbda46bcf9143d75c0704a2ba424ca152d1d5b26aeef29f5f987be44bb1f","nonce":"29240057274f71e55bfcca77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"e5935bd325a0da411efb8567904d54aebc03666d89b6a4346783c625268b056d998d8a91c371a20a81fa010021","nonce":"29240057274f71e55bfcca48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"ea672b59777ffa96cbf696308973e19a68314ecead1b7f754549aae59df94dbcd350abc542cf1fa20aab97c257","nonce":"29240057274f71e55bfcca49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"af993b3712d38983acf498e0e7ea0347e1c43f9d8f3640aad2098702b644e014d76da9bf63c47050813ab90cf3","nonce":"29240057274f71e55bfcca4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"ae4f9eabcd1f0853a74cc89e224eb25b93bc227b061206d9748f18c21e7d2a4fd82230dcb1bf218600074195d3","nonce":"29240057274f71e55bfcca4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"517d636d26834547f94ad4bbc9259fbda66d1752498d17fc9bf5f113bcccdc19a3a14cccafb12ad3a36585b66a","nonce":"29240057274f71e55bfcca4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"b06415b3185f53cb569369ca82858f84bd99e79e777bc836a9165ef2701ac40d69c8d17a8f9e097baefdb1f9fb","nonce":"29240057274f71e55bfcca4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"6c108bfdad44fe2ac325386185883b2003dd24af6e1e1e09247c6acb487fa3ce7e38670ffb347674d5040a6e8f","nonce":"29240057274f71e55bfcca4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"14138f6d2b75a2b5ab853fb9c71c6d9b29db8b65248cd4c1c4e36311735304abce90a08055600eb3ee2b7b4542","nonce":"29240057274f71e55bfcca4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"c736e67498f109f8c14ca2bd35dc8af1bca43f7f3ce188145bc0198c17e84312557af936380ee546ea318d9498","nonce":"29240057274f71e55bfcca40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"0ba0741639cf37ac3f72683de34822b30685dc9b1edbc1ca2910844c9a7bbe91a07a88bd7b572a5e47af8d14ba","nonce":"29240057274f71e55bfcca41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"6d7a86b8d2d679b65960c6426e68e9318fdbeb4e1961f68b65d4cbfbe9dbb9074e0039d1a9f0a8397c3e1a15d3","nonce":"29240057274f71e55bfcca42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"b3dc37c304da62bb68179c71f8df2071f29fa40d9333e553728d192782ceb930ab8565c4b25d8e51895f728efc","nonce":"29240057274f71e55bfcca43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"5e941874b3077ce09dfa638896b8e6ece2680202ba59349ac7c55b28037a8f8c50d086b969d9f3010fdad418e7","nonce":"29240057274f71e55bfcca44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"80edc643b9fd509f7530ff6759d974972ccea2f9fa97d9456e235f0430ec881d5248cf660b9517ccd5ea03a0ad","nonce":"29240057274f71e55bfcca45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"71760ca310d5640ae99f242c327c091db30de1b2be2baac1b61ea7b253ba4879b49a07991ef54e4842d9627732","nonce":"29240057274f71e55bfcca46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"e2316c586483276c6b1182f1d53ac195e53bcff4adab13cae1915e52b4d5344b0f07b85a91e650f3086ced1bb7","nonce":"29240057274f71e55bfcca47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"1181ac105b99b809da0033b94e97c6bb82950f09cb651426d0de4fd8d17984d855449e2e60f1392b561809fff6","nonce":"29240057274f71e55bfcca58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"1c7e2c1303c8bf0767a766346d8a63b3ca16b7a38c07298c946523608afd3d0eb2eb58085b54a5939ee4f6945e","nonce":"29240057274f71e55bfcca59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"46d557e9a536637cbffdb6ee6890df741b1bfa36da71fc3a71a06272956236b6c772481d68508b51378d981cf1","nonce":"29240057274f71e55bfcca5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"fc24df99699f4c092da769e6921bc757c00473c319bfa321dd7932ae8578856d2ff26cf17a205c5dd20f2b4a63","nonce":"29240057274f71e55bfcca5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"e515fff1ebbb0643563597739e789564af09a51a9ca3d86e8b045bef26e1dccd03c3f3fe1a4d4325cf3bdc4b2a","nonce":"29240057274f71e55bfcca5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"23416c55fe45d162053233be94ad0dab8ffc48b28d7691ea62acad4dde3fcec70c4c9f7c7210df686c6a3076aa","nonce":"29240057274f71e55bfcca5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"a26ac6c40dcc08afc1308eb4ee521e3f7d5f6e4a22d868fdbb07ae279496926a8ba7df9777f738f5d39c340902","nonce":"29240057274f71e55bfcca5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"2048d355000b3ef9ea121a617ddec39562d4a3ee6111fc617b9fb6ec2b8c2f2cd6e912f5d5679a989ef784ba85","nonce":"29240057274f71e55bfcca5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"acf5341aba46deca253a2f36565c5c91f4863a1ec9e5b48d18576933bea36f279f8dbac9a36240642f46dc5ddc","nonce":"29240057274f71e55bfcca50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"2ec239874ddb09f51754d07d2ea21f4e2c505ceba707441747fdbf60089aa8d7391744d561c253026a4694cb9e","nonce":"29240057274f71e55bfcca51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"3c312782dff2693256dffe9cdfd4d04a9748fb0cc981c5a34354f9293d06b92d990dfb2e9226e5fb5ff2cef593","nonce":"29240057274f71e55bfcca52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"7b0a076ef442710a35434f82ea06836353304fba6e47c660c27a961a54d9e45e592d038c90626768d7179de5f4","nonce":"29240057274f71e55bfcca53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"264eedd6534279f2b52cbbbf12bf5c8c71dd1d5a4720d1c6b28d4de96c996e117ff2712fb2c674461ea3342ad2","nonce":"29240057274f71e55bfcca54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"3d83a757d0fc58bed3cc84566bcdec148fe1555230077163b8c8222ff1e8a1deaef09d0017804818afd7d0756b","nonce":"29240057274f71e55bfcca55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"8073fb517a21b5e2fc54d34afd581581ddac8c2342958c07d8c907072a3555924ef93150b87c26421d2ab8e737","nonce":"29240057274f71e55bfcca56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"80859837efe561a4bfe3ad64ac9c4286c96e7677f1a71fa1da88ab27f3e825744668870ce046f6548683bc8ba8","nonce":"29240057274f71e55bfcca57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"0d2489ffd5cd9186cf2f7f440bce73562fa0c7243deea0c0f371b44672ee52c8c739d5ddbd645a37e21224461b","nonce":"29240057274f71e55bfccaa8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"d4b292d5e9536b623083ee605e3f83a910f4c9b1883403a6946886c5e911acd3fbc5886ebb66c25eff293991b1","nonce":"29240057274f71e55bfccaa9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"ed8916e70a13598237562458aedc0391f9e59fb13dc8736acbd69b8b7420e597029588235d38806ca24f42cb9d","nonce":"29240057274f71e55bfccaaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"2ad5c6a8af009703c0dad307d23d6cf85493d551cc0ded300841da45b70808eff41f177d2c4cfbca8db5674038","nonce":"29240057274f71e55bfccaab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"7d3ac6d4d9b38fcb08861c48547352a781f4b3a982255e0f58ad1575683ee12e4ab1524758effc734ac814b1be","nonce":"29240057274f71e55bfccaac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"0aa357b910910c7967954da68f46917cb48532cfcfc9a426cd4c123ee8f6af0f03289856bfceca38fb0ccb846e","nonce":"29240057274f71e55bfccaad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"2250d816b29ead4c4bb39b28a83a4c4bfba45c7f795b02f73b305687deb2eb1fc8ade27532d96d35a9423d1885","nonce":"29240057274f71e55bfccaae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"f65dbb91a549fd276edec8f5a004057e6488c39b92e529d89077fa2f4ba631a598a481aae0d691a9e9299998ef","nonce":"29240057274f71e55bfccaaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"73cbe0720e9d5316f009a8865b4fae590d4f11404c277e4de764b315e7feaaff8e3b27d687f595a5e2e9df10ed","nonce":"29240057274f71e55bfccaa0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"0baac42e2fc021841445868fc9472741bd46b8182e608c9559ecbffdde0f7d859aff4a2e972f837986c37ef0ca","nonce":"29240057274f71e55bfccaa1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"7f0787d06d4989a167e9c81dc0ca08247b23464a6bf5cce0c11f37a99c57fd7de4223fd1687555ae7cee2da17f","nonce":"29240057274f71e55bfccaa2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"612893e6d027ba05aab619fab395e2cd7a5882c40fdef08d57f7e2655e86101e399c5d730c084060890bc2b56d","nonce":"29240057274f71e55bfccaa3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"936070bd3d2b50a7a7590ef2dfeb1be6136e05fae46d7d3464c65399c4b2ee8fe82008b5b23771ad3921805ff1","nonce":"29240057274f71e55bfccaa4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"0150cd21fd842bbb29c42c6a1313fd3a44bbd068b50b6a51361c824a85a757adbd13a023c75c125b7132d370a1","nonce":"29240057274f71e55bfccaa5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"c22c9b1822e3db4c0c66a830bc2bf50971bd98a0d90680eff676f5546e73764e95818f79f257e67d5f03420d6d","nonce":"29240057274f71e55bfccaa6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"31589b9019bc4892017405cac5712d00ef303e90d7c575bcdeb8267ce01d42017eac95beff4f262995cfe70406","nonce":"29240057274f71e55bfccaa7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"7b253a5fc23ba7ebde57cbdeb69a0421a086991f3e72dc91d8975f06ca805eb8ec503751a3d0c9b1598b4058e8","nonce":"29240057274f71e55bfccab8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"61374dd7c04419aa8bbc885e2b8f340e73186a07b9f0d1f7f6f05682c6807ab7af379ace9b0aabed879a0f2214","nonce":"29240057274f71e55bfccab9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"d87d29ce6753b03570826b266b3b443c9b8175ced6bd54aae7a3161ffd25b6024b848d6c6f6e9fc874c41d7260","nonce":"29240057274f71e55bfccaba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"b52df0362ed32b67adb2aee244df3a23f2bac4d7368a45239f5626cfa4f61848f009e4006e00f0e785059f7a5e","nonce":"29240057274f71e55bfccabb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"12c0435ca183cb325149fe12f948636e243e2ac91267e8bbdfe5a429159605f1fb0f050b693e28f9d4afff9c55","nonce":"29240057274f71e55bfccabc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"1bac388f720b67183c8c5adca062e3b679456925b79252f809ab1554dff1d43d663a3332e9c08c55d79af85cd8","nonce":"29240057274f71e55bfccabd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"e4d68e2b94e6e478442277d6fc427cc4c3a571c069caeba408b8e8936e9c93112f148d337ddbc4c8f9e2500ca4","nonce":"29240057274f71e55bfccabe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"f11d09e9830b1453fe550d936e9e7a172a55955ec2925b6d028570e001870ee1dfafd7f8a1b8173e19e61cf002","nonce":"29240057274f71e55bfccabf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"9f7be587102cef5377e78fc338e5067110e9f12b99d8da4ce4ed5416f1e4d6b58e3da5165e35b51abbc0aaa05e","nonce":"29240057274f71e55bfccab0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"3d040e0c8079f16bebb2c800f9e7e420a380817d4699a438618038d0734398885cf06c9a2ff692da99c03e0045","nonce":"29240057274f71e55bfccab1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"8793922c7cdc739b9a4ccca8f53a57cd7a67414d6058b480eab8398df056ffbdb20f32254007d8655ee0befa6d","nonce":"29240057274f71e55bfccab2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"c2cc474378824201a9e7b33a144e755d4670a9319530c36eb9327b61cd791d44ee373aa9d80bf52ee9cd765586","nonce":"29240057274f71e55bfccab3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"b15906085a470857f79f3a19b7ae98d3d6d2042110b6a3a4b533115628fffbb225044182c95e25f9a9f0966f6f","nonce":"29240057274f71e55bfccab4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"28563cfa2526b75e1605d6db99b5250e790a7b440f0b67567a16117cd73ff139f9bb37b923e40f12a016ce791e","nonce":"29240057274f71e55bfccab5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"922c391099eb25e7d18f87d2699d4d42e8f599d288ee6b634506c3d0eb9a64e1659eddeb0174b72afbc0076761","nonce":"29240057274f71e55bfccab6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"8bdb1803713494727d55dc11393bb4900028885f73188bdd27296528788e531e046c4fbb7291fbcdb6b63d8cee","nonce":"29240057274f71e55bfccab7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"be37323d9ce5fd569cb68ab0a0c690d75d7dbdddfae1e00707b6c8e1afb4fa635aa388530b22d289b769fdc78d","nonce":"29240057274f71e55bfcca88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"3ae4a5e289f03522416347783035a91c230d7383c9e1dbd5f1c8d0c3f416593aa4b40d83de12687a62beb803dd","nonce":"29240057274f71e55bfcca89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"7c2297b3d5847b2538f32c90a52d50f5a419259a4dfdd775994b56239b5aef985a709f62055afa7618b401f028","nonce":"29240057274f71e55bfcca8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"11dd971d20ed5fe9be7ba50978ce2645b896d197a585769ef93ecdbbd18de71956843aa770810f116bfcc3cc5e","nonce":"29240057274f71e55bfcca8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"c09e9accde8ba6c38f7c1a4058cac818ccec23a07855a0d6ee8c43f868a9d0ea0f7b65024e5a716243947cba01","nonce":"29240057274f71e55bfcca8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"d0339d7f7d98b98e68aebb015e1450a870db9e8dcd7b237f59ab7d330f1e522ef3f873a842f84c9d7872c1d881","nonce":"29240057274f71e55bfcca8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"36a65cf378a4c675b8a942cf741897c543f1ce189badf60f45ab4554547db22c6e910413f3d72562c92dbfb361","nonce":"29240057274f71e55bfcca8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"cedc395dc834c5642271357fc691a7b3527787bc4ff5ccd50a9ee7d3697295173d6efffbaeece401cc74f548e1","nonce":"29240057274f71e55bfcca8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"6834324bd661682c8d2829b22a6bc23976501d1eeb47b7655201d384adccdec5fdcacff9641da1d73b35932360","nonce":"29240057274f71e55bfcca80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"fe6cda4b60c57efc4610f6e4061fa520a3a58f040aa926ea6dea8339b34dbf192fc2b6a073b150284ce987f897","nonce":"29240057274f71e55bfcca81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"95dc8e8e1ca613cda0e46f29361af84a0e14e805f093a8f5f020db668558ad1b6d6cdfc78488d7bf0a38060c41","nonce":"29240057274f71e55bfcca82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"b07a72488c9e39013f75256de6b402979f5ea65628073f49ed41efcde388ebee34b189e612e609cda14445811d","nonce":"29240057274f71e55bfcca83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"3bebe2bf5b97d6a84cec0654f4d48da4e12d173026fbacd48eb73dfa081a30cc43d02e326411633da5061ff16a","nonce":"29240057274f71e55bfcca84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"8a50ddf1d6d34c195b7147d27b6746a4c6b5adab880b5839738f954d290fd3bea628715bb834de2c2e5c18af7e","nonce":"29240057274f71e55bfcca85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"c005c0d179170d9f782a513a5ea026f466f0b8654e4306d5657565c015e49f51d23e6d801c28d72703a8755b29","nonce":"29240057274f71e55bfcca86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"982ea6bc2670762a6be4d76b0e71f087ddb4ed416be172abfb63330c366946014ba9821e232e45930617650908","nonce":"29240057274f71e55bfcca87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"52e7b0309dc8a76f29ff6623acdf14a2d107e689c2aaa47b79211729d3cea8b33573e97b68d68120ff4b6e0e97","nonce":"29240057274f71e55bfcca98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"c003576c36b4dca19267878c933f47b1a651a4f2aa21d5ed8c11addae8622645a6e24dfa491592bafca9344fc1","nonce":"29240057274f71e55bfcca99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"db07613bf857254e82ace66f8ad51e9b735863c3389dec347364a41fad8bf94a8fa837823c328f9cc1c4555786","nonce":"29240057274f71e55bfcca9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"4740d00d57ea36d1084a0becf0e2b295aeb24fda4d871c0a193e6e4d63f5270b9651a7816d0e756d7269a61d05","nonce":"29240057274f71e55bfcca9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"7c6661bfaddbf0e633dfdc28ebc9c2cb28812ab3f66f1ce8d048d62d43eb761bc40718948e3e84e4e13b341bcc","nonce":"29240057274f71e55bfcca9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"a3c2d9b07f9b9d4b73cade1b8ee2e0bce44b6d67aa2a5ea895d3e7aa5c87b9d5a9d66357f80798604aeb60b574","nonce":"29240057274f71e55bfcca9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"5df4651afe61f503b20b401d1fdfe90161be9833ffbe6fea66e3729e70c53ed77b51929dd77514343875f41182","nonce":"29240057274f71e55bfcca9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"5ac31e5df7b858baf398499b8a5b51f09c3ded7b7773d298383efb25b3328738874f025d7919983eaa38c66795","nonce":"29240057274f71e55bfcca9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"f0430989e3e07509b351c3adc474b54685c997cea440b4aa9e4ea717de50244e4772bd3d1575994e0a8d025fb3","nonce":"29240057274f71e55bfcca90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"b7e87fb2e9c70a4037b156f5d617a4aea9c6ed52dfdf4af814202c773f500bd4d40fbac575f602743ea557f4cf","nonce":"29240057274f71e55bfcca91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"dd0f08f318f4507734886b10542cda71c13c92d5ccfcb6aae6e26958b08f771b35a40aae206e1b89127e908888","nonce":"29240057274f71e55bfcca92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"25a601753fc874e5a471e3d92c96f1ae6aa849d9e982beea30e67750e799fef231fb78cd7b225e973bb09c3c9b","nonce":"29240057274f71e55bfcca93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"5986c63e5db80374613160e785c1d9f93e7aeefe632af8cac5c24c43bb0351d86f43e9690a82d06892e4838633","nonce":"29240057274f71e55bfcca94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"1232de7a1187a2eaaa29f8b92ec6a1a196d0665a655b7ff93bf9607d876c753ad65d527e11d9f2f9719807ce64","nonce":"29240057274f71e55bfcca95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"8dcbf53a8a7c8f0ef6e8d25b877ee247c9f98ce7ed626f1dfd0affa346779ecdb78949f0b7def8a4c4db9a8acc","nonce":"29240057274f71e55bfcca96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"3b57faabf133985f61dcbc2b883acf8e08f6bfd25a88ce6ed8beb778917980451393956408adec4cfe26d367f1","nonce":"29240057274f71e55bfcca97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"c9a0ebd8d7b473329fc257f7e059e288b9262f43e45f028c661c56c7c69d2764e658cf4e3a1d9e39a9396981dd","nonce":"29240057274f71e55bfccae8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"dc439e84775dc119bad04ea97402c5d6e6116aa057109210c267a5552eeed0a30c4eefda4b098522033b86c3c4","nonce":"29240057274f71e55bfccae9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"ca2d7d953fac4f78e29168ed558c74fdc02e3ded8798da035d8c36330c876aa70f3b3f0eb1e38fd65b8d3de78b","nonce":"29240057274f71e55bfccaea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"b1fdb0f0c2c0d7679431628267321902530153e470eecb325b01f8d13abb45bf77ed679ef9fdefb28c8d2f1087","nonce":"29240057274f71e55bfccaeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"0e64d24a8b98cd033700649849cf97881d2d769c58f947dd356f3c097f0beff740a509dd6654fb922c18c861c4","nonce":"29240057274f71e55bfccaec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"94db9fbe24264ee1c872372075d2a56893920894c887b3e604f7216eeca25d260554c0d97fb9579423a0222065","nonce":"29240057274f71e55bfccaed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"f4add28a3edb54d991c9d50c951e0ff72e4fe8cf11b2cd3e0097371c4db45e292b4aec61f01ef41b8bb50dda6b","nonce":"29240057274f71e55bfccaee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"4c630c60664ec601336778eb9daa990a373cd3197e55cbb7c85e5f8f4eea45a93abbda07f35873bf6d3f8843f4","nonce":"29240057274f71e55bfccaef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"b0076f32d26bb8f089f6715d3fbb3487e00abf741787ae07205c87c938b6c719d7ccc9dbc87f63870675036fd0","nonce":"29240057274f71e55bfccae0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"82557b51e556b9238c1d382edfaf7e1e1e8c78c8a1f8aea2438c2adb91510f5a51d283c56fdb1383172d70f797","nonce":"29240057274f71e55bfccae1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"c776cd529ed926d264c767611e91df863c0ee0448dcccef9fd9b5e12899887c5faf4949d2b78fc622b70a25834","nonce":"29240057274f71e55bfccae2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"4e4e3a29401fd99ee3a9527292f9463be3f5eaf96a0a215dd69bfe7cb9b701c3af9eacb29a055563dba8d6a9e7","nonce":"29240057274f71e55bfccae3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"2e00df2085d83b9dd5e63c6f567603fc2684afa9316277a240c16d1c980a54f7c87a959e3617b0a76dc84998ba","nonce":"29240057274f71e55bfccae4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"88eeb0d599b84ca5afbd68b7cbe8490b949ba6bb1a3f35110f13ea6d9ab837d47f9d182277d7e87f584e9fc496","nonce":"29240057274f71e55bfccae5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"1186bdbd9c1360f3a08f8684e8e4061b56182a27ffa40d09088c38ecddfd6946f6e6391a8a9bce2840da473653","nonce":"29240057274f71e55bfccae6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"465c273b910fc82add788b51c8071d9707cb31f16701cc686e34304bbfefd76d6ffcaa2a58f7f3088220ca9f91","nonce":"29240057274f71e55bfccae7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"813f6cacdbbdd47794d96163f37a83ee71b656ef39717f43df6057d49f2a99249dc0c00b5b3b07a989e3de7d78","nonce":"29240057274f71e55bfccaf8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"5aace4d7d002cfd22f883261a7c5eda3790f6873b272ecb00319990190098f2ee97a3c529eee2ebc75ecdaf9c3","nonce":"29240057274f71e55bfccaf9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"b77f34d7181a8aed2e5b1bd3e9ad36665d5e5c92839aac5618cd2ffad6a2e388492147fde0f3d200f63387ed86","nonce":"29240057274f71e55bfccafa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"19bbf8b970e18f65597a10a3cfcd960552651610113ad9a9fc7cfa32a6a49c74afe9f80aedfa799bf53fd2b387","nonce":"29240057274f71e55bfccafb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"78ab423d9d0a006d36886ed41f751b6c4acd0bce2747d1b804f40a1891f06ef0745f066e5985b58db251dcb049","nonce":"29240057274f71e55bfccafc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"38b85ede84b52970e26389f3046471486914a7966c2d152027eae68958a38367bdad3f9cadaf9af1990bd7252e","nonce":"29240057274f71e55bfccafd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"4a3f9cb2667ccb6db2b3763a7aaf491527b928eaedd113dc906266aaeb9f78e4a09614a7b68259d4b23cae09b3","nonce":"29240057274f71e55bfccafe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"5136106cd2330c17c16460b8ee23328055749367aaa2c86905a08e9b0a515611092662ab5c0c4733584bab8ab0","nonce":"29240057274f71e55bfccaff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"1fb7b1f378ddcf58c1b57ab25af3ca4852db439b33cc8135f2a24ba80187acee07b53db64570d707f7752055e5","nonce":"29240057274f71e55bfccaf0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"f657e06da17c7b90bcdd240798789997e1cc5122ccf5c0746c1a3a4e380114d2281317b2da9044c1f6d4a98535","nonce":"29240057274f71e55bfccaf1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"2656dff50960d248d965bd47689635ed01a7a893931a0f33fdc8965a58b0ab00a8eb517c47ffda7aeffa7fe7ec","nonce":"29240057274f71e55bfccaf2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"fe1bcd35c84c31bb8322db7b01f72dc495ed6cc972e00f20c665d15f35b238064eadaf441365bfc156468a944d","nonce":"29240057274f71e55bfccaf3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"efb4918e09623750af31e04329fcdbe359ee199c3d1b08ff908ce9f7a600e39ecfb69121bb01f206a658037021","nonce":"29240057274f71e55bfccaf4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"92150f43641cfcbe7a3f31e392a90221ed3481da960dd45a9873d429c099107683d9a500a122de088ae1d419ba","nonce":"29240057274f71e55bfccaf5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"c5d69385d068278c76e687b6b30cfdf33f79e1602338ddbeb000c422ddb6fd2a521c7d8428412cf6fdca6c71c7","nonce":"29240057274f71e55bfccaf6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"069ae39bfc06704d2715cb3e9472fb4ba512a6b17e80ded6af9083371ef46596d442c72a2b0570a5293b896a30","nonce":"29240057274f71e55bfccaf7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"3ac9a88751a31a9a7c9dff2e72ae7a794e13b312315f9fdfb5b67e749a3572e98fb9d8b3cdc8f82429212dfaab","nonce":"29240057274f71e55bfccac8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"3e617d045128774412c566d66d6e8f6b741fa665f17c70ddf4bc97d778a873411d225b9e1a2ab8c1cfa9c7058f","nonce":"29240057274f71e55bfccac9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"a37d206a4681b767b5f0979d46338daa225f890aa8daba10e35327730b0985c99430f37a30d0ee6f96ac20b160","nonce":"29240057274f71e55bfccaca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"0b275caeb00d36034be14298ee302921fa73939c5dcf1652dd0ef2b25bb75488cddb80e9cae8cbe3ea7434e8ef","nonce":"29240057274f71e55bfccacb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"d3398ef1aa4e47c9f2b172dbd9f868fb74cd569a4537e91bd69aa8ba42b99ad98cfbafe526ffed5bcd39935f5b","nonce":"29240057274f71e55bfccacc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"89b8058846fe203721b4a6f4a7cf02fbb56c3453b97d9885f7e36912c63074d6332db7f8d497879a3df27dc1cd","nonce":"29240057274f71e55bfccacd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"174a5aabb09e46906e53a584ec6a0fca4ccf0e2fe180f176109c028aa89dafdfce5031465d98f76e50288182fc","nonce":"29240057274f71e55bfccace","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"7ca10958b0d727eb0af4efe54788ca139f2c4d227ed30fd18745114928dd8d3f41a4f76bd8f03c9b5dc4a9ef6a","nonce":"29240057274f71e55bfccacf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"0c2cd3a52e84f8b36ff07ed426e18da6b40f2b65e8dcd30acb9b73b93be1572153791835fd5b02237d215e2546","nonce":"29240057274f71e55bfccac0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"5f9f2f6465c02fe96f9c3f73af2242c54a120b6ab40a7731867b0c75d17d25121b2348e456a560e6f125731737","nonce":"29240057274f71e55bfccac1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"a8e120befa2c544ceb0ad232979681fe6b354de8cd5e456603fd03abf99312f07c9b2dd0e7cfecff93494de8d7","nonce":"29240057274f71e55bfccac2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"738e56693f166f7dd8cb16c0cf3ead65114f031924825e383d80e2831aa6d5b5c998c1765acb251a7393aa7371","nonce":"29240057274f71e55bfccac3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"af8c07897b3962e8b0ecc5d46c5f600f3cd78f3e7421355600722a1f8c0f3878f7b7c7f806a55f5f2a3876d13c","nonce":"29240057274f71e55bfccac4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"41ad5c4665b9ccfebac68a7da61fc285e4bad47c540b70680864a230bd02144f35941ac2089157c8dc8a5a1fad","nonce":"29240057274f71e55bfccac5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"4ca9a176a6b212948b1be6eae9edfa426624ad4e1f09e0cca61ec933c056fa5ac6a1316b3473ddbac599026492","nonce":"29240057274f71e55bfccac6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"43539b9692f59af4b88f27f672c6215a22bb3a26bbd66fb44129e22f78287b3df2aad2f5384be9ec941fe8ef6c","nonce":"29240057274f71e55bfccac7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"452ab2e05e5aa7e4dfdd171f834bc0c9f0c65972a432a078f5e7e9b336ee1271075b5d90f09147d4569da240a2","nonce":"29240057274f71e55bfccad8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"7af5df8ef9b79c40f6367376c331b5bd9b8abce05c77e2a463d7047aff0f2ed8f2005a9187af93ba7977981aa0","nonce":"29240057274f71e55bfccad9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"7da430828edbfafad6dea7cff61e6cf5ec79165cba136e983a1c6e5f74121601bad6f6526599ec1266a6037763","nonce":"29240057274f71e55bfccada","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"6448a5f78e2d067e2425fe188ac3dd697e9e711f278060bf1e807df57d71c34bb2ace7886b989fad691b70f29b","nonce":"29240057274f71e55bfccadb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"01186c46223dfee0f72308659e4605aaf73727da3bcc4a5f720151b52ef88797b3bb5b2268b01085874774eb51","nonce":"29240057274f71e55bfccadc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"996d866fe3623f9febe2f1a9c02a02a587c18ad14919ae3e5faab5e07fe69a70a8fdc3f53939d18d6728b52167","nonce":"29240057274f71e55bfccadd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"5abc1287bef7dd82c97949ec38cb723a50ee95e22b26a0091c4e7c1c856d9b9565fa52904a5b368277ca4d7b82","nonce":"29240057274f71e55bfccade","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"200e2544107c0e4a33e19f834557f3dfbb8a0b17d8958a039e762aa5b74dcde346c3a8d465578e850e61b1bba0","nonce":"29240057274f71e55bfccadf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"0e4a9cb173db3b6ca918453b3aa9137d271cec0ac76f473f75c3a178002ae8c56ae559442646d364e4df03294e","nonce":"29240057274f71e55bfccad0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"f64bf0a28aa85287e3fe4cd7aefff14617f915cbd7128f189d56c8d77f6198528825d85a946e57223c71d7ca56","nonce":"29240057274f71e55bfccad1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"7724a0867cde4f72a3a15c0257ab9b35889265b3621450c7da220b8d17581de30d3c6be2f04f84eed1e8ab4180","nonce":"29240057274f71e55bfccad2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"6e47a17d4b70b28b456347ef8e53f38ad297e0dc685f3f3245bc77c4f4b19d25f9c94bc9fc13fd073150c57886","nonce":"29240057274f71e55bfccad3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"06ef5bdda3c06a17dbbe0f0296196185ecaa115a130a0bad0c6056e0b5e58f2b025d7e4f96e67deb157f62e140","nonce":"29240057274f71e55bfccad4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"96e2a62d0e32a1e3b9fb2d271f21f07a1ec471948950d4b3cd9f501cd12c98f638e733560b99667150d5037bd7","nonce":"29240057274f71e55bfccad5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"9efda4be5e88be68c1114a3cb27a806dc6cf677ea138387c22f8250e9b60612f42c2c3e9600a72df68efc18942","nonce":"29240057274f71e55bfccad6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"1288e097b30e71ad5f6198f23ac3a2634c2fbd575fd302e5eca7968114990fc3aba085eefcbe803e4130c63ff6","nonce":"29240057274f71e55bfccad7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"df400deaab08719cdc7b278b9d2daf898e6aec30e0b1746552d53a20397c519c409a8b73e5e6672985a09c0942","nonce":"29240057274f71e55bfccb28","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"6c0386ae15b1b834a5247ca5595b4e102347cbcdc65de64832f36008ce9c9483"},{"exporter_context":"00","L":32,"exported_value":"3507f1d3914e96bf72447b5c2d227af2932c7978172085cb826a5ef7f25f74a3"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"e04a3d5ec48b3729b57b61e02d66eb6f67f4bf013f2767ebd2281592ea3ccef8"}]},{"mode":3,"kem_id":16,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"8a6b1f2c285b3bbf72c6a3afc99bb4a04da7e6d6504e3078a4ee37702eea416a","ikmS":"182813eb895884de91cd97f03ea22f84644bc0bfdd819311bd54f59af879e89a","ikmE":"a1bc1ce12c6d8c609a69dc0128616ef952006ca13d9982f5a3d4ec1f81606102","skRm":"711abbbfd2c99aca70eb0f4f057c8bc1d32dfe09409a2d28a8d74da3b85e604d","skSm":"81dd6b76fe0fdd5871f75ac19c5008f12d6e6963645c02dda572f402d036135c","skEm":"d593197688dc6d7b5c898368edaf017d625b2099ea76d685303a460a0409e793","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0436d96b06fc928e8ccebcaf62291265a2fab8c9a0bc27414fcf86ddd8fc47286caabe02a1fe4a9881984ab1abc8475cc5008fddec1eea72082d4854f190982f6f","pkSm":"048387ea40e9944a81e20ae3b8efe7abb3f5b89b1560179f55a8ea40b56a0341c9ef414590f4f9bf1f33a21d6f860c4d428ec2e6309f8bf1ee1816bb5746391491","pkEm":"04060c9ead3a3787e8e84cfe055a5211c11fc228e661aee80dbe9b0daa76f3915e2a8084284618ff1c18b0cd4af90a6a2f901a09df7b1ba88957b4101c9391607c","enc":"04060c9ead3a3787e8e84cfe055a5211c11fc228e661aee80dbe9b0daa76f3915e2a8084284618ff1c18b0cd4af90a6a2f901a09df7b1ba88957b4101c9391607c","shared_secret":"03d3d0a77139bd73e237854a1a740c8b037101df499e88b1e5af17ccd82b43a6","key_schedule_context":"034347bda95dee60516b0482433e06221b26075bceb38f3931c30f869f189cdf8f7f1ff3fd1aa97af7e5d473e1cb01ba74831133d9659b6c26b03a038a49a84074","secret":"23856904a561d707933f4c6eecce975f0026213176d3c55a4cb2304a5fffd272","key":"7887c4773caf8a64c4d98505645db1fd7f6e5fcafe520d0f4862ea812442fe2a","base_nonce":"9d1500195f9750f4f42e34c4","exporter_secret":"47f32a7f67c037f2168625ea1569baf4c9f96503e542d232514976a916befcd2","encryptions":[{"aad":"436f756e742d30","ct":"9b575da82843bf4561f9ba910e533d6991705e4abda231f62b6a3659ce2cdce44fc1240271727a58edc27f4c8d","nonce":"9d1500195f9750f4f42e34c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"7c71aebef72cbd8023d9eab822893772bf5926d5ef0d27c58a30441e676b941bc465a6c3b63a1964abe3c95bc9","nonce":"9d1500195f9750f4f42e34c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"da47318b6b86dbe3e4c9faa747b24dac70fdd8ddc1ef065af8774dae61cb6d2f946ef248e5262f6e1a456fc2b4","nonce":"9d1500195f9750f4f42e34c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"6a9f2c4730c635857213e33a299c0817f140982b46fac3b0f132045ba60727b5ee2ae93144d65e6aef87bf8810","nonce":"9d1500195f9750f4f42e34c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"974111ef4587d2a7fbd81f44a3cd8f7992a60c5462d61bb8a289e4078340288c019680eb846a831e601bd76cea","nonce":"9d1500195f9750f4f42e34c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"cfc00c2d17bf88c3b261aafef427f8685e6e92a1edb76a78efd888188c7b89bffc294b0761c1532bf67c0d9a94","nonce":"9d1500195f9750f4f42e34c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"f2414286eb6c7cf8a257314372550949ddbe32891479d10a6dc2ec333fb39ea53da05d9721d16fca9e3a0d5b40","nonce":"9d1500195f9750f4f42e34c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"13c7330982a46eacb6ebf0a3ee10106ab5fcfd151743cf0edf1e54e377f2c44b577ea5b47c8a7d0de6aaa7d5b7","nonce":"9d1500195f9750f4f42e34c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"5b4a19416c1fc9bc72021849a7e2009b84ff3524395537b3a6ffcdde2b2837e8042937b57ac16563acf020e687","nonce":"9d1500195f9750f4f42e34cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"be7ed333cf417144e0558ce07d0a22c93f815e822917a4fa1b3739b131a36411c48ce01be6aa2bc742948fbcb4","nonce":"9d1500195f9750f4f42e34cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"382339793fc47768291b588168181771ae676a9747173c02c5b9283ae7d960b1544a6cbd7fcf7308575acee0c6","nonce":"9d1500195f9750f4f42e34ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"cd3d3301ad2d26ae3460eb8d654914bada8025ee64e3537870b533c3a4103f722a1437fc995e2568c4fa92d27b","nonce":"9d1500195f9750f4f42e34cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"2238948c01323c6913b09c11d478a03d8e03b1c5eda53a8e8a9ea0762acd7709e59cb6653ca0ef0b218a114d55","nonce":"9d1500195f9750f4f42e34c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"af0511207b330cd58c1f1fca543061b747fb8ebcb1322c7ef6e55db733a55bdb68fdccf7b81dd81aa9bef8be64","nonce":"9d1500195f9750f4f42e34c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"0f386bca0d35a48c55d402d710081d24bc7d17570acb5d47025b664a1276d227d1c4ee64dbe03f3ce63a9c8d28","nonce":"9d1500195f9750f4f42e34ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"639724e9989d151a445df210afb5f87210247683b7df3d3df24a1dbc2b226f51afc1bbd35862aaa1b47e656c9a","nonce":"9d1500195f9750f4f42e34cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"a600db825daa87e37819d63fb0500ef7f0d0401bb08e1d284e86e052e6c37cfc8417988c1684f11f20177f29cc","nonce":"9d1500195f9750f4f42e34d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"c85ef3640533488c2ac24876690698dd9685bf837b7ed994ca2c5550c9065fd0d7ad9be59530e828ccc3cf24d0","nonce":"9d1500195f9750f4f42e34d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"4b62768b99d8fa4fd4f27857d26ab7c718537d5d0d06e11fc1270816bd68fcee76610d62a3c7e46b84bf843844","nonce":"9d1500195f9750f4f42e34d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"6503382029f042f956ef7c00331bf72cd73ca10ae9949597601ebf93efc787581058fef41ae346d9adcdd7de7a","nonce":"9d1500195f9750f4f42e34d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"651a0b393b5de75bd92636e43454a29bd2e66ff1d6d53be808a6a57515cb21a68cb7ec4f83254f92b8dfff822b","nonce":"9d1500195f9750f4f42e34d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"0f186cb3feeb09d03b810549e33b220bf8c8ab91a5f48856441d2292139ea058eeaed15b425c55b9678a550cb3","nonce":"9d1500195f9750f4f42e34d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"ae6bdc06fd12a0e96a6236c594729043dc6de9f2c22886a44c3e365bdbd4ec5ce0157fd206f6d2056c43cf7ed5","nonce":"9d1500195f9750f4f42e34d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"1be831c835f6c292501bb16def12f51bc30e5c72b641b62dca38c10ddf3970b282b1e4d4b07661e20a700951c9","nonce":"9d1500195f9750f4f42e34d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"60e2de14626ea9b4245a66023eaf9c0c7c1f290ce28bc44fce575a91e6959eabc1828d696a7f53493ba530bee8","nonce":"9d1500195f9750f4f42e34dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"5eb2ca5ede9c21e81a8f0d79bb22f00e1280ccfc254a4e00c857bdc4ea1b454d72773dd67f427eb22fe4053e90","nonce":"9d1500195f9750f4f42e34dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"0335e0fcb8671233a11171f3dc9955ddf6f83eab5c193b99bf202978612516e060fea921cc27a0f62cc04a38a1","nonce":"9d1500195f9750f4f42e34de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"16e4d9d1200412d53dfa5185e74bafae0c5cf95b284e0bfdd2efd8806a78d933b884afb2843eb384eee5b460f3","nonce":"9d1500195f9750f4f42e34df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"5de7803b6d65510ba1a75831613da581444211d460fabade8a1653d2ef768510fcd55f74ac6be3977d1a54848c","nonce":"9d1500195f9750f4f42e34d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"30f16693d8cd186252cd43cc4e90ff491da51f5853b73bf5b32ba7d158c015e4d1ae44fd7059ebcf32153b56eb","nonce":"9d1500195f9750f4f42e34d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"e2dd3d9d53233489dc01cd79f3cb25f7a4bbe696864f668b8db56e59656e5c2a47e061c10c55b3ea2f69b2c9a3","nonce":"9d1500195f9750f4f42e34da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"e2213bca6c96e0e91a3d662fddb4caf4296a20657eddf8a904f69f481b737da4ad70ec500554575d55ff26ee42","nonce":"9d1500195f9750f4f42e34db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"d6c62989053ed43c9e27d5b00ed67abaebed415dbca5796073f6f29ed9e37be67ff473a2c58283df61b11e1964","nonce":"9d1500195f9750f4f42e34e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"98ee931f07377c3678a7c9f1313dfe155012d7a62355611082b80b2fb659b2dad260e7d8a88d2e18923edd874a","nonce":"9d1500195f9750f4f42e34e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"044d282c69935d6ced97e19af356c0d09d795c04287b78ee4d82e460c3fb80abe6a06b4683ad88c2a8e4b730af","nonce":"9d1500195f9750f4f42e34e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"518a488ac82a5e5a76db92f948b3b00615976c166bb91c31e6fdf5a4cdbd6ec4e97f19d253410788697743ad26","nonce":"9d1500195f9750f4f42e34e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"d6d47352eeb778c4269b1bd9ed08de3a8882f8743fb575d745a42679a924c4122c32a7d989c1f3315ded05def4","nonce":"9d1500195f9750f4f42e34e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"73a6941d3ee9522eaa873181f57dea1c77e3385ced57e5c1c9e4a84cc6af499c15eda5350c3ca03e8f92f31c35","nonce":"9d1500195f9750f4f42e34e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"09c418ca387844548241072a731dafc86c7965f896e31feceaf951ca8f9f7d0d864276baa20e459f1532a392d5","nonce":"9d1500195f9750f4f42e34e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"43f6060ef51a006792ccf8b67bfcb1deeaefb5e204e97b843f67212d8c3761797660f68523237927b151af5205","nonce":"9d1500195f9750f4f42e34e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"84a0de7795811847392016a5c025fd8844d54115cac2a6ce548081436d392b7212848179a33d9cad24d8355c70","nonce":"9d1500195f9750f4f42e34ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"7e4e60e6687a6f557f2b110ed4758fe8adc2f504c23f2a6958f020a77516d92599a1c2e947ba78474004b90bf8","nonce":"9d1500195f9750f4f42e34ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"08a6ac72ed0a35d653a937e71bf02cc679c08c52659cce447130593eba54a99436a5f458556a66dc7bb29e19fe","nonce":"9d1500195f9750f4f42e34ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"1d73e094546716b0bc9fb286dca838922b7905c7d5a84b86b58c9faa2dcb54d1523c792363853bd9e9ff21159a","nonce":"9d1500195f9750f4f42e34ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"58db57e432bd67997a09586003fdb39fa31b28ba8a730d02ebec65446220ac7b8514bdeb0ca9a838e50678583f","nonce":"9d1500195f9750f4f42e34e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"c16b606d60950d193299e49bba72ce4ca98843f77962cb82d194628d82023c92c28eb76c47a66ca052aa3d1f28","nonce":"9d1500195f9750f4f42e34e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"8dec982e15f21c5115b86be5a0112b5f1f4d8bf29accbc74fa59c7370b572e5807b67d2069b1f7ef7a06a0cf24","nonce":"9d1500195f9750f4f42e34ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"fc17b47588954febdcd5075b3da93852b4613aa74e643fead36696e8724e8124cd540db3b91e817097fadc1fd4","nonce":"9d1500195f9750f4f42e34eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"f57e7097631528389d7922d4738e6750c5f588f02263a4ae6ead05acfad8a77cb9331ace1e1497eadf9e113eaa","nonce":"9d1500195f9750f4f42e34f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"0f4369d255f963529bf4ac15f05058e24d8e68bbe48c19047d428c7bbc8cb6ca057f2344826d8fbbac48de43ba","nonce":"9d1500195f9750f4f42e34f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"50ba0388997c52b28c9aca0fb5a2f92db03f2b4a0923ed8ad4c001ff94dd75ce00393949dd3cf5b17cbd07a93d","nonce":"9d1500195f9750f4f42e34f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"ded81c64c46717a882dab6700c2d1bfccad9b217941099234552cc624eefdf17de6ac3c4ab9b9db07df6fa6b6a","nonce":"9d1500195f9750f4f42e34f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"2eeacb6c337cb49f384a57153899f8cad8c610ee7418b29cf5f47af5b2aa00471b85f9c1ee930be88ebda6f494","nonce":"9d1500195f9750f4f42e34f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"c0cb9164bec8268511cd3aff6ec675ca4d4e87e85aef9d56e3334f9a7eba2bc0483d7d93656cc89411572a796d","nonce":"9d1500195f9750f4f42e34f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"51e9e812b35183863f2322121ced9073f7d7f2dc4743b3e80092f981cf7e5efe98c28ec4b5a6df85c3fad6c573","nonce":"9d1500195f9750f4f42e34f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"efc410ba7c7fbb2b36ef4cbf561ce9ea5c0ed7d56ad79ce9fceb442d1b54f4138397ab7a5fed0ef74933ce889a","nonce":"9d1500195f9750f4f42e34f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"b90b30b546c2d8e096677903ef4475070a8efa8428c3ed197b38df3ec5654641ab3404b57fce30a74f6e11bdd1","nonce":"9d1500195f9750f4f42e34fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"5636cb6f8891b079c5027065f1e1232911f0146d354a675ceaf32f3f26b28d1b105d4f68bfe74389aab2f289aa","nonce":"9d1500195f9750f4f42e34fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"af067c0c1ec5b97125a46604095585a31c28a9855b9dfad8cb8986ce24cd43799f15a1e0dd6a1a6964c616b2b1","nonce":"9d1500195f9750f4f42e34fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"2303b4ae0cb39ee20be42a4a6d515218429dc6061677b534987d982c9149c84ec018d72f1d57a6cb068493f271","nonce":"9d1500195f9750f4f42e34ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"14b67d70cda90d9291624d792b8b2b42601ed1fa707660b5b5ccad81f336ab2b77b33de29e0abb6449d4386eb6","nonce":"9d1500195f9750f4f42e34f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"0329ea139a12341e725483cb68664cae68e44947800f0b9b2dd106d05701f7b8b57451c3928de58494e2692406","nonce":"9d1500195f9750f4f42e34f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"3b62fa5acc68db0e08bf1c146dbd9de820012e572455187c4089444a2643f6b8c02a69eed354c0422339b1367e","nonce":"9d1500195f9750f4f42e34fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"2f4078aaa6d224ca675ced7912e5bb8b01f80703e364e088d5b67b81ee5f2116aaba6b330d4ba134d9d3708055","nonce":"9d1500195f9750f4f42e34fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"c9c132fa4ed9e9c5ea0bf10c4f0f6022d6e23bac145d334e56a1cc930f451f08a86f8f4fe8bcebb63471efae3d","nonce":"9d1500195f9750f4f42e3484","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"3749a1df1def84b0e574be515e517acd4d00eb205bc05196c28e40dfa3673d28ec1d364200b559a741cdcd62ef","nonce":"9d1500195f9750f4f42e3485","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"7c43a88d52a5ca6a9bcecff51f86aa3eef82af41423e1e73292892abea68b92f2836384a1691b8f649f5abaaae","nonce":"9d1500195f9750f4f42e3486","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"930597c62d10cc2bdec5efc99183a06067934a4c0bdfd290b25b8952ecf4cc0a0467145a14653ebabcc7118ce8","nonce":"9d1500195f9750f4f42e3487","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"71ae580ff443f85701edcc46f3c3a4fc0c1687bb7a65536082fb343c9d245eaf8c79152a33f12647e6cbbda4ce","nonce":"9d1500195f9750f4f42e3480","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"5ff3e4b2c3b2482ec3fc4935a17e09fd6cf7ac11413d4bc2f141065b80b8e890ca574ca7a947087d5378e6fe39","nonce":"9d1500195f9750f4f42e3481","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"f6abe85dce4afef5248f9fdd61d6f5b1c54bba3008eea425fc9ac15019d9f24263e083827a3f38038ef96e4396","nonce":"9d1500195f9750f4f42e3482","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"f9b63afbb6ffd2e21e5dca18b71a3778a15f6b822a9e60b9f9e526078cb235b46c5e327c34fd7a69fbbd3506ab","nonce":"9d1500195f9750f4f42e3483","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"9b313a6978c0249c3e0adba6f25ec3ee39b9caea382a713fe8f47879b46f5cf94f999965309c86f058f2ca4836","nonce":"9d1500195f9750f4f42e348c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"50f5f5962b02f114f94155acdc0bd21fec2ac5fa01fcffb7990bb48128ff80aa49b9f28b24fc0f0cc973a4c744","nonce":"9d1500195f9750f4f42e348d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"6a62df6a3002dc4fa54ad2b963f02ed6e67bdb6a52c02b28b25ebdc82041af37d82457713e19b89f557f62f25b","nonce":"9d1500195f9750f4f42e348e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"7322931558f26c863d15dc1ebfe7053249a04753963bf3a6b6d4cd4e96550feee7cf5020d44018e25fff5e1453","nonce":"9d1500195f9750f4f42e348f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"4c58014fec9d54903860d7363b81730b24eaa645faec40da4a4f01673fa30139d37077bea2f2a0c795bf5fd6c5","nonce":"9d1500195f9750f4f42e3488","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"5ab3f6b460311d85b97606fe595b5344c4841bedd14692cc50926a02a010ecf6e6286856f66c43b9c88d1e58fa","nonce":"9d1500195f9750f4f42e3489","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"c3d570b818808b983be1144d67654dd4e1be98a735b09a1bdd8e33d932344db0a9847eab9a80defc2a4d2d8a1c","nonce":"9d1500195f9750f4f42e348a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"b91cc5811fb4c2e4ed58a2f215dab67524590ca742ddb37758ea77f9151449234ec9dd9d10d25d32b8ace39c21","nonce":"9d1500195f9750f4f42e348b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"6f7dafe9f128762dfcba89d5d706cf852e3dfec41881a7f4186ac072041a0cb5d26acd7102f6ad636388f92a06","nonce":"9d1500195f9750f4f42e3494","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"ae70c875814d2dd1c257658b49d263a6f3437585f016fbd8b82f798ab653a12eb9b4cba8e9559c71ea7797dc08","nonce":"9d1500195f9750f4f42e3495","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"179ceaacaade22fc425825b937515495500bc561c5c2a121cf712a972ecbdda9ce3828e0704b93ddfb2b0d3b80","nonce":"9d1500195f9750f4f42e3496","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"ca43be832dd64e73f5071e98df6ad88e43c4f5f7fce3fe64e018386d8e8ec6ef055979bbb5c7ca06bef82ee52a","nonce":"9d1500195f9750f4f42e3497","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"ca5fd9589130d7a213d0718ebda6cfff088d4b5bd612d013f04345da54d5174976e3eabd5cb31cfbfe4cbf98e8","nonce":"9d1500195f9750f4f42e3490","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"c9f4210b9ec0db651e2a7e27dc69555aec59166ae84d3b6a48cf543857ce800b030baca6cfad20f19467b0121e","nonce":"9d1500195f9750f4f42e3491","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"bbff39b46c10011e8d29815297c57908ac0665dfe701769cc4038f47e8cac1b5051cc38b0e861ce439322d6fdc","nonce":"9d1500195f9750f4f42e3492","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"b92f15eb55c0b9fdadfba6182f0d84a8dfecffb97ff13c606cbc271a081a6d44ae3962f92a87489ac504efde1c","nonce":"9d1500195f9750f4f42e3493","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"e24d7eef2df24bc8bce302a8a3cb6230086c09e69303ecd9dfebdeb32b2acf58c0d0249029b3d58c0be4944980","nonce":"9d1500195f9750f4f42e349c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"02d718755b7f93b34c8c4db06b10da9a7c9a09415b28230a1628601efc4aabc594f3301d9dd4cb80692e82acd6","nonce":"9d1500195f9750f4f42e349d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"5048deaae61602fea987b8a9b45f8ce5c0d9da1904b606444b4b68a089269d904ac6381271a321d6af22cbe52b","nonce":"9d1500195f9750f4f42e349e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"3241c5047f78f6b8acf662eee4dc2e46732ae6d30b581d7091dad912a553d5ad86dc9a7c577fafc05e58c37b43","nonce":"9d1500195f9750f4f42e349f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"8b7c75e591fb7d35c71d348c75de6d61a18b6113f848c1eba2ebaec919cb3f90c3a7f21524c6f3be17e611b719","nonce":"9d1500195f9750f4f42e3498","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"a9a7a909a0a5c49d2bf8e3bf70f679253599d8debb75d1158798029af7166dbc165290211fbb6c5125498dbe8e","nonce":"9d1500195f9750f4f42e3499","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"cae86a3f3b1bb8d0c948ef21aefc06ff24bf7e5d7d37fddfbe5086ca306ad94e4484fbc12cb43604c2a98571b8","nonce":"9d1500195f9750f4f42e349a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"64236d5650b286daca762c62901e92a300ae52258812f7a8f38c020e4c5fae42421aee6ef42a31272169ad1b80","nonce":"9d1500195f9750f4f42e349b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"9e9e4cf28b1dff9a31acc5197dd35db67bfb432e3b2dcb7d917460159a0a1fe39245a2fd28584f311e1aad9b4e","nonce":"9d1500195f9750f4f42e34a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"c7f22b878d8f50c59240ec7918c2ca2ff1cefc26955353f8879176d42737bb3ac294c4571f1952336b992cff1e","nonce":"9d1500195f9750f4f42e34a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"b3045eeebd7b00ecf539d81acbe5973cbc21ddbf54276898f4aac8afcf91f1cdcd486359ed7cd358ffc73dc0c8","nonce":"9d1500195f9750f4f42e34a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"71d9f941bea27bcb086051e1d4a706d1be54af93633ac602dedf15a101fe08f2d6cd8c50ba7895f8c0716ae540","nonce":"9d1500195f9750f4f42e34a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"86b86b8bec876b5f5b56c88f245aeab5d6508406a0fcd391b8f8c67e1c378508bfe20e5081f7c4599b2ac8a17a","nonce":"9d1500195f9750f4f42e34a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"5f85bbfd0b6752a076e7e9ac71e8167d6c898f6c8da9421e3eb0ce522fad3906618f044215b60203167079566d","nonce":"9d1500195f9750f4f42e34a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"cb90090a78b77f884005701db5b502c0427d6899ed633d1c66d3265c2ba491861cca1fe2eaff645ef672754c17","nonce":"9d1500195f9750f4f42e34a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"268efa5f30327a120eacea1ea74f1159e0dc9b9ccfef8f79cb3fa16de82a3434d65a1e4c5f52bde7bd031d847f","nonce":"9d1500195f9750f4f42e34a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"a46cbf086607d6ac17f7a0343e39886ee6b3142a827a3cffbe8f8d0b5ceeb474d38b8606b0af91cd6805ee3b07","nonce":"9d1500195f9750f4f42e34ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"576e4079b3b87a6c9d59f2ae1adb01e461f6b17adf1235f316a219334317f830d6e13e0cc59eda9ef1b0d83a73","nonce":"9d1500195f9750f4f42e34ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"ded30ea33620e0fcd4aba3783dada14c62c53ac88c70fb04124b6190fc84a386bed65d0308acb1522145d111b6","nonce":"9d1500195f9750f4f42e34ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"d41af5e4fd94b20bc43aa4bfbc9ffcf06e95984a8f70caa174d7c224393a1209618133096b3bcfbe9bf9923a1f","nonce":"9d1500195f9750f4f42e34af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"895e3bdb766729ed1b3e9aa4dd0ba0224aaa8c3c61b9541a86d77d98935758c1482d19a9f567469a2ec68c7181","nonce":"9d1500195f9750f4f42e34a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"f7adb553b96553115fab6b34fba881c61d75a358c86c90974ec48e9ab3e82f2fa20b076c71cec4aee2f5a4292b","nonce":"9d1500195f9750f4f42e34a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"39f254f7fdfec32e7535d5c5d3bd439b917577b1629cb1567cfdcb8ab7556bf72d1a9a2edb177812240ff92b0a","nonce":"9d1500195f9750f4f42e34aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"5e5a2f1435b53577772e35217bf71a526adffa3e6d2b12decf27c9cc156c7d231b0ba1490d32dc0ac8281d122d","nonce":"9d1500195f9750f4f42e34ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"5c6e2b00cccae9ca9b81d8bce0be32a08cfec4ec7b14267cd4b076d537e71796effa47d0b2e2bcb1445162aaca","nonce":"9d1500195f9750f4f42e34b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"67923bb7172d9d79553189be5da65040c973ed4cca7f8833cc21233c562d7de18cd59e09a9b8cd5fff33afc971","nonce":"9d1500195f9750f4f42e34b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"b45b5617c9a1592b28826e4797f4346cda5a8980489562e2a372d890df0c9968c5bd4842a2c1ab680bd9908b78","nonce":"9d1500195f9750f4f42e34b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"c4f9ea92cf76dd804a0f66545266ead6b0996cdfc51efcbf2f84b4451bcc7113e042ca717b5977c65d2f03ef6d","nonce":"9d1500195f9750f4f42e34b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"53dd38fdda819426554c8d358c8d64ae423b6b3fda7ee0f94b78701a5ac833ca71261fc3c70b7243cdb4eeb24b","nonce":"9d1500195f9750f4f42e34b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"3e98eaa14eef0da1a72d18054e602ca38da7f9d13eb6168532614af3107fcbdf3e5120c2d705770a78516b5d2b","nonce":"9d1500195f9750f4f42e34b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"2aed5160ddecfb16216512a814a1a7081179cbc51439f46224d7547dbf5e28a639d4aa99237f3d6d6d94f5ce29","nonce":"9d1500195f9750f4f42e34b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"4f730124e43edec665fff7ca09b1b15eef69aeb72f1699bde2dcd5a632c9b6d804a17fd5501de944cbbb64eb23","nonce":"9d1500195f9750f4f42e34b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"a6463c830adcbf4abe9b53ef870e9ccf83d3f69d8a7880d42fa5068b573a967d68befa30cd6118e4be0a7a354c","nonce":"9d1500195f9750f4f42e34bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"76b30d0ce936d96da857f5406cea8ef5055b5b3612fb8abf924a4b11cb5bba59ae8748b042e272ae71507368df","nonce":"9d1500195f9750f4f42e34bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"9ca36a93e1127e506aa1b46fc86761af32055c6907cf89c6e190a31fd54c849881cbeb3d6807808bd1bfe98fa9","nonce":"9d1500195f9750f4f42e34be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"230da5f2add9856330af40de10e5b64c66c59445477a397271dcfd03876d72bf3c1ef60129779a87d777030428","nonce":"9d1500195f9750f4f42e34bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"af6254c1a3b987a25b9a387c45189cc1473b08fc8a98fdb68b18806f9b0a4517229ebca073a6d5434a779b2884","nonce":"9d1500195f9750f4f42e34b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"f6c7a87d0bd3625c9f099cf4f06159873d0016ad760d6d8ff4e06433151baaa693b59cac4513faff561a689f87","nonce":"9d1500195f9750f4f42e34b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"dd593fdb4aa7a76f578273780b72adf2b11a05aa20a5ad9b5767df7f9b455f08dcfada693f8fec27ffe28c99ed","nonce":"9d1500195f9750f4f42e34ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"2ca729bfd3425f46652a23a77b29e4afd18e3db40410c50de6611f3ef07bec04b71f3d2ec173438b1456c26452","nonce":"9d1500195f9750f4f42e34bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"5a3aa9ad7dfaf3647909ab69bb83138a07885cf5961eae99bab4172991bf0ca4a44dab5baff4a6f8983c922235","nonce":"9d1500195f9750f4f42e3444","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"0f3c7be777366bdb42043bc26aca1706282056b13cba0e37dcf22488998158bdaaf105c497bb4a562465cca20e","nonce":"9d1500195f9750f4f42e3445","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"4726b7b83ef71e7173342453259833fa80e51994ae92086e3cfc774d558cf55f6482ca4976d74957dfdc0e98d6","nonce":"9d1500195f9750f4f42e3446","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"26a6701ff826a232566af749ae355c8bd672c1e22f82975b899eabf560683d187487e6ab61aab95a0c623de0f9","nonce":"9d1500195f9750f4f42e3447","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"6118cfc2989c3ab4cdef596752c892761c142b918e2a5372a0592040f621c0241eaeea770d677e16f0f912b010","nonce":"9d1500195f9750f4f42e3440","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"e979ddf23be150ab7a3672518c623cf5933ac768b5db4de24ffafd43b608b677cea0fc510878d6aeb35ee9bf24","nonce":"9d1500195f9750f4f42e3441","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"2b96eb5ef343d3a4b48ad0d79384ab34bd2992adb3ff57ed9fe964dc376300300b6fafbff4adadadd63029500d","nonce":"9d1500195f9750f4f42e3442","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"a1c4cb8e4253a208338e444d2f59892f1b963f6a3966000baa82882be72368f5779ab2be5d661392e7d7be5c86","nonce":"9d1500195f9750f4f42e3443","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"8b6996a74121409a9f87fe54578d76bce56eeb123df1a5b53db6dbdbde0f76ba8ca94598a7da7dc62c678ffd09","nonce":"9d1500195f9750f4f42e344c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"891ef5eb72b7bce9ffe23000e69b42988e87a7b5d0a448ff8471b61593d48b8dae2048a2bfc333ecea1c27e5b9","nonce":"9d1500195f9750f4f42e344d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"88d990e06ed0a80eed2d6ca4bba13ca1677a91b684595d2eccae00af5e4a03941ecab317b536952c848f434b3d","nonce":"9d1500195f9750f4f42e344e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"14cc4cf4329dbd487ba2cba19791247f174e1278b02e385b72ffc5d545e638ac5870a8fd9db0be9b82fb9e5307","nonce":"9d1500195f9750f4f42e344f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"dd04d18a3cbc88139cf84b473b66065ed28156944c13ff00609acfe78c5db1e167380f0f5569b7fe9742e2f2d0","nonce":"9d1500195f9750f4f42e3448","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"a00b671ca06bf5a55473d50e99e39ecbf3cad5a0733510c1d37848aec72bae0a51ea0a512bbdb3eaae2216a263","nonce":"9d1500195f9750f4f42e3449","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"0542e80ade1bfeac1c89bb66a7c972384e5c663d64d4d14a12c36752b7565567bec37b7e8105539c4a3731187c","nonce":"9d1500195f9750f4f42e344a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"657840e743078434bc92a584f13ab7787eec00887cef91f882568ca68b038661d39d295f05052fdff1290b3c5b","nonce":"9d1500195f9750f4f42e344b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"94f722e15d6f9e3f54490f26744d1ede8159c33395c4bb7d6e9235d07c9593475c8d8128103945c688077c3639","nonce":"9d1500195f9750f4f42e3454","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"784ff04d6fb209fcc477224f926d31d814e4de582dd547a68c64a142bb14690aea7d35f5e5868acc08df99ff44","nonce":"9d1500195f9750f4f42e3455","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"1d3e9f07a2143149c6e348796e2c70ac01930f74c11dff7f04614948b99d4aa5950e01a3f8428c5b0fd784ed19","nonce":"9d1500195f9750f4f42e3456","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"6de22659815828e54de5ff5bb04fdb80af365a24ec698f24dfba7314c50fe6b2977789714e113c8a262199d4ec","nonce":"9d1500195f9750f4f42e3457","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"e59ce04fc071cdd207e7a90b24990336fbf5fb086743965487cf8105fb605ea41804afe5fb42c35af027392b54","nonce":"9d1500195f9750f4f42e3450","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"c6230c6ea81b1ff673be11a5d212ba99cdadd986072df326ca9b1f7011551a250c1765a4538f3cac987a7c4556","nonce":"9d1500195f9750f4f42e3451","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"e4645c0bc374499653de508c1092fe580141948744ea3c972b009761df951cd9ec205b20ef6eb2c3c329969349","nonce":"9d1500195f9750f4f42e3452","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"455a5745d586300cfa9661f969e6590dca3ff567fb54b7be7fcc1b6c89c6797b6105c5c0e03e8b43ebbae05b38","nonce":"9d1500195f9750f4f42e3453","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"e95722f9ca419df616ce52b37fe11222b9b4a1d3169edceff8d3f04bd806d8877e553907933365382311346a51","nonce":"9d1500195f9750f4f42e345c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"d408820ce0dbc91e53d5bc4fdda19b85d158f9aed5e53fc109c4752f8847f498538e9bdb0f85d3680073f2fcc3","nonce":"9d1500195f9750f4f42e345d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"c4af565775c0e98ae1cd1c59a4e7c54fd29be2bb6fe71b29d9ec948a4920ae46cc3c01559408bbed5ccb07dc0e","nonce":"9d1500195f9750f4f42e345e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"1cb36d867d952b05ddc79b02c6de43f4f14a93293c545fa4be096ebe2c4faeab910c9c0c42857ceb4b575e37c2","nonce":"9d1500195f9750f4f42e345f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"52d33c29305c070bf216461118c219eca05d07f1a13e80a8c3b2f87661a98161d32e2551cf4068aa1d2497539c","nonce":"9d1500195f9750f4f42e3458","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"fb1529b1bb7ed1057e8b897d7f79338b38080525331e13fb855c24a6e109ffaf68cc49384e49212a61c1709695","nonce":"9d1500195f9750f4f42e3459","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"bc44c826f32c742441867a05bebef1c8ea8a56b487042509a1fa8ed8c0c2fe57dcfedfb2fb794423ac0bbf7a59","nonce":"9d1500195f9750f4f42e345a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"2829154e9d86b2c723f1781ff8d85bc13d971c6ec44effbfae5bad94e9bafe4b4b67b4fe271319bdfb0b033928","nonce":"9d1500195f9750f4f42e345b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"b7df603b5831f23aef2712ac34c83d28ea5cfa27d283d91b8900ccff806d43239b1b9a29ad2ed57a7133a068b2","nonce":"9d1500195f9750f4f42e3464","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"72e471664bf021763439174427bcee7d35d7bbf3701ee2d28d1198973d53447e00ef963ed877de0079fcfe6ce6","nonce":"9d1500195f9750f4f42e3465","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"97c1007d86207a39ed25fd19e868156736478c4dfee601518c11f5523fef23ce4ca7f8b7d535dec260878faef5","nonce":"9d1500195f9750f4f42e3466","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"327d764bd5610c565c104fff285ef497e37f23c3b409fca3556a4d3a1cfbed2c23e819eea4a65639972d912828","nonce":"9d1500195f9750f4f42e3467","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"d223f6b2f6a908d796184c2d2a102b220a1f1532286ff11708cf3e4b43f7b71b19d894b980f1b2e7c7784d983e","nonce":"9d1500195f9750f4f42e3460","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"8d9514d3cb4b40f5fd0c758738030926929724ba056e911556803bbf61c9442c751c6be8735d8879675558d2c5","nonce":"9d1500195f9750f4f42e3461","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"8d5f62fc951ab4f5ebea16d0cc434e88a522873e8c09710efa9bbcd69212f752d2d20a5124d94d3437f74e3cca","nonce":"9d1500195f9750f4f42e3462","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"de7109f1ac826b98a91e81081deba9d40f9bdd4c45f301fcd6ba821dfa5f595f717517914893f7bb42a22088d9","nonce":"9d1500195f9750f4f42e3463","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"a90f86c56c06a01a2d6434814541843b394eea31f5d1d28d0cf418df3948725f3e4a735778ae52dbf6ed74bdd2","nonce":"9d1500195f9750f4f42e346c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"428a211df85d44764426824fde0ab396e50ed22da19f2b134529fe64637ba496e71c5771757fdd2e7a3b445fd4","nonce":"9d1500195f9750f4f42e346d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"8762648a0b73757d4c76da7a87323d43785dd2e6a9033d7cefb16fb2b7ccc3dc895cbc8c23b7369186c24b4a23","nonce":"9d1500195f9750f4f42e346e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"a4ec1306e4ab0919c8ce942bb2b6ba35eff3af65e7e6401471e68130d7e94f53794b8330c26771c8d54e4a3b95","nonce":"9d1500195f9750f4f42e346f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"86edf89aa9112c1e74cbef8c896653a79e1e05044c7f9fd7e4078ff55180314a1aefeb170bb2bcda2cb16b3937","nonce":"9d1500195f9750f4f42e3468","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"98c48c6a2a456ba911dd35a225af52434bae4eda0cd9642b3181cce1ead4761635b25e62477bf83e9343efe4aa","nonce":"9d1500195f9750f4f42e3469","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"1965eb7fd228939f09ed3a7e67119a5289f1812a45e144f8b785902f84d3ea0b8deb11fca40d6df44d67d6043f","nonce":"9d1500195f9750f4f42e346a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"fa93d7813e2ba483dace37f241f5d28c065ae8dbc6213cdc57ae77f184cb951ae0eb771cc4f9d8f3c7519e7553","nonce":"9d1500195f9750f4f42e346b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"1ce3d8966f4858d1f3e371255e5d0e8ef57cf1cf0fd0befe03404bc2b48fb9064cfd214914e62653d3fea0aea0","nonce":"9d1500195f9750f4f42e3474","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"1a4e9ccbd6fad41df07d6dcc76091668d7ff5169877ec08737bd8a8183f49abb948d845ebbed4c0811e87c6b3c","nonce":"9d1500195f9750f4f42e3475","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"4c33baf4256cddc467b75015d1507c7ad01a364d3fc242b4051a98e79227433596ad01a2dfdf90af995d21d3cf","nonce":"9d1500195f9750f4f42e3476","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"2609e0f80a5fd727b232b8977e8175edf694fb1c9a6535e2465b6f7737b0eb28cdab8c76cb959807e43c04130b","nonce":"9d1500195f9750f4f42e3477","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"02f7042b27bf4b8e4476dc61adc321446b72e6376b18edc62732695b7fd956dcf33f49562df95a58cc3ff5aeae","nonce":"9d1500195f9750f4f42e3470","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"2d386954fb70639324df19262f366298407709642027d3d2e1ffbaa4ce4c0dc5c428177213c5227ac7016dc162","nonce":"9d1500195f9750f4f42e3471","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"52e5fab7a0c3013a50bf18f2545920585d11f18596ecfa499a61d226231a70e064fa69672e32c6b91c3e40fdcb","nonce":"9d1500195f9750f4f42e3472","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"f5400ac491fe98d34878f8b5f22a3ce524cad8aa2ac71383b0eed441a6405c50ea7543fefa2532e06915539352","nonce":"9d1500195f9750f4f42e3473","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"6695b04eb0878947b244ad6f7260aa2ae649dccdf87c415c4e68a303f0564dd6be002822f84cbe0988f0de2b55","nonce":"9d1500195f9750f4f42e347c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"1b3e3ef5e55e3345b98e0507b6c71a7bba004eb04ad293e6f6c59c765dc170cf0350aadc351e08f4adac4b71aa","nonce":"9d1500195f9750f4f42e347d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"ae2d172f6001655a234e1672ae9ad315854120d93aaf0f6f27552d3215514f11db062ffdac6eb1333524f9f44c","nonce":"9d1500195f9750f4f42e347e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"f8ebcaf94b3835edf53adb9336479fd1373e816c163d44fed8711b741ba90b3a746dd92ca3e0200b028041082e","nonce":"9d1500195f9750f4f42e347f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"b871ed04b5d1e9671fec8d397be24f86d4865373544fbab21009a3a0402c606e1efef73c1854fa0678f30d409e","nonce":"9d1500195f9750f4f42e3478","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"997967bc5988a477ee6ca6572f059e75b9dba69b2d2ead5b4bd2d38aea73094043d1ad45e0938145655bc4cfa4","nonce":"9d1500195f9750f4f42e3479","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"c97e325c7afc321e3bf1c08fc629196fd872cbc62a13ac097091243bea30c3801c69463aedcad25fa5478ab817","nonce":"9d1500195f9750f4f42e347a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"a2d3236ae6761a96a38869d9055728f2daa2e924f1ba4f1e21ebd6ec9dac14f91307015f49260ce55d396cd527","nonce":"9d1500195f9750f4f42e347b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"e609516b5a40554c479c8d6e86badc1ce1d9bc7a70037594f050ff9ddd90de074372241e1bf2a4a3d6e8aa8f29","nonce":"9d1500195f9750f4f42e3404","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"be56be04429d1aa313ba9d27cea17200bc923a6b730970c8d17e267464886f5d766213776887ce9f9cc512bca5","nonce":"9d1500195f9750f4f42e3405","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"e1ccea934c8f6343fe1766006c10f6125ec9e2e4fc0f94405087cbf4b6f96498261d2beed34741aaf977b6bc48","nonce":"9d1500195f9750f4f42e3406","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"6f5bca57a4d4627ff6946d90d692f77f36c76f9d4d2bcffb4a37031c28724bb6e40ce46697512ff7c0878e1b77","nonce":"9d1500195f9750f4f42e3407","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"14e1ca87261d1fa4fb8481455a6cd63ef4a5846a81608f84fbfa5d4fbe885a7bf42293a921c2e0f6876bb76d5a","nonce":"9d1500195f9750f4f42e3400","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"3232c2f003eb32233be256a284edb9cca1d37cdb9fe97019dd69ecf66d5ba37f9f6c08681114cef63c6d00f82d","nonce":"9d1500195f9750f4f42e3401","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"2ed44ee8cf5069626a3d42c50864fb51655906e57c78f755a3bcc5c8883b5bf38f1d64ffe55a6e43f663f1b3fa","nonce":"9d1500195f9750f4f42e3402","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"c43f3762e4acc627de25ff91152030e3f90175d854b061867671e6ee0da2304f91dd93ed2f1ffe2c12d61850aa","nonce":"9d1500195f9750f4f42e3403","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"d2ee516d9c8a291e898b937b923c5028fa1ebbdbdff3accd9688ed9ed6aaa4765a1619f1dfa063bfa9babb0548","nonce":"9d1500195f9750f4f42e340c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"9c0738de8d69b801f2bb2a95e51162fb2fdd0610c97c0cf137184ed557ec9d307fbf08ff913d56d3d501ba6d66","nonce":"9d1500195f9750f4f42e340d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"1e8773246a19eefd4272a2f8a74ac2bb608a1b18be90b9f2e186220f9fcc11a7e1985204a56e17fa8b148d33b8","nonce":"9d1500195f9750f4f42e340e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"350ea4a9bd49fc4cbda3b3862f81312bbed1586fa94e2a965dff58cedac73a66dc13bf463e9cacf5b04fceb97c","nonce":"9d1500195f9750f4f42e340f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"361ebf98cbabc6dcbe41935d954632f8b2b49c46d0cf09a019d3fba0b2e6ebfe3959dd11ea21fe9236edbeedaa","nonce":"9d1500195f9750f4f42e3408","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"549dd35d0d8c6a3be2d14d0d5cfb6ea71d0f4a7f143852e928f1482c1bb9b9380f1d76f7722a80a8d135675bdd","nonce":"9d1500195f9750f4f42e3409","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"8d5c4f81b9fec075be38bfbd4fb8528aca1e5d393bd2d270df7425acf938df31138ad987c64682de6ca78d1401","nonce":"9d1500195f9750f4f42e340a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"620438edf020d0f356a65b12a4030cfda77d405861b86bfcb5ea9e70a5e0104ed3d8c0111b6d723b7e73112b9b","nonce":"9d1500195f9750f4f42e340b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"7dfce3f55bb2dc6905a3f522376dc0bb26c515c050bba9712f22cc042563e6adcfd2c41f26aaec60b315fca7e6","nonce":"9d1500195f9750f4f42e3414","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"e57a01e4903546e06efb1b22a13b53d1c753d14f351a190c49aed4dd930cb072117d65bd1a9bc277169a05f688","nonce":"9d1500195f9750f4f42e3415","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"274a55a1796b21a94bc9d240153c15e18b3d10643dac52ad53b89b64105dc3c41adb192dddec6d9a36510adf87","nonce":"9d1500195f9750f4f42e3416","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"59f6e56883b99fa5b103ae4a163843e42cfaed387b12aef66ff0cd7fe3fa10723a37fda503164a3ed41ee2badf","nonce":"9d1500195f9750f4f42e3417","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"a29d112ed8b6b7e9ac37754104acda92a25b0d970ffa39609027a145182610eda3534dcb967f8f9dfa997bdd31","nonce":"9d1500195f9750f4f42e3410","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"17c87a393ed8db5d48c1b9a4c529fe8827e011fa1388b42c5b58fa6a92778817ea54f28c714402ede903ee30e8","nonce":"9d1500195f9750f4f42e3411","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"27796f59d9df57bd8ab584ce543f3e67c6c5d03a0aeaaa7d76038fc7b613b75ede88d7196d697eb4d79ee67581","nonce":"9d1500195f9750f4f42e3412","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"4caf22a9de1b805300521d2082884531be758aa150323b025f70953cf7072c2763e2c4ed74fb6f31158a6b14b4","nonce":"9d1500195f9750f4f42e3413","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"a78a641163c14c4bd0d922d9b46e762eed46fa5a354b2fab1c7fd87821739cb97db5f760336ff52963e2e02eee","nonce":"9d1500195f9750f4f42e341c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"9671c52b8fd1189801f48e759e30f3392fba7bf68a14a2d65a8a00aac1fe31f71b7ac99e35979eb9ac150865ac","nonce":"9d1500195f9750f4f42e341d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"37f76dc4c3921faae9f3429c715259f2a0d56ce0f1a61c9c96882f934a101556f24398fbc11249766a74021615","nonce":"9d1500195f9750f4f42e341e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"8edc744c1f48552810ae4a867ba2a90463301729cb6b75bb458a932d49193641b5db3025c2b33863858891eccf","nonce":"9d1500195f9750f4f42e341f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"9f420bdab0c0886149fcafc7869844e8ebe3cd42cd1027ee823a127875c1f6d0621bf5fdfc50051323048c1afe","nonce":"9d1500195f9750f4f42e3418","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"db54ea8b8875a1d58b25548195bfd9b0743e84d51225b5ce3ef959093bbc02250ec7ef7da69a34774a946afe84","nonce":"9d1500195f9750f4f42e3419","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"be771b7439d94c94fa30f845c64346977bf33737f64faf797e863d9eb688252f1c1facc718d6c260caf3cf8f59","nonce":"9d1500195f9750f4f42e341a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"b8e6f183402458d2383ecb57d04cded64ac15ccecbb63c6cb6f40a7fd57910573832ac99b5595d8647a16dce5e","nonce":"9d1500195f9750f4f42e341b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"d1ba012e7c771f15fc008524147a6ae0e97eb38a2887aede8854583dae498c3e3324b5f38eace06af491331cb5","nonce":"9d1500195f9750f4f42e3424","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"b175b40ab72cf6aa10c62cc43091c3cc592d05ada670cb6793b882b0fafc62e1cdee3b7b1b11bff8446d025e05","nonce":"9d1500195f9750f4f42e3425","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"6c8000bbadc9bf3e5bf31181a9b5845b4d03d48bc15857a834f3b464be25a13c6019ee200be5fb0c3c62b33be3","nonce":"9d1500195f9750f4f42e3426","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"a26bf2c90bae597687c8bc63d78f59077808702e89cca31f2023346dd472cca95adb2333c3901b418c6adec326","nonce":"9d1500195f9750f4f42e3427","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"e3a30f1e00bfcf501da88634f4ded02b6f26df2cda165bdf8c318b55de6a0721bff0683c86f38665e49c135645","nonce":"9d1500195f9750f4f42e3420","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"9e859966d9732e16a66a98585f217baecf13e83463d554f788c133e61be962c0caceca9a1d62bc678b0c1f0e03","nonce":"9d1500195f9750f4f42e3421","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"aeaf2a4576b4307f525207858d6b0a04c8ee0840f11392b3c256db2e73eeba2707995043790bc6e211add6219f","nonce":"9d1500195f9750f4f42e3422","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"53930a6d2ca8f2fba08f6486a7dd270066a3167ce1bc99aa7bdd25ad28847cdbd03f62156d281004bf3d10b5c5","nonce":"9d1500195f9750f4f42e3423","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"64fb256353e72fd072169c7f266b1abc98ed0cb8ec5af2dce97909debe7eccfe8898fbebfe62951ea64763550b","nonce":"9d1500195f9750f4f42e342c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"5b8845f7e90823b052b2dd70edabd55a21df55ef955062cc5d3c935f4de2ca3abf1319442e74c9aa87334918f8","nonce":"9d1500195f9750f4f42e342d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"572d5e04848305aa293e0bbe00fdadbe22574d90754977ac1dcb1552f85abcb2461bbdd7e8e4922326e662d981","nonce":"9d1500195f9750f4f42e342e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"0c5550f0dd5e3ac3f2e98745ac3c2821871341fb19650284c03675400e1e2fa63b73c53397ff0b774e42a44ca9","nonce":"9d1500195f9750f4f42e342f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"624a7832fba00371348f4611f1e7f5fbfe74bc70981f7f62dfc229d6c1df14c966fd8e8ccee11ea687439df2ac","nonce":"9d1500195f9750f4f42e3428","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"62cfbf9b3438059bd01054d460a60ce1aba39b6f7b5cf8b17041270b524fa81921c8a0cc4e16457219ed7e7e7c","nonce":"9d1500195f9750f4f42e3429","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"c87dea269797bd41cc8f4a05477a3720f873170e3b45c0df7f03f434d28db0a34b733786d14089c66c4593b126","nonce":"9d1500195f9750f4f42e342a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"acae4475dfed89a2659bdfdb6fbdd7eb370d8baa8d42a9ba774ee0116f71897ea0ebf0544aca33fc11887561de","nonce":"9d1500195f9750f4f42e342b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"483e7207bbbcd9560d25fe2fae8102232b4291bcf99726e3239d21a973b67a703be0600d315590af8dafbad080","nonce":"9d1500195f9750f4f42e3434","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"6063e8674908347d1e35b041d1c10aa9e120824cd2c619d798f116d9cc321a1b587999951eba27fe17ed377de7","nonce":"9d1500195f9750f4f42e3435","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"f3980d83ff444654ad5dc7cf0296aac77353572c99225054f362fad41cf1ad6409fe5017d0ae4e9abd630be8de","nonce":"9d1500195f9750f4f42e3436","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"06a9e23f565849b6e49c26b08c47205b5a6c65f8c6ee1da1adc5ed4f4f7675ff28afd1ca54af6e26c17c3fbe20","nonce":"9d1500195f9750f4f42e3437","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"609f5e0787831919b06acd2ffe5ebe6bedb93a06e8d7388b39dff7b075610bb989753f1d3c9c319b4f39199a0b","nonce":"9d1500195f9750f4f42e3430","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"7699fae40246ec336f3515381afa7104dea06f2cc11a7eb78e0300e97ea9e370c5fab01f8ac5fe8c14dd6da7f2","nonce":"9d1500195f9750f4f42e3431","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"53114f5a6f35d0cde0c526e2e6c739427d523584b2837c2425e4cb05eb47d375ab71445c3952cf01553ef7f917","nonce":"9d1500195f9750f4f42e3432","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"68279a0e24f51409fe8942f86fbe71f2553a6ec0badf39dbcb18de85da179f062b41ad2ca05c1a7538733d0af3","nonce":"9d1500195f9750f4f42e3433","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"21eeeae3869f2da70c8e874ccb68f9298d042aeb4ecda6f5a3686d33950ca397425e2efb8f68e3b2f0f258793e","nonce":"9d1500195f9750f4f42e343c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"8114adbffadf58b3c7c10e011a6211ee1ebafadf9c964e87cc6bb163a41008bb08c822a39811b7f51fc12481fc","nonce":"9d1500195f9750f4f42e343d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"952407d61827789790ac2ba11a985af990d7f51121ddea470f470cc294e7288a706f7b2bcbcfd2242a647ce4b1","nonce":"9d1500195f9750f4f42e343e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"6afd9cdbda41e13943b4a592ec9a57e639edbdbc8e111bcae62874788519072c154df37f947a35ea1491de87a8","nonce":"9d1500195f9750f4f42e343f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"359783e6b7482089bb44244ca6d58385794102f92770d726a2f4a276258c58cb9cbf47fcac4d252c2e8fa545cb","nonce":"9d1500195f9750f4f42e3438","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"44943c1100abf25906179e0741dc6933b62e467adbf0876c7a691731ac7a2787a81528300c0a6d1a0b5bd7c337","nonce":"9d1500195f9750f4f42e3439","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"e9b91f9111ac6675e39ebe3f9ea8ff608474e2d359567e5803f4bb54b4c0b41165016e7dcdb8b747745e907284","nonce":"9d1500195f9750f4f42e343a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"d6b8302ff4a4a062875e25d84c0880003c0895a50619d72387a537be1696a5b11b7d518bc816aae584d69d97c3","nonce":"9d1500195f9750f4f42e343b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"612fe5f5462e6ad59dc20fc5f217a1070f0af4d84eb1e5a26d22460f6ed25e5c1a501b6751aaceb78411dfdcc7","nonce":"9d1500195f9750f4f42e35c4","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"4fb1428cf96d008d0be04dab1c55bfef61d75fb4bd179db6c099113fa779930a"},{"exporter_context":"00","L":32,"exported_value":"8a005f4b798cee5bfa96f290fb4ab96175a8b1fb73ef464a584c14ae21bc0b3c"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"a8fa1145e7439b054cf2ab7d45652b684d96fef8a45bbf74741c37f67b086029"}]},{"mode":3,"kem_id":16,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"1240e55a0a03548d7f963ef783b6a7362cb505e6b31dfd04c81d9b294543bfbd","ikmS":"ce2a0387a2eb8870a3a92c34a2975f0f3f271af4384d446c7dc1524a6c6c515a","ikmE":"f3a07f194703e321ef1f753a1b9fe27a498dfdfa309151d70bedd896c239c499","skRm":"c29fc577b7e74d525c0043f1c27540a1248e4f2c8d297298e99010a92e94865c","skSm":"53541bd995f874a67f8bfd8038afa67fd68876801f42ff47d0dc2a4deea067ae","skEm":"11b7e4de2d919240616a31ab14944cced79bc2372108bb98f6792e3b645fe546","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04d383fd920c42d018b9d57fd73a01f1eee480008923f67d35169478e55d2e8817068daf62a06b10e0aad4a9e429fa7f904481be96b79a9c231a33e956c20b81b6","pkSm":"0492cf8c9b144b742fe5a63d9a181a19d416f3ec8705f24308ad316564823c344e018bd7c03a33c926bb271b28ef5bf28c0ca00abff249fee5ef7f33315ff34fdb","pkEm":"043539917ee26f8ae0aa5f784a387981b13de33124a3cde88b94672030183110f331400115855808244ff0c5b6ca6104483ac95724481d41bdcd9f15b430ad16f6","enc":"043539917ee26f8ae0aa5f784a387981b13de33124a3cde88b94672030183110f331400115855808244ff0c5b6ca6104483ac95724481d41bdcd9f15b430ad16f6","shared_secret":"87584311791036a3019bc36803cdd42e9a8931a98b13c88835f2f8a9036a4fd6","key_schedule_context":"03622b72afcc3795841596c67ea74400ca3b029374d7d5640bda367c5d67b3fbeb2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b1400b47c33038b0269c","secret":"fe52b4412590e825ea2603fa88e145b2ee014b942a774b55fab4f081301f16f4","key":"31e140c8856941315d4067239fdc4ebe077fbf45a6fc78a61e7a6c8b3bacb10a","base_nonce":"75838a8010d2e4760254dd56","exporter_secret":"600895965755db9c5027f25f039a6e3e506c35b3b7084ce33c4a48d59ee1f0e3","encryptions":[{"aad":"436f756e742d30","ct":"9eadfa0f954835e7e920ffe56dec6b31a046271cf71fdda55db72926e1d8fae94cc6280fcfabd8db71eaa65c05","nonce":"75838a8010d2e4760254dd56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"e357ad10d75240224d4095c9f6150a2ed2179c0f878e4f2db8ca95d365d174d059ff8c3eb38ea9a65cfc8eaeb8","nonce":"75838a8010d2e4760254dd57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"2fa56d00f8dd479d67a2ec3308325cf3bbccaf102a64ffccdb006bd7dcb932685b9a7b49cdc094a85fec1da5ef","nonce":"75838a8010d2e4760254dd54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"ecd801aeee7bd3274ff6a80e6fb5af3d1ad02d1f26c3c5152575f7c51d389508d9ad2518fdf8c1e0dbcaf68bfe","nonce":"75838a8010d2e4760254dd55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"1fe9d6db14965003ed81a39abf240f9cd7c5a454bca0d69ef9a2de16d537364fbbf110b9ef11fa4a7a0172f0ce","nonce":"75838a8010d2e4760254dd52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"07b2113edecd755ca460e9baa65fae816b17d2cb341469f9e90a5947fda4f6ea4219de55aae80d357328113999","nonce":"75838a8010d2e4760254dd53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"30e5927c5979a205731723bf727034f755762b80e518cb46b8a6eca9608afd56012f3c11dda935965d56d89716","nonce":"75838a8010d2e4760254dd50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"86180c60f3a7b66a4600f3671fd16de4ab99c6874c2df39a1c655a2b78c7b93f8d22688d502727c129fc86f007","nonce":"75838a8010d2e4760254dd51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"461cd6ebdb8c7326b878dad1c6c5833db7b7fe088e13d5bd1d1e4310398530873809e3d99b81ea753042803219","nonce":"75838a8010d2e4760254dd5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"e3e05545cef1569934a737144b46f1e1c742d86ea965b1c90d1f4b6c330049a507ffa1d11749b9ad71a0eebc65","nonce":"75838a8010d2e4760254dd5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"cd50d1e0f256dad00d62b60cc6572faac855d3da957d476fb9de6132cdb301fad320e12354830331c224f367a6","nonce":"75838a8010d2e4760254dd5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"a12feae6eb6dc3c12b0d8ad7a95288ceb1632e12f5d633aba53e2daca062d9917e43d8301975dab9c48045c243","nonce":"75838a8010d2e4760254dd5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"44beae98dc5f44b99a8508030c2a87d9cbca1359a093b5443b2099515bc26181281fff786486bfb0f351813722","nonce":"75838a8010d2e4760254dd5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"7e97878b31628db268df5b249814ecc6f2a1dbebfd5f39084fb6588eda966072920dde7ce3729b499eca307682","nonce":"75838a8010d2e4760254dd5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"7548bb59bf256bb54d7dee4a47a3249af541edc7153d5d9656454b528da75070a4f70d3fcf1d6db71a479d9a5e","nonce":"75838a8010d2e4760254dd58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"b0136c7e17100a063da87cc1b1efb7a7ebcdc177ac1cb101292b5821ca51ff468d7679ca430a4c61cc89dd5ad1","nonce":"75838a8010d2e4760254dd59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"239a844f9f9921541f642eb6bb62e590db9e7fcdeb4460763ed5ec0fa49f0fe3db12615e2dd832d6d8d28d4eb9","nonce":"75838a8010d2e4760254dd46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"163e355072e1a321c12acac6e50aa4e67f9abe4006dbdff43557b7c90a0ee07e7bccef42e96d964c7789b798ee","nonce":"75838a8010d2e4760254dd47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"ab2c2ad8c49243ef5e3ac8be7b35ebcd153e8024aa647e1c6159e2c951c43df5195660b823be32ce2ad72fc61a","nonce":"75838a8010d2e4760254dd44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"e0a18b4ed3bd7e377bfe092b2b2439972ca4e027ccc97e10b4af7f471609c48e0dd172a6054b20f81cb63913fb","nonce":"75838a8010d2e4760254dd45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"7f47a9fec1f43e1c61ffb27c3c522678e1d5a60fe0543efbabb2fb9d0faf593f893c63e17591707693cde233cb","nonce":"75838a8010d2e4760254dd42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"1a18a1dc38ea4d6f20597bc4fc14bd453824bf3467b2652eae0e8a192bb7f4550b694250daf1f2c680b1b4a0ac","nonce":"75838a8010d2e4760254dd43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"9aee7dd6ecd7533313064ea7ee4fcf8f27bba3367f540546aa48cdba20d55ff1d76a7b3d6ce5741b1f187dc9be","nonce":"75838a8010d2e4760254dd40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"152f97af847032de9df5be15ace0ea73851c0d7980710bcbb2a8019bb191706b5277931141087aa7286af07a7a","nonce":"75838a8010d2e4760254dd41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"ac655c25d7f7eee701216d74dc9d931662e9ce04f28265ce14d76f09563a4d15515e2d8d188fbe32c23b7644f4","nonce":"75838a8010d2e4760254dd4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"b2a5e9fe7160e227ed28cbce9c9b031357d336216c138469da550f38ec212c8c728367a1ce9ab766fb964eae59","nonce":"75838a8010d2e4760254dd4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"4071f31891139f9bc1882cfe80e381c3bd2ea780b38bbf8e319007a36a6a326d0d20c6c14e58f1622162fb5b27","nonce":"75838a8010d2e4760254dd4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"d27bdf63b847a39b496d52c2964426d805ec659313ed8cece712c3f3f97b7e6dc17feb2e17da9cf1dd862c21dc","nonce":"75838a8010d2e4760254dd4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"8acf191ca0b27d26cad84611138b900d0dfe9b8d6bb100cd667f810cf772d937af6680c78cb4dc073b668f89f3","nonce":"75838a8010d2e4760254dd4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"4be538f51b112692ed46fcac125163464e82e588473998986fe6e1b47f4298e0e58dac0dc2b39cec2d329a72d5","nonce":"75838a8010d2e4760254dd4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"036a5b2b7a6546c6aaf6a5554a4095fee4bdb55bbb4ac9b4196b73d24e0429d8d1683bda5fc449a409f4211e9b","nonce":"75838a8010d2e4760254dd48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"a4eb3f4d87ba0b0cc718fb5f09a3b6e2958d8381c2588f2bd4b54b624334019b0eaf5bfb66dca91f33849aff1f","nonce":"75838a8010d2e4760254dd49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"c3587fe42826e39ac46bd58b626e7f0221c1d724a4ff2ce2dfc3f987f5b64eb6e3fcd5c92b413c9d63f42ef25e","nonce":"75838a8010d2e4760254dd76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"ca97aa993ef14c472b4af01faec781e96448fef01c9c580fb31e36de5fa70d02a19e6556e2d10959fe23fde2aa","nonce":"75838a8010d2e4760254dd77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"56b5072b66f9ac574a85331989c5de62c6e12f856428d86a1f3786c50d21e3b2f84a2ca7e3824c83cd401c7aad","nonce":"75838a8010d2e4760254dd74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"258369d6f8fa3673d38dbfafbbbbb56441c90a61db4b3547582fa2edf25c98babef2fbbccf6a0f0d56d20bcb4d","nonce":"75838a8010d2e4760254dd75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"bbd14f63b7faba35b43bf2284f0538a5f39c98aa8a02d9ec8a74bb8b7b14b1ee657c5dd4734789a9d245e2b338","nonce":"75838a8010d2e4760254dd72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"ff20191cab13158582a7662a6507793d0c24ad2ae03d6f5a1cd89a4bbf5df61179a49659f96d4e93715d49c7ed","nonce":"75838a8010d2e4760254dd73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"03ef980cf8da4ec8cbbb46079c9f29960f9443ba8832ccfbfdabfd1ce6b6d417725f2d355cc3820493b9ec09e3","nonce":"75838a8010d2e4760254dd70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"42519b36889e43b0066ae01d2d8990441f5b3273cf09274af7e339cab970d52f5ed0018cfb714b1fc2c6d3b170","nonce":"75838a8010d2e4760254dd71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"60213c32664c430690d71dca1c8b54a50d9a9d933c525f5e16c1ad208333028f991385dc98c958983f999f0075","nonce":"75838a8010d2e4760254dd7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"d037dd6f5b6aa4d3d05fd078c7c3df5012950c55a753ff4bdf6373cc26845e4d964f0287a1aad210f41ea6c87e","nonce":"75838a8010d2e4760254dd7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"3ee85275a04d39ffa26b2c42c06cc032303d986d8be47850a04b83bad3fdaf46053403adb20c2affc0a6f327c6","nonce":"75838a8010d2e4760254dd7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"e9c532466a7ce5e088c0aae9593f18d597ce5ffd1c3e250e964efae4d432dafbfb9a6791ffdfbaac3b48e72deb","nonce":"75838a8010d2e4760254dd7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"d4163a1de07be0d1fb59de2c664f507fc9ef37ca4151cbe3ead6e99ee0a188e2d2470e9934fc516026bceeed8c","nonce":"75838a8010d2e4760254dd7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"9b7a93e63089b8e5cb8b15ead9de2264743e742aa6835088d304d9e0ad12753257651ac23190e477f9ac3b2d2a","nonce":"75838a8010d2e4760254dd7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"2c335d6aedc78e0167f923cfe4db350b76a69ef4ddb4b4528ea2e72db827004aa995416f1b95693a9d4d8f2c52","nonce":"75838a8010d2e4760254dd78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"c7919b223d16bee8dc3f8c6300e4300a11f4665a97b67873ea37ae05f3f5c823f7017520d5cb0c9bee07dc78e1","nonce":"75838a8010d2e4760254dd79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"155faa766c60a2b3fd48d75c8b5a563428b271a657c2065e182814f0323b6147c8e8fb6056c6be4dfaef6d4e94","nonce":"75838a8010d2e4760254dd66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"c95b4fbe4a13510f1c8a7eb814d55a2756ff9ba8d098a1f417780da050e21a74d8a9f82ba2fd7e9b182aaa7c66","nonce":"75838a8010d2e4760254dd67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"e67dcff6fbc771b6ecac273fdc14f87f007b04f67e31ac1dae9f18fd0a41271ef2a1caa916538475e2fb19778c","nonce":"75838a8010d2e4760254dd64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"f457c2c70ba96edc3051e6fe49f8386e9913f1babbbfab15347318c3a4ac6a1ec0bb43321b8caaa8334128c0c2","nonce":"75838a8010d2e4760254dd65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"e32971282b03ba23ff85263ab61ea444a788f9e0aea7fa3dbeee7a4f18321c57c7a4eb784280c40f2141356134","nonce":"75838a8010d2e4760254dd62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"664d06bd51b53052834af77077d675cb26bfbcff8ccd717f6b07f9937744540846ea288d053fa49bf521c538e3","nonce":"75838a8010d2e4760254dd63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"b3754ae98a45a8cf8e10a895af9e156465e1417c8476a7a4c606c07a513c079fc974c4cc703cd70db7413b34d8","nonce":"75838a8010d2e4760254dd60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"10cbd06c0ca670e5da8cb9f20bf3bf2625b4f26a7394b2ca9a80b49361a7d75ea29a9b568247c5dd6bb93e8299","nonce":"75838a8010d2e4760254dd61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"570a7d7b9d9ffdc4dc617ba95c371b61b4091b10966ef8327e2c00ec6ec5ae79a3edc42d02bfde25ef903baef7","nonce":"75838a8010d2e4760254dd6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"edb64661c365b6d989e8f312645b53ab0c130437f34a29a8bef71a2eff329d3bc20a41385caf4735c7c5da8792","nonce":"75838a8010d2e4760254dd6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"20e42010719b4c9cca87214ad66bad70fbd157600b0ff532e4f4f2d9045bcac0e582a6af78b0de829780038be0","nonce":"75838a8010d2e4760254dd6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"a168bc5bf9a12a62da0bd564a07177c7505b623b55d6d635ccbdaa1ea9a3d2fd609675aab1eea42debb8dce825","nonce":"75838a8010d2e4760254dd6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"2f77f1fd75d88a9bfeb6571246009038af2fa57787ce4ec044cbae3a7819ac0beb811dc074404e84f33665d483","nonce":"75838a8010d2e4760254dd6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"8b0663a6fd1d36fa6dbc32c7a1bfbf0e4e72ab890747fcf1685be9ba1402d82e5fbd64fc8c6a0a0ea7ce471493","nonce":"75838a8010d2e4760254dd6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"c991db81187af7f8a9e817e25ffe36b9eab722c2331c3968fea11ac10a352c05bbee3c0072f95293e36373aa16","nonce":"75838a8010d2e4760254dd68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"e935e790e3422a9377bdc69795d8c18b24f67da388c01a2f3ace6828b090d587f8fcd44aa131ce3915553e541a","nonce":"75838a8010d2e4760254dd69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"35ffa148da0e02b5f4e60ad0cbe2db977a173780b25aefd6deb9c23a92598cae72764e005aad00191207442f99","nonce":"75838a8010d2e4760254dd16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"f0f553db4436209724d50b9fdcc1431d3afd349f551815040c7a33fa621a0b4db41478009960c5a2ea3c6a59a2","nonce":"75838a8010d2e4760254dd17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"dfeb262321fdcbbc173ab3adb382ae95cfbbeaeeb6a4fad8a1d9f16649654f51a7395a165278590a8067cf7392","nonce":"75838a8010d2e4760254dd14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"449def3c29dafa44eef6b847002d5611ab02fca0a08525a7aa8752fb73b271f026f0c0e2a1a2492ef8af429e5b","nonce":"75838a8010d2e4760254dd15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"cb8718e4deadf37fa194f4cfc0f9b007d65b601772675ab3829238db04798e09ca71c2507289a8ba3c09d9f109","nonce":"75838a8010d2e4760254dd12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"e83b5094126ca6e04b580c8c9fec1a9bf42cb3f51c3082baba17c690c287481e2fdaf5c1e035c304f24f56d8ab","nonce":"75838a8010d2e4760254dd13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"2d7cdc5b0cd8d93b25ef2d4d25cd942162df8530fb3dfb140ce8816511b2563870060f0540b88e62e8c72198c1","nonce":"75838a8010d2e4760254dd10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"6945fe3b9711e16bfcfad732009992e79675009bd17d941e6077c0cb066d5606d7c5094604aeed9d962b9d213b","nonce":"75838a8010d2e4760254dd11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"f2b9dd72b6afa6221c2536c57c9918347036135841111ec627256296ae0610cfe4b610c74c0ee8204c80ce27a5","nonce":"75838a8010d2e4760254dd1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"02235ead1591f922a41ed32da4dc3e62f1c995237a26f9f0acea52676615f4df16bb65755c1bfd8abe62615fa6","nonce":"75838a8010d2e4760254dd1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"ab50cb5497c37ab231e3bb8174f2592b4237d9c9eb055e617f485bd367421dec23e19f600eeb3a88bd642ca246","nonce":"75838a8010d2e4760254dd1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"8bf572b9ce978c380ab350e72413c72bada4444a359be931b33f003b58261bb5692afbc81a8ee457b102898bb3","nonce":"75838a8010d2e4760254dd1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"4c9870cbeac83f6403f62b7d79f36e5232f5536c51d9c9eb45d7ad003ed48327d3f42140aa687682e63331dc9c","nonce":"75838a8010d2e4760254dd1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"bc42f26840e0f9d7ecfde027e2fdac7ed97ca332ca8d8a10653acf9e5e1879c9786a0a24ad507a6be687e59756","nonce":"75838a8010d2e4760254dd1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"d32df60456f3462040295be48984d5309d59f4e7bdc5ceb0eafe08b34775c976b360326077f6fb78ad1e41165f","nonce":"75838a8010d2e4760254dd18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"0447cc8f6cb93c7b357bd1d1b2adce60d789058a145498f8a95c002392e3572865d4298c312300605d9c377283","nonce":"75838a8010d2e4760254dd19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"1a04599980b05368af753ab247789a5860cac52ca213ee32fa37b0bd920db363ba4e83775a4e99102dc447d50b","nonce":"75838a8010d2e4760254dd06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"df127c18b43f2e48c352856a2989c88b22d6624880e1445e89b9aac795929ca07e78987f72d72006d449723e87","nonce":"75838a8010d2e4760254dd07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"d600289a7267ed056d49d965e69e478560fba971473c00e08562a6e0b60e312a245023281676a56c774ebbffa8","nonce":"75838a8010d2e4760254dd04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"0c9aa373253c7d9268ca20a3541ccc3bcd79b20b6ce1638fb9e7bc64e06bc7112ff3e6fc51c8928663daa30f19","nonce":"75838a8010d2e4760254dd05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"de9a384657e076ed9c224fc358a3654ad740ae1c6059a41c4ad8700559769ac072529f47c08679a395f3b54c87","nonce":"75838a8010d2e4760254dd02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"302c01bb55878dafee18a779921c298591ae2bbd539e43e5d34ed2c770c66689175e3e7e4d6d99ca420c14b75a","nonce":"75838a8010d2e4760254dd03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"d29f2f0059cfb9a65d0f985d42d5f65149b771a5371d1b59ce6eb33a2800a1b7e76236db023a7027a75ff55cc6","nonce":"75838a8010d2e4760254dd00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"77eae56fcc8af5aebddf96ec4dda21c059321f34204d64767428670cc234bdc8f595b6340a57a3c9ff6ed8f3a5","nonce":"75838a8010d2e4760254dd01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"cda47a81fb02fcf178b3baa32cdd04e89236da83e32070fbc221890774de508f0f5fd30fe5439726e0fc26e53e","nonce":"75838a8010d2e4760254dd0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"09e59b9d32e682dba4a8893c889764965d22e9ddd4c9545d818f09b711db5107b37f768375be62869acee0d981","nonce":"75838a8010d2e4760254dd0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"34f2f73b75dd850d867e77395545230736abbb425035569794b9deba54126c66dfeef4b7b119f5cda725b9eb24","nonce":"75838a8010d2e4760254dd0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"28932090434094a67524a4be515b36b3342d39c513d403580b78318a1093f81d8b81a532b58019260e53ee0366","nonce":"75838a8010d2e4760254dd0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"563445cb1f768cab0b25b277d8786eb55e9d3adb054c136d6114bb02ff99ab55d4ef2c59fbb796efa5bf76ae24","nonce":"75838a8010d2e4760254dd0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"5481b53d2bd46664df2bf05c19f6bf336f40bfd077461fba1a05f5b2711f1211977627b7133a67204215be7972","nonce":"75838a8010d2e4760254dd0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"151d64b41ab8e90a484781b7b7f9c980c7d9efa096f0db7b311736a5b2100810291f2dbda2da529bcf57f1ba3a","nonce":"75838a8010d2e4760254dd08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"b3f7ff7483d5e604870be472a2ee5b7ba36507998f5994e852e59d1750a892721a8b3cee6d5ead2f4279e6d8d6","nonce":"75838a8010d2e4760254dd09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"c4f2972dce7f46eaa32b001e977a1a6de5f175a5efd6bb15164a4a273e6be41c282a8db10e9089f602fef75352","nonce":"75838a8010d2e4760254dd36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"fe996375b45fcc5b27da6a435bf642eae9a1508f52c8fd3679ce2251716cfe53dff616c629c8037af11b190be0","nonce":"75838a8010d2e4760254dd37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"0583c3a21fdfaff7b3eba616663785ca45d040fc7a70b1caabc245bb9146264da705881fb22eb281b7b0a19ac5","nonce":"75838a8010d2e4760254dd34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"bf6d793312bc1e3cfed6e832d7f2592b76078ce9c4e02d4c28abbf5f48b312c5a86e543946e39a75f6d0e7dced","nonce":"75838a8010d2e4760254dd35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"2c7ac0c057222761d180535f53aa45d3b0802684a7ddee130ea5a93273c9b29916f04a31cc965b70a8c93aadd9","nonce":"75838a8010d2e4760254dd32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"735a906967c884a1e745fb9aa95f64d1686594fa6ae851a69591df8a0b7df4d0f63d47ec99d66eea884033a485","nonce":"75838a8010d2e4760254dd33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"59dbbedd83f1cd0e1d62093eeb4ea3dace329770a4b2d51ba5c275e8cac3be3e89f933a07ea57dd704c79030c4","nonce":"75838a8010d2e4760254dd30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"e3aba17451fdd52ed8b3e35a455c54fe93ae8ea0dbb9581591267513774497d5962264e3e8eaf63de9bc5f5cee","nonce":"75838a8010d2e4760254dd31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"a89000715f7e8eb60ea4b4fd19018674e3883f73d5b15c40feb6262ca6f7a740279e18b3a67456ca0f0df6010c","nonce":"75838a8010d2e4760254dd3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"ac2b42864f866fd78116960950bc8a3cf2dc3eb9467458c500f2c119a0218120f8ccd1bf0094aa3414adb3fb2d","nonce":"75838a8010d2e4760254dd3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"9642ebde66111d9a1f48118b7b308ad55ab4aafb03acbb1b9fa90ae8af5161bb03cea1a000c3eef990c3a52762","nonce":"75838a8010d2e4760254dd3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"c719d62df33bf64fbf86f0730e453defbf34d4c8848a74b7a7d18d7084f639926423755de510dbffa153fed137","nonce":"75838a8010d2e4760254dd3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"12a0d3052b9ef44d1f0210aab5e7b3f5efd832a18fa804e8457c3c18d7cf5258e4f64c31a1400edf85c771a76b","nonce":"75838a8010d2e4760254dd3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"80a99714a542e963edcde9092a543919c904557161031d3dc7b70ad62ba33f8782456288fac75acd1225b12d57","nonce":"75838a8010d2e4760254dd3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"e95f5b47babcfc8629c1e6b511ae302befc903ca4521cd54a82f7bc2ec02737c7971b00c1df9bbbb07b241234c","nonce":"75838a8010d2e4760254dd38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"9aecbb59d1feaa35470bdad3f31cf4b0ca1f8c5da0fea34151bc0bffd25c47e1a430820a0cfa6f0cfc388d5162","nonce":"75838a8010d2e4760254dd39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"58ed2a8f374cdb3aacfb0fc9af98a567660b7aa255ac92e436b5b9bfe844e2f348e1f3bf3ea848963dc9e0fba2","nonce":"75838a8010d2e4760254dd26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"c406f62ce81122ea2b3a157ce0f8f3e81995b0152efa11b6160b06f45412669698efd22e390fe3edce96dd3f4b","nonce":"75838a8010d2e4760254dd27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"837a67e853a9564a86ad40bdae56b79332391fd4652d68de24b646666328c923324ccccdc7a487f9f0f5be29fe","nonce":"75838a8010d2e4760254dd24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"02a0ee1fa7eaafdf73ae9298ce3f3f136efef36b9549a262458f3e7d8269e075a34a8ea2f58515902a4f7dafd1","nonce":"75838a8010d2e4760254dd25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"11486cfeecd623dbcecc7060e409476f94ae2c0594cb83731170c3de01f6fff162e531fbf87fc8e49ad0027db6","nonce":"75838a8010d2e4760254dd22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"f0f1faed67417caccd544d3c766fda09ceee4759991eb34cf4614e8e369dd18a6d149e390dd1d5f5474515e28a","nonce":"75838a8010d2e4760254dd23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"a4e655535d07cf848852a558ed53e18f04687c5870ace33af716642685b8a75dd00561e3bdbf9f9c96a0cffefd","nonce":"75838a8010d2e4760254dd20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"f1c37bf7681f10e593d144ede96f0f1b695b6f6a04c6a274e3209f627f39c39cff272769006fe7db45b24cf678","nonce":"75838a8010d2e4760254dd21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"5800dd8376a2d0d5ff4ab882805137f8497329c67ae73c591d4a279e9a7335041026eae7bfebb0bb57ba52bb45","nonce":"75838a8010d2e4760254dd2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"fefb0d2c99cd9b0bf64e108384ac64a4818d4c5b27d6f4f38775963c4e5205a3f11f35816762fba66568689620","nonce":"75838a8010d2e4760254dd2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"5e840e2c41fcc4631fc70a00fb3d06ebb76f1edded34cc6320e12da45f2349bcbee198e998857edd66c8abe77c","nonce":"75838a8010d2e4760254dd2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"a57641d4c32044815f06ea7a73d7753d1fcd7e2a154846c4f4f99590030742c69a68278cd326afae4c4d2741a8","nonce":"75838a8010d2e4760254dd2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"21d414aad2c169934012b45b05e9d2b52eb1c8cc5ba0f6b4c4b841ee2aa754febcaa19817e9513655450559055","nonce":"75838a8010d2e4760254dd2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"9ed8ca2e90f075d440990587bbb408c9b054487c130e68dad0d71e988815919cae5660b65ad3cacc846ff900d3","nonce":"75838a8010d2e4760254dd2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"7c1dcbb167a90690caafd81f1df248a234ea7eacd832485d519bb34e616487661e185d536c8152ef4ad62e851c","nonce":"75838a8010d2e4760254dd28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"f679f14cb07b5873d8c2f2d35195e49e0321c3336eb24e9bed0168132e288663c0814d2bf8eed049c9d46888d3","nonce":"75838a8010d2e4760254dd29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"dabf104f0950026d20add8d7d39a5bef5e6c3ca26f9b1e28a0e870e007c038e0ae6b2a39cdf60c6d770c2c6dd8","nonce":"75838a8010d2e4760254ddd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"e321db31f181a3ca5a86dbfbf20483c91ba9e30eb3d1bc313c43fcc6f458cd63a882f13251605094e33f34c3e1","nonce":"75838a8010d2e4760254ddd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"02b8454b4b1a5302424cf355b84dd7d3be3891fb589763db0d377c51ad6cc29e01d9ac95be2b54b84ddd169dc5","nonce":"75838a8010d2e4760254ddd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"e4b4ec1ae39982c853d435346df2a40089fa130e0d287ab99fca71b00add47a9a6fba04fdecdedec75d9a0780a","nonce":"75838a8010d2e4760254ddd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"cdb67ae6e67166caa7e24faf1be202a0cfb8a002f6506c1b6425b756deb187e43c8da4b8af93b25c82f8d01735","nonce":"75838a8010d2e4760254ddd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"05b55e8ef90309d09ab339580dfd6408b9c7141320f61a4835e65680cbd55be60a330848e72b0e027a20097ed6","nonce":"75838a8010d2e4760254ddd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"1cae11962036b1e1a115c6671d1735f57124a70a7ef50f75cc99707733c8aa7eb8c564c378acc19a0ce2039c41","nonce":"75838a8010d2e4760254ddd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"af80bad72bd3b3d9f5b0c16e29de5f3db123e319294033a02741082f782a71bc314b9bd908d7c61d3b80206cd8","nonce":"75838a8010d2e4760254ddd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"76960a845444b59efc6ef3ee1d48a0849f97463548f4201b3c015be504078300e404e6593ab83e8659959fc529","nonce":"75838a8010d2e4760254ddde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"0bc3c5c79b6a91b7eed99218dd4114edec3b7adfeec612000931c2d4942c9a43fe18236daf8a49269b3dbf46a8","nonce":"75838a8010d2e4760254dddf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"71156b1be5fc41e8801c9bbe9b6a41e553e56018e8c1cf92f83efb944309c58d1567107b0d6e3922b2c5706991","nonce":"75838a8010d2e4760254dddc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"25634bc1f923f705ebe5fbdceb88daa61ce903194b9833f0268ab090cb5fb131dfe23330eabf586fb8e6a15c5a","nonce":"75838a8010d2e4760254dddd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"5af635f1ab4bad748754ea64538a878aeb3b070b8b85578b89b29898d424f599b85ce7902a118e02a3c2b4d0a8","nonce":"75838a8010d2e4760254ddda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"795f2b906b185015c29df863793cd00e75a5975dda9dd18b29e9e28bbabb53ccda8f63a43c6796176d6421c8e0","nonce":"75838a8010d2e4760254dddb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"e6c2a1a0879ed6f339cd404c1393ac986496f1a4b482d5ee43a96a3bcdd39eb2722402f5f1e7cc3a592105de03","nonce":"75838a8010d2e4760254ddd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"ab3b6ea81e24d4c1b91c9a0ba757a96db9660ffcd608ef74d8bcf576264fe7c6685e15ab8cc3f5445eda57aea0","nonce":"75838a8010d2e4760254ddd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"6788a6d63192d8577230f7343f8682742b1c29fe567b4bb4b9f9999037f8e04be4239626aaba327d435fc79ae1","nonce":"75838a8010d2e4760254ddc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"18f6b484054fce714939ec3003f1ee7e7fe6237f2d4f0104f353a1ea218109087ec4f24be4aecd55a48fe00ae4","nonce":"75838a8010d2e4760254ddc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"f873e4d6524ec43e96aca82ae59e9cf389b99565cdae6fc81eea7d6b26813ad9c2b5b3f7755cd03e783ac5ca5e","nonce":"75838a8010d2e4760254ddc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"4956ab7da8f8f0e1fd3dd4ee4ae5d142f1420804f5377b1a182dd5114d5f0be103385c7be2090cb7149d159c09","nonce":"75838a8010d2e4760254ddc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"4ff0246cadc5cf93b50b2848e28b633f9061d4cf3dfa56855a6af10a4559c2dea74bdf7796ae338feb382ade97","nonce":"75838a8010d2e4760254ddc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"e752c5ffb298d003485b67a691990eca0e90dd9dc2433b11936fb35d026622a70c1779c7228572a5159925b3f7","nonce":"75838a8010d2e4760254ddc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"9a57e7679a172787421a2cd842dbd89e5b2bec34151fbb74ec0f1bcc433052ab24517819940aa0882f70ed9567","nonce":"75838a8010d2e4760254ddc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"3ca4f9a7b61a3e32757b2ddd4b0fcff9a642aea7eff673d423f7c280349d976a375009578d639db0c53e502bd7","nonce":"75838a8010d2e4760254ddc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"b78013ce82738b97b333ea9bc57df58b8d9b92e0bffb20310153ff15e825b5e1ee24ecaa9c167a49df4c3aeddb","nonce":"75838a8010d2e4760254ddce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"31568507a8df4af235448dc7cfd37bc269fa5d272f927ccc4af3ce77599085c71b57e8839012a4725ce50fa626","nonce":"75838a8010d2e4760254ddcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"4426883156e028bc24d5c951c81f46843db57cda686560b3ca90256fb10821ada4f0e3805f9b12473e97f12467","nonce":"75838a8010d2e4760254ddcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"4cfdd385781fab1f1f41877ce8b13b0cdd910c4c7679927e0f74096500a4bbff6514d38d61ee2c285173863bac","nonce":"75838a8010d2e4760254ddcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"bd7d3f8081255e4bcadddb0fa76c50e93eb8222e1a61a8db8689d9cb4fac0df1a16d47b8efcd09a1967d709e38","nonce":"75838a8010d2e4760254ddca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"2f38fdee904808387e7004581c22ebaff8fc7c08e3d38876c5bf46d9ce28333684335e9cad35643d2d55e81419","nonce":"75838a8010d2e4760254ddcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"eba285adf8c15aa24a50e3816902fc28f24cd7c62fd704aa833127b55f3433981c55a8fff4eb17ad45f34e45eb","nonce":"75838a8010d2e4760254ddc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"99598e45444cf5e5e8aa97d0d1ebeb65f491de3709226920a13d53c83058b88108bd99951853a323f8a6da9eb5","nonce":"75838a8010d2e4760254ddc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"dd7cfcc1a0e558cdba33f828868f6099be9d3579f239ed730cdf75d4c0a2bc9fdebe44d400064320ea3a123031","nonce":"75838a8010d2e4760254ddf6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"8b8bc30da83e0fb497a92b86c80d02fb540c0ea73a23fe2b0d18c6a8183d8153ad16f1ea7eea342c18df7e6233","nonce":"75838a8010d2e4760254ddf7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"eece7363d95f4d5ce537745aadd76bd4aa13e90600354fb9241c32719399d1faf1b1d1fe7959f5172d82613468","nonce":"75838a8010d2e4760254ddf4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"aa25db1f01a81f825e1123070e49ca7089b2c363dfc9420bd3ab3e73172ceb5f231accfc96446ce866386465b4","nonce":"75838a8010d2e4760254ddf5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"41c4d56761e6eb6f730dbe8b6bf7cd7b6075d42c68eb65e9826a4cd3160c4e39870cd116ed160f54d2964e0f62","nonce":"75838a8010d2e4760254ddf2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"8fd155ce339ed1a4cce7f8b04e489c044483a741f60958161a41f1f1a0224136a9e22581e8759c24aa7e133ef3","nonce":"75838a8010d2e4760254ddf3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"a6ab19a32c2b4e4e4e3d27ba6e5be6d3e6aafd41026fc901585a964a72144036daae2adceeffc8e3be6caf575e","nonce":"75838a8010d2e4760254ddf0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"ced1cebaf7995f4f4a14a49e3c09ae14fa5d629fb21fa7cbdcba8882d093962f42411643bdfbb5a0ee8ed26a66","nonce":"75838a8010d2e4760254ddf1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"23c0994b39ae54eb203c2995999a16d526071faa567bc15870cffed3a295413ebf3c3f1cd539f16cac32ac41fb","nonce":"75838a8010d2e4760254ddfe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"f8c0a73cbc766bde9a024914414e3bb487c0701448be5d4191c21f9a38fd020c971c823c3ff480660d01cb4720","nonce":"75838a8010d2e4760254ddff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"eb4948cca37742a63738f96c8dbf5605b707ab01d7a862b32b84d4ae050619d74e0bc25453a9cb2659eb40d84a","nonce":"75838a8010d2e4760254ddfc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"9d9c6e367423245ea4be148951770523e87b974c2b5bbb1efba00ddc97baf08cd4836d07729dd58bc439f1ab03","nonce":"75838a8010d2e4760254ddfd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"7d6504fc484bed074a3bd50233fb8b2f331ac5d8304d5f8133870eadd0f0f46af34ad33e316e6a018d62469e99","nonce":"75838a8010d2e4760254ddfa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"13f3e24bd2aa9d1b1a52aad43a68bff25250ed1b5b00a14fd99e0732c3402c2006ab30bd5931e2c19312ced04e","nonce":"75838a8010d2e4760254ddfb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"f13772f281b02b0d7ce6c0b4985511d3c8c037225387b77472678a3972d45416fa18bc417b2307ce33a2f3f0cd","nonce":"75838a8010d2e4760254ddf8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"6bd607ec603129e24d5dbb3b7b374927cf6db21330b2d43962bd8d39708f34cc5755ada9a1449f04993a775053","nonce":"75838a8010d2e4760254ddf9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"5b51889b2b47878ffac69b07ac273dd96f1acaae60cbc9fa32f240bd482727aa8058ed9c31795a77befaf96993","nonce":"75838a8010d2e4760254dde6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"9ca91fb0d0fae841a41adaa5ce38304667f7332bf7f5660dff63741f171b696297a0b4b7f803eff458e52986e9","nonce":"75838a8010d2e4760254dde7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"c87fd1ba525a855277f0cb255014eec0177d948a7e34a2036778938d5ab0e1b726a813eb2ae6d63d7d18e75222","nonce":"75838a8010d2e4760254dde4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"7d32bcfc572a1349c0febabb36806734e99308138c95dfb38fb112c341d030d589f88b6bb98dd6ab1d77b6bcf8","nonce":"75838a8010d2e4760254dde5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"6fbf3e45882054080cbe91fb1f2f9cf561d48c337736891a9a3610acc854782d7ba7b2b892d78bb282cab445b9","nonce":"75838a8010d2e4760254dde2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"e11387fa858218c71f4fe6b1b46bc22d23abb98efe7bb63d809901fc3e1777a8606f818b472c4c2db2c5383153","nonce":"75838a8010d2e4760254dde3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"0e68631f7409d8ab4f34cd9d33bd2fc676c93205a45ad7867fd01d24da769f62f595a50325ee8e8704f2d3f438","nonce":"75838a8010d2e4760254dde0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"5e79923fdcc27900f7219f3f14360868425053419257a8100c546aed86d101d38ace2a837385fb49375807fb0a","nonce":"75838a8010d2e4760254dde1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"ba03cd177afb4c30bd760b6fe573a3829a229855593914e738a058fcc10a18a859501ecb01429a0cf323c811aa","nonce":"75838a8010d2e4760254ddee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"05d523b9202316477a6a3e4d77d7433492a9192b69b56a5ff93905c77e6d028d7a6d6a22cbcb7cf1019cc475f2","nonce":"75838a8010d2e4760254ddef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"1b8a01f7f911f1b7a4f9baf98add4b7cd1deca03485408db4bc621803eeacde75a9a565c4912325e8108c8af78","nonce":"75838a8010d2e4760254ddec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"26d2056efc828191937cf8fb417fbf12b6f0a47e429306ecc1204a0c75745650b0c4f1306cabb57afba49fe0c5","nonce":"75838a8010d2e4760254dded","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"c06343b166b610f479c937d5bca75a428240cf85ec25c536361f633291b7471cd14c2cb9db44e883f22ceb41e2","nonce":"75838a8010d2e4760254ddea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"068b22e3b01155c7c0ec2cf8d0eb95a72b728d68043ffba7ba48f2516b3449098543234090ac7f3826f7eb213a","nonce":"75838a8010d2e4760254ddeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"95a9a84fa2d68673ba5d9fe84d9a0b719a9fad05094e566e96f520162f4914fb46056a67cafe5509132a9faafc","nonce":"75838a8010d2e4760254dde8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"35d67c1bc8e3e0267e9571ddcb2420fbb3479c4aabe91c26f2d85ebb7b98867720f38e4e9635841dbe14698059","nonce":"75838a8010d2e4760254dde9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"1f029c487b7f65902371e5705335fddfcbe12aff3dfab6b9f81e6e1b1dbd80eb01fa1c7e29f4414cb8a5a70f16","nonce":"75838a8010d2e4760254dd96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"565e5c412cf854e0b25eca10845014d689bd51804b0819adca99ca4101b5f5f2cbc589eb2a724923360e723706","nonce":"75838a8010d2e4760254dd97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"9e6c39a8e51307b6fce3a05ebf568f46a95c40351abcfc119d42a21471547cf562c033bade5952dc2e52d1d21b","nonce":"75838a8010d2e4760254dd94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"e7d32340d038eeac00e364e19ce6d137f7040ca79f3707f89190dd3df42e227562dc4f496dba09fc9b309af39c","nonce":"75838a8010d2e4760254dd95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"d0e09b64d81f416bfce3cdd7b2cf439ddb20066e03cfa2fc0142c1146cfac4fa14432a507e49525f364dc58402","nonce":"75838a8010d2e4760254dd92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"8fe1dc9a7cf1b1241085e6705404867228a9bb35572ffcbfe2053a2d6378048a2a097ff4c3bf9ad4413cf860dd","nonce":"75838a8010d2e4760254dd93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"a564869580229a3e3f05d22b4fc2bfa6fdb7cbef617ac699273fb0bf513b2a614cb9fcb8c7828876a74815fcbf","nonce":"75838a8010d2e4760254dd90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"0bad1c67216452a9f6ca03115241f4b49b55c7f8ede360f06c2ef236e4e8f8e0b99d73ef589bb89942f97bdcb8","nonce":"75838a8010d2e4760254dd91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"b495ab0adf9f89b3f2e0436a6f82a061f548876dd7b1033dc026bd5097f0d4b5266503b33395a29d178592b319","nonce":"75838a8010d2e4760254dd9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"48beacda460b912aa3bae81b3cd663a2554dca2f1d7f6d54c401f09dafc121b2e9d92b58816c034071cfc9a1dd","nonce":"75838a8010d2e4760254dd9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"262afe1cef8415e440f1ed0013befbf754cffb1a8f05202c96ae6eefbc7b8eea9bab8c44dd9cf9e23864a7de5d","nonce":"75838a8010d2e4760254dd9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"87df6ed5ec7df1cb5ba7b879d2ecd39bf17ec5a23ebd0d98aca0dfbea58cc394fcf7582004efa105913128f692","nonce":"75838a8010d2e4760254dd9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"1476e1a9a6994e6d05adb9fcc4e635df97a89920a5d6bd6d2e3d8aee40a04d3584799e0d106c83ec2941949170","nonce":"75838a8010d2e4760254dd9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"0a64e2a8523910e1f63c8d98f2aa1b6adf9b46634a0f3f5ee33594c8447327bbae350000043e7085403265f5ec","nonce":"75838a8010d2e4760254dd9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"a9c70e7b5b881673862ab68f9304f8758b4f9886784234eceee42b80911a86e358a431313a13dd33b5d2e2093b","nonce":"75838a8010d2e4760254dd98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"41de2a2dae1f6c2360d3ad2717bcb73811874df9d96ee2e04a601eb3f83537091e682b35815f77d5bf936d4dc4","nonce":"75838a8010d2e4760254dd99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"0fc6f58e6b75251b014ee33e7e78739745d88d3c30f2112516e5bb88e09e8227f967c68d6e239dfa1ef5117aa8","nonce":"75838a8010d2e4760254dd86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"faae617db9f7426e01cb5a78a718c6634cafbb1c1cfe6bf6c810dbe6cac955ec1a2ab6dbabc59a0b07c4431d11","nonce":"75838a8010d2e4760254dd87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"b2a5cada9ff0f28a244b613a707022ef4777279f49392810612bbbbfe9d95b1b20944615246b43dd6f870587f3","nonce":"75838a8010d2e4760254dd84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"7aa2ae21ce33ae1815e4c07d3258f1f512cef0e626af29bf4b666346f9e8354e4d64586c3b535d78425ae2cbbf","nonce":"75838a8010d2e4760254dd85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"b3762adc5c984790bdfe1f04d4cc69e5da1fcf2fcdd111412036807e724e1a5a0d018247ef413162e2664269d0","nonce":"75838a8010d2e4760254dd82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"d3052db7388bf55286613f9fe21c565239e8f970bfe9445f51110d1552d5fda63a10c02648192a7e4b03e6a5d4","nonce":"75838a8010d2e4760254dd83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"e4106c7876bd6f02092f635ad5dcfa05022b12c608b8c016ced039cbc712a7fbc3d656c00e792bd011b5a6ed9a","nonce":"75838a8010d2e4760254dd80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"e078c18770342554e9b8914185a3817b52c9917872fcdc2362cca26e3677c99dba8434025449a704d611296eda","nonce":"75838a8010d2e4760254dd81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"48ee32ada5d620a7f60762574641e9b30b38b771c92ed0f6822eb583a6fbe5332b39d745c50a619bfc7e13d5a4","nonce":"75838a8010d2e4760254dd8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"a0af1fce9dd596b5be9cba1473c4d494bdc45ad6c97f363c7bbd838b44c3ae0cc9fd1ad4ba60945b3428e5b82e","nonce":"75838a8010d2e4760254dd8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"befb0dbd1c16a89862dd8e875b546f06b79908f289ec752af26da5bcda62541d734b781c20d40d737146131b08","nonce":"75838a8010d2e4760254dd8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"26fee4913d32728777d5698df948f14da7edf5fbcc4a26bfcf691a568efe1a9996785c302cd2b04ff7f612f4b8","nonce":"75838a8010d2e4760254dd8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"01661766640630c915f17466f8287ca7cfbae8d4de5c2c84a5fb491b8db3fe24af5055829354b12ace8a55a240","nonce":"75838a8010d2e4760254dd8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"12d0d83e0361abae0831c9a38c8004b6a7181baaa0e5b500cdc738937b1a4b6c8d31f9ba0b5debdc0a66de3346","nonce":"75838a8010d2e4760254dd8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"e81ffe7e4ca7df8a13173595d69995cac9091b00aea4a406777c7376643d16e5d80f855374c22000b2b02ea216","nonce":"75838a8010d2e4760254dd88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"b10c2942c4da4596fcc0835367716f5fd9bde381dccf250950e4320da70d487c018b0af75663b68438389b006d","nonce":"75838a8010d2e4760254dd89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"4530f5ad31a35ea6337c0030e2743e6f558e4a0488cd0598578939f4ba63bf60e2762fa72d684d82ede715b355","nonce":"75838a8010d2e4760254ddb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"62e0c198423553af991916a714e1b7252f1371433d533d6dfdc90d690723d33141ef7085cc5601c46b3edfb98e","nonce":"75838a8010d2e4760254ddb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"4d5fc6e5f8180f6f98ead38f68ca002a8f280eb2054b33877ae98682499766d4016bff1d4ee357f920a912b8c8","nonce":"75838a8010d2e4760254ddb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"e406adbf3cd0e2862b0219933af822b07827f63fbdab1c86d077165b57f948de83153240233ab670fe190ca59d","nonce":"75838a8010d2e4760254ddb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"3e2e2e29526ff078a7213822bb383e2c36957976c007338ce42ac07be6fd81cc5813e7d552320f5b1e8b2daa60","nonce":"75838a8010d2e4760254ddb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"8ec56abce027783bdd426d9efe96482b4b1a2e6fe4841bab33488711238224c4d80d179fc2d07357ba565be511","nonce":"75838a8010d2e4760254ddb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"1b586b9161ecc99ec0b719c8ecd6a9ed03fa9b196e04af2aff08d0b5be9cb86f338636fca448e8d68b18774c69","nonce":"75838a8010d2e4760254ddb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"9a4d4c6ddb87e667971b9967ebaac829faf2e1eddf6ab40ea424a95c55a0ade7ba65f4e7a60bf0dc142664839b","nonce":"75838a8010d2e4760254ddb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"e9bdec7b4ef5d44536d1b73fd401b39f59fe3bb5678b2496fa810a99c9008c84c6dc0dd1c5d694d0bfcc3a8b09","nonce":"75838a8010d2e4760254ddbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"f06ac8573a30f7af48037366199cb97d83a7b7bbaa848ea146808aa17cda0a3661fcbb8ca8829990d6a9e00b1f","nonce":"75838a8010d2e4760254ddbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"ab4df99405403aef2444cbcd48dcae1fb3da66ca6baf9093563576428784d8f80ffd0d1b83db006e64aee65b46","nonce":"75838a8010d2e4760254ddbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"adabd55b363927eb91bba7988ab0490c5dae828fbd8c02f46e68779027fe351440af34f2184a2df7d773fdbed6","nonce":"75838a8010d2e4760254ddbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"d077960d319c67da1fbdc14b64cf2f3f209af9660298c7baa4481f7b56882e0481a37004cea8c95960b1065643","nonce":"75838a8010d2e4760254ddba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"46eef5d94d8bce9f0beb76fcc322d0fb3fbc2779a76bbedcb7321882df2b1de9539d35a28222f86ab66efed74a","nonce":"75838a8010d2e4760254ddbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"5773854e21b3056fbb1782d14d819e23cfb1093cd9442722c47b0dbc88eef3c6dba53bc396e49169f6c41cd5ab","nonce":"75838a8010d2e4760254ddb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"2845bf4c8ef0e8c1cb9be6f2e16d71102de73ae116d3304f642e0e2a13dc87bb7c9d5e03e7643202d715df8f41","nonce":"75838a8010d2e4760254ddb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"ef2a1d8220e6aa7dd3201a763f004eaccb391c67d1c4880312a7009711e9750195912ca0511e72ca198142b86d","nonce":"75838a8010d2e4760254dda6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"fe5072998f572c45f609e96749e29f5bbb930ac031e1aea15b53d87a002a090b4c7fa9b56f242339583e9f8c09","nonce":"75838a8010d2e4760254dda7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"000853d378a084af083a501ee6d46a1c17783d20e2f9b1b236a237f4876fc56e54bbc6dc8f190ff7afc558a0d8","nonce":"75838a8010d2e4760254dda4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"b0fea78125fc2fd98a343294838b5aa042152180660b1c10c74aef9cbb0908d8cc7d91dcdf726e5e63e670d1ec","nonce":"75838a8010d2e4760254dda5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"d405558c6a7c06454662e9d0114453815a21a4f6c0c94ad41db0c4c147ea8409282c9720ad6c559838c1ada312","nonce":"75838a8010d2e4760254dda2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"7b5386705ffc5bf2903074985660de2a9301a3401f3043f008daa33442b460acc147ff2e8871824bbfe7ad72c9","nonce":"75838a8010d2e4760254dda3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"6827c92628cf98d14fe945dcf5301d8bdc2e800a77b7d95979aab6f50d5acaf4af301ad9a28bdc815769ba5efc","nonce":"75838a8010d2e4760254dda0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"0ff56f27c3752fa2675db89ee3961f84acf8263bd1f78f63dc6cdef5e288ae42a8dc6a3ed2100224ece780718a","nonce":"75838a8010d2e4760254dda1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"4fc16f5ff48c9c08e057142f6d2d71e77acf2a5e1ee55c56b36d0aa4d4375a6ee07ed5e9695b5daba7506aa54a","nonce":"75838a8010d2e4760254ddae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"41c821b88f693873e0f1e18d430dd9f7ed2ed51aae9aa9ba91c615532e5b536ce6462d56c8a9420fdf632c00da","nonce":"75838a8010d2e4760254ddaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"357df43e59b77cce67d7964c19ae66dd79acb89db26594c2aff6ff6a6e8076297d3f8fe8c86dfa18609e4d6ba8","nonce":"75838a8010d2e4760254ddac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"ec904a0dd78269d80050f18a9d2fca42eb7108b3eedcc244cbf0ecf2acb308498711e6ba180d9dc494c4033f0d","nonce":"75838a8010d2e4760254ddad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"1cddb99d3b6f9f1e4cc66ae482f2eb3e71583af2eee6fda7037e40c5c65d2dfa7ff8ad514ff0268ab7ddcd4aaf","nonce":"75838a8010d2e4760254ddaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"13174615910c51a42287596b70ce10ee427ae96a6938d33495d54faf3eecfef0797dca0e164d10db256886a01d","nonce":"75838a8010d2e4760254ddab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"84e16fb7fbf84d830005a0f799a3d8584cc3a7b4637aa23b3d9e484e66559204e486f00292ea40236c71a590ed","nonce":"75838a8010d2e4760254dda8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"eaf4041a5c9122b22d1f8d698eeffe45d64b4ae33d0ddca3a4cdf4a5f595acc95a1a9334d06cc4d000df6aaad6","nonce":"75838a8010d2e4760254dda9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"fb857f4185ce5286c1a52431867537204963ea66a3eee8d2a74419fd8751faee066d08277ac7880473aa4143ba","nonce":"75838a8010d2e4760254dc56","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"c52b4592cd33dd38b2a3613108ddda28dcf7f03d30f2a09703f758bfa8029c9a"},{"exporter_context":"00","L":32,"exported_value":"2f03bebc577e5729e148554991787222b5c2a02b77e9b1ac380541f710e5a318"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"e01dd49e8bfc3d9216abc1be832f0418adf8b47a7b5a330a7436c31e33d765d7"}]},{"mode":0,"kem_id":16,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"61092f3f56994dd424405899154a9918353e3e008171517ad576b900ddb275e7","ikmE":"f1f1a3bc95416871539ecb51c3a8f0cf608afb40fbbe305c0a72819d35c33f1f","skRm":"a4d1c55836aa30f9b3fbb6ac98d338c877c2867dd3a77396d13f68d3ab150d3b","skEm":"7550253e1147aae48839c1f8af80d2770fb7a4c763afe7d0afa7e0f42a5b3689","pkRm":"04a697bffde9405c992883c5c439d6cc358170b51af72812333b015621dc0f40bad9bb726f68a5c013806a790ec716ab8669f84f6b694596c2987cf35baba2a006","pkEm":"04c07836a0206e04e31d8ae99bfd549380b072a1b1b82e563c935c095827824fc1559eac6fb9e3c70cd3193968994e7fe9781aa103f5b50e934b5b2f387e381291","enc":"04c07836a0206e04e31d8ae99bfd549380b072a1b1b82e563c935c095827824fc1559eac6fb9e3c70cd3193968994e7fe9781aa103f5b50e934b5b2f387e381291","shared_secret":"806520f82ef0b03c823b7fc524b6b55a088f566b9751b89551c170f4113bd850","key_schedule_context":"00b738cd703db7b4106e93b4621e9a19c89c838e55964240e5d3f331aaf8b0d58b2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b1400b47c33038b0269c","secret":"fe891101629aa355aad68eff3cc5170d057eca0c7573f6575e91f9783e1d4506","key":"a8f45490a92a3b04d1dbf6cf2c3939ad8bfc9bfcb97c04bffe116730c9dfe3fc","base_nonce":"726b4390ed2209809f58c693","exporter_secret":"4f9bd9b3a8db7d7c3a5b9d44fdc1f6e37d5d77689ade5ec44a7242016e6aa205","encryptions":[{"aad":"436f756e742d30","ct":"6469c41c5c81d3aa85432531ecf6460ec945bde1eb428cb2fedf7a29f5a685b4ccb0d057f03ea2952a27bb458b","nonce":"726b4390ed2209809f58c693","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"f1564199f7e0e110ec9c1bcdde332177fc35c1adf6e57f8d1df24022227ffa8716862dbda2b1dc546c9d114374","nonce":"726b4390ed2209809f58c692","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"39de89728bcb774269f882af8dc5369e4f3d6322d986e872b3a8d074c7c18e8549ff3f85b6d6592ff87c3f310c","nonce":"726b4390ed2209809f58c691","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"734af2172c37006f41be8ba9f990e54d3dc89ad5d6624a84d106fd7534e8817712e1449facb9c7ea34d231d733","nonce":"726b4390ed2209809f58c690","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"bc104a14fbede0cc79eeb826ea0476ce87b9c928c36e5e34dc9b6905d91473ec369a08b1a25d305dd45c6c5f80","nonce":"726b4390ed2209809f58c697","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"f2b3ac44eb6203dea1a90cc6d6fc17ed016245d8d19aeaead524e932bd994d2411135f9dc5d4e99853a1f72481","nonce":"726b4390ed2209809f58c696","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"e70cf2472491b4ccdf8d14a0e1af15c80e460ef0a4aa4a76de245e9574e1bcc81fea7136cc3f1a98821a2375c1","nonce":"726b4390ed2209809f58c695","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"e0c798c054bc640b0d1f10b427b6c20231888b1a126639d2a8a0db5ce70c09049bd148788a2c741c17a561f342","nonce":"726b4390ed2209809f58c694","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"a9224d07b7615884bb9758a467f9531ad746e400228f462ee60607201cc61e4e7962e0b6fac285cb14669fbd12","nonce":"726b4390ed2209809f58c69b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"1ba2e07b5b30b15e6654d156ef364fff7434c5cc9596fe813cfcd2ad9db43d41fb438b4b557dbc6ed83f5af579","nonce":"726b4390ed2209809f58c69a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"4ec223d29595cdf5e6803c62034e191545d0d2bd07a117716e6ae521c52f016be3e4d426a662b807da0a5ddfdf","nonce":"726b4390ed2209809f58c699","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"d9a38f9ff6099883eb3e40ebeaa47d70012d2370e695cd4834884d614fdef701b3b9d8c87237d6aa1e8291e242","nonce":"726b4390ed2209809f58c698","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"74c5c992bae13f2f098fa40e959251bf158ca2351f105bae2d0c93653caf5637a9f78aa2ad876b3257a643fc11","nonce":"726b4390ed2209809f58c69f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"bb68bb280976a0df6c1f3a828964d6b694c947f289900207ccb8392f4bb1d69225a9f8b16c9c9af149e14ff9b6","nonce":"726b4390ed2209809f58c69e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"b5b1c1b631b5610f3ee247c976bd01937c50019987e2796723012684256c61e41746c2d079d9e8b6a127314215","nonce":"726b4390ed2209809f58c69d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"1fe5c43f2cf002961127ae828424a478319ed201990a932372335f79b43b8f405fe54edce968c9f40b76fa14ec","nonce":"726b4390ed2209809f58c69c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"b5fd87b62dca8e8a4b34bed09054c7b67c73e69ccfeac9f19b8d8a5769a2d53f1379bf89e179d5984fee34b37f","nonce":"726b4390ed2209809f58c683","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"846d0d8ca9a8fcf81c18e719800a5fe8fbbaf7823e7441b0f1354a8cca757c49393a8651f09cf72a7359526b02","nonce":"726b4390ed2209809f58c682","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"4d08b7f7279ee16a7943d4eae51501e78f31651ff21b3583f437943d80cf831023184c02829bc44bf5f6730be4","nonce":"726b4390ed2209809f58c681","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"63d26b559ec32298877ae41cb789c70e7cd31e0ace3cb7c2612d4a98b7ba8e739c30f15c417518c41df75321ac","nonce":"726b4390ed2209809f58c680","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"db403bbfc42bab0093d951e4ed6e3ec7b037ff81c0d5dbec58326db635ff39df7d6204b3aa8794cd5c81935286","nonce":"726b4390ed2209809f58c687","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"e4dd36b82747d5924745dd622bfe1f9615a1acf123bf9fd3709b066346852033f080b37ea1fac388f54f1e3ca1","nonce":"726b4390ed2209809f58c686","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"6d6c2f05bc45e6b94bae97e95dcd5fe00a658da4de9c2c8c55788ae52c76f005eb48a733c2063e9ad47c1a581c","nonce":"726b4390ed2209809f58c685","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"4c153972502b9888276da8cf94e9a4267f85b51914d5d91720321e6edad2d5de358e1f1f5efe5887fdf3b84f13","nonce":"726b4390ed2209809f58c684","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"25db390feccbf45326313f777bd0b49c3c7132f63ddac6fcc53bf1085ccbc29050a100a4a63ab34c6421f6625b","nonce":"726b4390ed2209809f58c68b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"b4f17772fabf24ca6d0c79b5cfb9f8852f178c8ca8c3a7c212cda1350d266d56ab944480fb4d067fd1cc9d5cbc","nonce":"726b4390ed2209809f58c68a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"d486894c4ca01fb8c8f22bea08ccb1fee3040fa2f20fc5799275a174e51620a523d6a0394e1e9ffbdebba7e700","nonce":"726b4390ed2209809f58c689","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"54918345c42a9f061680ea328cb1d7a6d053131d3cd063049723b7505d276cd01a80fd73638d5eddc3610816f9","nonce":"726b4390ed2209809f58c688","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"ca7fba44cbc8bc250143b0ac4f49dbe19f73db21743e27c12234835c5f388e7aed926a6beb590e3570aea9c6e4","nonce":"726b4390ed2209809f58c68f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"48dbec647f3035f870665a2daeb155a0ca7f63b91769c06283fa42444b379baf52bd3a3735bdc1d4b1e047bd29","nonce":"726b4390ed2209809f58c68e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"ec17e2db11f4b039f474d08b053b3d7b2c972583b8586c10353abadfc85e9a0eccf8b090d768da71164360493d","nonce":"726b4390ed2209809f58c68d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"3bd0276ea1ab993578aa645045891b34a844c0b8d0bd96675110c16ddf3dacf015c0d0e1d259f5ab28b90de0f3","nonce":"726b4390ed2209809f58c68c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"2e666bf17c1da1dd01198d269cb23a9a4cd5f3fa2adb4208e1e9cc23c2507de0585e49078374bd1ab9f95e97fd","nonce":"726b4390ed2209809f58c6b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"73763e207b5c303944af2826fb75a82dd33d6974a3fd1ac7c15d7c3e1481af080ec6819a14a5ea45edd85f1cc6","nonce":"726b4390ed2209809f58c6b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"d9189292e2cb6415977478c4d693f50f7b0c5d1959b3c239b1732047b6c40136d7132b3fa3bef8d60916aff4e6","nonce":"726b4390ed2209809f58c6b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"a1589667b9c5957117e465abfaa745c182a14468f9184df5be8be581e1124ea29feb3d6fbdd9a80f04e00d5b2b","nonce":"726b4390ed2209809f58c6b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"5a2dbd09c6d8b14d2afb270e23f354c1605d0d11b1bb270aa9ff4fe86759a5dccc8ec8a2fba9a9d17b322a78ea","nonce":"726b4390ed2209809f58c6b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"6149cbd7d02d486ee75185c68925a66f7d6b34dd18c7f0f2281b5349c8f949c892186763e06f5a389e712be968","nonce":"726b4390ed2209809f58c6b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"ad48d9475f98b27340901119735f3b709f7be3d02f15c0219385da39a95f4cff894c2c77c10e3b0cf764a1d468","nonce":"726b4390ed2209809f58c6b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"1d4c9d109e0e6ca1fee90828429335f33339a6575c6524e33e134f5cd5f1c922137e69179a32e59e57c0167816","nonce":"726b4390ed2209809f58c6b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"0b573b1bafb0f32886784a0cd6cbe176fab1de83f5192d3b86b2b66694cd45b8d30d633a00fb9aa2ec63f49425","nonce":"726b4390ed2209809f58c6bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"ee7ef6069d7c6e4c992499b59d16b4cb32902e6130713408f50c300ed71abbde6030d06a09f1a66b3fb5ba8b27","nonce":"726b4390ed2209809f58c6ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"6bf9285a9151c90bdd71dc73b6eb09236a6424c45890d0a78b11f1c88a8ed111eed0917b1a05b7748b8a5eb8ac","nonce":"726b4390ed2209809f58c6b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"c85aa2b47d2e621284d9f0881df3e384844173467e82b5d9a12f36dfa573eea272d293e51b03b4b61e348c24db","nonce":"726b4390ed2209809f58c6b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"7f93aba292650ecfc81cb08bceb5bdcd8c5a154a1717286cd3dfe3be3d47d5de7bb2d0d3199fc3b5cb0fc37149","nonce":"726b4390ed2209809f58c6bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"14a9d1554fda1be61d9021326e89660c1acbca38c6923e3d692aec5111951cd83f2964ba11559d77435827c1f5","nonce":"726b4390ed2209809f58c6be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"80c49255f7128578f72e7629a785b35b9258193d34d9548c4f2ec6949ceab47e46f98b994916392b68f1d1bbf7","nonce":"726b4390ed2209809f58c6bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"95adf915c54dbe98c5df44ef5614c3e230b11a3670ee42bab04e6a6f91469c5c66e81e216588fdf2dd99c258e1","nonce":"726b4390ed2209809f58c6bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"6423b7f11828c7fbd511c9c31360b0eece14ccc2757b0ed5719d76fabd34684c01b352dd23db7a96c7bc087858","nonce":"726b4390ed2209809f58c6a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"b1d5d7e0e021a541967fa7d18c98113d45178f0182625412050798a662868b8fe11b25d7a9c1c25dae2b1ef816","nonce":"726b4390ed2209809f58c6a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"40589909d89dff1e3d12880d92f77ff17816c26281ef373f269429da1a55878aee40eb94c6811ce9cec8cdf86b","nonce":"726b4390ed2209809f58c6a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"78f85912bd2b2a19a72dab435752a84205e66d974e18dd25c85b5583689e3345d1510f48daf82280278b7b8a89","nonce":"726b4390ed2209809f58c6a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"81efea47aa340b6820c2837dc7fe71816866009e6ea53c96c2a0adfc54b4fe6c1e2dc1fde6571b7c968f97fbeb","nonce":"726b4390ed2209809f58c6a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"0905ee50dc39591418a1f5039831557a5c74f1f3f3449f882a90d3dd3374292405c9686fb75aa42fa578a84c87","nonce":"726b4390ed2209809f58c6a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"26bb1cfefb74e270f174ee66f663238ea83e60b88103b63b9ae24e6352d1b8065ebe7d8201b9e38347f29b0dcc","nonce":"726b4390ed2209809f58c6a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"bb9c93863e7e2d0e2d8ec01e9ee427b04353d0aa16cfa70fc0a5a0b871b402b7ba8327a1ec87bfd09951f794c7","nonce":"726b4390ed2209809f58c6a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"c4e9cae678ea5034935a97f57bf1af56718ac35a41a3ec6b500d4009a45f83a0079247a842cc552f7d016384dc","nonce":"726b4390ed2209809f58c6ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"b303919f9afcf116b989052ff3d2c36bdd86e8d1e846f73076728eb163285bb0b4d84b676da9266e86beae5434","nonce":"726b4390ed2209809f58c6aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"48ffcd7049a929723bc6f63b9b81f927cf7d47d725c2b746b5428f77c9c7f2def2fef0355fd856e3f016951953","nonce":"726b4390ed2209809f58c6a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"0d17d5e83bb7c1317847870e3b65c48834551d26b1ac370bd3364a7315ac0a01d60a7ba81240867bf94946115c","nonce":"726b4390ed2209809f58c6a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"f1128d25adcfd02a530d84b706b574fe2da6a0eb5733205c4784f281b49adc9ad0f2d5234c78530c6c6a0f6b89","nonce":"726b4390ed2209809f58c6af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"d861f297a5e3541594ab56cfc02629a594df76b32bd598a995617ddcdc39a91d8384e2c4e54bba9aab5c54dd68","nonce":"726b4390ed2209809f58c6ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"f00b05533645464bca5201155859aa398a0909ca8de88d6e3ffa48400ef335e817b33e0d3c1e6fb2930c2d6b97","nonce":"726b4390ed2209809f58c6ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"7e7eec0138aa08184ad6acdd6582447c46915b447a68f90d4858328180d29e8eb00a7e73682cc2b7d138e51fdf","nonce":"726b4390ed2209809f58c6ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"779acc4539e775adeb8e7cd01002b29052e8fd69848d2ae4e8d3632fb012baf915b49cd7403735721cebfdbb7e","nonce":"726b4390ed2209809f58c6d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"55dbecabad5dbcc11e219ae4a1e7b32d8c9e61c40adf1e968b6f112fb518e6806b9ea5a861e354c71623c34728","nonce":"726b4390ed2209809f58c6d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"a258855783a45f75aa87c1983a273fea38e73b680870ae1e7ac17f1a1fef97974824cfb6d0150148dc3926700c","nonce":"726b4390ed2209809f58c6d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"74e188c068d85cd23329407026e61d958ceede570d83786a5a546865c893d20f6d534a9fee14cfd3dbd79c4cd3","nonce":"726b4390ed2209809f58c6d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"c2e441500308b10d6a87660031c460984efb8b17ab81a683ae120c6a4840b3637819189b91738fe804f609d67e","nonce":"726b4390ed2209809f58c6d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"aa78ba7e9b42be745bbc09d65380dc8efe774b9918381370f636444f74d2f9b32b790137c15cc476578f31c97b","nonce":"726b4390ed2209809f58c6d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"81c762f421e88f82ff881867623536c4c557d257bd302e13abe8fc15ac6357775bf6f05574235058dccf47f253","nonce":"726b4390ed2209809f58c6d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"53d4d9e8c6505924b706dbe9216251dc5c31fcdc95b573ee4a17bfdc5e955b19def0ac196ceaa4b9773e3c834a","nonce":"726b4390ed2209809f58c6d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"e24354916b47ec853b84a1287c33618157ad8775582535e4518c24c922769e3f5ec6faf5638e382a4cb1fa02d9","nonce":"726b4390ed2209809f58c6db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"ebd865bd2fbdbfd431af46125620059547b17c3087f8ca491f480107d57d4298390b050608be4e0a21c43b88a6","nonce":"726b4390ed2209809f58c6da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"6b65db95d7c4c988bd874624ef532f7e16fa2396f09fb835eb87d8f364c4cdd43d40e58108e0dba57664fa9a80","nonce":"726b4390ed2209809f58c6d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"7e897a3558ecb0c042b418956e99756ade9685c4ee20e51a0e7672f2464f8500ffc88c77abdc8ade746858dc83","nonce":"726b4390ed2209809f58c6d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"e22182df9719afc16da67f866fd2126f728df30497ad18377aee41271245ee745ad0cdf649266d61fc1513c861","nonce":"726b4390ed2209809f58c6df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"e68d05b1275e7b163a5270de6fc349758d6f779315c0535fef238a22fe9a4d179b35de575464cb74feb601f464","nonce":"726b4390ed2209809f58c6de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"c709612b0571611f8dbc33f0e617b8db28639dc7f3f8fb28b92a7307ec02ea7481f24383f61e0ece0c720bfd9b","nonce":"726b4390ed2209809f58c6dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"e7921ad24cd30b6f26c1dae851baec4ce3b9c73b0d78f5155dc95748d2de4bd21e5e1cfa4f91b2bc0be8bbcf5a","nonce":"726b4390ed2209809f58c6dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"ec1adb44d17877062e190d664768d2debfff60516fbe1e41a986aee5a92ef6ff782ebe710f6303f02fb9f8d22c","nonce":"726b4390ed2209809f58c6c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"4e7a4c29def86f64a6278ad5892a12acbf23a512aa61868c307d805536ec8d7d3ff39f39af4aa60527fb4e1d62","nonce":"726b4390ed2209809f58c6c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"d8fd05006c38f91843976ee6643f05eac768dac716657445ec0599dd8cbd5c82b4da7afb903762b46a955a135a","nonce":"726b4390ed2209809f58c6c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"68aed23612da5f4ec750a17d6fbd8f2d662216af79662841af53f5bec823de7d36bf8063048452d3c24142d11f","nonce":"726b4390ed2209809f58c6c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"d4223ec08dd6c228bafba7ec4cb5cd9f292c6053d4926ffed54717d78cf6086cffa80b4e90506ee3fdf94b71d7","nonce":"726b4390ed2209809f58c6c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"cfdb05355a3b038e365c938f0f2cee592fb08ca9c35c78c4515c82dc73eb96c5c357fa2f54235299e1b868f2ba","nonce":"726b4390ed2209809f58c6c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"1d2cc396f494c7d672cd27cd0da672275b3b8e56a75db07a5a59c08a8c847db020eedb18e5d379e73415a0ad6f","nonce":"726b4390ed2209809f58c6c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"2e629143169d51384462e2bbed8ad01889dc3226cb27e1aa045ff781ee4e180d64d10e0b157cb47c0ff40eea4a","nonce":"726b4390ed2209809f58c6c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"30682faf06189ce735e9f440f23be7f7ede908c4264b58d875e979f5eaee82896a5cead43c887cd3b7e7ec8cd9","nonce":"726b4390ed2209809f58c6cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"dec2896694c989f5401ba691a4524cbc2666b5555a8a24d2c626c5b080a18917fc520b45e816fad590350ce296","nonce":"726b4390ed2209809f58c6ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"0e063d5ef7f6ef6c68d0eb23f298231ec9b514d8f0424986bf557e3e1e7211b03febc9815026e966fb7a7aa16a","nonce":"726b4390ed2209809f58c6c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"b8b8b19ad281aafd83c9b51c65b963139b294cd916ef8de481153add87cc3af41709cec8e821d2e84417a81fae","nonce":"726b4390ed2209809f58c6c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"164baa23d0f660c59da2ba149f96c176d5d269e2f7fd28f0a217b4b0510069ba73dc6817c51e9b214000d2ea79","nonce":"726b4390ed2209809f58c6cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"8764d3a57d489fb0d1caccee8ee387737d6bf73b2593d33d048ca34e4876f8a87efa24137f7d5665e602ca9317","nonce":"726b4390ed2209809f58c6ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"8e8e7d13327b6e2500f352179745d2407a3302b5e950d63052066686e177b9f4b7a80f9af5ed95539f87e64efd","nonce":"726b4390ed2209809f58c6cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"ed768fd17145c04ddbe967e700c2782dbd20f045b02c1290f0381e5736b4c6d8ef9062a3984f24e7df30ef157c","nonce":"726b4390ed2209809f58c6cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"c6e935a14c9d62d1f066781605e995f6a442b03d8395faf72168f8f74dd6a727878734b0b174c46c9c28895c73","nonce":"726b4390ed2209809f58c6f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"640c7f74d5db743f91d2cbf2835157438e2266f845da051228d028e5d11ae552f85c0bd8a982e74c97ca025bec","nonce":"726b4390ed2209809f58c6f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"c877812f62ea39df47fd07eb1f966d22961d0ee1223605eb408a72fe5e4e3ff82e24e3709d0372ca3629f89c57","nonce":"726b4390ed2209809f58c6f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"c27a98b74f08c295db7fbe7a8588084d93ffedd38dd15388d410ac196de531cd032b802aef1ee054385c7ef2f4","nonce":"726b4390ed2209809f58c6f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"ccf5a342f7c7539a664148935ed0f987e40d4fabad939ad5b02f5acb5fcb1bc48d741f3fe7ac40caeffc583fa4","nonce":"726b4390ed2209809f58c6f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"41a3ac1565039c6e4a5b51d16af8cf336ed172c66355110532c444e12f05a8b1432e42366a2c238a3783bef9d5","nonce":"726b4390ed2209809f58c6f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"41488a3bd047f8df83873cbd033e5968212f67fccccaf13bdc210c19e1dd3ccd8e824a558241ae9d95e9c248d4","nonce":"726b4390ed2209809f58c6f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"574fcc938cf6f8c6526abee8e55ed885f903c976687e4c9027423dcfbbb3f39963a245e76936565a7e76019429","nonce":"726b4390ed2209809f58c6f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"4f9bbf1a8760116c1b831f55c130cb36aee457d70646cf9fd51db76aa97bdb0af8af9604a063d0867bfea33695","nonce":"726b4390ed2209809f58c6fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"e3feea82ee8ac18db41f0705314450885e2dbf82bfac9560841873035f08a3f0ef73fa9698733b3c7ef66223a9","nonce":"726b4390ed2209809f58c6fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"0f2d0702759e3324dc2344fd76b3433b817bfd1c45fd0093442225278900c44431fdd58fc104fc5aa4e39646dc","nonce":"726b4390ed2209809f58c6f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"0e57cddecda79bdffb0a420c105e7ce60e925eed426e12b11a93bbd59dead319be4e1cf814d3fdf0f0d7d1915a","nonce":"726b4390ed2209809f58c6f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"06203cfd8008938ec9e40e7028434c609a9d0c08357204e3c647d0f4c4ff61c0567369e6e3e3dd55c215e7633a","nonce":"726b4390ed2209809f58c6ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"e83d95ed66835a5821497f579fddfbc90bb929067f59395b7a81d5bc37cfcd37f8015679cc5594abc0fe3f89ff","nonce":"726b4390ed2209809f58c6fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"ce160fd00d1f74ad81194be00adf1a26e6fe7523527275c66e28408eda44f79ad4b58b6ce945dbad4034bfb3f5","nonce":"726b4390ed2209809f58c6fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"87cb938176303337c890c97e751bf46022e785c0886c9fb12dc01a0e136ef540c6b307185fc80498c86d025ab2","nonce":"726b4390ed2209809f58c6fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"87745970e4bdcc30ff562fac3a24247ae4fd4b00c1badb1de5bc7c09da38ee855b7ff45f7b8e37386cfdb2c878","nonce":"726b4390ed2209809f58c6e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"057a11e5a712a416137063090c0dcc47c8a15844f61020e17572414b19874df7a59230c8a750439964c9f1b000","nonce":"726b4390ed2209809f58c6e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"928d39b871aa9d24c62b30fa5351f789f2b3603d43cdb9b907f5c0c6ddc5d173c763c229ee1f4327c1c82c535f","nonce":"726b4390ed2209809f58c6e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"f1ec3906931b884e37fa8e9ee7a64115e1422250a7961973d680c1ab2048286604f9704270733acf4b5100d9a7","nonce":"726b4390ed2209809f58c6e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"ba1826f1ffc1c9aaf2f85cb5969c62bdd93c2bbd7d8a170c20ec48dd2fad4cd4ee8b87cb9709f924c71e66dfd5","nonce":"726b4390ed2209809f58c6e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"ce40394e216087d9b8a4ac3f02293e9982385d768917bb6cc3d48f0e95953cc4953eb4fab74fccf9dd657d438d","nonce":"726b4390ed2209809f58c6e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"8b0c21afd5e221222919c40aec322caee52329e3d539f3ede932507ed58b6df54aa82c9a7ea38e208edb352688","nonce":"726b4390ed2209809f58c6e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"0f1d754199a31be1d31ca450e0ac1254005ffa1e8f09b19a7fe8a7cc5a9a4203a29b2f16bef2b7e4988c527142","nonce":"726b4390ed2209809f58c6e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"fcaf466b4b2bcf7fe9aa40bc9b64f65f3991f8f1f5cf88a3cd01c08d06dff49d4723b1e12c74acc0a9ca34b1bc","nonce":"726b4390ed2209809f58c6eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"2c0df3a3e5e0c623d6b5dc686a7ff8a04af53d26823cb3d9e04f3b57c024b2fd1497d37c5c8e0b116f87871d1e","nonce":"726b4390ed2209809f58c6ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"59a0b89a83b17c828f27f139f5fdd9d20b23885b96a048cdce77f3ab44f027b5a4c692e9440585202810987d95","nonce":"726b4390ed2209809f58c6e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"a38fa1a210c234f23eccd50ba9d659ce8bf2d5c038eb25cd9ad35f51055f9f81872451c69aa211a10f2ab57c0a","nonce":"726b4390ed2209809f58c6e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"b16350daa202517f83f04aea178d891c0da1ba51c05d931df1fd5ee6539c8641067e7816d7b7698878ca2c4bcf","nonce":"726b4390ed2209809f58c6ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"fbbabadb7866f15e2854ef3b1e83b6b6817ec4dc08aeebd751477e4ee812c69e484722f81f36aea93994f43a7f","nonce":"726b4390ed2209809f58c6ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"80d1dded295ca46503231fd6f818dab6d8871e5fb4e912d32f365f16918c75f2b63289455ff0e2b965ebcd8397","nonce":"726b4390ed2209809f58c6ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"b38d6b76e31bd7a0c0ffccab44dd8af04542a7a776d6923fc9c3517c3a13b2f7f6d00a638371b88bacef9e7454","nonce":"726b4390ed2209809f58c6ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"712dff71ac2ff413b71e19ee85d7f356aadaababd3b1022c6bed98901f15809c83fa345a8d2b37f6c8a91c1f9d","nonce":"726b4390ed2209809f58c613","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"674ad7c5c9f165d8db6dffbae4ff1275363c86b3f8771526ba439dbb82447b7877aaea9fdcca24f95762357cb5","nonce":"726b4390ed2209809f58c612","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"7992e03bec014e9a14c48df8640f9a57c988aa2d44cbe96fdb2ef28c7ad7d6a7b98d30c226d91e8ffe58115c4a","nonce":"726b4390ed2209809f58c611","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"ecf38821b622ada1980f9f39764e648d6c378014c27988ab57c12ce8bc1582c6089fb93b62948f4d8a372a8873","nonce":"726b4390ed2209809f58c610","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"919b9320b97e6739b148babfbe9afdf73631ef1b6842eb602c9aadd9abd90871bb97d6888a85ff04178ed6bdb6","nonce":"726b4390ed2209809f58c617","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"0c6a0191ae01fdc1a4add4b45f6bc033f8db3fcc815f360ce8f06c76b693a780b8863513edcc21870b14e08c7f","nonce":"726b4390ed2209809f58c616","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"8b71302c37c6d4c0c31e5e9edb6d1c4a73f824f5886bc5a9af7509ea82b81b2177884c851683f29e71d04a1e7d","nonce":"726b4390ed2209809f58c615","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"4d19938163037973e7ab01bf174a7f282dac83717695d8dbe7f2009ead5df9e76c8a756b94210be0fb63977fb4","nonce":"726b4390ed2209809f58c614","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"e1050e138a3dd5a83e4d4b48332f9bf240e1d4e2b2b9a5f8689bee21530906d56e2464cf9f2719735ee5c71c24","nonce":"726b4390ed2209809f58c61b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"9569a0d340a6edc696a4b050995a3a44dea83eab2022acd2af86ab1ff105dbf81c165d5af4b8d49dfb7f502075","nonce":"726b4390ed2209809f58c61a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"0a3c6c830debbe75e1b59bef2b6bfbd7837efcdfbf136d312fa67f52022e2dbc958a77824cfde86ac4b05afb29","nonce":"726b4390ed2209809f58c619","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"f15cdd312cc3afda27588be78fa806f95a7d822f47e47ec943b9b33f1a298604862ad3c5b5cf5ea3f71892c4ed","nonce":"726b4390ed2209809f58c618","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"a7d176802e8f22ad9d03fdbae671f025e1a25c2c0f395e360c2e33259024226fc5073d86f3956b963ff3a2f7d1","nonce":"726b4390ed2209809f58c61f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"666c24acea0016eaa2f7389c8d38139a3d8054027ff7768968001a2e8f0269895ae63ef4c60244111de9f30851","nonce":"726b4390ed2209809f58c61e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"7b42f95692712f0c2174f6b6ffe13a508024938db0be15c38ae7db49347b712367b1a5c802fc691c89ca35a01f","nonce":"726b4390ed2209809f58c61d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"17c1db58c01c6080a242829bd78ed8d05698e08e46a818432dd30f6246660682f2b0a7e84b3d68a769c790fc50","nonce":"726b4390ed2209809f58c61c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"c9dcaf84fdc6c03499e56517c30f4649a72d8553d89e11a35ad1aa5e4a8ac49740fb45e24099e83426e23f6dc1","nonce":"726b4390ed2209809f58c603","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"eb4da9f757b7b623c811451e26e813e3afd6cb953b78f51fdb4899f4c4234267f9539751e1d39205f1e0fdf88c","nonce":"726b4390ed2209809f58c602","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"ac44d0c5e093a531f30730731c4e4ab05bee6b2e26d6a26cb3632bf1b898a2e2c3a3683e3dc5d9555c5beab341","nonce":"726b4390ed2209809f58c601","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"21034c0975724566e49212a3f3391c806da8de37ca94035f3c23b2976c9c463f8070284a961de49191050acdf9","nonce":"726b4390ed2209809f58c600","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"260eb15603efa85921057608ddba586409ef1ddcd2bcb7cef08e366b43316ca946a7a612ae7ccaf70602c56755","nonce":"726b4390ed2209809f58c607","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"5b1080fb8cc9e38aac521a1acb74bcf681d6675be46199fe9e18b77ab04daaa014ab87e08347a16c5abc67a077","nonce":"726b4390ed2209809f58c606","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"748acf3059838f8fc3e201bf3c7fdd94620735cebd39c033e830c5f460ba9f3daab2eb90391aaee12271bfdb52","nonce":"726b4390ed2209809f58c605","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"bd39beabf523e3d63c38112b19d5e785a4e1ba4b680a25ece763806152eef191f84103e8bc23013d47a7494792","nonce":"726b4390ed2209809f58c604","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"e064ebbef18fb9918cde267dde2ac801858449a54ca7095333e64ea40cce8500d55ce0b634a7d67a8da936765c","nonce":"726b4390ed2209809f58c60b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"6c38d5d3c549aba871886308ab645f199924500a8cee97ab5b717355c162135559e3ea400896d7f77a6eb54f32","nonce":"726b4390ed2209809f58c60a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"3392e0bd4a6c7be99b0caabc63f3faa47962e044ea44c8c1f87e6d1c37750eef7159fe2fbc2ecf46394c38c822","nonce":"726b4390ed2209809f58c609","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"85949e5680516d84c734e98eaed3cf4d0468c8e593b455596dedb85501e8fa6ae2398f0b8f5b1031a2e82ecb05","nonce":"726b4390ed2209809f58c608","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"73de9a81c0d4b1f16c44f35be3ea6a5b70612dd00721a4d0a29b803ebc4ff4d7ee541e3675205adc68f24747d3","nonce":"726b4390ed2209809f58c60f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"e029a95e1e931109c356e9b98084ce4577183e81832dcf44a00b0eced864a19591619bc0975c5ff65799c31e07","nonce":"726b4390ed2209809f58c60e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"7411e5ea40635de0926f337ac2879662513e2c4aac529f209462a627d92a1feaf6a60ae0f89e6803e29ccbf96f","nonce":"726b4390ed2209809f58c60d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"b6a9c6e49c94ea4463aed98254f0c5d74212f7c5c6e553ad2616d731806fe3aa8897b7ca4c561b9074a83140d0","nonce":"726b4390ed2209809f58c60c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"0144a8f8972808ea174f7278825a32ca254a4852b52f8bc6a5e8d580f963104b714143f9428a3b49922c081566","nonce":"726b4390ed2209809f58c633","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"6e198b0a482fb1a9926a4b6ebabf0d8d98b9f67d8cc57f7e3a3dcafd180dc475f70c4177092fc27cbddd9a8797","nonce":"726b4390ed2209809f58c632","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"0821620a4ee768bcb3812c3c2d8308c162ff21018ee134e1ca03b071a533e4048c07986a01fff669268cc0ab9a","nonce":"726b4390ed2209809f58c631","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"0172193e87dba823a0645368af943d969577018dd10667d5f4e5de0e78104975d54fb0b549b1cc3680877d3970","nonce":"726b4390ed2209809f58c630","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"0bbad2f1d25efd58fc3828ef071844eabd233d96021e99da77229fa7732ce2146aaa47f8588eaaef9f46e203c2","nonce":"726b4390ed2209809f58c637","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"5d597455b07fe5ec6fa2195506c2b8669b16a57f1e473785c483c980be73ad7430608f47bcf9a7639ac1d3234f","nonce":"726b4390ed2209809f58c636","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"dea2d5194bee4483da88bafe716782a0eda13f444b132603f60da166bb2c6eb89460c52f9f6d94d39f5acadc06","nonce":"726b4390ed2209809f58c635","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"20fc8a39033882db10832af36bbfd977d2b7e6617d97f79167ae58cf8f4dd2ff7b4401107eb8f527307e9bf996","nonce":"726b4390ed2209809f58c634","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"8919e406b57cf86b65d270c0610e08d0a20ad6b0abb59168185522182ff7241587db189e784fadbd1fc2e8d43d","nonce":"726b4390ed2209809f58c63b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"3dada6d72702d77324dc6c6f0875468e7a2541424c4c630f6489662c9adfdcbba1dff0cafb7fc88e87ebf8df85","nonce":"726b4390ed2209809f58c63a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"fc711facbaea583427ccccdb33a742d3563e907bbc1fbf986058a83a180ed7c8bdffb59456a0896282a1a56d5c","nonce":"726b4390ed2209809f58c639","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"6da1755a97d2713b1e1014a342aecd76c2afc73eb9ed0019489ce03f242335d0d1c4e27d6ffd3cff82fae49b15","nonce":"726b4390ed2209809f58c638","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"ece1bdcb1ac6b1b40e51353dacfdcfad2bafc791a7a3b0ecaffc029b867b21f7fcd775956499d7fae7248d07ea","nonce":"726b4390ed2209809f58c63f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"a82c8fa07f10d825e8e887ad4e682865009b2abc69a97d773de04c69d8b8fefe411b22b7ca71932d7a94e581f1","nonce":"726b4390ed2209809f58c63e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"beb1bb1d13bc1f782c1c0c7af04df41fb1c80abdb2457a3e867cc518549bcfedef47e6cc4888131a41fcb200c9","nonce":"726b4390ed2209809f58c63d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"db47e78ed46413540b5234199ce614de780192b9c1c575aeb7812ffddf6ce17be860e858ee3e3c0d42c5792e07","nonce":"726b4390ed2209809f58c63c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"f0f5506ed7a0462246f970ee368bb8387d8569096bcb99dbf8891f73940a822905268ed502b0cf1ba04aaa33ee","nonce":"726b4390ed2209809f58c623","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"1bc79c8d612bc791c482e977c526810c2f2b13a94524b11d27fa13c1327d37ae2c722c4c8532d5a0cd48311d8a","nonce":"726b4390ed2209809f58c622","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"5c2b4e780ab3d3878767987c30b05a72e128a97dbcb4ff5710990580d5846b9d8da26088353d97ab319124c753","nonce":"726b4390ed2209809f58c621","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"cc5290f5064fa2b8617807b5b049bdaf43b238b4c6befb91cf29fa02a583126ee1dd0e7edd3dca2cfed9fa1286","nonce":"726b4390ed2209809f58c620","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"aae0acbd27e40ffb1bb46cba24987b04c3785df65c7f495527cfc8eefd8164707901897c0fffd364b7e71daf1e","nonce":"726b4390ed2209809f58c627","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"adbaf18628a9bf2f7b2807f1b64dcd4d948b2d43e407d6b3f0efda980a10399ed4bf0172dc78df45ab38a37839","nonce":"726b4390ed2209809f58c626","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"9636e837c2a2b710b80476909bc101475e16ca31e908e7172d8673b3f255c1c629d9ff87491cc75bda56e6d024","nonce":"726b4390ed2209809f58c625","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"6b73cd76511d1b00848c653f49a65ef2f13e638ca162f68272d7bc0dfb5b8a4ce978830d5564ff10b6ded0f0cd","nonce":"726b4390ed2209809f58c624","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"02b30110f09a37893cc95906caa21b18774c30618815c6c1c9f63299e01752961922c5ea2fd3c523901659cf77","nonce":"726b4390ed2209809f58c62b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"f57be1481639b6cad548c00d37b7df482edfdc43956db30ac724295b1d85f00fc152692f741a85891f8be4ca2c","nonce":"726b4390ed2209809f58c62a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"023212546fe46931ff786a115ce7dabf776acf8e86c99966411462ff48d8b6b4691b5adc367e7b6ed5722677c1","nonce":"726b4390ed2209809f58c629","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"082e64f234712947e4da2327ce79a58ae8d6d069d56e5c2c2eaae6c21de8ed795c0f1f4e784a776f7741c08438","nonce":"726b4390ed2209809f58c628","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"c639b10815fb5487f7c1facf5ab1a1197786052c7d16c62aeb244ad4b2ede0832f0a930b74608e66297ac15c6b","nonce":"726b4390ed2209809f58c62f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"2e81cf2f2e18243a108b15484743a948d9bed5dee52308d99d8c9d9a52218f4d175d98af472866e8aa8359fe92","nonce":"726b4390ed2209809f58c62e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"5959e11ba22ea647af8ae85c2263ab4108d52697aff2ed04ca05e6513dddfabd366c4b7eb58b8238b66ca9af81","nonce":"726b4390ed2209809f58c62d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"59023b5e7c266003acc252816e20072d372bdaa2435e51aa743fb61ed175f555f3a2c6c7159509033f08bbf705","nonce":"726b4390ed2209809f58c62c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"ff187830c3018af7cd80ee25d89cb60efc036511df640a00f5e3c68e01effa7cc864adc596b02e63f6e0643b1b","nonce":"726b4390ed2209809f58c653","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"d26f6c40e2cd8b951bd9de1695e038e16e171aed40d7e561d27d887cbbff8aa7e0cdec9a3449275602a47a7862","nonce":"726b4390ed2209809f58c652","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"ab4bf32696a6526f3bd4811a1668f4156343ecd0bb955b4284dcd41d557228a2762508d0d25a5939e96e1cb1af","nonce":"726b4390ed2209809f58c651","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"4a97b0def6df480494c89c9fa01bbe101e26df3ee3bfe37c3953db7a3179c157785be26b1494e822abd9e6a29d","nonce":"726b4390ed2209809f58c650","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"706b714d14ea60e81275680291e3a378c75d4786f3f695edaab3b55e3d60f26daddac1410f697456494a1c7d4f","nonce":"726b4390ed2209809f58c657","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"6efd6804d7a4e0fb63f30ccf8169cd98d9084eed4f6e12b6f2cd9e7662e537e7b4e7f2c000707f94027e6329d5","nonce":"726b4390ed2209809f58c656","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"12a2336fbaf8e62bfc6973fdf694cc5f17171d0e9a40cce605300baca5a2fa94cdc2264a5595c318a665a7b1fe","nonce":"726b4390ed2209809f58c655","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"9119734039d0d62a3d4e274a71aae0c44e7d4484351a140930dcafa0c948f9e9f853ac462680b959b00a7b7289","nonce":"726b4390ed2209809f58c654","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"c138d64d0a9e2e0b3c320639fbb1740ac031af327082a6931055be1a06abdc6146c06d332fc3b735bcfdd71dd5","nonce":"726b4390ed2209809f58c65b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"0b49b026bfb3a285031b51c7754b411f7957e10abf30baa9805282820d35e608d33c27bd88387f426b399f6e0a","nonce":"726b4390ed2209809f58c65a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"48b5ba86a186a1a3ea8bfaf654825753b34e1cad6f516a67328cfd2f1a42f3816ee4f3d7f7268118b630b98184","nonce":"726b4390ed2209809f58c659","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"5c1b689bedc9135808da37382be37c51d864f34d2afbbaa6b8099a50c56a437935f89915fdd433d071eb8a0f6b","nonce":"726b4390ed2209809f58c658","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"2f09368a0250252f1ff716a7fe7f3f4bcedff8bc5dd0933e4adc3339ba45dd40ed897e378fd07914e320732df1","nonce":"726b4390ed2209809f58c65f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"18e6baaef1e9ffb1672a61514ca82d450afc98742e745f6f5d3975015458d126d006ca44cbc7935bf5228dee68","nonce":"726b4390ed2209809f58c65e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"0919bbaf2f6af376d9fae24789b50239b882c8f5a4b9efd9201de586a03c451acfed1f442d832b6d89f8dac510","nonce":"726b4390ed2209809f58c65d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"f3327a4dd69ff374d01d1b15ef482b12e62039fe3222a92fcafb4e8d2c7fcc421dcdf5a4e9531ff885f84ff80b","nonce":"726b4390ed2209809f58c65c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"94ebdacecf6707b006db3cadabd1c74dc9b7c2a76361a0987bb777b319d8f8c5b3d215ad87d461ab6aed971449","nonce":"726b4390ed2209809f58c643","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"0cdfb393a2e67012b893918ccca4e1ff4a5753d0e201443f1482b36a80393cc33225a3f588284df0c3c78c7287","nonce":"726b4390ed2209809f58c642","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"b056d018991434a9df8f592db24a3c4603b7c073861ceb7bee1a05da7fafdfca95e0f41ffeec812fd1b67f7071","nonce":"726b4390ed2209809f58c641","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"b0186870f7e028fb882076b2bc47e5f36ae1fbcd32c178948437c9319972499c2fbe04b3d97e284be09d1ed4a7","nonce":"726b4390ed2209809f58c640","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"0bdebc296548875e078a212dbf49546bce239d4996225c5a60a4221ce89f6234668d63f9b72f97b6eee78a4565","nonce":"726b4390ed2209809f58c647","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"f646fa298c141bccb1fa3884697083ec361f01434f92e77edaca191a0727e502c03332744efc30b224785af27b","nonce":"726b4390ed2209809f58c646","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"9280c7ad9681d7423021a9568e8320f7829719b1f0da68f0dddcdac94166279fb13e5a96dd761af503eb1cfae9","nonce":"726b4390ed2209809f58c645","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"6a4b9dfaefda495f847107ca29453a8ec540fc8fa65ac6fc9b70f9f7df4f785c9a1027bfe43be12d87f2871c7f","nonce":"726b4390ed2209809f58c644","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"44e8c01194593ef67a3d4c96b5ae8d1bb0fb704daceb1cd69bdcec79d13879f05dbf2d0a7460712a581b82eeb0","nonce":"726b4390ed2209809f58c64b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"2b1380e65629aa7ca2a6b80e9ae84de58df4b74362c3e96797d7057c4a3daadb30770fd1cd0d5e2ac7c1054825","nonce":"726b4390ed2209809f58c64a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"22290f1850294d2ef5d97728d159bcc625cc21e8edb6f8439a172e5993ae830e2c3762bcc97ee8befdccda4992","nonce":"726b4390ed2209809f58c649","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"3307ecefeca33cb0af199c0f2a244551486e1f1bc4ca8914089200acc256afc561eee8195092be0e4a411c7beb","nonce":"726b4390ed2209809f58c648","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"386846e2fa77e30f8412c284dd1be07629bcd26d0b4e47d8ce110cc5b92f37d60caf01d2c5f67d71d67c4447de","nonce":"726b4390ed2209809f58c64f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"afdbf84d8e54d8c40fc3be47cf6d9faf2dd72c79a2137fd2a8c5d54318d0c9a732221fb5297c474e2a991713cc","nonce":"726b4390ed2209809f58c64e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"75d45f00f840e092c4d4cbe5caaa42ed3b945e41d797a3ec05a88098693dc4e3c1a666ededbf1ae645f383e159","nonce":"726b4390ed2209809f58c64d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"619671c49371d295459e04910531b337ce94e299750ce555be6679c7fdf8cc3968407dcb93b1ead46874fc830e","nonce":"726b4390ed2209809f58c64c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"ba0a29d98431583852bf83f8e55fb5cc40ea427b9794e9ca3e8207b8687a67ea6171d0d1c1611190a842a5addc","nonce":"726b4390ed2209809f58c673","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"dcc3890bef7435c7c288dfbfc5e58c74aeff9a20bfd045bb7f7f022e2c7694c5cc9a5143ec4b2994b603e564fd","nonce":"726b4390ed2209809f58c672","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"5368b7d686df3ff1a8cebe67599d5afe43a010d929f8fb4a4de781675a05a116f0d982b3ccf267f3c9fad3d445","nonce":"726b4390ed2209809f58c671","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"431d7c4727260581412b113546bc12c9c93dde222e9de5eb7f66b5017448dc9d9c0a4adc82c39a41f75cc748dd","nonce":"726b4390ed2209809f58c670","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"443592062e2dcc3dd9b02de2f942f78e25cac8cc369c9fdc05f4842976a052f92071fb0e7255bff891a7be8c4f","nonce":"726b4390ed2209809f58c677","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"ae3167c7b7b19e5d7687149ab683e78f82907154018f534e171dabf8efdc8aa14e3fe8fded58621114c81741d7","nonce":"726b4390ed2209809f58c676","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"c7a14a5d0b8356259963249704b0aad3d34798c016a16a8deed4302c495698cdad7c7869a9ef37a5967b1abb7a","nonce":"726b4390ed2209809f58c675","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"fc24dad9629f6af229a2657de379b0d4d2cdd96cd75d188a4678cb0b250659de5d81fa4883cc2bbec0f8c28b66","nonce":"726b4390ed2209809f58c674","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"39ab0bc6a0646c8de81459029470fa3136d55df55fc54d1d3afc47cf6fe6ad800ae446d12cf09a5100f02395a9","nonce":"726b4390ed2209809f58c67b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"afec06f0b00a31ab6159234457ce72a2d5adc67ddb8c47bc5aca0aad8ea55927194f525f84d550c573ae0e8f47","nonce":"726b4390ed2209809f58c67a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"4539a8680edf07c9b9d1af9e4170787bb102ea92a23d54fb4e5469743c12133965c63b6e45043f3106c50098aa","nonce":"726b4390ed2209809f58c679","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"a6a03166a88cf888d40dad901b60804d20c8d029cefa54219ba73d54cc778a3df86bf64a96f1fd24124046707a","nonce":"726b4390ed2209809f58c678","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"f3222bea93067c2e332644fc1664ed2488ebf8f7f44192ec2dbeae2f871cc2de1eb6e84c1e96d092888a287cec","nonce":"726b4390ed2209809f58c67f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"1b10a02557273203ab50bbe59f2060945294f92d20306238b2261fc05b348d0a906cb81e7d797bd2819c07546a","nonce":"726b4390ed2209809f58c67e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"e2b010ee2ed3c44963f53b1aa2c25a28fed1827d847c0680793184933003282e97c4f73f5536d50b1e66a4ec1b","nonce":"726b4390ed2209809f58c67d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"48e550102329f31e07563ded93ee54d56f9f84ba038d57f1fc9bfec64e24f43957316b293917058c0f0002ce2a","nonce":"726b4390ed2209809f58c67c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"f8c284fc4fe2da5e991fad6f20d7173900afc7c4f8c54402f8296e3c03aeea8adcd600023a91320d63ee183b8b","nonce":"726b4390ed2209809f58c663","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"7ac40f8c1a386294d379adc3a647149c6f799c19b7c54e2dd822e1591fafee76ae365081d0017cb9e02ed3b0d5","nonce":"726b4390ed2209809f58c662","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"9f756ecc7df0fcd0bcc523ee8428b0ca1df84d87112d4a0e463acac87a44e350f0d8071956d8411ba5f6910c49","nonce":"726b4390ed2209809f58c661","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"8eb483703acf0d2519cc0a332af3863493ebda01ec30543c7d76ac3ddcaff5dfb6e44e4542d66affb5199c163f","nonce":"726b4390ed2209809f58c660","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"9062b610d72661c5ea3105b181c94ff5e8267c90eb952435a8b5a7bd508313e3df38c6295752f8d2f3e3996b1c","nonce":"726b4390ed2209809f58c667","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"a2fecebbe7d675372f3529117909a4f0857c088250dfda451000079cb3cbff13fd5d1ec42260e9d13eabe7f12b","nonce":"726b4390ed2209809f58c666","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"1a096cdc616c7cb93e8f0d8a602171519bac322876cdfba0588d10534689047983feec0074e4ad6e5b84230866","nonce":"726b4390ed2209809f58c665","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"d671063c9859ecf5c9a46c4898981591c1ff775a69d3f76f547267b1dac39d75f09f3aeb52e725b88ef3286fec","nonce":"726b4390ed2209809f58c664","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"c14ba39db18c6b947b30c9c076d1109368678bbf98ddc4a9476f55e9141db1e529717167ebca9bda105de63d2b","nonce":"726b4390ed2209809f58c66b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"4a18835cd7161423b2b5e89b7e1ae330fc735e669869e9ae0028ee2264d2089c061bb5e749b02c24ad87caca61","nonce":"726b4390ed2209809f58c66a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"87f62fff19fea3a8db271bb6da2d496a0df4e1a2c047b8ce15043beab3d37d8cadf943bcb647656a1d74df73ba","nonce":"726b4390ed2209809f58c669","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"290c9854cfb86e72c880c9239844ed06f9a1a0bd047c14f22b23ac20192e44589c9ff520fc95e56b9a05fd8ac4","nonce":"726b4390ed2209809f58c668","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"fc0290fc16902bcad8510cfc9448212d90fb659ea732cea1da49b7ae079bb148706f2bfa54dc4df3374c4e3ed1","nonce":"726b4390ed2209809f58c66f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"57004170f3586e7f1f3dd0ad318e9d4e623ea62c0b8cbb130d452f3f8610627b2acfa8247b6fa3efd68abd11fb","nonce":"726b4390ed2209809f58c66e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"434dcf1f1d2073b5a965ba8b47f36a65a98ad6187b12068660353d70377682ab2b1bf852188458861a3f321819","nonce":"726b4390ed2209809f58c66d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"8f2814a2c548b3be50259713c6724009e092d37789f6856553d61df23ebc079235f710e6af3c3ca6eaba7c7c6c","nonce":"726b4390ed2209809f58c66c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"b45b69d419a9be7219d8c94365b89ad6951caf4576ea4774ea40e9b7047a09d6537d1aa2f7c12d6ae4b729b4d0","nonce":"726b4390ed2209809f58c793","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"9b13c510416ac977b553bf1741018809c246a695f45eff6d3b0356dbefe1e660"},{"exporter_context":"00","L":32,"exported_value":"6c8b7be3a20a5684edecb4253619d9051ce8583baf850e0cb53c402bdcaf8ebb"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"477a50d804c7c51941f69b8e32fe8288386ee1a84905fe4938d58972f24ac938"}]},{"mode":1,"kem_id":16,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"ee51dec304abf993ef8fd52aacdd3b539108bbf6e491943266c1de89ec596a17","ikmE":"e1a4e1d50c4bfcf890f2b4c7d6b2d2aca61368eddc3c84162df2856843e1057a","skRm":"12ecde2c8bc2d5d7ed2219c71f27e3943d92b344174436af833337c557c300b3","skEm":"7d6e4e006cee68af9b3fdd583a0ee8962df9d59fab029997ee3f456cbc857904","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"041eb8f4f20ab72661af369ff3231a733672fa26f385ffb959fd1bae46bfda43ad55e2d573b880831381d9367417f554ce5b2134fbba5235b44db465feffc6189e","pkEm":"04f336578b72ad7932fe867cc4d2d44a718a318037a0ec271163699cee653fa805c1fec955e562663e0c2061bb96a87d78892bff0cc0bad7906c2d998ebe1a7246","enc":"04f336578b72ad7932fe867cc4d2d44a718a318037a0ec271163699cee653fa805c1fec955e562663e0c2061bb96a87d78892bff0cc0bad7906c2d998ebe1a7246","shared_secret":"ac4f260dce4db6bf45435d9c92c0e11cfdd93743bd3075949975974cc2b3d79e","key_schedule_context":"01622b72afcc3795841596c67ea74400ca3b029374d7d5640bda367c5d67b3fbeb2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b1400b47c33038b0269c","secret":"858c8087a1c056db5811e85802f375bb0c19b9983204a1575de4803575d23239","key":"6d61cb330b7771168c8619498e753f16198aad9566d1f1c6c70e2bc1a1a8b142","base_nonce":"0de7655fb65e1cd51a38864e","exporter_secret":"754ca00235b245e72d1f722a7718e7145bd113050a2aa3d89586d4cb7514bfdb","encryptions":[{"aad":"436f756e742d30","ct":"21433eaff24d7706f3ed5b9b2e709b07230e2b11df1f2b1fe07b3c70d5948a53d6fa5c8bed194020bd9df0877b","nonce":"0de7655fb65e1cd51a38864e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"c74a764b4892072ea8c2c56b9bcd46c7f1e9ca8cb0a263f8b40c2ba59ac9c857033f176019562218769d3e0452","nonce":"0de7655fb65e1cd51a38864f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"dc8cd68863474d6e9cbb6a659335a86a54e036249d41acf909e738c847ff2bd36fe3fcacda4ededa7032c0a220","nonce":"0de7655fb65e1cd51a38864c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"38de5607c2ff16b2ca10d949005e0cfddb507f12854c04851fed8f0ed7cbf22bd79784a4abcfc312f09d4da5cf","nonce":"0de7655fb65e1cd51a38864d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"cd54a8576353b1b9df366cb0cc042e46eef6f4cf01e205fe7d47e306b2fdd90f7185f289a26c613ca094e3be10","nonce":"0de7655fb65e1cd51a38864a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"02a5b8d5531f045a1e9435e3d6fbacb6629b13af0db90393395ae2153f67a68f1e11bdc5eb87eaf42a0b71b90f","nonce":"0de7655fb65e1cd51a38864b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"08aaf0ac8741b09c9ae4ead0f5c5bac88a4fd5b2290251409e668dc1b0bc98ebfe5357660a14eab7c48996b907","nonce":"0de7655fb65e1cd51a388648","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"9f226246d7fb95dc414d393c9bf687a1a55b3dba762ef523e5657c0e80cfdbe93f9467f20a84ffdb275e0de6f4","nonce":"0de7655fb65e1cd51a388649","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"bd5d5c30f3446eaa87f4a3e46339a814f2c2878721fd3d94cf83cca9b83ad308da3024f496b369ff813d843e6b","nonce":"0de7655fb65e1cd51a388646","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"e21549d13bfab6163868ea49636d0225303263512da0f4b3e8a4d56949289bc54ce44f1e832dcd73e5bea06de8","nonce":"0de7655fb65e1cd51a388647","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"1183a202810a881f35e02c2b8555b721fe3cac124a17c52ef5ffffad3b1cce79038f39062aac5c38c058486900","nonce":"0de7655fb65e1cd51a388644","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"0cad90a61a108e2e67ffc5448501424ba6eca71cf92b53a6a726b4679c40099ffdf67ed8fa1db19bc668a9f5de","nonce":"0de7655fb65e1cd51a388645","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"0e59606168d57892138f0026897c496af8cd7460bfcc9a4b838f72898fa16736ff4e1011c46b5a669536b68451","nonce":"0de7655fb65e1cd51a388642","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"1d8043f19cae42b39164dd673ae0376602f5798fc6adf09f734b670d29420139ff0459427fbe55eb79618ab2c3","nonce":"0de7655fb65e1cd51a388643","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"e209ed835d9e54360f41231ce5767fd2788ebd7aa0282ee339eb88083c5efaac13fe64a3e4a80b99a6c0b6ec94","nonce":"0de7655fb65e1cd51a388640","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"69021ce7a1ea1183412af8339f7190789a0f18b1a4293056976ae4f2fd8e54e83a9b02084b4a8c0279d9bfe915","nonce":"0de7655fb65e1cd51a388641","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"b7c1184d707784f6b78f478aaadf1f0b4f5dae53e8d29d93d33b81cf53ebd38293521642bca3df997af6ec9ba5","nonce":"0de7655fb65e1cd51a38865e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"ef7aedb3c582bdfea19ba0c0fbd31f49812508977d8a01c6591b349e1646c5f044bb2983d4bc2fb4c6d7a5b8da","nonce":"0de7655fb65e1cd51a38865f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"041f4c67e4fcb52af14070fac003f414938bfee17df33f2dad5335ae8fe96d28de58f13bb871e77bbf633dba08","nonce":"0de7655fb65e1cd51a38865c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"4d8fb7f1f33a83db5f8c06c837f89cee39652475bded5b27520aee29d766dfc954e63bab13ad5eafb490518eb9","nonce":"0de7655fb65e1cd51a38865d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"5756a24ba119531b51ae805e144c262d5d536cbcec692b0b971b8acadb7155af2d56d812f2cef504df7676a111","nonce":"0de7655fb65e1cd51a38865a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"a87b498958c3143efc8af3c86cd7154aebca6db13ef71889f63a3fde0704321be9276d823bbd1f59452b913cd4","nonce":"0de7655fb65e1cd51a38865b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"5bc72bc83b7a09986fb3f952091560e77cd3e4e1fa646187a76df768c39f1f18d7b0806897ca0c5cc1feeca67d","nonce":"0de7655fb65e1cd51a388658","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"e3aecff7e8e2c84290cf1b8b6bc360708d7e5ceda983f6166f3bc44dcd14a9191c742850d0b9851c026189a30a","nonce":"0de7655fb65e1cd51a388659","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"639626640ea8dab69a609500f6deea86b86787c9d43259a4d597638b5b5272f14b0fdce795d3a5e3bd2bb8b7de","nonce":"0de7655fb65e1cd51a388656","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"99e8fcf9b71bd8ae033c9b336780aa553aba69f5a6380b3863045e0c4cbed6f43b9f28573d6138409c679b2a72","nonce":"0de7655fb65e1cd51a388657","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"43b36d70c676478048352cd452bf0c3dd5f24e8516b74d414f4f46061de238b53abf8ffe9821992aaa9f651ac4","nonce":"0de7655fb65e1cd51a388654","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"dd8478c81d8879b2a905f54ef1557cbf7929bbcb7cfc2c36a7d36d35d9c0a1eff29034a28ae7a24fd40b6ceefb","nonce":"0de7655fb65e1cd51a388655","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"5160a24ac4710b617511da570ae31870159b7c140f47d6c4e01a29cf56fe1fd1e837f4294bbeefea95cd64343a","nonce":"0de7655fb65e1cd51a388652","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"85b028d71cd048279e96100a4b032da6706b011c97b11881c55cea8f26d266021c6e4c43e4c3fc6c02c98b078e","nonce":"0de7655fb65e1cd51a388653","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"47af9e54c0ade35617168e8b137632f1947946f7e3b25140c768daecb60abdaed48a1534971ba78814e778394a","nonce":"0de7655fb65e1cd51a388650","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"0b6f2ed3d98d9ca7b1d696347e673ae0cc47c3c28bfedfbecd48de97637cfbed2554a82529ba01a500c4633e0a","nonce":"0de7655fb65e1cd51a388651","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"f8eca986eb15b7e329b7b3d773a226eee911747135e006f04353885e8848aaa7afcae266b5c3a90a9aba7ed2d0","nonce":"0de7655fb65e1cd51a38866e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"a09bb9d066a7fcfc19e305f80106fbb8f41c23cc20d863537f21acb3d43b13e45c67e4f058040d300fcb01984e","nonce":"0de7655fb65e1cd51a38866f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"1511a9317c38e3b34497d86fb3d844aebd3f17482a47c098629e337fe3c902b3d450b85b356b3e84f0f102b715","nonce":"0de7655fb65e1cd51a38866c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"df64844f9dad2b80f6e74821b0c1c0338a03014040e0f61592f1ca039205dba9160857dc4132f69bfd259b5bd4","nonce":"0de7655fb65e1cd51a38866d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"98dc11ff0989978fbf2971cd4a54ec5590bb8ba3eb43ef0d89b627f02ccfc7e8548f92d8dbbe77da64596871f1","nonce":"0de7655fb65e1cd51a38866a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"a8a1dcafcdc03c27a76d122bb6b1553bc5c4124b4f23bddc8f07026e8bc84a8a6fbf42dad97133b64141aff844","nonce":"0de7655fb65e1cd51a38866b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"f95af32a68192d6f4e5679f8b181f1d9467eb18d0ec1a27312e513bb7865aa686fb09538841edb1e44900fd7de","nonce":"0de7655fb65e1cd51a388668","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"fbcd5fad01c85074004b8b59602714001c2998c70263006de9d6537ddfe88f83af042c47e7a5751bcbc0ee6a2d","nonce":"0de7655fb65e1cd51a388669","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"463354286577b7bd96498943f3f6e21f6b7a14244588f16659ca878211cd38b89b5edd7bac0d5dea40d704ecc6","nonce":"0de7655fb65e1cd51a388666","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"e1b12a41ff21a0ab632d07407085bc6048e2e55b0677957dea4f283507a899b67e633dd172fa6913486b672849","nonce":"0de7655fb65e1cd51a388667","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"69e235343f22fddd80b4c45eae25b5dad07b4632b3fe7a95967a34519114dfc8003145a4d5715a435538adee76","nonce":"0de7655fb65e1cd51a388664","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"6ce13f474652c1816b595dd077e4fca559cec944ea6bd244f0b242d376b361c7c9c23599991dbbce33d7ae51d1","nonce":"0de7655fb65e1cd51a388665","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"3bc588fcb309a8544f34bb7e9e28dc5b7b1ea703f2bbbfa50626755af426fb01275202cd58ca3f6ed49405264e","nonce":"0de7655fb65e1cd51a388662","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"48054fe53b01cae2c8591cc5d6b0560e3048ebc84bbee28a53b9d831fba6da466bc54a5399cd60c538f35277f2","nonce":"0de7655fb65e1cd51a388663","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"6510a6298a82cd977b985cd1d6fae6609f8c5363e290381897d657a616706386125d3b52a64559d6337a000f68","nonce":"0de7655fb65e1cd51a388660","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"ba7c54ae021fdcde9d9f5e81a7291c5a2a5cd8bb6158337a02a1aa8bdc7985a46e28302288e9905e1ea7d9641e","nonce":"0de7655fb65e1cd51a388661","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"1ac9a69cf63bf0c062227fecc5f785566f97ca734f4cdeeadab3740989ff6a9ebcc21f7ac978b39f23bcdcc47a","nonce":"0de7655fb65e1cd51a38867e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"18c3f9a0fb3ab8e5d2f39e205746b82ac3bc4653491dce5e206d18c60a8d565be519bf50234b9e24681f55d53d","nonce":"0de7655fb65e1cd51a38867f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"5c06a2cafd35e6b408da4de855fc9d641d6d7cfc9831ab08fe75de245f79c7b94739f5bfe32d32bda73aa5e5d9","nonce":"0de7655fb65e1cd51a38867c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"2d0a67022b73c97e0c2cd7b4caf9a62c32a99390b38130e82318c37a241f7366349008e7ea640870e1d4833da0","nonce":"0de7655fb65e1cd51a38867d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"70d31b6c1a8dc2b629f28a22c578b33d576bfda27f62c0460ee09d6c1643b58a1770bc661951664da10a824acd","nonce":"0de7655fb65e1cd51a38867a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"1b295a79d2dad99d08dc1cd7e4f1297633a55164a5cb8cb4b440113f6c8d7e274823e4fc180c10a5e2528b3c2f","nonce":"0de7655fb65e1cd51a38867b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"d518ac3a7779164d656562bca771f580da87f4a5b3a413897f71fce6a44289416a2ffd5cd5b333015a520c223a","nonce":"0de7655fb65e1cd51a388678","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"384f0d64abbc9ae3c3534bd7ae2417b25e9e616e8a6ebc162a99702dcdb61d2ab5cd17b56ec1c6988a06b6dbc8","nonce":"0de7655fb65e1cd51a388679","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"712ba097ac1ff0ef0e45e980872622f7413deea2b6d09d33b556e9c0b32ca5e22f7a2555a03175b38fd0e031f5","nonce":"0de7655fb65e1cd51a388676","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"396d11e3486f5d03ebec4a45bda3d6df8903c66c6ad0f01e2cc2f0590451c8e8ff20574917269a93e7ec02721e","nonce":"0de7655fb65e1cd51a388677","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"cee77aa732e74ac71e404e6e54a63686afbae43bf3715886971bccff4a2636818d6f0c23c8e7f4bd0fc3efa276","nonce":"0de7655fb65e1cd51a388674","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"d720a125586b659342d38bda6b76c2398700caa10a6b91e5b2fd178d598cf9bae9e8e91d4a3cebd3b29b461c6f","nonce":"0de7655fb65e1cd51a388675","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"643e7b50f0c23be08b738f1b68248dd012da6c23f27399e306b2bc2e98947de15a1c3087f056eedc84d34b80b6","nonce":"0de7655fb65e1cd51a388672","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"3f212ccb2762624c82c4712a69823b9fb058155cf545adc09a8a456414537c2a7f9f452429dfaa09aa1622f0c1","nonce":"0de7655fb65e1cd51a388673","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"270ef12fccba85a929355084d3107707bbd7af33197f77a7dd7c9da6b8bcc77016af68440b5be386a85019551e","nonce":"0de7655fb65e1cd51a388670","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"79a26bb32ce1645d8dd67f938e9f72422128097bdc6144768778cbaa373237fff172bb1940fdc714615a2fd672","nonce":"0de7655fb65e1cd51a388671","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"d88604511f1dab278d2da9adfc8e12a653ee53ea176a6aa48944dd0913403d2221b7601efe768a33bb364b8999","nonce":"0de7655fb65e1cd51a38860e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"1abe846791e6bdd09ce904ec88418d34bf0df5ff44e77f93f23637c40cd490930741a31d49a571933c4ba79c2f","nonce":"0de7655fb65e1cd51a38860f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"ce2af633a1a2e0a26a7f395ec118d54f697bb9ae30bda2dd6476395bf0ba4cb66efafd10f1d1d1dc3b42dd28b1","nonce":"0de7655fb65e1cd51a38860c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"e80e2ab293f28268287e77c5ba9d0916a1ecb27c63ec6e07cf31b7e4fed980da8783659508e35b8e4c4cab46b5","nonce":"0de7655fb65e1cd51a38860d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"c4dd4bb699fb67d02301e7025fa0862582a141bfb29c78e238eaf7f70a1b85e624a05048f63d0fc18fc22dfd58","nonce":"0de7655fb65e1cd51a38860a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"25d892982b2c5cd133fd7c5bc82af37bd5e5b4215c1a4e3c5879bbc241941c1e8cac3ece8cdf28f6cc97f574e4","nonce":"0de7655fb65e1cd51a38860b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"0ecc461723839791e2ba7b0f2316b4b97dfd389f4a5b492b73d081cc6fc5c4cfd1c3bebd567281baa755e3ea75","nonce":"0de7655fb65e1cd51a388608","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"895635f587c6e3aa253c1d94374b5afc8bba3f6898508f338ee2dffa4baf5d047caeb522e76d1fd691e6fe62da","nonce":"0de7655fb65e1cd51a388609","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"c5227f20b8b12cb9b828099cc9f984640ac05fd446c4a3be75f7ec5ac99d35e4b5c841c62139610e2b3e049245","nonce":"0de7655fb65e1cd51a388606","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"695c95ab63187657e523bf70c53fdb063d56ee62757916d59f9195b72efe1bb3cab9a81669cfbec6d72fb0e428","nonce":"0de7655fb65e1cd51a388607","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"7e1bc1682c1ba40a74e7bf45ffd403d28373fe8fbd33949b3f05de0035b569818f2b2d9f1ac22b4f74afbc5a40","nonce":"0de7655fb65e1cd51a388604","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"a56473b8f8c19464bce13ab0d22f5831a357d7ea9ca84876c5d91646d09864df7e8da52e330c24042ad4e29b2f","nonce":"0de7655fb65e1cd51a388605","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"50ce2e1cccfa0e6dc4d9ef2a7083824562d0afe25e6c4ebaf152e87ed86ac558bc3f62e7c5fd9a2d7cdd8566d5","nonce":"0de7655fb65e1cd51a388602","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"3207cb3572b755484eb641b7d8a7b8a5c71f929a38c53d99fe392627148fabca618511f04731d71a5da3554bba","nonce":"0de7655fb65e1cd51a388603","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"ee52abaefcfb548c5868f5f16ba4cd1d65bff7f9c4f56f464c9a69a428ae6ff3bcc779b4ae7244c91432ce01ac","nonce":"0de7655fb65e1cd51a388600","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"05638eab9eec4998a369cd4330c124e6b6b1d1eeef1464a92765617a468ba7ad84a82af27be4859e2c87c10c4d","nonce":"0de7655fb65e1cd51a388601","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"a95314b287371977e5b9501cde7691e80e0defe2b5e71c9b31ddbeb2661e01eeed746cd58aa20816fda31a15f1","nonce":"0de7655fb65e1cd51a38861e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"46b9bb6b6ed758c1e3a2cc39b46aa68772b8196da6ad859a2655daa95a6c13771a1782d81dc8207c93a7c74303","nonce":"0de7655fb65e1cd51a38861f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"679057f178d47d0690c97e3e1826cf14b5dec0c3809c5aaf056d643b73d3342fccf2bf58825bab9dce10d68dcf","nonce":"0de7655fb65e1cd51a38861c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"65195bcb9342cd0dec09cb0e4777150a5635742b275a8ff6189ba5a4a7229fb8826fc333dc5125fba1709223b5","nonce":"0de7655fb65e1cd51a38861d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"19d3f51ada69c321a1a867de0d3cf58583a68c2de22d25a0616364953c085b1d87d339916579a03e2577f35840","nonce":"0de7655fb65e1cd51a38861a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"0d5fa4c8f0a11fda78e98c6d90721f20b7a2531dfd3c8e5bf476f9828fcff87e9db39bfca83044e814f7d7e763","nonce":"0de7655fb65e1cd51a38861b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"6c000007283e907c08723dcc61315064031f55a499f56403a717199e559e610ed26e592e84632b1691a64b68e2","nonce":"0de7655fb65e1cd51a388618","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"35a24ba47e792378198b4e20450c97e498227ae91ae7fe75de409632d92a9fdd2681ca371e39c6ad0b5863997e","nonce":"0de7655fb65e1cd51a388619","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"d9d11d2a3ead2487c3b20897c1131092792a03b5f5fcadbb10ef187d4fd62f1b69bfc02eb5e7c0d12470f3a554","nonce":"0de7655fb65e1cd51a388616","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"ba2619e2a85e1786a3b6c4d6c6c5838aee477180333f79c95fca0f4375df2970491b614270cc38c3b8f4203fde","nonce":"0de7655fb65e1cd51a388617","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"5dc410cc544f9e3b0192abaab25cdb667364e43d6e010bb7cde5da51066f8c224627c37fdc3bb66e2c1dd57772","nonce":"0de7655fb65e1cd51a388614","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"459874bf341e4c4c3f3425e16d906df8e161dda58297f5a1b1c5921a5cd37c5ab79527738c1b84e01e0cb54f87","nonce":"0de7655fb65e1cd51a388615","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"488e2d2782e52859b061b9eea1e7f03a0e7d3828953e7475b89107159e7b3d8ef225ef360e8d40b1eccbcc68c9","nonce":"0de7655fb65e1cd51a388612","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"ace6c8ac4332eb284d14d7246446581519416dfe18fedf32cd8c3497ab106cf6c66e8f93de3cf950d847d31653","nonce":"0de7655fb65e1cd51a388613","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"fd2aed40bead1e476696fee46dcc858c1f9c10cc977aaf0329ab9ad54e100c6722ea9ed968b8a25e05801843e9","nonce":"0de7655fb65e1cd51a388610","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"7ab0b7aa862b6bbcd2b56090b61acf336a0a64ad7b9a29f50150fdb8abacd505991b1cf999dca07f70dae72b9b","nonce":"0de7655fb65e1cd51a388611","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"64b13cd30fc3ea6903df9efa54acd992cfabd4d985368eaf39c4d5d8789c9da2a83ea7c11bc083bcf2e499958f","nonce":"0de7655fb65e1cd51a38862e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"b729a1f6c8ebae7cd4349e044b28360a23420c6d7b029e9fed18c208cdc709b9c66e2aa0bea8b4868a9b455f2f","nonce":"0de7655fb65e1cd51a38862f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"312222cff72a0705882b6c8f9319bc2f96d88cc9d7e83331c356258d196c3dc7bb8ba7623e1b35d4567d462ce0","nonce":"0de7655fb65e1cd51a38862c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"e6f25f90b269c51638d90d4daa513a0561210ea152d1c535ac4e5756438959aa95a2cb55717cc0a88dda9aa943","nonce":"0de7655fb65e1cd51a38862d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"a9c2c78a2b0a4c9ae83fbda140005b40d57cc495e3aa5c608f2652633c605a082aceb8cafd5091b573fdc9ce99","nonce":"0de7655fb65e1cd51a38862a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"0d1f581dc728d14fb0f7cd922e988dbb76567d07373291d8b0076c07ca03c5fb448ac91cb5fff1cf84b68bcd2d","nonce":"0de7655fb65e1cd51a38862b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"39d85dc0d67e5b09939fe4d1a42d75446a3e29a8600587d76677c232f49909c860bf758a5b9f7f9ef477269ee8","nonce":"0de7655fb65e1cd51a388628","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"810d2b5c0518569f88c22d15e603f561b2a2c4e08292653415776eb5b09cf489cd6ef3cb168d9f378d29c933e1","nonce":"0de7655fb65e1cd51a388629","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"9fbf0eeaacd2dffc0b7ef7a90167aefe5c9ddd9e6fb9dbc834e36334e81309e7a7ecc85e0a192c6ee81ef34723","nonce":"0de7655fb65e1cd51a388626","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"28abbf807af9c227776fc768b716424c44f17cdd4dec4cf74fbccb7781965d2fc27468dd183b4610c7221a3440","nonce":"0de7655fb65e1cd51a388627","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"b82f1ba629d66114c051e98566cae8d79a0b8ce2be306487e976b1f1aef188af82b6e4b2b211ac66d4cf2df79e","nonce":"0de7655fb65e1cd51a388624","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"1684fc4d035b124417c8f7d718c14e16cb224acc0b423c55fc31eb0941f5664603f4cde538a343dbaa4590f6a1","nonce":"0de7655fb65e1cd51a388625","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"5e00108287fe4a1219d342fbacd17482964064840e315ca66750b7f4ca4db60a1c10440ed7a1350d5daca29715","nonce":"0de7655fb65e1cd51a388622","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"3560831678cb9f786b94ef04d48d4c3500fb6c277431d59cb4cce55dea683c3d97a21165a2b1258a1514a0c8b3","nonce":"0de7655fb65e1cd51a388623","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"8fb9a4becd740698150007f2924ce693090cf91a23126666e5e114411865a8c795fa8e503c140800f913c23217","nonce":"0de7655fb65e1cd51a388620","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"0ef2a883a49059a43dc5edb4f3b384dc7d0aedbd09baa2b5d842fc5aa051d62af3dbbf561a0f12d6f00e737be2","nonce":"0de7655fb65e1cd51a388621","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"9f3308e1841699aa4c8700d145daeb23fddde0b101ed69218c04f9602ef513b3f044532dbcd1fe2ab91d9ba806","nonce":"0de7655fb65e1cd51a38863e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"7d8f1d74101f4c81b3fc5a2339f8339ad213272600648b42dacc58ebfb9d26d2b85f9ff6911f8b34406cdbcd01","nonce":"0de7655fb65e1cd51a38863f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"f53f51af1ffbcb699a1ea78630ca805f8d1e3d907c909fa3e215ff9a0499ddbdb23212b8dd1203dac9ddb5088d","nonce":"0de7655fb65e1cd51a38863c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"67036db769077fb26505af37ed62f9d9824a2cecb5bce4dd402bca2680e4f2e2fc039cbdc6aaef7160e3089119","nonce":"0de7655fb65e1cd51a38863d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"d14b41104892c6067fe75e57962b1c7b72a76fef4662aa0caf5411f16024e8bc189aabd01bd6609f8febf4a492","nonce":"0de7655fb65e1cd51a38863a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"cc65ae57c6ca37bcd31ce4d2bc1f0ddbe0c7a107cbaeb719c5e7eed892daf4d51b26e292fcbedf365b4a397915","nonce":"0de7655fb65e1cd51a38863b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"e31810267fdd9846c294a718aee0ff81f6dc12b5ca734cdffe1f61673128471f042b44cb726f848c68faea800a","nonce":"0de7655fb65e1cd51a388638","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"e338f8ea53dc065d2621c456b0120332071153cd623f12f82cfd3d131c8f4c3565d4344aef56ba16c9b0b03d83","nonce":"0de7655fb65e1cd51a388639","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"84ec4b986c841e9f8ba04b374441f62184848a02bf9b82677c392de4c30614f8cb135c2421e0ccd7c2ce32992e","nonce":"0de7655fb65e1cd51a388636","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"18255785de5f41b7c68dc05f6be98b2cd4ffa7b34eb82fa7f083857ea8e89486747baa013d87205f0b687775c1","nonce":"0de7655fb65e1cd51a388637","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"5979326933d03cd687d452238b439db6c50eddae61459ad4145c3318343974c4462712be2fc1d1f68db225f083","nonce":"0de7655fb65e1cd51a388634","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"10197b1747f75983f57dbf14a61edfc0a1bacb9a4c94ba99e0cdae2babbf23179a248a27986dad2dd2c694b233","nonce":"0de7655fb65e1cd51a388635","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"e9637c8b7a138b6900df1f9ab9bbc9f11121cf14c94282c1b5d3d45159c79a55126d9a051c1057c11759efb996","nonce":"0de7655fb65e1cd51a388632","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"da5663ae46897a36464348190dcd9fcb1d39a9a7acd2bc3659e2c95f75c602d4f54b7c58c25259d35567179bb8","nonce":"0de7655fb65e1cd51a388633","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"64a84f3d81702ef2c0ed313e6a0116b15eb364ab490e8035b0d421970cc9adf156630b4fe5ffb9304f039bcdf2","nonce":"0de7655fb65e1cd51a388630","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"d2bb03cec425811ac1f37e44b31f278dd4163528aff16b1d8956ebe8e1b0341d824e2e63588c63aed49ee38c43","nonce":"0de7655fb65e1cd51a388631","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"7b1ecd0da5a8048406ce1a684e1d928fb1b3ac931d564f7f943d681f954dd3b2bc7226bb5220d0cf69c49cc627","nonce":"0de7655fb65e1cd51a3886ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"8fe5c772b4f91c9c8e51d6d1113f2911b3fb3064311abc08cd2a03b0d8b665b5068c4b8afebd71d5f540fa6b57","nonce":"0de7655fb65e1cd51a3886cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"f3750170d78da7e1246fda4fd0234a9fdf81126cd86f04e1d9d0e93d356a461004922667fa5ea716c027f98acb","nonce":"0de7655fb65e1cd51a3886cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"a0fe735e6aeb0b526e3ea861b97bf6fd9dbda026d3cebb57ccc4703fc90c93ec8839bc270956eaedc6795c6a9e","nonce":"0de7655fb65e1cd51a3886cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"aa2ba6254dcb19d07fee2d87c837f84de0d5092e9c920fd58363a9e43414b5fe8fd75139600529ed47bca0e039","nonce":"0de7655fb65e1cd51a3886ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"e05e990d93ac135e053da95ba5634e908ee07a62e2be11805b1445242ab8836aa5b0734acda61eab87800a7b39","nonce":"0de7655fb65e1cd51a3886cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"8391737bcb6813ba918138e6b23cce9b8b6faa51430770189190881a01166c3eee89c8259752411bc09139bbfa","nonce":"0de7655fb65e1cd51a3886c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"e34fc4f0b13e6d7546805b05c5ccd4337679ab5190c00c09e7157a6c1a8da5096d6330c168e95ce18ff91ce684","nonce":"0de7655fb65e1cd51a3886c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"0068c0dbc50bc91851f4d9235e8479d997764ffc37a788dc83aedeb599eb254736b0e4c3a4c901329821d26dce","nonce":"0de7655fb65e1cd51a3886c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"8c1c44f06f06cf2be054270d8fd457d83878ae15e98aa5e074fdabb0fb830aed737b5cc3c7e27068dbe1ed543f","nonce":"0de7655fb65e1cd51a3886c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"c75846c4a3e05bd91546fe9d4009f0c33f404e3acb1a013bc6ba19eb378dad73f1906d50a39f415eeda2e187f0","nonce":"0de7655fb65e1cd51a3886c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"44f20c1ebdddb4573e2f3e26cd1bb39eb139df26d9ac572ab2b6b184d05d825dfb07cc94d0f96940e15b406b03","nonce":"0de7655fb65e1cd51a3886c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"83835c8517359e577f941001c01bc7c275739755e98584f28073fc1c1b615075c0c03d17fd836b0e622aa21427","nonce":"0de7655fb65e1cd51a3886c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"ffb3e7ed3a9fa6c11b5e0e4b6965f1e5651fb29b632ad59f77b43c52d49250c78f58d5a60a40dcaef87d922222","nonce":"0de7655fb65e1cd51a3886c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"528647b49ab811c17499a86305b435492805c591533c8de575a4c1327224ce7b82bb033f152c4e1da5eb2bdb25","nonce":"0de7655fb65e1cd51a3886c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"e956ab1a043010145900f3a3227d05854ea27670ace0b0bca452f7d5b2e81b44595cd90439ebfb9fdb22f75dad","nonce":"0de7655fb65e1cd51a3886c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"bd07c03652c2fbd87a07efdf19f6f36c9077badd1e9c07ee39330589e359db1016a6869ad3821c7bb157b1fd04","nonce":"0de7655fb65e1cd51a3886de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"9ce5db8e921921fe1ded522e57bb33fa5a71e7cb9dfa2e7b704a0b5f30fb54f5e770820204a57dee87d3fa005e","nonce":"0de7655fb65e1cd51a3886df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"d398a1a2ea642e13b71f2719913b69dcb77c99c3d9bcca14796e6255b3b4fd40026f2cd3ba8c8418e0aba5afdd","nonce":"0de7655fb65e1cd51a3886dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"47e6527fba1390cc8d5ab1baeb70ca661e5bff301459309611740ed75d8ac3ba8cfa3329e4ce0396e474647db6","nonce":"0de7655fb65e1cd51a3886dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"948cdabc63e5c8c7fe1c01a771d67433a9cb3ed8cdc8861bc188d8f64b183c83af09faf46bf168fc62107d8a86","nonce":"0de7655fb65e1cd51a3886da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"8af9850023d8d98fc98fed487140b8652c4b419e83662f15b09237d92861ed84d80262be9b7808b831a26063c3","nonce":"0de7655fb65e1cd51a3886db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"6feefe0b304201530c15fab5a8b65348ad855f99c6b46d0979eb0538cc3cf93b817c0d6fd9830fbcdd05d75b3a","nonce":"0de7655fb65e1cd51a3886d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"8059a8c8b8aa1e33906c52b781dbc5a3929955e4a765cd5bcb7e378d6a885360d92c3ceb3a5701ada02e66928e","nonce":"0de7655fb65e1cd51a3886d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"241eb956878725b57d53d9c5f4dc8eace955f1810d76b5220d429b79c2129a51e95f70ce9f1971a210b0d04c26","nonce":"0de7655fb65e1cd51a3886d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"9192ead10718a8085f5ff121e750a8ba736894fdc5e7cc2d45a598054b36dae20035461304c56d49053f281b6c","nonce":"0de7655fb65e1cd51a3886d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"cc8340b1ad24d45fbc7c0afe4b3b0b13b1f24c8ae68f36a61c5b058efba65002ecfc4a1ec66f468ee20ecb0f8d","nonce":"0de7655fb65e1cd51a3886d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"bf0d1c75e517be84efeef8aee5a8af71122e7d17e0cb0b4f7085009d71bc97851711006a8ac584d7cc32e41e4e","nonce":"0de7655fb65e1cd51a3886d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"8f22b0713bb2589b14a1ee13a1a39b5079328ae2c9a64af1fe28b603fc58f287a2ab39bc45813f503d4c357711","nonce":"0de7655fb65e1cd51a3886d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"178d77b2f9d0cbef583d90ce6fae51382b4c8442ac0f3eb38abef3f84a6a5a6638e99731fbe9e4d23f1582d910","nonce":"0de7655fb65e1cd51a3886d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"bda2d58614d1fa3f81ef368ef8d8fefdb8cfea1d8df977052df29de453e4b4f8fc3498019bc46951f29b19b575","nonce":"0de7655fb65e1cd51a3886d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"79920a26fc98600fdcc48c8803d2505ff327852ffa15ce4d8de0755d61551daa5944ac98d98a98959d3cd9d350","nonce":"0de7655fb65e1cd51a3886d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"191a617e4dcb0d64dd19af99f9e9e00dcea44da510397ff620001a2e1e6a0c2d7824751c46585356261c8d14f3","nonce":"0de7655fb65e1cd51a3886ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"cf83de166bb5b9e72a9663a5ed0194072fe63e3dbd30e7ae53a1d192eda14447c41ca0e52064a002d1cc5ece2c","nonce":"0de7655fb65e1cd51a3886ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"603d602e6850f83bf0773402810e6daeee32048b834b31dbb9eb4aaecf399816eefc98d4bbe6d11e4a4f601fef","nonce":"0de7655fb65e1cd51a3886ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"9d4d1d06111583cee1d96b946e90c3dae3212f83a7f5e5d2c6ba56bf6a15d808778097853661f59c625e4a4508","nonce":"0de7655fb65e1cd51a3886ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"2d43666d2b7c3537f8bbb558ab9b7bce11c836d40217838e0758da700a205b05e3be3cb5c806ccb7670fee4b6c","nonce":"0de7655fb65e1cd51a3886ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"b57682ca38846804109fe0c74ab84a6e44c5f22758d566161b8cc9c902c61810a2147379af4d45bb680822c256","nonce":"0de7655fb65e1cd51a3886eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"bee735b2fc9ee5d48b6f2b9ed6b9d0316598527e3e77d7417f91f332d6254bdb4ffce2ebc29c989a56ea62dd66","nonce":"0de7655fb65e1cd51a3886e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"0b44c70654c0e10882369994c598795e9d77d6dcbdcecfbad11968f6d1bf2e7af90585c2ae6057fe5980633e09","nonce":"0de7655fb65e1cd51a3886e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"bbb58e450281330e18afee3855e6a6875704455ea50cd616d8ba5c1ad4af8f0b1ed6551103fb8bddf98c4d444b","nonce":"0de7655fb65e1cd51a3886e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"66419391e80d95557a6010cc9ffcfc08886a3c87e942593bc1608b2f2793cbeafd47568de89135ba0e56dcb6ad","nonce":"0de7655fb65e1cd51a3886e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"d9aed4eccc66a26e540cfcc5f0e76d025d0949a6a624682e63c55b02cd09e41818215b3f29a1ce205e93c37cd4","nonce":"0de7655fb65e1cd51a3886e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"f27b101bd5df66073359a92de271c4e67b7446c7f8af078b055b2c8f90d50abe42c216db6440986f8fc162ca31","nonce":"0de7655fb65e1cd51a3886e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"18ee6dd7950d01e3338cbf01a6d8621bc8cbb9ee6b742f0aa667c057b8fc0ac8e80bf01c42a3ae40806e1b84d8","nonce":"0de7655fb65e1cd51a3886e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"87924c1695322925c5b86f83233efefc4a1ab2e7f9718be09153cacc67362a2922e4286f77751e2f0b5af62c4f","nonce":"0de7655fb65e1cd51a3886e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"baeeea7e7e08fd8d650beb8e321c9aa56fbad29c84817ac562c93d3e5d2457290f9c766ea85be2b3a9a6533d08","nonce":"0de7655fb65e1cd51a3886e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"f1d41481b3220bd055e2c160ea5ef6012e6fe8908cd12070b0802864708375a779e4c681b2078e4dc72a84d9c5","nonce":"0de7655fb65e1cd51a3886e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"38422096a7ff0ba87e1e5daa772d87ba6d8d152d9e4a81ea89673b830d90a5309bced6a1dc91a23045d0b97a15","nonce":"0de7655fb65e1cd51a3886fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"af3f439e0c9728b716cc4c220bd42809d8722eb5e049398a6240c1c9043ff68afbd9ffc11996b7d84b3b996495","nonce":"0de7655fb65e1cd51a3886ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"178dbc6fd977fbfd77f893e70626a492b3fe1273b4388ffc2cf863e80af20ea981e0ca00a8e1daca58a7eeac68","nonce":"0de7655fb65e1cd51a3886fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"35c1240e9294fbe3a463730d5bd8b8a3d22e81eccc64cee4370483a400042c513a821adccb4fc133260be5c36d","nonce":"0de7655fb65e1cd51a3886fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"d8856e38327d2d0aa5430a0a05a01c3c1af91fe11ab2fdfad72f2d985ecb239d452c61cb0a26cf9525d76dd7ae","nonce":"0de7655fb65e1cd51a3886fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"fd8cf7b5df1fda70897d7fdf835888c08be8c85e5753968cd39b316da0483d1c68cc993695ba0a395701eb4060","nonce":"0de7655fb65e1cd51a3886fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"dfcaaae2d9d16e0266773999915635054eb85e218cb7006fa84c1fccf72a413a80030e596dab4c0b7b60511b98","nonce":"0de7655fb65e1cd51a3886f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"03664d652c57bf225d7c8e555834935abc6d0cb80205f548378fd5f30a7d4fbc498de34dfabd7ad75049eed304","nonce":"0de7655fb65e1cd51a3886f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"b888f30f5eb071692c4c1608276fc64b3d8917cc33a6b933cfc2079febd3e81d2c74b8d4b7c361d7d4c89b52f1","nonce":"0de7655fb65e1cd51a3886f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"f2d6ef6eef4e76ac28871d7db4434121956c82e8a31c490db8018633d9a9cb2244daf722725f8e4f5cec1c8fb7","nonce":"0de7655fb65e1cd51a3886f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"2492f2061b231b50265808170bd925a2fcb619df980a853d45e65a04dcf6899af20e5cf2f64f7244e4e866561d","nonce":"0de7655fb65e1cd51a3886f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"11e24b5f18b574c46b3bfd79c04ed2c3e7a42d4169f659d6a395cb54eeb0828e4a1039bbeb47de79191b4da413","nonce":"0de7655fb65e1cd51a3886f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"f0356978049122d64c2d8f3a13b726d9090df7624172e6da1824b3a4ac75e612f4f8186577b569a4417500ca3c","nonce":"0de7655fb65e1cd51a3886f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"dc53644d7e67776ab1fb26b59a9a512d1e40366af1c08d80858ad87bfddb502670743f2ef7a25c992d1b96ef20","nonce":"0de7655fb65e1cd51a3886f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"596fe3ad29f428f85581872a4084bf1c4a1affa6469e8b24f6be51553c9121aae0352e5c014f7a6ab03483af28","nonce":"0de7655fb65e1cd51a3886f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"b72f199185af4ec2d5e90428bea4064bb4b0a93f5cae4740da346a582c5b568ed604fc0ab36c83ad67ea2b3418","nonce":"0de7655fb65e1cd51a3886f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"c6d2ae8131d606197b0af0545681db2ddf1f41b26e990afc7530bc5e6304acad82b3fa79cd8d3f27fbab41eaf7","nonce":"0de7655fb65e1cd51a38868e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"9802456e861c4bd8f0b8b494f338dcc8b2b2d66492c58b99584336da878b8551e92c2925df4afa786ae951cfb3","nonce":"0de7655fb65e1cd51a38868f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"ef690a0e231d431134d569d063c83b639815fbb16eca3aa91953252ac8e65cd77182cf5be0b7a5f33c4460dd5b","nonce":"0de7655fb65e1cd51a38868c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"dbe1a63f032843b993fe37573f27872189f88e07d12574c60eda910e3d82b0c6076c48ff4aba85cb97fcc6d884","nonce":"0de7655fb65e1cd51a38868d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"847484e1e94b77fc4c6406178be0bf8f2d1a6c0a62ca060c314a02b590c634178418bee3683abe44fbdb722855","nonce":"0de7655fb65e1cd51a38868a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"5d1927cf7a9ff5c9fdd0508a330618fc39da88077377138212426e1cb3e75cece85a1f8b34ab6123ad2eda26f7","nonce":"0de7655fb65e1cd51a38868b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"5c98f4e02f8a7da93449369ea4af8abb1392261774a51075bdf85f0e13a2de2dd7190365aee4b040a64679230e","nonce":"0de7655fb65e1cd51a388688","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"c26ca9f1e58ad0f43a9f9622ebaea87c48430364678a23eae1b3eedfb374d6661673ff92789b2f3dbf0e0ff28e","nonce":"0de7655fb65e1cd51a388689","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"0a8d0787857ce995f19d22d044a2e68c574c692343994626867aabbb8b10bd0666b839a1a87492a7b6e27d68ce","nonce":"0de7655fb65e1cd51a388686","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"973dc37b86504bc5a543d8b56adac2f0410b75cd9c9567e50eb88633d60385131189cf26c474d4db7d13795ab5","nonce":"0de7655fb65e1cd51a388687","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"3e4d9d545f87eccf39c1d2a1072483918ad3e4243f3617dfdfc056e7d45bc22f817b4bdb0baf064669aed48dba","nonce":"0de7655fb65e1cd51a388684","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"ed301b4248dca448bbaa0d6b770472590f1c59e87ea27c96736c721a0eacc7747b5ee43627050224a8904339e9","nonce":"0de7655fb65e1cd51a388685","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"3c96805d193890f9a26de05bb1df83e94cf87d4efdbcbb148549de7697863db282bce1ea5795b2ed868b42c4b8","nonce":"0de7655fb65e1cd51a388682","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"7d0406c06dafa7a797726fc8b93e8d4f04f49bdcb38973caeb28dc3228babffca309736cd7db82c4876854fbee","nonce":"0de7655fb65e1cd51a388683","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"375818636daf31b8221cabf5ae4967fbcadb9b919951e907bd72b6b6158438522ebae82d63852b67cc3bfcdfed","nonce":"0de7655fb65e1cd51a388680","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"9a585ad7ada6d5f147a17bae0db92a16193bf1b9cd604fd8e0652cc08ac61a13cb02e52be0975d934788b30b75","nonce":"0de7655fb65e1cd51a388681","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"72b7e788ac32d6bb46294db88c174756560cc32bab715cc4b0f9a06ef2174d0c0e6402980a3ed6c75c35c9fdf9","nonce":"0de7655fb65e1cd51a38869e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"a1cdb7df1d2cdcca1e7bdda9919cd1db78b4eb814b11dd5fc7055c83607fc2a7d12518038e11058745182b232c","nonce":"0de7655fb65e1cd51a38869f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"1c7a44fad22006aaaad3ff781a28ab695bc927ae7070e6b06880cfa4129aca140199f91e6a4be8eaba5ef5282b","nonce":"0de7655fb65e1cd51a38869c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"c500ee7af0fc21aa1602cf887dc98a51679805ff2de96b5b59e97c79602cadb0bcf4cb087064d16904219eb467","nonce":"0de7655fb65e1cd51a38869d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"25623e2fdfabf1c6297a0aab9cf7dec333b137c76643f438505b0dfc230f0f417e3c46de35a2a8c72bb606976a","nonce":"0de7655fb65e1cd51a38869a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"f47a6b43a0d867c2f8937f23d1cffc78fdbe1b368482c2233d205525f2520ba0f73c48047af42f773ae4a83d74","nonce":"0de7655fb65e1cd51a38869b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"0e0b86f147e1a214ffa1e9a4a80c15e85e0b03b00fe21b6412f5da819a2c9d9a7c17ea61e428043df456cd82dc","nonce":"0de7655fb65e1cd51a388698","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"5feb5f93da29886db08e08d7f517aebb152cbcfb6c65baf648cbed9026d3e4071d876e67310ae6a4d25388c04a","nonce":"0de7655fb65e1cd51a388699","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"abde631d1ad441e1b0c4a579a0837b08f943c48a5e48ede2f534192263f793a65a02ccfad2d90aba4d82ba0065","nonce":"0de7655fb65e1cd51a388696","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"095ed33a14f2177ec08cf4c488800ddfbc97814df26d7521b8fc5a65a870c9af327a83843bbb03922406d38706","nonce":"0de7655fb65e1cd51a388697","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"2888411123dd5d64fd7f02a23be58e75541ed6fc6567d7630b97920ddbaa383c8e99e735bc3a8a9804767dce61","nonce":"0de7655fb65e1cd51a388694","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"579bb66f4e0440e096197ec39e8987384f9e15571e5391ce0c6ee39d69b07b0f9b9dc5abdb35c89eccf61357de","nonce":"0de7655fb65e1cd51a388695","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"bca61f89b05e4ea0bbf89c294de58f0b2d879c9949301842e2bb9da4dbea96e29be55ddd2fcc1406645ef4c5f3","nonce":"0de7655fb65e1cd51a388692","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"e50ace643089708b3fd250defc655a1439ebdeccf4709d0af29a960c7c404a2f10a39b8f05a88ea4beba29f1d4","nonce":"0de7655fb65e1cd51a388693","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"2c15603787ba48828c2688d39e41cb7854d1f5859258e189cd85e55c334a587e55ce66c1c71519c4975de2fb10","nonce":"0de7655fb65e1cd51a388690","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"e503ce8fef1d3b3e28e3c9b493061557a8bc0f7a0d1ee8faa797d1812447b9e4d8eb25d05617ce3b2a030b5373","nonce":"0de7655fb65e1cd51a388691","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"da222da8f9354dd81da4ba2651c37a498829d0c5fd0495f4a632de57559718c66a62bb8b04a015494a070e78f5","nonce":"0de7655fb65e1cd51a3886ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"2a1c0db671eb3f6146bad5f31cc893a22c46c90918ba09020559982edc2495cc1857ff3b5c34af1e34657dd6a0","nonce":"0de7655fb65e1cd51a3886af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"9035abef678a42cafedae3cd3a3eb60787d6577354ad41940fea5c6da32ae49248d8ac5376e2563521bb91d49e","nonce":"0de7655fb65e1cd51a3886ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"38ad3bc05995cef0392ee5ec7ac6264da828b503713c3a98e988236414467062e6c939902eafb0f896490cd591","nonce":"0de7655fb65e1cd51a3886ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"30646c47e309d4e20efc49b9e1bf152eef11ffd1656b0c33ee8532f1c8006394801312efce723983408f8938bc","nonce":"0de7655fb65e1cd51a3886aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"61fdb9b1c2474aee94cdf70330cf4bb212d3465fb7eb76bc34f3a38d1c35e29509c50e8d9595bb23216bde2ca4","nonce":"0de7655fb65e1cd51a3886ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"ac79784979ec61ea155482fe24990bd563200e96a145c36701aef75e690b80312edb01e701269c56189fa708a7","nonce":"0de7655fb65e1cd51a3886a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"9e46ee030bfda0f29dc081fbee5bc054ea83a8c11f350911cc219e2a5691a80cf485bb2b123136fd985f0f5289","nonce":"0de7655fb65e1cd51a3886a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"8a14e6ff7d61220e507dc9a63f833a03f406f493e992b57d5a94040b0b4b1cd5bb24a6d70a96d7f8f956520098","nonce":"0de7655fb65e1cd51a3886a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"0957547e8c2176ddeac425951383ef48b9f6496634b6b562ac4fa29593c863be8e8f8dc18dbf87da59bb413358","nonce":"0de7655fb65e1cd51a3886a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"49bd3b237505ff28ede9b9ffd81e68b502a43ff375fe120a4c2ffb08e34fb5ee8f7f9782b7ef47f2494217f0bc","nonce":"0de7655fb65e1cd51a3886a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"ad8dc2f31887cb8472dac99ad2267388b250cd5e5a5fdca59fe61392eff7d42f534db11349ebf3bc5d3ff42246","nonce":"0de7655fb65e1cd51a3886a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"6959086fb8bec55f9d63e591dafbdf8d703cac9e1693dbec19257f0e860c38d4686736bf179a9327c734e42142","nonce":"0de7655fb65e1cd51a3886a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"cc5d5a8c035664973fb60528a0e24c0682ea31a1192d30ef7e3dbdf82b0a6e452c4c24a4d775fdddf71a97366c","nonce":"0de7655fb65e1cd51a3886a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"a4a9625f0f0ce37c6dd8d16144782ea71d72a903f98fd8313b7ece44d64e3bed6255f52af600df7782db6015f9","nonce":"0de7655fb65e1cd51a3886a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"0a671cb77cc9423cdd4e5be83366f73dee5e39f2235c76fbed21959a71eece62e49aa29ba16fd1cce2cde12fea","nonce":"0de7655fb65e1cd51a3886a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"94b3caff810bbae3339511cb295c37ac4d196257a2920483698dd81bf02fd9edda6f9cd730ad72f43512364f6c","nonce":"0de7655fb65e1cd51a3886be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"762f0a4fe9fa7edec48f1ff019d811f0528255d38f3321f0a2af113d456a9f8b78d4d3d0cd8e2251cf1b746c07","nonce":"0de7655fb65e1cd51a3886bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"8215aa32f58fb1508b349401933f9899f39b0bf83619d668e94fe0aee8502a913740a9bff70f4a04f237af1640","nonce":"0de7655fb65e1cd51a3886bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"3ea37e19eccfb40d73e810db00a93967d9563e76b4cb88b047287a54459f39f98844774b26067f806854608fda","nonce":"0de7655fb65e1cd51a3886bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"3fb41073c0ab2240acab2911b41edd12a8394090c2670276240c09935c30d92da9964f83c5329e374d26d6474a","nonce":"0de7655fb65e1cd51a3886ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"4fcc63aaa6796362f19f3d268921b3f21fa9bac8eb5040c9251bd47f949d340fa873e7ef0c29341246eb8dbe4e","nonce":"0de7655fb65e1cd51a3886bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"4bb551792b52615658ea11f46cf2d85c0efb057ffe5b860bcc006417200fdcb6a7cb90e8f8e6dea4fb5c67b3c8","nonce":"0de7655fb65e1cd51a3886b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"05ea3f46854ee37e28d718ce7bddb3a7ba0a38aa8e14c388233ca60e3d9524eb929a3e287d598e49d9fefb09a5","nonce":"0de7655fb65e1cd51a3886b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"f6545d4d148ef73243035798bd92cba5b33e342f26bb8858bcef98420eb55da2073a0490f57de1929e763b2242","nonce":"0de7655fb65e1cd51a3886b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"71519ada763ec2801845da16cab7fe32773e5371cd74fa63cdbacbd45e0a9aed7754b88366b5f532f5e30fca6c","nonce":"0de7655fb65e1cd51a3886b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"5c8d177e8d975282f54b370ffecdd32cdea9e916f80b2dec3fdb7d1bb99e41e028a434d30709e4cc7d227421c1","nonce":"0de7655fb65e1cd51a3886b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"6309443adace92440d58c86e42f5f4a85a34804e66a9337c0377ea3d33ed49588619a6b7014874226f51774f20","nonce":"0de7655fb65e1cd51a3886b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"691ae6028a62e8ceddb779ab7f859eda32d00248e77a4ca1c7c6e3444758f164e44f27d7255e5a13a8ba00fe33","nonce":"0de7655fb65e1cd51a3886b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"fef8e4f45bb203828f097ffabb3f3bba7a167e36424595d6060f3d80776160f4495dd454f344182d788c898f90","nonce":"0de7655fb65e1cd51a3886b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"706aa371762d4389194d77c3b8df4a690ee6fe16ad97274f808d65feb0275c7bd949edfaaa5714477960d7f194","nonce":"0de7655fb65e1cd51a3886b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"6324570c9d542c70c7e70570c1d8f4c52a89484746bf0625441890ededcc80c24ef2301c38bfd34d689d19f67d","nonce":"0de7655fb65e1cd51a3886b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"1ea6326c8098ed0437a553c466550114fb2ca1412cca7de98709b9ccdf19206e52c3d39180e2cf62b3e9f4baf4","nonce":"0de7655fb65e1cd51a38874e","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"530bbc2f68f078dccc89cc371b4f4ade372c9472bafe4601a8432cbb934f528d"},{"exporter_context":"00","L":32,"exported_value":"6e25075ddcc528c90ef9218f800ca3dfe1b8ff4042de5033133adb8bd54c401d"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"6f6fbd0d1c7733f796461b3235a856cc34f676fe61ed509dfc18fa16efe6be78"}]},{"mode":2,"kem_id":16,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"d32236d8378b9563840653789eb7bc33c3c720e537391727bf1c812d0eac110f","ikmS":"0e6be0851283f9327295fd49858a8c8908ea9783212945eef6c598ee0a3cedbb","ikmE":"0ecd212019008138a31f9104d5dba76b9f8e34d5b996041fff9e3df221dd0d5d","skRm":"3cb2c125b8c5a81d165a333048f5dcae29a2ab2072625adad66dbb0f48689af9","skSm":"39b19402e742d48d319d24d68e494daa4492817342e593285944830320912519","skEm":"085fd5d5e6ce6497c79df960cac93710006b76217d8bcfafbd2bb2c20ea03c42","pkRm":"0444f6ee41818d9fe0f8265bffd016b7e2dd3964d610d0f7514244a60dbb7a11ece876bb110a97a2ac6a9542d7344bf7d2bd59345e3e75e497f7416cf38d296233","pkSm":"04265529a04d4f46ab6fa3af4943774a9f1127821656a75a35fade898a9a1b014f64d874e88cddb24c1c3d79004d3a587db67670ca357ff4fba7e8b56ec013b98b","pkEm":"040d5176aedba55bc41709261e9195c5146bb62d783031280775f32e507d79b5cbc5748b6be6359760c73cfe10ca19521af704ca6d91ff32fc0739527b9385d415","enc":"040d5176aedba55bc41709261e9195c5146bb62d783031280775f32e507d79b5cbc5748b6be6359760c73cfe10ca19521af704ca6d91ff32fc0739527b9385d415","shared_secret":"1a45aa4792f4b166bfee7eeab0096c1a6e497480e2261b2a59aad12f2768d469","key_schedule_context":"02b738cd703db7b4106e93b4621e9a19c89c838e55964240e5d3f331aaf8b0d58b2e986ea1c671b61cf45eec134dac0bae58ec6f63e790b1400b47c33038b0269c","secret":"9193210815b87a4c5496c9d73e609a6c92665b5ea0d760866294906d089ebb57","key":"cf292f8a4313280a462ce55cde05b5aa5744fe4ca89a5d81b0146a5eaca8092d","base_nonce":"7e45c21e20e869ae00492123","exporter_secret":"dba6e307f71769ba11e2c687cc19592f9d436da0c81e772d7a8a9fd28e54355f","encryptions":[{"aad":"436f756e742d30","ct":"25881f219935eec5ba70d7b421f13c35005734f3e4d959680270f55d71e2f5cb3bd2daced2770bf3d9d4916872","nonce":"7e45c21e20e869ae00492123","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"653f0036e52a376f5d2dd85b3204b55455b7835c231255ae098d09ed138719b97185129786338ab6543f753193","nonce":"7e45c21e20e869ae00492122","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"60878706117f22180c788e62df6a595bc41906096a11a9513e84f0141e43239e81a98d7a235abc64112fcb8ddd","nonce":"7e45c21e20e869ae00492121","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"2824bc845816bad046821fabc192412f9ba79ab9f7373def76cff5d7a49ae4cb2354e90b95a3686d9f9bdb8cf6","nonce":"7e45c21e20e869ae00492120","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"0f9094dd08240b5fa7a388b824d19d5b4b1e126cebfd67a062c32f9ba9f1f3866cc38de7df2702626e2ab65c0f","nonce":"7e45c21e20e869ae00492127","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"f268702fca91a3b3d6c02c200aa277cc0f3572124afd53a0f928f8ca977466a15e37e41f73cdcf5027429ee6df","nonce":"7e45c21e20e869ae00492126","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"5c293be68c23161a1b82bad71497f59e8d9681e3dd0737239b463d0c04b26c83e132031aca7e4025cc33cc11e8","nonce":"7e45c21e20e869ae00492125","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"78786384731d10b95c6aa823ec1b3f67afb6b6e4fbecef00a6918591353fb68225196511d04cdaa83abcae69f7","nonce":"7e45c21e20e869ae00492124","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"15e71193eaa292ad99e4978526e4d5de6c9b04078af9b055843d0a042126db724f1127cbb29d7fb54fda6d3ee9","nonce":"7e45c21e20e869ae0049212b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"668a035e9f57777b5188ad1e90a23cecf9f61c783828e04ea0bbcf9502d28dd92566be84be32fa90e07fa056c5","nonce":"7e45c21e20e869ae0049212a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"dc37b1802b2febdaaebf348d7a4946a94398e8e429c2d01cbc3e3581451fa3621f704e82463ca27267fde39374","nonce":"7e45c21e20e869ae00492129","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"4c9e9fd5c915a2c11c6bf8f9dcb296848724ff771aacd896a4ab1b1cb638adbfa9fd341cff5d7a854015400131","nonce":"7e45c21e20e869ae00492128","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"210ab419fb6dc61e3cc4f4e19c5fa168126e9e69aa8e4da7e8395e948221294d3279e0bea52a663ec728e32faf","nonce":"7e45c21e20e869ae0049212f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"345494e1f47c1ab2bbb277db28fe9097a65a56ce9baec8bb8fb478325ccc60e4122dc440220e459d156f62fdef","nonce":"7e45c21e20e869ae0049212e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"953d0a1e09332918d4ce6ff0064e9925178f008d88930d0a16d5d60a546cc40d395a2f10e85cff6d6bba02c49c","nonce":"7e45c21e20e869ae0049212d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"7f0dc1c849a322fcecb7080c25d37e8b7ad08ad20c753c7e0c6bcda8c560925fe7b1a946e5a97f2d044bf6712a","nonce":"7e45c21e20e869ae0049212c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"d1f4ed3af3d8c6a13d0bc872b7be6a895c66fe60582eb6c73c3238f2edb3bcff549b27c74ddac31a9032558c55","nonce":"7e45c21e20e869ae00492133","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"4d727b855dace6d190d574e4bfadc1930fabe7690a28c8516b8d300c976564560ffa673c0e95cda56965d93a8f","nonce":"7e45c21e20e869ae00492132","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"d60a767f473ec5bc14df8a181986b12f5404302ddef72259e4bb162bc66bc415b6524ed14479d9a4e07da81787","nonce":"7e45c21e20e869ae00492131","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"5e8575e3a237a7a5c775a557663290a0999c20691263556a7338e44033937ac11ceb6298ac4fc8af6b2cb4a4e0","nonce":"7e45c21e20e869ae00492130","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"df9c14552f65b7eefcd06ffa7ac4e50a0a3fc85bd93372e73b15b2a42e0cbf4198ea8943a490cf186f2c963c22","nonce":"7e45c21e20e869ae00492137","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"990f065786e08df0470e62863ae6f49cb2d5f4e19ee2287b240dd83859087a8fe403117dc6b5f0e9d976e4c2af","nonce":"7e45c21e20e869ae00492136","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"8578d5163221067bf80f87234b852e0ad202e627739389f0010fcdcc1e9bb578172b0c40e172cd83092cb8f02f","nonce":"7e45c21e20e869ae00492135","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"82e894260e629970e6c1230b042666347e2a8f6f6d106412b5d4f1667e7ae6860cfa592087777ec0efa34988b4","nonce":"7e45c21e20e869ae00492134","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"1878000135e7ac8d847092dd333515bbf8a59b642cdbb5c70fa39cda7b6cea09b468d421291ddaa2ce8db8658b","nonce":"7e45c21e20e869ae0049213b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"ad1a20202dd0c0ea4340804b5ebd1be51c083d5c2022e4d989296fde29cef980eb6aad12baee4af919398c2d1a","nonce":"7e45c21e20e869ae0049213a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"e58112dced5bedcfb19fd3fc548b3d375e5e00a4ff3d4a20fb71e901e21262af4b61b2f3d3d647fc85c56338af","nonce":"7e45c21e20e869ae00492139","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"14ea41ca760554e9c31a5a603d97d544de91f0cfb76a7d9dbb98718b749c535fd3b8e4690783b1dfbbb37948f9","nonce":"7e45c21e20e869ae00492138","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"ebd01a14fa0f78c815f8091a4f9666f72bfca0369446c859e794a9aa6d420d20f6d42f1bf24091e3892f9416fd","nonce":"7e45c21e20e869ae0049213f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"18a40f02605651d798f39ba901b6b0c446b34a4ae9834c714d091c0285be40c9ad2017c5fd6e1573fd88d4614b","nonce":"7e45c21e20e869ae0049213e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"96dd5a0bc4e0bdb8141c5b1e3ef42787a02342f504328475dda53734e8f5ccf46de6a991d5257f2f252f0b99f9","nonce":"7e45c21e20e869ae0049213d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"4d426ddd0114f8b0386f7d3dd6289f0c01bf1e3c71c9a488819b87eae8ff116ad003bea59fd3d7ef02cb387529","nonce":"7e45c21e20e869ae0049213c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"636c02635dbb9d91035d2477afff061a56d9dffa3eab2046f5ba7d194b166f75bf14fca5e06e07e31d2556ce4d","nonce":"7e45c21e20e869ae00492103","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"2c6cd80f496be2a8c045e47a9aee8a19caa779388665fa9e8011c3d5cd07800a3a8bf07986fd27cdf278a0861b","nonce":"7e45c21e20e869ae00492102","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"1a64a4d0896ef163b1b4e0f0e5904b70e49e7ef85dab87e5eb7c393d9c7001212d3d51fd2ddad2698a349f78b9","nonce":"7e45c21e20e869ae00492101","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"98965226e90ad451eecde5e81a270d5e5feb8f4b23e7328c8c53879f53b4b9b6b2478eaea834667b220e333492","nonce":"7e45c21e20e869ae00492100","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"512123177dbe73cfdbb668fc9ef30e6326b9c03a11f623d01e67e6d4b9a7adfeefb67f93b55c16daff9d4e7b22","nonce":"7e45c21e20e869ae00492107","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"24464fc06633898853e022f4ba892aa284c9161533c83fda375c6a1683236a7ca1939a5be43141a1b8172c02aa","nonce":"7e45c21e20e869ae00492106","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"14e5901d95ee69d1c98919d96aa288703fbe5e62c20e15c750c6d5e3757cefd33125bc15f5e8900fbc8c202d8d","nonce":"7e45c21e20e869ae00492105","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"8e366ae0e3bac8195ab4094df9a0cf4b1395cb93f05baba5b5422013aa9fa99449d0339103eb481501fd1a5578","nonce":"7e45c21e20e869ae00492104","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"fe11226d7214375cbfffe85551a281a2e992b660baf7f9cd3ca22408efca2e455272f5eae1dcb2984180a3b80d","nonce":"7e45c21e20e869ae0049210b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"3bae18f9f5f6228dd524e58e3340ec05acf164e6573e41214713ac5c734367b503efc95f167c314bcb8dc2be40","nonce":"7e45c21e20e869ae0049210a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"e326d3c5662d76568c2a2c4f512bdcc6c0d3069c18e92f345358d64f1bfe03fc337ec7770fb639754324e33e29","nonce":"7e45c21e20e869ae00492109","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"976108b48713f36c4b1839dcf27b3b36b2bb7f45fc2ae436c64895f86cf4d67eba6e91befca3304d531e3a6f0d","nonce":"7e45c21e20e869ae00492108","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"81c0223d092b3dde01f2ea2d34af516a967ca3b6ca5a2819f476db5b21ccd1f509d28844aae4e5d174fe02b528","nonce":"7e45c21e20e869ae0049210f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"b68a98c8e1714aa6b95abd96e2e25bbde2de40e00947488f191de2ab56850ba2da48ab7be5d5c1dfe36fe5109b","nonce":"7e45c21e20e869ae0049210e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"3a7055cdc5a2b0a06b890fcd4cb894554cb6ea67777f6310ef1639037b6da0b7751b9b784fddfd9a207cd6df0e","nonce":"7e45c21e20e869ae0049210d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"3519439dcd99f702ff1c82728eec0c525682b0e9a22eba727ce4e5fbb3cbc734caee5f93e60c197319217bf6f7","nonce":"7e45c21e20e869ae0049210c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"25a81f2345d34be470f5a7ead140098e3a8e8c78d935714ed21cafa7659d139165e609bf95fb6f5305777c2596","nonce":"7e45c21e20e869ae00492113","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"868bc6c0bbf98eee95439b86ff14cbc1be3e86eb17820eb590d05c5aa5740c5c66d5c61972b2e076d894b3307e","nonce":"7e45c21e20e869ae00492112","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"dba2a6c832e374a68e7b5e41c64b8d406b11e6688a2da8ec03634d0ecbe6f7abb4a90620ae95f386ebbd61b79f","nonce":"7e45c21e20e869ae00492111","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"09553e1941bd96e29b10fdb3e5899a7b14dc427ff174baae8d3e933c27c324693070f78ef7753b8065f2af0d0c","nonce":"7e45c21e20e869ae00492110","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"10f1463a78fa3fcbb1b89daa65bacf8830805b1d04ff7c59bcd27c0c5614b959621f13f3413a1af5c3a91e3153","nonce":"7e45c21e20e869ae00492117","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"9e866c9028fe2131428195a7dc48c5e7c9d4f47cc868a267bf59e19c391b649abb5670b1fdf63f27ca61907421","nonce":"7e45c21e20e869ae00492116","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"beeb0ffaa620011aaeb27f2093829563502a87a8ff6a90ac012c70f943064b60ec73068d3511ac76cec078970a","nonce":"7e45c21e20e869ae00492115","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"43b205e8d119ed81360da9b6e0f9dd0f51d84575ea796156b6ec621d08c393c2d058aed3bfe06c3bf931cebad7","nonce":"7e45c21e20e869ae00492114","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"b81a462f518f5ed246ec555620936eb8bf14007f39e5c0aed47c2600756eddbbdfec3538806d137bc6b13b6cff","nonce":"7e45c21e20e869ae0049211b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"b59fdd1ec0bc2c5deee94b3db8bf7eb26ed338409c3c62af6f5e80c7169a9bd69d567ef8dd8a4effe9e1a2f6a3","nonce":"7e45c21e20e869ae0049211a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"e46de672a4422a5516e5a192e3b7eeb6d6db10d5aabb893b7c54353144a373c0d2994058ea9b42b60062509fdb","nonce":"7e45c21e20e869ae00492119","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"ece1ffdb1599d6f78437a968244cb0d069c7f8eead5f438acef707fc2ef54d07f70e3fb6bd318c4e68313be373","nonce":"7e45c21e20e869ae00492118","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"867aef686e0daffeef4930dd67954ec5e25d0d6c2d18464ed071f251ddb6f05d8bf8afdf7b6d0d8e77e3190d57","nonce":"7e45c21e20e869ae0049211f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"f08758733b5d4bb66cc5144d9675e29221626848c824148574fe8bbca806bb2e401ff6807b2d26fda159278401","nonce":"7e45c21e20e869ae0049211e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"5ac3f79551e9556b776394e5ccae4f3a677123e8c4ee0d5c3a1fe9d4834f16852eeeb71314e634743195a42301","nonce":"7e45c21e20e869ae0049211d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"799019ee1416036f3744496cc163157bf9db43802a538560d0c96e7cf0fde3b891931b7c898cf2ac917ff98137","nonce":"7e45c21e20e869ae0049211c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"47d67fcc355916e93c335dc330314cdef99cb05d1e615cded758d288b8514d983441f953c931afdda3593fc48b","nonce":"7e45c21e20e869ae00492163","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"99d524283fc7159075bb9396baa713d82db743a54b38c50239c277c0d15bc3e8693b4168e38a83c350271d9cf1","nonce":"7e45c21e20e869ae00492162","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"03570c8f94644f4eb18cf53c8f83c5ce756f90303bae10738634dadcd8f9fd427a0be8d072fd17a1dd49f272ef","nonce":"7e45c21e20e869ae00492161","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"566f9283166e395f8a005a906ef983843cc1e5edb3f61a65d11cf0e80e151561b6ae9ea9c073bc620a25b1ac92","nonce":"7e45c21e20e869ae00492160","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"8ad6ca07ea499d589895a654e63b44b2f57f3a45d8980204d79e8fdaa2d57eeff523968919f6d40ade472b73bb","nonce":"7e45c21e20e869ae00492167","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"852f8347466f3ae4db6ae236e5637d3e2e3860e6cbf790e7e566fd9a6fe4a1903a1ebe681f09375325553378aa","nonce":"7e45c21e20e869ae00492166","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"c7cfae0305cfb575f945bdd2d548fdd812fa70e19212e0626ee48ce19150751a1c92f820ced141bdcb1efed2fb","nonce":"7e45c21e20e869ae00492165","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"52981c85ec3d43ef68f17578a0eea3eb1673d09ed4fb49e7de45532c7794cf134cc91bb978123aead719be409c","nonce":"7e45c21e20e869ae00492164","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"0d23ce39112225947d7efe1018bb94a12adf93ad992cd2dbe18f443bdb34465b677eac13a2ab811963cb7121cf","nonce":"7e45c21e20e869ae0049216b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"441b8dfb92dc5d18cc1a65a3f21148facbf2c819cfc20f989cce2bb6a06d0f856d5df107e3d1260723cc7394b9","nonce":"7e45c21e20e869ae0049216a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"66d038005512663377dd7f9cf33836ce52ff972782b11bbe664b8685785fc870cb83780a145f9ee2847f6e3ed4","nonce":"7e45c21e20e869ae00492169","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"018bd321ba356c74d3f7365db100fdfed55136b734f9eb133e6e388e01b8f926f9e846b6d5ce9bb9c35e0fa586","nonce":"7e45c21e20e869ae00492168","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"1934ad9e8e25645cbbb404388a588962bf8c58479abadbb4f8eedc803067c4c533ce5d7a94afcad4c4809462a1","nonce":"7e45c21e20e869ae0049216f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"a9d4c6d1c53bd268bb4e141e6bd3a1a4110da55222e4e1d22cdce426007a0d66e12cdc2dbefe420c0479d4fbf4","nonce":"7e45c21e20e869ae0049216e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"53bece254de8a91eff98544f6753307cdea031ff67b36f4f9571776aa6fca01a484b63695b628db650ccd3e370","nonce":"7e45c21e20e869ae0049216d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"c480d1c1acde79aaa0e87a591253c19235bc4a42952873b52a4083a370f40e25e03db83f925274957e0bc66353","nonce":"7e45c21e20e869ae0049216c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"7d9f50b68e669ec2be21fc5d8cfa0bd1ed717f6323f62f892016ba4bbcb142f1833b4e9209ee18e91a48645dc2","nonce":"7e45c21e20e869ae00492173","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"cb5c9528ce6dd5664d2e789fa37b8096bcb4f9754e20b2e4a33622bd3cb5ab207f833242c45ca557a5d20d7b1e","nonce":"7e45c21e20e869ae00492172","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"0c8b3ab1021c736fed1c3452df7d850c32cf82b93201d6e3cedca45f4d9cf7038d48028fc1efecde0e96ddd33e","nonce":"7e45c21e20e869ae00492171","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"17bbda42b6a26b851b9501b1e0e88f62ce1cde5cd5b8e9bede5d3153611973feadd8961f02e89f07b8d2b99f5c","nonce":"7e45c21e20e869ae00492170","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"aece550cddf570cb0f4b9b9070a649476854d2cc795a47329c2f0b7cb69a72f8b13066db5d3caf8ca318940150","nonce":"7e45c21e20e869ae00492177","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"9db16d51242aa97b6f9e19714ecf3bbfa2c380168ac8392816c876b106bc95e6785dc66634049958c64a383cdd","nonce":"7e45c21e20e869ae00492176","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"bea3eb0d648917f1a42ed419601049e74560150a33e4d8aa48027451cd20db49a8f5a2fcac81c4a06a011e8dd3","nonce":"7e45c21e20e869ae00492175","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"ed3a2b852daa0cc0164f3c38130f64cd8409577b65613410b90d9f870b6a0b586dd8b6f68adab0ca3c9053972d","nonce":"7e45c21e20e869ae00492174","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"0f36be1b953d1e45b764dc4706a5373ae65dccf3ab944bd26d9157bf1e873390dd4633dfd6f5cdc0e376066b92","nonce":"7e45c21e20e869ae0049217b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"8f48e5994de96d0632596649c58e07ee57fc244a8a3e2621a3c341980491f7a0bc6261b14c4c7bf2f7fe82ef86","nonce":"7e45c21e20e869ae0049217a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"17f948c140a2036c2b232dc33531f473dfc5371714f19b1972177bafd6561c45a6d713e95c63b8a97a9489e5f5","nonce":"7e45c21e20e869ae00492179","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"4ad3dead3cab30587d5086b0c13bc96eaf4202772296a20c76853169e7c08f93665b6aef6ed47f2eb8aece9573","nonce":"7e45c21e20e869ae00492178","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"1b1f4059fcb273ec2189236722f59d8162828b37106841fd4cafcd7c865466d81fc2754cbfd0f50b5934e014bb","nonce":"7e45c21e20e869ae0049217f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"df64ede4d3986009b6ae51179e68bd38e726a3505ed7221c9b50e3e956bb7a87c0c9d5653e2877aa922112b959","nonce":"7e45c21e20e869ae0049217e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"5116b0cb78a1440664a90d4ca41fde84e0cf2b481851609c2453fc33f0bbf1e181a4ca11e8aee576d7942271fe","nonce":"7e45c21e20e869ae0049217d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"f70493b6a264d8a32f3ea76c1720edaf953acd429d8b543ecb9c806fe911d95f1514e589d07feb7fdf48ae4774","nonce":"7e45c21e20e869ae0049217c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"0c63bd7b3f74d90feaa4df017df95c4f6eaa7656ebdc3bfe3eb73375068f57f9ff31023a0fb48c8635c65a560b","nonce":"7e45c21e20e869ae00492143","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"46ec8d4f3d1e26b956c3f00190b80a09eeace332f8e7cf1c10a63705b542d89f6872c00f7813d760957c857aae","nonce":"7e45c21e20e869ae00492142","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"8ca521a0894603851a89ae34874559976e9c99938798ce5e3a4126f495a8984ed2d3fb3e7b5bd0a52824f334ae","nonce":"7e45c21e20e869ae00492141","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"f27c826211ae2f26e3917f46c51c2232af66f402ad1d2160496e3279b3257761939c6fef4c5e52143c78a7aa0a","nonce":"7e45c21e20e869ae00492140","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"2fa5f22fc6422614b92d72019a4ad2f8b3c6b03cc432bc17fae494572c03b728349e9197f1999f5fd9dde4dbb3","nonce":"7e45c21e20e869ae00492147","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"f976f2afd8fcbe83195193893f9fdc5a0996208c803d2662435f7794d8eed726a6fcf66b4a91585f318d587d9e","nonce":"7e45c21e20e869ae00492146","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"266fe7812e3968eefa375e59cb91bd60a8053b33fb75b38c2fd9dd20eab81d3ca81d1658d7aaa29afac3bf1cc7","nonce":"7e45c21e20e869ae00492145","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"f04a676edbc3e53ed0e2a64d0aecb7a594c44146f6f91743ddaa0bbe320c1ef4f8cea9ee09b5299bdaedfdd5a9","nonce":"7e45c21e20e869ae00492144","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"5883ed4de0e5eb7fa2a7245f8b8be905389b2a2d496f36ff06f9ac779b9008913c5806955586d28480e211fd92","nonce":"7e45c21e20e869ae0049214b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"3e509e4e51073eb550bafb55b9d1b36a8c7a6aea683d69b8a3f7f8c0775ea0150de5a30f7e290f373d73c5e8d9","nonce":"7e45c21e20e869ae0049214a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"9049296551c3103293514fe2f47430dba02ee6fcce5ed5ac67b977db3ffb4b53ca845118fb58faa98844a4000f","nonce":"7e45c21e20e869ae00492149","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"9c5626757b3a33b96c7d749fbf658ca1b7712e10622a13b4c1fd05026aa6fd1322299da91428a42ea818397397","nonce":"7e45c21e20e869ae00492148","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"abe8ebf261578de4a1788292b8ae6e5dcf2714c78c8f610fc02021ad45601667d06317575c644f1e377c148a18","nonce":"7e45c21e20e869ae0049214f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"70f34385979af639e91696f7595a0cb6a0ec87f756731f984dbd0eb58e3478e491ae9b3e15d739feb93b62b17a","nonce":"7e45c21e20e869ae0049214e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"d82d949e8e4b31b1c3b192a3207d295a274bcfe3bbeffbde82bbfbadbdc2880c8cae7fc076606073f752e7cd0a","nonce":"7e45c21e20e869ae0049214d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"d0a201c05515065cd64f635f7ad25543b65448cf4f3ae5f4491735cf7d66a6721f1db9342493ad02573737f575","nonce":"7e45c21e20e869ae0049214c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"a88220418465a1f7797fe72512c4bdccd1ed7029d4d86b815ca8765a920e58d4ac612d327160c4ba9f0f26f968","nonce":"7e45c21e20e869ae00492153","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"796230d39bbe16d3f703c418b602c94021c8637a3985b5765a72728a75fcf773d00e012aa17c4d0815e99df04d","nonce":"7e45c21e20e869ae00492152","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"ac50f6371c3d252e3edc8f9451d7e275ba472cc1e6270900f47e15297844d107d16520242f08683817881c5b41","nonce":"7e45c21e20e869ae00492151","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"229a6541c44ef916eb755b46347b2f95291e0a7224b6c137617b51bfd47fdb63531002f6093994f4613a767865","nonce":"7e45c21e20e869ae00492150","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"a5423e41526d350159f4750fa85a3b311a3daa2290bae2a5a3e06bc4bfd1c72670f89142fdfcf591862bb5f9b1","nonce":"7e45c21e20e869ae00492157","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"218e1a90a52f183d27e51e2236ecda04ab3ec07f87b6b9dd4b54f447e70f6d2fb794741541ddc30318d55e8e45","nonce":"7e45c21e20e869ae00492156","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"9556a7c55689d078571ceda4c981b672677cc65031fb7c7a4395879f8198f6d26c4a03a0213744e2774cb33c9e","nonce":"7e45c21e20e869ae00492155","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"ab5fe50a6a74093bef6d2e4a46a0398d5813aa540df77bd9552c875cd3554fbf791e5dbb585f4b7d45650e3634","nonce":"7e45c21e20e869ae00492154","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"7223321b1283324261b8b81828e3f0468da1b0268408f910c49327fa8e7ff48c293a757d5d5f0962532dfb4027","nonce":"7e45c21e20e869ae0049215b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"1a038eb9b8d39aaf789edce6a01fd84bd5fe08f758270c291a6d45b2b9d0f38f9ac0a83c9752c3f84ce325cd88","nonce":"7e45c21e20e869ae0049215a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"a25af4d36e519bea21f144005963402a42c8f24042d2eecac4dd2b23c431b9cf69113b89fd4bc993790375536b","nonce":"7e45c21e20e869ae00492159","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"f9c68c90ec34537c9ac6deb642084187a6bf4197dc3e6054f01ad3d4bcc6da286c6dbb8cc5d5694361f422e56f","nonce":"7e45c21e20e869ae00492158","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"3a8ef272c459d84d6b38050fa82d17237e8e4d59037824d0818704b19ebf577dba55d1a6d40fe1a9cc12bf82aa","nonce":"7e45c21e20e869ae0049215f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"c53b09f24ef6f13a125f6c728d36062737c03c45ececedd57a618f56e400a39591c50e165d35580c99152cb048","nonce":"7e45c21e20e869ae0049215e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"9c9c90bc6a2f47106a7c7b78cf6bfd1fcc2e94a0a605ec3014bd5caf312629112b6f0e0b4b0369f32ff17c091a","nonce":"7e45c21e20e869ae0049215d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"13472e03112cab192933d162de64e3ca8a7c810816a7a6268132cddd6b6f6a328cefc70ef0cefdc8f94da2b253","nonce":"7e45c21e20e869ae0049215c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"5ffc5106d21eccbe8c33b7d11f5cf43468158a740f11d0b1b526efe98111303c9cceedc57ce7730e077a6dd6d1","nonce":"7e45c21e20e869ae004921a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"5d4d53ff389260073b6cdb4cc320c770fd7eaa7093d8077e295680c06b215394a62fc1b4b0171e1e92c93e99db","nonce":"7e45c21e20e869ae004921a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"f902c63592fcfd4e6842f75c5f12362ea67d0b563b9952d38c80279bc5c6423bfd0097625c471985551be56135","nonce":"7e45c21e20e869ae004921a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"54d1f7bf9a524a25ef3bbe5a593463b949d8943cacb83444a4cbcf76741c25f15d067adec24eedadb4c8f7a497","nonce":"7e45c21e20e869ae004921a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"67cb96e861fbe611aad1502a17f7c557fba2f3a69c0f4f6b8c22f2879d958bf7dca6ae5edb23ccf49b7011d63c","nonce":"7e45c21e20e869ae004921a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"1af161c2089d8f396ced4a5651bb1f54e79c90bc898c5e2135db26543f4a95c581b2f08030d50f73f6bddc6088","nonce":"7e45c21e20e869ae004921a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"0db6d88500e7d6d73a8fe8cd0baacbf0c489200199af079bf145a32270905ab42eaec474ae4a35ef41fd7c3ffa","nonce":"7e45c21e20e869ae004921a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"19cb59299b6a6aec164f7fff93eb0ad16395e941264e74564d5f877e24af059261db6b9962c6f700abccfcb711","nonce":"7e45c21e20e869ae004921a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"ac2b85a48825f89d2359e9fb11f39755a23aeaa3c52e7c21cd6243507a337c312fbb22aa73d4237fa64514c318","nonce":"7e45c21e20e869ae004921ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"c4184889f40e552d2aa53dfe789a19af1306726666d30970e6930c83b0bbd4020f15a4d569347da06b95167b8b","nonce":"7e45c21e20e869ae004921aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"d9541d7ee0eb5535cfe4d1475872b421c4b9d87a5e350eb413b555299a866f73d612b26d3355e020db58ce84e5","nonce":"7e45c21e20e869ae004921a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"5649831985796ac0a4f9df2698efff9993b157673060ccf910ee5feb22f723db2b7640b9ef687c790ae107a4f0","nonce":"7e45c21e20e869ae004921a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"ff55786745c1a33cb5fefe5d76bfe056c69c6942d3d015b2c25844ba467cfbbb2c7e1d7cfdbde3e7078e41548b","nonce":"7e45c21e20e869ae004921af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"bf474b00298b77055ca572ae8efd86a39159570fbb31352ae91172b9a25e61e752d7ceca478db1f3438f7d11fc","nonce":"7e45c21e20e869ae004921ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"b6132773b035cf8fe051d6c36be055b553e8822103e391209ea7961d1aa72a7bb13b6fdf6043623e8a96be0f2f","nonce":"7e45c21e20e869ae004921ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"98f76afa09cfd86ce9decb2bdd5625adee493d5423bb9ff0bf64328018c069281f9a8bc7bef4a40e13ad931414","nonce":"7e45c21e20e869ae004921ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"ed3be9f2f27ec9ab7020810d9d7d40ae790bb2e0f54f70ddf0326944646bee15c0275d3d1400a9fb5678ee7194","nonce":"7e45c21e20e869ae004921b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"5606efe1b9c2224547dd49b0888045c3b35d8bc19a90357295b706704d4b8fd4d341ed2d9faadfa552cc28c376","nonce":"7e45c21e20e869ae004921b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"0ab81ff134f0cf4ceda31ebcabf379c65d20e33ad84fe9d9baca9d5cce387981d3f0e4dc7d88df2d500ac9125e","nonce":"7e45c21e20e869ae004921b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"9513d48cd5fedf539fb1d1eb16068583618af2665a462a0eceaecbfe09ce849f4dac7fe1d7e82dcf3c31eac5f9","nonce":"7e45c21e20e869ae004921b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"478f6867cc2bc3ac18f15ae45203aa1fc7714d1ba6b97445bafe3aee1613d9ba9be17d8ff8aeaba7bb20f62102","nonce":"7e45c21e20e869ae004921b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"fc708b24071e9900446d47ef7a5dff8fca3a64a562566aeff9a8130521afbe2429666b6a850c0b53f41a2a225a","nonce":"7e45c21e20e869ae004921b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"2ddd20f01285da77195913a2810f07e10b88db7f730a3baa6f29ef647b4027c5415bf795ba62d4b1094cd4589b","nonce":"7e45c21e20e869ae004921b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"c51491dc11785107765155b53c0ba9b562a46d64f56ba9db592176f6948dbd7c8efab841f36155ad616058bdc0","nonce":"7e45c21e20e869ae004921b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"db60de5c2490c9d7c2522a3570b5b09b1f2cb69bee2a38c2810ae1b65934d032aff7e140c12c0251e90ed1fc44","nonce":"7e45c21e20e869ae004921bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"d89dd65c3a837bfa83d2a8dd97072141bddcf450870e1d47772a0f32ecb2ba71fb9a722c92f153e9be94115362","nonce":"7e45c21e20e869ae004921ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"3359685066aadb08c99b09c8f5416648d773a6bbb9df1a6a4d736d8bc0d4afc7c28c9e275b68850a39a446fefe","nonce":"7e45c21e20e869ae004921b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"b88bda1b10c17f9bbdb59381a2cc289fbef5e15fb33a63bdf059a388bf463168eaf2462dfb1094ec6a4297eed8","nonce":"7e45c21e20e869ae004921b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"c596aed94d863ab51ea151e8c0ef1876927f59d57679e9322c382f780e8a833db7f8004f49148b57def89f20ff","nonce":"7e45c21e20e869ae004921bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"37f80d00b7e3d9758844f2be8c4a3e400cd32b1e0f404d468960a44db23d2dc93b18e5cffd830945adf333a7b5","nonce":"7e45c21e20e869ae004921be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"926c92aac5c535aa6b8b359edbca461eff45b1c13688688b66f468d0363af97e65e99811720c29bf135d694124","nonce":"7e45c21e20e869ae004921bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"1c857c9fcf7573b3f3aafd5bdf39da194946bad3561c682bab35866df2b65d14f3325b96205dbecc67fe0e685d","nonce":"7e45c21e20e869ae004921bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"fb6c67627eda0d76b1d673093bc93f078730da15570c0df0673d765848cd01ecdfe6f00377a8bb429477b53d8f","nonce":"7e45c21e20e869ae00492183","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"02ab384a425355a6afd5d010c885980afb536c7440d875009afa7d0966e6bd9ba8244bdaa825c5307780384de4","nonce":"7e45c21e20e869ae00492182","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"a246020253541a032afc3215c7ea17ab23eb5f2a228554bfea98c0664de1b151a68dca1210b52d90fead30c1fa","nonce":"7e45c21e20e869ae00492181","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"9798da9d9fe9edffd5e931e7a933e98bcf4dfd5f585c2dacb716d7fb98160c4d05fc62998bcf0a52c4f93640cf","nonce":"7e45c21e20e869ae00492180","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"9e6509ff674a781deadac91f070c65df0eec2fcd968bd16333d22f8df06967a24704036abbe41a82ddfc1640e2","nonce":"7e45c21e20e869ae00492187","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"de635d9a20c6fbc38aa8a40e10a9b458e77e72a10a6d4da89ec9356a93fc4c45bb6f889ebd1c232f5858042a11","nonce":"7e45c21e20e869ae00492186","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"2b59dbb2145ea67f709ec4e4652d0ac573c75759c57164abd5cb91a863e6c109b6d1326c2133f92d967b90c070","nonce":"7e45c21e20e869ae00492185","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"64b21789917e1641d1bb0c1bf72553e542bdf625e301d7897d0dc3785cc96a0d8416af007fed977ac38dff1b2a","nonce":"7e45c21e20e869ae00492184","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"4f50334ce4c861318382747883eb6b57d8cd957f07a5574375f1906a76a6c7b352911205353af0aa063ab7d88a","nonce":"7e45c21e20e869ae0049218b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"1d366bf1c10ae2575a87b58e1d26d182ec5b09b00cec5d6df754a2b2dd55ecf1e99272282170b3e31a79032719","nonce":"7e45c21e20e869ae0049218a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"aef8ba187b7ce998d25e91b517c09da5134422b1e84c96a8607c8247e982eaaf7be0468123719578dd7796ba9d","nonce":"7e45c21e20e869ae00492189","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"f6b38a00cca96e02259112567936808cb2f7f59d33c5c122318e2f964aa21b26dbfa0ca318d579c44e4e0c02ef","nonce":"7e45c21e20e869ae00492188","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"cadd9175fcb992825a887ef5a7bcbaf1e8e62b46cb9b50fb028ed84a6b9a728f226ccf57fbbbcba11431b33242","nonce":"7e45c21e20e869ae0049218f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"af58251abc5ed2667d4354e6791344bf8cf3b643ba8accd7898791c3e1ea41f52edc49cd24598f5fa769bed76e","nonce":"7e45c21e20e869ae0049218e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"70fcc32059c434f9603aedbd3cafa676bc098d9da63331b5e3acfd8f45f6e61c602aac1c1e774c643012f30b92","nonce":"7e45c21e20e869ae0049218d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"29dd44d1fe906d56854cb667fce408cacc39f78356a53e94122b435220b0b675947b96afbf954a4cc61bc0ccf5","nonce":"7e45c21e20e869ae0049218c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"180a7263982b3633521f137e3d44da2f27e7434fe6e14f0017db8b08316b0e500957509b82fe0aa7016cf9cac4","nonce":"7e45c21e20e869ae00492193","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"274037e0ddfda63faf62f30c4f0bdc4ca473550c21f45474cc0ba41fbe03691e7be95e77ec42526b7951039275","nonce":"7e45c21e20e869ae00492192","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"190446b183e07c54701123976c3a49943c5d2938493a802dd4a5a958e28302c81ca3873c8854f2f764c58325e6","nonce":"7e45c21e20e869ae00492191","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"57d2a59d2d83f03ae205be62b666959d15bdcbdf9c43e5eb072cbd77a4d600c61b7a00011d40605424b04225fa","nonce":"7e45c21e20e869ae00492190","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"6f080b600b3f83b380615b4276fe9784c13c7ab22f651fdd51206886a9cb23f52db59325fdc5073874a7ca08ec","nonce":"7e45c21e20e869ae00492197","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"fcb537f2bc303809353dcda27b73b700547225f700b03ead78e2fe53d34e7983058e4bcdcceca456c1918fc49a","nonce":"7e45c21e20e869ae00492196","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"dfe10e2bc7af2d19ccfe37a156436c6c399a0bc8586400542b8786834b703813c2f8ca20a9c2cbe3aab079dbd9","nonce":"7e45c21e20e869ae00492195","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"d31a5ee6172cc58aff7aec0464d8390b3eaefb14befe9af8faa82c0d10b15ba1785c53912dfc4459c5d997225b","nonce":"7e45c21e20e869ae00492194","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"6458f753b204dedb79f8573a7bd8c18b47ea06e8b783c36444708dcb546dc075f6b5c65241645ca626ebb87713","nonce":"7e45c21e20e869ae0049219b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"a9d29db90eff37290072f292c4577965ec21257df0d090a9e3a5261b877a2410cbd7001db7264ad3e7fbd967d4","nonce":"7e45c21e20e869ae0049219a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"d0353dea6a84d3b24668568f3c3015c698c79645daa51787f9395dca3b7361cc69b5439af528551dfb2d0b9cf9","nonce":"7e45c21e20e869ae00492199","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"8e253d631b453eb657b866a351561e275ba43aa65ff84057512167a8cc8616510a389ed9c9e6f40da441ea6e0b","nonce":"7e45c21e20e869ae00492198","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"bbb8c3be5961b878da2dfaf5571568ac973fc2d1bf72c4c2baad447e1794db460379c993779ead346fd884fba6","nonce":"7e45c21e20e869ae0049219f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"4c28d339c11c17159a29bcc1232713b91e369576c33fa09386382fddb138c500c36ced88d708393b2c5605e745","nonce":"7e45c21e20e869ae0049219e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"db77a417b9bf25dd167f8d0115aa2548b209b0155b48c8a2d8b35e9dc8a5933b4bf6d665a483280a2c05f9ee51","nonce":"7e45c21e20e869ae0049219d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"bd8a53d2d4394252fc425e5c810640f0bf3f9b4d22bbce5eff78d4a758b9907a2f5963eb4cef5f470ca7c32d74","nonce":"7e45c21e20e869ae0049219c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"430f88408390f69dde57274b585fefb392612a302c0149ad088c8ac8d172487810226ba228367e0940edd97048","nonce":"7e45c21e20e869ae004921e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"78fe2805e7212e9d61932338fc7fc797b7be90d48ca60b6e507087950fc203bd7494c20fbaa26231d7e1ed46e3","nonce":"7e45c21e20e869ae004921e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"3b22ae2dd43f669aebb3fd0c3da8c51200086b040cee387f3e54a38974d2a21ab26a0e8ef61bd8b86bc9456c26","nonce":"7e45c21e20e869ae004921e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"5d8240af0540f78bc80265d6f4fb6957071a32d7ee52a4311acf4bbfda140adababc6c9ff77ce63d9e5832f168","nonce":"7e45c21e20e869ae004921e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"505b6b892d8495bae8475f2c5d182abf750bd49f4a692a8d27762d22138b2fb3583891efd68499de7f3f08afa7","nonce":"7e45c21e20e869ae004921e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"6c01f7989a72a3c795a055f9638e0d3939164f17a17ce2b419fdfb4ab0a03dad2d41cb66fd2060721a739d5715","nonce":"7e45c21e20e869ae004921e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"5dcc8a3b22bf79e0010019ef8f7a8e6a2e4dd80e6d815bc85ee8a055870082b95e52a1b078c88692acae54fd68","nonce":"7e45c21e20e869ae004921e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"5ecc1f3203cf77181754446c793a6debb65ebae3aef5316624ea39414629e89a8f9050b3ede7bfcdcb456dc9c0","nonce":"7e45c21e20e869ae004921e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"7609d02a71d704a4c1cae30f0f92ed96a4738696ad172b00fddead8213b202cc0239e28b487557975c4c020534","nonce":"7e45c21e20e869ae004921eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"96009e8b0e093de3a0e8f09d67739187c760ddb1d70cf4d8b120823ba4766e9943fcb698e2e87689d105a05bab","nonce":"7e45c21e20e869ae004921ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"a8e65455ad6d25e5e42087f7fb40c4c5876b4310bcda1efaacda1e76332ee44b2d83b6ff333d877d5fb9b051e1","nonce":"7e45c21e20e869ae004921e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"fa0870fca683401c6240c758d4b7ac94f14423333fabf2565172f6e388336974eec4ad51a64c4145707a1b1db3","nonce":"7e45c21e20e869ae004921e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"21aa8cc730ad3e88ecf3aee25495626e2f884cb0a56e852577b2731dacb234865db5b907c6ee6be79a4716dee4","nonce":"7e45c21e20e869ae004921ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"8c924828d09ae2ace9b33100c860521c4e0316803705d31a13af84f81aaadcaef00b8f78f1b358efd1f5b1885a","nonce":"7e45c21e20e869ae004921ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"585d5340d7a1adf880c75a67667e85ef93a3ab1b468d74e68ee5f321a8b21a1fed53fd66b7f30b6cf83803576c","nonce":"7e45c21e20e869ae004921ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"8dd531cae59e828dd00aaf2acd4efe6b59b98a963874025a2ae32376ce8877451821b5e1dfbcc124f86c8ee2e0","nonce":"7e45c21e20e869ae004921ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"bb48bca4c5b646c993855aa2fcaea8c7eb348ee8292297ccf5dd7e57fbd7e3e96ae435ecfd277f3293cab51055","nonce":"7e45c21e20e869ae004921f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"dd16fa572106a00bd2ed7cf1c2b939564b20e06532ec939d9ddc0552f2103b61de83d4905bdbf5356011bde188","nonce":"7e45c21e20e869ae004921f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"ee7857010b32d08580f32a774ce88db2ecee95b3f53a98e88756db5385a8875067fc939f9483a21f7c7eac97eb","nonce":"7e45c21e20e869ae004921f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"35c794191e45fe1d510e49fbb5acdfe56ae8f1c1efb10c689a2c0490bca602fa6432722942904eaf2b4847dc18","nonce":"7e45c21e20e869ae004921f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"493eb1d65032dd11c930962f5cde5e069996d86c3324c6e597613a75df03b9ef99e4bfba162d28b7b07e616ccf","nonce":"7e45c21e20e869ae004921f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"6b97461f41ce7c7dd5262b8ddce52ed60ba50f4f135482a47f0f6ca6d76bf4c32ea101b0a082e1f5f6927814f7","nonce":"7e45c21e20e869ae004921f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"5d7d2f3a211d404adc91105a8e5e4d841eb8c1c3b0be356c75c3f98bd6609745ec4e01db21518255ab171b1436","nonce":"7e45c21e20e869ae004921f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"c0bfa0b52b21ee65455325920d81f5ea2441a6b104460f2be88b03c16e8694a75e445251d63e9a63db8976991c","nonce":"7e45c21e20e869ae004921f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"7cf502bbad755f6b44ec98ccbfcaf7a4f74838e11c1072edb405bbb9bc14e7565015bbd73d606ec7bbb0b603d3","nonce":"7e45c21e20e869ae004921fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"d918629f1813654c4476e599c00c22ac0c51b12c8b869b74596d9f6778343842097e828815cff35c4c4325a27a","nonce":"7e45c21e20e869ae004921fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"1b137c077bb2f784029530db09e0065c6045ebf4d02f1e7c40c05cdf5daaab03df741249b9ae6f68cff3100b8c","nonce":"7e45c21e20e869ae004921f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"3025f84a14bb9d5688ae662511fcd27f2f0bf570b357c899d53395d0baa6948e8dcf64d64fa5766301f41dde76","nonce":"7e45c21e20e869ae004921f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"7c9ce2f83139ce0a3174a4022d9bef9aae5059bc16541133bef045ed7e61c674324b6b440dd0920a21446cde45","nonce":"7e45c21e20e869ae004921ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"ef524f5c49bc9a31d77c6e9ea6ec84d05f8bc21df72bfcde1de7ed17a4326488b0500869dc8548b8a1a4176fb2","nonce":"7e45c21e20e869ae004921fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"a3aab4dea04d29104b5f386c49414ca26a79e296b06669b11c87dbf038f5cf7e3d0fd8e17e9bb7ab7be8c51c38","nonce":"7e45c21e20e869ae004921fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"b2fe6c0bc0ca1ef186ec16a3b4f4532c38654cdb6b3a003b1d58dce24f4f58576ff051a0378846240007c6c515","nonce":"7e45c21e20e869ae004921fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"3492d8243b5705dae2ddbdd6c79ae435d61c548d54af213322753972729a36b3784684da8d3978ffc0eb4f46be","nonce":"7e45c21e20e869ae004921c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"b76e4c31e9dc0a6d746e52a00650705a79f2485faa7c61d044169afbc902263d6bbe660922a711325615cff81a","nonce":"7e45c21e20e869ae004921c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"82cb2c8465d550e1004c472b0137b57f83f82cbbfd7043c8d1f581e51c0745ed3ef2b9f992f465a242a4e64c12","nonce":"7e45c21e20e869ae004921c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"20fcb5942788bc657df0b7701b02df95131686636d554d2d9060b627e4172d53e00e22ac0d9317d68068a6eda8","nonce":"7e45c21e20e869ae004921c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"d6ce9a9e927a744536d5036edc6310254285487d3a0e399d6eaae5f8cf7910a63b7a2294646aab004606aae1ef","nonce":"7e45c21e20e869ae004921c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"77ceb3d0a17e7fbea0a24b82c4a53de77d58526fd099343762db2d43be8a7b8b979daac8fb0df015ab4b84e038","nonce":"7e45c21e20e869ae004921c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"c09a0e3ec442a62de6e1a43b35317f2a283505889e9428af66f03ecd4c65ebf681d6120703dc41d59a47c41763","nonce":"7e45c21e20e869ae004921c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"c10ca59c62ba55feeca763b4108f8603e10c2911b172bb822b453fb27e6698b47fc7b3d6dfd247bebdae3e5700","nonce":"7e45c21e20e869ae004921c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"b466252b77d5d011f0d16d2d2f943c0fd8d359267b0dc00eafcc537f8d49a671fd4461b5186628c4862df8a1d7","nonce":"7e45c21e20e869ae004921cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"4b2eb6ce63f1e5b8e38648daab862545dfcae2eef5e872204ce08636b1fc8789a3965a763288da81d76509e6e9","nonce":"7e45c21e20e869ae004921ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"a02f127a0caed156e54dfdae5558529ce6c87e5083d592df1e8da96b467eb581713c01999aef2ccd775d5a2fbb","nonce":"7e45c21e20e869ae004921c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"fe6ee39655296a0a215fd6592a639ef9c149f3012ed790b3ab66b04e16ea8695040e3d704f769c8dc7941d280d","nonce":"7e45c21e20e869ae004921c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"bf60419485101ddf4398c1d6e451447f3871b248f73139b40bc21eb0133e96e4a1e6e5cf1262a104c2b1ded076","nonce":"7e45c21e20e869ae004921cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"583ae47b9b89ac17ff0e2a00679915a762601bea123f6f813b011cf2dd67d8a2cd084d19f2020543ea6c994a3a","nonce":"7e45c21e20e869ae004921ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"3919a3e25e2d2b4ab158a470f012a2e073d5f39a7620bfb439c2294b07e21a81144c78726e6e22ae5e47e65125","nonce":"7e45c21e20e869ae004921cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"820cd4d599c971d49bd33fb8a04ed9a9cfe2630699be7c9dec7bc47321561b5e25092a70dc19eff401cb78a145","nonce":"7e45c21e20e869ae004921cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"45fb9bd3e58abff9ffda67a7625fcd96d8341e080fcd13b3620f174807f1bdccee88656cc83ceb17075a679914","nonce":"7e45c21e20e869ae004921d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"cba6d329e7dd7ddb76243f8d2a8c4bd8f3e3a4ff6f9faee029bb9f9dafac5136323f8c56c11c8f2b14239535b3","nonce":"7e45c21e20e869ae004921d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"6fe2dc8be0a01ad66d65e9334a26ca0dc8d8826f50161598bc0133a8bd58046abaf5ce038cb7d074e8af1c0bf2","nonce":"7e45c21e20e869ae004921d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"1bf56cd9f4c7b2c1b27afe53741a9409ffdf3b7bb7a532a05cfecf9bf5e2c24f7e4bc2a1ee8ebcdb2134447418","nonce":"7e45c21e20e869ae004921d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"369b60cdf54b3b0c3b4ba46ddb75d9bb3270cf07212440351402785780205788bf020d434898e963367c7487f0","nonce":"7e45c21e20e869ae004921d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"0aa7084a42ea7520f756fdcce7f0ae3084db0b95d01530ae13c473f84a34846e5d4b902033813ab5eb34ab4111","nonce":"7e45c21e20e869ae004921d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"3482e21e1eb758d324e91a0a381929cb77be1a877c7a79321cd31822196745d99f7d072f670bfe2183cf9b460a","nonce":"7e45c21e20e869ae004921d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"6d2a6ee6ce24b2d61e875b6ff9254f3a8fa96c2751b7f7b64159f2c4922436b812e2f95d01479f35d43850ef7d","nonce":"7e45c21e20e869ae004921d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"521ba163b49af96074a7d46c5612277ef80c45bfe732530915369babd77b03ba6e34e08f16e6453673fa8fcf58","nonce":"7e45c21e20e869ae004921db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"e54f77289f0141098c40291c4a869353ea7e6d4e10a0d3bd201fbd3f38100685cad3934a27a4041f8a4fc4fbe8","nonce":"7e45c21e20e869ae004921da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"4493efd5b064d70381dd6b1a7f234fe7163261d9f01ed2ffa014a70c752a119d2762b038053772ebca1b2887b2","nonce":"7e45c21e20e869ae004921d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"b605625e343b109872594723277c0ffd7ea10b734544c1a602f739a9bcc7e8490533aaa3ab9931a9f4c8290591","nonce":"7e45c21e20e869ae004921d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"6289332203669ec5720bde812af01be48dc4f8267ad128a00fb717700a63bc413a7cd5188b6efd0bd0d5ebfd37","nonce":"7e45c21e20e869ae004921df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"1b9b42f548115bf3f6461eab0a0e182b37505dc1bdce78c90cc9309ef1b275ea4c1e1a0a5c9bdcf886a3437a05","nonce":"7e45c21e20e869ae004921de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"d59021eeaa9097ad7c5e8f58a455e1af31b2d6ce3787b9b5c5f38fb328b88c8c7f2a9f4ed53f40a3fdc0108f3b","nonce":"7e45c21e20e869ae004921dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"dd29319e08135c5f8401d6537a364e92172c0e3f095f3fd18923881d11c0a6839345dd0b54acd0edd8f8344792","nonce":"7e45c21e20e869ae004921dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"e2276ec5047bc4b6ed57d6da7da2fb47a77502f0a30f17d040247c73da336d722bc6c89adf68396a0912c6d152","nonce":"7e45c21e20e869ae00492023","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"56c4d6c1d3a46c70fd8f4ecda5d27c70886e348efb51bd5edeaa39ff6ce34389"},{"exporter_context":"00","L":32,"exported_value":"d2d3e48ed76832b6b3f28fa84be5f11f09533c0e3c71825a34fb0f1320891b51"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"eb0d312b6263995b4c7761e64b688c215ffd6043ff3bad2368c862784cbe6eff"}]},{"mode":0,"kem_id":16,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"c6638d8079a235ea4054885355a7caefee67151c6ff2a04f4ba26d099c3a8b02","ikmE":"3800bb050bb4882791fc6b2361d7adc2543e4e0abbac367cf00a0c4251844350","skRm":"62c3868357a464f8461d03aa0182c7cebcde841036aea7230ddc7339f1088346","skEm":"2f18b059576a0ec5a17121c0fe7ec8f00ea86f7b046fa3889ac8f21f89dbd484","pkRm":"046c6bb9e1976402c692fef72552f4aaeedd83a5e5079de3d7ae732da0f397b15921fb9c52c9866affc8e29c0271a35937023a9245982ec18bab1eb157cf16fc33","pkEm":"04d804370b7e24b94749eb1dc8df6d4d4a5d75f9effad01739ebcad5c54a40d57aaa8b4190fc124dbde2e4f1e1d1b012a3bc4038157dc29b55533a932306d8d38d","enc":"04d804370b7e24b94749eb1dc8df6d4d4a5d75f9effad01739ebcad5c54a40d57aaa8b4190fc124dbde2e4f1e1d1b012a3bc4038157dc29b55533a932306d8d38d","shared_secret":"7e5b6dd51bca56d4f30c95ff658af26c08eb0c073aa7180686cc4dbeabcb34f1","key_schedule_context":"00fbfdc9526168162fadfd17fe227356e9ffe3afbfc682ca8f7e2c2fa25fbc0879667157ef6a763236715d0cdfae0492d26fb4f02e2c8397d5fc765a529a167374","secret":"f0e51682347bc2d57dbc613ee6b2be6b0eeef155cb1d3e6ac09035981ac5d7ec","key":"","base_nonce":"","exporter_secret":"7c0347d69a219f33301056411e78672ae2d78698d10ee067f883ba266ef586a1","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"8cf837d5bf1994f0fac3ee1faa671d07e9a38b7f6153bdbb8a66b90159ef7d13"},{"exporter_context":"00","L":32,"exported_value":"3c7708f8ae1f510f4439fa514deb1c7ece7a29085a2e8270a84b6ad6481cc0b4"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"f53fb127f67dabf35b14fae14b53e6ce5c49e572f95eb4ef7a3b3cb9cd85f12b"}]},{"mode":1,"kem_id":16,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"a9a63cabea9ff10089a86cd8fba072c64986ffadb0886bfd2cbfdca9ad56a60d","ikmE":"a5da27efc1fd8936a871888bd44478ebe08d33775f26a470c0035749ba40bfaf","skRm":"1d36bb434a273601b8add26c53c542a3e7b66344ed0e819728b9563ddab249b7","skEm":"141a8815e1da9c0b7bb475ec35ff40e241b7e9b7b3bcbba00be4c76b9554e5a5","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"043c491a9ad8d09c6a5884ef51e1928e97b8912bd88ee2713f638b8c480117082a633fb2959724d7c9bae6307d9f54a73e956d37b4c5e7061007c2b1ddafaf2383","pkEm":"042ea16526086415dd0682e11f0a957afc945df48887cd83e452b0bccde946fa4f93da4ccd71900126b0f9edee7528c25764bc2fad0ece82a01bc9dc1a22840f9f","enc":"042ea16526086415dd0682e11f0a957afc945df48887cd83e452b0bccde946fa4f93da4ccd71900126b0f9edee7528c25764bc2fad0ece82a01bc9dc1a22840f9f","shared_secret":"f6d85dc06e13f02e460ecfc1b6fdbcce8c1517aa957ef423786493339292e2f2","key_schedule_context":"01cd407d8e0d2de20a1ec8593c390eca58ea35f4e769917ed679892bf590aeac8f667157ef6a763236715d0cdfae0492d26fb4f02e2c8397d5fc765a529a167374","secret":"35fc62ce97af597e2729817787c8893e6c6ab7d6ccfbbe8641e4e7a44aebaded","key":"","base_nonce":"","exporter_secret":"5a3109227dae2d50b0051b34c0a20e9006b3d8cfd8c8850e324149c8e8a3724c","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"e33c94dea4a1cd18069be0f1e1891b582faf6ceb10ff0ac059ae899d9d095a26"},{"exporter_context":"00","L":32,"exported_value":"9b0c515c0a96d8f7d7582b888c92ac4268e767f4ec789f3ff31b75fe1fbf7d95"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"8c5281532de02daf25208f7ffe2a377a8768ecb3dfdcc66d9c7de0087323d795"}]},{"mode":2,"kem_id":16,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"521087d8a3531509821cfa89075ce54174f7985f34f5925258d8214675fc7582","ikmS":"be70e75ab695dac0529105c881b432d66bfb394f808c7c72025095369b39ae99","ikmE":"62a90be4b3936c8b158e84c4fdaf5f0e2d15fa5c528fbf75cdad03d24dbb2d09","skRm":"df694582fd039a35940e0a1b3e97f4a1faaacf55ba9d6d838bfbe71affb98d17","skSm":"20208fa66d40cf87d737f292e0d11ca3b6c2314a704a313f652fa11f7ca53d2e","skEm":"09228047560804d1c9c99341d7e0921645fb5be1783568ceac4cbebdce86e975","pkRm":"0473d6a15efe09154aa0a21ed9f34723c055a9307f652a9fa2f43d16a3f633843e9381f76dafacb383da8c3a8b93d65df9b050db7e3931cfa5085545b993e48164","pkSm":"04730929f48619ac8544cf08d5a7a41e5a8964eb2dfa9cf76e37d357aef84fc6cc3f78040e8ab87ca436c2497bc042008d5bbe08fdc8664c261d623660b3a8ca67","pkEm":"0418ea35546b901f2cd712396d05763e79276e7e7393aacd9d244f00f42e7e634aa866c2043c1ed2a60108151838fa337ada8bae2049d4ece5e7d63cfffcdd3bfe","enc":"0418ea35546b901f2cd712396d05763e79276e7e7393aacd9d244f00f42e7e634aa866c2043c1ed2a60108151838fa337ada8bae2049d4ece5e7d63cfffcdd3bfe","shared_secret":"c843773058feb53d705fef07e7afc4a0c1c958f6453f36f3f72a2708d3194be4","key_schedule_context":"02fbfdc9526168162fadfd17fe227356e9ffe3afbfc682ca8f7e2c2fa25fbc0879667157ef6a763236715d0cdfae0492d26fb4f02e2c8397d5fc765a529a167374","secret":"f2b6b563daa68ab616565c0ef8ab3e2f976223f23b914fbc3a1af5417163e83d","key":"","base_nonce":"","exporter_secret":"c92e728e11b5ae7b9e9d4e6b44a461cd4226f7eef618aacf8c9b8755fe3e0bd6","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"0705caff521465ec01f7ca3e6e010d4598d90d9b523e6bd34a7fe73d73151a37"},{"exporter_context":"00","L":32,"exported_value":"d8ec855424e648177a882f90d2047b9111260cb94caf229adb31e34c0100b3ab"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"e495136695183e2d5476b3467fb7f8e3a67101722c5e19be8a4fd6c7088b7d5e"}]},{"mode":3,"kem_id":16,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"c885433aa71160645c997052d2f3473eaf973fb67d7a64f4832746a469268af0","ikmS":"ebc6ab837ebe4e75136eb6d56ac20c950174a7c871206f81fc640a5a9ac579ca","ikmE":"d99b3d6a1805e53d6ffe58b9d658012b52de80535096324150e1029d24b3388e","skRm":"f344668ae714bad57d489c330384449e1339ff112f69cac5b05a83ae858f9590","skSm":"843d5658565cbdb33065c5578383100e893651f5ae393bbab610bf14dadac145","skEm":"58993a8358a0ef9cae0199a244f02a2a5e3645edf6bfef043f0b615724adb7ee","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04aa734f1e1d8a3de7374341e7aa48d90492056eef68671309401cf74772ea3a80b2ae88be6d2091ae55142ac94ac45d83e487324b487c5488359cca9b865c3195","pkSm":"0484ba0e85e2954c0e030d53a2e90b4acaab51d62ea265175eb3d4d36239a7be426939cef3528657291225d53a137824b9d5ae7c62e12321d3c297f6fb81c6c345","pkEm":"044169d0160baa97d4f76452b19a7251fde47d770316cd7cbbad318f8834147242bc0ed137274f4659833bd98e41b3a0fa0dfbc33c4a73a49b5e84961d966e59b5","enc":"044169d0160baa97d4f76452b19a7251fde47d770316cd7cbbad318f8834147242bc0ed137274f4659833bd98e41b3a0fa0dfbc33c4a73a49b5e84961d966e59b5","shared_secret":"d2b5a234c0ed5d55dc161273f07bca6ac9e24ec69f323b069b4f5c65356260ce","key_schedule_context":"03cd407d8e0d2de20a1ec8593c390eca58ea35f4e769917ed679892bf590aeac8f667157ef6a763236715d0cdfae0492d26fb4f02e2c8397d5fc765a529a167374","secret":"1cbc1d48692670d4dcd5f679908ffd3d87d639c50104f29a9a96e6c78c8fbbc5","key":"","base_nonce":"","exporter_secret":"1861d2c4a8db612a270bb943f40b53e1aeb9731d13441beaddc24c78c84f9625","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"02bc0cfa09df14ceafbe5270957a3042234965c3feb13b44611266961ca101d8"},{"exporter_context":"00","L":32,"exported_value":"90f4b0d169ec53aaaa267758fa6b84f5e67494b0837947dc167fa8f4a62e5617"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"08101fa712a67b24e23952393263870e853a44f6883693e2124bb5f16a9b3bb1"}]},{"mode":0,"kem_id":16,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"ea9ff7cc5b2705b188841c7ace169290ff312a9cb31467784ca92d7a2e6e1be8","ikmE":"4ab11a9dd78c39668f7038f921ffc0993b368171d3ddde8031501ee1e08c4c9a","skRm":"3ac8530ad1b01885960fab38cf3cdc4f7aef121eaa239f222623614b4079fb38","skEm":"2292bf14bb6e15b8c81a0f45b7a6e93e32d830e48cca702e0affcfb4d07e1b5c","pkRm":"04085aa5b665dc3826f9650ccbcc471be268c8ada866422f739e2d531d4a8818a9466bc6b449357096232919ec4fe9070ccbac4aac30f4a1a53efcf7af90610edd","pkEm":"0493ed86735bdfb978cc055c98b45695ad7ce61ce748f4dd63c525a3b8d53a15565c6897888070070c1579db1f86aaa56deb8297e64db7e8924e72866f9a472580","enc":"0493ed86735bdfb978cc055c98b45695ad7ce61ce748f4dd63c525a3b8d53a15565c6897888070070c1579db1f86aaa56deb8297e64db7e8924e72866f9a472580","shared_secret":"02f584736390fc93f5b4ad039826a3fa08e9911bd1215a3db8e8791ba533cafd","key_schedule_context":"005b8a3617af7789ee716e7911c7e77f84cdc4cc46e60fb7e19e4059f9aeadc00585e26874d1ddde76e551a7679cd47168c466f6e1f705cc9374c192778a34fcd5ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea4891c9a2a87a4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1252ef4f9","secret":"0c7acdab61693f936c4c1256c78e7be30eebfe466812f9cc49f0b58dc970328dfc03ea359be0250a471b1635a193d2dfa8cb23c90aa2e25025b892a725353eeb","key":"090ca96e5f8aa02b69fac360da50ddf9","base_nonce":"9c995e621bf9a20c5ca45546","exporter_secret":"4a7abb2ac43e6553f129b2c5750a7e82d149a76ed56dc342d7bca61e26d494f4855dff0d0165f27ce57756f7f16baca006539bb8e4518987ba610480ac03efa8","encryptions":[{"aad":"436f756e742d30","ct":"d3cf4984931484a080f74c1bb2a6782700dc1fef9abe8442e44a6f09044c88907200b332003543754eb51917ba","nonce":"9c995e621bf9a20c5ca45546","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"d14414555a47269dfead9fbf26abb303365e40709a4ed16eaefe1f2070f1ddeb1bdd94d9e41186f124e0acc62d","nonce":"9c995e621bf9a20c5ca45547","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"9bba136cade5c4069707ba91a61932e2cbedda2d9c7bdc33515aa01dd0e0f7e9d3579bf4016dec37da4aafa800","nonce":"9c995e621bf9a20c5ca45544","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"18c6cfc4774fe77772f8ee33c306ac2fc1ef08caaa5685eadd41ba8f7aa0160204f3b03bba4523bceb214b3bfd","nonce":"9c995e621bf9a20c5ca45545","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"a531c0655342be013bf32112951f8df1da643602f1866749519f5dcb09cc68432579de305a77e6864e862a7600","nonce":"9c995e621bf9a20c5ca45542","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"2660b0ee66085c19c22408f5451edccd30a3cac410f77c7438c6f5356557d9fecb4c3a77aa10543026caf54459","nonce":"9c995e621bf9a20c5ca45543","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"a4a4e75ca4dccf8ff358987972d5d61d94523788f3283bad126b8841ec70f909cbf869e99856648d5f61de1d64","nonce":"9c995e621bf9a20c5ca45540","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"c8e6eace4e1dbfefd2d63d1bdb40c32cb9b12f39571b568942cee6f1869350d7a6f6e669ab38ada63735c1e5ad","nonce":"9c995e621bf9a20c5ca45541","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"aa8b1639860206b64b948fc1b1766129352d00013f8d21f4adac60a18af63bb3b99f854610424d2f7088058ee9","nonce":"9c995e621bf9a20c5ca4554e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"47c4c93b8182b853071249378f1d52a571d0bcccb13901ac967c8e015fabbee2c485e9b436eac93c06def0a39b","nonce":"9c995e621bf9a20c5ca4554f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"36d7531d5025ca5360822ab3f4925dc403da0983616cea7335e0763d38f797b8f2804e94382fe4776415d574bb","nonce":"9c995e621bf9a20c5ca4554c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"4ec52a444b9084af1e0111b847f5add7137c644e78bd7a93c64f089dfbf3152f89e0310a18f903cf04888eafa4","nonce":"9c995e621bf9a20c5ca4554d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"d7bcb9a8253dd95afe8bf418052885eab160f25e5648dc37e1dc396bd5680d91a177142980984b87ebcbac792a","nonce":"9c995e621bf9a20c5ca4554a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"64be0f65d6ab2d7e0e9547f0c68da6320fb8f69b3f1e8d0c5f57324d4ebc38c4129f6c0fb0daf3d2422a66a828","nonce":"9c995e621bf9a20c5ca4554b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"1b390ea5df4e1c745d7b3ba1b8c52ba1e3f50d64e133a491468fadb081d23f0b169698d884d206e872c6234381","nonce":"9c995e621bf9a20c5ca45548","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"65d96fe4aab750ed2ae8e768a1794438d1f376928be8eed2557c8f47b88978cb2c762732ebc2a177057ee3a37e","nonce":"9c995e621bf9a20c5ca45549","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"4fddc84f6e05b715654bd06cfc203cce50ba3a03b63746ca5fb195e6769f1bdfe56194abca5f5f1366a8e50db5","nonce":"9c995e621bf9a20c5ca45556","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"dd9a213156fced81e53fcb94b6c4984a995e7c29c6df27ba8bf075cfb21a0a566e43b5f2c25e5c4897833f90aa","nonce":"9c995e621bf9a20c5ca45557","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"928c64e98c4cfd3a19f744c782176e56ff2e915fae78cfd9f78240b773df9bba3aef7ba68b854bac1d33d9d29e","nonce":"9c995e621bf9a20c5ca45554","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"abdb0a20a8b43aa6a74ee966170af17b5d1057e57addc9d2aaabad140265d7d8b37076a542e2c50f61f52e2133","nonce":"9c995e621bf9a20c5ca45555","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"796b56f152edf1a04b770eeb352a567944d5b99eb1b22c84902b8092a320b74ca8dc156d4347b2fba3dd897724","nonce":"9c995e621bf9a20c5ca45552","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"5dc6fbeaf7f2e9e38df9f96665860437633813dc79c7eeabf87f8f95294fdb463f4709c4e85c3100b80c85c66a","nonce":"9c995e621bf9a20c5ca45553","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"7279b5c9ab1d0abac031a8a8852a6d8d5762c4110970e70c6abfef9cf209a2329f120ad05331428ed172eb9c3c","nonce":"9c995e621bf9a20c5ca45550","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"3f3ea2d367bdf8823af6ad32f437fda1a4a592e4d6e4cea61f58af6ccb8cc782ae95a38d030ccf57bd5fe1fa23","nonce":"9c995e621bf9a20c5ca45551","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"9caa688b9ecdeaa9195003a949ef3b74de30b8e9eca0988df156d7bbfa1bb3a6c882436a215405c47ef899dc51","nonce":"9c995e621bf9a20c5ca4555e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"e16b60909947d9dfff5e77d1d2cd6832ac9f45107d96d6d6db8ecf80cd7bb0764506c148a851927a055783c2ff","nonce":"9c995e621bf9a20c5ca4555f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"c8e05fbf2c82f3db5d0324c84331fc8cb9f16524d51ddde6eac6b7f168cc804bc989b14c32da2300f72923c5bc","nonce":"9c995e621bf9a20c5ca4555c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"063d4751b92c254769271fb4858efd3fbeeca29d538b5bfe100eedad29a19539be1605dd604c83fc3e0d010ef8","nonce":"9c995e621bf9a20c5ca4555d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"6a2a130b09ee92d45620a7212a89923856e8d5fc724379ff21301620419a65a9d64fcdbb025380cfa620ad9c67","nonce":"9c995e621bf9a20c5ca4555a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"ca148bb9c5ba2c18ad6a39b8f5769f691f55a9cc8356f06e5dfb4ef2f27d828898a854bc226a2400f54e12f466","nonce":"9c995e621bf9a20c5ca4555b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"74cc774e9461f0f041140c32dc39e248628b7d647922dea4be0bd4776b9149f5c0cb466a704e529492782fb5a7","nonce":"9c995e621bf9a20c5ca45558","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"cd6c7edd8d0c91d8f30c778ab35073eb8276b648cdfc50338548c6244dab252400b113fabd1d69d49f35faedc9","nonce":"9c995e621bf9a20c5ca45559","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"b6b5080e9d5c3b3535059bd909c9b37b8f27a4385cac243f573c979f22d87d51ed3bf94e22d459002a41e710c9","nonce":"9c995e621bf9a20c5ca45566","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"ff6d2a26fa6ca6e10cec6fc002ffe64b287d7bd5ca2ede28cc6d7eaed5ca4d50ec23d2cc4d16bd05ee00080422","nonce":"9c995e621bf9a20c5ca45567","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"f1cef4426655966a177835b4200fcf89534195d84af83e613234a9100f0b0e8a4b4b4679045fd465a92df8f6ae","nonce":"9c995e621bf9a20c5ca45564","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"f8abb2496bdb10c073567f1c5e192e0427c6a7509a560738995e099db9798204a4d458c9dda1b64f4b5f1bd21f","nonce":"9c995e621bf9a20c5ca45565","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"3846ce0c76936c59664b27347d2354f59f0128a2bcf1aaaf19eaf9afd42e5e6678c4a56422cc1fcf7b27f6b09c","nonce":"9c995e621bf9a20c5ca45562","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"da8be0729cf6c4bbd5719dd60ec4e4f9014cfb4602461115bcfac9d6d47313d2f05b58997c373a37ba06fe7a36","nonce":"9c995e621bf9a20c5ca45563","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"4ea2e1bfc20c5f36e810ef7f978c3009072dc1c2a35c901c16b73423b4f4701ebcb881d5238da43306a18fff76","nonce":"9c995e621bf9a20c5ca45560","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"abaa94a87821990faa1bd6dd962c630e663a76b61157798654dd8c4742a2a5df9c919b4e10209661806cec86b0","nonce":"9c995e621bf9a20c5ca45561","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"83c859a6aa6a4003ae525ce79d7ea6c0b6e52bd7d3fdb2944eeb1385f480191f9c1edbcd6c1990d0b4d8c3bbc8","nonce":"9c995e621bf9a20c5ca4556e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"cc192c672741beabffefaa647e7daa067592286f6b4351b5a4cf8eca21fcbddbfff0c66e94a2c798e2c4496349","nonce":"9c995e621bf9a20c5ca4556f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"c47fda8e04fa1ed91a334ef9b6b2b8e98c46e83538e1cec468742d6ba67c506577b28d28e65bc7682c894eb84b","nonce":"9c995e621bf9a20c5ca4556c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"0f900dc2dae16bc1a9ea0829784faabbe207b5d98173312ae3f99dccb8024c90d14ab9cffc8f1d504a62e65663","nonce":"9c995e621bf9a20c5ca4556d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"ee3f90e8b091e5284cf50ed766fe5a65ce6511e6c9586bde33ddf937891bb3bdae95cf23601a345c2b31ed9373","nonce":"9c995e621bf9a20c5ca4556a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"f1b408657f9058fb7e7718695b445a46ff2b265ab9b2a5e097f0b1f10cb616f4d9332d2c3a219160b0396824e4","nonce":"9c995e621bf9a20c5ca4556b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"204f7d24826a8f57ea5d8d635781e7aa3ba221019c1c491991f3e807be68ff5c39e431e195e1eba7d61db2bb95","nonce":"9c995e621bf9a20c5ca45568","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"d869f74e1f9a7793335127c9ab5c89acb7b8e57749c086e68537b485d91fb6ddfc6041426583b9cbdb32876f53","nonce":"9c995e621bf9a20c5ca45569","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"57b0b951dd90ed0b2cfee72700ad8da696d6737172dcbbf1f923082ed89d899bd4c37226f001d5e9b7e4748254","nonce":"9c995e621bf9a20c5ca45576","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"f1722ae5410e4ba8e0bbcd03c00e6ba1d7591c3f499b750e3428a1e98f6ea053bb862cd860efb2df25340bb3b6","nonce":"9c995e621bf9a20c5ca45577","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"2cc16595aed115d2052e6ac4f97da5556f17c6bef9ebd584af134b2802684f1ace6df534cc29aef3886457dd53","nonce":"9c995e621bf9a20c5ca45574","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"9fc900fb41e4df8ae8519c5f97bbc5895ca36bea5c3b2c1e441e08fd52a0c81dd2e4d759e7a8911a70c2a403be","nonce":"9c995e621bf9a20c5ca45575","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"c23dd1ad4a2e3a48258bf99c320794dbc657c7a8d9975ea37606cad38880eadc5b260f53be832e5320b4ebd113","nonce":"9c995e621bf9a20c5ca45572","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"64d7fc95d69bac608d75164f503abc5886803d99537d0d358937eb9e1ac90d8fca1d3851bc571069f2a5781e2f","nonce":"9c995e621bf9a20c5ca45573","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"abecc138cabde901a5868b7b0bf7ec766351d1e3e51c614bfcf0732e40ab09310cab0ec3831b588e8d1e56f395","nonce":"9c995e621bf9a20c5ca45570","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"f62da97ee7ad9df4c8701fc2792161f60adea86f3294697a6583858946747d28c96bdee3656e5b71ba92cccc76","nonce":"9c995e621bf9a20c5ca45571","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"b7e9f27ddc2d970bfbb8a07b630b1db93fefb0268886b63bf3d612a77405b498132d104816c484ca258d78be27","nonce":"9c995e621bf9a20c5ca4557e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"20dcd4027e79971fadbeb37e0cc24cbe94d56e24b5551eef321ee1a1ae9c9cf7885e09fbdd984e7551843d16c5","nonce":"9c995e621bf9a20c5ca4557f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"398d6bb11a962a2ea3428d978c065911fee5a307dfbfefc5ed6d4056f23f188a8e673a778f9eb22e2599d18afc","nonce":"9c995e621bf9a20c5ca4557c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"c2fb15b482e1a53bf26aa36067784c038018d295819836bd5a1e7a1dcb9e538b6b012bb14220127ac3f25f8b0a","nonce":"9c995e621bf9a20c5ca4557d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"3321b4ad73878bce0c02c598c59aff5f6089e83eb42691487242753dafdaffc4f8b16821d1580b8cfb8d901841","nonce":"9c995e621bf9a20c5ca4557a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"cf98cedb8643f8eaed03b0945cc36d704b780f4fa02d25a2ccebb12fe37edaeaec7237d4ab4ad513572c847c16","nonce":"9c995e621bf9a20c5ca4557b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"e18a2d9aed92621cef82d1c6002aedc41c03292e8984ef4c921c37cb2847579a627a6c5a8d167bb74fb54327b8","nonce":"9c995e621bf9a20c5ca45578","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"dcfb83d7a4b3d9842dac5c0057fe8f03ed76c08463d4ef2e48b971d133f38822a28fab3b923a6336f223aa7615","nonce":"9c995e621bf9a20c5ca45579","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"c3467959d6c53681d9e4daa56d17c529724ae1daacc5ca50a7f474002582a590ad94bee0f624d39dd3ecb2cba7","nonce":"9c995e621bf9a20c5ca45506","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"de505f840b15f8eb7876b1968f5936d13ee1acfb8da945637322c61901336bf974eb7a314b42184ee5ca9a1313","nonce":"9c995e621bf9a20c5ca45507","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"20af79293bee1a95c0781a801e4553b614b4bf0f8456f4ecb5fb9c1f983b1b8925187a3b6b1e9c9d88a121019a","nonce":"9c995e621bf9a20c5ca45504","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"d90b3feab50fd7368ebb3cd42ff36bd077c9545c23108bedfa0bdce4ce04e4477f5934e056e12cea422ebdd5b5","nonce":"9c995e621bf9a20c5ca45505","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"e83e2969e2b895bd039afe1ecd467e30f99e1c7533ee1f74b181f3e6690a7e7d7f4e5aa9a1f6a605b928855b03","nonce":"9c995e621bf9a20c5ca45502","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"2ba1a011e196edd712cd02f68a361d7c3e02e8e308db7de31b1266c82f9e4f5c9828e051e00dd31982b333e7dc","nonce":"9c995e621bf9a20c5ca45503","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"9c820887a820362060b3d0a470b427473592e1eee7f4d5d79859f794206f022f3aa57eb9d812fc9132cb5fc0b4","nonce":"9c995e621bf9a20c5ca45500","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"30f6587b40acaa994bcef6318342626a63791ee8ba78563f95e01e5ccf8ccc7340514e3c8142ae8bcba8e64766","nonce":"9c995e621bf9a20c5ca45501","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"a1ee731a5c8e37baf5ccdb37ddcba243d8ecb7ea40b62f4ba3b3fcae5ad6029297ef7c8822dd286ba1892cdf6c","nonce":"9c995e621bf9a20c5ca4550e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"8c48f4a0e8d3d6cd2d443d19273495ae724c2b79799422300bca9a2089eb5b060a70abe79330d20eac49840ea6","nonce":"9c995e621bf9a20c5ca4550f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"cdd681dd47bdfba2465736cb878d6323214432843d42fc291cae3f802c3b5b9a1b2a33ca46b56b9c2d31b936f2","nonce":"9c995e621bf9a20c5ca4550c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"05752ebd6f8c9ab8fab3ced888650da8b360071d7d770e7740e83963829d2ae5fbd015a4d212b8d734407ac5ea","nonce":"9c995e621bf9a20c5ca4550d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"834597520b66fa541d0f982a5f976be6b6f0255c6df15fdefe2402319d6538f5b37fe6584e34ca40ed6345b6cb","nonce":"9c995e621bf9a20c5ca4550a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"c1547f3c16f06fbe6822d7a9c29a34e28aef69df801ea540d896be2f47258ea32afab1b23898a47d6bc4d1ea2c","nonce":"9c995e621bf9a20c5ca4550b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"6a8951b5798fd094d5fca7893df87ced5da7873cf7370bd12454b7f8ec17ecf120a99707f65b7278983fdff435","nonce":"9c995e621bf9a20c5ca45508","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"ce5b52b24a9306fce0d6d4211ac9e51a44010f01991c5550834121974bc6144aa522433c30891c1a3df25bab4b","nonce":"9c995e621bf9a20c5ca45509","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"c7f6633400403b3f3e74ec23c5f0a0404c885c25f00d3852c34dd89e3f1bed3837506c9bd41d4d11459f1f48fd","nonce":"9c995e621bf9a20c5ca45516","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"9510c21b8fa5e6834d6abf134b8b32bb71f60853fabba95e74ce71b884491b668cd70b316cdc20927c23b475a4","nonce":"9c995e621bf9a20c5ca45517","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"0ddde1feb81f3989de53ff14269551a5fd9878a6e73852d175e7c65f1722431101c16868f4626ac4a3675c900f","nonce":"9c995e621bf9a20c5ca45514","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"f68266a20fa08a6fcfe59789e00072cf9d7988bf9546e4b838ed0225cf21981728cba151d02fe6ced68cb15f23","nonce":"9c995e621bf9a20c5ca45515","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"56712a85f31b54ff0070b8a68d76d1483e7354dca80c5649370958035fc031085cdbc2e3ac555b26dfc8c424ef","nonce":"9c995e621bf9a20c5ca45512","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"f53455517c08f3863a7a09f4b706f33dcccf0503b2a29f1f6e9a4e66343bde5fde0d02b488620b1178b90c7c63","nonce":"9c995e621bf9a20c5ca45513","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"0df5c021b802e9872d5db7ca1ea7d65306fa546f4ea49a52d63a6119c115cdb5c14ed7fe2f39510375884890c3","nonce":"9c995e621bf9a20c5ca45510","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"a77ab6f5ab82bf17564d4c534ebedb1bbdcf058cdf0703b7bcec299cdc4f42857f0fb1c64cac38f6c0a65254f6","nonce":"9c995e621bf9a20c5ca45511","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"d949d456bd11c45f4ca2eb2a1d0cdfb6ad8220f906c823634710d669f36e54a0e40f95945d9494feadc4597bea","nonce":"9c995e621bf9a20c5ca4551e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"69ba7e44034fe3735b8dbd11a2e87d5bfbdae2626e96f15e7b2d94ccbb7fb45f8061feb653636d4accc8fa196b","nonce":"9c995e621bf9a20c5ca4551f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"87f5a1bd4aedd49b4b53f8c4e2fd5531b77fa82d6d803b7f9de86eaaec6a949c71ea3b884919989c1da194168d","nonce":"9c995e621bf9a20c5ca4551c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"757ad4c71362972b31caa848d2544f665d8a6c218426810b29bd4aca2b11e45c71615818f7b25c2394263d9c30","nonce":"9c995e621bf9a20c5ca4551d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"5fb17b968286a11a4b28845b2c4aa761d01a2d5402aa2673e8c81e4c9e9246a4b458b3d3b150f148ce061449a2","nonce":"9c995e621bf9a20c5ca4551a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"cebb97773cd3aad382e1e992022eb70bf656d482dd05877c5e2a3fcf1b40c57181dde994e76a9279580c40a190","nonce":"9c995e621bf9a20c5ca4551b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"8e6d3eb4b432144d62eb51e66ea1c1b95d8f7b883e5af49c5de97f24b3afc12472e8298d3a1b2a238c3ab9365b","nonce":"9c995e621bf9a20c5ca45518","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"47d0f0d5e0678c0999c3db1a1338cec991bde5fda51d08e53782d2b6428e434e5261085df90b2a2391c73230c2","nonce":"9c995e621bf9a20c5ca45519","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"b522ef8298bed9d980c1dae4ba9f33fd178adbfa40a353ea3381ed396630a2bfe093f57617b49ed9bbf0efe333","nonce":"9c995e621bf9a20c5ca45526","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"1b9079a342472158eca0d82df8f3e496d4feb9cd4064a646086547275125eb844b3d5791ee2eadc412b4c52af4","nonce":"9c995e621bf9a20c5ca45527","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"50b88f5dce14ea86654300d699fc8255007dc2740c5b5ae7d929751962ec2a63716a527e6093477fd328d4518c","nonce":"9c995e621bf9a20c5ca45524","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"b8568c9c7cc0d635c70c47025f0faf71327a0f501c317318379d7d8345d28cc42f4c6606a6b171c2a7b265801a","nonce":"9c995e621bf9a20c5ca45525","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"dcdb4e25e90683dd3e10bf9c4706f2cbb0c6376090b9664fa926974af6755f7376be7a59c1eef7ae367fdc8da9","nonce":"9c995e621bf9a20c5ca45522","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"3622b29569fea458e5b37028c808f5bc89de5222b4fea3898e880284cbaa11aa2410d4c9243d5446a3cf03cf37","nonce":"9c995e621bf9a20c5ca45523","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"ee4179cfb892cb0be7a5277e0d5e4e5918df80655d2ae13f6da45fdbfd3279d02c6b67a8a22ad708f24adee5ad","nonce":"9c995e621bf9a20c5ca45520","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"ae986a43ad9f229291ec76394cc12bd58ff460d47dd473be7a4632f4b9d8f3301cdefc5f73a1b089e899b36c83","nonce":"9c995e621bf9a20c5ca45521","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"7a77cc3516dff32ba315bdaebd8baaeb438bc93c43d8b4c46c682682cbe25fc3354210016d669d34dfa24119f3","nonce":"9c995e621bf9a20c5ca4552e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"60a5650c4ef0649cd467e9298ced4b382dba04c3526805082d9481c2d9172c3200142389ad2c429afa0f5acb4b","nonce":"9c995e621bf9a20c5ca4552f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"2b922f977c90e4b99f9043e178d7f6a37e8801904dda932c432137e754b3505c6a4dd21ff83afa77ea66f5d7bd","nonce":"9c995e621bf9a20c5ca4552c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"bbb5a2eff2c8b1da4cb659326768ccba0d1197728dd3aac364deaf39a2e4c231f832f2814990e849a3e732c02e","nonce":"9c995e621bf9a20c5ca4552d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"0a497a11d29c928eccd69cc672f401cec4b6c472e738a27892ea6f20cfe7e4a54eb708e407cadf4dbca7928070","nonce":"9c995e621bf9a20c5ca4552a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"fb68ca9888f6379ddd0a64771e50ad6a8821cb5bb506900374acadcbb69ab3c1361b434f82ccea2505f7538d8b","nonce":"9c995e621bf9a20c5ca4552b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"ecc56be742bcfb7bb813f860f8a3f3ea95a552171763c5eb489aaccc05c65daab5965e680701ab908b7b1714dc","nonce":"9c995e621bf9a20c5ca45528","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"3dab561ae84fd4734cd732f49f8e5132fa144196dc46aae8223ff6767433ae527d3b40f4f5a0de661b0acd7d04","nonce":"9c995e621bf9a20c5ca45529","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"a3caf9bdcba28c9417b5f62babf99866181d28805330aeeffabbabd7b44dac40b0d288e6ee0f9d3c92e1ddb718","nonce":"9c995e621bf9a20c5ca45536","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"900c4f93ba7f79895439e0dc878d759d37e7ffabe65b1dc67743c73708e65805907c33791540a87f279884b344","nonce":"9c995e621bf9a20c5ca45537","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"9bf4aa29c012ad7d1e582766f3d1aa0a1e25b4bd9bc66f1ff4e9bd21fb5a02a29d69634d0ae8200e05bc00eb2d","nonce":"9c995e621bf9a20c5ca45534","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"7abefc6a34c84a42acc20a505c0c49b32ec1b68d0db56e98a21e1898f6700caaff4b5b96f70b71d6a150dc3e76","nonce":"9c995e621bf9a20c5ca45535","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"8b2ed08f6ea885b411fa6c2f6392af805211e72d422c8c7c92e7f0bcc8ae9c5f9e2ea0058861addfa1810da419","nonce":"9c995e621bf9a20c5ca45532","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"18713f6aaf41afe6b6f4b1407d09144a153a80a4bfda8fb648f58760e95d8fe298bd406fb9b4e6c2d38dcade8d","nonce":"9c995e621bf9a20c5ca45533","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"78c1aecfe4d2ba11e6c2a941b3e8d7f98d1aacbb9b5ef4e8ee574e575530a365e751ea24aecf1d007af7e632e5","nonce":"9c995e621bf9a20c5ca45530","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"2e716e5acf697f39d53c2c0051ca5c61c56f0fccd82a464716083a5d7748b363aa46a7cbebdec375d9bdb780c1","nonce":"9c995e621bf9a20c5ca45531","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"1fea2940150de67569a7b5a8ef53d8f06d04e8d3e9e76348189c9b77b1dbffc9663062294193a2ee3ef3cf06a8","nonce":"9c995e621bf9a20c5ca4553e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"ebaf8c320bbd6c09ce385ac4eeb9d00c6ac51f6ce93b5525dfb235dcf0d3de7a9e293311ff309c33943ff849e7","nonce":"9c995e621bf9a20c5ca4553f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"b55be430a6823302157bfd45d4ff8111289d56b55558b0984de525d1a2a7662b8c2fdf208561a77f5716d438a8","nonce":"9c995e621bf9a20c5ca4553c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"0da85edefdc0596d043fdcc929b6c58b7d421ae76327cad895173bae289af6fed1067363db5340860c95500a26","nonce":"9c995e621bf9a20c5ca4553d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"75ce903c7a6dff622c7e8ab53a5c506eee368e498856961bcfb5c5ffddd4e04484a84c2158f4e88fad21626461","nonce":"9c995e621bf9a20c5ca4553a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"ab929900abef57c6f19ebe1ab4c3cf6b747952b43b5df86e30213ca052d63c915bc6e3e59ead96e0465ac8e95a","nonce":"9c995e621bf9a20c5ca4553b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"1d721aa0e2125e90803d8f6813fc5bafabee3f283986010a0d0acecae0773ad7ac5f4f7a41d70cb16f65e5318a","nonce":"9c995e621bf9a20c5ca45538","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"83730f31a2a6f80f57b6ebd06a022ab852fe218adabc89a0a766e2e15d7a4fde5bf080c40ef5a4bfaf98acdda2","nonce":"9c995e621bf9a20c5ca45539","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"6fe2569210a2169d27530624b2be6f99c42fce45147c85e028b5036c71435815fb715f056cf9b050d30e52275e","nonce":"9c995e621bf9a20c5ca455c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"c235044da78ca714f3c77235c45013d29b5c792fbd9b726106cd1c38fa69b542df16d68ea23fc60b703b922a9e","nonce":"9c995e621bf9a20c5ca455c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"9ef66e70ae328d52994833d8bf3e092a5a80d30eed018865dc2412db7cbd0e2c4f6ece3dd36b2aac0d6295b81e","nonce":"9c995e621bf9a20c5ca455c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"58bd95119f5ab0637997b23ba261288b8ff17693513694a3afea66894f6e0839b081445e315247eef594ae6586","nonce":"9c995e621bf9a20c5ca455c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"88dc73996f257facdb3d53426204744e22d3e94963c794e0c840772f32185be94cc2137a12bb5df2bdf939b450","nonce":"9c995e621bf9a20c5ca455c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"6a4e4a470783af59c4b0bb02b9276e6c73ad912c36cabd833594f15d0c45e517219cb4b9d3d1bc00a2143567b1","nonce":"9c995e621bf9a20c5ca455c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"545f61e246e93b47f44de891934c69ffc04942901c73e3d5fe72542c763284b5fe07e1c00b6fdfe8ac8eb64efb","nonce":"9c995e621bf9a20c5ca455c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"222c98d33c31dce69aa158bb95b6907346ce7898f0585f1ec9e9c49753f940ec97ad4f8c2bb1a398499d97efc6","nonce":"9c995e621bf9a20c5ca455c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"070f6cd209603cb42a11c0f485ac74323799c2bc3bcc324c39b0761b5b1ecda5419d039b09aa0497511b298ffb","nonce":"9c995e621bf9a20c5ca455ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"7f556fcc3183aa8d1c33347560ad389d011f981c4b6e27e2b52823f6b262c4033a1dca5ae12fb39ba93748138e","nonce":"9c995e621bf9a20c5ca455cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"5ce534f6249869751345bbeae04dee3f1abc2b09aadb05b920220393ed0496d2a3c3dfc7eda4dabfbddd113f74","nonce":"9c995e621bf9a20c5ca455cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"2950e05d22df170045e0f640c4802a3dc36a8bbdf4abceee99fb11ca511d91fc4bcd131e1b7f73e561136b9764","nonce":"9c995e621bf9a20c5ca455cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"2c3a454f9302d9a01c03011575504afe2bb5bfb9db9a3408f04d7bcd0bed07974407d2a1bb88b014201300a6dd","nonce":"9c995e621bf9a20c5ca455ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"5a5f62abe67938aad18936432aa0ce75afcfe2320f46ac116927840bb88a6f33303d7d1349d74a72c75a1e3a50","nonce":"9c995e621bf9a20c5ca455cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"ea94619c0beec495ba630c1b66f1b0e8482aac4c75e79315cbf3cd37ff931fbffbcb2f8ef8dd3c4ffd8ab11084","nonce":"9c995e621bf9a20c5ca455c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"236290d6aa327877fc24ee50ccb969e38502a58a21c5468b00088a8a0235b725084197409765b619c7f40d1c41","nonce":"9c995e621bf9a20c5ca455c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"bc5fa84a7c967e970efe61120d7c833bb5897c7bd0ed1877ea45bce5956380942e9c8e8f3ad4baaf3924839c17","nonce":"9c995e621bf9a20c5ca455d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"d37a98299b4b894c628ab3977560ff40f7d947fec0cc7dd2213950f381eda68f705d6057450207e2301608d9e1","nonce":"9c995e621bf9a20c5ca455d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"385f1bbd0e6912d87d3bace94e06171b22082254ad39a9ec8af3a19e5089da7248b8f8558cbd8903f137499275","nonce":"9c995e621bf9a20c5ca455d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"3dccb2e8eb8af4eb1378c2a4a35284f0f3a52581523fd253aa186c5a0abcbe9d403a66db1f477035edd600a777","nonce":"9c995e621bf9a20c5ca455d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"ff744848838f062796650035119a20e999ada1bb4cefa280f5b37c30f63ffc1c03f80f9f71fb816a0e84eb7270","nonce":"9c995e621bf9a20c5ca455d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"5fa5ca892a96cf36536eed798adbceeae7a427b7fe993fc2b7fd0b1b9ef903661166a0acc10f6554c9b23169b1","nonce":"9c995e621bf9a20c5ca455d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"80337994be8676ca3dafc7441257a9f69a0ffa2fd3c413398bed0d047db13a0605a6f0aad1ab1b2d93846f055f","nonce":"9c995e621bf9a20c5ca455d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"1a995481db3d944a989d5c83c24963154201c9807b4fb19be8c589e0c2cac0f5cffef8ca3701bdbccbf0f72dcb","nonce":"9c995e621bf9a20c5ca455d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"1aa0734f42917663aa61aa619e7816c7c53ccb33ba4bbbdce29ae23e100cfe5aa90c8d617b7b3a2a57506f1260","nonce":"9c995e621bf9a20c5ca455de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"5a656f3413f800f74a69b31b868930472e75918d9bee618b2a65b12a8f928eaf8c04ba8f6d8e2da92ae25d0014","nonce":"9c995e621bf9a20c5ca455df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"bdc2cfc8735579dc2b263059cd0379504689fe1e7541aefb17dd38a563ef9bcad2d7dfa1d706c139184464ef3a","nonce":"9c995e621bf9a20c5ca455dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"96d0ecbbfa644354421ec980c68999772280c684f7dc9050b4415d938d5d75e56114e7303adbcfea48137d3e98","nonce":"9c995e621bf9a20c5ca455dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"c8764d24a981457e3a9894e8861de6da4a71f9fd53c2bdab71980565b32c9888a503def39d3ba955e43de5d8c6","nonce":"9c995e621bf9a20c5ca455da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"49ff6bb0ce0961618be6652f2dae530e31eaa384aff4d22685475df58cfa5e23623bb6448f2b53b205b5858ed7","nonce":"9c995e621bf9a20c5ca455db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"6dac8ea9ea2eb857cf625bfc33212615b4ca4617aceca729d4aa12deead7972d4ef8475c45c9452aa602c9f067","nonce":"9c995e621bf9a20c5ca455d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"14ebfb2d53dfbb75cd954a033eae8ff0160858a08c00deeb58eea3ea868714caa147d0dde90fb14dc6d718c73a","nonce":"9c995e621bf9a20c5ca455d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"d0e1483bd6aa42503739239fabf20f3ca6ffb2bbde9bc699b5ac7205d8645a1dcd193a078d3594e46ec1c8cff9","nonce":"9c995e621bf9a20c5ca455e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"babc8bcdacae0555835aefff64e5c6698fb6612e08777911028550fa098146b98b565fef3c56d1ab9da3d26aec","nonce":"9c995e621bf9a20c5ca455e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"0cb9f7f5c7126b65b4ac5cf9f469cbffdc49162a7d6bdf82529328c5c2e1cdaa727e2bede43a6374eec303d1bc","nonce":"9c995e621bf9a20c5ca455e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"5411b5407d17da0331962dfe76bc2160f29504cda812230f33aaff85a194c245bc13734063e75f89ce85bfb8cc","nonce":"9c995e621bf9a20c5ca455e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"7785289736095624fede7f23adba844d585faf0c2a007fdbe0d203238eeb7b717eb8ba7d14f975f7d84ebcbcc0","nonce":"9c995e621bf9a20c5ca455e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"a56c506ba0005f68a60c7f775262c7bde74bc10dab2e2deb5146e065662b3941e0cb0ee4463eec68f8b9a3eb7c","nonce":"9c995e621bf9a20c5ca455e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"c11f78e2cc0cd4b8fd3c6f7277c30f166d536edc545e5832546d43797ebff0fcfead915d1003a69ad91f3dbe34","nonce":"9c995e621bf9a20c5ca455e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"01897a63d24b5751259b902d8eb8bdcab90edeeb803646b1ecf4818023e73f1e1de249533a4e7d28ddc9855e31","nonce":"9c995e621bf9a20c5ca455e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"0ae5d8203fcfff3d12f04b56cb76ab47e3cfdebec28dd4da2d47a82179524b8c453b837c8106d1a345dae677a8","nonce":"9c995e621bf9a20c5ca455ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"a1845451205a04df2dc0a70de40eb7beebe5cd3d5e929731d9dbc295c8d4b53acf9f4bbd39144897e689b9e0e5","nonce":"9c995e621bf9a20c5ca455ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"952aa0e215a1cdb1c73af7d52df508d56a4559de62acb31583febccf0c2fd5c4e8a85cad6eea3746914af92479","nonce":"9c995e621bf9a20c5ca455ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"16f525953812a8a22487b2eb23472c15c67ff9bd8f5e9414cd40db7a591fc4c329e78714ab24f141534e0133b5","nonce":"9c995e621bf9a20c5ca455ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"f4dde2abc199bfd2c23d56ba05b38aa090339a7e1a8606a62f087fa68807f16a3e4b8aa86a908da0f652065cee","nonce":"9c995e621bf9a20c5ca455ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"c2a26d62442ab6e7fe8a71ac796ff1fd99e98f766982bd5a71ebf07495e73b50a99dfc61cb8cd5427296b333d1","nonce":"9c995e621bf9a20c5ca455eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"d7ab91f61ec4f4b2780164d0717c622a0e8f5a6b111651816b62c086eaab921ca97b165213c183684e4fd89c4c","nonce":"9c995e621bf9a20c5ca455e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"41d4fc10d07cfc79c9f0143c973d811e2170e3bc92bfe81f19969185a88617aff50dc593c94f58a50b0366ce44","nonce":"9c995e621bf9a20c5ca455e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"4f584bbbb7ee6872c3858b9ab7a816342b2caefd7d6a3a1f03aea2e80cca30b78de7671e7e9fbe31c046a377ca","nonce":"9c995e621bf9a20c5ca455f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"3ff0051aa3d2b76894ec5cf8138a82c7662d3ae775ad370d13c00dcc3a31c109522461c8d3763c6762a825dfd1","nonce":"9c995e621bf9a20c5ca455f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"f3ed043f7c73aaf0d1b861f263985504c8703ee231930c10c82ad9ed30afd13506a23a57c1e279f67817891fa8","nonce":"9c995e621bf9a20c5ca455f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"5831e471397480178a92e38ec42122a36714026c324f31bfeb10a0e78348bdb043f72201fca9172ca81661861d","nonce":"9c995e621bf9a20c5ca455f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"2586cb095e4fb0530fb141c320fd731da3b4dd4191c712a2050bacf48a9deb17caa2e18bf48a1d93cddddacf0f","nonce":"9c995e621bf9a20c5ca455f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"4d5d65d9099923d6cb7d5d7dc9b2657109f864d1f42fbe30f8e0e57d46aba0b48e0cb80e4cd744a4de33d37019","nonce":"9c995e621bf9a20c5ca455f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"107536e7da4e42d81336e118992acfb99d199e2b42ca7c5bfca3102ec5292a37bf8b87f993779bd3f3fe9e7af2","nonce":"9c995e621bf9a20c5ca455f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"d346c93b5df07d3c02f6ddba81b20350be121bc17903f1cf13b789366dbee6ba9ca02b1999ed78cd5f0e94f8ec","nonce":"9c995e621bf9a20c5ca455f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"60e11e24a78991830f21f338ad6f437793a6eb8e94dc3784fbd0e8c4f512eba26d8658de4f955ed57056e1d196","nonce":"9c995e621bf9a20c5ca455fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"9a3bad899a8b6b7e197045c1d6fe7c62f82539aeb258883db945c9a28b42b771f56f6af2eb35b2180381868343","nonce":"9c995e621bf9a20c5ca455ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"e137e198adaee29caac56bff387f811e171a085191960b9436332e5c65c4340a04e981d1732846cfe0d7900e67","nonce":"9c995e621bf9a20c5ca455fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"db24b44bc298f8dc16ac17793b9e9b9f3d0f3d61dcd70620911c4cdba9cf4e0ed46d4f71c69295181d25afa5a5","nonce":"9c995e621bf9a20c5ca455fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"9207960c150f6a026e82e5441a7a4302c0f2aa53adf9e70a89814ec85419787a3927a08601ac11466cd5c34dc9","nonce":"9c995e621bf9a20c5ca455fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"c25d4661fe4bba370e1e08ef5754bfa2c6a0494bf1d498012d7bf00c67eb85957fa6757f1d2ce00f7160fe93dd","nonce":"9c995e621bf9a20c5ca455fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"6812e4265ff494e791fee9822f846fd0d1d6988c75d243290095c2234eead4e9ea15da5e21c6d6aba1352a0a25","nonce":"9c995e621bf9a20c5ca455f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"36adb569f94b80bb958188028a2c5bfa35e03261fa48b9aaefc2a0a567db1241b441b449050b4814d16354d818","nonce":"9c995e621bf9a20c5ca455f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"dad8e22bb193bab5eb3562ee43f12ba8edf88097925698c36689352b77bfe8ef631547e05db55d3350a70e580e","nonce":"9c995e621bf9a20c5ca45586","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"7a57dd337910ef03d6a3a6f2bb01f6e836eccb8b96980f6c680b69488810b17bfe9b2427ef60050253767aebe9","nonce":"9c995e621bf9a20c5ca45587","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"57aaa0191e13a8eef2f37c3a813e93c9ab4fdf089fb82798ea92e09c07d8a03e6335e8ddb0903d381f13a9e28f","nonce":"9c995e621bf9a20c5ca45584","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"aa3f859e3fdf90ef0816f3844c6e4c6490710383c4236f7b76fa1f2da4abb0834b09597e2f21ed8f490c6bb4df","nonce":"9c995e621bf9a20c5ca45585","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"910ff6a3d683156b11a848bc294d4c72a89300e0ddf5f762dd31bbea6077a0700e54c836c7c26ac202f09dceb5","nonce":"9c995e621bf9a20c5ca45582","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"6b6bb1bbe9a0582398c0cab9eeb4aaf881abf66d784e6a11b95c4e7befd26ac2303a045203e639a19a426738b8","nonce":"9c995e621bf9a20c5ca45583","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"5ca0102ebf390d064a9c1d4759b9a9bd902608ab81fd231337ce7a36e3d73c0464c09c5e3d4dd7a10c9308d8b8","nonce":"9c995e621bf9a20c5ca45580","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"0f125fef1b103fc2b7f6cfcfa2f8e7714c56395b06a452ffe514201e09d300ae62be64c4e22ed35e0779d59f4f","nonce":"9c995e621bf9a20c5ca45581","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"214ef132102c6b5d6c562afd9cb9e0fa5f66c3350200d943b07bfccccfaa122229a4da4f6c74bb9bafffebc389","nonce":"9c995e621bf9a20c5ca4558e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"20be19ec1790e3c5a3283a3fde1752a3c2cdd15741546880263bcad8af8f4fd2346516823b650d4511f3631cb7","nonce":"9c995e621bf9a20c5ca4558f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"171537f70d562e8f64a4bc57fd3b9907c276c675c8cb1d015ea1a787a280cae076f4d2d8752408bfbf19a2a9cc","nonce":"9c995e621bf9a20c5ca4558c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"46c926adf17d5ad4288f9c491a62f8d616cae0caeb549839e6de6665dccb567f9c4b9660bd0250f69b7a143cbf","nonce":"9c995e621bf9a20c5ca4558d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"8bdb902af6719a200a25a82846f01f2f6c965cc85db7c23e1d145624518e55ac50cc2ea3bfb58beb9379a9f644","nonce":"9c995e621bf9a20c5ca4558a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"f84c70ffa0b1fbf76ddb9a556a69aacd9e8acc712779da67a67febe1badf1f87a82e50ffb6a60cadaa16c45d92","nonce":"9c995e621bf9a20c5ca4558b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"71a9275834b856d0745bd09797d0033695bf5d42c9631b257fb21d9149126c53fbcb3091a596b175909c4b03f0","nonce":"9c995e621bf9a20c5ca45588","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"3382d9c4a127bd988e1575d2615f1edda5f873cd3a947a6f7d44c7b538bf37948223b4320c52cb41f7b18b8269","nonce":"9c995e621bf9a20c5ca45589","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"d5f6ebf493fd8c13df07933e5948b6a74bfbe7c4e60ecc0cff91360e6a95b802d34f05bae3e78f32f203d51c14","nonce":"9c995e621bf9a20c5ca45596","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"dce65bfcf3d3ac8e016744d5014441a69829404cd403996ee5d2a11a6476c95adc420f7f3bf196e999685f8584","nonce":"9c995e621bf9a20c5ca45597","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"1cfa482e043fc22a0e822671f59c2289dc6abc0aa83e5b322c0f9c6f8684ea73a076e7ed97a14d9a7e81f81d3b","nonce":"9c995e621bf9a20c5ca45594","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"1862175010dbbf2a09af52b8678efef6c29f8567426783f4c84e8e6e82d79dbf101180f8af67a86299fd4f4fd0","nonce":"9c995e621bf9a20c5ca45595","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"c42fde1b8b3f25e1a00b1561e743f499366b90db5bd1743efcb117b050dc8fe3e91c43060e3562335220af0d26","nonce":"9c995e621bf9a20c5ca45592","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"ff73125ef27bbdf1d282bafaa8eb9dd3401e779a123facc9762d00c8972e88118f172a74842a048e0270af8a43","nonce":"9c995e621bf9a20c5ca45593","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"006b6fa5d5f6e8cb25dc1dc459db8c0cb13b7e6906985d0c1272a9634cbb59e12d3ff4c6ae5fcf8464d05d48bd","nonce":"9c995e621bf9a20c5ca45590","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"39ae529645e4d1fda66ca036406429678dd11b132e3730ca9642c4f705710e7860ee3844a2cb18f0470502dba6","nonce":"9c995e621bf9a20c5ca45591","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"dde9053b5520624ab8697b1c1989b4dc29c8daeeb1276c2256abd9d2c029cb6acefba2692106b68748a79d4754","nonce":"9c995e621bf9a20c5ca4559e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"2228ebd5252750b5247dbc9b8f6cb661d2c6b068b133564f4b9ebc4e15b7922836293843523702ab6f96990d9b","nonce":"9c995e621bf9a20c5ca4559f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"e3eff15c5f2ede6e4e20c53047b58d2122b49df2a7e948798f1b07679357a48efdd3acd9becd176481ffa8396d","nonce":"9c995e621bf9a20c5ca4559c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"9f6c85271a5906e4101772ab4802fbc6b0cb8d1f1880f63c8ba888cf53a5a111afe277ab3b96dea23d05abb5cf","nonce":"9c995e621bf9a20c5ca4559d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"90e54362d6cc96affb175e3e7c9febe9f36640e6df6cf13ca8cda2edbd1505483558261ff427bf4b1e06b803af","nonce":"9c995e621bf9a20c5ca4559a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"abed84b19393fe68fcad8b7705d84411561076f4ec9ae90aa476cb4b303cb808b4d0edd0640f6b23a6a332e9b3","nonce":"9c995e621bf9a20c5ca4559b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"e8d89fab3aa1cdcd705a21eeca1111163bcd98fe77d812582c43a1a071ed7e0ea0baf957e79c25c54e1aba4401","nonce":"9c995e621bf9a20c5ca45598","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"c5dc73015237da5da29da69c39330770316f59b2583292ad3da56cec5dc7ca79ccd0a12202ab783dd106bfaaa1","nonce":"9c995e621bf9a20c5ca45599","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"c3c0451f7ff71fa9044a3e432139e6cedb8aeb0995668a150a5d6c650381556a4721a3031ee544ee47c2124472","nonce":"9c995e621bf9a20c5ca455a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"d959c8389666d7ce9c83230c94b39a80fc5d9627b7b120946dbd2682dda3317a0f6af252bb79e127453b02715f","nonce":"9c995e621bf9a20c5ca455a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"ccedd3c409a2c7222cf8647061fd2c61a5b73b9c85bfb048265eb9ce874f20ff5ee886f8534b582b0b36528af1","nonce":"9c995e621bf9a20c5ca455a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"254b64987d5e2088b3355ab94d621bc76b83729025c0f9eab132b78b27e6d12b0bbf0fd3429e8402aa7a2c07e3","nonce":"9c995e621bf9a20c5ca455a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"37995687e4bf967a8102a736f248ddfb5e51ca7082e4852e64434c2a57a0f159bdf494b6f71e5c9e3b767aaa89","nonce":"9c995e621bf9a20c5ca455a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"c319e51c90fa7dae764616c3e7351a8a447234ccb2ba87284218cf3b6e4a6720dab3811790cceca0985a084598","nonce":"9c995e621bf9a20c5ca455a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"2218aabb567e9a08bb1e0b44767b30b1bc14ca468d97448f0d7b76a11c6d9a523669da04e044a597301dbee19e","nonce":"9c995e621bf9a20c5ca455a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"e6a1b946863772aca6d5ab77c4e1e6d2afd15657a709f0071ff1a0c202b816f76203b67dce7ff5bde796245ce3","nonce":"9c995e621bf9a20c5ca455a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"d7cda9f7e4f9c3cfeeb9e10483cd83c6f6165a92d6b4b873d6a4bc75a16f5f33a4bcdc333c4a28a359f7ea3b78","nonce":"9c995e621bf9a20c5ca455ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"9ed45146703922c89a1758428eb2a070205b0c3a707acfd8bde52340a7c3f85218b15cc686c6765a8ad1ac9050","nonce":"9c995e621bf9a20c5ca455af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"95e73b44322cdfb34e2b97e1ab6eb3d3cad86619e563a8bcf038a904dcca956a9d487509899a2b52033daf379a","nonce":"9c995e621bf9a20c5ca455ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"ca94016bff1dbcb590bd2bb5b662546a85333839cdf2394ac690dd16af45fbac305fb55a5a03d991447d5173b9","nonce":"9c995e621bf9a20c5ca455ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"7338c793b64bb23ed1070ef8e2cdce192b7fda5abf1fb082b969219ed1f72334b0cc89991dd6ce65690eb2065e","nonce":"9c995e621bf9a20c5ca455aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"c0511f067f4c2be58ab92bced79ab011179ea1e62d773c82c4a98910e54642e2895d43f23f3f371d645b11225d","nonce":"9c995e621bf9a20c5ca455ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"2a26c47590bbdfc4b0aac2397f76786ced141f77265f113e50148a26144a6564022344ded9d7df868911900160","nonce":"9c995e621bf9a20c5ca455a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"9a23712397e96e3ddbcccb6f85f2f853d243b0da8458d790bea30703dba9d6c44d38a2d4a51814a42753da733f","nonce":"9c995e621bf9a20c5ca455a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"1ef213661ff239a89f4bf0b7342016c832330b439b23976a63171c39de218452ea6cd6ea00d45234af8701f081","nonce":"9c995e621bf9a20c5ca455b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"eefba7d428caa01b6b7ec7c9878e6b852c1532105f52b4714476d7970c1497691c391a009b516d34e60253ece3","nonce":"9c995e621bf9a20c5ca455b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"91aca67dd8f9ee7d97f036b3588674064a373380f50a3e8776778f9df606bbf1ce22c350a1375d7d05d005d3a2","nonce":"9c995e621bf9a20c5ca455b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"499026599b6c7e8c1987efc696827f80cfb8f59731d0fefccb1fa2d99c2e7349dd2080b106ee500ee7ac0bc2b8","nonce":"9c995e621bf9a20c5ca455b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"c21e0760a805b44d4d713368bb3695c493f7d9383b62f58bf05cff74e7268bc0f59301b5626a1ef7975d9ff443","nonce":"9c995e621bf9a20c5ca455b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"0de7de4ae5ab59473f3a26f1fcaa3e4ce2cded48695afe4afa580cae0daf2ff2f0df307ddea6919b829eba4900","nonce":"9c995e621bf9a20c5ca455b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"e88b98e71d6e4e8ab867ed13ffec20a90c2bed80b10fe8407f6df10d42a76766e05017fec7a52a3af14d81a530","nonce":"9c995e621bf9a20c5ca455b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"4ea38eaded471af70d803041c5c6c4bc31c01d886327c0df8175afa84efcb3978c04118fe93f3acfe067551f14","nonce":"9c995e621bf9a20c5ca455b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"5aecb62c9a6b52388651c98da70e7a413813059e6a521335e2e0759af3d36fc9e479400fbdbc7ba253f149d052","nonce":"9c995e621bf9a20c5ca455be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"385bbc73e745cd9107062f35bead63e5c415cf6ee03f274662a21b5830fa77956fa726bba47e63f1039302bd84","nonce":"9c995e621bf9a20c5ca455bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"7e3654544927b6dff9927463111fe232cb1229e27c6570aa2544aa31620aa2b81bb73bcc33c93b1315fcce36fc","nonce":"9c995e621bf9a20c5ca455bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"d8dd70d7e9b86d6a82ef75253169d90615db039643d18d8fc75d2c8cf70e5ff925576e72da83b5ceeff1c0f0c8","nonce":"9c995e621bf9a20c5ca455bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"bd027c4ec25332ab53e52ae3aa25a5a8988c00ac2f83fa0413388358e6e7ab1b5eb57ca0731bddc100c0e6860d","nonce":"9c995e621bf9a20c5ca455ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"95ad6be72e993db541e383052b52a84e8d2e2b51f6a98ff8c4d38c5a1b6cb91ff65c0d052bc71474e2a0b3dd5c","nonce":"9c995e621bf9a20c5ca455bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"d01eff6d06c9907c3ab827ee56a810c364564af346ba0ce102d0567901951272703021f65e95c4a74914bd180f","nonce":"9c995e621bf9a20c5ca455b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"be5da649469efbad0fb950366a82a73fefeda5f652ec7d3731fac6c4ffa21a7004d2ab8a04e13621bd3629547d","nonce":"9c995e621bf9a20c5ca455b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"62092672f5328a0dde095e57435edf7457ace60b26ee44c9291110ec135cb0e14b85594e4fea11247d937deb62","nonce":"9c995e621bf9a20c5ca45446","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"a32186b8946f61aeead1c093fe614945f85833b165b28c46bf271abf16b57208"},{"exporter_context":"00","L":32,"exported_value":"84998b304a0ea2f11809398755f0abd5f9d2c141d1822def79dd15c194803c2a"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"93fb9411430b2cfa2cf0bed448c46922a5be9beff20e2e621df7e4655852edbc"}]},{"mode":1,"kem_id":16,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"75bfc2a3a3541170a54c0b06444e358d0ee2b4fb78a401fd399a47a33723b700","ikmE":"c11d883d6587f911d2ddbc2a0859d5b42fb13bf2c8e89ef408a25564893856f5","skRm":"bc6f0b5e22429e5ff47d5969003f3cae0f4fec50e23602e880038364f33b8522","skEm":"a5901ff7d6931959c2755382ea40a4869b1dec3694ed3b009dda2d77dd488f18","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"043f5266fba0742db649e1043102b8a5afd114465156719cea90373229aabdd84d7f45dabfc1f55664b888a7e86d594853a6cccdc9b189b57839cbbe3b90b55873","pkEm":"04a307934180ad5287f95525fe5bc6244285d7273c15e061f0f2efb211c35057f3079f6e0abae200992610b25f48b63aacfcb669106ddee8aa023feed301901371","enc":"04a307934180ad5287f95525fe5bc6244285d7273c15e061f0f2efb211c35057f3079f6e0abae200992610b25f48b63aacfcb669106ddee8aa023feed301901371","shared_secret":"2912aacc6eaebd71ff715ea50f6ef3a6637856b2a4c58ea61e0c3fc159e3bc16","key_schedule_context":"01713f73042575cebfd132f0cc4338523f8eae95c80a749f7cf3eb9436ff1c612ca62c37df27ca46d2cc162445a92c5f5fdc57bcde129ca7b1f284b0c12297c037ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea4891c9a2a87a4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1252ef4f9","secret":"ff2051d2128d5f3078de867143e076262ce1d0aecafc3fff3d607f1eaff05345c7d5ffcb3202cdecb3d1a2f7da20592a237747b6e855390cbe2109d3e6ac70c2","key":"0b910ba8d9cfa17e5f50c211cb32839a","base_nonce":"0c29e714eb52de5b7415a1b7","exporter_secret":"50c0a182b6f94b4c0bd955c4aa20df01f282cc12c43065a0812fe4d4352790171ed2b2c4756ad7f5a730ba336c8f1edd0089d8331192058c385bae39c7cc8b57","encryptions":[{"aad":"436f756e742d30","ct":"57624b6e320d4aba0afd11f548780772932f502e2ba2a8068676b2a0d3b5129a45b9faa88de39e8306da41d4cc","nonce":"0c29e714eb52de5b7415a1b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"159d6b4c24bacaf2f5049b7863536d8f3ffede76302dace42080820fa51925d4e1c72a64f87b14291a3057e00a","nonce":"0c29e714eb52de5b7415a1b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"bd24140859c99bf0055075e9c460032581dd1726d52cf980d308e9b20083ca62e700b17892bcf7fa82bac751d0","nonce":"0c29e714eb52de5b7415a1b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"b55e7b27bf4cc086c9943ec1a8665ef3de68ed37f3e305f73347a04278eef59949957f77e865fa12983805bbeb","nonce":"0c29e714eb52de5b7415a1b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"93ddd55f82e9aaaa3cfc06840575f09d80160b20538125c2549932977d1238dde8126a4a91118faf8632f62cb8","nonce":"0c29e714eb52de5b7415a1b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"856f93e37b58f696805e05b39207e286f666551341952ffdebeee1986c707403d452500864aaa415cdc5e54a64","nonce":"0c29e714eb52de5b7415a1b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"6ea7b1c811cfa660bc77acac34e545451e2802057de0c675dd2de01d6b1bac7a37412d68cd35e026f647873808","nonce":"0c29e714eb52de5b7415a1b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"631a6de2d43012e2b4e41aa25026adff60a50a581018ff42154553880d6182495c1743e747246f241872a1ad2a","nonce":"0c29e714eb52de5b7415a1b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"11696553b2221a4120bf8d887ab0a4e51598ba73e73031b5ffbf1cd58fb4f685f313c2d4893e6eeb79919ecac4","nonce":"0c29e714eb52de5b7415a1bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"74127a317035f647bc5478e4791f3755aba6c5102f9efa69ab6da7254acb4fc59373642ddcb5ff836c33bcf1cb","nonce":"0c29e714eb52de5b7415a1be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"d91c5cab36aebc675dad68845c6402e399ba32485c66b3cd32e1f3a938b0fdbac305bce39d2b935b3220c008b7","nonce":"0c29e714eb52de5b7415a1bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"73d98d821d881ccbd99dbbac6e19cf291d413993a2005a95e9430cb3d8f3fed5fb879a25deca75cc4322ce2dc0","nonce":"0c29e714eb52de5b7415a1bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"a172ad170e20ef4d33243cc6a517edf13941c17ca83b65da2a1826e3055cf104fbaf15176fa111ddafd14f5c5c","nonce":"0c29e714eb52de5b7415a1bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"3a79d5bcd0bcbaa6b2ea74cd53fbfd9bf2656145c9c638564734caa1070e0cac39313c4ad491a3e1ed7e2052d6","nonce":"0c29e714eb52de5b7415a1ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"d336c06941787fc7fb0c741bf4ee654b1cf6e81c85d46f826bfe8825790b461c7aca706561c9c4370a2dac7fa5","nonce":"0c29e714eb52de5b7415a1b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"f74b50de8110a01cef62207ab1116f489bfcb0261fb3eda20aa14d0d6bd0f7e5510b48f2faadfc76a490662bfe","nonce":"0c29e714eb52de5b7415a1b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"c452d3cfec1d46ff844e66d99495a480aac700ab795cff04909f434a7eed639875f766d69b7bfe0010ba252f3b","nonce":"0c29e714eb52de5b7415a1a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"37c465b443ecb0c8c87dc5710eda8e6cbf38d6d60848692c0df540063d4a0a67cbe83df5946adcf1f2f39e7af2","nonce":"0c29e714eb52de5b7415a1a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"5fe4d3369494a9dfceff8667b0d118c323ee07f5327e3d2d38307a1d6f7ea948c331038ad8bab7c773dc10cfa0","nonce":"0c29e714eb52de5b7415a1a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"1bdae940c2449a75528ebd6e22842ef637b57043719a9964ffcc95093498f6b754b49e186c8197b26203a488e6","nonce":"0c29e714eb52de5b7415a1a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"21267211004753f7accf1f3ca9420727958678cfa9c9534b6e0ebff799e9d17ffe26283ee3004a7ee3ec3d6d1d","nonce":"0c29e714eb52de5b7415a1a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"454d557c0f338caec9495700cba3df3a394182be73462f2eb99051854cf47aeac273b118b75840f339a551d6fb","nonce":"0c29e714eb52de5b7415a1a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"37458fbaf4383f78f6101133272813f2235ebd17f3d9426015c68775e7ad0b0054ebb16179b9070ba783b53c41","nonce":"0c29e714eb52de5b7415a1a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"097d5d76e910c40cd69905311de20073ee87fbebba920e18c6cfb73d4a094cd589fef9fd8e2c626d79e9dd1915","nonce":"0c29e714eb52de5b7415a1a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"0af0ff381cde8bb57d2c679b9b3f125abee9d38819ea9f2a939da83322395f93c42e977170c306151bd65b8bf4","nonce":"0c29e714eb52de5b7415a1af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"0e023165a916e1d5dfd0e70c369c81f14f5965203dc8aae4dd088b3174dbe382e89e10ac373a8a6ab53151f26d","nonce":"0c29e714eb52de5b7415a1ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"1170bd4e99ea1923a8aed6c5f23cbd88444dafd7c61d618c283540b412054a3db0993c89ff8ae0fa55d9b4dbf2","nonce":"0c29e714eb52de5b7415a1ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"27829359a8bcc44f32b9eaeaea1f634b82eb1e750c1b4781c79f584bba27e35466f26daa47e8a9be099787434c","nonce":"0c29e714eb52de5b7415a1ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"5206c1ec93a66b0567bd071280f1090d9f5f12805d2337b9d5656d73a5e46ad70572a5208c4f3bcbdf85e2687f","nonce":"0c29e714eb52de5b7415a1ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"fb4d64c0d04d8febe090359e77c30de77ee36e22947f0e4e10a84271bde1abacc018caecd4b23e19478be792fd","nonce":"0c29e714eb52de5b7415a1aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"174e8530ecb42aaf1acf3ccb25472d58b13852bcd7efec9287a318831bf6f8786238d0b28c323fd643f2dccd17","nonce":"0c29e714eb52de5b7415a1a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"158d9d804918684b34d859ede6370482a8c56617972725d678922d41530432168d1f666d18e8e225e64d562fbe","nonce":"0c29e714eb52de5b7415a1a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"1055114b13dff8df352049c4abf4c794c3d5ce2573fd727ccc31a8967a1a72cb171a67694a91e020838968f143","nonce":"0c29e714eb52de5b7415a197","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"ffb0fb5a013bf3429ed4a2d4c6087ec37e8a679c2abc8e6d0657e2be6bb6f73a8c2024d623a50781a42534030d","nonce":"0c29e714eb52de5b7415a196","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"0a78a33248171d748a2315a37eb291751b550693b437cb47da818a393a835b83b2fa1ccb4c85d5c444091f5db6","nonce":"0c29e714eb52de5b7415a195","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"2d543977331d2bfb7fd9bb2a021c81eefa6aa748286d06295076fd4069684c3204dd862d4f7275b074d30407ba","nonce":"0c29e714eb52de5b7415a194","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"3f8290daab75d908fd363e14be1cb6e04c6c2081d95cbc322b93608f7c58dad56f6efb535f17a02ec190e16c9b","nonce":"0c29e714eb52de5b7415a193","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"1f9a10416637993bd1a4fce085d319be59bad84c6c378b68ab466f4a4b950cec2ed8a527ff62c6b16b73245f2e","nonce":"0c29e714eb52de5b7415a192","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"35db00acba50c3d0c7b2f09a6309a2eb16ddb4491f68f1f5a8902e2d5188c69132b3adfd42dcedee7fd1720a9d","nonce":"0c29e714eb52de5b7415a191","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"f534277baacb4b1627e2355e489b1d51aeb322339d6839d9514bc401d6576ba1398ef3dd3bbf50fcdcee87e44d","nonce":"0c29e714eb52de5b7415a190","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"5a3e42cffcda298b91f4d6e394354da3ed416e16b8af90ae2bd0e91df3b20177418d9426576b890104f8414a2a","nonce":"0c29e714eb52de5b7415a19f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"6d6459168920b353decd5cd3656c1ed59a29249468d0e092c0ac66c6382102e4457d2e9d438e871b2c35e3c267","nonce":"0c29e714eb52de5b7415a19e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"64cfaa0bb66e2d0457ed3fb4ec597e58c16c910694f97111bf22ab93a44735b72bb631a060f6c279773cc45b9b","nonce":"0c29e714eb52de5b7415a19d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"06264ecd6c0cf7a7fcbdb3ea601c2581b8d6720df0cc5a6407ad4f375591b281e7a93b99f72f27b234f08362f6","nonce":"0c29e714eb52de5b7415a19c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"dc933ded36b2a990f99fae014afb304c03a8a15b683636ee6ba98ccaaac4e13a6d96ab967d129e8e6ad4033e2f","nonce":"0c29e714eb52de5b7415a19b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"b380acd086ef291a3df2abde57bd3e8ea1bf11bcd10321c1b4beaf858e8b69288620b4e79d12a1e31a84866777","nonce":"0c29e714eb52de5b7415a19a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"1df09a14894685af50e841a51fbfe5bbc755e81dd5844527116e6403b8dc970667403089dd3ae2a0924d5523ba","nonce":"0c29e714eb52de5b7415a199","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"a02b47c79273c8a56fce8a96c0a49f6baf8af043f725679f23830066f7798053f338f79d0eb7649fe99072ed0c","nonce":"0c29e714eb52de5b7415a198","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"dd8aa692624c57e6c3b7ae2c1f7961bb09f4a308305e0aa2d793e02bfbd14e764af98d37799f07b5a9dd7cb081","nonce":"0c29e714eb52de5b7415a187","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"5768aded7cfd939e17df0382342c281ac19d23d9c17b0bfaa10e8fbbef0136b228bf4b13d70ad0b1ed18645668","nonce":"0c29e714eb52de5b7415a186","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"cb623ac3734b42d4abfa65769dac3eacfc05d7217a94382fb525376ace3e087aeb4fdaf92468f576ca3c61dacf","nonce":"0c29e714eb52de5b7415a185","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"b110cb49721de7267102470fcf05a5a4d53587c83141162d438c33dfd3422155cac258f76bb16a99723ab4f827","nonce":"0c29e714eb52de5b7415a184","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"6040ee3b6a963259bef8fdcdc357d8947aa9284963a948056071719e7f690c0612c7f75a506453fab3923314b4","nonce":"0c29e714eb52de5b7415a183","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"96eb268ed0c190fc3d3a558640c21e40052af0c95a7220f46bf06d62f59eeadd242fc5dec4d2220a397b25d4f7","nonce":"0c29e714eb52de5b7415a182","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"2ab32ddbe2d6398903912d080e6e8a1de3b6ce7b5565e633a957061a66879d422ef880c0930a38f66659b83f17","nonce":"0c29e714eb52de5b7415a181","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"97f04ef8ef5ecb9828ea7b1469d2afacfd3b686a94c846401fe6dfdf116b9e623dc636d077dd09c120f0fbf9d4","nonce":"0c29e714eb52de5b7415a180","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"372daf11e544b332adbfa056f312ecafb5337d43fd62af9b708b1858870be70191c99a0974ed2591b5fc26f6f8","nonce":"0c29e714eb52de5b7415a18f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"fa29c398873e77edd941ff56132123ac8abd183933b148dce4b03ccc0f029ae238e8b61d655393e1afc2344ee5","nonce":"0c29e714eb52de5b7415a18e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"8132dd89602493bfb7b7427a46663d1521dba578a9b668da1e1bfad047cb74eabdcb5719dc39c3b27ac99a2fb3","nonce":"0c29e714eb52de5b7415a18d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"2bf503aeecb5a4c6e90536135fdc97f9fce34298129cebf4bde47fe3b029f31d7db85d196cca144f1c95808378","nonce":"0c29e714eb52de5b7415a18c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"21a81bfe646df68a65a7520e5ad94608ec93cdde31d40b1b0e9f5e9930c757280d330df459ce71dd9eb189ca61","nonce":"0c29e714eb52de5b7415a18b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"7a818102edbd09f7665b64e6edade202b33131226b84493b668e6522da7d9d1bbb2c476d62cebe25d6d254973f","nonce":"0c29e714eb52de5b7415a18a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"85e9cfc449fe1785b0175cf68f737240072853887962bc188db78414e6386c45c1e65c27e04aa46933a5fdfc30","nonce":"0c29e714eb52de5b7415a189","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"08459517139e3f6c8ebc53c20d2b82dada16fb1f604916ece972d9de77bdfada63d1da30587f2bee2553d1a8ee","nonce":"0c29e714eb52de5b7415a188","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"8da75e6a8d4b299349b5a82eb838e5b88f3044745dc184ae21dcd0748d72f9ee8cb4ff9b12a75ef8fa58eb8f4b","nonce":"0c29e714eb52de5b7415a1f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"59d5d08b7b20f84a97a78dfcb47337e012a9e3ee002991271ccb757f2694845b2b3db3880807a62606bf89b6b0","nonce":"0c29e714eb52de5b7415a1f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"a8fff2fcb999ccc5ff75350ec001c0695a0bd1f7e494be8a8973b6fb2e58420d11c5ffc0de39bf2d2a55c2ccfb","nonce":"0c29e714eb52de5b7415a1f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"d8f1cdd974b9ecfc040fd018a809dbfef30ac0de596411e0b8604cac085c34cddea048c64d3f357ddc70c5d0a3","nonce":"0c29e714eb52de5b7415a1f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"ce40c4f7f937cc0d3e0b1a5d493844df22384b41c4a251f727e57d4f68b776e6827502a779f1de96cef37a0b01","nonce":"0c29e714eb52de5b7415a1f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"d0eeb0632f6b1002a19b16ef455762fb43759995578f07fd2768b6aea89cd5723053f26a5c2c979ced1eb3535b","nonce":"0c29e714eb52de5b7415a1f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"5a0be3c1cae783941e0085e95940c3a10d6f469898bc3857d40e6bfc460a96a9a83eb914871bd04d14c73bf87f","nonce":"0c29e714eb52de5b7415a1f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"f57c1e10bb15b1f6b0d3f5c1fdbe09dcf1596e9d60729dd81eede102873835c3f7b884a55b0b28af637714e197","nonce":"0c29e714eb52de5b7415a1f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"1a14d5f48184de4f766af21b2c915f8330d2b98fd3d44e97ace2142eb27c53139f21ed1cadcdeb52eaa0c0851b","nonce":"0c29e714eb52de5b7415a1ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"5724e50bf6377de7d82928ca3cf44332d66d4423b2a8eac891f062459c62c9670680fc32c62964b24d937a7266","nonce":"0c29e714eb52de5b7415a1fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"17a45213e87cab0f6486a83c9eb55fd8f563a376d6745465ac2309f142ec3fc0437e0391591a248fed00463180","nonce":"0c29e714eb52de5b7415a1fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"7ee5fba4c3860266432981a6d24b93c8f47fcd3cbed7fe8ba55b932822d8158ff58ef9aac932679d9ba49b2c18","nonce":"0c29e714eb52de5b7415a1fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"78a57aac212998886c351780d62dd0c6dc4e0266fdbf69a7d7e9df18fac53cae4b7bfe2be0981657f08953efe1","nonce":"0c29e714eb52de5b7415a1fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"1bd802fdef67d4ab2b10885f1a403f532757450b0f990343edd1a12da10987ee2e65b6a8b85e2326d48cb89adc","nonce":"0c29e714eb52de5b7415a1fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"afbdedd5f1eb3f4db93a7b3adfa8325b69e935afa28bc338c7bdc576bc3c83ee775b0b6206ed3b131e8b61ba4f","nonce":"0c29e714eb52de5b7415a1f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"2141c1606bf27db89666f702cfb142901aba19bfbfc54b98a6b145e6496234e05bc9c2192d5c3108f05eaca684","nonce":"0c29e714eb52de5b7415a1f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"59d14500f49cff96aea0735f4c6277b71183b53d446fca1616865f5331fa9edbb920573c393476ed1bc1df4529","nonce":"0c29e714eb52de5b7415a1e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"670e96f5ec2df467dcfac09cb654e61e27f722f0ae82f906e995a3e1cc6c976391246de03bda4443b6201af79e","nonce":"0c29e714eb52de5b7415a1e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"9852560382d84de11f0a676a7a6aa7a7193ddd5bb07f388b27dc2c75e1f0b7d9653fe6dd17aa292ea6bfe2a684","nonce":"0c29e714eb52de5b7415a1e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"ac9ea6f1fe37608361c1eada0452f26dfb24ca53043fc35a2311e47bb9b7d1239ca05b283a0a2e76525da6c48e","nonce":"0c29e714eb52de5b7415a1e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"34b624a73dc36b35735f40583023ac119ae87fe23ad31c956beed422baf7446a24826f9100b17134af10ba59ac","nonce":"0c29e714eb52de5b7415a1e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"e877f4b5faed03f508c7727caa179652632a5483b287065806ffa22c9395fc53a1350ea8f9966a5352495a2cd6","nonce":"0c29e714eb52de5b7415a1e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"95f82430ed9a15c66936b27cfbb96e29f68aefdcff5faced5f19d3591d51bd379a26bf5eab06200fe8b038a8d3","nonce":"0c29e714eb52de5b7415a1e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"29b8eb368d46b490a3d5e99540af35eb98e52f949f5f701671a64f968bc4b880eb1c3b35d5c9de69da19db9261","nonce":"0c29e714eb52de5b7415a1e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"7dd5fc6e73a7220cb44ddb847ec8bba2ed6e244e55e6fd16caedd157d8094cfaf6a824edef2c0671294d312d50","nonce":"0c29e714eb52de5b7415a1ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"53ebf112be41af773fdee4ee0fa681195e21b159f5376bbe1eb586cbe1fe5bcd2be1df3920b146c4c149793c93","nonce":"0c29e714eb52de5b7415a1ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"78dc37d1b71319a3811ac8acff08da4d3a573ccafaabff3eb3b91fe300d7a6b1fbf5d02d7f4194456b53738ec4","nonce":"0c29e714eb52de5b7415a1ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"075af0fab389a4115faf5ae9d95b4ca8d0ce21c4d3d03de67987990bde33e45b2c5fd44daa1aba9b4e4c29f060","nonce":"0c29e714eb52de5b7415a1ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"ddb24bb3bb0169f7111780b4ef6c134d73a3fa0c1e896adb2e67f59903a004251ff9c16ad2d3d76a6570232ee3","nonce":"0c29e714eb52de5b7415a1eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"c3350f93d11eccff33a680613409e90fde6fcad10680649138a4e0685d19e669e4ee7f655a1025816403d36618","nonce":"0c29e714eb52de5b7415a1ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"cf25d2192dfbaa99bb710e574e9be84aa351d894ec65cdb101f9102bcc5d384228415902d9190ba8c5a717d093","nonce":"0c29e714eb52de5b7415a1e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"4aefea283cda09fa0b45a408cf5ef0ac70b6a3fd48c7738b9506dcb87cde85d32a7b0b28c1683b97a6f327eb3f","nonce":"0c29e714eb52de5b7415a1e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"566c6eaefce5953ae077f65de882e71c7e7fe6736d66f9aab7c994bebb0169ec67a4feb4ab741b6bacc6a400e8","nonce":"0c29e714eb52de5b7415a1d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"f117e5d7005ef3b4ddcff1be3884aaa9d7738db3c2126af9a990164fef3a99314250834f40dba161a62ae4bdd9","nonce":"0c29e714eb52de5b7415a1d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"90bf0b3ec4fa2f231e11db6cd8fc150926a11ef40dec07a377ac9c30da75eeb389389c0681fc15220142f33839","nonce":"0c29e714eb52de5b7415a1d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"66c4135494a8643aacd389f1992b657f2f5d796d602c36d0340593ebb36d68e24856df0e2772283886820129a7","nonce":"0c29e714eb52de5b7415a1d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"85c6255bae3fb15536ee60e48f1e15159c85d69147fa190003d772f84036371158ce7a1adadf20c1321e4890a8","nonce":"0c29e714eb52de5b7415a1d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"999bf45853871d7df8a765115c216ae85518755c193a7997e21fc594b4d5ded652fdc5d5f67a8a731ad67bfe6d","nonce":"0c29e714eb52de5b7415a1d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"95a22b896e864e08135f89719f9c66c64feb3674cfca3e0be4bba506a335535a63243b26e21ab7af469a96c742","nonce":"0c29e714eb52de5b7415a1d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"64824677a71a58e5c5a6b1d4bee9422a5fbe5d70516af10822be005bae0c2d1c1b588c602fc227ae51b69203ff","nonce":"0c29e714eb52de5b7415a1d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"96b85f71069e7bac8633a18baed84e96b10ae9267f30fe88b70bfe27efa755e9a12620edcde460462e35be9b48","nonce":"0c29e714eb52de5b7415a1df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"45592a53cddceff70da48319fbaee347f2307242da23da22cae00819cbfa7f9882733b81e2c24624f94a1691d9","nonce":"0c29e714eb52de5b7415a1de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"6ca5a11693402e27e157c6d0bd93b8aa8b5bf0787acddde966bad2bcd30914aa842e6c40ec439016a10e1aa364","nonce":"0c29e714eb52de5b7415a1dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"66e80a8c43afa782ef86c7f46addb02ca2aad0ab036ae0a16cf78552eaf35cc003d6d9ec3f48e6bb3c1c14b285","nonce":"0c29e714eb52de5b7415a1dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"b5a87452c6d47a7ec1e19ab4f064acf4369ef36f515b70847460b0e48fd9e498fc5d2ea6291c8487576d81ba6d","nonce":"0c29e714eb52de5b7415a1db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"eb97dd2dd505ead324f8aadc41cc8a4e8e7a3846ae111bd923c138737b64177d18e0d57884f11e319c3550c5ae","nonce":"0c29e714eb52de5b7415a1da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"3f2c64ef76fd8e82e73f42e73fa9c1221fed04103a92901a026f329cb387c91d0a343451459a04045d4ddf6c37","nonce":"0c29e714eb52de5b7415a1d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"60c6b44a8a58e85ff3cba3793ffd799cf32f5425574e4c4a256c5730a907e1f2cf8ff16356809d09fbcd9d0e52","nonce":"0c29e714eb52de5b7415a1d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"2299195e884e5dc06b73bbcd2bd624714709b71014eec4c8dad6daae67e6fa9ecd72f31dd2353e9444968c0097","nonce":"0c29e714eb52de5b7415a1c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"223758fb805c4cb6b0f920c65f757ac495ed6249d2a7cbd499f02efc898530ed8155606f22876e8a9dc2ee1e18","nonce":"0c29e714eb52de5b7415a1c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"a2a9f3cce80edc4d018e36f8e411798ec6086147946f1533f3b01cd640f119cd410ef6927b15e826865f0066df","nonce":"0c29e714eb52de5b7415a1c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"580d1b5fc1ff8da8049f49917316575b5b52118a21d9f12dc0f5254997130907adb950323bb9bf9eb0702bc3bd","nonce":"0c29e714eb52de5b7415a1c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"36aafab248751adc10053d8eccd274b193f0e02fb167f9be8c98b4144496d3e9795158e63aead0be5fbaec8998","nonce":"0c29e714eb52de5b7415a1c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"391b92e14e96e9c2bca3c387d8df1f4924afb0ecb11ffe35e21c0f3868709dda7ed5b35b01880ed2952729a839","nonce":"0c29e714eb52de5b7415a1c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"d4ddef96803402d82d80ccdcf181103adaa68349b084bb0bf421464f7edf99fed2cee08bc53eeae6fb8c4b607a","nonce":"0c29e714eb52de5b7415a1c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"e014790f2a3a858e5a541a9faa3d6f68a2c4d1b0781c4a8fab94cc5d5cbe0eb8f2a7a4bda36ccaf9483efd6447","nonce":"0c29e714eb52de5b7415a1c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"07564e76e5f2db36744b4f838f5ff38dc5290deddb43e5eee2a6375391a26c006245ef01c0494e6a470b7b975a","nonce":"0c29e714eb52de5b7415a1cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"be5abdaae22ab624823c4c911a90012bf5fa3d45a2e1059ceaf53cb730f652e3cbef6c3a472b5013a39029b503","nonce":"0c29e714eb52de5b7415a1ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"ae409ffc39ea6d8826bb12dadcba8565d8aff3ef3b4444661e7ce121b41e64bc091564d01ec20365d84c16d5db","nonce":"0c29e714eb52de5b7415a1cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"e8e936c925c9c0614db8f4804dfb44ea2bf0eda25994cbab504bbf3a9d2a3b6658483b1e2095a41d84d61904bf","nonce":"0c29e714eb52de5b7415a1cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"1d5f8aa0401cd0950b36cc7425744e9d63cb51e0f4fd815ed111ab805c955191b4c415557248ff534861c4d79f","nonce":"0c29e714eb52de5b7415a1cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"f642bc0b14656d4126a9678fa9b374835761881efa526b584e2a661064f96ae41d64149c0891f14a7c6315578e","nonce":"0c29e714eb52de5b7415a1ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"2426008bcd497dd568b7a1020b365ed7517b5016e454931dbda0b2f5a540a676aa7a4263ad66bab1364b09f063","nonce":"0c29e714eb52de5b7415a1c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"0bff9b6773f88cc92dd7795e1483eedbab6f68a010324fe4464ac3fa36e368420a02b2daac3d5b2ea4454329eb","nonce":"0c29e714eb52de5b7415a1c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"54473d8542e8280104d9448e312aa878ed7db0ea3fb670d881cc9f0128e963b8be85bcf711682d71b3e2326f8a","nonce":"0c29e714eb52de5b7415a137","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"c5679fe086f1cb2af03c98cc63e201958660490271b347a8e4a40e29ac9c82c080934ff4bad6449dff69f4cce1","nonce":"0c29e714eb52de5b7415a136","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"2aa4b17ce84a198872ca13cee425d53a5a851ba9f71aba66b5e2cc989ab4746ee9f7fe298b5a9c21ce0f917c8c","nonce":"0c29e714eb52de5b7415a135","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"88c9950f2b24bcc12e74f6191c4454ad2091b010cb321775d599c876e8b50bf52a2ec0a0237ced1116fbaae1c9","nonce":"0c29e714eb52de5b7415a134","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"bac71e08cc677e8bcb7c4c802a8a52a0b160b20fd22d571e368f29914405927f11474e9b3f29df6297a05e8367","nonce":"0c29e714eb52de5b7415a133","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"f8b92b8b64b4137a9627dab8e4d244ce7ea3b15f9f40aec8363b7ee0c533577605f377bf7cc540f0763c6a5607","nonce":"0c29e714eb52de5b7415a132","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"39e48174133d1526c012b468ea1bf0d682700ec38a8f0fad79b92abdaafacc59543fb19c4a314a362dcc3c8bff","nonce":"0c29e714eb52de5b7415a131","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"d43c8f7aa83b4236222d3c284248e1f9a4104802996a45681879b2b9a53bc5085792ae25e67358037782541516","nonce":"0c29e714eb52de5b7415a130","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"2035d1a83f000dd059e38c66c866195b02660760914c9518ff3c4e3e82b231a93adc610b9bb380c1540a903bf3","nonce":"0c29e714eb52de5b7415a13f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"8cf979ce1f7ec88aaec101cb4733da3b2ab84a2251eb39f0ba38435cad944a951ad714d99a6cefc439b7a18b08","nonce":"0c29e714eb52de5b7415a13e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"07a38d15911f2ca789df20f20a8bcfaafdca1c728110b6291eaef6cadd3b410e379b81b823a770877fb2c12982","nonce":"0c29e714eb52de5b7415a13d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"4f363875fa0293ede4b0255b1412592cfc28651f8cd7885344d18e1159c4b782e6dc72261aef1884416ec5bffd","nonce":"0c29e714eb52de5b7415a13c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"4a337c68bca75735db3df569c8307c504f8e691b9875dc9aa4539a44e6f47b6dad86504decdf7958db4f547fb1","nonce":"0c29e714eb52de5b7415a13b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"1b7636df09b25667aa671539488e54602dc4aa0c417be9f317aca7a2a36fdc40cc1623059f2996691cc4ea825f","nonce":"0c29e714eb52de5b7415a13a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"3b686061bc5ef25a2375bacb324528c2d39c53b5eff83a48559a5b67f8579485ca1f90f57a8fd03f67301f0154","nonce":"0c29e714eb52de5b7415a139","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"1dc198681046fc36237e617016cd91ba16271215c9b4b6a4abc9381af23694076bbde6106afbab774280aca3b1","nonce":"0c29e714eb52de5b7415a138","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"d0ad9e75c8a48c83f2657f80784368f0ed39c5480d9b7fc2791183cf8a19c8f555ad0bfa3ce50906e1f26715eb","nonce":"0c29e714eb52de5b7415a127","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"b09afe470c98b69292ed967fed3c72f4bc5718d16e0e1feffa5be67aaafdaa182aab90c06d55be1481461366db","nonce":"0c29e714eb52de5b7415a126","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"a26cd6375a1bc042dc9285d90c614d5cbd04a812e817fd33b05ee9f7c5775256d1e94b98191c0d6c356d9e607c","nonce":"0c29e714eb52de5b7415a125","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"93efc20a6f9fa59304183fbf67aee974688232ed8cd1d5722a9b3fde3835193ac9b33f31eb2c9f918520b73eda","nonce":"0c29e714eb52de5b7415a124","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"5380d711c368398da404d09e3baed7fb6cb3e9533299ff38e30ef74b14485227a321d606a1a212ad82f6aaecc9","nonce":"0c29e714eb52de5b7415a123","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"05430accf275a65692d74ec8b4a67738d057514cb1a056b57fe54f10edfaeb62a60be2888608fdcb2bd29592fe","nonce":"0c29e714eb52de5b7415a122","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"4d8cd0968e512fa97bf57aab989504e59f7a773015bb391d67e08558c34c2d35de006b00b60002dca035d91142","nonce":"0c29e714eb52de5b7415a121","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"de0a07beac5e1e53029527d672390fa01fbe076a99e37fcb7e202e2728758c5bf1b2978f347d8ce0d228bdaf4f","nonce":"0c29e714eb52de5b7415a120","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"e54f1ae7e8ba9b39c248456fc95da05e26c51bee4f5dad2faf2ab2167cf31afdd1a87c76a15295faac3a2538ee","nonce":"0c29e714eb52de5b7415a12f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"01f4398a4e883b46c7694a7437956a5bdfda4a901319e4123687bddbff785eb90750f773874f44c1151dec3051","nonce":"0c29e714eb52de5b7415a12e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"ca64fe55121268c4eb9a58183d10367c7cc2a9f157f86ec593faa296a2341dfa95c5479d65ca600b483db8304d","nonce":"0c29e714eb52de5b7415a12d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"34f49fcce5584467da7756c46f0e13acbc64f638ee2b12ba9095a373dba81c3e31c2b37477cdfada07e933d0a6","nonce":"0c29e714eb52de5b7415a12c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"0e0e4b81f8407f8f20693d0b44d40bd2ddd2dab47adfeabb78e1252867e598b773a32af50ef9a87cba28e078ab","nonce":"0c29e714eb52de5b7415a12b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"4bfcdcbb5fb64dcecd19ece54f4fc9ec8dd488fa3a450ed572c9cba1fcef9702636eb7813d5bdf569872ebbf62","nonce":"0c29e714eb52de5b7415a12a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"11ed66ec0e416814afa87d8283996985bd3353a74562e714dbca16d21d6052159509bddeaf9441d11f2e75124d","nonce":"0c29e714eb52de5b7415a129","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"dba9a3f1267486508436633c062a67f8cbc2502df07957fc4211031863b698058fdc6e8f8d5a234a74ff0d9637","nonce":"0c29e714eb52de5b7415a128","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"5fde0d453a6bfe1ce8ee654aed8e608c686b6436750ad26331bffe3362c8e63b7890f099b45ffd9c54e16f8612","nonce":"0c29e714eb52de5b7415a117","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"22af2b58d7858b966cbf30bde01e7f1c2472cfcafc4698800cab8b9c9d13751140980ccd2f04da4e028a846111","nonce":"0c29e714eb52de5b7415a116","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"f313bbb3bc7466f11b30286ef44d861f805dcb0d98118f7a90ccd20dd4a57c1780dc683aff773d75085eb95eaa","nonce":"0c29e714eb52de5b7415a115","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"a1043224e9e3d4b8b302e11f799ed9d197ed1243d2672edc756795ca6f3f6a32ae66d60edc4ba19272d362e65a","nonce":"0c29e714eb52de5b7415a114","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"2e235088c3abf5d126073851c97504140c44293f7750f959daa00d105cdc231ca2bb47ac6dcd234a83853a079c","nonce":"0c29e714eb52de5b7415a113","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"b845f13386a3fa751f937469bd9f72cf0fb0cf447cec51fbf2de12b87f65cd165cf3e959ee615a07dfe7285284","nonce":"0c29e714eb52de5b7415a112","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"50bc346f904c1df88284302fb9e524fe2b585c84a765dc6c7f3569271c5c00d1c07b0bbce353a0626bdf01c6fd","nonce":"0c29e714eb52de5b7415a111","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"a63806b40e4a5105cb15d3c26b028f212cd50299ae7ba377d85b8b7d8e8043957ceab091b0263a65ec4671f6af","nonce":"0c29e714eb52de5b7415a110","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"a4eba1bc4c3267280b0a07439ab29ea40c366c4622b8b418ac89253a98deeef73077271a6fc6f2485f0ac7eaf8","nonce":"0c29e714eb52de5b7415a11f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"ebf9c922faa52f5a09555f7405a36641e88406cbc20d691f4cb0f7abfac8da675eb9501c0dab4c173350894e69","nonce":"0c29e714eb52de5b7415a11e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"f06f1069ea4eefdaf778365b721d6acd16e1a7ec1aea94b06713b65351c437bd8ee2262f6f34eeec8185014643","nonce":"0c29e714eb52de5b7415a11d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"70cd5ec8a748a535ce3ca01de3690e33fd41f73e5ed07529dd7a4dff4e3fa3c7959f6acf98ded437940ab711c7","nonce":"0c29e714eb52de5b7415a11c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"9bbf60d3a9b3d991e4984ef14045202e50eb9c5a89dcbe456460c17517cb8abfa1361829fd844d819d00cef233","nonce":"0c29e714eb52de5b7415a11b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"0580ecaa289cc62f713e00ddf2f497216027e77767e11664d98c9d284ffa44fad079e72c858be7918c5c60fd15","nonce":"0c29e714eb52de5b7415a11a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"ca872faab22d8eea7ee1136fd7900e5aafac9fd76e817e864ee45cddcc5089a78690321a55b9f335c94bf913a0","nonce":"0c29e714eb52de5b7415a119","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"d41f139359df34957dc9535af10fd56576440f030ccc311b73903e6a2e10a4f94d347dca2323c2634518df2680","nonce":"0c29e714eb52de5b7415a118","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"5dfe56b5b37ab89fb8a78f736a22f0dec6b60472e5fb6dd409845f8be53f1efc842c2e09cf0b94a69dbd5ed5b6","nonce":"0c29e714eb52de5b7415a107","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"74a7eeea0f306d7bdde5690bc30cdb9035d952d3d0cd280b3d0ffc63b640b8201ea8dc464cf64244d4ad03e26b","nonce":"0c29e714eb52de5b7415a106","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"c4faaebfd337c6b6fe3322894a68c222cf022f4d5660441bdc757b0d6386ad1e04695d33880f40cd94399db315","nonce":"0c29e714eb52de5b7415a105","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"8d1c0bdc47c7c612b2e6bf68b982bfb95b34d74602980c6cd0c8de5ed9d0618480518dc87b47308d157a1609ae","nonce":"0c29e714eb52de5b7415a104","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"5a46efd769cb0756732c5416341941a50d8a7a134acba9b2f5d5f2f441fc3fd50e4bed4b9c98143a89b0a90bbc","nonce":"0c29e714eb52de5b7415a103","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"214ed009034081a1baab5eea857f5afc54f1815bd0f74a2723815978bc94adb48bf3f950e1256726862749635d","nonce":"0c29e714eb52de5b7415a102","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"64e4489afb0d064b447d5be552862d8de08c9aaa23e66613fdffce8e5b1032d35574f3745a9e84d1141486d9d1","nonce":"0c29e714eb52de5b7415a101","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"39cfdf579a0dbebb3a06c5a04d52a38193902e1b0abb3b1936f7e54fd58f832c268f73ad792d1e60f55df85cc9","nonce":"0c29e714eb52de5b7415a100","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"e4635db0ae7295f3fad6b0324487f1a2500b860d7a68317b5b378819f809ee82bd132613fd6ccb0990bcdc1e69","nonce":"0c29e714eb52de5b7415a10f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"fb1eb6b011fb02abe16af33f4d2fc2c80c8173ab10e72ffcd75ac6349d79ff7ff2260f4fe3a3afc5bdab308133","nonce":"0c29e714eb52de5b7415a10e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"eebd11aed87fdef043ccedcf173650c4c47ac69238190bb9c8594cb85bd01f399b1d90d8decb17cab78ea1f518","nonce":"0c29e714eb52de5b7415a10d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"9905dd2e8b9a1fe408eaf45e2fa896cc3bd023b296b4b24a5d1bf8bd483e46ce28ef888902cfd8a61c10d09b33","nonce":"0c29e714eb52de5b7415a10c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"aa51c57e5ae806f17d1eaa656a4c3105c41bef1d54ae5d022eeb91373785937bb8e07f608bb492ac6389363a42","nonce":"0c29e714eb52de5b7415a10b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"39f6d55b6fe92910d82ea2ee95296608ffc90ad5e8ee3772bd79029a5108d48fe67fc2163c0e94a05dfbd11d0e","nonce":"0c29e714eb52de5b7415a10a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"93a632f1ff5a808af9d576011207d58fef3b9823d98bda5b832129273dfbf57df465662dd88e81dd419a1f2fca","nonce":"0c29e714eb52de5b7415a109","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"4303836e8ee37e27d26d28879df44b5a32b94e61e4dd12c03200cde094e626e3f659a8fbbeef3ce5b78f316df9","nonce":"0c29e714eb52de5b7415a108","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"b74db1464e2d9994175a535f5d62d4d9f4677307967adeafb2fd824aa39a1e178dd199c84139d157ae6d13fef1","nonce":"0c29e714eb52de5b7415a177","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"b2aee3efaf99c93fbea576616a584e86620e8aca4f01ecce55df014fe5882c6ce3baa3a8bcc5848543e8c3c8c9","nonce":"0c29e714eb52de5b7415a176","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"ab84fc2f1461bf1bcf187b441a4b0c4c27dac1a926bcf6e95b9aa93a74d2f234cd05552740e421d6faabcb39e5","nonce":"0c29e714eb52de5b7415a175","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"ea7bcd4a1bb19ab8aa6d95c531f79464afe4cc9de08a7c86d2e22d014258ffd6c6b6068b8fd97ade5ab7c0c9d5","nonce":"0c29e714eb52de5b7415a174","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"74ea0366f6b964e6c9990f2567dd41fffa0f69f167c8b4621b22d798efdc324d3810845f698b443c606cdf1368","nonce":"0c29e714eb52de5b7415a173","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"c7b2d7be402453fe43e8bd82b17c4b3f05255049a1e183f5bb26fb6e12fe660c814a342068c63a9b5dec02524c","nonce":"0c29e714eb52de5b7415a172","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"22cd906ec1606b040549eb832ba3eca8cd3e0455d0f599a419b2a6ccd38dc3341e24fcd68b9ca93853b6482311","nonce":"0c29e714eb52de5b7415a171","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"40a46eeb549fa7679337f48fe79ff6b42d9a6f4cb56bc32c82d4d2de626bb5bef4fa61e8c7fec3080688d17571","nonce":"0c29e714eb52de5b7415a170","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"f198054734e64f4b0492a91180a31a61d19cb61a7e314c6dfd8ef194d7a77653bd795e7968bf00b1b617f76835","nonce":"0c29e714eb52de5b7415a17f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"52228ed9d5132c37fad4f829761584fc75c6f6b4ae237cfe0132071f5337a0b9b53f8b85e4b7298783bde1003f","nonce":"0c29e714eb52de5b7415a17e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"750d9ca6929e2b48f76ac9ead6ad94c88e0cdb040409269c3ec1a6a400334bad86da8d1cebaa0fe373063badb3","nonce":"0c29e714eb52de5b7415a17d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"ee78926b9bc79beb7f9a14386449becd5041fce19bd6ad0c86e4a2afb34b43fee26231d5c541726a8ab5ed9656","nonce":"0c29e714eb52de5b7415a17c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"11527d7b1259e23959f649f75f98120e40a686ca914f3c1fb21edc39fae9cc809846883320633983306b6eba8f","nonce":"0c29e714eb52de5b7415a17b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"6b7c5585707d1d426aaebfffadac76d95faa5c49e44126c3755629e3e8cd34dde4e74b8d828d99715b64db3e21","nonce":"0c29e714eb52de5b7415a17a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"ab1f5e7e59a8885b4e02a425d255757d89f58022790fc68327b4d087c124970bacb380d9a1bbcdebdd49a8a5f9","nonce":"0c29e714eb52de5b7415a179","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"18473a6e1f2ddd6d20df980861dada6240543c6e3b8d33ba6611e0af871562c063edaa4af72782e0e3485fb2e4","nonce":"0c29e714eb52de5b7415a178","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"3204a0bededb3892111cffed1f37d1d3203e5facce16c730c55debd04505f801418c54f0f69665f253b52176e4","nonce":"0c29e714eb52de5b7415a167","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"03f527699b3af9a806e41364bbd613269d8a6cb5767d113b9fbec6a9c26bcbaf0fd81f92fc46940b97d19df570","nonce":"0c29e714eb52de5b7415a166","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"d5f637c33119bbdb323aabce44611184b8a8618d39d09c3396b2f117d1fa3bc91430fc5b265752a571a55e814b","nonce":"0c29e714eb52de5b7415a165","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"899abf9d65151a1df6f4cdf8ccf74c1de88309848dfb8ecac329301a7d6adb35c8c36f0fa2489c2794011100dc","nonce":"0c29e714eb52de5b7415a164","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"76a7e093278f47246ff03008f043d552ac645eaff90e335ecfc74bd5f471b214eeaceed91f7a531b36ba0994f7","nonce":"0c29e714eb52de5b7415a163","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"1a052b0857b6e8db8c11dd5d2ef87fc83317f3a250515e4e77fafdd7c30cb70c23b12d426754ed2dfff7899b5f","nonce":"0c29e714eb52de5b7415a162","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"0c97557d03399ecdece40bbbed74d857741cef64b4627acc74af3d6b2d07ed857428054bc11f2aa075ccfe3f0e","nonce":"0c29e714eb52de5b7415a161","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"280cc92a642facfecd519d4b9ae98a7d4f33c21a758d9d7cf9fdce2a31048956f0034056979e4a9921e5131ce5","nonce":"0c29e714eb52de5b7415a160","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"cffe85fb9998a0829df9cfa560920b1dec6f5514ab7513f25c8eea6aa30e1cfb2db0641603e4244e76fa0fe2d3","nonce":"0c29e714eb52de5b7415a16f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"4ea7e6458a3b947fed339838377b5146b88895489975ee9a05ff10cb2554cc0a348eae49316729865405e542b5","nonce":"0c29e714eb52de5b7415a16e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"0c9e1c2eacd976990083eb9b9a7fce8f81c3e8a61d7e932b17a40526ae1ebba386dd6272539a1e433c9bf31405","nonce":"0c29e714eb52de5b7415a16d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"943ed79b8f062c62cb258bdf1cc3a8e9096d2aefb348115f7fe63182a78d08f39f78f69630827304d30d0f72d2","nonce":"0c29e714eb52de5b7415a16c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"4b0a68295668e412ee2d4db532d75d39f5d0811feeb4abb794a62cd5ab951f95e46584c436a7b683a0f2bbf19c","nonce":"0c29e714eb52de5b7415a16b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"c89ebb4a3dde25e602209e24cd913d29d4cf9961a022b2e1b4bd92e708625f06146f1eada0a616e5e0ceec4fc5","nonce":"0c29e714eb52de5b7415a16a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"9d11f78cf55775eb6e60fdb8ad575d9a68539e9140571c7a4a8c8e4045b36ed27cfda20903cda72b591f9353f1","nonce":"0c29e714eb52de5b7415a169","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"13332ab51cbf9c17782578f4c2fb78796301fe690b9429b20418e6f43e47d7edda97f4bda58fc7a12eaca2d9db","nonce":"0c29e714eb52de5b7415a168","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"8ae8689faf35a04d9b19c6ab7dc70c35df0e2dd9e401d427fa539106a5dad3ef6a018e435cdca7304756d87821","nonce":"0c29e714eb52de5b7415a157","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"11856ec73cfbe615bb933aefb8bc0ecbb68dda2e59d3918dc5fcee7f7f1bd3030679f9ded1328d7e0e598ea307","nonce":"0c29e714eb52de5b7415a156","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"8d6f006182aefc1de525d27b8a441aed30a462b0f75cfb47ab86d636f6900f269cc1a92fdd234f23417a0ee5ca","nonce":"0c29e714eb52de5b7415a155","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"1947131660f63a1e9f7250d599ed5dce4ace53e6527b03eb498d191102e472340adcf9fb323645801f53a9f6bc","nonce":"0c29e714eb52de5b7415a154","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"4aa92fa51c6bafc0b1422e385c7190c081760843f6bc4eec109edb309c07cb38f5fa8689808478eaa0c06cdcfc","nonce":"0c29e714eb52de5b7415a153","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"b9ddadcf4a25de7ca05b58a3cd7fa959d4f928114f9854997942f8ee970bf3eadf8742dac6394bfc90a4caaa4c","nonce":"0c29e714eb52de5b7415a152","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"f124edf0b917f742d043f9d724cdc553996bc0a7d560c07ebfb172783f6c1505932e69adc82581c513c23e67a0","nonce":"0c29e714eb52de5b7415a151","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"a47d38b5eb71e34e6673e1a2292ed8ba539f9246ccc2ffdea3ca83293c7c03f177ebdb6999f1631aebb3a57473","nonce":"0c29e714eb52de5b7415a150","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"b04e466e5499f46b2459366a3edf73841b5c20ccc1f9bfa0681e00c9c0a49a4874b8b20ada0162c1dde52dc972","nonce":"0c29e714eb52de5b7415a15f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"7ab6049609bb82f482c782956a0263f8815d53b158c471d34b846d31f10a24eae0a3697389019874851770c1a2","nonce":"0c29e714eb52de5b7415a15e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"998c46500e6f3baf10b9e8c45c5f5d0dac919f82f5c82567ca62bd2d7e708780cda575c57596908b4737a0f0eb","nonce":"0c29e714eb52de5b7415a15d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"01d544b046113ce8adc1613bb5634ddf52d02ce0ac83f19289549c98e19f38625582e228f082915b2fbc33c78a","nonce":"0c29e714eb52de5b7415a15c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"c6670a0809224ebb213b6666206bfe70ec172a3819fc3a93352085c35770f25d02a64649ea791212916e2ed014","nonce":"0c29e714eb52de5b7415a15b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"0ee9318e26757a5f8045211ddf1591909237bf3fd610197cc167bc6fccb405cc1be75d67e6bd87d5156262f2b0","nonce":"0c29e714eb52de5b7415a15a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"707bdd4ddb85115e53ef2c268d6c43f50f1518ea56b7f4d64c16909f3923046ea02b737a848c55404d7bd2613a","nonce":"0c29e714eb52de5b7415a159","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"10f9cef637f53a670d4022be894f23f17b231b9c247ab6597e4762bb773cb34d0511ca966f3009803f0c932c33","nonce":"0c29e714eb52de5b7415a158","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"74ee741103e99ab826952b7e41298f008e08f0527300d941ab0e5e9d722364623a6de23df0a3ecb2c7e90aa16f","nonce":"0c29e714eb52de5b7415a147","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"26f05e31f99ad0bf0f155ad7018540d90d5fd5000e3f12b06ce5cf1db4ab7a49737c4a1a69a7df17df2fe05e1b","nonce":"0c29e714eb52de5b7415a146","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"099c3643ad6992b9b46f12fe7c19498de2faa371926a2bcafeb52ef87cf8665631cb805f9f78cecdde2f111704","nonce":"0c29e714eb52de5b7415a145","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"d68993e4aa0c9b3d45d4e8cf6d00d7442f06e32a4e49a771636992f2997d88fe0c7406a4c60a8c2c0414f1465e","nonce":"0c29e714eb52de5b7415a144","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"8e52d73ddfa422c4d773141c461a89089bd0953249068be9d672a8401af850612679b852b7ac0943b2eb2e63f7","nonce":"0c29e714eb52de5b7415a143","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"e05ee9d224b34ccb6c7c20f7c674ee4c76e9b436a97e2363065d2ed9e42b7f6b195ac5850a8b1c0cb141c1d59f","nonce":"0c29e714eb52de5b7415a142","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"2529ed90b075eea86680f47ec1d96d5da76454d4db472a626bfc4e5cada831191f5093cd55bc1c7ee4d1695848","nonce":"0c29e714eb52de5b7415a141","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"7f3ad87629ba85f1d51281aba713fcc0707428e08a19a2603219e122176afd5460b8576bc7595b4d8aa161c967","nonce":"0c29e714eb52de5b7415a140","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"b22958588e5705f5d119223f19c806c4b9a88643c58c425208d5d55a3b1b5c94609cc95f87f77ca6f5bd56a6a6","nonce":"0c29e714eb52de5b7415a14f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"2d35b1a6bf25a3435c740f5e2c21e88574c22153e017ca7171e62264f7ad6b58e441a34b567033157a2354e55f","nonce":"0c29e714eb52de5b7415a14e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"442185cb55864b3b0e86b4e4d09b8cb202aad6886e82c1e52dd6ed4ed03e17af39c65bcbc2f9f5d876187eeb31","nonce":"0c29e714eb52de5b7415a14d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"543679d0fab0944f1e87a43de17e5fd8f448e4c747188630e3146c3866d7cde3e4fe2874d2a473d42d5603cfe1","nonce":"0c29e714eb52de5b7415a14c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"c613e1a014d5fdaa0dfc037d663820293f0d78d9a3ce413acefdf552d06f3c9bfe0995d7a8fb0309989c7e7f88","nonce":"0c29e714eb52de5b7415a14b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"335227c82554eed5723e41240c87b508e7990bcbfbbd7fe2f582e651181d68424cb54dabf64af10c7a30d5ce7c","nonce":"0c29e714eb52de5b7415a14a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"6358a6cf19274354f04adef8b1db0e859667d1482b9e787190ce5ea44763ffa3c3e17ba55a76588f0047c0e72e","nonce":"0c29e714eb52de5b7415a149","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"377a98a3c34bf716581b05a6b3fdc257f245856384d5f2241c8840571c52f5c85c21138a4a81655edab8fe227d","nonce":"0c29e714eb52de5b7415a148","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"cc161f5a179831d456d119d2f2c19a6817289c75d1c61cd37ac8a450acd9efba02e0ac00d128c17855931ff69a","nonce":"0c29e714eb52de5b7415a0b7","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"8158bea21a6700d37022bb7802866edca30ebf2078273757b656ef7fc2e428cf"},{"exporter_context":"00","L":32,"exported_value":"6a348ba6e0e72bb3ef22479214a139ef8dac57be34509a61087a12565473da8d"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"2f6d4f7a18ec48de1ef4469f596aada4afdf6d79b037ed3c07e0118f8723bffc"}]},{"mode":2,"kem_id":16,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"649a3f92edbb7a2516a0ade0b7dccc58a37240c4ba06f9726a952227b4adf6ff","ikmS":"4d79b8691aab55a7265e8490a04bb3860ed64dece90953ad0dc43a6ea59b4bf2","ikmE":"6bb031aa9197562da0b44e737db2b9e61f6c3ea1138c37de28fc37ac29bc7350","skRm":"1ea4484be482bf25fdb2ed39e6a02ed9156b3e57dfb18dff82e4a048de990236","skSm":"02b266d66919f7b08f42ae0e7d97af4ca98b2dae3043bb7e0740ccadc1957579","skEm":"93cddd5288e7ef4884c8fe321d075df01501b993ff49ffab8184116f39b3c655","pkRm":"04378bad519aab406e04d0e5608bcca809c02d6afd2272d4dd03e9357bd0eee8adf84c8deba3155c9cf9506d1d4c8bfefe3cf033a75716cc3cc07295100ec96276","pkSm":"0404d3c1f9fca22eb4a6d326125f0814c35593b1da8ea0d11a640730b215a259b9b98a34ad17e21617d19fe1d4fa39a4828bfdb306b729ec51c543caca3b2d9529","pkEm":"04fec59fa9f76f5d0f6c1660bb179cb314ed97953c53a60ab38f8e6ace60fd59178084d0dd66e0f79172992d4ddb2e91172ce24949bcebfff158dcc417f2c6e9c6","enc":"04fec59fa9f76f5d0f6c1660bb179cb314ed97953c53a60ab38f8e6ace60fd59178084d0dd66e0f79172992d4ddb2e91172ce24949bcebfff158dcc417f2c6e9c6","shared_secret":"1ed49f6d7ada333d171cd63861a1cb700a1ec4236755a9cd5f9f8f67a2f8e7b3","key_schedule_context":"025b8a3617af7789ee716e7911c7e77f84cdc4cc46e60fb7e19e4059f9aeadc00585e26874d1ddde76e551a7679cd47168c466f6e1f705cc9374c192778a34fcd5ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea4891c9a2a87a4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1252ef4f9","secret":"9c846ba81ddbbd57bc26d99da6cf7ab956bb735ecd47fe21ed14241c70791b7484c1d06663d21a5d97bf1be70d56ab727f650c4f859c5ed3f71f8928b3c082dd","key":"9d4b1c83129f3de6db95faf3d539dcf1","base_nonce":"ea4fd7a485ee5f1f4b62c1b7","exporter_secret":"ca2410672369aae1afd6c2639f4fe34ca36d35410c090608d2924f60def17f910d7928575434d7f991b1f19d3e8358b8278ff59ced0d5eed4774cec72e12766e","encryptions":[{"aad":"436f756e742d30","ct":"2480179d880b5f458154b8bfe3c7e8732332de84aabf06fc440f6b31f169e154157fa9eb44f2fa4d7b38a9236e","nonce":"ea4fd7a485ee5f1f4b62c1b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"10cd81e3a816d29942b602a92884348171a31cbd0f042c3057c65cd93c540943a5b05115bd520c09281061935b","nonce":"ea4fd7a485ee5f1f4b62c1b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"920743a88d8cf6a09e1a3098e8be8edd09db136e9d543f215924043af8c7410f68ce6aa64fd2b1a176e7f6b3fd","nonce":"ea4fd7a485ee5f1f4b62c1b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"b16a1615bbb33153b782c0c5e91d44664e2d0e4a73f2ab116cd7c3b3be3b04399d2cf2e14109dc4dad5c88e7a8","nonce":"ea4fd7a485ee5f1f4b62c1b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"6b11380fcc708fc8589effb5b5e0394cbd441fa5e240b5500522150ca8265d65ff55479405af936e2349119dcd","nonce":"ea4fd7a485ee5f1f4b62c1b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"efc1b65c96049011c9503917f5a4ed9b09d66e3c971422939fbd46956c4d363ed26ae1b87153598b3b25d5efb9","nonce":"ea4fd7a485ee5f1f4b62c1b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"09c87e40382c0ab0f73f15d1700c60efec79e726210806152413b7509e71b3d87964f58da99ffaf425da74f43e","nonce":"ea4fd7a485ee5f1f4b62c1b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"1e0d0991ad384a66d62ccd5116957b6d0a606469dc321d181e0016655f932a01f76f07f01838874b0c787b11b1","nonce":"ea4fd7a485ee5f1f4b62c1b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"55d1db0188458bd3f0e631c665cee5a8bf4c2be4de41d139817f5105b04cbc42f16e93e72e4846cd17189d30c6","nonce":"ea4fd7a485ee5f1f4b62c1bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"978d387090fc212bf1a5b91a041a67570cafa48705b90687c292d0418d53b98a9207c929955fa30bacf358fb96","nonce":"ea4fd7a485ee5f1f4b62c1be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"8b1f51932b2e55526053e2a4e747925f3192fbb6f2657799216b978b3106df6f9d19da582f4504f42413ca68bb","nonce":"ea4fd7a485ee5f1f4b62c1bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"a694fd64a9a4a7eec78b9babc39968e2b9d5164e4c89621d69ef43fcae3ccc64f1c54cf4804a53ff03c6c47e1c","nonce":"ea4fd7a485ee5f1f4b62c1bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"2dc337bd8ef9f0817e0798a7cf96deb9cdc2f6e5a151fddef569cc3069b7add70a695592a1a37276317345ece3","nonce":"ea4fd7a485ee5f1f4b62c1bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"d5813df8c48277e08650ed32831ddb294279748110d6ed4649e1f724b6a1b8b909188853b4e6bfebc6d7860a7c","nonce":"ea4fd7a485ee5f1f4b62c1ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"6cb8192636729e7d86d2db68c5b9f714be3931b5b32a37a5d8068492a8ec4a5abb6480e049411eb2c1a983bc9e","nonce":"ea4fd7a485ee5f1f4b62c1b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"39a74cd85832c4c8da0fb92cb47b4de6b5c8bb3f2a19087244028a52d36c1b3bd1806bdb49ea1bfbadb92c9f8d","nonce":"ea4fd7a485ee5f1f4b62c1b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"4bc3d9005725eaa3c74e7adeef040b83d0e7c9a3be7a83452c6ca79a80efcfe30f200bc7c2f4cc29746a6942ed","nonce":"ea4fd7a485ee5f1f4b62c1a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"54b0eed53c77d4a10480537e88bb884c236130ec9fdbb392f05773b4eea70fcd182c89e2b9b074926b92543d6b","nonce":"ea4fd7a485ee5f1f4b62c1a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"9c03663ae31011a03e5d969a2a1d97ea6af6045a7fd2724acb3ad2939f7093c23b59a31ae20f5b2e25dbde751c","nonce":"ea4fd7a485ee5f1f4b62c1a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"6e015c42c5c9cc1aa4459122b5186b11fa772726fab21c12c766c8c115d121215282e21d39de321072fc604571","nonce":"ea4fd7a485ee5f1f4b62c1a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"98c208da17d1a162d89c31004260c9746c7091ad9186902c925610be1ef6c8d85932f5e2f16b5b73f7df0f3877","nonce":"ea4fd7a485ee5f1f4b62c1a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"3513c28188ba3ec486d5df5946097ecbba0500cab849f1eb8d4912756c321fa37e7e475f796a8d64a4a2df598a","nonce":"ea4fd7a485ee5f1f4b62c1a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"8720e0251ca7475183833be90e6282e20a9f195fe87ed76a7d6b813e9579cb1afc1e23017c6ee915f977cc1deb","nonce":"ea4fd7a485ee5f1f4b62c1a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"0720cc7b8cb9976b63f3e8ab322efbe5e98180d00587ab8d4cba9b6e831bb681b0e1743dfe748f7a2ed66ca703","nonce":"ea4fd7a485ee5f1f4b62c1a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"fb9c681b0aa617b290e12c44dc0195938071318a66b11ae9cc0a73e4d72da2791abedebf447c7c9a06d7a79b99","nonce":"ea4fd7a485ee5f1f4b62c1af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"0d9084d05e837705baea458fd4db8c9e05670b8ab82ad0d59eb9b666951b16264a2fb8881e717c42b565d5e044","nonce":"ea4fd7a485ee5f1f4b62c1ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"6b35aff90fc0a064754a76e0bb2e8eda1fe3b216ff5a0b97319a4ae24bdceb17cd5bea2ab958383d4e4826bc11","nonce":"ea4fd7a485ee5f1f4b62c1ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"71bd04a14e7e7555ea9333197b69276f5ba764ef82178fdf343642ba2f8bb10d8985981d002ac2404c812a1ef6","nonce":"ea4fd7a485ee5f1f4b62c1ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"800b2337cb99cd59536f77cb20b52a14517b315486e98bbec4fe71cad7607da3260856c15dcefd6fe9be35ea83","nonce":"ea4fd7a485ee5f1f4b62c1ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"21378e189e82b69580ed0af4ea1ae49222ba973fc02a81f78cd129993d322a106028740e826fb4b8cf447b0fac","nonce":"ea4fd7a485ee5f1f4b62c1aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"82e30b6a8fb71d11b404ab3ddc243fa16ca19a4d2acbb0a9cffbd5af7bebdff0b492110d1898844c5a0bd1e2ea","nonce":"ea4fd7a485ee5f1f4b62c1a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"4797ae7482071769bbcce1d712454aa13f5010e1fef51a892a5c0a3cd1371ed24dbed2738ed76b52a3186e8921","nonce":"ea4fd7a485ee5f1f4b62c1a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"11cb01ebb2b9cdf1ae0446282feb2f2c792e666351a31621bfc1cc38e11eb46be195a84ee81ed6b3119aa93830","nonce":"ea4fd7a485ee5f1f4b62c197","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"46141eaf6c2a3752669f455d08a35401eda5101ce8c0d8ff0ee418732232de11bca7b756ec509a86ac3d9851d2","nonce":"ea4fd7a485ee5f1f4b62c196","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"1dda7853da824dd73314e04fda72ac6c878dda371e817ae47d760286f9c979f89944d53c1845c0f701c4b6c446","nonce":"ea4fd7a485ee5f1f4b62c195","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"d48ee6ad06b6f47ab699d5a24ba9f916e8936adf94249bcf177a417a347ae6124bc47c1333f10c40d4a1ba77c4","nonce":"ea4fd7a485ee5f1f4b62c194","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"f96a22be0f9cf4489b7dda302ff88d7f580c85e146b1bc0186197a95ba89a11ed2ea8daf2a3d3d1207f74d22f1","nonce":"ea4fd7a485ee5f1f4b62c193","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"54edaf647d773ece3e52f1b2a0accc5172f534338eeb5f7d475170f0281f2b9d52855bcc88262fc6056b0f81aa","nonce":"ea4fd7a485ee5f1f4b62c192","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"e6a1b59df85494db69a21eac036492b34b77aec31a8505d05571fe3a6efda423271cb7699638e6fcefaeb1104e","nonce":"ea4fd7a485ee5f1f4b62c191","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"5d750986ede7ce647b86d75a474c7b9c2787721ff422616370602c2640f19560c939f9817debf670650b2d9b88","nonce":"ea4fd7a485ee5f1f4b62c190","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"61dd0060fc548d31095974176fce5dbe562d3c2bf796c3669174f2bac3dd5029f8483ad7e94fc313c91b284656","nonce":"ea4fd7a485ee5f1f4b62c19f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"d6721de488892d0d56d09fc93ac99a3312a676848fea05ed182a118ce48eefbb0aa2ce962c72844a3a022857a4","nonce":"ea4fd7a485ee5f1f4b62c19e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"4454c191ff61d2badf7135e3c9931bb320eeefa2f7bd6ca10a47646f05da3d5f54a151ad12aa4a5ebdd2cc9e10","nonce":"ea4fd7a485ee5f1f4b62c19d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"6b6b6c0d42157049882e78c45348c32e8b8266afa8c15efd1db495723fa19f5b1ff558c79c919bf526360137aa","nonce":"ea4fd7a485ee5f1f4b62c19c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"be62b6e2ea37d0524e9187362c4e6b82108b5b939cce723824a913008e86f8ef688dc13e3175bc7715191f5788","nonce":"ea4fd7a485ee5f1f4b62c19b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"106a8219ae8754f764f2278dbc3ccd0705a271ad6a5897ef0adf582f30d5a71b8470b46f32854bbc4c0e2f615d","nonce":"ea4fd7a485ee5f1f4b62c19a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"6b533257be0dcdb04d795f2e68781d182a731c3c3699e8d22576d55db4f6ab6a35c9a3fdfdc332e357a48c0bc4","nonce":"ea4fd7a485ee5f1f4b62c199","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"025ec775caa06ce4d01bec2ff5f1ade8381da036834c3c01e1fc8384415c846adf162502768cc488d85422f8b5","nonce":"ea4fd7a485ee5f1f4b62c198","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"f51d1df63c1d8dfab4b5d3564142e60a4e94f594798facdc88c79f8dc45eebbf263a54ae1b94ef4b4fc305073b","nonce":"ea4fd7a485ee5f1f4b62c187","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"776495d65e4df2aaa4712a2935a9471563109e70b94440692ee565d4b86209d35ef3c2dcf052df839cb33c9917","nonce":"ea4fd7a485ee5f1f4b62c186","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"f7f394176f99b91116af5b9a5208cc956674fb065e6696acea65028fbf3543e7a29648bb4f96319034b14b0618","nonce":"ea4fd7a485ee5f1f4b62c185","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"e8ab5e9883bb12068873db0f66946fb7fd30f1bb32a0da090434bd11ac99fe56f938ac316712b57c6f82717152","nonce":"ea4fd7a485ee5f1f4b62c184","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"abc61be299243e42cd3f16a63ab74a36b7b95185b341690ceecdde78b55e4e914afe8bf945c80aac1dfb640fda","nonce":"ea4fd7a485ee5f1f4b62c183","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"da78d6b6690d0f56dbf3add8089b92dec3133e18f751d215e31066439146448be20eb03fb54b289b9f988e7585","nonce":"ea4fd7a485ee5f1f4b62c182","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"164d2fc0dbd623e0a37d7ab08749bb5b49718593ece2a2514c01341504c383800e50024771fc9ce8d41378ded4","nonce":"ea4fd7a485ee5f1f4b62c181","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"f0afdb2e69cc86f75879b0ce0c3407bfa5e670d1e60bc0435db305ee15fbc994d95f09f980834a5eb0235741da","nonce":"ea4fd7a485ee5f1f4b62c180","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"48acbed23515368b16c7ddbc946100b791715a388c7339ab7cf14ffa1d9432caac203504908689c23720102530","nonce":"ea4fd7a485ee5f1f4b62c18f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"09fe4bd3ecedfc43a45ce997da4f9108033878c32994575db5c9e3af98d848e57d40993a90c31673a33b21aed6","nonce":"ea4fd7a485ee5f1f4b62c18e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"3bb14227220aa2eaef8b1e8a16eb2543499cb8c3cd67186b84be85097f55e46d66cf7f12e4c19fe2c226d40a6c","nonce":"ea4fd7a485ee5f1f4b62c18d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"db3fb7d5346a44d4b0701cd012dc4347de7f1409509313d1ecf9ddaa91ee4321e5acb40a75ccfc471ea35f2046","nonce":"ea4fd7a485ee5f1f4b62c18c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"4d1a7a3f93ad1777bb3954688407213ccf8b2c7eb81fd49d3acfb044b6ff09036addb022ec2a0f43d5ef7efd6d","nonce":"ea4fd7a485ee5f1f4b62c18b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"e2a72fb14186060ba5891843499df59bd348091c17d38c070f98fb4cab072a295a821dc9bb04471e73b1556bf5","nonce":"ea4fd7a485ee5f1f4b62c18a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"6ecd5ade15e23cd9870db652cf1622ee34ac39550df83dd1f93b3521102645e7c7815b9b3656b8ef2d092b0fe4","nonce":"ea4fd7a485ee5f1f4b62c189","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"3445a18230578f93240f7645123abfb7fbc3bcdb8c35a03884030d65cf5bc1f4f35fce9d3203e9e928e1686a6a","nonce":"ea4fd7a485ee5f1f4b62c188","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"48473b557f3c614a8ab13e20a7ac5156ba1d8d0df2f219ab0a01368467f73667ba4fcb13a291b12a72cf00b15e","nonce":"ea4fd7a485ee5f1f4b62c1f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"6a1ba7b2110e5fb0730f3ac003aeef5bd7491783765560488ff64ae1d899aded3e178d52d6192ced27a557a1e4","nonce":"ea4fd7a485ee5f1f4b62c1f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"9e223941ad199e29b05f498d6257cbf4616cd0b9c2e8b588c2e40410cae13257935fd0fd42add31e88f19c03e7","nonce":"ea4fd7a485ee5f1f4b62c1f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"ca637a516a91a42e325a42aba094b4453ccd5400e40f9f6b9576b84c85edda87f457a9d5816fea380280728054","nonce":"ea4fd7a485ee5f1f4b62c1f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"6493905739b6e19f2a0f95538aadc7b2333dbcbb7f99ea2088aafa28fef40ee76407d522e42649186efad078c4","nonce":"ea4fd7a485ee5f1f4b62c1f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"a68d60754e9683d08341dd363b94b3c3dff936cbff7226878701ccf3d28fdb5e2c8d2c4b67a1beef3f09c74ed0","nonce":"ea4fd7a485ee5f1f4b62c1f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"4a6140a96fc598a38947dfa81033d17b81a09a1e5c0edc212895690812c7f940e5f1f9a984010cdd1e356b9d5c","nonce":"ea4fd7a485ee5f1f4b62c1f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"814092a53506eb38abb16ff03b376949acf4c52baacc0a43f5450fdfcbe450d3cd51fc824bc7dee914f30ffbae","nonce":"ea4fd7a485ee5f1f4b62c1f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"bacd028fd0e85982276c3f2ee0f51a00f9de96541370571bb83effbc45bc1743fcdba79c0ef06e8fb132841d5a","nonce":"ea4fd7a485ee5f1f4b62c1ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"7126037f962e8b3399b7d4ac1dfdf64aac7067abb8ac22ffc6870f8c9bcf76285701d26876ea294a82e3883ad0","nonce":"ea4fd7a485ee5f1f4b62c1fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"ebb15b086e752d093a80076cf11854149942f7dfb7edf0e731bba5346150deee20d78e080bafb254abafac53ac","nonce":"ea4fd7a485ee5f1f4b62c1fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"7d970f6d82709e79d75d7e9f9b57641480e3029e34cc9bb1d7b903ea3c85a5b79727463747b04c51e526c4d13c","nonce":"ea4fd7a485ee5f1f4b62c1fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"004d6bc1a3ec6860cedd101019833e33deac3e9c544d48f07660d2e9bd00075568ea7c53cf5f76edca5e82bf85","nonce":"ea4fd7a485ee5f1f4b62c1fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"3d84e2d62109aecd447bccdc19ece44a7b835efb11e92b73c1e475a8e6cdb916d6cdb4152b21bfcbe8afecf709","nonce":"ea4fd7a485ee5f1f4b62c1fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"5fe8ebf3f0dde3bffa938dc024700cbe1726386c35adebe504c151b3b5d0a5139cc2b6cca4efd1a71a849fddda","nonce":"ea4fd7a485ee5f1f4b62c1f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"860acbb5eafb230bb5a19c62ac7b0496021ff242e368a926dc024cc95d9179f0d7754f49614493eea1787f513a","nonce":"ea4fd7a485ee5f1f4b62c1f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"b82b3c6327e4cc84a877c73f18a5302c92f8c2cb4640eeea397cd8712ae4f49ae3fbddbbd75bfded90d30c4316","nonce":"ea4fd7a485ee5f1f4b62c1e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"7125423ac0c66e8dced5f435e4097777611bae849d98adecc8df38d02f45f044189d3e2ee0bbaec1dede8ba249","nonce":"ea4fd7a485ee5f1f4b62c1e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"573ba689fd3b0262db0525f8b61d154c7d4b7d05c70f4549430931dc678dc46df7acecf8a00e239c70ce325a2d","nonce":"ea4fd7a485ee5f1f4b62c1e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"a039f26f48fca11bc1613231cc6c40c71247791d55add26be298645428a6ab16ec77ce3cffbd75b6f819d49cc6","nonce":"ea4fd7a485ee5f1f4b62c1e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"549f0df07c3c1907a75f9c512eecda61ae2aac48ebbd4c08f03017a9f514651cf264ebb825a1ae09c26a5c9cf7","nonce":"ea4fd7a485ee5f1f4b62c1e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"100a25e73de27d69e314e2a1aa2edb5fc3b191a9d5ce0f3c2051471a3e4283c3d78c9edd50c08ae8ca395fb5a8","nonce":"ea4fd7a485ee5f1f4b62c1e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"d9dbbffd9d8d0e93c9030ef25e74edd28e442a8711ca3de0a12434873116ea19b2c16ba7f5674a34efb0333ae0","nonce":"ea4fd7a485ee5f1f4b62c1e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"f257067b6b32f13ff8e37414eea3cbe67c1fc43b765129db872ff6c61ed7179b59cf6515ebd8be8f42f9056b7c","nonce":"ea4fd7a485ee5f1f4b62c1e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"b08befa9f36fd7e164a2582a25542b8f38a0760359951036da01b65b67fc37d6bc6166457f4c0787595d4f0d7b","nonce":"ea4fd7a485ee5f1f4b62c1ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"156d9f43766fcecf7102b3ea3de83c4979f0555a2d058f634b6f4b660d4cd92945d8e8822183ac803583460ba5","nonce":"ea4fd7a485ee5f1f4b62c1ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"15db8a2aa537b614c98085eaf1a0b3fe967ca58e882b3198095cfcebe5e65fce900e773d025a8b7329621e30f0","nonce":"ea4fd7a485ee5f1f4b62c1ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"1b2bf8d62eda8e9f628e3ad49bcc103bd81a4f054883abeef594132d66f645e8667ca9c5039ccfbd995374a70c","nonce":"ea4fd7a485ee5f1f4b62c1ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"8809adf32ff5d40186ee5853bb8b16f51b60382938fde7e35dbf36d30308bd818d259f322cefd7a1cf283c03e0","nonce":"ea4fd7a485ee5f1f4b62c1eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"2b8ecbe0e87e9b22fe8ae1aaae6a8ffe9051b2271b137322e2841730807c5e1dcead0dea7eaf7654d732233d06","nonce":"ea4fd7a485ee5f1f4b62c1ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"fd3f4a14a5456e417ad684704d66d38e391218da7b7fced7fbe71c795cd21477c9a35383184b6049e101dc7dba","nonce":"ea4fd7a485ee5f1f4b62c1e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"c1fba227301d71898e02e55a474a043094bcfc14187b5df75c861544978600ec19e88f859e9ed9fa66279c6996","nonce":"ea4fd7a485ee5f1f4b62c1e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"563abeed01bba26d67345aaa5bf95886ff5426468bdd917ed93b691226b6b63ece71b2baddfb72f914c1e90724","nonce":"ea4fd7a485ee5f1f4b62c1d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"dcbbfb43a87da0415ed11222b4728ff68afb6cbfee01e11dea118e4348a3080046b18c111fae09d5b0084d5193","nonce":"ea4fd7a485ee5f1f4b62c1d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"45a4dd125f8566ee150ed49fd0757446d5f1863247e344d89d3e1def307030b7a050e78c0d529966bbaab8ca6b","nonce":"ea4fd7a485ee5f1f4b62c1d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"fd2096fd2e969d2b568dfea885753870290ca98e65cd2b40b7feb703cd0d977d15a5f53b83492a7e7da5b470fd","nonce":"ea4fd7a485ee5f1f4b62c1d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"bb5bf5e64f7825a8596ca85b31121148b443d1259445da0d44c9cef2f3914a7a5fb996389d000b80395ed2625f","nonce":"ea4fd7a485ee5f1f4b62c1d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"e55cebf48d77336a139c7c54922e2e981218eff4137cf3f3bed99c4f5b97e0216a01d507d8cb67e81ca9b18b43","nonce":"ea4fd7a485ee5f1f4b62c1d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"33bf8b875bc162d03f753716819c03cbff75e7450a3ca69682fca9cd5f0f19e44cd3a7fb9b71fe744ddc0d0a8e","nonce":"ea4fd7a485ee5f1f4b62c1d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"73c2d304f670031a22f2c478cf8a404e3ec9dd797350b14ed23dee7d2274097387f4b622e246038575d2498be0","nonce":"ea4fd7a485ee5f1f4b62c1d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"9dfb0a76d497f95060dce0e97307d12b02ee8ff2ea9301b49f1b73e19cd24dd13e731f76d3c02a5f2ae149caee","nonce":"ea4fd7a485ee5f1f4b62c1df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"2e9d2148206199121e2f8bb7acea57b213dc1b3be39254de03b74ab14ba6201990d394d1022e5abdf4a3a6c03b","nonce":"ea4fd7a485ee5f1f4b62c1de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"35edc50654209a57f915aa5c6f79b95c77a59b0d131450aab1ff57d1349fd06e75d2fc2789d450b4c37071690c","nonce":"ea4fd7a485ee5f1f4b62c1dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"39d3769db66c7018a99acb095d94c38647070faa8df7c609a6d27e51047ec88d439ccbaf2ef810b1db4fd336ec","nonce":"ea4fd7a485ee5f1f4b62c1dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"685d3f50d2036d4ed3c0118ff00b9543f4034e01a38ada8927892535b395258655fe30ccda772348692dae8f68","nonce":"ea4fd7a485ee5f1f4b62c1db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"230b75b3d8bf249c2facca2e4218d966b41dda0edd4432a206d20df2d008ddb39c6dd6bb79d79f86f43bdc5533","nonce":"ea4fd7a485ee5f1f4b62c1da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"180779f71a4a263fa13899fe53dffc8fb1ad5570c54eb7d4c5c22d92ae58f0a4aab72b3a631e516c518060a15a","nonce":"ea4fd7a485ee5f1f4b62c1d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"c9c6f14346c8fa308efc7bf8c35e36046eb8bca030adb4496599fb3da3a108a679639f71a252d28aa6dfd2f7c0","nonce":"ea4fd7a485ee5f1f4b62c1d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"adf8e178af54b8bd514f6392e6e6fb79053fc44c9056ab0dfc80241afa774c754bc7eb45716867c617d613e932","nonce":"ea4fd7a485ee5f1f4b62c1c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"e8267eea8fd7970ca1e5b93155215a7286038629a204c42bd44800baf1f6724534a7a0c9a7c03ef6ed22d45014","nonce":"ea4fd7a485ee5f1f4b62c1c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"410e884390b7ac0fd8f31434bbe46580f702483367539cab02c7a46b297300b4c0edb227978dcf452d9d3ac8c4","nonce":"ea4fd7a485ee5f1f4b62c1c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"9b3e1ba7df3670c368ee21cc0171be0584ef57f35ac1751e731d79af0994796397221087cdce221d0835c88314","nonce":"ea4fd7a485ee5f1f4b62c1c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"faaa6f95a790105ffd9ac65cf820d517015c713753756347bd54c75d2540f2d0eeb0cbae026f978aa34b958498","nonce":"ea4fd7a485ee5f1f4b62c1c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"2fbc40bcfdb6ec5f027a7676a94ea5646341ae3e831302f8157ad49f1ea8e77f4e8ba1243126fa947acc810419","nonce":"ea4fd7a485ee5f1f4b62c1c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"8cfa7b88484347748f69c4fd4a5dfdf9ed095638d463cb39cd59f1df32cddd2a85476d4f793caf17f1da564dd3","nonce":"ea4fd7a485ee5f1f4b62c1c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"8964271c7e7aa723300d0d14a2f3d543685048103f17cc6d4ab39f3fd865a4dfbb7338a9617979bbd6dddc28a0","nonce":"ea4fd7a485ee5f1f4b62c1c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"36fbfac8316af5b941421aef54934125c71cf719dd456722499b1de2c229352c097e8a56335b228d7da4c2c820","nonce":"ea4fd7a485ee5f1f4b62c1cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"f18dcfad44dc3565407c0e6f6f4e6f30b599823598d69e74daf14807e4ba291df1b21b6d86e56ccb81fd603033","nonce":"ea4fd7a485ee5f1f4b62c1ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"8d52a47b91cba7e19e8f77f4b2bf6e3343d2bfcffaaaaeaa09135917e23012f92cad3b150df49c6735c6df2bf9","nonce":"ea4fd7a485ee5f1f4b62c1cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"192cc893132b8073f10ec8edb8620b447e9d461cf2d6f95df695e505583a33e9deb27e71def908a1d871b22a09","nonce":"ea4fd7a485ee5f1f4b62c1cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"6ebed54750a31103bf21d2614d49e2358ed6c483f75a140bdcd1f177554fd8e09965f45e1be5b41339e683d43b","nonce":"ea4fd7a485ee5f1f4b62c1cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"4190e044069b971c2e28d71954cd5668401500a529e38365c8cac5eb83c9c931a369725d14e9e2f511de280f4d","nonce":"ea4fd7a485ee5f1f4b62c1ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"20c5b460e82091f9716f565902947b8dec6fa350eb6361c9d239eec632c0dd5a25c08cb01f18ae1d0261023ff9","nonce":"ea4fd7a485ee5f1f4b62c1c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"b71b9ded62921d0b0b8b6df798ac9672cd7caaf46c4296b52d54bcaf79c213582a203b7c2669d22a023b4cc2da","nonce":"ea4fd7a485ee5f1f4b62c1c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"ed25e003852788b40a5cf96bd8dedce294802394dd4763ce84ae0a7a3b00bd8d347ae4f8f1e911a8c18410a6cc","nonce":"ea4fd7a485ee5f1f4b62c137","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"fa3ac34b447363e66597456779fefbcbe22d9787ab40cd7461a18d8c8cd39bf01d18bfe13f76d649d18b879893","nonce":"ea4fd7a485ee5f1f4b62c136","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"1704ad0afd70d4702386e54781d75b0094acaa679c4024ae0ab4be3c455def2fe7eebee5ec5fef122b89cf629d","nonce":"ea4fd7a485ee5f1f4b62c135","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"785a728481c32b4edbd72150ca5895aeaa3fd3a79fc9d1f76cf8f29d6f0b72db592e7a49ea5e737a53dea3d748","nonce":"ea4fd7a485ee5f1f4b62c134","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"c5f85c34607010bd1656bb996e1d7339dc6fba8a0bd89eca633b2f6c6efbf6c47ca891f132df9ded682937ef92","nonce":"ea4fd7a485ee5f1f4b62c133","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"cc5060fec850e00352feae687a53899d95f0c8f29ed6ba499082b2527b99a85f43c662c9ce5a18d25e440c430a","nonce":"ea4fd7a485ee5f1f4b62c132","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"a57ae19f868d4a719b80be3d4ca3d524bb21a8a3213a1fe467788ac44a3767b8c039a0852e0239576d10fac149","nonce":"ea4fd7a485ee5f1f4b62c131","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"dd8dced0b546548b0f848da4a66e324f7ea19f655e8cc870e56551c9e33b8868f64d28af679d2ad9cf41f3699c","nonce":"ea4fd7a485ee5f1f4b62c130","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"94a6cd794951e67055779ec193a52df9d1d392655bcf5231bb6f9e628b51d39d2ee26dd8a0fb6f7bb2bf3022de","nonce":"ea4fd7a485ee5f1f4b62c13f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"16a9b132519cca3d810d2de403187d57b8862f9b2c2dceeecee8d2f642017a697e41296f2a3f7e0354bc97bf03","nonce":"ea4fd7a485ee5f1f4b62c13e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"51e8fb33a629c677d51ef29893a2f975d85b302a535b4d03f78d160f8a421fc3af240f91d112170a199cb06086","nonce":"ea4fd7a485ee5f1f4b62c13d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"c6356227983290a848714631f81698c6ff9171cd7a64a44535e87ad7885f8ab192c8e26d804bb6c457f3d9fa62","nonce":"ea4fd7a485ee5f1f4b62c13c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"eef032c19041a3f7961b7a11082bcd53d423ce99f9085913ce2e93b385100c461b0e149e832ccde9143694a2ca","nonce":"ea4fd7a485ee5f1f4b62c13b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"126276f1127db1259570ca8b9d1d29fb3f1750050b911a305219868b402dec18fccd20bb99de79aec0e29de714","nonce":"ea4fd7a485ee5f1f4b62c13a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"3ff94c63532b53d87ad151be7158acc5b4e94188cfbcdfe1a3b9e4d87e49dbded3b114055ea2ef79cf7cb6ae3b","nonce":"ea4fd7a485ee5f1f4b62c139","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"1ef1c476d753421714526993f63e99bca6cb7472072eb7923e7a3c1c3ff5b968c5218d1901e981ec7a8718a85f","nonce":"ea4fd7a485ee5f1f4b62c138","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"f98d0190e76b12bad04cfe8f62ec5b0601deb49ae2080f458ed74f682528b4134b7058fc36f662555dfeb030ec","nonce":"ea4fd7a485ee5f1f4b62c127","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"497b71c0728176790051cf1afe266e087beda9ced049eae83dd167bcdcca77ccedd166d9ca1eff616989885048","nonce":"ea4fd7a485ee5f1f4b62c126","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"8276e59eddd52c929bcdb817a4cc199eb2a79785628cbf1806a5b8ddc6b5bf023faf20c8825ce959826aca2fe4","nonce":"ea4fd7a485ee5f1f4b62c125","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"d93bbd572c753ea55156cf0155b4de70c3570df5164905cf6053be0bdab4ac139b913fe7c2903d239021c3c2d3","nonce":"ea4fd7a485ee5f1f4b62c124","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"ebfb012d85eeb07ae40d1b3bee16bba243e1b478a8da6f7727a683e01b5513d45a9a3f7bf7ef76148e26644043","nonce":"ea4fd7a485ee5f1f4b62c123","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"28f8abcec8adb879db60ddbee6047a33b073d3374abb39c2a7b7ae4076c7e000765aceeb4b4679c770eea361e6","nonce":"ea4fd7a485ee5f1f4b62c122","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"6d74c42720a7c75c7b6515d977c732352d43c0164ad7069d38c9f3aaf0ae64a815cd9e70fd5b97a8bbb57ea437","nonce":"ea4fd7a485ee5f1f4b62c121","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"dea2d85c0933b19aa6f00578596b09cf436ff9757e16d85db35311f665bc1d028d72f220ba420cc93541b6e782","nonce":"ea4fd7a485ee5f1f4b62c120","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"60fdaa1f8e391236a862347a97a83d42dfbe8a5830bae0086ffa232fac139fef1a248ae307dcd8e1b0368c7273","nonce":"ea4fd7a485ee5f1f4b62c12f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"159e8e62e2ca77e2ae3c4a65286fd71f442dec0060e8d93d53decc53f718294328589c632871616f0dab96304d","nonce":"ea4fd7a485ee5f1f4b62c12e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"4f0d8faca7ff51817f1dd1e29bbb4ccb2fb6a1b2a0b00ae3cc20c887986a6606523ed373eafe98793cd9fb6487","nonce":"ea4fd7a485ee5f1f4b62c12d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"72dfd588f5cf2e8e811e3a99b32bb3fc3dc0eebdad274b459a4060cb0d750606b6dda19968a7ad64d6ac982898","nonce":"ea4fd7a485ee5f1f4b62c12c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"5b3f74587e6e2ca687640ab590ce80a312ea6e643fb1981caa140fdbb81cc1b4901529ef37e7e33083834fef90","nonce":"ea4fd7a485ee5f1f4b62c12b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"a8a8ed8c55fa57992157556903c3d5bf14e1bd2c478764d210844bd13c89b8573eca3d3ad9bf9839354d0b45af","nonce":"ea4fd7a485ee5f1f4b62c12a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"894df0c13ff59cdcade269704dd0c1438955ac9245f94633580b96f3554b21aaff776195d9d87ddcd8fb61de70","nonce":"ea4fd7a485ee5f1f4b62c129","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"f1977b8963d7879f943d15df968c700c5601fe7baa79d6d015343ec293179888b7732d57247cd7db865f88ac1b","nonce":"ea4fd7a485ee5f1f4b62c128","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"913b84b11c1a1e317c21b114875b7bc6d354df08604dd9a891c346df158c390718dddea17292325e188946318d","nonce":"ea4fd7a485ee5f1f4b62c117","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"2dd3319c02fd5a0f63c25d98e01396b791118e61744de2a5ecb7a92711ab361024cab01c4cbe0f87820b927efc","nonce":"ea4fd7a485ee5f1f4b62c116","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"2c83288070ee693c4a7eceeb9e376a3fbac2e80c42df9654e275952f6b1036cb19454934dd97b3f19a5917a01c","nonce":"ea4fd7a485ee5f1f4b62c115","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"d99add242dbff2cae89bb33cd73fee39a8c94c6e936038b6bb121577a3abe42bdad3a187f3ad5705accec82c64","nonce":"ea4fd7a485ee5f1f4b62c114","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"351343cec13d8fca1b669b059f8f5ebd45df54d3723f4e49e20caa172143abcd40064edc1244c8dd5e87369c92","nonce":"ea4fd7a485ee5f1f4b62c113","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"9299169f156b2a471e9c44dcca83a704b32f7ec2b3eac56bf455cfc8eb2ca59645255f7d5441fa4afe7c0dd8c2","nonce":"ea4fd7a485ee5f1f4b62c112","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"fe5bf43ed12507d520fb55fc9168912bf777acb348f4be274afec22e75421a9632482d74777a7e72ef584f0466","nonce":"ea4fd7a485ee5f1f4b62c111","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"d906c0ec9119752e773b559abad5ca3a2b4048b8dd3e216ca9d2cdf5d9374b50b5206f7beea509262ecd4d8f0e","nonce":"ea4fd7a485ee5f1f4b62c110","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"edf82847770c345bc8ce706b8047574a4f512f5af423bef237e6171b2ce9aca9dc710c14b32778432db1d63e1a","nonce":"ea4fd7a485ee5f1f4b62c11f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"2e968a5dfde90849e4fd1b76d247bd32e1ae4a30bdba59db53de49c36881c4616c8c54d7ebceb304b76921135a","nonce":"ea4fd7a485ee5f1f4b62c11e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"a3053d3a2650c37291586d184755a0225d53c7ef4d126bd6e04e802c6fcb38d9f26776d47a4ed071036015846a","nonce":"ea4fd7a485ee5f1f4b62c11d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"7ba2d991e999fdfc55f03b8b742fff1781080a069a7e24d8d197ab20654b719b0df42e0854b75cb62abca7520a","nonce":"ea4fd7a485ee5f1f4b62c11c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"6992d041d217a0af333e22875c35c5f671e8abf482bb81b3c160e2de1319ae4bf6588428308fd632a41d56351a","nonce":"ea4fd7a485ee5f1f4b62c11b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"7d44d2e5910b1628a716d6d1ddc10a90af48f576bb3b6513c3c4a4795e266337e54c5f98ed6c801c6d9b523bdc","nonce":"ea4fd7a485ee5f1f4b62c11a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"45bc96289a8b15c3adbb734ab6281d25c9ce5fe02191b2083df7bf45b794e1445b2ee8b752ddac9a4e5a18a16d","nonce":"ea4fd7a485ee5f1f4b62c119","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"e4d7c7696d37bc29a953c91334d0ca290f3bd40caf376fd5f2cbc0122fd5c0408c9dbe41eb31075de905c2e2ff","nonce":"ea4fd7a485ee5f1f4b62c118","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"6d30e4bfb090ae916be07ac684ec6e20d94285f8d6dec3570ce3d0ec93338853c187047794c1fb838d0f0c467f","nonce":"ea4fd7a485ee5f1f4b62c107","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"2b24e6c899f0ca6300117d93fe4ea95611989ea441186736da5ff822f80add9a4bbd44c52aec3075c5f55ba955","nonce":"ea4fd7a485ee5f1f4b62c106","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"76effedc6440f21ecccefe11078a9cfd4c8d0c848c9d74acdcd957f6da5ee6e7c48b4fe85f66efa2e8f3185a7a","nonce":"ea4fd7a485ee5f1f4b62c105","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"1d1191b897186580f8eb2db49d4d8641cd737eaffe3dc27919c9dc03127aeae29221f4c1d8803a1d02d36b6813","nonce":"ea4fd7a485ee5f1f4b62c104","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"0d816a029c1c3715615289b39773774afd0d0f94096a8328aadf2ee2316aa3d7ff1b687b7cbfcaca9d079ddb7c","nonce":"ea4fd7a485ee5f1f4b62c103","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"6e7dca60f875d3d43308d6caa3edb61e955e657f5214582d44c31c11e02f3c35ceca9fab77d450ba0d765283ce","nonce":"ea4fd7a485ee5f1f4b62c102","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"28f3c1a731ad0e5fa545b0cb4adb7622badddfaa44baac7e6c7ec9d464a5de6944c563b1f0f7db29b6e299ad19","nonce":"ea4fd7a485ee5f1f4b62c101","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"51c045886d8ca9ed983fd83dd744632c3cec26a357dc2b4d18082ee8c61a10a34b04fed9d9b123992c085666e0","nonce":"ea4fd7a485ee5f1f4b62c100","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"878ab58eabad9768754ff98809a80a995b8fe19e1bb7560c2fc1117c70e21df7665b22ef98d37c802609f42f17","nonce":"ea4fd7a485ee5f1f4b62c10f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"da287100389c925ca9d096f8a61d4dcfd19530b5a443aa99e89e74d566dfc202c49634b41dc81858ea0b0f0423","nonce":"ea4fd7a485ee5f1f4b62c10e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"e3606c27a8b874e550c38644058586a5b902203fd28fb600c27227311f3b0bdc04d90b579d1035d525b795c34e","nonce":"ea4fd7a485ee5f1f4b62c10d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"11a180d35bfed57a88a859535d6ca406e8b21db2ee9ca4850e401d39c5f367663fe9c521e9f665ef55cb7621ea","nonce":"ea4fd7a485ee5f1f4b62c10c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"92e5a54373fd604eda4631e6db29abaeea2896b21ca3a94aee854fd7931821d50c30c3f5d02a4e0cf52442e589","nonce":"ea4fd7a485ee5f1f4b62c10b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"451a51a277ffa7cdcd0788530785da7d67a97060ac6463593f4507ba6da4700e59f241000fbf744e11d7dc17c0","nonce":"ea4fd7a485ee5f1f4b62c10a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"46a0c5c3256d4f15edfdf8de31a2dd6482c4165aecb4c2dd10597e9548abb59c6716151076cbf145345a9335c6","nonce":"ea4fd7a485ee5f1f4b62c109","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"1f699f0002533e6c1e1ff3ff2f8611f9872cc8cfa152a504c96d63ed2dc74d99489b2aeac166a4b740f7a7819b","nonce":"ea4fd7a485ee5f1f4b62c108","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"79cd06a758f4430854e0bb5f2609feef708cd500186a6dbb3463e8a087de543f2acfece31253d009d7a7e5b06d","nonce":"ea4fd7a485ee5f1f4b62c177","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"e135f20f45ed8eafbf8fc43ccb8fca40ed65aefeb3fc677f6b252274faeaf5c5cae23cdba793a26216e801a496","nonce":"ea4fd7a485ee5f1f4b62c176","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"29499b2d0f48914798b55e0b95932840154c7da80269b22fb4c315e5b0dd1a6ff4c031a57e54beff260d5d854c","nonce":"ea4fd7a485ee5f1f4b62c175","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"ef699b884bcb8d328ab2c1ed6b0335e56d174b5ae558a5ffca26b8146350f7f0ac77d863efb95d4da27b1accd7","nonce":"ea4fd7a485ee5f1f4b62c174","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"bd6a6bfdebdaaea063f086aaa0f18a4dfda04d1362eb5d217cd8ede86f6f42f0f71da6653bd683a81f044fe29e","nonce":"ea4fd7a485ee5f1f4b62c173","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"c4fefe78dccb7cc60030d587d2802008fb9868b87158e5ac47d9ad3d6f5d8071ce4f9b00794f8652c9da09b996","nonce":"ea4fd7a485ee5f1f4b62c172","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"21370a265c6bc9633dcb3cb1b30409324f0537d4d41d43b4ce0d08210f71f27a0ffb3de2c9b69ec18331880b3d","nonce":"ea4fd7a485ee5f1f4b62c171","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"ce2082cb38b08ae5619525299110b62c4ff0e62a6705227586809effe8166dd3ff48cc6f61a24b3cddbf0f295e","nonce":"ea4fd7a485ee5f1f4b62c170","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"46a33a10e87637d8a47ece88bc0a055179447b41010f84a401f41a1fc3223a94a5b4eb1745992715a3898db82d","nonce":"ea4fd7a485ee5f1f4b62c17f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"2d5fa2680e30f14be93876c7e17cb0003da177924cac17bd78298333e20fdc4b812b10071f47521f1c8ae8d55a","nonce":"ea4fd7a485ee5f1f4b62c17e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"3bdfd395adf7f0a230eb73bbd88de32113f749fbb5f3bd034a5b5cde5674b5e65470d42847cfc33ec88eaaba4e","nonce":"ea4fd7a485ee5f1f4b62c17d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"5e3319cbda385a2ab6b9b47fc158c671e9fb0425a1228219404101030d62dc0b5b6cd238f87832cfcd886a1fc4","nonce":"ea4fd7a485ee5f1f4b62c17c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"bae3fe3e81c64bb8af5f036724475957c00f12b753e334404368fe322476b59cdfb34d8e4db2cfff019233a830","nonce":"ea4fd7a485ee5f1f4b62c17b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"bd57be7e75b675b65abc596eb05429924295b85061df7e0cdbf197a880dabb7f3caffbc920cbb6afc774736c27","nonce":"ea4fd7a485ee5f1f4b62c17a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"fd14bb6a6a181cd7d4cff16802d01373624d6f246fcfc8cefca0dabf09d057b3c48b20d5d40b950a68eeabbe0a","nonce":"ea4fd7a485ee5f1f4b62c179","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"6fc693c07f5cc9a2d1bcf0094a82459ede8144880ffdb5502479e714aa9063ac83c2ca148163a78e863613826f","nonce":"ea4fd7a485ee5f1f4b62c178","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"61fc9e970cca4121499b29f04001a317b83c962f920ad365a1745809dba8b979c7ee8031ffb7917eeae5b2c115","nonce":"ea4fd7a485ee5f1f4b62c167","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"ce66dca234a527c3c25b99ccaf5a32cbcff3bc1ea644d5cebc899bbb0e3b7f4d8b7fa2cac4199400fd15811252","nonce":"ea4fd7a485ee5f1f4b62c166","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"bc372fbfc8970e1c9ffdd12ba174395476c3cd6006fe547931a7bb0e9ff16c80c2f39d71e78a0a8b6eb68fba82","nonce":"ea4fd7a485ee5f1f4b62c165","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"e5fac2f5483bfa96795f43f5dc549d223eb296dd0ae0b2059267a907754c7d90cfd47e25194baa6c77a55d4175","nonce":"ea4fd7a485ee5f1f4b62c164","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"6e4e185ef8aa0b2add8ef7aa381f306454c1948fe15e6753faeb53293ea2c06da7ad79a137e220f8eafa4b08ff","nonce":"ea4fd7a485ee5f1f4b62c163","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"8936cef7931750b604b3c3d5e9f8a8b4dd8ce242788dddb6b50ae0540e9b083e13fc9cb254442fec5e87078e56","nonce":"ea4fd7a485ee5f1f4b62c162","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"027a1ac0857229a952cfba6411442ea6269f644afb6b10e20d25ff97a5862a3d61f89869b69d2baeae4cda7fb6","nonce":"ea4fd7a485ee5f1f4b62c161","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"74d2a6d5a727aa26f80212b278bb1519ff3759a44e1b06fbcff25e74aa9263c9227a8f612e22563d24d90540fd","nonce":"ea4fd7a485ee5f1f4b62c160","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"bbe0ef6ba30d721b395d5e7c919de61c0a25132ee133ac7297f7c959b41d9954866ddc0c1ec6666a9beb564aaf","nonce":"ea4fd7a485ee5f1f4b62c16f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"7d5dccccef65b0c43c9cb34ede5d0367c2418ae0431c3936ac98494584382eb1944e86e91f279b27d1e20ba09f","nonce":"ea4fd7a485ee5f1f4b62c16e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"a85f979c42dbf11b99fb8ba2dd0733536ce6716248955fa8fc52a0ffaeb95c8e3cf70972319b66df3bd92cc3f1","nonce":"ea4fd7a485ee5f1f4b62c16d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"13d89f0c5063c0b50f8d926d524b4ae7ce29a64d97bd7ab3655376a60a0f47509fbca6b9a7c97b75616460b038","nonce":"ea4fd7a485ee5f1f4b62c16c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"50a24b339855a7e7ec3497ee46bc9b530077864839d16d70844cd142f5c3e2b865aeac3d6285c77fce204452d4","nonce":"ea4fd7a485ee5f1f4b62c16b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"4e298fffa8f4cc814aa98857fc4b37840090d9f2796a29bdf7d369df8b9445ea2a75f61e327d47a248db6f28c5","nonce":"ea4fd7a485ee5f1f4b62c16a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"810a27e028dc43b868d3e1d7e6e064e1430e1465bf46b1e6ff72b51bad2465571b0d0e060803b4a40c638beb34","nonce":"ea4fd7a485ee5f1f4b62c169","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"4d047393ea911d8b0e132c134d1a1cb2bbd4fd0428ac706437f1f2a68995b3b5e1e2845f84a73f2088a36c933e","nonce":"ea4fd7a485ee5f1f4b62c168","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"db5c1f6acaf8a880df26ab0d83a54589fbc7d37854da60d36ddcc1ba3df3195534b5c2d4d80eb973f73297817e","nonce":"ea4fd7a485ee5f1f4b62c157","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"7cad4d357b57a5151a85d2677c682ebd52c5aafd525cc1d60eaea3e9a8e45c94fefd06ba1c2815923164aab200","nonce":"ea4fd7a485ee5f1f4b62c156","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"9bee661c9197caedcdc2a065797944e9177636a75bc9baced0b9a21991ca392f51a0874578b29966e6594d512f","nonce":"ea4fd7a485ee5f1f4b62c155","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"d8e44072e0b99cce5a5b4aeb406f730cfe9ffb005b0860e90672f982abe42f9629e31ffbdf46c405141dfae75d","nonce":"ea4fd7a485ee5f1f4b62c154","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"aba79deb165f85766c77afe3063f539093ce842dc9d6d482437076ef198d713f5bf68561ee87eac0950fe9a958","nonce":"ea4fd7a485ee5f1f4b62c153","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"1a84b2f0030793fa4b355b738874f9147bba83237e4684278bf26bde53c6217fe3dcfe35f66e6f0306ea73beb6","nonce":"ea4fd7a485ee5f1f4b62c152","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"165d29b9238fa34a34499c7591c15032236aa7b1fd3e66c4a91bbea30f3298f3b4611c7864268bcf67299bcacd","nonce":"ea4fd7a485ee5f1f4b62c151","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"b7e60eaa50f7a6339914299021aacbfb9db2f2319faee2f7a1f2fb780fd68882a01a217dcd3060f658281449d7","nonce":"ea4fd7a485ee5f1f4b62c150","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"cad3463e4b67ab48b6a74a9ecc67e68362c101efcff84494bab896cc050434dd1be23b5beea9fd88364c7c9c8f","nonce":"ea4fd7a485ee5f1f4b62c15f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"71341caa89179d6409dff9776d981293a7379f343efc7823508a9cd79041ef19bd9a64b6a28ea7c930615afea6","nonce":"ea4fd7a485ee5f1f4b62c15e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"a83b4ffda376bb0ae34e3a9bf7ac6aeef84cfd02d0de0edc9cf9dd1b2e1564dc20435f37d0a37c5a4551e26487","nonce":"ea4fd7a485ee5f1f4b62c15d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"d618ca99aa1e7401ed5423697766bb9ab3db7cbd5cc43368d7d13afd81ba722c84024c2fedd753e44e35ce8f24","nonce":"ea4fd7a485ee5f1f4b62c15c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"b90d2a5a3ada76c2c6210d04f40c0b493fc21980a40805131205da1cebe54dfaf5850c3edcecc57e9ade061806","nonce":"ea4fd7a485ee5f1f4b62c15b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"40c680270ecdbcb4ae45a794088eee4eb1912de46bf1385980080d3d6305146871596401386638026dd392dbc6","nonce":"ea4fd7a485ee5f1f4b62c15a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"2bded00aa3ba589f9efd7a28d060bae4931598c2eb48c6d43f81450fd4b37ac19c42d893de2cc0ce9919347bd1","nonce":"ea4fd7a485ee5f1f4b62c159","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"002271228087137372057b7ad6a2d297622e16f24e531120dbdd7f72341d91315548b4b3c1a103f795e01318f7","nonce":"ea4fd7a485ee5f1f4b62c158","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"ee20f22faa7d10eff12ab452a40f44a69570e6d5a2389e687a9db5bbfc870470d7182ceb874a097debdf4b563f","nonce":"ea4fd7a485ee5f1f4b62c147","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"d1e2ee71f0da6a697f2c94c383d51605e79a643de7aed76fd7d5eae45ed02132e76be47f89d57c292831646d5f","nonce":"ea4fd7a485ee5f1f4b62c146","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"5df0c1b77fe4eed2bfaacb83c894e26fd66e41c1039818591bc97ce18b4b0f2ac7decee9ce97b28c9b04ccfcd0","nonce":"ea4fd7a485ee5f1f4b62c145","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"073d0fb92d9aa795147960b88f2925d92000bd1c7edc61d5e283fe9ec987afe51c11d106de7d9e81e517a1e899","nonce":"ea4fd7a485ee5f1f4b62c144","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"a62d0cc387729b245b9ed637e243d7644e812fd8bf7f73e25c977ee6174645d8ce50aa3703868b645bd1bfef81","nonce":"ea4fd7a485ee5f1f4b62c143","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"83853a6b588393b05569b0efda71268b5ee6e071efe426a3791cef54b41240e2e9c137e9a5b2e1459621fbea42","nonce":"ea4fd7a485ee5f1f4b62c142","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"794c6a8fb770e3c80f57fb5f3d26a6989283f7a3ab906a41044b47625b4c81672fc48f25766949daf53f3c996e","nonce":"ea4fd7a485ee5f1f4b62c141","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"064b2a0a7f4253d855228a7bead313c13575bd15615c0cdf89b7230ca6e507b632a239d73e2a257bf5c9b6241f","nonce":"ea4fd7a485ee5f1f4b62c140","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"398ed7086464f9033953c6cdbb17b4e5055886fcc2698cf7b95126cabd356fdbd98ed55ac0944a503600cc6c1b","nonce":"ea4fd7a485ee5f1f4b62c14f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"4ee25b85368c51f0b8807187c5b15957deab3a1cb3f8c5f1cb36d6937c5667ef524fb3b6ee8f298324a7295a6e","nonce":"ea4fd7a485ee5f1f4b62c14e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"e0850974c195d9b0849fbd9fb6e36e4cb33cf992b05d16ea6a1802da8be1a4505127be486f8d4433f5a9e8d97b","nonce":"ea4fd7a485ee5f1f4b62c14d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"c10dc7000510632c6f9651483309419385f8c5ead14849b5df294136ce766c0af9e55a350f06080ac83bde3095","nonce":"ea4fd7a485ee5f1f4b62c14c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"76760cefcafb7dc739653e56a7164a32c2ae866b7b11c8f5964f156f7865d2cc04234459075459fc386879d611","nonce":"ea4fd7a485ee5f1f4b62c14b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"70eb4705ca9a8916d82131c163a9ff2443ba0e56cce6373049f506c1e08d3dbae8737395b119f0438dc93a469b","nonce":"ea4fd7a485ee5f1f4b62c14a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"aee7ecc818f3f41e14a977432482c1384f670ddd21addb3e470c81db47f7f5875c5eec2220b44f5bf3e3bf5440","nonce":"ea4fd7a485ee5f1f4b62c149","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"d084eca50e7554bb97ba34c4482dfe32c9a2b7f3ab009c2d1b68ecbf97bee2d28cd94b6c829b96361f2701772d","nonce":"ea4fd7a485ee5f1f4b62c148","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"247da592cc4ce834a94de2c79f5730ee49342470a021e4a4bc2bb77c53b17413e94d94f57b4fdaedcf97cfe7b1","nonce":"ea4fd7a485ee5f1f4b62c0b7","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"f03fbc82f321a0ab4840e487cb75d07aafd8e6f68485e4f7ff72b2f55ff24ad6"},{"exporter_context":"00","L":32,"exported_value":"1ce0cadec0a8f060f4b5070c8f8888dcdfefc2e35819df0cd559928a11ff0891"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"70c405c707102fd0041ea716090753be47d68d238b111d542846bd0d84ba907c"}]},{"mode":3,"kem_id":16,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"7466024b7e2d2366c3914d7833718f13afb9e3e45bcfbb510594d614ddd9b4e7","ikmS":"ee27aaf99bf5cd8398e9de88ac09a82ac22cdb8d0905ab05c0f5fa12ba1709f3","ikmE":"37ae06a521cd555648c928d7af58ad2aa4a85e34b8cabd069e94ad55ab872cc8","skRm":"00510a70fde67af487c093234fc4215c1cdec09579c4b30cc8e48cb530414d0e","skSm":"d743b20821e6326f7a26684a4beed7088b35e392114480ca9f6c325079dcf10b","skEm":"778f2254ae5d661d5c7fca8c4a7495a25bd13f26258e459159f3899df0de76c1","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04a4ca7af2fc2cce48edbf2f1700983e927743a4e85bb5035ad562043e25d9a111cbf6f7385fac55edc5c9d2ca6ed351a5643de95c36748e11dbec98730f4d43e9","pkSm":"04b59a4157a9720eb749c95f842a5e3e8acdccbe834426d405509ac3191e23f2165b5bb1f07a6240dd567703ae75e13182ee0f69fc102145cdb5abf681ff126d60","pkEm":"04801740f4b1b35823f7fb2930eac2efc8c4893f34ba111c0bb976e3c7d5dc0aef5a7ef0bf4057949a140285f774f1efc53b3860936b92279a11b68395d898d138","enc":"04801740f4b1b35823f7fb2930eac2efc8c4893f34ba111c0bb976e3c7d5dc0aef5a7ef0bf4057949a140285f774f1efc53b3860936b92279a11b68395d898d138","shared_secret":"02bee8be0dda755846115db45071c0cf59c25722e015bde1c124de849c0fea52","key_schedule_context":"03713f73042575cebfd132f0cc4338523f8eae95c80a749f7cf3eb9436ff1c612ca62c37df27ca46d2cc162445a92c5f5fdc57bcde129ca7b1f284b0c12297c037ca221d77e229a9d11b654de7942d685069c633b2362ce3b3d8ea4891c9a2a87a4eb7cdb289ba5e2ecbf8cd2c8498bb4a383dc021454d70d46fcbbad1252ef4f9","secret":"0f9df08908a6a3d06c8e934cd3f5313f9ebccd0986e316c0198bb48bed30dc3db2f3baab94fd40c2c285c7288c77e2255401ee2d5884306addf4296b93c238b3","key":"b68bb0e2fbf7431cedb46cc3b6f1fe9e","base_nonce":"76af62719d33d39a1cb6be9f","exporter_secret":"7f72308ae68c9a2b3862e686cb547b16d33d00fe482c770c4717d8b54e9b1e547244c3602bdd86d5a788a8443befea0a7658002b23f1c96a62a64986fffc511a","encryptions":[{"aad":"436f756e742d30","ct":"840669634db51e28df54f189329c1b727fd303ae413f003020aff5e26276aaa910fc4296828cb9d862c2fd7d16","nonce":"76af62719d33d39a1cb6be9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"d4680a48158d9a75fd09355878d6e33997a36ee01d4a8f22032b22373b795a941b7b9c5205ff99e0ff284beef4","nonce":"76af62719d33d39a1cb6be9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"c45eb6597de2bac929a0f5d404ba9d2dc1ea031880930f1fd7a283f0a0cbebb35eac1a9ee0d1225f5e0f181571","nonce":"76af62719d33d39a1cb6be9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"5523f1cff3f834200dd080d6a0a7a8108d5a79e480c7a1607dfe08408283806ad0d9f6929eebea25eb2b54f9a3","nonce":"76af62719d33d39a1cb6be9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"4ee2482ad8d7d1e9b7e651c78b6ca26d3c5314d0711710ca62c2fd8bb8996d7d8727c157538d5493da696b61f8","nonce":"76af62719d33d39a1cb6be9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"cd2e7ae9df973ca14c413cfe99b0f797ccd4decbbff6c0e9347b6865870a3ae3c04e6e613a88f1af291046697f","nonce":"76af62719d33d39a1cb6be9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"51172480eded1ee2b6d542d438840b56af547dbb5d5c4fe7389e5a9eadc2f2f50e76441bfef6f137008ad1a2a9","nonce":"76af62719d33d39a1cb6be99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"433a4f600fc30ae21af751aecf04b3536a11f21143432e098108e67394963d8bb3e24564114b038e3aeea357e3","nonce":"76af62719d33d39a1cb6be98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"4040c531da2c06e9268c508b4252704159fd530a5e78952530d2e4945e0d5b0dd52371a5d3cbecfb9a8e96fc6b","nonce":"76af62719d33d39a1cb6be97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"a0ecb1ba79fe754f42259b67f63111dd809be4b2cd18f7050e307f93c097033466498b2c179a7b8cafcf395387","nonce":"76af62719d33d39a1cb6be96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"879290f2dc60d8a448688993164be8af3b5769fc9a63792297b39e6c47063a758836c7646b8ac0c8577d72d30c","nonce":"76af62719d33d39a1cb6be95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"6c0ebeeff956f2cde9840846e78cfb312dfa39a2357f53fa2edc1ea927007cd711491c28b79429716b0e08933f","nonce":"76af62719d33d39a1cb6be94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"32b54a0f1f99f30a451004130d9c382e950f1a1b179cc509660ad7f08dc98d5e14fea697eaefca9d7790a84553","nonce":"76af62719d33d39a1cb6be93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"bf09995fe15ce7abbf3273d72984be9e130bb208d9a36e205f840206ce435409061a443e7db603973225eb4bd7","nonce":"76af62719d33d39a1cb6be92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"ba31c6ef518216d12bb92543485555baa389913b33626136cdec60095b4526f01b84a14f71924b00870e1d778d","nonce":"76af62719d33d39a1cb6be91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"0b36a04a501d9cbd3b7393e48880b549b16eea2aa8a012fc7bda1639b55ed7141453f4283138ba5b5404458694","nonce":"76af62719d33d39a1cb6be90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"b956e2d0bd33e1399fa0971cbb6279ca2d7a184bd358edf99b36ebfa1c957ecc0871295cafdddaf7ed314e1056","nonce":"76af62719d33d39a1cb6be8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"1556e426834df0543bf16f945588ef247e92ea679c7eae6610caf670fc3dcdd5278f5947518a208e9714f83498","nonce":"76af62719d33d39a1cb6be8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"c519b5418757704c166ecb8f2d8100dd98019c37c15129c6e683b8391fb940542298081803c66d33a81c11b0a2","nonce":"76af62719d33d39a1cb6be8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"65571af851677215ecf40b5615022bbf60d471934bf8dc56cf3e572915e10601ef11c470f0b0c54289b7e21822","nonce":"76af62719d33d39a1cb6be8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"521ccee4c5a30e1bdee57b97724813807633f0a436c8dfc4d10d3208231e314d74ee7531d0434e08da00e07763","nonce":"76af62719d33d39a1cb6be8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"48da23c11036cafdd933ca84415d8acb786987c732c676647efcaeede12fb6ef9a779061b1ef02432021d5585e","nonce":"76af62719d33d39a1cb6be8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"0ed8fb4235554ba78c92a6081cac3e9dcc625c9361cc96495288b13ad3462712c799c128eb4bb5efba20195e7e","nonce":"76af62719d33d39a1cb6be89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"e27e9e19668d914853940639bef69cc7607c6e41b1cdb5295a4716eba24cea8f6c83fa68c222b6293af43207d6","nonce":"76af62719d33d39a1cb6be88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"70c1e45cecc32d3bbdb271e82ca80c1f3a0ab60d9c3fc38c01a7cf47731571f403015afd2ede4d8be6c29ebafb","nonce":"76af62719d33d39a1cb6be87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"3e4909fccb2502a7cf92a297d347a9eb7525ccf5f795fe95980118ac26f1c0820d99ca83b5699ab4f1346b99ab","nonce":"76af62719d33d39a1cb6be86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"623901eef4d80623307e15f5d614e811322f9678d46e4f53c75b5a3a8713116be0cf24fb55392126307c44f508","nonce":"76af62719d33d39a1cb6be85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"52425f327b5ee3bb41621d431f5adb78f17c51409480bc84b613eb760406cbaa1d0d33bcf339080c805089c437","nonce":"76af62719d33d39a1cb6be84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"43e8c68ec89817ed2a2f953d292981e2ec4246aac55183b5d2f162166400e065447e4b0194a2c659fcae69d940","nonce":"76af62719d33d39a1cb6be83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"385539fcc005066a26ef1c248ba91dc6bf06cfdb53536247a1c5a0a03eaf12d56b2a87a00fd205d3681994c285","nonce":"76af62719d33d39a1cb6be82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"de964a4f45faa90c268638f1f8dace43560ab62f96ec185b253f7e8273323c900917649969df170a29443c250e","nonce":"76af62719d33d39a1cb6be81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"926a40958315d23199118b25e5c04a80d4fe6110ddce08d5d565b56f19f50eacb2c0e4ad79df2874410882eaf6","nonce":"76af62719d33d39a1cb6be80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"31e3aa43a505cf5de4175dcdaebd7197cdfd6825f21724ec51dbb53c851e88f38359786c08c8207e839d9d9266","nonce":"76af62719d33d39a1cb6bebf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"db39eb8c6db097ca91d843bd16929a865e132d586d50c67f853d6117e01f4bc470ffe49f661de7c65fda630dd1","nonce":"76af62719d33d39a1cb6bebe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"29cac98b5dc86ecbc19d1bf6b12d3f0ce58d7dee37eb2ca1143ac797d8b298b12d62e3928b07df87d27b90ea39","nonce":"76af62719d33d39a1cb6bebd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"9d7f79327c51f675ad603e920c99f496e0bb6f861a6fa0fce197986b465dbb4dfae7d61a02e6cf2f7fae12b319","nonce":"76af62719d33d39a1cb6bebc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"5e7f323b264e9a3ab8f2f50796168e813ca46c7a610e19d331e47fa72ba053f62c2f3529b82449e0b5359e0780","nonce":"76af62719d33d39a1cb6bebb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"65bb84ffcd08bd2531726f29dadc369f12da41fec19f0945d06ad6247bf7e3c9b0dd5f32ae04c35ef4313717e6","nonce":"76af62719d33d39a1cb6beba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"70e2ee9c933511c0224560c85f46969309d4b1f14ae8c07ea132b9411221e844ea4fdcc7775e46c94f734c698d","nonce":"76af62719d33d39a1cb6beb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"d0e9b9c9a311c274619f91783962ac9e2148df7b72e82d1a8eb237aa0b8f52410dfaa5950731eb0e66ac185ee0","nonce":"76af62719d33d39a1cb6beb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"93625fe767cbd35638714edaf3f89ced2743233890ddc1baef6ec3ce5500f803d3d634ba6b6c3c82078655f68a","nonce":"76af62719d33d39a1cb6beb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"3eb9314aa3784521699a234bf3098bad359a7a2b15b11db9ba2acada85512df47f24d60a1b2a9e05120d32e166","nonce":"76af62719d33d39a1cb6beb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"beb80e185ac61286de7b81417acf4515d868fbef0569c4023e05557eff2aac21b02ef10e870cd07b3439906d6d","nonce":"76af62719d33d39a1cb6beb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"c9dd54c13ff77c36d6e368f6bdc3ee0d2697129b44a6bb5f8f06eb3ec036e4bcf3fc4fc5ca4781e3ff6bee7a3f","nonce":"76af62719d33d39a1cb6beb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"215bd15174df5746ab6c9e4db99b8a8d91d7408bbeb6f0129d1577ed8d1afffd031e7200f7bfda4168c364a209","nonce":"76af62719d33d39a1cb6beb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"5c5304f91e59a2e5810d171c0e8dd0812cb7c974dccc8bb2c20885c6254778cfd48af950f9e4e1027a21d7bd4d","nonce":"76af62719d33d39a1cb6beb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"907719e6e39277c1df7eb48babcbc4123c11ca6c2eb288ce8b509dcbd044ade99a58c055cccfc1e56837ab7e6c","nonce":"76af62719d33d39a1cb6beb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"35a0d23c20446fecfc9379a01faa2f98c9070af4a8e9939bf4d4fef11ef401538b6d37e0bdb2b4b4b709f866fe","nonce":"76af62719d33d39a1cb6beb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"daf5e4db20d006d9cf3d3df36039865d00cdbf5f936f3404a8a18785bc454567d0230a72f6672558dbf400faac","nonce":"76af62719d33d39a1cb6beaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"ae7610d8f7a203398bbf20e43ec2db776cc0a8ca517d0fa824d9dc9ed816a3564eed4419b96a148fb89230056a","nonce":"76af62719d33d39a1cb6beae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"5ed3d883492883c4700d4ad013ace8b0a75e39ecfcf90c0cb0cb9151520eb39bae5b8bf1df979a7bd8bccf4a13","nonce":"76af62719d33d39a1cb6bead","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"fd2bbea2fd0469f07e3d93ef6591e9e31397779a3dde464cdb4c93901356f177b7a1cbdfcbfa4c0951acdd6a7c","nonce":"76af62719d33d39a1cb6beac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"60af23d30a87d823ecc2da8e7745f028e0651caf0126c08990da96d9a3b49c1fbaa8903fba33905f35f3594baa","nonce":"76af62719d33d39a1cb6beab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"3a9c1caf18333acb836f7cfeb7b0dd46b43e87198bf14667a3c96d39f48de0c956b493dc89b2adc9dfdd4f0a6d","nonce":"76af62719d33d39a1cb6beaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"a7e24239ef7cfd6dcc0362717082ec91ab83995659179612e016a42b6cc09534361a9ecc22e525180efac06e52","nonce":"76af62719d33d39a1cb6bea9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"58af0b9dfa4077f850b2262a593666576ad6646b1bfa146dccdd7eed916d68202e8719b30925c5e766e1f7f0b2","nonce":"76af62719d33d39a1cb6bea8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"ecdef5ab41aeb224e00a073b2abfc8dc6a74fc207bd0799024dd5d3d429a7020e54e8dae6bad1ce45ee0aa1b09","nonce":"76af62719d33d39a1cb6bea7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"2d2a91113726c4962f457630b5659f7714bd3f3288e84075ecdccb3a6c1ca9f98f2012a4b945ca4e5908358832","nonce":"76af62719d33d39a1cb6bea6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"06408767ef224fd58c70a4616a3f48da3f2ab16106902c3e8d3f340c11e99dc79875fdeeb1a6e01c23e6de78de","nonce":"76af62719d33d39a1cb6bea5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"cd84db8bc0d425eb6c8f29c42faa067f0b900a0d2f286bd7523604d045682863658d12a2353502fdf695d3a558","nonce":"76af62719d33d39a1cb6bea4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"0f0252274ee15251066e32240a068c3ebed1ea27b983c48e53101fb325cb8cebc272aad19acf64519c6fc5ae06","nonce":"76af62719d33d39a1cb6bea3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"5cda574c882dd5acc12b886bb8d1cfe732a5a972d1012ef0665331ec912ea768453f042a60e0aea582535aaaf5","nonce":"76af62719d33d39a1cb6bea2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"fd27ac5ea8ee52e4b447be9c01d1151ed08e21d80eeea18691b7c6c5d9af8d2de21869c2f26d514fa4fb7863f3","nonce":"76af62719d33d39a1cb6bea1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"6db97bc0252f7a540d26c5178abdb6c3bc3ff9030df519704839dca0503f7442a9da0d3f4d1f3006a30cd10d5b","nonce":"76af62719d33d39a1cb6bea0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"6ea8da865dd252362ee59172ec8c6a54a120f53b3fb451d71dd818b99978789b645ee2b6d61075e9c3ea658c13","nonce":"76af62719d33d39a1cb6bedf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"ee69ae6790d1674752fb1719078aa0d1457e939ad55b414724ac326b77183dbc8075f53cc6a77fa59415e26f37","nonce":"76af62719d33d39a1cb6bede","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"f5b61766cde96c91a9110940ce11255d9a075f299ec8abbd11b7d6977ca86c9783cd0347e9af37a137d2c3f214","nonce":"76af62719d33d39a1cb6bedd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"98356eb7eeafe56f9e9e186c00a55f7182c74eaf54081f83bfe8071e71815086fee9dbd81c52f012894229a530","nonce":"76af62719d33d39a1cb6bedc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"a1a6ac5fe146f21f28479e7049bffe109148ae3952d1fcbe865ec6370599a9de7736d2b86f2eba7f2959d54c68","nonce":"76af62719d33d39a1cb6bedb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"7573763c767458e977eb9b6748fa706bfc4ae4cd83ea2375f17146f00fd972170fa41afb3fe6f9725aa6a2b2ad","nonce":"76af62719d33d39a1cb6beda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"7f3875f315d8623663df570da7770e4a1b5225f65faa2f35564091e5e69606229eb20a3fae25eeed6700c02770","nonce":"76af62719d33d39a1cb6bed9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"94a9ae77da7b629f9a501d69f0e413938ab31ac1dbe5320cfdba6d227d19b3c83602a525c2ffa963fb7d25e955","nonce":"76af62719d33d39a1cb6bed8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"7da22f897061ac73eb5be85b32bcea5932972a2624b0aff2604f4bf9da097a24276ce3c0482a650256b9f305e5","nonce":"76af62719d33d39a1cb6bed7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"af9005a5b4f186b896dafc3135b31134b007e7f54c93f1fb01584fa939019bd5bca9cd9819a6ec01a63b1699b0","nonce":"76af62719d33d39a1cb6bed6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"2d20672b4df06cb6bd117ee81a2a24f62aed7c330355d697be1871fd395115f54d299d68164f4a540321345dcd","nonce":"76af62719d33d39a1cb6bed5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"991c9fad2fc03dc02344a06699719b7d074787876d3c179bfaeffc31c98b059dbbc83d10354c2d92d3a704a6e1","nonce":"76af62719d33d39a1cb6bed4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"4c7a865eefe7c8e84c14b512a9245d26030387bf2e448092b0f6b54e5af046b4888de6b1d70c917ad3ce54c420","nonce":"76af62719d33d39a1cb6bed3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"e30f8c55f3cdf7579320336147b1a32fb6594fc9e745c511dc1b8c3c0bc7d66dbed8b246a1b228696c005a904a","nonce":"76af62719d33d39a1cb6bed2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"3bad4d90074fcc2c223e7971c8a23ac8b1e6e79a1a4ae2a859536a9493ab0dd5435e6c92dfe006d3bc73607a35","nonce":"76af62719d33d39a1cb6bed1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"746945537ef188526d1f86c33375276d58585f48b4f74bb6c252fced0f7d6fb631300a14d11c977a6c4e324461","nonce":"76af62719d33d39a1cb6bed0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"ade3f613713295197e1e80a8d3246ceb0cbeebc5670d51aab78845cfbbc61b86f87ae92ea3af277c2ebe2296c2","nonce":"76af62719d33d39a1cb6becf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"53c4c32080580426175df3fff96e84b91e0e7b7cc132dae4d3430d78ea4c6b698db8677ec81ca6f941038a4a62","nonce":"76af62719d33d39a1cb6bece","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"cd54def6e6add79be5f1268f63b2dcb8e9836937dab8a266df33c8f333e1f65c4ffac445de0b8dd2cf574bbfa8","nonce":"76af62719d33d39a1cb6becd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"2cfb50de144f323e608b5e848311985fe1a749d9176497f7c8e79d958960112acad83b113249252bed2115294a","nonce":"76af62719d33d39a1cb6becc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"f7b55bba2e91ed1d9860b2d6e7f1f58828371dcc53833c84709593e7e54d64a69d3ddc85e8fd5d45acde688a91","nonce":"76af62719d33d39a1cb6becb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"0b5e429038ec2905b4a63b672544272c2d404d5c733778b0e5c4052983f7b29ae6caedf499df53ffe235db9d70","nonce":"76af62719d33d39a1cb6beca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"58ff920f395e148d9451d09a6925a12c10978f8a0f17981f373141d8dffc00839133d317445ffff344c399157c","nonce":"76af62719d33d39a1cb6bec9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"4dae7da876b4440ac777686131f8ce0d2292b8f8b35ee336b851beb0af8245bd9b7b7709dab741c294964545d9","nonce":"76af62719d33d39a1cb6bec8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"7eee6729b2250c64fd9d240383962dc0ec0b20063e056f734b082140ce9ced8b50710a31af49062fc4ff28f2a5","nonce":"76af62719d33d39a1cb6bec7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"24ea5a739c3e7edbe4a587d77e2bd8411c4772f249b4a5f600ec454d5ad313b0bdbb28a0650b9bd5a4fbeedf32","nonce":"76af62719d33d39a1cb6bec6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"0ffa07ad8715f23dd5f753be04d6efa4f4d4d6ffe2388678f3fd0ceada0de2c436ea0904908bb04e5b7dab8352","nonce":"76af62719d33d39a1cb6bec5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"587800fc481c157d324cb8b0e7b5fd4c34d4b6575f47c60d5e1018749d8b99a444ae974c2d938699fcba6a2143","nonce":"76af62719d33d39a1cb6bec4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"8e2acbcdde1088e4fba25a2f59c7c50a00c64b2fd4b9c691708f58827089e63da70321680e86e93c39aa7a727a","nonce":"76af62719d33d39a1cb6bec3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"0a828ec88ffc0e270aa444e8d9166f04f87a2c6f3419474ad6679bc2525c5c0bab4a7a185da61b822318800b35","nonce":"76af62719d33d39a1cb6bec2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"5dd4a60fb00d1cbf4790fd00b6f4b60c8e10c6ef5f4d61ca4475032f3a173950708bf19123b2e0282292f10dad","nonce":"76af62719d33d39a1cb6bec1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"4ec01a61e8cf1c889a30d04e0bf416e3b0993cbac1e9a812b2fca4d6828e9fd03cd42e6f9d9e6884cfbc3795b8","nonce":"76af62719d33d39a1cb6bec0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"9c36150a76e8a72a8a387d70f71782835ab86a10ad018175f1d1f0a649f5a965ce52459495198a0dcb13e35568","nonce":"76af62719d33d39a1cb6beff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"ed0242e4834c38ba37b32fa6b574c137d94def348360144a3ea9cead0990d3edd9263aa70b209f390e57dc8e47","nonce":"76af62719d33d39a1cb6befe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"d88d10572c1cb4f25db967976aea79d665105d24bbf6f10d08b7d78277b581c4699a3aed96a4e92a73b6ada32b","nonce":"76af62719d33d39a1cb6befd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"836222360098ba246ebfbcc618c3b30f676dc15148c1e597a362b1eda3ef6b271d0f55a65d5810967195336e26","nonce":"76af62719d33d39a1cb6befc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"a59ec9fdd2683f0b8448745a314a156dd55f27aaa728864a8e0d733ac60f97e14983477ff7ed170fb04abcae5c","nonce":"76af62719d33d39a1cb6befb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"50134c8a769071bdddfb468e25e33a6882536fa8698c5d683a334e49ab15d0d56d2afb4b2a9ccc10f63c8be0c4","nonce":"76af62719d33d39a1cb6befa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"b5fab1dc98a6a51db54d39b4a6d23c4ec5a7d86cffacc53921112a058222b9ef139aea24039ef13981f1c64223","nonce":"76af62719d33d39a1cb6bef9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"1af56e76d94c83bf019b9dac39217611a0fdce1d2a0406b1e3748cc85bf4100e1d6467ac161f930530da914b6c","nonce":"76af62719d33d39a1cb6bef8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"60861b219937d9c4003ccc03a4137fd6c15f9ef46e1142366ae1c5ac934b48382e8321ac0db2469936bd674e45","nonce":"76af62719d33d39a1cb6bef7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"62507b6e0d3df5eba202acf79e34fae73f180fae873bd9598c7a306bb8a0141b19f73af8f4efe7631e0952acb8","nonce":"76af62719d33d39a1cb6bef6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"9d4b71afc0ebcfbc5c9a4fdd0c4d30b74c1b2c5ee67d7c32c0baff78f19ef21395a5a2b9fc61b94b873eddaee0","nonce":"76af62719d33d39a1cb6bef5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"95df80836079de2fbf2f85c000546db23ad742078e4ab22010e3dbc955a46433535b092b38695ba70a7e452737","nonce":"76af62719d33d39a1cb6bef4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"51dcc2779599b1120eabc361374050ef69aa5f2e9be4e2dc385ee53f9d4de36742b41040eba7bfc36368ad603a","nonce":"76af62719d33d39a1cb6bef3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"cd1a74481e07799f9d83735459fb3e84e7761b74d621ad8e4b07dc68eb0ec24c8751cea041db3a3ce2368f99db","nonce":"76af62719d33d39a1cb6bef2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"97ee929e75725977a6d61efc7f9dd8dfaec417f1618a4da9e48e755bee5cabcc377d0dbb2e5d8283bf74dfc1c5","nonce":"76af62719d33d39a1cb6bef1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"442a09aa5137f2b8e09bdd3fd0565264d897291b8b64bb59b2810b0b8fb2ffa3884348476c3b4cd34b6b852276","nonce":"76af62719d33d39a1cb6bef0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"2cf122279dbe0ba0a317cb71ebd78dc286a17233a02d2a32784e15a174893fc5f0807c5ba14a893fc6611ee9cc","nonce":"76af62719d33d39a1cb6beef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"115e5e07710a5bc279ff66983d7672c7e001cbda6dad6d32a88c65f4c14da792350d6eb1f203ee7540d4155d5b","nonce":"76af62719d33d39a1cb6beee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"8db8b3349a0235e6cc8aee6e60861ca0e9cd1d50c7862c392ac5a9f5c5eebc2ad364814ad2baab649f06cf1c88","nonce":"76af62719d33d39a1cb6beed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"2b3317ed458281572a1bd7003331c6eef39c144dec106b937d2432d6a0e183cc570ba69dbda53074ac03141a5b","nonce":"76af62719d33d39a1cb6beec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"63b313da11931dba515b26324a0d6ee78cfe7c4ae60d967c0ad4afd6b59493b67cfd540f5f2bcf3c05632131fe","nonce":"76af62719d33d39a1cb6beeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"00cc1f7941ea875e3967c4334fc8835a58b0e98beaf0681009d183ade44f456b91e6a421705521a6f34cb039e0","nonce":"76af62719d33d39a1cb6beea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"79fe557bcef27b48b2a5679cf318d3614af36b3187de95beb9f3a65e0ab1fc43803de84e209c0105900e9cb070","nonce":"76af62719d33d39a1cb6bee9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"28c72e0e7f2c0351e4c2da72b5a42923da11369dfd10d54fda6ebc40ee15d376e96ead99bcb40bf90feefdca2f","nonce":"76af62719d33d39a1cb6bee8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"20230079c78bd4fe06c4824d0d568d1a3b9f8f3118c4129f22ac74ad03b91a8c8a39378f5ee66c3025189b966e","nonce":"76af62719d33d39a1cb6bee7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"236dad4b2cf9b7612992c6a09050364a79dbc28af04fe136351778dc30d3cd897b8bcb040b905177b76a962411","nonce":"76af62719d33d39a1cb6bee6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"2a071564cd447c858e27effd455893bc88688ea22ccc08dfed6eea54700ab94c4a8e4ee22475b0f4e24c680046","nonce":"76af62719d33d39a1cb6bee5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"5b0a1dd2af0b878526f7e76036975b255c3f2e2f0d0b3b65356593c39fb550ea0e9c1f4357058de90abc4b9a99","nonce":"76af62719d33d39a1cb6bee4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"50ef510f6138846d8015649443750f50799f7db1e38e1d546b7574495428c37f4d9828fd1e044eb95991620dd2","nonce":"76af62719d33d39a1cb6bee3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"f29a88dd1ee0de2d6709f432ed0712560ed285ac850e082d83db9df282af98f9074717763dc2a7210f876182f5","nonce":"76af62719d33d39a1cb6bee2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"fca51e05df86b3f6de41e7a200f5484e71f75ac2a12deb4f21e4ebc083b2f1ae6f1185a5a68f236e2ef45798ac","nonce":"76af62719d33d39a1cb6bee1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"d4f93ee11da93f7410b50d94e7e8ead55db62dd30c8003e105dfa6dd265c4411600e6183ed0b91f9c119af3d90","nonce":"76af62719d33d39a1cb6bee0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"b5ac6106d0df9f5515b6ac01a107ed4bff976783c292e26f252aff83d11d89d65776facdba511cbcd960bea4b6","nonce":"76af62719d33d39a1cb6be1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"fe2a038e10c79748118d94b34dd85c7087e0bf4285b692f64374de73ed41932f5e361bf39107f0cded41d907ba","nonce":"76af62719d33d39a1cb6be1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"a1a5877e0a51a62fb73711683c16630e8e3a8271c875a74810c5164971821ac4eda5ad000d0bc900e098f3ddcf","nonce":"76af62719d33d39a1cb6be1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"0fe7921003ba3dbe947ba62651e768d97f0138548013b54a7976707425206d5806077c4ab5192da3315018dbd5","nonce":"76af62719d33d39a1cb6be1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"65e67a9f29f794c15ac0409bac4825f207103c2c3586bf53182d740787511e7ef02c18c1ce69a28b735a2b3145","nonce":"76af62719d33d39a1cb6be1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"9ab0efb81ddb6572dd1e15e3175f56a322c688558304fd764ed4d9e5779d970efa44102608bed66bfd32d3bf61","nonce":"76af62719d33d39a1cb6be1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"3317ce9e7291e43e6a1e61c5eb9068d192f8c6f9893455c7bcd97a7898d2d33b63d2453f22e81cf5338a19abc4","nonce":"76af62719d33d39a1cb6be19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"f2e69ec7d601441faf43db01c23d689b3f5e424692badc4b9c7337028813ff4d4ed2714f3ae52773bc5aaed5e9","nonce":"76af62719d33d39a1cb6be18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"866a59887c7f50d46c7ce60307f0bd26f298cd74315b16df48e8f71104c21dc8bc6163948be82d646a0eb8a7e1","nonce":"76af62719d33d39a1cb6be17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"22b59e6b5fba95b3f08a8624d4fda28bc692bc7ef5fedbc13664b4d3c99eba1a5c430ee8621fe8ba3447063805","nonce":"76af62719d33d39a1cb6be16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"a5e8b675f8a770c7e04ec15eab08f01896142bf52948a851a437adb8a9bfb43e3c1fd6622059b056d63c977484","nonce":"76af62719d33d39a1cb6be15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"cc406692885551e29b7c6d8ca022e8cc20e124dd8ab9924a4556c10a0d2cae9d441a60bab4e42dbc09d286cc07","nonce":"76af62719d33d39a1cb6be14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"47db51178917619b1be7b4c716ef003d50a31fabcecab4a3cfd5e2aec5a5026f5ee22f9683b1697d3bc207c068","nonce":"76af62719d33d39a1cb6be13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"0dcab3e644304669058da3464f9076976badb09e9165c5b1c3d92e66250994adf1a26c4780f8ea5864edce5455","nonce":"76af62719d33d39a1cb6be12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"d2361a8998e19f65bd423719e936136bece3755aa4d14375b8a30d72c652bb8ab077f27288c61395e35d350a54","nonce":"76af62719d33d39a1cb6be11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"98ef600aa05e941cdb3b3762432a696d2f36a51d15d1c9b423ed9e1603fb4c0443570e4a38d31159977885e0e9","nonce":"76af62719d33d39a1cb6be10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"6f7b9685726903b323e4a39df0a84ee57f85ffdb62f38e12b0710e1155d14982702311d9a6913bcd12079eda1a","nonce":"76af62719d33d39a1cb6be0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"54b3a824449c4c925529281bfd3534ce69036f793ba448522687eaef53a6faa286baee59e7708a576749917e04","nonce":"76af62719d33d39a1cb6be0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"d16801bcc36a06ce338f0dba8d06f80684c60cba89b3a8810d222424d235c621c213f3d0f569030720fc991d1a","nonce":"76af62719d33d39a1cb6be0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"902d5f20993d242c0d7eac9dc5964562648e1793fb23a2f2dc7f2d3d78abd5bf6743b5772b239d8b7da6b3cdd6","nonce":"76af62719d33d39a1cb6be0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"517d394affd744e96957468b570d38d680465bf7f96f337d8220a90eea656961a7777fa05728510e71911f3d94","nonce":"76af62719d33d39a1cb6be0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"1c9e957e847cf1f003f2db1a794c864ad955af6e53b87042f56c51901c0ade73fe76dcafc8977222ae4fe24200","nonce":"76af62719d33d39a1cb6be0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"f6924c47c4813c5ebbb6dd5ed747ecbd07f0f14c1e4df4e4662e820e0a8b3b88d2f12058e39a27437804c3e176","nonce":"76af62719d33d39a1cb6be09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"2d93e8d589311b68c5b54d02ce327cec020ab2b2fc327523d5c6667c87fa7a04263332c19e52b51ec865f2c15a","nonce":"76af62719d33d39a1cb6be08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"303acf4255140aaacd1a400ee4086fe244ad6fe08a1eace603db535a933e07997f4d28977667b2e926d8f7a969","nonce":"76af62719d33d39a1cb6be07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"e122eac544cb0e0d94ed7f2afd00cb3bf6f4f94044543da072a27654deda65466a1fe197dfb87d52fb94771263","nonce":"76af62719d33d39a1cb6be06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"db2a2651a2e4b2ec0f5cb425ea9b74f3e6206f20149e6cfd77b2ae68c7e9f11a5f0b07513bf222dc052703c41c","nonce":"76af62719d33d39a1cb6be05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"8da54dbbc35ce93a115efa3c3329404f6c4dfc2f36badf3ffceaa9d76dd0da00883674ea0835dbe9f80dfc4ec6","nonce":"76af62719d33d39a1cb6be04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"af13669487ca114c95fd112ed3ccc7ab3cabdae0d4e75c64690d912fac95ff6fac732e858f0b4cab267575e5d6","nonce":"76af62719d33d39a1cb6be03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"57fa73292bb17db860d7239f58789d1fbac16c4db5a89caec4f15260f3f7cf10223bafa954c8cca1a1221ebf81","nonce":"76af62719d33d39a1cb6be02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"80724edbcb55cbdfac9064a77fed6817ee0371887c2455426343d5998b40a76518f3ed0844f1085e52c8a2c7e0","nonce":"76af62719d33d39a1cb6be01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"cc0586f34633e0068ad61927313095e1f4a128a6f8bf03f3a32ea85ce429ac67b13b8b7d1185b6151f2a7c731f","nonce":"76af62719d33d39a1cb6be00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"bfbaab4404dc63f82a5a63522f155578d8ba09ca1257252137ef3cc4a6c77c0ac512b186e805cfeb49c7a28d3a","nonce":"76af62719d33d39a1cb6be3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"4cab7140e10b9fa2a1fffb2a366834a655882d3641d31e3aba967c7b361ffb358182108b724db451b0ac0fed89","nonce":"76af62719d33d39a1cb6be3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"4e72730677ab30e787b17d0c8ad1e693a11a407a0f1dfaf5b0227ff90433c6867b5eccdbc3fcd930ee1999a6dc","nonce":"76af62719d33d39a1cb6be3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"75c1bd3f2b0336272342179a038a412c8ab12d83e7386c2c788d51cd4c7b6579caf250feb065336c6753c44345","nonce":"76af62719d33d39a1cb6be3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"01dffcec82595cbc11234c8cdaa76b07993b89eaf4f9a47a27812daa5c4e7da12477d5e6e2707e1cac1c5d7de0","nonce":"76af62719d33d39a1cb6be3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"9cbf988a0937acc415aeeb930f7ed6ecfdb18bf7e0e00d4c5ed8091309fe346d1bb3b244783c81c8ed2617568d","nonce":"76af62719d33d39a1cb6be3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"7e80b3d1d8b00f6248e8577f7d4ec489233b4a967461e6e6bbfe3c7217f64ee4412e7a51775447972ce7b4d722","nonce":"76af62719d33d39a1cb6be39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"e27435c59584fba7a308d89846351d0f82e6088904bdd89246a1c0f44f6a369d27053bdc1be0126cb44fdb23fb","nonce":"76af62719d33d39a1cb6be38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"58088e4b7ffca8ce564604a4107f572996d4ee454dca50fbf09f5fbee1173bbcd889de1ca87205d58d4c7dde0e","nonce":"76af62719d33d39a1cb6be37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"b250212a638a8d85422e57dc42216fe4c776e0364e946c05a07df9c8295b95266f1aa05dc2b351a519db68025e","nonce":"76af62719d33d39a1cb6be36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"9fdf71a21846c798bb23f234dc83ef1c2e3f2de91a3905060923c24e06ca73d27257c07118d6457e2c2d08bdd0","nonce":"76af62719d33d39a1cb6be35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"38037f74b6d27e05eb9a246de4efba7666daff3c04762df9ed5ffce7778212cf3bdd95704fc3febedaa92f2dbe","nonce":"76af62719d33d39a1cb6be34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"5f6f89940733d381b7e5f3e68916fb54dd2b0e6297865c0ca225c324eb1a7c7a503116321bda865c7553a2ee9c","nonce":"76af62719d33d39a1cb6be33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"c5fddf1f7e0208738da232d47a0f4a8d317e888f4d1ee9c7d6557a2cb138c2aceedc5398efb40d60d2625fbe97","nonce":"76af62719d33d39a1cb6be32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"64064c6eb4d172ce6a14b676cb1ba5874cb6510eefeb1f9a0d9e36aebf4aee95bb3079b3cf2031796edd4bbc11","nonce":"76af62719d33d39a1cb6be31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"b5acb6abe444d00e3faa0ab5e0997a18b70e4ed36a8da0d3902168ff80037acd44e0b435a5239c2e085e7aeeb4","nonce":"76af62719d33d39a1cb6be30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"b3145a0ef4e96aa36512e5a2903f773cd855f88377d0277efc9aec943c10358e5ea6d861d6ef23a5e5ab3c427f","nonce":"76af62719d33d39a1cb6be2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"4e351f4a1fd6a73eea108ff88b488524f70458320234fb0deece465dd5eca226bc729e7551e05696d7b76c4633","nonce":"76af62719d33d39a1cb6be2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"4581832835b1739e46612d88d248ce2cb940a1db64c75c98941a6efc2c894b46803ac68fab8ce25bab1d57f1bb","nonce":"76af62719d33d39a1cb6be2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"58c9f6637c6483c3a09494e9f2b5e3c1ab8871bffcd83e05f16c688c2b8c197fa4aac6c0977713f17fdde6b44f","nonce":"76af62719d33d39a1cb6be2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"1729a37a21e9958634699aa4ca7883380ea9973bfb09867a4e3a02b5c057233ec5011910b524509bad4ba55d79","nonce":"76af62719d33d39a1cb6be2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"f494bce5fc28b390f4b756c73f17497802463e7455f70be161e2751457d9d1ed06f12b5c631266d6a2486df614","nonce":"76af62719d33d39a1cb6be2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"b8ea768180bc48321faed5e1b1f8c9d2eda15876d9f9fa1d04d91f6ff99c20af8740e81d26bb83ea226de2a52a","nonce":"76af62719d33d39a1cb6be29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"04a2b0a15cfb93bdf6acb827d0b10ef076b8697df4ddb042928b8c0701afdf7f0745f696081ad6e44bad2225dc","nonce":"76af62719d33d39a1cb6be28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"bd9b82acadf4578f97885d00e3b350a5e522bcc6250ce1b0219ee051bdf5a7460cda6153799b535312ef5cb23d","nonce":"76af62719d33d39a1cb6be27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"e9cfcded9e5ad6c788a20cc1dfaf2c3717305925e44de062201ad39a02c3f574875c858158e81b3b1297eeb2d8","nonce":"76af62719d33d39a1cb6be26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"ebdf92b192948f868b74ce34f36692d579ec6daed6881957d3bed0c874a22e57deff77e3383e3e8fe483a57f98","nonce":"76af62719d33d39a1cb6be25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"10e370c457481249cde4f2b20eedc8057807da09233f96a78ebf065d545b518bca22178c21b9d01f59ceb3ae3b","nonce":"76af62719d33d39a1cb6be24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"b0dc263d31c28cce59f471839ef835ae61d672462ccf63eca3daee8ee58bdbb636577f268b3616df6b36fd88bc","nonce":"76af62719d33d39a1cb6be23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"2856710724a216a6a1a194b1f1a0a8403d6face618a402bd531a5c2722b772acc343c5333db992dad5d3e80a58","nonce":"76af62719d33d39a1cb6be22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"281eb4680807271463db73180fb8f06f824c4e8c5ee2696c95fa02cafe8ae3b2872f0a9ab8f27e15ade853e001","nonce":"76af62719d33d39a1cb6be21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"954b99b3ca93f846c4b33328f15504295ffe775870546e2a3663c18529c0ee263b8e9f1821e8d3aaca11a27d90","nonce":"76af62719d33d39a1cb6be20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"e44b299c93b4a4e6da6c77787df2338e566e753710e3b03dce7936506297ea5282a01c1ebaa61452d93c304767","nonce":"76af62719d33d39a1cb6be5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"e5c2514dad96154f1859f628611cec2b3a24a192b5150e0b57d1d52998b2a9a8a0554c6f5e4d8649f02f663a20","nonce":"76af62719d33d39a1cb6be5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"a58c27f058677587f176d4aeec05f45242f5dce98935f0a7a586c6740030c5856dfe1f1326dbe86f2138954753","nonce":"76af62719d33d39a1cb6be5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"15a6bf3acb9483dc220c3001c390a4da3cd117cd0fca2030eddb0f0bb50b87fdaf1870e2322fb1c880150fbf81","nonce":"76af62719d33d39a1cb6be5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"bfa6dde8d8fc50082248825618220b6de8a1b9cf964040ca40ab2317b91646687dd88b172c8b7d60a7ecf18628","nonce":"76af62719d33d39a1cb6be5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"9ecc88b7b83d4bca44df99896fd9c4ba98fb667b8cf6f437c137beabe1233fab4ccfb5ca666755724b97efc594","nonce":"76af62719d33d39a1cb6be5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"bbee8248b99e47d6dcb3aef1760dddb19105890a7ef1d97192793ac4e0d97ca2dcdd5d533c7fc959a57305e1a8","nonce":"76af62719d33d39a1cb6be59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"764ed6178605fcc2b64c9a4e7ad8cea6f847905cb1a1749426373e3dcd483563db6faa84d97c5992b546f42327","nonce":"76af62719d33d39a1cb6be58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"8668180a647ac3b1fe042793692ac09df115df5ad419d31c9d73a8cd2fcddb842685436fd9e00e2f60b719dc3b","nonce":"76af62719d33d39a1cb6be57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"d56a57b3902820cf9f2ae0f485c468f198f11f49226f834d730a4611048db00a03d7e89935a80960a41ed59d04","nonce":"76af62719d33d39a1cb6be56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"90e54482f72e0b124c9c1fbc445e913308256a38654a5cf1c420ac67a12131812e2d5527f8a270b098b8a43534","nonce":"76af62719d33d39a1cb6be55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"e1e2219a864f350a153335a527b672309521d88cc22c40206838550506012544a665fdd6369ffd150f74c20f28","nonce":"76af62719d33d39a1cb6be54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"483048260bbfaff3b54de7c2cda5c1414061c3d4927092aa3c74bc914c48e363fc0b337691845c887486182702","nonce":"76af62719d33d39a1cb6be53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"d2ea57d9b3abb1055f2e847bf21e2e30a2dac9ac6e81aec21245a5e613d6bb01d3de5e913ef7eb1f26c9b68283","nonce":"76af62719d33d39a1cb6be52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"cfcef2274c8e8185b284532220aa804cc7f683f0b0041a4c5a702db41a4b7259db7e2afd21d654ecc567029db8","nonce":"76af62719d33d39a1cb6be51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"11c46f845efa3165e1aa54ee682e8229b90ba1f08ad66ef76cb26fdcc03c68b7f1ddc13c4b9b79936e6db95019","nonce":"76af62719d33d39a1cb6be50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"f284bbc15ec159e023773ce896f795f626113273154e79783c78ccab8f7464963f7aa65cea418a9ce88929ef72","nonce":"76af62719d33d39a1cb6be4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"180926a29ecc8668c5d80c18b8ca40245b42583851190e8cbe8c81ff8923c5b839dbbba9df03447a53ed761baa","nonce":"76af62719d33d39a1cb6be4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"7b270c6c18fa6f67c96e110e39f26a43200761c7de41402aa30e20fcadd0ceb6614052561730f3dfbb0a8b2025","nonce":"76af62719d33d39a1cb6be4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"bcb54a715e779526b312eb8de6cd3783d7cc111d3243a727bc27a001e239c53c5c9b9eb86bd59d8a3ca9358f71","nonce":"76af62719d33d39a1cb6be4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"cfa4a7537027067c132318115aeef9c0c537b8729dbef1fd6ccd1e72ce2be4bc9f1d33e59a9fd2661cad717b22","nonce":"76af62719d33d39a1cb6be4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"3886b13864f33bd3d0f74f10143a7b0a73b58514b7df075ad320fa08f579eb7f55b2abfb480c2c2fcd83c82382","nonce":"76af62719d33d39a1cb6be4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"4b9ab0f6514cfaa66ddeae0b1140775660db7d3d130e74b26e3066cdf3d4a71156a9a490044f0bcae25244a77d","nonce":"76af62719d33d39a1cb6be49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"0047b7b26c0af307c8f12ee84bbd722669d9a1f6b82acbde2f7b9ace0304327c5c5cb4c8ec326c86370913c190","nonce":"76af62719d33d39a1cb6be48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"0c18754148e59b9cda6a53ac86fe6aa91a8bf9897efa15da1277063c33af2493d2d0b1ce86bad615c185dc4cd5","nonce":"76af62719d33d39a1cb6be47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"350b915bc5751e160868e46b97b32b7aa1a7b6fdfadc743a2f6c8053383575f0d0af5bfeef2f90d9ea09948a76","nonce":"76af62719d33d39a1cb6be46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"6da93810f1227f449563e8dade1401aec39477ded55dc0510425a5a6bf416404c614a499bc2f9b117af858a501","nonce":"76af62719d33d39a1cb6be45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"1eb85df2884be0a597a5075171b5d1ab10df9952a81c3240278e6e164f57f6ec69e7e45a7586f72b2cbf716e30","nonce":"76af62719d33d39a1cb6be44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"ba2614d7ddcf46016166b24d7bed1599a331f7f304cb4b165b10f9b83eabb801f21fd216b8d363be476a44f1d1","nonce":"76af62719d33d39a1cb6be43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"5a06cd577d2e9dbfe5f6d71c81a622bcf673ef143e60eb34579fc99303640722e46f1f710f8f49ddafe970b098","nonce":"76af62719d33d39a1cb6be42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"7efcf2479e71619d5b9fb3fb7a433f18f5e3e29bd75381492ca8d48ce9864133af684e3368000e07224f048b77","nonce":"76af62719d33d39a1cb6be41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"7602e2ca2c3901b77c1e74ae8142eb006f492bcc8a7c2fff89d1f8dec06fa23a32a1c4f8d1daaf79e2a41c5b93","nonce":"76af62719d33d39a1cb6be40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"c4ddf671bf1f4e4ac2eb72494b32eb5955dcdfb19cd3c1a3a055e2653049cf8c4e93b9f3abcbc6d56c42c3ae72","nonce":"76af62719d33d39a1cb6be7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"aca9f589b2359bcac4511027818734994094666a4c46e5bee06c541413e1b6075307db955c80ab40554636bf0f","nonce":"76af62719d33d39a1cb6be7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"91dd8c1fc96da0ad84a0303a80039312db26adceb074ee364f1a454c643be8b5d82a973f836d60ad7136639a3b","nonce":"76af62719d33d39a1cb6be7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"0c4cfc6bb22a266825f30c84e680abe9a57139d02e45c82eb67130af1e0d77e0f0dc9d5186908bd8203c557d13","nonce":"76af62719d33d39a1cb6be7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"cc5de901592d0cbf34e3b78312d3c75d2e320504f7ceb421658f6e186899686760eddd9c7058e04a5d84b237c6","nonce":"76af62719d33d39a1cb6be7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"c77812e7f38333f3f8c0a3c48db8898edc395d50c940f7bceaa6abfede496103ccf4b01f0a25df09281084bbde","nonce":"76af62719d33d39a1cb6be7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"594d31914de28843181d9104f45d4ae8ee6abc8cde1310b157dc684c64d0c1f2df692d9d0bf9b67cf982d15898","nonce":"76af62719d33d39a1cb6be79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"df6e90169cb9e5c1c32be7268804f906598ab3d243ef68041900a549c438ee3a13c6562a15ad7090da40fc6f70","nonce":"76af62719d33d39a1cb6be78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"c280151bdd9c41b113998b0e96d5024dae414cf2af3668af4321c53f1d21012a1c1b4bbbec759e7019e62bfd2a","nonce":"76af62719d33d39a1cb6be77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"8cd1f627e116cb39be522268d151d3e174d34850e81cfc21842d23a1882198c67b1e1ccbb1199ac9f4ef74489a","nonce":"76af62719d33d39a1cb6be76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"1f936e0198fba4047973f4bc31e35131ca7f1219e3dfad7e8ae7a1a546be041e194c6357874a422587fd255444","nonce":"76af62719d33d39a1cb6be75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"4132bfdd5c9f168905922aac66f05c14acedf74e52e62877a50d53ec46fef0ea028eea760b1bc83e31269b266f","nonce":"76af62719d33d39a1cb6be74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"5b0d0db812110861001fd34d9bb5029bafd6a26e51eb9159c7eadf1d30bc03bf202e4cb95f640a82fa5bb4d549","nonce":"76af62719d33d39a1cb6be73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"cbb14999a19bf2d347498f23afd5ad70315d9c2d32e9263f4101518a96f59312c44a419445547fddf9655d3111","nonce":"76af62719d33d39a1cb6be72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"a6cba2eb8c398c316700652c0b22d14fa41db13c1db4ed2cd21c47741fe375ae76fc635ebb824ded7360891e36","nonce":"76af62719d33d39a1cb6be71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"61c6c3d99faf56a326cac8a0bf645c2b3703e11a5fd9b4c7b6517a2ce6371d7dbeea6af563810b9a177ce0a498","nonce":"76af62719d33d39a1cb6be70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"e2afd4642e2ad5ee20be095ee9a8976a424711b2214b80a9faccd79b77d768af1b05b7a90d40aec07d1a4442e8","nonce":"76af62719d33d39a1cb6be6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"a1f29334695820c3d549ac5aabd7b804d6e9a11404670f05eb774902849ae3755804d1fcb26684ea7124d5118f","nonce":"76af62719d33d39a1cb6be6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"04a6c14ee3caff0d9aa584046afb2317ef24c150805fc5608f8027678cc3ff8cb7bf725f353ef96db326974130","nonce":"76af62719d33d39a1cb6be6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"d152e966e2cd9a4cc7c5dcb7cf560538dd99e130c814705387afcc7da9b8da12f332bbce5d1c668024aa888737","nonce":"76af62719d33d39a1cb6be6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"f2723a799ebe8e8091e3883bd47c1ec3454acc6f9cd46a4b565c62083e41c425544d8f620206733e481e7a835b","nonce":"76af62719d33d39a1cb6be6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"cba8caffe647caeb6c3c76d9bc9cf8757eb7274ff71e83adf6e053f8a5897a00e0cc54185d7a16d6b463b42c02","nonce":"76af62719d33d39a1cb6be6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"a0396807e5d9d7bf40c846ce226c1db1479c569a5cc1cbddb38e334fdc5420d4e9aa27736fa1758a2c5b1c1e89","nonce":"76af62719d33d39a1cb6be69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"841efe7151abafe3c5c63c399b9df7dcd30c5e24784018c22de0a0d2045230797a2a1bedb7d8599feb998e7586","nonce":"76af62719d33d39a1cb6be68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"87a28f7f638741ad5a7e94308c988f4bece99a62e29780655a1b757e092f8380c47b313d7ed1a5e1237b618bb7","nonce":"76af62719d33d39a1cb6be67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"f596aed6736d4d2688d1d8398c2b09d555b7a2fa865ac6fe082e5293a0394a5e28e2d8b4f758c0d915748f30c1","nonce":"76af62719d33d39a1cb6be66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"f901841f4541c48f3ea28cf6613c7a516abf32bdb406b3ae53389e8c031bb7104a94f3c637fac4109ffdf081a5","nonce":"76af62719d33d39a1cb6be65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"afbe60a44fb088a44782fbf76360f20da071a14818a3f95ccd30b934254c31177d80c63066b3a2644962fb5385","nonce":"76af62719d33d39a1cb6be64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"315a48fdc9dd4dca499b6ab53683e9f75ea599d686d51c2693b700e080ef63a86529e5f40eaf4780dc59f4d0c7","nonce":"76af62719d33d39a1cb6be63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"c47adb54a09087061ff9a680b65c64d65c651b1de4b22d9b20b68c02f7acc9ea1b658b5bbb3593075c7c36a1c0","nonce":"76af62719d33d39a1cb6be62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"4d6f71802d347b0c2eba50ef26fc6f854d62ef11bc3929384185fec724b6478f07beed5d34ca3dbd9b16890dbc","nonce":"76af62719d33d39a1cb6be61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"65596b731df010c76a915c6271a438056ce65696459432eeafdae7b4cadb6290dd61e68edd4e40b659d2a8cbcc","nonce":"76af62719d33d39a1cb6be60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"9f659482ebc52f8303f9eac75656d807ec38ce2e50c72e3078cd13d86b30e3f890690a873277620f8a6a42d836","nonce":"76af62719d33d39a1cb6bf9f","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"c8c917e137a616d3d4e4c9fcd9c50202f366cb0d37862376bc79f9b72e8a8db9"},{"exporter_context":"00","L":32,"exported_value":"33a5d4df232777008a06d0684f23bb891cfaef702f653c8601b6ad4d08dddddf"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"bed80f2e54f1285895c4a3f3b3625e6206f78f1ed329a0cfb5864f7c139b3c6a"}]},{"mode":0,"kem_id":16,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"a2f6e7c4d9e108e03be268a64fe73e11a320963c85375a30bfc9ec4a214c6a55","ikmE":"0c4b7c8090d9995e298d6fd61c7a0a66bb765a12219af1aacfaac99b4deaf8ad","skRm":"9648e8711e9b6cb12dc19abf9da350cf61c3669c017b1db17bb36913b54a051d","skEm":"109449871ed61c0fdd8cecdc56be12fd6f946e13c5c7a863903c592e022904cc","pkRm":"0400f209b1bf3b35b405d750ef577d0b2dc81784005d1c67ff4f6d2860d7640ca379e22ac7fa105d94bc195758f4dfc0b82252098a8350c1bfeda8275ce4dd4262","pkEm":"0404dc39344526dbfa728afba96986d575811b5af199c11f821a0e603a4d191b25544a402f25364964b2c129cb417b3c1dab4dfc0854f3084e843f731654392726","enc":"0404dc39344526dbfa728afba96986d575811b5af199c11f821a0e603a4d191b25544a402f25364964b2c129cb417b3c1dab4dfc0854f3084e843f731654392726","shared_secret":"fcc960a01d9bc0f30605eb29cbd3f9c2b9dab0c7083e88bb266fb17951876376","key_schedule_context":"008af8c8585cbab503908a747f5b6e6facb58a8eb7d6aee84875f8e4fb97a6baba74330d080c6e518d29f18589d731ae505f746529747c9d25d75013d5f8f2f7280da9817afa84fe836a2afb21fe34bee379586120ef91d5c0432c32bb1d1d6dc7923282892f781147d97bd9e353465a35023868db7b5c0fa7a73b1ee212161f04","secret":"ec0b43613c1107d4f17dafb7fbaa13507ff1d567586f92dc48d295dd3bf3af7fbc047581a71f2a49087d85b91574f62f03823d67c3551f4c93e599f87aa09ba3","key":"490666b45bd4aece6eaab989af2e1eb1800ca326955db2be0ce31343c72efc76","base_nonce":"ad23d477d0f9ec0c12282360","exporter_secret":"073cabf2b9f230a76c75d63051f22c16d257e58d900f85aa650a4ab181bb5c222a43f576894c3bbf7f59a0bb3c435e185d72fbfff459c3310e8a5f7e347dd77e","encryptions":[{"aad":"436f756e742d30","ct":"949f58e87c39b3f55390b6a970de27dfac44aadc2fbc9d623dcde1a08b628c83ad07dbbee6aede7fcfbf955670","nonce":"ad23d477d0f9ec0c12282360","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"2b122485c81e76277b6fb7d96d85e1e2f0d41c8b6659dbbd2fad77d4a2318ceb88a350b02f7fdb242af6ee6222","nonce":"ad23d477d0f9ec0c12282361","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"24612f7a27e9a8a0ddffcc18e769f5e03c9ebb658071b558058172d81336d151933f3d80846596d99f67994822","nonce":"ad23d477d0f9ec0c12282362","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"f9e9052e77dd112cd243e51b33d5b6bed372980a1e9e24b238eabf44a2a216f93e321a9db239fc326696ebe174","nonce":"ad23d477d0f9ec0c12282363","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"12d38f829ab8fa8c7a684ea8491210e9d77accce6a005fa6c2b84e00acbe38c25cb570479dd4db9fb676ec9680","nonce":"ad23d477d0f9ec0c12282364","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"b513295313842eaa31169473f05066a82272fb272291e5d3b9761d4f5e1aa3b4018e2b7926d043c52464f4cea4","nonce":"ad23d477d0f9ec0c12282365","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"769ae17503c24bc3ee12277549d7c79697841a34209cd9a082d27ce450cb1bfe64394a152323f819b1882d4c22","nonce":"ad23d477d0f9ec0c12282366","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"53edcc467e79d48e4186d03ed8c7806f1540776ba39c060d8e6896aa350f50091e2ca6b658a5fd2d0bf26f79c8","nonce":"ad23d477d0f9ec0c12282367","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"1d4605943e8d11fa54d6477fd33e6e098fd3f9258840c41c0ad1e3355eb92f569f2673fd110f3f3f2c0c67ddbd","nonce":"ad23d477d0f9ec0c12282368","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"32e2a663adb4748e0faab681506729885a7d67255385fa1ce8a9b19e8123611bfcc4426dc867145e963fab15e8","nonce":"ad23d477d0f9ec0c12282369","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"a4f0937825260087135d445f766dee31a0e441ed58f25cbca2a9f4d51d1a192fd8cad129a1bfd2ffc23e78dafd","nonce":"ad23d477d0f9ec0c1228236a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"6b29b9c36cff5dbf5a65a16a100b7c05844ad3b6ea2225d57621ff095d0275b7b7325f1b57836ec32f07f74323","nonce":"ad23d477d0f9ec0c1228236b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"59bb16a4c2ac5f0264cb6ab92e98252039f2f12b63c50ea8d690b79015e08d2679fd4a612b4aa2bf15af963a42","nonce":"ad23d477d0f9ec0c1228236c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"b72966c8dfcf50958a90655df5fac9b026f1399092e977deab611ad88550600e0a0b6047a8a2a214c85923ee49","nonce":"ad23d477d0f9ec0c1228236d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"2d2592744c51536e230d7393c00a8ceddb66531110f81aeb5a751e108b6ac3652dd7d6b1532bf7d3b99885b41d","nonce":"ad23d477d0f9ec0c1228236e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"90b046abdbf4a5e0b355e0839fd682ec09704597a89f86ee256a2d4e2a0827f0353d69e97102c2e986be2c00f8","nonce":"ad23d477d0f9ec0c1228236f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"6ab6c7182b790123e718170c47f364ca16d2c7a96795dc2d02be9b007cd012e194f1986d561a4a4a99fcbf9723","nonce":"ad23d477d0f9ec0c12282370","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"d8462aca83ca710a97657805fe3f97f917be6bf1a1ce3b6eef115900d74b8ad3190af4acaf25a79067221c3e70","nonce":"ad23d477d0f9ec0c12282371","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"05db79a5aab1d9281b5c3973d6df067110de4d4f48e2a12baf09860decccdbb02452c65d9aa614ec3274e43e86","nonce":"ad23d477d0f9ec0c12282372","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"98d8488c6fc789f7fedfdb081768ccd4f32109ac4d394a24de9c242f5cce4ade6b0156c12f8dd503f7699956a5","nonce":"ad23d477d0f9ec0c12282373","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"14b2c00afc5df79c07c492226d7296856071d9a989fbaf90b07ed885961aca8f80188615d2790aa1f855ce7f6f","nonce":"ad23d477d0f9ec0c12282374","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"2eca386e4ed7e9db2a8956a2072ea694ab2c9ab8ea9666823ba60ac4eef3543e3915969f99dc1b6f98585ee753","nonce":"ad23d477d0f9ec0c12282375","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"2cf2fca25a983d0bab8fb0b114cbc93a66d9dc8a9727e1642ddad5edddad3de4ff15269034e59a5712fc293e77","nonce":"ad23d477d0f9ec0c12282376","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"9e366c7b793e3aa010205e8f139b0dbf5be619112ab96a81fca74cea7fe0c610d2cb3cf861050cb5ee0d68aeca","nonce":"ad23d477d0f9ec0c12282377","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"2db988396dcf37525ca364ff475f8f4e5266e1d66b5d23b209adecb7d5989737c6cdba7522c5b48c98ea8adc29","nonce":"ad23d477d0f9ec0c12282378","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"4c5256b4b3f4c07a461a84c3ecfc4afa9a6be5c86d5aff5f32a3847ad259ee937dad5e4bf570b7362b49f86f8b","nonce":"ad23d477d0f9ec0c12282379","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"193bc01e4a3086c1c70681a2988853cfa902c6e88a7ba44ace479ebafb9ee3dca6743f3de99a770ac58fc4aa3c","nonce":"ad23d477d0f9ec0c1228237a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"26cbc015b6bf539be88236400a384746584db5bcddc27c8fd224599f2a4ff8203ee89949e9f601420b5f648fb6","nonce":"ad23d477d0f9ec0c1228237b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"a779556a55992ad2e101439392859d4505fddbc08e400735aa04cfe8a629947760538825f1cbd7d854b3109271","nonce":"ad23d477d0f9ec0c1228237c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"2e866c18986c384721cef98970580cb27492d1631fcee0f67f5ad612d8b812cef2fdec497794bb6918c8d16df2","nonce":"ad23d477d0f9ec0c1228237d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"2c581e4e458afc4d8531ff398467b80f6f3303816c645e289f5320be8b811bedfd92c7a0ea53cbf18ca490a210","nonce":"ad23d477d0f9ec0c1228237e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"5e9bf9ac56424b0d9d4ac68102c07b2aa0a44d970589b6e3f114a7dd0c690250b51de647eb2e44b9711b5daeef","nonce":"ad23d477d0f9ec0c1228237f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"b81d994fc95ea0eea33ec783ef9750f9baca4d6d955000ccecddc5e521a8b60848b1c008780e19d16bff508e84","nonce":"ad23d477d0f9ec0c12282340","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"a35f9b5c955e5b3324bb92ea904979d665cbff193df2d61d825a9120082cb5c6576320e1d9a305ed3ba76257f6","nonce":"ad23d477d0f9ec0c12282341","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"5a01adc583bbc77386dd7c4c90ad856432604e41b6d14dc31e7708440e186e58697b2c121fb7b0d98d160b3646","nonce":"ad23d477d0f9ec0c12282342","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"a157254044c5f4336af2173b2c82bf5cfd5ae0adc78d1df8d04733e49028ea9b24197653e3852649c8c4f1cddd","nonce":"ad23d477d0f9ec0c12282343","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"380526048e21c7a549f5df2aabc28ac6499a0dafae49e0710f5ac662753ad9321e3cef2d1aa9209bab5fbec966","nonce":"ad23d477d0f9ec0c12282344","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"eaa08782d900baa2bf5f51bd7ab528825b31496f63ab477b982f63306b060343c1642ecc6e888af6c24eb7275e","nonce":"ad23d477d0f9ec0c12282345","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"380acf3d824656266ed9c5302e6162203b14d3bbdc61050ce0e98128682b2cce2a21c4e4d6342988d8a53a7dca","nonce":"ad23d477d0f9ec0c12282346","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"1c5db80f7e775a36303a67f309b4e167c7b96212d82c0d431efd401957c05d036470f250b81b7453673f1befce","nonce":"ad23d477d0f9ec0c12282347","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"80ef65226324b7e985a91aacaef884a48a4dcd86454ef11e3a47908e3dcca4581b6e2f16df095c581eb3a2934f","nonce":"ad23d477d0f9ec0c12282348","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"f45f04e0ce51fc24d9022a8ae79893fd67702ee2c82f8c17d767f59dfcb46b104267950afa28b4ebbbc55d19fc","nonce":"ad23d477d0f9ec0c12282349","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"f7203239dec8621587b6e84606b54ddaed91ee7b3e2a5a6239b24ea176caff255714298a087df7aa930d580c34","nonce":"ad23d477d0f9ec0c1228234a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"4e9f9682fc912d3616b5679132ebe5fb211538f436206d311ba56e548742211afe12f19c77b16b63d27670dd95","nonce":"ad23d477d0f9ec0c1228234b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"c5ec09396903cebbba351b17b0b39828854fb9fec08a9360bedbfad5eccce0009f7d83a62e3e592bae1c447936","nonce":"ad23d477d0f9ec0c1228234c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"6bcc84f43715dc16d618f9019b68f45071c6cff6f616a3f1fb4f0373c382a542a83b3d8c9b888c85fbca42ef17","nonce":"ad23d477d0f9ec0c1228234d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"3f24d9f68e9ced85606c9ccd9f519b86ae98a457f6613ac21163ca37bb60257c44627c5bcb505657fb6c852e3a","nonce":"ad23d477d0f9ec0c1228234e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"d951f3dd13a9055fcf37edb689da99d761e013df771dc4f73d707ce5574c1d5e0afe137f21eaac9b5d4942d60d","nonce":"ad23d477d0f9ec0c1228234f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"7c113245e0c43247935f80a796c673b195099f4ccd58989f255590c6d2b686b5cbebba4ea3fe068fd03e054c2d","nonce":"ad23d477d0f9ec0c12282350","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"2102ea5c92ee56c7ecd7d70073467c3253f311fbef9a1447b2bc29f4aa9013c361ab798e60fbbf84c8dd826d28","nonce":"ad23d477d0f9ec0c12282351","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"6affe0db3c338449c9e4f82a2535efcd6db61beeeada3bb4c0f35f18d033434e746cea6efa7e8b868849a75cf8","nonce":"ad23d477d0f9ec0c12282352","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"3c2f242e5fa6e63603a38746c0947bee7ac02b5f5f3012eb672c9b5a931a74349231bf78ee72be3c3ae59c8753","nonce":"ad23d477d0f9ec0c12282353","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"38a2046f19601f26d7bad8f17c2732972bb5cb25b958ff5b05ba5b098a368365d6231986b1204a64687d690a24","nonce":"ad23d477d0f9ec0c12282354","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"2ba7e0ebbeb8acb4d82f57beee0662faebb43b8803a17933ad61d494b09e9b5709650ccb5d5443763c7dcd4e5d","nonce":"ad23d477d0f9ec0c12282355","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"8af6caece97eb695f1612a654888303fa469ec47adc92841d6a6c6b2436f83f9029583a6cc68c6726c9114a238","nonce":"ad23d477d0f9ec0c12282356","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"18b62e2d0e98007c3a88c2dac9e4ea24857affd56c19a4c036e4ecbf43b6f271b502f4287d3501edd9fcdd0a82","nonce":"ad23d477d0f9ec0c12282357","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"9d3b6c74f1325e8c9212f9d7750bc3440988c33cec75b720c5bcfc353ce2aa1918dee248a8226dea5016fcc9d0","nonce":"ad23d477d0f9ec0c12282358","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"1a481f4b7b038d65e1eae9b4f545f9358f06308aa2fa33a705fa83f93000b42252ea32c3b9da478f5972d37739","nonce":"ad23d477d0f9ec0c12282359","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"2605016a15093dee92ce4439aee0b9ed9310d4c8da34ef7d2c7013f6a4eb2897eb7fed9d5f3552adc8c6d7ade4","nonce":"ad23d477d0f9ec0c1228235a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"55c770b61966714391117b5ad1f62565e8ac87929139f832a2fc5428954e0379bc46574178ca3076121d7f323b","nonce":"ad23d477d0f9ec0c1228235b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"08920cb1c62acec4ba35e1ddc3bec9549f251ddc47c52935d82c4bc4ef8ed3ce0f37d06b1e968053b75714c3c8","nonce":"ad23d477d0f9ec0c1228235c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"82377d943b042dd3f6af025aa7130f602a72a2f3e10e18c8fefbff031e4463cc0aba42a58fdcceec64574c1f33","nonce":"ad23d477d0f9ec0c1228235d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"88a1e6ada528e865364a9da00f8b4f4a34d64aaa65b3e560c844de6e380a9d8a95feb93761828a8d32878eb3ff","nonce":"ad23d477d0f9ec0c1228235e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"cd6258d83f08b9d89061a7d5ded65c8f4827a24323edaad1cab60b99ecf9b43cc277999b83a65011f802eb993e","nonce":"ad23d477d0f9ec0c1228235f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"a0957be891afe70d9afd28f49cd0ff255e4809baf5f30968ef04e57c69e5a9c96ee58e3abeadee00e5853889a8","nonce":"ad23d477d0f9ec0c12282320","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"bdac847ae30545ba0748d2c4b767dcbaf39b8c37e4b2806d2b72fd742647c83a8a4629c3a4976ab17124cce41b","nonce":"ad23d477d0f9ec0c12282321","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"bdca5f252d8c52a26c7b763ec2276c6687939616fcd79419d461eb58ff0fd40d89c41239348a615dbd9ded0eb6","nonce":"ad23d477d0f9ec0c12282322","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"f975a70b15e5978676c74592717dd85ba799f209909f4d8c288e1538f3533c5e9e9e99b55e5ad6c3b023f638f7","nonce":"ad23d477d0f9ec0c12282323","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"dd46ce29e05276a8d62ff479bef1b88079f67def7744f524a1eb3035583777b5ef6f20c9ec061dc37250ce5eb1","nonce":"ad23d477d0f9ec0c12282324","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"91ac5d1fbf534e64ffbb7a55f8b4517f3c8e55b91bc31fff1133d50efb49dc0eb5752d87b61258bfa17f27d6d4","nonce":"ad23d477d0f9ec0c12282325","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"23f62b561065fe7f0158b7ad4975f06e36e8f69e0771a2b4b60f8c518dc968b2921524430ac389383a04842929","nonce":"ad23d477d0f9ec0c12282326","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"48ba71724d430a7416bb2fc1490c23af11040425c131d784080605630199dd99db00d8f8e1bcff6fd7c711083e","nonce":"ad23d477d0f9ec0c12282327","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"a65442313d43eeb402feb80f8f88f2c45f46f99fad2e202cb1e464237122a4a3fa8aa315bcfffc61c55f3b561a","nonce":"ad23d477d0f9ec0c12282328","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"ddf16a9407637911bb39be12f38cc92a6374b0c612fccc610a943513d34f1e32981b22d9d19ff9f29465aa5151","nonce":"ad23d477d0f9ec0c12282329","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"c140731cf9c4247655761ff5ee0d836ad2d74b036fa69cc1f2ddb034882df2d01092f45b51345a8cf2f61e6267","nonce":"ad23d477d0f9ec0c1228232a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"4339f06abe007d981a2546cf3c90ea2eb1d518f035cf7f58a264f38972906b3867d0b14dc7848f20a6040f6a0e","nonce":"ad23d477d0f9ec0c1228232b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"079edabd7db20d5166f408f93233399a0c73f68b18016e9f429ba2917e1ee83f16ebce277fe1715beaf69c3f7e","nonce":"ad23d477d0f9ec0c1228232c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"67286e753a750a9911dd436068d8189c4ca1d005a7a92c47235d9929b585de15fd0d3286630027066be00911a1","nonce":"ad23d477d0f9ec0c1228232d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"bfb94d84f951b02d90045ffe5586c461192c6556f6d14655690bb017dc34799bd23a0e0f1e4ff3bb403582eadc","nonce":"ad23d477d0f9ec0c1228232e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"582b288641264c11878c76c38bab0b78effad8ffbf73c6dff80a991aba90f906cc20a9b90facccd2cbeca381e5","nonce":"ad23d477d0f9ec0c1228232f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"2284afb0c1bb8e7c58642f74eb0623f6940fc4cf85d267113c08153be69781e972a15928269f47498ec8e42ab6","nonce":"ad23d477d0f9ec0c12282330","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"aa58be1ad503c6985f3521b1536c0e3a76e561118c0b30e7a423b9f8277b9831963f73a6e73f4ac8e366d29ef9","nonce":"ad23d477d0f9ec0c12282331","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"8d67783813a982a53dc111d07e1204c75a32de3fe2aa1f44f1c6e2a96ce4e7f8bce4a39204f13775ead761d1ca","nonce":"ad23d477d0f9ec0c12282332","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"2aaf083992154e780eefb421a75945ee4242d71e29ae6b964e5225220662e4859aac956a7ef168fc5ab3af8fa9","nonce":"ad23d477d0f9ec0c12282333","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"7f45e4ec22a014297a6928f9ba8fc0a72f3888d856e7feaa8a99d35fa6121815c8faaf020ab9fb03781461881d","nonce":"ad23d477d0f9ec0c12282334","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"3828b774e324691d54bfe8340c19a1941bc2fbc0ab48bccaa9bd43e25426814e405d80410cce69d72457ddcc6c","nonce":"ad23d477d0f9ec0c12282335","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"848b4d04153f7a5baef3b80db07d54ef61c30201c8e2626b95ca58821a33005f9c60d680c9ed0fb46b1af37283","nonce":"ad23d477d0f9ec0c12282336","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"f3deaada51156741ff02b452815ee3a95a34d32305872fef71a64c335191c1d7347506c288f9c11512dc1dcfdd","nonce":"ad23d477d0f9ec0c12282337","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"431572f7d48977636fa9c10f49df68c59893529073ee0d0045c6f577bfebdd14219def5c77d19ee52b7f66f930","nonce":"ad23d477d0f9ec0c12282338","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"731868ccd6139e0bb91a816c7a1a3a8917b001861636ca2a9c8327d2b6b27b7bb2954a1569a041ea2daa47ab5a","nonce":"ad23d477d0f9ec0c12282339","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"291bdb918b06fc78a746daccd498ee6157fcaf93ca4dd180b088f82873bb2e0340058aa6ccebb3d498e9b67854","nonce":"ad23d477d0f9ec0c1228233a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"15102701b62601119700fa6b86dde8f10b4c0856239158f704b7516f4c5666fde5dd4d4ca845c7415630da40ca","nonce":"ad23d477d0f9ec0c1228233b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"bfd2e587c55d6ceb5dd4a72e9228f4d261cab04f67b6c6493757a26423fbb938bf80fab01645aac7ae2f58af48","nonce":"ad23d477d0f9ec0c1228233c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"81bf2597b1d7b7bd997be2299908d7bd2ce157fb41e9403a31f91bd34eaae486b1937aeeac1d7f11309f06c69b","nonce":"ad23d477d0f9ec0c1228233d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"f3502debd5154d8c39ea55a654889624af4322db54d7e15df54b542f0104fffd7c028d1ed5736d5fc49a3dfd1f","nonce":"ad23d477d0f9ec0c1228233e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"b61c8b2b238032e2ab537b37e35b80676e53a8c39d2d8673225dc358c91634830ba3b01d8fdc041d7603ab14cd","nonce":"ad23d477d0f9ec0c1228233f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"73294ed721b449d5599ebb4d617ee43549b074a747d0869b0af1ba00809de8303d27235ed74c55d5456196e79d","nonce":"ad23d477d0f9ec0c12282300","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"b85b2ca350e354a795aed257df74f1768a43fd5b262178ef4a5aaaaa41f72a7559e5e466f105c9939430cb0724","nonce":"ad23d477d0f9ec0c12282301","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"20ba6d9ef0fc00496b01ca8866e4279670d7c0d823f7bb5f305ff5b9b7503e30d9dd9dc29f7c8128865421a785","nonce":"ad23d477d0f9ec0c12282302","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"e73269a0b7eaf2aa45592e12d891419f936d1b4c7ac55dd94aa09df9971546d6363665c6088a0a3a63e8d46b2f","nonce":"ad23d477d0f9ec0c12282303","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"4a651d4e7d27b951eb09809e1348b4caccf67b3840645b94f438ac10d62bbbadfae561a74603786d8c144ce291","nonce":"ad23d477d0f9ec0c12282304","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"d23bb9e05168bddc574059733c774f5081c6bb79b0235907bdb806b2b5a5904e1ca4ac6b64e5bb4fd45bb9a789","nonce":"ad23d477d0f9ec0c12282305","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"28cf80a9d0e40d387a25a458911ebe43f6fa64a6e661a4a13f12328996c832b4172fab63019ea6aa3630a4a639","nonce":"ad23d477d0f9ec0c12282306","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"28ef3bf11681276043317e374b8db4bbd4c6a4dd38129ee726c198241c12451266aceec025a7c5157b0214df27","nonce":"ad23d477d0f9ec0c12282307","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"1a3ddabce6df3bf186b00fb2b8bb2e6ef6e50fb3d26198113efebf5bac2a3827a907ed6a4198dcea32567902fe","nonce":"ad23d477d0f9ec0c12282308","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"3d005dabed987177360a9e642fb346c1539b19d158efbcfe89eb386b45b861fca57652dc1b37234a344633dac2","nonce":"ad23d477d0f9ec0c12282309","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"9c97eb4ba9ecba8013ddb0148b3ceb85257f80a08d3c47e63a776cc09582be1f4b83f7d5a2a794c1f517526dbb","nonce":"ad23d477d0f9ec0c1228230a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"e1c678f0ef7d48c0e5b879216757c62ee5c203e95c5524f8f64a3768f5523478d5d3c2557031c822039fa584ea","nonce":"ad23d477d0f9ec0c1228230b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"78fdb3f8dbfe218e3386a85c76e918fdd202a7e226fca45f0cf92d4d26a5bea42f1b31485f96e664c7cce0e141","nonce":"ad23d477d0f9ec0c1228230c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"d2fea7ce97c8880c9171e2f432bbafef344846247c0e9fd709911577aaf90ad22f63fb218a700f0737afaf98a5","nonce":"ad23d477d0f9ec0c1228230d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"4a1f43abf1cd59239698b169f9c98b57a4760370bb8c877ee9c84fe82657689519e86680922ff914c26ef02ec2","nonce":"ad23d477d0f9ec0c1228230e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"9d7d4d6e44df21f83244c573c2c69d7bb5cd7c02810d58b8a7048a7372b581c71bab7e4289ee2baba6b4165a0b","nonce":"ad23d477d0f9ec0c1228230f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"4b7a2281b1cf4681f14bad57d1fc7f21815c69540542fc67cace9927d24868906e6d38c36562f4f1a3b9ef30de","nonce":"ad23d477d0f9ec0c12282310","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"abd585a810a54c73893dfd66bde7cc833ecb732bbb5809b5fa7ec0b9af35544dc6852f2b0eff276e97fccd042f","nonce":"ad23d477d0f9ec0c12282311","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"896b08067273f74750aa103ec270d1220ae028a029ec0b836d0c28ba6373e97fc63f46f0ce957169b46d6592a5","nonce":"ad23d477d0f9ec0c12282312","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"5170969af1412821bbff0d1fe3266c4dcc7d5879116c47e64f1d7b0043d7055e52ca1c573e4433716ee427cd9e","nonce":"ad23d477d0f9ec0c12282313","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"e7be325668d888ffe6a18a32283d61aab431775037f80cf2c564f3b9d44305482746d0e8efe598ab5e41c47467","nonce":"ad23d477d0f9ec0c12282314","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"bdd83c24b53f65d8c8f0db0bbeb80d556b82e72d272d9c2ee847adcfdcc6c5fe949581c64f1bc91cbf5a5e37b4","nonce":"ad23d477d0f9ec0c12282315","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"5c2136bc3fd0b0daa5fd1de254c970ede8698794d8de333e35a491fd46c69b3301ab4d036df07e738a45908c3d","nonce":"ad23d477d0f9ec0c12282316","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"5b57fdd9e2ae1f4c1164f041195a863d1e2602e3c87c01e5e19265d6abd6f8b623c46c311483e13a8a4683f396","nonce":"ad23d477d0f9ec0c12282317","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"f3b45d9b85a4ec7676e52df5acf5e38e8543070ffd8842766ab1495378597ac2055b151619fcad03f88d9110e3","nonce":"ad23d477d0f9ec0c12282318","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"8d778276406911df8593eacad1b0b277818502d42e19c41fbca75d70f61d0279d52a43547481217b0064c658dd","nonce":"ad23d477d0f9ec0c12282319","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"33cc2340f1ac2b632fc425eedfe5f29c0efdbb82c65900849060bddc16b1a0fbb7cb03e49e38bd7af8b731f43d","nonce":"ad23d477d0f9ec0c1228231a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"cb831cdc5886e55b92d843d7d9632fcae83c4626a057675cd4dd6e9c37679ecc4f9a9cb0b73784431877e4e33d","nonce":"ad23d477d0f9ec0c1228231b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"a5823ce20ccb3c5ef313a98e7c93893741b21b307dbb3c32a657a738b7b378cdc96a7cd3e864d81fd213e7cdb0","nonce":"ad23d477d0f9ec0c1228231c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"3294ab48abf66352e72571966551aa08bd1e34c93400d2f61e2d6a739290380668621005ff931bf06ac39ebfad","nonce":"ad23d477d0f9ec0c1228231d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"6babfeb5a726ac48a7d8aaf0ced94135bd61b91eb8bfe65a635aa7825212ebee5dd237b9ca1294635c0b2c012e","nonce":"ad23d477d0f9ec0c1228231e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"772cf18fee4171170d6af55b7296fa0344dff41ef92f767a7c0169bc5113cd1e0a14f7896e2a4c276684964736","nonce":"ad23d477d0f9ec0c1228231f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"b2ff900f1fcf159af13f98e12f12d1cea2c26c04c599db13b9dfe9acaababd9db44348bafab667c5d1b04df05c","nonce":"ad23d477d0f9ec0c122823e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"5cf0601fc489d472b29cc58f78d05349d28bf2aed3d7baabb86b43a309da2f3f9979bccaca116343a2f15dbfdb","nonce":"ad23d477d0f9ec0c122823e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"5a2171d6e87319e439e5038beb732496fa037892aa3dc52d9b47b8bb055be6a282011650492ff78121f30546cb","nonce":"ad23d477d0f9ec0c122823e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"5123348289c0e2c09f7addc8fd085e048ad6574feff58cf4f093e636ba6d68dcd14e0aa7a244c020f0e891e6d5","nonce":"ad23d477d0f9ec0c122823e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"5bb09a4ce219f2c8c37ebfe56b4e77268336c91c583eecff37eed5de613bd47e4928684d6c3d936e8c13f08e5b","nonce":"ad23d477d0f9ec0c122823e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"3e0d110cdc7e4eec02d40887d4be1b3b548f91e36dbbe895c7be59c089d5336fcd5e42ea7e79042e89882bad98","nonce":"ad23d477d0f9ec0c122823e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"0a2e195dd4a328b00b39978d86229c6e0e02501214128ad87cb03124c45fd0dad3759c362bd5d2937386526dd8","nonce":"ad23d477d0f9ec0c122823e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"057bda1cec85912be4764855f23236ec98b5e892729e5ff6d344abab477a59975fbe612d0e4dffbf74b1e462e9","nonce":"ad23d477d0f9ec0c122823e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"8224c671fd895c239dea292d67c4e965b7d218bfdc5098774dabbc4ba468641c527c7f2398357c10971b95a49c","nonce":"ad23d477d0f9ec0c122823e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"a91ddc5e9359f91cc5e8254dc7142c81a7142f3ac9e972a93f316010559ac886f1c156536b05879f610833240f","nonce":"ad23d477d0f9ec0c122823e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"6ed1e7e997ec4c17f011c511f93bd589fb7c3ea8ef8cd8e5e5f522350f68ab275fdf8ea63465997bc06492037f","nonce":"ad23d477d0f9ec0c122823ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"cebbab15c93a6b1beee9ece5bc6cde2da913a9d4fb341ec188e86387dc5a1ab7a8cdc3de6b63b6f6ee93bcb053","nonce":"ad23d477d0f9ec0c122823eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"2b430458962d7ec001ed15d430a374bbb49573e5d8b6b1f5b576e55ecb5b6399fc28099798f6ae57b7a51e832e","nonce":"ad23d477d0f9ec0c122823ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"c8019b87fa8b4d137aeb5760cc5b04cc147797cd53946be568a05a53f2a2b99c20cc03761d5ac2194cc8c8a194","nonce":"ad23d477d0f9ec0c122823ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"c54aa6b39364d6e671982b35ef6b33dfafe8943a16bfee91b48fd726f591c2c542bccd2535efbdcd735df066dc","nonce":"ad23d477d0f9ec0c122823ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"e3f4a3aeda8cf757b2b37e5955b4e2c03accd4b1d7eeecb1b355b6dbc9416eef41a9c5a1c16db5a73d93e2bb4c","nonce":"ad23d477d0f9ec0c122823ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"5ff4acdbcff92f65fff26e08cb54b40033635d6c18e7408d5169d40f39dbea5c92d4143c1ac372651e4c2f95a5","nonce":"ad23d477d0f9ec0c122823f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"eb77c5d56b1064824702828d12bd1584dec1c7f51ddef01bf48638a2b4cd8d4163e751abd07145f4ac71b67448","nonce":"ad23d477d0f9ec0c122823f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"982d1c5839cd98f3c44fa0517826340ab0aa709ec1cb506915e07067a03d3a049acbb1b1ee6b2cfc1333ba867b","nonce":"ad23d477d0f9ec0c122823f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"c673dd68636f6f235f4be048263efb06af1594eab3cd536ab9331aa0420f367f90c6d6234a62edeacc13028c8b","nonce":"ad23d477d0f9ec0c122823f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"26885fa2e37e7df4f8ef3fb31bcf37ea215bb8a65e50c67ce3ee78290c901c6ca972d6419db66f6d1ef0177769","nonce":"ad23d477d0f9ec0c122823f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"281035d763359fa62caed765f76b35ad5633b12e469c0770d863d1a3c57be595b1e5fcd800ccfc296f53a58abd","nonce":"ad23d477d0f9ec0c122823f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"374ac5b091a34d1c859aa326ab5300801c1c7d63bae0b1586780bab66dd2d4c7d0636029c76ccca69bf7d9e6fc","nonce":"ad23d477d0f9ec0c122823f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"3168e501ca5d0a354a7fa011d2dab9201299aed5fd066f9962fb53e4b9d12592fd0967dca00264a5fee4cb91de","nonce":"ad23d477d0f9ec0c122823f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"d91c7a8f66f358492fe106deb47b075cf15ed7a7d443c5d9e588cc4dcb4c3295d68e12bc675a8bda8736d8570c","nonce":"ad23d477d0f9ec0c122823f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"2a7a208262fd34229e2e5dd4b33e5bb0ec23273b30df1f688713da2608d5ec032b640ed623e4e571983b0b0cc6","nonce":"ad23d477d0f9ec0c122823f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"88f3dc4b8d3436f8fee7b10f8bd9fb267630693c14cba77599b1d635fb29831ec4f509b877544c01712d8b348a","nonce":"ad23d477d0f9ec0c122823fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"415858079a029838e7e9950ba5dc63da99f19cda7fa553b696e4284f8fd7f2878189e8cf9081f84589876573d8","nonce":"ad23d477d0f9ec0c122823fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"2d3af632d00f6736340f33dcc61c67fd95959aaf6ac9f7656135837a9cedcf991e095ef952e00274c58cfd3367","nonce":"ad23d477d0f9ec0c122823fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"63a7660d2653dec7803b22453ca1d17e1cb51e49daf61c235809507a98d75a58d2831032cb8383ad474bd7fa21","nonce":"ad23d477d0f9ec0c122823fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"0e5c74d2316d71f4fbba645a44a898b3f775f7138c5fd9bdf3ac25f28baedbe3fa2c9f7ae06f784c124124e615","nonce":"ad23d477d0f9ec0c122823fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"b002a5899867b9d765a52123094d13cda322013b9c21ea196d97f9a3090e9337ded1495c35768d9d97bbbb9789","nonce":"ad23d477d0f9ec0c122823ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"485435704d5a6748c071b9629c6705a99b4835db19422bfb2c8d18cd08e209b2d50ac3903c85a553ef0d834660","nonce":"ad23d477d0f9ec0c122823c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"03d0ebf3164ea3b22ffb23d67a55705481f3180bdc402a7202eb9783daff49fc9cc0699c3bad27351f0dd12613","nonce":"ad23d477d0f9ec0c122823c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"ce511aca55a94fa79a81769bc8a9788224c6a9b4c9b9e3f2ab505d757edbea96f5a5ec239d89b8957cc31ce2f1","nonce":"ad23d477d0f9ec0c122823c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"4fbbcd88a3bf6e57fd2ccb8eea0802f60ae88a9f1d741234eb9a6efb36c22b0f0dc047a191143b1a8c44154d5c","nonce":"ad23d477d0f9ec0c122823c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"7d7a519e72ab270faf2f25028eede671f7c4f5f1e894f713e52e7227baf124f0a2d6eb61d435d5712e9e28dfef","nonce":"ad23d477d0f9ec0c122823c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"3e87cc563c98a16183ef9fd0f1d569efa9fdaff326e8cfdd96217ff21fa55996dc28e63234189e69b37fbc2a1c","nonce":"ad23d477d0f9ec0c122823c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"7d1f51edec285d59634e255a0fc0538f61310d03637c24dcb817f5586965849c1b98ebfb5d3bc04e3b9c9af1a6","nonce":"ad23d477d0f9ec0c122823c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"463bbea0b2893e48254f547c9aa71dbc9e557d3e2f92510956aba5e5a7a8ec345d09feffe50248518478153092","nonce":"ad23d477d0f9ec0c122823c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"fa3f4d764e34f80b0605c2ccc711bda88fe734b29b4bb988794fd1c68ae40f6ba8924014a449c4c7c821c9685d","nonce":"ad23d477d0f9ec0c122823c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"061acbfd8545879296a309774f83345703334252a5642f98cf48fa4d03bb81aedd4781e6c36c085e315d0070e7","nonce":"ad23d477d0f9ec0c122823c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"367d214d588feeb0e4f928c9a167e6815828d6ba781e1f95b97625bbcca3517ab546c4a2debf45f7aeb5ace70f","nonce":"ad23d477d0f9ec0c122823ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"611dcd72f52bb75fd0ea05859373764ffdc0b0b7618746a2b3753231fe7dc443b11b78f2976bebd5b9f0332830","nonce":"ad23d477d0f9ec0c122823cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"f180147693aafad7fa9a5ae4f48ee88393ed46c065fd733d7de01e77d811a01be735cad756f42e0c5954730cca","nonce":"ad23d477d0f9ec0c122823cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"b27be68722880c8a68c885fba283e6c71efed05463c033018743c98798c1c9af6ca2919fa923f34376532a5c37","nonce":"ad23d477d0f9ec0c122823cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"c40dfed5e269ba9a3a9176d55a10382e4fc8d6f1faceefde205b73fe08e526c9f434985403a076b7ce3962eeb8","nonce":"ad23d477d0f9ec0c122823ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"2af1f1135aa942d97144d0574f2e3a483787cf4c57dff491d2b231e61374ee38c5dfbbc3014041a9b16971568d","nonce":"ad23d477d0f9ec0c122823cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"7cc1b444db99642c08351461fa41eead069ca77e71f8b0b305b1ad2bd9d40e40f92b787bcb69c70a085e3453c8","nonce":"ad23d477d0f9ec0c122823d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"6b90d3962209d4ba298716a3a2ad2e5298742743ed45941d8e243a7ff02d8c7fcc8066955701406a97c05243e3","nonce":"ad23d477d0f9ec0c122823d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"d8a2e4776eddbcc94e7035d97a05c45b786f3e1c710815058de930d89b96f188386bae775e0a3d512696527ff3","nonce":"ad23d477d0f9ec0c122823d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"d0ee840649e1b5acc34ba076fabba3ebdd5306dcce7be37b38baf3a643c841c56362a8214d8321c8b33ae798ba","nonce":"ad23d477d0f9ec0c122823d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"d3aa609f13403d0cf7c9f29ed3840a01e829db071dab09788d828c876be1970cb7f1ce142bb79941be9b9d63e7","nonce":"ad23d477d0f9ec0c122823d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"6142817b02cbcfad184ff292f66632201d80e421f997816112b9a039840c518d99a247cb5ae715df9d0e03b769","nonce":"ad23d477d0f9ec0c122823d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"78e3b0e090d35c8164a9901810723fec7a4e09d44b6db2b95fcdb11cd820f9d53197595cb6590e7e795d917d8a","nonce":"ad23d477d0f9ec0c122823d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"c56d29ceb5ccd83e6c5455d007e80c121010b476642ea0165d2e873a2a8be701fe36b956533c43805206b5b1a4","nonce":"ad23d477d0f9ec0c122823d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"014f268c9b2eaa103a3e42e8e37c65ea72edf3eb5a90516eee261cfd0b2821105d7eaddc1818b8dbbc27f28733","nonce":"ad23d477d0f9ec0c122823d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"692ccbed65fbf93336802a726752712261ebfa659e7273f8925f1e47f0fb938a265768efedf1eef5bf15013560","nonce":"ad23d477d0f9ec0c122823d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"3f639b2076646a5ddd1eb559595d2f86e475213cafa7340946841f1482b3d4149fc503cd88f241c56f3b1f9b77","nonce":"ad23d477d0f9ec0c122823da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"65a601a25938a10a79febe81add2257a8b5a1a5f6f8d739203faa39270996ecccf9071e7cb5e6bd63fb089cc7c","nonce":"ad23d477d0f9ec0c122823db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"53ea5ab637c617dfce4d4adf170286d52731e531337736d81c1521eb799ff10c5b0011c5535fe658a2f8d6c7c6","nonce":"ad23d477d0f9ec0c122823dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"e09154d3f0255724391858180b4e2f1190221062e0dcd7a8aa19e7250919a96475d55e3eadabd2e6e2023bd27f","nonce":"ad23d477d0f9ec0c122823dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"60e9b7b0fce951d0599b3b17353967d9e2b13d33cd9f7bca4fdf3655afaf41d15d2f1393a1dfd0a606f539fec5","nonce":"ad23d477d0f9ec0c122823de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"c9cc31e957f434a34eea538c1deb4b35a6b6c58379e660211f4c6d11a615e9a87fc704d6cdb0608e59d9efcc12","nonce":"ad23d477d0f9ec0c122823df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"03b6e4793f1e351d71d899fafd9d44c5c67a66c0c0acd060db6f34453c9312fcc215a5b6415973314a081a001e","nonce":"ad23d477d0f9ec0c122823a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"39f60a41e540b36994fef987768564ba9d7958634d46ed0c0d68bf50e03053d98aa75825b4ac42b91070a846f8","nonce":"ad23d477d0f9ec0c122823a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"49d7f78b370eb97b1dff129ce13da8df6138302a01544137d2fc683d5c1fe8cc2ae720d766da5f6b8075476ebc","nonce":"ad23d477d0f9ec0c122823a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"542ce9cbafcc2ee83000c4e6aa6098c0b2962c280e96d949471011ed311ff7dca71f09422cbcbd2775f656d57b","nonce":"ad23d477d0f9ec0c122823a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"ebb818937c9cd8f03965f5c0c8c049d7e3c9b9b00210f67adf7d3069d2724558dfe1b29123b6c3a98d4b858272","nonce":"ad23d477d0f9ec0c122823a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"7add4366efed118b0b7c7bd1a877e9ef2cfcf9ba18937b41f36e0189b27ea7d86191cc12594c8834a9da6913af","nonce":"ad23d477d0f9ec0c122823a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"13413edb39f4644495b1cdbbc986a16b22bc8e3b96d97f194cd5a6c8c990dc53c35301eb7be14405d5321c3876","nonce":"ad23d477d0f9ec0c122823a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"c7c5d37777b606cab1bea0b52b54a2795eb1d618710c51dfbdc950ff8633e76eb887cebac0ee7f7d94433e5bd2","nonce":"ad23d477d0f9ec0c122823a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"4225304e84ae6973624b4f3afb0788fe489659e8d473bf16e653e3413626aeb06e7a5d2828e155e19d184aa58f","nonce":"ad23d477d0f9ec0c122823a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"c0df892807cba03bda93f44329a7d290f3b88a5e4d8d5be1897e6f7ec0b1342889ec5f0bcf05df041fcd6b76b5","nonce":"ad23d477d0f9ec0c122823a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"cd61a8f7a7dfa4a82c2d1465c97b86f9375a4142ad0691edc369dbb44e9c3b69da0e13aad860d1f79e5dc79baa","nonce":"ad23d477d0f9ec0c122823aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"4764dda583c0236520c1982bcac606a8fc4527a3ad95b402b8a18a0ac7530c517cbb5fe56c38ed04e3d47dc91d","nonce":"ad23d477d0f9ec0c122823ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"caadf597eea89146f4fd4c2b003c3fc002a1ad03388b88ce2161972ded8098b5edef955adadda9fb7e3d7b84a3","nonce":"ad23d477d0f9ec0c122823ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"498468eb5cd8e9f885958dce565660203b62682cf6ff05ce206d1b96cbff5ba9d038da8431569a5a8bdd56a128","nonce":"ad23d477d0f9ec0c122823ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"6bfee4ba5e8306f785b5a78ce32aa95723c8551923d06881b7002cab2802242b1994ab9ee5bbace4505d8c0227","nonce":"ad23d477d0f9ec0c122823ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"2c0dc369b7d85979eb2d1707594fa7859603d4160d4cbec85eb54969cb0b3ab85b64c402715f6bd48cf18b7574","nonce":"ad23d477d0f9ec0c122823af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"b5805d945444989b16b85f4d2330939b5c35acb7a688dbce16ceebb48a27283a3e11bd0c39f573db22c7de9498","nonce":"ad23d477d0f9ec0c122823b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"7d0a34e2f3b575b826151e0b745b16125ece9fe13e8cb7187910e2ce4fa6e802f409c5b88d799ab44e468e0420","nonce":"ad23d477d0f9ec0c122823b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"bf005d2511903e97405910eac035dd1513099e3be067677e8a9a932f6642847bd613742df1fffc7c748d267054","nonce":"ad23d477d0f9ec0c122823b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"001aad7f01fd05aa58eadb2fff776508b53d6063376595a9d76d165c975c496929ee159463a6b18bcc0994d6d5","nonce":"ad23d477d0f9ec0c122823b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"7626c82d233e01d223842152417517e66e012c77da550d40f32130b702e1c61546ad7eb42928716ed3d2fdae16","nonce":"ad23d477d0f9ec0c122823b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"ff79c023d9d95d556fb54e4627ef0756a82cb727435f439c11ce27d5684ed9abc79bb9a0e368f00fda29c695f4","nonce":"ad23d477d0f9ec0c122823b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"4e3667edbdcddba9015b487e8898ed00396c3b5529e2d57d337766388b437de9dd3081b9fdebbdae65421f6664","nonce":"ad23d477d0f9ec0c122823b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"b84e657afcf3b1d075dab8612b2d7f9eeae85d2f22d5cf7b236d3cb1522359cee73614ea03653f05a5747fa40c","nonce":"ad23d477d0f9ec0c122823b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"9121d69c85b76ffa44b6a0992a3c407fd3d6e112c3ac34ce8a8bb24ba88f122800a011d997c36ca52d526d3f26","nonce":"ad23d477d0f9ec0c122823b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"f4478f9b9e7d6daacb89ddc23a5d401ebd670ae2142a6fcca5a563f6aa28792071b73bff77b78fdcc91daafc96","nonce":"ad23d477d0f9ec0c122823b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"ddabe057dd06b23994f4fa33c8f68e16dea806d58f0b8231ad3d3d51c5610bb3fb57c245168d245f084986fd7c","nonce":"ad23d477d0f9ec0c122823ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"50a537a7a9919523b703d87d06916fe1db975fe4cfdbc245755d461256966a8328f53645d7a52c5366efc0068e","nonce":"ad23d477d0f9ec0c122823bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"d4c8c0eb36e1fad327656254a613da555865a9131f25b1096a5d6edc33691749c51ebe9a1d473db012c0416adc","nonce":"ad23d477d0f9ec0c122823bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"a8d8e3d389f8762cc6d29f6ae2e33e6a81ce601192e61192d299d2c6f18f0be17424004b611a9cb7cf84ecad52","nonce":"ad23d477d0f9ec0c122823bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"9b4be3596542c5fde639feea86f79f292aa92d1c6b291c54147aa6677a9b69fd56ecc5a910ea1527512ac05e4a","nonce":"ad23d477d0f9ec0c122823be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"0c312986b94ea73852859b2b43cf4a3f47a384c9738380fb7b4c048bc7794cfa7b75b6aa5c3bb8eb20d8cfd43d","nonce":"ad23d477d0f9ec0c122823bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"31010852c8d2e3f0cc94d2f3ab75933b13c95d31cf45f66fe5963f96cec5a8e5de41f8500caa47418ab4ebca4e","nonce":"ad23d477d0f9ec0c12282380","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"4eaea89315865e1bb55f49e23672233f834874110bc6ca5604a9825536e8ca11c1a8720ac745a1902af08dc028","nonce":"ad23d477d0f9ec0c12282381","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"1aef835e2fee28243947b3ddd0fd168725e9fdf109f7557ca3023f24f4f07e6453ae74e2d431a60fb1c403044d","nonce":"ad23d477d0f9ec0c12282382","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"9cfa43e2ded5eb588f52949937cdcaea74a506d61ae72332ce27702f531033172a753aa448bce0fbe92675e1a1","nonce":"ad23d477d0f9ec0c12282383","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"d9accd9fb28373e123991b4b06157ac692fe7102eb99f196e7a920e75a4e372250cb04471981d6130a99df8db5","nonce":"ad23d477d0f9ec0c12282384","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"18c21aee37b6f6db47cf7a0672e3768db164e39b14d6073be6cafecb52db16141fca44bfd86477ed451b8d78d3","nonce":"ad23d477d0f9ec0c12282385","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"04ca12d82f71522c6ed9e26fb1b919d98b0ee6ad0846a69eb32665deb298df6d36d561fc417a76b89dd8d4d1b8","nonce":"ad23d477d0f9ec0c12282386","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"10aada5062b9c1dde32ebeef10b4a0bc8ea31c9b47a8cc139e0a41d64c77a647bfc2243e2fd66d915df2122cc8","nonce":"ad23d477d0f9ec0c12282387","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"c797b51e76e86012e7cb56c6bac596e90dd0d05643ce25c3cc7093ba1acc128f0ec4bfb227d065320afa95dd6c","nonce":"ad23d477d0f9ec0c12282388","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"5acea4640c11c32902d552041171a4a5e84816bb451ec8b631ac1518bdc4e31816173b941d4e226c2a63e1a5ce","nonce":"ad23d477d0f9ec0c12282389","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"51a73b13f87e915e6ba589ec11b62ccac18ee795d92207d7264f08b88cb405b9c2b48faad35689eb024d8edfe0","nonce":"ad23d477d0f9ec0c1228238a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"dc4027aed4a97298f22c49dfa7a7b63de517e96979cd860f5aae145831155053ba2c6784201022f362d92c03b3","nonce":"ad23d477d0f9ec0c1228238b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"64b5be8333146d88c563423cc94128226bb56c0f5442f455fa157ed229dd6ffb0812b419ac30582daf626e2d94","nonce":"ad23d477d0f9ec0c1228238c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"f4e0f9f88bc34d11ca9f8a82a8318c154f8450437eb16474817fa77faab4e59ba1103e8024aa79ca616451d391","nonce":"ad23d477d0f9ec0c1228238d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"acfde8f057e7f81868bbc8658e6500370012f5a2407a41e742730f2652e1c3d70c7d9d765f119febcfc6eac66c","nonce":"ad23d477d0f9ec0c1228238e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"3e351ff8a2cad47317882f3c44564e91f3043db369522db994a12582c04f56d84fef0768dc1ff26d2986d95de9","nonce":"ad23d477d0f9ec0c1228238f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"b7e468272b8936a8d24611c25eea3cabf3aad1ff327699f30621f7f04d725b06ba7c13fdfdd8789e12c5f9d216","nonce":"ad23d477d0f9ec0c12282390","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"54021ed861a7f18768964850010a7152c0fcd441a07cd899f33f784acec7a13b49edc31dfcaedbe2f47f079a63","nonce":"ad23d477d0f9ec0c12282391","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"ced9788d0140af3bbddca7e6e4317f18a014c4d2b2cfb947ec1bc32511e94c3fcf868a706766e42fb5976fc2bf","nonce":"ad23d477d0f9ec0c12282392","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"0960dc6449ea65fcd341ce3df94fd423373285d79f93dfcf77cdeb30bdddd29c37bcec580497c51d07866fbdd7","nonce":"ad23d477d0f9ec0c12282393","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"7758086c2b147e089d527b8e78aaa294c267ecafdab69f10b32530a602c117aab4f9e1cb49d1b6da6fd5d64eec","nonce":"ad23d477d0f9ec0c12282394","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"19d26ced5e50d7fd4928aaa6af84fc114042e72beb6cf78f40b4eaf86100724fde582783cd63ba06f017536208","nonce":"ad23d477d0f9ec0c12282395","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"59e8310f9e6aacb6791d06302fa4284b3ce628c04d86a2e079071d61d74736287f3169eb126bfbf75a4d0108c4","nonce":"ad23d477d0f9ec0c12282396","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"18f89f4bc7e5917a1b45590069a3afc5db0180b7d7d34a6fbb15964457e8f2a071eeefa2f350f7ecc759f76244","nonce":"ad23d477d0f9ec0c12282397","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"94a4c74a525234fbbc1aaf8295e8489cd39e778de531cd74e78026a597b0e4543c689bebf5906d5ae5537bfff9","nonce":"ad23d477d0f9ec0c12282398","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"27a3cd718e3630020782bc088d03a0a3ac2bdc75edb07dc1e7224d03024146a689ce7f50438b072a2aa0621564","nonce":"ad23d477d0f9ec0c12282399","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"21f161297e0b670720f6ee4832fe2eb9860553775b2856a32f7083cdb53f9075bfd7a2a3a8e364f5bd94ecdde0","nonce":"ad23d477d0f9ec0c1228239a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"c8d36ee96dcc5a06385c7543f2b3c6a418d1bbee6abdd4b1a991d32ed762d60e02ebf00b2b4262ee6d13dc411b","nonce":"ad23d477d0f9ec0c1228239b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"c86b11e2a44a86d065c55b8ee966140307177156205ed27243f735767f230f45791bf3e521c82737984fcaf2c2","nonce":"ad23d477d0f9ec0c1228239c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"88a32c00ba5a54d3be2b3cd16fcfb8adf43a5e8b932f87eaaabd3b3207d415511ca0f7e5fdc3c74e4d262acc9b","nonce":"ad23d477d0f9ec0c1228239d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"f06f3fbd7864832107de36492a48cc47c9ad502f66420a7e685262761ec6c200c9b2b7fa40b8035d322777ef9a","nonce":"ad23d477d0f9ec0c1228239e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"181235ffd44224649a0fbdc5231c67558d015bb9d622afa023eb3ce948c36ace7872b3d67b3d94b95d57d3580b","nonce":"ad23d477d0f9ec0c1228239f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"6fba181536043104dbe021c28638b223618ed04fd0a5fe0572174e26d84e2585047d903b8393865a52d54fb329","nonce":"ad23d477d0f9ec0c12282260","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"c9d634be6e873105fc38fae1f86e195a0aa025c5cf1672acd2a358e7e2a84244"},{"exporter_context":"00","L":32,"exported_value":"d51a7dee4bb7da5e8d6271c5d6755967bbade71c4ceddab1acded3e6e5f642d0"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"1a677fc144ec3f0df86cfebd6578a0a1a402beeb6f6c36235006369f1211edfa"}]},{"mode":1,"kem_id":16,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"509212d2ac43d399abd9050ae3c41c030b82623da0494c0d9f8f26ac56b7e188","ikmE":"92a316d4c52d5ed7eda925071741acb98a59457dde4c3b959c79acb09a00ab68","skRm":"564fc2a44c6961fcf0ef8eec0024ef50bcf31f43812114c975e8ffe87c17606f","skEm":"859601134f7ee1728c4a56fde416f2967cfea85b9387061d83593c93f7f07a2b","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0480080438469055361f6ba695975ca3f0d14cfd61ae17c4a67886ab44e04ad86db30c5a6d90ea007e7d5ff3625a4c5156a6cfbfaee71da2dccf75ccd944d3039f","pkEm":"048739ebbaea3156cbd5e39b4ef41ee7e3b52c8cb4958d087112b17b778897152c7e99307095b1cee54b807077f6f5092970a27fbb57ce2835263132c75e52e7e0","enc":"048739ebbaea3156cbd5e39b4ef41ee7e3b52c8cb4958d087112b17b778897152c7e99307095b1cee54b807077f6f5092970a27fbb57ce2835263132c75e52e7e0","shared_secret":"27ad900ec494ed811a9f14087e816cbe85fa0b54bf0a652cad3efcf0802eb44d","key_schedule_context":"0141db1e5b07a041a0eeada5439a3f724a79fee39919f2c964570e3bd4ae296e728d0672b77f6d53fde449bfc9c0c24f0b899abadffa161b5bd14bd99c0b5586da0da9817afa84fe836a2afb21fe34bee379586120ef91d5c0432c32bb1d1d6dc7923282892f781147d97bd9e353465a35023868db7b5c0fa7a73b1ee212161f04","secret":"fe2d39671d945ae46fb860c94fbf331218b5a60e1bf27ad7a1066e116bd760ef5e21c136a1b32fc5e2e0442b5196c20bcd8dbee5759bb3c4b5b2d2ff507c9b41","key":"28b3e9411cd47cda728f7dea88faa449f103f90ca2afebbc5791e315bd355de6","base_nonce":"f2a9f537ec6d21162c70efbc","exporter_secret":"1fcdfcfacccf116fc8808ce22e8983bcf1121d0a96ca8bae2af6b14ff707fd5c7c3126da658100b4ff8cf756765c4a9ae1b7d22f042a28d876e081aec8f44b58","encryptions":[{"aad":"436f756e742d30","ct":"351d83aa6f2ba77c4b9b89aa22fcb18aff3f792bb04e999de9f76f03f99e92c8d9203605cc0dcbb5eb08a9db6b","nonce":"f2a9f537ec6d21162c70efbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"e9deb7896d9414ea4d3e01763e425b5bce3b43874d9121f33441f601a8f7faafb0687512f8782f23ea7aa25b4d","nonce":"f2a9f537ec6d21162c70efbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"1c8229429d2bee3a6d116465966f7393ae43e6bb735449a4f92d1edfb70b7ab2316934fab7d282be988e3fdf9c","nonce":"f2a9f537ec6d21162c70efbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"277f9ef2616c64269a686aec2bc79acde727b2e08b61102893c09d488ebaba615b6852494ecfbc5bb8c3e0f823","nonce":"f2a9f537ec6d21162c70efbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"407d1a94b6243b752c9073ebf152a3bb6e883791a35a3a4f4ecc9c06901b14407ccc67bdccba7626666a3f88b3","nonce":"f2a9f537ec6d21162c70efb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"d40ca59c029cb9a58a1fd2b851c0dd345cfd66997cd49263dab9fbdabe087bec06bd3ab32d48b42ad829dce06e","nonce":"f2a9f537ec6d21162c70efb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"75c2026b7c83a22e43365fa5711e2b9fe1bd202dfcf9708266977201ad12b39227b7f53960fa6a8966e9dc669d","nonce":"f2a9f537ec6d21162c70efba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"8f12ccf004bb2eb83e98047dcb745493ddc7dd7c9b7b70e17ea146475b8a7b68da6b753bdfb7efba70449d298c","nonce":"f2a9f537ec6d21162c70efbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"ecefd75987fca42818478cef388d2e77f7581bbdb79ecd4bff7de775cfb21ccd27036c751e92a414f57acca97e","nonce":"f2a9f537ec6d21162c70efb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"c915aad1d2f2a1e15ef71c3583417af3871b2fb423733f891bca72a85669418e2da1044aa136bb12cd6a626669","nonce":"f2a9f537ec6d21162c70efb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"723d8648cfe077eadcf73934e48418637d213396820a82b8c6a7d328e452427173816eb16150c17373f7570c6a","nonce":"f2a9f537ec6d21162c70efb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"335536719cc98e4324f336b28d82e8d92631e346026109a7b43d567810937f8c91863cd79373e20d5f9bf35452","nonce":"f2a9f537ec6d21162c70efb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"2431d1e78e14252ec65ee85a5a61a1e98af63d5e1f1a018a5e512a3608683eb3712caf8a98bc3d3d94a7d82d93","nonce":"f2a9f537ec6d21162c70efb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"352549290a09e01ede9b139e75654b3687865783e3c3461fe76fe4018be4e56a8f8eb1a4bb57cbd5255f675a13","nonce":"f2a9f537ec6d21162c70efb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"95eaf975c33a6af045d50d132908afdd99479f52528a43970f32170b4ae4b2ed709f76c9fd5a2cab261ce7e7bc","nonce":"f2a9f537ec6d21162c70efb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"58613336a056189c4850f2454cf1b20672dfb3f885013ca83983e9854b8e3937abf1e66725bbdea53ce195356c","nonce":"f2a9f537ec6d21162c70efb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"36d076b9d5973002a83d177fe1a80cd7770ae26e4981dc9f0598e0bc2bd72a10bb3677371af9c44aac06d7caf1","nonce":"f2a9f537ec6d21162c70efac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"fb54d35d0e95423d737d133674cc4819c74f39201218bfb214f144995879b2cc3f2ca2026a6ce080b9f2880452","nonce":"f2a9f537ec6d21162c70efad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"97f5f038af532ef82181978f1ac5fcb4e4fc2553c73977b7dfac64fee50c555b4c09470bf4aeae4a3f53ad5b8c","nonce":"f2a9f537ec6d21162c70efae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"4f7d306d0bd55c5e194080cfe9ce7c98a1bf4eb36105e7869d45e9c7e49997017140137a6c303189f5b31a240f","nonce":"f2a9f537ec6d21162c70efaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"eef5df08dc9f0e7194f90abba69176756b5cb84e8c82ec0942e39c5a9e6bc341fbc3264e7cffc8cd0e382bebea","nonce":"f2a9f537ec6d21162c70efa8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"d3f20f51ce9af63e976138fc09b71c101f567ea9069ad2081997fa0f7741be9ddf803f0cd914bf2bdf215aa638","nonce":"f2a9f537ec6d21162c70efa9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"4ab2c6e6fcd5c89ee2f69b32ec7d2e0e7f0247fae29a78654769faebcf0b3a14c77fdd1c02291abfe956ef2ee1","nonce":"f2a9f537ec6d21162c70efaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"db44b60d53df7de612962dc8dc69b39ba5679fdf659b84519b618bf70650d330af33c7f7832152cd9ce86377e3","nonce":"f2a9f537ec6d21162c70efab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"0d243f83c31379add782aa8723ac82844f733f7e8113212c3d82f3fbabdefde69cea6bf02e6acb0578f9b676c8","nonce":"f2a9f537ec6d21162c70efa4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"d685687649ddf1fd41b8e4aa79fd0b992300f28544033ca9ed415a59d642bd417250802fe6b29926777a21b67b","nonce":"f2a9f537ec6d21162c70efa5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"9f27354629c0e0d96f37438c25defb8c3c0ef1b1fe883053133f40ea89b5283d3e3ea9c8f07ee77c5b9f8aa91e","nonce":"f2a9f537ec6d21162c70efa6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"85b2af13f67bc17bf7089227760794230f712b75c52f617f2e0a805945e9f7ccd7986196b999c55c83be5c3b42","nonce":"f2a9f537ec6d21162c70efa7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"c6990a344d50d33b0695ba6dbd2ba02fc166fbdba498e49392c8731270d6611519ec126aeee073460f0b5dc33d","nonce":"f2a9f537ec6d21162c70efa0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"ad2db8c704e1f7fc7eb63900a5c583d5f75a37a574cb39699ebc8bf90f084607ea3486dc8e0017acaf282032f1","nonce":"f2a9f537ec6d21162c70efa1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"90f898f726dfbe409987b7ffc462f47cfe15a6712358f0cd2cd872ad52f4881c290ab007efb4405907c36a3d7c","nonce":"f2a9f537ec6d21162c70efa2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"eba336b6d740b14b1a9cf999b30537f25f2c211858ee4bcd5ab6d364f614e8e828edd55de02fa6f7ae2161940c","nonce":"f2a9f537ec6d21162c70efa3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"995ee140f5e29b72d693088c1a3a3659694fa5649d00b53d7ec1b87269abc762fb33b45fd96f86a7c7a263f0b7","nonce":"f2a9f537ec6d21162c70ef9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"0ec7a2059b8f41a0798e3b4311b99810ad3599b08c678bc39af2e1c23d31c192d94efdace464015a89df257460","nonce":"f2a9f537ec6d21162c70ef9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"1913c2f37cd4e77e6139069c03cd3db01adc212b7f60508f47f9812fd23d4e2d97717c6eb97344633f7e1b0df9","nonce":"f2a9f537ec6d21162c70ef9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"53624abfe78b49b0e244002a582b2cd45e241124c35e367df015a84d04292cd75fe77b0cd7473d93be958a737a","nonce":"f2a9f537ec6d21162c70ef9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"01317c2a12d9df80a9938f8594d2f271ecef817035815bd7f83fd5f7117ce1ed4f0ff63bf5e1e418e0c51fd19d","nonce":"f2a9f537ec6d21162c70ef98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"943c5e3124417263cd75baf944715b3546874bd5f2cbd1d48a999b498413a6a3c0074d5bfdd88df35bd38cc98f","nonce":"f2a9f537ec6d21162c70ef99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"e94de99b96ebbc5a41293b06aef368004390bf0e838200867cd4409a5b4fe2990e362822cde9bb4f0aa13d2830","nonce":"f2a9f537ec6d21162c70ef9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"752b65001efa901284a51857bd22dc31314b326d0935c8d2c954e99ed3c78663781658473072aa0edb5bd675f8","nonce":"f2a9f537ec6d21162c70ef9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"4961919556fa42bbb1f59fca6ca0bd889aae745e22f1b822a0bd949c324acad4dc41aa6c2817360643592057df","nonce":"f2a9f537ec6d21162c70ef94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"d8e59595f7cd1f2e636d38b24ce1a8b7b54c2a0798f837dc27f426f4081e7beb71a0864bdbd913f7a8c9694d7e","nonce":"f2a9f537ec6d21162c70ef95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"1c96e86cd49baedfdf203ca31c2a315092ac253b6e2ade008bad0ed1e81dd0343101a393973556d5d578b844b8","nonce":"f2a9f537ec6d21162c70ef96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"5084b14519a2c91194fe525cfd5bd75324df1f4aab8eca918a56039b14a9de6b73e37072c1d0de0ec0a79a1dd8","nonce":"f2a9f537ec6d21162c70ef97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"6a7ab99519b6c6d4cb60ffc7eecb257fce292da21727afd5c136185923f757b409182aa0e6a23ac6f026f2bc65","nonce":"f2a9f537ec6d21162c70ef90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"284b23d7931cf506d9c87243c252858051886734f75db192adbd43e13ef9c27917d3f97dd66d36ea2c729fea0c","nonce":"f2a9f537ec6d21162c70ef91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"378741f1f02c9dc5b0895c5d46a90369c631250abf74bee4e47628339ed1410addcc95efa2a690ba2b2fe8cbe0","nonce":"f2a9f537ec6d21162c70ef92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"4efe107b3e34b4e54ad45b93763ea749c7280ad4441790c868f0295d178318632491ab7b98719d8f8b8e2f1ffd","nonce":"f2a9f537ec6d21162c70ef93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"97953e3659a901009820eb50d7dab7efbd4007c6a86d602752219502afdd38dbde6a9c766b26a604e8b430cf01","nonce":"f2a9f537ec6d21162c70ef8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"f8e645279bad89f275c4d2a03916f8f085d1403aaa7fe16ad87a636016360484ab0c1e8128ae06a8ff42abb3ec","nonce":"f2a9f537ec6d21162c70ef8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"66f6d6ddf44e192b1b8238f761e1aed0475f451640c8b88d6d32f8a74cd95c589b3a4295e0e3d2e49ab402d783","nonce":"f2a9f537ec6d21162c70ef8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"b5c29d85037a29b97eda7749cbc6b1f5589a776a52544a7580be12019708b7d970fc99d4bf20dd597e744c69df","nonce":"f2a9f537ec6d21162c70ef8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"49a93ae4884e5e22e0e8f1b4a1c39ef7828b3021a47f8c6abfac6e815dbe5bd3ef23ea3f179bf92f02d40523eb","nonce":"f2a9f537ec6d21162c70ef88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"3e292519d3bb4957f60f5c58d0089cdd6470ef1aeee9fc9e81d18f294c82b0fc7278f0fdf9ce6d9e35670d8226","nonce":"f2a9f537ec6d21162c70ef89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"67656d317c8bfce71c5f8c8cd62f42a38f6e10c44b5ec286d8ceeffba8241df9e97f5cca7e62e32d8e69794ee3","nonce":"f2a9f537ec6d21162c70ef8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"105ddd1fe9112b229363121db09a221d049b1cce370550ab1797f4cc5685fce017be0097f1ee66429bb74a8057","nonce":"f2a9f537ec6d21162c70ef8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"c77b8ed6067aeb1d104830cc0ad18e4667e7c3ab57fa83ff944365bd6bcd39720f42872eb5bc916fd9bcd60413","nonce":"f2a9f537ec6d21162c70ef84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"f45358bc3562320aefb7c03e6beb06710bb84395a3d9f3e55a3a3c1419e1260238c76c41ce84361023698dce33","nonce":"f2a9f537ec6d21162c70ef85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"a95ef92cee2ef812e68ce3b545fb2ad17bab539e605bdd6e12bb32bedef63f0e9a48bcc526ad5c06ca5e989012","nonce":"f2a9f537ec6d21162c70ef86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"8a7667efaa9b072fc03f32779dffab21e2e0eea56495a0e3d71eb6bc979e03132c3d9e992531a4db8d44e7902c","nonce":"f2a9f537ec6d21162c70ef87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"6651e927aec2c9d3a55363c83102e213d64bb8c3b600ee4bd44d6144179385d02654c8acc47994829bb299918c","nonce":"f2a9f537ec6d21162c70ef80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"bf4eb90931ce72fe9e12beca83173a8db1c61198ccbdcb4a2c5ea8af3774bfd570a911e1312752ad8440421d19","nonce":"f2a9f537ec6d21162c70ef81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"0c2464a4c12409fd1a73f5bdda03d12ec6c0fb81d55a0edc4f86e0c8350bd105efa0b481ebb3f778a8a381bc29","nonce":"f2a9f537ec6d21162c70ef82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"2c7b8a1b8a7cbf5a59f0059c35d4ea0fd9fb58006ce8ed4c6de5178a24efcc612fd43c2b4212bcacf4c76b07e8","nonce":"f2a9f537ec6d21162c70ef83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"132bb9c4ec8e37d7950e1e5cdcdb6b281d2daa099812b6c2d1c706daee8d2324b4b51db7c31f58630c89a04cfa","nonce":"f2a9f537ec6d21162c70effc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"5756e5ec7aebe55fc0d700c0f01aa28d6132d87f1ed7b53fcf1ea8fba95e76996fb1955110f18ae1fe0fde4fc0","nonce":"f2a9f537ec6d21162c70effd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"9397b119eb43bf4312324c1171a599d76a5687b07c9b9e97c653f8d3291a71d8d68f4b5c349610755d7cda1c02","nonce":"f2a9f537ec6d21162c70effe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"1cd0ccc790d302eea44db18a637ec8d2b253684ad0dc995d65496d3b7a5e795fc89c7b9a67214853e4e9bd482d","nonce":"f2a9f537ec6d21162c70efff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"759cf32aa6f293a92a52995d9cb602ece9b95a9928570a873ed54f21bb22c31d581e026ca39332061c96dd4dd3","nonce":"f2a9f537ec6d21162c70eff8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"7d55c47d19afa109bfdb45b3258eeba4845eafb474a46707a0424724010b2253d450d0dd9101396afdd860497a","nonce":"f2a9f537ec6d21162c70eff9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"ae04aced7ee4a6b18cff67cbdfae912c3dadc4d2a746dedafae67f517bc8bd673d25d387f6221c797ef515e10d","nonce":"f2a9f537ec6d21162c70effa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"80351ef5df5a3ab6f6935d743e72d58142830dd01aedb132dad230175d11b1d5bc5e59b65d9c7ec6023e587a67","nonce":"f2a9f537ec6d21162c70effb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"14743beb457db5b427c6195370fdd76ce53752a14a4b4aeae564d0e89e691321d396020c7670938a62f48d1b95","nonce":"f2a9f537ec6d21162c70eff4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"c5a360dd79976a35a11570d5fbeee1b9c6ccbbae932dcc5213320076dd803b0d19e0ac4dfb3c42330f11bdc680","nonce":"f2a9f537ec6d21162c70eff5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"7abb35d7b254ebb86c2f3d8ab9d05af6e0485bc85f6c27b6d91221522aee4c6362e501a869af410b082e2fa027","nonce":"f2a9f537ec6d21162c70eff6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"2a97e0910202892e8eb877c6c51924c9a4289b956d65aa4c09fc4c39f5f8eca656a6ecb2bf76321ce8f8d914c2","nonce":"f2a9f537ec6d21162c70eff7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"76dced0b1e761f4cea82ac0644808878848e5e52682f6f12ae9df76410a237e565a089149bd448f8f006de98c0","nonce":"f2a9f537ec6d21162c70eff0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"a0cee50974c1dce4dbcaec0cb1faf42fa36483bc7a0c57d81853b26321a7661b93ea154bf95e9e4ae36d34da52","nonce":"f2a9f537ec6d21162c70eff1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"9070538162f25415f9990d9e00de8b870e95d0e999b4f5d93a9e42681e96d5cde85eef3f721619936c6c48a2f1","nonce":"f2a9f537ec6d21162c70eff2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"ea19117f441cb1d9245320486bee43a261753e367c90212fc89ea5d4b38ba524a7621f2679ce8b3f71bcd88308","nonce":"f2a9f537ec6d21162c70eff3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"ab5101b950defe60234bf78c7ba507614dbbdc0c7f99afe1ebeae8c989d264d24d5be8c512a5c1972f80e58cc4","nonce":"f2a9f537ec6d21162c70efec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"714760bd2d19b957d9f588cea43ca6782604dc240761829a1e9edca4a34cabb3a712e03935817f3c03be8c9374","nonce":"f2a9f537ec6d21162c70efed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"7f9d6e44256b5c65b6533a2abc31c69ff8c573b0d7686ac1ba3bb8a54a43713754a26762a55a01be91c89804f5","nonce":"f2a9f537ec6d21162c70efee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"986685c1764df9b6102fe0773c22bceca0bdf76034a6ddb755264868437e93b23944e8fcc3daa14afe866e2a8b","nonce":"f2a9f537ec6d21162c70efef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"a373430e1eb183fcd5ff5202e2ce9acc90e9018d00520e5ace7ca736d0945f8b6c01f14b655e97f457e6ecbd9b","nonce":"f2a9f537ec6d21162c70efe8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"54814dcc43bc2d6159567d7b4e3ece1f42ec4a231878e5adac888ffd21b51b5d40b2c3a3f439a329e883b4e80a","nonce":"f2a9f537ec6d21162c70efe9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"e7a39e91d07bfb71a2c1b69f643bd0575effd87e4360748263bf7056e78f5cbf18d4c8d7e55ad14e43c9fad69a","nonce":"f2a9f537ec6d21162c70efea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"f25e6d3cd6d1c001b27c5f6d06b3ccf4aa9d3ae6ef9240d6416336a5f78f32ea7a996182e55566170560a98cd1","nonce":"f2a9f537ec6d21162c70efeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"e08d0f9fc55617400a6a311f5c38ad99248545d17977794adc68c9043d477dcc4b4016178bdb4887405cfabf5c","nonce":"f2a9f537ec6d21162c70efe4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"5f2173a8eb3bc7bc7dd6ecfa1ad24048f72953a589e2de7a79cd3bbb6a6a8b28ea853c46487ef2246f116624f8","nonce":"f2a9f537ec6d21162c70efe5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"fe26cb05d2d39e2ca3105720955eab676c156c5eef332cafbbde449e7cd6ccd1c074a90a20da26b05575bdf055","nonce":"f2a9f537ec6d21162c70efe6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"e4fb250bf6cae76fdf991fc4ace4680e6763ea5ac82f30a3c5f5288e78a3feda87250fdb85286e5177f311a4c5","nonce":"f2a9f537ec6d21162c70efe7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"c25d4cbde5d350cb29463962802817d11d3850f544424d736e1ed56c2356f2e5eb4b8abe522063ce8407030bbe","nonce":"f2a9f537ec6d21162c70efe0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"87fd930c0c646128b1fda1d5d9331f2e89aa65ec008837b8cd7d40145a9301f426f0ff2412db59b2d4b88a1e43","nonce":"f2a9f537ec6d21162c70efe1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"dde525de69a4b863c540a58fc0153c737a8d4918b95b084676d7596f6d5360d2cb86ea09a3936eb3c1086eb8c5","nonce":"f2a9f537ec6d21162c70efe2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"cef4f6539622168ad8a0ce6d24b230c9d7b4966e793160ef304ee0af220798d96059d1650970353903ced9dc05","nonce":"f2a9f537ec6d21162c70efe3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"6501d2891d983dd1d723943df481b890ed2cd55a49eec7aa2b0e843ebb3bc622e5bf8c13864f60a9c228401b34","nonce":"f2a9f537ec6d21162c70efdc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"be0b49a5548dc4253875975af628f93021282ff16cae0474539f6abc4b31729d18fc22644f6dea1a9d33397588","nonce":"f2a9f537ec6d21162c70efdd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"e3a6bfcf0ee0542eea8ca86f52ffff8b1feb9d5778461a6610e1abe928874cb885778f4139349f95097c1407e1","nonce":"f2a9f537ec6d21162c70efde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"6df80480fecd6bd225a6119e49b60de229425c11b024a0cd6eafe2cca475c46bd792e3446a5a0d8bfd8603f5cf","nonce":"f2a9f537ec6d21162c70efdf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"ae5d99a4a9ed9be54d20599912d3d66fda983a360f07d2b509bcb0c6e19eb9217041a95c304d6d7ab63bf9378e","nonce":"f2a9f537ec6d21162c70efd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"e7d2880ff367e768dd092d33acb4da368ae0a334b62038a395646766e3d42cf1e0770c59f0d58af59ed57dae11","nonce":"f2a9f537ec6d21162c70efd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"bf4e3961d590353d161dc2fdda05a7ac027367b5a122c63395ab07dd87dacee2fcae99e79762ee887223100512","nonce":"f2a9f537ec6d21162c70efda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"bc0e8abf36a5476ce6da2facc7390c0e6970f69ca403dcefd334fb99c923284ff63cd8ccb12ca0e85f467b639e","nonce":"f2a9f537ec6d21162c70efdb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"6b2a2c72ba7c50a29e54bac76f8c7d47fe93a7fd8e325e97ce648ff4ea0a90593929c611e7dc3004352b35f66a","nonce":"f2a9f537ec6d21162c70efd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"24f72c6836b01491e4102371f9902975c04b3d11b0a631cf93b5c544e979f59fa3683160c6b2c11f6e5695213c","nonce":"f2a9f537ec6d21162c70efd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"16f6a37b2225221f470ac221d3d7b0da89ffbd5f2c6857472b2260cd78fe25664b63148ab058015810aa7a040f","nonce":"f2a9f537ec6d21162c70efd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"259f8a8c44df17d175a9a0c416ed1548aaba50acb820408ed4dffff2d6085cdcc449c44c3f4420b8c0535a104e","nonce":"f2a9f537ec6d21162c70efd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"44ed7cd7ab00833f0ebdf2c96ccbf8a0b9d28876e9d0653bb22ef7b7aba6008a7c8060c26918b9c9c81ce21966","nonce":"f2a9f537ec6d21162c70efd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"da36463c3994104890aa58d5a7bc6f7d123385ec418847f2066e1de30bbbc33e52a8adeb5063b352f9d124b661","nonce":"f2a9f537ec6d21162c70efd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"b3320f1ebdbe971abb51be564c92ea2554cc03407c3032f4e019a555c791e8b6f0c79a99c6d5d7f86eee15df94","nonce":"f2a9f537ec6d21162c70efd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"6cbad48097c15e42582299dde19e42a469202e9d25574c6c656eeefc8c15833bf955bc8499921fb22c8a045aa5","nonce":"f2a9f537ec6d21162c70efd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"cf4de604f4503918dbf1e167bd4eeebf831318e46b9045fe5ec776866bebceb3ee5ca409398f6a68d90c603da0","nonce":"f2a9f537ec6d21162c70efcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"1378b632e88dc07522f33054cb790dddca0976c6cdc4aab24997422d45db2114f32b3a06b7f636fa9bbd0bd4c8","nonce":"f2a9f537ec6d21162c70efcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"cfb0d99c82a05a38b8d0dbe100e6106539550b1f269f9b60985036531ca7ea41b1e4d98305d4017d47935893d6","nonce":"f2a9f537ec6d21162c70efce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"23595ec746ee25614cced54154e6cc1e274e0eda5893fbb6ef6cc22750268379faed23862948e3c3a3a6f893ab","nonce":"f2a9f537ec6d21162c70efcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"f4c0abee1ad82bce48841eec354fd13630be31b5821becfff1e823dd1ac5f31a9919403f1d988dfb6e12bc0e65","nonce":"f2a9f537ec6d21162c70efc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"7f666df7702e594d755d34891bea9c9bfd077677aed5e7a3926a9f22df09b5ca75ed65e415817ec055a8eeb9c1","nonce":"f2a9f537ec6d21162c70efc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"7f45f6c3b9e87e4a0e2e8eb49248a324d045531b86a075e960527373b340ee5b8944de338237ee21406622f9f2","nonce":"f2a9f537ec6d21162c70efca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"de24531a4c3e9651101ba12730c3363fa94209d46c112399c1d6362f75541f12563dabf4e6f18001ba4e283efd","nonce":"f2a9f537ec6d21162c70efcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"cbc0049c1ad2957b37d5361d5745f4840ea3b0f87e09aa18f99534008f234b6b7e36e6401eccfef195a2e1f7f0","nonce":"f2a9f537ec6d21162c70efc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"325a58426189b2a8c36c082f467a15e5ae61c787d151263eb658a88c36989df5ed021489b64b6a0d3d1e25d8cd","nonce":"f2a9f537ec6d21162c70efc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"f3eb95bc3cdf7274f4f857d6665a05bda9b096b84a0e844b74bb0dc9fac77e847ecfce91fae5ab4f4a0cd62231","nonce":"f2a9f537ec6d21162c70efc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"f74f195e4dfc2d11690f9df207a7b581b9a46eaedef1dcd65f154c676a8a75e08ab1fb4118ab91a70c0954222e","nonce":"f2a9f537ec6d21162c70efc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"57e8cf4d75b0a328ee153f233dc9f4121d393c6316a5c576cc3aeedf6818fff5e2276504d8c0976d8daa1009b7","nonce":"f2a9f537ec6d21162c70efc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"a267b9aeba6942c13e36bbfb77e9dbfb800115cda7f2521d1b92b91b9100cdc9ac633ed1e31277053bb9202ed0","nonce":"f2a9f537ec6d21162c70efc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"3e0640b1edab26d7883f721c937696302d3f4a75f9f5743c7bd5f8da56080ff2c9be9f134a6d222bf62a28da24","nonce":"f2a9f537ec6d21162c70efc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"5f4bc997d9e2d27c66e77f582b52864775eda3bd1dfc2471e5cc1f76e99026c39fb1ff9a3541b0c2fa8722f8df","nonce":"f2a9f537ec6d21162c70efc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"4e20167a9f1a820797ea29cb17ca797a588ce0a112d690c8c6adfd95b0287b254ff33c2407dd1458f824e6d794","nonce":"f2a9f537ec6d21162c70ef3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"5e2a3407e96d96c3f0869792b441f4ffd165341de1eebd889b524ed061bbf9ec84c8919443fa9d2247135bf256","nonce":"f2a9f537ec6d21162c70ef3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"29bc6a2ec9472fafe366c92695ae285143c54a278218236831bb571833253dcbc2307d3b12522b0a9a79866927","nonce":"f2a9f537ec6d21162c70ef3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"ea553734a24be6a04add1d1055d02c5991fc229009e417aa18d29916c3b015f30c7df1ad3da606319f2c9fd8f8","nonce":"f2a9f537ec6d21162c70ef3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"e6cd85633bbdff7e5ef724b4512753fdfdd0300c223a381055b665ae01c553786706e905e0d0474915dd6b244b","nonce":"f2a9f537ec6d21162c70ef38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"2d699e93b05577fb7e6c84a4864d1ef7bde2ca4399a6bada2a4d07655cb98c9beea796136e338e8dbd3bf1be3d","nonce":"f2a9f537ec6d21162c70ef39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"dac4e7181b1eafe7a722cdc0a901bea61d13514efe8b90352d87f73ab4c4271ab70212137a8280a8fb9d3c61ad","nonce":"f2a9f537ec6d21162c70ef3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"2682ab282c6f7c4a170ecc7fd35e97be038b69194df0f20b0c824baee64de8e5b9cdb64e5bdeb28678e8360fe2","nonce":"f2a9f537ec6d21162c70ef3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"42f3a359469558ee2518945ec4a8427803c99fa3ff3294f011316ccc8eee260b5e02aa2399dd5944328a64f42a","nonce":"f2a9f537ec6d21162c70ef34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"e3cb12ff3e53f7830548d49fefe413a74abae3e8e85eed90e970189d333dba1f455753c6c2489828e7e40e5408","nonce":"f2a9f537ec6d21162c70ef35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"0191fcfed7a5b1e409f08d93c147e0d372ab35f967949d762b0364829239ce6b8d028b1e4ccfc19e8a2c08dbad","nonce":"f2a9f537ec6d21162c70ef36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"d1bb7efe956415752ef7695ebbdd0a8c3c46443f556963d213f967d026ebe16c67829606770e1f3efadd392074","nonce":"f2a9f537ec6d21162c70ef37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"70ee44f71766a71fb5a997cefff9b5ff4597f7454f1930bbeb1f5a8cd9466ba8f013284c266995df1034b8a3ce","nonce":"f2a9f537ec6d21162c70ef30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"82c3eeab129cd84a0ebe890c6752f82756d49c025f282fb27a4af7416e43f755338147ba51d6113719dabf6c19","nonce":"f2a9f537ec6d21162c70ef31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"65014d8a24b15094296905eb3a95e4ea8f0b74cb2e31912072497a01a67e2d8b85e3416987ac1088733d09f838","nonce":"f2a9f537ec6d21162c70ef32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"f6fe3a10d433df33f5b7238daa50b1e60f3a7d722c6d003229b09040862a6a454b22514c158398cb2ff6bbafc6","nonce":"f2a9f537ec6d21162c70ef33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"879ac5ea49d0594526c712894c19bf9cc2938f3a474077d9adacf45a6fb7a9c1a6e269045828537031a7653e1c","nonce":"f2a9f537ec6d21162c70ef2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"6403c931bdd2ca701aedd34dfdad08ed206783d0279f76bffa75fc81792b38742e88055334d6221e0e5d14a7c9","nonce":"f2a9f537ec6d21162c70ef2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"7a64240f9def916731deab624163dbb12558b98329a658ceb5a8e901fcb808b3887aa980da51ed69f2978c419e","nonce":"f2a9f537ec6d21162c70ef2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"61a557c0014f11afae4177dedd8dce61771a4ce68b5aae800d5f0ceb03ae9c209f0dd1b37cc16723b34340b3df","nonce":"f2a9f537ec6d21162c70ef2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"ae0fc15c2baac34d50dda35fe42d2b9983ea75afc6a417ef3d5543ee5de36bf0da6baeb7eeefdbe1a47ff5173a","nonce":"f2a9f537ec6d21162c70ef28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"b570da2d13b121dc1a1bd347eb79b8f92252b3854ffb87faf588ed99b7ac79c983fcb514d431f339db6d5e8af1","nonce":"f2a9f537ec6d21162c70ef29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"4b1913ed8c774b5a8a4b98432beedba0d5e2cbe879421ec5fe4d6602fc2d696c7f6861dab3f1bb8c44652b4025","nonce":"f2a9f537ec6d21162c70ef2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"ac1b635887a396ef798758d2e8a75fceb3cfbf741260576996367531f89763df3e13f57cd1729737539527ac53","nonce":"f2a9f537ec6d21162c70ef2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"640812695ce89ff53fb1f8e73f5bfe06beea45692ec4f2e23094ba79ab176ba81d4396a243a5e78e3ac275f60c","nonce":"f2a9f537ec6d21162c70ef24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"525a44686055aa66376bebf6b75805fcc59b8f77f311de8702a339fecd186685d86281ada237fc1855688f6841","nonce":"f2a9f537ec6d21162c70ef25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"023cd459d57cd20d1c6fad3115a9c07eea511cbf10148b511f23aa5fb3bdf526627b5afc85870dd5f7e925da53","nonce":"f2a9f537ec6d21162c70ef26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"c1c2b6133ec70575a3dcdbfcde00d72e618de3ceb610ec0c95f8e753715c2ce3b77a83dafcda5e4016afaf31f8","nonce":"f2a9f537ec6d21162c70ef27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"de733b881eb1c4e1d0ca371059bd65c3ec4de1e301223e552a46fdc15fe9943b374a08279e38e660bf0fce994c","nonce":"f2a9f537ec6d21162c70ef20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"7b5945ee0ac9ed790c859699eb93083470a5e3ee4baf7e432da3010a3e77d32def64a4585500037bca817bda00","nonce":"f2a9f537ec6d21162c70ef21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"52fe881e7513dadf0e58b76536a29dfda565d04dec0b29cb4409cb34cab53221b5d7c5209cbefe8316c3dfcf4c","nonce":"f2a9f537ec6d21162c70ef22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"3ed830449a920c71d1438957b7547bd371f9a6cb9889819eba043c100c7b3321d8e4480ff70b26a39777ee4751","nonce":"f2a9f537ec6d21162c70ef23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"d0f2204be5e7d6197a63c18ed0520bbddc95c7c5db82b08e2796ce0a7ffa14cc2f2a45a5dd3c756700a4ecc1cb","nonce":"f2a9f537ec6d21162c70ef1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"9036d7b301f5e7f5b220333a2ac01d90dce7cb123a190ae6f5a7030fa37e2adb487ffba6f309df76012d3286dc","nonce":"f2a9f537ec6d21162c70ef1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"380a48825c022b1b38bfdb8dc53de952132985f89cb9ffb9c4f6282b74c99620f721634a9c136b0982a4c06f54","nonce":"f2a9f537ec6d21162c70ef1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"f4e9ebc5c39cfa4c7b02b949d9aceb9217817c812b9abb84e8894fa9c02a2ea37b18e273b79fbff38b3a7ea1ca","nonce":"f2a9f537ec6d21162c70ef1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"50f89b4aa2615324a4d96af8ed5b75b39c144606a5ee75709e80e59faddcd0731e9098571c452da024cade16ed","nonce":"f2a9f537ec6d21162c70ef18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"c3d20fb044ea310debe3204564ce654b3bdbece6b8f4034f89b8a75c5389b12aff4b9b57eac99d06135360bfe8","nonce":"f2a9f537ec6d21162c70ef19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"02bac78feebac6bfb196973c4b8184ebd631bbcb0562dc7b764b98ec8ff8026259cbc2c189f2c46d6353426b7e","nonce":"f2a9f537ec6d21162c70ef1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"1f9ab54f847f8fd19158e3eae6464154bbe5cc3a4d68d781d8d2c85fc4e8e4820b465e4d387ed4fca5e7e0bfa1","nonce":"f2a9f537ec6d21162c70ef1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"6dbc8b41713deda9ac16288d21d2295aba10283a71bec294198997eb57bf42616d40c40cc11748994cae53d0fa","nonce":"f2a9f537ec6d21162c70ef14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"eb6d739c07bfca8f0346e6fa34591aaa9e7095714a4fdc7b498f6a6760201032ccacfec7f468f5bfe339c6c70d","nonce":"f2a9f537ec6d21162c70ef15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"96e80c9bbc509f30ca7a5759e93ba8c7a616208fa76841646a31a27ee7b5fa28ed6c6ff026a54b4e59abc67303","nonce":"f2a9f537ec6d21162c70ef16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"7c496bd334e659e8f6b2df08047cf4cdee7689671880f05eb55572392dc532cec9e7389396faeda38dc90fcef5","nonce":"f2a9f537ec6d21162c70ef17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"aa73aeddeae998a37131b17da0e5d9c7cd47909e99457f4d5f747e7bbd25189c2a4dbcd1764c878de49eb0862e","nonce":"f2a9f537ec6d21162c70ef10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"3c68cbf0c9161fe8d7478cc79cba1ecddb7c04ecd84ef10b64ae579f04a39a8f7d0c0403cd2866c229edf3232e","nonce":"f2a9f537ec6d21162c70ef11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"368a617776126ff3cfca71d7f1d63c48170b4d5f32f74ab320424efceb815351582e88b1023c69548ba29264e7","nonce":"f2a9f537ec6d21162c70ef12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"32e3869594b2e1af8f1caef66fafa02ac4b47ac6537eb3b092e7ab0e9309fff992f0236c1a58d0a8ad416bf1b4","nonce":"f2a9f537ec6d21162c70ef13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"4302e93270003fac86399bed011207e3663af8736c331302274cf395365fa4f3832967d41d2ac5c26e683d9177","nonce":"f2a9f537ec6d21162c70ef0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"e2afaeee49211ee9c64c62cbc1dd4379e92a3547cc8b19a40bae37308cdaa5a135c19b88b33ca2aa202193b2bf","nonce":"f2a9f537ec6d21162c70ef0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"44135b44e1552131c837571b9c7e3eacda093591e4df9cf6bdd9d1189092e16601a28a2b68c0de2c7cd75f7b3c","nonce":"f2a9f537ec6d21162c70ef0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"c489b3f5c260d5fb09690f1241147fc90ae0c5b96ac924845cd8d4edac12a1537e3a60b6c7402887c1c9b774bc","nonce":"f2a9f537ec6d21162c70ef0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"c5d2e3d758d6be994ad18a2e7ce59fdaeb9f9b407d92dcb674aaa86cea78cf7e1cb7852d8837b38b320c75aac0","nonce":"f2a9f537ec6d21162c70ef08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"778b8fe9e5724613be5f34330fc5739d13ba7426150ebd6d6e05722b55d4c6667bbffc59e732dc45b57736f826","nonce":"f2a9f537ec6d21162c70ef09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"f136ca0bdfa2b12d61231aa7fc758a11a58ea6558b6d5a737da331947bcfd95f7b9066fa48216247850f8cce15","nonce":"f2a9f537ec6d21162c70ef0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"196fbe448aa5c804f348862b04418a953cefc431acea8db957c3bb73062fbcfc8da94afb2fb268a3be0d753ae0","nonce":"f2a9f537ec6d21162c70ef0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"029a4acf5bc03f1f7231ff97f0e4bd555ea48ad7d69522075f04167de85fcb2d2fd39c7deb52aac67de98cf9c8","nonce":"f2a9f537ec6d21162c70ef04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"a83d505cdf446a99b6432dc2fa1aadabdfe52fce168a9b5b41cc9e2e53b3c59f28bdc61e77c2ec737a57fc81aa","nonce":"f2a9f537ec6d21162c70ef05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"43ae728b3d49d351e4804ea06842e1aef867b27bf152fb7d90ac2afd7d25df451a0a92e4346da2e00d7e27a6fc","nonce":"f2a9f537ec6d21162c70ef06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"60fb32c6b58990e5c522a109dbbb438ac9b31bf5e8887eb53f6a7e4b6f82fa1e014e7300c50640e52887bd0024","nonce":"f2a9f537ec6d21162c70ef07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"42ece418ad67bd16d1f8bd41d31c4879111534306c01de10e550ca8b82a2feca8c81000354b7b5bb613759b2f6","nonce":"f2a9f537ec6d21162c70ef00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"cba388be55de2f7b76d0af94ce1f4f68f75cfde368fd4d3fc84f3b00e94ba703f93bb288e47a00e9524dbec7b3","nonce":"f2a9f537ec6d21162c70ef01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"2eedd5e4924ef05d55485c07e6e255c64048cc209d9dcb63416f48f477b97cf9a15b483a3fd6bca195f909e2c4","nonce":"f2a9f537ec6d21162c70ef02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"7f9ea494b91d6b65b8ccb3c039d6a4789d39fcd26ad7ca68c2b73c884bd4919a83fec50345175adcfc90f30e9f","nonce":"f2a9f537ec6d21162c70ef03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"2f6ee334421f290a4a8505d7866424ec284dcceb6a3d343fb1d8ee5ee904dff049e35db4fd9436cd7402dd7e07","nonce":"f2a9f537ec6d21162c70ef7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"d7145c1960e444820f2a562a7b35f9f6b9ff9baa7218b9787f1dfb7740adc4940006cb60a7c6ea190bf7a7006d","nonce":"f2a9f537ec6d21162c70ef7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"dd4757c27705a863c6c7e4533c5f436b4a20e978079eda979bbf211a7e5897ac3954d1b59937b44cfbcd185fbc","nonce":"f2a9f537ec6d21162c70ef7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"66f90343801575977986b0af8f8d5571de1b2a0dfc44249652053a540351a1e5ad0423357532e9efec6d6afc02","nonce":"f2a9f537ec6d21162c70ef7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"fbf6a85abb9ec0d1d0b407b37ceefbb48b3e9c1c6dca5a2c451d5b99080800dcec550ba5b4f1ddd0abd3e176d8","nonce":"f2a9f537ec6d21162c70ef78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"ce92fd093947ff24ee5bd47f401c0c82d25315219b28fffb0742d15021174371db18746dc6ef9460421378296c","nonce":"f2a9f537ec6d21162c70ef79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"a84fe31047b17b36be1b3c593d32c12a5d90546ee2a974dd4a3b8b54316426be55a65f4bcc1befcb0329e790f6","nonce":"f2a9f537ec6d21162c70ef7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"15467d5f0d16331bc23c3f9a19f05b14cd112f85300b5d102a2cb8970c32ceb2e29a9158fe8c66d6eea94d0e12","nonce":"f2a9f537ec6d21162c70ef7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"dbca80645978247cbc139df139ada09dda97f764c25eeec89401a9a6ea33a062663b68a721d4cec5413094d06b","nonce":"f2a9f537ec6d21162c70ef74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"f984048398f4288f986fdffbad4d016adcf312ee76702396b90a7e5f75d2dbdc85cf0cce5e33bd96488c01cc0a","nonce":"f2a9f537ec6d21162c70ef75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"25d75e1fff7862d4829b84584151f5def82bdbef55d311bc7f927acf23116802f3b312cdb192ccd480b1de8b58","nonce":"f2a9f537ec6d21162c70ef76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"40c5eb004d49eeb3739299b89685223ac600ddbb62c1d56e97ca1bcd37d31639a450e719934795b55bb23ffa28","nonce":"f2a9f537ec6d21162c70ef77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"4a179970d9f5a80fd3bf0648f8f75ff73c1ff1028dce72999fc01df73a3e23b7f1ca75737e2ff845c8c5e2b66a","nonce":"f2a9f537ec6d21162c70ef70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"55b8675fb1e7eff2443dc1589b6af4ac3372900e6ec9daf0db2093a112dc553f2b098aefe66927da2d12fdc0b5","nonce":"f2a9f537ec6d21162c70ef71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"8a1c96c3c68f44765f1355c897a80d1f25a5eea5dc1aeab1e7c11ac6f424b5686bb71adb0d726a63d87319e85b","nonce":"f2a9f537ec6d21162c70ef72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"7424b85106f825242f7c58386993bd55f669bc2701014c299191e571557b41547fc8ea763a587dd4c4a1deb8b9","nonce":"f2a9f537ec6d21162c70ef73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"70b7eaf5d6faa4a0ffa6c79421978f8cb8113fd3f8a6f57c6ad8d9da5134380efad571d22e1aa6cfe52791eaa1","nonce":"f2a9f537ec6d21162c70ef6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"7b3c17e6f6c0d4cf3652406d3f2661a05bc255b5c4b8b21f0d05e66d9934beec5b79628a49c9ca6993219b9880","nonce":"f2a9f537ec6d21162c70ef6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"bf30e9a9c2f0f2e0bfecf3f48571e9a966fe65403ace1372a151c1f0266df64b5fa283355876ad5631d552740e","nonce":"f2a9f537ec6d21162c70ef6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"584db5aec083a49e521bba3d9d5e90f536c0f86b169f0c779ad5967d568f5db300e9623cf816d5d4ce847498f4","nonce":"f2a9f537ec6d21162c70ef6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"1936bd7b775e47d1bdb5df21b2be25e14419c44dbdc574dfc28f0ed3ac366f90871e877c4fcbf0a4e72a1c902f","nonce":"f2a9f537ec6d21162c70ef68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"116e535c35f7ef31dce3b019c78a6a7c2cf2b81fee16fd3bf7cb1a863c506a64774c0a2824d8a36167589c295f","nonce":"f2a9f537ec6d21162c70ef69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"d3048f42f9a71ed61adf5084843a83d32b8585b1fd4f9ec87fdc8eb06107c2369109ed15a1c27ec84e1891b296","nonce":"f2a9f537ec6d21162c70ef6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"d4a4b590a306780c86e3fe3d8487f3ad4f780e252a2ca8a1d8208b9f8c60647e75328fa172518b17d6fa853fd5","nonce":"f2a9f537ec6d21162c70ef6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"b27f8a97467c50e3a3469a97269cc6dcb17890535bdc56f7c8af1be2cdf30321dc00386d5bda79b4253d929cad","nonce":"f2a9f537ec6d21162c70ef64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"0c3cc72750ff7525ad29d9b906c59084013cf3c6812f1f65f8b2b87867760c6b9de7b01c65d0e7c5ee310dc531","nonce":"f2a9f537ec6d21162c70ef65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"a104d84b57611cd823263833a67ce834f81efbeb9bc3beb8776f0b01c20bd924a9c7315399c4d4b79168445389","nonce":"f2a9f537ec6d21162c70ef66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"09a150e78eb2bcfc58f219f751aa22f1c7898491042b2011d568d935c458ced14afbe2839a1d57d406ab00f776","nonce":"f2a9f537ec6d21162c70ef67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"dc5d9103b0cb4ab7d2f5abbd5fd0be02b12c1696dedb3240b7eb619d8082bb054e390e89f6d0294fb90191d585","nonce":"f2a9f537ec6d21162c70ef60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"5b2009cc91789338636cfe52c71d7e460a00dd41728b2f417a344f59e78728b9cbb5ec8a52f055f1f0bd16a51a","nonce":"f2a9f537ec6d21162c70ef61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"d6df9465dda81378a550ab6603ddcfdcb0c68538e8ca8b688f2dc3cd616d0be5c88a99c0b88b8e2d149cb15988","nonce":"f2a9f537ec6d21162c70ef62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"74ce83778994e7d31eb5db9a787d441a54b901b22fd80176fb1215ae55d0a2ac87087ca4666315d9f800e51a45","nonce":"f2a9f537ec6d21162c70ef63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"a96e1ff53db04a4a48ed1bfac911d0e6bf071d1749a82fc28b03de4493a127b93258a46e4f6f2b18fdc695d575","nonce":"f2a9f537ec6d21162c70ef5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"4115cebe4dfba0ccbbcf83ce6ce3f5383153335dac34dfc017ae96b78ef148bfb2c718a2af28d81ae525366447","nonce":"f2a9f537ec6d21162c70ef5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"7eb683762352caabf213dddb45e25fa920547a0860534c25c91ff0f2bd81f1e9b65ceea800fb03b8738e51b285","nonce":"f2a9f537ec6d21162c70ef5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"1808c8cbfc602915a3873960944ccc663f125d42ed35a807b4b0cc23abc65f904483369327e38a631ee296b776","nonce":"f2a9f537ec6d21162c70ef5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"59b2a7949bbc7d2b3f0f98451f533b25d7c2c278c93bd9292766e7fe613170a51ce61061e99043e166b96ac328","nonce":"f2a9f537ec6d21162c70ef58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"f263113ab11a8c1945c9554b7f5e98f878a7a79f72057f77672299aa1e141db0ac2b77852ef47a4c163b5cd344","nonce":"f2a9f537ec6d21162c70ef59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"69ac6f890b50e7e12edd7477a0e3c43f47ed938cdf9557c0da3fe4c4d2cbe7f8ce8f888066e620db7ae41145ec","nonce":"f2a9f537ec6d21162c70ef5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"da9fcf501f3d3a4bcee1be497eacb839869a038760099d8838e699194a650f39b6a5312ea25614f239544290e3","nonce":"f2a9f537ec6d21162c70ef5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"b03091dd933c9bbcfec4ccadbae6904495fe03c2c10c1d96f10041b3098bd096afddeb2a8e6bc553de36c504ae","nonce":"f2a9f537ec6d21162c70ef54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"41ae5333865476ca97b6a0e20ae746ec647afb9d62af66a79192c96489a6a3df56ed06fc93addfb5561886948b","nonce":"f2a9f537ec6d21162c70ef55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"caabc637e085db4fac6a1f6ff135120db60ed854a0ad2f441b4485b3d141d1254fb11624dd5505d84f2a749828","nonce":"f2a9f537ec6d21162c70ef56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"61118a0d4c7522c05aa955c727107a382c8cde30ae1d04a181eff709a92f62272f9d55926b1d852fd0c9e7f631","nonce":"f2a9f537ec6d21162c70ef57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"4fbec86734504f83ea08239b2d2d77afea4534e1c21069780dfb7cf0c657721642241423c49cd86b19c69f809c","nonce":"f2a9f537ec6d21162c70ef50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"d5f244f5a9f53573bd24fe2bc71d72de05697547c3353509ae1e47ad6f827e7f3230ff188b41e66b5002a236bd","nonce":"f2a9f537ec6d21162c70ef51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"76ebaa785b529ad91ce470e25210149c3ae14fff7e824d3ac8246a94d747f39b71c794ab09273f94dc453f9890","nonce":"f2a9f537ec6d21162c70ef52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"a9360158de39f725becb30eb77d80e68164fb6a0fd8d3060eaada143cad4d88950feae676a2f3864e920a46795","nonce":"f2a9f537ec6d21162c70ef53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"2f5dc6c43ea4d86c54afce34de280d4de4f6568e90c918d22de48710c3e215172a771240efdc6f9a3042b3efd0","nonce":"f2a9f537ec6d21162c70ef4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"b104df887096582166acbbc7bcdf3092462cb17f120c7c78f4f556d467c0821c5af0bbb6e810b5cdac0b317feb","nonce":"f2a9f537ec6d21162c70ef4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"0f943cb658ebb336bbaf1568befd5c419ffd81f29c89a5b83c077342fc457d0ea59a50abf0e40bb3860d4320de","nonce":"f2a9f537ec6d21162c70ef4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"109553c183b2e41aa30b6924d5e8f204382ac4e47b63a496502ae7f0e85befd863fa407e6e65a8854a5a08eafa","nonce":"f2a9f537ec6d21162c70ef4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"b2036d5f2fa6a626a62a048de547677a86e346d47bbbb185dfe9c3dbaefc5a87ed91a60a8a1a13f43aa61eacf0","nonce":"f2a9f537ec6d21162c70ef48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"22bc43549211aad4505842a257f6cca0777ba78c329443e257975fcf8972058edad2b04b85a3eb60cdaab4e78e","nonce":"f2a9f537ec6d21162c70ef49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"0677640858ac0c2131edf2423b79eda20288b36cd23e61299d468f08612d49b4f75b5cc27808d69e7119f6cfcc","nonce":"f2a9f537ec6d21162c70ef4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"f1cf14d1e955f55cf6c3e622968c0f01557a8fc947ccfc56a2482711661eac2962bbcb19068ac7506182adb1ea","nonce":"f2a9f537ec6d21162c70ef4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"fc7f5718b4da2b39cd71da3b7d8e3be5b75a84385120669b9a3e42fc31f92e64a03f4008d125f869e27b21d0ba","nonce":"f2a9f537ec6d21162c70ef44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"70d6a4427b8e7ac3c3aa016eb87061af08a93cb552725fc43aba96ac6932b7036b67603736edd87ae010c1be4b","nonce":"f2a9f537ec6d21162c70ef45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"e3e79965bf26896ceab0d505f86697f52987ad7f7863735ff698b52f8f6b884a0fd7ccb2fe899ed483b551f001","nonce":"f2a9f537ec6d21162c70ef46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"5ac596a18d06cc907bc6d54cbef5f2fab8577ee236c35b665bd767ca419602cdab9ed62c91b4d69b829bd90634","nonce":"f2a9f537ec6d21162c70ef47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"9bca6775811211c7979bdcca01b512ee37940094e0dd3a458c2387d8b10afd1c9e3b1b3eb60c767290f59ff04b","nonce":"f2a9f537ec6d21162c70ef40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"cfeb42942fc3d42e0cb31a677b86be5608aa14f54f0bdd71f74ad60c46584bfd93013a8987c1aabfcc78aab4ab","nonce":"f2a9f537ec6d21162c70ef41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"96bf4e3288488ead419f9364a0a5d41e12eac0b73e88b155287e93679d86b7706550f328ac0b6ddf65aa51319c","nonce":"f2a9f537ec6d21162c70ef42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"23a27e0e3e9ff52dae15d66e39f155f1d02887b6e425864537378daee897eb630f6ba78dbd526167af48a648cf","nonce":"f2a9f537ec6d21162c70ef43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"47c0fe1084f141973870ca35b470f03d0135517f22e12788a621b6775cc281d2c697a68680e237cda57fdf3c76","nonce":"f2a9f537ec6d21162c70eebc","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"850caf7336dd83d41fdee7cb133c7c12b62bf7111d3c5d3d60b20128484adada"},{"exporter_context":"00","L":32,"exported_value":"50121f10b5674e3dc46eed39616ff502ef0d6d7f356783808887a867f6a717c6"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"32b9b0b8315cfc2415852b21e9353e79c233233f400def9623404e21657bdab5"}]},{"mode":2,"kem_id":16,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"e0ea0b1753ebf24fcd204f9fd86a5bd5aefd7550f653ebbc9dfdf68256dca4b5","ikmS":"d74ce3aa8a352d5b486c138b1aaab590a06a8277a715060a1b3c4dd6199cfe39","ikmE":"d76e98d0bf2c7be050d328ac9efa266db8db37cff9b4ced6f7d24e90dc060058","skRm":"1b18d5fa894ff8cc9682a3b540c56a93ed146711f1c7d4a7cf985bc2bf8bd20a","skSm":"7f209ec8f791935eefe39fdbb2b8b574747c69e9e082660a4fa194f1fac28664","skEm":"27d7c7c966f345f7084d81e7a835c26e4ad01afbc41736975ac62a07e7d284f8","pkRm":"04ba835cdff4e075ba97db2cf705f18471eff67d54039377be8a01fbe93a85bdde3265013c562b977969654d2dbf855b2cbe5950282f8226d94794eefb175bddab","pkSm":"04c5f644ac06da9242231782dca7f0753abb82f909deae17d3ac041a8df848075dd50ece4df6fcd98bafb69441600477c76cacc6cada8d4ca67a6208a7f6e278ce","pkEm":"048728fc2d342b8eba23e97b31731f85125ff14130829ba01a843d76487d1262fb8f1e67d9fd9f2fbcf8e0399968c21716be6b93c84134ba36b2529803f173c262","enc":"048728fc2d342b8eba23e97b31731f85125ff14130829ba01a843d76487d1262fb8f1e67d9fd9f2fbcf8e0399968c21716be6b93c84134ba36b2529803f173c262","shared_secret":"d4e32a68e5e4f00c1eb737975c6d16f4c0d2a7e0406dd13139f39ca95b7ede2c","key_schedule_context":"028af8c8585cbab503908a747f5b6e6facb58a8eb7d6aee84875f8e4fb97a6baba74330d080c6e518d29f18589d731ae505f746529747c9d25d75013d5f8f2f7280da9817afa84fe836a2afb21fe34bee379586120ef91d5c0432c32bb1d1d6dc7923282892f781147d97bd9e353465a35023868db7b5c0fa7a73b1ee212161f04","secret":"2fc7668f204b67ff4754f150cc0ba365d174315282d3c204e6004fa9e5eed4bc8dcc8b07533ee1b04cafdb0df679e63c8638bc88fa504c596258dfe3a8536dd2","key":"d9d10a6e718b8a230e259b97a7de54690f87d710623379021f60124e53fad1d8","base_nonce":"06ab4f04d6a36db110566315","exporter_secret":"f6e20045902aa6eb6aea9a2c5ce7f839b61cb50392d92db47f57d83de3b18ec6eea8ee547aadc59e1577aed5dd6452c8ed400d1d1fe88afd14f4554ff49da346","encryptions":[{"aad":"436f756e742d30","ct":"860171a270f1f02f3635047a054241c977878028491fb1dde6bf232e8c21b4e325a53d2f9816195f8563ceab3d","nonce":"06ab4f04d6a36db110566315","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"61ea3082b30de02e76a8abae96ace86ca826187b0d804a51cb67541ea2d9c146c07fd1c3161645697e7713509d","nonce":"06ab4f04d6a36db110566314","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"c5700be16b77c4f744f0fb56526e00bdbf40c3722df7730636594c7215a21784849acc68ff1a84cd0426c73769","nonce":"06ab4f04d6a36db110566317","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"1ef9a1915909c1c4e1c47532980dfc5e7de5e8931dc1329614cb7278f9c7007ad72a33ef7cf643cb7f10a123d7","nonce":"06ab4f04d6a36db110566316","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"ede20217fdfbe67c2d2908ca65f933cb713cf5ec0bbd0be31dc5ceedada45aaeaca6d454348e4bdd01bd2fdf98","nonce":"06ab4f04d6a36db110566311","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"0d0a2d8325d5901fefd36b28d3facdfb522ce8ddb9a780cdacc76ec6172d429fe045f608a00106bee1e05f879e","nonce":"06ab4f04d6a36db110566310","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"1cb6ca1f3ab229f44e0a04a68ff7e3123f5fc071ec0961499c44b6a487925d5dfae37b665f7232383b14aadeb2","nonce":"06ab4f04d6a36db110566313","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"32ce73ea1c6d1d40dcd47e76562e7ade0ef031999629d54bc24f3b56bccd88ef8e33eb28c3d73219e0e29f2bb1","nonce":"06ab4f04d6a36db110566312","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"debbfcaa0d21b658e33bf49b081f12bb9553a36bf06b226e0352cd135b1d7e1d182502f005b1135b91f52ecd64","nonce":"06ab4f04d6a36db11056631d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"dd4befa846e402b6079115d5dc6f11248b13d301a8e8323c143f64c24bdf9e932c829851772d5697abce84dacf","nonce":"06ab4f04d6a36db11056631c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"ba6d679df2afbd9d592a2e35bf23d8bdd0a7718c1a0ad253cf14e9757aedccb3c49b105ea8e8f7554e802cc397","nonce":"06ab4f04d6a36db11056631f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"983175a39cef748dd903634b35a339e1be4ed28c93328320dfccd92b0a0dc356ba136aba5fe866715175dae6cc","nonce":"06ab4f04d6a36db11056631e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"43963562c42d1654a0c042b246711c9690f931cb1aa8119b916463883aa96556abc8361c81d475b6e6a29ed1be","nonce":"06ab4f04d6a36db110566319","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"f5ef219f48e9f25aad3c7cd498d852576f0933facd3713b6e696645817ec7bc654624981a7f48df8909a72a3a5","nonce":"06ab4f04d6a36db110566318","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"cc9117d15e199e99fda52d7d121ac20f6159081c4bfc1f9cbd27b0a473232fa6ed3b56e2587cf0eb31c1866386","nonce":"06ab4f04d6a36db11056631b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"5238e94ef430b3dc85339c33f2d3cf49d3389b7e1481962a3bc7e1a16e35ccf6a1743ffe133b5f7df531d7dd58","nonce":"06ab4f04d6a36db11056631a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"655fd3c4161663982805629449f137b7c9a849f4b88b2ea524216d97d6790ad363b1269459a23c56b4ffdff3e0","nonce":"06ab4f04d6a36db110566305","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"5aa42c8d2dea3c195009f0dcea2edc02a5fc8604c87a909c14e40c5238e62d41cf6553c160270ca8a62cda8e86","nonce":"06ab4f04d6a36db110566304","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"92833180673cae69f6e7d6833621628d9bf1719e274bdb1134a2d01cf4184b22468c970936e877eaa6a7936137","nonce":"06ab4f04d6a36db110566307","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"772abd07efc779ae0a1a831b35d8e3ea63f2d3178c6c10de7d21168d2ed16409efd6218e7183a1cf285d40bfec","nonce":"06ab4f04d6a36db110566306","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"4a8b57918b51d3dd37423a1e3bcee9593c7ce2da879acaa5fbe99ffa4a0f9d0f697f79296d5d1676d6584a03cb","nonce":"06ab4f04d6a36db110566301","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"fe823e6a4ff182e880aab70e95c81aef59b170308888a657a607d0b499414f82a350a8afdc10626d3390b80688","nonce":"06ab4f04d6a36db110566300","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"a94900cec8779f32a9ddd1c569aaac5ac7a73eaa8e6c50e82c955c54bb1d26fee40cdc2f874421f7222af8fef6","nonce":"06ab4f04d6a36db110566303","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"293c00db1bf8b4a7cbff009466cafd7b9bf25351997301aaf6b3142cfd31559472253a286e257d5772635c4b82","nonce":"06ab4f04d6a36db110566302","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"c957a04068faffe3418c7b822bce8263adf432eb71449bae0ad56b92730c1d28177537a810cd3aada2bd938ac0","nonce":"06ab4f04d6a36db11056630d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"c3169e376784d5bd3d4ecebffac30e670d2900f7f8ebff0d89f36fbb71ce008b091b7199e23710bd8e31b0f943","nonce":"06ab4f04d6a36db11056630c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"9a0b48eb02da3cad7a582e9dcbb1820780935417812150740b6880ac7c0f0b3f07df2002c96d515f3a6566031a","nonce":"06ab4f04d6a36db11056630f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"fc3a946584ecce94b40235a9851c7f96a45da225e6d4e0c8ff091122406fd99c97cc90892002fc1f590faae85d","nonce":"06ab4f04d6a36db11056630e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"61f1823c3321b737cc56097c3b73e268b0e75666fd6ce3df4f3f785058eab4a27131596c0395c93ba4d6eac820","nonce":"06ab4f04d6a36db110566309","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"4cbd512a6963c5aa845745a89f4b46baaaa88a401d423bc790461021516cb72e98260e127ef38f2808862de868","nonce":"06ab4f04d6a36db110566308","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"27f29763b02667365dfec0f59cebad7fa79100dc4fdc7580921ba04fe4b2856108a6d2da82bdf88cbe12cf4b7c","nonce":"06ab4f04d6a36db11056630b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"35e3f0cde14dc4298d31e43672abf4a29b05a66353ea1352843150c09ce3533ab8ca598c39f3499cc36e3ac173","nonce":"06ab4f04d6a36db11056630a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"16f85e8e348a5076d32527cd5caab1f4ab54859c5412793bc078796b1e8aeb9648fa424b0ebc4c46864d0e464f","nonce":"06ab4f04d6a36db110566335","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"e7bb5214479ecc745f65e6738de3dbb61acd2c20e8fe60f55108980cc4b0a217c954320263e7a188ea7258c134","nonce":"06ab4f04d6a36db110566334","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"5624408ad053deedb60da0c0e5243c8845e37405686bc69b01040e15aa27890c8074442aa3ab235783e7d10d61","nonce":"06ab4f04d6a36db110566337","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"6f10ed64a171e11a63161edcf310f95f9aa58c1d394686cc5ab35f4ae7862aad90eda866aa23015ec8bac10d60","nonce":"06ab4f04d6a36db110566336","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"d090b6da78166a4427912c24506155c5ae53073c42baf4f4d8e7ac3abb72cfce7f817093149c2175bdda8ebc58","nonce":"06ab4f04d6a36db110566331","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"9f5acd3615d0257a258090499840d819cc9a53f15918e3c2ce7075cd48b14f46e96d45524194c26f8211a00460","nonce":"06ab4f04d6a36db110566330","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"46afd392b869fcc3884b74e02c8319ddd401eb488507c080ea8e5b9c06fab4c202142374825c7ca99d545d594f","nonce":"06ab4f04d6a36db110566333","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"b851566d2852f0a9bf420042dce0ec59fb073ccb4132a8b8c48ce40391a75d3662d3e21b82e2d20d561c3d776c","nonce":"06ab4f04d6a36db110566332","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"15e38a8889aefa06b9b5beddd7336e2921c97581f0a3c8ec5329eb1b4257abb4d8f78d2c2ac1df510b30677cdf","nonce":"06ab4f04d6a36db11056633d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"2b8d12156c45a78489ed68d6199b3fb2914ebab59a19614224e4a90969cd2e6ff312775664d55f778088489895","nonce":"06ab4f04d6a36db11056633c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"a4e10def9b4a88e3214b88a9718776b8c583efd208d9ae148470530569c4c3874caaf3b93f32eb21920a23e271","nonce":"06ab4f04d6a36db11056633f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"ea369dae420aba33742d37418d5bb1d777270569c213033a1fe0c2da4267ff326289bd0bee7d797a731e33150c","nonce":"06ab4f04d6a36db11056633e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"75d05e6b790d9fdfbbc7e8c769c1b7c4c777e506b0d7bcb7e4080594c15f8669e506dd85e6892614ba2c5b6e17","nonce":"06ab4f04d6a36db110566339","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"3b491e1a1c3e8dc7c71a7882a9f4e7f3e275edaddd9ea7581be9215f82a1f7971362a4f8e199d9b3f410a2511e","nonce":"06ab4f04d6a36db110566338","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"fda6c30bdd38ed996e1b1c54250249769e376c9ab3874925f0afc90747c1a812b888b4f03edbfd78580ce4ddac","nonce":"06ab4f04d6a36db11056633b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"a12627b3d54c2abf07860f9829486696fa91aaf79843a440278a6d7f3464c5ee05c0d5f841749ec537baf9cf71","nonce":"06ab4f04d6a36db11056633a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"43658ee9a35a5af2e9d7bc1c49c4daef9484f5796d16488c8ee4d4c5f7cdef77d5eccfbb63e2fa05649b134247","nonce":"06ab4f04d6a36db110566325","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"38983daa360fab079294ff290e18e02e8dc74818cedb4b3d8961a4158146cac79c0f242a4a1c5cc94241b8683c","nonce":"06ab4f04d6a36db110566324","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"8687f5d800cd20f0266494eed0c327911957a30a9c8934dc43dccdd2cc2c5231390687bf7045670bc97ca3ad31","nonce":"06ab4f04d6a36db110566327","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"56f7bd73384d999eba0f00c4a9a7bede9465e1dd4e8b13a19e75073cd1b6b50a41740428c422fb995d84beacb7","nonce":"06ab4f04d6a36db110566326","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"21d5c3010e3896e227a8c6a8dfeba742c5a14f4efb67c0b6fb09e99de4bd6fcbcf4d94a4c1d95b12874a9d8d9b","nonce":"06ab4f04d6a36db110566321","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"dd72ab8073e29eb14c4712cf7e1b48f87d8c2692d66acb23f362da599e8638343ee60d3927e6368aa86725465f","nonce":"06ab4f04d6a36db110566320","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"936801a5694ed9c762f2b6c27b3fc5461869e06f9a8a44ed1e1b7bb9380537e27e269f37f4211731092e271102","nonce":"06ab4f04d6a36db110566323","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"d16eb7e80d5862db4352e7f6ef250180c44fd3ed68f85d2b5b0ae44e4e737208236c27714e757984873152bab7","nonce":"06ab4f04d6a36db110566322","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"3d838440ff3ea311cc38299dcb51463b0f00c7ff3cfe5ce63e351c4ce89c919bb1ff148878483c358b5f78f2ae","nonce":"06ab4f04d6a36db11056632d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"94b7e3332020f10288bcbc15dbdaaf08edf6918cbbd44bc116a28364b39ae7181b9af2442f2f4fa8662a695c0e","nonce":"06ab4f04d6a36db11056632c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"5743aa202e80a2160d51963566bc99c1bf8000ca29b3406c6e41a983757b73e6cab5b1c0b5cc66b17b64cb6bce","nonce":"06ab4f04d6a36db11056632f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"479e487a263a1c48691b3bbb9c45cb973d2bf8c0ec746c748b4cdbdcef474fcf5543c86ad4155e3533c5e58c69","nonce":"06ab4f04d6a36db11056632e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"56d6266040f5fa5c1fe9cb58f9401dd95dbe1e1c563a7299073d5ecb0822171f0df8b9fd9d321466fb6e00ad2e","nonce":"06ab4f04d6a36db110566329","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"327f0af851c09a92a29bc62563844bd9ed9bfeeb6aa95f118d5b1e48afd60977873794ca18ef499be724ee45d7","nonce":"06ab4f04d6a36db110566328","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"9352bfad45569ee21d00aff0e3b132a34d30c297a18182551178ae07c086c917e304901637c4571f452e817092","nonce":"06ab4f04d6a36db11056632b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"94bd310158d7559680c80bd2f2db05078c2c5da47d37bb9b3252247a926d2188518db98c2d58d393cd42dc93ee","nonce":"06ab4f04d6a36db11056632a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"0bb9954de443f477f090e96719a45023e9ce4235ebd27d16a24632b8d46fff559e1839153bd949ef71e9ac60b0","nonce":"06ab4f04d6a36db110566355","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"2cf3943d9bbaf96259248498c11fd6e62fa6a8271a6feb7b5d5e4e5aefacb85fe0317f35ca13daafc8d1e0c3fc","nonce":"06ab4f04d6a36db110566354","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"e03f829cfffacb5b10ee77044efcc280008de1f049b65983d2018f6bd817a3a03beab4a4a7cee98ee5ea9b71db","nonce":"06ab4f04d6a36db110566357","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"c279c5b13d4a20cfd1f934c697b8e3fa4c5ac387e4b30e95e2ba98a7bf70c252d4d72e8ec6e2abebfeaafa4ad1","nonce":"06ab4f04d6a36db110566356","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"1eb013b2e5e60fb9aaca6f79d0cdcdc5bd63609f7e2f57d463ae9024f2c09a2edfaefddb1a0c9997464c5f7e7a","nonce":"06ab4f04d6a36db110566351","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"361e14f3b4a0d4668dd29798b9559da608c2519227810ad310284e4615c08cc221dd94b8a7e66e4959cd4ad544","nonce":"06ab4f04d6a36db110566350","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"ee8c56e23bc00acd74572fe92dbd0cf8a58f443a08ff87c0b4dbe708a5a5baf0308cad8c76ac8edf60695ace4a","nonce":"06ab4f04d6a36db110566353","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"11b2e12a3e9031cc94c24b8748724c82705c3f763f65db70627c4b483169b8d968f4c3285d812696b3cf7e88ef","nonce":"06ab4f04d6a36db110566352","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"f3e091829b1674721045eab5578f96c07c7c20a84b2deb2d20a286938fb32c107d3d021632d0cca930f3771a1f","nonce":"06ab4f04d6a36db11056635d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"fdaf95bf7ed70988a9adf96f9ca8985a8984936b7ffc7cad53dd0eaa8774979dd1e1f9408947b6acc46ff5b4d5","nonce":"06ab4f04d6a36db11056635c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"7605b9ff8b38deeac93d673306e4d6a038fa513d3d85b77133e54b44e6b98a8b60cab5e5a82cc06603694a8408","nonce":"06ab4f04d6a36db11056635f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"135bbcd336eb0549621868a6363b23632aa6bd3f1fbd86f61097873ba2f191201d7823df96a01c6770c11325b8","nonce":"06ab4f04d6a36db11056635e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"9b8bd3e7a9b67227d79b91b0a793548a844b13fc20c4a818b9bff8e1b2a6cc41f6dacfbacaa4a3fd7a92530eff","nonce":"06ab4f04d6a36db110566359","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"5da5241196ba3413eeabcd88f6b9a5576fbaf5139bcada1cb9f98cd43bb926d687f7bc3d64153d8c56702819a6","nonce":"06ab4f04d6a36db110566358","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"f2de1b18e5163a5de190498e66970869febf58d1f2401511ce4ab7bd8fb10eb693d52d9ba1a7155904feaee124","nonce":"06ab4f04d6a36db11056635b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"0f208d7f8bc18801e7a39c36c9b36b3d57a3ed17097521a02c7869222f0dda5a83d2892b7a0d3a789e39331c34","nonce":"06ab4f04d6a36db11056635a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"960a32b8cb060bb4f4952500ae8d26c554ebd4130562ca6604c48588af4b2f32175e66daa93c6bb7d8bced8508","nonce":"06ab4f04d6a36db110566345","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"d1d67cd7f670f46b38fad0adb32acabcba9a034947dc3e382ee1514fbea3edf1d14686e84a8298860c98d9f7d7","nonce":"06ab4f04d6a36db110566344","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"54816fc0e554c4addc83ef9da29b53a40e86dba2a7232ac151c6290ffc3ced03d7186fa3c43d40986d89bbfd86","nonce":"06ab4f04d6a36db110566347","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"62af5a6866f8c5769691d1760a1df8ce8e82d3bd2ef1cdbb5238c00a43b31f7b2a84261aeb35408b0f23d136d8","nonce":"06ab4f04d6a36db110566346","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"2d8e2bb924743382cd0e12206a86823090c25b0f604aa227fc56db87b90380a0984043123a36f968e0c6f16593","nonce":"06ab4f04d6a36db110566341","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"57ba8b0b8c60dece580030812170383e29c28320bfc233a5f15b15f79484992457b5fbdc6b5fce8a10a1704c62","nonce":"06ab4f04d6a36db110566340","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"bbd90065399db39db9f048d60f91b7a50a2356941c37de778b4705e1bd4787ba008bcac4feb5e4b3309bc35777","nonce":"06ab4f04d6a36db110566343","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"eeda73ab1457b4a7b3cf9d2cd9e8bcfc2c720ad07e2ba80d1384fa2aa75ccd245737ee2616a4de47e9a5e471f5","nonce":"06ab4f04d6a36db110566342","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"81ce82dc580b0f25eb894b4fcd3a31cab4cee7e02814837b057fde0bf50e283dc13c7313b5d916618a53357512","nonce":"06ab4f04d6a36db11056634d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"74352796d7e5ad46cb9783735970ad63eae9e0cad70d1d863b9c0c56d56d99cb1d9a4484ec83ff1ce87e8316ad","nonce":"06ab4f04d6a36db11056634c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"e50881476e0c0bacbe6f368f838af1d9ef0ef350dd1f3b26f9504e31dcb50d7ca2e2b5fd790048868ef041462a","nonce":"06ab4f04d6a36db11056634f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"5d63a4b322bf321ba29aba81efbafd86fde781414da9dd4ff63da3da9c755c63a86eb81585b8c4dde1f7eee823","nonce":"06ab4f04d6a36db11056634e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"c47b1e141b12a28f9e43af2d4f832f6a660b9ae78f553cf169c783fabb15e506a017331e7fac9b04174cc9677b","nonce":"06ab4f04d6a36db110566349","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"6fcdf28b8fef13f877b572a4b65982a125daf275359ecbd321bab856fbd38cf428a2c1d7f57705f4eb767bba59","nonce":"06ab4f04d6a36db110566348","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"3543fd72fb9d5591619fc897eff6337036b7c86785b996f6fb07d5eb19a574edbb5cc0d452e85f8c8c0ce79202","nonce":"06ab4f04d6a36db11056634b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"4451847e2c1eec5653317f7b83bae2bef8a5b50154ac80ba9960e9fd620db09b9ce93092efb450aafa1f1f91c8","nonce":"06ab4f04d6a36db11056634a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"d6635dfb0992b3d5a48a3b81cb945dfcf4a86b43680255875f75907b771d2b0abdb3e83ff45d0e2f2f03ef3d54","nonce":"06ab4f04d6a36db110566375","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"6b60c2e57fe21c2651cdb83297cccd28a70192aa58a9af4d91d7c3cc968c6b6079c3e38367bdd119612f466a50","nonce":"06ab4f04d6a36db110566374","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"8436dbe94bba1bf94fa311b5e115dbab8488e5286d81ebd8bc90726f7822c896be6f637b6c52f22a9c62f08f7c","nonce":"06ab4f04d6a36db110566377","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"8db53f41826199e64006550a6c1fe39890d140d0ca43ce90072288cfc6de6026b3186d83bb3578772b2daff331","nonce":"06ab4f04d6a36db110566376","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"27119d6b9daee99954dd6e20a985228b83c0c8671d7da95e4c2a860cd618412d4c063a4bb69b878e4b1edf7fe1","nonce":"06ab4f04d6a36db110566371","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"468599890b12eeb27c724ec672b6e5142f88569c15b540045d8e7e090abd95a610a0f59892a924dde3585523a6","nonce":"06ab4f04d6a36db110566370","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"2cc4f8c14199458e6f1cf8a46c607a40f0bf4d4f7900d7faed73b476fc0707a63a8002c7f29af8e6130a11ade3","nonce":"06ab4f04d6a36db110566373","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"a9b9bb43c73d94ebee58ac7fcdee01750413dad52fc22fe04060d9863aafa2f36e62c3b6bdbd0ea2dee8cf6032","nonce":"06ab4f04d6a36db110566372","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"fc72c4bb65294d53fec11f6401910ade1a0325efa77ebdb4609a575c5531ef9b59852ebb76a91bab24c530ec04","nonce":"06ab4f04d6a36db11056637d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"66d0e9fb9199aba4d1889eb33fe455171223bdb052f75fa4e82909720205d8c17c4062e1171b4f229a8fd73dad","nonce":"06ab4f04d6a36db11056637c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"92a10946b3aa79287fcef7ec05530dd7eb14c6ff4e51d91cca521a5cc2518f412d6a1bb634bcf9c3e433f4d77c","nonce":"06ab4f04d6a36db11056637f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"11e75b31f5c8a59739d08507e7db49976cdaf73291b42715ff4e755bdb85744f056b8348afef12004b13b4ee4d","nonce":"06ab4f04d6a36db11056637e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"3e6457b46d848bb0735c00685a9cbc2ae589fef8cbc941a95bbbbd91e4d59433b543ffc2de7a53b67e2a4b5b6d","nonce":"06ab4f04d6a36db110566379","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"51cd6b1047ac61808dd12d89b8a6b475f0b06c9f99953798b59f8d2c5af4946b90db273d40bf96e79fcec1ff77","nonce":"06ab4f04d6a36db110566378","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"ea16aecfc874bb51e85b3fa2939d14928ed4ff388e9017478998eaf8972bc03852567e8570f8ef79c14cc88710","nonce":"06ab4f04d6a36db11056637b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"39fa54433d270d5a4e35a4a358ff700dc81f2bca74129b9d8094e8f24dacd04cd9347bf13fe797bd9e0ed711a5","nonce":"06ab4f04d6a36db11056637a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"293a11ba9ec474477af4de4ac2d72c459fb9a1659582cd738654b5c9031d4e25449d1860519dd76dd030cf4f42","nonce":"06ab4f04d6a36db110566365","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"19469a0d6cd0064b667d276385cf7e23ee2e626a5fbff0af639434067248b2ccfa137c12b2330f2e66722f5df4","nonce":"06ab4f04d6a36db110566364","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"c658be65ed06583526de36c0da9045e47971315965079beb9ee49ab763f950d28b6fb89c141cea6c591414a05e","nonce":"06ab4f04d6a36db110566367","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"f7264b528f312663f810144133c835a4a17bcc2b550968e88782273759aa840f6aaf5aa410a4a576cc94ddbccb","nonce":"06ab4f04d6a36db110566366","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"c51c2b40353db67e053c30dc904886c7b709955dca9d89540821c46ccc6244b477d4d3e56c885d886ad75aa175","nonce":"06ab4f04d6a36db110566361","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"ae083425e895e0673e7dc0f92c7e2eeb25465cc9a97d64e70835c8c00b24e9a2392c1be0dbb54102085a90afd4","nonce":"06ab4f04d6a36db110566360","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"30b89922a9665278409578b7d673c937429f9685006ba951cf35e8051f4a1541fc5bcf95c5c1611e1ef916ded4","nonce":"06ab4f04d6a36db110566363","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"29a664c358e3ede066c902cb4edae573a6298c7e0e55074b1e4ffd1fbc4c023733a582530ed0f38553f55ff4a3","nonce":"06ab4f04d6a36db110566362","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"88a547b43407ab9f3bb16fe92e27aae6ee8e4941eb401be2a23d994ddebec6f94677951745beda59d7a679dacb","nonce":"06ab4f04d6a36db11056636d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"f4c3ec078b5c895baa7b2ec50b997642d6d9180ca31007241662715040f4300ff502ecf1e5e914fd441e0002d9","nonce":"06ab4f04d6a36db11056636c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"5f20306485191da52dc41d9659ba3a02cc58f265bbb4f39f97302893ed7cc869c2b1625ed647a642d85b3940d4","nonce":"06ab4f04d6a36db11056636f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"b6e16ab3a4394be1af3036c69cbb9e93373327ebc69b3cdd4884ce96f321933d8e1195b2efcc56a37fc16cf8e5","nonce":"06ab4f04d6a36db11056636e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"168611e1a58e0f15bcb1ce10925fcf34f8fc0a808d255fcea6f0bced68997eb93ffe0e3a5e0db2493bc5566eb5","nonce":"06ab4f04d6a36db110566369","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"5bfa468e40eb264d055b71dd96686f2988e1e25aec22cd44053475b184235c301352632fd205d2485f5093498c","nonce":"06ab4f04d6a36db110566368","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"616c7e04bfabdd1f5e87cc0bdcf75e14c6e89ff61ed94b08be8bd84e8430f9aa7f06e18211ef3139bc5297361d","nonce":"06ab4f04d6a36db11056636b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"854919f8e42bd88685a82a579092795a7375c943701f01664316cf116e885cfc5aabb24ff9d3f229837d5bf18a","nonce":"06ab4f04d6a36db11056636a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"9aa97f7e309cc25d702229313ece2f117c56b7c83fa28dd4c3d26d672db898e17548830ad0d989567f724e2a16","nonce":"06ab4f04d6a36db110566395","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"8ff63b0f01a10a2d1862b6b3c42c9d860aacd5752d24effacecd30b732545a1177a1a415d373b4a2cf9f925362","nonce":"06ab4f04d6a36db110566394","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"83c8f9aaa9e3a515793ce30f5078310a18562c269e6661dd011178141215f2d729270608cefd707ee2e91a2343","nonce":"06ab4f04d6a36db110566397","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"d83999e038f1ddf5403f55d44cb9d49dad810f06f69c2aab92e8fd4866a7c1410b80e4b3a73d0f655d508ee35c","nonce":"06ab4f04d6a36db110566396","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"9f68139736966e5bd15f99664b78c062811fb68fedfa53a9ba1485233ce6d0555c3b1cf46d900928f6ba1b6410","nonce":"06ab4f04d6a36db110566391","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"698ed37c81ed73444ac0a0338f083fb1039a6a9cedd7e61ca1a502f44bb2d621c8b31e6ddce5b3cc8f05a69c9c","nonce":"06ab4f04d6a36db110566390","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"7f56ed9acddfd3523c291bef146bcc2fb1397d98c02f930d8e6605267af3027f84953a30f2526714a60cfedced","nonce":"06ab4f04d6a36db110566393","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"2d8928c8c83426ebf5a1111542bcbfdb10d3ed235691b906e0689537c5431cae78be45e1866be621168060e125","nonce":"06ab4f04d6a36db110566392","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"009ef8540e2bcf1fabb4d4b2fe8c75a1f72779610ce1f7efe994148c920f08a192a24cec5b4fce8d89a16edab1","nonce":"06ab4f04d6a36db11056639d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"755f32afd0b3c5b24d9f397ee901ba9ea936861ff4039621b4edf3ab29d343d12ffa5db6e09917292281e47cdf","nonce":"06ab4f04d6a36db11056639c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"0a24ea77ee35a187780cdd688f871c6ed694c59ad5cd606e23e400830f709c7c74ae2be4a88cd3a91e0d6a2227","nonce":"06ab4f04d6a36db11056639f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"69460cbf77d744df5e0f3999da839394a37d819791393513f9c646ac3f04b51889312071ab64a17d9b895f8231","nonce":"06ab4f04d6a36db11056639e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"481b4e6decaf37d66455d6d7ce5062698a62c3fb2142292ff59f04e234cb26293c5003555feccfcf7d4e18f7af","nonce":"06ab4f04d6a36db110566399","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"e944da406ff45a7645e38e0921bf936ba0c193bcbf08d8a6d76b429f662c63621b9ff3291775024f320bf893f5","nonce":"06ab4f04d6a36db110566398","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"68a97aca2839e1eb931b39a192c59780ccda2310e71a22e581cac3b0b1692e0f0e1c2832af208b5d91a8128284","nonce":"06ab4f04d6a36db11056639b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"23c26d80a8ba2f14ea131644e331aeb512effa78332a27e5432743a665e98b1bcbadc77e9f38072039f30139e1","nonce":"06ab4f04d6a36db11056639a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"804afeb2df1f6ec3aeb53ec77c5365ff69ac4987f222e2c4baefda909162373672fdfddac64574ba469b36347b","nonce":"06ab4f04d6a36db110566385","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"f4ee6e0eb628487e4257488f01dd2d8b88ac4d9c6555e0e934dd1d0c294f7b9a6f822e4f02cd6445e9c863e8c2","nonce":"06ab4f04d6a36db110566384","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"ff6a74478645b6741fa912a65126dbdd5991d3bdcaa8fa96f3ef5febfe68b7571bf7fbddb6e32777c5a70f9a8e","nonce":"06ab4f04d6a36db110566387","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"d821672bafa7dd413fbbea7eeaccaaae34a7aea99972f251dbd07aaa184cd68052dc4c8cc99b37f6465e92f52f","nonce":"06ab4f04d6a36db110566386","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"c70444e740641fd318b633193a666de62e08f32ea4f3a1f9d3cca7914320a31afd204f394045d3b8ff8aece967","nonce":"06ab4f04d6a36db110566381","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"dc4ec586e42e7a50d8cf7fe424ed602c8e96e30c70fe9cfd8471cd4d3178ae077a131203798f32dea0929332d5","nonce":"06ab4f04d6a36db110566380","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"a02942611feb5997938fa2cfb870e97c9c59387dc481422ddb7a71a5212540026e60f3ef2db7ce2067b3f924f2","nonce":"06ab4f04d6a36db110566383","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"491782ba5d77d6531e64a68d6298dfab3890da67801c943bd8067deee1f8cb06ed3c3588fec1561c418f3f8aaf","nonce":"06ab4f04d6a36db110566382","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"0c28f362ae6356eaf7d9a68b8ea198be7789d816775eadb45f2c25e05842f6186c9d34f2e1e2af5208246396a8","nonce":"06ab4f04d6a36db11056638d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"8ded75cd94c6ec9da8f23e14f964bf99510e16910595705deac5522610d1138d383a1fdb851e9e60ddd0cca967","nonce":"06ab4f04d6a36db11056638c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"af1eda014c80e8e759c9268043c089eb7dd1c62ce305e96168a2a067dee4db2c58b1c151301c4f67676f1ecff4","nonce":"06ab4f04d6a36db11056638f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"97d6106063732cd47bfd21822ca82e08f1cd83d0cf7a52dcdca07eac01603e4283b0ee6bfbd9fbd718294b8f98","nonce":"06ab4f04d6a36db11056638e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"17d5788afd38095967d3a465b8c3bfbeb5bddd5293e680e30af640ccd800f59288c69bafa0dc9e916f51c8cddf","nonce":"06ab4f04d6a36db110566389","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"6b243347a9642302cbd1d335c434a18f14db97f7ba9342333453c13d27bc16bbec4bc9009434a29551a7b0b3eb","nonce":"06ab4f04d6a36db110566388","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"dcc37e12cfc30f858712e2dec7b897281f97833d9fc1443124a45028c2f680be40bfcccfa7e3bba91605766587","nonce":"06ab4f04d6a36db11056638b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"fc2e6b1d1417e73ab5a86c79cda2ea5d83920e44387fefae98ccb183a985bba472109c75d95ef322e480345541","nonce":"06ab4f04d6a36db11056638a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"06f52381000c0d952ebdd40c40afdac91c62eb8127bdb36a44b736e57414acd8ebecb7b2712ab2566240c96d33","nonce":"06ab4f04d6a36db1105663b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"aca6b7617824d7a61c624efdcc553e2b4e3f4ad89e4607db7b67244c000dff20084397abc8425fe41416c9e192","nonce":"06ab4f04d6a36db1105663b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"d149a3b1085bb75c2d9de7505d4bf6e9a16dd5b4879626d9d5c61bca05ca7015690973703ddba1634c43409344","nonce":"06ab4f04d6a36db1105663b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"806a4932fbb6d472019798fd6ff4b45bca375c7845cd7ef2a69e511c05867f9040c2f7e0511443076c805b01f3","nonce":"06ab4f04d6a36db1105663b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"9a1518af47feea0e81993af5693aeccced45b2c4304cafcfbf60cb1aaaf8eee020813b065f2923799e7f7ff518","nonce":"06ab4f04d6a36db1105663b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"a491aba2461479307748a87ad4e03a4b3ced34e15e6ebb74a7380b1ad7df2295c4002e02f58cb59f9b252a3aa2","nonce":"06ab4f04d6a36db1105663b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"dbf5528f37bd5aa0f9877195f906223109e95521aaa184842060fb0aaa44ac9c5a700abea14d6f9a84513bd305","nonce":"06ab4f04d6a36db1105663b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"7c08caa582292bf900fbca38ad83e06645397fe53765e9b5f53b9fcf17d917acf56e9d32900c4d314097b93b3a","nonce":"06ab4f04d6a36db1105663b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"8b073c3fb25b5efa4609ae0cc235c529cb2df1f56db2c7f2e08e5cb4e6fc56a4819e23b11260c140815edfeb41","nonce":"06ab4f04d6a36db1105663bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"605b298d1f6f4a2a95fcc753da9fa7f557842d0765e10a61f85f6de70fffad43f3c544ffa2cd8e54274c41df75","nonce":"06ab4f04d6a36db1105663bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"b9fca43cfc071526aa3f1d3b428cafe705d3fa4dac2bc4d25933336aa7756d06e10ff4d89b61f2c54d09dbd936","nonce":"06ab4f04d6a36db1105663bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"6d126b09ed2d0fe2fd82160efc529e1e3b5a54660de0baf54b7cc2e8fd7b55dd4f3fc11616b377adf4ca2a85ca","nonce":"06ab4f04d6a36db1105663be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"54a875a9f2c84b2d8d83cbd1c299abfe63c31ac4c5245fe11a537eed60717312304a16f4eafd2d213f78b8b567","nonce":"06ab4f04d6a36db1105663b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"04db17fe92c67afcc8ba14b1b00d122c69f48919327619db07ba4c37d01586332278cafac71845ea50231ab902","nonce":"06ab4f04d6a36db1105663b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"2badf4666d06cf3553db31d4ea25491029691b9ec8427d1c467763b85df56ec98895d9165be658afab99a849d6","nonce":"06ab4f04d6a36db1105663bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"95b0d9671adec72ce579ceda9ad39dd98152f1f8c2527004559f25a635da04fb22be2c34ce2f61d99d139f14e1","nonce":"06ab4f04d6a36db1105663ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"ba04cb3011a25952eea76c39ffb1a21a046ae5533f9f1bdf5d2b87568bca08d16af85bc551da76e0d8d87cfb8a","nonce":"06ab4f04d6a36db1105663a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"3f803237116974ae63f640ea3a209bdd9aedb9ae0890f9713c639f08205cec54ea26587b18eaa3bb9eaf81b001","nonce":"06ab4f04d6a36db1105663a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"da8c1e61a93d88cbcb477c59b5b0f23ac96874d8dfaba33b3c046094f9f56c8a3e4ab71cb5307ea3a929b56828","nonce":"06ab4f04d6a36db1105663a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"302aed3d38c809b3058d1d6e62a927249755a36d783331856b92c2fdfb7fec0754f12f6d9e70c1f9d571957b88","nonce":"06ab4f04d6a36db1105663a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"3bc769a3b6becf5f10ce988cb5420e2233b35b34c5693f860dd69a84b7784c47fc8cbe4a28e0957b8e181b3471","nonce":"06ab4f04d6a36db1105663a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"4709164af0dbb8eec1841f1275c8581e15c0342a8798273e75c6c343f483e71c21e2558f9b1db4bb8511774105","nonce":"06ab4f04d6a36db1105663a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"3c73c5d6dbd2e1185f99b0519a6c09fa34fbee824ceeb9dfd019cb4910e29d88e1d102b90a6a0aa1cf682b46ef","nonce":"06ab4f04d6a36db1105663a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"3ccb84783eb95f28d375d7311f5de15e17b4c3f7150099cd5d290b614eff0f6fe925ff37eea044952c627a8474","nonce":"06ab4f04d6a36db1105663a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"d68f5cc77175db9fcdcaf9a6fea1c5f364cb5bafa13b9b6b53cfa772719660e335c9495ecb6dafe42513d9719e","nonce":"06ab4f04d6a36db1105663ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"b53fd828064ece2c3e10d11cbe7ed02847405f4cba8f2a95b0f02929439b6d92a5cf1035c23275975c7544298a","nonce":"06ab4f04d6a36db1105663ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"270d2579cfecea9559fdfb6e3a88828afbda1bd06dcddf1a9fffc2ecfbaf7cf197c4218b370ea63da570e8f769","nonce":"06ab4f04d6a36db1105663af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"797ddbc15d5a4c2d7f1615b0aa6237e6c97b3335a8d403e4eb6ae3d3408b60dfe0e1d4c8188db93ef0fb9d2692","nonce":"06ab4f04d6a36db1105663ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"21a273b9c9c62814e3ff85675dc2eee074aaffcf0167a61bfaca1704d0fa07b097c34eb16096ec6e014af4909d","nonce":"06ab4f04d6a36db1105663a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"3c6abe3aeed0020354a734cbbb49d8e9c36fd0f0d38eed129c92d683e22ec940673e6f67726a5a53a2b41fa83f","nonce":"06ab4f04d6a36db1105663a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"1f15216e019d180494f402180171659c3447f24e634fb874e0c4e69f36f5e63b00651663243d2e4c29bf89ba66","nonce":"06ab4f04d6a36db1105663ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"4467d70af91bd206aaf411c01a70af885b4ef1f9a58dac1dff30d352182badbfd6bd2540704a3b1664d8ce9ab4","nonce":"06ab4f04d6a36db1105663aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"f74193738b834ac5b08e64976f28da917a45cb15a0c50732428ac0bb75a38f51c89e8751dfd447eefff33e1aff","nonce":"06ab4f04d6a36db1105663d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"d864674033e0c0f03f9b32779851456ce85010a81c5a836d3ce842cef972070c884c09f2c08c439fa55bed97a8","nonce":"06ab4f04d6a36db1105663d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"fe1052370717d49e9d11df1eac06b588439e4ebf7db7388994651f84acdb4a7ffd0704e5c9b917b301c1f02cd5","nonce":"06ab4f04d6a36db1105663d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"039095a09c2ccac3439a0257ec2ac44aaafa71e4d79a020cc7ecd62d45b3ba793e91cb03c1d856cfcd9fd3c8e6","nonce":"06ab4f04d6a36db1105663d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"e77b0a5f028b9c45d26a2d48d92fded279127b7cb32597a619b5c50d833e3d48b6b8ebf04374b97d5480e4c43f","nonce":"06ab4f04d6a36db1105663d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"cd29b56eef895fc2c1e71730bb7b1eac5e7f9d5a2fc9c9ca2a74197f5f07c15d3eb35c939ac19a5b1a463d0fe6","nonce":"06ab4f04d6a36db1105663d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"7610951ec51b36a1036fd63edc6661860fea6bccad4ad06cd89778d02703221c5773e8bfeae0123caa15ea7b53","nonce":"06ab4f04d6a36db1105663d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"a28497c239ecb92514a5fbae7ad5fe999cb3a370cb7ab28e66779165b0b5aec02620d38b08beac799c8eeda2be","nonce":"06ab4f04d6a36db1105663d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"b1630d294241429de68b0c4f649112cd5c53241bba34deaee419136bba3bc2a735b2d9b0767a5f4ee286f467d1","nonce":"06ab4f04d6a36db1105663dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"975a33292beef35efab8e4773830e74e544aceaaa9b910fc9884403687851636f3cfd374b72c07f2b9f1eef019","nonce":"06ab4f04d6a36db1105663dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"ade3edea71d15145f8ce372505e51726e3986bb0a3c227d97101a47a30b32be7e933d21d20fe99bd103675525b","nonce":"06ab4f04d6a36db1105663df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"7099f1859042b531e1fe3182ff9f77f4e36fb4dbef384b102a290dcf2e5ec2b2b1488cae2c2a825e7a42990efc","nonce":"06ab4f04d6a36db1105663de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"68aee04f8a75b9016f83e218dd6175ec6fabd4c76cf277db4be3bde3024f4d211ad044e63dea91619ba596d4aa","nonce":"06ab4f04d6a36db1105663d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"f9147de989a120e1e5d6835f94245a01142f0e9e90f48edcfdfbbb5ca9cd053a444ede4474bb8403c27123f9d4","nonce":"06ab4f04d6a36db1105663d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"a801489b6a7b5837436f7b97ea2f284437c2aafaa9e22f8269b6a37bbb846a3432f86d1ed93cf1cfb15493a3a2","nonce":"06ab4f04d6a36db1105663db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"a210534ecc58ae43312f1bef167bed7f5947557ae06fc68142998c4111ba226bc55d5998f3091bb6c5f434ee1a","nonce":"06ab4f04d6a36db1105663da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"3c614b68b4e343e72c1e5a93cf14666e33d21554bd114db4357d5b7ad5edfd384a00445bc16ea88a4e8271dab5","nonce":"06ab4f04d6a36db1105663c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"d73665648f612894eea497147ec954006f2b3044b54ff7e998f01acb1f87849d04f5bbddc4adb0f5505a55b50a","nonce":"06ab4f04d6a36db1105663c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"1a4759e497762f29d3dd5efa7fb9a451190ae99233e540f19dd13292ba23dc75c6f783dd4b0b61032188121847","nonce":"06ab4f04d6a36db1105663c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"2fab862596e80d813963d50b33eb3ad5fc595360133f6541b91a11541c88bd0468d201ab2d73215d4e1259e27b","nonce":"06ab4f04d6a36db1105663c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"6d4b609b0420e1b8e51c963c905cfe5deec119cb4d420e62070a0a78539165f4770da8e360e65bc6341b9808c3","nonce":"06ab4f04d6a36db1105663c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"b04828f7fd1ee4215e467db39cfbeded480292523279c2c56d81812488a23a36c340308e4e78af94d919ae20ae","nonce":"06ab4f04d6a36db1105663c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"38fb158dcc3f85b8f48230c2b8e1a29e3f93c8ae89aa1f3a0876c5a2fb114512ba1a1b5399b7799d183f22503a","nonce":"06ab4f04d6a36db1105663c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"5ffe9fbf0f4622fb82d67c902400dad6ca16f459577a3c167c38b30cfe5e7468d43f6bbabb0598bc3120d1e4eb","nonce":"06ab4f04d6a36db1105663c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"6eccc59cdb33dc94ca41d40a6b336dea58c240f7df12e65cf183002e189326ffc33099f2e0cc5b95e38683e61f","nonce":"06ab4f04d6a36db1105663cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"71cb551543eead35f065a62a1e8fe6bb6e17e03f492af3030c4efb3c817483ec2d449757995e9433e6f6153f55","nonce":"06ab4f04d6a36db1105663cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"03d893e79e2954a670045e10a39b676f4d96d23fb721c5078184f993e33b09ea9c613b6352d237b44348296906","nonce":"06ab4f04d6a36db1105663cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"57bb2f1a0cba7d572f38cc2deaba2da0112f9c5bfb8076279ab163f93e81a65674fe7a4d49b314683d4b38dcb6","nonce":"06ab4f04d6a36db1105663ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"75d9d29473ba3f21308a09979ac90318a5681c48224f794f85152e6d0926f24287f205f96a48adae873525498e","nonce":"06ab4f04d6a36db1105663c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"9c244d1bbfdfbdcd8870e5a363228851f41fe994c98aed956e595e5d2d534239b5e24805a87481613ea4aa24b3","nonce":"06ab4f04d6a36db1105663c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"bf125ff80e26d1e26595ecf8ecbe863baa2922e3d0c185a6fa6eb3c1c58844567f100991a6c06691c7cf90e420","nonce":"06ab4f04d6a36db1105663cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"7081f45031f373266e22ab35c0a7306536996c2e74ff88319fe466405ce9196d041692241406feb7d444b147fd","nonce":"06ab4f04d6a36db1105663ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"4071469adbdd76a23a9afffa0d54769803ee378389f08e062a0bbd469c49d3547950f9a2cdad2d64622f33985b","nonce":"06ab4f04d6a36db1105663f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"beb68fed5e097dc30482510fe75524fd6391c669d51c137fb365cfa9127da79a070fa561c782924ae787fea232","nonce":"06ab4f04d6a36db1105663f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"1056becd2a794cea0b1f93efa24d4820e0d3466028ca6f8f84b70397ef500feedfec30fe3f472855bf4822c408","nonce":"06ab4f04d6a36db1105663f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"b2e490c17d3443909181f72db44e54aa9c030eaf217db5b054ce8e3c84a0934a5e764563dcf48141c615de52c5","nonce":"06ab4f04d6a36db1105663f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"399c750ddc9aeb9bf070be67c3a91e5f484c18618558b2a24dc5b4c2dc765343e9237935ebe04b8cfa5eced367","nonce":"06ab4f04d6a36db1105663f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"d8574750cad2c3078c98db07fcfa56f51c21ed5c5447cc4e3c3570419129b84fa3e0c082bff8165b8ada695b75","nonce":"06ab4f04d6a36db1105663f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"ce1a689077ac30e8c361529e04e1e685f635de2971b481505158a35a2f1cdb759f400f35a439183518141edf45","nonce":"06ab4f04d6a36db1105663f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"8d7ec09a1e59344d59bc5e0e88b916d4c2d151da4101634261c818d8c8fe10ad645df77ded97da6895be8d552d","nonce":"06ab4f04d6a36db1105663f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"efe4c6f8a30244fd2975f8e80e2f4f5593fa857a8bcfc45f05a2ef9c1c42d3b1feffd7929e671f258d5d3d29dc","nonce":"06ab4f04d6a36db1105663fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"a7e74766d3acc0a3636c5c65fe7a556243f4a43d241488c9a2ef57dbbef0c4e0a2b1fff1b84d62a74e4fc88785","nonce":"06ab4f04d6a36db1105663fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"378e1db2c65c1c3f56c8ff6ae7d9dbffe5256aefead0d6ca3f3e843dd2ff5b60eb780494bb00f8cfcd68d76ee5","nonce":"06ab4f04d6a36db1105663ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"4763f111b77f6e7f10155075e44e4d73ef921e720c69bb68e7bc2901d256e80194c860ca6688f774bb4872e71e","nonce":"06ab4f04d6a36db1105663fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"8a1c1c41c57e92fed55cdf7f254a12ea510f7348be16c226e06886a1e131e81328d68ea868dcb252b7404c5706","nonce":"06ab4f04d6a36db1105663f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"76d0f705ba0106e36163e368ba8d392588de741274c615d2779919d219fe54db6fa2c45c028360974bf3d47a99","nonce":"06ab4f04d6a36db1105663f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"44fd477a3fefe86caa592d92196fb4468768bdba66845212232d3b4f44b99f9163ebeb408dad70c0c01a5381ca","nonce":"06ab4f04d6a36db1105663fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"967f69da20ae59057a32309a8f0148120689acfd0dd638d8b9eff5af7572713429612770e38be9388fc9fc499b","nonce":"06ab4f04d6a36db1105663fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"7739d91774208dd69fafb2159788edb93f3aca47ccd62bd1c4d1e02e953647aeea99c8f066c13e0e1e4b5d3f1d","nonce":"06ab4f04d6a36db1105663e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"fc5523970798ff9c6273eb6e7522d684e9803864cb41660314e027d4d098a7bb4f3c780656ea8919e28357cbc6","nonce":"06ab4f04d6a36db1105663e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"704d5e393298d880a71a25a5a79278155a9a1f4c48be249f0e3c4d992bb649ca373fd115c0e6f4741f993f5a3a","nonce":"06ab4f04d6a36db1105663e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"cd26829455a709d4cf8aaf584c91804a2c033ff9dfd6e65dfb45c54ee3ff7034baee32cc43e6479362de92b92f","nonce":"06ab4f04d6a36db1105663e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"82523c4827fdc92ff7e7293a798f83d817334ac1b8351fe02e116878788e322ea0ee6b028395769e60e0b133bf","nonce":"06ab4f04d6a36db1105663e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"e3f6de26a1e59ce4d1582d5626c2e4f030dcc884e74369c746df6afae785d7b6c5d3502c0d229064fcd309ce0a","nonce":"06ab4f04d6a36db1105663e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"a49c9d2be2ff49c22e698edb75fdd5c21ba0449df9f7a9f336425dc63881ead0d86853d7c0b86da1a3032a762c","nonce":"06ab4f04d6a36db1105663e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"66863ac137c19a3fc1f548d489c74c3867bab0a9a7b93366953639185f0d3a2f359e43fd6001b41dbe31e5f3f8","nonce":"06ab4f04d6a36db1105663e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"a78a3241bc65ec01a2535adb6e2611f601b1e4203fafb1b65af407957fc22edf3e26a4bf52ce8e4c7807629456","nonce":"06ab4f04d6a36db1105663ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"e5a7ef1aa6125e49a1b572bb1e341f38d2208142ab7de55a74003d0da5c50049715ebace6364c7501884509268","nonce":"06ab4f04d6a36db1105663ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"0dd89e98dba2016a83d6b7b487fa67832e65a4e7337c36927d71ad945fc684f06edf80caff0acf84fa95e33336","nonce":"06ab4f04d6a36db1105663ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"3b3149366bcd6cbbea6d4deddd05958ae991851098bfcca73c29e37ce0933f0e185a7288331fef409114984377","nonce":"06ab4f04d6a36db1105663ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"1e8a63eec671362bb561c38c87c853458e9d56006c634523fcab70308ea207dae55849c3ea3ac4a31a9f03c1f6","nonce":"06ab4f04d6a36db1105663e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"170a0034bdceee7d331ec703e7502f4241bd71ccf24012e9bfc42290306da4d46aebefe63f9337151e144761dc","nonce":"06ab4f04d6a36db1105663e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"0e77fce09ff5df7e69f455512769bb6d4762a0c0a3b664f4ea6a67cc593dc54799c422ed4b321101ffa05d1379","nonce":"06ab4f04d6a36db1105663eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"2ed96e41f28c57b5e68148dc9ab6ad04761f491b6491fcca47fde6e5e4cc8946be3ac12f18b20e458c94b7d523","nonce":"06ab4f04d6a36db1105663ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"56764313736cbd47a2e745a873673614b823f33718114aded47b02fcd0382321c4d4cb4eed9cd5a15d56017379","nonce":"06ab4f04d6a36db110566215","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"35361366275906f48d15493e2f3fbd02955dce15a2c7ef90663dd40ca1c31853"},{"exporter_context":"00","L":32,"exported_value":"02f1e9c4d41c18669f04d9f8436bbca817e8eac039e799812ec215c51ce94167"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"7b602374c2ff1d79e029684721f6bdbb53c18c6c8eeab01ff7dc49399893732e"}]},{"mode":3,"kem_id":16,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"ae64a8fd36e1ba98611029e15ce8768dd8ed535b965ffb9d2c36eceaef241d5d","ikmS":"43104f973f42df8449edaea18506159f92ad7b17cf60e93ddb13d1820a233654","ikmE":"f228860ce5a3c55199094bd799602113d6afcd860f9fc57ad0ba2bf90dc6b4d6","skRm":"0ef201dfa67e8bebb4ec676766fdc50f491c8478b71d2bafdfa5b78fc9cff590","skSm":"4ba160d72272103fb74e880ab0a7c372a5009c910fb3c0914e19cb62e0eaed5c","skEm":"6d3a013f71ac08608e41c5730d32129f9a7bdcf46edfa6ecca7e9f167f87eee6","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04ba7f6721d4721645ae7ddc399a22aa28493443188abed3d0461739793134896a6f18f71d9f6b6f97b5e440a58ce863a13a7d230c7b115e26aedd5d5c94f2fd46","pkSm":"041ae41c99c53bcbdef12be6caba1ba534568512748bfb77f81a8ba945aad1595f65940f08b62b18de2c27852af6dadb1754225993494dc2d2efc7cc2a0cbda8d5","pkEm":"04634dbc3ecb06a564d7703453b871b113f54e8343f4dcafd15759b56233291f564cc04defb5567534f2649687bb9ea92732ec4c08cadc027bb2637c3c6d43f310","enc":"04634dbc3ecb06a564d7703453b871b113f54e8343f4dcafd15759b56233291f564cc04defb5567534f2649687bb9ea92732ec4c08cadc027bb2637c3c6d43f310","shared_secret":"7c6c091d7cfff77a14cb4b84c7601d4cdeecce18289367fd399e5740e42063a9","key_schedule_context":"0341db1e5b07a041a0eeada5439a3f724a79fee39919f2c964570e3bd4ae296e728d0672b77f6d53fde449bfc9c0c24f0b899abadffa161b5bd14bd99c0b5586da0da9817afa84fe836a2afb21fe34bee379586120ef91d5c0432c32bb1d1d6dc7923282892f781147d97bd9e353465a35023868db7b5c0fa7a73b1ee212161f04","secret":"566fafe262814c275de087c2e16f7166a304951b449a337082cbc8a1d05cb9f921e88a52fa9f4dbd5f27c54e20cb7aff4f93acfa9ae6a98399158a8439ffa33d","key":"6c172fa64100161b14386d0496b98a350b1d3b8e9ccbda515cd09eacc980b447","base_nonce":"37d649d5002b2c68ebb689b8","exporter_secret":"9f481f55ce166ab296b786dc483b2b1eb2816d455797c31cc7664aa6e4ef494548b031af63cc28fde7efd4689286e888384a9af0fab1419c863133581f6e9958","encryptions":[{"aad":"436f756e742d30","ct":"39b23f5c413932ee827c2214644439973869613c670b169d90b5d4ca304af1fd40a04dbc3cba713bf282ee748c","nonce":"37d649d5002b2c68ebb689b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"5736312921baad2a7f1bc11d4bb897325891fd0627c81597cd96e915700f2656f80a0a95e1881ca013b45c8a06","nonce":"37d649d5002b2c68ebb689b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"d6ab39df81a9bd6c68bacfdc6b6d896f29593798405e1a17fa1575d2f0f4337a0746c99427bda92773a0711dd1","nonce":"37d649d5002b2c68ebb689ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"3ab18caf9c77e00e81d8bdb02ebc66717aca20397733eaa0be6d70608e6a087587b8cfb43a3a48935465db0bed","nonce":"37d649d5002b2c68ebb689bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"016aaf02ea48b1c9ad5555e8ccd171d42057f4b560910a0250711d25c166f9ec1ef68fb57e57bdc1138badef9e","nonce":"37d649d5002b2c68ebb689bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"ea7e3f7a2d3839ec36eb55a4917afb528682ea0063c8f3deab8786a8d18882f9572877e79e0657b3b1e512ff0a","nonce":"37d649d5002b2c68ebb689bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"6a69b2204232f17a046f5e7321e2e5b7961576187bd02067eef3bee6e8449f5481075d6e659387a0659f783592","nonce":"37d649d5002b2c68ebb689be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"5447ae113e835b7995afa8bfc281f0f877c9eda44e739d4cfc4ba92f2245b570f9f6b6c619f8fd3780041607e2","nonce":"37d649d5002b2c68ebb689bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"4d7d3921329c40421544e49cb95b9a8f14e9825884019311e3c34008f5638892ad7271c203fdcc6ce2a697e84c","nonce":"37d649d5002b2c68ebb689b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"1be4955f32ebe357c81b44f3c6b48ee4862ffff9a4d7b70a924a56c37b98d54edf1dcbee23e207aae74360a5ba","nonce":"37d649d5002b2c68ebb689b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"703789279b36bc3f4bba6e1d691ec01c16da2ff8399772b387eb742f7de9fa8189dccbe4bb9e0842d5ad057b48","nonce":"37d649d5002b2c68ebb689b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"231c04a31c4edbc085451b14b4279f4137e4a374ae1458f4218358accd9adb3018974baf827c9404e918b2a0fe","nonce":"37d649d5002b2c68ebb689b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"44110fa2ef3f9be9b964ecd2d34e68cf27c28c0129dd99205ec052118eb90541bcb3c2e03e0d0e9a4467fa915f","nonce":"37d649d5002b2c68ebb689b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"80f393e61e9cf17a97a3528a53b13f1d9c6b01440ff4674b8525edabf0ca22e57ff332ab9fcdcbbfa8be9c8a91","nonce":"37d649d5002b2c68ebb689b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"22a51c2157c72f58cc04496f794fdb6a7566d918641e487f5ef51f00f691d86a164dc7d404c380eccf1597d2ef","nonce":"37d649d5002b2c68ebb689b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"ac4fbcb41627a2ca711287e56ab2320b120524ff537514f60c4df779101880ce8254d740bf8c1f180e9a3e31a6","nonce":"37d649d5002b2c68ebb689b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"e25be6b2bad823ec7bd100f29a96d68d4c0acbd1b914957788a4815b096db7636d624d62c09ba071b741339926","nonce":"37d649d5002b2c68ebb689a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"ad32f40af784b2c10f98fa726029264a211a0948d4d47d932ffc054e643d9a5e7b2acff2ac34bb90d495796bc0","nonce":"37d649d5002b2c68ebb689a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"9d8f1ded5624df3d5c95b8332928b767fc04c3a58c39df98035068a18224d1dd3336a5a75861e9cbb822c6e701","nonce":"37d649d5002b2c68ebb689aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"fe2999275f5fcdfff511b82dee2fc672d0327f53e22f8d6639a3b816d17dc289561d68573e77d4cd5ee9afedcd","nonce":"37d649d5002b2c68ebb689ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"c269980664b94dc450dd35d6d4d2d84bdec688964926612b570ae8b8e3e479b7f8313667eb6674b971de97b643","nonce":"37d649d5002b2c68ebb689ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"865a2f0e636a7fe38d888b30b0cb38d7fb053840ed8258faa186c1289c26529f213236186359eb141e6857a462","nonce":"37d649d5002b2c68ebb689ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"d472eda8c38cca9cbc27f4a3c665b4dc039b9d8cfc23eb4cf2431435ea80d51655e42742149287c38fcb316615","nonce":"37d649d5002b2c68ebb689ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"fbe5febdc1abd72d47b925cc97716f2fb26742a774d48dcc7ade5922a190c5d42f57c07977e992ebdaeec097fb","nonce":"37d649d5002b2c68ebb689af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"1792a6ce924a2c22bb5360392463e2a79fdc6d32adde5dcda587024445b5a3105ad1215268d6966817cefda613","nonce":"37d649d5002b2c68ebb689a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"6af30d623aea5af3bebf49b8ea06683c8238615ef13ff71177d4b46a6183bcb03f9d1f861eb62136194669189d","nonce":"37d649d5002b2c68ebb689a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"1f2a0e7b99cdc535188e8f5488180bd7d9b0688350c6b6bc892f1b1069116642f63ae417f94d8c9bf3603e5c0b","nonce":"37d649d5002b2c68ebb689a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"64b99434ea87702f9554c26542ce4aca40b3aff4fa1d96b35bb8c7e7d5006898b00c9325caf21deb05623cce2f","nonce":"37d649d5002b2c68ebb689a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"108cd45be010ced874fbd083c1cb32faf30104c2e0cf1b54e5a820efac37240e93d14ad6cd8727e81cfc87753e","nonce":"37d649d5002b2c68ebb689a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"3a6e15f8d57c1193222f57c8eb1c5824988308241ced5a242aaaed886db9fdd5c9cdae732a9dad10251a5e92d6","nonce":"37d649d5002b2c68ebb689a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"ad00fb5e0658f92ebd4d8b650877355f510c8e09347f2543c00d01f5501f767596c6a81df0675b0e244671105e","nonce":"37d649d5002b2c68ebb689a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"39381188d3047df6736841ea3e99ce060bd9cc64fdce477f092bf1525bf9f72ddc9a98faa9fe0d2309da05a083","nonce":"37d649d5002b2c68ebb689a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"f818d61acefe32504845ef133267f32bbb1dd07ce8cc584d022d30454ec9411ca0600fb9547ae0ee140097e97b","nonce":"37d649d5002b2c68ebb68998","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"fbab1ae8878afc9f6f047bc758a411c62c9baf7dc258a8f03176514ac4df9dd306e468a8a75c2f06271e66d168","nonce":"37d649d5002b2c68ebb68999","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"a5832a642a1afe72ca1dfc3f0cf04a37689e03fa8bca57040201c907b1ede4bf6906c4237afbaf1d2261958f57","nonce":"37d649d5002b2c68ebb6899a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"ad1f4454a45fdf17c1fdf552b6b740545f30bb8bc34a1a60599ec1e9dfc0eb94535765fdadc96a97d8653c1f79","nonce":"37d649d5002b2c68ebb6899b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"99de1e28fd4f46f870d02424dbb77a098a99053e09dcd30518214f92dd826bad29ee27bb6e17828e677e146d65","nonce":"37d649d5002b2c68ebb6899c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"a802a38ad0a1708860791d4229108bb1f11932c9a16a27afd52e5058fb3fc67e61311f6d211aeb20b4606818a6","nonce":"37d649d5002b2c68ebb6899d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"5f53dd685158ff9b2a42e0a65e3165d922c9ab659acf87c28bac9ad312909bebcb2d1f9496b143b19444906a2a","nonce":"37d649d5002b2c68ebb6899e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"c3f79b9e38f8b9cccb753b7ec65282454433dc02dec85485a996c18019d4be6d80edddf19aa4edc2c4c4266578","nonce":"37d649d5002b2c68ebb6899f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"8da93d48022da0b4e42a733cdc2ce8c73dd9da9f5d31fe904910fb520982852e3e6be322dd9b7818931eddfb78","nonce":"37d649d5002b2c68ebb68990","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"411b7875e0896a35d937254494c0560c7977520cc139210b967fe75031b39ed511baeea044c929bd601e07d76d","nonce":"37d649d5002b2c68ebb68991","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"cb19d476b97dbde4e3ca7f00b932e10d39a04fea647f45d4f2137164d890434dc9968bfab85b41980b9b50a12c","nonce":"37d649d5002b2c68ebb68992","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"a88b53515e34e23a5d1520908376411d60ad68255a765a3b935ac9b54c67cfade3c9b595b261a0c2b331cae01b","nonce":"37d649d5002b2c68ebb68993","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"cbcbedff21b4f904b04d51facc0194228cd7720622754b2d92f39bebd60a91573b67cec6d251672ceeb1dca477","nonce":"37d649d5002b2c68ebb68994","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"322b26cc5c93d6aa4ab6132ce7c20cd591cad662d40520d962d043bc5d601846822854c93911a83800dee9e50b","nonce":"37d649d5002b2c68ebb68995","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"64c29352548d848fe2fa1562684622250b2b78f94cd7d7e5d59b9117087b58bde57598e2093b29d80068b65a7f","nonce":"37d649d5002b2c68ebb68996","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"c13e98c268bd7c274f3df381159f0f0359c087f1e39de49aa5a2d6529c2debc0c4dc7bcd4aacc72b110279abd3","nonce":"37d649d5002b2c68ebb68997","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"e7599fbd1063a9c0f6b4f48dd24eae0ff3d5d6d7d1e3a15d8e3bd4347474b5f874e15bdcba79d1a7e128c49793","nonce":"37d649d5002b2c68ebb68988","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"fcef64c8cd59ccbe5afec2609d9ed6a563f4f2459eba922b9ba731ab201655b2342f2313e0dedd72c54c3ca646","nonce":"37d649d5002b2c68ebb68989","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"04db3e12094f8e688bd3a85b11d8de7283d086d944dd4dddc4a2fe6a16228e225cea13f063ea265d58aed1c30d","nonce":"37d649d5002b2c68ebb6898a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"7fabf4c81a308afe15f72662755bf42b52a372333e2cb589a1def942000109ff0926b1189397c0aa0f41610e38","nonce":"37d649d5002b2c68ebb6898b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"f762ee1832f55f7989299b97e56106be08f8721c1ea0fd611e43959c13325faf763f68b7f1c733085df6ecd11e","nonce":"37d649d5002b2c68ebb6898c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"0d3f6bb8fc6135af535a579aa6bc04b32525c9c199a222a9058c01532f9d8bc5e422f2ee7d0fa5069ce74789fe","nonce":"37d649d5002b2c68ebb6898d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"0c7b633dd6650ee8e58294e8137fb83031722ef666da97ab8a5e84c4a4976c592844934d0044d11e032c14a61c","nonce":"37d649d5002b2c68ebb6898e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"2adc90756e2329bb52d0a6b92cb210b0ef1447bf8a13a275074fcb343e05670d6fc791fab71fb11b9d7c0c2bbb","nonce":"37d649d5002b2c68ebb6898f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"463db359c9b7e883166f16f0551ce1a1aa68ce59f3db2d7b4347bf95a2c42534c6e9f5124d622b837849c9a2ec","nonce":"37d649d5002b2c68ebb68980","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"fc95c3f67ddb7917ce2488348c9c7e31acb94b09ea2220b35e772442440af23df7f5a093783ce17d277791712f","nonce":"37d649d5002b2c68ebb68981","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"eb9fb7cb23bf74a7da8a963f595d3167dacc8bb1f5ff1f243ec8a3f3b60b80dc15aa64f3a0cc41c6d38c28941e","nonce":"37d649d5002b2c68ebb68982","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"37e0ff5fa84a1ab4411f47ec86e652a01ace9259c88be0a2ab3107354912d0fe248100ca2d3de548206c84498a","nonce":"37d649d5002b2c68ebb68983","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"c296bf40195566909703f54fc06525b34fa688a6d76c9acf911cd798b687f6e815506e92c4a9c52d506bf8c790","nonce":"37d649d5002b2c68ebb68984","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"952d5f8ec0d17fc6c58a33d84e0d85fa979d9a79d21a8ecad83603165d1aa321e8ba8421f819d7645d64c7409f","nonce":"37d649d5002b2c68ebb68985","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"c809060ded3801d2ab0201aba83f81eae77500105cb97ce88b00139974a251bbc9bdfba7bc0182bb8302d2f8ca","nonce":"37d649d5002b2c68ebb68986","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"759ad1330cd17fbb71d0bbfb2e6a4ca835c9505c376becf465b15bb9681294477f27fe272ac99bda48a15a9aaa","nonce":"37d649d5002b2c68ebb68987","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"b6cf8099aa63a6d0869f3bdfbbbb002ed73a58ccd6bf7a1883eb32b79ee945261fc23135b407e37e1bdc8192aa","nonce":"37d649d5002b2c68ebb689f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"032ce41318edfb7253b15ba6911759c8dd84301e76de209a0d848d06530cc1fc4668a80288d129f93be9b7019d","nonce":"37d649d5002b2c68ebb689f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"1adab8b4f77827d451f874a0e50969563bac9314b67baea0bd7b2ab68d041497044088904bdf406c3ca8121bc8","nonce":"37d649d5002b2c68ebb689fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"aa4d700ac13924897fe3041de7c829a34a2864c18d668a1f736c92229fac03b1c0f847c546bb5e456cf1d45604","nonce":"37d649d5002b2c68ebb689fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"244b75a5d72dd4aa46ce1c288979194e6de80dd116d6adacfbaf49921d90f316b02b99d3e17ee6115b40ddb5d8","nonce":"37d649d5002b2c68ebb689fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"b9d379752ecfe7204c1e40e267312df68d616764bb15d619e056744a74fc67a146171dce8cff72334afa7edaf3","nonce":"37d649d5002b2c68ebb689fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"6593716ebe1592affdf31c6df21bd72248d1cf2f22e6c93a4cbae79c4b976b6e28c9cad4712ec15ffd61204ab2","nonce":"37d649d5002b2c68ebb689fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"5eaa6ed52cdedb1cfc32d902f8ca093c5184702f89662b9bc98e933eadb070387a4e6a6683bb6e3ce88f3af6f5","nonce":"37d649d5002b2c68ebb689ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"264b6cbd776f65f467bf90ce20530b38a29c33957ddf6efe403409ac4e96f851527b14b2b452579da9b44289df","nonce":"37d649d5002b2c68ebb689f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"5bd03cdf8e753540686ec722c90b4d3a08d2509a18b2b59efaf63effe1db17463a5898dfdd6d655e8ce7036b35","nonce":"37d649d5002b2c68ebb689f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"55ae513623bcf70756fb30e273b248fdc32568026e0e07aa664cb20067bd55d56472c4d4391772869d301025ed","nonce":"37d649d5002b2c68ebb689f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"d02a5e43e749fdad566e52c9d5d229b5b37c359e8e9b5ec7ec8ff4c0c6ef2496ce69a9e062652c2a62d9b79a66","nonce":"37d649d5002b2c68ebb689f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"a1513a68c96364806967f696f8d0d10280ec9578c12fa5f69bfbd04a483156a7ebb58cea6b0375d0c1b6df1d1e","nonce":"37d649d5002b2c68ebb689f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"444e417cae78cc80fd8bc2c60dee0e75d359d2485efaa18672b9bbd9450f52d20287375f9dea20904fef0c24ba","nonce":"37d649d5002b2c68ebb689f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"4ca37441a44aeeb6cb8804f8cd3037cd527e231b99afe1b6bcd3d63a8df8622543b829ac573de590b4e76811c0","nonce":"37d649d5002b2c68ebb689f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"b4101d64941d7712b0c9034f6b7e16b190bf998bbd848653758f8b42f34b84385f5bee751454985ba862bb4e94","nonce":"37d649d5002b2c68ebb689f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"a8f055e43cc944be208c7896c44677ac47d6f8209fc4c7c50c996fbd2e50be29db475c434495a884b621f6ad3f","nonce":"37d649d5002b2c68ebb689e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"c5afcab856e27ab895d26acb91239e94220b8b147ea2113c62480c51375f53fee4dd6dd1547bce68792bd7b8a5","nonce":"37d649d5002b2c68ebb689e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"91114d822950dee6f15bb3f8ebc5424febcf48458da0e1a2c14eb7eb7d1f22544cdeb3f111a768eb5b328ab23f","nonce":"37d649d5002b2c68ebb689ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"93952177ea9777c4e0b0024ce58b82bc40cbbfd7e88c488186eaa9ca41877ea665b92ddfa0fbd96e7b9647f4f0","nonce":"37d649d5002b2c68ebb689eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"4231228bb7cf8c65590794d1ec3950d8a3e2d18aa068e2e2e273c3445e85287dea49da294ca9611fb993701332","nonce":"37d649d5002b2c68ebb689ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"9c0d3d5796d66f27643bb17a1c169b05a202aaaeeccff69cf4379aa314b56716a44fd3998e7899428fbacdde65","nonce":"37d649d5002b2c68ebb689ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"f938e4fa22ef90b5c41a5add89fed445d8c1cc79a48d2b8d772d7c421e48ec71c27210bac777bd258525e59bfb","nonce":"37d649d5002b2c68ebb689ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"8cc16da3d890ab843d0023b5b57e9ea867aa92431ffea47a12bba3ac2f839e21d3db9a33b1c43ba6a578af56e8","nonce":"37d649d5002b2c68ebb689ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"10d6c0d5c617a4165ec48d83ecdd5fbc8afc42f8a01ce0eb916d4f32c5ea8dc582dbdb30089ea4ea8ecf8fd71f","nonce":"37d649d5002b2c68ebb689e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"da1359bb1e46f07f34c8372f25501ff18bc2dc862a813b28a0e1019c4faaede68938cbb3caf3bbfc42b4cd3627","nonce":"37d649d5002b2c68ebb689e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"f5607e57990b108dea1644737564a210a6fe5d655c1d09e04d40c496a25bf85315ca1f2074d3f76948171ccdf0","nonce":"37d649d5002b2c68ebb689e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"5639868847d554637871ca71abea848304d4a2441285e3faa6363d04811cfbaf5675a01588a04adff840e8c6e4","nonce":"37d649d5002b2c68ebb689e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"a64aad7d44e1832eb9174e8a660a8107ef925d530300169807351268eda1356eb4cc0e92704e51be1f953a3601","nonce":"37d649d5002b2c68ebb689e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"1ad9cbe13d02dd2d21a9b8d656f7bd9d7ece7a5307f1b943c94616d498e077b6ba713337faf428b6ac86162a10","nonce":"37d649d5002b2c68ebb689e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"fa01a6fbda5c99879a45621c9207fc54e802ef24528c81ea6fbfdf7c963904298ec9e5ae4add317f82bb0e8bad","nonce":"37d649d5002b2c68ebb689e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"a1997973c302dd707ac88fc747d70c9cd222ec26644eb5c2e8ee26b843de5a21960a9cf19b1e04beed7158e262","nonce":"37d649d5002b2c68ebb689e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"ef13804b236158aa3734c0cb301a6a95c804c3eccfa17490b28e910aa5ed875840fc87dd4d3171e416a856aeb8","nonce":"37d649d5002b2c68ebb689d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"5a1a0144f9ff98ec131c85d2c58f04097a0c02b67b9c706403ff59dc46f7ff659682425b7275dffd6fed243a9f","nonce":"37d649d5002b2c68ebb689d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"ba3881aeb1ff4f0dcbaf86bd48524e40d397667e2ca357591456ffef2b84f0e3162208ffa9a05471b01e86f877","nonce":"37d649d5002b2c68ebb689da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"d02d358bbc5e8f61dbd8dd12c66d7a5ea8f689103086724b8ca696fdda582591faca0d385e93de2a79346af444","nonce":"37d649d5002b2c68ebb689db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"72e0eea434d73c373f3faeada1528a30c4169a7cd77bbc191c8288bcfd1653a71aaa950b4c3ec8c1a61268d5bd","nonce":"37d649d5002b2c68ebb689dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"a8325f5c9bf093d752e4f3e8096f9bde2c0b381254a259b81f2f1caea44a9fed898d269fe7919a5890a43bb859","nonce":"37d649d5002b2c68ebb689dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"bb10ecb0b3d113aace5a29398c300fe8e49248c79863872c5d0554554a8b774189e23cbba2d3e265167b03cab9","nonce":"37d649d5002b2c68ebb689de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"55a98a88da20b311d14df3179dd7f2033dac49dd7f68fdb2a2808b7b39b87923821f7c34270085ab8e13123159","nonce":"37d649d5002b2c68ebb689df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"73bbc1fdd0553b166699fff200b171fd668b4a99cb7e54c06e03fdf2819821db6274a7ee583d5ab46280d56d8a","nonce":"37d649d5002b2c68ebb689d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"7feaaf1d106cab66e24fc7c26ebd9c22df136762d39f0d9a617d5f5ba7f8497db5bd7714ba3e9a3e3c3ed26921","nonce":"37d649d5002b2c68ebb689d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"4752729e43887fafe81120dc1a7e2316465ac07c9c4a496f0bed749102e809df762a88bd16a7aa85a494974e4c","nonce":"37d649d5002b2c68ebb689d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"dc3044878945b179f4600b736cbf0421ccbdb6ebd9cb3b81fce4fefe8c134e79675f816a01317135fbe98dc4b8","nonce":"37d649d5002b2c68ebb689d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"a150b6a0ddb0bab313bc4e1b63d9dc74f6617c7af7884b60396e71ec307b6a451014c13cbb4aa3032243f39e3b","nonce":"37d649d5002b2c68ebb689d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"95951e94694458d1f097fc2a60e36efd4cfb66aceeda5333989ca328f7b1dddc0fc77dbcc53c40a763e5b1ca8f","nonce":"37d649d5002b2c68ebb689d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"5d01bca0089ad5d327d77f544049e5ada478ee0fd3bd45b80318cf6c86d9a6cc84d2864fcfc1f113781494a6bb","nonce":"37d649d5002b2c68ebb689d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"11ec9d2c591d18a92d2e207e3a6f19dd887c703d6851bf31df17e5b6b0bb8242451d480ee98b0b8d02baee4a9a","nonce":"37d649d5002b2c68ebb689d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"f78b75200fbad90396313f6b2077cd33cf76ba174d872ed381c482dc62275199f1821b97e6ef039bcb0d0cfe86","nonce":"37d649d5002b2c68ebb689c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"8934f6af9e5414c8266b2a0f9810ec619199d9fa8656e7de96f2ce2111386210271c5f2c20087729bc3eb21d56","nonce":"37d649d5002b2c68ebb689c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"1892a98a0823f0b62574eb5f87c973ae002a4d7337d0d9596ea6f6a92644bac662448a3fee4381b5c7970a8b32","nonce":"37d649d5002b2c68ebb689ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"7dc5014de9b92e7ccaba8f2ef63fe2e5038b7f126ef87064d97728922aac7d8002c95fdcd793b638da2ba24071","nonce":"37d649d5002b2c68ebb689cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"60d7cb0a072695adddff2898da1b97a43b8d7b9bc3a13797f5832860bfb2ad6741c6fa6e454be61d757fe96f74","nonce":"37d649d5002b2c68ebb689cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"5aee82e04c7e929cc969b09bf542272cf6f0801cffa34e39b3aa01bc5acce379398de0a6d92b6cfa553ab6c81a","nonce":"37d649d5002b2c68ebb689cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"144b63247c56c92b10409d3336c876f68c538ef3a16faf7623f5dad0b88a0d79be14e68c45ebdb6e85dc7df4d2","nonce":"37d649d5002b2c68ebb689ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"6a8689364900885906df3b24990cc919c82e0b6412a06dc0f6cfbb5556630f234713f136de586ac2cc47d8a7ce","nonce":"37d649d5002b2c68ebb689cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"5f618b08ed3fd286aa2bef14563252e8532f6f3c3ffa4003a4dd7493b81b3dcd12fe58f025f05c7b7d80e46820","nonce":"37d649d5002b2c68ebb689c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"576aa60df7663249ff444301e3e58b1d1d85f2b808dbdd14f85cfeea89e20e65b83d5052cddc1154504b64d44d","nonce":"37d649d5002b2c68ebb689c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"7fc7eed626817cd929cb5ad208371050898ab9487fc3684defddb5349ee47ae5dec9870d6b4a536864c90f40b6","nonce":"37d649d5002b2c68ebb689c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"eec4e903090d74a7eeb7417b1c3a3f91a9c68cc0d57862428f4d4fc2f4050eb89ffe9520b507043833d72fd3bf","nonce":"37d649d5002b2c68ebb689c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"577a6d2bec95a886e1e6dab654f759c1d29032192ec238f26d11387c8e98c92ec8abdc90bc6ca8591ba182126e","nonce":"37d649d5002b2c68ebb689c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"9d5015e1ed7dd5da93190394bbe07f8a08d3eb63e8b12c01781898f081cfa571bd621031c3132a58208c7e42ac","nonce":"37d649d5002b2c68ebb689c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"c9c759a3fbf140acd3afb6d9e02f9eb46d9eb0cbb992b227c1045d1b2d78eec5b305dc1fe2dc5c015dd7311708","nonce":"37d649d5002b2c68ebb689c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"d64bb14fa48d67b60e6de8553a0a9dd874e9176e228784d63ffccc873d8816a48cca47f13d30519c760a695fcb","nonce":"37d649d5002b2c68ebb689c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"0ad01344dc07b08f224287a1cd2fd26101f5af857c3f2e234c6c7a51f31c4cd020149728760ca6f79e10d39caf","nonce":"37d649d5002b2c68ebb68938","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"d6ca9a2c36511bbc8f19911ad14b505bad28bc09effdeed33751a611d5c6018fe2d2dc05351ad444bffa1c3e6c","nonce":"37d649d5002b2c68ebb68939","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"4f92f39da89342d840da0b5589376feed1522f701512e0e90ded04ced39c5ed3c09e2dcd58838f7b5b3cb3e560","nonce":"37d649d5002b2c68ebb6893a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"3016790119f7354834a351a5fa25e5be6bf7eef36d44f8e8b74f890bb18011f3243c6b19e8c812f63c139dc5c6","nonce":"37d649d5002b2c68ebb6893b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"92754aa57bd8341f82d8e235ccfb2c89bb2e927f856a9b66e6499315637c2681d00b44d1d2985e1d3d7a4e92a0","nonce":"37d649d5002b2c68ebb6893c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"7a4abb7cf8c67f9df5748cf283bba46d9c86a4e222224257eb79e47d53cf2323288e251c31e853a8623c2d55e9","nonce":"37d649d5002b2c68ebb6893d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"330fea7ab291c84bb885890b9f6b6af2d5b65daa64213eff2d0c106a0687d635481e9dd263e2f71c6554ed067d","nonce":"37d649d5002b2c68ebb6893e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"16a23f91a7e62769977e0c0bc1b8b01b1b8668102bf3f8b9305102efff5751c24a12c38c79cd59d169f0b1537c","nonce":"37d649d5002b2c68ebb6893f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"d8f465beab7d25c5179fe1650328a72ad97a6f321010d2d91484595998952a7d58102694290672103281c0fab6","nonce":"37d649d5002b2c68ebb68930","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"c5ea19fe728f972ca52af794d5ee04fdf5ee44ff6387e979fea67013433a248478d6ffd3d63330c59121985423","nonce":"37d649d5002b2c68ebb68931","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"de80cf49b9696bed7012888022c2791b139c012ffbb0c90603ef38d1a438b5f966b5641152acac41b17118a647","nonce":"37d649d5002b2c68ebb68932","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"878ccfefaaaf7d561d1b2b55ca55527f89ee17bc4ffaa47bdd2ae7e59cfc6a98ad862a8299dbf37de1c3b4c3ce","nonce":"37d649d5002b2c68ebb68933","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"2f2911b2eb2bdee66cf3820e3069a364a9d542c9460104f56640f5318822b916cbf4e577f7a7d4f56c5e6c9c6b","nonce":"37d649d5002b2c68ebb68934","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"2363f500bedc1785f4549873ef25215c9543bf8cd3fba6b3b65006cad673874cf821f800454eb80fda74c3f534","nonce":"37d649d5002b2c68ebb68935","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"8e23c40102c619b0d8aa1d4583c215b0186d4cbb8aa02c182ed5e35148f43994179bdb051bdc691508c383b05c","nonce":"37d649d5002b2c68ebb68936","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"ee67932bf2f001ac4cf92d28cd03a565f0875bdd980838b789a37420bec732b6c0a5459363a9a7fe4e20b2cc2d","nonce":"37d649d5002b2c68ebb68937","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"3deb90c08f0747b9362431c60c541b056ce36fc731a3b9ee406de0c81d588e37536a5c7f5ad4d6beb1b4af2a52","nonce":"37d649d5002b2c68ebb68928","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"929e65658d82fa56766f9f9c0b851393f04ee518921c58ad779cda687f5274e2b496dc9c3cf7b18a3582aec44b","nonce":"37d649d5002b2c68ebb68929","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"917266bc3303053446c0d962cb395a996970d9ded0f9f8702eafcc94eb8a985d72937da97e9c40675d09f68934","nonce":"37d649d5002b2c68ebb6892a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"c179917d664ee1f67266d062138e2d77c23aa40918ef9e46fc35d98d92b5fa452d3190253ee99d5c15b13d3ec0","nonce":"37d649d5002b2c68ebb6892b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"8c9d9f5d025e720768756d0751424d6a1f2de70a16b650b7eb293793ba3b527d79764cedf821d461a290914bff","nonce":"37d649d5002b2c68ebb6892c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"bb4d4f289acde855d4baf329e620975d3ddc3823ed6248453479d2e1c26c0b4a106c15efd3513083a9e1b8e409","nonce":"37d649d5002b2c68ebb6892d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"73e099d778bc3e123bea04a8407438e06ffe35220a473081326600e8bc3adfc6f4d52aa5011f51354678b02a37","nonce":"37d649d5002b2c68ebb6892e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"f19f244084b17edf7fdafa3ac5470d12317edf568a1d8d9146c3f0aab93396ed8155e4b0410e3cbee43e91553d","nonce":"37d649d5002b2c68ebb6892f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"acb212a00e2bc41b6619ff65c24f32e07e4e9f302ee45e1357632369cf0d6be95536acc43a77f29b6f48d46b68","nonce":"37d649d5002b2c68ebb68920","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"e6ffd133be7ac2b3bccd2a7ec1c8600a0f2e493bed8d0d5b84c9461277529e76766225c1b9f68fecc2a8088258","nonce":"37d649d5002b2c68ebb68921","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"2d8cb51cde0a7ee280ee7f67bdae77ccf05e7d68e8eb89307f06705892f540f29e96c34016d496d9d340f8b2d4","nonce":"37d649d5002b2c68ebb68922","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"cdc2b711f1f05b9ed577dc1b11ce1b4ab5a921cc36564e6e762fc5115be2f61c2dabf8545fcdac08d16212e47d","nonce":"37d649d5002b2c68ebb68923","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"7056053a860714eeccaeca7d85955292fbc48cfd6f5f5650ab7d08f033a22c0dec3030a1820c26a67128928ae1","nonce":"37d649d5002b2c68ebb68924","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"3425b4d93a88d75bc90d6bfcdcdc52cd28d14fd8c4c90d591e7ddaf8f9a57f1f388f73fa60834922c9bef53ba3","nonce":"37d649d5002b2c68ebb68925","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"da490897ac8a98fe577df66a0f41f9332cb6e6829979fe4140b165f5808a1163e2728ccc657ea00e05175f12ee","nonce":"37d649d5002b2c68ebb68926","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"23acd278b24aaaecae207bdfa449c58bd1df0f8b7694d2c298256184bf388c4e7f7f79c6393922dd8f42af64a9","nonce":"37d649d5002b2c68ebb68927","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"c532f1c7bdc0418c134115dd29579c4f676dba7d570caf14b2e2763ead3723f5914c1759816696d8d2685d7fd3","nonce":"37d649d5002b2c68ebb68918","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"c10d1d4819561fa997bafdac7a9bbcf76e2b76f528131e65e2059f82a5c548527f80eb11e627f8272f006c4b9a","nonce":"37d649d5002b2c68ebb68919","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"e407ff19a2c3e808348486a2a671c39c3fec5abea2703fd8ab96add56fc549f7756ebaad076213be0720db90e2","nonce":"37d649d5002b2c68ebb6891a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"02120e7a91bb533e7ce8e5d477b6010a5133f6c1698a967e13dd2bfebea01239ddce7ba35a716cfa4427c582c6","nonce":"37d649d5002b2c68ebb6891b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"ed4e54b51107fe630855cccf3280365d6887c4f7981d77a2cefcc525bce72d0996b7c31c6743859527619af660","nonce":"37d649d5002b2c68ebb6891c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"f909c4bf5fcce9cc86e0c5589e528de4cee89dac3edf71808adf0525847102e52be14a94f42c33e7f3731f6a4d","nonce":"37d649d5002b2c68ebb6891d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"5b167f04b32262fbc2e153533284ba6ab6b35e286e9e978b32d24126cf207d24af16d70b1e6fecc9b4f0fea786","nonce":"37d649d5002b2c68ebb6891e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"648bb5c9e0d8f05dc28952bd475cf40de0274f93e368cd73dde8886b2d72b6dcb42c466aca44d2d7e551312a1f","nonce":"37d649d5002b2c68ebb6891f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"c9312228cea81e603762f5ebebb41c6a8136c2bb79c7f7583bbdb518d23fa8a35e523989862fb1e1a7c951012e","nonce":"37d649d5002b2c68ebb68910","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"ae06fae9ede5688ef7ef15cc5acb9c79e6d99c0bbcf5ee2bd52384f7ed8c6fcd7383cbfb3a831f742868d16ffd","nonce":"37d649d5002b2c68ebb68911","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"575a4e47e83e96bb86fb31f78f7cf10332150c6681308631c9debe1ac29f280351eefc2efd2b0a1c339a83775d","nonce":"37d649d5002b2c68ebb68912","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"d4729bafc2f01e97f50ec9f182734d502d75c6093a27af6a70131a1d43679b74f9262f7faa36eb21effaa098c7","nonce":"37d649d5002b2c68ebb68913","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"c742aeb93a3c07f885c713da0120a942cabdb7677b7b7d6590f3a9bff9a17852cd8d3ce123d33dbdbbbf18ffa7","nonce":"37d649d5002b2c68ebb68914","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"5bf91e3a35a4882e74e05eadc12559a9fd82e300aab2d9187a1df6bd5d3435ad4d045088f2a205aedcdc63729b","nonce":"37d649d5002b2c68ebb68915","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"5e12ad14f05b3974fa2fe2aa239b2cc5d297b3d5f96251b144aca5982eb3d018d1e3c52c826d205c5ae9faa2da","nonce":"37d649d5002b2c68ebb68916","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"3f4ffea7d35433a33cd5e80c2d689bf51ac98b4c69c25aeed91fd9ddc87425665f30850840939db14983026333","nonce":"37d649d5002b2c68ebb68917","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"2057e9e3c8556dda78b685e22ad30003958db310d55732da9b60795dec088a4a058c44fa347f193e45b5ca4fe2","nonce":"37d649d5002b2c68ebb68908","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"6e6c1d3169f57f8ffa23733e78037736d24aae03fd3542b7a7fa119f16d0792f806690a7e94412a94e59311c69","nonce":"37d649d5002b2c68ebb68909","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"65e0bde261e19c17b89ed600f39d8a065ca663f503649b884d1a8063d2d2482925c1ca172702fcb945733af5a5","nonce":"37d649d5002b2c68ebb6890a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"15d3ea17947d31fd2ac69705951ce387ebc943d8b6715134367a8172a1bb54e9ab63395f3fedfdb8d450fd9d95","nonce":"37d649d5002b2c68ebb6890b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"8856cc4730f24881cab8e9815559f6213ac9a81013f72450ab7e5c47f974f97406ba9e9850d0d68608e5877179","nonce":"37d649d5002b2c68ebb6890c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"8f0abd91ebab29419131dcf115a773f065e614394b7996d5e06c33916c086e0bc358d94a74c0c164dcc65585c9","nonce":"37d649d5002b2c68ebb6890d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"5b5532e2be5a87f27d9bb4b8d25fbaa9c98347c6661fcdfb73c8cfe30e8df8431cb8210fcfa92405a970e4430c","nonce":"37d649d5002b2c68ebb6890e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"2c9646a659dd36d1e678867b2ecca55be54537d08616f1a35deab698c147c5f31412743834fc6cea9e9f5b9b84","nonce":"37d649d5002b2c68ebb6890f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"f32902b21405e13ddd8d188caa4e2b80da38d7b25c53290ba7a909026137de7a06a07705aeb5f28e5a4a29aa5f","nonce":"37d649d5002b2c68ebb68900","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"8bb52545e9eea0832c82fc60f504c73785529ebfdff693724e65286a523cdee121e37afabd841bd08f8b274e00","nonce":"37d649d5002b2c68ebb68901","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"50ae23731653b70b6bb48578bbb5987614f0bcf9ccf79c1281ffa9c4fe499ec5ddcf650911714298ca500547fc","nonce":"37d649d5002b2c68ebb68902","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"e8528ee4d08724ba69b88a54024ee8fecb6a9a6b1f5c71162b389fb05479daffdbf217f3f7757e6233fb0d22d4","nonce":"37d649d5002b2c68ebb68903","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"143ecf51f45219c931b4c4c7ab262e4f1447b545f4b0419e69c84398a7c22351d9617a1931ce5fccf730691c67","nonce":"37d649d5002b2c68ebb68904","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"2a76fdf6a8d57b39d0796b85cca0cb276b6f52835ad6f57631feb90d2601a8a634c786841c252ff26dfe01b2be","nonce":"37d649d5002b2c68ebb68905","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"39f2e813947b4017dc184452179ba1acc6227ab1cecbb1d7de5e3561a3b42b282667d1ae3c32eb288b73f42efe","nonce":"37d649d5002b2c68ebb68906","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"da545fb786875ca7a7d59f456b119bfd76bb7b430cb92e855faa203ee01bdf443cc2cffe0e81dfcc98c0d02595","nonce":"37d649d5002b2c68ebb68907","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"4e45fecda4a168b481981ca1c1ac38a8eada44960f46d66fdfa61add49f3389318260dc1a07553d2d55a147481","nonce":"37d649d5002b2c68ebb68978","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"14bc71858c9790c38d3546d05eae283a8aac524843583311e2825f82638c236b48add8a1c6cac9856468954ae4","nonce":"37d649d5002b2c68ebb68979","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"c34f6264b8c3c51ae8b42ec8159875b72aa3db2477a5995791ae5d0fe6e623dacb2a17208100692820ec8a8a25","nonce":"37d649d5002b2c68ebb6897a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"3b177edd66e7a48dbfacbaa841526bd984027bd9fc15fc5bffe1c092a9903a09cb00097060922faa17790e970f","nonce":"37d649d5002b2c68ebb6897b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"74eb4914beebfa46125f521cb978ef06b269bbdb63a2dd709d32d5f8a82350162c152b5aaa7efacca675a9f3ab","nonce":"37d649d5002b2c68ebb6897c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"bef0fff22023a977efeae619f13928b21e8fc9379d1e1c5ee292f2f3bbbe96f9dec68fb59ef05ea847aa006e36","nonce":"37d649d5002b2c68ebb6897d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"e3a0626770630b1cdeef52263a7315321a7cc9712dcb35237b4b76bb4034ab2b8bd8e27ba05421f4b093b5e97c","nonce":"37d649d5002b2c68ebb6897e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"80926703f7f4be96626fa0286f405319f93d4c0f5dbb2f29f6d7b3c70d5640d0eaecbc662917b0152ed728ea33","nonce":"37d649d5002b2c68ebb6897f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"9adcbef9499dd3e0adad72ff0e9c5a5a10f394819bc06b411640b336ec60b42ac6676386a77b828adf23f8a3c9","nonce":"37d649d5002b2c68ebb68970","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"5c0e0cf013c020143737331ad17bdf0c110accb7d41a29432096dcf6edd61e1618caf65358b119975fffc69d71","nonce":"37d649d5002b2c68ebb68971","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"65decc818f436c818b6da34bee586edfbf36e2cc0da666cbca3208e05d38f57ceba91d2ef101e848b9dad974db","nonce":"37d649d5002b2c68ebb68972","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"30cccad809f1ef613352ea6763753078a9a19452453784aed5f06ab860f7da1eee32d2558a420c6624a77abd16","nonce":"37d649d5002b2c68ebb68973","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"f062edd53766827aad6e03db61e91b9fdd04ac043cad5091a8e96ce4e0d73b0d7d6c62fcd9975993a03260ef57","nonce":"37d649d5002b2c68ebb68974","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"210dd9cf6b0f4fdc42cf252638d868ab814b9a69e5762d36c7d48c562d5bb3c0856b05873be76a43a790a0cbeb","nonce":"37d649d5002b2c68ebb68975","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"a8333dce07ddbe1156e192e2fd4ba875d6778030de9a311cfccf66987d1998f8d87efd1fcc0ebac0dc5f6ebff2","nonce":"37d649d5002b2c68ebb68976","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"00835734f425b8c3ede0ac0589c8dbf13bcc0c09caa3daa38369baaaf7fdc462f56273cfe67ed462d6c65af543","nonce":"37d649d5002b2c68ebb68977","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"ddcc7a034e834af3d03008a2c7759652672a9545b317a9afbd20d95e890bb18c980555cf269f370a5b20ca1564","nonce":"37d649d5002b2c68ebb68968","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"6055b98bd470d6ec5b3a7db621a8a446de8f20883aae5f73f94e8702308221876e52f0e497075ebc46387981a6","nonce":"37d649d5002b2c68ebb68969","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"efeb0da1f8529ea1def643cc75d28c26deb686ce5ed2988e00527e9449f22bfbe371d52c90f9b7093d2fb04845","nonce":"37d649d5002b2c68ebb6896a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"84b61c5e7289ea5ba9215144ea7168c5cf2131a9d406b741f7f02b709a1014ee5faf859e16dc11b0f6ee072a4f","nonce":"37d649d5002b2c68ebb6896b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"b1db3af103c4cdd2ddfa1c96f31f79b22d02709f0f06bc5b1a6dc909da6cf77e5e778ecd387531a8b811758596","nonce":"37d649d5002b2c68ebb6896c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"0d20e07c19e4e1fd572a1e6e1467ff4bd1cd0c6a70b2b1c435c91c1a53592d26949752bc84c1c0a779d97f6a46","nonce":"37d649d5002b2c68ebb6896d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"78460145f6ff127fe7929e5beb1bb7ecf57612adc7829d8448fa2f10b17ac1a0172cbf946d59f55156211d55ec","nonce":"37d649d5002b2c68ebb6896e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"ae31fc5dbeb3708835e750c6beefc23344b6935dab1ed76943d5bc27a8eb4888cdf1be4d3cc0f9bfab6aabce8e","nonce":"37d649d5002b2c68ebb6896f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"dfcb9c3e45d51826eb3a16d790115ca481954e168ce1c75a30a8646d6bf0b9d562c764b5575bc69462a8f85e28","nonce":"37d649d5002b2c68ebb68960","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"fd23eeca44c2c551bb120dac1df7894880d0c254b55717b9803a7c1ed0eb49c600ef01a35dd4ec0caa365c65df","nonce":"37d649d5002b2c68ebb68961","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"1607c458e259350614419a4f8c266d794ef6d2ed74f02e644d1666e180440dc0a3e4388c17a85b42435aad545c","nonce":"37d649d5002b2c68ebb68962","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"158ce6cc97e556a392c7dd4cabe1462bc251d53b12dca479fccd7e789ef6ce72b01f8b29e875d304abd46a00f4","nonce":"37d649d5002b2c68ebb68963","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"47bb42c29f5e76ea28a4752f0aa681e66b792af4bfa3a806da1ad69b221717af64e0a3c933233346811b3e3ae2","nonce":"37d649d5002b2c68ebb68964","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"75f03d0c78a21e35fef7af05929ac0aa2c77c53411b5c39c9b1d738d69fceb8070d7596cf388027e7a849f45b7","nonce":"37d649d5002b2c68ebb68965","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"f8baa057cee8d6732694e3cbf77587cf59ea690b69d7c3dea7cd5bf2444406cade7a2bbc0ffc9efaf7db6b469d","nonce":"37d649d5002b2c68ebb68966","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"6aa2ff97b3b8d2f72cf4ef609c26227759a74995a69939c6118eee0110da125de12028ac9bf67d1915bd52f142","nonce":"37d649d5002b2c68ebb68967","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"a0f6185be9e40c62cde23eff870f43ff7e213630dc04be225034225deaff05c426ea34ff9a2358380ec98985a3","nonce":"37d649d5002b2c68ebb68958","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"d37b23d86408d7b17d5cc8a37afb6f7deb67a0a0aaa315972dd34a60fd778dde2fcc42d557579d2257417a8777","nonce":"37d649d5002b2c68ebb68959","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"697aff4f8ff3ec1a653dc7afb9a86028818f2bde50cd8a4ce7977cebcc36653c34215f3501f1d3e23af96bdcc5","nonce":"37d649d5002b2c68ebb6895a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"d9aea86878c9c15916e92bbb18ecf2659bf1fc8eb029ffedd4e9fe15ed1793bb3ae45c2fb069264b325c920ee0","nonce":"37d649d5002b2c68ebb6895b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"333e4d695a3bfaafd40f14bbf65ef401b04d3530e5d2fdfddf3a90ca5961a300238f191dbe1076832fe24ae976","nonce":"37d649d5002b2c68ebb6895c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"df50c23034adb98b4acb681a275e3321b145c759cf08f6fe0362188086f055dcd0ee11f5b8ddf27a6ff72a5483","nonce":"37d649d5002b2c68ebb6895d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"99764a7872dd86df27c99a4388cfbc5d1fa8048aad2c96e35b279791eeb51d59bdac3bcfd9704e502477632ba6","nonce":"37d649d5002b2c68ebb6895e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"8546123cd881e0c12db217adb6035207ffc394f545b5f6b4294f77828becc2c52991698a67f69aadf0909ee434","nonce":"37d649d5002b2c68ebb6895f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"c1143f67f79be7e7d869124bc80cbcbfeccb9ce25fd5a5fc5a4b41b359c74c40b9bba9f5acfeb33e527da0f42b","nonce":"37d649d5002b2c68ebb68950","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"c5135a593ffa8c4e5d892c8d937b9d0fcef980c894a6daa3032a9ca2542ffdbeffb6545f90fd9769704ce4f001","nonce":"37d649d5002b2c68ebb68951","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"02e04563666a7911b3361423569f64aa7041bc6adc3e59fac9f2f649a1bb30a6c67b8f20011da5a50c9ba7ea95","nonce":"37d649d5002b2c68ebb68952","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"bbc939a62798bc460d064d264180bf9913b8ade99ac32809cf6c065727abf7e7c06d29f3daeff59d167350170b","nonce":"37d649d5002b2c68ebb68953","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"8dfac6f217d6dbdaa500986b8f1666dfc32bd2b9fe5dc521cedcecf639895d48417b6e7a3514fe62b234c3d076","nonce":"37d649d5002b2c68ebb68954","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"d9477f10502dcc789a0a522427410ecf66253d2d3b1aed5c20906424f60451a4b00d72c15da59d411f902a2aca","nonce":"37d649d5002b2c68ebb68955","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"345a07df577749f5f89930b5da94e3754c1560a44ac68ce1b253ac52d8cda497fa877839e4837d5ec76ae95bcd","nonce":"37d649d5002b2c68ebb68956","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"5bbcf3ba0b78ea768aeb0b9a3d1a1c79d6956bf67fe7f444ceb9601d0550d93bd46bb697e53eca86d032ff7b0f","nonce":"37d649d5002b2c68ebb68957","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"3ed1f30a1bc6aa96c7b89110ca0dca227317fab4d31092051e970b238c3de8c320d216f4122f0238eea1eb17dd","nonce":"37d649d5002b2c68ebb68948","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"1857e92548d50c8f88b437d5635539b5f95fb27d3d9fafe1e3cb3ec8265138f807a9feb2ce1c362e976254eb36","nonce":"37d649d5002b2c68ebb68949","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"58e51faf3c74f813bd92e03b8174df6f03bd8312e9ad68f3a8af4aa6cae2eea7dcd7b0d1f9b17947fff691e623","nonce":"37d649d5002b2c68ebb6894a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"4914dd5089fb85d93c4db1b1a6f125969a55f4c1be99506abfb16bb26e5011148658f5949fa721ee51992d69be","nonce":"37d649d5002b2c68ebb6894b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"2c04b1c53922a78bbaf4a99ef7bf7f49bc47d39baaf087158b76787f68b003337f87dda40d7635d73ebb4b67a6","nonce":"37d649d5002b2c68ebb6894c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"4c94768635a218c0040a800eb670255b773bbaeedfb4376ac558e5018a2d54680dffb411bd9ef4eb7097da039e","nonce":"37d649d5002b2c68ebb6894d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"7b4a78e93f19785d740694a078a619f0aefd0823be654fc2c36e2eba0ab39a0063efbbc44e3d52eddf85e7ec5e","nonce":"37d649d5002b2c68ebb6894e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"3b6656f98fedca96fd934fd37f3fbc42e8a4a6520ae048dc1e5b8b9b304842433e07c1a004fb1b9cb41a0d984f","nonce":"37d649d5002b2c68ebb6894f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"a171b436a7e348b04d2d936ef66b89acd3a5ce7d6409802d3de7fb6b1c30134b8948e1c24743a5f23311ff3f87","nonce":"37d649d5002b2c68ebb68940","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"769d4f5f0ed644741b3dc400480349feaa558f58fc44c3f81484cc1ec0a6eda15fb22d8b137ad2f9bc14f903c1","nonce":"37d649d5002b2c68ebb68941","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"31a3b1824b6d64904d39e3ab717d2803b2d4ddc63860542c49946e915cb9065376541df750b0a0d4cc57f4e117","nonce":"37d649d5002b2c68ebb68942","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"43256b1348a66195fd9510f15a0f2c125dfbdac73bb36464624b3957e2847ff4fe4dd9651cdc48a0c1e1696b0e","nonce":"37d649d5002b2c68ebb68943","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"e528962456e3af3db1a623354bdac454ddec27752ab1b9e392104add78fe76853d82e5a58b2196b6b6b7fb649e","nonce":"37d649d5002b2c68ebb68944","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"727eae38d37ac2986d143daf61c34111266f51d8025551265a1253602d49eaa23b559d125351e4c86e93ab3138","nonce":"37d649d5002b2c68ebb68945","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"f37ab2d6fac5476f2b1015cbb6a942e7848d1f1955a95cd396e3746892cc5437339203c9c423190dcec22f3f39","nonce":"37d649d5002b2c68ebb68946","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"5c77cff7a8fd462abc4348c6d004e79c35354a23a043de4f64ba356ae94d2874b610a7a6d47fca9ee7e76ad636","nonce":"37d649d5002b2c68ebb68947","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"a76792233f7a6a77b0cb8d2e12f247fc61442907c97195d72c45f0565c5dede7b90aaf0ebce9ac4e32b416257a","nonce":"37d649d5002b2c68ebb688b8","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"de509982313c15ffccec8b2b1193632093319d6603f35942f166d025cb687d39"},{"exporter_context":"00","L":32,"exported_value":"e4d41b307b5ee49b7da8fdb01f1c19c556ce35e90961d8c1dfa36dcbc5da65f7"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"67fd7c5a4cbf7d12f3f92876913a46578b9cdbca4f8031f61c11424991c20ef5"}]},{"mode":2,"kem_id":16,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"86053562bf3f5a220a3c61223cd56c4113767d544dcceeff502dcb1edb7e9a1b","ikmS":"4dbd9880a4cc23a1d49d79294169bd955871bff49d80551c1fbb907868e106f1","ikmE":"56d3c2f1cf5e24599ec7bcd4132213f2e459b04236083cc10f1f5bac63263e47","skRm":"fa7e84221081c521fcae967681ec5e3f657306e846c926379024f34b07d41ae1","skSm":"d4b47742dc88c21a27e7e21486aefbbecd5de72ae85a3c03d65b15931a2e2a0c","skEm":"2b6ea1342943b50473e43a5204b7a7eec0d411fd749c3aa2a235852b91d89610","pkRm":"043ebb4a2ee7a6d228f11c71f02dd3cf66698e61216691a3baaa6e8f9a7bd50b179a72a62056124797e2580b4fb81856f339bfc674d62feb7559e249629aace4ea","pkSm":"041863c08ca8b01735bb2514f4f38ab8e505873b2f2a706a1b8b76cba95c1589f67618688bea6b5f2cb001f0d4cee7deb72f4102b8bb0095a3a466a65817c5d4f1","pkEm":"049fafd3c13356c526754bf9ac57d2875fb04814ff0feb446b1fd6dcf0bbd99c99bd2a362ac625e10659e199336f906acd7e42955f907f8ec80941d9cd76e009f7","enc":"049fafd3c13356c526754bf9ac57d2875fb04814ff0feb446b1fd6dcf0bbd99c99bd2a362ac625e10659e199336f906acd7e42955f907f8ec80941d9cd76e009f7","shared_secret":"646e82a31c200d31ee3f4d6716fd4a1706b3fe94ccac9bb01a2cc602f04c2428","key_schedule_context":"02bc71466af15b2cc51961c551d1c006f9dbdda3be795ccbb980f169ea6fb31003474b10dc797383ffb0325aff5f75701a7bfd781c6298a5637f7a8fa2e6b5f624ef4b8a36b914c26820d53e83a9dfb742c7811a526e9dcfb2f19f895c68c80dd54c6e836af7133e4b89418b17bdf4c1d32445ee0bc0f40063a0dfc0e0913cc37f","secret":"dc1446b88da34200095d59094044cf1e84f6c78cf1ac0f5d342b48df81be1d1ef698e1707fa56bb083f4a598ca7dfcea50996ff8f9b0185a98ea7a1e1411ac4c","key":"5c0e0156d0118f8c8565550c9af908af1377736a6266d34cca42c6f97a8a70ef","base_nonce":"862a93b766411f32b0e10f78","exporter_secret":"3df3a047627d05fa1b0de290be6f87316d8da529be9f102ca8f1abd8e78e43135fe0fbf6d74eeb9614ac11cc7b4168d8ef2f54a1123fdf87c27523811cdf7b8d","encryptions":[{"aad":"436f756e742d30","ct":"b5ff8ee759239c6fa1810740c971bc35c708bc02901a0629e7bcbc4d69754629229cfb9fe95e70b8a82430ba6d","nonce":"862a93b766411f32b0e10f78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"9d773536b918214682b85828ac1feafa941e944668021f95f5ae20e19cf4949b86d94292def9004f513ea300eb","nonce":"862a93b766411f32b0e10f79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"5b741704fd3306322b2a1a1044f199113976c653d52fb70edac688f9e1979faafdbe517aa3165539c710f0250a","nonce":"862a93b766411f32b0e10f7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"0bf7acfaf2eae895f06383c0f5fd59b1d9078f7f0c5e1ba0ce7b80b40b2f749d5ba7cd60636dda18f558d7ca6d","nonce":"862a93b766411f32b0e10f7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"c208aeb4334d797f094aca8021c5cfdf95cfa170cba380017d2093ec2119b149d7e7ad41d740bfaf37e8c65e51","nonce":"862a93b766411f32b0e10f7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"aeaaa575f63281a2d774ab14f7c25d1c275a143b9e36f34b37d5af56fa20315558282275ce4732218992c34048","nonce":"862a93b766411f32b0e10f7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"924225b9eeae158706e0f02934750e845eaad8cf585a838b8ab6360ece325c1e9237aecbb10f43ae5dd8c8d876","nonce":"862a93b766411f32b0e10f7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"978c181a4cbfbb02aae0b54d833381644582d5c376f468330334d0334654f5ec82807a9cac03bd0c48cb18d87d","nonce":"862a93b766411f32b0e10f7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"9bcdeffec8a85efc39ca87a52348083afdf4009d1fb7c3f9ea83731587557406ed274c35f06c2b89a68b839308","nonce":"862a93b766411f32b0e10f70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"a1f80506a5f92af9d5fee4a8b54215460d3c17a214e679355e55ba5ba2624df4978a68e3a8150bcbb96205a13a","nonce":"862a93b766411f32b0e10f71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"f3710c271a7467fb3fa604d180691ea147577d49d0caf4464e6e77fc0a6ce99a21bf26de9645b8495d0be8cb5d","nonce":"862a93b766411f32b0e10f72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"f4821fc4afe0f51618f5142e1b3f8fbf09b0d25e27039da824016d9adf049d0bfbbefb0afd26c96a09624bd91e","nonce":"862a93b766411f32b0e10f73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"81824e9e3643a353b30eb644889abc158c2b49c10509095d50c49788eb91d2e6a30da1f82124ad5ff056d638e9","nonce":"862a93b766411f32b0e10f74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"12e680b40d06a70dd4a24b1b42ea2e58b933a1bd90d7027d79de7c0107efec29dc71e191fd21c079efdff7956c","nonce":"862a93b766411f32b0e10f75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"858d8875f89c4e26ecf48cea2f6aa3a9e59b8a870310be595925b39df660db16342449d1fcb658357c6384a45a","nonce":"862a93b766411f32b0e10f76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"3f5fb11afe9b09fd24c792eb630d5dac4e0fd233d538cca993f67926553d99eb389012e5840d82050368c1ad83","nonce":"862a93b766411f32b0e10f77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"6c7f0f3f7501b6652993f2c7b1ad5699a457787048dd27aea78541152edcff7f075d9df10062f157371b171e92","nonce":"862a93b766411f32b0e10f68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"bfc82b95fe7ee5531274f8f075599c89951d6b158cd7f49405bebf56f19d70d50c7d64b8990aec2f77f20cbe3a","nonce":"862a93b766411f32b0e10f69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"460a941b8489fd5352d34a5601c64d17d10873a97a21a3532ba50fd6d7b75fd79a7d8ee646d75bceb205a1fd1c","nonce":"862a93b766411f32b0e10f6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"9cbdbdad4fa7ea244dd578625082e96992906c3d1cbfcda7f7ca62e4dc7165660c5be211714a7cf4a98f5c7766","nonce":"862a93b766411f32b0e10f6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"cd64ae56d46120909a3c634e462b6779bf58f5e7fe36b08045515cddcda35565678df8273df4336f33e37bc2c2","nonce":"862a93b766411f32b0e10f6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"f706b6652158b1761fde24d9a186783a33c0470a725c928446417bd6e8592918c0f654f561bc61ae872d961483","nonce":"862a93b766411f32b0e10f6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"4e0986b01f883aa841ffb23630a29de66b0c75e665e62208f8d7ac936f772d31a57f584653bbe4f7df36587355","nonce":"862a93b766411f32b0e10f6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"b43857b8476fa5a7c813919e205ce99ca12d8f6c17dc95a6f046eb3db7190532cc7e252b51ae4354e54a883993","nonce":"862a93b766411f32b0e10f6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"8995191ae9255ec131b3fdde5e7b8aebd7387225be05753c5ed20df79276afd677952540881bfb72cbab073dde","nonce":"862a93b766411f32b0e10f60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"a50bb916f185204ab6ad3b496dd716306696220785f5b2e0040b7b032d51a3c9bec1700e01e8472fbb72a73e1d","nonce":"862a93b766411f32b0e10f61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"0cdaeb1460507a6487d71f0b726be9b04a696faa594dd987c06cf900665fcdd7230cf2fd92c0b11de843370caf","nonce":"862a93b766411f32b0e10f62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"ee8ee581ff54ab096e1c6572f57bdecd4ad934a276ff9d9aadd98298f9f2f1b7efa1a1251060db84a27d262209","nonce":"862a93b766411f32b0e10f63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"ec0873b43318a14ed641b7e929b789de501301ab12c760dafcf3cffd8fd894741acb50371fdfeff9324d9f9e8d","nonce":"862a93b766411f32b0e10f64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"97243bc53e0afd3f698a65ac84ec74e8bcfd66b3bb0b45ea0ba4032009870383827d9af3bd69df941b3532f6e7","nonce":"862a93b766411f32b0e10f65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"b1997d3bddc68387d60ed6378a79e080146daac49a77f8c836bea1b811975197bd00f60533f9c888df5cd779da","nonce":"862a93b766411f32b0e10f66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"340ba88be186a91eb8efc154b4aecb70711522481cb960ed692abc9241d4863356b8cde5c3706ef578fa9766d8","nonce":"862a93b766411f32b0e10f67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"6955a9bf37f58a142cc381ac35da5b477c292bdda5b8525ac7789c9fdd87d6470b5d59e2d777f2c0c677e4224e","nonce":"862a93b766411f32b0e10f58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"2177a227058a1aad874843e19803c8b7d4d2ac791e835faf353058400b3a4028c876f34b7f299b9a844511f9b3","nonce":"862a93b766411f32b0e10f59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"a5ba664811aea7c29e1665556457c20988fc2eb4d627492fb31fa88ffbdc44549787ce84ef230286c8a6c7e486","nonce":"862a93b766411f32b0e10f5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"25435676232a191d66face7c564a1b803c02b48f7663d58de752a0d1a281c89aec386406549342c3312e32db53","nonce":"862a93b766411f32b0e10f5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"4d38c62218917b5168b1e69697a527180c6c59d7ad2f4d39bdd996480cc257cb9efe86b27b9a2224f987641468","nonce":"862a93b766411f32b0e10f5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"ad4d29ef887b223ea147bacd5c8706660ee99f130242dc07d09e8d2fb88b3f30c779b603ac0d15a0cbd50a5aa0","nonce":"862a93b766411f32b0e10f5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"af19179b0e950be6052807e4f34e1fa1e474fb7a1f2491330343a47da477499a24658f700f1500c7909ddaa2f6","nonce":"862a93b766411f32b0e10f5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"09532b9362e0c97f27c733564e4390435086c8408d8ff7827900ae514bbb7a775ea425dbfd892022d51ae53f79","nonce":"862a93b766411f32b0e10f5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"3bd09782e21d282ab1b0f307080d947059a108e6beaadf12468face766026d2fa39677b87c1026524289430887","nonce":"862a93b766411f32b0e10f50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"f94312955ba715e9c8ac64ec50843b3dc737d84da824dc7f1883a66e5e0c024456c504bc47c11fc93b7bb8df0c","nonce":"862a93b766411f32b0e10f51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"a34fe607ec8b913515c60cfeafcab2866c9f58ce271a705712a17e7a145cc58972e1e31d464c900c58eaf5bd14","nonce":"862a93b766411f32b0e10f52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"25549adc22eea23ed6f96ec5347471c11a3643d4defb36b35486aa47effeae5d268be3a9d3854add8b3d8629a5","nonce":"862a93b766411f32b0e10f53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"23d94730ea2f546b07282d1387a52f81da47f1ef67e565dd729025de867960afc5207ff9bf893d887e0f931031","nonce":"862a93b766411f32b0e10f54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"d93a7812af8cc40d2324dbffff28dfeb2a6c5ce7588ee14ecbcdbaf149f0d450b508978cc68fb1baefbb9404f6","nonce":"862a93b766411f32b0e10f55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"bf9921bf11e896532fe9829b72d7c7d2d9626ef0fff018a4c3613d0d42432e2ab22b2a6bd6f33b720a6a733189","nonce":"862a93b766411f32b0e10f56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"1ef49afd9f320d1b68081b443a51051d80858596af6062f165c898e84abfe8c045136ba52ad3ad2f26405ab771","nonce":"862a93b766411f32b0e10f57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"f08c1c427aea69e2686968793a7b72f6abd4b06724a033234fcfa65920afea2de4b2f1667256bce417c3bc1763","nonce":"862a93b766411f32b0e10f48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"713e7d7c920bf7fde55d0a1860fd28af1404f9a56ce7ead5448c69a93754bdce0d23ab1ff7551b7de6fd78a646","nonce":"862a93b766411f32b0e10f49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"e1b5acda614bb4f3d67c587d48fd834136603b40063804716bb258abcb1139494de155ab768f4511fde65144c4","nonce":"862a93b766411f32b0e10f4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"39e314b45996c49d94e12525e44844f86a20b2c62218863fb2259e41a38ec4cb1908b2a4859ead48dc0f896ec1","nonce":"862a93b766411f32b0e10f4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"bdb9fd8ae474108105ccc91faf08bdd0959944fbebfbbb9ab3589398bf72a6b406acf5ac9305412b8e5b98cba5","nonce":"862a93b766411f32b0e10f4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"869b56d6b3a914e7163a078106a540c6836bf1742f1a82770b73c5a0a9e3dd0135b9a9c919ef26ca44413c99e9","nonce":"862a93b766411f32b0e10f4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"90a364bb53e6127a9c27a2615fb55ffe57fcf0ae2bf05d964891019a42b2fc5c04582859032adfa718a8850e03","nonce":"862a93b766411f32b0e10f4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"cff0b7d372fb96c0c6a67bd4c4e0329d05cbbd09e32ac805804bd93424792bc6cb4d80e4227b33adbcd7432433","nonce":"862a93b766411f32b0e10f4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"d7a47e0743b99445f171899073dbba562de186790b73f180920d6152d6c39c0ca4f2bd1ca1230fc11081b003f4","nonce":"862a93b766411f32b0e10f40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"08de656176e5aed9cc0debe9bdd7e6cc8ba9d6a6af3513a229e4ab5ebd33b918fe4b7b419083b9046e2f5295e8","nonce":"862a93b766411f32b0e10f41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"32317f0593709531c5a385a8918766f9a21db9896b8c809c4151d61918fa21766f840e39e59c2dfe1d1d463e1b","nonce":"862a93b766411f32b0e10f42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"fd45fdbd52a82c561e6975346af32e3952a0be38d37069d70e2deca638e18c258eb800957ff867745fdc17f1a8","nonce":"862a93b766411f32b0e10f43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"ba87ac0f108d5ba7031cf55503e419bf03264a4e8eb3a8fc6bf165574e7939742ea8b2cd90bb102e845d20f702","nonce":"862a93b766411f32b0e10f44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"6c34060b12e5b51d0b2fa9273d531faa7a392357df45d71fae0ea003b2d917921f30baefd91d337d7e8ddd0f01","nonce":"862a93b766411f32b0e10f45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"47121f287e132fb82cef5e82cc2b5410d0af0267480d065a24abdabb72c7494c2f0b7150e31de34a027ba713f8","nonce":"862a93b766411f32b0e10f46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"21b8e99ffd63692f9fbed489119bb9d1538067536842430a1454f5c70ca086bee3045506d0f3e95f575b3613b4","nonce":"862a93b766411f32b0e10f47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"cf8e535ed339b5eaa51c6eea85701ae86ff43b17f8f0ca6d709fc68d5921c4c0bf627bf78cfd4df7ed49460fbe","nonce":"862a93b766411f32b0e10f38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"1b22f1e967cbed27d4c426b6c460ae74e6027230f5b80a214437626d796216c728276ac6399dda2f31ace0068b","nonce":"862a93b766411f32b0e10f39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"572ae1c967bd15f72344d8bd7e4ec049e9c0606dbeaddbcd40d1e5a33327a5fce7a2eb1bf3ebfdb1ded448fb40","nonce":"862a93b766411f32b0e10f3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"8f8eb2eec438c7af3c818478a4794a44ab8025b5fb4ff4ee3ef176a922a3d37c60303d975f19a1ea5b91712f55","nonce":"862a93b766411f32b0e10f3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"c9495c20b19eb6f139e6f4979a177ad61ea32cda06b85dacb9dab52e4693463f2df4509ab4891c02ab3e2e1243","nonce":"862a93b766411f32b0e10f3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"e9744bdb5af0b8c8d84e4a36ec95dc091c7204a282c925a0677e37cfe1ef7c5b57d5e6aab68c5e030ef55b8d9f","nonce":"862a93b766411f32b0e10f3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"75f23afcb5af70cf6cb38dc1abc81628995cf9e3fe339118e5d2a0895425e393f85eda5e5eb86e7175163860e3","nonce":"862a93b766411f32b0e10f3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"c986b8c967ac174123ebfa0c5f9634e03a47ed59b52016cf870d7886caf52f590c9b961d92882f1aa765f57b10","nonce":"862a93b766411f32b0e10f3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"93eab19519d3e58d33a5a39d000937a54494d119cca58f40a7e672e88d0e82f8ffc1b6c784d255e45ba04fcdce","nonce":"862a93b766411f32b0e10f30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"922c1a4fb461683ec9549e8fd0afce10ae2ab090b0f6bfc92f08eb24b48e4c157185f0e80dbc07544823ff36c2","nonce":"862a93b766411f32b0e10f31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"638b4264fde606b75e9cae076d92e39c6599e98975fcb4ba9ded673b33b57badf41d4bf44d61d5902642601c02","nonce":"862a93b766411f32b0e10f32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"379d6f8196c083c6e62180bf699a830da4bd604654dc25527f1be95fd2f981cc1ba48876871b81f4d4b228c726","nonce":"862a93b766411f32b0e10f33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"6389d32dde9e475662b743c30a43cad45ffa05e45933a84e7b2ce339cfb8089fb8eb3485712942ff164f7ec6e8","nonce":"862a93b766411f32b0e10f34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"0d1fed07bbe7e700beb50c58df1fc449d58d3bb8e8d283eab09f661d93170f8d64e56457348cbb4dee510336f4","nonce":"862a93b766411f32b0e10f35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"6a9de87890438fed6598721cce5946fa39181a3c515c3b39aa855fbb57bcbe066689a6c3933d8ed1865fb7ddd6","nonce":"862a93b766411f32b0e10f36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"8a2a1e8fcc27bf986f7137aace9f9ad2e430088f528cf846bd368fca9a820ad7b75ba65a22826a0dfa4192063f","nonce":"862a93b766411f32b0e10f37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"33737d0af57743386532b089afcc0356696f0f47fb9bbdaccfb95ff9d4fbf203d7dbe549510e88e1066f135eaf","nonce":"862a93b766411f32b0e10f28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"de5efb8be59edb1ed29bbfb49932f3989e10847b0cdd2d4f1afde5e873b3bc59a514e035709709dfcb67e193fb","nonce":"862a93b766411f32b0e10f29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"6e22ce2167029d60c0c9367707ffa54dc0c5f720eae248f9399f8521eaa1465b52d0934a9d9b970c5431120436","nonce":"862a93b766411f32b0e10f2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"34a67edf7b383a29d16b5fea7d77613de22c8c0ae88af015d443784b0b5b84badff0902bbf7e90416ab1f0bd32","nonce":"862a93b766411f32b0e10f2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"c3380b1d09695f008727af931382b4cd82b924f34028c612a973543250aa861c7fa7e555dfa82930373ef7d4a3","nonce":"862a93b766411f32b0e10f2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"66d0a242ae8fcd137abc0fca99c8e4cb0e602fa361778ac23ff803da3cad5e69c198a893d1636628de7292b0c8","nonce":"862a93b766411f32b0e10f2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"844f6947b347d1c74e713370199b15f90370633a554bdd13a876325dacf5186a25167087be091596401e612877","nonce":"862a93b766411f32b0e10f2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"f097bd94a558180a3328e32e5b1fd1acbbca7dda974d0c4c3cc7553046746db3a6b9569a22518507230d588a43","nonce":"862a93b766411f32b0e10f2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"f08012319f52235402cbc51e3db3c10e752dd5a2b1dbfc83cb11acfb03fcea2d2954056cb054935f44056c88aa","nonce":"862a93b766411f32b0e10f20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"638a53e20840cf8d0d64213469c820cb7c91b17f70360899235b2aca40fba7775937b370d536479a98b07a445d","nonce":"862a93b766411f32b0e10f21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"8196b8639069e07f0bd82b855a467d585a7676a02c6bc45bedcff469c688b84b54b5ee0cd2eaf76e17b0c3e414","nonce":"862a93b766411f32b0e10f22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"74f5e97ddcf5869b9a174fbee3dc05b4cb6430ccf34e4d479bf2a84812ccced62078747ff47ed1cd537a9b4d89","nonce":"862a93b766411f32b0e10f23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"50aafa7b4756409d40db96ac764f7daf4fe5587f74220de856ffec531daf217decc06ab10f1595e8e68b54d2b4","nonce":"862a93b766411f32b0e10f24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"7308915ab4af65394f1fe2e45e03031664e18f6dfe139894826320dfe0331a23981350ac6f0e1d795a7b836e97","nonce":"862a93b766411f32b0e10f25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"181902c889188a8a36f44bf38ab6f2c8b2a5712b78a234ef1b848a9860eba2c137988a341acd9dad82b2ae1215","nonce":"862a93b766411f32b0e10f26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"6c9356763bbdfff678c5978cafea00e93f00444a26bd9ddef6949ec7594db0bbe83cca3e45bb764795510582cc","nonce":"862a93b766411f32b0e10f27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"0a657fa37980e5522833571008e969bffb1a586718e150aa4f4a68a5b9e19dbbb4aa6a48fd975baaa94b148451","nonce":"862a93b766411f32b0e10f18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"9e884a82d806090781a2921a5d42245a42b7999d418b75d725c88468a36206f13aae3a7664a8f23abcd14a0dbd","nonce":"862a93b766411f32b0e10f19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"fc6398065ccfbe26a4c9b8d25242d2b942c518f225c2ecef484b6006e0e475aacbb491185e12f552a55fe6dfa1","nonce":"862a93b766411f32b0e10f1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"48967d34af70085f9ba56064fddc9952fabd4d12caaa82ffeac4fac4bdde1cafa913b266e040a2e7224dc7a799","nonce":"862a93b766411f32b0e10f1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"0323987b6119385c46bff34319c13d8eb824bc69f2f7c6edb108c6393053bef1d78f3328793d86b94bc1f8baf1","nonce":"862a93b766411f32b0e10f1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"62d161cea065fbb27836554039cab1e95173c07578ca566b038b83479ddb0f7047ed81fb694529ef67e942e497","nonce":"862a93b766411f32b0e10f1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"286c58f0e52f367812f272208e6e69eecb04fc68d2709d9a4584ad0d492a03939f4d9aba44fdfb4c18965e45bd","nonce":"862a93b766411f32b0e10f1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"2f1767aed2c39a458c081c3849faec4b605381c0131446199cebd0cfc8b4da71cf7599792a2e371f3c52b8592d","nonce":"862a93b766411f32b0e10f1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"90d14c8fa3bebd9f0047255fd330d4ab23ac2ce6c01d0b6a20eec3f7dc4b94434e87ffb8b5963713334de59473","nonce":"862a93b766411f32b0e10f10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"495fc675577ddda4caf84d229de839cc3e940f1c2b04033f0aacb98f38cdc3f4ba3f8aac1ad1f35b6be0cdc8bc","nonce":"862a93b766411f32b0e10f11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"bbdccc6aaf70772985df35e27ff0256afa5c0bd7dfa32862e9342e85ab0e1c3b4227019154189d2df9d7426425","nonce":"862a93b766411f32b0e10f12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"49b9d0576af3a8fc01558d8ffb74e25f4fe967bd19b73d0474ca05f245dcb60b6ae5819e656729d67623a30db7","nonce":"862a93b766411f32b0e10f13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"f1614d3f4661e54a99fe2bc9a717ba7e3ea2b12e2c163d5700b3b42abbfad90703b4b8e0426b4aba9f4f27055e","nonce":"862a93b766411f32b0e10f14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"ba2e738a763e92dc23074e49c61659f547597aaef33b346e91ab58ab61861626ba5c84ea8962eaf4187608a5e3","nonce":"862a93b766411f32b0e10f15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"038800025b4838343532d051017abd4f73dbd1b1554b3eb551824d9659a665d415b5ab777eb30989212fbb3049","nonce":"862a93b766411f32b0e10f16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"de0786696fc3c692cba5f5b8adabfebb502308dc9a6e0335860e912b39de6d6cba2f90c8ec68f21970a2274f25","nonce":"862a93b766411f32b0e10f17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"8d2a6b56ae62e8c74ce8277e58449aaf96118b5bcad7c3723b6a79d02fc236bcb657d6065c4ea5bb6fcc38ffca","nonce":"862a93b766411f32b0e10f08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"4288b6f74cf206ec79dd2605db8a3a5d506e34a5e17e0503b58549e63496870ed2d52ec7b7066e5e69346bcd8f","nonce":"862a93b766411f32b0e10f09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"6b677a0fb5a72f6fb6353fbf1e1c6dc947734c195a1fc03d1457afd3023b803828061a2dffbd50ab29dc97e259","nonce":"862a93b766411f32b0e10f0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"ad375a68f81049ea7296e4c8313412501b14dec1ab5b67139499c94ebbefed58de2f08cdac0859ef51d2b9b20f","nonce":"862a93b766411f32b0e10f0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"9ce035eac32b05925260cdf7555ce917c12d5c9240894bc5046613a6014180adc9063cfef97d9338afe3fc75d7","nonce":"862a93b766411f32b0e10f0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"0adf4f22f50817675805b159d5d275b7e52772bd08125ca31eeebff10d901eee579e20ec0c837973a3b68ae6e2","nonce":"862a93b766411f32b0e10f0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"61281e7fb91323698932dbfd89532289ede59ba2dd566f70aa18d814eb5ffc782ad1add5397a5388d2ca29775f","nonce":"862a93b766411f32b0e10f0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"2f70ae39877ca6ff0925c9917c14562332d52b9753ca7ec1035426f6f5155554f0acca9e0e42d494b05e669716","nonce":"862a93b766411f32b0e10f0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"6103856cc57b4a623f30b28fdba4d0f71c9d8d1045463e1f6bb2dba7693abf12f9c1afb843eaf5cd1ad74dc671","nonce":"862a93b766411f32b0e10f00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"bb370cc49cd64ce53192f3b2c586b138afab9dd3f4f3d23ac4c5209042c1cd6b921717802ca89cc2d59a5c614d","nonce":"862a93b766411f32b0e10f01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"092889ff1d60921b42da8d80f46c35bd8ae2812f895e938f9ff367b3bb75570e7d763a27b3b790bd06956f81b2","nonce":"862a93b766411f32b0e10f02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"ba7e7eb0a15e52860ce888939e8d7852cae8ea71802728db732e005e087b8080ade07fe8878c05f50159837609","nonce":"862a93b766411f32b0e10f03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"5e7f7bd8c42e8155d5f7bc2800a091f37ecca42ae2b143c3087a542ce42d61da3f9c5bc43d7896ff25d310871b","nonce":"862a93b766411f32b0e10f04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"31f968a0f23d8b01546b5bfbf19c66a1795608ad48e38083758044ce04d911618de68285d366b9e03eb176b9a0","nonce":"862a93b766411f32b0e10f05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"ddc3ff8c896f0d47e15b5ed1d0ff1186bdd71940dc731f1efb917c741d5cee8474a4546416f638288dd452894f","nonce":"862a93b766411f32b0e10f06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"9dbd549852ba6378be1570fd2823e8ceb727270086ff2573138e7c76282bb4f04e0ad9298afe31f3b86c7aee69","nonce":"862a93b766411f32b0e10f07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"38f81dc1ab742c0f1b390b41e99a81e87b55d4369688d627f3cfc0f81ac0d4be2a8465708262bd43785bf74ae0","nonce":"862a93b766411f32b0e10ff8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"7f4189c1030b3c601399193ef1164150256471ac1a1cf542a186d40152e1bb395eb08d43f82ce95519aa47e798","nonce":"862a93b766411f32b0e10ff9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"b073ce80493c05368f018261b58b449ee737bbc6685d9c21bb55ce4f5c3bb4fa3b9fe106cc373cbdd72f39c8ff","nonce":"862a93b766411f32b0e10ffa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"dd20f1700338197873b2f6529de273ae0a88d2c69cd16f013ea5447d9dc1f64bdef49dce4d9bd8f70cc9e31f0e","nonce":"862a93b766411f32b0e10ffb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"35c0b86ca2e17a23d48808035de1d2baaf4769c8368fc17bdec7f1895606d94b7078073602d1c377cdafa3f500","nonce":"862a93b766411f32b0e10ffc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"cfd8c074d623cb6e83b1a65b40f9c82d98a95ca2439d7cb30dd0e8609d9b83beeab1ada4c7c2075348155ab42a","nonce":"862a93b766411f32b0e10ffd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"3e1834c61c3a540e7ff2c6cb7fcf721fe2e0b57baac89758e8dc1bbc6cfc5f2aa59cbb9a8acf562360dfac5e6b","nonce":"862a93b766411f32b0e10ffe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"d38dc1535e5505e9c3bc5b8b1bd4ba986c25e96286fdc700cb42ce2675833d43133bda21a77ba0faab40225449","nonce":"862a93b766411f32b0e10fff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"9e4ecac779bf5f18a07d35c269104c6fc963bc8b5d3c4b926f2b8220d74d72116a1d28a4d1822329f290682e32","nonce":"862a93b766411f32b0e10ff0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"24026220ea00d03b75fc63b7e1ac6bfe2f7112d71280e99454e1957066a6590c74e383f863dc5bec9a82c3dfc8","nonce":"862a93b766411f32b0e10ff1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"a7b964d8b6f63320ab742bb56ebeb36ea62e7cd16b63663c0e501243e90ca743bafcc1d404a8edde8c1ba79044","nonce":"862a93b766411f32b0e10ff2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"5b7f72c768765b5add10f97d29e1677396293c8c1a01da9b3151148e5e475ecbd9da7b71fb7476f890b981df52","nonce":"862a93b766411f32b0e10ff3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"3bd93d0f1711ae37ca769cd9520d41eb38cfb4d52198dd36430dc70eae7076ed56d6de619c5e8bbc57c6d5ff5b","nonce":"862a93b766411f32b0e10ff4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"9acf8d271b83fb9d0bb307d8ca65dea28c1911d55593c46e87802d6bb46aeb3fdac6841023ae0a9c881b4385f5","nonce":"862a93b766411f32b0e10ff5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"40fda5ada857e8210f576b9a9b89e17cf1e3db36cba77fbfdd34848e622128471fef55d76405bd09297758f41d","nonce":"862a93b766411f32b0e10ff6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"1a5903558b3759532d69e18e3f6d65ceb72b1f1a87d2e615544801f12b45154b972772655effbae1191710f76c","nonce":"862a93b766411f32b0e10ff7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"3fd0b58d1958cf675629bb60daddbd5f39537b47515df5ce13cb2331c73e345ac90cc21392cb2f181f7403eabb","nonce":"862a93b766411f32b0e10fe8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"d358c043537fda8755925820c693e35a634f5f26407acb0ee49a3d1cd3942a0b59e14a5b6f1b1918e85af4e768","nonce":"862a93b766411f32b0e10fe9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"d427e3499e49b7c3c4a4543fd60f647ea475eef2beef9bd79e0fff20e4610519c3f38936abce50b46bc59b1db4","nonce":"862a93b766411f32b0e10fea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"b270ac6cf5b4d8a2e9b78337e80b54f83eab2e4da51adbff92dd8c3b2329a628926f3a85266749d0bed47296d9","nonce":"862a93b766411f32b0e10feb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"0a1ba4ea0bd425a095566bc1ddf34cd482b6fc0df83619768d3e141f248eae84d4f1e80f9d8f46bc23d67198b1","nonce":"862a93b766411f32b0e10fec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"941059aa68ff8a5b916307dd0d34e8107c4d1975806ab749eb8dfb22e50f53d332b5bee919ca54c21ae07d63dc","nonce":"862a93b766411f32b0e10fed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"451ef72a932f2921f2680419daa0aa07019adbc7e516ac9a8d097183ce8b87ef1ad1ef60eee8941944a0c1d8b8","nonce":"862a93b766411f32b0e10fee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"8f74164ad2bafeb365b3628318fe1e1b610e27c5633c56d3017e930a8d9810ddfe2ef8b98f70841e888df3fe54","nonce":"862a93b766411f32b0e10fef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"1e69343655efd74230313b83f61a0324fb64ddc13b4fa7710025f0c85f5bf22248204d2523d7d8070beb1cbf6f","nonce":"862a93b766411f32b0e10fe0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"a1a69fed139f0668c0eeb2dacbcb7d9b72aa7cce7c0a5b4a678740afa7cbb6a92011f1153c9a0a2bea02a995e4","nonce":"862a93b766411f32b0e10fe1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"572837619aed2c5f1b140a51a2ff23952672684dc3113aa9346c02e56a6f4d9cc51fba0c1d4f94fb5d8d3f4645","nonce":"862a93b766411f32b0e10fe2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"2ceb412dc2f6c7745d7d59bd3a449d48fb3e759536a178db61de144ff45fe864942fa73b45c5ab9af6a2d3d47e","nonce":"862a93b766411f32b0e10fe3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"78d4e6a64257740bbeb45fb919dfeb3799449623f45953d6237636f5a59c0b6e67b54c52768bae05d89d3d3392","nonce":"862a93b766411f32b0e10fe4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"54f958a6ee64fa05f4e27d0e3494f956f92d849870681798006cd35f48db32aa9c59ef6716d267780a906783d6","nonce":"862a93b766411f32b0e10fe5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"5936cad0cc35688c4d86fa995607be80f0051a33db6d9cade4a6c981098eab71d24edd0a9afab2bdcb59cd4248","nonce":"862a93b766411f32b0e10fe6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"f376ed7a014e4fe6f8797675c7dc9930bdda524671c75f258b1a2ffb97371a01ff5848b78de7fcbf93a86b9f91","nonce":"862a93b766411f32b0e10fe7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"542f62a77f24df1aea3915a4b8906c2804c8f7ae8e7c2ebbcd5c1b0ebe7ea9bbb39ffb3b28a0e3b3cc875b35df","nonce":"862a93b766411f32b0e10fd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"1d2a9cad5c3f24bbda6b835ace87c08c7fdbcaaa1812f356d9809abda422937a7bdcf80e6b36e9ba59560aeb9a","nonce":"862a93b766411f32b0e10fd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"6b456869a0791508f58108a427e60fad711734a062d2f1d1d6a44db303214edf443596b839a59efb86a3155716","nonce":"862a93b766411f32b0e10fda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"398c7e0ae0caec12fb57fc0079c0080ef806a64491ab8b77bca1a940ff20297a164b6e29adc75f7b1d258a6ea5","nonce":"862a93b766411f32b0e10fdb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"72975241c4eeb746ad6b7247d52d4eeccb17e3c6eb72ff2a43fa49102f166137dc884532c51c689340d4a993ce","nonce":"862a93b766411f32b0e10fdc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"6b8e01ffb895b57d67a8e047deb2676b6c7a91e342b9e4d29584a604fc9b5f409421017a624ad5d03890e0b987","nonce":"862a93b766411f32b0e10fdd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"7683bf2bde195cb141e8366913276ecf72674937772a7a1f045c155fe33a896cecd1f3a0b8f8574d001fbfc674","nonce":"862a93b766411f32b0e10fde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"a1f47d9ae29dfa826c14b7ac8917338193f7b2bbcdd085b493581d47b517a97b5bc4711912f90537e6b64358ee","nonce":"862a93b766411f32b0e10fdf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"071cd3ec28d45fda3cb044cff9b2fe8b6ed5f8ba27623f32ce18d209fec421adcd7d353e5d88ab121ac86e0121","nonce":"862a93b766411f32b0e10fd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"6811535e46161697e2eb3644ee1092c9eaf3369f0d841e83785b9f706b47c1566e5a389a803bd817393df87d53","nonce":"862a93b766411f32b0e10fd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"391b2d647f560e4acc25d95ba3db4cd4cae4f2a89b1faff7385ae962b8f41c5420bd734eb888800764398d78bc","nonce":"862a93b766411f32b0e10fd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"793435fb88009977aec9b4b8c682442da0da4f540eb2c2409f5703d92ed41ebe5e179b2cd08ac628ad5bfd3323","nonce":"862a93b766411f32b0e10fd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"4d28b2d1b5ac758faa2b410d8bc3bf0ae17d8495c191fdabf0770c78dcd488283a1fd43b5201b295e4d6e1bbcd","nonce":"862a93b766411f32b0e10fd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"43a76951cfc635bba6fdaff2e51dfb2aa20f6aadc90ada9c4b8ed2a05cb8dcadcb7d2c37c7c92d5b4007f3fded","nonce":"862a93b766411f32b0e10fd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"746ecc8ea13b99b13779a52ea311108aa922dd49a927f883c303e96c7bc7c5acd1d848f4296a9f67e72503c9dd","nonce":"862a93b766411f32b0e10fd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"2178182de1ba28f94527b25986cb7fe79c2c437ea03f36be5e73d95e2f19bd7d0787be2c9c54581ab8fa49fc69","nonce":"862a93b766411f32b0e10fd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"82329b8b6162e563b3b1b62d4f99e215cec18f073763e1e6d187c244784a3ed77926498af04beac5138395481a","nonce":"862a93b766411f32b0e10fc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"93fb327907e4f30d78e07cb5c1ab14973bf7b7ae9a905dcae431b0377946f4c58aa409edd3daf9aa14f1a3773b","nonce":"862a93b766411f32b0e10fc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"eef1cc19d291aef7343421c6268c5ab70e0fb58101d0c49cca9b427a03e87f00828db55eaf8a8fbe53708d5f8a","nonce":"862a93b766411f32b0e10fca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"7c6fd3a3d0bd8aeaaf7ceb0138a396315b1cddbce7d070d93a2055f8f6c73a9c17a12302df29b68abcd1eefbdb","nonce":"862a93b766411f32b0e10fcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"8d89e871641b94c86d2fe67857d7fb3f7943fd861591d42b7e8549ecdb286bfee725ed852757f821bd527e7177","nonce":"862a93b766411f32b0e10fcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"a9801caa4cda05e7cc82e795bce5d2e907502e305697973852be7d96c6f1a4f23906b5adce9a74c7a494096645","nonce":"862a93b766411f32b0e10fcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"09dcd49c1b9d5ce72c45f2661b1cd42734e794a934eb1a727bbf90c6a0d9dc0d9e7d8ba5dbcf80718117301221","nonce":"862a93b766411f32b0e10fce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"36fcff78c73340493e56975e14a7ff2924c316523a012ad5532763c801044b134b2118ff1d74676f48e60730c7","nonce":"862a93b766411f32b0e10fcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"4b3e7f8d4b466927f21314de9f0d8abdd4d90bfc0bbe5541c9cd775ec8c29a57b68829b46d1d75885e7b2c484e","nonce":"862a93b766411f32b0e10fc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"734da7a0bd95eba00d64541368b86b8ad5434092183bfdec2b4ecdda7ff3e6a19c85d4bb8f84ece98714a2838d","nonce":"862a93b766411f32b0e10fc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"81274608b2f1c8920cd3465d0ee109d5d5c8dbf60fc0461096a906273e3c5d611df47113f2122b612163837105","nonce":"862a93b766411f32b0e10fc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"8f7bbdb1b5461417e5c0d08ff425e6492b90428d272c2c44f0ef289ce2e5b5ab8af6c264a3325ebfbdbf959818","nonce":"862a93b766411f32b0e10fc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"4b11c5518aff925ce25739b4ea3fc0bb7d9a51dade7f86823d7d7caa9d2779b120a255b3815a4e7ef68838012e","nonce":"862a93b766411f32b0e10fc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"b431176669877eea3d21bfc33074315d04f4af9c50b9ae663752bce73737cb5502e85e07456f3234fd53d6218c","nonce":"862a93b766411f32b0e10fc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"6f1e5278a7be2437bab0203de44d48bef5699142213b37b463a1e0bae9aee3e2ebaab4b0dd6896e68325743fc5","nonce":"862a93b766411f32b0e10fc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"9078a4d23a317a3942dbef7c1915eb823d51e70dc8a9aa5f47ce6da927724a09a42b81a2bc82deeef36004a36e","nonce":"862a93b766411f32b0e10fc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"5ea07052f5368347907f6535607199075be60e3b7b34d79faae173a14b6b21fed95c2fa2ef7eddb7a9a8f00d97","nonce":"862a93b766411f32b0e10fb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"8296c0213113dd9f50a4baa170bcf9a914cff8ad8af83e8c5c6c9b401859f08e3543df44e6fd48e769c2c665b9","nonce":"862a93b766411f32b0e10fb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"281b82463fc113fc55e6c66df53066a924507a1946f94f2ce23fa921cb2c69b9323624bfaf638cd4eb6ca4913c","nonce":"862a93b766411f32b0e10fba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"2383997d755b46c46b013d8248c206a8abddd35243c2785c991a03f3937c1a545ea2e0a9a8f6c24132aca2411f","nonce":"862a93b766411f32b0e10fbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"56ce1e5eaf1462eda036f195daf63c843a40f7f2d86d8882f44d611ef6e2eeb1d514d1b127e876468e80dd0dd7","nonce":"862a93b766411f32b0e10fbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"146d81af5b1df9b5c37aa211bdb7893b9b85f25cff93965365232a2c323e9b1f006cd17481713fe53e3a567fc6","nonce":"862a93b766411f32b0e10fbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"d60915047a99f0669db9cfaf3e13298bdcca35a823beffe69be6e82da65604946b4c494bbf9e7f0eb5d8cbbbcd","nonce":"862a93b766411f32b0e10fbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"36cc2f24e5ac541ae833956da46cf7563bb8434192a1de5932e26e8382f8efc48039eedf9a1c0b5a2dcbc30cd0","nonce":"862a93b766411f32b0e10fbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"dade53f0b622168f1ebb4ea9086b8073de668dff6568f45dbc9fa5881d372fa85d30750f0b732b98f69b50657c","nonce":"862a93b766411f32b0e10fb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"b07251f2bd510ccf31958211f3fc8b795eadb496c71c56a744ae0944b729467bfc14b23cb179c33115cc3ac992","nonce":"862a93b766411f32b0e10fb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"4380fc1e679d3c604d5ab8d8b0d479e8c423ca4ade5d5d25d72ed9fde4ddad6c4e631c6bd60d1a6de7147b77b5","nonce":"862a93b766411f32b0e10fb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"0a75d769ead41941adaa27fb56c480ea77fa8ab5a332c9d43ca6d5daf201bc716525df2d0a9384d9d59fa259e2","nonce":"862a93b766411f32b0e10fb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"05c471501325c88be99ae6bd78c246639164e3f52acbaee6bd78c391e4407a67dbcbbeab9410270d0bae9f9896","nonce":"862a93b766411f32b0e10fb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"7a84ccf1b7c706a3606c1716e10e726ab1c06162a1d23b77e45d310f60da23cb5d1783cf3c3a32e392b58c83b7","nonce":"862a93b766411f32b0e10fb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"d114a6a305a78925ac67bb358444e4c514bccd1abf42d4189d821a915eddccf8f3354af4c560f9d6d402742f6b","nonce":"862a93b766411f32b0e10fb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"958f766fd9aa7a444e8ffa0ee54140cf2fdfcfebd42e18a1ae05057fea4567281141056843308a4995dd235e68","nonce":"862a93b766411f32b0e10fb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"17f01cadea3238f7e7cdff2a64e4986017ae74e5dd484a8e26721b55dab08dd98664b98cd5b6727221ea84938e","nonce":"862a93b766411f32b0e10fa8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"d98c2110d00b89620ea1063edf19374b69aa217e936fd30ebdfa427b3d7dd514656544135455722f46d61f0a8f","nonce":"862a93b766411f32b0e10fa9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"9c49589d5a3edda207359ff399817a0861e0bc5c72b84610c6df6787921a11e88a7976792c48b806a3cd55456b","nonce":"862a93b766411f32b0e10faa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"6583e7f175ade33e9c5936255aa95b1c4f7bffbc9e7fd80c4dfd320f67b89d9054663bc831a13d864d392f0377","nonce":"862a93b766411f32b0e10fab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"ee71758d73989fbea32037c36cb2fd99ce5b89858d36b4b169df6cf328e817fe7d4b8de51698144a7cfa317f77","nonce":"862a93b766411f32b0e10fac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"1040f0934469c407661637c48bed0ecc25b7f7b4504bdb193cc23974e7790a75c2296f937b420d3fb387d6adf0","nonce":"862a93b766411f32b0e10fad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"6977556d910503e32b0cb05f4a86ce385c24efc290bb94330498e3c544323e5fa681630123d1242b6fbce6b138","nonce":"862a93b766411f32b0e10fae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"ec3371527e265dc31d89801737dd4435100b8676c2842dfaecc14f2a80c522419c2ede7ae5ecffffdcfa8fe967","nonce":"862a93b766411f32b0e10faf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"62aa61c55e3b17d7c684332c05354b3581cfed45b45752f336bc2110c12494d7434776de48cb38706d3461e725","nonce":"862a93b766411f32b0e10fa0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"f997fc641be92cf2b47f6640851611e3b13ee6ba046351c6735588e2922f44dfc835e45aa526222d9fd8828790","nonce":"862a93b766411f32b0e10fa1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"eda78d089fd893260871f588d0a052a8f8d943d476f5eb3a25c49b7d7547ba998e54fafe16af0e916acf9f3650","nonce":"862a93b766411f32b0e10fa2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"7a8e6e5961f158a758ed54237b7e5a94e65e20dff1384225fa18adbab05bac9dc1d7b61d15192af8c69fd78a28","nonce":"862a93b766411f32b0e10fa3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"a0617e77967e79bcd67bc04e3d2761e0fe94e0a25e3f7304b6674d5b096a9693dadae424128ba46105dabe973c","nonce":"862a93b766411f32b0e10fa4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"eca1446ab1b7225d02cdd48e2dc887b3c179ba483fbc4f88ab2b02491f84629fb3605101ddc6244c7c1b90d835","nonce":"862a93b766411f32b0e10fa5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"6955f45cbedd3f46ee443f7146b7b6e6e9b546ee936a2d63ea5832ae6e02f4c6a27ffd3a0a17347c00557d4490","nonce":"862a93b766411f32b0e10fa6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"2ad203ede908500d70a5c4a5692d4676bc449ae35e59c2dc37d46032952e61f88c4820d9b0cfe69c6b5ffc043e","nonce":"862a93b766411f32b0e10fa7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"07fe0026d706635419562c74a30a8fe9259462dea58d5e75594de1e7f20ca1cc44dca4adb7c3b85068442f6bbd","nonce":"862a93b766411f32b0e10f98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"35a56b078cf135769a777efde7f79561509612d5f9ba5fa3e1ef457c3a85d5604962e836080431ce6f074abb0e","nonce":"862a93b766411f32b0e10f99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"227f409eda43b157dc45890717c497dfb2b8f4ef6034f0e487b133f524afa457dbe6b366b363d9bc4538d652a4","nonce":"862a93b766411f32b0e10f9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"1ec118b94264c3d1a96b68ed9b6a58341914c412ed736e732bfd907f9f6ae50b68626b20023460e3b9aefb0342","nonce":"862a93b766411f32b0e10f9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"9476b8e296d076fcf302d258ae4e78de1235cb698b3337ae405339fa93522c53a44e18c75a1c78f5cf01ac0760","nonce":"862a93b766411f32b0e10f9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"de7d49ba59305a0ff45c2d572289777c9b33a1dbfac788e39ad4d8583b4abfddba76912fa95f3dd3b5fd3cd56e","nonce":"862a93b766411f32b0e10f9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"4cd38904ce707decb1e9ef25017b7818ba3e9dc6da9fa794f81b463a4eaaa477f0d8114b66fd28a780f5df30ed","nonce":"862a93b766411f32b0e10f9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"760b82e0bf4d1871ae61b020d241170a690965031833068c42fad15d81e2795c0fa22d0d9b369ddd64d9b458f7","nonce":"862a93b766411f32b0e10f9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"825d7c44fbe8be29ec14627e2effe70c541ab54d859c599a6148d824ca7e2d9cc2aa7fbd0fd1a94d6143ae5974","nonce":"862a93b766411f32b0e10f90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"946afc76f961a6b33475f71e755f8149b2ee4025d6be63a9e2bd0bdacec6e7e366ac16822fdb0e77180a7b87cd","nonce":"862a93b766411f32b0e10f91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"3fd764da19462b4018dd7495c685e6f524fe3922a5d793e080052386a5af8683cf1608a790f54dd68d4d52a68f","nonce":"862a93b766411f32b0e10f92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"3ec7b35708573b2f59677ea2a67b712d7bbb0542a796c45fa39d061d98fe35a4e38d6a4d80f51eee2612e13847","nonce":"862a93b766411f32b0e10f93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"2430b4025d43b980aa9b48025206d49efa379ee4ce4cb2edbda2018e98792d0cbc6dde858fd9509ef1a621c733","nonce":"862a93b766411f32b0e10f94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"4a69004d71252491593d6674023ae066aea08fed7ce491e7afc33a863efe8e1ad4a5d4e22e903f5bedf8dee7f9","nonce":"862a93b766411f32b0e10f95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"55f5c98e35583f60bfa6eb9f4e571019011654c9ee0e61486fc7e1a3e2d6acdb0c3d03574cdd3168a83016d929","nonce":"862a93b766411f32b0e10f96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"7ec54bcd8d55412a3cf4df0704bcd092637563197e2ff4cac079431c4b8c2a147433c4eab7fa9275c5a3b17432","nonce":"862a93b766411f32b0e10f97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"ff7a9a42aa150be23880ecccda520f294b8dadd334bc7a2d2a2d6716d89639694bf3a19178a2786e1c12a884f9","nonce":"862a93b766411f32b0e10f88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"5d31ca05d73645ccaca60b8836792685f3fe17f258494bf5570846d9eb678444ed71f0a20466afa4a9eb0a5d0f","nonce":"862a93b766411f32b0e10f89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"fe4da0e469b28437ee2bb685f3977b2e1698c33f11401e63403c4471094c98e8588ed6cf00cf83d62f454d980c","nonce":"862a93b766411f32b0e10f8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"0cb636d8615203c5d0928643066749896f00a1cc0c336a722c2bc1b42bf7d8a2ab6095d399449dc5516aa2b12a","nonce":"862a93b766411f32b0e10f8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"06b1bd594a6ae4ac9d1cd02a91263a232e175e9ebf349b2a2f3e6cc95004ea3f00066d154801c54a126751d3ac","nonce":"862a93b766411f32b0e10f8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"4be60a3ba0e5192f4ff71ef18df6ed1d56674e0dd9c0a7316ada5aa0d15d21503c451ec81722fffa830b7f2a27","nonce":"862a93b766411f32b0e10f8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"24b3450331095b668485e100b88c4220681f62e3f2be019bf9f7c964afd4808da7099579daec2ee07382331dd0","nonce":"862a93b766411f32b0e10f8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"43524ddeb0ed7b3f6c168ad86bdf6aef112e4bad405cede168bd01b47abafe32056da6998c36fb139c2487612f","nonce":"862a93b766411f32b0e10f8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"1d20e5f7ae34e959760a1aae2940dff56949bc033381efea916e81fe7f4f0783be2898e2e731b4e64398c136fd","nonce":"862a93b766411f32b0e10f80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"d34eb3cd6a765f1917278bee70f3600bb57c72045b1311ffe9b3c970a08586beb73530eb6f7b27128122c2bc1f","nonce":"862a93b766411f32b0e10f81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"fe4ae68c40723ca135a438d1561ca37e33397f4eda70793b1d2aad1ad3aa742baa90c98781333671b3fe489c0d","nonce":"862a93b766411f32b0e10f82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"0f75f6d7ba460d19c50a0408071e4721d0d5a8be838e1f8a96d3bddd7a7db04fae365bd56735679523cd56dbe3","nonce":"862a93b766411f32b0e10f83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"7b98d39fce8000fd34277c317dcaf5245db9bc09556626f0abb4de3eed6d946eb87a693cfa6516e59d22297113","nonce":"862a93b766411f32b0e10f84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"e5dd2229b9621507071cbdfe11f2b2cb7eacf689d87d1d5cc431e4f841aa948c1cacdf6b2ad3e84be0830a24bd","nonce":"862a93b766411f32b0e10f85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"64b32ee535b0497bb56877b231f0ea5b4a40dd6517cad39175e001884f96940ebd9b6cdbfd849e4b928b5f84b1","nonce":"862a93b766411f32b0e10f86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"b6118987f9f24f5b61dbca7d63efbf8892463461ffbe46bec13db9e7233409e8cc0486ef2757b25e9bfc5bd426","nonce":"862a93b766411f32b0e10f87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"66f9108fa15e7bb05fd47cfc7a364ce118f9e64245c6a9cb0faf1d26f3c054d00a79a8a48c775b7725b65a001f","nonce":"862a93b766411f32b0e10e78","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"d58edc871b9e9141e57393914186ed608ccbd30e19c3a64fed3fb7a670012829"},{"exporter_context":"00","L":32,"exported_value":"5ba3aea5722326c8248c05daa29e8d8256d664df57f864e7611e4484ede51dde"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"9a7c1f201f0daf12e6a6f55d850cd6a0f552a00a4676fe6c452771517287047e"}]},{"mode":3,"kem_id":16,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"c528dc13f6aed77af876146e637b4601583be2b82db6d4d298792c5e1e84cb7c","ikmS":"d91f023b9689519015bb949530520a7bbb9be4381d43bbbfcb805f77b95b84aa","ikmE":"899203b428a8a5374d47b48930874ce4757f786c39e13a489115d64cc4e5ce9e","skRm":"bc29193d846d960edb11b846e80b43738d6341e5444dc0e69dcc5ae0d97de6cc","skSm":"d780ccebb177b388675e9cd8f80a2fb105fc953a8243e4a1c9a6f7ece22c662d","skEm":"56dc4cb1e5fac070b762935f32411ab3c802b4fc9fb6ab030322cc2bdd4fb088","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"049c331117efee994348cdcd7f7ec6d1cfde4ef9948ae7a1cbcba8d20fc4843a01e15c59ccbbf0af817207a88d564234f2f968bb19d79c12c69087f31f61a07fb3","pkSm":"0431923a7243d37a2653263106c77504052a95d4b119d9b5de3bc76d7c150b591db6c2e4338bf3737efee490fdd7ba6950ab03a5a76e8c127a803ed7285687bf2c","pkEm":"0417d935019f332ebf4d3c2307f933368c49818518efbf71d14d860e226936e44c426b0469d8111feca002488512912b9a3625aac02bac7ac429113cf0c280cc0b","enc":"0417d935019f332ebf4d3c2307f933368c49818518efbf71d14d860e226936e44c426b0469d8111feca002488512912b9a3625aac02bac7ac429113cf0c280cc0b","shared_secret":"c2218b04e7e39da9fcafe21842d521416160e98160d2a7ad0de07cbc09363bca","key_schedule_context":"030d17104af65412950b881d58878238fdc9f980d980945e2897b7bcd44b67e27a61c2a1c2e32dd0197004c59c6df6898f7502a62f33ee399176b24ba94a1f48b1ef4b8a36b914c26820d53e83a9dfb742c7811a526e9dcfb2f19f895c68c80dd54c6e836af7133e4b89418b17bdf4c1d32445ee0bc0f40063a0dfc0e0913cc37f","secret":"2124bd443db774c049fa4396f93434b8e91eac06898096230c9e057ccb8de59aefef42a985729c6bd80f565a74a3c10e82b109cd6573267671939adba41eb637","key":"dea3edc0191d27e7026e5046fe37e8f6cfe862cf580f3a4f5be198d844c23028","base_nonce":"a97875b9a3444d718ec08055","exporter_secret":"344fa684a7524362e6eddca84a0532cfd296e769654354d95d66794e7de22ee8f6d2aa693b1ef8e4318577b7e3a4d21e5d1ee27dde1050e7008aa47beadab97d","encryptions":[{"aad":"436f756e742d30","ct":"5526be92443bb658fcaf9ca8a220ecf00d70888bffd88ffae51bfdcccd6e148ecc65f1e93b63a7523f40f4a76e","nonce":"a97875b9a3444d718ec08055","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"df69eb3f3880e7e98263aff0c65404e46e1562e0cb178a9dd8f0f4d565fa1b3556ac2da6f95dad3c512cc2aab0","nonce":"a97875b9a3444d718ec08054","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"fef311c3fc0670bcd6163b453999dc40bc62b52fdcf7beff1f7deb41e536b512b2e69bf5fc3345eecda0b7c4ba","nonce":"a97875b9a3444d718ec08057","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"19d8422e869d4fdd732f06c2c900f16cdda27e9b11343b75ad738fb1d167a1e8fc2ccd82949c0b1640d37886de","nonce":"a97875b9a3444d718ec08056","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"ddfc1d78cb4d99fec8022fd71e98b07c790d985cfac080897189866047a3091f2014aa4ec0a3573dee6e7ef87c","nonce":"a97875b9a3444d718ec08051","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"cb7c6ff6e3b4101918578f61bac0f575d3215b9a5e5d4d1fd46bee108f5c4858e2a15d37d5fb5b8f9ddeae2a90","nonce":"a97875b9a3444d718ec08050","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"f8a5026a59155f69edd1d75bbca49f11998fc6dafa9efc3b97fee1c1e473abfbd8815f15cdc7a15594aa807350","nonce":"a97875b9a3444d718ec08053","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"aa860c84505237506e6a85b47e91f0e1002da96346ad0759edeeb1f976821c67e426350c8fcd4be3781e89d435","nonce":"a97875b9a3444d718ec08052","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"e115413cfae201b91edd041468ede64bc2929a869f4ff1cb38446c66cbc8150e02cbe116adb30f416df2cde862","nonce":"a97875b9a3444d718ec0805d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"3684feafc31fc682d827bd342b955cee3ba940240a0d322d4aff1514106525c36772082a6ee74ae461033ab607","nonce":"a97875b9a3444d718ec0805c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"cc0116194b6dfa200f27b48e8e8fcc131859ef49548fa29cfa8434d7a8d7b6367d915aaeb62bba8de1b5c3e2b0","nonce":"a97875b9a3444d718ec0805f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"829b673e769833173688eaa4aaf9cb6cc09bf3284b6abea2f42525618bc49024ef857e9cfbbc73067ee4798466","nonce":"a97875b9a3444d718ec0805e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"5dd7ef91095745270a9128c35f149682fb960bc4c34c9d913e1cb763b6a20e777d155d42e64bdff28e4b51c44b","nonce":"a97875b9a3444d718ec08059","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"c7d5800aca6aad3cc902e5f8bb3762d32fbf3aeb543e47f24e2a1c0069b8f9b593fcb488f97acf362c1dfe7af3","nonce":"a97875b9a3444d718ec08058","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"fb230fb7109737f01b683f52b99f64b9a98f6cfdd3c2949fd5cc6ab48aa2aa84cf3b44e3f65ea401617d290160","nonce":"a97875b9a3444d718ec0805b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"958d28290a58a4e71e5cda07cc7e057f8e298062b9710cb0e64ce425a9ae08a9fbd8c734f7ff0ee0260dcd6e96","nonce":"a97875b9a3444d718ec0805a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"b320091462fecdd9eee5ab71d4712cfda24ca513cd273b6f3752be61f54572760263f443af5d490874ef994e3e","nonce":"a97875b9a3444d718ec08045","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"53fd8ea8434b7f97707705f9ed39f86f8903b9a5f927a77ccf0b7a5c6d271d1967005ba888a9452682755fbba8","nonce":"a97875b9a3444d718ec08044","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"0bb4c44e7d6ed427e804aa6bfaf0265dedf1193a7173afb20a2a332e5d8c17a601f180392a469cb006b871aadc","nonce":"a97875b9a3444d718ec08047","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"fad01adfbb47792dc5c36ca62b60ffc31db0e637ba0b4ada9f4c7086472f5a0d6f098794355759ae21f268a598","nonce":"a97875b9a3444d718ec08046","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"193ca209589cc84d5e61302241f4deda8a53b5ccbee77110a3c99c9e6f580496c18b3df2990544d82d1c4a7857","nonce":"a97875b9a3444d718ec08041","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"091a37d267484336e8fc58d329afc03aded1cb99d41f0748b5350c943874384d227d02fe294e41350c552e99a1","nonce":"a97875b9a3444d718ec08040","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"bbfe7717a5b11a438157026824e4c90da40a28cf27ac4af485b78911568cf8de7896ca3ef706d823264758f928","nonce":"a97875b9a3444d718ec08043","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"351438acdee2cacbc023ad49941730ca9fc25cdde50ef15d684e7e269c9698feeaaab861334d09f206cf0752f9","nonce":"a97875b9a3444d718ec08042","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"8b420e570bde682c01c79ee3605d0c2ca847b07ccef70b91aadda2162519c738ded58a2dff220d414b613108e4","nonce":"a97875b9a3444d718ec0804d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"fd07b7b5b2d9ebecdbb13528cc2215e23405de889af35371a075bb0003d4ebbf0052617bcdf44a83ae86599a32","nonce":"a97875b9a3444d718ec0804c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"66fd98eed12c0c4b9c397d210ab8a44249dba1d7b860d093a82d5f9d775e0e91c8ab5f17dc00a081b5e520e290","nonce":"a97875b9a3444d718ec0804f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"275d46ff6003abf9d40113ff7096a66023ad8c12a27e840f13c8d6d221f3eef6cae1138aa9c31718338c925397","nonce":"a97875b9a3444d718ec0804e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"db4591bf8447d7f503f4d411346e6ece585d6bfbc4347098893055e623e89f8e5491d3574730020f3655bc4fc1","nonce":"a97875b9a3444d718ec08049","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"07b5f109b607ac92691c0c309fc8b2d84cd38ff0770877aed1435e9520a8c67e074fbd046038fbc90d614fa9a6","nonce":"a97875b9a3444d718ec08048","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"fa863615e2ae3eb431831d3285ea398f698d5892ae07e4223f1609c5b205996ca6999427fa814e55371c945614","nonce":"a97875b9a3444d718ec0804b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"f7d0ce6f53ef3e2873d96c2485886b1cbd45ebd299801acaf4cb8d93ed025ff5659a99a13f457c9cb371489c7a","nonce":"a97875b9a3444d718ec0804a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"88e3c80a79b63c2614401f77fc0d7f83e95b66f9f765d915fa7edae3eb9f609d9ad09966557927b0535f59dc5e","nonce":"a97875b9a3444d718ec08075","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"ac71994c37637996eb084153c1c8be8d18d2f984d60c0663af17ba8c2fc9fb3488fa33b2b7d0a527b5fc241636","nonce":"a97875b9a3444d718ec08074","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"ab1ff94a55ff5d209585175cf49094f59473583f6ed0cb17b8b9f06817671316eeee460e37b8860cfdbf739c8f","nonce":"a97875b9a3444d718ec08077","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"1848b1a651825a9ef90c7e10518f4c58dfbaf126bd9150bef6af6a7bf2c621240c129c28dd699bf369d4294041","nonce":"a97875b9a3444d718ec08076","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"258128a4ba20a4d591d852819d13655f580e21a7344185d0d431aaceb585c414bffe6bacada81b5f3ff78557a7","nonce":"a97875b9a3444d718ec08071","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"0760a15c6623b0a261baca13d153bfe5698dbf6de8137b860eb7307c4b943a9f699dbb916c5217d0f26561a555","nonce":"a97875b9a3444d718ec08070","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"51fa927a0a1071fe1992f2e1e04136bf6caf1a4d17f0f3f77d035782bf23363c4e74bfad4700eefb01c7e49d66","nonce":"a97875b9a3444d718ec08073","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"38821f611d3bc05998339da04d260ca40c816d31766a541a4bb4fabf609de8b9dff305026a5359432ee6ecf376","nonce":"a97875b9a3444d718ec08072","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"31e2bb652c6429616a334d7d2aba5b2e062c5a6f6ae70e3e09426d53922827edc16fae7b9efccce217c01b2d45","nonce":"a97875b9a3444d718ec0807d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"d2d8cb478572ba989c227b50a8493b08854b11d4422b0f9ace0bbf9c28a8ba877598dc40918b84a81391de2440","nonce":"a97875b9a3444d718ec0807c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"9e99dd27f631ee812e844faf2a8a588e3f01e882be07115146ea37e5754fca6d59209b48bc2e63220d6f0a3b99","nonce":"a97875b9a3444d718ec0807f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"385e769737df081ea9586f8655f786d8ec2f34c1dda9b6661bc2b380e830dc538ee8ccbebee8dda822bcf36960","nonce":"a97875b9a3444d718ec0807e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"a0f0796ca5f75eef284225c30ada64658593584168838a2a8e87f30751bc2286a3b3ecfac3276c926ea11773e5","nonce":"a97875b9a3444d718ec08079","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"cf68da2d09d829ab4998a42a3e550eb81c1a126f64c2e2e80f540d959f7dbeaae0e518d9b8e0b991b40cb7418b","nonce":"a97875b9a3444d718ec08078","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"87772be572ff4d312cdcee0214d84908e87954de3d063506b1e3aca07cd933e01bbc4c2e884b3ecde68b65be66","nonce":"a97875b9a3444d718ec0807b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"54c7576a2130defbd25ac5f2114bad7c8f5f011c70064796283f991ab4b13859b6b0833ec256a74bbb05276805","nonce":"a97875b9a3444d718ec0807a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"895017ffd286d3481c815ff1b7a616de74ba0d96b551179738a2e0fd17a78f3c06b547d897509b8c9afb12723a","nonce":"a97875b9a3444d718ec08065","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"d7858ddff32ba0a1592383b24299e6f1f806a2a2d5632ae775ff24faaa8c14a102accc9e7853ffc7c3562151d4","nonce":"a97875b9a3444d718ec08064","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"cbfb3ab405162c578218468c6c1b2f07addb5d2a0fa8e6d788f05aeae1a8fa744102722caa9efc252d3c08049a","nonce":"a97875b9a3444d718ec08067","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"b5e7e3f963a708937ead615e41c0c5148cf3f331d48828f5f877f462ba98ed0f616cf32de6b6ad31d196713a2c","nonce":"a97875b9a3444d718ec08066","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"236fb3ee7037e9a34b36d8a6d279a4ade1640d468d5a80241e638b9590514c7f8541775643db2bab97ddbd70ac","nonce":"a97875b9a3444d718ec08061","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"40894e43882ab3c598aa2b049c5a6f32e8f2d0d2509b84f6e90c931133586bcb34a8022e25b35155a6a6d645cc","nonce":"a97875b9a3444d718ec08060","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"942f3e358dca757340f0c7016968086142475c1e6bb1ea5921249ebd948999fd39a3012f83c69462ba5304dabb","nonce":"a97875b9a3444d718ec08063","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"957612702f47fdb69d9aac6bd0e58fba013d687c4ad2d5e5863ae7ecb87ab9eb92c95ec5cb3c2571d76c1f01d9","nonce":"a97875b9a3444d718ec08062","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"d493d76caaf5a6cd8d01638305e52d4182f5f75ff2f1e6bbb904dbba127b5ae7e4432fe4ab1ecb86891c285ad2","nonce":"a97875b9a3444d718ec0806d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"8f763f56558c0a0cab8a085f44ab6d23ad15faff6b371ac2896f63fb53ecd246e159b727183b3146c8b5971207","nonce":"a97875b9a3444d718ec0806c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"2320a511ffac2cdccfa8ccb88d9c77e6795f5923c69ef9ffc683dbdb1ac2861627f0f02814804cb49bf0ec44a8","nonce":"a97875b9a3444d718ec0806f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"285cd6659389e17f1708825ad86902c613c9454b20e044a3d699106905ad3d3e707059d5961680316190dc0cb2","nonce":"a97875b9a3444d718ec0806e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"7a49a9303caa2079c3bcb0721ee754d5e307db8c96c085338bac10d2a01c20452ced0e46414615238cea79a346","nonce":"a97875b9a3444d718ec08069","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"64e534363eaecb15482cb69ddb8ba8c1857b0395a77c020cb5366534eff76e320eb37f1b231aed03d1d82752be","nonce":"a97875b9a3444d718ec08068","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"c2d8a7299734282869e7d936a7283bca1187d151e46f8d8dec167eb956cdf87a860767b80e5e7f7d0754041345","nonce":"a97875b9a3444d718ec0806b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"d4e8d7cdb26919e4f4b182e2371a068c258adb1e660d400e1bd68ebf4f17cafc0697750760483042df67142126","nonce":"a97875b9a3444d718ec0806a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"861744fa016c3d3e742753ed779bc711523aa5aff69ec7ff681f051549abb9fbaece5411814524d4105d2b08b4","nonce":"a97875b9a3444d718ec08015","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"97888bef97147c6c428c10849155f4c27623b51b330ab2bc5613a63c8dc6ac2e3ab8275c406644b345c6273dc3","nonce":"a97875b9a3444d718ec08014","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"b56bb4c4673a11a9015d8714be38b11b4b63d776bd6fdacd192a186eac754ebced1fa903c694d6bb4fe0ec9758","nonce":"a97875b9a3444d718ec08017","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"cbed4cb5f6f12f3b1d71e7fee6a4fe970d452cd0d49cde4fdca981e28cc41d58a8aa3c51267f2bf745123a03de","nonce":"a97875b9a3444d718ec08016","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"b555da5a9dcba55bd08b8399ec63a9fe38d303c2ff4dd3e1b25268df67bf311b260a0796619cdeadc26214c1f8","nonce":"a97875b9a3444d718ec08011","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"1143b21c22a33014c4ffcf46a1ec16af32329326b0c5761f8fef9222b42e8a84483a6ab7f263e9d750d55447de","nonce":"a97875b9a3444d718ec08010","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"e4a0245546cbfd0ff5f22ff969e30a17dc4d14a86f349b3b1cd3df9f9ac07e9d962270c8ac457dc5f96053a96e","nonce":"a97875b9a3444d718ec08013","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"36b25203ec8fbfae7a4ffe5537ea24b26e2a20ee93388623426926c3c2c820dc29b7e458e07bdab7f4a0cefd28","nonce":"a97875b9a3444d718ec08012","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"6863577ef5e09080ad23a053c44d60c49866feed44a389ca0d83d2fdbf58de6a5da7393ca63244a0cc6754c61f","nonce":"a97875b9a3444d718ec0801d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"b267bc18d6195ba82d87f765801f12544a94a43c66cfb220698ed66380712a53648e710b5c0d037cf80d770c98","nonce":"a97875b9a3444d718ec0801c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"8cdbf710f2c082bd21f641758859d008f78a390d7a596804e407b1f22f3077899347f8fb64a2d5be09625e758a","nonce":"a97875b9a3444d718ec0801f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"2d90bcc9b3a5be146715d229c44d6a00cd06b9649786696cab02e50c97d68699fa71b817bcbdffbbbd810b940f","nonce":"a97875b9a3444d718ec0801e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"a675ad19218f3d1e1d564eb3842962b80c494f3000d41fdbdd8bcfb415c8bbd517e5e4304126dd5c1d40d1a664","nonce":"a97875b9a3444d718ec08019","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"be5ee84e2e5f73c53a092cfc122cf78f7f69ce5cb910e9a1aefa3446af3d0c573f31a2fb17a5ca886d73be059d","nonce":"a97875b9a3444d718ec08018","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"931285b249d0f71256518bef64f5c12a98b399e28b5041ed3872a742db5f8449e925f3651ec4151d2d631b24ac","nonce":"a97875b9a3444d718ec0801b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"ec55474c49169c194a81c13e9f6e3846f5298f0f5662adc0107a6ecadb721bc80bd094343bf04cf2f81aaff5db","nonce":"a97875b9a3444d718ec0801a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"f8233619bd4497636b9acac67e3bc98d36da1e4f76ce580b5b30885a0fc7c2464442ff1225b1c3c16a46c78615","nonce":"a97875b9a3444d718ec08005","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"976b562f9486fe49df4e80e4f49afc9a12ef416879df62a7847a9b50779426386209c74d61aa6eb3cac5216316","nonce":"a97875b9a3444d718ec08004","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"be16f3de3dc356309948c4fc8a70a03c9b85217765bea77209b492c9491b139b854d8b073b0a4922709b13436b","nonce":"a97875b9a3444d718ec08007","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"cc0ccc89ba98c411bb6f5ea351a74cab9652c10b3e3e445787be94a334c06d61a31509e30cd17c378bf8fe96df","nonce":"a97875b9a3444d718ec08006","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"fde3e0a5fdfaae707a32983f78fb798fb01f557c1fd34f917ecbc3e39dc4ba023131fd30d259de1401e8ecb5fa","nonce":"a97875b9a3444d718ec08001","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"dcc90a334fbcb66346063cdeec7ed78fc1da03b7b35bdebee8c48446e97e9d06dea67cfb3f6daf49f2d8800a87","nonce":"a97875b9a3444d718ec08000","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"58684070ed75f286dc681383cd359887f24e915509b71ebabaa5eeed37e76ae5531027cc02ec4878024bf493b6","nonce":"a97875b9a3444d718ec08003","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"dfaafd2bc6e5ecc35ef0feb6b396c95a4ba0e625053af955c8dd33025e6d808b58d6dad22d111421cebed24ea6","nonce":"a97875b9a3444d718ec08002","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"b6ac543f5ef0f1532705f6ea5974bab95f04597792250cc55d50ce3a86d042ef2b5a77399e47d0cbd922695d45","nonce":"a97875b9a3444d718ec0800d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"6b298febd6f2cc94db9c5e7f0c502daa123a0a45cbc75ba8710e43ef39dfbb628ff5b8ef48993a5aaa11a068be","nonce":"a97875b9a3444d718ec0800c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"9a588d9c189aa3735e23f679e210956f9e0f07fed2a8a9086448e4fb8666dacb65c5b19eb6c46ae8c196e90f4c","nonce":"a97875b9a3444d718ec0800f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"b0b89a2188857f7de9123ee5b3468951a0a8339fb72188c5eebe5841fbdfa6609a9965743676d36abbb581c9de","nonce":"a97875b9a3444d718ec0800e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"aed471aea9829551c91c477cc4af0f227f9f1b871b76549acfe95dd4fc82477f8d7c2a68cd893f5eda7bb95e4b","nonce":"a97875b9a3444d718ec08009","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"7fb26e49347426119a9d0cf9b2d7ec4a24b840818e261309f1b805e32de36e08562f75e3fa4c02030be59caf81","nonce":"a97875b9a3444d718ec08008","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"f80e1b52e4caa04b58fb3b6de9a8b009f93197a6b5caff71c8105754152dd994eb273edf1e5f69513a29178c46","nonce":"a97875b9a3444d718ec0800b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"fa24308f1ec50923b4ae5db28e15042daf217826a720e77cfc810613b64252f374c47b63e11c9921131b5929e0","nonce":"a97875b9a3444d718ec0800a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"7b698dd8ce4facc23622beb0ac0dc37a0995419e37e59701cbe6da1a86b53c4ffe989458522d1cb8e79075f7da","nonce":"a97875b9a3444d718ec08035","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"8dfada6dc593a6e50bf4c3007f914a3475a17f05186c52b4f36ad9b9fb970e8b8f5b5d7ba976f6a70238fc968f","nonce":"a97875b9a3444d718ec08034","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"8f9bcc0e7451b064e735e32b0127f0afe649a89b44e94b7c2dd92e3cc2400c528ca3ec3f820ecef455c239a22e","nonce":"a97875b9a3444d718ec08037","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"29533e60d6fa03408c09b4314bffe8471a173578298f8c800a62b90a89229ced57f75fb82034b03eea2925210b","nonce":"a97875b9a3444d718ec08036","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"6abf411c44166f16fa7724f9655329626107999deb9706acce7dc2dc31bbf2678d72ede257288a7c10ac14a2de","nonce":"a97875b9a3444d718ec08031","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"b68efe1cbe7e8ce57ee13af20ca14887b0deb79db2eef1df249fa30bb3f3c138887ef7b90ca8733e3a1db6687a","nonce":"a97875b9a3444d718ec08030","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"bb640a8acee4bceac68b87ca701d40a87decc420afaaea88810a2cd086f77ab22750d5824c4fbd1cb08af5a4a9","nonce":"a97875b9a3444d718ec08033","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"8e076b7dfd1913321c4a97b9fb0d6d575877a2418cd8e74e6c8ccea7a3076d3ad2be4d6537b1721244909794ec","nonce":"a97875b9a3444d718ec08032","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"f794593e1fb87a9d4c56828d46025c094914e7ebefe534e528fbee6f54fe6c23dd0a2c168d7d94180309b6d11e","nonce":"a97875b9a3444d718ec0803d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"13ddfc38a28afa1d9212fe0ab297afaf30e269b8524fb694590a9c00675ac3745e295697ec0586305272393f9b","nonce":"a97875b9a3444d718ec0803c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"5ee548a5df3437447b23b2cfb5999096bf6532f9524840732e3f59b30cb102c5489a3bd43b8de876ad7a97a913","nonce":"a97875b9a3444d718ec0803f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"d3c0203ff01e1a85dd454eca1fef3240915ae78c3c9bfc5f1a34de45a51cd8e5e9880121018d7aed663085ca2d","nonce":"a97875b9a3444d718ec0803e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"91e50646fec95b8489b7a3b27bd407ab299daea8b265257c07557dcf7fb8603176af3f5cabf63ff360d39d5a38","nonce":"a97875b9a3444d718ec08039","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"9cabe6a72f5f9ba0413a748ebfd3750c82de50d01ee1a7fd23c9d305caf0513ea459bfdba54ec630f2042587a2","nonce":"a97875b9a3444d718ec08038","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"a13df68368915bc0a1a1850f128c54daf116d8dcb4e4420782d5ecf91c39e8fe96ba4deb9e22cfc6f58b387b81","nonce":"a97875b9a3444d718ec0803b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"457d9b4fac3b5813b4bdd5c503626bf2f79d43c45baf3efac35d3495cbe566b07a525b4d7afe4cb2ab3eb53a44","nonce":"a97875b9a3444d718ec0803a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"1057bf8fa721e3e2beae75ae114c5543d3bb69816b5bcadc5ded89815001068a6bab5f63b885d80a4954632ed4","nonce":"a97875b9a3444d718ec08025","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"7ade8e41902ddbe7629668f1ef17ab63a5d2ea9d9f3ec278ced4af1fc5c25b98837c0df53808d802a86c31ad52","nonce":"a97875b9a3444d718ec08024","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"c869fa5058d6ace57541a1fd730da29b44b94132dec61478cb416ab0569af2c6ee29c5613d6e5d7e41da8d602d","nonce":"a97875b9a3444d718ec08027","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"4d65f513b3d5430e4b7722412bd4e28b0ea4f0c116e370fc95e315960e05986363762854b4bf05356e501e9bfb","nonce":"a97875b9a3444d718ec08026","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"1e20743014b600e93656a82ec3fb615e5eb5ef9205eff82cc9ef1bd46ad1e0bbe079456a7b05ba2e26cf1ea11c","nonce":"a97875b9a3444d718ec08021","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"f843fe27a014fc0bc74b72f69ca4d3fe7d429b4852ff77aa9ec3aa49bdafc11d7a05dc118a200b82b8848ec4d8","nonce":"a97875b9a3444d718ec08020","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"77538fa9960bcf39a475bb336ccab48bd9e7f93176092e4379778d751c11213cf711a96cb86d735ed47efd65ac","nonce":"a97875b9a3444d718ec08023","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"43ae42f7ed1d09a4ee488258deed1ad4047e67ba982bb1c06809caae94d29c339d3f591983eef6633b7cd1d27e","nonce":"a97875b9a3444d718ec08022","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"c6b82edfff7418e55fd652c2393bd0402ecc4fa69d4adf638df7bef0a0a2aa14f18e50479bc970c5db4ead6f44","nonce":"a97875b9a3444d718ec0802d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"35211ac8c8b5d3e5bdaafcb543a7d9956e1cc1cb5df615f4c716cb3f8803191d916e13bcc89e69efc27c18756d","nonce":"a97875b9a3444d718ec0802c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"81c32009af883e9c1064ea8eaf9f688d12f8ca82fd3ef96d4a40893b2b8917adf40261d1830465879e128f7ae6","nonce":"a97875b9a3444d718ec0802f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"28a8c8c0a1c7d60944506f4953ccd7b21a4f631bbea33051084208fd61293a184cd942cd0ce6f86ef2098ea036","nonce":"a97875b9a3444d718ec0802e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"22ff3cf3cd1dc17b90ba1f02aa17add1120d1cb7fe832ecfb160e02e4af5ab75671ef362335964100a17dfdf1e","nonce":"a97875b9a3444d718ec08029","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"87fffe5150bf89b94439d64ba009fa6011b2120cceb3cdeaffcec97dcb668495ad0965a9f3373571384350a756","nonce":"a97875b9a3444d718ec08028","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"f3f427bf762f44e950e2c3d494453f3ed8c89761e0e35eb29331774396c8a58d13abd51a1fdca0ea32882ee68c","nonce":"a97875b9a3444d718ec0802b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"91509896a26827bffd79fe611004f05cadeffe799234e5356dcce2d2a013de38696c5f30ea5ed530a54af42b71","nonce":"a97875b9a3444d718ec0802a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"a501cfe78c8624ab7b825bd85bc56b5bb3e609f4011ad1e7d7b64a241e1c25be1431bb988ee6900508859f718c","nonce":"a97875b9a3444d718ec080d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"a5776430a4afc85697a6992be2cb4e4df7bcaaeb574b2075dc96f8d503b5b524a77d7431d893ff7305f6adf578","nonce":"a97875b9a3444d718ec080d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"4ae32d384edbe58cf2086ef63484c55ad1bbeaa307c4603aab3f0463d5c7979e24ccc61237f8d503ae7f35620d","nonce":"a97875b9a3444d718ec080d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"fc0e829e15627d0a0e3cc985cc392cb787cdaa04a554bc2177a6469016a5a8ce0636dd866bf4683f196d1ca9da","nonce":"a97875b9a3444d718ec080d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"eae2748de9b8da04a7513cc6dc4961f0f9302877683c9f4682c0bd4beea16e3effbf646702b786dd83057015e8","nonce":"a97875b9a3444d718ec080d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"287d56e99b71d96d27bb8c1fdfd1b8fcb36f3d6148255dfb22c701879736f6db26150adaa3b6b3554445d1f92a","nonce":"a97875b9a3444d718ec080d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"83a507a5d9dc78f3429e2f51d007cbc25bec3c924014d4ea3269fa768cf2076bb8eb41e153aecffd11a486bd00","nonce":"a97875b9a3444d718ec080d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"e0aa37217242823b20d10933c0e15dc2008d3bed12fbc612b49134806628c8b15d7f5827946e930bc0baccea4e","nonce":"a97875b9a3444d718ec080d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"244c008115a4b2cef3e842bc81036b8a675d664e5a081f36d4395feca7f32f89a8b5e9eabe6f232159a181f987","nonce":"a97875b9a3444d718ec080dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"12cd2505b8b42c87fbc4dfe2609e77f803f05328ee03ecc6b27a00108a33a1783cb09cdc4e901a01d973fc384b","nonce":"a97875b9a3444d718ec080dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"691044da6d2afa5095acb5e7b3da6652451baf5c3e637b3169e57da62634aab1ba1f909dd978a708588e1ab445","nonce":"a97875b9a3444d718ec080df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"001b44994dc39dea786b4331314d1b71bbf589cf837d683ff167de2ffca8f5781d709eb1796c2a576b2d9dc069","nonce":"a97875b9a3444d718ec080de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"c79a60a8cb39ab7c03c291ad531bc09b9011a3746816925798787be8b367627b15e22e7b05e637b1b56ac613ec","nonce":"a97875b9a3444d718ec080d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"c8a2bcf1243507a7893c610cfc0d3d65a6f9afd711a9a64026cef1e8ffdd0b034bcfe4d05066586909f74feaed","nonce":"a97875b9a3444d718ec080d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"1f18fffa4c3f593efe0a5e05b318a19aa467ffbb40383482f336780f49fd26c011e56ac48a80ca44491f8c6025","nonce":"a97875b9a3444d718ec080db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"c7c060bf5fd1f4b26978dc7047829851d1073be5327fb43aacd63d2a7acf6a5023f17f6b0d57e34ed133ac0fc2","nonce":"a97875b9a3444d718ec080da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"154483b4f7409948066b3fb8b82c2b304e92b2c8b0dbd5b6335622d9d440d7c2d2e199cfdf51eacd7993eef7f3","nonce":"a97875b9a3444d718ec080c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"a3a09df39c4e562069b24b0e12f2da010297bb8aeaeef02e08ba765ca6c0d65dec41ef1c77175fc1ebc9fe4b87","nonce":"a97875b9a3444d718ec080c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"ea9ac60134591da4778192aa64f171c4f6c50d227c28896b4afc275391890915d34ca62a02ac40129f1f8779bb","nonce":"a97875b9a3444d718ec080c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"04e4a082d6437eb8807b939da70b48ec1d05252dadcbce80789121885471eb267041fa9e1d28362a21853874ee","nonce":"a97875b9a3444d718ec080c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"e806dff7f108e077f101cf961276b0fced96d5f52b4e852786a3c71fa7038c4f553c727c6e0ba05c5baac582b4","nonce":"a97875b9a3444d718ec080c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"1c72bf3059f1c0cd1dc331b692df908366d9a83364303ee07d26ce60c5566b9365ded0610d965dce1434879e1d","nonce":"a97875b9a3444d718ec080c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"4fc0a28698ae663ebf593637fb34c7afb20b41f87b451faa24c2c052fb8f944812f5690c369473c5976e014fcf","nonce":"a97875b9a3444d718ec080c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"b0b3eddda7ce41b15048452cf2aa267202bbee9dcf3265b598eb11309ca4f8c9be3a795dbc9c509afe9409e377","nonce":"a97875b9a3444d718ec080c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"9e29c103455c597486a114c90bb137da9b76890ce08198bedd8852b9f212646c5e4ac7838b784e60dea2577092","nonce":"a97875b9a3444d718ec080cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"1c9ed3251effa22fe8b976667a096e7e929a3111364013534c35cce723ad89bb007c7bebd7811e16ffd222a62a","nonce":"a97875b9a3444d718ec080cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"c65e0ce90c1df79541b63913f3205c709020b3b94ab6e5b5775553e8df1746019893c00eb0fb920a67ef0cf90e","nonce":"a97875b9a3444d718ec080cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"6409c169f10c0baf354cfb1d7c223a3db75fe6a688112ac4348b42ba5cf8ea4ed0b4f3ae81d74879dd2ab1c2f6","nonce":"a97875b9a3444d718ec080ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"de83dee6b1beb983cd449503b91373233075d5c10972f5d4d73c6927c6a4ba8fa1f8f987091916ef52691e8ee7","nonce":"a97875b9a3444d718ec080c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"5427b6b5a29528f9b15e461134ef0841ec0c39f4cc3695c7675da7bda54deec5550f870d6068f9ab7667717991","nonce":"a97875b9a3444d718ec080c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"19e25a250176ebafe033e86d74047267511202a2e476174b89d4d6e6b7fae8b6013d50777939c534dffc1ce587","nonce":"a97875b9a3444d718ec080cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"452481128074ad0bbb59c3239e2e746147c2d43ab2dd1f7774a5fcf107230f5f5315918acb099180cc7851583f","nonce":"a97875b9a3444d718ec080ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"9270e23cb2ec6b04a7483edee3b4ff0c4e8906623ff49ea22ebe0234b93bdd29024722267ce94fd0feb8bda16c","nonce":"a97875b9a3444d718ec080f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"c0045d624280213a366331ae3fdc001b6bc808c32d02748b751541b29feb097fdce841771e991a691e68c5f1f8","nonce":"a97875b9a3444d718ec080f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"3735568f1bad521d822ca28f53668df08a93550c0f79dbea0565940eea71609635b8e7b88c288bda1382d7da84","nonce":"a97875b9a3444d718ec080f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"20bbd1b82aebcc1537b035dfc5cbbb89a488163cd0011864f6e636a146bd5b992d078ad40f5e2d5ec3efa24b21","nonce":"a97875b9a3444d718ec080f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"a805f7c8e3ed2c7c1997f89767ae471e89999d8451e2fc507c85a5c08e46650d981e6ba688831a564f4e43578e","nonce":"a97875b9a3444d718ec080f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"d4d16268c5cef302e60ff0eb29a1d2c43e8767eb72bc523cc6772237234b1b16ac366e1f467c3d3fa8a1189c97","nonce":"a97875b9a3444d718ec080f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"160a361be70c3d94ae8dd9cb82aa841460d65944a89419de2565388209e1cbb6fbbae64b7d8603eb11d3b1439a","nonce":"a97875b9a3444d718ec080f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"731b0b5aef4231ec3d5712c7a659f11cb7f7575ab7a3b700932d9fe9cf0bbdb967f132eac1be6ddd53851074df","nonce":"a97875b9a3444d718ec080f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"7a8332089b1123fc2653b7f660319fff699c06e97372878ed164d746247ec058a8d4f77043506afddb928babce","nonce":"a97875b9a3444d718ec080fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"91a60a7289b33bbe7b81b3f227f417e2a87a092831d984ee5f8c5a2120127d7bee083f8757751a3b7aee2dfb20","nonce":"a97875b9a3444d718ec080fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"3c64f93c4f5433da0cc4a11969bc006e21a8918696c1a424d8b0eb0a0863ec3e8079c68a24fd2f6131ed76b743","nonce":"a97875b9a3444d718ec080ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"9f59ffb0f5a4f5a12729885b95e9ffa2f51772f7ef5bc4461b9e4fc61fb89acac26e78bb9b2f152a155de23f10","nonce":"a97875b9a3444d718ec080fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"18727e77bf308347bec6319ed6a625e568287f7c1ba0d3880b123899c572983dbe195fa2e0f108e9ed44367f16","nonce":"a97875b9a3444d718ec080f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"28d0791bc6cc47260754597ac21ca12235b0a55606982c6ff6e0767be96c18a134665fc5fbc05e6a1d570f4388","nonce":"a97875b9a3444d718ec080f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"c55a5d9715cb79ce1ead25919224fb96d71c9eb67b17d7c38c728b8cf58b5bfad03e2b1e011a97de6ecc806725","nonce":"a97875b9a3444d718ec080fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"988a1334cfc5b1d4626d7159ff6ee4b1d5360c6aa1c1b1aa6f75da6dfb942c3fd85830d720d59384b4a10ae7b8","nonce":"a97875b9a3444d718ec080fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"68acdeae942edb889d8e3dcbe06e20df0002ad6341339fd693ce83620f467c15151c991e9a0aa656c0e69f2a4a","nonce":"a97875b9a3444d718ec080e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"126b98fbdacec7e0d93d51b176a8c4cf43097f7e7dc0a39a98d18c2bc4ce9e67a3532f88706c4f075eadd77b31","nonce":"a97875b9a3444d718ec080e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"7b549331ea54543be758550bab2d1bc65ed5b305f5d0bc65add10bf6dadc897ecc4e60d625651131314cd98064","nonce":"a97875b9a3444d718ec080e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"035c8a154712861bd659f09ad2d8fe1db65b68f615240204dc99867e087913e62e24ac9f77b1782ee2a699dec6","nonce":"a97875b9a3444d718ec080e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"fa29cba32e54c7ca00fc96efdcc36c02a668cedeaf12564e485939c3ae4dec657f5a9fcc316b2ed8c95445e73b","nonce":"a97875b9a3444d718ec080e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"061e7e9fa6966119a71ee066a5dc5061f6d031294e875000b0f41f7e6f9376476a15c386f8b9a61f34358f13b6","nonce":"a97875b9a3444d718ec080e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"417a6759b8260f590299e4ceb5c314763e0b44affc2f1c3577538edf0e6e507ff7e4c90e551ffc96514cb250fc","nonce":"a97875b9a3444d718ec080e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"621dded9c88cbb7560a810b884b90de91a0ed355caeade51d9f12720e095c200183fa422fdde2dcf1c277b3aab","nonce":"a97875b9a3444d718ec080e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"4d9ed8d90e4c52c790f7615dd56b13189e25177f28d07bde1dc8ab787586e94766f5177740bc938e5571003ccd","nonce":"a97875b9a3444d718ec080ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"bdfeb8eaf49bfee0a092f01dad365bd73dba563621e44e0f5123db39765574017e8eeb117419b3055e3d0e946c","nonce":"a97875b9a3444d718ec080ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"50c2277867de58c4f31017c7d2ae0c220572a9c8e8ae40662d0e0d6b3fdb05c614bd4e005be403ee0389c14f8b","nonce":"a97875b9a3444d718ec080ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"ebfb8f3086d5aeda67e189108fcd6d80b5654f90f616a446de39a4ed7adc3d08ddfa1d626ff6196449ff7e2fe5","nonce":"a97875b9a3444d718ec080ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"7cefedf6317249403949de9aca1d254e59b9ce81da965ed1c0fcfd748bb9323ae8ed7a4dcd0c0875863e66f445","nonce":"a97875b9a3444d718ec080e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"a554501793a1bee3a2b1051a6747e6b49cb40dfd3ca9840197cf5ba1df7372d0630107da1aa7babc5396d7e23f","nonce":"a97875b9a3444d718ec080e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"e514d39a901d15e31ef19f485e54669c30fdc043d9523fc2172bea90a3b905c15b2c17b9c3d25e1690bb5ebf9a","nonce":"a97875b9a3444d718ec080eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"2ea5b4d36b3a787d619bf5bcfdd400780bbefc840fb726d416c8feba27ef78adf50b3a2b61177b998f7fa5defc","nonce":"a97875b9a3444d718ec080ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"ef8a512d9b1eb536d912d04e5a30c6c5f590b88d22be4f2eebf931e245e23c27d43eb628949224baf4ff8d30b0","nonce":"a97875b9a3444d718ec08095","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"2973f6778cc84e53ca50f7bf2a233ed02509194619ef664eb1c079f34eb3ec99f82f454b53719b6cc36ee000b6","nonce":"a97875b9a3444d718ec08094","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"059400ece48741423c9ee65d635e46f3a2e3819a360711321406cee81b5c8bf32ef30a52d2f238b6086c62f144","nonce":"a97875b9a3444d718ec08097","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"11de36dc58ddba789b4142c0a6b595f4c608ec0d26e94ef84b630b3ca9f6d6e1337fb4837adba10894b4de303a","nonce":"a97875b9a3444d718ec08096","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"a885f7c8fc81aada512bec47912ed713faf86393b1b478cb23986a37150ce6fbc2307151f5a4726115958737b2","nonce":"a97875b9a3444d718ec08091","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"255316a7e0f53404d120650d70ca9e03c14d01633a8dbad0009ce64b14fb55605ecd3a5c2a28e79351a7199f62","nonce":"a97875b9a3444d718ec08090","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"ac9733883ae46164b1523d5b033e66d648575cc8d4af9aaf4b5d7e736bf407a7c4ba24a677abe4ff17560b47db","nonce":"a97875b9a3444d718ec08093","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"ad5db3eddc9cb2d235d188a2b7373aff099a12b9d60d3bef5863641b60f6852b7f5651d3ea67a303bbe99fff60","nonce":"a97875b9a3444d718ec08092","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"594fbd174248d545bdeb3bd23db8f13956ecffe649b5f605ff4e364d4a7e5daf643f6227d796c44e9a984dffa8","nonce":"a97875b9a3444d718ec0809d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"fca16bd4762c920b17b6df5b03e3b02adb2c4e27e27fc26d036b681e91c5fd0e92cf2a30d69fe88f0435a34e5b","nonce":"a97875b9a3444d718ec0809c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"29717cb2230266bf69396e481b465831902570ce139e5b24b9d7116329c94c3a930015f73f1f74cb8cb38d3986","nonce":"a97875b9a3444d718ec0809f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"778b683363b7f0c7ac91d1cabcb596edc91a60ed5c8640e84a3908e30b6ff633ffe9fc80a4b1bf83783870dedd","nonce":"a97875b9a3444d718ec0809e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"dd1d7866449a89aaba763b97e64cd82bf932b9686bce3b9e08563d8dd8fde6720be0d52b7ac78a9dbed968b6d8","nonce":"a97875b9a3444d718ec08099","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"ea467e9d0c319e1fc5b5abd320caba5d7ce96fb6c62fe49809a2c918d63c39d086f7df852e3cf5106423ca618b","nonce":"a97875b9a3444d718ec08098","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"be4bdd2887711a5de64aeba0165ecce7aab7442349a3964007210433f148756521712fd2d367041e877ed475cf","nonce":"a97875b9a3444d718ec0809b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"60885453a6ae53722e9c2c7504b416cc99b2f96976629f7a409170e7aef499163c91714a5b1eb045b9ad5b5bbd","nonce":"a97875b9a3444d718ec0809a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"a1da469f67090d7d2c6225d6461595a3d30f2c6222af09c3647337c0aeeb99512004e057d82a00b46a7a385b97","nonce":"a97875b9a3444d718ec08085","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"20ac273e9c4b6e37a800702346b8caeacd733055c4f7852d80ab0945c0caae7cd05a78eef92c398c77c9834696","nonce":"a97875b9a3444d718ec08084","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"20b222f1c78c359be17a5eb16f4af19e85819695b008e6fa4a98ff1a04871fb4700ba1383427c3c2ba59ed1288","nonce":"a97875b9a3444d718ec08087","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"d38f3382a0fbc7243148537f10814373601e2bd6ad234d0f2601e0743858cce223d4f8386e6558ce2d9e110f52","nonce":"a97875b9a3444d718ec08086","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"f872c0ec04345d6d21ff6e95ddfbd987ac076f69f6bb08db9a5995206f79deeffdcfef114b2f04a61528368402","nonce":"a97875b9a3444d718ec08081","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"f70bad60bf2fdd68afe50744b69f24bfef2c7f7a1f0342e364eaf8101e93c9d7a96101c98bbe59022d948a10d4","nonce":"a97875b9a3444d718ec08080","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"96d725541f988ff48d65616441ebb676bd4c54445d6043d55a4b2ccc0975f1b401a9fe7161e264480e751d8747","nonce":"a97875b9a3444d718ec08083","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"ce813097d520639e48a19090938a78c55d222332f0a32dcae7a20ae4e93b4306841e299984b98d4275e8a9bab0","nonce":"a97875b9a3444d718ec08082","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"40f1e910ae3dd0772308fa2e00d0c47baf53f9d31ad3937960c98877a6f448492b24e0313cae1bde48e0ea4098","nonce":"a97875b9a3444d718ec0808d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"04581fa082bda90dc41ea0359c770b011f7fc5e12d42d463799ee86a61120204977c973c44f29d830a0fc16c74","nonce":"a97875b9a3444d718ec0808c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"2f31630dec8ac71a8363f658a1ae8082db3da345323c69345a3b99f385325c278fc5ddd3a19f23a35ad07be512","nonce":"a97875b9a3444d718ec0808f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"c9c0c3a3fa12281661e925694b542e770b62aec1148df2efdf9243d1507f57f81be839ece41ebb4ce286f6c887","nonce":"a97875b9a3444d718ec0808e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"6d2f883d26cf3beb76121e1fb3f54e7b33291a0d62aa8091b229a0e03a708b90ea8f942bc64b5f1c8e792d7621","nonce":"a97875b9a3444d718ec08089","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"89b3c7a68653a28d912ac11b16698f7f9ff7593129719585bbc52b9b920ff59b56f8e992ab46053718d43e48c3","nonce":"a97875b9a3444d718ec08088","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"461ca1923f6e868f2d2e8e9562d5a488cfed22af7b33d6318a21ec428319333ae282da34193f20c0b0cbb6cdf6","nonce":"a97875b9a3444d718ec0808b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"f926cccf8dc23b83d2aec0b0dc117161e42639e7c062d266ed0751ec5a27b8f1f035444b277f5006de75629e88","nonce":"a97875b9a3444d718ec0808a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"7b4bf1a24312ef1005f68fb20f8ffeec9daa9674896c6ccd0ced6bea12e5a921c14991788da4094dbdaa9d5899","nonce":"a97875b9a3444d718ec080b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"30052b858339eb00cbf9ec5b2809daa51d7a3812e7c46bd0e1200bb31a50affbb5ab8df312a54151d92ad6e87b","nonce":"a97875b9a3444d718ec080b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"403bb8274abb0c38c0e33d25050a190ee5ad72cdbe027026f82dc93d347d3b54ae71accfc780e74c0e1b799c96","nonce":"a97875b9a3444d718ec080b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"a54da7efc396706d8b45258d295f91040fba688dc5f3e930605df67d904af7df13b5dc9df0a4c06a629a8ce0db","nonce":"a97875b9a3444d718ec080b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"148ef58c0e8e01d4be7fb86041016d8d61652359a903b82f370af4067ce225abee16dca705b3c98f3e1d7c1ee9","nonce":"a97875b9a3444d718ec080b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"40cea08bca252d1961599b6b1274b94f23a37258034922a0de4ef6e96fc563aea020c63e1b3b69f087469428c3","nonce":"a97875b9a3444d718ec080b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"9ac01a264d7968d78ad19204fabd50bb58783e2d7e4aced2d5a10b550a94e2475ee9371e73ddd7038dfcffdc5e","nonce":"a97875b9a3444d718ec080b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"c7c3a21eec4832d2b40a87c7dd1cef3fcb4ec5261436f3e47e1f84bd55bb33f9b534d6ba9d841ebf25b02188ad","nonce":"a97875b9a3444d718ec080b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"0b6a9a7d906aede6226a9f6edff07fa93f7ce3d4091ea19581e4c0d6a766460c6c745be48f165d55d39056dff1","nonce":"a97875b9a3444d718ec080bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"3e149170de560cdfb86ed129bd11b003a70fc7c86dc6ff3dfdc0869cbb94426e45e71b72620370b85a8edad402","nonce":"a97875b9a3444d718ec080bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"f79ee0d098080dabafc1cd450a1d03ae621c4fbb0e36abfb0ac1a8fe407c14e53dc3d7cd6ac2e2136fa38e490d","nonce":"a97875b9a3444d718ec080bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"cc956bbf7cdfd139f7a2f04dea3a11346e0a8552d2881b5bb5f2e81863f0681a041170daeca3d72d4a4ff87a38","nonce":"a97875b9a3444d718ec080be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"4bc6b8dc2ca62acfd8bc62d8e5214fef1d341ac4563fbe983c00bd1a40dc49358df317a29f11bd87c59ed396d6","nonce":"a97875b9a3444d718ec080b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"38ebef5599ad962945c254a35d82e3509bc65e2ef29d70a72fac0d57f9d72dec0aeb65b367995ded97fb254df7","nonce":"a97875b9a3444d718ec080b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"642c06ca5b0838cda5f0fee7d2703c36c5ee919cb7c9595d8cea5d2c3e62f294ddd01cba4a93e74b8616215a37","nonce":"a97875b9a3444d718ec080bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"085bc39f46a1bafb5036a115eb59c685a8bcd69c6b99c616da7cae7e168e52f8cc66418c39f1bb22fd18e83c76","nonce":"a97875b9a3444d718ec080ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"87095b45b9907df4b8dec835fa5142aa972ee9a9ff2e8448d6d068a37e762c5217d6a3fd70e08dca1ecea52b32","nonce":"a97875b9a3444d718ec080a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"d98aba2190948b153bd69cd46542c3d8b099a46eb7cb6936ec993b00c0a728cf5b228a9339c02abba5a0bd23d8","nonce":"a97875b9a3444d718ec080a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"d9dd9001676d5c60bb37a0264e40beddb18ccd7801946d6ffc8d9f4a9aed4c5d0cf12ef7eb7f623c4c7fce9cff","nonce":"a97875b9a3444d718ec080a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"bfc838696f1cbec3c7a323b5df51aa4b7e0ae17385eb2f0525645bbc7ddd112a73d0367aa35e80aa525072f031","nonce":"a97875b9a3444d718ec080a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"8ef07101ebc826c258075877e0bbee59f211ed9463c0d6fe6264a0481b4ad828fcebc95bac679a2829e4534bad","nonce":"a97875b9a3444d718ec080a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"3e072f0ed2f81f536d7df2600a2f8f0092156e5198198fb3b715e79198f8cd743c9d32f14f38f739734be1f3c3","nonce":"a97875b9a3444d718ec080a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"5333076817a9f706880730f60100c7d887ab23d5cc34ac9db4445ac6655d677d46e0e0aacadae4beec294e70a3","nonce":"a97875b9a3444d718ec080a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"7187b7462058b420ecc78cfd914d330ed278ab1ad14aa4cb830e7d78bebaf5d4def87d23a180dc18d52cdd68d5","nonce":"a97875b9a3444d718ec080a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"8bf7cfca48b92c48783beac76f827b92f015fa65a082bfb8dd3ecf963e14d38b30a8b575ba168a1cf907cc3609","nonce":"a97875b9a3444d718ec080ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"4c8e761f052e2e91bdabb57e900afd0241b6f2af84fab8d4b8841aa79a2aae1cab0d51bad91b55f11a617361ad","nonce":"a97875b9a3444d718ec080ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"3d7d58cb955ce7091a8bd3bca04dabda624cd877295a1df8afdee373169363872bb13b0ee48e4cae2521ac0f88","nonce":"a97875b9a3444d718ec080af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"f23c9e38f4e9749043586423d70ba9d78ca6032390db52b7bebe0612d5d7934c9f03f3a1505f1b819e3f2fcbe0","nonce":"a97875b9a3444d718ec080ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"e349dae0f9c1a7a9357f8cfec0c632910329a9ad711abf23142da7ae6055d681a3603462699a611503a8542a42","nonce":"a97875b9a3444d718ec080a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"bb066122d2f2cf0614a640e9f16584db7df2e0cd3041fc7f15e05ac7ae6f89aa71cb68f91079a7740af9d84d45","nonce":"a97875b9a3444d718ec080a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"45ba33e00b3f454a75537894f152e8803fafd3510f9ae5f2d34caacd149f94b3305d18b4992e175c673c4a16be","nonce":"a97875b9a3444d718ec080ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"9a5b7f8d5120275690e228aecea3d6b14746c6e687e0ef201a2e501b50263e6efb9a50966fc3488ab891c343b8","nonce":"a97875b9a3444d718ec080aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"af272c54df5de36a63c4d14a5ecb2d655d3bf9d636283fce0cc54e9fb328e986165ba2d779b28adaac01a71e1c","nonce":"a97875b9a3444d718ec08155","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"99af05e72d6fe4d2976d4c7f6653ba7b224cc6a93525f4047722229687158ba0"},{"exporter_context":"00","L":32,"exported_value":"aa005005bfc0d0b8d69a8d172843757ce9af2a17d557b596e37e3f4bff8f6c0d"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"c55181900ac721c1e1c7d88fd8d46ac5434f60239b1aa2dcff7d2f953f0fe23d"}]},{"mode":0,"kem_id":16,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"8d283ea65b27585a331687855ab0836a01191d92ab689374f3f8d655e702d82f","ikmE":"02bd2bdbb430c0300cea89b37ada706206a9a74e488162671d1ff68b24deeb5f","skRm":"ebedc3ca088ad03dfbbfcd43f438c4bb5486376b8ccaea0dc25fc64b2f7fc0da","skEm":"9c00a6ecce7eac4a73094bfad06d17b2c195ce5d891a76c466d9ce17e2927aff","pkRm":"048fed808e948d46d95f778bd45236ce0c464567a1dc6f148ba71dc5aeff2ad52a43c71851b99a2cdbf1dad68d00baad45007e0af443ff80ad1b55322c658b7372","pkEm":"044415d6537c2e9dd4c8b73f2868b5b9e7e8e3d836990dc2fd5b466d1324c88f2df8436bac7aa2e6ebbfd13bd09eaaa7c57c7495643bacba2121dca2f2040e1c5f","enc":"044415d6537c2e9dd4c8b73f2868b5b9e7e8e3d836990dc2fd5b466d1324c88f2df8436bac7aa2e6ebbfd13bd09eaaa7c57c7495643bacba2121dca2f2040e1c5f","shared_secret":"918406d83412cb2ae65becc752da66323801933dd73df81c4e4e7c747181574e","key_schedule_context":"00bc71466af15b2cc51961c551d1c006f9dbdda3be795ccbb980f169ea6fb31003474b10dc797383ffb0325aff5f75701a7bfd781c6298a5637f7a8fa2e6b5f624ef4b8a36b914c26820d53e83a9dfb742c7811a526e9dcfb2f19f895c68c80dd54c6e836af7133e4b89418b17bdf4c1d32445ee0bc0f40063a0dfc0e0913cc37f","secret":"479408c2cadd61763b3dab0ee2fefaba7cf54401063aa85715a3f6d4e1f6bbc530041d7c9f911290e145ac290ba48d1941bc714618c3ee1afbc69140bc46b704","key":"a438e7fa5713046c634b7ebf36efe9175d2aa63164a430ad1871c21cbce28ef1","base_nonce":"80e67dfe703b591e18cdb04e","exporter_secret":"c585a0c00032a14c67e7b4f6b1e02f1e9059415607e91db6a75fd09ecd239f87ed97c1e5cd6938aaff851b01a92319344ed6b01e82de3ca2aa43aea64f09f605","encryptions":[{"aad":"436f756e742d30","ct":"81a1f54372913f6dd88f45d7889dab174942baef7b1f3a32ee42058bd4b5ca5e8323301420b9e3f3c7b56fa8b4","nonce":"80e67dfe703b591e18cdb04e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"7043074aa8c45e56395fbdc5566627fcd674dee9cc227dc180a9fb40934daa9edb1cd4c2a784a61c744a4be0b0","nonce":"80e67dfe703b591e18cdb04f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"3a8aaee090972d3a58086ea7f448edf867f4cb169d30a0829ddbb3fc106ec6daf638c0bb5926ac21d2f0a799cd","nonce":"80e67dfe703b591e18cdb04c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"49c06cc8ca1be0eb4f4453cc3cfbafdb55a19652c9eaef7efde1102087b2a9ad5fb823dc429605b486293d1c50","nonce":"80e67dfe703b591e18cdb04d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"ba0b4e4f24a3bd35d705d92bc51ef477c75a7c3e9d5e1220ba87486705b920a7fe0dc2435af68cc59f81eb6ce1","nonce":"80e67dfe703b591e18cdb04a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"e8b58b73c13635813adae5f599fe9a4b99ca9394e24ebb43bde998b9bb883c975966b5820beafa973e7fe23007","nonce":"80e67dfe703b591e18cdb04b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"6682c5ecad878c7629a802fa9d0b825912c878e5edff208c8f33715fb0190679d637704202262a8d0a87f1fe9b","nonce":"80e67dfe703b591e18cdb048","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"0695bb782c3ddbfdfbb77e7913a01078b6e100ec8718e996285d589cd90050e6c1161501a549884bd6868ab9e6","nonce":"80e67dfe703b591e18cdb049","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"ddd6cdd79a3336187b5a5951a3f19127089ff8239e31ade029cabd1c9b77160e99ae65e587a5f2764c387e7ce6","nonce":"80e67dfe703b591e18cdb046","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"c004de473611d0b46754d4fe72b8573985061e8f45d9e220db4b5925bc67b756a9fd836b6666d2e20ef8b2cd3e","nonce":"80e67dfe703b591e18cdb047","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"67298c53a9b8cf695b928b6704bd1d451adecfbe310dd2032913b2b3261477c9a2360e70baca0a3e83717b9a0b","nonce":"80e67dfe703b591e18cdb044","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"261377658708c2ae38c38a3c53c12d2f380c5abae34fdd21079dd1b365a55d2b632f71d789aa00bcf33b348f3d","nonce":"80e67dfe703b591e18cdb045","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"21aa53a1ec8e0f763486b5679bfd3cad4b99c62e7ecf0dd6755e614f478235119afff52d25fddc8c7caa66a1c0","nonce":"80e67dfe703b591e18cdb042","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"238317a4ba6ee5a1e74f2cda4c6c5fe0d387ba36592e898fa16f4936307d31a177acc9f9ffeb4af4ef9a94d6ce","nonce":"80e67dfe703b591e18cdb043","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"d33e82db56a9f84ad55c4f57078fc188c1ad6bc54e97987754cacc26fac6dd0287111b27daf5334227ab2ed87c","nonce":"80e67dfe703b591e18cdb040","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"754ab80dfc5c84d0aa859d9e084b7b4edd71cea6617038062e4aa273d349cd26b4049e3dbb392916ec970c4ecc","nonce":"80e67dfe703b591e18cdb041","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"a7aa53b57ab3ab9b0b8da1508ea2b7f16ca9ebae4a17c3e221740d1923c8d81db54435b9c85c59c7323eaeac11","nonce":"80e67dfe703b591e18cdb05e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"5ec3157ae7bbde87d41fb3c53ffc8a437b50e7867a57e85d9231128be3add42fa7fc1176ecae2ff71948a84c1d","nonce":"80e67dfe703b591e18cdb05f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"9c27b161b27b3327e0fc917fe1987a7353eb621bb066c45d767dbaf8c6233fe2b116acae37233bfbf70f575a18","nonce":"80e67dfe703b591e18cdb05c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"abe3c2a61e2e65e67f2a0772cf5a028bd44e0dbccc7c3dcba17449500a95c8ca66d7c36fca687fcbcc8e648abc","nonce":"80e67dfe703b591e18cdb05d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"6a32830f8fbaad529e651aa1748ffb138c95cd58ad8621d1ebea3033359ee87d8dd1e8743298c99c6a9b8983c6","nonce":"80e67dfe703b591e18cdb05a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"ab280a7e5cc32004f89a273512d16c24ebedd10927b2c236533309bea0592a40a7342f64a14e421b3f1bc67a6b","nonce":"80e67dfe703b591e18cdb05b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"429b5723809cd20375897e7c88c4473893f7d6bffe4822a52372d7a7e2b3d729b3dac7f58c4fd65df431938691","nonce":"80e67dfe703b591e18cdb058","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"d7e725fe82b2d890ab48931a33db40ce334a75cc25096d257651cc5306e6c1ca6b3d6a5952f2c9f1e75f16bf4c","nonce":"80e67dfe703b591e18cdb059","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"732c22e8fd94e8080e7d941ce2e353a425a04e6e5b3f35001caa440108829bdd6a8abeb3225d36e78af279d409","nonce":"80e67dfe703b591e18cdb056","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"a3bf53c9ab33133186b53b373045736d950a934fddf6586fa7efdf8c4ba959a02f8e99a85b1c1f5c979fa368cc","nonce":"80e67dfe703b591e18cdb057","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"fc3abd1f742e738bcde8693efb47aa074dd832f45cf43760284692e98ebd8bc17ef43eef8e70082d8b27777ead","nonce":"80e67dfe703b591e18cdb054","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"da482bd88bbce9726b28388c03e4b858c6dc77c4e4ec544717cc733a2a327cde1c25050e2b080c84d058e83c6a","nonce":"80e67dfe703b591e18cdb055","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"8a6e9dcf078362adbffa145b8e6ec7c26f0b5499460d4e9149fbc0e7eeeb0d9a23cbe56de7fd87e369a8a95997","nonce":"80e67dfe703b591e18cdb052","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"46176761d3efc7485500e038e7d99e289a9264a7091c0e13521973baac2eebe9b4889a2bed3d67ace6a03e16e4","nonce":"80e67dfe703b591e18cdb053","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"2d1dd094d87f08d980b9c5ea81bd47e8c4f85550e13a728a7a877521d50dd16a22eeee53a901d3d4b882ffde0f","nonce":"80e67dfe703b591e18cdb050","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"4f242bd488ae82367043eaadfc955c221329159466eac4f2b18f39e46a85ec06a09b67a81ed72aa75b634e9d74","nonce":"80e67dfe703b591e18cdb051","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"5600fd36448ec1b6a6695ff5aabf471920c4e90e514bf85af232b615b5a23966c1d7e2e788a7f5a19d40dcb3f3","nonce":"80e67dfe703b591e18cdb06e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"a39d17781faee9287ce7cc6c1e2f2bc9a17d70e50a099c44f85247a358c29acfd41cf68d84b12c1adb83790aac","nonce":"80e67dfe703b591e18cdb06f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"ac12265d929b7d76b888f4824ebe1e56537bb098e12d217417983ac42983852954bc7f0f888a2e6190b9c296c8","nonce":"80e67dfe703b591e18cdb06c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"dded9eff7c76107aad500b3ff7e156eed17f209392f45164f98ea641b2feefd46973c625d962fb56ec825564d1","nonce":"80e67dfe703b591e18cdb06d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"f643ef1a14f0199d0546308aaef7f01ac1b9f1a02f3210fcee10177709006879759e99dff2fce9f4165a4e8521","nonce":"80e67dfe703b591e18cdb06a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"6237027db262f5d7c54bfa4dbe37a32ef265e17fe19d2a54ab6e38df29d77286fb3fe9d45b5436adf11407cbf4","nonce":"80e67dfe703b591e18cdb06b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"f3b3b90ca23a6a78573fd39a250b86f393ff1bda96cdcc90314d927e0d808d2debed373d1801cd709f452e01c8","nonce":"80e67dfe703b591e18cdb068","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"a93b7dd056828cd7a1b9669d3fe9572d7c875f672e6eeecf23ba8c69635cea3e6b3307b5ccfac12ba251952aea","nonce":"80e67dfe703b591e18cdb069","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"c9cff5caeffc56aded8c4730a4c6243af0b4fcf520a500e58ef32b714055b0641abcda06b8b807f3c943d9ec20","nonce":"80e67dfe703b591e18cdb066","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"8566867c38068478f2b3d4b785816eed9357a8f3865abc3c4b0e3a8d0cd38d232ffbb1d8d1d57ff46105d514f0","nonce":"80e67dfe703b591e18cdb067","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"f2d55d38da3064c60530e40f9863b69614ba315838e1090000ac0784c593a81d0275e7d027377e8a73a405d45e","nonce":"80e67dfe703b591e18cdb064","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"a4b101b45d6fe506f3c0b6eaa72ad9e98b93c2238fa32ea0180a0d7b1794dffd2af5ed06d36fe86f85bf8dae80","nonce":"80e67dfe703b591e18cdb065","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"e77234cc94da21c3a5ad178e8628e8aa944045249ac8b7edb82fb98191965368b6060c4e50d9aca1cdd38dd0b7","nonce":"80e67dfe703b591e18cdb062","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"adcccedbe401e5eb961301a0ed746caa2b5c017cd73d4cf3c744ba06f6d7b523eda94cd03f0ecfdef6d103090b","nonce":"80e67dfe703b591e18cdb063","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"81804c1afef0d9479f73e84e6ba2709303da36f34b673d1b9ea8fb3826824f3235767a88599530f97758d1ad38","nonce":"80e67dfe703b591e18cdb060","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"86a9d62c48ecbcbbfebb4aeb9fb3f0effd2041df49ca816023befee161fb65c64202560f3923df351ddf854572","nonce":"80e67dfe703b591e18cdb061","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"e4e57f2f757ce4dedd9a5ffcd241f03013226ab0ae9cc6050c57d118ce33a8aff731b2f980b8beb848133300b1","nonce":"80e67dfe703b591e18cdb07e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"e91b157155d57c67dba88819bdbc3f64d36679558ac5747ccacb6d13ac6b7e2b1071a3d2eb7fdafbf6d968efd6","nonce":"80e67dfe703b591e18cdb07f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"903584a53c2e2765d02e461200403bac52e8ccb765bedad4f1f37f934b53e1fd2d9edce7b30e2ca41b7dd5c3de","nonce":"80e67dfe703b591e18cdb07c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"e5001daf39a3bf8e70545638a6a782ae63a6f698a5e3eb6d764ce201ef279d00957418d1c20c8812c73a475f4b","nonce":"80e67dfe703b591e18cdb07d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"1d922dd6a827ffce4d1c4038e33dcd8bcd40a979e6b6791f55246aa698622e0deb9a24a0946573c629da5a6d7e","nonce":"80e67dfe703b591e18cdb07a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"39260ecc2372946b15b9506242515833653006e1692ac69234d41f7187d6fe4e97a7d38abd588761f7c94a07aa","nonce":"80e67dfe703b591e18cdb07b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"8f5b0bcd0e6a9978b1d8c16c929dbf12f6c70082e892f6134da9947dc5e5fa33d8468dfb107790569fac120315","nonce":"80e67dfe703b591e18cdb078","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"785795257b62aa49b66890f53fb7625fe6ec6a90f441ec092eed657e552f8162a6b24ed96b1478dadd51bc32ac","nonce":"80e67dfe703b591e18cdb079","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"0d1bcb9fc7397fa5d0c91c8ff72252cfd425d186aff0e2fdb4ac37ee80a73e1306b017bdd362b8cd7b98b9c075","nonce":"80e67dfe703b591e18cdb076","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"4265213d239618c71db27788783dea728316c83350f44a6d26ca6112e059db3cb0ca66e31756b54e3e023a28ce","nonce":"80e67dfe703b591e18cdb077","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"1d1aa65a83effdd74e33478adba260896beb08c6dd5a35c784071297370cc0b62545269e5eec7bb97155004990","nonce":"80e67dfe703b591e18cdb074","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"a72af39403593741a2ce479f5b32e015322acf70b3072d36ac24f01b262e548ee41612e76d5727f6577ee00972","nonce":"80e67dfe703b591e18cdb075","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"a87789b848f385673d514895a674ee88b37d98e31b782da77214bf923ffe6997fac25874750bf0240d8e9736fa","nonce":"80e67dfe703b591e18cdb072","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"0193f6496d08eb25a976bd7a827254077a2d97cd7d5cfa9a0c0a6cb00b9cdd908000107500589663e03bb7dc1c","nonce":"80e67dfe703b591e18cdb073","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"c42da72e966251d4161d1a6af4b819d829d427db44092a56af7142aa89578284a72ec427721369cdd888a89f94","nonce":"80e67dfe703b591e18cdb070","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"1c352e824c002f557034cf167ab977cd74420af633fe75783e242a9b4a50f6194fbad0094cdffa7cfe850057f2","nonce":"80e67dfe703b591e18cdb071","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"5c47c5c962fbc617404ba7fbde47a94cabddb9b065046ee3af7cbdbfe201db9044d1bb5bf99702776debaa313d","nonce":"80e67dfe703b591e18cdb00e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"73451e7a638298ba954deddbc96f557490e47df7b4384f1f903bb8d18a58b3a9b6f305f3f57e4e75a51df642a8","nonce":"80e67dfe703b591e18cdb00f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"ab42ffb96f0889213a898a7e2f14f22c12a7a5963d8b647efd32f62c61876d9366fe479a68169de7ba0493fb6c","nonce":"80e67dfe703b591e18cdb00c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"3a953d011a58366c8869f91cf77173e7ca6161c9c3fb9a1583ac310a902f385dc1b967b612d228629b28c3677d","nonce":"80e67dfe703b591e18cdb00d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"0af90d730ada4e0829a5997039b59a0bb6c1edf8463be8a35d1de7588ecb900aa8508e4f8cc33ea67c1c758a14","nonce":"80e67dfe703b591e18cdb00a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"20c233f518d3ed89bb0e53dc7ceec76f93ee146ac2f051dc09591c3e3723ad431412e77297361b1a775c8a8b72","nonce":"80e67dfe703b591e18cdb00b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"301c7d94aaa51a0bbc7aca15f90e8c0c2bc4e76a96a33942bab45fa414337c1cd65a89228fb6b9f81d0f5cd1b8","nonce":"80e67dfe703b591e18cdb008","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"8f81ad513420a2b95e27628f0aafebf347aba550c8ccc7c7c9ca58f6647dcac8d2ee4f259e59ad7585f6daae7b","nonce":"80e67dfe703b591e18cdb009","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"06b1ec5d17856e987bbec5ffe91ae8fca1d5f3d9b30809dbcdda659bc2474adf94b7e6d4b44c270d38d3191b69","nonce":"80e67dfe703b591e18cdb006","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"88d4b936adf19276965b27b70570f6cf8673d8ea855d27cf72fd32e58a2ac97b7ffb2f1c6f861eabe625f524a6","nonce":"80e67dfe703b591e18cdb007","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"950f3ae8f9d27b5f493ef4aa262d9a4548b084f03bcb24ccdde088ed14235443a2b13ac40d530312793c5d8fca","nonce":"80e67dfe703b591e18cdb004","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"939525b6359c4af573bb0df0883175b2ce9292f3828ae40b21e8002bd3e61f075220d26585cca8b450352d171f","nonce":"80e67dfe703b591e18cdb005","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"b0c5e0bb31d7384ce669880e4cdebe345514e87300729cc8686da78b840d8eb647b8533e9df11c576335174889","nonce":"80e67dfe703b591e18cdb002","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"b44e469ae8c040d86238ad6f6a81f0c76873a3c7c9ab5e853806cf1c4db3eb094b3b366f8d0a905f9d4805d102","nonce":"80e67dfe703b591e18cdb003","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"ddbe8483977c2a7ae6e3a8503555b3b8601ccf9c7d8eda48245ea1bf472868bddd5598c681fabec3dd3e7ab234","nonce":"80e67dfe703b591e18cdb000","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"88911c78f69b406862b964223b1e64a0cc8abc93d70f6e084411ceacad860080fa49f88650e148a5d96c46be18","nonce":"80e67dfe703b591e18cdb001","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"db5233d0888163131c952deb6d0986893a189ea1bbafd45cb6c7901a1f250bc37028bc93abbee1d3fd2d7e6b4e","nonce":"80e67dfe703b591e18cdb01e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"68197e3f160939a23ef9d97389c46e6f24869f1cbc5e95e550676c85efc8c7793111772245253639265bed13a8","nonce":"80e67dfe703b591e18cdb01f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"7d2fbd5e0f75cd120ad5724dd9a50d2d4ca65b6b76814c4fb779452638627608e941532e587c6a3d90f37dd0b4","nonce":"80e67dfe703b591e18cdb01c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"78c16eeb54c05a77bc3a165555e8007d2fa2123b578eae427b4e61635fd5738e45e79553131dab8c9f8706270f","nonce":"80e67dfe703b591e18cdb01d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"d02fbe691d2106bebcc46f20ae74a61251d938802ea2b2f1ed3c702134b45b665478f017ffb3dbb5361e3cc186","nonce":"80e67dfe703b591e18cdb01a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"0f43f0bfd01311634248b9f155065936ec05c3ce29c6938e228cf2cf13154a088da72a001bb4f4b69b3e70dcd2","nonce":"80e67dfe703b591e18cdb01b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"0a209ba306014d8f97c897b42593d5bba1fed9f4e107a23d23d44542a3e675fa2cb44b83cbda577a3a9a4e4d98","nonce":"80e67dfe703b591e18cdb018","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"d062bb4c6c4f288a94ec2c7c4653e5e5abb67b8a7281296e000a232f498b482536f9436b03e3cf4f947a5659e0","nonce":"80e67dfe703b591e18cdb019","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"d3ae5cf49d46856a07c75894156c9d9232e66851b4bd86d479f2da1ee7200bd8a24e67153369b9c534afffcf26","nonce":"80e67dfe703b591e18cdb016","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"386b57c0caee90d201ecbb85f46c4c32b2ea861f32ade468149e3e057f938751afbd7fa4ba62e6424cfe1b31cc","nonce":"80e67dfe703b591e18cdb017","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"8a010bfb0daed62b10292b9041540cd952764f1b81e61d3d1a3ffa6780a49b73a7690bd6b8902d1ec041934305","nonce":"80e67dfe703b591e18cdb014","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"6936de7b456b025dcb0b03e832efe19d59cae533825d403c59826e03ac47dc70089b4fafb423b191814413697c","nonce":"80e67dfe703b591e18cdb015","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"c7324799b686ccc5d2670004f0ea65e83a0b43c8b90e258a8dea5af7c9293efe643a6d85f6c9cbc83e6c823394","nonce":"80e67dfe703b591e18cdb012","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"67e376ca0fe490e2be4277bcf0a0ddd667a59fcedca3d5bff864471a005316c17204a32a5e3eae592daa07327f","nonce":"80e67dfe703b591e18cdb013","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"1f5d5966b195525f9e104d3414a1ad90a1948064d422aeb49f30350d909737c5fe00f3146f328fdcfeeca0146b","nonce":"80e67dfe703b591e18cdb010","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"4114061b8d87bdadfa60a3f0ecaeaa85b5bc5f2f891e9fe864622b69bf635fd814e8dee46dc4467a390ed6deea","nonce":"80e67dfe703b591e18cdb011","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"b69a0e968e09cc5d46283e496d1a1073f9b9d57288e89f7f758cb60bfabd19bef13865841e32f5681b16bd95a5","nonce":"80e67dfe703b591e18cdb02e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"4f8bcaf33f2660298046ad21ecb40ff104fe99b063c95c3a3a287bc5378622630f972f196b2b49cdf7eb2b8aa4","nonce":"80e67dfe703b591e18cdb02f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"59263a5337d7301a91323cfc8b32342585be47d4cc355e12454822407e2f42e67adf0052697228b2ec2dfd42ff","nonce":"80e67dfe703b591e18cdb02c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"ed3d44a049ff061eff11abfcd5a0b4816e900490b21ca713cc28283909f4c2fb1f20f43c2afab72abb1ef4d5bf","nonce":"80e67dfe703b591e18cdb02d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"a07b2fdadeef9464f444133a5e8bd71668c28fe2ae28faaa6b96f6791a14b0449f138ae9ee5f32b46f496d4bc9","nonce":"80e67dfe703b591e18cdb02a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"e65382a394bebb719e0bca85c71e75e476d5b5a40f13a91a12b633c3854975b6ee4fdb3c77f0793f31d04817d0","nonce":"80e67dfe703b591e18cdb02b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"87f2c77f0d8be187a99ba52cbf57fa96e8c2d7dcc6d40bff2bc446d9eca4e360a1e53559b885e4ee8095bc5bfe","nonce":"80e67dfe703b591e18cdb028","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"c52e338a385543dbd33d7d1b184959d5d3bbf563177c2e5654f1e23edc656d31a65d2bda99992f7e6e5b04b4c0","nonce":"80e67dfe703b591e18cdb029","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"f9f02f7ab158574c02bde90ea1512eebbc030e3c5d5fcba13d3ec7669e278481d489d47d56d11d8e860695eddc","nonce":"80e67dfe703b591e18cdb026","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"18f3a6787a50f7ddb30f49da949c6f303303b308c979b49935c611ea66b17452c53b2799414392127c462d32cc","nonce":"80e67dfe703b591e18cdb027","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"460cf157767d5bef9c5c73639e19d4209e708543172ed7d4c2ed3aac163193ef10879bbe5dae1b889d76e3b204","nonce":"80e67dfe703b591e18cdb024","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"e7249b46e78c2a45340742c74eaba8c4b098195565505aed81d1a5ef53dce58e127c9adaeab972b8bc863847e9","nonce":"80e67dfe703b591e18cdb025","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"953030d05abcb72d667120f00db61e9d67936424ec5138b91575d4fb70e42a44ce87dc1615dc8636b2aa7165df","nonce":"80e67dfe703b591e18cdb022","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"a36dccd54abc61b567f50de187fbd2b0d84eac585835f958127fac449e6c6ab3ad9a6aac0fb2e80cf1f7f43e0f","nonce":"80e67dfe703b591e18cdb023","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"b7b82cc130d43965159249e97eedbf79eaf87ca0463154260278162ac27eef711943c9ae2329111b2e6bcb6dac","nonce":"80e67dfe703b591e18cdb020","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"a20820efa6be0080a8f8b8b8f41fe90505b054a99f96f0888bd95c620716d7ca132eff8afdba97b859fa725134","nonce":"80e67dfe703b591e18cdb021","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"cd54d9bde3eab1452b6a10b50776898af0deed6015929a8540fcedb3d75dd8e3fb7e9c990bfc0577a485c19494","nonce":"80e67dfe703b591e18cdb03e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"72c93f7bf5c1a4e7a9134a3fc25168a644ae8031ca0e7e4c0e7c7ff193db96b5356991a41f48b4e836b3b14f63","nonce":"80e67dfe703b591e18cdb03f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"c287787d70fdf4f3a53e85ab60bc73844145bb15c7b36411f96ced5852787a37cf7ad6e928b17b325c1af7dc54","nonce":"80e67dfe703b591e18cdb03c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"f67c3068b68d23aa3d0e217dd5f7c03c2fa67174efd4a10a3a471897db24cdbb800967407429ed8df862040bd9","nonce":"80e67dfe703b591e18cdb03d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"2e1f6f814e89bb0dc3acd5f4c097b33f7f18c295e0d8aaaa5103984e38219081545c65fa79dfc5aaabfbe66294","nonce":"80e67dfe703b591e18cdb03a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"6c1fbb7baa10f99e08147fa2ff651a80b61cf8c24b43ca6c95c8ab04c4dc38d9a68d25576ef70e601041254788","nonce":"80e67dfe703b591e18cdb03b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"31af5c502275a77f44708ece4438731ee5143dcd03f316a061a13230a98ba23c5ba49f572b0b3e49f0ecb78dd8","nonce":"80e67dfe703b591e18cdb038","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"f537cf37404fdacb6e9273fe2986abe818f09f623e1f307df8f73128341febe7949e362caf35a3183ee837a1a8","nonce":"80e67dfe703b591e18cdb039","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"d5722933e0f221259c594db9b4def8bbb14a9da4f584877642b0fc8f5e567efd7228f813413c98752a2f3f69ac","nonce":"80e67dfe703b591e18cdb036","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"ba91e4cff56332e3e484eb00e42ed631608e7a7ae871ef93436550ee0374f928217e8774f00748eb14a67be534","nonce":"80e67dfe703b591e18cdb037","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"922f3cfec81b1a7af9d291551c89d2dd18d17f95f329c45078fbcb0b65e22c0af048faff0e293a92b0abefda5f","nonce":"80e67dfe703b591e18cdb034","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"3742e72d9c62ce841655f804741d06548961a858d58f9b4a380b54dcd498c5ac985069ee9e21824d7392a66bd9","nonce":"80e67dfe703b591e18cdb035","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"b2de321a075232de924566d32879ddb8154547c25ee242732649ecc53dd7935eac47688bf195aae9c68da9c1ad","nonce":"80e67dfe703b591e18cdb032","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"3514af298a7f403c9c45123a433f1c2462e0c6346a84186ba2083f103bf743ec5e0afef3eed1ffda2993778f19","nonce":"80e67dfe703b591e18cdb033","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"ebbe3faf4e03feb99f8ad4a2ab1e4713a5ad9c6ea76923e3600774149c1c8e8c29fd1bd15936618a8d354c46c9","nonce":"80e67dfe703b591e18cdb030","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"2355dcacf4317ce5cf9875fc316530d8e7b8c1d308c61b43153840add4ad5dc4c938f1b15c8af3c8742c46362f","nonce":"80e67dfe703b591e18cdb031","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"692ce28fc94d08e26e306c5749987ff771089d206673f3c443e890ebcfb1c5162c5c1468627725f09e485dc127","nonce":"80e67dfe703b591e18cdb0ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"309e5c3dda3f660190d61a75cbc3f0158a0e14050df39f2da729ed484b0909b31270265d1d4f815ed5a6e532b2","nonce":"80e67dfe703b591e18cdb0cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"17a9cf866f8b5ca5b353ce4ad9e8da74c33d73218a527b4992537b47fabb551c9caf04e7b1592b578315e92cb7","nonce":"80e67dfe703b591e18cdb0cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"16fd834e366b5a153aee1deebe4ef7c0e42dd6b196a60351374b37493f339fb1c052e50586109bdf25d6ede6fd","nonce":"80e67dfe703b591e18cdb0cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"27f9d7c9d003248e908aa09db18af4c511b486f34b71157b953e7903fb504d84a7a26bd94bb64dc345a09ca3f9","nonce":"80e67dfe703b591e18cdb0ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"9a64f04d5817abb6617462e6f27ddb6d7ffe7c675e959e71fe0a0461f2c46f621fbcd69ddd14a03802eea0664d","nonce":"80e67dfe703b591e18cdb0cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"8a33f91018c4d7f05635372117e984c62c5999c4aa5ae401d8d7cdd1fdc80714163a4bda66892bf3431c3c5562","nonce":"80e67dfe703b591e18cdb0c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"a303f2f86ff2caebf6287dd2f99de01698df651a23ef9cc1cdb0e070cce4e7336c7923fc2de9fe3c4d45b6863c","nonce":"80e67dfe703b591e18cdb0c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"ceb6358ca8433d312ce8e313878ce7bbbf44f5be58f371ed69716d8dc3d0342512ab6c60493a29e8aa9cef4648","nonce":"80e67dfe703b591e18cdb0c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"bee840166768770f335def2e0eba39d968044571f6f05c1f7a366bf7274087131b0d3e9d96d9f77ccebbcdc8d5","nonce":"80e67dfe703b591e18cdb0c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"bb11df0cfe22e34e86bc4394afeb3a952739723a3a903cd1474a62c0fc55372ba5a0f9567a1c0744d0b182c388","nonce":"80e67dfe703b591e18cdb0c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"0176aeb2e452b57fae0e813e6189eddf79db5e5602712acda17ac0a84e71de33bc4a35b3f6d71a5f13215588f2","nonce":"80e67dfe703b591e18cdb0c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"a74bf3d1970d3c9b71b8878f2a5263ffe0898e9ff2f13faa80f4bedff252ffcc2d12e6d9ddc8fd2cbb44d3cc5f","nonce":"80e67dfe703b591e18cdb0c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"2756fa154650cc9140bab9c8510bdd2719589ba5bc81b157e1ce9536944a68cbc5e95fffb7c6c5df05b501bbff","nonce":"80e67dfe703b591e18cdb0c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"67f8ff1cc65f3bbbfdcc2888e33e1606e0856c86ab689b5e572120822b882215499e5c1965b8ca765dadfe0d88","nonce":"80e67dfe703b591e18cdb0c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"cd43558d8947229b484d747992f5a6b69041b98326f72567b7c2c96818ca663632d84367225892be992cc14264","nonce":"80e67dfe703b591e18cdb0c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"1f6bd9d25ef9f35b2c3ac02d787507b3cb6ca329c3b22a926a767dfbdec8a524673987072bb777717eaccc023b","nonce":"80e67dfe703b591e18cdb0de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"215077cbedcd267d32296f18cc96739f4d7adf2610ef42f04c29c17c5395e10c15fc7026695259b1a5316a6486","nonce":"80e67dfe703b591e18cdb0df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"fef7fa2150460268ea1c3f9845861bb2ae5f69e78ac2d5ed37c07e2512aee51c85f95f16b652a70652f1b21f2f","nonce":"80e67dfe703b591e18cdb0dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"366fbcd93a58a2b2d767dbd67ecbc626a11878649a813f22ff8ee18bdf65987d8acb60f3f6b6338b8021d62fca","nonce":"80e67dfe703b591e18cdb0dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"0f69fde2c4e0a593c3ebe575fc19007d72d447985e7b08b7b89b777cc698df9879b404396cdd2f36496fa3dc10","nonce":"80e67dfe703b591e18cdb0da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"71cecd4932c4f519fe19166d9c12cc22b8d92a466e9b37578e76d1fda7cecfea6f19492ff490009624751c8b87","nonce":"80e67dfe703b591e18cdb0db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"11d803c9b62853c94fbbc26774b35d64c10f8a46b8f30044e5da99a42b4c5a40789af987572b307a8e6b96c54c","nonce":"80e67dfe703b591e18cdb0d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"754ca0292312a72526fc7ce4e978498b49f2c3b0d09ae71a0bfc4ab43783e5fbb02c8f2a61ee6ab1147d6d8a94","nonce":"80e67dfe703b591e18cdb0d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"66fc010553916477f321a838c52cf92e3889bc90e98f681570a4d8b975f2a3a266e5e08f6aa3e7d8e9444ac397","nonce":"80e67dfe703b591e18cdb0d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"3f955a11f92d74870ad7a270624ab3a130f1e4f336f7f520b9de7b8ae6de5e7aee0edac031fea1831673860e04","nonce":"80e67dfe703b591e18cdb0d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"04f630c0b0145594816d7f30053dc13c34ca6c674e3050447a68748abac1744f429b5ed8d98de50232a24aee00","nonce":"80e67dfe703b591e18cdb0d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"310b4225aab7875b58b701704e0310a8fecd245e2bc5252f4efdd852f24e3230fc47bd613ac5f8aee71dbf2bab","nonce":"80e67dfe703b591e18cdb0d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"13b99ef396f0b1a7ec4691a346e5dddb7600a91c26a945f8e1ea10638c4e9ce3e3427a6ed28b86a41da5535390","nonce":"80e67dfe703b591e18cdb0d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"bc339d294aa30a4e54e5aed21fd49a02f8f7f79a030e10f443e6fe3e74a459db050a4db724b42f00e0098e61db","nonce":"80e67dfe703b591e18cdb0d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"a3db898b9e37934181f02bb3054add3f26a91b49c9f2a7ea933851a7dae2f2fc86a43b90375875f0782257ac10","nonce":"80e67dfe703b591e18cdb0d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"4a3db62d6e06344e305bab9f2b076826de056ac821b9bd7bc9da9a88880c0553921a4d16c2c7c9879f4562cbb5","nonce":"80e67dfe703b591e18cdb0d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"1c81e13a74635988e7a2b12470579e83c4c6a33967d76c9dc4530cf021327e47fb5dd50ea2bc08454d0c83b32f","nonce":"80e67dfe703b591e18cdb0ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"61dc516191a9da76b3ae35e127cb68950e16105e5865d400648c213b14bbe2e46e1c3012de18e0281a5df5c2f0","nonce":"80e67dfe703b591e18cdb0ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"98af6c3111ac0eaacabf0752f587f39a62aaf36e2105735c1bca0ba5ceb8e0455896373155d8b5d32b4aca431e","nonce":"80e67dfe703b591e18cdb0ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"b5092a0294fa10bbe6c61b613ccfc25f6574a733644c9dd17a10d35e3561b1b550e8d780528784378f7684e88b","nonce":"80e67dfe703b591e18cdb0ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"24e315af7fac3cf2b935d7bc6b56ee6dc7d0fa136bee314222a6f19c308f9894559adaee81d155271431c85876","nonce":"80e67dfe703b591e18cdb0ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"d5fd677fbca2176509994b232ffa35f5f60d8e602b441e5626395fc8b7fc897e4dc79b3d9052257a780eb0ff53","nonce":"80e67dfe703b591e18cdb0eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"933d7c1328709a49f5309e3fbaccabc65a421c3a42021b7c0c0bfe04c119fc7fcc4c61b4af52e4f7de8fea748b","nonce":"80e67dfe703b591e18cdb0e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"c860ce456ff956ca371794243b8047a008783af444f6cf921b4a3319964d1b7b88cf78b487c545864fbded0489","nonce":"80e67dfe703b591e18cdb0e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"68072b609bb0d92d36a57de205373832713ee85cf315199c19412f9dfb4023addba2d4c26936bddf912db71578","nonce":"80e67dfe703b591e18cdb0e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"d8492b1864bc748fb8257e620e583ffee1415064888bc534a2ac75e1bc1b040c5d0b076255193523b34bc04599","nonce":"80e67dfe703b591e18cdb0e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"fedf9a1c54aa3968d05d2f34f5769821f88869f1cc5645bd69236ec42106dc5ddb056c935d25c18ed9fd4a9ed3","nonce":"80e67dfe703b591e18cdb0e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"a15242f12e9f2e662095e13360c560a9e335723a7415f2160b5ff377b0edd2b97b8f0989f9134e58798aa7f3bc","nonce":"80e67dfe703b591e18cdb0e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"2c472f7b06bf54f82e3216a162335d593c843144e5b89744ef1653ec370d786e3710036e946193775ae2bed4a7","nonce":"80e67dfe703b591e18cdb0e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"7f11c0b4ce97660de1b8fe48769a7e0993c485cb7d0c9340c2bd7738f1b6d304c486b401845357f64346d1238b","nonce":"80e67dfe703b591e18cdb0e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"b89d16697fe36d349310cdbae65e9aad0ee9de85452f396cb36b528972d79106fc4b9820858da4f50f4a0a90ee","nonce":"80e67dfe703b591e18cdb0e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"69128de6674225be0983766ee859fd538e6faca8704c6f4c816a4665de5b95a245f6b81b88129c8b1555ea80f9","nonce":"80e67dfe703b591e18cdb0e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"ba9c0433326a6fb373055e0212a2b77469ec2382e95dcca7c512b70918426c7aa67a3ed1c2902a582768123d5b","nonce":"80e67dfe703b591e18cdb0fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"1a7198191aa6bd0e5146dc26980c0ac686189a003953ca0f6a2297cd7ab761739f60c45137bb1b08e262a50142","nonce":"80e67dfe703b591e18cdb0ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"2594e4e0722f663ede693fadc69b7e400a7ac35e6b48f2a942b10c16ab03ef178e83b1f341b814461c64e569e3","nonce":"80e67dfe703b591e18cdb0fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"2210672cc086a3a6e9720baa878c7fc123887642fc2ad89a3d1e7997721360becbf194c361e5d645fda608e872","nonce":"80e67dfe703b591e18cdb0fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"82848c9f9205798c98a6b75a4b834059561de99283718d0f577d20ff8def320b6bffb9dbe3aef4a820664f2191","nonce":"80e67dfe703b591e18cdb0fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"46888dba03e0a4bb3a89478253ae84b57ce597192930847029190588e7d65703ec623b44708bdf7a65187a4bbd","nonce":"80e67dfe703b591e18cdb0fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"469a0960ce3c5c3c09b7e688b735291ae7c48c27044575185aea7cabd7c4e5b8d6dfa1f7c3b274b31d6e533f1c","nonce":"80e67dfe703b591e18cdb0f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"7d093bc376cc014153b9fc18eff5d1e2a4f15e8233fee0aeea8713ee280d3f5c7f8e3c785d08e46dfb56e0feba","nonce":"80e67dfe703b591e18cdb0f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"15e06337303f62402df89394d1e0301b16d1e3be05cb819ee001930d1fd44e2ece5729a4f6babb80b4b92fe269","nonce":"80e67dfe703b591e18cdb0f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"dfb32110fe01fe64459694400cc3554cf98552d8c743b152d7b44f04423db3a918438c81758c7b6465f0dc29a5","nonce":"80e67dfe703b591e18cdb0f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"c181f82137f7c18cacf88bab9e11e3152e67e05860e04f0a2d67a9387844e11faf1d622b4c90ea94d6b0ffcc31","nonce":"80e67dfe703b591e18cdb0f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"bb3b77378362dda44659decf35cd2ff6c38390847ff7936db678bb1d9b8e5f2b40bd9db02fc3e24bdc228bf890","nonce":"80e67dfe703b591e18cdb0f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"4cb056747a27f381f38f24cc471c6740f12cefdfaf4c86197cb29725846ef5be8fd61340cd0f64ce4f9f598402","nonce":"80e67dfe703b591e18cdb0f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"5d2eb09440bca1dde7f5609e6387618d68ccaf5d5817f537014c69209c1059055d694fcfdbb0bf0c3f0fae2acf","nonce":"80e67dfe703b591e18cdb0f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"b0e0228d26f11774624f2a1d444e218be16a44f3f24b5c1d6390bdda7cc8d5e5cdad9ab5a1c025772a25c7b887","nonce":"80e67dfe703b591e18cdb0f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"3aea9fd088ef4cfefea63a3043bf343746c9a2d0cc1cfd5f1fb3f2c8a4f062d4ea0e0f443741b09a2bb2e9bbde","nonce":"80e67dfe703b591e18cdb0f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"4f3715ebfdc45e49cb1d0115852ac16b8653526c1e5e18806b29279b1c310e2bdd77d9fd80faee308fb52b9a9d","nonce":"80e67dfe703b591e18cdb08e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"11fdb881dbd88078c7b4ff1ec8d1d165833358219004b19fc317c4651526f2d027691e9f1923bcac6d93c65a40","nonce":"80e67dfe703b591e18cdb08f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"11ed4e83d58c2b5449aaaf8fe10b9e48f2f21ff37ec90a380e43d8068197c81ea9206d69a94a6f6aeab8409230","nonce":"80e67dfe703b591e18cdb08c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"82f93b24e7428f661860118866a3f1eee16114b07f394cd750d902ba0d2224054f608f0516bd1c715dcfb485f9","nonce":"80e67dfe703b591e18cdb08d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"28f331c302cd0a66df7b1885b928ef20ad54d836f22e99a87e38c7a18bd71e723bae61aeb3a519fc3707975063","nonce":"80e67dfe703b591e18cdb08a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"7f15c5792db5a5f7818ac5bf6690615a34df17fccfcb12ad735ecf8736b08405a37bd04756fc8fd18a3a970a59","nonce":"80e67dfe703b591e18cdb08b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"98b7c4eb17c2913878725fb7a919f0aa420a33e7eb1ad604764c91e00f4a9703379ffa62674f217100597d3175","nonce":"80e67dfe703b591e18cdb088","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"42ddcbca05fde289a09eeed30c9a3185379e8d3ccfd356a1c78742fd23a966b148ab203e544b0716bb17e1961d","nonce":"80e67dfe703b591e18cdb089","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"f10fc4a665e3d9088b10cfbb9524e08f6541b44929a6c8597dc4844b3f94ca4e63fb6fc34261f9ca1c0833ce41","nonce":"80e67dfe703b591e18cdb086","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"ed58b33a357a306020b0237f7d5262cb23e2b441b5e497739bba7ded67b145f6e3a20b29a0fe32d19ae6abdcbd","nonce":"80e67dfe703b591e18cdb087","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"f1194bc0083e2551a9b3be9f0dad39d4e8d89e95e0a72a6713cff67a7cae126de9e7836c2271d074e6677b8f52","nonce":"80e67dfe703b591e18cdb084","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"cc4ae93a90a6cd386e595ade05d05d56a09d87dca3d69bfb6a3af3a99a5858e3dd32dc927c692d0ea4f372f5cb","nonce":"80e67dfe703b591e18cdb085","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"08d86aedfe957a55516c489f9b985a643bea4826fe9aeac18a1107f608aea238400face4ea4a12277b4661de14","nonce":"80e67dfe703b591e18cdb082","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"7fe386f54cad6752b68a67c074c6f8440e6c64af58e95e32463926959cdac9b607bf7f43cfc067e6bf6940ddcb","nonce":"80e67dfe703b591e18cdb083","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"23d94fd37b462c11a7bcaa3a31e391435e28462076f7ab8f2fb334406ba576461c497d5142380ef6a022e8fa62","nonce":"80e67dfe703b591e18cdb080","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"a32e0469f3c1ad4a0ba6b5a6a4112fc4d9fc08f2f0c83512110046ccf3b9dd20d3b152c80668ab29e554e5f572","nonce":"80e67dfe703b591e18cdb081","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"f438a25fbc28ff0529acaab88420b06d75e5baffa61ba29180df85b7cc0bd40b3ddbb328e99e27df92a22d8361","nonce":"80e67dfe703b591e18cdb09e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"433cd181a5dc71a980a4dd314db6e62b6937b306e8a305b67b1045663d1a453176c5a94757053e2337e9e77dfa","nonce":"80e67dfe703b591e18cdb09f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"c6c5888e781e8504aac6c8efb0b55cae42edbeafe9474457bf0da53c1bfa50917bae01dec48d461505f31be11b","nonce":"80e67dfe703b591e18cdb09c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"b7706287fbd91fd6a7b51fabbdac25b60d6a3dbce0e7c5bbeb6b9ed8acc65830af14ed656e3c0c71ee3dce9f95","nonce":"80e67dfe703b591e18cdb09d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"77b73d6b405ebe1631f264cb2b1ceb156731b2019191e0a243c7b071dabd043350180e9dadd12a85c19ba6739b","nonce":"80e67dfe703b591e18cdb09a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"f1a1e778466826ff2819dfc0a7cb3a2f654f3965d7a6e994aec28bdf7fdaa095d3e783409ccac6e90a6159f41a","nonce":"80e67dfe703b591e18cdb09b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"61cb86f0ccbae8842113ad390168621bc8dbd881ddb6590543797cdeb93e237d287a3a3c15268dcd6cd81a3730","nonce":"80e67dfe703b591e18cdb098","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"66c63f5c9df2bb7f881c31bd5d55e618b3738821cc9d523743d1b6ad0bf47cd3aeea04d07eeddc42728de86ebb","nonce":"80e67dfe703b591e18cdb099","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"37ac3018ba08baf830dcddd104017fe92bc59169e8167ba31fb845760e9397fc024c90f326b1f85048721d89c5","nonce":"80e67dfe703b591e18cdb096","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"b55da987853772421e71398358d51f128ffe99e3a730de04b1d7d26f36df98b6829a9eb225347664ebbd49bce6","nonce":"80e67dfe703b591e18cdb097","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"834012f57373518e6305218c93c1da46699f49a629c2dac428042e1194adbd3e1ffdfbba0a747bb86a9bd84d47","nonce":"80e67dfe703b591e18cdb094","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"dc5f874dddccbdef814717586066779f38604b957e74dc2cfada1028b7b45e5564a092d709ae3722f3bc17d3e0","nonce":"80e67dfe703b591e18cdb095","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"2b0befb5c5c87ef0bff7d9a20962f14e54324dee79cd22828b1646bf0c0c92579a7d41f7c1d170e03b19bb65ed","nonce":"80e67dfe703b591e18cdb092","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"225e12b8d2250fbef5e749c9816f0aab41c7f9fb2f7ba7066e5600e4890ef6d783e20b407404c695b8d67a0c3a","nonce":"80e67dfe703b591e18cdb093","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"808a4d0941362ecf232b094f17cb4be275e2ce2619af505f523e4b4ee1b15e084d6a143364439b1a95f6046570","nonce":"80e67dfe703b591e18cdb090","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"6f95aa80795d24e90438f47ce8c0afacb76f9958cdd86d69cde1100d8648b32130a493655739cb9ca04ed927b3","nonce":"80e67dfe703b591e18cdb091","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"0e468d40cc7fd5b868e4a92c24c5995c0cbb369a273ff36126a39344ba064bf1f83d09d9b7c2e873bfb826858f","nonce":"80e67dfe703b591e18cdb0ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"a466e6a96f4dfadf5ab054c9d4e78662e9ef9f657b936e6c28727e46d047c31fd390c530de94ab2e683f24ffad","nonce":"80e67dfe703b591e18cdb0af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"ead1054d1887350197115210565402bdbdc9a0e2168c1910accc4de370d265ee50e0970edeedac84a903f7ae56","nonce":"80e67dfe703b591e18cdb0ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"77e1c7181627c2359f2fb0e81951e4ae2ec4e8f9c0a67a6106f27defb1afaaf75fbd8d336ad0bc3a609598ca9f","nonce":"80e67dfe703b591e18cdb0ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"fcd00bcab83071fbedb80a0d0a771ed1e3f4c98c59db11e0d48a9215e89dc15488887b157182977c9b4396e447","nonce":"80e67dfe703b591e18cdb0aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"25e761462c0a3cb1e852294304e4c67931148bf690ded60f08ad996a7cee8f8aa8b09beaf1e6ce2b3f7e5c82b3","nonce":"80e67dfe703b591e18cdb0ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"93ea59d440ed99f669febea2eab52fd8b819a1a22434386fa502d1f6f977fce94b8dbd4246162a52809146057c","nonce":"80e67dfe703b591e18cdb0a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"5750bb08e934c6b7ef4dc6aa27d281cb46b9649ed49649d5e005701b0360f5677cbcbbe543d15282cd979ab411","nonce":"80e67dfe703b591e18cdb0a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"96e7cdd667dad6526601c5dfb9f9c0b6b34ef4fea0cbd36fdac1ba21a4fb329066573b8b36ed05f766d1c31b43","nonce":"80e67dfe703b591e18cdb0a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"f4363b89816fd2beb80beda90178ada5c232560f9b112f362472f577b37dfe840f1573eb2e515cc5e410c465d7","nonce":"80e67dfe703b591e18cdb0a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"138285573d23cd4bd810cb0c73bd491595ee9b76c494d7ef98eb1bf4133503fc3077a731e32a4d94ebbfbe61ee","nonce":"80e67dfe703b591e18cdb0a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"60cd95c9272ce5c8d623ac7be5f418a3a35a2939478c6b977a125d01f72b0736b164b0c3a3d44a7081547631f2","nonce":"80e67dfe703b591e18cdb0a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"1aa2be35f3faf10327f286d2e3d858ae1a1dc2c86442ef913ff2d3da87c4869780d356be58668bba5f1c7181bd","nonce":"80e67dfe703b591e18cdb0a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"02ff6efd175fc6c7ca6c3065df392fed254a066322aa423231ed7f26718b1ba07d92cdf813f52cc31aeb46b845","nonce":"80e67dfe703b591e18cdb0a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"5d0c74d3fbeec5245d3d533c13b53083108f0567aa2cd737e3210535f816114ed958e34b85f30a300d70c3eb41","nonce":"80e67dfe703b591e18cdb0a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"7f46be28507838c3862283e29d6c5642aaaae6b08cf4c031617ef29a2113ab48aeada40055e9de86fa4dc1cb34","nonce":"80e67dfe703b591e18cdb0a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"21dbafa1fd1af3dd3e7704cb63ac202e758a92b231d32bd85d36c5ea5a7f54a6d0ba95cc488eab05df201611db","nonce":"80e67dfe703b591e18cdb0be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"ee7d498d57f994cff7e84ab36736ea9048f3cab98fcc12a59f1dba9e972d08699c8b47b31db11aafa3ef4eed1d","nonce":"80e67dfe703b591e18cdb0bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"b540947691b792fc2c30c72f2dde39884fafe58f52a34b78ed807f864447e551f5eb8b17a2792060196af4eae9","nonce":"80e67dfe703b591e18cdb0bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"a5771441224a3359e5e9d365e37769a93d79fd6694569cdc95991d49c8d5592ea9f870d666e98de3ac70884bb1","nonce":"80e67dfe703b591e18cdb0bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"c030a41229e3e1c4bc7a143226f8fd718a3235436489f654ae97e2caf8d4355129a16de4238bcdab84d1535688","nonce":"80e67dfe703b591e18cdb0ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"9399fddaefc575504b8535f392c625253b4df7639b6221c981a585bb41ffafcfa8c927a65175a588f00ab2a4c7","nonce":"80e67dfe703b591e18cdb0bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"34d72dc301e704a149c74000f7e7a4995b9234f7ab50830a6d5fbd2855e9a6fee9070aa4e93c9b330b97cabff7","nonce":"80e67dfe703b591e18cdb0b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"2d447bfac188e886a609b5b07ab02c110807a64f580da8cfce5f52b0f7b952f9a877d28bfac20d4f62bd777463","nonce":"80e67dfe703b591e18cdb0b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"7f7852398cedf3265cb2506089bb4b3ee3fae643a00fb61e6cc07b2f26f72f1a6804a4f912a97f0e38a94d2285","nonce":"80e67dfe703b591e18cdb0b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"81b45fd5d8574ae38a02dd76fcd95e1e95e15db111071db8f9d8ed5da96113357d7e74f5c1f7d5b665820c81f8","nonce":"80e67dfe703b591e18cdb0b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"2476d5ab9f00afab184e3caf58440a2e6f90335b40dec429ad6b87b9d2bda215aaedd76bb5b6227b4fb26fdc3f","nonce":"80e67dfe703b591e18cdb0b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"c13badd899a0fb501133cab5b53df9d9cc787476f23079a8febc3414696abc184d6234d569d791d186d96df67f","nonce":"80e67dfe703b591e18cdb0b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"e4e89bbd5fc115f5ca4dd45b509238d1273d1f1268f29486258986ff55b34e8173a754531c3c50e3b4a22a8f55","nonce":"80e67dfe703b591e18cdb0b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"a5b7d00527b06b2f473bffe6cf43419b1704fcc7df14c8d9fd82d7dba31284eade6c6b60c56bb1ba6cb31100a8","nonce":"80e67dfe703b591e18cdb0b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"205deb0bef5f37a15c5ed6d99e3671d8b9d98692bd68a09ad22b238f164c0651eb2b29861769b586c2949d250c","nonce":"80e67dfe703b591e18cdb0b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"afa25e66aeeb8b78f3c584e13e6abcc6a2d440c0338c78d9b21ec53160e59b79f27cb9b6f192995c59623ddbe6","nonce":"80e67dfe703b591e18cdb0b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"9db34daacba1042ed51fbf4f71a120a9d04fee8724682ce1497ade14ec1ff1d4a73267b81e2ee20b8d47d77269","nonce":"80e67dfe703b591e18cdb14e","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"bf563e98d70c6daa0ef4d5f4b6144bc0eabf51b3dcfaf42dbee3556fbd0598eb"},{"exporter_context":"00","L":32,"exported_value":"cbd5221dfd7d5ad25beb6a516112cead025edc9040cf796cb6ddbfb9e15d5179"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"62816ce52594cc9bdfa3abf9a72422b1a03b1abd0716741f0e7c6421617520ef"}]},{"mode":1,"kem_id":16,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"5bf2f0c78ae190a871258199aaad7a46aeb280c85f82b857b430c6bc774f98c0","ikmE":"b3b01fdc9dc5a48412b7989479b0714db48a953fb7b530d3f30ebb289d33d174","skRm":"eee2a31e38d131ee6172aa8409d0c920f002f63ee5aeefbadcd50720efb6630e","skEm":"871b25f4b1e214da16ca38ae3d45d7f7d57b403a930b52a44d8427e5bf12aa09","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"044f44490804b7f3ec5a8da8eddc0a6b27c0dab0d7134c92144e3f99ec3dabecc657f6b54eabcfa05d60bac063a70db2125a7a16a051df4643dbaaa5076a25efa4","pkEm":"041422d399504a8c51e81dbba8ddda0a5b7e712c6305b5eb4a7dbb9b93f1ec82d9c3bcfb0d0b282ceb7c9950ef28742250e5e34a942e239bb0547629340afec33e","enc":"041422d399504a8c51e81dbba8ddda0a5b7e712c6305b5eb4a7dbb9b93f1ec82d9c3bcfb0d0b282ceb7c9950ef28742250e5e34a942e239bb0547629340afec33e","shared_secret":"8424c8c9eb1a482a8b6dfefe729f5fe33ea6de7f07ba37a58fe30b256cf54e9d","key_schedule_context":"010d17104af65412950b881d58878238fdc9f980d980945e2897b7bcd44b67e27a61c2a1c2e32dd0197004c59c6df6898f7502a62f33ee399176b24ba94a1f48b1ef4b8a36b914c26820d53e83a9dfb742c7811a526e9dcfb2f19f895c68c80dd54c6e836af7133e4b89418b17bdf4c1d32445ee0bc0f40063a0dfc0e0913cc37f","secret":"5c6a5b2d7158d7ab4f3e91fad8c6e369b3b14f8349eba27fd3b857f0d64287d8cf3c1dde493af01a0da7022b08ca77f98783acd1585edc3324dc3d651a3bcaef","key":"a122f5dbe80a805bb66929c084844c123538ead6fd44a0e3d7ba3dbe3b2f952c","base_nonce":"dc892fcb09fd090b4cfcd093","exporter_secret":"877fca15c1166285ac739430225c5df5ad93b404bcc4a3e333b63f1462b5d9be63164ad9aae04ddaa62e45823c79bc9218b0ad73149917541a5b878f1293753b","encryptions":[{"aad":"436f756e742d30","ct":"0454bcbe4969734b80276bc16cf8fa2ce6e8f9f48d8a0724772cdbae5d7d49b2b74996274ed7bf45d973fd3bf2","nonce":"dc892fcb09fd090b4cfcd093","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"2067682bf85a21253af8b423518b537e602775032b806f0a0d576a71a0cb6cc05f0e50d8f862d3dca65ece8579","nonce":"dc892fcb09fd090b4cfcd092","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"5c4afbe1d3a27402ab80b3fb255a571389843ab6c3a3da4fb6ebb0bbb79ce969c6404c6013eab80d7bcc8823d3","nonce":"dc892fcb09fd090b4cfcd091","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"92a030934bcc6727fdc2118f92938ac30141ea6623db39a8b335113cae79b499e6104597b490554b6f02109a98","nonce":"dc892fcb09fd090b4cfcd090","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"c9d78334ed5773b23384aebdbd25b95a1a368754734c03a73533a7202b46129574fb97b6149fedf8e0f5dca852","nonce":"dc892fcb09fd090b4cfcd097","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"f656736d7a0e0a220dfa4c3c206a699a58136bd94475322d8f79055c210bb4b267c6ad1b002cbd48324721d116","nonce":"dc892fcb09fd090b4cfcd096","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"dd359f62633b74993f36715f2c36a433212121d4d64b2c902513230cdbade0268f667f79b849f2626e1b88b8e0","nonce":"dc892fcb09fd090b4cfcd095","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"237a2f9ef4feec763574b072c3f80883ad2ee4e69b8022d626054fa02d1018fd186fd9c77fd0d8211aec74b0f6","nonce":"dc892fcb09fd090b4cfcd094","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"a9072a24a3c79bbd0ea6d5a64842b871875e0536d770c2b17b4cd1de87a229b8dd4762ea1a59e26e9bc1072e73","nonce":"dc892fcb09fd090b4cfcd09b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"af58f9edbb5b62512215513d0a875de9dc9317bf40aa2d1fb3e0fbd09019c7828ec55d86b7c3cf5d2698a3f8af","nonce":"dc892fcb09fd090b4cfcd09a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"89fc0a707d190ef19b217325197723eda5f9d70376673d83c347bb6fc2e80348e9663d70a9399926a1c2ba2247","nonce":"dc892fcb09fd090b4cfcd099","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"a5afdd1040cdb1932e6aa8170c70e63ce6064b1caa997e2eb29e98311d57ca54584b10cb40705c2b65a52ea797","nonce":"dc892fcb09fd090b4cfcd098","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"e8f68182d7182ac477b840899876a8875f5b5120fefa0ac6c50ce971aee12073d5b28ade52ef0ac8a09f8bf5f1","nonce":"dc892fcb09fd090b4cfcd09f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"37853bb1b62128680eb463b79c111f6df9f887a63c7dfab177bb161f3c77c54d0dfa949ed558da9736fed705ac","nonce":"dc892fcb09fd090b4cfcd09e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"3c26ce41fce28617845fc9b7e8849d1a766706ab00f1f1b2af7347a363c5137a38fe0d82aaf484ebb1d9cf569f","nonce":"dc892fcb09fd090b4cfcd09d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"a4c5c478240105624260c90ecef5927a7dcee5f19dcd747397c006621844aa0065f788966a8fcab26e341b8c65","nonce":"dc892fcb09fd090b4cfcd09c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"440baa742f180845dd60cbd0c63f7ca819fb06c5dfd3b0c4731c6e2f79a0fa9c58418346aaad05bbf4e0917839","nonce":"dc892fcb09fd090b4cfcd083","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"4295168e61222cf4e1fa0de9dfb38e1e0326896dc81d05340978a4110db9e259bf66efe81ca978de5964a77afa","nonce":"dc892fcb09fd090b4cfcd082","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"15813498473c7eea04f88f27cd0547975d192b21b436d67ee4722c85cb93b6a28c8e9fa6200919113ef97b01c3","nonce":"dc892fcb09fd090b4cfcd081","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"727ee169c908657905712ca8c24c36b8deace8f58f0bdb2eb94800b91374633a13883fbbef555f65c3c737547b","nonce":"dc892fcb09fd090b4cfcd080","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"14a1e6c0ec0c457ca644e02b601f47b3578d26d362edf4279efc55bf776ae668abeccca450ce0614d134aa2001","nonce":"dc892fcb09fd090b4cfcd087","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"eb4c715aa6c8445ee6438ae94718937dd095e63347c6eafe7829ea00b5990296e8ce93035283b519fba03458e1","nonce":"dc892fcb09fd090b4cfcd086","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"8b92022dd01c955804d5817c568c0e7e5f41406719f11c38ce27ae18cb05a26e1c0023b8a99ffbe5e95e5f7b68","nonce":"dc892fcb09fd090b4cfcd085","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"e4a405e52c36c9659e9c1904812e8cc83cac3ca4808a26cff4492e30f63641a8c9dd33b756f64ff12f53e1e0ba","nonce":"dc892fcb09fd090b4cfcd084","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"c9f02cca5757038e020745fe4bc4de256d9414a9183cdeafba68ddab191aadfac42bfefa0b57e86baaef5c6497","nonce":"dc892fcb09fd090b4cfcd08b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"e0208a0337fe41e09c3db1040571f1c06c784779dca0eb5007cf4457fa4c752ba04ea71c2056703d2ca0709137","nonce":"dc892fcb09fd090b4cfcd08a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"3532fdd707484b9fe7e7a79a011cad980ec22039896ad3623123185027be11c341efabfa0278da13cdf55ea8be","nonce":"dc892fcb09fd090b4cfcd089","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"336af906af106500766d17834402ee5aa11cb5a2814be95d7967aaf0101e703745cfaf135b0bfb68c28e7115df","nonce":"dc892fcb09fd090b4cfcd088","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"4311d66825d40bf864d332fba05d19d84c7705bc2ac930533a106e4e1e7de80638b720bce5c3ae4e6972159762","nonce":"dc892fcb09fd090b4cfcd08f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"6ccf838cf8a470155e5713cf936b6302e0a2378b020e326c56ff2fce479220e38217a38375e0ef727aeb2bb36e","nonce":"dc892fcb09fd090b4cfcd08e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"eeb8b04756e00d24dc456bb07b71a0f97e02050ef02287cd02aaf90e70079fac8515b72f319bcedc788375b7a4","nonce":"dc892fcb09fd090b4cfcd08d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"c077117516e377a87f5992b0267d94f9b3bc2d4bccefd3911f4362e8ce939eac2c3bbe7a573b3ef661215fc6ca","nonce":"dc892fcb09fd090b4cfcd08c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"eea5dd591c834ed52d0cf47672f1e40979e6d3edcdfcf3ca5e5bf8cfe5d38e608d09f570c5810dd2f00e5931ce","nonce":"dc892fcb09fd090b4cfcd0b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"58f2ce8c159258380b83bdf283e5b0f6b3b43ac5f6aa5ceb0a1ab5a5d75962a2e27900d1f0736bd3ddcfd43169","nonce":"dc892fcb09fd090b4cfcd0b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"ac4e6a2badd83fc466bb388bd27d894ed18cac86524cdf0fdc47b7ba552ef9b89be1ec9a54c1e651c8475786cd","nonce":"dc892fcb09fd090b4cfcd0b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"75ca01951eb266be52cbc320a66a92a492b64fc060a79d421d92fdb3a02dde7a58bc5382f52c10b9077ee249ba","nonce":"dc892fcb09fd090b4cfcd0b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"0f49d2982d4f1e409b7108b1161735dea912ec62adf10def35552048d79294d5890cfccb21dd8ca3dcd1f77e37","nonce":"dc892fcb09fd090b4cfcd0b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"f546328f4599d4fa4104b73c3035cf49ac1ec5d5e27f767d6fc507deb8670383a7f858177c77c160613b5ae70b","nonce":"dc892fcb09fd090b4cfcd0b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"e595eb265d90910bb1980b8f581378a2fa7142662c505ac1d8150228ff610bc69511ffdd86426e65dc20257cc8","nonce":"dc892fcb09fd090b4cfcd0b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"2b5b59b74417f8d366f7f47e468aef7fed6b228f0ef3cb0165bfde74ee8b9b4d2282d3f028caf28b6992a590c4","nonce":"dc892fcb09fd090b4cfcd0b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"9e05bbf7953c53c7e05c06e034bb36b61f2956903dad7aadf0fa8566dd0a0202b17dec30f4deec7484483717ac","nonce":"dc892fcb09fd090b4cfcd0bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"859308b628285f6f7518023d4e9310f6e83440f93d6ef2d3c5c164428610b3ba87dc308d5d373772e7c47c1b58","nonce":"dc892fcb09fd090b4cfcd0ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"c393d968a9c517d39513a7cf32ed00874c57189bb017a40a948fb257023d0b8d33aced734e233a301aa7192d7f","nonce":"dc892fcb09fd090b4cfcd0b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"788d738359e529cbce1fa789deb47e16d8ef08c2c7f52833b82ad1f289263980031711823431675a89b6157bd3","nonce":"dc892fcb09fd090b4cfcd0b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"da3bddb5947d6d95dbb712fad7e87f5f4066df3a401ddb6b2493a823577f1513bb713ff6e327a95de587d3d000","nonce":"dc892fcb09fd090b4cfcd0bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"1d06103d17d918fd0b3e7d43225736b13f3372c181581dc61ed2729f814e642b51231c6ed8d9cc2a7f0f5a315e","nonce":"dc892fcb09fd090b4cfcd0be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"1becc40a54c02791a9895ca7b83f513aef6eaf2b79d9878dc5531a78d62a260f038c0f0f456ae6eda3c5914e5e","nonce":"dc892fcb09fd090b4cfcd0bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"8fe8b2e6b77096f814c834d70f10795d826e0c92fb8a0da11f937d519e744f13a433b3a0953c1ff334fc05f783","nonce":"dc892fcb09fd090b4cfcd0bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"a355f9acf2bb3618a36c72ebf4075187b11b60f4b8a9a8e981be032dcca0fccee69ba19a4e05b7affc03c3b0e3","nonce":"dc892fcb09fd090b4cfcd0a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"ec397a23215fa9931a24819f65f1f237263fb96e635370d194688430db5d13af17419fefb38f9dad4a8b69ef97","nonce":"dc892fcb09fd090b4cfcd0a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"585dbde53fb49abb55a9d82c489121b9eb3a63ea4f0a59a20334373c1dd851871b12947d121cea38df757d074e","nonce":"dc892fcb09fd090b4cfcd0a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"d730f95e4c48da8ec07405f3d346369567b9a167ad88a954503b8758f0009cde0dc711242a084eb45c1406e4a0","nonce":"dc892fcb09fd090b4cfcd0a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"32db9e95ec462744f35e60f8c3867cd28a66ae25a097e5f13e51a3832db417b08f85682cbc35714215f2e1a8a9","nonce":"dc892fcb09fd090b4cfcd0a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"5b6011df577e06e53a1804280cf7c43075909ff96d4919eaa35854982a550ea3b7b85a1094872c7b0b12223eb3","nonce":"dc892fcb09fd090b4cfcd0a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"7e4a74f283b6448e660a26aa250745bcf5d5d8da2c432fb3af8f75b909b911f1ddeddfdb71f58ad8daa3e14481","nonce":"dc892fcb09fd090b4cfcd0a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"1a3331c9d8a4a85168a1e56a845e02965895e2de24b1b2902955291263fe0e4b7bd0eae84aa8e1bfd5815345fd","nonce":"dc892fcb09fd090b4cfcd0a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"a1b80e8d45faac05828afdbec6383208e61e28e4b4c5cc40467b9c4afc4c2d0771264c3c4aca0c33ed8bdcec72","nonce":"dc892fcb09fd090b4cfcd0ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"849fd3899cc4fb2e7276df00c399df2019f70f5374cace328b99e7e29fc3f439529a602a3cab65fc20e7bb9aa0","nonce":"dc892fcb09fd090b4cfcd0aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"18d9c76d897cc511f338e42c93c8d8675bc6df3c6b2dcc31cb7cd5f71a92772b4e51aba1a7f1fee5165303f968","nonce":"dc892fcb09fd090b4cfcd0a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"0dfcfcb7c6cc554f11aa775aeccd3670cf4e2d0cfc429b1fb42857ddd6b0abd5ec437b7dc324c79ac5d1f83bcb","nonce":"dc892fcb09fd090b4cfcd0a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"1bbb453ba480083e0ad15982aad2d58ac2dedd3b1759b840892ca9b5dbdb6aea29f863db80727bdf1125a1d90b","nonce":"dc892fcb09fd090b4cfcd0af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"88a3e54b09248014b35e0f5475ce927c193a96aa697d3fd911beb27bc91949182c28a3f8fba9c175f5795a3cd6","nonce":"dc892fcb09fd090b4cfcd0ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"d9f0c1c99711aea8ba8d2f017fb799fc12eaf454881b5206ace914927bb8165e06b6d1dede32a18d96d8d39d84","nonce":"dc892fcb09fd090b4cfcd0ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"627710415c2d1bac58afffc7ddb11fa67b79f04b9a61f96246a2719222e67c097d9bb2a8d7839f7c54aad40f9f","nonce":"dc892fcb09fd090b4cfcd0ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"e05635ff7c361f0114c7bd23e5bff41e9d57e453693ecd0405e8991c053d9de533eb84ad63d83646aa35b1c3ef","nonce":"dc892fcb09fd090b4cfcd0d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"9f5fc39fe4c4a1170174ef968483a1412febacd73e495d7802df6d617c4b6c191352db8a9168ce080ccd63c519","nonce":"dc892fcb09fd090b4cfcd0d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"96a01e805f8769aa26559938d3f238030f03ae5085abf32ac779f30016a11efeac03b11835d62284f7831a9f64","nonce":"dc892fcb09fd090b4cfcd0d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"6f76eaa5f2a47cd9f0a22760fee630c433819d5c5ff9839c105e9a4efcbfc9c2e72df4a074b24cbb932d8b358c","nonce":"dc892fcb09fd090b4cfcd0d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"a8372e58a0b660af5f6a55ba55246b38c9c0a34799d7bb9fd1a3500ecdde1e7b5743f948d4bd35c5440a332cbd","nonce":"dc892fcb09fd090b4cfcd0d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"06eed76dafeeca5ff069652d8161d5772887b125305d92d1fd79bb58990889df8c9af22f9431f4654fca14b862","nonce":"dc892fcb09fd090b4cfcd0d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"d937ef147cdaff56622d6b4fc8f776cc9f0c6a04e42f4383c58177472d15797144c403ccc4985d5cac683bb817","nonce":"dc892fcb09fd090b4cfcd0d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"19b8e145fcd93d88625452d0c9e558357a3c40d4aaef2c80b0b68e60b2c47293d206b1754146425024856e294a","nonce":"dc892fcb09fd090b4cfcd0d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"4932d8f1b77b831f5288cd96aaaaf25bc4686ebe21904d37b20433f5c98c123948f74c2ffd2a40983e152d7c63","nonce":"dc892fcb09fd090b4cfcd0db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"d42ca0d942e2ea7742e74184251626f8b3519777f46fff184352b76cd8711a38092e574419478a698baf14d70c","nonce":"dc892fcb09fd090b4cfcd0da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"76823f9902a21bbe913eae39e42f689323ea51d3f5757ed5d670309be3ed3a8f34008d50996455de81bf0f61bf","nonce":"dc892fcb09fd090b4cfcd0d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"61ac6d452c518bcd5b2801748ccd3e07bdb4268f911714b030eba18d9757282163d51971c11c2bf035f7eb3803","nonce":"dc892fcb09fd090b4cfcd0d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"a90ca9c1c3b926a941c3434340ce5f70c3dcafef2d7440d90f4cab726cefbcf917714a6925121f72d279868283","nonce":"dc892fcb09fd090b4cfcd0df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"b9a48cac5c6f036be56ef2fd99c390addad2bc139d18ea724c167a5cda3e9f9a5b98956a0b84a55592ca58a701","nonce":"dc892fcb09fd090b4cfcd0de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"ece85c837a45292518d12e911b9c8a739ebdd1649d1de908ae6613690989ad8654f3e1e2db5a62243281dc9063","nonce":"dc892fcb09fd090b4cfcd0dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"c7b99beff6f01b844db6bcc0b3d1a816f9fdb52b8c86e50dd1e5ec317d84fe08301f922252305038f37798af78","nonce":"dc892fcb09fd090b4cfcd0dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"a23e382b9849c183ae74020c0e06a202d062d4eeaaf74b3ef462b97a3dbd044ad7653bf6e8c0713859ffb1be42","nonce":"dc892fcb09fd090b4cfcd0c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"b15b426c91325b20123d0caf5e2ab013636bb9ea9851137310ef71911bc22c18d0310d8d34b7acc4915b8d2417","nonce":"dc892fcb09fd090b4cfcd0c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"be2f76020aae1085abd6da213c0886c57e4d06444ceeaaf924cd4ee5bd05c38917287d56d3e46244749b5ce93c","nonce":"dc892fcb09fd090b4cfcd0c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"be65bae87c21f6c2935ccf4891820b8ee8f6ae2990f7fa8801f6c45c5977e98c42812bac898113b90b24519044","nonce":"dc892fcb09fd090b4cfcd0c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"02d4a750ff17b5d2984fd3b683ce40de549d799c254d1c860d978b2dba086d095540793e73360e0d59dd0842fd","nonce":"dc892fcb09fd090b4cfcd0c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"680af189398b02ad577751a66b62fa9dc1c9b2bed8c63c5b782e45a61a10401993b5457d321ab960023326b3ee","nonce":"dc892fcb09fd090b4cfcd0c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"f3aa419142ca2f330a39f2824bfaeddb2ee16b2a6bf9f80bc2eb8aff128752098525b5fc76defe25f64fe0f47b","nonce":"dc892fcb09fd090b4cfcd0c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"170feeb04a3391c558c2acdd80809255fb0dc56a28855930271861f6f2b79d0a8400f5e4feb503cd1c8dac1e2d","nonce":"dc892fcb09fd090b4cfcd0c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"9a56ed2890d6ef98ba93bdcabad5d44d982b0e1e610972b77ca5db227dd2772dbc3466bf35982772bc76679e21","nonce":"dc892fcb09fd090b4cfcd0cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"861c973c95ebda03510803d0c3b9b7286a03dbb8f25d76c9ca396e2de4c08efc970bdb285937f63b609037b6a6","nonce":"dc892fcb09fd090b4cfcd0ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"097b6b3ef3bd70caadb90ed3e994c59881640519b8f40268669935463bbd836a41073dd92d67b58f5fcb1ccdfb","nonce":"dc892fcb09fd090b4cfcd0c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"5d53e3bf2b7aefcb536cc839418ff03932d9bf3fbffbb3c9dbad74c1af8e96b9d9af4b8ff8ad6767d21207bb1a","nonce":"dc892fcb09fd090b4cfcd0c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"ffffd42f65b29eb049e42954ecd7fd1bac26f829bb5a4c006906e39e5d906c3f905633a1f9a7092e8e2c975581","nonce":"dc892fcb09fd090b4cfcd0cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"e3945f0b0c89662cb146624f1b6d1dcc11dfd492163b01164dfe32ec79114b2db539e7322a1a8303b9d79284a4","nonce":"dc892fcb09fd090b4cfcd0ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"a7e0b6c253d0fd834a62a77a59c74a94aabbe3a9db79a8bd7da7ad01a3ffc0f8f40edf1b6dbeb726bdb731b632","nonce":"dc892fcb09fd090b4cfcd0cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"11872bdcd48e670b02a2203c887fccc82b141642ff66067255c8597cea88457c7e67ec823aa425d7df344af1b7","nonce":"dc892fcb09fd090b4cfcd0cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"d8da807542f78f045eece5dfec6fc2ad21aeefc78486dff303b1c653fe2eeeba1d8472e6e4c6ce618aef59e731","nonce":"dc892fcb09fd090b4cfcd0f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"19a589325a28559a18f44d353d4e03443a61554b1d3a0eed230043746df8ced8d869f62161989ac40aed68f9fe","nonce":"dc892fcb09fd090b4cfcd0f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"3f52eaf7c2e7d0d93fc079415fe6867f5d756c32f06d140b2dbe9bfdcb85da18509e697ba9e4d09b211916bfc8","nonce":"dc892fcb09fd090b4cfcd0f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"d97c173d158b8099053f1b2a6cea65340e0d457f8c9e7af7ce6807f662a6ad98bb1faecee720f93c9a87649522","nonce":"dc892fcb09fd090b4cfcd0f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"ddafda43fe8ccef18088c75fa8b3d9a011911e9aa2830c808d298a351a8c68abf92a723888564686c65e81e218","nonce":"dc892fcb09fd090b4cfcd0f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"0408e2a556e43e4da427c9e1b496c967bcbe8ceb2cb0183d6121d071be19a77d782cc2b0d7b733942322f3b6fd","nonce":"dc892fcb09fd090b4cfcd0f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"1ff21489369c136bbaf539fe0a89153e3163fe57a39703069a1e8a3f3e93a0fd4c478f397590ccdbb572edeb36","nonce":"dc892fcb09fd090b4cfcd0f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"cc969e17da607bcad40676669b9a8059875c71e4d3577e3e16ab662c5ef02583f7604d40523aac0d88e46a82a5","nonce":"dc892fcb09fd090b4cfcd0f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"8ec01cd1868a4db690c370e60dc4854daa42c35616ea3b01f44be1c4d18af40eca96d0415a9b1cd38dd0eb0554","nonce":"dc892fcb09fd090b4cfcd0fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"ff5891e91bcfc57aad2367def81dbbccfc1ec182bd0cdbcdc3c3f0650a9c007dfbabb0392539c91e1c04d10d95","nonce":"dc892fcb09fd090b4cfcd0fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"6a82486915028958c8682b25b864c4eb62114925ea0f30fd52b7f00a20a842c9939dd1c612c20913e042534d9c","nonce":"dc892fcb09fd090b4cfcd0f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"dfda9fd83b9f07ed91855d0e745236daea38f6e50b19aa5ea492238c4b21b32f73430f94eb2e26e69b9ac2ade0","nonce":"dc892fcb09fd090b4cfcd0f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"f562fb2cc4b2b06dd06f4fedb95c74108a17fa6342e4206f9e6c8f3ff9cef12923e9d650de49a1575156a8b0a3","nonce":"dc892fcb09fd090b4cfcd0ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"d4bec0862bb7555604e91ba9c8f78189108523674a7779c438ae7a348ff3fdc2eff9cfad7bda7f67088e86ff03","nonce":"dc892fcb09fd090b4cfcd0fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"d4dd0825dc42ec44f65e8727a388d87a7ec7070b840a4f87cbfc2bf7ded8d43cfd248d782cb3b83a29a5fbaf8f","nonce":"dc892fcb09fd090b4cfcd0fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"b1d0aa7acebb96ca8266e33328e762441edb668953764fd8c214af85e7ea0942bf736186410c974cf48e8d40d2","nonce":"dc892fcb09fd090b4cfcd0fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"9d21a6d5e5557a1bb0eeaf48d4eabcd8528bb4ab5a0c995927f1b8e8e372287fed08ef02e9dc783c65589a30a0","nonce":"dc892fcb09fd090b4cfcd0e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"a544f767caa7dc9f54b433a185a4269dd25599dfa6c0c3e313001c1db88cd79b2929a83bbaa89fa36cdbf0b95c","nonce":"dc892fcb09fd090b4cfcd0e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"9e56fa22bf2a25e26b9ea5379ee3bae89c87a248e70b086cc1c2072000de5d349b4b0a155a3c0644ceb5b69485","nonce":"dc892fcb09fd090b4cfcd0e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"f7b21548a50cf95f99926c4b47f15a5dc639988fa37bf1fbb7a3414d5a41961de84065de70b9af434b7dc817db","nonce":"dc892fcb09fd090b4cfcd0e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"b149fd5b23fbc213236610c112411cb28f544953fbca4cacefae8458277a6ca16d41580109b22579dcf0b17e75","nonce":"dc892fcb09fd090b4cfcd0e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"b1881049199179f71e45f1ac5a7ede805b405a56e049949bb61039ab62a88e713d9dd666df7aad70cb8cf9d31c","nonce":"dc892fcb09fd090b4cfcd0e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"675c7711d52f6b6da87876d62a09740d7327be19efe0dd483116648d5475a44b65a1ba3838ac7c66cfb74c58d3","nonce":"dc892fcb09fd090b4cfcd0e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"358f81832e6692a4d340c8731e51ee9ae4c69950944baa3e7551743557f2199998d43889a723c4c2558fd44707","nonce":"dc892fcb09fd090b4cfcd0e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"38114d58200a7e6ed025f2bb96835741fa7a2f053c3325b87496cc2f12d7c5d67d958e7d8c195bbb9146ee2313","nonce":"dc892fcb09fd090b4cfcd0eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"ba67bf7c9d51164d495e8c4026fa07da08f53531a70659799ef8f8b3c092190e29e301088b4953c425fc77c9cb","nonce":"dc892fcb09fd090b4cfcd0ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"dccd72e8effaee726c21e65038e8717641bc08d545aaaa9a703e25d9307d0958e03034d23664298538349989cb","nonce":"dc892fcb09fd090b4cfcd0e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"498bd259c60f37de7b74ffb3ec52629f3ad50c0d2e1c533f88196a7b05a23e6e0135e162476d3bcb6093ceb21a","nonce":"dc892fcb09fd090b4cfcd0e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"4e88524b53a9faac767e66a9b17641d7fcd2b2223258d1864265adc891443dd039a3a3e3a576b60169ab4d48fd","nonce":"dc892fcb09fd090b4cfcd0ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"979b57e135dac62cf363722940a8d71f3d508948522f63fcae9bc6894cefb946721d06ddbdd7a39ad711c6b3c1","nonce":"dc892fcb09fd090b4cfcd0ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"4b6c80d8480bb46cbbc428fdd07258d8abb869a549890fd40158fc904acfd79ff3008340b058a3b044b1e9b11d","nonce":"dc892fcb09fd090b4cfcd0ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"a3fbeb86964ca6e6b5bb381e8fe802694c48723fdff4edcb51021fecf50e0661b1aea051e62d0864b3a0c6eea9","nonce":"dc892fcb09fd090b4cfcd0ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"2c9c6313f662d37f240c111d8940e1f0a8f99419fc3751232b854d69f7e6a9701f66c4e1db0a518bf3ebfd6d9b","nonce":"dc892fcb09fd090b4cfcd013","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"40acae3118760cd84bad727cf5ecf92056679b74c07cb3577dd73cd8e257a9b3073c7e3a340a6644b44c7524c4","nonce":"dc892fcb09fd090b4cfcd012","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"9fb6c98173b4e13085a8bedbe65aa4da8c035ded0232f71a939b21be893da1600fffbdf9e374bbaa17b5f84b9c","nonce":"dc892fcb09fd090b4cfcd011","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"00f3ebb6004812fb483e446c10442253d8624b904a9340e6d71706be0721c8b30c47ec0892358d21c538c42b8a","nonce":"dc892fcb09fd090b4cfcd010","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"f38586ffe1434d8c9986463c194e358ed28fabbb1d46a7d4128efe309df50cc6f3069de25a89877051d4c57b6a","nonce":"dc892fcb09fd090b4cfcd017","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"ff2915cb9c9e15d1bc1d335568073bbad089a6e34fe9cd8b0c8e79c7508a41795b1a68c168fa9d54bb800e9c0d","nonce":"dc892fcb09fd090b4cfcd016","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"c31eb6ec91a9acbea3978d386102695b9459afc9c69ca6d2cb47ae399587ffa9b2e57fb010132d071c9d2c9e19","nonce":"dc892fcb09fd090b4cfcd015","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"ca266c725dcd30ad75c4519914f0925a9b254ebab43dfb61f6247c24a39f009898ed3f161fe5c7bc78846546e9","nonce":"dc892fcb09fd090b4cfcd014","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"ddc8b62395ce61e7772da554744a9f61aa66333a07d41a35b92802ac71e39460105292ccb5086c5dff97f8b5d5","nonce":"dc892fcb09fd090b4cfcd01b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"467045e0faf84917558438262aa4a6b0ffc3214d877bc0ae4ee3905d1ad40e5c276166179008dea0d6134efc72","nonce":"dc892fcb09fd090b4cfcd01a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"280fc3af976b95f352054068ea7bb0dc83d162d79571b9603c40c0d7dc17cf397f7f740ec75eaa23be9731840c","nonce":"dc892fcb09fd090b4cfcd019","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"672bb7f02b86d5476f38c96e940d11afe54f6d5575d043a9f11e0c71319b2a6c06d01022a77f0cfebff4db0a75","nonce":"dc892fcb09fd090b4cfcd018","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"1c4aa1f1f258e26907f722435f6477ab1e09a8f15a6ca8ae019781d9dad6164211226f68467a407d98e5857253","nonce":"dc892fcb09fd090b4cfcd01f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"8c5c58b90288e1f25c2297a1fd2bff599d2d56e906fd2910d6e85075ef76fc5b38e3ecc4b1439b799b31c047fd","nonce":"dc892fcb09fd090b4cfcd01e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"9debe490c2a4ef4a8d029f8e66f444f9134ab0d50a36c4b7294d320db54fe5278795b679e8d357fdf26541f935","nonce":"dc892fcb09fd090b4cfcd01d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"c87c04c0ec43a0cde79fa34283ea942ded3213ff295dfebbc1ddbbdddbd72d3b536aa8a6e064651d64da47a3d4","nonce":"dc892fcb09fd090b4cfcd01c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"e4fb01be24f48f7ea6e66fa77759c18fdf13ce861153e0a26624ab5850bb68be8019669457916746be96a9028a","nonce":"dc892fcb09fd090b4cfcd003","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"06904df2443aa1d579a20b613e2c97adeb1c268a78a525d66e0f6db281ba138197426b5a94f84a2b9ee29a6262","nonce":"dc892fcb09fd090b4cfcd002","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"172b1e3fefad47002bf302a82f8f24dc965390493564ae2f2c07d0e7e6055abf738178d89c5944cbf47fcbb7cd","nonce":"dc892fcb09fd090b4cfcd001","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"21ee6424e9cd55a04c7d9fdf1753b64286357bd552c7b102bfd932829f5555dd04d13a082a7eaa30d7ad9e1330","nonce":"dc892fcb09fd090b4cfcd000","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"4c90ef690204e53dbeae8a3a4ede3c39299a4b54f563f01df08cf7367c3ad3db1867d48685aa00b64689b588d2","nonce":"dc892fcb09fd090b4cfcd007","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"b955286e12603c0599ad6e791070b0629ca46f0f69f38a4845e06e4dd1ab812fea746214c26bed77ce55c39ccc","nonce":"dc892fcb09fd090b4cfcd006","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"68402d7c8cdaf6c504a7aed0a65080984920523f1a376518bb0cbeed690b973b54e893e016960b0badacc53c4f","nonce":"dc892fcb09fd090b4cfcd005","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"8c3a94baedc728e667f11360674a2a3ff35d890240be7b2b94138bdb3282d3b753173e13706aa53aa7c28d569a","nonce":"dc892fcb09fd090b4cfcd004","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"6d3b377e8bb5049da4ec9d61c6c60d6b6fbeabbb736115fc894ff64721422b09fb981dcf6cf51a6c9a3737f343","nonce":"dc892fcb09fd090b4cfcd00b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"ef6611b910e11cf454b61ab898e25a9cdc1093141d286a392553b09af70e931da299f614c7f1d4cb7c56045d24","nonce":"dc892fcb09fd090b4cfcd00a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"8f439f335f4903bcfbb14b05c7afa8d9d12c89faafc3e1f3f52cd9d617da2fa44e3b83fa54e6fb67c2cdd51fc7","nonce":"dc892fcb09fd090b4cfcd009","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"bc118248c419a1af263bd76257ac113684cefabd1eca7263690f03277300e3ce7115952af8b02a4e6cfe8c40a4","nonce":"dc892fcb09fd090b4cfcd008","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"8ef7fecd49d753395351b45a5f7b2d3a4836b133b6c503e1d6ac7c81f63a018d5047de188dc5dd41ed503cfc4f","nonce":"dc892fcb09fd090b4cfcd00f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"02c4c7e4b5a643dbc1ab2022c767eda2c69e5d96a8a59eaf3fbc43a3721bb087813a2c57f94913b6213de5e55d","nonce":"dc892fcb09fd090b4cfcd00e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"2261471a7c8b9dc9edb42afe1d40b356c38d36a79043a9f1b9c2404aa4452b9602cac6d1fc458ae17a9c98c25b","nonce":"dc892fcb09fd090b4cfcd00d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"c5d3f2ff68304bf5a934808a14bd44fcb56121c4f1a2bead699d3706555134484bfb5465aed9a8fbc03fbd9d71","nonce":"dc892fcb09fd090b4cfcd00c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"f292d4ed6eb1237166579ace1b92cbcdd946eb9f90af200fbf59187d1745c6b531cd089a540b3191bee1a8c989","nonce":"dc892fcb09fd090b4cfcd033","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"690af298ba2f16b63c452fd9a39c19677ee7cc558c1f61fc22766a1787d06a671501c009b09be1a8fcacc33fea","nonce":"dc892fcb09fd090b4cfcd032","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"4c2ceee15f5edd63b0c88d442f672d8b3fa029c1364d133376d21864614401440d6d9408f3399201aa92beb31b","nonce":"dc892fcb09fd090b4cfcd031","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"db7c4f16fa08772775c25bca3b37eef390ff6e007e9f05023dceb8d946089775fc359b2205b7f9f4d460984b51","nonce":"dc892fcb09fd090b4cfcd030","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"9ea5c872651f5264248006850fcd73450e76fed052be82f06c37d37b79be9872eebdb61d4064dfc5312c6a6d9d","nonce":"dc892fcb09fd090b4cfcd037","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"c0b2d0c74f897be0888ce983d6c441920ed7d19bea331595a2c99695c04c6a9530d3b8734bf7515ba9ae6bb7a4","nonce":"dc892fcb09fd090b4cfcd036","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"016275d1e29cf203d1b791d01ffb69b36daad0edabda1d33bcc999385c939bb21cbd345a43e628970f588e33d1","nonce":"dc892fcb09fd090b4cfcd035","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"9d9279e369a99f8b91201067c0688ece07cc2dc87fbf34b327dc1c34260922bca3e4385e9d4c72870c1a51fbe6","nonce":"dc892fcb09fd090b4cfcd034","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"c9f743a3e59fda4b0cadd79fb4adf1617d3570603403a08c09a05306421bcc502e7dcfac4c69c4eab168061881","nonce":"dc892fcb09fd090b4cfcd03b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"c10a618e1742cd1b55b1da89d238b981697ae11bbca31e89baff964b403b9fde94240e306427f6062ea052ab51","nonce":"dc892fcb09fd090b4cfcd03a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"9b067957cc5c04988dcec258e05085a94bc1a2222974a77528e0a2148823d9127a787654d05567f782fc35f0a8","nonce":"dc892fcb09fd090b4cfcd039","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"68898094e1a9fadc14617158b57c651f66ee584ea45306a329c7b3f73687710fb7b2b281a8cb1df18db3a1d50b","nonce":"dc892fcb09fd090b4cfcd038","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"f80d7634cf07ebeda0667a65213392bcc5e626cf2953d4265ad73d33b691e16701245e9d6dd05257ab0cc1df8f","nonce":"dc892fcb09fd090b4cfcd03f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"918bf0e6d5deab8035f89fcf37ef9848e63e36c848b05194b67b0ea374f03afb9115b53d6150b85234c7e56cd9","nonce":"dc892fcb09fd090b4cfcd03e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"f3aa73d227c3b8f661f185c75e5afb148aa686e3eede2a42546ed14e2c09fc04b7d2ad3d2a1a68b03a95e3ab1b","nonce":"dc892fcb09fd090b4cfcd03d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"640b256262c9178bd980c1f6bb7727d9ec5eb09a8b6a8fdbed0ca71c80cccc6cb7c86d7dc8d7d4af85d9b92a3c","nonce":"dc892fcb09fd090b4cfcd03c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"bd085055d1cf1bc9abcfcdde8137a07643b6bb38e53312ed8d38f24f54b86b90fba215ec878ec7ac020d474517","nonce":"dc892fcb09fd090b4cfcd023","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"3a187a8e839006c5342b3e3c4e0ad2d26c6cb38d7c52aa1f98ad7eb3e20a6fc1af3f7e984f652d880c4dbf42eb","nonce":"dc892fcb09fd090b4cfcd022","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"d5242352144c2fe98f64966f59af19a6081fc3a94701042fec1c299c00c26b6ecb4ed46cf33fe59849adff1cee","nonce":"dc892fcb09fd090b4cfcd021","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"d57a1731b150c6eac7dd48ba0e42c111fb3e0e65658c6058e28a44e2663c595b2889881689d44d211276e0ca5e","nonce":"dc892fcb09fd090b4cfcd020","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"2b781c40525ad46a8d05e5e9501046a8aa4b58841a62107db9be8c5fddd8775e3b9dfcdb9e1ac79115a88fd851","nonce":"dc892fcb09fd090b4cfcd027","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"c190cd9456212e727ef17129c4f5204bec2400a63abf6b06d85c996df0222723c4e399f8b4d20746476346d5e2","nonce":"dc892fcb09fd090b4cfcd026","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"724e736b77d086ddc5c61a48c83026ac7c5709bc2ee7e0031843be4b265a7e0e8ee5437ebf11ef6d2cad7ee5b6","nonce":"dc892fcb09fd090b4cfcd025","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"2e67800063445cdead1e84e19fc6f98587bd26c2f38f9ccc461a58314a89db1dc54380ff060919f6c049bef8d8","nonce":"dc892fcb09fd090b4cfcd024","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"b0bbf875b7a747b300325ed3f5b151086140f71c4507fca4eb7fb26d1aa57ba760966d5f06c44aedc7c9cdec7a","nonce":"dc892fcb09fd090b4cfcd02b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"de45a2763e9be6d0f93bf5bfe51af168ce0fa4cf4172fcf42f511f437715f585877903f3cc057a9894b4fc02b0","nonce":"dc892fcb09fd090b4cfcd02a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"cf3311a7d1921abcf5a0cfd47c04513da530daece61e4b5ba82da8a2b79287d4c8d257d0cd90ebf6e29a15f660","nonce":"dc892fcb09fd090b4cfcd029","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"8e6dde8dca641df8f4f13b64adc99fc0eda30135d06f7b605acaa33c59b60d05d02688234544d585b28a18c497","nonce":"dc892fcb09fd090b4cfcd028","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"e58732d8eadd10994ad68a346ab070c9135b0fb5807847bfad2ad971c24a457f6d7f462c044446f98cf428a70d","nonce":"dc892fcb09fd090b4cfcd02f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"adfd04688fb45dfaa0097c7587ddc4c0e504c146b50a851ea1353b8382f2aee1fed1d4446b2782d37aecb4027e","nonce":"dc892fcb09fd090b4cfcd02e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"757fb0bb31da1552ad919b2abb099315ab6b592ae2bd6b3f812ad445a848c6126e10e922dd3ea7987bafbc7ff1","nonce":"dc892fcb09fd090b4cfcd02d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"f3606fab77d18a2ae7712b8d08efef42ee2dd1c7867ee189e339fd1ce11b0adf13153eda39d998c371e3521e2b","nonce":"dc892fcb09fd090b4cfcd02c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"c46f0b355923febd3fd01563b4be463fd8199b75882c17ca7a5903f7442aa3e3e54bf6495382c4f6092b8f9a43","nonce":"dc892fcb09fd090b4cfcd053","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"2dee9fd960f88f2339334c5bef924bee6789976997bc8e12147bd4b7757ae30c39c909e416b781ae3f73a9b4a2","nonce":"dc892fcb09fd090b4cfcd052","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"3768eceeb96e7f47549d894e75406737f70b604c8993b4cd2c44d16bfba55eba61b9a06a544db34b3cf86201f4","nonce":"dc892fcb09fd090b4cfcd051","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"48c3709ecce2f521c554b491f327e229c0a065ef9d2f9a5b93fb9e89cf55b0735003caaf9930f9fe88f86ec0cd","nonce":"dc892fcb09fd090b4cfcd050","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"8cd816d391afcc4138a3263cb65aaa94806d269d50979dd038af21af07f82ec44d5fe0606ecbd9d51a6b227eeb","nonce":"dc892fcb09fd090b4cfcd057","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"070afa3e1cb6f50367ee2046fe1e3c86bf13947b33e1e1338519456edad9b8aa27611aef45740e00e4c72980a3","nonce":"dc892fcb09fd090b4cfcd056","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"ad2460921d9c2199523f4ebcda18609d0af44efe063718793c4bf3f2842699c22e4b1ee61ae5d380b216b7b37d","nonce":"dc892fcb09fd090b4cfcd055","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"56f57a5bc1a0cf7c74ae75367ab5b520207569552be73c33cf7c65e2fcb210cc3658e049dc293710ad0dfc80d1","nonce":"dc892fcb09fd090b4cfcd054","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"b5ea362231445ac47e5650e28650b3feef163deacd5b4a2ead1a62542f66aea54a77c54433c087ce5b13fa1abb","nonce":"dc892fcb09fd090b4cfcd05b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"51e4b4e34b773c61c08ad3c3340677e0f92af1720d8fdd482d30de620f63f9c14d2aa260aee85d52a92f6c4363","nonce":"dc892fcb09fd090b4cfcd05a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"a34a8cdca18a804de1d353991e4403f5882f297665d5173e099f1650e160ed98afd6889b28777beda614131fc9","nonce":"dc892fcb09fd090b4cfcd059","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"e1b42ea06c246acb79bdef8c08a7a9176b59a9322ddc04e01c3783e07d50175fe317d53d012cbbd6047876d28d","nonce":"dc892fcb09fd090b4cfcd058","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"24df1588c0afc27836805e59928b3a7fd0dbb41c4eae4cae97613e3d1cb88b3fb2882abbc4702323e8344fe226","nonce":"dc892fcb09fd090b4cfcd05f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"5d5e199ad29d63d20fc6cb4d2e024bdb612096ae311567875c9caafdfb6367e9a31486fc62d80d438609a1328d","nonce":"dc892fcb09fd090b4cfcd05e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"14f9bb703f7e95f1bb2a3c09232645355338afc93987daac926570164f9df58c7a3ca05be13e11bd905844aec9","nonce":"dc892fcb09fd090b4cfcd05d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"3932de328600569863bce5ba708525e099ca18a5f5888bd449e58d0542d3257b76a44dd0cd3f81120442e76559","nonce":"dc892fcb09fd090b4cfcd05c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"bb4453aaa31cd90bfe033c2dc1578bc6e9693241f70ad426d815d71620eb2e0802c182bb388ede7973fa4c2eb5","nonce":"dc892fcb09fd090b4cfcd043","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"e107b3fbad957ef1c8b4099d04c8a7184c34c6d1b737284a7eeb48ce52dab3cbc48cf8c9ecd1f242b0ecdb8ddb","nonce":"dc892fcb09fd090b4cfcd042","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"05b4fe3d070e3c577060adf747edeb54809846ad4926f2744a6359783e8444716c4064dbb320626ca0ebbffd3b","nonce":"dc892fcb09fd090b4cfcd041","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"ed509a09338750a420ab732989748b5bd92cc46a8a156f129028a667bd1517674c61befdd871e73fdbd0105a78","nonce":"dc892fcb09fd090b4cfcd040","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"089c7f0bb7343b6864f01d72108d34e0133831f2df32ef47df451c14380c8baa0bec31a4e09789c5d044aa712f","nonce":"dc892fcb09fd090b4cfcd047","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"0d0c6fe9986d31e661355d85fb05850437bc05311fe720a16a28f212fe8ced6d002015fbbcd75e28fe231fbb7b","nonce":"dc892fcb09fd090b4cfcd046","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"b63c9bdc4b1db8cde2a958d1d9e7c3d742e4ee65f6aab62784d35845e13563faf6cf6bbfeb4f64e0d63c78cc45","nonce":"dc892fcb09fd090b4cfcd045","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"5f342e403e66ff5612c81ea01f3d4ca06601ccc09dc356eb3047d774878ba98aacc2c6cdf05f780daa34174389","nonce":"dc892fcb09fd090b4cfcd044","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"44d341d322623ea443a04aa03cb467283f5d40ca080c76d4312f170d0c96ebe654c667309fdf2bb0b22e19f40f","nonce":"dc892fcb09fd090b4cfcd04b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"e26f11698181f87fe5f08a321b338f2644d6984c17c8f83a71fe8ec648dcaef5add26dc19eb0b3a31c708db478","nonce":"dc892fcb09fd090b4cfcd04a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"3d3a40604f94284ba8d2498c74f2821cbee6079547fdc3aa25c4a5ac40baf5455a4209eb1ccab2c44ef8ec70d2","nonce":"dc892fcb09fd090b4cfcd049","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"f04366e4dffa5820a085a6edc67aebe21ee8ada515fdc3d587ad8c0167e4b6d4889956928683035c917c9a769f","nonce":"dc892fcb09fd090b4cfcd048","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"ee833afc11ee4949183664efeb049f18fda7cad3c475fbe96e4a3d178fca615df57a3d34cb54cf58244cad1417","nonce":"dc892fcb09fd090b4cfcd04f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"d252be225151dd1d7d3fa661dbdb8c11f985d33e198d06155581a56d73d29af88c21d6578db73e72574620810e","nonce":"dc892fcb09fd090b4cfcd04e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"582ff432c1458a4c21a49deaf30b547f22fc4ecfae291e7e70a88d0a4d4137bbcc1e8cca284e7c95b02ad574b6","nonce":"dc892fcb09fd090b4cfcd04d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"6e636f6da7dabfe550ea2c03df16c123ab7814cddfbcc06afad9f36ccc98e43b554f3a1a997df1e57563f9f37f","nonce":"dc892fcb09fd090b4cfcd04c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"fef877086efca89d1a61dec79586055dc70460621e406dbc6aad6427a3fcc9efc060e2cff57786787da2594cc0","nonce":"dc892fcb09fd090b4cfcd073","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"8fd34996b14e808ae4f27d2183c83db557a04cab783e3166dc3a2aeaa0a83db1f1e922a3148ffcd8bad32aaea7","nonce":"dc892fcb09fd090b4cfcd072","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"8d9a60915b77bc3c6781421ce688c1993254df28eba958903e9d60d848438ea7dcd5dd004c37414efeb34d3317","nonce":"dc892fcb09fd090b4cfcd071","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"1be7ca89e5f88f8097e088d8b327d6cfe55584ba045411b50db7e64e3d0ac707da7a899830ca081e521aaba8b8","nonce":"dc892fcb09fd090b4cfcd070","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"c18534c1c514ef75242abe8180256b2cac695edf57d7cc5b410b6abd35954b5d0e9de636e649537e7578b43373","nonce":"dc892fcb09fd090b4cfcd077","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"09d738486e70bbeea7c7323722416274f4c651fb147edbf50c076d9870ff1620982f6aeafb08cc30805a710885","nonce":"dc892fcb09fd090b4cfcd076","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"2e71a6e139fe6753ac1378c3cb8174b465141eb80b7f522fd03adb56e849328256982ad558b60d7f54b36718b7","nonce":"dc892fcb09fd090b4cfcd075","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"7c0ee642ea0fd522988e05f14c6006e152acd65fe52e391c9d7b7596e0dd0de4cf9980ae7ab616addd4a1463a9","nonce":"dc892fcb09fd090b4cfcd074","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"9ca66e94e874eb194856c33d6a2caf066678da16e8cec7ee33c4c10430e230e1c38e1ea2bfb8a0a802c552eccd","nonce":"dc892fcb09fd090b4cfcd07b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"fb451b5da530fa60d05b68972acb47aca32fffa0c5561c20606675186a2ff95a797aafc7a9533ab42fd9f647e6","nonce":"dc892fcb09fd090b4cfcd07a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"13323a79066ff7706e244cf1b19fcfcd22e8e2c9ce646957a660be160ce6ca500cc77cff1e4fbe5dfd2ac96426","nonce":"dc892fcb09fd090b4cfcd079","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"5badf94499cdf3b47a2a8895b59816be224bb22c9d5b02704657ec01e3af51508894bf75b4b650e16607d6f76e","nonce":"dc892fcb09fd090b4cfcd078","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"46f24f2a254b7154918c158e99ec32cff30bb42aaac10e61eab02567391ba2697ca586bb61ad5f5b03f55c07b9","nonce":"dc892fcb09fd090b4cfcd07f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"68cf66b085b31894704411e6cdf2cc7e177aff379b22395655277353436effd9cd2fb11188a8d7b0b2784bfdb4","nonce":"dc892fcb09fd090b4cfcd07e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"f10805c6cfb951fec67b335b2788443fe7eedfbd01bd52bff5f28ef639bebf581b1f5d93d49597f0419579cab9","nonce":"dc892fcb09fd090b4cfcd07d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"af41e741d1b084d9951efe7c5481fdb7bf626441b7d32c8ad94db13134a691f9bcfa9b6fabf88639ff063525ba","nonce":"dc892fcb09fd090b4cfcd07c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"e4aa30b0209cc78e4199a1a15834f4b90df445e3cbd75e627e313f3ece9f8ab95354372cd1b1e36be62b0adf98","nonce":"dc892fcb09fd090b4cfcd063","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"d18d77de5c6e45ca0cd21f33d844f39b687e7f02ca9bb4d44ea4aec9f826ca968bd8243750965622ffefc4c24e","nonce":"dc892fcb09fd090b4cfcd062","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"f31ee4d76e89ec41f1eb904127300ab87a598cd2c4b324a77ced4ecdc9e1e843a174a523abb44040353316a419","nonce":"dc892fcb09fd090b4cfcd061","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"952ff6025e9a81959792e1b40868e5846d905fdf7db0f2615dfa6409aca1bbbb2567d4021f83ece98a58dfc501","nonce":"dc892fcb09fd090b4cfcd060","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"7be306cb4c28f708376a6091c59bdec4dafb3eed544a3324018e36f224af568958677b6663b67f1f2832d28708","nonce":"dc892fcb09fd090b4cfcd067","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"1591eeb1ba94e655739099c919903691528050e733e411bab9fd0a5b5c242a8eba6a839b0b23cb5ac5b6be001e","nonce":"dc892fcb09fd090b4cfcd066","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"873cd72e50e4af48939da056362acaf53452714e434f131ce9c7d61aa266c86c71a9e5232150bf6d531a369feb","nonce":"dc892fcb09fd090b4cfcd065","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"b887f3bd0c2957b272beaadc531649425aef52d92d2e223c1654597075193849f1b381adadc7bbe72863a5c47b","nonce":"dc892fcb09fd090b4cfcd064","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"f85c27fd12a86ee06af90888ebcc5640fe0d19cda07809404d9266900b4fb0eafea971d56932f31b4f2b0b2d81","nonce":"dc892fcb09fd090b4cfcd06b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"1e69a3f2b13c07d7787ef892bb384a6d506a416bf7efe86d2ba5afe08b5335ae5ee4c40c6d001cce5d069bea9a","nonce":"dc892fcb09fd090b4cfcd06a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"aed57623ebfaa53749ffa9173d10abc402c1d476b6ff0c0bf111cd17cb4bddd1f75d076548b1dd9974ab177740","nonce":"dc892fcb09fd090b4cfcd069","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"91f9e61376b5e9b44f965ea5994bb195e31f6d4f69f6bf8f303935775edb589fd26b06630f2ba054375fbb6b7a","nonce":"dc892fcb09fd090b4cfcd068","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"492095a06ebe6cd5d4e8a4de961fd82dca3ec322cc68b96aa7fe1bb18c8c79f3f9d9270f38a2e2fd2e5cade28a","nonce":"dc892fcb09fd090b4cfcd06f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"5ed52e082e1abc84e57c214fb306928748923c5e51670afdf915aa59267b9bc46c4e98532fcd455abdcfe04561","nonce":"dc892fcb09fd090b4cfcd06e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"759bd7e3c3528b6d1487ac6ce3c47dd52234c3c34dbf751487e1efcff8b4cfa80c73f06d2bd3d44e22416c5781","nonce":"dc892fcb09fd090b4cfcd06d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"439d341969a26fb661dfdedda8089301151a2282de0d92540611c48924407260283aa42dd52d26194a7573943c","nonce":"dc892fcb09fd090b4cfcd06c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"8b38c0457f025e9a361292eb6a701787b96470bd2807357f59d02712edc69840f02e9f4896312410b1dd26e364","nonce":"dc892fcb09fd090b4cfcd193","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"f1232ba252a0411b74f53701b14259f248de74a40ad39be2fa0faf2da464aabc"},{"exporter_context":"00","L":32,"exported_value":"f4711d74c4bbe0f2dc7e16631d6650179667c9c254fb6f5347419db8dead3783"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"d2ac77a91477ba9e423c756545781370a5a03254deb31914e7d51b214cfe4cab"}]},{"mode":0,"kem_id":16,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"49b7cbfc1756e8ae010dc80330108f5be91268b3636f3e547dbc714d6bcd3d16","ikmE":"497efeca99592461588394f7e9496129ed89e62b58204e076d1b7141e999abda","skRm":"9d34abe85f6da91b286fbbcfbd12c64402de3d7f63819e6c613037746b4eae6b","skEm":"c039fdf5b97974a87d8a537667d350157f40a38afe2319743026ae9c6c361ed5","pkRm":"0453a4d1a4333b291e32d50a77ac9157bbc946059941cf9ed5784c15adbc7ad8fe6bf34a504ed81fd9bc1b6bb066a037da30fccd6c0b42d72bf37b9fef43c8e498","pkEm":"04f910248e120076be2a4c93428ac0c8a6b89621cfef19f0f9e113d835cf39d5feabbf6d26444ebbb49c991ec22338ade3a5edff35a929be67c4e5f33dcff96706","enc":"04f910248e120076be2a4c93428ac0c8a6b89621cfef19f0f9e113d835cf39d5feabbf6d26444ebbb49c991ec22338ade3a5edff35a929be67c4e5f33dcff96706","shared_secret":"e55150d4ec509c78bf3b3c704d786806b0f2633b076918366e6eef6183ff99bb","key_schedule_context":"00348df0879d37b2abc03cbb090b26b7856d998d2e1d2b6c4913ca1d1a15f8d02f8ddd20ee5a3a5e35efd67a36daa5e549d08c33c7ca402da2edf2676a0043a166126d2283b8301d36b48ceb2ad0e3cdc9c830a0de1fa6be934f1e16cd7bdd92c3db68c302c9f0692107fa96713cd8503e2844199970ac9f3f3afb2c0606a47c7c","secret":"06583514c852950edec2ad7308f1e1aac86385825d508f5643d9cb2f87fdb9459ca12c00f43d2af5173df905a2aacd5c5c673c75a93f07bdb10434d35921ff80","key":"","base_nonce":"","exporter_secret":"2fafb269b7c536436177b7a1fbdb7997c8136034760ffd1b0d9c00479dd5813adbd282173ee1cd009eb1889f3193a7d15c8813613b7b5d36495c58dc5deb4ba5","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"aec5ad394d7c3ec75482d1dbe1f9dc41f174d889735e6c1b377c3ccf23b7ee44"},{"exporter_context":"00","L":32,"exported_value":"ac33b65026173b1de18709f63f910a143288cdaed665545b2d605201da78035e"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"3780898ef07bd65b134a72804b57d902d24ba59e7beb6db5d2a445c02260af77"}]},{"mode":1,"kem_id":16,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"548121f19a18a33ee6945d345d916d79c690c77e344c2918b89b0a415c6eb5d9","ikmE":"5836f394d93989d14bc436bc8e28e258a70aa96eb45a8f1ea43b98d3bde15793","skRm":"3eafd14a79d1a69791f284d98d3444a374301e2c3c723ccd82fc21723ab5295a","skEm":"28ecd812fe9d7c88a643c8e291bb9247f96b953f08cb8cb11a459e6096840f5a","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040d52b4c60c3b21c32f73dcada65c5cde6037b5c8ea282ee7d9200c6803b9d3f2e60e1fd8fae15241f91607e52878415b19e74b568bc407b554625e5002367e8a","pkEm":"0457501a26b8ba0afb3eda3df8a13fe3e28a28f823d47a1105fc3fab8bdcfbc89cb09b1baed1a634c7a787e4df3dc0d027e0e365d5b366f5dc23a07effcd0fafa6","enc":"0457501a26b8ba0afb3eda3df8a13fe3e28a28f823d47a1105fc3fab8bdcfbc89cb09b1baed1a634c7a787e4df3dc0d027e0e365d5b366f5dc23a07effcd0fafa6","shared_secret":"dfda22118f24b61e377dd5dcb5d02fed544125db2d9c0de7031082c55a0bd2ba","key_schedule_context":"01bf79f0cd476b163da0552371ed2726ff677cb56d40e4670c448d858ff167b9495c71f7837dc40986891dc6db777d3e0e19be3180991cb9f922b6b0effbaa4f9d126d2283b8301d36b48ceb2ad0e3cdc9c830a0de1fa6be934f1e16cd7bdd92c3db68c302c9f0692107fa96713cd8503e2844199970ac9f3f3afb2c0606a47c7c","secret":"b374705648dee3ea9b395434be9de89b8aa82ca3f27ecec60ba59c00b5e3dc096330ed242c5ec0627def732787d88348a7c1e6b3e6d7e04ffc3f81f6c647a84c","key":"","base_nonce":"","exporter_secret":"2526df0e365d99e0bee54e6b18fc60d4127945f931ba02357f58e141d7846ae359371a988a6edf073e34e561ad762a810b45f405dc699a7a97017d193977f705","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"41cfd3ccb651f61beec52a97e16eb4915b0a7eee34604fb09d2f71aaffd9d8bb"},{"exporter_context":"00","L":32,"exported_value":"99d11d7dba4a9255f9a9ba4aa3dfd6286ed82bcce1bd0a84ec49162d6da85038"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"d9688e4bcc1af04b1afe1e73dab9d0112718f3f8a08ac2f969e926efd3e48443"}]},{"mode":2,"kem_id":16,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"6048559fb734d7ca081dbc49c8d9eda028e4b951be948cb8dbe82e4921403827","ikmS":"e8d1bab754ada5d2e4545430a00184854c63f0b08643fec735f3318158525325","ikmE":"506893ef5f7f8fc9e10b1d89e51d561e05ef8c47568414fec054582e6178cb72","skRm":"fb4493caeb7dc4309d1f2ac348a66ce49b6c365e076c30c5f9515e082d7404cf","skSm":"6c49689f3264a6df14ad0fa344e198d0363bfb97898974daf1faca2205248ac0","skEm":"e551229fd7900de695b5f2bc1a34e2a3fdf3c0c20e15944de6a87a26ab1832e4","pkRm":"04835fa814a6645865218b1dab2e4b89c3d186b179370fc2111e12649b7ae935d25e3790006e814a93ae398392892ae8c0de12f4afceb244ee71443c2423625edc","pkSm":"0468d893b5d18689553750a94536bce7654ab504057c204500e5acbd5108cd6bb9fc1039fda160b3aad1f4a73eae2c17486f916fb5d295a3b2447debac9edecd87","pkEm":"041dc0502c629099d441d234e90b55074f0cf068509d51740ff07308be0351d2044a0fe71e5de188f279d4dc8a5c006db10747496489e43ba6d061ccd33e4d4646","enc":"041dc0502c629099d441d234e90b55074f0cf068509d51740ff07308be0351d2044a0fe71e5de188f279d4dc8a5c006db10747496489e43ba6d061ccd33e4d4646","shared_secret":"2fbc179d4ecd6b4b142643f6fe3b717bec7d135457e1e1a1c894682ddcd3a092","key_schedule_context":"02348df0879d37b2abc03cbb090b26b7856d998d2e1d2b6c4913ca1d1a15f8d02f8ddd20ee5a3a5e35efd67a36daa5e549d08c33c7ca402da2edf2676a0043a166126d2283b8301d36b48ceb2ad0e3cdc9c830a0de1fa6be934f1e16cd7bdd92c3db68c302c9f0692107fa96713cd8503e2844199970ac9f3f3afb2c0606a47c7c","secret":"2f628af7362234cf8c71993f25c2f4e8a5137bafbed4c198973f5ea9f3d47a48781b4463bd0971331317bbf53f94a52051110adae9da32fa555abb024a8453d5","key":"","base_nonce":"","exporter_secret":"852c3076c18db210831178dd28d220b1be5578352a6bc08801d6fb7517195bddfb6a8790c9b37403d305f602363a2e8ccffe9c2166a8c630204c4ed8f8eafb75","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"2cdcd8aa36f176ca5fe32d5b16dc93f9a0666ffaaa237298d5e87f7069399036"},{"exporter_context":"00","L":32,"exported_value":"0492e7b38531683084352b86523c025d0b668dd008c2122682527541e51e68bb"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"3356735c7a6d2c93905ebd584f0e61215d937eed84e9692a1a7e334d96a9725a"}]},{"mode":3,"kem_id":16,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"07fd5fdc756bb9e7cb4e3edbc9d41dc648efdc8d73d486c7c7a38be89359a293","ikmS":"60decf4ac1e227a54eb92665a0c4c6dd0c623053fea2922168c1f3e702e0a541","ikmE":"b35db1205bfe660921803ec94334747197a76c5689da591539109b24fe2123cc","skRm":"1518f15e4f4bd49d4cf57dc4f8e2df8afc83d3c21ee77645d959d8f866c3a66c","skSm":"9b280e091ad4d85ddaa58e9249e6510e8f81377444129b35f0aeda30d86d0e83","skEm":"554b1749ca575e932cb12238e90803c0e8d3c290b365d99b8b63ad19b335ee54","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0405bc5f5cc9f31d49329185dbbbfbe4a3abb9e06334bf5028e5cf7eedac695e0f558fc87f70c04008c18998fae0c35e082b22a96951e3b638835e8f9b6452497a","pkSm":"04388b1113349d52ef507fca3294237a2f3b2740880e40a7a6302169a764e88f4d87ff3a346f9ab32bfbbdbcf8d21ba4c7287eac36db56af28bf778a1020561e28","pkEm":"047c9e5e8ac6f75876d0376b232b39d3da328066da51892063b4f365f5b42e4605f600b60472111a2ce26ed8db2250a1683bb27db838a7744b5d891d21d3d5e53b","enc":"047c9e5e8ac6f75876d0376b232b39d3da328066da51892063b4f365f5b42e4605f600b60472111a2ce26ed8db2250a1683bb27db838a7744b5d891d21d3d5e53b","shared_secret":"ec4e7ca1c6cafdd309c0d03ddbf187a670f4c97176ba8d75a8f8890759971307","key_schedule_context":"03bf79f0cd476b163da0552371ed2726ff677cb56d40e4670c448d858ff167b9495c71f7837dc40986891dc6db777d3e0e19be3180991cb9f922b6b0effbaa4f9d126d2283b8301d36b48ceb2ad0e3cdc9c830a0de1fa6be934f1e16cd7bdd92c3db68c302c9f0692107fa96713cd8503e2844199970ac9f3f3afb2c0606a47c7c","secret":"222ea12ca34bd9d3940dfe55d6cd9125c470c38abd34743c0529970744e76499645765cfe6567b87a7464d9d8601a3b37cd67e1ad768fd2fc41c08ff3c35e482","key":"","base_nonce":"","exporter_secret":"8ec131437f058d7a038b8a5ade68de8d2616c4694786512362d89fc2930c367b1c2b02f0bcacdf710267acdf4f072bf798ef167346365b58f8a32ad4ab8ff456","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"9959b9697e1d4040a6ddbe70f62061104f9a2bb5924210f025ebaccb9e892f1f"},{"exporter_context":"00","L":32,"exported_value":"3230ff1cf2de214f13f317a7b85531f24fa00711729e6af8a5d3bdf20e774a3b"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"8a97d534bb0ffdc25c6328dda68cc83a29b15396f5a8307677e3092e0320cf8f"}]},{"mode":0,"kem_id":18,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"39a28dc317c3e48b908948f99d608059f882d3d09c0541824bc25f94e6dee7aa0df1c644296b06fbb76e84aef5008f8a908e08fbabadf70658538d74753a85f8856a","ikmE":"5040af7a10269b11f78bb884812ad20041866db8bbd749a6a69e3f33e54da7164598f005bce09a9fe190e29c2f42df9e9e3aad040fccc625ddbd7aa99063fc594f40","skRm":"009227b4b91cf1eb6eecb6c0c0bae93a272d24e11c63bd4c34a581c49f9c3ca01c16bbd32a0a1fac22784f2ae985c85f183baad103b2d02aee787179dfc1a94fea11","skEm":"000ae237a3250c6365acb81ceb2c1d517404bc68e9d6ecbf0bc42cd2d02a18a2944e13d9b11830d632ce4a0348dcbcb479450d6e29c39f5784fb07df25e6573eb280","pkRm":"0400b81073b1612cf7fdb6db07b35cf4bc17bda5854f3d270ecd9ea99f6c07b46795b8014b66c523ceed6f4829c18bc3886c891b63fa902500ce3ddeb1fbec7e608ac70050b76a0a7fc081dbf1cb30b005981113e635eb501a973aba662d7f16fcc12897dd752d657d37774bb16197c0d9724eecc1ed65349fb6ac1f280749e7669766f8cd","pkEm":"0400bec215e31718cd2eff5ba61d55d062d723527ec2029d7679a9c867d5c68219c9b217a9d7f78562dc0af3242fef35d1d6f4a28ee75f0d4b31bc918937b559b70762004c4fd6ad7373db7e31da8735fbd6171bbdcfa770211420682c760a40a482cc24f4125edbea9cb31fe71d5d796cfe788dc408857697a52fef711fb921fa7c385218","enc":"0400bec215e31718cd2eff5ba61d55d062d723527ec2029d7679a9c867d5c68219c9b217a9d7f78562dc0af3242fef35d1d6f4a28ee75f0d4b31bc918937b559b70762004c4fd6ad7373db7e31da8735fbd6171bbdcfa770211420682c760a40a482cc24f4125edbea9cb31fe71d5d796cfe788dc408857697a52fef711fb921fa7c385218","shared_secret":"59501bad207bf432781371e7c9c26e908958301ad138a3332c6315e18215308dc13191d9c0258b88341569ce97dfb6e54f0a4ebf70d19166256c48343de6a9ff","key_schedule_context":"00a0f09fdb725155fff851d16495e4a128f92a4332225913d832a5b87e19a5552b2c567eba65d69b8f94f5dd45f30ba15730e09a0ca1bab72cdd2606fd3e4a6c69","secret":"a29547ce6e44afc8419ffa1e9b9bc17a6c75523ddde5a5ead2d886d021eeb896","key":"829f508524d2cf6fa51616d9ccd9f862","base_nonce":"f9ac336746772688d4d87ab0","exporter_secret":"81c6f475e112ea4139f032e6edc40e55e630d29438a3ab42dd2e92bcde147880","encryptions":[{"aad":"436f756e742d30","ct":"025404c525808e9087ae0f62204c31076cf5d6473f5d9b4e437e03c84158497341d2c941e8b94c8050190c8947","nonce":"f9ac336746772688d4d87ab0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"baa7be6815ec13a92839df33b80ad932862be27675f9da3b6c303a4459c6b9aa472c5bdbbf7f4caece10a0c664","nonce":"f9ac336746772688d4d87ab1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"ddba17de961a66becaa4ce07802260944d1cc3407475feb55183542f9ad620576e44259e4f6f252d0d4af6f077","nonce":"f9ac336746772688d4d87ab2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"d653378704229ee89a108860d833b90ef804bc706378fa0b94ce3866724920649167fd3a383ecc3156f10779e9","nonce":"f9ac336746772688d4d87ab3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"bb4f9b76392ab70953e88ccccc5020e5183b2ace5b9531e178fea9ea4f21363bfe6f22609001ec93bd5e0f3105","nonce":"f9ac336746772688d4d87ab4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"9da65a8cbab1199499de74c6585302cde65d300eaed61123df225261396e959e90aba9fb2387e0d882783b6aeb","nonce":"f9ac336746772688d4d87ab5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"de8d689f22d9653b1d4ac357dbb3808c1ad669b8856d024afff92a83a9c8fe0ab8c3d06d60c998d5dd15173937","nonce":"f9ac336746772688d4d87ab6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"a7b93759457e20f04537af2eca1b7b57978ce493f69f5445e3c487b41e1bc4aea9b140e3a52cb29d2093a2dc75","nonce":"f9ac336746772688d4d87ab7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"e9c684313335567579c18d1c3724739ed2690fff8e0922ea47185fa8fabff2e84e90cc9db99a65691211e95757","nonce":"f9ac336746772688d4d87ab8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"9d777f9f2730d74d9cae5800d3039169c18d3d2ab52f73c5d2da558819ef97e52e08bca8efc7347681e2cbd2e3","nonce":"f9ac336746772688d4d87ab9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"0593d5e845b71fb32364a6b6da65a92bc8c672e1a25019efacb74ad429ba366c89b11239bfac6edee8e812ec69","nonce":"f9ac336746772688d4d87aba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"f00882c077c442d69636b20fe72af1dfa3c63fca37ab5ca4beba30825bf7f14719f58abd537b18166b7455073e","nonce":"f9ac336746772688d4d87abb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"bdeaea110f83081e4bab86bc276017a6d430623f45cb9186b953984732104747b0a338cc0bf6d8ebc3f89379bf","nonce":"f9ac336746772688d4d87abc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"4605d467c055e12f9556940ef8a833da9ce8bfd0917a4e10610029e4746bba2a79f443e5d7601bf2fb14df263f","nonce":"f9ac336746772688d4d87abd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"6d52c220098b9c0521ccabedf427f09114721f5547ceabb5acdb2d7967b6c7500ff521329c61ed22e00cdd6f61","nonce":"f9ac336746772688d4d87abe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"d36c5398d10b9cda7d00e8e40bcbabd58a2ed8bc9764f2232c08a962553587d21cbff5c04599b44dffad38a299","nonce":"f9ac336746772688d4d87abf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"c221f0ed624bcd6817bc1e32131bf80fa83f425ff5ae9f8db8267ebc553648075cdcfdf9d8fd9d77ba1ea008e6","nonce":"f9ac336746772688d4d87aa0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"a98feec9008a3ecddcce83d5de39fde697865d02693b1d28eb16415f2d5ce5ec048d532693520413e793e3a1c7","nonce":"f9ac336746772688d4d87aa1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"e856dbec703ad273006f1b9cb1a21ebfaa30f050ef087f4810e983d6f156ce349d82f8b6e93dc838e0cac3ba37","nonce":"f9ac336746772688d4d87aa2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"845543d5bf22029332286e589b74114a70a2577aca3200cec36269948912d246cdbd9be102791e57ccfdd03402","nonce":"f9ac336746772688d4d87aa3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"a4ae5502547530a38e78d2a3dded9feabbc9c69fdd06c9df456ec2ca3cc43deac1672e72b6858f9fd0db65ab66","nonce":"f9ac336746772688d4d87aa4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"0e754f938a40434b0e8716811f775fbcd759ba9d1359dbb99caa938181ed13449479701447ef11bcc491ce4223","nonce":"f9ac336746772688d4d87aa5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"1addea4fbef7df2f1df94a91dda1d995e528b6447518e53927ebe5b0038ff004c7bdbc0735c416b7d76311b9df","nonce":"f9ac336746772688d4d87aa6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"45477faf5ff1f420767eaccb491f09564d5eef2c5079ef9cfd28bdacb168638d0909aee0bd2e9fb497ff43e257","nonce":"f9ac336746772688d4d87aa7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"ee0e142c4d02c988dd16555be7b622a2286a2af143ebcbb39f04293aa0f717a19e1b447495a1998bae0111d72c","nonce":"f9ac336746772688d4d87aa8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"2b9a25922c5b0cfe036df914105e005cd6d179fe744b07598adc792d4604fa0f8efaf8b78eb0f93bf4e22f238a","nonce":"f9ac336746772688d4d87aa9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"b50ae81289bbd2678680dccb34ed4afde75e638437440e902d957186d896368f51143ca17efbedd7aa3c9f9195","nonce":"f9ac336746772688d4d87aaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"62959ad4f01b56d5b9665ae29ab6c87f52cdd6eeed3fa942b2289bb704c931ad597208ebfa6016d823edf80f1f","nonce":"f9ac336746772688d4d87aab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"957ecea7fed40e19c40d94f4ecf07a67224e4f82f314f61759aec2caf4fecf900414245805446626dcb64d68d1","nonce":"f9ac336746772688d4d87aac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"7123c38ab20524390d281655c0ef9b0d4590488847c05e7fc157d1c21bab8274472530f53f16ebf04020d616cb","nonce":"f9ac336746772688d4d87aad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"51940c314ed5c93cc851f93e3ba2d27f0467432ef722ce4f646aaf6a7004cf7e01c5128549f0a6d1a84fdbc143","nonce":"f9ac336746772688d4d87aae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"88f37a4c4d33364b5f838389c462fbd84265f2c2a2a68f3b502f19cd6fcc85237bd0f7213d798ed4825d258b55","nonce":"f9ac336746772688d4d87aaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"50e30cd5d445d8fe6f79da1aeec523ac8fa4ddee7fb4ec7255f878bc5f897b915f5c0633c14001b1fa9c885d61","nonce":"f9ac336746772688d4d87a90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"2fcc90dd9f3e5c7b37e6ce1e840f6dc3c5a3463cf8b3956cd8ee93fed6cbe6e3c00ab8162493a46023aecb9858","nonce":"f9ac336746772688d4d87a91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"c10a7502bbcce4ab37e177f0298ed000e701828846e818bc47bc65a3c218708b14de7423cc505f17beb992a0bc","nonce":"f9ac336746772688d4d87a92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"b2e3c9bee8ad36ce128c60cf204defb6a7634eda45ab44d6482451ac482f814c738f045b145b1c03929539c1b0","nonce":"f9ac336746772688d4d87a93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"6fd8f1f59385a5a16d1cedbb9a2bdaafba1689e56fc30f245d32a554814ced00207b7933d7a8bf6674a8101136","nonce":"f9ac336746772688d4d87a94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"163d3cdbdc81d9ea061e71c7df3e3fcca65c0d60d494eb9f13e63269b22b6d67859d047fb3b1eee3e8f48ca068","nonce":"f9ac336746772688d4d87a95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"c9ec9636d728b4c05654805c7c973b9dcc4a00648ed29b519f672f4e82632b8780b09bb8994279967c4abaef02","nonce":"f9ac336746772688d4d87a96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"3b27a82742d7f8107b19b7e98f887b075251de8bd86599d3d9b5b3a9964c55b04835ec90eb6cf42a94438b09c8","nonce":"f9ac336746772688d4d87a97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"e5a3ebd2fa2bff41664caaed44a00f9d8e25d4a01424141df7d6c7edc0f426b9d300b756915939748a91f491e2","nonce":"f9ac336746772688d4d87a98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"dbfb011fcf6284f18b7136e1e1777c95882718c937d3650a72324907d07516dab24d19429b1652568c74ceaf6d","nonce":"f9ac336746772688d4d87a99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"5b79e40ec27ad45c1aa6400e0afab0116c3743231534f0c4ad91c96ef5d4371d10fe006c4739290b2e16d5cd33","nonce":"f9ac336746772688d4d87a9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"bf4d97e10911f4cb8370ad499d75a64f71be1836b2e9bdeaa464979451fb5071a5e7c1e90874420fa7c6edf9f0","nonce":"f9ac336746772688d4d87a9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"4a3e1c6cb604444e188ad83ad5c677803bcbc86d39b25b551f93d9f5c62169e70243328667d6d9c8f756697b08","nonce":"f9ac336746772688d4d87a9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"cedb47b5f675408d4251bd120322a2a883d9fcb43198ba06ff9507ba835097ab26b53ca9b51dfad470406ded4c","nonce":"f9ac336746772688d4d87a9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"fff37fb26fb0b4b71c64ea73c0ede59fd076448e3b846f6988f955073907fb30e7c4773749702451dea956e2b1","nonce":"f9ac336746772688d4d87a9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"a97da6bb20887a15f29f19106f14d071601e3d638ff61248b0cbaf04dd834aefa1aa185663170aad6e4281f6ab","nonce":"f9ac336746772688d4d87a9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"a6dd65640dd4e04b4c23ea7e7cf4ae202421e2552101977c8496b87a8da32d6e8082fe14a2585e236056051f3c","nonce":"f9ac336746772688d4d87a80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"9a8d249b90a6a8e5fde4e9c75b8302276bb3eb56456feb199162e668eedadb737e86d1cc02a3bfcd277501250b","nonce":"f9ac336746772688d4d87a81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"51fffa705bd11b376e12e8064a11aaf57d73fbfa887a2df1d99ccccee4a784413e7b7ec6f278a861c554ca4f3a","nonce":"f9ac336746772688d4d87a82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"b9846e47e74498f4224b8c8e535b1bcd7002ca1cf9ef7350fc60c917ffbd36402f89b2831da75f8c2a96038bed","nonce":"f9ac336746772688d4d87a83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"77d15fae3573edcbedd650890759e86792dcd0c0da9dac1050f0bbff3c7982cf0da95276f5f7cf5057a5b5fa4b","nonce":"f9ac336746772688d4d87a84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"ffa7d874390e80c2b76335ca64ca292793dc50357911793a53469abc188633c679e95985e6bd6bc88b8236bb19","nonce":"f9ac336746772688d4d87a85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"0b2775bb9cc5992e055ae8c49f897f898a589e0991e7f5228745411dce2eda5171a2baf9c50e9532748d2055cc","nonce":"f9ac336746772688d4d87a86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"893b477a7a2b2a85ac41f81ee868dc878d5d94f4d50bc92420f3935ffb4310f2b89d3a3a496d7b81f45a71fba9","nonce":"f9ac336746772688d4d87a87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"86797d0bf7d483b12bacd89553e3c79adaf62a75f899b142b7185cacd48d6e43e6aed379ebfc2d31ed6222f1ee","nonce":"f9ac336746772688d4d87a88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"e160b58c3256f86c165d4e2870e7094cd9a1fbd2fed0732110958f3339b6a0423c2af66ee505ffec5d1b98a14a","nonce":"f9ac336746772688d4d87a89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"d8d9971aa01abec23491c1cd0bf57e366db9d17e044e6cfab52b5ccfcab11ef80523c5c3ba0a31011aa6a2c7de","nonce":"f9ac336746772688d4d87a8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"dbf70d5b93248492be7807739c996d6fca71fd0fdbb3e7804b6089cfec0426898374f0b331eb115859ad814c4a","nonce":"f9ac336746772688d4d87a8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"581e82080a0c90d118b2ddca1326e6d4e621533fe993d38c041511e8622fd5af481da9e38ff613fdcee0ec18af","nonce":"f9ac336746772688d4d87a8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"62fe0f048711611332ed6c6ce34df00df8a76d2933c3ec0d9c8e16d277b0acee559bf5a4cf5c534ae0e699fb35","nonce":"f9ac336746772688d4d87a8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"9826a29a509e46410172d22d7a7d73e41ddbd26a557d6b82de04da786aa21f499231243bbb6b4471609fefc60d","nonce":"f9ac336746772688d4d87a8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"f40904cc5272c77a4fc3cf63ebf629d8326ef20d94f643c2dd8d02e4732385183925479b3065528a44fe7bae99","nonce":"f9ac336746772688d4d87a8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"4866750101647a195bb245b1358d58b5741b4dcf0b1bfea142fda598d86862e046d6ddcfd0891c2df1d43108f2","nonce":"f9ac336746772688d4d87af0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"be8ed76a273130a7a2ed4c90bf1704557b21b2b52242a4b57b2bc1445367b7798e76ba89eb3308a3e9e0da5fb5","nonce":"f9ac336746772688d4d87af1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"990b790f66f20b70a0cae77c64fcfed1b30c1bb156e7701ab565c6e04aedd9399c47260268680d28d130777712","nonce":"f9ac336746772688d4d87af2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"5f67096f58143896c4c822ec3f21e82c597bd3d4ed67dfb3144d0f91040907ed8ae0a793031df1c11fe862fab5","nonce":"f9ac336746772688d4d87af3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"8b0c595d308d61537571c8f2fdef673614b62709a040ea98e0c9d829b82620f0f6d1e49bee230fff5b29ccf8ee","nonce":"f9ac336746772688d4d87af4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"01d96ce3ae273803ec8a59043bc9ac787c60f7790190b1188eb1a666009d3c72d5452020f5979047a28ec36a77","nonce":"f9ac336746772688d4d87af5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"1c8ccbdb0f68bc692b59969b4a9d65f00a50d5aefda2ec9ac3afb31a1ff0a1a945ac4a3c85eaf4c88744c2fbd8","nonce":"f9ac336746772688d4d87af6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"160fbfd8bf0f3bf3da05d87034f2eff4d4a3b748754c6c80ab1046ceb8eb9728ed98404f6ba7076012beb40870","nonce":"f9ac336746772688d4d87af7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"b3a3c3fcc25c75c5d1e94859df2cfb4c11a1e3e253e1e4f806b4f5274b47f4b511e50ae1127f9c9d2e45b8654f","nonce":"f9ac336746772688d4d87af8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"546c14f9d05906d12a1fe5cb87f4adadc9083840b55960fa812600a2d756959d371a72017a10672e70ad368bff","nonce":"f9ac336746772688d4d87af9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"21f8c67e5a35d034716fd614df574e5455bbe85467bc9577abe69bdec063da70caf9d3379e71771e9f37e5da04","nonce":"f9ac336746772688d4d87afa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"67cb6181c490582866282a1853ea97637d1550b04b327f35d88eea544b06f4930258de26b4b6b7ad6756544a04","nonce":"f9ac336746772688d4d87afb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"93cebb34f8452fcfa9cb42cce43846149585def4e33a7ae863e6c005342064c1b244bce6c9d368fd6ad0cccf10","nonce":"f9ac336746772688d4d87afc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"032c318be7137ad055215df016cf5f0f1f11c5b8deb3323f87a176e5ce46134c7d39d3d82d04f9190e03aae765","nonce":"f9ac336746772688d4d87afd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"7bd6b92b54190c4db2c364015e9fc44190794c7631ebc5f2bba26c0113bdceceb2db55a7bb4e49dfd2709561a2","nonce":"f9ac336746772688d4d87afe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"e95cd9e4a02aa5a63e0ca1bddc63137dc152836af0d4a95215cc2127e5ae33bc6f38a3cd0799631912689fd30e","nonce":"f9ac336746772688d4d87aff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"e7542c6a65b761d63f1a6be70a9bfd3dcd9d17d43cb0e0e2863fe63c01bda288b6461776fc65a53d26a8cd4f8a","nonce":"f9ac336746772688d4d87ae0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"831589178478175eb393cd4c49cafcc0b5285628c87f6e434a5ab8b72e95dd4864105430eb8749a296b837ebf9","nonce":"f9ac336746772688d4d87ae1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"f13a0b89eb0c4492270fbd3c1f6bba5c9848a760331b424e975517aa583e8150e6491dcbce5fd234645789b619","nonce":"f9ac336746772688d4d87ae2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"bfeb8afc09a5e9b07a53b476f09b6db6712a22d061397a478030d8eb9a113302bcbe38f8a5d82a2db5d8094555","nonce":"f9ac336746772688d4d87ae3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"8b62ab3e6989c0f848ef196cb778e90c8dbf68d13bd159a2e91405c3faef398d2e836f97a46164d9ed044f59e4","nonce":"f9ac336746772688d4d87ae4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"cc986c61d858ada67b13b6b3293abb40aa7c74a8575565c668bbd541491de6aef306b62db8bf925a31a2e583e9","nonce":"f9ac336746772688d4d87ae5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"57cc261e8eabe35f1a7f4c5a526feb335260346cb7e948714c873063e2a84687fc1629761302f5b2b54bd55aa0","nonce":"f9ac336746772688d4d87ae6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"016f2adfdfeb030d433eaf61333d52d99d73cb5b4b17ce42cde2dde889834659c06c4f0857a17e5357a2c200bc","nonce":"f9ac336746772688d4d87ae7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"9afbfe4ececfcc5eb07b90f11d99c705f5988acb9c291d3d4bd1ea51110a4df84e3f18f0ec9f78edd7bb84afa5","nonce":"f9ac336746772688d4d87ae8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"251dd0ea5a4233e91a4e46ebd3122d92e8ff6d5316ae378652942601024b8ca97cb68d9f9ae02e754c5dc3f2a0","nonce":"f9ac336746772688d4d87ae9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"43e313b09f599bc796e4f55ecd85a8a5b51b9d8ddbc9f33e2890389f90cd100dca1624d37b9005fbd2ffde75b5","nonce":"f9ac336746772688d4d87aea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"feb3e3dff33d12709f14f22c2535250c0b6d84cf526e084c119d50d6bff2e31aa1515fdd204dcf85f197e494a3","nonce":"f9ac336746772688d4d87aeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"62940fd3a742424a34ba0555cec5d68c995b3d31cc410af3aeecfd79b7788b816b3341a9cf137e579e24b7475e","nonce":"f9ac336746772688d4d87aec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"29230bff2e39880c2aa97580a079f3d32b5eb39ef5d94d4b7b88d2c94111fab191179921ec00d12fe7f0c0d657","nonce":"f9ac336746772688d4d87aed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"930b4537b71f59182123b48d07aab1e552dd104d086040899a17b8ea2449dc9f9b4d79b0f840f21b29f9e2bd05","nonce":"f9ac336746772688d4d87aee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"80b363c7b69f0ce85950d6a9819b22aaceb8c7b82d5bf7ecbdb5b39f8d615e93d81894ede56e047996d0937c4e","nonce":"f9ac336746772688d4d87aef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"ee221b206c6317ad5c9c902c330d7fc0f8a58ec40f4d8ea9bc3e9e51857f1dbfc6a4d4f9ed448728572bcbcb2a","nonce":"f9ac336746772688d4d87ad0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"a958ae2c0d991cc12262ff66a90bbf3790e01d66f4c9c3a80b99efe82a3a2e3e483a37eef7fdcec3f124bb7354","nonce":"f9ac336746772688d4d87ad1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"81141b21f66d17df71f4802abeabf1be1e7feb53fe7e8819f368e1e5dcf8b057253c7b10a5b9d07aa77d5dd36a","nonce":"f9ac336746772688d4d87ad2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"98e782feb48158458a1f6a75e9a0e57265aca36818ef9e21ed56a7916044cd229bae881658b1ddf3c50ac3f9a4","nonce":"f9ac336746772688d4d87ad3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"aa6df1214fb1322feafcdc550fc950a210767b25a2219731c79665d64d3671a2dd0fdc132fa8693c73825a2b12","nonce":"f9ac336746772688d4d87ad4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"0dbb8b4c020559bec79f0182bb5e339fcab2795beef3f2d39242c784be8b38763d681bd43a7f3bfd2e498f85c1","nonce":"f9ac336746772688d4d87ad5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"a0e253d35a3d824adc4f64163c263066fc0292d2ac86080a97936ace378d04dc9ecfd87006ef1f20db56d6ec84","nonce":"f9ac336746772688d4d87ad6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"20d9566095b475c7e7450641f019ad20c36907be05c41e05e867689f4c1fe8112477cae27d2718a5cf2f96c370","nonce":"f9ac336746772688d4d87ad7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"f1bbae0d534c66f1d11edf9f30e7e588f58eac53da7ca8bcd5e4b826599c3dce39e89e8faa83b50696030b5409","nonce":"f9ac336746772688d4d87ad8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"293c9558f83e70a044220696dfda783d341f494ce64ab3a582c6ba10ec0fb22305961c835f8635028bed1ee041","nonce":"f9ac336746772688d4d87ad9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"436724cd876a9238f706c26fbab4ab81b9980b62bd9550251ed1e916c2acf93068ba113c8ab602f8e44b1ecc07","nonce":"f9ac336746772688d4d87ada","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"91e33b4238a7182d57e2463debb4bb114f04c5a57a8451778716787a238bc07677aee4e78f01519cc61dea40a8","nonce":"f9ac336746772688d4d87adb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"fabea8fd0f58a7c53ff6972cdcfdd31fcf6b0d10db02cc1e9059e505c7fed448d608ded3bc8203ff9f899fbb5e","nonce":"f9ac336746772688d4d87adc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"3e45db2cc711aa81c88fe56601a67d107fdc7c5889ee33aa35441a5bd2726d59d7b60dcfbd748bfdd5b5a04ef0","nonce":"f9ac336746772688d4d87add","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"254df71d4e08311381cb03df34b60a6c1de8c62e21c03608873066608ff5f4c29aca4a5b296d2c9344286d798a","nonce":"f9ac336746772688d4d87ade","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"7ff6d26d926f40b31e45579f7a5c8a4d071e510f5f4b7ef557c3270a8c4704b85de879fa54d9a1bb456f4075cb","nonce":"f9ac336746772688d4d87adf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"d0b250050cda822b3bf8a5a27742e6bdeb948dca7228f5c13c787cbb3a2c10c5bdb14f8e4c53226b5d5db71749","nonce":"f9ac336746772688d4d87ac0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"66a6dc61aa2408df763e941810dc00585c7db1731ad33ebe7727de7d4d40c71f3b4d153ec7f830a201850e147b","nonce":"f9ac336746772688d4d87ac1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"4ed1630b2ccf832bee3faf315b86788e0c64ff9268fc1b9d1656b6b42b1e31418c2baac0959c0900eb62260443","nonce":"f9ac336746772688d4d87ac2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"6d1f1e7dcc42fa99c43dbf10996c7da37ea4a29e9716866f7a6383764ede0ebb82a547621bd479c6cd9c5d7d3a","nonce":"f9ac336746772688d4d87ac3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"02de8d1c26a1ce92d7ffbf8c09c14e4d72c744c919ef3b43105043fb449c671ada0840f2a4781c7231cfbaa2e7","nonce":"f9ac336746772688d4d87ac4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"8533c2787f6c1b73689e200a2f0f8e2cc7c20dd01ee72421d0ae00664e767cfb5a26099f7936820cecf092ca31","nonce":"f9ac336746772688d4d87ac5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"569d1847fbf97ac5ed1c445f4ea527bef4b2108e309247c9dd6a76f62357b4cb1650719c1b65e9e87eab041694","nonce":"f9ac336746772688d4d87ac6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"0348b2df7c40cbfa4bc7f4da28a58678d68c6c0c8a03f5e112ad97cbf5fb00327a724c0fefacc8c2ece280a386","nonce":"f9ac336746772688d4d87ac7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"2583fec4137aea28c8453d09afbd7616edc21567e5346db23f0a8df5d6d4a46fc118c6156afe3048685d737f54","nonce":"f9ac336746772688d4d87ac8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"f68c33392b810569f1bc8bb962c2d521a85f9c5dd1a042b57829b632a3c2426d5386daea4c8d3771611c17d313","nonce":"f9ac336746772688d4d87ac9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"9d74b00e92534474244bb052f7b3e46e9e1f09fd174684d7b5007dcf270d1faee627761e96045547126b1035ec","nonce":"f9ac336746772688d4d87aca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"6bcc8ded1aca1b5789dc20588b8935d7c1df199541a28647a3b656ada0dbecc79cc8d8c110a2a28e4a0e8a6e33","nonce":"f9ac336746772688d4d87acb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"003126300a845d8a365d18ed5e03eac30611aa89123dfd38ab7eb882bfbbd38146f9fc7140b3c25738e35184b0","nonce":"f9ac336746772688d4d87acc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"c7fb3bc7e478c54728dd5094e859325e0c046ff6814ad249562c6247ce40e47d5f157a377a09ccd0d5dc0b5756","nonce":"f9ac336746772688d4d87acd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"b7329162c5737b44c3fed68bb5fea26c0b4481514238d579aacf970527508afa2e4552e860e056a9ff2c0c986f","nonce":"f9ac336746772688d4d87ace","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"4a576f7d5d27f684a0913b61bde07fac592850961adc23b8da1008b7c9b1cafcd491713f933b5e3ce164677246","nonce":"f9ac336746772688d4d87acf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"555cf0fee02f2487894e5fd57998b38c54033973984075a9698d6bf64e4137419a91fd2309c49e68da8547014e","nonce":"f9ac336746772688d4d87a30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"2bcf0549d2b9927ebdf432bff26bf6463b42df194d706b126a6ba435a2950ebbde1355f70df6086c2c3059f310","nonce":"f9ac336746772688d4d87a31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"53775b960cc6cb86a54062d46c22d62c51e0509982755386af28e1ca2d1beb27b6d8cb272f610884e693d3aaaf","nonce":"f9ac336746772688d4d87a32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"0d92925fad8937003b00314f88004b842773f61d3b95e7af8eb84020a0c6966604afe3269cb79f626093e33615","nonce":"f9ac336746772688d4d87a33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"ee88b279ada96d519229673c1c8e4389b47e04666b1477415c0bbceea380467f450eb34a3f1213fe84d0162268","nonce":"f9ac336746772688d4d87a34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"eb5b9bdf4ca445e51b8f45c8e2f9af8f673a57ec86b6425f06af9b5e478980c8891a1862a3527972f501945b9e","nonce":"f9ac336746772688d4d87a35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"1f6eac4e07908ba1f77ab56bcddf865847869648e559b44ecdbbdd5d7a6133deece164c20b078c8a0e37fe440b","nonce":"f9ac336746772688d4d87a36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"f1f39b03c1b8b496ab5de5ac79cb1a6ab8f9cbac6f7948d62c5a8ff966cf7a95b7ad3e5e538e1a9a957bbff611","nonce":"f9ac336746772688d4d87a37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"285ff0ad0d78ee6b937d1abd1e4c0c504e486efa75b6f346c2cf5b048ea240698b3b9287b8a017358bea511274","nonce":"f9ac336746772688d4d87a38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"b268c716b88662de087f8db6f815c585d97aeac5fb3ebd54ee329503467271ef897c3e439f586cf2ed8d0fe84b","nonce":"f9ac336746772688d4d87a39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"2846b2e532eb76a9c186c45b7305df4eda3b493a1afd1d0e993644eb5c9466bc78c808a5739564d0f63145300b","nonce":"f9ac336746772688d4d87a3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"9f58fd98bae49bb057d31b4b1a95ccece6a4b59b86abe21ce0531d2a441bcc67e1c226cccbad3831b195635434","nonce":"f9ac336746772688d4d87a3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"494d9ddf0db73c8c18d2fa70360f090892c2634d670258854ba1532a05911d1ba3ea90b7dd741066baca4fa7f9","nonce":"f9ac336746772688d4d87a3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"d9680f9d06fe78dbe017323ef3e012bb7018b4977ff9a55cc4e941679ecbb9c7e884072fab3471dd42d6fdd6f4","nonce":"f9ac336746772688d4d87a3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"e835dfbcd72998d2e2a66d0fb818f87fc25111daabfb4bffa0f7979d2be6d73deb6e5967712753a12298d342a6","nonce":"f9ac336746772688d4d87a3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"5786b13a0c28542bd9b21dd7a2ebe401c58364d174164499d00dbd15e8609f447822b69e5781f0595f46d03569","nonce":"f9ac336746772688d4d87a3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"44fb688ae0afecd86f7b9b8199ce8f673244c712da33e0e980e9c33b453c3aae80ee682cc4f11858203f7982c1","nonce":"f9ac336746772688d4d87a20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"4af425e30b700244dbdde5b609866688e21775268ff2866e030b467e68895fc70a4a3a44367d96092c942f3e8d","nonce":"f9ac336746772688d4d87a21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"a9c79fa34cb87551911f8730da661d850c650df27944810820c9676948c08f7346d1d270730d218d7431553b15","nonce":"f9ac336746772688d4d87a22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"96c438227b17f618a69e4527cf7d1da814f0fe549bb19fbf48a9f5edfa828f8c942b56bfa28c4788f7d169144f","nonce":"f9ac336746772688d4d87a23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"59b00b69651ab02905cea9fb6ebf2c59ad150bdeb281b9a102413fc99467a41e8bcf948293ccdccf541c94c4db","nonce":"f9ac336746772688d4d87a24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"70eb6dedc536b7fcf34a5c440f4c90b24173b919a788739cbb16a9e97a129a1a1c2d9ca8242caacb0dd1286ff3","nonce":"f9ac336746772688d4d87a25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"ecd025a4512b0e2a12d3ca4ac73ee5df17eae82e8468078e4872b2c332e9947ada261e30358c9b39fc6c0f368f","nonce":"f9ac336746772688d4d87a26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"110fbe0f458b48d1271926fa047c7cf7914d13ef718dd5ae2e55ef03177c34433789645249a6c3177a2ab0bbfe","nonce":"f9ac336746772688d4d87a27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"1ed077b6dce585cd5b4bd6905f87f5399fb1c521957102d3a9de3680335d30b5b4fe6a86693dca71c160cf8dcb","nonce":"f9ac336746772688d4d87a28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"be284f8bc355054ccaa7b0c69fb69817736c5c6dc20acbce2b25a0e308cda9414766bd8dcdb6aa9cfd1b2910d4","nonce":"f9ac336746772688d4d87a29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"83e199ca242d433df2f8c3e6cd67bbd478064c897f0148ca16922d25a48d78382ed7ee60e222f932bd9def7e22","nonce":"f9ac336746772688d4d87a2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"274bb4b0d314ca2ceb665f81a76953362c3eca97572d1780556120b8fd90660e8b8aba3c0332c135151f2993ea","nonce":"f9ac336746772688d4d87a2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"e64fe6f7f72d524d7f1120b6260a1837ff4ae082ab8367312d84fc26c00879d6bb10c658e2ee496f790c7cc050","nonce":"f9ac336746772688d4d87a2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"daf96a28cf1a02bd4d4525bb2a3c75b7e05d22af4e68478d4332e822086a1e60290d589f36ddb1df2bd1543274","nonce":"f9ac336746772688d4d87a2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"200990524d17840827fd04f6aec43ecdb0f302d6c4b8c13d8bab14dda1b90bdb9b35838f123a9a4890616c04f4","nonce":"f9ac336746772688d4d87a2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"1d236b7d950ad48d77aa4225194dd1f4fc11968d40eb9e9e092af991ed9cfd66d015e5d0e6350e64cb99c8231a","nonce":"f9ac336746772688d4d87a2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"519b3443a9f5fbc71a9377759f0d084e14152f6e8309ac48b0cf620e3d78e6ee9bbfecc0e1688bf1b40eb5b902","nonce":"f9ac336746772688d4d87a10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"69324e0d0409510a8840b516201e34849e991ae630846447548f40a57d416c236704467540230fa8133543d993","nonce":"f9ac336746772688d4d87a11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"9af22ddb14c465c59bf270795118bd86c7b0562e386ecd21e226431687a46190275e800ac4494d1e35940b08b5","nonce":"f9ac336746772688d4d87a12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"0f420408e542778d1a257df1d44e99471475a828f76976f8d08c09ac8d46947c042d62176699b81b12e730605d","nonce":"f9ac336746772688d4d87a13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"8e6c0bc574dbb8f2570dc1a54b9b6da32fd0f0b956ee58121f8904226d5670ee308e9ace0d2facbd05acef1133","nonce":"f9ac336746772688d4d87a14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"38c5ec5cfd725558fb3b4d09b75fa92b2dc54cc8d54eb3bb75b758bbcd85f74f6ac522d228f02a65826bc54a2e","nonce":"f9ac336746772688d4d87a15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"e848479603c40d1cfa5f41a7a40832eacb846c9e53896f74bf36298e24b9a05cd702ed82afd8840ad6e3ffff73","nonce":"f9ac336746772688d4d87a16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"cc8f1f33a6d3910158ceed5257ef78f3ebbdd7a674b8d264d62dca1a804d6cbab6f03518e6d172617a52159811","nonce":"f9ac336746772688d4d87a17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"bbcf85afb92823ab244e34dd1e60f31b12aba17c995f163d437f53ce17a88791211160de67b20680a43be02c3b","nonce":"f9ac336746772688d4d87a18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"f47b5066ff68d6997fe439c20252c1d108a46acf630c558597ee3dc9f980e813f62fd27fa2359caf20f5e833b8","nonce":"f9ac336746772688d4d87a19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"da5bfe15a2b49a0e76f82f8f5bf851923c46a7c01eb376c60057f40d59382e7928de7249f4129c9f7313941be6","nonce":"f9ac336746772688d4d87a1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"894a0ebd838341e4b18ce4408f694ef4ee5c48d162beaa8c9fa8c4ec3e9be6e2c698c05284c1a554b02d139236","nonce":"f9ac336746772688d4d87a1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"83b96759cb5d22761ae3656c8954b7aeabeb0b7cb704a5347bc62a499977a7ea3a51d463b391b0235675488e47","nonce":"f9ac336746772688d4d87a1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"1975f2594e7db32fe9d45d9b250a94f2260b5403d2f3df492bdcbc2c5b66cf5d50eeb3419459632cf0251b33da","nonce":"f9ac336746772688d4d87a1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"e4e519c5bd7c519e9ab678bbbd8aa44ef7b1a1b62ce71d1abb197f2f75cb1341f5408e10398bb895b16522ace3","nonce":"f9ac336746772688d4d87a1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"d3909c9909c99a2e2825941cecd41f3d2c1e84292fe10e87fd9aefb9408992f0a553f1681321e04cbeac1983e6","nonce":"f9ac336746772688d4d87a1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"c30371f271a20e6696ab6960dd78acab41f0d66de320eb69d95964e9e86a4af6b6306e6be90afe6b108264ef28","nonce":"f9ac336746772688d4d87a00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"13d0f5b4ee662f8d6609f5c09ecb06632d5a569eccd28f81044b2bfad45727eba65823eaeca5ff74986d334f71","nonce":"f9ac336746772688d4d87a01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"f79079baead10bb48a22d020185937d6c2dd847c4c5dd1c2f94254af69a1b4267fe30f8a20e7d35881a1512729","nonce":"f9ac336746772688d4d87a02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"3bb320557814805e4852996d7ee109226e73c9f5c5665325f4009f110111c67f14677e2c104b15a9b18da92d1b","nonce":"f9ac336746772688d4d87a03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"84bb746441e523a41796f73d1f5194c62d2be775381312e9ca6cd0b20f7ea930459ff39cd740fb5420aa06c418","nonce":"f9ac336746772688d4d87a04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"4d3c3e63a452921bae5c2fb72c8aa16dbbed3329ab2ec8606d2a656239919f997c6049be14783be1f390eeeab6","nonce":"f9ac336746772688d4d87a05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"41d512c8927defaede26d076a8ff36617cfe580742e60b4f723395f106eee407279dc22141e7f6141b697158ad","nonce":"f9ac336746772688d4d87a06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"773b7ed5d29bbaf1fd0bf2beb236aa9e53dfd1af835fb7e0001ad70d057f7d2954c3bef822d0ae702d2b6afadc","nonce":"f9ac336746772688d4d87a07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"cf50f3ef596f8038cb539d0310822cfe997f5bfd60291171ab8d36142f3029bbd5c24f82755273c52ce2e6efbd","nonce":"f9ac336746772688d4d87a08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"86bf653e1a28f454b0da8be2dabcb593982ff1b93ffd33d2a4098b7b1992012339ae5e62c6aaad3560c9ba9e16","nonce":"f9ac336746772688d4d87a09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"9c51d021f53b36f80e10c471a50db1302efebac72d6ffee8eac11cf412270417bb42230b913cdccfabd579db55","nonce":"f9ac336746772688d4d87a0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"3a7b181bf1974b6ce3549b2a4cac922d25d77ba94d3ec0c31e45a7d625335af4ef65c862641d13a7ba497a8ec1","nonce":"f9ac336746772688d4d87a0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"1239f4e2e9a142bcf90723cc963e2783bd4ad161a9a08f1176e7d0235f39e1cc0f1dd0db66c5bb31ab3cbfe8f4","nonce":"f9ac336746772688d4d87a0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"6d684e75e10433186457609ce7e131a948e382be4a8b3e7ca61e444efb3e692cac3e2b290fc3a63475c964b41c","nonce":"f9ac336746772688d4d87a0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"ebd43eedec7b3f12736325149cca53d3aee69695e613a7c8b9346359487950edd62c27c865fd7f86c584a8e44d","nonce":"f9ac336746772688d4d87a0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"ef47ad8dc4e43f538c176d61626213b28ee334f2ab0a75c8ee9eaf419bed61c38840a2f2f5d1772df80dc107de","nonce":"f9ac336746772688d4d87a0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"518d5a2febc53d6e6b91259016f1f0c67a86ad7944a5d762b4657ab50ca340f94cf375a59f1c943cf87db60839","nonce":"f9ac336746772688d4d87a70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"47c2685128af74c1bf408bfe6d63577e6a615f05c2ec7bca6cbc20604d3690bf382c0fac1d6a6f03f6c42cd492","nonce":"f9ac336746772688d4d87a71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"3656a456bb607d8bb7e9b95dbf83a33e9c753342b940b846d9bc3290cbd646a97585cd63b8b78bc4957da24704","nonce":"f9ac336746772688d4d87a72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"280e5998f39581a0e46e8fdd2ccc5e5ff0f68b2f6bded50d80f95116299ef0b29ba170941990c57f83076928e8","nonce":"f9ac336746772688d4d87a73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"c493b380841d79eb7609a7bb543b9a79952ccf04756271e9339f56264afbbb5b3fbe216f9abba565b04e8b26ce","nonce":"f9ac336746772688d4d87a74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"bca1eeefb953a59948b09b11e6e4109663bceb25d818db58018620faab434aafed9e770b4fad8af13f4fa70349","nonce":"f9ac336746772688d4d87a75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"fe07442e9261a0ae03c5bb1627115c9c96cfee1c58e4ed5ba116d9b8711179aece727e9d0b54917f3a5ff3a652","nonce":"f9ac336746772688d4d87a76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"ee7576978d3ab92dfc0697cf0434105e82c13a49451117815365c2137a60f2e46ca16fa3690eb78284df574f7c","nonce":"f9ac336746772688d4d87a77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"0d431e8545d1afea4e8d4d0184d606f9708a2a28258d962f764378794d776f18c9039dd79216a444f887c434a8","nonce":"f9ac336746772688d4d87a78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"628f3f9c4257f4f5e758a73e5a33a417d7e93243d7786da9cf72fec8fdbe189a99a4e316b27d431f529ae6a8fd","nonce":"f9ac336746772688d4d87a79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"d974d34d681ec0c4c55f1ce84bb6977bf858ce4f69e23564e04bf0e2d8d2d12fd00725a5186e9bbb84e77acb68","nonce":"f9ac336746772688d4d87a7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"b91b081c105c5df3a89491e9a743a538d3d6182455a41e1995ec0123235510f13cb7f37da50b1e77eb168501f7","nonce":"f9ac336746772688d4d87a7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"a318bffddeea369ebab2feba90b7972a13b963aca86e0336e2143570e687169f094a4e9386f149b913221b07e8","nonce":"f9ac336746772688d4d87a7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"6602ab83d4357565311442bf915b0a0ef379e376bd96ceb2cdc81c690f87b7f69f67ccf3973a41fd796f7a6cec","nonce":"f9ac336746772688d4d87a7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"6a2662976b996c94651c393bbb9c24fc7590d82a2414e6162a2c8c2ae9e95bc3dfb8ff418e22f1a9ea4f2459a2","nonce":"f9ac336746772688d4d87a7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"30caaa0d9a5ef2275f80975d8c9e07dd41afeee14781d28af403fb09429deae952fb3671275bd8e18eba19e584","nonce":"f9ac336746772688d4d87a7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"ab1e60575a3e022860462a53b1afa492da3a0788efdbb8401b8fd8493270e502eee92c3d1f9119d6fef9ef660f","nonce":"f9ac336746772688d4d87a60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"840c256dee5a2750276506b4b07368ea2d3811dd8bf34fc0b3bd50fe90ed9b211d96ded5b7329d9a6649a07dc1","nonce":"f9ac336746772688d4d87a61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"71e3e94c1c3fc23296143e3f85ee2604e53f209e7dc444754bc39d6ed78015a15f89a301c3ab51687f5720ff1a","nonce":"f9ac336746772688d4d87a62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"9362be2c984aea3196a00adb433a8682cc10074f998c131da71a227e674b4aed6438366a5f6daf9138b583f295","nonce":"f9ac336746772688d4d87a63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"9713b446dba4c9d4e9eca54d95ad0eeb09bbeb7cc7fc34cf40ba43feeb657b16b165154e914c6fc30ea7631e38","nonce":"f9ac336746772688d4d87a64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"8534b511f3af47b396c2283f3dc0fd38520203b1f4aaa76d6ce68f40ea99b03dfd3c1e699a928ae384f951f249","nonce":"f9ac336746772688d4d87a65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"cc8896903099299d7cde4941223ab7a9f2caf31da978b711df5f1440343f7cf14ea2351f175ee05251ea03b44a","nonce":"f9ac336746772688d4d87a66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"b4c794de926b77b10227cf41850e7dea5bd295216c86744ec657074dbc51bb27cda5ca0fcb32261b9b6180df21","nonce":"f9ac336746772688d4d87a67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"4956cbe618b3507fd758619ffdfcae115075fbbafdb5ab6f8a867029a9c066569417b7f95cb65bfd58e1ec9677","nonce":"f9ac336746772688d4d87a68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"d06c57d454d78e21004060123577a4832ed5a3a1fd0cbf283719c95a974d16613192117a0f145f4c069c0c2b93","nonce":"f9ac336746772688d4d87a69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"24cb455948f07e656363d5309e66cba4281fc0563452d8f1038af33574df2a2aa23aecbfd0e8cf966e859e764e","nonce":"f9ac336746772688d4d87a6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"0fb73deef7387109df46bc2615554fd54886fdc75b4bb3cd1b2c51e97a9adc31661004df9a632f8cc4ce29d054","nonce":"f9ac336746772688d4d87a6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"55e55d2ecf862a18f664f01774341aa7fd4c227dd529a25e99a3d41d7cb4f2efeb67d9cb245300f1bc3f404db3","nonce":"f9ac336746772688d4d87a6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"c2398340756cb05498414c1c0882cb6019af8c58a3f64320e3bb06988caff75521fa98925167a8aa3df91e5866","nonce":"f9ac336746772688d4d87a6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"dfb741b48fc463dc61722f65c7e2cfa421e23bd7914b77d6eda32ad74a9c56b0596e377570afd441b8f63fe081","nonce":"f9ac336746772688d4d87a6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"5dba5545cc1417b621d60c65a45fb031b41be238a1f141d471b31f30369a35e72462985c5fed4ce99c56b71c3c","nonce":"f9ac336746772688d4d87a6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"5834faa151cc1515f1882953b5255724c000362d89094c4e5ba91b20cbf5bb818ae342bfdae31bae490aa21261","nonce":"f9ac336746772688d4d87a50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"39af0f44bec085512a4518d35d9e281e3e92c2d797fb30c4ab25a54337fbd75511442358e80a48f0d741052e6d","nonce":"f9ac336746772688d4d87a51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"2e81f78801cc8c23648ec7a029903dee811de406d098d1952a0ec2151651fefe4f3f46c26e2a90603085a5061a","nonce":"f9ac336746772688d4d87a52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"9e3c8699bf429bc7909b74161728f2306715c2e553e239a0efacb6b25f87edaafe078cd6682607f5b49dc4e30b","nonce":"f9ac336746772688d4d87a53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"b9a6a8078e90b009d124f7c6513c697088c8c17b1c657aa3d26a21dc30ce856c9b4d1fdc389b6b39a0fe76bb21","nonce":"f9ac336746772688d4d87a54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"f4184e9f4398a57cb598cd4ecb84ddb7553bad350e8d09fbe7baf061b38f7829ae7b62b999d3ec2669451068b0","nonce":"f9ac336746772688d4d87a55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"3b56d0db42c659bd877ccce85e005e290fa0d31d96e3377374d9f614278510932c28131f0a93ee60ccc2933a14","nonce":"f9ac336746772688d4d87a56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"416e86730a6ef0a044df5a69258fd6673c9fb7ee6ddaf8146c734cb1c3e91d864a772df1624b49fdab30462b03","nonce":"f9ac336746772688d4d87a57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"ed42929ce60d32a262c05bc4906ac3c5add6db981154b673d1ec3e28327822bdb66e8cde5092aefeb9f75c767a","nonce":"f9ac336746772688d4d87a58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"22e04a1db44845f3d01c8f1da11010f472ac8ed66ac1b702529a36dae2df036527fedd9c4e9581405fadff70a8","nonce":"f9ac336746772688d4d87a59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"3b14da56111676b48492e44b952424e0ac2fedcf8288003ec3c262ece3b71cee750eb88e825aadd6ed8149bd94","nonce":"f9ac336746772688d4d87a5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"f3eed65045a8028a9203bf6de64b9c89bcceb414636eaeebe9e5d2ec8069afa67a57252529eaf34b0c176397a9","nonce":"f9ac336746772688d4d87a5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"cef496066e0c55e4fe012f1de8959129ef07322ebdc6d48d0682b6b7c6acd0a95139b9191cc2cc195290676a52","nonce":"f9ac336746772688d4d87a5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"92754d31ca991f406d0493f79a7cfca9821b3a3a268329cacb21db0e4b757216544b11878d7abb3f11c09e7b21","nonce":"f9ac336746772688d4d87a5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"09cb99c033834aaba514c6fc35ae7b5c46b04bc21ef11384dea956a34d65f02ef857442baea357b90155470f85","nonce":"f9ac336746772688d4d87a5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"69c88322cb8a7cb15f69c998676bd4ec3ca31d51e041253f66a5abca3d09dc781a6c360ccea53f632755992f45","nonce":"f9ac336746772688d4d87a5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"d450d6b7f4b5767e4a31f566a0925c7d5bf4422955c14872fe942bf27d2997e66931265d00d348cde9e205fb8e","nonce":"f9ac336746772688d4d87a40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"d317cb5c1eae592cdd91742cfb8599951af9d15939cbeccfd317e42d777b8b1fb3c8633c5c1a9a0b7b80ac6f30","nonce":"f9ac336746772688d4d87a41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"36fb43ce08b2b6b8fc8a9bdcb04cdc48375d640ce497a3040a0ae1e3942e6b6a0f846be4ba073fd8ff5d23d186","nonce":"f9ac336746772688d4d87a42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"ae7bdc1e720a5fe926e8cf935fc4aee922f0cb9d7afe41a1f35afa7d23f5e441ff9cf6e66f9a8158820a17eef6","nonce":"f9ac336746772688d4d87a43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"28adb42abc7737369fb9ffed424605135b452f5dd931064c794180a7489bd93e78a8bf445fff46710cc7d83898","nonce":"f9ac336746772688d4d87a44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"3ebac470d9e794095f822b84db033c7f5e16569f2a6eb96601f1f02ca3cc80b4e3c0db7a598ca52cdfb769e1a7","nonce":"f9ac336746772688d4d87a45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"59081b3076f0e801cd6bcf0fd8cdfa13dce34086ee01de25ef53f73803261f496dd9f1c517c297358b8ac27842","nonce":"f9ac336746772688d4d87a46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"31738ce3775ad18f175f712ddd06c2d6c3ffe304f8eba580abd7aaff82009f2493e7aa6d6ab0181974b26b5bdf","nonce":"f9ac336746772688d4d87a47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"ba47dd509343a6ae179c94275bd3f1d74cb8d81fe930baa48e6f7468c6b10368730df1899b97d6f9a44508e8ae","nonce":"f9ac336746772688d4d87a48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"c835750b6f2b0b86a5610340a8620218241b6d59e328ce32fb9f90c6c13aad587c2d056804348bbd6dd6fc8c26","nonce":"f9ac336746772688d4d87a49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"be94ba5b18ccabe93de38654ed436c5979f5d83c2bd761172f5214e6ad3921cb9b3803b0bdcac1cc1197a1307f","nonce":"f9ac336746772688d4d87a4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"2a5d941a066f2772e382de7dae5f57e0a0e1d34dc9f1e130092be11e4ae0a1be87249a1a966f4729e98055bb8d","nonce":"f9ac336746772688d4d87a4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"55747348661e0349423f1e7badae4b1133965df82e19b5ccda7713efabbb78678229da259f65b23fb798d49e69","nonce":"f9ac336746772688d4d87a4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"ef08d04225fcb38786464f98100850b4b3fe85593003bf2cf654407196bf2928ffe511918352e8bc2f23174888","nonce":"f9ac336746772688d4d87a4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"71b448bccce4bc70d7f1398866604d7f0f532d8cdd7c258a4fedad7595a63f2810605d4aaa2d067e3b9aa626a4","nonce":"f9ac336746772688d4d87a4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"3d61918667f167cdfba3319275362b2aa2899e2cd252b95c063008c5b474d144c8e7ebdadc0a470197c4891e4e","nonce":"f9ac336746772688d4d87a4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"6213c7c2dce765f87eae5376493f8ae7d2af2a27aa72e110924f77ce7a37db4c774392b1f2b557f56e086d8b90","nonce":"f9ac336746772688d4d87bb0","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"9b36d9cc29b33fa931e3065f4490b7a084f1c91ebe6541aab102305b5b8c9be6"},{"exporter_context":"00","L":32,"exported_value":"befb79721b20a53fdccd9af50e8f7e823dd3516a68c4357145b94412e96a2326"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"2c1d9ac662c578e0739fdd44fc98dae7888816c3f779853fbee596a987e0ef9b"}]},{"mode":1,"kem_id":18,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"3c9a57ce2773fc44d2b03a9fed866e9f8dfd18bfc844c4ddc254fe0c836643b9fd3f54ce090caf5f07829fd017ebdf4b4340857985f21056d5a2dd461dd61da9afce","ikmE":"1948430536ca540c53351ae59d7a22408f1a0f201c1387e238ca8c52ea162da7ffe27652fbbfef9b60b66a039c80853a4224c01fd83155a17373c92f3d41bc254943","skRm":"00e28b0281c417a1db047b20dab9eaab8c57fcde9f82becc94356ae168968107a7f9507e77a77f5946840ed5107b8a77eb53145815e942f4c01d251b91272a9864ea","skEm":"0195ebf694a7d579ddb5537b6ebc3c998f62ffc44deee53b73833765c2cc776cfae5a72f5b7d3fddbf854c6a419908c299f215cb212eff21ca6422a43f68689ce8c0","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04012e8e7975a4bedd89c4536917c7696011ed70dff9d3743e92421e4c515d0bee54613b84a48fe6eb0dc5c397ecc8e10001ed3a52c508a32a556126944bbb04468024007555833b07bab58559ddfc0116ad8dbcadc2ebd54149140218a3042c0c916df7ca952f9061977d29150c51534c5a790230cae9df06e90fd4c5fba197f4f9414e62","pkEm":"0400557890041cccad0afae552ccc920f6e1242830df929fb0c552e299463471d16b5537c27c3627e46aa6decf5d0b600566592a7c4c315281798b37fa9874cdac3f050150b8429bf35a38250341eadfee6ecae5cd317dbc9262d0b3a6c44efaa555d26822bf7fc370e75dbf1db5ceeece20b5ae7ed8bd9f384226a4a43aa33093b15a8be3","enc":"0400557890041cccad0afae552ccc920f6e1242830df929fb0c552e299463471d16b5537c27c3627e46aa6decf5d0b600566592a7c4c315281798b37fa9874cdac3f050150b8429bf35a38250341eadfee6ecae5cd317dbc9262d0b3a6c44efaa555d26822bf7fc370e75dbf1db5ceeece20b5ae7ed8bd9f384226a4a43aa33093b15a8be3","shared_secret":"753ec759fa73213126a8d5eed5f9931fd70a80ae52626ed46f70d0b3d27725f8cadee6d6bdf3553804e03962ce66f659e12a294429efe6841ff475f4a2c6a8b3","key_schedule_context":"0185f941ad2fe19e65926871f90dfb5e99425bd648b6a9d0cdff515181110e0dd02c567eba65d69b8f94f5dd45f30ba15730e09a0ca1bab72cdd2606fd3e4a6c69","secret":"520581ac0407a90d291b8311a423f210cc936eedb7d7b666cf8efd417ce53447","key":"674ceb6b6d927faaf7f6adfb8fc3c024","base_nonce":"cd67bab65c8acc84e73c2448","exporter_secret":"1549772bf8739a6fd35bacf3607b3ab636f1779905672f25e441b8819e3b0b24","encryptions":[{"aad":"436f756e742d30","ct":"5824d9da9f1cdfba1fd76bcaf5f80f65947b9d68dede981638a49d9a61256f3a0dfe77db6a4c9c8ab6d37e9952","nonce":"cd67bab65c8acc84e73c2448","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"0d5ca9cad33a22efae094f4407b35b49ae3e8d5ce3267d0362b290da8249abafaf4822b64720f19e9ffebbd752","nonce":"cd67bab65c8acc84e73c2449","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"2ef5075ff75280abd457c08a68f38be98fd151d6093a7f4ef0ddf1f23001600455b08a0fd0186cbf741e9775a8","nonce":"cd67bab65c8acc84e73c244a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"83ef074054e9f7482f0245e22e8f0ae209384267f90af2dc80864b1122391bca522a297ee47afd86e4c35a5560","nonce":"cd67bab65c8acc84e73c244b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"1e11e50971fd556507d654369cdee2208c9879722f6d562a18c1dc70bd1b87468471e631c93b50c640dbbe3890","nonce":"cd67bab65c8acc84e73c244c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"042aba7ce4c7b51db1a71ffbcb2213fd98d124552e8643819bf333ff0f594b470b13acc5189551a3d345df2ba2","nonce":"cd67bab65c8acc84e73c244d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"0ea73260700862db71cacfe55fb93ad314ea16845d2a47f7735a246a5f67da95e76dbbd93fcd15683e36aae1f5","nonce":"cd67bab65c8acc84e73c244e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"2cd21d6b15fb1eada88c25983f725f789990d6b9be024afd132a1ad4af5c7d93676f5ee2fc768c26fb6fc3dd68","nonce":"cd67bab65c8acc84e73c244f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"c4e43cb994c32960ce1387239052d0b734c0e32ebb2e176ce02bfd671ebbd73f8fc9630f4f07a8dda69676e71c","nonce":"cd67bab65c8acc84e73c2440","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"957ab0a202e1e9f4c18c1633dcd56c019270970106090ead604c7c0cb3f5e3bdd2c5cd0312d076704e0c6d7c56","nonce":"cd67bab65c8acc84e73c2441","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"1d3c751cd302e6da7d0b31b8d98277656695d29103db9d655ab86813eeb13044adbf5450bacfad074e2b54c79a","nonce":"cd67bab65c8acc84e73c2442","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"2d1f31f2932b4b23b30b6aa25e042a27b957f5594627a857d40dca9f3382175c4180181e00b751730140dd325f","nonce":"cd67bab65c8acc84e73c2443","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"ecd1da6b94c038d8a9837b39f72acfa3bf2b8a698645292e9efc760540fc1c4582cfb449b05bf84af130a4a12b","nonce":"cd67bab65c8acc84e73c2444","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"ba8ecde73eb0b7a87fa7e2999c16814f321fd2ea5dea32095ed3f18d87ea667186f903c970f02ad0e781e48d29","nonce":"cd67bab65c8acc84e73c2445","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"ac0ebb508a30b2ef4cdc6730e8f779830b919c1e79baa2e8db40a577637e82a648b538287b7e0a336749c260eb","nonce":"cd67bab65c8acc84e73c2446","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"cc9b8b36529ddc1273358f23df3d0a344d923c218892a185663a8ee60dbb27e964a3ade8fbed0d78e31b666dc5","nonce":"cd67bab65c8acc84e73c2447","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"5d3ed7c591440d523658cfa8773cc062a8f212458dc251f08ffb7a6961c3d7f495eb83b5f0a117a0474d4064c7","nonce":"cd67bab65c8acc84e73c2458","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"e158ef89e113d7b3dd1927be943035cd7f5a2ebb65cacbf1750cdb9dfb7a297803d0a1c20398de584d412cb495","nonce":"cd67bab65c8acc84e73c2459","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"6c35a9e824f185cbe42f3d4804e7ccb415c4321c1d83a96ce29bf40b08c80de37ebc1e526d6c894335f98d002a","nonce":"cd67bab65c8acc84e73c245a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"7ff126a9301c0325084a8a25d2efe4781353616144bcd3eafd720dedbc9a4daaeca0de5dcec013f0090b57b65a","nonce":"cd67bab65c8acc84e73c245b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"505597ae64bc712adcfa9be6a62d3ac7182dc82d8113276375725a911a5bb1aec56ec945b6325975360a3f5ec9","nonce":"cd67bab65c8acc84e73c245c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"e3bc642d6ce5e076f2d7dab6eb841ff7ad7e65c61a9907335ba9e9f6c4ce6c9377d11af79f21a884e932775c4a","nonce":"cd67bab65c8acc84e73c245d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"fc96e0ba663f5c76e3fd8fdc181a54f353d1c7adea895d9ec8432eac9a59943d104814668e3667f0d068273f8b","nonce":"cd67bab65c8acc84e73c245e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"22436ac80576e9e5238165fd262b1d339b11d8e6dc8f0812cd4aac084d2811f70289040a1bd1c56a3c8c3d2b51","nonce":"cd67bab65c8acc84e73c245f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"e46c5810252ba27534446881df46d665806c6bced3bb2a1b1ce65c80cde86efa842193f3b98edbad03d3332d26","nonce":"cd67bab65c8acc84e73c2450","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"51c8adc9ffebb7d417dabd2766013d22a65ef9b071e25225230e1f019a97538943421d56a889e863d17faa6962","nonce":"cd67bab65c8acc84e73c2451","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"17abc0bea576d77f86720cef4f62c6fce3910eee0fdf8884d09c654dc3eb47fe9fb2b6db27658e1e98ee3de04d","nonce":"cd67bab65c8acc84e73c2452","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"4bdcca9f683f29f30ae2ec477d2cabc6f46d283399a18037aca6b33bf42885d1b0b5564bf351a411a01471cccd","nonce":"cd67bab65c8acc84e73c2453","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"1b9e022c94d2fb4a6a1ab256d755176b5d639ab4caf1981d8a7641e33c7ebf757ffd08627acbf2bcbbc5b40729","nonce":"cd67bab65c8acc84e73c2454","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"1a47a5941ebb580b9317bdc0e896de42c4bd8a1b6674c7fe8606a2e84561c42f8647fed365dc260b3747a252ee","nonce":"cd67bab65c8acc84e73c2455","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"be2df5ca7f4e1d9024b26ed56b1ca965d58bae0d1bc83d89e705634698f1de4ee8d0f16d567eacb62585b1ad79","nonce":"cd67bab65c8acc84e73c2456","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"dc2b239626bed2758abf8457cd601a71184e817ec6574586421ee03cc7046f800f2394c4821eae2ec4dcd70b5c","nonce":"cd67bab65c8acc84e73c2457","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"fd58283c10895a820b43b81fb23447d91bf82d755938fd558513993987c4d7385268da836dc9567489bd9e84e6","nonce":"cd67bab65c8acc84e73c2468","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"6d132f01dc60b3099065d4e06ceeb2039104fbf982932fc7e3ba1b6030974ff3e27b8bf3da0b7516050d58be01","nonce":"cd67bab65c8acc84e73c2469","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"c0030b68cedea16cfa6e8f36ecaf85f6053393b12e4f62e6d0bac03306a735338a73784d4c902c7a5f45ee9cf4","nonce":"cd67bab65c8acc84e73c246a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"c03123c026ae3fe5733367bf3c0dd638c3b9956c5963dd912ec980284a8a890668eeb7d74669e7d7dfba377218","nonce":"cd67bab65c8acc84e73c246b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"37d644b288ce26b49f2eedbf4ae9427360494236e428292d2ae17a6b9e15ba3e99ae5cd885c979a41b933aa63a","nonce":"cd67bab65c8acc84e73c246c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"f1cd732c268edb6ac3664cf54f419313d210693c46bf243df3f460ec5b2506df2905b55f0e4e06e6c3ee165262","nonce":"cd67bab65c8acc84e73c246d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"0026907dbca47b8ab646a2638247bf3f924a88ddde173c4c5cd1bd0ee649b0884bc00d612aa4934242e4e8d6ad","nonce":"cd67bab65c8acc84e73c246e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"f76ac31f960953e5b6033639891f99686cbaa9ced41bb966aad88c9c6709808489cb1cf02cb038bf5097071935","nonce":"cd67bab65c8acc84e73c246f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"2f4a687ed2345c36749d790b53b5939dcd4483c6907e961adcfbabd342f2a394012cc719fba2e38c1b43016403","nonce":"cd67bab65c8acc84e73c2460","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"7e08bc6de9e41cd8d8c45dc573eb937b873d1a68bcab0992cc606a4fd63f49d0485e8d5fc173347e173c63defe","nonce":"cd67bab65c8acc84e73c2461","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"129d9a1cacece5311618125489d394ed536691ff49eeaa0e774e8bc443cbf0dc73c85436388c79b66351f59898","nonce":"cd67bab65c8acc84e73c2462","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"075c0bae0b9cf59ae59af87455e61c8ef0b66fa97df7362afe2e6e309e4088d29ea5a9c82c71bc6f232c3f830b","nonce":"cd67bab65c8acc84e73c2463","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"31d2c57aef26b1e0521abcc8d6daeb5e9f42a84f5f38e4c688a580b5362af574a880acf29acbff4f9845e1464c","nonce":"cd67bab65c8acc84e73c2464","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"6ef8090a96e6c556e96baed124629a0e39b7bf32d73f9836827df6f3ff253bb968da5f5f8bfad0d63ac00b3175","nonce":"cd67bab65c8acc84e73c2465","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"bdae6d67abe101374ca8a77c1184efc5bb28c9de15369b00cbde9d864c1407c9a10939ce3331576a71de1cbdac","nonce":"cd67bab65c8acc84e73c2466","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"c69810490b306dbe91bbd1ac83e1ebf45fab7c59cdd6c661f14c60573b75e0f98edb949bd4baee4e30da78aef6","nonce":"cd67bab65c8acc84e73c2467","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"d487f0d0cf057c8f8593f0136a259695d928dda7fa05f1d872a66f3cd05fa89058517ca2ef653ef86ff0ce4587","nonce":"cd67bab65c8acc84e73c2478","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"e243c413e3772d85487c0aadb6884040be5a8b7e8b527193b455973fcc091d126af31e41bbc0da9a24a1d63613","nonce":"cd67bab65c8acc84e73c2479","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"3353f6f998f28110a5fb687f50d040d57ffe69cca67c380e402e3a1d5d85b83d1210b4e48932ea49a22cdb1e58","nonce":"cd67bab65c8acc84e73c247a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"e5f56deee568eb67db1c4f3808fcce581d8786cedddaac4454d357e5d32ef5301354934e70b3cb3bbfc96e5c4e","nonce":"cd67bab65c8acc84e73c247b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"2fe1ac4932af3da1815ae455a2efce66f8428527d3aec6bb589017b29f720f99fce463f8a2523094e2e1931660","nonce":"cd67bab65c8acc84e73c247c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"a6edf70d28a3e6bea43b6bf3bd00fcc9abf75e2b7af80a0cb53bb6d645f931235c42f56a4a7ca400e523d87aa2","nonce":"cd67bab65c8acc84e73c247d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"84f7513c27785ebbe14829a9c6038d9d70ac3180c5e61e75be8db2e1070e489e5b5c9c877bed896f111096e479","nonce":"cd67bab65c8acc84e73c247e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"e5e1e36db71c9c4508f2170142ad8cd357458510503d248b2f48ef9ef440281e0fead9f8d22221f0e44b3d5577","nonce":"cd67bab65c8acc84e73c247f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"7c0ecdfbf03d40375d0bf3a8e0f3542ce944232c33600f561f43c42e24b83cce70c966ab48ebb073d06a4a7452","nonce":"cd67bab65c8acc84e73c2470","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"99953ea0050ddefc800925e443b922130a7c050d916b651627cc3ddfee091c4a98255e08044bedfac6d9e00c45","nonce":"cd67bab65c8acc84e73c2471","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"c6c4a5fb253b264533e2a9f1ab87ee29299dffa6b3e89a147e00c8c8c639c339e160ba4f5b1fb3e1ca951a6389","nonce":"cd67bab65c8acc84e73c2472","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"5cf8ea2959695882c9450c154616ba3eebe225678745a70586cffe3159bb2ad609ab8d3461afeb16289d3d41a4","nonce":"cd67bab65c8acc84e73c2473","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"9d475b635641dcb577d0febbbbe20e5ef25e428dceca69ab05a6f7c7fcd1b013ed9cae8f25035c1239d90a8503","nonce":"cd67bab65c8acc84e73c2474","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"5feeae24f1ce907cc9fd4a487d6fdf9cdc2047b243749569af4f50ef1210c7d9b4097f2dbae1ffe808fcde7ee3","nonce":"cd67bab65c8acc84e73c2475","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"4f3b2a55f753981cb5b1825f74ac4aa1acdf4c0ae1b5d2ad61c7c29789313247d840401d04d0c9f92eaee8a33e","nonce":"cd67bab65c8acc84e73c2476","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"35c1104cafa4de42d31b94b65aad8ade814bcee96efe41b95b958b9135f5905759062e50e5ac9ad542e5a4d3dc","nonce":"cd67bab65c8acc84e73c2477","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"1b1b7cc01d1f649ec8597588789a86469d97740dfdcff3210116c6ca29ddc02790eeeaf2e8ee50293f027d4860","nonce":"cd67bab65c8acc84e73c2408","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"b76ed1a06a6bb11350912c0e397499e95dcc7bd245406a0eeb0af67bce1cdb4cf833742ad9f92afb9fbf80f67a","nonce":"cd67bab65c8acc84e73c2409","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"31d18f5deb70638caaf25906b75c7fa19f6c4d081d951244120a0df9b1e6a53b5c7ff636654e2dda618316ec67","nonce":"cd67bab65c8acc84e73c240a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"ae225aeeea7c8600fd77817f13c539e7510d567c4c51c55033defd2b57c8f0b1da8c20d62432748d6436dc5e95","nonce":"cd67bab65c8acc84e73c240b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"53bc587c60c09effadea85634a6735efeae7948300d0f9a5af7f785f5447b90ec4fa5d136777bba396cb9f80f6","nonce":"cd67bab65c8acc84e73c240c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"69669f03fc094af47091dff6f10effb20e93d8e82e154adb71c1a02314a3ea8f2e4b9ecc52757e7bff079a1a9e","nonce":"cd67bab65c8acc84e73c240d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"0028eccefcab1b3d627d333ca1a1470595d6dfff3d4fa4454cf1887fa392d11998b2106001026bf394f935f7c9","nonce":"cd67bab65c8acc84e73c240e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"4037cfe310dd0e0f59e5760b57e9230eef5ed25fbbeaa9f3f8ac3e77d2833e7eac936127e0735098d704aebca6","nonce":"cd67bab65c8acc84e73c240f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"8ef0ddaae2396a0d54efb8dd62d5a1ccdd7e3fd853bd1ec9b165be9fd45a02bbab6ff237e192648c6672af5d67","nonce":"cd67bab65c8acc84e73c2400","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"0d914368300eef00ce181966ebb6b8278011bb2b44e7a525214057d70f475dcbf395a278bfcbda196f8f6da87b","nonce":"cd67bab65c8acc84e73c2401","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"cd8907897439c3c0f7aaba6dca37440168e44f56b6a75f7aa3eefd0932e44f09d166cc0911f7f5a39d69cb7fc8","nonce":"cd67bab65c8acc84e73c2402","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"ebc5e04a148a3c1bf9ffcb7ece49540b9445fab7dcc1472f8b2ad236640acb08bff041ce2b3f0880dbd490f105","nonce":"cd67bab65c8acc84e73c2403","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"42568199627cdb39f9924b3ddf05c362c141984fdeb6199f0d876c1c82c259d37c0c1a6ca5ba1b53dc25273d10","nonce":"cd67bab65c8acc84e73c2404","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"d0fd74b7ebdd2c3196a197a4901fdbdb9008ea1b4e6e1429686282552dcafda1a0fad69e50ab0c1dd73b912c52","nonce":"cd67bab65c8acc84e73c2405","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"7c23e38ddc61480fb9d18d4491fef97c699b55a84fedde050df009ba701591773ebb5a8ad8cec5ae889d467672","nonce":"cd67bab65c8acc84e73c2406","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"2e47cc478eeb5f7d7c38a2678df4084d798abc58cd5c5f262f1df6bf2997b8485579f7d907be40ab9e4294abe5","nonce":"cd67bab65c8acc84e73c2407","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"d3ab343c017720965ebae58e7d38992c5a40a3c67292bc406f3aeb39238d899f35757e218bc01dc8527cffb3dd","nonce":"cd67bab65c8acc84e73c2418","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"cc759b8482dbbe629a94aa2eb638014f2440c16a5c446e7d33954d8fb5c3e541e644f86a6afe29e991face59b6","nonce":"cd67bab65c8acc84e73c2419","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"30ae84f5bb09b4f2c08dfb0393bfd238b1fae1355ccd1342aa2de6b19205709a16fb19fc2e79ed2c71414c31c0","nonce":"cd67bab65c8acc84e73c241a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"31c5c37f32d026c598b31c8d7a5ff72053c9381e6378cadbe2b89362ae39382d12235e5e0b2700a66e19629413","nonce":"cd67bab65c8acc84e73c241b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"cdd6c44df4e85edc39e085451f37e348a82b9eb20c6d5c8b9c41d60e1089c27cc69d97f889b640c1530015393d","nonce":"cd67bab65c8acc84e73c241c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"8c9e497c5f13f7552f2d047bc1f9c997293f9d45f638e61c0c2e5e167f601c30cab7040b889837baf5be237d81","nonce":"cd67bab65c8acc84e73c241d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"b1e37c2cbd6c9d4af3542e02c96a56a1da68b6a3d6a5b52b737359a9bc83eb4e1baa8f70d08ff72d3e47a00a05","nonce":"cd67bab65c8acc84e73c241e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"5627cb0806331015f4015f328441cc05d029f10def9fb56432d300e49aa38a21faef3d03e65fb747d1edee8756","nonce":"cd67bab65c8acc84e73c241f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"699b0d562c1956e943c34b98b66ea80cdd0d491240b616c3cc69bad2060f5502f912df4910b45d48d78240258a","nonce":"cd67bab65c8acc84e73c2410","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"5bb242fb197ba4450285f83cc25131d602e9913bfe7ddc3e1d17b48f658c0b885f0d15769001ffc0b0b3c1e0a5","nonce":"cd67bab65c8acc84e73c2411","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"aa083723c1df43a05466d9c2c8c38ad8a19191a0573513cf4dfdfab75a2759a1d83229f1a2eb91837e4251edb5","nonce":"cd67bab65c8acc84e73c2412","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"7df47bad4c5b3ef3ebcd750b68242b747d4fd18c5c231802937b3e84de3b6f01213add96b2e324999a30a9ec07","nonce":"cd67bab65c8acc84e73c2413","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"56cbf0102a566b698168b31d439d5ed8f7ddb09a3fe487aa2e17bd8ea0e9d259e688017ec7ac278470afc476d5","nonce":"cd67bab65c8acc84e73c2414","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"20ddf076e1f314d895d19c096733c2a63a4d4d4c22ad4d5a02bff8ce739c7f7e5cb0acdd3f497ddf878def53b7","nonce":"cd67bab65c8acc84e73c2415","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"d3980dade6c8109b6b9ed6629a3f38812586cd0f6de915a6b9e5c005de5e143bc6234ade323b1bb2ac257bb1fe","nonce":"cd67bab65c8acc84e73c2416","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"50dd5b224505f9f5ab9673e211f6627fc33518c114f189aa5e4bc6cb9c155e8d57ea150017bb9155e2d05d4243","nonce":"cd67bab65c8acc84e73c2417","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"c421f6f368b4e39800ec8108a4950bfabec521a22a4460a12ca41769ca09acda9e54d8934c55c692d3ee1f05aa","nonce":"cd67bab65c8acc84e73c2428","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"a9b7ec28405061a1877d9be7427e88a9de2a7979df8b287081c5ec6311fbe349beb1381f018c4c91de3a0d2a5d","nonce":"cd67bab65c8acc84e73c2429","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"5fde98bc809ad2a3dee110d41286cdbb92f46eb2ea36cf571bbc257a813c2343ad841e2cebd5493c0c2bef963b","nonce":"cd67bab65c8acc84e73c242a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"13d05ef6a750ae9207d015c9937b9d134ed5daf1c667bbe19fb67c44fbe5f8ece4b90de9d7196fbebe74f33312","nonce":"cd67bab65c8acc84e73c242b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"12a63f9a0a05d601bfdaafa3999077fde8bfac8bb4188c843d579d31d48cc0f5e9e6bcf8f2619aa35d0a5b7d79","nonce":"cd67bab65c8acc84e73c242c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"c0743ff02f16c7f78aee49db69aa4dd8de1aeaf929c8bc97c485ec14f6860d4033852eaf4a7141a14259a0fc92","nonce":"cd67bab65c8acc84e73c242d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"31d3660dc4f6116e77d599ebb38ec95d3366f4ee8cc9c9182c5678dd028334a5451dc3aaecb753a0b59bb598d2","nonce":"cd67bab65c8acc84e73c242e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"7efafa46f02347dcc349d4c4c2180b7b4a3acb6ef8073ed5c3b6306cd158fa6111e1034c6ca0cd75c2888ce221","nonce":"cd67bab65c8acc84e73c242f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"af29943a3c9027622e9a79ce505227e51f2e6951a926a0e6893330ded0bf2efb60a4fab065185710a9eaaff0c0","nonce":"cd67bab65c8acc84e73c2420","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"ddcb783fc26ef051aa91bd3ea1a4b56a6175f6ec481978ff1fceebc045df1be2666038ceb16015d844a0b2565e","nonce":"cd67bab65c8acc84e73c2421","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"a1d45cfb64be56a06bb071c296ce8ec096da50cf5aafbf1b4f081202e5b7ab4a07dcc7c57f2a3ff05796ce158a","nonce":"cd67bab65c8acc84e73c2422","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"738533be446f716c486999d52204dbaf9ba272768b6a36521b6975a576e35525d45e3d9874009c4ef4eb41508a","nonce":"cd67bab65c8acc84e73c2423","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"dee3a233648c20f2d93105fa86779f8edda82c02f2be33deaf6c41631b292da20c82205229b43f4e37d91ba1f9","nonce":"cd67bab65c8acc84e73c2424","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"d1bddf578f598cc85bf73b0de0e62d23589a7ee536786cf1e1488365e5be935a06c0e7fc2700590f3c40e37b5c","nonce":"cd67bab65c8acc84e73c2425","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"48da519fb7f82eb9788993ba97d8cff4d0fae358a64506a44e16bd627f193e5f39cab67a0e69b332a8ee05af4e","nonce":"cd67bab65c8acc84e73c2426","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"58e54ef0d3996114ec1e4091b5a1ef93da2f3803a4a946e05b4a74763c54a28efa3bb26638b01c9b0c2215367a","nonce":"cd67bab65c8acc84e73c2427","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"f1ad78245f5e442e3622e1a75fde5d34c2e84b3bae72c5b2aaf7beddd54e488c69e1e88c4240321f6e9932b48f","nonce":"cd67bab65c8acc84e73c2438","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"3e50a7ae3ed9625d1bbaea8bd6f4c0f13a0cc7a8963869f7fd7a33678d86d175f5884a0c32fa61106243e5a884","nonce":"cd67bab65c8acc84e73c2439","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"32e2ea0fd755d71f2e9acaee4ac4679c2f6aa856881418f67a60e52099ce704b26c11f7b7f52f3e0d39c3e1ae9","nonce":"cd67bab65c8acc84e73c243a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"fd0a28fa7c6ae2b34703a0823c509baa81569184491dd284caae5c1ae86b0f4434a047b84d6b5ba5b718c3a197","nonce":"cd67bab65c8acc84e73c243b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"2eaced3aabef474d1a4df02ab34313f953008148a52be065880ba71ca0142dd0f315fb3266ffd0a1ca51382101","nonce":"cd67bab65c8acc84e73c243c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"061b57d209b1d5d6e51c8670cc4424574d764ec259b49385caccac5346678e2def4e6070db66a9e10ded807238","nonce":"cd67bab65c8acc84e73c243d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"07e294cbe1d01bb53511fea0c5cd334106867703b3e7d8448af72cc6b2dcb2c10c809bdb2cfe3df2c419fa9706","nonce":"cd67bab65c8acc84e73c243e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"87cb65f03b1cfa047d1ba91794123298dc11fe85da47c9c399ee7c6f2e0a15a5be415a157ea6ea1dea40b4776d","nonce":"cd67bab65c8acc84e73c243f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"934b5e7a467fbb357c6c9336af86e2b45bb50de364511b72d9f556260d9782cd0898092a8ccb7c6338a752cad6","nonce":"cd67bab65c8acc84e73c2430","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"99dc0950594766c62c07b3c17506a0c466c6a04b3d91d814046a01a55a2a4ede6685fd6e55f1a7e196b8269241","nonce":"cd67bab65c8acc84e73c2431","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"112a81702e31ba733203e3c43a2fdf291383942885c41bdd194529a7df1fe174577ae34263843f0154fca038cf","nonce":"cd67bab65c8acc84e73c2432","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"e867c765b5fd216fb0e7e83717724c3bbe40afe2b1692d64b9279f8a78f90fdd3dbcf6f1727247b712c9b9c1c0","nonce":"cd67bab65c8acc84e73c2433","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"9a0f115ddacbe0101aa220e72c04a77dafcb3e1a6a9054e6abca12ce91a75c665430278b2a4f2536b69307eb66","nonce":"cd67bab65c8acc84e73c2434","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"7e931104e1901161864945c77ccf5f872f25ab8e97ed3500ce2950ddd405dfa1dbb97de00df210f48600901806","nonce":"cd67bab65c8acc84e73c2435","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"f7c5bc203a8aa72ca63e49f08af2bb29d5776949fcb282d5b70363ef3ee56372977941aaf21487358264180a44","nonce":"cd67bab65c8acc84e73c2436","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"2c18eda6d41badd1db30c03a974d3b49b9517f17e9bb569ab4136063834b156aaf45e3110e067bd4d92196cf9a","nonce":"cd67bab65c8acc84e73c2437","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"e8922ffaf6eef4e7540f2f42d0685045930f42294f1a2e331bf718351fc742f4d731ca8c27280e2d94960a726a","nonce":"cd67bab65c8acc84e73c24c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"1d5188c5b1e87f6e00b112c0fd81ba391dd595bc6ea0d18448879e165e022c6478562bdad0006172792089540c","nonce":"cd67bab65c8acc84e73c24c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"c45cd5a30e86e3535170f42db9eb776c29c728e7c3d634790015ec534d002468359319fbb5a707f11032816566","nonce":"cd67bab65c8acc84e73c24ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"71093f6b3eda47509ade424eae0c1f174e0383bb33d8994050579c87a5140e56a94463e6abb68ccc5a3aaed74b","nonce":"cd67bab65c8acc84e73c24cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"d066149453bf018113393fff07f70f1d4cd73109dc457367ac0b1da0b98d60f297a7139fcbb1b7eecd718e21ba","nonce":"cd67bab65c8acc84e73c24cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"442ccb73b1c1dc8fcd95346cbce955e2e17c6df320662c37c5ec2edaea33974b5bd36ae02aad6b7a35d5684bd8","nonce":"cd67bab65c8acc84e73c24cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"65cb5f9ffd5a86636aa003a81ea229c19b4493d68936098534830ff8667c7916426ec1c19498a8fb8d2d1de62c","nonce":"cd67bab65c8acc84e73c24ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"15f95c15ac7c9f71cb906f9511563e58841d8c01f799da519c13669b2d2cb5725f8ec2c64708632e20e7edeb90","nonce":"cd67bab65c8acc84e73c24cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"f676d05f8185b41da99830d8e7810a0d7e262082a160891e5ba2c80dd73432220203b17da6d300428abd115674","nonce":"cd67bab65c8acc84e73c24c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"c997bfcb518600b3bab9fe039620311f379cecc9736854840ce6ebea3694bfc0c1b2b177924ce0a67a8a74a8d7","nonce":"cd67bab65c8acc84e73c24c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"a0525d5af9e1f94f4b5c91587ac6b01317ac73e5850c87980bb35b0ab7a97e797fee4077d52797341a5d711f0d","nonce":"cd67bab65c8acc84e73c24c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"55fe0a4fbc44ce613b33a1d2d26456c97a8c7678afe7214b016f67c9e2759d0910de377e6c6c4b2792da8459a9","nonce":"cd67bab65c8acc84e73c24c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"8d031e6f657b542a8bd7a4e82f8ac62ea7da2d19e1a89cf6a76df1506e4d8efeb2d9331ae6f5378cd2f88fa1cc","nonce":"cd67bab65c8acc84e73c24c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"ac5ca065c70772ac67bbdb82ee7b88e17e237c87bcc417eeb3d16ed736608278e6e066832f5201073662d00094","nonce":"cd67bab65c8acc84e73c24c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"78e137ecf682732f80dfd1e743646bb11fda1d002b86d508f23750c8a4c00e71f6fc85bbd0ce7f9d331bf3fef1","nonce":"cd67bab65c8acc84e73c24c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"b07ecfef21bfb6982cb354590c6b5592051c59c693650ab122e3b7fac15d0b2b2556ab596cfb62f0412ffb2f0a","nonce":"cd67bab65c8acc84e73c24c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"648ba65809dddc9e1ec1ff6285f20479ce0d2f8f1055c09681eba2bd80622aeed6073d82b70327207e0c6ff20d","nonce":"cd67bab65c8acc84e73c24d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"4c59f69acc796993a7877a51e8f37237d06298b0ad13922d5b22074c6740b4ba75105d8c41cc0ac8e3b719991a","nonce":"cd67bab65c8acc84e73c24d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"f33586002d1163b07429e4acc7edcf86e19c9791880da2907065130289b1f48a744071f1bcf2205c7da7c48be7","nonce":"cd67bab65c8acc84e73c24da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"bbe7ddf3f0e359319f44a33fee0006b00e003acec98b5e4ea036ad9445cf4e97be6b79c0f93dad9419db780589","nonce":"cd67bab65c8acc84e73c24db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"e20d396783d55da6db564478fa05a0dfe37fb4785f62d5b8d9ce7a4c85cba5e35d68f664e466664d566dd19e13","nonce":"cd67bab65c8acc84e73c24dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"938bffa38caaece28ee7ca92d8fbac9c96d0356a90bab7d550b67057568154431daafa0998d3bd8dd85f0c910f","nonce":"cd67bab65c8acc84e73c24dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"67b45205466a33ae7303831fec29ca745488cb8e83a88e07513f2d6ea1c63e21b8dd932a1da79979f47a561740","nonce":"cd67bab65c8acc84e73c24de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"873451c3cc54a0bbc5ccf95ba3838e25718101fe50a839f247b1718e5eb036cf11d22cbc376e32c97fc7ae058e","nonce":"cd67bab65c8acc84e73c24df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"a4e690f9a2d643b22f9a45866213f6b20df93ae942da3f0ccf3ac09e908d6b5b8809d6414f983f3656620c1949","nonce":"cd67bab65c8acc84e73c24d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"ad1e893f7bc526d4c4e0debce721f08c5be31be16a7d8521adf9e400b9123ab8e07a1257cc5252197df71dfab1","nonce":"cd67bab65c8acc84e73c24d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"1f90ea7614d14acc7a9786c92f2e8cf05e68ef9c4724c708fcfaf2edd2e2b5f827976ee1c42c4e2368f7ec98b1","nonce":"cd67bab65c8acc84e73c24d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"03d25901ce02e0a0f6f4932e2550c18303afdc8f6eaf81ee050c35398c235b1c56a4f34dfe4c18ae27d5276508","nonce":"cd67bab65c8acc84e73c24d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"44bf0e44b2c4e90bcdeb9e8441ba7211038dc6cf9c7105bb04f28abd5519daf9ecbdaeb573c6fb16675cb66837","nonce":"cd67bab65c8acc84e73c24d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"8546921087ae32304d4d344e01aaeb3dbbb138d5c83ce056479dcb65057d887a5af31d30f4476adea61a868ad3","nonce":"cd67bab65c8acc84e73c24d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"64e938cc7a507d3dc8f29c19df8ceddbb0b6ba94a443613a04c93390c6cef6efaf2b1c66858505fe79c6fdaa46","nonce":"cd67bab65c8acc84e73c24d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"87ff7b0501d39402b0918257a847de5b5395c0c2bfb531eacba112310bee4cba9a11d63ba84645199be4b9cc4b","nonce":"cd67bab65c8acc84e73c24d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"0fb1eb4afa0c839d9d5d42cd728079f3c3fa7729159583e7cc40838f6382dcc1c56ce902be9f3642f4615655cf","nonce":"cd67bab65c8acc84e73c24e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"5686144a9fa02e6a7d481259d0c96ce2694745a25293f4ff24bfca23f88551e53dc673c35e7171ff5c5219d87a","nonce":"cd67bab65c8acc84e73c24e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"73b3139feffe9d8774a6070406d812e63e2ebeb94d3f707182b396368a7520db5dfbffab219b3a1337ebca22bc","nonce":"cd67bab65c8acc84e73c24ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"a4dafd059e68f603d9604395362b8a9a3d93162e8c8ef38899dcbb8ebaa1607e9557601f8fe72c63cd2b8ca831","nonce":"cd67bab65c8acc84e73c24eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"1859e20eac27af09bb16da8f8c85fb6d8cc247729294ae52a3db1f1d643fff2b2292b75cb5f991550fa2b2a131","nonce":"cd67bab65c8acc84e73c24ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"caba509e4a031e0b9a326b1d1ab45b28d1b0bc04af4bb53661a23c42d6a067d5df5652a1f92718c57bc54a77f3","nonce":"cd67bab65c8acc84e73c24ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"f33fd8021d9292a518ee71d5b0fbd87a2fb2862e781b927944db741c963eb71889a854e6eef39739172567849e","nonce":"cd67bab65c8acc84e73c24ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"7d48b6e3e67714ff98c82956ba62326b53d4198c8168e2ee11d8fe4c415fbdaf3ce47a8a3e9151b907417f4ad4","nonce":"cd67bab65c8acc84e73c24ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"d9a809169271ed4c592522e6b04ba133351df17d2f23bd61671d13c2feea6080c239a7f2c36b2e6b59c1072cdd","nonce":"cd67bab65c8acc84e73c24e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"558d371851baa79692890f6478ba315e43035f4631354396c2d1fe544b4c04c123cbbe6625495f6039d1858493","nonce":"cd67bab65c8acc84e73c24e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"65070a92d5d66121b518fb2ccf79b919c5ada5829975fd848a8503a53bd0cc180954ac6aee2b01b98fd7c2d2ec","nonce":"cd67bab65c8acc84e73c24e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"373f77288a9ec84534cb0f9dfb6774cc68549f2ce26a6fef99365acf87ee71e57dbf9865bf6a462e232a85fcc9","nonce":"cd67bab65c8acc84e73c24e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"54f1b9aec6e04ca232dbac22a3ca175456e0f982a7cadd2e18be7683ded6a3f46d239cb37341c14509cddcc754","nonce":"cd67bab65c8acc84e73c24e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"59cefa9712070ed61a82af65dde98c452dd9ed2e60691626e5294351fcb0645059efd53c777d9e38f949c47199","nonce":"cd67bab65c8acc84e73c24e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"3ac0753a17d35c8c9d0f575bd788d6f0800d2f087ce84fd05a0f9250e7f2af7dfb21a952e1a1b0fd7fbc27ff29","nonce":"cd67bab65c8acc84e73c24e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"2e26ea35acdff2c17d7dbb30cef06e9ffe4cf0e700e2dd8e6f554ca6bc6566a330b0a6cbd66034d0269d9020b2","nonce":"cd67bab65c8acc84e73c24e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"f6852fe2df11b5c775e8fea64b9229e4b04d5472486d7b5de2cd5aaed7f13cfc3a090fb595e9961040686d79a6","nonce":"cd67bab65c8acc84e73c24f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"c77d502cb23b0db5dc9a45d04cded3e904422fbc29594a699aacd34d6a54deb9a647003c73aa9280f54536bfa4","nonce":"cd67bab65c8acc84e73c24f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"3ddc5cdb4be288ab8aaa58d3c08a6db94aa4bbeb3d420d70620b4156508d4b768539b7c51101db23bc21227507","nonce":"cd67bab65c8acc84e73c24fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"b2f8004d3de957ae32301c18c39b85eae99467bcd68ae315db6e4528b1be53eeac957a28beb2241b6a4fcd80d7","nonce":"cd67bab65c8acc84e73c24fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"3fd72d8ceeb0e9d0767417c3f694eee7fa8b19c1ffbc8544d163af905e9c3779583ad3ef69c51e5a471cf00af9","nonce":"cd67bab65c8acc84e73c24fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"ce2cc138a8dc23d9142ce774a3d35c27de50b72fdc770e7f78b5ea311fca7a2cf47a3be7e950f0b1a80a8b2704","nonce":"cd67bab65c8acc84e73c24fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"2245707bcffbe1baa654e4799af41c474d0cf52930597191f6fddc1ef5a568baf47860aba1163db8494ac9a358","nonce":"cd67bab65c8acc84e73c24fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"1adbebf89b7cc8bc916966f0b28b6149ffa4ac5e29a966a49f67f56432defda49b90fa43120637d5086b3f735b","nonce":"cd67bab65c8acc84e73c24ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"eb6e6e37b8b4dd408e1bdfaad3f9ac0a92d227a10758c2edf2784daf497757349d318117ada490c3378ebf132c","nonce":"cd67bab65c8acc84e73c24f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"3f7dc168632ee393335eb87acbe663b77dac1a29a089f67a2de7f7fd42e73c5f5a253611ab6c36e9051c157f3e","nonce":"cd67bab65c8acc84e73c24f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"5e7452efd07865b7893ad4c4ff8ae7da86ed4b87b513755949551869c5cb04878c6d2c64861b1d2b53e42c21f7","nonce":"cd67bab65c8acc84e73c24f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"982ef540e411053b76e3b9b8e6a716591189a3178d52899dfba2592037c1e95ffda5c43f545b555f4ceef3e205","nonce":"cd67bab65c8acc84e73c24f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"39ab83cb5e86d6a49f17c331e91138db211d113d65f96242143368f950560e58fcd8fde7342976211fd2cf6693","nonce":"cd67bab65c8acc84e73c24f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"c45323c0df1b9ea2a8fde4a7cdb43d4a16fcb40876d0f551564581e629ca7e4a2aaeded9204d77633646be6f80","nonce":"cd67bab65c8acc84e73c24f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"eadd787f3220335c5e68bea6b8e6f24d7b3234f49e4dd0a87321438ce82fd63996220ca7d2b94713e95d3c42d1","nonce":"cd67bab65c8acc84e73c24f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"329c1cb9592300f3da2a4c8de38aaa4811d8ab835c0cee2aebed07778e9bb894f23c0866779564c3034a1d616f","nonce":"cd67bab65c8acc84e73c24f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"766641bf6bae33e876b4f1e274a5c2a454b31fb168ed2018175a7faec17426d755f4987fceb351e03ed1b31725","nonce":"cd67bab65c8acc84e73c2488","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"38a432dc80d1a45d05f05a98566c60d79dc70f590193aa75bbb7720125c51648bd6d17e55aaaeedcb920bcbfbf","nonce":"cd67bab65c8acc84e73c2489","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"c6a4b9bd57de72ef8e8bc980dad6c1c907c47648af0a0b3aaafa5cf6b35ce68e28e15ad1819c875d5068c5eeae","nonce":"cd67bab65c8acc84e73c248a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"5c6f13c02842ead0a2fb7dfecaca479d90bfc38ca369d8b4cb79690a3c15d488e1d1e576130d7e06c785877c51","nonce":"cd67bab65c8acc84e73c248b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"6ced022be1a6c5b75017001a093bc84e5e98977b9fc3492b83e14d9a42613e8234e2b704dd01b62172f759b6ae","nonce":"cd67bab65c8acc84e73c248c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"0cc14b7f7d8465ff7deb8e363485408a638009d0fef3b99bdb07ce5d87a90af25f9d60c560710ab8a3683a16f1","nonce":"cd67bab65c8acc84e73c248d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"053ce9c42f788c0bc397df1e45e7a00dfd9ddac989754d446db8dd430ff44ab604ab8e14b932e1b02074f33192","nonce":"cd67bab65c8acc84e73c248e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"c8f930cf8484b88df283eae8f56ad3e140c89fa4ef5ddebafd5280a49fb3411863ce5a0db242ddcddcdec0db6c","nonce":"cd67bab65c8acc84e73c248f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"2b0cf0d54aa263dd2ac249f770667c6753daf733e3eb97f2ca4e6520902be5673a31992bc7fa929fdc6f774ed9","nonce":"cd67bab65c8acc84e73c2480","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"500545ad6db8025fecca7b820c07a14ab1fb1e10f0631e81a50b0863b45167bf2ffeecce495677abe8bba15545","nonce":"cd67bab65c8acc84e73c2481","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"af7a849374739dba4a34f68479b3919bde088c127ae7a200d09519257697f31c3013a3d262461a96b3a5dfee7f","nonce":"cd67bab65c8acc84e73c2482","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"17e9d673ab150fca4e83f51d8cabe496e9d33e73cabe1b263cf13ce3239466427482b534e6cc1550516515f32d","nonce":"cd67bab65c8acc84e73c2483","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"ae229d3d586091c4edcdfe6a7658b4aeac26d2b597e66d75ed407544cc2fb210087c961c8fe56de9674faec05b","nonce":"cd67bab65c8acc84e73c2484","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"89429db9d8e553c6de069506956edb55dc6bff6c3884694169f4d79a85e3f9c05cfe2c46ae4663b49f3ca2ea91","nonce":"cd67bab65c8acc84e73c2485","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"41067ed7a922e2bc36091d3a3885d1823f68b73b8e997bc9283df43ff08148cba9d33dcc8d80d23a73e4f399e1","nonce":"cd67bab65c8acc84e73c2486","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"b63aa02d284c18d0ff3586d030ad46ee1945649a42494be5a234001ee5c5007091bfe83eb4ce9138f011cb1048","nonce":"cd67bab65c8acc84e73c2487","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"6252ba54b92a5cc6de8e0036fdfd9c1c5ca586a428fe9f455909417d8b950c5271b03e43fb2d807567accb519b","nonce":"cd67bab65c8acc84e73c2498","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"87b3fe2df8425732ae24dd7bb5345159a7ff2b9592e4e568fd2707a73eabaafbcfe83eda31e24e15c6963495f9","nonce":"cd67bab65c8acc84e73c2499","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"f58865f93eceb2f0874a114affb21dc3c7f1d77c927292c99054eed406116189a42023ddca839326d01cdb8ec1","nonce":"cd67bab65c8acc84e73c249a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"2bfe15a4900cc81de295d59c283f18ea47299126a8ba7dba7f9089e36e361ca60f55b92545e34fd7177fd6b8db","nonce":"cd67bab65c8acc84e73c249b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"448e7c9331347de790cdc56635201ec6dc393735b3a7bfc7531fe977c4d4741ea4ae62fa893a35473efc2e03ec","nonce":"cd67bab65c8acc84e73c249c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"68912cd0b58b80fb89f196d519c7d37edf74da12ae536e4e4ca12418e5ac73c17f166689aff21481753cb1aa33","nonce":"cd67bab65c8acc84e73c249d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"c4bbf31a216384a5df336c8a8d7dedffb84fcb2ef2dfc13fce35b74d88fb71f0d84044343c006baa7990d8f9d0","nonce":"cd67bab65c8acc84e73c249e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"782f254cf5e54bb73e973a890aa24149bddc3e745d0eaf1ca97d4ad1aee2aee6c8e82890c68e6213473b0fe9e3","nonce":"cd67bab65c8acc84e73c249f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"627ab9f0a8ddc8be262d947aac28b6bc059a49bca6b4f157a6ae13d17d0b10159c64d0a5cec7f30260b60a0d32","nonce":"cd67bab65c8acc84e73c2490","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"13ad6494d41ea03ba2cc11e8ce4749363020aa810dbd4f5a40901c98149c6d71bd33a9d35868f20ce4931aa2ea","nonce":"cd67bab65c8acc84e73c2491","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"9bbae94cac581b9b02f0cdbc28e064e17d1ea6ea4649bc9816fa81f25d191722e44434cd7325f13b714feaf2be","nonce":"cd67bab65c8acc84e73c2492","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"9e79b3321205080cff087a69814330e15724f2b9cdb5e170ed59ab71533d7ebbba968c3a8c7703f8b90a85c722","nonce":"cd67bab65c8acc84e73c2493","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"62176ac7c66c7834c0f3100159825df3c3f45a2f21216f4d5259420f9d5a7da509a2bb512b39e61ac5c8226da9","nonce":"cd67bab65c8acc84e73c2494","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"1bf2b127dc875c2513729d2d1d11a30fc11c989168676346ee04951626190b0032439dc345b1fa2341ed2fe7d7","nonce":"cd67bab65c8acc84e73c2495","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"f3e06c19b2c7942e633561801670b755836d22e705aec4fcff27957fbdbb1f5f1bada66038ffa046467ece1227","nonce":"cd67bab65c8acc84e73c2496","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"e7fb98a19b58ffdad19e9a5602990844f3ee0fcb64a947e4ee4f0ee5370f3fc9608458f1812f5a895386f9ad3b","nonce":"cd67bab65c8acc84e73c2497","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"22003b291c2d9a0abe619d626443321090f164b152b8b236676f7683a2595e5bdd213a48294735f42825089b01","nonce":"cd67bab65c8acc84e73c24a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"ef000c37195fcfc61aad82a9d376cbd5e62e55c77aabc6b208fe6dc17404a2f3ee58cfaffbdb7719ae31e05df1","nonce":"cd67bab65c8acc84e73c24a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"a15c42c5b17995ec3af70d828b5bdf2689f4f0eeff028d9feec773670f3328bda3d6ac6611f6948b64ffd2c4ce","nonce":"cd67bab65c8acc84e73c24aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"866fbb94c1b377b38c102bb5c25ef03ef79150fe4214228ceb6afa4bb9c66128a499bdc7db24fbef845402e9e5","nonce":"cd67bab65c8acc84e73c24ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"602684f78cb9bd0d45ea094a6c6c531ce4fb70aa4d1cdfb2397126ec077d309f4c419888c4a06c3d615e897308","nonce":"cd67bab65c8acc84e73c24ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"928b7d38ec0c0dcc6d01e7b3e1d2b10ec21f7502ad526dc416dcab222b73197f0fab0995093f1686eb6fd29ca4","nonce":"cd67bab65c8acc84e73c24ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"7ca03675c43fbe27c707fb850dcce9ef35a05448fd9fc0cd03bccb59cbd19ac295e49e30f44842de31d94e22c2","nonce":"cd67bab65c8acc84e73c24ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"805a0bee09416ec1eaf72b32d164dbc11f9f15d2ea59221044a6288fb699e95f2a44a1f416a767e48a49516a1e","nonce":"cd67bab65c8acc84e73c24af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"dd409a88b6fd4a3dfd07bd4ef21428dd79a81ae6320ebe4aadffb94fa4addc04267c2a5cc74fed8e2fb839382a","nonce":"cd67bab65c8acc84e73c24a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"d576f69c80cf8c0d359e3620d50b513c697398941037fa1340df2921e5e96a79ba6a10ea0beac937acf19fc263","nonce":"cd67bab65c8acc84e73c24a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"b7ec31f6e035d7370e765b6f3bb4e49b3f182f835357fb7f27d58bd26c236ee3c005362fadcd2e5f248db4f352","nonce":"cd67bab65c8acc84e73c24a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"75121a360106c1f48a733fad5c0bf7d27fae61eff866b6f24ea18f8e342c38c315451118f7f3dc9bb6689cbe5d","nonce":"cd67bab65c8acc84e73c24a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"481507c64cf8a57c4acd1a0f27982e21b91a92a407a50aa9b10e3feca9ce691ce115c86ed272812767959a2b25","nonce":"cd67bab65c8acc84e73c24a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"6d786129be8004d5f09efd42b00d8443902fdb4d75254786b78cfa61fbbee646d67f93ffb4415abfa1211f6bea","nonce":"cd67bab65c8acc84e73c24a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"43a0a6404a76667fb43fe7352f72145bc3726f67d7eeee3eddd5f9c1cd6aef00d9862cc1ab01273c7fd7735682","nonce":"cd67bab65c8acc84e73c24a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"48c9f4caf3455984500a616c24b55a261269ce240ec9fabe72ecad256a8ecf55be64157b17cdcdb409e65ccaef","nonce":"cd67bab65c8acc84e73c24a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"d2b6f3d9ee5c2dbe607288ebe1db732178fec74cd4e3cf58e525c71e08ec464ec3aa39efc193e2426053ec4fab","nonce":"cd67bab65c8acc84e73c24b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"fe1e8a7e02566eb308f8c9def4e22a37d9cd42a02df1ad51650f7fd73b07809a4fe7c20c6c94cc0210aad67661","nonce":"cd67bab65c8acc84e73c24b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"98d5ba21f69b5aecdce168e4d28370c745401a4d44e920403b4f654edf5be779130693bf76d0baa748cc18f37a","nonce":"cd67bab65c8acc84e73c24ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"0ef0c4d3428bd54a305a6c3c7d5ad14090c15a4d661612cfb84b20a59f17d7dfb69beae493febcdf550059c430","nonce":"cd67bab65c8acc84e73c24bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"c396ce5ae44b383ea8a00186750e03682cd54fa8a02b0dee35847c37d7ac3432aa290915b396d98a02c20e02a1","nonce":"cd67bab65c8acc84e73c24bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"0081b56639c0b7af573327dc420a0b3cbe0e69d7e97c8b21fb565aac8254e37f9de05c2a2bfb824948b5eb84f2","nonce":"cd67bab65c8acc84e73c24bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"755526b922a805e6b89b48683decb52f1de5c081d8c69cd70b208b08ff83283be855983cf86f63069f88c0ca73","nonce":"cd67bab65c8acc84e73c24be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"7dbc861db8048549959fbaba52284c6e3153a99ab121220d108c71c080a09378533c6c38a5daa9dd3811cb1240","nonce":"cd67bab65c8acc84e73c24bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"8c63a18e55e197b703ee8ce5b5ead1cadb10305ba4cf6c33ac514e643fa6a01690af8e24a94213e92fda334bb6","nonce":"cd67bab65c8acc84e73c24b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"9f365c3ca4b32b03f85a7fb4a27699ae3d663b7fde3d9ed1772a59f87e8b082f118b801cde7a02a8dd4f457cba","nonce":"cd67bab65c8acc84e73c24b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"5010e77263ba716b35a765058c70d0419a9671ddb6eecef1095538c512c106c3bc51f5d8429dfcb4dfce477a32","nonce":"cd67bab65c8acc84e73c24b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"d20ede8f684cb13f811f4ab374db6efea262160ff772cafe5193a1bfbcf5db53ae018dc7132e64b138200b3be4","nonce":"cd67bab65c8acc84e73c24b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"fb69db8fce134e0159072e2fdf23f9dd18e6a7aa77565c2f4c8c7c5caabd53b062b0001efa4cc66d65b8bba851","nonce":"cd67bab65c8acc84e73c24b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"31d029bf70d44e29e1e3bad544fbdcb6c974221d3136564ca7a5bbf3a361c24cfd54b199188ef9daea2c8d88d6","nonce":"cd67bab65c8acc84e73c24b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"14d64652ef5a8fdc4f9d8098958d3b91f47a3fe5fc0fa491aa8bb08dba786a030a61ccd2dcd15ea3bb8c8dba85","nonce":"cd67bab65c8acc84e73c24b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"7fb4d258803940038a2716882bd922dda30aa0e3be341d421976834e3f7a4587ba63fca4cd8c8139bed0166134","nonce":"cd67bab65c8acc84e73c24b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"6fc44526860004bba5b5e28208d4542052b8d0267057aa66c62072102c6bd1318b15197e9d176dd8c3bd046d06","nonce":"cd67bab65c8acc84e73c2548","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"6b8b9c434567c1fe2e78770380ffdc3fd837d7e85ed27a1ff7572ec6aaa2201a"},{"exporter_context":"00","L":32,"exported_value":"ff55be731174ba0652d7da58167318434c69652648c7d69d7d625e7ec6c00d57"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"3a5a2a565a2ea22cb7ba1ca8757dca20d3af4512e20b64ec4ad34678b180a995"}]},{"mode":2,"kem_id":18,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"fd95b48b2a8e53cd12da39ecc343c273ce282b00f185b6e980d3b4b855e938ea0ba841e8dfe5ac194ba830a523a7c5d1faff6482ff5e46ea8f25b126b8545c6deb11","ikmS":"7c533451b4b61ba8ee879bb4e11fb330d03972442d74fd7cf5ebc0f884a90005a87fcb0e3401e9f724b45cecde6d9f6dd88f202ef23f790da10867d6bd8d9fb8bf89","ikmE":"d45cc999ba65eb6bec00cf9bdf308ae757558d628938ada2d7bbf97bf58b401dea5710d5c1f733fd30dade616806669acce09ba32cc57d58020269553a19d632d1f7","skRm":"01d12cbd0eb8b421b5945d7f12c308b0554fed0040ebf279e51b1459597a4ce3e4705e7f06ec78ac076fe4f8df5a45094660510d55156f966fb6d326abd208e79f0e","skSm":"01f8eb931a8c7cfd939008b2153c5ecacc375d7b8b4e77cb059af73a4c3f206ea5524b105f1e4f12f5dc641e6c3c883e85db6e89f42ed9dd5915b6624052d446e4fe","skEm":"007b25ed6e784d7abad90c5cfa48075e45a96a9b0232a1b54b209479b0a069e651d186ea05821e38e32379577721cd3f07b837f89dfc57ddeaa4c9af5dc76eeaccfb","pkRm":"0401b3a70626fe69612cbf072bcc521577f78141e9eb2cfb3514ad9e160460976b5ab6c6e50740894b16929ed9774868f178d44f7e1b519b5dbaa9a19468c3d3d2c89a00d3e3ab413c3874b459eca453bd575e2268ca909e2a287d0d026d3499bdff7dcc6bdf1cfcd8eb3e328401a7daca8b20b721c0c2150f1367573abad488e6eac1ae8a","pkSm":"0400ef22f755a8b24e272a773464dca9fc5026148375779135853c12b43457835dac6494379d01420b1697a8bd1b275956c32dc7938e0001d0b506a891de69f7826b8a004878cf3ff41c0d47150c61feec702eeaa9a1f29d5f35d4aef965b9a58989b3bc558f78cdb2c3320572ea5b5ce199c1f6d8adf4be80f55fa97252a55dcf25439ce2","pkEm":"040167ad166ce1411e22e0ac24e70c5259e81de2689a05d838e6dcb894c6c372ec0636f3889c16a03dfef4ee399ac83f073483a13ac0966ebc8c21a7dc13d4f4de258601dff805c2254f447051674861a787e571f2cc19b45ccc09c20658cae8917d5acb92252ee81cafd420ab3cef7ba483208174e1764a94d7ca1299e6eb35607b43b8d3","enc":"040167ad166ce1411e22e0ac24e70c5259e81de2689a05d838e6dcb894c6c372ec0636f3889c16a03dfef4ee399ac83f073483a13ac0966ebc8c21a7dc13d4f4de258601dff805c2254f447051674861a787e571f2cc19b45ccc09c20658cae8917d5acb92252ee81cafd420ab3cef7ba483208174e1764a94d7ca1299e6eb35607b43b8d3","shared_secret":"9f799a200a9be8def31a2e686bfe514a70e7935b90951bda4f7d56ae8c3ad7de5a0a1ccbf193a858b51ef22e7973fbaff8ba6816a03448293c09ed02860d9cdc","key_schedule_context":"02a0f09fdb725155fff851d16495e4a128f92a4332225913d832a5b87e19a5552b2c567eba65d69b8f94f5dd45f30ba15730e09a0ca1bab72cdd2606fd3e4a6c69","secret":"453a727277a698a04f2c75dc72ed6d800aec9ea3846ffbd1ffed173ac3ce2230","key":"b4c1e183807099d092faa5a28377140b","base_nonce":"625b600a33be34bdd14b2476","exporter_secret":"5b7d30e90aadfb13362d0ecbe0ae0ed07df278a470673fd19c8d0f9078c25fd2","encryptions":[{"aad":"436f756e742d30","ct":"684863861429e719e3874931b126f3fefaa0b701e3d9f81f5928e1b04c1a7df136ec31c8823b205b104d0cd563","nonce":"625b600a33be34bdd14b2476","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"1e41bf09a9e97a75385f8350a233db5b4b722263b6046f046e185239a8f8468f1b773930dc303725f46b14b115","nonce":"625b600a33be34bdd14b2477","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"89c0ef9168dbe0ed428472d7308c19ca7d5f3762cbf111e7d6f9a9de032bc1e4917fe9a0452f184d596a94fb62","nonce":"625b600a33be34bdd14b2474","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"24e8e52356fb94b4b4aff647961cc681016d0cd1e7144da8e865b8baa21f38cbfd97e8de25cb4a1f949fd5b8c6","nonce":"625b600a33be34bdd14b2475","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"2320af8780410fac2b2759e60a25e7ef7f096b188217bbbe662bacde25a1e56586c06eb28b68e8a9c464bd5ea7","nonce":"625b600a33be34bdd14b2472","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"77e472e4086d61a7e058d6bfe8b4ecfbf334c0d3a2c4ae01a917e1165a0cc1a1a95e739e513bc8cf80a84dcc40","nonce":"625b600a33be34bdd14b2473","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"0a2ae8b69cc8b0da7bbc1cfd34d52fe90a61d391abf1c6459be1e6fbae0d093898f1feb2b5aa173dcc9f0d9e1e","nonce":"625b600a33be34bdd14b2470","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"9aec16a1cfb58a7ffc65ecc00266fe5496865f2e939f2ee4724dc667c846677e8c91d5e9191e54b1df5cd88fb0","nonce":"625b600a33be34bdd14b2471","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"cc7209452b3271936a1f46c6be82a94a66472bed0c57e8c9225110b154989549b8c1d470b112fea8bf87f21225","nonce":"625b600a33be34bdd14b247e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"fe984c856743de79750bb82f604d859629410e7c62b47f3c2d540507beb1cb357c805e0e2c6dd55beba370bf62","nonce":"625b600a33be34bdd14b247f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"74da611927073103c17a96834fa2aac55e4a5edff9f2695b99af23c95d9a7f55816a5e4eb6b948fe71c9db23b7","nonce":"625b600a33be34bdd14b247c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"ef44ae2e40c5d72e569538c493ef8b2de001dd44b760561df0b3e238d704c41bfe48396a9505caa310e4fe9b11","nonce":"625b600a33be34bdd14b247d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"bd2907fa690cf6195dbd4676bb04ab4af83aaf499dcc4d1c16b010e47bded477ffd11e70459f8a0bfa64324c47","nonce":"625b600a33be34bdd14b247a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"493b569cc874a39545606ecef8764165bdfe4445d16b7064150161d736a566d112a2bc098eb7c8bbac54bbce38","nonce":"625b600a33be34bdd14b247b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"498b578ab31ec59c8df551f8fb035258e82c7067293c83d8e40a50cc161c68700fd4a04ec3ba2697d192fd9199","nonce":"625b600a33be34bdd14b2478","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"3b456e859d7b26edca910e3e55d1b525c7e70b8af81290820a12e981df5f3ca3a69c385f426884cadfdbe848ff","nonce":"625b600a33be34bdd14b2479","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"0cd71c35f8d4e57d53e8b83534168625aac7448acfec058d5052113413e2138b727e401b73ca58cff298e3b552","nonce":"625b600a33be34bdd14b2466","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"be04a8a233e5ac359a851428012f18573bfdb96681eb667d64f8514f6fa1b1e9846c72a57410042cff4e8501da","nonce":"625b600a33be34bdd14b2467","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"6ab8c0ca05c62548c9437c7d11d9df559d3d0474d37b6339224ba4b3950a6e208d51343a303b8735287e7f1ab0","nonce":"625b600a33be34bdd14b2464","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"f15bc87acde7f11c3b46342ad5c8a6706a5014bcc0aadbd5023f110f10e382ce0a684a0bb4860b50c4a6ca0b69","nonce":"625b600a33be34bdd14b2465","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"2f7e12c70307076247a2a4b59399ab3ee2c993fa681c03a2135433afb24820d60bfda9e74531b13842fcd3bbf4","nonce":"625b600a33be34bdd14b2462","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"02a615519b4c37e6181ca69a3cb2f2f835fc97dab875070c7f457f7b6790aac2c9be724464e8aad47116dff56c","nonce":"625b600a33be34bdd14b2463","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"de40953aba0cbad780800509bbdb781f87486b4d6f640b5ef6edb8eac36ab999d9fb1c22c94c9e0d05791310f2","nonce":"625b600a33be34bdd14b2460","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"d32dab1edf449e20fa9a7751f1a42955b164e6111ac92a14d7f470568e1a340d29393dacb0e51c8a04cea11581","nonce":"625b600a33be34bdd14b2461","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"39eec297f8c40b634764d3a4ac37a101036f9f534885c8f10d84909497aa3fac1aa22e53a8df3c432ff96f14d3","nonce":"625b600a33be34bdd14b246e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"a69100c4f93cd0e94829643907012ebc80a3eb15605ac7de656dbdc8debb77b31a8a32e45ccb0d66038d51fb12","nonce":"625b600a33be34bdd14b246f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"e7955d3515e3915290e99c71b90ae18cfd5086f05d9852982dc580b938f6cb51cdd8231102fb16fdef83055d3a","nonce":"625b600a33be34bdd14b246c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"2bef64b64381857e6a1c5f586e91bdaa65cef298b917ec5233594b94113121c4c6a9c777612aca77c23ea32919","nonce":"625b600a33be34bdd14b246d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"8d9984bf7cbbe7a05d979663939b43b3069286e137c188201f4fa55d6817ac74d40a5d0959a90f40ffc2cf10ce","nonce":"625b600a33be34bdd14b246a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"0a228d8b918b09f60fab85a4c0867d652f3541fc9ef2c9feccb5ec069bbf2e53912f25018c47c951bd57ccda40","nonce":"625b600a33be34bdd14b246b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"d9b5ebce28c08dfa3c90446c40cdee4c43d217e383a86d15e9ab8fb6e7dd883ba090f6397fa5e055bc1b5998d2","nonce":"625b600a33be34bdd14b2468","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"f06d3691e6d2fbc26a3349465d303e5999a2172819f5ed127f19348703b7f3ed691f5b87a059a0e66ba1f71988","nonce":"625b600a33be34bdd14b2469","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"7167999d083a414f54ec30d350ac0c96bed1e4ef39623c4f441c095676fa82cef13124d761516d522f97670d02","nonce":"625b600a33be34bdd14b2456","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"a83f4ff0003fe3dd95d800ce0f49a8a278e963da9536b6c56b2d82bb195159a05ea0c14aaa2225f65a5f4b7dd7","nonce":"625b600a33be34bdd14b2457","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"b2cc77563a23292c68b8e2d22b6c721c7ab41f7883c09601990d610fc360b2bc7266d9f4dd6097ad3bfd66037a","nonce":"625b600a33be34bdd14b2454","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"3d599f4b70f8b9ae77657fe6fa42e81c07f4d2663100b3e14d430036ac3f89a73dfed36e803473e4ff8ba851bd","nonce":"625b600a33be34bdd14b2455","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"7c6b1c6bdd8aecb801d71b3371d8d0a2c209aa7ef0f0b87e24f7667c8733056f4514063671cf61f80ff4d50573","nonce":"625b600a33be34bdd14b2452","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"73edf42b53051e0b5cc880443d3f5a381da56e9c01ac6ae778dfc90dadb9102256e73627c7082d61eea75070e1","nonce":"625b600a33be34bdd14b2453","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"edcd1497f13766e8f28532efaf04e63d3bdb1b532f32f14feab9e5a9736d8e66bc22577861fef0ae20ba09abcc","nonce":"625b600a33be34bdd14b2450","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"ea8f865755a2decd25efa51651f8f10c936f4ebca58931a4c1c1bb9e816997c9ff068f72accfb4af474e2ce0ae","nonce":"625b600a33be34bdd14b2451","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"588ec79aa2631431c6765f9e8147e04fdf6530f61dd8eeadf15822561f4f1c970048942a90cb33c996767e9c2a","nonce":"625b600a33be34bdd14b245e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"f3e61b597b7161eb922417abc36e952800294532c39f16afe97e44bea8a108430d9b8dfd834ad27dfabe23b2a7","nonce":"625b600a33be34bdd14b245f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"fd15a6b9d8cf3a46a61c57e9103a193023230e391096050119e340a82e4b30e8e9d0b0dbb1a649e82d81525bc2","nonce":"625b600a33be34bdd14b245c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"f1801180853127b8ecba5090f3e04a86bab961a87a4bffddb6ca2d37b432fd71738c6b069a146f24078dbe2c90","nonce":"625b600a33be34bdd14b245d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"0a4318a7edbaf64d9aaa665bc1be03756aefaaca5e11f1bb6cb4810f9b3a4dc56fa0444367262c11a11d9fcd62","nonce":"625b600a33be34bdd14b245a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"f67e1edbac775d7862783c2778a2f6e04704b7623c2b850ca6d2b080710f5cecdfa8c739ab951ec30a426d80e2","nonce":"625b600a33be34bdd14b245b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"afde79b1638f09c852a325440a99e8adfb1fed6e9d2e6c05c0a7dfc8fbbdd2785f2f154f5819394c3ad6aef84e","nonce":"625b600a33be34bdd14b2458","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"661adde4629b9e4f76bcc6750c41d9e4b92dd760e34d89eb1e1d59cf3b89bab19d379c2e4b9928068e0e87a016","nonce":"625b600a33be34bdd14b2459","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"0c31277b2d8d83e04b6ff7d5f09a82ddd281e1e337fa4c6b10b3bc40487e99ed523fc5218af51f7c3d547b6c47","nonce":"625b600a33be34bdd14b2446","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"80339548b77e76581225aa3c0b4bf89631eb6113578e2ae2295044780755fb4db251d30f3e091e5c17014793f0","nonce":"625b600a33be34bdd14b2447","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"a50ba7d9590df3e4d174b7a2bfde8d24b6f7138aeecf1f5ac7cb1f8a6cab124938d1436d1516477968b3891794","nonce":"625b600a33be34bdd14b2444","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"f9670a415204c727cb06d1dfb1febc285f158c7e8b9c3d51bfd32950fc0809677b4fe9e04d17b5e6b0c5b7fa9d","nonce":"625b600a33be34bdd14b2445","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"6758f89f4608998cbe84c9cc300cb3672eeb8a22b2d680771ea9bebad02999febc766b0bcdfde563bbbdc235c8","nonce":"625b600a33be34bdd14b2442","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"b3a0337f5041f70dfc18b9e8ed04059572bbba8c7d9a8784be2ec6cad5c47a8c139a8cd5c96ed0ed6c938dfe03","nonce":"625b600a33be34bdd14b2443","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"8689c7534620313bc6c1ffc4b4fa39c18c78ee2b1556bef7fec19d9fa95d7ff2a746686613aae04ff65f4aaad7","nonce":"625b600a33be34bdd14b2440","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"5618a9a0dba809ac7e8087610457d98e3c7b31789e901cbc28a3853c9af57c6318d15503fa1deb3c2062144c29","nonce":"625b600a33be34bdd14b2441","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"2b0bf1ea8fab47354680ba63733ac5c71f915c17fe119dd3ccfc5a93c23629efe33bf32a2539906d220b38cb29","nonce":"625b600a33be34bdd14b244e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"b72c9080c1bf60170e4669447ca9ab15babe9867a6ab02dd3a85e7b50c0325a294d1f84f0f0d752d0ab95be648","nonce":"625b600a33be34bdd14b244f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"300ad73e973a2c9ae9e6325a8d27ca9e05a4fdadc60cac3e74620efb3620167f462e108cc77f1363d9629945e0","nonce":"625b600a33be34bdd14b244c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"fc6533360d5b9bc0234c9fa5820ea6dc9cb3535f0a861aae42252fec3c5efd5c188095181cee8423a32061f9dd","nonce":"625b600a33be34bdd14b244d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"746e83e740ff4e6f2deb739d9c1a751bd6cc1e330e0467269c2d38b919afbb3f6b628b0f11fe5994eb668fe7bb","nonce":"625b600a33be34bdd14b244a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"2bdaa28b404272c88e5e3744ece5e4b7d9f6b05135d084f7b1297138db56e0f59883db12505b4a685baaabf698","nonce":"625b600a33be34bdd14b244b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"aa7c59f214640d13a3333da11dcc330f2ca135e0045d3a2ee153b43ef19ac542b7bdffac8b3431472e606b8099","nonce":"625b600a33be34bdd14b2448","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"05de2bf691ede6c3cb3794db01bfff67a2bcd01755101569bc438ece83cb20239878be410095ba1c3d32e4e942","nonce":"625b600a33be34bdd14b2449","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"c79d09ba3513efe2e6031cd42b8edefb1c4cea39d3e283aa58fbb7f9c3a81ee828e666f83dc7e5394f9a395085","nonce":"625b600a33be34bdd14b2436","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"eecc5fb1102301df8b09d0717429eb8a5c2aae537241b491a14711fae92be860e251f9a564a5ab5ab93a1114fa","nonce":"625b600a33be34bdd14b2437","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"dab0a8274766f274010456313f7b1b035ac9d23f5eb6da1ca4c2597b1907369376da6a1f4f8fa06fa37bf80171","nonce":"625b600a33be34bdd14b2434","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"9e0241f9741f47377ef1185ca6506d57d39f94871e3f5727130b6fbfd91853d1adc2394f1b85917cb5267e8a1f","nonce":"625b600a33be34bdd14b2435","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"98e857958de4cc9d8c1feeaf993df2639f00b50c694ca6a5781f8a7f8f504170f181a529567d5fca794daeb41d","nonce":"625b600a33be34bdd14b2432","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"edf935104ca49e65c3fb4b75cc303753eea4a3a8c38a051b10d63be851f8255aed447dea274dda1a646d528105","nonce":"625b600a33be34bdd14b2433","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"8327345020347db70d2b079bc991c8a29748bcbab6475f2082d723655f3fc8577ad7b82f4c9962c681bb271b22","nonce":"625b600a33be34bdd14b2430","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"c02c43cc330503860417abfe3d310d29a83d7cf155d3c033e8ea78309d40e13e2c85abf5ef6d440e96e538e54e","nonce":"625b600a33be34bdd14b2431","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"de03cf296e70776976e22fdfcf1a679f0b30f97da7a9b92d72b26d1c63802631919c4f281cb00649bb9c46f1a7","nonce":"625b600a33be34bdd14b243e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"b5f3f3198197e72235409367648fd26a2687293e34df02528e73c5d371d2a34f40b254977556a9cba58d7da564","nonce":"625b600a33be34bdd14b243f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"d0a5832bfea7ad43874a309f88be38cdee33c10faf09204a572149cdea9926ddc4bbb4c24e381e957841460ef3","nonce":"625b600a33be34bdd14b243c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"53964a5bd0bc80a7ff9225941325fda63dab86eb18ce0083d184a121ffdde83e6f66bd26ed2f83cdd988d35110","nonce":"625b600a33be34bdd14b243d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"ae38789075d4117620ec2131a57158eadf8c96e7f200395cae0c6204323f8efd0ba1547ce4dc8831e68274ff3e","nonce":"625b600a33be34bdd14b243a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"3aee1f03ccbc6b762e63ec153c2845f0159e661919ff3d63ad0bbbd710d585b3341e59ecdf829069388c74a0aa","nonce":"625b600a33be34bdd14b243b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"f0494206cdc7445bc947c5b8a93b10618ba1a03fce243abf45fb0b54622277903177139fb9defd21c4425c9bca","nonce":"625b600a33be34bdd14b2438","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"d5b429eec9a193eafd2eaae768444395d753a9600077bbe89ecb5b2ed996f8f64c7981472ee4c4bb1fc7d5d3bc","nonce":"625b600a33be34bdd14b2439","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"74cf7e79c43914867d0c081cae3c3856dcb956456700941f73597fef391e153e779390636c6f88a27549dc660d","nonce":"625b600a33be34bdd14b2426","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"d84a0cf78a108e2b694130993c80f6aff8dd0af06f8283626edd19246c43861b415022ea4a3678f211be4befec","nonce":"625b600a33be34bdd14b2427","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"e1c48ebd4eb296b6f36bde98f50eef81544d04912ee522d9479ec03631d43c5d2e0d4a249281b0de0b0b0ee8c9","nonce":"625b600a33be34bdd14b2424","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"aeeefcb6c9e6ec9822a38139f2ef09ff4fe7f445116e33fc29cee4eec9435af28de7439032442a74887bba038a","nonce":"625b600a33be34bdd14b2425","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"3817c7cc457a7764ecfcf2b9d802acdfcb49b98fd0fe8f0e573a2d9f0e0981dd08b7d3777667131778f1c892cc","nonce":"625b600a33be34bdd14b2422","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"e6796f386b9ae1bf8308108e889d9bf55dce5cd68735f9c882904a465f90817f18c334017dfc20bfa2ef5eac37","nonce":"625b600a33be34bdd14b2423","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"20b2ef3a097d89330e4f7a5e1cfdbbe6c3854d992fff92930f7fa38d6cde0783c5928123de79addf490506c876","nonce":"625b600a33be34bdd14b2420","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"aab18613182911ae162e143d91c6fb1f28ea90b208c9315668558f3e67f24c3d2815c434999be0c3358ea43a4d","nonce":"625b600a33be34bdd14b2421","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"7d971cc60e327a898b25dbd4c77f2a5b4635e86f54ccc81857c665491c986aa964edca104bb2ccfe8bb88eb70d","nonce":"625b600a33be34bdd14b242e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"8e0d8114749007e66c82bf824b1f40c76c0da0e325ff2544350d1a4263b28b9f7b610aa741da8a7a85dac94c4b","nonce":"625b600a33be34bdd14b242f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"9d5f1565c1f89ff7af542cc82026bde650cf74c09a1b705fdbbfd63d65ad2b09c33ae22c2af83044b84b719642","nonce":"625b600a33be34bdd14b242c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"6154caf095c55c3389458bbf618c0a0c40a17f9901489158ccf27fa7a9fa15b0dedee701e60b6b393a92eaf9d0","nonce":"625b600a33be34bdd14b242d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"333e9c169f847a068018c6c995f27802c30c2430846d3515126af861ba34fc9954826b875ef0a0f26fc06568b8","nonce":"625b600a33be34bdd14b242a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"0ef9935b578db87c1526e384e168b291512fcbe896d61bc8d02c2419b8e76de3ca90a556e8460df2e5ccac2ca5","nonce":"625b600a33be34bdd14b242b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"5a5f7ccafb6a9664f6d8e9d3b02ef27214a5d0813eb5b34def1d2428e558eb8aa1e897790a9fa77e1619ac3c04","nonce":"625b600a33be34bdd14b2428","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"8b0e37d2d18c70dedba74a04574b798d7345501b93c86804be251a96278574d56a8f8421abde3d52d37b03db60","nonce":"625b600a33be34bdd14b2429","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"1b5cbd3eabb72d6f8ef84cf4ebe1a7d9433f5da54b72d2c90a2e628c9168b55150e526c6af17ab391fc493cbe9","nonce":"625b600a33be34bdd14b2416","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"fc1284fca61288e578866ecd1ffc04c29508c926f7f4f887aec72449bf122abc1e5e9d4a18e86ef722e43180e7","nonce":"625b600a33be34bdd14b2417","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"cf74408248ec70cd5562fd056194b9b59ec52b3d63761dee2e26ea578f4ce27f03a3c6c14eadc2c7f7c4241b68","nonce":"625b600a33be34bdd14b2414","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"e78bd4558bfdd46b726b4eea3d3d86e5b7e2fadfdb611ce4798fd1e34c43278310b67a79dae17cce565a9f0169","nonce":"625b600a33be34bdd14b2415","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"1df136afcbe58c77d70200f128ec367fbdf51cb4c329bab4404fd81b46644aacd1c59cca7e25d37f19944a754a","nonce":"625b600a33be34bdd14b2412","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"98573b4c9a9a9d3e3cdb1962db762da649576cdc20128a04c545154fa5c1ec0987b93d67a39ba7f3678290b85f","nonce":"625b600a33be34bdd14b2413","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"4d5cc23183a6530443feafa7fffe12bd84c85d0f66f367f6441254a9c28c199dacfa680d47dca32382f6f05440","nonce":"625b600a33be34bdd14b2410","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"7bba531d360fa6af8190202684b41039530fce911f79ff8b0acb5aa32fd3cb82c6d1144c4680f32fd4a4e87db4","nonce":"625b600a33be34bdd14b2411","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"855fca525ac58fc431ff8af96e89137f8053b2e1b70848ec5ac6be3c75547fd2265dce8f4bed012e8fb9df219d","nonce":"625b600a33be34bdd14b241e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"b134cc554019a9a9de8b31b52905a8d2d6603223162e50994f49d56dad8efd13f1f62cc9a4b1847ce1ea5c1daf","nonce":"625b600a33be34bdd14b241f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"3eb71f3a5b492a177c5ef0d6535094253355524b166899b3d34403d445afd0c7464e794d2a538fa29373e5eb0a","nonce":"625b600a33be34bdd14b241c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"d8843542af476b9ed82d8da5aec24af10b715cd6c7226cf4c51b488cef91c44d6988477756fd373d5075d5cb83","nonce":"625b600a33be34bdd14b241d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"0e19f6593e0e4949225ebfbb0992ba5add16d031b5ee291a159e3ab022b8218642c8d60919ded0a10b4acda9c6","nonce":"625b600a33be34bdd14b241a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"380c149e52ec0256464e89a6e7042618d25cd5e9e452c9f6b68d84bd8be3208c2b6a96fff958b2fda9f9ab58e2","nonce":"625b600a33be34bdd14b241b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"4f1acf409c1a51d1ca3c0b5af3e008094c90050c174870c5bb825f880becfd02b82b18ee5ad241261378bd2f22","nonce":"625b600a33be34bdd14b2418","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"9cf2d2fa2e6ca2733ecfb5c3d4c93782e481a666fc3e03fc4e51448c40a5dd1aa687dfb3fbbea4efb344fc73b1","nonce":"625b600a33be34bdd14b2419","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"6d277b59ad5eb57743e71c185a6e2e09b0837076dc29bc6d5eb6ae7bc5f07907d5c41147655407e926e31d38b5","nonce":"625b600a33be34bdd14b2406","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"bc4057b89cd5345209fb4da7700ad72d21bd61af7d86ab9d81ec63e820a9e80f360717697f4530c2c19808eefe","nonce":"625b600a33be34bdd14b2407","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"ac66d09fc26fd0d40b3f5890d3c242f330f9dd197a5aaeca0cfef0942f29bbd4bb4ba38ef7147c223878857dc4","nonce":"625b600a33be34bdd14b2404","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"9801af78fb6e27f006db59c204fb7a63ce16f6691951f83730b7d367490b94d530b0ca197a9c605736d677699a","nonce":"625b600a33be34bdd14b2405","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"ba04013bffb02e0509400dcaeb0a1d3b085cbcdf5792433e854ce0e0a82dda43842accb47884a5fd81a1a987f6","nonce":"625b600a33be34bdd14b2402","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"0b697ac0f62634838309efc92be45f1732b3c733b485997391b280b6a9e785964a4a5258e45569206b654b813a","nonce":"625b600a33be34bdd14b2403","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"ded53672a26f83c96d0678030a336a3b403c7a4ee41b157805511d9c75910fc9e0a481478e3036158e8b3a2d1a","nonce":"625b600a33be34bdd14b2400","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"975a179bfb84dc44216441f56e7e72cb8a194c47f3577faa6344a23bb8049b110d1e9fa720d09558bc98c4501d","nonce":"625b600a33be34bdd14b2401","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"129c4316ec7964b6702f64aa57ff27b697322454a7ebea544056ae3d2947a0a57efb14a16503fbe0cd7b6e4664","nonce":"625b600a33be34bdd14b240e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"472011e358f40c275f22180f39d463b40e668e2261ea49955150f09f8edd1f901346e0358c0057cfda5ee2fb67","nonce":"625b600a33be34bdd14b240f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"51a534809df8f8b79b6dd54ce204c3c35a03d51a4ec236edfac603380ba21b71b9cad024ced1c9b1adb73869d1","nonce":"625b600a33be34bdd14b240c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"281af0e99c512e6a09ae634b0c77486383b668866a26802e62fbe8f0414edb7389c29cae5e354b1c2d02527456","nonce":"625b600a33be34bdd14b240d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"490eafe473c22fff9f4b169543ccbeff8586dafca594d5094797e2066b0434aafc68ef551095411148cf080f66","nonce":"625b600a33be34bdd14b240a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"938a3ff913d57914d4b6ff73311a8aae7b019b1ed6644608eb97ad2a9b0abab9f73883ee18a142085721c8a356","nonce":"625b600a33be34bdd14b240b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"b09e50e4dad296ffb4465975ad4d389320b29d832379e5bf0af9e95d280d9e636c96ee4db1e584bc346bb9ff26","nonce":"625b600a33be34bdd14b2408","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"893f3da79f151812ca3f21fbdd0010b3176ab5aa94d04ba6e03eae3649b8ee42c49b036ae623fc7cca44cbd079","nonce":"625b600a33be34bdd14b2409","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"d13e8d14ff70d9b4d998c9f49c88de30163f7588805e838f26f13721c0b26fd8ee5fc87e904cca57c79cd420b8","nonce":"625b600a33be34bdd14b24f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"069df304aaf436c1e45c4b22df4ac3f1d3bb459cb2be4dd26a45a296bc7981ef82d0f589227f814d4cfff9d20e","nonce":"625b600a33be34bdd14b24f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"ddeb34932be223d3b68258a94a34fc25c4128bddef7fe64b4b7cddebe50ebc9ace1e20decaef07cd5efec0cd10","nonce":"625b600a33be34bdd14b24f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"5a31560bf9c0b6ef5c7a3b74fa66e537c344def14c7c09547ee0c9dffac56017e365f2ba2643b798dc7ee2f87e","nonce":"625b600a33be34bdd14b24f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"aec7cbc424911bc7213b9f3ae4cf5734a3ec73b5a3d45a108a7c533f00be506423f1a60191504a5171c4351cd0","nonce":"625b600a33be34bdd14b24f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"a1e9445149d26ee7a73b96916970c344056465439cc1e06a0632edb415b158a86e497dfd776e66db26c8ee7134","nonce":"625b600a33be34bdd14b24f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"8431506d99e7d1dd5d3a65e72ba50f6bae8f5c8a1b67160bff67188dd20968d0a8954fe5133604b150f84d1cb8","nonce":"625b600a33be34bdd14b24f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"477062713f2caa2c2c3134bc28866f30b7a81ee079070b1c0f866ebc51bf284261b0b5026ad1e66bde95fb8a0a","nonce":"625b600a33be34bdd14b24f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"319f0b0946dd25afb9b9e62a5498a01bbabad58d78a34767681905ec690ebd0eaa693e92c7aa866d3c9383f7de","nonce":"625b600a33be34bdd14b24fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"46fdb1064ce80f23df97be73d42bab99f749fc7505506389e51e2767f3428aed04448a86a149758ff84506738e","nonce":"625b600a33be34bdd14b24ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"a9b1835ff18df22aa264e7cc44efbe4e203cc5454ef11c4c82d04696dbea5aaf0fe2af18b008226d726f565db9","nonce":"625b600a33be34bdd14b24fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"facdb6823a1ed1808b23821752d09c28e04f11ed81d87e9610e91a4447743871beedef66b0985fefdc63e09519","nonce":"625b600a33be34bdd14b24fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"fbcdebc5d3b25f5bb247e119b52b7285f4e3a54ac86adc39f918ac78620ae23cbfa675ea341810e65582b4c743","nonce":"625b600a33be34bdd14b24fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"52025c6f3fef2ee045318d3eb7de60df53830da5304dccefefb8a3fdb0e4936a06768dfa543472cd318d91e419","nonce":"625b600a33be34bdd14b24fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"dd32999cdef19ff8b44736d8f063d778b636129b4e449ae0fe37d60e3fd7af94944805338b98c31727b626a4f8","nonce":"625b600a33be34bdd14b24f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"4d3ffc0fdcd6f7d1f89f2f40ee26ad88b359a417f849b20990d7fe6667b8c3456f5333bcfd0678460ea27f5006","nonce":"625b600a33be34bdd14b24f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"b9f6e2361970750eefd7a9c396bc872de1d4cd9c05ad14f0831e23d84d8eab181c02ac694eedff184e85011225","nonce":"625b600a33be34bdd14b24e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"e48d3b0c7bf42ddeaf2b316f58f763c8b811ee746ab2eb687873fbb3e404dc29d63a1898ea0e1e25079062e310","nonce":"625b600a33be34bdd14b24e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"63e5a9596cb90180e3e6e6e358e6afc10ccca976507b5a59a05b844270620c5c47584678231030ad528b6873d3","nonce":"625b600a33be34bdd14b24e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"46421df1940d40de5154c596fc4e9911ef4da83671bb16f36f8170fd9325e92a50913d19dcf4a8ef0381bf0d75","nonce":"625b600a33be34bdd14b24e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"27b13bc4158573bd238a1ed712532f36f1333039e510b85fbb4d552ce3b75d285550ec224f528453eb2e96b6fc","nonce":"625b600a33be34bdd14b24e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"9774eee1070d466c2098ff3537cb36d733a77c28fc3195ff6fe793112db48ab27205672c5e52bb37c04285b0bb","nonce":"625b600a33be34bdd14b24e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"8a48d425b6061224b2b033a3df904d44898879f945fd3ff69f30cac6a8e041ecc10f8ccda59d255f3aee205c3b","nonce":"625b600a33be34bdd14b24e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"8d42e08bd1e0a2798106ec69bfaf0cdcd237366838ddb80e39ede3fdeae5b94ce6ab63ce383ad835ce2574c644","nonce":"625b600a33be34bdd14b24e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"b8bb5a93906434d9bb658936e29e5d02c866ee9841d72bd2eef4255a770cdb75bbc0a31bf17cc26e01fe592061","nonce":"625b600a33be34bdd14b24ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"03d26a8ae5296ef43ba65b7e3c1a06aa2616ae92e4e22d5dc5ae0b95d1ee34a2d946ad90c72dbbdf2afcba5caf","nonce":"625b600a33be34bdd14b24ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"8296bfac49cbefc5331c89bec8d9d0b50f43e3d3de75c07cc119777d7d0a6910219e3792fac3915fa699343d61","nonce":"625b600a33be34bdd14b24ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"5e61a8bcac5d0ec8ba1cc37c784e22717c376718c0569c989ab538b45ecf600d9c623ab85827125d43f3ce558c","nonce":"625b600a33be34bdd14b24ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"d437cc9e4aa7762e897a40a6120f7eb58b2eafa7f6c7b43821d1e6c9fdcbd26b76c33afb0a7707a18693a5a7a7","nonce":"625b600a33be34bdd14b24ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"32bf95d5c3479222451de73f7319e9a08a7b0630b26280e2057908164bc202be90600ab2cc08cd9e4e68faef66","nonce":"625b600a33be34bdd14b24eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"92bad6ef9c12658cda57dc62fa5ff6305700c447b93b9c956311d71a5d257f63f50727372bd0c8d0cd9fa82230","nonce":"625b600a33be34bdd14b24e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"320e48bcee9e6a729f81c621242a17c430096dad845b4967c0c5a9476f8cf19cdfae3acbbe3aa339b67f33af43","nonce":"625b600a33be34bdd14b24e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"309100e92b6cac97d447cff119f89c5a48df465fdf9c22deee501b96ba87fef7afd9e459a378941f270540544a","nonce":"625b600a33be34bdd14b24d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"a7421a8a4b1399bc1d16af2c9832d9ebbb0262292892bf4b53ba600614adcf23bb368bc1e0379d622a50aeeae0","nonce":"625b600a33be34bdd14b24d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"78f698485133d08b449044772c70aebc4148e9584d497b176079315d2fa741851983d764cdbfc690d3f9701fcd","nonce":"625b600a33be34bdd14b24d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"65e95b3b7984e39f739a8b6d3769ee31ef3aeb40901eb5fc2b4ea828686794d85b56712843a88179385b77cb3a","nonce":"625b600a33be34bdd14b24d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"849eaaa76752525c68752e1444a27a264bffd3549d6a97a8f1a1196187ff448cb6e4f4b24b2bda56be5e7526dc","nonce":"625b600a33be34bdd14b24d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"b919aa5bf66ddd0d496fc94da12e7a213443cd1112b3d54142a90f0b4d767301378a07eb39e588c5e3452e6167","nonce":"625b600a33be34bdd14b24d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"9300863012941ddfe347aeb481169fa8f39fe9d58af173f12fd855c5b25459375d8f112f3ec6a670d62c6a597c","nonce":"625b600a33be34bdd14b24d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"0f37edcb4d913f2ec7db8e7190503c9083da5053a8bb72b045f52864afd16dc5aef41d6e2269de1c51f77ea4b5","nonce":"625b600a33be34bdd14b24d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"9b70cae54384e57365f0fa6180dd17665ae0754900b49d30a40e0e4e96b87531fe7845a978ed465fdc83957346","nonce":"625b600a33be34bdd14b24de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"f91df471281829f31de990bfc5f56c8837db7e619970e86ab9206985d0a1c7487a455d2a51d6b23148af4da9c4","nonce":"625b600a33be34bdd14b24df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"2d776f1e2c34f4ff1437d901c531ce2714c57baf9983b6ac5bd3338cf5c621c6a2ae2cd71f7a3030b9d4b72c88","nonce":"625b600a33be34bdd14b24dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"26bf649ce8657352da28ec65b5c052912f014499ce1001378ad896ec382793935724a6922dee139c240953fba6","nonce":"625b600a33be34bdd14b24dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"6d1e938fa90a4df111c034767cfa5636c83caf30247ae17dafe7e7cf47c7e6fbd1953382a693398808d8c453ca","nonce":"625b600a33be34bdd14b24da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"37b99a3d867d556594306cab072fce6255d3ad559b2552903b866872dd64a5ef8df05f7613722a1d8327bb45c3","nonce":"625b600a33be34bdd14b24db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"0507549e3a26cd7325e747ebec6f4775fe3f28e7e7ead14b90b109088f9fe9439b1a16d9b8a3dfc8fb6ffe6c26","nonce":"625b600a33be34bdd14b24d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"d726e5bacec229f5947d403d8e118f28e691cdc82d2b116cc34da5b62b9a2435612b1d0c5951448e65cdd1f305","nonce":"625b600a33be34bdd14b24d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"a0dcbd724d6af355dd309945d55e0214c719e55a43a2859d22b9955b336dd816fb286fac07dcd1647faf254ad5","nonce":"625b600a33be34bdd14b24c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"2c8e184f6c0f50dbbd25ecae7d4ab1e31b08dfb47c7b73294371b76089e9a9851dcfb00dc4f8e662776ad33276","nonce":"625b600a33be34bdd14b24c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"334da36cab8be6ce861edb1730d7e19e4dff8a0d317101b81256cd3cb5d01c5371cfa8de77bafaf2c0da7e3cee","nonce":"625b600a33be34bdd14b24c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"a3fe038c9840971ace17340d97d93a6d5f9b2b628d7da4335c640e8fd3ead85a2d8ccc7915236dea5a234a2658","nonce":"625b600a33be34bdd14b24c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"59fd9d336128bbe16132e9440c4ee2eecab2a39263c576e55604fcd6b095cc03ef86cef9abb2851a8c6e5fad56","nonce":"625b600a33be34bdd14b24c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"b4fe2112d0448ee498d30e0563dfc4e220aa7ebded98f1927897f8399cef28e98fa6a937f01a5c7553b60189fd","nonce":"625b600a33be34bdd14b24c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"a59216c497bd047cf9df2980a1f91b59971e4012be71a8596ef68e987fae60d76b603da2fa0d3c9e2f9730ecb1","nonce":"625b600a33be34bdd14b24c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"688258ec15cb81c495fd15f3667b1fe181ae4a339fd520932347c13041398bf21df552d9cb2f7792f2d8f5e93d","nonce":"625b600a33be34bdd14b24c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"d194fa2e09cf6ebce6e41de21ad16141006db4bc08178a03c7e792a147f761c7d6587435b269e1d1d4d5ad5a1a","nonce":"625b600a33be34bdd14b24ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"ef17bc0ce55830af15f649155d05c9eede72e9d11ac5dff538b9309e62ecba0952f9055de7f89ca159da1d41ac","nonce":"625b600a33be34bdd14b24cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"08ac84f41d24b4827f9fd3e3b16ed3bbffcbe6f750de56b993db1fc8aa406e5b64d7d13e4bf5a25946e94b2ad4","nonce":"625b600a33be34bdd14b24cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"703531d757b7560a6009cf33545f2c3ec2bac1c2caa0f0ec4a285a3aaf48a3bad6954951f52f235d350c4ebd1b","nonce":"625b600a33be34bdd14b24cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"3b793bdf1782a55a8a25293b5b7fb8fab8baa9a381723742df2b45251da2ec0243d17004cf26e1bd02ccb3118b","nonce":"625b600a33be34bdd14b24ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"8b8a47168234767085309a3f2582b6dab788f948d4b24fc57ef5b1e27bb996bab1c5f53117c87193c9bb65d172","nonce":"625b600a33be34bdd14b24cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"62cba65d837e9fe1d17661a2b8fdd5b3104e09f494418f39d6db76b6e628d9bed7653b76ed50f2ceb79af6af3b","nonce":"625b600a33be34bdd14b24c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"9edb0f8cb0a224e0e4a1e212259c0908ad1bbd6410074b15af82533d640ca8b3d9a14d6a0f8ded9c57cff29970","nonce":"625b600a33be34bdd14b24c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"fcc838130b08aabbadbabcb21a669893f0ba0b084a4e2d802d1dabf6dea2623abc3546aef5b37e8e762764510e","nonce":"625b600a33be34bdd14b24b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"c3a46b2cb0d634e93d32c43ba326c16ec4fda1b454b7ba1c6f4c7020b97a6833e0762e4e7d5dcdff5415725338","nonce":"625b600a33be34bdd14b24b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"e7dd06b8ae43e78be839c36c24a755b5ca2404dd1daa64d3f66ea616e611ec58063324f41e13c15ed6ff3fb210","nonce":"625b600a33be34bdd14b24b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"f89c6fb283d39c2cbd4957e84c209c993e10208ef14bf4211b8ddd67af0775721090ebbbb54bf1b7f4ec49050d","nonce":"625b600a33be34bdd14b24b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"ef90658d0c9ec667d1a914d7fecef2f82b4dbef1ef65526132022a6838cea255459d982b3114f19868c460c63a","nonce":"625b600a33be34bdd14b24b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"4d75b3cc348eefd814eb913ae37853f727f2aa65fe5c49ceb8a45b1fbf71b5a069530d6017e7b3a29872024951","nonce":"625b600a33be34bdd14b24b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"d5c568bcb4a3757ba1ed69d52129fac8e74990eb95f92ad8686d3cf74981b969a4e9f0cf75ea2b6d22b900f822","nonce":"625b600a33be34bdd14b24b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"26cdae9ff5708623309e17740fef525fa55f46f193a3fb3e0510423ac8476646aa8a676350995dbe30e95578c5","nonce":"625b600a33be34bdd14b24b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"c4e0c24f0d2c60fcf3b9cffdd58d434740c941220049a7f4aa3522460226809f710337f994f66208a9f831eac4","nonce":"625b600a33be34bdd14b24be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"050ff014c27d527dd800e99af133a402a98a6b7529e5fac200fb041b8e96968ab4b78b73589194f1ea6a5c8ad2","nonce":"625b600a33be34bdd14b24bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"ea6d70686986d9be572cdda7c7b8c3b54d7fcf96cf2357bbea5e341d6aaaa384d0441e3f6834e82977defab859","nonce":"625b600a33be34bdd14b24bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"6b01f6dea49a0fc09728a6c8b7e4aa2c5ab6bbee6b88c889e533d14fe4647572c96616e112d50fd3e5807cc14f","nonce":"625b600a33be34bdd14b24bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"4d9e7568b42133468444b546fed14ece3f27ceb231c93081b17d31a756a2f7a3dc9f1c302a1f4d53d55b7783a7","nonce":"625b600a33be34bdd14b24ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"6a4fbcd1044b398e993c27153101b3474f7205dc2c8bd6e61ea25b21b97c581a23b2518c331e7bad9ab2951e29","nonce":"625b600a33be34bdd14b24bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"533065ccb722b9108c7b0976cad212c55c06f99601c9878120d0f46aa794a542e36391bdb56141bb1322796e00","nonce":"625b600a33be34bdd14b24b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"6410d581fc605903ac07396d64a7880d6b42eb713b243631ff6f07a1c35f5b72276ab1b46ebfefea60f77ebd2e","nonce":"625b600a33be34bdd14b24b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"622819cd60a2145156177dd093a332f205d286f16046ca9bb62d4d157f98547a7cc38800c8b9e111706c1f5ab7","nonce":"625b600a33be34bdd14b24a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"1d740f60e13e1f8c5950637762eff95f6b69a1c83b27666e8da6a11a56e091de0a878fcd49365ad3e9ede9555b","nonce":"625b600a33be34bdd14b24a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"711cf8b89124ea0f1bb6907337c0929aa367e7577c9857ce265f14601f7af72867865aceac1974934cc5df2fe7","nonce":"625b600a33be34bdd14b24a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"f2ad4c5f899fe6a6c378f442e381dfb8c2e8c60c9e93f883722504c86b69fe850ebbc2ef2bc1261b958fcc9841","nonce":"625b600a33be34bdd14b24a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"4b0b95dd64a9af7b5b92f70a9b487f13bfd0c211cbf553872da380b6455b0918c03bd364b9eb8fa7c68dbcbd5f","nonce":"625b600a33be34bdd14b24a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"09058d8d09e4494ee2ddddddde143066a48e8f288ebd8143bea766386a83f1ad87ac0b1f21a4de32d1de45352f","nonce":"625b600a33be34bdd14b24a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"8f15ea34bb162722e3b735762ecbb4fc4ce9e87020f32a999d82fce61a3edb315441d32a4cd5288dd0595d7596","nonce":"625b600a33be34bdd14b24a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"dab7cd7369f0364c921756aba852a8ab870bebdff5d38c2a2b1f7cb90f903f468d867e4d0d362c41517cb42464","nonce":"625b600a33be34bdd14b24a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"b4d93f09c74994c9df918033775e7a19fe7738571af77ffc7a2b932b8c783ebbd32c7975291a0b47bb6908a808","nonce":"625b600a33be34bdd14b24ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"ae9f661aa0a9872aea8d16e21c5e4d6dd30c70787cf422a8ce8d6d8bc58b4eee361de944684d0f5c3959330c18","nonce":"625b600a33be34bdd14b24af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"3b20a3c92c518e92a7889375d2d24310590b7370bbbabeda4a277cfcfa502bf35aa423a472b01dbb66bd952c69","nonce":"625b600a33be34bdd14b24ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"15795943e77af023750f30e0205eba6148c790b0318c8adfa499911c5d85b23d7816c9737242fef17a9b3c9846","nonce":"625b600a33be34bdd14b24ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"e2de6d3ab45c436f0a2110909658ca657ca62f5323ff811206649c8f6b0b37af06f2bcdaeb9f80cf49be6ac2c6","nonce":"625b600a33be34bdd14b24aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"d9e92426a3d19196c8880e6eb0c8780c3222106242d55516b5c865930ea7de9cc9a9edaa75c999b18114d01a7e","nonce":"625b600a33be34bdd14b24ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"d8b9969113886119ad538a43868036ee47998afc2cf2557578b7f13c02dd5cc72706f668947d44cfd1b2da697a","nonce":"625b600a33be34bdd14b24a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"016f05884e7070d8d55163c84d35e74c5ff6567faf5758e8f5fe09dfa557856dcba230b0420f0ef62742cc6265","nonce":"625b600a33be34bdd14b24a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"63f523a5c75bfb38f62bd769090902b9bb97d32146488c81abb98de9e8adf3b6171337c50c34e4ebd3f408b607","nonce":"625b600a33be34bdd14b2496","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"373af7b3eea10e75c87dd325d4ef70aac5b06d48ae14415a2152b0ad2126738b13b381bcc8bd33016916362626","nonce":"625b600a33be34bdd14b2497","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"b20255f31359459b339451d20f1f32dc471d2dab58aba59b3cd827b7b92cd9756fca6d4c30cb4ab0f80f338b92","nonce":"625b600a33be34bdd14b2494","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"ad56e0857a52e066592597bfcf4064ec48ddf1662fe015f9235a78b0fba34651bbf4901839ff6730133d1877cd","nonce":"625b600a33be34bdd14b2495","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"5af2a9fc14e5982cbb1675ad85cbc04033f9fae514937f25fb5fb0757902c1cc23ed826a7be53eb553acaf5ee4","nonce":"625b600a33be34bdd14b2492","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"171a0fa738138251b8279d69ea27c4d1a6ac153f8ec883fa23e6ed1aaefa71911501b5c30a722576f8b3e22cbe","nonce":"625b600a33be34bdd14b2493","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"255da924e14dede6720d4415659670aa32fd98b002b1fbbd5ace8344eacef6fabb7a25691de7270bfd61c7887e","nonce":"625b600a33be34bdd14b2490","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"8155cfe89205c89ebfe1bc51a59ae63b7352979b232b37bed70069185475063cf0157ac7c7262ef8e1c5ce6437","nonce":"625b600a33be34bdd14b2491","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"5d84ccc102f72583f221e75c9c46a2992941e95dd9f8236538d9faf530fca0e043450dc25772d95699bc516889","nonce":"625b600a33be34bdd14b249e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"7dd27cd5f57b6efa8b8db35b8f9c46902ab8c36e8158391c8a3bf58cb4d0fb1e42e0ed01125fc5b4321c5010b9","nonce":"625b600a33be34bdd14b249f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"7fb8fe694643604539904a6bf78ffaa0a5de64f3f5ac19fe2ab2424f79789e85a5eeb71d7c8a20a338f579fad4","nonce":"625b600a33be34bdd14b249c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"706b4fef14618351ab4dc9f6baf49e0844d1b451adc298393160453740020a5881e8a339b9cc5c8a70bc585316","nonce":"625b600a33be34bdd14b249d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"350a3a7be2770b2cb70629b4d467c18a622386303b901d3d2e0f905cfe5a7d484ee6594b34494432e3cdca4561","nonce":"625b600a33be34bdd14b249a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"85cd45fa24df4f567c7691ade63bbb2ce7c4bd8806227b38233892a0f48e8586b7b3d2529fa4e35a305d6f306b","nonce":"625b600a33be34bdd14b249b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"4c254fa2419b6e5089f2934d8d938f2526f6c96bb65c0c593fd20687092ad1692da0f9dae0f5e1ed12a60052b3","nonce":"625b600a33be34bdd14b2498","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"1b655b14b1c4bb47bfd1ab5e51ba263609c87d1ede0a2d388003f6f034b2cfd3e83a9beda17c48e0f61d88f368","nonce":"625b600a33be34bdd14b2499","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"464a03afce94061804371b7450744be656699609961aa2638b93d20a0b719eacdc3064eb552b96cc71b7cb6039","nonce":"625b600a33be34bdd14b2486","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"67f1351bd2e8ce409591282f3dc4ca8592977c912852305ba0afe9651eee3a38930174a1d5fc091b32ae93f429","nonce":"625b600a33be34bdd14b2487","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"7f2f51973fe5991bc35c444ca374b3209a4b041857428db5306fecf281f5c460bff2dfcff6e8ad9bd6a0903315","nonce":"625b600a33be34bdd14b2484","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"d2a2cf09074bbd868297c6604af734e21000d6d126739315a65ff7e087de8fba54ab4f53d7afed6f404d5908c2","nonce":"625b600a33be34bdd14b2485","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"b3938602c43934dab8733c99d51a509da951ff90ba6037fb1cddec825e1c3de3b9143aae9c868da8118d5d6886","nonce":"625b600a33be34bdd14b2482","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"bb827c919437f2378b350d5f1fb2c6ab1c03fca5284374eab601fbb706cee815f049d9abe7f45cba4923496754","nonce":"625b600a33be34bdd14b2483","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"bc742c03a2689a9e55f24f0549f9663ce05f9f1f6d88aa92b06e990baa332700731f8c83acafc5b6abe8c24ce3","nonce":"625b600a33be34bdd14b2480","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"e032beed9eabf686d9518704c9e45225f59b5be9e0ee834693fe3c9f670bfb22d787c0d1cc6e2e9b3d145b8d32","nonce":"625b600a33be34bdd14b2481","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"6035de4552e7c50f39a90f93dfb942dc1701ca551c322c106dbab16df6e7dd9057693eec6965cfebe0bf4befb7","nonce":"625b600a33be34bdd14b248e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"9563466158ac4c82254643a9ad3d48a8451b70ff8df45d8a40e0d3f135512723e442c2fd63c35800ffb62bb551","nonce":"625b600a33be34bdd14b248f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"12f43cdec1f0a6c08b2011d3a2f4b7a6b6aa3afd2879a18c5bb7af8ac4d3dd3dbfbaf37715e36b73c1ba09a334","nonce":"625b600a33be34bdd14b248c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"06bb00f74cd54479019e13e5dc6dc650eca30e3388d5b9138ad0a8889186d25d66d439c089253cefc7d496e506","nonce":"625b600a33be34bdd14b248d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"10430a194d60c5d15679117bbabf9266e006b2bf5d09da2ee08cef3d20d09172b5dc35d8ab8657cb79b219239d","nonce":"625b600a33be34bdd14b248a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"ba4b8997ec02a30cec1c65fa0db2c3a0c7875bb0aec58d7cf59f8cfbe97d3a9fe25d55a62e8ff79dbade468388","nonce":"625b600a33be34bdd14b248b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"df6061c7e399697a5c226b7d74e5f38958df075c152f6b331ad555c9e7e1aef0bcc88387ac7a71607fe968a8e7","nonce":"625b600a33be34bdd14b2488","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"d95655709e946ca90f25c781ab4e9b925487673f62e08ac22adde26cc5894fe2a582c25b0a9d3a2d08cffaa89e","nonce":"625b600a33be34bdd14b2489","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"b9debb1d7c56d4ec76818dd665f1a33d4686f4f852cba23c5681328363e60320c2187b9dbb716253b6e395023d","nonce":"625b600a33be34bdd14b2576","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"322039996f083e6364861a174056002b375bf30cae0e9f3180840997c7e03d66"},{"exporter_context":"00","L":32,"exported_value":"f131257cc50746ff2345ab42a61fde99e3eaae3930522d4c5d9031c8625b0228"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"2df8fba4f83b8f2e3e501e6eb7642c688339173d3fe0fb00e0705638d6985c83"}]},{"mode":3,"kem_id":18,"kdf_id":1,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"ddf35cb77a81c300cb58c8f69cacd45756edafd11246a7908ce09866244759c7b1a88bcbca26baeded33c51ed121c722a16dd3781cbe19463f854c656a2454eef3c4","ikmS":"9dd4b70321b19e678250c1509c3091d4baa7759451ebe9663a39ef68768b37ef2b49921fe1dc741b65e93c1eb700cc2ba2f982fb25465a499ddbff23705b85785ac9","ikmE":"2270197b9f64f86e0eecd49076d05f8fb9f5272c0e7ea519182ae76417b69e7a16f4b0e44116023857b509b84c8a7e48686940cb3ff7e1266ab7c0f3a7ff7770f21b","skRm":"01b5ba66ae400d58a9e77b7cb924a2801fdecc849a0c059c29c665f1bc855e119d75e0ea7c693dc48a576c860637da2c9b4d595aaf6b33df78fe32087013c6d11f74","skSm":"005273388f9eb91d7266e53e859a601b2c4091f50d894c2ebfc252d047fab9e2c0cc7d1242ac81a959a55801211b0c378cc3a1d64becbe6d5e37213035e4e6b33b21","skEm":"01e1b006811a044a56ce62427cd2ea34b19ef6990c510f6e08ed5e1056c2ac39f61687134d292ae559fd070e31428ab2873b798908c3579e7a6f57e2e26d0dc532e7","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04006bbee56eaa2fb413c0ae03cc3ce9adacc0cee742ddd3b2c147dc21a6b3124be6fa4ac3406d869b9b330ebbbcb6761e63d853cfad75bc73254b35c88e6e95a4171a017c53e5bfcd8818217abff317c03bf542eaa466a6f8f41be6cfbeae9b255f2361878cbe1fbe18efbebce0131e5bad132df514bae9e9154ef68c18074206b2f0db69","pkSm":"040090a5544d64bea56f73d091ba0de8760f59f350852e533290afaf2fe4fcd12451f81889a6b53e30c495003b4483a620a2dc56f056756182eaa74db2b4d86b83e31b01a95d029e05524788257fccb07477073b5010ef95da7b41bc34188cd2355a2783c973e0e2999d9ba6ce8642c83abe78cd3ddc7991f5c444cb788a7fa625e46f4dbd","pkEm":"0401a514f452f316bda875c37ca40dd2ee5d93be7c80a81c423fb1500974d87314ffbe8d5aefd34e69d44f310cdf752519cad0a2ef1a240d67049e57222291aaffbb85004680e6232e8555c97eba731c7e0a47a1063e039d4c9e915da35f53ce5310ebdc0a9586b222ebad01ed9bbfb844c3fab4e49c06de034ef780bfc74b774cfabe93ac","enc":"0401a514f452f316bda875c37ca40dd2ee5d93be7c80a81c423fb1500974d87314ffbe8d5aefd34e69d44f310cdf752519cad0a2ef1a240d67049e57222291aaffbb85004680e6232e8555c97eba731c7e0a47a1063e039d4c9e915da35f53ce5310ebdc0a9586b222ebad01ed9bbfb844c3fab4e49c06de034ef780bfc74b774cfabe93ac","shared_secret":"3b37201be7adf77d3e9c2cad6c40c7a202a171c6c3e494ae31ea2e3355c208ddb9ee1f4bc93b6a5d3457f104c2b1c693c1c1dc7b4bff41bf0e6629a2fcaa0b87","key_schedule_context":"0385f941ad2fe19e65926871f90dfb5e99425bd648b6a9d0cdff515181110e0dd02c567eba65d69b8f94f5dd45f30ba15730e09a0ca1bab72cdd2606fd3e4a6c69","secret":"03f741718a65f372f7ffb34d1e85dedd8db186db3328ca287a9cc91bc28a022a","key":"da50f1a50722933796f292d361a6da56","base_nonce":"90915fae644b85b3a550cf53","exporter_secret":"84a78abdbeea07967c522611183f194899fc7167c655b2df0d2316f0203911f8","encryptions":[{"aad":"436f756e742d30","ct":"3d2d1ac9e475e0d02d8f28c9d4dba172115a9051959c1a444b8c75d31b068b416f0ed314379b51e12040711b7f","nonce":"90915fae644b85b3a550cf53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"dfbc1feeb3b6cd1c2e7fdcefdddf733bb5378a8a3803b780aa4aff5866b5b2d8d09e90956848cf6479edfc1302","nonce":"90915fae644b85b3a550cf52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"9e13007fe93a7e5bbaa6c5557436f14c4e73d898159a729fcd6a7b8a371504fd4917ed3ac414ca13dfc6fe3f4d","nonce":"90915fae644b85b3a550cf51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"9157ed05a35e6c7b1a59e4d7c45de3d3169f6456fa801e7dc1e843ec041c8d91f8a6949863f299e883f704652b","nonce":"90915fae644b85b3a550cf50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"e0949139d1986249687c10a69a3c5dbeb8dade0d6291d75594c088384969fae5e40a16019eb686147e0e1611b3","nonce":"90915fae644b85b3a550cf57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"e1e38ef6902aa9af48a997ec6611268945d0123f74100da271043ff215c18e614177b4b8689e65dbe66b6e2195","nonce":"90915fae644b85b3a550cf56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"ddb3502cac8161c5cdc27823aa0b4adb766c335c8292d86699173e71086a48aa4b8abcf641179f2cf333023774","nonce":"90915fae644b85b3a550cf55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"a75d5d1a5c2076ef0923929ec449f773ba6c563ef6f55f4e3d5cf180c0099341b575f4961c12edf4f5255a53f1","nonce":"90915fae644b85b3a550cf54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"78e2bdbe2afaab24e0a1d6f8c82390030e6d78689da47c2bdc44de1ec9b7816b060c3c5eef659840bc783ebf1e","nonce":"90915fae644b85b3a550cf5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"2ffe80d5614ac8c2d3b8b716be38d86b57e285a4055048c2c09390ccb189986702ccbf3f6fdb9a795bcced83cf","nonce":"90915fae644b85b3a550cf5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"d038bc30782c9f2501ddc745e7b96351b180568d1a199a424baa6cddb6de1b0eed4dc51605adab0d924366588b","nonce":"90915fae644b85b3a550cf59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"980d107eb2266e84430e21626f1499a3ccba0f258475b1352c8cc77bb11c5f06177eb88f9ea7fc8214ee579051","nonce":"90915fae644b85b3a550cf58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"6eaaa76594f5726e1b5b201944635f7c8e1bcaede871891e8fb38ec1e6b340499f3a718c5ff5b7b0ed7ed4abf8","nonce":"90915fae644b85b3a550cf5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"5b3891b373714ab5e8f159753865b341d07bf2050d237483cd30959a525882bbdd9151482b9602b5a521c8c7f0","nonce":"90915fae644b85b3a550cf5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"8a287b7bfaf65b76ff16aef030cb4921a1daf1082d2bd1667c22badc603e0f81ba24a6d5e241a933bdb036b435","nonce":"90915fae644b85b3a550cf5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"32b15ec5e4fd1a69917196b874d9f78f3d18ccc13f50f78d98e4c4b91e9dee89ed6bb61e2c93424c462a17f1d0","nonce":"90915fae644b85b3a550cf5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"b4d9f5bb5cf63b26db08aadd8ff63b554a3da9e8b615d10c1bed9f345d666d7ca581c4efc4d5128a50a111a250","nonce":"90915fae644b85b3a550cf43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"1b9c53d7d3262d4d3ba5cf7b2b4741e2d3eb43d0536b39a6bcb88507374f3b58c92c82a915246864b36dd924e7","nonce":"90915fae644b85b3a550cf42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"5b7747f047a410b2e9221e63aa64cff937d6c9e4331b806b5bede873c43078a344b0795abe7d59c34117e8b9ea","nonce":"90915fae644b85b3a550cf41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"fec891a3913c8fd990478cfd4cfb0408e0660fc046a76cc882d6b47e8c81a222fc9af892ebcd6e845e39111bc7","nonce":"90915fae644b85b3a550cf40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"984df1dfbfb3385c33dd122079bdd9d669f676fb0b5655f96bac73f1ba91de4d009372580445a1093ef17107e2","nonce":"90915fae644b85b3a550cf47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"b5a5e6c8862b1fb85aff6d4ea65ebbd7693306af7d9062cf37a3950fbd407d7def2a2afa8308d72f28db9c26a9","nonce":"90915fae644b85b3a550cf46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"60f54ae264c51fc5a4e4c7381a16194a799536c656f242f9e7dbea1f7fb36a7ddaabef413e0923158cfba46cff","nonce":"90915fae644b85b3a550cf45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"f486dff43196382987f4d58cefed396745d9714205507128b0388b2e20dcfdce65f1fba8f2ec2ae2b2aa51e3e9","nonce":"90915fae644b85b3a550cf44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"e24e89fa6daa1fe357500d462c2c9f3021fc30742c0051bbd09c860148885ab58ab025f7007ec009b594a143e0","nonce":"90915fae644b85b3a550cf4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"c5650a2a20ce4cc6593ecfd3749481c8c6236331f882a842372147b391638f96a0c05f2dfa956fadac695729ff","nonce":"90915fae644b85b3a550cf4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"9d94734aa298c6cd9e5dddb56f28480dfb1bae983ac57ab6251c7cdf4756d5917a441d17dfaefb46677e77bbd0","nonce":"90915fae644b85b3a550cf49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"ba6672875aa4c9ce1f6687b220390868affabb5f9f38c532ef13238af40164a75da3bf550c1b704d54c84d6c66","nonce":"90915fae644b85b3a550cf48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"555c0d0c1d90b7de0d001036ff24c264535e9185f322f285704ca84884285b417726e7cb0e6d473d4f4c7af412","nonce":"90915fae644b85b3a550cf4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"18262b02371ccb337fd497782cae5cc37bf47ae5e840a6d9d58b3564dfb33587b3b2ab271e3115951375df289c","nonce":"90915fae644b85b3a550cf4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"362e931a7f52c76a5e5cdc721cc79a5a9591bbdfd43c5806906e493130ec28d2e7e0716c18d278a56ef9ddbf69","nonce":"90915fae644b85b3a550cf4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"b41b4f1d643f7a4a71cfa872aa1cc1f026fd56d765aa7552f3b16d5fd43b1b3412ac0cd719fcd32a0103819e71","nonce":"90915fae644b85b3a550cf4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"bec3fa605782e70ab758b75eda28ac0f571dd68a24e1986476fedae9d062e8c0104ac9eff62e0ca0d6b7c5d152","nonce":"90915fae644b85b3a550cf73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"e9be8e4f9fd5b8c16b8bfe3944af5e5994fbdf2ee318d244da457f967bee449447628d563c0eeabecb9a887b31","nonce":"90915fae644b85b3a550cf72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"f2eff817a2cfbd24751c33902094e7788700f9846dae2bd3673a306036d3ec1f1161c63fff2ab069d6bf1385df","nonce":"90915fae644b85b3a550cf71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"b3dc11bb223004e814400046e07801957ce47732badfb025bfe8b86eca27c75c19cbd081dbf5d2707b219438f7","nonce":"90915fae644b85b3a550cf70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"a4bee801eb04af003f178b52a6789c27fffffaf4bfb154b0e0963c271967c0fd07e0dfc90b20b307a161c37b26","nonce":"90915fae644b85b3a550cf77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"c782912efd73281ad6807bdfe8593daf8637ec4e4fa8c4fc38d9ac253f87a7fa9a84a4cb91347fdfdbb1b7731c","nonce":"90915fae644b85b3a550cf76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"8da9e9555b1397d56160a87021f368096c8dfabf45307f80be8cb8acbb24f05fa60d05d907e96dae7806cc75d1","nonce":"90915fae644b85b3a550cf75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"e9c59b63e1e5481f2a0873243db5b147845ecb803a120917709ae7123fefbd8db34124406b3521a8a29e22a473","nonce":"90915fae644b85b3a550cf74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"eeda600b787bdb65939abec2fc3ded4538c9df51cfb65ccf4c56051db22733e65f7b00ba1b4caaf78e10729213","nonce":"90915fae644b85b3a550cf7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"0f23ff6440467229a12526c27f6e0c1b5e1fe61f1fc3f003dc98e4e4c1a40524b02b75971ecf1582ff4c72be2a","nonce":"90915fae644b85b3a550cf7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"d446ed44b8511ef442eb66c3e84b360242ae922476f27d1607fd0a47af22e32f7428a4f8513beb884785c9dc46","nonce":"90915fae644b85b3a550cf79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"e32898ab0db43fbd8ccb0483c1ac024e4b85debcbd8817e02e74340c9734e44c1eb597f3c3143cc5c7874ea3e4","nonce":"90915fae644b85b3a550cf78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"b605bb3bbe293331ef09af8ca8a7197a7840b018aa4f8eb4e53ff7819c46a9ee33bd9f8a38b9a2899bd77cc294","nonce":"90915fae644b85b3a550cf7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"103f44258bb8fb5cddbb139e489dc0d38982e7faf65306be06095b574645b09726169af51e1becb0de98d96ff5","nonce":"90915fae644b85b3a550cf7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"ba07792179a3ea3839b5f72649ed6cc681370e80a632e8d85a06cdcec50fcf70f58fdaa64ec14a2f16d47ef0e9","nonce":"90915fae644b85b3a550cf7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"e3c07657840d10b8f31484bc43f2b174976c03471db3b38c22c12f037158e3bdc9609ffe20e268dd3f60875907","nonce":"90915fae644b85b3a550cf7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"347bbeba795e35cbbef2fd4167bedac15baab6087387ee9cd29ad7282ab1eb7ca31d0e4e1d71045a7250eab914","nonce":"90915fae644b85b3a550cf63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"a7419ed925de89a73e133e5ddd76401580463089db925bc4936db1b97a7fe9fff70cde38d33c18d1b0c692de99","nonce":"90915fae644b85b3a550cf62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"5b0fcdd11b75135952f09f071ac986c49ca82599f0dea98bc3948d5425f14493b00da40d6d1f1e4350c776005d","nonce":"90915fae644b85b3a550cf61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"398d90c796f78037394ed8f1009675f6c70a4e884f95abbd62e8960bfde6ce07145c945ced0f19a4feb540ce30","nonce":"90915fae644b85b3a550cf60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"1a6c6640f6a9af8277e32b570989fbb4f0f975b54089211738a8189d109cf92501509f40f9f9a12c062fa08c1b","nonce":"90915fae644b85b3a550cf67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"a06f4c13e3775a3224a115136945c86c53f22a45e9ce7b2973aacb5570b9041daae26525f8414f23faeca234d6","nonce":"90915fae644b85b3a550cf66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"191042d841d0684b437824aa2b7fe27ddfab6486bbc743a28af1f9b49d600e9280025985dc0dc105d869e60126","nonce":"90915fae644b85b3a550cf65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"ceb4f16e793b9fd09972214367719d02429d28fcfc5beab01525117d5fe6f8701bb0a391aeb6720cd89e099b66","nonce":"90915fae644b85b3a550cf64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"8dd4d00a9e20450646cb2468a2a753fee4ba899eac514b3464634d418590c893be4353b8df90e3a4587990e96c","nonce":"90915fae644b85b3a550cf6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"26636b7f092360c7bf0d443a394f10f22c01f6701c7b5750ca1c54da1b9c76af03e62f6685e4b6e3f06f890d43","nonce":"90915fae644b85b3a550cf6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"995c20bc6146b0346e19c65b51c919f512ff6d7ccfdf9a08a52e032e82ed7ae7013498af2c8f3f4a885747e8d9","nonce":"90915fae644b85b3a550cf69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"9c15c1093527e80b5fda28a2778931d5f1e2bf44bbe467fc55547263745dd801f70607bafc478474edd43805b9","nonce":"90915fae644b85b3a550cf68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"10151c8245a6dbedb32aedb3e810e2061b0cf7d00c4910f09e0c2fd4c350eb4961e731d38a88bb0dcc5fedfe55","nonce":"90915fae644b85b3a550cf6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"bb55f950d0e4e74387171e2a4a55a12db0f967cd5dc4999135c219f019c70a0d678a59a82be30854db1ff1f2d5","nonce":"90915fae644b85b3a550cf6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"b51f11d319990e4333e3c00c176928975e88008cb9a6414c5de6363098ac277f60f6b19da3605c2fe14c46f889","nonce":"90915fae644b85b3a550cf6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"dd88f1c17909a4f9e500f662f3ae8e631d1c6ebac6339d486ffb8af34ceba22d45c370b5352123d7ff1757a3df","nonce":"90915fae644b85b3a550cf6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"89c8e1a075dacdc7bc0ac85d6a05ea9ee50f3d3cc55e7a1d215ead9f769dab480567903d42f63c6411f61ecca5","nonce":"90915fae644b85b3a550cf13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"89bdea8df1c3433f6be1cbfad3c6053ea01eab169e8cb1fbc2a45e4b99eb690d7d56e6a03bb62670da710515b0","nonce":"90915fae644b85b3a550cf12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"bbb05a2888a16c14a17483e92f85d0c3115829bf9d243875c52db1d5bb8b5a1df7cca82af3faa4d3d964775e95","nonce":"90915fae644b85b3a550cf11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"83214711dcab48324717c36436238b39f33f00671715d569cc8870a4cf98157a2f584dcae8c132b7f23c5aa7d3","nonce":"90915fae644b85b3a550cf10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"7bd69631566caabdcf7661ac6b6041888d9cd03f76dcbea4c1cc826b77c64aef015947c17869d05c4dd3a9dfcb","nonce":"90915fae644b85b3a550cf17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"fa18649f67b52dc5c528a4415588a4a272368aa8a2d8e1008b66574a0b8bbf52909ed9b90bc26c1bac30d7e11d","nonce":"90915fae644b85b3a550cf16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"56958522ee4bfcf7b2ff62c7e5a2878102f9ba2f516b0a4be8f9fba9d58b6a9c9e500441161d8490aa1f532f9d","nonce":"90915fae644b85b3a550cf15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"844d29e4dbf6a7bc70c09e37d07238dfbabacba3db3de615215667ba628bcea4a46087a7f66de4d916aba7e64b","nonce":"90915fae644b85b3a550cf14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"53fa0d10f8a113421fa5ca06e4f1cbe69005bbcbc48380ee4e5ba4a8bfd312890c94a96a05c301100f7c76e4b4","nonce":"90915fae644b85b3a550cf1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"5bdefb8626ae4f7a77db07ff0f86c6359c327f663af144a8015bfd49cdeee5dc8266840305080fef71d6f3f875","nonce":"90915fae644b85b3a550cf1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"ed66bc489ac803a5289e25847daaebe169c9585188a87efd4fe0f5eb6bb0a269f64a9aff994f78f2cea8e25b5a","nonce":"90915fae644b85b3a550cf19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"a94beb56d93b226f3f3fa1d48bba9f847375a4ff8a436fed6361b7b556d318f0b271fa1b0ec46b5e427b985690","nonce":"90915fae644b85b3a550cf18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"2f45e5eec1e27c9c1f9cd2d073cbeb4a19aab6a89c3a3d4e5342f29309584e5ba35e26f49601694e829f3a1ef7","nonce":"90915fae644b85b3a550cf1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"8d0fbddb800f6e4c30855d07826a61560a44c0052801b06509c6a3b80d75c82cc13f7482054b6691d1e2059986","nonce":"90915fae644b85b3a550cf1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"130d4f217aaaded8551ca572b7710a3167e38ab93258e4de3cf8e15c8e7d88c8c5a56ffe56bee58ac021a4f63f","nonce":"90915fae644b85b3a550cf1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"d8639a8c557841733412a7655456b31e0c3a39699c5b5a4fdce8631a30cd16e18ce1b5f611fea5f48e77b457dd","nonce":"90915fae644b85b3a550cf1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"073acb797675e460e818d0f25d976946390848bcb5717150ba0dbfd98983ccdaf42804480ec729f93b75d60f55","nonce":"90915fae644b85b3a550cf03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"7f45b35fea5154fde743a277d1deaeb3c3aacdb2dcd844881a15c223b0b69b18f12ee7ba022ea580f8fd07d072","nonce":"90915fae644b85b3a550cf02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"7b120a58d82430ebf7a02ee8776395f80fef40facb16bcbd57f059b790463b078acef8d38e044bdd00cda95f84","nonce":"90915fae644b85b3a550cf01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"d11a82484690807e6ca94895c4f41e953d4eff6687367c8a81f8a1a30e5c0d107708e01f5d3c3b8a37fdd08cee","nonce":"90915fae644b85b3a550cf00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"4de2c3f03890d6c9fef7f7fe373c16cc555f0af7ccc06f2072e0eb8c00858bf3a75dcd173abcbc324a388b94e1","nonce":"90915fae644b85b3a550cf07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"31e56a50deb2e3e5c84d0deb1f136cbf0564bf18e45e02b23e038d0f01327024964793f75393400c410cab43f3","nonce":"90915fae644b85b3a550cf06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"1aa0f01c978b42e11bd9c37e6223889c904ae34cc1f76c3f7bdd62e8083144eebeedb530e07d91628d9fc254e3","nonce":"90915fae644b85b3a550cf05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"52970b97ee5b94ea2a58302bb0e7349dc743c2a787c15cc6d4f126c9b16543534b3e510df83a09a6a3f42543c2","nonce":"90915fae644b85b3a550cf04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"604371d9e0696e3a3b5315ba40748f2a89fede4a757313400aadc01402b4f964973c58223fe361a1a2a18604f0","nonce":"90915fae644b85b3a550cf0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"7122931c8d8449db3f7d0e7511c5e43f817b78cbdb1e65aa1557b246baebc42abc6681634a6401b0577d508029","nonce":"90915fae644b85b3a550cf0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"776d511443affb67ee1b7ec937ce29ec0280fd41542734f12bfee36ef44cff9167a8a320448c72c217516099ff","nonce":"90915fae644b85b3a550cf09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"421514b7bf55e4ec18240f6844e8ae888814b11450d655a16efa38ed46c3b82f830530ab81b88d2e5ba548cbba","nonce":"90915fae644b85b3a550cf08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"06c603402eb580265689c01e24e5473465d3697ee787561f7f521ef35ed372c71c471b48bf25ab8b2da74064bf","nonce":"90915fae644b85b3a550cf0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"cf05da9b4ee612fc8c75f4e7a97fc680066622495c992c621df4cdca8125ccc3ebb718af0f6beaf59b83accf3a","nonce":"90915fae644b85b3a550cf0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"1408d3363d370b15c03b516a8a3962c91190cef68241626893f2f27675609f1d5dbcabcf5caf5f4eca158b824d","nonce":"90915fae644b85b3a550cf0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"bc93f949afa123e2a20b9351a15b9557e6ac7eb8ee5e69715b47ec86f6ba6b6de5abdd0f5fa4c09a0107c99cb7","nonce":"90915fae644b85b3a550cf0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"5fbb4601c0cfcd627569fd8bc37735650acc1dacb05d851d71a5233bf40e383e940296a36c12ba31aae061fa6e","nonce":"90915fae644b85b3a550cf33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"187274a3fde4329f366916f9122b31a2c694b8919a24eebcfe55ea491a4fe507f2887bab605af2848dbc78ac78","nonce":"90915fae644b85b3a550cf32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"21959b04db627481fdbca7f52450ca4756c9278157bfb9703b039a8071093a6966c90670ece61b3b066a01d4ab","nonce":"90915fae644b85b3a550cf31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"e291e7b159260fde9efe8d81b2a3563460ceeacce29f06f5d60326978d64123c26ad58d32056c9084c6237687e","nonce":"90915fae644b85b3a550cf30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"52fb618ac0560d730cde0d1f773ef3e3f233c2650e126e6c3c732d2476ce87cec0979a2f64aaeafe1d6fe9d932","nonce":"90915fae644b85b3a550cf37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"ee16f23a028a466e191e4257cc4ed52d2bdd1ebac408b6e94f32cbd3b96a93070e3e0901eb8a8322be886cbca5","nonce":"90915fae644b85b3a550cf36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"bd5baa70efed1ac863dec359868e9b1babf9fa239ff15b78bed781786b1f9a3ec778f9594b000c2cb198ebc5bd","nonce":"90915fae644b85b3a550cf35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"72bde90018740bebb38444b48e2d3844f91bd815b7cfb68f966fb49e7fcbc34cd9ca19dd80b282e0d8c9ace846","nonce":"90915fae644b85b3a550cf34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"fa1ea44bc064f4a38b407b40d491b34865e195abe5bdc4a036a57e08374b00b04faf708bfd62ee55b69457fe23","nonce":"90915fae644b85b3a550cf3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"17c4e75299ef67789e7e7d5e1ff68e29f3255d17eb55a3c40dc94a79ba436f65a281b896c0c6722a76456994f7","nonce":"90915fae644b85b3a550cf3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"0f22ff53450b52698eb681a1749fc0f7ee63b4d56a48c037ba0c470662a9964d4c7021a77b2fac7361c44f72b8","nonce":"90915fae644b85b3a550cf39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"29054ff995027734cb78798f1eeae3a98f9789ff3c03e43b5353e2f861ba61655ef916f875515a3a3a5ddbb212","nonce":"90915fae644b85b3a550cf38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"9689801512050a30ca236908d15149d2392099f80d04929f04ce5dfb854e0be8419efccf0153b1767136a4d6b5","nonce":"90915fae644b85b3a550cf3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"b18d410b4a5c9e51931cce2a602ebfe31ee9f67dbd7319992111d441488c047ca420222b98c3c6a8fa0d54fe52","nonce":"90915fae644b85b3a550cf3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"082278fea303d25af8383c4e32e451a48de65c54b9cc42e45766d36180921c94d6adee1ba3da4e153e14cbc290","nonce":"90915fae644b85b3a550cf3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"3d892c4c2573e46963b85beab17c98ec1fe3e9b69d478c51727e2d9d34e5b7ded0e228926366950ddca9861d7c","nonce":"90915fae644b85b3a550cf3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"71d21d17425360466c592f91d09a6707e5ace778db352378e851fc5ad474b85e4fead03a6005a8072f8370cae6","nonce":"90915fae644b85b3a550cf23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"a5599a536737cd531635808dded47a143479946d9ab7590b071d18ee07f2767d6d0eaac82a2a2ed31df514fbcd","nonce":"90915fae644b85b3a550cf22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"46531da4758928fbf5136b3bff73781ef57fab8063f2efee47cd9c308a06e7832dcb2cf43cd1439da6127e535d","nonce":"90915fae644b85b3a550cf21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"de7baa7008b1cea53894c492544712dc730c8c8094c5b1c4cea4d3732a11cd007a0201969e4cfdd84f11b2c883","nonce":"90915fae644b85b3a550cf20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"726234b004774b8da7e2dbae13ec1ac19d5d3c41c3a7bf3052779f9b734c1499ce81554df76a77867352f8ae95","nonce":"90915fae644b85b3a550cf27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"18f90512416b68a79f42442f67c75ea564b98d37bb610ec98fd02b6576506069cd89ab1c356145e1769d7d0348","nonce":"90915fae644b85b3a550cf26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"35b2d1f5bdffd69050bef16d57d5bd6fd4ad50a5b54e9fac588de2b597a470346b3e728f8a83be461345e9b275","nonce":"90915fae644b85b3a550cf25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"4a5bcb65122be76d38a3ade19c26d93c022f3dad139d9af3bdc58a3da28a2c265b326b256cdda441ba54941719","nonce":"90915fae644b85b3a550cf24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"627a27f4b17c2a048fca57dd472633aa9dca200041635a7ef65c97275480e5640a257dc59f9631eb6570b87ff4","nonce":"90915fae644b85b3a550cf2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"04bbad3cb60fd641dcefcdf87fd25e03bb70b3b35a2cf9ed99efd7eb73b93f65e67407b53fdf0613af833bf4c2","nonce":"90915fae644b85b3a550cf2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"cedcddf174e54b1c99301f5a6055d980c1cbd6e205acd35b02b32f465604ee8ca1fb1e23c08d3277a087276274","nonce":"90915fae644b85b3a550cf29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"20a72d8085f55af6c167b749612e34a4f9102a8e222384f8d8b25b8c32f144a6e062d93dc2087fe090af108b4e","nonce":"90915fae644b85b3a550cf28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"a4749fb1c57019da40bdcf5d1dd7f22d55403c4283473dc75b4478cdd987543c447ccf60723aa8826f84e4b6d7","nonce":"90915fae644b85b3a550cf2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"e42fc6fac88e4077016866957adcca1a8d33291f7019f21107fa52882c2cfa95c45f4dd05969761407c649d4ea","nonce":"90915fae644b85b3a550cf2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"228e5e5e2a7b811e99dd1e1177aab8023c5e7ef524016f60d0b7b6bc3cacc76b6a031e6b82ec526e976c482b74","nonce":"90915fae644b85b3a550cf2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"72914bd5ae41ff39536a0aa9092e4b915d76968c42a3ba4fb67c469c83ff0092747cc0130e17c28a45d34ae507","nonce":"90915fae644b85b3a550cf2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"a23a3d9c5fe9362cefba5f87b209ab42bcd797c206c4f5bf49dd924fee81bd66ad324c1f36bcde734aa1700b13","nonce":"90915fae644b85b3a550cfd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"645730dcbe4c9d90348b95b22f4786dd5a087326785b04c78300bbc41a5648fe596db91763dfa7f1dbf16d47ce","nonce":"90915fae644b85b3a550cfd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"30dddafb18b92d0a4785e9f96971f32957d83dc23ff371b5a12201d9a9c0ef6789aeb064adb6eb962c115b7595","nonce":"90915fae644b85b3a550cfd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"9306ee9fe90745193780540a7cc1344bbc9d565cc4a40d0d4907d02affcd892db15113beb3dff51b79d59ef084","nonce":"90915fae644b85b3a550cfd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"299cfd4e6c26fd0c6b7bf533c0f4b80d94321b7ebd7b9fb1d8ab1ec141029503e189fb93f011f6cc8fea89d0ad","nonce":"90915fae644b85b3a550cfd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"1d012a81564ec28b6b46d7e18e66313ceec402369aabe4d026c3d78b12389d89957f86ee7c9205759da55b3493","nonce":"90915fae644b85b3a550cfd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"e0684a0fc4182dd7bf4e468ea3b566eeb511a07fe4e5503e3e6dc795c13697e07aadff8f9b7cd4776ce738f718","nonce":"90915fae644b85b3a550cfd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"624ff57e8d1b646279852fc3d221c2e8b49626dcd7785b65e4cc566186eef19a20a29b9a9a605950dcdf3ef344","nonce":"90915fae644b85b3a550cfd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"8ef9efda1b0010b61ed4641de9ad0d0aa5aef346aaf014d9f099c31ad6810186fcaa4ee09041d1fafa6c16b91e","nonce":"90915fae644b85b3a550cfdb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"3fe37447e81eb2d91a1a76d772291971c894650a7633fee26bd716417c6834bb59f1d3b4624100afe7f54f711a","nonce":"90915fae644b85b3a550cfda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"fe739875c921bbdb497e2fd73ed3ecc7b7b48756ded6de83a12299aa4384f538a5940c2161b6eec0a8e8992c2a","nonce":"90915fae644b85b3a550cfd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"3a75ce9d04bcd8a8cab47e5fa7d858dd2520233313f869a7fd866f6e31ef9940ae294a0771bde1650e4825ea94","nonce":"90915fae644b85b3a550cfd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"792226b1de8504f7c21d7d65b72cd8600c05ee37b708da57802dd29a65e1abdc8e12a4f5b3dc6355e0132cc85e","nonce":"90915fae644b85b3a550cfdf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"45c0be2febee4242fefb7ffd34b1fb6a088dfb7cb8de9755c0d6230ff759552098e992274dfbade9e3f346c5c7","nonce":"90915fae644b85b3a550cfde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"4318357d8328375dd802b4686d9368fd4d1225daa97e9e6a1063c93bf5586bf54fe97d5759075b951c0556adb1","nonce":"90915fae644b85b3a550cfdd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"4c7821b934ff4737bf3cf570011d3567dc012775b5ce165c19d76ffbe90e2dd04c0b0b01a9a72cc6af8a653e42","nonce":"90915fae644b85b3a550cfdc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"9402ca4d2eb380b0bde766db9e915c463c13f96ae5429164d251c4f19575a528e3686d41f91b0d45ad04d6d112","nonce":"90915fae644b85b3a550cfc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"e72681f17d2d226f0e4f901ad241374412f0ec7864bfdcbeb95cb2f23fcefd1588eebcf5e224c5d7793e9f3426","nonce":"90915fae644b85b3a550cfc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"c9d49cd5b42dec7aa5dd2a4d88b78e48ff5b926c75b15430d04ec18bde69c77885d281dd47c7b68dcf4a741b06","nonce":"90915fae644b85b3a550cfc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"9346e108c6d40279472f71721f3fe0fc71a0b1f63bcfe50c75c838a3ef6ad3d562a8d2c17f2b1dbe87e280ee9b","nonce":"90915fae644b85b3a550cfc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"41ba524ac6f20ee388d28d56c87352cbea92e0ed20f3fd72cf63f289a62e20dd271c2c330d272544997e3945e1","nonce":"90915fae644b85b3a550cfc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"f19c5e9ba0e81ab89b1a6039899e83c5462ede915d1fbb73435b3e03932d459480b931194c5cc59d068e6e9d52","nonce":"90915fae644b85b3a550cfc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"da419c1be44988c9e23adfe12f100e33081eac606b2c2f77bca9da7fc6d481bfe91457fe2927943aab251e8059","nonce":"90915fae644b85b3a550cfc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"51f42fbdf627ce602a8826585379d50b1a34c2287419e48345223b79f1712a1dd5015ba09928dd92e3d03d087c","nonce":"90915fae644b85b3a550cfc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"c4b890c4cbec69f78bcba9c40582bfed0dcae44ab7c0d7c281677543eac70a540ba2fce1b21ea0d198a330039c","nonce":"90915fae644b85b3a550cfcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"c22b668211227928cd2b5b04c2d931ed218571039b5ba517bc0f90c65a7fb829b93ef5d6cbd7185f8bc9c3ca78","nonce":"90915fae644b85b3a550cfca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"a4f9abf8585094e5411fb91fddab462ba758778f9249214dabd490d8f4ed45f4875f0f51fab6679aa73c769053","nonce":"90915fae644b85b3a550cfc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"606b8bbc542c01ed236bdb6457ea089a98c0423200d956f1b061c72fbb5a7b919330ab306c002503bcbbd2c83b","nonce":"90915fae644b85b3a550cfc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"57b645ef79b777987878c8c9ee98f9428416b05bcab378fd2f3c7121d294d5d119d15ae8f223b544b1800746ec","nonce":"90915fae644b85b3a550cfcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"9643b3f5ed9a3f681f7807b1f64ae458234077b381770475d903dd7834490e06d3ca405dfc7fe1e680bd56b44b","nonce":"90915fae644b85b3a550cfce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"d71ef40fe266955e9e54a53251175e5eb5e6ea426f2f7e00d0d71d7205fadedd77ce6bfefaab5e78079e66f1da","nonce":"90915fae644b85b3a550cfcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"d65ebefc8f403fa34af2617a2e3c6b75eab82f7028e4a738fadb16c97c468bf9b1d632bb89e83903aa8718519c","nonce":"90915fae644b85b3a550cfcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"4d755f3d0bd12ad6d0ec92beedba1167be5e28e793cedcd7a3d9f82c08fab19c30943b3b246b386605989ddc39","nonce":"90915fae644b85b3a550cff3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"62aca0e1be1529089efd125263cf969308d1e463506482314aee4d5313505b83c887bced7610ba29f655ed0d2f","nonce":"90915fae644b85b3a550cff2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"64dbecbe3499e1b8753790858646bab9ca22898f25a27ba9178617e002ad5014c5a41fbb22cf031244a100cbe7","nonce":"90915fae644b85b3a550cff1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"b8042f76623d59f426005ff62990ce95efeae2bc49c989e7bb9c16a69ee62061675b01cc61caf23681c8dd8669","nonce":"90915fae644b85b3a550cff0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"8c21170bc0e88c5a6641fa12cb0f83c90c0bea55d2e091c7c847a571882387fcd4c8ac5d4814a1ed5fbe069cac","nonce":"90915fae644b85b3a550cff7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"6063d751605957dd39de7a055bc3b1edce97123cc06e90b2d69edaf9852f0059c6e8631d008e5ce9c86892059f","nonce":"90915fae644b85b3a550cff6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"20d7fb843a47cf62a751c0fe9f2027c1d27ddb5200b7e15870975adf38695991f6ed21f66aa773662b0bd599b3","nonce":"90915fae644b85b3a550cff5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"d2d2180942a36e0cd3c367807f5aa00db9bef416c8f683fe5fc2d61922056f202ec7187f30497e6761d7eff83b","nonce":"90915fae644b85b3a550cff4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"aa5d7a1e65ad7c12feee7030293b9c5c817c3ce9a6f95d38724fe9780305bec53241c1da3c526d79cfbfb6add1","nonce":"90915fae644b85b3a550cffb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"e5e9224238628a52b4403711a5c16a6af25cfa223c6828b83503495f36ef1a2696e94b8a3894b9f80f7ff8e8a9","nonce":"90915fae644b85b3a550cffa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"5e4e918b7c419074ff4fab56d0905db2e2165c83345dafebd86c1c03ea6e783301ae9ff16664b2f4e412819a6d","nonce":"90915fae644b85b3a550cff9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"0d3f4b4e905760438d8dfa3a2a3e730f30cb66dc8fd9d165fd7697897e777bf5e5784168052268be039924a954","nonce":"90915fae644b85b3a550cff8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"2b559df5834f02076e9632b8ffa7b72acc9effd89e8b8d39952a1f26ef28a61c27c251f8a4215a1ce9b75afb41","nonce":"90915fae644b85b3a550cfff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"4a5ce6dfc012f79bfca9773460c64b46f912fdbe9265e2db26b029bf7c7f352bfa342126b5132998c403c7922f","nonce":"90915fae644b85b3a550cffe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"b05c1f1c4ebcfd77bee26440f5d3c5e1cdc11b09d8b78d6d35a5c59ffa40af390d45c1b1c0073714dc3ff1d03a","nonce":"90915fae644b85b3a550cffd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"d09ad7dbc69797ad0305b389d40b2ee156fb7b479211f3b278cb82dc7bb4dd0a655d0c0e353f89aca034408a38","nonce":"90915fae644b85b3a550cffc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"ab0ea4b1cb643a5c1a99ec0b6b1ec2d5990e97c4c8e12ab7a41f3d5385e32a7aed61ad0eb98588740aff3fdd39","nonce":"90915fae644b85b3a550cfe3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"096b753c32288d1abeb36a9b1cb884d20ab5ac0c773906e0df0f3f70f23d794fb56d36b5add0527ee464885881","nonce":"90915fae644b85b3a550cfe2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"1f382b53b7427db13f4c339fddb993e792ceda23097b724946b1ee02a425d913b941bb615050320f17702abfbf","nonce":"90915fae644b85b3a550cfe1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"483a2b2bf75ec0c7754918c3754c49ffee3474b0baa407e39de18849732af407ae47e9a7ebf9bd7e69c6b048f3","nonce":"90915fae644b85b3a550cfe0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"fb32701661c5eb159b7b2bd995da8dd2cc30fa0b87461de58404a01abdf5dd3774e5cf0236b920b566292d68f3","nonce":"90915fae644b85b3a550cfe7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"74a052fe1d6341c5825048d9269fd8efc38b53355dc9c999bf40ee7696c0e4a23020b68a43ae73a610b8b52dcd","nonce":"90915fae644b85b3a550cfe6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"3ac4fb95278c1d62528e305df412e8ba5c27cde737cd74eb3bccbda19670ad60b4a31f5baadc1b01efa9188d92","nonce":"90915fae644b85b3a550cfe5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"9f1dcb1af4f859e4029e0ef551499bb8e593fee57c7e6c8569a32dba46655db0a34c080557e2e58388f0b1cb98","nonce":"90915fae644b85b3a550cfe4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"08802efae407aa8fb88185c3a12abbe714ea9180fbd9dbcac8104c24f6c40c5419f891b7953b660671ad286fa3","nonce":"90915fae644b85b3a550cfeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"3e81e30fc9acb04cb815b6b7efe77d10607be5aabf49b82c51aace8c7fe408273eb756398e5d6bd6e9122046ad","nonce":"90915fae644b85b3a550cfea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"ca2bca94672470dd10bbfe510438772886ec02f9fa2b582ad5fc9277ccd2b96398dde0a2a4383e7e8a713445b0","nonce":"90915fae644b85b3a550cfe9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"97f117d506b6dba0facaea16a4ec1b0e034ee5f472056f4b912e5e072e3a278b1e7628de152bb2671b69ee3445","nonce":"90915fae644b85b3a550cfe8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"f50fad7ca343582b6351baba217ac1423789137ae16e8a71ce55667c753d05196473bab3a6fad30f9f99290fd1","nonce":"90915fae644b85b3a550cfef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"4f71322639fe7624a2368ebf2c56ea5bfa5c7deef5e425e12551261e2bcd3450a865feada88b298eae6b338c40","nonce":"90915fae644b85b3a550cfee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"5fc15c2e56e2349c10950f492a8b3a722ba8abcfcc647c81771706151883aca0b8b287229d4e33431bfe566fe4","nonce":"90915fae644b85b3a550cfed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"9e2e75476b942f385ec62811cdae7bdc30e7d0bb329d8620e469214866132b9fe3b2f8d2e0b123f5d65702bee6","nonce":"90915fae644b85b3a550cfec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"52a76c233844bbd30da7ca5e72df400b7cbbbf3ada1cfda4f0ac67d4f2decd0a8ac97198fe8304623f1f6c97d2","nonce":"90915fae644b85b3a550cf93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"db6ea8b727878bde15023e38d057d6f182021a1a166f5dcf8d4790889e753849e5ec438dab5135d6e20bfe35d5","nonce":"90915fae644b85b3a550cf92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"e83d7c933dd62126e20614b54f6741f743d1349a0a85f3dcf37ab1d6d27e3956b59f8da5a027479ce6ffaa3797","nonce":"90915fae644b85b3a550cf91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"7abf92d51d157eeb85e8dceebcfcd98386d84fe132f4de355e7dcaf144a8038bf79ff0a473e61259944fa41b39","nonce":"90915fae644b85b3a550cf90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"40ebe5360d2545853d30738e43e405a005932b06f764cd125ae9ba2000a9ea3eadde8910235d944dc45aef2a38","nonce":"90915fae644b85b3a550cf97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"43cedf49055e4fe9235dc305e703574b19f874bb543c24a44d6361bcb4c999d4249eaeeff3c0fff3fa61e4cd71","nonce":"90915fae644b85b3a550cf96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"8eb5ee0aa5789a810ea2ef957275c660722bea569466a031714281cc637c30dd158cfc4c4b4c2e9d8fe3761298","nonce":"90915fae644b85b3a550cf95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"d2b09258718c929cf1fce4c00001eb61ee903c82835902271480921c0de983e6940215be6cb6663ebace71e248","nonce":"90915fae644b85b3a550cf94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"05a6964d8ac215253429c5b771f891a0c3239d641d55d76d5ab43e1120358073bb013da4a729032f5c55082314","nonce":"90915fae644b85b3a550cf9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"ad033d632bccdbb7dde84b92588b1182a66d2ec62e19a3f011d105372faed2cc47c9aae388c439caababf1d169","nonce":"90915fae644b85b3a550cf9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"df1c6079a2e5a5919f1dd17136b1c3f2d0b320f3c7af81e4a2b9075deee50a8f9fdcaf41e72e5283a3a4e41246","nonce":"90915fae644b85b3a550cf99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"8fcb00059c1fb3ff90938daadba951a2bcae1dad42fe0046abd32217c65fceb3f7020455f98608fe76dc68ef63","nonce":"90915fae644b85b3a550cf98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"b13b912a4d192bc84a65c89f18f80cf658a4e027176c32e912d97f86a7fcbda19558170a91bec068fa35e3f60b","nonce":"90915fae644b85b3a550cf9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"20ce234d5a86ab6962d45f2af472931b064493d9df9821487c8000d218bd33d079cf8b439ad0ff1d3eaa46b2dc","nonce":"90915fae644b85b3a550cf9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"a4f1a0df6222a7f1b7379d1750e645fe842439a1b3f59f118ca999212b07d94ecfefd8840834319290bf451446","nonce":"90915fae644b85b3a550cf9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"b9a8a78bdced909b6a0f4a7bed340fb849101ed16f875a32c16a03d64b2b2ec3a43adaf1505b49cf379e1cafb1","nonce":"90915fae644b85b3a550cf9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"ce31b9963f6d2fbb38d4485d2b355d96f4bd918ce235cc7309e90d6eb287eee66dd39e63cd69a6aa2ec8ab1c52","nonce":"90915fae644b85b3a550cf83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"f5bbb4f5d8979f55c931e5588a09347b1536a56f7a41b2b9e019339fea4e34cd716a4a63a2cc22513e40de991f","nonce":"90915fae644b85b3a550cf82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"2e17dc9612dd814977b9eae3b9aa11b3b3b4b41a66fc5e9ace73a610a4f20258497d512fcc8a4f5291c7fd69aa","nonce":"90915fae644b85b3a550cf81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"aa07e364111c8c5c93e9484b1ba8f9063320b703ef8f3c37950f80c0a22816749e9ccf7d5df5c15ef10d0aebc1","nonce":"90915fae644b85b3a550cf80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"e255090af640be6efb68cc4d43c3cde14dc20ee37aacc475a135966241340b8967e57bd52722e0905bc70a242e","nonce":"90915fae644b85b3a550cf87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"5d0fdb66ff60fd35aeec19212b7022b6e4f67b41cd023a35c55c3a48693d5ea631adfa19f0ad4fbb5033d38d05","nonce":"90915fae644b85b3a550cf86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"21246daca3ea66479af9836b6b45540c4cd347ed99081e58eda4ff15fe78c46fe31dc3d5bade9bfbe8f26a420f","nonce":"90915fae644b85b3a550cf85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"7123287efc2bb0dddcc0e9664303219b547276c36ca2cd2271704c701f177cbd56a1ae744609ff251b3a595afb","nonce":"90915fae644b85b3a550cf84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"9b17d7ce2316edbd254bb71fd6cf0546fbbae1b574c39e639d892134276b79f1e82e03bef66a847c32562bd0bd","nonce":"90915fae644b85b3a550cf8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"6e986d6396dec7a2fed027344ec04382af7486678d11d42d357f58c328259f1183c1c14defcb55708caf958008","nonce":"90915fae644b85b3a550cf8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"163f003c700775f14f471127251a1667698b583d7be00e5c2275ecdb86e205e2e09971dfb34e74ede51c28ded5","nonce":"90915fae644b85b3a550cf89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"836cb1f6d65c65eb8e9e125d3a37dd0b271f9955b41a5c0185b52eec9f9d89ca8e1bd66994e67fc4b712731073","nonce":"90915fae644b85b3a550cf88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"e3824d1141fa984e2a5f738adb19887261b88d2332a5d1e0300913308baad4bd1f6fb10e54a9425b26696ca3ca","nonce":"90915fae644b85b3a550cf8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"a3c372e9a82c6c5e17f003e515e813d5d9f59b3046f98561b04fd9bdcfcb6d7fffa75b541a69be1618a3e69eb0","nonce":"90915fae644b85b3a550cf8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"650857023195720f97a87875d1cf4dee01b165dd8c7ffb41ca4f2bc2fccfadb3e3acc5514aa2513d8539864c4f","nonce":"90915fae644b85b3a550cf8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"5c22ee1b2248859435e5a64f749742411bf3668e63319544f64f27e337a964283ff076b2497569f951b5a54d5e","nonce":"90915fae644b85b3a550cf8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"b09479ad51cca27fdb8ea76511500c122f5932a272bdf75d7b41d4ce89a5a42e9bbca750ef137366067edc3514","nonce":"90915fae644b85b3a550cfb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"f84e2b5a549459f068556c757959892eb261b814227173d4c34c517477eba3680dcc86559920305ff986f66be7","nonce":"90915fae644b85b3a550cfb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"32d0eab57053bf272a79a46a377c022a84a979d60f5754afcab8a894be2db187d62ad7932df447dc0d0b8dbc12","nonce":"90915fae644b85b3a550cfb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"d6e79a910c2559f4de5b639bad00f5e0d3fab1e6836cacdde4fd305cfda9bfd339a5a6d6f63b9279cb5d608983","nonce":"90915fae644b85b3a550cfb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"102d87cf0cd3bc1117ff55d25f3705ab86fae321938a7c48fcf821c2d678be1fe7c5c0e23d7de595645a272a1c","nonce":"90915fae644b85b3a550cfb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"1a6d4305c5908e992a27f7a2cef005f74a46a29a71513c6406482904279e1dcb28cc040f388433df17ea7f4518","nonce":"90915fae644b85b3a550cfb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"289d9b6d448e58d4fe64a98ccf24a7219cee429d153c7aebc303800102e77a74f5ed7b1ec5f0cef895079f17a5","nonce":"90915fae644b85b3a550cfb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"8ed3677381cc641d5313e31ed97fa281b18f9bb3a5565102e54d551d0cbb74564f657ec821178cb0cb64d5c1a1","nonce":"90915fae644b85b3a550cfb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"d4f317e930ad14821dd00ceaff40a99a567b56730a9d06f0c8ab4bae5d52e3d9447d121a996e9fe5a7366eb987","nonce":"90915fae644b85b3a550cfbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"a3a08df15bb727036895affac6ff3dc08c2ef5badd9594bcace4ec287a2ac150f4ec617b3a189478e16a9a4b42","nonce":"90915fae644b85b3a550cfba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"c977257a339b898f11ea7c37fbbe540982aa81b0627d99eab40139cf4babed130c6afdf2f71e532a24604dd36c","nonce":"90915fae644b85b3a550cfb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"98ad3a5defcc7e983c4bcbeeebb67557c84ecb1e4ceb03fc4bd960dc6c6fcafe9562df2514034a877d937be43c","nonce":"90915fae644b85b3a550cfb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"99586d71f17e107798a835ad7d73a1c3220e15bf51211a2e9af998eb6fd4ccef4c6f0770460e333cc2f3c6a7c8","nonce":"90915fae644b85b3a550cfbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"69cce876285b6b18c2752d0c285624769738b348bebd4141c28d3f8cb187f86c3a7addefc11cbc9f7fe0f4301e","nonce":"90915fae644b85b3a550cfbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"637ae363465430e03ef4801d8865d37bb086b8a2597d328c387307dae1c54bc4d2601423939867411c3a05e442","nonce":"90915fae644b85b3a550cfbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"9f6801b4df03febedb47da81559cf7714b5d68d7e02de5145ddaaee7d1330ea015230a5bb9674cf7d0d1881fa2","nonce":"90915fae644b85b3a550cfbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"204552f928c7336124a0d20518c9b63b77069feffe1f5f4632a26fcedc01cc9cb854fca818c110c2cacb14a2a7","nonce":"90915fae644b85b3a550cfa3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"373d3e2e15ebe1329850982df831f50f620719d5adb23c29dcf3d6e471b7af2803a2ba3f636740c12f3826a585","nonce":"90915fae644b85b3a550cfa2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"386989b395664b915143b43dafa69159fb4d4f2d05f7abecd49fa2d206ab7753a4ff52cbc0a4f3f01f1bd54117","nonce":"90915fae644b85b3a550cfa1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"0b57a5fb78e2e05d805cf749c977038999ff562db7994f2dd62d057c8972099b4aa28b5af760126365a2c69391","nonce":"90915fae644b85b3a550cfa0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"aeae682f516ef2a141b74eec900089a41a20180cbfb731ba6cc1f11de971252f0c7f39b9b08671a98bf0173bb0","nonce":"90915fae644b85b3a550cfa7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"50f9ad4b8fa290f26e3a67b3022a74e2e6e325a4af0b3f85cd3cd8a3d31a1012b5b6610af392697d76195f1a13","nonce":"90915fae644b85b3a550cfa6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"fc6b358d998d3e64bff40bf1ab319799b9181974c0b4feb23e787efea912b82315c8897462bd2ecbb09c8837a0","nonce":"90915fae644b85b3a550cfa5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"45bf589ae29fe1fd59b82ed44f7656c0659428a76c8be8e32f6e44ee7b4afeada87c93c3eec69009f2b9e63341","nonce":"90915fae644b85b3a550cfa4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"081e0631940b2e1af1e35b6cd81a152c2608206d2c97c64e3499cfda286bf34ca13f47e1abea4fee91becacf8d","nonce":"90915fae644b85b3a550cfab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"1fd72790777655c784374cd7f657c7ef1741077fd02e346c1300cc42decc7b926780bfabe381e0b52b77bdfec9","nonce":"90915fae644b85b3a550cfaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"4f4f8c89bc8cd6d96b46713a162f1c113221ac40b6670b4d81a0c884ee66370997c4fb6bfe7210223a8494f217","nonce":"90915fae644b85b3a550cfa9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"16741cd380e5cdb87c8bb750d34ca880b146cc24c94c99c484424c11ccfbdc893e5be12fd738cc9ac717e93a6a","nonce":"90915fae644b85b3a550cfa8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"75a2d574b8f9bac95e7de526e4834714c4b9bf14765d54b4e1355e57a154cc0a9eb60c5512a31379cfd61c09f3","nonce":"90915fae644b85b3a550cfaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"40c6fa374813c4d09d93d0cc1d3d3d2a6a77097363e24ab77958e6d94ce4e22fe086f219b481d6c09e1390a85c","nonce":"90915fae644b85b3a550cfae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"a458a5b93063be703ead425bb3cca1fdfc120c0b28a03bab59af3738491fea9013e4ece8672d839449233122e6","nonce":"90915fae644b85b3a550cfad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"28d3dd03f3f9cd3503068c3e6058ee76957840309dd6376554a363ea6f55aec080328b266402094d24987331d7","nonce":"90915fae644b85b3a550cfac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"d39d0497789286df9baefbad41c2e71bd62a2be285db9de1a42730ecc1a685bc37de593eb307e13b3b0c68af8e","nonce":"90915fae644b85b3a550ce53","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"008f5d0533730674833fc37c5d8013213c69853bba8cd02e9f83cc4bae81732e"},{"exporter_context":"00","L":32,"exported_value":"3c8a036540427b2e2d4b439fb8189461afb81772259bc7b33cef60f34088b6ac"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"1d8d89638a1d3ab795003099f4a59560614b23116f3268081fa1be40d431b54a"}]},{"mode":0,"kem_id":18,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"17320bc93d9bc1d422ba0c705bf693e9a51a855d6e09c11bddea5687adc1a1122ec81384dc7e47959cae01c420a69e8e39337d9ebf9a9b2f3905cb76a35b0693ac34","ikmE":"9953fbd633be69d984fc4fffc4d7749f007dbf97102d36a647a8108b0bb7c609e826b026aec1cd47b93fc5acb7518fa455ed38d0c29e900c56990635612fd3d220d2","skRm":"01a27e65890d64a121cfe59b41484b63fd1213c989c00e05a049ac4ede1f5caeec52bf43a59bdc36731cb6f8a0b7d7724b047ff52803c421ee99d61d4ea2e569c825","skEm":"006c3ecd07198614d1c97c0c6874e522853efb5056f5272fb8d516db13d6767187b849bf59f0421b01af8f44b53f6bc7c73d608030086fd6fa08ee9a519c9b19cf1d","pkRm":"0400eb4010ca82412c044b52bdc218625c4ea797e061236206843e318882b3c1642e7e14e7cc1b4b171a433075ac0c8563043829eee51059a8b68197c8a7f6922465650075f40b6f440fdf525e2512b0c2023709294d912d8c68f94140390bff228097ce2d5f89b2b21f50d4c0892cfb955c380293962d5fe72060913870b61adc8b111953","pkEm":"0401c1cf49cafa9e26e24a9e20d7fa44a50a4e88d27236ef17358e79f3615a97f825899a985b3edb5195cad24a4fb64828701e81fbfd9a7ef673efde508e789509bd7c00fd5bfe053377bbee22e40ae5d64aa6fb47b314b5ab7d71b652db9259962dce742317d54084f0cf62a4b7e3f3caa9e6afb8efd6bf1eb8a2e13a7e73ec9213070d68","enc":"0401c1cf49cafa9e26e24a9e20d7fa44a50a4e88d27236ef17358e79f3615a97f825899a985b3edb5195cad24a4fb64828701e81fbfd9a7ef673efde508e789509bd7c00fd5bfe053377bbee22e40ae5d64aa6fb47b314b5ab7d71b652db9259962dce742317d54084f0cf62a4b7e3f3caa9e6afb8efd6bf1eb8a2e13a7e73ec9213070d68","shared_secret":"6dd281daf38db958f858ed1a9c822d923c82d897007c8378e858647cffbccf5ee8af816cac5d6e43b4814b0002bf625580695fd622dc90adb603fbff60947917","key_schedule_context":"0075e4033f8435ab2e4351af456d3d0e48d88f048993b59a50ef846d88fcce0f81424d5fd737aae133d36f3904a06750412f8aceccf0b84181f9bd44ed7735e65a","secret":"e3eec976a4c2e5e5f1e627d0cf51a1d457ecf8b1001ac2dd4382bdc465ff4139","key":"9e2062cb229bffa17e7ffcd25d30e3544391c2709eb6936f777ca5cfca69bb3c","base_nonce":"12cbc5e68d45d54c95ad63b5","exporter_secret":"6c62a3c65dc9bdaec6f45b2550fd90ed45a93cdb4c8c8d9839b5774d34791866","encryptions":[{"aad":"436f756e742d30","ct":"0d743e13c26783dfff2e2c7c33b7db67550980f8797556e2a4f9cdc7135fc85d0e1ed31bb1b6165729f724b95a","nonce":"12cbc5e68d45d54c95ad63b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"87e5a98d62ca3bee09c582d8d9212b3f14b65603d7566b5dc6a9c18d27740bd5776ab9baade91edc1c592acf26","nonce":"12cbc5e68d45d54c95ad63b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"a4f064f0ec0dabbbaa90b8a2c238ed5626b9c18845edbcdc82f6bda72c05aa1a2cf004d368069d265f6e4ba156","nonce":"12cbc5e68d45d54c95ad63b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"0c5ba4ec9c4766fab8a2acf346b905b6081e96e2c02f2e35d3c9a64c451dbe78911138f998087b1fe663716709","nonce":"12cbc5e68d45d54c95ad63b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"97083dc42770e43552a5c12205c2635c3ba9efec2290de0aa3b1663762023aa54de074f04bef8710453996d34d","nonce":"12cbc5e68d45d54c95ad63b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"94a0561f0eafcbd10e8c1ec2d8be1a05da1aacc6b0020afe2030c0c47dff89d68e23c4914eec59f855c157a396","nonce":"12cbc5e68d45d54c95ad63b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"1df0161ad50e472ef1cbf054196567090fff46fdaf638547bad32f78f6d5ed00046d20765458d6edff25f0d0b5","nonce":"12cbc5e68d45d54c95ad63b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"3effd993406afae6b54dcab38783482d6477fbab44b550576509e05a1715ea6aa64f86b37639b677145db993ba","nonce":"12cbc5e68d45d54c95ad63b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"62791a4483fef4a936ca6f9853abbe3243e28e412bd36b9627b1d2eb40f6ea5230d57f23e78b07804b99afb2a5","nonce":"12cbc5e68d45d54c95ad63bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"e542df87280b3fe97503664e2c84aa84a86ee61ca0177dde9f8f08b00a444f6a4010171cf23aa41e4d866927ab","nonce":"12cbc5e68d45d54c95ad63bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"229f082d41d89d230648a1b38726f079b57d2c47c9c7d604f4ee04a95048fc816e5e34c12dd1c9674986a79e42","nonce":"12cbc5e68d45d54c95ad63bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"3e3e4bb114657a982107222d8af5c37e57ced8a3bd40290c54b3dcb2c2dffbc163a2fab66e0fd3e2441f2b5e23","nonce":"12cbc5e68d45d54c95ad63be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"a0a2abd378642c02e60d0c3ef64d714ee6fda836a433c0789c15de291c76aa232c5be80de3877668b4d2988350","nonce":"12cbc5e68d45d54c95ad63b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"5569a6f132d1bf0fb49dae45f3b6f5883222b2c64b270a14524c3ddace4747eae6f7b874a7f09dd9c85190e010","nonce":"12cbc5e68d45d54c95ad63b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"2c709fb7af2344d84096f9b4657f65e9867b23dcb230d740bb6fca435b8bb4541f1f4c9f655d42b3dbc6156109","nonce":"12cbc5e68d45d54c95ad63bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"0dd5017d73828ef28d623fb686e7552b471d8e6174f4434e6ea78824e193f3a389a65a751a2608507e2856d418","nonce":"12cbc5e68d45d54c95ad63ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"8334f68c3cf4af104d1f5463d2681d5f15cf0213575bb2de6f924b06e34e6c380bbbc678be8a6d1e39fbd718e0","nonce":"12cbc5e68d45d54c95ad63a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"7bfea230ec066264fcbe341cb8afa96faca88db6770a6a7e2882ed0b47e81b71f5ecc987f1cd834b4d42097e4f","nonce":"12cbc5e68d45d54c95ad63a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"66a75753f45193ba501e29e0ef82c1b61d2e2931404c52d789a3cf6f7146ac92681d979a00f629aec80f86c571","nonce":"12cbc5e68d45d54c95ad63a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"210b22b3225fb449539bac4335f2253b1087d2726250cea0264e90d4bb31bad8fc3b2cd3bcd397a6144a366a31","nonce":"12cbc5e68d45d54c95ad63a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"ef681c9f83c8004bbb0cd1da6cf2ec9db850237ac4ec59f3f32b88719454dab1b68b45d3f7f0b6ecaaec9ee9de","nonce":"12cbc5e68d45d54c95ad63a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"e5e600ca6048451a23d663e07e1da8ffeae93c2cef16083c9389fb2652b5bb7f77ab9a9d9ea78d711fadc1fd5c","nonce":"12cbc5e68d45d54c95ad63a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"e68f7ce7bf82add6f8ead6e8499f311836634b540c33f0c4e0b3f4dbacb2e41adb39bec7e26a5553feba5d5b98","nonce":"12cbc5e68d45d54c95ad63a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"7aa53cd624612d8ac36c7dc6c4646bb0295a12970aa45a92b9ab269810c8daa65d6e54f298d64f54f66a7e5224","nonce":"12cbc5e68d45d54c95ad63a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"4ad9be0e10e696bf77106f68f0934d7fb0c55bb301187a2ab66c49a22ce814afc985e29ea381592cfcbacfc229","nonce":"12cbc5e68d45d54c95ad63ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"8daa53909cf162f0d192bc6aae2114ebac57d1e426baf9a650a6068bd5f2a4d951f9b12b4d1dfb9b0fd2baac02","nonce":"12cbc5e68d45d54c95ad63ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"47716c85a1b390e2920ca05a2126a902cb3704a65ff5379f0b3be2b8a1036b048e946541c2ae2bee74cf7ad4cf","nonce":"12cbc5e68d45d54c95ad63af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"6a2b1427eb34185166653e960790f343cff25a845cb6749c25bdff7237c4af6acdac8ec031f1449b5bb494c3d1","nonce":"12cbc5e68d45d54c95ad63ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"46b620f6abcd788a702d043321a13a87b9379b7390eae47e74418f8c8debaee319ee20cef4b541af9fb54780b2","nonce":"12cbc5e68d45d54c95ad63a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"0a9ba0278508409028225b59d81771075b9a368dd5d105945fa36b4ae72f41b00f65a3308834e2b320e6bfc405","nonce":"12cbc5e68d45d54c95ad63a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"84167c12b67a59eb96870a0d621e5fdda16543c02d867f6d29f62ba0f3b10ecfddfcee992f280096384b4e0e40","nonce":"12cbc5e68d45d54c95ad63ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"007e267f9e8941a575ece0e79664a2d93505b61e13e80252d947416dbd040b12d6e08970dd951dca29dd9b9c04","nonce":"12cbc5e68d45d54c95ad63aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"74815640cfdd7655e9e524459261d0d9cc69f51f00e3fd542b1a9b1d87a41857c3db59b8cdb6452b82eda76661","nonce":"12cbc5e68d45d54c95ad6395","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"0e70afb6e9b61c5d52cbc4d6ce577551c31c47b15eeb9ffdf65073a0868d723c0fd8dfa0dfed5b8cd5dde1df30","nonce":"12cbc5e68d45d54c95ad6394","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"0936332db8bb4a3f6aac319ac8576c4d25da15826700f169a94ec76c36dd801486ca5885fab37d0b80aa94a265","nonce":"12cbc5e68d45d54c95ad6397","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"0aeee57d7f94caeb2b64f4b7aac8cba6919b253e153047a7441122df5e0d826e89c63f5bb743a50c167a5a9016","nonce":"12cbc5e68d45d54c95ad6396","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"752df601e7aa5b6530b9a03c717ee3376d37e6e8c2487741e87937becb65276228282d11e0110df720f4c5c9cd","nonce":"12cbc5e68d45d54c95ad6391","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"4580e5963747b82df137f0137548930bed22e60c72bee3aead250671d3f9f89032ede3235d018fe61249f82c92","nonce":"12cbc5e68d45d54c95ad6390","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"5e9a64028cce472438560b4fbf921eb919640ad523a4a01af4e4392f0a3232e89dd0b8943d4bbc15997b4129fd","nonce":"12cbc5e68d45d54c95ad6393","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"a3b5b074f1b65cf4769f20f68f222c471395b91ac5f5d04faa29f299cafc0a60b5e3d46d24bedcb1b6600a62f4","nonce":"12cbc5e68d45d54c95ad6392","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"25f8c2fe53809f7b4438488465336c566b25f24eed8f95e74586f64029dad8dd74b71095aaf58f3effaded85a8","nonce":"12cbc5e68d45d54c95ad639d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"5a2b71aa35d0c2998b3f725c8cef90912fedd9be4cc2b51577170acee15c59936940c7e32fb52bbe5309aaa534","nonce":"12cbc5e68d45d54c95ad639c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"d26b7293dfd9417f21fbac4d6e583585a25025e5e1570e1339baafc9cae06cb91ed78571b1e323a73e2ee1e996","nonce":"12cbc5e68d45d54c95ad639f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"7cad212ae08399325cb6f1868902e38116e41023711dafe976aa6bfd8f20c2048423a7b2935c2131174320b251","nonce":"12cbc5e68d45d54c95ad639e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"cb002ca402f0c6d294d90030bd37cc0b3dc21b10cefc8f8886341266b8036d4ca988719f4ad9afb242087c2793","nonce":"12cbc5e68d45d54c95ad6399","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"e13e4eb7a9b5a298cfc18e5faf71e2a0703fe52782aa21d56317832f0b57f221565565bb24ce32e4517b50907e","nonce":"12cbc5e68d45d54c95ad6398","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"3451c46e91374dbb2d528ddc3d4b4bbcab27417bd4154baf1fa5a0d37dc825a36c779f307009d56bc0beef342e","nonce":"12cbc5e68d45d54c95ad639b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"dd63673ef43483eb0cc33508c99a82b3e17aa6b7c5b02bcd4b12a3b97375299c31575c999439fa4f3780c9769b","nonce":"12cbc5e68d45d54c95ad639a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"cf9931f3c792af117914e23730607ff384ba036e2d686b7a138e200155cb9fb5a4595fc6053bc354cbfa8e406e","nonce":"12cbc5e68d45d54c95ad6385","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"77820b0bcffdc8fa3f33ce46768ba633ec6e5b4d43aa4a1ca7a3e35338efc36ef907c6ba6cf4dbd07a5c6dc3c8","nonce":"12cbc5e68d45d54c95ad6384","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"bceee2659749c70e3a99b966ea7b2f2e90d9e03f4e41b969b645e99e00eef2e60414ae77f709fd9e2d3809db94","nonce":"12cbc5e68d45d54c95ad6387","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"6106fdcf3aac8e67b02be0b06aa6e87c179a96c0779dab3675c56d196da4b27521cdf74a225789378c25f2d086","nonce":"12cbc5e68d45d54c95ad6386","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"2850582cad86c1ee49519a81ccf8c1761d8cc974ee803323b99571f5e5f01f41143e3ced6c0a10121c5013a56d","nonce":"12cbc5e68d45d54c95ad6381","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"ea3dc185f527c5afcdb678bbf5f065ef8eeb4c3e172e85375b3b397c618b8e039c3916249dfc79a3710bdb138c","nonce":"12cbc5e68d45d54c95ad6380","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"055e8d1944d858a771678b591791d3867c08d14bc7dee761c4ef74a86bd889bad23f5edfb3bf25db26ae633ee0","nonce":"12cbc5e68d45d54c95ad6383","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"bc87a533a2c5bf506539485a48da82b80163d3b12a52798868288f5c60f4543d2ea14202ea0b0390e2ce47324e","nonce":"12cbc5e68d45d54c95ad6382","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"50edfa2e301c25e6cf92d36174e298101970e759a98d64eb0f9256e5f5773486dd405b1da9327e0967b85fddf6","nonce":"12cbc5e68d45d54c95ad638d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"14c1dcb7de7724a773571b06e16a194fc9041a36a610c4b61243be3dca64ce90a9e5f2eaac73b9054926077743","nonce":"12cbc5e68d45d54c95ad638c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"fca72d0161a026f91270785ba6465e7e8fbd089abd293834358481617c2e5ff930cfc8aed547b7b7190ffddabf","nonce":"12cbc5e68d45d54c95ad638f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"c2dffd66efe9ccb1df741049f247d73200ee7101e68381772150661d326d95b87ba9231d5281fe06b3a56db5c4","nonce":"12cbc5e68d45d54c95ad638e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"f63499bcbceeaf5ba7ba41de16357d6cbc73ed5ad74350620837e54bcc60f725bdd3be54b72dd47a8efe526e0a","nonce":"12cbc5e68d45d54c95ad6389","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"b705761a147c35cf8fd4170f63d54b095be6f996558e5462355b10395cab9db017b21bc361e28ac57b2f964b2c","nonce":"12cbc5e68d45d54c95ad6388","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"a6255525a8729a824d930ba2c3ec8731434d6b4b6ae5c17dd71dea78ff98c63b80ba501952e272453349810247","nonce":"12cbc5e68d45d54c95ad638b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"ffd92012cc1d0f3d6cf41916299f4d724bacd1cf7ae88c2465b9793accbdad55756834a7cda9c0a477051ea270","nonce":"12cbc5e68d45d54c95ad638a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"059ace44607f00d1e83b9078d108226a35e08cd79b7b31362a6e8a94fc234519aef01934f5a6894d0651af980b","nonce":"12cbc5e68d45d54c95ad63f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"3602656af39c9e85969a5bbc25f388f51b3d278961237e0b791732d654726500baad0ff6bc56e4f8657680b274","nonce":"12cbc5e68d45d54c95ad63f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"9636310705b6362f52cc7d5e291e37fb9743730b5cad9713fec5487967d7a745fb6eb6e3fe8cdf96bcf4ff09f1","nonce":"12cbc5e68d45d54c95ad63f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"030bcba3ee6eb88811cece1dc6944794df7238ba265f7d64c7e394995fced38e09215b891ecb6961ac988991f3","nonce":"12cbc5e68d45d54c95ad63f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"551d60e258af6db36759e64fab4638e5b5a33b3cc82adc6da3a1a816ac87e4a3f9d68b06b8a1d1340ed9359fe0","nonce":"12cbc5e68d45d54c95ad63f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"07694cd113e50d56f4313e78c7eb14a65cc9149d6dba5107dc01ed1915a9e8f5ec9d60029bd5e1ffb01412bd9f","nonce":"12cbc5e68d45d54c95ad63f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"af672cf7b317099ba147c8cebc07a99f54170bf2c65bab007c8e576be9957ca64249b659e5b25a61195c50561b","nonce":"12cbc5e68d45d54c95ad63f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"f2057395f03881432bcc3765649d610b9e867fa8de098c2ba1668fdc632a75f42523e661d4816ced96ec9f1955","nonce":"12cbc5e68d45d54c95ad63f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"9ec242081447b72e6bb8310a383af0523fc3e95584b54e1a278ef2ca956c45c521bff843009564e2a40291fc4e","nonce":"12cbc5e68d45d54c95ad63fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"a3e40d8ef7296e7cd9bf55ae89375116042a278b6da74e3b39bf3ab79cc277e6000fd8f8a3b8e45fd103b0bda2","nonce":"12cbc5e68d45d54c95ad63fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"8707d3651d96ae4732ce952d6eb1880b0ea5086bd09c16fb5f29eb9ebc60717c644f1ed6e51e900b38d3a78885","nonce":"12cbc5e68d45d54c95ad63ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"9cada14996f0da4242868ad147f0b8c41cd771d31ce3c832d7b399d4a35276c6c7ee5cb02016beef14389512ac","nonce":"12cbc5e68d45d54c95ad63fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"cb3463295792151e7160016e7a0d6291a0be992ac29319fa615278a10429c9c259b796e8f9fdbb89a0b7077573","nonce":"12cbc5e68d45d54c95ad63f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"ad35be122969ef7e4d078e5753ae92fba0430e7cee720e45cc93d6f1f311fbeb746ec5d27b48938797ed8cf6bf","nonce":"12cbc5e68d45d54c95ad63f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"ecbe54a73369f5d65d716d9f2f93a99bba210655900a74cc288b397a13b0ba21906a41a4ef01a3610c9af01724","nonce":"12cbc5e68d45d54c95ad63fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"8273bc3dd6be2f173140d5e2064f3057d581a55ed019b6603b7c8b59aa6ea74f82777780a647ff0aa46075f60a","nonce":"12cbc5e68d45d54c95ad63fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"346b26043070ce03082cd2de445a01aae875ced3302287705236774f77ce97273471f4d7726331d16d6adb00f2","nonce":"12cbc5e68d45d54c95ad63e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"70a8bbaebe961e30687771dc2aaddc7885cb6a7391d2138ea245d5176a2423ee5c60cb6baf2f475a115e85a21d","nonce":"12cbc5e68d45d54c95ad63e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"beab53dc20dfbce549469a82766ba30e0859e9ed4e41192565e41586a3b65bee8cd767cb2bc3b984e8450c3eb6","nonce":"12cbc5e68d45d54c95ad63e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"109b360ec7140e840cc7e6509786a803e5d8fa64979afdd986165c7eb91f1da2ed49774481961ef4c36c8ee711","nonce":"12cbc5e68d45d54c95ad63e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"109fe1f5c1620df8fc8741dfc2dd64b453e75df37637202782de9533a5f81413976498107231502cba4833f63d","nonce":"12cbc5e68d45d54c95ad63e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"441b55791195a9880e1d9cc771483de441d9d18370d6f4af4f537dac0acf399a8290500327d12fd73b0f46a88e","nonce":"12cbc5e68d45d54c95ad63e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"72c57a2f77aa1e874ee9d56009a286fff7808a05911a6135f3e76bc2b7cf0384a7195995a679c3d1c533d9f853","nonce":"12cbc5e68d45d54c95ad63e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"ca75501f06a120ab2a758ba4e015bad738be90181c2593f119757c7590e9060a20008e446fe1b2a89e5871615e","nonce":"12cbc5e68d45d54c95ad63e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"e21baac0b2f6102e3178d3f33be84e199dee99a203584af1524ed71edb4f0274fdcad926d96ca58abe66b7529c","nonce":"12cbc5e68d45d54c95ad63ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"45135850e8a7626124a062d5d595e3ad79b84a906f76502e7fa880356b68a94a79c7cdb23807d6d4b9c13b0fa6","nonce":"12cbc5e68d45d54c95ad63ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"7a9da7b018294389d00b75022a402cf0eaa0b9831639f0f1d57aa3680392ac667b7e87495bdf0001a1a2ef5ff7","nonce":"12cbc5e68d45d54c95ad63ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"f816abf5c151c738a05fab4e826806d78399a1126d01262513c34afe6fc84abd5497720341eef381e64f5757c9","nonce":"12cbc5e68d45d54c95ad63ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"fc8d1826144e488ae53e97dd6a1f55a0a6b9f47de5f1e4bad0ecdf9271b954c2dbf7e2df0ad9ec5a9100c022d2","nonce":"12cbc5e68d45d54c95ad63e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"c7431cbb9e298e22392b892e8f00dac4eff7d22ddc94f7050bf13e81bcef6ae6bca059b090899959d088b68b47","nonce":"12cbc5e68d45d54c95ad63e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"1f686e9cfd4170dfe10248c00887cf398761a5666c41f896e49a1a0f791052e942274e421adbf0b7037748dee6","nonce":"12cbc5e68d45d54c95ad63eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"2348080af1d836dd05d25e4ed85a1abd193d1379be18a439e251f897140c5bc1351f942c9bc7b399ee2765b1c9","nonce":"12cbc5e68d45d54c95ad63ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"5a46d3d29737508ffff2664a6afb56d6526e83c6ffdfc955aa0e16a80c7f52d0830d263791634e86586e79e5f5","nonce":"12cbc5e68d45d54c95ad63d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"fd2886ec8cd570aa6278d6fac21e798be8fdeca6076fd912e5b1403767fbd144dfe5fab0e941fd46bf0538a8b9","nonce":"12cbc5e68d45d54c95ad63d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"1d9130dc0180004af2a1a4c003442a5f2d289ec117335927244bd5c9e11a7ef833a85fe0b7303347ed373f8f51","nonce":"12cbc5e68d45d54c95ad63d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"76b5199094d8ea9cf5b1e7f9816fdfe792c05a07afe8c24f6d3b89fb192971bb1441e5fc6f8fc749a555a929c1","nonce":"12cbc5e68d45d54c95ad63d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"d6c1865b3d327085364d77521ee27d3504de907043b0d25627767dedc29a0fc1bd244edec070eb6b7a088f9c0f","nonce":"12cbc5e68d45d54c95ad63d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"715c957d0cf7399e8f384cec7bf255ee21d780604d9e28d55382996cb258681c09a59392089717ca445bc5bd03","nonce":"12cbc5e68d45d54c95ad63d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"d86dc4aed2d949e0ff6d7598ccddb68918c7f675d2d17a039465b258f43e9dd0377caa0276a65e481bedb2950b","nonce":"12cbc5e68d45d54c95ad63d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"7cd59c39c3a1f63db16211ef02505f39318f8a9ac0f0893f00c591c79e907e87f0b909cfb7173a4f441e3f3544","nonce":"12cbc5e68d45d54c95ad63d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"429059fff7b9bb24759c2a7f49883c19ecc52ecb858240e0f6a4da8644f8001e7e6abc80b484329b27fd8c1313","nonce":"12cbc5e68d45d54c95ad63dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"658662e97e305ea910921fe9af92b4e0f70689127caa2e0e7c52961a3de933ee30c4038911292459aa8dffceb4","nonce":"12cbc5e68d45d54c95ad63dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"3d218890a33549498f5fde08241cd4417be327a350e2f9e8150b54a9f3b94a8b17728c9348883336e2d31f4fad","nonce":"12cbc5e68d45d54c95ad63df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"32fd103469d68abd269cfa253f3f15e3f6d018af94d0449a5106aa8c8c45ff59e0f791f99d9d15f2445f5bd417","nonce":"12cbc5e68d45d54c95ad63de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"9208f91fcd7f2955ab56048c35936f17b1ee475d7de9b21251e9d03dda3d1f1f9bd52baa7bdfd8f41aaf36643f","nonce":"12cbc5e68d45d54c95ad63d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"bbf2a2927c00bb30e330e25574d726615cb958120538396b36c0ab5a5b96b779ed7a1f48e81b0d6b8f354fd68f","nonce":"12cbc5e68d45d54c95ad63d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"c1a5cb0af29723d623e53657854caa785a53e10316aadf3cf4c72cde8ddea409fd37f7210134afef2d7229ab93","nonce":"12cbc5e68d45d54c95ad63db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"20fac26b7d9dea39f89b92fc1e7070a44fe7730a599bb6919d995caa16b28347f5caac932b658a6642d788c14f","nonce":"12cbc5e68d45d54c95ad63da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"836d2f0ff919bf15f4dd621c5e462e9feaabfb62c9aab192df100fa61f76cf4cf17b05d5cff4dd8535d5bf53b0","nonce":"12cbc5e68d45d54c95ad63c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"8aebd72da529a82e891842d6aca6a4740ff48a4ab5948eac861bc58d933c6dac1b9757bfa3c5839f3107e54e88","nonce":"12cbc5e68d45d54c95ad63c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"17c86251a267451ef3d5373276fc6164cb430d7caed2278ce0cbbc7c39b11edb95473fdb99296ec90aec7bbd5c","nonce":"12cbc5e68d45d54c95ad63c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"0018aa7ff87a05d0114f5ebb892de65f82b689457ba25f119c8872c887ed7db042ce096376eab22cdd3d5a4c43","nonce":"12cbc5e68d45d54c95ad63c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"bef23c969e8d283d016c4d31269a20f8a803e743a36645d4b936344ef94bc51116c090a27495094f5daf530f13","nonce":"12cbc5e68d45d54c95ad63c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"aae2a899c1cbe295f33416f46824974bdcdf8794bfcc11f36ab61ec91a360f66847ffdc41cdb516f170b8a3598","nonce":"12cbc5e68d45d54c95ad63c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"68a3a37bb7b4dedb0e32ca4de538a48547f91ea63d505f7954eaaae92d0761bae0b9272bceb1b0e27351df3ef1","nonce":"12cbc5e68d45d54c95ad63c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"be2f0b767c3dacbc3b9c0d0aec508f5fa9d7f55f38f610bfbfd2e314554e5cc6843e7f82874a979965465a236d","nonce":"12cbc5e68d45d54c95ad63c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"a6fdf3556d4d341d7d848fff1c5c1df69b8433adeb90cf07814e3baf0baa19b84f0f66e898ae1446253012bed5","nonce":"12cbc5e68d45d54c95ad63cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"ac63d3e269f5b9830a0e0b9cbceea6bba6958839b4c2f3da48aa2b5e672fafacf70821b06e313e3c1c967ca334","nonce":"12cbc5e68d45d54c95ad63cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"528e7f5dc492e4be8dfc7caa7595dcd9248dbd7810114d68f82a85a798f5a716b1a37106660acef7fca2162a4b","nonce":"12cbc5e68d45d54c95ad63cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"0169a89be4268cddcdd961084f4135e6efbed024724c0ffeb83d26716f50161fc0845d4493a9739126cefbeda2","nonce":"12cbc5e68d45d54c95ad63ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"ead891cd81660b6d99e8fde93fc2c2c1a949eb202975730e170c198beb4afae754df0ef0d3de045ae0a8983416","nonce":"12cbc5e68d45d54c95ad63c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"f7132fa73c0b0b9a086a1803f2167e3e1a118abb3584affe045cddff9472223b94bd34107f3ed65f15f937805d","nonce":"12cbc5e68d45d54c95ad63c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"9a27641f221bb720bc620b8d170e10a886b98e880d18b742dcfba6a812d21c261e6c902bd46b39a67d7fdf84ec","nonce":"12cbc5e68d45d54c95ad63cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"661c772c421f043dabe93606b0188c0a98f5947cb7eb8e2980dd25573fa5854434ba8a515231a04c0c0f9c0c7b","nonce":"12cbc5e68d45d54c95ad63ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"e16e80a20d9669b59ae521fca6db2550090b6d7fc6da49b9b231ca2904ee29ee9a37ee889c810e3f07a85616ca","nonce":"12cbc5e68d45d54c95ad6335","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"babe518d97053a77c36d09620d286ed157d1989356ed959a0c74f39e54e6c7522bf85ee5243eb447eaff5da640","nonce":"12cbc5e68d45d54c95ad6334","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"38e22d90a7765461ff57bcabfd2cc1d6bed5709ac2e5ef9bfb0c0f469413d906edb1da2d1727fece8817894b41","nonce":"12cbc5e68d45d54c95ad6337","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"a344c5c46aa34f2ca5be49a6682ec466afd35d3aae9ba64cc56a7aae7ac3135bfa30688d11555b7a06b61cfdc4","nonce":"12cbc5e68d45d54c95ad6336","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"f9ae4b719bfdf0348661ee5ad6cd9e930ab06c6fed34ad78bcceb08c538f972105d1398346f1b7a4bb5992c63b","nonce":"12cbc5e68d45d54c95ad6331","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"3b68d5ec26204f787ad8b519345f2ab8c56b17dec27911538ae2b4051ffbb71889e0d9352906edc8663a8b7e4d","nonce":"12cbc5e68d45d54c95ad6330","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"fe97b74b36169a5d5360def76523ca17af3560d8378186fcc39251ca4803bb8394bf390cf4562e70928b0df2ae","nonce":"12cbc5e68d45d54c95ad6333","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"c92e3e1feb0adb20bb26b7d85506ac528021ce6d2bca213ff0844aaf26c7e5006c03a2c042a6e7d33c3e08b5ca","nonce":"12cbc5e68d45d54c95ad6332","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"a890d601a46f70bac484d42f64c1dde73b99e80923e4c01e2dfad5cf1495f00e2275b330af08f923c9d393cf98","nonce":"12cbc5e68d45d54c95ad633d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"3d1326723f9cb1088c63610d2fe620be0ecbfa6b7168bccf10e5a817f0f5c5f7ad84cab7d898cbabd6decf1db2","nonce":"12cbc5e68d45d54c95ad633c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"35a46ebc512dbb99e2684925102456e2c1e82228576d047df71e5c617e9513f7e7cabfe89a2f82e8d5c9d189d7","nonce":"12cbc5e68d45d54c95ad633f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"96bd35b54903249e8006e126782bb6eeabdc43ca34f4cbe0713c265ba9c356e58ea9b37f37f6c44eb5b6c1b61c","nonce":"12cbc5e68d45d54c95ad633e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"ab8d104c25d83bd52cc4255df3b26d0e92545c8d5417dc49d45cb8d4da988fc3df8b396a7332d94af351b0f049","nonce":"12cbc5e68d45d54c95ad6339","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"a5cd756ea8bd1b2fec0ec5cd0baec06ecf02fed02ba0f69110faf27e1f0ca8ab4c12a765081f2c34a555e6e86c","nonce":"12cbc5e68d45d54c95ad6338","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"b8ebe72b5fd34b9781504f5e688e8244bbfcd452f754e1a212f9e6a682d96b2e88c96a7d279480e604d7c7a197","nonce":"12cbc5e68d45d54c95ad633b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"887ca2003dfba3a0e524d6700bb798253318dd64c4700aa63eda277ce13907b828b22683823ef91f92120663a4","nonce":"12cbc5e68d45d54c95ad633a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"bcb2af75840499fc24de0123cc07a9132b9566f3bc525414939dfb7feb08c61b604a318457859a5dc346d44755","nonce":"12cbc5e68d45d54c95ad6325","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"9ab555c5396206245b621dbc4509b6dcdff068ec42c69f5d1ef30dd17741df234db015344947e3da94f676f88c","nonce":"12cbc5e68d45d54c95ad6324","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"c816de895a79c9d35524fcf45de64b56f5058b07f4a0991df420abc82cb80a8b1188cbb1c99af130f51405cfa4","nonce":"12cbc5e68d45d54c95ad6327","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"c174c8af88da742ab23b7bf4b6be048d3c5691e1de8d95936e1ea6083308084a79eaf955dcea04cce522b7cf74","nonce":"12cbc5e68d45d54c95ad6326","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"9e4dcc56e034f2ef4776f75c6104804e0ea3582dc000e46a9ca9d55494b6e1a92da0d520a5a463885bf085570b","nonce":"12cbc5e68d45d54c95ad6321","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"6593068bfa5d1a060efe43c3a36eb6192bd83d2116ade5fc28799973efc1bd13ba065ed3931ea5883885ab9961","nonce":"12cbc5e68d45d54c95ad6320","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"0bbaf90021e8b825ac8a6decebed9d2ec7e6d6d806980bd71541aea2dfc2b8c467ea995fbd906bd8b96d92f72a","nonce":"12cbc5e68d45d54c95ad6323","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"f80a3cdc2c0c995032f82aa848cd5615bce4bf0d3be491a08abeae45ad1c913e7de1023e45ca4873f8a9d6dafd","nonce":"12cbc5e68d45d54c95ad6322","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"a4e8fdc9326f817764a4b8439f7212ecf5adc3f8246ac5b8a514db5a1bd516d0843a815b39a3eb282b8f6429db","nonce":"12cbc5e68d45d54c95ad632d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"d2c9f3c887f63d24331c263599893e2ab69cf0db9d35080b70e87f10b356f80711918efc694797e6b807168220","nonce":"12cbc5e68d45d54c95ad632c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"2f79aabb408ef067b0d2f8fb42c8e72bc3e528de5a26c2296fee7bc89f52de031714de1d23dbe6b41b01b71374","nonce":"12cbc5e68d45d54c95ad632f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"548404b7e86b4f601a095e42242f0acfa41ec242834e5161cad2580770886c5061f22f6cad680a1f5a70926c32","nonce":"12cbc5e68d45d54c95ad632e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"95e0f0e308fdb15989f3071c6dbb6b442aa5ce6ece3d63eafc084d1264f9b4f2feee08eb59bad13f420a9fa92b","nonce":"12cbc5e68d45d54c95ad6329","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"88e0b51554e309c0aa6e1fc0641197ff3751c780a8d7ab019629352c377cd89f58b706065748284371e3e2c717","nonce":"12cbc5e68d45d54c95ad6328","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"451cafa6cd5634a80e37315227fe2b25aba250e128d15dd921655627f0505ee269929428e4a01507ecb95472af","nonce":"12cbc5e68d45d54c95ad632b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"1202dbed0f6c48d23112814c8251c341abd7ae238d28712dc482e5786bb153b21e57387cad2784fc3acb1e32cf","nonce":"12cbc5e68d45d54c95ad632a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"50daeb29e36f7bc6d2b8b3f97fa1ed6d5f60454efe5a47c0b4d31fb7af244ebfdb0f6d8b7f3c49a817d46b47b0","nonce":"12cbc5e68d45d54c95ad6315","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"c42c273d3d602e8090a06869da2706ba6a8d7b6e41314be8a99d7e7b168911dc531d26bfc750d4f363d7f99747","nonce":"12cbc5e68d45d54c95ad6314","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"1147741d625769a5ca5e8ebc64875025bf6f9cc5a54e27d526c26ef694d9411ed0335a762ed54d927cbba81922","nonce":"12cbc5e68d45d54c95ad6317","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"af1720b2d6cdeee8f7e70a517daf5876b3d6e8bf9c1b49201b4f2769ca363ee424bbb9a96003994e7bae332cbb","nonce":"12cbc5e68d45d54c95ad6316","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"d1d352c0c965e9a99671c5e5bfc7ec25c466ad265d633baee17e18a1744729e32a49fcfa6a15e10dc3734fe593","nonce":"12cbc5e68d45d54c95ad6311","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"088a69138242f25095a47dda0ffdb2a3b5344188ed0d968e115604301898e78d10fb3c2298689de6598db8cf18","nonce":"12cbc5e68d45d54c95ad6310","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"8acffb48e1052c5a56a6a4615edbe2c5fbeb6258dc029be1600628e6aea3ba598ee519a5aeec1270cbda6f7b37","nonce":"12cbc5e68d45d54c95ad6313","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"f74562519254e998aabbd546d420ed92862b72c814869113f408ed58ab01f58170d5343db838b9bfc59f500cb4","nonce":"12cbc5e68d45d54c95ad6312","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"33ee334d96b3f309bb3f9a3793e57c641a608e455edaa64516d435dd90bdd158f7f1e00878160413df3ee0dd6d","nonce":"12cbc5e68d45d54c95ad631d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"1395dcc312d3ae886473f53d8afaddef4060646a75f9f6331575098e46f57cc2aca2dd3bbaba8e679ca4e52e47","nonce":"12cbc5e68d45d54c95ad631c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"08e391c0843561686cb8ce5154418590336a70d63cbd436bc1e25f0b505522130423f13580d18172d766bfd608","nonce":"12cbc5e68d45d54c95ad631f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"7b0f618dfc534504b295a95a706d0e5c16dc0ce31e477d9b441f7d44ae6706f84a6c7dfb60a66107cc93e79e46","nonce":"12cbc5e68d45d54c95ad631e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"5a41f4e6659cb574a69ef5582d2ca5e3c52c516a2282c8725cceab89443ce90e12b3311d256e1aa39229f5be04","nonce":"12cbc5e68d45d54c95ad6319","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"dc28ed3d4e15e43f234041569a29e0469ad57ea7495d57df07a0d5926dd02642d7613a984c91253a84551060d8","nonce":"12cbc5e68d45d54c95ad6318","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"41479c9f46b686083fb27042ea563dce70a47aa58e2273555f3870f045f8e59bd170b6a881b0a400892948e89a","nonce":"12cbc5e68d45d54c95ad631b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"0e8d36e5711e209bcd181f2fccd776651935d2f13d77eab684875e483255eac49ae2e8010dce26d3070fbd2aab","nonce":"12cbc5e68d45d54c95ad631a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"4dee3f8ed08bb7434f2610f0701e98f4b3f65dcfc56f75acd373a7af356c2ea8f536989f7c9d657822d37d2517","nonce":"12cbc5e68d45d54c95ad6305","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"31690b0f4dc137f30fc510586928cfaa6344e092010779978c9b6d926e7479a970682d5c75241a641f2c0fae8f","nonce":"12cbc5e68d45d54c95ad6304","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"00e5483e177f53c4a7cb71b444f6496b05dce462045ab1a9d6bb0a130ec570debdb86dc65b10ea8ede22da1055","nonce":"12cbc5e68d45d54c95ad6307","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"56cbd10fd3610edea5072acdb64ec250648db2786f2a48f0da80794563b42915dab303c03f007cfcad7526b357","nonce":"12cbc5e68d45d54c95ad6306","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"be91823c09525de1ab065667ece1b012b1f88d90391f58d9d2a782b16821f5084cf3188a5cc30544858cfebca1","nonce":"12cbc5e68d45d54c95ad6301","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"b8b2c219cca39632dc91aed22f6b10234a999e739cca4b3d76ac7fab9809812971e63dc12ff4415023c54e4282","nonce":"12cbc5e68d45d54c95ad6300","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"b2e388a355d812581a41609c8804aefded7ea90479c11c49b6af34519c257c6ae71fab4e472cff8fe63344135a","nonce":"12cbc5e68d45d54c95ad6303","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"2b645ec4863926e336e42ce418b4ec11afcecb93f13526d461bd4e2339deb5235d57d4d3df8a06553e5f9d2ff0","nonce":"12cbc5e68d45d54c95ad6302","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"82ffeef7f28f6c9b4998ab0d986fbddebdc1505c7eb8363febac4d77b7a3f53531c516f4097ab1e921ceac848d","nonce":"12cbc5e68d45d54c95ad630d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"947040f7086a9bea2ba686533b1acda17d73969526b7f62be80630e238ec3f7be226d7df6b84d64ad55bb3c2f8","nonce":"12cbc5e68d45d54c95ad630c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"e841b1e9978d9e174d5dc793cbf2f156ee84114ac690a2b1e84da9d06a36aa2a4de1a73b5030ac51cf58c84035","nonce":"12cbc5e68d45d54c95ad630f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"cb9547586f635f0f77e6e89041b3ba5a789a08dce910843894f3258a0e2935666ced7e2fe405aad073583c082a","nonce":"12cbc5e68d45d54c95ad630e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"f139e2ff4334884c34572ed3fdb66622e127c1c9e15f94d4126f29b14f777d28cc69fc4d908b8adc8101a96f21","nonce":"12cbc5e68d45d54c95ad6309","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"facf81efc25f91a7148bc5e8e4921515d9fc31a3ad6d6e1595ebf4cc4d22e5404f10437491bcf1bdaf7d8ef8ae","nonce":"12cbc5e68d45d54c95ad6308","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"186c21b951ac16308c1e19932ef2b66cf60c3f5b0e974570b3f3dbb3e484722edb20aff7c65939db3ee315d300","nonce":"12cbc5e68d45d54c95ad630b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"85343f93682e0d95e6dabf00a8444f2fe99b0077d0dc74c0b0fc008903cee77083868a930a31e76bd32fb094bf","nonce":"12cbc5e68d45d54c95ad630a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"0f1006c07afa757abe4b4601018a1c2f11679a9c1d88b4e205631750feeba4fd6af7d1121058936221e6e2744b","nonce":"12cbc5e68d45d54c95ad6375","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"e2ccd17493bdbda16fb47b276f61fff92f5079ac8acce9f3a135e37720af7ae65228706d59b389ba2a783a4342","nonce":"12cbc5e68d45d54c95ad6374","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"f5458a470eafc90dba46c531e039bea34293d5e63b79efb01cc6146c219163ee69f2700dd8a9f68a5841106f6a","nonce":"12cbc5e68d45d54c95ad6377","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"2c846433fc0aa54ac44769f2dc8a07ec40a596e79783905a9cfb145b213e8680fdaa840407284e96357bc85728","nonce":"12cbc5e68d45d54c95ad6376","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"edd335382f3391dbdd0bf488b8fe5cb4592de1cc05a32b6a406ad0a021b7c507cb1bf159605baf6cda01b35522","nonce":"12cbc5e68d45d54c95ad6371","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"99e2cd214bb6b561988d3701690abb1df70495bc00d0c8b93289a852d5d9df78743ed601e09ccb63299a28dcdb","nonce":"12cbc5e68d45d54c95ad6370","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"e7a8b051cfe5e998cd6fbd8cdc1f38167056f973d4ff0e6f957e2b54b4b9fe1f6e2032b08ff7d2f900a26d6b4d","nonce":"12cbc5e68d45d54c95ad6373","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"d029794554aaa7b53e8ff26b88ccc8a6188e233028cf440ba6c50d61d23d82599d5dccac8b4c26c956afcf38fe","nonce":"12cbc5e68d45d54c95ad6372","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"590bfba5a08d3a694d8ccc72aea1d218e6e1d894de1c16376b569cff1c508ac284cdd19bfb0fe06f5774745a8b","nonce":"12cbc5e68d45d54c95ad637d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"f260681ca22c6729a37d349f86367724af364214981485f0f742d74e0b2c42b16f6815f6fdff39c3e800599ccc","nonce":"12cbc5e68d45d54c95ad637c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"185866deb1b7a44211ae0ac3209ce2801c02436b73b117c3dec82b3085181a1b97c9c7b2600966377ad13b1eb1","nonce":"12cbc5e68d45d54c95ad637f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"4adbcbc19ad303a713f533dbc3123553965b5f841014ac3e1b0309e347fa6c4892be8a8ee79323c925cd7873dd","nonce":"12cbc5e68d45d54c95ad637e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"0950e6b8a96533110e27a3f4eff54943420a4ed838c8010eb7feff10b91ff6d6e478c6884dfa76f98bdf761982","nonce":"12cbc5e68d45d54c95ad6379","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"e964cdfd55581f65af84064ccb5b48fc7ac7cdfdc9638f4a9f9d3a5ebff80863e0d01ef6b1c1c511ef5543ff79","nonce":"12cbc5e68d45d54c95ad6378","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"fc0ace81a0057d2a5f84a40a5bc190ff0ef1b7b1d353a0f9876842b9456de262a457cdb860756ba7d9339757b2","nonce":"12cbc5e68d45d54c95ad637b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"c30cc05f6f05ff1a943f9dfa1f2e7b1ae6ace91fe53d08cca4387277661e8a4f1faf7623392fd6d61a3ce3d544","nonce":"12cbc5e68d45d54c95ad637a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"9d4f6018c074804dcba7ab08b2e17eac470d6bf457c856a9d2840a4f58128fa9e946c14d17f662dbcf63e30d2f","nonce":"12cbc5e68d45d54c95ad6365","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"928d504843e04839e5ce82a9fe891438b98333802da3d967bfe183fc59e4964cff0bd5b08fc1cf758dbf7eeb19","nonce":"12cbc5e68d45d54c95ad6364","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"95fdda310ee1d75e96dbbe9fabdf50db3584b0a1abc79b1e0b0b860e430a9261866c1e7798a407e7fcbfed0867","nonce":"12cbc5e68d45d54c95ad6367","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"b43c6c2c26912bc9e7c3e2de051b19bf149b7a3e19b165bccb8870149d8174ab9bb5f53a8b5ec39c310e1b263d","nonce":"12cbc5e68d45d54c95ad6366","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"8d91bff30a4039f4cb5abef5cf8e540470e8a08f728435d24eb4509cc076f54defe0e4d26030db4581895ca6bf","nonce":"12cbc5e68d45d54c95ad6361","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"77ac7fa9a51ee593b74a59c1f25e918dfe13139df345bc2bd2ce0f1f087f1cadb3d3341bdd02a73d2342a0ec19","nonce":"12cbc5e68d45d54c95ad6360","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"ee2dc7177e722ac3356a38fcfbc8c7e59937a7210f55375a9dcc00415a128fe0046ac252c5dcaec4af37f5f48c","nonce":"12cbc5e68d45d54c95ad6363","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"b5d04e22f380eb97a29c7d8e671d497afc5f0caa3e402fca021a85a21dbe5e7febbdc81936353cffb09f96ea2d","nonce":"12cbc5e68d45d54c95ad6362","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"7ffe6d612facfb10fd541ed26ae8f91b55904ecb2bed6470ed67466a706e947d8262fd43c77df3e6a28f4a02eb","nonce":"12cbc5e68d45d54c95ad636d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"37a1d270e25e16db85bd20842e06ce58b0ce43387c8bc90a8116ce7eb14b938f057c21f6d9e30a1316818cb146","nonce":"12cbc5e68d45d54c95ad636c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"7f0477a7925af1b0f08fcb2cc68c2289d95877f6ab236e427b2949a4d05061b9dea6ecf40246cac413efd8e354","nonce":"12cbc5e68d45d54c95ad636f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"b31bab927d0e8ada22396a012c8aa769be72fd265e80d2a200e0c76feba93ab5706a08198a12e52557d5c1ccfb","nonce":"12cbc5e68d45d54c95ad636e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"2514897828e99216d4237e7eb67af0b52f983e5d566c2c6b45bc3622a80aa0465b2734a891eb3625a900307098","nonce":"12cbc5e68d45d54c95ad6369","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"aca50efee140085d3f221c8d90c5d6efa268233914d8a80da0bdced5f1e34218547b68c895e96ec47149f3d6b3","nonce":"12cbc5e68d45d54c95ad6368","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"18489e7e5816d7fd7e3be3cf8421da1ae389c95350b4f6f8fc8687b10f5907d1b0dd14060f0bcbfae8bb6fc90a","nonce":"12cbc5e68d45d54c95ad636b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"0dc01e40d1eb5ded669f823524f23af86459cd0e6d4245a4ec16aa1f5995e2f8ab55384288bfc1ea49f43a8e36","nonce":"12cbc5e68d45d54c95ad636a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"4e8f49617329d0a59f163360c47f14e23f0866ed5bffd4383ae1b83283a1738822f74229b6cbf0f4811d5bf20f","nonce":"12cbc5e68d45d54c95ad6355","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"08a8ae8b1000edb1e3e41e2c61c568218e48dcc0067d9d2dc61b105297c9e9f803fb1840bc49b8c21760201285","nonce":"12cbc5e68d45d54c95ad6354","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"f5a26542b1c5ad2334860d2ac4bb40a2dcffed6a7d0361beb00f0a62fed6271f456a2fb20c8bdc05050e77511b","nonce":"12cbc5e68d45d54c95ad6357","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"c6acf58ce4c0a14ef11758b829ff27517df4601cb679f41edde86870d43827585579bdc2a1fe43ee5e8a667b9e","nonce":"12cbc5e68d45d54c95ad6356","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"6cde78272dc4065c1634510ad211b32bf8c3272a7da2152aea5790b4bb3744c29ec911e35723a8e02c8e405ddc","nonce":"12cbc5e68d45d54c95ad6351","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"0ef0df8bb84b22e3e8054e744f21fb0ff4177527168aa92811682be71289de86652752a6ca9d429dab966bf7ec","nonce":"12cbc5e68d45d54c95ad6350","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"1c20d96e8fa7128dd840122d7c13b67ad2699cfee76747683ef2c80ea181f8ff3c2e4fef36679b9972c717f1ee","nonce":"12cbc5e68d45d54c95ad6353","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"2d30501ec97f99053cc0f3c47f31f2d76fc9840e6a520b799724ecfd422eb5483707b2574f9f141df1b5d14f3e","nonce":"12cbc5e68d45d54c95ad6352","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"485c4cc3b608627f94d5078f72ddd0fd349f0028defc16a6c60766b5dd111a3fd71bccedda00b50f1a5da12aa6","nonce":"12cbc5e68d45d54c95ad635d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"d936b349b466190bed2cf1e16ad2ed118b0308a494235a43ada9cad1846de133d2acbcf707603d5d2bc281f6a9","nonce":"12cbc5e68d45d54c95ad635c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"5e5a0bf7412dfb60aa77000fd498b568679bead3ebc9992583465dc6513b8be78cc84b916d2f85f8ec990da299","nonce":"12cbc5e68d45d54c95ad635f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"778e70e2919bb0ea6b4e4c9a61a75415130439a2e7ad5f650a49addce68323656295e42985325001e4d6f81e6b","nonce":"12cbc5e68d45d54c95ad635e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"003f2275846325361c31806604cfc25586a3346aaa3304acd468510d4a45f5acc1110fb18e6fbf24550df56f00","nonce":"12cbc5e68d45d54c95ad6359","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"2d564db37465b74e58c16a5e268cf2249c62a751210fdf3704675da2f3f7a41b584e5e9e11524404a10e295a5d","nonce":"12cbc5e68d45d54c95ad6358","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"6ac9cbdd331e30b290a6f18edccb04e137dbe5987f62a00d2a9c4871cd220a82bbb04a1fe88c3ad593fa753ffe","nonce":"12cbc5e68d45d54c95ad635b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"7aef4aff8bd223b1244e05c96047d638babd40a45453083b27cefd8efaf780d9ed70793863d86aed1f96d8e2cb","nonce":"12cbc5e68d45d54c95ad635a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"947e2ba27f6bdf4ab58fc1749366ac76b63b1eb7c1a963a863da941ffa3a464b50110507019fb7601420a11116","nonce":"12cbc5e68d45d54c95ad6345","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"bf7bac280b7e78e56142f3e66541c69a0802db6339d01589a87dbfe93a448ef748901501e1dc6c17b2a7f0905b","nonce":"12cbc5e68d45d54c95ad6344","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"9003372a1627adf34a0f480bcc0552c0e72291f67378654ef741ea52eaf68ebd99176081dcf7ab5dac2b9defd0","nonce":"12cbc5e68d45d54c95ad6347","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"15beac4b509d9ca6e5be26ccf2b23d1d14affb1da3e29e9aaf1aeb3d2da945cd61303f1bf1df17d28831010961","nonce":"12cbc5e68d45d54c95ad6346","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"2ec1c174e38e3cb6b6f7a262b34865b613645e8e00a02d632fc78a20908917a51e9938f2e0309833fbd1bc77d5","nonce":"12cbc5e68d45d54c95ad6341","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"806eee8922f905c2c2962791664a4954b7a463833a18b2c28ca5f202a79e218f0a850e1c8fe27ccae782a4b634","nonce":"12cbc5e68d45d54c95ad6340","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"91d17d25ff739e3ea3404611310949378ad9dfa1608c5e004ef1572fcc5f92cf04df6c8321a2bf2f161ed83bca","nonce":"12cbc5e68d45d54c95ad6343","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"e12ff4127dd9e8d2f82862e4956986bdfbcc22604b0ef429559618da7d665f64554357eaca9c98ccf974d3c406","nonce":"12cbc5e68d45d54c95ad6342","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"1673106e3127c404af94ba93ca4e6c7b4aba91c310a40a4a6f7f887c5e0e5e701f662327889e2c25dd20b595d5","nonce":"12cbc5e68d45d54c95ad634d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"2ad2ce80d1997c58040af658d0d252d191ebb341629bdf5bb3d79bf51a08a19e2ad9539628b47884142f0e78cf","nonce":"12cbc5e68d45d54c95ad634c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"2933d0050e1d491b7f37727af3a0af2a2a8db735dffebcfb0abbb3573249be2a17e61c35df150a2889d09164bd","nonce":"12cbc5e68d45d54c95ad634f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"1d9783e697ddcf6e755bb4c073785f2d6581d0de184ee4d379b903cc7cdf2551f3c19075f6c93afb941b7428ed","nonce":"12cbc5e68d45d54c95ad634e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"50605ff32134903c19d66eb61c8931ae71e759da40f1df4a25f18a563aa07929716a21cad4d475247475157fd6","nonce":"12cbc5e68d45d54c95ad6349","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"6dfed5038c22369b2a743fb544ccfb630433e0bbf82da81b159a14da5754c3ad48a622ba4b697583d218bd7eec","nonce":"12cbc5e68d45d54c95ad6348","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"878c7d8c9d5771d6645f190f12bc10045e2dc3e0246b993491e58610019e3aa5f47552aa45a4b52dbae95cece2","nonce":"12cbc5e68d45d54c95ad634b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"cc36d9c937d1de1708019c369d14eaf2bf759eccdbc20b13363252970303ebe15857524f5adbb9816ba5d18d84","nonce":"12cbc5e68d45d54c95ad634a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"de0b16e4f95e7f7592fc028e4d2a99d474feeab0ad5a56f8767bc520c701ee113e23eba375790acb66589c55b4","nonce":"12cbc5e68d45d54c95ad62b5","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"26d3ca5afc16beb8bfd2abe75126f8b29f78ce501943745cf6b8711e25545d5f"},{"exporter_context":"00","L":32,"exported_value":"b2cee665cd44ed9f93435dd3c24d9d3eaf4609b1260aa7210d9feb56e988d060"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"23483d76811e31fbfed8cb718a4f10d64cb739347cb7e73d76ef2b2ba2bc731f"}]},{"mode":1,"kem_id":18,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"cf25aa242d3d7994fe291dc6c6ad6e5936d1dc27e14e78589219b161d3e9ccf1f9fdd9f3de5378f64ff46453c1570f8af4fcfef7c6b826a9d967512e8407dbc33b40","ikmE":"c9e63306d81c66ccb93086b3f42a583faaee255e025a1d7774d229339b7edffc5372a2aead72cb3b2cf7215e5687e88150e023b54a0630069608f55d9cf646fe92b4","skRm":"005517e1337af451eb4d3c145634525875ada40a250e463d24f901d78547f22991fe87d262cd3a2cda249a90b33515666cd01e58e742040d99c98a2314589e8cf282","skEm":"018a197a6dceeb465b00eb46838c3bd6ab65a3ee30e678d8bcbf00629574ab8329260b8dea9a0aafe31e4a7830ab0937a32b21be30c3a0cdea681e29f20499a2d4b8","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401ce0f6e35b58a81f9da07980a8051e034f5ad9554985ecbb0e50502f2cd4f0dd1c7c003ed44b8dc4b4178453b81120aec0a30c97913add713f2eaac32a300ca575a01e68fc627924b920f1786e3520ab32acb2b8b65f63ee23bc06a8c42ff14b618175dd38de50a8ef1bf5a92af8d574e852550ff622bc6cb4c9480f353cd58c437188d","pkEm":"040101c4c5d4a42f0e4e70f265a9f0fb14182f609b4f6eb5a6364b851258f16f1a01ec9456fc26df789f9f9d929af40506944d5008db42b4ebb80027a074165d70add50102c2b502ccbf139723014f7c409811d3f1fc84c77d3e4bf4b144b51eadbc156370b904fe76194b9eaf940973d21d6416ddb91067b9694fb631510d4e1c2218a542","enc":"040101c4c5d4a42f0e4e70f265a9f0fb14182f609b4f6eb5a6364b851258f16f1a01ec9456fc26df789f9f9d929af40506944d5008db42b4ebb80027a074165d70add50102c2b502ccbf139723014f7c409811d3f1fc84c77d3e4bf4b144b51eadbc156370b904fe76194b9eaf940973d21d6416ddb91067b9694fb631510d4e1c2218a542","shared_secret":"f34844ed2ffef87116a66d91bb381323529fad6f20f05201177bb319e3a0741ff990ffb1d0e21465ec1ca70832965a3c1696ed751666bf75a3d185aa1e525342","key_schedule_context":"017975ec11c02e4c49238a6401423b9d3a4192da190ee5e64da5b6e06df3c5e82a424d5fd737aae133d36f3904a06750412f8aceccf0b84181f9bd44ed7735e65a","secret":"7c6f54de3c4db4004c404d84863debba56e706c7f45eb07af37b7578f9011138","key":"222f6bc59eaf5650a7f64e3fc993cb5d4da065025f301eb1dbc242511efb2b77","base_nonce":"519f891feadb8532857bd5a8","exporter_secret":"f117bba347d702df5c933551b79cd3857365c25704c11119a026f4a85fa66483","encryptions":[{"aad":"436f756e742d30","ct":"a5501dd5d0e16f4ed33afc76edb6fdd737271c840ddabdfa4732354945cebc4d4fc870679d11e31770866892fc","nonce":"519f891feadb8532857bd5a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"fd1e572aa62e7f219b111700c1bb5fdc14b6a21166773401d01c3bd1d5d3ca04527ccc8ba2b2a6330f9c1eb4e0","nonce":"519f891feadb8532857bd5a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"9b1981098da1c86ee1c885ce4846ebd8bd1ee63463f0183ddc53d132a817ef5d21bc11b45209598e829fbbbf34","nonce":"519f891feadb8532857bd5aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"50c43656e6aa4efca98f0398b70e1ceb608885bf8474ac0a71b9af4601688b272fb2b91e28e8c077fe57877d40","nonce":"519f891feadb8532857bd5ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"d5c902c06b7f879c270e346ae9f333fee779c998e4ded3f0a0c4b95c15bc548642246d959010ceb3653df027c0","nonce":"519f891feadb8532857bd5ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"ba8efb448bbdd3d9c39ca4d8cd410c770bb73e78197829690ab2b7005f1ce683c19117d41d1beda58cb3756fbf","nonce":"519f891feadb8532857bd5ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"58e7f62f9c7d1e0a682e73efad098f13711cabb58bc92c009927dd3f038baf5d59971cf0d58c7a6a4bd9965d54","nonce":"519f891feadb8532857bd5ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"450bacb09f209c210e24938dca4d4a340fe1d7a8fe77ef5eb4d91a4494beeeb63e9a03876aeaf4c2f471f3081f","nonce":"519f891feadb8532857bd5af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"5041b6708e2f7cc2d87d0d09f8e4300528fecf71882e10f19dcb590089b75412b1d43380b53780d8987cc42b16","nonce":"519f891feadb8532857bd5a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"e56017272af608461652b8778483495565fd718c18a5a22ec30b53bb76ad336189bdbee7c8b540481abe55f1e5","nonce":"519f891feadb8532857bd5a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"27bf93fd49196f4302ee97759b458803c2b3b9c80d58dc82daa9d4ac3a7e3cb5259d90f68ef42e6a41837cf29c","nonce":"519f891feadb8532857bd5a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"cabbbdfdca5b1611cb331f0497fce28e623001ea8fee99b06c11e5dd5da4a021ac2ef33d4170b96df35fc8321f","nonce":"519f891feadb8532857bd5a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"9ecf71579b5c4f2c2df16ef90d6baf84b762f32a54d6c5e4b1e265ff245ff00fe7b45fceb12623085c144eda2c","nonce":"519f891feadb8532857bd5a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"ed270428f536d71a5614da87a2da893f07b0e5dbdc897f4a64ae4fb74153d02ed5db807b3efb3996448fb41ef6","nonce":"519f891feadb8532857bd5a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"93794f556c6c06e0e86465484dfa3c1bdea9780771ccaa5b98f6bcc8e091b9dcb5e9c74683dd84438d10f78c83","nonce":"519f891feadb8532857bd5a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"a0b27695cd7db8e6dfddad7131ab255ddb877d228bd2d3df17a76cc7c0d15a206ad44d764536828b4a56aff235","nonce":"519f891feadb8532857bd5a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"55591c6807940da4efeb97fc3e2118a99a9fea168669f6616e6f0205a81543bbc26405639ed09f32a70517e1f7","nonce":"519f891feadb8532857bd5b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"f58e7b51569b9e035acf80ac63cb5a667dd432b367297c6361f54f03c46f9762d294afffa835726507ee848712","nonce":"519f891feadb8532857bd5b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"f8551992ec48f9733ce6ef143901c0ee2a50ba5b957c593a5141202d001c561e57f72fbdac0786389669384154","nonce":"519f891feadb8532857bd5ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"9bebc1b4ee79e2cf95571d5cd399fa01329f28aa064007197e71d80a88be5a21b80a9ce66e20d7fa7bcf2cece0","nonce":"519f891feadb8532857bd5bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"6dee31756f0d26f70ec69cc8bba0844255748461877c114bd82d5eeab0b8e6c7a9ea05687f4fd6ed1f80078688","nonce":"519f891feadb8532857bd5bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"6f94226acbfedb3a155fc49205013726129c8336446b55517cc9b759607a23ba47257d6c8fc6843db06ace631d","nonce":"519f891feadb8532857bd5bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"aad2ff2f9d14e88e2448455bfa9304c30537878fa1adfc3d23387d978cdf1b02198964722cc1bb6280cd3a6289","nonce":"519f891feadb8532857bd5be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"19bb16d15d506e106aa939d0d2666642f63847cea18982ed6221f70728f33c662e70aaabb77d52c42377e80028","nonce":"519f891feadb8532857bd5bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"5fa3cd2e509b85e37a29bb5f374cd479d53a26e6eeab68d7e2ed0bcb4539df6503d36f2276b017137a88adf4e5","nonce":"519f891feadb8532857bd5b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"61839e0b01791b35e7841f924d749753eafeba31ebfc87d89cf9b001aa6b290f4a19877b8fce3fb403a94ca543","nonce":"519f891feadb8532857bd5b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"ba535e6f7375eaf5f8ef7358e3df85a00813b685960635d2a02317f7ba0a8b9ef506e0042958e681d4d471afb9","nonce":"519f891feadb8532857bd5b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"d019cbe08e40b6cb79f3b8a2fc1709f3f92f6f575c2bb46fecc81ad0833c0889b7197b869e86573def70b72ead","nonce":"519f891feadb8532857bd5b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"dbf59f60bba7186418dd2a2cf0d59245e082dbd48c3b902c8d1a63abcd0066d83cd35847b29cfa40964956dc6b","nonce":"519f891feadb8532857bd5b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"1f1adba2253885edc2b5f6ee0ec979fbd431063d99401cb6422f5340521c336c409610436f78ddf6b54274bba7","nonce":"519f891feadb8532857bd5b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"ef0e5d2c68a9d568b845b7701b43bd06a7511097636af95a63c702429b519f5dd4457f104cca4ca3b74b81034f","nonce":"519f891feadb8532857bd5b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"676d65abd95846caa5460c4f799869a70067c580809162536d2bbe9340ef81c42e7fcf42205f6f7f1eccf80a73","nonce":"519f891feadb8532857bd5b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"f5a73d8754115fccf500c03e441f67ac63239bd15907cf75f7c2aa19d867048de36b4cb17aa691b78e534e5c97","nonce":"519f891feadb8532857bd588","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"8ec7977379dfc7b7e734e3b8b915504a19e699a919185159df68aa218bd0bbbbc3f84d6e138b80d9f65836ebe3","nonce":"519f891feadb8532857bd589","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"4b707eff7537c06e74d800926832b1412149ab2bd4884b4f773337f88ad5f8b9573d20ba764b77e569f6cd717e","nonce":"519f891feadb8532857bd58a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"ebce45e9a14c1e18a88defaa8b91d9ecedba7172eb3bed5dce7be8253977e74b931496d8cb0955e79be04a1a70","nonce":"519f891feadb8532857bd58b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"6245ff56dc2a173418d8665586c5169169302a5a96f03cf9d13fb396b2acb5a34f21d8d43db7305d5ab451d532","nonce":"519f891feadb8532857bd58c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"85c6cb347143414f4fa202cfc5bbdf9bb6de2c3e7910732afa190cb909165b86617f9958ef8763ccfa28be670c","nonce":"519f891feadb8532857bd58d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"5125aaca68b1c7c9247828059fcef81b08d1ef72c7a58329b02c0272aa1f4b1f25ca409323bb4d6bb66d91aa83","nonce":"519f891feadb8532857bd58e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"1209cdc2be629f619200bfafa33034904953d80dee5e863610df0422262a7601375f96d106426867a7a238c0f9","nonce":"519f891feadb8532857bd58f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"2d914e78639146d9245819b2e485246c66c278962aa56debb6085211cbc5bbe3885a90b359692846d5cfa6d103","nonce":"519f891feadb8532857bd580","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"c2e635337da46d20d672c8cfcf3702c23b8c6b0a2803819c435cd0f659f24e89bee91c8871cf294426c4347484","nonce":"519f891feadb8532857bd581","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"6a43102a926d1fe23d50c2da8a26e41282eeb0373fc358fec31db05092748aaba56ef50a825b35517a8de5b241","nonce":"519f891feadb8532857bd582","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"cb86756e7c72b71e047334fc6dc958856c3bbde35706b6c4a8e0122526e45d18e35e84ed0a6a2acc8656da4914","nonce":"519f891feadb8532857bd583","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"6d99bc32fb17477441a3c6f3b2ab9fd3beee0c31e8fd9137997cd3c46ed13ccb5ab79cef280012eac945f8846c","nonce":"519f891feadb8532857bd584","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"f7d9856d76e8ff6dbd3adcb0e067bc5ff7217d5016197825925c665e4a0830db6b16f18b505462ac7f12f86edb","nonce":"519f891feadb8532857bd585","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"cf9729e53ae116147f69bba1598f72c1aa37be723ed92d0b1df00c0ed4aa96633236e2101e42bef931d6723cff","nonce":"519f891feadb8532857bd586","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"ecdca2a80c5bc3fb153b51e8e6b880c43c933431b47f38c26d8bb797b610119bbee4ec00a77347caab43d58a3d","nonce":"519f891feadb8532857bd587","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"84480a1c41eecea13c80b9c8ce5f8a9a7cc100c023ebbd2b9a22367c2485949d81ea7acc3199ad650ed3d5ba7a","nonce":"519f891feadb8532857bd598","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"1e44cdfa89d412acc8d4b345b6938571d130d12437a1c64b43bef064ea14f825fbcd02ef8acfdbc7319c9e1672","nonce":"519f891feadb8532857bd599","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"4414b556ecc11be323fd50b8b6d163355890bca76b5bad256cfd1afc6c76ec5ef4c813829744c50d3939019303","nonce":"519f891feadb8532857bd59a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"41fb15f8b2a99ddb57f4a01789571962091b841fcdc9b9984cf0ec5c6cebbc68442e9dcc05c0645a583e0c380c","nonce":"519f891feadb8532857bd59b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"6e3c0edb3d588c3a391710e608e1199591f83341183165b29861b021325404ebeb916d523b603081a73a90b4af","nonce":"519f891feadb8532857bd59c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"817248e1812d57fd1f057a3b3186df7181047b9afa2dce7dceff6773962b23e8881ef96d057f4b152957125663","nonce":"519f891feadb8532857bd59d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"08bd1d02a63f6a41e55abed62f8375ab1bfacfdcc3c789226b0e122057029d32bbfd395f8d60be2232d856a875","nonce":"519f891feadb8532857bd59e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"301c3cb3b8b8168314dc7c9dd6c266d6842a9e23d2176de6851f0c0f168dd82fe214f868c4e0e1732e5933f809","nonce":"519f891feadb8532857bd59f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"40cd60924c77798b51d931606ab5765e43ee1637e26d4577e05653925895c235495fc35e3d766a4c49b8f7c6d2","nonce":"519f891feadb8532857bd590","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"cd165fdbb9d5c57b17be7d8aa7a572eabe36aae9fec8734007d513ec961479015e77dfbaea1369b30d5de33c11","nonce":"519f891feadb8532857bd591","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"9a7715c9f87a381e1b62d7f59cbf9e621d6c3c33b742c77e0e05e4ebbb335208600afc92a478f88c57edf0f664","nonce":"519f891feadb8532857bd592","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"0ab018e3e17360f48268bc969808d40f3bf17915f95f21a59fceaeb89d856bd15e7d136d0e0dadc8cd52e55094","nonce":"519f891feadb8532857bd593","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"c1701e6e1bdd44bede7f30fb8ef13aceaea7cd830ccf338df5611d578877e2533f4469980e6d494115485e0ab0","nonce":"519f891feadb8532857bd594","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"e211ece5f965fc6fcbb413202d197dfae430f47a125fa2578aec12c75be8f5381685f3b54da3e287652e83544c","nonce":"519f891feadb8532857bd595","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"b92af15c488f384c118e4b81539fcb517aed6ae4744e892812977d20ec7dc2b5451a3c30ca8fde9baf5534bd68","nonce":"519f891feadb8532857bd596","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"af3331743e2bd6087169e6ff6a9f11ebfa44342e01796994e73cdb05c6d063284800035095d61f77fa1155c948","nonce":"519f891feadb8532857bd597","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"169e2b42913bb2be1d5cd86a57b8172b10e4b12106b8312e73eb21be0f53f2ade84705d4d8c29042fd76457a46","nonce":"519f891feadb8532857bd5e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"64d519ff56b7d67e4a614d462864335a428d00eb8bc4f64a3fae640b122a239d74ae046ee433c9982e7f10d8f7","nonce":"519f891feadb8532857bd5e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"a4525441e45f08c662e63e5ffa86ae7e3465da6c568d414fd01911a6c730e787a632008e75539c3ea9d00e6e3c","nonce":"519f891feadb8532857bd5ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"6d7e95180238b7d9cb74c76a384be6eb39121932fcb061281371cf15b72ace1ea0f82520964f828a45d074f868","nonce":"519f891feadb8532857bd5eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"3bae660165b502ced65047a6569d51d6d24c30db88343809dac650eac53f9694ccf1092368b022a0653e28368d","nonce":"519f891feadb8532857bd5ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"892d93fb9ceccccc2fe2c1cc3b8b5804cfa81bc980e4ab74befa9cbc1c1e237ee8bd0473c4967b3647165bf15b","nonce":"519f891feadb8532857bd5ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"de5a1de2d263d7f1f8ec9836719eb88beb2e1fed23c2c6972c0d647a318b2e45cf799a32a3985203df5eb68eb3","nonce":"519f891feadb8532857bd5ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"4048a6ce4ebb13407d7212f6b1924ec948eebdd5edb4593223f256e3739a2e6f0f737bc414b088651bc4aee6fd","nonce":"519f891feadb8532857bd5ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"704c7edd9032ca7b181bba16f353a124c370403fd1c67f60742f35292c144dbeafc43e712e5fd02d46db27d2d1","nonce":"519f891feadb8532857bd5e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"1078efea669e093a0aa9e2ca69859b5dd968fc2a2f6eee66114d3de18a4b04893aa371e2611264ce20c98f369e","nonce":"519f891feadb8532857bd5e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"6159b52c2b9941481e7571abd7d3a1e4ce043ed2ca350d81742718902f66de33db2e4250080f964165dbbb2849","nonce":"519f891feadb8532857bd5e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"1f99cf70056b58cff53a9d19bc210431f455f559f846c6f744bc8ab1584b283d90c67a2a9477088c8ae6035f65","nonce":"519f891feadb8532857bd5e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"448283643e481844a2754380cd8fc4c1f1ce0102d1b0471ee314c04da4e533648cd2f7e0a6edbd13ab6841c681","nonce":"519f891feadb8532857bd5e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"8e009b19a8a0469bfa9c7c31c9e184729de7816a80e79bc8dd0ee1c2c686f13cc4df5621a0711c0f6edad86fab","nonce":"519f891feadb8532857bd5e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"4a8c5487732bc9c571d09be9d837179214280116ad5bf60b3ce26efb5dbbdde4ada44bf21a836c3b21b2deb84b","nonce":"519f891feadb8532857bd5e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"f11cf7bf234627a5dd4b9ef5d4843a26a64251b034825db9c79c76518f4dab1721107748b54229414b98e250d2","nonce":"519f891feadb8532857bd5e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"41b4aa9c33b7c1be95d61e2182bc2139b3fe0ffea567a9b5029b60ce6d4067c6011f02b5f7d60b3811ac555302","nonce":"519f891feadb8532857bd5f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"a09386d9f535c1bd27a3389ae29d49ffbe8898f675944d4dbd7e64a89c016e84dd2f68d8db59f9a3981c64051e","nonce":"519f891feadb8532857bd5f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"45863fdd57f4a0d776e18ee60e824ca30bb7e4588fd7ff0144114fdc3f13ada316223c3c13caaa3e788a9fa979","nonce":"519f891feadb8532857bd5fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"da5376990176a347dd0ab8c70cf8b459eb7f0bfc0756cfbb8e3ac75a4343fdcc6d41dfea6f8485af1504479e69","nonce":"519f891feadb8532857bd5fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"dce25116ed2cf4a44cfefb95d2c2039007eb841f98e2f0a1dc70ec6817eca50191c745b79885cf5e3567e2c096","nonce":"519f891feadb8532857bd5fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"ceae7897120decfbe98c9e096ba88ec66391771923cfdd5ed4aef8ea834da1ec4bf8fc27e133113d72667b300e","nonce":"519f891feadb8532857bd5fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"8d5f3e9bf61564ea7b4f997e35df3436909fb4c2cb970586ff4f2a3e2303dcc235f4b5fc50b02c507100f016b8","nonce":"519f891feadb8532857bd5fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"e6bc3aa196f8692d76210b219adbfc458d234d944b5a188cb6b94c298557bde4402f377c7e86eebc55778fdf07","nonce":"519f891feadb8532857bd5ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"5c0b4baebfd7994abcfa8b195aad4d688c6aed090467ee71a792c09f0c7d1c436b5db9a460493ae36cbfff056a","nonce":"519f891feadb8532857bd5f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"8a69e83654b344a225c474010d588a4ad06fee11f2d5aa5283dea247b731fbca1a581cab228d48a4d824c28dce","nonce":"519f891feadb8532857bd5f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"fa7d05e6247b66f6ba04eb5d95568f17ddd9d24b12a7314b566857816b12a67513dcfe4af57a7c080bef5088ba","nonce":"519f891feadb8532857bd5f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"bb9ce5a5d67e59cf3fcaf591a1435da05468506c9268428d2cd88700dbfdc596a56f2f4e1632ce00bd7d377393","nonce":"519f891feadb8532857bd5f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"517071bf4da868f1dee9c5cf583fbff043d433f9d54d43508c22563a9c31da0cf991e0828816ca5051080506f1","nonce":"519f891feadb8532857bd5f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"1f6a760393248dcea03b562130f30f3a768a2aa1cb6aa25c48f3daacfcdecc7f738ecaacc4ecc6e859495d0035","nonce":"519f891feadb8532857bd5f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"4fb175f0829b6fe1775b56023378249ab060669996ee7018908315ca892945002f0d60537a0221d3f3c806e51e","nonce":"519f891feadb8532857bd5f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"9c344e8ee5d74c3e79b4f4e100525024c114e1fb87127e4162e60c645946b81b7be51acf5efb0d8943c6837319","nonce":"519f891feadb8532857bd5f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"9f1ba263b0d386f30a5269ff41748101b4a5d7ae60ee19da39c338ed634afe076761ccabb81ef6cee6a9e7e6ea","nonce":"519f891feadb8532857bd5c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"7a184d4392271bcedb5f79586629749923029feed9f88bc4156591be29dead45b23fa9afedd035c6b2b9ceaa0c","nonce":"519f891feadb8532857bd5c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"dfaebe7e0d843931d6932176bb1a4181bfac3fff1cee32f4d6834e603abb34fd341a441f24343c59bd700bcc5c","nonce":"519f891feadb8532857bd5ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"de6dbf83d6762e40a9c9e352a00004dfb6d4c0ee4ee071d68c95c5d9beef5e0e62d9634745a12b405833595705","nonce":"519f891feadb8532857bd5cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"fed1c3a3b13bf1f0aadd742d79cd9446fa2eddae5a81e1a895981e7e82707dbafaaba37976ae6048ba05295b6f","nonce":"519f891feadb8532857bd5cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"1d839ddf59c521058980eb650e090a9db8ecc2c3cecff03ebb9bb03d3d6520f12ee8465f8d7c2039d308caa7ea","nonce":"519f891feadb8532857bd5cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"263570ab6624a35b8bf222117d246f53cc29bd4aa4acd17642a784426104d8da85d9c8a13dde263cc3eaef5c36","nonce":"519f891feadb8532857bd5ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"d334ea3e12eda5107a66c38047ba714a86eefd48e767b6858038f89fef3fe3990cc3801b61561f86a3cf811d5b","nonce":"519f891feadb8532857bd5cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"7bbf2119db8de46da13e85b8a1bdcc4911460528580ffdcc9faf1acee85f7d01219075e24af096ca348dd623af","nonce":"519f891feadb8532857bd5c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"8f88ae45f97caf911aefbe134f86a8019d020ebd0ff7698bbd37c01218680258ea070f9eeeb11d5a1630ab22a5","nonce":"519f891feadb8532857bd5c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"5c6962cebf3b3dde53b196aca0b40f801dd29d53804144656f38af0c95b2ea761d2f7b19648bdce24b703e9310","nonce":"519f891feadb8532857bd5c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"4417feb59b38480be6fc08b55ce7e0b6f08f1aa4b724652af1c2a3defcf1fbb832d0006fdfba92b1d764075b3a","nonce":"519f891feadb8532857bd5c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"7916bbfa1850b504f05bf052a724f8c4b431278e992309ffd6191f7ee740175973fe54e0fcd3f29e7358b92484","nonce":"519f891feadb8532857bd5c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"2dd8e790e74c0d317199910e6f9bc7433082d6b6330aa8288013bdfa8714dcb72dc3a6b8f0b615e618286f2dd8","nonce":"519f891feadb8532857bd5c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"beb24e197cb1f16a9cb36da0cbbb04c22f7a3e8a6bfa342e6c0435e0abe2ce1ddc975a513c717c5794a145c5d2","nonce":"519f891feadb8532857bd5c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"66c114877af2d16368f567d76ec7a6b6bfac73681b2c6305dea269d5efcf8c884ad0b6c3eaf80c1351cffe10ba","nonce":"519f891feadb8532857bd5c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"34d8ce3ed8b18d34d42ce95b5e08742c48d7c32368b8da71879b2a139bec04ee982785bae3f41a3696dca2ed56","nonce":"519f891feadb8532857bd5d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"7240f809fda98ccc1b6f59bef721ce31413cd63677231cfa977dc6163fde10d70d0fb461e4980d68062b46fead","nonce":"519f891feadb8532857bd5d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"2fd8962f39245b03ec78a36a86ddd37297b55955d7c5b11c344c98b16cbc5019dbaf62b4b5460f3d1ecfe682a2","nonce":"519f891feadb8532857bd5da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"a63af69760ed4121ba2f3fbcb92fe93f3f6aef72ef54cec4e4075f62f209c9439bbb9f4d105823f1fb57bd835f","nonce":"519f891feadb8532857bd5db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"1e1dc11d8743028705145a524acde80e554d500665608db9c00d90177f1d4852a6ffd10e98095002652a987b06","nonce":"519f891feadb8532857bd5dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"681f152325f84f7be92d4493fa89f07564a8c1a3457c19b585aed56bda7db495f5304b63a753ea9a17648ceaea","nonce":"519f891feadb8532857bd5dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"a7a0f3986f1e6111886f29baa52c2d4d271ff7f413852e6f7325df3aeefe17c6b84ad43a6406a6ec6375b628e7","nonce":"519f891feadb8532857bd5de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"7e49e60d6d6efd0d3850defb531021fc303071712a879eca6d6df99c37e223e04489772f4fc2266a56e6ee9d5a","nonce":"519f891feadb8532857bd5df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"324627bf21ce43a41e7a597b786bf32323f6607aed7dad3a831fe436bf54e74cef775e47567ce09c31f30b1495","nonce":"519f891feadb8532857bd5d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"debec66d707a1b560675f30f96e3db152450e74663379aafc1e61e9c1d8e2c5fab1fbeb95d3f4a505b76adf045","nonce":"519f891feadb8532857bd5d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"7f40aef7bd43000732c8efd7ef4d61a6ea621a5f61d2a254912d88a69f9099315d72c4e8ea26050f4984e552e6","nonce":"519f891feadb8532857bd5d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"492e3066fe1af8f81207d066d9d3390390e7792c54592cd3c5eb321173481ebffe3a032ac2e555475c53190587","nonce":"519f891feadb8532857bd5d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"ef75d1bca11671a7ebb7c9274257893168e0447dd0261bd846f20ddad8bf68c9537fdb588c4b1204e2ffaae78f","nonce":"519f891feadb8532857bd5d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"63db010283ec4ad4e0b1c4a0908a376d701972ed4cd8eaad25f2572b18a56093c833755f2a8f163da62b5bc623","nonce":"519f891feadb8532857bd5d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"76652e7a169f5c05388033dbfb3b1d8ff452781ef03cc7c55d27bddab73520554b57a6c7b46fdf6f9c524080df","nonce":"519f891feadb8532857bd5d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"b3069767e31af1e9cc0558b0ee8f0c17e2b463ac09f723224e8b2ab93c8ed98484051874d0d819ff5df161b6f9","nonce":"519f891feadb8532857bd5d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"9906f40fa5a07bab662cd186517f2e025da55ea29d30efa0fd88625949deb0d2dfb7a528545e027b938bf5e892","nonce":"519f891feadb8532857bd528","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"ca4f589291793e1115e738e7e2ddca21e1d0097f5becdeeb7004e9c5bedf85c56bd52c2d52c5cd183f885a6d24","nonce":"519f891feadb8532857bd529","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"9c48f9b3c20f955e02db8084511a10351102256d5acb85e02f275709abe122ad554dd3bc5005c282c17e43768a","nonce":"519f891feadb8532857bd52a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"f574fa8b60fd2c85e850481edc67327b74b5ed5b97e78ce2af5cfd340ca37ca9f21d415b8712d0e8543ad84e7f","nonce":"519f891feadb8532857bd52b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"43bd7b383fcfbd60862a820f2ae0d0f25c2580d5b6ae5dcf74584821794a3d48dad8c5d4fd47e07ffa9b6b349c","nonce":"519f891feadb8532857bd52c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"bac7cf31d90630d90273ecd218e81aae04ddf7aeac4157a17593fef0cb0dc54d69d18b7213a0e8fef5e8827983","nonce":"519f891feadb8532857bd52d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"90e36ad6d4de725b79f453cbd95641e2f97ea8f1587b8ca71b0d86f185243299effbe6cf7dcbe5285ba5f262c2","nonce":"519f891feadb8532857bd52e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"f67f75c1d1b4b4eab3bf04ae14cb8fbd1f93d36dbb933ca717705c62583e948294fa9db24d575ff2ca0967817d","nonce":"519f891feadb8532857bd52f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"2c53e50716adfd9a088201b615e58e8cb6f0b5994554bda98a6b1c462995d9e6e50da22c6a250b7840388fc9e2","nonce":"519f891feadb8532857bd520","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"a6cc61d3cb1bc105410e810333435ac8a9f0ac1cb86d0356eb99b64fb66ed6aeeb7cedee3951bf34efb1a9e12d","nonce":"519f891feadb8532857bd521","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"08ca7c9cf48ecbcaf513de832c0562a66ca34a2a1aeffb1a9800091c5a91d39dd2d9f1e1a44ba763030802103a","nonce":"519f891feadb8532857bd522","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"39dc2cdc8adb7114bb0682a085dac58c024381bba276f79a5fc837723cc7b0aae2141e61f229c7e9f5e206827a","nonce":"519f891feadb8532857bd523","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"0ec538cc64838b5ea97ac4f6f95b84f331ca285aa55c2e576c5db8f79e0080ccd39243c7c7543d9b79fa43a578","nonce":"519f891feadb8532857bd524","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"bde34454760cc2418b63fec0fe021843b7fd2030a67b2857b4ed7309de7855a6475358ccf730cc0a19777d2a36","nonce":"519f891feadb8532857bd525","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"72330c3976202422dc38a49ab96db621942ad85502bf7839ae40ca01424f9163a3e56892773e706761eb2c22e4","nonce":"519f891feadb8532857bd526","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"1312b96ccee335459b905d402b61daa90147140650aac28f9755c4d53d05b99aa91d61fd33cbd48aef4ec90822","nonce":"519f891feadb8532857bd527","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"185f9680deb5f80bdba210428a51ca5d60715592a6c47b2682d552ee09a7475cbf237b2482d1295f4a47322fe9","nonce":"519f891feadb8532857bd538","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"d19b5bdcddf793df6e0f10bd3edd3fda85ab1a86483949528a8b78a3e4d80e74dccc8520c1f37c117fd460ba89","nonce":"519f891feadb8532857bd539","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"461dae68beba27d2e3b0a8d1c2ea1527f3e4b860ab671e5f3ea6406aac677c26a92754769f79e6cc7024714582","nonce":"519f891feadb8532857bd53a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"409382aa16b46231b259fec75721100c747becab423222308e5838ffed004ed2ad9fc7523ffe06ce08d4a2a71d","nonce":"519f891feadb8532857bd53b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"e68abd88eb5af479a26cf7f8905ff9f09e471740bbb5dd940efbc84a6bc2a3610b5e903ff21fef7bdc27f5733f","nonce":"519f891feadb8532857bd53c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"dadd42c0e2a68b0b6f3db40d99e63a1abdcb29cb43be05f69b61562295d203b2df16c3b627c53d33f8f686231e","nonce":"519f891feadb8532857bd53d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"eda61ca3ec24ee7aed8b782c1b04a6cfb463f1cb34a1beaf7267d60f6f643f3382d5c50034adeb0f95424b23bc","nonce":"519f891feadb8532857bd53e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"c07ba9730e5fbeda5cca8116ac41b554814cd7cf3530253318f623ff666f008d96904ff67693f18a8b22c69429","nonce":"519f891feadb8532857bd53f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"7dd592634311254b9bfd9057204d0955fe35a9cf0de3aa98b823dc2007c01eec99529d43aa59cc393f93e1fc13","nonce":"519f891feadb8532857bd530","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"a5dc0e238d874585df9ca794596aadd562cfeca7aa8057012e97cbf7b8c26b9e3551924f77bd37d5e6903238ef","nonce":"519f891feadb8532857bd531","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"652afabf96b497a92b6f2782f1dd86421e1260e03ec7c93b76664bd58527fcd686daffc995842f682f45fa6a1f","nonce":"519f891feadb8532857bd532","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"141831e1082276684c58b780f4a70dd2b2d004a4c6542eb3ba93eb4f97dc4a4d4615f0cab254256fe12cde1240","nonce":"519f891feadb8532857bd533","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"4f80df0fc555e5e40925304378e4a129f3a0f8acb4c7e23361b432b194756561594669d81dac381d2a68e3a1fb","nonce":"519f891feadb8532857bd534","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"0e7b4ec05258526f383f7822eaba1074717747f73cca27c112846198359bd90df5e9e7698bc50a939f5af21564","nonce":"519f891feadb8532857bd535","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"0b35424845492dcc580441748d16399ae58ed201f9ca950a658bf4aa72a7f8520ed1f6cf8145a8c10ab97a80b6","nonce":"519f891feadb8532857bd536","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"b7ff81216ee9469af54c4cc4601361fda4f4faa5486ecce99b61ed854cd947b60b0be1d901a0974464681faa74","nonce":"519f891feadb8532857bd537","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"a8d536252b94bf4cac159fd4353a0c89f630b990e15e4d1e35a98f0eb19da4e5ad6f46dda89a196bdf8a29d755","nonce":"519f891feadb8532857bd508","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"eac1ae460c35a13ec884d7e1900e3e2fd48ccfa6801ef83afae221769d0c69782c8541b922df7653ea4b89892b","nonce":"519f891feadb8532857bd509","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"507f07d8c2ea7d4a85ad942e6fc31f85bc3bb8d48717b3cc77b2037c1b98f7060c0069722de5eef5a7a35c511c","nonce":"519f891feadb8532857bd50a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"34884fa29cc7155c8109d736e25454b02f81c7fe830fc34eb1dc50008fd885e0d590fbd3cea22b8b1519116991","nonce":"519f891feadb8532857bd50b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"fad7584a56c2a329cb71c70919c3568a70b7ef1f0eabcaad6463b12fb6168e6e9505a25503638842a1879c68b8","nonce":"519f891feadb8532857bd50c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"a87da68a4712fb6254972665f8e722d8ab177aa8f48602b5939b62e50c30ae1bcfa7e8a1a65caad21bcf02bc1f","nonce":"519f891feadb8532857bd50d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"517e4c40a5eb483af30af33ebddae9d95e1d84eec524cd2f1accd169f27351c3ffd1cae3f1c6c1014e84f2b43e","nonce":"519f891feadb8532857bd50e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"6b0c4d33431fd347ec5189af7e8664a6371b466c27448bf27bb6716c6851994f563f40788bbf776af7121ca697","nonce":"519f891feadb8532857bd50f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"041f879d72cccc0601d5686876f5d96846c2f45c544c746cf8f86c3819d6753d301420cc0f32d248e3edb5d902","nonce":"519f891feadb8532857bd500","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"91d548c242a6450b9d78b6399259780b6f1e28070ca768662edf4a7e4d31007d565f3b47c67d7157547a7c6471","nonce":"519f891feadb8532857bd501","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"4e0a0e5667d901023cb2c2cbb9fac07564d26d19b23b46471287cc2d6d6ba2672a1dac37a83d127c77444fd572","nonce":"519f891feadb8532857bd502","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"2fa2104353d9820932ddf42ff228148eb44f37183693fc31b29418b7c15f6dabb4faf082bc49ff6fb09fab568c","nonce":"519f891feadb8532857bd503","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"de7d8d3f3a43ffd989e3b59878ccf8330f5dcc927982eac1a0da14e81f2e759355a0a2219ed981a3c15c3e1c3a","nonce":"519f891feadb8532857bd504","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"c82f57537e349eb8214c458e6578174d77f97ce87cf49081390d1f317bf99cd3fd36281be1b03fe999b7c51d8b","nonce":"519f891feadb8532857bd505","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"4bce1c42cae6c020e99198ed4c50b3afc6f9400359956a113244c8d7427a4f1e22d94f76c1b8eb603a71ec27da","nonce":"519f891feadb8532857bd506","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"d574e20eaf3438bf25bd636e644627a879791d3cc2b77c781b3ac782ec408fda23af244d1d3b88d4ae8895f6c2","nonce":"519f891feadb8532857bd507","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"c743e32da4478f74c6b4d4e4eae01cbf8f5228f2a4258be75199cab5b50613244fa06fe264ccc221113f33c63e","nonce":"519f891feadb8532857bd518","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"7db238fd44be2f177b1c33da46a4174ab07dfea61b49b1f147606daeecc95d1e4c5c6f9c7bf6fccf535705b6ef","nonce":"519f891feadb8532857bd519","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"c56cd24037a83448cd74add3cb80d205ef402db8230d93816b336b7e0b9ec39a82e98e6f1a102f6d64aeff3a67","nonce":"519f891feadb8532857bd51a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"cc17b50d852533bba536181c52daf88877728835fbd87571349311d6521d815be07f00bc2bcd79f99bfed9d4e3","nonce":"519f891feadb8532857bd51b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"6431a33125a5dfd50f09ba922a04cee76bcaefa8b052b8355846828ccc5865de56cc73866b324ad16377ace23f","nonce":"519f891feadb8532857bd51c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"ee726088fccdf5e0922c1a64d73a5d1d7d77cadbcd5a8a40ce8a743e6155d4a9d0e324b2dc8244463c1eff7c82","nonce":"519f891feadb8532857bd51d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"0f684353bde4f8a6d26caefba42397e0e158a261673d1b9eff7be79a5fccbcda0fea4dc402ad78d1bc7740b071","nonce":"519f891feadb8532857bd51e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"7d90fb18987e2dc382ca5023d1ea55bd9fcaffbf0bb5fbe931e35724e765be32c65ac5e0138ff7e40dfe8ac1cc","nonce":"519f891feadb8532857bd51f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"f6c012553bbd24ece50c36b129a445c7edfbb7530f1e2004b201cbeb957ab6104f9710be310a3526d0b099d5f3","nonce":"519f891feadb8532857bd510","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"36eb4251b3faabdb6416b45871115af1a4d7efbfda24165777a34bf0593ff76fc305492489e127ac153e3ad2cc","nonce":"519f891feadb8532857bd511","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"d39c79d2bb0ba3203ddea40b4660074d5a37f47a5f8f63b9b0c9ff4c65adf45813a9c5153791b9542d58e1ccb6","nonce":"519f891feadb8532857bd512","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"ef199f457417d176aa9961a8b4a1bf8ce7d798a8fbe43b15582a26d65fdcfe800bd5c272d80ed4d8d164aecd2f","nonce":"519f891feadb8532857bd513","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"446e3f6a511c0dfd93215c2adf327272288cefed195b3e0e4ed66b353852b15292ca53a8aa4c7fe03c2ff084c0","nonce":"519f891feadb8532857bd514","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"7048c86688442b9cef63d60cd2faab46d6d8c5091e86386bffd63dc6f601492735bda318357553422bd212dec4","nonce":"519f891feadb8532857bd515","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"d53ac8d294be6805366c55b0f70e675e61a75ad620e0cc58f030d23de21b6a01c341ce38f1434a0f2848d1ca8f","nonce":"519f891feadb8532857bd516","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"69c972b344ad34054eb7041729f6246867443b9d65956f0012e2c06bc96cbc8c374d7565070c1dc0c9acad3d7c","nonce":"519f891feadb8532857bd517","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"5fbeb582058a49c2b76eebd7040316aee4adbe6c5ed1dd3747f66782d4af4cb8a0f52ac9bb46ef2c3db9d5a0b7","nonce":"519f891feadb8532857bd568","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"d96207e13b671275c6c2ce78928950390b11c74e26ae9f6e2ab021cfa929472cf031ad32e37736ae212b17ac66","nonce":"519f891feadb8532857bd569","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"a4ddedbfffad4483d0864cfbf8ad6fab1a598722c68a07fac093f509a71bd2a883bec0624a93edc6414da18561","nonce":"519f891feadb8532857bd56a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"f881bcead3b6dda0d7701e7510e3709e23d33c7846c016aff163887db2538932bf14e06ce83485378ed4bfc210","nonce":"519f891feadb8532857bd56b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"431bd5c5d18bffeb37f4d62e4b50957b54c09184c044ea180feb2f441e120b40d363a1b9132d7f793215b1600e","nonce":"519f891feadb8532857bd56c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"ea0d9c2ce1762db057295a27ecac553c65643f03125c583588068398ddd88daba013cc9c5ba54f4084797f6db8","nonce":"519f891feadb8532857bd56d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"ae920bbf106fd735caec04d7849d9fd3d1dba31e3833ec9a5f4751c6f81c43229712b9053aba752ef297748ebe","nonce":"519f891feadb8532857bd56e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"2ab34fbb912beaf2cca3012439a24459e8ee2cd43c5fc7f7744501f0c18671733512010a886fbbd8a688a259de","nonce":"519f891feadb8532857bd56f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"9c61a9ace8e1574a38aebd07f0e32cd852f36550ef08326b547f9a1eb26a7e6859b877579b9825aebfdbbdb4c0","nonce":"519f891feadb8532857bd560","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"922ee54c3d108a8b66fec13c3bcb8866b92acb2edd5bb5e54cfaef6077fc92ae9d77a152a9ec52e6e6b6b5bf20","nonce":"519f891feadb8532857bd561","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"5ca7e35eeba7bb35a22aebaf737d9f8850bbaf966455fdc44c0c737424d921cb45e72372411955d5b7c868cc5b","nonce":"519f891feadb8532857bd562","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"3b84bb5b26aa3d9bf687a9a76a1439f1b280e70994fa0d9a985e560799f34c605acd05fe2856d46fe560a2ee1b","nonce":"519f891feadb8532857bd563","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"b04081d4c4ba8609d5065fb25cc810ae1758be57c6e2afc07069b77b5aa6505529cda251bc1e3f16351c9ae383","nonce":"519f891feadb8532857bd564","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"6b44cfcae0a7d55e38610bd76958772afaf83b2e1f1126cef12a509ac003595816fa85667dde69f7e475801428","nonce":"519f891feadb8532857bd565","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"acd3ca3986f689954e1f58b6c9ad2bb8c449629a32166ff204dab181055f810fe5d2e1f0836f49c19c894ce444","nonce":"519f891feadb8532857bd566","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"beb330c94e85c4d6d974e20f24076805fbb23ac5abe8b98400d2032b3aaee85518bd3e3f132d2f068470e754da","nonce":"519f891feadb8532857bd567","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"028a087126297a474248df3a067757f19e936d3c22849ffba5387f387908620cc33c1a421e1ee03249da465920","nonce":"519f891feadb8532857bd578","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"eced2401050b90f0aa892e9e105225865a6818cf9b78331801232a3f06713e418a42bac631f27ef5361e1e03cb","nonce":"519f891feadb8532857bd579","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"ad07714c86b2936b663a361a4ba163c931dcdb15e6918ba41bb24755d678fa044e6405f991166dc85b45814d13","nonce":"519f891feadb8532857bd57a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"72513f03e90edd4ae9abe08b0a6b430f99233f450a65d9f6e9882be06e4daa312accc8751a44f257c805030b99","nonce":"519f891feadb8532857bd57b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"cd5264412162a6e56ef0f5c59ef7a3b7e6139cf72a90ccd2536b54cd5e11bb28e8acc93eaad21bcca0b2c86f1b","nonce":"519f891feadb8532857bd57c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"7e4cfc1b14f28e5c36a693fd2d9fd2effee90bfab11cef374d0882c4ef5af7f54b8f21392804c065e55e5eca7b","nonce":"519f891feadb8532857bd57d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"8192e07f1bdf38d8fa3a398309c1889b65ab73e605d291131eaef907600a40f8a05854e26c060afd8a718e3bfc","nonce":"519f891feadb8532857bd57e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"a7a3bff37ed22f39e6a1a02ccdf364878a2c6dbf4a280b25d90289e710d42660011cc4e642ab833896583f2135","nonce":"519f891feadb8532857bd57f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"c86023461e5c9ebb8a169609d086fb25bec7e7b360bfc16c44985abfdba64ef674a89483f8f897724b73d1a490","nonce":"519f891feadb8532857bd570","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"4be54b252ff919617d67a465d89347ffa5db0d6852274147c9e6fe79c11f80a00d33fb189b4e73c983fea98bd9","nonce":"519f891feadb8532857bd571","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"47328187af73809e4e8774b50b32db349436d50f67bb7e79976dff198d168feeeb55f60b6794e343d8f2424b43","nonce":"519f891feadb8532857bd572","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"f783747daccce3077994feeeb080bf168e6786efc542f21695b1d53b40e94604ef513af63afc927b3d972d28a9","nonce":"519f891feadb8532857bd573","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"d388ed9a0583755418b988d8dc1d0f6515168105547ee63e3bd51c1a3bb4cc64acbe02bd3d370a2def6297097a","nonce":"519f891feadb8532857bd574","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"fdd19d5b4008b496ef0efff7cefcd750ec96976dcc755470e16d4989fb734f38d73f6979d92d92b1c09d6a2119","nonce":"519f891feadb8532857bd575","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"a9860d24a958710ac4f8e12e605ae34ffee7c9f31b4e3ab972b3c605826321706ebc4102643c6c0d7f03861e15","nonce":"519f891feadb8532857bd576","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"9f839d3e51ef280a5ec72f104a646469de2c5733cae8f4482a2d2913d256c4b1f979e3fc9608ec1e648f2d8207","nonce":"519f891feadb8532857bd577","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"de619e620d42af085f91ac0e55b2fbafe58600f839c6c10df720eae432c118fff52f366c0e9e6f5eca7c21fc43","nonce":"519f891feadb8532857bd548","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"cf47c3ca633fda50561c67d691850314b8428b91d3da6f07e10d5f928751de9df4d11178356e956baf60d2ab7b","nonce":"519f891feadb8532857bd549","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"d1d40f777f17f2a3451699cbdd81c933b817bd9f6da54e88c21a2e0b974122ff32c6bd2c0971a8592bfa311556","nonce":"519f891feadb8532857bd54a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"c1f66fccaac4cc47110a542c02dd5429ea41c905e37693297ebedae696a98ebf53631b9e996b032cc0ace26a34","nonce":"519f891feadb8532857bd54b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"256afe68a9ca4ff41931cb8142ead12010330f1d68716bb2d2d0646e81b9b7423189e3f7982fe8a5fa97a4c4a0","nonce":"519f891feadb8532857bd54c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"c6206486d7b1d45a9fdeb748b525b211c374bcdf98529724a8fcf841e50f39e2ad45d00caabbea9b48fe105258","nonce":"519f891feadb8532857bd54d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"dad218d768be8d66b59fb20e901176f375b8ff8d2d6a6a59f02dab5692f3d043b989a44cc645f1db3ccbccd067","nonce":"519f891feadb8532857bd54e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"22992bbfae2e11a8a77886a7d6dd952fe30422784c8895a7418f14781cc4d33dff0b0bf4358fd0388dc67f8647","nonce":"519f891feadb8532857bd54f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"00a5beb794b9d400a0eb5e69b337913bc93368c9e55e8700bbc5a0a5d71b5f17a0cdfdc2a0253e6751030805f5","nonce":"519f891feadb8532857bd540","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"a0a6db454f4b432c8b2b6c21c10c5cb4647f64daed7981bc51c4beb9617a8006c4c1e240fcfb2d61409a0c6474","nonce":"519f891feadb8532857bd541","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"80ed7b614dfd2c34a593e4c6cdae7d17764a76c3e4af7f0ad7f303e68c9033a972a9eec64fcd759cb2546a9a9b","nonce":"519f891feadb8532857bd542","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"988248b3116f1f80743e19fcc80897aaaa19fedcccae60f16ee16ad5fb9020c477dbc6360c1cddb9fb3e7fe277","nonce":"519f891feadb8532857bd543","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"93930c802ef4da72e6d20acf3de090c8d62880474abf5b23a5161afd8fc2aad32570620d3f9881a9279e7c985f","nonce":"519f891feadb8532857bd544","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"f79127d335eaafd3747e64d52c890b0551cd53b0cb30309a67c1d03eb207b3503e93904a55f38028cd290488cb","nonce":"519f891feadb8532857bd545","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"78c99b0f24ef2125426633869d4edc3bf6f2309174e8dcecec17795ad68cbd461409ad83c8738803aec4c9d1b7","nonce":"519f891feadb8532857bd546","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"47f8d3e735bec57883fa61ea54c7c0e176b62a3003595f09218a8fb134c71d70e1881c77518a9d4564509dd8a1","nonce":"519f891feadb8532857bd547","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"302da026e016861a39309c470887d2ee99e84382b3037ab9f478a5ac98f68ad6b2a94e7c9600851cec18a38df4","nonce":"519f891feadb8532857bd558","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"a953d984599edc2492e5729afbfb023687b26b13fd2450c1774f42864ca1ac27638772d3651495932c6284b3b6","nonce":"519f891feadb8532857bd559","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"60fd5171e2d93cd8627112af2ddad4a583a93988ded84e04ee7bbf19385acf4e0b758524a07b5f618308365c69","nonce":"519f891feadb8532857bd55a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"ca6a437a59567cb1fa344fdb8a797a1f34c2c918512da5eefce4761aa4c1eaf03d017ad2901a3c2abcd2965225","nonce":"519f891feadb8532857bd55b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"1baee6192a23c9325ba5a35a38cf03f1cd9d358a8f924a4f041b73f2673f1cadb97999a3159d0a38058090dc61","nonce":"519f891feadb8532857bd55c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"07392740a0ecdad6995c4ef1872f0d9d15990657dca0bf7e215729346c23c886dbceaa6970aa0000e69408565c","nonce":"519f891feadb8532857bd55d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"aa2d7e6f51cb99b269ecd1d36423808d2192f11a3253298af20ea20dd4332f4ae2e84eb3f4f90e31f6f2926bb0","nonce":"519f891feadb8532857bd55e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"fdb890708e57c3dfe304d06afacf2ea210fc9412890040a8d4e7bd290ec3f20ee5762d6fa9ff37f224d3f850e8","nonce":"519f891feadb8532857bd55f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"7e0d49a274b77021334e28e2ebd67cbd5c11b1bc70652a95c2645c46b44e46efff9ece2fd663c58c206a78c428","nonce":"519f891feadb8532857bd550","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"b349c6434192a9b5504013802862c087aa5ddf5a07c45f097bcc3823a3d71f623924e6c90547c18ed8d47cbe6c","nonce":"519f891feadb8532857bd551","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"93301b03cacbf7e0458b03015749b01b22d9ee53e266855434ccc2e4102cfd1a0fa32284ec62c7e187d676f173","nonce":"519f891feadb8532857bd552","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"d1097d8529177bdffc4eb4e9a514238345e6ea4e5fa942de3ab378f175b77d154efc1f625528f2b21c1b980de4","nonce":"519f891feadb8532857bd553","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"d92084e1abee6eee7ffc619583f43b5a61f16c02a5f39d427d0eaec0a0c55a0e9ca20f56c18f18cd0c499bda6d","nonce":"519f891feadb8532857bd554","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"aac9f968102173d753a7d2c19c88f90bda15806e11d5a0f3749f8184e3a84c0c01186b48c8387173adba9cd70a","nonce":"519f891feadb8532857bd555","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"2e1e94a36b4e5720f29f32575845b12ea2d704447519d7fbf85f43b3531b7685f2136ec4aa9c9847feda0149bd","nonce":"519f891feadb8532857bd556","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"fd7a43c7c6ee6382cf72791dc3950a2d917196d4843cb3f3418315713c48232119d540de04b1a6b81d46a4ec49","nonce":"519f891feadb8532857bd557","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"ae051307b0630d64ecfb71a25e9f37c1876f962fc0abc3a2afeb2e6881d60ff3ae4a881d68e3a25c79b1c2de12","nonce":"519f891feadb8532857bd4a8","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"2f3d315c9931703a3abfc0ed38a51296ef70c14138cd64be8469dede3428444f"},{"exporter_context":"00","L":32,"exported_value":"7219515f51df0b7f88a7c202695a2bd30a7219390cefdeb5836f80b36ec61085"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"adf0e43fe7a497f0452585f56e3453df84753a0597d48e886f3dcc6a08928433"}]},{"mode":2,"kem_id":18,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"61fd4ee9dd1c99ec1d5ffea6be6a75c849251054de861a7b2bbd58b815fd982275bd2ad1a85b57badf10da25ca3da9d6fb75b871c600be74618884ca51ace844667f","ikmS":"5be410638f4d8d2b97b198cdede5882f49d647d28354cf03ebf33455f3c7c35bf5be4ac691c36505b0ebbc5f4d9013fa8d6f32d73874656a926fb3a7a9b604fc03cc","ikmE":"aa06e3ca5498f28677b060c838c564e97ed0c86f62f15d0dd9906ab8e1d18f1f32b39c966f92e62c256c11937a911bab0c1da6e12729f82b052bf3a87832d38444d2","skRm":"01af4ca8764d37e42d76ef87d8565669fe2e7a133b8e443d122153ecf9f2bc98a4c0a93d6c0e6c267d9e1f9702bfc4ae5cd07b8357709c0af85f6276284324552aa0","skSm":"01e73d20acd52cd2b05cb2b4421ccea7400d2b7704d14d3cb5bb9ff44a67651e965c49fa3b181a2ee650e6e65acfc43d0b74b64fac869130f6695ab40112204cb30a","skEm":"0144cdba2de4ee23f0a3055f85d976340ce6db93c3a3ccec6f397f953d621e21c6645220a9cda5322e44980ebe25b4c4ddcf85784ef3ab9d484275aef71ecd52d13f","pkRm":"04003f4ee80bb93b48744c5b020d929baf96a38457fb289ea1d19a9581a9fc157e85c9577e531a08dd74ed8990e2f90c795d4aa94134d45dbb966048cdb63625729c0701008c060684ac2f2fabcdc8286bf7f8fde3d3065c6b2c45429b666c993d0d3b74589f1dd5ae11d2377fb3b7098c60d24663b3653173a0368f18b7a2befb90b4d7c1","pkSm":"0401a6880df48ddfcef6dbc01073efdb0d4951983f8adbf949f9271a3b09a5fa417fb226b3f4dde9f22745f918c815d36bb88e8dd2eef35535cecad8769fc77f1dbca501bac4e3c599518cfafa9310c4ffc2b518d2ba2a0c72554ab7ca2929fa58b2eae7c83fd67f36149d78442c8c060433ab71320ff326f3edb8a07eb8599063fa45c605","pkEm":"0401c0407cd50c52d85dfc2da79838d2f6cc0edbe573db15bc3d459e16a7255feee1091be59d07bd41a1c1f2114ffc53767dc32c83d51dc00d7dafef0e93f0e96eba2100bc0ad8614d5cd5021e0fad6dbeb713e65045bca5cbc2332751580a25ee906da9c5ab9b83fee5c07121cd57b8f5a9b667911ef8c5c68f4b6f5f8c463a3fbd754ebc","enc":"0401c0407cd50c52d85dfc2da79838d2f6cc0edbe573db15bc3d459e16a7255feee1091be59d07bd41a1c1f2114ffc53767dc32c83d51dc00d7dafef0e93f0e96eba2100bc0ad8614d5cd5021e0fad6dbeb713e65045bca5cbc2332751580a25ee906da9c5ab9b83fee5c07121cd57b8f5a9b667911ef8c5c68f4b6f5f8c463a3fbd754ebc","shared_secret":"4106dea2e745bfaa6eed969944796139b90b47c6cc56f177613d545688ba5bb1d4deafbb39147982e3d1d2ef652910f664b1f11afc8e36c2802c44b732a02b32","key_schedule_context":"0275e4033f8435ab2e4351af456d3d0e48d88f048993b59a50ef846d88fcce0f81424d5fd737aae133d36f3904a06750412f8aceccf0b84181f9bd44ed7735e65a","secret":"aaee5d28115b8d688e51a9019432f316805517e47ee51ab91e30f9f58547cad8","key":"3e2d82420d5a8427a1e89802fd7626797149611ca25119b8cfdeea953264baa2","base_nonce":"c482bb57df0a9c4c0cf2ecd9","exporter_secret":"eb90f6528bfa97ec831aa7583e331347fbaee11a66112619375f88c864c1359e","encryptions":[{"aad":"436f756e742d30","ct":"70f68b3482bc302bce585df7d3d7373dff6566242e943e9c56349f7f8197d7823fbbfb77db69007dfb09024ddb","nonce":"c482bb57df0a9c4c0cf2ecd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"bec3bbc930b16bdc26dddb69a6d9c4b0416c7d8aebfeef3ec502f465ea1ba29c3791aecae4f7e492b29f93f6ed","nonce":"c482bb57df0a9c4c0cf2ecd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"c4adfe5494c226b6d51531563d53d4b16c9e16051ae44e657315220559bbc3692e98bec8252d27581774046169","nonce":"c482bb57df0a9c4c0cf2ecdb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"1890f5be4cc87f910acdc2f71d8af4770943a25e55924f12762de38df63d0445701f77e6a48a4544a089e619c4","nonce":"c482bb57df0a9c4c0cf2ecda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"825adebcf735c71bd2e350c12d986335aa1f74671fe77cd76c62e922b851a174d23ee788ca4524eac0da0753e1","nonce":"c482bb57df0a9c4c0cf2ecdd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"8e867cffe62226e5ddac20fef82dc26e5842760ca27a1e4038f9768ef2881a1f85b0c673f83bed6ca6cd30fa9a","nonce":"c482bb57df0a9c4c0cf2ecdc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"6417f6170b54ab061f459de71fffb7d326048f71ea35b2d78891da473994fae2ed66505270a8d204a2ad8f227c","nonce":"c482bb57df0a9c4c0cf2ecdf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"505ea5801aea2fbc76e517a8cb8d0bc49d005ca0ebb7e4eea843028819cb1001d07c21e339a0ebea45a00795ab","nonce":"c482bb57df0a9c4c0cf2ecde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"8545612a0d0b285a1f945518c5932ba547abbf43494c7bda9b4af9b27bf70d656cf7b3795abd50fc35c92a8678","nonce":"c482bb57df0a9c4c0cf2ecd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"573de929a5f179dd7ae9d5604b0bbb504fb356b6a3018ea0b663f1b4e464d2ea56dfc199104f33cbe1207dd4a7","nonce":"c482bb57df0a9c4c0cf2ecd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"56ea48aacc080ab0d90f71213f14e9070b1a60a143b6881d4bf306f824b994db726c0c99918d6d633b5ea0ff8b","nonce":"c482bb57df0a9c4c0cf2ecd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"15475619f2c9b4417c3eef4e8e8c98ad6bdda2faf90a92b1f475f9da7bbc720b00a534440bf51c1c59058cec36","nonce":"c482bb57df0a9c4c0cf2ecd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"b0cd40ea6db9b6ddd0678ff658b07cb5298476eec67b5c161e15e91668f25364c6511bb3f1e65b9b44f7787abb","nonce":"c482bb57df0a9c4c0cf2ecd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"a204262d4afc071f5cd64e4d15450b004b9e24541f40fd501cbc3fe14dbb5af3bd3e423df7ece0e1feed18fc3b","nonce":"c482bb57df0a9c4c0cf2ecd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"abba73054778d87586274af31e686d30d34d93d484c38ee4c9a7e263bbcc4751c076e0f38786141db4c745e66a","nonce":"c482bb57df0a9c4c0cf2ecd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"484870987d7c23d8b53ac6879d5469ef71f7d9b6bf2f983d3e959ae8f380de424b6700899b91b6215ad50a6240","nonce":"c482bb57df0a9c4c0cf2ecd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"217cb25201cd06beded26c6caf6b9d135534e46ee4e2df07a14eaf22335fadbdbb69028129de5f0de898302490","nonce":"c482bb57df0a9c4c0cf2ecc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"f59454d363e887075c4a8a13ef985d9c6c46d4059a4d2c2af7b83fc37c22e880626c7463b2fca5eb0696763645","nonce":"c482bb57df0a9c4c0cf2ecc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"8dee478b938347ba6857f46b287d5edb1eaa49de105cec0f33bf500216db552b15fa76bb750b8982839491d8f1","nonce":"c482bb57df0a9c4c0cf2eccb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"908473862694e9db5e19ffa9c48e2111c108a756a2077fb25312314cf3d9f058b2679866b7863f299c0dd0961f","nonce":"c482bb57df0a9c4c0cf2ecca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"05786889307df20d1e8ca18338acdbaca6d1f6e7fea2e73d9b3209c88adcd74c9849c0b9f0f1f1d81363aaccc7","nonce":"c482bb57df0a9c4c0cf2eccd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"58882bb33627f89944068eadc7baa4e0f68676e5d095494ad45848a8633f991845ee09db55e1c616d43364543d","nonce":"c482bb57df0a9c4c0cf2eccc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"22017e25a2724086ad2410c72d115fbdf3d62e7e96a81428712a7c649f1e352271097a971ad501762de5852589","nonce":"c482bb57df0a9c4c0cf2eccf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"73f4fb1dcec518b3c84ef2efc61b7a8854cfb031d124e6cca572be0b2179ecc8a7f32b76708f0f822adc7f513c","nonce":"c482bb57df0a9c4c0cf2ecce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"4a03fcac75ddcf4c0bad0cfd027e6878b2b6fbbdfbd9c057cb3e330bc99bac18d7e29b8cfd6fd7701fedecfdca","nonce":"c482bb57df0a9c4c0cf2ecc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"fb2a8c2860f909d665d5943cbaac0103f860343e3a5283f624f6ebeb64bd11627df3ce1785b4b890b629e479f8","nonce":"c482bb57df0a9c4c0cf2ecc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"0ee4df80ee27703be023bbaf47d20ce6ad88106efc76d3c0b3c7506883291f34d614dc7b61773d3b28eec54278","nonce":"c482bb57df0a9c4c0cf2ecc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"bb95587c34439bf5f459155265a3f451074ecfc9df00e985a1c3db34b62990b27284dfa6902c5c558ee7767f62","nonce":"c482bb57df0a9c4c0cf2ecc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"cc92c8a171933141a0008d92adf75741bfc05cb78f49fbcdcba20dc8698d35d980866fc01c78bfcdc708b95968","nonce":"c482bb57df0a9c4c0cf2ecc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"c9cdc0491ae2b6f2da29467c6ca0d1323a866bcb412238e9f3c214948c750be48c70095ee0bbf58eba3715743e","nonce":"c482bb57df0a9c4c0cf2ecc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"3d1f7be37b810dddeebc0ca609185c40c3475b0baa93053d8b8151a3a541e98421005f055d9716eed9e6ecec3f","nonce":"c482bb57df0a9c4c0cf2ecc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"f316972250ab6e36974b824f482a39b8fbacc310ff056c6fc078121efd693103dc07d3fee90307fc2532cfdf20","nonce":"c482bb57df0a9c4c0cf2ecc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"5f46ff610531818bbd52aee91f83954718a155d360d9d4e66f07c07a7c88abdd7c1f61b281a97d6994967d88e5","nonce":"c482bb57df0a9c4c0cf2ecf9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"f9ecac54383d6bdb25aecb9a89931ac3ff19e4e33ddaf03d1aca28d6710e7bb42c72c0bd7dd845e6bcfb1d569c","nonce":"c482bb57df0a9c4c0cf2ecf8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"61ede862c83ec2c8b5425e01c17bef14f202b0a073a44123d702a27143bf56658e3f0fe552ca12c62d3cdeb9f5","nonce":"c482bb57df0a9c4c0cf2ecfb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"36acb9f10c47d9785924977fe0687c01e19db2b8566029d7607b0a42b2588a435c87c552bef6dc3015e6e71b0b","nonce":"c482bb57df0a9c4c0cf2ecfa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"79e8d50ccb2e20b63386c4e4292caa87ab8bfcd23a8e11fefaa44d01d05ea0e0240c3a13022511dcdc6d0e53d9","nonce":"c482bb57df0a9c4c0cf2ecfd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"61c82eb586d73dcac3278c46d8b2cae693edfe455497b376546fb0e52689d0259b3b8534f1b5803001bd3723ad","nonce":"c482bb57df0a9c4c0cf2ecfc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"93d6ffde77c4efb61bae1df3ddeb5c6ec5f80d7e599bd441d513f0a1cce08fc47d116f064cf378378ca491f797","nonce":"c482bb57df0a9c4c0cf2ecff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"5d5ae3945bbfa739f8d63dae51fab318dda8b9698b63cda60f0be8155b8ea010eecb44ec5622ba4c37461e3d7d","nonce":"c482bb57df0a9c4c0cf2ecfe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"ecc5e3e10ba81f9508507b3631a840b4a786c45f2ae03c60f6ea806cdcf651ed025630fc9c5493653b8f8af112","nonce":"c482bb57df0a9c4c0cf2ecf1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"8ae5746ca6cd1e1e66e5dd2dcfa158a83feac524910f59579d876f0e3a8991b496dfb4ab320c68fa21ba965460","nonce":"c482bb57df0a9c4c0cf2ecf0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"2e825afc2a8783d5cb8fe842c13f447fc57afc0b33d403c8c0f406ce3368ced0aace0fae984a3f7fd941aa348a","nonce":"c482bb57df0a9c4c0cf2ecf3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"f373fb11b9bc1f6e65d988ba3bf4e38ba1462ca2ba1e51d9a698a600453f9fa5973819a16f69c8aa6e494dc4ca","nonce":"c482bb57df0a9c4c0cf2ecf2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"d75def46e57fe0e71de9c17e5770f0589919eb035a3352e98d79d92ba0406f91d22b94b5585f4d11adba669750","nonce":"c482bb57df0a9c4c0cf2ecf5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"0cd4651aff48deb4bf803b70ebd98922bca712d75fda9688243ba0755aed35db694d1aba8ddf04a13d20fc7d4d","nonce":"c482bb57df0a9c4c0cf2ecf4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"6a95a41d4cf2d8bf6ad611a889064245e6989ea58076b8ec723aa258b83b9164c2940c264fb617d742e8cb147b","nonce":"c482bb57df0a9c4c0cf2ecf7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"3e96d209f730d2b5fe26d2db2b724dda727cf315ec0c368b7590145ea8b12fa3b64c86a1c73f7f521e8b7b0ea9","nonce":"c482bb57df0a9c4c0cf2ecf6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"8fa2dc82f2e6035807fd23bc2909f365f98f6e10da0ad4dd29ded95933fd58cb154c6ba5a0737595b88c4296c4","nonce":"c482bb57df0a9c4c0cf2ece9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"a074cbfbc31a3d4f74e03560bbb78ebcb19bc5985cc9a7d7aec3947afaceffd5ae48ed99bc54d73914dc6c8012","nonce":"c482bb57df0a9c4c0cf2ece8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"ac35ba74a1992dbbd0ab07c10c61fbe03a99760244d7871b1ce32a10c0242ddd20cc5a128d7e188eefeda3cee7","nonce":"c482bb57df0a9c4c0cf2eceb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"120207ec1fd9640474c1b8cfad720d7607ff89793da542b1d1b0efd6ac70baa64f803f1a8847771e0e5229c42f","nonce":"c482bb57df0a9c4c0cf2ecea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"76a7627f98c7f334bd4001057950539487c96b38b26b08f4e6123d9d0167ce2b8845a9e1d855227bdbd48cbd99","nonce":"c482bb57df0a9c4c0cf2eced","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"c4690660095a2411de86f6516c330162745b4a5e963eb3f081cf1617d10a3fcc692fbd87d0191a9655c4be09fe","nonce":"c482bb57df0a9c4c0cf2ecec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"8291cea411d7c61f6df1d11b6490d7ffcb63972343b3ecb4eca127d7b675783545183964c5dc0c5efe7ddac12d","nonce":"c482bb57df0a9c4c0cf2ecef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"f7af99cdf32f75868dbacea08c4e0bc7ed9506d638e585d13d2d5d860a14edb15e03b7e07055aeaf34779d0670","nonce":"c482bb57df0a9c4c0cf2ecee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"5797c4cca238370bae0efeebca562861ff5757b532da1d180d712858cc91e73b6919ce96917f82681d1124b06e","nonce":"c482bb57df0a9c4c0cf2ece1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"8f1dd08247cba1df8b28f007dea68112eb3ac742ba897299951784758f5b602c83c0caa4231d8c9bb5090f2efd","nonce":"c482bb57df0a9c4c0cf2ece0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"5c7545568e537d3eb7bfbf3ddf6f32b3aae8f6073e6da61c50abcc569685cf8e6ebb464c389391a99130920bd4","nonce":"c482bb57df0a9c4c0cf2ece3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"255b1a3d1700fc8f612322b1cf30447b06254e4229e997e2b0d4ab072e3a9284e5660a53a01735a551f5329685","nonce":"c482bb57df0a9c4c0cf2ece2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"571d7e7429fdc2bd8ec68884fe743c2bf90722099f5011919c66452ab9eaaf6699b78f9194978c288b41ac6e2a","nonce":"c482bb57df0a9c4c0cf2ece5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"6111b617783274121316f25f010aba8da6ec0c384843554b054ad2aab37d3848b0f83243df1792a2b15ed51dc0","nonce":"c482bb57df0a9c4c0cf2ece4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"d463a77ae4f6fe7c1e4ceb885ffcc5634d336b41d6875902849af32bde57872d44d8e9b96ebaa88a24b7d020fc","nonce":"c482bb57df0a9c4c0cf2ece7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"67909045d0678ec57afae6e530d3cd854a33fab6c42646647dcb078b4d2a90487bb80cfac52fe2498e45e5433f","nonce":"c482bb57df0a9c4c0cf2ece6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"9820593d6b1438f5467760a3bfdd2091d6f6d791d04f65af239183f4a9176c0bc58e94ff00571b3a2c8d4fb7b1","nonce":"c482bb57df0a9c4c0cf2ec99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"31e930ff581f2c4a14d1d98f112bbf328fd449b3955307becdf8e07675cb81fe93725cc2ad0cd0d63fb911a512","nonce":"c482bb57df0a9c4c0cf2ec98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"c727c33f7d4209c71711cddb9a8c6299a670bed53a832c59f1b163fbf50e9b7934f4841f15eedd4e96aa9cee0b","nonce":"c482bb57df0a9c4c0cf2ec9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"1e345fa24ae672e01cef83962badfbac5632a949a46016a47ac0fbb3663d746b2c2e5b4d31209014e48b6c86ef","nonce":"c482bb57df0a9c4c0cf2ec9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"2b42ce0b2488d789863fff1c7f13d982a9908372f8c7f3dd8392b42c1f457b653bd901441dc2ee8879398dd604","nonce":"c482bb57df0a9c4c0cf2ec9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"5392e8ed3039b928adbcee7f2c57b7a97605da8a3d83b5d0791e4f4a637b6ecf1907e4be0e6f3adf72acb5d0ef","nonce":"c482bb57df0a9c4c0cf2ec9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"2e709b039a5de4ec9429db10841df63f74984858421b097a352cc8050ccc88848ff2b56fa1ea3087fc203d1536","nonce":"c482bb57df0a9c4c0cf2ec9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"5e8214b2d1e804c5e3c283ccb4d3aec6649beb1124146f7af7067a512da88e8c41952dbf0554e4598470fa651b","nonce":"c482bb57df0a9c4c0cf2ec9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"be83244c42016d532f9da1eeadf5c5503537467b525c7358bd3d025bf4f53cf6beed4af14aeead91e2c28eb845","nonce":"c482bb57df0a9c4c0cf2ec91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"85ea53b4da02841ff648c88008731ac049ababdf93df6cf55204b48eb86030110d405794eb511ff5d8fa831687","nonce":"c482bb57df0a9c4c0cf2ec90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"3c4712e7ab3aad1f58bcbb3a28069082116e8a6ff8a7c3383671eb3b3a6c44fecfebe3b9cb9068452782a4e5d5","nonce":"c482bb57df0a9c4c0cf2ec93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"0a613202ffb8f9e8c4807a8d733738ed29738d85cf8cd997185f99fc02c89479df38dbea8fe5ebbe58f5d34665","nonce":"c482bb57df0a9c4c0cf2ec92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"9564802da1a5c1bbd81d6be26c4488b00767f0033025c88e288a5ec032723f0f3686027d180017bac6090996c0","nonce":"c482bb57df0a9c4c0cf2ec95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"fc9ae854c7ac2231898df5790cf9f5239460bb658c5f15debce934cead447ea090bebdbc8d6133036e8bf6d7c6","nonce":"c482bb57df0a9c4c0cf2ec94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"b5de26596ce5385bb08ffebd8c3b4b0859500660f49d87e22d247b960e36bd5f508c0575e6c362807e655d80d5","nonce":"c482bb57df0a9c4c0cf2ec97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"a513ea7630d7d6e2e650f63b8ae9714009a192f11b1321b709d74451792605f5c212b3837c8d5de4bbca5bed15","nonce":"c482bb57df0a9c4c0cf2ec96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"6b82a4b6386558cc6e6020d836137e52c8b148c9cb5e3c05812c973c7d2db5bf94e10e12a23ae0322e29ce5bb1","nonce":"c482bb57df0a9c4c0cf2ec89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"2d145fb45b8ab8c71ff130609b4d4404be924cb72485dcc28a4fc5fe4a637cb2efa8e424351c1c29810c323a19","nonce":"c482bb57df0a9c4c0cf2ec88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"cd3dee9104ce11f6e50e170f0ddaa4ff3a3a3be6824c4afc70849e7d3b6d66ae789c20d9240998a6aa9b8c9868","nonce":"c482bb57df0a9c4c0cf2ec8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"598cb19f1234bdd208042d74160154d0d4e8163487aaf0c921873e1f0989388152ce89e6258cad06be64a48055","nonce":"c482bb57df0a9c4c0cf2ec8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"69298c4e8e7aac83c36f230d1f5cc839f1336784888b3a83dcb5bf6ad42c2ac919e69507de88d818e65cf61da7","nonce":"c482bb57df0a9c4c0cf2ec8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"1f34bc2876781815efc982d72b54871a1c6da7c6ffc5760df08bb827adbb4b6d28dafc50dcae0cff0f1259057b","nonce":"c482bb57df0a9c4c0cf2ec8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"38ec514a5ba6b090003e3551739f0756f41d73edf873a0496a7ecd923f8c25cfc695cf67d6d291d321f3b9fb14","nonce":"c482bb57df0a9c4c0cf2ec8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"eff1a8e1a3ac7abbfc2fb8c62f697857d43add3e84d77292b1cc1345c64fae7c1e2eedf3c109205dc1710eae75","nonce":"c482bb57df0a9c4c0cf2ec8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"2fe80c324eeaa18ea51491f7872c9642a287fda67d7ce059e6bced90fc51f8d399584eedb6472080d0f6251b38","nonce":"c482bb57df0a9c4c0cf2ec81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"71eeec2a6dcbfa1329cca7a022dbcbc7035e740e967bf4056294f497f06c4c296c3402bba017ead11adeb6f952","nonce":"c482bb57df0a9c4c0cf2ec80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"3bdb95f9d7df03df8ef490340667d2d6abcae102c23ec82c5c38181082eebc3999ece88eb377b1917d33a1fe03","nonce":"c482bb57df0a9c4c0cf2ec83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"96ec0d1c0710e1b7b6822eefa5d7f159ef3e7335aa36a2ce3f0e9af36b03d72abcfd463baa7ee24f05b7de1211","nonce":"c482bb57df0a9c4c0cf2ec82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"da84342ca9337c9e0e9301b06084dd47efbe7a496edfd0547765881305d3df889af51dd5d660fc38750010bb41","nonce":"c482bb57df0a9c4c0cf2ec85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"6b07dff8105f72577f417e7b445e1a2bbda181ad5a5eec2c41dfedb5ee623d5e9ec49c72ca0466457f847816bb","nonce":"c482bb57df0a9c4c0cf2ec84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"0e12043523fe5315e31487579aee6a33d7aa01ea98d23820ae5d038971bad501d0e1b6a32a8993765a8132e21a","nonce":"c482bb57df0a9c4c0cf2ec87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"1f3800e817490717ea98334a7c1c87a5257be81ef363d4d9fa77e60d71527de8633cf2db5c6e287f03a9faa8a0","nonce":"c482bb57df0a9c4c0cf2ec86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"eeb04661d3873b5c75ed6c557dbae0e836400b6bcb70b932b9d90410d676a20a9caa03c3b7ffe1e29e7ae89b40","nonce":"c482bb57df0a9c4c0cf2ecb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"50fceb639a84ec50548333989cb75e1934becc3d4e0f45c69cf768ca27bc78829af3a7da91ff3e7d8c6b5964a5","nonce":"c482bb57df0a9c4c0cf2ecb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"9b622600bd4469fc6b4a580a1463fb470f431e4637c37f9f14b200ceae96e38c6ce4ce9d87f6449965d021323f","nonce":"c482bb57df0a9c4c0cf2ecbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"5d1568de78d809f575b37db4db73f507f296e483e5a1e1af66f75bfac990203dd0b8a9442534df294daa210672","nonce":"c482bb57df0a9c4c0cf2ecba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"40884a447c3f202d86fbe22aa8daf7c2dae20ea9ab55e6efec40896b6d114ca505c53ec30bac68f7700aaf2587","nonce":"c482bb57df0a9c4c0cf2ecbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"68d8af5a9cf71235f82e602dace2159a016f518becf3b9ad4783625a1663f8611887cfa3e1f14acb7019ba15be","nonce":"c482bb57df0a9c4c0cf2ecbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"5702a7ec6fa00e94f878678e8c77dbe87c04328c377944dc9fa4d211eb8def932a3f086fcdd8ccbd70a8a36ad3","nonce":"c482bb57df0a9c4c0cf2ecbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"4b1fd8089edaa24bcb7dec24860de65441196046e042ced333342a05c7d060458470323c81147710408276644f","nonce":"c482bb57df0a9c4c0cf2ecbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"48bd4863ce3742fc90242fc5f683f5ad5e09b53ed2bef0225142fd59526cbc6fe61036a196a4be40ba984ffd47","nonce":"c482bb57df0a9c4c0cf2ecb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"4d4e8ac04a2e90da933a454cd53c0f0faae3206baaa2b32aa3fe24c1dea0dc7d9c8cf3e7e6490f20cbdb390bd1","nonce":"c482bb57df0a9c4c0cf2ecb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"9526406b8ab47cd95edfa76d8a6f24686ab96f16049c3890c639e82c7c2fad20147bda9c5128ed76481eb08863","nonce":"c482bb57df0a9c4c0cf2ecb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"7724e0c3bf8bf27cfa9dc606702fcf6193fea7e4441e6334a14631b597b3345e483e4539db87b89f1ffa869572","nonce":"c482bb57df0a9c4c0cf2ecb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"bcf3b1239805d5da50c77895050bfb07e9e3f60c26862c40a1c23e323753d8e7cfd3d090a196623fa9578c28cd","nonce":"c482bb57df0a9c4c0cf2ecb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"3d11954bce7073c5d5788dbe6d9b53863d61f9995ac761da1adebb727dc411214399d8cdb4f029ed6e34fe1e48","nonce":"c482bb57df0a9c4c0cf2ecb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"7d449feda2afaa7a905f6fc2973f5510181bff3c6dc7a0698e80f39ba91f01b6f81929d3f024eb253c02713370","nonce":"c482bb57df0a9c4c0cf2ecb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"a1bea3aa839e4e5576d56487d3872c390d0063529dcb74adeee97b2b52f0f2590925705e582da3e93b82989a8f","nonce":"c482bb57df0a9c4c0cf2ecb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"a28348008bb9548ace358708466943ca482602696f50fe01ee21d4a7bdb393e6fb015cc86ed3ded959493aabb1","nonce":"c482bb57df0a9c4c0cf2eca9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"f630a2c03ac8f21ee3e2b83a6639d7cd8d1899e06d6abe69c7c8b519cfc02b3ca39c728ee4fddcc983c298d932","nonce":"c482bb57df0a9c4c0cf2eca8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"fc49888e092fa7587a0a338e0aeb58fcb8d9b06c2f7cb0c9970b76d60ed63c71f193ec40ed80daa4d14694a9bc","nonce":"c482bb57df0a9c4c0cf2ecab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"63d2dd6011b9b5165a23a04d19fe7525294aa77778f4ff4d4a87d252fa1fb068807bbc76b6f48ccf29d8cc20f3","nonce":"c482bb57df0a9c4c0cf2ecaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"1a08a87c11c96cc6ffb07f4069d9508a3aed9eccaae4691b887fb3d29949019dc1baf32d09d49c04e316da5e86","nonce":"c482bb57df0a9c4c0cf2ecad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"c9f000850ad95df958b7a15038be565d839eee26546d9356a5f088882b36243031dc75f67ae4b242a004b9b391","nonce":"c482bb57df0a9c4c0cf2ecac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"eea0f2006ba8fb6acc1c6bf39a6f1c914a16f80a51fddd00c87744a074d57963be93d76f2e98a18c4e84793b67","nonce":"c482bb57df0a9c4c0cf2ecaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"0916608f0afb71ef45c8319f6237966457e76d2cc3697e918b80e5470b13b395558c6c6e81b78fdfca334966f6","nonce":"c482bb57df0a9c4c0cf2ecae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"b41d2839fca5dec95b4ca70336f1db51cec6e032a8e5ea5ba10f4ce26f50a4ba99666f32e0bd912528ce169bdf","nonce":"c482bb57df0a9c4c0cf2eca1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"bb8a141db90ad25919ab554911c22b21af25ac9a1c10173fba17fc49f76f484e19a401f6e3a033b810a3c0528c","nonce":"c482bb57df0a9c4c0cf2eca0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"2de819cc1cd8f0019e06df8678376f826202f95e6cbed016dba264c8cb4c366fa853b72daf348a94d4d5802efd","nonce":"c482bb57df0a9c4c0cf2eca3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"54e4f155231ec7b9a0f269c4538d70b581f0b8273d2d3889d37e7bf0b279c72927e7e24424d19f4976f0c9e439","nonce":"c482bb57df0a9c4c0cf2eca2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"4a564ed4cdb4f3bdb10fc7d945dd488605a34656fd0ef14a6f0fa3d7b79568191cb7ace1726ae4c4d8bfffdb1b","nonce":"c482bb57df0a9c4c0cf2eca5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"7b85827f05e31e48afde519c3703c4e3101d6b70d24f05a8b5d294071242aeb4621a46fbf81dfd6cfe70d708ee","nonce":"c482bb57df0a9c4c0cf2eca4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"f007217891f2451de6c9da828bc147914b99a150f317779371861501a8967ae465ff8c1d65a7397d43cf768790","nonce":"c482bb57df0a9c4c0cf2eca7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"cdd245cfdd6c4f3f94238fa8e04a50b1d6d02ae7f4837c63a72528b9af42908b68109c4043605215c0c7ac2011","nonce":"c482bb57df0a9c4c0cf2eca6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"5a4e66cec91630efe2483eb557c86d320c9bec78da3bc5d7ea47b7c75689938eedd2c41feebca3e1e572fd8188","nonce":"c482bb57df0a9c4c0cf2ec59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"7b073effeeba31428003f4c923207788e156fa5851b0f92fa9c2a616fc5fd70e5560b3f7ab908370a47224d8f0","nonce":"c482bb57df0a9c4c0cf2ec58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"37696b869a6de6239d5b4a563f0c414fff6d07fcb1397ad0d80094196a153e6ad4234f2a45c67fd5b1c4f2edb8","nonce":"c482bb57df0a9c4c0cf2ec5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"2bcb38ecc7df8cf90911d01e19ba0f087d66fb78dfb1d83653279b7c4e35bc232dfdbd766f572611246b1139e3","nonce":"c482bb57df0a9c4c0cf2ec5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"9ea05f7a89a1d0bbc123867ee7991a7a8ff806c4ace7a5699775d625026ec63fe7fc6e3e23626c29b7f0bb6023","nonce":"c482bb57df0a9c4c0cf2ec5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"688b3d4ad8354aa1d9425b4096ffd056cde1a9270a13c114966f32f9f2d254bdc294c641e8031c1f23ace6fda8","nonce":"c482bb57df0a9c4c0cf2ec5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"e45b6d2e6bbcda4260768d3f13b4039ff3609f04d7a634745938896a8d6d05732d5e89eb5afe2df2914f47c735","nonce":"c482bb57df0a9c4c0cf2ec5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"28c9a8d2e6b88718c21a4dddfb54c9570cd5b88ccb1f0fa400090c63d0888d8571e006d016d5319c90c5756b94","nonce":"c482bb57df0a9c4c0cf2ec5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"514a08b288d02f82f62b30e5989ae5d1155260a307fa96b9058cd59ee8791ffccae6b39fd159f044959869281d","nonce":"c482bb57df0a9c4c0cf2ec51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"7ef27073b27022fdcecab81e1eb67c53ce6f671c4b05401d9afd880f76e1fc3806d5b86f9e7a27a7ec46b00889","nonce":"c482bb57df0a9c4c0cf2ec50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"4c1274715ef4f190093b335091cb4baf0bdb62163d0fa7930350f549e152392f42db054b5e0a14146aaed84abb","nonce":"c482bb57df0a9c4c0cf2ec53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"84b5075054829d9e4d3495d798f4ff7f64f4d2a6417bc7b382cc53ba71ed6d85874ede04d9c0d24f8ffb051207","nonce":"c482bb57df0a9c4c0cf2ec52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"047199fd3de51b5489b1af431395ee2c335de60f75e6c07a8a1fe66d8e43c98cd88408ff571f2c1badf9394d99","nonce":"c482bb57df0a9c4c0cf2ec55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"b967522937fc6b48d67a1c4cba9b29d28cb274b7c9e64198b8619462c896ed315af8e2feadb7d8b67f0d4d1526","nonce":"c482bb57df0a9c4c0cf2ec54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"710e4be2dd6982f357a29dbafe151f2df7a6a5af9924115d9cc963fd74c00201ccfb600144b949a6a8d1014425","nonce":"c482bb57df0a9c4c0cf2ec57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"d299985cb4d9b1a4296fa550d10ce6d42a77f0889cb65027368a52c0ebd927c965015c1937428a4f7e2117b5f7","nonce":"c482bb57df0a9c4c0cf2ec56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"6070ac0effcbc6b48d758ee1de784cb8796598ae0fb9683961585cd37eb0917d2524fc60cf9d388e5dc90be8f0","nonce":"c482bb57df0a9c4c0cf2ec49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"fc385af5e12603f5a216dff3f402b481c68b38679c8a19dee3f897b95f6857abb8c3b829e40f64d318ef806d35","nonce":"c482bb57df0a9c4c0cf2ec48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"a49717c5e4f65a80f4e8fb9372fb89589e38fe7468c38c325cdd35c06a16b0b052580686b0a23f09163819d693","nonce":"c482bb57df0a9c4c0cf2ec4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"07a1fe806d30524ab5ea0688a2181b48757d9570f4f0a39ac6c1ff1ef5c2038c07d58a074cf8623a88abd3f1fc","nonce":"c482bb57df0a9c4c0cf2ec4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"b23edaf28b00e34feab3c17d3e33a8ec2c42c4bfeaf1e0829a1884005380a49e0cac0489a3237d0b1fe0d78f18","nonce":"c482bb57df0a9c4c0cf2ec4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"5658f32235f356395e4b5eb2e139cb0dced16773e91f4d3e92ac6200b870d89e07b21dd219daed24708a85fbc8","nonce":"c482bb57df0a9c4c0cf2ec4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"4cbdef8869278493bac2232fe38f1358d16cf3cec5e70cba85ea336f3597aef238eba1ada4ac8d434b562130ea","nonce":"c482bb57df0a9c4c0cf2ec4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"bd80d81d34ecbd064253ff4d8240ca53135d98b09fb44505141328fe994d245f8709c04b93da92a65154db7184","nonce":"c482bb57df0a9c4c0cf2ec4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"a12a0cb67a24b9c5293a1849b8fa9243814e66b08410d773f23de11b39ddee74b19b68ff258e94ea0e634972b6","nonce":"c482bb57df0a9c4c0cf2ec41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"171d210330f4d363a2e58f084eb557a13e32e443ec101653d714b83553ae41fa4a897bd9efeb0a9002d8974359","nonce":"c482bb57df0a9c4c0cf2ec40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"eda3ad637c09461fa1c0e75ee1a2bd238b61e1feb89ddbce065135dcd51c84420a77c897f3f7a7479506837c0d","nonce":"c482bb57df0a9c4c0cf2ec43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"d94be213c392784c5ecf4011a4cb4f6a53afa5a347f142e0ccda1c66318ffcc668ff5a2239576880fd0f0bad88","nonce":"c482bb57df0a9c4c0cf2ec42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"30757016043cf0070540ce4908fd1388df067cb3052fc227b63c8b0b28dc46ab6038878ba4f29c261024ac24f4","nonce":"c482bb57df0a9c4c0cf2ec45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"0c919eb8f09cefd337111e2da6a55325174ad9a3790190da23b14b18a15f5ea640dbd923f9ee94912380841657","nonce":"c482bb57df0a9c4c0cf2ec44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"35ff7a73677983032d91ee2bb43a5f41391d3574afc6f7b45d39c21616d21c40525312d08064d7d0acbf8412d3","nonce":"c482bb57df0a9c4c0cf2ec47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"1510e02ef8d3f40e51a1a46df7717610aea9e7a18bdbf93364c3c94326f26239851dce5735344c1b971b23de70","nonce":"c482bb57df0a9c4c0cf2ec46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"62774fe0a3d2b6b035c23448b33fea1c81a145da07cf3b79683f8ce4e0550f543d91fe2b46e5627fea24b3e171","nonce":"c482bb57df0a9c4c0cf2ec79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"4503caae6bbd08afdc8d126e1940d3cc15fc2adc6dc2a7138de797a4b52dc8a67f95886cfc319d9e1c1b7239f1","nonce":"c482bb57df0a9c4c0cf2ec78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"d038d257074afe9279062e408c0f669e488d6452bbe53334c54fe256c381bab0192042d3b0c76978cf24fed796","nonce":"c482bb57df0a9c4c0cf2ec7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"32eaca74ceb8bac64b79136c34d0a906c75eb893ef1e20ea7539fe5ad94ddfe8c85f93a0a31f02e30939f0ca97","nonce":"c482bb57df0a9c4c0cf2ec7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"619fe99c7564e449973106b4dad20204ee049823951ceb780a0c8cc47f5997b66186c4eda0e2353e5ed1651229","nonce":"c482bb57df0a9c4c0cf2ec7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"961a838ef0768e35e02fbf5a9d7763f7afcf68851a5c4c68da15e712818c704e050ab9c2d0cd696a62d3ec3940","nonce":"c482bb57df0a9c4c0cf2ec7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"17d4935070342d772fedc60afaaac1f29a81548cb0d681284e12b90a539fed642926f8898013ef3d5c0d156cb6","nonce":"c482bb57df0a9c4c0cf2ec7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"5310ae8ddf6077ded1626d62c50b9f09f44686806f9108c3e615c22b7ee8b53fb7b73cb1ec303b3c2e4b7e6a97","nonce":"c482bb57df0a9c4c0cf2ec7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"497d3aed11177c659be897d036f5133d781e5a669520faa44521a90a727120ec3999d8a5c0df832ffd8ddab29c","nonce":"c482bb57df0a9c4c0cf2ec71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"dc273d7a7332286a09b16a75f6f0bef283de35161b8e37ae70abd613e0476e2d13311cd285200ce1fc45bf48a9","nonce":"c482bb57df0a9c4c0cf2ec70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"105f492bdacba8bff4b528db43357f11a7fe806b505eea284b6d346e6df759f6e57a6a2df3937b10f8b8ce4b2b","nonce":"c482bb57df0a9c4c0cf2ec73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"ac1251397c19cd86e76f9d89a1d58775ff251c5100f52c8f71e51a1933ca7a847ef5eb19743198c70716f24a41","nonce":"c482bb57df0a9c4c0cf2ec72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"19cf107929037598988579afc07d63b6cb5975bdc3bd7558299702f8618a5e9aa3bc0223c34257cf80397d3a52","nonce":"c482bb57df0a9c4c0cf2ec75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"6be7a90ef5f39a3eb58acc28d66c7bfad84e2be2fbbd1d78ad8aa218fc141647796c52ad038aac0aff3fe0abab","nonce":"c482bb57df0a9c4c0cf2ec74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"eeb8fb845583610f0075faa56463fc800582c96c960419bf9a54aade7effaa2cedd6ba3ea2db5e292f629a963d","nonce":"c482bb57df0a9c4c0cf2ec77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"9e72923335ab66b6f9a6ec05f279bf33ac509c96aa5978dff7fa563eef292cc273d1d44ddc30de1037b33cd46b","nonce":"c482bb57df0a9c4c0cf2ec76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"3a853ea4334b62a0d9aada475ad8b7289d9586ac4b8ccf19d20d89fadcff1b2ff169e75c7293fa9e8e6f4aa157","nonce":"c482bb57df0a9c4c0cf2ec69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"9dcff2b01522bfabb6450968669b89635ff6ae1a95d904cb2ee9f4cb9ad55c58cfe0db4869ca252eb3e9682b89","nonce":"c482bb57df0a9c4c0cf2ec68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"79f17f81df3579755a91a5132c7394e6e1df078eba1cd6fab3dd4ee058488a6a85af0d9a745ec83b5db35c7051","nonce":"c482bb57df0a9c4c0cf2ec6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"4ee33450cb19c7ef0ace276220b7f1a6ff2103ac82385ff4a7d4dba0c586d440e14d7f9cb8f8e4aff2b7803947","nonce":"c482bb57df0a9c4c0cf2ec6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"2f744429ce7bc7793cb32aa3b636dd5c7fbb8f34dc38bcef85dcd47cc84905af177fdcd7ebd8e2a15ea7be7c7e","nonce":"c482bb57df0a9c4c0cf2ec6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"5e39e849285ec024312e38dd4455dbeac711b515f90df93aec4875992a7c08201de50ed52ca05d3d7f5da39c18","nonce":"c482bb57df0a9c4c0cf2ec6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"97a433867a420273932274ab0248bb3bc9867484ea70e610b9c2a87ac02d96356a8a793c74d43be227a41bc180","nonce":"c482bb57df0a9c4c0cf2ec6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"1827fa399d1ac066dec3fafb5662f0309ab3b0a80f7ffe202a8658cba6d7d5996333613b216bb4125fc0048cc2","nonce":"c482bb57df0a9c4c0cf2ec6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"404c0bb0b21174a7b6079748e39791a0d66eebb4037da96c36ada26f12d76f1966cdae062821966aa7c735f9fe","nonce":"c482bb57df0a9c4c0cf2ec61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"44a9e97873d2a2c1b86259c71bf6403fa848413537c050103058ed307e271729a99212c30a69dfa7779626c31f","nonce":"c482bb57df0a9c4c0cf2ec60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"97805bf9927e6c84dc39e3542e283831252f9a0792670b074a95f4d0b5a500f8bc0b13a921abf70a341e70c362","nonce":"c482bb57df0a9c4c0cf2ec63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"7534da92643acc3fe94f39de748cbb52c0e842a88095b703767a14324e9e4fafbca7ecc2c392813327d57a5c1b","nonce":"c482bb57df0a9c4c0cf2ec62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"238fc887e07e69b4f6ddc56e0e33f2adf9feb98a6e0038dc3981d213122a9a636152ae436fb0cf9863100e7acd","nonce":"c482bb57df0a9c4c0cf2ec65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"143f911173c6af253c41df58a88575af7ae75e319fdb8981638926ab3cf90ea08e1d639ba448438078bf7726d6","nonce":"c482bb57df0a9c4c0cf2ec64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"44580866b0d83c6cea951f8242d5ec462c9301fe4f705e66ac6c7dd2d0e0ab93c9038114e5e1dc8065da357fa7","nonce":"c482bb57df0a9c4c0cf2ec67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"98c678583754a01ea4775852e0b47ddbc017497c32b687509997f4f1d0b133a359b3c3f9ad92bb764377042c89","nonce":"c482bb57df0a9c4c0cf2ec66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"a116e3cb6bbde8585e9fcd802bdbca3aeac18dddf1c657a35daa648d8642d4c4afbe5899a257f1291d6aca3145","nonce":"c482bb57df0a9c4c0cf2ec19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"1e8496a45a55d043f0db12be540beb430d4439b5b2bc7ee9add82d45e633fa74ef6084ce2d10a56fdd4a79ca19","nonce":"c482bb57df0a9c4c0cf2ec18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"53a78045ac95bd443101669e841b15e4c80fa045263f0e31b66acf71e31f9e17e5645a22369396fa9c3ceda93b","nonce":"c482bb57df0a9c4c0cf2ec1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"12dee1746bc7762069e6447eec4c9689279162bd322e11bc491a087eef725f9563b162b12c1100feac88f71315","nonce":"c482bb57df0a9c4c0cf2ec1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"f67863428d0984be117af531e811fa6818eca5b9d4bebe26b5d9ddc15370088b694a50f22ec098f401e5e12a5a","nonce":"c482bb57df0a9c4c0cf2ec1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"198d1e41be5f090da5f41656a38a7ffab9c73eb14f3c64f2882927c0304712d9c7fd481bf9fb856c5adb52d1a9","nonce":"c482bb57df0a9c4c0cf2ec1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"af2eb2447ae60a3e88a7b2c16732cc03344ef5cb1639824efb6c334aceb217a961afac740245244c8035e18a8a","nonce":"c482bb57df0a9c4c0cf2ec1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"dcdf0b97f6787f04a959287c264750a8b9f0504d3987773c9d2134ddbd45c1845c23f94eacc35f9a1c8b7cefca","nonce":"c482bb57df0a9c4c0cf2ec1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"90c6b3041567bf196e3b6d25700a458e7ecdadf69e648f943dc9d48098fcaa8bac4214f711bc147fe59257dc44","nonce":"c482bb57df0a9c4c0cf2ec11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"14b7313bfd3ad3edc25050d9d91af0b640570fa217eb4255d343ec7fe46bfeec72648ab365fa4f2bb032fcf37b","nonce":"c482bb57df0a9c4c0cf2ec10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"a87a3978c4d294f76cd01cb5cfa52b4bf918e90c083eda949d80d19d9100e3f701e9efc7ca8d3d523506541e52","nonce":"c482bb57df0a9c4c0cf2ec13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"56ad340499563d76fa33961594b3108e4edaf3c49a057f971461db0e0cb4757294966e562b5dd2e34f671fbca8","nonce":"c482bb57df0a9c4c0cf2ec12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"3150ae0107e87f257284c84d7314ea6aaa657802a99d977824a975f894ebe1b65aacd789695db820dd46031d9e","nonce":"c482bb57df0a9c4c0cf2ec15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"8cf44bbfcb04cb864b1379fb3fd4a1324429d5c7648c010c0dab911a9dc905d8e1e948de2bb8c459d5c53ca697","nonce":"c482bb57df0a9c4c0cf2ec14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"b5ccabdbbff6fb45e4da302279d2bcca554b6d550f97e24dcd065ab78da0b9969695e9678d2d63fc6dd5b83e2d","nonce":"c482bb57df0a9c4c0cf2ec17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"4d87d7675c039d91cf459ee3cf82b792c94b25aa4337f3a7c01a496daa90fa80a7037e199a66864f274a596cdd","nonce":"c482bb57df0a9c4c0cf2ec16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"367d3a0de9fe0a29f2d69c5c49494212ffea08c17c01d5cacac479bd7c958718811c8803181d4231a57a0028ec","nonce":"c482bb57df0a9c4c0cf2ec09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"cf58c0bf8405a9014610e390d47092412b80231a9db097a8171a3a6e6e7b823efc5eb83ac0da8c0eca2343219f","nonce":"c482bb57df0a9c4c0cf2ec08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"da94a1a69e0f86bcad77e52dd0ebab7d8febfa2f72c48e2510b184f4b2109a28c36ea05a89aa6b1fd3a748ad1a","nonce":"c482bb57df0a9c4c0cf2ec0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"e6717c4ab775bc4e1eb262ff094ca0af856d6ccb36786d65fe6936471718957e86d8785ece48e6cdfaca7e6331","nonce":"c482bb57df0a9c4c0cf2ec0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"4514845b8a1eedd4c08c7102f182930b8181a6c7d1226ef0b6918eaa8dd5c45d42cc4a0a45d3a5f4f420c09cf5","nonce":"c482bb57df0a9c4c0cf2ec0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"47c36e372b5df09a72d0e31f371c86f699beb10adefa95d8f97d5552e195a83a98b2b81c367a19111be4b9e43c","nonce":"c482bb57df0a9c4c0cf2ec0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"a03ab29181a8d6b321eb4558a85c3ecd3ec8d1a253de3e50869b4672714b32c23baf004ea9af29d9126415389b","nonce":"c482bb57df0a9c4c0cf2ec0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"e9de331f1b78067654dc3ae11c3c0cacf88908787fc0717aa91f1c330b5cac1a655b4b55d59651c36aad0a843f","nonce":"c482bb57df0a9c4c0cf2ec0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"51759db42a375299d493c93946d460fd387d4b28391e2e6dd60a705c16819b415ad72bbd8f7ce7662d4283727d","nonce":"c482bb57df0a9c4c0cf2ec01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"7ac54ec45df6d1ac2ff6ba607c7bfcac17eba83b79d0a98c4d81ea6b51fa73828a04b5ae71ab84fd9f9d3ba5f7","nonce":"c482bb57df0a9c4c0cf2ec00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"0f86c54de27a1b7a16426a9aeed227f69a10af329161c34eaeac36cf4af5b41733a4b04b39285ee5f8ef1d371b","nonce":"c482bb57df0a9c4c0cf2ec03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"18193904223c738e3284462f7dd4f60596d31101275c98f2bcd61cea66238e6bf012a2b1c724cd65a2f93cc83f","nonce":"c482bb57df0a9c4c0cf2ec02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"027e8c6e24263a91ab1e5a1ae585dde2f71fe9d48f7d9d98f099ecede977a640b58b6758070cf312c023ab2429","nonce":"c482bb57df0a9c4c0cf2ec05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"e4313909af40c27adb29d03a769af02916995ffff9be383bcd32c6e483cac8221e1848ebd75e54d6ccb1ba4fd5","nonce":"c482bb57df0a9c4c0cf2ec04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"ecbf2f258b37c9f2233d02455abec5914804435c32ef3fa624b17247a603e8adccbee39c34fe229165fef9ce3b","nonce":"c482bb57df0a9c4c0cf2ec07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"9ecccb5cdc9b078bf6e16671d75b6e387d2c61ddc6ca78dcf6ace759cfda439d7be1c11ff95417732085eb57d8","nonce":"c482bb57df0a9c4c0cf2ec06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"2ca19ac50e02b1684397ec633581863145d30d654194f10a54d2d8fbd6fb4cb9e7365ed7c9cb7b3e4ecd74d741","nonce":"c482bb57df0a9c4c0cf2ec39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"5d008842517590328ade0355cfd01323e6ac9b39059f2a77684d4a4dc16194614879c311f58f3c675330eba75b","nonce":"c482bb57df0a9c4c0cf2ec38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"64b02702bf4664350d9ec37636defecc353f47b6fdeb2ec40dfd4a9154c95f993deaa17932446f1606dddce84b","nonce":"c482bb57df0a9c4c0cf2ec3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"b4d812ce810ce7b94e0fdcf590a4d91e19623d337533ff0e3e9d8f4cd817650afbde31bb47a3d994136bba8448","nonce":"c482bb57df0a9c4c0cf2ec3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"e300016599a7c53f97cc2d71f4a78e7b8ffe3427951b854a570a7fb62bb6789dd4e3d6d2977cde8d64f07ee3aa","nonce":"c482bb57df0a9c4c0cf2ec3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"9d88d60b18ee7b5d941e0ba2b29398f51e4bc3ed0bb10c1679c800db433f160b8fcc47e3abc28f0446e607405d","nonce":"c482bb57df0a9c4c0cf2ec3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"3a7a4d3d4b0fac44bd8e5025169ce56ec37aeb81af8bc45d84b737f52f3a0078667ab987d1c4a84664a55227f8","nonce":"c482bb57df0a9c4c0cf2ec3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"6b146534180293ca08f5076ab59d9b2cc7c5d7d1c963b6d86e3d5f09cdf93cc556b11021730b8584511865ca6c","nonce":"c482bb57df0a9c4c0cf2ec3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"472d62f27c81579c216a365f03d3d939aa7a47be8e3712a094b2a0c6c79faf53f5e46e91edbd84feb2eeb08ae9","nonce":"c482bb57df0a9c4c0cf2ec31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"aef8604b0ff41717f5760659800239a4d58818430212d0012ae3c8f945905dd61b0f07ed40c39f009f08ccae73","nonce":"c482bb57df0a9c4c0cf2ec30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"30c896626766edc9bd060367ae2affff7489c826b9b8d873d75b8abbb6b86bf8a1bb7ed15f3f37b0fe48f7a699","nonce":"c482bb57df0a9c4c0cf2ec33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"394d2d277464f6f092f14f8ecbd7dc45181d650b414521c3f9bcd0d68cdcdc1f065e0a5757164afe737a7eec8d","nonce":"c482bb57df0a9c4c0cf2ec32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"33c263a2b00bf3cadee0ff091be8dad1bd832ed6e6ed4cde1383cdf65cd8276b635239bea0716e3b12d52d717d","nonce":"c482bb57df0a9c4c0cf2ec35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"173f787187692b7e3beeeb91af56bcf6459d9c784b4962532763c60c50109eb7a3aaf2d9a7aa6f86e7a1701fe9","nonce":"c482bb57df0a9c4c0cf2ec34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"448858463e273aee04b94c03d64f72eec575447ce2e9d4666e1b1f19ea9dedbfdf26d654992962257325e541b7","nonce":"c482bb57df0a9c4c0cf2ec37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"beebb8067a03ac338bcfdc2ab16c962d3bcb99df0591e823895cf086a20ccee48335305cf9bc429a851c8e8f98","nonce":"c482bb57df0a9c4c0cf2ec36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"7e0fca4d6bda134b92bf01579c3abfca3484046dd32c0b542fc540d59f57d5e27116356309de5cdc7004354f8b","nonce":"c482bb57df0a9c4c0cf2ec29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"5fda4bf2407cf4e02c43375942992ff31921681d47e27171d2b0bbe10cf37d95b8d349ca6adcbd2445d59ee0f8","nonce":"c482bb57df0a9c4c0cf2ec28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"9e7ed729c78aa3cb94279450afd06c838571ac1a8f4df7be8ecaf8a564078a13409383b00f807a80e768ca5837","nonce":"c482bb57df0a9c4c0cf2ec2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"3f2b675f283b147321dfbab10ebb4f89d235c6686f6d48a4fbcce317d6509add3f9b8f127d60742f4c822c21ba","nonce":"c482bb57df0a9c4c0cf2ec2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"6d69cdbac20fcb7aa8f938956a0c3b4a2f139540fa5c5c6c4031a9ac770593c4e977381999ddb7b5e7928261cf","nonce":"c482bb57df0a9c4c0cf2ec2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"4b4453babdc8e762c613e1dda5ae0b1bc2483808fc2d4e62a4ebe24d9c40d5319850bb3bb0704da9a8787e2935","nonce":"c482bb57df0a9c4c0cf2ec2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"4c1cdd1d22b87145f75b0a168672654da7caa8ccdec1b2d621d6d4fa178071ff1b158d8211c8147105b2261151","nonce":"c482bb57df0a9c4c0cf2ec2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"1f74ec664a17152d0553a0412fca62e6a358c224ffe57d0e4654eb20fb4cde3cb1742ddb8a418b2c469e46270b","nonce":"c482bb57df0a9c4c0cf2ec2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"90ad89bd01030b71fb05bc23957c853b226681b96d69d270f72168a183e846b9417eb57eb7d2a7e2e47b962162","nonce":"c482bb57df0a9c4c0cf2ec21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"1b705a36f7be55dab82eb2557c2c5dffaf85b011cca6f659b3196810dc9477c428dcc2a23d6e32ac1efd8ef3e8","nonce":"c482bb57df0a9c4c0cf2ec20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"0350ca6a23d5f039747fcf5aaa9557ade84ba0a518eab8bde4c86af70ce2da1bf52d052cee169074a8fcc4d837","nonce":"c482bb57df0a9c4c0cf2ec23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"5c9224614c514ab4e41ec4820137796edd3b7066dc6ad169e55cbda82be2f2c60d47c298c81c4aa206347c5459","nonce":"c482bb57df0a9c4c0cf2ec22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"b79a9618aa4670067d20bdabad5068a79c898e65907e504993111bc8e8882d258a46e94597b84578729812dad5","nonce":"c482bb57df0a9c4c0cf2ec25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"8fd381fb26f05b8d197450e37311810d1a61e21b5cdb25da5f96b01958e96c651a717ab3fc656a87e45639559d","nonce":"c482bb57df0a9c4c0cf2ec24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"56769b535bf799665422457554e2011f8ecb836932bd38c95501a8ec346f7848d2ba4b94bfb795d536d65f7b33","nonce":"c482bb57df0a9c4c0cf2ec27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"7117adee2de8c5299af52dd4c5e15ddf0a04c2d21b6057e6140083f793aecb0e0da0be615ee971ddc2b64bee2a","nonce":"c482bb57df0a9c4c0cf2ec26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"10090ba0cfe754278e78e252ee5f57ca29c04a11d5bdff1a94457b5d425e5608dd029cffc280e1e6186e5567f1","nonce":"c482bb57df0a9c4c0cf2edd9","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"a7a8959282cbcea30fe48802014a7b60c1fd3fba742058a898d4e7fd5ae62257"},{"exporter_context":"00","L":32,"exported_value":"5e03be4f78e88b99aacfd04856a960412365712052f248b51bca733ab51a01d9"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"81b8c13ad42f10a512eb97705ecbdc4e8c1ccfee9a867a89739c58adeedd61a9"}]},{"mode":3,"kem_id":18,"kdf_id":1,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"bcf488d68ce224f3961f6fbe4c03a41855adc246052d57f9a4d2583a0f7a927f393020e61b00e01552c45310b455407d7f005a4b90bdd470d70cc346ac94869ec40e","ikmS":"cd08c7ad13e1414d71e5b2955c054813523a7c55effe8634444f9b3fb2901f9ea50c56e754954b442fe3d997be0c723b2b26305de64bfa5bf472a27f7f86cd131570","ikmE":"c15db130208d5e620c8cf79ea218f5568973032220cd78927b5c17298206a534ce3b4b95e792572640f7ebef77e0261a7c13111e958cd8c2f8f360611003c3c92866","skRm":"00de3a538e7613215f792e61ac9c63381ab9995727d9b3430cc64f3da418992c3c5e74a5c4c35f42984a6d47d56500c7bd89a8cab30d4e7164dc99b6b11ca84e0500","skSm":"007a98f9c99ad3be564e1b87988feb0e9e5f2d3df50ae6a925770e310d598ae6cfffba08e6677f691c5ac706f904591bb0e30a159d48c4f3f9d8430576c19799c2f3","skEm":"01fb165240e92eff9a3945c1091cbaa10f78c0497e1468ca8532cd9b5377ae718d4ee676028da6dfaa6cca95807f4d14ca0406997c240cb1aeb08d55276aaca04c45","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400b7312b4f4dbbb221eb34fe21b56ad5f777a8d297666959819a356d6d2c2c494ce849ec0ba279ab692df1db4be7542e9fd230c5d5e5532ee4a5404d10b3a95cc58700f7cabfe05d845ab7fead770529d768c81c78e4f83a675fb35252459dc47facce676c82e94763cca3adf7de3a9e891fef60b0c0e8abb90e081b5950930c30beff60","pkSm":"040024f21bc628ff53946a172ace1f17effc65c2c99b202221a042a926012cbc564fbab64f82000c9aa7c7cba5f85934bbe8bf6d670708f1ab5e95c17204892948212f01f86c1b5e5dc20e1ec560fce0fd6de0dfdd5db1da6d28d516e6905c0e46176da98e2dfce940d46dcb952233bb9514791a37078af54e3d421b20394b9fbcaace2c69","pkEm":"04018f8f047f5cf53a77b45935b52b5b10f2da5a9389d76ea972114c44f6e011a3049bd45e27c7adaf02e25adc8ce199557dd75bcaaab53e7f91683c13edc2fc603a9801e689403f62005ccd3c7ff3d8ebfe94b37c68fa569787f47fda314439c934f6a01b52c9fe577682265106e0cfc883ddb874027f5fbd70e70848a2976c6b137e25ca","enc":"04018f8f047f5cf53a77b45935b52b5b10f2da5a9389d76ea972114c44f6e011a3049bd45e27c7adaf02e25adc8ce199557dd75bcaaab53e7f91683c13edc2fc603a9801e689403f62005ccd3c7ff3d8ebfe94b37c68fa569787f47fda314439c934f6a01b52c9fe577682265106e0cfc883ddb874027f5fbd70e70848a2976c6b137e25ca","shared_secret":"75cde6105cef5b1178af64a6b0d007865b41a0c81a2382d746c31db74d6b21569fae8cb61106b6a68efbc2957c7eb3c7e253b814e304b8d6531fcc33d2f988b8","key_schedule_context":"037975ec11c02e4c49238a6401423b9d3a4192da190ee5e64da5b6e06df3c5e82a424d5fd737aae133d36f3904a06750412f8aceccf0b84181f9bd44ed7735e65a","secret":"a5e484ed140bdc576e75c3acb3e4780d6367a122c10a2b4a0296826b3d42cbf0","key":"8448bec9def51f26dadd558a64d0d6ec2bcff36acd2dcae33b516a4881b27098","base_nonce":"052ade27332de87413caf28e","exporter_secret":"20fc575028cfc8a86754d1fee57ecbca66ea1dd8ffdc824af1a9ed6223c8bf43","encryptions":[{"aad":"436f756e742d30","ct":"58fbb7f351e806e4fa2e5c865805c9334a1445e9a01eefabb0cbf7fb39b53cc32d0c323300e260382e314a8f3c","nonce":"052ade27332de87413caf28e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"a3f776261150691d47ab258e948ac2287261daea6f1b55c31eb11d6bd6f27d1aef3784881dabcd096d554be09e","nonce":"052ade27332de87413caf28f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"a1a36fe682172f5ba71be62f460225bc089159ba3c50781270970be9912066ec46e36f3c6cd308b793cc87c6b7","nonce":"052ade27332de87413caf28c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"b896e066a466df0bbef6c58204e61abd260b86a41e4109cd4495adf253122c59c36808de91a21297e47cce0621","nonce":"052ade27332de87413caf28d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"f228b397830c431a1424aa3032a69e13f8a40463341b6d77bc5a220714a4b818233b2135c94db9050642828d48","nonce":"052ade27332de87413caf28a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"33c957c638d76960f03aaefe0453d7dcdf4a598650d7280a78635473ec1a12f331a14b96908221bcd461f2cdb3","nonce":"052ade27332de87413caf28b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"fd72464503f4b233243c0e7bb8b0e1959ea63b184fe51ea3b53a68ea298492d2c2ac2572ae86a1a8df9b32bfe8","nonce":"052ade27332de87413caf288","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"e21547594064b7fa9d866ad43a5b4f43afb9a3943ff775e8aa2b31d61ba4acd8d2d39ef2256e437fd2d136543b","nonce":"052ade27332de87413caf289","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"4a099586c0d003b46dd549da2be4f7c9abdf4f51a72588c0a8cf56d838cd91a42f42b723a13e839d408685d94c","nonce":"052ade27332de87413caf286","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"398dec8d1d7f87983c1d68ae3d2b2d672e5a82b0381948edb3cd8cfe6aba17868565216a3c235a9186f59df36a","nonce":"052ade27332de87413caf287","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"0c15e3bdec073afe001de05605933e2aad1f9540953127e1c2de06116cd512a56e618c6b0e4460630afc67a650","nonce":"052ade27332de87413caf284","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"5a6144050b4490d522a67c1d76986ce3dddf72ce3b2201c93930cbe4ac1b3805193c20d493a9d94e160ae6a657","nonce":"052ade27332de87413caf285","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"22f56202099bbc71d2841f9686c67900d78d4aeeaba7d127fdfc3ed527a23802e1b2c8d5067be8a061c3e31684","nonce":"052ade27332de87413caf282","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"2f7627601ad5e02709f89c1ca8e988419aac30661988a48c0c381f065f50844c9111f1b399ebef868e825ac73e","nonce":"052ade27332de87413caf283","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"e3d01c85757a17e94f3e6c8120b8f9d84b3e61974757f5be4fb9795580c6c190321761c5922b28f92dff40723c","nonce":"052ade27332de87413caf280","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"7d70fcedadb408b8589c7b93fc67f38614175fb4ec48a7a7b1852382ee84c90c616efffcafa9f067e99dff9a58","nonce":"052ade27332de87413caf281","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"94f8448aaee60accd87f2fce8e6dc49bd7b1f11e72db2961d663627a89bb93c46c6cdb5ba6b597e5950cbcb648","nonce":"052ade27332de87413caf29e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"99165145b1e06b707f8ce28db3c8ba116b16f82ebf810aa9199ded000d0cbac0c682346419e34b1ae8d619bde3","nonce":"052ade27332de87413caf29f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"07f4bb89207c4fa65e2a2eb2be6f33a5482ed4cec0f48dcb3aca223afeea8e7823874299304ff9a2c5842d4297","nonce":"052ade27332de87413caf29c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"0078097b53322ba1bd4001cea031492e6dccc1f84836792262629292c85e4ede5f538bbea1784fcaa967cb9aa8","nonce":"052ade27332de87413caf29d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"33790ec2d0d2ffe7ee261baaffeff4f236c5a4d48fb8b935a070a94e6f8d0bfeea5738a967f5709482c10fd6ec","nonce":"052ade27332de87413caf29a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"e1dc6eb335605e9e6aa93416ea2c9ca7d5c542742449e9dd27fe8f39680cfd183f4210dcce08e1584bac6c6599","nonce":"052ade27332de87413caf29b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"405cbae6bc75664fb763bb895683f6e30e405d4e03755f43a68c028de0b161f5b0f91bbfd4f25d5b142ee5094d","nonce":"052ade27332de87413caf298","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"dfc6f2a5f49f627dfa06ac56775c76544118b13445ebecef0945fe310a1a540a16a863ee0cfe54c3ab9d9df96a","nonce":"052ade27332de87413caf299","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"c1dcec5ab683f5e583d00fb42ce4c45fcd7976dc4781f0cebd8b471354dd1962b2168a763a7ecfbf22abc76008","nonce":"052ade27332de87413caf296","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"cf2e9df21b407b41c7785393a18c038c968b26440a1f41397b5b8dd715c7092fa666080d787edc25e90b25f2f6","nonce":"052ade27332de87413caf297","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"8fb159ca2347972af25c5365ba588dc8f239baec80c11c3c99edaf7398ab33d5da617c3e6b51a6444137518279","nonce":"052ade27332de87413caf294","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"2e171936d125eb6265d8e5195ad90e8999452bf7fd110e367314f1b5e8154cdcf8a63f3c4628ea83ae34611c09","nonce":"052ade27332de87413caf295","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"cf9cf17f67359c8c2828a430c0d45e8a5b614a5af7409ed406611a593ad6bc3d41dbcd39ee53665b11c37ef779","nonce":"052ade27332de87413caf292","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"0fed783a8c6cd9b02b4c57ccde07023e5cee75869bde011d0fdf2b76aa125d7a582cb92fc93a0dba81314bebc1","nonce":"052ade27332de87413caf293","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"7eb33275c5af77e5b2023c405b875acc505bc348bbe2224be1f27a945d6ccca50ad211acb09556dc1f38a2b05b","nonce":"052ade27332de87413caf290","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"d512f883c782b97966fa81e31788cc13c2bddc26ef5bbcb4c77424f53c77d0588a3dd4af9b62e833be2c2aa3f0","nonce":"052ade27332de87413caf291","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"fab54d83ef22fa55b76e213d0e67230de0034113fcc5d77148a4802f434f51ea89cdf3c2ed8ee4857524405d14","nonce":"052ade27332de87413caf2ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"76ea86696823ebaed698df650e38b136fd03d05fa13ceb1e368081fbf3e9c6f805d7a993cf32117aea3e61cda0","nonce":"052ade27332de87413caf2af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"07acb8750fda0994ebba0d5dd908df5e6066ee98eb2491cfce37500ef3f5c1435060a6778ae81a014f829bc6ef","nonce":"052ade27332de87413caf2ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"326e582081ae1a02754fa650a5814c3484abd6f66b5f0a0beeae44354b8a1b98769e0f97bef3e44badeedf1851","nonce":"052ade27332de87413caf2ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"43b1d0469177bd7573b24fe0e3778e821b00cb23ed55ed7757cafc34e96e7c3daa142895a2cb382f34475b7a4f","nonce":"052ade27332de87413caf2aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"6e3837a0a82fbd27a5f6f5e8e5180c9fd34cc04da1260ebf9649a4085a0a40e5c698043a8b692e4fe739010266","nonce":"052ade27332de87413caf2ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"d1b185f2757b1797dd99d619e9454a0624f40fc5d13ae3543b58f804839b2df1374117bac8edd80c0be985026f","nonce":"052ade27332de87413caf2a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"a95719c311fea367c08ed3ce2b13670c59c86b354783123354c01def4e40e3b1fdff8caa19987abfae4504ea67","nonce":"052ade27332de87413caf2a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"521ff3c3a2ec9083e25948d847c7c6ed59f38606f985dcce6f8cdb66ce1e24aa42d7f05f8bd3894613c172e987","nonce":"052ade27332de87413caf2a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"b79ac569ddf706322354bcbdab3584a9173e9d4dcfa7e6353adeb644120d76bbfc614a6c267619d44ad3022cf2","nonce":"052ade27332de87413caf2a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"3a337c0310bdca8ab70001a3e81cff18334c0229b6bc6ef55236f594147fd296a2f7a19e7876a9f2d14178c8af","nonce":"052ade27332de87413caf2a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"7e9c7a4268b7bd1aced385824d766f4f4d4ddfc04ab669306370e91e32c9000f90c54024ed420ba9c0d050caba","nonce":"052ade27332de87413caf2a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"58bb38fc38fb7333b9a5980ef6df66596de11bf8fcadafa4d0d32cbe9976fb04e57c98c80d74a1db04fc848b91","nonce":"052ade27332de87413caf2a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"0190324db58f180a73e8b43b806c5b623c1adaccf2ea63f781233c088077aafab48e00829e7b56b2005a201be8","nonce":"052ade27332de87413caf2a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"f8ca0ba9196f807b58a3bf9811aac6ad4440b5cb5e62c10c6d6eb1ab7d693de5880a8fbf67bd1f7f2bc45b6c18","nonce":"052ade27332de87413caf2a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"48337f9f5c44571c80677433983b31ce3a3c4fba063edd9543df0adeb872128be14eb1eae6167a95340e265183","nonce":"052ade27332de87413caf2a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"35fec1bc8153b53ca5ef38e3c19caecd0b0be3b7b22584fea45e772b595a0578c0ce0a7b0de89842b4c148de5e","nonce":"052ade27332de87413caf2be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"59b44f132a838f8f51ad58be8b8ddf605225ab3f02a2f621701faffe811207f57195c494b8f32cddfaf0fd2075","nonce":"052ade27332de87413caf2bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"5f9271b3a72befde5b8f7547fdbcde4dabcba2904268615d16990c4ce0e67f5f54b02eedec6762cb3c4f61b43e","nonce":"052ade27332de87413caf2bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"67e3aeb8f8d944573b1495ecbf61e75c7385e9438c840f1c46613e463a153f09aaafdc9127cfb5b49953d3bb56","nonce":"052ade27332de87413caf2bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"125f308b1d393d6d0498cd0c3c1a6603992ca66bf2bd3ce8fbd66f72072f7ba42bdebe4bdc62cdaebd7c6dc1a9","nonce":"052ade27332de87413caf2ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"2cf89a6bd52a98b3c472e4c4085e189f2b51abf55d52293c1db40e6006054bfb7027c1ab68789ea6a9e6b69212","nonce":"052ade27332de87413caf2bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"941f5f852da749d75d77b98ac28162d36b0399ca1f460eb367cc0206a7318e8fa3a9969d3163d4e3d422f9985e","nonce":"052ade27332de87413caf2b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"75e91d0ecaa320279bbb7c48410249111586f1e141ad58c4b44e9b4f487fba97f854a1a720034a424f0fa266e9","nonce":"052ade27332de87413caf2b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"d57a833000da34681bb55838d7e0ccbef659e299afdd8792ab363d6f8098622bddfebf2c30474452a4e119ce70","nonce":"052ade27332de87413caf2b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"ed14fc254cc9ae45001fb1900a106a85befe4157164abc68619df41aeddfae74c74ab76e832e2a45308d9ae071","nonce":"052ade27332de87413caf2b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"bb7b3fa590a85a0f078fcb40ad98f344c1aa976586430d60a90d53326ae365a4b0cd75a4415dd1684ea75a9094","nonce":"052ade27332de87413caf2b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"27f76261271a429b10ad1bb1203d36f32bdef504a02ceff60c30a8485efa9ecc13832540a0d1a4a50d5bf18400","nonce":"052ade27332de87413caf2b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"8d27cb3731fc0fc3deeee29270341fed6f16efcb131933a359cb7113f05f8e05e49b9fc779a28b9c044da120f7","nonce":"052ade27332de87413caf2b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"235347c0a86f135e0a38761f8dd2b57450a1790b05a08968c87616c218e18f9fe2e990ba420dc3d45545667edc","nonce":"052ade27332de87413caf2b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"feb689cb6a70f772d6e2248849f48ca9ad207b08b8a11f4ba69b8fdcaa4009f22485f0ecf411147635ee65a5f8","nonce":"052ade27332de87413caf2b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"05dc0951005b1c3904b9932f4224e2afc9b5162271a1c9b5adb7f6bfb8940b88075f3312b8be978e833073b669","nonce":"052ade27332de87413caf2b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"6c7f4ab6cf4248bc106c4d30362fbf56601fec038d6dda9cad9b54ac9d74761d3800c7be4a1cdb5b8f0cefdc9c","nonce":"052ade27332de87413caf2ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"47efa81d10226c57b83376cee792940adbcf400eb1c91e61dcda46f32de4f5b084b96009f7df4adf5bb226224f","nonce":"052ade27332de87413caf2cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"00fdd95e507dc5a3ff4c7f43fd2b59387e27a2c8ee38eedf657b72b346b0f453b852a65e439fa7f1d3b1da756f","nonce":"052ade27332de87413caf2cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"79b4014180cfb13fe7c97485115662df51e4a94b9d8e5ab9ca3a844fc01e6c8c20506a3e8f75b0a91460d6417a","nonce":"052ade27332de87413caf2cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"c37e32df2630d545b4774e92b4608c5b5459c3f07d9a541c3ca22235cca9c83520cfd0cce4ce222f3617ac377c","nonce":"052ade27332de87413caf2ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"ba5e32e64ab5659fba908d5bc87ce19e74a56ee4dba7426e9333a4cce45e3c0495b76db747de27387ecda112f6","nonce":"052ade27332de87413caf2cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"d4f5973e7e76353728f95680927dc3153dd2a915c538367b7582b09b2a33bbe148ae0d647242d5abf351cbc0ec","nonce":"052ade27332de87413caf2c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"4caffcb97187345eb04759f83b8c84c261404a73db29c74b28d0c0320e63af06153ec7e38104edef734331cf92","nonce":"052ade27332de87413caf2c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"3307f5a213a812ea81ff3290257092be4808d471ac786d8d09bb611231d585d951f3c7512ef3e29465d866144f","nonce":"052ade27332de87413caf2c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"1d7df519ed32c40d806430161ebafca895a5c6b5e9e226470c6da093a3638ec9e59914d430784c2a80fe826bf0","nonce":"052ade27332de87413caf2c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"321d02cb6d2475a2935a5e3f40d90fb0e89b15819510b4533ca8625bf3e0458fa799ef6e3f6794f6b826e7f0cb","nonce":"052ade27332de87413caf2c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"74c69bc4ad777aa035d884335b84f66925a16406e0f29acd235423d78ca6f614262cc525ff80c2f6fc9fc6f57e","nonce":"052ade27332de87413caf2c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"58d8f4b3ae456f4edbf5e4ae4aef910d60e7bb108377503031cae870dd4a52cc5f50db6d648f62ef0f1ae1af34","nonce":"052ade27332de87413caf2c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"5597f12257aeaa3b9b4d27c5cb1a79a84baea1d767558d38b114196ca96413ab3496c47414ad42150c5ea0e122","nonce":"052ade27332de87413caf2c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"18bab546bdb33573843d75caa79cb88095fac2f924b271437f8a596c0953df903c21d4fd328b8f657e0277031f","nonce":"052ade27332de87413caf2c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"9b9555beb6ca9510ef70daf8fc42dffad9cfa363f487be54b1d013741d0fc42bcdae19c26a56e5f9eba24fe4e2","nonce":"052ade27332de87413caf2c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"b1ecb129685bf4da5aaaf0da51e81bd0c81dc01099540942a73725431f8c60736fb965f65b182d46d26d488aba","nonce":"052ade27332de87413caf2de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"5b3c3d50e3767602984eaeac28f59f8c420d6090dc59cda085ca70f62f8812f573e2a08c7292fda048e67a3703","nonce":"052ade27332de87413caf2df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"2135ebde43b0b712d85544826844cfe9f79c1b1ade8e2b7725d6e37fc136e84b03971fe81b5a7ad39ea7eb03d9","nonce":"052ade27332de87413caf2dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"5674456e3f5c82b9be9dc807e10e29e2b917c0f2b089f3053b8b8ea15c57a85a97c8a30ddbeae788c025d44b20","nonce":"052ade27332de87413caf2dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"f805317c7c1ef0b78a00afc76f234db1aa0580469962815ef9da65991525cbd973f4444ab46f2c2e482abc0e6c","nonce":"052ade27332de87413caf2da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"7eb9e5a0d09abb0744c0414bd0eabeda10dbd4246a720d598f0fb097460205dedabfcc431ea5c1cd402c7fdd25","nonce":"052ade27332de87413caf2db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"552ed2580f168baa657e7b4dda6282cc70d219eec1cf2ce08f37eb8de5353ff1485cf2462dd0aaec9b8360d2fb","nonce":"052ade27332de87413caf2d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"c7045a9ab0f55cb626efa06764da61623fc42116a3ffae2dc139e74419ee51b13e63e40d12c90a788063135005","nonce":"052ade27332de87413caf2d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"8fc6cb4234c1c6ec24a3fb2f4c39f2c973cc560c9f4deaf222ad761c4db6a6056e6b008c2904c9610c19bbf793","nonce":"052ade27332de87413caf2d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"ac3c0b9a1a04f978cfb9884aa9040d99c6e0fdad84a788b618ddb1464c778eccee92b7b8ac5abe322603f76cab","nonce":"052ade27332de87413caf2d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"0dd9fb1db1e4de29aa18b3502ea528315c2129e6b316b678cd98a1f2291d0071bf738f3bdd47adec2ddb1fb176","nonce":"052ade27332de87413caf2d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"01b2afb4caadcb471b92cdbccdee20aeb8da179b4fc1452e242d975424c683c6832f4593d97b19a3721071474a","nonce":"052ade27332de87413caf2d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"131947c2f3272632e961e3a9b6abced5d21dbc5f28985580c7fa6d90c9aedcb31fcbc9961d37ddacb79cf49610","nonce":"052ade27332de87413caf2d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"7a4b4f3b6cd28d1959430c6c5ce202059e75dcd465ddba774bad92d0f24c573278d3be9884f69a6f16bb788ac6","nonce":"052ade27332de87413caf2d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"e5cdd86757a056a093fb257014a2ba2001bd562cf5c495be3ca685fb9bbfc3d1c9651872973dd64385344a35c4","nonce":"052ade27332de87413caf2d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"3f1e9329327078d6b672b201a4274092531ab71edade8ce0788738fae62bf4aa8b62a9b7bcc2f602af33f11e13","nonce":"052ade27332de87413caf2d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"ffbb63e7caa4a5f59ab333e2fc6bd169fc91593e8e9a9b523dc759caeb8f07148c730f92733cd64ead221dbd44","nonce":"052ade27332de87413caf2ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"56e43ad3a172ef2c56f46783b47dd02276b052fce9f4334e40a7c67dbc31f13d37c699df6fb4d35e62a6e0d725","nonce":"052ade27332de87413caf2ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"b24f6442db08a2235dda0162b8406706b55028598b575ede52725f56d0d83011abd5d1b337687c5f5e65daaca8","nonce":"052ade27332de87413caf2ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"e11c2329d1aff7fa3452bece9f08dd1b50a621327c6711fe35c1e0c6cbd019bc0ea2d5829686ec39445344cdd8","nonce":"052ade27332de87413caf2ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"2f4ba84ba8d79312694522fd1775d366f81b7d4ccb8973c0011945665ffe44bdfcbbff569e7c05b43d4e5cb1dc","nonce":"052ade27332de87413caf2ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"8d92fe681d65c8470ef30444858868a4ac7b9aa0b38bdf80b81be0e3c56460989b95ee763036eae9fc12aa9325","nonce":"052ade27332de87413caf2eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"6a0ef848b6624eb0d6d0ae675fbead0fc2ddd1795f437ccc2f2c10fc57bfd871443f23e365fdd828045e832750","nonce":"052ade27332de87413caf2e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"a9f7b5e576a753c601b893bb71bf44d9666e2c6b3d70b50b8f5a71636311339ef44c8c116fe93c6a74049a52f5","nonce":"052ade27332de87413caf2e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"7df4d73d0c0178a79603e7005487a3d8c178b985b2134d8825af6d1bebab98779fbb09d8e7c117e2858ab69e24","nonce":"052ade27332de87413caf2e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"0c85735576362c8d4c5efd0b22b8498eb0119f6c60314482170716c7169cb8fe4cd8234bf8ff517f9b6fe25285","nonce":"052ade27332de87413caf2e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"55f11a5426b331627c346a90075fcbd10f26c012b03c970da658cc794c3a22c30b4313b6f683da8b47af139f85","nonce":"052ade27332de87413caf2e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"e6e5a8b79d43733c02ec1c69999162f4914d320dce4df0d118b1c292982ce8ca2c45e5c5c6c8d1f3021bcd2023","nonce":"052ade27332de87413caf2e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"3f23dea644784bcd7449281f302368da304a60cae3f8ee33f4ac271594306759ccceab155c111075a72088f3f9","nonce":"052ade27332de87413caf2e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"7eb26864cde6a2774e5fbb0e80a3333e31e9e6beb9201681adea22a4bc9608124dd9fa9d07bccf85c142fddb1b","nonce":"052ade27332de87413caf2e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"c0abfce00834f909e4f7d90e435ee1aecc53ec7fa476a1564f9a725de08cd6d9a40d8ce056995faf45c7f4ae20","nonce":"052ade27332de87413caf2e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"8c04bcbd967d6c3b607ea41c0170a8a1b7900d26ccf8be362dd1fec1a89eab9bd1fde88b7a732ddada1b014bb6","nonce":"052ade27332de87413caf2e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"9bde67d4597caa04815f860888fab9a31e071ae41d882c5002dfc45d291f61d534e8bcdb309f5e75319f538ea0","nonce":"052ade27332de87413caf2fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"9fdac5b1c8848616f85f9f3b073afeaae6e43d2dea966a0448ad1039e680c761868a7849e5ea4fa730e01eb0da","nonce":"052ade27332de87413caf2ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"72ee3c36c112778a64cb1e5d1a90ead38f8d645b58e4c5f286009def640a13410102badc1c5860d51c9262b32a","nonce":"052ade27332de87413caf2fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"4e4e586f14d634f4ae2fe4212f4a4015351dedec88a8010086459814e67f24ea5704191bc9fd3653c82fe4a7f0","nonce":"052ade27332de87413caf2fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"a8f8fddda46f78d00ce258336f6b126fd28986fc71a5a422f95500d05ac3a7a132eb160b0b7f6cb95314b18bf5","nonce":"052ade27332de87413caf2fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"cfc43fe6227e9d0e758cf34efcdfe62629edffa88de0d1eaa4e296039ebb09c73cef5b8ce60138857faf287f7d","nonce":"052ade27332de87413caf2fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"a91bc63e938c467fd592ed94affeb22f0cc7bf6babd3915575fac6653b17c37a40e66c93c6f20de7d21efcd0fc","nonce":"052ade27332de87413caf2f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"dd43c0aa8ed01a1d0c7b9aa474a12f336229d82b062aea66fbc76b89401636d11d76aa94092ddbc31ecf12f100","nonce":"052ade27332de87413caf2f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"f708d83158fe92dba65d6ad0f7d0b271cc8faf762d5dfdfa77c1a1b881784704567b7200fe39c126252c00ef10","nonce":"052ade27332de87413caf2f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"abb1ac81b2fb580369fb8aa66c2ec69995eea6f7c690bc0851bc55ee915853ae5bced7cccf7d11913a9934ccb5","nonce":"052ade27332de87413caf2f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"1e6607c188f2ed0850750c3a178544ef72b57d08b48d2455d52088a33ce8b845790757faede80838933a32478b","nonce":"052ade27332de87413caf2f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"1aba86fc206dc54cc8a5c4fa1f4ebd9d0063b5850179cfe5d02e33367adb270f2f1f760add8b06104d41801134","nonce":"052ade27332de87413caf2f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"ba446ee9c67239e1cc081681be8fdd5c91a79b43e98896daed2e72d2403aca0627fce7cde24f220931589d8069","nonce":"052ade27332de87413caf2f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"2354967f838c610baf048400edb4102c67230ed04fa238929f4649c2fb3d29ead3332dafb0275f8bae6e9531c4","nonce":"052ade27332de87413caf2f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"78c7b23e0d9c5db9f8877154285597eeae90f03e816b65539efe973012f72ad81cb3e10088b559d4ec424b9821","nonce":"052ade27332de87413caf2f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"466755fd0cbc5c4022f1ed1763d8af8b1a86d0eec14f9844872dbd1b2047b2b6cd31069bed3b3aad9733799c7c","nonce":"052ade27332de87413caf2f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"39cbf15b9d4ff817b05c7ed739f5320bd0e60605963185e880fabe84b895057d2cb17e0120894238022fd6c4ed","nonce":"052ade27332de87413caf20e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"f57f428704520ab97c7b5ff9383bdb55a6f1fb1898ca305cdad751139b9f22922071c6a5ff13cb8f8124e6b664","nonce":"052ade27332de87413caf20f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"f5f87fa20548e77ba5fba02d95a35084025761b86fea059d0ba7c2b25e6b5857cf5be0387a2edceb248e7dc37d","nonce":"052ade27332de87413caf20c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"5dc0c14b53d96fa729a0ac1067bf47ffc5e0c15bb76a9d30fa895774c29f46f9ab32cc203f0a688d878a594d8d","nonce":"052ade27332de87413caf20d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"4d0152f2cbfc548797fd30dbec3676efa028b3ff0f29bcba02d5f490ae5cf0fbe175bf0e20883c07869e89da85","nonce":"052ade27332de87413caf20a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"19c358a2f6583851543042eaafdd62a8339c0cfe378a3824f2b9c4a92f1804200f07f9788539fe4f77865a7cc9","nonce":"052ade27332de87413caf20b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"505d5e05010714223f4c876019d0da2c05f92ea979a1a00656b8ee135352ef7483a314c44b1f114120ddcfcff2","nonce":"052ade27332de87413caf208","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"818ac96d42fe5d942ec08a1038b22f099646a12dba605219915752c9046dedc7d00d22c5f35f18fb49ac3f5d0c","nonce":"052ade27332de87413caf209","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"1d165cd3a50b4a1a21efa7540698695ebab48aac626c7597e43ea92b597c9a30e886994af750d1d27daeec2cb7","nonce":"052ade27332de87413caf206","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"f3158e1dc11e1f3e80cb107dd6526694a480aa4879441c90eff9a0a2310805b02b6e6e0a86494246b60ba80659","nonce":"052ade27332de87413caf207","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"af82102169ad1267b6d8037456a2464fa56e21a68f1774ea15e98e10847d6febd2d37e4f2a735d49650be00839","nonce":"052ade27332de87413caf204","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"0c2cbee77ec3962cfa0437f2d858149027c7ae63bb9f1f7499dd400aff64c35512dced47fffb18b1a829a4001b","nonce":"052ade27332de87413caf205","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"241d62699a4c7ef016045d396efc1e07d13cfdeb205ced155c591617d5a76496844a632cf1b12b624ef21dbda2","nonce":"052ade27332de87413caf202","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"605f0e4d63f38e6c73100c19cf1be1f6d42c18af2cf4f2d5aff2c1ea238b3f0b4c9647e0ba4c48ac952404614a","nonce":"052ade27332de87413caf203","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"d485816b3d3be8550b4d63ec10e0deaafdb0a44c514fc7e161e74837053718a89bbae467da7b4a43d378888833","nonce":"052ade27332de87413caf200","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"3fdd8b7e696ff86dda3c16e6f035b1e72e74defa5f622000088e0928e8cb87c6902d770d99b24fca126deb04e8","nonce":"052ade27332de87413caf201","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"e5acfb8b3cd60c529036c6af2f9caaf41c731a08098cd51c48dd6404f8e2cf576e49bcb027a73c443bad73f513","nonce":"052ade27332de87413caf21e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"beb5fa1efd75f6229ab1a64373a6c19d1b760a87fd869696078b5c99cc017909c4cdd91364ebd7d0850ee9ef98","nonce":"052ade27332de87413caf21f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"2ac6c3ba83242f33a34681990e8d4f41cf35c65f181dbb2307833471e4716a090c5fe11f6ac53f398b7a5470ad","nonce":"052ade27332de87413caf21c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"760fae5bd54b4e02ea9dcafca5b84006b4724fb40c39ed6065cb0d43b30967877defc2368bdc7ef9355880a8d6","nonce":"052ade27332de87413caf21d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"05558d7b52beee6b1f2371ac2c8e2856da168897ff04a87733217e74cfc1c4ee01b5d1af91b9843ebbcfdbdbe1","nonce":"052ade27332de87413caf21a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"e4813b94d719d716f348e60aab3128dc77121e9e73febd605d19f0daf9567811eb3c07e3dfe2ddaf1aecc75cfb","nonce":"052ade27332de87413caf21b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"4b4ca1399cd5ac28da5783d68a3160c1ecaa2d2c2627097afda7aca275548af76bf148999c866a23e77ee5d22e","nonce":"052ade27332de87413caf218","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"a95654348d6a7081ab3f4990e4d14f2ff703c83ce028d5d7e60dc3cfa188077ad453de7eeb7f169a0495029b6b","nonce":"052ade27332de87413caf219","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"131d6296e12f12458a08daedcbc389a89bf076eb4b4d4ace540eb64b865208b018a3574caf05f99b92322397f0","nonce":"052ade27332de87413caf216","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"011c077896e22f4ad301fadecd9a4f921f0282c93129aecc7c5623253481e96d740a83330e0d43998da666ec80","nonce":"052ade27332de87413caf217","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"4218774afaa2c40350983b4ec1c502277aaddbe507b21a2bcea5982beeb1ba6e2b1aa502645c09d0cb5e9ce4b7","nonce":"052ade27332de87413caf214","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"32e9d5a51c2dbe05c9d867e3d22cb93eabf995ccc9902820e1ac10825b0f4469d2a801227e2ab5b29ca9bd3d82","nonce":"052ade27332de87413caf215","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"443d4dd41437e21b2154c31e1f0c62fcbb07e7186cf1b0d41aed932194492114f61f3340c6ab1bfa9ffa481939","nonce":"052ade27332de87413caf212","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"145ac681e58200ecf69ab0c31b0ce1e8df914d235ab7217f0f30e0c5b0a9b1eff6a22a0f201fbd7496173bfd93","nonce":"052ade27332de87413caf213","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"331f10877131e4bf81d41fe592de651d2a4c022253b783f2cba28269a9beb3adc2db596085676571aa194e31ba","nonce":"052ade27332de87413caf210","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"db53b59c5bd406021da1c96f1969fa737a98459537f1cd22590637cf1004f631cc86a47429cd07a459b6957915","nonce":"052ade27332de87413caf211","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"02f491418a45f911e84b44a22b8afc6a3a9b9a9c465840f8d75844bd60bfd0ec89589880036a5962116ad00ffb","nonce":"052ade27332de87413caf22e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"fcff3ca8e640d4db8e884f90c643505d34954b4b326f74651d2ef4790ae52291b8f33e8647665f84930c859e24","nonce":"052ade27332de87413caf22f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"76c1635bd52f1cd3a90045dccebb1f0aed33c3bd48d594069fa9ddefc2ae6b7790ec8ab74b436e472ff2425874","nonce":"052ade27332de87413caf22c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"698c340a75a29e33d041ae2e98c98539f995476e657d697097edd453224cab9fb9aeeb656ae7f8d5fd16cfd79a","nonce":"052ade27332de87413caf22d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"7162f85e4c4e5260d540669f2409205e333d6429ae5dcaff9ff6c70efddf4b4f9b35bc8213120b079801844936","nonce":"052ade27332de87413caf22a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"fc9a099cba1eb272dcb3e01015898241a4d5c9632c77acd2f7b26f690234b70b70eb8c949ec30753b1191aaac0","nonce":"052ade27332de87413caf22b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"f10f68f5bd3e0be37d2e33869ac6b2f83862d8da0ad5a1300c6c4f54dbfa3fb361840ddf10bcca4d0c22c4e2d7","nonce":"052ade27332de87413caf228","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"1d063ccc7f9a81478565c31a2ba31a5b2cb9f6e380c10e8c81f1c0f18d7dd15e5f34d82fa8b9778f3db9bca905","nonce":"052ade27332de87413caf229","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"c810f3e761f69ac26394fa451cad91166988f927e77287a2101799f108226fcc55ef40f22f315ea239488650a8","nonce":"052ade27332de87413caf226","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"65c9b41220f90e0a4fc622859303128b3357d1768f62d993f99d69c8011c4e3df1114acbdac9391ccf027ece96","nonce":"052ade27332de87413caf227","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"3c5a358838b11b097e2a1fa1ba9cf5f29da435ac9050fa4dafdb731249b5706e42ca78f09fd1088cc6d67695e6","nonce":"052ade27332de87413caf224","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"b1e74973e07f5c41f245c40d1d62bb695c3295fdb6c96a28c83eef840e3829444e6522606c2bc1946f46dc0fe9","nonce":"052ade27332de87413caf225","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"72f85bef6297e9ad4cf304d3a9944f3d537f8abf636e69f296cc5fc2f974e5aaa53153c05f333b4b8f0a7d5b2f","nonce":"052ade27332de87413caf222","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"32f445d1af58305bd86706c73748b7986fe6b0a2e5137dc89c2eb5ab29f225dffa7c30dda1e4bcdab1da7c52d2","nonce":"052ade27332de87413caf223","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"d9fd147cd5e8690df70fbb75ff810462e460dc924f69f10bc584b1b3b571eb7fb1c19a2457859122a10d99335f","nonce":"052ade27332de87413caf220","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"404685de6388c655cf8e85cb9bea996d5abb5ba07a74c68845f36b11962586b7a72a4bcddcc62070ddc8d027bf","nonce":"052ade27332de87413caf221","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"d261a9affa970fc0f9ecb149251ebea8fa3403bfc3110b1551a9ec0af09fd1298b8200164103551c478e1addb1","nonce":"052ade27332de87413caf23e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"ce7ac7f42825a04b1af427316231fb1197ac109d6f9ce0dd7c4a6021fb1f283555efd4bd51716dd34102d3a6d5","nonce":"052ade27332de87413caf23f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"26b4d6e12edcf4c0680a7c4445c4d55d3fbccc621bcd3465f0cee501bb59273c911205cc9d30776887f06c6281","nonce":"052ade27332de87413caf23c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"98067b840553624992006f402b41bde1c60eb76eedfacefa72f140c6a23bfa775c6f9e9b51d59cd4bcf5150031","nonce":"052ade27332de87413caf23d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"81b5ce96c52b51905a8f7a21af6768bc0b0d51985998a0598a13af18750fda84433f6964bc669e072b2035d8b9","nonce":"052ade27332de87413caf23a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"5ef6eb8fe4b4174cd0ca7f6a3cea4221bc4981f3dc9f573275b0a069d252a5e4fc63fd7b2bf7728bb86f30ed32","nonce":"052ade27332de87413caf23b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"803f85cf5de56f01b417d43069e2255b2d3c96be60df6d2f5461d428afaa2307f7b3ea9bf288b930622d1b06cd","nonce":"052ade27332de87413caf238","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"dab9d8b6cba2b12164d02036d07184c18b6a988f88431454bd0c2bbf9132443d50e536a3f0b33f43d940bb8041","nonce":"052ade27332de87413caf239","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"6527c327428dd5d091fd2ee073b0f70059b7267d1542016b846f96fd0436e3255f3eba3ef7926edb19303b1b94","nonce":"052ade27332de87413caf236","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"8d55199314af736629320b39143217926ea07566a8d329ce539d7f4f235cbc1d3f7cd773bfe3963bb9021cd875","nonce":"052ade27332de87413caf237","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"a9c388641ecd32913ddc901fe893d16537b6f30a1b626a0a9d17fbb0f943dcf402a2128dd42dc8b7a5a7817ce4","nonce":"052ade27332de87413caf234","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"0cdd2f3b241070959aeae6d292decfbe06b0edc05b1f37c34970e0ef5e7178d74a56791518bfe75fa36540ded6","nonce":"052ade27332de87413caf235","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"1fa8187de90e32e97118c6595990ef929a3b3ed3e5e449a98d3860931e65a5da9aced878763864cbe467ae1a3b","nonce":"052ade27332de87413caf232","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"e04c30f8d60dde03ca4d5e28a837eb9656a4c27de48084d80acc76d543b494aabc701f42f855b8b8bdb28fc220","nonce":"052ade27332de87413caf233","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"61a7a175e0ca84615855194165982d33413443ae41ac4527537d9d2d8588ce234050ae480826cb802701ad8552","nonce":"052ade27332de87413caf230","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"54cf3d8f5e1cce1f5fa7007aad35f736297ece313463b0dfd59004020867330497d257de8d56626d1677299373","nonce":"052ade27332de87413caf231","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"a6b4e38c6a1d88b92d3188c8346c518737ffaa1836452237ddec408cc33fdf3d550343e425d54d05eeefc291f4","nonce":"052ade27332de87413caf24e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"a01c88663684efd2744691f9ee7c5bcd4e75290756447bd99e0050ff4d7dea98559ed9956f5e98922e8b55ce9b","nonce":"052ade27332de87413caf24f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"2299e9973db2d11ac104e6521548fb2e28bd63ac14e4289f9ee68f17089ccd512d60142022b209b3dd16eabc25","nonce":"052ade27332de87413caf24c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"cc14749ac8ee729051e20a303edc00035171a25227545af878bb86e8ef695d3c17b1ab79ebbb566060f05b9a9f","nonce":"052ade27332de87413caf24d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"7e85a2ba2bdebf1bc262c2974c35eac36c1f122378348b85253795aed6a1a72aee16a15f83dc79e08e31f17b36","nonce":"052ade27332de87413caf24a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"1c8fb47e2550cc339a6cfb71fea58376f031bf2ae1c0b28dc833773f479096d91479817cd1b4243ed8fae39095","nonce":"052ade27332de87413caf24b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"3c950927bb1cf0363fa72405572cfb6fa511faaeaa44a20b021a470c77e1e9bb6015eaecfa987973229faec0f4","nonce":"052ade27332de87413caf248","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"61884131f8071167d55348cf4dfe6df9d93d424ef64d32d0e40904fac064da7cb0f50998c47d621380f729ab2e","nonce":"052ade27332de87413caf249","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"a7690c23e38ac5a029b468ebfb5f3e4aa92d22adc8c4efd9a64758dc92d36389aa9f253810f19fb3dbef98abcd","nonce":"052ade27332de87413caf246","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"e0145d88a4fa8f9280430ba5ef5ec1c26cc0077e79722ffb30438b94f42d7956cfcc869da4f62b1d015cf01b20","nonce":"052ade27332de87413caf247","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"15f5b75a1c549eba455ed1d77b74e7ed09772d4eb88c0446546c0aa2ba0643a84e79b55484fc42ea473cd6b027","nonce":"052ade27332de87413caf244","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"c9c61364cfbf243bb57a0127388ed3b57a3d6347d488d7becb81812de341f0624f32ee9a6828bc130693944b66","nonce":"052ade27332de87413caf245","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"0643920bd872e291d1f8ac9192324cf122b7fce44d5c3f5cba905cf66407c5dcccc1d406708a631493d5d2f2de","nonce":"052ade27332de87413caf242","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"a7a5774d605ad63f5100dddcd4dae24f0c836d3767a2128936e296e47ffccbbdc979f2fe4c2145b730c76161f2","nonce":"052ade27332de87413caf243","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"d41967407728c5a76f094f0503afac0261b1aa77f3776ee56a2c5559258343ee5962a9bc5360525c0f3f94afbb","nonce":"052ade27332de87413caf240","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"63d7c90e417e275f012f0ca41538b61c6eb7c561377c9cf537c5784333ad2f7eecbbb810e991d3193f8f97410f","nonce":"052ade27332de87413caf241","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"81fab86b38ddbc4d89f740a2d01d22aad5171352e2df842d170534816cbd435cb59aa950325458cc0caac27ede","nonce":"052ade27332de87413caf25e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"eadd89e130a3eb3e993edc55bcc0958a0c8618c9dae8d514d1887ffdd505820cfa487462150d1d14d43999ad29","nonce":"052ade27332de87413caf25f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"92f5278042b72f41cabd0f87be7bc750c230442e8cb984ecc5382484ba48a1928536ad9135228703617f0a1fd3","nonce":"052ade27332de87413caf25c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"d093cef9aa20d7f1a7b03ecb9e2365fee1ffe95389e24432188f33a29ca368061ebfac7f63a84ad57d61875489","nonce":"052ade27332de87413caf25d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"054df66555ea461055e4612c61489f6a8d29c721cb7ed34df35feeb05b51e13ff25b3f71a2d84b3a521803c4be","nonce":"052ade27332de87413caf25a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"c7ae4d72aa0f95384aa01124755362d9ef5e7abbac0f53b21bb790b67e6ebcf1a4663d1cfc211b1784e5c73fbe","nonce":"052ade27332de87413caf25b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"1796dc1c417b11e968db81dbe6d4785a4fdf9cfbe6a24f44c78e1651d8f4ab651a786868ccd055f20233dda775","nonce":"052ade27332de87413caf258","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"57b81b0403ce8914a01202364afc9aed0dc200798d12e02ffe39e3fc07e426e53bf6acd39e99ce79c6a49a657f","nonce":"052ade27332de87413caf259","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"2d43f2dda3635b6fec6bfe979da823ac0b5e8a2c2196a020781a048d510b6c1824fae80fad8a50e3860fc17c89","nonce":"052ade27332de87413caf256","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"3d1b3b14002c52204f99427fb2025af47eecc609fae76f808f241230026f818d05e79769bac804d65bb2833b34","nonce":"052ade27332de87413caf257","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"05e0e0e94605b541d118e5e78e873c04a5fc916de76f79cec9ccbe99d510c9f4ad6a2bab43a35f68788248d310","nonce":"052ade27332de87413caf254","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"9ab371a29875279edc18abc7987f4718c041729d94cda509a324647f79e315a31503d4547ca33f11aa0d6dd09c","nonce":"052ade27332de87413caf255","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"46c7fd56b56e75215cf2ef6e610c50fbb5f592f2ed24f42a961c8df8ffd85b408edbfa280a8e8c057ad39f5f2a","nonce":"052ade27332de87413caf252","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"3724c4e4edce060ed2783a322e7b875643f6a4b7305ac8e324bb08d0e9a796fff22a30ff4fd278c522414bb221","nonce":"052ade27332de87413caf253","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"eba0a6a6045f8cdf970ef9ab0cef549ec40c36cd4861685e7b6ec6ec8a1be6b02712959a2490c763a5e2e1fbdf","nonce":"052ade27332de87413caf250","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"84e2aee6d74b17515fce6da378612e5b4460916be73da5fd3179e54f39cc1ed7b43cbae47e64b501a982cd63e0","nonce":"052ade27332de87413caf251","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"2926b73314d7c6e1134b4ddbb52a9a8cb5eabb98a2c15dcce6eacae27e5e20118bc10b13f11009104532b95720","nonce":"052ade27332de87413caf26e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"865da642f3c7b8d72aa573722e6e585f5d4ab78d750d1ba6d7f6a1262a547a7d43c41289fb3dde185278a7b2b6","nonce":"052ade27332de87413caf26f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"3c1716611b1871cab5fb6af1667d0781f4cef3db20c10a1387379631bb39f5002abd9b059d52c4b83ea0c2921b","nonce":"052ade27332de87413caf26c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"48ab910f8c3b7f8db9e241e7f8a08a6f1541aa879947734df1333e096e897912c195d56bfd96c5b7d69d862b75","nonce":"052ade27332de87413caf26d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"a917a44306ed98f831f6fc8b8b712dfbd32c03b22f1750db5a9d2465187d8f41d2b4a6a7bf1025ba065a9ea6e7","nonce":"052ade27332de87413caf26a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"7afc521274772f057e46a81b7fc62abf4f7f59cbac7059402cd5962b23a380cb8976b8ac4bc8cf51d532c2c0c3","nonce":"052ade27332de87413caf26b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"085ba95d5d869f47127aa4c2badb6cff1c88b40f6bda2464b4cd537cee01e1d2c1b7777df66fa829684213f25c","nonce":"052ade27332de87413caf268","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"79c445189f0cb2b0727c0635a382685d1a581884088021dcebf547ab060328ded6ac098ef40b815dc1f0ebe810","nonce":"052ade27332de87413caf269","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"5859e35e4ccf3172588e89f03ef4e0ed74e37a2ecae3ccf8a59f01ffb0e958a4db5b64df7bbe471422ea86cd98","nonce":"052ade27332de87413caf266","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"6604fd8b4122ba21555f3eac452937c1583f3b2b078884cc3783bf00c2f36030110c0ab8259e39974e1d805aad","nonce":"052ade27332de87413caf267","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"e72d7bca221a5a69ad8420de0112a69d3ede7bdcb1173b516c7c4018b3869cc844188b56c9571ab3d256157c1b","nonce":"052ade27332de87413caf264","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"6db83d1918021a418f4762cd498246e025aa253c165ffcb9e10801818550b065f74254f0333b736c481d363e08","nonce":"052ade27332de87413caf265","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"b9ea7f873aad8aff7202b91e7dee1ea7d37c9f76153fc907339e52be09d12aaecbbf9f6563a4c8693677c0bfca","nonce":"052ade27332de87413caf262","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"64f6228abba44e5ef1e11f04da9b365047a19832925f9a79e9f4e3d2ae19e9aa963174b460c050bfd980bbef72","nonce":"052ade27332de87413caf263","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"f3fe1b7ab88e62f9a85bd7922cf41c048da1a53a7161a00aa7c8252b53ca5825e77e163b903c65fe50bff9100d","nonce":"052ade27332de87413caf260","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"5d9bdbbf79c0616b4146fb8c2fcb66aa68c56266db5589fac2e5bfbac78c22f5273eac3d8326330b7e7ed23d3e","nonce":"052ade27332de87413caf261","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"29aced4b42bba786a45d904a25307491d2cadde83c591f2f99150378183be9b4f15333e41a4407cd8a8942e3d9","nonce":"052ade27332de87413caf27e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"76b6a6a5aff08578e71f1b57117829fe71f00d21193f41ae9e34a0bcb6f82cc2c39e2ae6a420cb718e5bc4e2e8","nonce":"052ade27332de87413caf27f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"9e16c6ad3817cd75b80929eda988c195459d29a764f21240f7317ac1e8438d7ac6c65f05a50d585794e1614b4d","nonce":"052ade27332de87413caf27c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"27e9003334b96b6069ebb8ba7aa8e31182ba171aa6c913f9fea2b34bd88523ee1aae5e03e02de9eb6daf676aa6","nonce":"052ade27332de87413caf27d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"958a16614c503727d734c0f685dafe83fc2474b05551da3ab920ecbd46d8f249ab22dab38d220db2354710f188","nonce":"052ade27332de87413caf27a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"89b8f1fa8d25a96ed33512599c706ef96ab8823588571ebd8415b04085ebfc56bee144c4402a50861e1a6c162d","nonce":"052ade27332de87413caf27b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"5d06dff93078c5cb43bbc26fcffb1e49dd9278ca5e48de3a77ddaf1a1f643684f497f1f986e27000ab05be1080","nonce":"052ade27332de87413caf278","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"b6145521899b9030b641861d6087a9e91a940b59decb6f3a9ab7d9fb621766f4b1248f3edf2912617621f55f4d","nonce":"052ade27332de87413caf279","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"1e4adb1e893654409f9e5b0a4cc02daa759e82a3d419b2e56ce3e80b554a2fe214c21255cc01e58c72fd602747","nonce":"052ade27332de87413caf276","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"053aebc0150e654ffcd5a3ad11bc87d4dd91d1d75db49784f6b0dfffe0a0fe937b4e9e5639c09e7de18312dbd2","nonce":"052ade27332de87413caf277","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"d7ef40b210e83cab5938f5a54e9ed238f5050a027823557857cb61851f4f3f09c5c667dd1828c519d713d6c60b","nonce":"052ade27332de87413caf274","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"11dd85746a5b01f02a59f6ead1276ae181e263c79a763e46b5d893adba547d998a007ee47ec5abe31a6a4eb574","nonce":"052ade27332de87413caf275","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"5c7566d8b9b8dc6065bd35dc007ae943e00748e976934dc506e612dd901a3b6f0efbe6a2693eff1ad53ba613ed","nonce":"052ade27332de87413caf272","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"052bd4710b010bd38633d43a1a17ce2bf90da595d7b46d0bd0a09e2254b1afc285bed4b5d02b676d7936255c91","nonce":"052ade27332de87413caf273","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"5c31aa776b538ccb7c97916c9013445642e4599690d59f5fe645dba079484416dde3b973a3771127d2ece0ac08","nonce":"052ade27332de87413caf270","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"7f7722b4a97bf60346f0ec1ee7437096d0a3adaa557152f58ebf0d4f7266bf3ec9410328b290f1034225b7feb9","nonce":"052ade27332de87413caf271","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"dc8963b752113e591f6dffec5bb7e86ad3e0bdfe8b6921e0dd86f63c36497b0ca7ea47530be55d9ac7441e5db4","nonce":"052ade27332de87413caf38e","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"386a21a9854d775d62b151a0d79479befbec24020b9acb7b128a7b9418ec8702"},{"exporter_context":"00","L":32,"exported_value":"5763f7b24a89a972e1b7e3db40e56d3db4127489971941439f3753c214b912e9"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"5276eac204dc27736052c619d0fdffc5da0b6a5d43a6a2baed8299c613a61c6e"}]},{"mode":0,"kem_id":18,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"f9f594556282cfe3eb30958ca2ef90ecd2a6ffd2661d41eb39ba184f3dae9f914aad297dd80cc763cb6525437a61ceae448aeeb304de137dc0f28dd007f0d592e137","ikmE":"566568b6cbfd1c6c06d1b0a2dc22d4e4965858bf3d54bf6cba5c018be0fad7a5cd9237937800f3cb57f10fa5691faeecab1685aa6da9b667469224a0989ff82b822b","skRm":"0168c8bf969b30bd949e154bf2db1964535e3f230f6604545bc9a33e9cd80fb17f4002170a9c91d55d7dd21db48e687cea83083498768cc008c6adf1e0ca08a309bd","skEm":"0027d3b66bd43e58c81a0403bbd83a0a22f74080c7d2e03db9e6ca533e7fd440b581190f693e884e99c1976476411a751e05799e3eb633159988df7d403b378eab6e","pkRm":"040086b1a785a52af34a9a830332999896e99c5df0007a2ec3243ee3676ba040e60fde21bacf8e5f8db26b5acd42a2c81160286d54a2f124ca8816ac697993727431e50002aa5f5ebe70d88ff56445ade400fb979b466c9046123bbf5be72db9d90d1cde0bb7c217cff8ea0484445150eaf60170b039f54a5f6baeb7288bc62b1dedb59a1b","pkEm":"0401f828650ec526a647386324a31dadf75b54550b06707ae3e1fb83874b2633c935bb862bc4f07791ccfafbb08a1f00e18c531a34fec76f2cf3d581e7915fa40bbc3b010ab7c3d9162ea69928e71640ecff08b97f4fa9e8c66dfe563a13bf561cee7635563f91d387e2a38ee674ea28b24c633a988d1a08968b455e96307c64bda3f094b7","enc":"0401f828650ec526a647386324a31dadf75b54550b06707ae3e1fb83874b2633c935bb862bc4f07791ccfafbb08a1f00e18c531a34fec76f2cf3d581e7915fa40bbc3b010ab7c3d9162ea69928e71640ecff08b97f4fa9e8c66dfe563a13bf561cee7635563f91d387e2a38ee674ea28b24c633a988d1a08968b455e96307c64bda3f094b7","shared_secret":"e73f28d166cffc37eadd9f78c770d70c2007bacd02dd7a7b2390956401e89c0157d395fa13fe60fa8902578b8cca9a20ed00be644b7eb6f77e3332ecfc63b601","key_schedule_context":"0032e749440c54987db01af606efdb4d140f0148ee254795838e2d23d4366e1fdd97e18b628ea977f60a69bfa0647402182d019d3a0b59d2dd03624d028053dee1","secret":"634e46108230baa9efdbb6dadfb17384afe3ffa608509b8ef7f7eeb899b79530","key":"f4ae46e447f44ddb7af4edf67b7bbce376d774b6e06a8d88571ecfefdec87745","base_nonce":"adbd83083d1c47d3d3c30bac","exporter_secret":"65cad52078696c8602ca1b56fc7051ac5eec9958ae6862140f04545926f6f1b6","encryptions":[{"aad":"436f756e742d30","ct":"7a0f34ffa87168b3308f5518e4046a538cc64dba1b704e24451478cb3a173599cf99f954138c0f384551548ca4","nonce":"adbd83083d1c47d3d3c30bac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"d9fb30bc73997017ea36bb486b58f526d7f56da3580a3c4db57a1098ebf9b0b2177ab6cf148663fdc86675c507","nonce":"adbd83083d1c47d3d3c30bad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"6add4335efb42f259d177fc1283c57cf527e2c9c93de38d18fd6ecaec0a57fd01c768c30149f284fbb314dcdb9","nonce":"adbd83083d1c47d3d3c30bae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"269660a153d4128c02b0108fccf08d2f0d95588d1336e491e62bb48b401cf865aa22ac0b4c2c28167fadbf0328","nonce":"adbd83083d1c47d3d3c30baf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"7fb7964a2f8ab6147c82f0de0d248edee5985b01bb872dd2a44f17a079c768605a9374d1bfb54d8d9ef8089618","nonce":"adbd83083d1c47d3d3c30ba8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"0a48519969ec33c91fdb95733d3722c5f8a7d73ed9f61ee22dfe6ff6149a3924907f2f6aee728d89ba7a9276de","nonce":"adbd83083d1c47d3d3c30ba9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"241f0b887a5d2fcf46570806c1f3d64395856a22fcc7919ec9668b05eb8b0f2235d2fe648b11f1cac8c9db3a2b","nonce":"adbd83083d1c47d3d3c30baa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"568daa28a9ee16c90d442d8be3ccb6ba4c583df7e21d604f0693dcfd10ec96048f72b3898281500bb3d20228c5","nonce":"adbd83083d1c47d3d3c30bab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"6857acd5137e5dbade33b1c5ed8b43f4b518e248c6669bd492fdcc7c3d55de1194a0d4250f2b268820d5681d03","nonce":"adbd83083d1c47d3d3c30ba4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"4ef3d79b2e0dc7663a13fee548eedc4663823e52e425f5d1d6c6799b537aa22cce4cd1e2d739ef61ae727704cb","nonce":"adbd83083d1c47d3d3c30ba5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"4740d2b8a1d63232f0597953aed91a0fa4186463176528ec6fa9463af7d626da4c1184480515f5d0c65a8cd962","nonce":"adbd83083d1c47d3d3c30ba6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"6102879a3b12c3dcf8bcd4180e73d82ace6b23d747c70ca68e269cd1ade1e96987be2014e3d433bcd172b8bbb9","nonce":"adbd83083d1c47d3d3c30ba7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"e77079ec4a83d9bc8611695d01aafc38ba202080bafb9b00c9c9ab43a62f536a730120db34950c08e92a77bee7","nonce":"adbd83083d1c47d3d3c30ba0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"712ef03e6ef6c140ccb84a163476f499f78d043331d379d4aafcce30db499d91bb78ec85e29b739c5ba83f9be7","nonce":"adbd83083d1c47d3d3c30ba1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"f32772b42474dc5d5441e671bf8e29eba35de2bc33f9b0cbf0d65907bf48286f3c2367df54500f4d44612a1bfd","nonce":"adbd83083d1c47d3d3c30ba2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"b7d7617430d9adbd9ef23482f1b95f32bcf832c2d5a5a2267c84d72cdd22c0d3e8e5ac38dbd9aedea93f29717f","nonce":"adbd83083d1c47d3d3c30ba3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"bd58f10cd81d7f9b46e48b3ad4d5a36fe26f562521ce64e8fa36b4a4866c05f2d812e30693e79e7dd680bb0643","nonce":"adbd83083d1c47d3d3c30bbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"0db4db18c25d5ef0bda1bec97bcb4279fa2a95e642d5ec6d321a3165d2e639306e1e52788ddea61357669dc60c","nonce":"adbd83083d1c47d3d3c30bbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"777c28451080907dadb9593b5051fa831bd5339b8193037c17b456f5a686d1b2fbc7f0fe9e09d31b76584538d9","nonce":"adbd83083d1c47d3d3c30bbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"9f0dcb1dbb53fcd61ff77b626f9ff23cfc8b7d3c26128c4e4ba015589a8aee9086f006515a98597315fd7d4bc3","nonce":"adbd83083d1c47d3d3c30bbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"3394b6b42a9e85a9744d39df4cf281e393a07dfd5c99e26c05bda8bbaf901c81d41b2c96270aa74ed5ba5a9706","nonce":"adbd83083d1c47d3d3c30bb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"ded5e76f25300a4bbe29929be4e715b998bf1bce70cc70c4dd55de52e7618151cd1a8c6b0dd5191af8674d4492","nonce":"adbd83083d1c47d3d3c30bb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"2aee30a73731342c08ab21243f053ffc98418399f4bb689746f7ed9de7b286edfd51cfc39d2507a142ccccca64","nonce":"adbd83083d1c47d3d3c30bba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"bafbcd51477f8d1a660cee9ccd990e29438d00989bd08546c2863e0d9415f59da48883b688b90bfbdbfdd54ed7","nonce":"adbd83083d1c47d3d3c30bbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"3df569bec21794f5ec90680345063aaa7cb2c0aa3bb69c0bf5d698bef44006e1474e21b21617d66ce5fc8971a8","nonce":"adbd83083d1c47d3d3c30bb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"3f7589ea23d4d6e6cb6efb2f42bc7600082a1ec215f4fcc38a72a194464a17a1f23ce61997b9ef0b0958dee98c","nonce":"adbd83083d1c47d3d3c30bb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"c1b4d4edf7be2a6d1a3064992fa1ab323a075c301706e524b69e0b641a53f01339dd0815b339c060e44d70f522","nonce":"adbd83083d1c47d3d3c30bb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"6225f029f9a30342509496e8c6f700ff4baab2e928cbae2b821e1af9632653d0e62e3dcfde72ae6de38719c10d","nonce":"adbd83083d1c47d3d3c30bb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"5620c69a91c95d85e1d8974e66b4945c0337ed4a3dd4b0b732d13cbb89cb22ee51325ec1144ef8c04f4a8fef91","nonce":"adbd83083d1c47d3d3c30bb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"d6b6589eb3c1ff362a63fbd67e67c0a504e634241cbbd2c0a68aa53a41b8517100be3cb7b917c794569eb0ff23","nonce":"adbd83083d1c47d3d3c30bb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"cb3c773dfb594e4a0087e01d0dd89f3f93fbc023f93ec7ef6b89709482fa0b2a752b906fbd8bc648703e63b827","nonce":"adbd83083d1c47d3d3c30bb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"df2ca661b6e5a6da74b4d4932c12c1e4dca22c78cd44df1fb082ce1f765452d0107e3224a115124b7b8369e059","nonce":"adbd83083d1c47d3d3c30bb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"de3cb10de7dd9be6561f299e9ad3c0eb70840b5f05a2ef18b9d553ea1ca6203363af1b24c7fb9b1373f8352ce1","nonce":"adbd83083d1c47d3d3c30b8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"81d22e88f90ab95ec54e307abe80b0c306edf07c198f5c33dafc9c6854daaf362f5b01090510068ff913d89410","nonce":"adbd83083d1c47d3d3c30b8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"343b87cc20c466561196bd66a428decef079702ea9278acb19577cdef86e675ea9a438d1002c13f1d0c48e0772","nonce":"adbd83083d1c47d3d3c30b8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"35411d37563a4fa7cd6991b44f13a0859f2469146d0c9b7b16ac54384e6cca46c7965b9572e70a722e0e51bffb","nonce":"adbd83083d1c47d3d3c30b8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"c5bd84d916fffa71caa7548d6756bf3c9f0f625ddb3d84740f9775a0927cf7f165e561a4755087fac4e3073e01","nonce":"adbd83083d1c47d3d3c30b88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"348e55e6add3d745e9b3d8fb55050738f748eb785b6ea0028a706907800ae3b8daeca1459bd77631b023937997","nonce":"adbd83083d1c47d3d3c30b89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"9e6f17d37cf0096d95de6cfd53e35bd4cf18694ffe05a212c0ff4553412081601d3f001b6282f0458cf11d6380","nonce":"adbd83083d1c47d3d3c30b8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"c70c4237349055ad1be698f7d39ab9acea73943cd9bc4f356053b490d501c7d7b586022cb176c0c8c83f13acd4","nonce":"adbd83083d1c47d3d3c30b8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"3fcb08b8d4678c67a9600a7078d2c85415025dcb8ec0fe97e7e6f3a78d60016bd2b419ed5abd64bd9acdf31a1d","nonce":"adbd83083d1c47d3d3c30b84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"9de196fbe394525d7e2e4a174165877225f67b3b0dcfb2ba34b425cfac27a3f24160cf6abb082560a783ddf254","nonce":"adbd83083d1c47d3d3c30b85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"82f6aa20576639ca34e702166d85243c72b07949dd60fbe8db0e13c60c4d643f4dd56dc862c97638a4047880dc","nonce":"adbd83083d1c47d3d3c30b86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"078dcfae4b5bb9b80a9772ed0fc2472e5dc5a58a3fc7a8bbd796ca77b10c3d82976dd9e9b30e23f6131f61d071","nonce":"adbd83083d1c47d3d3c30b87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"8d0c7c6b6700608f7e5437b724c2fce5b1355be59955282da3fde1066e40b42a164eeb111e4ea7d852ee1ae9aa","nonce":"adbd83083d1c47d3d3c30b80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"3cf530b97cf79c951d4485a1e1e1472c1b6cbfd2254161e85f78ea70b208c1b65aabb1b15293254c7b5a8a22f9","nonce":"adbd83083d1c47d3d3c30b81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"0aff5a11454b57a5b612fd3985615c888ab610fe95952fd37ab533a72bcf3af8d179fe5750501c43515b2ff374","nonce":"adbd83083d1c47d3d3c30b82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"407dae0b2ed5966a60377a029bf6ca91b20b306d921eadf11b2c6aa71a34f3bc09caf2668ef15b40cb389bf18a","nonce":"adbd83083d1c47d3d3c30b83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"370da4dc1fd1b5ac2bc68e54c82f957101057b3b49c0f298dda0903bbdd64c79b33fbeedf28694cbfef2772ea4","nonce":"adbd83083d1c47d3d3c30b9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"64b1447b7ee47bb2f06f57d2976e48a0c316f71faa1475910d71311603c9570fa5d937e476440e9bf0f2bac065","nonce":"adbd83083d1c47d3d3c30b9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"ed273e36bfbfdba8581c55b29355203308f63627dd1478889de6e32bbc9fad9d9cf6daa2a8f95fe7b4353862e9","nonce":"adbd83083d1c47d3d3c30b9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"815e234773a8b3a69d8a43be02931c1872e47dce7afb0bd890a39a3a5328212137b21174d8e312c4881ae14247","nonce":"adbd83083d1c47d3d3c30b9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"43cca5e69ecb5ea0ae1806f86e778c00ced5b401f57f548fc5384d802e4f96fd42b61a74fae6fa95adda5d2067","nonce":"adbd83083d1c47d3d3c30b98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"bd9eb7085af29b14d83d0019b314564e4cb28698c57b240fb5a878903cade6b392f0a999ee194dd6d52d98078d","nonce":"adbd83083d1c47d3d3c30b99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"e80aaea60d60e80c97284254aa5779dd645c98a9a2ed933b9907068f3f8a297c7da07fe246b82692bdade044db","nonce":"adbd83083d1c47d3d3c30b9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"3c52a83be91860f94f8ded8a634cea72b9eae4c9dd83c90bcb3bdf58a27a29c9adf3092f1d3043bd797fd1ec6e","nonce":"adbd83083d1c47d3d3c30b9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"ad46cc80a6f89d7f836ad42c567b49bff1bb967cf3f8e668eba8959c74e7010c865871316cce5872430044aaec","nonce":"adbd83083d1c47d3d3c30b94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"d25c120af8b02519d2fb86e4dfbc52d0b3574fa15e9e13ed03d7124d480a60ca65bb2e23a0dcb77c91faff3486","nonce":"adbd83083d1c47d3d3c30b95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"bb562ba6cf63228f49d25489b93e26b9654eb96dca1998f5718fd7ee957232dbc8937117c6763913e194cf1e81","nonce":"adbd83083d1c47d3d3c30b96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"cc6760d71078d9b5664adfa2aeae4acddf926b6e28f66d9988654233d63e7cebba2fec61a3f78244a9a9cf6753","nonce":"adbd83083d1c47d3d3c30b97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"084b85cb4a3699d98711995495b736531f136b8c0981beed21c0c57aae5aeead650e4966df7ca65afbd97a93fc","nonce":"adbd83083d1c47d3d3c30b90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"7ee901167c8df8d8365416913c9b15bedcec712fb7acef8f8d5b8101f92f13819e291bdd14c3e530d72242f53d","nonce":"adbd83083d1c47d3d3c30b91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"2e98d3be464e7b6d736f28a4f7680895cb934f54cc0376d08693cee9222f17b10cf8ae16d44c0351fc2edc5edf","nonce":"adbd83083d1c47d3d3c30b92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"9e635c34afcd1ae7a805e61c3fa5793308e543a9a27de6f2fb0cbe8975e20e11f7571de2009ee7dea9435a382a","nonce":"adbd83083d1c47d3d3c30b93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"f593224987cee7bd6a59cf03ddc3ee72da5c3e2a66aa5177d74a7182bcc468f9d13b4cc89387de4a2c7569d9ba","nonce":"adbd83083d1c47d3d3c30bec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"40276bf8dcf6a5a48e3f1f84569cf98aeacb390eee1f0977f1c59cb3194b26cfbb2a21d260137c7a485f19e186","nonce":"adbd83083d1c47d3d3c30bed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"650a8df72f4cdd6f3ee2dc35284f179917fb146e4779cf19167800c6a254919f02a3eca29302a9361a0f730feb","nonce":"adbd83083d1c47d3d3c30bee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"32dbf145ffe84d5c3f7f2ce4db78852cf08330d3c9db2448f83aaa5592c14712522e6b90baf71223631815eaac","nonce":"adbd83083d1c47d3d3c30bef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"c9bfa49842729bf7b83c606b046e42d0ea8b7913c463d8687e91e84573f0db042026ded5c0952bf7018777dcc5","nonce":"adbd83083d1c47d3d3c30be8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"bad37a3ca649c2b486843478062f44da20baaab12c16024500a58978b6d7e1ff01c1858e51b98fb5468289a061","nonce":"adbd83083d1c47d3d3c30be9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"6e3620ce8aec167fa000c6727d01e95eb0770ac56eea9b9fc832e288bbd92540bc1aa95ce1b6f8ebd271d5dd37","nonce":"adbd83083d1c47d3d3c30bea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"4eab9eca8655f61c268ec99d75d87ce1b49095838c6d08039a7bb111ff84df874e0a75174e8f82eae532132129","nonce":"adbd83083d1c47d3d3c30beb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"13918fb2993a30108764f34346221a30d2db378b41d7c66ed3c59e7e049f6cf7390ebea9d59e81addfe396ab69","nonce":"adbd83083d1c47d3d3c30be4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"c69426c14981f0997444ddc7d093bc33e54e36dd700f6a9d1a2b78a3813d3ebe8fd8a0da815ffc43b290e22997","nonce":"adbd83083d1c47d3d3c30be5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"e0587131d0d4a635246a3634d587ac12343a0e66223a5519c15da2b8fdbc9b0b8de9441275be78af1763aea0a6","nonce":"adbd83083d1c47d3d3c30be6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"53b9d6d957e215097dc1471ae3b930676e3272035501164114c4118e1d8a0478bf27730370fab974d181e5f046","nonce":"adbd83083d1c47d3d3c30be7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"fd5d448552b672040e1c520fdc7cfc8a77578ed63b5b32d15a155be64caeb20b2c4286bce46de08bac71d0de61","nonce":"adbd83083d1c47d3d3c30be0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"1635be7c2bdf9a7d7a8e29e57bb5668909bdb0fbca805976d1ce9ee34eaac29414403037f668b2676d91fea836","nonce":"adbd83083d1c47d3d3c30be1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"9579935f66ca0574736d1d7bc400460aca9440aa84862ce75fe9f54b4db610c134fead0d6bae34fd5eed71bbeb","nonce":"adbd83083d1c47d3d3c30be2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"a7933837e77fc59046fbecc7cf6abb389a2995ae9ecd3cfbee68108cda64da27af2a7444f60a9280aea2624495","nonce":"adbd83083d1c47d3d3c30be3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"460df56737d509016d7ebda13416f77adfcaf6494551ee41cdf06c092ee057bba31f061752c6b8e4c9aab70ec0","nonce":"adbd83083d1c47d3d3c30bfc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"2ba128e4fa8a0cf48d412e3be02d24b746353232e30c31e0d083c6872754a9d4aee70529ac383c2a9480054a68","nonce":"adbd83083d1c47d3d3c30bfd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"c1bd808874ed2178215cec903e02b68465b3fc5acb6fa41b711db84d4bd39e55bebb94e400e1b7f878b127e4b4","nonce":"adbd83083d1c47d3d3c30bfe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"d0db740d1f052db3a9f6270a43f8b99fe974b88fd2c32b99b9f755868788694be06cdd521e832075eaef8c69ba","nonce":"adbd83083d1c47d3d3c30bff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"4beb3cd1d1742bf40659764ff196de76e81b2e19fbf1edbf36b6868c569e0ec7efdba0dfd4c672b9c62d510b0b","nonce":"adbd83083d1c47d3d3c30bf8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"de7737cd0a6f49762f142a6100465b312c6b0b790721b3a4a7532dbe600073dabdc4c2c126b172152a5aab66f2","nonce":"adbd83083d1c47d3d3c30bf9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"5213dcaffef3bea82b545dc509f61c2f7cde933e3bd9afd1b9a9e53ba3a765cf24f7f8eb0e6e6f35c3ced4a49a","nonce":"adbd83083d1c47d3d3c30bfa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"58ed0e547fded5efb6feb8eac4730458bc703a10281b7019b7c1874a366aa3747feec5e9d57a93195cb9487025","nonce":"adbd83083d1c47d3d3c30bfb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"1e6462ec9ae5f221a5a830fac7bd2bccafec63e24d5c7b63285e675a3b3462e61dfae96041e03f83229f254467","nonce":"adbd83083d1c47d3d3c30bf4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"f2700e4a9b3330706427c650f4e37962b482268190ac7639257e83c048af0c08355fb472044f9c51cdc0bce554","nonce":"adbd83083d1c47d3d3c30bf5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"e9c8d489959222f8a16cbb4001570a6a97d033d4e965669b98705dd9963ecf1342319ea71521570b1cab37feef","nonce":"adbd83083d1c47d3d3c30bf6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"28a51671a49cac73ce6e7c118fb3b9852651e14d0c22b6ee64e106257d9b496d238a22d10eb09a2840e22268d1","nonce":"adbd83083d1c47d3d3c30bf7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"ce21c428c60dc885d853797dacf265847e747027c4f2f06d00e0d0684e49fd23493aaf99e444e81d37070d8e5b","nonce":"adbd83083d1c47d3d3c30bf0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"01db1c25ae758b1a7b221c756cf403dac232a99f9300ff4283b9f9e544432e17a3e10f7a4f6d04ca07589f4701","nonce":"adbd83083d1c47d3d3c30bf1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"53d12a2291a5576b301480b15631ff5135b8aba8475e2771d82805c39516172daaf1eb592ee470e42e8aa8890d","nonce":"adbd83083d1c47d3d3c30bf2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"5e09dd0bdfe476ceb85c3f309702cb46f1e1c3b389b0b37448719be24fc98620ed1934e37b46c6ba2af3d10959","nonce":"adbd83083d1c47d3d3c30bf3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"363614cda61c23ebc086e79dceae5dc908a0398a787fe8762816727c31ea4340f76b76ac29ab916f9d036c54aa","nonce":"adbd83083d1c47d3d3c30bcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"ad9e8b4c676758428daa78f58315bf8701dcccaef179c6edb07f040f274537c82862110e30c379f50156d4f472","nonce":"adbd83083d1c47d3d3c30bcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"00e23b36ded1839a20eb869ec56424b5b8f16f1be5e6ad4d9449a8956b9dc6b0336ed198dcf5ad2c6b99c7a29c","nonce":"adbd83083d1c47d3d3c30bce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"d6d780413551840858d2ba3e75217020f2eaa97b6a7a69114117856bffbfc752f74ac9342e368e7260d5cb6e67","nonce":"adbd83083d1c47d3d3c30bcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"492ace52bfe94073672c742bff3dca94217326ccebe364277bd538ba7e7fabe891dd236e1eb0599df940e9a313","nonce":"adbd83083d1c47d3d3c30bc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"f29a0cb227d2dbf2e810043c92b06cc2a3b9df54b9035ff6d891ef4d0ea79e39328f7d23952b2cebb2f5a0a9b4","nonce":"adbd83083d1c47d3d3c30bc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"d5203d34a11606997cc8cf6308dd2333059333e09667f15b0a4e4f20ecf46128edeef582ce05409906ef22d646","nonce":"adbd83083d1c47d3d3c30bca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"7ca0c48d5285aef0309da48fdc3e075b32d41c145fef1e4abaeb4cd4b9abe53620fe5798835a2891b209e09727","nonce":"adbd83083d1c47d3d3c30bcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"ce60b3f9414569640fb403a03e251fe401ba0b870fa5d786a88068695bd597abbdc1ffa647518a6ec6a341ec21","nonce":"adbd83083d1c47d3d3c30bc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"4605b2a4d88e1949f74ea5a0a603fc25b99e1e02a30fe989109a7242bc907ef784d9cf10bba72ed68df34cc142","nonce":"adbd83083d1c47d3d3c30bc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"99329cf297fa70581850c91f88e4d75361d2051dd1680001f0fa68075c133682df09b3225a35c83f48c22d173e","nonce":"adbd83083d1c47d3d3c30bc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"00ad1eb855097b4df0edc14ba196cd3e6726d315c31babec3bafcd6bb82f8dfaa08ab5862fb0eb18378c46ed26","nonce":"adbd83083d1c47d3d3c30bc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"3ebecf5dab21fab003f1892f90aa76fd829cd10816302e41f4dcea1eae70c3d3664adbfff99a557220ee28e055","nonce":"adbd83083d1c47d3d3c30bc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"f86a121de7157ce11f4041bd989a36fae5c7c819d70cd072078acf00e5ddf33d1e8a42166265d537d45596a96f","nonce":"adbd83083d1c47d3d3c30bc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"062986f8a02555457ed9e28c51dbe02df10d693eeec04b00aac59971adf2496cc66c03cb573933d554b73b03ef","nonce":"adbd83083d1c47d3d3c30bc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"21c728ae8803e670f0deff409a0829976e02e60e7b8cc1509a48e93b1ac3cf84315d70a903d401359b83cb6e76","nonce":"adbd83083d1c47d3d3c30bc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"e0df558607fb369eca13ef7b7c6e48bd533cd6f23f5b81b5d44910171992c99884d036cb85223bb6e074e5a3ca","nonce":"adbd83083d1c47d3d3c30bdc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"e2e702c01c5f6507a06a1eaf8fa57615062988177f490ad226599f04996e793acb0f1aeb2fd644467880be07e5","nonce":"adbd83083d1c47d3d3c30bdd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"f00d4cc1527fd03a3a1ed06952d13284a325c9b8cc93668102ef266f1922bc2962fc0e084a7271cbe5ab8aa14a","nonce":"adbd83083d1c47d3d3c30bde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"51ff33698b90b010cb4a6c3aa2b2156af4ec966c4ba5b9043d05880969e71eedb42c2cc7c52c0a4293e1f76538","nonce":"adbd83083d1c47d3d3c30bdf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"a9d18b20f03432267ae598e77ac9cff7bcaac1ed2873455f8ccdf770908de99e26b93ffddad1d9a9ec804b93f2","nonce":"adbd83083d1c47d3d3c30bd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"3bfee4e400ef017f4db63de2aa8e9f846a43f2dd057cb36c7de8de7ab7b1b45640802a8e25e515d317256fb804","nonce":"adbd83083d1c47d3d3c30bd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"acbf814614d35248609affc6c66a6bb3c08ca888e61edf00d96a4da5eff21b9465b1c017d0882b408d5dd84f7d","nonce":"adbd83083d1c47d3d3c30bda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"616b22bc598bf1c9fd1e4871c292968a08338707e1335ae8a5bc9743d4b6aa6c3f507186acc6bc442709b27986","nonce":"adbd83083d1c47d3d3c30bdb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"70122f04274fa28f4e143ad07e8066e1b674b3eb144e62d9d0b768eff1230999e3b16e09f1fd9a21430ac06d28","nonce":"adbd83083d1c47d3d3c30bd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"3503dc2f4ee0dc34d86683394c21df7c276646a96ec87613d8ec0d04937d8790268485808b1c3451e08d3a1882","nonce":"adbd83083d1c47d3d3c30bd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"3d582150f3f5d05b7e704c21cd8e5c4647e79c00a4e91efd7536ca4b68df98b11a43b0438e0300828061fcba9e","nonce":"adbd83083d1c47d3d3c30bd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"b2e39594d8342e2c65a3e24a7d4e545053902dfb87c6cc779d3ee4a4deecd308de6f71f57324b248536b938dd4","nonce":"adbd83083d1c47d3d3c30bd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"579f66567a9ad5d415ff179382f629ad535935dd41970ed769c7c0705516b9d2dde1c9af6f847e7a4e07c60533","nonce":"adbd83083d1c47d3d3c30bd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"63a1fe840641acbb0279db9b05ea18670e005d5125cdafd110b64006465511074fd32ea47fd24a9ac15262b4e7","nonce":"adbd83083d1c47d3d3c30bd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"df4ae9a6cf6330b24c8573f1c8149f75d9f5b25a34240a0c20864873c856e775a5d0ae4cb73463ade11665be95","nonce":"adbd83083d1c47d3d3c30bd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"5b9210cd25a490d797fb51192afd0395bfd8ade1e893aaf0e4c345c759b8824a15532ec330728f48ae0d2c218b","nonce":"adbd83083d1c47d3d3c30bd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"5be057b861f927ac91c695b103fa32fdbf82a2212f5c66a15823ecc6a76f9a36d3ae15cdf9095b9e00e0e335f1","nonce":"adbd83083d1c47d3d3c30b2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"edced39154cdf4c83e9a50d76ab45a195ef3a8bc8b41c0f6a6914c05525ccd19ba2ea66a3c9400eee3a00695f4","nonce":"adbd83083d1c47d3d3c30b2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"8aa4adbb505a7903489f344a1291362cfc9fba41080741f8b4867a356dc710f5e82e3c1d810889a749f4e048ab","nonce":"adbd83083d1c47d3d3c30b2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"8c6eccd5d85aca7b77b215a873065d3a9af4b6a6508ea6c430c9c304ad3fd2d48696c1428487a3283cb82f2b2c","nonce":"adbd83083d1c47d3d3c30b2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"07ec628d1f8a74b608024906947c48d6d08d3cbf341ff9e3b0b1c421af9ac220d7bb6803dcbcca895f5c768be4","nonce":"adbd83083d1c47d3d3c30b28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"307fe253bef913ed15541b9b0ff45875978c9b5427f4fbda73d595d69208c9ad77aeedad94016c755b6cd4d41c","nonce":"adbd83083d1c47d3d3c30b29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"885f950015217678d5e1fc6621a7ac6bd9b2ff2d085731031b0fc6d3d957775bcb8861de324f9ffcea86e9da45","nonce":"adbd83083d1c47d3d3c30b2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"3eeb21ca35fe88e411ba6b80ced17bb43b7d89d7b87068bf4a1c6c6b13965232299259292a7b92b7618c3bbade","nonce":"adbd83083d1c47d3d3c30b2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"bde2accabd1c9e4d1ed6d9af3b2a5d181e4aa6ca297b42563fd0e0b19603cb2cf20151a5d6f6a0b06a28646452","nonce":"adbd83083d1c47d3d3c30b24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"4fc08975cee1ea07145b4d4b6da3e6fadc571c447a60b3045812ea7ffe050c58da76f11ef9910db9e78e2b9181","nonce":"adbd83083d1c47d3d3c30b25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"97ea618c58d88b7dbfdbfdb8e088a90abf0542b73b3659578b687204c7790924570cae9ab348ed56d63bdb6488","nonce":"adbd83083d1c47d3d3c30b26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"64516204783cb27de837a216a04b12bb7aa367b20f3002ebd5c9dfed90d181bdf3151c327863b764f2fc39d5e1","nonce":"adbd83083d1c47d3d3c30b27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"4552f3c1f3635f9964e9a47beedf49a8325c1dc9867a4a5bfe226ce3fcad9e135321f9c27b79e1cbd31c5493e2","nonce":"adbd83083d1c47d3d3c30b20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"5cdc6fddfe8206fc14d59b8e937b9bd948dcbbf047571c9ecbf3b4a40c79ddd237b8c67c4887aab9cd228cd0a4","nonce":"adbd83083d1c47d3d3c30b21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"b398a32918a97bb3e28bfd922b130841c136c4ceaa1bb24701139716f0a6c043672a8ab9e30fb9792f95451238","nonce":"adbd83083d1c47d3d3c30b22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"48b9a6ccc930a7e50a783fd3e44bb62e07ddab31eaed0c0c04e94fae8191c541bd6d86bd3e6a7697496198c43b","nonce":"adbd83083d1c47d3d3c30b23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"367ff81099dd001b76111ad573374478dd2980abbc321117b13f3a5f7d5613ef986e0606366a264c40793bc7c9","nonce":"adbd83083d1c47d3d3c30b3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"c10c59bb2a8f1e20c563eaed8ecaa4ecccd64901dcf8c0e6891dc56ba6e3b3159860365c264deb8532726c3c52","nonce":"adbd83083d1c47d3d3c30b3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"332cfb20784b7d64eb011850d2ab7e478c788c974f7cdb7df3ad49570ad743432edbd4c83d2db524eea100ce2c","nonce":"adbd83083d1c47d3d3c30b3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"5fc7488ca585826c97c40090e18adc5d1d05fc04e23abc7072fb4aabc37291f449b9863d2a2c1fdb45cb01b230","nonce":"adbd83083d1c47d3d3c30b3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"655dcbd4b018494eac5ddfda9fc35220f2427057dc0a814181fbaef9d4ae751efe47b1b0aa0e3eeebb282c1370","nonce":"adbd83083d1c47d3d3c30b38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"5b0e281dc94c9cc0519d2da4c2e12e8e864986f37b7c1d14336ca8dbcf9a68ae6d1b87e1c5ee70aecb0a2cd7ef","nonce":"adbd83083d1c47d3d3c30b39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"3d907c8ac395673360c7cb3d2e071c8358e66f15ea54b0a4c840b59475d1d36629a474da9ed8957e9363321448","nonce":"adbd83083d1c47d3d3c30b3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"0244a634d5efa07370bfa792f22cec176d993ec4fa88dc4a2b1fcf4770f32af2d1f0a5af170572aa6a3a566b64","nonce":"adbd83083d1c47d3d3c30b3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"58fb15e9b8f1498fffa19a13c0f141915a383f274bcdf6eadfee998880bb40a8b36666c1b9e721e13255e948a6","nonce":"adbd83083d1c47d3d3c30b34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"d250d70472cb60127a64acc374b5458327a04def2586c6201d1baba81d7df9c358e98e61ea19aa6c5fb6748fb3","nonce":"adbd83083d1c47d3d3c30b35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"5c3927bb97aa89ec95701666adabd41cf09287ff7915911c69ddaf008f440c5a2580b3d3a68bfda119f75f8029","nonce":"adbd83083d1c47d3d3c30b36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"d57f8c8f7ecdc536c106e1dba59f8f7b6b4959d69ebe64e3ac3180a53dbaea4f77698bbc14a474a42a491a4be1","nonce":"adbd83083d1c47d3d3c30b37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"5fe5f6f69fd0c311388722e46e307a3bbce0192347b2de8529b941f89e4cc75e413229bc9246e653b1968a0cda","nonce":"adbd83083d1c47d3d3c30b30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"32c4a1132c07505c81e8fcc66b8a69332b0ed118136b107f3d3d605f7f8f9ee8bda1ac0c652bbf4bb6fca59ce4","nonce":"adbd83083d1c47d3d3c30b31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"0749e8e871644f770276ffd9789b1c8d5feb70bfe5ebce3a9cbe38083f8c652f9a59ef37fdcffd2e13961d4b95","nonce":"adbd83083d1c47d3d3c30b32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"7501b57e8285a67320c52d417e312934c20e8b2597a039253c4fe90355463065c41328cdf8f11a5463a3afa4ea","nonce":"adbd83083d1c47d3d3c30b33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"ec89b43d65b0325e7907644d4c95aa0644dcaefa76b07b834c5ca3f0b1c5f13936f262916799876c53e7066ce7","nonce":"adbd83083d1c47d3d3c30b0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"2c9775285814501c38320c2223b81fd3b8a7e22eba9666cd04e0f670a0825a1b536b79a644c6349f85a4d1d33f","nonce":"adbd83083d1c47d3d3c30b0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"b8e7016dbb1235d9c6aeeeabb2b0682c3f9217f75a06a349640c237a48156078b3f8307ee22a2386def22af8a6","nonce":"adbd83083d1c47d3d3c30b0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"2b605c66604b5678f135c56a390917ff56e7ce2d0f810e3f1b02bbfbf3889e7cdea274a020d172bdc92f142f38","nonce":"adbd83083d1c47d3d3c30b0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"151867886446dfc0fba503f7a59e839d0f60cd90a6b7c72aa5d98d43279cea3a750e5c73a50c965c1efadcee7d","nonce":"adbd83083d1c47d3d3c30b08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"ded07f2ba9f036398dbb44bfb8289794833a48396073a2f3a55415b9628ff561b145441d7beffb01ba66888cbb","nonce":"adbd83083d1c47d3d3c30b09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"070ea280c03f37639a7f7747c0651a9b4bd1945dfc824ca89508ae76720e09ee813c41c286307ac9762b9c7845","nonce":"adbd83083d1c47d3d3c30b0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"52c7dcb109f0ccf56ff1b8df46d5241a609ba1d7a031c17362e2f0d29400c5c2dc82f25e585554bc9311f93f9c","nonce":"adbd83083d1c47d3d3c30b0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"46a973c80a96d6cb3521cae16b20309cdd10bc9312f494e513539d2b8c7460cb1125fca6d217d478bb833e442b","nonce":"adbd83083d1c47d3d3c30b04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"424e6f150a0b935ba16cbac9468ec5dda2c3039a56f52a5070bde1da29c9e8166a49223f088a2e7eaf90a88aff","nonce":"adbd83083d1c47d3d3c30b05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"fd66d81b56c80baaeae0e02d35153bfd144115e2eebc29e757a4845b33e07c6e2eba4bd6094596b275adbab588","nonce":"adbd83083d1c47d3d3c30b06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"0a0850ef6bdd01656bc8dd8e2d3e66662cc85d225df4972674d16998cbea6db5b07d4e499190930f78dabbce9e","nonce":"adbd83083d1c47d3d3c30b07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"3c5c8bb5c0b2d52f336b05056ef4ad1af792b7b4ae12d8ca36e2335acd52d29a101ac0bf06161c90d31b1bc069","nonce":"adbd83083d1c47d3d3c30b00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"670e335fa6387c7320c36f26d5ed5b90c5e7b8d345d2f75c8f0456d3b3f4a08e562e4457e513d7b368390270fa","nonce":"adbd83083d1c47d3d3c30b01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"10b76cebfcbc8865ee8d4e78b337f7bbaf176a2d86f90e62626e18bc453ebab80e76c7467c40287f0f5b0d60c4","nonce":"adbd83083d1c47d3d3c30b02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"c059bf1181e10af65c88ec313e33dce2363ef6262fa9cff0b65a24c3cb5abc73ed6ebdfd0638408e27592f5609","nonce":"adbd83083d1c47d3d3c30b03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"c0227e4a46c4d7e0bfe7d8d9c59dd635df9748e442af53cc36a96c04cc52ccc913d6ec288e8c13cb1ad2f0911a","nonce":"adbd83083d1c47d3d3c30b1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"b83018398e5f01617291d80ae6af0b9d261f9cf0e6aa85a3efb5793b05ad3df43977cededf6cd0a306b663ec08","nonce":"adbd83083d1c47d3d3c30b1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"f2d70247d6a718d1252469f127b82829a055983fb31e0817d7e62b872147afaebbb576f941ff34a467b5392e0d","nonce":"adbd83083d1c47d3d3c30b1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"48ca80b989a05650bc5138fcf75db440ebb7239007b57aded14ae2f14ed51c508e632bd91c3eae4e1aa2e84ebf","nonce":"adbd83083d1c47d3d3c30b1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"f5df81ef8bcd46b7878043e98246eb33fa5498bc36cf5eee246db550ee3f15f4ffcb18903c246ca0a2896f9807","nonce":"adbd83083d1c47d3d3c30b18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"03b3822c97e986953b5b0c8b4849b05a8b3ada6757d84aea514fd3ec1ba44f2e64891a62655ef08e241281d33f","nonce":"adbd83083d1c47d3d3c30b19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"f5c3d1d803857b0fd10cf105170546f16c49b68c4aeb8079daf95bbc5592e3df6db445113e8028c826699df216","nonce":"adbd83083d1c47d3d3c30b1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"ccd2c73e56595db67d6eac4cdbe6a43879f053cd44f7b2e4b8718c52b3c2bf617957472ffb1e655872f538de1a","nonce":"adbd83083d1c47d3d3c30b1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"80eb5ae70ccd5b646f374a4d2276b4a5e902bd0d409c2f1e3f058ec89b7e3808b8c72a47213c0e38a2f437f81f","nonce":"adbd83083d1c47d3d3c30b14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"05597fe1570b9242f0270d3f852b704ed879b8574f0df35717fb06cec0a1827a43d7d3ab6b6dcfd71448bd3c29","nonce":"adbd83083d1c47d3d3c30b15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"ac3116aabb230e3882cc93a8abd2b49d0bb50fce1afe98507c7d2c0d10255cffac595dd47589f18fe69c6e7b5e","nonce":"adbd83083d1c47d3d3c30b16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"13f3cf6735cc584f6b5560115e9caae9eb2fb7169b6418e0d1327a919d2871df6bf49ce7273eae9fa552bde865","nonce":"adbd83083d1c47d3d3c30b17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"2c90cf18c98098c38b839197f05b6b51f437aaa5c71bb8a4f9c00a213573940aeba94db9824043eb6d0cba23c9","nonce":"adbd83083d1c47d3d3c30b10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"96693d8167939a32438de4d238ba3e74debcbeda550504c0c763c462069bc1b359c533869fd6df6c21b3539a3f","nonce":"adbd83083d1c47d3d3c30b11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"0b844bda1ea1f928dc2c6babc55fbad6a90de66320f73938a77e4273ff42e847d882a58193eac250d0c2cc8a06","nonce":"adbd83083d1c47d3d3c30b12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"e7c9a434f96c9128e57e2865e491c1e9943f2ef925fdb17a7106510c8bbb151514cfe5128379e03f58da5334ed","nonce":"adbd83083d1c47d3d3c30b13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"b677094b169ed77e4d377f3965d28a745810833c615ba6cd8b7dcf183c200023db8631f805525e78c75636cffa","nonce":"adbd83083d1c47d3d3c30b6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"638ee92bb91d556286aeadc029fede830fb452ca07bcaefe7fe07132387826710c88654e503e44a68c577d806a","nonce":"adbd83083d1c47d3d3c30b6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"47dc52a6752147d895009d1e395587a33cf4001250c496529131695b5106c9bcc5fc2698fede46b4a5b116737b","nonce":"adbd83083d1c47d3d3c30b6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"cfbdab66c6bd59c749b44c95520d70b90bf3c8def2145e1f3c53f8ad6114e15dc38495aa1750c437337573f2ac","nonce":"adbd83083d1c47d3d3c30b6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"baf0f477fa37f9a57630a92d161c4417553822d8a1246c7b36e699cecca0d8c916b6493c5121bc456c3de3a86d","nonce":"adbd83083d1c47d3d3c30b68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"db12a39411491e48fb9d24a0e59759046930623faa07fcbd4bfa83291b37aa0e88fc5cc794516f5bb4e2490777","nonce":"adbd83083d1c47d3d3c30b69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"9f71e79bb32f2b0f4af4be0913cb00389c9ef27e982a93a5b1e36155bac39de81147882424684abe1e7a9487f6","nonce":"adbd83083d1c47d3d3c30b6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"685469f6b7eef2faf19f1c3e1577c5837846947bfcb7411f1be92cf70edf7a151d21279ecd3bebc068c8a04fcc","nonce":"adbd83083d1c47d3d3c30b6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"910aa1bd33f486c16a8de9b4d791fd63d1b5182d927fbad13ccebeae032538d0be5bd22d119525753f636861ea","nonce":"adbd83083d1c47d3d3c30b64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"948987fb0332ddb3384a69eb97c054455a8d89139e9df380b7d062683d5e97afe9136975f18d61a673c1c2dd78","nonce":"adbd83083d1c47d3d3c30b65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"09006ba723bd3195afe6ae83fd1b7b739178312d4d9a2ca35648556417ea97649ed4632d0a10c74492e3ee6aab","nonce":"adbd83083d1c47d3d3c30b66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"979a0100f23c309b760ba2db726c1bf3dd3e4475d6117fa74eb350fd84dc55984beb556dab086363b14699ca01","nonce":"adbd83083d1c47d3d3c30b67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"5e5c1a4fa7cb24312cec168a189fdf31d3415594ac30b290d1f092adc54d0ae15e164e71b71822bcd7e5caed56","nonce":"adbd83083d1c47d3d3c30b60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"187750bcc9890d174174fd21c2e22d3746ceec272be73c828e7f7636f23f4841476b2a60c24b2fc96c1a1553cb","nonce":"adbd83083d1c47d3d3c30b61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"df712b8e300377352b2d97d75e33ef2d8d4347a195b1a172f30a32285dcb0eb905af5e7aa3e14d7ee812b06860","nonce":"adbd83083d1c47d3d3c30b62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"4c875d00ba5c24a7f242ec6917a595c60ad8578ddcf449fd48814bc4f672174a07d8b9f40bf7dfe77be5e72cee","nonce":"adbd83083d1c47d3d3c30b63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"d7dd23178edd9b9f89f3e843b412ff326fffd2e164b16e0f7c629ce42f7c656da7ae30995e16a0f55eb452aaf1","nonce":"adbd83083d1c47d3d3c30b7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"e282f2fdeaaa15ceb4c2e94bce30a5fb147c59335b27ead494198ecb2d7aea736f167d10898ba921290a4f5cfb","nonce":"adbd83083d1c47d3d3c30b7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"0aad63883b981769d1d479e5d835307cda1dd994e2759f34bbc219bf143f1b72bc0a74d66592b7f50ad4b15736","nonce":"adbd83083d1c47d3d3c30b7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"2225911aae706c896b825e07540602813eb64614c1c0fe77fadbab701a434a5146e2f685e9a46b59b8e84c228d","nonce":"adbd83083d1c47d3d3c30b7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"c4e053c0c338efd743d5d6c92938f313255abf012b870af956412e0952a11a6eb244326e35d41829ad5bd3e028","nonce":"adbd83083d1c47d3d3c30b78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"316e39802952a4a145b58a5858519aa9e059aec87b8f3b2de7436ff0b85b7d3169f6bcf094d60c021835ddff76","nonce":"adbd83083d1c47d3d3c30b79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"aed5ec91a4b208e68529b0878d6fdd4fe76bdae6e3959cac75034e6b5342ca8805987c558c93e284424bf7c782","nonce":"adbd83083d1c47d3d3c30b7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"335691cc3e6c56e30a1c9ff269a356c6932c24fa3192fb0d0096fe6f2430f4265c9657125aa733a0d4ca531c8e","nonce":"adbd83083d1c47d3d3c30b7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"33308664c90c2c1a3f212607404b8c9018c24c44e33351670ce9aedaebdd24792bf61720c4f57f27301a43d277","nonce":"adbd83083d1c47d3d3c30b74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"ca9793a7e36fdb95938de978898d3218ce3af8602102fdad7c6da87b15df441923a2ce1097f7e1d5c6685ecd68","nonce":"adbd83083d1c47d3d3c30b75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"41f20bb82db74df1829d73fe0d51481b01ae4df9fc2ece03d33031d89a9f8196c792dbc53a2fab0b5f9d7de204","nonce":"adbd83083d1c47d3d3c30b76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"6e113a65b87860c9a44b47fb9bf0ea9e934ef2d9514b462152c657bbb6591f28204efbd1598cd6c9da5b691538","nonce":"adbd83083d1c47d3d3c30b77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"f8b9ac6ffb3723cba5c67d2a9efa4b750c16ff899757382653ef8fbb621c8ceee17c6eaae51b9b799f7a22aeff","nonce":"adbd83083d1c47d3d3c30b70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"bb96e25f24098a468e0a019cfef4a3b446020fc78257dca58681c9f5ea1137c515fb0deb609740e1acbd4a2ff9","nonce":"adbd83083d1c47d3d3c30b71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"e467a21107ac809df3087d0c1fcc72323d4c034eb02680f66c402e2f9fabd2edad4d7ed8d5d0b8a2fd853ccd65","nonce":"adbd83083d1c47d3d3c30b72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"f80cad14d8655db0374f4f4523c0134019a5d3e83a33d9078789dec7e79099715c6d5ec04452d87e06db91aea4","nonce":"adbd83083d1c47d3d3c30b73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"61e839c07226f947895fdc248eaf3c4b81b98d29089b1b9a491bb5de7021257f94e61812fb7ef1a14ac1fa9cbf","nonce":"adbd83083d1c47d3d3c30b4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"460b05fa4d3e26aa8c69f5d7d2fe620beb900e5db62cfeffe767c264aa78c5e89bfe6f130d161672bcde398af5","nonce":"adbd83083d1c47d3d3c30b4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"aa1fba7846f506b2740c10497cc891b0b31344a7b4f1ce1f0c3aac0e9910c2f3f090eefcecbc86e57ff8f8c21e","nonce":"adbd83083d1c47d3d3c30b4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"714da958ce5e5aaee47151a177eb8547ed7b9dd4983509d0496be93e3d1c9b7a3f06cc123f0d9c80892daf9e6b","nonce":"adbd83083d1c47d3d3c30b4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"c84c9c43ef12509af458cbc792322244692b16389b9be7d45ddc298fffc91b3c77e79a21c62272b28b20ee6b2a","nonce":"adbd83083d1c47d3d3c30b48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"47963634459a19f3a0f7a79cf6d32e35e40fd7239fe6073f7211a38d3884f9777f137f01502f0146c1b7cd948e","nonce":"adbd83083d1c47d3d3c30b49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"c00f16bbb5fda4f29c78f9f77c0f004c6315029f974badc838f1e4b456a09fbf08014b0769bb48d5ab4aeb6503","nonce":"adbd83083d1c47d3d3c30b4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"0b371435e9363573a24c145f7fee0ea31d0a1a08d1427f70515865bfe0aed1225ebff53a21f739f0cda2c967a1","nonce":"adbd83083d1c47d3d3c30b4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"3ca61f203a3db1e8234d5e0c665641823f526086db165e4f6835156cc7b0cec36590f2809d38b30da19ee29887","nonce":"adbd83083d1c47d3d3c30b44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"1df47d79404ed0d554bf1ad627d238ffb1dfb00ef5b8f33464d95fa6cadaaf685992fb3067623d223810827deb","nonce":"adbd83083d1c47d3d3c30b45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"a829d0bf75d96796694783b1d2ed9a3d4ab620b507404504c1e93a2d8090f7432e7bf132cff08fc2da595b2898","nonce":"adbd83083d1c47d3d3c30b46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"dd6eab45d18f4c59cddb3aa0754de7ac1e31dbe6f57d2160d93cc8ea5dcd778356ddb8476510808fa64e42ffa9","nonce":"adbd83083d1c47d3d3c30b47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"bc77d5b57783ca77b617e0c722f352942b94571bb877c358679a4d8478c1a80b3064d6fd7b699dd746a9d60c0e","nonce":"adbd83083d1c47d3d3c30b40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"d889d9e1fdb36e8211b4ab700232fd2e9afbcb425fce006a94eb7573dbd5049e63986a879f8af39a28064e0ae9","nonce":"adbd83083d1c47d3d3c30b41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"a06415f9bee4428f508655ead75836f06fd287cf70590fe13be34a03b1b2f7772adbc8e71411e00ccd059b78fa","nonce":"adbd83083d1c47d3d3c30b42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"95361069d9dfdfab45435c2cd6f3e88db3a345244d6e993973cdceac63684bd5f863e2381a015628383af3a5b5","nonce":"adbd83083d1c47d3d3c30b43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"17d572632e5a57921069b006d2941599ea65530eb8839fab509550e7fdcde9188957c1b583df52c15fde0cff27","nonce":"adbd83083d1c47d3d3c30b5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"477104e2ba27cd40123a2613ed9502ba7a94a7d8c253e2f5cf120be4b1050ddf811a19496271ad93dcf299a75d","nonce":"adbd83083d1c47d3d3c30b5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"a87fb62a0c18fdebe769adda05f3821db6ac41caf517f2c7d386871fcc290d99519b6fdc8ff999f0a56b2240a6","nonce":"adbd83083d1c47d3d3c30b5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"96957020182db5275131cbc360e802abe5e11158b471d1609894bc847c32d5cb5b24a737b81a05ca2b35689831","nonce":"adbd83083d1c47d3d3c30b5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"17a3568adcdc61571ba57f60fa5f3acbe63e393111df797580bcea2386fae285f36787ba482b91ada0a76157f7","nonce":"adbd83083d1c47d3d3c30b58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"73985d169d5c81bcd48f5fcdecd714a4a15564b864c234fe890b16a86ae5d1d4c4238bbdb73e3667d6186f3dca","nonce":"adbd83083d1c47d3d3c30b59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"b0d5c31229e67906af157397d4a7db84de2915873416d1174d3dec2c1f04b69eaa4559c57fea69226e52cdac48","nonce":"adbd83083d1c47d3d3c30b5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"79ceb8fc40050815c57af22b4730df98a7edb8b24321b6fe62631cae4ec3f9881b832b0b7f61677195c6dc06b3","nonce":"adbd83083d1c47d3d3c30b5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"9a399b23a66dafabc45141f141688e5e167a3fde032ac378db31657a8a6eb302e7ba56d3965a8cf7bf91746c75","nonce":"adbd83083d1c47d3d3c30b54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"bc484120a3c60d3ea42a256ec733d1199fcaa7626ebae9650f2f354a1d9120f9b601ff0f6c2a50cd111bd8e21b","nonce":"adbd83083d1c47d3d3c30b55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"a4ac0236d06fdc5139435011f2b57f2b60c84b83dc1781a8d1f595b5eacc7ec153f3b1902e7ea9f7b69543a41c","nonce":"adbd83083d1c47d3d3c30b56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"7022d9cc11fbe0e30fc9d0efa9c99141fca53b2bf526a604601640c1939c7e45de441b856f8bb340b6c86daa29","nonce":"adbd83083d1c47d3d3c30b57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"3bad28854aca441dd662976ad6e37e314312150dcf7926d47647a51d470a227b8498fda4c34d05352fb5672a6b","nonce":"adbd83083d1c47d3d3c30b50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"51d4639e99d9f7de75a119280ccfded3951a0d52f01bea24627a217efe1470a0ced1d1e6fd53400709f583d1e7","nonce":"adbd83083d1c47d3d3c30b51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"344b2052790b8acf5ea1dcb89987d1449358d44647ec2dac322a4958cc6224d156c1220f7fa60df10529daa8e1","nonce":"adbd83083d1c47d3d3c30b52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"89d6c18b658fad623aa7ed22dfafc25878797d51fc9cb81bc15e444f31fb610e5f315ac04e753bfbe72666eb65","nonce":"adbd83083d1c47d3d3c30b53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"5bc2079c23cb053cd4b09bcd2eb2977145a63cb7adb694188cad73201cd55e82740dc985af2eb42510db126992","nonce":"adbd83083d1c47d3d3c30aac","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"adedb5a830b8db684153c08f95481a35108ec46957b152d547b0aae7260cf8d5"},{"exporter_context":"00","L":32,"exported_value":"31385bdb10361801741b4cb5f84d6c7e57a63a8b7437a4e63b44d76a3797d153"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"88d45aed98aeac9b4627805a5aafa8aeff81457a18dc211db691ef64c5b14a1d"}]},{"mode":1,"kem_id":18,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"6966251372739d3fcce3adbcf8dee4d8ea954dd81999a0e8476248c90b64e53fe413defab99d61f14d3600e6ee69c6df47a0e34588b274cfa21fc6e88edc80f89e03","ikmE":"550b5a79048708038f3f4580b294bbff64a8713281c8c6d6a5b95139702ac0789f62293abbf4b6c3acf2e2ed784d3fa43cc6c679814b253976b7d86f2e9d8c979a6b","skRm":"007c35842a7906baa88e0c4fc379de1568765d7db7381960b9ee36bd57e3938dca3a6dbfed7045e0fe43679e0528a7687dc23f8348bbba0aeb56330e39eda544781d","skEm":"01c71d9b7e300c944ef7f65b97282f6a8d912477a9f7feb3a7eb7c4d9ae56a9edc30a536190c86375bd09d961fb59ba39541e9776b3ff4182e2fcd34b3384f0a0aaf","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401f458bb82512325b1b1d43c800ad8ead076e9611d89f4758d9e219c670c011a0cbe855afd3eb26efda09267ae810e63bd74c8031de8137d25521f94840714d5ec6001f0282cd80999bccf62d33b77e772f7a39d6ea2724fa5b609b0a721d6a640b73c9caa49f861806d56a5b9659b0cd9f3ad2e15512d7ecc4354f272cce22d6294779a","pkEm":"04008c8deff5ecfc636ea8056b3f4187bed210ac4cf82bc3bb8045c514a3dd61863cea0218b0f0253624ea3c6a8d9195f2f17f5bcab5ab0d7140bcd4c40cab455707da01eed3c38fb1e0a1d1506b0fd25abea429f39113d7963a626243be616455337baacbf54b1c14c50e0ecfdf59e67574bde945d24f689bcb8680202afe6326b0174a89","enc":"04008c8deff5ecfc636ea8056b3f4187bed210ac4cf82bc3bb8045c514a3dd61863cea0218b0f0253624ea3c6a8d9195f2f17f5bcab5ab0d7140bcd4c40cab455707da01eed3c38fb1e0a1d1506b0fd25abea429f39113d7963a626243be616455337baacbf54b1c14c50e0ecfdf59e67574bde945d24f689bcb8680202afe6326b0174a89","shared_secret":"7ff3f72d99113ce0667e6800829a3e6f07c4df79c34fb9d7a3394207fd23e1969d1dfd968711eee244772af20147929517d86cc9f6c1d2ef311f804622ee3fa4","key_schedule_context":"01a5aa7a15c37a7f4d7cdfd2ccb134e4c19b3f782db2da917f6020ce2f1fd62b4497e18b628ea977f60a69bfa0647402182d019d3a0b59d2dd03624d028053dee1","secret":"c7dd2a346118a614aa3a7af1c76fa96fe32e802300ab8251dc70adb5fc470741","key":"c898d4bbf1832410da205971346124a84a0c12b3763a7c06a394166d21f5e1dd","base_nonce":"b26d9a2cf1357cae1e929442","exporter_secret":"25b8635587e67edf4a9b70ddaa922e0b6cef4b9bee83e948dd414947d0aae700","encryptions":[{"aad":"436f756e742d30","ct":"1a2a4d9dd2d72a08ab153c2b63d3265d3c380833bff40f1df8b407023a9a74bfafde8688096ad6e745e285d6d1","nonce":"b26d9a2cf1357cae1e929442","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"ca70a33a637cfcd0656d0c6d0a528cd28e8cc63e89c32820bfaa308acc7f8cfe634fb5ee435d8ed0a012e67c16","nonce":"b26d9a2cf1357cae1e929443","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"eaad47760e416c717dffeb497775ddee374403c2fe5e8446570ecf3a0744f4610483d362aa66d284fd6d3e469b","nonce":"b26d9a2cf1357cae1e929440","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"658db07f9b48559e844525116f3bfc8386627616d9f384da480bcdb605dd039a5d637d4e6dff620ef26ab13a79","nonce":"b26d9a2cf1357cae1e929441","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"2700479c769d0de2d68768377b77f2f0c47594ac3a9109605e933a49d2194e26fcc5dcc6c0dc98ab8182ece3ab","nonce":"b26d9a2cf1357cae1e929446","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"86a02a20c6c4e07b822d5c8a518cc204174554cd4ad60585dbc175e5cd36d451aea2a7bba0358b0c0273c387f8","nonce":"b26d9a2cf1357cae1e929447","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"d78025d56fecbb515739edf9372aca2319ae73ffa9e6b9f5f58a00fa7f4b5b30961fc5d2b649b850274ab46969","nonce":"b26d9a2cf1357cae1e929444","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"4e156d6077bc6a2fe02ab3610fba858d38c190c20ad5ab06eb9b60bcec0980a928997978932ef7b670ce5c19d6","nonce":"b26d9a2cf1357cae1e929445","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"799de136d5dde27328e621181866d63462643760c8a2bb887503f9c0275cf60ddeafffd363e56be193f10da111","nonce":"b26d9a2cf1357cae1e92944a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"a7b0a56fa7554ecc8901bc9c786169b15a67414afede633411978810b4c5bac67e3665f7dca16d024d6c39c7ea","nonce":"b26d9a2cf1357cae1e92944b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"137887374614814f38f96bb739583029582bad0e8d57d5fe6c13c4149e6af8f68dc438a8f9cc88cd8daca0afbd","nonce":"b26d9a2cf1357cae1e929448","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"eb9a535e95b9e42ebf24c616983186083db0036cfc6f0dbf1b2a901486729ce482d10ca319ce91d338ed15af96","nonce":"b26d9a2cf1357cae1e929449","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"92449632075a34b62cbdddae7e48a957c12aee57da9e23d829570202a334e60234e10a1a2a9e385cb49caef39b","nonce":"b26d9a2cf1357cae1e92944e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"0187fdcbf70d35aee5751c03a419a68d99c9cafefd98771a347bcd47a601ffce048c2b4a3c381de472606dfb27","nonce":"b26d9a2cf1357cae1e92944f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"28e2ca16c637d10bbe5112208833cf241969da5516b55a408d23a9f0102eaf07a228b0b7fff63f693f1b01df9e","nonce":"b26d9a2cf1357cae1e92944c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"78c9ddad48d0fe97ce9dd809b687523a59660304dd3cc2366351de4a47f349038d59d319de96722d965549f78f","nonce":"b26d9a2cf1357cae1e92944d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"16f5fca4486255c2b11b7cd7ae6fbf537f0c16f440b4425830b0bed737856034a4da6b5b3182a630a848f0008c","nonce":"b26d9a2cf1357cae1e929452","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"9ec38e5c5bd64bb8de698aeaae1b019d19db2158814aa299fe64630fa3e9c1deaad3c9d7be49a8cbfa237f3b5b","nonce":"b26d9a2cf1357cae1e929453","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"1729a4831190910b600db6a7d8e4e2434b17fcf88d165a5dd731e8503bc80eb0fed1902dd4e5c9ed7e0bad4fd8","nonce":"b26d9a2cf1357cae1e929450","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"befc457f0a21c269f71299be5096e902c0c70957f67ea9522804afbc6df5230f7b0471167ae3e0b95390c55c31","nonce":"b26d9a2cf1357cae1e929451","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"d0bc769f025d99f532e4682c3e0f3d8d7e44496c4ea36c59ce3b62ea64a0d2ce9b1fe736232216d269a464b21f","nonce":"b26d9a2cf1357cae1e929456","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"f299c2af3718c840053fa01739f33cd63c48687f65dfb7857dbfab8e376bf6f9b203d322190e77c20ea07144d3","nonce":"b26d9a2cf1357cae1e929457","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"add13a4c80fe99fe94939dd1d18042feef0686a68756581af2cbf0ba35894abbe31118239f757e23ae9fa995f2","nonce":"b26d9a2cf1357cae1e929454","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"8334f18c817536da951caafbb2457a38e61dac7498f82994b870ebcaa9e299e241b565e5392a43a580b24354f8","nonce":"b26d9a2cf1357cae1e929455","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"c51357f61582d7c992782f66a7413e7cd3fe2867ed1606c3f53d35d2d70243898d663738a8d1b8f314a3b17111","nonce":"b26d9a2cf1357cae1e92945a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"fdc5ded1d72caf1ec83039691142747f6ee75e4aedc719e2b3d967e8b356d05ff647b7aa55fa730ceaa642288c","nonce":"b26d9a2cf1357cae1e92945b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"3e956b79142bd7b329154fbc9dd1383a91a2b3e894b328d4a4bdc11799c89651800f8320e9d5b607137f260515","nonce":"b26d9a2cf1357cae1e929458","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"a072802072ea1803f4a75caa58f1243a80dc906efbf51ca82e3133e4b29d1f9c0e10cc1ed4bfcc15c91681aeee","nonce":"b26d9a2cf1357cae1e929459","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"6e3a4a5a0a7a93bb44da38a8d58df32aabec3624a4983a6b59a73f9bba474c259143b51657522b3e0152e7a181","nonce":"b26d9a2cf1357cae1e92945e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"4eb2b3bccfd84bbd6bacfe5d23b404404e2202d84360f9dd44577e5c10025bfe185bcc563566028b075a3b953a","nonce":"b26d9a2cf1357cae1e92945f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"bbf7ce9482972908df821917ac900064f031eb840b04596543556e04c6690bca398e13d4f12669e4b0484363d7","nonce":"b26d9a2cf1357cae1e92945c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"c19dbb2dcba92946fd94602f51178f98550bde1877dfa20c65da32d3063768346efdd30d3786122cc79ea4fd66","nonce":"b26d9a2cf1357cae1e92945d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"d8b298e6ded690caa93359e402dea84f7a95c190c4744eead37dde95d8f82c76a45cd9f0fbdca50be336bfc2b3","nonce":"b26d9a2cf1357cae1e929462","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"b882edfde6defdefd0e5b484c68d0f014f556acea0da0a3ade8efb06083da00966aa97278c3e5421b90175781e","nonce":"b26d9a2cf1357cae1e929463","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"7da3a9e1065af95d011e3b220a30fcd566460a1b249720bbfb30339c0f688247694047141c3aebf2e525d712e8","nonce":"b26d9a2cf1357cae1e929460","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"1db0461c97062ce544f60ca1b3b54dede17ab87a35ec64546f3de73e588d331781d19fbdd2069b888099c9d987","nonce":"b26d9a2cf1357cae1e929461","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"cbaa6afe13002eeaf18be9154a1145316f81d493e5e1ca5df9a0a69590a8cc1dc67ce317d51b04dac825fc47d8","nonce":"b26d9a2cf1357cae1e929466","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"1b309d597810654eba95bcd18280da508ba8d5b7d567ea1c3b13a7b42da4e3eedb0126099fcc9a88205d3a3abe","nonce":"b26d9a2cf1357cae1e929467","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"19153f5b6b7aec61830115a925af32bd638e3851ec0293d4869e2e1da4a9d49689791ee677768fd9370c6dd95f","nonce":"b26d9a2cf1357cae1e929464","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"7ef72cbb7b175116b071f0b6ccd0359d23342f354340080f1875810b2bda88c69f925818181783f290c2a29514","nonce":"b26d9a2cf1357cae1e929465","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"c8d39113794450ee2b510a14a59bce266881d372221602293987b670460f7130f774250268517ba35c8509b64a","nonce":"b26d9a2cf1357cae1e92946a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"64a8567eddcef9b3baf53e788a31f9967adb458c7c27587974fc77691b4784351b342cbcf005db862741d66c5a","nonce":"b26d9a2cf1357cae1e92946b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"ce7f1241f3f8510846d35c24db9c41a0100d4000d32d9e51b418083ea3800d8a2b46fa793fb488bf4cf2258fa4","nonce":"b26d9a2cf1357cae1e929468","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"8ded39fb15fb30c4eeaf17070499f8403643412f8a067ad9d0b45e03c4503cafd44c63139e7adb27bc2b85164c","nonce":"b26d9a2cf1357cae1e929469","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"4ad37f85b1223048cc19d6e34d9fb88239d2c81cb74d6dc10fc0c5820ba0cbe8ecbc91a36ac763c80d588630cd","nonce":"b26d9a2cf1357cae1e92946e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"1d013bfe3208672fa352cc8f30c2375abb02ba94960fe47f536b27eb4ea0f9e26b265047731afc9f1b42503d5f","nonce":"b26d9a2cf1357cae1e92946f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"0be5ec6fb13a213f47f17851339840da6c4fe0587498992ebe8ecb6a60aecd1595eed852a58066222b91aa8e4d","nonce":"b26d9a2cf1357cae1e92946c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"c5ae946cb74c706cdeb60022ca0cd72ca19abce41bde8f64607814c9ea3f118e4ebdde23540a20148c42c70fc5","nonce":"b26d9a2cf1357cae1e92946d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"4e803fe1699a86470c6422f93cf033ce356de71462ccd96937b1b168ff7be89cc05942a967e7ecd028ce406917","nonce":"b26d9a2cf1357cae1e929472","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"6fc0e1429142da55a934eaf9078acf64174b98bdb1e1ee803a657629c732029f6761e109203e8b4776b0febd01","nonce":"b26d9a2cf1357cae1e929473","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"6457fcf7ab62d3b576ec10a900bfaff98d4a7a93fccde427b468556e3337bb75be35b5316e1b1ddcb462269943","nonce":"b26d9a2cf1357cae1e929470","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"ad8974d8176c18b0f6c7c4f07b3026fc3a423f38fe3c5cd938f3b1209cf036a1efec63245595df3eec4d6e97b8","nonce":"b26d9a2cf1357cae1e929471","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"7d9f96b8669591c6614c9eefd3680cfc48cd17feb6ab122c66669ba492aaf84f7d53a0a8064fb375a88ac632a8","nonce":"b26d9a2cf1357cae1e929476","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"8004e4827f95536974ca8558bfe3154a9a122308e2c23a3ab0fbc2c2f037a9a3a6aa8499237910554b510500c5","nonce":"b26d9a2cf1357cae1e929477","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"3eef9657ede8fd65d0325ec5c4b8bdd763071dd8c7642b13913220613b59f76bd4fa16b90974b8ed3d1a929eac","nonce":"b26d9a2cf1357cae1e929474","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"f9aa4cd781058567d0f03c72eef35a0d49115a8f35b2b8102119b693db08c69421c17584cf2e08051eb56c7c03","nonce":"b26d9a2cf1357cae1e929475","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"9395cbef3e3789f7b0bbcc7395c99dcda708f45b3a0ce3831bc4cac2922e3668156a42225adb448c5d3f35a161","nonce":"b26d9a2cf1357cae1e92947a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"99325aac1e895904bbd3e72e24aa1d5930d049b962b093b5e5718eed39c205e90326c34043d71d1c7688d87bfc","nonce":"b26d9a2cf1357cae1e92947b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"ecac9866782162e53810f73cb7e4bcdc1242a8d1ecb0cd929c657f3b1981306db9862c17c4e5aada527b097dea","nonce":"b26d9a2cf1357cae1e929478","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"ae5d161a9b57551f1a85a174ca48e7d2bd227715387b64143ac073d9132554aecde34293078d5054a425feef5b","nonce":"b26d9a2cf1357cae1e929479","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"77363271030a754067907ec330a0c4c6427f69ca13ba2b2140bf55501c5d92ef27534dd91f64e1b06391aefdbf","nonce":"b26d9a2cf1357cae1e92947e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"d9e480951873d8c5b32cccfe189df1348b871d3fa210a5a778debb3c8e23d159fc9eb2121f42fe2f3acafd35b9","nonce":"b26d9a2cf1357cae1e92947f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"815c4a747da41dbda435791daa088a5d23ae6af5e23864bf0b13c3a57a5089d443bf6dfb876c0f8b7d66c3dbc2","nonce":"b26d9a2cf1357cae1e92947c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"c0ed10160f8fb7182e8dad13a0e5527e5a583d82c50d894874e7f624310257e7b9baaa69b764bad83632be2c54","nonce":"b26d9a2cf1357cae1e92947d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"57fb902cb47157d1a43c9ee044475f2248980104201c2514df3cf58d4e9cc076a80a1f70c13e50001d8584e716","nonce":"b26d9a2cf1357cae1e929402","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"ab384208b84d8835e588cf510923b6ae413223c1809bb04f52a0fb0b6c78040314e880d43bc315a3b8bdbe6428","nonce":"b26d9a2cf1357cae1e929403","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"9d8beff598a1cc3afef16ab618e1aaa4faf2335b1e5e2366ca0cf596b038e4741ca490ba35e4543010ea41c1ab","nonce":"b26d9a2cf1357cae1e929400","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"483ad22eea22ffbaf7777f6bf2bc9d728b003f9c800993a0bfe1563f84bc6e23a7fcce27a94cf46cc35d1dbea8","nonce":"b26d9a2cf1357cae1e929401","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"856d05f34665ce503c645590e3e88b3db922ae83f3b806d8602b9638ad89fac17efa960dab133fe6403356f9b4","nonce":"b26d9a2cf1357cae1e929406","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"1e921b7c82627aaf38871173398986ded569ae056bb8cadedce1d2550f87b39e70889ff71f1dfe35a9bea3791d","nonce":"b26d9a2cf1357cae1e929407","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"fac2e57228213734298c83714e749093a7dc1670b98251dd53a15a744d282287c6083176791e4370d1d7548ea8","nonce":"b26d9a2cf1357cae1e929404","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"922aa2375242a547cfafc41a3f2fb397c7ed3396ceb1927f258e83498d6c4997aec2b6223c8414423fee9755ec","nonce":"b26d9a2cf1357cae1e929405","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"463ab025e3b10ba939f7613cc51a98fc588c8df23f240e5081a63d8af4ced6913a2a5a8e67b9025d76183d2049","nonce":"b26d9a2cf1357cae1e92940a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"4ac24a8bf303bc1685d1e9fc401cb327511cc0e2b80e5b1c943b06520471d7c2d305b2483927d5a478b201672a","nonce":"b26d9a2cf1357cae1e92940b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"1f55013a161665f3a5841792074f78d59e359a690f67feceb9bde4aef702040fcbb33c411ab050c379eab6292f","nonce":"b26d9a2cf1357cae1e929408","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"8912ae2fbf4c3831857e347627e234c9d84fc0129b17cd6a759a834d6333400608b0e55623930999a9079bf4f0","nonce":"b26d9a2cf1357cae1e929409","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"d148425581897a91290ca28f6a910843c32dc5e8f103d737abea1fb102f26ee46d90872554d2b4ca8b93792bb8","nonce":"b26d9a2cf1357cae1e92940e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"cfcadbadebf2e0450be819518784d5ff093d5503edd2973a748dd02c3d92eda5d6a7988da8bad190f12065a0a8","nonce":"b26d9a2cf1357cae1e92940f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"6423fe6b04a74c96613a502ea4826001b09daff2f4e74833d95b73cf3befc1ff51d761a21d76a31f2a5af281f6","nonce":"b26d9a2cf1357cae1e92940c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"f68b1dafb8d44bc953d8a8c7f1b052a4c86a5c93dd30bfa559a104d9a7edaaeaee7f94238569c1e61dabda9332","nonce":"b26d9a2cf1357cae1e92940d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"a9ecec5aebd908f9afe06712bede7c17721cf944e261df7af22b56527a232ea9825ae15c8557fc3e684a26be7a","nonce":"b26d9a2cf1357cae1e929412","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"7782b9a8192eaf4066c5e027a260c5300b3e49dd8c218b8c969d77350e1c3a02e8e51e6d7354da826025efec32","nonce":"b26d9a2cf1357cae1e929413","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"eb6e3da772a304b15064a2e5b7821b74f17676e6638ae14bce6bdf80000d09538144bf9481b2fef74aed2626d4","nonce":"b26d9a2cf1357cae1e929410","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"fb1de3ac9453a2fa4a23bc2b2006968af5f7bee38389ecab9d4e20c60e670723fdece707e30ec6e2eb76fb0b21","nonce":"b26d9a2cf1357cae1e929411","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"c28a0b00d9b6053cb7f4d565b8e717ffc0f954f6a50e89c7ffe0ba348685651932f1758ee502034869ec4122c8","nonce":"b26d9a2cf1357cae1e929416","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"4f4daa2a067891087b02a77200f0ef1a4ed141d3e11580904beb6e82547b49602ebbe4ce0d73bd23a2d09e50cd","nonce":"b26d9a2cf1357cae1e929417","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"e16f79864a37f305c8daca6c591bc93e001be2392eadee26cb1715279b1ad0c84261ed35e373f162dd558ebc74","nonce":"b26d9a2cf1357cae1e929414","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"66b857b7001478b2f2c099ba8756cfca09558bf4fbc1aab01225947f98695df3ac0336560de1715b3c25a7e667","nonce":"b26d9a2cf1357cae1e929415","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"57bd3b9a1d70d3ea16b84357abb60bcf38585222f9485fe0f5e3c4f8c2f4df886f2cdda2a75b5b241b6c6e6af7","nonce":"b26d9a2cf1357cae1e92941a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"ac05aea934403a53d419c3151efca6083636a6784680fce2a092e21e2483cd156b87198a7a155f902d9b0eea6d","nonce":"b26d9a2cf1357cae1e92941b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"6b00671e4b955d1d612dd37aa9a4baa59c2790448a5b12e8d859c8b2c54ce951b941b42481caa8b1eacbb453e3","nonce":"b26d9a2cf1357cae1e929418","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"9dc5fe48541ca51544aeed3cdae58981aa02c7ddc7253cc2ac7e05448ea5081de2af13dd16a97bbde07dc94a42","nonce":"b26d9a2cf1357cae1e929419","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"6ef13bc096d6f502d60165d7d8ec4b486e9fac3a874c43d57f147e65fad7d875e7235322d8a38935a0c74e3e79","nonce":"b26d9a2cf1357cae1e92941e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"9be3fff776caafa56986068ef31d908e1157253df3c17c484cda4252e713ec092b73c66db50da37e7968e80bba","nonce":"b26d9a2cf1357cae1e92941f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"32eb6730481bd90c4ee6ce03371453cc663c028c087573ef479e790d1290fc7ba818640c8d5a0c598cb804fc32","nonce":"b26d9a2cf1357cae1e92941c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"207e729c67307ad17a2d0877ac38cccff944f764555ecbbe47b621369da8b14807c22fc55fa354907bee93062d","nonce":"b26d9a2cf1357cae1e92941d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"9405e91b5a4a0c08a711cb89b814e42b2c89346c161831264fef3eb1441564e5099a4c846b6f93b4d037ab1f1f","nonce":"b26d9a2cf1357cae1e929422","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"36e978c0761165c4e35b10bbca41b427da8af46d388dd4cf173cf214cecee335c747af0d9d4002c8aa5d097d45","nonce":"b26d9a2cf1357cae1e929423","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"d82598b72c4b4724091326698f7fd0b5b6567843561fafddd5dc65530926b859c9b15809a1b634f82df9ab96c9","nonce":"b26d9a2cf1357cae1e929420","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"54fd119802d65cade6c2f20fd9533c906602ef72c99e48373c46bbb140e6f47b346a10859c81fc5f3570401789","nonce":"b26d9a2cf1357cae1e929421","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"aedca170965ee43f372db66fc53856ff62247e81e6f926232069e790c52acc0c83c6dd946481b92e5b9088eb20","nonce":"b26d9a2cf1357cae1e929426","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"98bb8a1bdac1565a2bbe90dae4cdbece8ca1ee690991982d11cd580fa968675f1468f1d29db6202ada49f812b2","nonce":"b26d9a2cf1357cae1e929427","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"c999c0a5a5d0f4810be085d3717e7e3947b1840743eefbca88446d59faf543aedb67a427e85164e35a0bcf62b2","nonce":"b26d9a2cf1357cae1e929424","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"5d11235bf34075c90ac2cbd495db56b55daabe1703f39640fc448e31ca0d5376845a521bfa95b34ef9e8a70ffe","nonce":"b26d9a2cf1357cae1e929425","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"cfd74a77f8a98c8adeb4ed78c0472bb2e56a8eabd37cfdb04ff85a5da857cceb60efb20ed5f371d17dcd6b903a","nonce":"b26d9a2cf1357cae1e92942a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"e7fd74d4e66582329ed0599346404bfc1a802bd3b41fd701a0cd0b62c93ed454153c94045473188c4624062424","nonce":"b26d9a2cf1357cae1e92942b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"e48e90888865a53921db6da7072247d71403036e4856d2e27b0b639653f2fbe130a0def7a5d84092a5759c3cf2","nonce":"b26d9a2cf1357cae1e929428","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"60cc63add25267542f11a0adfbeaaec985986999621911a2d4516ec3025b37e403f9c6f140784ced276c2212f1","nonce":"b26d9a2cf1357cae1e929429","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"56e1909bdefc46dd029c9aa84c6b39e68b816e59e6005bdff2c2298e4c0fa788f07221080fa5158d2da3a082bd","nonce":"b26d9a2cf1357cae1e92942e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"5ded9b8c618dd025eea0dcbb66643497bb8c58168444c907fbde0ec1c65b8a713dcb3ee9e7079de88d6bf67dbc","nonce":"b26d9a2cf1357cae1e92942f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"0ffa0067a471282d28c5555f8bceea7e63b54ee5bdb5a312371cd88326d9b8c801b00196f4b880eb063b61ceba","nonce":"b26d9a2cf1357cae1e92942c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"48e36a49c99e1639ae5006c09ab868230107a6ed09131e902766504c59744d921faeccd21081a7567a63b9037d","nonce":"b26d9a2cf1357cae1e92942d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"e65e5a79adce7f1c90a4a561b9bdbc6ec74612d7836c094556bce16dd8a0d9395221be1c1a8b3c1baf9f0e7bbc","nonce":"b26d9a2cf1357cae1e929432","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"7bd72410263e3a9a38f3162b52a6ee68b24ebd89c8fb52f0ecb4a1589e41993ecf1e83b79f236b24467417dc7b","nonce":"b26d9a2cf1357cae1e929433","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"f4879071601e0b34b6001c66b88c651ab780c9df7768398c19e4ebc05ffb3b6c05d5096d79d8fa381ecd4f5a7d","nonce":"b26d9a2cf1357cae1e929430","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"c2e94dc4ffdf22249fa9100fc505402cbb3f8cb4a9883d143fc33b784d7cf413b50939d97fdc6a81d7f3ba61ae","nonce":"b26d9a2cf1357cae1e929431","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"80a551e9259aba496cecc9d7074b7feb7098537d5c5331769460eb7d226f491774b480c949977c492367040375","nonce":"b26d9a2cf1357cae1e929436","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"0ab58671bbd3e646ae81b7cd66511c1cfc221affe7330260682be4c393ad76aa60b342672960c71bc8b5350c1c","nonce":"b26d9a2cf1357cae1e929437","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"b7c0a2bff80290aac9b2c5b298caac7d47dd916ab86ec2660f71e4ef6f2c9eb3ebcbc1a0562332c665b65adcb5","nonce":"b26d9a2cf1357cae1e929434","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"677ebc3ffc7247c1046a83c9a3f6e328155ccdc4db7d2671e9dd3f298b13341523e4cf8bd1f1a2fe36a60ed909","nonce":"b26d9a2cf1357cae1e929435","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"413a3a2725359aa07aa4c64a69c3b7658a9e320c79d20feab5d8962a64b7780d2ed0659887758bea2881a4f907","nonce":"b26d9a2cf1357cae1e92943a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"a69426eda93693cb92687c095308d2b6c133f46a765aff780963edd3680c1762b83cec610f9faeebebb185dbab","nonce":"b26d9a2cf1357cae1e92943b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"a229185025021456274b5b23fde475a35beb123d43c3348405434764f03c9f88ec323ecb9c65ab027a9e85b881","nonce":"b26d9a2cf1357cae1e929438","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"d672ab0097e055b81fb3632ae30bec7b79cae899d4f6acbab5e30bb4f62ee8033fe1d5ac2f66a77518851f0e5c","nonce":"b26d9a2cf1357cae1e929439","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"addbc21e73c5afdca58ec242c83fabde04e8df255fb41aed5c74efdef624fb042b5d5be02826d56513ee3c1d78","nonce":"b26d9a2cf1357cae1e92943e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"b1b2735badcf10b672e4166f48165d537eb77955e75e3a760b94a4b0fde7e4eea1e919df7f1deb3a5a3e6978bb","nonce":"b26d9a2cf1357cae1e92943f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"4eeb6a14653d6344e94bffb2f8bdb6a3746611d213ffbe911b6d66664d5d3b7d42061027ec09284f75e1e793f2","nonce":"b26d9a2cf1357cae1e92943c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"84534b6342b3af56a1bc7845560687bbfee5656cf2a3f856cd530e65d4ae8444b963317ae3bc2001925aedcedc","nonce":"b26d9a2cf1357cae1e92943d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"cb6672ec54fd7110ad7aff23c914349c036d48a8c4b8040a2a86ebd44e7a02b3402db467d64362234e6522b3a5","nonce":"b26d9a2cf1357cae1e9294c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"4033f04170108ce1928303f4a126d5fbc47f3d49e96daebea832b2c476c57702cdba4cbed10374e7ff6180ee82","nonce":"b26d9a2cf1357cae1e9294c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"2748cff6fe58b2c0745d1d50f3f2135f3d659afd3080cffc6665aa6393d17e723bdcf148dd51686e45d6cc35be","nonce":"b26d9a2cf1357cae1e9294c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"303416effaba3cd1cab88f97f81d94ffce321512ecff5a9d84a7954c00fa3c006076b9b066dac75c473e48b079","nonce":"b26d9a2cf1357cae1e9294c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"cc733e8a95e110165329fd4144d945a3525ce0ecd2423fa47e14649385c9baec718c33bf7466fa684adb066ac8","nonce":"b26d9a2cf1357cae1e9294c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"504f57a726c56319e08b197255dbf6d9e5c8dd1d60538c0049abcf95796388a42050b5cb1e1b91d421a46feaad","nonce":"b26d9a2cf1357cae1e9294c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"7594411f2860e065368a431ed8d015814531a52ab9c845f0ff55e4c0e90e2d6a09d75f1ec37c73145313a0aaa6","nonce":"b26d9a2cf1357cae1e9294c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"0b16c202ba81cd7fa1711f799fb394a895818fce84d50932032ae8d58f83cfacdc1f821c0fa8cd504d12440f37","nonce":"b26d9a2cf1357cae1e9294c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"be8ff559954a5f68992efa14b9bd6acc6f4da944236175874b4233cc1e065bd72c78d03a1991e6b83676250090","nonce":"b26d9a2cf1357cae1e9294ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"2319cb0d02876449ae41887e90aaf3c6255159bd9abb301b9bb5e46794a13c62546e164a08215a9431fac6d0ca","nonce":"b26d9a2cf1357cae1e9294cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"84b5f4832c940b43c5aebc852d6e93152d3260de2ff2b39ae9f5ac8473dbc07a9236cfd5a819ba0c0820120c25","nonce":"b26d9a2cf1357cae1e9294c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"809f3cbbd67bc82a2c8a1eff91f6eb3dfbfedeebfc9c5bd235d078a4bb3a05ad8d655f211102c9e0ed9835d672","nonce":"b26d9a2cf1357cae1e9294c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"5794c81eaccd8b7c5c78ad60d616b7b7fe537f10a4d526c14c1759f50cbfc62a5c357404df5795d41519e72572","nonce":"b26d9a2cf1357cae1e9294ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"2f59ee6ef560913f165bcbdeec4723e51b94499ae891aaa39cf6b30633fb98888e04c6b56cd242ffc8655850b3","nonce":"b26d9a2cf1357cae1e9294cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"4e3f0722907671100e95cc03afaa104e3febe2d9d077f95fc690d5b7ada18e84a6b3d5c3542bbc56bbc1a9ab9c","nonce":"b26d9a2cf1357cae1e9294cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"22eb930ad26437b1013865b3bf8c7130e71642b0b9df8cddc7a43d708957f5ecc11155731cecd9de593f4cf4b6","nonce":"b26d9a2cf1357cae1e9294cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"7aa6d2fb7c08256aa4bbb5ba181362653a1a83b8256c9ee48f59868b315023f4f61ebc144bb177fb1515e6f3f8","nonce":"b26d9a2cf1357cae1e9294d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"1d4388fa2541c9bf3c8f483a5c040665611ff61d8284e0867486f789393cdef661ce629b800661065d4c7eddb6","nonce":"b26d9a2cf1357cae1e9294d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"fc1785ea92cb4d373ca1b33f3b1be2f0dcdb3551e853d4c2ecf8641c2e319a5627ccd69bcb01de0906bfb30266","nonce":"b26d9a2cf1357cae1e9294d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"82eca48a5b6d0918ba86a7f216b34f537855ddb57b42b59a9cc2910412102f1c75eaff4573b329dc10573ebadc","nonce":"b26d9a2cf1357cae1e9294d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"a46b0ecb5e3bdb70bccd8540f1b89863594ea4ccb7407ffb5ee51962d17dfce864f478f414495bd6b73ea5ff1c","nonce":"b26d9a2cf1357cae1e9294d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"6613b74749899efb1747cae059023960da615a55a69da7280b9e60a51ae778a5d2545f94aeb689a410fb54b969","nonce":"b26d9a2cf1357cae1e9294d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"0f6e4fd4b24317d6fdd33631b3699e28d944114e4e760c8cd9aaf93607a4b6ec07f68098ad7f827c331624fa43","nonce":"b26d9a2cf1357cae1e9294d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"c802e9947a6c2ff9e86503f6fd762745f65a37242226b412b8c2ac20bec798668e41269737db1742984a3225e7","nonce":"b26d9a2cf1357cae1e9294d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"cfb4550651192d1cd9ce9b6bc73949edfd2d8ac586ba841dab12a42ae1b708be7466862ab054a8bed30a63835e","nonce":"b26d9a2cf1357cae1e9294da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"040c39f71a3fc7d61356015f65e5ca1efc659266996121ad80ce01f54e449c4b921dee13be4990dbb04dd919fc","nonce":"b26d9a2cf1357cae1e9294db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"fe6b1d50029fc0c71b9abd46d06582f90b9478ec638d81c9b1786fd799474b741f14274c0b4aaa5157c87eb08b","nonce":"b26d9a2cf1357cae1e9294d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"43d6a29f4279e0a82f493f7c00223e91e36d22d478e3a5f6c31039d33a799f30a5abfdf62bffbe3339a12f22b9","nonce":"b26d9a2cf1357cae1e9294d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"232a37422dfd78abc4b81aebf886e964db570bd3d087f5b7d79995367da5a11bf1d2f6558a316bd960b1a996c6","nonce":"b26d9a2cf1357cae1e9294de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"98c31eef03e833fac4e3f5f33104ebb54bfe6af75144120595fda750aa3354cec8dc28ba2329b3f83331322a42","nonce":"b26d9a2cf1357cae1e9294df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"9610b71fc867c321d67dc7d484cfdf626efcd313c79ec96e99af9239bbc63ebc43a4b0bcd22c5b05e173cbe647","nonce":"b26d9a2cf1357cae1e9294dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"6fba70aa6537fc94fdd720f13b08f569ade0b63c799473732c8848e63a5ed3c31ec98e2ca92e4e52f9e20ec02f","nonce":"b26d9a2cf1357cae1e9294dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"22821eefcd547a7fe68f17790698a807b35f34509b9b287c5401240d0c3a791ae3d81c4616bdb1db57510cce53","nonce":"b26d9a2cf1357cae1e9294e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"5ddf66e5d8fa2ec85df21d04ebe250a0dc8174184bccec05ecbe79acd8e9fbf0c521fb448893790e883d0c40b1","nonce":"b26d9a2cf1357cae1e9294e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"25d7a50e149472d4d7254f9839be18decb3a22b756e09a7f444e2ff7757886f4a8376fd1df12d6795c4826e575","nonce":"b26d9a2cf1357cae1e9294e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"ccad7902f945a85221cdebe034eae6c1d1c5f8f62a7ef4fb1e4e0cddab95b0a29c1a305abef1e190aa872e38c6","nonce":"b26d9a2cf1357cae1e9294e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"b5a0550893699115c13aaa6e946548e121f2097e2f03cd931754b239c5ed18c326e71d324e656bd463e0501554","nonce":"b26d9a2cf1357cae1e9294e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"7d25359bbb6c214ed47f90d9dd396dc22a85ec5bdcce83bbbeb1c4f512f11b609472fb22609683b61305c956c1","nonce":"b26d9a2cf1357cae1e9294e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"f5dc111530a52b081ca423e0d1fe720453d892147014d5ed5a17ab1618257da0b46782621d159f22906eb3f12c","nonce":"b26d9a2cf1357cae1e9294e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"57c1f4a41db2c3413071909751c83eb7d2d8b5b978e2b1671b2031427a1a930f19e4548df0f39ba4146c349da8","nonce":"b26d9a2cf1357cae1e9294e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"ae124f0966239e887c2ce60c1e0da35dbe46eedde8b375d88b570a9db66071b43caf0910724e595cecb70252ab","nonce":"b26d9a2cf1357cae1e9294ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"f12b921df8cb26c72747f433bd8f3e37f48794cab95da57265478d9148e65083fe0497d4164064107429fd2e0d","nonce":"b26d9a2cf1357cae1e9294eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"4623299d4435a91d1a3a2fa9669c9a384b36235a201b72febc247f4ec9c3c905000646ebad260b61d5140a4493","nonce":"b26d9a2cf1357cae1e9294e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"b4d1567a33c1cdc2779343ed1b4c33255291f4e04c965dc4d91570aca6b04cdfc46b8dd3eb8db97da7272d2849","nonce":"b26d9a2cf1357cae1e9294e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"4355d2fefaa377177d27b8ecc6c75d2894d08f8444a5f361dcfd2bd04f37b352eb8fe3b82c727c8af396dd24cb","nonce":"b26d9a2cf1357cae1e9294ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"1957a12605040fe8657c5732c9d1600efdffd392d3d838adb74c7b6d6806cfe1c8595b5b830659383cb3742931","nonce":"b26d9a2cf1357cae1e9294ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"ca8c815b0615b6921f3276b750737e01ee0c1b1deee46093a3cdd768e8e9f40973f1d4abe847c78a3146d99efa","nonce":"b26d9a2cf1357cae1e9294ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"1b887267ef30c916a31eaacfc7a84c5865cc2dda35a184fbd4ebfc776b71ca54d6cf8cd08c27aa8fd52e4acdc8","nonce":"b26d9a2cf1357cae1e9294ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"d0f6e9e6058a3758d9e8a5de3e419ac676a51e1548be5f0720af4c6a3550f2bf13c2317a51c50b66b23da225cb","nonce":"b26d9a2cf1357cae1e9294f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"05e0c8bf695b2b7410c2527cf1baf7bfe836a7c44ebaafe93d2ea47af898cedb951bc203298b9fe79767428092","nonce":"b26d9a2cf1357cae1e9294f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"f1b69c0621cf3d549067077dfc6d7567a70b1bc86969f6245733139d8c3000c6b12ad5968cb7b1142d911ec5cd","nonce":"b26d9a2cf1357cae1e9294f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"33c9b74c844887edeaf34583807ef1a3db5dd048aeaa770f9e00de3be99aef5c05077d3682e45a2e9f85e98e56","nonce":"b26d9a2cf1357cae1e9294f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"42afbcd28f53d6b84edf02af64e5dc98e23b89c2f269d324c7cb146e26239fbc1b0e3f66ab2b6e02be6ada5de7","nonce":"b26d9a2cf1357cae1e9294f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"6f4035a808a743a55032268b3431f414be807e293bddd0fc1971e9f0e6513d87965e710fa3daedfec832720fcc","nonce":"b26d9a2cf1357cae1e9294f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"c9b37bd112c4706ddde37d1a4e1d5bee74d79871bac9fca87f09a4ced579b66153cccdada4d51d81a084311d22","nonce":"b26d9a2cf1357cae1e9294f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"75d199a641f5e36069c47075f35966e846ddffb4e689c3934a93fc3a3532524bd6b5b8de54f937c0fcfc43cd2f","nonce":"b26d9a2cf1357cae1e9294f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"654d9a524cb00e4044b4531338f21c610899d38283d6dbd8567324d53a5537491aff7fbd6684298deaa6d4c8fd","nonce":"b26d9a2cf1357cae1e9294fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"61fa30e189ea9922cf58c459e484a671d0b325ae1c7355372a9d57d4e6249116b125b70f3ad373f270711ead0b","nonce":"b26d9a2cf1357cae1e9294fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"ab3758a2cc745d77d222b0ce9294561ed38fbc86eb36dfca31511f67692a91d9044c1dbc5d6f4e64ed4d63a4f6","nonce":"b26d9a2cf1357cae1e9294f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"30ecc2b3520fc3425d4ed6c66b330a26deb260ed547235d90a035804d4b05a2cc0cf1a0d259e829060f605384e","nonce":"b26d9a2cf1357cae1e9294f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"2a4cb896d006e1d3791daca680528c7cc67e21d83c3970e64fb7c148a30cd3e4733e233084ca31d6d6eb3cba95","nonce":"b26d9a2cf1357cae1e9294fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"42126d42b103f11931c23117ef63e46f7abdd15f5e5d3cbc7931bdb15bf4ebe9c99be6b8d1754dea7a726169e6","nonce":"b26d9a2cf1357cae1e9294ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"b49ccf139d6fa5c965e1df506e6edc67ac8253c7d36f342893e3adead6fec1682746b51d196e7ee4024a355999","nonce":"b26d9a2cf1357cae1e9294fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"5f0d55c7c6e72537bf79a78c084e6d0dc4888d95a5bef8da17d6511322365eaa3d07b0560a91f2cfcc13e06f25","nonce":"b26d9a2cf1357cae1e9294fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"b6aefe69abcb9ece7497d89d51e055e85d0ec6c3dbcba95df7f937aad16703ddd3bfaba8c19a59d2d4c765fb81","nonce":"b26d9a2cf1357cae1e929482","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"532dee2a5d60bdc410a432a8ef35102c6b41360948bad293d8bacbf618b02d17174e71b10ba9b6b2091976c0bb","nonce":"b26d9a2cf1357cae1e929483","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"6efcabbcdf995034e7cd6b9cc0f534a414dc93f5343a12057e06826b0e6b19d81e553a8210a17e363a90b49004","nonce":"b26d9a2cf1357cae1e929480","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"3567c71d8587aa183cdf479dcca3a158028aed6ec295fb56ef8f6f149ac288b61fd58985f121796e25e6097f53","nonce":"b26d9a2cf1357cae1e929481","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"f055de10c6a2553dd237f85acd3346767fad86bf77883a35efe64052d8cd38e71ef7ed89166631d0dfe06386d7","nonce":"b26d9a2cf1357cae1e929486","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"427a2f39a970542ce3269d1177b9748251398ecebdcc14e5eabf11ae6cb65e85da9185e69a9ff2a7165cbfe25a","nonce":"b26d9a2cf1357cae1e929487","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"a0c44c81051c79e19c577267faa42e9f3854d024fe83e1fce8aab394d984b11a5bc5ff67d81a942c9605145433","nonce":"b26d9a2cf1357cae1e929484","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"dc01320922ff28bd444978be99ad94c62cd9b23e0c8a8d2e1afc1d46eab827c102ec652d56ed2051584d73ccf2","nonce":"b26d9a2cf1357cae1e929485","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"89629d7c094c4311a3b8a14605afa488d25f32f659110856104c2434f430d5d6e5880daa79477f94c21f2049d3","nonce":"b26d9a2cf1357cae1e92948a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"bfe27bff0d39806d6508b0f084d9ba919676ae18aa34f0196a4083565ad034459201dfdaff696bef31c2abbae4","nonce":"b26d9a2cf1357cae1e92948b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"8d90b6a31914d7ed5767925a16482225521f01cf421a08492dc77c0fd4b5138059b40a8c7cf090ad9188c29b23","nonce":"b26d9a2cf1357cae1e929488","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"199d470ec509471b871610a03a09527842f7a6b3453df8732d9215104bd4d62a2aaac67a1a638ff57e273b9cc8","nonce":"b26d9a2cf1357cae1e929489","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"f953d95a896c1a4cf11469901c2452cf8038db6eca77667359dd69e576c4895e308f8a3dcc85bec1b89db55893","nonce":"b26d9a2cf1357cae1e92948e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"7a98f179e9b401c0f8a6cbf8c5a1a7aeb7a93da9bbd59188e89baf9b0597cc1bfbc495a06d8b9658959262d72c","nonce":"b26d9a2cf1357cae1e92948f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"95edc22caa420beaf42b8a515c3653f9e7d70cd19d87d44d12329de0b5da13ff18fca338ee6ffc5845e490235e","nonce":"b26d9a2cf1357cae1e92948c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"a36fdafeb6e1c359380e9f37f604e7d057be9442c189314577c34d9f90f3a0853c212172985125a36c8464bfe7","nonce":"b26d9a2cf1357cae1e92948d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"fd72cba9d88156e25b718f77451088bcabcce2ea0ceacccfa8f72df566194c34065a8a1e0e738dcf505e503de2","nonce":"b26d9a2cf1357cae1e929492","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"ddf81a95938f7c63e262d276ec77cc8404ca12c869fec25286b99652351b2e2645561acb076566bb8c959fd25a","nonce":"b26d9a2cf1357cae1e929493","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"e7a879209f826ffc70d2495c20d24fd21c558d05a7c560ca61379d4cbde0324df13a86b94583fc9d921d6ff59a","nonce":"b26d9a2cf1357cae1e929490","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"2dbc3a5753c794eca579d445b50feff61b80ffac8df48dba8d9730ee6e9794140bca1055ca3bcecbf4610993e6","nonce":"b26d9a2cf1357cae1e929491","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"b4e2ed6dfa4d7709582623afd476fd077f28e8ea3fc4f5933f17c2fc80f12fbc5dd252f0b2b536733c0fa5e2cd","nonce":"b26d9a2cf1357cae1e929496","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"5fac4f94c858ddb5d61233a0f016eb450860bc72f0eb96d6102c159781aaafbceef180c6c40268efe9f8563282","nonce":"b26d9a2cf1357cae1e929497","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"109fab90a610fc513be7e13b15965a7f173fde7b9df95ecfc704d834b657fef947db66f18e603df66294ae46ed","nonce":"b26d9a2cf1357cae1e929494","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"3d113ad4ff5ba87689cb17a0932a11d1e5a5e02cdb6883cc732684b0336c9219afed55c7170180bec292f18a99","nonce":"b26d9a2cf1357cae1e929495","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"a1a0ac0a476f03b02e4d1cb11540221566eb2a668109627c26dc216cabb3f262b0b0a72eb5ef7cc78681d68a96","nonce":"b26d9a2cf1357cae1e92949a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"592022be56fe64c0744d9f0c3a79c1221b7aee17eeff929944279d84c55e137f16d998f0bb499ed406e7bc648f","nonce":"b26d9a2cf1357cae1e92949b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"d7c295bd70f823914fb0e36f4f0f4ec359c528748d4a390503f5df14836b667949884d8ebca892065667e1cd56","nonce":"b26d9a2cf1357cae1e929498","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"452a469cbcc9a1c34de5e11d24466a4733991a7faf4dab0186dc27e6055ee64c1fb5b7cd20b67949ad70fb0c6a","nonce":"b26d9a2cf1357cae1e929499","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"33387b33faa209d1df0a170a40bcf0e2d64462000a1e242afdc54aec0484aaf4e29baf89e1b4534e588b119e2c","nonce":"b26d9a2cf1357cae1e92949e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"54c0b6128e03627cad1be8863353937081b6f3376bf0f5e8504b4eb91e5103104c886a2831c46ce3cbb9b3261c","nonce":"b26d9a2cf1357cae1e92949f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"4f78c3aab28cb38e58c3913db34c4df5852f61888051fdee5a4cbcd66ad74883b3cb95633fb062d96139d23b33","nonce":"b26d9a2cf1357cae1e92949c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"dedbdcc42061e18d6763d2ba861011a06bb55f72430c90b92859799fe7cdbafffb56be0294fb888249fd6ed9a4","nonce":"b26d9a2cf1357cae1e92949d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"8c0584f5e0b42435d487bceebb484ccfb85cc3f96c1a88c4b61db420be00c607b05a934b453d75eed1adb98f92","nonce":"b26d9a2cf1357cae1e9294a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"6afafbff01dc5191c7411b989fc16bc29a335ae46175f64277cb5382d8eeca37c543f2d30e349ba39cbf49129d","nonce":"b26d9a2cf1357cae1e9294a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"c0ebf85497da8e7c3dea19635a9fbded9e090fe1b0f8cd0eeffc531dfa13f625923518f243ebed968cc1fdbf40","nonce":"b26d9a2cf1357cae1e9294a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"4991991672b9f03412ee1fb5a13aa203b3be993f134355905c23709f77edb85da2b24210f7295cab8cc34ce5ef","nonce":"b26d9a2cf1357cae1e9294a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"1a2fe1bfcbc21f50d889be8962f82c987d23b6af22dd3999dbc73148785418a2e1080e2ecbeccc88b2a711eb76","nonce":"b26d9a2cf1357cae1e9294a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"f450e171d2949cb8ee3ef3f5709b0cdda85922dd64ef7b71fbcb187c440cf2f8d311533aa1d54dc22a02e6cb07","nonce":"b26d9a2cf1357cae1e9294a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"d6a505b052d582f734f82f0cf20dc91e681499a494c356a36b78d20d691577bdeccde65fb8d2dfdef15395b6d2","nonce":"b26d9a2cf1357cae1e9294a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"ab24014f916ae6cd6fb1d96ebf7b8becc0718755351ae7348f13f04abdf870820a8eb853c8bf53d1b5bb5395b1","nonce":"b26d9a2cf1357cae1e9294a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"3db2189970496b93f96fb60de122fc983a8bb43d29f20608469cdd59177fbc39d930bb044f84f1168080a38d13","nonce":"b26d9a2cf1357cae1e9294aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"a615e6f041ced08dc5900c70ed2bc3c6ce92619dc0e9633ea42397f20b3010241a49a06f56ba8985f424d18558","nonce":"b26d9a2cf1357cae1e9294ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"3e17bf543738785c84f934f1caf9f84f8208c1a51b5b921456b683c479e54d6356242eeaa9ecbff7ca71d5bdf5","nonce":"b26d9a2cf1357cae1e9294a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"6ed1769cfee5dbfb5402b0662382be25dbc0667987e68ca4835faecb4bce9b7f3481fa84635874ddc6c123fd41","nonce":"b26d9a2cf1357cae1e9294a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"bf1ad38fd9c4c9a1476c8ebc394f4dd52eb33b25a8740403dc1a209a4e416be83b73f4fcd737c8ee23054fd4ce","nonce":"b26d9a2cf1357cae1e9294ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"2952e0efaeea55f105e464f0067f28210d33bde3797d2dcfa601b1a0ec42fac4312769f4ed985d24b7c68003f4","nonce":"b26d9a2cf1357cae1e9294af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"21f260e392652b3530e299a1745bf8682c5bf907dd3239c4deb1bf6ba0c2b8dd51688f1e16b9ed41b2a6331468","nonce":"b26d9a2cf1357cae1e9294ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"ee2bc9526bc02e83e835195af19bdd7ca287fbcb4a09dddc2549838637271642339ad04c36e78e859ae079ccf6","nonce":"b26d9a2cf1357cae1e9294ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"07f6977c7a352271054107e8c637e600af72ad5624cf4fcd6f5d1bccad8842af4c87ca90dad3d506b28da4e9ef","nonce":"b26d9a2cf1357cae1e9294b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"db44b76173d4f2613ecb510ddc09f653725fe27ea25f3a217d4dbccbdb698bbf29d20c58be12daa1dbb933d337","nonce":"b26d9a2cf1357cae1e9294b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"cd205696b89a88e1545ce512b3b8fef22682974c832cc3a9cec9a221650bd7417aee4e57692191cf0eb727eb78","nonce":"b26d9a2cf1357cae1e9294b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"d6a965ed364060b26d1e3330a4f64347251d73c3db5e486af4d447fd61b4cd923049c266474bab97da64eaa13b","nonce":"b26d9a2cf1357cae1e9294b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"8d12a2eb6775a59323468db6507f6e5086ca595fa4907709074abcafdf4c1e96a58e22f89cd4ab8635c5dc888d","nonce":"b26d9a2cf1357cae1e9294b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"b76541428c92283b74bcf425c79cbe1682324a938b14b15e1d0b54cf914960d91007694384e5b1aae6ab491990","nonce":"b26d9a2cf1357cae1e9294b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"c37448fc45d26115a62fa19af7441c3b0483e22ef3037b1483e1c21534e250a3fbabe2dad1ed8c647731d5716c","nonce":"b26d9a2cf1357cae1e9294b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"32750f5f8db1b2dbc321a48bff6c2a1027af3b4709735e2b1ceaa43b498105404763588dd3514f603376b73e95","nonce":"b26d9a2cf1357cae1e9294b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"458746aecf86224f590295f6d28a6f71c596a83ac5b480c265a8ba0bff2d983d19733be1633f1cef56574da93d","nonce":"b26d9a2cf1357cae1e9294ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"f44584fbe243c6944465b1371173583883a37c83b5aac166089b2779dc13fa826b7819ea98f0e9692c752b982e","nonce":"b26d9a2cf1357cae1e9294bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"df2d0fa6fe36ba82880365106e116219cd7aeaa8ad0a5ffe8b9f1e4d3addd7c8ef3e15bd7745bb2693f152eaad","nonce":"b26d9a2cf1357cae1e9294b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"5c0f07d1363b46d194dd50c3ad2bbf4b91b0e0ab66e95acbbb7bc7244b3000889f710e1e9fdfae3207af1a3747","nonce":"b26d9a2cf1357cae1e9294b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"7052f13e12c8087cac03740e70cacc7ab70f3b7f8479fdb64f4aa9cdf9a597f3d3fdf84e3cb42de2cb0f1fedea","nonce":"b26d9a2cf1357cae1e9294be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"6803ce62bf7bb3130ff463a58f3d7831c9eab82eaa51894b2fc9b9be352ec0c75dc75e6a796463ae1d914834ec","nonce":"b26d9a2cf1357cae1e9294bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"ca103dd9fe43933f12b3beb1f29c89fb4d95c171af14fc1bb64f4a447ae192761889d299e4e87d3bd092a06f31","nonce":"b26d9a2cf1357cae1e9294bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"781f14cb5b010c2e162983ae3ab3fd487f6566956d368359038d04554f427f2485e7038aaf33e68cd460b2c236","nonce":"b26d9a2cf1357cae1e9294bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"e07c2b9f08f077ffe4646d00d4cc401b23f9f502d511c829f04bf208d6d3bb37959755b4c3be2b1df3a1d42c74","nonce":"b26d9a2cf1357cae1e929542","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"535616299a69f825d697c8cd8a0ca33de8d92e392e281f4ea724d738a8f389be"},{"exporter_context":"00","L":32,"exported_value":"74b46995a46b46e6dddea5d62ebefbb3144c1fd1924f9746fad743db5979369d"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"10b098f36e0c0c3f62ab038d160c7da1e6207d7fdb72074308502c4a3721ce84"}]},{"mode":2,"kem_id":18,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"f18b799ba37c1dacc3cc7c735b1482f1e3e0c41f18c80f13185ad984d8ee61d4dcd593bb4e7f3d1a66768c5f03db6dbae527a880715a0522a060ba11ed4f25cd1f04","ikmS":"6e6232b628a6faa7bb33edab1cf0a097756ae96a652f4b49c65c7655567422d3f3967a6800d3851e15c1c1dfce03adb87561781261e864c1d222ca773a3090d0d0c6","ikmE":"83842a22a00d22e346d2c65f8f99f359d3131bfbe6451a14f1b6cec4703cbfe96eb4c3475de5b5064ac58d67d164a5da0c19682b2341255bb727a5bd3594125765a6","skRm":"01897555bcd43ee0157c13b31f850d8091db285b9c181e9bd4a056e2b77b732e9be5cea23d529cb4cae7d1421abfb62c410b1f897d41d9fc11e6dadcd832c4a73c41","skSm":"002c885bdee68225fadac861b86632a91f0d2cc3900fa576af2da27ae5f1e3fb9c8c641e342df80e612bae341fcfb6d5b14f2a84188d9fdbcd5e6a16fd371d87164c","skEm":"01891ef8fcd1a2418fc2903e42e77383357483a4275baa930a74b534786454f6db0123ecf5322b1c9f9006d16c496328398021f421deb2894d74ff58dbb0a787fc7c","pkRm":"04011da0436077e26578b5a50dffd8d56832e6941e0465c4aab3875447ed6965ca10a4dcc19400170dca865592d483cb58fc28e59dbf9ebaaaf1ded87cf146ab1fbb1901581bd0e13600ea4d398dded9e899ba02109075e920751576ffdc9466a68a46549344d326f808eb1280dba9ad15e2ac71470cf4a627c62ae9bd74149023fb28a38b","pkSm":"04003723436e3499ce249df96832287fd0fd377de596baaeb744cc2a1a06c989acef296f1d6d887e7ca1fb98b7a13e00146e2bf5e23d73c89b82cd898df126f898015a01d89ac13e4c88b93ca7d7d4ba4290d360f67ec3ba7c6a88afa51955c55609d9df091f091dde3632ae1f4abcb6f45f956f2587e948929558096e6abb65c0deaedf80","pkEm":"0401043bf4020a8f010412a53856e1e142944badc3974337bd4f258ff8a5304d3b3878dbc4db63d9c0dff93c8fed5ca6adc5971ee8010b37db0fe4fd217bea144baf4301ad7d27dbdf711b951aba6ee0aafe8f0de942f8dd082c8377fc7b727da2f1d22a0871011640b73dd3a046ea64466a7b985d347bbe7662edd23626678a07207ac1f9","enc":"0401043bf4020a8f010412a53856e1e142944badc3974337bd4f258ff8a5304d3b3878dbc4db63d9c0dff93c8fed5ca6adc5971ee8010b37db0fe4fd217bea144baf4301ad7d27dbdf711b951aba6ee0aafe8f0de942f8dd082c8377fc7b727da2f1d22a0871011640b73dd3a046ea64466a7b985d347bbe7662edd23626678a07207ac1f9","shared_secret":"9198c6fee952700cf6e7ed7f0b1efbd375b5c5e6dfeda06ffa5e127c9ac9e6fbd02a1a547ee268aecfa19ced505cd91bb69c407380e1a741507e487a55c3c428","key_schedule_context":"0232e749440c54987db01af606efdb4d140f0148ee254795838e2d23d4366e1fdd97e18b628ea977f60a69bfa0647402182d019d3a0b59d2dd03624d028053dee1","secret":"eae2e16709a9c37510ae11e43c9d034903d1e07098b293a20784f49e16de2798","key":"eb9544e4423332342dc1784d086ec5789cee7776f97dc2df814b57535e51bf1b","base_nonce":"45da82d75544a7dae10e9831","exporter_secret":"45f4cb758582f08b8b2b3074ba1bc3e9299153122913eeae305fd227887bc547","encryptions":[{"aad":"436f756e742d30","ct":"1f9aba3b0ee7bb6ad69ba428d1a09296ccc663238e9d26cd8b13b2a5ce3d4ba41baaca58ce37ebb84f2be057fc","nonce":"45da82d75544a7dae10e9831","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"365f5cc7f2cd148ee7d0691d7d7f3b708acd66d0a940f4873a4f45a700809306c912dce08aac0ee9f7ba7ea947","nonce":"45da82d75544a7dae10e9830","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"ebf1c3c085f6d2f4eea59a8e5a08291fe9e0fdda94a98392fb0778d48d69adc41713bd516a67d6d0f1bee5ed7f","nonce":"45da82d75544a7dae10e9833","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"d995d46ee82c26d67b5c9729730e0bd12f8a7fcb4bd9c4d59b38283154c131223743a129f0c78282b5a70fcb6c","nonce":"45da82d75544a7dae10e9832","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"28f82c6088110398bf2e274b546ec78d4baa7203e1b520b673d119e02d922dd48703242a15866d03592f0ca64d","nonce":"45da82d75544a7dae10e9835","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"804279f46022a28cd502bc580e068e28f6702a332f79f441ea4182d9de81ba32d2c5d617088eedf7b032aebb58","nonce":"45da82d75544a7dae10e9834","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"798839a05ecfcdbdeac55ecc5d0fbbe7f97b9015afff612ef8132fdd1159ef6f447eb34c3795e191efa2f9ce8c","nonce":"45da82d75544a7dae10e9837","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"efcb92fe484da115abc70c460597e8e1c317f8f9cb39c35a2c79b3f2a443c91c5330d9e781a1d16ce6373481ee","nonce":"45da82d75544a7dae10e9836","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"d2c3cbf8627257696605dd3c929d06cb69681f2aea5c0bef53ab2c3dffb6a45daf7845333222decd6ca72ed2eb","nonce":"45da82d75544a7dae10e9839","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"33e47b4a7b36026374794aae18b5f05f2ec935d434ac70f47b03602d140b1fe19a8eb80beb446b20a7f98cd5ca","nonce":"45da82d75544a7dae10e9838","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"2bd164db8b481ccb655aeb56aee8a4c14d195a3827cf94e93d4e067fc0490b1265267caa53949c2d6e97223007","nonce":"45da82d75544a7dae10e983b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"9b8d2b0a83382d95c68f041d669302997141819f350769de6c6cecba5c050ea6e96bc800c2e12027a637bba213","nonce":"45da82d75544a7dae10e983a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"ee0bd5c6f87e050ce1731e9988608b393b62116d6fa640ce2b02720c1ea95828882f95fd1ec61a6bf06b42dbeb","nonce":"45da82d75544a7dae10e983d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"4955a4df11e1fdd49472f4eb607cb11ca1647b40a7516701d1a820c3b9f9c4e39059ced63761eaf222bc7bff63","nonce":"45da82d75544a7dae10e983c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"fd1623866a9ebba03f886e42dd2dee17cd0a348c24543ffa33ab5ebb74d6d035a816aa089deef57113b7407330","nonce":"45da82d75544a7dae10e983f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"82e6e04198dd04066c4226e30310ee23db26e2ccddbc1211e552cb7305ba2f8d6cc7e40d5debd02e707dea57ad","nonce":"45da82d75544a7dae10e983e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"4542e0e166ec1c4a064be125f82e231e48e835d8c5360db732fd152972c1f9c41496a25710897a6214d08f526d","nonce":"45da82d75544a7dae10e9821","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"ab93d74b64f29075ac1b64cce6e8fbed5206f945872d74ddb02396a70e54f3a60d9fd04843d874a87484a50094","nonce":"45da82d75544a7dae10e9820","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"8ec03b3853e98a493676291f7e5eebddc3ec730bda6b91c046657e721b1adc3c2d8f8a437b045b98b0fc4504fa","nonce":"45da82d75544a7dae10e9823","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"9d218d755d7450c290954717500a483b380a9b90200333f28f381e3aa654379a1c37fc6d18f600166d927c01d5","nonce":"45da82d75544a7dae10e9822","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"d5a37a8ff4b3090c7ac61c44ffd00954bf4039d2123d4e15113e5d5424d5a8f39044e9169e391d2b587772b39c","nonce":"45da82d75544a7dae10e9825","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"c1df7bd894a7bd9d6e1ba007be534e81d2a7b355387c9d4fc6afb1c14ad32b1bd151d7559e97aa7842d9e29670","nonce":"45da82d75544a7dae10e9824","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"bba172542b8cc43edb1f900383950c187fadc605576ba564322012a9fb10b053eacaecb54e568e8a82c9ec33d1","nonce":"45da82d75544a7dae10e9827","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"d262677649f6d073f691774835753a162da5a0ff5b98c406cbecd48b8171f662b4ce2bb3a994a44d04e6ea84a2","nonce":"45da82d75544a7dae10e9826","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"22d0bab574dc2a697bb3d85fffdbe9497026f3c7669571c061a25bffbdfa4bb382ae005a5980ef349548471d64","nonce":"45da82d75544a7dae10e9829","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"363779da492abad0a453c708ca1c420bb13a692aaac591f0579715147db2ff63737d6deb91eb5be0b96d62245d","nonce":"45da82d75544a7dae10e9828","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"e5b9dbc4b679f363fe8cc63c5380eeec1eec95000eae41c655baca6f7086f4846afcb551509fd269b36901288b","nonce":"45da82d75544a7dae10e982b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"6fd034492c5d9c1b40a7528c5302bed5e6ff51ca9f45da3b57fd642880b48bd046ced390d7eae730c916ef5b3a","nonce":"45da82d75544a7dae10e982a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"bc856a2f4643aed9e93bd1178a3e6719b41e92fabe6682ad11f9ccfbf3faaa7619239ebd2304d968a3083679eb","nonce":"45da82d75544a7dae10e982d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"93d22bb7794467e00e4e4c538f9b2fc29fcb652c93ca9d2c8867bfd563009e93d727384d4c157b795ddae42372","nonce":"45da82d75544a7dae10e982c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"0ec4485b589909cb5c1f13bfe183b535b347b676056beb66d1e8c1f648e0f19b9eb0562a77f7c8448e2a342714","nonce":"45da82d75544a7dae10e982f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"164f026a9a17b00bf4467c4fb76e85d0f39fe48064558cfdfbef4e758ee4e428b56e76d1591ea721bd210b1127","nonce":"45da82d75544a7dae10e982e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"fb91284177de8c99bac81c678d60d7d222458af77fbd83b91a1294202e6d2678b1a6c8d415b8de52e646985143","nonce":"45da82d75544a7dae10e9811","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"e172f2bcbe476d70215eecb549ad4dea87a9efbfbf8ed1471cd540a9aabf19db78a1aaed4b3fc633d8c4d5a641","nonce":"45da82d75544a7dae10e9810","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"069e795e95481533c06dddccd812d656f626540d93557458725aa4d5ab138026fc4e03e4af1455b1193581b672","nonce":"45da82d75544a7dae10e9813","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"97336cfc67e52ddba5a11766f4f20c37448cb8885c9ecb50a5d44a706ca64f85afe5ca67b5dc58e7d0ee492d1f","nonce":"45da82d75544a7dae10e9812","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"be5d48f1efb3cc4c5e4d120536d7a0f9559441db39b2316844c3047a020ce546d90668e5f25907d38425444797","nonce":"45da82d75544a7dae10e9815","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"b4218e2c749e5d753b889f103f7a973937b6b440af975f7e9f70a8857ee8df766d2f799194906cf6bb2278bf73","nonce":"45da82d75544a7dae10e9814","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"1f1dd727ca2661e6f9de0d43d4c3f988b6ac6e4cad8fa1c0449ba832a40fb298b4e5110c7e0a14b4b886b19890","nonce":"45da82d75544a7dae10e9817","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"fe95a46c2c619510434260b289cc08abfb184b286d9ba3f062ce41afd3fe56176c65585c5db4aa643deab31a87","nonce":"45da82d75544a7dae10e9816","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"f2f597441c75ae2c3b52d9440ad4f0adaaf0427a07ec258e1cf27f4cc9b1210ca9f86d0a7833a804c747609979","nonce":"45da82d75544a7dae10e9819","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"e95e71ce3a31c02b9f57dfb8fa94a3e187cf74a1434fa10368462de02838bc2f6ec4829981b3fa29259e961223","nonce":"45da82d75544a7dae10e9818","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"3e416e678b8b8ae857af9fc2fde64ba0e96f1144e0104544baf619aeb8f8aafa44978dcafad006ee770287dbaa","nonce":"45da82d75544a7dae10e981b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"80d436fa189abeb0a47392b761275e8a5133de48fd18129935245f13d407c95935fbc738b473a3929eeaaf883d","nonce":"45da82d75544a7dae10e981a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"38b5d0d4b46aa47a7bc39c3003153dcd1edc396197445c152962a6aae70c02c4c68ba84853543d426df0ea3e9c","nonce":"45da82d75544a7dae10e981d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"5c1d5172b4d0b89af2eaaef1c47342fedd9e8aeb052f7e484a72ec056c546325cec019b214399674a5f0ffc0d1","nonce":"45da82d75544a7dae10e981c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"aef6efbfcc2e689dccc0d38f5455c9bd124bfd598e6b376bca6e9bfe411699d34e5118a16624dbc9f9389ef384","nonce":"45da82d75544a7dae10e981f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"243cc5a5fb7403e78d0117e46177caf409b1ca17c66eed89511704626d5d8c815e33f4aab9108c2181024ec7fc","nonce":"45da82d75544a7dae10e981e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"5edb7f07d80dd439ed2089183410cefcca691a674ac6f9dfa71472fb50264cfadb39592a7077cf1b99c8cc2334","nonce":"45da82d75544a7dae10e9801","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"739ccbc9d974b7672f44655cea3c9c50e11453920ad943b4f134fa8d3846947e90bdcb37f0f3d6d66af9040f17","nonce":"45da82d75544a7dae10e9800","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"b2d69073d58b2ae4a36987e872360b8f174335dddec02aa97b4784ba1a42447928dc62f705186c05fa40911867","nonce":"45da82d75544a7dae10e9803","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"7d91d0b9d5ff72a4f8246785e7cbd4d6c82d7c796184baac0f029f0c1e02f7b4309779c87f54714c7984402fac","nonce":"45da82d75544a7dae10e9802","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"9b1ebefac2caed9f987431b3566259a8a969685516d484dd8f31a891c71ea6cada25134c8b21fcefad5402bb47","nonce":"45da82d75544a7dae10e9805","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"1636a1074f98a6947e96acd00d2bc079964d3a188eae4e54c633d5ec025b26aa23831fe636754bdd58e02d164e","nonce":"45da82d75544a7dae10e9804","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"4f9b365c4755fac753a6dd89c3f0a32b9500f216c95f7d2930f9f2494da3807dc0b2fed81f259ecc76fbed2f00","nonce":"45da82d75544a7dae10e9807","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"8db35be7899d98837cc069f130dbbe630cf2fd1270bb33a475c844c131eec8a60e748068bda3afac468e861157","nonce":"45da82d75544a7dae10e9806","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"55baa4b28ea36b1ed222782d76802b31b8274b4919f56b832773fc419f9c365755a42c6cb5fba85bd19f5fef48","nonce":"45da82d75544a7dae10e9809","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"fc9e52fff1a9113092250e17cc0ed9ec4489dd04076b887937d9dc9adf773adc3c9e7a10d415b93bc7bec76644","nonce":"45da82d75544a7dae10e9808","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"f4b278326f54c7c0452fa6cb3c8550f6d4cae10d0cac999496e5368bc97f3f480962a8ebf934fa23d9ecdb2302","nonce":"45da82d75544a7dae10e980b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"6d8378da6e02fca07b0a4bce534ecbae585db5715e7cdaad1c9a24a1bfc9d89eb7dca84ec1dcf2f0f10871dc6f","nonce":"45da82d75544a7dae10e980a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"bd815a0a3b1485e1162f7b91ea0e11db2a24791e6a938261b2c11fd4d3177851df87517332e762651efe506120","nonce":"45da82d75544a7dae10e980d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"778a532e9f642d99c8c9c7ba0f2178a62248e37d78c4f75459aa07efe7bf287eef34e72136062f46f30977528d","nonce":"45da82d75544a7dae10e980c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"ed5bf4d48dd70073eb0af0c284b009e35255398b0bc868348897ee42f974fae9fa48a834f40fd44a211d636aee","nonce":"45da82d75544a7dae10e980f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"559c9c30c920889d081726653485a3bc10578f301a856e0e30df156f4ec1fb5fa4640a946be82fb75e412c5863","nonce":"45da82d75544a7dae10e980e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"c5b6f46947c262a66fdfb766ff3e14f3b4eede4b08cbcbb1511ef33bb59b1b3b4f97a9ea0fccf935cbf84aeb20","nonce":"45da82d75544a7dae10e9871","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"babe1f21e386408e3865e8afa4b5325907a96e368b0f0d540db064089667c639f25e2834fc47d8ccb374b836d3","nonce":"45da82d75544a7dae10e9870","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"1658128bf111561d54b733c41289b86eaea1b6430c6c612c371f4b3cde6b860f328a3a214f80483b4e9280585b","nonce":"45da82d75544a7dae10e9873","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"e70968606ff59630c8f023c4996363ede4ec2de558aadb2059339a7176d73eddae688668a42438f83878a8ada2","nonce":"45da82d75544a7dae10e9872","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"899356e67c1f0804c607768b0e4c88fb4b114e6c105a4ea2781b9405806c46cca796496828f859ef74fdfd0e39","nonce":"45da82d75544a7dae10e9875","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"bca76e8a48573a9ec329e3e4e656f57619bccf4a09a74d154e904c36d309be51d1f13e684dde718602800fff8f","nonce":"45da82d75544a7dae10e9874","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"e62f3d2efce3fa3779186618269792fc87832ac31f653a6878040ddd887725edb18c35191d0e200ae7084bef6a","nonce":"45da82d75544a7dae10e9877","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"39f897cb520ed6435aed5aed74d3021e7b20afc05da85aec12d4f60198108eaa0babb0502382841fc28ae6709b","nonce":"45da82d75544a7dae10e9876","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"1518860ed05d84ffcbefcd6fedb066606b7076c081faf7ff2cebf8982b120fc4318819bd1e1a5e0c8cb4b3eac2","nonce":"45da82d75544a7dae10e9879","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"7767c824c00548e8e666fdd61710d33a968f5578e754b72759d406e28c54f7043c8f4c0426ef2b3b69580919a5","nonce":"45da82d75544a7dae10e9878","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"067943b414c04af55ae33430db26c3331d380a2b87a4ffd1d678653b1d133f7689faa058eaed6b657fca2fc9b2","nonce":"45da82d75544a7dae10e987b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"0b2eea801a8f3bac4cf2008a26dd2051d733f92c9bf4b5380c287705b63d3e9837b5a1ef0c253d09ef0d1006b8","nonce":"45da82d75544a7dae10e987a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"22ebf8c040ad2888389128f6ad21088e1baa18f5d3ceb91e1bcc994634d3f575c60b30a4834ce1aa47bbce34cc","nonce":"45da82d75544a7dae10e987d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"9a77cb754dc910e3eb7bbe14dc3be886fefe914bd4cc58c89e0b33fdffa5cacef23f1bbcdd144e73ced690db8f","nonce":"45da82d75544a7dae10e987c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"ee7a72ada4d3f728f18b62ce9e3d7be6507124f4dd5f02f33cb2a17d4b4655f326c07a8e9108994422604d9864","nonce":"45da82d75544a7dae10e987f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"1b00213a5cc1acad1c7db91ef1c7445c2e6b574abe07bcbcf308742c8e8767650432c04edbe66ef221254ea554","nonce":"45da82d75544a7dae10e987e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"0329b7c110099aa5f6e1cdfa1a97bbbc712f8301bd0dd27565aee108a363b79e9aafbc75ca9f74de586a5e0f4c","nonce":"45da82d75544a7dae10e9861","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"65e6aafb43d69956505cf89c02d3171b60f5300bad69658487036abfa10ecb2fca8e3aa896f17409db41947d3c","nonce":"45da82d75544a7dae10e9860","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"0519558dabd00e5768431ae12ea862651437df4a452bda10fbaac14b70d92afacd1a435072469bc467cd676685","nonce":"45da82d75544a7dae10e9863","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"9e389230ff4c0bde0b15f44e40ed98b6e4a1400e372992f57dffae2ad214719d02d77d2f50f7dd6a8a0b9f456c","nonce":"45da82d75544a7dae10e9862","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"31b883a4c70e06d023a24e3f972a6087f0eac23a280e9f26569372a170ac7d8b214a892f30ec7602b93a3555ce","nonce":"45da82d75544a7dae10e9865","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"64df481df390576a87f4cf6873b05d0bfc97dc6159266b86aca6e0c0fccd6f8de7d401bd5603fd5d9a06a6d20f","nonce":"45da82d75544a7dae10e9864","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"1622f267c2ff6a9ab907505828e0f17360d971db947ab26162b0f0a3c4d8ac9adaa323399d9e60ffbf5d487d81","nonce":"45da82d75544a7dae10e9867","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"b1acd5f48ade117b826ba879e1edfd19bc1731609e4c520840c2d87d01a9dbb0945e7969f8bd4861bea1f48999","nonce":"45da82d75544a7dae10e9866","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"b3f5a98aa4ed77f354f29ab64b10be8bd0ea3b26941ac37c5c8aac26e8a4c485276f926cfc50982f4a35bf3a1a","nonce":"45da82d75544a7dae10e9869","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"3dd3d410c093a7ce3708374b981c033fbabfea8c3f0a14ec6001067e4a877db0d15123a3b3b7ee1e56ebe981ab","nonce":"45da82d75544a7dae10e9868","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"9fb21b6e7c059fcf6830c354a78c0aebdc1959207d125896b1ed5b17dd012a1b25ac3e4949334ef93e46586ca3","nonce":"45da82d75544a7dae10e986b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"a681cbdaa2da7bbb2247557d6a58b3b1e450f6e3b46bd3d56830c013c12ec158a0ef364930381c466698538a5f","nonce":"45da82d75544a7dae10e986a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"881793d9efd0619cb6a197fc1de00e5b6e30cdb454ed4c428e638825ab205d7aa2ced8b9d7210b2c564dfec2c5","nonce":"45da82d75544a7dae10e986d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"a1df5860b1afaa4e464d2feaf8bb88495b629cc0230ba1821c63b2194b4f890c03442e89eb5fdc674d8d00ccd4","nonce":"45da82d75544a7dae10e986c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"d1bca1a5f5358cc1a709d284f437eee95742d4ea7ad5ec1aeb7aee03f595edf840d949deb672e7641040f0c331","nonce":"45da82d75544a7dae10e986f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"a77fa3bb43780b271a7be8eb219e631ed35ed6b4b7b463c26b26804cc971caddb7891adf806c5e8f4a28967e83","nonce":"45da82d75544a7dae10e986e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"b2816495e344dd0ae2b6dee8e64ba0cf5734126d44a4ca73079aabdd9bc53c5aba26d143e9ad410ba8de0cf05a","nonce":"45da82d75544a7dae10e9851","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"8cb168e3883bf7bf8740acfd8cd76ca938b644bd56fb8c36d4c0ff23b41e25f90e9fef8cf54f6a7d9aaed5d3c4","nonce":"45da82d75544a7dae10e9850","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"896d593120b351829ef78787dbf77bbf5bc2bb498c747df52281ab36ab1e19e2d71ef11ca1f554c7445182d909","nonce":"45da82d75544a7dae10e9853","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"372ff7bacafe382613a3b9fc0ce2e9e0e0ed7e71d85161bf9503a03e7ba1aef4131828bb5c8618eb991e89f154","nonce":"45da82d75544a7dae10e9852","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"5d08bcc857b3356f974fef72eda91b8c4f3cf536bde29ce1716ce31ebd0e9592e05a056c3c934ceadbd3fc89dc","nonce":"45da82d75544a7dae10e9855","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"0e92147e3c9793c14347432a6d7a71e0ecdb0bda35fcb20711d1ee85abd168d942eae27fc1d57fe6a0004daae9","nonce":"45da82d75544a7dae10e9854","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"694a015ca0e33c4a773d2c5df828f9bf223df233b4b93d34301b8c10a9c287ef5f88023071759086e8d3d29e2e","nonce":"45da82d75544a7dae10e9857","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"439daf1815bf3f0c8f8a233ef19b59c79010c3b0de558525172672aa269e3d55b8a782c4a24e6358a64ef1a0b4","nonce":"45da82d75544a7dae10e9856","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"75a8ebe37ec46c7415e029469a608f93c3ce6c8105f99aefaafd0a307ce0674823220255127236ea6577318ce0","nonce":"45da82d75544a7dae10e9859","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"4877c07da4b9fb329e95a32f10f74074ed5be38912f6820d569aab9fe7b555238ede879f241b81232fc2f7d414","nonce":"45da82d75544a7dae10e9858","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"23389a80af3f82d6c431a5bf22d2b86c054d71d296d3cb5e3ece3be0d2ca02cc5959db33ca1bf42ffa61504457","nonce":"45da82d75544a7dae10e985b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"b159ff5b16f0b7db95fc85a053c92610290f043a65010f9be7fa77c2ed37bfbc0ee5cbb39db6dde613b9c5f45d","nonce":"45da82d75544a7dae10e985a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"a45a8cd8145ac17c8d189762f35f7437a9f7cad5958ca1d79430ae99212eacb5fe6a4086cff8feb551d2fedbca","nonce":"45da82d75544a7dae10e985d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"b3903ebc965db5717c30b34e68bb2ee390cec8e2cfabd483c4d6eafcb839dc6f4755b5f95610789fb27d87f8f9","nonce":"45da82d75544a7dae10e985c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"4861835e4e3e98f6f7edc5aad753314b65686f45ab70ae9006b7c38f8f730615a486de233e4e419de7455005d9","nonce":"45da82d75544a7dae10e985f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"f232ead7a4d03d16d21c8fac913eff5bf02e238e634c0324ddc135351989d65e65f03de2e3d2d5884b2ed9977a","nonce":"45da82d75544a7dae10e985e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"f39c801313f132c0007c7ced65ff3c48ac655907ef53eb0bb6c2fcf372ff83cefbb9ae3dc394efb136a59be594","nonce":"45da82d75544a7dae10e9841","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"38b9d0e47e796f5f5f80ae6504408b9e25ecbaa52de20beb0039315def3aa15ff53fe9c93e87d14397371c78ad","nonce":"45da82d75544a7dae10e9840","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"67203e96e19ed7c68bcef640ddd40330bf94ac56801a90206b9d65dc33ba0f56a6a06316e98a98deaa37bac438","nonce":"45da82d75544a7dae10e9843","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"806853f5116b12165182dc9a0602ef35081449ab8b14fab5eeb7ee35b8cc658bce9180e3b3c747620dd3893b0b","nonce":"45da82d75544a7dae10e9842","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"c7e51fcb6f517511a7724f9dadd6a746cff72d644ba7e4a99bfe6271865878ec2c14ae2a01f896dcd201e82b32","nonce":"45da82d75544a7dae10e9845","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"41174c512547908dfeb56cb12edd0862dabdf3b561ef8249d8758cca05043c0d4d749249b2b1163daea4ebe0ff","nonce":"45da82d75544a7dae10e9844","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"d864eebe7f3b133fece9879a6eee26be5fbb8f84ee2c09b36ba4ce4010e9986b880042649facdd24597c4b7788","nonce":"45da82d75544a7dae10e9847","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"76582cf367ffdf1edeaf666ae2cb4d529982077c2df16f14b0abfaa2d6dcc7817779512d9dce095412213345dd","nonce":"45da82d75544a7dae10e9846","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"e8ab2a14e7a420082051ad34a7173af9fb21025bae70d99023dd31c2148d5b4ada055ba002bd9e519d1c508279","nonce":"45da82d75544a7dae10e9849","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"0f342b8194ac97b8f7d70ccb76cb44493cc07175d91f285c347e7f28160725ece2432c0f906bf79ec7b1264682","nonce":"45da82d75544a7dae10e9848","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"466e42336d69729ab657527c826a7f4d50e4b207eaef8bf3a4561c51b219f7d2bba233b22fe69bddb889377e52","nonce":"45da82d75544a7dae10e984b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"188010903ff2eecd50deca65c71555a06eb53c51770cba7f85b3cf20af89e7facc60df30693c9141e59dd61893","nonce":"45da82d75544a7dae10e984a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"bc88f042cb75405137850a6da86f57395c153bbc760715860900855e818272ccfaee233b69ce94810ae072803c","nonce":"45da82d75544a7dae10e984d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"ed0bae4738cb20675c8d98dcebe52db8a4735e77b19ae0cc7f5791f9eaea7621eaf644750fb96bb19ec0fa6f5d","nonce":"45da82d75544a7dae10e984c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"37e794004433391c73ca331c22d02b878c8e71c29f30ea59d5af38da04b51755f73e29f97e15091c7670a26247","nonce":"45da82d75544a7dae10e984f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"f3508cd95442201b9e566511c0c586e4cb1c8c561ffb852b211b2bfc5f94c2eeaa23ce4e3dd42766f188bd8fa3","nonce":"45da82d75544a7dae10e984e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"0c9a79f5d33deb466a2181863e88106919acb912781eddabebf0555fdf6a6a82159a12ec2506a3d96f33d77463","nonce":"45da82d75544a7dae10e98b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"d41909aad10b81b8fd35b2f983686300d53da668dd8b3c4c6815ec91e01e8b622600bddacc31588b626253d320","nonce":"45da82d75544a7dae10e98b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"77421445ea2be69901a7f309edbc657269b4f68b51563bf9ee7d281a8d57eb76d737970259a54c83cd335fbc9d","nonce":"45da82d75544a7dae10e98b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"76445913c1973c8c5e5ac2d18072e0d143fcb8ecd088ce82e973550c106ff5ca7ae98995d8e3f2a0d1779ca47d","nonce":"45da82d75544a7dae10e98b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"94a8fb6c1c48ec56838358694d4a333d1d65358546b4e69a5b4f191af459b8e906b5966c7874f2b2f9b2a6b7b6","nonce":"45da82d75544a7dae10e98b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"ce211de202030b5b193c294be40e1d78c7fb292c2acfd01516cf5f3adaf76483e3ecf8d31299feb85f85ce1a08","nonce":"45da82d75544a7dae10e98b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"3ff5b37c11e5abe9fc80714a7a07420e4ab93f6460dd647a348ebb6ea59218da531689486090cc37097b3ffa9d","nonce":"45da82d75544a7dae10e98b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"69c3895abc29246ad3fcedd28f98c40d82299e25fd6f9f0c9e0d52ecd064c67c8663420c0f8b96a29255a259df","nonce":"45da82d75544a7dae10e98b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"93ab2c63e852a656cd1ec5eefa5411d0790753f4b457869f8520e1628321d1df7437e2a24e1e39f4b43aab51b0","nonce":"45da82d75544a7dae10e98b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"5185462eb55723cc14d800dc8c064bee885a51b19dd23c8ba6d18de7ce288441860d4874ecd7f352288f892796","nonce":"45da82d75544a7dae10e98b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"499fda656d6ee216af63c8aeb8267a18a2a1b1fb52127efd4565433022144c5976b8c90b00006ec599d0e6ae29","nonce":"45da82d75544a7dae10e98bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"d0bf611ef828ac1c8892a9db52c4bdcbf3edee926f81c1caf335f2f5bd5045de8cba7c7199a865c1688d082667","nonce":"45da82d75544a7dae10e98ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"b6f8f98e83b43ae561ec0f8a2826a1803f1a112e11b29c935f74bb1aed7e0eb96a23f2dbb7b5cc94b684976039","nonce":"45da82d75544a7dae10e98bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"3e3932d83f88774d4b0ee49f0031df98d704ff9d84c8344194f9cc8d2438276eacb32800bd074ae2f362445796","nonce":"45da82d75544a7dae10e98bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"51966a24aa4905dd333e1e9a24f9044500bad2d85794e79114ee51316651756e96391dedfb34318ee67c068b5b","nonce":"45da82d75544a7dae10e98bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"6aa656b7b3f48859251065270b7c05319c3c87f1f407183a89a839090ffbaef957f1d09b5ba5fa2ec2b79ebc54","nonce":"45da82d75544a7dae10e98be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"d45b4299fa352b74c42844576540d43c8b0f35d25d26aa678f4f43618c786692937c35e947ea2e4459c70337ad","nonce":"45da82d75544a7dae10e98a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"330b3c6ed0c39fea371a38adde9e000f4b0487d624fe2e015cea310b5edb4a07b0c8be68c4cd12006cd52ceb7e","nonce":"45da82d75544a7dae10e98a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"bbe4250b8a4a4f1dc00947e49ace672b9ee1c02f2956ed5ee23c2e8bafd7b0ab73b11646111808be13a588d186","nonce":"45da82d75544a7dae10e98a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"8d1949309f2b4feec91cfe49dc076f0f54f90ffac40064611c89468ee609d39749244b90a7adbca18763398fdd","nonce":"45da82d75544a7dae10e98a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"b92d3761df6ba868db0a81e7517cea27495e1cf0eff362981dc24889f603afd0e3126cc57b4e4026dcb4f477bb","nonce":"45da82d75544a7dae10e98a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"9ed2928025b81bc46725c980c7c601d01a87cc1ae2b68614935a3db53f619d012872cbee45be5f282925139945","nonce":"45da82d75544a7dae10e98a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"9a4c15d6a375af3d87bf9aafd0a67b68699e8061b50c076bbb3c4ff56a71863e94a5aeb0020b7bc257de9d5f95","nonce":"45da82d75544a7dae10e98a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"03a4e7767f7f5d301dab1083bb79d2dddce6874d5733f4e582929ae5f6143801b51633de1ba32df38d5057d78c","nonce":"45da82d75544a7dae10e98a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"2ee6357d05726b4375c7c70a7713d0c50f678aeb896054ba2e155365d9f8826fe14cccbb1f99014f6984d7ded2","nonce":"45da82d75544a7dae10e98a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"459f7d53de20b15e35263a44e4f75db818bc7ee729f8857e2e28a840319a69937553f857e279f2ce27cb3e004f","nonce":"45da82d75544a7dae10e98a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"5f75d5a238b47a27cfc98e9918a48aee37742228e5ba64f7d13b0fe4f5f116d7b4221cd2889e9a6d119bc66cd2","nonce":"45da82d75544a7dae10e98ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"751bf62b8481ed0f3132699a30bf09cb576cde08b4f01fbbad64d824805a726d5a6dee9750255f90ce39a424bd","nonce":"45da82d75544a7dae10e98aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"549cf7e8d4238f0c04e243615a48834d60bafbfe1d8aba479bd54e03a2e00d5222d127d3b3a850838ee627b597","nonce":"45da82d75544a7dae10e98ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"df6c3167594a693f2a6b58f489589bd7c54ef93842e210a64231ece276a685d3a9ab63db1a44b27dc267c229b3","nonce":"45da82d75544a7dae10e98ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"3e58379b3846d8681420e204c34984a677a6fbec0d835e454302d1539309b1bda1c1ff6224cae27312be705e95","nonce":"45da82d75544a7dae10e98af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"06d3e7888f6309b47184a85c5c1bfa8216f91794fa0e022b865170449e360f2f51256fa0dc78b1038121306351","nonce":"45da82d75544a7dae10e98ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"1fd37ca2a6987a7a58688ac40c9b883d16cc0ed56190871039bf201d899e02ce3b19504c3e71413c3ab849f316","nonce":"45da82d75544a7dae10e9891","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"9df7b923f9fd6a106eef5d973005125fa44945e21393c9c6838691999fa3a4dcf30ea38d2b93c79fa2e5072cf6","nonce":"45da82d75544a7dae10e9890","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"bf994fe92d99db62c2584a753e2364287ed16ffa1ec841302f5b5c3f789065bb4e0de31516b1ff3891d3a96f93","nonce":"45da82d75544a7dae10e9893","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"7c7649e6770a277615ecf9a5c164118533ec187805c685b06fa96c238df00f5e6e1fceaf6b1361a51ddaf4ce96","nonce":"45da82d75544a7dae10e9892","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"6a70c553e9d1d9cbf2817b37c79b0a99cedd79d7050d6210dd7d5c5149ff86f5e691b5bdcce857f39c9d02e49a","nonce":"45da82d75544a7dae10e9895","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"689d491e508d42003c5a89fccf84d7cc151360d1cfbcb4a102f8360bf08f501b9b30946d38fcbb8614eab6f287","nonce":"45da82d75544a7dae10e9894","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"7f81d35a4140dcbbbc7030d2b98b2738390e90d7c12fdb81bafebcacc7bb4e4898afbc1c94dcd149c2909d57ea","nonce":"45da82d75544a7dae10e9897","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"d0892e5c3f184f38e70a37aacd0eaaa288787c48e2911a02c2e339a3a4bc09c526d1455610a7c1065a010da87f","nonce":"45da82d75544a7dae10e9896","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"2cf64cabc8558ddc97268f88ba6a79c74a078a0ac360f96be3ca1b6f16daf72aae6548187d71d4e9fe71014ce3","nonce":"45da82d75544a7dae10e9899","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"3465d5fd4d0e2311b8fe4d6e2eed3c5f78c130fd1db44a7508dc49164aaa04eb1ddd1675129816e193e78c1a41","nonce":"45da82d75544a7dae10e9898","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"dfb61b7d5de2c54a1c31368c423c8c98c29a4909bb56d167be6a9585f6955164224a8ec8bfa2e16e8a81fe1323","nonce":"45da82d75544a7dae10e989b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"d49cb38301a7f4e00168308bd9e5d62b563494d327f6048d7ab9e98d5eca001eb6d9c3bf434d9ed2ec99777da6","nonce":"45da82d75544a7dae10e989a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"fe0f749ef32973d3d3863c2b281c7adeff8b21e592c31e2bef75b7f5666cbfab37e1e13b938e40c1508105a90a","nonce":"45da82d75544a7dae10e989d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"b7ac15813aedfd53d24dd0fb45bfe08e00b5511c228e35449c0223711ac3d6fc1356972b18f79512dee1a925e3","nonce":"45da82d75544a7dae10e989c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"5f4ba41934a342ccb9b43d11d0d1eea8ddb84aa58b51ef35920a8b37d64365e47811136238757888fff8c5b963","nonce":"45da82d75544a7dae10e989f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"588df2b34c4789d83043e3ad0b28f372679521724b91354492ebce530526caf1ddadc99f3bc5bced189df1745e","nonce":"45da82d75544a7dae10e989e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"ac979bc214d1e8b4540e306fd0f081b6ebb536575d70aadf8b1356e11e651f6901264e6dc3219bb97f35469967","nonce":"45da82d75544a7dae10e9881","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"24acb2cca4f066943e6a27b132698aff9d774401267c7289eb02a0aefc7b4b2cadbe5946aee3af4090790f0e57","nonce":"45da82d75544a7dae10e9880","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"ffa64fb472945080818c6ee9179d85eec6daf0a12c3e5ae7bb0158db7e39aceaf007d0be7e4434c3bfb74732bc","nonce":"45da82d75544a7dae10e9883","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"26fbedaac6b0e0dbc47790d4c1e7fa663fdb4fdceaedbb5cfd9064f9ad4ec143b3e7340e19475523385cf76cba","nonce":"45da82d75544a7dae10e9882","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"45dc4cd57070eed6a13b1667899234bab268eb8871440acad187a4e12d4be279db5c5c74c85d96a5e7bc36e30f","nonce":"45da82d75544a7dae10e9885","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"d1b437ea77291f735a2a2801a8fbc014ff7252230f64e1b2070b84ff15bbd36cef5cdb27c47e7034f7b86dfb4f","nonce":"45da82d75544a7dae10e9884","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"928718e302f0fa889f02428363a855e32255d215bccf8d1ba6be42d89ee39c3ca8dd9f77ae027731d774a0182c","nonce":"45da82d75544a7dae10e9887","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"5635eb08940b28121555ccf8ba3a1d83cb4528899a7c3a7e8593910f5adb8a28cf6a36b864b338263ad88e9902","nonce":"45da82d75544a7dae10e9886","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"200035f641f6551c3e8247b84293aa03fe90a37ac58074901f8532f4f75d2b217f1e4f5d6dd69fc2131420c167","nonce":"45da82d75544a7dae10e9889","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"89da4828b4ae96b207bf3c88ee3889cd216c889615fc83ced94b84ebb41af08d847b4839080a421f506c549d54","nonce":"45da82d75544a7dae10e9888","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"26ce5cbc6fc3ade8b713e1be38aca5e4af62e854e23646afbc67efa88e9323a15ac655b30ee4592792754e1e1e","nonce":"45da82d75544a7dae10e988b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"fb6171df2ef1ab2a3836fa4d9643315352385d25a30022f344e609000370caab3a841d706b11aebc9c3b96c8c4","nonce":"45da82d75544a7dae10e988a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"4cb8bcde92ab154ca572ff36e95e9857ac0c57abe277eaa03e19426b6c16ebfdf2a14a7412b5b90908d2ac8905","nonce":"45da82d75544a7dae10e988d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"e897aa11a51ac19da60336b0fc106e63d70352f79d2bd337ba1c8f05d33629e613f54eea7257ba0d44c4731ce3","nonce":"45da82d75544a7dae10e988c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"a334055e2ce49881fca650f996ecfc99b57da3d4ec53591a4cb05392842e614cd0c03a4a7393256f960a02e17c","nonce":"45da82d75544a7dae10e988f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"e7be7cba93751285880994b39983b41bf6d10a384cca4d8abe28574b78a265cb7845f7b23a600b0c8ff557cfe7","nonce":"45da82d75544a7dae10e988e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"674d60ecf05676981b42c90e55b12c46829e7f21e91e6a52cf72b70428e7395ff4b5c213f3eb9437f6610c7d84","nonce":"45da82d75544a7dae10e98f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"93fd7b89aaed883fd441eeb220699478560a1866a14e5a8258c367b375caf6bc08158fa416e6b2e7ae1efce762","nonce":"45da82d75544a7dae10e98f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"bfde133b5af5b80c4d6a2988a248664fc8fa8139c705d37414bb56e17f1a71e10949551d8e13cad3c79c7890a0","nonce":"45da82d75544a7dae10e98f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"a3c50e9e9325632d28f257ab55852535304c1aee767d14c64657c11c95a888d23b71f1304c0e7f06f6db63bfd4","nonce":"45da82d75544a7dae10e98f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"dce03e4056f42f04b39ad4679916721682e60e5d644ee2a63177aee043ba3e61294e4701bb54174c1912587f54","nonce":"45da82d75544a7dae10e98f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"e71528f00f1539a4c5097981e8c8bfd70ec20ab6a77e8dbc42aae61f1c770ad5ccba0737041cb98394dd5e2428","nonce":"45da82d75544a7dae10e98f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"a622f2cc0cc1e6e7d15569d92d261326291fa3b45c56f1b8d7fcda8dc8a74a8e13552f9b191b44faa267af9256","nonce":"45da82d75544a7dae10e98f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"0270654996080b762de1b3a0bd7a3f2c699da2fd5dea39d6be219b9c8eb3780e12eb3edb598c7dbf8f58c4eb8b","nonce":"45da82d75544a7dae10e98f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"20dda865a50a1f7b1ce966372c45c7f9a6f246d81408bd7976e5b77ec03f61046a5bd14d223ad9c3abe5daef3b","nonce":"45da82d75544a7dae10e98f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"ec6337e473b7e58f63c9469142b7c2d8edc33613b91f1cbc55f5ff86ac41e8b83f516f919af80a9421c5a02613","nonce":"45da82d75544a7dae10e98f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"927eb59b9ccb664c50bc977a7b2159ddd00a102cf32a5ae2514d1c29ae1c5f5cd282c9f9faf367f18bb33d5b9e","nonce":"45da82d75544a7dae10e98fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"2db038e861607f90d86c894f5fe9b8aa1b8a7e2c726d2a416de3e6b39e620597c41224b4287cc99a926407a701","nonce":"45da82d75544a7dae10e98fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"ad480ead8e77fdead3171f946bfab9b3433bc071e502956ced2c49386f1ab5c391ebb9475976c4d94feb6091c7","nonce":"45da82d75544a7dae10e98fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"a2d2b0e0cf4b24c760b088d2008c526b9041d00dc4a9efa0575f11afe950ebc03a4ee4545018b0646c1d5c7a83","nonce":"45da82d75544a7dae10e98fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"55947ebc63a9d84d9eec88c14c11175ddc29d8c9de35a3b4edd47edc31603a4649a22a2d542912d84b0481ca3a","nonce":"45da82d75544a7dae10e98ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"82d1a2be8c8d6aeab9fa5252d66e6010b544530e68cb5287ff63bbbfb1390e548515fd63612dd5454e27a00044","nonce":"45da82d75544a7dae10e98fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"6175ac87efb3cc9298e5413f51b192d3616dc210279aaedc86db84ba6fd4f67be500e93cbc33fa7b3b78afce0f","nonce":"45da82d75544a7dae10e98e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"e90f58289d76bb55f7077644f4130ec42d86995b0563bc4d07d3b14dadf19e8829f2f0fd1ac01d63421841151d","nonce":"45da82d75544a7dae10e98e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"edb0a1575a1f7420f7daced27b0146237ab4395b6a9d11b35556967cc28866d6815d8c920875306fcd38aff977","nonce":"45da82d75544a7dae10e98e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"8957afa839ab87a0a00fd4958485bbdc7811328cb81eb6ea6e4f9b42b3bec02ac18c6bcfb241e6c12185b74547","nonce":"45da82d75544a7dae10e98e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"a3dc5007d5fd7c596aa47028535097b48ca880a7a4f72de38b478dc7b597f3bbf6212649cfa43e765c6f741c75","nonce":"45da82d75544a7dae10e98e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"12fd09b6938e54bd128814c46b356b82562fb9750e0b43c24a2a851da2b710c4ca6dbf21d292500ffef1e15660","nonce":"45da82d75544a7dae10e98e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"ce0e8fe8d55607eee331b82c4a67b53ba125a947fc3ab29d010aeec1903407774d336053f52243cd3241731c62","nonce":"45da82d75544a7dae10e98e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"61ce87467c27006e3695194efa3cacb1ab623b04e9dde80f0c99addd0f87631d6354839d5da840559ed797bdfb","nonce":"45da82d75544a7dae10e98e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"c4e9e823cafa7575310e64165473b059c8498d9b3fe677f6da81026965aedf26eaa602fdaeadcfa9fcba33bae5","nonce":"45da82d75544a7dae10e98e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"3d37a687cb901e9245a747918a5688d5f2e58cbd73831e5b14d88a282cd115492187d3361f3c2a80dafb33c2a7","nonce":"45da82d75544a7dae10e98e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"e2aa5eca31e4973807ece03bd3a059c425a08a6a21c32f9199e590c6e78e5f23b320a634827dd07d5ad2bc24e6","nonce":"45da82d75544a7dae10e98eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"6e2315981c922cb0695f51f0eb426c673ad16892eadc3c5ddb84834328e2958bd3b5bb2db17852a0a6aa9af911","nonce":"45da82d75544a7dae10e98ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"48a241b6931bfdade83041c04b8dd713940656e5698258e9df363e265b44cbba5be3c634fe49e34790eb9f68ec","nonce":"45da82d75544a7dae10e98ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"c5f3c604fd36bdf66ecf29110065c7b85f3fce836fe120b38213be02f3dc184adc289185fffff219f6cff79889","nonce":"45da82d75544a7dae10e98ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"d7df1ff64bcb0de2c20ce24fca9f312d8557996c84b0bb3086ec77e3995a196bdd5dd5913a8e1b616d69a4ebd4","nonce":"45da82d75544a7dae10e98ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"59fdc859e63047d30bc2fe13b92ef337c01113b7fddb2c172e9590b9e026f2331501e8c6daf4e1892c47bdbcdd","nonce":"45da82d75544a7dae10e98ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"2f131ae80b9663431da4d72cb5e4e21335103b037d7acbca9a0ca9dfeec41dd814971ebd903993d99ed2ae3828","nonce":"45da82d75544a7dae10e98d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"63536064097c7b4afad8378d87b646237d881a17207f1668e1d1a99f919b55ed1eb1f87176a08fe14ea3f9a9b6","nonce":"45da82d75544a7dae10e98d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"224b8cb3db93c94d7c517cb92a5c1ce60bee84a4bdf0a85fa122ae36e248249bc9467e3901b421a63212ed180c","nonce":"45da82d75544a7dae10e98d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"3e668b85b97486f026de9e2c8a2bfaf6f4af11f34a73dedb5df6572cb8f38c4806bdb521940f89e6aac4bb18bc","nonce":"45da82d75544a7dae10e98d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"ff1f4a1c4f65b2ab59eb652f967da30c46e2843f1012ab8a66b0c0c220af95e1fadc6ca8000ffc1f72d4ae5054","nonce":"45da82d75544a7dae10e98d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"423a721d09721afa9f4d4071770c16f1b3335b370c9117df0b940e8eacc774464bb46af8b811d0cb33d2cee63c","nonce":"45da82d75544a7dae10e98d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"ac40afa0d64f1ecb64b59f3a0bfd0745d7aeba2294bae6029788263015b7423411d5298ff9e2ee44afcb419cad","nonce":"45da82d75544a7dae10e98d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"6ffe7f2c7cb15794b915db8b26f48370e165d91ec01fb59639cd158ec42bcc5704324cae94c58fe388ef01e82b","nonce":"45da82d75544a7dae10e98d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"aec2a0d9dbc5a2c2e1ef62f413866e52208e98cd168ed80a5481c599590b04c80cfb747f685ce1444d65617638","nonce":"45da82d75544a7dae10e98d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"39c115cf3776be7873134923577b8375a6b967fbe616b4aeef61eb670c51ad7406d7c2d53e449e13c9ae5396d3","nonce":"45da82d75544a7dae10e98d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"4909abf63083195b1396fee21043293429d966575803475c03f7e7cb86386ff1c9ec284f2f787836bead5fcf77","nonce":"45da82d75544a7dae10e98db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"928853fdc91465fb6b5a72ff438f246e94bae784c0b2a9b0ec1bff29749db4683d015b05aadb8a6173b5cb78df","nonce":"45da82d75544a7dae10e98da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"14e9e5df61a38a9dd6d8c1e781f2237387bd7bb4e1550ede5fd20c46136510a31fbb0bd68bdb6bbcab15006aa5","nonce":"45da82d75544a7dae10e98dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"4b625cea1e26c67821e73aab16e7cfb1a63bfba835dfc1ae00f477ffe7077a776799b937b64bc6d865d46f34c8","nonce":"45da82d75544a7dae10e98dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"5e7f3d12096dff1099100e831b49993460a225593296fe969845e058f575829940d121810d2652034171768036","nonce":"45da82d75544a7dae10e98df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"a7d5f5f45bc87890909e11e65b89e5f905596be0e801846e15fc2eca22e2be4ea2cfa08209ff411d31a5722b22","nonce":"45da82d75544a7dae10e98de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"bb2305166707e9b50beea079eb3485a50c1a9da3b39827f2c4deb884d50dbc33ddaaec7dac31f446aca17e84c4","nonce":"45da82d75544a7dae10e98c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"54274eadd0d0ee2989b34cc48832fc2749a3dc2d0aa20a5bedbb854bf42a240458134390ba5691cb2edca75e24","nonce":"45da82d75544a7dae10e98c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"dde36b2e23ecb0eeda2e2db78700bb584f757be6e85d1da217e1b76df719304042f94aaa23cd003b1c0f504bc9","nonce":"45da82d75544a7dae10e98c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"1067a93c7153c1171119cad763c60cf6c17bb24451c9c5ce2eb15c45c49458abed8ab99d18eb92740220323a7d","nonce":"45da82d75544a7dae10e98c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"938f5a141e93b5ab7395d37e4e05bb716987e2042076888431419cb2dd2479d00dde651fdc697dd7acc52f5207","nonce":"45da82d75544a7dae10e98c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"62fda1d267cebe73654fadb7deb07b6b70e0b68c65f01f8ec18c3c820fe8f3a53529acc5e193a2863769ffed66","nonce":"45da82d75544a7dae10e98c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"687bc4c84fd3b1bf0d83f4695692d3b2e064194464fb5d3f02e68ec8ffe61c7f75e7a4ce73ab5104b1549fb539","nonce":"45da82d75544a7dae10e98c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"f85360cf4f86991506e475cd936d02ecaf13b0fa161b98f61cee1ee7a3cd3a65a748957a905b77324d911845b2","nonce":"45da82d75544a7dae10e98c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"4eeacff06e38a96c213b9a7b23070818b2b6d1e9c26f4859f47966e1eed6f100938fbddf508d18b390ed9b70ac","nonce":"45da82d75544a7dae10e98c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"20dd01160a3da9cea008f6546714c684869e952edff04069f0adc5e1181da40b8570e2139f41f2079fa6d68a12","nonce":"45da82d75544a7dae10e98c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"dce64c5f5a73c89277dff14b16585bb39de8ef84e5bca8f643613070eecbf7f202a0ca1361fb396e6eb5895950","nonce":"45da82d75544a7dae10e98cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"52d15c412ddf41636a2c7dc09358ecf2e39362abd17e4716bd74ff8951b413ef1606c151d52828ed4a33c48579","nonce":"45da82d75544a7dae10e98ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"79e9d5005cad488e9d1ae2c7a01ac117d8bfb552340c25c29c069ddaab1987524be21ac407dfd930b26b66cb27","nonce":"45da82d75544a7dae10e98cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"df378cef551a816192ae6f000b26701b0286f38cdccb6e0584d49dc89929ce3a30a51936f719e93edee073aa50","nonce":"45da82d75544a7dae10e98cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"14eab889dc61c95d54d8166c7789a68cd72d9f2941b0aa4bc8bef27a0ae0d74d97765b70c035212f4db8238a44","nonce":"45da82d75544a7dae10e98cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"2eb3dfb04bc90e54ecd09bef5b6f3e0f32856fb8768d5b7175d21034fd81838062012ca0efc83918b092a87f7c","nonce":"45da82d75544a7dae10e98ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"573cc95967540f5babdcc134b892c96ffda5176c36553890c93c075a1de1bae4c683a08e386825858e599f41d8","nonce":"45da82d75544a7dae10e9931","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"dbcb43aacd922fc610f7d344c0a85a12c778a98de01a94a8d9013c7b1adc1c5c"},{"exporter_context":"00","L":32,"exported_value":"8b30bd4113462e4b1294aed78c61b21cda0008a55967dcf5950b8ece1b532473"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"23570916bb52bc4b83b98fbc640d521eee2244f42b75b6fd0b4ed7ffcfe6548c"}]},{"mode":3,"kem_id":18,"kdf_id":1,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"9b9e1102922a799135fb0da419932a5948bb49cf5bf72f66517bfde4b85dd07c2bd0cb23ba6e56b257e23ad86978d218924801783f81fcdbde6ac467a29a3969309e","ikmS":"21726a97a2f701765202fac0a2420b2d0184015cac91221731a27d8821fd54241dadf55d4034236da54df87c9cdd18c10b60edcb076ca421d716faef668f95f45d89","ikmE":"c1bbed1e99d49672e94e765946244124ba12f9f6e311f0e780ad34dc2d5693d72eb11939f67922e976c2c9c27fe50977a85e470f64c963c0d33aaa6d3a31ece4cf41","skRm":"003de4f3598ff9c250efa793d0860a3b72926aa851e911e1350ab191a31d1c887cf56a5d5bac1278dd911e65e996906bfff166f440eb6d7b31c91e34feb06aa2398c","skSm":"015fe14b0d7e41d92cc4737dc12e460677ff250b90512dfc330ed16c567849ef75491cbd93e168543759dec5bb4857feded56a47089808a6a5c6be6af7b46aa6c18e","skEm":"00a4149da44e7a0bf65d02995521b18b18aa8f4eab11758e0ddb02e7be778bfc6e852e9e7fc0fd0b3c91b9905c0fae5368bee1e82b27fa2b73c51ec3430cac727428","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401155517c52eab850375772ad82adb0a829f6532953a4683e3618d74d1bc4bfa865f1ac8b45b3399764dbe399795aa91c8f14399747631286417ee1c1f82afa7dc2d01c4c4c11af9539f16e895891996df4f7a49226b543481612be56f8147d4b1f5e27537324bf1148b0c63defa7efdce3e2264a63dc2520ed173510f3be437cd8d548e","pkSm":"04019217082e755b3ec4c6db3e05fb707020e1bfa3e739d304ff42c92fcceddf03ad2ecaea1181830078edc065c13d08d7ca611536e407fc5dcbe4763a098a6edfef65013aabc7ddcfc5bfce0dfabe31bbcede6728e3be66f783332903d3e1d54f1e7b1ed3632df7ca00c72d0439d4b14c17d52212b5999bbc92c6c9bde3a5da1343f13fea","pkEm":"0400e5adef7e178bce0c908cd5122f337ee0f8dc5cede93b6e342d7de0a19f4487a13b63a7ef98131d356a8658ff8a42e0dec9bb7022187c282a032191609fd65dffa80024eb16e156af999055e7e11d842232e9e3d9be9eef33cd2ebd6c348d863e66f18701cd249c7ca907131ca98b775b3acacd1e0c5331ff574e8e8aa9bb2f204b4aef","enc":"0400e5adef7e178bce0c908cd5122f337ee0f8dc5cede93b6e342d7de0a19f4487a13b63a7ef98131d356a8658ff8a42e0dec9bb7022187c282a032191609fd65dffa80024eb16e156af999055e7e11d842232e9e3d9be9eef33cd2ebd6c348d863e66f18701cd249c7ca907131ca98b775b3acacd1e0c5331ff574e8e8aa9bb2f204b4aef","shared_secret":"1259bdd55fa19a54f83e7ce8a76ac50fa4b3b806e4570a07a474e2e83b15434126df0c1a1061ba10b92721278293cec27b44c25329b67283a28391015272e78a","key_schedule_context":"03a5aa7a15c37a7f4d7cdfd2ccb134e4c19b3f782db2da917f6020ce2f1fd62b4497e18b628ea977f60a69bfa0647402182d019d3a0b59d2dd03624d028053dee1","secret":"09d1251b0cd4277bd7b223136ebef608074ffc21dfdc0bac11046a50d32d9a1a","key":"6c92626445d925377438c758a713fa26e50eaabec852118b9b9eed7f54cce894","base_nonce":"3b29b8bb622ba14d9ff4d4dd","exporter_secret":"45caa601cdb71555ca48db1b72e2ee49f22589d43d4ce5a54cf1c9fd05da24a3","encryptions":[{"aad":"436f756e742d30","ct":"d112aaf02c1d29a86f07dae92dc20d5756c8fdc2fee0d1516155bd717c8a90ea092271472f84ae45b136cf65cd","nonce":"3b29b8bb622ba14d9ff4d4dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"2c5acae687df5ac8360e8e2ed9134b020123784e2c0257d2bbbe93d877efb39b0d50f27e73e67c16817eee7f66","nonce":"3b29b8bb622ba14d9ff4d4dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"aeb6022f9351095b58042a7d8a2a4ad8d1b5f0f3662542bf6606527dec730d891eaddcb0957706e123305cb10b","nonce":"3b29b8bb622ba14d9ff4d4df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"2005896a6e5533a3ba1e6e66eb96357417c3a724323ed3eb2f22d4f8477cd00d47314af42c9fffaef1e36fdebe","nonce":"3b29b8bb622ba14d9ff4d4de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"9de86b852f485f0f166518f6fd1b41e98b6d9a05e5190ea511bb91732f6c74926922dbed87adac4c0079f962dd","nonce":"3b29b8bb622ba14d9ff4d4d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"047472d790c75dc9845069e895fb34e9d6ba019099cb2569d671abd9b656e1a52506ceaea216559f44969c9d4a","nonce":"3b29b8bb622ba14d9ff4d4d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"6fe0ef1f991578c4b46a15a70e9bfc8ef28fc528d2c6cc44f995ea65851ea61c2d6cf5dd312f6caf65c83c03d2","nonce":"3b29b8bb622ba14d9ff4d4db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"6a6195a145437a006f658169dd39932e73dbd2afa076a86460cbc58a552dbe82a155ddb02c6e7bdd4b963be350","nonce":"3b29b8bb622ba14d9ff4d4da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"363a7acea671a74ccd40c227964ac7314c1f9d99320d0fce3841febdf94a74bb743f42403514e9494bc119a206","nonce":"3b29b8bb622ba14d9ff4d4d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"56bdfcbfef5fbab3fc9f394cf7544287ea878904cb1a10a411e11ff619ef84f70509415c8107b436bdc9e10a9b","nonce":"3b29b8bb622ba14d9ff4d4d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"ec17c47a78bb4f72f24530c9b8349613233877e6ceadda33a25b59478f7babe67c37d8c9e84025ac0cebf44dfe","nonce":"3b29b8bb622ba14d9ff4d4d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"53517618ddb868ff43acd468a70a36b65e8dfb75edf01d669f0bdf9e3bc36df87d77cfbad5edfb73491448d9c8","nonce":"3b29b8bb622ba14d9ff4d4d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"f90b0ff2c98eafee7b094618c9ef7fc7ebf565f4113242bc79bfb434966283c40b2da8644ab09ca16ba0f0dacb","nonce":"3b29b8bb622ba14d9ff4d4d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"4cd0dd2ac63c4c4633bbba41b11c3f618c7fa501448c788b5229779c2f4a161633988f6c34f2f51ab2897ae28f","nonce":"3b29b8bb622ba14d9ff4d4d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"7bf0da82b904e444851aeaef71ccc02330df1caae05772e5b65a138b48ad44d3fd03c432c507dcc77239978fdf","nonce":"3b29b8bb622ba14d9ff4d4d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"3d3b45c221d5501bff16bec491d709a2bd3a0a1e4c7c95fddf5a98acaf671d84c7ccfca36a00de697e14d51ad8","nonce":"3b29b8bb622ba14d9ff4d4d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"b0261c0cbd31470463e4550a3ded925687dee49ee8352f9c189eaf084632910262a07a4c78915fabdf9b450fd7","nonce":"3b29b8bb622ba14d9ff4d4cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"28d238b35e34f70cb0ce2c1c1105e60dc6672275d6a61a17107123cf32a0a8f21f5449bb06fb649eea995683b0","nonce":"3b29b8bb622ba14d9ff4d4cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"4dc3b7b13e32d3a7c547d57f23911e9ae6a8c5fc5efe343e7512ff2cdf0e52fbea4ea11605fd3f27c8158d8488","nonce":"3b29b8bb622ba14d9ff4d4cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"b0dd8fe8cd8a11d89a7645bf8dc34947babbe3f87d16b1de483fb3365e7b37065da89af14679a6f5110a68290c","nonce":"3b29b8bb622ba14d9ff4d4ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"2301ab078909f525634290b246b0e57dc45beec1da5b067be9feace6bf7a0f0cbd25a7a24f0a0e1d729481c623","nonce":"3b29b8bb622ba14d9ff4d4c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"20a1a54fbbe8f935fd812ba680d474c850fc8788d2a8856eec950596487b7abe06ab9bdf1a79b215c50bf218a1","nonce":"3b29b8bb622ba14d9ff4d4c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"4dc4d8e6395270970ad544cdbe04147deb09a139ad6d1e6e8140f16f75a033e21e762ffdc80a2b0ba88032d29d","nonce":"3b29b8bb622ba14d9ff4d4cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"6785583e0f2eccf5602975f3f0e05f846c1d40e0f8d69ddb885974018884c61cab87693b055eab85fc815216a9","nonce":"3b29b8bb622ba14d9ff4d4ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"2852e37acb4d0603e2846576ed4b970374487bf29499f8ac011f05373325bde21a61e6f6b216404c5d2671e9de","nonce":"3b29b8bb622ba14d9ff4d4c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"7bbf4c5025526bb8c8ae71d35ba5bee8715df05f0da3b161602a1b427ed554ab239c1c5ef448c8e0e3c639ff2e","nonce":"3b29b8bb622ba14d9ff4d4c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"94cc5ad18173fd12da1dc9b53574ebbf2507589d6b330a44f569757de79e46eacdcfa801556f1e63f8cff6e8d2","nonce":"3b29b8bb622ba14d9ff4d4c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"7f72ab4bb7bd6cd9c4d226b6d1e52d56d10f5013d98d7e5836ea59e32589c2f0b59370bcb7c16af49d6675905b","nonce":"3b29b8bb622ba14d9ff4d4c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"8707f989d445c5f2958799c1552af05abeb7f30765a9c70b75dcf5c62af26794e22e0fbb263a74390a94cda374","nonce":"3b29b8bb622ba14d9ff4d4c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"86f4238b0d02b8f4104012640ed4e9c4bfccc26a5431ba32a18f31bd4be4d8f1de0e180dd0ee6d4f4939d75407","nonce":"3b29b8bb622ba14d9ff4d4c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"e255d03cad6faf2fb11fdc93e0f4875ce8af9e3b89e5217d9756bff6a05807b7c460c7c6ad48f2b772569ebf0b","nonce":"3b29b8bb622ba14d9ff4d4c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"f7f852f1de7bc9376ecc82e9cde543fba281fe8c50ffda3a8c6044bab3139bab53450329fcc41a6c1f14f31359","nonce":"3b29b8bb622ba14d9ff4d4c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"7979a6ab065bfebc48b1858001f9a580d07c04e87e12c487fc57c915c551e6d6fc9dc5e03c4e7dae8d97990116","nonce":"3b29b8bb622ba14d9ff4d4fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"77916946299064bf1214d627d60d5cc45b30151df6dd4543a19bfbb4a9f8940eb7b16e987789469c6e71f9f168","nonce":"3b29b8bb622ba14d9ff4d4fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"25be3fc86dc70fdc3ae5cbdf855181153b85046754a24bb723f056320e0716020e34aac85e3281e5491ebd6ba1","nonce":"3b29b8bb622ba14d9ff4d4ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"c90a51cc7480c1ad44a22663348294e64f1c0a64eac67b460d4c9b6f7205a9b830c214a15ac215cc2a6ee9ce9d","nonce":"3b29b8bb622ba14d9ff4d4fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"7ecc8686e0b64e0dc2b8c7d5601f8f0f43dc80948cce77fa0d4966721fd53cff142709c9dc82c16dd3f4de0480","nonce":"3b29b8bb622ba14d9ff4d4f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"1c87a9671b9c7558008b0464c56c59bccae4f05a1e344df68ca1bce0b56a5e82c099e1b4c2d0285463b8c7d279","nonce":"3b29b8bb622ba14d9ff4d4f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"5215089802b475c8fb0b579beefef5cc9c0b1c86eea11b41d72343828fe4d157b6173e9e317e46e68b9a4e9e45","nonce":"3b29b8bb622ba14d9ff4d4fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"3a22a44fabdb56e3b111615d281e9707b6aa3f5fe9bc3af000f6d8118be616b859a3d4c083880d22fd3c576e0a","nonce":"3b29b8bb622ba14d9ff4d4fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"108cce2d77bbbe90c3f47870bf0723b8c0fd5f989571472c10921bc0e76fa77c6316efadd9e87005f2e7750b03","nonce":"3b29b8bb622ba14d9ff4d4f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"edab2ab21511cb9984d1504aca03c34d904633862cb9cb327ab3234fd73dd98c33da2bd4c1a77963866a090966","nonce":"3b29b8bb622ba14d9ff4d4f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"5ee42bba8959467cb90abbbbe8954bf0956cadf006beb54c917f35ab9a5d2bb121b9e71cbbeab1f57291f58db5","nonce":"3b29b8bb622ba14d9ff4d4f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"404ba9b1e15554e49a17dd7dfebcf9da9b5049a63a95973dc8a46e7d3936a032d97e6d5208e84b51706c1b2ec3","nonce":"3b29b8bb622ba14d9ff4d4f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"c3573008599d667906305cf522131afdfe5929122d70c6e335bd7fedece21df1222b0b18597e3bbe08c02aa166","nonce":"3b29b8bb622ba14d9ff4d4f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"74688b579077ab4ed63de111a2956c0b14147a9cba9085d38c96296faf0592918ae3ba57364855c167d0ac6e67","nonce":"3b29b8bb622ba14d9ff4d4f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"167a9a499792483f71a338e90eb2e7711139ef613998ae0eab91e8da9da7534f1d67236d2a191b7866f2cead7f","nonce":"3b29b8bb622ba14d9ff4d4f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"5692451e981197a0e59b5622099d0dd68d7c027858191744b1c56c09ac6270c08b5c50408461c3486cb4de81b6","nonce":"3b29b8bb622ba14d9ff4d4f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"54522896cbaeb59d80d0b5ca61f38f7bb4c134d869bdbdbe0fa389775a6ac90dd73df95d426573d864339b3264","nonce":"3b29b8bb622ba14d9ff4d4ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"4cd705a5aa2f1d54a5206a2b9cae04de6cf756e0a421b719701f15b60579988c1bc49cf311405b65214fef63f5","nonce":"3b29b8bb622ba14d9ff4d4ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"c325ebd332bb5c2b8968821f2c7094d8a3da1cc5b0c072a8168da429389a23af00d45d8a1e0b3b14bada92670e","nonce":"3b29b8bb622ba14d9ff4d4ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"456e8ba2100aa99a70d4f679b9048bb10743c0cdd2f374006518d6d7d612b44b91af3144fe7fb7422b9c97af44","nonce":"3b29b8bb622ba14d9ff4d4ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"6f903cd3500e16783a94704d6882b08f25bea6051e3ccba8fabd2d146eb5190bc7591848f9d76163cc68bfbbb8","nonce":"3b29b8bb622ba14d9ff4d4e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"bfe3a47a75ad9b3405bda99eeafbb502fd817c1976bd279d940b7b59b610e0c37b24b98b8e9edcb3828ffd0842","nonce":"3b29b8bb622ba14d9ff4d4e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"46eccdfbef326366c377295222353e8c1ae3bb932e7ffe2807f3c824d2d15956f0a8b4bb14251b531531e597c2","nonce":"3b29b8bb622ba14d9ff4d4eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"8c170fc3475504f295bf4d84fcf4009b94fe36eff9368b775c884291f724f1e7c661922c16fef98d104b3f2119","nonce":"3b29b8bb622ba14d9ff4d4ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"2374a1a11a8f5f8db9cb8004956d7c4c6960017fac344f39a2ccfb1ab96ecce3912717a26a538ca7fc063081ff","nonce":"3b29b8bb622ba14d9ff4d4e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"01efa54b2a1a92879214e706bf9db8c8e39f4a6310320cbfe7c5330f970d9992fb8590d271fdb4f3cbd4cdb0a4","nonce":"3b29b8bb622ba14d9ff4d4e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"25f22aad8d82411a0c63b48e8b25f1a51e7503f8ed418d4ae5ce80f25030439541d4b65f60601f874b9b8a4693","nonce":"3b29b8bb622ba14d9ff4d4e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"844831648e177bcb0345cb2c74f8934f357a688a4bc3533ef77e461eaaaf863e77ab95f6bf595f59e80d369ab9","nonce":"3b29b8bb622ba14d9ff4d4e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"2fc634a5e8170192e96c8c8ac1a1a8252467b2c824da5a5fff51e4ad177101139ca14111a03fa1dcaaa510bb77","nonce":"3b29b8bb622ba14d9ff4d4e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"4dcd4ee842023637dcd56c827b12a14d9326006e57ac78092f96bb274688c2e8b23236eac64c76d4ad78abede3","nonce":"3b29b8bb622ba14d9ff4d4e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"a5316de0adff350e38d287d2fc654d3c62d79d37dcca814edae098c0b94d4f3f1f6acb63197f13a7826d7aaba6","nonce":"3b29b8bb622ba14d9ff4d4e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"851b269b88eb5226b8fa30fd917aaf7a28c9236042061c9676ba49b44abbd3f2521caa5831519f7b378e6f915b","nonce":"3b29b8bb622ba14d9ff4d4e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"d16a8034bb73e4199552d3110868a0948e799c36cc7abb39c76c56517137f57cff0176209a4dd142476f4db508","nonce":"3b29b8bb622ba14d9ff4d49d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"18c6ad51e277a504528b1cc6f28a17d88d4edd03eabc0cc2d375a737e02d5ce92e0f1389578daafc3073608f24","nonce":"3b29b8bb622ba14d9ff4d49c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"8f0db5b30011a027e52a10f78db6f09370e846e3a8f9e66bd67ec660f945f93fc08da75b16e5f621c7ce9fc6c5","nonce":"3b29b8bb622ba14d9ff4d49f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"4330809b99a085db4f19807eca2fb05e9c16c63a041803d6f2b48a23d8525cb222d93e310cd05c13d411398b2a","nonce":"3b29b8bb622ba14d9ff4d49e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"af4e95ce6c0af61f50f344732da4fd32aa085137d144f44ee8a92587401a418fa37d1efd4c496806316c5fbe20","nonce":"3b29b8bb622ba14d9ff4d499","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"c22f7a42f842f70ba97b51eef7856d21ebd0e0492c5c45086c8bf0787fc8f41bb4666b2acd8e3a0bf3365d9a70","nonce":"3b29b8bb622ba14d9ff4d498","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"bbd42befe373682984bbe61b98dbeccf531792d299ded2922e0b1e6ec5899dbff1e8a5b51e22099e0c0a07ac1b","nonce":"3b29b8bb622ba14d9ff4d49b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"25fd9242b0f8b827b5d497141da39916cc8a7842e9a427af0a03e994d7da8cb2ac4f1cea7f564944570dd34533","nonce":"3b29b8bb622ba14d9ff4d49a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"0a7aaad9f6beb172faddc1d4e24e131a8919fb2e0ef137635283b5b3199243bde46863ae3625f535ed13ed2d37","nonce":"3b29b8bb622ba14d9ff4d495","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"576aaa197bac85fb635af63754566cdfd84469f9ae80e05907500d92f8a6f1dddbbe8092fa888068ecdcf12598","nonce":"3b29b8bb622ba14d9ff4d494","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"775b84967ec58282c60de8b558d908982ba292848fef35fced87e8fc703f1094ed8db22cd50b42d87ded089fcd","nonce":"3b29b8bb622ba14d9ff4d497","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"cb3811f4e932a780f7beb8bd715c0472757e029f1bbdee3a88a7d18d109684dce9854e999717675f98b487cc01","nonce":"3b29b8bb622ba14d9ff4d496","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"aa3b134ca70aacf69eb7dde84650122d734f876ac84fe74783895041a814b7f7a766ba5e403ab40ae184b636b3","nonce":"3b29b8bb622ba14d9ff4d491","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"6d199dd8b6b6afff7007cd706cdad7652323e449264fbf5f33f052fbb5442f43e3ca393616813c93f7e9fbf8f8","nonce":"3b29b8bb622ba14d9ff4d490","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"62c947838f03a560810731bb86a5c510b4e9dffb554e5dd2605d05c1eb4009d71a3e5ec15229c66722c5c8e01b","nonce":"3b29b8bb622ba14d9ff4d493","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"77a8f87bdfcd596a3c5506f1df2dc7acfb76072d4eede493bf65409971879612bcfc0d2313cb5608436fb12575","nonce":"3b29b8bb622ba14d9ff4d492","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"a4f0e8053efdb822a60edd4595d131c0d9f8d8fa27ab2aeb72fdaf5d5e92a5baa4afda0918d326f17caf6350b4","nonce":"3b29b8bb622ba14d9ff4d48d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"770808716e5452a74a61a3977f4d579d6c1c8a1a2f3fb105fbfc4f499b6db4f28b16478a1bd55d31e712abe2f6","nonce":"3b29b8bb622ba14d9ff4d48c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"c5498ad73ee4287a8680cada2734c052fb95aaf889b80fb783e512add2dfdb359b4658a42fd96f38fba63220f6","nonce":"3b29b8bb622ba14d9ff4d48f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"9dc4fb3e628c3c49c48117e91f088945b6e6e8378863a713dce6729481595a6330358a40761a1bbbe2f563a59f","nonce":"3b29b8bb622ba14d9ff4d48e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"e17e3b9edfa09353d177a34baa09dd3fa0f599dcdf12222b4196e7da7140f94b7aedd64d15b1039b1d1eb06818","nonce":"3b29b8bb622ba14d9ff4d489","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"eb81c6a2055e35429b782d265e521dc057ca02281268d8b08f1c9ba2595d39992a793c7ede2cc51d2621cdb51f","nonce":"3b29b8bb622ba14d9ff4d488","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"b925883612def3978b68f6477552eeaf81514a06626f142f9ef461f887d616cb08bc48130841d162176730c836","nonce":"3b29b8bb622ba14d9ff4d48b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"60481b68632fad569b901ce55ddf53949b2aa7b1e9cac7091e0ff808afce6c2415895549040211d986a77c452f","nonce":"3b29b8bb622ba14d9ff4d48a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"98ce280717626c4cffe908929f28de0752454a3df15c89c1cd90079f9f915444f99aecd7b55ef8bce018cffaf1","nonce":"3b29b8bb622ba14d9ff4d485","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"142ecd1b50beed70f5fb75fbab6dc60219fae8445de4ac836bc697e69a471089614128e9583788596251610464","nonce":"3b29b8bb622ba14d9ff4d484","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"2ef7d91156e642b182a33ab8a42f91a37429d18dd95f75687886918be7ab035095774d8cf6a1a9abb8b66b4df6","nonce":"3b29b8bb622ba14d9ff4d487","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"11480990f25b845b1be3b3bdf8954bb10124bcd54e02ca7fe422660178496446f15ffac671b27aa6f8ba1be00d","nonce":"3b29b8bb622ba14d9ff4d486","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"1c42be261aa373aaa1efac058dc3610d6ec14b1f90803843a015962128265dade6ba8e36a44623eaa9873d47a0","nonce":"3b29b8bb622ba14d9ff4d481","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"777defe6b9cb1bde8aa9078477e2e891b9768f96aaaff30b97db8c4eabec064e5573986b6c94b300533c53268f","nonce":"3b29b8bb622ba14d9ff4d480","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"3c48e5d270a1673ae930b52aa2560ab4ba52c15dbc7172d46dc07cf00415a8d10cca3ff00e331dfeebcc0c5fc0","nonce":"3b29b8bb622ba14d9ff4d483","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"8d4023a659f5b5429f26a420d189b5435d0d9757155bd3a7bb03c88c7a13990956a6c1d791b900b90a2887f5a8","nonce":"3b29b8bb622ba14d9ff4d482","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"ecfda7be4217b5facc952488580e5919209f65b03ea86ee9608d07f244bcdc6900d0e809e984d716136802b22b","nonce":"3b29b8bb622ba14d9ff4d4bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"052342ba91c07dfa1d0e42524b4ed5a5352f2f446ae503710165faf2b5a659993634f3e3d11ff609e92e549cf4","nonce":"3b29b8bb622ba14d9ff4d4bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"82875e480bb6b04a4c97d508ff4b162d7d277b3ba9c5b2c64cf444eeca24dbbb2dfc241d724303228c0b309411","nonce":"3b29b8bb622ba14d9ff4d4bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"cb39e49450ed29815a01293e8a3590fcdbacd78a8e0b6d943f00abe19e05515abf8effa84d8afc610cfd3808a6","nonce":"3b29b8bb622ba14d9ff4d4be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"5fbd6a2380188abd2fac46c8e0a1fcaf1d8b89f32f3fc89259f4adab5fbb74fbb9d3bfeffeb9edb01de02365a7","nonce":"3b29b8bb622ba14d9ff4d4b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"00510bdedb01b7da35ff20dffc2596b8aaec1f4d5395f9dd16a3302d04b917ce8660a9fe4991a94970e8bf63ee","nonce":"3b29b8bb622ba14d9ff4d4b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"fe88de5df8847901b381afcba317b561ab22c7131e1b2b6181201125e2267aae22c856d814cce6d9e6ca2ff8c3","nonce":"3b29b8bb622ba14d9ff4d4bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"162a6afc5120b7e3e90a4bda9f7531190059a188f0aec8f394787d2392761534f46b834a2d051d6433995200a3","nonce":"3b29b8bb622ba14d9ff4d4ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"2bb78423080ebe09340f2b0491b9301189fe47114d7936dfd69f35908d52cc1fff00fcf728ffdeb5f1c490bc3d","nonce":"3b29b8bb622ba14d9ff4d4b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"22d4b65e918d8ad542b97b022cdb8a2887126357c4c95b6660d087aaa6735f40f80dcb8560a14bd01d9c873526","nonce":"3b29b8bb622ba14d9ff4d4b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"af8a73d1647c2125f2a3d50dd02db93a69cd3c4931220caae3b578ab05c41f1486577f7196af760127bc29dbad","nonce":"3b29b8bb622ba14d9ff4d4b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"bde456363b521721e15349486c60ccaeefa4afe36d13ecb4513d4d22003fc00d1ac82aa2a415d977e1f242683a","nonce":"3b29b8bb622ba14d9ff4d4b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"f7797fa6c7ef26e73bb88bdebeb8609abba3b223ed187d030cbfcdd325b17650237766f792c24079c951021182","nonce":"3b29b8bb622ba14d9ff4d4b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"7f9e26f6bec110bd1f9acbbadfddfef4a03b4642b7341e693a8a8986fe6a7b00fdd9bb08c73a74dd9c68536531","nonce":"3b29b8bb622ba14d9ff4d4b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"188314602f5a8f45ab28f14dd74f470bfa631f3b99f589ef37f0bfa30f38d66dae9f7274f46139902aa4464f66","nonce":"3b29b8bb622ba14d9ff4d4b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"77eafdb6fd14f72f6155726ea9f8f9fc07fb85ebbb31e6927d0b2b3b9353ff42454c439a6915ff7175a6d01809","nonce":"3b29b8bb622ba14d9ff4d4b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"ead2148f22877626a8897fe3eead385a8d6fde33a255ebb6889bb21edef573a7e7dcfa466768cbce544c6ce0ea","nonce":"3b29b8bb622ba14d9ff4d4ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"4d09ae6ebccfaff07f182d973abd8e12e875793b4ec7e4b4bec49e05aa79a7ffaed48cdc67ea513064d5613745","nonce":"3b29b8bb622ba14d9ff4d4ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"94e470d3f1be07ac833ecf4ec80f0467c9600ebda4ad224661e4d8d418d4f273ba1a587269d90708b86138178e","nonce":"3b29b8bb622ba14d9ff4d4af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"73dd2d19889aee1b1f02346e1e138b1890a12cd5fb73d14773810b5ac7f780d8d7b48e9869c6f3702d49186e07","nonce":"3b29b8bb622ba14d9ff4d4ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"95dc81c420620ab1e7378040005d4c7135975e6fd3d0a44cf9b88c333ff3704fabcbd0df0049f1e08e0e807b6c","nonce":"3b29b8bb622ba14d9ff4d4a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"84d509d04c8cbee40bf9bc493222288e8351069a5210ad0a862681196497b4d1d8823469e9cc8aad0ae74b44b1","nonce":"3b29b8bb622ba14d9ff4d4a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"8acfd1f77aded5e77d47b301f4a72c08710cf1708a41143dd49c088f87ba1078c05d1c5538fe831de61528d43c","nonce":"3b29b8bb622ba14d9ff4d4ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"f28a725fdeab2a6699d7cbafb0ec9de724bda73e2b96dfe3a3dd9731c82b4fa970e9e440e1b5fe5335d57339af","nonce":"3b29b8bb622ba14d9ff4d4aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"c80e498cc80aad9cf67d2afb6d0c7fd850b37fa4c2d868728ea5780f1be5d4691b8957ed271a8400f2d4b32d8f","nonce":"3b29b8bb622ba14d9ff4d4a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"a0250ea75754ffc1636c4517eaa6a98f4cdd7375e50363c7a02b790fe5e499f658513177b2effa2b542ed61f81","nonce":"3b29b8bb622ba14d9ff4d4a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"f620c77a91f195d5268f6d50e60f0ed0cc389608468c61f49186ad4609ec3c5849467260ebd4987d117f963d6e","nonce":"3b29b8bb622ba14d9ff4d4a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"ab5ac13c34802b7f2e498c45683d13c263c7e5aacee92d29d2b2eb3549228224a262580d4af4719e96b3d6be06","nonce":"3b29b8bb622ba14d9ff4d4a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"92713b62b2901fb3d4160c2dea045acbfe7a7c98feabed25066660a157a9a2c98092f56f20b03092de2228b135","nonce":"3b29b8bb622ba14d9ff4d4a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"aa4998188676c0136907b49e8fe48a9a1cb37172575389dd04ddd18772280d63a149b4509953b255e4ef11a6cc","nonce":"3b29b8bb622ba14d9ff4d4a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"fe9e5f978e3ddfec9aa635f59b1c85fdfdd27bb912b5da38979bd502712efeb53b278f9659be8fa09dd53aa5e7","nonce":"3b29b8bb622ba14d9ff4d4a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"6bdda6016441a547c53ba3c7d9b29155de2913ef7d7704869f019647eb4528d2da532f2d74865b668aa36e0acb","nonce":"3b29b8bb622ba14d9ff4d4a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"bdaa97cc5f691bdefac48912ae03f820512f628a734b73b7ab5de88ab1f04cf59090d7ed69fcedf2719ac68dd8","nonce":"3b29b8bb622ba14d9ff4d45d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"b6c35915ffa2890e80ee54593bfee9f4a848f184ac1710be3bd232913fd86caaa224ac4701ae9a70f983609a7b","nonce":"3b29b8bb622ba14d9ff4d45c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"edef6337f2d253b26d5788c183c46b52b3557e3e6d3827f2b5f2305d8c65b0e4da845c7e1d0c3ce96697fa8863","nonce":"3b29b8bb622ba14d9ff4d45f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"ff671be24a2e1662b40d0dc7df1106148fc97b0b46699ad797bf33246479cd608a8e686e0a14de4db50e4fc8bf","nonce":"3b29b8bb622ba14d9ff4d45e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"e22a763069dd6004775c4bac02cc198c9be7f2dc40401e7f3d7e409d32ba9f2f1c2b47ff9d6280d1ac340bab37","nonce":"3b29b8bb622ba14d9ff4d459","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"a99da1889958542f200cdcd278dcf3614c06af1db5289c9a9165812419d00fbfe6ce0d9893bbb4df1f8c15a184","nonce":"3b29b8bb622ba14d9ff4d458","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"0aa033c1790dc9a61956e6300d05e3ddc6579b5f8ff9526d64736b569d555b871d2b77fc92d323dd22979eb969","nonce":"3b29b8bb622ba14d9ff4d45b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"3d32548704ba6c9383171a06c3a74cdeb5c7ae8d5a7b5ceffb4e986662ba3f38aea5fa259b357e5e1060b0e379","nonce":"3b29b8bb622ba14d9ff4d45a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"4c5ad441405ede66b1c977a28d012557508756b3a071408c96157f7462a031a63b81d06fdba63d3c15d573b3fb","nonce":"3b29b8bb622ba14d9ff4d455","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"d69bc070d1b678364dd55d9df35f788fbca0335a1803c0670e7c936cf12c5a21d2e2a18cf443ce43021d3ddecf","nonce":"3b29b8bb622ba14d9ff4d454","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"21e79acbef745660a093a39b6e21519d658fd6e6cc87a7b91e1210dd6f87390629a36dd2aca6a9dc2db6ab2a9b","nonce":"3b29b8bb622ba14d9ff4d457","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"3aab177d5170075a86e082057ffa29332aba3d065af9fb939761b45cbca70d8a0aef83cd1992df05a43bc60203","nonce":"3b29b8bb622ba14d9ff4d456","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"12ed2ac75e93a726e9b537f25bff437a9b437616c7022a5db2374c338406345d026b55b6f1093de4fc39d8d3c0","nonce":"3b29b8bb622ba14d9ff4d451","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"6d204cb7d91fe06de682433fb7b317bfa3107d2efa8f15f43ca7ddaabe8f8485525bc374c033c7f7c693d01e77","nonce":"3b29b8bb622ba14d9ff4d450","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"8e931f2b98f13e223509b8298835f66d13ad9011a3ca092cac351319a46f69b98bacf5cb7d5cef33b6d5023f07","nonce":"3b29b8bb622ba14d9ff4d453","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"f6b02ce8ca7fe5a24d3305635c94d6d3575d3b30d58af466bb624fbcb7ed55e953a0797a007742cc9294082bb7","nonce":"3b29b8bb622ba14d9ff4d452","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"250fe9f47f7042f760c885cf292f97b3d0f430ee380623201f00d46143eb8ec8499afc3b1ea71ea02ac7adb723","nonce":"3b29b8bb622ba14d9ff4d44d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"1df907c44255714cb319b946df429ece5df2446c40776f126145f06af4bf0f7cdd2a7b619fd0c009279ca32bf1","nonce":"3b29b8bb622ba14d9ff4d44c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"7a383efff086cbc221ac6ef39571023cbf57349c73341e596a1481fec2d46e740a350db3ac6a165f4a53398bae","nonce":"3b29b8bb622ba14d9ff4d44f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"eb4853159438083bf05e7710ea9c5ff30e26d141e2f88475152733cd774e7ab5f9e2c59ccc708509440cb2be5c","nonce":"3b29b8bb622ba14d9ff4d44e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"0b5292967d536bc28d0be5f792fd454d6161b035277e53f69e8fcab5bb5f8165c746b9ded436f3c53dbc04d74c","nonce":"3b29b8bb622ba14d9ff4d449","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"e87b972ef7c82abca23a8897c0430029406c4f7018023e01db9147142cb01b53042998f8b9e37e1e60564336e8","nonce":"3b29b8bb622ba14d9ff4d448","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"1cb6043af73fbe717b5459abed46e4688b12fae535b05e5801ef2b8925d15f586ceae26c8aff7038920be95ce3","nonce":"3b29b8bb622ba14d9ff4d44b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"70736b2db7446bc82f33b4aa5bdde5a20caab79a576eb21968fbf95a91a00e225780fd5cab43ed4e7105893ca3","nonce":"3b29b8bb622ba14d9ff4d44a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"d9d727e970226bc38b9ae4848c2e2a82c9b55e6c76d5b6d7d7bd59d3566e2135ac46766ad2173f874f8d2c22e0","nonce":"3b29b8bb622ba14d9ff4d445","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"07b0f41670fd9c5fa2b7dc13a1e54f897b4a108176b16f1e81371f477d2d6eed454d5ef2164f3bb35e1d832670","nonce":"3b29b8bb622ba14d9ff4d444","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"d45e7ffe7bf445fd8e46ecd10760d60d7787c3dca78be4a9ed30d59ac2af6c72d0ac8d1b1509122dda0bed99c9","nonce":"3b29b8bb622ba14d9ff4d447","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"367c19b63969c02fd4bbd3318a69048d01443c761a0a2b7630cb3f6f0ea30b318362434b923b0373661eeba450","nonce":"3b29b8bb622ba14d9ff4d446","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"1eb6c7faaaac253c4df1fb76e872da7d962b70699a7d4b5d3685981cac53d0435cfe06b8693ec1e502d4c7f7d4","nonce":"3b29b8bb622ba14d9ff4d441","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"bad729d0faab7dd85aca53de19fdb9ed637532de7026ee15fa49c32f1771740977813f7389555307b55b6b632e","nonce":"3b29b8bb622ba14d9ff4d440","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"ca1781fa8667c9017518270e25a6125bcbff2fa4453263795d798539f7bce8279b1df3dc952db361516125de58","nonce":"3b29b8bb622ba14d9ff4d443","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"8b2961064b0b57879f4cb39ddf2da653ad2be01ea9adbe4e701263d1f2c6e93746f7b9e11a6450717714331201","nonce":"3b29b8bb622ba14d9ff4d442","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"18545fa9c38f57c45d32e175ebd6ea7ee839201af8a1c7c202aa743f19fc2361e0cf1af8e8bb42cbe2ccec7afd","nonce":"3b29b8bb622ba14d9ff4d47d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"86f3c1269beb49aee5130caa61d2bf73b02223b480f9dd974d23f4b53100a33e3fcce36e448cc68a2bf637ab83","nonce":"3b29b8bb622ba14d9ff4d47c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"10896b02ffc2cda421a1e8f1fd265ffdcd6e333a5eed22414d688ee3dbe5bc7b7a51bdb547e3aa126120ac3a69","nonce":"3b29b8bb622ba14d9ff4d47f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"a62c0322aee00ee520f0403f19ed1e1495ed5e3a284ea2342f368a0ec148d83d9cb92dc43e5b5e13e9e827408b","nonce":"3b29b8bb622ba14d9ff4d47e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"71e906be7e6fc0cb27108b190ca9bf1f253cbc205d9a89647288ea0feabe5029b01a22a3b238c1f4cb3b69fd10","nonce":"3b29b8bb622ba14d9ff4d479","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"b507db6b493bfa905483adb9780c126cde17221073283364f1597378ef6b826dfabe556939429fb3d5a2178d2f","nonce":"3b29b8bb622ba14d9ff4d478","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"85cd19955a756c92566205318de57fe3237a186835cc05437080b7d38cc372f1f39ddd17da642e81c3d52d1632","nonce":"3b29b8bb622ba14d9ff4d47b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"a8eb58c25e0386a024616ec89460f032f0ca6319ad24c0a6c2399e9eaeadd8e54b2847e5c3986c8337b6510258","nonce":"3b29b8bb622ba14d9ff4d47a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"0256231aada9b47375cab1e125810dce9c89f4968823e01e1e72daf08e6ecc95c4fa0fa9815c826a4426c8f5f3","nonce":"3b29b8bb622ba14d9ff4d475","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"7fc394e6300b5155114e693015de72213dcc70d097a56127a953d1ebd5d8bbc5b6a2d7e57e6942d56bfb44e270","nonce":"3b29b8bb622ba14d9ff4d474","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"c0e30b5ba06d9d60803cc399667aad65a63b2702825464356eecab874e9116a1cd758753e428c4cc4975db751d","nonce":"3b29b8bb622ba14d9ff4d477","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"ec8c3f472cf4e1cb7457d0cb057f1d2cda232b0994d6d68a4e273edc80eab7ac518aa4a1dd9ea1bbd10870b594","nonce":"3b29b8bb622ba14d9ff4d476","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"91dc21bad1d099f9b102fecb1ead799eb4aeb36dcc19ec13d2865f8b3bdb51829e1a88911c49c60977fc48fd1c","nonce":"3b29b8bb622ba14d9ff4d471","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"f00dcc7033bc2b6336b5acdaa976e696ea9207b4a440b0c52df232d7f14bf92e0ffc9b63cc50ad13538c72c056","nonce":"3b29b8bb622ba14d9ff4d470","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"24fc7c22cc0abe6c3bbd6242d81a6a640992554ebd34f23f0ca61b960fac1cf57e50b87cbe315f956b15e5b38a","nonce":"3b29b8bb622ba14d9ff4d473","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"bf1a608082a909ae29862ea45799af694111410b7e27d69b5bf8d07a7db8b664666c78315bb8b82c932e3cc5fa","nonce":"3b29b8bb622ba14d9ff4d472","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"49cb54e3baaeccf50c2e5c77c261f491f571306e9a84b291e48947a373d1d1f345b6fffa071bfeeceb36c37259","nonce":"3b29b8bb622ba14d9ff4d46d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"40241f7607554fe153b7dae443a8f1f001da5be649cac088c5a35f27edee67c381fb921ecfc1c559ff81167b0c","nonce":"3b29b8bb622ba14d9ff4d46c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"878e6c0da635de892a9235e84ec59deaf5fb391cbc81bc77738739087f9c82a6bb246abf6749e40a76fd8a25ae","nonce":"3b29b8bb622ba14d9ff4d46f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"f88d614da483cca5dc3619c13afe481adfd97ac8b65779c51a7cf23f7d7f95f8dfa2c021aa42c4a6b33a8f62b3","nonce":"3b29b8bb622ba14d9ff4d46e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"f65d5f264cb8a09799be245ff883d3c5b5d6b97c8d7d0ab7808acba947919b1e549faf689847a0c5fe5b72d50b","nonce":"3b29b8bb622ba14d9ff4d469","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"65fe2981b5bef6f960255bb0116828a8c5e2f2b53fee08d1eb3a5ef2997a0541e4b9339351df53508d13cdfa22","nonce":"3b29b8bb622ba14d9ff4d468","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"1bf084d96f94bb181ced2bbe5de6df5499b71402987c26038978d276f76a42a713169e93f02378390e6ee17d52","nonce":"3b29b8bb622ba14d9ff4d46b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"2f048f4891bb78623c70a1130698e86276c6d04ff9744dc70a26bf54df5c36b2ff533e665b0c48f98bf89b373e","nonce":"3b29b8bb622ba14d9ff4d46a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"9007cdcb4a234147c8cb78bf684bc947ff1d673a2a6acf243c16446003a988944db9e707f2c8fb7439da6e6059","nonce":"3b29b8bb622ba14d9ff4d465","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"afc430b925d3a60096ddd0712ccaa0b39236056dd1ce393d447bc738de9f772f15f97a1fda5df1ea0f3aedaffd","nonce":"3b29b8bb622ba14d9ff4d464","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"b92cb4a6e35ada3a73d82806acd553b192bdc0ed84d9c9eece4e2f4d9f3eb3e46d11e7091ada56dc859f2a6606","nonce":"3b29b8bb622ba14d9ff4d467","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"45688b97fb3eec427eaf893ccdebf412ee1ab283c7de0f05257850c4ee47fe24602c77f828e51b6020dbe59ecf","nonce":"3b29b8bb622ba14d9ff4d466","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"7f1cdf157789aac27ab59b6332cd8a5cc5458c17f4745603887fb2913318df83f45f106ae99c55c49baa0247ef","nonce":"3b29b8bb622ba14d9ff4d461","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"c378128254cb142c7056cd8c8ebe7f36d325f19668debf5b9c043d807ae2f9bcd7c28ba1afa74d8ed815100878","nonce":"3b29b8bb622ba14d9ff4d460","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"633dca729d55ffab3e0583586706008f554f491deb975311b8b6f4ee9e1e4f95ec0c359d03350e66a343b805e2","nonce":"3b29b8bb622ba14d9ff4d463","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"dd6f67330613a8e31a232502539021bc9017035efd67b529633e1410643452b9fc45af3a1821e790f13d94ad5b","nonce":"3b29b8bb622ba14d9ff4d462","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"502317449abca82ac02bea5cf1f1df8f85bea2436279341c650e5004d8cc0f333ee64547b340e96cbef7fa02b9","nonce":"3b29b8bb622ba14d9ff4d41d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"619bcf94a6738dd752b03bc65a39d48707a5618e7a08c52ef74ba7eca33f97bf724ea43ed6d9348c8387739d76","nonce":"3b29b8bb622ba14d9ff4d41c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"224de7d2cc61ca812bd5177420a8f271dbdfda72acc5e4c4ae5b6d08248db601eb359bb84045ed29d8e29fb550","nonce":"3b29b8bb622ba14d9ff4d41f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"43e4c8ba01e3f5b26a6df0e2c37b5669b87218bc68d54a30780b784004083b7303973785dd57a23cee22a5e066","nonce":"3b29b8bb622ba14d9ff4d41e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"932a13dfd809a759d696521c7f9d3034967aaadd894e1d4e21b8ab037bf2a8af7ac7a3b6168e522613cdf3167a","nonce":"3b29b8bb622ba14d9ff4d419","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"449437eaf4d790de30defeb046c1f369f1c8951c62d1d99d9285016d849f6802c0c29ecff02b0d82dc50895963","nonce":"3b29b8bb622ba14d9ff4d418","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"d4350c14c00016861c6e230939a59bf32c54993eafc28206f8c8a0fdf7e20948d3d6e9c837da97906dae6f388d","nonce":"3b29b8bb622ba14d9ff4d41b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"d8e9c0141be989b9d9033847c48024413b378c2de6b3726949056c09fea32eb7bc6c4ed149c90cd04a4c168a70","nonce":"3b29b8bb622ba14d9ff4d41a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"e7fb78a6b71ac865db36ab7884b96a2fdb41d27ff45bedd7f0ef88436f8f538fc17877d9b03387c9dbf2b5dfb0","nonce":"3b29b8bb622ba14d9ff4d415","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"e3946bb2f7e9180c18e3ee81de7dda649b24df8f88aba805087f10f6f80b5831c07c214fd754372dfd2a4c3bcf","nonce":"3b29b8bb622ba14d9ff4d414","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"38cf6046061023dfb24e8718a2392715c29e3ff24026cd0c02a8583c67d6f98b08e899a4faeeb2ae362bf53cf8","nonce":"3b29b8bb622ba14d9ff4d417","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"8b81a37d02301b2728534c21d5648c42deb40d2d58e4eed2869823ca5e7c155aef63867e75ba392056b96ca4af","nonce":"3b29b8bb622ba14d9ff4d416","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"03e7a0a028887bff76cd50bc794a8b5b58b1140c01e29871da347de6af19dc9439c278d5b41f6c1644e295940e","nonce":"3b29b8bb622ba14d9ff4d411","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"5d0080802dc69cfe960e822d89a906cc79c71df3d36a4d17e4d4dbb3fc5049da80f54ba131daa5e39d9defe46e","nonce":"3b29b8bb622ba14d9ff4d410","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"557db47e1e51071b3778f289b09b0d951356fbf908cad7d9732ad6bd614cf861a8dd56db75038c32fbe3b81e24","nonce":"3b29b8bb622ba14d9ff4d413","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"87d3d305b5cd7e8d8d342f562b26ca977f2c21b864fb0b20964a3c588ff5762ed06c0fe1c33c22941fe0122243","nonce":"3b29b8bb622ba14d9ff4d412","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"4e398029f577c65b517b1a416122898f0861ffa70ba4b59b2e89bb7ef04392c9ed1ecb6d52db02f6651726a929","nonce":"3b29b8bb622ba14d9ff4d40d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"560cb7ed04359dff5c10468673aab664583050cb3841564eac4b8fba142b9e016540ceaea8756321cb7bbf1f70","nonce":"3b29b8bb622ba14d9ff4d40c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"b87757c71d6f65fd13a2f6609db65b05e3f822319c532f46fb18220efa2659f23e8d1beb314a177f067db1af95","nonce":"3b29b8bb622ba14d9ff4d40f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"81fb9100b379ebca1933785ce2a4260fceba1709809cbd8a3e74788721ef9d57b04736a111fb44268f110fce15","nonce":"3b29b8bb622ba14d9ff4d40e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"7a0500fe0d49378407235bfcc3eb7dfd1e45d633721f35aeb7c30878198df10bf279740c3f485fda6d674fe049","nonce":"3b29b8bb622ba14d9ff4d409","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"c724ab21263f3b36a87cca3c19413b6e44f61144cec5bad133c140af15eb24a82d9ef68c43f4244ea6aa2d3015","nonce":"3b29b8bb622ba14d9ff4d408","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"17a066b4784c0c1f48a467038406d573a5517449293a55d949d6d9063a6892fdc3e3d2d01d585864a2cbb5a195","nonce":"3b29b8bb622ba14d9ff4d40b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"790f2605b3aabe2a4a4694b3daaa36ef8eaf213271dfdb9669f9e8d5f5e192e2aa950bd22e38d2c58d59194187","nonce":"3b29b8bb622ba14d9ff4d40a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"49334a273c69a93571d36e2a25dd30f469f15552c6376f2177d1f26d4ec99489270b31e170800b51d0e54de6e6","nonce":"3b29b8bb622ba14d9ff4d405","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"991f49e0b37466bd03894c3a56058fa8c167a9f547b6c17e80eb45b53fca8da58d22f403e61caaf2de5c5f20b1","nonce":"3b29b8bb622ba14d9ff4d404","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"143ad2c317559d5cb02f41a1d14b28572f2dcf5f0363851e3dfe7b4d951c69d15e762298b5c89bf8b2b6055a90","nonce":"3b29b8bb622ba14d9ff4d407","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"689a6363adaef7d89d264bc1f40562118334b06e511baa5bb4dabeadc56cdeac29c975eb8aa46bd9cbb3ccbfed","nonce":"3b29b8bb622ba14d9ff4d406","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"989a454fa996a4e99177e4e32d4f2024bb482e9fddb6a6a5e99834b51d5de20060ece0b5581af24dd4f7c51db7","nonce":"3b29b8bb622ba14d9ff4d401","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"5335d66136a626728aa9edf392a7c4adef7cc752c84bd0531f567bd66c5541c32d5bd5760197d4b5382ec3c09b","nonce":"3b29b8bb622ba14d9ff4d400","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"aa892fd579e49920e15dee18b045d40ff776e8908a59795ad141838d9471e957a4380574286e283875b353c4c3","nonce":"3b29b8bb622ba14d9ff4d403","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"58a280f4c1d4c09953f974de9069af9f13f328affff2359ca87e005a871cc1d8cb2baa3f2e629d1f183ca9f22a","nonce":"3b29b8bb622ba14d9ff4d402","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"8b52e80f7c8080031f61a129482743f3935871b69a813d8f8395bff6fc1979245912f3379e1c1c225cde7136db","nonce":"3b29b8bb622ba14d9ff4d43d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"9d3c9609d7506d12e5ac886bb44e73d6e66405d1fbf1f2f5c36dfb4d92e057620a1f3bce6072c1b6a3c650e8d6","nonce":"3b29b8bb622ba14d9ff4d43c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"f8bbf765d92a18ddd4f3fedb6a0ad52207a119cf1da1c4730e28bd938395dacac6afb03515bf48edc1f3f50e8d","nonce":"3b29b8bb622ba14d9ff4d43f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"3dd6c09374eab6bd839f7d866a57b50982d63c852725305a53f4dd7fbfabf84fe252e3c698958ce53c7b220393","nonce":"3b29b8bb622ba14d9ff4d43e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"d0805e6e1ec106858d98ae1bb813508463fc3a638de1d2e03ed0f4c857c822576d50d94839eeb8c2fd974f4e96","nonce":"3b29b8bb622ba14d9ff4d439","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"55b9387a9f35ebefb0ec5c216af5aafca7235d275ae785ef18f028411dc1e2691ab8374333bde4ad9462246bb0","nonce":"3b29b8bb622ba14d9ff4d438","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"b183925c096727398f70a9f11cd40395468be6cb5e0b9f47ecd49ce62cc61c1bc6ed08e1149125f577c814deaa","nonce":"3b29b8bb622ba14d9ff4d43b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"c9e181337de868449bbc3919683cd7c88e1be1f188a8e466195dbfa2bc4c69428069c82f1ea8b1e53799c087c2","nonce":"3b29b8bb622ba14d9ff4d43a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"c60d5e9176feacf0d5c2ffd8a7ac8a79de8538db5ae4cf6aa81aef388d98533f26e8ce9178fc6c21436d7dfcd9","nonce":"3b29b8bb622ba14d9ff4d435","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"77864de4c7619b45e0381436befad21b057f9dedfdf2e540573188c564b0b2dbba235a180ddd5ce1f5a6b392b7","nonce":"3b29b8bb622ba14d9ff4d434","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"cca2c2e08298b21d3fca8f5aba342ffc80a5df3205d4d7dc7c3ff3a6a3bc1d65a4223845fb7dfb6ce690b55462","nonce":"3b29b8bb622ba14d9ff4d437","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"e27aa99957a14973b9a15ff3f48964c60b04a00431d05d416346f1493ad1bdb29357c231dcdbbeb03b3e81af0d","nonce":"3b29b8bb622ba14d9ff4d436","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"6eb27b016d2a2750b24706ae2c8ee497c0b97f0ef6874fce57601e915087cb460d44a1a9f75f02d2c33f6d568f","nonce":"3b29b8bb622ba14d9ff4d431","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"5cb980793df3a826850b6c9a171ef5b46ce17cede5224f64c17d7bf4d517cc55912914bfcb6bd067ba7c4d842a","nonce":"3b29b8bb622ba14d9ff4d430","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"c5b09da53a510f0c27d4e356916928b6f8110f7683ec9d60f8aa51cd5609338470858694aa8f08337713b2baf9","nonce":"3b29b8bb622ba14d9ff4d433","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"da53a8ca3854c837388e2161324accae7c7803f3ed5c8c8100030cc85da3bd2bc734dd11c43669326b5a419af4","nonce":"3b29b8bb622ba14d9ff4d432","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"3239ca0cd153fb8eba6ff3a54eeaa8bf16e14ee0ce8df1fc0e90d99c71ef6f75025d6b58c339410b8d3d4b99aa","nonce":"3b29b8bb622ba14d9ff4d42d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"e82a77903e33c4c9505185aa1e1d74695c3179bd2a9140df6bca65a704880d536d86e0f678c35f8d1d30ae7395","nonce":"3b29b8bb622ba14d9ff4d42c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"9c7069a9b6878c279ecee81a3cb4b1fd8be065000b719ae0fe7a4d6101e141482ad259da8f2372c52e58b86940","nonce":"3b29b8bb622ba14d9ff4d42f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"585426965ebb5daf86cbbc5a00a68dcc375d3391daff2de5ad610117eabb079ba07d9d0d69424efe24fdb03148","nonce":"3b29b8bb622ba14d9ff4d42e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"69de754e99f87f35e4fcad738de3f754d0f26402a000f914b1914b19caa6ca7484fbd9b5044eaa5fcb17b7c81b","nonce":"3b29b8bb622ba14d9ff4d429","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"60caff1fca8b1837dac6b5fecd716789169538aebec9ba03e6eacbdff8f74146338847c73ce04a4723d0098b44","nonce":"3b29b8bb622ba14d9ff4d428","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"e6bb10858bf61bcd07d6bb3e01a8a0ac24d25fe449155b11685077800a233ce8552866ab4eb1bcf0a26911891d","nonce":"3b29b8bb622ba14d9ff4d42b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"531cd658a1b67b10f30bb2de0ffd72963ba6374849859d0b6af1d2a6d635326aa6dd87ce1cc3a418a4c9eb4888","nonce":"3b29b8bb622ba14d9ff4d42a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"abb7a42f0dcea455097359aebea6955747f5f30c53b24399205b0aee4426210c9d7cb6b5ac2568288c2a78fe1b","nonce":"3b29b8bb622ba14d9ff4d425","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"0ae8d7e7b333f938e18feb71f04aa7e101409e819752b1bdcdc61f2a3a430b8f842b75b9bfc521de6d91b4bead","nonce":"3b29b8bb622ba14d9ff4d424","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"8199d526d6a02024ba699758fdf0d628445b390dcd7e96e9de36a9c2f40ad7be11bc567e4353e1ead0817f194a","nonce":"3b29b8bb622ba14d9ff4d427","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"76bd48cfbcdaea8a87307a1265e774d094c529f72fe0d5d66b054eb074b8827a1ea9961e55b59bd0bd6e21d286","nonce":"3b29b8bb622ba14d9ff4d426","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"05b90ae9a0b40d9acf2eb1f9a5673f4474241f4ecee2d123a8966e1efe1d44ac0c2954249fb6a2d93056c6e409","nonce":"3b29b8bb622ba14d9ff4d421","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"763ee638724eaf3925ec402eb9d45062921b7ac14484f97aa47bc62c6745046922220568091f5cd2aace5222d5","nonce":"3b29b8bb622ba14d9ff4d420","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"980f0cc595cb506dfee2bdf0ae4e77e78cc0bdededb71c50ed34027fc317a320030b90df5faaa6e7f42f3f8c75","nonce":"3b29b8bb622ba14d9ff4d423","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"0df36e41f35e6b8afc059acfbfdabe086c41562026d03cd0241ac0c7ab1fbe720aa1108cc5dd7ae94554dc5608","nonce":"3b29b8bb622ba14d9ff4d422","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"927ba5b5505e0b1a2aff1a9fbefdbb3d85546971939188a69e999cbd1e5ff3330304cf24873e4080467c8ab245","nonce":"3b29b8bb622ba14d9ff4d5dd","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"2b01436ed180e15e3478c70470a7a2d234524d627a8b75fb3a6bc9e67a93b1c9"},{"exporter_context":"00","L":32,"exported_value":"756b4be8f269d5c4fa2127a29325404a4b317a595d8870949ef71c9836bb862e"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"cfb6062516e1cae6235e147efde9ed51ff1d10e740cb5bc58f79dbbc7af8a286"}]},{"mode":0,"kem_id":18,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"9fd2aad24a653787f53df4a0d514c6d19610ca803298d7812bc0460b76c21da99315ebfec2343b4848d34ce526f0d39ce5a8dfddd9544e1c4d4b9a62f4191d096b42","ikmE":"5dfb76f8b4708970acb4a6efa35ec4f2cebd61a3276a711c2fa42ef0bc9c191ea9dac7c0ac907336d830cea4a8394ab69e9171f344c4817309f93170cb34914987a5","skRm":"01ca47cf2f6f36fef46a01a46b393c30672224dd566aa3dd07a229519c49632c83d800e66149c3a7a07b840060549accd0d480ec5c71d2a975f88f6aa2fc0810b393","skEm":"01d8f4fb0d87e60cd581caaf4b00bfb904de56fa909cd63dff2d38dddbb0123c3a2a52ae3e1b77f83e18a8d3e78f1837b61549477869bb57448d3230a43b8d7b2778","pkRm":"040143b7db23907d3ae1c43ef4882a6cdb142ca05a21c2475985c199807dd143e898136c65faf1ca1b6c6c2e8a92d67a0ab9c24f8c5cff7610cb942a73eb2ec4217c26018d67621cc78a60ec4bd1e23f90eb772adba2cf5a566020ee651f017b280a155c016679bd7e7ebad49e28e7ab679f66765f4ef34eae6b38a99f31bc73ea0f0d694d","pkEm":"040073dda7343ce32926c028c3be28508cccb751e2d4c6187bcc4e9b1de82d3d70c5702c6c866a920d9d9a574f5a4d4a0102db76207d5b3b77da16bb57486c5cc2a95f006b5d2e15efb24e297bdf8f2b6d7b25bf226d1b6efca47627b484d2942c14df6fe018d82ab9fb7306370c248864ea48fe5ca94934993517aacaa3b6bca8f92efc84","enc":"040073dda7343ce32926c028c3be28508cccb751e2d4c6187bcc4e9b1de82d3d70c5702c6c866a920d9d9a574f5a4d4a0102db76207d5b3b77da16bb57486c5cc2a95f006b5d2e15efb24e297bdf8f2b6d7b25bf226d1b6efca47627b484d2942c14df6fe018d82ab9fb7306370c248864ea48fe5ca94934993517aacaa3b6bca8f92efc84","shared_secret":"9945faae6a58ec6039cdaa5632776dcb1f167fc919555d49a5b0232b1fd126925634c654cba83452f2e9772570c1ac0a5b790f42922715b450af7def7747a76c","key_schedule_context":"001d414f42bba6f51581cb25399a4c5cbf299dbd3396ef8b60783a888d8ad71c6676dd33e8a4bcafe1a77744efec0a9d2a78d2877aac000f33f7257304a97c1d01","secret":"6ba6adff5bc8f34b483d42a7fe0420d25b260d313f521eba3e2d2aeb55a1847e","key":"","base_nonce":"","exporter_secret":"4b4678b3a4a658660395597ed44997c63044ab64a07586b42ef761acdd165cb2","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"8c4fdcb6dc4a709438e897db3886b89b591778e36fa52aea946d54c695ef0098"},{"exporter_context":"00","L":32,"exported_value":"8c1e17ecec398e8d6f225dc3b043764b07fdadf60771329bfae78db2004f8514"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"da64da3dc243d0e22c46e1cefdf138f1406bfa72bda595997d112ca267129a01"}]},{"mode":1,"kem_id":18,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"8a6d932bddc4a88d61c8415d20da2a594047820e761bccaf383f0d8570ba1f0bdb93c7f71464141ad39e04ac6403d594247b93b0f4d9db68b7bbd4ecf80ae3e21bb0","ikmE":"14108527fe36ab61723a7f1025a49ad1d0e61649bb5c51e49a3acdf18e3aa981861b9b88872c19611c698320e0a3c7426eb192027f031130c776da4e8d1ede0c3d41","skRm":"0001dfbe81215700def602b65a5137fb3b166ea0179c6ed00cc35d441511dd071c2b75cae051232906d401d0abff3cc16f9e84d003def4d9a0db950074b2b99c8b99","skEm":"0102800dd74b3e960f2853667d5deeb498d19253f5e3d8e41257a98447119ecda2cdc6f86fadcaefdd2e400829ceaea9c9aa0d71999870cac6fa4d0bd51a70ca7d90","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401b1f870c8f9b656e535da0ce7da8c1649c0692b66633597a214a9b3b5cf6e8d1c133d85cde43af1996c4ca23ca5557b4ea2954672c39985303c8d59317c0a170588003f46747c28e5ce5c0e09274ddb56dc7878de6fef643c3c74844ff11c7123ead49bd813cb3eeb6d57e2fa76b6747dc9546a98d56d96cfb3c99304a2a3ecc2285f9e","pkEm":"04011f5bb5b1336e9c1d816f877db5efa3bf6dd1b8fef01ddb277936b0bad8cbdc3fbf989dc0a7c5e624aafda75bf7c61cac8761a7e4db6894ea2d786fad89b8f5583100a9f86cb86de0c16389263a217146d842624704e2e7b7314ffe511594420904288d8e24250661fc42997b7523bb4338c563fadb098b755a323dcc9ed4cb8129bb24","enc":"04011f5bb5b1336e9c1d816f877db5efa3bf6dd1b8fef01ddb277936b0bad8cbdc3fbf989dc0a7c5e624aafda75bf7c61cac8761a7e4db6894ea2d786fad89b8f5583100a9f86cb86de0c16389263a217146d842624704e2e7b7314ffe511594420904288d8e24250661fc42997b7523bb4338c563fadb098b755a323dcc9ed4cb8129bb24","shared_secret":"494dc4f3e79c0c9f58a1299fc11b3fe078605567258e47c76ef7bc4f411625fdd9b9df3795a86d3016091611bc722fd99f862282deb61894db055a4c31941d06","key_schedule_context":"01ab31ed2d887339bfd8a7ad54e4ec3f3b351c17624d343eba1aaa55a6db40dee976dd33e8a4bcafe1a77744efec0a9d2a78d2877aac000f33f7257304a97c1d01","secret":"bad3df9b6a482dcb5497815402e855f0fa0b85e15c3c61bc0199e33132180245","key":"","base_nonce":"","exporter_secret":"c6a52c5c96a5b70e02a42b7093bcc56e3b6bdf8c5020b28e2b98f4a71b4cb5ec","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"2657183e6d8bc878aa2fd9dc0513307c16a72a7ee4dd1db796156213661581d4"},{"exporter_context":"00","L":32,"exported_value":"2b42025a8f3f32a614861eacc031fbdf685c7f6720397969835063e7f3e3c453"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"58ac39db67372c73b741750eb21d3fa8b709f913f4db1c6eb39ac7ed371683f6"}]},{"mode":2,"kem_id":18,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"915b197dade93af0286c7811f7d8aa4168281cb08af68f3a77bef66d617d7b592a9a3ba7a7b07c21adf430ad36a47331902a5eaf334410a20e2936675c97fb20c794","ikmS":"698ddbd862fbb6020ad58f7e7daf96b5b4746a849dc364c31b964827e998260d7a9c8984141a206f2e485ca67ba138ad1cbe601dda73fd4d32a2575535e1a125e989","ikmE":"148e13a815510ccb5eef1889244ac9395385aa27228fdd0eedd13210707e07e9a874ba083bbf31ad170b45b18369dbc4cd437ec214d226946ce47743406fb083b981","skRm":"0067afe9f7fb005752f98c488be6b218465f952c4e49e12417a25103631e9ae98b46010090e9d8b3d4b910f921891520384d40ad59ec065044455a31f9da585a078b","skSm":"0144af44602b50945c7095c85710bf033b81a79f5ae4eb5cc19f9f4ca6ad52c44580390d762c197c2598c4f754699fafff9fbacf88e72acfdee4fb5bae9048e148bc","skEm":"010d65d7d484e83cc88057efe172271735f67e560ef0e2142bcb3ddef26d797cef13085dd5e6967715294ebcd9ebcc0b0c6421cb2eb59851f241eef3b41956d56af1","pkRm":"0401b7596ab901aeb7a6bf99787a6d1774bb7b13033d0ac06d175d8817b9e3ba8b568aa06203b8dcb883c5a6092a5e406c2bf3cc97c6de568c4b6811aff4729ebaa05b01408c2bd36d3dea3168e9e1ebe7ce9ed1e324c8f5f0b08286d1cc6674037ccb3bdf4e406b4b1c518fe618e356fb02789d5b159d62e915c9c15f56827c191b232c5b","pkSm":"0400d25048b30d80b3bdae671d10e8f55de6fe3ffc54f7b9f477e6d449692c7a25edcba7412af475849a4d498ec169ce9dc1715ec6a8576fd6b06c58de7d60d73df99b00735d6b2bc3a3b4718f8f512ca545b452f5df5e80fd1200a188638021e23a2fb5d45caedbb01b281da8706bba0507530937a5909b6bde103db0d393a414c675ad96","pkEm":"04007c715a22b25f5b8f0a50eb583bd1f578bd823aa54e2241f59b90f383152f04e5b78231e0328bb4f53097ccc2c3633a4ed79529e3668c60a6c0e4723d635bc9192a01c9f8be1ed7240616ade9225b408d6019bddb78c19014b5ae6a6658ef5fb2dd7785d97774afbc0e8d7ce0f5e0e4b90a5b5d025d8ff97897c2465334ae5b3d3c84c4","enc":"04007c715a22b25f5b8f0a50eb583bd1f578bd823aa54e2241f59b90f383152f04e5b78231e0328bb4f53097ccc2c3633a4ed79529e3668c60a6c0e4723d635bc9192a01c9f8be1ed7240616ade9225b408d6019bddb78c19014b5ae6a6658ef5fb2dd7785d97774afbc0e8d7ce0f5e0e4b90a5b5d025d8ff97897c2465334ae5b3d3c84c4","shared_secret":"c160edcd910986af4fd1848e4750f9ce0c1aeecf4ac33d80627d3ee39ac78883233c7f93f4137a214866989b002bd3f6d5ba2f55bf1faf8e8c8819cd6b1bfe6d","key_schedule_context":"021d414f42bba6f51581cb25399a4c5cbf299dbd3396ef8b60783a888d8ad71c6676dd33e8a4bcafe1a77744efec0a9d2a78d2877aac000f33f7257304a97c1d01","secret":"a66ebaae08a98c4900f08b8d6a481b199733169dd52733d33ac612d56d1ee038","key":"","base_nonce":"","exporter_secret":"abef7e38be7abbacc23aca422bce1a411f45b110d5c4abaf9fb6474f47184086","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"0fd2070fee245c008b39703aff2a9741485e2bf0101a1b0daefbf4b3607417fa"},{"exporter_context":"00","L":32,"exported_value":"f2031e920cc0f2d888c84936206c3e9390fd8855fd299ddb8ea605825c22c646"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"a04ccbbed6ca968a03c3601d7f899c1ede9500294d588573add2b81e2dd7f1cd"}]},{"mode":3,"kem_id":18,"kdf_id":1,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"0ed7b46351efab3ec0d5cf27b4e010a823c614299f6977230cae5c9007bb1539c2c6c8de9a7d3c6b20d0b93ce3cb81724a9c75e8319cbdca8265049eb8ce1377b9f8","ikmS":"0e60e71ca1e7867fc9a4db18b856af91ff45669a6d3385f402e4ad57a05e7bb3e3fbea458d70f652897775d9411a78bf86e4520260e7f8cf9a144b38e65fed0c8cbb","ikmE":"3272424289aea1ada2fbcf9e21c2f4841819945373e6b7710ebeab2ebbfc88a16c287863a1a469ae1e5d8a26ceb88a5bc883e1a3610581af7720f8addb435a302d09","skRm":"005b03bd1cc789e864073f28c6e5b3e69d8aae86b6dd56460e8eb8788b757bbe0aef9c60010704557bbe07c34db04bc8d72788b38216610af41bf793e0c91665a718","skSm":"010665c45ef2f85860c4768290844a9d76a44edc9eeba7f29c032ff5f66105a20927c971d8ef4cc3d4c49d6be2383541f0a6526adde1ca6f2cbb69072cc44fbb704f","skEm":"019e67c66febeabad416bcaf2daec2d86badbe12968b82940dcf192b36d490440a53a1161bb1d6f2d56e852fd5e044d62749cd45b0d2884ed2c25b626ef565136cfc","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401bbbaba9999652f5498cc981105804a2737f1c69e439b35af39451102d8c806294f76af5e4f5052baf2161bd877c77afa018e6058c68f0fd95623da9e52e8d52d9d00b553f4c3655dea6c71971bee2578abc67d018e455b1ece39d617caf971b0ca8ac44ffd1cb48028cd98e97df74a84e98a45a9a5dea53989870bd95fe0c546eb082a","pkSm":"04000602564ad40d5c82eb2eba0af2d3cf77f62e0a32b2db05f1b04aaf64a97d604fc509d4b98979446197877af380e1e3f6e6fd9db10bf735b6cf5c5d3c6c98d3f3470146398de0acc2031208175fb261fc270cd4ef46c306154d5da0cb8b7966267b827fc39f35b960a64c022b91ba54fa49395b44e61f758e1f6a63c1a2bb5d2a3d2279","pkEm":"0401b5306af102a65dc126626442e850198780c1f342f83f4d6812e94875f4d79f84b97e507dd711cbb0ae4c9a40355e6337109a3a81b60f0b72765a99068d93c5baf8000e960a64d0b8ff5c33d41dcbb4d354d740a4f1d233260876b7ff88b495042d049c6285fd228b20daf309f51839c93fcf4ca9112c970035e60e73fb2a977375fea9","enc":"0401b5306af102a65dc126626442e850198780c1f342f83f4d6812e94875f4d79f84b97e507dd711cbb0ae4c9a40355e6337109a3a81b60f0b72765a99068d93c5baf8000e960a64d0b8ff5c33d41dcbb4d354d740a4f1d233260876b7ff88b495042d049c6285fd228b20daf309f51839c93fcf4ca9112c970035e60e73fb2a977375fea9","shared_secret":"dec73be01e079070d6d354fa772a5e88b2c2970e94253dfcaa25ff9492c63d62bd21d6fb0b9f3a985e9984896635092ac843559fc1299c3ca63fa10e242885f4","key_schedule_context":"03ab31ed2d887339bfd8a7ad54e4ec3f3b351c17624d343eba1aaa55a6db40dee976dd33e8a4bcafe1a77744efec0a9d2a78d2877aac000f33f7257304a97c1d01","secret":"1b78e07ef454eb25a12b5652fa7076b692bdbf6d0738fc6fda56634563f3d995","key":"","base_nonce":"","exporter_secret":"f6004bd36e1090ce8d118c33503a12dd638bc1aee48b6a96d09d639f7c75516c","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"40506cd39d0867ceaa5e650376366ec0a13ab2ce4df1d2f9af24fdc37c0f2b5a"},{"exporter_context":"00","L":32,"exported_value":"8c1a98b338b5cc69eb243e34f0f38ec044776ec8933d791c05b810a05cf3d32b"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"d0114653f1cedaf8bf5d032e019cb23675ff0a732602966b55d21bdbdd3d45b8"}]},{"mode":0,"kem_id":18,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"7bf9fd92611f2ff4e6c2ab4dd636a320e0397d6a93d014277b025a7533684c3255a02aa1f2a142be5391eebfc60a6a9c729b79c2428b8d78fa36497b1e89e446d402","ikmE":"018b6bb1b8bbcefbd91e66db4e1300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000","skRm":"019db24a3e8b1f383436cd06997dd864eb091418ff561e3876cee2e4762a0cc0b69688af9a7a4963c90d394b2be579144af97d4933c0e6c2c2d13e7505ea51a06b0d","skEm":"01bbe3a4e3be70cf3c589d340fcb0e221ea6db07af3ac673bdc2d74188ca70b9086aeba2e39e497461363419cd1691d9ae453f8092e4df26eaa63f866738310d9328","pkRm":"0401e06b350786c48a60dfc50eed324b58ecafc4efba26242c46c14274bd97f0989487a6fae0626188fea971ae1cb53f5d0e87188c1c62af92254f17138bbcebf5acd0018e574ee1d695813ce9dc45b404d2cf9c04f27627c4c55da1f936d813fd39435d0713d4a3cdc5409954a1180eb2672bdfc4e0e79c04eda89f857f625e058742a1c8","pkEm":"0400ac8d1611948105f23cf5e6842b07bd39b352d9d1e7bff2c93ac063731d6372e2661eff2afce604d4a679b49195f15e4fa228432aed971f2d46c1beb51fb3e5812501fe199c3d94c1b199393642500443dd82ce1c01701a1279cc3d74e29773030e26a70d3512f761e1eb0d7882209599eb9acd295f5939311c55e737f11c19988878d6","enc":"0400ac8d1611948105f23cf5e6842b07bd39b352d9d1e7bff2c93ac063731d6372e2661eff2afce604d4a679b49195f15e4fa228432aed971f2d46c1beb51fb3e5812501fe199c3d94c1b199393642500443dd82ce1c01701a1279cc3d74e29773030e26a70d3512f761e1eb0d7882209599eb9acd295f5939311c55e737f11c19988878d6","shared_secret":"e8d9d4ebf5911a6048e15638b2248753c5f5a76d4229fef34e905d7e60a320fe2a7b0a61ddc8aa7c3988dd439eded7be497c0f054d3788218c9c34febab2b445","key_schedule_context":"00cb1fc46c5aa4127c3739c63e1b145be49aa816a560fadbe8512f79ca62004b8b45ca75ad4274b4c03e9dbab8ac3a0324a800d89777115638ce77c92eee21a767cdd87b0281e692a99982979c39757078bd10f16f51a609804bec7ea73e6df85d53e5b21081fb76ca400113c07723eeb59281dc77544497e8f8a683106eca75ea","secret":"d806c0fea4cc15e2d9317e165ec55f7f6a88d3b10f6b1ddf101bc6cbdd5a6840d4f42aeca168553c73212858bcfbb12037310d9033608b0f8ae4453662a70106","key":"b7ae4daeaffb64e9de88beaa81aa4da3","base_nonce":"fb856a6033ee142b92d6eb63","exporter_secret":"4b569893084d0e6467a0bd1cd3dce3c8f2d2bc146b175026e84f70ee9d05b4951993b51e769eec791f061af0ed3aba0757972d78d54f4c0ecc2dde01deebb195","encryptions":[{"aad":"436f756e742d30","ct":"15eeadf40282492721baac39290f4ff45b85884fb72f5ae9f491ec3d9ba72c7e1cd73d73fa9c110b3dbf0d867c","nonce":"fb856a6033ee142b92d6eb63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"17374a68d97404f696efbc03b00b20df5f8e0a1626f58f9f8db45531fc9f4b6412219321e67cc5abccbaa95e90","nonce":"fb856a6033ee142b92d6eb62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"30f11038adcefcbd60bcbde98f091245bb202afe3a4647ad8d129ebe358c8ef206919319e85932f0a53e3b8145","nonce":"fb856a6033ee142b92d6eb61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"bc0ea8ed5789ad7929ed02bd9dcabbe5ac5507d9fe2ddabe9011c84fd1eeb07bb75dddbb526fa7242e899d4c2c","nonce":"fb856a6033ee142b92d6eb60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"da289eb76db7d87125f8befb285eb9d2b395cb7f49b154c634d474dc3441d1403799a6cac406a723e4c54ce404","nonce":"fb856a6033ee142b92d6eb67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"9c19b6e85f643a02b3158b37b70211be62a228a68b6f4ac442cf4c102e38013fc99bf3d9434784a87ce3ea8d03","nonce":"fb856a6033ee142b92d6eb66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"b809fe5a3180547f3e9e2d39e5340515655c6dfa4cc2cbc796ae7a9fef050df69ef4a6bdca56b73d0e759c9b2e","nonce":"fb856a6033ee142b92d6eb65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"aa9bc8b23e487ecb64551b41ef8560c758d4bfa263cdaf7670c2ac113fa9d253a6be5ab88f13eb50150be128a7","nonce":"fb856a6033ee142b92d6eb64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"81a6a55ff77dc364ca3f4e928aee063363b2c2703f261ad25a4135f55aff307e54754fc45c3b3bf88ede3449bc","nonce":"fb856a6033ee142b92d6eb6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"56a90bef649fa02b26324b988931d78c43201326415e0afa56aa18629ce52ee87cbb253fbbe1b38f9250b3fe0f","nonce":"fb856a6033ee142b92d6eb6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"4bdef548488d6c5ed418bdfdb92a2e5ac7657203086e082ab2c8cd5db332210f13c38c84c747ffbe4826446d77","nonce":"fb856a6033ee142b92d6eb69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"cb6cbc52d851ca62540849e7d50777794db05d9c798afc72437e9390b374859ca9953e0de0ac60f40d08354088","nonce":"fb856a6033ee142b92d6eb68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"0df7cc652f2ff1a7341862ed6e0dd88c15401b483da6c8b44be0c3fc0ca817ab083552fe8394560d6d059ab3af","nonce":"fb856a6033ee142b92d6eb6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"6cf0efd3c81b29c9a44832d11b38e35c7dc68f1f3ae05c66de06fb4c22cc244216b4414daf280b7bff988f4833","nonce":"fb856a6033ee142b92d6eb6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"e67dfef293013d5c7a82af00e47b8b86bdd0edc907ee6d9be8aa713e505b3c141fe2952025952a09e6c36aa9df","nonce":"fb856a6033ee142b92d6eb6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"a65d194bdbaa6fd33459b5b241ab6244b6407179461ff3e87803116fc235e5dd9cd3408c1232fad9061f890ab2","nonce":"fb856a6033ee142b92d6eb6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"b2ad62a3bc1d2130757a3e06dd76d5937942d82610e82b0f52cb4514997ad3faf43e5e2b6d39eb961ff31bebf6","nonce":"fb856a6033ee142b92d6eb73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"c5ac89466fc1e3f652260b9a59804011ad288622faa2cef8e952b25da484bc4a87473ff598c390e70eb85589e9","nonce":"fb856a6033ee142b92d6eb72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"c079efa92b5b5da0ff24ee683c81aafe7f1fa5ee80b98ff4f03d68cb6b4e7b917d8f9e49ad6b47e70705593084","nonce":"fb856a6033ee142b92d6eb71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"3ba189c881a9259552246b61c0ee2a45d3b914905ed8acbfa0246d0f3db99b86be95939cb934b1f09d236bddf3","nonce":"fb856a6033ee142b92d6eb70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"de75c2a63dd1052f78ce66a89339ab8063e62f2807d042f310683cf5b475a0dc8b13d53ebd251cdb91643d58d1","nonce":"fb856a6033ee142b92d6eb77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"3cb8f8cf864e9b9ba5a12c3cd2ed36c0bb1ab85a7b46b686707a5549c32227fd358ad6528a8c198599c55fee91","nonce":"fb856a6033ee142b92d6eb76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"0fc65821047a8c4ec3beedf1da6ea01d8732a40743899a84c05cb1a1e116e3ad892115740700dedebd36d61710","nonce":"fb856a6033ee142b92d6eb75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"57fd7a753678f1503d2de54701e4cf6b48fb6140665e40d10cef2a59ad0d617cc58f6e91b3acf788a16c89c69f","nonce":"fb856a6033ee142b92d6eb74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"fa19f4941e6e3a62cecc25a23f1d08717cf492937ae7107aa6f07d0570a058969e6ae27d04c331e7b93eb9b1cd","nonce":"fb856a6033ee142b92d6eb7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"c5732c88d385f309f34787a4b595fe168b6179d81ad97df55547d7c6d5f96e0a1c9942458094cbad099d53e229","nonce":"fb856a6033ee142b92d6eb7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"8ffdb8f90a1c715b881b8a1275bbfa6ee7a3746964098056eda308825039f48ed593ee94da0a3d622ac3232abb","nonce":"fb856a6033ee142b92d6eb79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"3875a45e310475ef3f1f4850c316782c48ebf08e3caf533d23a05f45e5ed4f82a2df7dbc4b77e7a6083076149a","nonce":"fb856a6033ee142b92d6eb78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"e75008765011ba15a9f3f32ff9bda8965e9164220602856b056200fcfcd1f53f6883af85eb68b4dc7b779b06cc","nonce":"fb856a6033ee142b92d6eb7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"4a52d15d2ca3ac0eb085a20e1e33c0efb78413e03d8de4fd6c27ab0a6865b50a49aa89efbf7689d755dc4c99d1","nonce":"fb856a6033ee142b92d6eb7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"a9191e3a18b6ea3f38156591e99207c74543a0b5e6877e0b67a3e232fb686684636551cd29c7862f801798b211","nonce":"fb856a6033ee142b92d6eb7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"ac20649b04a4f1ddc2f15992b1b8337ed2bc206af0fbd4c07f54033b92493c9cb07fe2060a8c121afd470c8ee6","nonce":"fb856a6033ee142b92d6eb7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"61fd38933df0eb1f72e0e7bf14719ebb5984adcce8e5f02d134b019842ff2f69b40976f10063f10446bf1c7e37","nonce":"fb856a6033ee142b92d6eb43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"2feaa719553abc8f6dc8a878fbbbbaf46aa3da58e0b482d2221cb8359a58f78803e3413bf2b4e56dbe8007c9b0","nonce":"fb856a6033ee142b92d6eb42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"0e16a1b32dc74e06c96a1b3778d804f64552c7caf2f9eddfe32fb7f8bbbf835aebe4375277966745b1527cd398","nonce":"fb856a6033ee142b92d6eb41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"76bc51106dae43c2dd463ca5c1801d32458ed7bfcb4785c71feb31914930bf361dc02e78a019ecd594c351c7e8","nonce":"fb856a6033ee142b92d6eb40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"82ecae1346d182502b06fb6b180f2c59c04fe564b309e7c7d3e93ded3be0696511ec342f907126bd6e988cfaf8","nonce":"fb856a6033ee142b92d6eb47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"80582aa135c552b63bd922227b54f189e57f89bc0d9033376f142b986ee5e3acbf0ef22657b0973d924104160b","nonce":"fb856a6033ee142b92d6eb46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"a95635c395756c0a3ee163eb0d75e9fb47bad2c5c93c30474b6aa5008bf1e47c90e84a57b28fe916d998219785","nonce":"fb856a6033ee142b92d6eb45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"905892ca2d7d87a58d60788333a3ac0ebf79e39dbbd1d132f9edf8482dca60576059bfbeac0b9f02d3e6bfbe80","nonce":"fb856a6033ee142b92d6eb44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"c7395637d8239594515a69c8dfe6be59f01fdced25925cb579fdc74a6afa0a67b6e93f3da3d3cb81fbe06fb0a3","nonce":"fb856a6033ee142b92d6eb4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"97f621fa9c851bd1b70abe5cadc38ac2bc03898181e319c2b03286cef5e2a175c2cdd63422d00c4fb187ef36a8","nonce":"fb856a6033ee142b92d6eb4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"a0ca11d1881f00e08ea2cd428b302c00c682953dd57939075a7e1ff2f531d180d8e0c2fd96ab5fda2ca08ef3d4","nonce":"fb856a6033ee142b92d6eb49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"4a4d1382945f3806343aee7727ef5375b52146354319a74879ee0cbdbfbafee0b29720aff30e72118619a046f0","nonce":"fb856a6033ee142b92d6eb48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"1645ff3e146f89f9bb26fce05efa342e0b5dac0dc6d4daf5ad34a94e6a1cfa372fbcaa2e1099c9366514f273fc","nonce":"fb856a6033ee142b92d6eb4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"b8709b6ee997e3b53e8ed8ccdc4b0f0e20155a8ab19d3212f32e85f3041e22bfe60c7544001b9bf6d0ccf593cf","nonce":"fb856a6033ee142b92d6eb4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"ca89db57ef6312d143c9fbb8dfb64aab74a21416979f28819da13746ece3924f2491e9a756623f7d0c52f16ec9","nonce":"fb856a6033ee142b92d6eb4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"00a7365ffab9485b98d9442978eb1b9be712afce6c54142ad0286ed329f261a1ef4c989c5d7afa94898e874362","nonce":"fb856a6033ee142b92d6eb4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"12f3d0ced8a27a1d60ef470167edf4b60d94756dafc3e3d2c9cc049d5b7dfd43ac36c8d90ab0db48618dd791bb","nonce":"fb856a6033ee142b92d6eb53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"3e84d744ad5caf5cccf125369614b1fabb3a83a21280fb3eb536b22bc4146e6e759f70b4432952a187f9f04e0a","nonce":"fb856a6033ee142b92d6eb52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"2c2c2b30f58e8182aaa58e188a4e674368dc7c62b325effd8db19ba7d49cbbe8e7b5e2b6ed4229a905f046ef1e","nonce":"fb856a6033ee142b92d6eb51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"ec0417f73e475c81af5d9f00158f9e6e1b3284651421bb5fdaee9bea06810fa4e09d3dfe26194ab50f19740305","nonce":"fb856a6033ee142b92d6eb50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"794ab9ac3cdbf78bcebf6b9b6a69be7f657e8b2f5a8fd88f681d655d000d5097e0ea5c402ec7ae88873a93fb2a","nonce":"fb856a6033ee142b92d6eb57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"3b11c0b035e663d75242be0b1d9f0909cfba25e423b85a2a0e9b96c2dcc61f85209e49f460f947c81139760024","nonce":"fb856a6033ee142b92d6eb56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"5d5fba4b16e0514ee0515cf340f8db5183c2d0d0048f4bdf1b3d89d4a173ad7457e70a862985777e71405eaa13","nonce":"fb856a6033ee142b92d6eb55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"10ed9c5af5322ed2ea59e34afd7f4d7aa22e5ebe0f9d1b823e9ed8da2af19868b958d32c0c36b3e474a1c5b2a1","nonce":"fb856a6033ee142b92d6eb54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"03a2538ec90ae10242af5edd7bf6e4bc320b9e94c68fc71d4c6bb2d60ece9968cfdcc895d8e65fca951264a7c0","nonce":"fb856a6033ee142b92d6eb5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"6e9a4b17d3dac24a3fda1b656ac394043ccc1c25934d44d8f50ef1a3b07f782643cdb5fb968d2dd5431132fb53","nonce":"fb856a6033ee142b92d6eb5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"6c50b17bb3442bfe25bbe80d60c930458831c7b80b827c1d80d35d83cb0b070ffbd49f78d0da2b9427f620bd62","nonce":"fb856a6033ee142b92d6eb59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"8a0df7154bb251ca8d33d00134cd7702e714c8f2f25ff3b94b2f7f20206f859433d48e52e2ad723b551ca84d0a","nonce":"fb856a6033ee142b92d6eb58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"160001787fcd3c897eab35447dfbfdcf5eda510064d1e2ded5e3534263f79f439a15689ab8a9c03d01a23f66a3","nonce":"fb856a6033ee142b92d6eb5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"7098fb9dd07dcac5e3173ea9ade5197030402d6aaf18b837eea4ea1d51e591ab63e9fab82b84a2139fa61af865","nonce":"fb856a6033ee142b92d6eb5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"e1c5b4871d408caff170f6003bc63d3fab1ff8260e7bcaf2a72a40a0bc66b3eb7bcc046dcd7600a22f9abf886d","nonce":"fb856a6033ee142b92d6eb5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"686c2682108bc84b50eeb873a37e8b452f5023810a28fc7d3d72855a3a896e71a76619209fc336e678a831124e","nonce":"fb856a6033ee142b92d6eb5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"7a79b3f3e68ddbdb0aad2a256461b7c81d683d23bbca2986202952767ecc9e5717e145afefa48dd3c0e1d1b28c","nonce":"fb856a6033ee142b92d6eb23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"022d0e25cd037a7307ed2cab8ba338dd481892b524174023b15f0a26752ee6f365265c6b9c90328625a76ac502","nonce":"fb856a6033ee142b92d6eb22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"3c949243d82d02aa62df43090bf5038467f0c7f1895b10c10c109ce22718657e554888d524f6767bba34cd1569","nonce":"fb856a6033ee142b92d6eb21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"f5e0ce72f85e880dc04e21f785f43bc830d486212d2dd0e507496db3cc329063991d392082eee0c66a1df18e80","nonce":"fb856a6033ee142b92d6eb20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"bca222086947cad96934a88e7d146fe52656317ea1d5229a507b6718410f50da4243462f58de94aa24d404cbb0","nonce":"fb856a6033ee142b92d6eb27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"471b5fe5dbaeabbf2769376f2a24ba6a9c7a1b571e752a6d6bd25dcbeb888c16465ecc76cb182640c280c93d9e","nonce":"fb856a6033ee142b92d6eb26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"23708188f643bbb579555ca518c607a54796a42960ce287d7ac57e043fad535222ebd5a9d998077361ac4ec8df","nonce":"fb856a6033ee142b92d6eb25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"1a414af3316b2a3041c4943903bd221405c2e17ff89aeee155f979a810e3592a886864f6e454e59fd1eb6fa96b","nonce":"fb856a6033ee142b92d6eb24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"a7422a6c78b2923af507861eaf3147c17b6ff3b8d41712a2f237e3d5fa76f2d79073d9769a01a37e1697cec19d","nonce":"fb856a6033ee142b92d6eb2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"ae0b0dac38c77a1399a854c45f488f201981acbf2c53f96f92c324adc28df3782f6f1d1acc9e0c05ad96d5d91a","nonce":"fb856a6033ee142b92d6eb2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"1883f6f99cf6c0194bbf98a70f715e4d51a3129a8c1f59e3a40cac6a24be7e6a6d0fa04bd7b8e1a0d472b8ba59","nonce":"fb856a6033ee142b92d6eb29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"8e340b9b7d5a4507059fb2c040ab2796f97fb10855498b75dc631f64b3d73635af0d48818622c26b3c7ca3c45e","nonce":"fb856a6033ee142b92d6eb28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"441c4f1e9e2de35df02e2952361e46d4cbd44afb9d686052a0f8b7d4b35bd5c883f823b834df4081d4dd9aad18","nonce":"fb856a6033ee142b92d6eb2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"89b468179cc933af3a5e5503432111943ee4031a709ec847e4aa5b5d1e47cf46c9aeab81faed184ba28e5c1421","nonce":"fb856a6033ee142b92d6eb2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"4cb9c85df6b28df99e24eb8cff7ab49ac6871e56b4cecbd050ddb6050b70b4b86eb47af4f7cf8597d10d37aa6a","nonce":"fb856a6033ee142b92d6eb2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"9f2ba7d8195aa1071015ce3138df75fa054b8b3f9b7297016c827c14b6e4b20af369c5b4c9ed9488ff59fe6ffa","nonce":"fb856a6033ee142b92d6eb2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"c3d153e1ca4f12dd8e2e9158bedc8095c5046aff42894f9f42ffeabf2c0166e3408ea28a604c2301f6075b595c","nonce":"fb856a6033ee142b92d6eb33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"a4221bf0ba971b251b13dedc558a27eec7afa145c07cac0052dbc5d751903fcccf593f00ecab3c587dc19a2a6d","nonce":"fb856a6033ee142b92d6eb32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"e93f40c0c35ff50a12851d0f610df58fe001904f7aefb5aa0908ae0545732720fbe9ac29f94701b8ada73ec013","nonce":"fb856a6033ee142b92d6eb31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"70a1f5ffafa0f2978fc894212b72af65885c203272a6f3d7d8634ee766b3cb5db752b36173bddb43d5dfcdf2b4","nonce":"fb856a6033ee142b92d6eb30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"b19b363b2edcc8a897b316c11a40018e43f12da4ec7dbfe716261db30e6c95a01cd0aea824f0f4dcbc32da50fd","nonce":"fb856a6033ee142b92d6eb37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"2e2ba420c3802f26ee1f4961af1dd7a87c1fb4a498304fb4e00a1e4d075b69d96deefcf52132e4cf5e56202307","nonce":"fb856a6033ee142b92d6eb36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"776a4be19ef905be4fad30d81455621dc876d22a6eedefd329f70ee274f350d99fab1b96f3ec248c4f042a6ce4","nonce":"fb856a6033ee142b92d6eb35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"d4e695a38ce6839915d5ffe7257ccbeec7055c92668b5980f7417b9f2d8c118dc7c706373e0ee959cf486c9394","nonce":"fb856a6033ee142b92d6eb34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"47397ab146c4321584953ad72a3bb2ebf9f905fde44c47c0000af8f3ba08dbb063994d3bbd2fe9ff31287ece05","nonce":"fb856a6033ee142b92d6eb3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"527376966699bd5cdd40932e6e85bc199dcc500313a0a64cbc6a32f97b4c174a29b729c1d42605680154bc6d2f","nonce":"fb856a6033ee142b92d6eb3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"852c1243660dcff672c61fb68ffd42dbf4b77cdf8f7b001c218aeffea7c78cdd8454aa822662b940a1e2f7c371","nonce":"fb856a6033ee142b92d6eb39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"1bf789e9e98b962b16303798bdbf5d9eb70d6b7bd044f4f3765ec891e4dbd4b8757a067b44c2c0d1da42d43cef","nonce":"fb856a6033ee142b92d6eb38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"4fef621278ab9f1508614eb01188cbdc5271f4cb2ae9454d4e683a04568b380bbd1cca6ed89c48fd94ec68e0eb","nonce":"fb856a6033ee142b92d6eb3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"9522273c85d0b5df02fc47c39c6c293d2dedb6066de7684b1688cf81cc3a9aa94bfdb1f7a9921c90ba5cc4d855","nonce":"fb856a6033ee142b92d6eb3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"a8b1bc8899db9a20b95ed7e59f679846ca6a131bf512a71e5335889a1f2c33e0beb3dac510c0d7d2ae5dfd4b90","nonce":"fb856a6033ee142b92d6eb3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"450c7aa56a23c722faa34dd48777f2f0ae868f6a4b509bfd703a4bbb98ee5626ecdedd12b4071785e9351483bf","nonce":"fb856a6033ee142b92d6eb3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"e1c629857d8816546926190cb4000939922731c6753fd10c1ddd448b652930f6d13920bd66df22ec63135db2f7","nonce":"fb856a6033ee142b92d6eb03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"c65944c7eb6ff5bb74c44f95bbf8818aaa7c014123d79d7ca01bbc37b36af3577553aaa2b3c6a8fc510856c99b","nonce":"fb856a6033ee142b92d6eb02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"f15dfbf4c8e52fd9566cdfc9d395fb74845d2549f0c15c30a7bb11598445ffb127334c629a1a673d676be6477e","nonce":"fb856a6033ee142b92d6eb01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"cd349c6e45f1187eb0f76c4dec71d01cea3003777758499c1e19a154bd7da6da4e86a5acbd203991bf20f18575","nonce":"fb856a6033ee142b92d6eb00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"fdb2c37c724a6b59baa90cf53feb5d3f62cb87b37257d27749077395b859c005882d90bbee469973493cb0fb4d","nonce":"fb856a6033ee142b92d6eb07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"282d371b70510b36bfab86ebd40d0b9d25d3f0317f74b20209e376b13f4d743346368f9cac15002fb794186136","nonce":"fb856a6033ee142b92d6eb06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"1d3215fc0876d3abed271a240a657d43e900f2906f3e48d6ca88d8e493fc03c0441ec93f80c7fc190e407a6abd","nonce":"fb856a6033ee142b92d6eb05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"6b7bf48d0f2864832223f792e626b57623ebcf03b21580c542910f9fa149c6b3fb94e2c17f785d30f179a3613d","nonce":"fb856a6033ee142b92d6eb04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"07d9501f548a1f7fb1444a9906129fbce6ab56d03ce81250536951e5012e9d6bda9f7506a0d1a1d57b1b19085e","nonce":"fb856a6033ee142b92d6eb0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"86886c57290c3ec2d564d7f9d38d7ebdfae8568f3bc152fbd0c462cba7bbb6a6a0ac003059197589fd82e36205","nonce":"fb856a6033ee142b92d6eb0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"4a69ae06e396bcb3ebc0f8a5ce3b929dcc714576652c23b0c97bcbde1f2bdec79a07e29117d1f09c284d79d610","nonce":"fb856a6033ee142b92d6eb09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"5e645192e9d067d5d4adb6882f31272ffd63fea73db147b60df26c308db97bae601f2fba1dc51158cd92793186","nonce":"fb856a6033ee142b92d6eb08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"056cd2db62791f19025e4305f240b841601544e7ec7c0a0fc5c90b17153d07d200bd405172ac58374520ad2341","nonce":"fb856a6033ee142b92d6eb0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"9e2bfe76baaebfa48fbfbd5fa7cf04eda310ff74cce405dbd936f9257cca50fc885c2043869a2bbf19eace8419","nonce":"fb856a6033ee142b92d6eb0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"89f7b875146ab147d0b32506b1cbab6efba812f89af845f6ed826a5856af15dd14f4987faa44f4407d715c7c42","nonce":"fb856a6033ee142b92d6eb0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"553a300d80d61d4904eaef9c32b87273732b7b90d50c634886639b4d645227f7e6548108e260149ed4fb90177a","nonce":"fb856a6033ee142b92d6eb0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"13b1ce54f242a139cc55135e854146618efd469c0c05f90052d513ee62e56cc3aa315d17f3f47991386bea2a8d","nonce":"fb856a6033ee142b92d6eb13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"c0ccb0b72db4d7aabb779bd80940d0a686e40f6065ed029eef8d665a78bfab1f198c72b24269f7b61838aa51a7","nonce":"fb856a6033ee142b92d6eb12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"8df121789efc87d7a8ea507eebab85102a6265067c740db85d074b3013605b3a5fbaa9a8a66e67511f5ece7dc8","nonce":"fb856a6033ee142b92d6eb11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"a99d7c0265e57b197a983e12e770aa539d3cb7d554bdae82ab2879768b5dc08db8da739f6705ec755179fb187b","nonce":"fb856a6033ee142b92d6eb10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"a33b5c43ac2d16bdc001e4f494a0faefcf0907ab34c5aab2d0cfa924e5ce9c5b717f83a4e06e6a95866bd2dc20","nonce":"fb856a6033ee142b92d6eb17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"396a9393470bdd88881d97cb998fd69e7c0c386ce53eaa726e1c942ecae5474f3cffb92c751b841994d2e8566a","nonce":"fb856a6033ee142b92d6eb16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"2a355a757c56e86b7b2f4a9d94e604852bec4dd530de25a1341d5429c0f12edc0af407835dc417222e2c01dde2","nonce":"fb856a6033ee142b92d6eb15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"0cf51f068996074199df89765361f48e91aff3a977937db1eef53cf98d9e285e36cf93b9fa3481985e87a9f164","nonce":"fb856a6033ee142b92d6eb14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"e40013bf254f13eb1a17241cf9cb6ec9d661f153eb4f1e86931bff27855178b5459b6d097318da99a96a692fc7","nonce":"fb856a6033ee142b92d6eb1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"8dc6634ddc572abe00efb785b37ebf7c1b8d1dcb43f976f66a92f289cbc36e19ee324cc105e7298f4d59e5c702","nonce":"fb856a6033ee142b92d6eb1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"58a5115427f365678a16dde134629b4bdc116e7d2cc8978daac4552ac476ff9fde2a907adeb52d4c5995d01bb3","nonce":"fb856a6033ee142b92d6eb19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"80ecd519991c79f2367ee1e730a90befd2062452c5a0ddfe443eeb2c067154c43d4a155aca7f8ec48347b5f02f","nonce":"fb856a6033ee142b92d6eb18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"0df25ea7eb802fb30afb85d79d5eee2b00051d78ccc4059e1ce5ab95bf9428d185bdf0e0f34c8ae96058e7aa2c","nonce":"fb856a6033ee142b92d6eb1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"a2f3534e55b1f7d4a0c38d71a47553b6cad5b1e3cb486f31336472a6dbd5deaab68fbc11a7a9ed52b3c3efdd8e","nonce":"fb856a6033ee142b92d6eb1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"1ea9c8c5760d8256abcae0a559fb4ba4c79257b3bc099b8570d562f27d6d0ee991cecc573b4f2fad64c65d1735","nonce":"fb856a6033ee142b92d6eb1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"b445c510a9db3c45c80a5ae4234f2aef4886a1e04ff2f09b0f8ab2fe88887d013a8626253cc0126a11a3853c8f","nonce":"fb856a6033ee142b92d6eb1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"7da9b3375379de2fe5b52a569ffb81373f3f38ea0e05e3fbf5f6cd33bd390f15d2b30ae5d3f67519a974a9fa22","nonce":"fb856a6033ee142b92d6ebe3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"05bebd82566f6c762db70999046800024bf910e5d5323e2b6c8d87e8ab2fb9582363e8f619ff4e7bdf2e3842f4","nonce":"fb856a6033ee142b92d6ebe2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"31a9d4d373fdb0fa906a3f3098ba8358772e8bd56eb6c40a7bfa82955a21a702578fb7a5d4bb15a9a381ec2552","nonce":"fb856a6033ee142b92d6ebe1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"c126389bc4958df767c940cca7691103aa34f811efeb097ecb04543109280b510853d204eaee8ed1bfd22c73c4","nonce":"fb856a6033ee142b92d6ebe0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"ef40e2a5c474cbb74a79170fdaefd39615c32a74f2416860ca84a5696e83c69a2dd50430e73e561cd14e6a42dc","nonce":"fb856a6033ee142b92d6ebe7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"8d0774bf52fefcb0efd2f934df4a6c44efde397a172bb51510a312dbc5b1aecc6cf6e0ee1b1eb7f06b3ed8fe50","nonce":"fb856a6033ee142b92d6ebe6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"59f573bbcde53744b5afdbf91f163ee0e8b50f1e1b80876904b1ccc57fcf14a7c840322f3f678fcd5d2dcae96d","nonce":"fb856a6033ee142b92d6ebe5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"0403880a0aaac77e96ba229bae87a5aea9ac6f62dfda72f7b00b366bfcd63ea3e14986f68ea4f5f8c05f3ceb25","nonce":"fb856a6033ee142b92d6ebe4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"b37908e65d64f79bd6e0ec6f74b768a4da7dd00be20601279b4126763dfc5a440fe7f6e5d17e775a3c132b84b6","nonce":"fb856a6033ee142b92d6ebeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"036eef3142524d76a16bcd7046390714bc541777765c1dc884c250f9278e8a7cfeb6ba33250bb0a2dfa1941dec","nonce":"fb856a6033ee142b92d6ebea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"e235f71d7d6229c6ff7dd9ac3cce36691cac806a101910cae21a3bcce71eda0122eafe3be84b359938fdb53e40","nonce":"fb856a6033ee142b92d6ebe9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"ba68801d031fb5557b0d55c6e1acb4aa10179f79dd4c9935dd263a9b7c8f9896ee60d9f478ee302f8cd02bcba9","nonce":"fb856a6033ee142b92d6ebe8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"febaeacec41b98956164cabf405ee6ae96d6932b2ab7db77ab54170f61f1c84b24357aa9370272f8048d4ee86d","nonce":"fb856a6033ee142b92d6ebef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"a23b1b5c675d2af04f0bd10a09f4131f0b6a583542137f202e52baccb5f6e85f13e48cc7eba6ba6329f9ce849e","nonce":"fb856a6033ee142b92d6ebee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"cf49dc6709c651ab7d960669cf648812e6bcaefeb2142730701399455177fb436f12843986472ecb8d9b3ab34e","nonce":"fb856a6033ee142b92d6ebed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"ffb2fd3e5363e6aec936a33c8258065904da6ffdb5694681176b952d3e637a28d720c095d79b03768dd293aeb2","nonce":"fb856a6033ee142b92d6ebec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"338a4667cf265f36ac77958fa87c68e2993e7c4294c7ac5f57ed77cd91391d9521e1258cc5ab3b722eb9b77ed4","nonce":"fb856a6033ee142b92d6ebf3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"3482353d0477060ba90e1b9a81281d789ffc6ddefc1518662d252cdd792d49ea4c1c1354dec8ef40a375e99e40","nonce":"fb856a6033ee142b92d6ebf2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"2910eac00208645d28a3847c17204b7f5d3f6f36d9efee8a2fad5fc8d7213d5627a9bb4f2bb5f59f0c03e3bf31","nonce":"fb856a6033ee142b92d6ebf1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"fe6f8480af94dc15f40957f5f493105d8e0e14f8f9a9805488bc74c76caf5b2519efdbbc861916b3e65cc9bb95","nonce":"fb856a6033ee142b92d6ebf0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"4a55ce5a3e6fc68bf0547b9d4cb98ab934b73bfc176d5929f1ea8f06d5abf6991ddeb158ada2e722e40b057984","nonce":"fb856a6033ee142b92d6ebf7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"43e4c558b5967390ca726c155a5c1a0dab17216cc25293f45a49549d3042c5c4bb6c2b2f80616b28eabe0303bc","nonce":"fb856a6033ee142b92d6ebf6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"c760c3c979b522278f7c0ab1b4f0c94c2d855c91c5f0c575faf18497ec3c80b90f51dcd2463a7f2964cdaddeb3","nonce":"fb856a6033ee142b92d6ebf5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"fcd824284a6edf1d870709a44a8c59b5d59be1acac6c6ba64be5e474142c76009c3e22fedcc594709b5a1b53fe","nonce":"fb856a6033ee142b92d6ebf4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"e7acd11b55c9f01f2b0739b6732b58c57342226ffb894ca80d80d62febd4fd40c6aad796d5d495d3c30bd67882","nonce":"fb856a6033ee142b92d6ebfb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"ffb2b6c07f5e67b480ac0de2ec77481babe1b3844de91b5d8f3c472470bd7b055d4c6f39552ad1ee337a1c9811","nonce":"fb856a6033ee142b92d6ebfa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"f5c8a07e6a8e263b621c27c376e2c1c4749801708e02e2a8814b5506f67b5184d3919f5ac5da48dfae6ab8038c","nonce":"fb856a6033ee142b92d6ebf9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"8bc598d5f66cca57915cd8ebf61be464af58b03ed14e3d98edbe04a6324f37446613be37f054fd4939456873a4","nonce":"fb856a6033ee142b92d6ebf8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"f6e7bb36493ba00e2157ca953400e8a5952b03f4338fe48c2d16bb7acc07c4b7f26adbd51476ff8c8927003707","nonce":"fb856a6033ee142b92d6ebff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"4e553a7acccbea08b4f58722badb5eab3521d81dd19951a7372dbdc163b93b99ad946f7769cf6b7d3f68084093","nonce":"fb856a6033ee142b92d6ebfe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"a4bd17d873b468e390a9229ad3bdfccebaf5684dccc28c68fa035fb08d382416cef94fdfba3c5c91c38df2e757","nonce":"fb856a6033ee142b92d6ebfd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"d1b70f9eab96954bb40ab9a2ac95601781e41aec1766e8d65df072e9b375fac021b34343051b21426087a3d1f2","nonce":"fb856a6033ee142b92d6ebfc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"3a5d47b5105ac447c64b3e78fe13d7f0eb276ba4bf8b09e190370801c45fb450ee2d997b6f737d5d5adbcb4f6c","nonce":"fb856a6033ee142b92d6ebc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"88f18403a2873da9b8b9c1d0a321b707f095f51aee877bd5a9c6588cb54715e764d2e6d822ecb680a3febbd473","nonce":"fb856a6033ee142b92d6ebc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"b457ff80ddeadb933315269493bb33cc28e7a67eddddf874c7cbe0bd302e3f196cdc13b4c44138e8f9398dfaa8","nonce":"fb856a6033ee142b92d6ebc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"46b68d764889139c56fe528f8801026f0fad370d14e012bb2d65fdee7223cbb4b44d5583fc7d9bcfec6523d8f1","nonce":"fb856a6033ee142b92d6ebc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"b0aee8c0bc4e0b75ef4191bf61069e51bd5f7aa1b3b043f7c509d86c127361dd70cc309f8465e3d036c912d20f","nonce":"fb856a6033ee142b92d6ebc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"221ce7044bcb1af4204977d3710a12cae6b2cdcfcc239acf7ca188f73660c11eb037b81ff241831d37de10b341","nonce":"fb856a6033ee142b92d6ebc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"4dfe1a67d734158701b2715335fefdf3a1c529bcef24967078f8129b46cb1742a0251f3ce9c39280cf158d000a","nonce":"fb856a6033ee142b92d6ebc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"377e893244c2f783edf7ce3fbaca4f7b6daf7a9017652fb3de2fe4be52ccc1cb4a4f8d14b874caaeb78e4a1c46","nonce":"fb856a6033ee142b92d6ebc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"5b99faa05f3a72a2102725a73df1eb93f690c680f5453a8b308b8a15136965f2bbe2eef5794d5d19ba5f34062a","nonce":"fb856a6033ee142b92d6ebcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"074bbbec92f01715498e0211d5deeda3684db1e30ac83b86dfde7d360b5a45dec8d3bd13d2bd19b95a70b7cc6c","nonce":"fb856a6033ee142b92d6ebca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"71303265b48df35767fbc0397bc066bb514c68803444f720de16bb7afaf6e791614b0fc0974bd5d25fbe03a6ad","nonce":"fb856a6033ee142b92d6ebc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"098b4ed6cb8d1ac39a63b672806fea10b8de7c53aa42c68d2831961a11a0c01d3f818f3f63ee2a287c02d819e8","nonce":"fb856a6033ee142b92d6ebc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"7c5b29878f4c300330206092b4028057f53075046f0eb5d916db6395926c03fda826034916f5a29be89485c1a9","nonce":"fb856a6033ee142b92d6ebcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"6e5e51546026cf523dcd513c9eacd103c910c4a44c89b20d95db038635c49c6cda5ec4b24e0b05da495c659814","nonce":"fb856a6033ee142b92d6ebce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"768681a9c11cfa2ed4001073c2806bf99d39e3682a5b4bee68cc6145f48c4c416585d60d1e5ebcb4119583662d","nonce":"fb856a6033ee142b92d6ebcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"6a8fc545bbb614e8f544b66877224152bd2de03cd3415873f7f511ae9f2ebeccaa81faf2b0f4de169af69864d1","nonce":"fb856a6033ee142b92d6ebcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"575273c7d0fc2c12fe53033b3180198fd4be3f9ad0e3cdc7fbe88622b32cdccc35da5a060dc2c51d87f2bfb408","nonce":"fb856a6033ee142b92d6ebd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"b2b5e8e4b2248f55bd3343f58950344d5ca00a3e54e8a39be880c266e1562d36a1ed6296c502e7ffaa65520f86","nonce":"fb856a6033ee142b92d6ebd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"9fa959f5a40df6a852735816913c2a7783b71c7ecf1cc4cda0e7d55245666efc68a2bbf3883a1b1bf659f975f7","nonce":"fb856a6033ee142b92d6ebd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"9fc1688c0a67b80e66789f8aa896edc8bd00b2183bf5a0076434b3181e86c76bb4811c95440456a26b5a07f9d9","nonce":"fb856a6033ee142b92d6ebd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"b49b48d9fbb0ce16f23ee97b8dee9f171e15fff141097177eb5094e3c30762f303269adfe7e07728ce1dbb5aa3","nonce":"fb856a6033ee142b92d6ebd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"e326aaf758f774593ec92c5415ad8047bb2c35526b7ba44fa2347e49711ecc6ffe554db4887fa9a8e5b101b096","nonce":"fb856a6033ee142b92d6ebd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"18aeb625ae00d43851fb7d634366cf6c5ad316fb7d0850febf5142b99ab235a635d3e2b24e41c07049740633f5","nonce":"fb856a6033ee142b92d6ebd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"a70ad766c3870edd57bdc14afadd83792f4e4f3f251dab27939d8327d84e414c61764f520fc1d09c19311afd46","nonce":"fb856a6033ee142b92d6ebd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"ec31dc94991366eea281570f80b9420ecea525c23ea0b33fd10045ebeb75952eff31d375eb27f7c26c509d3dc4","nonce":"fb856a6033ee142b92d6ebdb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"34658b1983d7eeec963a8e6ce055236959e767f94dd27e0254db97642b881990f762cdf99aadc1e39e8a8f99a0","nonce":"fb856a6033ee142b92d6ebda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"3b472607ea0e9a0a29c88fa81d0256ff9db3ab6011c0e480b12b4b8e40fc0182a0388f045840d695af4b35ee0b","nonce":"fb856a6033ee142b92d6ebd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"cb4b2fc2ca205f6a97e2b09d9d57cbee5816af2faf7b5b17fedd8c77c6cce1e238c68ed308d79d4ae1bf210c04","nonce":"fb856a6033ee142b92d6ebd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"654442b2edb126656460fb3815d836a2b70fab540e7894a6833abd336c7af60e8479f6cbeebec98a12aecea74a","nonce":"fb856a6033ee142b92d6ebdf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"f2da4b4c2b004f17d8c6cf5884985b24abaa31ad04ca19d1c9ac96caf56af3163f98f09d4b77e151482cd3e099","nonce":"fb856a6033ee142b92d6ebde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"f3b8d14f80fdf42824f15ea86093be83a19c2cbbcfd293eb39d459045a580a582d3fb179ed5d8106cf644ce25a","nonce":"fb856a6033ee142b92d6ebdd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"8227526c0e45878b89cd8a006323bfa6b41448542f8aadd573ed00fc86ecf5cb6201de191d4d87ef73e83c8cc7","nonce":"fb856a6033ee142b92d6ebdc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"5a24402fc7ef339a2838d7dc8911c5fc4259d7ff01177a726b50eb1a14c4eeaeef5194f79958f67dd8e177dcca","nonce":"fb856a6033ee142b92d6eba3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"fd8decf89a993e70acd1b585534147e007a30ffaa2027736bee3a8314b765d51881c7777e19e7856e0155f03e5","nonce":"fb856a6033ee142b92d6eba2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"3b29b77ef92de616f59a61bdc20b404bfb87c91bf12ea5273fbbb7cc7d4a80d8a168b7afa4db97b8671c8c1490","nonce":"fb856a6033ee142b92d6eba1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"283b26bf40f06f159d7965af30e6cc0b8910248275400250035dbaad90553e00a1e7dcc9ccbe0ecbf2af3d35a1","nonce":"fb856a6033ee142b92d6eba0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"fccc7759ee52a6bc7a9fae753ca038062bbe788a1da6981cb471f2183d83fa861e669902cb7cd3bf520b19b9dc","nonce":"fb856a6033ee142b92d6eba7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"fce3098c5b56b6fe1e45e43154301a55d621057e68538b88cbb32901c4f6de3a8ecb66960223cfaeefca4eadac","nonce":"fb856a6033ee142b92d6eba6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"1c972092a17c1f3397999184e06a7ab38d36acf2761149b8a03241b1fd4a8108f46c86b5c81459584799e9e028","nonce":"fb856a6033ee142b92d6eba5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"10f84eb6445ad048c67b7789f0e1e92299dbd5a2325ed4ca32eb5a53928c90035dd95c0dba1cc5bbb52eb3fa96","nonce":"fb856a6033ee142b92d6eba4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"390fe7919072ddc92c0a6396f09a990a0607be0ddd581fa96d32645f612905785e6e92aad091433093a8dd5e75","nonce":"fb856a6033ee142b92d6ebab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"6a35f6036435156c9472bf63abb185d8434df69d50faec2b417ce3b8b4a2b6e8b55fead2ea49a15e89c42b8f26","nonce":"fb856a6033ee142b92d6ebaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"0a2fbe2e0ed8cc8a7ee19864a5bb80b7950f39696dbf8f4f7532dc47585a4082c37e6d9cd990655c99122a5b1f","nonce":"fb856a6033ee142b92d6eba9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"dd592ae27f45959b2608ede2411df299cd0ec4dca09ebba449e8fb5665acdb975831caa078da8f2acfb96a0eb9","nonce":"fb856a6033ee142b92d6eba8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"f3e75c2d5356cfe76bb374b06b15e0301472f618715f7c725cd00161087896e175431ba727f747cb8f3c32bb36","nonce":"fb856a6033ee142b92d6ebaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"f76634ff50d3e74d9461ab304e61cc2772b33b93bae53da631fc807d9b7227090bd6178ff5a47c26b7758ad668","nonce":"fb856a6033ee142b92d6ebae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"abdddd7073547a1663eaa362995248ed5d2ee428ec0422131f6e09a9752fb4162b4e829688a21759a7e0421ba8","nonce":"fb856a6033ee142b92d6ebad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"94ba1da3d82858f32aa1e0ae511c861b4550f7505df522160d8593584756bf64a0d78274b4205c6d92d95d69c9","nonce":"fb856a6033ee142b92d6ebac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"e5e38373145a847ca70e09519c0cc8285289ac22b05c59743698305cded380bc08deb17191c761d4546ffbdb08","nonce":"fb856a6033ee142b92d6ebb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"002aac587d786f5bad60b2df48d9a288b79453a90136145ec69dd6e3db109ac3b9456888de00fd553f2d2c26df","nonce":"fb856a6033ee142b92d6ebb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"cb684b9891dc580a3204689ce48e3c213c32f30d2aff8bd87f37b88bb2ce9cc509ae63b58ca183f62ad8dabb71","nonce":"fb856a6033ee142b92d6ebb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"dd9dcef8a6e42efc33274ef4c741f7569cabefbead39cff38d3cf3d60cf6305de22e5e4a861c048f7a98771471","nonce":"fb856a6033ee142b92d6ebb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"c57d7eb54b2431ed0befa571ca9db40c7d7a9673211483486e81e1c8196c6972b914724fc1b69bb5af2313176e","nonce":"fb856a6033ee142b92d6ebb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"5c5bfb0e7b718cb639c4b038d22cd6367ac13bc22f1558702c1da384972c9f29edc3f31cbe80ada617504c4124","nonce":"fb856a6033ee142b92d6ebb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"470ab34d73cff1d365b66e16a810b4f135d88e87458042dae025cabd185996006e246465e0779b37a2141e1ee1","nonce":"fb856a6033ee142b92d6ebb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"b310431997473bc6755cb9793552d7ca84c015ba8ce35f5c9cb74f6acbc58cca3ffe3d7c00b95393afe5d8658f","nonce":"fb856a6033ee142b92d6ebb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"5353a01174dd87876ea608d8fb3a14b155cb81ff6c971c1a154ad8cb64efca28ff3756ac474251f4db31fd921e","nonce":"fb856a6033ee142b92d6ebbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"11a6d823551d622e2326b80ba5a8e52c79e84aa9af951ceb8889fe7b2f5ea2b0206ac49c4f4496525ac44306c9","nonce":"fb856a6033ee142b92d6ebba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"d0c6687caab47a86a7e27e521ff947f91206d4e1c4142423431f49f4efc45354fac542aaf165deeb287d57a5ff","nonce":"fb856a6033ee142b92d6ebb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"07f1411dd69311e4d30a03a21fd1484c4ecee8dcaae369979737097fbf23d3d87854859e2a2e0f5d4f676dc498","nonce":"fb856a6033ee142b92d6ebb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"d9198809c1d546d2ab1923632bb930887e239cb4de41e5a2ecbb130f0e43cbd51e9ecd4ea1c08ec930e69d63f9","nonce":"fb856a6033ee142b92d6ebbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"5f729fe00713c29b3c5359698e6cacb4e992f5467249f25f17809816fb012cf23d75113e5798958b5e842e133e","nonce":"fb856a6033ee142b92d6ebbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"9a3f8cf1e6c706e53ca25b961d175f10bc5dd4a90a6ca511fb9157e72c3854ddadf3f382326bbba3d65e286319","nonce":"fb856a6033ee142b92d6ebbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"9180902adcfb5021d84c2e70ef9797512a5d12fc1805f21dd5dece4396c742d4fcb67c15c3135b397bd9fca8a0","nonce":"fb856a6033ee142b92d6ebbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"21f6366e0bf2247fb437fe8236bf0ca9080c82e907374da498037018d0eefc75cb632867205f664fa513d336e9","nonce":"fb856a6033ee142b92d6eb83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"15bfa95033e5c9b6ee5fe585e6adc064b09e2e46a9c4c33b2e93226b39871b85b7cc2b4a1516050baa3a808900","nonce":"fb856a6033ee142b92d6eb82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"1033f38df146c21a41e0af1226f0392b1a251f6854c7aeb7974a54d32a8b7131210b4d68eab9cd8dc3322d5ac2","nonce":"fb856a6033ee142b92d6eb81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"84805c460b59203dcfa9e0c68d07a8777bc65e944970b2f686659f707816fc1795522f3405412ddfead2b7d777","nonce":"fb856a6033ee142b92d6eb80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"44a6093422ab258972bf889874c35c4d0658fb67c678a8c6107de885cd5826801aa206da3d53562ae05579d6ca","nonce":"fb856a6033ee142b92d6eb87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"1e2808534f9e16d9881503ef2c48f4457fdaa6cead8f7483e0722e1fc17f6d778d28c3b16471df724ecfc71ea5","nonce":"fb856a6033ee142b92d6eb86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"9466f92be931f33a4782b7eede8434a99631e03fc04e7e1cada1cd2c4c34d8e676e1929961fd3a4c3978bcb001","nonce":"fb856a6033ee142b92d6eb85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"bd03e0b948269695c3268acf49eb4ca2e0402fce00c2a6fef796e9d6eccc3990a7238fc878bfe3f41fd2a4a130","nonce":"fb856a6033ee142b92d6eb84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"04b46d76cacc17c0707a2b172262f8fcb197c24abfce77d218db86771d3846e29ef53e1acb45149bf439bf27b4","nonce":"fb856a6033ee142b92d6eb8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"349647197973fc15b7dcf38a2c37dcb8115b4eba2948e3594407e31bf88be340f07a97a890132c4c8b09984e3d","nonce":"fb856a6033ee142b92d6eb8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"39847a85192aaa37d3d1c9eaaa7ee807798fa918f9e2fcbbd17f556a661991c6a21456633dc5cfa2a492d21d14","nonce":"fb856a6033ee142b92d6eb89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"2dd67643a16625450960d522fc9c86a80e16aa7f27b7c43b04df79f2bf6fe402036a3c54cd161db4bd4f96b186","nonce":"fb856a6033ee142b92d6eb88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"f48e8aea47e45289641417bbd642886367f0c9df5937b6d3c654b76ff8ebf1e6046c3b2a8eab57554288bc58bd","nonce":"fb856a6033ee142b92d6eb8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"97daeedd0fe886439857eea655ca61460a46437c01d03ef7a08d0533c790c2b857814299d59ec7984e59ec3ed1","nonce":"fb856a6033ee142b92d6eb8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"29d3a869bef3a498b770909d56ad10395a2cd1654c206712512bc8d0e35d246cc2d72b6f85fae89cc40cc463ea","nonce":"fb856a6033ee142b92d6eb8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"258ed2734e5c009f389506bccb62b4d53aec1821e58ab0706b6ecd36edb566db2a541704ef2f087b78b4bf696d","nonce":"fb856a6033ee142b92d6eb8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"095926655f47c9e9bccfc3a74bf1f0ed875f504ee1a2b176166040b090577374542885a27ef427469e8d6cbb92","nonce":"fb856a6033ee142b92d6eb93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"900c885a441743ea6b17e12968abdd7e729b674fa30a15b98e7ec796436cc53a81dd55d6fd424197c6ae42411e","nonce":"fb856a6033ee142b92d6eb92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"ead327f065207e7b2306079c93e12323f8fff02b2c4e42f4fe8a106f7984dbc591aff5fba6c13ca851bcf443e7","nonce":"fb856a6033ee142b92d6eb91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"e8512399efe62a28770316afa88e0d67ea0b1198d7f8f7a487219b5613a5d5e2c2c92de08e59ca49cd712ab372","nonce":"fb856a6033ee142b92d6eb90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"939a3e429b184a38c9b09cc4719f5a2a4ade6ff59035d7fadb45b9dec440ee4bc16523364c1703b4dbe2af5796","nonce":"fb856a6033ee142b92d6eb97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"6195e1ff01e82f0e101cf6915186049d3147b59486fc9719c2c413a6b440cc6773a236f3b64a0f9bd84e9b3778","nonce":"fb856a6033ee142b92d6eb96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"d1aa4d70c9e881c048cc514141cd1be224553f8461335112c23df5ec7e70e2a4902e28d39b85d3191da6a86e29","nonce":"fb856a6033ee142b92d6eb95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"661959c0af775f2b60c8579bd8fe4f3f69cbd1819bbfc0d5e088eb92542a67721991081d7770191e46896b7c6c","nonce":"fb856a6033ee142b92d6eb94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"1880a1ed55ccdf408c5317403577632ba128b43134f7f269ccf0282c7cf3c2e487df6fd28d7f4439c632e03a66","nonce":"fb856a6033ee142b92d6eb9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"f8fb2c06536062a6ce67ac7f37f97e34463df7b6765e2400dc1dfa02a5fa8a38e2a4e7c0d8ddf88a11d36485ff","nonce":"fb856a6033ee142b92d6eb9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"4c62353157c64dd9ba6193b5998be58850970b80d661d3fd45c61d294e20f0b9bd249df367efe11114c11d3db3","nonce":"fb856a6033ee142b92d6eb99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"185d7912e174f1d2124bd0c11c78f900adaab81b25e5d7315be2a9ae7138e2b247f14e7cda441c5902ea4fe8e7","nonce":"fb856a6033ee142b92d6eb98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"e57db19a8b9e81059d3f1863bfa5db8c09d2e911b1e88963b51ea565c81d5ac8e7506c6e8dc4a8b50aad61145c","nonce":"fb856a6033ee142b92d6eb9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"dad4589297212a5516c844d00b46537665c4ebcfdfa88b69022691003d43f3ba1172f3cac3dec53d49939affc6","nonce":"fb856a6033ee142b92d6eb9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"e95c7ea103b214b8b346334e61c4dc67a487e885bec7eca104674c5078ca785bc4164e609a81c0bb7889f15d7e","nonce":"fb856a6033ee142b92d6eb9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"87922cf892aa0750a618e43f073637965c5f1dd489d9042ee1e2cd2b729031e0deac432251f7c65de198960b2f","nonce":"fb856a6033ee142b92d6eb9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"a8c995a51ac8e58c0992556ffb90f5dbc3fe6c75fd7ceb58367081b02854132602498ee1dee09322b868ca780c","nonce":"fb856a6033ee142b92d6ea63","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"937c4bca58dcf53229fe35a369a58f5bbdd669b9b6d48a31eb5e209f12397a25"},{"exporter_context":"00","L":32,"exported_value":"404ebf64752a554afac66b9894829d1e14ffff3fc6af0d85fe59079586482ff6"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"e3be1ae143f77450427b7e3123d3323083902ff3e4600e8c6e070f383f4ef8dd"}]},{"mode":1,"kem_id":18,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"c6138e0f7d76d20c54502dbee72383bd3515f4ad78c93e742a20078c2c2e490cdfc96d7d2835eac4a586f769b08f76bbf711bea343d3684342e5f92ec43a83593b80","ikmE":"87db9cd862f265f74eadd3c6deccb94e48e19f26a5b2d4656516dd6e0ef32e8c0e183d7a4eaacc504226a44109dab753025e667999a8618bc9739a000675cd239b4d","skRm":"0014baa1efbe9dfd4a61dc592455859defeed5f2b8e6492d942737fc2696745f585a71a82eeaf1f086a075a19ada572a37b7b2295f62a56537ed406ab3cf5b24aeaa","skEm":"01a1ebd77adf3b478a030c69fe82f842be5986c54b8841e6775e7a6234dd990c715d054662c84f5ee419e9fc32434ae1b69e40339d4d8155e90eacb956f031730d4a","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04019f3b493f53634d1e44224f6af757b80e071ff26220e33fc1feb87bf68e2d40484a636c04be45a05f6d423cab3e9081f6799a03c22ad5d98f01401fa8303e5ebde7010c1c068404dabc80cdf3adab9e00e415e05a6935028858d9e5231d6c4ec3db83fdea587a35c6ea4fa5bd1edc702e026b7713af68cc16bda1591a250c25d7b22162","pkEm":"0401fcd057ff1053a2ab2810de6941b64c0dd8139a208fc4808ea78353c4a1c36f772e53c7a26de7ed1f3184880db678a02937e3e40ca9aae17ef3371ee57ad48c1d2700471a52fcf4e95f57db377e82069d3757a02e98b588e935fab2604bc790eeb8b72067fd1b505b9feca5c5c86c62bdf80a3a3870429e545ecf3ab2f3e2f83bd8d67a","enc":"0401fcd057ff1053a2ab2810de6941b64c0dd8139a208fc4808ea78353c4a1c36f772e53c7a26de7ed1f3184880db678a02937e3e40ca9aae17ef3371ee57ad48c1d2700471a52fcf4e95f57db377e82069d3757a02e98b588e935fab2604bc790eeb8b72067fd1b505b9feca5c5c86c62bdf80a3a3870429e545ecf3ab2f3e2f83bd8d67a","shared_secret":"eb7e17024fcbf53d8120f14db3769651cf3d281b24d430d2b32568c643247625f3b8c58f3e3078958819af06644a6bd21287ff77dc87b934084da52ccb854521","key_schedule_context":"01c208fd0a0b5a080a7f539f59e422ca4e818e634e12a8947f0dc95d4315990d38f86322f9fdbabd010f1301dc6aba400a053db66487c59de1a557d1eb4b5fc9c4cdd87b0281e692a99982979c39757078bd10f16f51a609804bec7ea73e6df85d53e5b21081fb76ca400113c07723eeb59281dc77544497e8f8a683106eca75ea","secret":"0e62c2b30421d43e24a7947b6873df2a158946ed2a7339a11a2d2da2c45ae2eef239383141aa992d198162910e8f341222eb47b35fb1cfa1533329b08538f30e","key":"a97b660812a5caa28088fa2f491a9d9e","base_nonce":"dc98071f41d23172e43f33d8","exporter_secret":"2bcd1d1816fe0ba14e9bccd9f813db78beec530ef70dd58d23725da8763b461ec3500f819ed34093c50e62585ce74942fe5ecf842d2f511d4ee5d8a5ffa69b4c","encryptions":[{"aad":"436f756e742d30","ct":"6b314d3918da44e15f1693cf1ca23584cd71fd6a9f9ed6733810a13709a1eccd8ae9c9f2e2a1b33f31c2ed03f8","nonce":"dc98071f41d23172e43f33d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"e448f524aceff2e1c02c499f90b9e122fe31e540fd361d408a724b162ffd2537582176da17b769814d1619f76f","nonce":"dc98071f41d23172e43f33d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"04ef78f50599792388c4b55bad61ba528277f2b3930d833f5cb5df632e42c501767d6e3cbf5c5fb0521bc7bd46","nonce":"dc98071f41d23172e43f33da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"a0a904ff101a1fc8112c4b3ac3051039fc4b69db5f02aa22660b04d73ef9c2bf51b7510bbbb22f3037cf77043f","nonce":"dc98071f41d23172e43f33db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"78726f62e055630cc992625e4d38b833288424962523d812b01ba0a0d78a19ecccc4ecbf549778f87de1670938","nonce":"dc98071f41d23172e43f33dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"bae7f20aa2913bb4fa257e357759ec187467623c1abd9b5244784932e0f3621dbb5d0856f29030fc51c409e2a7","nonce":"dc98071f41d23172e43f33dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"4b1bac018288c90744780dd0017b4a1e90c6371975b7d66d05337fcd1709e9d4deb1adf0f836f53b192971d336","nonce":"dc98071f41d23172e43f33de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"0fdefb3e842383c8eb4b4a993db426a1cc23973201fe1fdab49b3bb3d8d97f7d5c19d83867218e52875dc88929","nonce":"dc98071f41d23172e43f33df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"a3717cabe0ca70e85a2a389a8c1f938c4cd3333554fadcff189e4163e7a851725be20a7ad9ca5dc3328774cf98","nonce":"dc98071f41d23172e43f33d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"07ba1aacb40d80173bbf6f7859525b6ea0436ce65c363ead0714693c14a080b532a5464e8186e4264a36a65c26","nonce":"dc98071f41d23172e43f33d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"0ae1006604b878ab3244f4c6f774067aaf3f9d8325da760791e9abb88b34a18a3de5c0e6409ea8e017b061b5fb","nonce":"dc98071f41d23172e43f33d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"05d5815bb0413e9effcc4f6aa3e7667b353b429c3b196a7020e774d9090da776cc95ba075fdde1baa49e614d2f","nonce":"dc98071f41d23172e43f33d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"6135ac8d38c15b6d7bd783d2630606580be3635f120a1b29a9691b47ed55b825bf13c21cfa2d1c42c45a5abbdc","nonce":"dc98071f41d23172e43f33d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"c307b664a155123e94a9668ee43c9cc9ddf4f3acd34c63d6ecbb0802348b8c5c365ddb11c4bcb2df8f5cbc6e4e","nonce":"dc98071f41d23172e43f33d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"1a87005e66c9af834a532f3f580376adb6f68e5b6fb31f114351238b800487fb8341a624d408236c1b1522e8b9","nonce":"dc98071f41d23172e43f33d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"8755c0075cff2480dfd3f12be45e245caa6f15b50fbdfa770e90590bb5d86acb6f971c66f67ee1d83d4bece798","nonce":"dc98071f41d23172e43f33d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"68c732b11d6ae8c255dcff509c280ad807e7b07fdd4e9cf0a6891f548302b5dea6038e1cad358e15184d17cb3d","nonce":"dc98071f41d23172e43f33c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"ced87d45fac10905253c418a546858081f27a528b62e6a24b927602905023b70dcce62ac0cf811da79356f8650","nonce":"dc98071f41d23172e43f33c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"c846cce520014e9d08eb8cc9b27794596774d69624e01880a0dbd0b46ebbbb64e3150a8532f31c26cc01a8f678","nonce":"dc98071f41d23172e43f33ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"068abd833c22de91893dd81d3c1989c69412113965922327b2f73ebc6f2232260bb2838efb7420ad4e8537c1de","nonce":"dc98071f41d23172e43f33cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"b5270270bcc920397ccda1ff8e0cbfce2f66c80f6b59d29ce6a42d9fd801eb24285cf9f9e3e24c8a19181c0704","nonce":"dc98071f41d23172e43f33cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"9c4763f4188a937731bcfd70987448c4040e516daf18e753cf0491b3ef7d9a034afb29c90c7148efd7f019f3c8","nonce":"dc98071f41d23172e43f33cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"7fcabdffdae1001c7d6e9da8c116d1076931aa658b775e5639ee7d8cd76d85bda163cf561991096e59ce5ec009","nonce":"dc98071f41d23172e43f33ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"82fbfac5427debdedf1edcbdb5bd12bd29560aa1c019f58c5fa306bfec8483dfe769c18390497070d07f286edb","nonce":"dc98071f41d23172e43f33cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"fabd049fcdbec6d1564c78bed1e746427a9029bebb9fc5c453368a239d2e08d0a07de67423b291b7035c2820d5","nonce":"dc98071f41d23172e43f33c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"316009e66ffafa1a79fab608209133d6f49cacb69c5912bf26423b02ce1cb5acc26f4009061e402bcff8ebfd97","nonce":"dc98071f41d23172e43f33c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"6fd73c77a92eccd8e0234549cd5cd307587a48d17e508e4841eb20fc3a9af3795aff3888a31e4521fa30a28b1a","nonce":"dc98071f41d23172e43f33c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"110264574f87d593043775acf981674ecae5d6277d089045adcea25d368be60ec137edb895f5d4ae8f5048c177","nonce":"dc98071f41d23172e43f33c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"bdc1d253a369c7fb420c949a0fb72aa215251b7c7f521e294a65b4a5f1572c1de7687a607490a1efa68b6b28cc","nonce":"dc98071f41d23172e43f33c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"e248d3ebe7e378df3cff26f1fceaba56ff6c4f4949eba92dd4064969c3038983d3d34e5816c0b2cb807287b29b","nonce":"dc98071f41d23172e43f33c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"4f81a7c06b0a433658b395648ec61df80a77851228e0322e02bbe999c9600f34b7e6627e913fa662b97b1d7925","nonce":"dc98071f41d23172e43f33c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"dbf755d770ea37b5471a74a5bc4c22affa82621479af8889711cb0a59c2fd2b9b600bec8637f1df92bbb474037","nonce":"dc98071f41d23172e43f33c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"7919f45550c2deca298459c966bc9181ef28a3d3111de5dc145ab364bc91a3d00e9a9342351e7d63585ff0aae2","nonce":"dc98071f41d23172e43f33f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"15437cc290dd8dd5ab73c912a6994dfa2fd4aea68a89d8a66ad03992ea867b76b21875966be36f1a7187533019","nonce":"dc98071f41d23172e43f33f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"82b28418243048990573ed72895a39e32fa76b78622eb642b07b7b6747467c8a516195c0a356699b728b989f8a","nonce":"dc98071f41d23172e43f33fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"97886441abe0270c1b00d38bcefba36ef71ae70fc538ab142616f01e42ec1b384c56afef25ed14f5d81c349002","nonce":"dc98071f41d23172e43f33fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"26757b7885db96d9f720bd73ff1b8ddb55a28f6d48a4d73b8721e4539372d6e05a59a3502ecc1d003b53ddf372","nonce":"dc98071f41d23172e43f33fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"6b63363b9f51c6a7ce909af5eced4565c12d3bbb4a0cf9f17eb375cffac7e135fef018e7653351ff4b48797640","nonce":"dc98071f41d23172e43f33fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"2999c04706dada2102571db21a5175c513569486247dba5003c44496523f899ccc17442a99ee4e8330ab30c004","nonce":"dc98071f41d23172e43f33fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"316ced19b06c16c51a83f2d9347295a917ee89a18351f84d7ea2f3b03979baf8ea6c892393f712e74fac0720a2","nonce":"dc98071f41d23172e43f33ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"c8304b190c1b6e67203b5f301f31f9bd6a0cce3a81d8aecc85cd1a8cb7c5fc7f48b60a0486065b3dcfb678f230","nonce":"dc98071f41d23172e43f33f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"ba5512bff4d0e84468d9bc91f3525eba97a637c24477e6ca309c2d1534b14dedf9ef092d0d82fb3c7f3c4bab98","nonce":"dc98071f41d23172e43f33f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"595934c0ff2a933bb799f25599a1600731800d2054fc703e732de925b1636bd30ad330b1f4a812c67ec6dd63b7","nonce":"dc98071f41d23172e43f33f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"0a2f9e3acc024d904b7b2c30dc07e5924169f48f79f320fc862182bb90d4948f52f66a79a966221209aaa84c1a","nonce":"dc98071f41d23172e43f33f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"2a651138277a6ecbf2737ddd56c6b7b15dc925b443b6d495751b276f31098c785eab2bd2132738dd0f186e1079","nonce":"dc98071f41d23172e43f33f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"01290c7ab21762b3b6ae328d8f66299320f885903e597df37e8ac5f3f162e1cb64ade31fe6c89b981edbdf4785","nonce":"dc98071f41d23172e43f33f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"3816a4ce4026232781010cbe1b5a2e5e3e0b8ba51e0b01e1060f3ea8399a00822ff014cb636416c445d5c9896e","nonce":"dc98071f41d23172e43f33f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"34be5575bcd855b7d6861bc0a30cb739732777b72a5b1014245142c999acd629d1c20867b5f7386d32ef8ab6e4","nonce":"dc98071f41d23172e43f33f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"27fec1dab5aed4035c297ff33b256ca2eba284891269be22e3d456b3b4c8a04f40d5d7b258231347279fd93d1c","nonce":"dc98071f41d23172e43f33e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"3fa65e8e8ccea6fea0d60eb11ace6139d32c91f6a47f7193b454dc87f032d4156cec366a7a74996f5fe7dba1d3","nonce":"dc98071f41d23172e43f33e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"322233b70261bd87f4a459c66d5fc3289627f45c2a83ea37e19925e611079beedb70c16d41136c070f6b42435f","nonce":"dc98071f41d23172e43f33ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"9ee78c55e58c1be28c9c567f0c462acb9690a52e59da05e9c038216c6a259a6e706e036bd706f32b356485108f","nonce":"dc98071f41d23172e43f33eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"31e997ba4fc9c13eaa0f9db4f386bbbaa6574afb2f4314dde067d994b9932dd06bf574f19df08fae62af026610","nonce":"dc98071f41d23172e43f33ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"ed7075323a03b81978493a63af68c0947d7bab9805d66e2b8e26f557683e82566cbfeafb9e260a213ea805472b","nonce":"dc98071f41d23172e43f33ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"d87d92036c364087776c35dcdaa5b498dcef36e63fde693c3ebdf0cf5ef5ae99b2d1dc81ea7148055b022dc6ad","nonce":"dc98071f41d23172e43f33ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"02385298fad4776b57847ce45200bb8d740b5e4201a2a1cf7a3685dc6ceb5985a2e6c0e10873c72b6df47aad28","nonce":"dc98071f41d23172e43f33ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"28c9f023112a325a5da5cc0e9f8606fea21f8c811c1a31a02af18e000a78d2807e89b7f42f13920bf94ad089a1","nonce":"dc98071f41d23172e43f33e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"15e153ad12b4d3eda9bdf55432ff2957dcc8698c73fea1bf40690dccb03ce8f19b99e7e2a963f8e70ae00fe53a","nonce":"dc98071f41d23172e43f33e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"3a0e470f4ffbd7896fdde22a6d533a2aaf3d06ed07594b30e37569dca93200b405cf2376eebd7f22b67d5ed07e","nonce":"dc98071f41d23172e43f33e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"8ad59eb6ad26fe578ca023e30c12d2f5cf568ce01e5cf6cb1f068eda3c450215bce93c2235256e9f4c8c120ae1","nonce":"dc98071f41d23172e43f33e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"859cb5cdc3749628bfd80406d53c1b2348ef6670a1f9c82cf94835cd635cd7e2b1fb21aea81a1158efc8c1b2aa","nonce":"dc98071f41d23172e43f33e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"4e89ffb39930bf1fdec502e424dfe6b0fcbce5316a962e69b7e8f6a62950c28fba24b1d0c22ea91267f3880531","nonce":"dc98071f41d23172e43f33e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"d16f0bef41b17b9508024ed4d264020647815fd09834c46602f56a4b433b9ff72b6042b0c5a2bc5505131a35e4","nonce":"dc98071f41d23172e43f33e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"da4b7f40b0db0f5241c292ea7cfcaf43430b4bf61372f0a60ad05d2098ac0cac7e7ba1f4dcc8c8a7b250100a65","nonce":"dc98071f41d23172e43f33e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"00e9e780e6a0efce9ba030e90cb9c597c042b5b5ef50805fa047a82f5a9deed516a18ee9e8d621ef0f1847d142","nonce":"dc98071f41d23172e43f3398","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"de7cfef35470319b08265a0fe6073b9f626633b919e96cec92bca860a04301347c4bfa3e06a6021d46ca0da5ec","nonce":"dc98071f41d23172e43f3399","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"b3cd1859d3f6b328379c8c2a10d1ceb6b3c1902c49dfc73853ff362a2b170befb12336b639156662736b73fe4a","nonce":"dc98071f41d23172e43f339a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"d6c86f29ce181388199192c2d386157218ae8d194fd159b2a1159f797a86f43502d37ecad35e82cf7a7ef93c67","nonce":"dc98071f41d23172e43f339b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"98b5e0370c336274a322a012c1670d5a728b9d07704c38eb2522eff3f2d2069bed0b242c4815d78649ce480d07","nonce":"dc98071f41d23172e43f339c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"73c3e45ada33e4dcb454006feee269c1c86f5e7cd8b78241e5cb3e6f8a996bfad2238e90386fb43c4971b45d5e","nonce":"dc98071f41d23172e43f339d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"6660b06c815ce8bb5600e67ba4bb5bfcf26b6a9e1fad5007c1786b60f958e3cc08dd04c2c11fdb4d3c7bad0f8b","nonce":"dc98071f41d23172e43f339e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"e1e5bc876a63f74d7d908f08a4a763dcc5f7b10c9ae4750e46b8f6bf144403ecd2182c7fd8b7f060e514fa9c10","nonce":"dc98071f41d23172e43f339f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"98e75e0a0167417a24ab50c45cbd099d64d392a4ad78ebc2a371d8de4662b98a787774acea2127352f6b459aee","nonce":"dc98071f41d23172e43f3390","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"825e1c612dcd12c690f6ede2104c6d626a251811f6b747627e8b113a17eb77f474086bcfcaa6ff3c71300a1fae","nonce":"dc98071f41d23172e43f3391","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"8471d9eb206973cedc9165137133f4347a7f4392570d1969e8ae0b11583b1400e8c132def0cc62b867e8bc1277","nonce":"dc98071f41d23172e43f3392","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"995b63952ad62b6a26fb3d78046627a394e9eabbb1c360fd6966271ec69e7d5c97116d5931729bcd332bf45705","nonce":"dc98071f41d23172e43f3393","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"8b8d259323b11ed0003b44bffe4c6ed08a4159b861d4923466dee764aa532a244fc4f90717d700e287fd23c724","nonce":"dc98071f41d23172e43f3394","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"da27261ed146e5d0125dfb31fce7961944105eeefd0878729a13be9cbf56504751f2602c6e00df2f8302c0720a","nonce":"dc98071f41d23172e43f3395","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"9ce1f43be5dbf85356d0c5b4e1b392e08a7f2f5d7bc2ff6c9c07039379643ad585e8bf2aecc1f00190b13a588f","nonce":"dc98071f41d23172e43f3396","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"3f38fdae3f44b7f2073979574a53757df7d19a1f1ef3e6944de7ff2304ded2332227ec58f7a4b14859daad072a","nonce":"dc98071f41d23172e43f3397","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"ab011c7df1b226c23c4a5d231bfedf6eb87b088ec93796a440e1787af888997ba3aad0694f3dc67d6522e4f59c","nonce":"dc98071f41d23172e43f3388","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"be823f6e23a6c021847130c2e7c7dd9daf4aca96e88426d523bad581760e28b9f22b0fe44f5aca76f23d73ca3c","nonce":"dc98071f41d23172e43f3389","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"96b659b96dcd31cf19ca3b8df4b5ea29ba23bda970cf0b4e519a256b0e651875173831ed41d66ba6ca0908b50c","nonce":"dc98071f41d23172e43f338a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"1f24fa64d3649eea546e33dd3578616a9f1997181396dc1d4286172385019ac330bd9a42688d246b40c12c4f8d","nonce":"dc98071f41d23172e43f338b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"21c94cab6061c0cb48236eb1d67155fedb7efe78382ff8f384045abcbaedf7e60aed4e88dc3bcd13b5b1c71119","nonce":"dc98071f41d23172e43f338c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"343641d96e324c0be97443b14f5001da34b25ea0c37d966f49bcaff62d8503a343c95e565a6716ea9fdc668430","nonce":"dc98071f41d23172e43f338d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"8bca40bbe0ebe4fa170d98d86ee6e25e66774701131677b3026e4a08551687407299762c249e6b5d2d07dcd8bd","nonce":"dc98071f41d23172e43f338e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"5b0c91e5c0cd8a7ec509efe406eaca26860f03528df2d4f20d8de4af392832e31827813071262f4359b16802ba","nonce":"dc98071f41d23172e43f338f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"6a949cbf70bb4d23cda7ddcc2548aa42470e8a4e37ae0b24b5bcf09985269320ffbd7ceaa63e4ff5ed4973b551","nonce":"dc98071f41d23172e43f3380","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"fc2a0e5702cbc7d72ae0684b1f749aec7c62db47ea8bc7ec834b403ece18b2fe45239eecd26043f2ef341b6092","nonce":"dc98071f41d23172e43f3381","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"8e1633edeb643b97ca573a2afed3b45e4d7837ed4b49801a9c2a477e9b764830111af008c2a6ad645a6779619c","nonce":"dc98071f41d23172e43f3382","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"52c03270991d925ccdb328bd94af730d11b0a6e310e5fcf5b48139cdc6483ee1372a7d0cdef86700cffea59931","nonce":"dc98071f41d23172e43f3383","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"dd9bfd8500f545f35a6caf7cd6c2c82385cee749ecb18f3b7883ccbd03f65e541b9458bcd814f41065d21d61e1","nonce":"dc98071f41d23172e43f3384","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"8c093f047402dad839179d1492aab33912145bf54fe6deecde3f7a88546bba8041e5df291355c6e0dd9c47e22c","nonce":"dc98071f41d23172e43f3385","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"ad6bb2da28f4e18be25b10f050225c9049c1141738f51d381c6a219170a24d2747c3e29a3945347d480b4cb3a2","nonce":"dc98071f41d23172e43f3386","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"02ff744c02c2a22443233d26dc223415bd9555d8615f8fcc7a09e189ca4a735d08118ce5f0edcd246354c014d1","nonce":"dc98071f41d23172e43f3387","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"41141298e929b18b05c5f93e78782e0bb33a2f211e1e8c497cd0e1943f2e9059b7608d92ea407024c8a628ba7b","nonce":"dc98071f41d23172e43f33b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"19227356aa1e217a5cf58d08858bb3c865d36cee0439b359f72d13c5360bcd14050cc9e40ed107074536a870a7","nonce":"dc98071f41d23172e43f33b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"359e5ae17c339d8e6f9c492342830f6bcf021f3297ef04ed12d619c319af1e4f33bcacb2dbb89843e3009b9d71","nonce":"dc98071f41d23172e43f33ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"26dcd6dae023496a4dc9483d679895e0b83ddf6610b79af37c6b87de7fda89ba74183079e645518fee4cec7c39","nonce":"dc98071f41d23172e43f33bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"fe28efbb8af7b5da56ba61d666a48fc14c56408367af3b943f4eda457bcdc55d4ce2dbaa193c6ad5ced93ff0bf","nonce":"dc98071f41d23172e43f33bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"07ecfe9b59ea110966aae183c9533957e525ad4eacd8344b797e203b784151154f9436918fcd9fd19d035d1677","nonce":"dc98071f41d23172e43f33bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"82502c27cee6fcc6a6ffa1450a67e212de2e0852606ef9d859122a203857ae257ad04d07dcb225e678a10e832d","nonce":"dc98071f41d23172e43f33be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"ab188697e8df8a8e9e01bd7a4216972789b1b3582cec76b8213ba3d3ea62f3fcc5da1d80c8e600427a40eb0f4f","nonce":"dc98071f41d23172e43f33bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"fe144acf624d599cfe4bc5efa06d096bb20407b5c7d1f0f4a631000561826978fd3fd4db9615828283d23ebf9d","nonce":"dc98071f41d23172e43f33b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"fabd83c88caa6b8f614f0f98900641ffb58532d9973be7e1f3e41772c5e1e6c4b582bd360dbe62d1ab43388c56","nonce":"dc98071f41d23172e43f33b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"1f8c31be58cc8f3a4c254b7138d55726074107c8ee531fc2b6fd6e2632a089f2632b26125eeefdeb9417ba4d72","nonce":"dc98071f41d23172e43f33b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"799e2e87bd479e8909dd9e48ccdcae0e2275a6583ac715862a23a8ce98737524abf8d9487c9628251f9272248d","nonce":"dc98071f41d23172e43f33b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"c2fd305d88814ad467656d6dad8e45ec15f9ea874028b5ff5af033c692c9f90faaa2a2daec15c6376b7bb32628","nonce":"dc98071f41d23172e43f33b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"65bc75c96963bab598dcd260f8f76a103a282c4439f766fcffc5a4f5e07b93bba4f9c268173abb34ee0ea3d450","nonce":"dc98071f41d23172e43f33b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"af749803a8173dd37a3abc686d216b965cd98159b7e50706cd444b4d8aa99c6ab1ac57b4edc6638ff148647cfc","nonce":"dc98071f41d23172e43f33b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"b93585a0ee7c212551b237482568a69ddf33378ea48b69e9ecd8a9cb234fae7af692337d20c4be339ab6eea0a1","nonce":"dc98071f41d23172e43f33b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"a55b9744c4061098f4f13a3ac73fb13aa4992270566ddbec7ac23a0033e9810d8c1d14f5a3af0aa283776b2b19","nonce":"dc98071f41d23172e43f33a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"e8d43082c6491f1e720bf85a16f4c9ed503b8d3583347f537a4f44dd90b6bc7cdfefc01c722f8b769eefdd8a5d","nonce":"dc98071f41d23172e43f33a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"ae31f8c6464b9cfc6a8154f2ca796f11eb4179690643f39fbbeb72cab35515f3fa7bb895374b27056b4481c82f","nonce":"dc98071f41d23172e43f33aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"2e43b9f228980f769ce39229cd25f129255e35c99ca36cca4dbf8fee37025edf2d4fbba8777d32d611a4b4c0de","nonce":"dc98071f41d23172e43f33ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"a45c909008652cf60185f831b39c9eaef835b71bdeffcd8609c1ff17589d1b056cfc5128e53924e871cc90b898","nonce":"dc98071f41d23172e43f33ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"7a0ae1fe158a9eaf09a6db057526d452aec4c86ee99d7a0285ff3ff05550a490eeee5e68b0198fd784209d2da9","nonce":"dc98071f41d23172e43f33ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"4d4156ff549cf718f27b64feaa7825100f45a23d7910750afd836f6aed64d938abfb2c23b3088cf1d537f7bc6b","nonce":"dc98071f41d23172e43f33ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"7f770a701bcba1e5727002d89664226ebbe554e53d089190347ce5e8d16c8c7f35e6b7c153455f9258818197ee","nonce":"dc98071f41d23172e43f33af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"ddc9e79dd0d6b6cda4344c0a32f3592c785fc0b510e0df2a9695e1d605ef689747eea662e3970c030655033dd1","nonce":"dc98071f41d23172e43f33a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"2b09cc76c8b2eeb899983fa18d8ae6d245abc7804e6dc31f3bfe40c8f54170828a7f37d45ccca511f87e870590","nonce":"dc98071f41d23172e43f33a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"7403072b9fa8442032995268a2bb4ab508d96f853d46a1f586a9abbaea65b8ec7870d279053099d030d5361ed8","nonce":"dc98071f41d23172e43f33a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"4861ff893329c16beeeea13221379710c27f9234f7aea3ae24edb506c38338c3c4745dc333f859f138ef4b0098","nonce":"dc98071f41d23172e43f33a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"d8a5f6c3d58369bdd8caefeba3e9c455f5dd4d0d25f4145fbe02aef8508dbd9f5a741e70787504c5f812dbcfb4","nonce":"dc98071f41d23172e43f33a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"302668ea2c65d30a45a23195184cdb8e5226b1b2d4e76b03a9a58e447e2f5b2bbb2474dfabb891f12b18ef05ef","nonce":"dc98071f41d23172e43f33a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"a3c146bf296ce2e8380a1275349bac2f406bcafea89673e72b9e4266fbd37c03e97cfbea05c7ef441c55f60ff3","nonce":"dc98071f41d23172e43f33a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"c2eae8f1d98a30505e9139170dad4d9f70471827db49478418e64831180e2cdff85e345f62afc8b4857d665322","nonce":"dc98071f41d23172e43f33a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"e71a984e3018e513334871c3f19a8daedfff2d46fdcd6aa029480cd07bb8ccbd88aa4f5535a8ded6d2b790573e","nonce":"dc98071f41d23172e43f3358","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"89eff3717e83aa28504fb19269696872d8e55281274e720187d107e30c95f96cbffdf65dd271e42ecbdd424ddb","nonce":"dc98071f41d23172e43f3359","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"572f12ff65ac15c1f14578576a1168b714ebecbbfa25a8164b3478db7e9371671e006596a6f0b4b78cc8782974","nonce":"dc98071f41d23172e43f335a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"26120d1153c2025c8777bd41b5680227d28cd329cecedd6c1494a8025c151065b499eb05bed6c50f604e9c906e","nonce":"dc98071f41d23172e43f335b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"033cc6a7bebabbf6e1889a1378461e8be4487301bf3c386847deccdedeea445edc201ec41e52108ef54476e479","nonce":"dc98071f41d23172e43f335c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"d6b1a6a5bb1c167e1e639e52a93c50b09c2f464775b56d791b878fe9e1d9bbf435d94b48caabf864cb0f94f5cb","nonce":"dc98071f41d23172e43f335d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"9db7ce12e1acc7da09fe50a6f6e3dbd6153718b57d082a5cf217a7a373852165dbd15f65772e2476bc930a9cb5","nonce":"dc98071f41d23172e43f335e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"8b74b4362e4c586928bd9c298adecf41f3b99fd57ebaf3bd3b62df57a97d51d1264aea96a70c4be6caff5c359d","nonce":"dc98071f41d23172e43f335f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"1402f5aefb6f204d93f7f2cfc7deb40f60576019f7db271256832559eaf98c7fee78576b615d899af9ab562a41","nonce":"dc98071f41d23172e43f3350","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"e0871a198cb9bb98f24ef0ea1689dbafdb39723dd27b8a222e473ff31e837689f024342a2a0bbbf1a2aa62ea98","nonce":"dc98071f41d23172e43f3351","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"aadf8d9c17fa78cbbe8aacb8da79b05a91329fa727369519031ee41feb5c569a50facc75a38ecfd8403e38033d","nonce":"dc98071f41d23172e43f3352","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"2e3920f67de60c3bc63c094dbe034600c16735713e0402abe33e2cfb38ff90cf87d1657646b33360b6cee70aae","nonce":"dc98071f41d23172e43f3353","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"775ee2ac07b27d6c79f0293dc756dec750acdf59f09c3ce0f1d1b515980675a78a8600d992828dfa3fb939c4e8","nonce":"dc98071f41d23172e43f3354","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"ed1b692a333ecfc817e7a6b29284038c197eacb4dfd05810026ac2d2a87575fa0acf622317e46dbd91efd6946f","nonce":"dc98071f41d23172e43f3355","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"ba7b72d76f8cb53a12693ae132efa0a6b873b9a92afab321ab0ff0683d4352a7ffb11c0a5187dd25dc3f04b547","nonce":"dc98071f41d23172e43f3356","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"218e275efa2858421c7f1ce10820a39349e4ec36edde769097abbc840b72c6853179de1e79f8c39f8fa513502f","nonce":"dc98071f41d23172e43f3357","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"76fab417257e4327b390c6dada1d2c6cc7fddd18d522f3291e4f7d0c75ecd87d835abcb38a2895ec592411c383","nonce":"dc98071f41d23172e43f3348","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"5dad103aca32f12b77eb7506ced510d6b18afe9ba02c45be779dbadf898b08c835e61f9ea7bc4d10b8b4a95891","nonce":"dc98071f41d23172e43f3349","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"3a5c83b7047d7adc8aa8afb0fd2afe8d5b507485743ed3031aa095c3276bb0277abc3622e1dd25e8ed48fa4b93","nonce":"dc98071f41d23172e43f334a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"d5096165e315f481b95f9d4005b406ee5574699999fbc164fe2ed5e36ff03f72f677a007cb4da22a6e6dceafb9","nonce":"dc98071f41d23172e43f334b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"29f130df697456704ecf5ae7d68cfdbeb8f41e410fd912a5462c535db2ed2c15a5e98db80242bd70f475128ca6","nonce":"dc98071f41d23172e43f334c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"0669d611ef5f56faa7cadc802a55c5f5d522f11567d8591d6d88f1a8f86eb2ad6eaa92c2c6c80a1c5a045e712b","nonce":"dc98071f41d23172e43f334d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"9d529938ee1ebaa608fe5b3a4f8bf45983505a767578be022b6d717d35563d8c4a48b94e7b279ee92c1ca687a0","nonce":"dc98071f41d23172e43f334e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"bfaf942d0e6e9d98589a5733a02c3cbe32806318fe9b4a9e3f15ea18dc20a2c7afc8c03e23b198854cf4f29acd","nonce":"dc98071f41d23172e43f334f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"6c70d33d97ea9ed05ca4ab34ea369e6cc81cdc1242c43416a9f607b41b17284d19d837eebf10ca4c82710b5b55","nonce":"dc98071f41d23172e43f3340","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"37bed7d336818b848b4aef89b0244295e552de05494324b18eabb23e6a804159c68e7dfe563c40112a78acd6e5","nonce":"dc98071f41d23172e43f3341","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"6286c3fe057b9694f0b4074cdbf98e2d7a16d91e8099ae8abf286b43dbe4ec869ce4d6628019aad6fe5b21423f","nonce":"dc98071f41d23172e43f3342","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"8ea6b04b152ceb4701452d01a6df6ed2e386bf7d63e782970bb37ae0fadda87ed5a001755c5f11cca29adf19fd","nonce":"dc98071f41d23172e43f3343","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"cc235b8d6732647cc4516fed1ef6e9dd65871a43e107365bb35dd0d6708339dccd2a85bb7e962b3f472a98e58a","nonce":"dc98071f41d23172e43f3344","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"8db3e5ad39348d3affc6caeee40459e387927cbd1c10b9833461752120467fb8d13ce7487eb69edcd26455c3df","nonce":"dc98071f41d23172e43f3345","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"dad20de17a976b3ec05dd9fcedf87709f42ee2cc9481a9c5044f1e62642392cc9da0c22539ec2950953aff773b","nonce":"dc98071f41d23172e43f3346","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"591b9e78ac17c4432828e6142b8d348cf4e97e6d10dd5809e61ca47726a7659f8029be479585cbb16dad347991","nonce":"dc98071f41d23172e43f3347","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"c55a1fddd78b6505c7992dbba283d1375ea8e268b7b3c1be240c991533806250bbfb2c24f8ad503dd64ba0d11a","nonce":"dc98071f41d23172e43f3378","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"adbcc5f36a9912a38a53ee2733f9cd898d036c7e8c0f1c2f32ec9b2e949bf8d4394333986baa929c2ecb42611e","nonce":"dc98071f41d23172e43f3379","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"11b5c008c7bae1643cdf7af7f4fe572df285e1b68fe5f4e1494d1bf68a9d314277e704e7b5536e165943ff6a3d","nonce":"dc98071f41d23172e43f337a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"4c35478e2b3e36edc40ebb48b6ffb94df8d8020e7ca303275e77418ae1d4b7829aea4ec26965e612a447e50ad6","nonce":"dc98071f41d23172e43f337b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"c078e37e64d1e6ac07ee761d174558a191d79add446d18214c1a0c68f0a7c4c3f5fe4f2fd6ff440a2a5a9e1c26","nonce":"dc98071f41d23172e43f337c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"5c4dd5eb2d1ece1b0134eef822929112f05d43047bbdff797f33547caa1e974fd1a04814d71d7a19e3a6b5bc53","nonce":"dc98071f41d23172e43f337d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"11301a4e6d96c9c538b4a28a1d06767a6f77b7b7c85589f08f8b6157e997e7e17b9f55454eae97a98f9f5985ac","nonce":"dc98071f41d23172e43f337e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"2181454889f862dc4fc2c4a47bcced77670cb92bea6112602333a405e7d731f0ae2684419e9b7f2da198606536","nonce":"dc98071f41d23172e43f337f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"659379d1b7ce495fad38352d5b8b3cca876e4c601bddda8283bdc2b1fed7b9c7bd6b9d54bac132d820d853fd9d","nonce":"dc98071f41d23172e43f3370","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"063e4d9d6e748b55f61e440c9c073534d23715ac2cf1d3b3e879e5e530152db55d1647d2a1244678dbe14afc79","nonce":"dc98071f41d23172e43f3371","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"98a003c056bc671e1362f58af65c5e8e788c0fc84a3549c655b46b1924463d14a7018464d597b5d14dc73df201","nonce":"dc98071f41d23172e43f3372","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"c0328450901531b188953b43cdc95991f6e7df5a958f89136b9579a2ab0a003563707f6f289c13db5cdc6b871b","nonce":"dc98071f41d23172e43f3373","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"709681460debf614f718c6716fc5a61f30380a15b3459bf40323fb32ad8630b521919f678fea98e1614110b1cc","nonce":"dc98071f41d23172e43f3374","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"43dee82d4aed879712d7e470885e1d5905f72ce902f76ed3a452276893601b04b762b13517f9477f8e051342d6","nonce":"dc98071f41d23172e43f3375","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"85120292df6306227d6f734451107c6fe2fbfed958511c3e478958c9af2db92d16ce14e14370cfa7fe549eb1a6","nonce":"dc98071f41d23172e43f3376","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"96a6666b523903a27aa16aca79c679b166f71fe31d09be16065e2095af1959a73887e1fb83e0c3f82a86524bc4","nonce":"dc98071f41d23172e43f3377","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"3e3802ddd2694ebfa8cdea4e6f590d1775ca8eb047c7285cd35006db6463396e64513baf17d187ab06f3d1ca27","nonce":"dc98071f41d23172e43f3368","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"26234635c95ce2845d89055a2e2af88eb1b0298c6d34d80bdd82ff21104ff17a0b4bfbcc514ff7657ee30ccbb7","nonce":"dc98071f41d23172e43f3369","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"cd1159ce6103bf0f5e2e51787a3776838b2e705fe303175efdabadc99969b36a961ea0d155000217506bc68ba0","nonce":"dc98071f41d23172e43f336a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"20698ee4c8eef0c42e1de23119b53d8f66b7e024b70dd124aa547cc0a778b408615cbaaf4db5e8512c2eb38a2d","nonce":"dc98071f41d23172e43f336b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"c5dca41066e4e74f4130f47931c505f8821cb498c4a748c0f8748341643509ec62a1a1d6b143f6bdae0da80d31","nonce":"dc98071f41d23172e43f336c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"d7cb58a55faa37df41260d4bd8cc6dea7e5e7b25cf8bf4124c444d64309fee1b8b51f6d728b4247c2bbfdbcec0","nonce":"dc98071f41d23172e43f336d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"edb54393190acc6df89583f55d398d6751da74a3c652be91dfe0259cf9187d00cc340a8fe5f5fb7a4bb8cc8fc8","nonce":"dc98071f41d23172e43f336e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"1f76ed326b42102e8da570e60f0c14f09b465763514422daeb43c50b665a6c5763ae82523bcb761ea87c47adce","nonce":"dc98071f41d23172e43f336f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"24b171e37b2a892b86b1effad7dcea849c3cb7cf32b6b55e961a06c2c38dd79fc9b0b0e8d5de85029fb4d750a5","nonce":"dc98071f41d23172e43f3360","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"86eba805d28b9fc1d5bb19a63d2de6280645a07df834457c5db6bd872f7414c7ddefc7eb087802d3aa7006dc19","nonce":"dc98071f41d23172e43f3361","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"350da1abd95c1fe86b260df4d3aecdc6d20787e26f9cbe5db577b0b1c949ba175c97786b56d0a4e832b8e6db56","nonce":"dc98071f41d23172e43f3362","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"1455e5e7a99e1e8ac37478a93e64265296ad4e0f92d6cd70c76b2c0c5ed9c51cfe7a03477484eb562c61c05771","nonce":"dc98071f41d23172e43f3363","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"c604842d83ff0ebbc747792c393e07dc8a6ba1669de4fccc03bd3c217ccdd56c386d6a7b359d6f0af23bc8cfac","nonce":"dc98071f41d23172e43f3364","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"9523050792ca079f2f1690c2cce49150e8e702501feeee2ff945d0fc164af117b0a427f72b1af7d735eda067b4","nonce":"dc98071f41d23172e43f3365","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"5f8df77e5c7f4c71527383f01aaca1635947b89e3f07d2fd75ecb99b92d1a40aedf56d875bc736c075eb68d49a","nonce":"dc98071f41d23172e43f3366","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"231a82fdec0304c2f469eddd4fa781b19d4124c267f1cbd391b3a437eb97076590af14033f920899eaf001250e","nonce":"dc98071f41d23172e43f3367","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"1f67948e65e980d3dbb95e6e9cb7b385f2904d0328d0688e90c9df54db1a93c5cc0b9062ddb7c072352057cea1","nonce":"dc98071f41d23172e43f3318","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"44698ebaba110518ebeb901b4c7d3b70dbc8fc76fdc1dfebc978efd330a07f12a69531f006bbdc65cdb8fc6126","nonce":"dc98071f41d23172e43f3319","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"0132f49e798cf05eb531028eba466c9470457027c9cb92ffd974250768f4ffd115538b4faa164889b060c4eeb9","nonce":"dc98071f41d23172e43f331a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"6e76b50c820a7b6a9f932607d8e1603cca7e543b9c8cf1c788dacac89aa1a939c3c353fae096a642d41c5e958d","nonce":"dc98071f41d23172e43f331b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"abf5c1d66300718a93516d3da6a6b305290fd9bcd44efa89ace0bcc5b9f3895dda2defcaf152ebfcf396743140","nonce":"dc98071f41d23172e43f331c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"68a932e54c4cdb77d5f49c8f1053afce5cb22bf9959ae62958e54d04b4f0f984c43aa64298974567662a085bcc","nonce":"dc98071f41d23172e43f331d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"92509c6727177f229b7b7a9141586fd58e8ce1cceda190966a487d223af340c715b5e592d3d319030cdfb8193d","nonce":"dc98071f41d23172e43f331e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"2ce09d403596b11b3884ca02e255c49dc1d39b0ed38b054ab78c936b346fa0b7f2c125fc6a0e76bf87bc2d57a2","nonce":"dc98071f41d23172e43f331f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"15dda266cbb21343d9a08233a28f46ddc090800f3ed50ac0840014135f14737377fdf69902456d34f6fc714d73","nonce":"dc98071f41d23172e43f3310","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"dc06c0790444c5d391a14f571450b8cc00e3fe2da6822ff1cdce1f97183c78fc70c48dbd36260d96484979fde1","nonce":"dc98071f41d23172e43f3311","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"8b687ed6d669a0b5864b1028435d5d32e57fa72b6420b31ba25cc5872468a2ec0bf4416f96a320c1435e33d589","nonce":"dc98071f41d23172e43f3312","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"d7ed3117877bd38d5f3bd762982b6663c780c612797d1f7d17919d86cef12767c003a10444cf915a386489a637","nonce":"dc98071f41d23172e43f3313","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"0546b1a74c81e6afb47e481d820ab66b1c84573d42199642d5fc595ed6100221605fa60633fb6078e2d60cdcd1","nonce":"dc98071f41d23172e43f3314","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"d146bd377170fd08b3366b605a4c9f7005d9e2eab72b78ed265030f208b7e6e2eaec5532e30a118242aee693f5","nonce":"dc98071f41d23172e43f3315","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"1d6b967f631dddd9c3f02c537acd42e852495b4f0a5cc57589ed5b0a9d52817f16b9491630b79902a4cfc42941","nonce":"dc98071f41d23172e43f3316","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"a26f70a48f810bf351a53699552c6a3525f57b878d8814bc1e6f3e8f3cf7eb37332a51358a1fac62ecb9b68144","nonce":"dc98071f41d23172e43f3317","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"424687f477e079511253e43e57f50f1ed434e7bcc87a4abfca94a5957b1cc51f2c21057eaf8bcafe68bfb1b73c","nonce":"dc98071f41d23172e43f3308","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"6bea34f029565a9b2746ff0b907a33102db07570adf1fbc076cd9c765bcb1fb134258b52f89f776268118a5fbd","nonce":"dc98071f41d23172e43f3309","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"1140ef5cfc80e479f8b6dba7335717f26444d6f980c45454fd0283c81734b9523468791d5488f10a965603858d","nonce":"dc98071f41d23172e43f330a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"9a670eee9ad52d68fab7c6819eecc1b2a11f0708a2325e5e667c1af5a310ef8c31780186f5801b37ac803a4586","nonce":"dc98071f41d23172e43f330b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"2373fbd49b4eebeab575c8f400d0a3129fa4c25564989c1c7f391b77093ea3aa1ee335e7df49abcdf95692beb3","nonce":"dc98071f41d23172e43f330c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"ceebdc8f87fc7a5cc184f315426f00ebddb1ee9b87bca167283b9c91b03def6d2fae282b1183fad57abebbc617","nonce":"dc98071f41d23172e43f330d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"6a9afec520ab738aec3b82f20630c8118d860d88f287cc8afec7330c9df239838afc5d6fb092d1c33f581bdb27","nonce":"dc98071f41d23172e43f330e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"aa6ddf31574cccc1aa2087bd6eafc2e0c4214b1cb171164178bee4537ed19e8218ff0396fbedb46ac7e13c706c","nonce":"dc98071f41d23172e43f330f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"0910eae267937be0b185723430abdd3ff1c91b08c6e53ce59ee3a4fd3d84927f95afccbb345f72a58ad632de22","nonce":"dc98071f41d23172e43f3300","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"ed1cd0d268a8808c482e9c931eab9be63e7d9deda97c829b62e6c19fe5818691bc2867349c3e93c78889e434b6","nonce":"dc98071f41d23172e43f3301","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"5457a9f3290050337ffaa778f86f47d2a642f3e549bc5c79cebc210a36960ed617cd1004e5b5e6b8415bab67fe","nonce":"dc98071f41d23172e43f3302","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"43276bf7f71e95a6a381aaa34bb0cdaa9dbc85a1a47cdd2928a30e604d5bc720736d286a4a6869853d73c62fc9","nonce":"dc98071f41d23172e43f3303","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"13c3cbfa6a18933ba6f68668123ca6a3fdf76bf2ecea6557a1d5ed29f20d6db7228caa34790984736568bbe3b8","nonce":"dc98071f41d23172e43f3304","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"a30fa88169d88c3e40e157451321ca5c18eb44b523e7ddd12a57f1eba25b4e128b1891180ac980a46435857f3c","nonce":"dc98071f41d23172e43f3305","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"3e23517a2f8e2658c117b69bc8ee3a5b4b9e2ffd54c444ecd5a76ad83b0b96a061f61a85cd1299a1b33f511d4e","nonce":"dc98071f41d23172e43f3306","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"158af04a494260da8250a54a3649b2cc92978622a02eee6a5c7f3c1c7fd02a03f0edbd593aa2cc5082b3bf794f","nonce":"dc98071f41d23172e43f3307","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"605ba929567d227cdb941c63e3fb6bf0e0fbf5f4ca7c8b27e02b8efa8d2d4ed24dc4b167f35c06bfd8c8529899","nonce":"dc98071f41d23172e43f3338","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"c96779ba01998c2e0a9f87319f68324d339a22945351c53a72285a53fec336d9b78b4193cc3a0fae16ec748e67","nonce":"dc98071f41d23172e43f3339","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"acb9765b6026437b3ae6943b85f9c37a6e813523941351cca039567d020a57be7c3a953554de6b16519a5b97a7","nonce":"dc98071f41d23172e43f333a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"651b2622e99ab3116065de5f2c42a3f362384d73f4572818bc224f47fc0530d05f6aa85f570c6e75bbc20c35d4","nonce":"dc98071f41d23172e43f333b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"4aa0c9cd5350975fb82e9314d8b3ea302f90c7a0a19fe2c3af854b2c933631ea658a7d1e7684bab07fbf5d1a82","nonce":"dc98071f41d23172e43f333c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"fcd913a4d1f16b2ad9474c127250d1e1bf4b4dc07482de8b10bf246d3bba0e5def495c28e19f86444ce0765d0f","nonce":"dc98071f41d23172e43f333d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"c6fe166748bc9c69724c963fb6ef1f35705a061a020fcd8099207545d18b78380928cc08939e11eaca7593cd52","nonce":"dc98071f41d23172e43f333e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"c1f290e8a9393cb5d6069871e92ddcdcca84f3c06d323ccc0b2aad53c0614a878f365c979e9e942cda17bfc42a","nonce":"dc98071f41d23172e43f333f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"1acd454098b12f7fd59bfa2d23a9109131940245162a7bcd83eee26cee505049571f980e54a88810fea6af4eee","nonce":"dc98071f41d23172e43f3330","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"4821992b5f0bdd2a276d7dfa1eb3485403a51245c1c53398289e9f22cb1b68e469907c58f5a072e713f44290b8","nonce":"dc98071f41d23172e43f3331","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"a2eebf1546d6d2c66d2a6df3ba724ae697a266e16610f9d3a1c086cdef7699d083dd8c3e0505216ffd01234ce1","nonce":"dc98071f41d23172e43f3332","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"59424b49ed979f6c3036e2f722c3e7e4263edf079c9f6c480b473ca56c20050eae9a6446a529344d16277a6278","nonce":"dc98071f41d23172e43f3333","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"c421cf8d64b186568ef0ac6195b48836628df62286146ebc6c73d6b2359cb9c812bdd4811fdde63d5b7604cac1","nonce":"dc98071f41d23172e43f3334","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"2bccb330b2a932633909315d0883e136f376bde7c9570f2595ce9d3e656d9e25d72ba55b9afad3f73f9ff1f13b","nonce":"dc98071f41d23172e43f3335","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"0b09758297e5da3c2959dcd268a18dbb3361dc15091f491bff6ecb6cfa6292c23f07e965141f83a0f60278b459","nonce":"dc98071f41d23172e43f3336","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"20d20910daa9e05f809ada7eb9360b0502660851d86434658680044e6390d83b4879364674456cb3225c38b8aa","nonce":"dc98071f41d23172e43f3337","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"a6edf7e09f91bbe3a405ca169e1934f7c6b2d5505a711ad5ad74cf97f197c17a40799cdb21b04f240915137ab2","nonce":"dc98071f41d23172e43f3328","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"4c929489b496c9573b0c7a785311f65296d85233137c7e504096fe8d3fb1b8e90567848839dd480359a58b52aa","nonce":"dc98071f41d23172e43f3329","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"d57a85980b155fbfd68ec7caa80ff403b4a9f4ff90afae110f9c89913955ec79f1478758a0fef31135a60a0221","nonce":"dc98071f41d23172e43f332a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"b9db9aa49c6a9f3955e0a18baa910e0b751f6cb5a541cc29c7d56869a40fe8ad3e5b81ee2e44bd8cbf55c954a2","nonce":"dc98071f41d23172e43f332b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"efc968d9663065f0fbf329a42c40279f7727b37ab72e4cc62b0ad92bde025b90f90bbc145234d82471fd188753","nonce":"dc98071f41d23172e43f332c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"c20a6cbbf56649ce7a5ee78cf8402eb359a59732711afc576b400e4f50b2892e22db87f622e7da7468f6417e13","nonce":"dc98071f41d23172e43f332d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"c2d1d50275fb9234c7d365b4420abda2b52fc0c3d6de22e30d15e4c81704daf031b7a918a9a0b104ef118d06bc","nonce":"dc98071f41d23172e43f332e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"977cc0d1ea83fea3eb5a23e9bd16214c69ca0519cebe3da5c5fa595fbd70e0e86edd89b92bc5185bddd9a3e0bd","nonce":"dc98071f41d23172e43f332f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"c2537a499545c53e79641e82bb8e35d2506cde6737aa96591162a8c71d1ba1368e1bf509190fbe61a27f82b780","nonce":"dc98071f41d23172e43f3320","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"18da67b6d000ace05df066950a69c1133e2ea7131eaa3ae08cf674313adbfba2c0687c365f69e4a9b5a1bbbf9e","nonce":"dc98071f41d23172e43f3321","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"318a29571fa6c380c6c008832371dadb2dd001dcdf17ad86298acf141120aeae74c09891e7ff9a31a29c4b4345","nonce":"dc98071f41d23172e43f3322","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"8ff5353b71fcf76b17fee91900413fc6937e429b2f12a564437fecbef47a6c0b2ca7419a57326501a7e4ab80b1","nonce":"dc98071f41d23172e43f3323","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"4d93485792d2a280167be3c7d25b7fb15af1712f0099000d62497c1b2c56ee05ce46a2ed8e1b8fc590823dce11","nonce":"dc98071f41d23172e43f3324","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"ba0fe0b6538b72944420ef6c77707dc208eb64b00a81a59ac8b6ecc53113a114dd3911a306ff308bea12a7dc6f","nonce":"dc98071f41d23172e43f3325","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"10667e782e0068d01168461545ab1ae2ee73ecff373b9369a18a5c0deae3ffc609a7f91a981e62aa45e6e05430","nonce":"dc98071f41d23172e43f3326","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"80eb620a695dc6098ba723eb02853fdf5cc56372785e2b94473eb37a030145acb7a1419b4ce24b537f30c0a7cd","nonce":"dc98071f41d23172e43f3327","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"7485838f785d7382c8fa591a1b1f652d52d6211065a0f3695a5f269956e5a7702acbf323792f80fbcaada879d4","nonce":"dc98071f41d23172e43f32d8","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"ae366e3cfbb9ac8240dcd3ce6588489db2a4c3e5be3bad55b70d1768f999d875"},{"exporter_context":"00","L":32,"exported_value":"a5d4e56d9cf8f567e00ad5598c520948d6c7330c82f966ffd815b74daf0b5a2e"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"95a5fcc552ce75c2ae8a0575b540f9d15bbae266adab2dd11fc9f14b92005d2d"}]},{"mode":2,"kem_id":18,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"3a098fae968a721b6eab085904ffa73c2ad7576212d9a6fd7421a57c7d74dc8af2e5f503a0f7ac4acf5510569c110a1f53a86294239a8d4207e31a1451894624476f","ikmS":"49036fd260b8c759c2c7401d3e2b64f5aa66b4e81f8e1e5196db68eb9323076f022142e1611ed6e19296e803c230762f1855e616ab047bde23b5adbaa45a2048d52d","ikmE":"88ab68f695462c3726286bf8db6c274d45f6484474c29b82006a43f44cc8b187ffa492d79d0f4fda41bd9eaa1a2f6b5b4e98ead4a3982971d80cebccc3d103b84ce0","skRm":"01f65e54fbfe298b8704595b2b6ed235f76284c21e669f3fc3e88f0423a7706cef6e060ae4078c436cd9a4aaf312787c08991a817ee14dc48c487c658580d4267881","skSm":"00f3579410baac65c169bd06ed6cf516e9d289e49cd48cc9c352c6ab992f4104c8e5411b66efc2ec728da4ad8b8a9f052b632516c2e265e5985b9c6352a4ff141b5b","skEm":"017d1ac3449371ed0f117f4086a8a0a7be5eb548f4b2e87203f4becb43e4c1801e07a49cbf02f9872e72f950d525c51f9ea82fba0c45e222b30de8188a7e3f077688","pkRm":"0401c42330bb25c88eace11f73d297f9e59cc8a956e6d3252b42f521dbe61915eb7f99086589fcc31414e97c59f2b03873300638806eaa2a107c25f3b0519ea0be13f50094d6b1ca47230bc95dc5a2a22e37d01ff12fb484f6e6b8ab99171a4b5b59000ed70d23315924cabf790c6c267f40d0c6e1072af93bc529edae30e27b1c2da14f8e","pkSm":"0401a22556675e3a5cc3d1512023a39048491e6609ab1a0dcab6b91fdeb9ea709514e0955be23a93c37c0b8a00bf94fa61a15c27e0af39d8598b2168792d02000ecf0f00c48c856b0998a1d9dac0cedf9bdd694a9a0e2d95efc85362ca563dd0be6c4a1ba140b49f30fd97d9e07c4044fb60fb3784129b3ccfacccaf676b4090484dc98595","pkEm":"04004631acc6884f44ca28527f8e92212709437e53e990cf855cdd910f4ca93e067d7611541b19a4c2c37e3ecf1d781b4838840d9d2bfb64338175802345138c245cec019ac62ab2dce06e584cc407b933e682eb6848611efbc9b6ce68c24d1ac91befd737f63021b93654fc5a8f4ca35b0899f42b78920a2def54f57bfd51ff8059074a87","enc":"04004631acc6884f44ca28527f8e92212709437e53e990cf855cdd910f4ca93e067d7611541b19a4c2c37e3ecf1d781b4838840d9d2bfb64338175802345138c245cec019ac62ab2dce06e584cc407b933e682eb6848611efbc9b6ce68c24d1ac91befd737f63021b93654fc5a8f4ca35b0899f42b78920a2def54f57bfd51ff8059074a87","shared_secret":"04d117f3e55a8cf97884b544a4182fccd747499e785199b3cc9379c2d43a7a5a6c392257cb97e5bcb978858477257a9bb992ac89e9295c7cd8ec29e7de7f9b07","key_schedule_context":"02cb1fc46c5aa4127c3739c63e1b145be49aa816a560fadbe8512f79ca62004b8b45ca75ad4274b4c03e9dbab8ac3a0324a800d89777115638ce77c92eee21a767cdd87b0281e692a99982979c39757078bd10f16f51a609804bec7ea73e6df85d53e5b21081fb76ca400113c07723eeb59281dc77544497e8f8a683106eca75ea","secret":"7a6b0285319846c6d0213647d902b7ca521d1e4683b407b99a4f4aeb7504bd998b1f00b3e5d032d00e393093de99a30cacd55025f11148f92b8e7b8f7c5baf6e","key":"78f10a425764ca95a2d51c6fe88909b2","base_nonce":"3211ef1fea85ca6c115d9c90","exporter_secret":"9a3e8e19d6fc389a8fae4e2ce008c0905233185f3239c9ade248195307cfb583d547c776f45748c72d2a788c8f7754b2693f5c4b229bc9cbebb29c0cf8f118ce","encryptions":[{"aad":"436f756e742d30","ct":"259d273d16006a91072733bd69ff2a683422745d56a8aa5ebf96f3b58af9d51e19366f3d67e7bba007377fd4e4","nonce":"3211ef1fea85ca6c115d9c90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"c8a16014934bebf9dfbdfdd23dabff9fbbae4c421970b378196f0720c344aed7db1b12d8e54c183413bc180278","nonce":"3211ef1fea85ca6c115d9c91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"5c6357633113d51fa2958cd9dfa58d1f16ad376c6d2ef88c695b10ffbd176a41bef2739014282afa277767dfab","nonce":"3211ef1fea85ca6c115d9c92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"14e3a926b3ccb1408c81481c6d839757db6ce7688db71d3c329d8ccd1485f16effd10aa4a44196c12512d0edf0","nonce":"3211ef1fea85ca6c115d9c93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"7e2fe77d75fa49aa46c61a404e8def815572e83a2b6b11241bdafbc1a1f9e409e8ee737359ba26ef79d5f238cd","nonce":"3211ef1fea85ca6c115d9c94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"5ca9ecd3ddf90cd57436eb529cdc3bace438a01244ccbce2e8e17da1d6a5527e855247620f8adc2b059aeccf76","nonce":"3211ef1fea85ca6c115d9c95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"48cad840d72183b5a5ff70cdcbcde72870bea18fc18a546e759b39b4b3d438d294ac64d6c2cd13569be145ba21","nonce":"3211ef1fea85ca6c115d9c96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"10c56fb22e945fed56ade5b9c820eec2000216d1248bd43230df9b32c7b5d50216a33e87474f7bdad2aa612665","nonce":"3211ef1fea85ca6c115d9c97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"f0a07299afaf0a5de687d4a16b650dbfe05e6a54aa849d9bef2c36f7bc590d088eae1b943b2859ef1dbfdb33a2","nonce":"3211ef1fea85ca6c115d9c98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"43b103f689b4b8b0d32133f4dfce7c37a0a5fc8d4f3966abc918109bcd5e4323e8207ffcecdf56f76d8b61d4bf","nonce":"3211ef1fea85ca6c115d9c99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"063857a0cad5d6f7ffde972a3f0f6091011e7dad784e9da4db7cd0beb05242a9e5089adc3d8291abf87fd651d5","nonce":"3211ef1fea85ca6c115d9c9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"94976969ecc9794d8d678cade9ae5e0f4f878c698755386f7ae3e009c422bb19f98371e52a024a20e67a17b10f","nonce":"3211ef1fea85ca6c115d9c9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"b78268a7ee48d3ceb7266afef4ed199f67983bab124be8a9598be67b2f8bd65101d849505a087678f9c0a2064a","nonce":"3211ef1fea85ca6c115d9c9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"eb77ed406ebe19d0803dd4f2874202def68336d43f4d92f7e19453a5c2a2e187c17f57ecb4d2a7562f446184e1","nonce":"3211ef1fea85ca6c115d9c9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"fdaf4174a1ece497ff33ef1dd3cbb49adc0138f5c659952041879e99fc2c83b30be5c04f2f31d5597259a3ca20","nonce":"3211ef1fea85ca6c115d9c9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"aba555125204739f72b6ae199f2fdbe4565404ad00567ee003c9a544129f48cbc3c72d8cb70b1a77b32671568b","nonce":"3211ef1fea85ca6c115d9c9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"fa34f9a4067dc198f23ebcc4360cb819fe69a1edd6c6d1cf8c8c68444b932bbf24e0b608daa96acc2303cad58e","nonce":"3211ef1fea85ca6c115d9c80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"3bb5a46dbdf5159790efd9e295a64f92c6c102d4095d7bac849b6582ef4d91c2c264f53dc3d1e36ae2eaf45524","nonce":"3211ef1fea85ca6c115d9c81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"6fd1145248e66db1e4460cfbf1dc6470c5e7a986ce1bb46bbdd430f06a04a57b107bc918c44f9f7351669226e8","nonce":"3211ef1fea85ca6c115d9c82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"2795d990a76d6acd6ba2fed10e7e2fffd85cfbb75a56d586f3e544edc52aaf3ca38fd696ef7cf92891cd37fab7","nonce":"3211ef1fea85ca6c115d9c83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"f6de6cbf3265b90b3198bdd92842b7292e0a603191656d396838e6106bbf169212d40902a1fb3565fad242c716","nonce":"3211ef1fea85ca6c115d9c84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"2d4cb82251d1747424fc56a055e4b5429143c7e50786dfec56da8a08bfa72d58aca00da15c93bf75af9b20a49a","nonce":"3211ef1fea85ca6c115d9c85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"fb6f05a9d5a288b29d039451c3a0fa6329bf8216a16d445ad032508c250d5f2f098b129e98e98711e35849e713","nonce":"3211ef1fea85ca6c115d9c86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"42be39e80a7c2ec4af605651bed58029464050de202de335023b53821cdd18e2d2ada81c2e5f0fcf14eefd26a7","nonce":"3211ef1fea85ca6c115d9c87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"fbf1471dbf1e0abc49ed5f5e35efa12f626f88295f2c223335473de32cdaa04fbbe0e2b95a4584527d5b87ba62","nonce":"3211ef1fea85ca6c115d9c88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"492432cf1b2f9212f14e556833aeef18284c689fa523bb733f61c4221bf6f9fd6e835f952aa8298dc4d8495b9f","nonce":"3211ef1fea85ca6c115d9c89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"4e5bcb3bf7c4bec7461fa059e1007ce44a48022cc6fce5781d70dcd23e3bce2150ba59f65821a89e94c5c85571","nonce":"3211ef1fea85ca6c115d9c8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"704987b3141f8229de90bb5696e9995e048ae8064c282315b527b8b1eba36c576627c5060792aa7be69e95e6f3","nonce":"3211ef1fea85ca6c115d9c8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"346e545aba935d55df159d9a83022b5e70d5f735a374352f5e66ba4839ec5f74e5b61e000d439c4fa39cd1014b","nonce":"3211ef1fea85ca6c115d9c8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"834c29df6f71bca9ce65e39877eff40cc16c6469e6f2c740f01db29727a0940f989e88acbf0eab636ee6bef1da","nonce":"3211ef1fea85ca6c115d9c8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"9eda627472aafe7872ab5f4ed3347028ae231ec55e2798806cf38abc916d75eb61c02d75f237250a80e025a4a2","nonce":"3211ef1fea85ca6c115d9c8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"1bfd7536720778787d43ccb3a56d498f294cf253a69a498dcfe5d66f99ca53104a717a2babb8c663b8fa8e69ee","nonce":"3211ef1fea85ca6c115d9c8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"00fb4cbb5ff42eac8363fcaf3dd65a9770ee314d719567bb610fdf5b4b8e7e4f5ba24245cbf225b5ba4e21a688","nonce":"3211ef1fea85ca6c115d9cb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"4c2e436f595daa1774abe9ce97396b41d4f497c67c7e59813f9fcdd324ef9edf62cccee4fc27eaddc3cfdf0010","nonce":"3211ef1fea85ca6c115d9cb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"2db16141775aaf55b267b59c3efbf21ec3a8a103a90d796c331b9ec9ccc15c128766b1a1700ae5c17c45af1610","nonce":"3211ef1fea85ca6c115d9cb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"e438d60a9b20563b1631aae2404d3941264f2f253cf3fcf47e39bbbf8e01abf83adc8186e1597957d65c5e4c67","nonce":"3211ef1fea85ca6c115d9cb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"acdc0c3c39a876109300e1a11ef2488ba6a1dcef040c19af4e2c92c42848e5157eb2d4ac79087967a73d40ad96","nonce":"3211ef1fea85ca6c115d9cb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"5dcf6c1b5128acff181a42d0bb380de6060a1b84adcc8b313ddd9b6001c5d3358c03881fcea4f284888c55dc2c","nonce":"3211ef1fea85ca6c115d9cb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"e938726947d673ea2d1e14e40cf0e4a1e7f968f590af93ca5ce05575866250cd4dfeafb3f6dec641b6a01ce229","nonce":"3211ef1fea85ca6c115d9cb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"81443915e94ede05055c29f08cac74646cff2a2d7f1471daa7a2e77af14f7035c210ca01bae7702ab1f88385a8","nonce":"3211ef1fea85ca6c115d9cb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"595c10de13234d9cc9d806eae2f6b3c3ef7392096c1a7b8b322d12457597da5c65f6efa8761c73470f86de2f00","nonce":"3211ef1fea85ca6c115d9cb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"7c1435f9d0a554278679d4626d0c3bd9ff69decc0539fefc68b535cea97425afd7fde146e01db55d26683ad77d","nonce":"3211ef1fea85ca6c115d9cb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"df7b2a6b059ff1fbe5e18a53477cf6eea59f393693e70e62bc3364959235c3f77e071aa6d4454c19818d43debc","nonce":"3211ef1fea85ca6c115d9cba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"5703ddeea221aca6e75b5bdb34aa4c049622ad37d6e5ae04ddbae6c9c1231beb72ec9fea0e6f7c4362fde3d885","nonce":"3211ef1fea85ca6c115d9cbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"13d7d6ec6178c23219b1a02f64ecc95ce34082622db26af445eb445f69cc83b3aecdd600d6497c3e12732fb23b","nonce":"3211ef1fea85ca6c115d9cbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"65902740d55982bbf86ca25a31581a544f7338045a0b87727de289afbb688f8dda6ebee801d2b6b19aae3a7982","nonce":"3211ef1fea85ca6c115d9cbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"321ec5f3907a401ca6ed4fea037cdc821ab992f3476ced2f5a11bf01a0f1811afaad636852716eb50e670296c0","nonce":"3211ef1fea85ca6c115d9cbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"1fe7ba8791e3526bccde5f3f979fe61a384c93e38c7be2040e92c51150a24a43c8ec8e2fa54a29100dc0bda352","nonce":"3211ef1fea85ca6c115d9cbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"54b2559a6f207695a7d8f0e3863901bc4a308d2d55b1f57f55e9e68b941be7c2997e81ed75f41bf601d0d3ccc9","nonce":"3211ef1fea85ca6c115d9ca0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"417d4cb94f8ce0815d745fc21bdbbdd74088a2cf97c05e6c1b69e75a1e912a6ff50fe10f001671866e95c93f8d","nonce":"3211ef1fea85ca6c115d9ca1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"c4942901b30a13c8e7f46e0b53f171349e95a32eb82e56d90a9d8a6a33325a2ac952deb23b7aaa83a73ff2fb7d","nonce":"3211ef1fea85ca6c115d9ca2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"d36f18ac81a186aa945c33f4e44fd542ab39e214013ccbbbfe3ca956bee19f7f690e1325c12643790d77c517c4","nonce":"3211ef1fea85ca6c115d9ca3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"ee7c84f6857a9001fd4ec8f254bcba41c8c77cb2738f1f71a3c4c4c1f1054bd7c53853858f79ef318e769e62e8","nonce":"3211ef1fea85ca6c115d9ca4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"25c2680f2ee167fa4416838067d4099e4ec229da88cfdef93aef066fe70c62f72fa0360eda4958945dde0eff40","nonce":"3211ef1fea85ca6c115d9ca5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"18373f5dd583ce7e6ce644ed6a53f4f36ba7ece735eecd8c0fb194de4fa8130d70858df545a47f834bf73a5559","nonce":"3211ef1fea85ca6c115d9ca6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"c5ceca52bae6937cc5747efd9b6583a55f7bf21f65e5559f50a6c0ff4855c96d77bb719d738717a8091a0d6fdb","nonce":"3211ef1fea85ca6c115d9ca7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"209a12f4227d4c63643d15b25fe4baaa06af55c69f3e941a8f52280abcbea2a8b13ce712153dd3abbcb3b3394b","nonce":"3211ef1fea85ca6c115d9ca8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"a61772051870e4bcbdc33ba00daa5c3e3288e8df8ed7871c93d3bec59a6abbe62d8533166f2bb871db57e38249","nonce":"3211ef1fea85ca6c115d9ca9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"4dc138e32d4d3552e5998616c0fddeb13846b9823fb0e915823a85ab338e97c22313fe5a008dac5e79699c3b59","nonce":"3211ef1fea85ca6c115d9caa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"93e64c52f1230ddda95e691258e15d7b0e6dd0141b194952ed63063e0e20e2147c52a241c5b231176dfa9f8e1e","nonce":"3211ef1fea85ca6c115d9cab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"5f613d4ec1e35f88f1ac1d0ba5f1c2408151c1ef583da1b37b55645ad91112c3e57b79f57ebc16de934064be99","nonce":"3211ef1fea85ca6c115d9cac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"14679b9db5c191f590b18294fb983c22c027801ff6f96ab3776b137a49373c3f3d4366ab8379231743654a42fa","nonce":"3211ef1fea85ca6c115d9cad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"838e2411756c3fb36441540c22f2950be04e348c3c7a8d4690ef155004835571b7279057b9c586486471a24ee4","nonce":"3211ef1fea85ca6c115d9cae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"358fd266e46ac95f3c4e3ad26fddc200a3d64a5dca1ae7ca85946305d3a69cb6a28a9aa7139c18b92fed6d6380","nonce":"3211ef1fea85ca6c115d9caf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"654301ce45508cefc3941defe0413f2acf5bac9c69e5b44ed64facf72adf6ecad4580dc9fc03ea6b472fdf0a8d","nonce":"3211ef1fea85ca6c115d9cd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"2c828cd83186d4aabb3e519e120795241fce8af792bc2317385d30af3dc8afe5772a3ea67c12340f62ae816827","nonce":"3211ef1fea85ca6c115d9cd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"f7b6a13a5b65df38dc78240680f74dcb0870f513159769964c7ff21e36de068d4c8e4b0e68461799e6eed0e5ba","nonce":"3211ef1fea85ca6c115d9cd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"b7aeec150d540bed6f5d0c00cc1caac292fd86d83f0b01a14b65a4c8e0e4b5afa5aaa86f618a2e127b2cf89429","nonce":"3211ef1fea85ca6c115d9cd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"d7349700c2ad30a788485aed9dde59516434a6814af85eecda813717776b1cbfc4cd022d658f492fae690a743b","nonce":"3211ef1fea85ca6c115d9cd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"c3ddd55b7edc122d45a9988b9ac59df8b8dead50d39cf0cb264fa68b059fdb0560c46a0572f78c2b68848da6b0","nonce":"3211ef1fea85ca6c115d9cd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"00c197c11e859e386c15fba3c822d1bdef60497f940b04df8e5c08a9aada0294ac646766cc2b3aa95f0fe47da9","nonce":"3211ef1fea85ca6c115d9cd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"c5077448aff6885dd0fbd0969cc0ea08abd2875e1ea1af5777f5036eaaf77c022ab544fe90fb9d7599ec4d3171","nonce":"3211ef1fea85ca6c115d9cd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"a42a98ac8f84da26ac756b7bb99cbfea5fc8ae99df04d7d30b87a69f8f8bd87a47cd6128208af649b238407948","nonce":"3211ef1fea85ca6c115d9cd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"1f2082c3eac0387bc844351e30016114ca6168d01309c0878a2ef18aa8bc040ea8fdda65f8f96eafe84f4b2f1d","nonce":"3211ef1fea85ca6c115d9cd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"bbb4d6f7173288a04fd56123a0cd2905373b1b46cee07d10e7ff4a73edc2d2f256c41d606ed0bdeaed5f3e1ea4","nonce":"3211ef1fea85ca6c115d9cda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"707a366156eedc886e644ac23b9525252dedc582bddcba063bc4bd9633abd1f97940a6fc3a3167657b5dd2e57f","nonce":"3211ef1fea85ca6c115d9cdb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"09b3cc55ac02b5aa35f7b70dec47a5a35b41a70bac0a9b029af5229742380f2f8926d371f1ebe9f712e308c3f1","nonce":"3211ef1fea85ca6c115d9cdc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"dc4f0f6313835bc0a0ff99e0a3078bb30d5055d1fe905fe3f94439337e83e475ecb51ee284747f457e6bef75c8","nonce":"3211ef1fea85ca6c115d9cdd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"7ac0a1e216493b94c579c435efe191255d56ccf7bf969e303b2803574fa32a93ac2035d4056bb317c8d94cd4ad","nonce":"3211ef1fea85ca6c115d9cde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"c2091c48dc6287c7ac8dacad7a9df9d9a9b172f0b9c3b53f43f0eba0f6fa3e3e3c4cea8457234e78340a583bb4","nonce":"3211ef1fea85ca6c115d9cdf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"eb9ef98a354b9ffe7fe6f03f04c14fefe72ba12f9af27e9771481799d77f02be3f885cc1866cebcd78a2074d79","nonce":"3211ef1fea85ca6c115d9cc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"1bf6b4ec7e4b156332ff4688d612de16b702a2152e7baf13023ed42800b26648cc7cbac8e043fa2f429608f4eb","nonce":"3211ef1fea85ca6c115d9cc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"313f3f9a10c100613563d7b9090052c6319bd6d8e0eedde193dfa50161da0da1d3feb452a05e3bf75cb7ddcf76","nonce":"3211ef1fea85ca6c115d9cc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"46fbf70fcaa1c4fca4f85875edd9dbe5c5d42c6e356f4920c4234e121dfbaa72e7cff53b9a9b58870c375568cb","nonce":"3211ef1fea85ca6c115d9cc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"ae73d2754d1b47adcf1045b2cb53ab08ace3f416a8358e80d95c6b6521bdd8c570fddcf82d6b902591ce93262a","nonce":"3211ef1fea85ca6c115d9cc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"c9c54590d780dd67709d563a4e199fe8ded5fd889a91dca319e44261a38eab89270ef624ab1d9f023cb6941283","nonce":"3211ef1fea85ca6c115d9cc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"320f3675ea7a08ccc3faf98d4225b7c53120332eecbadaba1f7dd5357ca8c7e13a4ef078911ca36de961be0c35","nonce":"3211ef1fea85ca6c115d9cc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"5a1ecc36887e4d0071689ec15dfa63702f0ad9f214fb2cd00cc96be3ada9b8b9ece1bfbebba1c3676ef374b33b","nonce":"3211ef1fea85ca6c115d9cc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"17f4e8be71259f6926e0568533a2651d8e40b89a759de4d8f4250d1f1864b133fdb9848dd2437a87148e5f1bd5","nonce":"3211ef1fea85ca6c115d9cc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"0ab8c4abe682733c62204d0c523a57522e18a4d845db90d42a59ec5c601cbe38d2bd7f46d477f9ac05b4ca688e","nonce":"3211ef1fea85ca6c115d9cc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"333c019ec20bb83ef8d25fcc9b74da6f5b18d291c60790c40b340f6f45afb090f546a69c38b608d6516c62f7f7","nonce":"3211ef1fea85ca6c115d9cca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"6b069246cea474b47365c5d7f30e1cfcc2df3683c02ba2ee18fa07ad26c7f29600d3c10ec55c97e3ab6af30df3","nonce":"3211ef1fea85ca6c115d9ccb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"c88944aed49e316b8e96111c53ba47e2889eeffa77d8152e03e945ef58449478273df57d3d8fb97508928a4702","nonce":"3211ef1fea85ca6c115d9ccc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"6c0c2a2a545439f66cf4fc0667e1eb237bc267893b9d76159a818d5047a5782a82996e9caaa1af3176a8021515","nonce":"3211ef1fea85ca6c115d9ccd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"2ddf38469053037a4917a62de36dde446559d81507216dc2501c3e04b5b55954084997f1bed4626ddca803acc6","nonce":"3211ef1fea85ca6c115d9cce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"93f87e077312c2bc45fd59219c29728ebdacb7cc6b8e45e3c0b9ed426cea4e69198b0c9b098f2f6546980087aa","nonce":"3211ef1fea85ca6c115d9ccf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"31ebf711c0732cfc5d8ef76f83b43d24294e9a3906d709fcadc19174dce33a2f74cde5b83a99d76cceb7dd6ec4","nonce":"3211ef1fea85ca6c115d9cf0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"360d3fb932959c9d7b79d4fe48693bacff83792141e894ce21b6a0b73a4d236edfa1a16e7f0980c08613c1f221","nonce":"3211ef1fea85ca6c115d9cf1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"d08220f8be1ac89fb406a4809ad9d37967f32b3ad5694f8e40cd541f22230ff9124b83244fedc624b901ca25da","nonce":"3211ef1fea85ca6c115d9cf2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"abd1daea55a469a96da537090290b443c3e5b5a14109873676e47e73eb60a51fd5e75e5ffb67256990b95b6dea","nonce":"3211ef1fea85ca6c115d9cf3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"3ccc989c5e414d77fd7a20d04b0e5978c59b5d4fa580df68ff7fa1f26908bfd7483a9755a5b298c1f6c1dccb76","nonce":"3211ef1fea85ca6c115d9cf4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"681f63e06b7461b65c5938faa7a7bc5bc7fb8edabfbd5f104ba7eb0aa874958773ee8b825b0a9be0601e509082","nonce":"3211ef1fea85ca6c115d9cf5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"f5671748c32c17183b67d5c49a4a255f6b9e4774730ac187a9fcbba67a1580280cff28f9de39ff8f7455814c23","nonce":"3211ef1fea85ca6c115d9cf6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"e963398db953fc2a21919c09f79f6fcd803bfbc68de4dad98ad2ee890d46d47c2e053ab2ad30df756a61d71546","nonce":"3211ef1fea85ca6c115d9cf7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"7d65ae0c8587fb7eee493a93d3d6b2f394d285a05fe456bdad55a60444e594d9cf6427f80356a2c8b416ca7ed2","nonce":"3211ef1fea85ca6c115d9cf8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"3f49e14949aca0e54162b63b1c4a9a6fe1f0c75bc6ec969d86539046bb029e3646aafe1b9de496874dcf8f13f2","nonce":"3211ef1fea85ca6c115d9cf9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"f5b482f27b61c8dec25921056a94f6de38bf19537268a4532942865b6c21ac70bded8f3b9f6865dd6dc7413b6b","nonce":"3211ef1fea85ca6c115d9cfa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"14af17c23b639aca9684c9ae04f5bf9a1a5ec7a4214429686e0fa970c3ef168de6fdf193e9063c5a4f7b2a9cad","nonce":"3211ef1fea85ca6c115d9cfb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"a38e1198b43de927fc216d63db1db7dd4e492e41e10ccf8bfd687984d9c73c5c19454ebc520748322674894dea","nonce":"3211ef1fea85ca6c115d9cfc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"c08329a66439d2a0f1c9cac680a8e6d73564eaf4235fc7d3ca62d87cb3aa624895848f4333fe6df618300914da","nonce":"3211ef1fea85ca6c115d9cfd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"2e6771b03590832327d5c4dd888fb9c783e9306a5f6a34743198d5bd13e386908873551ce0720852ad8a07629a","nonce":"3211ef1fea85ca6c115d9cfe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"71a32ba17062695d4885305f5a3796852fdeab04bfffb30e746948a5083ab0416268c889121d3dd4cd12cf1de4","nonce":"3211ef1fea85ca6c115d9cff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"01c6cc91d0fde45265f9a7c3c7862f6bf2cab5ae50a4de13b5a39040ddba8c3d3ae796c81edf4720df29817088","nonce":"3211ef1fea85ca6c115d9ce0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"48ccba75c72f82e33892e89a637cb2815babe99c555f76bd10365b09805f0d1e428e29f31e2722a48958d39843","nonce":"3211ef1fea85ca6c115d9ce1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"cbe4ffaf6f70334020f8b00c6dfac0ec5a809ef29b72769e0804e3e04262047c315959b4d07d73435fa4f31e98","nonce":"3211ef1fea85ca6c115d9ce2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"8f60df1f9a0155dd3ac822caa1e5c1a0691b671d39ae781efb94fffa6b77171ce0d994f498a8a0bd3b5d928e87","nonce":"3211ef1fea85ca6c115d9ce3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"22d4f0fd348ecb01eb8ee5cca5c8d5672bdca052d78017a634972f9151621e20de0b7be9f055590a28d336f8d7","nonce":"3211ef1fea85ca6c115d9ce4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"fcd43265ce18d7492dc1f1aa476fdc3f1a4d9161224aa27f471fb041e5979d8c51a7774d9aaaf41f81f35b7f4c","nonce":"3211ef1fea85ca6c115d9ce5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"8afb9a5583a62edf00b3f7e574d70191daa4965afa035c2353253848f0b719fb96df40b0b968c983f76100aa37","nonce":"3211ef1fea85ca6c115d9ce6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"0da9450a69497a2fd8d180728ab63f05192d78b84593d9d354c84dad49d1f60f1811802280bc80725825d20521","nonce":"3211ef1fea85ca6c115d9ce7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"edfec1a5ae46892568f0c263b4d114a988f9e96d19d8707bd8bf71099bee2326679b46c0ff3a1c7c9f7e727e1e","nonce":"3211ef1fea85ca6c115d9ce8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"42d6b37b4f60098ddc2cb674c92f23dc1c9756436246dd764d2044c687e9a628e9233e72d115925bba936cc711","nonce":"3211ef1fea85ca6c115d9ce9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"9adc8f108565742fc43993f71142e180eb8c454434dd0f7a479eebebb6fc835e12d3e6d469bfb42ef1dd1a0366","nonce":"3211ef1fea85ca6c115d9cea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"11c5ab1c0739866ff5a5a260c38b3c414e4f5df674aa344ed4d3449e9ee50dd3471783045faabb9c0746dc1f5c","nonce":"3211ef1fea85ca6c115d9ceb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"c0d6c52a0c9616cbe70259c612bfed4dd1ee9b236bbcfdb2d6aa8a4780971c85f29a6091a0c767f533ad09c92d","nonce":"3211ef1fea85ca6c115d9cec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"fb4b3ff4fa79dbfd7999e042eebd425b3aa9e247692e7c6afda18994e7ad76d14242f493f0113214cdcec59b0c","nonce":"3211ef1fea85ca6c115d9ced","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"c15591374e07d186c9e15bcbe4915caea29cbf40f370aae0d6bc1d176575d335a6d71a50f44fca89c1ec8dfafd","nonce":"3211ef1fea85ca6c115d9cee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"f66cce7fbdafcf58b494485c8d9995d79fdfed8f9aca57585582163e3e3f4ae7142312ec433c133f0d98d7433e","nonce":"3211ef1fea85ca6c115d9cef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"a0a7c5fcec3560b00856d7a63245eca9ff5ae7aa031f71682d640c54d542e80fcc47c5bc5a8067cc45aea2cb8f","nonce":"3211ef1fea85ca6c115d9c10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"c199e8e138cecd82ff11d3803788486203c950abb59768bae3f833e019c27a1bf4a77db18cfa075ec0b1b181fa","nonce":"3211ef1fea85ca6c115d9c11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"47c865c4fc7b75b1fa50a0ab0da0b05f14d34ec95eef720b65c24f5829c6d7cedde477c22f418bf1e76a813093","nonce":"3211ef1fea85ca6c115d9c12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"06ec8ceaef6fbe7b99a3e09dc8737f71f9cbff46a3526a99ce39d587777a0320cc8d727d8f6c3310bee21c7a79","nonce":"3211ef1fea85ca6c115d9c13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"e262feaf97b5eb4fc68523d26f4f263dfa8f186380e05bf1e141c1f916516da5838982f3aad0c2f502bc2e50c4","nonce":"3211ef1fea85ca6c115d9c14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"f3351d32aecbfbfce35dd9439e82af6342c8ca040c7ab66d60aa4707faf807c9bdde668d79ca0722e28e6262d2","nonce":"3211ef1fea85ca6c115d9c15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"1becb0f5456aa7abe041aa77602aec119705c31ad629fce404d894d0f01755d02e1d54068b6358cec716521922","nonce":"3211ef1fea85ca6c115d9c16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"e836884631464a8cc377b63cde19ce7cd3bcdcd4b3d7814a43c971c6928290ab51422bdd9f4181100293d46847","nonce":"3211ef1fea85ca6c115d9c17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"0cb2ebdab6ef1fd564e40cab0250f435c1d78fab1f566b171d9c441d1fab50e1d4b04c22bc0353e2fc6c432545","nonce":"3211ef1fea85ca6c115d9c18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"a97bce6544f95e2cf3a9dd3f8e5f60b7c6ba0331ceabfd41d4983260b8eda861c944b6713f70977c3c162338e5","nonce":"3211ef1fea85ca6c115d9c19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"536ecbdd3600a662476fe8c235f4cefc2b6cf965b6c5e168ea3630f7d6fe8cfde8d527b9dd836debd33fee8874","nonce":"3211ef1fea85ca6c115d9c1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"242e2ce1d6ea935b66f5afbbb70da1610c4f68114cf1a563aab7b02069494bbb16e6247d3b559fbbce97c0f8a3","nonce":"3211ef1fea85ca6c115d9c1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"3318a0b8898a2c8853302df766a35952a480a882db1fd949ddaa6ef5dbfbb1ff02b4bb3144fe1c2cbc4657d67a","nonce":"3211ef1fea85ca6c115d9c1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"93c528fe1fec3fca9475031c28ba56dc85201fbf316bfc6fcb3e94360eeadde7cafd78637fb92741e08b2ff883","nonce":"3211ef1fea85ca6c115d9c1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"79d27f0ee5e1c2f383c6bb68fddbac8e5c146fea070abbcbb97c83353875608358b8443d2c689364fd8a1d473d","nonce":"3211ef1fea85ca6c115d9c1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"aff73314b64a1f81e316a5f684e8800cd3f9f404d26e9ac477099a9a77587e01707eee489def536de2550cd41e","nonce":"3211ef1fea85ca6c115d9c1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"e336205932fe70b3177c1b18a6160e8132ded107a1a8076d7ff65592261c8d29ab4f71372e63a611e728e094bb","nonce":"3211ef1fea85ca6c115d9c00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"6fa4cef2cb15fccb5b0a01b7706e809c63c267b30e159dfbb12ff256af192a24cb1ec968706dc72b60ffde21ed","nonce":"3211ef1fea85ca6c115d9c01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"fe246650604548077503d40c6230a6f316a5cc3f585d46997cf8b746001a9957cb0f9590af47e6e0feb25d29ac","nonce":"3211ef1fea85ca6c115d9c02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"a4b6d3fbb05a55298bf8f14de52872570344195c012e160f2e24c02fd1d004c5de7b247664931da36b23928813","nonce":"3211ef1fea85ca6c115d9c03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"67ffb6e23bec3cf0c9a39167dd3e7d1a5e1f13c468dc22f8f6bc56a8b2fdc084406f8cca4e4aede997c7b9512d","nonce":"3211ef1fea85ca6c115d9c04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"3052723e453d71b7c4f629845fa15c129251196d6981b8af8b3b2670078c3d8c8763f4672f2990b257df12b9a6","nonce":"3211ef1fea85ca6c115d9c05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"996f92e22645f59a613a67c581a180ab0a3e198ec58d727823a4becef054a0d49f8725d41ba96c1a3a0b9624b0","nonce":"3211ef1fea85ca6c115d9c06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"a9cced445330745848d2d6ded1a85cb7a02e473c87f2f22fa7d310e7ae33a2390682f096d44438afb50751aeab","nonce":"3211ef1fea85ca6c115d9c07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"818ae7bbc1e07c6876dbbbe4f1e233b9f8267d0b691c56b3df625ed8471c9d6975c64638035254a30d83730305","nonce":"3211ef1fea85ca6c115d9c08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"cc26f4043253bd875e6b03ca10fa5a2674493b53fc9b7a68c0cba7a0453bd4a364adda86e95f8ca539c9641897","nonce":"3211ef1fea85ca6c115d9c09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"8f764e2c819e73ec239233b4d3cc84f55195caa145c9242d2877411b75625c25b109dded09b7ac275fe1535bd9","nonce":"3211ef1fea85ca6c115d9c0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"3c9a772c53886d6be9f3b18637008a15d7c32e5d1c5410cf5a59b4a84978259ec8e9c218c4bb59bfe0fc676878","nonce":"3211ef1fea85ca6c115d9c0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"9da52f07088f442e3856e467cb8d622fc584119c3ca7f732bf7c909a0b642de0ba1329715b981090bde942d46f","nonce":"3211ef1fea85ca6c115d9c0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"746aabea36e09bf6a3e09f4ba6a2331044773c531ff7d8bb349408b09d07aa2347ccaebc7042a9d31b4423191a","nonce":"3211ef1fea85ca6c115d9c0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"27d884afa16c34e5dd0a282f441c552787ebd818fd192315df261aed8bca67c4d298a580a750043ee397331d5e","nonce":"3211ef1fea85ca6c115d9c0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"acdcd6c601c5ec7723655d677e0d09bbe11c4de531adcdd407d94a675448cc0da83b76cd95ff6eccbd21dac583","nonce":"3211ef1fea85ca6c115d9c0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"ec789a73b7f64504be59f3d3544cd03f19a2a5667851290f78419bca8011bebe372117c196437e75ddaf331d55","nonce":"3211ef1fea85ca6c115d9c30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"fb399a49077f6d320e50f864cf7768586c11cf762e6b119b1618f594dd40a2cb08535c536c8aaf3cd45884a0c2","nonce":"3211ef1fea85ca6c115d9c31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"a991ede0a38f217e5aee1febae4f0a9fda480d301c22fa36c47d8f0266ce391e107456fa7b8137918068c821c0","nonce":"3211ef1fea85ca6c115d9c32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"1c4327ac39258c28dc8e45af92c51d20da7c27fee4b65bc053eb00f3fc4bde431ad7ce52f8055b9b7597cb58aa","nonce":"3211ef1fea85ca6c115d9c33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"5a8554f66ffcea054037bab0d92b6059d256f9d89f2005155419c318015f3dffc8cb247a7d6179af678baa3342","nonce":"3211ef1fea85ca6c115d9c34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"263fed36b01c7e341c99394c5d87faef05ab314f92ff4b37bbf70a3cab40dcbbd2103f8d5f0dd6e47ad72db8e4","nonce":"3211ef1fea85ca6c115d9c35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"923b08547b98e2a04b942b778b634a137a065d8520372e4bd94a4a0a17f60d8e1911d2a8c93f394d8f9302953f","nonce":"3211ef1fea85ca6c115d9c36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"e0c0a3ec4ce1fba303ce88f740b55693c5fcd2b6b6647a948b472958cfbdca9fdd5493b80f9d53a9658a9c8480","nonce":"3211ef1fea85ca6c115d9c37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"ff076b16926a4e91b26f626fdbc866b3a8940dc26c7d924635fcce2b3b98e84b0bbf493503c55f26cc0abc42e3","nonce":"3211ef1fea85ca6c115d9c38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"e61ddd8ee883d30a72322ae566334b150e62863cfcb40abdc03982717750c62ef635cf6bbbb98db01d2bbf78dd","nonce":"3211ef1fea85ca6c115d9c39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"824d2665cc684b80864f028617b7543e68f227b59c713aedbfe0faccff8671a5e43b94e8fc0b1217d6c3c51d65","nonce":"3211ef1fea85ca6c115d9c3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"b023aeadcee0ed378277597a1777cd60bf4cd51cec77728f903ad43fae6bd14497a404c2921a8eef96454d4c83","nonce":"3211ef1fea85ca6c115d9c3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"5f07c5cf0e40668a9d6a6a1dada496dd8ea0d2b8cdb1996304e2dc7957e4f249f3e64b5bf01ce378a2b3a31af2","nonce":"3211ef1fea85ca6c115d9c3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"5a22f026bff9b21ebb9d1d2a81460570e704cd449e09a489b8762bfafb8c169dfbb5a72f2073c1146082f5a92e","nonce":"3211ef1fea85ca6c115d9c3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"3d5e13131518695c25bff67b5b2e85a94e5aa1e22f39445010ed3c9aa9597c3bff01212bffc1db63c2b18776ed","nonce":"3211ef1fea85ca6c115d9c3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"263b579a7e6595181720b2ae9d26ec272c56ea15bcf1602f0050125070bf13a150765be98bc8565ef35e27da99","nonce":"3211ef1fea85ca6c115d9c3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"3361c34591482dae369d7b9a9f99e853a966b45091ee7463ac517a8fe512f4ca865c27a7d9fef5b6d51a5fc975","nonce":"3211ef1fea85ca6c115d9c20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"5676a1587656a72600368380242f0dd505ea42ff52e86da91e329f312add1633a80467a10feb8573f3da2e37c8","nonce":"3211ef1fea85ca6c115d9c21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"6e552ff36025b9583ef88d12731af8b636134004f9b4b35e7f2deb456227db418bb7e93dafb6de9734fc483604","nonce":"3211ef1fea85ca6c115d9c22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"c1bd3161bcd8aeb1e5f2975cb989936bcf0571712cfb3d8df62dd89238e086ca9bf83615f1127c891f17b88a3a","nonce":"3211ef1fea85ca6c115d9c23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"91a6d66e995101dab873638b773c20c27f40f5c6957c83619e16de923763f251a9242e52c1c9b4214398827bba","nonce":"3211ef1fea85ca6c115d9c24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"ffaaec3f71d95cf9da5c4b1acf2303ee6e43c708e4f663b1edeef76afa5a27fd46c5d984d7337e1b486538042f","nonce":"3211ef1fea85ca6c115d9c25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"427678b6cc52d064f502158dfec1674879ba6ecb829da687b9b818827b67d2cdbc1e8a928d5c5603ee922f7c2e","nonce":"3211ef1fea85ca6c115d9c26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"7ddd98a5a0930ae227a693f470bee4f8a49b5e9dc0b27df9772f1ba04ccd1a27fca93a223466e140d163198edc","nonce":"3211ef1fea85ca6c115d9c27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"40da4e349e7ab05ae2dbc5e1f2372c56ae3ad50f5e5c0d628801b86c57c3c8c759c443235a841a9028ed2b3ee8","nonce":"3211ef1fea85ca6c115d9c28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"9b36722414859aeae94e45ed79719f377cf67fa1588320190ea26a9a5c0e10ecbd37e0ceb928945e7e336ce074","nonce":"3211ef1fea85ca6c115d9c29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"2d3a1aa4c8c4b4d34296d8b30823a5ac32f2f1e9b62d5c0be46a48bd098cbf6bc19572c364984952a6abf759c8","nonce":"3211ef1fea85ca6c115d9c2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"3c3dda882aa00ceea404a13bb195896151d642727d9ab3038d04578c94f038ba0f105ab7fadf5e45b1a62abe6a","nonce":"3211ef1fea85ca6c115d9c2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"3d6a7e8ad701f4dc08588483017fe2bec9069de2fe1bea045b47ce2068efb76637b8e6f73850ee8b7fbeb2493f","nonce":"3211ef1fea85ca6c115d9c2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"05b13295722b2fba15bcde64dd5fbab87c53b5a5451f739b19db9bea80be8abc6164c1d354f264b54843b64e37","nonce":"3211ef1fea85ca6c115d9c2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"c54fb2b907aaf179e97a8c663e1ea2f157ccd04fd6f34dacf083c3416c1ff0b3ef3b5fb26c9ddd66f46f7cf558","nonce":"3211ef1fea85ca6c115d9c2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"b768afe82194c1940d119bc088ef3c63ab91399a84e0cd896f0e7bf93610735244a640d95a7b6232b30a872c71","nonce":"3211ef1fea85ca6c115d9c2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"0c9b7999d747f811eabd373addbbd1fcaf6ee13789e015978edd96927ed59f16af15b8786065017fb5f975a410","nonce":"3211ef1fea85ca6c115d9c50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"d40fad5f69da1dea85cd03ccc7dbac618b9d9e20f5eeb6cb83dc628cd1375a8830ccbb013b1445dbf4a62df601","nonce":"3211ef1fea85ca6c115d9c51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"684f2201d3bf492ccc492b78e9c7e04f074c8beadb69b152e4dbd6d20c620b33582fb5a7d1e0a831d68245fa6c","nonce":"3211ef1fea85ca6c115d9c52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"b4f28e4abe9f635d9c8e275ac20307d3f4de0d62f2832810f52671d3af03537c6e6c8feb4a4d1b8e3dc2a0aeef","nonce":"3211ef1fea85ca6c115d9c53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"c468b0bf39715024a3e6cb0300a8f40bb8887627a1c2aa387a8c85f663ee79dfac157e4973cc711bd207895cec","nonce":"3211ef1fea85ca6c115d9c54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"d467f1c16dc48fb0cc7faa310f93d86acb6621ec8f63ae6077d1723aa21e6c86fd9cf8df26288313a557f82689","nonce":"3211ef1fea85ca6c115d9c55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"301d1c178436d7415c6374347a5621b717d444503f8d53cf31521e33a87b1e489f0e3113999d9df0b57b0c6cbf","nonce":"3211ef1fea85ca6c115d9c56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"6eff0649f6a078276ef4d29d6ea5a94f3ecf22dbe700a832b6d152676214efc2588609f22957128a9e03579179","nonce":"3211ef1fea85ca6c115d9c57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"9f89718a3875ad12f73f945d49df01f1132756baad621b6b4a5cf41de7f4df12eb3652a46816fffed1ae8774d4","nonce":"3211ef1fea85ca6c115d9c58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"0dbcffbfddbe30088491ed1ac551f8c6d5246a391c34e846c52b55969b0be7e9620102ea1e3dc65e11de2469b1","nonce":"3211ef1fea85ca6c115d9c59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"7845be275a83093a2ccb51ad1bd49a9904446145c9092e58614aef1dc02824b4d4c67b5e7fea3f12b9387b1fb0","nonce":"3211ef1fea85ca6c115d9c5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"7bf43fc0535bf0f3a465f90f94946df75d958dd7aea69d51dca53e42aba579a804693f5cfaa54097603093ba7b","nonce":"3211ef1fea85ca6c115d9c5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"fa7cedb7bd542330a7b1c021a388038ceb4c2db789b95fe4f1a78e24d094e7f76e878ce0f6f3c8875642144268","nonce":"3211ef1fea85ca6c115d9c5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"8200b80b1c4290b6106ed85135b52200fcb9069edd4225f6b6832989383653dec4ae5d5f3a9a6f8218e7e0ab5f","nonce":"3211ef1fea85ca6c115d9c5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"0d6a7d6758c9a5fd877f5dbca3fe3727f4e04347475ad673e57fb6b84bc4f4e15107d2ccdec9f2d4ca02608dee","nonce":"3211ef1fea85ca6c115d9c5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"24b295a111f4fe38ef53e10bc18fdd46cf84ffa38f90848188a12e4db60c221589f6ba68958bb07e38d4a8b1d8","nonce":"3211ef1fea85ca6c115d9c5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"7ae1faf7b3bd47e5cbfefb186a5f50178c3ca3e33dddf88fdddb1f7dff0bb5857c9b8207bcdd2196d989873925","nonce":"3211ef1fea85ca6c115d9c40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"1db504d7b08a0eade6727cce59ce325b7dccb30380c97974086f294b2908122e0fc2ade8022d4eb9c9a2d00768","nonce":"3211ef1fea85ca6c115d9c41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"341bdc59dfe3f7889b6c56909e8e2577261b1fe0f9e38efc150042a1675fc241a2d4d724bda72e106efbb77710","nonce":"3211ef1fea85ca6c115d9c42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"1192fa91a856dba7724676ee187ca2c3a083f65d36db9aa3b8651c500a4535fe020358b99fc060d166a94ce610","nonce":"3211ef1fea85ca6c115d9c43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"1606ff92b7c1ad06635f17abd4cc5a5c4a30dde563645a79ee0cab7e9421e671ba2d468a5df98628e34df3ecbc","nonce":"3211ef1fea85ca6c115d9c44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"a1fd2917901e51eb3de9d71c1c72319a33bf1007a2b25b14c53a81bdc19d59634b95af8ee3c58f5a92a7665759","nonce":"3211ef1fea85ca6c115d9c45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"7d8d9cb53e6d3eef147404ff1c613614cf823aaf7192258f9a01485e62ee6c6bcb981342b53893b1d89011069f","nonce":"3211ef1fea85ca6c115d9c46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"831064cc8a36968d84135691c5f72271c54c0a018c1ff53211f7160186540126475dcb7a83f5349a0751c00efc","nonce":"3211ef1fea85ca6c115d9c47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"aa32c3ae5d8e5a8983d11c913ddde3f686a57fe76b0143621a7f750fc047450b80219608ae6e824a705be98f8c","nonce":"3211ef1fea85ca6c115d9c48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"2a9b6e0a1bcc2904152a6deb8395b385bd5e83322f231a4fd3eb0d942da6a9b7e31b3b62e3ac42be5c46cd89b6","nonce":"3211ef1fea85ca6c115d9c49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"7d0a3fef06b1e7d600ea0c39896db1be7910a17ffd8b16b079d8474aa1b14678e36f15338fd870222f19f69dcf","nonce":"3211ef1fea85ca6c115d9c4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"3e787ab9deefe64f2e141efa42404648557e188d22a8bbfb0ea2b7b2114f94f62d026d4aedabc095016300fcd3","nonce":"3211ef1fea85ca6c115d9c4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"5f6fea27222ba72a00dc1d7b92d908760485eb55534dd432140cadf34d120cabf38ad818e7cf67017899126bd5","nonce":"3211ef1fea85ca6c115d9c4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"15bb7d2f86e2a5b5b4c9aebdd197c8eb113d27483f929a4a6dc56daaaa7673b203dc1094ed623d035282e59e01","nonce":"3211ef1fea85ca6c115d9c4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"232820e45bcddc4a8d801ac03dfe5a243a4f343de550437465a9f6d8357e943893f52a7f0dccd66df5bc77dc18","nonce":"3211ef1fea85ca6c115d9c4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"43af774764e172eccf914cbdab09e814b0b1685fff3348afa5be97f609ce9bc49a551fe07d30af6a5dd4ce19ce","nonce":"3211ef1fea85ca6c115d9c4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"f1c606e0b4159d4da8d00e7cbd9f0594024c25427378b491a486e1e0d72285c2e57211f30ebce69b37d042eae2","nonce":"3211ef1fea85ca6c115d9c70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"dd0ea0c60653c57ff5b2f4d786b718a59cf162bf7804fc4b56bc8b30152f3f65f624ac9031dd58079242028f11","nonce":"3211ef1fea85ca6c115d9c71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"369ba6996dd40e19a98df7f80022e53377090837b20e5cf95bd0092154cf6bd72bac69046ef37d2c460d181246","nonce":"3211ef1fea85ca6c115d9c72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"b5d6ef6d7bc8f5c6ff17c1a8a23a2d22baf79f6789560dea6307a8ab51bebff230ff04fbaadf483d41b247d016","nonce":"3211ef1fea85ca6c115d9c73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"db1bd287a5cfa9392f5fba30781eba2c76c875bf20cef00890376852e6c3527a6648794054d96ca0314ff2589d","nonce":"3211ef1fea85ca6c115d9c74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"0357148763283cc2858ff1782ff251ae2a9631b22633048845521b23b013075cd46a3d097a88ccf0e556f4af17","nonce":"3211ef1fea85ca6c115d9c75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"fe92ae512ef629935d17b2144c343e13f92c4c969e21931da045d2eb90f8cf7ff79c2bf286127a5ea7f7054835","nonce":"3211ef1fea85ca6c115d9c76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"be128cf069910d9dc188d9b6766119e6de7866fefb187ecb7db4701da4150ceda9acba7cc691795dfe00ae17db","nonce":"3211ef1fea85ca6c115d9c77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"d883333db3ff540cb43bd22e2d9bd637086394e9fdef3154b9a8690e9d4eabc9a8c9a00ca284f7884d718b072f","nonce":"3211ef1fea85ca6c115d9c78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"39270d8c71257c5ad74497be5589271584dad6876dbd793e5480b9a468a5328502d5f6dad0be8a5c50d49e9d58","nonce":"3211ef1fea85ca6c115d9c79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"dfc7f925689dec9f69d4c6f03ec01db1543b57c8d711730057d0a52839325074ce013f1dffb74ee4d990cf18af","nonce":"3211ef1fea85ca6c115d9c7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"93361c0c7307cd332f14c22ea8e6913ae89161fe4356cb5d065f5080ea480070be4d0b2bd56007a1b070ca6186","nonce":"3211ef1fea85ca6c115d9c7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"d0843486cb7c0fa089efe9f13a5e30968402d692d423dd100dd08d12f85c75f309eea0e9442482e2582032582a","nonce":"3211ef1fea85ca6c115d9c7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"e0b73f048b910889c00acddd734a8bf4e3ba18e9dbd117680c450b9f818d48e4dbe411d976d7895ab7135faeaf","nonce":"3211ef1fea85ca6c115d9c7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"b13689c3a1ea1b24e93ed1d534bef9b2eab6ecfc5b3ae94ce31bd3fadd1b2e7b10adfb4d6ac5121a421db0b3d1","nonce":"3211ef1fea85ca6c115d9c7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"f7c20f261b244815fe0b1ada1dfa804055153d29ed61d2fb13b510746148292f8afc411b83b0abd09c094eaa2a","nonce":"3211ef1fea85ca6c115d9c7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"82a2ad69f9bac184d1c7d02b9454cbee0fc029cd180c19345b23e194382f55a322f7da5872b62c283bccb7b254","nonce":"3211ef1fea85ca6c115d9c60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"d745ed3b14f13df1797fb50a2f12df4b0d0531796bddbb8976195d31ceddb839bd2a2ab2e40e346f99d337b78c","nonce":"3211ef1fea85ca6c115d9c61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"a35da4b18ec08f58ccf8b3d312a6c260b4e083e9aa7e6e3905582429906aaf0216dcb1d7f7df37e796a67fd9cb","nonce":"3211ef1fea85ca6c115d9c62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"987fa6051ef75daf42e69c155c648fa6e5e29be4e7f4291699a0aab4b9734b12a6b89bc03c8a2e23b0c573d5ae","nonce":"3211ef1fea85ca6c115d9c63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"e23881d08f7952c2522c35846b39c6cfb97df1c66bf4a46d5933b62c27eaea62e91f69b55cc803552b50dc2e0f","nonce":"3211ef1fea85ca6c115d9c64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"c526064b0a8122af7d54d695ed64b6fcddf5dcb17f95abb5778f5dab6c8ef847573c5f6509006539f826baf0d8","nonce":"3211ef1fea85ca6c115d9c65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"1f93e144445a69d4598cc30d4bff05e7db3a84e8af376e3fb54590d3cdcb2d069709e1a97ee4571481541a0db9","nonce":"3211ef1fea85ca6c115d9c66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"1851b4612d4b5300dc44c818dfaa424f11d3b9092f71334c85686b3db2754930194910342b65be949b746ede36","nonce":"3211ef1fea85ca6c115d9c67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"2b6f4aca82d5820279c73adc2da97c9b23a477c212a607d191939880127a2471aacd3c2156dd3a166abd174f44","nonce":"3211ef1fea85ca6c115d9c68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"e51a3708797c72a64cb249dfb7702241706651a6bd9d4e811900bac916f79bed5ae34175ca690d4e0c3907c1f1","nonce":"3211ef1fea85ca6c115d9c69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"cbb1c2f410778f84e3b23cc1feea9e8fcc6ee911c47d0bd1904b05bd66eaa67801ce053806a230714bf6454ea2","nonce":"3211ef1fea85ca6c115d9c6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"ec90cdb67a21310c365a886a61ec288a9efd73b2abb95b412f0de619b1097b4a24c70731e9ac0ee975603c59ad","nonce":"3211ef1fea85ca6c115d9c6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"43cdfd4e99c0b8b15bed45216c36c0ee7520c04dcd795e0b377e7f08ebd9df67ba057e46107af2268ed149fb7b","nonce":"3211ef1fea85ca6c115d9c6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"02294ce8e7608615fecb1be7e9c2a7c7f308176f944260afaf7e0fc005d6060d90666ccca90e0fb8d9c3612ac7","nonce":"3211ef1fea85ca6c115d9c6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"f3c37aca5529546f0d5c37c5be310ca928e7bfe9931cc55302705ce4941688ea0afe701cbfac572df61e99385e","nonce":"3211ef1fea85ca6c115d9c6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"9e86c1d14f5a9064aa06ddf7ddc62efa70b1ddd21e5ef1ded655fbb0306c2c33197a2305ff906f730b1d8b0b8e","nonce":"3211ef1fea85ca6c115d9c6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"13e8860263296d71558d0e0631194d60670b933d688257b501b0afbc22a4aa24e5152b92f2f3bf901d64a5bd36","nonce":"3211ef1fea85ca6c115d9d90","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"c5fd0e5e565b1a7eeb9d61ec5cf99f37f45f976fe0bc114fe7f43c12d977ae23"},{"exporter_context":"00","L":32,"exported_value":"b45a4fbbc48c2efdbf3657e9ea705bdb55e44eb9c6d43d75a4d55cb5e21a4f27"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"c1d7f3417b5551f903a88ff004cc87a3e2ad0455ccf6d513422007a46ad121c3"}]},{"mode":3,"kem_id":18,"kdf_id":3,"aead_id":1,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"14ae8d3bd341166f7d28890720d2a729f5062b1eb29bc43f7c5cf6fd1ff83d825dff531adeee5318ecf030b824c37ca286d85fc4bfdd5d4f1feb10d422d414fdde4a","ikmS":"65592fde931452e1108bf84d151fb28e8be5d9ce1341f7975f66dc916936ded3c0406a610e4f757706734170b2254f6d00edcdfe98a1e5286a77bdb2e33d7268a3e3","ikmE":"6998c313d748fb5709c30e2c95ac60e29e2f3da7238b6ccc89df967c4da4626a888168f260815b4968f7032b789fe30e2de586acba70a124bfd450efa1e5b6b18b64","skRm":"01d2082b6a2af4c8b3896f27d49b5aa1a29df49300111d4339d91438346e84611e6597ccfc864dcb4e7f5c26afea9f7ebaa599b62bd6b9baed5d39b8494bf59f8511","skSm":"01bae43ef5a5d2690c5b175dfd70b94b05857c4d5d34aefe8bdfe59c1a1e63140747533bbfd3dfaa3751ecce4df12468d37ab94e09d6f25637a9c64e4a55fbc72a43","skEm":"01db124eff897bac7192fa70b925b4d7de5fc8df534a54b0ad6f67b2e73202615600879e396106a60bcc2f1897e99cd76ae8fe2a1d7650cbddf42173c0f33edc9cf9","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04004e7fd8134b992f93661a949b11e93966a571f05d73a3535897a068a83379f19a348ab4f8bf3891d0c8e9ee3be87b9dc342c573116f5fadb9e694ae64269eb2597500b0b0b2d54c62a5e9beb1b3f6463fb6eae34ab32ff097d1a38ec72675ba042117b54850c0eb6a6c7594588f7cdd8a5ac3e0283890d125e2aec49e7427d105efae52","pkSm":"0401440a728d61959fb582a1e7c2978f0d173d5d4346368fa16af6cb94a2bd83a484d9766d1924f8265bdf99f2859f58b141ae2df528027b0859c4dfd0297fc3fc44f5004f173ca1a114d5b8a2fb394b1c19d8d084914ada66b885fed5679b2c0a8f6d5b48d629ab09473c755fd0a790154006b8c15a1d78d2e87ce01642ca272878106249","pkEm":"0400f30cea3e9069e2d74658751ffcd54578005c82bb253f6710e2873ac093f58dc19887bea69b6003e1e636d05f72ed9ecd38ff166a93e042efe57dca426ca223033c005e036d6e38eb9fa718434f35380942aea351ebb6473bace137fe792d241215ee7d145db452298615aabc3178550ed9a3b5ac12407780a9d57266a552b8452a4c52","enc":"0400f30cea3e9069e2d74658751ffcd54578005c82bb253f6710e2873ac093f58dc19887bea69b6003e1e636d05f72ed9ecd38ff166a93e042efe57dca426ca223033c005e036d6e38eb9fa718434f35380942aea351ebb6473bace137fe792d241215ee7d145db452298615aabc3178550ed9a3b5ac12407780a9d57266a552b8452a4c52","shared_secret":"184d2c20295675c3ac521597664ffef56d0e0dcd9c034ac149bcb58eee7e84631a58c64b705d8b84cbb1d24ab8063311d43bc6dfcd469ff9345bc06175a776a4","key_schedule_context":"03c208fd0a0b5a080a7f539f59e422ca4e818e634e12a8947f0dc95d4315990d38f86322f9fdbabd010f1301dc6aba400a053db66487c59de1a557d1eb4b5fc9c4cdd87b0281e692a99982979c39757078bd10f16f51a609804bec7ea73e6df85d53e5b21081fb76ca400113c07723eeb59281dc77544497e8f8a683106eca75ea","secret":"251b09b6f8a8e772bc3d765e3221174c72fc0ec78df1ec6ce4a6b06c0bb01db4a04f60e14badb868e321ca516c29162c21c16188deebda6569ebe7bf0ef45b1f","key":"7dd39181d6245abf310006a567c31b74","base_nonce":"16e906b45a0515f7e542b5c5","exporter_secret":"fa8766377a9f11a2e7ef0fcc984365230a3239573da413290992fe48fc688c93c2830154828266da1393a6a662dd8c8633de940c425382c23e990c48fc93cf10","encryptions":[{"aad":"436f756e742d30","ct":"9153a7fcf8ec932b91bab63f777265ac545eb9a3f23eaac388a9143aa16c6915a27bfb3e97ea57fc6d829a8fcd","nonce":"16e906b45a0515f7e542b5c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"d2f90ce9e64201b317c7a2bd03338d0360d7038fcd1eccb5f3b7baa82e06177125f1123da523814765345382bf","nonce":"16e906b45a0515f7e542b5c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"396d716989760c7af81965f3adc8852615accaaa182fc095f1378752886126456d53645dd9b7231686f9c09f63","nonce":"16e906b45a0515f7e542b5c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"6071ae62c536ff5368da74b447067c14ac385262e8906fb542cd8758ccc62748be354d236a47aa4523c7f8866f","nonce":"16e906b45a0515f7e542b5c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"da2c756e0f24fce8b88c63deb480ba5bb5fb773e708bafa02f042a05dc31b5df1e512b20f17d3c6b9ee9b27a4e","nonce":"16e906b45a0515f7e542b5c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"39f068081f1d26e13bb18bd5fce1993935d4737d5de51402649ee5b373e708f3a58dc9231f95416fb2e25e0e61","nonce":"16e906b45a0515f7e542b5c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"5c879e2c13bf7e438938adddd2ebc4e94f841afa2637fdbedd67521f788ff209d3759f1ecc6c29889de8936654","nonce":"16e906b45a0515f7e542b5c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"d8f82a7f286a02ffc15f0d0d1fda7aeaeeda68282e486fdf7dcda54fad5c6b95c61748bf595d454cb0525cd3d3","nonce":"16e906b45a0515f7e542b5c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"8aee0654a8aa9abe7d96730c46f5a2c6fcd705372ac53f2a50958d567d60820c487578322c4654cf1f2d6ed8ff","nonce":"16e906b45a0515f7e542b5cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"1a5117555d1ae9090b3b0b103ff53448e35a941392889c29531a7b793b4555204ded8a1a52b73d587d01fea0c0","nonce":"16e906b45a0515f7e542b5cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"0f2b13c6813cbe6dfe441e7c21827c8321d987b3778be3e7b278a87045c420685838d2131e3bc481b1842aded9","nonce":"16e906b45a0515f7e542b5cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"c566b469e419c7132ea6ef7786acf192bdb41198a7f6e7908f3ec65098df4cd51ad34af0bf2f10ba6dc18920cb","nonce":"16e906b45a0515f7e542b5ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"e0f69657fb93421fca5161a2c3192a4b10ab69ca7964fa6563955ed02c4f655bf5923fb0e190035993de5f9f70","nonce":"16e906b45a0515f7e542b5c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"07d96ab5e3e52bb8b4b2b313d33d9b9eb0ebfdb04f852f69c822601c96d89b8a2e180793a82bf054f81bc684c3","nonce":"16e906b45a0515f7e542b5c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"0658ce6df1597378730a4badc6e739cb7fae6e9ccb8f575b3dfa62e99007a6d97c4a8e5674597512fbd3fe06db","nonce":"16e906b45a0515f7e542b5cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"c0338c3eca08b3daf11a5f159d7caa125220b2c964bbc6cab4bab66c39e3667195cb2258a75062c3ac88454678","nonce":"16e906b45a0515f7e542b5ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"8eaa06e29627c1cafcfd744a3971bbc59fb33d00a677e6124da0d28619afe93b6a8a07470208f600b61da3a3f3","nonce":"16e906b45a0515f7e542b5d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"a02df04ab65fd5789ce1e2fa3246eb7d5229e5daad19a8fff305a2509f1d2d189d23e951f62e65c3e0744801a7","nonce":"16e906b45a0515f7e542b5d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"350e138eef970b94ac23e970d269b17c1f451677c7b2096f320553d72d4a9bc1019c67facb5676f5238e733cbe","nonce":"16e906b45a0515f7e542b5d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"bd04ecd61e9369cfeea6362bac1e92ac8c756478c600c5c8247ab2da369e0258512d6cf51ab5a288d348632f52","nonce":"16e906b45a0515f7e542b5d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"50a9c20872746ceda761c9f24740dae4f2afe0586c1ca95e0df33b18e158d8ccadfbe61b6849adfd8477c04c98","nonce":"16e906b45a0515f7e542b5d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"1f40af3df34f723301f1861f5e2fcaa28a774b3f52fea04f8c8f625ccc3a00b91989c94b292a571287e3303f61","nonce":"16e906b45a0515f7e542b5d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"74c959100a5d18835d8db801288e59715701cd695fe6e54aa839a1c06e4b1a28bd465962bdb048e599a17c962e","nonce":"16e906b45a0515f7e542b5d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"4b9666ce38f1315820ff5acccbb874c647d3d54d1298fbc8991799fb6a75ebdc5100d73b26cee6aeadb7148d34","nonce":"16e906b45a0515f7e542b5d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"697579881248629a112f321be24ec2ac4e4c690aa32415794bd784811c242fb646a2e1ce5e8030db728017ac94","nonce":"16e906b45a0515f7e542b5dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"9909aecd9e5287da5a231da140fd437cb19bc35527270efff0003915f7f2e34cc397112570c2b1e352d31f74c6","nonce":"16e906b45a0515f7e542b5dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"e6c3dce2cd4f7cdfc60cb7351e9611a3e44f7a8842a4774077bf549589f2a4a84295d2927793fcbc71b8df956e","nonce":"16e906b45a0515f7e542b5df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"574bb5e8d2d8c713f4b9f640af3816d88103d19311db24bf12f40f91ce0fe961129a78fadcd79e42dc52c96a63","nonce":"16e906b45a0515f7e542b5de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"e11b82731ca337194857e7ca12b9b2a6a194f826da39cb59f533e560c9b5677110ad78693b0f687369be506272","nonce":"16e906b45a0515f7e542b5d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"2e2b19fb4e6d360adf0a7c07cfa873173e2a9633609e9bbf0b79609e266d09c53d3016171f3423416c1188b19e","nonce":"16e906b45a0515f7e542b5d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"81f4661dfffea81dea8a5c81c11e027b80501aa99c53fff40f7c7fecfd82974ca4de59c68640b6a9b6eb06770b","nonce":"16e906b45a0515f7e542b5db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"7a2bf500d40e21e3a1131d39ca313049ce7ad863f446a65255efc39963083dcf6f6fa622c8591eb305faf7230e","nonce":"16e906b45a0515f7e542b5da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"d213bab47665ea3bb2107192231041b0c1135f7de6f79bae6877ce1b5453dfaf67e456461306d4797e92f55d67","nonce":"16e906b45a0515f7e542b5e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"aa7e824882edbb4dc2cf637d8dee95cde77ea4dae45ebb5c8e78c367b9a981c9a89dda4ea83d29d4d8bee93543","nonce":"16e906b45a0515f7e542b5e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"8ced3f2c24ee9af2db5f3c2e58eed4b1d5d99309541d560d0bd22aaf611e9b6de28c68c7c99a8a004c3dff1f0b","nonce":"16e906b45a0515f7e542b5e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"3dd2744d833d8efdbf7103073644b62ba2c681f05a1b2fb503219668526a89d15e0d2bfb78c5ece4e7392ecb07","nonce":"16e906b45a0515f7e542b5e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"13e15355d65b5a2fa64dc2024b366c55bcbb0eb26f74e64c6b456b6476627af569f7d0c13261bba3d39d0c87fc","nonce":"16e906b45a0515f7e542b5e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"c26af459f232cc1bb5db931d107c8575c19a3582a3aee2fa1ebb7168cc22afc82bb0183f9d58777f652b9ded2a","nonce":"16e906b45a0515f7e542b5e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"e735e1e6382c972e0ac1c3a29c50b5326d345d1c03305656cada8fab2ab1634759f66b63f784cbdfa8d25fcebd","nonce":"16e906b45a0515f7e542b5e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"a883c0645d6e8859a17a0a61b0b028300c1236426ee4da737c65281acc914902743cbf91455437225894812ace","nonce":"16e906b45a0515f7e542b5e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"a5793b0d5b05090a5d15bb3586130c8195ecd94b9d0c308852606116a144d52beb71ce6c519f2cb768ff11905e","nonce":"16e906b45a0515f7e542b5ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"f445ed0429236a105aa4926c5e18aea843ad6ef4f3006ac9bce10e5cc57c0f0297666ee02364cc25896b0281a8","nonce":"16e906b45a0515f7e542b5ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"af61377d00336c368610789d2dcbaff571c717324dfe356682f11ab02aba5e6d78d3d266c2d230cf5968fbc42a","nonce":"16e906b45a0515f7e542b5ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"da9ffa31d1da22d88892f5affbd17f1a63b85cfc1965d173cea92bdccfd8ea8f944f27b86182dbd8b5125a8c55","nonce":"16e906b45a0515f7e542b5ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"f0993e537b8ad6db004ae6876a65ec50b518783b8da8d735d4e9d37b6e4f9e1f5222c163e69aa8ceaa2c3c357d","nonce":"16e906b45a0515f7e542b5e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"7df461137d8d556b82e8dd22b601a4913e3e448d566917f254471c4d375a05614a7f8423b151723b4867d5813d","nonce":"16e906b45a0515f7e542b5e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"08154edb4c8d3d3b325c102f6101c511141256893b2c3d691c923743ea91c57020368e2e0d157da220e65b4c76","nonce":"16e906b45a0515f7e542b5eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"60af5597564d87672f3e59cb867d1a8bfa74f7539910759971053c61a90882c989939637f0cdb9c9a59fc02dbf","nonce":"16e906b45a0515f7e542b5ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"979670212ab5083cb2ccb91da49be3af043bc2bdae11f54268329e0700bf7387933983ab3a402d31aa1607cb9d","nonce":"16e906b45a0515f7e542b5f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"9d74119eab762028f2114df91d660710ddf916f0a492b8023557ddee28ff7beb0a22601a8420e52bbc2634776c","nonce":"16e906b45a0515f7e542b5f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"c1239765040e3619fed861e99be4ef3a1779acda8cb4abd1570f675b10f3c06a5081c694b53866e521e3de2bb8","nonce":"16e906b45a0515f7e542b5f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"13eca134d40654b47d16d5f33604f8b5289f00c099ec3fe70c023f7f15ad68dfa6bb3a19c05a8ac868237d5b01","nonce":"16e906b45a0515f7e542b5f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"1e7b4099dfc7a59675b8931b5130a8b5ed21216aef92f37f408f96ef1703e5e0ef9374f0bbe2ffa2ac70447955","nonce":"16e906b45a0515f7e542b5f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"265f69726e5d8738b98c9b956424b8626d56ed84893ce1c76c3ae0bf73b6548df4841261dcbd9a58cc0214aa42","nonce":"16e906b45a0515f7e542b5f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"9dbf9531d02239ae20b65ffb0132e833a53474a6a03ced81577c798ed489a30e757bb579f91d987c44c036aca9","nonce":"16e906b45a0515f7e542b5f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"206bec3465b7e1a1541390d59231024929f1aa5c4121108ae15e4dd8d119b1359f52d6e5a5e2e4fa39ea41293a","nonce":"16e906b45a0515f7e542b5f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"1b8015db0c49eff46b276ec36f2ec2d1dd71ae4cff54ea344a8d05ec829cd9bb73ea08fbc116ef3128780c9a94","nonce":"16e906b45a0515f7e542b5fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"a5e34b3bf39f65c9d8300b41a89e8c339c21c9a75cadac7d6e5635dc68c54f822a6c9209d31ef002ae0114d8ab","nonce":"16e906b45a0515f7e542b5fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"45475a5ff7c1143e14cd92c9a4be1b151a126126d56395bdf1b1c405b745c683b3a31ccef652234c46bb2fd557","nonce":"16e906b45a0515f7e542b5ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"a17d84031cad075694b1093db86c6d6b9ac88d03cfdc9c51aa010cf4d88c9d5c182cd446c03d67b2b63f30bd4c","nonce":"16e906b45a0515f7e542b5fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"47b367a4505c375b1d77f6672312f58230f3bd10552a89a348cf525691f1f9cb699bb5998a499c0a7559f13481","nonce":"16e906b45a0515f7e542b5f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"8434acd47d70c8f01273742237271236c53a647843d5af3097da4a6b751cefb0c50cc760d3a9e969e72a8762ff","nonce":"16e906b45a0515f7e542b5f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"c9247a62ee48b8199d6f6cea833de7ebdc5ff13aed369fa6710de108e501e1eee6e9f4bf065c0a76676a5bf37b","nonce":"16e906b45a0515f7e542b5fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"fecc56a7f6a9b3f81d24fdd0bca5a2804dd85019ad921b6b81c2683831a83375b76853258e57f693443c51f32c","nonce":"16e906b45a0515f7e542b5fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"6559fd5ba190a0373d03dd2202c585c44b75a47c497852ad7d17c5880a05799e645efa4974c443f9c126536e44","nonce":"16e906b45a0515f7e542b585","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"09ed56c9892f503d872670ca57c068d080ff204289bad1d5a2702871d004e8246e339c069d7d49b9e661a4f612","nonce":"16e906b45a0515f7e542b584","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"6efdf4ebe9391bc45d98c845154c0e3cb5699a4dbb8ecb02ac3b0749161f5f913c2b085b805aa4ccae8c02e432","nonce":"16e906b45a0515f7e542b587","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"cd767a729f8017ec4cba2932f76476221c4968a5ed9eb4088c0fb4bcad7f0f8ee41937e4933a0a7bb7d472dd6d","nonce":"16e906b45a0515f7e542b586","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"b5987232707630b638e449773123178816bb6b5caf6852568a1d8c158e53f598895d5da4bd7eaa29b9665f1970","nonce":"16e906b45a0515f7e542b581","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"87e43346b01e951c6a692084b90bb93b547b7a36db1a9773b787bff6012887734aa3d55ed7ccb71bc703879711","nonce":"16e906b45a0515f7e542b580","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"468c925bf5bdb08724c8136853f46b1b663c77349fc4db2cb5fd2f3b7a9117a3ccfc457dd7ff3cd02272658348","nonce":"16e906b45a0515f7e542b583","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"eafa5857d5a6680baf4d73d0ed585a716f6525680b3d43c284d59878743f08fa4315d46cc163bf8d087563f6f6","nonce":"16e906b45a0515f7e542b582","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"7dc8147ec9befb640f31f7edcbab7871293f815d1b241d36a256869dfb15e0215ab3dc70004cd3c0b37c2698da","nonce":"16e906b45a0515f7e542b58d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"9f58fa081dd18add998ef4a404584daef2b73fc88c4a835b85eed2ee8257e83bc2b85532f013c8b5e8705b187f","nonce":"16e906b45a0515f7e542b58c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"5b1c2ff928576fafdf6b95e4cb43659cf0f7dd7269aad154701fcad60c0ba89ab6b8c8a617ba9a34e8a373b2b6","nonce":"16e906b45a0515f7e542b58f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"993a97815c5ee3accbdc434d0b8483f37ce943fa5e3b505d7391c14dcfc3af67bcc5593dfb9ce9b98cc2c0ea66","nonce":"16e906b45a0515f7e542b58e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"d66953d1d8f34a975d56a12a1f12c91583ff6dcbadf1ed7f78aeac2e467b5fcb19c8033b68f1c3df0259fd2ad3","nonce":"16e906b45a0515f7e542b589","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"fa27710611fd1de1d1f05953070b34a92975c86698ebc26ce14dd0d29d47e03f319618273db0dc33abf7e39f59","nonce":"16e906b45a0515f7e542b588","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"5930fc6045dcb69d47222d65e117f2fea771807ecc57fe55dd72aff722b2f4a247e73fb945fd12c2be09d5b5fe","nonce":"16e906b45a0515f7e542b58b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"563ee9952a5099d4094c578530e9abf905dd5ce5cd8aa4e4db171c5e87951dc149802fd9f36616a0a272a3a8d6","nonce":"16e906b45a0515f7e542b58a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"55fa8934246bbdad803304b0d338a389f5f433e7236e7c257c9487da7ec2d4fa97e96e9625dd139e4150ce76b6","nonce":"16e906b45a0515f7e542b595","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"b0222a868ebc51ebc312f72842e9938a124beb3a255165398433b20ecbce8e39d251d08f3fa90651488ac41347","nonce":"16e906b45a0515f7e542b594","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"1e2467c3e35cff46c990e361a84c9cc7c0d2a0b8237de8fabf31ba6c4b44d933b4e7d5a1d444163ecb3e31e87d","nonce":"16e906b45a0515f7e542b597","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"91af0f825cb4c0a45eb6753b9c91b0ca7afe0fc799391615cdc94fdfcd5ecbcc0112ffceb0b83ac859d1d78e5b","nonce":"16e906b45a0515f7e542b596","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"1100d3ac78b70ca22fffb995f5d8a5758da73ffbb24761ada6c8d647a8b9752c886255a97a2f48fc08dc89ea79","nonce":"16e906b45a0515f7e542b591","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"cf3fb9c5b70b9f8f9066945bff1586f6fef3cb12b4fb469e6fc0f62df3350a4f1d437fd026b8e59b24a9902dad","nonce":"16e906b45a0515f7e542b590","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"e317f67e32c494f223cc1dd9e5a330337ffb8fe566130018429164649f430bb80ecb6e2763f4854f6089dcc563","nonce":"16e906b45a0515f7e542b593","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"45602cc1182a767de25d6c6e76af19bba974c18ff28f985135325b434e3b82eca30c2d7425576fe9ad351733d1","nonce":"16e906b45a0515f7e542b592","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"421604323b2324bd2c5ec268a169930dc4fb855b22ba6e8c7d48d2c4aa5cc5dbfbadbdff3ff9db31b8f731e44a","nonce":"16e906b45a0515f7e542b59d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"b7bcd5b7c88faa14fb49f3d4283002b8fcc26302b403614bdc791237afccab438e625b30329ed9ecc9f8a3674b","nonce":"16e906b45a0515f7e542b59c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"8b06253452148d24ceacb891080f83105ab7e2343cf84d437a2679ab9cba570217732b1b834844a23b45bb470a","nonce":"16e906b45a0515f7e542b59f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"f4235a1b83a2dd1bf83696a2aac558723243d6882358cbed4910961028a3b22037d691a4e37b1080fcd3088d00","nonce":"16e906b45a0515f7e542b59e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"0f307f6acad4b5214407b7a95b4019feaad0a901f8595ec7b2922dfe199e6664645a038db02e25d727c28c9d2f","nonce":"16e906b45a0515f7e542b599","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"06bbbd9431b0472f192430d6bb6574a177c4e975e954b3531bdd66b25afa8b5ddbb50f8b054c896c488681b930","nonce":"16e906b45a0515f7e542b598","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"baf4d7c768990d68eb55f06c7eac421f529cc86f7d85ace4bf9d042bc150239b6bdaf034ba260835ce255e18cd","nonce":"16e906b45a0515f7e542b59b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"722c3089e3ffe0dc5a8ff8f8f4c697dcb69dc8010988be182eab59b1a14af83425e94257e23f8a01769c821aa6","nonce":"16e906b45a0515f7e542b59a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"c75234b06753d9da88ba1bf5c9044abd6bb0dbd807d63a90964a2e0c243cd0ad937e6ed356e315f7fb5b45318e","nonce":"16e906b45a0515f7e542b5a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"54943ea9fc0bc66508d930dcdc3d9650ff7ac5005e91061c3b8040a02e60c15351bb329c31672e8e7a2b28e497","nonce":"16e906b45a0515f7e542b5a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"8158e285debc23f977ccf57df22bf0665fbc7f1f85b8d2f8048cf45be301e63d356b4234536cac50787641959d","nonce":"16e906b45a0515f7e542b5a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"f5b402e428e8fddb852b731730fcd59be1b05e154aa517ac9eded4bbfe62104e65dbfdb1ee304dcb48b217b33e","nonce":"16e906b45a0515f7e542b5a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"d3da5ce1a6c4ce65ac97c21376adda29c84085c0d92b167e81e00e80d493f64ca810498ffb3b66e501a28ec0f5","nonce":"16e906b45a0515f7e542b5a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"fbd5264dc014330ce89c4513037cee78c24548c40fb212e0c1df3ad631db972b079c825ff9153b910bebfea2ce","nonce":"16e906b45a0515f7e542b5a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"1ca5fecdbc3d26d8051c477d81219bf42543f8ed99781a422ca844d504e068e1c25804775f64253c69224573ae","nonce":"16e906b45a0515f7e542b5a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"dfd5c47ca2a39b861dd4df592f4d9b67344872164020b2d6995da2e681c44906c94bf62352c72aab5790dc932d","nonce":"16e906b45a0515f7e542b5a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"8c4de397eeb291ac198821f1b5bd81a666a3875cf4ab018885a33de7a01f3b157c2b961875eb898944b349aad3","nonce":"16e906b45a0515f7e542b5ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"3bbe4a8e64daab91552f5ffa4e1f5a8a0842d188c25908e40409e03bdbf5923a18e74ae4d01a141ac34ddeaf79","nonce":"16e906b45a0515f7e542b5ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"11ad6f3a788dc938157d0337e4eba78524e9b4f4f18ab48ddd8ae22a799bade5c457403d7494307120df798cdb","nonce":"16e906b45a0515f7e542b5af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"b93a8144d2b41112b06f06bc58d0bfc704afbe3d7ac62886e3687a45ed08622161ba78f852aa7c2b0dc8c5c60d","nonce":"16e906b45a0515f7e542b5ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"9c4c17fe1b70bc8ed632319db7c4b5a76868c54e64c193696f16217a4e916b52afd4c17536cf34b3dea3cc80e1","nonce":"16e906b45a0515f7e542b5a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"f1dd83565fb82e14785ff0570983a5f91b79ef48b6caf956d6a6cb25e39ae2db724d6c5bb3ab337ada0cbeb16a","nonce":"16e906b45a0515f7e542b5a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"61748b036ecba04e3df5b068d5c454b19c89bab111dcd6bb3bd55d0eace3a5128fa8715de5e70fa7eae2ecfb10","nonce":"16e906b45a0515f7e542b5ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"f2e9b570f0313445fbc2daf5fab16adc0385a062d695039bbe5ec5808c23dd4677c140c332f7d9d184697e43cb","nonce":"16e906b45a0515f7e542b5aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"8d76bb0582030ec8a2f7e218942d9a305a9dbe9d0417ccd7b5a09df004f052ec405a2c3dacddc2089bcd8f4ec7","nonce":"16e906b45a0515f7e542b5b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"6c16b6eee1fcba3ab761de5bcb2031413709e4ee2af8eb0d2bb49b49069c57da48602a1cdef942b49ffac857f7","nonce":"16e906b45a0515f7e542b5b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"4f048548dd8070439f0bdbf58b9e25df26becabe7c1f0e18e63793371bbfbae3a3ca09faefa6cabf60182ef2ba","nonce":"16e906b45a0515f7e542b5b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"1ab537808cbd4c586319f1a46916bf1dcbfcfb8b587380fa5c6d33027bac3f842e48df9d105520e1fae167451a","nonce":"16e906b45a0515f7e542b5b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"f5c2c33768e4318e2bed7a4744e65ceef74d9c96bfc7767625af2283dd9a2fe4bc80d63083c172ce20bb524fb8","nonce":"16e906b45a0515f7e542b5b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"51ee65a5d11aa70ac62b3498e9a67c9df1d09fc6a511454023b57a17e1dd5a22beded1ad7034790650d81c59e6","nonce":"16e906b45a0515f7e542b5b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"a8af2a741ae11e830e08dc6325afe4b7bc74c92cc07ba2031044aeec7eb4b51dee0ef3da00bafe963b50c2c3b6","nonce":"16e906b45a0515f7e542b5b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"b5ec917ad09c3d1bb3d751d311cd811cf1167d0a88d6602a28cd3e7d840c5a598d95f2a6af71e3614c1a1d203a","nonce":"16e906b45a0515f7e542b5b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"1d3f73c4dc03fa318ec4a7f1994df90aad22bcf8c523174df6ff1b5384ea15e53c6de788bd6a142702e21e0c68","nonce":"16e906b45a0515f7e542b5bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"117ba130df819206caa5382f1814a53adecff01b4dc6b17e6108b5cfaab5f564a70fe16ef331b3cc16a059382d","nonce":"16e906b45a0515f7e542b5bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"5af5ba51442e3033fb8a9e3b32869aae2eb96d648fc22a92f5f439712b15a50948da01a6404776077f16061587","nonce":"16e906b45a0515f7e542b5bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"efa7e6e9f95670adf2bac2fe593315cccff8cc1968fd946985466ad899b834b683437fac2cd226a0c4d3b25ba3","nonce":"16e906b45a0515f7e542b5be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"2f74fac21e5b29792ecc9a6adf89cfafac331a1e029505c95f59f07795671f54bcf7eb4668397834fa7e8f9219","nonce":"16e906b45a0515f7e542b5b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"b1a25fb1254a27ada5e081210317c854165877e1955b2075c67ad88cbddf28dd627ef34c918b9f6dffcb0e0081","nonce":"16e906b45a0515f7e542b5b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"7ca13d315354b7300b4e071ae894e8d3731ee7c9df4a8894dcf4b603c0bd6af351ba3f8947345849a121d1c95b","nonce":"16e906b45a0515f7e542b5bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"7f6035be124a392238545774a54ead63e89bf97a8fb23fa84c376d5225bfbd058c1552691e537e304b69763dd3","nonce":"16e906b45a0515f7e542b5ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"687eb9f3d386dcca0481491177ad8e702af853d6a311e324d85da7b02e42ea8228d54e8f2b50af8f2c0af2754d","nonce":"16e906b45a0515f7e542b545","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"841a7be7a58cec3ec54d7fcc591d50559b4d7cc19610b828722617c73d68885f381e0dc297f50d4acac5fe1791","nonce":"16e906b45a0515f7e542b544","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"7803183aa865fecce9ddb9a4396621aab001d928f88e17a5b1d7b5d603d03f722f1bce7c055b5b0b2ed94c160b","nonce":"16e906b45a0515f7e542b547","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"da050a539069649980eed5fe5d76ee34101a6a9291c092d149b02c6a472d8db9c7bc4256cd64733bba7d188067","nonce":"16e906b45a0515f7e542b546","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"b559d77f6fe41c003a9059e758e12473c59679e8cfdb7b89fed371513322b67f0d2ddba96a9e89bd69b93257b9","nonce":"16e906b45a0515f7e542b541","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"96a144efb312a5868e639ef43f2337688d25b524925f363fd61157386e139ca669fafdac4cc24a19dfebb31504","nonce":"16e906b45a0515f7e542b540","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"8b37d292c1a50a01ec4d6276df6df912e471363bf43f41437d22b264d2e3ba99843672828eedf6c2e298a07b14","nonce":"16e906b45a0515f7e542b543","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"677372e3f6eedf36e03375bdc8b0b7c17acb37060826ca2066eea8eb328694c6d310c93db690f3b187100665fa","nonce":"16e906b45a0515f7e542b542","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"0f0be7af359406545cad1a53d7014f6d531b54703681c71b846405779666431ecfa484e3c99813aaae204103a1","nonce":"16e906b45a0515f7e542b54d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"5a498766a32f5b2df5117c8ebbb68df9d9626ebaced5000fa7b7c82fec8d71251e792bf48e40870c6d118c700f","nonce":"16e906b45a0515f7e542b54c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"177560488558f331e1d990542ae3f761c2adab95feeb89e9235d84d0ed041313081206ed559614909814388141","nonce":"16e906b45a0515f7e542b54f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"70038319ff64a299d3379a3865d07ee6bed0843466d54103d0cd2cc3e1680f569c5391e1fdce6be229cd60f01e","nonce":"16e906b45a0515f7e542b54e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"301953ae9e0bc18386605db1be6af751e1a4f700530768a2e1d498295fa28f641b51b4ee8bcfd4b8730c3860ff","nonce":"16e906b45a0515f7e542b549","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"c0fbb26705adc0ef3f66b51d9cab6c0d05e4553a6bf8ed0d35ed70dde51fde4c252db266012ff3d0fe79dffb0f","nonce":"16e906b45a0515f7e542b548","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"345f207e6e264afc2d07181b28e25aa645eafdf017ace156e87755669ee3337e19aea2ed96e10db3bc070e66ca","nonce":"16e906b45a0515f7e542b54b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"82e987e66bea856bad23d34508a22a8673cc01403434c59a0b6f1f4f2e1e5af487cf40eae0be082887b617e3f0","nonce":"16e906b45a0515f7e542b54a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"20a0b1aecec991117717c986ff36e3897368ee04df117842ec12cfce0120deb66b2887166debee6fa640db52e4","nonce":"16e906b45a0515f7e542b555","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"06efe90406b6c6a1c31cd7f8e524cff488e103861f8f90961c2583b23ba6980a3df4032b60a5b244cb940fe605","nonce":"16e906b45a0515f7e542b554","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"ca791fb90a8d76c89108887b120f78ae599fdd2fa9b0b79fe578154e3919b1cba9ab5f22d130176f0ce5f8d9e2","nonce":"16e906b45a0515f7e542b557","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"9724eceb24ca0ccf9bfd1ce6e0e0731498007db09cafe3f39687125b895fcd632ffb80f37a9f3308acc0a688eb","nonce":"16e906b45a0515f7e542b556","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"d1e85f7b6d14899eccd01f5a6416cc5ac84f6df2910778bc83f3e5dccdf50ed60898f5ef1721c9f4f88c09ee9c","nonce":"16e906b45a0515f7e542b551","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"b6818686ffa86fedc125fea2d5cd95222bc558bbf8399c90c32ffa8188e893112eacf8fb35d1c46e17ed1510ac","nonce":"16e906b45a0515f7e542b550","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"75850c668a11bcc5b554c113decc70d988cc67a358d3b5b68a1da2526bc463fbd66402d4d9dcfe58da5b4ebf3e","nonce":"16e906b45a0515f7e542b553","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"63ed82a8d2f56c03d5ce71fe7090aaaae173aa1f883124c9333bc63dc671e5293fed4676ffef3ed811b22c4c1d","nonce":"16e906b45a0515f7e542b552","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"bb6e478432deb9651ca8a249de1008741b2aa08d389004654d1c8b85a215478c3c984d855a697151a138356b32","nonce":"16e906b45a0515f7e542b55d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"3540337671a6896f98165459589d8f8f9ba0b5c81c5937bbd1bd59dc32ef6fdb03e681dc89008491def4facb7e","nonce":"16e906b45a0515f7e542b55c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"7948fa4f42a51fa9b6badccadd1bf7b912c5cc10f7841f824e3c1a1bab22a1b436e7258a97d4ab899ac1f6c3ea","nonce":"16e906b45a0515f7e542b55f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"bd6e56d023d2a710fde4b2bb3e3f858233a2e9d4faed9cb9ecd8810c0bdb3c053bf3b1962b8c451f759dab460a","nonce":"16e906b45a0515f7e542b55e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"bf06b26a6c65347539a98b4e505c0dbb0e8580310f62aac0c74e0ce3ad82dcf332a9550eb02a44df96557b0cbf","nonce":"16e906b45a0515f7e542b559","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"ed42fad79df89e5a33b6ecdb7ede587cab5794eb414a52bfc91baebada0a2f11616895b0a548e4bd196a7f6660","nonce":"16e906b45a0515f7e542b558","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"b86b0cac7eeb6d7b75c6adced1cd4eea5b776a8b7930a7977a3152ecc4392a04c5b13b33160c4696b812420b18","nonce":"16e906b45a0515f7e542b55b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"52f805ab0bda1cc4b41cd940339f63d93b4bc9d01109cf2cabc7c180c1d52f0244bf0b89e26ad93af95231b890","nonce":"16e906b45a0515f7e542b55a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"9bc11b149d2c8cf3195e4911b8e9d671ebfda230a5cc5f6b5f3bf0343379db9e1e52194475462351f14635a0c2","nonce":"16e906b45a0515f7e542b565","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"5dc5beff33b3bf3aced62c092a1e08b496f6724adcf0b5f8df32e47c84746079f334d8dbca9e86a6e206eb7057","nonce":"16e906b45a0515f7e542b564","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"fdb8df3090da0ede75239d6b6220120302418debd48709f10bd3dc6c7a901cc96f9fd67e48ca9a96b8b71bee7a","nonce":"16e906b45a0515f7e542b567","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"d8d3fa37332a11994986c7909744add52529ce8674f72594c329d38ae275704e9b447f54db009ead3eb96a3ece","nonce":"16e906b45a0515f7e542b566","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"d26d7cae2b004ce9442c25bc505c62ecdcf3c74b0e87ba030043093e834686836486ad20be854ec83433fc9b17","nonce":"16e906b45a0515f7e542b561","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"38b337cb37cf124634513a08396d52f676df663609bee5e7bbcadea446a54bad754ab0ef5e0a535e72fe032831","nonce":"16e906b45a0515f7e542b560","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"fe1aa9f87acec3c5b93ddb87f019bf8b2a516e9802efba88b86c755af25a91f83ecf736fb4f8507a6c32a6d820","nonce":"16e906b45a0515f7e542b563","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"e1e5e81bd0cbe54d647795f3faf390533c551aa31a0cc5e52ecaa1b37cef34a20cc6ba02567210e979f847015e","nonce":"16e906b45a0515f7e542b562","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"aa2df8cec4098d6bda223bd4620a5ce7b0de842eb75b262faaff1d4625250d6cb8a0d405966937fb58575212d4","nonce":"16e906b45a0515f7e542b56d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"737892b0c2a33fe7545f4fdfb993fc74a4cab2d31a832fe15cb7209679f775d80cca6c7c3aa379c6d86979feea","nonce":"16e906b45a0515f7e542b56c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"266d1cb487594082f90b82fe9cae681e61e522c3ec59dc216ca7944b3869c1f7ab69f90157dfaec9940304f159","nonce":"16e906b45a0515f7e542b56f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"bfebe11241b29793168ab45250e9edc70167f34fb272900f70c4a62be098c102e2cde29a713464c5376f134b7f","nonce":"16e906b45a0515f7e542b56e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"9ad17bb4b0eed493002235aaa534925804bffb33a9c83e1f537e52264595b0b23144496f49686c4239af67d0fe","nonce":"16e906b45a0515f7e542b569","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"5ed0b952b5877124acb7b6ad390d7fc27039d72dfa562b15c48deb2fdc15b2df4f6c7d1fadbc836e3027c4f486","nonce":"16e906b45a0515f7e542b568","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"4cf982f23a51a0ff17d19a8c8a2d168bcd699b181c2adbac19c39e08fbb54e6942da96f78fbfd3dd1b7ed0e499","nonce":"16e906b45a0515f7e542b56b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"a67e9883f178a7b63e2568a09e0b5a95fc0d8a7893d66889bb547c854c843d8bc5f425433b849a3bf558c28af3","nonce":"16e906b45a0515f7e542b56a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"5bad5a93245f0901629cd48171cb29ff966dcae2178e641e459d9168fe9b6144687dd6c04683bb4459455e8763","nonce":"16e906b45a0515f7e542b575","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"d43b18acf426544f5a0746567ae60db024309c10820d67e520d36c1f9a29034f14b7cd0e1043fbcbabe1f5239b","nonce":"16e906b45a0515f7e542b574","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"a2b20836a5810651d44f805ce77a57d4662b7b12b35afeec4e94826afbcc2375e7f919ddfececfb7fa03d78999","nonce":"16e906b45a0515f7e542b577","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"9edbb4e93cc381b9078af3d2b71888223e8d9ad245410ed5e22b40be4721c920b095f97e360c579eecc1559920","nonce":"16e906b45a0515f7e542b576","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"06ad9a723449c73a04efb24984bb38786e764f01b17c2cac2bd111fe7ddc4c2b3cdff815972be920ce9b843a2b","nonce":"16e906b45a0515f7e542b571","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"a030609f419345445691826cfce3d4cae246519ca316592303eb78d84a09785bb96d2afc4f4a3a71a0564f6353","nonce":"16e906b45a0515f7e542b570","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"567fd3c8fb4b9f18b95a738422fb8f88e3d1bf1eb4ef2d372115151d8b1561d578f42a8dd69f9b4439e977b82d","nonce":"16e906b45a0515f7e542b573","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"e6bc790eca3f4dc09b1836e861fcf07aaefa705a4c1f873179127d0896105f6ed4183ac45fc9f92972b5f48a9d","nonce":"16e906b45a0515f7e542b572","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"97699961831dd180ec9864b79193b7b2404a68399a1a518d9a614752ceecf6101a8998d82dc96bf527cf5d6293","nonce":"16e906b45a0515f7e542b57d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"f592b02ac1812b9216103dd81e003acde2ce4ee315716dba1104c57c77532ad38b7a4b119fea6b57050d15ebce","nonce":"16e906b45a0515f7e542b57c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"523cc5d35543941b67ad2f29c397a2b8ab735b88ce6da87b20f90634bfc605534bdd6d26414905381b97cb1cf1","nonce":"16e906b45a0515f7e542b57f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"317c442d75917fce23e71e22e0befccf658cc8130f4455b081510a6024c29ea06e9aab7713e5e34125615e20ab","nonce":"16e906b45a0515f7e542b57e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"4913009cab30b7d70ffe5174640c4fb2f87f6142672bfd20c980b2932eaca199074daac9eebe175e4f2757fe19","nonce":"16e906b45a0515f7e542b579","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"2758536e4a8d1fc4adba1baf15e8f5894d66ea07bf211e3275514d58cf1b13c9d8cccb10a398e450ea08913d12","nonce":"16e906b45a0515f7e542b578","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"3d4cc021fb6263fb623c8118d2ba223576afe90ed309d9e24d7a4a6fd0922d2118070994174615d74801f98bd2","nonce":"16e906b45a0515f7e542b57b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"5d1960f515d2a6ffc145cf9770c84c40c2895bde64e761b02f18ad2ba89e72a35fd174122a271b4e62a6e86dad","nonce":"16e906b45a0515f7e542b57a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"58dedb2c88af01739933cb2feef504be47fa2d311a00a2cd57c807567a48c35063a251994917fc098115438c52","nonce":"16e906b45a0515f7e542b505","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"c66f04e9cddb68c5db178699319aa30e0496725432008ec323f070383daa6e3048fef386392b6ab34d053974a6","nonce":"16e906b45a0515f7e542b504","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"b3486c283e1271a8cfbe0da20288aa364dc9763daac56df65f51cc1b7d5dbc79fcd6849d30ebdfb3fb4cdc6130","nonce":"16e906b45a0515f7e542b507","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"34ccc0ebfbfbf38f9f7268ff5d6c9680356089886e3a2d06a49cf28380023dd66855988d954d037ad95d601e83","nonce":"16e906b45a0515f7e542b506","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"4e1a2e6aaba85824c1e7da7123106b9c6c8e40622b61b79b4cedf818b0844d2af49fc47822fb849e2f7f7d56fc","nonce":"16e906b45a0515f7e542b501","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"2a4c321f40bb51ec3a8b9a6b074e7ad2f48dcfa5d957b17f23fa6be7b7622e2a5ecffff193f869c2c7edc06d4d","nonce":"16e906b45a0515f7e542b500","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"06d327d0f4d6ec46d2b618719ebf0c53b09721ba9894f0e786906a3eba008c20dcb5b7ab89127628dae5f44250","nonce":"16e906b45a0515f7e542b503","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"52bdaa1c3888ea320eb295c455199aa047073729c62186b89eb48b411dc2baf6b119617fa977aa44f59711f37b","nonce":"16e906b45a0515f7e542b502","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"3803676c3edcca6da3c5d4f18e5617c2dec6bf980cac9286f99844a8f5d1e5210225491f7c52b2c51b9f3bb557","nonce":"16e906b45a0515f7e542b50d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"2f256371f2cbb09a5f2b0cd0788bae8c2886d7cf301e2221a38bc286724249484bac4f34b4da4fe72811bfec87","nonce":"16e906b45a0515f7e542b50c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"88142c86bbdaa43b6c7e7fc8b6e979d63df095cd84d2fa298c40b201a34a82482a727078b8f0cc7a91b57b5ec1","nonce":"16e906b45a0515f7e542b50f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"d5cd1caccb87cdc0a43e8c6ce05d7f733409185e7f41032140a488614f993baddb4e6f076c33288c0220e696f6","nonce":"16e906b45a0515f7e542b50e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"d595dd9a093b43e6b49d370d9a55693a6a7f8f8045138938537863317660a7c6d9ebe49906cac4283861524ba1","nonce":"16e906b45a0515f7e542b509","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"446039b510ba850aefe9cc80e40ff83eb82a707229ba31853d5953612e9cfac8113c544696ca525e1d08e643f0","nonce":"16e906b45a0515f7e542b508","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"5b9a7c1d986cd151ecafecefc2d0183108ca8f50d336c3fe7c0a916891024ff8986620d73c95122cad498d6dfa","nonce":"16e906b45a0515f7e542b50b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"281ee39ff7ad03262d75841b22689d2f459e6cf6594b86569178a0c76bf904cc555a6679c5499c7abe90616917","nonce":"16e906b45a0515f7e542b50a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"67b549f6bf2904c3869b1b5a3a8539f3b84707ffe29513a1abda6e6f499de53d7dcb49644b1c59c10c2d4b051f","nonce":"16e906b45a0515f7e542b515","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"00aea5ca3deb14688185303e00c893e5059c0e047f720be6d65ad64d5503e523cfc2d475681f4ba06a3238a4ed","nonce":"16e906b45a0515f7e542b514","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"80720e532612b9bf460dc122fbdb866d86096bbde3ca9f5c679dc3ef1002a1f1de38a16b6d9ca013b12c30972e","nonce":"16e906b45a0515f7e542b517","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"78646c0dc58d7f462b952ecd7d081fd59f1082b8a529db9538f657599ff7bbc6debe69086ada40c60c2721d48c","nonce":"16e906b45a0515f7e542b516","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"6a73b2b8d71ae3b1a368fd5b3e3a48266db1750a20f0fe9e54bd7256c00baedd714f5f0604d5e6e03444212360","nonce":"16e906b45a0515f7e542b511","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"d571e0672300a7958ad48cfb248c1ccc429d69e12a3106f069363d73bc6300783477752f37488fcd00b8d0687b","nonce":"16e906b45a0515f7e542b510","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"27b93b15606c7e17cd53e91f9a50426faba864181758a84c03372187d873bcfd87df6c5eed0409f8386eb11fd5","nonce":"16e906b45a0515f7e542b513","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"3b4720d69448b3ebbecc550e516cb33d0d23c2b10d191ba935a1b83bd62d2a3a9211258ff38f437c843c66d38b","nonce":"16e906b45a0515f7e542b512","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"5f1997246c2772af01fc7752c01a9a7463f5a9ad604dd184adf51daddb93d632f2ffff73dcf3254aa6fbd1bab9","nonce":"16e906b45a0515f7e542b51d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"a199c47ee307a3e19ba1a2b2f5831c2dfb899c2ba5646a6ec6ad6406acce05f14e7be895b5a4ca3fcfeb07e211","nonce":"16e906b45a0515f7e542b51c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"84289473f54f68a897881f7ba0478213b5aedebf3cc1819f119ffe7715ec544e460528ffcfd533700b48336739","nonce":"16e906b45a0515f7e542b51f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"198ae1a335011b4f6a4b081f75314314c30f19631fec2eece35bd4b2ed6af9cfe5e26f128026d6e76f07bc907d","nonce":"16e906b45a0515f7e542b51e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"1e8238791291f0f297e1f55089b0a0bd0479d5650e6e993ebd65369bde08edbe40cb87971754ad09bb1f2a7b66","nonce":"16e906b45a0515f7e542b519","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"42a9a39ed760da24949cab49706559e91c1f0992aa7897e0aeca2cdfa35061673a8712d6b023e8c80e9304fb37","nonce":"16e906b45a0515f7e542b518","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"293a8a3f6254c9892d6960ce9d5a55ce8f2b3116e501e85e0eb32374f71bb737f54004bb7fcadf51abf15dfcc5","nonce":"16e906b45a0515f7e542b51b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"64f7e80d4e7e016b270123e49a38bf42a2a09ff84c6b2c8148aa9970bf75270c7c00e124ce601843a7e8a41837","nonce":"16e906b45a0515f7e542b51a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"6e0b51f579d2de042d4c516bd6e787485c608061f83771558e411d2d0a3243e9c56403fe8b9b5daf39258dff22","nonce":"16e906b45a0515f7e542b525","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"244cc37b5a7ab06fa0033ae19d04094122e10efd91aefb2ba750377c1107b31dad152a9cedde5a21389aed85fa","nonce":"16e906b45a0515f7e542b524","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"a30ffdfaec2e7f6a6cf375f4f180f9bc455b5d0fc6461fc396392869f62231ea4bb63f2244fe0ae064a5e10019","nonce":"16e906b45a0515f7e542b527","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"2106ae7e1491c774cd871cebb82414e57b5307e5ca5c3bd7feb8848302da2580fc62a6ac9c68d619c36fa07717","nonce":"16e906b45a0515f7e542b526","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"c70d7236fa3701162bf394f94adee4a0e68580a4d560a7595e6b4a727aba7ced7c4d9072e49f8e9bf2b6d16515","nonce":"16e906b45a0515f7e542b521","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"b66372da91de224906d1c9ca36f0213746fda956e12c9685312c55097618d8d96a9cfe0b35e1b48ce01818e24b","nonce":"16e906b45a0515f7e542b520","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"2efb5c12b9d9d2783d6b173a3d2c90ccbe8ae0d3177160f1a0b0f3dec35dae417dbc455e289578b04f1fb0b57c","nonce":"16e906b45a0515f7e542b523","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"1ab02f0f279e3ed99602928b5e0018a8b8e7820bb5762eecee862788d4a72e568f9cbbba1370d17a0ba110699b","nonce":"16e906b45a0515f7e542b522","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"2ca7026c8127262f466a4e8c28e8ea5b911223aed47ae1b84c10d56bbe83e6875a65d497b187516ad1d2d3febe","nonce":"16e906b45a0515f7e542b52d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"7d603e436fd2e4294e86c6dd0cb5a63e184ba8e7d084712b582b411c121ca5382f3df549002849704750178c21","nonce":"16e906b45a0515f7e542b52c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"a1fda5c146653c5534af4ec49b05d6ff618498cff9bc2cc5f13d8d0bbccaf8b57c536f92ba84ea60b022f52009","nonce":"16e906b45a0515f7e542b52f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"17dc2ca6b350cf0f37e5d361107180f3d4e9eeb8a12b082fa9238eee88715cc848b5c0a832cb07ed4767d11df1","nonce":"16e906b45a0515f7e542b52e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"d63e423c52493079cdac47a138ec2a876e7161c2ab9793a68486eb4a65c16141629271e915d443baf797c9b38f","nonce":"16e906b45a0515f7e542b529","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"3c362b1ac89a8d55247d730c6d614d07d4b4bd1dd617b8f5cbdd83f23b498822102bb008e05e91961a3f0ea875","nonce":"16e906b45a0515f7e542b528","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"9c237f316c50df9cd29e385c6e9e081794e866bdb1a447bbc132a800220034ad70cefdb38aa5ae8df3dc38892e","nonce":"16e906b45a0515f7e542b52b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"6cb9f1a91426282fc9df87a6f27c1ae4fc112a73994a27123cadeb3f893a8f4978169c55c4509e7a80931f8148","nonce":"16e906b45a0515f7e542b52a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"12b9535c231d7d2f8b2ab4075386503fc03afe06ddf0af82418ab24586889cfed9b82efb0d6201d50c0ec3df2e","nonce":"16e906b45a0515f7e542b535","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"14f5df3d110f00786c72ced193f85f0fe53993852b00c7eddbc08e82a335b841eff0c680ea3ee9505f8ee63761","nonce":"16e906b45a0515f7e542b534","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"8acc4f6898f8804bc957acff1ef09f9840046d36d0c4421003ba1a945881b5ff17677200d8af91e362d8bb0806","nonce":"16e906b45a0515f7e542b537","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"f26306f4a6869aab32a25fddd01e98670839e9dbf0538948680b56864d2a22e99778f56a8ae3455f0fe8f74857","nonce":"16e906b45a0515f7e542b536","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"4c7e509ce33f715b398f12e36ea674e2e5914511026dfa142419c6c0169e78da73147f67894f8208f844e49bf9","nonce":"16e906b45a0515f7e542b531","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"d68070db01f01fd3185fe578f80be7abea0207e84310c05d4acfe1667d8a91f194fbcf41c71011441cb982b8c0","nonce":"16e906b45a0515f7e542b530","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"ba12f1d270193b962ed6d712b7c841b3f72e9f5721beb3887d88f29e1629f1e8bc34b87dc3f453b9e68367ea60","nonce":"16e906b45a0515f7e542b533","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"b359b35bb12078cd05c103d2b2bf1e0768f3677a8ab0f4b3997f68653bfc3502a14733e2c58f1882f2894ce400","nonce":"16e906b45a0515f7e542b532","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"a1ca1db6d958157b0918f7d25992c3db1f91938828bc8a6c3f992d5bd3d34dc7db475666c7fa019978a12400af","nonce":"16e906b45a0515f7e542b53d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"3ed36e46f62f90b6292c66857fe2f36906c743273ed8fabd51b8c249adde2edc95ae2c353c0a1a2fb804ad888c","nonce":"16e906b45a0515f7e542b53c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"fbee0a9b1decd9e160e1103c110cd0c6d37e3ad75e0db71893a3a2050af2b87995c92a49ddf0b339c9cb0d3cc1","nonce":"16e906b45a0515f7e542b53f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"53b8ea4753f9d759199cd0c30926f05967044e978e6c1122ad83e4083534afb1c9cbfd290048070ca49cd50e8c","nonce":"16e906b45a0515f7e542b53e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"74c202a32aec76ba6e4a85c8ee62221465000b97e15938ca62d1b7b40526ce122b5830314cd235b4342eca186d","nonce":"16e906b45a0515f7e542b539","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"548ddce9ccb740c137b7df05f42da96b9e8f4c6a60c7a25397b25a2e5c6665c85214a39dcd88b7f428306f7402","nonce":"16e906b45a0515f7e542b538","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"ecc42a1e3d588bb54ce0ad3a54470f51bfc5b1aba6055d3751ab55cc9318ff38a79e23cd3857886351db0c1304","nonce":"16e906b45a0515f7e542b53b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"e88d2c40fa11de2fdfa434e9bf1a245d2a851d35615cc041f13894c20d8ffb02b59cbec3e9ce558b7f433faf29","nonce":"16e906b45a0515f7e542b53a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"ed9e7a8a9143bd6d400189b971625929a1f19d159b769d6270528c3905a678cc9e0574c6c734adf3e205bd6e36","nonce":"16e906b45a0515f7e542b4c5","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"c921c5d289c146f6c3f6d1605f34eebc334a47ada58c4ee95658b1edb933a242"},{"exporter_context":"00","L":32,"exported_value":"1a55dc86b2399bdac7270edf371ab33deaf62b71c96214a0fbfb4e120d6f36af"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"ba593ad3d22c0f3e8fadf4838e71c80727b358a28af718496c61317abe049022"}]},{"mode":0,"kem_id":18,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"2ad954bbe39b7122529f7dde780bff626cd97f850d0784a432784e69d86eccaade43b6c10a8ffdb94bf943c6da479db137914ec835a7e715e36e45e29b587bab3bf1","ikmE":"7f06ab8215105fc46aceeb2e3dc5028b44364f960426eb0d8e4026c2f8b5d7e7a986688f1591abf5ab753c357a5d6f0440414b4ed4ede71317772ac98d9239f70904","skRm":"01462680369ae375e4b3791070a7458ed527842f6a98a79ff5e0d4cbde83c27196a3916956655523a6a2556a7af62c5cadabe2ef9da3760bb21e005202f7b2462847","skEm":"014784c692da35df6ecde98ee43ac425dbdd0969c0c72b42f2e708ab9d535415a8569bdacfcc0a114c85b8e3f26acf4d68115f8c91a66178cdbd03b7bcc5291e374b","pkRm":"0401b45498c1714e2dce167d3caf162e45e0642afc7ed435df7902ccae0e84ba0f7d373f646b7738bbbdca11ed91bdeae3cdcba3301f2457be452f271fa6837580e661012af49583a62e48d44bed350c7118c0d8dc861c238c72a2bda17f64704f464b57338e7f40b60959480c0e58e6559b190d81663ed816e523b6b6a418f66d2451ec64","pkEm":"040138b385ca16bb0d5fa0c0665fbbd7e69e3ee29f63991d3e9b5fa740aab8900aaeed46ed73a49055758425a0ce36507c54b29cc5b85a5cee6bae0cf1c21f2731ece2013dc3fb7c8d21654bb161b463962ca19e8c654ff24c94dd2898de12051f1ed0692237fb02b2f8d1dc1c73e9b366b529eb436e98a996ee522aef863dd5739d2f29b0","enc":"040138b385ca16bb0d5fa0c0665fbbd7e69e3ee29f63991d3e9b5fa740aab8900aaeed46ed73a49055758425a0ce36507c54b29cc5b85a5cee6bae0cf1c21f2731ece2013dc3fb7c8d21654bb161b463962ca19e8c654ff24c94dd2898de12051f1ed0692237fb02b2f8d1dc1c73e9b366b529eb436e98a996ee522aef863dd5739d2f29b0","shared_secret":"776ab421302f6eff7d7cb5cb1adaea0cd50872c71c2d63c30c4f1d5e43653336fef33b103c67e7a98add2d3b66e2fda95b5b2a667aa9dac7e59cc1d46d30e818","key_schedule_context":"0083a27c5b2358ab4dae1b2f5d8f57f10ccccc822a473326f543f239a70aee46347324e84e02d7651a10d08fb3dda739d22d50c53fbfa8122baacd0f9ae5913072ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d6775308c3d3faa75dd64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692e85b09a4","secret":"49fd9f53b0f93732555b2054edfdc0e3101000d75df714b98ce5aa295a37f1b18dfa86a1c37286d805d3ea09a20b72f93c21e83955a1f01eb7c5eead563d21e7","key":"751e346ce8f0ddb2305c8a2a85c70d5cf559c53093656be636b9406d4d7d1b70","base_nonce":"55ff7a7d739c69f44b25447b","exporter_secret":"e4ff9dfbc732a2b9c75823763c5ccc954a2c0648fc6de80a58581252d0ee3215388a4455e69086b50b87eb28c169a52f42e71de4ca61c920e7bd24c95cc3f992","encryptions":[{"aad":"436f756e742d30","ct":"170f8beddfe949b75ef9c387e201baf4132fa7374593dfafa90768788b7b2b200aafcc6d80ea4c795a7c5b841a","nonce":"55ff7a7d739c69f44b25447b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"d9ee248e220ca24ac00bbbe7e221a832e4f7fa64c4fbab3945b6f3af0c5ecd5e16815b328be4954a05fd352256","nonce":"55ff7a7d739c69f44b25447a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"142cf1e02d1f58d9285f2af7dcfa44f7c3f2d15c73d460c48c6e0e506a3144bae35284e7e221105b61d24e1c7a","nonce":"55ff7a7d739c69f44b254479","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"20209cc0018aa2495f728f1b6bf45ed57ead5710fc2c54c7b08bb73ab2e6868686d016c806b5740f2df6f4e231","nonce":"55ff7a7d739c69f44b254478","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"3bb3a5a07100e5a12805327bf3b152df728b1c1be75a9fd2cb2bf5eac0cca1fb80addb37eb2a32938c7268e3e5","nonce":"55ff7a7d739c69f44b25447f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"947a6d3a31f4f9ab3ca8d071895e0daec9e44b58b83a5300130b18dbc390823b05f5bd097b453d31e73162776a","nonce":"55ff7a7d739c69f44b25447e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"057157b72a28f382b93abf4f63d8442f17235c4da1757059caa45ee007c70a754e638ba359eb4c62094d7c34c7","nonce":"55ff7a7d739c69f44b25447d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"67fe6fb687bfeed690b632788636e3ffd715490458895359eb1684855a1f97627b6bc9ca69658ae65805811174","nonce":"55ff7a7d739c69f44b25447c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"ce745958ff195fba0f9bce0c207608bd867c1732722a8dbebc4b6fa3975fb1da5f6d5555a1349e42fc4785ba06","nonce":"55ff7a7d739c69f44b254473","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"fa38e7d4ef2e891b14c783ac3cc90c8ab6983acee3b783f28d4424c7c2f66dce9309f435aa86b1b0584602d436","nonce":"55ff7a7d739c69f44b254472","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"820950d48a1faface2b6c32119125ba24790229141e048164ce2fdf1df9454414dde5cc54ff3862d3803b83366","nonce":"55ff7a7d739c69f44b254471","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"b69ffed627d5fd7ca6540a8e2dc719417f7974fb34b76e321e78afd8eae37761ce096a3ffa7167f1c47a104402","nonce":"55ff7a7d739c69f44b254470","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"5f90244ca8f8aeac321dbd75ea1216f039f135a18d9ba06acc223c191f0e4e856c9700696a20a79c3e48a50f77","nonce":"55ff7a7d739c69f44b254477","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"751d94e9bd605f04699786888c76b0262b6aee503f5391c60e435525dd469da822e3f52a37f1bdd2af87cf7623","nonce":"55ff7a7d739c69f44b254476","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"90a73ea2cc8f6a3612b3722580928b23d398e2118ca4e67547800e6bfbf57008b27ca768a006c8903315bbbfdb","nonce":"55ff7a7d739c69f44b254475","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"560a55b80f42932d551b2189a0c2b6ea7faa5645938c38ea33d57cfab1de6f389a3c32a92fa08978694643c745","nonce":"55ff7a7d739c69f44b254474","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"9dd96966fe618fadec262511c02570f8b3a1b515e8e8b2f6092cbed82273550ef11b6795229943692a9a5ba91d","nonce":"55ff7a7d739c69f44b25446b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"9c4de55a4361a3e8c3911ab12bde26625a9331c2ec61e48452fef9b926e80e72e730a38daabe81068ac10836cb","nonce":"55ff7a7d739c69f44b25446a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"9069818132e8a5b99fd235da1c2e2baeac20f13fa48a845ce2f4166ba3283d5351b92c1c4e74b2937c291a34a8","nonce":"55ff7a7d739c69f44b254469","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"eb10fafe77a66b9bf6fb6dc1ffe0396f780c1775297a6fc8bd468b92c09e6e2be1418df0efd67526e3a7dca7b0","nonce":"55ff7a7d739c69f44b254468","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"098b8a3540c84b524d240b17339bf2ab44c3dc58200955e5ba9774d406ed0fde077d9f8b794af21e07ba58a23a","nonce":"55ff7a7d739c69f44b25446f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"6e8e6c68908cc603c7d182e86e7168e2fa5e8d463e57f9fe46cdb1a64d602ed3578050735d49be8af2a9ca2ddb","nonce":"55ff7a7d739c69f44b25446e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"454ecb20149a4d7a6b6f1129601c75b268b44873a24ed50397cf1f11f2f09fbceee8589535b0f4ee46a4d78e2d","nonce":"55ff7a7d739c69f44b25446d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"6f265714f5c4500a7992e3b8b1cf8c5434a165778aa0026df5fa4b5bc7e52619675b87b15a7c969630f83815ef","nonce":"55ff7a7d739c69f44b25446c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"00335119c03bbd1999a10196b352ac80738e32a5a389528255afbf8f25b77fc579e07342d05e6a71d5de47aa7b","nonce":"55ff7a7d739c69f44b254463","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"90df3e98122f368c18b1118a8466d2557409858ba7aad7c9129e5c3954fa23989295b222b107dca0a72313f560","nonce":"55ff7a7d739c69f44b254462","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"0af278aa4fff4bbe778fa7b425c048a51d5c148f3bde9f9dd4fdcb6eda0839f32a76b407a232dfd9eb92a0e283","nonce":"55ff7a7d739c69f44b254461","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"2c43607a5d68531303b7a80e5a6cf3c166213cdfb960a1b7719d72d861a39002edd73113125752ed4fd2d41bd5","nonce":"55ff7a7d739c69f44b254460","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"cc9b28e76f7e849f7138bb77cf7eb41830004953a7d3bf604ce863e7f5c7032073cf0e2195302dbfef7509fcce","nonce":"55ff7a7d739c69f44b254467","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"2ea80cc62672001bf4a3cab08fd62554ac1bebb74cda7e06c64d9c1e151ee78b2a0b8c9a9b6fa1e6aa3c0e61c8","nonce":"55ff7a7d739c69f44b254466","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"565bd06a018e990bd845e7d8d184278578b15ee3ede73343b7ea5527e404dcde795b5882253b30f87854a05aaa","nonce":"55ff7a7d739c69f44b254465","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"4a2d7169d8a7c2be6c775b8f4ab3e1b46251a9662dd6e02bfe8c64c259755683b4713e4d14a3685593d00325f5","nonce":"55ff7a7d739c69f44b254464","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"63d752004f7481708075780124c3a7d3a8d1c324d426dd500f0714eff76eece0c439ade657afbba698715b88d0","nonce":"55ff7a7d739c69f44b25445b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"899ee5346916591bac371ddc96a75997097f9f26aa82acec4a4486a0d6a665829fc1a32cd96e5677b5c8bfb05d","nonce":"55ff7a7d739c69f44b25445a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"bfb11c9aaa2c96273e198ddeb9b4e6d8cf39dcbc2573298bce4f6715085b571211cb7a64e152741d6fe82e96c6","nonce":"55ff7a7d739c69f44b254459","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"3758a4aa5749776523c5ae5cea9e59a8a39a6d370ec64d14976b4126679b5831d2e057ceafe3ebf6281d57b653","nonce":"55ff7a7d739c69f44b254458","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"7509a920f8432b3b0296ec17ab9c1e0ea6d41603be249a27409c9030a8afd69f7f0914a0ac985fa74c26fb1822","nonce":"55ff7a7d739c69f44b25445f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"b95721583ca9b21ab988874dc31cfea7764d039a9206abe641a2684f933d4227d838b3646061d400c3d6ce00c2","nonce":"55ff7a7d739c69f44b25445e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"e960d3e37f8ed2e7c98864067e384ed103960e0c07e38f2c87b935d2bb229256ed7ef440de0dbb3dd32886a337","nonce":"55ff7a7d739c69f44b25445d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"ceb3bce5fb29e9f96efda5675184258375fc48a1050a1be2d490e32575e87365c1479b346bd31668aabf43650c","nonce":"55ff7a7d739c69f44b25445c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"06d2cb14606ea5be3e2beb848e1283ec85eb891c751f83360618be017de84f88edc5c718a393ba4c87f5e60bb8","nonce":"55ff7a7d739c69f44b254453","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"6b7244028127ea44b4181c4c2d83f421eb8295df4e8f5e5d224777e4ede61bf3335bb8330be6aea23b6edf547b","nonce":"55ff7a7d739c69f44b254452","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"19cedb422ed537aaf4649fa87e65c33df97dd8d64b584b7fbacb6a4268d870389d87de225d66c0f8039f0ab59c","nonce":"55ff7a7d739c69f44b254451","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"13e4086b7b139ccdfa4276e1351d467c3ad4c3556f824a1f36617427a2a7bedb90b7020078edad426064b36499","nonce":"55ff7a7d739c69f44b254450","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"73d4e2777ce85f1d4a8463ecb27151f3f9f0bf713d7e6aa26fff2e94abf79b7aa1c88a43035ebc2786809a33b2","nonce":"55ff7a7d739c69f44b254457","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"cec7e6e5cc5d5bb271fbbefee2383479d4c3c05be75991166e8de0c701934432ca8f58e6557cd4d87940b4f22e","nonce":"55ff7a7d739c69f44b254456","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"50f4cf8cb6df72c710bdaf6f36e116dcc851e9975f1c59fa4ab85875c8b76d6b433befcddf0cbfba3e34096d66","nonce":"55ff7a7d739c69f44b254455","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"0a12b1227aecc5563ab92c3fe54c1eba4eb88af1185d9798281b6d5ae6adf538e626c6fe1fe7b045a2e3f62ff7","nonce":"55ff7a7d739c69f44b254454","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"4df189bbd04e54f297c6cbeda22edf3304b1b695a558511cbfb34d671d24c70a3ff9225d5dc08ba1ee92e7f331","nonce":"55ff7a7d739c69f44b25444b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"7bff6b6893249324db49341e4c7edc60c5ecbf7f0071bcb2fd0d88c596f33816cd7a5736501d2a9e5067f155e4","nonce":"55ff7a7d739c69f44b25444a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"6c2feb3d7cca2cc42988e0a7c59636bf5967689fbe6f1be3eff73d774b0b6b8f69a49cba19719d9170714e1659","nonce":"55ff7a7d739c69f44b254449","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"316beb552d2fffa5940b811d95688f3c03de504b12f4b4b104630bc8b2dfdb50e2c634fbb412b42290764899c6","nonce":"55ff7a7d739c69f44b254448","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"e27c2f03b7949313142172a6bb95aa651e0162dfc42e231b70af6a5c6db7413099ef0cb758faafbd70d72ca617","nonce":"55ff7a7d739c69f44b25444f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"3ebe4a2049f543c8b014943bc54180b9040480978c70895869652fc0f349d63a1a1cf40b6a987beb741aa4b07b","nonce":"55ff7a7d739c69f44b25444e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"16bdc214aa76c80790191e1f60bcdde6a9216a388db77a21273457684a7d1c49064438763051e0f421307658ab","nonce":"55ff7a7d739c69f44b25444d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"651e2db3e99231fe73236b27b68f54635c4e85b979c910318178191200c86f4599134d9893e5eaee4b221a5d50","nonce":"55ff7a7d739c69f44b25444c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"6ef598d302340ff5bc698ffeb1101832686ee1bd187f45f88087f9c5b2eaa5e7c83ccb82ccd8dfc5143492c709","nonce":"55ff7a7d739c69f44b254443","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"3ca0026020e7de826314625e470b2220e52a6d4d92b2cc8c22c4e7bb97f6654679d6afe151b37da68fb1622929","nonce":"55ff7a7d739c69f44b254442","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"94fb0913b536ab3a1036b9d01c0078260794a0c02e68815fac342310ae15429a82e78f15a8a41ace50a3e74d4d","nonce":"55ff7a7d739c69f44b254441","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"6157847481d26cb1b274ec141a605a292640b350a344e53baf4d520c98152f38f82e62aa592f6ca5a27b34e433","nonce":"55ff7a7d739c69f44b254440","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"cd5a1c87cda9fae29a78a70d5c88887d4ef3e0edc3773577d4dbd4e71e78b5430467e63073c27d9000895ccff5","nonce":"55ff7a7d739c69f44b254447","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"0840bda24a372dc349608dfeaee9c5ed70f16cadbd269dda1df4b8c1b96664e05ed3927d3e12791f6a376a7cfe","nonce":"55ff7a7d739c69f44b254446","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"152962889ae9934bb3b9379214d2196b0419311deefdece2ff38dfdd6a43b75ecf132869f0c517cd482d52006c","nonce":"55ff7a7d739c69f44b254445","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"79e116e6a7114f8fb704e07641010635c08b071597194b783ef80b6a45180177896e3eae17967a5f9571d0534a","nonce":"55ff7a7d739c69f44b254444","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"864bf1f1c37915afb2a78270cb750f3c6cbb86d1f91b3ca2a1803e61877724112f1f93e27e0cbe564713a1f5f0","nonce":"55ff7a7d739c69f44b25443b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"11dc5e739055ddc097fd0987b33ec8346e5bd6613e8cd8afe6a043ea75c95379a6a4429ebc1745d3400f734f7a","nonce":"55ff7a7d739c69f44b25443a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"ffe058c7955b9f2bdce12b63043cbef9698deef99da4611aeff48aade6a23fca7486442d03ad669c223cae90a7","nonce":"55ff7a7d739c69f44b254439","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"fe4b32375ecc930620700c16724019b021cb4f350534ba157e22f16ad5ed8c966b7e43b636b495b69e988c74d6","nonce":"55ff7a7d739c69f44b254438","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"de58bfc006bbbc0ab18ef3384af3f1b6d07c6f66cbf451d28caf9a4d624b47d22d2d47bb3d99e6e3ebc72abca9","nonce":"55ff7a7d739c69f44b25443f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"729266a7c9540af29d80edc0bbefe9df5c8d06bf3100b2f68da0ebe2ed5274a43bb2637b6e826716d4569fb817","nonce":"55ff7a7d739c69f44b25443e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"ce6c180a35e99fd1c624e463591fee38ffb92cebfb57d92e8746c6434d8b0c4aa07efa4561cbe8b1ed9817706d","nonce":"55ff7a7d739c69f44b25443d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"c8987fff919bb9a109ee2cc42df2ab27b8b957862862c1f38e02e5eb7036bd355241d703e58a81868835d09135","nonce":"55ff7a7d739c69f44b25443c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"df2cad763bdf08329bb249a7604dd38e5c35d5378a37f62178c5dfac0f2184dcea1e04a692d5e5967c38952362","nonce":"55ff7a7d739c69f44b254433","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"7e2f2cd2da0fece30e0df6dc73e91d5c5aac77c72068ed98d1c28632b46a2b1dfdb0f84b66a48909dc5faabd3b","nonce":"55ff7a7d739c69f44b254432","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"2993d7b93f0e822d6d394c0e4fb2b442c98a0703eb85b109f01aa71d29d561596b3c3e6299cc84131bf3e80081","nonce":"55ff7a7d739c69f44b254431","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"6d17e646cdc2bca23544d1cf5833b9c3f7aadcb9d2aadbe992e5d3c62fc934ac164df447656ce9bf13eb4e8120","nonce":"55ff7a7d739c69f44b254430","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"dd1470f1aab7a433d67a667784119141650a5b395ae0cf70d4cfe245116f8e584c96ef75fc22b58e294a04c4c2","nonce":"55ff7a7d739c69f44b254437","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"88a87f5542fc00d62faf914c984bd3988d96526c4078e58e0d9cebe3755b7e763391f12c6619e6ff60d063acc1","nonce":"55ff7a7d739c69f44b254436","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"c0c386c01f1826615dca9210325f8da93a6e32688ead972ba29187a6ae9786e123a34e043a5dd90c6e69a406eb","nonce":"55ff7a7d739c69f44b254435","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"d12bb248d91b042332ef1eb24b91092ef45bb85337db2ee4bfebae7d3fdb0755df2163253e50244b406bf47e95","nonce":"55ff7a7d739c69f44b254434","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"3fb85f431bdb38b61ba444595fb2a326551b5d63af38fe375365e39be3a973a416808262e5bbe34e73f872e5ec","nonce":"55ff7a7d739c69f44b25442b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"453fb9a641f7eb5a71ec21a5706af4230f2c4cbcc35ca5a481a3dc91d99a3d91c68976279465e51bc5803bfd22","nonce":"55ff7a7d739c69f44b25442a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"6024098a132554971ecaf523f11d811a0bafd9a1c008971df280ff04094bee37edc93b6269365c539e585a663a","nonce":"55ff7a7d739c69f44b254429","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"13420a9896e9ee70e2a69f155aee657114b80876cd1d34df77890abd520a1e457902182ea3d89bcc8d6c6e341f","nonce":"55ff7a7d739c69f44b254428","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"137f4ab25ee814a0bc6321091247b0389944ab2add5104e738e869a228277ce465382aad918f74eada24a1136c","nonce":"55ff7a7d739c69f44b25442f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"2593b61b9cdc7a598542b1e27771f08ae7bed43663b3771fab37d915ed5f74f552a51073de576a0c2a2c4479a8","nonce":"55ff7a7d739c69f44b25442e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"09754576ce26c86b6209773d5345799b784ebacd1569f442885be5b5cf6c116042e5ef250d4253750560d1d553","nonce":"55ff7a7d739c69f44b25442d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"d45be3a97936bbc064beb65447f902818d9004e2efc6fb49c080e440dfd9b634116b47a304a182d4ae309c3493","nonce":"55ff7a7d739c69f44b25442c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"c7d2b170a6fdf730bdfe80b2e294c5b2914e2c8935e445d8035e358091dbfe1c97a6488609a0b8c80753879a7f","nonce":"55ff7a7d739c69f44b254423","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"8429e1f354da67680670ca9aaae5757b221e789f0cff8ff973b2cf89ab97cfe9e166779ca6cfb2f19f3eb0294a","nonce":"55ff7a7d739c69f44b254422","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"e1c80d9e5efbdf288f43ff359c9585967891470b0128a7f84702fae1a970c1f12e0f1779834248c1bb3b076ffe","nonce":"55ff7a7d739c69f44b254421","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"aab14e75df5fbf80f3344e02f49b9d8815b3bd803436c5ff918991babdfe3541f047bd147197c2ab1004530812","nonce":"55ff7a7d739c69f44b254420","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"4ce538cd4f57b5177982820c74cec71288a20b7a9ad9d709f187df25c335c4072afe2f54127f2e510d27c68405","nonce":"55ff7a7d739c69f44b254427","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"4eeb56df684f1292ceb94f2454a2eb1c82a4753e84f0cc7da0f36ddc3d485a6ba96aac46a283abd2c5dd3e77eb","nonce":"55ff7a7d739c69f44b254426","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"97c3cc27bcb0ac16da1ff4b282ff3ef7ad7048e10418948f1c449bb96dd6eb11050c75515aeaaa9fbd8eebcd98","nonce":"55ff7a7d739c69f44b254425","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"e29fd45de0984252936b15daa3bdf6550494f96ff50c143b315f55f0b77eab0e0189511fba31d44c702138f058","nonce":"55ff7a7d739c69f44b254424","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"22a8739160068091618ef1daf1741a0edc6234fe1a79a0d701bfabf6adaed49be14c1b11755bfb0097d4f905af","nonce":"55ff7a7d739c69f44b25441b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"9552161aa030dc950ace7f9d3e59863c45fc2c7dc07c2c7324f66a0ab8bd450a1e49a1ed3f28ef073dec1824e4","nonce":"55ff7a7d739c69f44b25441a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"a7fe606926f3a0aed701ac28b41a8317b7e7c5e37ac34e658baea6d6301fdcbd8856d7ff4801511a966aa3b19d","nonce":"55ff7a7d739c69f44b254419","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"52be1d524c4f01f777cc86318d8343bd8cb3d32f840428c0ba50e925281d7b16274dd7bafba98baac8fd818104","nonce":"55ff7a7d739c69f44b254418","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"45518f014545546504a60b489acecf773dd2092bebc9e3f820604afedbd542a1bfcb41647fea27384ea920af9b","nonce":"55ff7a7d739c69f44b25441f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"29de9c90047d870e4ac4dd0358899d150ba47406582de359323ba9c84fee97383563910b363e4448852fec832a","nonce":"55ff7a7d739c69f44b25441e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"138a3deecd41a036a85bf9a2e0fe96073c4fa4119cdd2d3445406932ce93031df27635775fa4947b489e3b0769","nonce":"55ff7a7d739c69f44b25441d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"7744af7e9ddf4e064c64a18b4ea4c4db66794b0442f44debb59a28f04ad807b7d7c4943d91e2085f832a872d28","nonce":"55ff7a7d739c69f44b25441c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"fdd7bc8ffe878ef60948716eeded504f00f4b9390742ff47c563b2d21754c4bc56518593a31664075cf95ca685","nonce":"55ff7a7d739c69f44b254413","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"98a5dc1230025ac6ddff6b90ea82a1076a4f901c8e9d5915f6f025cc2ada3125606d2d5e98772e3958ba01420a","nonce":"55ff7a7d739c69f44b254412","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"2fbaf0fe0cc08b4bfbdec06a30baec0e87a0e6fb8be2a6351bd6706175f5628f51da8ac0459b45a716704da628","nonce":"55ff7a7d739c69f44b254411","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"95cd7a0714453f96347b49a879915be75f1fcdda6582013759691011f83be8cb8f3431c6bde98ec19589861e23","nonce":"55ff7a7d739c69f44b254410","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"6dc245af8ec2455d259595a70038e4b44c1bdb0441420ec6fcc2aa8fffdf7dfbf130b159599b8e87089f8c8364","nonce":"55ff7a7d739c69f44b254417","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"9c50701b9af862198caeb8654441296020b6cc26e417ac2a2cd76310d5da38348dcb47bea7dd3334e0c9579df3","nonce":"55ff7a7d739c69f44b254416","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"bfa3abb0d82f9da986b69d96bd16ac0f28bb9cbf4bf330fb4a30140681abab4022c04c602f4f5f88de0641c4cf","nonce":"55ff7a7d739c69f44b254415","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"c8f8e0b08a51a88638f48f67cac4a89d1bbf56580305d9533ad7ec8c7db917520dd1fd70635873a06eb17d08b3","nonce":"55ff7a7d739c69f44b254414","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"f37612cae4d6a23176eff1ee409a2e1b6411679a92c35582356203ff453ca72aac5450d7ec280f7c6df8b9b8dd","nonce":"55ff7a7d739c69f44b25440b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"a5e289deb3220d5fde0740fe683cb32367c4ed731c7300e29b3c84148d117b4ce95fef3c60d4b143c89cdeec14","nonce":"55ff7a7d739c69f44b25440a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"c806f933b250c8ee0082515f73e6201675f990719be6c2bb7ba83c4734cc37a42989b9fbc597c9ca9305f083f9","nonce":"55ff7a7d739c69f44b254409","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"e0c027c8f90f196dd0a6ccd5a248a7cf11773c0f5c81551d6889ba878eef3d090d5a4ba9339f04211215a8bc4b","nonce":"55ff7a7d739c69f44b254408","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"fac095ea3df76636ec316772dc05b8c3d0f3c7da7172ef694142ad00f08af45bd5a6c03203ae1b0ec76bec9b8d","nonce":"55ff7a7d739c69f44b25440f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"d9f4bdf6e1cdf91699a42afe74df2ad20e5cce64c41be6d47bbec50af73a9f91de7f760cc673334817eaf890f1","nonce":"55ff7a7d739c69f44b25440e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"8fa2413d97e8a8298b38af6f555ba08271f606b0b37b937a25dfe09569c3629efe570b46d8b9c1d195f39f2f16","nonce":"55ff7a7d739c69f44b25440d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"11cf9752202e768ada221944808b6ecd74dc3cc8f4e5cc5cb6010fdcb3b02480d21f5ddd7c0863ae99a3a3e746","nonce":"55ff7a7d739c69f44b25440c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"97f74e28ca4493109b6a04d2db8dee78190be4822bdecbcb301e6329899c465d4acd059622c05d0f2a58f88a1c","nonce":"55ff7a7d739c69f44b254403","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"93149d4eaec498a546ff403debffb4ed445619dc0fabd3d23aa254a7f23318cc8f1d244e6ae566e7014224b931","nonce":"55ff7a7d739c69f44b254402","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"098f6b414fff6872f196caebc76f5e6b69b883fd80c6cd004fcebedf25d587d2b28ce70012978be7baac8dd574","nonce":"55ff7a7d739c69f44b254401","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"5f3b0f09aff306731c6d7fb72ac57b91fa1b7a51dbebf9dcc6e8151ce350cd96a393a0276a3676a5354f4c86a2","nonce":"55ff7a7d739c69f44b254400","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"0e7b310dbc294577ced91fb0897ebf003398a30009dd56a75e47197132e054c8d9515a2fb609b37402550b5cd3","nonce":"55ff7a7d739c69f44b254407","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"a31f59c3dc9a21fb016864beb1763371137abf8ae95ee2e42800c656cea4b714015596fd29cbc5df8e4a74c3c4","nonce":"55ff7a7d739c69f44b254406","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"930688f534d301da99a2b5a19f6c554802b0edb47dc7e3323ba0ef5a429a444f436e044b9aad832eaedd740fe8","nonce":"55ff7a7d739c69f44b254405","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"f6d22bde43d515c2e3d94225e7904f43934e51ea4738fd54a725a73edaf334c482381fff6bf81e23d2e63d898f","nonce":"55ff7a7d739c69f44b254404","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"6a5fe165e5160f43ba5ca9b53bd3282a2ef90c1b6e9c058912d2edee618490a569aa72b837c5e65b43af39e100","nonce":"55ff7a7d739c69f44b2544fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"f344c45861a038c22548137c8032625b222ad725d7add69ee0df0ad0a8c1ab18ac09ea9b23f9ba3ead75591188","nonce":"55ff7a7d739c69f44b2544fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"0bc5bc59a7a3467c506d8a65ef89ef5ce03dd639e40a55ed41b51be6ea9cd79b3c2948a80f1bc30f2387c35cad","nonce":"55ff7a7d739c69f44b2544f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"43d7fece4cb7eaf1a8d9d8c49e4f1de06db60d8ea88c6edf7f109b2c496217a69b9b7deb07feb070f86b4dac76","nonce":"55ff7a7d739c69f44b2544f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"caa162074f936b078e96c5defbd3ad4d5efa169a890a86d05cd820006dc306aed1f23e1f4a06a09aeaae30b32f","nonce":"55ff7a7d739c69f44b2544ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"d8939146d6b63da359283d9b9a0fa01f1f7e822df2449916f38aea8ee0bc188c9b3a7d8df0c7a6273e188b73be","nonce":"55ff7a7d739c69f44b2544fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"3c6fb96f30b03f3b0a135e961a45aed394c1a72b268f3e9906026691214fd50fdf35da2b278b4279f6d6a35aa1","nonce":"55ff7a7d739c69f44b2544fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"9a5b96654de2facb4bd2342f9d809c87b3b2bd04e1dd4b0ca7864a109a18ca0797446565a3fc60fe5ee9dc9877","nonce":"55ff7a7d739c69f44b2544fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"0117a10cb6f60fb01add0bb632b7e2d477c1e192b2ca1b35b5b0b67169f9d9e985abdfdb55e729271bb632cc05","nonce":"55ff7a7d739c69f44b2544f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"cfaf42316942316ebd53d746ee4a5ae48a05894edc0cf94d4d3c564ab68449e469de13fa4c4210ae10f4e44b15","nonce":"55ff7a7d739c69f44b2544f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"733f6d1098eefc03aa64dd87ec28ae8a388e101266b8f26bebadaf6cd06c1314bf94d98af2aae85f154007959b","nonce":"55ff7a7d739c69f44b2544f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"c2e555a8aae93304c76f4dc5c87c94ba57557a2090effe688425b9fcedbd95de8a0f749add41f4763b7cfff0dd","nonce":"55ff7a7d739c69f44b2544f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"13bfa9fe0165bf5040cd026ff663a258a6512072831349de0bff8461535dc1925cda8d3f22097e17947718ef92","nonce":"55ff7a7d739c69f44b2544f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"0005c904a79bad334a9b60ffe9d728670320c981eaf2fcce94e18ccbfa88b9c36d90f1c245418309d2ff0d60fb","nonce":"55ff7a7d739c69f44b2544f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"70962d825bc734fc07b4b1ff367967f23513f787e00cb0ed174b7bc487bac7ad1992aa7459d98000768d9b3c1b","nonce":"55ff7a7d739c69f44b2544f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"84d70e7ea2c3b5392d60b644d872d95d86ac97fedf2bfa85354ead77ef577896ec4ebdc6d3a875523899fa406c","nonce":"55ff7a7d739c69f44b2544f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"3d37bca907c205dc8b93e015a229a70e27c034bb73d40533169951fe53b2ba1adf621ce0d0eb53c2219dc440e3","nonce":"55ff7a7d739c69f44b2544eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"408ac350b9e54c5d60dd2ade1d7951207f6a5d37e87cb7ee652b00edf55379ec4ad0675d01fffcb80311d1dccf","nonce":"55ff7a7d739c69f44b2544ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"e492fb24153692b022960c5d16915e93c44e77f641d1e06018160fff3c7a6dbd5c0a11ee77ddabb11ffcd78548","nonce":"55ff7a7d739c69f44b2544e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"6ac451c2d7ffb3b75e13c1aa7b7828d75d3e9bfa651e1022fc30dc27312e0ba8cb32fd44a6ee71805183537047","nonce":"55ff7a7d739c69f44b2544e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"635c098cf1a9fc53556a92f22e4c24ada97ba268d3b8aa9d459acce25a6d9bd544563457b687c60c3e16f3edec","nonce":"55ff7a7d739c69f44b2544ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"060b389d3e499b8f4fdb9ba4ed976ba49d7c23b4fd821c257af9d1b99a829f08183c36a1568765c059ecdb7582","nonce":"55ff7a7d739c69f44b2544ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"436f6938fb8430c7f1b9057427f813ca35895d32f23d76f3d3ba4d3b1b5a63ef65202d28e8dfe944d47b6d332d","nonce":"55ff7a7d739c69f44b2544ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"6f1d91380ec98c93b6f3db8296132cb3a6fc39be0d73891e043d8d1b2d48fb293966cbfa1c953b6bfc660f21c0","nonce":"55ff7a7d739c69f44b2544ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"8768b213b29d95d159c878e087b65a37508d01dbc133eb29f4eec7d39818fac78fbf15385968e90739f88e4a27","nonce":"55ff7a7d739c69f44b2544e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"ae644638f6f954b2d47ac5a4b7def460e5fc77b52148c062711f129715a73e6d75de019a9fa98601cc6aa92521","nonce":"55ff7a7d739c69f44b2544e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"b9918cf0bb83f06060ec428c15313cb7645ba63572d93393ac7b89b0132e99b6f756a0d70c2bac9ee6740bbeeb","nonce":"55ff7a7d739c69f44b2544e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"8f242aff9e8fd18e05f98a51e1fa974b4252b5ac608904e437daf42c0df3f7c0f653566e64b65609de7eb3c0c0","nonce":"55ff7a7d739c69f44b2544e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"05458e74f69007f3c674bf271ef18302aac67eb2e9e4b82fe602a889127f73286294cd2de7004a6deca9e6a973","nonce":"55ff7a7d739c69f44b2544e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"1801c98e711b7532799601b8aa3288e771cc2934cf7e4b7caa64464b139c803d5c3d5160ed012a3d6bbd58fd3e","nonce":"55ff7a7d739c69f44b2544e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"c4615cc188c9e4871f3c8102d45cb7fb80fe8a9347158aaa0d0b6d5f272d5497b25c2aa2a46dcc154abcdbaad1","nonce":"55ff7a7d739c69f44b2544e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"7b673501597b1b06d06e5720f462a37d67393b89d3ef5c5ccc256ee1f6d872913c8c0bb837cdd4c4e54d9bb60f","nonce":"55ff7a7d739c69f44b2544e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"dad97f2ee93a26d19ae83f4d402835e5e428e2743ba049b1cfb79d6821bacf70361e581d38199bb13c635a5067","nonce":"55ff7a7d739c69f44b2544db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"d142e2175f92200e001c2a19f7f41918432aa645a50e4a62d1e7050cbcb6e59f3e01c8a6a8f65073236d2a2667","nonce":"55ff7a7d739c69f44b2544da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"3fc37a2342164b28485a43f2cd87bcf17fad60bb726b4505ae1b2d58627ef43d3afa3098e9021ce3a05bd90c37","nonce":"55ff7a7d739c69f44b2544d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"a0ff89ca9851dfbede518ef042e604e30151e942059bf46c7f4448639177bf7021875339c1adf4fd12f709e3eb","nonce":"55ff7a7d739c69f44b2544d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"fe61035d1522e2dbc3857579a63b183070a9ce8459dd9a6fa9b6147066ef0d43fa87f1221291f9b010d29ccd78","nonce":"55ff7a7d739c69f44b2544df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"64133d19f84e9f1be7a4de7e2dd06c74db7369aaf9d4865c88eb37a2a8a326ac398ad866f439fcb473ec53559c","nonce":"55ff7a7d739c69f44b2544de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"68bb3da50897ae5c764834041f5e4ae516eb43c4cfddc59905be4dc7959b0bd869a63e22a5f2b8da5bfb42d95b","nonce":"55ff7a7d739c69f44b2544dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"9cf8720d8c1f9a807de0bc8a97a77308ef7ee6013c83a1bb575989480a6fe7ee841d3cc1723a2eb84eb0c1c78a","nonce":"55ff7a7d739c69f44b2544dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"5973f6768732560192d0023bf263fea214cb6dd3afb1361a8845ab801859e8c04b81691f27169aeb21fc30756f","nonce":"55ff7a7d739c69f44b2544d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"b7af75cec75d35bff61731d6b2cd1f186877543a912841d2928ca04a05b70d21eb519a9b5825a97d433b87bc23","nonce":"55ff7a7d739c69f44b2544d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"f76319eaf858104a8bac7ea16d19e6c14e26377abe8e13854f0bb376a00ae545af3938a47f9bf3c391f7216f45","nonce":"55ff7a7d739c69f44b2544d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"895a3c3d0d712c4493932731c1335a9c17b7590e3397380457f9e9985a457ceb021e7c247dd65cd183459321d7","nonce":"55ff7a7d739c69f44b2544d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"43945039cb73180de4a05390aba651ed8681314cf06dce51aea71914c266920b92b3ee52ad39f2eb2aee72932a","nonce":"55ff7a7d739c69f44b2544d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"f5393e3e8bfaab69d4305591c6603eba8ee13ce001c412d9b5c5c35538686dbed3a0a78a0b3e497541f056025a","nonce":"55ff7a7d739c69f44b2544d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"7e38294cc6299c16e05f7d98e5970077fff23aaa236f3da40576fc764463051c9e7bfb13ee7633bde36e59c139","nonce":"55ff7a7d739c69f44b2544d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"b00dab091d01c475b4c21c39221057662e2dcb8a1a0feb300a6886742284fff9eb610c92fbc9b18350de78ade1","nonce":"55ff7a7d739c69f44b2544d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"3de7547517a6c35baa75b480536c202456af6812bd2d4478286ee4490298027006efe852484e0e486830f07ec1","nonce":"55ff7a7d739c69f44b2544cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"efa8fd61f56af2dba728c8b55087294bb0a69c9e07ab29aad033b49026db3da647e5bc3d78a56daae483e84cf6","nonce":"55ff7a7d739c69f44b2544ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"e45e6554bff282d1d617008bc57ad90290366b3d83b122652b52c42ec52ba25e949e4efbdc3d71488108b8817f","nonce":"55ff7a7d739c69f44b2544c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"815a005925ecd31d414c7b82de85d93ebd2df37322a4461436a252c634df8afa83b5e0630f67a990baf8f7d8d5","nonce":"55ff7a7d739c69f44b2544c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"904856e3e4e2fa835daf44ed489790bd49aa36b2eeff4fcea7950d1d0251a12c78b12ba84855c922ab49b7cee7","nonce":"55ff7a7d739c69f44b2544cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"f45164d35d7f7508c3b5079432a378b4a46021c0a8f7e92fed7939da3dbd75a139b3d790f6f7e4a92d9470c7ff","nonce":"55ff7a7d739c69f44b2544ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"989f00ceacd19a614ff479dc4c34d1b7dc3215270e20911028d1d2fef7329b74e953e78e1c3ddd6835b4c29e1f","nonce":"55ff7a7d739c69f44b2544cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"dbc5c72591426f4d237afaa0cd457f21164efcd204eb693d465dc66e39e68de643fafbfdc1108760df9c70c591","nonce":"55ff7a7d739c69f44b2544cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"753c9475fa4c4d3e66825617598d4b1ed4adee772f365e1530ad4cbe296e05023cfdf4c5127808841a4855ff7c","nonce":"55ff7a7d739c69f44b2544c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"40a7c4bcac7a610c8606e0410641b47035d0b6e2e7f27059e882dd695f06defd6a4c3577b647f0df2ceb16bbb3","nonce":"55ff7a7d739c69f44b2544c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"a8f20252e3dee4d74dace7a19329bf2d106b8e1abf87b44ac1ac70e50967ea3ce6eac8d75cf76d83a172edd86d","nonce":"55ff7a7d739c69f44b2544c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"b50706681fa4f4baf216dcd2e6a4038a7e9716a83ba29b49d639045c4777f601417875bccba6a8c19fb396fa25","nonce":"55ff7a7d739c69f44b2544c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"3a1629cde73541cfa4cfbc62387b4450d3a7abdbc49e559b3dbf32a3d6efdcfcc1a26d027a653915ba145240cc","nonce":"55ff7a7d739c69f44b2544c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"e57eb140f1bd9e59eb3493cd8f87d09afaf0bdf6f6b4da0f8024136180fbf9881fb93f7e3604b218aecbcc500d","nonce":"55ff7a7d739c69f44b2544c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"ab88ab6b47ad1d60056fa9ebac6f294bd2d06f45a83addbf70299c548d364382fd19b4e082dd9ed85aa14e2f75","nonce":"55ff7a7d739c69f44b2544c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"24749bcda6b260de469a39f5025507130375702b45cc92de5157d96c7a30ba3161e4eba8c07ff3d535c4e43c0e","nonce":"55ff7a7d739c69f44b2544c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"6e205728725c52c09324962bacab9658c57b356afeb2ddb8faf31385835b1f3d03da9b10590ba543dc714bb804","nonce":"55ff7a7d739c69f44b2544bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"3b24f2b436bfe097340bfd3a7c5350050e4d067f7fb35d87154efc4f00342fbdd2e606edcece597b48bcde0cce","nonce":"55ff7a7d739c69f44b2544ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"496b5342de59bf1d2668cac8016ba9da1903f2efaf48c6f2d4b3e6ac8e9551df2b6ed105af1ed5c7b587570f3c","nonce":"55ff7a7d739c69f44b2544b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"1625c64727ea5a2e7eb2f438c5e19d46a9ee1eb109833d50e63054ccbd8800e30ad97155d2b211b0e3620c56c4","nonce":"55ff7a7d739c69f44b2544b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"177d41ff3e6f9fe21d8374ff070bec83d020ea9d7a2c7f38556f73433c39c223a882660b243c1530c807e80a84","nonce":"55ff7a7d739c69f44b2544bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"87a01d0af625ca4c76aa867e7e7a0da2fdcbf840999f8c08f3232388b6f5497b07e30522075b39a27288d6d8d2","nonce":"55ff7a7d739c69f44b2544be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"d5e5895b4692d11c08c30984d18440201e19a74d90d158cd1185072a0381cbabf12f1fc90b9095484536316c83","nonce":"55ff7a7d739c69f44b2544bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"a07afd46099413940a5d5ed7e80b0642100f5db7ebb9aa20b421c69e1468e54888af0a40c2344c609eda2684a0","nonce":"55ff7a7d739c69f44b2544bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"75be958613b28e23ee218fea3981e6a8baeb3f635c8a7d0c89f62c1590c55ca8faae939856ddfe6b14b0ea1def","nonce":"55ff7a7d739c69f44b2544b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"db652bb89d30e6984ec02ef38ac08f2e4726787f0a78c9c1ffbd6db72015e3512862171cfd5ad3bc17ddc350e6","nonce":"55ff7a7d739c69f44b2544b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"6f04fb7f521e4eeac796ea0cff154cf1357df791b1075b20e1834bbb481dd1de11832b06c0955584ec8bdd51b3","nonce":"55ff7a7d739c69f44b2544b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"ac7e17ed55acc9c93e18543b76a42df2c39626d418208af3afa1be4c01aa6ed3136d1e724533f3e9c20a039958","nonce":"55ff7a7d739c69f44b2544b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"e2cb1d8f06835214c1738736cdccded9bfe855740db5ca21507c034aefcf79d44aed3566bb84d16cd225d4fdf5","nonce":"55ff7a7d739c69f44b2544b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"a312902d869dc833feb01dd15847f4a226e7f7ee8c8239552966be1da0f25a8ce7a4f900e7bb39bd7fa0f98a5d","nonce":"55ff7a7d739c69f44b2544b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"7ec6a2db5a70db404b8ee491fa7e703940625913a56a6aec6c91a0844747093ebaea799be17e3d85363ea8f198","nonce":"55ff7a7d739c69f44b2544b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"b3eb6d0c64312e2798c418d4940ded9c15b2a149c1a9e89c135d62bdeb9aca733f91bc9408c8454bcdbaf740dd","nonce":"55ff7a7d739c69f44b2544b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"c176938da3eba12ddadf8b49adca555d9122ee3f7a92c174f0e25baef991ff7b38fc538ecf7a4f7e557bde1635","nonce":"55ff7a7d739c69f44b2544ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"c03ae2eb7c751e009a8560283b054b7a7ad4737861cedcb96beb57ff30c17d4b523c3a23d8d85b68da00db16d7","nonce":"55ff7a7d739c69f44b2544aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"d7c3ac08d1750c308e466e0e1fc556cfad0fea833cad4fab8ca58386b1ff04865242fba31190dd728f04963260","nonce":"55ff7a7d739c69f44b2544a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"57afbfb17e8885d3f3e0b8bc9f05051573b89d9106f195454cf5465b0d2122c2a2f6a0f9260f5661046742daa4","nonce":"55ff7a7d739c69f44b2544a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"4c738050674c6086b96959be62ba315e3156e5d658eef7ed49b9f4bd69b2bf2780cfc6fa9eb05c456f182edfa8","nonce":"55ff7a7d739c69f44b2544af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"5db068649f8e9b62d3ed96b3ef0a60d08ace5beeedaa0449526dc53d658deea2368b0abd7e35c0c2550eaa7806","nonce":"55ff7a7d739c69f44b2544ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"e3482544bed96c7229a0549e6418ce6c711eec3b8732568a08d37073e84cdf09ef100246594aa132f9ba16c9dc","nonce":"55ff7a7d739c69f44b2544ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"6b3fc929d7c71c92f513cfee27a3406576885090c181bd3b98099b834dd96861d2034730d847ea3829d2750ca0","nonce":"55ff7a7d739c69f44b2544ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"7eb6c0f8e82c0c1a8f9eed67d46327f4fc37f35e89cecfa25039804de58b794a9a059da208f536021483eb827d","nonce":"55ff7a7d739c69f44b2544a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"298a34c7d8725cb92e497f2f86e6a681980f574d887d1198198efd4b2ea855f3ac41e091c594673ec36180bb50","nonce":"55ff7a7d739c69f44b2544a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"d6f7fae1ce8a5a99d0d186ee22a1d6a3739954dc31944cb49ce4fbf34a607d1f89744a250568e456dffb35de03","nonce":"55ff7a7d739c69f44b2544a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"28bbcd9ffa2f7b4d5c729b0ee336e2eab89169bca19d7bebcf0f4200ba2773361ae8fb1bba27932ae9967b5453","nonce":"55ff7a7d739c69f44b2544a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"2974d3333b9cbb82213fb3bacbe674f2fecd71cbae39c41856c0fabbe091d4791b31f9d2633da211b6695d4caa","nonce":"55ff7a7d739c69f44b2544a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"18a0338251054f2e418180bc945f0560ce1c05fb86da8be0caaea3c4ad88dc413f03fafa8140a84e1fa46d60fe","nonce":"55ff7a7d739c69f44b2544a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"a60db7a2305975a9895d1e17ccf064359c2cad2eb5a0d21c9b4c729ba5cb52f561c71cd0865e6849a3c9df321d","nonce":"55ff7a7d739c69f44b2544a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"dde2b04e3160b9b1438c9df41fe6f3d051c07b8be4fdf4b26121ffe18212657a3329490ef9a6aa24be8f7d5b24","nonce":"55ff7a7d739c69f44b2544a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"b316e1457e1cd28d9d86495384c14f207756fad558de665016f0e852f9143fab503a1bb8c1be80625797f6d4d6","nonce":"55ff7a7d739c69f44b25449b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"82d5181bed1946a32ee94b0eb809aba155d7d15bc8599d9c2535984064c813a102e35dfd5772a253fb124494c6","nonce":"55ff7a7d739c69f44b25449a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"7bf8183cf9ef036972bdad5ca7d59dde39e6cf84cd8be11b0d91947d7001ea11c40939fab38ec6a73130e6be10","nonce":"55ff7a7d739c69f44b254499","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"a832aa54546c1ae5af576d04ff5c94d5ed666211706c184f6c1863153739a978be3df0fa2c88ff89ab2eb0b2ea","nonce":"55ff7a7d739c69f44b254498","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"26bd55ed99ff2e076480fb4ffd27e4fa28d3aa881eb623e554202ee9c55ca651f2476535ba8116ac1404e6c7d2","nonce":"55ff7a7d739c69f44b25449f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"25a1a49f48222f1416de9cf6ce239835d21b068de5673c5c7a7ab28f3b42f7774c26941a9c183fe1a8f0b86403","nonce":"55ff7a7d739c69f44b25449e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"832c808a53bc98a1281104ccb520d0ca70e8db4df1353cdf990d04b9f8d99d12c4fc5a6250b19cbe8ef96033ba","nonce":"55ff7a7d739c69f44b25449d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"376a2f09206752cac1555c327d9c890fb218ba9e25bd6b281a6a16215572bcb67d56453253f044e6dd4b25367d","nonce":"55ff7a7d739c69f44b25449c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"1010af05f196d1b60a57257e0a613015528e881645354112a4fc17e1aa06756203e986e0e295624ccde3e442e8","nonce":"55ff7a7d739c69f44b254493","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"e263d9ed8f6b64f0049475e1c73b126efa479978154fc2a14c80349ba28f468a3d5f8d47f0465bf895eca9d490","nonce":"55ff7a7d739c69f44b254492","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"60d795f10b656177b859265419c0ac30d9244b19c19a6ddf62e0ecfe52c9c1c74ba42a31129c8e14a7063944ca","nonce":"55ff7a7d739c69f44b254491","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"3eb5d7bf6958874af86faacb8b060750b06f85eb2bb5906db82be9f174b00366c1dd1c62471f4111058fda5c6d","nonce":"55ff7a7d739c69f44b254490","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"b40bb7286f39da5b94dbe100feec70cc53b642ce407e6c76c4f259fca385107b775d7439aee1d4733b48e62e5e","nonce":"55ff7a7d739c69f44b254497","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"2ad617b44681605a5c8626202362f1a0793ac0d0e192814c5144fb7ba9b2c0da4edd2399470dddefd3ba3fc416","nonce":"55ff7a7d739c69f44b254496","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"1f98b8eebef1ccf6c4144bd341a767eb97e97b356dd26f10488abb26006d5b77323aefdf7d7183662a1bdb3e1a","nonce":"55ff7a7d739c69f44b254495","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"2659c422f0c6a1d5369df96ba66a2804aa050ab4da76589ba2f37e7bf22cde506916155da25f0a9310c4ce4d0f","nonce":"55ff7a7d739c69f44b254494","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"39a033a1c54669df19045e1ef3403769511056e497bf3ca60806ed006a35ef72a94e8fc38c978cadb2d311125d","nonce":"55ff7a7d739c69f44b25448b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"c3f506689e22167b631c902b13768c8928f3dee608cd05f850df40df98c897c5ab0d5e0132546780e2d7e336b3","nonce":"55ff7a7d739c69f44b25448a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"c2fd9b00c96fac14bdb794515c94985c3e6c4aa0bc3d06d4e10bb223361d5a0572a3aee909bd2f041f084508f0","nonce":"55ff7a7d739c69f44b254489","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"f66499a363e1fd9bd333aa5a0fca81073b81a00f1f0b9b1ec113eb776d6259b3b4364ecb1cb49241bdc713e3a9","nonce":"55ff7a7d739c69f44b254488","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"931dba5e78cc73875b4b22d03f82fc7bf9370a62d89f56a841fb50bb0e819aa07d650d4fa617240434a17d0fdb","nonce":"55ff7a7d739c69f44b25448f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"79213b0fe2e731af6d57d44f65bbbd89e19b9a03542e97ff984ee9110b327e01cd62c00e28866e7c7c5e3073c0","nonce":"55ff7a7d739c69f44b25448e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"4cc9e71d3846edbd0e953cc6716c8f500ff2a52f200e359df1917dfba8b71358ed46ad2444b7d9e39c1100ab4e","nonce":"55ff7a7d739c69f44b25448d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"4c22dbaf219081ed58f537749eaa6afab18dd644550542f96ca3e6a1ac783c61e43299b8d662ccd30f385b5b4d","nonce":"55ff7a7d739c69f44b25448c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"cbd1cbe9e1a0232418cef163c0988b2af1422f69d54c40771d9f72dcd65396cb3954feae146b127bec92bd18c2","nonce":"55ff7a7d739c69f44b254483","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"e840f214f491974a883baaaaab746dbe97824aefb92b339411b5ad4527da65257bb37c6dc58c50fa25113ee26b","nonce":"55ff7a7d739c69f44b254482","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"2deceb1ea150e2a302b4465b3fceb344f2a6ffb8027219600d47aa15769e7694d01c891f2656d90d8aea52eaa8","nonce":"55ff7a7d739c69f44b254481","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"e50f932d2bbffbb0e035c2a2a6169c3e47dc3bd516ac8b31b6b40d2c38864d78e5aa9e86f90719f26847ec1f5a","nonce":"55ff7a7d739c69f44b254480","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"b00bb515d42239d44fcf272919ac9123238496df987d71e939754b15b954ed9a37e02e5bcd90ef20e01fd7fcaf","nonce":"55ff7a7d739c69f44b254487","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"7bf663835b4fe1ef1231aed97619242d93204fa64767c9e840e0cd966557f2b819e9ccef668a7a7d2e16c47792","nonce":"55ff7a7d739c69f44b254486","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"cfa2d0ca44ad823b8f7d417eea0e720f73929d3dcb6db28ff54e6fe48f9c114c219eb40701d0ea6fedc4f93fad","nonce":"55ff7a7d739c69f44b254485","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"4f268d0930f8d50b8fd9d0f26657ba25b5cb08b308c92e33382f369c768b558e113ac95a4c70dd60909ad1adc7","nonce":"55ff7a7d739c69f44b254484","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"dbbfc44ae037864e75f136e8b4b4123351d480e6619ae0e0ae437f036f2f8f1ef677686323977a1ccbb4b4f16a","nonce":"55ff7a7d739c69f44b25457b","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"05e2e5bd9f0c30832b80a279ff211cc65eceb0d97001524085d609ead60d0412"},{"exporter_context":"00","L":32,"exported_value":"fca69744bb537f5b7a1596dbf34eaa8d84bf2e3ee7f1a155d41bd3624aa92b63"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"f389beaac6fcf6c0d9376e20f97e364f0609a88f1bc76d7328e9104df8477013"}]},{"mode":1,"kem_id":18,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"a2a2458705e278e574f835effecd18232f8a4c459e7550a09d44348ae5d3b1ea9d95c51995e657ad6f7cae659f5e186126a471c017f8f5e41da9eba74d4e0473e179","ikmE":"f3ebfa9a69a924e672114fcd9e06fa9559e937f7eccce4181a2b506df53dbe514be12f094bb28e01de19dd345b4f7ede5ad7eaa6b9c3019592ec68eaae9a14732ce0","skRm":"011bafd9c7a52e3e71afbdab0d2f31b03d998a0dc875dd7555c63560e142bde264428de03379863b4ec6138f813fa009927dc5d15f62314c56d4e7ff2b485753eb72","skEm":"012e5cfe0daf5fe2a1cd617f4c4bae7c86f1f527b3207f115e262a98cc65268ec88cb8645aec73b7aa0a472d0292502d1078e762646e0c093cf873243d12c39915f6","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"04006917e049a2be7e1482759fb067ddb94e9c4f7f5976f655088dec45246614ff924ed3b385fc2986c0ecc39d14f907bf837d7306aada59dd5889086125ecd038ead400603394b5d81f89ebfd556a898cc1d6a027e143d199d3db845cb91c5289fb26c5ff80832935b0e8dd08d37c6185a6f77683347e472d1edb6daa6bd7652fea628fae","pkEm":"040085eff0835cc84351f32471d32aa453cdc1f6418eaaecf1c2824210eb1d48d0768b368110fab21407c324b8bb4bec63f042cfa4d0868d19b760eb4beba1bff793b30036d2c614d55730bd2a40c718f9466faf4d5f8170d22b6df98dfe0c067d02b349ae4a142e0c03418f0a1479ff78a3db07ae2c2e89e5840f712c174ba2118e90fdcb","enc":"040085eff0835cc84351f32471d32aa453cdc1f6418eaaecf1c2824210eb1d48d0768b368110fab21407c324b8bb4bec63f042cfa4d0868d19b760eb4beba1bff793b30036d2c614d55730bd2a40c718f9466faf4d5f8170d22b6df98dfe0c067d02b349ae4a142e0c03418f0a1479ff78a3db07ae2c2e89e5840f712c174ba2118e90fdcb","shared_secret":"0d52de997fdaa4797720e8b1bebd3df3d03c4cf38cc8c1398168d36c3fc7626428c9c254dd3f9274450909c64a5b3acbe45e2d850a2fd69ac0605fe5c8a057a5","key_schedule_context":"0124497637cf18d6fbcc16e9f652f00244c981726f293bb7819861e85e50c94f0be30e022ab081e18e6f299fd3d3d976a4bc590f85bc7711bfce32ee1a7fb1c154ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d6775308c3d3faa75dd64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692e85b09a4","secret":"2cf425e26f65526afc0634a3dba4e28d980c1015130ce07c2ac7530d7a391a75e5a0db428b09f27ad4d975b4ad1e7f85800e03ffeea35e8cf3fe67b18d4a1345","key":"f764a5a4b17e5d1ffba6e699d65560497ebaea6eb0b0d9010a6d979e298a39ff","base_nonce":"479afdf3546ddba3a9841f38","exporter_secret":"5c3d4b65a13570502b93095ef196c42c8211a4a188c4590d35863665c705bb140ecba6ce9256be3fad35b4378d41643867454612adfd0542a684b61799bf293f","encryptions":[{"aad":"436f756e742d30","ct":"de69e9d943a5d0b70be3359a19f317bd9aca4a2ebb4332a39bcdfc97d5fe62f3a77702f4822c3be531aa7843a1","nonce":"479afdf3546ddba3a9841f38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"77a16162831f90de350fea9152cfc685ecfa10acb4f7994f41aed43fa5431f2382d078ec88baec53943984553e","nonce":"479afdf3546ddba3a9841f39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"f1d48d09f126b9003b4c7d3fe6779c7c92173188a2bb7465ba43d899a6398a333914d2bb19fd769d53f3ec7336","nonce":"479afdf3546ddba3a9841f3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"71fc947d570b88cbc97da769faefa6c49373a79420acb7d9f8b38ba9978d820c9e1fb394440eb10342ba1de8b0","nonce":"479afdf3546ddba3a9841f3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"829b11c082b0178082cd595be6d73742a4721b9ac05f8d2ef8a7704a53022d82bd0d8571f578c5c13b99eccff8","nonce":"479afdf3546ddba3a9841f3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"f658ff178431cd29ff242db7d8f441bfc801efcf1d60e2c61ed33c84dae3ccf714b696dbd80cc276695673c576","nonce":"479afdf3546ddba3a9841f3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"9311e2a43d88141d3feb0a2edca4dcdeb2585f1918ba7870c7f788a3fe16f291ee1353fc2a3dba551a8746a23a","nonce":"479afdf3546ddba3a9841f3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"a8a8e78071d64ee7655742a64ccfdf002c89fb4acef5bb2088186802a2947707ef6c311a126dfab026801ba6ed","nonce":"479afdf3546ddba3a9841f3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"09e6968665b4028a2f8338176a2f4772c27c922e74cdafa484273c4530849ea2d183914900c686d7369ebdd2bf","nonce":"479afdf3546ddba3a9841f30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"fd340c6f0c9bc3ed73044916b5f806e08dfd7192b1fa3ccfd4c51908e6f8e1e4a361173402b1982b721a2fa6f5","nonce":"479afdf3546ddba3a9841f31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"205579316bd70ceaf24c4c302f3f50f0d27941317c41f117bdf8269cf505c2df7133166b971a3db6a3e27740fa","nonce":"479afdf3546ddba3a9841f32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"523c53736417625266def9921e08648473d292a82ee56bd2fc6e235452fa269b04a460270af2a5101297d62b7d","nonce":"479afdf3546ddba3a9841f33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"0f08cda10bb5fac9a8ce3f6c0c76b376772ad59b12b93291001bc9a1f105b7e56ab172ef1fedd4981c889b76c7","nonce":"479afdf3546ddba3a9841f34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"1d0b9a493c6fa2e01776113969c34d6e3ba203d46ef453f7d3d75dd811abdb444d1b6f5c2fa2faceca7c682f02","nonce":"479afdf3546ddba3a9841f35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"123f73f38fadfb9a5f1f38ddc1ec01768b360deed153055783545e9491b33c189c64451c580f64f74d17d8be04","nonce":"479afdf3546ddba3a9841f36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"97cda0101ab944b758f48ca98e0564a125e27d96246601541b18a6d13d5f85022b58f30339e7c27ead7bd4947c","nonce":"479afdf3546ddba3a9841f37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"09a8302eadf769a347a5cf7cd607e384839f82c5c8e2bd9150bccd12103d582b1e5e2c575edcae8b68aa35ebe4","nonce":"479afdf3546ddba3a9841f28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"86427962c7a986697d8c26240c74a3187dc83c154168b9972ab49648c877ce09e0a060e60c5bb79c563040e39d","nonce":"479afdf3546ddba3a9841f29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"c5fe07f7ae097e836db0fd2130d7bcb3e379150327f4c7a890dc1fabde99c38771aa5fb73b3b1339b5ca825521","nonce":"479afdf3546ddba3a9841f2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"6440f575d447e2c56a5291350bb621ed81f2bacd17123b3da2472cd3112501facec8ca9d9e72b5aaeaec73a483","nonce":"479afdf3546ddba3a9841f2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"8ffe698b2f866b7e3e4e08ef90e75a3b4ac97fcba889365675e26c8b9ec1fd0f76161b555a8b94d38d7eba9371","nonce":"479afdf3546ddba3a9841f2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"7b896c1b29d1ebca0d841bd843efda9642e0d5ac40aeeda4f48831bd3d8d7938e3f3346916ad684606928c57de","nonce":"479afdf3546ddba3a9841f2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"9e2ebe2e575063a1774ffb9001ff18e22a81f2fe964ce6de99e91b4349d59bc3927575412d86155e4807cdd765","nonce":"479afdf3546ddba3a9841f2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"73c843992c1ba2eae6f70c890b40585aa152c515e6a9151316b122f880ce2b58ac71945ae744cea97ff8eb834d","nonce":"479afdf3546ddba3a9841f2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"232a10df28925981971dc29a0f05c096c38c46282f064fe9b6367e53ce7c57e06827fc08f9cbd634c54ad43166","nonce":"479afdf3546ddba3a9841f20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"62ed71082cb66106a572ba2e167ffe993c84cd376c6e6805f88871e7b47dacc766eb6edced0e2aaea825a51f6c","nonce":"479afdf3546ddba3a9841f21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"7c08dd8d2ea7acb578dfb20e3008a42946305ccdf56f9cad78a448bbc58ece5e2ff9dbdc8879d00b8e57da2768","nonce":"479afdf3546ddba3a9841f22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"9d43ae08d1abc070342f7142ccfb660c73cfa84fd9b832a12f8100ea81b7cdb077a6ccde469da4f50cd32ee7de","nonce":"479afdf3546ddba3a9841f23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"5334e869041d203cbf55768271ae02246a977aed294a498fa67ddc250bac8c932996c9e5fece1fe93fa270c644","nonce":"479afdf3546ddba3a9841f24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"dc4e3c0c372f64d54cd170cbc7367cf7ef78661350f1898773fd0cb1aa63e882226f2157f2d175e00f81c94a7f","nonce":"479afdf3546ddba3a9841f25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"62ac132fea907842778db2eba934979689b27d1243d4d293c4542d2b6013c32303ae4d9573196203375d28ac5d","nonce":"479afdf3546ddba3a9841f26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"1d69578a1dc1ddec58306e4f1efcaee3b5232e61116a5ce82784ec13b2549fa33dd2e213aa7306ec471881c07b","nonce":"479afdf3546ddba3a9841f27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"089528a2ea24d9fa90cbb9618be26069be8471881e2ed2fa49cb8eddc79b4fc4163d664ed8b68370bc61150c9c","nonce":"479afdf3546ddba3a9841f18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"d8dcc4810a7d426393690da074da12f5e863a9f787084313ac137cc1501b119157336a9dd0cd5a98ea381cd855","nonce":"479afdf3546ddba3a9841f19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"7ab54b08939875d8d8d3b019cc98f7f636e8ea4e459e4950dece321d35d58d05a785be5172ed6c8ef03a08383e","nonce":"479afdf3546ddba3a9841f1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"3b89713fa0103570649970a189b4a6ef427a1cfe49722b04202987f4c43a94288f897e77f00f51c7554fe7e111","nonce":"479afdf3546ddba3a9841f1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"49e6d2e462b40ec0c40cbe86d5ff831d5a690df7ce181106588f0e978252181f2486f8ac2705e224c930833dfa","nonce":"479afdf3546ddba3a9841f1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"72d5cdd5a7c24dac1f3f1a0fe559f555e1ddc6d26ca9d8d4a5101b3dc4cfe32bbf6cbd7abce2014ca531a81460","nonce":"479afdf3546ddba3a9841f1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"668bef4182620b233b2bb890e5a9d9d269df5479379d111e9f48785a9e4063c5aea51ab75f18c200866ef50c08","nonce":"479afdf3546ddba3a9841f1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"751b17e526b7563bdbc5a2d90f88efa4b75568ee0ed0361cd511559b2124fffe4998dc93c97062d66a1ee6b43b","nonce":"479afdf3546ddba3a9841f1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"d065fe4805796fd963626ef955a9226314d944ccca0df78ded508975c3abb26501f4105a894ec6ba5d94fcb0ad","nonce":"479afdf3546ddba3a9841f10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"2245f9f83d5091876043cdd10a34d1d55754b2b0e5b87df2d75123f7722ef7f4bcc6aed2318bc024cb6acdc136","nonce":"479afdf3546ddba3a9841f11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"f078ae5f602726b503fb27a9362264f1cb243e47e3a9f53811207f5044f2dde982cbf1e019010fa446a9a632fc","nonce":"479afdf3546ddba3a9841f12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"9cdeb23cc2be94ff146165996c90defaf2e859a841effdf78e28a0d1c11e5198bcfbb56d6116dbd509b9ec7a77","nonce":"479afdf3546ddba3a9841f13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"627700b40c7cebac4d5ced96c77f795a11bb611dcd03aa8b686f281b63c19be8c70a2dedd762112782f0cef138","nonce":"479afdf3546ddba3a9841f14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"69e90d4622358678a6949dd91abcad2f00852ed1f2574023b9e9d89d5f7515f1d3e6d8c28fa3826abd8ebc0213","nonce":"479afdf3546ddba3a9841f15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"871919e7abbcae6b382041c2fe00c1f5c4d2f3ada1977805b2ddc8e1623afe724740d142e749238a6286c29866","nonce":"479afdf3546ddba3a9841f16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"cd2962ee2cc9bbc8bc49525be16c961c96764fe5063e47db7d3f93a9d312aa1670a663f1378c7000fddffd58aa","nonce":"479afdf3546ddba3a9841f17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"d18a7f2e413e7f2661a0791f053cabd3495219b900f95674b643d1ee4873d35d2fe04381745e6f8a791f3aeef0","nonce":"479afdf3546ddba3a9841f08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"0a0670a2a546428f0274b3895e9c876362b6da209108d22a728cba120a4a150281c3bc0d3b0037ba12e47fd372","nonce":"479afdf3546ddba3a9841f09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"16d3c71d4ac41956b3ad8958f9ad49fb25dd6957dbfc6d6c0f3f64f3285618630ec173bf78c0c4baf57845a400","nonce":"479afdf3546ddba3a9841f0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"9c29ed021f2e7646fa9f692ca977c45fb30302dc86eb95f806b7b617a448f1b3435b7e461edb53c1651613c414","nonce":"479afdf3546ddba3a9841f0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"b6e5248ff3088d2adb48c7cce2f732585e866685c909aa101924bf92a5079989e06db55e624bbf13e2e60c4e24","nonce":"479afdf3546ddba3a9841f0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"550457b2bcbffbd45f2765583d06b38074928513be75d732750b610c85ef48b6b9272bc618f52239539ac047ad","nonce":"479afdf3546ddba3a9841f0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"a72985bf11415bddc7c255dfb0f4444a0704cb8c9b4aa86bd9ff6f1c55b59bdb711ca916a1f5f685def08c838f","nonce":"479afdf3546ddba3a9841f0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"d92824ad2d05394fbb6462db812332b668e91479c4e98235480a1bbe8d7fc1d37d95f84dccb370b8b9aa8550ad","nonce":"479afdf3546ddba3a9841f0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"d81f2714026250f25da555f551e03ab12bd47d17500dccafe0a9c748208a27f0732bc4883a9cd33e647bd46070","nonce":"479afdf3546ddba3a9841f00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"d64c5b52b3cb75701502fe2a2776fb840543862fe37a26b48099b98f6c8c755b4f95bc3d53ac536ca52c906136","nonce":"479afdf3546ddba3a9841f01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"50a31ed26633c949f41af94f87c1ee2e7e23a85aa375ecc9310bb417dbd6e238f3c3a48c5105c12bcf642ce128","nonce":"479afdf3546ddba3a9841f02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"8b78c73583dadf7818d7b53b927a653ce07fb11f0fac8024588bb77d0169659a5d885be65ba1b34e947bb61e8c","nonce":"479afdf3546ddba3a9841f03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"9f5b6001ae7f198578c3dae8ac9473c01a8b6f866d0380c1153d43c37e34f98e7a950ed7da61efb5d6825c8ba4","nonce":"479afdf3546ddba3a9841f04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"23a823e13b189822baf36fe23bc287a2ce81889526d94ee7278bea8b72854e525ede59d681fc53b25a519a0822","nonce":"479afdf3546ddba3a9841f05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"c6da66bea3883d4115c8223fe286417b5dc595e04ff339d0dde29ba078484432ea9f7cc02d7c5e8da19957c07f","nonce":"479afdf3546ddba3a9841f06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"b9623c2ce88f27e7961bcfc27e855176037a0531081d4194a8f059e2b3c81c92e3de4bda1c5ecb21b01cd08170","nonce":"479afdf3546ddba3a9841f07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"a8df0f540ad127bd8dcc0de88d63bdd0535bc00201bb2374507c43dcd1fc3393956488c97a1a17e961ddc557be","nonce":"479afdf3546ddba3a9841f78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"2e5b357f07fa1b615a3164b11d5307697fe6baf6c78f4ce12297b2736a433d8af2ce803960b90492201b3fec20","nonce":"479afdf3546ddba3a9841f79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"7958fb71944b33b8be363ea7830e269a160a12b4458018496566907160398f9530a901dd4f5d75f7a1ec8df1dd","nonce":"479afdf3546ddba3a9841f7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"30dc998c1b314b29fc7e4b0da28b1a11a7f696fd4c496494bd9b86f2193d91023eddab9ea64e3e0d0ad96a03fe","nonce":"479afdf3546ddba3a9841f7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"f64e1b553b02caf7ea88e1728405c9ed30d7e928ac01368a7668819330f24527d268af0baeb79877b656c815b5","nonce":"479afdf3546ddba3a9841f7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"90cdcc4e7e240ed2a528441b9b937cf85a125504186eae68eb2dd9d6fb49851169e041ae306e13829f874ef003","nonce":"479afdf3546ddba3a9841f7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"7fb77c195827ecc0b691366d3057a2a568f6928ef088061fee9388868ceeb05b2e9d3a6497d5a184aa259f1803","nonce":"479afdf3546ddba3a9841f7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"eb61ef98833ac304995bdf53d0885c837c2bf803aa97ed23b03ee3ca144d1689123ac5b6682d04f0e397dac1ff","nonce":"479afdf3546ddba3a9841f7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"c2009fde3f727df12fcd0c2637e7ea67a3fffbd8f6ef5fbc8cee7c818069eff559469ac8bd8c9b6eb8a9703546","nonce":"479afdf3546ddba3a9841f70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"080f4c86eb3be4948e0e47fe7540887a9851c29a811212102da6a56ab2b50240bca90b59d9220be6a77e1eb43f","nonce":"479afdf3546ddba3a9841f71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"0bc36332c16544a458d72392f250e73a2bfe46d4c67516c0d166d89c8cd28a0eeb27db7551fe62496974563aae","nonce":"479afdf3546ddba3a9841f72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"b17e08e77e785d9fb09e1a70fa7fecb51663c4aaaf745e5e3683310e9a9567deb041aa2edef64b0ea7689ab673","nonce":"479afdf3546ddba3a9841f73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"32a1674a380b75855bf702b5a337958ce83f8b846ffefd284e10ae2ea95f3bc7e6c7df24f7e683992d98f10e1c","nonce":"479afdf3546ddba3a9841f74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"a0625e67abf7d7aaaf02df9cffa38deb7d9232fe352b13eac30c1fdded0dc19bd52b26b1a65834bdf35956c634","nonce":"479afdf3546ddba3a9841f75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"419918498948b98c3a7955f5fe6313e96d7e55a990af62470ec33d3bb6807786780dcdc29bce090c5ec20ae1d6","nonce":"479afdf3546ddba3a9841f76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"7ab4ac1bd8720b0e52595ff0b673677695d09a0ab7300422eb844db01a0dbb65e4dc883d71ca9dd58f0de30e2e","nonce":"479afdf3546ddba3a9841f77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"df3b2b936dfdee642b74be707b525996e8d70326c081825d7bd04e8c9962481d5922152ee3c8ca099e7e4dbae3","nonce":"479afdf3546ddba3a9841f68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"26fb1d1048231dfd9197756adebd9ca219fcc147cb7aea04c02a187da167853cf2c5a10fc49bd3f78a362d9a0d","nonce":"479afdf3546ddba3a9841f69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"fb130222651e7388318ccffbb64ca206f0811e09d994522b2ddf4b6b763c6a9672fc8e4db4492c8cf10b11bc55","nonce":"479afdf3546ddba3a9841f6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"c753462472738c97b6f18044da8fba7ac4e0d4886a1c93e73dc086ffbbf573cb9817f822035f28f783c2749f26","nonce":"479afdf3546ddba3a9841f6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"82be4b41cdaaf57e6a823b05821fbc425143fc7248ec305f5135dcc25ecdee60c8065c9d9d6e76b3319f94bf73","nonce":"479afdf3546ddba3a9841f6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"d644f0913f43868246dba47c445a43026e44de38621ff11adba9c050b54e6a2196331a4e515b2dafcf5ac477ce","nonce":"479afdf3546ddba3a9841f6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"d38082fbe14b6f9c199c9da478e4cd87edb236dffa3aac2b206836894b05a5879db5b8e63f10fd5b06bb690f07","nonce":"479afdf3546ddba3a9841f6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"b1cd7fc25f58923cb074638b8d68b12ebf5523498b63c2e071af37c7626619b5f0fde114713f5251893d8f746b","nonce":"479afdf3546ddba3a9841f6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"c58a41e6271773b652d7f90e293d0c95ce9af2dfff074702fae8cae7842e1192dc3a540a0f5f910306fcfc847d","nonce":"479afdf3546ddba3a9841f60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"2bbc67ab52e9fbcb7f7807ee2344a11ceae594eac9ca615cbf033a473649dbe433759a7e02b11aae1218891b2c","nonce":"479afdf3546ddba3a9841f61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"def017b583ad37c3cef1f64690556e8f99e6708aa4346a100da3ec59742bfeefa9958075c80d99e3a88231469f","nonce":"479afdf3546ddba3a9841f62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"49668d178001f1c01eab9ec82d3d9f20d41539c90ffef06cd616fe88ebb3115ca905b722f9a4b0a88944288df5","nonce":"479afdf3546ddba3a9841f63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"f161f32f33d32e7b466b6124048deeedecbe0155f229845fb3f8d5e069339304228ac3deee5047d01b52dbe83e","nonce":"479afdf3546ddba3a9841f64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"c2097c449618b4fdba7a3df88af0cf4a37dca32fbb7db2ff467167b41a802f443832107c282b33ce489c96fcbd","nonce":"479afdf3546ddba3a9841f65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"463003b8b95dab4260b42ee42d0e33f6f31b928647b907637e3f6b7f1cadb65f07276922dd78b7774fdbeb4704","nonce":"479afdf3546ddba3a9841f66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"041487843940c3c17fb9ba6fe426625ee29f37e4d08672ceed8de63cbf65d3c3eaf213d46245aa3738d1bd13bd","nonce":"479afdf3546ddba3a9841f67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"a22c3a8a4efea2fc892cf1539f9eaeb5023a13b24d39a6008f9cd284b000be72331d0268ce1f49352c50f5ae98","nonce":"479afdf3546ddba3a9841f58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"48192a082abf3fce351cb1c77563ff5cdfdee2688d4ae6e71ac22856bc501921dfdc8af9624056b438f1b71420","nonce":"479afdf3546ddba3a9841f59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"3019e3988f92f21bc59b1e9583756fc1845897c711aa86ad0fb74b307af98ccbe76b6e8b6629a12fda235c2463","nonce":"479afdf3546ddba3a9841f5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"8f34e0cdf61de833962d582251e0eef0794b4ee6f2a0ee3d947000018864f961486cef6031a850161d9b84b4b2","nonce":"479afdf3546ddba3a9841f5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"43606af0a117b726a283e961f1c84b0cd72df576a1f7e64a6a10542c4764bdaad88294f1f71e6701494e98bc65","nonce":"479afdf3546ddba3a9841f5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"3c62b8a42d895eb79f26670e36e70fe91f343ea7257c9e8b6f908fd9a9aa2cb7405514fb1fcb2881d2d7cce338","nonce":"479afdf3546ddba3a9841f5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"beca8235144538a3adac45239e987b5704d80cf285f8d94307eceb8fbda74c5a4cce9a11df6beeba415130c136","nonce":"479afdf3546ddba3a9841f5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"a3937437ce3864568d3cad55ddb04e25d8e73a6fe2a954d003e620fe3f6a05f918d92704878f33e2d244befe89","nonce":"479afdf3546ddba3a9841f5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"2f77b721f82bbda395f737c5bdce2763b6e962680192d35159489dae224fb2931116b177f59f888448674e208e","nonce":"479afdf3546ddba3a9841f50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"22d4d57cdf24eec24372cb8e0e158dbbc30278ee13a8b1187e5380b688cc01d18d3cd2c1bba8022d334fa8a16d","nonce":"479afdf3546ddba3a9841f51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"73091084ee50fb5287c0f272fe37f1747fc23b5801234c49613caf892262b2222bea5bd700097bb2c774712136","nonce":"479afdf3546ddba3a9841f52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"995f62e55784fef68c79e48ba179122082c587c19bd1aae12529eeedb6082d36f7ddb9da0fb012dcde6fe46440","nonce":"479afdf3546ddba3a9841f53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"7acdaa7537b5f45ccc8740c6ddf4478e91cc910efa74fe724c21b30433f3e18c4665c673ead7b9401a42e03946","nonce":"479afdf3546ddba3a9841f54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"7acde2301193973a9fedc69a12995bd06f1853f7d7093bd563fd37f0623cd429abacdb82a76810a4330fea6b7e","nonce":"479afdf3546ddba3a9841f55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"b18b2d05149ac41f65a4c206952266b88e16ff40d8f3a046d70d6576cd26eac92e7859ac381b3b18abd71a47cc","nonce":"479afdf3546ddba3a9841f56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"154be20b6e694421835d941edfc02dc5520ed7038195f639833f49afdd28b3940b901d55b74de1280946fedbb2","nonce":"479afdf3546ddba3a9841f57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"e8aaf05d2b9eee1549698bc4196409be447bfed0843b57d998f728ff8fd8ae3a28ae248fa561966b10bbd3fc50","nonce":"479afdf3546ddba3a9841f48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"eedcb4207639279ae67f589ae8275eda66c935807fcd067d2eaa705504e22478b730204210cbe451a495328f38","nonce":"479afdf3546ddba3a9841f49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"5d5946463699901ca1156a373a61ea2722486245b03322f9a24f8e25ce374dc9446d40e4ee4837732f30eb010b","nonce":"479afdf3546ddba3a9841f4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"1e47be14b4bc3747d37857a344a8e84e2c7c3ea4bfc6f7f5a2d054b4d276f4a2fff0f58dac660ab87c2ca0e1b7","nonce":"479afdf3546ddba3a9841f4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"b27d5d71845775880256211d9a075031c7fcb678f33f622544f24eff981b36183253fc48fc3a8c8ce84ae7c57a","nonce":"479afdf3546ddba3a9841f4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"3c49ebdf5750bd1b469714f403223d0a6a9271b099c1e1c1223b292a1a0e3aba264763220bf4fd797529159fa3","nonce":"479afdf3546ddba3a9841f4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"d04da0ed5d78487be0bf475d5432851d4728b07785d0c9e76725d6b56189872ba2e2c913fdcee151dbd5d0441a","nonce":"479afdf3546ddba3a9841f4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"b1c26006deb16d286148f255ebb1b89b1b16fa7e5c44066a40114dd50cfbef22e19a6377cbfd93ce318536cd1c","nonce":"479afdf3546ddba3a9841f4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"4d39050b167c508c08d8a8704616d53d4c226b05481d4f22b30aa9fd33c538d26c492836c492bd379b78704ded","nonce":"479afdf3546ddba3a9841f40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"2331c9e5338a48f17eada69b0cb74920fc5511ef7231de10c9579ed8fc646e14a341b25a798b6b1c4d0546499b","nonce":"479afdf3546ddba3a9841f41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"cfb960bdac4cec0e7ed8f0dd63fe6adb0fa5d4e44421fb9acef3bc07c3168a00e938b8af8c5776d5ca4803280a","nonce":"479afdf3546ddba3a9841f42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"00bd2e947df193777f89277ae6537741b504c475ab4d67d8373d2016fedb771ffeab08570efa523c52183af0bc","nonce":"479afdf3546ddba3a9841f43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"7c14cc5f535286e7c51040cacb501d24a9314316dec9ff33d3e9056d278b9bddf24411475fe973d833298717eb","nonce":"479afdf3546ddba3a9841f44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"9c0c6de67447b85cdc00e733466e7679cd883273af2a1f5328b5cd1a07758585169f13a3cc157269518342ab70","nonce":"479afdf3546ddba3a9841f45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"d4eb0fab97e54b47d892203e3b6b0a6ed6f4b3953df4bd35ff363fd676b8fdda0f1c07eef43a5ca1cd30259763","nonce":"479afdf3546ddba3a9841f46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"0d2568966fe38c88aa72f1817d3c528f8064e6329895bb07b1049b436fa7a9a32e94c6ca9c84bffb35465c9e7b","nonce":"479afdf3546ddba3a9841f47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"21b8dd0f476050e27df6c238eff035500ce0cb793c022b8c989187176e77c9a882f8f5542607932eec6d963ee3","nonce":"479afdf3546ddba3a9841fb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"3a4c980be694b5d6786bd703a8e2c8107a203e82cfca01694c4d832768f1c82c284410af90b9b70409d181dfc9","nonce":"479afdf3546ddba3a9841fb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"0e4ee2f1b056dd9ba30b6ab2e769c8d38656f8f62b60660205fec3a2ce93b1cd3c92395eef496d9dc196a8baa7","nonce":"479afdf3546ddba3a9841fba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"91d4effe83d660f7c6eb103beca63cce101c3539c405c8fd994e859f3f3cc5216d19519b1b5d12f94f19bad1fb","nonce":"479afdf3546ddba3a9841fbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"5737ed71e0dc711c91b93f9f4b2085abbcdca29b2637f0e9442a6d2a376872bd69cee2953e40c1558e78cafc5b","nonce":"479afdf3546ddba3a9841fbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"1a33ce0efe418f115d8edebcc05d58ca1b27114af5bf5cea65e0fddba439a70df441cd5ccca5cf4ff52649b007","nonce":"479afdf3546ddba3a9841fbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"03fc2eb1bf4e17d2c07342ed59ff40586519d9881683f242d36210f5e4806f8e4944a22fc0bf7f8e5ffe21d3f0","nonce":"479afdf3546ddba3a9841fbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"9c29e6e52bd81b38bf2db810bf9ffc01f51b3507a2973a497675707526114b518f9607d98e80efbd8fa43a4d8d","nonce":"479afdf3546ddba3a9841fbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"cce181d8849ef31ceaf768d9c44ea3ac473c312ce7e7ba8cb6f88e631c458960455b75c1f7379402a46f30cd9c","nonce":"479afdf3546ddba3a9841fb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"a4386ad16156f1f514fa9e663d89b9ffb5dae4d0473f4220cb23f5f090be6bbdec424c9e8fd30c292d2b37a2b5","nonce":"479afdf3546ddba3a9841fb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"ce9d7a56bc69ede10ed9a9642831ec1c8caf9c70b245e6e9e68e8437ae77596b7b26ec1cb12b9954143527bb87","nonce":"479afdf3546ddba3a9841fb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"21277160a9ea22fc9250680d7de7222dc201bf6e53d884289d22a81687cc62b3d70e046ed60242b067e6592e49","nonce":"479afdf3546ddba3a9841fb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"d603b675aca8537f1b277d03a4dccd69d305569e2a2c52004adf49774974d5aec820ff6819028821e6f7b0b62b","nonce":"479afdf3546ddba3a9841fb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"982884011f939405ca9120dac96ec5ddea82589839ae9bf6c25ffd7f4434e36f7a701d00d3150327fec34f6b1e","nonce":"479afdf3546ddba3a9841fb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"593be4debecdbe03a982947f89d16f51f5565f5db2fe6787575055cea1f9a23f418ff3b5ee9510365b43e85769","nonce":"479afdf3546ddba3a9841fb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"a83f8a2769a9e7985c79abbe7cb67dacc622c12259be081051d963270651babd8e956808687e55ad32a3899798","nonce":"479afdf3546ddba3a9841fb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"1e8487760a4fc1cb7ee94204d74a482f89ea2e2194977d6e4c277cadd141836fd8c3ce5ab1a2d6b0df90ebaca9","nonce":"479afdf3546ddba3a9841fa8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"44c08e1c29bbedbb698c558797b808b48d0d46a10ed1c015c6752ffe2403dedbe225b2cc48f6316cc15def4e64","nonce":"479afdf3546ddba3a9841fa9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"19bbf846745bbdf6e5e672b23ba1f7dac8d1811b4f97b24ae656574cb508324ed90a52fb5e58e2ae0315610058","nonce":"479afdf3546ddba3a9841faa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"5f0528da0c4fcc588a2b82fa3ff15349bccca340ccffe713a67d98c56e7adff4861216afdf1b954aaadbe900d1","nonce":"479afdf3546ddba3a9841fab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"f12d7bac15276211ee20074a0c6c899b6a1f6de15f6bdd2bddf8622f129969c1115f41b77a955071cbcdc0991d","nonce":"479afdf3546ddba3a9841fac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"6c57d696363d376d183daf7703989888c5810a10f157d4079d3a37220f9717fb1aa0e70133180fc2d63f5718ea","nonce":"479afdf3546ddba3a9841fad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"ecb2a5d6107ad314e72090e13b29f434cb62c7af5be9d94af1a50b6b2f519ad9c21936013638ce73487bb689d6","nonce":"479afdf3546ddba3a9841fae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"636dfb9aebd85c78c1cc59c2e2cb401d1aac66af4ff87ebe968e6d6d3bf78c4697a9fe5b6c6f48d44df174c7c3","nonce":"479afdf3546ddba3a9841faf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"781b90b26561078c6ef1d0998ecf15508e819a72db40402c7cf30a1a5952f54c6b0572bd809c2263ade955a653","nonce":"479afdf3546ddba3a9841fa0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"594503837a308ae264d02df54ea5f1402c20fd6b7327e55d5043bd7fa704b20698d76442ac3c76bbfacba289c8","nonce":"479afdf3546ddba3a9841fa1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"7494c8897389b50d7ad60a69d4ffdc580d0bff48d2d4177a55e4a311fb7995d451a6b44335295233db8c7bf260","nonce":"479afdf3546ddba3a9841fa2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"b6db5c1a9d5321796e732073603df5265959b2ea0fbdfcc9bb134bfec5a33efe4c520890d39c01725b245a1cae","nonce":"479afdf3546ddba3a9841fa3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"177a5476741ddccc5d51bc2ea9083c6f227471a97be5004fa3623234a59e67a7dc5ccac57767b0190d9a1ea997","nonce":"479afdf3546ddba3a9841fa4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"bc102e945ceabda1ef6f22ae43647b4f844c10a16222311759eee1b994904740d3106a9312115b5da52af43354","nonce":"479afdf3546ddba3a9841fa5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"fdfccb0c5d314cad0c28e8db15034c8a21b9ff6504a8b81235373f27c4cadd8d5ed9cb92200de7f5bd2ddc0cec","nonce":"479afdf3546ddba3a9841fa6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"6a029df4f1a359934557bed9b4cdcc3129774a5b53a2784374d22769d22589d4a2559c21cab6a6f81b6842c95b","nonce":"479afdf3546ddba3a9841fa7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"c2e06a1ff1582a5e487994c9b01c85e0e9b1a208ef0ed576695ad20c66a190e014b97a4feb500ac7828f8e61c5","nonce":"479afdf3546ddba3a9841f98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"729e70dafad4825ba2ffbb9aab83c567eeb3fcf3cc340cfb94193e255420796dbb94d25d9ee06d564ffface6d0","nonce":"479afdf3546ddba3a9841f99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"59e52553fa5b3747df414e50371aef5b744c5aad15a4a1a0db330155c1191963dc53423577fa690b398ea7a1e2","nonce":"479afdf3546ddba3a9841f9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"bc2b0f1ff1d0d95651c4c4423bfbf50ff402ef59f7aff7e8e97e01d5dd73f342e790432f95f1adda097c571e4e","nonce":"479afdf3546ddba3a9841f9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"e96e522ed748343b5058663b13a154f9b54dc681cb4637d926600dc3aa793e9231f08aa32608a1d0fa274f8463","nonce":"479afdf3546ddba3a9841f9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"045e00134405ad3f00eda9e623550839424a2e841f550c471f0d05a2a9112c3df2a99ed627cf9d639268eca16a","nonce":"479afdf3546ddba3a9841f9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"e899141a45acb70d8df7e265cc831064751c303324c6a693b67e4add3bc3c6c7d64d43ef1a28b24e2e4f156d9c","nonce":"479afdf3546ddba3a9841f9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"1fbf426df8b29b8e50168ca7090cc1c35c465dfae3166569d743f09ca9d3ca51152388641806c3b5e1ed26fdcf","nonce":"479afdf3546ddba3a9841f9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"d674c04377dd74c208976ff3c0ce7da0a1384619520dce5bfd754181e110d35a55eb97786cd85427eff8b4321c","nonce":"479afdf3546ddba3a9841f90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"cbc27c19c0b0e43e293edcb40d47da287ec88fd13a6397d06607a55fdc6bd4d278d913d5708bb4984068d6ea03","nonce":"479afdf3546ddba3a9841f91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"985af3b7011ddcf65b32c025ba9bb7fce630419a69d0051ae1b5ed86d8fc70e5474f53f57649a3cb82c245a1c0","nonce":"479afdf3546ddba3a9841f92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"0b2b38d2f79c0273cea5c1fbc6a6e192ee143de88c905478fc4834809257c3dfca17ff7ac3b46f81fccf56d382","nonce":"479afdf3546ddba3a9841f93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"c75b69453cc999a95fa2ac240b3efffb263fbb5a4dc0c845d181890b9c13f67f7408625e0312430865d6bae120","nonce":"479afdf3546ddba3a9841f94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"bc3ef33b59cada1107416416b4606f860c79352a45ba460cac1af7732233b23397b3561cc5d53da7624708987f","nonce":"479afdf3546ddba3a9841f95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"8222c62e988c4b4a3647cf21d00927e342d8f40da085c79f2fe3cdd23b928bb8b69902de2a46a8352cea0b13ea","nonce":"479afdf3546ddba3a9841f96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"e1e759e79efbc575fd7b424a9b9613fbdbd246538c51ac7c3a8fc317087090b45b480c6dfe7a55eedea6f2f2b6","nonce":"479afdf3546ddba3a9841f97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"669c0bd92319dd35e50b4c4fd3ff3b434a273fc344d192b69506144fb6c3e0608a831869cc7ab7ba5b9abbf604","nonce":"479afdf3546ddba3a9841f88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"5356846e1049f36e5f4c17bf74d0e99facfacd8d724ba1c86152a17136374d68a5f537b06494eff45f6c431fd3","nonce":"479afdf3546ddba3a9841f89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"05987667acb8b3a0f8852cf1585145ee8d94cb2aa02da680817b92eae6cf0268e8c3f8d6a4604eea6f2af7e2c7","nonce":"479afdf3546ddba3a9841f8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"87d9c46c0b882bb9562e13094ae50004e5ed63a5274877bd530aa00a683271de9f5ede28a1a31d76712439f8f1","nonce":"479afdf3546ddba3a9841f8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"0d22bee8d65047b3e6ada44bafb5ba39a2cd82914a7725c53e28a040c69c2d6962273d4d1f031f62c9765a6b34","nonce":"479afdf3546ddba3a9841f8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"6389b2b175d302f8df855f8955907f8c940da4f84ec294220739f9ef51aa428917a79a679cf2d1431259cfcad8","nonce":"479afdf3546ddba3a9841f8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"3a4ccc3ca47889855ce1756974faab01521e844a0759d4b3f78c97dc13c767e2b988397a6e1a3a132a39777886","nonce":"479afdf3546ddba3a9841f8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"3cdf310cba8f59cf25f2f71bbfa802744c7103efdabf926950eb3c4f48c2b1970216c9b94e8f2e8958d6db597f","nonce":"479afdf3546ddba3a9841f8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"2ded4368ae4dd8a3c5fdf226ad18d78511837d10a7eac435595b49658450053ce8bd86924463746282cda7c98a","nonce":"479afdf3546ddba3a9841f80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"7888498b84a54b3c4d410e65e0663fe4075938a1699547ff2ec42b8717c0fc269056e01cd3436503fe5a95686d","nonce":"479afdf3546ddba3a9841f81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"6ba99979946607cbcb5ef459c6d48b8dcf7e25f869967ea35ebab64abd35f0418954d9576dc2d238771f6f4ebe","nonce":"479afdf3546ddba3a9841f82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"0189ece6660172ebe340ec16c196c5a90acde693327d6c6af9001e33c88fadf13cd78ef268e5a320b556b98874","nonce":"479afdf3546ddba3a9841f83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"dbe08bda27bba48cc66cefaac3f86c8db37e4c6957e0d1a7286bd94359b6648086ef3fe56759ce0db481d7cd56","nonce":"479afdf3546ddba3a9841f84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"9d28942ae03bb0afe049bfea9ed3e9bc9ef295803e269787b82d327709d31cf717bc8ce51074bcc94d10006133","nonce":"479afdf3546ddba3a9841f85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"d09d8aed99305495d56efcd59e3afdaa4eea9f9ca138c3181607e349d02cfbc224aa68822b50e500407bac52cb","nonce":"479afdf3546ddba3a9841f86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"e8e388edbdb69dd88fb8be932ace61a721f80546a83b44a7ce1f244d1387ff01ccdd2545f581c894a22681ae81","nonce":"479afdf3546ddba3a9841f87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"4e24e28a10625b4675daac94339247b15c0e8e6f7eed1e1809c54991946210453212881f89b50e9459bd0f828e","nonce":"479afdf3546ddba3a9841ff8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"f62c6b4d1c66cf517179d1e30443659fbed32cbffff34222ccae1984968f2efac9583a49e71c4afc20b4ef3555","nonce":"479afdf3546ddba3a9841ff9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"6dfd872bc84856f9900a631541b601407904c96d468e0a979e75abccb5b48040d5a3222db7927700390e214922","nonce":"479afdf3546ddba3a9841ffa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"eef3c30cb79365882452f0b579f1f9731a298580a83886a57850a7609f0be10c1a75f92a783571049948686f46","nonce":"479afdf3546ddba3a9841ffb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"8c3a49d30b982974a9eb79a573057a958fa28999afc09c22f5775855e560645a20305d44426d0ea75fe87fbf1e","nonce":"479afdf3546ddba3a9841ffc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"266fd9918c4310f6f45abc82b5438bb79b839933d6e18876731aa345885bfee30d2d78adb9433cd99bf7201043","nonce":"479afdf3546ddba3a9841ffd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"ef59735c776c2be94d819f795d96a106b182dc078cfaf32549ea90d8f865ab94ba58e7c337aadb60ee108ee6b3","nonce":"479afdf3546ddba3a9841ffe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"9dc174e068454d6e131e834045d58c7df9f6ba43a45b6d57cb7ec1e63ca1cdb34fe4277db55c704b2621fb0eaa","nonce":"479afdf3546ddba3a9841fff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"10b9048ad0dfb3999e39e55694be18d37b4ac9cd92a38daeb5c0e31f26f30db5fab13b601d2a8475d185f04554","nonce":"479afdf3546ddba3a9841ff0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"aee9678c0f2d418ab6f9a2fc9ebf67956bfc6fd2b99ba905580ba2ba0109054c53f3a78ae6b36243b23a40375f","nonce":"479afdf3546ddba3a9841ff1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"ecc48a387a253b77959d4ed007267043460b28df60bed2a7b63929345f56d4ee50caa33abc8137b38bc1436f82","nonce":"479afdf3546ddba3a9841ff2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"209829b75009293fa4ddc835e2d39cd2d49470ed6a7055c0bd8ed40b02b7f60bff2c72194e0895cbadca58a782","nonce":"479afdf3546ddba3a9841ff3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"ab6940b280394453382e809c0786f8a3dd5d560e3072c761a849fd33caeabe7cd4d26433291ae80bc74e722c15","nonce":"479afdf3546ddba3a9841ff4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"37819b91623df9672f483cd30cf46b7fc194531294e80561b20981cd4acc9a92fdaba367f62ae5b8cc0b476dd9","nonce":"479afdf3546ddba3a9841ff5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"d5be6f9be511419a662cf93eda1ded5d93c052630e724f6b31cb5e208f09b85cfdcb19695bd4eb1311d412b49d","nonce":"479afdf3546ddba3a9841ff6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"a36b2f0ca0da1f89c2c4765cfd61ac5a7f390a109cdda06e9f2b60bef1e3263f09bfb73e9e27768b3af1b6ef6c","nonce":"479afdf3546ddba3a9841ff7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"c95fdaab98e5af48cab1b61b86eebf99e541171e4170c96ea1d2a92fad0d9a72453399cfb0355c5ebe8783cc65","nonce":"479afdf3546ddba3a9841fe8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"0ec005e4777688529a9557d5f7a1104fc9b1fb803bbaa2224ed22e45cf2d3ae9e350ba26d74340729d85f44038","nonce":"479afdf3546ddba3a9841fe9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"6fed65e660a234b9841d72ec52f60cf410817ff46c0afb6b3c7f6ca3992e985b792b711ed9850c619d5b3a1915","nonce":"479afdf3546ddba3a9841fea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"562f799a5d1e3ffbc211cecbf55891ce5b89f9f521c8ae68265bd776ffcf5709181f38e5b1d752eb9cb71545f5","nonce":"479afdf3546ddba3a9841feb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"7182d9bcd9de3ebc5e5bc3c588c21c2dd173491213905bbb7f3cbb279a0ee162a1e558e2aea0706c456040251e","nonce":"479afdf3546ddba3a9841fec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"440bfcf06f5994c8dfe397fd4c624c1cc05a1667a2cff9e64860491cdcaa33b339495f2cc534f03ac712707b57","nonce":"479afdf3546ddba3a9841fed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"124f593e017fe8cdd714cb7519a57c5e67e30b351965f14ead917ad5e5b2bfd381928bd7b2f164841a26cf0cdd","nonce":"479afdf3546ddba3a9841fee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"73540e5f5261ba8531bd9aa6f644a3ce623c17f3a7a9c32752f93c032c57ae8606e3438780b547cfbe1ac1de82","nonce":"479afdf3546ddba3a9841fef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"f457178917b3f2c7a9e59b994bd9f96f7bc3ed6149751ef5731689a42ecfa12fec3035cd8a9ae95bbf59d5c55c","nonce":"479afdf3546ddba3a9841fe0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"7f87b6ccfc308ac9f355d058fc35570be221048f25015d63d9ce6e55bd0c79157c58e47bd35db2c46783fd18c4","nonce":"479afdf3546ddba3a9841fe1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"c4e4d7944028e870ae9c45293e20d788c936adbbe446b8df9ce957570dc550d6e08efc23cb6f93c5c15cfccd7f","nonce":"479afdf3546ddba3a9841fe2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"b93cb7fd6c1da618dcf19156e16f72e09f0ab9c476cb475076ab41d2607890c34c8016af84ef7c12dae2e0c351","nonce":"479afdf3546ddba3a9841fe3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"9972bfb5809effda244b7e3e3300eb003a5b6a040fee1adbc025a53a6e810a94065f7125adde670135228318c4","nonce":"479afdf3546ddba3a9841fe4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"1ae1d4c748383f62709dcc46c7a44b6287143f3286bc3f5803a7dc415ee2d001208740e883c5773bfd9c29b271","nonce":"479afdf3546ddba3a9841fe5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"4073e381e4f9909021e60f59af0ed48e43c74a7c74f7481d3b12435696db17c7bf01576a666ad22e3e22bf61c1","nonce":"479afdf3546ddba3a9841fe6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"085ef23c642431e34e6f840336ccf328ae88917aa48e09b4f29a2c071a950505a2b5fcae8a9193a38cbd6ffe56","nonce":"479afdf3546ddba3a9841fe7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"85eae62c724dd84c2a621fef4513f0742d7ff6d2b10c4f78be9ef497b1bdb3c8c2a6ad6cc7fe054c300aedd9c0","nonce":"479afdf3546ddba3a9841fd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"f2c22396de3dfd29f0c0f64cf85d24c223ddf90ce9cbd03eeaf6ce28be7842201bd3a026fbd189e8678c9b5784","nonce":"479afdf3546ddba3a9841fd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"d84f84017588cf2951083a1332fa6895409614b0c21ac2dc6dcdc6ffc9aefae56ebfe96c1cc3024a7cf1b9a49c","nonce":"479afdf3546ddba3a9841fda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"4d358d50dbfa9aca3f64e231a13718621c15f824f0794ba5e9fd6d52fcc74f5936f2e77073ffa0c2fcaa1768a3","nonce":"479afdf3546ddba3a9841fdb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"3afd770f852cde6b36ce0f6ebcc72b7d2d191dfdccb86350f5ad9dee2900487f36ff3bc0e182eeb2a174b8cf8a","nonce":"479afdf3546ddba3a9841fdc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"bdcd41bbfdebc4f341523ae47ec161234daa16ee9796fd767205abc62658f9c45e0f259d83309b8f32e96d357f","nonce":"479afdf3546ddba3a9841fdd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"122a8292d3a94f4cf6cb0486eff0d8b10bcb850753290dcd1eb837fa0f954984466c4e01e0c761737e4e48e823","nonce":"479afdf3546ddba3a9841fde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"ecc836426ace2ca1c20dd18aabd401bb66079888276f83a2afbdd1f26e0438030f6782dbad2b55cffc87b56b40","nonce":"479afdf3546ddba3a9841fdf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"4ed0af4847aa7096ebc5da83c89bc80d149f96c81c1d3c8d9afba6d90e3b96e4689aab06d0b32d648dc9cabfbd","nonce":"479afdf3546ddba3a9841fd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"38d459d985981dae4ec3534c141074ffc738c4974e6e58507a9ccb4af080bcb60c7f1887241b6c2e5072a4d964","nonce":"479afdf3546ddba3a9841fd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"80d67e338030255dc5e5bb89b1606f57d226a7bf278ed2c913cd0ae28b545d2fd883e03164c1dd94d1f0a8c44c","nonce":"479afdf3546ddba3a9841fd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"a9ced7b516de477172ae45244b59ce424ee3b97914a66c431c83bd47baa04a4efb3b6d39ff9888145b374b86c0","nonce":"479afdf3546ddba3a9841fd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"070a3dfe0ecca200c61126b9e170186782ed910da2edef008095f4db22c95c8707c089793dba017d359c0a412e","nonce":"479afdf3546ddba3a9841fd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"6dca2bbdafdf6d038e9c1ae7ac38f03743c3bf3ebbf765ea97574c25b78c3cd1d581cab0f14db0acde7cdd96a6","nonce":"479afdf3546ddba3a9841fd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"35fb7b00653e0d7cb7678d7b1df22934682c057e7e261d2aed5b871ee8ab402e7596972c28800332ecb865ad2d","nonce":"479afdf3546ddba3a9841fd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"af1933bd31a0cdd2f01689fb11fbab05aa81fff13a276ae64b9937918f409038729cf16ad1b7e116829498cc47","nonce":"479afdf3546ddba3a9841fd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"efa28252e71b6e2fae45534e7e3969198edae02dc2528455d4ecc7022028e27deb14106cb46b8b8d5e8306de51","nonce":"479afdf3546ddba3a9841fc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"8d37634c5e2308ec0ce065038e88d3981454d6eca36b4c409c9417e5581e3b55b6e8972deec1a5bebd60c70b3a","nonce":"479afdf3546ddba3a9841fc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"bbf1c68a1bd447c9af6ffc9b4ebde5d8cc3e6c980c1785fc8d7911b669f6dc924923406928e042c6d03d9fb2aa","nonce":"479afdf3546ddba3a9841fca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"865b069822bab7fe95060cfe59b1b62d4cebde08af48c955056f5da2e16a45c413c9ec0dbac08029c07940abcc","nonce":"479afdf3546ddba3a9841fcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"3126829b996245f1506c501b232bad433583da64398057c04ae3c1fbcbca7485dca482a6935abc80c9977c0bb9","nonce":"479afdf3546ddba3a9841fcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"9fab227d2029c950682c4ce56aa357330a3ab5313539c2601b014258deb82029131b3e8487f9819b521c28a0e7","nonce":"479afdf3546ddba3a9841fcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"55cb0529967c57b069e5e9730ed4745306914c1b4e4adf3ce7335f482fde348840c15236b3e24330f7356d8885","nonce":"479afdf3546ddba3a9841fce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"1173b4f5e8265506294b4b7669d9f6979d71e6c9eadafbc40c595326f9f3c2e0ba14162b3cbad095228c0f6775","nonce":"479afdf3546ddba3a9841fcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"853db60b8215a93d00555fe2aea4a4268a14a1c3bac882651e5d381d6483198d191388c545b4156cf9724405ec","nonce":"479afdf3546ddba3a9841fc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"208376ac09c3d39a3e253f05930342956ff75557fcc417fc9d54d2be8eb89ef8b5e4571698463868142b7c5a30","nonce":"479afdf3546ddba3a9841fc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"592bd8f088fb938160df2c8847464260b6ce3588d1fa7384b54dadb1b6d5c170516c0fd50620978cb9ae2280dc","nonce":"479afdf3546ddba3a9841fc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"e206a26533e21ee16fb09cdab36b083cfa0b76f814be553ced99173fa84cdde1c03e8255ba650bb1fb973a17a4","nonce":"479afdf3546ddba3a9841fc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"2ec8f05760b7a3da4430b30ebe4433da4db90139343323e55593ad29d5dce15b259bb06781f24465c93e20db77","nonce":"479afdf3546ddba3a9841fc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"a15441a5cc3839da3ffdf00d4b95b8ed0572be17ccc84dfa7f82099b073ea6da411bfe556850adde9c990eb8aa","nonce":"479afdf3546ddba3a9841fc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"dc2b7a34961dcedfc9165fec8aeb137af67d211c878366b9c0a123b35bc690cf3df1604d21e71d184926ca2cee","nonce":"479afdf3546ddba3a9841fc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"a3ee291e20f37021e82df14d41f3fbe98b27c43b318a36cacd8471a3b1051ab12ee055b62ded95b72a63199a3f","nonce":"479afdf3546ddba3a9841fc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"eecc2173ce1ac14b27ee67041e90ed50b7809926e55861a579949c07f6d26137bf9cf0d097f60b5fd2fbf348ec","nonce":"479afdf3546ddba3a9841e38","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"62691f0f971e34de38370bff24deb5a7d40ab628093d304be60946afcdb3a936"},{"exporter_context":"00","L":32,"exported_value":"76083c6d1b6809da088584674327b39488eaf665f0731151128452e04ce81bff"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"0c7cfc0976e25ae7680cf909ae2de1859cd9b679610a14bec40d69b91785b2f6"}]},{"mode":2,"kem_id":18,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"8feea0438481fc0ecd470d6adfcda334a759c6b8650452c5a5dd9b2dd2cc9be33d2bb7ee64605fc07ab4664a58bb9a8de80defe510b6c97d2daf85b92cd4bb0a66bf","ikmS":"2f66a68b85ef04822b054ef521838c00c64f8b6226935593b69e13a1a2461a4f1a74c10c836e87eed150c0db85d4e4f506cbb746149befac6f5c07dc48a615ef92db","ikmE":"fe1c589c2a05893895a537f38c7cb4300b5a7e8fef3d6ccb8f07a498029c61e90262e009dc254c7f6235f9c6b2fd6aeff0a714db131b09258c16e217b7bd2aa619b0","skRm":"013ef326940998544a899e15e1726548ff43bbdb23a8587aa3bef9d1b857338d87287df5667037b519d6a14661e9503cfc95a154d93566d8c84e95ce93ad05293a0b","skSm":"001018584599625ff9953b9305849850d5e34bd789d4b81101139662fbea8b6508ddb9d019b0d692e737f66beae3f1f783e744202aaf6fea01506c27287e359fe776","skEm":"0185f03560de87bb2c543ef03607f3c33ac09980000de25eabe3b224312946330d2e65d192d3b4aa46ca92fc5ca50736b624402d95f6a80dc04d1f10ae9517137261","pkRm":"04007d419b8834e7513d0e7cc66424a136ec5e11395ab353da324e3586673ee73d53ab34f30a0b42a92d054d0db321b80f6217e655e304f72793767c4231785c4a4a6e008f31b93b7a4f2b8cd12e5fe5a0523dc71353c66cbdad51c86b9e0bdfcd9a45698f2dab1809ab1b0f88f54227232c858accc44d9a8d41775ac026341564a2d749f4","pkSm":"04015cc3636632ea9a3879e43240beae5d15a44fba819282fac26a19c989fafdd0f330b8521dff7dc393101b018c1e65b07be9f5fc9a28a1f450d6a541ee0d76221133001e8f0f6a05ab79f9b9bb9ccce142a453d59c5abebb5674839d935a3ca1a3fbc328539a60b3bc3c05fed22838584a726b9c176796cad0169ba4093332cbd2dc3a9f","pkEm":"04017de12ede7f72cb101dab36a111265c97b3654816dcd6183f809d4b3d111fe759497f8aefdc5dbb40d3e6d21db15bdc60f15f2a420761bcaeef73b891c2b117e9cf01e29320b799bbc86afdc5ea97d941ea1c5bd5ebeeac7a784b3bab524746f3e640ec26ee1bd91255f9330d974f845084637ee0e6fe9f505c5b87c86a4e1a6c3096dd","enc":"04017de12ede7f72cb101dab36a111265c97b3654816dcd6183f809d4b3d111fe759497f8aefdc5dbb40d3e6d21db15bdc60f15f2a420761bcaeef73b891c2b117e9cf01e29320b799bbc86afdc5ea97d941ea1c5bd5ebeeac7a784b3bab524746f3e640ec26ee1bd91255f9330d974f845084637ee0e6fe9f505c5b87c86a4e1a6c3096dd","shared_secret":"26648fa2a2deb0bfc56349a590fd4cb7108a51797b634694fc02061e8d91b3576ac736a68bf848fe2a58dfb1956d266e68209a4d631e513badf8f4dcfc00f30a","key_schedule_context":"0283a27c5b2358ab4dae1b2f5d8f57f10ccccc822a473326f543f239a70aee46347324e84e02d7651a10d08fb3dda739d22d50c53fbfa8122baacd0f9ae5913072ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d6775308c3d3faa75dd64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692e85b09a4","secret":"56b7acb7355d080922d2ddc227829c2276a0b456087654b3ac4b53828bd34af8cf54626f85af858a15a86eba73011665cc922bc59fd07d2975f356d2674db554","key":"01fced239845e53f0ec616e71777883a1f9fcab22a50f701bdeee17ad040e44d","base_nonce":"9752b85fe8c73eda183f9e80","exporter_secret":"80466a9d9cc5112ddad297e817e038801e15fa18152bc4dc010a35d7f534089c87c98b4bacd7bbc6276c4002a74085adcd9019fca6139826b5292569cfb7fe47","encryptions":[{"aad":"436f756e742d30","ct":"0116aeb3a1c405c61b1ce47600b7ecd11d89b9c08c408b7e2d1e00a4d64696d12e6881dc61688209a8207427f9","nonce":"9752b85fe8c73eda183f9e80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"37ece0cf6741f443e9d73b9966dc0b228499bb21fbf313948327231e70a18380e080529c0267f399ba7c539cc6","nonce":"9752b85fe8c73eda183f9e81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"d17b045cac963e45d55fd3692ec17f100df66ac06d91f3b6af8efa7ed3c8895550eb753bc801fe4bd27005b4bd","nonce":"9752b85fe8c73eda183f9e82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"efa55f87a783df6f18e526daa78f3073648105dd6d26cf4fb49cb31c2f2468cb3d2a2d5e95a924cbb2ed0e27f8","nonce":"9752b85fe8c73eda183f9e83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"50c523ae7c64cada96abea16ddf67a73d2914ec86a4cedb31a7e6257f7553ed244626ef79a57198192b2323384","nonce":"9752b85fe8c73eda183f9e84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"218de89d9e939e499a763e115e2a632617ead13f34a4583a983e5abeddac52f1096a91eb3a01679cfdfd760b1b","nonce":"9752b85fe8c73eda183f9e85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"d69de267245e1933f3173ac5d03722013f5b6d1975d89d5ff639f682ae5495a6ed8b0d702f9ce185a299d1ebb8","nonce":"9752b85fe8c73eda183f9e86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"574f1bb2b30fde64021b88b59a7c76923996090dbd4308a04743119fc771bf98a24122d8157297366f0a6e2cc5","nonce":"9752b85fe8c73eda183f9e87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"d9af5e7dcd406a3a8f14aebc144a84d30ba4c816f2482c648ea5aa6693f12471c51acd76227683ae17e41edb7a","nonce":"9752b85fe8c73eda183f9e88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"8e19ca8ddf25dc205b5cbb71561497aaa84cd6e4c0888c4242084325ec8700920848280a2713dfccb8240c9076","nonce":"9752b85fe8c73eda183f9e89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"cb726690aaccacc69789bdb05332f6a7d4b335e3e415eccd20886cefd4a41f2c4f30592aaf4d4850a323939b29","nonce":"9752b85fe8c73eda183f9e8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"2b585ee1173e2d5535ec50b386db5caae003ee9983108c7f9870bf00ec532eccbad0fcfd83726061a6de7274ef","nonce":"9752b85fe8c73eda183f9e8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"7279e08c5f3efe61cee5495228d48c65bb8b59e0723cf47d7a64b65819386e99cd209606d5a0a3007384bb103a","nonce":"9752b85fe8c73eda183f9e8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"5a552d380b8b019b8950c6b0769b49b093e483702e48bf195fdad50561f0a7b0adac3b13a02f7a5349df009ea4","nonce":"9752b85fe8c73eda183f9e8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"32e160cec868909003424c9549e54442180c9fe863955f088d1be5529927dd618d6061fa8da07081833b9329d3","nonce":"9752b85fe8c73eda183f9e8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"58d2f8a1af61d3fc3fac68c2ff141e445275d2f1c221ce205cdf7c1b1bcef6e3ff7563a5f262cbf059b8eac49c","nonce":"9752b85fe8c73eda183f9e8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"cf8d2e93ae72bee89da3a197f1e4cada94bf37e49b836b3c2789b9d5c5d04501e6b56ebbcebec3271e1bf4621a","nonce":"9752b85fe8c73eda183f9e90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"e0174255e6b18bb9633cb5c2f7cf515c30d395406df0ad0ca9396362140bfab1b5f2d36b8a1acd34af9e02d79d","nonce":"9752b85fe8c73eda183f9e91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"bb96d0e4a2d35a5702317a0356165feae8f1f8bd6962226fb937304630330cfcfc15835f4d4b003fb3c0de435c","nonce":"9752b85fe8c73eda183f9e92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"a19d455f84b217fb7cdecd2eeb6d25ef506f4c82137b770ed64442888c2f1714bfbeb2f1b09d7a42f2509243e2","nonce":"9752b85fe8c73eda183f9e93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"87c096d5b4d3fa529ad62cf41e8321eb5c8331e385d6654fd4e7d71281c02659e65c19dbf2102661fd20f4f58f","nonce":"9752b85fe8c73eda183f9e94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"8b25bf6a0cd6754a416317da8c71da293562f8cb4b04d929eb542800705886000f942114c2d95d8ef5c99feca2","nonce":"9752b85fe8c73eda183f9e95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"dab47cc67c9ce8af950bf014b9b79c860a287cd2a7bb495b64b34c9f82286bc7fd7ed4454a6b035f918bc40ae3","nonce":"9752b85fe8c73eda183f9e96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"414c64ed1647f091d89b731012f3ba5567a0b5f8bff68e42be2a111dd3be18c00133f3ff4b41a3b3692187aed7","nonce":"9752b85fe8c73eda183f9e97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"31af6c601e5d79aa8661bd137be293be8cb29672e5d7980fd4cdf1fd799cff5b3bd28e2fc9c27c1f832d8af9e5","nonce":"9752b85fe8c73eda183f9e98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"2958622a829f51ae9a549990452a6c09d15f019d763190aa05292ab451c9af2f5dd21399df200da1fab5ce60a1","nonce":"9752b85fe8c73eda183f9e99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"51e1c3858eed6d7d758e0893090e5a7b8771db3d4f50c3a5d2f6b196b62a3174b811db9c4e381b327c65044ca7","nonce":"9752b85fe8c73eda183f9e9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"519c31f9280f4cf75c46c986ecf3b953b85ba72676cff315b15771b9db05b41f3abca658da3dc57c26defcf722","nonce":"9752b85fe8c73eda183f9e9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"c4fdbbbaee2246bd21e0a1c7f6bd515ff5d2c646e44930b71db9efff339b532a77cf0ceed70a04b3196d3a9883","nonce":"9752b85fe8c73eda183f9e9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"2c0b0d470c34362e3f92fd4f5d862f9c41ea2883a4b1d9eb32fca1b94247ef0a416a7590ad54be53dfe77d3d1c","nonce":"9752b85fe8c73eda183f9e9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"412f8615a4b6a32b3a3fa368bf2ad191a3a44d49b0265a3857281382c1db97f1574b52e72f12fc8abd8eb5a099","nonce":"9752b85fe8c73eda183f9e9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"bd61c2578ed2b0ac8b32b25698999679f964f04872164c6a2951039afbbd50170e655d1353543bcd3ad7502ab6","nonce":"9752b85fe8c73eda183f9e9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"0fda70faf6f109d6345e6df95ac0b1cbb295f159ab6d5a9441c8cbae97c6a35b7fd5d9da4314545c2488e8bc18","nonce":"9752b85fe8c73eda183f9ea0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"5c6d60eea795b2c11ef66b9c950d0e87284f13067eeab89263c9fd0c77bf6640207870353d535fbb9e11ea0d51","nonce":"9752b85fe8c73eda183f9ea1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"da62cf72e7ab428245dd747040a674233d4c1621f959b3889b36b302e1e42e73497e8bba9916cb103943797a8f","nonce":"9752b85fe8c73eda183f9ea2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"40b31becb7908fcfce2a5f7326a756906a36aa73d43d06895f7f88cc6f1ee68ae3f2521c4ff77623b56abc3e99","nonce":"9752b85fe8c73eda183f9ea3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"243a398ee802fa02016002bad9ebef724d8bcf8d2b97082bac908ac511a449c53e1fb3f90c65305e07a001bfbd","nonce":"9752b85fe8c73eda183f9ea4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"a360730ca5143c150203655127542d9643d747de96333a44ae0332dc9df373811f7e59b7a06c6cc3633a224108","nonce":"9752b85fe8c73eda183f9ea5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"bf23dde09110d759322182e1b35b3ff9219036e748d5379d1286ab096ef3f5a0dd4772e951d342ae2878ec5ced","nonce":"9752b85fe8c73eda183f9ea6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"ddc70085c5ad2d923ff29cdeaf80439b912f5039dec37641517c52c747263f2135de2bcb2c6269cd07941f2952","nonce":"9752b85fe8c73eda183f9ea7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"30dc5caf3094615b23a7965b076a93cfb6a5bde9d6b48ba73f2c2cf91889c00afde6c8372590367e0c88f46053","nonce":"9752b85fe8c73eda183f9ea8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"c162a4eae27f3c3412af2eba35a135ac3aaf3c4f50a1e10a7ef02e24fbbb906aa0171bb273c0480f8837f653fe","nonce":"9752b85fe8c73eda183f9ea9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"3a13822661fecce1d32ab8360502d5b1ef33ab97373bc552a9271a2f00f086fdece5e55ca36e48436e3d9a763d","nonce":"9752b85fe8c73eda183f9eaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"060e4f4180bc2e8e8d37f0c47d617df7a5b8f44011e3ec735eabdfed0a5fab262fc408e6814e7d60b9e58005a9","nonce":"9752b85fe8c73eda183f9eab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"211fc8a658ce293df5fa442c03bbf2fae779830ea5d74afa3e83d17bb2c4262ff30a4b3c74e683f22f72cd0cf8","nonce":"9752b85fe8c73eda183f9eac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"31ed7d92abd1bef95dcccad35b9a74db8dc99d8cc0ddcd7891b45ffb43ab6bee078ef07bac765a1cf3661c0da3","nonce":"9752b85fe8c73eda183f9ead","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"2c164bca92c404765917f1d0aaadbbe144b9479b165dbb88287ecd0528e55dd5c85b9ff15988ad64e093eba42b","nonce":"9752b85fe8c73eda183f9eae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"13c339d6182694884b13ce23c381487d1199919aa8fa31ea73820823e50c00f4e4d6e8a5d5004af5f06ff845b2","nonce":"9752b85fe8c73eda183f9eaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"92d007fa89d41e70cd3679be7db6277fa9054325223d8e4cd1d4ed01f751323794515ff258923094927f2bee92","nonce":"9752b85fe8c73eda183f9eb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"2ffc3b230b3d8c3f079fb04cab25a97ba209affc8d1f7baea2e049090b4337b89f9b5de148d3c80e9519db2b15","nonce":"9752b85fe8c73eda183f9eb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"a3d2b32172a18dcaad298ee58fa17ed8eda815460e342ed1ce6cf807d4ced197236585492eaf890e25d1205673","nonce":"9752b85fe8c73eda183f9eb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"cdf59d29a608d8dbaaefa83ff6ed0578c208ed408cc615e21f74ccc23a03fdb6e63ee319cffdb991af93457246","nonce":"9752b85fe8c73eda183f9eb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"7b90eed32eed353f7f0e091e2c7ffaeabe784784d2d143ab40742d6050e888c8e0961996964523298ce312ea27","nonce":"9752b85fe8c73eda183f9eb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"7ef212a4e281e1778c4e24340f7e82f9e3ea2bea49063354c16df0950eaafefd4658ece8deaf80330836945ae2","nonce":"9752b85fe8c73eda183f9eb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"f5c30cc3dfa89a7e33bd6352319842459ae5dcbea0cdcee2e073769e971272a455d1dc7c0429997965c9e30cf9","nonce":"9752b85fe8c73eda183f9eb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"bc911be2d3a9a66bed561ca839ba19054aa876361c2faaf2b727ff33b684e64472668d7cd63b322ecc1633af43","nonce":"9752b85fe8c73eda183f9eb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"4d9a2eb51c009fe3a02ec7968e4bdba1ccb02a6cd84b119e93376553557fec50c857853bb55a84475733a4e5b4","nonce":"9752b85fe8c73eda183f9eb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"57659bc719c2f64acf5f32cf737583bb007784245b187bf8822bf8b510d5fcb5985608b0c5cd81cf754a714f6a","nonce":"9752b85fe8c73eda183f9eb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"7bc3ea760e40864e9dcc836054a6bff1c50c1395b3797d934845957e0cacf2075f33daa4ca16d886a9efcc114c","nonce":"9752b85fe8c73eda183f9eba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"b6412f2e4dbb981fa217071eed66b8a172b58c68c44fac73b73d2c9ee97d14f618fcf98fadaf1ce84012085b31","nonce":"9752b85fe8c73eda183f9ebb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"ba7ebec488ef236a54b4a8b8c375a6f1dc25cc6859ca287ee95f47b462fff0d2718a0a42d06116bae50366c668","nonce":"9752b85fe8c73eda183f9ebc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"4fd702a8dca9f67c66042e46a1442bd73541d7e0ba528901880b9b4929976fbde2974f931130c089db436e5220","nonce":"9752b85fe8c73eda183f9ebd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"5c27b3dad2a050d63b9024966ad68ed5f20e114082aec669b18022b4cfb829a4d58b993f69ac7aa4eb8a0a8e1f","nonce":"9752b85fe8c73eda183f9ebe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"87838346aa6e434e14628b201401e0ecfd641291964b51ded28252c1f88d1e862bb7a3ef059b0338706eb7fbeb","nonce":"9752b85fe8c73eda183f9ebf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"3932a69ca279f94dd7c8dc171a831b512a515cc9c1b637c0ef9d113be55f607690f0ca527e70f30108b9917526","nonce":"9752b85fe8c73eda183f9ec0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"5630035e9af07da8d34af624d468273886ca0bc2fa1d2fe8c95216487e8046f39a96996867a7ca52c12eed2b0a","nonce":"9752b85fe8c73eda183f9ec1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"3ca9ba28e95650538b83c8e741673f1ab6827e52293c1b6ad1dcac373eef7db94f7bf75b7f1d980f3756d7c956","nonce":"9752b85fe8c73eda183f9ec2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"d5604afdb8ac85a65881299213654b5ecb58beb2cc7fe11ca3887aaf78243f4a5db16e3c72d6f4c21da2707c5a","nonce":"9752b85fe8c73eda183f9ec3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"36734c5a38aa2e27fd3336ee24053d6855bdb117a0c7b6ba8285573ae8d8eb27ebe2bc1d757375cada482e1717","nonce":"9752b85fe8c73eda183f9ec4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"d1f486110a81e54a23389bbdec7a71bc160b14ee0ff55da0869a5a3c646c7dd89e610883f5e54899708b0ecb43","nonce":"9752b85fe8c73eda183f9ec5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"8387da8071a4cb1e37cadbba7372a27cc437daf64da5ee1acd6fe3617de308dbee000585cd2e46e5c0e9c02afa","nonce":"9752b85fe8c73eda183f9ec6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"bc6f8ecbe469a27336edac7a54f85be8d40af1872b7ffb00110edb70fe98fbc65bd14846fc358b38d9d7cbeedb","nonce":"9752b85fe8c73eda183f9ec7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"8405e3a01cd55b35706c03a580ce4fd05f42e7c815600340e325e330b8c1880b8fc299e2f53dcbfffcb404b85b","nonce":"9752b85fe8c73eda183f9ec8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"e5a3273ebf9d3551ac4cddc43f214ea73d90dad9d3514a3eeb06963d1e89f4b2f5b6641a8c6e880d0f3aa511f6","nonce":"9752b85fe8c73eda183f9ec9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"bcebebd00409391880109c48b1cc56666517874cfcb7eca20dd2de0124f1d10cdbb9a17e404f3575a6ecf322e8","nonce":"9752b85fe8c73eda183f9eca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"4449f8527b4f7979eb2b1e71dc26dec46764c5b54cc9c2f4397a09dc964900b184d1dc46dfc50566d1661c45ea","nonce":"9752b85fe8c73eda183f9ecb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"72399f7bbfd979315fdb72d4011b51a0493e09955ae7f09ce63ce132b8e9ce10740ba131ab880470a948737b9f","nonce":"9752b85fe8c73eda183f9ecc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"7a4848a7ac1af1544ec023aff431a3fc2dc0526fab32a22b38a0376594b4661cbc50f02bd16ce568c2901e8906","nonce":"9752b85fe8c73eda183f9ecd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"bfbbf033957976a2ee5412d99cfaa674302927c4f38b7f7246cd9dc734fc40277fe7385382ae5d87e08ac8f9cf","nonce":"9752b85fe8c73eda183f9ece","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"92ce5e5f87916358ca1aaaf9336988fd3d4750b91a89128f7c82a28a25b1986efb4042c7f087a99d1e97f870bf","nonce":"9752b85fe8c73eda183f9ecf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"f1b7977d9c1777ea2921f5867263f55eed6f455557973ecc880b2486756c9d3fb04db7248266054c1c7abd84b7","nonce":"9752b85fe8c73eda183f9ed0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"2653731fb154333809381346ae6290091c02c46ed8e5c2631d02cf831178c79b5349e669cd0bf9e2b7edd7af9b","nonce":"9752b85fe8c73eda183f9ed1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"3a51b5deeb887181bf420a87368c81699edbd065edc1c1fd4a7e87b798131b8707a95e717a066b10e575ceae36","nonce":"9752b85fe8c73eda183f9ed2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"636caa90d6bb0fd7426566b204a8e1bda6b0533102810a2fd0124db8bd78e147c907f57390e778682ae3535533","nonce":"9752b85fe8c73eda183f9ed3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"daf6e6f836d4368dac046e55944911ead64504e912632ca4fe52577b4ed482f6975c8e126f15dde16ef083e11f","nonce":"9752b85fe8c73eda183f9ed4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"6a3974fb63f2bf721a0cd1d8c8100cff9e89800f3d476ced757cc9082194ca323f165be4d3fc6b59e07a19ff2a","nonce":"9752b85fe8c73eda183f9ed5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"878833f58d46197f376d7867dc1a7a4d06f1d5344e930445ef99dcbaad495d1f14b3a32ea4f173a4c084040bcf","nonce":"9752b85fe8c73eda183f9ed6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"1056e0f5b5b551078387a57b4883436723efb7afaaf59c771efa0dffd9d1c8845d8b31c4c32772ce6b0b4c8c7c","nonce":"9752b85fe8c73eda183f9ed7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"7236c30a7830ce840c1e01e10f1c7b5fb5de72227386a966fb80147196a34990f466a1cf9b1505f7802e972f21","nonce":"9752b85fe8c73eda183f9ed8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"2bb519fe589c8613b22954e08e0abd4bf9864321279a59e9b610627bce027b0279766947a82c4a8472c5981109","nonce":"9752b85fe8c73eda183f9ed9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"9e2537b37fb25a8e59222b8c88e5598e5f38ba507e593342888e8563e7f858827a4a208c85dc50cac4c841753c","nonce":"9752b85fe8c73eda183f9eda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"05c02bba52660a7174f1319c2de9db3710b76e3376972b7e6a8d8ff2bb330799acffd70cf6d0f7d7d559225632","nonce":"9752b85fe8c73eda183f9edb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"d3cbb7fd091c0528da196d2c7e5f0b58a7fba5508778af4b9db96de2b0f088bb481f504a63fc4843bf5b059966","nonce":"9752b85fe8c73eda183f9edc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"eb4c9643a1b593b96ab45a7fd153fb4812780dcc2e50503bc2ce36258520ed553251c8c081798061dc44b5fa62","nonce":"9752b85fe8c73eda183f9edd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"91664e931e0df7f43c748314d8decbd4ca200d574901d6e07f11d142fc54692b1e238e7a63df9f394902fd3757","nonce":"9752b85fe8c73eda183f9ede","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"2e25cfd7f3ce6c15ef7d909277efde0b12d0b270e23fdf5d350c1cb937a5c0e983d27c56af495168e2490c6749","nonce":"9752b85fe8c73eda183f9edf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"025b1295f73cd8f4e78bafbe1f9938f7ecdf89eed762c978c851300a60d6a98d225c5d5db72f889ea339c53815","nonce":"9752b85fe8c73eda183f9ee0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"6f73b1ca6786fe5a9d5bf9f6234d43ca4d4f9d3fe49989c2b7751ad43ce54e1877266b2d9be423b39a2f24054a","nonce":"9752b85fe8c73eda183f9ee1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"9ea2439cfdaabff0feaa25edf0372e9bfcc5af9267d739135e4b92d33489725fe623caa613bc510471dc6affd2","nonce":"9752b85fe8c73eda183f9ee2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"e4a823201ccd1385178d905abf377c30ed6afcc33774fa91827d8fb3138c486ca33e551433cc11db295be521e5","nonce":"9752b85fe8c73eda183f9ee3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"4035fecf1ecc9436ebbab026ddff89c48819f4d4bd38e06fe6c5cd699f9e26935f4a821c76cd10e8770e8f3c76","nonce":"9752b85fe8c73eda183f9ee4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"7b5d8fd6a293a5256417c9f0693c6274917d50058deb4fae1fed7d17422217767403f88a803e3cf3d926c4e7d9","nonce":"9752b85fe8c73eda183f9ee5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"4bad41bd7477ec75b4aa99c15b30ac4966303ec93fda7ddc5541750347dfa47701e4e7cf525af015818869f9bc","nonce":"9752b85fe8c73eda183f9ee6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"e3dbae7985ba7983a22c819e1b9026f1aa3f169b2c6fb921510ad4a8706b5a54892e2bcec7a9f13ec65554025d","nonce":"9752b85fe8c73eda183f9ee7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"28ee946297ae2e7f13c3c1cefe2c7e22b746215e848f426eccbf8b1e8b080763f7b1a6c164f5aa0c936f779e78","nonce":"9752b85fe8c73eda183f9ee8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"3c351269ad1cef28283dfa1a3540e7eeb25b7c0a980bb56da738a3d118f7c5ffe1de10d9378758fc63a90797d7","nonce":"9752b85fe8c73eda183f9ee9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"55e84ed47b336eec3e28711c2f08d8b05104ac42846646b7830d715595303fe09f9cf41718bde6ec6f260388b3","nonce":"9752b85fe8c73eda183f9eea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"80fadfe685ab9f3edc7a08587595f1b88efc55bf95342be586053c245b9a100f07ebd1851cabee54c2313aaa7b","nonce":"9752b85fe8c73eda183f9eeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"5036f0a5ed7c21e9b8a733c66db8df4af7eaa45db3d5d361e1cd49ac217ebe33f8dbc6bf72f9a197d20df274e1","nonce":"9752b85fe8c73eda183f9eec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"c8123f3d9a1cb2a7535ec994b16e0080fbbc0b2e7a50aaa4ce2289ec21c2c065808534ee7914fc534398bffe45","nonce":"9752b85fe8c73eda183f9eed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"40b9950875d4e9935e5cdd827dfabef0a37693c1f8f2bf2c957750b9c03187afcff3dad8e16dddaa569942b462","nonce":"9752b85fe8c73eda183f9eee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"c67f3308646aff87a60d55c49baf2d225e8d054daeed13580e30edd2c172bee6d303548578009b0eea68f50701","nonce":"9752b85fe8c73eda183f9eef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"e8ec3872fe4546ba895713f3ba50730c9d3ff330930f0fe795d895368b863f07d41c747125cfa41764cf4946a2","nonce":"9752b85fe8c73eda183f9ef0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"c22e5ae6d925212e3b7e96d76453024dd7c191670783055c9efeecd8cc2b329c97d143e650e19006b629d3ced2","nonce":"9752b85fe8c73eda183f9ef1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"045c2826f17e002ab38282e7359121c2c6ee6460a551e44b4b6193934a660dffcbff6acc0b33ee92e7dc670a1a","nonce":"9752b85fe8c73eda183f9ef2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"0dae22d94502aed666da4816f9673e93cb17fab29ef211d19881981f34b153afb8c053233e2595069e9665af89","nonce":"9752b85fe8c73eda183f9ef3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"eeba341d61e63d3415271a15c8fd7c167965ea08647cf9bbdf5559f5ff90782f377c881b72df6ce39b8af02903","nonce":"9752b85fe8c73eda183f9ef4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"8a4f26c0c2ebab9c296eaf364c5674d5ad0b3cce6036206bdcfd8827ae924d1c5bf96b8dda4fdefe00949d2b9c","nonce":"9752b85fe8c73eda183f9ef5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"504621939333f8302a3e0a64e89ae260a214d2327860c506575e7e8fbfe8900fbeb1d89669ea7223bf226b8566","nonce":"9752b85fe8c73eda183f9ef6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"bb0576cd9e922d6ffaa34940d557a2bedd25fa79419358f13e718303a752cd152eeb7be8461305452d5c9ab99a","nonce":"9752b85fe8c73eda183f9ef7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"af3ef1b13dbf116ab8bd06fdc2d2667f308a7bf4f86af3b2c03fadb087f5bd94aedc17d6ee31992047324aa0ff","nonce":"9752b85fe8c73eda183f9ef8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"dd776e75ea4fef56f3c42d20e3b7b207c16c4b59448d3465bc82e53a442931d76749d403c36c647a1575096287","nonce":"9752b85fe8c73eda183f9ef9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"281aa24862b17b4ff762d2aa246309a688a85c76b6260ee5d9bf4da1545177764e92d2f6d4ed19d5d7434f1aa4","nonce":"9752b85fe8c73eda183f9efa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"b227e56fb409e0568a032f23f1d5651c095ebc005b3b199afc0319e53495bb467df47218956eef136b61e5a16d","nonce":"9752b85fe8c73eda183f9efb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"9a45512f467273685938d97b53b94cb35b1b1c2cb0d88637d6ba5e24799c0af6334e813633224de4a8df9d2fdd","nonce":"9752b85fe8c73eda183f9efc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"83961e2b896c17189fe2149d164a7374292f5dc6b7b6b893c63ead4d39d2dd66a70b09f2bacb9781b114251663","nonce":"9752b85fe8c73eda183f9efd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"7c323acdee20732fb928cb533d681f88b754b7476d53091e666d20135b95e90d2e5c1a5c3b3d9f252496a96482","nonce":"9752b85fe8c73eda183f9efe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"57ec2963c904599e05529c4b2798dcbc23567d118bd876981dc68be78c5dcf395bb01f04a8936da0b27f1bd6fe","nonce":"9752b85fe8c73eda183f9eff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"4f02290b63d6a255669e591468b49bf308410501e3237cab634d738dc3a552ecb69cda46740680583e38385c8d","nonce":"9752b85fe8c73eda183f9e00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"f3ce065a7b650a4a1681bb1e18b612ad13c7b3c27502c0c0424b687e69911dee2256226c10a1916ebd132191af","nonce":"9752b85fe8c73eda183f9e01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"e34ed5474729715bf271a79634d0166860aae10914f09e944cc3f9737bb971c7e20ec8731d5ba2ff76744a205a","nonce":"9752b85fe8c73eda183f9e02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"35fd941dadf86a8b0f7924d999281c4245e3bd69cc481e3d154e383560889b1d8fa8cbd7e8f7e64aa55afe3ac5","nonce":"9752b85fe8c73eda183f9e03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"01ea8c9e65421484ce4e3aba83674b879b73b7e97402bcd21bf4238beb889e18c46a58c20b602306005b157de5","nonce":"9752b85fe8c73eda183f9e04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"303a4ea689bda190c838fdfc4afbbcdd438ad2d0a7b0ece293ce445fb89f4e1bf014637f1b3e5ebd49807eaa54","nonce":"9752b85fe8c73eda183f9e05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"1bc1b6a63160ebc2f6d5e09699196b4ed02ae1067736cf8b6756cee09d1941d37cbfe0972d95c693ad082801c0","nonce":"9752b85fe8c73eda183f9e06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"f1eca952017941838dc5c3c2bd5f0aeb14f450ce86e8b1824050e03320048539b919c5ddb8355fe95f53e98825","nonce":"9752b85fe8c73eda183f9e07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"64cd00c4fe40051cfe04808315af00b0cb64a0cf6c7c7444f498a863c6a19e94d8f9e362e42dded93e16bd71dd","nonce":"9752b85fe8c73eda183f9e08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"18de4f5759d4fbfcb21f9fa71afba82d820db193a45b9e8e4b4a97af44c37a35d8787f9488c8b57cd275a5f0c9","nonce":"9752b85fe8c73eda183f9e09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"c1ae468f16a12777dcaefa8126f1c8848d90b0c204249485d78edb90ff7d1853da807fd0c044e68feff62a0836","nonce":"9752b85fe8c73eda183f9e0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"329ac0bf0131213c73260cf1cd0248516d64e1b994951ed0fd74de752032b9720cfba7f96bc9e748443a7af29a","nonce":"9752b85fe8c73eda183f9e0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"d0929460a8c391cc283121531d428397617e6a17e60325aec7ad2cbde878d13dcac79bbc7545fa01f4733615dc","nonce":"9752b85fe8c73eda183f9e0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"0366b4bc2b6b11f3d5bdc7aba871daf3782c3dd13012bd90ca498c945b812581b107875f6cbca40b6986a51aa0","nonce":"9752b85fe8c73eda183f9e0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"b7833264e943ce45c66a7c4d23b2b175370a3efa18a0277fb41292d7a05cfa7068a2c9ae1f12a755097c7a5f91","nonce":"9752b85fe8c73eda183f9e0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"5e21ace3394a45fde7fed6c2d1fba0baa94741a86cc13cd06112e48b59e38a13ac5d4abff7bedc62be9468716f","nonce":"9752b85fe8c73eda183f9e0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"2bee922bbea7ee2be696705c5c901a5e7dfc18919b29975d0d185e26950885ffd5eacbc1ea0b6dfc212a0b6c13","nonce":"9752b85fe8c73eda183f9e10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"6dbbe983dab5443e2a063c47a4f3617b3eb04baa23eb4cf0f24c42ee293ec653516fab987c64aacc79cc97ad4d","nonce":"9752b85fe8c73eda183f9e11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"c26d685da82b1f29aef84ea5984e8476ca535a0fc31c4d0b276383804a912805c1095f16a4f4503f3758161b7a","nonce":"9752b85fe8c73eda183f9e12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"b1fedb2a8b2fdb81055b84a056b7cd53e800a49a4e713fb0db0acbd4ff03e430c22e2fcf4549c69f34c7bc541f","nonce":"9752b85fe8c73eda183f9e13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"7ed75e4b707a36ee4e04987ae3c0a00d286d0bd7b31c46a01b986403f688f5291f9730878105156876efbcacf9","nonce":"9752b85fe8c73eda183f9e14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"d447775c097de439e913d075993265e116260c1d93c666ff2fda9348515e184304596b115fac65d0de847bd017","nonce":"9752b85fe8c73eda183f9e15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"f9d2c97e0e38d259d6bed435b7a37bf53cfe5d748bb9d9d32a42f3ae807ba4b6334132e0324e52d8c3eb41e684","nonce":"9752b85fe8c73eda183f9e16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"5f7f5c6e58e406a8022f1aab8daac2ba64b76f2eae236876fee3fde840b3840ca5161b14b0f9534151924082c7","nonce":"9752b85fe8c73eda183f9e17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"55403f7b1c9f3e2cb3b52bb37bb3f488e3e0aa8a05c8405ca9d5f2a0194adeb534514fc047e3be2afb22bdbc31","nonce":"9752b85fe8c73eda183f9e18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"57aa9aab78615d34ba0c1dcb32c172639b0554593188257756b5967728eee6d752451c8c731de0298b43c2a491","nonce":"9752b85fe8c73eda183f9e19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"ed5fd8af40a0601102af24348c1a686565d97fc8696993003b3b5e8b69de3e4f034e244ac40527513b01e1fe2a","nonce":"9752b85fe8c73eda183f9e1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"010dd16fc78fc60d05c3a73e375be924387f47b6fddd21764ca343cb61cbafbc321befb7719d127423f8f0ca81","nonce":"9752b85fe8c73eda183f9e1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"947176372519990fe8b5ace5251f7b3ea752f26612f64b624652b97430a76d02e1126f5bd14c1876b0896381ff","nonce":"9752b85fe8c73eda183f9e1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"e75699963692034fcf7da82989a6ed65ffc911c162a2cd671ad40ede5fca0e44f44aba2a5e475a7df04c792243","nonce":"9752b85fe8c73eda183f9e1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"04cf1799fc892cdf2a499607c9f7739f65809d4434d03d03f70401a41adad77b4790e344423c1efdfcbdde888d","nonce":"9752b85fe8c73eda183f9e1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"9dbfec498fdcfe30809fb6e32bd83ff21529bc2f22b983bf2b10b1e0ca07a7c61d3e202826e94ce6a1f0aac828","nonce":"9752b85fe8c73eda183f9e1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"8db5e29c62836e1bca231c852f8fcd8bd6bcd81890d2ac3f43b8f36953a9d1ea01001f3a5de715633abeb9b55b","nonce":"9752b85fe8c73eda183f9e20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"3b90e68025352fb9b3e37e5241ae34ee6d35f60e4511d56bd7d8f423b8e703ae1cf1ee424becfe26aa3c21acd7","nonce":"9752b85fe8c73eda183f9e21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"06450407f01a25a33d846932e0ee41b9f92698837dabdc2ad47919056ea069d97a7f410e03c93fc1ae35dc9058","nonce":"9752b85fe8c73eda183f9e22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"34a051fbff8d3a1babdcd9365c35d57d82e003e25f62e33ba6be682ca8c6938b477e1cf7fc8f1b1a08f852a003","nonce":"9752b85fe8c73eda183f9e23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"4e16e1e2b63cabe1b7c35cac5baa07778fbba94c87a9f4ceb844833a75b9299d1136eb6e5862181fcf921a1f15","nonce":"9752b85fe8c73eda183f9e24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"f6e4adf9c6fc907e4239de1976549e1795a80ad5a821ec90f92e7add03f8b1f989a8e08214f823a5cb8d3d88b8","nonce":"9752b85fe8c73eda183f9e25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"6d377f155cbe6a9c584e10b7ca1e3f18db2e8c383a51a5f75db929adbe2218cf1a1311813e73f3bd2fc01b2d70","nonce":"9752b85fe8c73eda183f9e26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"157a09d6f3e6ae1b6d4c9651559d9a0ec00cf23bb47b70fa1cf3b35810ca1a6d69354c301bb5c7e8375594b9ee","nonce":"9752b85fe8c73eda183f9e27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"c2c555800b7cb03605d6fd57ed4d5714ac9d1b99536dbed2784ea1e1073a26754799ca6564fbdeee41abdca84e","nonce":"9752b85fe8c73eda183f9e28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"168e1d05d7576fc9059a7fe5a88b2062a1c461ce48cc9d565a1ca17ad53a88628d47e4363766d92f73e42dfc84","nonce":"9752b85fe8c73eda183f9e29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"4c067b329affb9b1e8b9ea67fa898a761e5d82441c6a7bef305c2b3df41360b76c39f05722eccc46839adb734c","nonce":"9752b85fe8c73eda183f9e2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"da1c654eedcc111cb71cac22c40fde88e264c888258ca35bf63b01b5d97958cffcca61db5d4a46bc3ed524b920","nonce":"9752b85fe8c73eda183f9e2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"cf6eb05f3a49ff5e697faf8353a656051cd676b27e1c378e8ac303d37d80fc7f316f0ccb1ed8f9b9a280b8d242","nonce":"9752b85fe8c73eda183f9e2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"75303d94701e512db401db2e5f2218438f3be629545afc58dc0564a1d2c3f0ff45f313472b5a3b362258d4ef2d","nonce":"9752b85fe8c73eda183f9e2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"dfdbcecaf72b08102e9872d54e1ea9db3516fc5408b1e2cfa733b06844e1334df3360a97f2bec2dc5e5211c640","nonce":"9752b85fe8c73eda183f9e2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"11fd858720cf62241e96174f01d6e60e2428960746f2ff5170f252578e98f56216241a6aa67b94b4f285b75fbe","nonce":"9752b85fe8c73eda183f9e2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"10f07acbbb84184e472b672b53c8d89b4f941358e0ac51c65c3bc7384586c237091bf2a4d3b463051675085c41","nonce":"9752b85fe8c73eda183f9e30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"82faa09e044d6239ffbaf697956aad539f2ae323e224433778c176c311d493b4f09925b485aa03d124168adabf","nonce":"9752b85fe8c73eda183f9e31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"d4a997cb2aa47dd0503f12a87f5a59691037995e749dad4ec0f5838e33888e148fae1243ac83596d02bc46bd85","nonce":"9752b85fe8c73eda183f9e32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"d13ee72269718ec4b7c5601bdc43ea88cf8dfd6c3b18de30fa1ca38f1c02e16b22d8114db340473a42f7b1d3f0","nonce":"9752b85fe8c73eda183f9e33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"cd859eaa2bee6ef6c1fb80311f79da1a0d7c03979ae1f89d96cd439acb373952e338d2c5dc5d71567f6017b069","nonce":"9752b85fe8c73eda183f9e34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"12bea3b4fabc34eca75e18333f2e59d02065d2aec061cc423921d9c3aeb3400e25b25aa01dd8a4a6a686b4ee57","nonce":"9752b85fe8c73eda183f9e35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"a6d6f43d0943e0b3cf532b36fd866e9df003852c330c94f71f2a9c00604f01c1edcce8ceddec80140bccff01af","nonce":"9752b85fe8c73eda183f9e36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"049ae838b91301bf9e8d2533a3fd810b6e317c0078b09f45ae477f338f799af830ac575baf3d8d6e898aacccec","nonce":"9752b85fe8c73eda183f9e37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"f78280f9624fb0bd3fe51a9f3b63ea3d816abda62cae11bfa67aa596f12a4f7895e129c9ca5f539f89b66196bb","nonce":"9752b85fe8c73eda183f9e38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"3039fd1f14f2a777355f6e86653a0c0c07c1919a4de57c6168aa36453695e88892064ce895faf6fe62df223880","nonce":"9752b85fe8c73eda183f9e39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"50ea46d47c655ee3065eab621cd58afc3cf40d86292cdd48a418c428b170faecbc359ead0434ae40fc46b530ba","nonce":"9752b85fe8c73eda183f9e3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"5be85f7944a4643926a325d06ed54099f8aa5077145e1afba7b6cd99fadf0e403d1818e5f0e4e0d1879560b3fb","nonce":"9752b85fe8c73eda183f9e3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"46efeccc956a089e39e681c3b2f8c65f1a96db72c57adc355ce2dc46d4a4b3578845b5c0fff6ab65967d1ba88a","nonce":"9752b85fe8c73eda183f9e3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"acb7eccb07bfb77dd49636e0010380cfcfe0e6fc3a25a6370bd7935616e0fca7dd00f88576c15a1ce08fc6aef7","nonce":"9752b85fe8c73eda183f9e3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"09b19b47b1406dbc111d84fe9473a957d982ddd72a17dd8c091eb608a479aa6fe3281beb56912a057eae01ed99","nonce":"9752b85fe8c73eda183f9e3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"ba4026c8dde01cf84804233e5e20b2e699176a0a5eb5abebf60be33dba1c3cbbcab1a7159f56b4fc0d864f9b8d","nonce":"9752b85fe8c73eda183f9e3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"1408b46ea8c879c838bce2f15ddf5161afbf68ec0d18995d4e178ef8c59355c9570aca31d5e7badd6736035185","nonce":"9752b85fe8c73eda183f9e40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"cb45fc540420cae2749089df34859d95f7cc2549784101802362553cadcc717ab7afccde06940cbf7dff5bc1a8","nonce":"9752b85fe8c73eda183f9e41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"ff3fa4a745ce7c6759d958541fe4d281beb1d6867986e7c2c15f76a688f9e91ecb790a2871ea1c0124187ed42d","nonce":"9752b85fe8c73eda183f9e42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"8d5d14f9229b1c527c6d5435e800a3f29b438d134e3ad86a7abd5ffa31f46159836394068ff3880ae447926e83","nonce":"9752b85fe8c73eda183f9e43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"aa0d288b745bdab505e1009cc00adbcfab45193e99d491d29d8e38635112e24f559388a54b193688ee0af670d0","nonce":"9752b85fe8c73eda183f9e44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"829b2d32864391c0c93d9bf9cf5df2c72491388f491866516b48012d61e9389d4aa344f5cc3f32641ffdb926e7","nonce":"9752b85fe8c73eda183f9e45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"59efe43674709e83fa3bc954fbbd2ff90c6ddb9c6fc47d22f5608f5ad3807ee56f2f88865e3950c15921d6ba63","nonce":"9752b85fe8c73eda183f9e46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"cd82c637f8c227f96c97675508a45d830eef2111cf4c841544666616783c48c6768ee9db686b0d4e62de393eba","nonce":"9752b85fe8c73eda183f9e47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"c10fe3b78b6c75a26ea647e62b3f396dc5e3f5d9e6f1c90d16351b87afea8d2d8634980d32775be03218f66247","nonce":"9752b85fe8c73eda183f9e48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"54569d9b07dd3d99a141a3814568d430ae9d7e9e5b3e7c927af51441a1e6f5efb58eff9a18bfecf3445795aa39","nonce":"9752b85fe8c73eda183f9e49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"dc6cf80d769bf9316595ec08260a9374ce9e86ac363b5d7eb875e653501b5d718ac4f3a00be17bd522c9d8af07","nonce":"9752b85fe8c73eda183f9e4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"2be387f6d964981df515b76ed04f07d1f08ae0c805db0596db892423d2df014f39f888adcaed2935093591786a","nonce":"9752b85fe8c73eda183f9e4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"2ab2930f4f99c11fded3e48e36d616de40bf3bf9bd7c195feeb136b440cd081a0abea6c3dd19455da797345050","nonce":"9752b85fe8c73eda183f9e4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"5d3b2bf211b8805a42d1f16cfc501f83902c470f6ca2b088ed14884ec0c7538b089c5cf9cd326c944a8e8d1489","nonce":"9752b85fe8c73eda183f9e4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"64c2b2fb91a4dbf073715991fda5b457d78f91165f62f9abea610f41bbe9f38da9cdfc4f031bdfa808efb68efb","nonce":"9752b85fe8c73eda183f9e4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"db086984596fb68fdd933c3a45fcae8ffc3b86303394367f7ef05c05d10303903674cb3bcf3aaa265bdcd96b4a","nonce":"9752b85fe8c73eda183f9e4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"d4e3b5382bb15139e405bed2ae4dca32f35f75178fcaac0a773eaf6633f3ab2a34cff08b3cf62ce899e9b105aa","nonce":"9752b85fe8c73eda183f9e50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"a8fc87dbbc37d5e951c4e65e3c3e26ebf4aa67b2071641a5b03a786cbf7722625cdf6b3ca13482f05f88f55438","nonce":"9752b85fe8c73eda183f9e51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"fc78d8fdc09ba0c289a506371165ad6d7b7586affdce87815dff93bef0874b88b642bab9c3f994d484295fe805","nonce":"9752b85fe8c73eda183f9e52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"1778d0cec912dddfd650ae6adb36733a02bc8a80cab48df0bc0974e3c99230f754e33be25bfe0ca6d286b277dd","nonce":"9752b85fe8c73eda183f9e53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"805e534c68f60a11838e51af8f35e4cf1311cab5b828529bd0c9e68336e52e5b8e0d6b5a2ace518031a6f570b1","nonce":"9752b85fe8c73eda183f9e54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"517d9e778d51fae94ff7daf037af7be51c0fafb8ba1507924643a0fa2b41398eb9f2266dcab54e7b1d33c5022b","nonce":"9752b85fe8c73eda183f9e55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"10b867e9f9c52609c97612d9c1ddbedf9694ea5e1a43a571e86a1be2b3e8c3e1d8a1f363611d5a464824873050","nonce":"9752b85fe8c73eda183f9e56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"5cd5d99321480bae7bc8dd2732be987764b063ee2124b9885d1d0190787670cd298262a6dfb25a0c50e02f0adf","nonce":"9752b85fe8c73eda183f9e57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"36de3d5f61740635bb6179134dd54f0029ae8fe09e49e4161722235a1084fc02df78532e76f86fc765664c6292","nonce":"9752b85fe8c73eda183f9e58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"0e1ae20840fabea4aef52228691f7810b43b7eed06ded8f9c69b5ce2cfcc0afc1760ea032d6f4ca69044bb116c","nonce":"9752b85fe8c73eda183f9e59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"af4a58a9e69d28a909699cb9f6e0c25a8f2ecfcc3da1947cdcb9d87a8899c85cea09d8b05a70f9b02288d1d39e","nonce":"9752b85fe8c73eda183f9e5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"3b815d0ccf262302bb9b4e56f6474508bc8735387c07b8deb90a7a3f9a3c925fdd5162237303599148b64d9372","nonce":"9752b85fe8c73eda183f9e5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"30c7dc1691c8ef6a4fae860846281f91b612f1d7eca3530e2dfb584f5d5c9e75e70909ba64b57d45b6f5b2be60","nonce":"9752b85fe8c73eda183f9e5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"f2fd5187af3c611339dcbce89098d1631470e03ca59498ad96771ace8bec733036e9eb3496554837ab072ca3f2","nonce":"9752b85fe8c73eda183f9e5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"6daf011cfa5feaa22aae5fd1e48bf9db8226b9488ce35b9530869364d23ba24b17847703f3875993fc27667451","nonce":"9752b85fe8c73eda183f9e5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"0aff4b71e4bccc751d3ed4492a73db5374d9045e8c7d3cee9c8256e471363662cfdb72d62bfff9e4e39002daa8","nonce":"9752b85fe8c73eda183f9e5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"d0c8e9d0a33a5cb672e4fdf2544f9e50680e2760323abc1eb0f986967729d9e23e92cb19986feafc14a856643b","nonce":"9752b85fe8c73eda183f9e60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"6c351e7ee34bf5c525a1fc7c5310b0ee24c8938b8d9fd9e62be0bf83a210f1fab2b044e377d72ddaeffb0b5ad5","nonce":"9752b85fe8c73eda183f9e61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"c046c67489c7b505649f52174bbc8a51d533bb85a095958c589b9dbebaddd7d968953b5114d9a1b1f5c484faaa","nonce":"9752b85fe8c73eda183f9e62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"b5f3952e624e56bc65f2aabf080bbd9d6957018aa61cc0e75c8730922cd486f799ea19dc1ef2926347176d09d8","nonce":"9752b85fe8c73eda183f9e63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"6895edda943fe0152cb2786bebb3d0728e355403123b0f69e61a4e288642943c091b89ad852bdbcb416e452a6e","nonce":"9752b85fe8c73eda183f9e64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"a0d3028fd1b54dc4925bbaee9c4a0914eb009c4d8229dfb7c2535613abdf53fcc782ab17594346a9d9573de3df","nonce":"9752b85fe8c73eda183f9e65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"ac6cea11db04c2bbd12c256b4c1796277bff53fa5f4e8355e44c6033472eccca94c5bbfee6efb0b55d5972b839","nonce":"9752b85fe8c73eda183f9e66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"416995de0da2f9a250e7cd13a9866ddfc33b6a6612c15fd8bba9538377456ef5ec41ee0d231f9f74e28b1170b5","nonce":"9752b85fe8c73eda183f9e67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"30a613fd6ffbd2101bca8330f3b800162948b0a86464c181c21b4ebc78a44030806f9d4d598bf26785d140f2df","nonce":"9752b85fe8c73eda183f9e68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"281aa81d366f14bef6623c9dfb00b3763ac7c6123e232b08a65222b270a3d6760c1a7c56b2d862b45f74cb55c3","nonce":"9752b85fe8c73eda183f9e69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"5b1ab5cf52e92836fe8723879adab1c405efe612121ef719850ead514f7846ec3f15492e6f45c268f9b4dc2420","nonce":"9752b85fe8c73eda183f9e6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"1f22b3208600dfef50fe9c1f660d0f87c17833001d4903e6e213c9812f1476f19f6b1b33853f6b30cd6b9ba684","nonce":"9752b85fe8c73eda183f9e6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"b21ba3714dcf3d12135d442000ec52202e35c740d8adf2ed84f8e900da88f16d40cecbbc1eb5607d42193af78e","nonce":"9752b85fe8c73eda183f9e6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"9efe876c1ed97138fe4ec061612d9f6dc3c0bc3bf66bb150bad0fea5dafdd72a6302987dca4fea2713d1d56ddf","nonce":"9752b85fe8c73eda183f9e6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"f75fda87e8cbca98fb1cf7caa7bd9576b4779b9d024d81d9059445005a4631dcf7f85fc35222ba6d18531e627a","nonce":"9752b85fe8c73eda183f9e6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"9fb13c4a9bd9804d69a8d3617ce7a37d171107897064aa83d39bed6d337748131ea63ff508489e87713c45a0ab","nonce":"9752b85fe8c73eda183f9e6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"d74113e1638f5bf5fbbca3bac316a8356420a9c59cc54a673b2a1ed6ce018a062dfaa8fd3315d8c9803f631973","nonce":"9752b85fe8c73eda183f9e70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"4143a29a023c7fe1a069ccea6837b1c2a01e1340410518eec2ab9cc88c12625a5351baacaea503445579f9446f","nonce":"9752b85fe8c73eda183f9e71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"2e2d040c9ea104c57cb74259ede0ed27b7ae90deab13147fa1715724af8aefacbb5d9ca872cd7b77aa5dce2bbf","nonce":"9752b85fe8c73eda183f9e72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"26b214c99ef0dc9e04af00e17f52265d54b3dbcc263080cffe23a2e352ee7deb4312ee2697c1dad8ed0e80fc08","nonce":"9752b85fe8c73eda183f9e73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"486c740a516f6312e07ebb99793e328b08ced13b783d3f347626f135118063ad8f065734361b1631eacef4f006","nonce":"9752b85fe8c73eda183f9e74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"0aaabc2fd8045c2f6f17ac77e189bc824f55e952e150a38890b0f311b36cd4ba1e7a3fe2a976103c838c3e7fd2","nonce":"9752b85fe8c73eda183f9e75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"c68fff9c9def9f5befebc5099c1a948384729f0794318a04d7d098813bdd9fdb4cb37a3d707edaa70ddd12d246","nonce":"9752b85fe8c73eda183f9e76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"feee7c6860dc1c3d3a2874c4fba986656dd7183c1ad2a7d4bac8069f1a1720dfcb048500c519f7f733cb0bb867","nonce":"9752b85fe8c73eda183f9e77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"3c97cd4afd7192a6ac24d696d4507220b5b869f3ae6891616758d6a88d2fc3970b468a8f6138d524bc8da96f52","nonce":"9752b85fe8c73eda183f9e78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"de47641cd4582eab26ad284ce1f676435895947bdda7aac40859280e64e8e3be6906ca318376152d9b4dc37eb8","nonce":"9752b85fe8c73eda183f9e79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"7dcc52beb64fa1e5b82dbe8fbf285aa2382c7d84da5e5ad6e342be8ef9e94b11e3c91d4f12e6bb9436c893403d","nonce":"9752b85fe8c73eda183f9e7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"707c62dd2a77329b8522a71a444f32bd284b6d777715703f8acde4840ed04aefae037a73acf20898ca8a2a3d4b","nonce":"9752b85fe8c73eda183f9e7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"1aec103430ae69ad9c552e62189be4934ef3988d1301b26570fbc518ab10a4b016220615f93569970c8df940a2","nonce":"9752b85fe8c73eda183f9e7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"e5356caa2d05a121bf65aa2f88cd3c444edc3d58e521283f7967cddba6dc327cd0c0c23d4a8c4afa4cd3af7bac","nonce":"9752b85fe8c73eda183f9e7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"c0f1a334549ac70cae0398429e328f11bfe3b435ff5fd9994bfae48d3b5de8de46304b4e78a5ad1902c856f2bc","nonce":"9752b85fe8c73eda183f9e7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"53d422295a6ce8fcc51e6f69e252e7195e64abf49252f347d8c25534f1865a6a17d949c65ce618ddc7d816111f","nonce":"9752b85fe8c73eda183f9e7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"0dfcfc22ea768880b4160fec27ab10c75fb27766c6bb97aed373a9b6eae35d31afb08257401075cbb602ac5abb","nonce":"9752b85fe8c73eda183f9f80","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"8d78748d632f95b8ce0c67d70f4ad1757e61e872b5941e146986804b3990154b"},{"exporter_context":"00","L":32,"exported_value":"80a4753230900ea785b6c80775092801fe91183746479f9b04c305e1db9d1f4d"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"620b176d737cf366bcc20d96adb54ec156978220879b67923689e6dca36210ed"}]},{"mode":3,"kem_id":18,"kdf_id":3,"aead_id":2,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"3db434a8bc25b27eb0c590dc64997ab1378a99f52b2cb5a5a5b2fa540888f6c0f09794c654f4468524e040e6b4eca2c9dcf229f908b9d318f960cc9e9baa92c5eee6","ikmS":"65d523d9b37e1273eb25ad0527d3a7bd33f67208dd1666d9904c6bc04969ae5831a8b849e7ff642581f2c3e56be84609600d3c6bbdaded3f6989c37d2892b1e978d5","ikmE":"54272797b1fbc128a6967ff1fd606e0c67868f7762ce1421439cbc9e90ce1b28d566e6c2acbce712e48eebf236696eb680849d6873e9959395b2931975d61d38bd6c","skRm":"0053c0bc8c1db4e9e5c3e3158bfdd7fc716aef12db13c8515adf821dd692ba3ca53041029128ee19c8556e345c4bcb840bb7fd789f97fe10f17f0e2c6c2528072843","skSm":"003f64675fc8914ec9e2b3ecf13585b26dbaf3d5d805042ba487a5070b8c5ac1d39b17e2161771cc1b4d0a3ba6e866f4ea4808684b56af2a49b5e5111146d45d9326","skEm":"003430af19716084efeced1241bb1a5625b6c826f11ef31649095eb27952619e36f62a79ea28001ac452fb20ddfbb66e62c6c0b1be03c0d28c97794a1fb638207a83","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401655b5d3b7cfafaba30851d25edc44c6dd17d99410efbed8591303b4dbeea8cb1045d5255f9a60384c3bbd4a3386ae6e6fab341dc1f8db0eed5f0ab1aaac6d7838e00dadf8a1c2c64b48f89c633721e88369e54104b31368f26e35d04a442b0b428510fb23caada686add16492f333b0f7ba74c391d779b788df2c38d7a7f4778009d91","pkSm":"040013761e97007293d57de70962876b4926f69a52680b4714bee1d4236aa96c19b840c57e80b14e91258f0a350e3f7ba59f3f091633aede4c7ec4fa8918323aa45d5901076dec8eeb22899fda9ab9e1960003ff0535f53c02c40f2ae4cdc6070a3870b85b4bdd0bb77f1f889e7ee51f465a308f08c666ad3407f75dc046b2ff5a24dbe2ed","pkEm":"04000a5096a6e6e002c83517b494bfc2e36bfb8632fae8068362852b70d0ff71e560b15aff96741ecffb63d8ac3090c3769679009ac59a99a1feb4713c5f090fc0dbed01ad73c45d29d369e36744e9ed37d12f80700c16d816485655169a5dd66e4ddf27f2acffe0f56f7f77ea2b473b4bf0518b975d9527009a3d14e5a4957e3e8a9074f8","enc":"04000a5096a6e6e002c83517b494bfc2e36bfb8632fae8068362852b70d0ff71e560b15aff96741ecffb63d8ac3090c3769679009ac59a99a1feb4713c5f090fc0dbed01ad73c45d29d369e36744e9ed37d12f80700c16d816485655169a5dd66e4ddf27f2acffe0f56f7f77ea2b473b4bf0518b975d9527009a3d14e5a4957e3e8a9074f8","shared_secret":"9e1d5f62cb38229f57f68948a0fbc1264499910cce50ec62cb24188c5b0a98868f3c1cfa8c5baa97b3f24db3cdd30df6e04eae83dc4347be8a981066c3b5b945","key_schedule_context":"0324497637cf18d6fbcc16e9f652f00244c981726f293bb7819861e85e50c94f0be30e022ab081e18e6f299fd3d3d976a4bc590f85bc7711bfce32ee1a7fb1c154ef45baa1f3a4b169e141feb957e48d03f28c837d8904c3d6775308c3d3faa75dd64adfa44e1a1141edf9349959b8f8e5291cbdc56f62b0ed6527d692e85b09a4","secret":"50a57775958037a04098e0054576cd3bc084d0d08d29548ba4befa5676b91eb4dcd0752813a052c9a930d0aba6ca10b89dd690b64032dc635dece35d1bf4645c","key":"1316ed34bd52374854ed0e5cb0394ca0a79b2d8ce7f15d5104f21acdfb594286","base_nonce":"d9c64ec8deb8a0647fafe8ff","exporter_secret":"6cb00ff99aebb2e4a05042ce0d048326dd2c03acd61a601b1038a65398406a96ab8b5da3187412b2324089ea16ba4ff7e6f4fe55d281fc8ae5f2049032b69ebd","encryptions":[{"aad":"436f756e742d30","ct":"942a2a92e0817cf032ce61abccf4f3a7c5d21b794ed943227e07b7df2d6dd92c9b8a9371949e65cca262448ab7","nonce":"d9c64ec8deb8a0647fafe8ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"c0a83b5ec3d7933a090f681717290337b4fede5bfaa0a40ec29f93acad742888a1513c649104c391c78d1d7f29","nonce":"d9c64ec8deb8a0647fafe8fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"2847b2e0ce0b9da8fca7b0e81ff389d1682ee1b388ed09579b145058b5af6a93a85dd50d9f417dc88f2c785312","nonce":"d9c64ec8deb8a0647fafe8fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"93c0cb8152796784d2e0519ae66b5a7afe7e72fffce7f0cae67fd99fc012fff61fc575c097b9138a9fdeb7784a","nonce":"d9c64ec8deb8a0647fafe8fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"fbd9948ab9ac4a9cb9e295c07273600e6a111a3a89241d3e2178f39d532a2ec5c15b9b0c6937ac84c88e0ca76f","nonce":"d9c64ec8deb8a0647fafe8fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"4a48ffed0a34ccfd7aad44d330005808cb7677fe6cb3ff73b86b8a2c3575f14edabf260a8ec16942db08f4708d","nonce":"d9c64ec8deb8a0647fafe8fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"14453c3baaa9eda48a73dd710399404558fb0b5fa14f84b7d1b82ec1d127737257a97ecfa0746a7dc01c31c573","nonce":"d9c64ec8deb8a0647fafe8f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"27ec37161496984311c0d6ae396a5280d5f3c0f78abf9e19afa0cb5942d1177809073a643319446a9b2aaa882b","nonce":"d9c64ec8deb8a0647fafe8f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"abfbcd7ab06d3722c99cd6056e89fef9eaf76bb1eaa9ccd3c3124280beac0935c0d444b17a9f1f13858552f157","nonce":"d9c64ec8deb8a0647fafe8f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"9f3e47aa44eb96699e8ebfb4f0fae4452ad32743a49c658840e45d13e22c0dab92ebe2c8bee6a87ce2cbdbc78d","nonce":"d9c64ec8deb8a0647fafe8f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"1c44bd627728b862a9846492685e23f5bdbb08e55fe9346c2cc95c463d9ad060a29957efe40bc418eb862d4c30","nonce":"d9c64ec8deb8a0647fafe8f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"2d2e5320932abda24b9ddd2fe51ad0217f10dd244fc3c0c55d0ba82a3b2acf05f6eed9eadfc9bf464d92c3aeb8","nonce":"d9c64ec8deb8a0647fafe8f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"9bb7b3f935eb1cfe5fef41f6b2aa95edcebced067fd23fc63bb0e73b7293bf3f4bae324d8570055ce12618109a","nonce":"d9c64ec8deb8a0647fafe8f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"7983ac2037c9552bb4fc5658c394776b16282d5edae00c66e8e45e022e0ca0c332494f5a00d41b30e1e0ce08d8","nonce":"d9c64ec8deb8a0647fafe8f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"0a7e93be50ef441f06d99dd6c85054f328189c3fb2b6b3ffddebf77c3734574085185b9fd3b62d94da52d62a66","nonce":"d9c64ec8deb8a0647fafe8f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"7d9c5c44a22021ec40d03c799f91300e51e613e8757cbf66cf0c0b99f6ef92477ab2130d232dde84af734a0d71","nonce":"d9c64ec8deb8a0647fafe8f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"abcf7f8f7d427532033e8ff1be7d10e8bc89bd7b9f5f9559e0fe75036b33495b71b6dab07e07e0fb20bfe37c80","nonce":"d9c64ec8deb8a0647fafe8ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"6a8d3fc6cf9532e9c0adec4f63795f6ab60481e7c896dfd5a0b2dd8da6a2630cf99e721ea2db10971759da0f83","nonce":"d9c64ec8deb8a0647fafe8ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"9da1030682e5026a86a848e987fbcff23b7f82b086f8a4f5857dd4f08e56005feb452ddf60ca526cf7e94ccfae","nonce":"d9c64ec8deb8a0647fafe8ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"7a6635a18bd1dacfd6f8ba5a974f8cf299773d18009479bfa07679e4196d18687512dff33b323456d9a66c77bf","nonce":"d9c64ec8deb8a0647fafe8ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"82db822897132acd57ccd4f887125af41c1e3f17c3a83a1044ecb2b0e95f024f1a69c755e3161180167979d15c","nonce":"d9c64ec8deb8a0647fafe8eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"51c028428d2cf02fe458c1220b9b959462971994741ab3bf3af0a5fa85c265c2436934099ee46cbadb2ac84e2c","nonce":"d9c64ec8deb8a0647fafe8ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"f362435b21d5f0d61f14fa7e3f35d591341f5ad3d1362eb95f27bdd8653002675b482f7b1f717630f75cc9fe98","nonce":"d9c64ec8deb8a0647fafe8e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"f57ecc032ba3db2be5487586be1ab3c16216a291f189f98f42ec5c612171cb73a813972ec1090328af1f17f84c","nonce":"d9c64ec8deb8a0647fafe8e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"d54cc44d3e9951ebd57d4a56e7a0d3e30e7617c78ddb122a1e9c06202d476862369067b0ca60fd9d4ee62dab5a","nonce":"d9c64ec8deb8a0647fafe8e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"4803a646b675232cb5749fe41a54370d374ad51d0230476afe682c2cef36cda0c71ade08b942009664255aee62","nonce":"d9c64ec8deb8a0647fafe8e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"8af0c29ddb2c13ca7d4e3163e86dae61e56cd9af176228f24fcaad3394e0a0a232de7d7f214486ed603cfb5c99","nonce":"d9c64ec8deb8a0647fafe8e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"d88e3b1d967f2b6cf848bfe26c68b3fd78bd793799242304098b68e52110cdf0f917a16b699ac97b3ed12550b6","nonce":"d9c64ec8deb8a0647fafe8e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"60bc799aa336503472585ae9bd8f413890fac6cef1bbfa0436c23084ada092dcbc7da76adf955bdade75556214","nonce":"d9c64ec8deb8a0647fafe8e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"8f05670345be6d011bcd1ff25cb0f4e24df990e7bfd8eb2fa01dd32280bbd90e5668c67d84b7d9056b2d94e0e9","nonce":"d9c64ec8deb8a0647fafe8e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"dec2754d458e413112b8a0cf0ad068bd14d04be5f78f99585bb0e6009f8cd54d957a4f907c7f59f6020fb79532","nonce":"d9c64ec8deb8a0647fafe8e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"3dfc4e62de523dd31b13b48232597ad2921ebef165ff990a3f744d2e27a8d68c2312b8413bc6c6079bd5d6ac6d","nonce":"d9c64ec8deb8a0647fafe8e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"8521d0e2e5ed2f61fd2478d5da8f48e0f818cc74c238ef825f59e66677eeed34c019f55f3c18868d0a9cb6437d","nonce":"d9c64ec8deb8a0647fafe8df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"f9e8d6d3f3a59eb847655108eb68f18c90e7e50086a833dfdd8709fd48743bd64e24ea4832dcde4edd753e3538","nonce":"d9c64ec8deb8a0647fafe8de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"3863758ed4b0eb5b9c58cceaf5f4e1f7fa892570e6c9c4902d77619fa7f00d9313d45c43088038467a35317a1e","nonce":"d9c64ec8deb8a0647fafe8dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"2a91a2d536215830f603c44148a2394afd77af1eedba13f0429bcc20e1ae2086bc7e4fa971e67892679748e9fd","nonce":"d9c64ec8deb8a0647fafe8dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"5ed2c98c1fe1897f9b9258cb8c091b82e0b7ec70607365b93ebe66348652f4c6fb54785c845afacb68dd0380c4","nonce":"d9c64ec8deb8a0647fafe8db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"e96b1f55550eb8d757c93ed461714c96461043731c40909b1a4197450dbfbea17222f4594db36787ec6e1be027","nonce":"d9c64ec8deb8a0647fafe8da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"47d2991b25982e6245d5493d12f415a7184599427c1807d040ce4e0bfdb1558ec264876a519177e352c3b2bffb","nonce":"d9c64ec8deb8a0647fafe8d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"70925b5027ad0bdb3d79b318f5473e2094677e634dc9d02753896a06aaddfa2c376adca68bb9fea8a4e827fcc2","nonce":"d9c64ec8deb8a0647fafe8d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"e3f550bc8f90f3e086133c72efee2947f5863566dbab8b4ab3269d7af7720bc5f5435572b0177d650890b7f4ef","nonce":"d9c64ec8deb8a0647fafe8d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"2981f6d5739e1ff50e710cced87211cb16b218fcb90dcc79812adf019db4442c07cf54a2b7fd50a2698ac1e54a","nonce":"d9c64ec8deb8a0647fafe8d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"05c4ce019c71218109f97aaec6679d13a70e75bd585e9658e84bb12b7b1f05bd9a605679f3bc58766f5bacd736","nonce":"d9c64ec8deb8a0647fafe8d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"d1c9da06c75a1a7d2ab994a1e8e1833af0cec0e76f5a96241af9eda3e8267236530728fd889126a28143746c27","nonce":"d9c64ec8deb8a0647fafe8d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"649104058372f802024f5f03306441cdeb1023670e2ed97477dee2216a7c0d740b293679689a3ac66ba4f954a2","nonce":"d9c64ec8deb8a0647fafe8d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"5c54f704efe07d03514b7b4c530ed3ab5cd7b1720d98a81885b5dfea9dbecd713c6f5465c65e071e1ee3a5ace8","nonce":"d9c64ec8deb8a0647fafe8d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"51e845dce7679653449e9fe3a264c72237d533a3490b40d1b33baaf317120dd814bf576b340bb2ae9526a33447","nonce":"d9c64ec8deb8a0647fafe8d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"27f87a09574b3a792dd8a281cf4556e88a7ecc75748e625bd3546c98d0672fac3a14c641a569451efb1f7517cf","nonce":"d9c64ec8deb8a0647fafe8d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"5e016f62f33972154dbd1eb3bcdd6bebe8d80ba18ea858872c232ae2e30c847835531e03e13a639daf52b7db57","nonce":"d9c64ec8deb8a0647fafe8cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"469c99e800ffd4c6358744e27319ce6d0f1fe7eb659befe83b03124099b206b603ea8f7342b8c8e8307df4db26","nonce":"d9c64ec8deb8a0647fafe8ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"bdf3bfead8e7c9030e4b213d92fc3a6d928e197d6b3e39a4fc5109fec117a3663ff36e2b2a3f3eccfd535b3d2d","nonce":"d9c64ec8deb8a0647fafe8cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"48b1839d48845c7bfe623abe49b8999df6f4334759abc9be1bd96630421b5167ac0f821c17024d2f4c296af647","nonce":"d9c64ec8deb8a0647fafe8cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"0c2eb1519fa39d5e71bc979543856c0d7542437817781047c22fd1656d518275ab5fc714942d6bfae17379bf1a","nonce":"d9c64ec8deb8a0647fafe8cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"27533d992247842b4c132f288a94ace1598f09d434997335a4de79df293fffeb1b8814fc9e1fccb6c5760b3f31","nonce":"d9c64ec8deb8a0647fafe8ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"7cde4a6d2ffbcb4a67f5aa970d01a77d1ea7c7fee1d790734f88c726d3ff4d9cc798ab8f7c5b5dd80754c83e5a","nonce":"d9c64ec8deb8a0647fafe8c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"1cbd15b60a55f46793a80a6413caeb0a78b76638f28c4ce946389a6e76a91f47a5ed0a262952833f42430c9e1b","nonce":"d9c64ec8deb8a0647fafe8c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"ef6c8c72cb513c3496e14fa26439a5fa19f54dd3e322c65f0f3d255c43959623199b45be259742ba8ea3e961d4","nonce":"d9c64ec8deb8a0647fafe8c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"df5b231c0cda12db3afc2bf6e0d59db90d18eca46a8dee3fae56467830e692a57b36bccdabfe560d638961b674","nonce":"d9c64ec8deb8a0647fafe8c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"187ee3a46c3eba0f0b4238f6f8b9f3d43713a33a9d7a44af5ae0453813ae16e7998df478fe9ef2b53633d296a4","nonce":"d9c64ec8deb8a0647fafe8c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"8d4016d5fd558d2a7c4a7c13705babfe9af3113c56901ef23f167b143c5d9d7ad85ab6e0a3bc8f71964e78ad18","nonce":"d9c64ec8deb8a0647fafe8c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"bd95668ff14b673d369e92fa7f587f520479e51bdd2ec18efdc759ef83906a6ca540735692cb1f3154b8775e62","nonce":"d9c64ec8deb8a0647fafe8c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"e975077a9d729114c999ddf4403895c5644046e5ac4754dcc2f8884596787202a077ed17e49f9b03a061b924f1","nonce":"d9c64ec8deb8a0647fafe8c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"2c6a652b68aa1800b07c417e1485977337cd7a35b36d81a7e75a97857a5af42581081c023fdcdb8eb16bff3b4a","nonce":"d9c64ec8deb8a0647fafe8c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"39fda7d0f22afa262b4b23e0c15391f71f6791e966f96b67180917177fe5b94823c59ec4f083821fb2219a6e3c","nonce":"d9c64ec8deb8a0647fafe8c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"1e9af280b5c57f03e7d1893d4e2f4e3e67e09c31688152470841ec56559bd034ef72a31ca265ff834dada80351","nonce":"d9c64ec8deb8a0647fafe8bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"9e057f1190e3ec3db4bdab1173b8ce156d5dceaed8e1b228f5a99afb8c32cb36d0cd579f286d97d874909c83e9","nonce":"d9c64ec8deb8a0647fafe8be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"b6f975ac2da796f0529d8c7d659e719d566e675e5eeca39595a56090e9629e12861a79f06b17996bfddf60b673","nonce":"d9c64ec8deb8a0647fafe8bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"523dbfd6d7a2f941a5aadadfb08f0393b838fd5ff48259490820120b2cb716712578d5479b8e4b32a15c63865d","nonce":"d9c64ec8deb8a0647fafe8bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"eb32216c39fe5ed66768a1df7bf48604ec1c2b2ea6c7eb05b041e2c181ef820a910c74308e2645efd1491697c9","nonce":"d9c64ec8deb8a0647fafe8bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"a46378b8c72490b28b4fd126d898e23e605bc8f62e0374b6736cd90db1e06834c0b38e9eaa4943367a0499d52a","nonce":"d9c64ec8deb8a0647fafe8ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"b1041971fc10c15c2ed7dabc96e592a5d62674b3ade89b86b86cb56914accfbbfc20ff9a05ec53508c8ba6ab7d","nonce":"d9c64ec8deb8a0647fafe8b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"94e6f85cc3daa180aaa7e6155128ffef295e8325f46b45c6be83f52368cf6216842af041ff77c043d56fd52a6b","nonce":"d9c64ec8deb8a0647fafe8b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"6d7e1818a91c21ffaac8f7a8d27d34fa76192558212187d9f498e1ab32b9802eb5d63de3d7b187d260d56c7387","nonce":"d9c64ec8deb8a0647fafe8b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"a16e1b54fdbdac61ed6971698af3a30f1ea0d43d0127709e1f4b526de366ccffeebbf96bd74171e696c2325a9e","nonce":"d9c64ec8deb8a0647fafe8b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"31a2a5cd6ed0dd52d32cedfdc9ce17dfb0098d4934bc6881502fc847ceff5d811aefd72aec2591d14fccdbdd2a","nonce":"d9c64ec8deb8a0647fafe8b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"09bdae9017f41caea7dc25203ddf339981049fe2b47200e2583b33ac36f29c2e1e9853daaae1aa48a84725ad8f","nonce":"d9c64ec8deb8a0647fafe8b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"67b5e4870af5c64f239b353cdf747607123265b6476eb489a7283b80c52a5378bb723530a1447e579a6db32224","nonce":"d9c64ec8deb8a0647fafe8b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"2378ad708e0533f61113a140ef155d15b1325db4b88f405436ba83e9783f008afb5a93848053cad82dec3b7059","nonce":"d9c64ec8deb8a0647fafe8b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"85e811afa8551396f251f665cb46c195880bed6d45b6f24035e323a13b34e2ae2743b1ae34d9af7c9368953d14","nonce":"d9c64ec8deb8a0647fafe8b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"6997700bbfc078b22047ad7b2cc243b50c12c9f56779c088f7f3f8b65ee129687ce48e19b4ff674f0b14d9d38f","nonce":"d9c64ec8deb8a0647fafe8b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"3ae75a53ee6b997014bccc49ce70044f2f89cc9c1fd829e4d59c2ffae95e888a6ac08205947f8bb61e2b019858","nonce":"d9c64ec8deb8a0647fafe8af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"61eb1c2ced857b58f2a12635b0090049f6e89965b353aa558527f6f3940e32705a2f1d14a43b0a843b4e4b0b3b","nonce":"d9c64ec8deb8a0647fafe8ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"dcce39d4a3706cd73dd113636c6ba8da9b4c9fa0dbe848dfb2a40f0c940a6f9cc9a3bd72e7f5a8a04e74ca9177","nonce":"d9c64ec8deb8a0647fafe8ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"388f1ee420df66daf5a6ae215cb06635d0a84dbf8c5ace4d177577703c434754661ca12d8d28e3465913ca489e","nonce":"d9c64ec8deb8a0647fafe8ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"42ca58aa20c20e617cecfd461006ebd570e267826209124f3ce26e934c4b34330311033fd788ac1a660034e484","nonce":"d9c64ec8deb8a0647fafe8ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"4cc7d6cbd623b285962e0f51e0269b71c538404c0d67ed9e065b298e52be851c04db12ef5ba6ca6c37efd61db1","nonce":"d9c64ec8deb8a0647fafe8aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"65b081a0195cd6e91c288d15c0a6b1b9ab21aa29df6a1aad83504af59a5c874898d2dacf72dc847760f286b134","nonce":"d9c64ec8deb8a0647fafe8a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"2abc30783360845d1f5b6a641cd1efafc07407d27884ee019675f8c38c509560e34479cee0358bf22e7f85c4fe","nonce":"d9c64ec8deb8a0647fafe8a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"ac72a81a6ff98a2e8dc09d95cc7591ba6e870b6b787290c78c5f12ebdc2fbc26f943cc2f16984814238a5b5b4c","nonce":"d9c64ec8deb8a0647fafe8a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"5b7988174917c6d87243a5c16b2c607d973fe38b714882b23940b4be7ec16cb10096c4e2d60f6ea4f1c4852b49","nonce":"d9c64ec8deb8a0647fafe8a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"06bd84a0826e0a1a82ba0777289fffed07a23bcb1ecb0bf05f4bc2a288ff5793e03d724ba31233f0cb0a8ad6f9","nonce":"d9c64ec8deb8a0647fafe8a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"41ae6be05a18069b4859738061145bf2a31dd33786c35b68840a0580119451327b629d9ed68c9608f1fa1bc5cd","nonce":"d9c64ec8deb8a0647fafe8a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"6d0a70f3d567c5018a649a350b962f1bddf323b17a31785c45e6268fa715a9457e8a02c845e1ad76b2d2d91bcd","nonce":"d9c64ec8deb8a0647fafe8a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"487dc88ff315376c58ecff186287e4f11b894adabad3ff11a2a4070b67bad3d6e80f2c04ef0de1c4c500802abd","nonce":"d9c64ec8deb8a0647fafe8a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"d105d875808504bea3fd71ca0ccc0c0ccee0bef9b3cb283b92ad98fac906da912e6d868a78b4a7ff75c1d5354a","nonce":"d9c64ec8deb8a0647fafe8a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"3da6acde084b9b228fb312bad2e0606edc46b0140724a5045fcdb87adbcab7619e3e589e11ba7e28e96b9b27a8","nonce":"d9c64ec8deb8a0647fafe8a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"64ee12f09ea7e4920f58b2b63c1fa5a24bcb2f74c61a2564dca5b8fdeefc3677e7380085edbcc3067f497c240a","nonce":"d9c64ec8deb8a0647fafe89f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"da53aff244175f4c942c7bb33d74bf2c7fbef11aadfe3311c4643ee4884294b2327a49039743a1f5250079be94","nonce":"d9c64ec8deb8a0647fafe89e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"fcf015c203380ce67db009352c9994f2ce838017b6fb99bc11a8de69d2017658bdda96c0b05b12a2a4c805fd8a","nonce":"d9c64ec8deb8a0647fafe89d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"f9c0662ef5ba5f1f5a29b84e5711d8486daa14e44627e3dde9252b1878af9455ed1e414fc802b5f00b3533ef34","nonce":"d9c64ec8deb8a0647fafe89c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"2c5df19db8378610197e510cb730961c5aa9ef0072e580b57e648c92fec216b10dfc2b3e55165fbc5cb47b5241","nonce":"d9c64ec8deb8a0647fafe89b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"797cbd29c92d519c4791fb9e428ab9793fc9961f673ee92533adbac099cbc4d3314457b3007c00bbaf1253088a","nonce":"d9c64ec8deb8a0647fafe89a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"1e733ea101da32cafdf6f5e45f055fad7e4cc4172a170e5c3d84edd57ac64dcc99b0ef5758315360cd8045a90c","nonce":"d9c64ec8deb8a0647fafe899","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"ef0b4d04ba512025ebe55e9c60f64c78da8905d2838af26e9e87b7084a47e678af05f19495ef2c0832a37e8856","nonce":"d9c64ec8deb8a0647fafe898","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"d5f7ffb208b361a986d8c7bbe11d6e599da788198e85be5ef26362f3f1b76b0c7087730c7bcc12403a3b0afc23","nonce":"d9c64ec8deb8a0647fafe897","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"80e3975ad2a0bd2d63739afaf53179fc31da4963421e630a1b69988ffde80cd4b615f7ed57a0ce8772beff1663","nonce":"d9c64ec8deb8a0647fafe896","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"07dcdf47cab44b301651528f3ce2c23e01a1236c0f65bd26bc7cb16d14823a8684dad5004522506df65bc99cf5","nonce":"d9c64ec8deb8a0647fafe895","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"3797639bdc8fa95a54f1380e8569ad7afd56353c5a2b08264fb9fd7bc29cc66cc546599f9b751076c7030ca599","nonce":"d9c64ec8deb8a0647fafe894","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"b58b38f84a80b2b0f03a344e110b97bbdd982a36a361cd53beb991509fc2cfb529f0b1ea040a7094f80d6b19c7","nonce":"d9c64ec8deb8a0647fafe893","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"327f8a2764bec61b741253c57cceacf108750062fc9cbb22c8565590281c27925ebbb5ba78355a97d757d21dc6","nonce":"d9c64ec8deb8a0647fafe892","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"bdce345ac318e00ccb1e6ba2d7be2729504e94314f66b0e688099c15934785595ac2cd8acf2d5220bd9312d19f","nonce":"d9c64ec8deb8a0647fafe891","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"b324739fd95aebce5718497e02a49ffc21c4a94a0320fa63235536b406f55b52004ec1d09a53f6beb8708d5dbe","nonce":"d9c64ec8deb8a0647fafe890","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"dbfd104b85a51f116ab2e68923d35c46227019364682c56eb9ca7bc8507b152ec5b7ae636aba1fa7cdeb74d82c","nonce":"d9c64ec8deb8a0647fafe88f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"cf5d19d7406526d5921778aaa87147d6e36d6ecb72dbf8f3a891d93c8eb2b0e36c1533ed73c21284363631e5e6","nonce":"d9c64ec8deb8a0647fafe88e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"1ec7b05b702298095226544390002c5d01ceb2f88eac75798c78c3742e3cd9e6f0218b373197aa01b321e43817","nonce":"d9c64ec8deb8a0647fafe88d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"3b31c58bbdf5bea61ab6017bd9a5e71421057576795ebefd861387cade2f16f9986d9765127ae1bc0429edfbd6","nonce":"d9c64ec8deb8a0647fafe88c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"ca90a8a1b4566d8554a6792224449ee401d09c423296afab326f366d8c3e53b6e20fc949ddd1a0430876752604","nonce":"d9c64ec8deb8a0647fafe88b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"a733fe950623002381c6a27e28b1ef26424a1a707ed2e3ea91f5361d6ef828044a53bd22c970306b46d8fe06fd","nonce":"d9c64ec8deb8a0647fafe88a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"e8db0881f9e9bca992e08c7274c00ad962ff3c64736038d12f032271d1d00ca87398a5c5f3ff44d6075d02ecc1","nonce":"d9c64ec8deb8a0647fafe889","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"1caba350d3a9ed83ef93a144cdc2007bc4908542cbf8f53018fa61a29f10748a3c5de8069071737f42c796141d","nonce":"d9c64ec8deb8a0647fafe888","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"2fb8d3b4dd5586c1acadfc9409abe84ea8b1e3886dd54033555da9a781ed7122d38839ba416bcd2e16bb501711","nonce":"d9c64ec8deb8a0647fafe887","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"1fee0bfa4e825066dbc7b2fcd6dc0c763a59e9a66fb12fff758ab9804cd3442b63b52b427b4e76f2ae71d0d081","nonce":"d9c64ec8deb8a0647fafe886","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"df772c9bbddba4e731b18f14fbb6b9f3a94cdf1a004952204a24e3c2336e9623a145b813a523d1cccf1a6c29d4","nonce":"d9c64ec8deb8a0647fafe885","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"5b0dcbb09dff5d00a8d26dfab2b0b7f081d434e30e6d4b9ccb9983e877f63b69006a392a8a1580366b56f7d432","nonce":"d9c64ec8deb8a0647fafe884","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"93dfc281b82111feb08c5afafba266ba1a0937fa263783caeec6bd91c6204f18b243bf992e950d882481d6f2e1","nonce":"d9c64ec8deb8a0647fafe883","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"fa36500133adb9dd3dceee4daf8508e28b3965c6ed75150135b1e97eff04f45e0543166b00a2ef3dca341a2405","nonce":"d9c64ec8deb8a0647fafe882","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"88f7de7869f8d02342223e135a9f42af54c633796146163265b2e36bbe7eac05aac483b105d8c41abfdea81a4f","nonce":"d9c64ec8deb8a0647fafe881","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"1940faab49176896ee1c3c52c31537993102844bcd109dc5531f70c08159f46bd9e2fbeff054e3891ee52a222c","nonce":"d9c64ec8deb8a0647fafe880","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"f245540dd9ff7ace1e16bf6f9756f9d6aea56d221336a38592c0978abeff8744faa16a0caaa2b364a76e282956","nonce":"d9c64ec8deb8a0647fafe87f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"d654adb3fc2a39b53015f226d2b489cd1a473aad1f2636af0296406e776ce879a9963d0174bd1b99625bc71219","nonce":"d9c64ec8deb8a0647fafe87e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"0936e7ac7bf8389e88daead141148d1b092e99eed2e7d8e26a174682e70345a909f8899542344b4479c403ffac","nonce":"d9c64ec8deb8a0647fafe87d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"5b1a86c474797f9497796d70ef2fc5869bec256834b717b5449724b50352579fdf1bcf6014c4d6027c734b52ee","nonce":"d9c64ec8deb8a0647fafe87c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"1432296a293769f93d2c14c40351e588a9718c8cad104668b486e316e8d61fc895f073787c10c9dea965276861","nonce":"d9c64ec8deb8a0647fafe87b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"cd434f3c702f29187b7d68c06e1626e16ee6f76bb8b2e9ee0b7a662de495b9fb064020378f851467280c3755dd","nonce":"d9c64ec8deb8a0647fafe87a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"83fe4dd3aa285f3782122f6c42f9ef910980aca4ec85c2c86807dcd76a46aceba1d570d057f51694b2b752a4ed","nonce":"d9c64ec8deb8a0647fafe879","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"ddcbba64dfc433466e2df7dd5953d58b8d2bd4e20b3a434a70efefb897e19b9fd48105a91b395bc4670ae892d0","nonce":"d9c64ec8deb8a0647fafe878","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"e05b66e0bc142a5b78f07203dc021479c54a90940b5cae9294219596c5a6d40710835ebf2982c0d6164819aab9","nonce":"d9c64ec8deb8a0647fafe877","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"15a182529afa50fe2016aecff08e8f97748789d9edcb150d258f14e21b2bb1c8d2a9c099337c6115878f73b5dd","nonce":"d9c64ec8deb8a0647fafe876","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"37ad2a08ad27d82acb676693ec730f6fdd673174a593062a0f6a429f8c19975269508edd1a4e2646d4eedd8e2d","nonce":"d9c64ec8deb8a0647fafe875","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"4de39e5ebb323ad02ed5d5bff56ee7fcf30619b84e330dc8a856f42a53bc6306d60ed47570fb1e052c76a0213c","nonce":"d9c64ec8deb8a0647fafe874","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"4f1e0970acda34780439d9d948edcb32859b8074faeb66a9e5c78cb8be7ed34ab3edb74e50a1601007011a00ec","nonce":"d9c64ec8deb8a0647fafe873","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"6d05da69bdba8eef5c569f13320b38165bdc41c463d57cc8c18f59a638aaaa4e16ae62b1b311c73b648728c55f","nonce":"d9c64ec8deb8a0647fafe872","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"339f9b8e7bd7c0d1a6fc28b919085607dbe54365fa090a7b78432a295c8594fed3e15c8edcae338cd6f730fee0","nonce":"d9c64ec8deb8a0647fafe871","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"c5837f0a38ad040eecc4abc49cf520a4788a41c01c1a506e0c2669ee04823bc292827c97820e27af9bdd337a16","nonce":"d9c64ec8deb8a0647fafe870","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"47eb2189aafe1cd7257eb5199848a41e24f3626a70c0d4ca94bf913b83ff9fc21ce60e0248559208c3126e2857","nonce":"d9c64ec8deb8a0647fafe86f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"5ce6412fd950f74fb344f0dce25bf833e779fa23363adec39164d449d6ecb474d87f0f740e39b341db736e5547","nonce":"d9c64ec8deb8a0647fafe86e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"64427d426a028dd1ad9d0d935d86bb12930ba75b1bacfd0c71231454dab8acfb11a3d1b697db63b345fd7fa087","nonce":"d9c64ec8deb8a0647fafe86d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"e1d2e5159a7753506d5539b77f2c92c8034cd61d0d0309b0555361442ff3bde2de14abdad00ad5da42d319fc9f","nonce":"d9c64ec8deb8a0647fafe86c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"bba3b672b2a108f3e5c397c21158b827fd9653bdf7c474eaed046811aaa6f7e55071aef28c25289035431892c0","nonce":"d9c64ec8deb8a0647fafe86b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"dec3e7c745706fe712621f7244fe7fbfe8bc293421a31b816996ffdbb5de210b9957e846ca71a73287a64e71ba","nonce":"d9c64ec8deb8a0647fafe86a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"679e542658b7cfb051f9278925c7d3f1a02024eb8e490e9fdd54f4c74ebb18254cf0ee504c08be16977f098281","nonce":"d9c64ec8deb8a0647fafe869","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"c49ce62886eb7c948d2ef2e1cc59bef1339ffa4f851ceaa752ef8c2c5573efbe1308790f8e430e6a9f580d40d5","nonce":"d9c64ec8deb8a0647fafe868","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"1e1cfce9bea1b7fd94593d3e805d330432af1b2090a8dda680203c156bb8d226c68f16081ffe371a787f4e7031","nonce":"d9c64ec8deb8a0647fafe867","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"dbda42b5a4a17428a3803e8ac05025f1bda1c54ba9fe1b3f8c75e9e63ca4c2938da8f5c9354859685c96f5641e","nonce":"d9c64ec8deb8a0647fafe866","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"d73ebed04acde8afdd636a6c2a38c5ea40f1c273a784a82a11ec8c29464d2516a6df3e24ec95af57f339177761","nonce":"d9c64ec8deb8a0647fafe865","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"ebdcf49b3806e61b2935cf01a5ee7064ce65b97194f2a746716fd09fc159f7ce3ac7a7d869318c714d7f871a00","nonce":"d9c64ec8deb8a0647fafe864","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"ed061d0614a4d90a021b1be80c68ec87af767159cb291012d939ca36b31c8f5c005fed06693c511684974d45f7","nonce":"d9c64ec8deb8a0647fafe863","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"2fa7faf3fdf8d6172e613a637d2e1b434966aaab88b4a61ffacfdab62b1527dbbdeeef61e64e65740fadf21530","nonce":"d9c64ec8deb8a0647fafe862","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"c3b7a3e155e00be3b3d2aefe1b381a3a130dc9bd4bd6d1038cd63f61cdde158c5ecfc59c5a9e1cd3c83312ed15","nonce":"d9c64ec8deb8a0647fafe861","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"3b17f34aa38efd06ccbb25ffe3fc81655e16a17984d4e8279ab1095290749d1831f7e148ff8d88a63dd5237065","nonce":"d9c64ec8deb8a0647fafe860","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"2a14cfed38513d04f1f228f187025e528d6a8f696b595366aba091c6dd602109a3eb56607e1cedb642f5a7ba1e","nonce":"d9c64ec8deb8a0647fafe85f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"7708a4e0853bd68035b0c9914ec778d809665a86c9e047d6d407153cba6e236dcbd20767096b830355121957f3","nonce":"d9c64ec8deb8a0647fafe85e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"4f125283065cb5ad9bd84cb56299236988cb2a266cc48cbd8176fe35438a7473b14327f349c5bdce1c43aef232","nonce":"d9c64ec8deb8a0647fafe85d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"743dec0c7fe46d8ced7de8034ce8e7f2c6b3991bb3e4d807426b1cc6a972bd1c9dee6de21b54075d8cefc556b5","nonce":"d9c64ec8deb8a0647fafe85c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"f49e053514a61466ec68be9f1dce16df330f94e27a64bf97c1464f19dd51244b444db28633cdd7ce92e9e1a7d2","nonce":"d9c64ec8deb8a0647fafe85b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"eb541da6509fc40421d6833cf0babaa55691a9e6417859a27fddbbf239ffe736ff15ceb8690541b1c93b87181d","nonce":"d9c64ec8deb8a0647fafe85a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"ece0429ff39a4f298d3b858da527f1f3940bd537111e9b2d732745902b16bbcb86bc83899b53d960dd6c4f0d46","nonce":"d9c64ec8deb8a0647fafe859","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"a7068b5abdba7a4cd2466db250964ddc56ed777d45a53a2724f2b419e0652f9c472c77d61770fcbe1b95c0cdac","nonce":"d9c64ec8deb8a0647fafe858","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"8370d749bc4b173d0d8462c505ff7a8eba99acb9eecd62428036d6e4a45546e237ef1de56cc9d384e9575f6bb0","nonce":"d9c64ec8deb8a0647fafe857","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"9329f8811e1f2060f1677dd2fe77a71e1dbde8dd5aba23a1f3e79a0e3e1cea9b68ea7cfbd5f102a2f7cdb11917","nonce":"d9c64ec8deb8a0647fafe856","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"6214eb85e8b223ce4eaf6c286af8287386b04b536f9b9a31aed7c9772f81c16319adeb62c906ccfa122fa7cac9","nonce":"d9c64ec8deb8a0647fafe855","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"bc4fee5bf130face41720e1ff2f7d72856c08a3305882e1bef933748e6f1f323d8dcd604229fa53e53f9030316","nonce":"d9c64ec8deb8a0647fafe854","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"4e203d81bb88118b5571f53557fb234aba3672bc6b95fe2d78000afc7f6119608d87958bfc202b57938eb8a741","nonce":"d9c64ec8deb8a0647fafe853","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"3d76eeac7cba2e0f1b6364bfc42c972e99be17404566f84d25bac37445f99711f65d5159cc26fc02dc3ee37804","nonce":"d9c64ec8deb8a0647fafe852","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"787252879a0c257f21b84f1ffa9a1e1ab43e0cce4a2d59d66d4e9532c9c082d19958f5a5484ab7ff42507f6884","nonce":"d9c64ec8deb8a0647fafe851","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"f49b93f30607f41a2399497d0b048c96690ea65a2fe951c679a9df69a1535d31d5aa2b99f415b3e6dffd823cbb","nonce":"d9c64ec8deb8a0647fafe850","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"b49975ea575c367eef2bcf1ab07ec1f86da30def6276e384377aa8ac5a47abe7afe3189ad8d83f115e485e2058","nonce":"d9c64ec8deb8a0647fafe84f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"5bfe2341437e8858a31d7395f5c5f1b5c13b46157d470d04fbd60996809e409ac820b49bccbdebb3dbad6dee55","nonce":"d9c64ec8deb8a0647fafe84e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"7818cafab7339047e75eb13ccf1779b1cf97634d7fbcb920e23fee4657c9425bbb0d8b0cc434b286c9f7233cde","nonce":"d9c64ec8deb8a0647fafe84d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"83d012d0de74d0db433ca9bbc5ae20bc2c3860f01cd1b4544a1cdfbdfdd8689285d7a900e9d7a792dcc79d8e18","nonce":"d9c64ec8deb8a0647fafe84c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"e6c5c2d9303170fcdf60ebfb5311b69ddd7566374618ee1f45da4563d1bb580c31f461bee45e8a2c9d49f398f6","nonce":"d9c64ec8deb8a0647fafe84b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"84e1ba16660ae58f43cd1556852ae8171a530115e791f04fd39720f166e2c9772275fee44aa19e8ffd717073ee","nonce":"d9c64ec8deb8a0647fafe84a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"a59dd27efca6af1433ddd521902c59d32ce0dc0b97f72fd4256117d684162b987cf0f1c47e7ee414fc13900011","nonce":"d9c64ec8deb8a0647fafe849","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"6d36df48fb6c4966b6b19d0c416f0c44cc8d3ae1a3253dff4942af6b8b8594a61fed987a34e7587b9370ef06e6","nonce":"d9c64ec8deb8a0647fafe848","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"399c02de98ebfa228bd25153867704ad4e6a223f4a70e75aed098f90f56d531b4d00532fe4b290911b2a7f095c","nonce":"d9c64ec8deb8a0647fafe847","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"c529989d30182506b5ac709bed655c83e18ff2fb7c4e5697e48a90c1492db441fa50e7a9544ed3edc72918fb07","nonce":"d9c64ec8deb8a0647fafe846","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"9c48e91e771c052ea6399c5a165ad77ad1d4b9d721ba769323841d5bbfc7c9d5e3bf2f17323d618464d74baa23","nonce":"d9c64ec8deb8a0647fafe845","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"5cd3d2e63f83bbd1bc9361fb60835961eedcf2c5c7ccd5a01da28d744cad90cf56a08c9cf01ae57b03bba4f2a1","nonce":"d9c64ec8deb8a0647fafe844","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"b520ef152329e047a146d93bd6fdc08c81aa5db9282befeaaa897d5fccb12735758842d77859547762fc8eb057","nonce":"d9c64ec8deb8a0647fafe843","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"02939fd14c2876ceb060c23adb79cf5ff199bd162d20a889c315c733763a4e2a368fe47f8ace612741e4589956","nonce":"d9c64ec8deb8a0647fafe842","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"ee351ed8cef1ba3785ef261959c004ce9ab5db8169f0f358f08f40a387ce0efb0825b8bc73dab6cbc67d983e71","nonce":"d9c64ec8deb8a0647fafe841","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"b675ddc587e49f6fc23cfe592965c5687ac5b83585d7006726a436606523f8285e6c89449af703e7c71ce27203","nonce":"d9c64ec8deb8a0647fafe840","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"76e018b86d7664e13060bc465f82155a8c9c067cb5745e1d28815032641f94df21472c393da54191e155e25d14","nonce":"d9c64ec8deb8a0647fafe83f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"a38d5ab711dc4ff606c64b7f48940b4e8e0c08b5cf09cac5319abfb523a0eba5b7920f05c02d865f6a84662cfd","nonce":"d9c64ec8deb8a0647fafe83e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"872e64aedee419e77defc58f522ec509f88d4de720ac4ecada933c6745e22b6845198dce1a6f48d0f0a8ec995e","nonce":"d9c64ec8deb8a0647fafe83d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"ad2587d8e3902a2c98142407e09dabcaec2ac8086ef501b2af69411d5f153dd1386eaf66f41e2708c386866094","nonce":"d9c64ec8deb8a0647fafe83c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"de1a874544cf8d81787f7bcd362c0e53d14a701d77d79234e746718ea38be5ee420040a6a66fd309cdde8484b9","nonce":"d9c64ec8deb8a0647fafe83b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"d3351ed15d4883960ea11eb722b5b697e833252ec3de8b68f2dbe2a7c87e61379dd77fc448f371c0fab4e1617e","nonce":"d9c64ec8deb8a0647fafe83a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"46a27daaa0f67f0e150013573d8fbac086c320439ce05c397b5b22e7d1544ecad27ae332355b83908a63bee303","nonce":"d9c64ec8deb8a0647fafe839","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"3d20a1a0bb600fd88056938473817a3e00000e5f2e8a84456250fbf9232b7c7aab4eebe591cceef9c9f910a58e","nonce":"d9c64ec8deb8a0647fafe838","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"9b146b6bd81d4a044b246a6f559025aac2d00db762d9a3cc6fb38e75c7f145d736a830a1c445751b31d7659587","nonce":"d9c64ec8deb8a0647fafe837","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"07a9def10701fca8c8cae703ae82d348f8fb7cf8d9d3abae60db20c46639754e70b0c1e9249dd6b7046afab557","nonce":"d9c64ec8deb8a0647fafe836","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"3af33bb95cf5f613c2482984eccf48caf7b57657ef065c04adb752a0ba5673289f76dd0c9ae7519754524e863e","nonce":"d9c64ec8deb8a0647fafe835","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"6b87548d57257ac5dbe77ea9a50ab80518056b1d417d1d77c42a426b5db2963c2fc430c8c6b36d0734c3a5ffa1","nonce":"d9c64ec8deb8a0647fafe834","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"8e69d19356121c1deec45b192512bece14c10d0fd7a63dd9093b37e3337672ee8d9df0f5c0d5acb8f456027755","nonce":"d9c64ec8deb8a0647fafe833","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"bcf81930e035106147630c94721ff8e7ca1e57563a9b815a0fae41861b68f95d2392fd6d05057e4e799c13d161","nonce":"d9c64ec8deb8a0647fafe832","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"212f0dc4ab5188ee6ccbbd8d2cf16c789af2570cb36b3e6668b48fc79bd0e6b3b9846cae85f805eb00bd9a2896","nonce":"d9c64ec8deb8a0647fafe831","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"d59a5f4406690822d389d66ff725fdc6e2e22ca13a596ef49b7990e18b11cf971648e32306b836558547824ad4","nonce":"d9c64ec8deb8a0647fafe830","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"1c5dc8e11f85d61357850568aa6604670d7c2dddbd206ed113547fcea446eb1e2fcd87418409fc68448cabf9f7","nonce":"d9c64ec8deb8a0647fafe82f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"18603e0f4a623e8049c0f1640cb914b8d7d3ea4921d0586a8ceda37c6f2a38ca4d7b893adac3aff4ae2e00a625","nonce":"d9c64ec8deb8a0647fafe82e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"a535239e6bb81908779ef9557a1714779e54036dd186faaf95964bf45fb09c3929bf653d0ef501cb2b58c611dd","nonce":"d9c64ec8deb8a0647fafe82d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"b616dfad5c0b6726b749ec4d2fbb1a3a836b884a4167f98d92b3f4a0e0a7580965571208936329ecebac3530bf","nonce":"d9c64ec8deb8a0647fafe82c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"14cea38de449de19f9825b8df127ad5585f2e8e83ed2243494fdadd3d0bf286f7ae8c18077f196578803fcfe3f","nonce":"d9c64ec8deb8a0647fafe82b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"2b226fd70ccb29f0e8836f5ff203cc97f5d9046c1f71f23383a57caa43e42c51b77ae628f730649637c9a75620","nonce":"d9c64ec8deb8a0647fafe82a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"4c0471b3eacb0684f748c8ed91eb84177179fd77b15dfeebb962f41781b9265c59c9e9a44dd16320fa1777543f","nonce":"d9c64ec8deb8a0647fafe829","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"c2720cd102b46d3fd78b003e663aad24234d3a9f99a9682589ec4c12fa643c9585704c05863ec359f5d21de3d6","nonce":"d9c64ec8deb8a0647fafe828","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"9f5fb66b1551ab72fc4c38c5051dc3ca808499f6e1a53f491f220c174e7d780762aa2b243d329c312546f8d663","nonce":"d9c64ec8deb8a0647fafe827","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"5e34ca7c77f8a38d0f3de87b102794a9d8d71e4e99ffc7f3bd5c77e7ea1e15e2bf27fa5d35a69f3ea3bd998cd9","nonce":"d9c64ec8deb8a0647fafe826","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"9c8ae1bc04cb482f74125c440d0ac316afc11aee27a88f7b364dc50fc710839501877f6e60a140ee61863ad56a","nonce":"d9c64ec8deb8a0647fafe825","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"6f5c082e72c27e864d4fd39359f0e130a048e09cf5c81f80a4321c846ea1df333b43cfd02d6e153807f09f3185","nonce":"d9c64ec8deb8a0647fafe824","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"211f2d5051f94b60794dcebf017e64a10fde9c38e5215f2f89821f1066a691601ac5449b20e01f43cafd5decea","nonce":"d9c64ec8deb8a0647fafe823","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"93a969244663ddb9d21b839fe1ab4894864bbca8b01ba3e0b5080bf9bf5aec779fb42a2b9051d5d59ca81d7029","nonce":"d9c64ec8deb8a0647fafe822","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"f0fb6f08a1266e4384783f31e262242136f40deb1cdfa80631406491a14729f5a0a5e18cb66a17ea238a8c33a0","nonce":"d9c64ec8deb8a0647fafe821","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"549dab1c4a36275659639d219611f7cf322de64f0173691eb2802acdf8b98c275fe618eaae9755bcde1fb48493","nonce":"d9c64ec8deb8a0647fafe820","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"e7823d363dcb278a3e805547211c18e27672f20b34a3cd604faf26477e52b1858e7b03012ef8a37aa4479847fd","nonce":"d9c64ec8deb8a0647fafe81f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"092d701b056823c8ebdaf8fb7340902cce5ab1391a5da3c9fd534c310edb81d7297fa7f8e7a36fe42f8991b1d3","nonce":"d9c64ec8deb8a0647fafe81e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"eebc170790ca7a21a6cc91958662c1c16622e14939541bf68672103b2d5ee024537882249c32fc141e100c408c","nonce":"d9c64ec8deb8a0647fafe81d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"163b5da7b7b730602e26563f25e70d9701a18118148b4dc6f41459bea50e966822117d9c8c1105c40e84e2ac85","nonce":"d9c64ec8deb8a0647fafe81c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"7ac3249e87b82270970406c4f337362b35a77a5aa62a1232bc3889747f531ed32955021089259a4624a3cb27e1","nonce":"d9c64ec8deb8a0647fafe81b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"7e2d4f9a10ae2e0463d9d40f9ec7fa2102e951bb32d17bfcb97da774ce9f23acbf5964e88d6930e0ba29d0d5ea","nonce":"d9c64ec8deb8a0647fafe81a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"cb30f85685dc041d7e458ae1c4c28e42b1175653c993b3dfce192962fa21f2ef23a054ce3bccaabc815b9f1e9c","nonce":"d9c64ec8deb8a0647fafe819","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"5fbb717bc7a7ad893acce117c908fdfef2752be347ed083f067ef3d5cf0b297bb5fe936ff63fa2b22f0608a27e","nonce":"d9c64ec8deb8a0647fafe818","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"cb1b38a520287cc5b97488c657b7524dcf10c8d3439e7a667750c8ef283a3618de3e67609c65bab8a267a25119","nonce":"d9c64ec8deb8a0647fafe817","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"325fcea14fcf6d211fb3fbfdf9d57d9bb28d639befbab5d4c9f0b76a5ed6638d8bf5391b464f4ae70163169632","nonce":"d9c64ec8deb8a0647fafe816","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"aa71d0125592ae289284358c1b0807d42314480365297f9275830eb5e1c7b441f5fc700f4d4391363f606caebb","nonce":"d9c64ec8deb8a0647fafe815","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"bb68ec1cd4da17d248e6abbddfdc89ee56591e66d9632567667761111a9cbf9abc680bdc6528b8469e51a92ff9","nonce":"d9c64ec8deb8a0647fafe814","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"507dbffba66974df39f03feb490b6b7abc0226f4b564033e4c021375bd5356bc244412637884cbde7298734d42","nonce":"d9c64ec8deb8a0647fafe813","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"94c5df061c21bbec64d80792a9147b5ae7fca3ba2d38c11b3c122f210054864ec93c2d4fd776e644bd399fd6eb","nonce":"d9c64ec8deb8a0647fafe812","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"9ffdb2123b0f9f65eeaa8b57797f26df2f422635adaa60bd0b47c6cd66f7f9cedb8b15f59b40f5e764fae39bda","nonce":"d9c64ec8deb8a0647fafe811","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"6525eda7442c318aea54f3049f42f786edd8865972e674022b7b866b548759917282e28ac2a6d6aef9557d1245","nonce":"d9c64ec8deb8a0647fafe810","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"a6e7a071a64c35c44a1cb2b46efe4d7baaf9efda237e05a5bdb456992436c9e80eda02c438ee1ac362a44ca8ce","nonce":"d9c64ec8deb8a0647fafe80f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"793e3940edc2fa428d6e3d1978818da5638a98f8353ad325c5a3e0035ccdf39ee49dfc9552e2711f8d7878df05","nonce":"d9c64ec8deb8a0647fafe80e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"de306d09e0f6974115c7400b54b5adbcc6bbb8bcc69dec40fe35d03d3d4bc4c9503bbb414e73c9fd2a7e832a1e","nonce":"d9c64ec8deb8a0647fafe80d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"3f53306619636086a4f57bda2ebd440ddceeb1f17a140b9775455dc8d50267e5d433d2f7b1a111d18a828df9b2","nonce":"d9c64ec8deb8a0647fafe80c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"c2003eae2d4815e02e346ee0cdd39842721c0fa273e2d12228897de954d3a2fbd0e7b72aa0758becc0c672b058","nonce":"d9c64ec8deb8a0647fafe80b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"7eee590cb3b22667eb8ac5ea3d950adf89cdcf7f93b102646fb8311c33586cfd2300b002b9a8a48650c0b19f99","nonce":"d9c64ec8deb8a0647fafe80a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"b30fb82867081a29a3c41a6620fe4916a9e6c38851fe75a5750692c9abe776d59d894cb110567c0d11b27658c2","nonce":"d9c64ec8deb8a0647fafe809","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"31553322d59a6dd6fafc94e9801741fe12581bcad284629da060af5b85bfdcca87ac88e2a6928dd409a4cefbdf","nonce":"d9c64ec8deb8a0647fafe808","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"7147258700e3687ac9d1781f7ce5af0214f6481eff3ec9c2d51c7c917bebc044d521ed6c8278473f0273c30e3b","nonce":"d9c64ec8deb8a0647fafe807","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"12892aadfd565a929b3917bd8226f3865f45617befbc22e163a8a5519737bf75a0e3e036e46eb85a64c5cf6bc3","nonce":"d9c64ec8deb8a0647fafe806","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"71eeab8c7f40b5d002eb1d081ce497dd37ab056db89bb8d907b5b849981d7c4eef8db0dd041d32ac746390cb19","nonce":"d9c64ec8deb8a0647fafe805","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"3e60775d933285469f5c9894a5c9c866e30fed438bc4dcdeeea5060f379b75be3e5c089299908c852c7d75b662","nonce":"d9c64ec8deb8a0647fafe804","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"a7ddc0fa67d665323cbe379e56b1ffb8535511d98471874464211981334fe5277bcbd2b75df7d831174c81f8ed","nonce":"d9c64ec8deb8a0647fafe803","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"8e54a0880670d6b422aa8d47443b0afda386813f1e7543d9236f671dcddc34e49282b637e4711ccb6cfdfefbe5","nonce":"d9c64ec8deb8a0647fafe802","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"158ce6fd958468062cec338600c997ce24d5adbb03d04c2c697d89f606541838b64f97ceaf1c0059f0d46c452c","nonce":"d9c64ec8deb8a0647fafe801","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"63113a870131b567db8f39a11b4541eafbd2d3cf3a9bf9e5c1cfcb41e52f9027310b82a4868215959131694d15","nonce":"d9c64ec8deb8a0647fafe800","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"24f9d8dadd2107376ccd143f70f9bafcd2b21d8117d45ff327e9a78f603a32606e42a6a8bdb57a852591d20907","nonce":"d9c64ec8deb8a0647fafe9ff","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"a39502ef5ca116aa1317bd9583dd52f15b0502b71d900fc8a622d19623d0cb5d"},{"exporter_context":"00","L":32,"exported_value":"749eda112c4cfdd6671d84595f12cd13198fc3ef93ed72369178f344fe6e09c3"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"f8b4e72cefbff4ca6c4eabb8c0383287082cfcbb953d900aed4959afd0017095"}]},{"mode":2,"kem_id":18,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"e3729c324d35f3e670bea8fad197426484b2b061df21be8d066bd192b8c1e78df8f1c4e0b8f69dac50be65086000a86924fa2ecd592835e07502bb0306fcc121c5fe","ikmS":"49ca21a7e5d281e6c48b7a5a2444322b25f1906efc6fbba7964eabd55d530f6309ff8b2f827f08162bdf0729845f35118f5717be2f339ee2aaeb3714914be89d677b","ikmE":"c453e6ea553a88e7ff7725d054df233008fa95f03131655b6fad3c2a0e151bccfe26fae75a166d309c414ef0ead6be95d035614428e1d20ec134d305872c543ae52d","skRm":"0118c813417d40b8edd14cec6fc04e67ede1967a9b26e8a19c20aa433251fb4dc76a7de2878177a44384800bae570da38e0f58193b6d1799227f27de33ef7eb2c76b","skSm":"00ab69acecec74b36e54e505c664e2f3b940a4528f9a770d9a1bbd92355d99b622fab6ffed999e8d7ec58204c49a3d53655964ff2b5396f03742c88d7e2094cb2227","skEm":"0054109f96b8e312dd854ad3df5706c0ad6d19224c63d779585dd88fec37cc7fda8de430f6cb26a14110b780fd12861f3f7e5419e35d1d51f3148cb238ee73e98b1a","pkRm":"04003c9de1cfc53be54b93f6625b07aae4e7ff8ecaebe121625ceec371c2efd83209487e83c776a36cd7937f66f829e9b2c4dcb5370d86546522210f731408f8aeeb84000e8033559064487ae5fd4748f1edbbf221ef467a3f259c5775ee79b76e12027c8e2364346f3f1bda51bd0fbab45d818a1a775ad01c06f7c8f540dd08a050605615","pkSm":"0400b880652e5b7de84d11246b873bb121cb99e8a2e7d884c331b1e3888f509c8131df4646f423678e85038dca6c1624e5a468c8da4d545a000ddb4269cbe96b59586001e352373c051af38e1daa8e0f42beb0642f3872f908bcf3ad674db18915c497ff5fdc088cbf346b2c13e950543867cc91f6968b59c93400e5824a0c17de3b2d7e46","pkEm":"0400d19e637f640b36e8d25a91f267ea590cbcf5e0e2a0e02ad7e486b3fe1ce34713ddda91232727274cb0d1a3e84f1543d69e8e91aa6b714d3b1d918c997a90b1936000296f83b54b7a362a87c5aef836cd81ad5f286f1bfa6a771ad1825e5f8d97c8a34883e276f9a9b1ee3ca713362a1d470951701cd6a9d16c2d44d03d0beb0041f296","enc":"0400d19e637f640b36e8d25a91f267ea590cbcf5e0e2a0e02ad7e486b3fe1ce34713ddda91232727274cb0d1a3e84f1543d69e8e91aa6b714d3b1d918c997a90b1936000296f83b54b7a362a87c5aef836cd81ad5f286f1bfa6a771ad1825e5f8d97c8a34883e276f9a9b1ee3ca713362a1d470951701cd6a9d16c2d44d03d0beb0041f296","shared_secret":"470da194ec939201e6e57c36d8e67a9bdb22fdc3480172d33378c152321fe149d264100fe90e36ffb81e83cdfa8b34ae2f68691a55fe5f13edbf59cffaa4e84f","key_schedule_context":"021c32c098a411cf1afaec805bdbb4126b85caae458c62f8d8fbb24168b37930eab113e91348e59600e38ef02667015f5811559278b5daf69cbd8ebf22861e112922f3bb3f4a73881979994c3c83a46628434a24f6fba24b7cb79b65184480612f921684dd1abdb948aaa07637b3944e6ec7bf5089bc9e653f702dec2b8ceb1e0d","secret":"fa5c8fd56096947999ae9a106b74f71f925104ab52fcf5ee6c6a67dfc9f0ccbe94eaead78638967e2c4a4d2fc689f0210b24dd9cc010f3addeed2bb045257ccf","key":"7d88479b678ab85e45db85f3e8b6c5c35600751973ca9929dffd743c4ffe6c1d","base_nonce":"a5c06c7297a23aa7e5009b6a","exporter_secret":"f1410ad4c18dea9338815bd3bab6851c4deae3fccdce17af3731e9f84d480658d2414868beaae9e59bc1ee4ce64b58c9f0bad942be3616ed576f1c478e403dc4","encryptions":[{"aad":"436f756e742d30","ct":"39e0033eac3039372dc1ce46592c0c4dd2dcbe591e47da6b13d3845467a97379ab3ec8bb81c46ce22afee06f5f","nonce":"a5c06c7297a23aa7e5009b6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"1c98111090387c2d94a27c240dfdc2cba66cb63abcf1fb5ea663e7f7ab07e2106bd5360411ba67e6b00de6757a","nonce":"a5c06c7297a23aa7e5009b6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"4173496422156613a296973400f78988d29f941c15137719e4c0828fdd87558c587f3dabc38729fb7eaadde5d9","nonce":"a5c06c7297a23aa7e5009b68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"ef535e1037dbd6276c5ca81f12e3d49d6eddf4d46df61cb5cefd084d65efd54de7ed7c262cd5827355cebfec9a","nonce":"a5c06c7297a23aa7e5009b69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"3fbcb91cee8ceaff97b962d90ef534a444276da7f8041571b8cb3b682e29fc905be824cd91de0917346c20871b","nonce":"a5c06c7297a23aa7e5009b6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"2e056c8e471f9a3d1714f4759d2fc34245be24bb83231ea39e8962974b81e2d263aea6cdeec71c02628c57be00","nonce":"a5c06c7297a23aa7e5009b6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"274f54ede4e52704aa7f415abcaddcea0576ea7e9ffec703738da79f56a5dfa2bd1d6a489dd15e6a52685e2923","nonce":"a5c06c7297a23aa7e5009b6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"abb80060814fc38a7fc195dc9e53a81c1d3e343639ef8083435d306727546a61a48b0107e2df240e4b4b74f7ab","nonce":"a5c06c7297a23aa7e5009b6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"ad4a8b6287b445c33e6b6aab29ff86cd9bbb5225fa5de4456089d45346ad4a353df67b62ff435f548ecaeb37d1","nonce":"a5c06c7297a23aa7e5009b62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"e48a5cbbf696989e330c657d6a5808caacce7a4e12b9936398878c7b3ffbed21649ad8b31a9b6bdcd4ef3513f9","nonce":"a5c06c7297a23aa7e5009b63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"7f836b4ccc497c77a0e4a9811a11425ccc445c8ec070c402fa6856e57f84853f8446543af5704a4d713c476b0a","nonce":"a5c06c7297a23aa7e5009b60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"b414e43f4dc74831d7e3b2044249a2f641192f23054801c37ed09a789662bc17014534cad94921f25773b68d21","nonce":"a5c06c7297a23aa7e5009b61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"564208ecfcf2a018fe8def5fc35a538b2dc5fb95b6f1cf009a353a84ac78bef9509215af855e5a8fafd7411511","nonce":"a5c06c7297a23aa7e5009b66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"25ca067e5c9af2bc17364a8823f77e0a58fcd1b255471e67b1b0bbedfe094eab5c6d3adee295c051481840bcbb","nonce":"a5c06c7297a23aa7e5009b67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"6e2cb70250ec2ace6ec819268d8652d83d4bdab89f01850879158b2f9f37be9c1fb1fff9ef6eae881d453108b9","nonce":"a5c06c7297a23aa7e5009b64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"c5caf2d73465a5c24d3d53db740b4b107e2026d8fcc771cb9d3657f4bdf841b5e94aef43ef256bab7d3660679c","nonce":"a5c06c7297a23aa7e5009b65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"d60ee2ea58cb6877d062c8d441c916db81657b2566f0353887a871930773839ce2971af8f7226c161fdd4e762f","nonce":"a5c06c7297a23aa7e5009b7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"37c85a1f1d91564be112d2f3215b8fd9035e1cb479929821be2e19281c150327827801e0d65cd53efc6d3f9a62","nonce":"a5c06c7297a23aa7e5009b7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"6e8ed79165daa8b5bdba0277e0f5c07b8d28e7ebb72f9badfe17cdf012a9ca6f389b98a262ff4b544260ba67ec","nonce":"a5c06c7297a23aa7e5009b78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"006adfea5aa57eb259a9c54add9ce3cc2523a810f9cd96451a483cfa09936f4c67e31f0e3da458af430cdee4b4","nonce":"a5c06c7297a23aa7e5009b79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"ad60f76efdcda3333c5c13e64ab4d8d49ee95b492cfb2e154f2de34e4898fc3dcf338bff394a7b62e73c0b0747","nonce":"a5c06c7297a23aa7e5009b7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"7fdcbcadbd1d5e443ef008aeb490375a737b4a8130cd4ec20438dbc8c5d64449adc7d2212be1f82dcf72c491c7","nonce":"a5c06c7297a23aa7e5009b7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"62fc939f42bd4e40334bd53b04033c60980654df0ce7527b3f0818bc6aa2065f4fb46e91df55fa39ec64df0279","nonce":"a5c06c7297a23aa7e5009b7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"f5fcbb73b251625a421748dc031921df0142259e2a8e7f3a02f292de05c8133df16b4e331990f6332794ccd76e","nonce":"a5c06c7297a23aa7e5009b7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"e696baaf2434d3b5f0f78e7dc683471ac19694dea37c285c4b8d40e58500f15967ca8d8973f83fd2456c43f456","nonce":"a5c06c7297a23aa7e5009b72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"32253d68db8fc105d4863ed7a1ea74dad80fffcb5492c17de55377f73aaa9c3dbd7c202a2b0019978cd271991f","nonce":"a5c06c7297a23aa7e5009b73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"9c2e93cb0775110415bd543bf5b031ae56501139ab8e10458507e56046f119b86478d2474e5cb0028ac2237072","nonce":"a5c06c7297a23aa7e5009b70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"bbcbaa5fbaf9fed534c0f01ce77ffa663de6c2a5ed1dfd3e7b0decde07e6e9d90e79d5e3d83a591f7b0cc70f1b","nonce":"a5c06c7297a23aa7e5009b71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"fec58a5b7fd0916c87c27d59b7e594f2c34f9d8e2054ada6de1fce0920c97c41c72ffa321d8bb058de6f9e4365","nonce":"a5c06c7297a23aa7e5009b76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"5a13639df745ce363185adbfa512d20b0e8eb5604c4177cc43ad88acc11593018c9c60986e4a9daf67888003b4","nonce":"a5c06c7297a23aa7e5009b77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"52bf62113938e4b0a4d5dc13ce6959ceaf25aa612209a12fbefb3dbd0bc63d5e8db031c64ed7c03aca5f6d4033","nonce":"a5c06c7297a23aa7e5009b74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"3d4021dfb29397b73b5e66401470f0dec59630a9ad6e29dee8b216f9ea62e1b396db8f698f642f04cb2177d94b","nonce":"a5c06c7297a23aa7e5009b75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"25f73e61436f7ce2697f3faaba1d4a8320c3bcd18534d1bd63bea7c5e6eb96def2770aba9e2189fc863895c81e","nonce":"a5c06c7297a23aa7e5009b4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"7615c2f8ca693e722b69f449f19da63a53d74cf4d78a4fdf0c5e490b5e0f76b391112d25dc9035e20d03e7d4b7","nonce":"a5c06c7297a23aa7e5009b4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"7ddc45f4644c4294e3a9aa3938479237f7a042fb3e24276a617aec6f4151938dc4bfca89657e75d5ca4ee9ea13","nonce":"a5c06c7297a23aa7e5009b48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"c281cc49cefe621b5d165cb40bbacdad8cf1dab0b2c190833a0c1322687f217c3b46fc6ec6c2f8f9148a58c501","nonce":"a5c06c7297a23aa7e5009b49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"d0419a47e210af805317501f487ae551f62c525ed343171eebc0d16f1fe8f5d7689764616b338aa50dfe4d6fc6","nonce":"a5c06c7297a23aa7e5009b4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"ec4062077efd84c155e88689a9c430387cd76f1e496e18fe3d1b756fb7c0ecaa8778ed83c9405074af0a31fdb6","nonce":"a5c06c7297a23aa7e5009b4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"740f478f0566ce1a5fd4ab3642a2b3df1af8a1a082afdf32e73f47e5697ca3d20cf7abc93d8ff661c757a2265f","nonce":"a5c06c7297a23aa7e5009b4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"da5d3bcbd182bb7ce032b5985bf8b8120c8943f5554243f25f41424f36d89daa71870737226832f819c0ca7e80","nonce":"a5c06c7297a23aa7e5009b4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"a97fe3deec6c82db7e5262f55515a3b853d7bb6bbb5c1e8e4ea69019ded41208b2e82026d53d06990a60f2b101","nonce":"a5c06c7297a23aa7e5009b42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"b9df5793c837785caf1c21d5af2ea8b8c5158cf83ec088950d9172829f2566ebcee68fe56ca85308cee7333612","nonce":"a5c06c7297a23aa7e5009b43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"549abf5f5566ed56a52e3a6e56e5fef183e1dcf62c565410b85c5606a07e062aa4c90182bfc9e835579febd724","nonce":"a5c06c7297a23aa7e5009b40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"5bea21fc141463a5d11d7f34848192be76b3c1ad1f95a5ae64c56fdd7fa49afc0446e381d1d992e5ac8df5c789","nonce":"a5c06c7297a23aa7e5009b41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"4f58bc4fdfcd04419c1acf5f2992d0593c12478d0a3f712decbebfc2d585d1e5828aee9487f410354d3c0f4a9a","nonce":"a5c06c7297a23aa7e5009b46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"88f4b6c9319d4ba9802ee96591aeacf41883db5ca5c626746a428de3e901404703f273879539f2bf09dcb769ab","nonce":"a5c06c7297a23aa7e5009b47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"2d90eaac55b9a1185d797c44a0f8404a5eadfaa1c32ca6db94090a566fdfaf78a43d22c46656eff0d4efaba23c","nonce":"a5c06c7297a23aa7e5009b44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"c550f83198717f4182fde31017c7d0ab8d89f3ecfee061dbe8630a6ac9cd3df7fe081abffa706e38a0149986fc","nonce":"a5c06c7297a23aa7e5009b45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"e3bee95d192a978c94c63ecc0575570a2a8f56ec60188d141ae1853809de95bc9bea0615581afb0a9187e18034","nonce":"a5c06c7297a23aa7e5009b5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"e201b510694f3f9d91f7f9555fc976a5bf253374d37f34ee038cb555d0bafb7aba47b14e69e47a39fe535001f3","nonce":"a5c06c7297a23aa7e5009b5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"6dc323c3911d27527a55fca30ec5d4e2699422966021a385229e33ff96424f02f4eb26234f2e3116b762540d6f","nonce":"a5c06c7297a23aa7e5009b58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"83a401dd21097435e0d8933023aabfa445ff26e5a4b21cbe004c4dc8bba9dcfd827d0bfedc943519feb758fb73","nonce":"a5c06c7297a23aa7e5009b59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"a62bc0910b7b899b00daf4ece3aab85e9f7193794fb536cf1665bd3e9c9309130980b6c364327002605d26ab68","nonce":"a5c06c7297a23aa7e5009b5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"67c4752f7eca359da0dc6f151317535d3ef578e61de0be336f934c907e4120d8ed0ce89d2c1138c27fe78374f8","nonce":"a5c06c7297a23aa7e5009b5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"7725d537be6c1c7ba135127167892a823ffe7473c4314b36c5d317f00a9f1e19a96ef54cb8c6e8b93b8c749e88","nonce":"a5c06c7297a23aa7e5009b5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"f4441feffaab1bdb1442474260ba5e73646a3d64a1245ee2e0f253a8250006b5b61b6ec18180e2de728e7fdf8b","nonce":"a5c06c7297a23aa7e5009b5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"13c600d3a9b9bb4a19f8b806e80f0dbe83a4f686fe2293fa54386cf375f35dd819f945f42fc6f959d33b081911","nonce":"a5c06c7297a23aa7e5009b52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"ae73b7d12e058c8654db5a84e2a2a5158756a1c3882e85063dd441fe6b114304a619b5611bb406fdf21998d64f","nonce":"a5c06c7297a23aa7e5009b53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"ec48f6ee91caf4480bfbaec7f868fa33c98b5ceeb36844c62aa35712f839227757b8fd457ce6c04e2331bdfb5d","nonce":"a5c06c7297a23aa7e5009b50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"7542989539a3251121313e21d7057df60d3a9a9ec2674780b173482c9f41f3e8964ebaf25e270e1f93df2dca94","nonce":"a5c06c7297a23aa7e5009b51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"b0e4e88a97cb694b5bff6bcf85ed5c2b12ecb14e980627fb9c336bea3928264f67586e28bbd0a155df66d5ed79","nonce":"a5c06c7297a23aa7e5009b56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"cbf3ed2042423e53f7b65f7d8ad54dbe373d879b08173e36f2234c81d8174d38feb6fdc48ed30150140d4efd57","nonce":"a5c06c7297a23aa7e5009b57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"5582f6521f185aadd6b7763b0530fc9241901974c5a7c23a2bfe55d02b98a437993cd8c55933cf542b7d7fe644","nonce":"a5c06c7297a23aa7e5009b54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"575a68a1212714d032ab4952a0b4aee067aff796aa326afd8c90c9605f3e5a4bdceddd1dd0ff0a26b1bcb3f7c9","nonce":"a5c06c7297a23aa7e5009b55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"1e884230c68dfde0e8a347b4314995261fb0fad9dfe8ded6f1ba123d2f40bdb9bcea8bdf636a39b89ad43df54a","nonce":"a5c06c7297a23aa7e5009b2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"be2afad7059f27cb4e28feff9b1a6f24d4eedc69f558181c6c2f0997f1faf08bb0c832112d74dbedef110e71ef","nonce":"a5c06c7297a23aa7e5009b2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"f7dc46ad042a6e603684f9c698d8d0a2705a0c09b69b383e0e168e56d54539716a7ae2cfa737b17393b5dcf7c0","nonce":"a5c06c7297a23aa7e5009b28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"7e58aabab041dfd4785ddbf648db7189e596e4aece1636d2352380f95158116447f49ecf845536ff0586d1575c","nonce":"a5c06c7297a23aa7e5009b29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"a83533b83a95d408f9ffedf7fb71ceecf9c3ad8e49231692ca5cf51af752f8547b5cb2f95d84cf4e69e869e921","nonce":"a5c06c7297a23aa7e5009b2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"f4207bee0018c6e9e35647568bab240f93691dc8fa1279316dce1209ffb066c5c56d17ad49b3abe67382073ffa","nonce":"a5c06c7297a23aa7e5009b2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"66b89994f2cd1fad284f37f0b54163a6e03ed8e9edc4c8e8ebb9e900c4dbc4844e5d6f2afdeab1b87da1e42b87","nonce":"a5c06c7297a23aa7e5009b2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"6aa5d8323d61b7460fba66810ac4db6e961c221759091bd041099516c952a7fe0af954a84498a3b047638e24c3","nonce":"a5c06c7297a23aa7e5009b2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"db9dc2ff414bd33c0481e5dc4e5c2d47e5cec2b17897cba6267022bbecb95b65a0d0f8580a73fc4c27e2d7ac48","nonce":"a5c06c7297a23aa7e5009b22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"85869770f6611dc9f617538467ae2bfa045a7d7f58fd771f1c974e5bc037419f7574aa6780b4146149b362b3f0","nonce":"a5c06c7297a23aa7e5009b23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"30327402badf107a73d48f9723168355d5e28b9b4eed4a6e37c11487f36c3a67103a80e6e1b6f4f2ea13333be8","nonce":"a5c06c7297a23aa7e5009b20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"b2648a851b77740e83e5d991d64451031ccfa1221b34062e149962cb2b2b8d74a9b1e6821483522c4448f8c8d0","nonce":"a5c06c7297a23aa7e5009b21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"6205d39d3615355918edda733f271517dbe5031a42e3de2fd364e62a0f05315ad50fbd1fa0a4b279491aa9dea4","nonce":"a5c06c7297a23aa7e5009b26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"87249ee4cc1bae0b500d0d6cd5a180ec0239f92f2e7270fa825d58003c057b6931a25b70921e2333d8b5e5aa00","nonce":"a5c06c7297a23aa7e5009b27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"d72e2828990dca64e1ff3fbe9811820adfb9d6a7e1802aa19fdceb16585cb1818ed84cacbc3ff11ec8324d5b3d","nonce":"a5c06c7297a23aa7e5009b24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"a580c81c6ca57bc81c230c702fba41237ed8b55726e4aa9897068ada9f16e316dd03538a850d63ec94128a9fe9","nonce":"a5c06c7297a23aa7e5009b25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"3600914adea3b7d3c821ce623a1c3205b676ca1477045d4e3520cad19590c997c56210c5a47d116aa29bf9403c","nonce":"a5c06c7297a23aa7e5009b3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"de0a0a4e1d5fee675e3905b1599561733ee344781fc41541abcb6ea000d098b714ee53b493e582fd4ccd622537","nonce":"a5c06c7297a23aa7e5009b3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"f818436f712f80ed7c47b034abe7f9857c92141772a5d44f0eb85ff39f23acc5055efa16bd37cf9d54749317a5","nonce":"a5c06c7297a23aa7e5009b38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"063ec4e2c705824aaf55afef001dc4d37ea1a9cc723b22c36978d398e633c754eaa81b3d6634c4fdd6094c325e","nonce":"a5c06c7297a23aa7e5009b39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"919b5f8717066ea713234e291d12f7e429fd8c67f2e19a8c45e09b9cc37b87efaa9bb98a5d0bfcd00b5b1a73b4","nonce":"a5c06c7297a23aa7e5009b3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"b340fc3a7a9e726dd4429cd6af284f21000b8ef6250bd901d688570dae522af101ee74e8bd8b9e7c85332c53ad","nonce":"a5c06c7297a23aa7e5009b3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"4b9eebe45646ed8e5fe1a14f8f893dc79e8a8557c18bf164338004adfb58808282bbe69ef82d828dd021ae9f85","nonce":"a5c06c7297a23aa7e5009b3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"aa6678052d530ac60c31e4ab01229947558f264eb74ffbb806f4d23e4f6447904b711a59e853b331e0c4f87a22","nonce":"a5c06c7297a23aa7e5009b3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"845526b0fa05304f75a9411c32a957bf649c1ddfa634aaa9ec0fd3fc1465f3eaa297f14fba27a7b7e3cb23f35d","nonce":"a5c06c7297a23aa7e5009b32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"ec48d5ecbbdb38bba6c076ed31e32b2c3fd4628b434da3d4134683bfa946b63b2bf659e36958d439f51767fb2e","nonce":"a5c06c7297a23aa7e5009b33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"dec839d8be9b9c01c871f2caa3563711ca0e7d59d81d8083be13e680507b12b039a720911a8275f693ba88925c","nonce":"a5c06c7297a23aa7e5009b30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"c6c3156d2d37f11cd42b51d23dba1c68ff4d159d6df0523f16ddee58837073bf486a50eb762c0f92c1be1706d0","nonce":"a5c06c7297a23aa7e5009b31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"97ba2a3b67d8453133079e8cc75b2f4c2eea6d0a35022f22a14b9a5e3ee01f1de3e85912352671dbc735b21ce0","nonce":"a5c06c7297a23aa7e5009b36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"1300a99bd0243bcb598471f88a252df657476df969c2663225305a2bb52fd664dfa3cb6f87e03cc040f8c383c6","nonce":"a5c06c7297a23aa7e5009b37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"d173f1e61468ba4dd8853648738211c03243e2b248609eea89890614312e43cf5dd517cc93ec48aba7738d459e","nonce":"a5c06c7297a23aa7e5009b34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"0482775345e1aa61c8180c48be215f904349d7ff9dd92dc4cdb44b50f627bf54df8dbc52eb017d7649c9ba9201","nonce":"a5c06c7297a23aa7e5009b35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"2297682b5ec66b27fcdba9726d2f8180933cb0e04b51490ff3cffb5081a144710cf7aeef36ce786008bd030be4","nonce":"a5c06c7297a23aa7e5009b0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"cbce8c19334e33c507bbd559da1da4b772e16eb209e39ecc7ea04b5b0a8f6baccdf99e7ba8182b357cf00717aa","nonce":"a5c06c7297a23aa7e5009b0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"3379fad83ef9380ad9410f49dbf92823c90f7389d2d048b0a1e1ee7023ec79624957c8ffaeb9efefb829026e10","nonce":"a5c06c7297a23aa7e5009b08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"3e8b0560d90a88135a840e33531c46810172f96056fb47e00925910cf84760ac47e63797d2e8f1a8919cb103f7","nonce":"a5c06c7297a23aa7e5009b09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"e1dda5532808cd2209c746190cc1aa613d33965df24da675f9f096494189ce10218df3d1997ad6f173ddeb98aa","nonce":"a5c06c7297a23aa7e5009b0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"c6df0ea32520e5af3fb760aff67bef58211910baf8618c05628889b7ae736bdfbd57825a207631c749138acdca","nonce":"a5c06c7297a23aa7e5009b0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"3da299a9c97662c2fc343ff5bdd2fc846826a7df5d54cd7bc45f52b5c8df0e05f85d54848b6ed2dfc8fdb5db83","nonce":"a5c06c7297a23aa7e5009b0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"280cfccd4411705881b50e6244b655285374f5b7e9eccb8d2bb6fc21b8885f1885105720b965065117ffaf1faf","nonce":"a5c06c7297a23aa7e5009b0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"464c3ac4e3de58aea93da9c2722ba26d973c804446ef412171a9aa0d4a1443e2c40c16d02ec2d23d176d8868b7","nonce":"a5c06c7297a23aa7e5009b02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"2eb4761384babf687416066b02a6750df81313f294e8cd8862e99b5dfd826272b4785130073334cd5677f80562","nonce":"a5c06c7297a23aa7e5009b03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"fd18ec230f48ec387e11c5fc068a4e5351788ccf6fac2ffa1f16ac904ebbc2c78b528c6acf4ddc4a5fef27beee","nonce":"a5c06c7297a23aa7e5009b00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"418a6b78f379fa1c51ffd267f59927176a4ed3b23181520c2f0b8e466a08be2ab1393240926188d6807fc5a03b","nonce":"a5c06c7297a23aa7e5009b01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"ce8aba0aca3f4d78ecc07ffeb6bfb6b005a633067ce4d582948e6f2828374d8069341dcb9e010ec1faaaeb5f4d","nonce":"a5c06c7297a23aa7e5009b06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"a7f4e327e67e6db912e924fd05ce54d608014ba69beb7d5b90e1628282efc0b0da73e024f3dc6a8b596fe9ac01","nonce":"a5c06c7297a23aa7e5009b07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"de06e3f51d57dbca2ff959a43e9cb81051b4f1a999fa7778576182d2131781c364c607adf3280e5236f60f80ca","nonce":"a5c06c7297a23aa7e5009b04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"01a972dff221b2c01d3cba50939c43c24a8021a5d533f5f9b2041b912c8887d4634575085182b863a189632bc3","nonce":"a5c06c7297a23aa7e5009b05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"409158ba15f51e340b6a5dafdf17db7107c7e4a8af4f4ffa6545eefb36777d007d7d170e8d75aec362f6d3f943","nonce":"a5c06c7297a23aa7e5009b1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"5d63739fa7fee188078d07c85813e0813429432baff6647794e161eddb9ef0f3e4e87039ae5555c2f39a0a4ee9","nonce":"a5c06c7297a23aa7e5009b1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"b70d8ba478d061bb7fd74a58a075603ed8cae130c4ceedca8159a6674b5f4e681d1df795cc10a2bdcf7c0e8d91","nonce":"a5c06c7297a23aa7e5009b18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"c20c506c874c6f630621ee5e5ff6671e6736592188372b78aa275fdfdcee537a61dbda5bd4bdea1d50e15908b3","nonce":"a5c06c7297a23aa7e5009b19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"b6c2d6cbec20b44a84db4d05e534d2e8ead21d46a5293737eefca839a8b9497aadfaf147255c134990bc4f2bc8","nonce":"a5c06c7297a23aa7e5009b1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"b25ad1725c01687029e2c6a4d248ffeab2056df44c5d899fc9646c3104b9c5af80d6836fd90432e07a860e7a00","nonce":"a5c06c7297a23aa7e5009b1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"5ff3dd48efba11c70958de981c773bbc4c28cdef924c2bea66b00577476d3d7a4ae8461a2bda5be5985bd8053e","nonce":"a5c06c7297a23aa7e5009b1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"3a7dfb2fe034537e04e0459a0565ded0e63a5b59c5024d60204b90a489a4e45325901737eb059750e2e011458c","nonce":"a5c06c7297a23aa7e5009b1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"13993eccc9814129c4c02b641700220a03b233d5a8f270e2aa8487aace302b9d31e684bb6143cf8b1754b75ad4","nonce":"a5c06c7297a23aa7e5009b12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"f4bceb32d8624368c4554f1a9a1d5db67c0dc3dddd6769ee083ef8ea641abfc51d2ff9b5fb12ef8e94b91d2fba","nonce":"a5c06c7297a23aa7e5009b13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"ee853035e0c50389518124c01b8046f855215e5867c91bcb917f0c6ccf9bffb27ac049d48738d9e2e426fa9413","nonce":"a5c06c7297a23aa7e5009b10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"a5222aca28686ff974b10a40542cf9c9404e662a608173f74be113164bc5dad9b4fed8f025cee2347c2c432e6b","nonce":"a5c06c7297a23aa7e5009b11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"3c58a1455c3397dde454b0794b06bf076a0dfaed014b0a95bd553dfa73abbbb2a7b88c44b8ae073d17f1cc02c5","nonce":"a5c06c7297a23aa7e5009b16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"a519888ade2a3dee550a527e36f47456f683cf188219d04f0fc86a138f9dc6a2f9be88f40643cb043fd40b52a7","nonce":"a5c06c7297a23aa7e5009b17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"94f1fafa5ea421b26ac23ff059cf5e481e79c3df64f6a673365887ec93dafd754130dc3871d4d51ec2cd861769","nonce":"a5c06c7297a23aa7e5009b14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"7b1026b1d44c44840c1237d379921ac494561d750b8968e4fd71a0e8acee21364b031a037be313ad5a79648379","nonce":"a5c06c7297a23aa7e5009b15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"083428c84fe028aa379d1baa231cbca7cc68fbc847b954146791af941f4d2a1463c708929fd58cadb91dae58a0","nonce":"a5c06c7297a23aa7e5009bea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"0cceb784ebb268b7d60f7e7932dc095e501231c06ffe0e2994a5139f5490d41cb139785932726979c7720c1e30","nonce":"a5c06c7297a23aa7e5009beb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"0b940755fd5944d2ef3369e6c9592b94a1e6afe0c7691c1bd74e06a747fda26165847f5019f527825e65c2958a","nonce":"a5c06c7297a23aa7e5009be8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"ac026512d5f3cafa31eb84a0b611c262df747c9b89cbc14d732a2ed69000f0f75fd80fe77a0a30ce610c2cf0a4","nonce":"a5c06c7297a23aa7e5009be9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"c0996144afe55789b2d5dd1e6e0c7de74f206a4c5c308603aa0ffd3f27db632e720cd48f272504fa5ff4f71bf9","nonce":"a5c06c7297a23aa7e5009bee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"a447a81331a10b56c7995bab468b14be8f87c39cab54a85209be7a2ac9e967e9ce01e6a1ca5deac3e8532b7068","nonce":"a5c06c7297a23aa7e5009bef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"1231bfac12cdc7dc09981516fe26d064f6d706c9dd439f2b275f67ac273f2184f82c216f1e8aa93767efdaa014","nonce":"a5c06c7297a23aa7e5009bec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"8dcd385267461e98a72b395c91797787c263b74d795cb4d89151aafd0ad2c9b60d0ca96662b74f554434eb8eec","nonce":"a5c06c7297a23aa7e5009bed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"b115f9eb17ac3a5ee0f871072069ade933e15ba1c9c9f2fe066619539e44234223681d682a03142774753ab27f","nonce":"a5c06c7297a23aa7e5009be2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"b1e3608b37e73e1d17575c15acbb0927fe06bf5db08a7dc919f69f76ba885179b4d0344b36ff8cac7acf802761","nonce":"a5c06c7297a23aa7e5009be3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"1ebddcdfd94bc037b6374b80f2293976ab1c8b1ca030c1be4d377b4f546acd61572bea8014de72fdfd5bcdba17","nonce":"a5c06c7297a23aa7e5009be0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"181935b514915132bb45eefa74b9e81001f192a512bfbb8adb5d57d64699409d82ee0a52554aeb8f55759fed3b","nonce":"a5c06c7297a23aa7e5009be1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"05d9a63ae04bab3b4d85b230e66874f1d96a8fa44f5a16b9fc3b51f747abeea6e21937cec9a26049ca480c6350","nonce":"a5c06c7297a23aa7e5009be6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"dfe006f1e49d17136e2376a21d72b5bbd1f5eccce1c9ee33c7302a071f217caef50a5a72eda6dc48e2b7da997a","nonce":"a5c06c7297a23aa7e5009be7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"66278eb11054397c89818deb2eb78dfa66ebbe86cbfa767cae2f5358dfa994f7fc35a44fb7b4e36663509794b3","nonce":"a5c06c7297a23aa7e5009be4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"70ac6da5950d18cf42eb79c50c78c5b62c15d7751523c0153bed3cb75c344d0909544f6e3ac897b83ea4d537c5","nonce":"a5c06c7297a23aa7e5009be5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"ab179f01c4c5c9bc31d115fa2913fd76f9a0bf75c2ae64c30c213200e3bf01458ed77754aba5db989d1c974846","nonce":"a5c06c7297a23aa7e5009bfa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"8ece9ab534524919f5b3892941d6a42f4df6613b12b71f29885b5f2e7e566d92e894ec54414165edbae3a96182","nonce":"a5c06c7297a23aa7e5009bfb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"4f6e1f166821dc94797ca9436d3940430e8af6656d94263185ee4f0477e562f57582a021654a5d940c1dc85164","nonce":"a5c06c7297a23aa7e5009bf8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"acca790e7718c99752a64d416941a1d319dd9017c8596f4a4b177d9c0ae0910a04045ef1c1593395bd6fb7d2ed","nonce":"a5c06c7297a23aa7e5009bf9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"d78161f5606756dfd2b595b883f9405dacc337b7652a1eb12e009f42fe14c266f66e1036d420cfecff51f9ce02","nonce":"a5c06c7297a23aa7e5009bfe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"7e71bc6fe1ba765438d49f637a39e255ba0921764acf01d94776997300583f59f162cd7f5b6cf0e9feb66d472e","nonce":"a5c06c7297a23aa7e5009bff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"298c5eae13396d303a4d3ba2929f614c2367f23a0643bb77f2fb8fe2ed1480447c7eb2fada29524842cbef9763","nonce":"a5c06c7297a23aa7e5009bfc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"55bf3229acfc3dd0414f0ea316a40b222806af5bb37d4d97a8384542a5c234dd8089ad398f81c1337e2838e06b","nonce":"a5c06c7297a23aa7e5009bfd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"94c903f43ee1f457ab00a7277cfcba7cdaf96f86607e86f57f06664668de9a0bad011779624482152fea4e2460","nonce":"a5c06c7297a23aa7e5009bf2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"9cd654a5fe3e2678bbf7b5c63cd93e2ec29bd2f5aa31d193a594ea16a8e7148de679ebc4d488af1ca5f3f088bd","nonce":"a5c06c7297a23aa7e5009bf3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"ae7f1693de397101bbc2655e87aceefc1f332fd78d7856060e78b59b24eb6feabce45c164d62fff6c25f2bcc0f","nonce":"a5c06c7297a23aa7e5009bf0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"33b5340638fa315d20ec2594faac62977d0df17620f6152f3e4905e9fa466561970d14ab0490245e2258e6e13b","nonce":"a5c06c7297a23aa7e5009bf1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"dc53f6c3aa470451f6e4985b16e79b712ddc89620040837317d455ca9bc2e29e31af4785da989380f473c97cd8","nonce":"a5c06c7297a23aa7e5009bf6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"5287eeedfd80cea6a1438a971e4f1d8e31264217ca5449562a52a8196be76a8c4213ae241399c5d70401f0d85b","nonce":"a5c06c7297a23aa7e5009bf7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"5b466e2eda485becddef38515914ef20c0e3a10065ede153024686f3975ba594725b4e2d2ba9ee6a4883eb6293","nonce":"a5c06c7297a23aa7e5009bf4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"deb27ecc03295686bac3887fbbd44d6b49452bc793a8c879791fc7112c90519571b11bef5a84d5c064d8590aa1","nonce":"a5c06c7297a23aa7e5009bf5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"03bea138c77e1457b16f8b6fc7643149c5cc281d014e1a97b0d060fa81221f126d8c8c5578fcd3bf8ac312cb38","nonce":"a5c06c7297a23aa7e5009bca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"7953a52234e9e93fb546e5b8c6a36eeb5fdf1fce1209ae00801ea4a17987bf0dabb60fbd0d393b1f8b522a3297","nonce":"a5c06c7297a23aa7e5009bcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"b47be863a968c0f2b81e1cc9f07466f4b59e946996f30544dbff2a5ea693bdf9d15808d56d3eda66319fb9c17f","nonce":"a5c06c7297a23aa7e5009bc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"614f761aaa22a0b7417104a4f24b30446738ae817e0d51a83e3cb406f7b0a48e91f8e7fe8d0d541019cea21abb","nonce":"a5c06c7297a23aa7e5009bc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"958d5576b769e00f34fb41200aa519b6eac8e88f82907e1f8a1ad4167009aa4d418c9328e5175400b46079a3c3","nonce":"a5c06c7297a23aa7e5009bce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"9469c47247530bc7800784687e6641a19237146d9153ba121339097803d28e4d23b8e9dcefe6986a6a508782eb","nonce":"a5c06c7297a23aa7e5009bcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"7f5793eb6ebe42b4b16c74e84210741e63b41a44ba563fbf9c616bc4fcd9cffa1fe34f7b9702083e23daa4646b","nonce":"a5c06c7297a23aa7e5009bcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"7632fff08be8c6d7c878ca1a6d19c79174ca9a87744269adf4d2d766826626d4b012eaa84d79c5cf0052eba32f","nonce":"a5c06c7297a23aa7e5009bcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"a9b94e03e122e37533567371a000b2c1a6010ac1b60ee0b6b44fcad80335bc3628acfdea91dd4e3ba01f5f8a63","nonce":"a5c06c7297a23aa7e5009bc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"daf56640b3ee762bfcc2267dddbe299c883f166251605f49dd5993c7b9acafd5f53b924cb390fc91b8f4cb51c8","nonce":"a5c06c7297a23aa7e5009bc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"b1b4dc311e7eedf9dd41f5ccd48dd5a4e5cec39eb772792163ee9094e51020337711c5d8b0fe14fdb39941ce3d","nonce":"a5c06c7297a23aa7e5009bc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"e724ccd3c4f18851a955029abc86048f61fb7cb2334d1cfdf9d491107c3e8aee2b55c545b0d8469fd2f1115559","nonce":"a5c06c7297a23aa7e5009bc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"370b17b86976970563c7cd4aa885cdcad32edcec5e5b8feab49cb257badd23a11d2005c606e19c9fbfdd8032d8","nonce":"a5c06c7297a23aa7e5009bc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"2b52446891735668cd4bda0d862b2b8739bd5c3800e679b38f996969c740785797fd7b955389ace4767b58c5df","nonce":"a5c06c7297a23aa7e5009bc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"7c265f72493ca2bf3fd6bbdd79e1f20478f30d858146dcb4820e46681e37009b272a8da72aad8d0a592f14c55f","nonce":"a5c06c7297a23aa7e5009bc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"47aa8db58d78e045b8e1d6c64ee46d966564373af3aee3631fd3370802350f0b180a94ae2003f1c208ae4215a1","nonce":"a5c06c7297a23aa7e5009bc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"8f9dbdc35706af627399f63d548360018342b65f37ba9cbfd66ce4c31fd5f6edbeee9ed957174294d7c35812da","nonce":"a5c06c7297a23aa7e5009bda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"718f1452f7b52f66375b48b8f0d6f832959789683d2284c2b45272801f04f1f20438bfc60119162035aedc8fb4","nonce":"a5c06c7297a23aa7e5009bdb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"64800662ffef50bc881c1820f9d1a226226fc3f16f8397075f2df1ab57c5d1fa7f97c87c0a2e7ef819ed95a74b","nonce":"a5c06c7297a23aa7e5009bd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"5d6b13ff2455bbefbc80520a189917c1f6dfcda4fcef283aeedbab4b701b9fc9522e710855097fe7f8d06bfa8b","nonce":"a5c06c7297a23aa7e5009bd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"ff7784a977430a170123bfd0081773e1db534c97724a3e0205394410db24f56a0ffc6de3ac6d39c53e9901d4a8","nonce":"a5c06c7297a23aa7e5009bde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"1721d3510f9ce32962b0e21f873acd9139081fd82641520ccf3b560d52f72ccd94ca979042dcd8a86354de02fa","nonce":"a5c06c7297a23aa7e5009bdf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"1fb3807026ed5a9dade7f9ed0bbe15cc7e406a5007217adc46c937526c0be11f0632d77dede10012608132735d","nonce":"a5c06c7297a23aa7e5009bdc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"d14b9f7245c4acd952323354e3e563a26d98a52b3a8e37fc1628efe2c244bd005703f1494506c61f178a865360","nonce":"a5c06c7297a23aa7e5009bdd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"64bf69ec501875e03baae540f74f4d566823624962f47b53ca3c5b9e61d65ddc095949ff2bfeb8cd7344d04641","nonce":"a5c06c7297a23aa7e5009bd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"8e6e44dfcba61a582e4474b78f0e6429224faf2f0602d7d05b1e30fa124311ab746455210e02276b88e739f42b","nonce":"a5c06c7297a23aa7e5009bd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"da2c67530b32e77a9828517c282634a5d0bbe90f6d6475a59f2e623c9dcaf688d7b7f10b1036b46f617b1a4e47","nonce":"a5c06c7297a23aa7e5009bd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"59ed287d1cc243ab2fa8c927b278b7ed76ce29ae8cc129796c543229f3b505b8e7a6d3475a67cb4e2f5cad2f29","nonce":"a5c06c7297a23aa7e5009bd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"16714421537badb13d5de74a1a045ef5493edac5f57c549005c38fa1bd91e1e9667854b2db0c802b551e508b9c","nonce":"a5c06c7297a23aa7e5009bd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"9894b84271a2d15c24d1f706058c8b0f2f6cef0577281cfc6a93b96a26b15bd86ac1c7f33629b5ef6072467110","nonce":"a5c06c7297a23aa7e5009bd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"7d42a3e2876a32303de1e8c17295f958cf79f5ddb65a38aacafd181b5defb0ebb80317e95de5a8cea8f0b530c2","nonce":"a5c06c7297a23aa7e5009bd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"5e856fc074895d194702a68ec3343505d034e611829323187dbbf25205c45ae3dad5f8436626ae176ef3b40fa0","nonce":"a5c06c7297a23aa7e5009bd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"fe0857b89e413563763bd4d69fbbc1b599621e1ec9599c002bbe6f974d15c070648975573ed4937fb47ca1f608","nonce":"a5c06c7297a23aa7e5009baa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"c165c68816690ad09a854289658da172a78041c782e0789c289527bb43ff5966f386ead0ef3b0ee73fe2ef576e","nonce":"a5c06c7297a23aa7e5009bab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"f2eba5e07983d89a7b34c7a6b1798e628b6f41b6f8fa052501fb7403e22cd9c24d2fb1ea65a87f42e672fefde7","nonce":"a5c06c7297a23aa7e5009ba8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"ce11ea994cb502ab2d6c5436aeebf4e3a9f5f29413cf9debd3aef1f96e047e55d66a00578666ff1d360038a3f6","nonce":"a5c06c7297a23aa7e5009ba9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"90c03901b626343b939d4fcc13b0b05c38ec2826141082984dbf48aeafe0140a8bc88c3f79413cef4da9c2f36e","nonce":"a5c06c7297a23aa7e5009bae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"81110547956f3bfbce49274679fec341c74f3f6c09c968517670213fcdeee3b7f8f0988a1ab1337a3153f07c55","nonce":"a5c06c7297a23aa7e5009baf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"06addf031459ed123a8aa52169259852ac3780caa0007aa23c5e93c19c790199aa2600a906e1aaf10b4bc3e0cc","nonce":"a5c06c7297a23aa7e5009bac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"97dee2a79be4f4f432f0e85f88de5aa83c7740ecb74a26b96921f1973a9ed48566377c2a1dc555715b4e9d3e2e","nonce":"a5c06c7297a23aa7e5009bad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"9787a1fad092e592d84497595f44593eb4d1d9c1dd80a3afa179a6ac4751665251b050ac0a7ba19491f80e7819","nonce":"a5c06c7297a23aa7e5009ba2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"bcef1c59488ce61c4960b0e27c74034fc5b6c391bacb8a1b10388f354e14daed4e869681cfe184e621c8213c2b","nonce":"a5c06c7297a23aa7e5009ba3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"e7e05540a9e9a98d97f0c87252372b79bb757cf2f44e751e18e14dc6f562c64965f9a5f0aa6624542c519a7897","nonce":"a5c06c7297a23aa7e5009ba0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"05b5d1229d2b01159f1de10303a9d7b2f20102916ecccfdf25074ce449b0f3af83ff04676ebe638a71c38c54a5","nonce":"a5c06c7297a23aa7e5009ba1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"e7f2e81b6908ba8f4c836ab1caa3de17846fe13fd1360c1299657ce06b4ca108b7069fc4fcb83f035b50ddb08f","nonce":"a5c06c7297a23aa7e5009ba6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"61526332c251ff8b8a496e8dd9a9bc27b08630e8f249b1a1bcfae9d970a8153f081d7aa6a284ef64dab65cf6e9","nonce":"a5c06c7297a23aa7e5009ba7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"98189e4dbdce88e6440a839debc2a9a6a4c1d73afaa68db260ff05d7b0c1586cd845e1147f148ea9521fd0bc88","nonce":"a5c06c7297a23aa7e5009ba4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"480b5de181cd688f70d96c288e44d3b2a344df589b255b3b85ec40c8b691ef8e198ebaea7a37604d83d87dc7ad","nonce":"a5c06c7297a23aa7e5009ba5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"f951c668474e123a4a57344292cd780b30eb0f166ff1e4512aab6ed22d5d92e792173035c40060fa80cfe766b1","nonce":"a5c06c7297a23aa7e5009bba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"80716872ffadda98680d434cd4ca3873e7244cfc37273c1af26d46a460996671d4a70c6c2216e9db27b964ea63","nonce":"a5c06c7297a23aa7e5009bbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"711940522aa06eb2b379532a3cbf283e71d4556760eb6078260aa0381e8036b0ef746614bd2de158c30f8f183a","nonce":"a5c06c7297a23aa7e5009bb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"a2ae467736fd017b075e72288ff749143e02db45384bf7dcef5dcc114a207e9cfa5991c590a6bc28351948546f","nonce":"a5c06c7297a23aa7e5009bb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"932c4b30ebf2b16a3dc6e237c8ba954815de0510e09bea86e3e6f86025844d3e8e3061fc5173d6a2ac33056d80","nonce":"a5c06c7297a23aa7e5009bbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"4a840a88ed3ae038e6186bf04197e4d84704a73341018e74646dddc63557c4bf0a4ccb6a95777083a6be90f70c","nonce":"a5c06c7297a23aa7e5009bbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"17b691adef028fca4dacf85d40d137e68d3b42ac60b28380fb4c6cc79a892fbc64d44f52ca2a75dd30882ffc76","nonce":"a5c06c7297a23aa7e5009bbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"e3ba0f09c09cbf30bc4006811bf680ef446874bca2b16ac167a7bb0232c9183c0cf2f1d8176d638ce6e1f6dbaf","nonce":"a5c06c7297a23aa7e5009bbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"75ba376d8e46208f158df8cf1701ec2176aecf46850976350efc9f5881f8624e884f3ff2aa965b394ff3e72ca8","nonce":"a5c06c7297a23aa7e5009bb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"f1d84857a561648a8026cfda5a7ce84c030a92d8acee99253d6a51754119b6c2e3244c332ea8e6f1065ac6bb46","nonce":"a5c06c7297a23aa7e5009bb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"856aaa4d98736ac6f4a7555dda0456cb3ce7ed34613196133481df234e2e44941dbde75c7eb84b4ff84653ee95","nonce":"a5c06c7297a23aa7e5009bb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"982bb1102fb4b002590cc073c01c4d77911ab8486a1242a26f4645a70aff8003eaba9b36c1f672907360581552","nonce":"a5c06c7297a23aa7e5009bb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"aad2fbb3c209f019b18d820dfdcf01ff7542bd00a96bca84badfb6612e21938674af32aa7c2bb5d914e5e19b5d","nonce":"a5c06c7297a23aa7e5009bb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"c40cdb88b0092fbce1e7a732b60e91f96c37b1d36da2f30ae0f1340a077ff8bb4a11b5b0004e45f7471b7993f0","nonce":"a5c06c7297a23aa7e5009bb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"2da4911d23f9f8b5ace24b8c9d8e8ac813b5a4dddbb95f1ba6c9727e691525d8a93525a3c4e93ca49014a98ea7","nonce":"a5c06c7297a23aa7e5009bb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"ee67230e36e147833849fefe88b576c1d6f5e8885e469fbafa47823b32610080c2dcf1690149477cc4122b14f7","nonce":"a5c06c7297a23aa7e5009bb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"9ac3b9b0d54f42bf9e9b9360e006c107ccbe17a2c336cfb918da46f9ddf653989635e0a545effb2de10a672cfb","nonce":"a5c06c7297a23aa7e5009b8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"04e43cda208f69abed357fb6de4d204061299e87c8cb34276badd76b276ec416b8d1e32334124e8d9b59c8c80c","nonce":"a5c06c7297a23aa7e5009b8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"6b7fd8a8b2da2b3c52d91c3884bb0ac6a850c48dd151a82a56368b37cc03498c0088c78ec428a9a2814eb0c01d","nonce":"a5c06c7297a23aa7e5009b88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"883a5a5af4e71394d4c7ef4d8981eb8dd9fa5646006ec5656621f16cfd93e1413face427fbe85e7dc8a2411f0e","nonce":"a5c06c7297a23aa7e5009b89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"89a4643f0fb5abfb5d9285cfc2c3675885cea0360f650281bbe98a5b3aaa257263e224681588b1ac25a8fb4bf7","nonce":"a5c06c7297a23aa7e5009b8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"b1c15046db8ed9e571fb89656bb450283590d41700ac751fcd6bc6dbb1d8fc55b148c934512b26e186ed2f6ee5","nonce":"a5c06c7297a23aa7e5009b8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"9c1c0c709ca8fd9677c92fa34b2ed74d0a07ba54e8bed514295b50d3ef11eb190c7155ac2d1942803d712e776c","nonce":"a5c06c7297a23aa7e5009b8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"35be12c67dd49781caa8d437cbc60b479f9dae836c44b8faff9219537f6432dabbca0b302619982ebc15dc0298","nonce":"a5c06c7297a23aa7e5009b8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"fa9659f6be338bed1cfdba2b4627d6d44e5a8cf15a2742ccbb7c0f31c8fd5b68d79b5fff48d486b3d50a05a7ab","nonce":"a5c06c7297a23aa7e5009b82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"64b68bc25c24ea6f282805c6b894d29b13f84d6e75e3846808e66333fd9608554f5e49690acf62e2efd91d08ca","nonce":"a5c06c7297a23aa7e5009b83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"61c212653480900659cc1307e24e33f19bcf0597f5c8e042cf1e857b4a5f16eb9a63b124052a7999a3973e1765","nonce":"a5c06c7297a23aa7e5009b80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"84708dce8e1771f50f84b47fdc0ea2d51ec5dd8117923bc6bbb3e24f4a1616989e1086e5154068af59d86d150a","nonce":"a5c06c7297a23aa7e5009b81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"ab02a008d68c53ac1d74efe8277d026358616a6beb0f98e2ef9e3ea58eda837e7845245b725bebdce9b461a7a7","nonce":"a5c06c7297a23aa7e5009b86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"b4f4ab8a05152f046eec229f7dba93f66173155512f62923176a720298d6a8ae020134c677c5583c44b856dac3","nonce":"a5c06c7297a23aa7e5009b87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"f97e25637a1d63eaa7fa25bc4daab9f0b74be65f44d15deeb03142097afd33af38dcda9bacfd182b10ab8bca17","nonce":"a5c06c7297a23aa7e5009b84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"767e42d835b59e3bcdce9f3406f3d13072770c38e4623cf2b0e661f2c117e6a575d744ba80456f5d31afd64660","nonce":"a5c06c7297a23aa7e5009b85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"7f36724aba971f766cc8a9dbdeecad3ae55057b592a70e16b4d93fd4622acd96e5a5c323621a0d85bf50ffa31e","nonce":"a5c06c7297a23aa7e5009b9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"24cb1bfce9fb3cb2310d19624563984a94474a4b38fac77f0e421188e016008b977ca546ae818d3b0504be8721","nonce":"a5c06c7297a23aa7e5009b9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"2bd1cd9e772e09875b8ec7fc6c27d489f7f3a5e9b0d64dd0588d166243c28eda3ea8075a1bd446f32b9acc7649","nonce":"a5c06c7297a23aa7e5009b98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"77b383ab163ac9c697d4bb908b33f0b1beeb3f6adc85b4542f342f443f15b599ffe9cefc00aae13ff65e1346f3","nonce":"a5c06c7297a23aa7e5009b99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"c3b114f946c1b4f920d7768621c1921d0e363e1a1a0679991a50885cb0ae8d63d0cec234065cc1d1ed9f7c2f98","nonce":"a5c06c7297a23aa7e5009b9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"2f44304b581ee3b3fc5a64fffc884ec0647e4aecbef439adff29e94e11494925461c5d816bb939f39e3b8fb47d","nonce":"a5c06c7297a23aa7e5009b9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"809eb75dd191dd16569df410c8a961db2424905e62ee8a35c1c6b171d4f23374e21d9900cdc498af56a252fb74","nonce":"a5c06c7297a23aa7e5009b9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"53d9c4cd7215bcab16c66bc9e348f371bca2e829d09e10355779e6beb5a3cb830181182fba94019c699def49eb","nonce":"a5c06c7297a23aa7e5009b9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"2f50f92b3288ebb3bf737d74677fceaca952b8eb21ab377167e93afce6c98ef66ad2aef983e8a1f7a1e06145de","nonce":"a5c06c7297a23aa7e5009b92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"8c5aa4002739beeeee96a52b7df848a50161b4473ebc647c20c5e518feef88738523ad8b5799cf8b4a29e416ce","nonce":"a5c06c7297a23aa7e5009b93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"611c13a360909c195875e5836b53cb0072d12e7dbf180afcc1bb85b85c70463aa77ea22b770f36ad941e74fe54","nonce":"a5c06c7297a23aa7e5009b90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"50de23f659d0304b577aed73c967acba680109ef088e33442e1980b1d57ca19b58e43254527b487f845b728c80","nonce":"a5c06c7297a23aa7e5009b91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"7bf9342dbcbaaf0c4bdaa95dabd86e3b31303553d83c69b96a0f46d6107b0610f17c8cc825422143d26b651f5f","nonce":"a5c06c7297a23aa7e5009b96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"9265d565298b2bc380a9587a30b93593cdc0e9783b21489eece38ea6fc03e80a05a3633d3af9d05b2e57f02c76","nonce":"a5c06c7297a23aa7e5009b97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"65a997f7385c8b6b8fa55590188a92da7628eed43288ed23c20b27915addd113c20fdde3dd2f4a38ac338a921d","nonce":"a5c06c7297a23aa7e5009b94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"802e37a01a41e0fb3cab5ce331def27de7c20cfca507e05f6dc4121977dde92a38a18728e73a6843b843906b47","nonce":"a5c06c7297a23aa7e5009b95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"8a638b1fd40bc1404207e7fcc668ffe3fb373736bbafdf39cc746d72e176fe23128c20cf19672be80786d85b9f","nonce":"a5c06c7297a23aa7e5009a6a","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"9905221c950d51c10e5a5db5d57282bca398bb311f64a64c2327492976b1a999"},{"exporter_context":"00","L":32,"exported_value":"e0765515034f51fdbf5e9a4de408b8e8a8c710f24266d1174f9293e256ad36cc"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"59834b87a34da2a4a5755776433bb256f93405af062295fc8abc14f930000228"}]},{"mode":3,"kem_id":18,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"3dee1b7031a574cf07a1ffe35dd3e878c52b845de748007dc587e2bf401a4dab7638d031a226ae004ac372e4f0eee6382c08d1f0cbcb029ad70cb449840ee0af8911","ikmS":"dad40ac06512ba97ec7544a4596ef976c1fdb562aac5e3363deab9a715786ca6e943ea262f8688e5cdcdd6e7089269e6ced2372620aae67b896f60a02a38cd710109","ikmE":"27364ed854add7b95201b41f12d8565e2a0928d1dde3e04a250b798147cad060bbb63fadbc71d9533c0084ad59ef4a3a198fe0f0684cf81a9a2ef732ec05308375d3","skRm":"007f8fae6d32b959c91b3cc76b573307ab27a099ea9155a5f25fe3f2f0ec4ce323a70f3085f732d44ecd9fd36499101539f8dd9b2614e48ad15f22021fb40b480391","skSm":"0147106ca69a1b194530545332d0a204c19dc51ab3b308a34bf3287ec8df8cc787d5853608ffbbf130b2816732274d6b825a28bdc279d8a01262dfeec8f945c3406c","skEm":"019a861a0628b4aedc7f47f68750768b472256be2fae3ee65a29038adb18760239748c8b68be813714802429c989ef0c882271236983a67c6a80a9b47b383c215ce3","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0400afc1d169b7e8027b75156154e11b5754f13a96e548e5c47e242949f24f548e8269cb6d12d3a7533c5e13b860afc9901e7d8db21831690a5c542f4f4c6d095b025c0096b1a947ff2471242554dcfa7b7ad6cdf9c8d73fa1e106c482b6297c7ca5ec32c62fc25b7870768debf9ddd66106cb85988b97aa469f596ef23bc5af48e554a2be","pkSm":"04005fcfe2fdc539fd13c51e068e4be3221d02500c47640c71a9a015ceac68b08744aa892592d1750fb270327eb436ec1bb9c481f6be3b59fc02ce524f1b97f3ae7946019043e72f8b11b60b71460ee2a5efe22d3478f503eb9ed38036e600f8491bafd0193cf772520e7464ac7b615a93bd97c9bdbd2743d91e51b69d7617dd64be8941af","pkEm":"0401981ba1148049207d76bc908afa6e199d66ba827942f65854d8639a412aa04414ab36c81e0b093bd4b25b4315c42199a82f639070e0c22e97eed8d37c2368e8face01c8e679eb8d192f8c894bd69fba735c8dfdd17775eb16bfedc2f9a34d7f10c6b289831ef411f9ce36ce1a1bd720f684bdfdb6502e569e4e686f967949cbeb5e2e04","enc":"0401981ba1148049207d76bc908afa6e199d66ba827942f65854d8639a412aa04414ab36c81e0b093bd4b25b4315c42199a82f639070e0c22e97eed8d37c2368e8face01c8e679eb8d192f8c894bd69fba735c8dfdd17775eb16bfedc2f9a34d7f10c6b289831ef411f9ce36ce1a1bd720f684bdfdb6502e569e4e686f967949cbeb5e2e04","shared_secret":"f762103fb8eb34ccbfa54f8ce4a8e53676ae047da7ffbdd66d68a788c8164f21dbb5312624ff8f92b768f781d2f12753a557cc511c9e5648550385be3d52393c","key_schedule_context":"03c6a8e57593eb61a144a1e20bd4b48deda0008bb0207407ab5679de9543b80a1f5db7d872c1f8f0db384d4777aaeda462baab80c5bf406281bd6d73bde8be20ec22f3bb3f4a73881979994c3c83a46628434a24f6fba24b7cb79b65184480612f921684dd1abdb948aaa07637b3944e6ec7bf5089bc9e653f702dec2b8ceb1e0d","secret":"095a759b0c8fc711e05427e35ab4ec1fbd318ae2b36d944964250a83df2314255f97d5870ad97f0f52b54ed29a78e73dd684d9f6bde6825bf141d6d1843eb254","key":"698542f4438ffe5c9cafe3579bf9843368dc0c28e9593b9030e89152d80a9ed0","base_nonce":"383130f26a480c36c62db4f6","exporter_secret":"539c5af254cca2a5160b4f2cbc37b066206028ed9b88154dc4c91d24acd4b0a7d1251d3ee1a0577b1355f898118e4c3e55c016eedc80a029f1c508a1bb4011a4","encryptions":[{"aad":"436f756e742d30","ct":"08deb82f4f04940e7c69cb2d88dc7cf33b3c44631b3456580aa3804685c5420a55c8d4bec6b48b2c5a6e4d3a1d","nonce":"383130f26a480c36c62db4f6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"6436b32738e4b4e2ce585faa0e5409059f15f3a2c7dd72458d6fe85c402bffdb9de6564c4dd97dd86a3f780da1","nonce":"383130f26a480c36c62db4f7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"c44c13f96f376115fbd5b072d9e25754e23638112fced49ee49e298a160570a28b05eef59f3c275d59a785421a","nonce":"383130f26a480c36c62db4f4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"b35e94a988d33b343e09b84ab7c1f78f72cefd0570f389bc2098acf5370b08f90beddb159399ba83b6524d7f79","nonce":"383130f26a480c36c62db4f5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"9b47d7b76c4f23072f92384dbcb1f216d1c923693283a9b73c0b3ea57bc665006825de6307f9e08dd81c3798e2","nonce":"383130f26a480c36c62db4f2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"59206d4ff84085f52e2777c3a6a213b4d721d626da95f175a4473e707008e9f51be1ea074d2f2e7a20fc7a6559","nonce":"383130f26a480c36c62db4f3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"0f0abf32ded65c7135cf8f0e7174d15b76be655f47d7d3f5a56a6849ee80dae73e04cc934c298101f8c98edf9b","nonce":"383130f26a480c36c62db4f0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"3d7c66d09e2908264c41f386f4e00323276a30b07d9c62bfab555622439ae5ab8ba91e165538a53216f17fd35e","nonce":"383130f26a480c36c62db4f1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"91e9ce46a378552d0d09ac8cb55975d850f46e9773d5e2ceeef7425d8361fd7d7dd097c67849e7ed312bec47d3","nonce":"383130f26a480c36c62db4fe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"0458a1fd702f6dfa5308a8b2a2ee61366c6e690d9b77ded194e4ec4571c3e7bdae28731067f76e70471ad05e88","nonce":"383130f26a480c36c62db4ff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"9d82fdacf862b3d37f50c02da52d765aedd613fd17feba8550330080bc0fef09c998ee66bcb95f401ed3fd9f89","nonce":"383130f26a480c36c62db4fc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"9b25f3a02fd0b230f1c12cc9457176f477f00a978d386464c56f9e2e0564f77646940ed58868140676f0ac3930","nonce":"383130f26a480c36c62db4fd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"81d9fec86e5d98ad310f304fc8aa9ecb43a4e5f338641c6c8fa87564f897b78786d6622674b663455449c2d87d","nonce":"383130f26a480c36c62db4fa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"b62cdfb3d297962d58279ac2439b87db0dd1c6c2edf5d6c77d17e1cb361bf25864f766c4aa45289c392dca140a","nonce":"383130f26a480c36c62db4fb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"7df0bc8ae65ea0e774921b148775dd0c6c0c1bdf36054638bc0401591cb29b66cbe3657afaf0a0b56395441d97","nonce":"383130f26a480c36c62db4f8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"7b46972517a00b92126cca4d2b618e725002a347c2fa99fcfe2519c2a4bc8ae142f1f3f50959263e5a0cd8a951","nonce":"383130f26a480c36c62db4f9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"a5395c5d4bb639377b7cc9646c3a18698ef77ca452db16f57f35afdd91e113420b6e3139ac6e4f2ea1042b05cb","nonce":"383130f26a480c36c62db4e6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"c9e4e101053d8fdfc52b5d79e53ad1f6e2c1b14bf98627765e3e8eeaa8c1da6ce3cbe55eb8016e0b41d98cb01c","nonce":"383130f26a480c36c62db4e7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"1d292c2bcfe822c413a45a54a048f61417a53619a6647913f70bd6770c4c822b20f2f1d42ba6453b29686b8b68","nonce":"383130f26a480c36c62db4e4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"a751f593c6ab01e577ff45cfcc9e10915ee3200bc37037393599527f12f0df2362dd396aef3156ecea0b563935","nonce":"383130f26a480c36c62db4e5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"cb82077f389d7e63ac7511ee70d7f9b5485c87c9d53d95b43cbdf42fb159fe04a636e157b82bd247b091fd107b","nonce":"383130f26a480c36c62db4e2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"0f65bf81bd0922d51e1c95f00fe31c5cd5ee60274a4ac3bcebaad4799ac095cfb09ead0fe008b56a208ced3073","nonce":"383130f26a480c36c62db4e3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"efc416bb12604d3864b4a08372ea95b0abcc04c4358e8d2169c3cef6409b9e94b403eacbd9fa40193eb842f4b7","nonce":"383130f26a480c36c62db4e0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"23ea6e8880ba9b8cbfb77c2db7097db447cce5c96f65a4355258703b98ad4518ab7bf9ef308c1a2f8310cc1608","nonce":"383130f26a480c36c62db4e1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"8ed0149f82bb49d5eef5b24f8cf2ad702b784b17564d58f8f538727efe93ac4be5b92e1e0720d76eef13ca8f36","nonce":"383130f26a480c36c62db4ee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"d62a5755fc453f101ec143334fe91074d5c91ff0e3187e84186d4e406c6dbf2ba335184e640a6ec7d34d199f8f","nonce":"383130f26a480c36c62db4ef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"c3e9550467ec27126a8a9ead556e66ac41bd3d2998cb6649c354917347af4ea24e07a2de38709d2219aa975e73","nonce":"383130f26a480c36c62db4ec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"ad10436883a86804a4c776162f6f729f95935fef962d9c430f284af004e97b3c6d37950eb1abbd3cacdcfa33ea","nonce":"383130f26a480c36c62db4ed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"55a6b4c2ef761a84173205eb28b24f29d5d4cdd01ea426b4f386ec614818b67e476078a8b88093d5a07f1c86e9","nonce":"383130f26a480c36c62db4ea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"f4ecce9b5bd4d22cb68b2c3ee4424afa23de8c863e8f7079a03a53728cca8daf87b162f15848e0e9a007798197","nonce":"383130f26a480c36c62db4eb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"7a1b088ee8580bf48fa4bec283f0b6530312854ec733d573a06ca0cbea5337930c09518fccc9065fbef3c06ff1","nonce":"383130f26a480c36c62db4e8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"31cee9e1d476fc116d54c07405a5b439a3c6ba5aba1f208f31daf9ac7a877dc677bcadf7c2e1a51467008d5549","nonce":"383130f26a480c36c62db4e9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"98f8d857ec5cc5448c8a90b41cb16a104698a0b983f7fa9c2c6df2b8ee61731c062370272d8410c598988c7753","nonce":"383130f26a480c36c62db4d6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"b04b937edd6afc9f16d11e0459ffb4a43b8280fe31c9dd98939655adc493b6cfb3d326c6c518322019e57fc835","nonce":"383130f26a480c36c62db4d7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"6006a819813d98b0b8993f73799c0e69cca2f3736a5f131b66295ec99396a75429f35c3765f13a7a9170a68652","nonce":"383130f26a480c36c62db4d4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"37de4093b6da9937f2d75dd2758fa7b28408421c564f3867a24a6f3ba344e48d652884f341fe27833684a6c034","nonce":"383130f26a480c36c62db4d5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"1e5176725714d76c29505d852d3db026b78d2543899384c4997d6ece64d4c666fec718054ae24695c0b2f81bfa","nonce":"383130f26a480c36c62db4d2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"7f546e7fd9ba745696b749803b1750ba8b4724d5c3c7f9d1c8059a934d82c0bdd34d6ab1c583a52f80d069921e","nonce":"383130f26a480c36c62db4d3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"1f9ab1a61405e00d2b2bd048ada11b8e6b53d1924a72ef2d107a23a932b5c7907b204f81eda127f9193bbe49eb","nonce":"383130f26a480c36c62db4d0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"9ffab7d1d16f745e6c4182ec2b698444cdc1f012acb6edfe1d4fc04eb7427b1291c38e7b5957c1eeb330558a7b","nonce":"383130f26a480c36c62db4d1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"ddbd855f2662fba7ba779074ba5d26b49da4c8cdb3d00c79ae205fab740856855b9eeb0038a9c91d40ff7804f0","nonce":"383130f26a480c36c62db4de","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"7a58e75532b946fc74825bbde8bcc456862208418a4731fd271f214a231c1212ac05567945bceeaaaa6cf6d639","nonce":"383130f26a480c36c62db4df","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"585e5c24c2195aa3307d1ea3814ff3f68fe06499c704719d7ec0fcacf96958f3a7008d8e5846210fb955aff767","nonce":"383130f26a480c36c62db4dc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"1a555ae89a16d57af503c46ea654e8fc0bf5ecd1224f3c5976d4e1552112e14c0516bf5fe6e0d4efac325e8c3c","nonce":"383130f26a480c36c62db4dd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"338dd9424736f456ce0c643af24365c8a28f8dd44f3ba96c6e93a3d366a5b828bcd69039647d3d89384f248766","nonce":"383130f26a480c36c62db4da","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"a56f77dfa0767a0e210f7b098213f6051f100c6b9cb26d4c0a412762ae605fb19298b6426da3ec9b7b620a30d9","nonce":"383130f26a480c36c62db4db","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"49177e25ddabf27c62dcc5a4ad86b07204cf5b3ada6798fbbd3cd9e454e44a538f9a6fbbfea7b86efe31dc01d6","nonce":"383130f26a480c36c62db4d8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"f2cbbd811532b62da6242acb3af3a2e2b3cafcfc165a1e9545ca3bc8d9ee15727682171d356e5716a85092fbb4","nonce":"383130f26a480c36c62db4d9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"21f5304c3c6ccb10d2aded9045a45681eb714989ea291d5ee1f3737a3a0b6b41939c9731de0323e1a0a3ed842b","nonce":"383130f26a480c36c62db4c6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"06678765d5817552f3a056380bdc2231e4d48b2b13d5af9816e03cc458eab37d105f7370257669cbdf7ccdc997","nonce":"383130f26a480c36c62db4c7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"fe8fc5c509365c80d9de5373c9b0b1e9cd7114aa242269fdf0e7a85334187a450c0bc9f50bedeff1785ba5bdf6","nonce":"383130f26a480c36c62db4c4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"2b87e4595d25fe8825f47b31c69a2ff42b923dd3b554d4ea648bf290efb98a5fd82fcf24318040b20cef6afb3a","nonce":"383130f26a480c36c62db4c5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"87ee0c1129b92b0599f4ae5b09d13d3599e5dc23b17c02068c6f55ebb88610af867b7c442d7df06e1c6d82d5ae","nonce":"383130f26a480c36c62db4c2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"aba08a2eb9078eee1b1432f6b077f75560561e0e09aa349f2e455508dbc3f895423b5f750d707d6953ffaca594","nonce":"383130f26a480c36c62db4c3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"27bd965e53a416d14ba9f8c9ebecbeed886bf2a6dc2f79206f483b99f114596ae66e8fcc07afe91bc1ccd8d399","nonce":"383130f26a480c36c62db4c0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"9c626cde99d9924e210660b9dbd302a9ddf7c504b5634252eb5fac09af0663bda67b7aae28c43e4cc570a61da0","nonce":"383130f26a480c36c62db4c1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"1a5aba971dcc81f879df47b10e26241ae3f61350fbd8eef82784654c552b249c43924593f383b21ce9cbc6da89","nonce":"383130f26a480c36c62db4ce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"01c9ecabfe2531c9666da411871052d7e9ea88d93c8edfda21c0347de189d69a359264eeb5214d764438de62a2","nonce":"383130f26a480c36c62db4cf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"59377a508302296806669c97f271480d9066868a65d70d3fd443bc701a1ddc63128f6868b84a9b8c28dfda02bf","nonce":"383130f26a480c36c62db4cc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"4122b5f905fb7db450af8e4dc3edc225ffac758518bd78f30e9bf13e8ba7f57c7371fe360b1826c9b499360723","nonce":"383130f26a480c36c62db4cd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"209a7c6d9c3a7b73dc7b660c339ac5038fff31ad80d1601d9898f98d47f671a696803c109f47920760bea2c722","nonce":"383130f26a480c36c62db4ca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"4f01fa63a5004034f56e312f3d381af1ebe98f93aade6c010e50f136cb54007ff7eceedb2cca8d2c6b58ed2ab9","nonce":"383130f26a480c36c62db4cb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"e2ebd3f5c4192a8372d07e6ade1bc56811c03f3c8b8a56281b26904d824a3af3036c7e062d698f893ecf6e549e","nonce":"383130f26a480c36c62db4c8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"f51565000a6ed7fdd6783a400ce8982a5ed870dd33a3f4ab6b7434976391b9e1cc224f46f87ea1fb111ccf6442","nonce":"383130f26a480c36c62db4c9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"5987137647578e88f3f993a4d098a2cde71babfcb058c08eff4de2f25c79f493e3ef3c448ad4ddb5b1db2aff83","nonce":"383130f26a480c36c62db4b6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"3393835f2187d38bedb512296e5e005f76a30bad215063c247da5130c40a5bb6e5680abd770ab14dc2dc5fc971","nonce":"383130f26a480c36c62db4b7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"b1c536af77e6c755dd2c2bf7c8cfb9da2701dc0814c508eaf7faf8f137a00256e713f9551dda49fef6514d55aa","nonce":"383130f26a480c36c62db4b4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"07ed84b29b77ee87c98741605694776dfee599f21b84928af5b799b220aaf5ecfb653a825bf4a8fe42288da4df","nonce":"383130f26a480c36c62db4b5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"d2319a4bc3f35f42a39f5476a1583e791c1eebac2fa0b126489a10bd2db9b04aba39aad7ebf609f81148380e9c","nonce":"383130f26a480c36c62db4b2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"c1800fa66836d6bbcbd82f6c8e555623624559e322a7701b9e6fa1c6f123320ef9314cf59a0bb12a34f709f367","nonce":"383130f26a480c36c62db4b3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"eb5b37aeb672538326ed158a631e0618c58d2632a66d7d47351136acb6b1c6ea719dabfe7bf747f53c7588fc14","nonce":"383130f26a480c36c62db4b0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"4e6742d95e217ada833f072445c7f826618be90538fb2080fad48d814db7b7f6f8c908f827cc13454a246a340b","nonce":"383130f26a480c36c62db4b1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"55e241b71161c37ecd91cc46265a78142ce2a8de8833c459e88a06a5417cf697bef14786a5bdb7d43ee0bddc2d","nonce":"383130f26a480c36c62db4be","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"7a26cfeba020fb07d6c0d37c4fab28a6bfe17cb28a3601ea3648de157c69394f0048b620267a585d5b148cae7b","nonce":"383130f26a480c36c62db4bf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"3026a8632b82645183618e9ce9732d29e0b4f74f791dc732c59118dd8253a7f751ce8211f221311797496ed953","nonce":"383130f26a480c36c62db4bc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"8614f6343b476a50d97680d06c2099725c9e288df51b1a9b3c93256937eca691733ea3a3c294c7541563158bf1","nonce":"383130f26a480c36c62db4bd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"4681272026a11bfafe107084d3af05fea1e23ecc926e367fc80e1ae79ba23904eb251623fa85be64858e33b021","nonce":"383130f26a480c36c62db4ba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"97e65e43c87d9dc748ab4b22360f8c3771324ce2daf9c18a04ddc02feb07365a86226a8815d9edff0feb44ac79","nonce":"383130f26a480c36c62db4bb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"c11d73feb92e068d8dbd4e0da5222491c02bee6cc87cd978b2a6ecb070668cd6bacbccf188facdc3604c1aaf82","nonce":"383130f26a480c36c62db4b8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"805d710e9ab875748ba6c38e9090220521f0c9beccde08aa6ed6916293ac1af8ac2b7ac7004d2cdf6cf67a32c9","nonce":"383130f26a480c36c62db4b9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"7340da98a08182ed0b77da50ea3f8be30c8d2d6f279d0e9aa0b32b5f65d8e13caa9d8d568182b9928f9790e3f2","nonce":"383130f26a480c36c62db4a6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"473d1e8d0b28a26fdd7ea739e336a3259c8d338917870a2691bddd183e539b0e888f8e0cd71001841c7e7311ee","nonce":"383130f26a480c36c62db4a7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"5274b5b4b7d88a89baaf8fe2b108b4edd405cece52d8d16e26d845690af1e2a32485636445d26b45f1e6d1df0b","nonce":"383130f26a480c36c62db4a4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"3abfc07d27b3e490ec17cc527270d69f6a71456dd4c806a18bb1d91162cdf65d4ddbc464b2a030f4b238632e5d","nonce":"383130f26a480c36c62db4a5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"fa338ca558014bb87c6f5776b5ff64453fb29b4e1c8b9854ada57c91aa601a30c7fed15746993116d3800df5a9","nonce":"383130f26a480c36c62db4a2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"b19de02825d2002107ae1367ff5afcd7332031c97d98d5ef9f09a13571decef4b62d6e2ae139de25e5d7c04671","nonce":"383130f26a480c36c62db4a3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"e3e0369f1342b66f6eec4b5a6caf4f5525ec7aa843f597a795607a88149996969f889ca26d48d6acb635c01b8a","nonce":"383130f26a480c36c62db4a0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"d5e1712af9024027f69b95a1e26b02655f93f4ebb3ef0048bb4dc38842ab019612d71c49beb6ff6fa9f3025ad2","nonce":"383130f26a480c36c62db4a1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"f5607b87831d78ea74311b2d85b3124d0af20c67195b1417846186dc1d884f0d1e71d2dc7fe380c7810fffea8e","nonce":"383130f26a480c36c62db4ae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"95b7db2eeb4d16397f0bd8d7a2a6ad28dc93a29a0d66d2c57a94d82c52607e079be42c840c4117fbe0e9fe2315","nonce":"383130f26a480c36c62db4af","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"1e3df668b09a142e429b31c7a76090b35a95033ef891694b16586445c3acec72e61af24e84569cee673a65f516","nonce":"383130f26a480c36c62db4ac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"6b10366a92e003911e1e6ec8b691ff2141d0789368724e0c8e4d7604d45c47f823fdbf0e591d75056bdf0ea5e8","nonce":"383130f26a480c36c62db4ad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"ddd3bb9f07a75e2fe4aca9aa5946caa549559f11910766c5f2223a6be45c9fc69d5e2c296b9479f20afc5b60d3","nonce":"383130f26a480c36c62db4aa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"f9560784c0d3e13bb19776fe666e151db93570e59732d2720f98aac3ca3e820198beec87887cabbcec5c758779","nonce":"383130f26a480c36c62db4ab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"edf296558a965b143d38e4ff75f99d9b290e8723cce824a26a8243cb249c9238f37f851f24b295a671c02df32d","nonce":"383130f26a480c36c62db4a8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"eb75551349e8fda14ba42bbc1ef10cecf98e8d7daf22d9bed5d8afd0572d704331461f030df5d62b08b4573a6f","nonce":"383130f26a480c36c62db4a9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"7c0bab35ec7b82b5e8715936ba8491dc67246f8b43ce36655fde50cdcbac7a57d49d8eb7b335be843527184a3e","nonce":"383130f26a480c36c62db496","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"98c65db5c2b11cd2d13d5d4e46602c8421ed8bb700324d9f9a2f150be8479f27b699a95f29f2ca326adfbf625b","nonce":"383130f26a480c36c62db497","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"006442907871ebdafc81f29990368e0600013d2f578f9a5350b8af976bc6767749379ed1278a35dd2d72530e67","nonce":"383130f26a480c36c62db494","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"6e4e361125bcda2455658943c2a5f4208f7cdaa5a09d045e4aea954c3d2922a59456b80f3b417d2694a3e57fad","nonce":"383130f26a480c36c62db495","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"c295dadcabfe28f25e27215369bafd419fbecc62f0c50e76913cc393d05e085c7cbba782099901778c9bc216fd","nonce":"383130f26a480c36c62db492","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"978bbdcf024a9fb2dc3d527583a376948d16d8a5457c7cb68821f7bc060ea9ad261b85ebf5db3e927c9af5f1ec","nonce":"383130f26a480c36c62db493","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"d6c776aebf9f680c2d56561e5cf48df94b124ee11df9564f7f4831587c8ba9612c107502aded9bd6e63c52cff3","nonce":"383130f26a480c36c62db490","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"fdcd4235996c5b6f2af9f4aff4a4bde14daf0c47cee71847f0dcbf0e2fefda4728a7f15298f5d5e2e4bc490af6","nonce":"383130f26a480c36c62db491","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"7271814ecc557ce5a3404490eacccda9d3562eed6437b6a7da09f16d8198a733b7444ac4ac740e27759c9eff49","nonce":"383130f26a480c36c62db49e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"a893027d65218053d34ee79f07e38493a9a59a1b68c7c226927fc7d22049fcdb77a670844f622347e37e629c0e","nonce":"383130f26a480c36c62db49f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"4d2e6950cc40e65d9e54c49410da1f76cd62ae905a166e3d66aac1a848028f0bcebce30ba7b92ec1c003d4ccf1","nonce":"383130f26a480c36c62db49c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"ab525b470f84759e4c5b3d33a915f251d97b219ae854a4e7696e243cabd775b9835aeff6028ee3b0d526ac183e","nonce":"383130f26a480c36c62db49d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"2c0ef5d0aad1a22d264344519d7ddfc6863742a6eb0a0f785c1a2018e1b6a5919b0452048684e3c3c9904093fc","nonce":"383130f26a480c36c62db49a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"98029c168a0635a5b113c682e3de43a91d961a38218dd37a1f35abdef4a787177c3c007b19b08760973d3372d9","nonce":"383130f26a480c36c62db49b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"3504896657a01048d0b6ca7767e108b98c142cf46cb2b7f47a5c7d2afab404793c0aa3a3c6c910374654df6d34","nonce":"383130f26a480c36c62db498","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"171a886130fb31ffa0716752c3ecd30d7473885e4aad819fa3b32712ab7d402d2dd3850aafc1028b8d162cff61","nonce":"383130f26a480c36c62db499","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"ef302b8b10854b7d5b57cc9b76dc5133e0a134ec5a2ca4ec4eccdc2e1187746dfc0d67deb2a012d71f5d43a6c0","nonce":"383130f26a480c36c62db486","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"f78b148bd93c7b5e770058c1857b017876f01ad3593bb3ff8a4de6f8e3968b5b621e2d3d8add3a1769df71c70a","nonce":"383130f26a480c36c62db487","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"51a05cc01524e5c84d477a1edd0c20c885b7b0685b0359ff23360aeb8b28e3bf56de32726b10292ff9ae5f6c90","nonce":"383130f26a480c36c62db484","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"1fba5e6de04998649e7724996f4cdc39963a47fdb2d55873187013256fefad65fd9cb1c0cdb1fd866a9088dfdb","nonce":"383130f26a480c36c62db485","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"eb9f5757347f861da2f863d3bad9bdb5c4256fd15193883654b159171d312f5f649da9aaa0b02edfb599557999","nonce":"383130f26a480c36c62db482","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"59b6a1097343391d132c62fc590ea093ecc8667f8dee0e1978da17f98f8f95ea8544a2681debd925d06f0fadaa","nonce":"383130f26a480c36c62db483","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"e0375a286d941a371914f18c81bfd81d512f566b5dee21c74dcd0ab1972ee9da7fd7ef0d2bfdfa4fa36d88bce1","nonce":"383130f26a480c36c62db480","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"8af871a3d29250bde915a17d854b27dd156c40034c80ed3d24c0b7f78d07968442bf85e27202b8067d945ab8e1","nonce":"383130f26a480c36c62db481","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"dcd082f8a40a2b93f357d34f2505e938d4c6d6a4e926fef16d173cb3e420af9f615a2eb90ae4ef287c897a9d04","nonce":"383130f26a480c36c62db48e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"323ef805740192ee77891d0f03c000fcd845f7f542f3949d4a0b883865c983ab3159255567020112a453bdf8aa","nonce":"383130f26a480c36c62db48f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"c2e6c56da931752b2b8c2c327c780605ee2898b95190db10ca0a08d70b43b75f7c756fda5fb8e0e2f6d84f5224","nonce":"383130f26a480c36c62db48c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"8fe6a2ea53efcf3be46180b382cbc135d834c3b067461d4403a804184efc1dd238c8f99d55dbe3135e2d581b13","nonce":"383130f26a480c36c62db48d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"1659a05ad6c2f0cedca1ffff76b044a72fce750257025274e837d13b0c7854a74419f261a90303aaac772b7af2","nonce":"383130f26a480c36c62db48a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"16c1c8e2a2c5b83060c882e7fd45952b8d167d01d17083b0c7faa8048a31f8c56f2f2a8089bd74880c1d14d1d8","nonce":"383130f26a480c36c62db48b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"ec77ffc97127ffe278697dac5182d19b088a0d0014c4953199141491889d56ca24eca49d8128d965f707d0cb51","nonce":"383130f26a480c36c62db488","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"64b4497c2b85a7f6fc785ef9dbd3dfdb8c9304622a9231cf5add6043e66e373e5cdcc5166884762ae3ebc02e40","nonce":"383130f26a480c36c62db489","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"1db82853625e41d5981095f01edd73e27cc6ba5e103cfd3dab1c9a08ed79a607b80b08e60774aea5708df79155","nonce":"383130f26a480c36c62db476","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"0f942eff8638d22b6da76b33520b54e8466fb84db6dfc63e44e283102b0089236f1defaf48da06df29a5ef992e","nonce":"383130f26a480c36c62db477","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"b9f2fb0d7ac61d4482b5769b3cd849d295709a1e2d65313f7bf02bfcf8b8c5f2bb3e9ae682eb943cfff832f2ee","nonce":"383130f26a480c36c62db474","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"be4d7a9ddcb05a63027eb97917bbce14660e2e1f698b7845b49b8fa376bedf395b8aa7084fc91fc34e9e98c24a","nonce":"383130f26a480c36c62db475","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"2b0199093b7b35c1588bd312d10e78cb46deddcea2322fe5c435370f716a22618ee420cea421dfd019acd6f6b3","nonce":"383130f26a480c36c62db472","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"2e49334f6b637aa50a2bba23b7de01392b756095735e01a6c3bd434475e148b809c8d3f6e3a465f0ddd7962190","nonce":"383130f26a480c36c62db473","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"7723c5b149aaa35906f1d9ffb96964b61c120da203c32a13e260ca28aecf822604cbe9a1d5220bb8c4bf92d0d6","nonce":"383130f26a480c36c62db470","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"2c41082e3b7b62e0ca7ea0c718a4215e223772153e95f79e409bfa3bdfeda8d0429096fee02f99a96a8fe4a293","nonce":"383130f26a480c36c62db471","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"93b96b0bc13961efa4736a0a046f7ecf9b185c698cf9b3405156984ae19131dbecbf260057fe9da6d3e77a4c78","nonce":"383130f26a480c36c62db47e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"c2abcb1546596c3a12278631202e354e79063c9322a351a196cd7457cd0f41da3f2f6b4edab8b4444f8d46c1a1","nonce":"383130f26a480c36c62db47f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"84a37cfdfef3d0de21559e2a1e2190e203b7c598f128661b6be046969c84b28c9ddafc8d9afa1469648603256b","nonce":"383130f26a480c36c62db47c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"2b998762c42cf8d33cb0d11be5486c77b179b491e68423247c3a1ec433906954cf9b41f7510f2ef6841d1017a4","nonce":"383130f26a480c36c62db47d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"7ac854fb57396fa1134501ed06d50df180b1b3908b27873f3890b5ca5674d6a78a5becd97cd1df28ca8ace88cd","nonce":"383130f26a480c36c62db47a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"3a016ae439907900516a30e14f9239df8fd4f0f2352b3d6d75982412a34d7a1d80cbbb7adca500565cae7e7dde","nonce":"383130f26a480c36c62db47b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"04b8ba545af71ae1ac3cef09d3f6693d46facde581df28d49c516f9e9ebc8a25c61163b75a4cabd9c7f2b5b437","nonce":"383130f26a480c36c62db478","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"7ecd957ea635da02b7be9c03bca89abc92df283376d772c0ded670011d5ae3e7b1a9c0e06e5274b6421ab9675b","nonce":"383130f26a480c36c62db479","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"ccbf36f556bd6ab7436dc2fef6426d9d89477abad1e0341be638bf2ebbb87df7ef3e2031dd1dd5c99eb5662c15","nonce":"383130f26a480c36c62db466","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"2ca2330cf84ea27f7ec4840875d85d3fb9e4e9f97909df2653d10d7a59dc2c83a72578f79884184d2b15d7a7ac","nonce":"383130f26a480c36c62db467","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"42fca3eb425ef38a4c46b8940d2fba383a4f8b264fc0e8e1a67f92253b568ad3f9013b288c87ac77dda0708a39","nonce":"383130f26a480c36c62db464","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"fa7fe7f0cd0d9c647cc3f36c60c2a790b440a68e4396d19c2f65d594c7aab66d63851f2739e73a6c9a2f6e86f6","nonce":"383130f26a480c36c62db465","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"c7ea09aba633ed6e30c8f55cb152977569a3191942cbb56f4601406da0efcc5807199a27fb252a5c6ec207e0d3","nonce":"383130f26a480c36c62db462","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"041a8a097a47e162b663cc43e29f2692fd02152bc714f37a736c57853c715f0c768e368a320f585b00442f2e6a","nonce":"383130f26a480c36c62db463","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"ae96e708a6eb926d89884084f3e70564fee4466297d891c3e0d1fff8a084fe9104a17dff499abba0505842696c","nonce":"383130f26a480c36c62db460","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"e1a69c57c62e23d12c95ecb077c5563d555d7d7e2c24db772c8958d82327be92c5ab6edd4d5c557d668126d156","nonce":"383130f26a480c36c62db461","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"45a02636753b97c72b02ba66575a8a9827affa518e789e837ab1df73b24bb59287630f3cefd2a8c5683fa2f66c","nonce":"383130f26a480c36c62db46e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"42c7599f2adade59a7dc175bac5a4083a69327162b5a71169d926ed052b28c703521335a3940b3931666bb8c05","nonce":"383130f26a480c36c62db46f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"afe198829b3bb709fed6daa859d15a65242b64493c8c91111e6e65747972aae1e7520d8c833c6fd6c6e78ea4f5","nonce":"383130f26a480c36c62db46c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"c36a7d2553b6d544a3402ec2c7dd8f83e737e7f81e755db8a3763cd18c8a8f431451ac075add00f170d59420dc","nonce":"383130f26a480c36c62db46d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"f5dae0db275b33a2a72e29aadae06710ece0045276fbb83812d1d016dd807b3904bb333071497feba11a4f3746","nonce":"383130f26a480c36c62db46a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"a978fcda7ab90c18717bf63649e6e11bdcdc0af52eb236bbfad4b487500f3ae44262f3d24f764d789d212e53c6","nonce":"383130f26a480c36c62db46b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"a08afad0ff2c283009b4058fd69178df1bb24b906eaa2849a5441b8a9e33c6e8e5b68e254214f918976c582ca7","nonce":"383130f26a480c36c62db468","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"9cd6d03079caeab814c3fba920d36c869b40cf490362211dcaa8514a5701c05d9575a0deee5d089efe84967c46","nonce":"383130f26a480c36c62db469","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"31c5b94c287ba17dd242022c36f428697dabef781cde831cd95cea35e50ee86ceb6a0a28df93d6fa8459b3c5b8","nonce":"383130f26a480c36c62db456","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"a7ee03d6932a6f62c9c95b944d5496eda7112cd911ad028c84b243adad3976dcb1c1690973e2a923c4f77c0b07","nonce":"383130f26a480c36c62db457","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"c0784654c59d6237766988ffd490dd1887116b2d9087ab0e157eaeedec9c6f49009c87b93635114b9138f8f22a","nonce":"383130f26a480c36c62db454","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"9b99dd26d2956c6f8f818f2bbb49691e34a8b6c5911fb384210edd0aed23f58d100a74b692b9e92b007c108589","nonce":"383130f26a480c36c62db455","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"6037fde8f1fc219a7d234e4a8fc23dc42eeabb25defb05a5482ae62806538ae04368febe2f48f4101038042220","nonce":"383130f26a480c36c62db452","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"3e4a441a5d3d16683bf83c83882aa2655cdbf6100cbff4fa6983acbb03646f3b18fc20071ece380a06de15048b","nonce":"383130f26a480c36c62db453","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"aa5a915eaa47fc0be2706734cc2d4c88169d30ec00bf43894fd7865137a4338bff8e8af697860ec8d65ea575a8","nonce":"383130f26a480c36c62db450","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"a601f87830c500a18c44eb66d26d4958567945e044747bcf2aa4657f60d3a8fc6a4a974d80b3d8bbfe1f1a39c3","nonce":"383130f26a480c36c62db451","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"d2cedee4657b7d0c7373c0247d6206681fd702a9cee061a002b639bc0cde7958a69c0cc499c550b07e9df18d2c","nonce":"383130f26a480c36c62db45e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"7777743da14ab3c8bb3c46cd8dd2726cd9374a8f0f4d1cadf747f4f3dfbaa72dba1411162806aaeb11d50820d7","nonce":"383130f26a480c36c62db45f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"c621e2b784826c414ea671696752e3988b5f17aee0c2a20038f0d5ac9aa4a1ab52aa4e60f3f240ee4c42097c61","nonce":"383130f26a480c36c62db45c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"295fded8d301e61f70bd011630471a290100f35da1624b0861a3d66b9f578ce96f8cab3ef0c46c8efd1f417de2","nonce":"383130f26a480c36c62db45d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"00adb6f078e8a9f3840679b834354e4c8006502438eee0aebf1de88e502e56792f445934c2a5683952b790056b","nonce":"383130f26a480c36c62db45a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"1091d989a44d1abb844450e292912e14002bcf526ce600865e2aa6924a897b8d11a217047a587ece2a5e476256","nonce":"383130f26a480c36c62db45b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"5af35fcb48b17608f7a468814a0885b113d64b234d0adf66d47b9ea06dd24d6eec4a97110d2a303e5e9f2db42b","nonce":"383130f26a480c36c62db458","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"e25b052805fbf36571427a310b9b307bcdb2670be470df24bb8a84ad4efded9806420f9f1aa377582e29481dd2","nonce":"383130f26a480c36c62db459","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"08c064a6925bea2bcf9010fad6a5bcdb2238bb2a19e253919ad1bbed015cacd5276f6dd563615e690a4c845d5a","nonce":"383130f26a480c36c62db446","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"509ddb8f00b4f640f66cd95d25ffb37ed9413ca51850d16214249ad598f2089440bd30f065dd51f117a6eff38a","nonce":"383130f26a480c36c62db447","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"c5a439f651337e22d5c0c16e76942e959bdc4c964b74761730706a1d16ee3cba5c6cf8fd397739bd6186772ba9","nonce":"383130f26a480c36c62db444","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"f5976b6b1f9faf4f6456c8e740ebe8aa6549efc7dc95927c70b978d2a8ade8f322dd7cd192f28301d969626f97","nonce":"383130f26a480c36c62db445","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"9a07ce1998c3ade6d21fd1b58740bfaa4dd00b15b6cae6343a929b7a22d132d6b3b6b51770e4d956f1d8b66551","nonce":"383130f26a480c36c62db442","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"f1df084fb21cbdb8d69e39e5865fc3a5dbbcce8bb08a5c9ffff931883e43e3106f594029e357185a1064af91cc","nonce":"383130f26a480c36c62db443","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"7b677c186d032ed73c6a5855f75031b4fea1d099372437a27a635372e8224c1d3cf53734caa2c4d20e62732643","nonce":"383130f26a480c36c62db440","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"f43e69b3f42d99a774243a5f624407404dc0583c55748d6d2b9cd53b9a2a626658c6ba6306b0b4e86dcc9422fb","nonce":"383130f26a480c36c62db441","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"27a9234ab317487397a291e5d533814e0874c7027b4a29f7db499623e75352da8f5f2b825866b3745d5a1ab464","nonce":"383130f26a480c36c62db44e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"2011592dd9dc80f676809413613a0ba3434f7f7ceeb80c302315674a8b223676ffaa3818c8a9c71866572438f5","nonce":"383130f26a480c36c62db44f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"0addebd62347e870c906fa61614003c481ca343862cd345abaf1c066f7ffe1f2d6cdd0cee358d46bfa8494b0ca","nonce":"383130f26a480c36c62db44c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"3154768ce21fd0a2a9075f1b7202497eb9b94cdb941c277047bdbb611cce4eb2be5b75c6e8aa66ea0bd1645a71","nonce":"383130f26a480c36c62db44d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"1a19a932761ef06b9e55ff0414f49b217e08e23bf420df8fc8ae551017dd7ca95f452952c097374abc97a47d52","nonce":"383130f26a480c36c62db44a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"3d9db7e010d2d002d16760294c72584ececcd16763698344217ed92e456b3ff9e21fe62a7399cbc69663be0fc2","nonce":"383130f26a480c36c62db44b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"389e91df4677ff20afcf56906e148c4ccd5a36c88ffde3055d558a9998a4822446bf987027ad01e4a8ed075f12","nonce":"383130f26a480c36c62db448","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"9ebb4d5272d1f9f80e9130b9c94cbc1ecf325992af64e723f97bc841a32d8e79e62472f42ee47b57348746ee6d","nonce":"383130f26a480c36c62db449","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"6891236e397d5cbc6b6925ea75a2a4eb2f6d43549f53191631aba7b1499e848c9f20d42a7aa1a0331bd8330a76","nonce":"383130f26a480c36c62db436","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"2fe98e9e3fa7e47c2e3233f21a3a67b6a465364ad776603bcc1dcfdd4e0ab3dd6bed9d38e75bda2a080c2f71a6","nonce":"383130f26a480c36c62db437","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"1586f00b12ad8a009d7af5cd7cb2ee6fee97f474f1d3d9220c0daa0c200eba9145c04e9e8fa440bd46598bed96","nonce":"383130f26a480c36c62db434","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"1f85821323c9f2125cfc65b4c87703f8943fe9d14fdf6a3baf17f66f6b5cff369ac629d8a63ff0c2474066ce74","nonce":"383130f26a480c36c62db435","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"af165c17ca7cbdce4bab9733526aa0c87df214d53e44b42aa3c2788c3dc7b14c2e548eff83d4f018828a416c83","nonce":"383130f26a480c36c62db432","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"8d9201dfec062a868d10e842de1141f448924486570d178aa14a9fbbb6e094c352ae4ce14577c17e443f01230d","nonce":"383130f26a480c36c62db433","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"6cf39876681c420524896006c718d1f222cca8013654678f62d26df2a9ceabd11ee9f4cb27612074c240aacd82","nonce":"383130f26a480c36c62db430","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"18e67099bb91e62786b8259bd73abd240627c973f8b1f618b5298c7bd206f2c9838b268cb03834db655e7749ad","nonce":"383130f26a480c36c62db431","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"011d20a1d2f73727f803b32ffeba26fb32329f066875c039d9cf4308c837218f7625b6c297c8b11868f6d31bda","nonce":"383130f26a480c36c62db43e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"8043ccaeb495c6447be992b2d874e8816091dcf8e4dd952c4bed6b86b3e1add3fed294f162693464ce85f27311","nonce":"383130f26a480c36c62db43f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"b532d9e6f018f78f9d5954fb27572ff4e1aaa4da586da00b032db1692482d4596214bc237b0ae0759d693cb4b8","nonce":"383130f26a480c36c62db43c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"d837f307b29e675b6355c39b6eb8c06f07e2db689ff2e9729b21cd2978bb61db26e0afd07aa67e72f4080175aa","nonce":"383130f26a480c36c62db43d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"2c68b869ffae47f87f35ff7e1659e1ba137ec04dd390ca6f56af5394042bf3e771457b19b1045d11055a048237","nonce":"383130f26a480c36c62db43a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"aa558173804b261c77baf59d1d46b41dc752398093c53308e3ec70d4e5a4b6a53dff2f5a94862f8886e624a50b","nonce":"383130f26a480c36c62db43b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"458e033657214ae846d262eee5e9c4736e41ab1fd5c78b10a5738f2f8049954d130df464964dec50e4beecddc0","nonce":"383130f26a480c36c62db438","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"943e1b47a9e9d1ed1c4b171b2f2ce44a94a3a52a8da1662a1b8b65c94f8e1317e82614ffc32c545e42c09743d9","nonce":"383130f26a480c36c62db439","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"b297dab9e2bea99a8da654ddc98fd5f51d819f6512998f412cee8ba04ba4b4478f79a5e406624fa2bcafe9803c","nonce":"383130f26a480c36c62db426","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"2e53d9f2ac9c18a422e8d6f6e2513f782dce3359093d822cb23b4679a975aa1d592361dd3474beaa5cad5d3256","nonce":"383130f26a480c36c62db427","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"c6aae8c26b669d484f2670bc1dd4ca9cf93c7cab962b5d0c9a8098235d3ada8782d43d084a40039eb1d453870c","nonce":"383130f26a480c36c62db424","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"c0e54fd8bfc8b34d01216f71e41b9755ac48bddb32ed07b29672c7e9f48865a41cf12e5eeaa27606b7d2f9e1fa","nonce":"383130f26a480c36c62db425","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"7852ac9a081039621016110ada68498b46518de691cf5f9fc53ffa6e526db189cde6fca4915f67aa9c8414d5dc","nonce":"383130f26a480c36c62db422","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"01fef54f60416faa708d9b48ce9aaffd0c7848fdc6aaa2c49ce608697531eaf29062acac17ca5894451a93ae15","nonce":"383130f26a480c36c62db423","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"db98b91f74ed9b429cc49d773f6c0e3e99b9770b20ed95c3fcadd0c6e5224c24fe92ddb6ad4f4c94974c690747","nonce":"383130f26a480c36c62db420","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"073b380cbe005181fda58cbf0284055453055feea9b39161c4ef625fae64dd695d95c6a7e4747e6a461741f7a7","nonce":"383130f26a480c36c62db421","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"d99098b8805732657e4218fff108c4eafc0046a23d6a4046330837beb9c7831c08fd7d907f20c3a63d8a827fe6","nonce":"383130f26a480c36c62db42e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"b08cac61aaac51424fb5fe15fb1ee19aa574e43bf28d586a2b3f53c8ea8bcd9945aa3f85f45db5e981259fc039","nonce":"383130f26a480c36c62db42f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"d179fcf66b49905ce0e0f971c8f79acd8641b562e47d2e3fb9dbf1be07c258074414501ab1e9c8b550380bbe19","nonce":"383130f26a480c36c62db42c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"151dba89899db475d2f3835150fa313546f53653620d8df4ca2b8080881b94cf3f425d7e1cb233155212c57880","nonce":"383130f26a480c36c62db42d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"6b80f43aee4c7e7b5d039f1c3dde91ce319d4a41907cf37dd2a1e99dff042fbd5a91c6a450473f9f4a0edaf3a4","nonce":"383130f26a480c36c62db42a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"b3ea4840de5fcc5a0675f172a710cce40a1df7e5c1299b6feffa2b49180acf5f354745a3c1aab9e45f9cee2ac6","nonce":"383130f26a480c36c62db42b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"d263fac391adcf338bcef0de925be074172db6b83cddb65be8f7bad78600ede44c463eed8897383f8e4d48a98c","nonce":"383130f26a480c36c62db428","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"062e5e95161194e074ae707e9fb4b18d4537ae1a8b5f97877ea4348eedb1be16fb7364096122945fe23185e815","nonce":"383130f26a480c36c62db429","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"051c0dcde716f073bcee785d9435ecb6d91c6a108eb481710a16f4f32f9ed588192526bd849f5e8bcdd7127512","nonce":"383130f26a480c36c62db416","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"0ca06b3aee7645b2cf5a37a2e8662f3e4843915b700596c1b4c099904476812be8f5eae6f34d534c754402d8f1","nonce":"383130f26a480c36c62db417","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"3d2ba31fa321679168f299ad4daf888c68090fe510bef3df5275690fb50fb03caaa6c188e6cc5e18c4ccaf8351","nonce":"383130f26a480c36c62db414","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"c7596dd02e9f1db4ca327dadfc1d71b09846bca86d57c57232300d47b4dd5095b09a129d40e3c184c5aa8b8042","nonce":"383130f26a480c36c62db415","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"c977212fad2a7685e5ab0874345b5a0832c322738e0db6cf8ee1a863b11e9084b27bbdc0e1a8f97968966004a2","nonce":"383130f26a480c36c62db412","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"f89e0895070b57e8046c803f678c1427c705cbe3e8e047d254e3fb462f3a21358cf8e35bd861e8ed100dd0915b","nonce":"383130f26a480c36c62db413","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"e78d4f57e2708644a5eb6c3cd93bf204533f89320b469f0a9e76fd28e08ece30ea4233a4879f00f6156f7467ad","nonce":"383130f26a480c36c62db410","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"f70e6f47d11dc6dfeee2d896d54882fcb46db237b688e22a2215616588d3844687de56c38d70a3d56296f88923","nonce":"383130f26a480c36c62db411","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"1b803747c482df4484583b29f1051c690fbf3300e3de48edd500a80f0c6a795604c4768c2725726f1a93426c39","nonce":"383130f26a480c36c62db41e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"f9e79faab944134c9fcbd4040f276fd521535b1092ce9e3fa05d0e443913916f67dde6f9d6f410872d3f9cc374","nonce":"383130f26a480c36c62db41f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"cd03e81c69af58d1d1a5a2d9334db8d8e3dd741934e9033b5a22e4f331370b98b1700e5e4d3f3eb13d9b7313be","nonce":"383130f26a480c36c62db41c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"b43a341bfa60a8070e20bd8af5bc3222ec3a37c7336c1d3ab4ce25920bb9b1ee921af5e5947a17fb79e6fda0c4","nonce":"383130f26a480c36c62db41d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"09279a1b972418df56f6dad160666367b7e3000ba5578e775eb87b47e9d5edd3c2e8b3262980264e7cd39c5d40","nonce":"383130f26a480c36c62db41a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"985a3375c357cf3484232633f60ac03f8084ede96d198ad2c3eb9d2bd8e38e3989b1619e845922f6f3bf485844","nonce":"383130f26a480c36c62db41b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"821e4a80d1356944f5de427697b1b8bd7df789b2de454e1158f022701bc6501820695fdd59deb883f1b6ad2f75","nonce":"383130f26a480c36c62db418","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"2ecbf3a6261d12e00778ea351807f54f1ed94ca9a2f522849b46265484884970786af766aa95ad2ac9abebd991","nonce":"383130f26a480c36c62db419","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"ddd4d2d87e414b8ba9e3535bc0743a2f215e5319cf842a286664092748ba695ae0b77c30caf437ccbe1efc385e","nonce":"383130f26a480c36c62db406","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"5add198cb38d4784148ba460c90b93d72e44b063bc540620a0899e7e4d000532826b3c3f45129ff4bf661162a8","nonce":"383130f26a480c36c62db407","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"121122c552d25009488ff00c4f92d4c8e0eb1c2a94d657ff527c5412418f2b19f4bd4ce39431191b8bb1982ec7","nonce":"383130f26a480c36c62db404","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"c9839904de951f7d8bdbca1640d35e74c9c8393bd7670588a0c13a6337fcefc28135943c9b6954df9a1f282a03","nonce":"383130f26a480c36c62db405","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"a0303667f5c5d425c85400367453abd4d26dbb11675c648bbf5538d61b36588a0fa27011e5a41e63cdf20c804a","nonce":"383130f26a480c36c62db402","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"002cadd049f00fa88ae714cc3e9cd4a9baed2879b8d3dd326cf7895ba48cd386b25ecebe059d3276cac2171ac5","nonce":"383130f26a480c36c62db403","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"9b35640c0c293af5ac6f31aabae8993230760ba2315b7686791eb49eef435bc0cba0bc46d441603b824716e52b","nonce":"383130f26a480c36c62db400","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"c661434ebdfb5b21fbae19fdb6f5eaee91e77868aba92a91e8efffbff6f3e6bc4b8bc5c197bc30565dd81222ca","nonce":"383130f26a480c36c62db401","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"b4bc4d990a074ee854fbb927057105c8ac842fe0eecfc9a9787abd534cf577d737edd76c430cc946bb3576f0b6","nonce":"383130f26a480c36c62db40e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"70fc7913ef2f68a43a06c94783c2ae8139bf698eeef4488b8dd49f9038f65d7fcff8a194cb9eefbbd44639fbec","nonce":"383130f26a480c36c62db40f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"b6d993fc43bc91280db7d54aec1d9e06f7ec29fd577d4abf1841487a3328a71c8a4651bf65f4e167852f1fbcff","nonce":"383130f26a480c36c62db40c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"e644d4fa5e94a4528f0c8e57d0dbf08330b4cc4b9208bc609403596781b47b86a3f10ecc06d1ef61c9b54777ba","nonce":"383130f26a480c36c62db40d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"39c47211218353cf6ac2b2d276e4ac12a6418f006fc95eae487ece3c91a3edee72fedf935021f1dcd230a10864","nonce":"383130f26a480c36c62db40a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"443962136358e2b60c24b3374e9a6269f542181ebc5b957a35751d602b64c006968db4359e5ff87ecdf8dac839","nonce":"383130f26a480c36c62db40b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"48fee3dd90ff77c0dea3962e57933f535c83d1600438bf60f6e94289a180aa35b7ff6a1fc12d666b3f38f2f25c","nonce":"383130f26a480c36c62db408","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"bc4d4bbed1a16860acf2697e6531196d0e4b44a56bb3d29b0a59af446cf42daac90337c4d79cdb09b158988f26","nonce":"383130f26a480c36c62db409","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"ca786b827c6df041c1eb7d8ec058725df67fa5b754b42905019b07d4969ae911061232dc3f84bddd4266f47028","nonce":"383130f26a480c36c62db5f6","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"02803c025e5389970a96e3f1b4fb82bffba55822a7638b0145a9386d04050810"},{"exporter_context":"00","L":32,"exported_value":"c0536f7ea79fb483d13e74fce10919def2a3b7e9de97822b475987cbf41e5739"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"da1a7f0897e21869b5560658bfc8413f36ee79b918f30a56a1455e234ea94d0f"}]},{"mode":0,"kem_id":18,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"5273f7762dea7a2408333dbf8db9f6ef2ac4c475ad9e81a3b0b8c8805304adf5c876105d8703b42117ad8ee350df881e3d52926aafcb5c90f649faf94be81952c78a","ikmE":"f9d540fde009bb1e5e71617c122a079862306b97144c8c4dca45ef6605c2ec9c43527c150800f5608a7e4cff771226579e7c776fb3def4e22e68e9fdc92340e94b6e","skRm":"015b59f17366a1d4442e5b92d883a8f35fe8d88fea0e5bac6dfac7153c78fd0c6248c618b083899a7d62ba6e00e8a22cdde628dd5399b9a3377bb898792ff6f54ab9","skEm":"013fed613d0626aa01fef8d67ff6a683a9a173ce683fba2e833b1e4edf8598234736149ef1e91088e78a91ac4691d0f45e22505dc818a934897981955b3c6d4c080d","pkRm":"040084698a47358f06a92926ee826a6784341285ee45f4b8269de271a8c6f03d5e8e24f628de13f5c37377b7cabfbd67bc98f9e8e758dfbee128b2fe752cd32f0f3ccd0061baec1ed7c6b52b7558bc120f783e5999c8952242d9a20baf421ccfc2a2b87c42d7b5b806fea6d518d5e9cd7bfd6c85beb5adeb72da41ac3d4f27bba83cff24d7","pkEm":"0400edc201c9b32988897a7f7b19104ebb54fc749faa41a67e9931e87ec30677194898074afb9a5f40a97df2972368a0c594e5b60e90d1ff83e9e35f8ff3ad200fd6d70028b5645debe9f1f335dbc1225c066218e85cf82a05fbe361fa477740b906cb3083076e4d17232513d102627597d38e354762cf05b3bd0f33dc4d0fb78531afd3fd","enc":"0400edc201c9b32988897a7f7b19104ebb54fc749faa41a67e9931e87ec30677194898074afb9a5f40a97df2972368a0c594e5b60e90d1ff83e9e35f8ff3ad200fd6d70028b5645debe9f1f335dbc1225c066218e85cf82a05fbe361fa477740b906cb3083076e4d17232513d102627597d38e354762cf05b3bd0f33dc4d0fb78531afd3fd","shared_secret":"fe235ce991496c6c8395405da1c684f02206d24544d660f53412bb93bcb6ed6d1195414f020489f1c93e1df86c4d6ad71b7052b77e17f81960cb1b920edcedbc","key_schedule_context":"001c32c098a411cf1afaec805bdbb4126b85caae458c62f8d8fbb24168b37930eab113e91348e59600e38ef02667015f5811559278b5daf69cbd8ebf22861e112922f3bb3f4a73881979994c3c83a46628434a24f6fba24b7cb79b65184480612f921684dd1abdb948aaa07637b3944e6ec7bf5089bc9e653f702dec2b8ceb1e0d","secret":"afac8b7be54e300f68f5406fa9788fdceacb0d1bfdaf9eb82f7196c0f887f9e34cb3e61d850bff44d07c82b3e907680611d5ee823991b9bb24f4e8d85a8025a0","key":"a0a8a428a5149b3ac93e07bbe8868945972a8964956fac14fc6a79e5c279d836","base_nonce":"9deefcbfd747d7a666450f00","exporter_secret":"bd98618e98c9856ca25cd63d9a72c3ef99af7fe55e29a8cc6773e315a670637bb07017ffbab0cf5e5a17aa0f63a6f3527d7f1725b28f92407fc27dbd6f34bffd","encryptions":[{"aad":"436f756e742d30","ct":"16d0a57d7dc5106a947b8ed6cb759af864fe8f60aa7f7e4665df083167aebecc9e423badf1ccb4937ac4ee96df","nonce":"9deefcbfd747d7a666450f00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"db7edac349c7ff2dfe32ff51502e51641eb8361c1be4b75f46f0459efca968dd3ebd177b4348d69f85b28cbb2b","nonce":"9deefcbfd747d7a666450f01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"617cd9e790fb2b972c3d9236aafcac9c9218cfc5ae6c3d94bccaf993da565f0d0186b5b299a0c04c2083923632","nonce":"9deefcbfd747d7a666450f02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"0ef475cdc9efbfbb60c9462160617353bf4260d4c1a610d318956a64e745df39cce163876c53bb13c192cd96a3","nonce":"9deefcbfd747d7a666450f03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"c62d4cf501321eb7c99292f5beafbd9579d4c3836657e982195c0762dc388593ca6347da285f6f9c09623aea50","nonce":"9deefcbfd747d7a666450f04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"feef646904d9821bed5e2bb9209bb55c8bcfc3abd78a7c80508144e7b97019459c1145c3eb383357dadce7a289","nonce":"9deefcbfd747d7a666450f05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"7474b12f0e8631e3d38ed6702450b0508b3b41a70ffc7ceb1c2acd024f5e08810b4f3026a6431ad94b2a3c212b","nonce":"9deefcbfd747d7a666450f06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"d45a51fb9eb567b982356f5c729b283678760b1906b159a478e7be8a36df3146fe2a805d4d3df8136597031325","nonce":"9deefcbfd747d7a666450f07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"3c05386813aeb6b5eba162faf5c6f00510c2091c185f3ab1c8523fe14ee2124b11904f36ab644c0b49c35be25b","nonce":"9deefcbfd747d7a666450f08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"e3588e38b188271002b822cdb501f837341569e51c8b5b9cd4d298e835ea9a3f8c87651b88364eaaac6dd5a153","nonce":"9deefcbfd747d7a666450f09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"563eff6fe976c476ebd31afa3c3f09ce6cd2388d89e2422ce5a0d6e5fc4ef9d3fdd05ebf3e2b9c6e88467cfd5c","nonce":"9deefcbfd747d7a666450f0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"5cba0c981315a0fa894e4d850918995eb8b4d4678235d8d4fe5c3a57148c86e77298970e1fff53f4e351f8d3e7","nonce":"9deefcbfd747d7a666450f0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"8a301acaae46b24abe5d540c46de2ddce159450e93b1a2add7f9c9588a9516677cafbb3f49f416457e3e7e8e1b","nonce":"9deefcbfd747d7a666450f0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"8d37d3e406e8a13056eaebdaa99df443db085c782bcb4426ef0e2a0ab04803080068b2fa90dc7582029b5f00d5","nonce":"9deefcbfd747d7a666450f0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"a5c69537d1d6ed5c5f639f38aae6059f2278f51d627b4964abc24113ed85a4f7fca268bfe131b2331ad8e4ebb5","nonce":"9deefcbfd747d7a666450f0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"b5e1a7160ebc533c54299dd87aff44e9dba432a6ffac6eee18c5a735d68737962151d43637f10a8d7c80c774b1","nonce":"9deefcbfd747d7a666450f0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"0fa4b630734d06be288b354dbaae9ae028d64947e2c6f4ce5dde88618b419890c85aac701e6e57b4c52f50f709","nonce":"9deefcbfd747d7a666450f10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"1b4a644ab5c091ac9eb61e188389ae5bf81f3a46ca05c0acc59b45abd10d24b53720476be4ae1034909c3f3b3f","nonce":"9deefcbfd747d7a666450f11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"2c7f85855d1780106fb8c7d5aeb2fde9e79bac00ec017aec0375d7d728deb1b9d5d080afbddb577255e879c940","nonce":"9deefcbfd747d7a666450f12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"b6bb0bc00e49b9c707c8bece42bc9e9ef859ca642dff2e18bcff3e345c82f365ac7ade69ff6b25e807d1afd694","nonce":"9deefcbfd747d7a666450f13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"827a1caa7b6b642c98164f10ecbf29666f183c838b08c1d7c2ce2eba6e6a81ce632821960500bc6bd99e7e7589","nonce":"9deefcbfd747d7a666450f14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"c36a6eb109223b5118d081fe0e53f92257cc0ffb09befda84f09047367815ac7ddbfc4840c018c658d9e01b6f8","nonce":"9deefcbfd747d7a666450f15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"b9b2dfcef8fc412bd520bf01c652e5f069b6a125a13a83cbaea017741b8c6f7b8a3ee996d6a858cd06505513dd","nonce":"9deefcbfd747d7a666450f16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"9d36c3ead63339c021f3a986ba92b5b9ae944c20297affd04906a2d546f2c0700e4fae38b2768847cf9b4a866c","nonce":"9deefcbfd747d7a666450f17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"084afbff2d81abb8eb0975c64b031fa78f72f86a73bcbb6f515d5247bd7477c55791c0e3499ff5442456cf5efa","nonce":"9deefcbfd747d7a666450f18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"fdfd64089176b916a9f8fcc9f9c2016e043e2e67f23af747791b857d6c71cc86bd22a7d488ddf7ece830516354","nonce":"9deefcbfd747d7a666450f19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"554bdc76f4bd78b7ededf7fdab693d32b4872f3a8b7e5fd029e1b8b78a093428429afdddee278a634ded8fd435","nonce":"9deefcbfd747d7a666450f1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"991e660f7915b5b402577e9aa99ff11d8946074ddb144b1f824022df4c39239e8c19e410ee6836493505a91b63","nonce":"9deefcbfd747d7a666450f1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"6bbaace8da4a05964d72bd8b88f4958b0796f8533e8056bed1127ee4c2fbf4e65c05f104e2511efc99147d688c","nonce":"9deefcbfd747d7a666450f1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"e8bc95a4a92db53510da53aff62797fa475fb287ea487c847c89f055b449d006c93f0db0b87ff3d31542a21e26","nonce":"9deefcbfd747d7a666450f1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"ebf12034d86aae5a75196013beabef6336090670e70eafe76c25dba72d0faeb61ec5946a895af212a360921bc6","nonce":"9deefcbfd747d7a666450f1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"0b4b570a2af2ccf36330dd4c58f054ceb131aa345c23a8ec2b7ca89c96333701d136c124633ea0dc79cbf50414","nonce":"9deefcbfd747d7a666450f1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"4f303010ff460f39da1dcf698dd50cd7f9cb7ce408e9492cf2f4f89b0b42d8adce584572be5e0758cbec56e71d","nonce":"9deefcbfd747d7a666450f20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"082758d8cd67757c7fce1c09547496c5ef6b03f5718d00fec28e502fbf608945f213d26cf5624da267267d94c3","nonce":"9deefcbfd747d7a666450f21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"9a72236f8d07e243a0b8639e85b8701584257deb4b6775ab65e6100be12d44eec39918dac4c83957c58683e880","nonce":"9deefcbfd747d7a666450f22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"8752b3704ccb0a185b4c23b7d630bd6a9dbe03141551c7038a084dda9aa2dfc238c1c2f69dd87e0771995cfcb4","nonce":"9deefcbfd747d7a666450f23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"7373241ad712ac2f664ed33b9597be9ad561a5c4e905c831480e47dfbe9418c014ca23210693033c4e72a0087f","nonce":"9deefcbfd747d7a666450f24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"20f4c1891dd8fa096a74f89ed87f65ad9a879247a6c372b508faedf5f3ccf213e909935fed101f67383a01dc46","nonce":"9deefcbfd747d7a666450f25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"8e3110571d4adb5dbe8787ba45e4f351cd3afeef70ea35e852e8104854051b179785774d5a19fc05ec726cadf8","nonce":"9deefcbfd747d7a666450f26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"43c2533e85d6fbbe2117ea6c0b012119ad0a580f4f763b6189799ad0ea6ac270ad6395f252ace95b18888c8ed4","nonce":"9deefcbfd747d7a666450f27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"9a486c287f12a408bffeee3c0793eca6a8e761f2b688e42e4816b0817ee699603d990009f78e52f2c3f9db2625","nonce":"9deefcbfd747d7a666450f28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"1d94b52af82505322112c1695eef264f1601bb7ccf323b854e7f9013ef114748df5399bcda30d3545857dda8e5","nonce":"9deefcbfd747d7a666450f29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"fee2645dab813a0f6f01e2d76a7139cfa3fcfda1b2b8cb9145f331a711b34babaf290db4e2887cf691e091565a","nonce":"9deefcbfd747d7a666450f2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"94653e60916b46a1e4af4af14e7f858ff679114fe78193ff24360192b67a67b9c9a7196a83fc690ec5919280cb","nonce":"9deefcbfd747d7a666450f2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"2ed79d2deafe360408075d6abf083cb7b9028b6c14c2fdb0748fe0d070e57a862b741f78ac3e966004e0c8bb2c","nonce":"9deefcbfd747d7a666450f2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"f57a4e8206684098113da6484d5e33accb4250bf9720be46b6ed0f4ce7b5adec12b53136313c1ae3dfec486288","nonce":"9deefcbfd747d7a666450f2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"614ef2cb3e4e007b9ec9c23dfb022a4a5c1203abaefdb33e0bedd1772e0700bbe75d73a1715e878f6c08274d25","nonce":"9deefcbfd747d7a666450f2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"02c746bed8d4f1d92d668c707629fa2680dad8853f33d6f234a9ee54b4da143b636c00acceda4fcae1052d71c8","nonce":"9deefcbfd747d7a666450f2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"1ef258fe17fb910828004a0a5a04047cd86282424d6de05dfb0f7c12496d533738a5e32ba5ff702a97e7cba90f","nonce":"9deefcbfd747d7a666450f30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"d50f2727a0abe7e853843c8719e6dba44830ae1ea42a3b7115352a01ce9108be8d24e1c6233d7c7100dd7e323b","nonce":"9deefcbfd747d7a666450f31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"68305c2ab1a361ff24f216152a593aca7b4f3285c92e4a4748d87109fc2a253e14e771fa7716267a23332e0a52","nonce":"9deefcbfd747d7a666450f32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"51622151b90a9b8d5dc3ab6f7aca246299b549876634df8a277522f2ac64c62434677540f3ab2b9513e73e4cc0","nonce":"9deefcbfd747d7a666450f33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"0bffbad41dbf1e6006c478a48aec9851d55fa3438cc61818b6d94eb942955e1324f8dc7261bfec43f15701a61b","nonce":"9deefcbfd747d7a666450f34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"ace68dab0388413ef2e0b64c7452d0a754f9fbff7af6acb456b787e9b12135aac452bf21e7d1c8ea66f974d44b","nonce":"9deefcbfd747d7a666450f35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"6dc42b33ffdc76344f313e3fbfe3bd25e0f8e6afb4a7e65524d79de4cfa42e71e14aa0302118badfdd6b31071d","nonce":"9deefcbfd747d7a666450f36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"ec69b3f94e8b07a39c4fa1d88fb94fd46952f5aa5fe62755517b8d053851e93978037867435710ae7187eacfb4","nonce":"9deefcbfd747d7a666450f37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"4b5f9492b6f8ccacae5e8124d85d45b3aecd6bafe609e4d830504aad42ed8c419dad775bf0831b6bd4b95bd3a7","nonce":"9deefcbfd747d7a666450f38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"2dfa2c52671e1f18ea39a9ff413e663858539659bc1fb9f11429c0d95109401f7bc56507691d79475049b5ec8d","nonce":"9deefcbfd747d7a666450f39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"5344342ccb480e7d5445f349b4530f39df64476ee4a30839396fcc37b513ffc4897fcedac42c0af21915e2fe0d","nonce":"9deefcbfd747d7a666450f3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"b49d006d46662e0ea31c80f9d6bd4972fac93b7681086870dd330f890195a314c65d7da873ec8cfc2fb4b314f1","nonce":"9deefcbfd747d7a666450f3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"91e762caeadae8d6c5e31c8ccccdc99267d6f2a2db168579dbf004ba1e7f364866a42f3c0a01574db3bd20bad1","nonce":"9deefcbfd747d7a666450f3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"09a89999f3adba2740f2158e1b140f05fe548d6be2f35a32e350af22e41bedeeec3fe41cd3661a48c3496bacfa","nonce":"9deefcbfd747d7a666450f3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"2ec7e8a46efa7b853f054978360998f7d496ec0ec5c81e5e1294e93c890ab8d7b144de5c1b92d2b3dfbd88c8c9","nonce":"9deefcbfd747d7a666450f3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"0bd3f226c797e9d438e548cc5d2ddb4e16d063e96afc4291bf3bbc6a8e4abfe4a3c141e5acd70cdd710e67f962","nonce":"9deefcbfd747d7a666450f3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"e5a12101591865a073b8ba9335cdb23a52ca8aaa608c4fa0ff302651da6d693788c9f8120442916d19d288539b","nonce":"9deefcbfd747d7a666450f40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"7706caa74f17acc0eb32b12e55d451138581fa0bd9634026e886350170ce45191471e0615ab069cf2f5d081abb","nonce":"9deefcbfd747d7a666450f41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"be65a80c63596b93c226c09980b323035e545e06c3c02886f30ae07c6a00cca6319e578330baf591c6ea98af6c","nonce":"9deefcbfd747d7a666450f42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"eac659f6ca24a4c665eebea12c5fcaf681c1416bafbfb26164f71151612d9ea3ecea35c010efb94d81b0e3b367","nonce":"9deefcbfd747d7a666450f43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"a55dbff1486f9315e4e8882b26d7bcbcbba74c7fdbc437aa8815669fbb91aae31c90df2219bd7105fb7d4152bc","nonce":"9deefcbfd747d7a666450f44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"d61ed98442271c2d48b639ed42911fcd638d1fb9603c631b2cf5c2be06c28892e4cdc0a1411e76ecaec884a072","nonce":"9deefcbfd747d7a666450f45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"e56d56a22029eccc04116640a4f1fcae9bed764bda139e521d93c4ffe78bf59dfcee60650b1a46bff9d5bc8dd5","nonce":"9deefcbfd747d7a666450f46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"f07c6720cbf84826042c1f6801fe5998186f0be5f4d11cb5161551e22e746ac236bc2278223fa03a1c2afcdf20","nonce":"9deefcbfd747d7a666450f47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"a65f1010073db6c1f15328af59b0fabe8b77e206b29f67951369cbe5d987aabede132a457ff44fb7a97f0fad22","nonce":"9deefcbfd747d7a666450f48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"519de62de51decdc85417bc026f86ff4c3b9abdcbdcc583870d367b1f71868cb58d3cb1379ee287174844eb781","nonce":"9deefcbfd747d7a666450f49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"252a884bdcaa6183a6816133c75c8a8879d66c36bd5dcc7ed98064f0d2d1eaeff5bcd67c5ddeb16d753e1060bd","nonce":"9deefcbfd747d7a666450f4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"faddd7aa3672827027c35506b8e9b91f1dff60f6f47452902d1ddca35f70e0a16be8a55d652a06f5e0c77c51ac","nonce":"9deefcbfd747d7a666450f4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"4ca5ffc615366145900dc4cdf2e1796a5e81e8d665711d5ec85b19ad95025bd109b6ba00ad9c00891681734744","nonce":"9deefcbfd747d7a666450f4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"193c332dd5f9859cde10db26310b573683c9f773106b07849a45008dd04c91f45789829cb278f6409fa1ce749a","nonce":"9deefcbfd747d7a666450f4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"72a2280a01a1b3daa779ad0b2a06409514f97a758724322c6c085e89a04ee2d7b926b5d58a03d9c41aac59048a","nonce":"9deefcbfd747d7a666450f4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"ddeb3d8c483a6cc2604ce4578f622e9915285e5052d2828d48785d2fb0d3863334502292540ff44dd8fa80e5ca","nonce":"9deefcbfd747d7a666450f4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"7f5ec5240a00a0c3215e7429da07516fb2c5e8188164cae7747bc70722c7d3f1969bea971333ecfc7c5abaedfc","nonce":"9deefcbfd747d7a666450f50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"0ee8c4f96479b07a8ec2a25ffd0fd212f56403e53e98fcec61c5157064f5df8065bcb335398535ecbc7e762f0e","nonce":"9deefcbfd747d7a666450f51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"96b54ad401fae0da6822d5c9f7c265ecdb80070f0b1d35140c1cdfc57ffeea84d72ce9b8fe3a66131c459be38a","nonce":"9deefcbfd747d7a666450f52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"0e043b28679f1aebdf952e1821ee08898fcaba4a5eec932e30771e429d57eae7c3e2a6a5a3a664b14d0442b790","nonce":"9deefcbfd747d7a666450f53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"a1447a49cebdc17ceb8594c795f579234221ed5087b77023ae658a1f0030c4f0c219abc9ab3c0de08be48e0494","nonce":"9deefcbfd747d7a666450f54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"4bb11a2ea4a50926230102d7108a5962df0b382a04029d7c9f2a7da9f54c8f37a8c01d15c151e804908d2cc6d9","nonce":"9deefcbfd747d7a666450f55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"817603ad38c8b3aad1615844fde0b171e10f25f06b0fccf21f6206c002a5f8d80e2a48d13be18cef817e2ddd6b","nonce":"9deefcbfd747d7a666450f56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"67260c203553a149711ba800cc6887fdd6f60cf46e56301b2701987a687b923ae0e492e89ba1c460515c1900ef","nonce":"9deefcbfd747d7a666450f57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"33d60f9f245d08c56c2bf21a90f4e10260e8c017600966913cbb586aa34357731fe351c83aaafbff37e9662b88","nonce":"9deefcbfd747d7a666450f58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"804a84a467403578a2d6dbbed2ac824b697a030ad0c05dcebb7445c36a1f0716494a66bdeb760b89fe8dc9e542","nonce":"9deefcbfd747d7a666450f59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"bd61ec3bfde4ce84a1921197a9d5f17138edfa7a64c7e7e7a94ea106a856e7230fd48fcd934d4b1af6d3c860e6","nonce":"9deefcbfd747d7a666450f5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"fbc57d40ad8b19b4bc92e1676a2a840a25d0033d4f521dc688addacb5cfaa46c3a58d3a51d84ce20cef1047ef8","nonce":"9deefcbfd747d7a666450f5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"82fa8b62b7997da4df9fa2b2373954cd3ef6810caddb0c85757085fdfeb38245d30bef1ea85aa18d7682876fae","nonce":"9deefcbfd747d7a666450f5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"3e4ad9cca1b036cda2f04d75ac1bcf2ba4bcfee53c696afc889b9e88c63ba3b58bc23310d9be5ccef27a41011b","nonce":"9deefcbfd747d7a666450f5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"aedefd83a783c2be17d2c84b06b10a91386988469201965a348b09a227ad13080617d501191e43c7eee0b924cd","nonce":"9deefcbfd747d7a666450f5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"430d2bd79f9d3e904322aad96e419a10fd2ee0a72980952dd7cf82c94b16ef8de8b493fe4b0b494fce78690b58","nonce":"9deefcbfd747d7a666450f5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"182e7a74697f0d05584ef4cde122ebb5e15a5693f183ab44d24d07b9c18b778a84b73ac2c2ab8fccffed597970","nonce":"9deefcbfd747d7a666450f60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"00d3f2bd0fa2ec8ad85ed88c18eb35f2c779a473575dc29891dd8d0bc5b6378c6426841b7a30fccf4f4f44f31b","nonce":"9deefcbfd747d7a666450f61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"f7daea438ff976968193b6f2f29a26ba9403f5ab8374e57161107fcf58cc405b6a0a72169a346b0413019233d4","nonce":"9deefcbfd747d7a666450f62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"170b6a308762ecd4cda3c6a41ef8fb576dc290631fff5a9c911863fc498a01896825cb4ca6564660e353f2ee0b","nonce":"9deefcbfd747d7a666450f63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"f114e5e9aaaec910155e66c26fad83d42342c4928d2cc663a3cdd7077c1656b7a25227500bf33da76875c74731","nonce":"9deefcbfd747d7a666450f64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"572a24c0ac0173e3b172abc2e60010fbf9831819cd6013cd92480be3456e3d87e3af5bdaa3c0c0cfc6a2b6775b","nonce":"9deefcbfd747d7a666450f65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"fc40fe9c82edcf2af43bf183bd5cebff88114e4b28a0393511c6630d0a84824c7fe4975592c6e1af31a80ed197","nonce":"9deefcbfd747d7a666450f66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"130e5a61376d8f3004ff6db4775432f0673f6f912aacdf84181244c39cccc6b77f9803400354edf28f546fc56e","nonce":"9deefcbfd747d7a666450f67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"2977c9e58442aea268b7b7bd1b2e764df225bf6ee93843590cb6688f344c496f875f77bdbfbce60b69496e554b","nonce":"9deefcbfd747d7a666450f68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"45ea1646aacbc90121fd19fabd9b9d8a125f0a4696e757ce5c1b93d7eff8d1bf1b0b480ffe154fa51faf4f3a69","nonce":"9deefcbfd747d7a666450f69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"41087d02ef0aaaee766149b583eb4b814290eeddd3fb30d8793602e3b6310181ae06d55172b312dd210815bdd0","nonce":"9deefcbfd747d7a666450f6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"0d92faa277dba99346989e90e292559cdcd653407318aa3bb0d6b86448795eb9a2216dd669156f9181c9c410f0","nonce":"9deefcbfd747d7a666450f6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"642b40f23eb29997514df6a76be7306da08d0460bde12027159a8bc8d1201beddcbe9b7e07eebe9771e2373b24","nonce":"9deefcbfd747d7a666450f6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"1a79ff834dae57114d7bb43df1f7323579e0fc246ce1e7102fee1c1aea228895c3ca63e6cf0c24f6eff3b56a66","nonce":"9deefcbfd747d7a666450f6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"2b5eef7b72f89dea99853dae4266f7523eea744a931954d1c2f3e046fb2d1b2255d5d6adfc5c1b9590b414d18f","nonce":"9deefcbfd747d7a666450f6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"0c8e124111eea6ddaa60d397a51c690eda260287536d43565a171eb0cab302c632f1d212828667065a2bbd3e8f","nonce":"9deefcbfd747d7a666450f6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"522f25cc39fd2529ffba438b9a013c818f09fba2cec8e297503971ef16a0b2608a37f90bcd2f16f8997881d163","nonce":"9deefcbfd747d7a666450f70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"5a47fa7a48ec3a84416ee295039e17440e722c1cbc625d057deefbed680a13a1f8442bab50ffcad76b8e7b1e13","nonce":"9deefcbfd747d7a666450f71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"182305e0f1d21a9a44b999c06c2cc2d0f50423f14b376d566e404bf5c679eb02fdf1ddcc94be31f1e583a13642","nonce":"9deefcbfd747d7a666450f72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"15b19f74a95f7409a9552dd45d0f0f60cd39e787e54b08d6bc3f9bc95f83445602660de5947e2292d135b3708c","nonce":"9deefcbfd747d7a666450f73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"7679ee1fda916fdb373cf56f61c6c61f5a3f7d2f51594e0e414303c8213eb95f3a19bc7da67d1132f15b7c1084","nonce":"9deefcbfd747d7a666450f74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"c4e48cc6952b9008e40a5827ead8c921dbb8549bd37b8acc29353bae5bca4469db3ce1f51a102551885eee1f45","nonce":"9deefcbfd747d7a666450f75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"04d13f7411c09dc0c520dcc934176139291d3dc49f359901a7d722c224342c8b151e7bfbb120b018731ee45b0b","nonce":"9deefcbfd747d7a666450f76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"ceba7765dbcf91cc748abc3285749bcb9a8310359c581770ae7ea7bcbc0195377bddc637212e2536777cc485c3","nonce":"9deefcbfd747d7a666450f77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"a9dc2047a643a1672819c6fc49cf8d77d9c460e94680d9e9a9e68f359fab5ea026a0ac9899148dcb0b51f583cb","nonce":"9deefcbfd747d7a666450f78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"7ccb855fd739cb01b01607e4af740aaa25e0f15471cb9cc96e7baa59fbb74f910dc59f12a14f79593f5a710c44","nonce":"9deefcbfd747d7a666450f79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"55ae1c569cd61a37f7791a5c96755308fdf25e0375938833d73283f5e65ae1e3546708e9a01f6558a68ec89eee","nonce":"9deefcbfd747d7a666450f7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"52b88176c7013dad3d2ec52110cf3de3039f62fc049440e0dc17b783119f68ef4fa0566624e9e090c233407ed4","nonce":"9deefcbfd747d7a666450f7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"18b761901bee232bad38ccf0aa51321b8860a2c389c0eb71818231309c9974e8c068d26aae49cbc14ba3b04bcb","nonce":"9deefcbfd747d7a666450f7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"a993cd8fc763d48058cee50e76767c01f877cbffd566e470ce5dd2260790656b15b71cdb041c2ed7194f09f632","nonce":"9deefcbfd747d7a666450f7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"5350c7fc5202fb515314686be590c50e85f6ca9fde8f1b2fd5bd12271b891cd8e9c864f357daf7d0673f83f950","nonce":"9deefcbfd747d7a666450f7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"acae00d2fd93ad4a9b3a014c8a449b97bd6c4aed3ef9e2f5d64a6712037accd2f9202373901213edc9cd503ae4","nonce":"9deefcbfd747d7a666450f7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"2c1858ce5fe5a5f8075e0a7887866c637d93357261775c74dda8970e0624f4c7b525893d209d2ce38ef4d1d890","nonce":"9deefcbfd747d7a666450f80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"264757d521f617455899e5790a02024e6db3831438006059383f408ae83bbecc32b5b6fe5c1585d1970865f2b3","nonce":"9deefcbfd747d7a666450f81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"5ae7576856e2663df15b18ee6a349844144651feab68750f400de5eaed8290f4974cda9fc04bdad6679dac1395","nonce":"9deefcbfd747d7a666450f82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"a401af923132b3dd99b163a675eedf1efd1154081b3bf35361829d6de5144bb6e210e46fcca6330cb0c8a37bc8","nonce":"9deefcbfd747d7a666450f83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"05bb61d44109b01ec49606e4acc436670aca014fa4c65d66487cdb63c656e9487a86336a54550906967bd05f27","nonce":"9deefcbfd747d7a666450f84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"97f71f8a3d4c0aab895e66809b73b49f97d67608e6a0b7c39e15def0e919cfe85e1c7f4d3a954a518ebc41e9a2","nonce":"9deefcbfd747d7a666450f85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"d71bba01606a067a3dd7984a1317785d073dea1a18c216c0f6bd3048fc0a00fde72feff7615b0b872c04630d1e","nonce":"9deefcbfd747d7a666450f86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"3a4cd7e65ef15195638d996291bdb6039a98876e5e076658e6b867612d701028d43740f006026242bfdcafd1bf","nonce":"9deefcbfd747d7a666450f87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"47442e66f477a4a9eb84514ef899726aa8cac285d87756aa82c6c9748e3c9545bea92ddc4b4a0d60072271b967","nonce":"9deefcbfd747d7a666450f88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"0e7781fc8551c918f41e6351d9ec0a959ef5ef299aaa3aabd1ba40c4ced75b6b675b59ca3eabe8bb780e3a6a63","nonce":"9deefcbfd747d7a666450f89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"717e2c9d4bcaabd6604783f16b7f7fda4c9831534c24eb425db484e47ba2e5bf39d1917ad6033d28cdf88be300","nonce":"9deefcbfd747d7a666450f8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"5f1463bd25a01c786b51d74c596e099ba29e069e172789b80ebfcd812276e5c27477bebe5593caf875160a4027","nonce":"9deefcbfd747d7a666450f8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"002d4000db11ddf3021d34317d27d093b3b61497fc4734cddf38e26e2785b5a291e0fc7acfbc582e834a337ad0","nonce":"9deefcbfd747d7a666450f8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"4494de5230d1368453750828e269e48e8cc4c2783d7640629b393aa4550285cf0be3b6f8c49a9cf6fa6de4b1e2","nonce":"9deefcbfd747d7a666450f8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"8d38c50a4f882680e07c0b9252d63b8d26bb269e97b4be7736bf514b7822b1c65685b4921b247d64fca5b3d097","nonce":"9deefcbfd747d7a666450f8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"2a2f201259915ca689e15b495b3bbf207ed9d38baf4d5d6bfcb31dd29262d1c99b9fdfb38cfe9476ab0a0722db","nonce":"9deefcbfd747d7a666450f8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"d981b6d4d67a623bb6475b49e40ae441cbcdc58fd5802edcdcc93eefa1d1c8f24eb664b7a98bdbcd3bdd25ddb1","nonce":"9deefcbfd747d7a666450f90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"233c01c85e1b43bd9f9ca00bb08a8845d1f69319b98933b2116d110b218a05c583089c1f67daac298bf187ecb8","nonce":"9deefcbfd747d7a666450f91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"e7440de99a25aca278f24aeee9f19e9f485c4f3c950cb0638cf3ff0a24debd9faf8784605d3ab4c6b078206a23","nonce":"9deefcbfd747d7a666450f92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"ea9b67578c22c19bbdc594da1316f067ad34ff031952874b25d7de56fe3c9a2eef6fd5c3efcbc71f0de0e42a33","nonce":"9deefcbfd747d7a666450f93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"1ea29377f13136477f883505a519fc5cd0a6152b8a24c0121bae8115f4d885033159bd14e3743204529414b6cc","nonce":"9deefcbfd747d7a666450f94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"268a5b6072238ffb5582bf5e095a2d6259b15739bf17502306e965a246dc8b0f702a4d2a8a20888b21b00c5497","nonce":"9deefcbfd747d7a666450f95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"94b7bd1497d5be7bb8e229cd8f4ac5df82e81ca04358072c0e6a70f9f0ac2afbb9974e13d6f74447f4812be05a","nonce":"9deefcbfd747d7a666450f96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"fbdfd630228f21b52e65d1b72ed3f6b833d4406be4452fcad91c50702bae82ec72611c0e944abaded26d97c890","nonce":"9deefcbfd747d7a666450f97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"715db7411498f2dd99777dc87555dda4acd58b2eedf9c90d57a851ab684833a3803c09eb6f41c406e16a472117","nonce":"9deefcbfd747d7a666450f98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"cef87ab966f3999977c271110271503127836870dfa32e47d7450ed5c5889843310d465056852c49029243e419","nonce":"9deefcbfd747d7a666450f99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"080e718952b47eb5edfc089e88a22a863d6c55b4f3307b87a1cb23ad7fae6493645169e6a4ed17bd48e3cfd3a2","nonce":"9deefcbfd747d7a666450f9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"65f17909d6de0494d651b4f34b8e0a7a4b3709ff1f20f11f99e0b330f13732a7739393ce86b1b52b1f38a4a119","nonce":"9deefcbfd747d7a666450f9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"215522696842de8424c61af34f42208ce5e0f4c84977c626f64980bbc01274c7f540f56952eca49e2daf97fc81","nonce":"9deefcbfd747d7a666450f9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"e24aacc3c24cdd2c05059bf32949304057bc3cad4a9b72adc7359bdead874e546178b297261fc078f68120f73c","nonce":"9deefcbfd747d7a666450f9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"9282ebee1bd75cfb1f5cf7e5be95a016e58fd0269db9c8c0371b29d6b9489de2a3b595556bb10b966d1fef1b3c","nonce":"9deefcbfd747d7a666450f9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"fdcb9f0b93b9e34129ba889af7873b800421d83aed63ee938e3e34f0f5a4fee09d27c2209685fff8754433fd3d","nonce":"9deefcbfd747d7a666450f9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"167eccbe17163fae7386fcb849a73cf008865e2b04b1a0be462b5d74cc12fe30d5f23a6657f53f2c8fa754d5ac","nonce":"9deefcbfd747d7a666450fa0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"8a768d2b73122fb50dc7dc626a46bbcf47252a14edec16678098d1bd34b433d94c018fff1b981af9cb32dd053f","nonce":"9deefcbfd747d7a666450fa1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"e516803ec6f05bb51cc76fb4e331beea499908e038c7bbe5be100c258135a4ac00c631ab069f4275132c71c514","nonce":"9deefcbfd747d7a666450fa2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"3e3ada0f8dd358d9e11fd8f081544bb002064a79d6694cb06ea6efc89c09e28f87464f6dd2857aaaf46ec3f5b0","nonce":"9deefcbfd747d7a666450fa3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"2cfeb985252cac698f590da527bf350ff6c2ee1413d77dd1f9394407f79e80806f66232eef0f461939d32d5aae","nonce":"9deefcbfd747d7a666450fa4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"e104ecebb0af427d068386b7ec1e6ee62f53815b545d6b5a3750e02e202502722ccf917a9dae69f00f37a82d5a","nonce":"9deefcbfd747d7a666450fa5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"951dcf4771776474e342c7b345aaa3ff3c049d4f4e0401d2ca462824df987505916c9987d01def9125904b9b3f","nonce":"9deefcbfd747d7a666450fa6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"8356c8be65a05dc3a44f61d7b0022d39918fd0e9e8084b56bf368f10af6e4dfd03300b0140eff88d2e5e9222cc","nonce":"9deefcbfd747d7a666450fa7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"8078ad61f19505086ee31b53a8b35d02ff599cccaaf74c1dcdc95f87d5e8b7da533ce92d4812ba2ecce89db507","nonce":"9deefcbfd747d7a666450fa8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"35cb37bcbbcbde38e81570c290f658aa570982d155ad52d36ecad015d16c67efe78d5174d345113396e4ed2eee","nonce":"9deefcbfd747d7a666450fa9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"f60e377f1fdd07bb9464dc031860d54f7c85e4ecf3a7a05b73202b06a809f8faf073584ba94931966b1c2324c4","nonce":"9deefcbfd747d7a666450faa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"1a9a3498c7b258aee50c15571fd47099024c277f1b954cea3395d1e3053d640f48b5ee3c6d696f182ad7086b0a","nonce":"9deefcbfd747d7a666450fab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"80b6b7f14f838cc349de66c044d4f775ae2069fdf69e0d8938382bc34767f82b01bcb8f9289b6b68cf791da791","nonce":"9deefcbfd747d7a666450fac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"9595c8eaa5303e5f7d0368da8c5aa8f2dd58a05e1feda2fc499bbadb8866f25d5a752f22402931cfb4838b9d16","nonce":"9deefcbfd747d7a666450fad","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"867d982921935b7f6f995db186f96028c5b38abd818e4d90aa89adf0c8c9174683f55c0b38ecaf0a8b92a611bb","nonce":"9deefcbfd747d7a666450fae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"9a7aed97637f277b24b78d0486a8230a28954904d17dcf7dbd60ad5408ede7a42bdad16922eea4ff0c6002bb18","nonce":"9deefcbfd747d7a666450faf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"d2430b979b048d115c0bae5e36d4c3c3a3f295a1fa7a93a59a113579e531909e823cf8e2ef847acb77a0bdc62a","nonce":"9deefcbfd747d7a666450fb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"0e91487cb326ae726a425e801db24efd7b38a087b7b28a1bff3f9cdd4d6afc8485047535494bff913976201a0a","nonce":"9deefcbfd747d7a666450fb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"d7d7a5166039661a0253c35e7f07dc4fa003560d78c6357e5c27c56a91c1addfc00f5d2f0226ff242778bc65c5","nonce":"9deefcbfd747d7a666450fb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"17806c514b84af5e309e7995fea3a8a9567f0983af0a24da0c994cc7735a1fa0a89c1d574a0cb20d69fab9428d","nonce":"9deefcbfd747d7a666450fb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"88132ef5b0bca9cd13c7e4369d70e2171c53dbcafbef85adc655c01126f44421be0842a98a805cdd8e65725a69","nonce":"9deefcbfd747d7a666450fb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"dc667dd7fd975629d99b970d0dceb95d9d94e72df23d61ed32635da2e60142fcd86be872711c11f8556cbd73d5","nonce":"9deefcbfd747d7a666450fb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"3d12df03ddfcb9ed84f07a9f30823fb1e4db39c715e2dd1766c821cd75087f5ea487f7ccee39ce394654cd3917","nonce":"9deefcbfd747d7a666450fb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"95b59ed4ca40874ccaf19848d6d27b6ac0138bd6b67f4654cae1c8fd3f39b2268bf62e32b6d9dc7da73c82f1f7","nonce":"9deefcbfd747d7a666450fb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"b2b07c1a604853dc919a555090f1f94ac611382e41e562004ff4e7dcc3769cca886405cf23c5870b8bd03e7d50","nonce":"9deefcbfd747d7a666450fb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"dc0d35a4afe2723d94bb631fd08a0b78e3b59d2145797838ffaeea471680ecc24e875092e98552bc5581b0b23d","nonce":"9deefcbfd747d7a666450fb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"b2063f7f16e4077f2d066635736396e5253a95cb424fcc6edb386bea03a7e3267e24a8ebe202e9bb0cdb56f873","nonce":"9deefcbfd747d7a666450fba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"28b3fab4c692826fdf1291c36870309fcaa9dc9f378b0df226fe468c9da9307d6341898bf5f691732eb76d05d8","nonce":"9deefcbfd747d7a666450fbb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"02c433ec919449d7e1a6bf1e049108dd259d20dd10f7bc32d070a404dbac5b0ae76ec75ff8e57125fccc240f68","nonce":"9deefcbfd747d7a666450fbc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"4fc9ed763585c1cab258b3815cc6743f122eedffadb571e221d923fa2fcf7bf87e7f50bfc1ffa55403331e16d8","nonce":"9deefcbfd747d7a666450fbd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"68c273b3d84e401d98c722414a7da6771d30e95cf3b5db8209340535325e5cc0223bcbd5c8a8d35d8d6ff9dd8e","nonce":"9deefcbfd747d7a666450fbe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"c23c34cf6b24e50ed1ef8fe0817daa90b1ccd6e007339a14f698b4f75b23fce3a83bc83381667b06189159a52b","nonce":"9deefcbfd747d7a666450fbf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"e6453f23644a04c4a23c40b9fd699e4e0c0457faa0c86544ecb7ec95b47aacec76d7a1e60f77acb810f4daf447","nonce":"9deefcbfd747d7a666450fc0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"fec0f7c639a41bc9723d3101df3bfbd17eb2bec253a20dc4268f4e528046640bcc83d35b2e89c1adfa3eb26ea4","nonce":"9deefcbfd747d7a666450fc1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"69103f694e50f976b86be635ab41bdc0645324e3a57d283d23a2d2ba3631aa1089fe23e797c03e913870f82c3a","nonce":"9deefcbfd747d7a666450fc2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"f245d55b8918b6a33c8d1310bc544d8ff1cc1fcf77dcce887f29b2aa4796a3884a7157075885c21520ebaf8779","nonce":"9deefcbfd747d7a666450fc3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"a8d151b9a976f7b8b7317db6fc3cbea7456fba41c35396698591cc31e2dc08933a5fc44f30ecce1fbb4fa0bef6","nonce":"9deefcbfd747d7a666450fc4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"106548ec648855b7ea995d73680ffe801f60a7d27c2bed4c53c315cee8f22bfbeece6beaa2189b7c15a1c3bbc2","nonce":"9deefcbfd747d7a666450fc5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"09d6c6fe44cb393bc43db18cd9f23c5fc4cd9212db2ad83aebaf3eaa0ae517bb6bea4e2852842d2f219799a593","nonce":"9deefcbfd747d7a666450fc6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"a922129514d13fd255bd6289ae4250da3f6958d71042cc598f9a84807077942eca90c5f04023d85b2de106b16e","nonce":"9deefcbfd747d7a666450fc7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"4e0ae6aa8f7bd6e7fa5325d745decf2919053c4979dc58aa2665f61493be9e11be441ef4329a17518e5a822e16","nonce":"9deefcbfd747d7a666450fc8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"bc68ed6839affe81f6370414d6585de51457eca6730cf4f045fbef4541f752e9840d2a4f8a0997746efd7bd8e6","nonce":"9deefcbfd747d7a666450fc9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"8dd95347d0d988541191cc7b284040fffbf53276bd8db3ed68dd950e335e54a53e01a69ebff549e50a4d8bd1f0","nonce":"9deefcbfd747d7a666450fca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"8c91ebde7d271a9e639724759a549b45db50cdd563b887ffb6351715c0539abe44288d18cdb6198609819acd94","nonce":"9deefcbfd747d7a666450fcb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"ce43cb82a495ff727133c433fc29f496703baeeca94fd4b16a0920d685c0067b03d861c4985b9b5eda8d899ca5","nonce":"9deefcbfd747d7a666450fcc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"7b4e83ef240aae232d3d0136f5465ea2d7d6d6bd475bbc05854288c76077965c3f018a483e58576ab3d61429b2","nonce":"9deefcbfd747d7a666450fcd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"df4e26405b79980cf9b1dd845e3de7a205d935de9a86579a7eaff67c7063f8e979b3ce4da347c2f3d5f1c91197","nonce":"9deefcbfd747d7a666450fce","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"dc7bf176f6bf4563869603b5fe8c0ed8f408335abbed48646ef2dc8b8443eccee8a48ec94f8004f3b5e50de579","nonce":"9deefcbfd747d7a666450fcf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"441fba878426e6c70f43be909ed71fca9f4b252d305af25d3b230f19925721e935d665a6a0589fce94c22a378d","nonce":"9deefcbfd747d7a666450fd0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"4c4ccc722b19705744044f2a5e5a01f73615d5e15a64973f24f26d260d7fe1abb37ad01d4f36db1089fd309467","nonce":"9deefcbfd747d7a666450fd1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"c4b57c1dd5c23d92ec0cbe86af280d802417b085be5e92a5c193ab5829c5ea6d3f4acdd027133b86caaad1520b","nonce":"9deefcbfd747d7a666450fd2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"f614e4afcfba73835da84e6a00829b978422d0f7fc79ed2dd4ed03b516e40b317d45c236072f7ddc60c10854a9","nonce":"9deefcbfd747d7a666450fd3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"7602bc20b3e3a8e4d74fab94a2426e8c437c2fa755e77ad03c7d824a6886b62ae3dd7967fe03ca3dbf0c499652","nonce":"9deefcbfd747d7a666450fd4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"4abcc62af358a51e4ce6440cbe4b12e5628db44e2e36e2c9ab06216047408356f6264c747b5765c2686c14b48b","nonce":"9deefcbfd747d7a666450fd5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"27c661ea2ffea79d78018b6f1de36a60a15e78fb2a1d963e1290daae043560af215e961c0508b929eadc42b720","nonce":"9deefcbfd747d7a666450fd6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"ed6d3a88b3e27cffe9a7dcf59d27466c894cbb1f2aa8e17b5292c0ee3b541e8321cae9c78feaba6b0c02f66a7e","nonce":"9deefcbfd747d7a666450fd7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"acfdd163c5c7116b415803fce58e09805e12a157205a30836ac96e182ab82cde9fde316ac694f2de63f932a355","nonce":"9deefcbfd747d7a666450fd8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"6fb89edc366a69575efc4303031b4d2a266e77a8f74322651d321bf485595b959df96d93e3312cd3e14fc4ef91","nonce":"9deefcbfd747d7a666450fd9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"355dae9069523398fb1608d26a917681774e22ff6dc476ca8c7cb3cebe303a5604802e1742ff03b5a8d227c209","nonce":"9deefcbfd747d7a666450fda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"5359273536d121197867d2fd07f2dbc85d9a4685a760afcc543e70fa71a6a070bcc2d1b3b43a59a613cdb4d1fe","nonce":"9deefcbfd747d7a666450fdb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"cbb0e22b7cd5fcda7c60903b7b3c3ed2d233bd4160a593006398526a7abefe9ee43673551b6c2beeb7efd7e221","nonce":"9deefcbfd747d7a666450fdc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"bf15f491ae92ee1fb634d64a7971af05b527c11a53b3295cc95bf528ce1bd26f35003f280356df125b8f328932","nonce":"9deefcbfd747d7a666450fdd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"1f277eb2267263cf950ac0f7b7b0a0888fabc83a6c1ab3670cd5d978847da553b310d0c68e242891b48b6dd020","nonce":"9deefcbfd747d7a666450fde","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"602917d469dcd0eb5f2104537213db1fd1d669f98c0b73bfb4e68f134e5d6243d1b2d45e6006828823d965d95f","nonce":"9deefcbfd747d7a666450fdf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"138fc0e8ba5754bb3c85ee077f50e9e99a76439a0044a3b1ef7ef3f6e1dbf3cd3050ad3fd9aa1783b6ace7c5ca","nonce":"9deefcbfd747d7a666450fe0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"bcf217ba82985a52558909f11fd6c13746be20b9420cb3fe0a17d1f1317959ad7bcd13b0682f2f98e77acb494a","nonce":"9deefcbfd747d7a666450fe1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"f1104534cfb1f630a1876794dce40ed78ed473c5d44f81fee250e83929e716d41c56a7e80fcc3f7adf7c24bb23","nonce":"9deefcbfd747d7a666450fe2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"fcb4d9bcef60463203f88a382d8e382e21e38b61ee5227c92ae814950ad15b1b9ddf2d4384fe70a7b9e5475980","nonce":"9deefcbfd747d7a666450fe3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"d4dfcc520a3579e1f4bf4ef8dadb6975fa8b15601272f4f8f45af24c9ae0986fc8e6aec2d74c37806b77a13d2c","nonce":"9deefcbfd747d7a666450fe4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"5be14aa7a5dbd3a70a94d6586e5c28a5760dc027b8561d2260e26e397cab957fab5c9031c3f7b806412c9d7e13","nonce":"9deefcbfd747d7a666450fe5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"71c48d09c5e2d3e71eb9a30a4748e8692e1b612060c100ec965cd1a578ec6e2ac06f7c2a17ceb016c1c2bb690d","nonce":"9deefcbfd747d7a666450fe6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"24e169598703c96a158469b8e617d6e5b1e008aa65fdbf0be7142ff717abb05c7d7b646659642c5673ef24a8d3","nonce":"9deefcbfd747d7a666450fe7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"4c384c6b5cbb27ce84d1fd6f228899f5dbfc3c59d8cc3a4640cc2ae924037b7e5c82f9d6f90f6be93d8fe00a10","nonce":"9deefcbfd747d7a666450fe8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"70bd3640d44af6c450841e9137e9f264892ecb8703a28faa3840593f001141f050136b6480f9decfd852a6681d","nonce":"9deefcbfd747d7a666450fe9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"8618bfce070a34739f51e1bb915124d9c2fb69e8917e902ec09cab7f70ee1c209f4523157eae55a39caad754aa","nonce":"9deefcbfd747d7a666450fea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"cca1cd72496a10d440e3a72f43efcf4c8a7fa1ed9b890dd6f06f32556fd5af6f0fc5606e2d297099d2cc30a222","nonce":"9deefcbfd747d7a666450feb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"48e790a40a317304dd8615bf15d4a14085f594559c4cf750385eb7b13ed1cf5979f17513c3a8fed55781402939","nonce":"9deefcbfd747d7a666450fec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"4c6ef2b4cd31bf21dbd8bec5b791547d6f6ce590fed69975c6f39c2befd1505bbff6b93d31c3d7ab525b7f6a2a","nonce":"9deefcbfd747d7a666450fed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"8dc43502d59acaf3b57cea2f6c6f999d47e29289c790082ec89994fd3c149fc6a9af83d5a8949e04bf842d1e4f","nonce":"9deefcbfd747d7a666450fee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"9d8f3aff76632a6f3f745431dd78b691845eef1e3bb1a51c8dd9c0cb9e7cd6b6e8972253e5e4392b38f5d5bb7c","nonce":"9deefcbfd747d7a666450fef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"6472181fe7c2c6258e650d3b468d4d1a0808865c2de654001e18be8a0d9409ced3cd4bbba12a9c3d2923a9f30d","nonce":"9deefcbfd747d7a666450ff0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"cfcfc71a3043429e64554dfbd8798c38216873aaf530c5925a36be2bf0bd7b61c39b783ff7685ef1babe2c3697","nonce":"9deefcbfd747d7a666450ff1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"6a9330f38b1cecdf0210c38574d4992fc9783c857cedb45ec5d2a6e5b2e794f6d8c1e8ec0affb6ec49c13e33af","nonce":"9deefcbfd747d7a666450ff2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"6a8c54f6342952aa1eeb391363c9b3e02988c813a05dff6eb5c012c466dd1bb6a24e0835b22033792dff814ad2","nonce":"9deefcbfd747d7a666450ff3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"79410159b520168157de23d1619c0664644ed263086c23dda63f709f9f9f6e85a61c82ea2264c7251415cc8646","nonce":"9deefcbfd747d7a666450ff4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"c807d95f645fbca3e290c4a793d1288f73ef72eb821cb8a9bbeca3436d6c1ef1a28553818a57486859655c95da","nonce":"9deefcbfd747d7a666450ff5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"68a08ebdb0b3afccd2efb870d8bf63ae6398b594a55f816e7d94241a6eafd7f9b6adee6551f60a611d83723453","nonce":"9deefcbfd747d7a666450ff6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"c34b02d913e12b5e21edc00c23813262ed66b5fd6593eeec19cd3755a23d0b4c2ab77a9fdf58fe40272d5eb672","nonce":"9deefcbfd747d7a666450ff7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"458a8a4def2b6883cbdc8251d4310ff8680d8f85d06139587a71af8b10f56f6968a886f5691547069577b1d717","nonce":"9deefcbfd747d7a666450ff8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"e28843fa1aca80460f29e715f108f560858ac78ef3d20b87d0bfea9a3d68076c1b22453cc483fe3fdda2d9d049","nonce":"9deefcbfd747d7a666450ff9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"e9d5643f862d76e18b52bafbadb5f89d0661bb3814affb500914eaf83fbcbcc3e41f839125819e591a1717b8a7","nonce":"9deefcbfd747d7a666450ffa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"cfb8155603630353c33b83a53211506e8152e580381a44a732fd9e9d8f25c9e79f06ffffe0acc65e895202fe0f","nonce":"9deefcbfd747d7a666450ffb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"5189120ea2d9da67b0653e83447c64429645aa2a70393c47b6f3cc95584440a2637789d52583980c6932b2fe65","nonce":"9deefcbfd747d7a666450ffc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"4e15797cb830ce29b4ae956910872cc187802ecf72439de21f3e00eb08451b18d306a1e66daa90d9a93a685178","nonce":"9deefcbfd747d7a666450ffd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"f0dd72ce35851d567613e99aa419e7491905eca6023319668169858a45c74688ea155f7ee5cfe79c82a2d5ac6b","nonce":"9deefcbfd747d7a666450ffe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"d4e632b7eed48241d6505e422a2dd44d85ac44d84703151aaa25996b78073eea3c4ae8ccf877e2ec0d5e48a51f","nonce":"9deefcbfd747d7a666450fff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"b00796d08dea71e3bb9309886d1fde0f35c68b093c7c15d4cc2a1df40ba157a982deac8a2251b4d6f942cc8d76","nonce":"9deefcbfd747d7a666450e00","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"d8aebaa0381ef749d2108fea259d078bbb0941f6bd24a8a537f757a8e1a1a0c5"},{"exporter_context":"00","L":32,"exported_value":"48e64963c4941cea9a492567ceac487e8dbc4ef2582776cc395a775b9ac5093f"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"2d712f50c15cced5f3f83f19b3925ef77c577a19f64eb29fa7d51feacd71d94b"}]},{"mode":1,"kem_id":18,"kdf_id":3,"aead_id":3,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"9a43109acdde684a28972b73791bedd1e40c7d40cec01b2e659fe4e3befd82cdb920897d8ebe8987c80159951ff6b19678743051ed75bc02569d051f014482c6504c","ikmE":"fe1507c2727175304d5ce4d86bab23fb11d838d33f24d08b6380c780f9413045af5edf9b0f68dbf417d886b10283dafd617f2429da89b980ed71d7c479b215b4d8c7","skRm":"00fd82ee56c24eb02563aa1a5a4e082687f4dd2b6e5696255025cb688fccc81a673035060982e0269b68d80ff1dc7cdc2f5b15e2db20dc59bc0d4810efd35e963acb","skEm":"00545c9a59cb75f01a70a597911606380d21dade65949c2746e18ebe945f9b4cfa16c34a22739e477ee24bdd5662d2a9b765b7eb3225fc58fab27959a6d416f53525","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"0401ab406318b4ee13c97b3154665b517cbf26cb507923cc617934fc77deff9470df98af6483285f6ce82e01f02c3529a2762294415626d9110b9cc34e26c1ccf7050b014f64fba39a23215af98ec36a2a32f18e57cb4d4c29fa4f1e65fb9b3b23bd710615034937f3a3cd2b8c97f34d759edaec1e75e60fc3288cd46e640aec92146dfc3e","pkEm":"040073046b12656d7bdbf4ddf4f38f6f657861793f26f61fb5ce68798b8dab3ca239e4717ad4e76b807970f0bd353224ff48075415f41af17bb2a6845f47cb239d1dee001e311f82795bc49f5df716d2a38251cd2b9e9eb5e310f9078ff75a7f0615332571ec2a6d26e92a75988bf28b60f1a197dbfe06f26250666f04ed163207934142ab","enc":"040073046b12656d7bdbf4ddf4f38f6f657861793f26f61fb5ce68798b8dab3ca239e4717ad4e76b807970f0bd353224ff48075415f41af17bb2a6845f47cb239d1dee001e311f82795bc49f5df716d2a38251cd2b9e9eb5e310f9078ff75a7f0615332571ec2a6d26e92a75988bf28b60f1a197dbfe06f26250666f04ed163207934142ab","shared_secret":"ebbd082d1fcf9eac2304cb48d70f2406f0f8a18f54a344c4d947a9e788a23954e0abee03bc886ea4efa8d6905f74defec757118dd98f79168f27547d896db339","key_schedule_context":"01c6a8e57593eb61a144a1e20bd4b48deda0008bb0207407ab5679de9543b80a1f5db7d872c1f8f0db384d4777aaeda462baab80c5bf406281bd6d73bde8be20ec22f3bb3f4a73881979994c3c83a46628434a24f6fba24b7cb79b65184480612f921684dd1abdb948aaa07637b3944e6ec7bf5089bc9e653f702dec2b8ceb1e0d","secret":"ed300b700d8fdb5049a0e910363763c5b9fc8de4e159d0772cb061da662be1c2fb69d9fc157fd8cfa75f8f29202e314f1e4d4448be54aa729a9d812eee08baa6","key":"e18b5c59550a61f02dd5b9e48489590731028a3a138155e00d943291bbaed34b","base_nonce":"04c09a0a7e9194a1a1730e95","exporter_secret":"cdff6de2b9d6190587f29c0fc7c1c2dad5bf278feb9223e3fd15a11186eeaf9f78e37cf082f44c44ecb7326cec825aab12dbfd8e3e528e2ed307107dab94a74b","encryptions":[{"aad":"436f756e742d30","ct":"268e957e2b55b77a1737826c1164f1bf157c237a12f6a08354b8860529aff59be21b1940f729a38dcaa6a2083c","nonce":"04c09a0a7e9194a1a1730e95","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d31","ct":"11c8e6dc7981913ddbd8e773b5acd0f9dee51f66845aea38ab8d890f5ec139719cbfa154b7b02d10b895fefdf5","nonce":"04c09a0a7e9194a1a1730e94","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d32","ct":"a6a41379a9f6fb625dcf495cfbed019fa8ae160c0d1fc8a5392cef2f3b21785f9caa90194ff688f46cb8944a0b","nonce":"04c09a0a7e9194a1a1730e97","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d33","ct":"677da09e560ef88cce8b1be3173c5bccb854929bb8e5c0d37960f06d437549d45565568b23d513e5d4bcfe4de6","nonce":"04c09a0a7e9194a1a1730e96","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d34","ct":"64c8d2e228f0dc480e05a92f692066fa92b6b471dd0fb2d71b653056459d99c4e001750f8d9e7c3251c0a37b54","nonce":"04c09a0a7e9194a1a1730e91","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d35","ct":"ee0257673769c6a4835771f9c77df1f5a907046890c49992a80fd315cc170dfdade18929a817116a571a208367","nonce":"04c09a0a7e9194a1a1730e90","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d36","ct":"ab512ec4216aa3877a147de4d2dd12b6a8dd6413913f1b49cb3295b34a71f3f6c86bae041b47fc415aee0040c4","nonce":"04c09a0a7e9194a1a1730e93","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d37","ct":"a471802a3b11835b21ddd7fc91994589a65bcbf77fb7e9c6b6e9f98cb8532ce1a9a6aa226e9aa131b29dba348b","nonce":"04c09a0a7e9194a1a1730e92","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d38","ct":"a0711976a507e178ebc4885bc98d636b49f602326bc192f00d1d9cf254e818b223c83e6ebc8475b40a21f8265c","nonce":"04c09a0a7e9194a1a1730e9d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d39","ct":"d0b859454bdfc3ea0ad836aaa73c8040765b7137c81e4e2b08ec02b77eafb8358d51127380fd49d737aab23025","nonce":"04c09a0a7e9194a1a1730e9c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3130","ct":"2938f42638a7227a76682fab45fecd9fb37c934d6e99890fdba8ead51f58d710b412be25673bad1dbb70c8ca05","nonce":"04c09a0a7e9194a1a1730e9f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3131","ct":"8d0382837da1e99cd8e6452e7f43e42659b376d8c5b3feeeb8eb731b2b8fe3df20230744dd57734130709e9e20","nonce":"04c09a0a7e9194a1a1730e9e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3132","ct":"e29e2e9145b8c0744e824799419d4dbba676a943372587ac65215b0f7ad3ac6dca957b28b60899b295c397df95","nonce":"04c09a0a7e9194a1a1730e99","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3133","ct":"d26deb4d27500a4ee41c78b2092d201af28a69160240e21ac8f74f07bfbb3c67b6fee06c627ea2d7cf2120ddbb","nonce":"04c09a0a7e9194a1a1730e98","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3134","ct":"1f5c600d1ec6bdfdc0013f24b3a877c863846848a5d07e1c1589201df8bb7fcb130243db5731fd7a34a17f7084","nonce":"04c09a0a7e9194a1a1730e9b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3135","ct":"f7405f05dea3cec7e61e5c02a8d75e39df2f1d43ac6cbe1697dcf3090d9aaefd91da1102b9ca33ece4131f02f6","nonce":"04c09a0a7e9194a1a1730e9a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3136","ct":"84ec00b5084585f6ec2d62379377d66d0706e23c812f5f388ffad0a49e17fe4b8611c2dc634717366ea40d1ff6","nonce":"04c09a0a7e9194a1a1730e85","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3137","ct":"2dc5b6f68152f6a29adc1ec21129b8d276ec73044c635cb1f1f08ecb5a9216abbe099731cef6dcff6ffdde922c","nonce":"04c09a0a7e9194a1a1730e84","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3138","ct":"f5d04cb94a14ca4dc407ca6dfd3c4b54e0eb6159a9082cd1c5aad628b3320f65e6bc708b2461a40bc1a3fb80e8","nonce":"04c09a0a7e9194a1a1730e87","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3139","ct":"af2d19c058d8d4f27eec5eeb46f087270038363d0223d581e103fbef91003e39a871c47edca64cc8954e4c090d","nonce":"04c09a0a7e9194a1a1730e86","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3230","ct":"1d3531fdef583ace8e4dd6d0817ee635c6589acf35c361000c1b525dbcd179063572d2fa1fe9f4dd4c2d082ea1","nonce":"04c09a0a7e9194a1a1730e81","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3231","ct":"b176354a87ef7be8d01a00c6d6ba3164691a62edf598b94770d23762a9652d99edc1f3210c4ae4e92121782ece","nonce":"04c09a0a7e9194a1a1730e80","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3232","ct":"a55544ec67b306105b1ceff3a32b120f8bf89b2fb2c4846c19a4e25865349a250b5b7f0af66175ab1e47b3042f","nonce":"04c09a0a7e9194a1a1730e83","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3233","ct":"6416c742e2223e3b088d2bc1b6a1cc266e2698151bd903bebdec30ba47e5cb68ca9eea121ddee21433b84785fc","nonce":"04c09a0a7e9194a1a1730e82","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3234","ct":"51a58b013b51080e8951e74e3c3b456848fd183209b35f195236b0262f48feadcc11f5fc6cedb61306c5d409b5","nonce":"04c09a0a7e9194a1a1730e8d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3235","ct":"1eea4ae7268c92fc9371964b12e654b822cb4f177d612ad373e07c6fb1133ba2bbcb7b82e25f7663db9c325a0c","nonce":"04c09a0a7e9194a1a1730e8c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3236","ct":"620ed0fc2df38c6fb9ee4b6c2288bd15445919a3361c687bb7a790837078f88396a8206daa08a514aa6a898d1c","nonce":"04c09a0a7e9194a1a1730e8f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3237","ct":"056931d2e52541b8c44b09b796a494f5d309ca293c7e954abf13c30454f29b8fe2a6834cab5081d97e8d56af03","nonce":"04c09a0a7e9194a1a1730e8e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3238","ct":"a610e4335e28b82541bfda4d32c4c45c650f8eb461fec023bc423ee360f69314806b9957c7d52874e528db2145","nonce":"04c09a0a7e9194a1a1730e89","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3239","ct":"9b615fb12c97d007bc12e228be3d5a301660401fad7865dd92d9e84e27bc7e4bc98104d0e4efc77a3617976765","nonce":"04c09a0a7e9194a1a1730e88","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3330","ct":"63008f15dc7238245ac7f634371f499945935433bc7f1ce48dad0b52d6df4337ccc9c29d99d98a8e6904f84d3c","nonce":"04c09a0a7e9194a1a1730e8b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3331","ct":"34dc4bfb7133dfb4cec1d5f6bddb1f8ee08e336506cccd4b395d19c10b4964b238033e5edec045a670febb0ea3","nonce":"04c09a0a7e9194a1a1730e8a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3332","ct":"88d6632654c608b6e9eda7b090632a8dd046b8a458140496788bc528cacbae399581d8ceceabc37ca0f505969a","nonce":"04c09a0a7e9194a1a1730eb5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3333","ct":"2ee1daddb08f41e0b6799a1fa0dcbcb4280ae6f18857e22ff1b55df545dcbd8b682a50b648c9b15436116092c0","nonce":"04c09a0a7e9194a1a1730eb4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3334","ct":"f8619cf550197b5310d9a974ac25144c7cd1d628478ab54743300eefd62a6b4a0a15f6b063dd79b880b07bf434","nonce":"04c09a0a7e9194a1a1730eb7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3335","ct":"4609bd5eb42c6ac4096c9acb1277fb6a17eb93c4fbb33ed7c83a5cb767323691c0dadc2928af0eee4e0bd14ba7","nonce":"04c09a0a7e9194a1a1730eb6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3336","ct":"7cd6a0c3a6a0f2a95875bc177fcc35cacd229a72e20c5fa05d813c87f2aef8e514215a995b449fb182635d76c6","nonce":"04c09a0a7e9194a1a1730eb1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3337","ct":"57196e709815bf98bc0ce25915dc3a0a5e8b5eb5978a2bfd5bce574be2f48a0782d3e10ea57bde3929ebfc2091","nonce":"04c09a0a7e9194a1a1730eb0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3338","ct":"68a08c27bfe865750d2aaee7a7a43d2fdd1b2d6552cbf1a55c895b4cc50187cc746eaf41f2cd9333e6a8204a5d","nonce":"04c09a0a7e9194a1a1730eb3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3339","ct":"da1fe4aa0c20ee353b79c64d8980883b3153e4dff8bc224cbb8e0fcdf4f7292409e3e429b7fc566a4aa61a9cf9","nonce":"04c09a0a7e9194a1a1730eb2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3430","ct":"789bf3693b5434acf1692bdd25a3737773113d5f3a2fef5a0ecfc592b8352ce33b126d6c60846801f7526c0b30","nonce":"04c09a0a7e9194a1a1730ebd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3431","ct":"6a2d2c702e53f5c018be3ab9ac8302061ecac2063756daab698853a989b967543b864cb9eee32be3368285b791","nonce":"04c09a0a7e9194a1a1730ebc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3432","ct":"6282f7cc68ecca7ca0c6e9f62bbcc4ea5198ab2b4f9253926a6b8f4ff8ba504db3264ed4cd03c21d65c9acf1d3","nonce":"04c09a0a7e9194a1a1730ebf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3433","ct":"6d629f2e2724c8fa07601ff610fc86dcf95574a1267fd15d74f97f0a2f083c05d9a8cd7f14dbf4281bc2428e35","nonce":"04c09a0a7e9194a1a1730ebe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3434","ct":"2beb5a02d39d1c923e4c241375f9404a831b95f0de616f8a05a13cdbc0ffdb143a065baaa8a86f61b4e9f7427f","nonce":"04c09a0a7e9194a1a1730eb9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3435","ct":"2342d0bb3b1d1a7277dd1a1bc9d27357f57c12ee08740596a31ed0ef633acc59f766ff31783ea054e24d76df66","nonce":"04c09a0a7e9194a1a1730eb8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3436","ct":"4f79769efbd90dfc5b200606f26340a76510a09c9945b005b1b7a2adf6f8d2dbb112647a5f9c9f10ca524c210e","nonce":"04c09a0a7e9194a1a1730ebb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3437","ct":"b5e4f6858c5ee541cc62e08af31c69bcfc2cc24f55dc8ef9330e1f6a790f631d614432ca4adc22248a95e34f0d","nonce":"04c09a0a7e9194a1a1730eba","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3438","ct":"74788021ef257b8fcda4f3ef17e3ac3f5828b2a3c734e89cf0e5c01797e43a7fc48c8338d93d63d07797a464bb","nonce":"04c09a0a7e9194a1a1730ea5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3439","ct":"3094332b6e54fb82a2ea5f9e3100991983b64ca0da996881a8f61e8c8e4ab29079d6fd46212f0f93bd895a6129","nonce":"04c09a0a7e9194a1a1730ea4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3530","ct":"f2effe0890c7a3a549703a803d9047ae021e16e2fc3c7c9fa00f64918cf87fd81a697c7b0e398bfe754a767332","nonce":"04c09a0a7e9194a1a1730ea7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3531","ct":"f4572bff7d88bc89e89d0c19d608cab335c70a6f505c0cb606487d55ae1a38ff31fc0819ce49e31d46cb180108","nonce":"04c09a0a7e9194a1a1730ea6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3532","ct":"93e8065234ca838c5b1ade1220dae3308d004aa3bb0feab564cfbb0c49a9eeba043070f32b6c235837084f9dd9","nonce":"04c09a0a7e9194a1a1730ea1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3533","ct":"f3421359804c926d3eab04572cad9e9f2e772596de8270f33c13bba5511133b45b84c1f879a25d05b03cb9526d","nonce":"04c09a0a7e9194a1a1730ea0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3534","ct":"9d149aec48260aeca849cf7241ceb1f8f5068c63ca0cd0ab886321ff786f20b9ca03a80d3e75b9aefc9e23582d","nonce":"04c09a0a7e9194a1a1730ea3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3535","ct":"62835fba37f430d1f678b1f133d946c2cf3895b3b23733b91ffb727742985632006e4dc91733459f038f58da87","nonce":"04c09a0a7e9194a1a1730ea2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3536","ct":"818c4243b71c08e06b2a8673dfa2740600320341c28a3307e1576847ca97ab866bf3f0093a9b4e445118b88282","nonce":"04c09a0a7e9194a1a1730ead","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3537","ct":"45021c518e8a40c73782cae775b9a3893c79db1eeb8f8e5d379b2c2defc8a0c296a3630666e79538eef0da9314","nonce":"04c09a0a7e9194a1a1730eac","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3538","ct":"6f24d870f845b7c80f282a367c861148046f4d0a5838f9287a07697af3acf1dfa8b43a9c9af93d1e26d8bbff2d","nonce":"04c09a0a7e9194a1a1730eaf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3539","ct":"33e8467834da9de3d5bdfafd2dd808a9d9aca7bcb44c6ddf811363224b0263d3c679e1387c760b7f435c58e4f7","nonce":"04c09a0a7e9194a1a1730eae","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3630","ct":"c6e5a6bacbdfac16ecf9683f8d274ff8290c7d82ca5cc613575bd7ed66ec88e71be9fa7da71bc614d2f1e29620","nonce":"04c09a0a7e9194a1a1730ea9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3631","ct":"b3ec9e8288af6add54c63e10c69946b572002bc9e9337883e3f67efadf5371f6346e1a5d8051ed175c829b2bad","nonce":"04c09a0a7e9194a1a1730ea8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3632","ct":"0a3f90306d6fc3a5a796c80d55751dea70e2aaa1cdcda8f34d81840c3e8efdb35ed52b61a8174d95b0fe0775a1","nonce":"04c09a0a7e9194a1a1730eab","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3633","ct":"b42aae84363b4f33e1eecf44ac68cf6eea5167de69339d43693a160979d841f8b54caae4f81a6693a4bd71ef89","nonce":"04c09a0a7e9194a1a1730eaa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3634","ct":"0b1583776260d5bb16e1d038af3fa6d4e524b10d6f1ec53abcb7603a9d1f7b22d04ce75c8a73446ff511dc9014","nonce":"04c09a0a7e9194a1a1730ed5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3635","ct":"5f372de3437d356acc070b9641467062afa46915dddd7029c5888b992d4cca76090c384aa83955c8e267de7ee0","nonce":"04c09a0a7e9194a1a1730ed4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3636","ct":"3b27451dd003739d8b20a7eec53f5a2556186136d505d269532f805f90dad1a141145a646e4347a8f50a85a23e","nonce":"04c09a0a7e9194a1a1730ed7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3637","ct":"41a7eacae696b89bcff782f8973b6543493dfe8e557b5f2740b3b5f3cf0accb717b9b6d60ddc5d9cd25b2034b5","nonce":"04c09a0a7e9194a1a1730ed6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3638","ct":"949a19fd6bf6fe8903c3d2ff2881dd1b813cac40a0c19cbbdca5f7e20cd93df65b1816f4a6312bd40bb81b2899","nonce":"04c09a0a7e9194a1a1730ed1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3639","ct":"986d757b561179ae8b115f242d2eb0844eb31c768363d1535ed383c399bf2d90bad002222943848e6a8dc5242f","nonce":"04c09a0a7e9194a1a1730ed0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3730","ct":"272134fa16ad5d999a4f659327a79f5b8700a52bc23cfb595ea3a3bf022517e6c46e3887d30e2c32c0eac41926","nonce":"04c09a0a7e9194a1a1730ed3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3731","ct":"0a564042f080a628192a0b548bffdd0cbc6fde09d2147cf2f14909a43dc0581e7504ebdf9bddc78b76c53e4464","nonce":"04c09a0a7e9194a1a1730ed2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3732","ct":"d5b99939493024f4ddab04415082e2b4fdc759b415d9e54eb7a4d6c97745de1dc723edd4816230fe660d941106","nonce":"04c09a0a7e9194a1a1730edd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3733","ct":"9fe4ddb438e3875dfc4c4d9fb458f008a0524f0185ad651365dd23bb94e6710e39a60c867cb5ec28d8b1ec0b26","nonce":"04c09a0a7e9194a1a1730edc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3734","ct":"7513268baee6e0b33a1032711a065eea746c5f1f319e107287cc83dbc1cd4c235ce555e4c52284459272212e90","nonce":"04c09a0a7e9194a1a1730edf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3735","ct":"54f7a21e693e859133fae50ad8d446e74b9025f260a466e3faf2b1c41525d9c87d1b130af91eb11b9189730f80","nonce":"04c09a0a7e9194a1a1730ede","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3736","ct":"b082f7b189144fc380289eab908c1c5c56a90b7b823e297ef3ecbec4dc54fe166b9f73ebb1089664edb4aba2d6","nonce":"04c09a0a7e9194a1a1730ed9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3737","ct":"f54934654d8e1a92835101286e117288b94381b28d68102b67bd25ad7733b3a6627501b7f73c78b2dd7b8cf4e7","nonce":"04c09a0a7e9194a1a1730ed8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3738","ct":"30137bf008a0288f02a7826bb3a565a574a23265a91269dedc7662df2673eb0c627f757baf9b642b3f8a8bb33d","nonce":"04c09a0a7e9194a1a1730edb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3739","ct":"12720be956d1b492a2a381d83bc472b577b7b8c3e964c4422e107c20f574f45683b824c0b3c41334a559f2da0f","nonce":"04c09a0a7e9194a1a1730eda","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3830","ct":"6e9a64fdb7b6bef0007c3acda66d76050d88397a0f48024d63baeaefec6b7ce9a2b9f793d4ee9dd30ed6fd67ce","nonce":"04c09a0a7e9194a1a1730ec5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3831","ct":"193e6826d3e5faa9b89c6c4164352892e6bc949ac66bae6ed6a49532d3cfa204a74df7b6f34f7d0a00f1d88839","nonce":"04c09a0a7e9194a1a1730ec4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3832","ct":"7fbb25a5556c6c0220c18b72f3f542707f9a3e59550276d570004b9d376c7f92687f6a24b99c27934ef6d33afd","nonce":"04c09a0a7e9194a1a1730ec7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3833","ct":"25cc47c21afd3568c9ae1f03f37582679ab1c80947e45de5451cdb0e2b18c82b5778a2a0aa260f0c59cfc19385","nonce":"04c09a0a7e9194a1a1730ec6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3834","ct":"ae57e0d84292964af99788b4684151682f3e1007448857f7f3290aa92e6f8c4d1fbaf153d86a37d8a4d2ff3819","nonce":"04c09a0a7e9194a1a1730ec1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3835","ct":"97e5b28c0888596d8d0c39de10de858b54768977f17376ca2ea8f8fa2d437dc7118a04b58e520973ee7277c6f2","nonce":"04c09a0a7e9194a1a1730ec0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3836","ct":"6e890443b76c0092ac8f1cae7cbb3c945b0750842d63634d1f69750be814cb3743fa5b8ad455a01c185326ac6c","nonce":"04c09a0a7e9194a1a1730ec3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3837","ct":"95ff11205a2d785ba6a50f4e9f54596fc00526ec4b0a12687cc69c4aa5a7611243712edae587601e3d909a5879","nonce":"04c09a0a7e9194a1a1730ec2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3838","ct":"6386bceec3f7cb60e29058c99d6480611df01e4f3e63f945f8e99bf24ca758b0700ab64c988c487e4a41add6d0","nonce":"04c09a0a7e9194a1a1730ecd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3839","ct":"a7385380105fe92a99bb53b791d093fdac4345d597bc89777bb13cc80ee7d1948e2b91920d541fadb2a515a473","nonce":"04c09a0a7e9194a1a1730ecc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3930","ct":"f2160e1db052f4a115f967fc4afc3a7efd13aecc24d45fd42479da1649ce3c7aee71aeb62332b2a06cffcc90f6","nonce":"04c09a0a7e9194a1a1730ecf","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3931","ct":"5c59927dc5c13544df9ca825b860e4c4782b4eef06b414c41804b69fac69891a8836506ccb5d750406f5f97067","nonce":"04c09a0a7e9194a1a1730ece","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3932","ct":"f4b4d5c457482bdb48795ac42c77a7c1c7663600d5b4f4e92f33be54710b0ba1f0695e31a967e4921915e405f6","nonce":"04c09a0a7e9194a1a1730ec9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3933","ct":"b858b65b5cd6e8b9c1be0493fd42c1f60dfb796d420919bd7b59d8bc4733f16f5eabfc8a4fb7888e06a796b133","nonce":"04c09a0a7e9194a1a1730ec8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3934","ct":"ec0f5b0f8405502d0382d9fd4e2461a1e7954c05658ebe06684226ccb3f7ffe9de693f58593c83cad6f72c437b","nonce":"04c09a0a7e9194a1a1730ecb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3935","ct":"f6d0d9ed4eca1ff7e2c7165cdbeafe9b5c5e4f589a39fb64324e3660a5fe2d1e41d9f2bba488f8b4d1ca31df9d","nonce":"04c09a0a7e9194a1a1730eca","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3936","ct":"6a5c53f6be8a46879e40cdc45725c1d1e39eca6437afceb8819bb90ad7242060bd14f530c2d7c5b60f44e5b695","nonce":"04c09a0a7e9194a1a1730ef5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3937","ct":"db8892d12836a96c71924b719f6272a5429ff91d37105315e31276c8f650a8145297c6bc93a482d6c64e030ac2","nonce":"04c09a0a7e9194a1a1730ef4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3938","ct":"cbdb00b735ed70aadbd00ef9ad718cc8faabc163c50ee491c3a10df16b72d27835ad5121a8caa4cf28c7429d0d","nonce":"04c09a0a7e9194a1a1730ef7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d3939","ct":"064a8ae7c0698436b40a17ccecf200b4ff6a52e02db263737b14c3633c8ddc6cc7ae5c82d63464759ee4a2522d","nonce":"04c09a0a7e9194a1a1730ef6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313030","ct":"d24682a811ed9611c5c21c28c072974f5ad6c4fa09011af05d8b795015769c6573fa7c01abc44aaadc0aff5f87","nonce":"04c09a0a7e9194a1a1730ef1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313031","ct":"a15486a85cc6b0631d9b2e38b79a04556078c402f851b8b74569db723582a4da8549e30b6d8135d25771a5c0ba","nonce":"04c09a0a7e9194a1a1730ef0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313032","ct":"e3da30d8808b059cca49021bb3dc8d9431f99063f4aac3be297e0fc404d558c42d41ce2bdbfad19066d2cae309","nonce":"04c09a0a7e9194a1a1730ef3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313033","ct":"0945d1956fce7567f69d18dc8faff345b6f44b32fe2bc31ac389896566dfaeb6fa6aeede47dfd90357e06d80e2","nonce":"04c09a0a7e9194a1a1730ef2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313034","ct":"cb1bca45dfd6dfde34c0f1a54dec07ac7a0f05543e81535dcb24ec7e38420c43faae1451d3e9665464caa44d86","nonce":"04c09a0a7e9194a1a1730efd","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313035","ct":"6e664e805a99c03b20bf839f5f0b4f6083b06d81062bbda5d100ed23e59ab195bbcd050b10faa8eb91dc7a8cfe","nonce":"04c09a0a7e9194a1a1730efc","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313036","ct":"64dbf39d420c339055b38bdb36a96d820d6453759a72f3d855352b6ba5a823a51070ba824fcd1bde31b8991158","nonce":"04c09a0a7e9194a1a1730eff","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313037","ct":"568e5f7138c524085d6942eff30ebbdb24c7cc783bfcb5136340f881d336e0115587cda11bca8f08e58deda3dd","nonce":"04c09a0a7e9194a1a1730efe","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313038","ct":"406ab866a819d78d0252ec0c45035001446aea890ee17b36bb87f70a90f073f8c2a18e209fe5213e196b9a9ac5","nonce":"04c09a0a7e9194a1a1730ef9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313039","ct":"ae09a4ecd174e619e5b0a409bf96bbf3a79128dee09cd15193d15df7e55e9aca59705a4e384e1732541ca1da95","nonce":"04c09a0a7e9194a1a1730ef8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313130","ct":"cd3e44b8aad143eb73b2e1d8c8c2a2eb9f240c74b1ba1f021c20d041e463a0ff10b1615ef59cd313c3be273e17","nonce":"04c09a0a7e9194a1a1730efb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313131","ct":"894b8a8c9edf9a93f2ca5e87e3158d89e02020818c9f53b585a4018b3f106710e65b4ba18f722724bac013a0ae","nonce":"04c09a0a7e9194a1a1730efa","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313132","ct":"008e68408c80611560376dfa7f650327afb11ece4e8fb271fb8298da7142b80867e8f265bd7734cfd70c8fcbdb","nonce":"04c09a0a7e9194a1a1730ee5","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313133","ct":"8cdeb2e0d2b5974d928c326decb153f9e4431c8c1fa5ad90a1d28a4ffa17e771c6fe2e48a55656af0cc6f2b3a9","nonce":"04c09a0a7e9194a1a1730ee4","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313134","ct":"5e2ed89fdce167f010e1254951daa91623feac817ed9de90c6eb7aa904a79426ebfbe23159eedf7876fcbccfcc","nonce":"04c09a0a7e9194a1a1730ee7","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313135","ct":"cfaafc231992a5a20dabcbc8e7d22a1816250a8ab93bc97c915e898afa43d7663816de255250873c4888624510","nonce":"04c09a0a7e9194a1a1730ee6","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313136","ct":"413c8ddd395e67a84baea1e761c1c2a166a004ed3f0b3e225481e0ba08ba91b8d29eaa97a7255c939fb261120c","nonce":"04c09a0a7e9194a1a1730ee1","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313137","ct":"a2f14ee9362fc73e00e0a6ed59e1053c2c11513be96680050ecf8b367a1842531320a1aa24d5f0a97d51611b27","nonce":"04c09a0a7e9194a1a1730ee0","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313138","ct":"3eb48c203304c510052124ad9c18dfde7f6824c63c75b88b6793a119ae220cc3d7885997e4c3803293e2ce6b3d","nonce":"04c09a0a7e9194a1a1730ee3","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313139","ct":"28f238e993d7fe30d89624e9e5b22090e2ae2af748395476cd41f0c0c9724a890792108bdc4d85f0091c697508","nonce":"04c09a0a7e9194a1a1730ee2","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313230","ct":"dcaf996705798e29a76abdebc6c2824c06c6a07d5b29301de4aa3172c4b908c456b25efdc907553de646a86971","nonce":"04c09a0a7e9194a1a1730eed","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313231","ct":"91d7e0bf5d16fb82e48bc516531d85d8434e7841da29a86ad365117e6e151eb4f2d94c4bdee37fb5efe18ad5a1","nonce":"04c09a0a7e9194a1a1730eec","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313232","ct":"c6808f7e389d514ae712b627f2ae5c5ae998922ee4ee86077d04a0f23d35263680e091126767e6be5478df39d1","nonce":"04c09a0a7e9194a1a1730eef","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313233","ct":"955effb0d4809282d04354105bf0fc45ac8e5ca3df5747e2a8bb0c2c92e0c03a83a74c13d1b1d34d45451cc493","nonce":"04c09a0a7e9194a1a1730eee","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313234","ct":"05b1ae00884c01f87015b5884d71db55ca10899bd1df9e4f7fc95c8f472211cd063f0bfacfedd9b43a8d4bcffd","nonce":"04c09a0a7e9194a1a1730ee9","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313235","ct":"36d53919837c0d093d48d638c3c16aa2ad0930900bd0bd542ef007a49de752096aeac56034337224142536fd40","nonce":"04c09a0a7e9194a1a1730ee8","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313236","ct":"2785d9594339f985d62950c6d37b9c659e6da091e39b024e6a48552510de6242c68fcb48dc50e77961ab4d2768","nonce":"04c09a0a7e9194a1a1730eeb","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313237","ct":"052023ae79086238da45f91cbf65a01ac52ad151dfaf92a7315bf023ba102b6b8f99daf3cfc36cc85ca02880e7","nonce":"04c09a0a7e9194a1a1730eea","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313238","ct":"6b46043830775531ae2b47760b11dd3c8e018353476c8da9774b367427d33f28e4d6fe25029c8e2026256e6198","nonce":"04c09a0a7e9194a1a1730e15","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313239","ct":"8a65b1d57dcf28d380174b4ca00843b902f342137a5f118d6911ced0d0496d6468d9e2bab8d2d656e813d9e463","nonce":"04c09a0a7e9194a1a1730e14","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313330","ct":"efd759f3dde7a160b7ee3294833e4aa8b7ef29b6e6941927689dea99c76e763f0b419a27e0f69cdb346ae3223b","nonce":"04c09a0a7e9194a1a1730e17","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313331","ct":"dd017f2d30a57201f4a04cbeffea742c9a286dffbe5cd0d7baf5810764d8d43dca1cb8d4fe64eb8784592945d2","nonce":"04c09a0a7e9194a1a1730e16","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313332","ct":"3ba7fd56227ff642f8e3c68941a7c0ae0bbadf7b9d516716ffb994c1d5f9637503006080291e7fd8a185134322","nonce":"04c09a0a7e9194a1a1730e11","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313333","ct":"2332ee7a28b1384d8d82a620ad7c56aa176c63a3e9d57d5094b295f9be1eb9e5cdf79c75629e940b4f8761eb28","nonce":"04c09a0a7e9194a1a1730e10","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313334","ct":"092b9438f04cf5c9a7b60f3da09298df9b1d6a862893370aad7d2f7a4bfcc5466423e09e073f2a43eec0530acf","nonce":"04c09a0a7e9194a1a1730e13","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313335","ct":"ddda2553e7a5e9ba55846cd74e90792f589d21e3a8a6ea799b96ae3f510d7fe8a671de29f1605adb3e1b1e3acb","nonce":"04c09a0a7e9194a1a1730e12","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313336","ct":"be6f946ad44e2c41ec6936098c6825258818bae56b3cd56eb40e4cacd2aa8e24189f0f41ad7b05170a142501be","nonce":"04c09a0a7e9194a1a1730e1d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313337","ct":"520b77e35033258561d0de1863e5b61cb273215b54716e113ac5b4224a43094d47d9469994a1379ab9926cd648","nonce":"04c09a0a7e9194a1a1730e1c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313338","ct":"66a235af1f44f55afa1ee84df5a2699c73f17c4fc2e1601fb44bbafe598b8ce8809f9fb56fef1021fad577e620","nonce":"04c09a0a7e9194a1a1730e1f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313339","ct":"51a25910b7616a318f398309b628533cfb57d939073969b9dc44d9637edb1aa1ddaf80d1fd9dd4c289a3815d70","nonce":"04c09a0a7e9194a1a1730e1e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313430","ct":"76b5a5c436c1614b93c805433954975cbc03fbc8bd62314e8d604a5b344caca77da9ded463f8708c17e8623a02","nonce":"04c09a0a7e9194a1a1730e19","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313431","ct":"0e68377ef216fab4451d46f9931348b2e1ce045c2ceb8dc73a174da9c719e40746fcdc9af3617ffa58bc43e3b6","nonce":"04c09a0a7e9194a1a1730e18","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313432","ct":"0e16ab1bc7a398a3720bd3c14f5102b25e77b4ffcf4b580ef1dfce903ad86f10da136c8a4cd25ab372ae35d3e1","nonce":"04c09a0a7e9194a1a1730e1b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313433","ct":"b49ad0db02d8c51e923ff579a7c0a31b84548884517294d4b49fbfefeaf8fba471e0b800e0cce71677a9cae263","nonce":"04c09a0a7e9194a1a1730e1a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313434","ct":"d68dce76f6e5e7a3708e9cb87f823b6ad01ec10988b8394255e7acb430154bdc182adcef62645a6e24b1a13768","nonce":"04c09a0a7e9194a1a1730e05","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313435","ct":"19b591ef7e0d560bbaf7976577cfd994abb560fb2eeb0409abe06b223daeb5d5f6dd21d8a60c49811476470c15","nonce":"04c09a0a7e9194a1a1730e04","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313436","ct":"37fc791794dbd467e3a2d0d2d945c66c756daa32553dfad22c056f44fbeb4743db5150d7c723b056daa1bf899b","nonce":"04c09a0a7e9194a1a1730e07","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313437","ct":"10d451a70af2f88714dc5ff21e8becce36dc9b613e31fa9b7f6ff798289b378e0e44b5a605a28e8d1cde6df50b","nonce":"04c09a0a7e9194a1a1730e06","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313438","ct":"1c6f54f534e347357c0e3e9d8309561f3398283e8d9b9c73d55b6409e784645336efd65c168fed9c5448a9c003","nonce":"04c09a0a7e9194a1a1730e01","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313439","ct":"d23e687341d4a2327bec65f45969825257a5e1fcfb5ae4cb27fa713b69da7eed89dd64f612c5cc5f690e75b8cf","nonce":"04c09a0a7e9194a1a1730e00","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313530","ct":"973c2fcf97ae2350d5c5e79b4fb8ded1ad6b15f438e9e8f770570b32b89802ee9d16d836fed7cac15601d10897","nonce":"04c09a0a7e9194a1a1730e03","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313531","ct":"77ee878a4e7bb81159717555d736df5d96f8fe4b1d39733133381b81e98a8dead07ca42d173ecab0fa06de4314","nonce":"04c09a0a7e9194a1a1730e02","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313532","ct":"e2fcdf34a74a64b1461bff5e9e103983dc2d7549f9b8022346a1b6f9aeab8db315aedf2ecefae503c0149d96a4","nonce":"04c09a0a7e9194a1a1730e0d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313533","ct":"7d74889248e5d899017965fb83747f0f205a2e7f1092c61f29886204081dbd38770cf24a5f1b6ef7a34c713e96","nonce":"04c09a0a7e9194a1a1730e0c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313534","ct":"d7e3b1542970ac2cd8b9a9653ecdae35df43ef6e825f7b75ac568713a659d7e57a1fbffb5e1aeef15613ca27cf","nonce":"04c09a0a7e9194a1a1730e0f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313535","ct":"78efb98898e95ee66704426c3d4aba22a9c063f340ec4c6b52b843e17d4d9ccba9a206d4c53b8e6d8ab784f71e","nonce":"04c09a0a7e9194a1a1730e0e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313536","ct":"5e4cdc934794efab41e896b9cda2e2f80f6bd63addbed911a8f0dea820aa3c3b2399aefe3a9d86da8e07b693e9","nonce":"04c09a0a7e9194a1a1730e09","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313537","ct":"3ab02aaf60305a319a6c6d1169ce516940fb2554940d137a07bf9ef622d00251ff81607002ca031c6f07a8d049","nonce":"04c09a0a7e9194a1a1730e08","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313538","ct":"815b815aa14a56051f39d3cc2a46a754373e59de9db37098835c4383391cfb21ad90de0d592261b43d1d8b8f84","nonce":"04c09a0a7e9194a1a1730e0b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313539","ct":"8913b865239b583799d358c1aeeeb8ff5bad9b7b16414e889388499c4d8066f238521afeb27c923ff07c3aeaf0","nonce":"04c09a0a7e9194a1a1730e0a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313630","ct":"451d12debbe10d3e4e1584b85da02c3343156e93f8ec4349837370dfd57d8fe98a85e5f989820facea0636a82e","nonce":"04c09a0a7e9194a1a1730e35","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313631","ct":"cb8158ade93077599f79d53da9cc717df00e05e29b8f6c1487363660a7fe5310a804c1fd59d41d8d7d57787945","nonce":"04c09a0a7e9194a1a1730e34","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313632","ct":"02f8cdd61a913fff3c18e02fcd234df6259d7be0432c89457b2c27afac92d14738c4c92f4452fbad1eb09c721a","nonce":"04c09a0a7e9194a1a1730e37","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313633","ct":"597b5c961e97ccf6df9d3bea90132b45b7203db383f73ebb4b7830eeed9553e5ea4f8fae0ed1f795f584ae6fad","nonce":"04c09a0a7e9194a1a1730e36","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313634","ct":"0951fc381316041e7b09c688cfe860e3b5fad2dc8a208b4a637657e95626f8f57b01a73405f4680376894c9bf7","nonce":"04c09a0a7e9194a1a1730e31","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313635","ct":"dbb33cf06f674518dcee3012da56301d4b15706124de64b4ec974c97fb6b0e9e1234c170e603ab597ccaa36c16","nonce":"04c09a0a7e9194a1a1730e30","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313636","ct":"d08db2f40338bbfd8e173492581830ea0c43defc53045f9f32722b2a3cf3bf1e2e2d61f9f05e21108c0d4dfedd","nonce":"04c09a0a7e9194a1a1730e33","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313637","ct":"03f149b77c2189d4417b617efaf9f62a2eb996aaecebdd391ff7008a4d7ba18af0ef5628ed90a988bc9663d62e","nonce":"04c09a0a7e9194a1a1730e32","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313638","ct":"b1e335307481ee4544c43e789efdddf6937d55455c89ed7c5af29325a7c078e3b5defeb1a29c1592c376780774","nonce":"04c09a0a7e9194a1a1730e3d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313639","ct":"bc1b75a00d63a73f699344a21d4a17d9fa2e12dae81c0d906704bba5ed385dde4778e1419a0607e48f939b4124","nonce":"04c09a0a7e9194a1a1730e3c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313730","ct":"3d4b4035a7e2376584c71d62a552cc88e0823e9d912d100bfd9be7e13ee515973dd42eaf1ab9fe792c58f7ec21","nonce":"04c09a0a7e9194a1a1730e3f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313731","ct":"924b5d72d82b404ac561f24aa419a22a434cdd33ecaeb9a8bba28715ee97225e361689cbd93cf4e0494571a292","nonce":"04c09a0a7e9194a1a1730e3e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313732","ct":"55c182a230575a8867889ce275d694e374e3e62681f710baafaec98dd8b63eafc2966ea47a261e88b4cea47b52","nonce":"04c09a0a7e9194a1a1730e39","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313733","ct":"73019adc0d3e3b112991c69959f6bab04fe349972fc68647bb51b035a4efeca0307dbeabcf8d251f613bb14699","nonce":"04c09a0a7e9194a1a1730e38","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313734","ct":"cbf8f103a5fb30c6226b6b60d096b852188ac692d3c419ef61eeb13a500681fa24d2644a561610c32444095bfe","nonce":"04c09a0a7e9194a1a1730e3b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313735","ct":"12a302b16459d99bc0afad1072d3cb775691245578fe90670244ece2010b41357bf445894a0495e3b1c67557d5","nonce":"04c09a0a7e9194a1a1730e3a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313736","ct":"3da28d403de5e9cd2e8c014f13989d17431ce3081f8be6c8763680475218091eb8a86794209e151298bac79756","nonce":"04c09a0a7e9194a1a1730e25","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313737","ct":"b1f9788792fcfde4491623822003ebcf1d5c33c107f7c15edb613dd8026ea82a96991c5a19f99a85dff57a659e","nonce":"04c09a0a7e9194a1a1730e24","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313738","ct":"cd8f1d31d8f3348091c5ddba5fd024e2313c896d6475107f7100e3e17a69131f593a717cdeb2529cd8b883a836","nonce":"04c09a0a7e9194a1a1730e27","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313739","ct":"69bb8af43191123fc1ce35fda1e4d97f1f8cbbb64afe0676dccf25f2f6a7b020c9947db867424f589057c79b8e","nonce":"04c09a0a7e9194a1a1730e26","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313830","ct":"cf8d823c70fd9d9a653726740a587498fa64fe4f4cfee97916be7419c9ae3d0dbe5d37f93f3a445903cd6de87c","nonce":"04c09a0a7e9194a1a1730e21","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313831","ct":"0769d6dc21f08f756566c1709e83b112c70a6e898516c9938f426883d497433ac8765989679e9d208f32080821","nonce":"04c09a0a7e9194a1a1730e20","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313832","ct":"30eacda89d4faa78e6cfaa79e299f9d36172a339d7f8641ea585a396de29f4592e2eb10895801c2de7851435fb","nonce":"04c09a0a7e9194a1a1730e23","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313833","ct":"a828f61866d04b1f94b8898153965cd1c9805239baef83e02d18fba8762dc755ce213fd7426ef1c60dcfba76f3","nonce":"04c09a0a7e9194a1a1730e22","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313834","ct":"6e3a6457bad1646ebdbc43aa7ef9a807d310b54c0087be454d5fb342018180bb64c28e189b837583788d703578","nonce":"04c09a0a7e9194a1a1730e2d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313835","ct":"4c0e331ee44feff5d2b56cfd4e564cc21cdf40f6711bdd55805e8de14bbd9563e5793a643cde6e3577539c4a30","nonce":"04c09a0a7e9194a1a1730e2c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313836","ct":"a92c3c42b7c7c458b460154b63e47ffcd03168887352c08591eebb8a3519a3fcc97a567136527ff5f0beb41e9e","nonce":"04c09a0a7e9194a1a1730e2f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313837","ct":"7fd3a6a7dadfba778981afb513c35f5c980633206fd4bd6c60ed5b919a3938a4562025b155813ce79dbe23912c","nonce":"04c09a0a7e9194a1a1730e2e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313838","ct":"42c35e1b19b9fa16f3aa686f6114f4cf7d1184779391abbe6cd30d3dffa4014ce04e10d5da79a7e7e546c51e5b","nonce":"04c09a0a7e9194a1a1730e29","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313839","ct":"5ac4de2938985bfe1f0c2dc074abba9b744e4fae0092f33d0e8e0a1c6b968169bb04d69ced66a3e4d7069d9703","nonce":"04c09a0a7e9194a1a1730e28","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313930","ct":"2eac3a8683472f3b16366be59579252fc3e2467b37eef9c1674aa3824e97b510fcbb16d6916eb3373cc1dc3e9c","nonce":"04c09a0a7e9194a1a1730e2b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313931","ct":"2bbb7c62ed041f8de2715c82864c9a93df5f04b1988a1a1bf8e2fd91bf85d0b40cbeddcd5f4f02b02006bf72e6","nonce":"04c09a0a7e9194a1a1730e2a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313932","ct":"21c5204ad36b8b4932fe990a47911a8a97cfde805889518c9f0dd2a9d26ed6cb7ed68f231ae9aa3c9eeffb937c","nonce":"04c09a0a7e9194a1a1730e55","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313933","ct":"66fd4492d0bfa387993128e060fb111ad06826dec688350426d989d4b9f3bf1c0fd5504b8882f12f25d70fca50","nonce":"04c09a0a7e9194a1a1730e54","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313934","ct":"2a4001330cfa9d6748670067f996c94101bbcf29ec7ca1793a1790bc207315800bb561a3e6118117d855696505","nonce":"04c09a0a7e9194a1a1730e57","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313935","ct":"48ffb100787458dfb0f2aa7b6c3f715dcb48c19478ac8c320aa6fc948dddaec5c17b83a58c83f9cf1e1bde29da","nonce":"04c09a0a7e9194a1a1730e56","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313936","ct":"55a6933cb5ed534b82faaa8bd5838fdf928687b088de647078b9f417f93c36514843c713e35222d9c9ed1b392c","nonce":"04c09a0a7e9194a1a1730e51","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313937","ct":"952a24574f1dd075e49099eec3391a027539d6b43476e93273a03d1800982c13912be417fab4bf43bdfb0747d6","nonce":"04c09a0a7e9194a1a1730e50","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313938","ct":"1ad8040dda7ae9e15e41bd23601a932d10ef65adbd75972cf32b8f87518c44f872bdf39a0f4a3cf3469b5bbd9f","nonce":"04c09a0a7e9194a1a1730e53","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d313939","ct":"23d9071b09a99fc24f7c1bb8a96a3e83bd4b687c1dc518e1c845bb28d3e47c19b74f0ed3e0b88e4d1164b11797","nonce":"04c09a0a7e9194a1a1730e52","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323030","ct":"5b5dfa487459bd476808d408c1c426c9650b9893c429f75d8902ad20865740d048ba46428a46d5c3a0069b621c","nonce":"04c09a0a7e9194a1a1730e5d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323031","ct":"82e7242dfb4a8bf8164bf9c9c244e2ad8c04a3987510bd39cb5d31b11b7b79dd86bd85acbd2aac80a875df1eb3","nonce":"04c09a0a7e9194a1a1730e5c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323032","ct":"3903dd90f4b0069067699470b935205f978ea28f11af3de36f5ed980a0055ee58bacac58bd100dfb8664a6d9ff","nonce":"04c09a0a7e9194a1a1730e5f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323033","ct":"01a00830aafafe94e85d12ca0fe017750d4f934be82866693acb744aa43e05289f1b60302f3dcca7495be63476","nonce":"04c09a0a7e9194a1a1730e5e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323034","ct":"0fd1b2b3839cc015186d2a72ab5fa655dae2eedbf4e24fb2dec1a059d72f0c1c3042a4195c78655f76a41fb029","nonce":"04c09a0a7e9194a1a1730e59","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323035","ct":"c60a50267082b2788ca1bd6fbb06a1f3cc7eb77d0d546452b62a82ccac3df5f9351ca73ee4e3bf7a31f83829ff","nonce":"04c09a0a7e9194a1a1730e58","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323036","ct":"b543024b849934c9f1ed11756956799b571e8df6fd0fa517eb87417d7f9973be765984773e0038134a9caea2d0","nonce":"04c09a0a7e9194a1a1730e5b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323037","ct":"e4e408df081e127c99d56e6a9bd2008df588ddee88e28c238c91d740c9886fae1c2d4d12f9553dda565f46c7a0","nonce":"04c09a0a7e9194a1a1730e5a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323038","ct":"e7827bef6a0b35779aa6bbab16d7be2e09e0fc4accc0a1478c31193158e66a30a6a9777bd24f8d876aaa27abd9","nonce":"04c09a0a7e9194a1a1730e45","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323039","ct":"a4b673693bf1ec62d8a18ced2fe720d6989540d81923d235739d060e6200bfe3ac8ccd9bca2ac5525e1cb38cc8","nonce":"04c09a0a7e9194a1a1730e44","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323130","ct":"9fc339fc7b93ef4597471dd531ce64b77eea371bca6059eb341dd609fb7b9fe7f6fd4243f0b368e85ee116a92a","nonce":"04c09a0a7e9194a1a1730e47","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323131","ct":"519bddd7cf639bd8d667e78f4d59c17b06cf836d35b444416f1168e419a3c77dae589c4e5debba3f1d50cc9ce6","nonce":"04c09a0a7e9194a1a1730e46","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323132","ct":"eaa3055f06efdd69a8b7115f0e35a6a9733de38973babaf787857ff1c7ac577617987cdba6c98668c29cf74b63","nonce":"04c09a0a7e9194a1a1730e41","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323133","ct":"81b9095af9a9e1bd084391ce40227d6256fee7a138eee8818d86fbef20033ca2f1f3f8d57d74e707d6e073c34d","nonce":"04c09a0a7e9194a1a1730e40","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323134","ct":"00d32eb97421d29e4197351faa093d98e0f67abf663becd63931de240e2c54f5cbb241cfe36005914306189092","nonce":"04c09a0a7e9194a1a1730e43","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323135","ct":"d88833ddedf46506f51e592402538882a55d34e9b04d7f8dd6ca5a7c66213e75a80bb16adff13336050a7ad7b6","nonce":"04c09a0a7e9194a1a1730e42","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323136","ct":"88faef2fcc934ababf39ccc62be68d90c3ea094863b0a9ceebb8529a47c19df3f3a5da9eff0560e39b5eaeb79b","nonce":"04c09a0a7e9194a1a1730e4d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323137","ct":"41bcfc6e7111f4192460af6914c64368605f77ec8dba7ecf4cc066b67b252ab8558ffa1b8ce5de60dd8732990d","nonce":"04c09a0a7e9194a1a1730e4c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323138","ct":"2e9b07c98d806df0342d83ae39d859def5d9c85267a7024c400ad7b58a63cbf2826b27c6ca77309adf8ca01ba5","nonce":"04c09a0a7e9194a1a1730e4f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323139","ct":"79231cf2411132c8338b521ec5c77be610a46dbf959bc16d79326bc7a7c5623fd32bf634e7ac06c186067008d3","nonce":"04c09a0a7e9194a1a1730e4e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323230","ct":"a89b11fc3791383d7a59f3df42a78fdb4ea962a4da74e49ffed6c7ff338fcb18d4ca78c52c8b06f9fbf6b2e9f5","nonce":"04c09a0a7e9194a1a1730e49","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323231","ct":"12566f513f3ae28454fe6df2f9c8bb244e21f7bb5a89dfbe8a7a0f41dce411dd4d8874494ee48bebbc410614a4","nonce":"04c09a0a7e9194a1a1730e48","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323232","ct":"ee4e17b3ead29b71032e1f811dc1d73ab8d55984f35e0ddff746ea216030c741ec8efee11e03a0f355bc1437e6","nonce":"04c09a0a7e9194a1a1730e4b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323233","ct":"a74ab9b310deefa36100dea3a7590441aa42ffb86ba3736568fefc31699abb80bb48f26ac86dd217bc5751dd62","nonce":"04c09a0a7e9194a1a1730e4a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323234","ct":"b181faed2a860b9fc618860a33341ccc43bf371a07c3511958a930e89c4b43b1bd837cba4122b9215e0460c6e2","nonce":"04c09a0a7e9194a1a1730e75","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323235","ct":"40910902b3e255fa51badb330cd79ff795d48a177756576cdae227ef2a1197e268fe0fbb87728e8f64a1a6be45","nonce":"04c09a0a7e9194a1a1730e74","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323236","ct":"5a637d3ef00a1613565ea2365ee32a88efee5ca9fa033d5af3af498074f94df0d5242a7823f065dd747368d244","nonce":"04c09a0a7e9194a1a1730e77","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323237","ct":"19b2a0083a81471755fd46bfcbd340c71d2c8acc44d07e99894f621f232964ea4111d4a1203eec5b960dab2054","nonce":"04c09a0a7e9194a1a1730e76","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323238","ct":"7b2c21de6b497a6564bdcc42e2fd425cd94f0f6c23f918a9f18014e0cc6641eef8d1929fc9161bc45165549c9d","nonce":"04c09a0a7e9194a1a1730e71","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323239","ct":"792041b417f5fc5a53c62dfdd57fa437a0ad002981436d0261bd24c3953534b5329c7bbdf60f5efa1ddd0e2423","nonce":"04c09a0a7e9194a1a1730e70","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323330","ct":"8e0c01deeb3713952fb92ce95489e1a0b8f39824698f464f7c2bd7451254e448b74e23237451eae06b369e6db4","nonce":"04c09a0a7e9194a1a1730e73","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323331","ct":"c1ed64ad41488875422088cb1bbfcb9160a405f8b2c2f960088d3c5443481e1a980593873194446a9728490706","nonce":"04c09a0a7e9194a1a1730e72","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323332","ct":"b08867481a056956f3017dde83c67543d63a6e4806a5c2879ab9453cbe134ca5c39d41e216e2c827d881aeb817","nonce":"04c09a0a7e9194a1a1730e7d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323333","ct":"3c79ebc9c7a019bb4a73c3040ce6c23e85ab99165f0f69bb84f954137ac3944c7dfa19271868dfe8ac073df992","nonce":"04c09a0a7e9194a1a1730e7c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323334","ct":"d00a36a888a75408a9fd6a4bc9ab391868513d916fc0e00eb72f4c7d8625cc91f1cd4192cd5a207a654c00fa10","nonce":"04c09a0a7e9194a1a1730e7f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323335","ct":"dcaf9877d7d61198635cdbc868a671e5d2c6de1c7a0fb3dae458cb155558fb9bc1c95ba551fbf09b2ad52cdee0","nonce":"04c09a0a7e9194a1a1730e7e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323336","ct":"b586e5e009c572f9faa6c01ac061b5d1c07fd1115b36188593f76392f060bdbc22d8d98ffc0ba8d4a9d9dec4d6","nonce":"04c09a0a7e9194a1a1730e79","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323337","ct":"65fad7a40b3a41dfd0bbc26420ec78a822291afae64cec939de8e9727b50dc890ac0771e90d721632bf47dec78","nonce":"04c09a0a7e9194a1a1730e78","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323338","ct":"5b6d09305ff96271e6965d2d303f70c5087ba9fe06a764402f7fbf9584c29be13f272e6233d10ebab3551ae811","nonce":"04c09a0a7e9194a1a1730e7b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323339","ct":"d94d79f9afda40cf2161c25168f2a1a75222a13016c71e3982c260b4dbb887e729f2c49c3a8d2461c9db05bd5b","nonce":"04c09a0a7e9194a1a1730e7a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323430","ct":"aa019c906417adb2dfc614f6e2d95a3dade0db1fbd480c146e766ac22eeb9cead6653c0c1abf45387c349c89f1","nonce":"04c09a0a7e9194a1a1730e65","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323431","ct":"571c1c3c631ecc53327e1831053fe7f2e8f2052850252e92b974808ceb918fcdb8b5f6691a36589c98a56a1f33","nonce":"04c09a0a7e9194a1a1730e64","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323432","ct":"b48bfa8ebd8bc9dd163a23977ad15fc3776f91bc1ef2fb45fe7a515116932d6e0fd254ac1a00dc9d2fcbd6a1b3","nonce":"04c09a0a7e9194a1a1730e67","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323433","ct":"d001e7feec4e4580b33af9a2ae466eba1c5633dcc00902139741fe059cbc106a0aac7ad9cbc239d5d18089a972","nonce":"04c09a0a7e9194a1a1730e66","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323434","ct":"5c1138c19f719c4fd7c18a1c668953c6bc3bd6d77195ad69094feabe3a46f17deb83cce5798448fa79d4e9cb3c","nonce":"04c09a0a7e9194a1a1730e61","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323435","ct":"81135a33fe6a3a34fa68b8e2296054de79958763f3c3d88121623dd4c4616a33bf5e193dac749c7975a9c19ad4","nonce":"04c09a0a7e9194a1a1730e60","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323436","ct":"72fe00cf4107083253efcfafa984e17ed7b757454acedb6ce414cae378e22b2f1dde68d854be474d583369d44f","nonce":"04c09a0a7e9194a1a1730e63","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323437","ct":"1cacb95854e662cee31701e259f8ebb4fb011188a2315280b04f34640668e96bc81817a8208870b14de7ad0097","nonce":"04c09a0a7e9194a1a1730e62","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323438","ct":"9bedea18ae9adfb911a1a494aff251373fbfe52f834e614b1a71bf68db56b83904ec8f5d4129cfd7110281e701","nonce":"04c09a0a7e9194a1a1730e6d","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323439","ct":"ea913a8fd6dff56c588a5b93c2114e66fc4723a9c7ea35d45bec5ecb1be56f8ac1918f6625cd96538aa4d3fb25","nonce":"04c09a0a7e9194a1a1730e6c","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323530","ct":"cf050a32eb6e78f3694e85444e141de39409803f442ee9bf6a1b00b0dc32721cd49da5b78cacc81ced3897eb1d","nonce":"04c09a0a7e9194a1a1730e6f","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323531","ct":"ee3ed14ad2d35d2338a182e69be9f31e55600d17122a9a1b4022b68bba92aa0cd2afce9a5ec2bbd727fe70adf7","nonce":"04c09a0a7e9194a1a1730e6e","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323532","ct":"8571b37b63efe05fcfcdc03b6ff6a54210bdfb24f51f24c349b58e3eb9c1c3160d14bf66a0a4d147e0ffed7856","nonce":"04c09a0a7e9194a1a1730e69","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323533","ct":"c8fd61797083e983fde6cf37c8410bbe0f616ecc1e7f60707588a7f2f4ac8d10a43b0b4ed570c25e5ad14f4a13","nonce":"04c09a0a7e9194a1a1730e68","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323534","ct":"05f6d316b8f78ad826e4f2bfec8a84d2a4398609490dc25b1410600d8c1eb225fea06b8c9b0ad77f2e577b3fca","nonce":"04c09a0a7e9194a1a1730e6b","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323535","ct":"100854592d54d820db0f9eb0b84d444b6234d44ebcc8e288d2ab13680b5fa2ea8722a675487a7e42b7c5a2f067","nonce":"04c09a0a7e9194a1a1730e6a","pt":"4265617574792069732074727574682c20747275746820626561757479"},{"aad":"436f756e742d323536","ct":"ae921e72db3b81160354e84fa89a2a67bdf701cfd6befebb7a587c1f114846acf0d8f9ec0a92a503de126ac9c5","nonce":"04c09a0a7e9194a1a1730f95","pt":"4265617574792069732074727574682c20747275746820626561757479"}],"exports":[{"exporter_context":"","L":32,"exported_value":"e5cb78308c42b15722b1f446d597a97cba9d7efa2811c93a3d287667f5a93517"},{"exporter_context":"00","L":32,"exported_value":"740772bfa151260eb96de2cdf303231bbbf98a4c8676eb42a6619eb929ac1f61"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"83ac3835390f7317131823b89b27391c53b29174d6eb7403607c410ce3ed5124"}]},{"mode":0,"kem_id":18,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"a243eff510b99140034c72587e9f131809b9bce03a9da3da458771297f535cede0f48167200bf49ac123b52adfd789cf0adfd5cded6be2f146aeb00c34d4e6d234fc","ikmE":"3018d74c67d0c61b5e4075190621fc192996e928b8859f45b3ad2399af8599df69c34b7a3eefeda7ee49ae73d4579300b85dde1654c0dfc3a3f78143d239a628cf72","skRm":"0045fe00b1d55eb64182d334e301e9ac553d6dbafbf69935e65f5bf89c761b9188c0e4d50a0167de6b98af7bebd05b2627f45f5fca84690cd86a61ba5a612870cf53","skEm":"012a86116970d32360496bc00b7180b5d7b7754fa568b6071f37e43db8a99f80d5bccc783bf9cee3ddc13e81f0b969b0b2a05b32796990b8983855919a7f44c96dbb","pkRm":"0401635b3074ad37b752696d5ca311da9cc790a899116030e4c71b83edd06ced92fdd238f6c921132852f20e6a2cbcf2659739232f4a69390f2b14d80667bcf9b71983000a919d29366554f53107a6c4cc7f8b24fa2de97b42433610cbd236d5a2c668e991ff4c4383e9fe0a9e7858fc39064e31fca1964e809a2f898c32fba46ce33575b8","pkEm":"0400932d9ff83ca4b799968bda0dd9dac4d02c9232cdcf133db7c53cfbf3d80a299fd99bc42da38bb78f57976bdb69988819b6e2924fadacdad8c05052997cf50b29110139f000af5b2c599b05fc63537d60a8384ca984821f8cd12621577a974ebadaf98bfdad6d1643dd4316062d7c0bda5ba0f0a2719992e993af615568abf19a256993","enc":"0400932d9ff83ca4b799968bda0dd9dac4d02c9232cdcf133db7c53cfbf3d80a299fd99bc42da38bb78f57976bdb69988819b6e2924fadacdad8c05052997cf50b29110139f000af5b2c599b05fc63537d60a8384ca984821f8cd12621577a974ebadaf98bfdad6d1643dd4316062d7c0bda5ba0f0a2719992e993af615568abf19a256993","shared_secret":"3ecf6066a2ce767236c976cd91e63060fef16a4ddd03eeea4865038fb0659806853267102927acba630a0ea2e375159e6d42e4e8cc398ae006e8e32a92421ff0","key_schedule_context":"00e61f42c12d5c0c82d55c04b7352e7e6c6e958c77f5e6634997eb731b73acef61057b2dfa6f9f246c24be60685edf1a525c8cc473f6f3cebab5abdd73d01414d1875ca98065a7ca3f2be4e8b6c32ebcfe5e25c6f0ed8d6723cd6f24cd0dc258d80ee0c9339696e1eef5fd9337f77057357273e5a8fc62afc59761ce830cbec4f6","secret":"25c8012051a03ab91194ce53208568ec61357d22d043643844a09b3c0111e0b08bbc27644bb4ab10b820f6306e4184700fb192bbda3dd2c32ec7387a954fdd1b","key":"","base_nonce":"","exporter_secret":"76fb29d2ac24967825c4bb3adf90ec7f8ebc559969f8b7517da7d828a2dd796ea632da532b33d087d5778bd53059c573ef080282c52020d610064c3588e7b695","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"df11344c05d75ea6302261a7c47cba102aeea4097eb2753511c69c22d1dd41fe"},{"exporter_context":"00","L":32,"exported_value":"0431d3ab6a889e3efbfc6f6d79bb7464c2c0c8e6d28894ae5000479b55a2b55a"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"a2ddca42064b213cd7cb77bcfa9def157d5dd874131df64fa33b07d5b91c534d"}]},{"mode":1,"kem_id":18,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"97f11485a3253a5dde5317307f8ecccdbffb309fa17593505f023968c5d8dc192bea443636a2529cc1ed0d6972c3d4e77f412d971c7b08a7fde4210df349d8b4dcd6","ikmE":"0dc7aacf252c9fd76a4a11693e02cb172d98040327cfa3df822b2b6cc8bd33d878ef5a5fedaab182fad0f0c0a1fa119ed5a346d313b7acff3127e20bc80137277964","skRm":"00722177dff1a35774110e3647e6fe9637acbe6055f8c9742b49a741d46c812a1ee5cfa4c95c09deddb9df0d4e0235cde6366cf552e9b6543b7360faa5c27051b6c1","skEm":"00a0b7fefa1156cc59d802bd0bd375e3e151fdc96c59de6fe32fa2aa211520e079852f5d236f0445789b9444f5e11f10e434b51c060775312d173bcd6f9c5d77013a","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040079832f3d45ca835c2429171d73cdb133d4636d0a002c5e35c531a41a31fda13a2bfe44e55f0b563711c2b882d40d4ba7a2ff3c90cc7b7fc802dfc069b7b8fe31b4005ee1890df11a61d5d3d4e576188a070d86c497f4bb94f88f5a0002c2b48965df204f66c7fff0a2f5fe1d12ac04bb7d9efad6aba2a2b62fad39551961a44537dcc6","pkEm":"04000b6ca9ca258c4d2752546f419d4ee9335b19fb7f49a7b3ef16ec4302bf5d4883215bccc9ef065dcb6d54fd6d86a022ed2c1b6754d9eaaf2b981f6bb961c77642e10097232fe807a272168fe37c8ab284157bdcf5fd02d546ae881549ea8fc3efe447722575c30ab3d5b4b54f43972ee409443d305a65f95c68399f6b1d181ac00715d1","enc":"04000b6ca9ca258c4d2752546f419d4ee9335b19fb7f49a7b3ef16ec4302bf5d4883215bccc9ef065dcb6d54fd6d86a022ed2c1b6754d9eaaf2b981f6bb961c77642e10097232fe807a272168fe37c8ab284157bdcf5fd02d546ae881549ea8fc3efe447722575c30ab3d5b4b54f43972ee409443d305a65f95c68399f6b1d181ac00715d1","shared_secret":"2baadbaf11dd59fcfe3b268ed4f9e1d843fb2fc804e22d86299742373719c793129b37339d8bef29f5f5e0ea3c9f0599a04e084b0c338fa4c8305210199c8f4f","key_schedule_context":"01c812270f9eefe05d307a98ba602a3428bf46753891b005db953c031c2e27538557a2f6d972182bc516aaeec4e6b57fad3f65687a5f17d70ad3fabbab45be339d875ca98065a7ca3f2be4e8b6c32ebcfe5e25c6f0ed8d6723cd6f24cd0dc258d80ee0c9339696e1eef5fd9337f77057357273e5a8fc62afc59761ce830cbec4f6","secret":"dd03fb44116e2a5fc439de175006cf4f3e27e9d203f9e5870b4abda34e3224313fb0ee7616354dc36ed186d03ce64ce9090d411a5f7bf5da7bd618f6b43dff08","key":"","base_nonce":"","exporter_secret":"b29953740a088b63fbb2ec35a0956dcbf109367f17547e1331b0b948859b6fa52c66f48f5c7830493ec67a8b5d972e4a34a5e27678eefca78422b69d902eb5e1","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"e0548018e4729a2e0af21775738a09ea1bca8d69ce05b9157c8f65bd0e447237"},{"exporter_context":"00","L":32,"exported_value":"6766b834d0687ae5bddf4d2d544992d492e765391c2544644f8f5a5ee102c9a5"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"2f9c544e197a9fd24b3054f59e02757d655c4d98a387a587552d9cf6408ab763"}]},{"mode":2,"kem_id":18,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"28b3186871db5de148a629c56138256952c00bb1541a420683c998633d3fb77c10b5d5f6c75b9f49635b0ba1121be7d32628d61ba45e311e0221537b4f8ade08af43","ikmS":"e89e0fa5b3163b0e0da423aacf683f38bba005274d8e78ad4d63b6114898b1a9c71f92f9921f1bdc179683238e24811f7a4d7a500490b2281f8d878658979fc74664","ikmE":"1465328251d9a584ae31c76138e6329a24dd2b83651b2b358a75bd330599a50cb23b4de656f5ec07cbeca8a6b43bc9d3f79a59ef4238b9be787ef4fcb132eabc78a2","skRm":"010a3a5b5e9823341e6b4b2ed8c06450f0bea021a22dbecc7ee2a3e45432fb9a54eed4ae02feb7f2029bae10fd63a81de37ed5ec99d9f770a86a452a7d57d8bd552b","skSm":"00ba0f6321418cf979ee88c58f84d52d3165b152e1428fa607797e8b5bc250d2a106cf0d1ab9cb9209c0b3a8ff04d4b10e873ec9654fdcd2c399c9b36a09bd69acd5","skEm":"0006aa77c7d29cdba3d755afa9680c86de4fd2d6442a2a46b9f4461a1ae6ee4ad5fb797064284cc27ad13ed832ab31d9b660fce0cad3a4debdaef92a04c718d43652","pkRm":"04017cca11f9d2d775d30c5288a04f7c5921de1dea516f039d4316539a6c0cc4abd4d17cb55b85a4790a7b3f88a0c793457ed36c9113bbc29711744df1117cacfcad39007efcdd977b6e7c2c0702f982d2f48cfbafc6a4ef1fd7492f5cd31c0fbf662e3a3cc1491900deb8849d1c541e4c192e4d1efad57e18f8f070a2729bd762ef1dfaa7","pkSm":"040062fea584c5502e0eb1a67fcb951ffe54ab67418ee0fdf548af176e0a7650458065dd34d788ebf961c45ce97faff87941e71dbcda28f7cdbd200ec3382d5ae2a7c900a195445b0cf2d5e814c4771cd365b21f4489dfe0b55ef923e3eff2db8b903e1d291e389d23f8e7a101a35727cedda6e29beeb0baa8bb248edeaefbb99785204c60","pkEm":"04019caefc36581768192c67591cd08b7d7f27614af35f375ee4f33871a936c2d1d79b5c48feed1c66b53045c1aeac3f3cef5bdd641cac7380a962aa11e842ff7da63a012e5ead61569f7d254b411a437789210c61faf9ac375a714a391108ccdb1f69b28d1507389fcd1f4e11a37577414d8903f7bd9a7ffee557f748780a2dca862273b1","enc":"04019caefc36581768192c67591cd08b7d7f27614af35f375ee4f33871a936c2d1d79b5c48feed1c66b53045c1aeac3f3cef5bdd641cac7380a962aa11e842ff7da63a012e5ead61569f7d254b411a437789210c61faf9ac375a714a391108ccdb1f69b28d1507389fcd1f4e11a37577414d8903f7bd9a7ffee557f748780a2dca862273b1","shared_secret":"6c2e7cf8d93c1db673ff1da58165e593f6131f3d5d69393053002aefc7b897134fa245b4e868e0cf37a451164ab004ba0427b2041e77804264651208b014631a","key_schedule_context":"02e61f42c12d5c0c82d55c04b7352e7e6c6e958c77f5e6634997eb731b73acef61057b2dfa6f9f246c24be60685edf1a525c8cc473f6f3cebab5abdd73d01414d1875ca98065a7ca3f2be4e8b6c32ebcfe5e25c6f0ed8d6723cd6f24cd0dc258d80ee0c9339696e1eef5fd9337f77057357273e5a8fc62afc59761ce830cbec4f6","secret":"fa7e851bc03d4429a58c3048a8f3d7c940d7695779f0dfc48ee9aacf1427acddfcc99ffa49c6871d5ef833eaa50ef527b851e1f7bbb196a44f12eb54c19be272","key":"","base_nonce":"","exporter_secret":"916f05c5b4e77beada4a3f5ab477d831a4ef9b7499db3e0539a12ba06ef3dc96dd307e45af4745d02ab676190a3c162b0d87bba72338c7f5407f9da7d4af348d","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"6da783ed82032d37a0e52ad6a7078705c8a2a18c4d0298a9c42bef19bae57561"},{"exporter_context":"00","L":32,"exported_value":"b32ae01e2f206bedb49031ae972a51323ff00fb74404f21172f68ec6d9345e78"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"278d7f777df8d18ac47d7fc49bba3fad3402bbc8ff81fe01d873119995060c1d"}]},{"mode":3,"kem_id":18,"kdf_id":3,"aead_id":65535,"info":"4f6465206f6e2061204772656369616e2055726e","ikmR":"a5cc6fff6603ad72fa11862a53ed08695d272764330d96723a89b7e06fbfabba222f2a897eb335f7ad84978717b9fe30b44c5e081dd5f4bfdaf79907127b66ebb6c2","ikmS":"9de62449b0d915939658995e729d72d9fd5a6ca9408fdb9478aade442631cb419f77b9da95ad21f80a3122ae59dbaf11e0bbaef6f68253210875dacc2cc3434af585","ikmE":"1f60e2fb7f270698612834c6cba4cb36095a62ad6d0d596717db15c84a4951dc6a3b0627e534d6b446b0b78b4fd06346f1adc59b71d3e11ac239862f99c1972f575b","skRm":"01d1d2915dc251253282c2565d8c3d74422f7027efdbfbfb07fd613b6ae435e30fe2b0822148ad01c69389299a93744e6401e01f4037f24d6a4d9eaf63215c51bd2e","skSm":"01361d336420e99fb98f64c02a736755f333fdc73729a6f02bb0f9f101a907e1884c0afe494f1e7bfe9b6e9c42b1db6a85d330ac5bfad5dc27bafb259213567f7d73","skEm":"01d2db2f071962424d5a54f8a72b29ce10e2eef866642671c1dc63dbfb3a8785e2b732828a870b925542406c1c9495ffd0c63137aa21e3f8dc5370d493eb1f245b9b","psk":"0247fd33b913760fa1fa51e1892d9f307fbe65eb171e8132c2af18555a738b82","psk_id":"456e6e796e20447572696e206172616e204d6f726961","pkRm":"040158e8919adf8ffc2f6c1f6edd74c8cc7be2fc3156a3a343bd3f13c3b362a5cd880859e994086116a5f0343b0dcd5ddf77bb5d6067c65f7807659143e852e8b7166501680968996a5153b20a93d0a6175d509519fa0ed710374017a5cd74e9aaf89abcada2611005390f8e29ac954615eeaa984d227777de635f42c269163388c50f7ecd","pkSm":"04011f21e2b7d52ab73dba6c1f77700ffe018476bec4c9970a20680eb7ab807e95ac9bbd3d4ef04b83cba6cdda780d0f9e4d9e9028ae1463c186ac0bc05d7064ace8090110e0f03a363b03ae50a4888de6050beb40b5a08ca6a57afb0214806c7f5ebd8758ebdbab8d8265b126b161bea50726d7e123526d93fbb41ac9d1c3755763f4fff0","pkEm":"0400560f8301fae25fe7bdb385e37783f3454b9d19fc9dd974724c04a7d563f7149dc84c8f671a6b36bcce244b7937004c07bb0db28c4054c0be0e53553a2deefed3f001d69428f495ee8f1da8052a8d6984a33c0c9cb03e59118c86080e8e50a5ca384ca7f7ea63e75067a90977711649b031b10e2df034a042327586db6bf2d5b9cabcb4","enc":"0400560f8301fae25fe7bdb385e37783f3454b9d19fc9dd974724c04a7d563f7149dc84c8f671a6b36bcce244b7937004c07bb0db28c4054c0be0e53553a2deefed3f001d69428f495ee8f1da8052a8d6984a33c0c9cb03e59118c86080e8e50a5ca384ca7f7ea63e75067a90977711649b031b10e2df034a042327586db6bf2d5b9cabcb4","shared_secret":"973953edbcdc82290466eeb3aeeaab1e9a584c22cb08a894fbc69023e4bd0d387d3a152db0deafb28d8671aa2ad2b48b7e8782ef4a520bf40e1106944089cd2e","key_schedule_context":"03c812270f9eefe05d307a98ba602a3428bf46753891b005db953c031c2e27538557a2f6d972182bc516aaeec4e6b57fad3f65687a5f17d70ad3fabbab45be339d875ca98065a7ca3f2be4e8b6c32ebcfe5e25c6f0ed8d6723cd6f24cd0dc258d80ee0c9339696e1eef5fd9337f77057357273e5a8fc62afc59761ce830cbec4f6","secret":"4ba8111e29b0027723e8b52d9d6cdad8afe362f5a889718b4ffb1e0e229992d11845ef770391abda9d2960a0246d4c3e3c8484bb4d8be413f79b4fa8ca3aed8b","key":"","base_nonce":"","exporter_secret":"6efc3c405815cb482416930c64ef0fc9912be2e83d53080fcaead68599fa98659b33ed1bf5bfa213f22a3467e5650c50bfb0320df6a4485843f0beb82f452d76","encryptions":[],"exports":[{"exporter_context":"","L":32,"exported_value":"6fadaf267e11823f55975b93a08a4a2e2addf7282e7ae329fa9da4243e88b789"},{"exporter_context":"00","L":32,"exported_value":"99a2620009035671574c269caa9d509494e90fbff45469a2dad264f2a285fd40"},{"exporter_context":"54657374436f6e74657874","L":32,"exported_value":"69eb994ac941859abf71c86623abd13040fea633a4da115195bb3eb59417f8d0"}]}] \ No newline at end of file From e3e1d8352be54b96a96bed91c402ee67aaca143f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 17 Nov 2023 16:59:39 +0000 Subject: [PATCH 0388/1145] provider-example: normalise import order/grouping --- provider-example/src/hpke.rs | 1 - provider-example/src/lib.rs | 3 ++- provider-example/src/verify.rs | 9 +++------ provider-example/tests/hpke.rs | 3 +-- 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index 4ff19724dd..58c50f0371 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -3,7 +3,6 @@ use std::fmt::{Debug, Formatter}; use hpke_rs_crypto::types::{AeadAlgorithm, KdfAlgorithm, KemAlgorithm}; use hpke_rs_crypto::HpkeCrypto; use hpke_rs_rust_crypto::HpkeRustCrypto; - use rustls::crypto::hpke::{ EncapsulatedSecret, Hpke, HpkePrivateKey, HpkeProvider, HpkePublicKey, HpkeSuite, }; diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 3798961f6e..8a2a8538ba 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -1,6 +1,7 @@ -use pki_types::PrivateKeyDer; use std::sync::Arc; +use pki_types::PrivateKeyDer; + mod aead; mod hash; mod hmac; diff --git a/provider-example/src/verify.rs b/provider-example/src/verify.rs index f3b47e78d4..d8e3a90e8d 100644 --- a/provider-example/src/verify.rs +++ b/provider-example/src/verify.rs @@ -1,13 +1,10 @@ +use der::Reader; use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm}; +use rsa::signature::Verifier; +use rsa::{pkcs1v15, pss, BigUint, RsaPublicKey}; use rustls::{SignatureScheme, WebPkiSupportedAlgorithms}; use webpki::alg_id; -use der::Reader; -use rsa::signature::Verifier; -use rsa::BigUint; -use rsa::RsaPublicKey; -use rsa::{pkcs1v15, pss}; - pub static ALGORITHMS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { all: &[RSA_PSS_SHA256, RSA_PKCS1_SHA256], mapping: &[ diff --git a/provider-example/tests/hpke.rs b/provider-example/tests/hpke.rs index a0164dc48e..b8e124da10 100644 --- a/provider-example/tests/hpke.rs +++ b/provider-example/tests/hpke.rs @@ -1,11 +1,10 @@ use std::fs::File; -use serde::Deserialize; - use rustls::crypto::hpke::{HpkePrivateKey, HpkePublicKey, HpkeSuite}; use rustls::internal::msgs::enums::{HpkeAead, HpkeKdf, HpkeKem}; use rustls::internal::msgs::handshake::HpkeSymmetricCipherSuite; use rustls_provider_example::HPKE_PROVIDER; +use serde::Deserialize; /// Confirm opne/seal operations work using using the test vectors from [RFC 9180 Appendix A]. /// From e5a4f137412feddd783bc863c325e88a6d4c3ff3 Mon Sep 17 00:00:00 2001 From: Steve Fan <29133953+stevefan1999-personal@users.noreply.github.com> Date: Thu, 14 Sep 2023 18:54:31 +0800 Subject: [PATCH 0389/1145] add server example for example provider --- Cargo.lock | 5 ++ provider-example/Cargo.toml | 5 ++ provider-example/examples/server.rs | 107 ++++++++++++++++++++++++++++ provider-example/src/lib.rs | 9 +-- provider-example/src/sign.rs | 56 +++++++++++++++ 5 files changed, 178 insertions(+), 4 deletions(-) create mode 100644 provider-example/examples/server.rs create mode 100644 provider-example/src/sign.rs diff --git a/Cargo.lock b/Cargo.lock index 6b2c2d2331..e90eb5177e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1791,13 +1791,17 @@ version = "0.0.1" dependencies = [ "chacha20poly1305", "der", + "ecdsa", "env_logger", "hex", "hmac", "hpke-rs", "hpke-rs-crypto", "hpke-rs-rust-crypto", + "p256", + "pkcs8", "rand_core", + "rcgen", "rsa", "rustls 0.22.0-alpha.4", "rustls-pki-types", @@ -1805,6 +1809,7 @@ dependencies = [ "serde", "serde_json", "sha2", + "signature", "webpki-roots 0.26.0-alpha.1", "x25519-dalek", ] diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index b1b990e609..1b69425c66 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -9,21 +9,26 @@ publish = false [dependencies] chacha20poly1305 = "0.10.0" der = "0.7.0" +ecdsa = "0.16.8" env_logger = "0.10" hmac = "0.12.0" hpke-rs = "0.1.0" hpke-rs-crypto = "0.1.2" hpke-rs-rust-crypto = "0.1.2" +p256 = "0.13.2" +pkcs8 = { version = "0.10.2", features = ["std"] } pki-types = { package = "rustls-pki-types", version = "0.2.0" } rand_core = "0.6.0" rustls = { path = "../rustls", default-features = false, features = ["logging", "tls12"] } rsa = { version = "0.9.0", features = ["sha2"] } sha2 = "0.10.0" +signature = "2" webpki = { package = "rustls-webpki", version = "0.102.0-alpha.1", default-features = false, features = ["alloc", "std"] } webpki-roots = "0.26.0-alpha.1" x25519-dalek = "2" [dev-dependencies] hex = "0.4.3" +rcgen = "0.11.1" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" diff --git a/provider-example/examples/server.rs b/provider-example/examples/server.rs new file mode 100644 index 0000000000..91dad0d351 --- /dev/null +++ b/provider-example/examples/server.rs @@ -0,0 +1,107 @@ +use std::io::Write; +use std::sync::Arc; + +use pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer}; +use rustls::server::Acceptor; +use rustls::ServerConfig; +use rustls_provider_example::PROVIDER; + +fn main() { + env_logger::init(); + + let pki = TestPki::new(); + let server_config = pki.server_config(); + + let listener = std::net::TcpListener::bind(format!("[::]:{}", 4443)).unwrap(); + for stream in listener.incoming() { + let mut stream = stream.unwrap(); + let mut acceptor = Acceptor::default(); + + let accepted = loop { + acceptor.read_tls(&mut stream).unwrap(); + if let Some(accepted) = acceptor.accept().unwrap() { + break accepted; + } + }; + + match accepted.into_connection(server_config.clone()) { + Ok(mut conn) => { + let msg = concat!( + "HTTP/1.1 200 OK\r\n", + "Connection: Closed\r\n", + "Content-Type: text/html\r\n", + "\r\n", + "

Hello World!

\r\n" + ) + .as_bytes(); + + // nb. do not used `unwrap()` on IO in real programs! + conn.writer().write_all(msg).unwrap(); + conn.write_tls(&mut stream).unwrap(); + conn.complete_io(&mut stream).unwrap(); + + conn.send_close_notify(); + conn.write_tls(&mut stream).unwrap(); + conn.complete_io(&mut stream).unwrap(); + } + Err(e) => { + eprintln!("{}", e); + } + } + } +} + +struct TestPki { + server_cert_der: CertificateDer<'static>, + server_key_der: PrivateKeyDer<'static>, +} + +impl TestPki { + fn new() -> Self { + let alg = &rcgen::PKCS_ECDSA_P256_SHA256; + let mut ca_params = rcgen::CertificateParams::new(Vec::new()); + ca_params + .distinguished_name + .push(rcgen::DnType::OrganizationName, "Provider Server Example"); + ca_params + .distinguished_name + .push(rcgen::DnType::CommonName, "Example CA"); + ca_params.is_ca = rcgen::IsCa::Ca(rcgen::BasicConstraints::Unconstrained); + ca_params.key_usages = vec![ + rcgen::KeyUsagePurpose::KeyCertSign, + rcgen::KeyUsagePurpose::DigitalSignature, + ]; + ca_params.alg = alg; + let ca_cert = rcgen::Certificate::from_params(ca_params).unwrap(); + + // Create a server end entity cert issued by the CA. + let mut server_ee_params = rcgen::CertificateParams::new(vec!["localhost".to_string()]); + server_ee_params.is_ca = rcgen::IsCa::NoCa; + server_ee_params.extended_key_usages = vec![rcgen::ExtendedKeyUsagePurpose::ServerAuth]; + server_ee_params.alg = alg; + let server_cert = rcgen::Certificate::from_params(server_ee_params).unwrap(); + let server_cert_der = CertificateDer::from( + server_cert + .serialize_der_with_signer(&ca_cert) + .unwrap(), + ); + let server_key_der = + PrivatePkcs8KeyDer::from(server_cert.serialize_private_key_der()).into(); + Self { + server_cert_der, + server_key_der, + } + } + + fn server_config(self) -> Arc { + let mut server_config = ServerConfig::builder_with_provider(PROVIDER) + .with_safe_defaults() + .with_no_client_auth() + .with_single_cert(vec![self.server_cert_der], self.server_key_der) + .unwrap(); + + server_config.key_log = Arc::new(rustls::KeyLogFile::new()); + + Arc::new(server_config) + } +} diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 8a2a8538ba..a58c14a3d2 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -7,6 +7,7 @@ mod hash; mod hmac; mod hpke; mod kx; +mod sign; mod verify; pub use hpke::HPKE_PROVIDER; @@ -32,13 +33,13 @@ impl rustls::crypto::CryptoProvider for Provider { kx::ALL_KX_GROUPS } - /// XXX: currently this example is client-only, which avoids the need for it to support - /// authentication key handling. fn load_private_key( &self, - _key_der: PrivateKeyDer<'static>, + key_der: PrivateKeyDer<'static>, ) -> Result, rustls::Error> { - unimplemented!() + let key = sign::EcdsaSigningKeyP256::try_from(key_der) + .map_err(|err| rustls::OtherError(Arc::new(err)))?; + Ok(Arc::new(key)) } fn signature_verification_algorithms(&self) -> rustls::WebPkiSupportedAlgorithms { diff --git a/provider-example/src/sign.rs b/provider-example/src/sign.rs new file mode 100644 index 0000000000..047bdb32e8 --- /dev/null +++ b/provider-example/src/sign.rs @@ -0,0 +1,56 @@ +use std::sync::Arc; + +use pkcs8::DecodePrivateKey; +use pki_types::PrivateKeyDer; +use rustls::sign::{Signer, SigningKey}; +use rustls::{SignatureAlgorithm, SignatureScheme}; +use signature::{RandomizedSigner, SignatureEncoding}; + +#[derive(Clone, Debug)] +pub struct EcdsaSigningKeyP256 { + key: Arc, + scheme: SignatureScheme, +} + +impl TryFrom> for EcdsaSigningKeyP256 { + type Error = pkcs8::Error; + + fn try_from(value: PrivateKeyDer<'_>) -> Result { + match value { + PrivateKeyDer::Pkcs8(der) => { + p256::ecdsa::SigningKey::from_pkcs8_der(der.secret_pkcs8_der()).map(|kp| Self { + key: Arc::new(kp), + scheme: SignatureScheme::ECDSA_NISTP256_SHA256, + }) + } + _ => panic!("unsupported private key format"), + } + } +} + +impl SigningKey for EcdsaSigningKeyP256 { + fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { + if offered.contains(&self.scheme) { + Some(Box::new(self.clone())) + } else { + None + } + } + + fn algorithm(&self) -> SignatureAlgorithm { + SignatureAlgorithm::ECDSA + } +} + +impl Signer for EcdsaSigningKeyP256 { + fn sign(&self, message: &[u8]) -> Result, rustls::Error> { + self.key + .try_sign_with_rng(&mut rand_core::OsRng, message) + .map_err(|_| rustls::Error::General("signing failed".into())) + .map(|sig: p256::ecdsa::DerSignature| sig.to_vec()) + } + + fn scheme(&self) -> SignatureScheme { + self.scheme + } +} From e5a18222985824a3aaafefb8eceb19f12c788917 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 17 Nov 2023 11:02:03 +0000 Subject: [PATCH 0390/1145] quic: simplify `packet_key`/`header_protection_key` trait If we put the key derivation on "our" side of the trait, we avoid publicising low-level key schedule functions like hkdf_expand_label & hkdf_expand_label_aead_key, and quic::Version. Instead we just provide the `AeadKey` and `Iv`, which makes these interfaces very similar to those in `Tls13AeadAlgorithm`. --- rustls/src/crypto/ring/quic.rs | 62 ++++++++++--------------- rustls/src/quic.rs | 84 ++++++++++++++++++++++------------ 2 files changed, 81 insertions(+), 65 deletions(-) diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 391fe2da3a..212ff2728f 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -1,10 +1,8 @@ #![allow(clippy::duplicate_mod)] -use crate::crypto::cipher::{Iv, Nonce}; -use crate::crypto::tls13; +use crate::crypto::cipher::{AeadKey, Iv, Nonce}; use crate::error::Error; use crate::quic; -use crate::tls13::key_schedule::{hkdf_expand_label, hkdf_expand_label_aead_key}; use crate::tls13::Tls13CipherSuite; use alloc::boxed::Box; @@ -14,13 +12,7 @@ use super::ring_like::aead; pub(crate) struct HeaderProtectionKey(aead::quic::HeaderProtectionKey); impl HeaderProtectionKey { - pub(crate) fn new( - expander: &dyn tls13::HkdfExpander, - version: quic::Version, - alg: &'static aead::quic::Algorithm, - ) -> Self { - let key = - hkdf_expand_label_aead_key(expander, alg.key_len(), version.header_key_label(), &[]); + pub(crate) fn new(key: AeadKey, alg: &'static aead::quic::Algorithm) -> Self { Self(aead::quic::HeaderProtectionKey::new(alg, key.as_ref()).unwrap()) } @@ -116,18 +108,10 @@ pub(crate) struct PacketKey { impl PacketKey { pub(crate) fn new( suite: &'static Tls13CipherSuite, - expander: &dyn tls13::HkdfExpander, - version: quic::Version, + key: AeadKey, + iv: Iv, aead_algorithm: &'static aead::Algorithm, ) -> Self { - let key = hkdf_expand_label_aead_key( - expander, - aead_algorithm.key_len(), - version.packet_key_label(), - &[], - ); - let iv = hkdf_expand_label(expander, version.packet_iv_label(), &[]); - Self { key: aead::LessSafeKey::new( aead::UnboundKey::new(aead_algorithm, key.as_ref()).unwrap(), @@ -210,22 +194,18 @@ impl crate::quic::Algorithm for KeyBuilder { fn packet_key( &self, suite: &'static Tls13CipherSuite, - expander: &dyn tls13::HkdfExpander, - version: quic::Version, + key: AeadKey, + iv: Iv, ) -> Box { - Box::new(super::quic::PacketKey::new( - suite, expander, version, self.0, - )) + Box::new(super::quic::PacketKey::new(suite, key, iv, self.0)) } - fn header_protection_key( - &self, - expander: &dyn tls13::HkdfExpander, - version: quic::Version, - ) -> Box { - Box::new(super::quic::HeaderProtectionKey::new( - expander, version, self.1, - )) + fn header_protection_key(&self, key: AeadKey) -> Box { + Box::new(super::quic::HeaderProtectionKey::new(key, self.1)) + } + + fn aead_key_len(&self) -> usize { + self.0.key_len() } } @@ -240,6 +220,7 @@ mod tests { use crate::quic::HeaderProtectionKey; use crate::quic::PacketKey; use crate::quic::*; + use crate::tls13::key_schedule::{hkdf_expand_label, hkdf_expand_label_aead_key}; fn test_short_packet(version: Version, expected: &[u8]) { const PN: u64 = 654360564; @@ -252,12 +233,19 @@ mod tests { let expander = TLS13_CHACHA20_POLY1305_SHA256_INTERNAL .hkdf_provider .expander_for_okm(&OkmBlock::new(SECRET)); - let hpk = - super::HeaderProtectionKey::new(expander.as_ref(), version, &aead::quic::CHACHA20); + let key_len = TLS13_CHACHA20_POLY1305_SHA256_INTERNAL + .quic + .aead_key_len(); + let header_key = + hkdf_expand_label_aead_key(expander.as_ref(), key_len, version.header_key_label(), &[]); + let packet_key = + hkdf_expand_label_aead_key(expander.as_ref(), key_len, version.packet_key_label(), &[]); + let packet_iv = hkdf_expand_label(expander.as_ref(), version.packet_iv_label(), &[]); + let hpk = super::HeaderProtectionKey::new(header_key, &aead::quic::CHACHA20); let packet = super::PacketKey::new( TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, - expander.as_ref(), - version, + packet_key, + packet_iv, &aead::CHACHA20_POLY1305, ); diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 8672583ee1..859dd4e02e 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -2,12 +2,15 @@ use crate::client::{ClientConfig, ClientConnectionData, ServerName}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, SideData}; +use crate::crypto::cipher::{AeadKey, Iv}; use crate::crypto::tls13::{HkdfExpander, OkmBlock}; use crate::enums::{AlertDescription, ProtocolVersion}; use crate::error::Error; use crate::msgs::handshake::{ClientExtension, ServerExtension}; use crate::server::{ServerConfig, ServerConnectionData}; -use crate::tls13::key_schedule::hkdf_expand_label_block; +use crate::tls13::key_schedule::{ + hkdf_expand_label, hkdf_expand_label_aead_key, hkdf_expand_label_block, +}; use crate::tls13::Tls13CipherSuite; use alloc::boxed::Box; @@ -509,13 +512,31 @@ impl DirectionalKeys { let expander = suite .hkdf_provider .expander_for_okm(secret); + + let aead_key_len = suite.quic.aead_key_len(); + + let packet_key = hkdf_expand_label_aead_key( + expander.as_ref(), + aead_key_len, + version.packet_key_label(), + &[], + ); + let packet_iv = hkdf_expand_label(expander.as_ref(), version.packet_iv_label(), &[]); + + let header_key = hkdf_expand_label_aead_key( + expander.as_ref(), + aead_key_len, + version.header_key_label(), + &[], + ); + Self { header: suite .quic - .header_protection_key(expander.as_ref(), version), + .header_protection_key(header_key), packet: suite .quic - .packet_key(suite, expander.as_ref(), version), + .packet_key(suite, packet_key, packet_iv), } } } @@ -545,15 +566,13 @@ pub(crate) trait Algorithm: Send + Sync { fn packet_key( &self, suite: &'static Tls13CipherSuite, - secret: &dyn HkdfExpander, - version: Version, + key: AeadKey, + iv: Iv, ) -> Box; - fn header_protection_key( - &self, - secret: &dyn HkdfExpander, - version: Version, - ) -> Box; + fn header_protection_key(&self, key: AeadKey) -> Box; + + fn aead_key_len(&self) -> usize; } /// A QUIC header protection key @@ -672,25 +691,34 @@ pub struct PacketKeySet { impl PacketKeySet { fn new(secrets: &Secrets) -> Self { let (local, remote) = secrets.local_remote(); + + let local_expander = secrets + .suite + .hkdf_provider + .expander_for_okm(local); + let remote_expander = secrets + .suite + .hkdf_provider + .expander_for_okm(remote); + + fn make_packet_key(expander: &dyn HkdfExpander, secrets: &Secrets) -> Box { + let aead_key_len = secrets.suite.quic.aead_key_len(); + let packet_key = hkdf_expand_label_aead_key( + expander, + aead_key_len, + secrets.version.packet_key_label(), + &[], + ); + let packet_iv = hkdf_expand_label(expander, secrets.version.packet_iv_label(), &[]); + secrets + .suite + .quic + .packet_key(secrets.suite, packet_key, packet_iv) + } + Self { - local: secrets.suite.quic.packet_key( - secrets.suite, - secrets - .suite - .hkdf_provider - .expander_for_okm(local) - .as_ref(), - secrets.version, - ), - remote: secrets.suite.quic.packet_key( - secrets.suite, - secrets - .suite - .hkdf_provider - .expander_for_okm(remote) - .as_ref(), - secrets.version, - ), + local: make_packet_key(local_expander.as_ref(), secrets), + remote: make_packet_key(remote_expander.as_ref(), secrets), } } } From 13550cf01376277bb4e3adb5ddd50e127815b1be Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 17 Nov 2023 16:00:55 +0000 Subject: [PATCH 0391/1145] Make it easier to feature-gate entire bogo_shim example --- rustls/examples/internal/bogo_shim.rs | 1293 +------------------ rustls/examples/internal/bogo_shim_impl.rs | 1294 ++++++++++++++++++++ 2 files changed, 1296 insertions(+), 1291 deletions(-) create mode 100644 rustls/examples/internal/bogo_shim_impl.rs diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index daf9b6e248..2f4790abd7 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -1,1294 +1,5 @@ -// This is a test shim for the BoringSSL-Go ('bogo') TLS -// test suite. See bogo/ for this in action. -// -// https://boringssl.googlesource.com/boringssl/+/master/ssl/test -// -use rustls::client::danger::HandshakeSignatureValid; -use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier}; -use rustls::crypto::SupportedKxGroup; -use rustls::internal::msgs::codec::Codec; -use rustls::internal::msgs::persist::ServerSessionValue; -use rustls::server::{ClientHello, ServerConfig, ServerConnection}; -use rustls::{ - self, client, server, sign, version, AlertDescription, CertificateError, Connection, - DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, PeerIncompatible, - PeerMisbehaved, ProtocolVersion, ServerName, Side, SignatureAlgorithm, SignatureScheme, - SupportedProtocolVersion, -}; - -#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] -use rustls::crypto::aws_lc_rs as provider; -#[cfg(feature = "ring")] -use rustls::crypto::ring as provider; - -use base64::prelude::{Engine, BASE64_STANDARD}; -use pki_types::{CertificateDer, PrivateKeyDer, UnixTime}; - -use std::fmt::{Debug, Formatter}; -use std::io::{self, BufReader, Read, Write}; -use std::sync::Arc; -use std::time; -use std::{env, fs, net, process, thread}; - -static BOGO_NACK: i32 = 89; - -macro_rules! println_err( - ($($arg:tt)*) => { { - writeln!(&mut ::std::io::stderr(), $($arg)*).unwrap(); - } } -); - -#[derive(Debug)] -struct Options { - port: u16, - side: Side, - max_fragment: Option, - resumes: usize, - verify_peer: bool, - require_any_client_cert: bool, - offer_no_client_cas: bool, - tickets: bool, - resume_with_tickets_disabled: bool, - queue_data: bool, - queue_data_on_resume: bool, - only_write_one_byte_after_handshake: bool, - only_write_one_byte_after_handshake_on_resume: bool, - shut_down_after_handshake: bool, - check_close_notify: bool, - host_name: String, - use_sni: bool, - key_file: String, - cert_file: String, - protocols: Vec, - reject_alpn: bool, - support_tls13: bool, - support_tls12: bool, - min_version: Option, - max_version: Option, - server_ocsp_response: Vec, - use_signing_scheme: u16, - curves: Option>, - export_keying_material: usize, - export_keying_material_label: String, - export_keying_material_context: String, - export_keying_material_context_used: bool, - read_size: usize, - quic_transport_params: Vec, - expect_quic_transport_params: Vec, - enable_early_data: bool, - expect_ticket_supports_early_data: bool, - expect_accept_early_data: bool, - expect_reject_early_data: bool, - expect_version: u16, - resumption_delay: u32, - queue_early_data_after_received_messages: Vec, -} - -impl Options { - fn new() -> Self { - Options { - port: 0, - side: Side::Client, - max_fragment: None, - resumes: 0, - verify_peer: false, - tickets: true, - resume_with_tickets_disabled: false, - host_name: "example.com".to_string(), - use_sni: false, - queue_data: false, - queue_data_on_resume: false, - only_write_one_byte_after_handshake: false, - only_write_one_byte_after_handshake_on_resume: false, - shut_down_after_handshake: false, - check_close_notify: false, - require_any_client_cert: false, - offer_no_client_cas: false, - key_file: "".to_string(), - cert_file: "".to_string(), - protocols: vec![], - reject_alpn: false, - support_tls13: true, - support_tls12: true, - min_version: None, - max_version: None, - server_ocsp_response: vec![], - use_signing_scheme: 0, - curves: None, - export_keying_material: 0, - export_keying_material_label: "".to_string(), - export_keying_material_context: "".to_string(), - export_keying_material_context_used: false, - read_size: 512, - quic_transport_params: vec![], - expect_quic_transport_params: vec![], - enable_early_data: false, - expect_ticket_supports_early_data: false, - expect_accept_early_data: false, - expect_reject_early_data: false, - expect_version: 0, - resumption_delay: 0, - queue_early_data_after_received_messages: vec![], - } - } - - fn version_allowed(&self, vers: ProtocolVersion) -> bool { - (self.min_version.is_none() || vers.get_u16() >= self.min_version.unwrap().get_u16()) - && (self.max_version.is_none() || vers.get_u16() <= self.max_version.unwrap().get_u16()) - } - - fn tls13_supported(&self) -> bool { - self.support_tls13 && self.version_allowed(ProtocolVersion::TLSv1_3) - } - - fn tls12_supported(&self) -> bool { - self.support_tls12 && self.version_allowed(ProtocolVersion::TLSv1_2) - } - - fn supported_versions(&self) -> Vec<&'static SupportedProtocolVersion> { - let mut versions = vec![]; - - if self.tls12_supported() { - versions.push(&version::TLS12); - } - - if self.tls13_supported() { - versions.push(&version::TLS13); - } - versions - } -} - -fn load_cert(filename: &str) -> Vec> { - let certfile = fs::File::open(filename).expect("cannot open certificate file"); - let mut reader = BufReader::new(certfile); - rustls_pemfile::certs(&mut reader) - .map(|result| result.unwrap()) - .collect() -} - -fn load_key(filename: &str) -> PrivateKeyDer<'static> { - let keyfile = fs::File::open(filename).expect("cannot open private key file"); - let mut reader = BufReader::new(keyfile); - let mut keys = rustls_pemfile::pkcs8_private_keys(&mut reader) - .map(|result| result.unwrap()) - .collect::>(); - assert!(keys.len() == 1); - keys.pop().unwrap().into() -} - -fn split_protocols(protos: &str) -> Vec { - let mut ret = Vec::new(); - - let mut offs = 0; - while offs < protos.len() { - let len = protos.as_bytes()[offs] as usize; - let item = protos[offs + 1..offs + 1 + len].to_string(); - ret.push(item); - offs += 1 + len; - } - - ret -} - -#[derive(Debug)] -struct DummyClientAuth { - mandatory: bool, -} - -impl server::danger::ClientCertVerifier for DummyClientAuth { - fn offer_client_auth(&self) -> bool { - true - } - - fn client_auth_mandatory(&self) -> bool { - self.mandatory - } - - fn root_hint_subjects(&self) -> &[DistinguishedName] { - &[] - } - - fn verify_client_cert( - &self, - _end_entity: &CertificateDer<'_>, - _intermediates: &[CertificateDer<'_>], - _now: UnixTime, - ) -> Result { - Ok(server::danger::ClientCertVerified::assertion()) - } - - fn verify_tls12_signature( - &self, - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) - } - - fn verify_tls13_signature( - &self, - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) - } - - fn supported_verify_schemes(&self) -> Vec { - WebPkiServerVerifier::default_supported_verify_schemes() - } -} - -#[derive(Debug)] -struct DummyServerAuth {} - -impl client::danger::ServerCertVerifier for DummyServerAuth { - fn verify_server_cert( - &self, - _end_entity: &CertificateDer<'_>, - _certs: &[CertificateDer<'_>], - _hostname: &ServerName, - _ocsp: &[u8], - _now: UnixTime, - ) -> Result { - Ok(client::danger::ServerCertVerified::assertion()) - } - - fn verify_tls12_signature( - &self, - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) - } - - fn verify_tls13_signature( - &self, - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) - } - - fn supported_verify_schemes(&self) -> Vec { - WebPkiServerVerifier::default_supported_verify_schemes() - } -} - -#[derive(Debug)] -struct FixedSignatureSchemeSigningKey { - key: Arc, - scheme: SignatureScheme, -} - -impl sign::SigningKey for FixedSignatureSchemeSigningKey { - fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { - if offered.contains(&self.scheme) { - self.key.choose_scheme(&[self.scheme]) - } else { - self.key.choose_scheme(&[]) - } - } - fn algorithm(&self) -> SignatureAlgorithm { - self.key.algorithm() - } -} - -#[derive(Debug)] -struct FixedSignatureSchemeServerCertResolver { - resolver: Arc, - scheme: SignatureScheme, -} - -impl server::ResolvesServerCert for FixedSignatureSchemeServerCertResolver { - fn resolve(&self, client_hello: ClientHello) -> Option> { - let mut certkey = self.resolver.resolve(client_hello)?; - Arc::make_mut(&mut certkey).key = Arc::new(FixedSignatureSchemeSigningKey { - key: certkey.key.clone(), - scheme: self.scheme, - }); - Some(certkey) - } -} - -#[derive(Debug)] -struct FixedSignatureSchemeClientCertResolver { - resolver: Arc, - scheme: SignatureScheme, -} - -impl client::ResolvesClientCert for FixedSignatureSchemeClientCertResolver { - fn resolve( - &self, - root_hint_subjects: &[&[u8]], - sigschemes: &[SignatureScheme], - ) -> Option> { - if !sigschemes.contains(&self.scheme) { - quit(":NO_COMMON_SIGNATURE_ALGORITHMS:"); - } - let mut certkey = self - .resolver - .resolve(root_hint_subjects, sigschemes)?; - Arc::make_mut(&mut certkey).key = Arc::new(FixedSignatureSchemeSigningKey { - key: certkey.key.clone(), - scheme: self.scheme, - }); - Some(certkey) - } - - fn has_certs(&self) -> bool { - self.resolver.has_certs() - } -} - -fn lookup_scheme(scheme: u16) -> SignatureScheme { - match scheme { - 0x0401 => SignatureScheme::RSA_PKCS1_SHA256, - 0x0501 => SignatureScheme::RSA_PKCS1_SHA384, - 0x0601 => SignatureScheme::RSA_PKCS1_SHA512, - 0x0403 => SignatureScheme::ECDSA_NISTP256_SHA256, - 0x0503 => SignatureScheme::ECDSA_NISTP384_SHA384, - 0x0804 => SignatureScheme::RSA_PSS_SHA256, - 0x0805 => SignatureScheme::RSA_PSS_SHA384, - 0x0806 => SignatureScheme::RSA_PSS_SHA512, - 0x0807 => SignatureScheme::ED25519, - // TODO: add support for Ed448 - // 0x0808 => SignatureScheme::ED448, - _ => { - println_err!("Unsupported signature scheme {:04x}", scheme); - process::exit(BOGO_NACK); - } - } -} - -fn lookup_kx_group(group: u16) -> &'static dyn SupportedKxGroup { - match group { - 0x001d => provider::kx_group::X25519, - 0x0017 => provider::kx_group::SECP256R1, - 0x0018 => provider::kx_group::SECP384R1, - _ => { - println_err!("Unsupported kx group {:04x}", group); - process::exit(BOGO_NACK); - } - } -} - -#[derive(Debug)] -struct ServerCacheWithResumptionDelay { - delay: u32, - storage: Arc, -} - -impl ServerCacheWithResumptionDelay { - fn new(delay: u32) -> Arc { - Arc::new(Self { - delay, - storage: server::ServerSessionMemoryCache::new(32), - }) - } -} - -fn align_time() { - /* we don't have an injectable clock source in rustls' public api, and - * resumption timing is in seconds resolution, so tests that use - * resumption_delay tend to be flickery if the seconds time ticks - * during this. - * - * this function delays until a fresh second ticks, which alleviates - * this. gross! - */ - fn sample() -> u64 { - time::SystemTime::now() - .duration_since(time::SystemTime::UNIX_EPOCH) - .unwrap() - .as_secs() - } - - let start_secs = sample(); - while start_secs == sample() { - thread::sleep(time::Duration::from_millis(20)); - } -} - -impl server::StoresServerSessions for ServerCacheWithResumptionDelay { - fn put(&self, key: Vec, value: Vec) -> bool { - let mut ssv = ServerSessionValue::read_bytes(&value).unwrap(); - ssv.creation_time_sec -= self.delay as u64; - - self.storage - .put(key, ssv.get_encoding()) - } - - fn get(&self, key: &[u8]) -> Option> { - self.storage.get(key) - } - - fn take(&self, key: &[u8]) -> Option> { - self.storage.take(key) - } - - fn can_cache(&self) -> bool { - self.storage.can_cache() - } -} - -fn make_server_cfg(opts: &Options) -> Arc { - let client_auth = - if opts.verify_peer || opts.offer_no_client_cas || opts.require_any_client_cert { - Arc::new(DummyClientAuth { - mandatory: opts.require_any_client_cert, - }) - } else { - server::WebPkiClientVerifier::no_client_auth() - }; - - let cert = load_cert(&opts.cert_file); - let key = load_key(&opts.key_file); - - let kx_groups = if let Some(curves) = &opts.curves { - curves - .iter() - .map(|curveid| lookup_kx_group(*curveid)) - .collect() - } else { - provider::ALL_KX_GROUPS.to_vec() - }; - - let mut cfg = ServerConfig::builder() - .with_safe_default_cipher_suites() - .with_kx_groups(&kx_groups) - .with_protocol_versions(&opts.supported_versions()) - .unwrap() - .with_client_cert_verifier(client_auth) - .with_single_cert_with_ocsp(cert.clone(), key, opts.server_ocsp_response.clone()) - .unwrap(); - - cfg.session_storage = ServerCacheWithResumptionDelay::new(opts.resumption_delay); - cfg.max_fragment_size = opts.max_fragment; - cfg.send_tls13_tickets = 1; - - if opts.use_signing_scheme > 0 { - let scheme = lookup_scheme(opts.use_signing_scheme); - cfg.cert_resolver = Arc::new(FixedSignatureSchemeServerCertResolver { - resolver: cfg.cert_resolver.clone(), - scheme, - }); - } - - if opts.tickets { - cfg.ticketer = provider::Ticketer::new().unwrap(); - } else if opts.resumes == 0 { - cfg.session_storage = Arc::new(server::NoServerSessionStorage {}); - } - - if !opts.protocols.is_empty() { - cfg.alpn_protocols = opts - .protocols - .iter() - .map(|proto| proto.as_bytes().to_vec()) - .collect::>(); - } - - if opts.reject_alpn { - cfg.alpn_protocols = vec![b"invalid".to_vec()]; - } - - if opts.enable_early_data { - // see kMaxEarlyDataAccepted in boringssl, which bogo validates - cfg.max_early_data_size = 14336; - cfg.send_half_rtt_data = true; - } - - Arc::new(cfg) -} - -struct ClientCacheWithoutKxHints { - delay: u32, - storage: Arc, -} - -impl ClientCacheWithoutKxHints { - fn new(delay: u32) -> Arc { - Arc::new(ClientCacheWithoutKxHints { - delay, - storage: Arc::new(client::ClientSessionMemoryCache::new(32)), - }) - } -} - -impl client::ClientSessionStore for ClientCacheWithoutKxHints { - fn set_kx_hint(&self, _: &ServerName, _: NamedGroup) {} - fn kx_hint(&self, _: &ServerName) -> Option { - None - } - - fn set_tls12_session( - &self, - server_name: &ServerName, - mut value: client::Tls12ClientSessionValue, - ) { - value.rewind_epoch(self.delay); - self.storage - .set_tls12_session(server_name, value); - } - - fn tls12_session(&self, server_name: &ServerName) -> Option { - self.storage.tls12_session(server_name) - } - - fn remove_tls12_session(&self, server_name: &ServerName) { - self.storage - .remove_tls12_session(server_name); - } - - fn insert_tls13_ticket( - &self, - server_name: &ServerName, - mut value: client::Tls13ClientSessionValue, - ) { - value.rewind_epoch(self.delay); - self.storage - .insert_tls13_ticket(server_name, value) - } - - fn take_tls13_ticket( - &self, - server_name: &ServerName, - ) -> Option { - self.storage - .take_tls13_ticket(server_name) - } -} - -impl Debug for ClientCacheWithoutKxHints { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - // Note: we omit self.storage here as it may contain sensitive data. - f.debug_struct("ClientCacheWithoutKxHints") - .field("delay", &self.delay) - .finish() - } -} - -fn make_client_cfg(opts: &Options) -> Arc { - let kx_groups = if let Some(curves) = &opts.curves { - curves - .iter() - .map(|curveid| lookup_kx_group(*curveid)) - .collect() - } else { - provider::ALL_KX_GROUPS.to_vec() - }; - - let cfg = ClientConfig::builder() - .with_safe_default_cipher_suites() - .with_kx_groups(&kx_groups) - .with_protocol_versions(&opts.supported_versions()) - .expect("inconsistent settings") - .dangerous() - .with_custom_certificate_verifier(Arc::new(DummyServerAuth {})); - - let mut cfg = if !opts.cert_file.is_empty() && !opts.key_file.is_empty() { - let cert = load_cert(&opts.cert_file); - let key = load_key(&opts.key_file); - cfg.with_client_auth_cert(cert, key) - .unwrap() - } else { - cfg.with_no_client_auth() - }; - - if !opts.cert_file.is_empty() && opts.use_signing_scheme > 0 { - let scheme = lookup_scheme(opts.use_signing_scheme); - cfg.client_auth_cert_resolver = Arc::new(FixedSignatureSchemeClientCertResolver { - resolver: cfg.client_auth_cert_resolver.clone(), - scheme, - }); - } - - cfg.resumption = Resumption::store(ClientCacheWithoutKxHints::new(opts.resumption_delay)); - cfg.enable_sni = opts.use_sni; - cfg.max_fragment_size = opts.max_fragment; - - if !opts.protocols.is_empty() { - cfg.alpn_protocols = opts - .protocols - .iter() - .map(|proto| proto.as_bytes().to_vec()) - .collect(); - } - - if opts.enable_early_data { - cfg.enable_early_data = true; - } - - Arc::new(cfg) -} - -fn quit(why: &str) -> ! { - println_err!("{}", why); - process::exit(0) -} - -fn quit_err(why: &str) -> ! { - println_err!("{}", why); - process::exit(1) -} - -fn handle_err(err: Error) -> ! { - println!("TLS error: {:?}", err); - thread::sleep(time::Duration::from_millis(100)); - - match err { - Error::InappropriateHandshakeMessage { .. } | Error::InappropriateMessage { .. } => { - quit(":UNEXPECTED_MESSAGE:") - } - Error::AlertReceived(AlertDescription::RecordOverflow) => { - quit(":TLSV1_ALERT_RECORD_OVERFLOW:") - } - Error::AlertReceived(AlertDescription::HandshakeFailure) => quit(":HANDSHAKE_FAILURE:"), - Error::AlertReceived(AlertDescription::ProtocolVersion) => quit(":WRONG_VERSION:"), - Error::AlertReceived(AlertDescription::InternalError) => { - quit(":PEER_ALERT_INTERNAL_ERROR:") - } - Error::InvalidMessage( - InvalidMessage::MissingData("AlertDescription") - | InvalidMessage::TrailingData("AlertMessagePayload"), - ) => quit(":BAD_ALERT:"), - Error::InvalidMessage( - InvalidMessage::TrailingData("ChangeCipherSpecPayload") | InvalidMessage::InvalidCcs, - ) => quit(":BAD_CHANGE_CIPHER_SPEC:"), - Error::InvalidMessage( - InvalidMessage::InvalidKeyUpdate - | InvalidMessage::MissingData(_) - | InvalidMessage::TrailingData(_) - | InvalidMessage::UnexpectedMessage("HelloRetryRequest") - | InvalidMessage::NoSignatureSchemes - | InvalidMessage::UnsupportedCompression, - ) => quit(":BAD_HANDSHAKE_MSG:"), - Error::InvalidMessage(InvalidMessage::InvalidCertRequest) - | Error::InvalidMessage(InvalidMessage::InvalidDhParams) - | Error::InvalidMessage(InvalidMessage::MissingKeyExchange) => quit(":BAD_HANDSHAKE_MSG:"), - Error::InvalidMessage(InvalidMessage::InvalidContentType) - | Error::InvalidMessage(InvalidMessage::InvalidEmptyPayload) - | Error::InvalidMessage(InvalidMessage::UnknownProtocolVersion) - | Error::InvalidMessage(InvalidMessage::MessageTooLarge) => quit(":GARBAGE:"), - Error::InvalidMessage(InvalidMessage::UnexpectedMessage(_)) => quit(":GARBAGE:"), - Error::DecryptError => quit(":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:"), - Error::NoApplicationProtocol => quit(":NO_APPLICATION_PROTOCOL:"), - Error::PeerIncompatible( - PeerIncompatible::ServerSentHelloRetryRequestWithUnknownExtension, - ) => quit(":UNEXPECTED_EXTENSION:"), - Error::PeerIncompatible(_) => quit(":INCOMPATIBLE:"), - Error::PeerMisbehaved(PeerMisbehaved::MissingPskModesExtension) => { - quit(":MISSING_EXTENSION:") - } - Error::PeerMisbehaved(PeerMisbehaved::TooMuchEarlyDataReceived) => { - quit(":TOO_MUCH_READ_EARLY_DATA:") - } - Error::PeerMisbehaved(_) => quit(":PEER_MISBEHAVIOUR:"), - Error::NoCertificatesPresented => quit(":NO_CERTS:"), - Error::AlertReceived(AlertDescription::UnexpectedMessage) => quit(":BAD_ALERT:"), - Error::AlertReceived(AlertDescription::DecompressionFailure) => { - quit_err(":SSLV3_ALERT_DECOMPRESSION_FAILURE:") - } - Error::InvalidCertificate(CertificateError::BadEncoding) => { - quit(":CANNOT_PARSE_LEAF_CERT:") - } - Error::InvalidCertificate(CertificateError::BadSignature) => quit(":BAD_SIGNATURE:"), - Error::InvalidCertificate(e) => quit(&format!(":BAD_CERT: ({:?})", e)), - Error::PeerSentOversizedRecord => quit(":DATA_LENGTH_TOO_LONG:"), - _ => { - println_err!("unhandled error: {:?}", err); - quit(":FIXME:") - } - } -} - -fn flush(sess: &mut Connection, conn: &mut net::TcpStream) { - while sess.wants_write() { - if let Err(err) = sess.write_tls(conn) { - println!("IO error: {:?}", err); - process::exit(0); - } - } - conn.flush().unwrap(); -} - -fn client(conn: &mut Connection) -> &mut ClientConnection { - conn.try_into().unwrap() -} - -fn server(conn: &mut Connection) -> &mut ServerConnection { - match conn { - Connection::Server(s) => s, - _ => panic!("Connection is not a ServerConnection"), - } -} - -const MAX_MESSAGE_SIZE: usize = 0xffff + 5; - -fn after_read(sess: &mut Connection, conn: &mut net::TcpStream) { - if let Err(err) = sess.process_new_packets() { - flush(sess, conn); /* send any alerts before exiting */ - handle_err(err); - } -} - -fn read_n_bytes(sess: &mut Connection, conn: &mut net::TcpStream, n: usize) { - let mut bytes = [0u8; MAX_MESSAGE_SIZE]; - match conn.read(&mut bytes[..n]) { - Ok(count) => { - println!("read {:?} bytes", count); - sess.read_tls(&mut io::Cursor::new(&mut bytes[..count])) - .expect("read_tls not expected to fail reading from buffer"); - } - Err(ref err) if err.kind() == io::ErrorKind::ConnectionReset => {} - Err(err) => panic!("invalid read: {}", err), - }; - - after_read(sess, conn); -} - -fn read_all_bytes(sess: &mut Connection, conn: &mut net::TcpStream) { - match sess.read_tls(conn) { - Ok(_) => {} - Err(ref err) if err.kind() == io::ErrorKind::ConnectionReset => {} - Err(err) => panic!("invalid read: {}", err), - }; - - after_read(sess, conn); -} - -fn exec(opts: &Options, mut sess: Connection, count: usize) { - let mut sent_message = false; - - let addrs = [ - net::SocketAddr::from((net::Ipv6Addr::LOCALHOST, opts.port)), - net::SocketAddr::from((net::Ipv4Addr::LOCALHOST, opts.port)), - ]; - let mut conn = net::TcpStream::connect(&addrs[..]).expect("cannot connect"); - let mut sent_shutdown = false; - let mut sent_exporter = false; - let mut quench_writes = false; - - loop { - if !sent_message && (opts.queue_data || (opts.queue_data_on_resume && count > 0)) { - if !opts - .queue_early_data_after_received_messages - .is_empty() - { - flush(&mut sess, &mut conn); - for message_size_estimate in &opts.queue_early_data_after_received_messages { - read_n_bytes(&mut sess, &mut conn, *message_size_estimate); - } - println!("now ready for early data"); - } - - if count > 0 && opts.enable_early_data { - let len = client(&mut sess) - .early_data() - .expect("0rtt not available") - .write(b"hello") - .expect("0rtt write failed"); - sess.writer() - .write_all(&b"hello"[len..]) - .unwrap(); - sent_message = true; - } else if !opts.only_write_one_byte_after_handshake { - let _ = sess.writer().write_all(b"hello"); - sent_message = true; - } - } - - if !quench_writes { - flush(&mut sess, &mut conn); - } - - if sess.wants_read() { - read_all_bytes(&mut sess, &mut conn); - } - - if opts.side == Side::Server && opts.enable_early_data { - if let Some(ref mut ed) = server(&mut sess).early_data() { - let mut data = Vec::new(); - let data_len = ed - .read_to_end(&mut data) - .expect("cannot read early_data"); - - for b in data.iter_mut() { - *b ^= 0xff; - } - - sess.writer() - .write_all(&data[..data_len]) - .expect("cannot echo early_data in 1rtt data"); - } - } - - if !sess.is_handshaking() && opts.export_keying_material > 0 && !sent_exporter { - let mut export = vec![0; opts.export_keying_material]; - sess.export_keying_material( - &mut export, - opts.export_keying_material_label - .as_bytes(), - if opts.export_keying_material_context_used { - Some( - opts.export_keying_material_context - .as_bytes(), - ) - } else { - None - }, - ) - .unwrap(); - sess.writer() - .write_all(&export) - .unwrap(); - sent_exporter = true; - } - - if !sess.is_handshaking() && opts.only_write_one_byte_after_handshake && !sent_message { - println!("writing message and then only one byte of its tls frame"); - flush(&mut sess, &mut conn); - - sess.writer() - .write_all(b"hello") - .unwrap(); - sent_message = true; - - let mut one_byte = [0u8]; - let mut cursor = io::Cursor::new(&mut one_byte[..]); - sess.write_tls(&mut cursor).unwrap(); - conn.write_all(&one_byte) - .expect("IO error"); - - quench_writes = true; - } - - if opts.enable_early_data - && opts.side == Side::Client - && !sess.is_handshaking() - && count > 0 - { - if opts.expect_accept_early_data && !client(&mut sess).is_early_data_accepted() { - quit_err("Early data was not accepted, but we expect the opposite"); - } else if opts.expect_reject_early_data && client(&mut sess).is_early_data_accepted() { - quit_err("Early data was accepted, but we expect the opposite"); - } - if opts.expect_version == 0x0304 { - match sess.protocol_version() { - Some(ProtocolVersion::TLSv1_3) | Some(ProtocolVersion::Unknown(0x7f17)) => {} - _ => quit_err("wrong protocol version"), - } - } - } - - let mut buf = [0u8; 1024]; - let len = match sess - .reader() - .read(&mut buf[..opts.read_size]) - { - Ok(0) => { - if opts.check_close_notify { - println!("close notify ok"); - } - println!("EOF (tls)"); - return; - } - Ok(len) => len, - Err(err) if err.kind() == io::ErrorKind::WouldBlock => 0, - Err(err) if err.kind() == io::ErrorKind::UnexpectedEof => { - if opts.check_close_notify { - quit_err(":CLOSE_WITHOUT_CLOSE_NOTIFY:"); - } - println!("EOF (tcp)"); - return; - } - Err(err) => panic!("unhandled read error {:?}", err), - }; - - if opts.shut_down_after_handshake && !sent_shutdown && !sess.is_handshaking() { - sess.send_close_notify(); - sent_shutdown = true; - } - - if quench_writes && len > 0 { - println!("unquenching writes after {:?}", len); - quench_writes = false; - } - - for b in buf.iter_mut() { - *b ^= 0xff; - } - - sess.writer() - .write_all(&buf[..len]) - .unwrap(); - } -} +mod bogo_shim_impl; fn main() { - let mut args: Vec<_> = env::args().collect(); - env_logger::init(); - - args.remove(0); - - if !args.is_empty() && args[0] == "-is-handshaker-supported" { - println!("No"); - process::exit(0); - } - println!("options: {:?}", args); - - let mut opts = Options::new(); - - while !args.is_empty() { - let arg = args.remove(0); - match arg.as_ref() { - "-port" => { - opts.port = args.remove(0).parse::().unwrap(); - } - "-server" => { - opts.side = Side::Server; - } - "-key-file" => { - opts.key_file = args.remove(0); - } - "-cert-file" => { - opts.cert_file = args.remove(0); - } - "-resume-count" => { - opts.resumes = args.remove(0).parse::().unwrap(); - } - "-no-tls13" => { - opts.support_tls13 = false; - } - "-no-tls12" => { - opts.support_tls12 = false; - } - "-min-version" => { - let min = args.remove(0).parse::().unwrap(); - opts.min_version = Some(ProtocolVersion::Unknown(min)); - } - "-max-version" => { - let max = args.remove(0).parse::().unwrap(); - opts.max_version = Some(ProtocolVersion::Unknown(max)); - } - "-max-send-fragment" => { - let max_fragment = args.remove(0).parse::().unwrap(); - opts.max_fragment = Some(max_fragment + 5); // ours includes header - } - "-read-size" => { - let rdsz = args.remove(0).parse::().unwrap(); - opts.read_size = rdsz; - } - "-tls13-variant" => { - let variant = args.remove(0).parse::().unwrap(); - if variant != 1 { - println!("NYI TLS1.3 variant selection: {:?} {:?}", arg, variant); - process::exit(BOGO_NACK); - } - } - "-no-ticket" => { - opts.tickets = false; - } - "-on-resume-no-ticket" => { - opts.resume_with_tickets_disabled = true; - } - "-signing-prefs" => { - let alg = args.remove(0).parse::().unwrap(); - opts.use_signing_scheme = alg; - } - "-max-cert-list" | - "-expect-curve-id" | - "-expect-resume-curve-id" | - "-expect-peer-signature-algorithm" | - "-expect-peer-verify-pref" | - "-expect-advertised-alpn" | - "-expect-alpn" | - "-on-initial-expect-alpn" | - "-on-resume-expect-alpn" | - "-on-retry-expect-alpn" | - "-expect-server-name" | - "-expect-ocsp-response" | - "-expect-signed-cert-timestamps" | - "-expect-certificate-types" | - "-expect-client-ca-list" | - "-on-retry-expect-early-data-reason" | - "-on-resume-expect-early-data-reason" | - "-on-initial-expect-early-data-reason" | - "-on-initial-expect-cipher" | - "-on-resume-expect-cipher" | - "-on-retry-expect-cipher" | - "-expect-ticket-age-skew" | - "-handshaker-path" | - "-application-settings" | - "-expect-msg-callback" => { - println!("not checking {} {}; NYI", arg, args.remove(0)); - } - - "-expect-secure-renegotiation" | - "-expect-no-session-id" | - "-enable-ed25519" | - "-expect-hrr" | - "-expect-no-hrr" | - "-on-resume-expect-no-offer-early-data" | - "-key-update" | //< we could implement an API for this - "-expect-tls13-downgrade" | - "-enable-signed-cert-timestamps" | - "-expect-session-id" => { - println!("not checking {}; NYI", arg); - } - - "-export-keying-material" => { - opts.export_keying_material = args.remove(0).parse::().unwrap(); - } - "-export-label" => { - opts.export_keying_material_label = args.remove(0); - } - "-export-context" => { - opts.export_keying_material_context = args.remove(0); - } - "-use-export-context" => { - opts.export_keying_material_context_used = true; - } - "-quic-transport-params" => { - opts.quic_transport_params = BASE64_STANDARD.decode(args.remove(0).as_bytes()) - .expect("invalid base64"); - } - "-expect-quic-transport-params" => { - opts.expect_quic_transport_params = BASE64_STANDARD.decode(args.remove(0).as_bytes()) - .expect("invalid base64"); - } - - "-ocsp-response" => { - opts.server_ocsp_response = BASE64_STANDARD.decode(args.remove(0).as_bytes()) - .expect("invalid base64"); - } - "-select-alpn" => { - opts.protocols.push(args.remove(0)); - } - "-require-any-client-certificate" => { - opts.require_any_client_cert = true; - } - "-verify-peer" => { - opts.verify_peer = true; - } - "-shim-writes-first" => { - opts.queue_data = true; - } - "-read-with-unfinished-write" => { - opts.queue_data = true; - opts.only_write_one_byte_after_handshake = true; - } - "-shim-shuts-down" => { - opts.shut_down_after_handshake = true; - } - "-check-close-notify" => { - opts.check_close_notify = true; - } - "-host-name" => { - opts.host_name = args.remove(0); - opts.use_sni = true; - } - "-advertise-alpn" => { - opts.protocols = split_protocols(&args.remove(0)); - } - "-reject-alpn" => { - opts.reject_alpn = true; - } - "-use-null-client-ca-list" => { - opts.offer_no_client_cas = true; - } - "-enable-early-data" => { - opts.tickets = false; - opts.enable_early_data = true; - } - "-on-resume-shim-writes-first" => { - opts.queue_data_on_resume = true; - } - "-on-resume-read-with-unfinished-write" => { - opts.queue_data_on_resume = true; - opts.only_write_one_byte_after_handshake_on_resume = true; - } - "-on-resume-early-write-after-message" => { - opts.queue_early_data_after_received_messages= match args.remove(0).parse::().unwrap() { - // estimate where these messages appear in the server's first flight. - 2 => vec![5 + 128 + 5 + 32], - 8 => vec![5 + 128 + 5 + 32, 5 + 64], - _ => { - panic!("unhandled -on-resume-early-write-after-message"); - } - }; - opts.queue_data_on_resume = true; - } - "-expect-ticket-supports-early-data" => { - opts.expect_ticket_supports_early_data = true; - } - "-expect-accept-early-data" | - "-on-resume-expect-accept-early-data" => { - opts.expect_accept_early_data = true; - } - "-expect-early-data-reason" | - "-on-resume-expect-reject-early-data-reason" => { - let reason = args.remove(0); - match reason.as_str() { - "disabled" | "protocol_version" => { - opts.expect_reject_early_data = true; - } - _ => { - println!("NYI early data reason: {}", reason); - process::exit(1); - } - } - } - "-expect-reject-early-data" | - "-on-resume-expect-reject-early-data" => { - opts.expect_reject_early_data = true; - } - "-expect-version" => { - opts.expect_version = args.remove(0).parse::().unwrap(); - } - "-curves" => { - let curve = args.remove(0).parse::().unwrap(); - if let Some(mut curves) = opts.curves.take() { - curves.push(curve); - } else { - opts.curves = Some(vec![ curve ]); - } - } - "-resumption-delay" => { - opts.resumption_delay = args.remove(0).parse::().unwrap(); - align_time(); - } - - // defaults: - "-enable-all-curves" | - "-renegotiate-ignore" | - "-no-tls11" | - "-no-tls1" | - "-no-ssl3" | - "-handoff" | - "-decline-alpn" | - "-expect-no-session" | - "-expect-session-miss" | - "-expect-extended-master-secret" | - "-expect-ticket-renewal" | - "-enable-ocsp-stapling" | - // internal openssl details: - "-async" | - "-implicit-handshake" | - "-use-old-client-cert-callback" | - "-use-early-callback" => {} - - // Not implemented things - "-dtls" | - "-cipher" | - "-psk" | - "-renegotiate-freely" | - "-false-start" | - "-fallback-scsv" | - "-fail-early-callback" | - "-fail-cert-callback" | - "-install-ddos-callback" | - "-advertise-npn" | - "-verify-fail" | - "-expect-channel-id" | - "-send-channel-id" | - "-select-next-proto" | - "-expect-verify-result" | - "-send-alert" | - "-digest-prefs" | - "-use-exporter-between-reads" | - "-ticket-key" | - "-tls-unique" | - "-enable-server-custom-extension" | - "-enable-client-custom-extension" | - "-expect-dhe-group-size" | - "-use-ticket-callback" | - "-enable-grease" | - "-enable-channel-id" | - "-expect-early-data-info" | - "-expect-cipher-aes" | - "-retain-only-sha256-client-cert-initial" | - "-use-client-ca-list" | - "-expect-draft-downgrade" | - "-allow-unknown-alpn-protos" | - "-on-initial-tls13-variant" | - "-on-initial-expect-curve-id" | - "-on-resume-export-early-keying-material" | - "-on-resume-enable-early-data" | - "-export-early-keying-material" | - "-handshake-twice" | - "-on-resume-verify-fail" | - "-reverify-on-resume" | - "-verify-prefs" | - "-no-op-extra-handshake" | - "-expect-peer-cert-file" | - "-no-rsa-pss-rsae-certs" | - "-ignore-tls13-downgrade" | - "-allow-hint-mismatch" | - "-fips-202205" | - "-wpa-202304" | - "-srtp-profiles" | - "-permute-extensions" | - "-signed-cert-timestamps" | - "-on-initial-expect-peer-cert-file" => { - println!("NYI option {:?}", arg); - process::exit(BOGO_NACK); - } - - _ => { - println!("unhandled option {:?}", arg); - process::exit(1); - } - } - } - - println!("opts {:?}", opts); - - let (client_cfg, mut server_cfg) = match opts.side { - Side::Client => (Some(make_client_cfg(&opts)), None), - Side::Server => (None, Some(make_server_cfg(&opts))), - }; - - fn make_session( - opts: &Options, - scfg: &Option>, - ccfg: &Option>, - ) -> Connection { - assert!(opts.quic_transport_params.is_empty()); - assert!(opts - .expect_quic_transport_params - .is_empty()); - - if opts.side == Side::Server { - let scfg = Arc::clone(scfg.as_ref().unwrap()); - ServerConnection::new(scfg) - .unwrap() - .into() - } else { - let server_name = opts - .host_name - .as_str() - .try_into() - .unwrap(); - let ccfg = Arc::clone(ccfg.as_ref().unwrap()); - - ClientConnection::new(ccfg, server_name) - .unwrap() - .into() - } - } - - for i in 0..opts.resumes + 1 { - let sess = make_session(&opts, &server_cfg, &client_cfg); - exec(&opts, sess, i); - if opts.resume_with_tickets_disabled { - opts.tickets = false; - server_cfg = Some(make_server_cfg(&opts)); - } - } + bogo_shim_impl::main(); } diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs new file mode 100644 index 0000000000..49a0b74362 --- /dev/null +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -0,0 +1,1294 @@ +// This is a test shim for the BoringSSL-Go ('bogo') TLS +// test suite. See bogo/ for this in action. +// +// https://boringssl.googlesource.com/boringssl/+/master/ssl/test +// +use rustls::client::danger::HandshakeSignatureValid; +use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier}; +use rustls::crypto::SupportedKxGroup; +use rustls::internal::msgs::codec::Codec; +use rustls::internal::msgs::persist::ServerSessionValue; +use rustls::server::{ClientHello, ServerConfig, ServerConnection}; +use rustls::{ + self, client, server, sign, version, AlertDescription, CertificateError, Connection, + DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, PeerIncompatible, + PeerMisbehaved, ProtocolVersion, ServerName, Side, SignatureAlgorithm, SignatureScheme, + SupportedProtocolVersion, +}; + +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +use rustls::crypto::aws_lc_rs as provider; +#[cfg(feature = "ring")] +use rustls::crypto::ring as provider; + +use base64::prelude::{Engine, BASE64_STANDARD}; +use pki_types::{CertificateDer, PrivateKeyDer, UnixTime}; + +use std::fmt::{Debug, Formatter}; +use std::io::{self, BufReader, Read, Write}; +use std::sync::Arc; +use std::time; +use std::{env, fs, net, process, thread}; + +static BOGO_NACK: i32 = 89; + +macro_rules! println_err( + ($($arg:tt)*) => { { + writeln!(&mut ::std::io::stderr(), $($arg)*).unwrap(); + } } +); + +#[derive(Debug)] +struct Options { + port: u16, + side: Side, + max_fragment: Option, + resumes: usize, + verify_peer: bool, + require_any_client_cert: bool, + offer_no_client_cas: bool, + tickets: bool, + resume_with_tickets_disabled: bool, + queue_data: bool, + queue_data_on_resume: bool, + only_write_one_byte_after_handshake: bool, + only_write_one_byte_after_handshake_on_resume: bool, + shut_down_after_handshake: bool, + check_close_notify: bool, + host_name: String, + use_sni: bool, + key_file: String, + cert_file: String, + protocols: Vec, + reject_alpn: bool, + support_tls13: bool, + support_tls12: bool, + min_version: Option, + max_version: Option, + server_ocsp_response: Vec, + use_signing_scheme: u16, + curves: Option>, + export_keying_material: usize, + export_keying_material_label: String, + export_keying_material_context: String, + export_keying_material_context_used: bool, + read_size: usize, + quic_transport_params: Vec, + expect_quic_transport_params: Vec, + enable_early_data: bool, + expect_ticket_supports_early_data: bool, + expect_accept_early_data: bool, + expect_reject_early_data: bool, + expect_version: u16, + resumption_delay: u32, + queue_early_data_after_received_messages: Vec, +} + +impl Options { + fn new() -> Self { + Options { + port: 0, + side: Side::Client, + max_fragment: None, + resumes: 0, + verify_peer: false, + tickets: true, + resume_with_tickets_disabled: false, + host_name: "example.com".to_string(), + use_sni: false, + queue_data: false, + queue_data_on_resume: false, + only_write_one_byte_after_handshake: false, + only_write_one_byte_after_handshake_on_resume: false, + shut_down_after_handshake: false, + check_close_notify: false, + require_any_client_cert: false, + offer_no_client_cas: false, + key_file: "".to_string(), + cert_file: "".to_string(), + protocols: vec![], + reject_alpn: false, + support_tls13: true, + support_tls12: true, + min_version: None, + max_version: None, + server_ocsp_response: vec![], + use_signing_scheme: 0, + curves: None, + export_keying_material: 0, + export_keying_material_label: "".to_string(), + export_keying_material_context: "".to_string(), + export_keying_material_context_used: false, + read_size: 512, + quic_transport_params: vec![], + expect_quic_transport_params: vec![], + enable_early_data: false, + expect_ticket_supports_early_data: false, + expect_accept_early_data: false, + expect_reject_early_data: false, + expect_version: 0, + resumption_delay: 0, + queue_early_data_after_received_messages: vec![], + } + } + + fn version_allowed(&self, vers: ProtocolVersion) -> bool { + (self.min_version.is_none() || vers.get_u16() >= self.min_version.unwrap().get_u16()) + && (self.max_version.is_none() || vers.get_u16() <= self.max_version.unwrap().get_u16()) + } + + fn tls13_supported(&self) -> bool { + self.support_tls13 && self.version_allowed(ProtocolVersion::TLSv1_3) + } + + fn tls12_supported(&self) -> bool { + self.support_tls12 && self.version_allowed(ProtocolVersion::TLSv1_2) + } + + fn supported_versions(&self) -> Vec<&'static SupportedProtocolVersion> { + let mut versions = vec![]; + + if self.tls12_supported() { + versions.push(&version::TLS12); + } + + if self.tls13_supported() { + versions.push(&version::TLS13); + } + versions + } +} + +fn load_cert(filename: &str) -> Vec> { + let certfile = fs::File::open(filename).expect("cannot open certificate file"); + let mut reader = BufReader::new(certfile); + rustls_pemfile::certs(&mut reader) + .map(|result| result.unwrap()) + .collect() +} + +fn load_key(filename: &str) -> PrivateKeyDer<'static> { + let keyfile = fs::File::open(filename).expect("cannot open private key file"); + let mut reader = BufReader::new(keyfile); + let mut keys = rustls_pemfile::pkcs8_private_keys(&mut reader) + .map(|result| result.unwrap()) + .collect::>(); + assert!(keys.len() == 1); + keys.pop().unwrap().into() +} + +fn split_protocols(protos: &str) -> Vec { + let mut ret = Vec::new(); + + let mut offs = 0; + while offs < protos.len() { + let len = protos.as_bytes()[offs] as usize; + let item = protos[offs + 1..offs + 1 + len].to_string(); + ret.push(item); + offs += 1 + len; + } + + ret +} + +#[derive(Debug)] +struct DummyClientAuth { + mandatory: bool, +} + +impl server::danger::ClientCertVerifier for DummyClientAuth { + fn offer_client_auth(&self) -> bool { + true + } + + fn client_auth_mandatory(&self) -> bool { + self.mandatory + } + + fn root_hint_subjects(&self) -> &[DistinguishedName] { + &[] + } + + fn verify_client_cert( + &self, + _end_entity: &CertificateDer<'_>, + _intermediates: &[CertificateDer<'_>], + _now: UnixTime, + ) -> Result { + Ok(server::danger::ClientCertVerified::assertion()) + } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + } + + fn supported_verify_schemes(&self) -> Vec { + WebPkiServerVerifier::default_supported_verify_schemes() + } +} + +#[derive(Debug)] +struct DummyServerAuth {} + +impl client::danger::ServerCertVerifier for DummyServerAuth { + fn verify_server_cert( + &self, + _end_entity: &CertificateDer<'_>, + _certs: &[CertificateDer<'_>], + _hostname: &ServerName, + _ocsp: &[u8], + _now: UnixTime, + ) -> Result { + Ok(client::danger::ServerCertVerified::assertion()) + } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + } + + fn supported_verify_schemes(&self) -> Vec { + WebPkiServerVerifier::default_supported_verify_schemes() + } +} + +#[derive(Debug)] +struct FixedSignatureSchemeSigningKey { + key: Arc, + scheme: SignatureScheme, +} + +impl sign::SigningKey for FixedSignatureSchemeSigningKey { + fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { + if offered.contains(&self.scheme) { + self.key.choose_scheme(&[self.scheme]) + } else { + self.key.choose_scheme(&[]) + } + } + fn algorithm(&self) -> SignatureAlgorithm { + self.key.algorithm() + } +} + +#[derive(Debug)] +struct FixedSignatureSchemeServerCertResolver { + resolver: Arc, + scheme: SignatureScheme, +} + +impl server::ResolvesServerCert for FixedSignatureSchemeServerCertResolver { + fn resolve(&self, client_hello: ClientHello) -> Option> { + let mut certkey = self.resolver.resolve(client_hello)?; + Arc::make_mut(&mut certkey).key = Arc::new(FixedSignatureSchemeSigningKey { + key: certkey.key.clone(), + scheme: self.scheme, + }); + Some(certkey) + } +} + +#[derive(Debug)] +struct FixedSignatureSchemeClientCertResolver { + resolver: Arc, + scheme: SignatureScheme, +} + +impl client::ResolvesClientCert for FixedSignatureSchemeClientCertResolver { + fn resolve( + &self, + root_hint_subjects: &[&[u8]], + sigschemes: &[SignatureScheme], + ) -> Option> { + if !sigschemes.contains(&self.scheme) { + quit(":NO_COMMON_SIGNATURE_ALGORITHMS:"); + } + let mut certkey = self + .resolver + .resolve(root_hint_subjects, sigschemes)?; + Arc::make_mut(&mut certkey).key = Arc::new(FixedSignatureSchemeSigningKey { + key: certkey.key.clone(), + scheme: self.scheme, + }); + Some(certkey) + } + + fn has_certs(&self) -> bool { + self.resolver.has_certs() + } +} + +fn lookup_scheme(scheme: u16) -> SignatureScheme { + match scheme { + 0x0401 => SignatureScheme::RSA_PKCS1_SHA256, + 0x0501 => SignatureScheme::RSA_PKCS1_SHA384, + 0x0601 => SignatureScheme::RSA_PKCS1_SHA512, + 0x0403 => SignatureScheme::ECDSA_NISTP256_SHA256, + 0x0503 => SignatureScheme::ECDSA_NISTP384_SHA384, + 0x0804 => SignatureScheme::RSA_PSS_SHA256, + 0x0805 => SignatureScheme::RSA_PSS_SHA384, + 0x0806 => SignatureScheme::RSA_PSS_SHA512, + 0x0807 => SignatureScheme::ED25519, + // TODO: add support for Ed448 + // 0x0808 => SignatureScheme::ED448, + _ => { + println_err!("Unsupported signature scheme {:04x}", scheme); + process::exit(BOGO_NACK); + } + } +} + +fn lookup_kx_group(group: u16) -> &'static dyn SupportedKxGroup { + match group { + 0x001d => provider::kx_group::X25519, + 0x0017 => provider::kx_group::SECP256R1, + 0x0018 => provider::kx_group::SECP384R1, + _ => { + println_err!("Unsupported kx group {:04x}", group); + process::exit(BOGO_NACK); + } + } +} + +#[derive(Debug)] +struct ServerCacheWithResumptionDelay { + delay: u32, + storage: Arc, +} + +impl ServerCacheWithResumptionDelay { + fn new(delay: u32) -> Arc { + Arc::new(Self { + delay, + storage: server::ServerSessionMemoryCache::new(32), + }) + } +} + +fn align_time() { + /* we don't have an injectable clock source in rustls' public api, and + * resumption timing is in seconds resolution, so tests that use + * resumption_delay tend to be flickery if the seconds time ticks + * during this. + * + * this function delays until a fresh second ticks, which alleviates + * this. gross! + */ + fn sample() -> u64 { + time::SystemTime::now() + .duration_since(time::SystemTime::UNIX_EPOCH) + .unwrap() + .as_secs() + } + + let start_secs = sample(); + while start_secs == sample() { + thread::sleep(time::Duration::from_millis(20)); + } +} + +impl server::StoresServerSessions for ServerCacheWithResumptionDelay { + fn put(&self, key: Vec, value: Vec) -> bool { + let mut ssv = ServerSessionValue::read_bytes(&value).unwrap(); + ssv.creation_time_sec -= self.delay as u64; + + self.storage + .put(key, ssv.get_encoding()) + } + + fn get(&self, key: &[u8]) -> Option> { + self.storage.get(key) + } + + fn take(&self, key: &[u8]) -> Option> { + self.storage.take(key) + } + + fn can_cache(&self) -> bool { + self.storage.can_cache() + } +} + +fn make_server_cfg(opts: &Options) -> Arc { + let client_auth = + if opts.verify_peer || opts.offer_no_client_cas || opts.require_any_client_cert { + Arc::new(DummyClientAuth { + mandatory: opts.require_any_client_cert, + }) + } else { + server::WebPkiClientVerifier::no_client_auth() + }; + + let cert = load_cert(&opts.cert_file); + let key = load_key(&opts.key_file); + + let kx_groups = if let Some(curves) = &opts.curves { + curves + .iter() + .map(|curveid| lookup_kx_group(*curveid)) + .collect() + } else { + provider::ALL_KX_GROUPS.to_vec() + }; + + let mut cfg = ServerConfig::builder() + .with_safe_default_cipher_suites() + .with_kx_groups(&kx_groups) + .with_protocol_versions(&opts.supported_versions()) + .unwrap() + .with_client_cert_verifier(client_auth) + .with_single_cert_with_ocsp(cert.clone(), key, opts.server_ocsp_response.clone()) + .unwrap(); + + cfg.session_storage = ServerCacheWithResumptionDelay::new(opts.resumption_delay); + cfg.max_fragment_size = opts.max_fragment; + cfg.send_tls13_tickets = 1; + + if opts.use_signing_scheme > 0 { + let scheme = lookup_scheme(opts.use_signing_scheme); + cfg.cert_resolver = Arc::new(FixedSignatureSchemeServerCertResolver { + resolver: cfg.cert_resolver.clone(), + scheme, + }); + } + + if opts.tickets { + cfg.ticketer = provider::Ticketer::new().unwrap(); + } else if opts.resumes == 0 { + cfg.session_storage = Arc::new(server::NoServerSessionStorage {}); + } + + if !opts.protocols.is_empty() { + cfg.alpn_protocols = opts + .protocols + .iter() + .map(|proto| proto.as_bytes().to_vec()) + .collect::>(); + } + + if opts.reject_alpn { + cfg.alpn_protocols = vec![b"invalid".to_vec()]; + } + + if opts.enable_early_data { + // see kMaxEarlyDataAccepted in boringssl, which bogo validates + cfg.max_early_data_size = 14336; + cfg.send_half_rtt_data = true; + } + + Arc::new(cfg) +} + +struct ClientCacheWithoutKxHints { + delay: u32, + storage: Arc, +} + +impl ClientCacheWithoutKxHints { + fn new(delay: u32) -> Arc { + Arc::new(ClientCacheWithoutKxHints { + delay, + storage: Arc::new(client::ClientSessionMemoryCache::new(32)), + }) + } +} + +impl client::ClientSessionStore for ClientCacheWithoutKxHints { + fn set_kx_hint(&self, _: &ServerName, _: NamedGroup) {} + fn kx_hint(&self, _: &ServerName) -> Option { + None + } + + fn set_tls12_session( + &self, + server_name: &ServerName, + mut value: client::Tls12ClientSessionValue, + ) { + value.rewind_epoch(self.delay); + self.storage + .set_tls12_session(server_name, value); + } + + fn tls12_session(&self, server_name: &ServerName) -> Option { + self.storage.tls12_session(server_name) + } + + fn remove_tls12_session(&self, server_name: &ServerName) { + self.storage + .remove_tls12_session(server_name); + } + + fn insert_tls13_ticket( + &self, + server_name: &ServerName, + mut value: client::Tls13ClientSessionValue, + ) { + value.rewind_epoch(self.delay); + self.storage + .insert_tls13_ticket(server_name, value) + } + + fn take_tls13_ticket( + &self, + server_name: &ServerName, + ) -> Option { + self.storage + .take_tls13_ticket(server_name) + } +} + +impl Debug for ClientCacheWithoutKxHints { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + // Note: we omit self.storage here as it may contain sensitive data. + f.debug_struct("ClientCacheWithoutKxHints") + .field("delay", &self.delay) + .finish() + } +} + +fn make_client_cfg(opts: &Options) -> Arc { + let kx_groups = if let Some(curves) = &opts.curves { + curves + .iter() + .map(|curveid| lookup_kx_group(*curveid)) + .collect() + } else { + provider::ALL_KX_GROUPS.to_vec() + }; + + let cfg = ClientConfig::builder() + .with_safe_default_cipher_suites() + .with_kx_groups(&kx_groups) + .with_protocol_versions(&opts.supported_versions()) + .expect("inconsistent settings") + .dangerous() + .with_custom_certificate_verifier(Arc::new(DummyServerAuth {})); + + let mut cfg = if !opts.cert_file.is_empty() && !opts.key_file.is_empty() { + let cert = load_cert(&opts.cert_file); + let key = load_key(&opts.key_file); + cfg.with_client_auth_cert(cert, key) + .unwrap() + } else { + cfg.with_no_client_auth() + }; + + if !opts.cert_file.is_empty() && opts.use_signing_scheme > 0 { + let scheme = lookup_scheme(opts.use_signing_scheme); + cfg.client_auth_cert_resolver = Arc::new(FixedSignatureSchemeClientCertResolver { + resolver: cfg.client_auth_cert_resolver.clone(), + scheme, + }); + } + + cfg.resumption = Resumption::store(ClientCacheWithoutKxHints::new(opts.resumption_delay)); + cfg.enable_sni = opts.use_sni; + cfg.max_fragment_size = opts.max_fragment; + + if !opts.protocols.is_empty() { + cfg.alpn_protocols = opts + .protocols + .iter() + .map(|proto| proto.as_bytes().to_vec()) + .collect(); + } + + if opts.enable_early_data { + cfg.enable_early_data = true; + } + + Arc::new(cfg) +} + +fn quit(why: &str) -> ! { + println_err!("{}", why); + process::exit(0) +} + +fn quit_err(why: &str) -> ! { + println_err!("{}", why); + process::exit(1) +} + +fn handle_err(err: Error) -> ! { + println!("TLS error: {:?}", err); + thread::sleep(time::Duration::from_millis(100)); + + match err { + Error::InappropriateHandshakeMessage { .. } | Error::InappropriateMessage { .. } => { + quit(":UNEXPECTED_MESSAGE:") + } + Error::AlertReceived(AlertDescription::RecordOverflow) => { + quit(":TLSV1_ALERT_RECORD_OVERFLOW:") + } + Error::AlertReceived(AlertDescription::HandshakeFailure) => quit(":HANDSHAKE_FAILURE:"), + Error::AlertReceived(AlertDescription::ProtocolVersion) => quit(":WRONG_VERSION:"), + Error::AlertReceived(AlertDescription::InternalError) => { + quit(":PEER_ALERT_INTERNAL_ERROR:") + } + Error::InvalidMessage( + InvalidMessage::MissingData("AlertDescription") + | InvalidMessage::TrailingData("AlertMessagePayload"), + ) => quit(":BAD_ALERT:"), + Error::InvalidMessage( + InvalidMessage::TrailingData("ChangeCipherSpecPayload") | InvalidMessage::InvalidCcs, + ) => quit(":BAD_CHANGE_CIPHER_SPEC:"), + Error::InvalidMessage( + InvalidMessage::InvalidKeyUpdate + | InvalidMessage::MissingData(_) + | InvalidMessage::TrailingData(_) + | InvalidMessage::UnexpectedMessage("HelloRetryRequest") + | InvalidMessage::NoSignatureSchemes + | InvalidMessage::UnsupportedCompression, + ) => quit(":BAD_HANDSHAKE_MSG:"), + Error::InvalidMessage(InvalidMessage::InvalidCertRequest) + | Error::InvalidMessage(InvalidMessage::InvalidDhParams) + | Error::InvalidMessage(InvalidMessage::MissingKeyExchange) => quit(":BAD_HANDSHAKE_MSG:"), + Error::InvalidMessage(InvalidMessage::InvalidContentType) + | Error::InvalidMessage(InvalidMessage::InvalidEmptyPayload) + | Error::InvalidMessage(InvalidMessage::UnknownProtocolVersion) + | Error::InvalidMessage(InvalidMessage::MessageTooLarge) => quit(":GARBAGE:"), + Error::InvalidMessage(InvalidMessage::UnexpectedMessage(_)) => quit(":GARBAGE:"), + Error::DecryptError => quit(":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:"), + Error::NoApplicationProtocol => quit(":NO_APPLICATION_PROTOCOL:"), + Error::PeerIncompatible( + PeerIncompatible::ServerSentHelloRetryRequestWithUnknownExtension, + ) => quit(":UNEXPECTED_EXTENSION:"), + Error::PeerIncompatible(_) => quit(":INCOMPATIBLE:"), + Error::PeerMisbehaved(PeerMisbehaved::MissingPskModesExtension) => { + quit(":MISSING_EXTENSION:") + } + Error::PeerMisbehaved(PeerMisbehaved::TooMuchEarlyDataReceived) => { + quit(":TOO_MUCH_READ_EARLY_DATA:") + } + Error::PeerMisbehaved(_) => quit(":PEER_MISBEHAVIOUR:"), + Error::NoCertificatesPresented => quit(":NO_CERTS:"), + Error::AlertReceived(AlertDescription::UnexpectedMessage) => quit(":BAD_ALERT:"), + Error::AlertReceived(AlertDescription::DecompressionFailure) => { + quit_err(":SSLV3_ALERT_DECOMPRESSION_FAILURE:") + } + Error::InvalidCertificate(CertificateError::BadEncoding) => { + quit(":CANNOT_PARSE_LEAF_CERT:") + } + Error::InvalidCertificate(CertificateError::BadSignature) => quit(":BAD_SIGNATURE:"), + Error::InvalidCertificate(e) => quit(&format!(":BAD_CERT: ({:?})", e)), + Error::PeerSentOversizedRecord => quit(":DATA_LENGTH_TOO_LONG:"), + _ => { + println_err!("unhandled error: {:?}", err); + quit(":FIXME:") + } + } +} + +fn flush(sess: &mut Connection, conn: &mut net::TcpStream) { + while sess.wants_write() { + if let Err(err) = sess.write_tls(conn) { + println!("IO error: {:?}", err); + process::exit(0); + } + } + conn.flush().unwrap(); +} + +fn client(conn: &mut Connection) -> &mut ClientConnection { + conn.try_into().unwrap() +} + +fn server(conn: &mut Connection) -> &mut ServerConnection { + match conn { + Connection::Server(s) => s, + _ => panic!("Connection is not a ServerConnection"), + } +} + +const MAX_MESSAGE_SIZE: usize = 0xffff + 5; + +fn after_read(sess: &mut Connection, conn: &mut net::TcpStream) { + if let Err(err) = sess.process_new_packets() { + flush(sess, conn); /* send any alerts before exiting */ + handle_err(err); + } +} + +fn read_n_bytes(sess: &mut Connection, conn: &mut net::TcpStream, n: usize) { + let mut bytes = [0u8; MAX_MESSAGE_SIZE]; + match conn.read(&mut bytes[..n]) { + Ok(count) => { + println!("read {:?} bytes", count); + sess.read_tls(&mut io::Cursor::new(&mut bytes[..count])) + .expect("read_tls not expected to fail reading from buffer"); + } + Err(ref err) if err.kind() == io::ErrorKind::ConnectionReset => {} + Err(err) => panic!("invalid read: {}", err), + }; + + after_read(sess, conn); +} + +fn read_all_bytes(sess: &mut Connection, conn: &mut net::TcpStream) { + match sess.read_tls(conn) { + Ok(_) => {} + Err(ref err) if err.kind() == io::ErrorKind::ConnectionReset => {} + Err(err) => panic!("invalid read: {}", err), + }; + + after_read(sess, conn); +} + +fn exec(opts: &Options, mut sess: Connection, count: usize) { + let mut sent_message = false; + + let addrs = [ + net::SocketAddr::from((net::Ipv6Addr::LOCALHOST, opts.port)), + net::SocketAddr::from((net::Ipv4Addr::LOCALHOST, opts.port)), + ]; + let mut conn = net::TcpStream::connect(&addrs[..]).expect("cannot connect"); + let mut sent_shutdown = false; + let mut sent_exporter = false; + let mut quench_writes = false; + + loop { + if !sent_message && (opts.queue_data || (opts.queue_data_on_resume && count > 0)) { + if !opts + .queue_early_data_after_received_messages + .is_empty() + { + flush(&mut sess, &mut conn); + for message_size_estimate in &opts.queue_early_data_after_received_messages { + read_n_bytes(&mut sess, &mut conn, *message_size_estimate); + } + println!("now ready for early data"); + } + + if count > 0 && opts.enable_early_data { + let len = client(&mut sess) + .early_data() + .expect("0rtt not available") + .write(b"hello") + .expect("0rtt write failed"); + sess.writer() + .write_all(&b"hello"[len..]) + .unwrap(); + sent_message = true; + } else if !opts.only_write_one_byte_after_handshake { + let _ = sess.writer().write_all(b"hello"); + sent_message = true; + } + } + + if !quench_writes { + flush(&mut sess, &mut conn); + } + + if sess.wants_read() { + read_all_bytes(&mut sess, &mut conn); + } + + if opts.side == Side::Server && opts.enable_early_data { + if let Some(ref mut ed) = server(&mut sess).early_data() { + let mut data = Vec::new(); + let data_len = ed + .read_to_end(&mut data) + .expect("cannot read early_data"); + + for b in data.iter_mut() { + *b ^= 0xff; + } + + sess.writer() + .write_all(&data[..data_len]) + .expect("cannot echo early_data in 1rtt data"); + } + } + + if !sess.is_handshaking() && opts.export_keying_material > 0 && !sent_exporter { + let mut export = vec![0; opts.export_keying_material]; + sess.export_keying_material( + &mut export, + opts.export_keying_material_label + .as_bytes(), + if opts.export_keying_material_context_used { + Some( + opts.export_keying_material_context + .as_bytes(), + ) + } else { + None + }, + ) + .unwrap(); + sess.writer() + .write_all(&export) + .unwrap(); + sent_exporter = true; + } + + if !sess.is_handshaking() && opts.only_write_one_byte_after_handshake && !sent_message { + println!("writing message and then only one byte of its tls frame"); + flush(&mut sess, &mut conn); + + sess.writer() + .write_all(b"hello") + .unwrap(); + sent_message = true; + + let mut one_byte = [0u8]; + let mut cursor = io::Cursor::new(&mut one_byte[..]); + sess.write_tls(&mut cursor).unwrap(); + conn.write_all(&one_byte) + .expect("IO error"); + + quench_writes = true; + } + + if opts.enable_early_data + && opts.side == Side::Client + && !sess.is_handshaking() + && count > 0 + { + if opts.expect_accept_early_data && !client(&mut sess).is_early_data_accepted() { + quit_err("Early data was not accepted, but we expect the opposite"); + } else if opts.expect_reject_early_data && client(&mut sess).is_early_data_accepted() { + quit_err("Early data was accepted, but we expect the opposite"); + } + if opts.expect_version == 0x0304 { + match sess.protocol_version() { + Some(ProtocolVersion::TLSv1_3) | Some(ProtocolVersion::Unknown(0x7f17)) => {} + _ => quit_err("wrong protocol version"), + } + } + } + + let mut buf = [0u8; 1024]; + let len = match sess + .reader() + .read(&mut buf[..opts.read_size]) + { + Ok(0) => { + if opts.check_close_notify { + println!("close notify ok"); + } + println!("EOF (tls)"); + return; + } + Ok(len) => len, + Err(err) if err.kind() == io::ErrorKind::WouldBlock => 0, + Err(err) if err.kind() == io::ErrorKind::UnexpectedEof => { + if opts.check_close_notify { + quit_err(":CLOSE_WITHOUT_CLOSE_NOTIFY:"); + } + println!("EOF (tcp)"); + return; + } + Err(err) => panic!("unhandled read error {:?}", err), + }; + + if opts.shut_down_after_handshake && !sent_shutdown && !sess.is_handshaking() { + sess.send_close_notify(); + sent_shutdown = true; + } + + if quench_writes && len > 0 { + println!("unquenching writes after {:?}", len); + quench_writes = false; + } + + for b in buf.iter_mut() { + *b ^= 0xff; + } + + sess.writer() + .write_all(&buf[..len]) + .unwrap(); + } +} + +pub fn main() { + let mut args: Vec<_> = env::args().collect(); + env_logger::init(); + + args.remove(0); + + if !args.is_empty() && args[0] == "-is-handshaker-supported" { + println!("No"); + process::exit(0); + } + println!("options: {:?}", args); + + let mut opts = Options::new(); + + while !args.is_empty() { + let arg = args.remove(0); + match arg.as_ref() { + "-port" => { + opts.port = args.remove(0).parse::().unwrap(); + } + "-server" => { + opts.side = Side::Server; + } + "-key-file" => { + opts.key_file = args.remove(0); + } + "-cert-file" => { + opts.cert_file = args.remove(0); + } + "-resume-count" => { + opts.resumes = args.remove(0).parse::().unwrap(); + } + "-no-tls13" => { + opts.support_tls13 = false; + } + "-no-tls12" => { + opts.support_tls12 = false; + } + "-min-version" => { + let min = args.remove(0).parse::().unwrap(); + opts.min_version = Some(ProtocolVersion::Unknown(min)); + } + "-max-version" => { + let max = args.remove(0).parse::().unwrap(); + opts.max_version = Some(ProtocolVersion::Unknown(max)); + } + "-max-send-fragment" => { + let max_fragment = args.remove(0).parse::().unwrap(); + opts.max_fragment = Some(max_fragment + 5); // ours includes header + } + "-read-size" => { + let rdsz = args.remove(0).parse::().unwrap(); + opts.read_size = rdsz; + } + "-tls13-variant" => { + let variant = args.remove(0).parse::().unwrap(); + if variant != 1 { + println!("NYI TLS1.3 variant selection: {:?} {:?}", arg, variant); + process::exit(BOGO_NACK); + } + } + "-no-ticket" => { + opts.tickets = false; + } + "-on-resume-no-ticket" => { + opts.resume_with_tickets_disabled = true; + } + "-signing-prefs" => { + let alg = args.remove(0).parse::().unwrap(); + opts.use_signing_scheme = alg; + } + "-max-cert-list" | + "-expect-curve-id" | + "-expect-resume-curve-id" | + "-expect-peer-signature-algorithm" | + "-expect-peer-verify-pref" | + "-expect-advertised-alpn" | + "-expect-alpn" | + "-on-initial-expect-alpn" | + "-on-resume-expect-alpn" | + "-on-retry-expect-alpn" | + "-expect-server-name" | + "-expect-ocsp-response" | + "-expect-signed-cert-timestamps" | + "-expect-certificate-types" | + "-expect-client-ca-list" | + "-on-retry-expect-early-data-reason" | + "-on-resume-expect-early-data-reason" | + "-on-initial-expect-early-data-reason" | + "-on-initial-expect-cipher" | + "-on-resume-expect-cipher" | + "-on-retry-expect-cipher" | + "-expect-ticket-age-skew" | + "-handshaker-path" | + "-application-settings" | + "-expect-msg-callback" => { + println!("not checking {} {}; NYI", arg, args.remove(0)); + } + + "-expect-secure-renegotiation" | + "-expect-no-session-id" | + "-enable-ed25519" | + "-expect-hrr" | + "-expect-no-hrr" | + "-on-resume-expect-no-offer-early-data" | + "-key-update" | //< we could implement an API for this + "-expect-tls13-downgrade" | + "-enable-signed-cert-timestamps" | + "-expect-session-id" => { + println!("not checking {}; NYI", arg); + } + + "-export-keying-material" => { + opts.export_keying_material = args.remove(0).parse::().unwrap(); + } + "-export-label" => { + opts.export_keying_material_label = args.remove(0); + } + "-export-context" => { + opts.export_keying_material_context = args.remove(0); + } + "-use-export-context" => { + opts.export_keying_material_context_used = true; + } + "-quic-transport-params" => { + opts.quic_transport_params = BASE64_STANDARD.decode(args.remove(0).as_bytes()) + .expect("invalid base64"); + } + "-expect-quic-transport-params" => { + opts.expect_quic_transport_params = BASE64_STANDARD.decode(args.remove(0).as_bytes()) + .expect("invalid base64"); + } + + "-ocsp-response" => { + opts.server_ocsp_response = BASE64_STANDARD.decode(args.remove(0).as_bytes()) + .expect("invalid base64"); + } + "-select-alpn" => { + opts.protocols.push(args.remove(0)); + } + "-require-any-client-certificate" => { + opts.require_any_client_cert = true; + } + "-verify-peer" => { + opts.verify_peer = true; + } + "-shim-writes-first" => { + opts.queue_data = true; + } + "-read-with-unfinished-write" => { + opts.queue_data = true; + opts.only_write_one_byte_after_handshake = true; + } + "-shim-shuts-down" => { + opts.shut_down_after_handshake = true; + } + "-check-close-notify" => { + opts.check_close_notify = true; + } + "-host-name" => { + opts.host_name = args.remove(0); + opts.use_sni = true; + } + "-advertise-alpn" => { + opts.protocols = split_protocols(&args.remove(0)); + } + "-reject-alpn" => { + opts.reject_alpn = true; + } + "-use-null-client-ca-list" => { + opts.offer_no_client_cas = true; + } + "-enable-early-data" => { + opts.tickets = false; + opts.enable_early_data = true; + } + "-on-resume-shim-writes-first" => { + opts.queue_data_on_resume = true; + } + "-on-resume-read-with-unfinished-write" => { + opts.queue_data_on_resume = true; + opts.only_write_one_byte_after_handshake_on_resume = true; + } + "-on-resume-early-write-after-message" => { + opts.queue_early_data_after_received_messages= match args.remove(0).parse::().unwrap() { + // estimate where these messages appear in the server's first flight. + 2 => vec![5 + 128 + 5 + 32], + 8 => vec![5 + 128 + 5 + 32, 5 + 64], + _ => { + panic!("unhandled -on-resume-early-write-after-message"); + } + }; + opts.queue_data_on_resume = true; + } + "-expect-ticket-supports-early-data" => { + opts.expect_ticket_supports_early_data = true; + } + "-expect-accept-early-data" | + "-on-resume-expect-accept-early-data" => { + opts.expect_accept_early_data = true; + } + "-expect-early-data-reason" | + "-on-resume-expect-reject-early-data-reason" => { + let reason = args.remove(0); + match reason.as_str() { + "disabled" | "protocol_version" => { + opts.expect_reject_early_data = true; + } + _ => { + println!("NYI early data reason: {}", reason); + process::exit(1); + } + } + } + "-expect-reject-early-data" | + "-on-resume-expect-reject-early-data" => { + opts.expect_reject_early_data = true; + } + "-expect-version" => { + opts.expect_version = args.remove(0).parse::().unwrap(); + } + "-curves" => { + let curve = args.remove(0).parse::().unwrap(); + if let Some(mut curves) = opts.curves.take() { + curves.push(curve); + } else { + opts.curves = Some(vec![ curve ]); + } + } + "-resumption-delay" => { + opts.resumption_delay = args.remove(0).parse::().unwrap(); + align_time(); + } + + // defaults: + "-enable-all-curves" | + "-renegotiate-ignore" | + "-no-tls11" | + "-no-tls1" | + "-no-ssl3" | + "-handoff" | + "-decline-alpn" | + "-expect-no-session" | + "-expect-session-miss" | + "-expect-extended-master-secret" | + "-expect-ticket-renewal" | + "-enable-ocsp-stapling" | + // internal openssl details: + "-async" | + "-implicit-handshake" | + "-use-old-client-cert-callback" | + "-use-early-callback" => {} + + // Not implemented things + "-dtls" | + "-cipher" | + "-psk" | + "-renegotiate-freely" | + "-false-start" | + "-fallback-scsv" | + "-fail-early-callback" | + "-fail-cert-callback" | + "-install-ddos-callback" | + "-advertise-npn" | + "-verify-fail" | + "-expect-channel-id" | + "-send-channel-id" | + "-select-next-proto" | + "-expect-verify-result" | + "-send-alert" | + "-digest-prefs" | + "-use-exporter-between-reads" | + "-ticket-key" | + "-tls-unique" | + "-enable-server-custom-extension" | + "-enable-client-custom-extension" | + "-expect-dhe-group-size" | + "-use-ticket-callback" | + "-enable-grease" | + "-enable-channel-id" | + "-expect-early-data-info" | + "-expect-cipher-aes" | + "-retain-only-sha256-client-cert-initial" | + "-use-client-ca-list" | + "-expect-draft-downgrade" | + "-allow-unknown-alpn-protos" | + "-on-initial-tls13-variant" | + "-on-initial-expect-curve-id" | + "-on-resume-export-early-keying-material" | + "-on-resume-enable-early-data" | + "-export-early-keying-material" | + "-handshake-twice" | + "-on-resume-verify-fail" | + "-reverify-on-resume" | + "-verify-prefs" | + "-no-op-extra-handshake" | + "-expect-peer-cert-file" | + "-no-rsa-pss-rsae-certs" | + "-ignore-tls13-downgrade" | + "-allow-hint-mismatch" | + "-fips-202205" | + "-wpa-202304" | + "-srtp-profiles" | + "-permute-extensions" | + "-signed-cert-timestamps" | + "-on-initial-expect-peer-cert-file" => { + println!("NYI option {:?}", arg); + process::exit(BOGO_NACK); + } + + _ => { + println!("unhandled option {:?}", arg); + process::exit(1); + } + } + } + + println!("opts {:?}", opts); + + let (client_cfg, mut server_cfg) = match opts.side { + Side::Client => (Some(make_client_cfg(&opts)), None), + Side::Server => (None, Some(make_server_cfg(&opts))), + }; + + fn make_session( + opts: &Options, + scfg: &Option>, + ccfg: &Option>, + ) -> Connection { + assert!(opts.quic_transport_params.is_empty()); + assert!(opts + .expect_quic_transport_params + .is_empty()); + + if opts.side == Side::Server { + let scfg = Arc::clone(scfg.as_ref().unwrap()); + ServerConnection::new(scfg) + .unwrap() + .into() + } else { + let server_name = opts + .host_name + .as_str() + .try_into() + .unwrap(); + let ccfg = Arc::clone(ccfg.as_ref().unwrap()); + + ClientConnection::new(ccfg, server_name) + .unwrap() + .into() + } + } + + for i in 0..opts.resumes + 1 { + let sess = make_session(&opts, &server_cfg, &client_cfg); + exec(&opts, sess, i); + if opts.resume_with_tickets_disabled { + opts.tickets = false; + server_cfg = Some(make_server_cfg(&opts)); + } + } +} From 538cb78f8371044c80eeefc57318d22a39f9c9e0 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 16 Nov 2023 13:16:43 +0000 Subject: [PATCH 0392/1145] Abolish quic crate feature This reveals that bogo_shim fails to build for `--no-default-features --features tls12`. Feature gate the entire program on `ring | aws-lc-rs`. --- .github/workflows/build.yml | 2 +- bogo/runme | 4 +-- connect-tests/Cargo.toml | 3 -- examples/Cargo.toml | 3 -- rustls/Cargo.toml | 3 +- rustls/examples/internal/bogo_shim.rs | 5 +++ rustls/src/client/hs.rs | 35 ++++++++------------ rustls/src/client/tls13.rs | 44 +++++++++---------------- rustls/src/common_state.rs | 16 +-------- rustls/src/conn.rs | 1 - rustls/src/crypto/aws_lc_rs/mod.rs | 1 - rustls/src/crypto/ring/mod.rs | 1 - rustls/src/crypto/ring/quic.rs | 6 ++-- rustls/src/crypto/ring/tls13.rs | 9 ----- rustls/src/lib.rs | 6 ---- rustls/src/msgs/deframer.rs | 1 - rustls/src/msgs/handshake.rs | 1 - rustls/src/msgs/handshake_test.rs | 1 - rustls/src/msgs/persist.rs | 4 --- rustls/src/quic.rs | 1 - rustls/src/server/hs.rs | 47 +++++++++++++-------------- rustls/src/server/tls13.rs | 43 +++++++++--------------- rustls/src/suites.rs | 1 - rustls/src/tls13/key_schedule.rs | 15 +++------ rustls/src/tls13/mod.rs | 3 -- rustls/tests/api.rs | 1 - rustls/tests/bogo.rs | 2 +- 27 files changed, 85 insertions(+), 174 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9ee68198f6..ff15deb129 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,7 +52,7 @@ jobs: RUST_BACKTRACE: 1 - name: cargo test (debug; aws-lc-rs) - run: cargo test --no-default-features --features aws_lc_rs,tls12,quic,read_buf,logging + run: cargo test --no-default-features --features aws_lc_rs,tls12,read_buf,logging env: RUST_BACKTRACE: 1 diff --git a/bogo/runme b/bogo/runme index cefcfaa7cd..a3b105f5a9 100755 --- a/bogo/runme +++ b/bogo/runme @@ -7,10 +7,10 @@ set -xe case ${BOGO_SHIM_PROVIDER:-ring} in ring) - cargo build --example bogo_shim --features quic + cargo build --example bogo_shim ;; aws-lc-rs) - cargo build --example bogo_shim --no-default-features --features quic,aws_lc_rs,tls12,logging + cargo build --example bogo_shim --no-default-features --features aws_lc_rs,tls12,logging ;; existing) ;; diff --git a/connect-tests/Cargo.toml b/connect-tests/Cargo.toml index 68d32b3cd4..cf381bfa37 100644 --- a/connect-tests/Cargo.toml +++ b/connect-tests/Cargo.toml @@ -6,9 +6,6 @@ license = "Apache-2.0 OR ISC OR MIT" description = "Rustls connectivity based integration tests." publish = false -[features] -quic = ["rustls/quic"] - [dependencies] rustls = { path = "../rustls", features = [ "logging" ]} diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 227f8c949a..b33d7afc62 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -6,9 +6,6 @@ license = "Apache-2.0 OR ISC OR MIT" description = "Rustls example code and tests." publish = false -[features] -quic = ["rustls/quic"] - [dependencies] docopt = "~1.1" env_logger = "0.10" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 2a1d4c101c..552457e442 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -29,7 +29,6 @@ default = ["logging", "ring", "tls12"] logging = ["log"] aws_lc_rs = ["dep:aws-lc-rs", "webpki/aws_lc_rs"] ring = ["dep:ring", "webpki/ring"] -quic = [] tls12 = [] read_buf = ["rustversion"] @@ -44,7 +43,7 @@ base64 = "0.21" [[example]] name = "bogo_shim" path = "examples/internal/bogo_shim.rs" -required-features = ["quic", "tls12"] +required-features = ["tls12"] [[example]] name = "bench" diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs index 2f4790abd7..4b83577b18 100644 --- a/rustls/examples/internal/bogo_shim.rs +++ b/rustls/examples/internal/bogo_shim.rs @@ -1,5 +1,10 @@ +#[cfg(any(feature = "ring", feature = "aws_lc_rs"))] mod bogo_shim_impl; fn main() { + #[cfg(any(feature = "ring", feature = "aws_lc_rs"))] bogo_shim_impl::main(); + + #[cfg(not(any(feature = "ring", feature = "aws_lc_rs")))] + panic!("requires ring or aws_lc_rs feature"); } diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 2b153083da..ca32c492bf 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -46,7 +46,7 @@ pub(super) type ClientContext<'a> = crate::common_state::Context<'a, ClientConne fn find_session( server_name: &ServerName, config: &ClientConfig, - #[cfg(feature = "quic")] cx: &mut ClientContext<'_>, + cx: &mut ClientContext<'_>, ) -> Option> { #[allow(clippy::let_and_return, clippy::unnecessary_lazy_evaluations)] let found = config @@ -79,7 +79,6 @@ fn find_session( None }); - #[cfg(feature = "quic")] if let Some(resuming) = &found { if cx.common.is_quic() { cx.common.quic.params = resuming @@ -105,12 +104,7 @@ pub(super) fn start_handshake( transcript_buffer.set_client_auth_enabled(); } - let mut resuming = find_session( - &server_name, - &config, - #[cfg(feature = "quic")] - cx, - ); + let mut resuming = find_session(&server_name, &config, cx); let key_share = if config.supports_version(ProtocolVersion::TLSv1_3) { Some(tls13::initial_key_share(&config, &server_name)?) @@ -453,20 +447,17 @@ pub(super) fn process_alpn_protocol( } } - #[cfg(feature = "quic")] - { - // RFC 9001 says: "While ALPN only specifies that servers use this alert, QUIC clients MUST - // use error 0x0178 to terminate a connection when ALPN negotiation fails." We judge that - // the user intended to use ALPN (rather than some out-of-band protocol negotiation - // mechanism) iff any ALPN protocols were configured. This defends against badly-behaved - // servers which accept a connection that requires an application-layer protocol they do not - // understand. - if common.is_quic() && common.alpn_protocol.is_none() && !config.alpn_protocols.is_empty() { - return Err(common.send_fatal_alert( - AlertDescription::NoApplicationProtocol, - Error::NoApplicationProtocol, - )); - } + // RFC 9001 says: "While ALPN only specifies that servers use this alert, QUIC clients MUST + // use error 0x0178 to terminate a connection when ALPN negotiation fails." We judge that + // the user intended to use ALPN (rather than some out-of-band protocol negotiation + // mechanism) iff any ALPN protocols were configured. This defends against badly-behaved + // servers which accept a connection that requires an application-layer protocol they do not + // understand. + if common.is_quic() && common.alpn_protocol.is_none() && !config.alpn_protocols.is_empty() { + return Err(common.send_fatal_alert( + AlertDescription::NoApplicationProtocol, + Error::NoApplicationProtocol, + )); } debug!( diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 49642e36e8..48610a2518 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -1,5 +1,4 @@ use crate::check::inappropriate_handshake_message; -#[cfg(feature = "quic")] use crate::common_state::Protocol; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; @@ -392,17 +391,14 @@ impl State for ExpectEncryptedExtensions { validate_encrypted_extensions(cx.common, &self.hello, exts)?; hs::process_alpn_protocol(cx.common, &self.config, exts.get_alpn_protocol())?; - #[cfg(feature = "quic")] - { - // QUIC transport parameters - if cx.common.is_quic() { - match exts.get_quic_params_extension() { - Some(params) => cx.common.quic.params = Some(params), - None => { - return Err(cx - .common - .missing_extension(PeerMisbehaved::MissingQuicTransportParameters)); - } + // QUIC transport parameters + if cx.common.is_quic() { + match exts.get_quic_params_extension() { + Some(params) => cx.common.quic.params = Some(params), + None => { + return Err(cx + .common + .missing_extension(PeerMisbehaved::MissingQuicTransportParameters)); } } } @@ -911,12 +907,11 @@ impl State for ExpectFinished { _fin_verified: fin, }; - #[cfg(feature = "quic")] if cx.common.is_quic() { - return Ok(Box::new(ExpectQuicTraffic(st))); + Ok(Box::new(ExpectQuicTraffic(st))) + } else { + Ok(Box::new(st)) } - - Ok(Box::new(st)) } } @@ -935,7 +930,6 @@ struct ExpectTraffic { } impl ExpectTraffic { - #[allow(clippy::unnecessary_wraps)] // returns Err for #[cfg(feature = "quic")] fn handle_new_ticket_tls13( &mut self, cx: &mut ClientContext<'_>, @@ -969,7 +963,6 @@ impl ExpectTraffic { .unwrap_or_default(), ); - #[cfg(feature = "quic")] if cx.common.is_quic() { if let Some(sz) = nst.get_max_early_data_size() { if sz != 0 && sz != 0xffff_ffff { @@ -992,14 +985,11 @@ impl ExpectTraffic { common: &mut CommonState, key_update_request: &KeyUpdateRequest, ) -> Result<(), Error> { - #[cfg(feature = "quic")] - { - if let Protocol::Quic = common.protocol { - return Err(common.send_fatal_alert( - AlertDescription::UnexpectedMessage, - PeerMisbehaved::KeyUpdateReceivedInQuicConnection, - )); - } + if let Protocol::Quic = common.protocol { + return Err(common.send_fatal_alert( + AlertDescription::UnexpectedMessage, + PeerMisbehaved::KeyUpdateReceivedInQuicConnection, + )); } // Mustn't be interleaved with other handshake messages. @@ -1067,10 +1057,8 @@ impl State for ExpectTraffic { } } -#[cfg(feature = "quic")] struct ExpectQuicTraffic(ExpectTraffic); -#[cfg(feature = "quic")] impl State for ExpectQuicTraffic { fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { let nst = require_handshake_msg!( diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index e14a479045..6a77ba6877 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -6,10 +6,8 @@ use crate::msgs::alert::AlertMessagePayload; use crate::msgs::base::Payload; use crate::msgs::enums::{AlertLevel, KeyUpdateRequest}; use crate::msgs::fragmenter::MessageFragmenter; -#[cfg(feature = "quic")] use crate::msgs::message::MessagePayload; use crate::msgs::message::{BorrowedPlainMessage, Message, OpaqueMessage, PlainMessage}; -#[cfg(feature = "quic")] use crate::quic; use crate::record_layer; use crate::suites::PartiallyExtractedSecrets; @@ -46,10 +44,8 @@ pub struct CommonState { pub(crate) sendable_tls: ChunkVecBuffer, queued_key_update_message: Option>, - #[allow(dead_code)] // only read for QUIC /// Protocol whose key schedule should be used. Unused for TLS < 1.3. pub(crate) protocol: Protocol, - #[cfg(feature = "quic")] pub(crate) quic: quic::Quic, pub(crate) enable_secret_extraction: bool, } @@ -76,9 +72,7 @@ impl CommonState { sendable_plaintext: ChunkVecBuffer::new(Some(DEFAULT_BUFFER_LIMIT)), sendable_tls: ChunkVecBuffer::new(Some(DEFAULT_BUFFER_LIMIT)), queued_key_update_message: None, - protocol: Protocol::Tcp, - #[cfg(feature = "quic")] quic: quic::Quic::default(), enable_secret_extraction: false, } @@ -381,7 +375,6 @@ impl CommonState { /// Send a raw TLS message, fragmenting it if needed. pub(crate) fn send_msg(&mut self, m: Message, must_encrypt: bool) { - #[cfg(feature = "quic")] { if let Protocol::Quic = self.protocol { if let MessagePayload::Alert(alert) = m.payload { @@ -426,7 +419,6 @@ impl CommonState { .prepare_message_decrypter(dec); } - #[cfg(feature = "quic")] pub(crate) fn missing_extension(&mut self, why: PeerMisbehaved) -> Error { self.send_fatal_alert(AlertDescription::MissingExtension, why) } @@ -546,12 +538,7 @@ impl CommonState { } pub(crate) fn is_quic(&self) -> bool { - #[cfg(feature = "quic")] - { - self.protocol == Protocol::Quic - } - #[cfg(not(feature = "quic"))] - false + self.protocol == Protocol::Quic } pub(crate) fn should_update_key( @@ -670,7 +657,6 @@ impl Side { #[derive(Copy, Clone, Eq, PartialEq, Debug)] pub(crate) enum Protocol { Tcp, - #[cfg(feature = "quic")] Quic, } diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index aa75eee929..1bf8bee9b1 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -664,7 +664,6 @@ impl ConnectionCore { } Ok(None) => Ok(None), Err(err @ Error::InvalidMessage(_)) => { - #[cfg(feature = "quic")] if self.common_state.is_quic() { self.common_state.quic.alert = Some(AlertDescription::DecodeError); } diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index e5b3f613eb..f17cf2f27c 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -28,7 +28,6 @@ pub(crate) mod hash; pub(crate) mod hmac; #[path = "../ring/kx.rs"] pub(crate) mod kx; -#[cfg(feature = "quic")] #[path = "../ring/quic.rs"] pub(crate) mod quic; #[path = "../ring/ticketer.rs"] diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 4931f8a248..4d4df8a1dd 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -20,7 +20,6 @@ pub mod sign; pub(crate) mod hash; pub(crate) mod hmac; pub(crate) mod kx; -#[cfg(feature = "quic")] pub(crate) mod quic; pub(crate) mod ticketer; #[cfg(feature = "tls12")] diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 212ff2728f..884d5b8186 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -213,13 +213,13 @@ impl crate::quic::Algorithm for KeyBuilder { mod tests { use super::*; use crate::common_state::Side; - use crate::crypto::ring::tls13::{ - TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, - }; use crate::crypto::tls13::OkmBlock; use crate::quic::HeaderProtectionKey; use crate::quic::PacketKey; use crate::quic::*; + use crate::test_provider::tls13::{ + TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, + }; use crate::tls13::key_schedule::{hkdf_expand_label, hkdf_expand_label_aead_key}; fn test_short_packet(version: Version, expected: &[u8]) { diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index a3a28110a4..6a2e59e990 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -30,11 +30,8 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&aead::CHACHA20_POLY1305)), - #[cfg(feature = "quic")] confidentiality_limit: u64::MAX, - #[cfg(feature = "quic")] integrity_limit: 1 << 36, - #[cfg(feature = "quic")] quic: &super::quic::KeyBuilder(&aead::CHACHA20_POLY1305, &aead::quic::CHACHA20), }; @@ -47,11 +44,8 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA384, hmac::HMAC_SHA384), aead_alg: &Aes256GcmAead(AeadAlgorithm(&aead::AES_256_GCM)), - #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, - #[cfg(feature = "quic")] integrity_limit: 1 << 52, - #[cfg(feature = "quic")] quic: &super::quic::KeyBuilder(&aead::AES_256_GCM, &aead::quic::AES_256), }); @@ -66,11 +60,8 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Aes128GcmAead(AeadAlgorithm(&aead::AES_128_GCM)), - #[cfg(feature = "quic")] confidentiality_limit: 1 << 23, - #[cfg(feature = "quic")] integrity_limit: 1 << 52, - #[cfg(feature = "quic")] quic: &super::quic::KeyBuilder(&aead::AES_128_GCM, &aead::quic::AES_128), }; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 8acb600fb3..42f21c2adb 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -237,11 +237,6 @@ //! messages do not contain secret key data, and so are safe to archive without //! affecting session security. This feature is in the default set. //! -//! - `quic`: this feature exposes additional constructors and functions -//! for using rustls as a TLS library for QUIC. See the `quic` module for -//! details of these. You will only need this if you're writing a QUIC -//! implementation. -//! //! - `tls12`: enables support for TLS version 1.2. This feature is in the default //! set. Note that, due to the additive nature of Cargo features and because it //! is enabled by default, other crates in your dependency graph could re-enable @@ -544,7 +539,6 @@ pub mod sign { pub use crate::crypto::signer::{CertifiedKey, Signer, SigningKey}; } -#[cfg(feature = "quic")] /// APIs for implementing QUIC TLS pub mod quic; diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 8db153fd0c..d609f164e8 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -220,7 +220,6 @@ impl MessageDeframer { } /// Allow pushing handshake messages directly into the buffer. - #[cfg(feature = "quic")] pub(crate) fn push(&mut self, version: ProtocolVersion, payload: &[u8]) -> Result<(), Error> { if self.used > 0 && self.joining_hs.is_none() { return Err(Error::General( diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 9b82c0eb19..92b02665d9 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -917,7 +917,6 @@ impl ClientHelloPayload { } } - #[cfg(feature = "quic")] pub(crate) fn get_quic_params_extension(&self) -> Option> { let ext = self .find_extension(ExtensionType::TransportParameters) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 928c06850e..2af662f2e7 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -539,7 +539,6 @@ fn client_get_alpn_extension() { }); } -#[cfg(feature = "quic")] #[test] fn client_get_quic_params_extension() { test_client_extension_getter(ExtensionType::TransportParameters, |chp| { diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index 6c37a72127..cc662d649f 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -75,7 +75,6 @@ pub struct Tls13ClientSessionValue { age_add: u32, max_early_data_size: u32, pub(crate) common: ClientSessionCommon, - #[cfg(feature = "quic")] quic_params: PayloadU16, } @@ -101,7 +100,6 @@ impl Tls13ClientSessionValue { lifetime_secs, server_cert_chain, ), - #[cfg(feature = "quic")] quic_params: PayloadU16(Vec::new()), } } @@ -120,12 +118,10 @@ impl Tls13ClientSessionValue { self.common.epoch -= delta as u64; } - #[cfg(feature = "quic")] pub fn set_quic_params(&mut self, quic_params: &[u8]) { self.quic_params = PayloadU16(quic_params.to_vec()); } - #[cfg(feature = "quic")] pub fn quic_params(&self) -> Vec { self.quic_params.0.clone() } diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 859dd4e02e..09c0f8a1a7 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -382,7 +382,6 @@ impl From> for ConnectionCommon { } } -#[cfg(feature = "quic")] #[derive(Default)] pub(crate) struct Quic { /// QUIC transport parameters received from the peer during the handshake diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 92f2ac7746..e20b422a9b 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -103,32 +103,29 @@ impl ExtensionProcessing { } } - #[cfg(feature = "quic")] - { - if cx.common.is_quic() { - // QUIC has strict ALPN, unlike TLS's more backwards-compatible behavior. RFC 9001 - // says: "The server MUST treat the inability to select a compatible application - // protocol as a connection error of type 0x0178". We judge that ALPN was desired - // (rather than some out-of-band protocol negotiation mechanism) iff any ALPN - // protocols were configured locally or offered by the client. This helps prevent - // successful establishment of connections between peers that can't understand - // each other. - if cx.common.alpn_protocol.is_none() - && (!our_protocols.is_empty() || maybe_their_protocols.is_some()) - { - return Err(cx.common.send_fatal_alert( - AlertDescription::NoApplicationProtocol, - Error::NoApplicationProtocol, - )); - } + if cx.common.is_quic() { + // QUIC has strict ALPN, unlike TLS's more backwards-compatible behavior. RFC 9001 + // says: "The server MUST treat the inability to select a compatible application + // protocol as a connection error of type 0x0178". We judge that ALPN was desired + // (rather than some out-of-band protocol negotiation mechanism) iff any ALPN + // protocols were configured locally or offered by the client. This helps prevent + // successful establishment of connections between peers that can't understand + // each other. + if cx.common.alpn_protocol.is_none() + && (!our_protocols.is_empty() || maybe_their_protocols.is_some()) + { + return Err(cx.common.send_fatal_alert( + AlertDescription::NoApplicationProtocol, + Error::NoApplicationProtocol, + )); + } - match hello.get_quic_params_extension() { - Some(params) => cx.common.quic.params = Some(params), - None => { - return Err(cx - .common - .missing_extension(PeerMisbehaved::MissingQuicTransportParameters)); - } + match hello.get_quic_params_extension() { + Some(params) => cx.common.quic.params = Some(params), + None => { + return Err(cx + .common + .missing_extension(PeerMisbehaved::MissingQuicTransportParameters)); } } } diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index d330a062a2..dd1be32c88 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1,7 +1,5 @@ use crate::check::inappropriate_handshake_message; -#[cfg(feature = "quic")] use crate::check::inappropriate_message; -#[cfg(feature = "quic")] use crate::common_state::Protocol; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; @@ -601,8 +599,6 @@ mod client_hello { common.send_msg(m, false); } - #[allow(unknown_lints)] // The lint allowed below is nightly only for now - #[cfg_attr(not(feature = "quic"), allow(clippy::needless_pass_by_ref_mut))] fn decide_if_early_data_allowed( cx: &mut ServerContext<'_>, client_hello: &ClientHelloPayload, @@ -653,7 +649,6 @@ mod client_hello { if early_data_configured && early_data_possible && !cx.data.early_data.was_rejected() { EarlyDataDecision::Accepted } else { - #[cfg(feature = "quic")] if cx.common.is_quic() { // Clobber value set in tls13::emit_server_hello cx.common.quic.early_secret = None; @@ -1190,20 +1185,17 @@ impl State for ExpectFinished { // Application data may now flow, even if we have client auth enabled. cx.common.start_traffic(); - #[cfg(feature = "quic")] - { - if cx.common.protocol == Protocol::Quic { - return Ok(Box::new(ExpectQuicTraffic { - key_schedule: key_schedule_traffic, - _fin_verified: fin, - })); - } + if cx.common.protocol == Protocol::Quic { + Ok(Box::new(ExpectQuicTraffic { + key_schedule: key_schedule_traffic, + _fin_verified: fin, + })) + } else { + Ok(Box::new(ExpectTraffic { + key_schedule: key_schedule_traffic, + _fin_verified: fin, + })) } - - Ok(Box::new(ExpectTraffic { - key_schedule: key_schedule_traffic, - _fin_verified: fin, - })) } } @@ -1219,14 +1211,11 @@ impl ExpectTraffic { common: &mut CommonState, key_update_request: &KeyUpdateRequest, ) -> Result<(), Error> { - #[cfg(feature = "quic")] - { - if let Protocol::Quic = common.protocol { - return Err(common.send_fatal_alert( - AlertDescription::UnexpectedMessage, - PeerMisbehaved::KeyUpdateReceivedInQuicConnection, - )); - } + if let Protocol::Quic = common.protocol { + return Err(common.send_fatal_alert( + AlertDescription::UnexpectedMessage, + PeerMisbehaved::KeyUpdateReceivedInQuicConnection, + )); } common.check_aligned_handshake()?; @@ -1285,13 +1274,11 @@ impl State for ExpectTraffic { } } -#[cfg(feature = "quic")] struct ExpectQuicTraffic { key_schedule: KeyScheduleTraffic, _fin_verified: verify::FinishedMessageVerified, } -#[cfg(feature = "quic")] impl State for ExpectQuicTraffic { fn handle(self: Box, _cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { // reject all messages diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 894f06e13c..c69f34ca0b 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -58,7 +58,6 @@ impl SupportedCipherSuite { } } - #[cfg(any(test, feature = "quic"))] /// Return the inner `Tls13CipherSuite` for this suite, if it is a TLS1.3 suite. pub fn tls13(&self) -> Option<&'static Tls13CipherSuite> { match self { diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 3486f27425..c1001fbcf6 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -3,7 +3,6 @@ use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter}; use crate::crypto::tls13::{expand, Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::crypto::{hash, hmac, ActiveKeyExchange}; use crate::error::Error; -#[cfg(feature = "quic")] use crate::quic; use crate::suites::PartiallyExtractedSecrets; use crate::{KeyLog, Tls13CipherSuite}; @@ -108,7 +107,6 @@ impl KeyScheduleEarly { .set_decrypter(&client_early_traffic_secret, common), } - #[cfg(feature = "quic")] if common.is_quic() { // If 0-RTT should be rejected, this will be clobbered by ExtensionProcessing // before the application can see. @@ -216,7 +214,7 @@ impl KeyScheduleHandshakeStart { hs_hash: hash::Output, key_log: &dyn KeyLog, client_random: &[u8; 32], - _common: &mut CommonState, + common: &mut CommonState, ) -> KeyScheduleHandshake { // Use an empty handshake hash for the initial handshake. let client_secret = self.ks.derive_logged_secret( @@ -233,14 +231,13 @@ impl KeyScheduleHandshakeStart { client_random, ); - #[cfg(feature = "quic")] - if _common.is_quic() { - _common.quic.hs_secrets = Some(quic::Secrets::new( + if common.is_quic() { + common.quic.hs_secrets = Some(quic::Secrets::new( client_secret.clone(), server_secret.clone(), self.ks.suite, - _common.side, - _common.quic.version, + common.side, + common.quic.version, )); } @@ -308,7 +305,6 @@ impl KeyScheduleHandshake { .ks .set_encrypter(server_secret, common); - #[cfg(feature = "quic")] if common.is_quic() { common.quic.traffic_secrets = Some(quic::Secrets::new( _client_secret.clone(), @@ -363,7 +359,6 @@ impl KeyScheduleClientBeforeFinished { .ks .set_encrypter(client_secret, common); - #[cfg(feature = "quic")] if common.is_quic() { common.quic.traffic_secrets = Some(quic::Secrets::new( client_secret.clone(), diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index f904425f4b..817685d3b2 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -22,11 +22,8 @@ pub struct Tls13CipherSuite { /// [MessageEncrypter]: crate::crypto::cipher::MessageEncrypter pub aead_alg: &'static dyn crypto::cipher::Tls13AeadAlgorithm, - #[cfg(feature = "quic")] pub(crate) confidentiality_limit: u64, - #[cfg(feature = "quic")] pub(crate) integrity_limit: u64, - #[cfg(feature = "quic")] pub(crate) quic: &'static dyn crate::quic::Algorithm, } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index f3ca49cd3f..2b2d1faa2d 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3721,7 +3721,6 @@ fn early_data_can_be_rejected_by_server() { assert!(!client.is_early_data_accepted()); } -#[cfg(feature = "quic")] mod test_quic { use super::*; use rustls::quic::{self, ConnectionCommon}; diff --git a/rustls/tests/bogo.rs b/rustls/tests/bogo.rs index e6bfcd8105..258d1be0da 100644 --- a/rustls/tests/bogo.rs +++ b/rustls/tests/bogo.rs @@ -3,7 +3,7 @@ // and run. #[test] -#[cfg(all(coverage, feature = "quic"))] +#[cfg(coverage)] fn run_bogo_tests() { use std::process::Command; From cfec92ce7048739d69fb00449bcd00bb266f7ef6 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 16 Nov 2023 14:30:20 +0000 Subject: [PATCH 0393/1145] Make Tls13CipherSuite::quic optional and public The goal is to make it possible for provider-example to exist without implementing (eg) QUIC header protection. This introduces some knock-on requirements for other types/functions to be the public, so `quic::Algorithm` can be implemented outside the crate. --- provider-example/src/lib.rs | 1 + rustls/src/crypto/ring/quic.rs | 7 +++++ rustls/src/crypto/ring/tls13.rs | 15 ++++++++-- rustls/src/quic.rs | 49 +++++++++++++++++++++----------- rustls/src/tls13/key_schedule.rs | 3 ++ rustls/src/tls13/mod.rs | 8 +++++- rustls/tests/api.rs | 10 +++++++ 7 files changed, 73 insertions(+), 20 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index a58c14a3d2..3aee5ddb84 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -60,6 +60,7 @@ pub static TLS13_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = }, hkdf_provider: &rustls::crypto::tls13::HkdfUsingHmac(&hmac::Sha256Hmac), aead_alg: &aead::Chacha20Poly1305, + quic: None, }); pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 884d5b8186..913dbb73b3 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -235,6 +235,7 @@ mod tests { .expander_for_okm(&OkmBlock::new(SECRET)); let key_len = TLS13_CHACHA20_POLY1305_SHA256_INTERNAL .quic + .unwrap() .aead_key_len(); let header_key = hkdf_expand_label_aead_key(expander.as_ref(), key_len, version.header_key_label(), &[]); @@ -316,6 +317,9 @@ mod tests { ][..], ), TLS13_AES_128_GCM_SHA256_INTERNAL, + TLS13_AES_128_GCM_SHA256_INTERNAL + .quic + .unwrap(), Side::Client, Version::V1, ); @@ -362,6 +366,9 @@ mod tests { let server = Keys::initial( Version::V2, TLS13_AES_128_GCM_SHA256_INTERNAL, + TLS13_AES_128_GCM_SHA256_INTERNAL + .quic + .unwrap(), &icid, Side::Server, ); diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 6a2e59e990..75bb81cfc8 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -32,7 +32,10 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&aead::CHACHA20_POLY1305)), confidentiality_limit: u64::MAX, integrity_limit: 1 << 36, - quic: &super::quic::KeyBuilder(&aead::CHACHA20_POLY1305, &aead::quic::CHACHA20), + quic: Some(&super::quic::KeyBuilder( + &aead::CHACHA20_POLY1305, + &aead::quic::CHACHA20, + )), }; /// The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384 @@ -46,7 +49,10 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = aead_alg: &Aes256GcmAead(AeadAlgorithm(&aead::AES_256_GCM)), confidentiality_limit: 1 << 23, integrity_limit: 1 << 52, - quic: &super::quic::KeyBuilder(&aead::AES_256_GCM, &aead::quic::AES_256), + quic: Some(&super::quic::KeyBuilder( + &aead::AES_256_GCM, + &aead::quic::AES_256, + )), }); /// The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256 @@ -62,7 +68,10 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C aead_alg: &Aes128GcmAead(AeadAlgorithm(&aead::AES_128_GCM)), confidentiality_limit: 1 << 23, integrity_limit: 1 << 52, - quic: &super::quic::KeyBuilder(&aead::AES_128_GCM, &aead::quic::AES_128), + quic: Some(&super::quic::KeyBuilder( + &aead::AES_128_GCM, + &aead::quic::AES_128, + )), }; struct Chacha20Poly1305Aead(AeadAlgorithm); diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 09c0f8a1a7..f6ac1746c9 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -319,11 +319,14 @@ impl ConnectionCommon { /// Compute the keys for encrypting/decrypting 0-RTT packets, if available pub fn zero_rtt_keys(&self) -> Option { + let suite = self + .core + .common_state + .suite + .and_then(|suite| suite.tls13())?; Some(DirectionalKeys::new( - self.core - .common_state - .suite - .and_then(|suite| suite.tls13())?, + suite, + suite.quic?, self.core .common_state .quic @@ -439,6 +442,7 @@ pub struct Secrets { pub(crate) server: OkmBlock, /// Cipher suite used with these secrets suite: &'static Tls13CipherSuite, + quic: &'static dyn Algorithm, side: Side, version: Version, } @@ -448,6 +452,7 @@ impl Secrets { client: OkmBlock, server: OkmBlock, suite: &'static Tls13CipherSuite, + quic: &'static dyn Algorithm, side: Side, version: Version, ) -> Self { @@ -455,6 +460,7 @@ impl Secrets { client, server, suite, + quic, side, version, } @@ -505,6 +511,7 @@ pub struct DirectionalKeys { impl DirectionalKeys { pub(crate) fn new( suite: &'static Tls13CipherSuite, + quic: &'static dyn Algorithm, secret: &OkmBlock, version: Version, ) -> Self { @@ -512,7 +519,7 @@ impl DirectionalKeys { .hkdf_provider .expander_for_okm(secret); - let aead_key_len = suite.quic.aead_key_len(); + let aead_key_len = quic.aead_key_len(); let packet_key = hkdf_expand_label_aead_key( expander.as_ref(), @@ -530,12 +537,8 @@ impl DirectionalKeys { ); Self { - header: suite - .quic - .header_protection_key(header_key), - packet: suite - .quic - .packet_key(suite, packet_key, packet_iv), + header: quic.header_protection_key(header_key), + packet: quic.packet_key(suite, packet_key, packet_iv), } } } @@ -561,7 +564,11 @@ impl AsRef<[u8]> for Tag { } /// How a `Tls13CipherSuite` generates `PacketKey`s and `HeaderProtectionKey`s. -pub(crate) trait Algorithm: Send + Sync { +pub trait Algorithm: Send + Sync { + /// Produce a `PacketKey` encrypter/decrypter for this suite. + /// + /// `suite` is the entire suite this `Algorithm` appeared in. + /// `key` and `iv` is the key material to use. fn packet_key( &self, suite: &'static Tls13CipherSuite, @@ -569,8 +576,14 @@ pub(crate) trait Algorithm: Send + Sync { iv: Iv, ) -> Box; + /// Produce a `HeaderProtectionKey` encrypter/decrypter for this suite. + /// + /// `key` is the key material, which is `aead_key_len()` bytes in length. fn header_protection_key(&self, key: AeadKey) -> Box; + /// The length in bytes of keys for this Algorithm. + /// + /// This controls the size of `AeadKey`s presented to `packet_key()` and `header_protection_key()`. fn aead_key_len(&self) -> usize; } @@ -701,7 +714,7 @@ impl PacketKeySet { .expander_for_okm(remote); fn make_packet_key(expander: &dyn HkdfExpander, secrets: &Secrets) -> Box { - let aead_key_len = secrets.suite.quic.aead_key_len(); + let aead_key_len = secrets.quic.aead_key_len(); let packet_key = hkdf_expand_label_aead_key( expander, aead_key_len, @@ -710,7 +723,6 @@ impl PacketKeySet { ); let packet_iv = hkdf_expand_label(expander, secrets.version.packet_iv_label(), &[]); secrets - .suite .quic .packet_key(secrets.suite, packet_key, packet_iv) } @@ -735,6 +747,7 @@ impl Keys { pub fn initial( version: Version, suite: &'static Tls13CipherSuite, + quic: &'static dyn Algorithm, client_dst_connection_id: &[u8], side: Side, ) -> Self { @@ -750,6 +763,7 @@ impl Keys { client: hkdf_expand_label_block(hs_secret.as_ref(), CLIENT_LABEL, &[]), server: hkdf_expand_label_block(hs_secret.as_ref(), SERVER_LABEL, &[]), suite, + quic, side, }; Self::new(&secrets) @@ -758,8 +772,8 @@ impl Keys { fn new(secrets: &Secrets) -> Self { let (local, remote) = secrets.local_remote(); Self { - local: DirectionalKeys::new(secrets.suite, local, secrets.version), - remote: DirectionalKeys::new(secrets.suite, remote, secrets.version), + local: DirectionalKeys::new(secrets.suite, secrets.quic, local, secrets.version), + remote: DirectionalKeys::new(secrets.suite, secrets.quic, remote, secrets.version), } } } @@ -828,6 +842,7 @@ impl Version { } } + /// Key derivation label for packet keys. pub(crate) fn packet_key_label(&self) -> &'static [u8] { match self { Self::V1Draft | Self::V1 => b"quic key", @@ -835,6 +850,7 @@ impl Version { } } + /// Key derivation label for packet "IV"s. pub(crate) fn packet_iv_label(&self) -> &'static [u8] { match self { Self::V1Draft | Self::V1 => b"quic iv", @@ -842,6 +858,7 @@ impl Version { } } + /// Key derivation for header keys. pub(crate) fn header_key_label(&self) -> &'static [u8] { match self { Self::V1Draft | Self::V1 => b"quic hp", diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index c1001fbcf6..3deb72f6d4 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -236,6 +236,7 @@ impl KeyScheduleHandshakeStart { client_secret.clone(), server_secret.clone(), self.ks.suite, + self.ks.suite.quic.unwrap(), common.side, common.quic.version, )); @@ -310,6 +311,7 @@ impl KeyScheduleHandshake { _client_secret.clone(), server_secret.clone(), traffic.ks.suite, + traffic.ks.suite.quic.unwrap(), common.side, common.quic.version, )); @@ -364,6 +366,7 @@ impl KeyScheduleClientBeforeFinished { client_secret.clone(), server_secret.clone(), self.traffic.ks.suite, + self.traffic.ks.suite.quic.unwrap(), common.side, common.quic.version, )); diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 817685d3b2..dd4e238ded 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -24,7 +24,13 @@ pub struct Tls13CipherSuite { pub(crate) confidentiality_limit: u64, pub(crate) integrity_limit: u64, - pub(crate) quic: &'static dyn crate::quic::Algorithm, + + /// How to create QUIC header and record protection algorithms + /// for this suite. + /// + /// Provide `None` to opt out of QUIC support for this suite. It will + /// not be offered in QUIC handshakes. + pub quic: Option<&'static dyn crate::quic::Algorithm>, } impl Tls13CipherSuite { diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 2b2d1faa2d..2f3f99954f 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4229,6 +4229,11 @@ mod test_quic { TLS13_AES_128_GCM_SHA256 .tls13() .unwrap(), + TLS13_AES_128_GCM_SHA256 + .tls13() + .unwrap() + .quic + .unwrap(), CONNECTION_ID, Side::Client, ); @@ -4372,6 +4377,11 @@ mod test_quic { TLS13_AES_128_GCM_SHA256 .tls13() .unwrap(), + TLS13_AES_128_GCM_SHA256 + .tls13() + .unwrap() + .quic + .unwrap(), CONNECTION_ID, Side::Server, ); From fdd1f8dd4f3434eba10a41f6cb404b723081c605 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 3 Oct 2023 15:43:07 +0100 Subject: [PATCH 0394/1145] Move key usage limits up into `CipherSuiteCommon` --- provider-example/src/lib.rs | 4 ++++ rustls/src/crypto/ring/quic.rs | 4 ++-- rustls/src/crypto/ring/tls12.rs | 12 ++++++++++++ rustls/src/crypto/ring/tls13.rs | 12 ++++++------ rustls/src/suites.rs | 17 +++++++++++++++++ rustls/src/tls13/mod.rs | 3 --- 6 files changed, 41 insertions(+), 11 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 3aee5ddb84..820f22952c 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -57,6 +57,8 @@ pub static TLS13_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = common: rustls::CipherSuiteCommon { suite: rustls::CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, hash_provider: &hash::Sha256, + confidentiality_limit: u64::MAX, + integrity_limit: 1 << 36, }, hkdf_provider: &rustls::crypto::tls13::HkdfUsingHmac(&hmac::Sha256Hmac), aead_alg: &aead::Chacha20Poly1305, @@ -68,6 +70,8 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherS common: rustls::CipherSuiteCommon { suite: rustls::CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, hash_provider: &hash::Sha256, + confidentiality_limit: u64::MAX, + integrity_limit: 1 << 36, }, kx: rustls::crypto::KeyExchangeAlgorithm::ECDHE, sign: &[ diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 913dbb73b3..6e5dd48215 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -167,7 +167,7 @@ impl quic::PacketKey for PacketKey { /// See . #[inline] fn confidentiality_limit(&self) -> u64 { - self.suite.confidentiality_limit + self.suite.common.confidentiality_limit } /// Number of times the packet key can be used without sacrificing integrity @@ -175,7 +175,7 @@ impl quic::PacketKey for PacketKey { /// See . #[inline] fn integrity_limit(&self) -> u64 { - self.suite.integrity_limit + self.suite.common.integrity_limit } /// Tag length for the underlying AEAD algorithm diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index decce960de..824bc4e39d 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -24,6 +24,8 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, + confidentiality_limit: u64::MAX, + integrity_limit: 1 << 36, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, @@ -37,6 +39,8 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, + confidentiality_limit: u64::MAX, + integrity_limit: 1 << 36, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -50,6 +54,8 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -63,6 +69,8 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -76,6 +84,8 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, @@ -89,6 +99,8 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 75bb81cfc8..8deec44a14 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -27,11 +27,11 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & common: CipherSuiteCommon { suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, + confidentiality_limit: u64::MAX, + integrity_limit: 1 << 36, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&aead::CHACHA20_POLY1305)), - confidentiality_limit: u64::MAX, - integrity_limit: 1 << 36, quic: Some(&super::quic::KeyBuilder( &aead::CHACHA20_POLY1305, &aead::quic::CHACHA20, @@ -44,11 +44,11 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA384, hmac::HMAC_SHA384), aead_alg: &Aes256GcmAead(AeadAlgorithm(&aead::AES_256_GCM)), - confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, quic: Some(&super::quic::KeyBuilder( &aead::AES_256_GCM, &aead::quic::AES_256, @@ -63,11 +63,11 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Aes128GcmAead(AeadAlgorithm(&aead::AES_128_GCM)), - confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, quic: Some(&super::quic::KeyBuilder( &aead::AES_128_GCM, &aead::quic::AES_128, diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index c69f34ca0b..4f73efbb6f 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -18,6 +18,23 @@ pub struct CipherSuiteCommon { /// Which hash function the suite uses. pub hash_provider: &'static dyn crypto::hash::Hash, + + /// The number of messages that can be encrypted by a single + /// instance of `MessageEncrypter` produced for this suite before + /// an attacker gains an advantage in distinguishing it from an ideal + /// pseudorandom permutation (PRP). + /// + /// This is to be set on the assumption that messages are maximally sized -- + /// at least 2 ** 14 bytes for TCP-TLS and 2 ** 16 for QUIC. + pub confidentiality_limit: u64, + + /// The number of messages an attacker can be allowed to unsuccessfully + /// decrypt before the attacker gains an advantage in forging messages. + /// + /// This is not relevant for TLS over TCP (which is implemented in this crate) + /// because a single failed decryption is fatal to the connection. However, + /// this quantity is used by QUIC. + pub integrity_limit: u64, } /// A cipher suite supported by rustls. diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index dd4e238ded..0cbeecb2ec 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -22,9 +22,6 @@ pub struct Tls13CipherSuite { /// [MessageEncrypter]: crate::crypto::cipher::MessageEncrypter pub aead_alg: &'static dyn crypto::cipher::Tls13AeadAlgorithm, - pub(crate) confidentiality_limit: u64, - pub(crate) integrity_limit: u64, - /// How to create QUIC header and record protection algorithms /// for this suite. /// From c26548337e2aee19edc5a12c69487c73da6852b6 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 16 Nov 2023 12:29:09 +0000 Subject: [PATCH 0395/1145] Filter cipher suite offer and acceptance for QUIC In QUIC connections, we shouldn't offer or accept cipher suites that have `Tls13CipherSuite::quic` as `None`. So introduce `usable_for_protocol` on `SupportedCipherSuite`, and use it to extend `reduce_given_version` into `reduce_given_version_and_protocol`. --- rustls/src/client/hs.rs | 1 + rustls/src/server/hs.rs | 6 +++++- rustls/src/suites.rs | 20 ++++++++++++++++++-- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index ca32c492bf..63b9bdb668 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -278,6 +278,7 @@ fn emit_client_hello_for_retry( let mut cipher_suites: Vec<_> = config .cipher_suites .iter() + .filter(|cs| cs.usable_for_protocol(cx.common.protocol)) .map(|cs| cs.suite()) .collect(); // We don't do renegotiation at all, in fact. diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index e20b422a9b..339c146721 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -338,7 +338,11 @@ impl ExpectClientHello { suites::reduce_given_sigalg(&self.config.cipher_suites, certkey.get_key().algorithm()); // And version - let suitable_suites = suites::reduce_given_version(&suitable_suites, version); + let suitable_suites = suites::reduce_given_version_and_protocol( + &suitable_suites, + version, + cx.common.protocol, + ); let suite = if self.config.ignore_client_order { suites::choose_ciphersuite_preferring_server( diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 4f73efbb6f..3117420ca2 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -1,3 +1,4 @@ +use crate::common_state::Protocol; use crate::crypto; use crate::crypto::cipher::{AeadKey, Iv}; use crate::enums::{CipherSuite, ProtocolVersion, SignatureAlgorithm, SignatureScheme}; @@ -105,6 +106,20 @@ impl SupportedCipherSuite { .any(|scheme| scheme.sign() == _sig_alg), } } + + /// Return true if this suite is usable for the given [`Protocol`]. + /// + /// All cipher suites are usable for TCP-TLS. Only TLS1.3 suites + /// with `Tls13CipherSuite::quic` provided are usable for QUIC. + pub(crate) fn usable_for_protocol(&self, proto: Protocol) -> bool { + match proto { + Protocol::Tcp => true, + Protocol::Quic => self + .tls13() + .and_then(|cs| cs.quic) + .is_some(), + } + } } // These both O(N^2)! @@ -152,12 +167,13 @@ pub(crate) fn reduce_given_sigalg( /// Return a list of the ciphersuites in `all` with the suites /// incompatible with the chosen `version` removed. -pub(crate) fn reduce_given_version( +pub(crate) fn reduce_given_version_and_protocol( all: &[SupportedCipherSuite], version: ProtocolVersion, + proto: Protocol, ) -> Vec { all.iter() - .filter(|&&suite| suite.version().version == version) + .filter(|&&suite| suite.version().version == version && suite.usable_for_protocol(proto)) .copied() .collect() } From cd81f32592063b33bbb0fc38b7001bf7ecb979d8 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 16 Nov 2023 15:15:01 +0000 Subject: [PATCH 0396/1145] quic: give helpful error if used with unsuitable suite Now Tls13CipherSuite can omit QUIC support, detect and error on the case that all the configured suites are TLS1.3-capable but QUIC-incapable. --- rustls/src/client/client_conn.rs | 6 ++++++ rustls/src/quic.rs | 12 ++++++++++++ rustls/src/server/server_conn.rs | 8 +++++++- 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index b2e09ef783..d37eaa9ba3 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -269,6 +269,12 @@ impl ClientConfig { .any(|cs| cs.version().version == v) } + pub(crate) fn supports_protocol(&self, proto: Protocol) -> bool { + self.cipher_suites + .iter() + .any(|cs| cs.usable_for_protocol(proto)) + } + /// Access configuration options whose use is dangerous and requires /// extra care. pub fn dangerous(&mut self) -> danger::DangerousClientConfig<'_> { diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index f6ac1746c9..d8010dbcc8 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -153,6 +153,12 @@ impl ClientConnection { )); } + if !config.supports_protocol(Protocol::Quic) { + return Err(Error::General( + "At least one ciphersuite must support QUIC".into(), + )); + } + let ext = match quic_version { Version::V1Draft => ClientExtension::TransportParametersDraft(params), Version::V1 | Version::V2 => ClientExtension::TransportParameters(params), @@ -222,6 +228,12 @@ impl ServerConnection { )); } + if !config.supports_protocol(Protocol::Quic) { + return Err(Error::General( + "At least one ciphersuite must support QUIC".into(), + )); + } + if config.max_early_data_size != 0 && config.max_early_data_size != 0xffff_ffff { return Err(Error::General( "QUIC sessions must set a max early data of 0 or 2^32-1".into(), diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 4fc5efcb74..87a2349d20 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,5 +1,5 @@ use crate::builder::{ConfigBuilder, WantsCipherSuites}; -use crate::common_state::{CommonState, Context, Side, State}; +use crate::common_state::{CommonState, Context, Protocol, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore}; use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::dns_name::DnsName; @@ -374,6 +374,12 @@ impl ServerConfig { .iter() .any(|cs| cs.version().version == v) } + + pub(crate) fn supports_protocol(&self, proto: Protocol) -> bool { + self.cipher_suites + .iter() + .any(|cs| cs.usable_for_protocol(proto)) + } } /// Allows reading of early data in resumed TLS1.3 connections. From a3bf6ba24a37f2bb771e006f5336d66ab775b021 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 16 Nov 2023 09:40:01 +0000 Subject: [PATCH 0397/1145] bogo_shim.rs: fully support aws-lc-rs provider This was only partially ported, but built due to feature unification from other crates in the workspace. Unconditionally use a provider, and wrap certificate signature operations rather than using (ring-only) `default_verify_tls12_signature` et al. --- rustls/examples/internal/bogo_shim_impl.rs | 87 +++++++++++++++------- 1 file changed, 62 insertions(+), 25 deletions(-) diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 49a0b74362..e63380f40f 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -3,23 +3,25 @@ // // https://boringssl.googlesource.com/boringssl/+/master/ssl/test // -use rustls::client::danger::HandshakeSignatureValid; + +use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier}; use rustls::crypto::SupportedKxGroup; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist::ServerSessionValue; -use rustls::server::{ClientHello, ServerConfig, ServerConnection}; +use rustls::server::danger::{ClientCertVerified, ClientCertVerifier}; +use rustls::server::{ClientHello, ServerConfig, ServerConnection, WebPkiClientVerifier}; use rustls::{ self, client, server, sign, version, AlertDescription, CertificateError, Connection, DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, PeerIncompatible, - PeerMisbehaved, ProtocolVersion, ServerName, Side, SignatureAlgorithm, SignatureScheme, - SupportedProtocolVersion, + PeerMisbehaved, ProtocolVersion, RootCertStore, ServerName, Side, SignatureAlgorithm, + SignatureScheme, SupportedProtocolVersion, }; #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] -use rustls::crypto::aws_lc_rs as provider; +use rustls::crypto::{aws_lc_rs as provider, aws_lc_rs::AWS_LC_RS as PROVIDER}; #[cfg(feature = "ring")] -use rustls::crypto::ring as provider; +use rustls::crypto::{ring as provider, ring::RING as PROVIDER}; use base64::prelude::{Engine, BASE64_STANDARD}; use pki_types::{CertificateDer, PrivateKeyDer, UnixTime}; @@ -177,6 +179,15 @@ fn load_key(filename: &str) -> PrivateKeyDer<'static> { keys.pop().unwrap().into() } +fn load_root_certs() -> Arc { + let mut roots = RootCertStore::empty(); + + // this is not actually used by the tests, but must be non-empty + roots.add_parsable_certificates(load_cert("cert.pem")); + + Arc::new(roots) +} + fn split_protocols(protos: &str) -> Vec { let mut ret = Vec::new(); @@ -194,9 +205,21 @@ fn split_protocols(protos: &str) -> Vec { #[derive(Debug)] struct DummyClientAuth { mandatory: bool, + parent: Arc, } -impl server::danger::ClientCertVerifier for DummyClientAuth { +impl DummyClientAuth { + fn new(mandatory: bool) -> Self { + Self { + mandatory, + parent: WebPkiClientVerifier::builder_with_provider(load_root_certs(), PROVIDER) + .build() + .unwrap(), + } + } +} + +impl ClientCertVerifier for DummyClientAuth { fn offer_client_auth(&self) -> bool { true } @@ -214,8 +237,8 @@ impl server::danger::ClientCertVerifier for DummyClientAuth { _end_entity: &CertificateDer<'_>, _intermediates: &[CertificateDer<'_>], _now: UnixTime, - ) -> Result { - Ok(server::danger::ClientCertVerified::assertion()) + ) -> Result { + Ok(ClientCertVerified::assertion()) } fn verify_tls12_signature( @@ -224,7 +247,8 @@ impl server::danger::ClientCertVerifier for DummyClientAuth { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + self.parent + .verify_tls12_signature(message, cert, dss) } fn verify_tls13_signature( @@ -233,18 +257,31 @@ impl server::danger::ClientCertVerifier for DummyClientAuth { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + self.parent + .verify_tls13_signature(message, cert, dss) } fn supported_verify_schemes(&self) -> Vec { - WebPkiServerVerifier::default_supported_verify_schemes() + self.parent.supported_verify_schemes() } } #[derive(Debug)] -struct DummyServerAuth {} +struct DummyServerAuth { + parent: Arc, +} + +impl DummyServerAuth { + fn new() -> Self { + DummyServerAuth { + parent: WebPkiServerVerifier::builder_with_provider(load_root_certs(), PROVIDER) + .build() + .unwrap(), + } + } +} -impl client::danger::ServerCertVerifier for DummyServerAuth { +impl ServerCertVerifier for DummyServerAuth { fn verify_server_cert( &self, _end_entity: &CertificateDer<'_>, @@ -252,8 +289,8 @@ impl client::danger::ServerCertVerifier for DummyServerAuth { _hostname: &ServerName, _ocsp: &[u8], _now: UnixTime, - ) -> Result { - Ok(client::danger::ServerCertVerified::assertion()) + ) -> Result { + Ok(ServerCertVerified::assertion()) } fn verify_tls12_signature( @@ -262,7 +299,8 @@ impl client::danger::ServerCertVerifier for DummyServerAuth { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + self.parent + .verify_tls12_signature(message, cert, dss) } fn verify_tls13_signature( @@ -271,11 +309,12 @@ impl client::danger::ServerCertVerifier for DummyServerAuth { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + self.parent + .verify_tls13_signature(message, cert, dss) } fn supported_verify_schemes(&self) -> Vec { - WebPkiServerVerifier::default_supported_verify_schemes() + self.parent.supported_verify_schemes() } } @@ -439,9 +478,7 @@ impl server::StoresServerSessions for ServerCacheWithResumptionDelay { fn make_server_cfg(opts: &Options) -> Arc { let client_auth = if opts.verify_peer || opts.offer_no_client_cas || opts.require_any_client_cert { - Arc::new(DummyClientAuth { - mandatory: opts.require_any_client_cert, - }) + Arc::new(DummyClientAuth::new(opts.require_any_client_cert)) } else { server::WebPkiClientVerifier::no_client_auth() }; @@ -458,7 +495,7 @@ fn make_server_cfg(opts: &Options) -> Arc { provider::ALL_KX_GROUPS.to_vec() }; - let mut cfg = ServerConfig::builder() + let mut cfg = ServerConfig::builder_with_provider(PROVIDER) .with_safe_default_cipher_suites() .with_kx_groups(&kx_groups) .with_protocol_versions(&opts.supported_versions()) @@ -583,13 +620,13 @@ fn make_client_cfg(opts: &Options) -> Arc { provider::ALL_KX_GROUPS.to_vec() }; - let cfg = ClientConfig::builder() + let cfg = ClientConfig::builder_with_provider(PROVIDER) .with_safe_default_cipher_suites() .with_kx_groups(&kx_groups) .with_protocol_versions(&opts.supported_versions()) .expect("inconsistent settings") .dangerous() - .with_custom_certificate_verifier(Arc::new(DummyServerAuth {})); + .with_custom_certificate_verifier(Arc::new(DummyServerAuth::new())); let mut cfg = if !opts.cert_file.is_empty() && !opts.key_file.is_empty() { let cert = load_cert(&opts.cert_file); From 84a599ff7652cf93f7ed1ba066c7a771742109b6 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 20 Nov 2023 09:17:45 +0100 Subject: [PATCH 0398/1145] Update semver-compatible dependencies --- Cargo.lock | 81 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 47 insertions(+), 34 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e90eb5177e..3beb505cc9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -134,9 +134,9 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "aws-lc-rs" -version = "1.4.0" +version = "1.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fb76b0a64f839f9e2be9871ea670a197a3e1d4b9634d741ec1456102a4fbaba" +checksum = "96971b015c9d66a3558687fe18505d0f5c17faf67d4aa08c5ab5542d6ebb09c6" dependencies = [ "aws-lc-sys", "mirai-annotations", @@ -146,13 +146,14 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.11.0" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de27c152edd365909b8fe952bce7617c910bd413b5b4bb9b0238d37e412f7e2a" +checksum = "fa851b9955e1c4ab862c022a23b87b90237fd69ee715b91f9c13a20306d781e4" dependencies = [ "bindgen", "cmake", "dunce", + "fs_extra", "libc", "paste", ] @@ -433,9 +434,9 @@ dependencies = [ [[package]] name = "crypto-bigint" -version = "0.5.4" +version = "0.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28f85c3514d2a6e64160359b45a3918c3b4178bcbf4ae5d03ab2d02e521c479a" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" dependencies = [ "generic-array", "rand_core", @@ -570,9 +571,9 @@ checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" [[package]] name = "ecdsa" -version = "0.16.8" +version = "0.16.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4b1e0c257a9e9f25f90ff76d7a68360ed497ee519c8e428d1825ef0000799d4" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" dependencies = [ "der", "digest 0.10.7", @@ -590,9 +591,9 @@ checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" [[package]] name = "elliptic-curve" -version = "0.13.6" +version = "0.13.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d97ca172ae9dc9f9b779a6e3a65d308f2af74e5b8c921299075bdb4a0370e914" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" dependencies = [ "base16ct", "crypto-bigint", @@ -634,11 +635,17 @@ dependencies = [ "termcolor", ] +[[package]] +name = "equivalent" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" + [[package]] name = "errno" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c18ee0ed65a5f1f81cac6b1d213b69c35fa47d4252ad41f1486dbd8226fe36e" +checksum = "f258a7194e7f7c2a7837a8913aeab7fd8c383457034fa20ce4dd3dcb813e8eb8" dependencies = [ "libc", "windows-sys", @@ -656,9 +663,9 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53a56f0780318174bad1c127063fd0c5fdfb35398e3cd79ffaab931a6c79df80" +checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7" [[package]] name = "fnv" @@ -675,6 +682,12 @@ dependencies = [ "percent-encoding", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + [[package]] name = "futures-channel" version = "0.3.29" @@ -789,9 +802,9 @@ dependencies = [ [[package]] name = "h2" -version = "0.3.21" +version = "0.3.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91fc23aa11be92976ef4729127f1a74adf36d8436f7816b185d18df956790833" +checksum = "4d6250322ef6e60f93f9a2162799302cd6f68f79f6e5d85c8c16f14d1d958178" dependencies = [ "bytes", "fnv", @@ -808,9 +821,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.12.3" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" +checksum = "f93e7192158dbcda357bdec5fb5788eebf8bbac027f3f33e719d29135ae84156" [[package]] name = "heck" @@ -850,7 +863,7 @@ dependencies = [ "ipnet", "once_cell", "rand", - "rustls 0.21.8", + "rustls 0.21.9", "rustls-pemfile 1.0.4", "thiserror", "tinyvec", @@ -876,7 +889,7 @@ dependencies = [ "parking_lot", "rand", "resolv-conf", - "rustls 0.21.8", + "rustls 0.21.9", "smallvec", "thiserror", "tokio", @@ -995,11 +1008,11 @@ dependencies = [ [[package]] name = "indexmap" -version = "1.9.3" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" +checksum = "d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f" dependencies = [ - "autocfg", + "equivalent", "hashbrown", ] @@ -1452,9 +1465,9 @@ dependencies = [ [[package]] name = "primeorder" -version = "0.13.3" +version = "0.13.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7dbe9ed3b56368bd99483eb32fe9c17fdd3730aebadc906918ce78d54c7eeb4" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" dependencies = [ "elliptic-curve", ] @@ -1676,9 +1689,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.23" +version = "0.38.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffb93593068e9babdad10e4fce47dc9b3ac25315a72a59766ffd9e9a71996a04" +checksum = "dc99bc2d4f1fed22595588a013687477aedf3cdcfb26558c559edb67b4d9b22e" dependencies = [ "bitflags 2.4.1", "errno", @@ -1689,9 +1702,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.8" +version = "0.21.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "446e14c5cda4f3f30fe71863c34ec70f5ac79d6087097ad0bb433e1be5edf04c" +checksum = "629648aced5775d558af50b2b4c7b02983a04b312126d45eeead26e7caa498b9" dependencies = [ "log", "ring 0.17.5", @@ -1934,9 +1947,9 @@ checksum = "a7cee0529a6d40f580e7a5e6c495c8fbfe21b7b52795ed4bb5e62cdf92bc6380" [[package]] name = "signature" -version = "2.1.0" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" dependencies = [ "digest 0.10.7", "rand_core", @@ -2123,7 +2136,7 @@ version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls 0.21.8", + "rustls 0.21.9", "tokio", ] @@ -2489,9 +2502,9 @@ dependencies = [ [[package]] name = "zeroize" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" dependencies = [ "zeroize_derive", ] From 765cfd214bc5f35c040bc0bee9b82d7080f0f4d2 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 20 Nov 2023 09:18:40 +0100 Subject: [PATCH 0399/1145] ci-bench: update itertools to 0.12 --- Cargo.lock | 4 ++-- ci-bench/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3beb505cc9..3088add9f4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1056,9 +1056,9 @@ dependencies = [ [[package]] name = "itertools" -version = "0.11.0" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1c173a5686ce8bfa551b3563d0c2170bf24ca44da99c7ca4bfdab5418c3fe57" +checksum = "25db6b064527c5d482d0423354fcd07a89a2dfe07b67892e62411946db7f07b0" dependencies = [ "either", ] diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index 47952ca0d7..6eabb4c9b0 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -11,7 +11,7 @@ anyhow = "1.0.73" byteorder = "1.4.3" clap = { version = "4.3.21", features = ["derive"] } fxhash = "0.2.1" -itertools = "0.11.0" +itertools = "0.12" pki-types = { package = "rustls-pki-types", version = "0.2" } rayon = "1.7.0" rustls = { path = "../rustls", features = ["ring", "aws_lc_rs"] } From 076090d4bd2fa21c77497d12b3f7d19d4193d6e1 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 20 Nov 2023 09:38:06 +0000 Subject: [PATCH 0400/1145] Switch to checking direct-minimal-versions Of `-Z minimal-versions` it is said: > Note: It is not recommended to use this feature. Because it enforces minimal > versions for all transitive dependencies, its usefulness is limited since not > all external dependencies declare proper lower version bounds. `-Z direct-minimal-versions` appears to be its replacement, which means our CI is checking things only within our control. --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ff15deb129..a48115d437 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -237,7 +237,7 @@ jobs: minver: - name: Check minimum versions + name: Check minimum versions of direct dependencies runs-on: ubuntu-20.04 steps: - name: Checkout sources @@ -248,9 +248,9 @@ jobs: - name: Install rust toolchain uses: dtolnay/rust-toolchain@nightly - - name: Update to minimal-versions + - name: Update to direct-minimal-versions # This has no effect if no `Cargo.lock` exists yet. - run: cargo update -Z minimal-versions + run: cargo update -Z direct-minimal-versions - name: cargo test (debug; all features) run: cargo test --locked --all-features From 26541d5bb1463a803c0173a75ed961db87edfe6f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 20 Nov 2023 10:30:00 +0000 Subject: [PATCH 0401/1145] Use cargo-minimal-versions This hides a bunch of mess underlying `cargo update -Z direct-minimal-versions`: mainly the ability to exclude workspace crates with publish=false from version resolution (`--ignore-private` flag). --- .github/workflows/build.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a48115d437..a3a4021d12 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -248,14 +248,16 @@ jobs: - name: Install rust toolchain uses: dtolnay/rust-toolchain@nightly - - name: Update to direct-minimal-versions - # This has no effect if no `Cargo.lock` exists yet. - run: cargo update -Z direct-minimal-versions + - name: Install cargo-minimal-versions + uses: taiki-e/install-action@cargo-minimal-versions - - name: cargo test (debug; all features) - run: cargo test --locked --all-features - env: - RUST_BACKTRACE: 1 + # cargo-minimal-versions requires cargo-hack + - name: Install cargo-hack + uses: taiki-e/install-action@cargo-hack + + - name: Check direct-minimal-versions + run: cargo minimal-versions --direct --ignore-private check + working-directory: rustls/ cross: name: Check cross compilation targets From 42cda4658f3f5c865a9248803a8a083633525998 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 20 Nov 2023 13:36:55 -0500 Subject: [PATCH 0402/1145] client: remove deprecated with_single_cert We deprecated `ClientConfig` builder's `with_single_cert` in 0.21.4, encouraging use of `with_client_auth_cert`. This commit removes the deprecated fn ahead of the 0.22.0 release. --- rustls/src/client/builder.rs | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index e46cdf5fd7..496bd83e02 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -116,23 +116,6 @@ impl ConfigBuilder { Ok(self.with_client_cert_resolver(Arc::new(resolver))) } - /// Sets a single certificate chain and matching private key for use - /// in client authentication. - /// - /// `cert_chain` is a vector of DER-encoded certificates. - /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key -- the precise - /// set of supported key types and parameters is defined by the selected `CryptoProvider`. - /// - /// This function fails if `key_der` is invalid. - #[deprecated(since = "0.21.4", note = "Use `with_client_auth_cert` instead")] - pub fn with_single_cert( - self, - cert_chain: Vec>, - key_der: PrivateKeyDer<'static>, - ) -> Result { - self.with_client_auth_cert(cert_chain, key_der) - } - /// Do not support client auth. pub fn with_no_client_auth(self) -> ClientConfig { self.with_client_cert_resolver(Arc::new(handy::FailResolveClientCert {})) From 8173b77bb0d7ea794cd7f61eeea282fbad175050 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 20 Nov 2023 17:07:24 -0500 Subject: [PATCH 0403/1145] crypto: doc-hide the HPKE module The bits and pieces we're landing for HPKE support aren't ready for broad use yet. To avoid confusion before the 0.22 release this commit adds a `#[doc(hidden)]` attribute to the `crypto/hpke.rs` mod. --- rustls/src/crypto/mod.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 71a1e21dc7..76a41e7135 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -38,6 +38,7 @@ pub mod tls12; pub mod tls13; /// Hybrid public key encryption (RFC 9180). +#[doc(hidden)] pub mod hpke; pub use crate::rand::GetRandomFailed; From df9ed5bca41410ba7355ce6a16ed58b3655712ec Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Sat, 18 Nov 2023 11:44:40 -0800 Subject: [PATCH 0404/1145] Simplify progression to TLS 1.3 traffic states --- rustls/src/client/tls13.rs | 9 ++++----- rustls/src/server/tls13.rs | 13 ++++++------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 48610a2518..dca79df68e 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -907,11 +907,10 @@ impl State for ExpectFinished { _fin_verified: fin, }; - if cx.common.is_quic() { - Ok(Box::new(ExpectQuicTraffic(st))) - } else { - Ok(Box::new(st)) - } + Ok(match cx.common.is_quic() { + true => Box::new(ExpectQuicTraffic(st)), + false => Box::new(st), + }) } } diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index dd1be32c88..3f9ba04f80 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1185,17 +1185,16 @@ impl State for ExpectFinished { // Application data may now flow, even if we have client auth enabled. cx.common.start_traffic(); - if cx.common.protocol == Protocol::Quic { - Ok(Box::new(ExpectQuicTraffic { + Ok(match cx.common.is_quic() { + true => Box::new(ExpectQuicTraffic { key_schedule: key_schedule_traffic, _fin_verified: fin, - })) - } else { - Ok(Box::new(ExpectTraffic { + }), + false => Box::new(ExpectTraffic { key_schedule: key_schedule_traffic, _fin_verified: fin, - })) - } + }), + }) } } From 7ee370a41513c331c067f57031a3165795213181 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Sat, 18 Nov 2023 11:53:10 -0800 Subject: [PATCH 0405/1145] Tighten docstring headlines for suite limits --- rustls/src/suites.rs | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 3117420ca2..e814ae63e3 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -20,17 +20,20 @@ pub struct CipherSuiteCommon { /// Which hash function the suite uses. pub hash_provider: &'static dyn crypto::hash::Hash, - /// The number of messages that can be encrypted by a single - /// instance of `MessageEncrypter` produced for this suite before - /// an attacker gains an advantage in distinguishing it from an ideal - /// pseudorandom permutation (PRP). + /// Number of messages that can be safely encrypted with a single key of this type + /// + /// Once a `MessageEncrypter` produced for this suite has encrypted more than + /// `confidentiality_limit` messages, an attacker gains an advantage in distinguishing it + /// from an ideal pseudorandom permutation (PRP). /// /// This is to be set on the assumption that messages are maximally sized -- /// at least 2 ** 14 bytes for TCP-TLS and 2 ** 16 for QUIC. pub confidentiality_limit: u64, - /// The number of messages an attacker can be allowed to unsuccessfully - /// decrypt before the attacker gains an advantage in forging messages. + /// Number of messages that can be safely decrypted with a single key of this type + /// + /// Once a `MessageDecrypter` produced for this suite has failed to decrypt `integrity_limit` + /// messages, an attacker gains an advantage in forging messages. /// /// This is not relevant for TLS over TCP (which is implemented in this crate) /// because a single failed decryption is fatal to the connection. However, From 9169e71552311655d03e564daf4c97d9055b773b Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Sat, 18 Nov 2023 12:22:32 -0800 Subject: [PATCH 0406/1145] quic: remove limits from PacketKey interface Since these are now unconditionally available on the Tls13CipherSuite, there doesn't seem to be much point in keeping this API (which appears be unused). --- rustls/src/crypto/ring/quic.rs | 25 +------------------------ rustls/src/quic.rs | 21 +++------------------ rustls/tests/api.rs | 14 -------------- 3 files changed, 4 insertions(+), 56 deletions(-) diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 6e5dd48215..cf94207fa2 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -3,7 +3,6 @@ use crate::crypto::cipher::{AeadKey, Iv, Nonce}; use crate::error::Error; use crate::quic; -use crate::tls13::Tls13CipherSuite; use alloc::boxed::Box; @@ -101,13 +100,10 @@ pub(crate) struct PacketKey { key: aead::LessSafeKey, /// Computes unique nonces for each packet iv: Iv, - /// The cipher suite used for this packet key - suite: &'static Tls13CipherSuite, } impl PacketKey { pub(crate) fn new( - suite: &'static Tls13CipherSuite, key: AeadKey, iv: Iv, aead_algorithm: &'static aead::Algorithm, @@ -117,7 +113,6 @@ impl PacketKey { aead::UnboundKey::new(aead_algorithm, key.as_ref()).unwrap(), ), iv, - suite, } } } @@ -162,22 +157,6 @@ impl quic::PacketKey for PacketKey { Ok(&payload[..plain_len]) } - /// Number of times the packet key can be used without sacrificing confidentiality - /// - /// See . - #[inline] - fn confidentiality_limit(&self) -> u64 { - self.suite.common.confidentiality_limit - } - - /// Number of times the packet key can be used without sacrificing integrity - /// - /// See . - #[inline] - fn integrity_limit(&self) -> u64 { - self.suite.common.integrity_limit - } - /// Tag length for the underlying AEAD algorithm #[inline] fn tag_len(&self) -> usize { @@ -193,11 +172,10 @@ pub(crate) struct KeyBuilder( impl crate::quic::Algorithm for KeyBuilder { fn packet_key( &self, - suite: &'static Tls13CipherSuite, key: AeadKey, iv: Iv, ) -> Box { - Box::new(super::quic::PacketKey::new(suite, key, iv, self.0)) + Box::new(super::quic::PacketKey::new(key, iv, self.0)) } fn header_protection_key(&self, key: AeadKey) -> Box { @@ -244,7 +222,6 @@ mod tests { let packet_iv = hkdf_expand_label(expander.as_ref(), version.packet_iv_label(), &[]); let hpk = super::HeaderProtectionKey::new(header_key, &aead::quic::CHACHA20); let packet = super::PacketKey::new( - TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, packet_key, packet_iv, &aead::CHACHA20_POLY1305, diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index d8010dbcc8..08d1c1d3a2 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -550,7 +550,7 @@ impl DirectionalKeys { Self { header: quic.header_protection_key(header_key), - packet: quic.packet_key(suite, packet_key, packet_iv), + packet: quic.packet_key(packet_key, packet_iv), } } } @@ -581,12 +581,7 @@ pub trait Algorithm: Send + Sync { /// /// `suite` is the entire suite this `Algorithm` appeared in. /// `key` and `iv` is the key material to use. - fn packet_key( - &self, - suite: &'static Tls13CipherSuite, - key: AeadKey, - iv: Iv, - ) -> Box; + fn packet_key(&self, key: AeadKey, iv: Iv) -> Box; /// Produce a `HeaderProtectionKey` encrypter/decrypter for this suite. /// @@ -690,16 +685,6 @@ pub trait PacketKey { payload: &'a mut [u8], ) -> Result<&'a [u8], Error>; - /// Number of times the packet key can be used without sacrificing confidentiality - /// - /// See . - fn confidentiality_limit(&self) -> u64; - - /// Number of times the packet key can be used without sacrificing integrity - /// - /// See . - fn integrity_limit(&self) -> u64; - /// Tag length for the underlying AEAD algorithm fn tag_len(&self) -> usize; } @@ -736,7 +721,7 @@ impl PacketKeySet { let packet_iv = hkdf_expand_label(expander, secrets.version.packet_iv_label(), &[]); secrets .quic - .packet_key(secrets.suite, packet_key, packet_iv) + .packet_key(packet_key, packet_iv) } Self { diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 2f3f99954f..5d011d6691 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4237,20 +4237,6 @@ mod test_quic { CONNECTION_ID, Side::Client, ); - assert_eq!( - client_keys - .local - .packet - .confidentiality_limit(), - 2u64.pow(23) - ); - assert_eq!( - client_keys - .local - .packet - .integrity_limit(), - 2u64.pow(52) - ); assert_eq!(client_keys.local.packet.tag_len(), 16); let mut buf = Vec::new(); From 94a2084f4237ee48bff524dbc95e202400f87549 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Sat, 18 Nov 2023 12:47:51 -0800 Subject: [PATCH 0407/1145] quic: use higher-level interface for make_packet_key() --- rustls/src/quic.rs | 49 +++++++++++++++++++++------------------------- 1 file changed, 22 insertions(+), 27 deletions(-) diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 08d1c1d3a2..039ce47a88 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -3,7 +3,7 @@ use crate::client::{ClientConfig, ClientConnectionData, ServerName}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, SideData}; use crate::crypto::cipher::{AeadKey, Iv}; -use crate::crypto::tls13::{HkdfExpander, OkmBlock}; +use crate::crypto::tls13::{Hkdf, OkmBlock}; use crate::enums::{AlertDescription, ProtocolVersion}; use crate::error::Error; use crate::msgs::handshake::{ClientExtension, ServerExtension}; @@ -700,37 +700,32 @@ pub struct PacketKeySet { impl PacketKeySet { fn new(secrets: &Secrets) -> Self { let (local, remote) = secrets.local_remote(); - - let local_expander = secrets - .suite - .hkdf_provider - .expander_for_okm(local); - let remote_expander = secrets - .suite - .hkdf_provider - .expander_for_okm(remote); - - fn make_packet_key(expander: &dyn HkdfExpander, secrets: &Secrets) -> Box { - let aead_key_len = secrets.quic.aead_key_len(); - let packet_key = hkdf_expand_label_aead_key( - expander, - aead_key_len, - secrets.version.packet_key_label(), - &[], - ); - let packet_iv = hkdf_expand_label(expander, secrets.version.packet_iv_label(), &[]); - secrets - .quic - .packet_key(packet_key, packet_iv) - } - + let hkdf = secrets.suite.hkdf_provider; Self { - local: make_packet_key(local_expander.as_ref(), secrets), - remote: make_packet_key(remote_expander.as_ref(), secrets), + local: make_packet_key(local, hkdf, secrets.version, secrets.quic), + remote: make_packet_key(remote, hkdf, secrets.version, secrets.quic), } } } +fn make_packet_key( + secret: &OkmBlock, + hkdf: &dyn Hkdf, + version: Version, + alg: &dyn Algorithm, +) -> Box { + let expander = hkdf.expander_for_okm(secret); + let aead_key_len = alg.aead_key_len(); + let packet_key = hkdf_expand_label_aead_key( + expander.as_ref(), + aead_key_len, + version.packet_key_label(), + &[], + ); + let packet_iv = hkdf_expand_label(expander.as_ref(), version.packet_iv_label(), &[]); + alg.packet_key(packet_key, packet_iv) +} + /// Complete set of keys used to communicate with the peer pub struct Keys { /// Encrypts outgoing packets From fbdf5dafdc25c23a14d3f850349e7bf70a1c6606 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Sat, 18 Nov 2023 13:05:13 -0800 Subject: [PATCH 0408/1145] quic: deduplicate code for building keys --- rustls/src/crypto/ring/quic.rs | 43 +++++---------- rustls/src/quic.rs | 95 +++++++++++++++++++--------------- 2 files changed, 65 insertions(+), 73 deletions(-) diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index cf94207fa2..2d6669cae2 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -103,11 +103,7 @@ pub(crate) struct PacketKey { } impl PacketKey { - pub(crate) fn new( - key: AeadKey, - iv: Iv, - aead_algorithm: &'static aead::Algorithm, - ) -> Self { + pub(crate) fn new(key: AeadKey, iv: Iv, aead_algorithm: &'static aead::Algorithm) -> Self { Self { key: aead::LessSafeKey::new( aead::UnboundKey::new(aead_algorithm, key.as_ref()).unwrap(), @@ -170,11 +166,7 @@ pub(crate) struct KeyBuilder( ); impl crate::quic::Algorithm for KeyBuilder { - fn packet_key( - &self, - key: AeadKey, - iv: Iv, - ) -> Box { + fn packet_key(&self, key: AeadKey, iv: Iv) -> Box { Box::new(super::quic::PacketKey::new(key, iv, self.0)) } @@ -189,16 +181,12 @@ impl crate::quic::Algorithm for KeyBuilder { #[cfg(test)] mod tests { - use super::*; use crate::common_state::Side; use crate::crypto::tls13::OkmBlock; - use crate::quic::HeaderProtectionKey; - use crate::quic::PacketKey; use crate::quic::*; use crate::test_provider::tls13::{ TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, }; - use crate::tls13::key_schedule::{hkdf_expand_label, hkdf_expand_label_aead_key}; fn test_short_packet(version: Version, expected: &[u8]) { const PN: u64 = 654360564; @@ -208,24 +196,17 @@ mod tests { 0x0f, 0x21, 0x63, 0x2b, ]; - let expander = TLS13_CHACHA20_POLY1305_SHA256_INTERNAL - .hkdf_provider - .expander_for_okm(&OkmBlock::new(SECRET)); - let key_len = TLS13_CHACHA20_POLY1305_SHA256_INTERNAL - .quic - .unwrap() - .aead_key_len(); - let header_key = - hkdf_expand_label_aead_key(expander.as_ref(), key_len, version.header_key_label(), &[]); - let packet_key = - hkdf_expand_label_aead_key(expander.as_ref(), key_len, version.packet_key_label(), &[]); - let packet_iv = hkdf_expand_label(expander.as_ref(), version.packet_iv_label(), &[]); - let hpk = super::HeaderProtectionKey::new(header_key, &aead::quic::CHACHA20); - let packet = super::PacketKey::new( - packet_key, - packet_iv, - &aead::CHACHA20_POLY1305, + let secret = OkmBlock::new(SECRET); + let builder = KeyBuilder::new( + &secret, + version, + TLS13_CHACHA20_POLY1305_SHA256_INTERNAL + .quic + .unwrap(), + TLS13_CHACHA20_POLY1305_SHA256_INTERNAL.hkdf_provider, ); + let packet = builder.packet_key(); + let hpk = builder.header_protection_key(); const PLAIN: &[u8] = &[0x42, 0x00, 0xbf, 0xf4, 0x01]; diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 039ce47a88..2aef820acc 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -3,7 +3,7 @@ use crate::client::{ClientConfig, ClientConnectionData, ServerName}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, SideData}; use crate::crypto::cipher::{AeadKey, Iv}; -use crate::crypto::tls13::{Hkdf, OkmBlock}; +use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock}; use crate::enums::{AlertDescription, ProtocolVersion}; use crate::error::Error; use crate::msgs::handshake::{ClientExtension, ServerExtension}; @@ -527,30 +527,10 @@ impl DirectionalKeys { secret: &OkmBlock, version: Version, ) -> Self { - let expander = suite - .hkdf_provider - .expander_for_okm(secret); - - let aead_key_len = quic.aead_key_len(); - - let packet_key = hkdf_expand_label_aead_key( - expander.as_ref(), - aead_key_len, - version.packet_key_label(), - &[], - ); - let packet_iv = hkdf_expand_label(expander.as_ref(), version.packet_iv_label(), &[]); - - let header_key = hkdf_expand_label_aead_key( - expander.as_ref(), - aead_key_len, - version.header_key_label(), - &[], - ); - + let builder = KeyBuilder::new(secret, version, quic, suite.hkdf_provider); Self { - header: quic.header_protection_key(header_key), - packet: quic.packet_key(packet_key, packet_iv), + header: builder.header_protection_key(), + packet: builder.packet_key(), } } } @@ -700,30 +680,61 @@ pub struct PacketKeySet { impl PacketKeySet { fn new(secrets: &Secrets) -> Self { let (local, remote) = secrets.local_remote(); - let hkdf = secrets.suite.hkdf_provider; + let (version, alg, hkdf) = (secrets.version, secrets.quic, secrets.suite.hkdf_provider); Self { - local: make_packet_key(local, hkdf, secrets.version, secrets.quic), - remote: make_packet_key(remote, hkdf, secrets.version, secrets.quic), + local: KeyBuilder::new(local, version, alg, hkdf).packet_key(), + remote: KeyBuilder::new(remote, version, alg, hkdf).packet_key(), } } } -fn make_packet_key( - secret: &OkmBlock, - hkdf: &dyn Hkdf, +pub(crate) struct KeyBuilder<'a> { + expander: Box, version: Version, - alg: &dyn Algorithm, -) -> Box { - let expander = hkdf.expander_for_okm(secret); - let aead_key_len = alg.aead_key_len(); - let packet_key = hkdf_expand_label_aead_key( - expander.as_ref(), - aead_key_len, - version.packet_key_label(), - &[], - ); - let packet_iv = hkdf_expand_label(expander.as_ref(), version.packet_iv_label(), &[]); - alg.packet_key(packet_key, packet_iv) + alg: &'a dyn Algorithm, +} + +impl<'a> KeyBuilder<'a> { + pub(crate) fn new( + secret: &OkmBlock, + version: Version, + alg: &'a dyn Algorithm, + hkdf: &'a dyn Hkdf, + ) -> Self { + Self { + expander: hkdf.expander_for_okm(secret), + version, + alg, + } + } + + /// Derive packet keys + pub(crate) fn packet_key(&self) -> Box { + let aead_key_len = self.alg.aead_key_len(); + let packet_key = hkdf_expand_label_aead_key( + self.expander.as_ref(), + aead_key_len, + self.version.packet_key_label(), + &[], + ); + + let packet_iv = + hkdf_expand_label(self.expander.as_ref(), self.version.packet_iv_label(), &[]); + self.alg + .packet_key(packet_key, packet_iv) + } + + /// Derive header protection keys + pub(crate) fn header_protection_key(&self) -> Box { + let header_key = hkdf_expand_label_aead_key( + self.expander.as_ref(), + self.alg.aead_key_len(), + self.version.header_key_label(), + &[], + ); + self.alg + .header_protection_key(header_key) + } } /// Complete set of keys used to communicate with the peer From c14a35f4fde26a5498763403a6369a494dffac02 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 20 Nov 2023 10:21:49 +0100 Subject: [PATCH 0409/1145] Use filter_map() instead of filter().map() --- rustls/src/client/hs.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 63b9bdb668..61d77019fe 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -278,8 +278,10 @@ fn emit_client_hello_for_retry( let mut cipher_suites: Vec<_> = config .cipher_suites .iter() - .filter(|cs| cs.usable_for_protocol(cx.common.protocol)) - .map(|cs| cs.suite()) + .filter_map(|cs| match cs.usable_for_protocol(cx.common.protocol) { + true => Some(cs.suite()), + false => None, + }) .collect(); // We don't do renegotiation at all, in fact. cipher_suites.push(CipherSuite::TLS_EMPTY_RENEGOTIATION_INFO_SCSV); From 9713e86d34d598e20bd88c730f9b9cbcbe590975 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 20 Nov 2023 10:28:06 +0100 Subject: [PATCH 0410/1145] quic: match prevailing style of error messages --- rustls/src/quic.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 2aef820acc..0a620b3551 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -155,7 +155,7 @@ impl ClientConnection { if !config.supports_protocol(Protocol::Quic) { return Err(Error::General( - "At least one ciphersuite must support QUIC".into(), + "at least one ciphersuite must support QUIC".into(), )); } @@ -230,7 +230,7 @@ impl ServerConnection { if !config.supports_protocol(Protocol::Quic) { return Err(Error::General( - "At least one ciphersuite must support QUIC".into(), + "at least one ciphersuite must support QUIC".into(), )); } From b8b13274ca16b70ab37ce6f971f8c12efcc6d332 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 20 Nov 2023 10:29:34 +0100 Subject: [PATCH 0411/1145] quic: tighten headlines for connection new() methods --- rustls/src/quic.rs | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 0a620b3551..8e30f58224 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -138,9 +138,10 @@ pub struct ClientConnection { } impl ClientConnection { - /// Make a new QUIC ClientConnection. This differs from `ClientConnection::new()` - /// in that it takes an extra argument, `params`, which contains the - /// TLS-encoded transport parameters to send. + /// Make a new QUIC ClientConnection. + /// + /// This differs from `ClientConnection::new()` in that it takes an extra `params` argument, + /// which contains the TLS-encoded transport parameters to send. pub fn new( config: Arc, quic_version: Version, @@ -214,9 +215,10 @@ pub struct ServerConnection { } impl ServerConnection { - /// Make a new QUIC ServerConnection. This differs from `ServerConnection::new()` - /// in that it takes an extra argument, `params`, which contains the - /// TLS-encoded transport parameters to send. + /// Make a new QUIC ServerConnection. + /// + /// This differs from `ServerConnection::new()` in that it takes an extra `params` argument, + /// which contains the TLS-encoded transport parameters to send. pub fn new( config: Arc, quic_version: Version, From 96f16712c9d685e16baf9ab33050f8e750863e22 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 27 Oct 2023 15:31:33 +0100 Subject: [PATCH 0412/1145] Take aws-lc-rs 1.5 --- rustls/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 552457e442..c0f1fe19e1 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -16,7 +16,7 @@ build = "build.rs" rustversion = { version = "1.0.6", optional = true } [dependencies] -aws-lc-rs = { version = "1", optional = true } +aws-lc-rs = { version = "1.5", optional = true } log = { version = "0.4.4", optional = true } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } From b4680e6a00d8034d32e1ed3e8c027be8e6c34a5e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 17 Nov 2023 15:11:18 +0000 Subject: [PATCH 0413/1145] Remove `ring_shim::digest_output_len` aws-lc-rs 1.5 tracked this API change. --- rustls/src/crypto/aws_lc_rs/mod.rs | 4 ---- rustls/src/crypto/ring/hash.rs | 2 +- rustls/src/crypto/ring/hmac.rs | 7 +++++-- rustls/src/crypto/ring/mod.rs | 4 ---- 4 files changed, 6 insertions(+), 11 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index f17cf2f27c..3b3d8e3190 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -192,10 +192,6 @@ mod ring_shim { use super::ring_like; use crate::crypto::SharedSecret; - pub(super) fn digest_output_len(alg: &ring_like::digest::Algorithm) -> usize { - alg.output_len - } - pub(super) fn agree_ephemeral( priv_key: ring_like::agreement::EphemeralPrivateKey, peer_key: &ring_like::agreement::UnparsedPublicKey<&[u8]>, diff --git a/rustls/src/crypto/ring/hash.rs b/rustls/src/crypto/ring/hash.rs index c49b58f1f5..f97c101122 100644 --- a/rustls/src/crypto/ring/hash.rs +++ b/rustls/src/crypto/ring/hash.rs @@ -23,7 +23,7 @@ impl crypto::hash::Hash for Hash { } fn output_len(&self) -> usize { - super::ring_shim::digest_output_len(self.0) + self.0.output_len() } fn algorithm(&self) -> HashAlgorithm { diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index 1499e4acb8..cad67878fb 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -19,7 +19,7 @@ impl crypto::hmac::Hmac for Hmac { } fn hash_output_len(&self) -> usize { - super::ring_shim::digest_output_len(self.0.digest_algorithm()) + self.0.digest_algorithm().output_len() } } @@ -37,6 +37,9 @@ impl crypto::hmac::Key for Key { } fn tag_len(&self) -> usize { - super::ring_shim::digest_output_len(self.0.algorithm().digest_algorithm()) + self.0 + .algorithm() + .digest_algorithm() + .output_len() } } diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 4d4df8a1dd..58fe4eb3cf 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -183,10 +183,6 @@ mod ring_shim { use super::ring_like; use crate::crypto::SharedSecret; - pub(super) fn digest_output_len(alg: &ring_like::digest::Algorithm) -> usize { - alg.output_len() - } - pub(super) fn agree_ephemeral( priv_key: ring_like::agreement::EphemeralPrivateKey, peer_key: &ring_like::agreement::UnparsedPublicKey<&[u8]>, From 9931adfdc729b558ba476a1b336a73d03e19efbd Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 27 Oct 2023 15:32:14 +0100 Subject: [PATCH 0414/1145] Split off tls12 module for aws-lc-rs --- rustls/src/crypto/aws_lc_rs/mod.rs | 1 - rustls/src/crypto/aws_lc_rs/tls12.rs | 386 +++++++++++++++++++++++++++ rustls/src/crypto/ring/tls12.rs | 2 - 3 files changed, 386 insertions(+), 3 deletions(-) create mode 100644 rustls/src/crypto/aws_lc_rs/tls12.rs diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index 3b3d8e3190..0a55f5d865 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -33,7 +33,6 @@ pub(crate) mod quic; #[path = "../ring/ticketer.rs"] pub(crate) mod ticketer; #[cfg(feature = "tls12")] -#[path = "../ring/tls12.rs"] pub(crate) mod tls12; #[path = "../ring/tls13.rs"] pub(crate) mod tls13; diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs new file mode 100644 index 0000000000..7e2a0b06f7 --- /dev/null +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -0,0 +1,386 @@ +use crate::crypto::cipher::{ + make_tls12_aad, AeadKey, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, + Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, +}; +use crate::crypto::tls12::PrfUsingHmac; +use crate::crypto::KeyExchangeAlgorithm; +use crate::enums::{CipherSuite, SignatureScheme}; +use crate::error::Error; +use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; +use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; +use crate::tls12::Tls12CipherSuite; + +use alloc::boxed::Box; +use alloc::vec::Vec; + +use aws_lc_rs::aead; + +/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. +pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + hash_provider: &super::hash::SHA256, + confidentiality_limit: u64::MAX, + integrity_limit: 1 << 36, + }, + kx: KeyExchangeAlgorithm::ECDHE, + sign: TLS12_ECDSA_SCHEMES, + aead_alg: &ChaCha20Poly1305, + prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256), + }); + +/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + hash_provider: &super::hash::SHA256, + confidentiality_limit: u64::MAX, + integrity_limit: 1 << 36, + }, + kx: KeyExchangeAlgorithm::ECDHE, + sign: TLS12_RSA_SCHEMES, + aead_alg: &ChaCha20Poly1305, + prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256), + }); + +/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + hash_provider: &super::hash::SHA256, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, + }, + kx: KeyExchangeAlgorithm::ECDHE, + sign: TLS12_RSA_SCHEMES, + aead_alg: &AES128_GCM, + prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256), + }); + +/// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + hash_provider: &super::hash::SHA384, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, + }, + kx: KeyExchangeAlgorithm::ECDHE, + sign: TLS12_RSA_SCHEMES, + aead_alg: &AES256_GCM, + prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA384), + }); + +/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + hash_provider: &super::hash::SHA256, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, + }, + kx: KeyExchangeAlgorithm::ECDHE, + sign: TLS12_ECDSA_SCHEMES, + aead_alg: &AES128_GCM, + prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256), + }); + +/// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + hash_provider: &super::hash::SHA384, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, + }, + kx: KeyExchangeAlgorithm::ECDHE, + sign: TLS12_ECDSA_SCHEMES, + aead_alg: &AES256_GCM, + prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA384), + }); + +static TLS12_ECDSA_SCHEMES: &[SignatureScheme] = &[ + SignatureScheme::ED25519, + SignatureScheme::ECDSA_NISTP521_SHA512, + SignatureScheme::ECDSA_NISTP384_SHA384, + SignatureScheme::ECDSA_NISTP256_SHA256, +]; + +static TLS12_RSA_SCHEMES: &[SignatureScheme] = &[ + SignatureScheme::RSA_PSS_SHA512, + SignatureScheme::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA256, + SignatureScheme::RSA_PKCS1_SHA512, + SignatureScheme::RSA_PKCS1_SHA384, + SignatureScheme::RSA_PKCS1_SHA256, +]; + +pub(crate) static AES128_GCM: GcmAlgorithm = GcmAlgorithm(&aead::AES_128_GCM); +pub(crate) static AES256_GCM: GcmAlgorithm = GcmAlgorithm(&aead::AES_256_GCM); + +pub(crate) struct GcmAlgorithm(&'static aead::Algorithm); + +impl Tls12AeadAlgorithm for GcmAlgorithm { + fn decrypter(&self, dec_key: AeadKey, dec_iv: &[u8]) -> Box { + let dec_key = + aead::LessSafeKey::new(aead::UnboundKey::new(self.0, dec_key.as_ref()).unwrap()); + + let mut ret = GcmMessageDecrypter { + dec_key, + dec_salt: [0u8; 4], + }; + + debug_assert_eq!(dec_iv.len(), 4); + ret.dec_salt.copy_from_slice(dec_iv); + Box::new(ret) + } + + fn encrypter( + &self, + enc_key: AeadKey, + write_iv: &[u8], + explicit: &[u8], + ) -> Box { + let enc_key = + aead::LessSafeKey::new(aead::UnboundKey::new(self.0, enc_key.as_ref()).unwrap()); + let iv = gcm_iv(write_iv, explicit); + Box::new(GcmMessageEncrypter { enc_key, iv }) + } + + fn key_block_shape(&self) -> KeyBlockShape { + KeyBlockShape { + enc_key_len: self.0.key_len(), + fixed_iv_len: 4, + explicit_nonce_len: 8, + } + } + + fn extract_keys( + &self, + key: AeadKey, + write_iv: &[u8], + explicit: &[u8], + ) -> Result { + Ok(ConnectionTrafficSecrets::Aes128Gcm { + key, + iv: gcm_iv(write_iv, explicit), + }) + } +} + +pub(crate) struct ChaCha20Poly1305; + +impl Tls12AeadAlgorithm for ChaCha20Poly1305 { + fn decrypter(&self, dec_key: AeadKey, iv: &[u8]) -> Box { + let dec_key = aead::LessSafeKey::new( + aead::UnboundKey::new(&aead::CHACHA20_POLY1305, dec_key.as_ref()).unwrap(), + ); + Box::new(ChaCha20Poly1305MessageDecrypter { + dec_key, + dec_offset: Iv::copy(iv), + }) + } + + fn encrypter(&self, enc_key: AeadKey, enc_iv: &[u8], _: &[u8]) -> Box { + let enc_key = aead::LessSafeKey::new( + aead::UnboundKey::new(&aead::CHACHA20_POLY1305, enc_key.as_ref()).unwrap(), + ); + Box::new(ChaCha20Poly1305MessageEncrypter { + enc_key, + enc_offset: Iv::copy(enc_iv), + }) + } + + fn key_block_shape(&self) -> KeyBlockShape { + KeyBlockShape { + enc_key_len: 32, + fixed_iv_len: 12, + explicit_nonce_len: 0, + } + } + + fn extract_keys( + &self, + key: AeadKey, + iv: &[u8], + _explicit: &[u8], + ) -> Result { + // This should always be true because KeyBlockShape and the Iv nonce len are in agreement. + debug_assert_eq!(aead::NONCE_LEN, iv.len()); + Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { + key, + iv: Iv::new(iv[..].try_into().unwrap()), + }) + } +} + +/// A `MessageEncrypter` for AES-GCM AEAD ciphersuites. TLS 1.2 only. +struct GcmMessageEncrypter { + enc_key: aead::LessSafeKey, + iv: Iv, +} + +/// A `MessageDecrypter` for AES-GCM AEAD ciphersuites. TLS1.2 only. +struct GcmMessageDecrypter { + dec_key: aead::LessSafeKey, + dec_salt: [u8; 4], +} + +const GCM_EXPLICIT_NONCE_LEN: usize = 8; +const GCM_OVERHEAD: usize = GCM_EXPLICIT_NONCE_LEN + 16; + +impl MessageDecrypter for GcmMessageDecrypter { + fn decrypt(&self, mut msg: OpaqueMessage, seq: u64) -> Result { + let payload = msg.payload(); + if payload.len() < GCM_OVERHEAD { + return Err(Error::DecryptError); + } + + let nonce = { + let mut nonce = [0u8; 12]; + nonce[..4].copy_from_slice(&self.dec_salt); + nonce[4..].copy_from_slice(&payload[..8]); + aead::Nonce::assume_unique_for_key(nonce) + }; + + let aad = aead::Aad::from(make_tls12_aad( + seq, + msg.typ, + msg.version, + payload.len() - GCM_OVERHEAD, + )); + + let payload = msg.payload_mut(); + let plain_len = self + .dec_key + .open_within(nonce, aad, payload, GCM_EXPLICIT_NONCE_LEN..) + .map_err(|_| Error::DecryptError)? + .len(); + + if plain_len > MAX_FRAGMENT_LEN { + return Err(Error::PeerSentOversizedRecord); + } + + payload.truncate(plain_len); + Ok(msg.into_plain_message()) + } +} + +impl MessageEncrypter for GcmMessageEncrypter { + fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); + let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); + + let total_len = self.encrypted_payload_len(msg.payload.len()); + let mut payload = Vec::with_capacity(total_len); + payload.extend_from_slice(&nonce.as_ref()[4..]); + payload.extend_from_slice(msg.payload); + + self.enc_key + .seal_in_place_separate_tag(nonce, aad, &mut payload[GCM_EXPLICIT_NONCE_LEN..]) + .map(|tag| payload.extend(tag.as_ref())) + .map_err(|_| Error::EncryptError)?; + + Ok(OpaqueMessage::new(msg.typ, msg.version, payload)) + } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + GCM_EXPLICIT_NONCE_LEN + self.enc_key.algorithm().tag_len() + } +} + +/// The RFC7905/RFC7539 ChaCha20Poly1305 construction. +/// This implementation does the AAD construction required in TLS1.2. +/// TLS1.3 uses `TLS13MessageEncrypter`. +struct ChaCha20Poly1305MessageEncrypter { + enc_key: aead::LessSafeKey, + enc_offset: Iv, +} + +/// The RFC7905/RFC7539 ChaCha20Poly1305 construction. +/// This implementation does the AAD construction required in TLS1.2. +/// TLS1.3 uses `TLS13MessageDecrypter`. +struct ChaCha20Poly1305MessageDecrypter { + dec_key: aead::LessSafeKey, + dec_offset: Iv, +} + +const CHACHAPOLY1305_OVERHEAD: usize = 16; + +impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { + fn decrypt(&self, mut msg: OpaqueMessage, seq: u64) -> Result { + let payload = msg.payload(); + + if payload.len() < CHACHAPOLY1305_OVERHEAD { + return Err(Error::DecryptError); + } + + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.dec_offset, seq).0); + let aad = aead::Aad::from(make_tls12_aad( + seq, + msg.typ, + msg.version, + payload.len() - CHACHAPOLY1305_OVERHEAD, + )); + + let payload = msg.payload_mut(); + let plain_len = self + .dec_key + .open_in_place(nonce, aad, payload) + .map_err(|_| Error::DecryptError)? + .len(); + + if plain_len > MAX_FRAGMENT_LEN { + return Err(Error::PeerSentOversizedRecord); + } + + payload.truncate(plain_len); + Ok(msg.into_plain_message()) + } +} + +impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { + fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.enc_offset, seq).0); + let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); + + let total_len = self.encrypted_payload_len(msg.payload.len()); + let mut buf = Vec::with_capacity(total_len); + buf.extend_from_slice(msg.payload); + + self.enc_key + .seal_in_place_append_tag(nonce, aad, &mut buf) + .map_err(|_| Error::EncryptError)?; + + Ok(OpaqueMessage::new(msg.typ, msg.version, buf)) + } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + self.enc_key.algorithm().tag_len() + } +} + +fn gcm_iv(write_iv: &[u8], explicit: &[u8]) -> Iv { + debug_assert_eq!(write_iv.len(), 4); + debug_assert_eq!(explicit.len(), 8); + + // The GCM nonce is constructed from a 32-bit 'salt' derived + // from the master-secret, and a 64-bit explicit part, + // with no specified construction. Thanks for that. + // + // We use the same construction as TLS1.3/ChaCha20Poly1305: + // a starting point extracted from the key block, xored with + // the sequence number. + let mut iv = [0; NONCE_LEN]; + iv[..4].copy_from_slice(write_iv); + iv[4..].copy_from_slice(explicit); + + Iv::new(iv) +} diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 824bc4e39d..8f58921e49 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -1,5 +1,3 @@ -#![allow(clippy::duplicate_mod)] - use crate::crypto::cipher::{ make_tls12_aad, AeadKey, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, From 87ceb611fd756ae2ac8d7b264c5cc6ed1eae5efe Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 27 Oct 2023 15:45:19 +0100 Subject: [PATCH 0415/1145] Use aws-lc-rs API for TLS1.2 PRF --- rustls/src/crypto/aws_lc_rs/tls12.rs | 53 +++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 9 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 7e2a0b06f7..c4c0a87ab4 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -2,8 +2,8 @@ use crate::crypto::cipher::{ make_tls12_aad, AeadKey, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, }; -use crate::crypto::tls12::PrfUsingHmac; -use crate::crypto::KeyExchangeAlgorithm; +use crate::crypto::tls12::Prf; +use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm}; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; @@ -14,7 +14,7 @@ use crate::tls12::Tls12CipherSuite; use alloc::boxed::Box; use alloc::vec::Vec; -use aws_lc_rs::aead; +use aws_lc_rs::{aead, tls_prf}; /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = @@ -28,7 +28,7 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, aead_alg: &ChaCha20Poly1305, - prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256), + prf_provider: &Tls12Prf(&tls_prf::P_SHA256), }); /// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 @@ -43,7 +43,7 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, aead_alg: &ChaCha20Poly1305, - prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256), + prf_provider: &Tls12Prf(&tls_prf::P_SHA256), }); /// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 @@ -58,7 +58,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, aead_alg: &AES128_GCM, - prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256), + prf_provider: &Tls12Prf(&tls_prf::P_SHA256), }); /// The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 @@ -73,7 +73,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, aead_alg: &AES256_GCM, - prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA384), + prf_provider: &Tls12Prf(&tls_prf::P_SHA384), }); /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 @@ -88,7 +88,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, aead_alg: &AES128_GCM, - prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA256), + prf_provider: &Tls12Prf(&tls_prf::P_SHA256), }); /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 @@ -103,7 +103,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, aead_alg: &AES256_GCM, - prf_provider: &PrfUsingHmac(&super::hmac::HMAC_SHA384), + prf_provider: &Tls12Prf(&tls_prf::P_SHA384), }); static TLS12_ECDSA_SCHEMES: &[SignatureScheme] = &[ @@ -384,3 +384,38 @@ fn gcm_iv(write_iv: &[u8], explicit: &[u8]) -> Iv { Iv::new(iv) } + +struct Tls12Prf(&'static tls_prf::Algorithm); + +impl Prf for Tls12Prf { + fn for_secret(&self, output: &mut [u8], secret: &[u8], label: &[u8], seed: &[u8]) { + // safety: + // - [1] is safe because our caller guarantees `secret` is non-empty; this is + // the only documented error case. + // - [2] is safe in practice because the only failure from `derive()` is due + // to zero `output.len()`; this is outlawed at higher levels + let derived = tls_prf::Secret::new(self.0, secret) + .unwrap() // [1] + .derive(label, seed, output.len()) + .unwrap(); // [2] + output.copy_from_slice(derived.as_ref()); + } + + fn for_key_exchange( + &self, + output: &mut [u8], + kx: Box, + peer_pub_key: &[u8], + label: &[u8], + seed: &[u8], + ) -> Result<(), Error> { + self.for_secret( + output, + kx.complete(peer_pub_key)? + .secret_bytes(), + label, + seed, + ); + Ok(()) + } +} From b7fc13791fe542c91055e52f3105aabf98009c9e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 8 Nov 2023 13:45:59 +0000 Subject: [PATCH 0416/1145] Remove crypto::aws_lc_rs::hmac This became unused outside of tests, so isn't really paying its rent. --- rustls/src/crypto/aws_lc_rs/mod.rs | 2 -- rustls/src/crypto/tls12.rs | 2 +- rustls/src/crypto/tls13.rs | 2 +- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index 0a55f5d865..549a5b49d3 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -24,8 +24,6 @@ pub mod sign; #[path = "../ring/hash.rs"] pub(crate) mod hash; -#[path = "../ring/hmac.rs"] -pub(crate) mod hmac; #[path = "../ring/kx.rs"] pub(crate) mod kx; #[path = "../ring/quic.rs"] diff --git a/rustls/src/crypto/tls12.rs b/rustls/src/crypto/tls12.rs index 91d8dbd6d3..f9b2ca99cc 100644 --- a/rustls/src/crypto/tls12.rs +++ b/rustls/src/crypto/tls12.rs @@ -76,7 +76,7 @@ pub(crate) fn prf(out: &mut [u8], hmac_key: &dyn hmac::Key, label: &[u8], seed: } } -#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] +#[cfg(all(test, feature = "ring"))] mod tests { use crate::crypto::hmac::Hmac; use crate::test_provider::hmac; diff --git a/rustls/src/crypto/tls13.rs b/rustls/src/crypto/tls13.rs index 987aa24285..3130faea8d 100644 --- a/rustls/src/crypto/tls13.rs +++ b/rustls/src/crypto/tls13.rs @@ -239,7 +239,7 @@ impl AsRef<[u8]> for OkmBlock { #[derive(Debug)] pub struct OutputLengthError; -#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] +#[cfg(all(test, feature = "ring"))] mod tests { use super::{expand, Hkdf, HkdfUsingHmac}; use crate::test_provider::hmac; From f0a6ec11106c136fb898d87ea87bfc3260970110 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 13 Nov 2023 11:38:01 +0000 Subject: [PATCH 0417/1145] Make receiver of `cipher::Message{En,De}crypter` mutable This is necessary if implementations want to keep state between calls -- (eg, *ring*'s `aead::OpeningKey`). The next commit takes advantage of this. --- provider-example/src/aead.rs | 8 ++++---- rustls/src/crypto/aws_lc_rs/tls12.rs | 8 ++++---- rustls/src/crypto/cipher.rs | 8 ++++---- rustls/src/crypto/ring/tls12.rs | 8 ++++---- rustls/src/crypto/ring/tls13.rs | 4 ++-- rustls/src/record_layer.rs | 2 +- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index 1dac211920..117648c258 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -79,7 +79,7 @@ struct Tls13Cipher(chacha20poly1305::ChaCha20Poly1305, cipher::Iv); impl cipher::MessageEncrypter for Tls13Cipher { fn encrypt( - &self, + &mut self, m: cipher::BorrowedPlainMessage, seq: u64, ) -> Result { @@ -112,7 +112,7 @@ impl cipher::MessageEncrypter for Tls13Cipher { impl cipher::MessageDecrypter for Tls13Cipher { fn decrypt( - &self, + &mut self, mut m: cipher::OpaqueMessage, seq: u64, ) -> Result { @@ -132,7 +132,7 @@ struct Tls12Cipher(chacha20poly1305::ChaCha20Poly1305, cipher::Iv); impl cipher::MessageEncrypter for Tls12Cipher { fn encrypt( - &self, + &mut self, m: cipher::BorrowedPlainMessage, seq: u64, ) -> Result { @@ -157,7 +157,7 @@ impl cipher::MessageEncrypter for Tls12Cipher { impl cipher::MessageDecrypter for Tls12Cipher { fn decrypt( - &self, + &mut self, mut m: cipher::OpaqueMessage, seq: u64, ) -> Result { diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index c4c0a87ab4..948ec95a7f 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -237,7 +237,7 @@ const GCM_EXPLICIT_NONCE_LEN: usize = 8; const GCM_OVERHEAD: usize = GCM_EXPLICIT_NONCE_LEN + 16; impl MessageDecrypter for GcmMessageDecrypter { - fn decrypt(&self, mut msg: OpaqueMessage, seq: u64) -> Result { + fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { let payload = msg.payload(); if payload.len() < GCM_OVERHEAD { return Err(Error::DecryptError); @@ -274,7 +274,7 @@ impl MessageDecrypter for GcmMessageDecrypter { } impl MessageEncrypter for GcmMessageEncrypter { - fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); @@ -315,7 +315,7 @@ struct ChaCha20Poly1305MessageDecrypter { const CHACHAPOLY1305_OVERHEAD: usize = 16; impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { - fn decrypt(&self, mut msg: OpaqueMessage, seq: u64) -> Result { + fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { let payload = msg.payload(); if payload.len() < CHACHAPOLY1305_OVERHEAD { @@ -347,7 +347,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { } impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { - fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.enc_offset, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index f8828b5424..25160bac59 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -124,14 +124,14 @@ pub struct KeyBlockShape { pub trait MessageDecrypter: Send + Sync { /// Decrypt the given TLS message `msg`, using the sequence number /// `seq` which can be used to derive a unique [`Nonce`]. - fn decrypt(&self, msg: OpaqueMessage, seq: u64) -> Result; + fn decrypt(&mut self, msg: OpaqueMessage, seq: u64) -> Result; } /// Objects with this trait can encrypt TLS messages. pub trait MessageEncrypter: Send + Sync { /// Encrypt the given TLS message `msg`, using the sequence number /// `seq which can be used to derive a unique [`Nonce`]. - fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result; + fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result; /// Return the length of the ciphertext that results from encrypting plaintext of /// length `payload_len` @@ -301,7 +301,7 @@ impl From<[u8; Self::MAX_LEN]> for AeadKey { struct InvalidMessageEncrypter {} impl MessageEncrypter for InvalidMessageEncrypter { - fn encrypt(&self, _m: BorrowedPlainMessage, _seq: u64) -> Result { + fn encrypt(&mut self, _m: BorrowedPlainMessage, _seq: u64) -> Result { Err(Error::EncryptError) } @@ -314,7 +314,7 @@ impl MessageEncrypter for InvalidMessageEncrypter { struct InvalidMessageDecrypter {} impl MessageDecrypter for InvalidMessageDecrypter { - fn decrypt(&self, _m: OpaqueMessage, _seq: u64) -> Result { + fn decrypt(&mut self, _m: OpaqueMessage, _seq: u64) -> Result { Err(Error::DecryptError) } } diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 8f58921e49..5e2f030cf4 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -237,7 +237,7 @@ const GCM_EXPLICIT_NONCE_LEN: usize = 8; const GCM_OVERHEAD: usize = GCM_EXPLICIT_NONCE_LEN + 16; impl MessageDecrypter for GcmMessageDecrypter { - fn decrypt(&self, mut msg: OpaqueMessage, seq: u64) -> Result { + fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { let payload = msg.payload(); if payload.len() < GCM_OVERHEAD { return Err(Error::DecryptError); @@ -274,7 +274,7 @@ impl MessageDecrypter for GcmMessageDecrypter { } impl MessageEncrypter for GcmMessageEncrypter { - fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); @@ -315,7 +315,7 @@ struct ChaCha20Poly1305MessageDecrypter { const CHACHAPOLY1305_OVERHEAD: usize = 16; impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { - fn decrypt(&self, mut msg: OpaqueMessage, seq: u64) -> Result { + fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { let payload = msg.payload(); if payload.len() < CHACHAPOLY1305_OVERHEAD { @@ -347,7 +347,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { } impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { - fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.enc_offset, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 8deec44a14..dd1b0de2a4 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -182,7 +182,7 @@ struct Tls13MessageDecrypter { } impl MessageEncrypter for Tls13MessageEncrypter { - fn encrypt(&self, msg: BorrowedPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(msg.payload); @@ -207,7 +207,7 @@ impl MessageEncrypter for Tls13MessageEncrypter { } impl MessageDecrypter for Tls13MessageDecrypter { - fn decrypt(&self, mut msg: OpaqueMessage, seq: u64) -> Result { + fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { let payload = msg.payload_mut(); if payload.len() < self.dec_key.algorithm().tag_len() { return Err(Error::DecryptError); diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index 8532e11249..b198825a98 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -241,7 +241,7 @@ mod tests { struct PassThroughDecrypter; impl MessageDecrypter for PassThroughDecrypter { - fn decrypt(&self, m: OpaqueMessage, _: u64) -> Result { + fn decrypt(&mut self, m: OpaqueMessage, _: u64) -> Result { Ok(m.into_plain_message()) } } From f6d7298d304a0a682775d3810185f296ce8354b9 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 13 Nov 2023 12:52:49 +0000 Subject: [PATCH 0418/1145] aws_lc_rs::tls12: Use TlsRecordSealingKey API --- rustls/src/crypto/aws_lc_rs/tls12.rs | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 948ec95a7f..8f1fc1a0b5 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -148,8 +148,21 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { write_iv: &[u8], explicit: &[u8], ) -> Box { + // safety: `TlsRecordSealingKey::new` fails if + // - `enc_key`'s length is wrong for `algorithm`. But the length is defined by + // `algorithm.key_len()` in `key_block_shape()`, below. + // - `algorithm` is not supported: but `AES_128_GCM` and `AES_256_GCM` is. + // thus, this `unwrap()` is unreachable. + // + // `TlsProtocolId::TLS13` is deliberate: we reuse the nonce construction from + // RFC7905 and TLS13: a random starting point, XOR'd with the sequence number. This means + // `TlsProtocolId::TLS12` (which wants to see a plain sequence number) is unsuitable. + // + // The most important property is that nonce is unique per key, which is satisfied by + // this construction, even if the nonce is not monotonically increasing. let enc_key = - aead::LessSafeKey::new(aead::UnboundKey::new(self.0, enc_key.as_ref()).unwrap()); + aead::TlsRecordSealingKey::new(self.0, aead::TlsProtocolId::TLS13, enc_key.as_ref()) + .unwrap(); let iv = gcm_iv(write_iv, explicit); Box::new(GcmMessageEncrypter { enc_key, iv }) } @@ -223,7 +236,7 @@ impl Tls12AeadAlgorithm for ChaCha20Poly1305 { /// A `MessageEncrypter` for AES-GCM AEAD ciphersuites. TLS 1.2 only. struct GcmMessageEncrypter { - enc_key: aead::LessSafeKey, + enc_key: aead::TlsRecordSealingKey, iv: Iv, } From 0189d67fcc73d4ada941f4ae9df04c5d6f5feb43 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 13 Nov 2023 13:44:58 +0000 Subject: [PATCH 0419/1145] aws_lc_rs::tls12: Use TlsRecordOpeningKey API --- rustls/src/crypto/aws_lc_rs/tls12.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 8f1fc1a0b5..967bc33fe8 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -129,8 +129,10 @@ pub(crate) struct GcmAlgorithm(&'static aead::Algorithm); impl Tls12AeadAlgorithm for GcmAlgorithm { fn decrypter(&self, dec_key: AeadKey, dec_iv: &[u8]) -> Box { + // safety: see `encrypter()`. let dec_key = - aead::LessSafeKey::new(aead::UnboundKey::new(self.0, dec_key.as_ref()).unwrap()); + aead::TlsRecordOpeningKey::new(self.0, aead::TlsProtocolId::TLS12, dec_key.as_ref()) + .unwrap(); let mut ret = GcmMessageDecrypter { dec_key, @@ -242,7 +244,7 @@ struct GcmMessageEncrypter { /// A `MessageDecrypter` for AES-GCM AEAD ciphersuites. TLS1.2 only. struct GcmMessageDecrypter { - dec_key: aead::LessSafeKey, + dec_key: aead::TlsRecordOpeningKey, dec_salt: [u8; 4], } From 644dfdc9343975a390d50937242a7baac1f61efd Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 13 Nov 2023 14:03:34 +0000 Subject: [PATCH 0420/1145] Split off tls13 module for aws-lc-rs --- rustls/src/crypto/aws_lc_rs/mod.rs | 1 - rustls/src/crypto/aws_lc_rs/tls13.rs | 300 +++++++++++++++++++++++++++ rustls/src/crypto/ring/tls13.rs | 2 - 3 files changed, 300 insertions(+), 3 deletions(-) create mode 100644 rustls/src/crypto/aws_lc_rs/tls13.rs diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index 549a5b49d3..cecc38ef8f 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -32,7 +32,6 @@ pub(crate) mod quic; pub(crate) mod ticketer; #[cfg(feature = "tls12")] pub(crate) mod tls12; -#[path = "../ring/tls13.rs"] pub(crate) mod tls13; /// A `CryptoProvider` backed by aws-lc-rs. diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs new file mode 100644 index 0000000000..a1db2cce66 --- /dev/null +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -0,0 +1,300 @@ +use alloc::boxed::Box; +use alloc::vec::Vec; + +use crate::crypto; +use crate::crypto::cipher::{ + make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, Tls13AeadAlgorithm, + UnsupportedOperationError, +}; +use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; +use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; +use crate::error::Error; +use crate::msgs::codec::Codec; +use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; +use crate::tls13::Tls13CipherSuite; + +use aws_lc_rs::hkdf::KeyType; +use aws_lc_rs::{aead, hkdf, hmac}; + +/// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256 +pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL); + +pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, + hash_provider: &super::hash::SHA256, + confidentiality_limit: u64::MAX, + integrity_limit: 1 << 36, + }, + hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), + aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&aead::CHACHA20_POLY1305)), + quic: Some(&super::quic::KeyBuilder( + &aead::CHACHA20_POLY1305, + &aead::quic::CHACHA20, + )), +}; + +/// The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384 +pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = + SupportedCipherSuite::Tls13(&Tls13CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS13_AES_256_GCM_SHA384, + hash_provider: &super::hash::SHA384, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, + }, + hkdf_provider: &RingHkdf(hkdf::HKDF_SHA384, hmac::HMAC_SHA384), + aead_alg: &Aes256GcmAead(AeadAlgorithm(&aead::AES_256_GCM)), + quic: Some(&super::quic::KeyBuilder( + &aead::AES_256_GCM, + &aead::quic::AES_256, + )), + }); + +/// The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256 +pub static TLS13_AES_128_GCM_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls13(TLS13_AES_128_GCM_SHA256_INTERNAL); + +pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS13_AES_128_GCM_SHA256, + hash_provider: &super::hash::SHA256, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, + }, + hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), + aead_alg: &Aes128GcmAead(AeadAlgorithm(&aead::AES_128_GCM)), + quic: Some(&super::quic::KeyBuilder( + &aead::AES_128_GCM, + &aead::quic::AES_128, + )), +}; + +struct Chacha20Poly1305Aead(AeadAlgorithm); + +impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.encrypter(key, iv) + } + + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.decrypter(key, iv) + } + + fn key_len(&self) -> usize { + self.0.key_len() + } + + fn extract_keys( + &self, + key: AeadKey, + iv: Iv, + ) -> Result { + Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) + } +} + +struct Aes256GcmAead(AeadAlgorithm); + +impl Tls13AeadAlgorithm for Aes256GcmAead { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.encrypter(key, iv) + } + + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.decrypter(key, iv) + } + + fn key_len(&self) -> usize { + self.0.key_len() + } + + fn extract_keys( + &self, + key: AeadKey, + iv: Iv, + ) -> Result { + Ok(ConnectionTrafficSecrets::Aes256Gcm { key, iv }) + } +} + +struct Aes128GcmAead(AeadAlgorithm); + +impl Tls13AeadAlgorithm for Aes128GcmAead { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.encrypter(key, iv) + } + + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { + self.0.decrypter(key, iv) + } + + fn key_len(&self) -> usize { + self.0.key_len() + } + + fn extract_keys( + &self, + key: AeadKey, + iv: Iv, + ) -> Result { + Ok(ConnectionTrafficSecrets::Aes128Gcm { key, iv }) + } +} + +// common encrypter/decrypter/key_len items for above Tls13AeadAlgorithm impls +struct AeadAlgorithm(&'static aead::Algorithm); + +impl AeadAlgorithm { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { + // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. + Box::new(Tls13MessageEncrypter { + enc_key: aead::LessSafeKey::new(aead::UnboundKey::new(self.0, key.as_ref()).unwrap()), + iv, + }) + } + + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { + // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. + Box::new(Tls13MessageDecrypter { + dec_key: aead::LessSafeKey::new(aead::UnboundKey::new(self.0, key.as_ref()).unwrap()), + iv, + }) + } + + fn key_len(&self) -> usize { + self.0.key_len() + } +} + +struct Tls13MessageEncrypter { + enc_key: aead::LessSafeKey, + iv: Iv, +} + +struct Tls13MessageDecrypter { + dec_key: aead::LessSafeKey, + iv: Iv, +} + +impl MessageEncrypter for Tls13MessageEncrypter { + fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { + let total_len = self.encrypted_payload_len(msg.payload.len()); + let mut payload = Vec::with_capacity(total_len); + payload.extend_from_slice(msg.payload); + msg.typ.encode(&mut payload); + + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); + let aad = aead::Aad::from(make_tls13_aad(total_len)); + self.enc_key + .seal_in_place_append_tag(nonce, aad, &mut payload) + .map_err(|_| Error::EncryptError)?; + + Ok(OpaqueMessage::new( + ContentType::ApplicationData, + ProtocolVersion::TLSv1_2, + payload, + )) + } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + 1 + self.enc_key.algorithm().tag_len() + } +} + +impl MessageDecrypter for Tls13MessageDecrypter { + fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { + let payload = msg.payload_mut(); + if payload.len() < self.dec_key.algorithm().tag_len() { + return Err(Error::DecryptError); + } + + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); + let aad = aead::Aad::from(make_tls13_aad(payload.len())); + let plain_len = self + .dec_key + .open_in_place(nonce, aad, payload) + .map_err(|_| Error::DecryptError)? + .len(); + + payload.truncate(plain_len); + msg.into_tls13_unpadded_message() + } +} + +struct RingHkdf(hkdf::Algorithm, hmac::Algorithm); + +impl Hkdf for RingHkdf { + fn extract_from_zero_ikm(&self, salt: Option<&[u8]>) -> Box { + let zeroes = [0u8; OkmBlock::MAX_LEN]; + let salt = match salt { + Some(salt) => salt, + None => &zeroes[..self.0.len()], + }; + Box::new(RingHkdfExpander { + alg: self.0, + prk: hkdf::Salt::new(self.0, salt).extract(&zeroes[..self.0.len()]), + }) + } + + fn extract_from_secret(&self, salt: Option<&[u8]>, secret: &[u8]) -> Box { + let zeroes = [0u8; OkmBlock::MAX_LEN]; + let salt = match salt { + Some(salt) => salt, + None => &zeroes[..self.0.len()], + }; + Box::new(RingHkdfExpander { + alg: self.0, + prk: hkdf::Salt::new(self.0, salt).extract(secret), + }) + } + + fn expander_for_okm(&self, okm: &OkmBlock) -> Box { + Box::new(RingHkdfExpander { + alg: self.0, + prk: hkdf::Prk::new_less_safe(self.0, okm.as_ref()), + }) + } + + fn hmac_sign(&self, key: &OkmBlock, message: &[u8]) -> crypto::hmac::Tag { + crypto::hmac::Tag::new(hmac::sign(&hmac::Key::new(self.1, key.as_ref()), message).as_ref()) + } +} + +struct RingHkdfExpander { + alg: hkdf::Algorithm, + prk: hkdf::Prk, +} + +impl HkdfExpander for RingHkdfExpander { + fn expand_slice(&self, info: &[&[u8]], output: &mut [u8]) -> Result<(), OutputLengthError> { + self.prk + .expand(info, Len(output.len())) + .and_then(|okm| okm.fill(output)) + .map_err(|_| OutputLengthError) + } + + fn expand_block(&self, info: &[&[u8]]) -> OkmBlock { + let mut buf = [0u8; OkmBlock::MAX_LEN]; + let output = &mut buf[..self.hash_len()]; + self.prk + .expand(info, Len(output.len())) + .and_then(|okm| okm.fill(output)) + .unwrap(); + OkmBlock::new(output) + } + + fn hash_len(&self) -> usize { + self.alg.len() + } +} + +struct Len(usize); + +impl KeyType for Len { + fn len(&self) -> usize { + self.0 + } +} diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index dd1b0de2a4..c6b1e8c1c9 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -1,5 +1,3 @@ -#![allow(clippy::duplicate_mod)] - use alloc::boxed::Box; use alloc::vec::Vec; From 2291523d2e5057bea4ec3b40edc38ea08a04d25f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 13 Nov 2023 14:35:18 +0000 Subject: [PATCH 0421/1145] Rename `Tls13MessageEncrypter` -> `AeadMessageEncrypter` --- rustls/src/crypto/aws_lc_rs/tls13.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index a1db2cce66..f91f87ac55 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -150,7 +150,7 @@ struct AeadAlgorithm(&'static aead::Algorithm); impl AeadAlgorithm { fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. - Box::new(Tls13MessageEncrypter { + Box::new(AeadMessageEncrypter { enc_key: aead::LessSafeKey::new(aead::UnboundKey::new(self.0, key.as_ref()).unwrap()), iv, }) @@ -158,7 +158,7 @@ impl AeadAlgorithm { fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. - Box::new(Tls13MessageDecrypter { + Box::new(AeadMessageDecrypter { dec_key: aead::LessSafeKey::new(aead::UnboundKey::new(self.0, key.as_ref()).unwrap()), iv, }) @@ -169,17 +169,17 @@ impl AeadAlgorithm { } } -struct Tls13MessageEncrypter { +struct AeadMessageEncrypter { enc_key: aead::LessSafeKey, iv: Iv, } -struct Tls13MessageDecrypter { +struct AeadMessageDecrypter { dec_key: aead::LessSafeKey, iv: Iv, } -impl MessageEncrypter for Tls13MessageEncrypter { +impl MessageEncrypter for AeadMessageEncrypter { fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = Vec::with_capacity(total_len); @@ -204,7 +204,7 @@ impl MessageEncrypter for Tls13MessageEncrypter { } } -impl MessageDecrypter for Tls13MessageDecrypter { +impl MessageDecrypter for AeadMessageDecrypter { fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { let payload = msg.payload_mut(); if payload.len() < self.dec_key.algorithm().tag_len() { From 3d90b0b9e1d49ab7123d83f37e4e1c56b3ce045e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 13 Nov 2023 15:14:13 +0000 Subject: [PATCH 0422/1145] aws_lc_rs::tls13: Use TlsRecord{Open,Seal}ingKey API Because this API is not available for chacha20-poly1305, we keep the old aead::UnboundKey implementation for use by that. --- rustls/src/crypto/aws_lc_rs/tls13.rs | 99 +++++++++++++++++++++++++--- 1 file changed, 91 insertions(+), 8 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index f91f87ac55..1d3b2d043f 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -76,11 +76,23 @@ struct Chacha20Poly1305Aead(AeadAlgorithm); impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { - self.0.encrypter(key, iv) + // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. + Box::new(AeadMessageEncrypter { + enc_key: aead::LessSafeKey::new( + aead::UnboundKey::new(self.0 .0, key.as_ref()).unwrap(), + ), + iv, + }) } fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { - self.0.decrypter(key, iv) + // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. + Box::new(AeadMessageDecrypter { + dec_key: aead::LessSafeKey::new( + aead::UnboundKey::new(self.0 .0, key.as_ref()).unwrap(), + ), + iv, + }) } fn key_len(&self) -> usize { @@ -148,18 +160,34 @@ impl Tls13AeadAlgorithm for Aes128GcmAead { struct AeadAlgorithm(&'static aead::Algorithm); impl AeadAlgorithm { + // using aead::TlsRecordSealingKey fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { - // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. - Box::new(AeadMessageEncrypter { - enc_key: aead::LessSafeKey::new(aead::UnboundKey::new(self.0, key.as_ref()).unwrap()), + // safety: + // - the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. + // - this function should only be used for `Algorithm::AES_128_GCM` or `Algorithm::AES_256_GCM` + Box::new(GcmMessageEncrypter { + enc_key: aead::TlsRecordSealingKey::new( + self.0, + aead::TlsProtocolId::TLS13, + key.as_ref(), + ) + .unwrap(), iv, }) } + // using aead::TlsRecordOpeningKey fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { - // safety: the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. - Box::new(AeadMessageDecrypter { - dec_key: aead::LessSafeKey::new(aead::UnboundKey::new(self.0, key.as_ref()).unwrap()), + // safety: + // - the caller arranges that `key` is `key_len()` in bytes, so this unwrap is safe. + // - this function should only be used for `Algorithm::AES_128_GCM` or `Algorithm::AES_256_GCM` + Box::new(GcmMessageDecrypter { + dec_key: aead::TlsRecordOpeningKey::new( + self.0, + aead::TlsProtocolId::TLS13, + key.as_ref(), + ) + .unwrap(), iv, }) } @@ -224,6 +252,61 @@ impl MessageDecrypter for AeadMessageDecrypter { } } +struct GcmMessageEncrypter { + enc_key: aead::TlsRecordSealingKey, + iv: Iv, +} + +impl MessageEncrypter for GcmMessageEncrypter { + fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { + let total_len = msg.payload.len() + 1 + self.enc_key.algorithm().tag_len(); + let mut payload = Vec::with_capacity(total_len); + payload.extend_from_slice(msg.payload); + msg.typ.encode(&mut payload); + + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); + let aad = aead::Aad::from(make_tls13_aad(total_len)); + self.enc_key + .seal_in_place_append_tag(nonce, aad, &mut payload) + .map_err(|_| Error::EncryptError)?; + + Ok(OpaqueMessage::new( + ContentType::ApplicationData, + ProtocolVersion::TLSv1_2, + payload, + )) + } + + fn encrypted_payload_len(&self, payload_len: usize) -> usize { + payload_len + 1 + self.enc_key.algorithm().tag_len() + } +} + +struct GcmMessageDecrypter { + dec_key: aead::TlsRecordOpeningKey, + iv: Iv, +} + +impl MessageDecrypter for GcmMessageDecrypter { + fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { + let payload = msg.payload_mut(); + if payload.len() < self.dec_key.algorithm().tag_len() { + return Err(Error::DecryptError); + } + + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); + let aad = aead::Aad::from(make_tls13_aad(payload.len())); + let plain_len = self + .dec_key + .open_in_place(nonce, aad, payload) + .map_err(|_| Error::DecryptError)? + .len(); + + payload.truncate(plain_len); + msg.into_tls13_unpadded_message() + } +} + struct RingHkdf(hkdf::Algorithm, hmac::Algorithm); impl Hkdf for RingHkdf { From c8c46bea4d01d70a571a5644f7640cae7b4563e8 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 16 Nov 2023 09:42:53 +0000 Subject: [PATCH 0423/1145] Run bogo against both ring and aws-lc-rs providers --- admin/coverage | 5 +++++ bogo/runme | 4 ++-- rustls/tests/bogo.rs | 23 ++++++++++++++++++++--- 3 files changed, 27 insertions(+), 5 deletions(-) diff --git a/admin/coverage b/admin/coverage index c4c0d852a2..18d6375659 100755 --- a/admin/coverage +++ b/admin/coverage @@ -7,4 +7,9 @@ cargo llvm-cov clean --workspace cargo build --locked --all-targets --all-features cargo test --locked --all-features + +## bogo +cargo test --locked --all-features run_bogo_tests_ring -- --ignored +cargo test --locked --all-features run_bogo_tests_aws_lc_rs -- --ignored + cargo llvm-cov report "$@" diff --git a/bogo/runme b/bogo/runme index a3b105f5a9..8ac3155e95 100755 --- a/bogo/runme +++ b/bogo/runme @@ -7,10 +7,10 @@ set -xe case ${BOGO_SHIM_PROVIDER:-ring} in ring) - cargo build --example bogo_shim + cargo build -p rustls --example bogo_shim ;; aws-lc-rs) - cargo build --example bogo_shim --no-default-features --features aws_lc_rs,tls12,logging + cargo build -p rustls --example bogo_shim --no-default-features --features aws_lc_rs,tls12,logging ;; existing) ;; diff --git a/rustls/tests/bogo.rs b/rustls/tests/bogo.rs index 258d1be0da..66be49dbad 100644 --- a/rustls/tests/bogo.rs +++ b/rustls/tests/bogo.rs @@ -3,16 +3,33 @@ // and run. #[test] -#[cfg(coverage)] -fn run_bogo_tests() { +#[ignore] +fn run_bogo_tests_ring() { use std::process::Command; let rc = Command::new("./runme") .current_dir("../bogo") + .env("BOGO_SHIM_PROVIDER", "ring") .spawn() .expect("cannot run bogo/runme") .wait() .expect("cannot wait for bogo"); - assert!(rc.success(), "bogo exited non-zero"); + assert!(rc.success(), "bogo (ring) exited non-zero"); +} + +#[test] +#[ignore] +fn run_bogo_tests_aws_lc_rs() { + use std::process::Command; + + let rc = Command::new("./runme") + .current_dir("../bogo") + .env("BOGO_SHIM_PROVIDER", "aws-lc-rs") + .spawn() + .expect("cannot run bogo/runme") + .wait() + .expect("cannot wait for bogo"); + + assert!(rc.success(), "bogo (aws-lc-rs) exited non-zero"); } From ad4ec7775b3e0407e6b3808c1d65486d078eae3c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 17 Nov 2023 15:25:24 +0000 Subject: [PATCH 0424/1145] Make it easier to feature-gate entire bench program --- rustls/examples/internal/bench.rs | 672 +----------------------- rustls/examples/internal/bench_impl.rs | 673 +++++++++++++++++++++++++ 2 files changed, 675 insertions(+), 670 deletions(-) create mode 100644 rustls/examples/internal/bench_impl.rs diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index e185629519..f4dec9d918 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -1,673 +1,5 @@ -// This program does assorted benchmarking of rustls. -// -// Note: we don't use any of the standard 'cargo bench', 'test::Bencher', -// etc. because it's unstable at the time of writing. - -use std::env; -use std::fs; -use std::io::{self, Read, Write}; -use std::ops::Deref; -use std::ops::DerefMut; -use std::sync::Arc; -use std::time::{Duration, Instant}; - -use pki_types::{CertificateDer, PrivateKeyDer}; - -use rustls::client::Resumption; -use rustls::crypto::ring::{cipher_suite, Ticketer}; -use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; -use rustls::RootCertStore; -use rustls::{ClientConfig, ClientConnection}; -use rustls::{ConnectionCommon, SideData}; -use rustls::{ServerConfig, ServerConnection}; - -fn duration_nanos(d: Duration) -> f64 { - (d.as_secs() as f64) + f64::from(d.subsec_nanos()) / 1e9 -} - -fn _bench(count: usize, name: &'static str, f_setup: Fsetup, f_test: Ftest) -where - Fsetup: Fn() -> S, - Ftest: Fn(S), -{ - let mut times = Vec::new(); - - for _ in 0..count { - let state = f_setup(); - let start = Instant::now(); - f_test(state); - times.push(duration_nanos(Instant::now().duration_since(start))); - } - - println!("{}", name); - println!("{:?}", times); -} - -fn time(mut f: F) -> f64 -where - F: FnMut(), -{ - let start = Instant::now(); - f(); - let end = Instant::now(); - duration_nanos(end.duration_since(start)) -} - -fn transfer(left: &mut L, right: &mut R, expect_data: Option) -> f64 -where - L: DerefMut + Deref>, - R: DerefMut + Deref>, - LS: SideData, - RS: SideData, -{ - let mut tls_buf = [0u8; 262144]; - let mut read_time = 0f64; - let mut data_left = expect_data; - let mut data_buf = [0u8; 8192]; - - loop { - let mut sz = 0; - - while left.wants_write() { - let written = left - .write_tls(&mut tls_buf[sz..].as_mut()) - .unwrap(); - if written == 0 { - break; - } - - sz += written; - } - - if sz == 0 { - return read_time; - } - - let mut offs = 0; - loop { - let start = Instant::now(); - match right.read_tls(&mut tls_buf[offs..sz].as_ref()) { - Ok(read) => { - right.process_new_packets().unwrap(); - offs += read; - } - Err(err) => { - panic!("error on transfer {}..{}: {}", offs, sz, err); - } - } - - if let Some(left) = &mut data_left { - loop { - let sz = match right.reader().read(&mut data_buf) { - Ok(sz) => sz, - Err(err) if err.kind() == io::ErrorKind::WouldBlock => break, - Err(err) => panic!("failed to read data: {}", err), - }; - - *left -= sz; - if *left == 0 { - break; - } - } - } - - let end = Instant::now(); - read_time += duration_nanos(end.duration_since(start)); - if sz == offs { - break; - } - } - } -} - -#[derive(PartialEq, Clone, Copy)] -enum ClientAuth { - No, - Yes, -} - -#[derive(PartialEq, Clone, Copy)] -enum ResumptionParam { - No, - SessionId, - Tickets, -} - -impl ResumptionParam { - fn label(&self) -> &'static str { - match *self { - Self::No => "no-resume", - Self::SessionId => "sessionid", - Self::Tickets => "tickets", - } - } -} - -// copied from tests/api.rs -#[derive(PartialEq, Clone, Copy, Debug)] -enum KeyType { - Rsa, - Ecdsa, - Ed25519, -} - -struct BenchmarkParam { - key_type: KeyType, - ciphersuite: rustls::SupportedCipherSuite, - version: &'static rustls::SupportedProtocolVersion, -} - -impl BenchmarkParam { - const fn new( - key_type: KeyType, - ciphersuite: rustls::SupportedCipherSuite, - version: &'static rustls::SupportedProtocolVersion, - ) -> Self { - Self { - key_type, - ciphersuite, - version, - } - } -} - -static ALL_BENCHMARKS: &[BenchmarkParam] = &[ - #[cfg(feature = "tls12")] - BenchmarkParam::new( - KeyType::Rsa, - cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - &rustls::version::TLS12, - ), - #[cfg(feature = "tls12")] - BenchmarkParam::new( - KeyType::Ecdsa, - cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - &rustls::version::TLS12, - ), - #[cfg(feature = "tls12")] - BenchmarkParam::new( - KeyType::Rsa, - cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - &rustls::version::TLS12, - ), - #[cfg(feature = "tls12")] - BenchmarkParam::new( - KeyType::Rsa, - cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - &rustls::version::TLS12, - ), - #[cfg(feature = "tls12")] - BenchmarkParam::new( - KeyType::Rsa, - cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - &rustls::version::TLS12, - ), - #[cfg(feature = "tls12")] - BenchmarkParam::new( - KeyType::Ecdsa, - cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - &rustls::version::TLS12, - ), - #[cfg(feature = "tls12")] - BenchmarkParam::new( - KeyType::Ecdsa, - cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - &rustls::version::TLS12, - ), - BenchmarkParam::new( - KeyType::Rsa, - cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, - &rustls::version::TLS13, - ), - BenchmarkParam::new( - KeyType::Rsa, - cipher_suite::TLS13_AES_256_GCM_SHA384, - &rustls::version::TLS13, - ), - BenchmarkParam::new( - KeyType::Rsa, - cipher_suite::TLS13_AES_128_GCM_SHA256, - &rustls::version::TLS13, - ), - BenchmarkParam::new( - KeyType::Ecdsa, - cipher_suite::TLS13_AES_128_GCM_SHA256, - &rustls::version::TLS13, - ), - BenchmarkParam::new( - KeyType::Ed25519, - cipher_suite::TLS13_AES_128_GCM_SHA256, - &rustls::version::TLS13, - ), -]; - -impl KeyType { - fn path_for(&self, part: &str) -> String { - match self { - Self::Rsa => format!("test-ca/rsa/{}", part), - Self::Ecdsa => format!("test-ca/ecdsa/{}", part), - Self::Ed25519 => format!("test-ca/eddsa/{}", part), - } - } - - fn get_chain(&self) -> Vec> { - rustls_pemfile::certs(&mut io::BufReader::new( - fs::File::open(self.path_for("end.fullchain")).unwrap(), - )) - .map(|result| result.unwrap()) - .collect() - } - - fn get_key(&self) -> PrivateKeyDer<'static> { - rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( - fs::File::open(self.path_for("end.key")).unwrap(), - )) - .next() - .unwrap() - .unwrap() - .into() - } - - fn get_client_chain(&self) -> Vec> { - rustls_pemfile::certs(&mut io::BufReader::new( - fs::File::open(self.path_for("client.fullchain")).unwrap(), - )) - .map(|result| result.unwrap()) - .collect() - } - - fn get_client_key(&self) -> PrivateKeyDer<'static> { - rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( - fs::File::open(self.path_for("client.key")).unwrap(), - )) - .next() - .unwrap() - .unwrap() - .into() - } -} - -fn make_server_config( - params: &BenchmarkParam, - client_auth: ClientAuth, - resume: ResumptionParam, - max_fragment_size: Option, -) -> ServerConfig { - let client_auth = match client_auth { - ClientAuth::Yes => { - let roots = params.key_type.get_chain(); - let mut client_auth_roots = RootCertStore::empty(); - for root in roots { - client_auth_roots.add(root).unwrap(); - } - WebPkiClientVerifier::builder(client_auth_roots.into()) - .build() - .unwrap() - } - ClientAuth::No => WebPkiClientVerifier::no_client_auth(), - }; - - let mut cfg = ServerConfig::builder() - .with_safe_default_cipher_suites() - .with_safe_default_kx_groups() - .with_protocol_versions(&[params.version]) - .unwrap() - .with_client_cert_verifier(client_auth) - .with_single_cert(params.key_type.get_chain(), params.key_type.get_key()) - .expect("bad certs/private key?"); - - if resume == ResumptionParam::SessionId { - cfg.session_storage = ServerSessionMemoryCache::new(128); - } else if resume == ResumptionParam::Tickets { - cfg.ticketer = Ticketer::new().unwrap(); - } else { - cfg.session_storage = Arc::new(NoServerSessionStorage {}); - } - - cfg.max_fragment_size = max_fragment_size; - cfg -} - -fn make_client_config( - params: &BenchmarkParam, - clientauth: ClientAuth, - resume: ResumptionParam, -) -> ClientConfig { - let mut root_store = RootCertStore::empty(); - let mut rootbuf = - io::BufReader::new(fs::File::open(params.key_type.path_for("ca.cert")).unwrap()); - root_store.add_parsable_certificates( - rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), - ); - - let cfg = ClientConfig::builder() - .with_cipher_suites(&[params.ciphersuite]) - .with_safe_default_kx_groups() - .with_protocol_versions(&[params.version]) - .unwrap() - .with_root_certificates(root_store); - - let mut cfg = if clientauth == ClientAuth::Yes { - cfg.with_client_auth_cert( - params.key_type.get_client_chain(), - params.key_type.get_client_key(), - ) - .unwrap() - } else { - cfg.with_no_client_auth() - }; - - if resume != ResumptionParam::No { - cfg.resumption = Resumption::in_memory_sessions(128); - } else { - cfg.resumption = Resumption::disabled(); - } - - cfg -} - -fn apply_work_multiplier(work: u64) -> u64 { - let mul = match env::var("BENCH_MULTIPLIER") { - Ok(val) => val - .parse::() - .expect("invalid BENCH_MULTIPLIER value"), - Err(_) => 1., - }; - - ((work as f64) * mul).round() as u64 -} - -fn bench_handshake(params: &BenchmarkParam, clientauth: ClientAuth, resume: ResumptionParam) { - let client_config = Arc::new(make_client_config(params, clientauth, resume)); - let server_config = Arc::new(make_server_config(params, clientauth, resume, None)); - - assert!(params.ciphersuite.version() == params.version); - - let rounds = apply_work_multiplier(if resume == ResumptionParam::No { - 512 - } else { - 4096 - }); - let mut client_time = 0f64; - let mut server_time = 0f64; - - for _ in 0..rounds { - let server_name = "localhost".try_into().unwrap(); - let mut client = ClientConnection::new(Arc::clone(&client_config), server_name).unwrap(); - let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); - - server_time += time(|| { - transfer(&mut client, &mut server, None); - }); - client_time += time(|| { - transfer(&mut server, &mut client, None); - }); - server_time += time(|| { - transfer(&mut client, &mut server, None); - }); - client_time += time(|| { - transfer(&mut server, &mut client, None); - }); - } - - println!( - "handshakes\t{:?}\t{:?}\t{:?}\tclient\t{}\t{}\t{:.2}\thandshake/s", - params.version, - params.key_type, - params.ciphersuite.suite(), - if clientauth == ClientAuth::Yes { - "mutual" - } else { - "server-auth" - }, - resume.label(), - (rounds as f64) / client_time - ); - println!( - "handshakes\t{:?}\t{:?}\t{:?}\tserver\t{}\t{}\t{:.2}\thandshake/s", - params.version, - params.key_type, - params.ciphersuite.suite(), - if clientauth == ClientAuth::Yes { - "mutual" - } else { - "server-auth" - }, - resume.label(), - (rounds as f64) / server_time - ); -} - -fn do_handshake_step(client: &mut ClientConnection, server: &mut ServerConnection) -> bool { - if server.is_handshaking() || client.is_handshaking() { - transfer(client, server, None); - transfer(server, client, None); - true - } else { - false - } -} - -fn do_handshake(client: &mut ClientConnection, server: &mut ServerConnection) { - while do_handshake_step(client, server) {} -} - -fn bench_bulk(params: &BenchmarkParam, plaintext_size: u64, max_fragment_size: Option) { - let client_config = Arc::new(make_client_config( - params, - ClientAuth::No, - ResumptionParam::No, - )); - let server_config = Arc::new(make_server_config( - params, - ClientAuth::No, - ResumptionParam::No, - max_fragment_size, - )); - - let server_name = "localhost".try_into().unwrap(); - let mut client = ClientConnection::new(client_config, server_name).unwrap(); - client.set_buffer_limit(None); - let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); - server.set_buffer_limit(None); - - do_handshake(&mut client, &mut server); - - let buf = vec![0; plaintext_size as usize]; - let total_data = apply_work_multiplier(if plaintext_size < 8192 { - 64 * 1024 * 1024 - } else { - 1024 * 1024 * 1024 - }); - let rounds = total_data / plaintext_size; - let mut time_send = 0f64; - let mut time_recv = 0f64; - - for _ in 0..rounds { - time_send += time(|| { - server.writer().write_all(&buf).unwrap(); - }); - - time_recv += transfer(&mut server, &mut client, Some(buf.len())); - } - - let mfs_str = format!( - "max_fragment_size:{}", - max_fragment_size - .map(|v| v.to_string()) - .unwrap_or_else(|| "default".to_string()) - ); - let total_mbs = ((plaintext_size * rounds) as f64) / (1024. * 1024.); - println!( - "bulk\t{:?}\t{:?}\t{}\tsend\t{:.2}\tMB/s", - params.version, - params.ciphersuite.suite(), - mfs_str, - total_mbs / time_send - ); - println!( - "bulk\t{:?}\t{:?}\t{}\trecv\t{:.2}\tMB/s", - params.version, - params.ciphersuite.suite(), - mfs_str, - total_mbs / time_recv - ); -} - -fn bench_memory(params: &BenchmarkParam, conn_count: u64) { - let client_config = Arc::new(make_client_config( - params, - ClientAuth::No, - ResumptionParam::No, - )); - let server_config = Arc::new(make_server_config( - params, - ClientAuth::No, - ResumptionParam::No, - None, - )); - - // The target here is to end up with conn_count post-handshake - // server and client sessions. - let conn_count = (conn_count / 2) as usize; - let mut servers = Vec::with_capacity(conn_count); - let mut clients = Vec::with_capacity(conn_count); - - for _i in 0..conn_count { - servers.push(ServerConnection::new(Arc::clone(&server_config)).unwrap()); - let server_name = "localhost".try_into().unwrap(); - clients.push(ClientConnection::new(Arc::clone(&client_config), server_name).unwrap()); - } - - for _step in 0..5 { - for (client, server) in clients - .iter_mut() - .zip(servers.iter_mut()) - { - do_handshake_step(client, server); - } - } - - for client in clients.iter_mut() { - client - .writer() - .write_all(&[0u8; 1024]) - .unwrap(); - } - - for (client, server) in clients - .iter_mut() - .zip(servers.iter_mut()) - { - transfer(client, server, Some(1024)); - } -} - -fn lookup_matching_benches(name: &str) -> Vec<&BenchmarkParam> { - let r: Vec<&BenchmarkParam> = ALL_BENCHMARKS - .iter() - .filter(|params| { - format!("{:?}", params.ciphersuite.suite()).to_lowercase() == name.to_lowercase() - }) - .collect(); - - if r.is_empty() { - panic!("unknown suite {:?}", name); - } - - r -} - -fn selected_tests(mut args: env::Args) { - let mode = args - .next() - .expect("first argument must be mode"); - - match mode.as_ref() { - "bulk" => match args.next() { - Some(suite) => { - let len = args - .next() - .map(|arg| { - arg.parse::() - .expect("3rd arg must be plaintext size integer") - }) - .unwrap_or(1048576); - let mfs = args.next().map(|arg| { - arg.parse::() - .expect("4th arg must be max_fragment_size integer") - }); - for param in lookup_matching_benches(&suite).iter() { - bench_bulk(param, len, mfs); - } - } - None => { - panic!("bulk needs ciphersuite argument"); - } - }, - - "handshake" | "handshake-resume" | "handshake-ticket" => match args.next() { - Some(suite) => { - let resume = if mode == "handshake" { - ResumptionParam::No - } else if mode == "handshake-resume" { - ResumptionParam::SessionId - } else { - ResumptionParam::Tickets - }; - - for param in lookup_matching_benches(&suite).iter() { - bench_handshake(param, ClientAuth::No, resume); - } - } - None => { - panic!("handshake* needs ciphersuite argument"); - } - }, - - "memory" => match args.next() { - Some(suite) => { - let count = args - .next() - .map(|arg| { - arg.parse::() - .expect("3rd arg must be connection count integer") - }) - .unwrap_or(1000000); - for param in lookup_matching_benches(&suite).iter() { - bench_memory(param, count); - } - } - None => { - panic!("memory needs ciphersuite argument"); - } - }, - - _ => { - panic!("unsupported mode {:?}", mode); - } - } -} - -fn all_tests() { - for test in ALL_BENCHMARKS.iter() { - bench_bulk(test, 1024 * 1024, None); - bench_bulk(test, 1024 * 1024, Some(10000)); - bench_handshake(test, ClientAuth::No, ResumptionParam::No); - bench_handshake(test, ClientAuth::Yes, ResumptionParam::No); - bench_handshake(test, ClientAuth::No, ResumptionParam::SessionId); - bench_handshake(test, ClientAuth::Yes, ResumptionParam::SessionId); - bench_handshake(test, ClientAuth::No, ResumptionParam::Tickets); - bench_handshake(test, ClientAuth::Yes, ResumptionParam::Tickets); - } -} +mod bench_impl; fn main() { - let mut args = env::args(); - if args.len() > 1 { - args.next(); - selected_tests(args); - } else { - all_tests(); - } + bench_impl::main(); } diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs new file mode 100644 index 0000000000..e185629519 --- /dev/null +++ b/rustls/examples/internal/bench_impl.rs @@ -0,0 +1,673 @@ +// This program does assorted benchmarking of rustls. +// +// Note: we don't use any of the standard 'cargo bench', 'test::Bencher', +// etc. because it's unstable at the time of writing. + +use std::env; +use std::fs; +use std::io::{self, Read, Write}; +use std::ops::Deref; +use std::ops::DerefMut; +use std::sync::Arc; +use std::time::{Duration, Instant}; + +use pki_types::{CertificateDer, PrivateKeyDer}; + +use rustls::client::Resumption; +use rustls::crypto::ring::{cipher_suite, Ticketer}; +use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; +use rustls::RootCertStore; +use rustls::{ClientConfig, ClientConnection}; +use rustls::{ConnectionCommon, SideData}; +use rustls::{ServerConfig, ServerConnection}; + +fn duration_nanos(d: Duration) -> f64 { + (d.as_secs() as f64) + f64::from(d.subsec_nanos()) / 1e9 +} + +fn _bench(count: usize, name: &'static str, f_setup: Fsetup, f_test: Ftest) +where + Fsetup: Fn() -> S, + Ftest: Fn(S), +{ + let mut times = Vec::new(); + + for _ in 0..count { + let state = f_setup(); + let start = Instant::now(); + f_test(state); + times.push(duration_nanos(Instant::now().duration_since(start))); + } + + println!("{}", name); + println!("{:?}", times); +} + +fn time(mut f: F) -> f64 +where + F: FnMut(), +{ + let start = Instant::now(); + f(); + let end = Instant::now(); + duration_nanos(end.duration_since(start)) +} + +fn transfer(left: &mut L, right: &mut R, expect_data: Option) -> f64 +where + L: DerefMut + Deref>, + R: DerefMut + Deref>, + LS: SideData, + RS: SideData, +{ + let mut tls_buf = [0u8; 262144]; + let mut read_time = 0f64; + let mut data_left = expect_data; + let mut data_buf = [0u8; 8192]; + + loop { + let mut sz = 0; + + while left.wants_write() { + let written = left + .write_tls(&mut tls_buf[sz..].as_mut()) + .unwrap(); + if written == 0 { + break; + } + + sz += written; + } + + if sz == 0 { + return read_time; + } + + let mut offs = 0; + loop { + let start = Instant::now(); + match right.read_tls(&mut tls_buf[offs..sz].as_ref()) { + Ok(read) => { + right.process_new_packets().unwrap(); + offs += read; + } + Err(err) => { + panic!("error on transfer {}..{}: {}", offs, sz, err); + } + } + + if let Some(left) = &mut data_left { + loop { + let sz = match right.reader().read(&mut data_buf) { + Ok(sz) => sz, + Err(err) if err.kind() == io::ErrorKind::WouldBlock => break, + Err(err) => panic!("failed to read data: {}", err), + }; + + *left -= sz; + if *left == 0 { + break; + } + } + } + + let end = Instant::now(); + read_time += duration_nanos(end.duration_since(start)); + if sz == offs { + break; + } + } + } +} + +#[derive(PartialEq, Clone, Copy)] +enum ClientAuth { + No, + Yes, +} + +#[derive(PartialEq, Clone, Copy)] +enum ResumptionParam { + No, + SessionId, + Tickets, +} + +impl ResumptionParam { + fn label(&self) -> &'static str { + match *self { + Self::No => "no-resume", + Self::SessionId => "sessionid", + Self::Tickets => "tickets", + } + } +} + +// copied from tests/api.rs +#[derive(PartialEq, Clone, Copy, Debug)] +enum KeyType { + Rsa, + Ecdsa, + Ed25519, +} + +struct BenchmarkParam { + key_type: KeyType, + ciphersuite: rustls::SupportedCipherSuite, + version: &'static rustls::SupportedProtocolVersion, +} + +impl BenchmarkParam { + const fn new( + key_type: KeyType, + ciphersuite: rustls::SupportedCipherSuite, + version: &'static rustls::SupportedProtocolVersion, + ) -> Self { + Self { + key_type, + ciphersuite, + version, + } + } +} + +static ALL_BENCHMARKS: &[BenchmarkParam] = &[ + #[cfg(feature = "tls12")] + BenchmarkParam::new( + KeyType::Rsa, + cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + &rustls::version::TLS12, + ), + #[cfg(feature = "tls12")] + BenchmarkParam::new( + KeyType::Ecdsa, + cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + &rustls::version::TLS12, + ), + #[cfg(feature = "tls12")] + BenchmarkParam::new( + KeyType::Rsa, + cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + &rustls::version::TLS12, + ), + #[cfg(feature = "tls12")] + BenchmarkParam::new( + KeyType::Rsa, + cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + &rustls::version::TLS12, + ), + #[cfg(feature = "tls12")] + BenchmarkParam::new( + KeyType::Rsa, + cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + &rustls::version::TLS12, + ), + #[cfg(feature = "tls12")] + BenchmarkParam::new( + KeyType::Ecdsa, + cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + &rustls::version::TLS12, + ), + #[cfg(feature = "tls12")] + BenchmarkParam::new( + KeyType::Ecdsa, + cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + &rustls::version::TLS12, + ), + BenchmarkParam::new( + KeyType::Rsa, + cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, + &rustls::version::TLS13, + ), + BenchmarkParam::new( + KeyType::Rsa, + cipher_suite::TLS13_AES_256_GCM_SHA384, + &rustls::version::TLS13, + ), + BenchmarkParam::new( + KeyType::Rsa, + cipher_suite::TLS13_AES_128_GCM_SHA256, + &rustls::version::TLS13, + ), + BenchmarkParam::new( + KeyType::Ecdsa, + cipher_suite::TLS13_AES_128_GCM_SHA256, + &rustls::version::TLS13, + ), + BenchmarkParam::new( + KeyType::Ed25519, + cipher_suite::TLS13_AES_128_GCM_SHA256, + &rustls::version::TLS13, + ), +]; + +impl KeyType { + fn path_for(&self, part: &str) -> String { + match self { + Self::Rsa => format!("test-ca/rsa/{}", part), + Self::Ecdsa => format!("test-ca/ecdsa/{}", part), + Self::Ed25519 => format!("test-ca/eddsa/{}", part), + } + } + + fn get_chain(&self) -> Vec> { + rustls_pemfile::certs(&mut io::BufReader::new( + fs::File::open(self.path_for("end.fullchain")).unwrap(), + )) + .map(|result| result.unwrap()) + .collect() + } + + fn get_key(&self) -> PrivateKeyDer<'static> { + rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( + fs::File::open(self.path_for("end.key")).unwrap(), + )) + .next() + .unwrap() + .unwrap() + .into() + } + + fn get_client_chain(&self) -> Vec> { + rustls_pemfile::certs(&mut io::BufReader::new( + fs::File::open(self.path_for("client.fullchain")).unwrap(), + )) + .map(|result| result.unwrap()) + .collect() + } + + fn get_client_key(&self) -> PrivateKeyDer<'static> { + rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( + fs::File::open(self.path_for("client.key")).unwrap(), + )) + .next() + .unwrap() + .unwrap() + .into() + } +} + +fn make_server_config( + params: &BenchmarkParam, + client_auth: ClientAuth, + resume: ResumptionParam, + max_fragment_size: Option, +) -> ServerConfig { + let client_auth = match client_auth { + ClientAuth::Yes => { + let roots = params.key_type.get_chain(); + let mut client_auth_roots = RootCertStore::empty(); + for root in roots { + client_auth_roots.add(root).unwrap(); + } + WebPkiClientVerifier::builder(client_auth_roots.into()) + .build() + .unwrap() + } + ClientAuth::No => WebPkiClientVerifier::no_client_auth(), + }; + + let mut cfg = ServerConfig::builder() + .with_safe_default_cipher_suites() + .with_safe_default_kx_groups() + .with_protocol_versions(&[params.version]) + .unwrap() + .with_client_cert_verifier(client_auth) + .with_single_cert(params.key_type.get_chain(), params.key_type.get_key()) + .expect("bad certs/private key?"); + + if resume == ResumptionParam::SessionId { + cfg.session_storage = ServerSessionMemoryCache::new(128); + } else if resume == ResumptionParam::Tickets { + cfg.ticketer = Ticketer::new().unwrap(); + } else { + cfg.session_storage = Arc::new(NoServerSessionStorage {}); + } + + cfg.max_fragment_size = max_fragment_size; + cfg +} + +fn make_client_config( + params: &BenchmarkParam, + clientauth: ClientAuth, + resume: ResumptionParam, +) -> ClientConfig { + let mut root_store = RootCertStore::empty(); + let mut rootbuf = + io::BufReader::new(fs::File::open(params.key_type.path_for("ca.cert")).unwrap()); + root_store.add_parsable_certificates( + rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), + ); + + let cfg = ClientConfig::builder() + .with_cipher_suites(&[params.ciphersuite]) + .with_safe_default_kx_groups() + .with_protocol_versions(&[params.version]) + .unwrap() + .with_root_certificates(root_store); + + let mut cfg = if clientauth == ClientAuth::Yes { + cfg.with_client_auth_cert( + params.key_type.get_client_chain(), + params.key_type.get_client_key(), + ) + .unwrap() + } else { + cfg.with_no_client_auth() + }; + + if resume != ResumptionParam::No { + cfg.resumption = Resumption::in_memory_sessions(128); + } else { + cfg.resumption = Resumption::disabled(); + } + + cfg +} + +fn apply_work_multiplier(work: u64) -> u64 { + let mul = match env::var("BENCH_MULTIPLIER") { + Ok(val) => val + .parse::() + .expect("invalid BENCH_MULTIPLIER value"), + Err(_) => 1., + }; + + ((work as f64) * mul).round() as u64 +} + +fn bench_handshake(params: &BenchmarkParam, clientauth: ClientAuth, resume: ResumptionParam) { + let client_config = Arc::new(make_client_config(params, clientauth, resume)); + let server_config = Arc::new(make_server_config(params, clientauth, resume, None)); + + assert!(params.ciphersuite.version() == params.version); + + let rounds = apply_work_multiplier(if resume == ResumptionParam::No { + 512 + } else { + 4096 + }); + let mut client_time = 0f64; + let mut server_time = 0f64; + + for _ in 0..rounds { + let server_name = "localhost".try_into().unwrap(); + let mut client = ClientConnection::new(Arc::clone(&client_config), server_name).unwrap(); + let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); + + server_time += time(|| { + transfer(&mut client, &mut server, None); + }); + client_time += time(|| { + transfer(&mut server, &mut client, None); + }); + server_time += time(|| { + transfer(&mut client, &mut server, None); + }); + client_time += time(|| { + transfer(&mut server, &mut client, None); + }); + } + + println!( + "handshakes\t{:?}\t{:?}\t{:?}\tclient\t{}\t{}\t{:.2}\thandshake/s", + params.version, + params.key_type, + params.ciphersuite.suite(), + if clientauth == ClientAuth::Yes { + "mutual" + } else { + "server-auth" + }, + resume.label(), + (rounds as f64) / client_time + ); + println!( + "handshakes\t{:?}\t{:?}\t{:?}\tserver\t{}\t{}\t{:.2}\thandshake/s", + params.version, + params.key_type, + params.ciphersuite.suite(), + if clientauth == ClientAuth::Yes { + "mutual" + } else { + "server-auth" + }, + resume.label(), + (rounds as f64) / server_time + ); +} + +fn do_handshake_step(client: &mut ClientConnection, server: &mut ServerConnection) -> bool { + if server.is_handshaking() || client.is_handshaking() { + transfer(client, server, None); + transfer(server, client, None); + true + } else { + false + } +} + +fn do_handshake(client: &mut ClientConnection, server: &mut ServerConnection) { + while do_handshake_step(client, server) {} +} + +fn bench_bulk(params: &BenchmarkParam, plaintext_size: u64, max_fragment_size: Option) { + let client_config = Arc::new(make_client_config( + params, + ClientAuth::No, + ResumptionParam::No, + )); + let server_config = Arc::new(make_server_config( + params, + ClientAuth::No, + ResumptionParam::No, + max_fragment_size, + )); + + let server_name = "localhost".try_into().unwrap(); + let mut client = ClientConnection::new(client_config, server_name).unwrap(); + client.set_buffer_limit(None); + let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); + server.set_buffer_limit(None); + + do_handshake(&mut client, &mut server); + + let buf = vec![0; plaintext_size as usize]; + let total_data = apply_work_multiplier(if plaintext_size < 8192 { + 64 * 1024 * 1024 + } else { + 1024 * 1024 * 1024 + }); + let rounds = total_data / plaintext_size; + let mut time_send = 0f64; + let mut time_recv = 0f64; + + for _ in 0..rounds { + time_send += time(|| { + server.writer().write_all(&buf).unwrap(); + }); + + time_recv += transfer(&mut server, &mut client, Some(buf.len())); + } + + let mfs_str = format!( + "max_fragment_size:{}", + max_fragment_size + .map(|v| v.to_string()) + .unwrap_or_else(|| "default".to_string()) + ); + let total_mbs = ((plaintext_size * rounds) as f64) / (1024. * 1024.); + println!( + "bulk\t{:?}\t{:?}\t{}\tsend\t{:.2}\tMB/s", + params.version, + params.ciphersuite.suite(), + mfs_str, + total_mbs / time_send + ); + println!( + "bulk\t{:?}\t{:?}\t{}\trecv\t{:.2}\tMB/s", + params.version, + params.ciphersuite.suite(), + mfs_str, + total_mbs / time_recv + ); +} + +fn bench_memory(params: &BenchmarkParam, conn_count: u64) { + let client_config = Arc::new(make_client_config( + params, + ClientAuth::No, + ResumptionParam::No, + )); + let server_config = Arc::new(make_server_config( + params, + ClientAuth::No, + ResumptionParam::No, + None, + )); + + // The target here is to end up with conn_count post-handshake + // server and client sessions. + let conn_count = (conn_count / 2) as usize; + let mut servers = Vec::with_capacity(conn_count); + let mut clients = Vec::with_capacity(conn_count); + + for _i in 0..conn_count { + servers.push(ServerConnection::new(Arc::clone(&server_config)).unwrap()); + let server_name = "localhost".try_into().unwrap(); + clients.push(ClientConnection::new(Arc::clone(&client_config), server_name).unwrap()); + } + + for _step in 0..5 { + for (client, server) in clients + .iter_mut() + .zip(servers.iter_mut()) + { + do_handshake_step(client, server); + } + } + + for client in clients.iter_mut() { + client + .writer() + .write_all(&[0u8; 1024]) + .unwrap(); + } + + for (client, server) in clients + .iter_mut() + .zip(servers.iter_mut()) + { + transfer(client, server, Some(1024)); + } +} + +fn lookup_matching_benches(name: &str) -> Vec<&BenchmarkParam> { + let r: Vec<&BenchmarkParam> = ALL_BENCHMARKS + .iter() + .filter(|params| { + format!("{:?}", params.ciphersuite.suite()).to_lowercase() == name.to_lowercase() + }) + .collect(); + + if r.is_empty() { + panic!("unknown suite {:?}", name); + } + + r +} + +fn selected_tests(mut args: env::Args) { + let mode = args + .next() + .expect("first argument must be mode"); + + match mode.as_ref() { + "bulk" => match args.next() { + Some(suite) => { + let len = args + .next() + .map(|arg| { + arg.parse::() + .expect("3rd arg must be plaintext size integer") + }) + .unwrap_or(1048576); + let mfs = args.next().map(|arg| { + arg.parse::() + .expect("4th arg must be max_fragment_size integer") + }); + for param in lookup_matching_benches(&suite).iter() { + bench_bulk(param, len, mfs); + } + } + None => { + panic!("bulk needs ciphersuite argument"); + } + }, + + "handshake" | "handshake-resume" | "handshake-ticket" => match args.next() { + Some(suite) => { + let resume = if mode == "handshake" { + ResumptionParam::No + } else if mode == "handshake-resume" { + ResumptionParam::SessionId + } else { + ResumptionParam::Tickets + }; + + for param in lookup_matching_benches(&suite).iter() { + bench_handshake(param, ClientAuth::No, resume); + } + } + None => { + panic!("handshake* needs ciphersuite argument"); + } + }, + + "memory" => match args.next() { + Some(suite) => { + let count = args + .next() + .map(|arg| { + arg.parse::() + .expect("3rd arg must be connection count integer") + }) + .unwrap_or(1000000); + for param in lookup_matching_benches(&suite).iter() { + bench_memory(param, count); + } + } + None => { + panic!("memory needs ciphersuite argument"); + } + }, + + _ => { + panic!("unsupported mode {:?}", mode); + } + } +} + +fn all_tests() { + for test in ALL_BENCHMARKS.iter() { + bench_bulk(test, 1024 * 1024, None); + bench_bulk(test, 1024 * 1024, Some(10000)); + bench_handshake(test, ClientAuth::No, ResumptionParam::No); + bench_handshake(test, ClientAuth::Yes, ResumptionParam::No); + bench_handshake(test, ClientAuth::No, ResumptionParam::SessionId); + bench_handshake(test, ClientAuth::Yes, ResumptionParam::SessionId); + bench_handshake(test, ClientAuth::No, ResumptionParam::Tickets); + bench_handshake(test, ClientAuth::Yes, ResumptionParam::Tickets); + } +} + +fn main() { + let mut args = env::args(); + if args.len() > 1 { + args.next(); + selected_tests(args); + } else { + all_tests(); + } +} From beae45c35d7db95d5143941a3345dc583133a590 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 14 Nov 2023 15:55:18 +0000 Subject: [PATCH 0425/1145] Support aws-lc-rs in integration-level benchmarks --- .github/workflows/build.yml | 9 +++++--- rustls/Cargo.toml | 1 - rustls/examples/internal/bench.rs | 5 +++++ rustls/examples/internal/bench_impl.rs | 31 ++++++++++++++------------ 4 files changed, 28 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a3a4021d12..ff3c615667 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -177,11 +177,14 @@ jobs: - name: Install stable toolchain uses: dtolnay/rust-toolchain@nightly - - name: Smoke-test benchmark program - run: cargo run --release --locked --example bench + - name: Smoke-test benchmark program (ring) + run: cargo run -p rustls --release --locked --example bench + + - name: Smoke-test benchmark program (aws-lc-rs) + run: cargo run -p rustls --release --locked --example bench --no-default-features --features aws_lc_rs,tls12 - name: Run micro-benchmarks - run: cargo bench --locked + run: cargo bench --locked --all-features env: RUSTFLAGS: --cfg=bench diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index c0f1fe19e1..a0b989ae19 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -48,7 +48,6 @@ required-features = ["tls12"] [[example]] name = "bench" path = "examples/internal/bench.rs" -required-features = ["ring"] [[bench]] name = "benchmarks" diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs index f4dec9d918..06217da1d8 100644 --- a/rustls/examples/internal/bench.rs +++ b/rustls/examples/internal/bench.rs @@ -1,5 +1,10 @@ +#[cfg(any(feature = "ring", feature = "aws_lc_rs"))] mod bench_impl; fn main() { + #[cfg(any(feature = "ring", feature = "aws_lc_rs"))] bench_impl::main(); + + #[cfg(not(any(feature = "ring", feature = "aws_lc_rs")))] + panic!("no provider to test"); } diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index e185629519..37899e020f 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -14,13 +14,26 @@ use std::time::{Duration, Instant}; use pki_types::{CertificateDer, PrivateKeyDer}; use rustls::client::Resumption; -use rustls::crypto::ring::{cipher_suite, Ticketer}; +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +use rustls::crypto::aws_lc_rs::{cipher_suite, Ticketer, AWS_LC_RS as PROVIDER}; +#[cfg(feature = "ring")] +use rustls::crypto::ring::{cipher_suite, Ticketer, RING as PROVIDER}; use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; use rustls::RootCertStore; use rustls::{ClientConfig, ClientConnection}; use rustls::{ConnectionCommon, SideData}; use rustls::{ServerConfig, ServerConnection}; +pub fn main() { + let mut args = std::env::args(); + if args.len() > 1 { + args.next(); + selected_tests(args); + } else { + all_tests(); + } +} + fn duration_nanos(d: Duration) -> f64 { (d.as_secs() as f64) + f64::from(d.subsec_nanos()) / 1e9 } @@ -300,14 +313,14 @@ fn make_server_config( for root in roots { client_auth_roots.add(root).unwrap(); } - WebPkiClientVerifier::builder(client_auth_roots.into()) + WebPkiClientVerifier::builder_with_provider(client_auth_roots.into(), PROVIDER) .build() .unwrap() } ClientAuth::No => WebPkiClientVerifier::no_client_auth(), }; - let mut cfg = ServerConfig::builder() + let mut cfg = ServerConfig::builder_with_provider(PROVIDER) .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(&[params.version]) @@ -340,7 +353,7 @@ fn make_client_config( rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), ); - let cfg = ClientConfig::builder() + let cfg = ClientConfig::builder_with_provider(PROVIDER) .with_cipher_suites(&[params.ciphersuite]) .with_safe_default_kx_groups() .with_protocol_versions(&[params.version]) @@ -661,13 +674,3 @@ fn all_tests() { bench_handshake(test, ClientAuth::Yes, ResumptionParam::Tickets); } } - -fn main() { - let mut args = env::args(); - if args.len() > 1 { - args.next(); - selected_tests(args); - } else { - all_tests(); - } -} From c1e34d1c81f4191d14ae19817f5bd0bce7b9b2fa Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 15 Nov 2023 15:37:17 +0000 Subject: [PATCH 0426/1145] Outlaw and test `export_keying_material` with empty output This is not useful. --- rustls/src/conn.rs | 8 ++++++++ rustls/tests/api.rs | 18 ++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 1bf8bee9b1..d219b0f615 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -539,6 +539,8 @@ impl ConnectionCommon { /// /// This function fails if called prior to the handshake completing; /// check with [`CommonState::is_handshaking`] first. + /// + /// This function fails if `output.len()` is zero. #[inline] pub fn export_keying_material>( &self, @@ -740,6 +742,12 @@ impl ConnectionCore { label: &[u8], context: Option<&[u8]>, ) -> Result { + if output.as_mut().is_empty() { + return Err(Error::General( + "export_keying_material with zero-length output".into(), + )); + } + match self.state.as_ref() { Ok(st) => st .export_keying_material(output.as_mut(), label, context) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 5d011d6691..e614f3f84d 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -2698,6 +2698,24 @@ fn do_exporter_test(client_config: ClientConfig, server_config: ServerConfig) { .is_ok()); assert_eq!(client_secret.to_vec(), server_secret.to_vec()); + let mut empty = vec![]; + assert_eq!( + client + .export_keying_material(&mut empty, b"label", Some(b"context")) + .err(), + Some(Error::General( + "export_keying_material with zero-length output".into() + )) + ); + assert_eq!( + server + .export_keying_material(&mut empty, b"label", Some(b"context")) + .err(), + Some(Error::General( + "export_keying_material with zero-length output".into() + )) + ); + assert!(client .export_keying_material(&mut client_secret, b"label", None) .is_ok()); From b4e71864b49d23d63005092d4ab2d23e8e3af532 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 21 Nov 2023 13:23:28 +0000 Subject: [PATCH 0427/1145] Remove misleading/outdated comments --- rustls/src/crypto/signer.rs | 2 +- rustls/src/server/common.rs | 3 +-- rustls/src/suites.rs | 3 --- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index a5cf5c62a7..ca63b67ff8 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -30,7 +30,7 @@ pub trait Signer: Debug + Send + Sync { } /// A packaged-together certificate chain, matching `SigningKey` and -/// optional stapled OCSP response and/or SCT list. +/// optional stapled OCSP response. #[derive(Clone, Debug)] pub struct CertifiedKey { /// The certificate chain. diff --git a/rustls/src/server/common.rs b/rustls/src/server/common.rs index d4c0d30afb..5e41ed42bb 100644 --- a/rustls/src/server/common.rs +++ b/rustls/src/server/common.rs @@ -2,8 +2,7 @@ use crate::sign; use pki_types::CertificateDer; -/// ActiveCertifiedKey wraps CertifiedKey and tracks OSCP and SCT state -/// in a single handshake. +/// ActiveCertifiedKey wraps [`sign::CertifiedKey`] and tracks OSCP state in a single handshake. pub(super) struct ActiveCertifiedKey<'a> { key: &'a sign::CertifiedKey, ocsp: Option<&'a [u8]>, diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index e814ae63e3..da61b240e7 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -42,9 +42,6 @@ pub struct CipherSuiteCommon { } /// A cipher suite supported by rustls. -/// -/// All possible instances of this type are provided by the library in -/// the [`crypto::ring::ALL_CIPHER_SUITES`] array. #[derive(Clone, Copy, PartialEq)] pub enum SupportedCipherSuite { /// A TLS 1.2 cipher suite From 7595236ddfd6008f5dc6cf10d833fb9820fe7f08 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 21 Nov 2023 13:11:15 +0000 Subject: [PATCH 0428/1145] Expand documentation for `CryptoProvider` and associated --- rustls/src/client/builder.rs | 18 ++++- rustls/src/crypto/mod.rs | 140 ++++++++++++++++++++++++++++++++++- rustls/src/crypto/ring/kx.rs | 2 +- rustls/src/crypto/signer.rs | 10 ++- rustls/src/server/builder.rs | 10 ++- rustls/src/tls12/mod.rs | 16 ++++ rustls/src/tls13/mod.rs | 6 ++ 7 files changed, 193 insertions(+), 9 deletions(-) diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 496bd83e02..0e03f02ab6 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -18,6 +18,19 @@ use core::marker::PhantomData; impl ConfigBuilder { /// Choose how to verify server certificates. + /// + /// Using this function does not configure revocation. If you wish to + /// configure revocation, instead use: + /// + /// ```diff + /// - .with_root_certificates(root_store) + /// + .dangerous() + /// + .with_custom_certificate_verifier( + /// + WebPkiServerVerifier::builder_with_provider(root_store, crypto_provider) + /// + .with_crls(...) + /// + .build()? + /// + ) + /// ``` pub fn with_root_certificates( self, root_store: impl Into>, @@ -99,8 +112,9 @@ impl ConfigBuilder { /// in client authentication. /// /// `cert_chain` is a vector of DER-encoded certificates. - /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key -- the precise - /// set of supported key types and parameters is defined by the selected `CryptoProvider`. + /// `key_der` is a DER-encoded private key -- the precise set of supported key + /// types and parameters is defined by the selected [`CryptoProvider`]'s `load_private_key()` + /// method. /// /// This function fails if `key_der` is invalid. pub fn with_client_auth_cert( diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 76a41e7135..abf81a0fe3 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -45,19 +45,143 @@ pub use crate::rand::GetRandomFailed; pub use crate::msgs::handshake::KeyExchangeAlgorithm; -/// Pluggable crypto galore. +/// Controls core cryptography used by rustls. +/// +/// This crate comes with two built-in options, provided as +/// `&dyn CryptoProvider` values: +/// +/// - [`crate::crypto::ring::RING`]: (behind the `ring` crate feature, which +/// is enabled by default). This provider uses the [*ring*](https://github.com/briansmith/ring) +/// crate. +/// - [`crate::crypto::aws_lc_rs::AWS_LC_RS`]: (behind the `aws_lc_rs` feature, +/// which is optional). This provider uses the [aws-lc-rs](https://github.com/aws/aws-lc-rs) +/// crate. +/// +/// # Using a specific `CryptoProvider` +/// +/// Supply the provider when constructing your [`crate::ClientConfig`] or [`crate::ServerConfig`]: +/// +/// - [`crate::ClientConfig::builder_with_provider()`] +/// - [`crate::ServerConfig::builder_with_provider()`] +/// +/// When creating and configuring a webpki-backed client or server certificate verifier, a choice of +/// provider is also needed to start the configuration process: +/// +/// - [`crate::client::WebPkiServerVerifier::builder_with_provider()`] +/// - [`crate::server::WebPkiClientVerifier::builder_with_provider()`] +/// +/// # Making a custom `CryptoProvider` +/// +/// Naturally start with a type that implements [`crate::crypto::CryptoProvider`]. +/// +/// ## Which elements are required? +/// +/// There is no requirement that the individual elements (`SupportedCipherSuite`, `SupportedKxGroup`, +/// `SigningKey`, etc.) come from the same crate. It is allowed and expected that uninteresting +/// elements would be delegated back to one of the default providers (statically) or a parent +/// provider (dynamically). +/// +/// For example, if we want to make a provider that just overrides key loading in the config builder +/// API ([`crate::ConfigBuilder::with_single_cert`] etc.), it might look like this: +/// +/// ``` +/// # #[cfg(feature = "ring")] { +/// # use std::sync::Arc; +/// # mod fictious_hsm_api { pub fn load_private_key(key_der: pki_types::PrivateKeyDer<'static>) -> ! { unreachable!(); } } +/// use rustls::crypto::ring::RING; +/// +/// #[derive(Debug)] +/// struct HsmKeyLoader; +/// +/// impl rustls::crypto::CryptoProvider for HsmKeyLoader { +/// fn fill_random(&self, buf: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { +/// RING.fill_random(buf) +/// } +/// +/// fn default_cipher_suites(&self) -> &'static [rustls::SupportedCipherSuite] { +/// RING.default_cipher_suites() +/// } +/// +/// fn default_kx_groups(&self) -> &'static [&'static dyn rustls::crypto::SupportedKxGroup] { +/// RING.default_kx_groups() +/// } +/// +/// fn signature_verification_algorithms(&self) -> rustls::WebPkiSupportedAlgorithms { +/// RING.signature_verification_algorithms() +/// } +/// +/// fn load_private_key(&self, key_der: pki_types::PrivateKeyDer<'static>) -> Result, rustls::Error> { +/// fictious_hsm_api::load_private_key(key_der) +/// } +/// } +/// # } +/// ``` +/// +/// ## References to the individual elements +/// +/// The elements are documented separately: +/// +/// - **Random** - see [`crate::crypto::CryptoProvider::fill_random()`]. +/// - **Cipher suites** - see [`crate::SupportedCipherSuite`], [`crate::Tls12CipherSuite`], and +/// [`crate::Tls13CipherSuite`]. +/// - **Key exchange groups** - see [`crate::crypto::SupportedKxGroup`]. +/// - **Signature verification algorithms** - see [`crate::WebPkiSupportedAlgorithms`]. +/// - **Authentication key loading** - see [`crate::crypto::CryptoProvider::load_private_key()`] and +/// [`crate::sign::SigningKey`]. +/// +/// # Example code +/// +/// See [provider-example/] for a full client and server example that uses +/// cryptography from the [rust-crypto] and [dalek-cryptography] projects. +/// +/// ```shell +/// $ cargo run --example client | head -3 +/// Current ciphersuite: TLS13_CHACHA20_POLY1305_SHA256 +/// HTTP/1.1 200 OK +/// Content-Type: text/html; charset=utf-8 +/// Content-Length: 19899 +/// ``` +/// +/// [provider-example/]: https://github.com/rustls/rustls/tree/main/provider-example/ +/// [rust-crypto]: https://github.com/rustcrypto +/// [dalek-cryptography]: https://github.com/dalek-cryptography pub trait CryptoProvider: Send + Sync + Debug + 'static { /// Fill the given buffer with random bytes. + /// + /// The bytes must be sourced from a cryptographically secure random number + /// generator seeded with good quality, secret entropy. + /// + /// This is used for all randomness required by rustls, but not necessarily + /// randomness required by the underlying cryptography library. For example: + /// [`crate::crypto::SupportedKxGroup::start()`] requires random material to generate + /// an ephemeral key exchange key, but this is not included in the interface with + /// rustls: it is assumed that the cryptography library provides for this itself. fn fill_random(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed>; /// Provide a safe set of cipher suites that can be used as the defaults. + /// + /// This is used by [`crate::ConfigBuilder::with_safe_defaults()`] and + /// [`crate::ConfigBuilder::with_safe_default_cipher_suites()`]. + /// + /// Other (non-default) cipher suites can be provided separately and configured + /// by passing them to [`crate::ConfigBuilder::with_cipher_suites()`] fn default_cipher_suites(&self) -> &'static [suites::SupportedCipherSuite]; /// Return a safe set of supported key exchange groups to be used as the defaults. + /// + /// This is used by [`crate::ConfigBuilder::with_safe_defaults()`] and + /// [`crate::ConfigBuilder::with_safe_default_kx_groups()`]. + /// + /// Other (non-default) key exchange groups can be provided separately and configured + /// by passing them to [`crate::ConfigBuilder::with_kx_groups()`]. fn default_kx_groups(&self) -> &'static [&'static dyn SupportedKxGroup]; /// Decode and validate a private signing key from `key_der`. /// + /// This is used by [`crate::ConfigBuilder::with_client_auth_cert()`], [`crate::ConfigBuilder::with_single_cert()`], + /// and [`crate::ConfigBuilder::with_single_cert_with_ocsp()`]. The key types and formats supported by this + /// function directly defines the key types and formats supported in those APIs. + /// /// Return an error if the key type encoding is not supported, or if the key fails validation. fn load_private_key( &self, @@ -67,6 +191,10 @@ pub trait CryptoProvider: Send + Sync + Debug + 'static { /// Return the signature verification algorithms for use with webpki. /// /// These are used for both certificate chain verification and handshake signature verification. + /// + /// This is called by [`crate::ConfigBuilder::with_root_certificates()`], + /// [`crate::server::WebPkiClientVerifier::builder_with_provider()`] and + /// [`crate::client::WebPkiServerVerifier::builder_with_provider()`]. fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms; } @@ -87,6 +215,9 @@ pub trait SupportedKxGroup: Send + Sync + Debug { fn start(&self) -> Result, Error>; /// Named group the SupportedKxGroup operates in. + /// + /// If the `NamedGroup` enum does not have a name for the algorithm you are implementing, + /// you can use [`NamedGroup::Unknown`]. fn name(&self) -> NamedGroup; } @@ -94,6 +225,10 @@ pub trait SupportedKxGroup: Send + Sync + Debug { pub trait ActiveKeyExchange: Send + Sync { /// Completes the key exchange, given the peer's public key. /// + /// This method must return an error if `peer_pub_key` is invalid: either + /// mis-encoded, or an invalid public key (such as, but not limited to, being + /// in a small order subgroup). + /// /// The shared secret is returned as a [`SharedSecret`] which can be constructed /// from a `&[u8]`. /// @@ -101,6 +236,9 @@ pub trait ActiveKeyExchange: Send + Sync { fn complete(self: Box, peer_pub_key: &[u8]) -> Result; /// Return the public key being used. + /// + /// The encoding required is defined in + /// [RFC8446 section 4.2.8.2](https://www.rfc-editor.org/rfc/rfc8446#section-4.2.8.2). fn pub_key(&self) -> &[u8]; /// Return the group being used. diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index 10c24cd3ce..67e9f491d9 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -14,7 +14,7 @@ use core::fmt; /// A key-exchange group supported by *ring*. /// /// All possible instances of this class are provided by the library in -/// the `ALL_KX_GROUPS` array. +/// the [`ALL_KX_GROUPS`] array. struct KxGroup { /// The IANA "TLS Supported Groups" name of the group name: NamedGroup, diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index ca63b67ff8..56031fb1c5 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -9,6 +9,9 @@ use alloc::vec::Vec; use core::fmt::Debug; /// An abstract signing key. +/// +/// This interface is used by rustls to use a private signing key +/// for authentication. This includes server and client authentication. pub trait SigningKey: Debug + Send + Sync { /// Choose a `SignatureScheme` from those offered. /// @@ -23,9 +26,14 @@ pub trait SigningKey: Debug + Send + Sync { /// A thing that can sign a message. pub trait Signer: Debug + Send + Sync { /// Signs `message` using the selected scheme. + /// + /// `message` is not hashed; the implementer must hash it using the hash function + /// implicit in [`Self::scheme()`]. + /// + /// The returned signature format is also defined by [`Self::scheme()`]. fn sign(&self, message: &[u8]) -> Result, Error>; - /// Reveals which scheme will be used when you call `sign()`. + /// Reveals which scheme will be used when you call [`Self::sign()`]. fn scheme(&self) -> SignatureScheme; } diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 6b459f5cce..cd659f989c 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -62,8 +62,9 @@ impl ConfigBuilder { /// disregarded. /// /// `cert_chain` is a vector of DER-encoded certificates. - /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key -- the precise - /// set of supported key types and parameters is defined by the selected `CryptoProvider`. + /// `key_der` is a DER-encoded private key -- the precise set of supported key + /// types and parameters is defined by the selected [`CryptoProvider`]'s `load_private_key()` + /// method. /// /// This function fails if `key_der` is invalid. pub fn with_single_cert( @@ -84,8 +85,9 @@ impl ConfigBuilder { /// subsequent connections, irrespective of things like SNI hostname. /// /// `cert_chain` is a vector of DER-encoded certificates. - /// `key_der` is a DER-encoded RSA, ECDSA, or Ed25519 private key -- the precise - /// set of supported key types and parameters is defined by the selected `CryptoProvider`. + /// `key_der` is a DER-encoded private key -- the precise set of supported key + /// types and parameters is defined by the selected [`CryptoProvider`]'s `load_private_key()` + /// method. /// `ocsp` is a DER-encoded OCSP response. Ignored if zero length. /// /// This function fails if `key_der` is invalid. diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index ca5db22a58..4d5d0a77e9 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -22,12 +22,28 @@ pub struct Tls12CipherSuite { pub common: CipherSuiteCommon, /// How to compute the TLS1.2 PRF for the suite's hash function. + /// + /// If you have a TLS1.2 PRF implementation, you should directly implement the [`crypto::tls12::Prf`] trait. + /// + /// If not, you can implement the [`crypto::hmac::Hmac`] trait (and associated), and then use + /// [`crypto::tls12::PrfUsingHmac`]. pub prf_provider: &'static dyn crypto::tls12::Prf, /// How to exchange/agree keys. + /// + /// In TLS1.2, the key exchange method (eg, Elliptic Curve Diffie-Hellman with Ephemeral keys -- ECDHE) + /// is baked into the cipher suite, but the details to achieve it are negotiated separately. + /// + /// This controls how protocol messages (like the `ClientKeyExchange` message) are interpreted + /// once this cipher suite has been negotiated. pub kx: KeyExchangeAlgorithm, /// How to sign messages for authentication. + /// + /// This is a set of [`SignatureScheme`]s that are usable once this cipher suite has been + /// negotiated. + /// + /// The precise scheme used is then chosen from this set by the selected authentication key. pub sign: &'static [SignatureScheme], /// How to produce a [`MessageDecrypter`] or [`MessageEncrypter`] diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index 0cbeecb2ec..b4e38f0fa9 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -13,6 +13,12 @@ pub struct Tls13CipherSuite { pub common: CipherSuiteCommon, /// How to complete HKDF with the suite's hash function. + /// + /// If you have a HKDF implementation, you should directly implement the `crypto::tls13::Hkdf` + /// trait (and associated). + /// + /// If not, you can implement the [`crypto::hmac::Hmac`] trait (and associated), and then use + /// [`crypto::tls13::HkdfUsingHmac`]. pub hkdf_provider: &'static dyn crypto::tls13::Hkdf, /// How to produce a [MessageDecrypter] or [MessageEncrypter] From 1db4506dcfeb4a08b5517eafba84f16084321786 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 21 Nov 2023 15:32:45 +0000 Subject: [PATCH 0429/1145] Update front page docs for crypto providers --- README.md | 10 ++++++++-- rustls/src/lib.rs | 16 +++++++++++----- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 944f176b88..59797519b5 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ Rustls is a TLS library that aims to provide a good level of cryptographic secur requires no configuration to achieve that security, and provides no unsafe features or obsolete cryptography by default. -## Current features +## Current functionality (with default crate features) * TLS1.2 and TLS1.3. * ECDSA, Ed25519 or RSA server authentication by clients. @@ -83,7 +83,7 @@ need them. ### Platform support -While Rustls itself is platform independent, it uses +While Rustls itself is platform independent, by default it uses [`ring`](https://crates.io/crates/ring) for implementing the cryptography in TLS. As a result, rustls only runs on platforms supported by `ring`. At the time of writing, this means 32-bit ARM, Aarch64 (64-bit ARM), @@ -92,6 +92,12 @@ x86, x86-64, LoongArch64, 32-bit & 64-bit Little Endian MIPS, 32-bit PowerPC (Bi support WebAssembly. For more information, see [the supported `ring` target platforms][ring-target-platforms]. +By providing a custom implementation of the [`crate::crypto::CryptoProvider`] trait, you +can replace all cryptography dependencies of rustls. This is a route to being portable +to a wider set of architectures and environments, or compliance requirements. +Specifying `default-features = false` when depending on rustls will remove the +dependency on *ring*. + Rustls requires Rust 1.61 or later. [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 42f21c2adb..1b5109ace9 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -4,7 +4,7 @@ //! requires no configuration to achieve that security, and provides no unsafe features or //! obsolete cryptography by default. //! -//! ## Current features +//! ## Current functionality (with default crate features) //! //! * TLS1.2 and TLS1.3. //! * ECDSA, Ed25519 or RSA server authentication by clients. @@ -54,7 +54,7 @@ //! //! ### Platform support //! -//! While Rustls itself is platform independent, it uses +//! While Rustls itself is platform independent, by default it uses //! [`ring`](https://crates.io/crates/ring) for implementing the cryptography in //! TLS. As a result, rustls only runs on platforms //! supported by `ring`. At the time of writing, this means 32-bit ARM, Aarch64 (64-bit ARM), @@ -63,6 +63,12 @@ //! support WebAssembly. //! For more information, see [the supported `ring` target platforms][ring-target-platforms]. //! +//! By providing a custom implementation of the [`crate::crypto::CryptoProvider`] trait, you +//! can replace all cryptography dependencies of rustls. This is a route to being portable +//! to a wider set of architectures and environments, or compliance requirements. +//! Specifying `default-features = false` when depending on rustls will remove the +//! dependency on *ring*. +//! //! Rustls requires Rust 1.61 or later. //! //! [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 @@ -247,10 +253,10 @@ //! `std::io::ReadBuf` and related APIs. This reduces costs from initializing //! buffers. Will do nothing on non-Nightly releases. //! -//! - `ring`: this makes the rustls crate depend on the *ring* crate, which is -//! which is used for cryptography. +//! - `ring`: this makes the rustls crate depend on the *ring* crate, +//! which is used for cryptography by default //! Without this feature, these items must be provided externally to the core -//! rustls crate. +//! rustls crate: see [`crate::crypto::CryptoProvider`]. //! //! - `aws_lc_rs`: this makes the rustls crate depend on the aws-lc-rs crate, //! which can be used for cryptography as an alternative to *ring*. From 96d1691b355234584c7ec37b16830efc434c41a2 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Tue, 21 Nov 2023 13:27:46 -0800 Subject: [PATCH 0430/1145] doc: update docs for SigningKey Explain why the implementors section for SigningKey is empty, where SigningKey comes from, and what it is consumed by. Update the functions that document encodings for loading private keys so they are more specific and concrete. --- rustls/src/client/builder.rs | 6 +++--- rustls/src/crypto/signer.rs | 40 ++++++++++++++++++++++++++++++++++++ rustls/src/server/builder.rs | 12 +++++------ 3 files changed, 49 insertions(+), 9 deletions(-) diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 0e03f02ab6..4762579407 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -112,9 +112,9 @@ impl ConfigBuilder { /// in client authentication. /// /// `cert_chain` is a vector of DER-encoded certificates. - /// `key_der` is a DER-encoded private key -- the precise set of supported key - /// types and parameters is defined by the selected [`CryptoProvider`]'s `load_private_key()` - /// method. + /// `key_der` is a DER-encoded private key as PKCS#1, PKCS#8, or SEC1. The + /// `aws-lc-rs` and `ring` [`CryptoProvider`]s support all three encodings, + /// but other `CryptoProviders` may not. /// /// This function fails if `key_der` is invalid. pub fn with_client_auth_cert( diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index 56031fb1c5..891b7465a0 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -12,6 +12,46 @@ use core::fmt::Debug; /// /// This interface is used by rustls to use a private signing key /// for authentication. This includes server and client authentication. +/// +/// Objects of this type are always used within Rustls as +/// `Arc`. There are no concrete public structs in Rustls +/// that implement this trait. +/// +/// There are two main ways to get a signing key: +/// +/// - [`CryptoProvider::load_private_key()`], or +/// - some other method outside of the `CryptoProvider` extension trait, +/// for instance: +/// - [`crypto::ring::sign::any_ecdsa_type()`] +/// - [`crypto::ring::sign::any_eddsa_type()`] +/// - [`crypto::ring::sign::any_supported_type()`] +/// - [`crypto::aws_lc_rs::sign::any_ecdsa_type()`] +/// - [`crypto::aws_lc_rs::sign::any_eddsa_type()`] +/// - [`crypto::aws_lc_rs::sign::any_supported_type()`] +/// +/// The `CryptoProvider` method `load_private_key()` is called under the hood by +/// [`ConfigBuilder::with_single_cert()`], +/// [`ConfigBuilder::with_client_auth_cert()`], and +/// [`ConfigBuilder::with_single_cert_with_ocsp()`]. +/// +/// A signing key created outside of the `CryptoProvider` extension trait can be used +/// to create a [`CertifiedKey`], which in turn can be used to create a +/// [`ResolvesServerCertUsingSni`]. Alternately, a `CertifiedKey` can be returned from a +/// custom implementation of the [`ResolvesServerCert`] or [`ResolvesClientCert`] traits. +/// +/// [`CryptoProvider::load_private_key()`]: crate::crypto::CryptoProvider::load_private_key +/// [`ConfigBuilder::with_single_cert()`]: crate::ConfigBuilder::with_single_cert +/// [`ConfigBuilder::with_single_cert_with_ocsp()`]: crate::ConfigBuilder::with_single_cert_with_ocsp +/// [`ConfigBuilder::with_client_auth_cert()`]: crate::ConfigBuilder::with_client_auth_cert +/// [`crypto::ring::sign::any_ecdsa_type()`]: crate::crypto::ring::sign::any_ecdsa_type +/// [`crypto::ring::sign::any_eddsa_type()`]: crate::crypto::ring::sign::any_eddsa_type +/// [`crypto::ring::sign::any_supported_type()`]: crate::crypto::ring::sign::any_supported_type +/// [`crypto::aws_lc_rs::sign::any_ecdsa_type()`]: crate::crypto::aws_lc_rs::sign::any_ecdsa_type +/// [`crypto::aws_lc_rs::sign::any_eddsa_type()`]: crate::crypto::aws_lc_rs::sign::any_eddsa_type +/// [`crypto::aws_lc_rs::sign::any_supported_type()`]: crate::crypto::aws_lc_rs::sign::any_supported_type +/// [`ResolvesServerCertUsingSni`]: crate::server::ResolvesServerCertUsingSni +/// [`ResolvesServerCert`]: crate::server::ResolvesServerCert +/// [`ResolvesClientCert`]: crate::client::ResolvesClientCert pub trait SigningKey: Debug + Send + Sync { /// Choose a `SignatureScheme` from those offered. /// diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index cd659f989c..9b0912fab0 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -62,9 +62,9 @@ impl ConfigBuilder { /// disregarded. /// /// `cert_chain` is a vector of DER-encoded certificates. - /// `key_der` is a DER-encoded private key -- the precise set of supported key - /// types and parameters is defined by the selected [`CryptoProvider`]'s `load_private_key()` - /// method. + /// `key_der` is a DER-encoded private key as PKCS#1, PKCS#8, or SEC1. The + /// `aws-lc-rs` and `ring` [`CryptoProvider`]s support all three encodings, + /// but other `CryptoProviders` may not. /// /// This function fails if `key_der` is invalid. pub fn with_single_cert( @@ -85,9 +85,9 @@ impl ConfigBuilder { /// subsequent connections, irrespective of things like SNI hostname. /// /// `cert_chain` is a vector of DER-encoded certificates. - /// `key_der` is a DER-encoded private key -- the precise set of supported key - /// types and parameters is defined by the selected [`CryptoProvider`]'s `load_private_key()` - /// method. + /// `key_der` is a DER-encoded private key as PKCS#1, PKCS#8, or SEC1. The + /// `aws-lc-rs` and `ring` [`CryptoProvider`]s support all three encodings, + /// but other `CryptoProviders` may not. /// `ocsp` is a DER-encoded OCSP response. Ignored if zero length. /// /// This function fails if `key_der` is invalid. From db64448ddd61ae90b12a97c87dded45260920844 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Tue, 21 Nov 2023 15:29:55 -0800 Subject: [PATCH 0431/1145] Doc: replace "nb." with "Note:" "nota bene" (mark well) is jargon that we don't need. --- bogo/regen-certs | 2 +- provider-example/examples/server.rs | 2 +- rustls/src/client/tls12.rs | 4 ++-- rustls/src/conn.rs | 2 +- rustls/src/crypto/aws_lc_rs/mod.rs | 2 +- rustls/src/crypto/cipher.rs | 4 ++-- rustls/src/crypto/ring/mod.rs | 2 +- rustls/src/dns_name.rs | 2 +- rustls/src/limited_cache.rs | 2 +- rustls/src/manual/implvulns.rs | 2 +- rustls/src/server/tls13.rs | 2 +- rustls/src/tls12/mod.rs | 2 +- 12 files changed, 14 insertions(+), 14 deletions(-) diff --git a/bogo/regen-certs b/bogo/regen-certs index ef200ed8e4..a74eaa2dee 100755 --- a/bogo/regen-certs +++ b/bogo/regen-certs @@ -47,7 +47,7 @@ EOF ) # rsa_chain_cert.pem/rsa_chain_key.pem: rsa2048/sha256 with chain rsa2048/sha256 -# nb. chain is not validated +# Note: chain is not validated openssl req -batch -x509 \ -utf8 \ -newkey rsa:2048 \ diff --git a/provider-example/examples/server.rs b/provider-example/examples/server.rs index 91dad0d351..8dcaab0095 100644 --- a/provider-example/examples/server.rs +++ b/provider-example/examples/server.rs @@ -35,7 +35,7 @@ fn main() { ) .as_bytes(); - // nb. do not used `unwrap()` on IO in real programs! + // Note: do not use `unwrap()` on IO in real programs! conn.writer().write_all(msg).unwrap(); conn.write_tls(&mut stream).unwrap(); conn.complete_io(&mut stream).unwrap(); diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 3ddf039b2b..31e505aa8e 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -778,7 +778,7 @@ impl State for ExpectServerDone { // 5b. let mut transcript = st.transcript; emit_clientkx(&mut transcript, cx.common, kx.pub_key()); - // nb. EMS handshake hash only runs up to ClientKeyExchange. + // Note: EMS handshake hash only runs up to ClientKeyExchange. let ems_seed = st .using_ems .then(|| transcript.get_current_hash()); @@ -918,7 +918,7 @@ impl State for ExpectCcs { // message. cx.common.check_aligned_handshake()?; - // nb. msgs layer validates trivial contents of CCS + // Note: msgs layer validates trivial contents of CCS. cx.common .record_layer .start_decrypting(); diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index d219b0f615..30e27de971 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -310,7 +310,7 @@ impl ConnectionRandoms { fn is_valid_ccs(msg: &PlainMessage) -> bool { // We passthrough ChangeCipherSpec messages in the deframer without decrypting them. - // nb. this is prior to the record layer, so is unencrypted. see + // Note: this is prior to the record layer, so is unencrypted. See // third paragraph of section 5 in RFC8446. msg.typ == ContentType::ChangeCipherSpec && msg.payload.0 == [0x01] } diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index cecc38ef8f..a83ec7cbe9 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -128,7 +128,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms webpki_algs::RSA_PKCS1_3072_8192_SHA384, ], mapping: &[ - // nb. for TLS1.2 the curve is not fixed by SignatureScheme. for TLS1.3 it is. + // Note: for TLS1.2 the curve is not fixed by SignatureScheme. For TLS1.3 it is. ( SignatureScheme::ECDSA_NISTP384_SHA384, &[ diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 25160bac59..d1ac707c4e 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -94,7 +94,7 @@ impl StdError for UnsupportedOperationError {} /// How a TLS1.2 `key_block` is partitioned. /// -/// nb. ciphersuites with non-zero `mac_key_length` not currently supported +/// Note: ciphersuites with non-zero `mac_key_length` are not currently supported. pub struct KeyBlockShape { /// How long keys are. /// @@ -218,7 +218,7 @@ pub const NONCE_LEN: usize = 12; pub fn make_tls13_aad(payload_len: usize) -> [u8; 5] { [ ContentType::ApplicationData.get_u8(), - // nb. this is `legacy_record_version`, ie TLS1.2 even for TLS1.3. + // Note: this is `legacy_record_version`, i.e. TLS1.2 even for TLS1.3. (ProtocolVersion::TLSv1_2.get_u16() >> 8) as u8, (ProtocolVersion::TLSv1_2.get_u16() & 0xff) as u8, (payload_len >> 8) as u8, diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 58fe4eb3cf..8681d2dca0 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -123,7 +123,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms webpki_algs::RSA_PKCS1_3072_8192_SHA384, ], mapping: &[ - // nb. for TLS1.2 the curve is not fixed by SignatureScheme. for TLS1.3 it is. + // Note: for TLS1.2 the curve is not fixed by SignatureScheme. For TLS1.3 it is. ( SignatureScheme::ECDSA_NISTP384_SHA384, &[ diff --git a/rustls/src/dns_name.rs b/rustls/src/dns_name.rs index 5d04f1971d..a41853498e 100644 --- a/rustls/src/dns_name.rs +++ b/rustls/src/dns_name.rs @@ -16,7 +16,7 @@ impl<'a> DnsName { /// Validate the given bytes are a DNS name if they are viewed as ASCII. pub fn try_from_ascii(bytes: &[u8]) -> Result { - // nb. a sequence of bytes that is accepted by `validate()` is both + // Note: a sequence of bytes that is accepted by `validate()` is both // valid UTF-8, and valid ASCII. String::from_utf8(bytes.to_vec()) .map_err(|_| InvalidDnsNameError) diff --git a/rustls/src/limited_cache.rs b/rustls/src/limited_cache.rs index 5198a4dd26..70b581fc9e 100644 --- a/rustls/src/limited_cache.rs +++ b/rustls/src/limited_cache.rs @@ -57,7 +57,7 @@ where pub(crate) fn insert(&mut self, k: K, v: V) { let inserted_new_item = match self.map.entry(k) { Entry::Occupied(mut old) => { - // nb. does not freshen entry in `oldest` + // Note: does not freshen entry in `oldest` old.insert(v); false } diff --git a/rustls/src/manual/implvulns.rs b/rustls/src/manual/implvulns.rs index d08e1100ae..a073350c4e 100644 --- a/rustls/src/manual/implvulns.rs +++ b/rustls/src/manual/implvulns.rs @@ -86,7 +86,7 @@ the message type before further operations. A sample sequence for a full TLSv1.2 handshake by a client looks like: -- `hs::ExpectServerHello` (nb. ClientHello is logically sent before this state); transition to `tls12::ExpectCertificate` +- `hs::ExpectServerHello` (Note: ClientHello is logically sent before this state); transition to `tls12::ExpectCertificate` - `tls12::ExpectCertificate`; transition to `tls12::ExpectServerKX` - `tls12::ExpectServerKX`; transition to `tls12::ExpectServerDoneOrCertReq` - `tls12::ExpectServerDoneOrCertReq`; delegates to `tls12::ExpectCertificateRequest` or `tls12::ExpectServerDone` depending on incoming message. diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 3f9ba04f80..976e4456f2 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1166,7 +1166,7 @@ impl State for ExpectFinished { } }; - // nb. future derivations include Client Finished, but not the + // Note: future derivations include Client Finished, but not the // main application data keying. self.transcript.add_message(&m); diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 4d5d0a77e9..4a5593cca7 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -145,7 +145,7 @@ impl ConnectionSecrets { /// and the session's `secrets`. pub(crate) fn make_cipher_pair(&self, side: Side) -> MessageCipherPair { // Make a key block, and chop it up. - // nb. we don't implement any ciphersuites with nonzero mac_key_len. + // Note: we don't implement any ciphersuites with nonzero mac_key_len. let key_block = self.make_key_block(); let shape = self.suite.aead_alg.key_block_shape(); From 65ade3c440a9919a172937b40598f9304a78c465 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Tue, 21 Nov 2023 18:28:08 +0100 Subject: [PATCH 0432/1145] turn CertificatePayload type alias into a newtype --- rustls/src/client/builder.rs | 4 +++- rustls/src/client/common.rs | 6 ++--- rustls/src/client/handy.rs | 25 ++++++++++++++------ rustls/src/client/tls12.rs | 14 ++++++------ rustls/src/client/tls13.rs | 2 +- rustls/src/common_state.rs | 3 ++- rustls/src/lib.rs | 6 ++--- rustls/src/msgs/handshake.rs | 38 ++++++++++++++++++++++++------- rustls/src/msgs/handshake_test.rs | 23 +++++++++++-------- rustls/src/msgs/persist.rs | 22 +++++++++--------- rustls/src/server/builder.rs | 9 ++++++-- rustls/src/server/handy.rs | 12 ++++------ rustls/src/server/tls12.rs | 16 ++++++++----- rustls/src/server/tls13.rs | 3 ++- 14 files changed, 114 insertions(+), 69 deletions(-) diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 4762579407..c2297d589f 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -4,6 +4,7 @@ use crate::client::{ClientConfig, ResolvesClientCert}; use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::error::Error; use crate::key_log::NoKeyLog; +use crate::msgs::handshake::CertificateChain; use crate::suites::SupportedCipherSuite; use crate::webpki; use crate::{verify, versions}; @@ -126,7 +127,8 @@ impl ConfigBuilder { .state .provider .load_private_key(key_der)?; - let resolver = handy::AlwaysResolvesClientCert::new(private_key, cert_chain)?; + let resolver = + handy::AlwaysResolvesClientCert::new(private_key, CertificateChain(cert_chain))?; Ok(self.with_client_cert_resolver(Arc::new(resolver))) } diff --git a/rustls/src/client/common.rs b/rustls/src/client/common.rs index ea80628b08..faed755787 100644 --- a/rustls/src/client/common.rs +++ b/rustls/src/client/common.rs @@ -3,7 +3,7 @@ use super::ResolvesClientCert; use crate::log::{debug, trace}; use crate::msgs::enums::ExtensionType; use crate::msgs::handshake::ServerExtension; -use crate::msgs::handshake::{CertificatePayload, DistinguishedName}; +use crate::msgs::handshake::{CertificateChain, DistinguishedName}; use crate::{sign, SignatureScheme}; use alloc::boxed::Box; @@ -12,12 +12,12 @@ use alloc::vec::Vec; #[derive(Debug)] pub(super) struct ServerCertDetails { - pub(super) cert_chain: CertificatePayload, + pub(super) cert_chain: CertificateChain, pub(super) ocsp_response: Vec, } impl ServerCertDetails { - pub(super) fn new(cert_chain: CertificatePayload, ocsp_response: Vec) -> Self { + pub(super) fn new(cert_chain: CertificateChain, ocsp_response: Vec) -> Self { Self { cert_chain, ocsp_response, diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index ded6faaff3..b22996fb04 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -2,16 +2,14 @@ use crate::client; use crate::enums::SignatureScheme; use crate::error::Error; use crate::limited_cache; +use crate::msgs::handshake::CertificateChain; use crate::msgs::persist; use crate::sign; use crate::NamedGroup; use crate::ServerName; -use pki_types::CertificateDer; - use alloc::collections::VecDeque; use alloc::sync::Arc; -use alloc::vec::Vec; use core::fmt; use std::sync::Mutex; @@ -193,9 +191,12 @@ pub(super) struct AlwaysResolvesClientCert(Arc); impl AlwaysResolvesClientCert { pub(super) fn new( private_key: Arc, - chain: Vec>, + chain: CertificateChain, ) -> Result { - Ok(Self(Arc::new(sign::CertifiedKey::new(chain, private_key)))) + Ok(Self(Arc::new(sign::CertifiedKey::new( + chain.0, + private_key, + )))) } } @@ -218,6 +219,7 @@ mod tests { use super::NoClientSessionStorage; use crate::client::ClientSessionStore; use crate::msgs::enums::NamedGroup; + use crate::msgs::handshake::CertificateChain; #[cfg(feature = "tls12")] use crate::msgs::handshake::SessionId; use crate::msgs::persist::Tls13ClientSessionValue; @@ -253,7 +255,7 @@ mod tests { SessionId::empty(), Vec::new(), &[], - Vec::new(), + CertificateChain::default(), now, 0, true, @@ -271,7 +273,16 @@ mod tests { }; c.insert_tls13_ticket( &name, - Tls13ClientSessionValue::new(tls13_suite, Vec::new(), &[], Vec::new(), now, 0, 0, 0), + Tls13ClientSessionValue::new( + tls13_suite, + Vec::new(), + &[], + CertificateChain::default(), + now, + 0, + 0, + 0, + ), ); assert!(c.take_tls13_ticket(&name).is_none()); } diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 31e505aa8e..4b22967af2 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -11,7 +11,7 @@ use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::codec::Codec; use crate::msgs::handshake::{ - CertificatePayload, HandshakeMessagePayload, HandshakePayload, NewSessionTicketPayload, + CertificateChain, HandshakeMessagePayload, HandshakePayload, NewSessionTicketPayload, ServerEcdhParams, SessionId, }; use crate::msgs::message::{Message, MessagePayload}; @@ -129,7 +129,7 @@ mod server_hello { // Since we're resuming, we verified the certificate and // proof of possession in the prior session. - cx.common.peer_certificates = Some(resuming.server_cert_chain().to_vec()); + cx.common.peer_certificates = Some(resuming.server_cert_chain().clone()); let cert_verified = verify::ServerCertVerified::assertion(); let sig_verified = verify::HandshakeSignatureValid::assertion(); @@ -247,7 +247,7 @@ struct ExpectCertificateStatusOrServerKx { using_ems: bool, transcript: HandshakeHash, suite: &'static Tls12CipherSuite, - server_cert_chain: CertificatePayload, + server_cert_chain: CertificateChain, must_issue_new_ticket: bool, } @@ -315,7 +315,7 @@ struct ExpectCertificateStatus { using_ems: bool, transcript: HandshakeHash, suite: &'static Tls12CipherSuite, - server_cert_chain: CertificatePayload, + server_cert_chain: CertificateChain, must_issue_new_ticket: bool, } @@ -414,7 +414,7 @@ impl State for ExpectServerKx { fn emit_certificate( transcript: &mut HandshakeHash, - cert_chain: CertificatePayload, + cert_chain: CertificateChain, common: &mut CommonState, ) { let cert = Message { @@ -755,8 +755,8 @@ impl State for ExpectServerDone { // 4. if let Some(client_auth) = &st.client_auth { let certs = match client_auth { - ClientAuthDetails::Empty { .. } => Vec::new(), - ClientAuthDetails::Verify { certkey, .. } => certkey.cert.clone(), + ClientAuthDetails::Empty { .. } => CertificateChain::default(), + ClientAuthDetails::Verify { certkey, .. } => CertificateChain(certkey.cert.clone()), }; emit_certificate(&mut st.transcript, certs, cx.common); } diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index dca79df68e..f6816fd796 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -423,7 +423,7 @@ impl State for ExpectEncryptedExtensions { cx.common.peer_certificates = Some( resuming_session .server_cert_chain() - .to_vec(), + .clone(), ); // We *don't* reverify the certificate chain here: resumption is a diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 6a77ba6877..f738ba1259 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -6,6 +6,7 @@ use crate::msgs::alert::AlertMessagePayload; use crate::msgs::base::Payload; use crate::msgs::enums::{AlertLevel, KeyUpdateRequest}; use crate::msgs::fragmenter::MessageFragmenter; +use crate::msgs::handshake::CertificateChain; use crate::msgs::message::MessagePayload; use crate::msgs::message::{BorrowedPlainMessage, Message, OpaqueMessage, PlainMessage}; use crate::quic; @@ -37,7 +38,7 @@ pub struct CommonState { pub(crate) has_received_close_notify: bool, pub(crate) has_seen_eof: bool, pub(crate) received_middlebox_ccs: u8, - pub(crate) peer_certificates: Option>>, + pub(crate) peer_certificates: Option, message_fragmenter: MessageFragmenter, pub(crate) received_plaintext: ChunkVecBuffer, sendable_plaintext: ChunkVecBuffer, diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 1b5109ace9..914c8d0afb 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -405,9 +405,9 @@ pub mod internal { } pub mod handshake { pub use crate::msgs::handshake::{ - ClientExtension, ClientHelloPayload, DistinguishedName, EchConfig, - EchConfigContents, HandshakeMessagePayload, HandshakePayload, HpkeKeyConfig, - HpkeSymmetricCipherSuite, KeyShareEntry, Random, SessionId, + CertificateChain, ClientExtension, ClientHelloPayload, DistinguishedName, + EchConfig, EchConfigContents, HandshakeMessagePayload, HandshakePayload, + HpkeKeyConfig, HpkeSymmetricCipherSuite, KeyShareEntry, Random, SessionId, }; } pub mod message { diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 92b02665d9..def91369a1 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -27,6 +27,7 @@ use alloc::string::String; use alloc::vec; use alloc::vec::Vec; use core::fmt; +use core::ops::Deref; /// Create a newtype wrapper around a given type. /// @@ -1256,7 +1257,26 @@ impl ServerHelloPayload { } } -pub(crate) type CertificatePayload = Vec>; +#[derive(Clone, Default, Debug)] +pub struct CertificateChain(pub Vec>); + +impl Codec for CertificateChain { + fn encode(&self, bytes: &mut Vec) { + Vec::encode(&self.0, bytes) + } + + fn read(r: &mut Reader) -> Result { + Vec::read(r).map(Self) + } +} + +impl Deref for CertificateChain { + type Target = [CertificateDer<'static>]; + + fn deref(&self) -> &[CertificateDer<'static>] { + &self.0 + } +} impl TlsListElement for CertificateDer<'_> { const SIZE_LEN: ListLength = ListLength::U24 { max: 0x1_0000 }; @@ -1448,11 +1468,13 @@ impl CertificatePayloadTls13 { .unwrap_or_default() } - pub(crate) fn convert(self) -> CertificatePayload { - self.entries - .into_iter() - .map(|e| e.cert) - .collect() + pub(crate) fn convert(self) -> CertificateChain { + CertificateChain( + self.entries + .into_iter() + .map(|e| e.cert) + .collect(), + ) } } @@ -2047,7 +2069,7 @@ pub enum HandshakePayload { ClientHello(ClientHelloPayload), ServerHello(ServerHelloPayload), HelloRetryRequest(HelloRetryRequest), - Certificate(CertificatePayload), + Certificate(CertificateChain), CertificateTls13(CertificatePayloadTls13), ServerKeyExchange(ServerKeyExchangePayload), CertificateRequest(CertificateRequestPayload), @@ -2152,7 +2174,7 @@ impl HandshakeMessagePayload { HandshakePayload::CertificateTls13(p) } HandshakeType::Certificate => { - HandshakePayload::Certificate(CertificatePayload::read(&mut sub)?) + HandshakePayload::Certificate(CertificateChain::read(&mut sub)?) } HandshakeType::ServerKeyExchange => { let p = ServerKeyExchangePayload::read(&mut sub)?; diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 2af662f2e7..d0192d06da 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -7,15 +7,16 @@ use crate::msgs::enums::{ KeyUpdateRequest, NamedGroup, PSKKeyExchangeMode, ServerNameType, }; use crate::msgs::handshake::{ - CertReqExtension, CertificateEntry, CertificateExtension, CertificatePayloadTls13, - CertificateRequestPayload, CertificateRequestPayloadTls13, CertificateStatus, - CertificateStatusRequest, ClientExtension, ClientHelloPayload, ClientSessionTicket, - ConvertProtocolNameList, ConvertServerNameList, DistinguishedName, EcParameters, - EcdheServerKeyExchange, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, - HelloRetryExtension, HelloRetryRequest, KeyShareEntry, NewSessionTicketExtension, - NewSessionTicketPayload, NewSessionTicketPayloadTls13, PresharedKeyBinder, - PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, ServerEcdhParams, - ServerExtension, ServerHelloPayload, ServerKeyExchangePayload, SessionId, UnknownExtension, + CertReqExtension, CertificateChain, CertificateEntry, CertificateExtension, + CertificatePayloadTls13, CertificateRequestPayload, CertificateRequestPayloadTls13, + CertificateStatus, CertificateStatusRequest, ClientExtension, ClientHelloPayload, + ClientSessionTicket, ConvertProtocolNameList, ConvertServerNameList, DistinguishedName, + EcParameters, EcdheServerKeyExchange, HandshakeMessagePayload, HandshakePayload, + HasServerExtensions, HelloRetryExtension, HelloRetryRequest, KeyShareEntry, + NewSessionTicketExtension, NewSessionTicketPayload, NewSessionTicketPayloadTls13, + PresharedKeyBinder, PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, + ServerEcdhParams, ServerExtension, ServerHelloPayload, ServerKeyExchangePayload, SessionId, + UnknownExtension, }; use crate::verify::DigitallySignedStruct; @@ -901,7 +902,9 @@ fn get_all_tls12_handshake_payloads() -> Vec { }, HandshakeMessagePayload { typ: HandshakeType::Certificate, - payload: HandshakePayload::Certificate(vec![CertificateDer::from(vec![1, 2, 3])]), + payload: HandshakePayload::Certificate(CertificateChain(vec![CertificateDer::from( + vec![1, 2, 3], + )])), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index cc662d649f..685ff9ce72 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -3,14 +3,14 @@ use crate::enums::{CipherSuite, ProtocolVersion}; use crate::error::InvalidMessage; use crate::msgs::base::{PayloadU16, PayloadU8}; use crate::msgs::codec::{Codec, Reader}; -use crate::msgs::handshake::CertificatePayload; +use crate::msgs::handshake::CertificateChain; #[cfg(feature = "tls12")] use crate::msgs::handshake::SessionId; #[cfg(feature = "tls12")] use crate::tls12::Tls12CipherSuite; use crate::tls13::Tls13CipherSuite; -use pki_types::{CertificateDer, UnixTime}; +use pki_types::UnixTime; use zeroize::Zeroizing; use alloc::vec::Vec; @@ -83,7 +83,7 @@ impl Tls13ClientSessionValue { suite: &'static Tls13CipherSuite, ticket: Vec, secret: &[u8], - server_cert_chain: Vec>, + server_cert_chain: CertificateChain, time_now: UnixTime, lifetime_secs: u32, age_add: u32, @@ -155,7 +155,7 @@ impl Tls12ClientSessionValue { session_id: SessionId, ticket: Vec, master_secret: &[u8], - server_cert_chain: Vec>, + server_cert_chain: CertificateChain, time_now: UnixTime, lifetime_secs: u32, extended_ms: bool, @@ -208,7 +208,7 @@ pub struct ClientSessionCommon { secret: Zeroizing, epoch: u64, lifetime_secs: u32, - server_cert_chain: CertificatePayload, + server_cert_chain: CertificateChain, } impl ClientSessionCommon { @@ -217,7 +217,7 @@ impl ClientSessionCommon { secret: &[u8], time_now: UnixTime, lifetime_secs: u32, - server_cert_chain: Vec>, + server_cert_chain: CertificateChain, ) -> Self { Self { ticket: PayloadU16(ticket), @@ -228,8 +228,8 @@ impl ClientSessionCommon { } } - pub(crate) fn server_cert_chain(&self) -> &[CertificateDer<'static>] { - self.server_cert_chain.as_ref() + pub(crate) fn server_cert_chain(&self) -> &CertificateChain { + &self.server_cert_chain } pub(crate) fn secret(&self) -> &[u8] { @@ -257,7 +257,7 @@ pub struct ServerSessionValue { pub(crate) cipher_suite: CipherSuite, pub(crate) master_secret: Zeroizing, pub(crate) extended_ms: bool, - pub(crate) client_cert_chain: Option, + pub(crate) client_cert_chain: Option, pub(crate) alpn: Option, pub(crate) application_data: PayloadU16, pub creation_time_sec: u64, @@ -316,7 +316,7 @@ impl Codec for ServerSessionValue { let ems = u8::read(r)?; let has_ccert = u8::read(r)? == 1; let ccert = if has_ccert { - Some(CertificatePayload::read(r)?) + Some(CertificateChain::read(r)?) } else { None }; @@ -352,7 +352,7 @@ impl ServerSessionValue { v: ProtocolVersion, cs: CipherSuite, ms: &[u8], - client_cert_chain: Option, + client_cert_chain: Option, alpn: Option>, application_data: Vec, creation_time: UnixTime, diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 9b0912fab0..b8fbeb7db1 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -1,6 +1,7 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::error::Error; +use crate::msgs::handshake::CertificateChain; use crate::server::handy; use crate::server::{ResolvesServerCert, ServerConfig}; use crate::suites::SupportedCipherSuite; @@ -76,7 +77,7 @@ impl ConfigBuilder { .state .provider .load_private_key(key_der)?; - let resolver = handy::AlwaysResolvesChain::new(private_key, cert_chain); + let resolver = handy::AlwaysResolvesChain::new(private_key, CertificateChain(cert_chain)); Ok(self.with_cert_resolver(Arc::new(resolver))) } @@ -101,7 +102,11 @@ impl ConfigBuilder { .state .provider .load_private_key(key_der)?; - let resolver = handy::AlwaysResolvesChain::new_with_extras(private_key, cert_chain, ocsp); + let resolver = handy::AlwaysResolvesChain::new_with_extras( + private_key, + CertificateChain(cert_chain), + ocsp, + ); Ok(self.with_cert_resolver(Arc::new(resolver))) } diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 89939c4f48..2d952b1f08 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -1,14 +1,13 @@ use crate::dns_name::DnsNameRef; use crate::error::Error; use crate::limited_cache; +use crate::msgs::handshake::CertificateChain; use crate::server; use crate::server::ClientHello; use crate::sign; use crate::webpki::{verify_server_name, ParsedCertificate}; use crate::ServerName; -use pki_types::CertificateDer; - use alloc::string::{String, ToString}; use alloc::sync::Arc; use alloc::vec::Vec; @@ -111,11 +110,8 @@ pub(super) struct AlwaysResolvesChain(Arc); impl AlwaysResolvesChain { /// Creates an `AlwaysResolvesChain`, using the supplied key and certificate chain. - pub(super) fn new( - private_key: Arc, - chain: Vec>, - ) -> Self { - Self(Arc::new(sign::CertifiedKey::new(chain, private_key))) + pub(super) fn new(private_key: Arc, chain: CertificateChain) -> Self { + Self(Arc::new(sign::CertifiedKey::new(chain.0, private_key))) } /// Creates an `AlwaysResolvesChain`, using the supplied key, certificate chain and OCSP response. @@ -123,7 +119,7 @@ impl AlwaysResolvesChain { /// If non-empty, the given OCSP response is attached. pub(super) fn new_with_extras( private_key: Arc, - chain: Vec>, + chain: CertificateChain, ocsp: Vec, ) -> Self { let mut r = Self::new(private_key, chain); diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 1a45fd5b97..2202758349 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -11,7 +11,9 @@ use crate::log::{debug, trace}; use crate::msgs::base::Payload; use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::codec::Codec; -use crate::msgs::handshake::{ClientEcdhParams, HandshakeMessagePayload, HandshakePayload}; +use crate::msgs::handshake::{ + CertificateChain, ClientEcdhParams, HandshakeMessagePayload, HandshakePayload, +}; use crate::msgs::handshake::{NewSessionTicketPayload, SessionId}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; @@ -23,7 +25,7 @@ use super::common::ActiveCertifiedKey; use super::hs::{self, ServerContext}; use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData}; -use pki_types::{CertificateDer, UnixTime}; +use pki_types::UnixTime; use subtle::ConstantTimeEq; use alloc::borrow::ToOwned; @@ -36,11 +38,13 @@ use alloc::vec::Vec; pub(super) use client_hello::CompleteClientHelloHandling; mod client_hello { + use pki_types::CertificateDer; + use crate::crypto::SupportedKxGroup; use crate::enums::SignatureScheme; use crate::msgs::enums::ECPointFormat; use crate::msgs::enums::{ClientCertificateType, Compression}; - use crate::msgs::handshake::ServerEcdhParams; + use crate::msgs::handshake::{CertificateChain, ServerEcdhParams}; use crate::msgs::handshake::{CertificateRequestPayload, ClientSessionTicket, Random}; use crate::msgs::handshake::{CertificateStatus, EcdheServerKeyExchange}; use crate::msgs::handshake::{ClientExtension, SessionId}; @@ -381,7 +385,7 @@ mod client_hello { version: ProtocolVersion::TLSv1_2, payload: MessagePayload::handshake(HandshakeMessagePayload { typ: HandshakeType::Certificate, - payload: HandshakePayload::Certificate(cert_chain.to_owned()), + payload: HandshakePayload::Certificate(CertificateChain(cert_chain.to_vec())), }), }; @@ -578,7 +582,7 @@ struct ExpectClientKx { suite: &'static Tls12CipherSuite, using_ems: bool, server_kx: Box, - client_cert: Option>>, + client_cert: Option, send_ticket: bool, } @@ -645,7 +649,7 @@ struct ExpectCertificateVerify { transcript: HandshakeHash, session_id: SessionId, using_ems: bool, - client_cert: Vec>, + client_cert: CertificateChain, send_ticket: bool, } diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 976e4456f2..41d7ac6e8d 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -11,6 +11,7 @@ use crate::hash_hs::HandshakeHash; use crate::log::{debug, trace, warn}; use crate::msgs::codec::Codec; use crate::msgs::enums::KeyUpdateRequest; +use crate::msgs::handshake::CertificateChain; use crate::msgs::handshake::HandshakeMessagePayload; use crate::msgs::handshake::HandshakePayload; use crate::msgs::handshake::{NewSessionTicketExtension, NewSessionTicketPayloadTls13}; @@ -942,7 +943,7 @@ struct ExpectCertificateVerify { transcript: HandshakeHash, suite: &'static Tls13CipherSuite, key_schedule: KeyScheduleTrafficWithClientFinishedPending, - client_cert: Vec>, + client_cert: CertificateChain, send_tickets: usize, } From 0c556c03ab23c14a33e5f74231ab0e070d00e820 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Wed, 22 Nov 2023 12:17:50 +0100 Subject: [PATCH 0433/1145] fix clippy warnings in ci-bench --- ci-bench/src/main.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 4838ba323e..ae87b22a09 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -275,10 +275,9 @@ fn find_suite( all: &[rustls::SupportedCipherSuite], name: CipherSuite, ) -> rustls::SupportedCipherSuite { - all.iter() + *all.iter() .find(|suite| suite.suite() == name) - .expect(&format!("cannot find cipher suite {name:?}")) - .clone() + .unwrap_or_else(|| panic!("cannot find cipher suite {name:?}")) } fn ring_ticketer() -> Arc { From a54c8ecbe3a78d7e974cc4ef9a660d6415b186db Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Wed, 22 Nov 2023 12:19:28 +0100 Subject: [PATCH 0434/1145] CI: run clippy on the entire workspace --- .github/workflows/build.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ff3c615667..c61076669b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -320,11 +320,12 @@ jobs: uses: dtolnay/rust-toolchain@stable with: components: clippy - - run: cargo clippy --locked --package rustls --all-features --all-targets -- --deny warnings + # because examples enable rustls' features, `--workspace --no-default-features` is not + # the same as `--package rustls --no-default-features` so run it separately - run: cargo clippy --locked --package rustls --no-default-features --all-targets -- --deny warnings - - run: cargo clippy --locked --manifest-path=connect-tests/Cargo.toml --all-features --all-targets -- --deny warnings + - run: cargo clippy --locked --workspace --all-features --all-targets -- --deny warnings + # not part of the workspace - run: cargo clippy --locked --manifest-path=fuzz/Cargo.toml --all-features --all-targets -- --deny warnings - - run: cargo clippy --locked --manifest-path=provider-example/Cargo.toml --all-features --all-targets -- --deny warnings clippy-nightly: name: Clippy (Nightly) @@ -338,11 +339,9 @@ jobs: uses: dtolnay/rust-toolchain@nightly with: components: clippy - - run: cargo clippy --locked --package rustls --all-features --all-targets - run: cargo clippy --locked --package rustls --no-default-features --all-targets - - run: cargo clippy --locked --manifest-path=connect-tests/Cargo.toml --all-features --all-targets + - run: cargo clippy --locked --workspace --all-features --all-targets - run: cargo clippy --locked --manifest-path=fuzz/Cargo.toml --all-features --all-targets - - run: cargo clippy --locked --manifest-path=provider-example/Cargo.toml --all-features --all-targets check-external-types: name: Validate external types appearing in public API From e3edaef807662b7f2aa3b0eae85c2d18cf18afda Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 22 Nov 2023 09:29:22 +0100 Subject: [PATCH 0435/1145] Rename SignError to InvalidKeyError --- rustls/src/crypto/ring/sign.rs | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index 4c39096f24..e915912ea1 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -20,7 +20,7 @@ use std::error::Error as StdError; /// Parse `der` as any supported key encoding/type, returning /// the first which works. -pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result, SignError> { +pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result, InvalidKeyError> { if let Ok(rsa) = RsaSigningKey::new(der) { Ok(Arc::new(rsa)) } else if let Ok(ecdsa) = any_ecdsa_type(der) { @@ -28,7 +28,7 @@ pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result } else if let PrivateKeyDer::Pkcs8(pkcs8) = der { any_eddsa_type(pkcs8) } else { - Err(SignError(())) + Err(InvalidKeyError(())) } } @@ -36,7 +36,7 @@ pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result /// /// Both SEC1 (PEM section starting with 'BEGIN EC PRIVATE KEY') and PKCS8 /// (PEM section starting with 'BEGIN PRIVATE KEY') encodings are supported. -pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result, SignError> { +pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result, InvalidKeyError> { if let Ok(ecdsa_p256) = EcdsaSigningKey::new( der, SignatureScheme::ECDSA_NISTP256_SHA256, @@ -53,18 +53,20 @@ pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result, Si return Ok(Arc::new(ecdsa_p384)); } - Err(SignError(())) + Err(InvalidKeyError(())) } /// Parse `der` as any EdDSA key type, returning the first which works. -pub fn any_eddsa_type(der: &PrivatePkcs8KeyDer<'_>) -> Result, SignError> { +pub fn any_eddsa_type( + der: &PrivatePkcs8KeyDer<'_>, +) -> Result, InvalidKeyError> { if let Ok(ed25519) = Ed25519SigningKey::new(der, SignatureScheme::ED25519) { return Ok(Arc::new(ed25519)); } // TODO: Add support for Ed448 - Err(SignError(())) + Err(InvalidKeyError(())) } /// A `SigningKey` for RSA-PKCS1 or RSA-PSS. @@ -88,13 +90,13 @@ static ALL_RSA_SCHEMES: &[SignatureScheme] = &[ impl RsaSigningKey { /// Make a new `RsaSigningKey` from a DER encoding, in either /// PKCS#1 or PKCS#8 format. - pub fn new(der: &PrivateKeyDer<'_>) -> Result { + pub fn new(der: &PrivateKeyDer<'_>) -> Result { let key_pair = match der { PrivateKeyDer::Pkcs1(pkcs1) => RsaKeyPair::from_der(pkcs1.secret_pkcs1_der()), PrivateKeyDer::Pkcs8(pkcs8) => RsaKeyPair::from_pkcs8(pkcs8.secret_pkcs8_der()), - _ => return Err(SignError(())), + _ => return Err(InvalidKeyError(())), } - .map_err(|_| SignError(()))?; + .map_err(|_| InvalidKeyError(()))?; Ok(Self { key: Arc::new(key_pair), @@ -331,13 +333,13 @@ struct Ed25519SigningKey { impl Ed25519SigningKey { /// Make a new `Ed25519SigningKey` from a DER encoding in PKCS#8 format, /// expecting a key usable with precisely the given signature scheme. - fn new(der: &PrivatePkcs8KeyDer<'_>, scheme: SignatureScheme) -> Result { + fn new(der: &PrivatePkcs8KeyDer<'_>, scheme: SignatureScheme) -> Result { match Ed25519KeyPair::from_pkcs8_maybe_unchecked(der.secret_pkcs8_der()) { Ok(key_pair) => Ok(Self { key: Arc::new(key_pair), scheme, }), - Err(_) => Err(SignError(())), + Err(_) => Err(InvalidKeyError(())), } } } @@ -390,17 +392,17 @@ impl Debug for Ed25519Signer { } } -/// Errors while signing +/// Error produced when constructing a [`SigningKey`]. #[derive(Debug)] -pub struct SignError(()); +pub struct InvalidKeyError(()); -impl fmt::Display for SignError { +impl fmt::Display for InvalidKeyError { fn fmt(&self, f: &mut Formatter) -> fmt::Result { - f.write_str("sign error") + f.write_str("error constructing key") } } -impl StdError for SignError {} +impl StdError for InvalidKeyError {} #[cfg(test)] mod tests { From 81f828f9766460673dfd65489098ffb4939bfae0 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 21 Nov 2023 11:45:54 -0500 Subject: [PATCH 0436/1145] client: allow providing webpki cert verifier w/o dangerous Previously to supply a custom webpki-based server certificate verifier when building a client configuration the caller had to invoke `dangerous` to get access to a fn that can accept an `Arc`. We did this because implementing a `ServerCertVerifier` from scratch leaves a lot of room for dangerous errors. However, when providing a `WebPkiServerVerifier` constructed with `webpki::WebPkiServerVerifier::builder`, there is much less danger. We've arranged the builder and concrete type to be safe for general usage. This commit changes the builder to return the concrete verifier type, and then adds a new `with_webpki_verifier` fn to the client config builder that accepts a `Arc { /// /// ```diff /// - .with_root_certificates(root_store) - /// + .dangerous() - /// + .with_custom_certificate_verifier( + /// + .with_webpki_verifier( /// + WebPkiServerVerifier::builder_with_provider(root_store, crypto_provider) /// + .with_crls(...) /// + .build()? @@ -35,6 +34,23 @@ impl ConfigBuilder { pub fn with_root_certificates( self, root_store: impl Into>, + ) -> ConfigBuilder { + let sig_algs = self + .state + .provider + .signature_verification_algorithms(); + self.with_webpki_verifier( + WebPkiServerVerifier::new_without_revocation(root_store, sig_algs).into(), + ) + } + + /// Choose how to verify server certificates using a webpki verifier. + /// + /// See [`webpki::WebPkiServerVerifier::builder`] and + /// [`webpki::WebPkiServerVerifier::builder_with_provider`] for more information. + pub fn with_webpki_verifier( + self, + verifier: Arc, ) -> ConfigBuilder { ConfigBuilder { state: WantsClientCert { @@ -42,12 +58,7 @@ impl ConfigBuilder { kx_groups: self.state.kx_groups, provider: self.state.provider, versions: self.state.versions, - verifier: Arc::new(webpki::WebPkiServerVerifier::new_without_revocation( - root_store, - self.state - .provider - .signature_verification_algorithms(), - )), + verifier, }, side: PhantomData, } diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 535e3c787f..06c53f06f5 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -95,18 +95,19 @@ impl ServerCertVerifierBuilder { /// This function will return a `CertVerifierBuilderError` if: /// 1. No trust anchors have been provided. /// 2. DER encoded CRLs have been provided that can not be parsed successfully. - pub fn build(self) -> Result, VerifierBuilderError> { + pub fn build(self) -> Result, VerifierBuilderError> { if self.roots.is_empty() { return Err(VerifierBuilderError::NoRootAnchors); } - Ok(Arc::new(WebPkiServerVerifier::new( + Ok(WebPkiServerVerifier::new( self.roots, parse_crls(self.crls)?, self.revocation_check_depth, self.unknown_revocation_policy, self.supported_algs, - ))) + ) + .into()) } } From e9316dfcd49e91ee1d741835cb0c5196151c51ca Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 22 Nov 2023 15:27:27 -0500 Subject: [PATCH 0437/1145] crypto: make signer mod pub(crate) Historically the types that now live in `rustls::crypto::signer` were present in `rustls::sign`. When the crypto provider work refactored them into their new home, we also added a `lib.rs` re-export under `rustls::sign`. This left two import paths for accessing the same types. To avoid duplicated import paths without causing more downstream churn from moving the types this commit makes the `rustls::crypto::signer` module `pub(crate)`, leaving `rustls::sign` as the sole way to access the contained types externally. --- rustls/src/crypto/mod.rs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index abf81a0fe3..1759a37da8 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -28,9 +28,6 @@ pub mod hash; /// HMAC interfaces. pub mod hmac; -/// Message signing interfaces. -pub mod signer; - /// Cryptography specific to TLS1.2. pub mod tls12; @@ -41,6 +38,10 @@ pub mod tls13; #[doc(hidden)] pub mod hpke; +// Message signing interfaces. Re-exported under rustls::sign. Kept crate-internal here to +// avoid having two import paths to the same types. +pub(crate) mod signer; + pub use crate::rand::GetRandomFailed; pub use crate::msgs::handshake::KeyExchangeAlgorithm; From de41c70959844b5411c5018147a8a48c7817e387 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 22 Nov 2023 11:25:17 -0500 Subject: [PATCH 0438/1145] CONTRIBUTING: add note about fully qualified function calls --- CONTRIBUTING.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3ca8a68640..ca27e066d7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -146,6 +146,21 @@ We prefer to use `impl ...` for arguments and return types when there's a single use of the type. Generic type argument bounds add a level of indirection that's harder to read in one pass. +#### Avoid type elision for fully qualified function calls + +We prefer to write [fully qualified function calls] with types included, rather +than elided. For example: + +```rust +// Incorrect: +<_>::default() + +// Correct: +CertificateChain::default() +``` + +[fully qualified function calls]: https://doc.rust-lang.org/beta/reference/expressions/call-expr.html#disambiguating-function-calls + #### Validation Where possible, avoid writing `validate` or `check` type functions that try to From a72f6697e53fad89baefaa0fb0bdbe2a3cd35d55 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Wed, 22 Nov 2023 17:11:46 -0800 Subject: [PATCH 0439/1145] doc: CryptoProvider defaults can be overridden It was surprising to me that builder_with_provider could set a CryptoProvider, and then with_cipher_suites could choose implementations from a different CryptoProvider. I've tried to document things to make that a little less surprising. --- rustls/src/builder.rs | 8 ++++++++ rustls/src/crypto/mod.rs | 18 +++++++++++++++--- rustls/src/suites.rs | 3 +++ 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 08f6bbe6e6..591ab68469 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -220,6 +220,10 @@ impl ConfigBuilder { } /// Choose a specific set of cipher suites. + /// + /// These can be different from the cipher suites implemented by the `CryptoProvider`. + /// Because the cipher suites provided by `ring` and `aws_lc_rs` have the same names, + /// make sure any `use` statements are importing from the provider that you want to use. pub fn with_cipher_suites( self, cipher_suites: &[SupportedCipherSuite], @@ -256,6 +260,10 @@ pub struct WantsKxGroups { impl ConfigBuilder { /// Choose a specific set of key exchange groups. + /// + /// These can be different from the key exchange groups implemented by the `CryptoProvider`. + /// Because the cipher suites provided by `ring` and `aws_lc_rs` have the same names, + /// make sure any `use` statements are importing from the provider that you want to use. pub fn with_kx_groups( self, kx_groups: &[&'static dyn SupportedKxGroup], diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 1759a37da8..736da1528e 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -58,6 +58,9 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// which is optional). This provider uses the [aws-lc-rs](https://github.com/aws/aws-lc-rs) /// crate. /// +/// This trait provides defaults. Everything in it, other than randomness, can be overridden at +/// runtime by methods on [`ConfigBuilder`](crate::ConfigBuilder). +/// /// # Using a specific `CryptoProvider` /// /// Supply the provider when constructing your [`crate::ClientConfig`] or [`crate::ServerConfig`]: @@ -165,7 +168,10 @@ pub trait CryptoProvider: Send + Sync + Debug + 'static { /// [`crate::ConfigBuilder::with_safe_default_cipher_suites()`]. /// /// Other (non-default) cipher suites can be provided separately and configured - /// by passing them to [`crate::ConfigBuilder::with_cipher_suites()`] + /// by passing them to [`crate::ConfigBuilder::with_cipher_suites()`]. That + /// includes cipher suites implemented by a different `CryptoProvider`. + /// + /// The `SupportedCipherSuite` type carries both configuration and implementation. fn default_cipher_suites(&self) -> &'static [suites::SupportedCipherSuite]; /// Return a safe set of supported key exchange groups to be used as the defaults. @@ -174,7 +180,10 @@ pub trait CryptoProvider: Send + Sync + Debug + 'static { /// [`crate::ConfigBuilder::with_safe_default_kx_groups()`]. /// /// Other (non-default) key exchange groups can be provided separately and configured - /// by passing them to [`crate::ConfigBuilder::with_kx_groups()`]. + /// by passing them to [`crate::ConfigBuilder::with_kx_groups()`]. That includes + /// key exchange groups implemented by a different `CryptoProvider`. + /// + /// The `SupportedKxGroup` type carries both configuration and implementation. fn default_kx_groups(&self) -> &'static [&'static dyn SupportedKxGroup]; /// Decode and validate a private signing key from `key_der`. @@ -201,8 +210,11 @@ pub trait CryptoProvider: Send + Sync + Debug + 'static { /// A supported key exchange group. /// -/// This has a TLS-level name expressed using the [`NamedGroup`] enum, and +/// This type carries both configuration and implementation. Specifically, +/// it has a TLS-level name expressed using the [`NamedGroup`] enum, and /// a function which produces a [`ActiveKeyExchange`]. +/// +/// Compare with [`NamedGroup`], which carries solely a protocol identifier. pub trait SupportedKxGroup: Send + Sync + Debug { /// Start a key exchange. /// diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index da61b240e7..80c9e4bf98 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -42,6 +42,9 @@ pub struct CipherSuiteCommon { } /// A cipher suite supported by rustls. +/// +/// This type carries both configuration and implementation. Compare with +/// [`CipherSuite`], which carries solely a cipher suite identifier. #[derive(Clone, Copy, PartialEq)] pub enum SupportedCipherSuite { /// A TLS 1.2 cipher suite From 2463f991559242e2646f3999b9301ce2843059d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Thu, 16 Nov 2023 15:18:21 +0100 Subject: [PATCH 0440/1145] ci-bench: rewrite benchmarks in async style This is a necessary step towards sharing code between icount and wall-time benchmarks --- Cargo.lock | 1 + ci-bench/Cargo.toml | 1 + ci-bench/src/main.rs | 109 ++++++++++++++++++-------------- ci-bench/src/util.rs | 146 ++++++++++++++++++++++++++++++++++++------- 4 files changed, 187 insertions(+), 70 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3088add9f4..08f5933ecf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1736,6 +1736,7 @@ name = "rustls-ci-bench" version = "0.0.1" dependencies = [ "anyhow", + "async-trait", "byteorder", "clap", "fxhash", diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index 6eabb4c9b0..0f453408a9 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -8,6 +8,7 @@ publish = false [dependencies] anyhow = "1.0.73" +async-trait = "0.1.74" byteorder = "1.4.3" clap = { version = "4.3.21", features = ["derive"] } fxhash = "0.2.1" diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index ae87b22a09..e8ad47efe6 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -1,13 +1,14 @@ use std::collections::HashMap; use std::fs::{self, File}; use std::hint::black_box; -use std::io::{self, BufRead, BufReader, Read, Write}; +use std::io::{self, BufRead, BufReader, Write}; use std::mem; use std::os::fd::{AsRawFd, FromRawFd}; use std::path::{Path, PathBuf}; use std::sync::Arc; use anyhow::Context; +use async_trait::async_trait; use clap::{Parser, Subcommand, ValueEnum}; use fxhash::FxHashMap; use itertools::Itertools; @@ -26,6 +27,7 @@ use crate::benchmark::{ ResumptionKind, }; use crate::cachegrind::CachegrindRunner; +use crate::util::async_io::{self, AsyncRead, AsyncWrite}; use crate::util::transport::{ read_handshake_message, read_plaintext_to_end_bounded, send_handshake_message, write_all_plaintext_bounded, @@ -150,26 +152,32 @@ fn main() -> anyhow::Result<()> { writer: &mut stdout, handshake_buf, }; - let result = match side { - Side::Server => run_bench( - ServerSideStepper { - io, - config: ServerSideStepper::make_config(params, resumption_kind), - }, - bench.kind, - ), - Side::Client => run_bench( - ClientSideStepper { - io, - resumption_kind, - config: ClientSideStepper::make_config(params, resumption_kind), - }, - bench.kind, - ), - }; - - result - .with_context(|| format!("{} crashed for {} side", bench.name(), side.as_str()))?; + async_io::block_on_single_poll(async { + match side { + Side::Server => { + run_bench( + ServerSideStepper { + io, + config: ServerSideStepper::make_config(params, resumption_kind), + }, + bench.kind, + ) + .await + } + Side::Client => { + run_bench( + ClientSideStepper { + io, + resumption_kind, + config: ClientSideStepper::make_config(params, resumption_kind), + }, + bench.kind, + ) + .await + } + } + }) + .with_context(|| format!("{} crashed for {} side", bench.name(), side.as_str()))?; // Prevent stdin / stdout from being closed mem::forget(stdin); @@ -373,18 +381,19 @@ pub fn run_all( /// Drives the different steps in a benchmark. /// /// See [`run_bench`] for specific details on how it is used. +#[async_trait(?Send)] trait BenchStepper { type Endpoint; - fn handshake(&mut self) -> anyhow::Result; - fn sync_before_resumed_handshake(&mut self) -> anyhow::Result<()>; - fn transmit_data(&mut self, endpoint: &mut Self::Endpoint) -> anyhow::Result<()>; + async fn handshake(&mut self) -> anyhow::Result; + async fn sync_before_resumed_handshake(&mut self) -> anyhow::Result<()>; + async fn transmit_data(&mut self, endpoint: &mut Self::Endpoint) -> anyhow::Result<()>; } /// Stepper fields necessary for IO struct StepperIo<'a> { - reader: &'a mut dyn Read, - writer: &'a mut dyn Write, + reader: &'a mut dyn AsyncRead, + writer: &'a mut dyn AsyncWrite, handshake_buf: &'a mut [u8], } @@ -423,20 +432,21 @@ impl ClientSideStepper<'_> { } } +#[async_trait(?Send)] impl BenchStepper for ClientSideStepper<'_> { type Endpoint = ClientConnection; - fn handshake(&mut self) -> anyhow::Result { + async fn handshake(&mut self) -> anyhow::Result { let server_name = "localhost".try_into().unwrap(); let mut client = ClientConnection::new(self.config.clone(), server_name).unwrap(); client.set_buffer_limit(None); loop { - send_handshake_message(&mut client, self.io.writer, self.io.handshake_buf)?; + send_handshake_message(&mut client, self.io.writer, self.io.handshake_buf).await?; if !client.is_handshaking() && !client.wants_write() { break; } - read_handshake_message(&mut client, self.io.reader, self.io.handshake_buf)?; + read_handshake_message(&mut client, self.io.reader, self.io.handshake_buf).await?; } // Session ids and tickets are no longer part of the handshake in TLS 1.3, so we need to @@ -444,23 +454,23 @@ impl BenchStepper for ClientSideStepper<'_> { if self.resumption_kind != ResumptionKind::No && client.protocol_version().unwrap() == ProtocolVersion::TLSv1_3 { - read_handshake_message(&mut client, self.io.reader, self.io.handshake_buf)?; + read_handshake_message(&mut client, self.io.reader, self.io.handshake_buf).await?; } Ok(client) } - fn sync_before_resumed_handshake(&mut self) -> anyhow::Result<()> { + async fn sync_before_resumed_handshake(&mut self) -> anyhow::Result<()> { // The client syncs by receiving a single byte (we assert that it matches the `42` byte sent // by the server, just to be sure) let buf = &mut [0]; - self.io.reader.read_exact(buf)?; + self.io.reader.read_exact(buf).await?; assert_eq!(buf[0], 42); Ok(()) } - fn transmit_data(&mut self, endpoint: &mut Self::Endpoint) -> anyhow::Result<()> { - let total_plaintext_read = read_plaintext_to_end_bounded(endpoint, self.io.reader)?; + async fn transmit_data(&mut self, endpoint: &mut Self::Endpoint) -> anyhow::Result<()> { + let total_plaintext_read = read_plaintext_to_end_bounded(endpoint, self.io.reader).await?; assert_eq!(total_plaintext_read, TRANSFER_PLAINTEXT_SIZE); Ok(()) } @@ -497,37 +507,38 @@ impl ServerSideStepper<'_> { } } +#[async_trait(?Send)] impl BenchStepper for ServerSideStepper<'_> { type Endpoint = ServerConnection; - fn handshake(&mut self) -> anyhow::Result { + async fn handshake(&mut self) -> anyhow::Result { let mut server = ServerConnection::new(self.config.clone()).unwrap(); server.set_buffer_limit(None); while server.is_handshaking() { - read_handshake_message(&mut server, self.io.reader, self.io.handshake_buf)?; - send_handshake_message(&mut server, self.io.writer, self.io.handshake_buf)?; + read_handshake_message(&mut server, self.io.reader, self.io.handshake_buf).await?; + send_handshake_message(&mut server, self.io.writer, self.io.handshake_buf).await?; } Ok(server) } - fn sync_before_resumed_handshake(&mut self) -> anyhow::Result<()> { + async fn sync_before_resumed_handshake(&mut self) -> anyhow::Result<()> { // The server syncs by sending a single byte - self.io.writer.write_all(&[42])?; - self.io.writer.flush()?; + self.io.writer.write_all(&[42]).await?; + self.io.writer.flush().await?; Ok(()) } - fn transmit_data(&mut self, endpoint: &mut Self::Endpoint) -> anyhow::Result<()> { - write_all_plaintext_bounded(endpoint, self.io.writer, TRANSFER_PLAINTEXT_SIZE)?; + async fn transmit_data(&mut self, endpoint: &mut Self::Endpoint) -> anyhow::Result<()> { + write_all_plaintext_bounded(endpoint, self.io.writer, TRANSFER_PLAINTEXT_SIZE).await?; Ok(()) } } /// Runs the benchmark using the provided stepper -fn run_bench(mut stepper: T, kind: BenchmarkKind) -> anyhow::Result<()> { - let mut endpoint = stepper.handshake()?; +async fn run_bench(mut stepper: T, kind: BenchmarkKind) -> anyhow::Result<()> { + let mut endpoint = stepper.handshake().await?; match kind { BenchmarkKind::Handshake(ResumptionKind::No) => { @@ -543,12 +554,16 @@ fn run_bench(mut stepper: T, kind: BenchmarkKind) -> anyhow::Re // connection and be ready for a new handshake, otherwise the client will start a // handshake before the server is ready and the bytes will be fed to the old // connection!) - stepper.sync_before_resumed_handshake()?; - stepper.handshake()?; + stepper + .sync_before_resumed_handshake() + .await?; + stepper.handshake().await?; } } BenchmarkKind::Transfer => { - stepper.transmit_data(&mut endpoint)?; + stepper + .transmit_data(&mut endpoint) + .await?; } } diff --git a/ci-bench/src/util.rs b/ci-bench/src/util.rs index 098e11aa59..b12d1a17f5 100644 --- a/ci-bench/src/util.rs +++ b/ci-bench/src/util.rs @@ -35,8 +35,89 @@ impl KeyType { } } +pub mod async_io { + //! Async IO building blocks required for sharing code between the instruction count and + //! wall-time benchmarks + + use std::fs::File; + use std::future::Future; + use std::pin::pin; + use std::task::{Poll, RawWaker, RawWakerVTable, Waker}; + use std::{io, ptr, task}; + + use async_trait::async_trait; + + /// Block on a future that should complete in a single poll. + /// + /// Safe to use when the underlying futures are blocking (e.g. waiting for an IO operation to + /// complete, and returning Poll::Ready afterwards, without yielding in between). + /// + /// Useful when counting CPU instructions, because the server and the client side of the + /// connection run in two separate processes and communicate through stdio using blocking + /// operations. + pub fn block_on_single_poll( + future: impl Future>, + ) -> anyhow::Result<()> { + // We don't need a waker, because the future will complete in one go + let waker = noop_waker(); + let mut ctx = task::Context::from_waker(&waker); + + match pin!(future).poll(&mut ctx) { + Poll::Ready(result) => result, + Poll::Pending => { + panic!("the provided future did not finish after one poll!") + } + } + } + + // Copied from Waker::noop, which we cannot use directly because it hasn't been stabilized + fn noop_waker() -> Waker { + const VTABLE: RawWakerVTable = RawWakerVTable::new(|_| RAW, |_| {}, |_| {}, |_| {}); + const RAW: RawWaker = RawWaker::new(ptr::null(), &VTABLE); + unsafe { Waker::from_raw(RAW) } + } + + /// Read bytes asynchronously + #[async_trait(?Send)] + pub trait AsyncRead { + async fn read(&mut self, buf: &mut [u8]) -> io::Result; + async fn read_exact(&mut self, buf: &mut [u8]) -> io::Result<()>; + } + + /// Write bytes asynchronously + #[async_trait(?Send)] + pub trait AsyncWrite { + async fn write_all(&mut self, buf: &[u8]) -> io::Result<()>; + async fn flush(&mut self) -> io::Result<()>; + } + + // Blocking implementation of AsyncRead for files (used to read from stdin) + #[async_trait(?Send)] + impl AsyncRead for File { + async fn read(&mut self, buf: &mut [u8]) -> io::Result { + io::Read::read(self, buf) + } + + async fn read_exact(&mut self, buf: &mut [u8]) -> io::Result<()> { + io::Read::read_exact(self, buf) + } + } + + // Blocking implementation of AsyncWrite for files (used to write to stdout) + #[async_trait(?Send)] + impl AsyncWrite for File { + async fn write_all(&mut self, buf: &[u8]) -> io::Result<()> { + io::Write::write_all(self, buf) + } + + async fn flush(&mut self) -> io::Result<()> { + io::Write::flush(self) + } + } +} + pub mod transport { - //! This module implements custom functions to interact between rustls clients and a servers. + //! Custom functions to interact between rustls clients and a servers. //! //! The goal of these functions is to ensure messages are exchanged in chunks of a fixed size, to make //! instruction counts more deterministic. This is particularly important for the receiver of the @@ -49,9 +130,10 @@ pub mod transport { //! but that doesn't matter (we are measuring performance differences, and overhead is automatically //! ignored as long as it remains constant). + use super::async_io::{AsyncRead, AsyncWrite}; use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt}; use rustls::{ClientConnection, ConnectionCommon, ServerConnection, SideData}; - use std::io::{Read, Write}; + use std::io::{Cursor, Read, Write}; /// Sends one side's handshake data to the other side in one go. /// @@ -60,9 +142,9 @@ pub mod transport { /// length, followed by the message itself. /// /// The receiving end should use [`read_handshake_message`] to process the transmission. - pub fn send_handshake_message( + pub async fn send_handshake_message( conn: &mut ConnectionCommon, - writer: &mut dyn Write, + writer: &mut dyn AsyncWrite, buf: &mut [u8], ) -> anyhow::Result<()> { // Write all bytes the connection wants to send to an intermediate buffer @@ -83,9 +165,13 @@ pub mod transport { } // Write the whole buffer in one go, preceded by its length - writer.write_u32::(written as u32)?; - writer.write_all(&buf[..written])?; - writer.flush()?; + let mut length_buf = Vec::with_capacity(4); + length_buf.write_u32::(written as u32)?; + writer.write_all(&length_buf).await?; + writer + .write_all(&buf[..written]) + .await?; + writer.flush().await?; Ok(()) } @@ -94,20 +180,29 @@ pub mod transport { /// /// Used in combination with [`send_handshake_message`] (see that function's documentation for /// more details). - pub fn read_handshake_message( + pub async fn read_handshake_message( conn: &mut ConnectionCommon, - reader: &mut dyn Read, + reader: &mut dyn AsyncRead, buf: &mut [u8], ) -> anyhow::Result { - // Read the message to an intermediate buffer - let length = reader.read_u32::()? as usize; + // Read the length of the message to an intermediate buffer and parse it + let mut length_buf = [0; 4]; + reader + .read_exact(&mut length_buf) + .await?; + let length = Cursor::new(length_buf).read_u32::()? as usize; + + // Read the rest of the message to an intermediate buffer if length >= buf.len() { anyhow::bail!( - "Not enough space in buffer for incoming message (msg len = {length}, buf len = {})", - buf.len() - ); + "Not enough space in buffer for incoming message (msg len = {length}, buf len = {})", + buf.len() + ); } - reader.read_exact(&mut buf[..length])?; + + reader + .read_exact(&mut buf[..length]) + .await?; // Feed the data to rustls let in_memory_reader = &mut &buf[..length]; @@ -121,9 +216,9 @@ pub mod transport { /// Reads plaintext until the reader reaches EOF, using a bounded amount of memory. /// /// Returns the amount of plaintext bytes received. - pub fn read_plaintext_to_end_bounded( + pub async fn read_plaintext_to_end_bounded( client: &mut ClientConnection, - reader: &mut dyn Read, + reader: &mut dyn AsyncRead, ) -> anyhow::Result { let mut chunk_buf = [0u8; 262_144]; let mut plaintext_buf = [0u8; 262_144]; @@ -133,7 +228,9 @@ pub mod transport { // Read until the whole chunk is received let mut chunk_buf_end = 0; while chunk_buf_end != chunk_buf.len() { - let read = reader.read(&mut chunk_buf[chunk_buf_end..])?; + let read = reader + .read(&mut chunk_buf[chunk_buf_end..]) + .await?; if read == 0 { // Stream closed break; @@ -171,12 +268,12 @@ pub mod transport { } /// Writes a plaintext of size `plaintext_size`, using a bounded amount of memory - pub fn write_all_plaintext_bounded( + pub async fn write_all_plaintext_bounded( server: &mut ServerConnection, - writer: &mut dyn Write, + writer: &mut dyn AsyncWrite, plaintext_size: usize, ) -> anyhow::Result<()> { - let send_buf = [0u8; 262_144]; + let mut send_buf = [0u8; 262_144]; assert_eq!(plaintext_size % send_buf.len(), 0); let iterations = plaintext_size / send_buf.len(); @@ -185,8 +282,11 @@ pub mod transport { // Empty the server's buffer, so we can re-fill it in the next iteration while server.wants_write() { - server.write_tls(writer)?; - writer.flush()?; + let written = server.write_tls(&mut send_buf.as_mut())?; + writer + .write_all(&send_buf[..written]) + .await?; + writer.flush().await?; } } From c005236270fac9632aeb9c874402148b1b473a9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Thu, 16 Nov 2023 15:19:54 +0100 Subject: [PATCH 0441/1145] ci-bench: add wall-time mode --- ci-bench/README.md | 78 ++++++++++--- ci-bench/src/main.rs | 77 ++++++++++++ ci-bench/src/util.rs | 273 ++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 408 insertions(+), 20 deletions(-) diff --git a/ci-bench/README.md b/ci-bench/README.md index 2f38c04bcf..14ff49a2cb 100644 --- a/ci-bench/README.md +++ b/ci-bench/README.md @@ -1,14 +1,17 @@ # CI Bench -This crate is meant for CI benchmarking. It measures CPU instructions using `cachegrind`, outputs -the results in CSV format and allows comparing results from multiple runs. +This crate is meant for CI benchmarking. It has two modes of operation: + +1. Measure CPU instructions using `cachegrind`. +2. Measure wall-time (runs each benchmark multiple times, leaving it to the caller to do statistical + analysis). ## Usage You can get detailed usage information through `cargo run --release -- --help`. Below are the most important bits. -### Running all benchmarks +### Running all benchmarks in instruction count mode _Note: this step requires having `valgrind` in your path._ @@ -37,7 +40,24 @@ are useful to report detailed instruction count differences when comparing two b subdirectory also contains log information from cachegrind itself (in `.log` files), which can be used to diagnose unexpected cachegrind crashes. -### Comparing results +### Running all benchmarks in wall-time mode + +Use `cargo run --release -- walltime --iterations-per-scenario 3` to print the CSV results to stdout +(we use 3 iterations here for demonstration purposes, but recommend 100 iterations to deal with +noise). The output should look like the following (one column per iteration): + +```csv +handshake_no_resume_ring_1.2_rsa_aes,6035261,1714158,977368 +handshake_session_id_ring_1.2_rsa_aes,1537632,2445849,1766888 +handshake_tickets_ring_1.2_rsa_aes,1553743,2418286,1636431 +transfer_no_resume_ring_1.2_rsa_aes,10192862,10374258,8988854 +handshake_no_resume_ring_1.3_rsa_aes,1010150,1400602,936029 +... +... rest omitted for brevity +... +``` + +### Comparing results from an instruction count benchmark run Use `cargo run --release -- compare foo bar`. It will output a report using GitHub-flavored markdown (used by the CI itself to give feedback about PRs). We currently consider differences of 0.2% to be @@ -62,17 +82,19 @@ with names like `transfer_no_resume_1.3_rsa_aes_client`. We have made an effort to heavily document the source code of the benchmarks. In addition to that, here are some high-level considerations that can help you hack on the crate. -### Architecture +### Environment configuration -An important goal of this benchmarking setup is that it should run with minimum noise on -standard GitHub Actions runners. We achieve that by measuring CPU instructions using `cachegrind`, -which runs fine on the cloud (contrary to hardware instruction counters). This is the same -approach used by the [iai](https://crates.io/crates/iai) benchmarking crate, but we needed more -flexibility and have therefore rolled our own setup. +An important goal of this benchmarking setup is that it should run with minimal noise. Measuring CPU +instructions using `cachegrind` yields excellent results, regardless of your environment. The +wall-time benchmarks, however, require a more elaborate benchmarking environment: running them on a +laptop is too noisy, but running them on a carefully configured bare-metal server yields accurate +measurements (up to 1% resolution, according to our tests). + +### Instruction count mode Using `cachegrind` has some architectural consequences because it operates at the process level -(i.e. it can count CPU instructions for a whole process, but not for a single function). The -most important consequences are: +(i.e. it can count CPU instructions for a whole process, but not for a single function). The most +important consequences when running in instruction count mode are: - Since we want to measure server and client instruction counts separately, the benchmark runner spawns two child processes for each benchmark (one for the client, one for the server) and pipes @@ -85,18 +107,36 @@ most important consequences are: subtracted from it. We are currently using this to subtract the handshake instructions from the data transfer benchmark. -### Debugging - -If you need to debug the crate, here are a few tricks that might help: +If you need to debug benchmarks in instruction count mode, here are a few tricks that might help: - For printf debugging, you should use `eprintln!`, because child processes use stdio as the transport for the TLS connection (i.e. if you print something to stdout, you won't even see it _and_ the other side of the connection will choke on it). - When using a proper debugger, remember that each side of the connection runs as a child process. - If necessary, you can tweak the code to ensure both sides of the connection run on the parent - process (e.g. by starting each side on its own thread and having them communicate through TCP). - This should require little effort, because the TLS transport layer is encapsulated and generic - over `Read` and `Write`. + +### Wall-time mode + +To increase determinism, it is important that wall-time mode benchmarks run in a single process and +thread. All IO is done in-memory and there is no complex setup like in the case of the instruction +counting mode. Because of this, the easiest way to debug the crate is by running the benchmarks in +wall-time mode. + +### Code reuse between benchmarking modes + +Originally, we only supported the instruction count mode, implemented using blocking IO. Even though +the code was generic over the `Reader` and `Writer`, it could not be reused for the wall-time mode +because it was blocking (e.g. if the client side of the connection is waiting for a read, the thread +is blocked and the server never gets a chance to write). + +The solution was to: + +1. Rewrite the IO code to use async / await. +2. Keep using blocking operations under the hood in instruction-count mode, disguised as `Future`s + that complete after a single `poll`. This way we avoid using an async runtime, which could + introduce non-determinism. +3. Use non-blocking operations under the hood in wall-time mode, which simulate IO through shared + in-memory buffers. The server and client `Future`s are polled in turns, so again we we avoid + pulling in an async runtime and keep things as deterministic as possible. ### Why measure CPU instructions diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index e8ad47efe6..2b44c7ee2a 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -6,6 +6,7 @@ use std::mem; use std::os::fd::{AsRawFd, FromRawFd}; use std::path::{Path, PathBuf}; use std::sync::Arc; +use std::time::Instant; use anyhow::Context; use async_trait::async_trait; @@ -77,6 +78,11 @@ pub enum Command { }, /// Run a single benchmark at the provided index (used by the bench runner to start each benchmark in its own process) RunSingle { index: u32, side: Side }, + /// Run all benchmarks in walltime mode and print the measured timings in CSV format + Walltime { + #[arg(short, long)] + iterations_per_scenario: usize, + }, /// Compare the results from two previous benchmark runs and print a user-friendly markdown overview Compare { /// Path to the directory with the results of a previous `run-all` execution @@ -183,6 +189,77 @@ fn main() -> anyhow::Result<()> { mem::forget(stdin); mem::forget(stdout); } + Command::Walltime { + iterations_per_scenario, + } => { + let mut timings = vec![Vec::with_capacity(iterations_per_scenario); benchmarks.len()]; + for _ in 0..iterations_per_scenario { + for (i, bench) in benchmarks.iter().enumerate() { + let start = Instant::now(); + + // The variables below are used to initialize the client and server configs. We + // let them go through `black_box` to ensure the optimizer doesn't take + // advantage of knowing both the client and the server side of the + // configuration. + let resumption_kind = black_box(bench.kind.resumption_kind()); + let params = black_box(&bench.params); + + let (mut client_writer, mut server_reader) = async_io::async_pipe(262144); + let (mut server_writer, mut client_reader) = async_io::async_pipe(262144); + + let server_side = async move { + let handshake_buf = &mut [0u8; 262144]; + run_bench( + ServerSideStepper { + io: StepperIo { + reader: &mut server_reader, + writer: &mut server_writer, + handshake_buf, + }, + config: ServerSideStepper::make_config(params, resumption_kind), + }, + bench.kind, + ) + .await + }; + + let client_side = async move { + let handshake_buf = &mut [0u8; 262144]; + run_bench( + ClientSideStepper { + io: StepperIo { + reader: &mut client_reader, + writer: &mut client_writer, + handshake_buf, + }, + resumption_kind, + config: ClientSideStepper::make_config(params, resumption_kind), + }, + bench.kind, + ) + .await + }; + + let (client_result, server_result) = + async_io::block_on_concurrent(client_side, server_side); + client_result + .with_context(|| format!("client side of {} crashed", bench.name()))?; + server_result + .with_context(|| format!("server side of {} crashed", bench.name()))?; + + timings[i].push(start.elapsed()); + } + } + + // Output the results + for (i, bench_timings) in timings.into_iter().enumerate() { + print!("{}", benchmarks[i].name()); + for timing in bench_timings { + print!(",{}", timing.as_nanos()) + } + println!(); + } + } Command::Compare { baseline_dir, candidate_dir, diff --git a/ci-bench/src/util.rs b/ci-bench/src/util.rs index b12d1a17f5..560228072f 100644 --- a/ci-bench/src/util.rs +++ b/ci-bench/src/util.rs @@ -39,9 +39,12 @@ pub mod async_io { //! Async IO building blocks required for sharing code between the instruction count and //! wall-time benchmarks + use std::cell::{Cell, RefCell}; + use std::collections::VecDeque; use std::fs::File; use std::future::Future; - use std::pin::pin; + use std::pin::{pin, Pin}; + use std::rc::Rc; use std::task::{Poll, RawWaker, RawWakerVTable, Waker}; use std::{io, ptr, task}; @@ -70,6 +73,61 @@ pub mod async_io { } } + /// Block on two futures that are run concurrently and return their results. + /// + /// Useful when measuring wall-time, because the server and the client side of the connection + /// run in a single process _and_ thread to minimize noise. Each side of the connection runs + /// inside its own future and they are polled in turns. + /// + /// Using this together with blocking futures can lead to deadlocks (i.e. when one of the + /// futures is blocked while it waits on a message from the other). + pub fn block_on_concurrent( + x: impl Future>, + y: impl Future>, + ) -> (anyhow::Result<()>, anyhow::Result<()>) { + let mut x = pin!(x); + let mut y = pin!(y); + + // The futures won't complete right away, but since there are only two of them we can poll + // them in turns without a more complex waking mechanism. + let waker = noop_waker(); + let mut ctx = task::Context::from_waker(&waker); + + let mut x_output = None; + let mut y_output = None; + + // Fuel makes sure we can exit a potential infinite loop if the futures are endlessly + // waiting on each other due to a bug (e.g. a read without a corresponding write) + let mut fuel = 1_000; + loop { + let futures_done = x_output.is_some() && y_output.is_some(); + if futures_done || fuel == 0 { + break; + } + + fuel -= 1; + + if x_output.is_none() { + match x.as_mut().poll(&mut ctx) { + Poll::Ready(output) => x_output = Some(output), + Poll::Pending => {} + } + } + + if y_output.is_none() { + match y.as_mut().poll(&mut ctx) { + Poll::Ready(output) => y_output = Some(output), + Poll::Pending => {} + } + } + } + + match (x_output, y_output) { + (Some(x_output), Some(y_output)) => (x_output, y_output), + _ => panic!("at least one of the futures seems to be stuck"), + } + } + // Copied from Waker::noop, which we cannot use directly because it hasn't been stabilized fn noop_waker() -> Waker { const VTABLE: RawWakerVTable = RawWakerVTable::new(|_| RAW, |_| {}, |_| {}, |_| {}); @@ -114,6 +172,219 @@ pub mod async_io { io::Write::flush(self) } } + + /// Creates an unidirectional byte pipe of the given capacity, suitable for async reading and + /// writing + pub fn async_pipe(capacity: usize) -> (AsyncSender, AsyncReceiver) { + let open = Rc::new(Cell::new(true)); + let buf = Rc::new(RefCell::new(VecDeque::with_capacity(capacity))); + ( + AsyncSender { + inner: AsyncPipeSide { + open: open.clone(), + buf: buf.clone(), + }, + }, + AsyncReceiver { + inner: AsyncPipeSide { open, buf }, + }, + ) + } + + /// The sender end of an asynchronous byte pipe + pub struct AsyncSender { + inner: AsyncPipeSide, + } + + /// The receiver end of an asynchronous byte pipe + pub struct AsyncReceiver { + inner: AsyncPipeSide, + } + + struct AsyncPipeSide { + open: Rc>, + buf: Rc>>, + } + + impl Drop for AsyncPipeSide { + fn drop(&mut self) { + self.open.set(false); + } + } + + #[async_trait(?Send)] + impl AsyncRead for AsyncReceiver { + async fn read(&mut self, buf: &mut [u8]) -> io::Result { + AsyncPipeReadFuture { + reader: self, + user_buf: buf, + } + .await + } + + async fn read_exact(&mut self, buf: &mut [u8]) -> io::Result<()> { + let mut read = 0; + while read < buf.len() { + read += self.read(&mut buf[read..]).await?; + } + + Ok(()) + } + } + + #[async_trait(?Send)] + impl AsyncWrite for AsyncSender { + async fn write_all(&mut self, buf: &[u8]) -> io::Result<()> { + AsyncPipeWriteFuture { + writer: self, + user_buf: buf, + } + .await + } + + async fn flush(&mut self) -> io::Result<()> { + Ok(()) + } + } + + struct AsyncPipeReadFuture<'a> { + reader: &'a AsyncReceiver, + user_buf: &'a mut [u8], + } + + impl<'a> Future for AsyncPipeReadFuture<'a> { + type Output = io::Result; + + fn poll(mut self: Pin<&mut Self>, _: &mut task::Context<'_>) -> Poll { + let inner_buf = &mut self.reader.inner.buf.borrow_mut(); + if inner_buf.is_empty() { + return if self.reader.inner.open.get() { + // Wait for data to arrive, or EOF + Poll::Pending + } else { + // EOF + Poll::Ready(Ok(0)) + }; + } + + let bytes_to_write = inner_buf.len().min(self.user_buf.len()); + + // This is a convoluted way to copy the bytes from the inner buffer into the user's + // buffer + let (first_half, second_half) = inner_buf.as_slices(); + let bytes_to_write_from_first_half = first_half.len().min(bytes_to_write); + let bytes_to_write_from_second_half = + bytes_to_write.saturating_sub(bytes_to_write_from_first_half); + self.user_buf[..bytes_to_write_from_first_half] + .copy_from_slice(&first_half[..bytes_to_write_from_first_half]); + self.user_buf[bytes_to_write_from_first_half..bytes_to_write] + .copy_from_slice(&second_half[..bytes_to_write_from_second_half]); + + inner_buf.drain(..bytes_to_write); + + Poll::Ready(Ok(bytes_to_write)) + } + } + + struct AsyncPipeWriteFuture<'a> { + writer: &'a AsyncSender, + user_buf: &'a [u8], + } + + impl<'a> Future for AsyncPipeWriteFuture<'a> { + type Output = io::Result<()>; + + fn poll(mut self: Pin<&mut Self>, _: &mut task::Context<'_>) -> Poll { + if !self.writer.inner.open.get() { + return Poll::Ready(Err(io::Error::new( + io::ErrorKind::Other, + "channel was closed", + ))); + } + + let mut pipe_buf = self.writer.inner.buf.borrow_mut(); + let capacity_left = pipe_buf.capacity() - pipe_buf.len(); + let bytes_to_write = self.user_buf.len().min(capacity_left); + pipe_buf.extend(&self.user_buf[..bytes_to_write]); + + if self.user_buf.len() > capacity_left { + self.user_buf = &self.user_buf[bytes_to_write..]; + + // Continue writing later once capacity is available + Poll::Pending + } else { + Poll::Ready(Ok(())) + } + } + } + + #[cfg(test)] + mod test { + use super::*; + + #[test] + fn test_block_on_concurrent_minimal_capacity() { + test_block_on_concurrent(1); + } + + #[test] + fn test_block_on_concurrent_enough_capacity() { + test_block_on_concurrent(100); + } + + fn test_block_on_concurrent(capacity: usize) { + let (mut server_writer, mut client_reader) = async_pipe(capacity); + let (mut client_writer, mut server_reader) = async_pipe(capacity); + + let client = async { + client_writer + .write_all(b"hello") + .await + .unwrap(); + + let mut buf = [0; 2]; + client_reader + .read_exact(&mut buf) + .await + .unwrap(); + assert_eq!(&buf, b"42"); + + client_writer + .write_all(b"bye bye") + .await + .unwrap(); + + Ok(()) + }; + + let server = async { + let mut buf = [0; 5]; + server_reader + .read_exact(&mut buf) + .await + .unwrap(); + assert_eq!(&buf, b"hello"); + + server_writer + .write_all(b"42") + .await + .unwrap(); + + let mut buf = [0; 7]; + server_reader + .read_exact(&mut buf) + .await + .unwrap(); + assert_eq!(&buf, b"bye bye"); + + Ok(()) + }; + + let (client_result, server_result) = block_on_concurrent(client, server); + client_result.unwrap(); + server_result.unwrap(); + } + } } pub mod transport { From 06f3dcf28c4e56ac8c0ce7ba79106a934dbd3a68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Thu, 16 Nov 2023 15:20:31 +0100 Subject: [PATCH 0442/1145] ci-bench: transfer more bytes to reduce noise --- ci-bench/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 2b44c7ee2a..4570e439c4 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -40,7 +40,7 @@ mod cachegrind; mod util; /// The size in bytes of the plaintext sent in the transfer benchmark -const TRANSFER_PLAINTEXT_SIZE: usize = 1024 * 1024; +const TRANSFER_PLAINTEXT_SIZE: usize = 1024 * 1024 * 10; // 10 MB /// The amount of times a resumed handshake should be executed during benchmarking. /// From 34c6e205b61bd0c0dfcdc9479a5475272234ea63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Thu, 16 Nov 2023 15:20:51 +0100 Subject: [PATCH 0443/1145] ci-bench: simplify clap command --- ci-bench/src/main.rs | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 4570e439c4..1197cec5ec 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -71,10 +71,10 @@ pub struct Cli { #[derive(Subcommand)] pub enum Command { - /// Run all benchmarks and prints the measured CPU instruction counts in CSV format + /// Run all benchmarks and print the measured CPU instruction counts in CSV format RunAll { - #[arg(short, long)] - output_dir: Option, + #[arg(short, long, default_value = "target/ci-bench")] + output_dir: PathBuf, }, /// Run a single benchmark at the provided index (used by the bench runner to start each benchmark in its own process) RunSingle { index: u32, side: Side }, @@ -115,7 +115,6 @@ fn main() -> anyhow::Result<()> { match cli.command { Command::RunAll { output_dir } => { let executable = std::env::args().next().unwrap(); - let output_dir = output_dir.unwrap_or("target/ci-bench".into()); let results = run_all(executable, output_dir.clone(), &benchmarks)?; // Output results in CSV (note: not using a library here to avoid extra dependencies) From c5141323679de733f74a74f73242d1d99d655a07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Fri, 17 Nov 2023 10:11:42 +0100 Subject: [PATCH 0444/1145] ci-bench: replace magic number with constant --- ci-bench/src/main.rs | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 1197cec5ec..b2cc127f79 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -62,6 +62,9 @@ const CHANGE_THRESHOLD: f64 = 0.002; // 0.2% /// The name of the file where the instruction counts are stored after a `run-all` run const ICOUNTS_FILENAME: &str = "icounts.csv"; +/// Default size in bytes for internal buffers (256 KB) +const DEFAULT_BUFFER_SIZE: usize = 262144; + #[derive(Parser)] #[command(about)] pub struct Cli { @@ -149,7 +152,7 @@ fn main() -> anyhow::Result<()> { let mut stdin = unsafe { File::from_raw_fd(stdin_lock.as_raw_fd()) }; let mut stdout = unsafe { File::from_raw_fd(stdout_lock.as_raw_fd()) }; - let handshake_buf = &mut [0u8; 262144]; + let handshake_buf = &mut [0u8; DEFAULT_BUFFER_SIZE]; let resumption_kind = black_box(bench.kind.resumption_kind()); let params = black_box(&bench.params); let io = StepperIo { @@ -203,11 +206,13 @@ fn main() -> anyhow::Result<()> { let resumption_kind = black_box(bench.kind.resumption_kind()); let params = black_box(&bench.params); - let (mut client_writer, mut server_reader) = async_io::async_pipe(262144); - let (mut server_writer, mut client_reader) = async_io::async_pipe(262144); + let (mut client_writer, mut server_reader) = + async_io::async_pipe(DEFAULT_BUFFER_SIZE); + let (mut server_writer, mut client_reader) = + async_io::async_pipe(DEFAULT_BUFFER_SIZE); let server_side = async move { - let handshake_buf = &mut [0u8; 262144]; + let handshake_buf = &mut [0u8; DEFAULT_BUFFER_SIZE]; run_bench( ServerSideStepper { io: StepperIo { @@ -223,7 +228,7 @@ fn main() -> anyhow::Result<()> { }; let client_side = async move { - let handshake_buf = &mut [0u8; 262144]; + let handshake_buf = &mut [0u8; DEFAULT_BUFFER_SIZE]; run_bench( ClientSideStepper { io: StepperIo { From c06979e2a87d25f660d295ba8b49a635626c31b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Fri, 17 Nov 2023 15:45:25 +0100 Subject: [PATCH 0445/1145] ci-bench: remove unnecessary `black_box` The usage of black box was originally introduced to to ensure the optimizer didn't take advantage of knowing both the client and the server side of the configuration. However, in this case, the server and the client run in different processes, so each side of the connection has no compile-time information about the other side. --- ci-bench/src/main.rs | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index b2cc127f79..200ffdbc56 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -153,8 +153,7 @@ fn main() -> anyhow::Result<()> { let mut stdout = unsafe { File::from_raw_fd(stdout_lock.as_raw_fd()) }; let handshake_buf = &mut [0u8; DEFAULT_BUFFER_SIZE]; - let resumption_kind = black_box(bench.kind.resumption_kind()); - let params = black_box(&bench.params); + let resumption_kind = bench.kind.resumption_kind(); let io = StepperIo { reader: &mut stdin, writer: &mut stdout, @@ -166,7 +165,10 @@ fn main() -> anyhow::Result<()> { run_bench( ServerSideStepper { io, - config: ServerSideStepper::make_config(params, resumption_kind), + config: ServerSideStepper::make_config( + &bench.params, + resumption_kind, + ), }, bench.kind, ) @@ -177,7 +179,10 @@ fn main() -> anyhow::Result<()> { ClientSideStepper { io, resumption_kind, - config: ClientSideStepper::make_config(params, resumption_kind), + config: ClientSideStepper::make_config( + &bench.params, + resumption_kind, + ), }, bench.kind, ) From 93086c04a1377a28bdd793006a18fa2d70f2df45 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 23 Nov 2023 11:22:53 +0100 Subject: [PATCH 0446/1145] Inline single-use helper method --- rustls/src/client/client_conn.rs | 12 ------------ rustls/src/client/hs.rs | 5 +++-- 2 files changed, 3 insertions(+), 14 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index d37eaa9ba3..84144f88cc 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -402,18 +402,6 @@ impl fmt::Debug for ServerName { } } -impl ServerName { - /// Return the name that should go in the SNI extension. - /// If [`None`] is returned, the SNI extension is not included - /// in the handshake. - pub(crate) fn for_sni(&self) -> Option { - match self { - Self::DnsName(dns_name) => Some(dns_name.borrow()), - Self::IpAddress(_) => None, - } - } -} - /// Attempt to make a ServerName from a string by parsing /// it as a DNS name. impl TryFrom<&str> for ServerName { diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 61d77019fe..39a3a136d8 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -232,8 +232,9 @@ fn emit_client_hello_for_retry( ClientExtension::CertificateStatusRequest(CertificateStatusRequest::build_ocsp()), ]; - if let (Some(sni_name), true) = (input.server_name.for_sni(), config.enable_sni) { - exts.push(ClientExtension::make_sni(sni_name)); + if let (ServerName::DnsName(sni_name), true) = (&input.server_name, config.enable_sni) { + // We only want to send the SNI extension if the server name contains a DNS name. + exts.push(ClientExtension::make_sni(sni_name.borrow())); } if let Some(key_share) = &key_share { From ab5e2a917b5ac732693d984ce1575c0eec93f088 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 23 Nov 2023 22:39:31 +0100 Subject: [PATCH 0447/1145] Upgrade to latest rustls-pemfile --- Cargo.lock | 10 +++++----- ci-bench/Cargo.toml | 2 +- ci-bench/src/util.rs | 4 +--- examples/Cargo.toml | 2 +- rustls/Cargo.toml | 2 +- 5 files changed, 9 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 08f5933ecf..9fd63afda0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1722,7 +1722,7 @@ dependencies = [ "env_logger", "log", "ring 0.17.5", - "rustls-pemfile 2.0.0-alpha.1", + "rustls-pemfile 2.0.0-alpha.2", "rustls-pki-types", "rustls-webpki 0.102.0-alpha.6", "rustversion", @@ -1743,7 +1743,7 @@ dependencies = [ "itertools", "rayon", "rustls 0.22.0-alpha.4", - "rustls-pemfile 2.0.0-alpha.1", + "rustls-pemfile 2.0.0-alpha.2", "rustls-pki-types", ] @@ -1767,7 +1767,7 @@ dependencies = [ "mio", "rcgen", "rustls 0.22.0-alpha.4", - "rustls-pemfile 2.0.0-alpha.1", + "rustls-pemfile 2.0.0-alpha.2", "rustls-pki-types", "serde", "serde_derive", @@ -1785,9 +1785,9 @@ dependencies = [ [[package]] name = "rustls-pemfile" -version = "2.0.0-alpha.1" +version = "2.0.0-alpha.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4aaa4fe93b39faddb6a8f99568c3e5880680156da0d46818e884a071381f67fe" +checksum = "4e9975e1f0807681e097d288d545dc40c98a4d3a6ef95a40b18d00e5e4daa9a4" dependencies = [ "base64", "rustls-pki-types", diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index 0f453408a9..a44e9f57f6 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -16,4 +16,4 @@ itertools = "0.12" pki-types = { package = "rustls-pki-types", version = "0.2" } rayon = "1.7.0" rustls = { path = "../rustls", features = ["ring", "aws_lc_rs"] } -rustls-pemfile = "2.0.0-alpha.1" +rustls-pemfile = "=2.0.0-alpha.2" diff --git a/ci-bench/src/util.rs b/ci-bench/src/util.rs index 560228072f..21c3964013 100644 --- a/ci-bench/src/util.rs +++ b/ci-bench/src/util.rs @@ -25,13 +25,11 @@ impl KeyType { } pub(crate) fn get_key(&self) -> PrivateKeyDer<'static> { - rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( + rustls_pemfile::private_key(&mut io::BufReader::new( fs::File::open(self.path_for("end.key")).unwrap(), )) - .next() .unwrap() .unwrap() - .into() } } diff --git a/examples/Cargo.toml b/examples/Cargo.toml index b33d7afc62..a4c10925a2 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -14,7 +14,7 @@ mio = { version = "0.8", features = ["net", "os-poll"] } pki-types = { package = "rustls-pki-types", version = "0.2" } rcgen = { version = "0.11.3", features = ["pem"], default-features = false } rustls = { path = "../rustls", features = [ "logging" ]} -rustls-pemfile = "=2.0.0-alpha.1" +rustls-pemfile = "=2.0.0-alpha.2" serde = "1.0" serde_derive = "1.0" webpki-roots = "=0.26.0-alpha.1" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index a0b989ae19..a274c57ddf 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -37,7 +37,7 @@ bencher = "0.1.5" env_logger = "0.10" log = "0.4.4" webpki-roots = "=0.26.0-alpha.1" -rustls-pemfile = "=2.0.0-alpha.1" +rustls-pemfile = "=2.0.0-alpha.2" base64 = "0.21" [[example]] From 26ec868b8c03a872b37e7d4604d9f6ed38ea5189 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 21 Nov 2023 12:59:59 +0100 Subject: [PATCH 0448/1145] Migrate to pki-types ServerName --- Cargo.lock | 22 +- examples/Cargo.toml | 4 +- examples/src/bin/simple_0rtt_client.rs | 8 +- examples/src/bin/tlsclient-mio.rs | 16 +- fuzz/Cargo.lock | 9 +- fuzz/Cargo.toml | 9 +- fuzz/fuzzers/server_name.rs | 2 +- provider-example/Cargo.toml | 6 +- rustls/Cargo.toml | 6 +- rustls/examples/internal/bogo_shim_impl.rs | 33 +-- rustls/src/client/client_conn.rs | 92 ++----- rustls/src/client/handy.rs | 50 ++-- rustls/src/client/hs.rs | 14 +- rustls/src/client/tls12.rs | 28 +-- rustls/src/client/tls13.rs | 26 +- rustls/src/dns_name.rs | 274 --------------------- rustls/src/lib.rs | 7 +- rustls/src/msgs/handshake.rs | 30 +-- rustls/src/msgs/handshake_test.rs | 5 +- rustls/src/msgs/persist.rs | 13 +- rustls/src/quic.rs | 6 +- rustls/src/server/handy.rs | 8 +- rustls/src/server/hs.rs | 3 +- rustls/src/server/server_conn.rs | 7 +- rustls/src/verify.rs | 5 +- rustls/src/webpki/anchors.rs | 6 +- rustls/src/webpki/server_verifier.rs | 6 +- rustls/src/webpki/verify.rs | 34 +-- rustls/tests/api.rs | 40 +-- rustls/tests/common/mod.rs | 8 +- rustls/tests/ech.rs | 4 +- rustls/tests/server_cert_verifier.rs | 4 +- 32 files changed, 220 insertions(+), 565 deletions(-) delete mode 100644 rustls/src/dns_name.rs diff --git a/Cargo.lock b/Cargo.lock index 9fd63afda0..69079d3b29 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1724,10 +1724,10 @@ dependencies = [ "ring 0.17.5", "rustls-pemfile 2.0.0-alpha.2", "rustls-pki-types", - "rustls-webpki 0.102.0-alpha.6", + "rustls-webpki 0.102.0-alpha.7", "rustversion", "subtle", - "webpki-roots 0.26.0-alpha.1", + "webpki-roots 0.26.0-alpha.2", "zeroize", ] @@ -1771,7 +1771,7 @@ dependencies = [ "rustls-pki-types", "serde", "serde_derive", - "webpki-roots 0.26.0-alpha.1", + "webpki-roots 0.26.0-alpha.2", ] [[package]] @@ -1795,9 +1795,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a47003264dea418db67060fa420ad16d0d2f8f0a0360d825c00e177ac52cb5d8" +checksum = "cdf0cbc2bc68777eb846b2b7fedf03807bb763adc585bf006ac2fa2884daa9d1" [[package]] name = "rustls-provider-example" @@ -1819,12 +1819,12 @@ dependencies = [ "rsa", "rustls 0.22.0-alpha.4", "rustls-pki-types", - "rustls-webpki 0.102.0-alpha.6", + "rustls-webpki 0.102.0-alpha.7", "serde", "serde_json", "sha2", "signature", - "webpki-roots 0.26.0-alpha.1", + "webpki-roots 0.26.0-alpha.2", "x25519-dalek", ] @@ -1840,9 +1840,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.102.0-alpha.6" +version = "0.102.0-alpha.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34d9ed3a8267782ba32d257ff5b197b63eef19a467dbd1be011caaae35ee416e" +checksum = "39c0e946e5f395d68bfc4a43e9b584d2169c2685e2c584a268b6d7ef8117bcfa" dependencies = [ "aws-lc-rs", "ring 0.17.5", @@ -2336,9 +2336,9 @@ checksum = "14247bb57be4f377dfb94c72830b8ce8fc6beac03cf4bf7b9732eadd414123fc" [[package]] name = "webpki-roots" -version = "0.26.0-alpha.1" +version = "0.26.0-alpha.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42157929d7ca9c353222a4d1763c52ef86d25d0fd2eca66076df5975fd4e25ed" +checksum = "87e3d99d80231fabcc72d887ed09f843b7f3942c75907285e51112a46c8f6f81" dependencies = [ "rustls-pki-types", ] diff --git a/examples/Cargo.toml b/examples/Cargo.toml index a4c10925a2..11fa6c79ca 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -11,10 +11,10 @@ docopt = "~1.1" env_logger = "0.10" log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } -pki-types = { package = "rustls-pki-types", version = "0.2" } +pki-types = { package = "rustls-pki-types", version = "0.2.2", features = ["std"] } rcgen = { version = "0.11.3", features = ["pem"], default-features = false } rustls = { path = "../rustls", features = [ "logging" ]} rustls-pemfile = "=2.0.0-alpha.2" serde = "1.0" serde_derive = "1.0" -webpki-roots = "=0.26.0-alpha.1" +webpki-roots = "=0.26.0-alpha.2" diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index 00add57621..242a77ddf8 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -2,12 +2,14 @@ use std::io::{BufRead, BufReader, Write}; use std::net::TcpStream; use std::sync::Arc; +use pki_types::ServerName; + use rustls::RootCertStore; fn start_connection(config: &Arc, domain_name: &str) { - let server_name = domain_name - .try_into() - .expect("invalid DNS name"); + let server_name = ServerName::try_from(domain_name) + .expect("invalid DNS name") + .to_owned(); let mut conn = rustls::ClientConnection::new(Arc::clone(config), server_name).unwrap(); let mut sock = TcpStream::connect(format!("{}:443", domain_name)).unwrap(); sock.set_nodelay(true).unwrap(); diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 1716c368b6..de9292eac1 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -5,7 +5,7 @@ use std::{fs, process, str}; use docopt::Docopt; use mio::net::TcpStream; -use pki_types::{CertificateDer, PrivateKeyDer}; +use pki_types::{CertificateDer, PrivateKeyDer, ServerName}; use serde::Deserialize; use rustls::RootCertStore; @@ -24,7 +24,7 @@ struct TlsClient { impl TlsClient { fn new( sock: TcpStream, - server_name: rustls::ServerName, + server_name: ServerName<'static>, cfg: Arc, ) -> Self { Self { @@ -310,7 +310,7 @@ fn load_private_key(filename: &str) -> PrivateKeyDer<'static> { } mod danger { - use pki_types::{CertificateDer, UnixTime}; + use pki_types::{CertificateDer, ServerName, UnixTime}; use rustls::client::danger::HandshakeSignatureValid; use rustls::client::WebPkiServerVerifier; use rustls::DigitallySignedStruct; @@ -323,7 +323,7 @@ mod danger { &self, _end_entity: &CertificateDer<'_>, _intermediates: &[CertificateDer<'_>], - _server_name: &rustls::ServerName, + _server_name: &ServerName<'_>, _ocsp: &[u8], _now: UnixTime, ) -> Result { @@ -462,11 +462,9 @@ fn main() { .next() .unwrap(); let sock = TcpStream::connect(sock_addr).unwrap(); - let server_name = args - .arg_hostname - .as_str() - .try_into() - .expect("invalid DNS name"); + let server_name = ServerName::try_from(args.arg_hostname.as_str()) + .expect("invalid DNS name") + .to_owned(); let mut tlsclient = TlsClient::new(sock, server_name, config); if args.flag_http { diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index a0dc47f929..e1435d3ffc 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -87,19 +87,20 @@ version = "0.0.1" dependencies = [ "libfuzzer-sys", "rustls", + "rustls-pki-types", ] [[package]] name = "rustls-pki-types" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a47003264dea418db67060fa420ad16d0d2f8f0a0360d825c00e177ac52cb5d8" +checksum = "cdf0cbc2bc68777eb846b2b7fedf03807bb763adc585bf006ac2fa2884daa9d1" [[package]] name = "rustls-webpki" -version = "0.102.0-alpha.6" +version = "0.102.0-alpha.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34d9ed3a8267782ba32d257ff5b197b63eef19a467dbd1be011caaae35ee416e" +checksum = "39c0e946e5f395d68bfc4a43e9b584d2169c2685e2c584a268b6d7ef8117bcfa" dependencies = [ "ring", "rustls-pki-types", diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index dcd90c6102..f3f70b7089 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -1,4 +1,3 @@ - [package] name = "rustls-fuzz" version = "0.0.1" @@ -9,10 +8,10 @@ edition = "2021" [package.metadata] cargo-fuzz = true -[dependencies.rustls] -path = "../rustls" -[dependencies.libfuzzer-sys] -git = "https://github.com/rust-fuzz/libfuzzer-sys.git" +[dependencies] +libfuzzer-sys = { git = "https://github.com/rust-fuzz/libfuzzer-sys.git" } +pki-types = { package = "rustls-pki-types", version = "0.2.2" } +rustls = { path = "../rustls" } # Prevent this from interfering with workspaces [workspace] diff --git a/fuzz/fuzzers/server_name.rs b/fuzz/fuzzers/server_name.rs index 5e2700b8ad..eff2099261 100644 --- a/fuzz/fuzzers/server_name.rs +++ b/fuzz/fuzzers/server_name.rs @@ -3,7 +3,7 @@ extern crate libfuzzer_sys; extern crate rustls; -use rustls::client::ServerName; +use pki_types::ServerName; fuzz_target!(|data: &[u8]| { let _ = std::str::from_utf8(data) diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 1b69425c66..f42aa061a7 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -17,14 +17,14 @@ hpke-rs-crypto = "0.1.2" hpke-rs-rust-crypto = "0.1.2" p256 = "0.13.2" pkcs8 = { version = "0.10.2", features = ["std"] } -pki-types = { package = "rustls-pki-types", version = "0.2.0" } +pki-types = { package = "rustls-pki-types", version = "0.2.2", features = ["std"] } rand_core = "0.6.0" rustls = { path = "../rustls", default-features = false, features = ["logging", "tls12"] } rsa = { version = "0.9.0", features = ["sha2"] } sha2 = "0.10.0" signature = "2" -webpki = { package = "rustls-webpki", version = "0.102.0-alpha.1", default-features = false, features = ["alloc", "std"] } -webpki-roots = "0.26.0-alpha.1" +webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.7", features = ["alloc", "std"], default-features = false } +webpki-roots = "=0.26.0-alpha.2" x25519-dalek = "2" [dev-dependencies] diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index a274c57ddf..b5b20d9f69 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -20,8 +20,8 @@ aws-lc-rs = { version = "1.5", optional = true } log = { version = "0.4.4", optional = true } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } -webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.6", features = ["alloc", "std"], default-features = false } -pki-types = { package = "rustls-pki-types", version = "0.2.1", features = ["std"] } +webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.7", features = ["std"], default-features = false } +pki-types = { package = "rustls-pki-types", version = "0.2.2", features = ["std"] } zeroize = "1.6.0" [features] @@ -36,7 +36,7 @@ read_buf = ["rustversion"] bencher = "0.1.5" env_logger = "0.10" log = "0.4.4" -webpki-roots = "=0.26.0-alpha.1" +webpki-roots = "=0.26.0-alpha.2" rustls-pemfile = "=2.0.0-alpha.2" base64 = "0.21" diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index e63380f40f..9bb29138e6 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -14,8 +14,8 @@ use rustls::server::{ClientHello, ServerConfig, ServerConnection, WebPkiClientVe use rustls::{ self, client, server, sign, version, AlertDescription, CertificateError, Connection, DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, PeerIncompatible, - PeerMisbehaved, ProtocolVersion, RootCertStore, ServerName, Side, SignatureAlgorithm, - SignatureScheme, SupportedProtocolVersion, + PeerMisbehaved, ProtocolVersion, RootCertStore, Side, SignatureAlgorithm, SignatureScheme, + SupportedProtocolVersion, }; #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] @@ -24,7 +24,7 @@ use rustls::crypto::{aws_lc_rs as provider, aws_lc_rs::AWS_LC_RS as PROVIDER}; use rustls::crypto::{ring as provider, ring::RING as PROVIDER}; use base64::prelude::{Engine, BASE64_STANDARD}; -use pki_types::{CertificateDer, PrivateKeyDer, UnixTime}; +use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime}; use std::fmt::{Debug, Formatter}; use std::io::{self, BufReader, Read, Write}; @@ -286,7 +286,7 @@ impl ServerCertVerifier for DummyServerAuth { &self, _end_entity: &CertificateDer<'_>, _certs: &[CertificateDer<'_>], - _hostname: &ServerName, + _hostname: &ServerName<'_>, _ocsp: &[u8], _now: UnixTime, ) -> Result { @@ -558,14 +558,14 @@ impl ClientCacheWithoutKxHints { } impl client::ClientSessionStore for ClientCacheWithoutKxHints { - fn set_kx_hint(&self, _: &ServerName, _: NamedGroup) {} - fn kx_hint(&self, _: &ServerName) -> Option { + fn set_kx_hint(&self, _: ServerName<'static>, _: NamedGroup) {} + fn kx_hint(&self, _: &ServerName<'_>) -> Option { None } fn set_tls12_session( &self, - server_name: &ServerName, + server_name: ServerName<'static>, mut value: client::Tls12ClientSessionValue, ) { value.rewind_epoch(self.delay); @@ -573,18 +573,21 @@ impl client::ClientSessionStore for ClientCacheWithoutKxHints { .set_tls12_session(server_name, value); } - fn tls12_session(&self, server_name: &ServerName) -> Option { + fn tls12_session( + &self, + server_name: &ServerName<'_>, + ) -> Option { self.storage.tls12_session(server_name) } - fn remove_tls12_session(&self, server_name: &ServerName) { + fn remove_tls12_session(&self, server_name: &ServerName<'static>) { self.storage .remove_tls12_session(server_name); } fn insert_tls13_ticket( &self, - server_name: &ServerName, + server_name: ServerName<'static>, mut value: client::Tls13ClientSessionValue, ) { value.rewind_epoch(self.delay); @@ -594,7 +597,7 @@ impl client::ClientSessionStore for ClientCacheWithoutKxHints { fn take_tls13_ticket( &self, - server_name: &ServerName, + server_name: &ServerName<'static>, ) -> Option { self.storage .take_tls13_ticket(server_name) @@ -1307,11 +1310,9 @@ pub fn main() { .unwrap() .into() } else { - let server_name = opts - .host_name - .as_str() - .try_into() - .unwrap(); + let server_name = ServerName::try_from(opts.host_name.as_str()) + .unwrap() + .to_owned(); let ccfg = Arc::clone(ccfg.as_ref().unwrap()); ClientConnection::new(ccfg, server_name) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 84144f88cc..75523fe0b9 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -2,7 +2,6 @@ use crate::builder::{ConfigBuilder, WantsCipherSuites}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCommon, ConnectionCore}; use crate::crypto::{CryptoProvider, SupportedKxGroup}; -use crate::dns_name::{DnsName, DnsNameRef, InvalidDnsNameError}; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; #[cfg(feature = "logging")] @@ -19,6 +18,8 @@ use crate::KeyLog; use super::handy::{ClientSessionMemoryCache, NoClientSessionStorage}; use super::hs; +use pki_types::ServerName; + use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; @@ -26,7 +27,6 @@ use core::marker::PhantomData; use core::mem; use core::ops::{Deref, DerefMut}; use std::io; -use std::net::IpAddr; /// A trait for the ability to store client session data, so that sessions /// can be resumed in future connections. @@ -40,7 +40,7 @@ use std::net::IpAddr; /// how to achieve interior mutability. `Mutex` is a common choice. pub trait ClientSessionStore: fmt::Debug + Send + Sync { /// Remember what `NamedGroup` the given server chose. - fn set_kx_hint(&self, server_name: &ServerName, group: NamedGroup); + fn set_kx_hint(&self, server_name: ServerName<'static>, group: NamedGroup); /// This should return the value most recently passed to `set_kx_hint` /// for the given `server_name`. @@ -48,18 +48,25 @@ pub trait ClientSessionStore: fmt::Debug + Send + Sync { /// If `None` is returned, the caller chooses the first configured group, /// and an extra round trip might happen if that choice is unsatisfactory /// to the server. - fn kx_hint(&self, server_name: &ServerName) -> Option; + fn kx_hint(&self, server_name: &ServerName<'_>) -> Option; /// Remember a TLS1.2 session. /// /// At most one of these can be remembered at a time, per `server_name`. - fn set_tls12_session(&self, server_name: &ServerName, value: persist::Tls12ClientSessionValue); + fn set_tls12_session( + &self, + server_name: ServerName<'static>, + value: persist::Tls12ClientSessionValue, + ); /// Get the most recently saved TLS1.2 session for `server_name` provided to `set_tls12_session`. - fn tls12_session(&self, server_name: &ServerName) -> Option; + fn tls12_session( + &self, + server_name: &ServerName<'_>, + ) -> Option; /// Remove and forget any saved TLS1.2 session for `server_name`. - fn remove_tls12_session(&self, server_name: &ServerName); + fn remove_tls12_session(&self, server_name: &ServerName<'static>); /// Remember a TLS1.3 ticket that might be retrieved later from `take_tls13_ticket`, allowing /// resumption of this session. @@ -70,7 +77,7 @@ pub trait ClientSessionStore: fmt::Debug + Send + Sync { /// simultaneously. fn insert_tls13_ticket( &self, - server_name: &ServerName, + server_name: ServerName<'static>, value: persist::Tls13ClientSessionValue, ); @@ -79,7 +86,7 @@ pub trait ClientSessionStore: fmt::Debug + Send + Sync { /// Implementations of this trait must return each value provided to `add_tls13_ticket` _at most once_. fn take_tls13_ticket( &self, - server_name: &ServerName, + server_name: &ServerName<'static>, ) -> Option; } @@ -354,69 +361,6 @@ impl Default for Resumption { } } -/// Encodes ways a client can know the expected name of the server. -/// -/// This currently covers knowing the DNS name of the server, but -/// will be extended in the future to supporting privacy-preserving names -/// for the server ("ECH"). For this reason this enum is `non_exhaustive`. -/// -/// # Making one -/// -/// If you have a DNS name as a `&str`, this type implements `TryFrom<&str>`, -/// so you can do: -/// -/// ``` -/// # use rustls::ServerName; -/// ServerName::try_from("example.com").expect("invalid DNS name"); -/// -/// // or, alternatively... -/// -/// let x = "example.com".try_into().expect("invalid DNS name"); -/// # let _: ServerName = x; -/// ``` -#[non_exhaustive] -#[derive(Clone, Eq, Hash, PartialEq)] -pub enum ServerName { - /// The server is identified by a DNS name. The name - /// is sent in the TLS Server Name Indication (SNI) - /// extension. - DnsName(DnsName), - - /// The server is identified by an IP address. SNI is not - /// done. - IpAddress(IpAddr), -} - -impl fmt::Debug for ServerName { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - match self { - Self::DnsName(d) => f - .debug_tuple("DnsName") - .field(&d.as_ref()) - .finish(), - Self::IpAddress(i) => f - .debug_tuple("IpAddress") - .field(i) - .finish(), - } - } -} - -/// Attempt to make a ServerName from a string by parsing -/// it as a DNS name. -impl TryFrom<&str> for ServerName { - type Error = InvalidDnsNameError; - fn try_from(s: &str) -> Result { - match DnsNameRef::try_from(s) { - Ok(dns) => Ok(Self::DnsName(dns.to_owned())), - Err(InvalidDnsNameError) => match s.parse() { - Ok(ip) => Ok(Self::IpAddress(ip)), - Err(_) => Err(InvalidDnsNameError), - }, - } - } -} - /// Container for unsafe APIs pub(super) mod danger { use alloc::sync::Arc; @@ -570,7 +514,7 @@ impl ClientConnection { /// Make a new ClientConnection. `config` controls how /// we behave in the TLS protocol, `name` is the /// name of the server we want to talk to. - pub fn new(config: Arc, name: ServerName) -> Result { + pub fn new(config: Arc, name: ServerName<'static>) -> Result { Ok(Self { inner: ConnectionCore::for_client(config, name, Vec::new(), Protocol::Tcp)?.into(), }) @@ -672,7 +616,7 @@ impl From for crate::Connection { impl ConnectionCore { pub(crate) fn for_client( config: Arc, - name: ServerName, + name: ServerName<'static>, extra_exts: Vec, proto: Protocol, ) -> Result { diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index b22996fb04..d2b8762804 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -6,7 +6,8 @@ use crate::msgs::handshake::CertificateChain; use crate::msgs::persist; use crate::sign; use crate::NamedGroup; -use crate::ServerName; + +use pki_types::ServerName; use alloc::collections::VecDeque; use alloc::sync::Arc; @@ -18,23 +19,23 @@ use std::sync::Mutex; pub(super) struct NoClientSessionStorage; impl client::ClientSessionStore for NoClientSessionStorage { - fn set_kx_hint(&self, _: &ServerName, _: NamedGroup) {} + fn set_kx_hint(&self, _: ServerName<'static>, _: NamedGroup) {} - fn kx_hint(&self, _: &ServerName) -> Option { + fn kx_hint(&self, _: &ServerName<'_>) -> Option { None } - fn set_tls12_session(&self, _: &ServerName, _: persist::Tls12ClientSessionValue) {} + fn set_tls12_session(&self, _: ServerName<'static>, _: persist::Tls12ClientSessionValue) {} - fn tls12_session(&self, _: &ServerName) -> Option { + fn tls12_session(&self, _: &ServerName<'_>) -> Option { None } - fn remove_tls12_session(&self, _: &ServerName) {} + fn remove_tls12_session(&self, _: &ServerName<'_>) {} - fn insert_tls13_ticket(&self, _: &ServerName, _: persist::Tls13ClientSessionValue) {} + fn insert_tls13_ticket(&self, _: ServerName<'static>, _: persist::Tls13ClientSessionValue) {} - fn take_tls13_ticket(&self, _: &ServerName) -> Option { + fn take_tls13_ticket(&self, _: &ServerName<'_>) -> Option { None } } @@ -68,7 +69,7 @@ impl Default for ServerData { /// /// It enforces a limit on the number of entries to bound memory usage. pub struct ClientSessionMemoryCache { - servers: Mutex>, + servers: Mutex, ServerData>>, } impl ClientSessionMemoryCache { @@ -84,14 +85,14 @@ impl ClientSessionMemoryCache { } impl client::ClientSessionStore for ClientSessionMemoryCache { - fn set_kx_hint(&self, server_name: &ServerName, group: NamedGroup) { + fn set_kx_hint(&self, server_name: ServerName<'static>, group: NamedGroup) { self.servers .lock() .unwrap() - .get_or_insert_default_and_edit(server_name.clone(), |data| data.kx_hint = Some(group)); + .get_or_insert_default_and_edit(server_name, |data| data.kx_hint = Some(group)); } - fn kx_hint(&self, server_name: &ServerName) -> Option { + fn kx_hint(&self, server_name: &ServerName<'_>) -> Option { self.servers .lock() .unwrap() @@ -101,7 +102,7 @@ impl client::ClientSessionStore for ClientSessionMemoryCache { fn set_tls12_session( &self, - _server_name: &ServerName, + _server_name: ServerName<'static>, _value: persist::Tls12ClientSessionValue, ) { #[cfg(feature = "tls12")] @@ -111,7 +112,10 @@ impl client::ClientSessionStore for ClientSessionMemoryCache { .get_or_insert_default_and_edit(_server_name.clone(), |data| data.tls12 = Some(_value)); } - fn tls12_session(&self, _server_name: &ServerName) -> Option { + fn tls12_session( + &self, + _server_name: &ServerName<'_>, + ) -> Option { #[cfg(not(feature = "tls12"))] return None; @@ -123,7 +127,7 @@ impl client::ClientSessionStore for ClientSessionMemoryCache { .and_then(|sd| sd.tls12.as_ref().cloned()) } - fn remove_tls12_session(&self, _server_name: &ServerName) { + fn remove_tls12_session(&self, _server_name: &ServerName<'static>) { #[cfg(feature = "tls12")] self.servers .lock() @@ -134,7 +138,7 @@ impl client::ClientSessionStore for ClientSessionMemoryCache { fn insert_tls13_ticket( &self, - server_name: &ServerName, + server_name: ServerName<'static>, value: persist::Tls13ClientSessionValue, ) { self.servers @@ -150,7 +154,7 @@ impl client::ClientSessionStore for ClientSessionMemoryCache { fn take_tls13_ticket( &self, - server_name: &ServerName, + server_name: &ServerName<'static>, ) -> Option { self.servers .lock() @@ -226,17 +230,15 @@ mod tests { use crate::suites::SupportedCipherSuite; use crate::test_provider::cipher_suite; - use pki_types::UnixTime; - - use core::convert::TryInto; + use pki_types::{ServerName, UnixTime}; #[test] fn test_noclientsessionstorage_does_nothing() { let c = NoClientSessionStorage {}; - let name = "example.com".try_into().unwrap(); + let name = ServerName::try_from("example.com").unwrap(); let now = UnixTime::now(); - c.set_kx_hint(&name, NamedGroup::X25519); + c.set_kx_hint(name.clone(), NamedGroup::X25519); assert_eq!(None, c.kx_hint(&name)); #[cfg(feature = "tls12")] @@ -249,7 +251,7 @@ mod tests { }; c.set_tls12_session( - &name, + name.clone(), Tls12ClientSessionValue::new( tls12_suite, SessionId::empty(), @@ -272,7 +274,7 @@ mod tests { _ => unreachable!(), }; c.insert_tls13_ticket( - &name, + name.clone(), Tls13ClientSessionValue::new( tls13_suite, Vec::new(), diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 39a3a136d8..b13bec2536 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -28,9 +28,9 @@ use super::tls12; use super::Tls12Resumption; use crate::client::client_conn::ClientConnectionData; use crate::client::common::ClientHelloDetails; -use crate::client::{tls13, ClientConfig, ServerName}; +use crate::client::{tls13, ClientConfig}; -use pki_types::UnixTime; +use pki_types::{ServerName, UnixTime}; use alloc::borrow::ToOwned; use alloc::boxed::Box; @@ -44,7 +44,7 @@ pub(super) type NextStateOrError = Result; pub(super) type ClientContext<'a> = crate::common_state::Context<'a, ClientConnectionData>; fn find_session( - server_name: &ServerName, + server_name: &ServerName<'static>, config: &ClientConfig, cx: &mut ClientContext<'_>, ) -> Option> { @@ -91,7 +91,7 @@ fn find_session( } pub(super) fn start_handshake( - server_name: ServerName, + server_name: ServerName<'static>, extra_exts: Vec, config: Arc, cx: &mut ClientContext<'_>, @@ -185,7 +185,7 @@ struct ClientHelloInput { sent_tls13_fake_ccs: bool, hello: ClientHelloDetails, session_id: SessionId, - server_name: ServerName, + server_name: ServerName<'static>, } fn emit_client_hello_for_retry( @@ -232,9 +232,9 @@ fn emit_client_hello_for_retry( ClientExtension::CertificateStatusRequest(CertificateStatusRequest::build_ocsp()), ]; - if let (ServerName::DnsName(sni_name), true) = (&input.server_name, config.enable_sni) { + if let (ServerName::DnsName(dns), true) = (&input.server_name, config.enable_sni) { // We only want to send the SNI extension if the server name contains a DNS name. - exts.push(ClientExtension::make_sni(sni_name.borrow())); + exts.push(ClientExtension::make_sni(dns)); } if let Some(key_share) = &key_share { diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 4b22967af2..b3acad6c79 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -25,9 +25,9 @@ use super::client_conn::ClientConnectionData; use super::hs::ClientContext; use crate::client::common::ClientAuthDetails; use crate::client::common::ServerCertDetails; -use crate::client::{hs, ClientConfig, ServerName}; +use crate::client::{hs, ClientConfig}; -use pki_types::UnixTime; +use pki_types::{ServerName, UnixTime}; use subtle::ConstantTimeEq; use alloc::borrow::ToOwned; @@ -48,7 +48,7 @@ mod server_hello { pub(in crate::client) struct CompleteServerHelloHandling { pub(in crate::client) config: Arc, pub(in crate::client) resuming_session: Option, - pub(in crate::client) server_name: ServerName, + pub(in crate::client) server_name: ServerName<'static>, pub(in crate::client) randoms: ConnectionRandoms, pub(in crate::client) using_ems: bool, pub(in crate::client) transcript: HandshakeHash, @@ -184,7 +184,7 @@ struct ExpectCertificate { config: Arc, resuming_session: Option, session_id: SessionId, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, using_ems: bool, transcript: HandshakeHash, @@ -242,7 +242,7 @@ struct ExpectCertificateStatusOrServerKx { config: Arc, resuming_session: Option, session_id: SessionId, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, using_ems: bool, transcript: HandshakeHash, @@ -310,7 +310,7 @@ struct ExpectCertificateStatus { config: Arc, resuming_session: Option, session_id: SessionId, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, using_ems: bool, transcript: HandshakeHash, @@ -359,7 +359,7 @@ struct ExpectServerKx { config: Arc, resuming_session: Option, session_id: SessionId, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, using_ems: bool, transcript: HandshakeHash, @@ -524,7 +524,7 @@ struct ExpectServerDoneOrCertReq { config: Arc, resuming_session: Option, session_id: SessionId, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, using_ems: bool, transcript: HandshakeHash, @@ -586,7 +586,7 @@ struct ExpectCertificateRequest { config: Arc, resuming_session: Option, session_id: SessionId, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, using_ems: bool, transcript: HandshakeHash, @@ -647,7 +647,7 @@ struct ExpectServerDone { config: Arc, resuming_session: Option, session_id: SessionId, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, using_ems: bool, transcript: HandshakeHash, @@ -850,7 +850,7 @@ struct ExpectNewTicket { secrets: ConnectionSecrets, resuming_session: Option, session_id: SessionId, - server_name: ServerName, + server_name: ServerName<'static>, using_ems: bool, transcript: HandshakeHash, resuming: bool, @@ -894,7 +894,7 @@ struct ExpectCcs { secrets: ConnectionSecrets, resuming_session: Option, session_id: SessionId, - server_name: ServerName, + server_name: ServerName<'static>, using_ems: bool, transcript: HandshakeHash, ticket: Option, @@ -943,7 +943,7 @@ struct ExpectFinished { config: Arc, resuming_session: Option, session_id: SessionId, - server_name: ServerName, + server_name: ServerName<'static>, using_ems: bool, transcript: HandshakeHash, ticket: Option, @@ -991,7 +991,7 @@ impl ExpectFinished { self.config .resumption .store - .set_tls12_session(&self.server_name, session_value); + .set_tls12_session(self.server_name.clone(), session_value); } } diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index f6816fd796..3407934cd8 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -38,9 +38,9 @@ use super::client_conn::ClientConnectionData; use super::hs::ClientContext; use crate::client::common::ServerCertDetails; use crate::client::common::{ClientAuthDetails, ClientHelloDetails}; -use crate::client::{hs, ClientConfig, ClientSessionStore, ServerName}; +use crate::client::{hs, ClientConfig, ClientSessionStore}; -use pki_types::UnixTime; +use pki_types::{ServerName, UnixTime}; use subtle::ConstantTimeEq; use alloc::boxed::Box; @@ -69,7 +69,7 @@ pub(super) fn handle_server_hello( cx: &mut ClientContext, server_hello: &ServerHelloPayload, mut resuming_session: Option, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, transcript: HandshakeHash, @@ -156,7 +156,7 @@ pub(super) fn handle_server_hello( config .resumption .store - .set_kx_hint(&server_name, their_key_share.group); + .set_kx_hint(server_name.clone(), their_key_share.group); // If we change keying when a subsequent handshake message is being joined, // the two halves will have different record layer protections. Disallow this. @@ -204,7 +204,7 @@ fn validate_server_hello( pub(super) fn initial_key_share( config: &ClientConfig, - server_name: &ServerName, + server_name: &ServerName<'_>, ) -> Result, Error> { let group = config .resumption @@ -370,7 +370,7 @@ fn validate_encrypted_extensions( struct ExpectEncryptedExtensions { config: Arc, resuming_session: Option, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, transcript: HandshakeHash, @@ -459,7 +459,7 @@ impl State for ExpectEncryptedExtensions { struct ExpectCertificateOrCertReq { config: Arc, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, transcript: HandshakeHash, @@ -519,7 +519,7 @@ impl State for ExpectCertificateOrCertReq { // in TLS1.3. struct ExpectCertificateRequest { config: Arc, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, transcript: HandshakeHash, @@ -587,7 +587,7 @@ impl State for ExpectCertificateRequest { struct ExpectCertificate { config: Arc, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, transcript: HandshakeHash, @@ -639,7 +639,7 @@ impl State for ExpectCertificate { // --- TLS1.3 CertificateVerify --- struct ExpectCertificateVerify { config: Arc, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, transcript: HandshakeHash, @@ -805,7 +805,7 @@ fn emit_end_of_early_data_tls13(transcript: &mut HandshakeHash, common: &mut Com struct ExpectFinished { config: Arc, - server_name: ServerName, + server_name: ServerName<'static>, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, transcript: HandshakeHash, @@ -919,7 +919,7 @@ impl State for ExpectFinished { // and application data. struct ExpectTraffic { session_storage: Arc, - server_name: ServerName, + server_name: ServerName<'static>, suite: &'static Tls13CipherSuite, transcript: HandshakeHash, key_schedule: KeyScheduleTraffic, @@ -975,7 +975,7 @@ impl ExpectTraffic { } self.session_storage - .insert_tls13_ticket(&self.server_name, value); + .insert_tls13_ticket(self.server_name.clone(), value); Ok(()) } diff --git a/rustls/src/dns_name.rs b/rustls/src/dns_name.rs deleted file mode 100644 index a41853498e..0000000000 --- a/rustls/src/dns_name.rs +++ /dev/null @@ -1,274 +0,0 @@ -//! DNS name validation according to RFC1035, but with underscores allowed. - -use alloc::string::{String, ToString}; -use core::fmt; -use std::error::Error as StdError; - -/// A type which encapsulates an owned string that is a syntactically valid DNS name. -#[derive(Clone, Eq, Hash, PartialEq, Debug)] -pub struct DnsName(String); - -impl<'a> DnsName { - /// Produce a borrowed `DnsNameRef` from this owned `DnsName`. - pub fn borrow(&'a self) -> DnsNameRef<'a> { - DnsNameRef(self.as_ref()) - } - - /// Validate the given bytes are a DNS name if they are viewed as ASCII. - pub fn try_from_ascii(bytes: &[u8]) -> Result { - // Note: a sequence of bytes that is accepted by `validate()` is both - // valid UTF-8, and valid ASCII. - String::from_utf8(bytes.to_vec()) - .map_err(|_| InvalidDnsNameError) - .and_then(Self::try_from) - } -} - -impl TryFrom for DnsName { - type Error = InvalidDnsNameError; - - fn try_from(value: String) -> Result { - validate(value.as_bytes())?; - Ok(Self(value)) - } -} - -impl AsRef for DnsName { - fn as_ref(&self) -> &str { - AsRef::::as_ref(&self.0) - } -} - -/// A type which encapsulates a borrowed string that is a syntactically valid DNS name. -#[derive(Eq, Hash, PartialEq, Debug)] -pub struct DnsNameRef<'a>(&'a str); - -impl<'a> DnsNameRef<'a> { - /// Copy this object to produce an owned `DnsName`. - pub fn to_owned(&'a self) -> DnsName { - DnsName(self.0.to_string()) - } - - /// Copy this object to produce an owned `DnsName`, smashing the case to lowercase - /// in one operation. - pub fn to_lowercase_owned(&'a self) -> DnsName { - DnsName(self.0.to_lowercase()) - } -} - -impl<'a> TryFrom<&'a str> for DnsNameRef<'a> { - type Error = InvalidDnsNameError; - - fn try_from(value: &'a str) -> Result, Self::Error> { - validate(value.as_bytes())?; - Ok(DnsNameRef(value)) - } -} - -impl<'a> AsRef for DnsNameRef<'a> { - fn as_ref(&self) -> &str { - self.0 - } -} - -/// The provided input could not be parsed because -/// it is not a syntactically-valid DNS Name. -#[derive(Debug)] -pub struct InvalidDnsNameError; - -impl fmt::Display for InvalidDnsNameError { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - f.write_str("invalid dns name") - } -} - -impl StdError for InvalidDnsNameError {} - -fn validate(input: &[u8]) -> Result<(), InvalidDnsNameError> { - use State::*; - let mut state = Start; - - /// "Labels must be 63 characters or less." - const MAX_LABEL_LENGTH: usize = 63; - - /// https://devblogs.microsoft.com/oldnewthing/20120412-00/?p=7873 - const MAX_NAME_LENGTH: usize = 253; - - if input.len() > MAX_NAME_LENGTH { - return Err(InvalidDnsNameError); - } - - for ch in input { - state = match (state, ch) { - (Start | Next | NextAfterNumericOnly | Hyphen { .. }, b'.') => { - return Err(InvalidDnsNameError) - } - (Subsequent { .. }, b'.') => Next, - (NumericOnly { .. }, b'.') => NextAfterNumericOnly, - (Subsequent { len } | NumericOnly { len } | Hyphen { len }, _) - if len >= MAX_LABEL_LENGTH => - { - return Err(InvalidDnsNameError) - } - (Start | Next | NextAfterNumericOnly, b'0'..=b'9') => NumericOnly { len: 1 }, - (NumericOnly { len }, b'0'..=b'9') => NumericOnly { len: len + 1 }, - (Start | Next | NextAfterNumericOnly, b'a'..=b'z' | b'A'..=b'Z' | b'_') => { - Subsequent { len: 1 } - } - (Subsequent { len } | NumericOnly { len } | Hyphen { len }, b'-') => { - Hyphen { len: len + 1 } - } - ( - Subsequent { len } | NumericOnly { len } | Hyphen { len }, - b'a'..=b'z' | b'A'..=b'Z' | b'_' | b'0'..=b'9', - ) => Subsequent { len: len + 1 }, - _ => return Err(InvalidDnsNameError), - }; - } - - if matches!( - state, - Start | Hyphen { .. } | NumericOnly { .. } | NextAfterNumericOnly - ) { - return Err(InvalidDnsNameError); - } - - Ok(()) -} - -enum State { - Start, - Next, - NumericOnly { len: usize }, - NextAfterNumericOnly, - Subsequent { len: usize }, - Hyphen { len: usize }, -} - -#[cfg(test)] -mod tests { - static TESTS: &[(&str, bool)] = &[ - ("", false), - ("localhost", true), - ("LOCALHOST", true), - (".localhost", false), - ("..localhost", false), - ("1.2.3.4", false), - ("127.0.0.1", false), - ("absolute.", true), - ("absolute..", false), - ("multiple.labels.absolute.", true), - ("foo.bar.com", true), - ("infix-hyphen-allowed.com", true), - ("-prefixhypheninvalid.com", false), - ("suffixhypheninvalid--", false), - ("suffixhypheninvalid-.com", false), - ("foo.lastlabelendswithhyphen-", false), - ("infix_underscore_allowed.com", true), - ("_prefixunderscorevalid.com", true), - ("labelendswithnumber1.bar.com", true), - ("xn--bcher-kva.example", true), - ( - "sixtythreesixtythreesixtythreesixtythreesixtythreesixtythreesix.com", - true, - ), - ( - "sixtyfoursixtyfoursixtyfoursixtyfoursixtyfoursixtyfoursixtyfours.com", - false, - ), - ( - "012345678901234567890123456789012345678901234567890123456789012.com", - true, - ), - ( - "0123456789012345678901234567890123456789012345678901234567890123.com", - false, - ), - ( - "01234567890123456789012345678901234567890123456789012345678901-.com", - false, - ), - ( - "012345678901234567890123456789012345678901234567890123456789012-.com", - false, - ), - ("numeric-only-final-label.1", false), - ("numeric-only-final-label.absolute.1.", false), - ("1starts-with-number.com", true), - ("1Starts-with-number.com", true), - ("1.2.3.4.com", true), - ("123.numeric-only-first-label", true), - ("a123b.com", true), - ("numeric-only-middle-label.4.com", true), - ("1000-sans.badssl.com", true), - ("twohundredandfiftythreecharacters.twohundredandfiftythreecharacters.twohundredandfiftythreecharacters.twohundredandfiftythreecharacters.twohundredandfiftythreecharacters.twohundredandfiftythreecharacters.twohundredandfiftythreecharacters.twohundredandfi", true), - ("twohundredandfiftyfourcharacters.twohundredandfiftyfourcharacters.twohundredandfiftyfourcharacters.twohundredandfiftyfourcharacters.twohundredandfiftyfourcharacters.twohundredandfiftyfourcharacters.twohundredandfiftyfourcharacters.twohundredandfiftyfourc", false), - ]; - - #[test] - fn test_validation() { - for (input, expected) in TESTS { - println!("test: {:?} expected valid? {:?}", input, expected); - let name_ref = super::DnsNameRef::try_from(*input); - assert_eq!(*expected, name_ref.is_ok()); - let name = super::DnsName::try_from(input.to_string()); - assert_eq!(*expected, name.is_ok()); - } - } - - #[test] - fn error_is_debug() { - assert_eq!( - format!("{:?}", super::InvalidDnsNameError), - "InvalidDnsNameError" - ); - } - - #[test] - fn error_is_display() { - assert_eq!( - format!("{}", super::InvalidDnsNameError), - "invalid dns name" - ); - } - - #[test] - fn dns_name_is_debug() { - let example = super::DnsName::try_from("example.com".to_string()).unwrap(); - assert_eq!(format!("{:?}", example), "DnsName(\"example.com\")"); - } - - #[test] - fn dns_name_traits() { - let example = super::DnsName::try_from("example.com".to_string()).unwrap(); - assert_eq!(example, example); // PartialEq - - use std::collections::HashSet; - let mut h = HashSet::::new(); - h.insert(example); - } - - #[test] - fn try_from_ascii_rejects_bad_utf8() { - assert_eq!( - format!("{:?}", super::DnsName::try_from_ascii(b"\x80")), - "Err(InvalidDnsNameError)" - ); - } - - #[test] - fn dns_name_ref_is_debug() { - let example = super::DnsNameRef::try_from("example.com").unwrap(); - assert_eq!(format!("{:?}", example), "DnsNameRef(\"example.com\")"); - } - - #[test] - fn dns_name_ref_traits() { - let example = super::DnsNameRef::try_from("example.com").unwrap(); - assert_eq!(example, example); // PartialEq - - use std::collections::HashSet; - let mut h = HashSet::::new(); - h.insert(example); - } -} diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 914c8d0afb..c89f3b24ac 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -353,7 +353,6 @@ mod common_state; mod conn; /// Crypto provider interface. pub mod crypto; -mod dns_name; mod error; mod hash_hs; mod limited_cache; @@ -471,11 +470,10 @@ pub mod client { mod tls12; mod tls13; - pub use crate::dns_name::InvalidDnsNameError; pub use builder::WantsClientCert; pub use client_conn::{ ClientConfig, ClientConnection, ClientConnectionData, ClientSessionStore, - ResolvesClientCert, Resumption, ServerName, Tls12Resumption, WriteEarlyData, + ResolvesClientCert, Resumption, Tls12Resumption, WriteEarlyData, }; pub use handy::ClientSessionMemoryCache; @@ -495,7 +493,7 @@ pub mod client { pub use crate::msgs::persist::Tls13ClientSessionValue; } -pub use client::{ClientConfig, ClientConnection, ServerName}; +pub use client::{ClientConfig, ClientConnection}; /// Items for use in a server. pub mod server { @@ -522,7 +520,6 @@ pub mod server { /// Dangerous configuration that should be audited and used with extreme care. pub mod danger { - pub use crate::dns_name::DnsName; pub use crate::verify::{ClientCertVerified, ClientCertVerifier}; } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index def91369a1..fbd208b84e 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -3,7 +3,6 @@ #[cfg(feature = "tls12")] use crate::crypto::ActiveKeyExchange; use crate::crypto::CryptoProvider; -use crate::dns_name::{DnsName, DnsNameRef}; use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; use crate::error::InvalidMessage; #[cfg(feature = "logging")] @@ -19,7 +18,7 @@ use crate::rand; use crate::verify::DigitallySignedStruct; use crate::x509::wrap_in_sequence; -use pki_types::CertificateDer; +use pki_types::{CertificateDer, DnsName}; use alloc::collections::BTreeSet; #[cfg(feature = "logging")] @@ -216,20 +215,20 @@ impl TlsListElement for SignatureScheme { #[derive(Clone, Debug)] pub(crate) enum ServerNamePayload { - HostName(DnsName), + HostName(DnsName<'static>), Unknown(Payload), } impl ServerNamePayload { - pub(crate) fn new_hostname(hostname: DnsName) -> Self { + pub(crate) fn new_hostname(hostname: DnsName<'static>) -> Self { Self::HostName(hostname) } fn read_hostname(r: &mut Reader) -> Result { let raw = PayloadU16::read(r)?; - match DnsName::try_from_ascii(&raw.0) { - Ok(dns_name) => Ok(Self::HostName(dns_name)), + match DnsName::try_from(raw.0.as_slice()) { + Ok(dns_name) => Ok(Self::HostName(dns_name.to_owned())), Err(_) => { warn!( "Illegal SNI hostname received {:?}", @@ -281,7 +280,7 @@ impl TlsListElement for ServerName { pub(crate) trait ConvertServerNameList { fn has_duplicate_names_for_type(&self) -> bool; - fn get_single_hostname(&self) -> Option; + fn get_single_hostname(&self) -> Option>; } impl ConvertServerNameList for [ServerName] { @@ -298,8 +297,8 @@ impl ConvertServerNameList for [ServerName] { false } - fn get_single_hostname(&self) -> Option { - fn only_dns_hostnames(name: &ServerName) -> Option { + fn get_single_hostname(&self) -> Option> { + fn only_dns_hostnames(name: &ServerName) -> Option> { if let ServerNamePayload::HostName(ref dns) = name.payload { Some(dns.borrow()) } else { @@ -657,14 +656,14 @@ impl Codec for ClientExtension { } } -fn trim_hostname_trailing_dot_for_sni(dns_name: DnsNameRef) -> DnsName { - let dns_name_str: &str = dns_name.as_ref(); +fn trim_hostname_trailing_dot_for_sni(dns_name: &DnsName<'_>) -> DnsName<'static> { + let dns_name_str = dns_name.as_ref(); // RFC6066: "The hostname is represented as a byte string using // ASCII encoding without a trailing dot" if dns_name_str.ends_with('.') { let trimmed = &dns_name_str[0..dns_name_str.len() - 1]; - DnsNameRef::try_from(trimmed) + DnsName::try_from(trimmed) .unwrap() .to_owned() } else { @@ -674,7 +673,7 @@ fn trim_hostname_trailing_dot_for_sni(dns_name: DnsNameRef) -> DnsName { impl ClientExtension { /// Make a basic SNI ServerNameRequest quoting `hostname`. - pub(crate) fn make_sni(dns_name: DnsNameRef) -> Self { + pub(crate) fn make_sni(dns_name: &DnsName<'_>) -> Self { let name = ServerName { typ: ServerNameType::HostName, payload: ServerNamePayload::new_hostname(trim_hostname_trailing_dot_for_sni(dns_name)), @@ -2327,7 +2326,7 @@ impl Codec for HpkeKeyConfig { pub struct EchConfigContents { pub key_config: HpkeKeyConfig, pub maximum_name_length: u8, - pub public_name: DnsName, + pub public_name: DnsName<'static>, pub extensions: PayloadU16, } @@ -2345,8 +2344,9 @@ impl Codec for EchConfigContents { key_config: HpkeKeyConfig::read(r)?, maximum_name_length: u8::read(r)?, public_name: { - DnsName::try_from_ascii(PayloadU8::read(r)?.0.as_slice()) + DnsName::try_from(PayloadU8::read(r)?.0.as_slice()) .map_err(|_| InvalidMessage::InvalidServerName)? + .to_owned() }, extensions: PayloadU16::read(r)?, }) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index d0192d06da..9b53f36707 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -1,4 +1,3 @@ -use crate::dns_name::DnsNameRef; use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; use crate::msgs::base::{Payload, PayloadU16, PayloadU24, PayloadU8}; use crate::msgs::codec::{put_u16, Codec, Reader}; @@ -20,7 +19,7 @@ use crate::msgs::handshake::{ }; use crate::verify::DigitallySignedStruct; -use pki_types::CertificateDer; +use pki_types::{CertificateDer, DnsName}; #[test] fn rejects_short_random() { @@ -369,7 +368,7 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload { ClientExtension::EcPointFormats(ECPointFormat::SUPPORTED.to_vec()), ClientExtension::NamedGroups(vec![NamedGroup::X25519]), ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]), - ClientExtension::make_sni(DnsNameRef::try_from("hello").unwrap()), + ClientExtension::make_sni(&DnsName::try_from("hello").unwrap()), ClientExtension::SessionTicket(ClientSessionTicket::Request), ClientExtension::SessionTicket(ClientSessionTicket::Offer(Payload(vec![]))), ClientExtension::Protocols(vec![ProtocolName::from(vec![0])]), diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index 685ff9ce72..c670473556 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -1,4 +1,3 @@ -use crate::dns_name::DnsName; use crate::enums::{CipherSuite, ProtocolVersion}; use crate::error::InvalidMessage; use crate::msgs::base::{PayloadU16, PayloadU8}; @@ -10,7 +9,7 @@ use crate::msgs::handshake::SessionId; use crate::tls12::Tls12CipherSuite; use crate::tls13::Tls13CipherSuite; -use pki_types::UnixTime; +use pki_types::{DnsName, UnixTime}; use zeroize::Zeroizing; use alloc::vec::Vec; @@ -252,7 +251,7 @@ static MAX_FRESHNESS_SKEW_MS: u32 = 60 * 1000; // --- Server types --- #[derive(Debug)] pub struct ServerSessionValue { - pub(crate) sni: Option, + pub(crate) sni: Option>, pub(crate) version: ProtocolVersion, pub(crate) cipher_suite: CipherSuite, pub(crate) master_secret: Zeroizing, @@ -300,8 +299,8 @@ impl Codec for ServerSessionValue { let has_sni = u8::read(r)?; let sni = if has_sni == 1 { let dns_name = PayloadU8::read(r)?; - let dns_name = match DnsName::try_from_ascii(&dns_name.0) { - Ok(dns_name) => dns_name, + let dns_name = match DnsName::try_from(dns_name.0.as_slice()) { + Ok(dns_name) => dns_name.to_owned(), Err(_) => return Err(InvalidMessage::InvalidServerName), }; @@ -348,7 +347,7 @@ impl Codec for ServerSessionValue { impl ServerSessionValue { pub(crate) fn new( - sni: Option<&DnsName>, + sni: Option<&DnsName<'_>>, v: ProtocolVersion, cs: CipherSuite, ms: &[u8], @@ -359,7 +358,7 @@ impl ServerSessionValue { age_obfuscation_offset: u32, ) -> Self { Self { - sni: sni.cloned(), + sni: sni.map(|dns| dns.to_owned()), version: v, cipher_suite: cs, master_secret: Zeroizing::new(PayloadU8::new(ms.to_vec())), diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 8e30f58224..54350d4f02 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -1,5 +1,5 @@ /// This module contains optional APIs for implementing QUIC TLS. -use crate::client::{ClientConfig, ClientConnectionData, ServerName}; +use crate::client::{ClientConfig, ClientConnectionData}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, SideData}; use crate::crypto::cipher::{AeadKey, Iv}; @@ -13,6 +13,8 @@ use crate::tls13::key_schedule::{ }; use crate::tls13::Tls13CipherSuite; +use pki_types::ServerName; + use alloc::boxed::Box; use alloc::collections::VecDeque; use alloc::sync::Arc; @@ -145,7 +147,7 @@ impl ClientConnection { pub fn new( config: Arc, quic_version: Version, - name: ServerName, + name: ServerName<'static>, params: Vec, ) -> Result { if !config.supports_version(ProtocolVersion::TLSv1_3) { diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 2d952b1f08..083f748516 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -1,4 +1,3 @@ -use crate::dns_name::DnsNameRef; use crate::error::Error; use crate::limited_cache; use crate::msgs::handshake::CertificateChain; @@ -6,7 +5,8 @@ use crate::server; use crate::server::ClientHello; use crate::sign; use crate::webpki::{verify_server_name, ParsedCertificate}; -use crate::ServerName; + +use pki_types::{DnsName, ServerName}; use alloc::string::{String, ToString}; use alloc::sync::Arc; @@ -163,7 +163,7 @@ impl ResolvesServerCertUsingSni { /// chain is syntactically faulty. pub fn add(&mut self, name: &str, ck: sign::CertifiedKey) -> Result<(), Error> { let server_name = { - let checked_name = DnsNameRef::try_from(name) + let checked_name = DnsName::try_from(name) .map_err(|_| Error::General("Bad DNS name".into())) .map(|name| name.to_lowercase_owned())?; ServerName::DnsName(checked_name) @@ -291,7 +291,7 @@ mod tests { #[test] fn test_resolvesservercertusingsni_handles_unknown_name() { let rscsni = ResolvesServerCertUsingSni::new(); - let name = DnsNameRef::try_from("hello.com") + let name = DnsName::try_from("hello.com") .unwrap() .to_owned(); assert!(rscsni diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 339c146721..7c83405caf 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -1,6 +1,5 @@ use crate::common_state::State; use crate::conn::ConnectionRandoms; -use crate::dns_name::DnsName; #[cfg(feature = "tls12")] use crate::enums::CipherSuite; use crate::enums::{AlertDescription, HandshakeType, ProtocolVersion, SignatureScheme}; @@ -25,6 +24,8 @@ use super::tls12; use crate::server::common::ActiveCertifiedKey; use crate::server::tls13; +use pki_types::DnsName; + use alloc::borrow::ToOwned; use alloc::boxed::Box; use alloc::sync::Arc; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 87a2349d20..0d3b77d48b 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -2,7 +2,6 @@ use crate::builder::{ConfigBuilder, WantsCipherSuites}; use crate::common_state::{CommonState, Context, Protocol, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore}; use crate::crypto::{CryptoProvider, SupportedKxGroup}; -use crate::dns_name::DnsName; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; #[cfg(feature = "logging")] @@ -18,6 +17,8 @@ use crate::KeyLog; use super::hs; +use pki_types::DnsName; + use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; @@ -117,7 +118,7 @@ pub trait ResolvesServerCert: Debug + Send + Sync { /// A struct representing the received Client Hello pub struct ClientHello<'a> { - server_name: &'a Option, + server_name: &'a Option>, signature_schemes: &'a [SignatureScheme], alpn: Option<&'a Vec>, cipher_suites: &'a [CipherSuite], @@ -824,7 +825,7 @@ impl ConnectionCore { /// State associated with a server connection. #[derive(Default, Debug)] pub struct ServerConnectionData { - pub(super) sni: Option, + pub(super) sni: Option>, pub(super) received_resumption_data: Option>, pub(super) resumption_data: Vec, pub(super) early_data: EarlyDataState, diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 9a18844526..5bba0a3281 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -1,9 +1,8 @@ use alloc::vec::Vec; use core::fmt::Debug; -use pki_types::{CertificateDer, UnixTime}; +use pki_types::{CertificateDer, ServerName, UnixTime}; -use crate::client::ServerName; use crate::enums::SignatureScheme; use crate::error::{Error, InvalidMessage}; use crate::msgs::base::PayloadU16; @@ -84,7 +83,7 @@ pub trait ServerCertVerifier: Debug + Send + Sync { &self, end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], - server_name: &ServerName, + server_name: &ServerName<'_>, ocsp_response: &[u8], now: UnixTime, ) -> Result; diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index 2ba209ddbb..0401287132 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -1,7 +1,7 @@ use alloc::vec::Vec; use pki_types::{CertificateDer, TrustAnchor}; -use webpki::extract_trust_anchor; +use webpki::anchor_from_trusted_cert; use super::pki_error; #[cfg(feature = "logging")] @@ -38,7 +38,7 @@ impl RootCertStore { for der_cert in der_certs { #[cfg_attr(not(feature = "logging"), allow(unused_variables))] - match extract_trust_anchor(&der_cert) { + match anchor_from_trusted_cert(&der_cert) { Ok(anchor) => { self.roots.push(anchor.to_owned()); valid_count += 1; @@ -70,7 +70,7 @@ impl RootCertStore { /// have been diagnosed as malformed. pub fn add(&mut self, der: CertificateDer<'_>) -> Result<(), Error> { self.roots.push( - extract_trust_anchor(&der) + anchor_from_trusted_cert(&der) .map_err(pki_error)? .to_owned(), ); diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 06c53f06f5..30dd30be4c 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -3,7 +3,7 @@ use crate::log::trace; use alloc::sync::Arc; use alloc::vec::Vec; -use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; +use pki_types::{CertificateDer, CertificateRevocationListDer, ServerName, UnixTime}; use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; use crate::crypto::CryptoProvider; @@ -15,7 +15,7 @@ use crate::webpki::verify::{ ParsedCertificate, }; use crate::webpki::{parse_crls, verify_server_name, VerifierBuilderError}; -use crate::{Error, RootCertStore, ServerName, SignatureScheme, WebPkiSupportedAlgorithms}; +use crate::{Error, RootCertStore, SignatureScheme, WebPkiSupportedAlgorithms}; /// A builder for configuring a `webpki` server certificate verifier. /// @@ -252,7 +252,7 @@ impl ServerCertVerifier for WebPkiServerVerifier { &self, end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], - server_name: &ServerName, + server_name: &ServerName<'_>, ocsp_response: &[u8], now: UnixTime, ) -> Result { diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 52e567ec95..30d656c704 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -1,13 +1,12 @@ use alloc::vec::Vec; use core::fmt; -use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime}; +use pki_types::{CertificateDer, ServerName, SignatureVerificationAlgorithm, UnixTime}; use super::anchors::RootCertStore; use super::pki_error; -use crate::client::ServerName; use crate::enums::SignatureScheme; -use crate::error::{CertificateError, Error, PeerMisbehaved}; +use crate::error::{Error, PeerMisbehaved}; use crate::verify::{DigitallySignedStruct, HandshakeSignatureValid}; @@ -43,28 +42,13 @@ pub fn verify_server_cert_signed_by_trust_anchor( /// Verify that the `end_entity` has a name or alternative name matching the `server_name` /// note: this only verifies the name and should be used in conjuction with more verification /// like [verify_server_cert_signed_by_trust_anchor] -pub fn verify_server_name(cert: &ParsedCertificate, server_name: &ServerName) -> Result<(), Error> { - match server_name { - ServerName::DnsName(dns_name) => { - // unlikely error because dns_name::DnsNameRef and webpki::DnsNameRef - // should have the same encoding rules. - let dns_name = webpki::DnsNameRef::try_from_ascii_str(dns_name.as_ref()) - .map_err(|_| Error::InvalidCertificate(CertificateError::BadEncoding))?; - let name = webpki::SubjectNameRef::DnsName(dns_name); - cert.0 - .verify_is_valid_for_subject_name(name) - .map_err(pki_error)?; - } - ServerName::IpAddress(ip_addr) => { - let ip_addr = webpki::IpAddr::from(*ip_addr); - cert.0 - .verify_is_valid_for_subject_name(webpki::SubjectNameRef::IpAddress( - webpki::IpAddrRef::from(&ip_addr), - )) - .map_err(pki_error)?; - } - } - Ok(()) +pub fn verify_server_name( + cert: &ParsedCertificate, + server_name: &ServerName<'_>, +) -> Result<(), Error> { + cert.0 + .verify_is_valid_for_subject_name(server_name) + .map_err(pki_error) } /// Describes which `webpki` signature verification algorithms are supported and diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index e614f3f84d..477f440e7c 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -12,7 +12,7 @@ use std::sync::atomic::{AtomicUsize, Ordering}; use std::sync::Arc; use std::sync::Mutex; -use pki_types::{CertificateDer, PrivateKeyDer, UnixTime}; +use pki_types::{CertificateDer, IpAddr, PrivateKeyDer, ServerName, UnixTime}; use primary_provider::cipher_suite; use primary_provider::sign::RsaSigningKey; use rustls::client::{verify_server_cert_signed_by_trust_anchor, ResolvesClientCert, Resumption}; @@ -3401,13 +3401,13 @@ impl rustls::server::StoresServerSessions for ServerStorage { #[derive(Debug, Clone)] enum ClientStorageOp { - SetKxHint(rustls::ServerName, rustls::NamedGroup), - GetKxHint(rustls::ServerName, Option), - SetTls12Session(rustls::ServerName), - GetTls12Session(rustls::ServerName, bool), - RemoveTls12Session(rustls::ServerName), - InsertTls13Ticket(rustls::ServerName), - TakeTls13Ticket(rustls::ServerName, bool), + SetKxHint(ServerName<'static>, rustls::NamedGroup), + GetKxHint(ServerName<'static>, Option), + SetTls12Session(ServerName<'static>), + GetTls12Session(ServerName<'static>, bool), + RemoveTls12Session(ServerName<'static>), + InsertTls13Ticket(ServerName<'static>), + TakeTls13Ticket(ServerName<'static>, bool), } struct ClientStorage { @@ -3441,7 +3441,7 @@ impl fmt::Debug for ClientStorage { } impl rustls::client::ClientSessionStore for ClientStorage { - fn set_kx_hint(&self, server_name: &rustls::ServerName, group: rustls::NamedGroup) { + fn set_kx_hint(&self, server_name: ServerName<'static>, group: rustls::NamedGroup) { self.ops .lock() .unwrap() @@ -3450,18 +3450,18 @@ impl rustls::client::ClientSessionStore for ClientStorage { .set_kx_hint(server_name, group) } - fn kx_hint(&self, server_name: &rustls::ServerName) -> Option { + fn kx_hint(&self, server_name: &ServerName<'_>) -> Option { let rc = self.storage.kx_hint(server_name); self.ops .lock() .unwrap() - .push(ClientStorageOp::GetKxHint(server_name.clone(), rc)); + .push(ClientStorageOp::GetKxHint(server_name.to_owned(), rc)); rc } fn set_tls12_session( &self, - server_name: &rustls::ServerName, + server_name: ServerName<'static>, value: rustls::client::Tls12ClientSessionValue, ) { self.ops @@ -3474,20 +3474,20 @@ impl rustls::client::ClientSessionStore for ClientStorage { fn tls12_session( &self, - server_name: &rustls::ServerName, + server_name: &ServerName<'_>, ) -> Option { let rc = self.storage.tls12_session(server_name); self.ops .lock() .unwrap() .push(ClientStorageOp::GetTls12Session( - server_name.clone(), + server_name.to_owned(), rc.is_some(), )); rc } - fn remove_tls12_session(&self, server_name: &rustls::ServerName) { + fn remove_tls12_session(&self, server_name: &ServerName<'static>) { self.ops .lock() .unwrap() @@ -3498,7 +3498,7 @@ impl rustls::client::ClientSessionStore for ClientStorage { fn insert_tls13_ticket( &self, - server_name: &rustls::ServerName, + server_name: ServerName<'static>, value: rustls::client::Tls13ClientSessionValue, ) { self.ops @@ -3511,7 +3511,7 @@ impl rustls::client::ClientSessionStore for ClientStorage { fn take_tls13_ticket( &self, - server_name: &rustls::ServerName, + server_name: &ServerName<'static>, ) -> Option { let rc = self .storage @@ -5471,16 +5471,16 @@ fn test_debug_server_name_from_ip() { assert_eq!( format!( "{:?}", - rustls::ServerName::IpAddress("127.0.0.1".parse().unwrap()) + ServerName::IpAddress(IpAddr::try_from("127.0.0.1").unwrap()) ), - "IpAddress(127.0.0.1)" + "IpAddress(V4(Ipv4Addr([127, 0, 0, 1])))" ) } #[test] fn test_debug_server_name_from_string() { assert_eq!( - format!("{:?}", rustls::ServerName::try_from("a.com").unwrap()), + format!("{:?}", ServerName::try_from("a.com").unwrap()), "DnsName(\"a.com\")" ) } diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 0a5e80b519..d4dbab9e5d 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -5,8 +5,8 @@ use std::io; use std::ops::{Deref, DerefMut}; use std::sync::Arc; -use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; -use webpki::extract_trust_anchor; +use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName}; +use webpki::anchor_from_trusted_cert; use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier}; use rustls::internal::msgs::codec::Reader; @@ -344,7 +344,7 @@ pub fn get_client_root_store(kt: KeyType) -> Arc { let chain = kt.get_chain(); let trust_anchor = chain.last().unwrap(); RootCertStore { - roots: vec![extract_trust_anchor(trust_anchor) + roots: vec![anchor_from_trusted_cert(trust_anchor) .unwrap() .to_owned()], } @@ -596,7 +596,7 @@ pub fn do_handshake_until_both_error( } } -pub fn server_name(name: &'static str) -> rustls::ServerName { +pub fn server_name(name: &'static str) -> ServerName<'static> { name.try_into().unwrap() } diff --git a/rustls/tests/ech.rs b/rustls/tests/ech.rs index ff9926b0b0..6e058a2f54 100644 --- a/rustls/tests/ech.rs +++ b/rustls/tests/ech.rs @@ -1,9 +1,9 @@ use base64::prelude::{Engine, BASE64_STANDARD}; +use pki_types::DnsName; use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::enums::{EchVersion, HpkeAead, HpkeKdf, HpkeKem}; use rustls::internal::msgs::handshake::{EchConfig, HpkeKeyConfig, HpkeSymmetricCipherSuite}; -use rustls::server::danger::DnsName; #[test] fn test_decode_config_list() { @@ -12,7 +12,7 @@ fn test_decode_config_list() { assert_eq!(config.contents.maximum_name_length, max_len); assert_eq!( config.contents.public_name, - DnsName::try_from_ascii(public_name.as_ref()).unwrap() + DnsName::try_from(public_name.as_ref()).unwrap() ); assert!(config.contents.extensions.0.is_empty()); } diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index d9e3ff3625..15d5a7d807 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -11,7 +11,7 @@ use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, Server use rustls::DigitallySignedStruct; use rustls::{AlertDescription, Error, InvalidMessage, SignatureScheme}; -use pki_types::{CertificateDer, UnixTime}; +use pki_types::{CertificateDer, ServerName, UnixTime}; use std::sync::Arc; @@ -167,7 +167,7 @@ impl ServerCertVerifier for MockServerVerifier { &self, end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], - server_name: &rustls::ServerName, + server_name: &ServerName<'_>, oscp_response: &[u8], now: UnixTime, ) -> Result { From 72b365074fcd2d6e6d837220d542a1d585d9c63b Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 24 Nov 2023 10:46:46 +0100 Subject: [PATCH 0449/1145] Sort dev-dependencies --- Cargo.lock | 42 +++++++++++++++++++++++++--------------- connect-tests/Cargo.toml | 2 +- rustls/Cargo.toml | 4 ++-- 3 files changed, 29 insertions(+), 19 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 69079d3b29..299fb7947d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -506,9 +506,9 @@ dependencies = [ [[package]] name = "data-encoding" -version = "2.4.0" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2e66c9d817f1720209181c316d28635c050fa304f9c79e47a520882661b7308" +checksum = "7e962a19be5cfc3f3bf6dd8f61eb50107f356ad6270fbb3ed41476571db78be5" [[package]] name = "der" @@ -675,9 +675,9 @@ checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" [[package]] name = "form_urlencoded" -version = "1.2.0" +version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a62bc1cf6f830c2ec14a513a9fb124d0a213a629668a4186f329db21fe045652" +checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456" dependencies = [ "percent-encoding", ] @@ -779,9 +779,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.28.0" +version = "0.28.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fb8d784f27acf97159b40fc4db5ecd8aa23b9ad5ef69cdd136d3bc80665f0c0" +checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" [[package]] name = "glob" @@ -859,7 +859,7 @@ dependencies = [ "futures-util", "h2", "http", - "idna", + "idna 0.4.0", "ipnet", "once_cell", "rand", @@ -871,7 +871,7 @@ dependencies = [ "tokio-rustls", "tracing", "url", - "webpki-roots 0.25.2", + "webpki-roots 0.25.3", ] [[package]] @@ -895,7 +895,7 @@ dependencies = [ "tokio", "tokio-rustls", "tracing", - "webpki-roots 0.25.2", + "webpki-roots 0.25.3", ] [[package]] @@ -1006,6 +1006,16 @@ dependencies = [ "unicode-normalization", ] +[[package]] +name = "idna" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6" +dependencies = [ + "unicode-bidi", + "unicode-normalization", +] + [[package]] name = "indexmap" version = "2.1.0" @@ -1375,9 +1385,9 @@ dependencies = [ [[package]] name = "percent-encoding" -version = "2.3.0" +version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94" +checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "pin-project-lite" @@ -2237,12 +2247,12 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "url" -version = "2.4.1" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "143b538f18257fac9cad154828a57c6bf5157e1aa604d4816b5995bf6de87ae5" +checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" dependencies = [ "form_urlencoded", - "idna", + "idna 0.5.0", "percent-encoding", ] @@ -2330,9 +2340,9 @@ dependencies = [ [[package]] name = "webpki-roots" -version = "0.25.2" +version = "0.25.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14247bb57be4f377dfb94c72830b8ce8fc6beac03cf4bf7b9732eadd414123fc" +checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10" [[package]] name = "webpki-roots" diff --git a/connect-tests/Cargo.toml b/connect-tests/Cargo.toml index cf381bfa37..22a15a77ce 100644 --- a/connect-tests/Cargo.toml +++ b/connect-tests/Cargo.toml @@ -10,6 +10,6 @@ publish = false rustls = { path = "../rustls", features = [ "logging" ]} [dev-dependencies] +hickory-resolver = { version = "0.24", features = ["dns-over-https-rustls", "webpki-roots"] } regex = "1.0" ring = "0.17" -hickory-resolver = { version = "0.24", features = ["dns-over-https-rustls", "webpki-roots"] } diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index b5b20d9f69..02d620d599 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -33,12 +33,12 @@ tls12 = [] read_buf = ["rustversion"] [dev-dependencies] +base64 = "0.21" bencher = "0.1.5" env_logger = "0.10" log = "0.4.4" -webpki-roots = "=0.26.0-alpha.2" rustls-pemfile = "=2.0.0-alpha.2" -base64 = "0.21" +webpki-roots = "=0.26.0-alpha.2" [[example]] name = "bogo_shim" From a6233dcc46e7cf8df6887b18ae2918b65298160a Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 24 Nov 2023 09:48:36 +0100 Subject: [PATCH 0450/1145] Bump rustls version to alpha.5 --- Cargo.lock | 10 +++++----- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 299fb7947d..2384f8e3de 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1724,7 +1724,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.22.0-alpha.4" +version = "0.22.0-alpha.5" dependencies = [ "aws-lc-rs", "base64", @@ -1752,7 +1752,7 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls 0.22.0-alpha.4", + "rustls 0.22.0-alpha.5", "rustls-pemfile 2.0.0-alpha.2", "rustls-pki-types", ] @@ -1764,7 +1764,7 @@ dependencies = [ "hickory-resolver", "regex", "ring 0.17.5", - "rustls 0.22.0-alpha.4", + "rustls 0.22.0-alpha.5", ] [[package]] @@ -1776,7 +1776,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.22.0-alpha.4", + "rustls 0.22.0-alpha.5", "rustls-pemfile 2.0.0-alpha.2", "rustls-pki-types", "serde", @@ -1827,7 +1827,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.22.0-alpha.4", + "rustls 0.22.0-alpha.5", "rustls-pki-types", "rustls-webpki 0.102.0-alpha.7", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index e1435d3ffc..abdec59687 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -71,7 +71,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.22.0-alpha.4" +version = "0.22.0-alpha.5" dependencies = [ "log", "ring", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 02d620d599..928bff7eaa 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.22.0-alpha.4" +version = "0.22.0-alpha.5" edition = "2021" rust-version = "1.61" license = "Apache-2.0 OR ISC OR MIT" From 8188a5b291d63ac31203d9080a0b698446b3e2e1 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Fri, 24 Nov 2023 14:51:52 +0100 Subject: [PATCH 0451/1145] fix warnings in -default +ring build --- rustls/src/crypto/ring/hmac.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index cad67878fb..47c7ec50fe 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -5,7 +5,9 @@ use crate::crypto; use alloc::boxed::Box; +#[cfg(feature = "tls12")] pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring_like::hmac::HMAC_SHA256); +#[cfg(feature = "tls12")] pub(crate) static HMAC_SHA384: Hmac = Hmac(&ring_like::hmac::HMAC_SHA384); #[cfg(test)] #[allow(dead_code)] // only for TLS1.2 prf test From e8bd45cff92f7050b98a8f023602a4af278b2c36 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Fri, 24 Nov 2023 15:59:30 +0100 Subject: [PATCH 0452/1145] CI: deny warnings when checking feature powerset --- .github/workflows/daily-tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 4fb3698a4e..072fc5835c 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -110,3 +110,5 @@ jobs: - name: Check feature powerset run: cargo hack check --feature-powerset --no-dev-deps + env: + RUSTFLAGS: --deny warnings From 0c03f660ac5eccc85a74ba6d69aa7e77da6fae55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20R=C3=BCth?= Date: Mon, 27 Nov 2023 10:42:28 +0100 Subject: [PATCH 0453/1145] Issue-1632: Ensure SharedSecret::secret_bytes is publicly accessible When implementing a `CryptoProvider` external to this crate, one needs to be able to access the underlying `secret_bytes` after a key exchange when performing the TLS 1.2 PRF. This change ensures that the bytes can be safely accessed. --- rustls/src/crypto/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 736da1528e..690d4fdd99 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -263,7 +263,7 @@ pub struct SharedSecret(Vec); impl SharedSecret { /// Returns the shared secret as a slice of bytes. - pub(crate) fn secret_bytes(&self) -> &[u8] { + pub fn secret_bytes(&self) -> &[u8] { &self.0 } } From af80fa35f6ad9eb2d092a247da357e9934c77d23 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 27 Nov 2023 09:32:19 +0100 Subject: [PATCH 0454/1145] Update semver-compatible dependencies --- Cargo.lock | 48 ++++++++++++++++++++++++------------------------ fuzz/Cargo.lock | 16 ++++++++-------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2384f8e3de..ee3c481d8d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -134,9 +134,9 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "aws-lc-rs" -version = "1.5.1" +version = "1.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96971b015c9d66a3558687fe18505d0f5c17faf67d4aa08c5ab5542d6ebb09c6" +checksum = "7bc2aa0a35a53d7cfda07a69f74d67a918ced3ec1a607f5bce5da7c3aff6bab7" dependencies = [ "aws-lc-sys", "mirai-annotations", @@ -146,9 +146,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.12.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa851b9955e1c4ab862c022a23b87b90237fd69ee715b91f9c13a20306d781e4" +checksum = "c2c6f9497a1bd3bed0a28a01b8836dbe9c7a2c521e47a14b165c64c4df592331" dependencies = [ "bindgen", "cmake", @@ -821,9 +821,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.14.2" +version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f93e7192158dbcda357bdec5fb5788eebf8bbac027f3f33e719d29135ae84156" +checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" [[package]] name = "heck" @@ -938,9 +938,9 @@ dependencies = [ [[package]] name = "hpke-rs" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be3c089364da994102385ce2bed54c7e86e190da41e0125e0213f2c061786395" +checksum = "40d78d066f8d487fa69d5c3f92f98c11e2540796d213016d107fe86eabf9f26b" dependencies = [ "hpke-rs-crypto", "log", @@ -949,9 +949,9 @@ dependencies = [ [[package]] name = "hpke-rs-crypto" -version = "0.1.2" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bdc863a0678d194f682f20790336ea8ef4ddc748abab61a9533ac5aa1e9d27d9" +checksum = "79df748353d9cee46d565f591d0039973a6554f8ef026b2647ab1ef2b64b91df" dependencies = [ "getrandom", "rand", @@ -962,9 +962,9 @@ dependencies = [ [[package]] name = "hpke-rs-rust-crypto" -version = "0.1.2" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9c0b07cafc144f03466bf2692db1616134152a6f49afc42e86c929b756876dd" +checksum = "a1d6fcfe6949aedbacad5aedb2f8ef9f054a142510e8f4f7355a4ccb3f5bd01f" dependencies = [ "aes-gcm", "chacha20poly1305", @@ -1484,9 +1484,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.69" +version = "1.0.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" +checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b" dependencies = [ "unicode-ident", ] @@ -1657,9 +1657,9 @@ dependencies = [ [[package]] name = "rsa" -version = "0.9.3" +version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86ef35bf3e7fe15a53c4ab08a998e42271eab13eb0db224126bc7bc4c4bad96d" +checksum = "6a3211b01eea83d80687da9eef70e39d65144a3894866a5153a2723e425a157f" dependencies = [ "const-oid", "digest 0.10.7", @@ -1910,18 +1910,18 @@ checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" [[package]] name = "serde" -version = "1.0.192" +version = "1.0.193" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bca2a08484b285dcb282d0f67b26cadc0df8b19f8c12502c13d966bf9482f001" +checksum = "25dd9975e68d0cb5aa1120c288333fc98731bd1dd12f561e468ea4728c042b89" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.192" +version = "1.0.193" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6c7207fbec9faa48073f3e3074cbe553af6ea512d7c21ba46e434e70ea9fbc1" +checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" dependencies = [ "proc-macro2", "quote", @@ -2106,9 +2106,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tls_codec" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aee1e621cbf57f36f5b51ebf366b57ba153be7fed133182a9513e443ecdf506e" +checksum = "d38a1d5fcfa859f0ec2b5e111dc903890bd7dac7f34713232bf9aa4fd7cad7b2" dependencies = [ "tls_codec_derive", "zeroize", @@ -2116,9 +2116,9 @@ dependencies = [ [[package]] name = "tls_codec_derive" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3226440488120aabe7e7cc80292634a68e541c407d97b66eceaae787454dae25" +checksum = "d8e00e3e7a54e0f1c8834ce72ed49c8487fbd3f801d8cfe1a0ad0640382f8e15" dependencies = [ "proc-macro2", "quote", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index abdec59687..bdbd3905f3 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -25,9 +25,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "getrandom" -version = "0.2.10" +version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" +checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" dependencies = [ "cfg-if", "libc", @@ -36,9 +36,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.148" +version = "0.2.150" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b" +checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" [[package]] name = "libfuzzer-sys" @@ -57,9 +57,9 @@ checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" [[package]] name = "ring" -version = "0.17.0" +version = "0.17.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb9d44f9bf6b635117787f72416783eb7e4227aaf255e5ce739563d817176a7e" +checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b" dependencies = [ "cc", "getrandom", @@ -199,6 +199,6 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "zeroize" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" From 078f03334b2de9d8e464755d8836318b9a221346 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 24 Nov 2023 11:38:26 -0500 Subject: [PATCH 0455/1145] provider-example: use Error::Other Previously we had to use `Error::General` when translating error instances from the hpke-rs dependencies of the provider-example into `rustls::error::Error` instances, because one of the upstream error types didn't implement `StdError`. This commit updates the hpke-rs dependency, bringing in a fix for this and allowing usage of the more appropriate `Error::GeneralError` error type. --- provider-example/Cargo.toml | 2 +- provider-example/src/hpke.rs | 22 ++++++++++------------ 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index f42aa061a7..a356a8c49b 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -12,7 +12,7 @@ der = "0.7.0" ecdsa = "0.16.8" env_logger = "0.10" hmac = "0.12.0" -hpke-rs = "0.1.0" +hpke-rs = "0.1.2" hpke-rs-crypto = "0.1.2" hpke-rs-rust-crypto = "0.1.2" p256 = "0.13.2" diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index 58c50f0371..2bdad42f0a 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -1,4 +1,6 @@ +use std::error::Error as StdError; use std::fmt::{Debug, Formatter}; +use std::sync::Arc; use hpke_rs_crypto::types::{AeadAlgorithm, KdfAlgorithm, KemAlgorithm}; use hpke_rs_crypto::HpkeCrypto; @@ -6,7 +8,7 @@ use hpke_rs_rust_crypto::HpkeRustCrypto; use rustls::crypto::hpke::{ EncapsulatedSecret, Hpke, HpkePrivateKey, HpkeProvider, HpkePublicKey, HpkeSuite, }; -use rustls::Error; +use rustls::{Error, OtherError}; pub static HPKE_PROVIDER: &'static dyn HpkeProvider = &HpkeRsProvider {}; @@ -18,9 +20,9 @@ impl HpkeProvider for HpkeRsProvider { fn start(&self, suite: &HpkeSuite) -> Result, Error> { Ok(Box::new(HpkeRs(hpke_rs::Hpke::new( hpke_rs::Mode::Base, - KemAlgorithm::try_from(suite.kem.get_u16()).map_err(general_err)?, - KdfAlgorithm::try_from(suite.sym.kdf_id.get_u16()).map_err(general_err)?, - AeadAlgorithm::try_from(suite.sym.aead_id.get_u16()).map_err(general_err)?, + KemAlgorithm::try_from(suite.kem.get_u16()).map_err(other_err)?, + KdfAlgorithm::try_from(suite.sym.kdf_id.get_u16()).map_err(other_err)?, + AeadAlgorithm::try_from(suite.sym.aead_id.get_u16()).map_err(other_err)?, )))) } @@ -59,7 +61,7 @@ impl Hpke for HpkeRs { let (enc, ciphertext) = self .0 .seal(&pk_r, info, aad, plaintext, None, None, None) - .map_err(general_err)?; + .map_err(other_err)?; Ok((EncapsulatedSecret(enc.to_vec()), ciphertext)) } @@ -83,14 +85,10 @@ impl Hpke for HpkeRs { None, None, ) - .map_err(general_err) + .map_err(other_err) } } -// TODO(XXX): Switch to using `Error::Other(Error::OtherError(err))` once a hpke-rs release -// with https://github.com/franziskuskiefer/hpke-rs/pull/44 is available. -fn general_err(err: impl Debug) -> Error { - // Presently hpke_rs::HpkeError does not implement std::error::Error, so we use Debug - // and create a general error. - Error::General(format!("{:?}", err)) +fn other_err(err: impl StdError + Send + Sync + 'static) -> Error { + Error::Other(OtherError(Arc::new(err))) } From aef3381dea494ec3d4c61c89677072f0f77a2987 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 29 Nov 2023 16:21:58 -0500 Subject: [PATCH 0456/1145] update rustls-webpki to alpha.8, pki-types to 2.2.3 Requires accommodating the new `Debug` bound requirement in the provider example, and fixing some expected output in a webpki verify test. --- Cargo.lock | 12 ++++++------ fuzz/Cargo.lock | 4 ++-- provider-example/Cargo.toml | 2 +- provider-example/src/verify.rs | 2 ++ rustls/Cargo.toml | 2 +- rustls/src/webpki/verify.rs | 2 +- 6 files changed, 13 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ee3c481d8d..319e3ab68c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1734,7 +1734,7 @@ dependencies = [ "ring 0.17.5", "rustls-pemfile 2.0.0-alpha.2", "rustls-pki-types", - "rustls-webpki 0.102.0-alpha.7", + "rustls-webpki 0.102.0-alpha.8", "rustversion", "subtle", "webpki-roots 0.26.0-alpha.2", @@ -1805,9 +1805,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "0.2.2" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdf0cbc2bc68777eb846b2b7fedf03807bb763adc585bf006ac2fa2884daa9d1" +checksum = "f0d3edd6cdcdf26eda538757038343986e666d0b8ba4b5ac1de663b78475550d" [[package]] name = "rustls-provider-example" @@ -1829,7 +1829,7 @@ dependencies = [ "rsa", "rustls 0.22.0-alpha.5", "rustls-pki-types", - "rustls-webpki 0.102.0-alpha.7", + "rustls-webpki 0.102.0-alpha.8", "serde", "serde_json", "sha2", @@ -1850,9 +1850,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.102.0-alpha.7" +version = "0.102.0-alpha.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39c0e946e5f395d68bfc4a43e9b584d2169c2685e2c584a268b6d7ef8117bcfa" +checksum = "139cdfd1d8b96f927fbe0a0c98785afe94b63e95a7ef815ebae9263d20e10a0d" dependencies = [ "aws-lc-rs", "ring 0.17.5", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index bdbd3905f3..cb810a0cc5 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -98,9 +98,9 @@ checksum = "cdf0cbc2bc68777eb846b2b7fedf03807bb763adc585bf006ac2fa2884daa9d1" [[package]] name = "rustls-webpki" -version = "0.102.0-alpha.7" +version = "0.102.0-alpha.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39c0e946e5f395d68bfc4a43e9b584d2169c2685e2c584a268b6d7ef8117bcfa" +checksum = "139cdfd1d8b96f927fbe0a0c98785afe94b63e95a7ef815ebae9263d20e10a0d" dependencies = [ "ring", "rustls-pki-types", diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index a356a8c49b..1091418e9a 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -23,7 +23,7 @@ rustls = { path = "../rustls", default-features = false, features = ["logging", rsa = { version = "0.9.0", features = ["sha2"] } sha2 = "0.10.0" signature = "2" -webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.7", features = ["alloc", "std"], default-features = false } +webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.8", features = ["alloc", "std"], default-features = false } webpki-roots = "=0.26.0-alpha.2" x25519-dalek = "2" diff --git a/provider-example/src/verify.rs b/provider-example/src/verify.rs index d8e3a90e8d..f902b3e9fa 100644 --- a/provider-example/src/verify.rs +++ b/provider-example/src/verify.rs @@ -16,6 +16,7 @@ pub static ALGORITHMS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { static RSA_PSS_SHA256: &dyn SignatureVerificationAlgorithm = &RsaPssSha256Verify; static RSA_PKCS1_SHA256: &dyn SignatureVerificationAlgorithm = &RsaPkcs1Sha256Verify; +#[derive(Debug)] struct RsaPssSha256Verify; impl SignatureVerificationAlgorithm for RsaPssSha256Verify { @@ -43,6 +44,7 @@ impl SignatureVerificationAlgorithm for RsaPssSha256Verify { } } +#[derive(Debug)] struct RsaPkcs1Sha256Verify; impl SignatureVerificationAlgorithm for RsaPkcs1Sha256Verify { diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 928bff7eaa..158746f149 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -20,7 +20,7 @@ aws-lc-rs = { version = "1.5", optional = true } log = { version = "0.4.4", optional = true } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } -webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.7", features = ["std"], default-features = false } +webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.8", features = ["std"], default-features = false } pki-types = { package = "rustls-pki-types", version = "0.2.2", features = ["std"] } zeroize = "1.6.0" diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 30d656c704..c7684f77d8 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -220,7 +220,7 @@ mod tests { #[test] fn certificate_debug() { assert_eq!( - "CertificateDer(Der([97, 98]))", + "CertificateDer(0x6162)", format!("{:?}", CertificateDer::from(b"ab".to_vec())) ); } From 74bd185f6e858cb04d20f466648def3c38ac3f3e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 29 Nov 2023 16:25:40 -0500 Subject: [PATCH 0457/1145] Cargo: 0.22.0-alpha.5 -> 0.22.0-alpha.6 --- Cargo.lock | 10 +++++----- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 319e3ab68c..f2bd59002d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1724,7 +1724,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.22.0-alpha.5" +version = "0.22.0-alpha.6" dependencies = [ "aws-lc-rs", "base64", @@ -1752,7 +1752,7 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls 0.22.0-alpha.5", + "rustls 0.22.0-alpha.6", "rustls-pemfile 2.0.0-alpha.2", "rustls-pki-types", ] @@ -1764,7 +1764,7 @@ dependencies = [ "hickory-resolver", "regex", "ring 0.17.5", - "rustls 0.22.0-alpha.5", + "rustls 0.22.0-alpha.6", ] [[package]] @@ -1776,7 +1776,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.22.0-alpha.5", + "rustls 0.22.0-alpha.6", "rustls-pemfile 2.0.0-alpha.2", "rustls-pki-types", "serde", @@ -1827,7 +1827,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.22.0-alpha.5", + "rustls 0.22.0-alpha.6", "rustls-pki-types", "rustls-webpki 0.102.0-alpha.8", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index cb810a0cc5..76d416ca89 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -71,7 +71,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.22.0-alpha.5" +version = "0.22.0-alpha.6" dependencies = [ "log", "ring", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 158746f149..bef4739da7 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.22.0-alpha.5" +version = "0.22.0-alpha.6" edition = "2021" rust-version = "1.61" license = "Apache-2.0 OR ISC OR MIT" From 3e74257be5c862fde6a40ffe81045db50a6ad7f1 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Wed, 22 Nov 2023 16:20:51 -0800 Subject: [PATCH 0458/1145] RootCertStore: better Debug impl The derive(Debug) impl was printing the subject and subjectpublickeyinfo for every single trust anchor in the root store, which made it very difficult to read other Debug output that happened to contain a RootCertStore. For instance this made the Debug output for ClientConfig extremely long, because ClientConfig often contains a WebPkiServerVerifier, which contains a RootCertStore. In the custom Debug impl, abbreviate the list of roots to simply say how many of them there are. Users who want to specifically print the contents of the root cert store can call `subjects()` and print the output of that. --- rustls/src/webpki/anchors.rs | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index 0401287132..429832ab8e 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -1,4 +1,5 @@ use alloc::vec::Vec; +use alloc::{fmt, format}; use pki_types::{CertificateDer, TrustAnchor}; use webpki::anchor_from_trusted_cert; @@ -10,7 +11,7 @@ use crate::{DistinguishedName, Error}; /// A container for root certificates able to provide a root-of-trust /// for connection authentication. -#[derive(Debug, Clone)] +#[derive(Clone)] pub struct RootCertStore { /// The list of roots. pub roots: Vec>, @@ -107,3 +108,30 @@ impl Extend> for RootCertStore { self.roots.extend(iter); } } + +impl fmt::Debug for RootCertStore { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_struct("RootCertStore") + .field("roots", &format!("({} roots)", &self.roots.len())) + .finish() + } +} + +#[test] +fn root_cert_store_debug() { + use core::iter; + use pki_types::Der; + + let mut store = RootCertStore::empty(); + let ta = TrustAnchor { + subject: Der::from_slice(&[]), + subject_public_key_info: Der::from_slice(&[]), + name_constraints: None, + }; + store.extend(iter::repeat(ta).take(138)); + + assert_eq!( + format!("{:?}", store), + "RootCertStore { roots: \"(138 roots)\" }" + ); +} From a2e43e26263c624bef98301599e85a2977833fa0 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Wed, 29 Nov 2023 16:01:02 -0800 Subject: [PATCH 0459/1145] api: move TicketSwitcher to ticketer::Ticketer The top level of the crate is meant for "paved path" exports. In 0.21.x, there was a top-level `struct Ticketer`. In current `main`, that's been moved to the separate crypto providers. Additionally, there is a new public type `TicketSwitcher`. This type should probably not be at the top level. --- rustls/src/lib.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index c89f3b24ac..7ce71f8a12 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -375,7 +375,6 @@ mod enums; mod key_log; mod key_log_file; mod suites; -mod ticketer; mod versions; mod webpki; @@ -451,7 +450,6 @@ pub use crate::stream::{Stream, StreamOwned}; pub use crate::suites::{ CipherSuiteCommon, ConnectionTrafficSecrets, ExtractedSecrets, SupportedCipherSuite, }; -pub use crate::ticketer::TicketSwitcher; #[cfg(feature = "tls12")] pub use crate::tls12::Tls12CipherSuite; pub use crate::tls13::Tls13CipherSuite; @@ -545,5 +543,8 @@ pub mod sign { /// APIs for implementing QUIC TLS pub mod quic; +/// APIs for implementing TLS tickets +pub mod ticketer; + /// This is the rustls manual. pub mod manual; From d931562cf3f7347e3e2f91dc27576a4c0695a165 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Wed, 29 Nov 2023 16:19:20 -0800 Subject: [PATCH 0460/1145] api: move WebPkiSupportedAlgorithms to crypto The top level of the crate is meant for "paved path" exports. This newly exported type is used for cryptographic provider customization, so it properly belongs in the `crypto` module. --- provider-example/src/lib.rs | 2 +- provider-example/src/verify.rs | 3 ++- rustls/src/crypto/mod.rs | 7 ++++--- rustls/src/lib.rs | 2 +- rustls/src/webpki/client_verifier.rs | 4 ++-- rustls/src/webpki/server_verifier.rs | 4 ++-- rustls/tests/api.rs | 2 +- 7 files changed, 13 insertions(+), 11 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 820f22952c..3817128dce 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -42,7 +42,7 @@ impl rustls::crypto::CryptoProvider for Provider { Ok(Arc::new(key)) } - fn signature_verification_algorithms(&self) -> rustls::WebPkiSupportedAlgorithms { + fn signature_verification_algorithms(&self) -> rustls::crypto::WebPkiSupportedAlgorithms { verify::ALGORITHMS } } diff --git a/provider-example/src/verify.rs b/provider-example/src/verify.rs index f902b3e9fa..4f7670c7ed 100644 --- a/provider-example/src/verify.rs +++ b/provider-example/src/verify.rs @@ -2,7 +2,8 @@ use der::Reader; use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm}; use rsa::signature::Verifier; use rsa::{pkcs1v15, pss, BigUint, RsaPublicKey}; -use rustls::{SignatureScheme, WebPkiSupportedAlgorithms}; +use rustls::crypto::WebPkiSupportedAlgorithms; +use rustls::SignatureScheme; use webpki::alg_id; pub static ALGORITHMS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 690d4fdd99..4c0fb1e673 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,6 +1,5 @@ use crate::sign::SigningKey; use crate::suites; -use crate::webpki::WebPkiSupportedAlgorithms; use crate::{Error, NamedGroup}; use alloc::boxed::Box; @@ -11,6 +10,8 @@ use core::fmt::Debug; use pki_types::PrivateKeyDer; use zeroize::Zeroize; +pub use crate::webpki::WebPkiSupportedAlgorithms; + /// *ring* based CryptoProvider. #[cfg(feature = "ring")] pub mod ring; @@ -110,7 +111,7 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// RING.default_kx_groups() /// } /// -/// fn signature_verification_algorithms(&self) -> rustls::WebPkiSupportedAlgorithms { +/// fn signature_verification_algorithms(&self) -> rustls::crypto::WebPkiSupportedAlgorithms { /// RING.signature_verification_algorithms() /// } /// @@ -129,7 +130,7 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// - **Cipher suites** - see [`crate::SupportedCipherSuite`], [`crate::Tls12CipherSuite`], and /// [`crate::Tls13CipherSuite`]. /// - **Key exchange groups** - see [`crate::crypto::SupportedKxGroup`]. -/// - **Signature verification algorithms** - see [`crate::WebPkiSupportedAlgorithms`]. +/// - **Signature verification algorithms** - see [`crate::crypto::WebPkiSupportedAlgorithms`]. /// - **Authentication key loading** - see [`crate::crypto::CryptoProvider::load_private_key()`] and /// [`crate::sign::SigningKey`]. /// diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 7ce71f8a12..d829ad61ab 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -455,7 +455,7 @@ pub use crate::tls12::Tls12CipherSuite; pub use crate::tls13::Tls13CipherSuite; pub use crate::verify::DigitallySignedStruct; pub use crate::versions::{SupportedProtocolVersion, ALL_VERSIONS, DEFAULT_VERSIONS}; -pub use crate::webpki::{RootCertStore, WebPkiSupportedAlgorithms}; +pub use crate::webpki::RootCertStore; /// Items for use in a client. pub mod client { diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index cdf0f35490..84fbe593a5 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -5,14 +5,14 @@ use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; use super::{pki_error, VerifierBuilderError}; -use crate::crypto::CryptoProvider; +use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms}; use crate::verify::{ ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid, NoClientAuth, }; use crate::webpki::parse_crls; use crate::webpki::verify::{verify_signed_struct, verify_tls13, ParsedCertificate}; -use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme, WebPkiSupportedAlgorithms}; +use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme}; /// A builder for configuring a `webpki` client certificate verifier. /// diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 30dd30be4c..e06112905e 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -6,7 +6,7 @@ use alloc::vec::Vec; use pki_types::{CertificateDer, CertificateRevocationListDer, ServerName, UnixTime}; use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; -use crate::crypto::CryptoProvider; +use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms}; use crate::verify::{ DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, }; @@ -15,7 +15,7 @@ use crate::webpki::verify::{ ParsedCertificate, }; use crate::webpki::{parse_crls, verify_server_name, VerifierBuilderError}; -use crate::{Error, RootCertStore, SignatureScheme, WebPkiSupportedAlgorithms}; +use crate::{Error, RootCertStore, SignatureScheme}; /// A builder for configuring a `webpki` server certificate verifier. /// diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 477f440e7c..ab7f5ba204 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5546,7 +5546,7 @@ impl rustls::crypto::CryptoProvider for FaultyRandomProvider { self.parent.load_private_key(key_der) } - fn signature_verification_algorithms(&self) -> rustls::WebPkiSupportedAlgorithms { + fn signature_verification_algorithms(&self) -> rustls::crypto::WebPkiSupportedAlgorithms { self.parent .signature_verification_algorithms() } From 0861d5fcd1bf03084c5704be52e918167bbbaa0f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 30 Nov 2023 14:26:06 +0000 Subject: [PATCH 0461/1145] ci-bench: ignore-list aws-lc-rs RSA key validation --- ci-bench/src/main.rs | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 200ffdbc56..38fbd0c3b5 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -666,6 +666,8 @@ struct CompareResult { negligible: Vec, /// Benchmark scenarios present in the candidate but missing in the baseline missing_in_baseline: Vec, + /// Benchmark scenarios we know are extremely non-deterministic. + known_noisy: Vec, } /// Contains information about instruction counts and their difference for a specific scenario @@ -716,6 +718,8 @@ fn compare_results( ) -> anyhow::Result { let mut diffs = Vec::new(); let mut missing = Vec::new(); + let mut known_noisy = Vec::new(); + for (scenario, &instr_count) in candidate { let Some(&baseline_instr_count) = baseline.get(scenario) else { missing.push(scenario.clone()); @@ -724,13 +728,18 @@ fn compare_results( let diff = instr_count as i64 - baseline_instr_count as i64; let diff_ratio = diff as f64 / baseline_instr_count as f64; - diffs.push(Diff { + let diff = Diff { scenario: scenario.clone(), baseline: baseline_instr_count, candidate: instr_count, diff, diff_ratio, - }); + }; + + match is_known_noisy(scenario) { + true => known_noisy.push(diff), + false => diffs.push(diff), + }; } diffs.sort_by(|diff1, diff2| { @@ -752,9 +761,26 @@ fn compare_results( noteworthy: noteworthy_with_details, negligible, missing_in_baseline: missing, + known_noisy, }) } +fn is_known_noisy(scenario_name: &str) -> bool { + // aws-lc-rs RSA key validation is non-deterministic, and expensive in relative terms for + // "cheaper" tests, and only done for server-side tests. Exclude these tests + // from comparison. + // + // Better solutions for this include: + // - https://github.com/rustls/rustls/issues/1494: exclude key validation in these tests. + // Key validation is benchmarked separately elsewhere, and mostly amortised into + // insignificance in real-world scenarios. + // - Find a way to make aws-lc-rs deterministic, such as by replacing its RNG with a + // test-only one. + scenario_name.contains("_aws_lc_rs_") + && scenario_name.contains("_rsa_") + && scenario_name.ends_with("_server") +} + /// Prints a report of the comparison to stdout, using GitHub-flavored markdown fn print_report(result: &CompareResult) { println!("# Benchmark results"); @@ -803,6 +829,14 @@ fn print_report(result: &CompareResult) { table(result.negligible.iter(), false); println!("\n") } + + if !result.known_noisy.is_empty() { + println!("### â€¼ï¸ Caution: ignored noisy benchmarks"); + println!("
"); + println!("Click to expand\n"); + table(result.known_noisy.iter(), false); + println!("
\n") + } } /// Splits the diffs into two `Vec`s, the first one containing the diffs that exceed the threshold, From 4736733f22d8d647447e0b83c3e657a87a2d7b5a Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Wed, 29 Nov 2023 17:34:22 -0800 Subject: [PATCH 0462/1145] Reverse order of main vs PR --- .github/workflows/icount-bench.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/icount-bench.yml b/.github/workflows/icount-bench.yml index f98c76a31b..2fb5b0901a 100644 --- a/.github/workflows/icount-bench.yml +++ b/.github/workflows/icount-bench.yml @@ -15,14 +15,6 @@ jobs: - name: Install stable toolchain uses: dtolnay/rust-toolchain@stable - - name: Checkout PR - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Run icount benchmarks for PR - run: cd ci-bench && cargo run --locked --release -- run-all --output-dir ${{ runner.temp }}/pr - - name: Checkout ${{ github.base_ref }} uses: actions/checkout@v4 with: @@ -33,5 +25,13 @@ jobs: - name: Run icount benchmarks for ${{ github.base_ref }} run: cd ci-bench && cargo run --locked --release -- run-all --output-dir ${{ runner.temp }}/base + - name: Checkout PR + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Run icount benchmarks for PR + run: cd ci-bench && cargo run --locked --release -- run-all --output-dir ${{ runner.temp }}/pr + - name: Compare results run: cd ci-bench && cargo run --locked --release -- compare ${{ runner.temp }}/base ${{ runner.temp }}/pr > $GITHUB_STEP_SUMMARY From 656ad6d5d61dbda28c54761b1de1e758e63bd67f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 27 Nov 2023 16:49:55 -0500 Subject: [PATCH 0463/1145] webpki: rename verify_signed_struct, verify_tls13 The crate-internal `verify_signed_struct` and `verify_tls13` helpers in `webpki::verify` are only used from the context of `{ClientCertVerifier|ServerCertVerifier}::{verify_tls12_signature|verify_tls13_signature}` and `WebPkiServerVerifier::{default_verify_tls12_signature|default_verify_tls13_signature}`. This commit renames both helpers to match the name used in the call-sites, making usage clearer. --- rustls/src/webpki/client_verifier.rs | 6 +++--- rustls/src/webpki/server_verifier.rs | 10 +++++----- rustls/src/webpki/verify.rs | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 84fbe593a5..daec45b497 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -11,7 +11,7 @@ use crate::verify::{ NoClientAuth, }; use crate::webpki::parse_crls; -use crate::webpki::verify::{verify_signed_struct, verify_tls13, ParsedCertificate}; +use crate::webpki::verify::{verify_tls12_signature, verify_tls13_signature, ParsedCertificate}; use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme}; /// A builder for configuring a `webpki` client certificate verifier. @@ -372,7 +372,7 @@ impl ClientCertVerifier for WebPkiClientVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - verify_signed_struct(message, cert, dss, &self.supported_algs) + verify_tls12_signature(message, cert, dss, &self.supported_algs) } fn verify_tls13_signature( @@ -381,7 +381,7 @@ impl ClientCertVerifier for WebPkiClientVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - verify_tls13(message, cert, dss, &self.supported_algs) + verify_tls13_signature(message, cert, dss, &self.supported_algs) } fn supported_verify_schemes(&self) -> Vec { diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index e06112905e..86682ebaff 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -11,7 +11,7 @@ use crate::verify::{ DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, }; use crate::webpki::verify::{ - verify_server_cert_signed_by_trust_anchor_impl, verify_signed_struct, verify_tls13, + verify_server_cert_signed_by_trust_anchor_impl, verify_tls12_signature, verify_tls13_signature, ParsedCertificate, }; use crate::webpki::{parse_crls, verify_server_name, VerifierBuilderError}; @@ -203,7 +203,7 @@ impl WebPkiServerVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - verify_signed_struct( + verify_tls12_signature( message, cert, dss, @@ -219,7 +219,7 @@ impl WebPkiServerVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - verify_tls13( + verify_tls13_signature( message, cert, dss, @@ -301,7 +301,7 @@ impl ServerCertVerifier for WebPkiServerVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - verify_signed_struct(message, cert, dss, &self.supported) + verify_tls12_signature(message, cert, dss, &self.supported) } fn verify_tls13_signature( @@ -310,7 +310,7 @@ impl ServerCertVerifier for WebPkiServerVerifier { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - verify_tls13(message, cert, dss, &self.supported) + verify_tls13_signature(message, cert, dss, &self.supported) } fn supported_verify_schemes(&self) -> Vec { diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index c7684f77d8..874e85b2be 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -144,7 +144,7 @@ fn verify_sig_using_any_alg( Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey) } -pub(crate) fn verify_signed_struct( +pub(crate) fn verify_tls12_signature( message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, @@ -158,7 +158,7 @@ pub(crate) fn verify_signed_struct( .map(|_| HandshakeSignatureValid::assertion()) } -pub(crate) fn verify_tls13( +pub(crate) fn verify_tls13_signature( msg: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, From 1b1c9f2ac6f200f5438dd3422699a966c620cc98 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 27 Nov 2023 17:05:48 -0500 Subject: [PATCH 0464/1145] webpki: in-line single use verify_sig_using_any_alg This was only used by verify_tls12_signature, let's in-line that logic since it will make it easier to document what the function does in one place. --- rustls/src/webpki/verify.rs | 34 +++++++++++++--------------------- 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 874e85b2be..1af3fb517f 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -126,24 +126,6 @@ impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { } } -fn verify_sig_using_any_alg( - cert: &webpki::EndEntityCert, - algs: &[&'static dyn SignatureVerificationAlgorithm], - message: &[u8], - sig: &[u8], -) -> Result<(), webpki::Error> { - // TLS doesn't itself give us enough info to map to a single pki_types::SignatureVerificationAlgorithm. - // Therefore, convert_algs maps to several and we try them all. - for alg in algs { - match cert.verify_signature(*alg, message, sig) { - Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey) => continue, - res => return res, - } - } - - Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey) -} - pub(crate) fn verify_tls12_signature( message: &[u8], cert: &CertificateDer<'_>, @@ -153,9 +135,19 @@ pub(crate) fn verify_tls12_signature( let possible_algs = supported_schemes.convert_scheme(dss.scheme)?; let cert = webpki::EndEntityCert::try_from(cert).map_err(pki_error)?; - verify_sig_using_any_alg(&cert, possible_algs, message, dss.signature()) - .map_err(pki_error) - .map(|_| HandshakeSignatureValid::assertion()) + // TLS doesn't itself give us enough info to map to a single pki_types::SignatureVerificationAlgorithm. + // Therefore, convert_algs maps to several and we try them all. + for alg in possible_algs { + match cert.verify_signature(*alg, message, dss.signature()) { + Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey) => continue, + Err(e) => return Err(pki_error(e)), + Ok(()) => return Ok(HandshakeSignatureValid::assertion()), + } + } + + Err(pki_error( + webpki::Error::UnsupportedSignatureAlgorithmForPublicKey, + )) } pub(crate) fn verify_tls13_signature( From b0bcc9e06fdfb97bf79948b94bb892ad2dbcdd64 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 27 Nov 2023 17:16:32 -0500 Subject: [PATCH 0465/1145] webpki: add rustdoc for verify helpers The old `verify_tls12_signature` referred to a `convert_algs` that doesn't exist. Let's give more context to both the tls12 and tls13 signature verification fns and link to `WebPkiSupportedAlgorithms::mapping` for more info. --- rustls/src/webpki/verify.rs | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 1af3fb517f..7f67c31d77 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -126,6 +126,14 @@ impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { } } +/// Verify a message signature using the `cert` public key and any supported scheme. +/// +/// This function verifies the `dss` signature over `message` using the subject public key from +/// `cert`. Since TLS 1.2 doesn't provide enough information to map the `dss.scheme` into a single +/// [`SignatureVerificationAlgorithm`], this function will map to several candidates and try each in +/// succession until one succeeds or we exhaust all candidates. +/// +/// See [WebPkiSupportedAlgorithms::mapping] for more information. pub(crate) fn verify_tls12_signature( message: &[u8], cert: &CertificateDer<'_>, @@ -135,8 +143,6 @@ pub(crate) fn verify_tls12_signature( let possible_algs = supported_schemes.convert_scheme(dss.scheme)?; let cert = webpki::EndEntityCert::try_from(cert).map_err(pki_error)?; - // TLS doesn't itself give us enough info to map to a single pki_types::SignatureVerificationAlgorithm. - // Therefore, convert_algs maps to several and we try them all. for alg in possible_algs { match cert.verify_signature(*alg, message, dss.signature()) { Err(webpki::Error::UnsupportedSignatureAlgorithmForPublicKey) => continue, @@ -150,6 +156,12 @@ pub(crate) fn verify_tls12_signature( )) } +/// Verify a message signature using the `cert` public key and the first TLS 1.3 compatible +/// supported scheme. +/// +/// This function verifies the `dss` signature over `message` using the subject public key from +/// `cert`. Unlike [verify_tls12_signature], this function only tries the first matching scheme. See +/// [WebPkiSupportedAlgorithms::mapping] for more information. pub(crate) fn verify_tls13_signature( msg: &[u8], cert: &CertificateDer<'_>, From c57a7342ecbdf291038e89d1e6c2dd61a3d897b1 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 27 Nov 2023 17:19:46 -0500 Subject: [PATCH 0466/1145] lib: consolidate crate::webpki re-exports in server --- rustls/src/lib.rs | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index d829ad61ab..261de75142 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -505,8 +505,9 @@ pub mod server { mod tls13; pub use crate::verify::NoClientAuth; - pub use crate::webpki::WebPkiClientVerifier; - pub use crate::webpki::{ClientCertVerifierBuilder, VerifierBuilderError}; + pub use crate::webpki::{ + ClientCertVerifierBuilder, ParsedCertificate, VerifierBuilderError, WebPkiClientVerifier, + }; pub use builder::WantsServerCert; pub use handy::ResolvesServerCertUsingSni; pub use handy::{NoServerSessionStorage, ServerSessionMemoryCache}; @@ -520,8 +521,6 @@ pub mod server { pub mod danger { pub use crate::verify::{ClientCertVerified, ClientCertVerifier}; } - - pub use crate::webpki::ParsedCertificate; } pub use server::{ServerConfig, ServerConnection}; From c5dfd6237536ecbbfab4ef42c8db1e0949adc001 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 27 Nov 2023 17:34:50 -0500 Subject: [PATCH 0467/1145] webpki: export WebPkiSupportedAlgorithms::supported_schemes This small helper is useful in downstream code. The `WebPkiSupportedAlgorithms` type is already public, and so are the `SignatureScheme`s returned. Making this available saves downstream code from having to re-implement this same iterate -> map -> collect. --- rustls/src/webpki/verify.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 7f67c31d77..f9f2531b15 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -82,7 +82,7 @@ pub struct WebPkiSupportedAlgorithms { impl WebPkiSupportedAlgorithms { /// Return all the `scheme` items in `mapping`, maintaining order. - pub(crate) fn supported_schemes(&self) -> Vec { + pub fn supported_schemes(&self) -> Vec { self.mapping .iter() .map(|item| item.0) From 44298191d745e2fd4eb92e52ab256573ad3e7211 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 30 Nov 2023 09:58:35 -0500 Subject: [PATCH 0468/1145] lib: export webpki tls12/tls13 sig verify helpers under crypto The `verify_tls12_signature` and `verify_tls13_signature` helpers from the `webpki::verify` module can be useful when implementing a custom client/server certificate verifier. This commit exports them under the `crypto` mod alongside the `WebPkiSupportedAlgorithms` type they rely on. --- rustls/src/crypto/mod.rs | 4 +++- rustls/src/webpki/mod.rs | 2 +- rustls/src/webpki/verify.rs | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 4c0fb1e673..9c5e39e87d 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -10,7 +10,9 @@ use core::fmt::Debug; use pki_types::PrivateKeyDer; use zeroize::Zeroize; -pub use crate::webpki::WebPkiSupportedAlgorithms; +pub use crate::webpki::{ + verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms, +}; /// *ring* based CryptoProvider. #[cfg(feature = "ring")] diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index c00d15b677..b43cde512b 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -18,7 +18,7 @@ pub use anchors::RootCertStore; pub use client_verifier::{ClientCertVerifierBuilder, WebPkiClientVerifier}; pub use server_verifier::{ServerCertVerifierBuilder, WebPkiServerVerifier}; -pub use verify::WebPkiSupportedAlgorithms; +pub use verify::{verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms}; // Conditionally exported from crate. #[allow(unreachable_pub)] diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index f9f2531b15..8ef7660a9f 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -134,7 +134,7 @@ impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { /// succession until one succeeds or we exhaust all candidates. /// /// See [WebPkiSupportedAlgorithms::mapping] for more information. -pub(crate) fn verify_tls12_signature( +pub fn verify_tls12_signature( message: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, @@ -162,7 +162,7 @@ pub(crate) fn verify_tls12_signature( /// This function verifies the `dss` signature over `message` using the subject public key from /// `cert`. Unlike [verify_tls12_signature], this function only tries the first matching scheme. See /// [WebPkiSupportedAlgorithms::mapping] for more information. -pub(crate) fn verify_tls13_signature( +pub fn verify_tls13_signature( msg: &[u8], cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, From d963be3c45c64f1078ba84786e510df267eed945 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 30 Nov 2023 09:48:51 -0500 Subject: [PATCH 0469/1145] webpki: remove 'default' WebPkiServerVerifier helpers These helpers assumed the *ring* crypto provider. Consumers can now use the exported `verify_tls12_signature` and `verify_tls13_signature` helpers with the crypto provider of their choice to implement these fns. Similarly since `WebPkiSupportedAlgorithms` now exposes the `supported_schemes` fn there's no need for the `default_supported_verify_schemes` helper. --- examples/src/bin/tlsclient-mio.rs | 20 +++++++++++--- rustls/src/webpki/server_verifier.rs | 41 ---------------------------- 2 files changed, 16 insertions(+), 45 deletions(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index de9292eac1..1abc384189 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -312,7 +312,7 @@ fn load_private_key(filename: &str) -> PrivateKeyDer<'static> { mod danger { use pki_types::{CertificateDer, ServerName, UnixTime}; use rustls::client::danger::HandshakeSignatureValid; - use rustls::client::WebPkiServerVerifier; + use rustls::crypto::{verify_tls12_signature, verify_tls13_signature}; use rustls::DigitallySignedStruct; #[derive(Debug)] @@ -336,7 +336,12 @@ mod danger { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - WebPkiServerVerifier::default_verify_tls12_signature(message, cert, dss) + verify_tls12_signature( + message, + cert, + dss, + &rustls::crypto::ring::RING.signature_verification_algorithms(), + ) } fn verify_tls13_signature( @@ -345,11 +350,18 @@ mod danger { cert: &CertificateDer<'_>, dss: &DigitallySignedStruct, ) -> Result { - WebPkiServerVerifier::default_verify_tls13_signature(message, cert, dss) + verify_tls13_signature( + message, + cert, + dss, + &rustls::crypto::ring::RING.signature_verification_algorithms(), + ) } fn supported_verify_schemes(&self) -> Vec { - WebPkiServerVerifier::default_supported_verify_schemes() + rustls::crypto::ring::RING + .signature_verification_algorithms() + .supported_schemes() } } } diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 86682ebaff..0d43a0f1b9 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -194,47 +194,6 @@ impl WebPkiServerVerifier { supported, } } - - /// A full implementation of `ServerCertVerifier::verify_tls12_signature` or - /// `ClientCertVerifier::verify_tls12_signature`. - #[cfg(feature = "ring")] - pub fn default_verify_tls12_signature( - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - verify_tls12_signature( - message, - cert, - dss, - &crate::crypto::ring::RING.signature_verification_algorithms(), - ) - } - - /// A full implementation of `ServerCertVerifier::verify_tls13_signature` or - /// `ClientCertVerifier::verify_tls13_signature`. - #[cfg(feature = "ring")] - pub fn default_verify_tls13_signature( - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - verify_tls13_signature( - message, - cert, - dss, - &crate::crypto::ring::RING.signature_verification_algorithms(), - ) - } - - /// A full implementation of `ServerCertVerifier::supported_verify_schemes()` or - /// `ClientCertVerifier::supported_verify_schemes()`. - #[cfg(feature = "ring")] - pub fn default_supported_verify_schemes() -> Vec { - crate::crypto::ring::RING - .signature_verification_algorithms() - .supported_schemes() - } } impl ServerCertVerifier for WebPkiServerVerifier { From 53ed597fa19d412d16957a6dffc3c21b1a4c72f4 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 23 Nov 2023 13:05:04 -0500 Subject: [PATCH 0470/1145] crypto: split out SecureRandom trait We're working towards making `CryptoProvider` a struct holding distinct elements to be used for cryptography. To support this the `fill_random` fn needs to be lifted to a new trait, `SecureRandom`. We can hold a `&dyn SecureRandom` in the to-be-added struct to invoke as required for `fill_random`. Since the trait now provides additional context, the fn is renamed from `fill_random` to `fill`. This commit adds the new trait, includes `SecureRandom` in the existing `CryptoProvider` trait bounds, and updates the *ring*, aws-lc-rs, and provider example crypto providers to implement `SecureRandom`. --- provider-example/src/lib.rs | 16 +++++----- rustls/src/crypto/aws_lc_rs/mod.rs | 20 +++++++------ rustls/src/crypto/mod.rs | 33 ++++++++++---------- rustls/src/crypto/ring/mod.rs | 20 +++++++------ rustls/src/msgs/handshake.rs | 4 +-- rustls/src/rand.rs | 4 +-- rustls/tests/api.rs | 48 ++++++++++++++---------------- 7 files changed, 76 insertions(+), 69 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 3817128dce..1a7cb2c87d 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -18,13 +18,6 @@ pub static PROVIDER: &'static dyn rustls::crypto::CryptoProvider = &Provider; struct Provider; impl rustls::crypto::CryptoProvider for Provider { - fn fill_random(&self, bytes: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { - use rand_core::RngCore; - rand_core::OsRng - .try_fill_bytes(bytes) - .map_err(|_| rustls::crypto::GetRandomFailed) - } - fn default_cipher_suites(&self) -> &'static [rustls::SupportedCipherSuite] { ALL_CIPHER_SUITES } @@ -47,6 +40,15 @@ impl rustls::crypto::CryptoProvider for Provider { } } +impl rustls::crypto::SecureRandom for Provider { + fn fill(&self, bytes: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { + use rand_core::RngCore; + rand_core::OsRng + .try_fill_bytes(bytes) + .map_err(|_| rustls::crypto::GetRandomFailed) + } +} + static ALL_CIPHER_SUITES: &[rustls::SupportedCipherSuite] = &[ TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index a83ec7cbe9..a03bd3bff3 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -1,4 +1,4 @@ -use crate::crypto::{CryptoProvider, SupportedKxGroup}; +use crate::crypto::{CryptoProvider, SecureRandom, SupportedKxGroup}; use crate::enums::SignatureScheme; use crate::rand::GetRandomFailed; use crate::sign::SigningKey; @@ -41,14 +41,6 @@ pub static AWS_LC_RS: &dyn CryptoProvider = &AwsLcRs; struct AwsLcRs; impl CryptoProvider for AwsLcRs { - fn fill_random(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed> { - use ring_like::rand::SecureRandom; - - ring_like::rand::SystemRandom::new() - .fill(buf) - .map_err(|_| GetRandomFailed) - } - fn default_cipher_suites(&self) -> &'static [SupportedCipherSuite] { DEFAULT_CIPHER_SUITES } @@ -70,6 +62,16 @@ impl CryptoProvider for AwsLcRs { } } +impl SecureRandom for AwsLcRs { + fn fill(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed> { + use ring_like::rand::SecureRandom; + + ring_like::rand::SystemRandom::new() + .fill(buf) + .map_err(|_| GetRandomFailed) + } +} + /// The cipher suite configuration that an application should use by default. /// /// This will be [`ALL_CIPHER_SUITES`] sans any supported cipher suites that diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 9c5e39e87d..510f155198 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -102,7 +102,7 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// /// impl rustls::crypto::CryptoProvider for HsmKeyLoader { /// fn fill_random(&self, buf: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { -/// RING.fill_random(buf) +/// RING.fill(buf) /// } /// /// fn default_cipher_suites(&self) -> &'static [rustls::SupportedCipherSuite] { @@ -128,7 +128,7 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// /// The elements are documented separately: /// -/// - **Random** - see [`crate::crypto::CryptoProvider::fill_random()`]. +/// - **Random** - see [`crate::crypto::CryptoProvider::fill()`]. /// - **Cipher suites** - see [`crate::SupportedCipherSuite`], [`crate::Tls12CipherSuite`], and /// [`crate::Tls13CipherSuite`]. /// - **Key exchange groups** - see [`crate::crypto::SupportedKxGroup`]. @@ -152,19 +152,7 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// [provider-example/]: https://github.com/rustls/rustls/tree/main/provider-example/ /// [rust-crypto]: https://github.com/rustcrypto /// [dalek-cryptography]: https://github.com/dalek-cryptography -pub trait CryptoProvider: Send + Sync + Debug + 'static { - /// Fill the given buffer with random bytes. - /// - /// The bytes must be sourced from a cryptographically secure random number - /// generator seeded with good quality, secret entropy. - /// - /// This is used for all randomness required by rustls, but not necessarily - /// randomness required by the underlying cryptography library. For example: - /// [`crate::crypto::SupportedKxGroup::start()`] requires random material to generate - /// an ephemeral key exchange key, but this is not included in the interface with - /// rustls: it is assumed that the cryptography library provides for this itself. - fn fill_random(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed>; - +pub trait CryptoProvider: SecureRandom + Send + Sync + Debug + 'static { /// Provide a safe set of cipher suites that can be used as the defaults. /// /// This is used by [`crate::ConfigBuilder::with_safe_defaults()`] and @@ -211,6 +199,21 @@ pub trait CryptoProvider: Send + Sync + Debug + 'static { fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms; } +/// A source of cryptographically secure randomness. +pub trait SecureRandom: Send + Sync + Debug { + /// Fill the given buffer with random bytes. + /// + /// The bytes must be sourced from a cryptographically secure random number + /// generator seeded with good quality, secret entropy. + /// + /// This is used for all randomness required by rustls, but not necessarily + /// randomness required by the underlying cryptography library. For example: + /// [`SupportedKxGroup::start()`] requires random material to generate + /// an ephemeral key exchange key, but this is not included in the interface with + /// rustls: it is assumed that the cryptography library provides for this itself. + fn fill(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed>; +} + /// A supported key exchange group. /// /// This type carries both configuration and implementation. Specifically, diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 8681d2dca0..ec0b962aa9 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -1,4 +1,4 @@ -use crate::crypto::{CryptoProvider, SupportedKxGroup}; +use crate::crypto::{CryptoProvider, SecureRandom, SupportedKxGroup}; use crate::enums::SignatureScheme; use crate::rand::GetRandomFailed; use crate::sign::SigningKey; @@ -36,14 +36,6 @@ pub static RING: &dyn CryptoProvider = &Ring; struct Ring; impl CryptoProvider for Ring { - fn fill_random(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed> { - use ring_like::rand::SecureRandom; - - ring_like::rand::SystemRandom::new() - .fill(buf) - .map_err(|_| GetRandomFailed) - } - fn default_cipher_suites(&self) -> &'static [SupportedCipherSuite] { DEFAULT_CIPHER_SUITES } @@ -65,6 +57,16 @@ impl CryptoProvider for Ring { } } +impl SecureRandom for Ring { + fn fill(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed> { + use ring_like::rand::SecureRandom; + + ring_like::rand::SystemRandom::new() + .fill(buf) + .map_err(|_| GetRandomFailed) + } +} + /// The cipher suite configuration that an application should use by default. /// /// This will be [`ALL_CIPHER_SUITES`] sans any supported cipher suites that diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index fbd208b84e..dffc21fd50 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -101,7 +101,7 @@ impl Random { provider: &'static dyn CryptoProvider, ) -> Result { let mut data = [0u8; 32]; - provider.fill_random(&mut data)?; + provider.fill(&mut data)?; Ok(Self(data)) } } @@ -167,7 +167,7 @@ impl Codec for SessionId { impl SessionId { pub fn random(provider: &'static dyn CryptoProvider) -> Result { let mut data = [0u8; 32]; - provider.fill_random(&mut data)?; + provider.fill(&mut data)?; Ok(Self { data, len: 32 }) } diff --git a/rustls/src/rand.rs b/rustls/src/rand.rs index 77567322a3..60314fca2f 100644 --- a/rustls/src/rand.rs +++ b/rustls/src/rand.rs @@ -11,14 +11,14 @@ pub(crate) fn random_vec( len: usize, ) -> Result, GetRandomFailed> { let mut v = vec![0; len]; - provider.fill_random(&mut v)?; + provider.fill(&mut v)?; Ok(v) } /// Return a uniformly random [`u32`]. pub(crate) fn random_u32(provider: &dyn CryptoProvider) -> Result { let mut buf = [0u8; 4]; - provider.fill_random(&mut buf)?; + provider.fill(&mut buf)?; Ok(u32::from_be_bytes(buf)) } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index ab7f5ba204..7afc58fa41 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4104,9 +4104,7 @@ mod test_quic { use rustls::{CipherSuite, HandshakeType, SignatureScheme}; let mut random = [0; 32]; - PROVIDER - .fill_random(&mut random) - .unwrap(); + PROVIDER.fill(&mut random).unwrap(); let random = Random::from(random); let rng = ring::rand::SystemRandom::new(); @@ -4160,9 +4158,7 @@ mod test_quic { use rustls::{CipherSuite, HandshakeType, SignatureScheme}; let mut random = [0; 32]; - PROVIDER - .fill_random(&mut random) - .unwrap(); + PROVIDER.fill(&mut random).unwrap(); let random = Random::from(random); let rng = ring::rand::SystemRandom::new(); @@ -5512,25 +5508,6 @@ struct FaultyRandomProvider { } impl rustls::crypto::CryptoProvider for FaultyRandomProvider { - fn fill_random(&self, output: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { - let mut queue = self.rand_queue.lock().unwrap(); - - println!( - "fill_random request for {} bytes (got {})", - output.len(), - queue.len() - ); - - if queue.len() < output.len() { - return Err(rustls::crypto::GetRandomFailed); - } - - let fixed_output = &queue[..output.len()]; - output.copy_from_slice(fixed_output); - *queue = &queue[output.len()..]; - Ok(()) - } - fn default_cipher_suites(&self) -> &'static [SupportedCipherSuite] { self.parent.default_cipher_suites() } @@ -5552,6 +5529,27 @@ impl rustls::crypto::CryptoProvider for FaultyRandomProvider { } } +impl rustls::crypto::SecureRandom for FaultyRandomProvider { + fn fill(&self, output: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { + let mut queue = self.rand_queue.lock().unwrap(); + + println!( + "fill_random request for {} bytes (got {})", + output.len(), + queue.len() + ); + + if queue.len() < output.len() { + return Err(rustls::crypto::GetRandomFailed); + } + + let fixed_output = &queue[..output.len()]; + output.copy_from_slice(fixed_output); + *queue = &queue[output.len()..]; + Ok(()) + } +} + #[test] fn test_client_construction_fails_if_random_source_fails_in_first_request() { static TEST_PROVIDER: FaultyRandomProvider = FaultyRandomProvider { From 3b5cf17ade1651658063445e141c7d5da4091bd6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 28 Nov 2023 14:57:31 -0500 Subject: [PATCH 0471/1145] crypto: CryptoProvider is-a SecureRandom -> has-a In preparation for moving to a struct based model where a `CryptoProvider` has a `&'static dyn SecureRandom` field, this commit splits the `SecureRandom` trait from the `CryptoProvider` trait. In its place `CryptoProvider` gets a `secure_random(&self)` fn that acts as a stand-in for what will be a field in the struct based approach. --- provider-example/src/lib.rs | 4 +++ rustls/src/client/hs.rs | 6 ++-- rustls/src/crypto/aws_lc_rs/mod.rs | 4 +++ rustls/src/crypto/mod.rs | 21 +++++++++---- rustls/src/crypto/ring/mod.rs | 4 +++ rustls/src/msgs/handshake.rs | 12 +++---- rustls/src/rand.rs | 10 +++--- rustls/src/server/hs.rs | 6 ++-- rustls/src/server/tls12.rs | 2 +- rustls/src/server/tls13.rs | 7 +++-- rustls/tests/api.rs | 50 ++++++++++++++++++++++-------- 11 files changed, 86 insertions(+), 40 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 1a7cb2c87d..274373d82c 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -38,6 +38,10 @@ impl rustls::crypto::CryptoProvider for Provider { fn signature_verification_algorithms(&self) -> rustls::crypto::WebPkiSupportedAlgorithms { verify::ALGORITHMS } + + fn secure_random(&self) -> &'static dyn rustls::crypto::SecureRandom { + &Self + } } impl rustls::crypto::SecureRandom for Provider { diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index b13bec2536..ca7d042b85 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -121,7 +121,7 @@ pub(super) fn start_handshake( // we're doing an abbreviated handshake. See section 3.4 in // RFC5077. if !inner.ticket().is_empty() { - inner.session_id = SessionId::random(config.provider)?; + inner.session_id = SessionId::random(config.provider.secure_random())?; } session_id = Some(inner.session_id); } @@ -137,10 +137,10 @@ pub(super) fn start_handshake( Some(session_id) => session_id, None if cx.common.is_quic() => SessionId::empty(), None if !config.supports_version(ProtocolVersion::TLSv1_3) => SessionId::empty(), - None => SessionId::random(config.provider)?, + None => SessionId::random(config.provider.secure_random())?, }; - let random = Random::new(config.provider)?; + let random = Random::new(config.provider.secure_random())?; Ok(emit_client_hello_for_retry( transcript_buffer, diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index a03bd3bff3..1e09a92314 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -60,6 +60,10 @@ impl CryptoProvider for AwsLcRs { fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms { SUPPORTED_SIG_ALGS } + + fn secure_random(&self) -> &'static dyn SecureRandom { + &Self + } } impl SecureRandom for AwsLcRs { diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 510f155198..ecc73e5205 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -100,11 +100,7 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// #[derive(Debug)] /// struct HsmKeyLoader; /// -/// impl rustls::crypto::CryptoProvider for HsmKeyLoader { -/// fn fill_random(&self, buf: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { -/// RING.fill(buf) -/// } -/// +/// impl rustls::crypto::CryptoProvider for HsmKeyLoader {/// /// fn default_cipher_suites(&self) -> &'static [rustls::SupportedCipherSuite] { /// RING.default_cipher_suites() /// } @@ -120,6 +116,16 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// fn load_private_key(&self, key_der: pki_types::PrivateKeyDer<'static>) -> Result, rustls::Error> { /// fictious_hsm_api::load_private_key(key_der) /// } +/// +/// fn secure_random(&self) -> &'static dyn rustls::crypto::SecureRandom { +/// &HsmKeyLoader +/// } +/// } +/// +/// impl rustls::crypto::SecureRandom for HsmKeyLoader { +/// fn fill(&self, buf: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { +/// RING.secure_random().fill(buf) +/// } /// } /// # } /// ``` @@ -152,7 +158,7 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// [provider-example/]: https://github.com/rustls/rustls/tree/main/provider-example/ /// [rust-crypto]: https://github.com/rustcrypto /// [dalek-cryptography]: https://github.com/dalek-cryptography -pub trait CryptoProvider: SecureRandom + Send + Sync + Debug + 'static { +pub trait CryptoProvider: Send + Sync + Debug + 'static { /// Provide a safe set of cipher suites that can be used as the defaults. /// /// This is used by [`crate::ConfigBuilder::with_safe_defaults()`] and @@ -197,6 +203,9 @@ pub trait CryptoProvider: SecureRandom + Send + Sync + Debug + 'static { /// [`crate::server::WebPkiClientVerifier::builder_with_provider()`] and /// [`crate::client::WebPkiServerVerifier::builder_with_provider()`]. fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms; + + /// Return a source of cryptographically secure randomness. + fn secure_random(&self) -> &'static dyn SecureRandom; } /// A source of cryptographically secure randomness. diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index ec0b962aa9..61471d5c06 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -55,6 +55,10 @@ impl CryptoProvider for Ring { fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms { SUPPORTED_SIG_ALGS } + + fn secure_random(&self) -> &'static dyn SecureRandom { + &Self + } } impl SecureRandom for Ring { diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index dffc21fd50..316690f178 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2,7 +2,7 @@ #[cfg(feature = "tls12")] use crate::crypto::ActiveKeyExchange; -use crate::crypto::CryptoProvider; +use crate::crypto::SecureRandom; use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; use crate::error::InvalidMessage; #[cfg(feature = "logging")] @@ -97,11 +97,9 @@ impl Codec for Random { } impl Random { - pub(crate) fn new( - provider: &'static dyn CryptoProvider, - ) -> Result { + pub(crate) fn new(secure_random: &dyn SecureRandom) -> Result { let mut data = [0u8; 32]; - provider.fill(&mut data)?; + secure_random.fill(&mut data)?; Ok(Self(data)) } } @@ -165,9 +163,9 @@ impl Codec for SessionId { } impl SessionId { - pub fn random(provider: &'static dyn CryptoProvider) -> Result { + pub fn random(secure_random: &dyn SecureRandom) -> Result { let mut data = [0u8; 32]; - provider.fill(&mut data)?; + secure_random.fill(&mut data)?; Ok(Self { data, len: 32 }) } diff --git a/rustls/src/rand.rs b/rustls/src/rand.rs index 60314fca2f..63a2e40c3f 100644 --- a/rustls/src/rand.rs +++ b/rustls/src/rand.rs @@ -1,24 +1,24 @@ //! The single place where we generate random material for our own use. -use crate::crypto::CryptoProvider; +use crate::crypto::SecureRandom; use alloc::vec; use alloc::vec::Vec; /// Make a [`Vec`] of the given size containing random material. pub(crate) fn random_vec( - provider: &dyn CryptoProvider, + secure_random: &dyn SecureRandom, len: usize, ) -> Result, GetRandomFailed> { let mut v = vec![0; len]; - provider.fill(&mut v)?; + secure_random.fill(&mut v)?; Ok(v) } /// Return a uniformly random [`u32`]. -pub(crate) fn random_u32(provider: &dyn CryptoProvider) -> Result { +pub(crate) fn random_u32(secure_random: &dyn SecureRandom) -> Result { let mut buf = [0u8; 4]; - provider.fill(&mut buf)?; + secure_random.fill(&mut buf)?; Ok(u32::from_be_bytes(buf)) } diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 7c83405caf..49592e112a 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -384,8 +384,10 @@ impl ExpectClientHello { }; // Save their Random. - let randoms = - ConnectionRandoms::new(client_hello.random, Random::new(self.config.provider)?); + let randoms = ConnectionRandoms::new( + client_hello.random, + Random::new(self.config.provider.secure_random())?, + ); match suite { SupportedCipherSuite::Tls13(suite) => tls13::CompleteClientHelloHandling { config: self.config, diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 2202758349..5de4d52176 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -209,7 +209,7 @@ mod client_hello { if !self.config.session_storage.can_cache() { self.session_id = SessionId::empty(); } else if self.session_id.is_empty() && !ticket_received { - self.session_id = SessionId::random(self.config.provider)?; + self.session_id = SessionId::random(self.config.provider.secure_random())?; } self.send_ticket = emit_server_hello( diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 41d7ac6e8d..9e060fac2a 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1085,8 +1085,9 @@ impl ExpectFinished { key_schedule: &KeyScheduleTraffic, config: &ServerConfig, ) -> Result<(), Error> { - let nonce = rand::random_vec(config.provider, 32)?; - let age_add = rand::random_u32(config.provider)?; + let secure_random = config.provider.secure_random(); + let nonce = rand::random_vec(secure_random, 32)?; + let age_add = rand::random_u32(secure_random)?; let plain = get_server_session_value( transcript, suite, @@ -1106,7 +1107,7 @@ impl ExpectFinished { }; (ticket, config.ticketer.lifetime()) } else { - let id = rand::random_vec(config.provider, 32)?; + let id = rand::random_vec(secure_random, 32)?; let stored = config .session_storage .put(id.clone(), plain); diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 7afc58fa41..f7c7b1366a 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4104,7 +4104,10 @@ mod test_quic { use rustls::{CipherSuite, HandshakeType, SignatureScheme}; let mut random = [0; 32]; - PROVIDER.fill(&mut random).unwrap(); + PROVIDER + .secure_random() + .fill(&mut random) + .unwrap(); let random = Random::from(random); let rng = ring::rand::SystemRandom::new(); @@ -4118,7 +4121,7 @@ mod test_quic { payload: HandshakePayload::ClientHello(ClientHelloPayload { client_version: ProtocolVersion::TLSv1_3, random, - session_id: SessionId::random(PROVIDER).unwrap(), + session_id: SessionId::random(PROVIDER.secure_random()).unwrap(), cipher_suites: vec![CipherSuite::TLS13_AES_128_GCM_SHA256], compression_methods: vec![Compression::Null], extensions: vec![ @@ -4158,7 +4161,10 @@ mod test_quic { use rustls::{CipherSuite, HandshakeType, SignatureScheme}; let mut random = [0; 32]; - PROVIDER.fill(&mut random).unwrap(); + PROVIDER + .secure_random() + .fill(&mut random) + .unwrap(); let random = Random::from(random); let rng = ring::rand::SystemRandom::new(); @@ -4179,7 +4185,7 @@ mod test_quic { payload: HandshakePayload::ClientHello(ClientHelloPayload { client_version: ProtocolVersion::TLSv1_2, random, - session_id: SessionId::random(PROVIDER).unwrap(), + session_id: SessionId::random(PROVIDER.secure_random()).unwrap(), cipher_suites: vec![CipherSuite::TLS13_AES_128_GCM_SHA256], compression_methods: vec![Compression::Null], extensions: vec![ @@ -4575,7 +4581,7 @@ fn test_client_sends_helloretryrequest() { #[test] fn test_client_rejects_hrr_with_varied_session_id() { use rustls::internal::msgs::handshake::SessionId; - let different_session_id = SessionId::random(PROVIDER).unwrap(); + let different_session_id = SessionId::random(PROVIDER.secure_random()).unwrap(); let assert_client_sends_hello_with_secp384 = |msg: &mut Message| -> Altered { if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { @@ -5503,8 +5509,7 @@ fn test_explicit_provider_selection() { struct FaultyRandomProvider { parent: &'static dyn rustls::crypto::CryptoProvider, - // when empty, `fill_random` requests return `GetRandomFailed` - rand_queue: Mutex<&'static [u8]>, + random: &'static dyn rustls::crypto::SecureRandom, } impl rustls::crypto::CryptoProvider for FaultyRandomProvider { @@ -5527,9 +5532,19 @@ impl rustls::crypto::CryptoProvider for FaultyRandomProvider { self.parent .signature_verification_algorithms() } + + fn secure_random(&self) -> &'static dyn rustls::crypto::SecureRandom { + self.random + } +} + +#[derive(Debug)] +struct FaultyRandom { + // when empty, `fill_random` requests return `GetRandomFailed` + rand_queue: Mutex<&'static [u8]>, } -impl rustls::crypto::SecureRandom for FaultyRandomProvider { +impl rustls::crypto::SecureRandom for FaultyRandom { fn fill(&self, output: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { let mut queue = self.rand_queue.lock().unwrap(); @@ -5552,9 +5567,12 @@ impl rustls::crypto::SecureRandom for FaultyRandomProvider { #[test] fn test_client_construction_fails_if_random_source_fails_in_first_request() { + static FAULTY_RANDOM: FaultyRandom = FaultyRandom { + rand_queue: Mutex::new(b""), + }; static TEST_PROVIDER: FaultyRandomProvider = FaultyRandomProvider { parent: PROVIDER, - rand_queue: Mutex::new(b""), + random: &FAULTY_RANDOM, }; let client_config = finish_client_config( @@ -5570,9 +5588,12 @@ fn test_client_construction_fails_if_random_source_fails_in_first_request() { #[test] fn test_client_construction_fails_if_random_source_fails_in_second_request() { + static FAULTY_RANDOM: FaultyRandom = FaultyRandom { + rand_queue: Mutex::new(b"nice random number generator huh"), + }; static TEST_PROVIDER: FaultyRandomProvider = FaultyRandomProvider { parent: PROVIDER, - rand_queue: Mutex::new(b"nice random number generator huh"), + random: &FAULTY_RANDOM, }; let client_config = finish_client_config( @@ -5588,13 +5609,16 @@ fn test_client_construction_fails_if_random_source_fails_in_second_request() { #[test] fn test_client_construction_requires_64_bytes_of_random_material() { - static TEST_PROVIDER: FaultyRandomProvider = FaultyRandomProvider { - parent: PROVIDER, + static FAULTY_RANDOM: FaultyRandom = FaultyRandom { rand_queue: Mutex::new( b"nice random number generator !!!\ - it's really not very good is it?", + it's really not very good is it?", ), }; + static TEST_PROVIDER: FaultyRandomProvider = FaultyRandomProvider { + parent: PROVIDER, + random: &FAULTY_RANDOM, + }; let client_config = finish_client_config( KeyType::Rsa, From 2b791938bbae05b8bd7d58a94829ddec2f188850 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 23 Nov 2023 13:12:47 -0500 Subject: [PATCH 0472/1145] crypto: split out KeyProvider trait We're working towards making `CryptoProvider` a struct holding distinct elements to be used for cryptography. To support this the `load_private_key` fn needs to be lifted to a new trait, `KeyProvider`. We can hold a `&dyn KeyProvider` in the to-be-added struct to invoke as required for `load_private_key`. This commit adds the new trait, includes `KeyProvider` in the existing `CryptoProvider` trait bounds, and updates the *ring*, aws-lc-rs, and provider example crypto providers to implement `KeyProvider`. --- provider-example/src/lib.rs | 20 ++++++++------- rustls/src/crypto/aws_lc_rs/mod.rs | 20 ++++++++------- rustls/src/crypto/mod.rs | 39 +++++++++++++++++------------- rustls/src/crypto/ring/mod.rs | 20 ++++++++------- rustls/tests/api.rs | 16 ++++++------ 5 files changed, 64 insertions(+), 51 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 274373d82c..eb070acee4 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -26,15 +26,6 @@ impl rustls::crypto::CryptoProvider for Provider { kx::ALL_KX_GROUPS } - fn load_private_key( - &self, - key_der: PrivateKeyDer<'static>, - ) -> Result, rustls::Error> { - let key = sign::EcdsaSigningKeyP256::try_from(key_der) - .map_err(|err| rustls::OtherError(Arc::new(err)))?; - Ok(Arc::new(key)) - } - fn signature_verification_algorithms(&self) -> rustls::crypto::WebPkiSupportedAlgorithms { verify::ALGORITHMS } @@ -53,6 +44,17 @@ impl rustls::crypto::SecureRandom for Provider { } } +impl rustls::crypto::KeyProvider for Provider { + fn load_private_key( + &self, + key_der: PrivateKeyDer<'static>, + ) -> Result, rustls::Error> { + let key = sign::EcdsaSigningKeyP256::try_from(key_der) + .map_err(|err| rustls::OtherError(Arc::new(err)))?; + Ok(Arc::new(key)) + } +} + static ALL_CIPHER_SUITES: &[rustls::SupportedCipherSuite] = &[ TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index 1e09a92314..d1355a19a2 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -1,4 +1,4 @@ -use crate::crypto::{CryptoProvider, SecureRandom, SupportedKxGroup}; +use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom, SupportedKxGroup}; use crate::enums::SignatureScheme; use crate::rand::GetRandomFailed; use crate::sign::SigningKey; @@ -49,14 +49,6 @@ impl CryptoProvider for AwsLcRs { ALL_KX_GROUPS } - fn load_private_key( - &self, - key_der: PrivateKeyDer<'static>, - ) -> Result, Error> { - sign::any_supported_type(&key_der) - .map_err(|_| Error::General(String::from("invalid private key"))) - } - fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms { SUPPORTED_SIG_ALGS } @@ -76,6 +68,16 @@ impl SecureRandom for AwsLcRs { } } +impl KeyProvider for AwsLcRs { + fn load_private_key( + &self, + key_der: PrivateKeyDer<'static>, + ) -> Result, Error> { + sign::any_supported_type(&key_der) + .map_err(|_| Error::General(String::from("invalid private key"))) + } +} + /// The cipher suite configuration that an application should use by default. /// /// This will be [`ALL_CIPHER_SUITES`] sans any supported cipher suites that diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index ecc73e5205..fff220a6ba 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -113,10 +113,6 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// RING.signature_verification_algorithms() /// } /// -/// fn load_private_key(&self, key_der: pki_types::PrivateKeyDer<'static>) -> Result, rustls::Error> { -/// fictious_hsm_api::load_private_key(key_der) -/// } -/// /// fn secure_random(&self) -> &'static dyn rustls::crypto::SecureRandom { /// &HsmKeyLoader /// } @@ -127,6 +123,12 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// RING.secure_random().fill(buf) /// } /// } +/// +/// impl rustls::crypto::KeyProvider for HsmKeyLoader { +/// fn load_private_key(&self, key_der: pki_types::PrivateKeyDer<'static>) -> Result, rustls::Error> { +/// fictious_hsm_api::load_private_key(key_der) +/// } +/// } /// # } /// ``` /// @@ -158,7 +160,7 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// [provider-example/]: https://github.com/rustls/rustls/tree/main/provider-example/ /// [rust-crypto]: https://github.com/rustcrypto /// [dalek-cryptography]: https://github.com/dalek-cryptography -pub trait CryptoProvider: Send + Sync + Debug + 'static { +pub trait CryptoProvider: KeyProvider + Send + Sync + Debug + 'static { /// Provide a safe set of cipher suites that can be used as the defaults. /// /// This is used by [`crate::ConfigBuilder::with_safe_defaults()`] and @@ -183,18 +185,6 @@ pub trait CryptoProvider: Send + Sync + Debug + 'static { /// The `SupportedKxGroup` type carries both configuration and implementation. fn default_kx_groups(&self) -> &'static [&'static dyn SupportedKxGroup]; - /// Decode and validate a private signing key from `key_der`. - /// - /// This is used by [`crate::ConfigBuilder::with_client_auth_cert()`], [`crate::ConfigBuilder::with_single_cert()`], - /// and [`crate::ConfigBuilder::with_single_cert_with_ocsp()`]. The key types and formats supported by this - /// function directly defines the key types and formats supported in those APIs. - /// - /// Return an error if the key type encoding is not supported, or if the key fails validation. - fn load_private_key( - &self, - key_der: PrivateKeyDer<'static>, - ) -> Result, Error>; - /// Return the signature verification algorithms for use with webpki. /// /// These are used for both certificate chain verification and handshake signature verification. @@ -223,6 +213,21 @@ pub trait SecureRandom: Send + Sync + Debug { fn fill(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed>; } +/// A mechanism for loading private [SigningKey]s from [PrivateKeyDer]. +pub trait KeyProvider: Send + Sync + Debug { + /// Decode and validate a private signing key from `key_der`. + /// + /// This is used by [`crate::ConfigBuilder::with_client_auth_cert()`], [`crate::ConfigBuilder::with_single_cert()`], + /// and [`crate::ConfigBuilder::with_single_cert_with_ocsp()`]. The key types and formats supported by this + /// function directly defines the key types and formats supported in those APIs. + /// + /// Return an error if the key type encoding is not supported, or if the key fails validation. + fn load_private_key( + &self, + key_der: PrivateKeyDer<'static>, + ) -> Result, Error>; +} + /// A supported key exchange group. /// /// This type carries both configuration and implementation. Specifically, diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 61471d5c06..ab8d9bfea3 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -1,4 +1,4 @@ -use crate::crypto::{CryptoProvider, SecureRandom, SupportedKxGroup}; +use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom, SupportedKxGroup}; use crate::enums::SignatureScheme; use crate::rand::GetRandomFailed; use crate::sign::SigningKey; @@ -44,14 +44,6 @@ impl CryptoProvider for Ring { ALL_KX_GROUPS } - fn load_private_key( - &self, - key_der: PrivateKeyDer<'static>, - ) -> Result, Error> { - sign::any_supported_type(&key_der) - .map_err(|_| Error::General("invalid private key".to_owned())) - } - fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms { SUPPORTED_SIG_ALGS } @@ -71,6 +63,16 @@ impl SecureRandom for Ring { } } +impl KeyProvider for Ring { + fn load_private_key( + &self, + key_der: PrivateKeyDer<'static>, + ) -> Result, Error> { + sign::any_supported_type(&key_der) + .map_err(|_| Error::General("invalid private key".to_owned())) + } +} + /// The cipher suite configuration that an application should use by default. /// /// This will be [`ALL_CIPHER_SUITES`] sans any supported cipher suites that diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index f7c7b1366a..46bcd11512 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5521,13 +5521,6 @@ impl rustls::crypto::CryptoProvider for FaultyRandomProvider { self.parent.default_kx_groups() } - fn load_private_key( - &self, - key_der: PrivateKeyDer<'static>, - ) -> Result, Error> { - self.parent.load_private_key(key_der) - } - fn signature_verification_algorithms(&self) -> rustls::crypto::WebPkiSupportedAlgorithms { self.parent .signature_verification_algorithms() @@ -5565,6 +5558,15 @@ impl rustls::crypto::SecureRandom for FaultyRandom { } } +impl rustls::crypto::KeyProvider for FaultyRandomProvider { + fn load_private_key( + &self, + key_der: PrivateKeyDer<'static>, + ) -> Result, Error> { + self.parent.load_private_key(key_der) + } +} + #[test] fn test_client_construction_fails_if_random_source_fails_in_first_request() { static FAULTY_RANDOM: FaultyRandom = FaultyRandom { From b4971785fd784cafec72950400c26e604b66e01d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 28 Nov 2023 15:19:43 -0500 Subject: [PATCH 0473/1145] crypto: CryptoProvider is-a KeyProvider -> has-a In preparation for moving to a struct based model where a `CryptoProvider` has a `&'static dyn KeyProvider` field, this commit splits the `KeyProvider` trait from the `CryptoProvider` trait. In its place `CryptoProvider` gets a `key_provider(&self)` fn that acts as a stand-in for what will be a field in the struct based approach. --- provider-example/src/lib.rs | 5 +++++ rustls/src/client/builder.rs | 1 + rustls/src/crypto/aws_lc_rs/mod.rs | 4 ++++ rustls/src/crypto/mod.rs | 9 ++++++++- rustls/src/crypto/ring/mod.rs | 4 ++++ rustls/src/server/builder.rs | 2 ++ rustls/tests/api.rs | 9 ++++++++- 7 files changed, 32 insertions(+), 2 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index eb070acee4..e77050c4cc 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -11,6 +11,7 @@ mod sign; mod verify; pub use hpke::HPKE_PROVIDER; +use rustls::crypto::KeyProvider; pub static PROVIDER: &'static dyn rustls::crypto::CryptoProvider = &Provider; @@ -33,6 +34,10 @@ impl rustls::crypto::CryptoProvider for Provider { fn secure_random(&self) -> &'static dyn rustls::crypto::SecureRandom { &Self } + + fn key_provider(&self) -> &'static dyn KeyProvider { + &Self + } } impl rustls::crypto::SecureRandom for Provider { diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 37b08d0a87..d33c1c33a7 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -137,6 +137,7 @@ impl ConfigBuilder { let private_key = self .state .provider + .key_provider() .load_private_key(key_der)?; let resolver = handy::AlwaysResolvesClientCert::new(private_key, CertificateChain(cert_chain))?; diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index d1355a19a2..b1ef8c497b 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -56,6 +56,10 @@ impl CryptoProvider for AwsLcRs { fn secure_random(&self) -> &'static dyn SecureRandom { &Self } + + fn key_provider(&self) -> &'static dyn KeyProvider { + &Self + } } impl SecureRandom for AwsLcRs { diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index fff220a6ba..8c50741cbe 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -116,6 +116,10 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// fn secure_random(&self) -> &'static dyn rustls::crypto::SecureRandom { /// &HsmKeyLoader /// } +/// +/// fn key_provider(&self) -> &'static dyn rustls::crypto::KeyProvider { +/// &HsmKeyLoader +/// } /// } /// /// impl rustls::crypto::SecureRandom for HsmKeyLoader { @@ -160,7 +164,7 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// [provider-example/]: https://github.com/rustls/rustls/tree/main/provider-example/ /// [rust-crypto]: https://github.com/rustcrypto /// [dalek-cryptography]: https://github.com/dalek-cryptography -pub trait CryptoProvider: KeyProvider + Send + Sync + Debug + 'static { +pub trait CryptoProvider: Send + Sync + Debug + 'static { /// Provide a safe set of cipher suites that can be used as the defaults. /// /// This is used by [`crate::ConfigBuilder::with_safe_defaults()`] and @@ -196,6 +200,9 @@ pub trait CryptoProvider: KeyProvider + Send + Sync + Debug + 'static { /// Return a source of cryptographically secure randomness. fn secure_random(&self) -> &'static dyn SecureRandom; + + /// Return a mechanism for loading private [SigningKey]s from [PrivateKeyDer]. + fn key_provider(&self) -> &'static dyn KeyProvider; } /// A source of cryptographically secure randomness. diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index ab8d9bfea3..6b776424f7 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -51,6 +51,10 @@ impl CryptoProvider for Ring { fn secure_random(&self) -> &'static dyn SecureRandom { &Self } + + fn key_provider(&self) -> &'static dyn KeyProvider { + &Self + } } impl SecureRandom for Ring { diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index b8fbeb7db1..d3133b0867 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -76,6 +76,7 @@ impl ConfigBuilder { let private_key = self .state .provider + .key_provider() .load_private_key(key_der)?; let resolver = handy::AlwaysResolvesChain::new(private_key, CertificateChain(cert_chain)); Ok(self.with_cert_resolver(Arc::new(resolver))) @@ -101,6 +102,7 @@ impl ConfigBuilder { let private_key = self .state .provider + .key_provider() .load_private_key(key_der)?; let resolver = handy::AlwaysResolvesChain::new_with_extras( private_key, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 46bcd11512..86f8edda3a 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -16,6 +16,7 @@ use pki_types::{CertificateDer, IpAddr, PrivateKeyDer, ServerName, UnixTime}; use primary_provider::cipher_suite; use primary_provider::sign::RsaSigningKey; use rustls::client::{verify_server_cert_signed_by_trust_anchor, ResolvesClientCert, Resumption}; +use rustls::crypto::KeyProvider; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; @@ -5529,6 +5530,10 @@ impl rustls::crypto::CryptoProvider for FaultyRandomProvider { fn secure_random(&self) -> &'static dyn rustls::crypto::SecureRandom { self.random } + + fn key_provider(&self) -> &'static dyn KeyProvider { + self.parent.key_provider() + } } #[derive(Debug)] @@ -5563,7 +5568,9 @@ impl rustls::crypto::KeyProvider for FaultyRandomProvider { &self, key_der: PrivateKeyDer<'static>, ) -> Result, Error> { - self.parent.load_private_key(key_der) + self.parent + .key_provider() + .load_private_key(key_der) } } From b92fd839e3dbd598468168bd81394f92c775cb7f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 23 Nov 2023 15:13:06 -0500 Subject: [PATCH 0474/1145] crypto: rework CryptoProvider as struct This commit replaces the existing `CryptoProvider` trait with a `CryptoProvider` struct. This has several advantages: * it consolidates all of the cryptography related settings into one API surface, the `CryptoProvider` struct members. Previously the provider had methods to suggest default ciphersuites, key exchanges etc, but the builder API methods could override them in confusing ways. * it allows removing the `WantsCipherSuites` and `WantsKxGroups` builder states - the "safe defaults" are automatically supplied by the choice of a crypto provider. Customization is achieved by overriding the provider's struct fields. Having fewer builder states makes the API easier to understand and document. * it makes customization easier: the end user can rely on "struct update syntax"[0] to only specify fields values for the required customization, and defer the rest to an existing `CryptoProvider`. Achieving this requires a couple of additional changes: * The cipher suite and key exchange groups are now expressed as `Vec` elements. This avoids imposing a `&'static` lifetime that would preclude runtime customization (e.g. the tls*-mio examples that build the list of ciphersuites at runtime based on command line flags). * As a result of the `Vec` members we can no longer offer the concrete `CryptoProvider`s as `static` members of their respective modules. Instead we add `pub fn default_provider() -> CryptoProvider` methods to the `ring` and `aws-lc-rs` module that construct the `CryptoProvider` with the safe defaults, ready for further customization. [0]: https://doc.rust-lang.org/book/ch05-01-defining-structs.html#creating-instances-from-other-instances-with-struct-update-syntax --- ci-bench/src/benchmark.rs | 4 +- ci-bench/src/main.rs | 28 +- examples/src/bin/limitedclient.rs | 20 +- examples/src/bin/server_acceptor.rs | 3 +- examples/src/bin/simple_0rtt_client.rs | 3 +- examples/src/bin/simpleclient.rs | 3 +- examples/src/bin/tlsclient-mio.rs | 25 +- examples/src/bin/tlsserver-mio.rs | 21 +- fuzz/fuzzers/client.rs | 3 +- fuzz/fuzzers/server.rs | 3 +- provider-example/examples/client.rs | 12 +- provider-example/examples/server.rs | 13 +- provider-example/src/lib.rs | 34 +- rustls/examples/internal/bench_impl.rs | 32 +- rustls/examples/internal/bogo_shim_impl.rs | 62 ++-- rustls/src/builder.rs | 154 +------- rustls/src/client/builder.rs | 21 +- rustls/src/client/client_conn.rs | 42 +-- rustls/src/client/hs.rs | 8 +- rustls/src/client/tls13.rs | 1 + rustls/src/crypto/aws_lc_rs/mod.rs | 34 +- rustls/src/crypto/mod.rs | 93 ++--- rustls/src/crypto/ring/mod.rs | 34 +- rustls/src/crypto/signer.rs | 10 +- rustls/src/lib.rs | 24 +- rustls/src/server/builder.rs | 15 +- rustls/src/server/hs.rs | 9 +- rustls/src/server/server_conn.rs | 39 +- rustls/src/server/tls12.rs | 3 +- rustls/src/server/tls13.rs | 4 +- rustls/src/verifybench.rs | 2 +- rustls/src/webpki/client_verifier.rs | 8 +- rustls/src/webpki/server_verifier.rs | 53 ++- rustls/src/webpki/verify.rs | 2 +- rustls/tests/api.rs | 395 +++++++++++---------- rustls/tests/client_cert_verifier.rs | 3 +- rustls/tests/common/mod.rs | 89 +++-- 37 files changed, 597 insertions(+), 712 deletions(-) diff --git a/ci-bench/src/benchmark.rs b/ci-bench/src/benchmark.rs index 4d23de575a..b7c25bbc99 100644 --- a/ci-bench/src/benchmark.rs +++ b/ci-bench/src/benchmark.rs @@ -125,7 +125,7 @@ impl ResumptionKind { #[derive(Clone, Debug)] pub struct BenchmarkParams { /// Which `CryptoProvider` to test - pub provider: &'static dyn rustls::crypto::CryptoProvider, + pub provider: rustls::crypto::CryptoProvider, /// How to make a suitable [`rustls::server::ProducesTickets`]. pub ticketer: &'static fn() -> Arc, /// The type of key used to sign the TLS certificate @@ -141,7 +141,7 @@ pub struct BenchmarkParams { impl BenchmarkParams { /// Create a new set of benchmark params pub const fn new( - provider: &'static dyn rustls::crypto::CryptoProvider, + provider: rustls::crypto::CryptoProvider, ticketer: &'static fn() -> Arc, key_type: KeyType, ciphersuite: rustls::SupportedCipherSuite, diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 38fbd0c3b5..8d9755b52a 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -307,13 +307,13 @@ fn all_benchmarks_params() -> Vec { for (provider, suites, ticketer, provider_name) in [ ( - ring::RING, + ring::default_provider(), ring::ALL_CIPHER_SUITES, &(ring_ticketer as fn() -> Arc), "ring", ), ( - aws_lc_rs::AWS_LC_RS, + aws_lc_rs::default_provider(), aws_lc_rs::ALL_CIPHER_SUITES, &(aws_lc_rs_ticketer as fn() -> Arc), "aws_lc_rs", @@ -352,7 +352,7 @@ fn all_benchmarks_params() -> Vec { ), ] { all.push(BenchmarkParams::new( - provider, + provider.clone(), ticketer, key_type, find_suite(suites, suite_name), @@ -500,13 +500,17 @@ impl ClientSideStepper<'_> { rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), ); - let mut cfg = ClientConfig::builder_with_provider(params.provider) - .with_cipher_suites(&[params.ciphersuite]) - .with_safe_default_kx_groups() - .with_protocol_versions(&[params.version]) - .unwrap() - .with_root_certificates(root_store) - .with_no_client_auth(); + let mut cfg = ClientConfig::builder_with_provider( + rustls::crypto::CryptoProvider { + cipher_suites: vec![params.ciphersuite], + ..params.provider.clone() + } + .into(), + ) + .with_protocol_versions(&[params.version]) + .unwrap() + .with_root_certificates(root_store) + .with_no_client_auth(); if resume != ResumptionKind::No { cfg.resumption = Resumption::in_memory_sessions(128); @@ -572,9 +576,7 @@ impl ServerSideStepper<'_> { fn make_config(params: &BenchmarkParams, resume: ResumptionKind) -> Arc { assert_eq!(params.ciphersuite.version(), params.version); - let mut cfg = ServerConfig::builder_with_provider(params.provider) - .with_safe_default_cipher_suites() - .with_safe_default_kx_groups() + let mut cfg = ServerConfig::builder_with_provider(params.provider.clone().into()) .with_protocol_versions(&[params.version]) .unwrap() .with_client_cert_verifier(WebPkiClientVerifier::no_client_auth()) diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index 18014cf4b8..248c0c4038 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -2,6 +2,7 @@ //! so that unused cryptography in rustls can be discarded by the linker. You can //! observe using `nm` that the binary of this program does not contain any AES code. +use rustls::crypto::{ring, CryptoProvider}; use std::io::{stdout, Read, Write}; use std::net::TcpStream; use std::sync::Arc; @@ -14,13 +15,18 @@ fn main() { .cloned(), ); - let config = rustls::ClientConfig::builder() - .with_cipher_suites(&[rustls::crypto::ring::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]) - .with_kx_groups(&[rustls::crypto::ring::kx_group::X25519]) - .with_protocol_versions(&[&rustls::version::TLS13]) - .unwrap() - .with_root_certificates(root_store) - .with_no_client_auth(); + let config = rustls::ClientConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![ring::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256], + kx_groups: vec![ring::kx_group::X25519], + ..ring::default_provider() + } + .into(), + ) + .with_protocol_versions(&[&rustls::version::TLS13]) + .unwrap() + .with_root_certificates(root_store) + .with_no_client_auth(); let server_name = "www.rust-lang.org".try_into().unwrap(); let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap(); diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index 69d4de7180..bb6a9e43db 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -225,7 +225,8 @@ impl TestPki { // based on the ClientHello (e.g. selecting a different certificate, or customizing // supported algorithms/protocol versions). let mut server_config = ServerConfig::builder() - .with_safe_defaults() + .with_safe_default_protocol_versions() + .unwrap() .with_client_cert_verifier(verifier) .with_single_cert( vec![self.server_cert_der.clone()], diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index 242a77ddf8..fa5c528f10 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -66,7 +66,8 @@ fn main() { ); let mut config = rustls::ClientConfig::builder() - .with_safe_defaults() + .with_safe_default_protocol_versions() + .unwrap() .with_root_certificates(root_store) .with_no_client_auth(); diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index a5dbee6d5d..b97c78e40f 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -22,7 +22,8 @@ fn main() { .cloned(), ); let mut config = rustls::ClientConfig::builder() - .with_safe_defaults() + .with_safe_default_protocol_versions() + .unwrap() .with_root_certificates(root_store) .with_no_client_auth(); diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 1abc384189..88e7a0622a 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -8,6 +8,7 @@ use mio::net::TcpStream; use pki_types::{CertificateDer, PrivateKeyDer, ServerName}; use serde::Deserialize; +use rustls::crypto::CryptoProvider; use rustls::RootCertStore; const CLIENT: mio::Token = mio::Token(0); @@ -340,7 +341,7 @@ mod danger { message, cert, dss, - &rustls::crypto::ring::RING.signature_verification_algorithms(), + &rustls::crypto::ring::default_provider().signature_verification_algorithms, ) } @@ -354,13 +355,13 @@ mod danger { message, cert, dss, - &rustls::crypto::ring::RING.signature_verification_algorithms(), + &rustls::crypto::ring::default_provider().signature_verification_algorithms, ) } fn supported_verify_schemes(&self) -> Vec { - rustls::crypto::ring::RING - .signature_verification_algorithms() + rustls::crypto::ring::default_provider() + .signature_verification_algorithms .supported_schemes() } } @@ -398,12 +399,16 @@ fn make_config(args: &Args) -> Arc { rustls::DEFAULT_VERSIONS.to_vec() }; - let config = rustls::ClientConfig::builder() - .with_cipher_suites(&suites) - .with_safe_default_kx_groups() - .with_protocol_versions(&versions) - .expect("inconsistent cipher-suite/versions selected") - .with_root_certificates(root_store); + let config = rustls::ClientConfig::builder_with_provider( + CryptoProvider { + cipher_suites: suites, + ..rustls::crypto::ring::default_provider() + } + .into(), + ) + .with_protocol_versions(&versions) + .expect("inconsistent cipher-suite/versions selected") + .with_root_certificates(root_store); let mut config = match (&args.flag_auth_key, &args.flag_auth_certs) { (Some(key_file), Some(certs_file)) => { diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 0ba487b1e6..a06662b491 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -9,6 +9,7 @@ use mio::net::{TcpListener, TcpStream}; use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use serde::Deserialize; +use rustls::crypto::{ring, CryptoProvider}; use rustls::server::WebPkiClientVerifier; use rustls::{self, RootCertStore}; @@ -604,14 +605,18 @@ fn make_config(args: &Args) -> Arc { ); let ocsp = load_ocsp(&args.flag_ocsp); - let mut config = rustls::ServerConfig::builder() - .with_cipher_suites(&suites) - .with_safe_default_kx_groups() - .with_protocol_versions(&versions) - .expect("inconsistent cipher-suites/versions specified") - .with_client_cert_verifier(client_auth) - .with_single_cert_with_ocsp(certs, privkey, ocsp) - .expect("bad certificates/private key"); + let mut config = rustls::ServerConfig::builder_with_provider( + CryptoProvider { + cipher_suites: suites, + ..ring::default_provider() + } + .into(), + ) + .with_protocol_versions(&versions) + .expect("inconsistent cipher-suites/versions specified") + .with_client_cert_verifier(client_auth) + .with_single_cert_with_ocsp(certs, privkey, ocsp) + .expect("bad certificates/private key"); config.key_log = Arc::new(rustls::KeyLogFile::new()); diff --git a/fuzz/fuzzers/client.rs b/fuzz/fuzzers/client.rs index 738ac326e7..85403e9af3 100644 --- a/fuzz/fuzzers/client.rs +++ b/fuzz/fuzzers/client.rs @@ -11,7 +11,8 @@ fuzz_target!(|data: &[u8]| { let root_store = RootCertStore::empty(); let config = Arc::new( ClientConfig::builder() - .with_safe_defaults() + .with_safe_default_protocol_versions() + .unwrap() .with_root_certificates(root_store) .with_no_client_auth(), ); diff --git a/fuzz/fuzzers/server.rs b/fuzz/fuzzers/server.rs index 67c7bd9808..b1d38cc4ae 100644 --- a/fuzz/fuzzers/server.rs +++ b/fuzz/fuzzers/server.rs @@ -24,7 +24,8 @@ impl ResolvesServerCert for Fail { fuzz_target!(|data: &[u8]| { let config = Arc::new( ServerConfig::builder() - .with_safe_defaults() + .with_safe_default_protocol_versions() + .unwrap() .with_no_client_auth() .with_cert_resolver(Arc::new(Fail)), ); diff --git a/provider-example/examples/client.rs b/provider-example/examples/client.rs index 6bb24c5f0a..fa625e4028 100644 --- a/provider-example/examples/client.rs +++ b/provider-example/examples/client.rs @@ -2,8 +2,6 @@ use std::io::{stdout, Read, Write}; use std::net::TcpStream; use std::sync::Arc; -use rustls_provider_example::PROVIDER; - fn main() { env_logger::init(); @@ -14,10 +12,12 @@ fn main() { .cloned(), ); - let config = rustls::ClientConfig::builder_with_provider(PROVIDER) - .with_safe_defaults() - .with_root_certificates(root_store) - .with_no_client_auth(); + let config = + rustls::ClientConfig::builder_with_provider(rustls_provider_example::provider().into()) + .with_safe_default_protocol_versions() + .unwrap() + .with_root_certificates(root_store) + .with_no_client_auth(); let server_name = "www.rust-lang.org".try_into().unwrap(); let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap(); diff --git a/provider-example/examples/server.rs b/provider-example/examples/server.rs index 8dcaab0095..ee91e45bec 100644 --- a/provider-example/examples/server.rs +++ b/provider-example/examples/server.rs @@ -4,7 +4,6 @@ use std::sync::Arc; use pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer}; use rustls::server::Acceptor; use rustls::ServerConfig; -use rustls_provider_example::PROVIDER; fn main() { env_logger::init(); @@ -94,11 +93,13 @@ impl TestPki { } fn server_config(self) -> Arc { - let mut server_config = ServerConfig::builder_with_provider(PROVIDER) - .with_safe_defaults() - .with_no_client_auth() - .with_single_cert(vec![self.server_cert_der], self.server_key_der) - .unwrap(); + let mut server_config = + ServerConfig::builder_with_provider(rustls_provider_example::provider().into()) + .with_safe_default_protocol_versions() + .unwrap() + .with_no_client_auth() + .with_single_cert(vec![self.server_cert_der], self.server_key_der) + .unwrap(); server_config.key_log = Arc::new(rustls::KeyLogFile::new()); diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index e77050c4cc..c2c07052ad 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -1,6 +1,7 @@ use std::sync::Arc; use pki_types::PrivateKeyDer; +use rustls::crypto::CryptoProvider; mod aead; mod hash; @@ -11,35 +12,20 @@ mod sign; mod verify; pub use hpke::HPKE_PROVIDER; -use rustls::crypto::KeyProvider; -pub static PROVIDER: &'static dyn rustls::crypto::CryptoProvider = &Provider; +pub fn provider() -> CryptoProvider { + CryptoProvider { + cipher_suites: ALL_CIPHER_SUITES.to_vec(), + kx_groups: kx::ALL_KX_GROUPS.to_vec(), + signature_verification_algorithms: verify::ALGORITHMS, + secure_random: &Provider, + key_provider: &Provider, + } +} #[derive(Debug)] struct Provider; -impl rustls::crypto::CryptoProvider for Provider { - fn default_cipher_suites(&self) -> &'static [rustls::SupportedCipherSuite] { - ALL_CIPHER_SUITES - } - - fn default_kx_groups(&self) -> &'static [&'static dyn rustls::crypto::SupportedKxGroup] { - kx::ALL_KX_GROUPS - } - - fn signature_verification_algorithms(&self) -> rustls::crypto::WebPkiSupportedAlgorithms { - verify::ALGORITHMS - } - - fn secure_random(&self) -> &'static dyn rustls::crypto::SecureRandom { - &Self - } - - fn key_provider(&self) -> &'static dyn KeyProvider { - &Self - } -} - impl rustls::crypto::SecureRandom for Provider { fn fill(&self, bytes: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { use rand_core::RngCore; diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 37899e020f..5b9e9bbde9 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -15,9 +15,14 @@ use pki_types::{CertificateDer, PrivateKeyDer}; use rustls::client::Resumption; #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] -use rustls::crypto::aws_lc_rs::{cipher_suite, Ticketer, AWS_LC_RS as PROVIDER}; +use rustls::crypto::aws_lc_rs as provider; +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +use rustls::crypto::aws_lc_rs::{cipher_suite, Ticketer}; +#[cfg(feature = "ring")] +use rustls::crypto::ring as provider; #[cfg(feature = "ring")] -use rustls::crypto::ring::{cipher_suite, Ticketer, RING as PROVIDER}; +use rustls::crypto::ring::{cipher_suite, Ticketer}; +use rustls::crypto::CryptoProvider; use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; use rustls::RootCertStore; use rustls::{ClientConfig, ClientConnection}; @@ -306,6 +311,7 @@ fn make_server_config( resume: ResumptionParam, max_fragment_size: Option, ) -> ServerConfig { + let provider = Arc::new(provider::default_provider()); let client_auth = match client_auth { ClientAuth::Yes => { let roots = params.key_type.get_chain(); @@ -313,16 +319,14 @@ fn make_server_config( for root in roots { client_auth_roots.add(root).unwrap(); } - WebPkiClientVerifier::builder_with_provider(client_auth_roots.into(), PROVIDER) + WebPkiClientVerifier::builder_with_provider(client_auth_roots.into(), provider.clone()) .build() .unwrap() } ClientAuth::No => WebPkiClientVerifier::no_client_auth(), }; - let mut cfg = ServerConfig::builder_with_provider(PROVIDER) - .with_safe_default_cipher_suites() - .with_safe_default_kx_groups() + let mut cfg = ServerConfig::builder_with_provider(provider) .with_protocol_versions(&[params.version]) .unwrap() .with_client_cert_verifier(client_auth) @@ -353,12 +357,16 @@ fn make_client_config( rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), ); - let cfg = ClientConfig::builder_with_provider(PROVIDER) - .with_cipher_suites(&[params.ciphersuite]) - .with_safe_default_kx_groups() - .with_protocol_versions(&[params.version]) - .unwrap() - .with_root_certificates(root_store); + let cfg = ClientConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![params.ciphersuite], + ..provider::default_provider() + } + .into(), + ) + .with_protocol_versions(&[params.version]) + .unwrap() + .with_root_certificates(root_store); let mut cfg = if clientauth == ClientAuth::Yes { cfg.with_client_auth_cert( diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 9bb29138e6..e4035ace94 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -6,7 +6,7 @@ use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier}; -use rustls::crypto::SupportedKxGroup; +use rustls::crypto::{CryptoProvider, SupportedKxGroup}; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist::ServerSessionValue; use rustls::server::danger::{ClientCertVerified, ClientCertVerifier}; @@ -19,9 +19,9 @@ use rustls::{ }; #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] -use rustls::crypto::{aws_lc_rs as provider, aws_lc_rs::AWS_LC_RS as PROVIDER}; +use rustls::crypto::aws_lc_rs as provider; #[cfg(feature = "ring")] -use rustls::crypto::{ring as provider, ring::RING as PROVIDER}; +use rustls::crypto::ring as provider; use base64::prelude::{Engine, BASE64_STANDARD}; use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime}; @@ -212,9 +212,12 @@ impl DummyClientAuth { fn new(mandatory: bool) -> Self { Self { mandatory, - parent: WebPkiClientVerifier::builder_with_provider(load_root_certs(), PROVIDER) - .build() - .unwrap(), + parent: WebPkiClientVerifier::builder_with_provider( + load_root_certs(), + provider::default_provider().into(), + ) + .build() + .unwrap(), } } } @@ -274,9 +277,12 @@ struct DummyServerAuth { impl DummyServerAuth { fn new() -> Self { DummyServerAuth { - parent: WebPkiServerVerifier::builder_with_provider(load_root_certs(), PROVIDER) - .build() - .unwrap(), + parent: WebPkiServerVerifier::builder_with_provider( + load_root_certs(), + provider::default_provider().into(), + ) + .build() + .unwrap(), } } } @@ -495,14 +501,18 @@ fn make_server_cfg(opts: &Options) -> Arc { provider::ALL_KX_GROUPS.to_vec() }; - let mut cfg = ServerConfig::builder_with_provider(PROVIDER) - .with_safe_default_cipher_suites() - .with_kx_groups(&kx_groups) - .with_protocol_versions(&opts.supported_versions()) - .unwrap() - .with_client_cert_verifier(client_auth) - .with_single_cert_with_ocsp(cert.clone(), key, opts.server_ocsp_response.clone()) - .unwrap(); + let mut cfg = ServerConfig::builder_with_provider( + CryptoProvider { + kx_groups, + ..provider::default_provider() + } + .into(), + ) + .with_protocol_versions(&opts.supported_versions()) + .unwrap() + .with_client_cert_verifier(client_auth) + .with_single_cert_with_ocsp(cert.clone(), key, opts.server_ocsp_response.clone()) + .unwrap(); cfg.session_storage = ServerCacheWithResumptionDelay::new(opts.resumption_delay); cfg.max_fragment_size = opts.max_fragment; @@ -623,13 +633,17 @@ fn make_client_cfg(opts: &Options) -> Arc { provider::ALL_KX_GROUPS.to_vec() }; - let cfg = ClientConfig::builder_with_provider(PROVIDER) - .with_safe_default_cipher_suites() - .with_kx_groups(&kx_groups) - .with_protocol_versions(&opts.supported_versions()) - .expect("inconsistent settings") - .dangerous() - .with_custom_certificate_verifier(Arc::new(DummyServerAuth::new())); + let cfg = ClientConfig::builder_with_provider( + CryptoProvider { + kx_groups, + ..provider::default_provider() + } + .into(), + ) + .with_protocol_versions(&opts.supported_versions()) + .expect("inconsistent settings") + .dangerous() + .with_custom_certificate_verifier(Arc::new(DummyServerAuth::new())); let mut cfg = if !opts.cert_file.is_empty() && !opts.key_file.is_empty() { let cert = load_cert(&opts.cert_file); diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 591ab68469..607e557eba 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -1,54 +1,48 @@ -use crate::crypto::{CryptoProvider, SupportedKxGroup}; +use crate::crypto::CryptoProvider; use crate::error::Error; -use crate::suites::SupportedCipherSuite; use crate::versions; use alloc::format; -use alloc::vec::Vec; use core::fmt; use core::marker::PhantomData; +use std::sync::Arc; /// A [builder] for [`ServerConfig`] or [`ClientConfig`] values. /// /// To get one of these, call [`ServerConfig::builder()`] or [`ClientConfig::builder()`]. /// -/// To build a config, you must make at least three decisions (in order): +/// To build a config, you must make at least two decisions (in order): /// -/// - Which protocol primitives should be supported (cipher suites, key exchange groups, protocol versions)? /// - How should this client or server verify certificates provided by its peer? /// - What certificates should this client or server present to its peer? /// /// For settings besides these, see the fields of [`ServerConfig`] and [`ClientConfig`]. /// /// The usual choice for protocol primitives is to call -/// [`ConfigBuilder::with_safe_defaults`], which will choose rustls' defaults for cipher suites, key -/// exchange groups and protocol versions: +/// [`crate::ClientConfig::builder`]/[`ServerConfig::builder`] and [`ConfigBuilder::with_safe_default_protocol_versions`], +/// which will use rustls' default cryptographic provider and default protocol versions. /// /// ``` /// # #[cfg(feature = "ring")] { /// use rustls::{ClientConfig, ServerConfig}; /// ClientConfig::builder() -/// .with_safe_defaults() +/// .with_safe_default_protocol_versions() /// // ... /// # ; /// /// ServerConfig::builder() -/// .with_safe_defaults() +/// .with_safe_default_protocol_versions() /// // ... /// # ; /// # } /// ``` /// -/// If you override the default for one protocol primitive (for instance supporting only TLS 1.3), -/// you will need to explicitly specify configuration for all three. That configuration may simply -/// be "use the default." +/// You may also override the choice of protocol versions: /// /// ```no_run /// # #[cfg(feature = "ring")] { /// # use rustls::ServerConfig; /// ServerConfig::builder() -/// .with_safe_default_cipher_suites() -/// .with_safe_default_kx_groups() /// .with_protocol_versions(&[&rustls::version::TLS13]) /// .unwrap() /// // ... @@ -87,7 +81,8 @@ use core::marker::PhantomData; /// # use rustls::ClientConfig; /// # let root_certs = rustls::RootCertStore::empty(); /// ClientConfig::builder() -/// .with_safe_defaults() +/// .with_safe_default_protocol_versions() +/// .unwrap() /// .with_root_certificates(root_certs) /// .with_no_client_auth(); /// # } @@ -114,7 +109,8 @@ use core::marker::PhantomData; /// # pki_types::PrivatePkcs8KeyDer::from(vec![]) /// # ); /// ServerConfig::builder() -/// .with_safe_defaults() +/// .with_safe_default_protocol_versions() +/// .unwrap() /// .with_no_client_auth() /// .with_single_cert(certs, private_key) /// .expect("bad certificate/key"); @@ -127,8 +123,6 @@ use core::marker::PhantomData; /// configuration item is provided exactly once. This is tracked in the `State` type parameter, /// which can have these values: /// -/// - [`WantsCipherSuites`] -/// - [`WantsKxGroups`] /// - [`WantsVersions`] /// - [`WantsVerifier`] /// - [`WantsClientCert`] @@ -144,9 +138,9 @@ use core::marker::PhantomData; /// mentioning some of these types. /// /// Additionally, ServerConfig and ClientConfig carry a private field containing a -/// `&'static dyn `[`CryptoProvider`], from [`ClientConfig::builder_with_provider()`] or +/// [`CryptoProvider`], from [`ClientConfig::builder_with_provider()`] or /// [`ServerConfig::builder_with_provider()`]. This determines which cryptographic backend -/// is used. The default is [`RING`]. +/// is used. The default is [`ring::provider`]. /// /// [builder]: https://rust-unofficial.github.io/patterns/patterns/creational/builder.html /// [typestate]: http://cliffle.com/blog/rust-typestate/ @@ -161,7 +155,7 @@ use core::marker::PhantomData; /// [`ConfigBuilder`]: struct.ConfigBuilder.html#impl-6 /// [`WantsClientCert`]: crate::client::WantsClientCert /// [`WantsServerCert`]: crate::server::WantsServerCert -/// [`RING`]: crate::crypto::ring::RING +/// [`ring::provider`]: crate::crypto::ring::default_provider /// [`DangerousClientConfigBuilder::with_custom_certificate_verifier`]: crate::client::danger::DangerousClientConfigBuilder::with_custom_certificate_verifier #[derive(Clone)] pub struct ConfigBuilder { @@ -183,118 +177,12 @@ impl fmt::Debug for ConfigBuilder ConfigBuilder { - /// Start side-specific config with defaults for underlying cryptography. - /// - /// If used, this will enable all safe supported cipher suites (`default_cipher_suites()` as specified by the - /// `CryptoProvider` type), all safe supported key exchange groups ([`CryptoProvider::default_kx_groups()`]) and all safe supported - /// protocol versions ([`DEFAULT_VERSIONS`]). - /// - /// These are safe defaults, useful for 99% of applications. - /// - /// [`DEFAULT_VERSIONS`]: versions::DEFAULT_VERSIONS - pub fn with_safe_defaults(self) -> ConfigBuilder { - ConfigBuilder { - state: WantsVerifier { - cipher_suites: self - .state - .0 - .default_cipher_suites() - .to_vec(), - kx_groups: self - .state - .0 - .default_kx_groups() - .to_vec(), - provider: self.state.0, - versions: versions::EnabledVersions::new(versions::DEFAULT_VERSIONS), - }, - side: self.side, - } - } - - /// Choose a specific set of cipher suites. - /// - /// These can be different from the cipher suites implemented by the `CryptoProvider`. - /// Because the cipher suites provided by `ring` and `aws_lc_rs` have the same names, - /// make sure any `use` statements are importing from the provider that you want to use. - pub fn with_cipher_suites( - self, - cipher_suites: &[SupportedCipherSuite], - ) -> ConfigBuilder { - ConfigBuilder { - state: WantsKxGroups { - cipher_suites: cipher_suites.to_vec(), - provider: self.state.0, - }, - side: self.side, - } - } - - /// Choose the default set of cipher suites as specified by the `CryptoProvider`. - /// - /// The intention is that this default provides only high-quality suites: there is no need - /// to filter out low-, export- or NULL-strength cipher suites: rustls does not - /// implement these. But the precise details are controlled by what is implemented by the - /// `CryptoProvider`. - pub fn with_safe_default_cipher_suites(self) -> ConfigBuilder { - let default = self.state.0.default_cipher_suites(); - self.with_cipher_suites(default) - } -} - -/// Config builder state where the caller must supply key exchange groups. -/// -/// For more information, see the [`ConfigBuilder`] documentation. -#[derive(Clone, Debug)] -pub struct WantsKxGroups { - cipher_suites: Vec, - provider: &'static dyn CryptoProvider, -} - -impl ConfigBuilder { - /// Choose a specific set of key exchange groups. - /// - /// These can be different from the key exchange groups implemented by the `CryptoProvider`. - /// Because the cipher suites provided by `ring` and `aws_lc_rs` have the same names, - /// make sure any `use` statements are importing from the provider that you want to use. - pub fn with_kx_groups( - self, - kx_groups: &[&'static dyn SupportedKxGroup], - ) -> ConfigBuilder { - ConfigBuilder { - state: WantsVersions { - cipher_suites: self.state.cipher_suites, - kx_groups: kx_groups.to_vec(), - provider: self.state.provider, - }, - side: self.side, - } - } - - /// Choose the default set of key exchange groups ([`CryptoProvider::default_kx_groups`]). - /// - /// This is a safe default: rustls doesn't implement any poor-quality groups. - pub fn with_safe_default_kx_groups(self) -> ConfigBuilder { - let default = self.state.provider.default_kx_groups(); - self.with_kx_groups(default) - } -} - /// Config builder state where the caller must supply TLS protocol versions. /// /// For more information, see the [`ConfigBuilder`] documentation. #[derive(Clone, Debug)] pub struct WantsVersions { - cipher_suites: Vec, - kx_groups: Vec<&'static dyn SupportedKxGroup>, - provider: &'static dyn CryptoProvider, + pub(crate) provider: Arc, } impl ConfigBuilder { @@ -311,7 +199,7 @@ impl ConfigBuilder { versions: &[&'static versions::SupportedProtocolVersion], ) -> Result, Error> { let mut any_usable_suite = false; - for suite in &self.state.cipher_suites { + for suite in &self.state.provider.cipher_suites { if versions.contains(&suite.version()) { any_usable_suite = true; break; @@ -322,14 +210,12 @@ impl ConfigBuilder { return Err(Error::General("no usable cipher suites configured".into())); } - if self.state.kx_groups.is_empty() { + if self.state.provider.kx_groups.is_empty() { return Err(Error::General("no kx groups configured".into())); } Ok(ConfigBuilder { state: WantsVerifier { - cipher_suites: self.state.cipher_suites, - kx_groups: self.state.kx_groups, provider: self.state.provider, versions: versions::EnabledVersions::new(versions), }, @@ -343,9 +229,7 @@ impl ConfigBuilder { /// For more information, see the [`ConfigBuilder`] documentation. #[derive(Clone, Debug)] pub struct WantsVerifier { - pub(crate) cipher_suites: Vec, - pub(crate) kx_groups: Vec<&'static dyn SupportedKxGroup>, - pub(crate) provider: &'static dyn CryptoProvider, + pub(crate) provider: Arc, pub(crate) versions: versions::EnabledVersions, } diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index d33c1c33a7..27666e1966 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -1,11 +1,10 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::client::handy; use crate::client::{ClientConfig, ResolvesClientCert}; -use crate::crypto::{CryptoProvider, SupportedKxGroup}; +use crate::crypto::CryptoProvider; use crate::error::Error; use crate::key_log::NoKeyLog; use crate::msgs::handshake::CertificateChain; -use crate::suites::SupportedCipherSuite; use crate::webpki::{self, WebPkiServerVerifier}; use crate::{verify, versions}; @@ -35,12 +34,12 @@ impl ConfigBuilder { self, root_store: impl Into>, ) -> ConfigBuilder { - let sig_algs = self + let algorithms = self .state .provider - .signature_verification_algorithms(); + .signature_verification_algorithms; self.with_webpki_verifier( - WebPkiServerVerifier::new_without_revocation(root_store, sig_algs).into(), + WebPkiServerVerifier::new_without_revocation(root_store, algorithms).into(), ) } @@ -54,8 +53,6 @@ impl ConfigBuilder { ) -> ConfigBuilder { ConfigBuilder { state: WantsClientCert { - cipher_suites: self.state.cipher_suites, - kx_groups: self.state.kx_groups, provider: self.state.provider, versions: self.state.versions, verifier, @@ -94,8 +91,6 @@ pub(super) mod danger { ) -> ConfigBuilder { ConfigBuilder { state: WantsClientCert { - cipher_suites: self.cfg.state.cipher_suites, - kx_groups: self.cfg.state.kx_groups, provider: self.cfg.state.provider, versions: self.cfg.state.versions, verifier, @@ -112,9 +107,7 @@ pub(super) mod danger { /// For more information, see the [`ConfigBuilder`] documentation. #[derive(Clone)] pub struct WantsClientCert { - cipher_suites: Vec, - kx_groups: Vec<&'static dyn SupportedKxGroup>, - provider: &'static dyn CryptoProvider, + provider: Arc, versions: versions::EnabledVersions, verifier: Arc, } @@ -137,7 +130,7 @@ impl ConfigBuilder { let private_key = self .state .provider - .key_provider() + .key_provider .load_private_key(key_der)?; let resolver = handy::AlwaysResolvesClientCert::new(private_key, CertificateChain(cert_chain))?; @@ -155,8 +148,6 @@ impl ConfigBuilder { client_auth_cert_resolver: Arc, ) -> ClientConfig { ClientConfig { - cipher_suites: self.state.cipher_suites, - kx_groups: self.state.kx_groups, provider: self.state.provider, alpn_protocols: Vec::new(), resumption: Resumption::default(), diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 75523fe0b9..18443c2590 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -1,4 +1,4 @@ -use crate::builder::{ConfigBuilder, WantsCipherSuites}; +use crate::builder::ConfigBuilder; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCommon, ConnectionCore}; use crate::crypto::{CryptoProvider, SupportedKxGroup}; @@ -11,9 +11,9 @@ use crate::msgs::handshake::ClientExtension; use crate::msgs::persist; use crate::sign; use crate::suites::{ExtractedSecrets, SupportedCipherSuite}; -use crate::verify; use crate::versions; use crate::KeyLog; +use crate::{verify, WantsVersions}; use super::handy::{ClientSessionMemoryCache, NoClientSessionStorage}; use super::hs; @@ -143,18 +143,8 @@ pub trait ResolvesClientCert: fmt::Debug + Send + Sync { /// [`RootCertStore`]: crate::RootCertStore #[derive(Debug)] pub struct ClientConfig { - /// List of ciphersuites, in preference order. - pub(super) cipher_suites: Vec, - - /// List of supported key exchange algorithms, in preference order -- the - /// first element is the highest priority. - /// - /// The first element in this list is the _default key share algorithm_, - /// and in TLS1.3 a key share for it is sent in the client hello. - pub(super) kx_groups: Vec<&'static dyn SupportedKxGroup>, - /// Source of randomness and other crypto. - pub(super) provider: &'static dyn CryptoProvider, + pub(super) provider: Arc, /// Which ALPN protocols we include in our client hello. /// If empty, no ALPN extension is sent. @@ -226,9 +216,7 @@ pub enum Tls12Resumption { impl Clone for ClientConfig { fn clone(&self) -> Self { Self { - cipher_suites: self.cipher_suites.clone(), - kx_groups: self.kx_groups.clone(), - provider: self.provider, + provider: Arc::::clone(&self.provider), resumption: self.resumption.clone(), alpn_protocols: self.alpn_protocols.clone(), max_fragment_size: self.max_fragment_size, @@ -246,21 +234,21 @@ impl Clone for ClientConfig { impl ClientConfig { #[cfg(feature = "ring")] /// Create a builder for a client configuration with the default - /// [`CryptoProvider`]: [`crate::crypto::ring::RING`]. + /// [`CryptoProvider`]: [`crate::crypto::ring::default_provider`]. /// /// For more information, see the [`ConfigBuilder`] documentation. - pub fn builder() -> ConfigBuilder { - Self::builder_with_provider(crate::crypto::ring::RING) + pub fn builder() -> ConfigBuilder { + Self::builder_with_provider(crate::crypto::ring::default_provider().into()) } /// Create a builder for a client configuration with a specific [`CryptoProvider`]. /// /// For more information, see the [`ConfigBuilder`] documentation. pub fn builder_with_provider( - provider: &'static dyn CryptoProvider, - ) -> ConfigBuilder { + provider: Arc, + ) -> ConfigBuilder { ConfigBuilder { - state: WantsCipherSuites(provider), + state: WantsVersions { provider }, side: PhantomData, } } @@ -271,13 +259,15 @@ impl ClientConfig { pub(crate) fn supports_version(&self, v: ProtocolVersion) -> bool { self.versions.contains(v) && self + .provider .cipher_suites .iter() .any(|cs| cs.version().version == v) } pub(crate) fn supports_protocol(&self, proto: Protocol) -> bool { - self.cipher_suites + self.provider + .cipher_suites .iter() .any(|cs| cs.usable_for_protocol(proto)) } @@ -289,14 +279,16 @@ impl ClientConfig { } pub(super) fn find_cipher_suite(&self, suite: CipherSuite) -> Option { - self.cipher_suites + self.provider + .cipher_suites .iter() .copied() .find(|&scs| scs.suite() == suite) } pub(super) fn find_kx_group(&self, group: NamedGroup) -> Option<&'static dyn SupportedKxGroup> { - self.kx_groups + self.provider + .kx_groups .iter() .copied() .find(|skxg| skxg.name() == group) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index ca7d042b85..26ce6383f3 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -121,7 +121,7 @@ pub(super) fn start_handshake( // we're doing an abbreviated handshake. See section 3.4 in // RFC5077. if !inner.ticket().is_empty() { - inner.session_id = SessionId::random(config.provider.secure_random())?; + inner.session_id = SessionId::random(config.provider.secure_random)?; } session_id = Some(inner.session_id); } @@ -137,10 +137,10 @@ pub(super) fn start_handshake( Some(session_id) => session_id, None if cx.common.is_quic() => SessionId::empty(), None if !config.supports_version(ProtocolVersion::TLSv1_3) => SessionId::empty(), - None => SessionId::random(config.provider.secure_random())?, + None => SessionId::random(config.provider.secure_random)?, }; - let random = Random::new(config.provider.secure_random())?; + let random = Random::new(config.provider.secure_random)?; Ok(emit_client_hello_for_retry( transcript_buffer, @@ -218,6 +218,7 @@ fn emit_client_hello_for_retry( ClientExtension::EcPointFormats(ECPointFormat::SUPPORTED.to_vec()), ClientExtension::NamedGroups( config + .provider .kx_groups .iter() .map(|skxg| skxg.name()) @@ -277,6 +278,7 @@ fn emit_client_hello_for_retry( .collect(); let mut cipher_suites: Vec<_> = config + .provider .cipher_suites .iter() .filter_map(|cs| match cs.usable_for_protocol(cx.common.protocol) { diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 3407934cd8..fdd53b9518 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -213,6 +213,7 @@ pub(super) fn initial_key_share( .and_then(|group_name| config.find_kx_group(group_name)) .unwrap_or_else(|| { config + .provider .kx_groups .iter() .copied() diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index b1ef8c497b..19f8833c8d 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -1,4 +1,4 @@ -use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom, SupportedKxGroup}; +use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom}; use crate::enums::SignatureScheme; use crate::rand::GetRandomFailed; use crate::sign::SigningKey; @@ -35,33 +35,19 @@ pub(crate) mod tls12; pub(crate) mod tls13; /// A `CryptoProvider` backed by aws-lc-rs. -pub static AWS_LC_RS: &dyn CryptoProvider = &AwsLcRs; +pub fn default_provider() -> CryptoProvider { + CryptoProvider { + cipher_suites: DEFAULT_CIPHER_SUITES.to_vec(), + kx_groups: ALL_KX_GROUPS.to_vec(), + signature_verification_algorithms: SUPPORTED_SIG_ALGS, + secure_random: &AwsLcRs, + key_provider: &AwsLcRs, + } +} #[derive(Debug)] struct AwsLcRs; -impl CryptoProvider for AwsLcRs { - fn default_cipher_suites(&self) -> &'static [SupportedCipherSuite] { - DEFAULT_CIPHER_SUITES - } - - fn default_kx_groups(&self) -> &'static [&'static dyn SupportedKxGroup] { - ALL_KX_GROUPS - } - - fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms { - SUPPORTED_SIG_ALGS - } - - fn secure_random(&self) -> &'static dyn SecureRandom { - &Self - } - - fn key_provider(&self) -> &'static dyn KeyProvider { - &Self - } -} - impl SecureRandom for AwsLcRs { fn fill(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed> { use ring_like::rand::SecureRandom; diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 8c50741cbe..b4cd3dbd2b 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -52,17 +52,17 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// Controls core cryptography used by rustls. /// /// This crate comes with two built-in options, provided as -/// `&dyn CryptoProvider` values: +/// `CryptoProvider` structures: /// -/// - [`crate::crypto::ring::RING`]: (behind the `ring` crate feature, which +/// - [`crate::crypto::ring::default_provider`]: (behind the `ring` crate feature, which /// is enabled by default). This provider uses the [*ring*](https://github.com/briansmith/ring) /// crate. -/// - [`crate::crypto::aws_lc_rs::AWS_LC_RS`]: (behind the `aws_lc_rs` feature, +/// - [`crate::crypto::aws_lc_rs::default_provider`]: (behind the `aws_lc_rs` feature, /// which is optional). This provider uses the [aws-lc-rs](https://github.com/aws/aws-lc-rs) /// crate. /// -/// This trait provides defaults. Everything in it, other than randomness, can be overridden at -/// runtime by methods on [`ConfigBuilder`](crate::ConfigBuilder). +/// This structure provides defaults. Everything in it can be overridden at +/// runtime by replacing field values as needed. /// /// # Using a specific `CryptoProvider` /// @@ -79,7 +79,7 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// /// # Making a custom `CryptoProvider` /// -/// Naturally start with a type that implements [`crate::crypto::CryptoProvider`]. +/// Your goal will be to populate a [`crate::crypto::CryptoProvider`] struct instance. /// /// ## Which elements are required? /// @@ -95,38 +95,17 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// # #[cfg(feature = "ring")] { /// # use std::sync::Arc; /// # mod fictious_hsm_api { pub fn load_private_key(key_der: pki_types::PrivateKeyDer<'static>) -> ! { unreachable!(); } } -/// use rustls::crypto::ring::RING; +/// use rustls::crypto::ring; /// -/// #[derive(Debug)] -/// struct HsmKeyLoader; -/// -/// impl rustls::crypto::CryptoProvider for HsmKeyLoader {/// -/// fn default_cipher_suites(&self) -> &'static [rustls::SupportedCipherSuite] { -/// RING.default_cipher_suites() -/// } -/// -/// fn default_kx_groups(&self) -> &'static [&'static dyn rustls::crypto::SupportedKxGroup] { -/// RING.default_kx_groups() -/// } -/// -/// fn signature_verification_algorithms(&self) -> rustls::crypto::WebPkiSupportedAlgorithms { -/// RING.signature_verification_algorithms() -/// } -/// -/// fn secure_random(&self) -> &'static dyn rustls::crypto::SecureRandom { -/// &HsmKeyLoader -/// } -/// -/// fn key_provider(&self) -> &'static dyn rustls::crypto::KeyProvider { -/// &HsmKeyLoader -/// } +/// pub fn provider() -> rustls::crypto::CryptoProvider { +/// rustls::crypto::CryptoProvider{ +/// key_provider: &HsmKeyLoader, +/// ..ring::default_provider() +/// } /// } /// -/// impl rustls::crypto::SecureRandom for HsmKeyLoader { -/// fn fill(&self, buf: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> { -/// RING.secure_random().fill(buf) -/// } -/// } +/// #[derive(Debug)] +/// struct HsmKeyLoader; /// /// impl rustls::crypto::KeyProvider for HsmKeyLoader { /// fn load_private_key(&self, key_der: pki_types::PrivateKeyDer<'static>) -> Result, rustls::Error> { @@ -140,12 +119,12 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// /// The elements are documented separately: /// -/// - **Random** - see [`crate::crypto::CryptoProvider::fill()`]. +/// - **Random** - see [`crate::crypto::SecureRandom::fill()`]. /// - **Cipher suites** - see [`crate::SupportedCipherSuite`], [`crate::Tls12CipherSuite`], and /// [`crate::Tls13CipherSuite`]. /// - **Key exchange groups** - see [`crate::crypto::SupportedKxGroup`]. /// - **Signature verification algorithms** - see [`crate::crypto::WebPkiSupportedAlgorithms`]. -/// - **Authentication key loading** - see [`crate::crypto::CryptoProvider::load_private_key()`] and +/// - **Authentication key loading** - see [`crate::crypto::KeyProvider::load_private_key()`] and /// [`crate::sign::SigningKey`]. /// /// # Example code @@ -164,45 +143,37 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// [provider-example/]: https://github.com/rustls/rustls/tree/main/provider-example/ /// [rust-crypto]: https://github.com/rustcrypto /// [dalek-cryptography]: https://github.com/dalek-cryptography -pub trait CryptoProvider: Send + Sync + Debug + 'static { - /// Provide a safe set of cipher suites that can be used as the defaults. - /// - /// This is used by [`crate::ConfigBuilder::with_safe_defaults()`] and - /// [`crate::ConfigBuilder::with_safe_default_cipher_suites()`]. - /// - /// Other (non-default) cipher suites can be provided separately and configured - /// by passing them to [`crate::ConfigBuilder::with_cipher_suites()`]. That - /// includes cipher suites implemented by a different `CryptoProvider`. +#[derive(Debug, Clone)] +pub struct CryptoProvider { + /// List of supported ciphersuites, in preference order -- the first element + /// is the highest priority. /// /// The `SupportedCipherSuite` type carries both configuration and implementation. - fn default_cipher_suites(&self) -> &'static [suites::SupportedCipherSuite]; + pub cipher_suites: Vec, - /// Return a safe set of supported key exchange groups to be used as the defaults. - /// - /// This is used by [`crate::ConfigBuilder::with_safe_defaults()`] and - /// [`crate::ConfigBuilder::with_safe_default_kx_groups()`]. + /// List of supported key exchange groups, in preference order -- the + /// first element is the highest priority. /// - /// Other (non-default) key exchange groups can be provided separately and configured - /// by passing them to [`crate::ConfigBuilder::with_kx_groups()`]. That includes - /// key exchange groups implemented by a different `CryptoProvider`. + /// The first element in this list is the _default key share algorithm_, + /// and in TLS1.3 a key share for it is sent in the client hello. /// /// The `SupportedKxGroup` type carries both configuration and implementation. - fn default_kx_groups(&self) -> &'static [&'static dyn SupportedKxGroup]; + pub kx_groups: Vec<&'static dyn SupportedKxGroup>, - /// Return the signature verification algorithms for use with webpki. + /// List of signature verification algorithms for use with webpki. /// /// These are used for both certificate chain verification and handshake signature verification. /// /// This is called by [`crate::ConfigBuilder::with_root_certificates()`], /// [`crate::server::WebPkiClientVerifier::builder_with_provider()`] and /// [`crate::client::WebPkiServerVerifier::builder_with_provider()`]. - fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms; + pub signature_verification_algorithms: WebPkiSupportedAlgorithms, - /// Return a source of cryptographically secure randomness. - fn secure_random(&self) -> &'static dyn SecureRandom; + /// Source of cryptographically secure random numbers. + pub secure_random: &'static dyn SecureRandom, - /// Return a mechanism for loading private [SigningKey]s from [PrivateKeyDer]. - fn key_provider(&self) -> &'static dyn KeyProvider; + /// Provider for loading private [SigningKey]s from [PrivateKeyDer]. + pub key_provider: &'static dyn KeyProvider, } /// A source of cryptographically secure randomness. diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 6b776424f7..4a66a41996 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -1,4 +1,4 @@ -use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom, SupportedKxGroup}; +use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom}; use crate::enums::SignatureScheme; use crate::rand::GetRandomFailed; use crate::sign::SigningKey; @@ -29,34 +29,20 @@ pub(crate) mod tls13; /// A `CryptoProvider` backed by the [*ring*] crate. /// /// [*ring*]: https://github.com/briansmith/ring -pub static RING: &dyn CryptoProvider = &Ring; +pub fn default_provider() -> CryptoProvider { + CryptoProvider { + cipher_suites: DEFAULT_CIPHER_SUITES.to_vec(), + kx_groups: ALL_KX_GROUPS.to_vec(), + signature_verification_algorithms: SUPPORTED_SIG_ALGS, + secure_random: &Ring, + key_provider: &Ring, + } +} /// Default crypto provider. #[derive(Debug)] struct Ring; -impl CryptoProvider for Ring { - fn default_cipher_suites(&self) -> &'static [SupportedCipherSuite] { - DEFAULT_CIPHER_SUITES - } - - fn default_kx_groups(&self) -> &'static [&'static dyn SupportedKxGroup] { - ALL_KX_GROUPS - } - - fn signature_verification_algorithms(&self) -> WebPkiSupportedAlgorithms { - SUPPORTED_SIG_ALGS - } - - fn secure_random(&self) -> &'static dyn SecureRandom { - &Self - } - - fn key_provider(&self) -> &'static dyn KeyProvider { - &Self - } -} - impl SecureRandom for Ring { fn fill(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed> { use ring_like::rand::SecureRandom; diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index 891b7465a0..560aea09a8 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -19,8 +19,8 @@ use core::fmt::Debug; /// /// There are two main ways to get a signing key: /// -/// - [`CryptoProvider::load_private_key()`], or -/// - some other method outside of the `CryptoProvider` extension trait, +/// - [`KeyProvider::load_private_key()`], or +/// - some other method outside of the `KeyProvider` extension trait, /// for instance: /// - [`crypto::ring::sign::any_ecdsa_type()`] /// - [`crypto::ring::sign::any_eddsa_type()`] @@ -29,17 +29,17 @@ use core::fmt::Debug; /// - [`crypto::aws_lc_rs::sign::any_eddsa_type()`] /// - [`crypto::aws_lc_rs::sign::any_supported_type()`] /// -/// The `CryptoProvider` method `load_private_key()` is called under the hood by +/// The `KeyProvider` method `load_private_key()` is called under the hood by /// [`ConfigBuilder::with_single_cert()`], /// [`ConfigBuilder::with_client_auth_cert()`], and /// [`ConfigBuilder::with_single_cert_with_ocsp()`]. /// -/// A signing key created outside of the `CryptoProvider` extension trait can be used +/// A signing key created outside of the `KeyProvider` extension trait can be used /// to create a [`CertifiedKey`], which in turn can be used to create a /// [`ResolvesServerCertUsingSni`]. Alternately, a `CertifiedKey` can be returned from a /// custom implementation of the [`ResolvesServerCert`] or [`ResolvesClientCert`] traits. /// -/// [`CryptoProvider::load_private_key()`]: crate::crypto::CryptoProvider::load_private_key +/// [`KeyProvider::load_private_key()`]: crate::crypto::KeyProvider::load_private_key /// [`ConfigBuilder::with_single_cert()`]: crate::ConfigBuilder::with_single_cert /// [`ConfigBuilder::with_single_cert_with_ocsp()`]: crate::ConfigBuilder::with_single_cert_with_ocsp /// [`ConfigBuilder::with_client_auth_cert()`]: crate::ConfigBuilder::with_client_auth_cert diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 261de75142..56b3178085 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -129,7 +129,8 @@ //! # #[cfg(feature = "ring")] { //! # let root_store: rustls::RootCertStore = panic!(); //! let config = rustls::ClientConfig::builder() -//! .with_safe_defaults() +//! .with_safe_default_protocol_versions() +//! .unwrap() //! .with_root_certificates(root_store) //! .with_no_client_auth(); //! # } @@ -150,7 +151,8 @@ //! # .cloned() //! # ); //! # let config = rustls::ClientConfig::builder() -//! # .with_safe_defaults() +//! # .with_safe_default_protocol_versions() +//! # .unwrap() //! # .with_root_certificates(root_store) //! # .with_no_client_auth(); //! let rc_config = Arc::new(config); @@ -260,14 +262,8 @@ //! //! - `aws_lc_rs`: this makes the rustls crate depend on the aws-lc-rs crate, //! which can be used for cryptography as an alternative to *ring*. -//! Use `rustls::crypto::aws_lc_rs::AWS_LC_RS` as a `CryptoProvider` when making a -//! `ClientConfig` or `ServerConfig` to use aws-lc-rs -- eg: -//! -//! ``` -//! # #[cfg(feature = "aws_lc_rs")] { -//! rustls::ClientConfig::builder_with_provider(rustls::crypto::aws_lc_rs::AWS_LC_RS); -//! # } -//! ``` +//! Use `rustls::crypto::aws_lc_rs::default_provider()` as a `CryptoProvider` +//! when making a `ClientConfig` or `ServerConfig` to use aws-lc-rs //! //! Note that aws-lc-rs has additional build-time dependencies like cmake. //! See [the documentation](https://aws.github.io/aws-lc-rs/requirements/index.html) for details. @@ -424,14 +420,12 @@ pub mod internal { // Have a (non-public) "test provider" mod which supplies // tests that need part of a *ring*-compatible provider module. #[cfg(all(any(test, bench), not(feature = "ring"), feature = "aws_lc_rs"))] -use crate::crypto::{aws_lc_rs as test_provider, aws_lc_rs::AWS_LC_RS as TEST_PROVIDER}; +use crate::crypto::aws_lc_rs as test_provider; #[cfg(all(any(test, bench), feature = "ring"))] -use crate::crypto::{ring as test_provider, ring::RING as TEST_PROVIDER}; +use crate::crypto::ring as test_provider; // The public interface is: -pub use crate::builder::{ - ConfigBuilder, ConfigSide, WantsCipherSuites, WantsKxGroups, WantsVerifier, WantsVersions, -}; +pub use crate::builder::{ConfigBuilder, ConfigSide, WantsVerifier, WantsVersions}; pub use crate::common_state::{CommonState, IoState, Side}; pub use crate::conn::{Connection, ConnectionCommon, Reader, SideData, Writer}; pub use crate::enums::{ diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index d3133b0867..f2128b883e 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -1,10 +1,9 @@ use crate::builder::{ConfigBuilder, WantsVerifier}; -use crate::crypto::{CryptoProvider, SupportedKxGroup}; +use crate::crypto::CryptoProvider; use crate::error::Error; use crate::msgs::handshake::CertificateChain; use crate::server::handy; use crate::server::{ResolvesServerCert, ServerConfig}; -use crate::suites::SupportedCipherSuite; use crate::verify::{ClientCertVerifier, NoClientAuth}; use crate::versions; use crate::NoKeyLog; @@ -23,8 +22,6 @@ impl ConfigBuilder { ) -> ConfigBuilder { ConfigBuilder { state: WantsServerCert { - cipher_suites: self.state.cipher_suites, - kx_groups: self.state.kx_groups, provider: self.state.provider, versions: self.state.versions, verifier: client_cert_verifier, @@ -45,9 +42,7 @@ impl ConfigBuilder { /// For more information, see the [`ConfigBuilder`] documentation. #[derive(Clone, Debug)] pub struct WantsServerCert { - cipher_suites: Vec, - kx_groups: Vec<&'static dyn SupportedKxGroup>, - provider: &'static dyn CryptoProvider, + provider: Arc, versions: versions::EnabledVersions, verifier: Arc, } @@ -76,7 +71,7 @@ impl ConfigBuilder { let private_key = self .state .provider - .key_provider() + .key_provider .load_private_key(key_der)?; let resolver = handy::AlwaysResolvesChain::new(private_key, CertificateChain(cert_chain)); Ok(self.with_cert_resolver(Arc::new(resolver))) @@ -102,7 +97,7 @@ impl ConfigBuilder { let private_key = self .state .provider - .key_provider() + .key_provider .load_private_key(key_der)?; let resolver = handy::AlwaysResolvesChain::new_with_extras( private_key, @@ -115,8 +110,6 @@ impl ConfigBuilder { /// Sets a custom [`ResolvesServerCert`]. pub fn with_cert_resolver(self, cert_resolver: Arc) -> ServerConfig { ServerConfig { - cipher_suites: self.state.cipher_suites, - kx_groups: self.state.kx_groups, provider: self.state.provider, verifier: self.state.verifier, cert_resolver, diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 49592e112a..4e9f62ac29 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -297,6 +297,7 @@ impl ExpectClientHello { // intersection of ciphersuites. let client_suites = self .config + .provider .cipher_suites .iter() .copied() @@ -335,8 +336,10 @@ impl ExpectClientHello { // Reduce our supported ciphersuites by the certificate. // (no-op for TLS1.3) - let suitable_suites = - suites::reduce_given_sigalg(&self.config.cipher_suites, certkey.get_key().algorithm()); + let suitable_suites = suites::reduce_given_sigalg( + &self.config.provider.cipher_suites, + certkey.get_key().algorithm(), + ); // And version let suitable_suites = suites::reduce_given_version_and_protocol( @@ -386,7 +389,7 @@ impl ExpectClientHello { // Save their Random. let randoms = ConnectionRandoms::new( client_hello.random, - Random::new(self.config.provider.secure_random())?, + Random::new(self.config.provider.secure_random)?, ); match suite { SupportedCipherSuite::Tls13(suite) => tls13::CompleteClientHelloHandling { diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 0d3b77d48b..1fe5bab566 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,7 +1,7 @@ -use crate::builder::{ConfigBuilder, WantsCipherSuites}; +use crate::builder::ConfigBuilder; use crate::common_state::{CommonState, Context, Protocol, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore}; -use crate::crypto::{CryptoProvider, SupportedKxGroup}; +use crate::crypto::CryptoProvider; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; #[cfg(feature = "logging")] @@ -9,11 +9,11 @@ use crate::log::trace; use crate::msgs::base::Payload; use crate::msgs::handshake::{ClientHelloPayload, ProtocolName, ServerExtension}; use crate::msgs::message::Message; -use crate::sign; -use crate::suites::{ExtractedSecrets, SupportedCipherSuite}; +use crate::suites::ExtractedSecrets; use crate::vecbuf::ChunkVecBuffer; use crate::verify; use crate::KeyLog; +use crate::{sign, WantsVersions}; use super::hs; @@ -212,17 +212,8 @@ impl<'a> ClientHello<'a> { /// [`RootCertStore`]: crate::RootCertStore #[derive(Debug)] pub struct ServerConfig { - /// List of ciphersuites, in preference order. - pub(super) cipher_suites: Vec, - - /// List of supported key exchange groups. - /// - /// The first is the highest priority: they will be - /// offered to the client in this order. - pub(super) kx_groups: Vec<&'static dyn SupportedKxGroup>, - /// Source of randomness and other crypto. - pub(super) provider: &'static dyn CryptoProvider, + pub(super) provider: Arc, /// Ignore the client's ciphersuite order. Instead, /// choose the top ciphersuite in the server list @@ -323,9 +314,7 @@ pub struct ServerConfig { impl Clone for ServerConfig { fn clone(&self) -> Self { Self { - cipher_suites: self.cipher_suites.clone(), - kx_groups: self.kx_groups.clone(), - provider: self.provider, + provider: Arc::::clone(&self.provider), ignore_client_order: self.ignore_client_order, max_fragment_size: self.max_fragment_size, session_storage: Arc::clone(&self.session_storage), @@ -346,21 +335,21 @@ impl Clone for ServerConfig { impl ServerConfig { #[cfg(feature = "ring")] /// Create a builder for a server configuration with the default - /// [`CryptoProvider`]: [`crate::crypto::ring::RING`]. + /// [`CryptoProvider`]: [`crate::crypto::ring::default_provider`]. /// /// For more information, see the [`ConfigBuilder`] documentation. - pub fn builder() -> ConfigBuilder { - Self::builder_with_provider(crate::crypto::ring::RING) + pub fn builder() -> ConfigBuilder { + Self::builder_with_provider(crate::crypto::ring::default_provider().into()) } /// Create a builder for a server configuration with a specific [`CryptoProvider`]. /// /// For more information, see the [`ConfigBuilder`] documentation. pub fn builder_with_provider( - provider: &'static dyn CryptoProvider, - ) -> ConfigBuilder { + provider: Arc, + ) -> ConfigBuilder { ConfigBuilder { - state: WantsCipherSuites(provider), + state: WantsVersions { provider }, side: PhantomData, } } @@ -371,13 +360,15 @@ impl ServerConfig { pub(crate) fn supports_version(&self, v: ProtocolVersion) -> bool { self.versions.contains(v) && self + .provider .cipher_suites .iter() .any(|cs| cs.version().version == v) } pub(crate) fn supports_protocol(&self, proto: Protocol) -> bool { - self.cipher_suites + self.provider + .cipher_suites .iter() .any(|cs| cs.usable_for_protocol(proto)) } diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 5de4d52176..45eb15c5e4 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -179,6 +179,7 @@ mod client_hello { let group = self .config + .provider .kx_groups .iter() .find(|skxg| groups_ext.contains(&skxg.name())) @@ -209,7 +210,7 @@ mod client_hello { if !self.config.session_storage.can_cache() { self.session_id = SessionId::empty(); } else if self.session_id.is_empty() && !ticket_received { - self.session_id = SessionId::random(self.config.provider.secure_random())?; + self.session_id = SessionId::random(self.config.provider.secure_random)?; } self.send_ticket = emit_server_hello( diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 9e060fac2a..5e6729082c 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -202,6 +202,7 @@ mod client_hello { // choose a share that we support let chosen_share_and_kxg = self .config + .provider .kx_groups .iter() .find_map(|group| { @@ -218,6 +219,7 @@ mod client_hello { // send a HelloRetryRequest. let retry_group_maybe = self .config + .provider .kx_groups .iter() .find(|group| groups_ext.contains(&group.name())) @@ -1085,7 +1087,7 @@ impl ExpectFinished { key_schedule: &KeyScheduleTraffic, config: &ServerConfig, ) -> Result<(), Error> { - let secure_random = config.provider.secure_random(); + let secure_random = config.provider.secure_random; let nonce = rand::random_vec(secure_random, 32)?; let age_add = rand::random_u32(secure_random)?; let plain = get_server_session_value( diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index 8d6b8d0002..458375064e 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -211,7 +211,7 @@ impl Context { fn bench(&self, count: usize) { let verifier = WebPkiServerVerifier::new_without_revocation( self.roots.clone(), - ring::RING.signature_verification_algorithms(), + ring::default_provider().signature_verification_algorithms, ); const OCSP_RESPONSE: &[u8] = &[]; let mut times = Vec::new(); diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index daec45b497..0e6cf8b7d4 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -242,13 +242,13 @@ impl WebPkiClientVerifier { /// will be verified using the trust anchors found in the provided `roots`. If you /// wish to disable client authentication use [WebPkiClientVerifier::no_client_auth()] instead. /// - /// The cryptography used comes from the default [`CryptoProvider`]: [`crate::crypto::ring::RING`]. + /// The cryptography used comes from the default [`CryptoProvider`]: [`crate::crypto::ring::default_provider`]. /// Use [`Self::builder_with_provider`] if you wish to customize this. /// /// For more information, see the [`ClientCertVerifierBuilder`] documentation. #[cfg(feature = "ring")] pub fn builder(roots: Arc) -> ClientCertVerifierBuilder { - Self::builder_with_provider(roots, crate::crypto::ring::RING) + Self::builder_with_provider(roots, crate::crypto::ring::default_provider().into()) } /// Create a builder for the `webpki` client certificate verifier configuration using @@ -263,9 +263,9 @@ impl WebPkiClientVerifier { /// For more information, see the [`ClientCertVerifierBuilder`] documentation. pub fn builder_with_provider( roots: Arc, - provider: &'static dyn CryptoProvider, + provider: Arc, ) -> ClientCertVerifierBuilder { - ClientCertVerifierBuilder::new(roots, provider.signature_verification_algorithms()) + ClientCertVerifierBuilder::new(roots, provider.signature_verification_algorithms) } /// Create a new `WebPkiClientVerifier` that disables client authentication. The server will diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 0d43a0f1b9..3e9319cc3a 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -129,13 +129,13 @@ impl WebPkiServerVerifier { /// /// Server certificates will be verified using the trust anchors found in the provided `roots`. /// - /// The cryptography used comes from the default [`CryptoProvider`]: [`crate::crypto::ring::RING`]. + /// The cryptography used comes from the default [`CryptoProvider`]: [`crate::crypto::ring::default_provider`]. /// Use [`Self::builder_with_provider`] if you wish to customize this. /// /// For more information, see the [`ServerCertVerifierBuilder`] documentation. #[cfg(feature = "ring")] pub fn builder(roots: Arc) -> ServerCertVerifierBuilder { - Self::builder_with_provider(roots, crate::crypto::ring::RING) + Self::builder_with_provider(roots, crate::crypto::ring::default_provider().into()) } /// Create a builder for the `webpki` server certificate verifier configuration using @@ -148,9 +148,9 @@ impl WebPkiServerVerifier { /// For more information, see the [`ServerCertVerifierBuilder`] documentation. pub fn builder_with_provider( roots: Arc, - provider: &'static dyn CryptoProvider, + provider: Arc, ) -> ServerCertVerifierBuilder { - ServerCertVerifierBuilder::new(roots, provider.signature_verification_algorithms()) + ServerCertVerifierBuilder::new(roots, provider.signature_verification_algorithms) } /// Short-cut for creating a `WebPkiServerVerifier` that does not perform certificate revocation @@ -284,7 +284,7 @@ mod tests { use pki_types::{CertificateDer, CertificateRevocationListDer}; use super::{VerifierBuilderError, WebPkiServerVerifier}; - use crate::{RootCertStore, TEST_PROVIDER}; + use crate::{test_provider, RootCertStore}; fn load_crls(crls_der: &[&[u8]]) -> Vec> { crls_der @@ -325,9 +325,12 @@ mod tests { #[test] fn test_with_invalid_crls() { // Trying to build a server verifier with invalid CRLs should error at build time. - let result = WebPkiServerVerifier::builder_with_provider(test_roots(), TEST_PROVIDER) - .with_crls(vec![CertificateRevocationListDer::from(vec![0xFF])]) - .build(); + let result = WebPkiServerVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .with_crls(vec![CertificateRevocationListDer::from(vec![0xFF])]) + .build(); assert!(matches!(result, Err(VerifierBuilderError::InvalidCrl(_)))); } @@ -340,9 +343,12 @@ mod tests { include_bytes!("../../../test-ca/eddsa/client.revoked.crl.pem").as_slice(), ]); - let builder = WebPkiServerVerifier::builder_with_provider(test_roots(), TEST_PROVIDER) - .with_crls(initial_crls.clone()) - .with_crls(extra_crls.clone()); + let builder = WebPkiServerVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .with_crls(initial_crls.clone()) + .with_crls(extra_crls.clone()); // There should be the expected number of crls. assert_eq!(builder.crls.len(), initial_crls.len() + extra_crls.len()); @@ -356,7 +362,7 @@ mod tests { // Trying to create a server verifier builder with no trust anchors should fail at build time let result = WebPkiServerVerifier::builder_with_provider( RootCertStore::empty().into(), - TEST_PROVIDER, + test_provider::default_provider().into(), ) .build(); assert!(matches!(result, Err(VerifierBuilderError::NoRootAnchors))); @@ -365,8 +371,11 @@ mod tests { #[test] fn test_server_verifier_ee_only() { // We should be able to build a server cert. verifier that only checks the EE cert. - let builder = WebPkiServerVerifier::builder_with_provider(test_roots(), TEST_PROVIDER) - .only_check_end_entity_revocation(); + let builder = WebPkiServerVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .only_check_end_entity_revocation(); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); @@ -376,8 +385,11 @@ mod tests { fn test_server_verifier_allow_unknown() { // We should be able to build a server cert. verifier that allows unknown revocation // status. - let builder = WebPkiServerVerifier::builder_with_provider(test_roots(), TEST_PROVIDER) - .allow_unknown_revocation_status(); + let builder = WebPkiServerVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .allow_unknown_revocation_status(); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); @@ -387,9 +399,12 @@ mod tests { fn test_server_verifier_allow_unknown_ee_only() { // We should be able to build a server cert. verifier that allows unknown revocation // status and only checks the EE cert. - let builder = WebPkiServerVerifier::builder_with_provider(test_roots(), TEST_PROVIDER) - .allow_unknown_revocation_status() - .only_check_end_entity_revocation(); + let builder = WebPkiServerVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .allow_unknown_revocation_status() + .only_check_end_entity_revocation(); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 8ef7660a9f..17c26874d5 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -234,7 +234,7 @@ mod tests { fn webpki_supported_algorithms_is_debug() { assert_eq!( "WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }", - format!("{:?}", crate::crypto::ring::RING.signature_verification_algorithms()) + format!("{:?}", crate::crypto::ring::default_provider().signature_verification_algorithms) ); } } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 86f8edda3a..ad098fb522 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -12,11 +12,11 @@ use std::sync::atomic::{AtomicUsize, Ordering}; use std::sync::Arc; use std::sync::Mutex; -use pki_types::{CertificateDer, IpAddr, PrivateKeyDer, ServerName, UnixTime}; -use primary_provider::cipher_suite; -use primary_provider::sign::RsaSigningKey; +use pki_types::{CertificateDer, IpAddr, ServerName, UnixTime}; +use provider::cipher_suite; +use provider::sign::RsaSigningKey; use rustls::client::{verify_server_cert_signed_by_trust_anchor, ResolvesClientCert, Resumption}; -use rustls::crypto::KeyProvider; +use rustls::crypto::CryptoProvider; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; @@ -226,11 +226,15 @@ fn check_read_buf_err(reader: &mut dyn io::Read, err_kind: io::ErrorKind) { #[test] fn config_builder_for_client_rejects_empty_kx_groups() { assert_eq!( - client_config_builder() - .with_safe_default_cipher_suites() - .with_kx_groups(&[]) - .with_safe_default_protocol_versions() - .err(), + ClientConfig::builder_with_provider( + CryptoProvider { + kx_groups: Vec::default(), + ..provider::default_provider() + } + .into() + ) + .with_safe_default_protocol_versions() + .err(), Some(Error::General("no kx groups configured".into())) ); } @@ -238,11 +242,15 @@ fn config_builder_for_client_rejects_empty_kx_groups() { #[test] fn config_builder_for_client_rejects_empty_cipher_suites() { assert_eq!( - client_config_builder() - .with_cipher_suites(&[]) - .with_safe_default_kx_groups() - .with_safe_default_protocol_versions() - .err(), + ClientConfig::builder_with_provider( + CryptoProvider { + cipher_suites: Vec::default(), + ..provider::default_provider() + } + .into() + ) + .with_safe_default_protocol_versions() + .err(), Some(Error::General("no usable cipher suites configured".into())) ); } @@ -251,11 +259,15 @@ fn config_builder_for_client_rejects_empty_cipher_suites() { #[test] fn config_builder_for_client_rejects_incompatible_cipher_suites() { assert_eq!( - client_config_builder() - .with_cipher_suites(&[cipher_suite::TLS13_AES_256_GCM_SHA384]) - .with_safe_default_kx_groups() - .with_protocol_versions(&[&rustls::version::TLS12]) - .err(), + ClientConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![cipher_suite::TLS13_AES_256_GCM_SHA384], + ..provider::default_provider() + } + .into() + ) + .with_protocol_versions(&[&rustls::version::TLS12]) + .err(), Some(Error::General("no usable cipher suites configured".into())) ); } @@ -263,11 +275,15 @@ fn config_builder_for_client_rejects_incompatible_cipher_suites() { #[test] fn config_builder_for_server_rejects_empty_kx_groups() { assert_eq!( - server_config_builder() - .with_safe_default_cipher_suites() - .with_kx_groups(&[]) - .with_safe_default_protocol_versions() - .err(), + ServerConfig::builder_with_provider( + CryptoProvider { + kx_groups: Vec::default(), + ..provider::default_provider() + } + .into() + ) + .with_safe_default_protocol_versions() + .err(), Some(Error::General("no kx groups configured".into())) ); } @@ -275,11 +291,15 @@ fn config_builder_for_server_rejects_empty_kx_groups() { #[test] fn config_builder_for_server_rejects_empty_cipher_suites() { assert_eq!( - server_config_builder() - .with_cipher_suites(&[]) - .with_safe_default_kx_groups() - .with_safe_default_protocol_versions() - .err(), + ServerConfig::builder_with_provider( + CryptoProvider { + cipher_suites: Vec::default(), + ..provider::default_provider() + } + .into() + ) + .with_safe_default_protocol_versions() + .err(), Some(Error::General("no usable cipher suites configured".into())) ); } @@ -288,11 +308,15 @@ fn config_builder_for_server_rejects_empty_cipher_suites() { #[test] fn config_builder_for_server_rejects_incompatible_cipher_suites() { assert_eq!( - server_config_builder() - .with_cipher_suites(&[cipher_suite::TLS13_AES_256_GCM_SHA384]) - .with_safe_default_kx_groups() - .with_protocol_versions(&[&rustls::version::TLS12]) - .err(), + ServerConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![cipher_suite::TLS13_AES_256_GCM_SHA384], + ..provider::default_provider() + } + .into() + ) + .with_protocol_versions(&[&rustls::version::TLS12]) + .err(), Some(Error::General("no usable cipher suites configured".into())) ); } @@ -451,34 +475,46 @@ fn server_can_get_client_cert_after_resumption() { #[test] #[cfg(feature = "ring")] fn test_config_builders_debug() { + let b = ServerConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![cipher_suite::TLS13_CHACHA20_POLY1305_SHA256], + kx_groups: vec![provider::kx_group::X25519], + ..provider::default_provider() + } + .into(), + ); + assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", format!("{:?}", b)); let b = server_config_builder(); assert_eq!( - "ConfigBuilder { state: WantsCipherSuites(Ring) }", + "ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", format!("{:?}", b) ); - let b = b.with_cipher_suites(&[cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); - assert_eq!("ConfigBuilder { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], provider: Ring } }", format!("{:?}", b)); - let b = b.with_kx_groups(&[primary_provider::kx_group::X25519]); - assert_eq!("ConfigBuilder { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", format!("{:?}", b)); let b = b .with_protocol_versions(&[&rustls::version::TLS13]) .unwrap(); let b = b.with_no_client_auth(); - assert_eq!("ConfigBuilder { state: WantsServerCert { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring, versions: [TLSv1_3], verifier: NoClientAuth } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsServerCert { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3], verifier: NoClientAuth } }", format!("{:?}", b)); + let b = ClientConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![cipher_suite::TLS13_CHACHA20_POLY1305_SHA256], + kx_groups: vec![provider::kx_group::X25519], + ..provider::default_provider() + } + .into(), + ); + assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", format!("{:?}", b)); let b = client_config_builder(); assert_eq!( - "ConfigBuilder { state: WantsCipherSuites(Ring) }", + "ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", format!("{:?}", b) ); - let b = b.with_cipher_suites(&[cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]); - assert_eq!("ConfigBuilder { state: WantsKxGroups { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], provider: Ring } }", format!("{:?}", b)); - let b = b.with_kx_groups(&[primary_provider::kx_group::X25519]); - assert_eq!("ConfigBuilder { state: WantsVersions { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", format!("{:?}", b)); let b = b .with_protocol_versions(&[&rustls::version::TLS13]) .unwrap(); - assert_eq!("ConfigBuilder { state: WantsVerifier { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], provider: Ring, versions: [TLSv1_3] } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsVerifier { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3] } }", format!("{:?}", b)); } /// Test that the server handles combination of `offer_client_auth()` returning true @@ -496,7 +532,8 @@ fn server_allow_any_anonymous_or_authenticated_client() { .unwrap(); let server_config = server_config_builder() - .with_safe_defaults() + .with_safe_default_protocol_versions() + .unwrap() .with_client_cert_verifier(client_auth) .with_single_cert(kt.get_chain(), kt.get_key()) .unwrap(); @@ -903,11 +940,15 @@ fn check_sigalgs_reduced_by_ciphersuite( ) { let client_config = finish_client_config( kt, - client_config_builder() - .with_cipher_suites(&[find_suite(suite)]) - .with_safe_default_kx_groups() - .with_safe_default_protocol_versions() - .unwrap(), + ClientConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![find_suite(suite)], + ..provider::default_provider() + } + .into(), + ) + .with_safe_default_protocol_versions() + .unwrap(), ); let mut server_config = make_server_config(kt); @@ -2313,20 +2354,24 @@ fn stream_write_swallows_underlying_io_error_after_plaintext_processed() { fn make_disjoint_suite_configs() -> (ClientConfig, ServerConfig) { let kt = KeyType::Rsa; + let client_provider = CryptoProvider { + cipher_suites: vec![cipher_suite::TLS13_CHACHA20_POLY1305_SHA256], + ..provider::default_provider() + }; let server_config = finish_server_config( kt, - server_config_builder() - .with_cipher_suites(&[cipher_suite::TLS13_CHACHA20_POLY1305_SHA256]) - .with_safe_default_kx_groups() + ServerConfig::builder_with_provider(client_provider.into()) .with_safe_default_protocol_versions() .unwrap(), ); + let server_provider = CryptoProvider { + cipher_suites: vec![cipher_suite::TLS13_AES_256_GCM_SHA384], + ..provider::default_provider() + }; let client_config = finish_client_config( kt, - client_config_builder() - .with_cipher_suites(&[cipher_suite::TLS13_AES_256_GCM_SHA384]) - .with_safe_default_kx_groups() + ClientConfig::builder_with_provider(server_provider.into()) .with_safe_default_protocol_versions() .unwrap(), ); @@ -2846,7 +2891,7 @@ fn do_suite_test( } fn find_suite(suite: CipherSuite) -> SupportedCipherSuite { - for scs in primary_provider::ALL_CIPHER_SUITES + for scs in provider::ALL_CIPHER_SUITES .iter() .copied() { @@ -2926,10 +2971,7 @@ fn negotiated_ciphersuite_default() { #[test] fn all_suites_covered() { - assert_eq!( - primary_provider::ALL_CIPHER_SUITES.len(), - TEST_CIPHERSUITES.len() - ); + assert_eq!(provider::ALL_CIPHER_SUITES.len(), TEST_CIPHERSUITES.len()); } #[test] @@ -2939,11 +2981,15 @@ fn negotiated_ciphersuite_client() { let scs = find_suite(suite); let client_config = finish_client_config( kt, - client_config_builder() - .with_cipher_suites(&[scs]) - .with_safe_default_kx_groups() - .with_protocol_versions(&[version]) - .unwrap(), + ClientConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![scs], + ..provider::default_provider() + } + .into(), + ) + .with_protocol_versions(&[version]) + .unwrap(), ); do_suite_test(client_config, make_server_config(kt), scs, version.version); @@ -2957,11 +3003,15 @@ fn negotiated_ciphersuite_server() { let scs = find_suite(suite); let server_config = finish_server_config( kt, - server_config_builder() - .with_cipher_suites(&[scs]) - .with_safe_default_kx_groups() - .with_protocol_versions(&[version]) - .unwrap(), + ServerConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![scs], + ..provider::default_provider() + } + .into(), + ) + .with_protocol_versions(&[version]) + .unwrap(), ); do_suite_test(make_client_config(kt), server_config, scs, version.version); @@ -3590,7 +3640,7 @@ fn tls13_stateless_resumption() { let client_config = Arc::new(client_config); let mut server_config = make_server_config(kt); - server_config.ticketer = primary_provider::Ticketer::new().unwrap(); + server_config.ticketer = provider::Ticketer::new().unwrap(); let storage = Arc::new(ServerStorage::new()); server_config.session_storage = storage.clone(); let server_config = Arc::new(server_config); @@ -4104,9 +4154,10 @@ mod test_quic { }; use rustls::{CipherSuite, HandshakeType, SignatureScheme}; + let provider = provider::default_provider(); let mut random = [0; 32]; - PROVIDER - .secure_random() + provider + .secure_random .fill(&mut random) .unwrap(); let random = Random::from(random); @@ -4122,7 +4173,7 @@ mod test_quic { payload: HandshakePayload::ClientHello(ClientHelloPayload { client_version: ProtocolVersion::TLSv1_3, random, - session_id: SessionId::random(PROVIDER.secure_random()).unwrap(), + session_id: SessionId::random(provider.secure_random).unwrap(), cipher_suites: vec![CipherSuite::TLS13_AES_128_GCM_SHA256], compression_methods: vec![Compression::Null], extensions: vec![ @@ -4161,9 +4212,10 @@ mod test_quic { }; use rustls::{CipherSuite, HandshakeType, SignatureScheme}; + let provider = provider::default_provider(); let mut random = [0; 32]; - PROVIDER - .secure_random() + provider + .secure_random .fill(&mut random) .unwrap(); let random = Random::from(random); @@ -4186,7 +4238,7 @@ mod test_quic { payload: HandshakePayload::ClientHello(ClientHelloPayload { client_version: ProtocolVersion::TLSv1_2, random, - session_id: SessionId::random(PROVIDER.secure_random()).unwrap(), + session_id: SessionId::random(provider.secure_random).unwrap(), cipher_suites: vec![CipherSuite::TLS13_AES_128_GCM_SHA256], compression_methods: vec![Compression::Null], extensions: vec![ @@ -4460,10 +4512,9 @@ fn test_client_does_not_offer_sha1() { #[test] fn test_client_config_keyshare() { - let client_config = - make_client_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::SECP384R1]); - let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::SECP384R1]); + let kx_groups = vec![provider::kx_group::SECP384R1]; + let client_config = make_client_config_with_kx_groups(KeyType::Rsa, kx_groups.clone()); + let server_config = make_server_config_with_kx_groups(KeyType::Rsa, kx_groups); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); do_handshake_until_error(&mut client, &mut server).unwrap(); } @@ -4471,9 +4522,9 @@ fn test_client_config_keyshare() { #[test] fn test_client_config_keyshare_mismatch() { let client_config = - make_client_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::SECP384R1]); + make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::SECP384R1]); let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); assert!(do_handshake_until_error(&mut client, &mut server).is_err()); } @@ -4484,10 +4535,7 @@ fn test_client_sends_helloretryrequest() { // client sends a secp384r1 key share let mut client_config = make_client_config_with_kx_groups( KeyType::Rsa, - &[ - primary_provider::kx_group::SECP384R1, - primary_provider::kx_group::X25519, - ], + vec![provider::kx_group::SECP384R1, provider::kx_group::X25519], ); let storage = Arc::new(ClientStorage::new()); @@ -4495,7 +4543,7 @@ fn test_client_sends_helloretryrequest() { // but server only accepts x25519, so a HRR is required let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); @@ -4582,7 +4630,8 @@ fn test_client_sends_helloretryrequest() { #[test] fn test_client_rejects_hrr_with_varied_session_id() { use rustls::internal::msgs::handshake::SessionId; - let different_session_id = SessionId::random(PROVIDER.secure_random()).unwrap(); + let different_session_id = + SessionId::random(provider::default_provider().secure_random).unwrap(); let assert_client_sends_hello_with_secp384 = |msg: &mut Message| -> Altered { if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { @@ -4615,14 +4664,11 @@ fn test_client_rejects_hrr_with_varied_session_id() { // client prefers a secp384r1 key share, server only accepts x25519 let client_config = make_client_config_with_kx_groups( KeyType::Rsa, - &[ - primary_provider::kx_group::SECP384R1, - primary_provider::kx_group::X25519, - ], + vec![provider::kx_group::SECP384R1, provider::kx_group::X25519], ); let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]); let (client, server) = make_pair_for_configs(client_config, server_config); let (mut client, mut server) = (client.into(), server.into()); @@ -4654,13 +4700,13 @@ fn test_client_attempts_to_use_unsupported_kx_group() { // first, client sends a x25519 and server agrees. x25519 is inserted // into kx group cache. let mut client_config_1 = - make_client_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::X25519]); + make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]); client_config_1.resumption = Resumption::store(shared_storage.clone()); // second, client only supports secp-384 and so kx group cache // contains an unusable value. let mut client_config_2 = - make_client_config_with_kx_groups(KeyType::Rsa, &[primary_provider::kx_group::SECP384R1]); + make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::SECP384R1]); client_config_2.resumption = Resumption::store(shared_storage.clone()); let server_config = make_server_config(KeyType::Rsa); @@ -5036,8 +5082,6 @@ fn test_client_tls12_no_resume_after_server_downgrade() { let server_config_1 = Arc::new(common::finish_server_config( KeyType::Ed25519, server_config_builder() - .with_safe_default_cipher_suites() - .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS13]) .unwrap(), )); @@ -5045,8 +5089,6 @@ fn test_client_tls12_no_resume_after_server_downgrade() { let mut server_config_2 = common::finish_server_config( KeyType::Ed25519, server_config_builder() - .with_safe_default_cipher_suites() - .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) .unwrap(), ); @@ -5283,14 +5325,18 @@ fn test_secret_extraction_enabled() { println!("Testing suite {:?}", suite.suite().as_str()); // Only offer the cipher suite (and protocol version) that we're testing - let mut server_config = server_config_builder() - .with_cipher_suites(&[suite]) - .with_safe_default_kx_groups() - .with_protocol_versions(&[version]) - .unwrap() - .with_no_client_auth() - .with_single_cert(kt.get_chain(), kt.get_key()) - .unwrap(); + let mut server_config = ServerConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![suite], + ..provider::default_provider() + } + .into(), + ) + .with_protocol_versions(&[version]) + .unwrap() + .with_no_client_auth() + .with_single_cert(kt.get_chain(), kt.get_key()) + .unwrap(); // Opt into secret extraction from both sides server_config.enable_secret_extraction = true; let server_config = Arc::new(server_config); @@ -5343,13 +5389,14 @@ fn test_secret_extraction_enabled() { #[cfg(feature = "tls12")] #[test] fn test_secret_extraction_disabled_or_too_early() { - let suite = cipher_suite::TLS13_AES_128_GCM_SHA256; let kt = KeyType::Rsa; + let provider = Arc::new(CryptoProvider { + cipher_suites: vec![cipher_suite::TLS13_AES_128_GCM_SHA256], + ..provider::default_provider() + }); for (server_enable, client_enable) in [(true, false), (false, true)] { - let mut server_config = server_config_builder() - .with_cipher_suites(&[suite]) - .with_safe_default_kx_groups() + let mut server_config = ServerConfig::builder_with_provider(provider.clone()) .with_safe_default_protocol_versions() .unwrap() .with_no_client_auth() @@ -5399,18 +5446,21 @@ fn test_secret_extraction_disabled_or_too_early() { #[test] fn test_received_plaintext_backpressure() { - let suite = cipher_suite::TLS13_AES_128_GCM_SHA256; let kt = KeyType::Rsa; let server_config = Arc::new( - server_config_builder() - .with_cipher_suites(&[suite]) - .with_safe_default_kx_groups() - .with_safe_default_protocol_versions() - .unwrap() - .with_no_client_auth() - .with_single_cert(kt.get_chain(), kt.get_key()) - .unwrap(), + ServerConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![cipher_suite::TLS13_AES_128_GCM_SHA256], + ..provider::default_provider() + } + .into(), + ) + .with_safe_default_protocol_versions() + .unwrap() + .with_no_client_auth() + .with_single_cert(kt.get_chain(), kt.get_key()) + .unwrap(), ); let client_config = Arc::new(make_client_config(kt)); @@ -5493,49 +5543,25 @@ fn test_debug_server_name_from_string() { fn test_explicit_provider_selection() { let client_config = finish_client_config( KeyType::Rsa, - rustls::ClientConfig::builder_with_provider(rustls::crypto::ring::RING) - .with_safe_defaults(), + rustls::ClientConfig::builder_with_provider( + rustls::crypto::ring::default_provider().into(), + ) + .with_safe_default_protocol_versions() + .unwrap(), ); let server_config = finish_server_config( KeyType::Rsa, - rustls::ServerConfig::builder_with_provider(rustls::crypto::aws_lc_rs::AWS_LC_RS) - .with_safe_defaults(), + rustls::ServerConfig::builder_with_provider( + rustls::crypto::aws_lc_rs::default_provider().into(), + ) + .with_safe_default_protocol_versions() + .unwrap(), ); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); do_handshake(&mut client, &mut server); } -#[derive(Debug)] -struct FaultyRandomProvider { - parent: &'static dyn rustls::crypto::CryptoProvider, - - random: &'static dyn rustls::crypto::SecureRandom, -} - -impl rustls::crypto::CryptoProvider for FaultyRandomProvider { - fn default_cipher_suites(&self) -> &'static [SupportedCipherSuite] { - self.parent.default_cipher_suites() - } - - fn default_kx_groups(&self) -> &'static [&'static (dyn rustls::crypto::SupportedKxGroup)] { - self.parent.default_kx_groups() - } - - fn signature_verification_algorithms(&self) -> rustls::crypto::WebPkiSupportedAlgorithms { - self.parent - .signature_verification_algorithms() - } - - fn secure_random(&self) -> &'static dyn rustls::crypto::SecureRandom { - self.random - } - - fn key_provider(&self) -> &'static dyn KeyProvider { - self.parent.key_provider() - } -} - #[derive(Debug)] struct FaultyRandom { // when empty, `fill_random` requests return `GetRandomFailed` @@ -5563,30 +5589,23 @@ impl rustls::crypto::SecureRandom for FaultyRandom { } } -impl rustls::crypto::KeyProvider for FaultyRandomProvider { - fn load_private_key( - &self, - key_der: PrivateKeyDer<'static>, - ) -> Result, Error> { - self.parent - .key_provider() - .load_private_key(key_der) - } -} - #[test] fn test_client_construction_fails_if_random_source_fails_in_first_request() { static FAULTY_RANDOM: FaultyRandom = FaultyRandom { rand_queue: Mutex::new(b""), }; - static TEST_PROVIDER: FaultyRandomProvider = FaultyRandomProvider { - parent: PROVIDER, - random: &FAULTY_RANDOM, - }; let client_config = finish_client_config( KeyType::Rsa, - rustls::ClientConfig::builder_with_provider(&TEST_PROVIDER).with_safe_defaults(), + rustls::ClientConfig::builder_with_provider( + CryptoProvider { + secure_random: &FAULTY_RANDOM, + ..provider::default_provider() + } + .into(), + ) + .with_safe_default_protocol_versions() + .unwrap(), ); assert_eq!( @@ -5600,14 +5619,18 @@ fn test_client_construction_fails_if_random_source_fails_in_second_request() { static FAULTY_RANDOM: FaultyRandom = FaultyRandom { rand_queue: Mutex::new(b"nice random number generator huh"), }; - static TEST_PROVIDER: FaultyRandomProvider = FaultyRandomProvider { - parent: PROVIDER, - random: &FAULTY_RANDOM, - }; let client_config = finish_client_config( KeyType::Rsa, - rustls::ClientConfig::builder_with_provider(&TEST_PROVIDER).with_safe_defaults(), + rustls::ClientConfig::builder_with_provider( + CryptoProvider { + secure_random: &FAULTY_RANDOM, + ..provider::default_provider() + } + .into(), + ) + .with_safe_default_protocol_versions() + .unwrap(), ); assert_eq!( @@ -5624,14 +5647,18 @@ fn test_client_construction_requires_64_bytes_of_random_material() { it's really not very good is it?", ), }; - static TEST_PROVIDER: FaultyRandomProvider = FaultyRandomProvider { - parent: PROVIDER, - random: &FAULTY_RANDOM, - }; let client_config = finish_client_config( KeyType::Rsa, - rustls::ClientConfig::builder_with_provider(&TEST_PROVIDER).with_safe_defaults(), + rustls::ClientConfig::builder_with_provider( + CryptoProvider { + secure_random: &FAULTY_RANDOM, + ..provider::default_provider() + } + .into(), + ) + .with_safe_default_protocol_versions() + .unwrap(), ); ClientConnection::new(Arc::new(client_config), server_name("localhost")) diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 68a5597a37..7822b73552 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -42,7 +42,8 @@ fn server_config_with_verifier( client_cert_verifier: MockClientVerifier, ) -> ServerConfig { server_config_builder() - .with_safe_defaults() + .with_safe_default_protocol_versions() + .unwrap() .with_client_cert_verifier(Arc::new(client_cert_verifier)) .with_single_cert(kt.get_chain(), kt.get_key()) .unwrap() diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index d4dbab9e5d..7de6fdbc07 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -19,13 +19,10 @@ use rustls::{ClientConfig, ClientConnection}; use rustls::{ConnectionCommon, ServerConfig, ServerConnection, SideData}; #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] -pub use rustls::crypto::aws_lc_rs as primary_provider; -#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] -pub use rustls::crypto::aws_lc_rs::AWS_LC_RS as PROVIDER; -#[cfg(feature = "ring")] -pub use rustls::crypto::ring as primary_provider; +pub use rustls::crypto::aws_lc_rs as provider; #[cfg(feature = "ring")] -pub use rustls::crypto::ring::RING as PROVIDER; +pub use rustls::crypto::ring as provider; +use rustls::crypto::CryptoProvider; macro_rules! embed_files { ( @@ -270,22 +267,22 @@ impl KeyType { } } -pub fn server_config_builder() -> rustls::ConfigBuilder { +pub fn server_config_builder() -> rustls::ConfigBuilder { // ensure `ServerConfig::builder()` is covered, even though it is - // equivalent to `builder_with_provider(PROVIDER)`. + // equivalent to `builder_with_provider(provider::provider().into())`. #[cfg(feature = "ring")] { rustls::ServerConfig::builder() } #[cfg(not(feature = "ring"))] { - rustls::ServerConfig::builder_with_provider(PROVIDER) + rustls::ServerConfig::builder_with_provider(provider::default_provider().into()) } } -pub fn client_config_builder() -> rustls::ConfigBuilder { +pub fn client_config_builder() -> rustls::ConfigBuilder { // ensure `ClientConfig::builder()` is covered, even though it is - // equivalent to `builder_with_provider(PROVIDER)`. + // equivalent to `builder_with_provider(provider::provider().into())`. #[cfg(feature = "ring")] { rustls::ClientConfig::builder() @@ -293,7 +290,7 @@ pub fn client_config_builder() -> rustls::ConfigBuilder ServerConfig { - finish_server_config(kt, server_config_builder().with_safe_defaults()) + finish_server_config( + kt, + server_config_builder() + .with_safe_default_protocol_versions() + .unwrap(), + ) } pub fn make_server_config_with_versions( @@ -317,8 +319,6 @@ pub fn make_server_config_with_versions( finish_server_config( kt, server_config_builder() - .with_safe_default_cipher_suites() - .with_safe_default_kx_groups() .with_protocol_versions(versions) .unwrap(), ) @@ -326,15 +326,19 @@ pub fn make_server_config_with_versions( pub fn make_server_config_with_kx_groups( kt: KeyType, - kx_groups: &[&'static dyn rustls::crypto::SupportedKxGroup], + kx_groups: Vec<&'static dyn rustls::crypto::SupportedKxGroup>, ) -> ServerConfig { finish_server_config( kt, - server_config_builder() - .with_safe_default_cipher_suites() - .with_kx_groups(kx_groups) - .with_safe_default_protocol_versions() - .unwrap(), + ServerConfig::builder_with_provider( + CryptoProvider { + kx_groups, + ..provider::default_provider() + } + .into(), + ) + .with_safe_default_protocol_versions() + .unwrap(), ) } @@ -386,7 +390,8 @@ pub fn make_server_config_with_client_verifier( verifier_builder: ClientCertVerifierBuilder, ) -> ServerConfig { server_config_builder() - .with_safe_defaults() + .with_safe_default_protocol_versions() + .unwrap() .with_client_cert_verifier(verifier_builder.build().unwrap()) .with_single_cert(kt.get_chain(), kt.get_key()) .unwrap() @@ -425,18 +430,27 @@ pub fn finish_client_config_with_creds( } pub fn make_client_config(kt: KeyType) -> ClientConfig { - finish_client_config(kt, client_config_builder().with_safe_defaults()) + finish_client_config( + kt, + client_config_builder() + .with_safe_default_protocol_versions() + .unwrap(), + ) } pub fn make_client_config_with_kx_groups( kt: KeyType, - kx_groups: &[&'static dyn rustls::crypto::SupportedKxGroup], + kx_groups: Vec<&'static dyn rustls::crypto::SupportedKxGroup>, ) -> ClientConfig { - let builder = client_config_builder() - .with_safe_default_cipher_suites() - .with_kx_groups(kx_groups) - .with_safe_default_protocol_versions() - .unwrap(); + let builder = ClientConfig::builder_with_provider( + CryptoProvider { + kx_groups, + ..provider::default_provider() + } + .into(), + ) + .with_safe_default_protocol_versions() + .unwrap(); finish_client_config(kt, builder) } @@ -445,15 +459,18 @@ pub fn make_client_config_with_versions( versions: &[&'static rustls::SupportedProtocolVersion], ) -> ClientConfig { let builder = client_config_builder() - .with_safe_default_cipher_suites() - .with_safe_default_kx_groups() .with_protocol_versions(versions) .unwrap(); finish_client_config(kt, builder) } pub fn make_client_config_with_auth(kt: KeyType) -> ClientConfig { - finish_client_config_with_creds(kt, client_config_builder().with_safe_defaults()) + finish_client_config_with_creds( + kt, + client_config_builder() + .with_safe_default_protocol_versions() + .unwrap(), + ) } pub fn make_client_config_with_versions_with_auth( @@ -461,8 +478,6 @@ pub fn make_client_config_with_versions_with_auth( versions: &[&'static rustls::SupportedProtocolVersion], ) -> ClientConfig { let builder = client_config_builder() - .with_safe_default_cipher_suites() - .with_safe_default_kx_groups() .with_protocol_versions(versions) .unwrap(); finish_client_config_with_creds(kt, builder) @@ -473,8 +488,6 @@ pub fn make_client_config_with_verifier( verifier_builder: ServerCertVerifierBuilder, ) -> ClientConfig { client_config_builder() - .with_safe_default_cipher_suites() - .with_safe_default_kx_groups() .with_protocol_versions(versions) .unwrap() .dangerous() @@ -490,7 +503,7 @@ pub fn webpki_client_verifier_builder(roots: Arc) -> ClientCertVe #[cfg(not(feature = "ring"))] { - WebPkiClientVerifier::builder_with_provider(roots, PROVIDER) + WebPkiClientVerifier::builder_with_provider(roots, provider::default_provider().into()) } } @@ -502,7 +515,7 @@ pub fn webpki_server_verifier_builder(roots: Arc) -> ServerCertVe #[cfg(not(feature = "ring"))] { - WebPkiServerVerifier::builder_with_provider(roots, PROVIDER) + WebPkiServerVerifier::builder_with_provider(roots, provider::default_provider().into()) } } From a7191785f6dc21cedd80d15476df717b1e41603f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 27 Nov 2023 12:02:29 -0500 Subject: [PATCH 0475/1145] remove unwrap for protocol versions w/ default provider When building a client config or a server config using the default provider we know that the ciphersuites will be compatible with any choice of protocol version. By having the default `builder` method configure itself with safe default versions, and offering a `builder_with_protocol_versions` for customization we can transition directly to `WantsVerifier` for these default provider builders, removing a `Result` that will never be an error and making the API more ergonomic in the common case. --- examples/src/bin/server_acceptor.rs | 2 - examples/src/bin/simple_0rtt_client.rs | 2 - examples/src/bin/simpleclient.rs | 2 - fuzz/fuzzers/client.rs | 2 - fuzz/fuzzers/server.rs | 2 - rustls/src/builder.rs | 17 ++---- rustls/src/client/client_conn.rs | 32 +++++++++- rustls/src/lib.rs | 4 -- rustls/src/server/server_conn.rs | 34 ++++++++++- rustls/tests/api.rs | 27 ++------- rustls/tests/client_cert_verifier.rs | 2 - rustls/tests/common/mod.rs | 82 ++++++++++++++------------ 12 files changed, 116 insertions(+), 92 deletions(-) diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index bb6a9e43db..9e2697ad6f 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -225,8 +225,6 @@ impl TestPki { // based on the ClientHello (e.g. selecting a different certificate, or customizing // supported algorithms/protocol versions). let mut server_config = ServerConfig::builder() - .with_safe_default_protocol_versions() - .unwrap() .with_client_cert_verifier(verifier) .with_single_cert( vec![self.server_cert_der.clone()], diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index fa5c528f10..4285fe2d23 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -66,8 +66,6 @@ fn main() { ); let mut config = rustls::ClientConfig::builder() - .with_safe_default_protocol_versions() - .unwrap() .with_root_certificates(root_store) .with_no_client_auth(); diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index b97c78e40f..e0e2d436d8 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -22,8 +22,6 @@ fn main() { .cloned(), ); let mut config = rustls::ClientConfig::builder() - .with_safe_default_protocol_versions() - .unwrap() .with_root_certificates(root_store) .with_no_client_auth(); diff --git a/fuzz/fuzzers/client.rs b/fuzz/fuzzers/client.rs index 85403e9af3..389b24b0cb 100644 --- a/fuzz/fuzzers/client.rs +++ b/fuzz/fuzzers/client.rs @@ -11,8 +11,6 @@ fuzz_target!(|data: &[u8]| { let root_store = RootCertStore::empty(); let config = Arc::new( ClientConfig::builder() - .with_safe_default_protocol_versions() - .unwrap() .with_root_certificates(root_store) .with_no_client_auth(), ); diff --git a/fuzz/fuzzers/server.rs b/fuzz/fuzzers/server.rs index b1d38cc4ae..3c68c09274 100644 --- a/fuzz/fuzzers/server.rs +++ b/fuzz/fuzzers/server.rs @@ -24,8 +24,6 @@ impl ResolvesServerCert for Fail { fuzz_target!(|data: &[u8]| { let config = Arc::new( ServerConfig::builder() - .with_safe_default_protocol_versions() - .unwrap() .with_no_client_auth() .with_cert_resolver(Arc::new(Fail)), ); diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 607e557eba..26de3adb09 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -19,19 +19,18 @@ use std::sync::Arc; /// For settings besides these, see the fields of [`ServerConfig`] and [`ClientConfig`]. /// /// The usual choice for protocol primitives is to call -/// [`crate::ClientConfig::builder`]/[`ServerConfig::builder`] and [`ConfigBuilder::with_safe_default_protocol_versions`], -/// which will use rustls' default cryptographic provider and default protocol versions. +/// [`crate::ClientConfig::builder`]/[`ServerConfig::builder`] +/// which will use rustls' default cryptographic provider and safe defaults for ciphersuites and +/// supported protocol versions. /// /// ``` /// # #[cfg(feature = "ring")] { /// use rustls::{ClientConfig, ServerConfig}; /// ClientConfig::builder() -/// .with_safe_default_protocol_versions() /// // ... /// # ; /// /// ServerConfig::builder() -/// .with_safe_default_protocol_versions() /// // ... /// # ; /// # } @@ -42,15 +41,13 @@ use std::sync::Arc; /// ```no_run /// # #[cfg(feature = "ring")] { /// # use rustls::ServerConfig; -/// ServerConfig::builder() -/// .with_protocol_versions(&[&rustls::version::TLS13]) -/// .unwrap() +/// ServerConfig::builder_with_protocol_versions(&[&rustls::version::TLS13]) /// // ... /// # ; /// # } /// ``` /// -/// Overriding a default introduces a `Result` that must be unwrapped, +/// Overriding the default cryptographic provider introduces a `Result` that must be unwrapped, /// because the config builder checks for consistency of the choices made. For instance, it's an error to /// configure only TLS 1.2 cipher suites while specifying that TLS 1.3 should be the only supported protocol /// version. @@ -81,8 +78,6 @@ use std::sync::Arc; /// # use rustls::ClientConfig; /// # let root_certs = rustls::RootCertStore::empty(); /// ClientConfig::builder() -/// .with_safe_default_protocol_versions() -/// .unwrap() /// .with_root_certificates(root_certs) /// .with_no_client_auth(); /// # } @@ -109,8 +104,6 @@ use std::sync::Arc; /// # pki_types::PrivatePkcs8KeyDer::from(vec![]) /// # ); /// ServerConfig::builder() -/// .with_safe_default_protocol_versions() -/// .unwrap() /// .with_no_client_auth() /// .with_single_cert(certs, private_key) /// .expect("bad certificate/key"); diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 18443c2590..40213e13ef 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -13,6 +13,8 @@ use crate::sign; use crate::suites::{ExtractedSecrets, SupportedCipherSuite}; use crate::versions; use crate::KeyLog; +#[cfg(feature = "ring")] +use crate::WantsVerifier; use crate::{verify, WantsVersions}; use super::handy::{ClientSessionMemoryCache, NoClientSessionStorage}; @@ -232,17 +234,43 @@ impl Clone for ClientConfig { } impl ClientConfig { + /// Create a builder for a client configuration with the default + /// [`CryptoProvider`]: [`crate::crypto::ring::default_provider`] and safe ciphersuite and + /// protocol defaults. + /// + /// For more information, see the [`ConfigBuilder`] documentation. #[cfg(feature = "ring")] + pub fn builder() -> ConfigBuilder { + // Safety: we know the *ring* provider's ciphersuites are compatible with the safe default protocol versions. + Self::builder_with_provider(crate::crypto::ring::default_provider().into()) + .with_safe_default_protocol_versions() + .unwrap() + } + /// Create a builder for a client configuration with the default - /// [`CryptoProvider`]: [`crate::crypto::ring::default_provider`]. + /// [`CryptoProvider`]: [`crate::crypto::ring::default_provider`], safe ciphersuite defaults and + /// the provided protocol versions. + /// + /// Panics if provided an empty slice of supported versions. /// /// For more information, see the [`ConfigBuilder`] documentation. - pub fn builder() -> ConfigBuilder { + #[cfg(feature = "ring")] + pub fn builder_with_protocol_versions( + versions: &[&'static versions::SupportedProtocolVersion], + ) -> ConfigBuilder { + // Safety: we know the *ring* provider's ciphersuites are compatible with all protocol version choices. Self::builder_with_provider(crate::crypto::ring::default_provider().into()) + .with_protocol_versions(versions) + .unwrap() } /// Create a builder for a client configuration with a specific [`CryptoProvider`]. /// + /// This will use the provider's configured ciphersuites. You must additionally choose + /// which protocol versions to enable, using `with_protocol_versions` or + /// `with_safe_default_protocol_versions` and handling the `Result` in case a protocol + /// version is not supported by the provider's ciphersuites. + /// /// For more information, see the [`ConfigBuilder`] documentation. pub fn builder_with_provider( provider: Arc, diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 56b3178085..56be836db8 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -129,8 +129,6 @@ //! # #[cfg(feature = "ring")] { //! # let root_store: rustls::RootCertStore = panic!(); //! let config = rustls::ClientConfig::builder() -//! .with_safe_default_protocol_versions() -//! .unwrap() //! .with_root_certificates(root_store) //! .with_no_client_auth(); //! # } @@ -151,8 +149,6 @@ //! # .cloned() //! # ); //! # let config = rustls::ClientConfig::builder() -//! # .with_safe_default_protocol_versions() -//! # .unwrap() //! # .with_root_certificates(root_store) //! # .with_no_client_auth(); //! let rc_config = Arc::new(config); diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 1fe5bab566..898e5c77f4 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -12,7 +12,11 @@ use crate::msgs::message::Message; use crate::suites::ExtractedSecrets; use crate::vecbuf::ChunkVecBuffer; use crate::verify; +#[cfg(feature = "ring")] +use crate::versions; use crate::KeyLog; +#[cfg(feature = "ring")] +use crate::WantsVerifier; use crate::{sign, WantsVersions}; use super::hs; @@ -333,17 +337,43 @@ impl Clone for ServerConfig { } impl ServerConfig { + /// Create a builder for a server configuration with the default + /// [`CryptoProvider`]: [`crate::crypto::ring::default_provider`] and safe ciphersuite and protocol + /// defaults. + /// + /// For more information, see the [`ConfigBuilder`] documentation. #[cfg(feature = "ring")] + pub fn builder() -> ConfigBuilder { + // Safety: we know the *ring* provider's ciphersuites are compatible with the safe default protocol versions. + Self::builder_with_provider(crate::crypto::ring::default_provider().into()) + .with_safe_default_protocol_versions() + .unwrap() + } + /// Create a builder for a server configuration with the default - /// [`CryptoProvider`]: [`crate::crypto::ring::default_provider`]. + /// [`CryptoProvider`]: [`crate::crypto::ring::default_provider`], safe ciphersuite defaults and + /// the provided protocol versions. + /// + /// Panics if provided an empty slice of supported versions. /// /// For more information, see the [`ConfigBuilder`] documentation. - pub fn builder() -> ConfigBuilder { + #[cfg(feature = "ring")] + pub fn builder_with_protocol_versions( + versions: &[&'static versions::SupportedProtocolVersion], + ) -> ConfigBuilder { + // Safety: we know the *ring* provider's ciphersuites are compatible with all protocol version choices. Self::builder_with_provider(crate::crypto::ring::default_provider().into()) + .with_protocol_versions(versions) + .unwrap() } /// Create a builder for a server configuration with a specific [`CryptoProvider`]. /// + /// This will use the provider's configured ciphersuites. You must additionally choose + /// which protocol versions to enable, using `with_protocol_versions` or + /// `with_safe_default_protocol_versions` and handling the `Result` in case a protocol + /// version is not supported by the provider's ciphersuites. + /// /// For more information, see the [`ConfigBuilder`] documentation. pub fn builder_with_provider( provider: Arc, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index ad098fb522..31740e3007 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -484,15 +484,11 @@ fn test_config_builders_debug() { .into(), ); assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", format!("{:?}", b)); - let b = server_config_builder(); + let b = server_config_builder_with_versions(&[&rustls::version::TLS13]); assert_eq!( - "ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", + "ConfigBuilder { state: WantsVerifier { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3] } }", format!("{:?}", b) ); - assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", format!("{:?}", b)); - let b = b - .with_protocol_versions(&[&rustls::version::TLS13]) - .unwrap(); let b = b.with_no_client_auth(); assert_eq!("ConfigBuilder { state: WantsServerCert { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3], verifier: NoClientAuth } }", format!("{:?}", b)); @@ -505,16 +501,11 @@ fn test_config_builders_debug() { .into(), ); assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", format!("{:?}", b)); - let b = client_config_builder(); + let b = client_config_builder_with_versions(&[&rustls::version::TLS13]); assert_eq!( - "ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", + "ConfigBuilder { state: WantsVerifier { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3] } }", format!("{:?}", b) ); - assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", format!("{:?}", b)); - let b = b - .with_protocol_versions(&[&rustls::version::TLS13]) - .unwrap(); - assert_eq!("ConfigBuilder { state: WantsVerifier { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3] } }", format!("{:?}", b)); } /// Test that the server handles combination of `offer_client_auth()` returning true @@ -532,8 +523,6 @@ fn server_allow_any_anonymous_or_authenticated_client() { .unwrap(); let server_config = server_config_builder() - .with_safe_default_protocol_versions() - .unwrap() .with_client_cert_verifier(client_auth) .with_single_cert(kt.get_chain(), kt.get_key()) .unwrap(); @@ -5081,16 +5070,12 @@ fn test_client_tls12_no_resume_after_server_downgrade() { let server_config_1 = Arc::new(common::finish_server_config( KeyType::Ed25519, - server_config_builder() - .with_protocol_versions(&[&rustls::version::TLS13]) - .unwrap(), + server_config_builder_with_versions(&[&rustls::version::TLS13]), )); let mut server_config_2 = common::finish_server_config( KeyType::Ed25519, - server_config_builder() - .with_protocol_versions(&[&rustls::version::TLS12]) - .unwrap(), + server_config_builder_with_versions(&[&rustls::version::TLS12]), ); server_config_2.session_storage = Arc::new(rustls::server::NoServerSessionStorage {}); diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 7822b73552..fc0152ea7c 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -42,8 +42,6 @@ fn server_config_with_verifier( client_cert_verifier: MockClientVerifier, ) -> ServerConfig { server_config_builder() - .with_safe_default_protocol_versions() - .unwrap() .with_client_cert_verifier(Arc::new(client_cert_verifier)) .with_single_cert(kt.get_chain(), kt.get_key()) .unwrap() diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 7de6fdbc07..f2d0946fac 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -267,7 +267,7 @@ impl KeyType { } } -pub fn server_config_builder() -> rustls::ConfigBuilder { +pub fn server_config_builder() -> rustls::ConfigBuilder { // ensure `ServerConfig::builder()` is covered, even though it is // equivalent to `builder_with_provider(provider::provider().into())`. #[cfg(feature = "ring")] @@ -277,10 +277,27 @@ pub fn server_config_builder() -> rustls::ConfigBuilder rustls::ConfigBuilder { +pub fn server_config_builder_with_versions( + versions: &[&'static rustls::SupportedProtocolVersion], +) -> rustls::ConfigBuilder { + #[cfg(feature = "ring")] + { + rustls::ServerConfig::builder_with_protocol_versions(versions) + } + #[cfg(not(feature = "ring"))] + { + rustls::ServerConfig::builder_with_provider(provider::default_provider().into()) + .with_protocol_versions(versions) + .unwrap() + } +} + +pub fn client_config_builder() -> rustls::ConfigBuilder { // ensure `ClientConfig::builder()` is covered, even though it is // equivalent to `builder_with_provider(provider::provider().into())`. #[cfg(feature = "ring")] @@ -291,6 +308,23 @@ pub fn client_config_builder() -> rustls::ConfigBuilder rustls::ConfigBuilder { + #[cfg(feature = "ring")] + { + rustls::ClientConfig::builder_with_protocol_versions(versions) + } + #[cfg(not(feature = "ring"))] + { + rustls::ClientConfig::builder_with_provider(provider::default_provider().into()) + .with_protocol_versions(versions) + .unwrap() } } @@ -304,24 +338,14 @@ pub fn finish_server_config( } pub fn make_server_config(kt: KeyType) -> ServerConfig { - finish_server_config( - kt, - server_config_builder() - .with_safe_default_protocol_versions() - .unwrap(), - ) + finish_server_config(kt, server_config_builder()) } pub fn make_server_config_with_versions( kt: KeyType, versions: &[&'static rustls::SupportedProtocolVersion], ) -> ServerConfig { - finish_server_config( - kt, - server_config_builder() - .with_protocol_versions(versions) - .unwrap(), - ) + finish_server_config(kt, server_config_builder_with_versions(versions)) } pub fn make_server_config_with_kx_groups( @@ -390,8 +414,6 @@ pub fn make_server_config_with_client_verifier( verifier_builder: ClientCertVerifierBuilder, ) -> ServerConfig { server_config_builder() - .with_safe_default_protocol_versions() - .unwrap() .with_client_cert_verifier(verifier_builder.build().unwrap()) .with_single_cert(kt.get_chain(), kt.get_key()) .unwrap() @@ -430,12 +452,7 @@ pub fn finish_client_config_with_creds( } pub fn make_client_config(kt: KeyType) -> ClientConfig { - finish_client_config( - kt, - client_config_builder() - .with_safe_default_protocol_versions() - .unwrap(), - ) + finish_client_config(kt, client_config_builder()) } pub fn make_client_config_with_kx_groups( @@ -458,38 +475,25 @@ pub fn make_client_config_with_versions( kt: KeyType, versions: &[&'static rustls::SupportedProtocolVersion], ) -> ClientConfig { - let builder = client_config_builder() - .with_protocol_versions(versions) - .unwrap(); - finish_client_config(kt, builder) + finish_client_config(kt, client_config_builder_with_versions(versions)) } pub fn make_client_config_with_auth(kt: KeyType) -> ClientConfig { - finish_client_config_with_creds( - kt, - client_config_builder() - .with_safe_default_protocol_versions() - .unwrap(), - ) + finish_client_config_with_creds(kt, client_config_builder()) } pub fn make_client_config_with_versions_with_auth( kt: KeyType, versions: &[&'static rustls::SupportedProtocolVersion], ) -> ClientConfig { - let builder = client_config_builder() - .with_protocol_versions(versions) - .unwrap(); - finish_client_config_with_creds(kt, builder) + finish_client_config_with_creds(kt, client_config_builder_with_versions(versions)) } pub fn make_client_config_with_verifier( versions: &[&'static rustls::SupportedProtocolVersion], verifier_builder: ServerCertVerifierBuilder, ) -> ClientConfig { - client_config_builder() - .with_protocol_versions(versions) - .unwrap() + client_config_builder_with_versions(versions) .dangerous() .with_custom_certificate_verifier(verifier_builder.build().unwrap()) .with_no_client_auth() From 90b20a2567f533c7f60f1770f7680e2e5b8b6206 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 30 Nov 2023 12:02:52 -0500 Subject: [PATCH 0476/1145] docs: update README project membership * Leadership -> membership. * Clarify roles per member. * List full-time members and funding source. * Add Josh Aas, project management. * Link to GitHub profiles. --- README.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 59797519b5..840a44f4bf 100644 --- a/README.md +++ b/README.md @@ -245,11 +245,18 @@ These are included as LICENSE-APACHE, LICENSE-MIT and LICENSE-ISC respectively. You may use this software under the terms of any of these licenses, at your option. -# Project Leadership - -- Joe Birr-Pixton (GitHub: @ctz) -- Dirkjan Ochtman (GitHub: @djc) -- Daniel McCarney (GitHub: @cpu) +# Project Membership + +- Joe Birr-Pixton ([@ctz], Project Founder - full-time funded by [Prossimo]) +- Dirkjan Ochtman ([@djc], Co-maintainer) +- Daniel McCarney ([@cpu], Co-maintainer - full-time funded by [Prossimo]) +- Josh Aas ([@bdaehlie], Project Management) + +[@ctz]: https://github.com/ctz +[@djc]: https://github.com/djc +[@cpu]: https://github.com/cpu +[@bdaehlie]: https://github.com/bdaehlie +[Prossimo]: https://www.memorysafety.org/initiative/rustls/ # Code of conduct From 58c2d26ed01b276c9cf71f90957b99cd330e4019 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Thu, 30 Nov 2023 09:36:01 -0800 Subject: [PATCH 0477/1145] api: move CipherSuiteCommon into crypto The top level of the crate is meant for "paved path" exports. In 0.21.x, this type was in `cipher_suites`, along with a few other types that got moved to specific crypto providers. Moving this to `crypto` instead of re-exporting under its old name in `cipher_suites` seems acceptable, because it will mainly be used in implementing crypto providers. Also, its internals have changed significantly so there is already churn for this type. --- provider-example/src/lib.rs | 4 ++-- rustls/src/crypto/mod.rs | 2 ++ rustls/src/lib.rs | 4 +--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index c2c07052ad..546ef0a37a 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -53,7 +53,7 @@ static ALL_CIPHER_SUITES: &[rustls::SupportedCipherSuite] = &[ pub static TLS13_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = rustls::SupportedCipherSuite::Tls13(&rustls::Tls13CipherSuite { - common: rustls::CipherSuiteCommon { + common: rustls::crypto::CipherSuiteCommon { suite: rustls::CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, hash_provider: &hash::Sha256, confidentiality_limit: u64::MAX, @@ -66,7 +66,7 @@ pub static TLS13_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = rustls::SupportedCipherSuite::Tls12(&rustls::Tls12CipherSuite { - common: rustls::CipherSuiteCommon { + common: rustls::crypto::CipherSuiteCommon { suite: rustls::CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, hash_provider: &hash::Sha256, confidentiality_limit: u64::MAX, diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index b4cd3dbd2b..1cc6cd3729 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -47,6 +47,8 @@ pub(crate) mod signer; pub use crate::rand::GetRandomFailed; +pub use crate::suites::CipherSuiteCommon; + pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// Controls core cryptography used by rustls. diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 56be836db8..2652adc3ff 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -437,9 +437,7 @@ pub use crate::key_log_file::KeyLogFile; pub use crate::msgs::enums::NamedGroup; pub use crate::msgs::handshake::DistinguishedName; pub use crate::stream::{Stream, StreamOwned}; -pub use crate::suites::{ - CipherSuiteCommon, ConnectionTrafficSecrets, ExtractedSecrets, SupportedCipherSuite, -}; +pub use crate::suites::{ConnectionTrafficSecrets, ExtractedSecrets, SupportedCipherSuite}; #[cfg(feature = "tls12")] pub use crate::tls12::Tls12CipherSuite; pub use crate::tls13::Tls13CipherSuite; From 303b3ff97d47e8802392d45217c8cf358e6ed879 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Tue, 28 Nov 2023 10:59:20 -0800 Subject: [PATCH 0478/1145] doc: add detail on UnexpectedEof Add documentation at the top level, and link to that documentation in the error message. --- rustls/src/conn.rs | 27 ++++++++++++++++++++------- rustls/src/manual/howto.rs | 17 +++++++++++++++++ 2 files changed, 37 insertions(+), 7 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 30e27de971..31c4db37ba 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -142,8 +142,8 @@ impl<'a> io::Read for Reader<'a> { /// connection, so the underlying TCP connection should be half-closed too. /// /// If the peer closes the TLS session uncleanly (a TCP EOF without sending a - /// `close_notify` alert) this function returns `Err(ErrorKind::UnexpectedEof.into())` - /// once any pending data has been read. + /// `close_notify` alert) this function returns a `std::io::Error` of type + /// `ErrorKind::UnexpectedEof` once any pending data has been read. /// /// Note that support for `close_notify` varies in peer TLS libraries: many do not /// support it and uncleanly close the TCP connection (this might be @@ -164,8 +164,13 @@ impl<'a> io::Read for Reader<'a> { // cleanly closed; don't care about TCP EOF: express this as Ok(0) (true, _) => {} // unclean closure - (false, true) => return Err(io::ErrorKind::UnexpectedEof.into()), - // connection still going, but need more data: signal `WouldBlock` so that + (false, true) => { + return Err(io::Error::new( + io::ErrorKind::UnexpectedEof, + UNEXPECTED_EOF_MESSAGE, + )) + } + // connection still going, but needs more data: signal `WouldBlock` so that // the caller knows this (false, false) => return Err(io::ErrorKind::WouldBlock.into()), } @@ -182,8 +187,8 @@ impl<'a> io::Read for Reader<'a> { /// should be half-closed too. /// /// If the peer closes the TLS session uncleanly (a TCP EOF without sending a - /// `close_notify` alert) this function returns `Err(ErrorKind::UnexpectedEof.into())` - /// once any pending data has been read. + /// `close_notify` alert) this function returns a `std::io::Error` of type + /// `ErrorKind::UnexpectedEof` once any pending data has been read. /// /// Note that support for `close_notify` varies in peer TLS libraries: many do not /// support it and uncleanly close the TCP connection (this might be @@ -208,7 +213,12 @@ impl<'a> io::Read for Reader<'a> { // cleanly closed; don't care about TCP EOF: express this as Ok(0) (true, _) => {} // unclean closure - (false, true) => return Err(io::ErrorKind::UnexpectedEof.into()), + (false, true) => { + return Err(io::Error::new( + io::ErrorKind::UnexpectedEof, + UNEXPECTED_EOF_MESSAGE, + )); + } // connection still going, but need more data: signal `WouldBlock` so that // the caller knows this (false, false) => return Err(io::ErrorKind::WouldBlock.into()), @@ -759,3 +769,6 @@ impl ConnectionCore { /// Data specific to the peer's side (client or server). pub trait SideData: Debug {} + +const UNEXPECTED_EOF_MESSAGE: &str = "peer closed connection without sending TLS close_notify: \ +https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eof"; diff --git a/rustls/src/manual/howto.rs b/rustls/src/manual/howto.rs index aa68a1e390..e0160deefd 100644 --- a/rustls/src/manual/howto.rs +++ b/rustls/src/manual/howto.rs @@ -33,4 +33,21 @@ Once you have these two pieces, configuring a server to use them involves, brief [^1]: For PKCS#8 it does not support password encryption -- there's not a meaningful threat model addressed by this, and the encryption supported is typically extremely poor. +# Unexpected EOF + +TLS has a `close_notify` mechanism to prevent truncation attacks[^2]. +According to the TLS RFCs, each party is required to send a `close_notify` message before +closing the write side of the connection. However, some implementations don't send it. +So long as the application layer protocol (for instance HTTP/2) has message length framing +and can reject truncated messages, this is not a security problem. + +Rustls treats an EOF without `close_notify` as an error of type `std::io::Error` with +`ErrorKind::UnexpectedEof`. In some situations it's appropriate for the application to handle +this error the same way it would handle a normal EOF (a read returning `Ok(0)`). In particular +if `UnexpectedEof` occurs on an idle connection it is appropriate to treat it the same way as a +clean shutdown. And if an application always uses messages with length framing (in other words, +messages are never delimited by the close of the TCP connection), it can unconditionally +ignore `UnexpectedEof` errors from rustls. + +[^2]: */ From 022042f17cf20765fdc953495fa0eb4a040e0682 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Thu, 30 Nov 2023 11:40:08 -0800 Subject: [PATCH 0479/1145] doc: make it easier to find changelog Many projects use CHANGELOG.md to convey their list of changes. Add a link there. In README.md, instead of describing "release history", use the "Changelog" terminology. --- CHANGELOG.md | 4 ++++ README.md | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000000..8f9bad952d --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,4 @@ +# Changelog + +The detailed list of changes in each release can be found at +https://github.com/rustls/rustls/releases. diff --git a/README.md b/README.md index 840a44f4bf..803a124c08 100644 --- a/README.md +++ b/README.md @@ -19,9 +19,10 @@ If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md). [![Documentation](https://docs.rs/rustls/badge.svg)](https://docs.rs/rustls/) [![Chat](https://img.shields.io/discord/976380008299917365?logo=discord)](https://discord.gg/MCSB76RU96) -## Release history +## Changelog -Release history can be found [on GitHub](https://github.com/rustls/rustls/releases). +The detailed list of changes in each release can be found at +https://github.com/rustls/rustls/releases. # Documentation From f83bc90969fa4f152b7bb4fd7c0faa1613aa4608 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Thu, 30 Nov 2023 12:45:18 -0800 Subject: [PATCH 0480/1145] Prf: document guarantees and take &mut [u8; 48] Also document at the call site for `for_key_exchange` why those guarantees are upheld. I didn't get far enough to document where those guarantees are upheld at the call sites for `for_secret`, but they are relied upon by one of the implementations: https://github.com/rustls/rustls/blob/303b3ff97d47e8802392d45217c8cf358e6ed879/rustls/src/crypto/aws_lc_rs/tls12.rs#L407-L412 --- rustls/src/crypto/aws_lc_rs/tls12.rs | 2 +- rustls/src/crypto/tls12.rs | 10 +++++++--- rustls/src/tls12/mod.rs | 7 +++++++ 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 967bc33fe8..66d906110d 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -418,7 +418,7 @@ impl Prf for Tls12Prf { fn for_key_exchange( &self, - output: &mut [u8], + output: &mut [u8; 48], kx: Box, peer_pub_key: &[u8], label: &[u8], diff --git a/rustls/src/crypto/tls12.rs b/rustls/src/crypto/tls12.rs index f9b2ca99cc..ea01b68d81 100644 --- a/rustls/src/crypto/tls12.rs +++ b/rustls/src/crypto/tls12.rs @@ -10,7 +10,7 @@ pub struct PrfUsingHmac<'a>(pub &'a dyn hmac::Hmac); impl<'a> Prf for PrfUsingHmac<'a> { fn for_key_exchange( &self, - output: &mut [u8], + output: &mut [u8; 48], kx: Box, peer_pub_key: &[u8], label: &[u8], @@ -47,10 +47,12 @@ pub trait Prf: Send + Sync { /// Completes the given key exchange, and then uses the resulting shared secret /// to compute the PRF, writing the result into `output`. /// - /// This can fail only if the key exchange fails. + /// The caller guarantees that `label`, `seed` are non-empty. The caller makes no + /// guarantees about the contents of `peer_pub_key`. It must be validated by + /// [`ActiveKeyExchange::complete`]. fn for_key_exchange( &self, - output: &mut [u8], + output: &mut [u8; 48], kx: Box, peer_pub_key: &[u8], label: &[u8], @@ -58,6 +60,8 @@ pub trait Prf: Send + Sync { ) -> Result<(), Error>; /// Computes `PRF(secret, label, seed)`, writing the result into `output`. + /// + /// The caller guarantees that `secret`, `label`, and `seed` are non-empty. fn for_secret(&self, output: &mut [u8], secret: &[u8], label: &[u8], seed: &[u8]); } diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 4a5593cca7..23dbcb345c 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -113,6 +113,10 @@ impl ConnectionSecrets { ), }; + // The API contract for for_key_exchange is that the caller guarantees `label` and `seed` + // slice parameters are non-empty. + // `label` is guaranteed non-empty because it's assigned from a `&str` above. + // `seed.as_ref()` is guaranteed non-empty by documentation on the AsRef impl. ret.suite .prf_provider .for_key_exchange( @@ -289,9 +293,12 @@ enum Seed { } impl AsRef<[u8]> for Seed { + /// This is guaranteed to return a non-empty slice. fn as_ref(&self) -> &[u8] { match self { + // seed is a hash::Output, which is a fixed, non-zero length array. Self::Ems(seed) => seed.as_ref(), + // randoms is a fixed, non-zero length array. Self::Randoms(randoms) => randoms.as_ref(), } } From b1f5fef16fac679b1ea17a18df57018f038b11e1 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Thu, 30 Nov 2023 11:52:16 -0800 Subject: [PATCH 0481/1145] api: use OtherError consistently `CertificateError` and `CertRevocationListError` both had an `Other` variant containing `Arc`, while `rustls::Error` used the newtype `OtherError`. Use `OtherError` in all three cases. Also, implement `StdError` and `Display` for `OtherError`, and specifically implement `source()` to return the underlying error. --- rustls/src/error.rs | 22 +++++++++++++++++----- rustls/src/webpki/mod.rs | 6 +++--- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 266153467f..062b54ec2c 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -340,7 +340,7 @@ pub enum CertificateError { /// not covered by the above common cases. /// /// Enums holding this variant will never compare equal to each other. - Other(Arc), + Other(OtherError), } impl PartialEq for CertificateError { @@ -417,7 +417,7 @@ pub enum CertRevocationListError { /// The CRL is invalid for some other reason. /// /// Enums holding this variant will never compare equal to each other. - Other(Arc), + Other(OtherError), /// The CRL is not correctly encoded. ParseError, @@ -523,7 +523,7 @@ impl fmt::Display for Error { write!(f, "the supplied max_fragment_size was too small or large") } Self::General(ref err) => write!(f, "unexpected error: {}", err), - Self::Other(ref err) => write!(f, "other error: {:?}", err), + Self::Other(ref err) => write!(f, "other error: {}", err), } } } @@ -564,6 +564,18 @@ impl From for Error { } } +impl fmt::Display for OtherError { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + write!(f, "{}", self.0) + } +} + +impl StdError for OtherError { + fn source(&self) -> Option<&(dyn StdError + 'static)> { + Some(self.0.as_ref()) + } +} + #[cfg(test)] mod tests { use super::{Error, InvalidMessage}; @@ -585,7 +597,7 @@ mod tests { ApplicationVerificationFailure, ApplicationVerificationFailure ); - let other = Other(alloc::sync::Arc::from(Box::from(""))); + let other = Other(OtherError(alloc::sync::Arc::from(Box::from("")))); assert_ne!(other, other); assert_ne!(BadEncoding, Expired); } @@ -606,7 +618,7 @@ mod tests { assert_eq!(UnsupportedDeltaCrl, UnsupportedDeltaCrl); assert_eq!(UnsupportedIndirectCrl, UnsupportedIndirectCrl); assert_eq!(UnsupportedRevocationReason, UnsupportedRevocationReason); - let other = Other(alloc::sync::Arc::from(Box::from(""))); + let other = Other(OtherError(alloc::sync::Arc::from(Box::from("")))); assert_ne!(other, other); assert_ne!(BadSignature, InvalidCrlNumber); } diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index b43cde512b..f275bd6d53 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -6,7 +6,7 @@ use pki_types::CertificateRevocationListDer; use std::error::Error as StdError; use webpki::{CertRevocationList, OwnedCertRevocationList}; -use crate::error::{CertRevocationListError, CertificateError, Error}; +use crate::error::{CertRevocationListError, CertificateError, Error, OtherError}; mod anchors; mod client_verifier; @@ -75,7 +75,7 @@ fn pki_error(error: webpki::Error) -> Error { CertRevocationListError::BadSignature.into() } - _ => CertificateError::Other(Arc::new(error)).into(), + _ => CertificateError::Other(OtherError(Arc::new(error))).into(), } } @@ -95,7 +95,7 @@ fn crl_error(e: webpki::Error) -> CertRevocationListError { UnsupportedIndirectCrl => CertRevocationListError::UnsupportedIndirectCrl, UnsupportedRevocationReason => CertRevocationListError::UnsupportedRevocationReason, - _ => CertRevocationListError::Other(Arc::new(e)), + _ => CertRevocationListError::Other(OtherError(Arc::new(e))), } } From cefd6c4bc6b1e60c7b329b2937e16b8f89a12057 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Thu, 30 Nov 2023 11:18:23 -0800 Subject: [PATCH 0482/1145] remove InvalidKeyError The per-provider key loading functions returned this singleton error, but it was usually then wrapped into Error::General("invalid private key"). That means the singleton error is unnecessary API surface, but also it means potentially valuable information is lost. Move the wrapping into `Error::General` to a lower level, add detail about which specific parsing operation failed, and pass along error details from the lower-level library. --- rustls/src/crypto/aws_lc_rs/mod.rs | 2 - rustls/src/crypto/ring/mod.rs | 2 - rustls/src/crypto/ring/sign.rs | 99 +++++++++++++++++++----------- 3 files changed, 62 insertions(+), 41 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index 19f8833c8d..cdb7e48120 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -9,7 +9,6 @@ use crate::Error; use pki_types::PrivateKeyDer; use webpki::aws_lc_rs as webpki_algs; -use alloc::string::String; use alloc::sync::Arc; // aws-lc-rs has a -- roughly -- ring-compatible API, so we just reuse all that @@ -64,7 +63,6 @@ impl KeyProvider for AwsLcRs { key_der: PrivateKeyDer<'static>, ) -> Result, Error> { sign::any_supported_type(&key_der) - .map_err(|_| Error::General(String::from("invalid private key"))) } } diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 4a66a41996..324b407ed5 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -9,7 +9,6 @@ use crate::Error; use pki_types::PrivateKeyDer; use webpki::ring as webpki_algs; -use alloc::borrow::ToOwned; use alloc::sync::Arc; pub(crate) use ring as ring_like; @@ -59,7 +58,6 @@ impl KeyProvider for Ring { key_der: PrivateKeyDer<'static>, ) -> Result, Error> { sign::any_supported_type(&key_der) - .map_err(|_| Error::General("invalid private key".to_owned())) } } diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index e915912ea1..130073ba5d 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -11,32 +11,40 @@ use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; use alloc::boxed::Box; +use alloc::format; use alloc::string::ToString; use alloc::sync::Arc; use alloc::vec; use alloc::vec::Vec; use core::fmt::{self, Debug, Formatter}; -use std::error::Error as StdError; /// Parse `der` as any supported key encoding/type, returning /// the first which works. -pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result, InvalidKeyError> { +pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result, Error> { if let Ok(rsa) = RsaSigningKey::new(der) { - Ok(Arc::new(rsa)) - } else if let Ok(ecdsa) = any_ecdsa_type(der) { - Ok(ecdsa) - } else if let PrivateKeyDer::Pkcs8(pkcs8) = der { - any_eddsa_type(pkcs8) - } else { - Err(InvalidKeyError(())) + return Ok(Arc::new(rsa)); } + + if let Ok(ecdsa) = any_ecdsa_type(der) { + return Ok(ecdsa); + } + + if let PrivateKeyDer::Pkcs8(pkcs8) = der { + if let Ok(eddsa) = any_eddsa_type(pkcs8) { + return Ok(eddsa); + } + } + + Err(Error::General( + "failed to parse private key as RSA, ECDSA, or EdDSA".into(), + )) } /// Parse `der` as any ECDSA key type, returning the first which works. /// /// Both SEC1 (PEM section starting with 'BEGIN EC PRIVATE KEY') and PKCS8 /// (PEM section starting with 'BEGIN PRIVATE KEY') encodings are supported. -pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result, InvalidKeyError> { +pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result, Error> { if let Ok(ecdsa_p256) = EcdsaSigningKey::new( der, SignatureScheme::ECDSA_NISTP256_SHA256, @@ -53,20 +61,18 @@ pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result, In return Ok(Arc::new(ecdsa_p384)); } - Err(InvalidKeyError(())) + Err(Error::General( + "failed to parse ECDSA private key as PKCS#8 or SEC1".into(), + )) } /// Parse `der` as any EdDSA key type, returning the first which works. -pub fn any_eddsa_type( - der: &PrivatePkcs8KeyDer<'_>, -) -> Result, InvalidKeyError> { - if let Ok(ed25519) = Ed25519SigningKey::new(der, SignatureScheme::ED25519) { - return Ok(Arc::new(ed25519)); - } - +pub fn any_eddsa_type(der: &PrivatePkcs8KeyDer<'_>) -> Result, Error> { // TODO: Add support for Ed448 - - Err(InvalidKeyError(())) + Ok(Arc::new(Ed25519SigningKey::new( + der, + SignatureScheme::ED25519, + )?)) } /// A `SigningKey` for RSA-PKCS1 or RSA-PSS. @@ -90,13 +96,19 @@ static ALL_RSA_SCHEMES: &[SignatureScheme] = &[ impl RsaSigningKey { /// Make a new `RsaSigningKey` from a DER encoding, in either /// PKCS#1 or PKCS#8 format. - pub fn new(der: &PrivateKeyDer<'_>) -> Result { + pub fn new(der: &PrivateKeyDer<'_>) -> Result { let key_pair = match der { PrivateKeyDer::Pkcs1(pkcs1) => RsaKeyPair::from_der(pkcs1.secret_pkcs1_der()), PrivateKeyDer::Pkcs8(pkcs8) => RsaKeyPair::from_pkcs8(pkcs8.secret_pkcs8_der()), - _ => return Err(InvalidKeyError(())), + _ => { + return Err(Error::General( + "failed to parse RSA private key as either PKCS#1 or PKCS#8".into(), + )); + } } - .map_err(|_| InvalidKeyError(()))?; + .map_err(|key_rejected| { + Error::General(format!("failed to parse RSA private key: {}", key_rejected)) + })?; Ok(Self { key: Arc::new(key_pair), @@ -333,13 +345,15 @@ struct Ed25519SigningKey { impl Ed25519SigningKey { /// Make a new `Ed25519SigningKey` from a DER encoding in PKCS#8 format, /// expecting a key usable with precisely the given signature scheme. - fn new(der: &PrivatePkcs8KeyDer<'_>, scheme: SignatureScheme) -> Result { + fn new(der: &PrivatePkcs8KeyDer<'_>, scheme: SignatureScheme) -> Result { match Ed25519KeyPair::from_pkcs8_maybe_unchecked(der.secret_pkcs8_der()) { Ok(key_pair) => Ok(Self { key: Arc::new(key_pair), scheme, }), - Err(_) => Err(InvalidKeyError(())), + Err(e) => Err(Error::General(format!( + "failed to parse Ed25519 private key: {e}" + ))), } } } @@ -392,18 +406,6 @@ impl Debug for Ed25519Signer { } } -/// Error produced when constructing a [`SigningKey`]. -#[derive(Debug)] -pub struct InvalidKeyError(()); - -impl fmt::Display for InvalidKeyError { - fn fmt(&self, f: &mut Formatter) -> fmt::Result { - f.write_str("error constructing key") - } -} - -impl StdError for InvalidKeyError {} - #[cfg(test)] mod tests { use super::*; @@ -474,6 +476,29 @@ mod tests { assert!(any_supported_type(&key).is_ok()); assert!(any_ecdsa_type(&key).is_err()); } + + #[test] + fn cannot_load_invalid_pkcs8_encoding() { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from(&b"invalid"[..])); + assert_eq!( + any_supported_type(&key).err(), + Some(Error::General( + "failed to parse private key as RSA, ECDSA, or EdDSA".into() + )) + ); + assert_eq!( + any_ecdsa_type(&key).err(), + Some(Error::General( + "failed to parse ECDSA private key as PKCS#8 or SEC1".into() + )) + ); + assert_eq!( + RsaSigningKey::new(&key).err(), + Some(Error::General( + "failed to parse RSA private key: InvalidEncoding".into() + )) + ); + } } #[cfg(bench)] From d0aef3a11c09d826b3cbd29e9bdd7ad9873425a5 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 1 Dec 2023 11:56:33 -0500 Subject: [PATCH 0483/1145] docs: fix stale ref. to CryptProvider being a trait --- README.md | 6 ++++-- rustls/src/lib.rs | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 803a124c08..8f2532e271 100644 --- a/README.md +++ b/README.md @@ -93,9 +93,11 @@ x86, x86-64, LoongArch64, 32-bit & 64-bit Little Endian MIPS, 32-bit PowerPC (Bi support WebAssembly. For more information, see [the supported `ring` target platforms][ring-target-platforms]. -By providing a custom implementation of the [`crate::crypto::CryptoProvider`] trait, you +By providing a custom instance of the [`crate::crypto::CryptoProvider`] struct, you can replace all cryptography dependencies of rustls. This is a route to being portable -to a wider set of architectures and environments, or compliance requirements. +to a wider set of architectures and environments, or compliance requirements. See the +[`crate::crypto::CryptoProvider`] documentation for more details. + Specifying `default-features = false` when depending on rustls will remove the dependency on *ring*. diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 2652adc3ff..2201e74184 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -63,9 +63,11 @@ //! support WebAssembly. //! For more information, see [the supported `ring` target platforms][ring-target-platforms]. //! -//! By providing a custom implementation of the [`crate::crypto::CryptoProvider`] trait, you +//! By providing a custom instance of the [`crate::crypto::CryptoProvider`] struct, you //! can replace all cryptography dependencies of rustls. This is a route to being portable -//! to a wider set of architectures and environments, or compliance requirements. +//! to a wider set of architectures and environments, or compliance requirements. See the +//! [`crate::crypto::CryptoProvider`] documentation for more details. +//! //! Specifying `default-features = false` when depending on rustls will remove the //! dependency on *ring*. //! From 5ec414c2661519bb0d4de870ad5892307b8ed0cc Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 1 Dec 2023 13:12:09 -0500 Subject: [PATCH 0484/1145] docs: describe webpki-roots as simplest, not recommended Also link to the crate. --- rustls/src/lib.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 2201e74184..eded70a284 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -110,7 +110,7 @@ //! This is the minimum you need to do to make a TLS client connection. //! //! First we load some root certificates. These are used to authenticate the server. -//! The recommended way is to depend on the `webpki_roots` crate which contains +//! The simplest way is to depend on the [`webpki_roots`] crate which contains //! the Mozilla set of root certificates. //! //! ```rust,no_run @@ -124,6 +124,8 @@ //! # } //! ``` //! +//! [`webpki_roots`]: https://crates.io/crates/webpki-roots +//! //! Next, we make a `ClientConfig`. You're likely to make one of these per process, //! and use it for all connections made by that process. //! From 4f5e24d84b1c454a4ddbd8ce0968589608778995 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 1 Dec 2023 12:00:56 -0500 Subject: [PATCH 0485/1145] docs: clarify tlsserver-mio/tlsclient-mio links * Use their proper filenames, with the `-mio` suffix. * Link to `mio` crate. --- rustls/src/lib.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index eded70a284..f6ae5620b7 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -231,9 +231,12 @@ //! ``` //! //! # Examples -//! [`tlsserver`](https://github.com/rustls/rustls/blob/main/examples/src/bin/tlsserver-mio.rs) -//! and [`tlsclient`](https://github.com/rustls/rustls/blob/main/examples/src/bin/tlsclient-mio.rs) -//! are full worked examples. These both use mio. +//! +//! [`tlsserver-mio`](https://github.com/rustls/rustls/blob/main/examples/src/bin/tlsserver-mio.rs) +//! and [`tlsclient-mio`](https://github.com/rustls/rustls/blob/main/examples/src/bin/tlsclient-mio.rs) +//! are full worked examples using [`mio`]. +//! +//! [`mio`]: https://docs.rs/mio/latest/mio/ //! //! # Crate features //! Here's a list of what features are exposed by the rustls crate and what From 50e43cebbb0a8462148f4f0383ffc96298ae0309 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 1 Dec 2023 12:03:20 -0500 Subject: [PATCH 0486/1145] docs: consistently describe default features Consistently describe te default features, include that *ring* is default enabled. --- rustls/src/lib.rs | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index f6ae5620b7..ff4b560b4b 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -242,28 +242,26 @@ //! Here's a list of what features are exposed by the rustls crate and what //! they mean. //! -//! - `logging`: this makes the rustls crate depend on the `log` crate. -//! rustls outputs interesting protocol-level messages at `trace!` and `debug!` -//! level, and protocol-level errors at `warn!` and `error!` level. The log -//! messages do not contain secret key data, and so are safe to archive without -//! affecting session security. This feature is in the default set. -//! -//! - `tls12`: enables support for TLS version 1.2. This feature is in the default -//! set. Note that, due to the additive nature of Cargo features and because it -//! is enabled by default, other crates in your dependency graph could re-enable -//! it for your application. If you want to disable TLS 1.2 for security reasons, -//! consider explicitly enabling TLS 1.3 only in the config builder API. -//! -//! - `read_buf`: When building with Rust Nightly, adds support for the unstable +//! - `logging` (enabled by default): make the rustls crate depend on the `log` crate. +//! rustls outputs interesting protocol-level messages at `trace!` and `debug!` level, +//! and protocol-level errors at `warn!` and `error!` level. The log messages do not +//! contain secret key data, and so are safe to archive without affecting session security. +//! +//! - `tls12` (enabled by default): enable support for TLS version 1.2. Note that, due to the +//! additive nature of Cargo features and because it is enabled by default, other crates +//! in your dependency graph could re-enable it for your application. If you want to disable +//! TLS 1.2 for security reasons, consider explicitly enabling TLS 1.3 only in the config +//! builder API. +//! +//! - `read_buf`: when building with Rust Nightly, adds support for the unstable //! `std::io::ReadBuf` and related APIs. This reduces costs from initializing //! buffers. Will do nothing on non-Nightly releases. //! -//! - `ring`: this makes the rustls crate depend on the *ring* crate, -//! which is used for cryptography by default -//! Without this feature, these items must be provided externally to the core -//! rustls crate: see [`crate::crypto::CryptoProvider`]. +//! - `ring` (enabled by default): makes the rustls crate depend on the *ring* crate, which is +//! used for cryptography by default. Without this feature, these items must be provided +//! externally to the core rustls crate: see [`crate::crypto::CryptoProvider`]. //! -//! - `aws_lc_rs`: this makes the rustls crate depend on the aws-lc-rs crate, +//! - `aws_lc_rs`: makes the rustls crate depend on the aws-lc-rs crate, //! which can be used for cryptography as an alternative to *ring*. //! Use `rustls::crypto::aws_lc_rs::default_provider()` as a `CryptoProvider` //! when making a `ClientConfig` or `ServerConfig` to use aws-lc-rs From e7cb24fe4ed65d61513894a1ba5e655858674e15 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 1 Dec 2023 13:04:11 -0500 Subject: [PATCH 0487/1145] docs: re-order feature descriptions This puts ring, aws-lc-rs, and the tls12 features up front. They're likely more interesting than the logging and read_buf features that are increasingly niche. --- rustls/src/lib.rs | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index ff4b560b4b..0c03a43800 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -242,21 +242,6 @@ //! Here's a list of what features are exposed by the rustls crate and what //! they mean. //! -//! - `logging` (enabled by default): make the rustls crate depend on the `log` crate. -//! rustls outputs interesting protocol-level messages at `trace!` and `debug!` level, -//! and protocol-level errors at `warn!` and `error!` level. The log messages do not -//! contain secret key data, and so are safe to archive without affecting session security. -//! -//! - `tls12` (enabled by default): enable support for TLS version 1.2. Note that, due to the -//! additive nature of Cargo features and because it is enabled by default, other crates -//! in your dependency graph could re-enable it for your application. If you want to disable -//! TLS 1.2 for security reasons, consider explicitly enabling TLS 1.3 only in the config -//! builder API. -//! -//! - `read_buf`: when building with Rust Nightly, adds support for the unstable -//! `std::io::ReadBuf` and related APIs. This reduces costs from initializing -//! buffers. Will do nothing on non-Nightly releases. -//! //! - `ring` (enabled by default): makes the rustls crate depend on the *ring* crate, which is //! used for cryptography by default. Without this feature, these items must be provided //! externally to the core rustls crate: see [`crate::crypto::CryptoProvider`]. @@ -268,6 +253,22 @@ //! //! Note that aws-lc-rs has additional build-time dependencies like cmake. //! See [the documentation](https://aws.github.io/aws-lc-rs/requirements/index.html) for details. +//! +//! - `tls12` (enabled by default): enable support for TLS version 1.2. Note that, due to the +//! additive nature of Cargo features and because it is enabled by default, other crates +//! in your dependency graph could re-enable it for your application. If you want to disable +//! TLS 1.2 for security reasons, consider explicitly enabling TLS 1.3 only in the config +//! builder API. +//! +//! - `logging` (enabled by default): make the rustls crate depend on the `log` crate. +//! rustls outputs interesting protocol-level messages at `trace!` and `debug!` level, +//! and protocol-level errors at `warn!` and `error!` level. The log messages do not +//! contain secret key data, and so are safe to archive without affecting session security. +//! +//! - `read_buf`: when building with Rust Nightly, adds support for the unstable +//! `std::io::ReadBuf` and related APIs. This reduces costs from initializing +//! buffers. Will do nothing on non-Nightly releases. +//! // Require docs for public APIs, deny unsafe code, etc. #![forbid(unsafe_code, unused_must_use)] From a572b301f50a3aca307bf96b94052c0f3b8679a3 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 1 Dec 2023 12:10:34 -0500 Subject: [PATCH 0488/1145] msgs: docstrings for KeyExchangeAlgorithms This type appears in the 'crypto' mod docs without any accompanying text. This commit adds some. --- rustls/src/msgs/handshake.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 316690f178..a0fb927390 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1475,9 +1475,11 @@ impl CertificatePayloadTls13 { } } +/// Describes supported key exchange mechanisms. #[derive(Clone, Copy, Debug, PartialEq)] #[non_exhaustive] pub enum KeyExchangeAlgorithm { + /// Key exchange performed via elliptic curve Diffie-Hellman. ECDHE, } From e34d46d46d02c0a022e160c7cb9dd545876685cf Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 1 Dec 2023 12:13:59 -0500 Subject: [PATCH 0489/1145] docs: link to SupportedKxGroup for ActiveKeyExchange doc --- rustls/src/crypto/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 1cc6cd3729..295d1be8c3 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -234,7 +234,7 @@ pub trait SupportedKxGroup: Send + Sync + Debug { fn name(&self) -> NamedGroup; } -/// An in-progress key exchange originating from a `SupportedKxGroup`. +/// An in-progress key exchange originating from a [`SupportedKxGroup`]. pub trait ActiveKeyExchange: Send + Sync { /// Completes the key exchange, given the peer's public key. /// From 822f86e822fe8c07e24aa836ca30df1ef827a2c8 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 1 Dec 2023 12:14:45 -0500 Subject: [PATCH 0490/1145] docs: link to ActiveKeyExchange::complete from SharedSecret Also drops "as a value". --- rustls/src/crypto/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 295d1be8c3..be08a4ecf0 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -258,7 +258,7 @@ pub trait ActiveKeyExchange: Send + Sync { fn group(&self) -> NamedGroup; } -/// The result from `ActiveKeyExchange::complete` as a value. +/// The result from [`ActiveKeyExchange::complete`]. pub struct SharedSecret(Vec); impl SharedSecret { From 553f400785f1725c4d02511632a3053652cb9416 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 1 Dec 2023 12:15:36 -0500 Subject: [PATCH 0491/1145] docs: link to SignatureSchemes from WebPkiSupportedAlgorithms --- rustls/src/webpki/verify.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 17c26874d5..957b5657af 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -52,7 +52,7 @@ pub fn verify_server_name( } /// Describes which `webpki` signature verification algorithms are supported and -/// how they map to TLS `SignatureScheme`s. +/// how they map to TLS [`SignatureScheme`]s. #[derive(Clone, Copy)] #[allow(unreachable_pub)] pub struct WebPkiSupportedAlgorithms { From 381dcf99ee621c239125c05feb5bee57b8a269cc Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 30 Nov 2023 16:31:45 +0000 Subject: [PATCH 0492/1145] Update dependencies --- Cargo.lock | 32 ++++++++++++++++---------------- ci-bench/Cargo.toml | 4 ++-- examples/Cargo.toml | 6 +++--- fuzz/Cargo.lock | 8 ++++---- fuzz/Cargo.toml | 2 +- provider-example/Cargo.toml | 6 +++--- rustls/Cargo.toml | 8 ++++---- 7 files changed, 33 insertions(+), 33 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f2bd59002d..39c09db692 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1732,12 +1732,12 @@ dependencies = [ "env_logger", "log", "ring 0.17.5", - "rustls-pemfile 2.0.0-alpha.2", + "rustls-pemfile 2.0.0", "rustls-pki-types", - "rustls-webpki 0.102.0-alpha.8", + "rustls-webpki 0.102.0", "rustversion", "subtle", - "webpki-roots 0.26.0-alpha.2", + "webpki-roots 0.26.0", "zeroize", ] @@ -1753,7 +1753,7 @@ dependencies = [ "itertools", "rayon", "rustls 0.22.0-alpha.6", - "rustls-pemfile 2.0.0-alpha.2", + "rustls-pemfile 2.0.0", "rustls-pki-types", ] @@ -1777,11 +1777,11 @@ dependencies = [ "mio", "rcgen", "rustls 0.22.0-alpha.6", - "rustls-pemfile 2.0.0-alpha.2", + "rustls-pemfile 2.0.0", "rustls-pki-types", "serde", "serde_derive", - "webpki-roots 0.26.0-alpha.2", + "webpki-roots 0.26.0", ] [[package]] @@ -1795,9 +1795,9 @@ dependencies = [ [[package]] name = "rustls-pemfile" -version = "2.0.0-alpha.2" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e9975e1f0807681e097d288d545dc40c98a4d3a6ef95a40b18d00e5e4daa9a4" +checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4" dependencies = [ "base64", "rustls-pki-types", @@ -1805,9 +1805,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "0.2.3" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0d3edd6cdcdf26eda538757038343986e666d0b8ba4b5ac1de663b78475550d" +checksum = "eb0a1f9b9efec70d32e6d6aa3e58ebd88c3754ec98dfe9145c63cf54cc829b83" [[package]] name = "rustls-provider-example" @@ -1829,12 +1829,12 @@ dependencies = [ "rsa", "rustls 0.22.0-alpha.6", "rustls-pki-types", - "rustls-webpki 0.102.0-alpha.8", + "rustls-webpki 0.102.0", "serde", "serde_json", "sha2", "signature", - "webpki-roots 0.26.0-alpha.2", + "webpki-roots 0.26.0", "x25519-dalek", ] @@ -1850,9 +1850,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.102.0-alpha.8" +version = "0.102.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "139cdfd1d8b96f927fbe0a0c98785afe94b63e95a7ef815ebae9263d20e10a0d" +checksum = "de2635c8bc2b88d367767c5de8ea1d8db9af3f6219eba28442242d9ab81d1b89" dependencies = [ "aws-lc-rs", "ring 0.17.5", @@ -2346,9 +2346,9 @@ checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10" [[package]] name = "webpki-roots" -version = "0.26.0-alpha.2" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87e3d99d80231fabcc72d887ed09f843b7f3942c75907285e51112a46c8f6f81" +checksum = "0de2cfda980f21be5a7ed2eadb3e6fe074d56022bea2cdeb1a62eb220fc04188" dependencies = [ "rustls-pki-types", ] diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index a44e9f57f6..f02958bde2 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -13,7 +13,7 @@ byteorder = "1.4.3" clap = { version = "4.3.21", features = ["derive"] } fxhash = "0.2.1" itertools = "0.12" -pki-types = { package = "rustls-pki-types", version = "0.2" } +pki-types = { package = "rustls-pki-types", version = "1" } rayon = "1.7.0" rustls = { path = "../rustls", features = ["ring", "aws_lc_rs"] } -rustls-pemfile = "=2.0.0-alpha.2" +rustls-pemfile = "2" diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 11fa6c79ca..62ee8e9972 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -11,10 +11,10 @@ docopt = "~1.1" env_logger = "0.10" log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } -pki-types = { package = "rustls-pki-types", version = "0.2.2", features = ["std"] } +pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } rcgen = { version = "0.11.3", features = ["pem"], default-features = false } rustls = { path = "../rustls", features = [ "logging" ]} -rustls-pemfile = "=2.0.0-alpha.2" +rustls-pemfile = "2" serde = "1.0" serde_derive = "1.0" -webpki-roots = "=0.26.0-alpha.2" +webpki-roots = "0.26" diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 76d416ca89..08c6364592 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -92,15 +92,15 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "0.2.2" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cdf0cbc2bc68777eb846b2b7fedf03807bb763adc585bf006ac2fa2884daa9d1" +checksum = "eb0a1f9b9efec70d32e6d6aa3e58ebd88c3754ec98dfe9145c63cf54cc829b83" [[package]] name = "rustls-webpki" -version = "0.102.0-alpha.8" +version = "0.102.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "139cdfd1d8b96f927fbe0a0c98785afe94b63e95a7ef815ebae9263d20e10a0d" +checksum = "de2635c8bc2b88d367767c5de8ea1d8db9af3f6219eba28442242d9ab81d1b89" dependencies = [ "ring", "rustls-pki-types", diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index f3f70b7089..0a69488be1 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -10,7 +10,7 @@ cargo-fuzz = true [dependencies] libfuzzer-sys = { git = "https://github.com/rust-fuzz/libfuzzer-sys.git" } -pki-types = { package = "rustls-pki-types", version = "0.2.2" } +pki-types = { package = "rustls-pki-types", version = "1" } rustls = { path = "../rustls" } # Prevent this from interfering with workspaces diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 1091418e9a..f1668d57b5 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -17,14 +17,14 @@ hpke-rs-crypto = "0.1.2" hpke-rs-rust-crypto = "0.1.2" p256 = "0.13.2" pkcs8 = { version = "0.10.2", features = ["std"] } -pki-types = { package = "rustls-pki-types", version = "0.2.2", features = ["std"] } +pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } rand_core = "0.6.0" rustls = { path = "../rustls", default-features = false, features = ["logging", "tls12"] } rsa = { version = "0.9.0", features = ["sha2"] } sha2 = "0.10.0" signature = "2" -webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.8", features = ["alloc", "std"], default-features = false } -webpki-roots = "=0.26.0-alpha.2" +webpki = { package = "rustls-webpki", version = "0.102", features = ["alloc", "std"], default-features = false } +webpki-roots = "0.26" x25519-dalek = "2" [dev-dependencies] diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index bef4739da7..cada755dff 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -20,8 +20,8 @@ aws-lc-rs = { version = "1.5", optional = true } log = { version = "0.4.4", optional = true } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } -webpki = { package = "rustls-webpki", version = "=0.102.0-alpha.8", features = ["std"], default-features = false } -pki-types = { package = "rustls-pki-types", version = "0.2.2", features = ["std"] } +webpki = { package = "rustls-webpki", version = "0.102", features = ["std"], default-features = false } +pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } zeroize = "1.6.0" [features] @@ -37,8 +37,8 @@ base64 = "0.21" bencher = "0.1.5" env_logger = "0.10" log = "0.4.4" -rustls-pemfile = "=2.0.0-alpha.2" -webpki-roots = "=0.26.0-alpha.2" +rustls-pemfile = "2" +webpki-roots = "0.26" [[example]] name = "bogo_shim" From 4d1b762b5328a1714862ba73ec72d5522fe0c049 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 30 Nov 2023 18:22:21 +0000 Subject: [PATCH 0493/1145] Bump version to 0.22.0 --- Cargo.lock | 10 +++++----- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 39c09db692..ac41ee0132 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1724,7 +1724,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.22.0-alpha.6" +version = "0.22.0" dependencies = [ "aws-lc-rs", "base64", @@ -1752,7 +1752,7 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls 0.22.0-alpha.6", + "rustls 0.22.0", "rustls-pemfile 2.0.0", "rustls-pki-types", ] @@ -1764,7 +1764,7 @@ dependencies = [ "hickory-resolver", "regex", "ring 0.17.5", - "rustls 0.22.0-alpha.6", + "rustls 0.22.0", ] [[package]] @@ -1776,7 +1776,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.22.0-alpha.6", + "rustls 0.22.0", "rustls-pemfile 2.0.0", "rustls-pki-types", "serde", @@ -1827,7 +1827,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.22.0-alpha.6", + "rustls 0.22.0", "rustls-pki-types", "rustls-webpki 0.102.0", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 08c6364592..f1540fc75e 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -71,7 +71,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.22.0-alpha.6" +version = "0.22.0" dependencies = [ "log", "ring", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index cada755dff..bc8b5e7786 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.22.0-alpha.6" +version = "0.22.0" edition = "2021" rust-version = "1.61" license = "Apache-2.0 OR ISC OR MIT" From 74321cfbb140443cc5a6491eb4ac0dabc10309fa Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 4 Dec 2023 09:26:30 +0100 Subject: [PATCH 0494/1145] Update semver-compatible dependencies --- Cargo.lock | 184 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 125 insertions(+), 59 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ac41ee0132..61e0eba2d7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -96,7 +96,7 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b" dependencies = [ - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -106,7 +106,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f0699d10d2f4d628a98ee7b57b289abbc98ff3bad977cb3152709d4bf2330628" dependencies = [ "anstyle", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -331,9 +331,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.8" +version = "4.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2275f18819641850fa26c89acc84d465c1bf91ce57bc2748b28c420473352f64" +checksum = "41fffed7514f420abec6d183b1d3acfd9099c79c3a10a06ade4f8203f1411272" dependencies = [ "clap_builder", "clap_derive", @@ -341,9 +341,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.8" +version = "4.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07cdf1b148b25c1e1f7a42225e30a0d99a615cd4637eae7365548dd4529b95bc" +checksum = "63361bae7eef3771745f02d8d892bec2fee5f6e34af316ba556e7f97a7069ff1" dependencies = [ "anstream", "anstyle", @@ -523,9 +523,9 @@ dependencies = [ [[package]] name = "deranged" -version = "0.3.9" +version = "0.3.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f32d04922c60427da6f9fef14d042d9edddef64cb9d4ce0d64d0685fbeb1fd3" +checksum = "8eb30d70a07a3b04884d2677f06bec33509dc67ca60d92949e5535352d3191dc" dependencies = [ "powerfmt", ] @@ -643,12 +643,12 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.7" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f258a7194e7f7c2a7837a8913aeab7fd8c383457034fa20ce4dd3dcb813e8eb8" +checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -922,7 +922,7 @@ version = "0.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb" dependencies = [ - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -1043,7 +1043,7 @@ checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f" dependencies = [ "socket2", "widestring", - "windows-sys", + "windows-sys 0.48.0", "winreg", ] @@ -1061,7 +1061,7 @@ checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" dependencies = [ "hermit-abi", "rustix", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -1081,9 +1081,9 @@ checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" [[package]] name = "js-sys" -version = "0.3.65" +version = "0.3.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54c0c35952f67de54bb584e9fd912b3023117cbafc0a77d8f3dee1fb5f572fe8" +checksum = "cee9c64da59eae3b50095c18d3e74f8b73c0b86d2792824ff01bbce68ba229ca" dependencies = [ "wasm-bindgen", ] @@ -1133,9 +1133,9 @@ checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" [[package]] name = "linux-raw-sys" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "969488b55f8ac402214f3f5fd243ebb7206cf82de60d3172994707a4bcc2b829" +checksum = "c4cd1a83af159aa67994778be9070f0ae1bd732942279cabb14f86f986a21456" [[package]] name = "lock_api" @@ -1207,7 +1207,7 @@ dependencies = [ "libc", "log", "wasi", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -1349,7 +1349,7 @@ dependencies = [ "libc", "redox_syscall", "smallvec", - "windows-targets", + "windows-targets 0.48.5", ] [[package]] @@ -1643,23 +1643,23 @@ dependencies = [ [[package]] name = "ring" -version = "0.17.5" +version = "0.17.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b" +checksum = "684d5e6e18f669ccebf64a92236bb7db9a34f07be010e3627368182027180866" dependencies = [ "cc", "getrandom", "libc", "spin 0.9.8", "untrusted 0.9.0", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] name = "rsa" -version = "0.9.4" +version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a3211b01eea83d80687da9eef70e39d65144a3894866a5153a2723e425a157f" +checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc" dependencies = [ "const-oid", "digest 0.10.7", @@ -1699,15 +1699,15 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.25" +version = "0.38.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc99bc2d4f1fed22595588a013687477aedf3cdcfb26558c559edb67b4d9b22e" +checksum = "9470c4bf8246c8daf25f9598dca807fb6510347b1e1cfa55749113850c79d88a" dependencies = [ "bitflags 2.4.1", "errno", "libc", "linux-raw-sys", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -1717,7 +1717,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "629648aced5775d558af50b2b4c7b02983a04b312126d45eeead26e7caa498b9" dependencies = [ "log", - "ring 0.17.5", + "ring 0.17.6", "rustls-webpki 0.101.7", "sct", ] @@ -1731,7 +1731,7 @@ dependencies = [ "bencher", "env_logger", "log", - "ring 0.17.5", + "ring 0.17.6", "rustls-pemfile 2.0.0", "rustls-pki-types", "rustls-webpki 0.102.0", @@ -1763,7 +1763,7 @@ version = "0.0.1" dependencies = [ "hickory-resolver", "regex", - "ring 0.17.5", + "ring 0.17.6", "rustls 0.22.0", ] @@ -1844,7 +1844,7 @@ version = "0.101.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ - "ring 0.17.5", + "ring 0.17.6", "untrusted 0.9.0", ] @@ -1855,7 +1855,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "de2635c8bc2b88d367767c5de8ea1d8db9af3f6219eba28442242d9ab81d1b89" dependencies = [ "aws-lc-rs", - "ring 0.17.5", + "ring 0.17.6", "rustls-pki-types", "untrusted 0.9.0", ] @@ -1884,7 +1884,7 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ - "ring 0.17.5", + "ring 0.17.6", "untrusted 0.9.0", ] @@ -1988,7 +1988,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -2005,9 +2005,9 @@ checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" [[package]] name = "spki" -version = "0.7.2" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" dependencies = [ "base64ct", "der", @@ -2138,7 +2138,7 @@ dependencies = [ "num_cpus", "pin-project-lite", "socket2", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -2276,9 +2276,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.88" +version = "0.2.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7daec296f25a1bae309c0cd5c29c4b260e510e6d813c286b19eaadf409d40fce" +checksum = "0ed0d4f68a3015cc185aff4db9506a015f4b96f95303897bfa23f846db54064e" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -2286,9 +2286,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.88" +version = "0.2.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e397f4664c0e4e428e8313a469aaa58310d302159845980fd23b0f22a847f217" +checksum = "1b56f625e64f3a1084ded111c4d5f477df9f8c92df113852fa5a374dbda78826" dependencies = [ "bumpalo", "log", @@ -2301,9 +2301,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.88" +version = "0.2.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5961017b3b08ad5f3fe39f1e79877f8ee7c23c5e5fd5eb80de95abc41f1f16b2" +checksum = "0162dbf37223cd2afce98f3d0785506dcb8d266223983e4b5b525859e6e182b2" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2311,9 +2311,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.88" +version = "0.2.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5353b8dab669f5e10f5bd76df26a9360c748f054f862ff5f3f8aae0c7fb3907" +checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" dependencies = [ "proc-macro2", "quote", @@ -2324,15 +2324,15 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.88" +version = "0.2.89" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d046c5d029ba91a1ed14da14dca44b68bf2f124cfbaf741c54151fdb3e0750b" +checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f" [[package]] name = "web-sys" -version = "0.3.65" +version = "0.3.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5db499c5f66323272151db0e666cd34f78617522fb0c1604d31a27c50c206a85" +checksum = "50c24a44ec86bb68fbecd1b3efed7e85ea5621b39b35ef2766b66cd984f8010f" dependencies = [ "js-sys", "wasm-bindgen", @@ -2408,7 +2408,16 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" dependencies = [ - "windows-targets", + "windows-targets 0.48.5", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.0", ] [[package]] @@ -2417,13 +2426,28 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", + "windows_aarch64_gnullvm 0.48.5", + "windows_aarch64_msvc 0.48.5", + "windows_i686_gnu 0.48.5", + "windows_i686_msvc 0.48.5", + "windows_x86_64_gnu 0.48.5", + "windows_x86_64_gnullvm 0.48.5", + "windows_x86_64_msvc 0.48.5", +] + +[[package]] +name = "windows-targets" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +dependencies = [ + "windows_aarch64_gnullvm 0.52.0", + "windows_aarch64_msvc 0.52.0", + "windows_i686_gnu 0.52.0", + "windows_i686_msvc 0.52.0", + "windows_x86_64_gnu 0.52.0", + "windows_x86_64_gnullvm 0.52.0", + "windows_x86_64_msvc 0.52.0", ] [[package]] @@ -2432,42 +2456,84 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" + [[package]] name = "windows_aarch64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" + [[package]] name = "windows_i686_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +[[package]] +name = "windows_i686_gnu" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" + [[package]] name = "windows_i686_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +[[package]] +name = "windows_i686_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" + [[package]] name = "windows_x86_64_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" + [[package]] name = "windows_x86_64_gnullvm" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" + [[package]] name = "windows_x86_64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" + [[package]] name = "winreg" version = "0.50.0" @@ -2475,7 +2541,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" dependencies = [ "cfg-if", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] From 6845c013cb60dd3bbbe00f4ffaaf98f13fbef45c Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Fri, 1 Dec 2023 12:02:29 -0800 Subject: [PATCH 0495/1145] doc: remove `crate::` prefix for links Instead, use `#[cfg(doc)]` to conditionally import names that we want to use in the docs. This provides a user-friendlier link name. --- README.md | 5 +-- rustls/src/builder.rs | 5 ++- rustls/src/client/client_conn.rs | 9 +++-- rustls/src/crypto/mod.rs | 50 ++++++++++++++++------------ rustls/src/key_log.rs | 5 ++- rustls/src/lib.rs | 10 ++++-- rustls/src/server/server_conn.rs | 7 ++-- rustls/src/webpki/client_verifier.rs | 19 +++++++---- rustls/src/webpki/server_verifier.rs | 11 +++--- 9 files changed, 78 insertions(+), 43 deletions(-) diff --git a/README.md b/README.md index 8f2532e271..28498df7cf 100644 --- a/README.md +++ b/README.md @@ -93,10 +93,10 @@ x86, x86-64, LoongArch64, 32-bit & 64-bit Little Endian MIPS, 32-bit PowerPC (Bi support WebAssembly. For more information, see [the supported `ring` target platforms][ring-target-platforms]. -By providing a custom instance of the [`crate::crypto::CryptoProvider`] struct, you +By providing a custom instance of the [`crypto::CryptoProvider`] struct, you can replace all cryptography dependencies of rustls. This is a route to being portable to a wider set of architectures and environments, or compliance requirements. See the -[`crate::crypto::CryptoProvider`] documentation for more details. +[`crypto::CryptoProvider`] documentation for more details. Specifying `default-features = false` when depending on rustls will remove the dependency on *ring*. @@ -104,6 +104,7 @@ dependency on *ring*. Rustls requires Rust 1.61 or later. [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 +[crypto::CryptoProvider]: https://docs.rs/rustls/latest/rustls/crypto/trait.CryptoProvider.html # Example code There are two example programs which use diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 26de3adb09..a3acb23c4b 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -7,6 +7,9 @@ use core::fmt; use core::marker::PhantomData; use std::sync::Arc; +#[cfg(doc)] +use crate::{ClientConfig, ServerConfig}; + /// A [builder] for [`ServerConfig`] or [`ClientConfig`] values. /// /// To get one of these, call [`ServerConfig::builder()`] or [`ClientConfig::builder()`]. @@ -19,7 +22,7 @@ use std::sync::Arc; /// For settings besides these, see the fields of [`ServerConfig`] and [`ClientConfig`]. /// /// The usual choice for protocol primitives is to call -/// [`crate::ClientConfig::builder`]/[`ServerConfig::builder`] +/// [`ClientConfig::builder`]/[`ServerConfig::builder`] /// which will use rustls' default cryptographic provider and safe defaults for ciphersuites and /// supported protocol versions. /// diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 40213e13ef..dd11959fba 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -30,6 +30,9 @@ use core::mem; use core::ops::{Deref, DerefMut}; use std::io; +#[cfg(doc)] +use crate::{crypto, DistinguishedName}; + /// A trait for the ability to store client session data, so that sessions /// can be resumed in future connections. /// @@ -103,7 +106,7 @@ pub trait ResolvesClientCert: fmt::Debug + Send + Sync { /// decide on a client certificate the server is likely to accept. If /// the list is empty, the client should send whatever certificate it /// has. The hints are expected to be DER-encoded X.500 distinguished names, - /// per [RFC 5280 A.1]. See [`crate::DistinguishedName`] for more information + /// per [RFC 5280 A.1]. See [`DistinguishedName`] for more information /// on decoding with external crates like `x509-parser`. /// /// `sigschemes` is the list of the [`SignatureScheme`]s the server @@ -235,7 +238,7 @@ impl Clone for ClientConfig { impl ClientConfig { /// Create a builder for a client configuration with the default - /// [`CryptoProvider`]: [`crate::crypto::ring::default_provider`] and safe ciphersuite and + /// [`CryptoProvider`]: [`crypto::ring::default_provider`] and safe ciphersuite and /// protocol defaults. /// /// For more information, see the [`ConfigBuilder`] documentation. @@ -248,7 +251,7 @@ impl ClientConfig { } /// Create a builder for a client configuration with the default - /// [`CryptoProvider`]: [`crate::crypto::ring::default_provider`], safe ciphersuite defaults and + /// [`CryptoProvider`]: [`crypto::ring::default_provider`], safe ciphersuite defaults and /// the provided protocol versions. /// /// Panics if provided an empty slice of supported versions. diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index be08a4ecf0..563005e5a5 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -10,6 +10,14 @@ use core::fmt::Debug; use pki_types::PrivateKeyDer; use zeroize::Zeroize; +#[cfg(all(doc, feature = "tls12"))] +use crate::Tls12CipherSuite; +#[cfg(doc)] +use crate::{ + client, crypto, server, sign, ClientConfig, ConfigBuilder, ServerConfig, SupportedCipherSuite, + Tls13CipherSuite, +}; + pub use crate::webpki::{ verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms, }; @@ -56,10 +64,10 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// This crate comes with two built-in options, provided as /// `CryptoProvider` structures: /// -/// - [`crate::crypto::ring::default_provider`]: (behind the `ring` crate feature, which +/// - [`crypto::ring::default_provider`]: (behind the `ring` crate feature, which /// is enabled by default). This provider uses the [*ring*](https://github.com/briansmith/ring) /// crate. -/// - [`crate::crypto::aws_lc_rs::default_provider`]: (behind the `aws_lc_rs` feature, +/// - [`crypto::aws_lc_rs::default_provider`]: (behind the `aws_lc_rs` feature, /// which is optional). This provider uses the [aws-lc-rs](https://github.com/aws/aws-lc-rs) /// crate. /// @@ -68,20 +76,20 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// /// # Using a specific `CryptoProvider` /// -/// Supply the provider when constructing your [`crate::ClientConfig`] or [`crate::ServerConfig`]: +/// Supply the provider when constructing your [`ClientConfig`] or [`ServerConfig`]: /// -/// - [`crate::ClientConfig::builder_with_provider()`] -/// - [`crate::ServerConfig::builder_with_provider()`] +/// - [`ClientConfig::builder_with_provider()`] +/// - [`ServerConfig::builder_with_provider()`] /// /// When creating and configuring a webpki-backed client or server certificate verifier, a choice of /// provider is also needed to start the configuration process: /// -/// - [`crate::client::WebPkiServerVerifier::builder_with_provider()`] -/// - [`crate::server::WebPkiClientVerifier::builder_with_provider()`] +/// - [`client::WebPkiServerVerifier::builder_with_provider()`] +/// - [`server::WebPkiClientVerifier::builder_with_provider()`] /// /// # Making a custom `CryptoProvider` /// -/// Your goal will be to populate a [`crate::crypto::CryptoProvider`] struct instance. +/// Your goal will be to populate a [`crypto::CryptoProvider`] struct instance. /// /// ## Which elements are required? /// @@ -91,7 +99,7 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// provider (dynamically). /// /// For example, if we want to make a provider that just overrides key loading in the config builder -/// API ([`crate::ConfigBuilder::with_single_cert`] etc.), it might look like this: +/// API ([`ConfigBuilder::with_single_cert`] etc.), it might look like this: /// /// ``` /// # #[cfg(feature = "ring")] { @@ -121,13 +129,13 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// /// The elements are documented separately: /// -/// - **Random** - see [`crate::crypto::SecureRandom::fill()`]. -/// - **Cipher suites** - see [`crate::SupportedCipherSuite`], [`crate::Tls12CipherSuite`], and -/// [`crate::Tls13CipherSuite`]. -/// - **Key exchange groups** - see [`crate::crypto::SupportedKxGroup`]. -/// - **Signature verification algorithms** - see [`crate::crypto::WebPkiSupportedAlgorithms`]. -/// - **Authentication key loading** - see [`crate::crypto::KeyProvider::load_private_key()`] and -/// [`crate::sign::SigningKey`]. +/// - **Random** - see [`crypto::SecureRandom::fill()`]. +/// - **Cipher suites** - see [`SupportedCipherSuite`], [`Tls12CipherSuite`], and +/// [`Tls13CipherSuite`]. +/// - **Key exchange groups** - see [`crypto::SupportedKxGroup`]. +/// - **Signature verification algorithms** - see [`crypto::WebPkiSupportedAlgorithms`]. +/// - **Authentication key loading** - see [`crypto::KeyProvider::load_private_key()`] and +/// [`sign::SigningKey`]. /// /// # Example code /// @@ -166,9 +174,9 @@ pub struct CryptoProvider { /// /// These are used for both certificate chain verification and handshake signature verification. /// - /// This is called by [`crate::ConfigBuilder::with_root_certificates()`], - /// [`crate::server::WebPkiClientVerifier::builder_with_provider()`] and - /// [`crate::client::WebPkiServerVerifier::builder_with_provider()`]. + /// This is called by [`ConfigBuilder::with_root_certificates()`], + /// [`server::WebPkiClientVerifier::builder_with_provider()`] and + /// [`client::WebPkiServerVerifier::builder_with_provider()`]. pub signature_verification_algorithms: WebPkiSupportedAlgorithms, /// Source of cryptographically secure random numbers. @@ -197,8 +205,8 @@ pub trait SecureRandom: Send + Sync + Debug { pub trait KeyProvider: Send + Sync + Debug { /// Decode and validate a private signing key from `key_der`. /// - /// This is used by [`crate::ConfigBuilder::with_client_auth_cert()`], [`crate::ConfigBuilder::with_single_cert()`], - /// and [`crate::ConfigBuilder::with_single_cert_with_ocsp()`]. The key types and formats supported by this + /// This is used by [`ConfigBuilder::with_client_auth_cert()`], [`ConfigBuilder::with_single_cert()`], + /// and [`ConfigBuilder::with_single_cert_with_ocsp()`]. The key types and formats supported by this /// function directly defines the key types and formats supported in those APIs. /// /// Return an error if the key type encoding is not supported, or if the key fails validation. diff --git a/rustls/src/key_log.rs b/rustls/src/key_log.rs index 677d206db4..bca28b6697 100644 --- a/rustls/src/key_log.rs +++ b/rustls/src/key_log.rs @@ -1,5 +1,8 @@ use core::fmt::Debug; +#[cfg(doc)] +use crate::KeyLogFile; + /// This trait represents the ability to do something useful /// with key material, such as logging it to a file for debugging. /// @@ -10,7 +13,7 @@ use core::fmt::Debug; /// You'll likely want some interior mutability in your /// implementation to make this useful. /// -/// See [`KeyLogFile`](crate::KeyLogFile) that implements the standard +/// See [`KeyLogFile`] that implements the standard /// `SSLKEYLOGFILE` environment variable behaviour. pub trait KeyLog: Debug + Send + Sync { /// Log the given `secret`. `client_random` is provided for diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 0c03a43800..957d3abb9c 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -63,10 +63,10 @@ //! support WebAssembly. //! For more information, see [the supported `ring` target platforms][ring-target-platforms]. //! -//! By providing a custom instance of the [`crate::crypto::CryptoProvider`] struct, you +//! By providing a custom instance of the [`crypto::CryptoProvider`] struct, you //! can replace all cryptography dependencies of rustls. This is a route to being portable //! to a wider set of architectures and environments, or compliance requirements. See the -//! [`crate::crypto::CryptoProvider`] documentation for more details. +//! [`crypto::CryptoProvider`] documentation for more details. //! //! Specifying `default-features = false` when depending on rustls will remove the //! dependency on *ring*. @@ -74,6 +74,7 @@ //! Rustls requires Rust 1.61 or later. //! //! [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 +//! [crypto::CryptoProvider]: https://docs.rs/rustls/latest/rustls/crypto/trait.CryptoProvider.html //! //! ## Design Overview //! ### Rustls does not take care of network IO @@ -244,7 +245,7 @@ //! //! - `ring` (enabled by default): makes the rustls crate depend on the *ring* crate, which is //! used for cryptography by default. Without this feature, these items must be provided -//! externally to the core rustls crate: see [`crate::crypto::CryptoProvider`]. +//! externally to the core rustls crate: see [`CryptoProvider`]. //! //! - `aws_lc_rs`: makes the rustls crate depend on the aws-lc-rs crate, //! which can be used for cryptography as an alternative to *ring*. @@ -333,6 +334,9 @@ extern crate std; #[allow(unused_extern_crates)] extern crate test; +#[cfg(doc)] +use crate::crypto::CryptoProvider; + // log for logging (optional). #[cfg(feature = "logging")] use log; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 898e5c77f4..4c6e9f5eb0 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -32,6 +32,9 @@ use core::marker::PhantomData; use core::ops::{Deref, DerefMut}; use std::io; +#[cfg(doc)] +use crate::crypto; + /// A trait for the ability to store server session data. /// /// The keys and values are opaque. @@ -338,7 +341,7 @@ impl Clone for ServerConfig { impl ServerConfig { /// Create a builder for a server configuration with the default - /// [`CryptoProvider`]: [`crate::crypto::ring::default_provider`] and safe ciphersuite and protocol + /// [`CryptoProvider`]: [`crypto::ring::default_provider`] and safe ciphersuite and protocol /// defaults. /// /// For more information, see the [`ConfigBuilder`] documentation. @@ -351,7 +354,7 @@ impl ServerConfig { } /// Create a builder for a server configuration with the default - /// [`CryptoProvider`]: [`crate::crypto::ring::default_provider`], safe ciphersuite defaults and + /// [`CryptoProvider`]: [`crypto::ring::default_provider`], safe ciphersuite defaults and /// the provided protocol versions. /// /// Panics if provided an empty slice of supported versions. diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 0e6cf8b7d4..1264e598b5 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -14,6 +14,13 @@ use crate::webpki::parse_crls; use crate::webpki::verify::{verify_tls12_signature, verify_tls13_signature, ParsedCertificate}; use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme}; +#[cfg(doc)] +use crate::crypto; +#[cfg(doc)] +use crate::server::ServerConfig; +#[cfg(doc)] +use crate::ConfigBuilder; + /// A builder for configuring a `webpki` client certificate verifier. /// /// For more information, see the [`WebPkiClientVerifier`] documentation. @@ -138,11 +145,11 @@ impl ClientCertVerifierBuilder { /// certificate authentication offer with a client certificate. /// /// If `with_signature_verification_algorithms` was not called on the builder, a default set of - /// signature verification algorithms is used, controlled by the selected [`crate::crypto::CryptoProvider`]. + /// signature verification algorithms is used, controlled by the selected [`CryptoProvider`]. /// /// Once built, the provided `Arc` can be used with a Rustls - /// [crate::server::ServerConfig] to configure client certificate validation using - /// [`with_client_cert_verifier`][crate::ConfigBuilder::with_client_cert_verifier]. + /// [`ServerConfig`] to configure client certificate validation using + /// [`with_client_cert_verifier`][ConfigBuilder::with_client_cert_verifier]. /// /// # Errors /// This function will return a `ClientCertVerifierBuilderError` if: @@ -168,8 +175,8 @@ impl ClientCertVerifierBuilder { /// A client certificate verifier that uses the `webpki` crate[^1] to perform client certificate /// validation. It must be created via the [WebPkiClientVerifier::builder()] function. /// -/// Once built, the provided `Arc` can be used with a Rustls [crate::server::ServerConfig] -/// to configure client certificate validation using [`with_client_cert_verifier`][crate::ConfigBuilder::with_client_cert_verifier]. +/// Once built, the provided `Arc` can be used with a Rustls [`ServerConfig`] +/// to configure client certificate validation using [`with_client_cert_verifier`][ConfigBuilder::with_client_cert_verifier]. /// /// Example: /// @@ -242,7 +249,7 @@ impl WebPkiClientVerifier { /// will be verified using the trust anchors found in the provided `roots`. If you /// wish to disable client authentication use [WebPkiClientVerifier::no_client_auth()] instead. /// - /// The cryptography used comes from the default [`CryptoProvider`]: [`crate::crypto::ring::default_provider`]. + /// The cryptography used comes from the default [`CryptoProvider`]: [`crypto::ring::default_provider`]. /// Use [`Self::builder_with_provider`] if you wish to customize this. /// /// For more information, see the [`ClientCertVerifierBuilder`] documentation. diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 3e9319cc3a..dd17531ab0 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -17,6 +17,9 @@ use crate::webpki::verify::{ use crate::webpki::{parse_crls, verify_server_name, VerifierBuilderError}; use crate::{Error, RootCertStore, SignatureScheme}; +#[cfg(doc)] +use crate::{crypto, ConfigBuilder, ServerConfig}; + /// A builder for configuring a `webpki` server certificate verifier. /// /// For more information, see the [`WebPkiServerVerifier`] documentation. @@ -85,11 +88,11 @@ impl ServerCertVerifierBuilder { /// trust anchors, and to control how server certificate revocation checking is performed. /// /// If `with_signature_verification_algorithms` was not called on the builder, a default set of - /// signature verification algorithms is used, controlled by the selected [`crate::crypto::CryptoProvider`]. + /// signature verification algorithms is used, controlled by the selected [`crypto::CryptoProvider`]. /// /// Once built, the provided `Arc` can be used with a Rustls - /// [crate::server::ServerConfig] to configure client certificate validation using - /// [`with_client_cert_verifier`][crate::ConfigBuilder::with_client_cert_verifier]. + /// [`ServerConfig`] to configure client certificate validation using + /// [`with_client_cert_verifier`][ConfigBuilder::with_client_cert_verifier]. /// /// # Errors /// This function will return a `CertVerifierBuilderError` if: @@ -129,7 +132,7 @@ impl WebPkiServerVerifier { /// /// Server certificates will be verified using the trust anchors found in the provided `roots`. /// - /// The cryptography used comes from the default [`CryptoProvider`]: [`crate::crypto::ring::default_provider`]. + /// The cryptography used comes from the default [`CryptoProvider`]: [`crypto::ring::default_provider`]. /// Use [`Self::builder_with_provider`] if you wish to customize this. /// /// For more information, see the [`ServerCertVerifierBuilder`] documentation. From e051f5c1723511a7413a621051e192405387190c Mon Sep 17 00:00:00 2001 From: girlbuzz <149207799+girlbuzz@users.noreply.github.com> Date: Tue, 5 Dec 2023 09:25:02 -0500 Subject: [PATCH 0496/1145] minor fix: fix comment that incorrectly says "google.com" instead of "rust-lang.org" (#1667) fix inaccurate comment --- examples/src/bin/simpleclient.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index e0e2d436d8..9044144262 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -1,6 +1,6 @@ //! This is the simplest possible client using rustls that does something useful: //! it accepts the default configuration, loads some root certs, and then connects -//! to google.com and issues a basic HTTP request. The response is printed to stdout. +//! to rust-lang.org and issues a basic HTTP request. The response is printed to stdout. //! //! It makes use of rustls::Stream to treat the underlying TLS connection as a basic //! bi-directional stream -- the underlying IO is performed transparently. From d6790d4b0fb50a70a243ff96bf1504029ed466a7 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Tue, 28 Nov 2023 17:16:49 +0100 Subject: [PATCH 0497/1145] provider-example: switch to core prelude in preparation for no-std support --- provider-example/src/aead.rs | 3 +++ provider-example/src/hash.rs | 2 ++ provider-example/src/hmac.rs | 2 ++ provider-example/src/hpke.rs | 6 ++++-- provider-example/src/kx.rs | 2 ++ provider-example/src/lib.rs | 7 ++++++- provider-example/src/sign.rs | 4 +++- 7 files changed, 22 insertions(+), 4 deletions(-) diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index 117648c258..f17536d84b 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -1,3 +1,6 @@ +use alloc::boxed::Box; +use alloc::vec::Vec; + use chacha20poly1305::{AeadInPlace, KeyInit, KeySizeUser}; use rustls::crypto::cipher::{self, AeadKey, Iv, UnsupportedOperationError, NONCE_LEN}; use rustls::{ConnectionTrafficSecrets, ContentType, ProtocolVersion}; diff --git a/provider-example/src/hash.rs b/provider-example/src/hash.rs index 87dd2adb09..4f28b0f2e4 100644 --- a/provider-example/src/hash.rs +++ b/provider-example/src/hash.rs @@ -1,3 +1,5 @@ +use alloc::boxed::Box; + use rustls::crypto::hash; use sha2::Digest; diff --git a/provider-example/src/hmac.rs b/provider-example/src/hmac.rs index 92fb0fcf7b..763dd71e09 100644 --- a/provider-example/src/hmac.rs +++ b/provider-example/src/hmac.rs @@ -1,3 +1,5 @@ +use alloc::boxed::Box; + use hmac::{Hmac, Mac}; use rustls::crypto; use sha2::{Digest, Sha256}; diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index 2bdad42f0a..225fbe10ec 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -1,6 +1,8 @@ +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec::Vec; +use core::fmt::{Debug, Formatter}; use std::error::Error as StdError; -use std::fmt::{Debug, Formatter}; -use std::sync::Arc; use hpke_rs_crypto::types::{AeadAlgorithm, KdfAlgorithm, KemAlgorithm}; use hpke_rs_crypto::HpkeCrypto; diff --git a/provider-example/src/kx.rs b/provider-example/src/kx.rs index 42584e6911..93e1540db3 100644 --- a/provider-example/src/kx.rs +++ b/provider-example/src/kx.rs @@ -1,3 +1,5 @@ +use alloc::boxed::Box; + use crypto::SupportedKxGroup; use rustls::crypto; diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 546ef0a37a..49d534dbdd 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -1,4 +1,9 @@ -use std::sync::Arc; +#![no_std] + +extern crate alloc; +extern crate std; + +use alloc::sync::Arc; use pki_types::PrivateKeyDer; use rustls::crypto::CryptoProvider; diff --git a/provider-example/src/sign.rs b/provider-example/src/sign.rs index 047bdb32e8..638668b7ef 100644 --- a/provider-example/src/sign.rs +++ b/provider-example/src/sign.rs @@ -1,4 +1,6 @@ -use std::sync::Arc; +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec::Vec; use pkcs8::DecodePrivateKey; use pki_types::PrivateKeyDer; From 8647315c6a2b099452e44063423e259f6853c6c6 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Tue, 28 Nov 2023 17:19:05 +0100 Subject: [PATCH 0498/1145] put deps used only by examples under dev-dependencies --- provider-example/Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index f1668d57b5..6320ba6dd3 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -10,7 +10,6 @@ publish = false chacha20poly1305 = "0.10.0" der = "0.7.0" ecdsa = "0.16.8" -env_logger = "0.10" hmac = "0.12.0" hpke-rs = "0.1.2" hpke-rs-crypto = "0.1.2" @@ -24,11 +23,12 @@ rsa = { version = "0.9.0", features = ["sha2"] } sha2 = "0.10.0" signature = "2" webpki = { package = "rustls-webpki", version = "0.102", features = ["alloc", "std"], default-features = false } -webpki-roots = "0.26" x25519-dalek = "2" [dev-dependencies] +env_logger = "0.10" hex = "0.4.3" rcgen = "0.11.1" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" +webpki-roots = "=0.26.0" From 57c5e19ac9eee9dcd29af75e83ac9274db17a6ef Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Tue, 28 Nov 2023 17:21:09 +0100 Subject: [PATCH 0499/1145] disable unused Cargo features that use libstd API --- provider-example/Cargo.toml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 6320ba6dd3..9ef6db1146 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -7,22 +7,22 @@ description = "Example of rustls with custom crypto provider." publish = false [dependencies] -chacha20poly1305 = "0.10.0" +chacha20poly1305 = { version = "0.10.0", default-features = false, features = ["alloc"] } der = "0.7.0" ecdsa = "0.16.8" hmac = "0.12.0" hpke-rs = "0.1.2" hpke-rs-crypto = "0.1.2" hpke-rs-rust-crypto = "0.1.2" -p256 = "0.13.2" -pkcs8 = { version = "0.10.2", features = ["std"] } -pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } +p256 = { version = "0.13.2", default-features = false, features = ["alloc", "ecdsa", "pkcs8"] } +pkcs8 = { version = "0.10.2" } +pki-types = { package = "rustls-pki-types", version = "1" } rand_core = "0.6.0" rustls = { path = "../rustls", default-features = false, features = ["logging", "tls12"] } -rsa = { version = "0.9.0", features = ["sha2"] } -sha2 = "0.10.0" +rsa = { version = "0.9.0", features = ["sha2"], default-features = false } +sha2 = { version = "0.10.0", default-features = false } signature = "2" -webpki = { package = "rustls-webpki", version = "0.102", features = ["alloc", "std"], default-features = false } +webpki = { package = "rustls-webpki", version = "0.102", features = ["alloc"], default-features = false } x25519-dalek = "2" [dev-dependencies] From be41a034a900acf62bc489b3f46c866c6d5903b8 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Tue, 28 Nov 2023 17:30:50 +0100 Subject: [PATCH 0500/1145] introduce a "std" Cargo feature --- Cargo.lock | 112 +++++------------------------------ provider-example/Cargo.toml | 18 ++++-- provider-example/src/hpke.rs | 5 ++ provider-example/src/lib.rs | 12 +++- 4 files changed, 43 insertions(+), 104 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 61e0eba2d7..a996b923a6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -451,7 +451,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" dependencies = [ "generic-array", - "rand_core", "typenum", ] @@ -491,19 +490,6 @@ dependencies = [ "syn", ] -[[package]] -name = "curve25519-dalek-ng" -version = "4.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c359b7249347e46fb28804470d071c921156ad62b3eef5d34e2ba867533dec8" -dependencies = [ - "byteorder", - "digest 0.9.0", - "rand_core", - "subtle-ng", - "zeroize", -] - [[package]] name = "data-encoding" version = "2.5.0" @@ -517,7 +503,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" dependencies = [ "const-oid", - "pem-rfc7468", "zeroize", ] @@ -530,15 +515,6 @@ dependencies = [ "powerfmt", ] -[[package]] -name = "digest" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" -dependencies = [ - "generic-array", -] - [[package]] name = "digest" version = "0.10.7" @@ -576,7 +552,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" dependencies = [ "der", - "digest 0.10.7", + "digest", "elliptic-curve", "rfc6979", "signature", @@ -597,12 +573,11 @@ checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" dependencies = [ "base16ct", "crypto-bigint", - "digest 0.10.7", + "digest", "ff", "generic-array", "group", "hkdf", - "pem-rfc7468", "pkcs8", "rand_core", "sec1", @@ -761,10 +736,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" dependencies = [ "cfg-if", - "js-sys", "libc", "wasi", - "wasm-bindgen", ] [[package]] @@ -913,7 +886,7 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest 0.10.7", + "digest", ] [[package]] @@ -938,9 +911,9 @@ dependencies = [ [[package]] name = "hpke-rs" -version = "0.1.2" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40d78d066f8d487fa69d5c3f92f98c11e2540796d213016d107fe86eabf9f26b" +checksum = "e11bd4ee27b79fa1820e72ef8489cc729c87299ec3f7f52b8fc8dcb87cb2d485" dependencies = [ "hpke-rs-crypto", "log", @@ -949,34 +922,29 @@ dependencies = [ [[package]] name = "hpke-rs-crypto" -version = "0.1.3" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79df748353d9cee46d565f591d0039973a6554f8ef026b2647ab1ef2b64b91df" +checksum = "1c3f1ae0a26c18d6469a70db1217136056261c4a244b09a755bc60bd4e055b67" dependencies = [ - "getrandom", - "rand", - "serde", - "serde_json", - "tls_codec", + "rand_core", ] [[package]] name = "hpke-rs-rust-crypto" -version = "0.1.3" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1d6fcfe6949aedbacad5aedb2f8ef9f054a142510e8f4f7355a4ccb3f5bd01f" +checksum = "a08d4500baf0aced746723d3515d08212bdb9d941df6d1aca3d46d1619b2a1cf" dependencies = [ "aes-gcm", "chacha20poly1305", - "getrandom", "hkdf", "hpke-rs-crypto", "p256", "p384", - "rand", "rand_chacha", + "rand_core", "sha2", - "x25519-dalek-ng", + "x25519-dalek", ] [[package]] @@ -1323,10 +1291,8 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" dependencies = [ - "ecdsa", "elliptic-curve", "primeorder", - "sha2", ] [[package]] @@ -1374,15 +1340,6 @@ dependencies = [ "serde", ] -[[package]] -name = "pem-rfc7468" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" -dependencies = [ - "base64ct", -] - [[package]] name = "percent-encoding" version = "2.3.1" @@ -1662,7 +1619,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc" dependencies = [ "const-oid", - "digest 0.10.7", + "digest", "num-bigint-dig", "num-integer", "num-traits", @@ -1947,7 +1904,7 @@ checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" dependencies = [ "cfg-if", "cpufeatures", - "digest 0.10.7", + "digest", ] [[package]] @@ -1962,7 +1919,7 @@ version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" dependencies = [ - "digest 0.10.7", + "digest", "rand_core", ] @@ -2025,12 +1982,6 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" -[[package]] -name = "subtle-ng" -version = "2.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "734676eb262c623cec13c3155096e08d1f8f29adce39ba17948b18dad1e54142" - [[package]] name = "syn" version = "2.0.39" @@ -2104,27 +2055,6 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" -[[package]] -name = "tls_codec" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d38a1d5fcfa859f0ec2b5e111dc903890bd7dac7f34713232bf9aa4fd7cad7b2" -dependencies = [ - "tls_codec_derive", - "zeroize", -] - -[[package]] -name = "tls_codec_derive" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8e00e3e7a54e0f1c8834ce72ed49c8487fbd3f801d8cfe1a0ad0640382f8e15" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "tokio" version = "1.34.0" @@ -2556,18 +2486,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "x25519-dalek-ng" -version = "1.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf7074de8999662970c3c4c8f7f30925028dd8f4ca31ad4c055efa9cdf2ec326" -dependencies = [ - "curve25519-dalek-ng", - "rand", - "rand_core", - "zeroize", -] - [[package]] name = "yasna" version = "0.5.2" diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 9ef6db1146..6ead0c9703 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -11,13 +11,13 @@ chacha20poly1305 = { version = "0.10.0", default-features = false, features = [" der = "0.7.0" ecdsa = "0.16.8" hmac = "0.12.0" -hpke-rs = "0.1.2" -hpke-rs-crypto = "0.1.2" -hpke-rs-rust-crypto = "0.1.2" +hpke-rs = "0.2.0" +hpke-rs-crypto = "0.2.0" +hpke-rs-rust-crypto = "0.2.0" p256 = { version = "0.13.2", default-features = false, features = ["alloc", "ecdsa", "pkcs8"] } -pkcs8 = { version = "0.10.2" } +pkcs8 = "0.10.2" pki-types = { package = "rustls-pki-types", version = "1" } -rand_core = "0.6.0" +rand_core = { version = "0.6.0", features = ["getrandom"] } rustls = { path = "../rustls", default-features = false, features = ["logging", "tls12"] } rsa = { version = "0.9.0", features = ["sha2"], default-features = false } sha2 = { version = "0.10.0", default-features = false } @@ -32,3 +32,11 @@ rcgen = "0.11.1" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" webpki-roots = "=0.26.0" + +[features] +default = ["std"] +std = ["hpke-rs/std", "hpke-rs-crypto/std", "pkcs8/std"] + +[[test]] +name = "hpke" +required-features = ["std"] diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index 225fbe10ec..21eabb5f86 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -91,6 +91,11 @@ impl Hpke for HpkeRs { } } +#[cfg(feature = "std")] fn other_err(err: impl StdError + Send + Sync + 'static) -> Error { Error::Other(OtherError(Arc::new(err))) } +#[cfg(not(feature = "std"))] +fn other_err(err: impl Send + Sync + 'static) -> Error { + Error::General(alloc::format!("{}", err)); +} diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 49d534dbdd..e5d88f90bd 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -1,6 +1,7 @@ #![no_std] extern crate alloc; +#[cfg(feature = "std")] extern crate std; use alloc::sync::Arc; @@ -11,11 +12,13 @@ use rustls::crypto::CryptoProvider; mod aead; mod hash; mod hmac; +#[cfg(feature = "std")] mod hpke; mod kx; mod sign; mod verify; +#[cfg(feature = "std")] pub use hpke::HPKE_PROVIDER; pub fn provider() -> CryptoProvider { @@ -45,8 +48,13 @@ impl rustls::crypto::KeyProvider for Provider { &self, key_der: PrivateKeyDer<'static>, ) -> Result, rustls::Error> { - let key = sign::EcdsaSigningKeyP256::try_from(key_der) - .map_err(|err| rustls::OtherError(Arc::new(err)))?; + let key = sign::EcdsaSigningKeyP256::try_from(key_der).map_err(|err| { + #[cfg(feature = "std")] + let err = rustls::OtherError(Arc::new(err)); + #[cfg(not(feature = "std"))] + let err = rustls::Error::General(alloc::format!("{}", err)); + err + })?; Ok(Arc::new(key)) } } From f7c12c02c0c8224247dd68ed41dddcdd3897edbd Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Tue, 28 Nov 2023 17:36:31 +0100 Subject: [PATCH 0501/1145] CI: build provider-example in no-std mode --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c61076669b..45cb7f51d1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -59,6 +59,9 @@ jobs: - name: cargo build (debug; rustls-provider-example) run: cargo build --locked -p rustls-provider-example + - name: cargo build (debug; rustls-provider-example lib in no-std mode) + run: cargo build --locked -p rustls-provider-example --no-default-features + msrv: name: MSRV runs-on: ubuntu-20.04 From 8a72972425ba6c548cf7199842f0c601dd63866f Mon Sep 17 00:00:00 2001 From: aashish Date: Tue, 5 Dec 2023 16:36:40 -0500 Subject: [PATCH 0502/1145] doc: fix outdated documentation --- rustls/src/verify.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 5bba0a3281..be2637626c 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -149,7 +149,7 @@ pub trait ClientCertVerifier: Debug + Send + Sync { /// Return `true` to require a client certificate and `false` to make /// client authentication optional. - /// Defaults to `Some(self.offer_client_auth())`. + /// Defaults to `self.offer_client_auth()`. fn client_auth_mandatory(&self) -> bool { self.offer_client_auth() } From c9836a61a25b9ac7af35b29e04aa7f984059047d Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 6 Dec 2023 14:15:14 +0100 Subject: [PATCH 0503/1145] provider-example: minor tweaks, mostly stylistic --- provider-example/Cargo.toml | 2 +- provider-example/src/hpke.rs | 1 + provider-example/src/lib.rs | 17 +++++++++-------- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 6ead0c9703..7e7a7dae2c 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -31,7 +31,7 @@ hex = "0.4.3" rcgen = "0.11.1" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" -webpki-roots = "=0.26.0" +webpki-roots = "0.26" [features] default = ["std"] diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index 21eabb5f86..d7183a51ae 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -95,6 +95,7 @@ impl Hpke for HpkeRs { fn other_err(err: impl StdError + Send + Sync + 'static) -> Error { Error::Other(OtherError(Arc::new(err))) } + #[cfg(not(feature = "std"))] fn other_err(err: impl Send + Sync + 'static) -> Error { Error::General(alloc::format!("{}", err)); diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index e5d88f90bd..48008ef218 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -48,14 +48,15 @@ impl rustls::crypto::KeyProvider for Provider { &self, key_der: PrivateKeyDer<'static>, ) -> Result, rustls::Error> { - let key = sign::EcdsaSigningKeyP256::try_from(key_der).map_err(|err| { - #[cfg(feature = "std")] - let err = rustls::OtherError(Arc::new(err)); - #[cfg(not(feature = "std"))] - let err = rustls::Error::General(alloc::format!("{}", err)); - err - })?; - Ok(Arc::new(key)) + Ok(Arc::new( + sign::EcdsaSigningKeyP256::try_from(key_der).map_err(|err| { + #[cfg(feature = "std")] + let err = rustls::OtherError(Arc::new(err)); + #[cfg(not(feature = "std"))] + let err = rustls::Error::General(alloc::format!("{}", err)); + err + })?, + )) } } From 85eed3a6ca61682b957b24cb714ce0933d133dd7 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 6 Dec 2023 14:16:45 +0100 Subject: [PATCH 0504/1145] provider-example: consistently format versions --- provider-example/Cargo.toml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 7e7a7dae2c..0588400dc6 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -7,20 +7,20 @@ description = "Example of rustls with custom crypto provider." publish = false [dependencies] -chacha20poly1305 = { version = "0.10.0", default-features = false, features = ["alloc"] } -der = "0.7.0" +chacha20poly1305 = { version = "0.10", default-features = false, features = ["alloc"] } +der = "0.7" ecdsa = "0.16.8" -hmac = "0.12.0" -hpke-rs = "0.2.0" -hpke-rs-crypto = "0.2.0" -hpke-rs-rust-crypto = "0.2.0" +hmac = "0.12" +hpke-rs = "0.2" +hpke-rs-crypto = "0.2" +hpke-rs-rust-crypto = "0.2" p256 = { version = "0.13.2", default-features = false, features = ["alloc", "ecdsa", "pkcs8"] } pkcs8 = "0.10.2" pki-types = { package = "rustls-pki-types", version = "1" } -rand_core = { version = "0.6.0", features = ["getrandom"] } +rand_core = { version = "0.6", features = ["getrandom"] } rustls = { path = "../rustls", default-features = false, features = ["logging", "tls12"] } -rsa = { version = "0.9.0", features = ["sha2"], default-features = false } -sha2 = { version = "0.10.0", default-features = false } +rsa = { version = "0.9", features = ["sha2"], default-features = false } +sha2 = { version = "0.10", default-features = false } signature = "2" webpki = { package = "rustls-webpki", version = "0.102", features = ["alloc"], default-features = false } x25519-dalek = "2" @@ -29,8 +29,8 @@ x25519-dalek = "2" env_logger = "0.10" hex = "0.4.3" rcgen = "0.11.1" -serde = { version = "1.0", features = ["derive"] } -serde_json = "1.0" +serde = { version = "1", features = ["derive"] } +serde_json = "1" webpki-roots = "0.26" [features] From 6ff948efba5c2a0d7ff8cf519e7e52f674fe280e Mon Sep 17 00:00:00 2001 From: Geoffroy Couprie Date: Tue, 5 Dec 2023 11:49:51 +0100 Subject: [PATCH 0505/1145] remove the TLS 1.2 session ticket on DecryptError if for some reason the recorded session ticket is invalid or decoded incorrectly by the server, we can get into a case where the resumption handshake happens, and right after the ChangeCipherSpec message, the server sends an encrypted handhsake message using the invalid ticket, and the client rejects it with the BadRecordMAC alert. Unfortunately, if the calling code retries the connection, if it will try again with the same ticket and obtain the same result. This commit makes sure that if we fail to decrypt the first message, we will remove the session ticket for this server, to start from cratch on the next connection. --- rustls/src/client/tls12.rs | 12 ++++++++ rustls/src/common_state.rs | 2 ++ rustls/src/conn.rs | 17 +++++++---- rustls/tests/api.rs | 58 ++++++++++++++++++++++++++++++++++++++ rustls/tests/common/mod.rs | 21 ++++++++++---- 5 files changed, 98 insertions(+), 12 deletions(-) diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index b3acad6c79..d572ffda2c 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -1040,6 +1040,18 @@ impl State for ExpectFinished { _fin_verified, })) } + + // we could not decrypt the encrypted handshake message with session resumption + // this might mean that the ticket was invalid for some reason, so we remove it + // from the store to restart a session from scratch + fn handle_decrypt_error(&self) { + if self.resuming { + self.config + .resumption + .store + .remove_tls12_session(&self.server_name); + } + } } // -- Traffic transit state -- diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index f738ba1259..0f0f55eefc 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -630,6 +630,8 @@ pub(crate) trait State: Send + Sync { fn extract_secrets(&self) -> Result { Err(Error::HandshakeNotComplete) } + + fn handle_decrypt_error(&self) {} } pub(crate) struct Context<'a, Data> { diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 31c4db37ba..6fc35accc4 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -453,7 +453,7 @@ impl ConnectionCommon { pub(crate) fn first_handshake_message(&mut self) -> Result, Error> { match self .core - .deframe()? + .deframe(None)? .map(Message::try_from) { Some(Ok(msg)) => Ok(Some(msg)), @@ -635,7 +635,7 @@ impl ConnectionCore { } }; - while let Some(msg) = self.deframe()? { + while let Some(msg) = self.deframe(Some(&*state))? { match self.process_msg(msg, state) { Ok(new) => state = new, Err(e) => { @@ -650,7 +650,7 @@ impl ConnectionCore { } /// Pull a message out of the deframer and send any messages that need to be sent as a result. - fn deframe(&mut self) -> Result, Error> { + fn deframe(&mut self, state: Option<&dyn State>) -> Result, Error> { match self.message_deframer.pop( &mut self.common_state.record_layer, self.common_state.negotiated_version, @@ -690,9 +690,14 @@ impl ConnectionCore { Err(err @ Error::PeerSentOversizedRecord) => Err(self .common_state .send_fatal_alert(AlertDescription::RecordOverflow, err)), - Err(err @ Error::DecryptError) => Err(self - .common_state - .send_fatal_alert(AlertDescription::BadRecordMac, err)), + Err(err @ Error::DecryptError) => { + if let Some(state) = state { + state.handle_decrypt_error(); + } + Err(self + .common_state + .send_fatal_alert(AlertDescription::BadRecordMac, err)) + } Err(e) => Err(e), } } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 31740e3007..4d3fbea186 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5649,3 +5649,61 @@ fn test_client_construction_requires_64_bytes_of_random_material() { ClientConnection::new(Arc::new(client_config), server_name("localhost")) .expect("check how much random material ClientConnection::new consumes"); } + +#[cfg(feature = "tls12")] +#[test] +fn test_client_removes_tls12_session_if_server_sends_undecryptable_first_message() { + fn inject_corrupt_finished_message(msg: &mut Message) -> Altered { + if let MessagePayload::ChangeCipherSpec(_) = msg.payload { + // interdict "real" ChangeCipherSpec with its encoding, plus a faulty encrypted Finished. + let mut raw_change_cipher_spec = [0x14u8, 0x03, 0x03, 0x00, 0x01, 0x01].to_vec(); + let mut corrupt_finished = [0x16, 0x03, 0x03, 0x00, 0x28].to_vec(); + corrupt_finished.extend([0u8; 0x28]); + + let mut both = vec![]; + both.append(&mut raw_change_cipher_spec); + both.append(&mut corrupt_finished); + + Altered::Raw(both) + } else { + Altered::InPlace + } + } + + let mut client_config = + make_client_config_with_versions(KeyType::Rsa, &[&rustls::version::TLS12]); + let storage = Arc::new(ClientStorage::new()); + client_config.resumption = Resumption::store(storage.clone()); + let client_config = Arc::new(client_config); + let server_config = Arc::new(make_server_config(KeyType::Rsa)); + + // successful handshake to allow resumption + let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); + do_handshake(&mut client, &mut server); + + // resumption + let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); + transfer(&mut client, &mut server); + server.process_new_packets().unwrap(); + let mut client = client.into(); + transfer_altered( + &mut server.into(), + inject_corrupt_finished_message, + &mut client, + ); + + // discard storage operations up to this point, to observe the one we want to test for. + storage.ops_and_reset(); + + // client cannot decrypt faulty Finished, and deletes saved session in case + // server resumption is buggy. + assert_eq!( + Some(Error::DecryptError), + client.process_new_packets().err() + ); + + assert!(matches!( + storage.ops()[0], + ClientStorageOp::RemoveTls12Session(_) + )); +} diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index f2d0946fac..de4ac7af7e 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -176,12 +176,21 @@ where let mut reader = Reader::init(&buf[..sz]); while reader.any_left() { let message = OpaqueMessage::read(&mut reader).unwrap(); - let mut message = Message::try_from(message.into_plain_message()).unwrap(); - let message_enc = match filter(&mut message) { - Altered::InPlace => PlainMessage::from(message) - .into_unencrypted_opaque() - .encode(), - Altered::Raw(data) => data, + + // this is a bit of a falsehood: we don't know whether message + // is encrypted. it is quite unlikely that a genuine encrypted + // message can be decoded by `Message::try_from`. + let plain = message.into_plain_message(); + + let message_enc = match Message::try_from(plain.clone()) { + Ok(mut message) => match filter(&mut message) { + Altered::InPlace => PlainMessage::from(message) + .into_unencrypted_opaque() + .encode(), + Altered::Raw(data) => data, + }, + // pass through encrypted/undecodable messages + Err(_) => plain.into_unencrypted_opaque().encode(), }; let message_enc_reader: &mut dyn io::Read = &mut &message_enc[..]; From 575157ffe9201aab78b67f408bf7dfc4d4a96c9d Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Tue, 28 Nov 2023 14:40:37 +0100 Subject: [PATCH 0506/1145] deframer: move helpers after tests --- rustls/src/msgs/deframer.rs | 194 ++++++++++++++++++------------------ 1 file changed, 97 insertions(+), 97 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index d609f164e8..83902b914f 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -455,103 +455,6 @@ mod tests { use std::io; - const FIRST_MESSAGE: &[u8] = include_bytes!("../testdata/deframer-test.1.bin"); - const SECOND_MESSAGE: &[u8] = include_bytes!("../testdata/deframer-test.2.bin"); - - const EMPTY_APPLICATIONDATA_MESSAGE: &[u8] = - include_bytes!("../testdata/deframer-empty-applicationdata.bin"); - - const INVALID_EMPTY_MESSAGE: &[u8] = include_bytes!("../testdata/deframer-invalid-empty.bin"); - const INVALID_CONTENTTYPE_MESSAGE: &[u8] = - include_bytes!("../testdata/deframer-invalid-contenttype.bin"); - const INVALID_VERSION_MESSAGE: &[u8] = - include_bytes!("../testdata/deframer-invalid-version.bin"); - const INVALID_LENGTH_MESSAGE: &[u8] = include_bytes!("../testdata/deframer-invalid-length.bin"); - - fn input_bytes(d: &mut MessageDeframer, bytes: &[u8]) -> io::Result { - let mut rd = io::Cursor::new(bytes); - d.read(&mut rd) - } - - fn input_bytes_concat( - d: &mut MessageDeframer, - bytes1: &[u8], - bytes2: &[u8], - ) -> io::Result { - let mut bytes = vec![0u8; bytes1.len() + bytes2.len()]; - bytes[..bytes1.len()].clone_from_slice(bytes1); - bytes[bytes1.len()..].clone_from_slice(bytes2); - let mut rd = io::Cursor::new(&bytes); - d.read(&mut rd) - } - - struct ErrorRead { - error: Option, - } - - impl ErrorRead { - fn new(error: io::Error) -> Self { - Self { error: Some(error) } - } - } - - impl io::Read for ErrorRead { - fn read(&mut self, buf: &mut [u8]) -> io::Result { - for (i, b) in buf.iter_mut().enumerate() { - *b = i as u8; - } - - let error = self.error.take().unwrap(); - Err(error) - } - } - - fn input_error(d: &mut MessageDeframer) { - let error = io::Error::from(io::ErrorKind::TimedOut); - let mut rd = ErrorRead::new(error); - d.read(&mut rd) - .expect_err("error not propagated"); - } - - fn input_whole_incremental(d: &mut MessageDeframer, bytes: &[u8]) { - let before = d.used; - - for i in 0..bytes.len() { - assert_len(1, input_bytes(d, &bytes[i..i + 1])); - assert!(d.has_pending()); - } - - assert_eq!(before + bytes.len(), d.used); - } - - fn assert_len(want: usize, got: io::Result) { - if let Ok(gotval) = got { - assert_eq!(gotval, want); - } else { - panic!("read failed, expected {:?} bytes", want); - } - } - - fn pop_first(d: &mut MessageDeframer, rl: &mut RecordLayer) { - let m = d - .pop(rl, None) - .unwrap() - .unwrap() - .message; - assert_eq!(m.typ, ContentType::Handshake); - Message::try_from(m).unwrap(); - } - - fn pop_second(d: &mut MessageDeframer, rl: &mut RecordLayer) { - let m = d - .pop(rl, None) - .unwrap() - .unwrap() - .message; - assert_eq!(m.typ, ContentType::Alert); - Message::try_from(m).unwrap(); - } - #[test] fn check_incremental() { let mut d = MessageDeframer::default(); @@ -762,4 +665,101 @@ mod tests { ); assert!(input_bytes(&mut d, &message).is_err()); } + + fn input_bytes(d: &mut MessageDeframer, bytes: &[u8]) -> io::Result { + let mut rd = io::Cursor::new(bytes); + d.read(&mut rd) + } + + fn input_bytes_concat( + d: &mut MessageDeframer, + bytes1: &[u8], + bytes2: &[u8], + ) -> io::Result { + let mut bytes = vec![0u8; bytes1.len() + bytes2.len()]; + bytes[..bytes1.len()].clone_from_slice(bytes1); + bytes[bytes1.len()..].clone_from_slice(bytes2); + let mut rd = io::Cursor::new(&bytes); + d.read(&mut rd) + } + + struct ErrorRead { + error: Option, + } + + impl ErrorRead { + fn new(error: io::Error) -> Self { + Self { error: Some(error) } + } + } + + impl io::Read for ErrorRead { + fn read(&mut self, buf: &mut [u8]) -> io::Result { + for (i, b) in buf.iter_mut().enumerate() { + *b = i as u8; + } + + let error = self.error.take().unwrap(); + Err(error) + } + } + + fn input_error(d: &mut MessageDeframer) { + let error = io::Error::from(io::ErrorKind::TimedOut); + let mut rd = ErrorRead::new(error); + d.read(&mut rd) + .expect_err("error not propagated"); + } + + fn input_whole_incremental(d: &mut MessageDeframer, bytes: &[u8]) { + let before = d.used; + + for i in 0..bytes.len() { + assert_len(1, input_bytes(d, &bytes[i..i + 1])); + assert!(d.has_pending()); + } + + assert_eq!(before + bytes.len(), d.used); + } + + fn assert_len(want: usize, got: io::Result) { + if let Ok(gotval) = got { + assert_eq!(gotval, want); + } else { + panic!("read failed, expected {:?} bytes", want); + } + } + + fn pop_first(d: &mut MessageDeframer, rl: &mut RecordLayer) { + let m = d + .pop(rl, None) + .unwrap() + .unwrap() + .message; + assert_eq!(m.typ, ContentType::Handshake); + Message::try_from(m).unwrap(); + } + + fn pop_second(d: &mut MessageDeframer, rl: &mut RecordLayer) { + let m = d + .pop(rl, None) + .unwrap() + .unwrap() + .message; + assert_eq!(m.typ, ContentType::Alert); + Message::try_from(m).unwrap(); + } + + const FIRST_MESSAGE: &[u8] = include_bytes!("../testdata/deframer-test.1.bin"); + const SECOND_MESSAGE: &[u8] = include_bytes!("../testdata/deframer-test.2.bin"); + + const EMPTY_APPLICATIONDATA_MESSAGE: &[u8] = + include_bytes!("../testdata/deframer-empty-applicationdata.bin"); + + const INVALID_EMPTY_MESSAGE: &[u8] = include_bytes!("../testdata/deframer-invalid-empty.bin"); + const INVALID_CONTENTTYPE_MESSAGE: &[u8] = + include_bytes!("../testdata/deframer-invalid-contenttype.bin"); + const INVALID_VERSION_MESSAGE: &[u8] = + include_bytes!("../testdata/deframer-invalid-version.bin"); + const INVALID_LENGTH_MESSAGE: &[u8] = include_bytes!("../testdata/deframer-invalid-length.bin"); } From e1e3f09b4830dc3f83043523b98bcff8ee4eba32 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Mon, 4 Dec 2023 10:39:47 -0500 Subject: [PATCH 0507/1145] Make `assert_len` more succint --- rustls/src/msgs/deframer.rs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 83902b914f..e2ecc8efee 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -723,11 +723,7 @@ mod tests { } fn assert_len(want: usize, got: io::Result) { - if let Ok(gotval) = got { - assert_eq!(gotval, want); - } else { - panic!("read failed, expected {:?} bytes", want); - } + assert_eq!(Some(want), got.ok()) } fn pop_first(d: &mut MessageDeframer, rl: &mut RecordLayer) { From 756bab942fe0280b43447b6d900e95eef34edfd3 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Fri, 10 Nov 2023 18:58:29 +0100 Subject: [PATCH 0508/1145] extract out MessageDeframer buffer --- rustls/src/msgs/deframer.rs | 150 ++++++++++++++++++++++++++---------- 1 file changed, 110 insertions(+), 40 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index e2ecc8efee..8c22b4b1ed 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -1,5 +1,6 @@ use alloc::vec::Vec; use core::ops::Range; +use core::slice::SliceIndex; use std::io; use super::base::Payload; @@ -22,16 +23,10 @@ pub struct MessageDeframer { /// the deframer cannot recover. last_error: Option, - /// Buffer of data read from the socket, in the process of being parsed into messages. - /// - /// For buffer size management, checkout out the `read()` method. - buf: Vec, - /// If we're in the middle of joining a handshake payload, this is the metadata. joining_hs: Option, - /// What size prefix of `buf` is used. - used: usize, + buffer: DeframerVecBuffer, } impl MessageDeframer { @@ -47,7 +42,7 @@ impl MessageDeframer { ) -> Result, Error> { if let Some(last_err) = self.last_error.clone() { return Err(last_err); - } else if self.used == 0 { + } else if self.buffer.is_empty() { return Ok(None); } @@ -72,7 +67,7 @@ impl MessageDeframer { // Does our `buf` contain a full message? It does if it is big enough to // contain a header, and that header has a length which falls within `buf`. // If so, deframe it and place the message onto the frames output queue. - let mut rd = codec::Reader::init(&self.buf[start..self.used]); + let mut rd = codec::Reader::init(self.buffer.filled_get(start..)); let m = match OpaqueMessage::read(&mut rd) { Ok(m) => m, Err(msg_err) => { @@ -116,7 +111,7 @@ impl MessageDeframer { }; if self.joining_hs.is_none() && allowed_plaintext { // This is unencrypted. We check the contents later. - self.discard(end); + self.buffer.discard(end); return Ok(Some(Deframed { want_close_before_decrypt: false, aligned: true, @@ -143,7 +138,7 @@ impl MessageDeframer { )); } Ok(None) => { - self.discard(end); + self.buffer.discard(end); continue; } Err(e) => return Err(e), @@ -160,7 +155,7 @@ impl MessageDeframer { // If it's not a handshake message, just return it -- no joining necessary. if msg.typ != ContentType::Handshake { let end = start + rd.used(); - self.discard(end); + self.buffer.discard(end); return Ok(Some(Deframed { want_close_before_decrypt: false, aligned: true, @@ -184,7 +179,10 @@ impl MessageDeframer { let message = PlainMessage { typ: ContentType::Handshake, version: meta.version, - payload: Payload::new(&self.buf[meta.payload.start..meta.payload.start + expected_len]), + payload: Payload::new( + self.buffer + .filled_get(meta.payload.start..meta.payload.start + expected_len), + ), }; // But before we return, update the `joining_hs` state to skip past this payload. @@ -193,13 +191,16 @@ impl MessageDeframer { // the payload start to point past the payload we're about to yield, and update the // `expected_len` to match the state of that remaining payload. meta.payload.start += expected_len; - meta.expected_len = payload_size(&self.buf[meta.payload.start..meta.payload.end])?; + meta.expected_len = payload_size( + self.buffer + .filled_get(meta.payload.start..meta.payload.end), + )?; } else { // Otherwise, we've yielded the last handshake payload in the buffer, so we can // discard all of the bytes that we're previously buffered as handshake data. let end = meta.message.end; self.joining_hs = None; - self.discard(end); + self.buffer.discard(end); } Ok(Some(Deframed { @@ -221,17 +222,19 @@ impl MessageDeframer { /// Allow pushing handshake messages directly into the buffer. pub(crate) fn push(&mut self, version: ProtocolVersion, payload: &[u8]) -> Result<(), Error> { - if self.used > 0 && self.joining_hs.is_none() { + if !self.buffer.is_empty() && self.joining_hs.is_none() { return Err(Error::General( "cannot push QUIC messages into unrelated connection".into(), )); - } else if let Err(err) = self.prepare_read() { + } else if let Err(err) = self + .buffer + .prepare_read(self.joining_hs.is_some()) + { return Err(Error::General(err.into())); } - let end = self.used + payload.len(); + let end = self.buffer.len() + payload.len(); self.append_hs(version, payload, end, true)?; - self.used = end; Ok(()) } @@ -252,15 +255,17 @@ impl MessageDeframer { // We're joining a handshake message to the previous one here. // Write it into the buffer and update the metadata. - let dst = &mut self.buf[meta.payload.end..meta.payload.end + payload.len()]; - dst.copy_from_slice(payload); + self.buffer + .copy(payload, meta.payload.end, quic); meta.message.end = end; meta.payload.end += payload.len(); // If we haven't parsed the payload size yet, try to do so now. if meta.expected_len.is_none() { - meta.expected_len = - payload_size(&self.buf[meta.payload.start..meta.payload.end])?; + meta.expected_len = payload_size( + self.buffer + .filled_get(meta.payload.start..meta.payload.end), + )?; } meta @@ -270,8 +275,7 @@ impl MessageDeframer { // Write it into the buffer and create the metadata. let expected_len = payload_size(payload)?; - let dst = &mut self.buf[..payload.len()]; - dst.copy_from_slice(payload); + self.buffer.copy(payload, 0, quic); self.joining_hs .insert(HandshakePayloadMeta { message: Range { start: 0, end }, @@ -288,7 +292,7 @@ impl MessageDeframer { Ok(match meta.expected_len { Some(len) if len <= meta.payload.len() => HandshakePayloadState::Complete(len), - _ => match self.used > meta.message.end { + _ => match self.buffer.len() > meta.message.end { true => HandshakePayloadState::Continue, false => HandshakePayloadState::Blocked, }, @@ -298,7 +302,10 @@ impl MessageDeframer { /// Read some bytes from `rd`, and add them to our internal buffer. #[allow(clippy::comparison_chain)] pub fn read(&mut self, rd: &mut dyn io::Read) -> io::Result { - if let Err(err) = self.prepare_read() { + if let Err(err) = self + .buffer + .prepare_read(self.joining_hs.is_some()) + { return Err(io::Error::new(io::ErrorKind::InvalidData, err)); } @@ -306,13 +313,33 @@ impl MessageDeframer { // we get a message with a length field out of range here, // we do a zero length read. That looks like an EOF to // the next layer up, which is fine. - let new_bytes = rd.read(&mut self.buf[self.used..])?; - self.used += new_bytes; + let new_bytes = rd.read(self.buffer.unfilled())?; + self.buffer.advance(new_bytes); Ok(new_bytes) } + /// Returns true if we have messages for the caller + /// to process, either whole messages in our output + /// queue or partial messages in our buffer. + pub fn has_pending(&self) -> bool { + !self.buffer.is_empty() + } +} + +#[derive(Default, Debug)] +struct DeframerVecBuffer { + /// Buffer of data read from the socket, in the process of being parsed into messages. + /// + /// For buffer size management, checkout out the [`DeframerVecBuffer::prepare_read()`] method. + buf: Vec, + + /// What size prefix of `buf` is used. + used: usize, +} + +impl DeframerVecBuffer { /// Resize the internal `buf` if necessary for reading more bytes. - fn prepare_read(&mut self) -> Result<(), &'static str> { + fn prepare_read(&mut self, is_joining_hs: bool) -> Result<(), &'static str> { // We allow a maximum of 64k of buffered data for handshake messages only. Enforce this // by varying the maximum allowed buffer size here based on whether a prefix of a // handshake payload is currently being buffered. Given that the first read of such a @@ -320,9 +347,9 @@ impl MessageDeframer { // larger buffer size. Once the large message and any following handshake messages in // the same flight have been consumed, `pop()` will call `discard()` to reset `used`. // At this point, the buffer resizing logic below should reduce the buffer size. - let allow_max = match self.joining_hs { - Some(_) => MAX_HANDSHAKE_SIZE as usize, - None => OpaqueMessage::MAX_WIRE_SIZE, + let allow_max = match is_joining_hs { + true => MAX_HANDSHAKE_SIZE as usize, + false => OpaqueMessage::MAX_WIRE_SIZE, }; if self.used >= allow_max { @@ -345,11 +372,23 @@ impl MessageDeframer { Ok(()) } - /// Returns true if we have messages for the caller - /// to process, either whole messages in our output - /// queue or partial messages in our buffer. - pub fn has_pending(&self) -> bool { - self.used > 0 + /// Copies from the `src` buffer into this buffer at the requested index + /// + /// If `quic` is true the data will be copied into the *un*filled section of the buffer + /// + /// If `quic` is false the data will be copied into the filled section of the buffer + fn copy(&mut self, from: &[u8], at: usize, quic: bool) { + let buf = if quic { + self.unfilled() + } else { + self.filled_mut() + }; + let len = from.len(); + let into = &mut buf[at..at + len]; + into.copy_from_slice(from); + if quic { + self.advance(len); + } } /// Discard `taken` bytes from the start of our buffer. @@ -376,6 +415,37 @@ impl MessageDeframer { self.used = 0; } } + + fn advance(&mut self, new_bytes: usize) { + self.used += new_bytes; + } + + fn filled_mut(&mut self) -> &mut [u8] { + &mut self.buf[..self.used] + } + + fn unfilled(&mut self) -> &mut [u8] { + &mut self.buf[self.used..] + } + + fn filled_get(&self, index: I) -> &I::Output + where + I: SliceIndex<[u8]>, + { + self.filled().get(index).unwrap() + } + + fn filled(&self) -> &[u8] { + &self.buf[..self.used] + } + + fn is_empty(&self) -> bool { + self.len() == 0 + } + + fn len(&self) -> usize { + self.used + } } enum HandshakePayloadState { @@ -712,14 +782,14 @@ mod tests { } fn input_whole_incremental(d: &mut MessageDeframer, bytes: &[u8]) { - let before = d.used; + let before = d.buffer.len(); for i in 0..bytes.len() { assert_len(1, input_bytes(d, &bytes[i..i + 1])); assert!(d.has_pending()); } - assert_eq!(before + bytes.len(), d.used); + assert_eq!(before + bytes.len(), d.buffer.len()); } fn assert_len(want: usize, got: io::Result) { From 4505605c1a26a105ff2c22ed70c09e9494bca56f Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Fri, 17 Nov 2023 14:09:52 +0100 Subject: [PATCH 0509/1145] make MessageDeframer unbuffered --- fuzz/fuzzers/deframer.rs | 7 +- rustls/src/conn.rs | 34 +++-- rustls/src/lib.rs | 2 +- rustls/src/msgs/deframer.rs | 286 +++++++++++++++++++----------------- rustls/src/quic.rs | 16 +- 5 files changed, 196 insertions(+), 149 deletions(-) diff --git a/fuzz/fuzzers/deframer.rs b/fuzz/fuzzers/deframer.rs index 166cdacdfd..6bb9c2738f 100644 --- a/fuzz/fuzzers/deframer.rs +++ b/fuzz/fuzzers/deframer.rs @@ -9,17 +9,18 @@ use rustls::internal::record_layer::RecordLayer; use std::io; fuzz_target!(|data: &[u8]| { + let mut buf = deframer::DeframerVecBuffer::default(); let mut dfm = deframer::MessageDeframer::default(); if dfm - .read(&mut io::Cursor::new(data)) + .read(&mut io::Cursor::new(data), &mut buf) .is_err() { return; } - dfm.has_pending(); + buf.has_pending(); let mut rl = RecordLayer::new(); - while let Ok(Some(decrypted)) = dfm.pop(&mut rl, None) { + while let Ok(Some(decrypted)) = dfm.pop(&mut rl, None, &mut buf) { Message::try_from(decrypted.message).ok(); } }); diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 6fc35accc4..b2391e63f4 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -3,7 +3,7 @@ use crate::enums::{AlertDescription, ContentType}; use crate::error::{Error, PeerMisbehaved}; #[cfg(feature = "logging")] use crate::log::trace; -use crate::msgs::deframer::{Deframed, MessageDeframer}; +use crate::msgs::deframer::{Deframed, DeframerVecBuffer, MessageDeframer}; use crate::msgs::handshake::Random; use crate::msgs::message::{Message, MessagePayload, PlainMessage}; use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; @@ -328,6 +328,7 @@ fn is_valid_ccs(msg: &PlainMessage) -> bool { /// Interface shared by client and server connections. pub struct ConnectionCommon { pub(crate) core: ConnectionCore, + deframer_buffer: DeframerVecBuffer, } impl ConnectionCommon { @@ -339,7 +340,7 @@ impl ConnectionCommon { // Are we done? i.e., have we processed all received messages, and received a // close_notify to indicate that no new messages will arrive? peer_cleanly_closed: common.has_received_close_notify - && !self.core.message_deframer.has_pending(), + && !self.deframer_buffer.has_pending(), has_seen_eof: common.has_seen_eof, } } @@ -453,7 +454,7 @@ impl ConnectionCommon { pub(crate) fn first_handshake_message(&mut self) -> Result, Error> { match self .core - .deframe(None)? + .deframe(None, &mut self.deframer_buffer)? .map(Message::try_from) { Some(Ok(msg)) => Ok(Some(msg)), @@ -486,7 +487,8 @@ impl ConnectionCommon { /// [`process_new_packets`]: Connection::process_new_packets #[inline] pub fn process_new_packets(&mut self) -> Result { - self.core.process_new_packets() + self.core + .process_new_packets(&mut self.deframer_buffer) } /// Read TLS content from `rd` into the internal buffer. @@ -516,7 +518,10 @@ impl ConnectionCommon { )); } - let res = self.core.message_deframer.read(rd); + let res = self + .core + .message_deframer + .read(rd, &mut self.deframer_buffer); if let Ok(0) = res { self.has_seen_eof = true; } @@ -605,7 +610,10 @@ impl DerefMut for ConnectionCommon { impl From> for ConnectionCommon { fn from(core: ConnectionCore) -> Self { - Self { core } + Self { + core, + deframer_buffer: DeframerVecBuffer::default(), + } } } @@ -626,7 +634,10 @@ impl ConnectionCore { } } - pub(crate) fn process_new_packets(&mut self) -> Result { + pub(crate) fn process_new_packets( + &mut self, + deframer_buffer: &mut DeframerVecBuffer, + ) -> Result { let mut state = match mem::replace(&mut self.state, Err(Error::HandshakeNotComplete)) { Ok(state) => state, Err(e) => { @@ -635,7 +646,7 @@ impl ConnectionCore { } }; - while let Some(msg) = self.deframe(Some(&*state))? { + while let Some(msg) = self.deframe(Some(&*state), deframer_buffer)? { match self.process_msg(msg, state) { Ok(new) => state = new, Err(e) => { @@ -650,10 +661,15 @@ impl ConnectionCore { } /// Pull a message out of the deframer and send any messages that need to be sent as a result. - fn deframe(&mut self, state: Option<&dyn State>) -> Result, Error> { + fn deframe( + &mut self, + state: Option<&dyn State>, + deframer_buffer: &mut DeframerVecBuffer, + ) -> Result, Error> { match self.message_deframer.pop( &mut self.common_state.record_layer, self.common_state.negotiated_version, + deframer_buffer, ) { Ok(Some(Deframed { want_close_before_decrypt, diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 957d3abb9c..0344d78a3f 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -393,7 +393,7 @@ pub mod internal { pub use crate::msgs::codec::{Codec, Reader}; } pub mod deframer { - pub use crate::msgs::deframer::MessageDeframer; + pub use crate::msgs::deframer::{DeframerVecBuffer, MessageDeframer}; } pub mod enums { pub use crate::msgs::enums::{ diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 8c22b4b1ed..a81139cd81 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -25,8 +25,6 @@ pub struct MessageDeframer { /// If we're in the middle of joining a handshake payload, this is the metadata. joining_hs: Option, - - buffer: DeframerVecBuffer, } impl MessageDeframer { @@ -39,10 +37,11 @@ impl MessageDeframer { &mut self, record_layer: &mut RecordLayer, negotiated_version: Option, + buffer: &mut DeframerVecBuffer, ) -> Result, Error> { if let Some(last_err) = self.last_error.clone() { return Err(last_err); - } else if self.buffer.is_empty() { + } else if buffer.is_empty() { return Ok(None); } @@ -67,7 +66,7 @@ impl MessageDeframer { // Does our `buf` contain a full message? It does if it is big enough to // contain a header, and that header has a length which falls within `buf`. // If so, deframe it and place the message onto the frames output queue. - let mut rd = codec::Reader::init(self.buffer.filled_get(start..)); + let mut rd = codec::Reader::init(buffer.filled_get(start..)); let m = match OpaqueMessage::read(&mut rd) { Ok(m) => m, Err(msg_err) => { @@ -111,7 +110,7 @@ impl MessageDeframer { }; if self.joining_hs.is_none() && allowed_plaintext { // This is unencrypted. We check the contents later. - self.buffer.discard(end); + buffer.discard(end); return Ok(Some(Deframed { want_close_before_decrypt: false, aligned: true, @@ -138,7 +137,7 @@ impl MessageDeframer { )); } Ok(None) => { - self.buffer.discard(end); + buffer.discard(end); continue; } Err(e) => return Err(e), @@ -155,7 +154,7 @@ impl MessageDeframer { // If it's not a handshake message, just return it -- no joining necessary. if msg.typ != ContentType::Handshake { let end = start + rd.used(); - self.buffer.discard(end); + buffer.discard(end); return Ok(Some(Deframed { want_close_before_decrypt: false, aligned: true, @@ -166,7 +165,7 @@ impl MessageDeframer { // If we don't know the payload size yet or if the payload size is larger // than the currently buffered payload, we need to wait for more data. - match self.append_hs(msg.version, &msg.payload.0, end, false)? { + match self.append_hs(msg.version, &msg.payload.0, end, false, buffer)? { HandshakePayloadState::Blocked => return Ok(None), HandshakePayloadState::Complete(len) => break len, HandshakePayloadState::Continue => continue, @@ -180,8 +179,7 @@ impl MessageDeframer { typ: ContentType::Handshake, version: meta.version, payload: Payload::new( - self.buffer - .filled_get(meta.payload.start..meta.payload.start + expected_len), + buffer.filled_get(meta.payload.start..meta.payload.start + expected_len), ), }; @@ -191,16 +189,14 @@ impl MessageDeframer { // the payload start to point past the payload we're about to yield, and update the // `expected_len` to match the state of that remaining payload. meta.payload.start += expected_len; - meta.expected_len = payload_size( - self.buffer - .filled_get(meta.payload.start..meta.payload.end), - )?; + meta.expected_len = + payload_size(buffer.filled_get(meta.payload.start..meta.payload.end))?; } else { // Otherwise, we've yielded the last handshake payload in the buffer, so we can // discard all of the bytes that we're previously buffered as handshake data. let end = meta.message.end; self.joining_hs = None; - self.buffer.discard(end); + buffer.discard(end); } Ok(Some(Deframed { @@ -221,20 +217,22 @@ impl MessageDeframer { } /// Allow pushing handshake messages directly into the buffer. - pub(crate) fn push(&mut self, version: ProtocolVersion, payload: &[u8]) -> Result<(), Error> { - if !self.buffer.is_empty() && self.joining_hs.is_none() { + pub(crate) fn push( + &mut self, + version: ProtocolVersion, + payload: &[u8], + buffer: &mut DeframerVecBuffer, + ) -> Result<(), Error> { + if !buffer.is_empty() && self.joining_hs.is_none() { return Err(Error::General( "cannot push QUIC messages into unrelated connection".into(), )); - } else if let Err(err) = self - .buffer - .prepare_read(self.joining_hs.is_some()) - { + } else if let Err(err) = buffer.prepare_read(self.joining_hs.is_some()) { return Err(Error::General(err.into())); } - let end = self.buffer.len() + payload.len(); - self.append_hs(version, payload, end, true)?; + let end = buffer.len() + payload.len(); + self.append_hs(version, payload, end, true, buffer)?; Ok(()) } @@ -247,6 +245,7 @@ impl MessageDeframer { payload: &[u8], end: usize, quic: bool, + buffer: &mut DeframerVecBuffer, ) -> Result { let meta = match &mut self.joining_hs { Some(meta) => { @@ -255,17 +254,14 @@ impl MessageDeframer { // We're joining a handshake message to the previous one here. // Write it into the buffer and update the metadata. - self.buffer - .copy(payload, meta.payload.end, quic); + buffer.copy(payload, meta.payload.end, quic); meta.message.end = end; meta.payload.end += payload.len(); // If we haven't parsed the payload size yet, try to do so now. if meta.expected_len.is_none() { - meta.expected_len = payload_size( - self.buffer - .filled_get(meta.payload.start..meta.payload.end), - )?; + meta.expected_len = + payload_size(buffer.filled_get(meta.payload.start..meta.payload.end))?; } meta @@ -275,7 +271,7 @@ impl MessageDeframer { // Write it into the buffer and create the metadata. let expected_len = payload_size(payload)?; - self.buffer.copy(payload, 0, quic); + buffer.copy(payload, 0, quic); self.joining_hs .insert(HandshakePayloadMeta { message: Range { start: 0, end }, @@ -292,7 +288,7 @@ impl MessageDeframer { Ok(match meta.expected_len { Some(len) if len <= meta.payload.len() => HandshakePayloadState::Complete(len), - _ => match self.buffer.len() > meta.message.end { + _ => match buffer.len() > meta.message.end { true => HandshakePayloadState::Continue, false => HandshakePayloadState::Blocked, }, @@ -301,11 +297,12 @@ impl MessageDeframer { /// Read some bytes from `rd`, and add them to our internal buffer. #[allow(clippy::comparison_chain)] - pub fn read(&mut self, rd: &mut dyn io::Read) -> io::Result { - if let Err(err) = self - .buffer - .prepare_read(self.joining_hs.is_some()) - { + pub fn read( + &mut self, + rd: &mut dyn io::Read, + buffer: &mut DeframerVecBuffer, + ) -> io::Result { + if let Err(err) = buffer.prepare_read(self.joining_hs.is_some()) { return Err(io::Error::new(io::ErrorKind::InvalidData, err)); } @@ -313,21 +310,14 @@ impl MessageDeframer { // we get a message with a length field out of range here, // we do a zero length read. That looks like an EOF to // the next layer up, which is fine. - let new_bytes = rd.read(self.buffer.unfilled())?; - self.buffer.advance(new_bytes); + let new_bytes = rd.read(buffer.unfilled())?; + buffer.advance(new_bytes); Ok(new_bytes) } - - /// Returns true if we have messages for the caller - /// to process, either whole messages in our output - /// queue or partial messages in our buffer. - pub fn has_pending(&self) -> bool { - !self.buffer.is_empty() - } } #[derive(Default, Debug)] -struct DeframerVecBuffer { +pub struct DeframerVecBuffer { /// Buffer of data read from the socket, in the process of being parsed into messages. /// /// For buffer size management, checkout out the [`DeframerVecBuffer::prepare_read()`] method. @@ -338,6 +328,11 @@ struct DeframerVecBuffer { } impl DeframerVecBuffer { + /// Returns true if there are messages for the caller to process + pub fn has_pending(&self) -> bool { + !self.is_empty() + } + /// Resize the internal `buf` if necessary for reading more bytes. fn prepare_read(&mut self, is_joining_hs: bool) -> Result<(), &'static str> { // We allow a maximum of 64k of buffered data for handshake messages only. Enforce this @@ -518,16 +513,15 @@ const READ_SIZE: usize = 4096; #[cfg(test)] mod tests { - use super::MessageDeframer; - use crate::msgs::message::{Message, OpaqueMessage}; - use crate::record_layer::RecordLayer; - use crate::{ContentType, Error, InvalidMessage}; - use std::io; + use crate::msgs::message::Message; + + use super::*; + #[test] fn check_incremental() { - let mut d = MessageDeframer::default(); + let mut d = BufferedDeframer::default(); assert!(!d.has_pending()); input_whole_incremental(&mut d, FIRST_MESSAGE); assert!(d.has_pending()); @@ -540,7 +534,7 @@ mod tests { #[test] fn check_incremental_2() { - let mut d = MessageDeframer::default(); + let mut d = BufferedDeframer::default(); assert!(!d.has_pending()); input_whole_incremental(&mut d, FIRST_MESSAGE); assert!(d.has_pending()); @@ -557,9 +551,9 @@ mod tests { #[test] fn check_whole() { - let mut d = MessageDeframer::default(); + let mut d = BufferedDeframer::default(); assert!(!d.has_pending()); - assert_len(FIRST_MESSAGE.len(), input_bytes(&mut d, FIRST_MESSAGE)); + assert_len(FIRST_MESSAGE.len(), d.input_bytes(FIRST_MESSAGE)); assert!(d.has_pending()); let mut rl = RecordLayer::new(); @@ -570,10 +564,10 @@ mod tests { #[test] fn check_whole_2() { - let mut d = MessageDeframer::default(); + let mut d = BufferedDeframer::default(); assert!(!d.has_pending()); - assert_len(FIRST_MESSAGE.len(), input_bytes(&mut d, FIRST_MESSAGE)); - assert_len(SECOND_MESSAGE.len(), input_bytes(&mut d, SECOND_MESSAGE)); + assert_len(FIRST_MESSAGE.len(), d.input_bytes(FIRST_MESSAGE)); + assert_len(SECOND_MESSAGE.len(), d.input_bytes(SECOND_MESSAGE)); let mut rl = RecordLayer::new(); pop_first(&mut d, &mut rl); @@ -584,11 +578,11 @@ mod tests { #[test] fn test_two_in_one_read() { - let mut d = MessageDeframer::default(); + let mut d = BufferedDeframer::default(); assert!(!d.has_pending()); assert_len( FIRST_MESSAGE.len() + SECOND_MESSAGE.len(), - input_bytes_concat(&mut d, FIRST_MESSAGE, SECOND_MESSAGE), + d.input_bytes_concat(FIRST_MESSAGE, SECOND_MESSAGE), ); let mut rl = RecordLayer::new(); @@ -600,11 +594,11 @@ mod tests { #[test] fn test_two_in_one_read_shortest_first() { - let mut d = MessageDeframer::default(); + let mut d = BufferedDeframer::default(); assert!(!d.has_pending()); assert_len( FIRST_MESSAGE.len() + SECOND_MESSAGE.len(), - input_bytes_concat(&mut d, SECOND_MESSAGE, FIRST_MESSAGE), + d.input_bytes_concat(SECOND_MESSAGE, FIRST_MESSAGE), ); let mut rl = RecordLayer::new(); @@ -616,13 +610,10 @@ mod tests { #[test] fn test_incremental_with_nonfatal_read_error() { - let mut d = MessageDeframer::default(); - assert_len(3, input_bytes(&mut d, &FIRST_MESSAGE[..3])); + let mut d = BufferedDeframer::default(); + assert_len(3, d.input_bytes(&FIRST_MESSAGE[..3])); input_error(&mut d); - assert_len( - FIRST_MESSAGE.len() - 3, - input_bytes(&mut d, &FIRST_MESSAGE[3..]), - ); + assert_len(FIRST_MESSAGE.len() - 3, d.input_bytes(&FIRST_MESSAGE[3..])); let mut rl = RecordLayer::new(); pop_first(&mut d, &mut rl); @@ -632,10 +623,10 @@ mod tests { #[test] fn test_invalid_contenttype_errors() { - let mut d = MessageDeframer::default(); + let mut d = BufferedDeframer::default(); assert_len( INVALID_CONTENTTYPE_MESSAGE.len(), - input_bytes(&mut d, INVALID_CONTENTTYPE_MESSAGE), + d.input_bytes(INVALID_CONTENTTYPE_MESSAGE), ); let mut rl = RecordLayer::new(); @@ -647,10 +638,10 @@ mod tests { #[test] fn test_invalid_version_errors() { - let mut d = MessageDeframer::default(); + let mut d = BufferedDeframer::default(); assert_len( INVALID_VERSION_MESSAGE.len(), - input_bytes(&mut d, INVALID_VERSION_MESSAGE), + d.input_bytes(INVALID_VERSION_MESSAGE), ); let mut rl = RecordLayer::new(); @@ -662,10 +653,10 @@ mod tests { #[test] fn test_invalid_length_errors() { - let mut d = MessageDeframer::default(); + let mut d = BufferedDeframer::default(); assert_len( INVALID_LENGTH_MESSAGE.len(), - input_bytes(&mut d, INVALID_LENGTH_MESSAGE), + d.input_bytes(INVALID_LENGTH_MESSAGE), ); let mut rl = RecordLayer::new(); @@ -677,10 +668,10 @@ mod tests { #[test] fn test_empty_applicationdata() { - let mut d = MessageDeframer::default(); + let mut d = BufferedDeframer::default(); assert_len( EMPTY_APPLICATIONDATA_MESSAGE.len(), - input_bytes(&mut d, EMPTY_APPLICATIONDATA_MESSAGE), + d.input_bytes(EMPTY_APPLICATIONDATA_MESSAGE), ); let mut rl = RecordLayer::new(); @@ -697,10 +688,10 @@ mod tests { #[test] fn test_invalid_empty_errors() { - let mut d = MessageDeframer::default(); + let mut d = BufferedDeframer::default(); assert_len( INVALID_EMPTY_MESSAGE.len(), - input_bytes(&mut d, INVALID_EMPTY_MESSAGE), + d.input_bytes(INVALID_EMPTY_MESSAGE), ); let mut rl = RecordLayer::new(); @@ -724,79 +715,37 @@ mod tests { message.extend((PAYLOAD_LEN as u16).to_be_bytes()); // payload length message.extend(&[0; PAYLOAD_LEN]); - let mut d = MessageDeframer::default(); - assert_len(4096, input_bytes(&mut d, &message)); - assert_len(4096, input_bytes(&mut d, &message)); - assert_len(4096, input_bytes(&mut d, &message)); - assert_len(4096, input_bytes(&mut d, &message)); + let mut d = BufferedDeframer::default(); + assert_len(4096, d.input_bytes(&message)); + assert_len(4096, d.input_bytes(&message)); + assert_len(4096, d.input_bytes(&message)); + assert_len(4096, d.input_bytes(&message)); assert_len( OpaqueMessage::MAX_WIRE_SIZE - 16_384, - input_bytes(&mut d, &message), + d.input_bytes(&message), ); - assert!(input_bytes(&mut d, &message).is_err()); - } - - fn input_bytes(d: &mut MessageDeframer, bytes: &[u8]) -> io::Result { - let mut rd = io::Cursor::new(bytes); - d.read(&mut rd) - } - - fn input_bytes_concat( - d: &mut MessageDeframer, - bytes1: &[u8], - bytes2: &[u8], - ) -> io::Result { - let mut bytes = vec![0u8; bytes1.len() + bytes2.len()]; - bytes[..bytes1.len()].clone_from_slice(bytes1); - bytes[bytes1.len()..].clone_from_slice(bytes2); - let mut rd = io::Cursor::new(&bytes); - d.read(&mut rd) - } - - struct ErrorRead { - error: Option, - } - - impl ErrorRead { - fn new(error: io::Error) -> Self { - Self { error: Some(error) } - } + assert!(d.input_bytes(&message).is_err()); } - impl io::Read for ErrorRead { - fn read(&mut self, buf: &mut [u8]) -> io::Result { - for (i, b) in buf.iter_mut().enumerate() { - *b = i as u8; - } - - let error = self.error.take().unwrap(); - Err(error) - } - } - - fn input_error(d: &mut MessageDeframer) { + fn input_error(d: &mut BufferedDeframer) { let error = io::Error::from(io::ErrorKind::TimedOut); let mut rd = ErrorRead::new(error); d.read(&mut rd) .expect_err("error not propagated"); } - fn input_whole_incremental(d: &mut MessageDeframer, bytes: &[u8]) { + fn input_whole_incremental(d: &mut BufferedDeframer, bytes: &[u8]) { let before = d.buffer.len(); for i in 0..bytes.len() { - assert_len(1, input_bytes(d, &bytes[i..i + 1])); + assert_len(1, d.input_bytes(&bytes[i..i + 1])); assert!(d.has_pending()); } assert_eq!(before + bytes.len(), d.buffer.len()); } - fn assert_len(want: usize, got: io::Result) { - assert_eq!(Some(want), got.ok()) - } - - fn pop_first(d: &mut MessageDeframer, rl: &mut RecordLayer) { + fn pop_first(d: &mut BufferedDeframer, rl: &mut RecordLayer) { let m = d .pop(rl, None) .unwrap() @@ -806,7 +755,7 @@ mod tests { Message::try_from(m).unwrap(); } - fn pop_second(d: &mut MessageDeframer, rl: &mut RecordLayer) { + fn pop_second(d: &mut BufferedDeframer, rl: &mut RecordLayer) { let m = d .pop(rl, None) .unwrap() @@ -816,6 +765,79 @@ mod tests { Message::try_from(m).unwrap(); } + // buffered version to ease testing + #[derive(Default)] + struct BufferedDeframer { + inner: MessageDeframer, + buffer: DeframerVecBuffer, + } + + impl BufferedDeframer { + fn input_bytes(&mut self, bytes: &[u8]) -> io::Result { + let mut rd = io::Cursor::new(bytes); + self.read(&mut rd) + } + + fn input_bytes_concat(&mut self, bytes1: &[u8], bytes2: &[u8]) -> io::Result { + let mut bytes = vec![0u8; bytes1.len() + bytes2.len()]; + bytes[..bytes1.len()].clone_from_slice(bytes1); + bytes[bytes1.len()..].clone_from_slice(bytes2); + let mut rd = io::Cursor::new(&bytes); + self.read(&mut rd) + } + + fn pop( + &mut self, + record_layer: &mut RecordLayer, + negotiated_version: Option, + ) -> Result, Error> { + self.inner + .pop(record_layer, negotiated_version, &mut self.buffer) + } + + fn read(&mut self, rd: &mut dyn io::Read) -> io::Result { + self.inner.read(rd, &mut self.buffer) + } + + fn has_pending(&self) -> bool { + self.buffer.has_pending() + } + } + + // grant access to the `MessageDeframer.last_error` field + impl core::ops::Deref for BufferedDeframer { + type Target = MessageDeframer; + + fn deref(&self) -> &Self::Target { + &self.inner + } + } + + struct ErrorRead { + error: Option, + } + + impl ErrorRead { + fn new(error: io::Error) -> Self { + Self { error: Some(error) } + } + } + + impl io::Read for ErrorRead { + fn read(&mut self, buf: &mut [u8]) -> io::Result { + for (i, b) in buf.iter_mut().enumerate() { + *b = i as u8; + } + + let error = self.error.take().unwrap(); + Err(error) + } + } + + fn assert_len(want: usize, got: io::Result) { + assert_eq!(Some(want), got.ok()) + } + const FIRST_MESSAGE: &[u8] = include_bytes!("../testdata/deframer-test.1.bin"); const SECOND_MESSAGE: &[u8] = include_bytes!("../testdata/deframer-test.2.bin"); diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 54350d4f02..fe98086c94 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -6,6 +6,7 @@ use crate::crypto::cipher::{AeadKey, Iv}; use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock}; use crate::enums::{AlertDescription, ProtocolVersion}; use crate::error::Error; +use crate::msgs::deframer::DeframerVecBuffer; use crate::msgs::handshake::{ClientExtension, ServerExtension}; use crate::server::{ServerConfig, ServerConnectionData}; use crate::tls13::key_schedule::{ @@ -314,6 +315,7 @@ impl From for Connection { /// A shared interface for QUIC connections. pub struct ConnectionCommon { core: ConnectionCore, + deframer_buffer: DeframerVecBuffer, } impl ConnectionCommon { @@ -356,10 +358,13 @@ impl ConnectionCommon { /// /// Handshake data obtained from separate encryption levels should be supplied in separate calls. pub fn read_hs(&mut self, plaintext: &[u8]) -> Result<(), Error> { + self.core.message_deframer.push( + ProtocolVersion::TLSv1_3, + plaintext, + &mut self.deframer_buffer, + )?; self.core - .message_deframer - .push(ProtocolVersion::TLSv1_3, plaintext)?; - self.core.process_new_packets()?; + .process_new_packets(&mut self.deframer_buffer)?; Ok(()) } @@ -397,7 +402,10 @@ impl DerefMut for ConnectionCommon { impl From> for ConnectionCommon { fn from(core: ConnectionCore) -> Self { - Self { core } + Self { + core, + deframer_buffer: DeframerVecBuffer::default(), + } } } From 17982e92b1e575f8cffd1539d21a48a835492743 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Fri, 17 Nov 2023 14:20:12 +0100 Subject: [PATCH 0510/1145] make append_hs generic --- rustls/src/msgs/deframer.rs | 94 +++++++++++++++++++++---------------- 1 file changed, 54 insertions(+), 40 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index a81139cd81..d963f90a74 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -165,7 +165,7 @@ impl MessageDeframer { // If we don't know the payload size yet or if the payload size is larger // than the currently buffered payload, we need to wait for more data. - match self.append_hs(msg.version, &msg.payload.0, end, false, buffer)? { + match self.append_hs::<_, false>(msg.version, &msg.payload.0, end, buffer)? { HandshakePayloadState::Blocked => return Ok(None), HandshakePayloadState::Complete(len) => break len, HandshakePayloadState::Continue => continue, @@ -232,29 +232,28 @@ impl MessageDeframer { } let end = buffer.len() + payload.len(); - self.append_hs(version, payload, end, true, buffer)?; + self.append_hs::<_, true>(version, payload, end, buffer)?; Ok(()) } /// Write the handshake message contents into the buffer and update the metadata. /// /// Returns true if a complete message is found. - fn append_hs( + fn append_hs, const QUIC: bool>( &mut self, version: ProtocolVersion, payload: &[u8], end: usize, - quic: bool, - buffer: &mut DeframerVecBuffer, + buffer: &mut T, ) -> Result { let meta = match &mut self.joining_hs { Some(meta) => { - debug_assert_eq!(meta.quic, quic); + debug_assert_eq!(meta.quic, QUIC); // We're joining a handshake message to the previous one here. // Write it into the buffer and update the metadata. - buffer.copy(payload, meta.payload.end, quic); + DeframerBuffer::::copy(buffer, payload, meta.payload.end); meta.message.end = end; meta.payload.end += payload.len(); @@ -271,7 +270,7 @@ impl MessageDeframer { // Write it into the buffer and create the metadata. let expected_len = payload_size(payload)?; - buffer.copy(payload, 0, quic); + DeframerBuffer::::copy(buffer, payload, 0); self.joining_hs .insert(HandshakePayloadMeta { message: Range { start: 0, end }, @@ -281,7 +280,7 @@ impl MessageDeframer { }, version, expected_len, - quic, + quic: QUIC, }) } }; @@ -367,25 +366,6 @@ impl DeframerVecBuffer { Ok(()) } - /// Copies from the `src` buffer into this buffer at the requested index - /// - /// If `quic` is true the data will be copied into the *un*filled section of the buffer - /// - /// If `quic` is false the data will be copied into the filled section of the buffer - fn copy(&mut self, from: &[u8], at: usize, quic: bool) { - let buf = if quic { - self.unfilled() - } else { - self.filled_mut() - }; - let len = from.len(); - let into = &mut buf[at..at + len]; - into.copy_from_slice(from); - if quic { - self.advance(len); - } - } - /// Discard `taken` bytes from the start of our buffer. fn discard(&mut self, taken: usize) { #[allow(clippy::comparison_chain)] @@ -411,36 +391,70 @@ impl DeframerVecBuffer { } } - fn advance(&mut self, new_bytes: usize) { - self.used += new_bytes; + fn is_empty(&self) -> bool { + self.len() == 0 } - fn filled_mut(&mut self) -> &mut [u8] { - &mut self.buf[..self.used] + fn advance(&mut self, num_bytes: usize) { + self.used += num_bytes; } fn unfilled(&mut self) -> &mut [u8] { &mut self.buf[self.used..] } +} - fn filled_get(&self, index: I) -> &I::Output - where - I: SliceIndex<[u8]>, - { - self.filled().get(index).unwrap() +impl FilledDeframerBuffer for DeframerVecBuffer { + fn filled_mut(&mut self) -> &mut [u8] { + &mut self.buf[..self.used] } fn filled(&self) -> &[u8] { &self.buf[..self.used] } +} + +impl DeframerBuffer for DeframerVecBuffer { + fn copy(&mut self, src: &[u8], at: usize) { + copy_into_buffer(self.unfilled(), src, at); + self.advance(src.len()); + } +} - fn is_empty(&self) -> bool { - self.len() == 0 +impl DeframerBuffer for DeframerVecBuffer { + fn copy(&mut self, src: &[u8], at: usize) { + copy_into_buffer(self.filled_mut(), src, at) + } +} + +trait DeframerBuffer: FilledDeframerBuffer { + /// Copies from the `src` buffer into this buffer at the requested index + /// + /// If `QUIC` is true the data will be copied into the *un*filled section of the buffer + /// + /// If `QUIC` is false the data will be copied into the filled section of the buffer + fn copy(&mut self, src: &[u8], at: usize); +} + +fn copy_into_buffer(buf: &mut [u8], src: &[u8], at: usize) { + buf[at..at + src.len()].copy_from_slice(src); +} + +trait FilledDeframerBuffer { + fn filled_mut(&mut self) -> &mut [u8]; + + fn filled_get(&self, index: I) -> &I::Output + where + I: SliceIndex<[u8]>, + { + self.filled().get(index).unwrap() } fn len(&self) -> usize { - self.used + self.filled().len() } + + fn filled(&self) -> &[u8]; } enum HandshakePayloadState { From 3ec36416627ae51f3c8cd2d7e5fa4c7ee2ec691d Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Mon, 4 Dec 2023 10:33:47 -0500 Subject: [PATCH 0511/1145] Introduce `DeframerSliceBuffer` --- rustls/src/msgs/deframer.rs | 50 +++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index d963f90a74..ede3b96653 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -327,6 +327,12 @@ pub struct DeframerVecBuffer { } impl DeframerVecBuffer { + /// Borrows the initialized contents of this buffer and tracks pending discard operations via + /// the `discard` reference + pub fn borrow(&mut self) -> DeframerSliceBuffer { + DeframerSliceBuffer::new(&mut self.buf[..self.used]) + } + /// Returns true if there are messages for the caller to process pub fn has_pending(&self) -> bool { !self.is_empty() @@ -422,6 +428,50 @@ impl DeframerBuffer for DeframerVecBuffer { } impl DeframerBuffer for DeframerVecBuffer { + fn copy(&mut self, src: &[u8], at: usize) { + self.borrow().copy(src, at) + } +} + +/// A borrowed version of [`DeframerVecBuffer`] that tracks discard operations +pub struct DeframerSliceBuffer<'a> { + // a fully initialized buffer that will be deframed + buf: &'a mut [u8], + // number of bytes to discard from the front of `buf` at a later time + discard: usize, +} + +impl<'a> DeframerSliceBuffer<'a> { + pub fn new(buf: &'a mut [u8]) -> Self { + Self { buf, discard: 0 } + } + + /// Tracks a pending discard operation of `num_bytes` + pub fn queue_discard(&mut self, num_bytes: usize) { + self.discard += num_bytes; + } + + /// Returns the number of bytes that need to be discarded + pub fn pending_discard(&self) -> usize { + self.discard + } + + pub fn is_empty(&self) -> bool { + self.len() == 0 + } +} + +impl FilledDeframerBuffer for DeframerSliceBuffer<'_> { + fn filled_mut(&mut self) -> &mut [u8] { + &mut self.buf[self.discard..] + } + + fn filled(&self) -> &[u8] { + &self.buf[self.discard..] + } +} + +impl DeframerBuffer for DeframerSliceBuffer<'_> { fn copy(&mut self, src: &[u8], at: usize) { copy_into_buffer(self.filled_mut(), src, at) } From 17e938c3af1c680d359eb69f109877a946a9fe3f Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Mon, 4 Dec 2023 10:34:44 -0500 Subject: [PATCH 0512/1145] Batch discard operations --- fuzz/fuzzers/deframer.rs | 5 ++++- rustls/src/conn.rs | 22 +++++++++++++++------- rustls/src/msgs/deframer.rs | 21 +++++++++++++-------- 3 files changed, 32 insertions(+), 16 deletions(-) diff --git a/fuzz/fuzzers/deframer.rs b/fuzz/fuzzers/deframer.rs index 6bb9c2738f..b46459addf 100644 --- a/fuzz/fuzzers/deframer.rs +++ b/fuzz/fuzzers/deframer.rs @@ -20,7 +20,10 @@ fuzz_target!(|data: &[u8]| { buf.has_pending(); let mut rl = RecordLayer::new(); - while let Ok(Some(decrypted)) = dfm.pop(&mut rl, None, &mut buf) { + let mut borrowed_buf = buf.borrow(); + while let Ok(Some(decrypted)) = dfm.pop(&mut rl, None, &mut borrowed_buf) { Message::try_from(decrypted.message).ok(); } + let discard = borrowed_buf.pending_discard(); + buf.discard(discard); }); diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index b2391e63f4..b4f1f1cfb4 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -3,7 +3,7 @@ use crate::enums::{AlertDescription, ContentType}; use crate::error::{Error, PeerMisbehaved}; #[cfg(feature = "logging")] use crate::log::trace; -use crate::msgs::deframer::{Deframed, DeframerVecBuffer, MessageDeframer}; +use crate::msgs::deframer::{Deframed, DeframerSliceBuffer, DeframerVecBuffer, MessageDeframer}; use crate::msgs::handshake::Random; use crate::msgs::message::{Message, MessagePayload, PlainMessage}; use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; @@ -452,11 +452,14 @@ impl ConnectionCommon { /// This is a shortcut to the `process_new_packets()` -> `process_msg()` -> /// `process_handshake_messages()` path, specialized for the first handshake message. pub(crate) fn first_handshake_message(&mut self) -> Result, Error> { - match self + let mut deframer_buffer = self.deframer_buffer.borrow(); + let res = self .core - .deframe(None, &mut self.deframer_buffer)? - .map(Message::try_from) - { + .deframe(None, &mut deframer_buffer); + let discard = deframer_buffer.pending_discard(); + self.deframer_buffer.discard(discard); + + match res?.map(Message::try_from) { Some(Ok(msg)) => Ok(Some(msg)), Some(Err(err)) => Err(self.send_fatal_alert(AlertDescription::DecodeError, err)), None => Ok(None), @@ -646,16 +649,21 @@ impl ConnectionCore { } }; - while let Some(msg) = self.deframe(Some(&*state), deframer_buffer)? { + let mut borrowed_buffer = deframer_buffer.borrow(); + while let Some(msg) = self.deframe(Some(&*state), &mut borrowed_buffer)? { match self.process_msg(msg, state) { Ok(new) => state = new, Err(e) => { self.state = Err(e.clone()); + let discard = borrowed_buffer.pending_discard(); + deframer_buffer.discard(discard); return Err(e); } } } + let discard = borrowed_buffer.pending_discard(); + deframer_buffer.discard(discard); self.state = Ok(state); Ok(self.common_state.current_io_state()) } @@ -664,7 +672,7 @@ impl ConnectionCore { fn deframe( &mut self, state: Option<&dyn State>, - deframer_buffer: &mut DeframerVecBuffer, + deframer_buffer: &mut DeframerSliceBuffer, ) -> Result, Error> { match self.message_deframer.pop( &mut self.common_state.record_layer, diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index ede3b96653..6da2d9d4a7 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -37,7 +37,7 @@ impl MessageDeframer { &mut self, record_layer: &mut RecordLayer, negotiated_version: Option, - buffer: &mut DeframerVecBuffer, + buffer: &mut DeframerSliceBuffer, ) -> Result, Error> { if let Some(last_err) = self.last_error.clone() { return Err(last_err); @@ -110,7 +110,7 @@ impl MessageDeframer { }; if self.joining_hs.is_none() && allowed_plaintext { // This is unencrypted. We check the contents later. - buffer.discard(end); + buffer.queue_discard(end); return Ok(Some(Deframed { want_close_before_decrypt: false, aligned: true, @@ -137,7 +137,7 @@ impl MessageDeframer { )); } Ok(None) => { - buffer.discard(end); + buffer.queue_discard(end); continue; } Err(e) => return Err(e), @@ -154,7 +154,7 @@ impl MessageDeframer { // If it's not a handshake message, just return it -- no joining necessary. if msg.typ != ContentType::Handshake { let end = start + rd.used(); - buffer.discard(end); + buffer.queue_discard(end); return Ok(Some(Deframed { want_close_before_decrypt: false, aligned: true, @@ -196,7 +196,7 @@ impl MessageDeframer { // discard all of the bytes that we're previously buffered as handshake data. let end = meta.message.end; self.joining_hs = None; - buffer.discard(end); + buffer.queue_discard(end); } Ok(Some(Deframed { @@ -373,7 +373,7 @@ impl DeframerVecBuffer { } /// Discard `taken` bytes from the start of our buffer. - fn discard(&mut self, taken: usize) { + pub fn discard(&mut self, taken: usize) { #[allow(clippy::comparison_chain)] if taken < self.used { /* Before: @@ -855,8 +855,13 @@ mod tests { record_layer: &mut RecordLayer, negotiated_version: Option, ) -> Result, Error> { - self.inner - .pop(record_layer, negotiated_version, &mut self.buffer) + let mut deframer_buffer = self.buffer.borrow(); + let res = self + .inner + .pop(record_layer, negotiated_version, &mut deframer_buffer); + let discard = deframer_buffer.pending_discard(); + self.buffer.discard(discard); + res } fn read(&mut self, rd: &mut dyn io::Read) -> io::Result { From b2cd88697f29414f0de23e7d54ec64b8972541dd Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 6 Dec 2023 13:32:52 -0500 Subject: [PATCH 0513/1145] Cargo: version 0.22 -> 0.23-alpha.0 We're starting to land semver incompatible changes into `main`. This commit bumps the crate version so that the semver detection job won't cause spurious failures. --- Cargo.lock | 10 +++++----- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a996b923a6..c1975ed125 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1681,7 +1681,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.22.0" +version = "0.23.0-alpha.0" dependencies = [ "aws-lc-rs", "base64", @@ -1709,7 +1709,7 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls 0.22.0", + "rustls 0.23.0-alpha.0", "rustls-pemfile 2.0.0", "rustls-pki-types", ] @@ -1721,7 +1721,7 @@ dependencies = [ "hickory-resolver", "regex", "ring 0.17.6", - "rustls 0.22.0", + "rustls 0.23.0-alpha.0", ] [[package]] @@ -1733,7 +1733,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.22.0", + "rustls 0.23.0-alpha.0", "rustls-pemfile 2.0.0", "rustls-pki-types", "serde", @@ -1784,7 +1784,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.22.0", + "rustls 0.23.0-alpha.0", "rustls-pki-types", "rustls-webpki 0.102.0", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index f1540fc75e..025e345c18 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -71,7 +71,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.22.0" +version = "0.23.0-alpha.0" dependencies = [ "log", "ring", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index bc8b5e7786..58d27ee224 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.22.0" +version = "0.23.0-alpha.0" edition = "2021" rust-version = "1.61" license = "Apache-2.0 OR ISC OR MIT" From 495acf3444cb99ae21b5859abeda5e5f733ae692 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 6 Dec 2023 13:27:58 -0500 Subject: [PATCH 0514/1145] crypto: explain TLS 1.2 version in TLS 1.3 message encrypters Without the context of RFC 8446 in your mind the use of the `ProtocolVersion::TLSv1_2` constant in the TLS 1.3 `MessageEncrypter` implementations appears like an oversight or copy/paste error. This commit adds a brief explanatory comment. --- rustls/src/crypto/aws_lc_rs/tls13.rs | 2 ++ rustls/src/crypto/ring/tls13.rs | 2 ++ 2 files changed, 4 insertions(+) diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index 1d3b2d043f..a1b750cf1c 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -222,6 +222,8 @@ impl MessageEncrypter for AeadMessageEncrypter { Ok(OpaqueMessage::new( ContentType::ApplicationData, + // Note: all TLS 1.3 application data records use TLSv1_2 (0x0303) as the legacy record + // protocol version, see https://www.rfc-editor.org/rfc/rfc8446#section-5.1 ProtocolVersion::TLSv1_2, payload, )) diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index c6b1e8c1c9..73d93d64db 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -194,6 +194,8 @@ impl MessageEncrypter for Tls13MessageEncrypter { Ok(OpaqueMessage::new( ContentType::ApplicationData, + // Note: all TLS 1.3 application data records use TLSv1_2 (0x0303) as the legacy record + // protocol version, see https://www.rfc-editor.org/rfc/rfc8446#section-5.1 ProtocolVersion::TLSv1_2, payload, )) From 1118c74cc0893e101c0784061720fddc332f7efa Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Wed, 6 Dec 2023 15:06:23 -0500 Subject: [PATCH 0515/1145] Mark `SupportedProtocolVersion` as non-exhaustive --- rustls/src/versions.rs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/rustls/src/versions.rs b/rustls/src/versions.rs index 7f31c8e854..4acdf99ae1 100644 --- a/rustls/src/versions.rs +++ b/rustls/src/versions.rs @@ -7,11 +7,11 @@ use crate::enums::ProtocolVersion; /// All possible instances of this class are provided by the library in /// the [`ALL_VERSIONS`] array, as well as individually as [`TLS12`] /// and [`TLS13`]. +#[non_exhaustive] #[derive(Eq, PartialEq)] pub struct SupportedProtocolVersion { /// The TLS enumeration naming this version. pub version: ProtocolVersion, - is_private: (), } impl fmt::Debug for SupportedProtocolVersion { @@ -24,13 +24,11 @@ impl fmt::Debug for SupportedProtocolVersion { #[cfg(feature = "tls12")] pub static TLS12: SupportedProtocolVersion = SupportedProtocolVersion { version: ProtocolVersion::TLSv1_2, - is_private: (), }; /// TLS1.3 pub static TLS13: SupportedProtocolVersion = SupportedProtocolVersion { version: ProtocolVersion::TLSv1_3, - is_private: (), }; /// A list of all the protocol versions supported by rustls. From 2800ad712e4ab2bebb553a074b9da5f8ae75ca95 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 4 Dec 2023 11:09:23 +0100 Subject: [PATCH 0516/1145] quic: require that PacketKey and HeaderProtectionKey are Send + sync --- rustls/src/quic.rs | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index fe98086c94..bdc69013df 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -587,7 +587,7 @@ pub trait Algorithm: Send + Sync { } /// A QUIC header protection key -pub trait HeaderProtectionKey { +pub trait HeaderProtectionKey: Send + Sync { /// Adds QUIC Header Protection. /// /// `sample` must contain the sample of encrypted payload; see @@ -648,7 +648,7 @@ pub trait HeaderProtectionKey { } /// Keys to encrypt or decrypt the payload of a packet -pub trait PacketKey { +pub trait PacketKey: Send + Sync { /// Encrypt a QUIC packet /// /// Takes a `packet_number`, used to derive the nonce; the packet `header`, which is used as @@ -894,3 +894,17 @@ impl Default for Version { Self::V1 } } + +#[cfg(test)] +mod tests { + use crate::quic::HeaderProtectionKey; + + use super::PacketKey; + + #[test] + fn auto_traits() { + fn assert_auto() {} + assert_auto::>(); + assert_auto::>(); + } +} From 976e522a0d2c88e597caf9a43b1e59c4f0d57335 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 4 Dec 2023 11:37:32 +0100 Subject: [PATCH 0517/1145] suites: move Debug impl below inherent impl --- rustls/src/suites.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 80c9e4bf98..575acf753c 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -54,12 +54,6 @@ pub enum SupportedCipherSuite { Tls13(&'static Tls13CipherSuite), } -impl fmt::Debug for SupportedCipherSuite { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - self.suite().fmt(f) - } -} - impl SupportedCipherSuite { /// The cipher suite's identifier pub fn suite(&self) -> CipherSuite { @@ -125,6 +119,12 @@ impl SupportedCipherSuite { } } +impl fmt::Debug for SupportedCipherSuite { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + self.suite().fmt(f) + } +} + // These both O(N^2)! pub(crate) fn choose_ciphersuite_preferring_client( client_suites: &[CipherSuite], From 8b054591f0a64cfec6dee7d4e0f86302bacba7b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Thu, 7 Dec 2023 13:08:24 +0100 Subject: [PATCH 0518/1145] bench: remove redundant benchmark param --- rustls/examples/internal/bench_impl.rs | 6 ------ 1 file changed, 6 deletions(-) diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 5b9e9bbde9..137e434225 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -203,12 +203,6 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[ &rustls::version::TLS12, ), #[cfg(feature = "tls12")] - BenchmarkParam::new( - KeyType::Rsa, - cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - &rustls::version::TLS12, - ), - #[cfg(feature = "tls12")] BenchmarkParam::new( KeyType::Rsa, cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, From 3a35efe7dd30850e7a8d103ca3b458d1a4fad0ae Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 7 Dec 2023 09:20:29 +0100 Subject: [PATCH 0519/1145] Re-export the rustls-pki-types crate contents --- rustls/Cargo.toml | 1 + rustls/src/lib.rs | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 58d27ee224..fd0d588fc6 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -61,5 +61,6 @@ rustdoc-args = ["--cfg", "docsrs"] [package.metadata.cargo_check_external_types] allowed_external_types = [ + "rustls_pki_types", "rustls_pki_types::*", ] diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 0344d78a3f..1472fb6d07 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -532,6 +532,11 @@ pub mod version { pub use crate::versions::TLS13; } +/// Re-exports the contents of rustls-pki-types crate for easy access +pub mod pki_types { + pub use pki_types::*; +} + /// Message signing interfaces. pub mod sign { pub use crate::crypto::signer::{CertifiedKey, Signer, SigningKey}; From 0963cca28d562949e24a413f671fac3397c23eeb Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Thu, 7 Dec 2023 12:32:39 -0800 Subject: [PATCH 0520/1145] update examples to use pki_types re-export We now re-export the rustls-pki-types crate. I think that means our preferred way for crates to consume pki-types is through the re-exports. --- ci-bench/src/util.rs | 2 +- examples/src/bin/server_acceptor.rs | 4 +++- examples/src/bin/simple_0rtt_client.rs | 3 +-- examples/src/bin/tlsclient-mio.rs | 2 +- examples/src/bin/tlsserver-mio.rs | 2 +- fuzz/fuzzers/server_name.rs | 2 +- provider-example/examples/server.rs | 2 +- provider-example/src/lib.rs | 2 +- provider-example/src/sign.rs | 2 +- provider-example/src/verify.rs | 2 +- rustls/src/lib.rs | 2 +- 11 files changed, 13 insertions(+), 12 deletions(-) diff --git a/ci-bench/src/util.rs b/ci-bench/src/util.rs index 21c3964013..ed78076b2e 100644 --- a/ci-bench/src/util.rs +++ b/ci-bench/src/util.rs @@ -1,6 +1,6 @@ use std::{fs, io}; -use pki_types::{CertificateDer, PrivateKeyDer}; +use rustls::pki_types::{CertificateDer, PrivateKeyDer}; #[derive(PartialEq, Clone, Copy, Debug)] pub enum KeyType { diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index 9e2697ad6f..8f9897be8a 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -13,9 +13,11 @@ use std::time::Duration; use std::{fs, thread}; use docopt::Docopt; -use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, PrivatePkcs8KeyDer}; use serde_derive::Deserialize; +use rustls::pki_types::{ + CertificateDer, CertificateRevocationListDer, PrivateKeyDer, PrivatePkcs8KeyDer, +}; use rustls::server::{Acceptor, ClientHello, ServerConfig, WebPkiClientVerifier}; use rustls::RootCertStore; diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index 4285fe2d23..352397f18c 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -2,8 +2,7 @@ use std::io::{BufRead, BufReader, Write}; use std::net::TcpStream; use std::sync::Arc; -use pki_types::ServerName; - +use rustls::pki_types::ServerName; use rustls::RootCertStore; fn start_connection(config: &Arc, domain_name: &str) { diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 88e7a0622a..eba7d6a414 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -5,10 +5,10 @@ use std::{fs, process, str}; use docopt::Docopt; use mio::net::TcpStream; -use pki_types::{CertificateDer, PrivateKeyDer, ServerName}; use serde::Deserialize; use rustls::crypto::CryptoProvider; +use rustls::pki_types::{CertificateDer, PrivateKeyDer, ServerName}; use rustls::RootCertStore; const CLIENT: mio::Token = mio::Token(0); diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index a06662b491..b253bd68df 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -6,10 +6,10 @@ use std::{fs, net}; use docopt::Docopt; use log::{debug, error}; use mio::net::{TcpListener, TcpStream}; -use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use serde::Deserialize; use rustls::crypto::{ring, CryptoProvider}; +use rustls::pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use rustls::server::WebPkiClientVerifier; use rustls::{self, RootCertStore}; diff --git a/fuzz/fuzzers/server_name.rs b/fuzz/fuzzers/server_name.rs index eff2099261..444762e5dc 100644 --- a/fuzz/fuzzers/server_name.rs +++ b/fuzz/fuzzers/server_name.rs @@ -3,7 +3,7 @@ extern crate libfuzzer_sys; extern crate rustls; -use pki_types::ServerName; +use rustls::pki_types::ServerName; fuzz_target!(|data: &[u8]| { let _ = std::str::from_utf8(data) diff --git a/provider-example/examples/server.rs b/provider-example/examples/server.rs index ee91e45bec..7d592cdfc6 100644 --- a/provider-example/examples/server.rs +++ b/provider-example/examples/server.rs @@ -1,7 +1,7 @@ use std::io::Write; use std::sync::Arc; -use pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer}; +use rustls::pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer}; use rustls::server::Acceptor; use rustls::ServerConfig; diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 48008ef218..18f8776928 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -6,8 +6,8 @@ extern crate std; use alloc::sync::Arc; -use pki_types::PrivateKeyDer; use rustls::crypto::CryptoProvider; +use rustls::pki_types::PrivateKeyDer; mod aead; mod hash; diff --git a/provider-example/src/sign.rs b/provider-example/src/sign.rs index 638668b7ef..36f7beae81 100644 --- a/provider-example/src/sign.rs +++ b/provider-example/src/sign.rs @@ -3,7 +3,7 @@ use alloc::sync::Arc; use alloc::vec::Vec; use pkcs8::DecodePrivateKey; -use pki_types::PrivateKeyDer; +use rustls::pki_types::PrivateKeyDer; use rustls::sign::{Signer, SigningKey}; use rustls::{SignatureAlgorithm, SignatureScheme}; use signature::{RandomizedSigner, SignatureEncoding}; diff --git a/provider-example/src/verify.rs b/provider-example/src/verify.rs index 4f7670c7ed..dbd6f73ddd 100644 --- a/provider-example/src/verify.rs +++ b/provider-example/src/verify.rs @@ -1,8 +1,8 @@ use der::Reader; -use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm}; use rsa::signature::Verifier; use rsa::{pkcs1v15, pss, BigUint, RsaPublicKey}; use rustls::crypto::WebPkiSupportedAlgorithms; +use rustls::pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm}; use rustls::SignatureScheme; use webpki::alg_id; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 1472fb6d07..c57f779deb 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -532,7 +532,7 @@ pub mod version { pub use crate::versions::TLS13; } -/// Re-exports the contents of rustls-pki-types crate for easy access +/// Re-exports the contents of the [rustls-pki-types](https://docs.rs/rustls-pki-types) crate for easy access pub mod pki_types { pub use pki_types::*; } From 4074adf8a901c955887312cad26e6943d90ffcc9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 04:07:27 +0000 Subject: [PATCH 0521/1145] build(deps): bump actions/setup-go from 4 to 5 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 45cb7f51d1..52dd189fd6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -128,7 +128,7 @@ jobs: uses: dtolnay/rust-toolchain@stable - name: Install golang toolchain - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: "1.20" cache: false From 937a51c3842c361f980d6afcae406df63f6d4f47 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 11 Dec 2023 11:03:57 +0100 Subject: [PATCH 0522/1145] Update semver-compatible dependencies --- Cargo.lock | 94 ++++++++++++++++++++++++------------------------- fuzz/Cargo.lock | 12 +++---- 2 files changed, 53 insertions(+), 53 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c1975ed125..d34f7726da 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -63,9 +63,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.4" +version = "0.6.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ab91ebe16eb252986481c5b62f6098f3b698a45e34b5b98200cf20dd2484a44" +checksum = "d664a92ecae85fd0a7392615844904654d1d5f5514837f471ddef4a057aba1b6" dependencies = [ "anstyle", "anstyle-parse", @@ -83,30 +83,30 @@ checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87" [[package]] name = "anstyle-parse" -version = "0.2.2" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "317b9a89c1868f5ea6ff1d9539a69f45dffc21ce321ac1fd1160dfa48c8e2140" +checksum = "c75ac65da39e5fe5ab759307499ddad880d724eed2f6ce5b5e8a26f4f387928c" dependencies = [ "utf8parse", ] [[package]] name = "anstyle-query" -version = "1.0.0" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b" +checksum = "e28923312444cdd728e4738b3f9c9cac739500909bb3d3c94b43551b16517648" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] name = "anstyle-wincon" -version = "3.0.1" +version = "3.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0699d10d2f4d628a98ee7b57b289abbc98ff3bad977cb3152709d4bf2330628" +checksum = "1cd54b81ec8d6180e24654d0b371ad22fc3dd083b6ff8ba325b72e00c87660a7" dependencies = [ "anstyle", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -331,9 +331,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.10" +version = "4.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41fffed7514f420abec6d183b1d3acfd9099c79c3a10a06ade4f8203f1411272" +checksum = "bfaff671f6b22ca62406885ece523383b9b64022e341e53e009a62ebc47a45f2" dependencies = [ "clap_builder", "clap_derive", @@ -341,9 +341,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.9" +version = "4.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "63361bae7eef3771745f02d8d892bec2fee5f6e34af316ba556e7f97a7069ff1" +checksum = "a216b506622bb1d316cd51328dce24e07bdff4a6128a47c7e7fad11878d5adbb" dependencies = [ "anstream", "anstyle", @@ -836,7 +836,7 @@ dependencies = [ "ipnet", "once_cell", "rand", - "rustls 0.21.9", + "rustls 0.21.10", "rustls-pemfile 1.0.4", "thiserror", "tinyvec", @@ -862,7 +862,7 @@ dependencies = [ "parking_lot", "rand", "resolv-conf", - "rustls 0.21.9", + "rustls 0.21.10", "smallvec", "thiserror", "tokio", @@ -1043,9 +1043,9 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.9" +version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" +checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" [[package]] name = "js-sys" @@ -1073,9 +1073,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.150" +version = "0.2.151" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" +checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" [[package]] name = "libloading" @@ -1168,9 +1168,9 @@ dependencies = [ [[package]] name = "mio" -version = "0.8.9" +version = "0.8.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3dce281c5e46beae905d4de1870d8b1509a9142b62eedf18b443b011ca8343d0" +checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09" dependencies = [ "libc", "log", @@ -1263,9 +1263,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.18.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "opaque-debug" @@ -1600,9 +1600,9 @@ dependencies = [ [[package]] name = "ring" -version = "0.17.6" +version = "0.17.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "684d5e6e18f669ccebf64a92236bb7db9a34f07be010e3627368182027180866" +checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" dependencies = [ "cc", "getrandom", @@ -1656,9 +1656,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.26" +version = "0.38.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9470c4bf8246c8daf25f9598dca807fb6510347b1e1cfa55749113850c79d88a" +checksum = "72e572a5e8ca657d7366229cdde4bd14c4eb5499a9573d4d366fe1b599daa316" dependencies = [ "bitflags 2.4.1", "errno", @@ -1669,12 +1669,12 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.9" +version = "0.21.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "629648aced5775d558af50b2b4c7b02983a04b312126d45eeead26e7caa498b9" +checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", - "ring 0.17.6", + "ring 0.17.7", "rustls-webpki 0.101.7", "sct", ] @@ -1688,7 +1688,7 @@ dependencies = [ "bencher", "env_logger", "log", - "ring 0.17.6", + "ring 0.17.7", "rustls-pemfile 2.0.0", "rustls-pki-types", "rustls-webpki 0.102.0", @@ -1720,7 +1720,7 @@ version = "0.0.1" dependencies = [ "hickory-resolver", "regex", - "ring 0.17.6", + "ring 0.17.7", "rustls 0.23.0-alpha.0", ] @@ -1762,9 +1762,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb0a1f9b9efec70d32e6d6aa3e58ebd88c3754ec98dfe9145c63cf54cc829b83" +checksum = "e7673e0aa20ee4937c6aacfc12bb8341cfbf054cdd21df6bec5fd0629fe9339b" [[package]] name = "rustls-provider-example" @@ -1801,7 +1801,7 @@ version = "0.101.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ - "ring 0.17.6", + "ring 0.17.7", "untrusted 0.9.0", ] @@ -1812,7 +1812,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "de2635c8bc2b88d367767c5de8ea1d8db9af3f6219eba28442242d9ab81d1b89" dependencies = [ "aws-lc-rs", - "ring 0.17.6", + "ring 0.17.7", "rustls-pki-types", "untrusted 0.9.0", ] @@ -1825,9 +1825,9 @@ checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" [[package]] name = "ryu" -version = "1.0.15" +version = "1.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741" +checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c" [[package]] name = "scopeguard" @@ -1841,7 +1841,7 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ - "ring 0.17.6", + "ring 0.17.7", "untrusted 0.9.0", ] @@ -1984,9 +1984,9 @@ checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" [[package]] name = "syn" -version = "2.0.39" +version = "2.0.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a" +checksum = "13fa70a4ee923979ffb522cacce59d34421ebdea5625e1073c4326ef9d2dd42e" dependencies = [ "proc-macro2", "quote", @@ -2057,9 +2057,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.34.0" +version = "1.35.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0c014766411e834f7af5b8f4cf46257aab4036ca95e9d2c144a10f59ad6f5b9" +checksum = "841d45b238a16291a4e1584e61820b8ae57d696cc5015c459c229ccc6990cc1c" dependencies = [ "backtrace", "bytes", @@ -2077,7 +2077,7 @@ version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls 0.21.9", + "rustls 0.21.10", "tokio", ] @@ -2134,9 +2134,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-bidi" -version = "0.3.13" +version = "0.3.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" +checksum = "6f2528f27a9eb2b21e69c95319b30bd0efd85d09c379741b0f78ea1d86be2416" [[package]] name = "unicode-ident" diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 025e345c18..24152287d2 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -36,9 +36,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.150" +version = "0.2.151" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" +checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" [[package]] name = "libfuzzer-sys" @@ -57,9 +57,9 @@ checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" [[package]] name = "ring" -version = "0.17.5" +version = "0.17.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b" +checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" dependencies = [ "cc", "getrandom", @@ -92,9 +92,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb0a1f9b9efec70d32e6d6aa3e58ebd88c3754ec98dfe9145c63cf54cc829b83" +checksum = "e7673e0aa20ee4937c6aacfc12bb8341cfbf054cdd21df6bec5fd0629fe9339b" [[package]] name = "rustls-webpki" From 75edb20a1e6a894089516053348b6137a425b9b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Mon, 11 Dec 2023 14:05:32 +0100 Subject: [PATCH 0523/1145] bench: remove unused function --- rustls/examples/internal/bench_impl.rs | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 137e434225..f0955e2a85 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -43,24 +43,6 @@ fn duration_nanos(d: Duration) -> f64 { (d.as_secs() as f64) + f64::from(d.subsec_nanos()) / 1e9 } -fn _bench(count: usize, name: &'static str, f_setup: Fsetup, f_test: Ftest) -where - Fsetup: Fn() -> S, - Ftest: Fn(S), -{ - let mut times = Vec::new(); - - for _ in 0..count { - let state = f_setup(); - let start = Instant::now(); - f_test(state); - times.push(duration_nanos(Instant::now().duration_since(start))); - } - - println!("{}", name); - println!("{:?}", times); -} - fn time(mut f: F) -> f64 where F: FnMut(), From 0152242c3a62b63ff1300732efbb250b6b573f8c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 7 Dec 2023 14:09:54 +0000 Subject: [PATCH 0524/1145] Add roadmap This is taken as a starting point from --- README.md | 2 ++ ROADMAP.md | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 ROADMAP.md diff --git a/README.md b/README.md index 28498df7cf..9bcc81e7d4 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,8 @@ Rustls is used in production at many organizations and projects. We aim to maint reasonable API surface stability but the API may evolve as we make changes to accomodate new features or performance improvements. +We have a [roadmap](ROADMAP.md) for our future plans. + If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md). [![Build Status](https://github.com/rustls/rustls/actions/workflows/build.yml/badge.svg?branch=main)](https://github.com/rustls/rustls/actions/workflows/build.yml?query=branch%3Amain) diff --git a/ROADMAP.md b/ROADMAP.md new file mode 100644 index 0000000000..acc471e371 --- /dev/null +++ b/ROADMAP.md @@ -0,0 +1,67 @@ +# Rustls development roadmap + +## Future priorities + +In rough order of priority: + +* **Enable Pluggable Cryptographic Back-ends**. + Allow plugging in different cryptographic back-ends. + rustls/rustls#1184 + +* **FIPS Certification for Default Cryptographic Library**. + Change the default cryptographic library to something with FIPS certification. + rustls/rustls#1540 + +* **Comprehensive Performance Benchmarking**. + Performance should be a headline feature of Rustls. We need to develop a more + comprehensive benchmarking system so that we can assess and improve performance + from multiple angles, including CPU usage, latency, and memory usage. + +* **Add No-Allocation / Write-Through API**. + Would make handshakes faster and give the caller more control over allocations. + RFC: rustls/rustls#1420 + +* **Support no_std**. + Enables use of rustls in more memory-constrained environments. + RFC: rustls/rustls#1399 + +* **OpenSSL API Compatibility Layer**. + Add an OpenSSL C API compatibility layer for adoption purposes. + +* **Support Encrypted Client Hello**. + Encrypted Client Hello is an upcoming standard from the TLS WG providing better + production for some of the data sent by a client in the initial ClientHello + message. + rustls/rustls#508 + +* **Improve OS Trust Verifier Support**. + While we currently have a way to trust certificates stored in the platform trust + store, platform trust stores can have other ways of restricting how/when roots + that they expose are trusted. In order to rely on these (on Darwin and Windows) + we should rely on the platform verifier directly. + + Given that platform verifiers may require blocking I/O, some API changes are + required. + rustls/rustls-native-certs#25 + +* **Additional Performance Optimization**. + Additional performance optimization including CPU usage, latency, and memory + usage. The goal is to outperform OpenSSL across the board if we are not already. + +* **Support RFC 8879 Certificate Compression**. + Support for a TLS extension that substantially shrinks certificates (one of the + largest parts of the TLS handshake), improving handshake latency by decreasing + bandwidth used. + rustls/rustls#534 + +* **Add/extend support for TLS 1.3 Early Data**. + Early data allows clients to submit data before the TLS handshake is complete + in some cases (idempotent requests, data where replay is not a risk), improving + latency in the cases of, for example, HTTP requests by submitting the request + in parallel with the TLS handshake. + +* **Enforce Confidentiality / Integrity Limits**. + The QUIC use of TLS mandates limited usage of AEAD keys. While TLS 1.3 and 1.2 + do not require this, the same kinds of issues can apply here, and we should + consider implementing limits for TLS over TCP as well. + rustls/rustls#755 From 79525744299b30389018d6363783564da3401764 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 7 Dec 2023 14:28:01 +0000 Subject: [PATCH 0525/1145] ROADMAP.md: add the stuff we did in 0.21 --- ROADMAP.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ROADMAP.md b/ROADMAP.md index acc471e371..ef9e225d4d 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -65,3 +65,25 @@ In rough order of priority: do not require this, the same kinds of issues can apply here, and we should consider implementing limits for TLS over TCP as well. rustls/rustls#755 + +## Past priorities + +Delivered in 0.21: + +* **Support IP Address Certificates**. + There are some popular use cases where applications want TLS certificates for + services that don’t have their own host name, relying on the IP address directly + instead. I've heard from one customer that this is common in Kubernetes deployments. + rustls/rustls#184 + +* **Implement RFC 8446 Appendix C.4 in session cache**. + TLS clients should use session tickets at most once for resumption. Without this, + TLS clients may be tracked across connections through reuse of session tickets. + Requires changes of the internal APIs to the session caching infrastructure. + rustls/rustls#466 + +* **Improve Client Certificate Authentication Support**. + Rustls and webpki currently do not provide access to client information supplied + as part of the certificate, and there’s no infrastructure to deal with revocation + checks. + rustls/rustls-ffi#87 From e10cdebf1bdbd9c229d86deee50fa0fedaf94181 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 7 Dec 2023 14:29:18 +0000 Subject: [PATCH 0526/1145] ROADMAP.md: add 0.22 section --- ROADMAP.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index ef9e225d4d..aada578958 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -4,10 +4,6 @@ In rough order of priority: -* **Enable Pluggable Cryptographic Back-ends**. - Allow plugging in different cryptographic back-ends. - rustls/rustls#1184 - * **FIPS Certification for Default Cryptographic Library**. Change the default cryptographic library to something with FIPS certification. rustls/rustls#1540 @@ -68,6 +64,12 @@ In rough order of priority: ## Past priorities +Delivered in 0.22: + +* **Enable Pluggable Cryptographic Back-ends**. + Allow plugging in different cryptographic back-ends. + rustls/rustls#1184 + Delivered in 0.21: * **Support IP Address Certificates**. From caa45ba7ca27004a49fe1a084d69629438fdebad Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Dec 2023 12:33:25 +0000 Subject: [PATCH 0527/1145] ROADMAP.md: mark early data work as completed Since 0.20.3 we support this for both servers and clients; I'm not aware of anything left to do here. --- ROADMAP.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index aada578958..755df6d623 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -50,12 +50,6 @@ In rough order of priority: bandwidth used. rustls/rustls#534 -* **Add/extend support for TLS 1.3 Early Data**. - Early data allows clients to submit data before the TLS handshake is complete - in some cases (idempotent requests, data where replay is not a risk), improving - latency in the cases of, for example, HTTP requests by submitting the request - in parallel with the TLS handshake. - * **Enforce Confidentiality / Integrity Limits**. The QUIC use of TLS mandates limited usage of AEAD keys. While TLS 1.3 and 1.2 do not require this, the same kinds of issues can apply here, and we should @@ -89,3 +83,11 @@ Delivered in 0.21: as part of the certificate, and there’s no infrastructure to deal with revocation checks. rustls/rustls-ffi#87 + +Delivered in 0.20: + +* **Add/extend support for TLS 1.3 Early Data**. + Early data allows clients to submit data before the TLS handshake is complete + in some cases (idempotent requests, data where replay is not a risk), improving + latency in the cases of, for example, HTTP requests by submitting the request + in parallel with the TLS handshake. From 2dd331cf46d4bf72023d5c440704222b85612df7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 11 Dec 2023 15:33:37 +0000 Subject: [PATCH 0528/1145] ROADMAP.md: assorted wordsmithing --- ROADMAP.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index 755df6d623..c62d4820d5 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -26,15 +26,15 @@ In rough order of priority: * **Support Encrypted Client Hello**. Encrypted Client Hello is an upcoming standard from the TLS WG providing better - production for some of the data sent by a client in the initial ClientHello + protection for some of the data sent by a client in the initial Client Hello message. rustls/rustls#508 * **Improve OS Trust Verifier Support**. While we currently have a way to trust certificates stored in the platform trust store, platform trust stores can have other ways of restricting how/when roots - that they expose are trusted. In order to rely on these (on Darwin and Windows) - we should rely on the platform verifier directly. + that they expose are trusted. In order to rely on these (on Windows, Android, + and Apple platforms) we should rely on the platform verifier directly. Given that platform verifiers may require blocking I/O, some API changes are required. @@ -69,7 +69,7 @@ Delivered in 0.21: * **Support IP Address Certificates**. There are some popular use cases where applications want TLS certificates for services that don’t have their own host name, relying on the IP address directly - instead. I've heard from one customer that this is common in Kubernetes deployments. + instead. This is common in Kubernetes deployments and service meshes. rustls/rustls#184 * **Implement RFC 8446 Appendix C.4 in session cache**. From c9ca47b209caefb7c0c46df29e67931695ca372f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 11 Dec 2023 15:53:31 +0000 Subject: [PATCH 0529/1145] ROADMAP.md: add kyber support item --- ROADMAP.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ROADMAP.md b/ROADMAP.md index c62d4820d5..c7823559d2 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -56,6 +56,11 @@ In rough order of priority: consider implementing limits for TLS over TCP as well. rustls/rustls#755 +* **Support Post-Quantum Hybrid Key Exchange**. + Experimental, optional support for the `X25519Kyber768Draft00` key exchange. + This should track [the draft](https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/). + rustls/rustls#1687 + ## Past priorities Delivered in 0.22: From 890c8baecec7c816160155e97f0429572299fdd1 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Dec 2023 12:30:18 +0000 Subject: [PATCH 0530/1145] ROADMAP.md: make benchmarking a completed item --- ROADMAP.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index c7823559d2..a24f9b8e1e 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -8,11 +8,6 @@ In rough order of priority: Change the default cryptographic library to something with FIPS certification. rustls/rustls#1540 -* **Comprehensive Performance Benchmarking**. - Performance should be a headline feature of Rustls. We need to develop a more - comprehensive benchmarking system so that we can assess and improve performance - from multiple angles, including CPU usage, latency, and memory usage. - * **Add No-Allocation / Write-Through API**. Would make handshakes faster and give the caller more control over allocations. RFC: rustls/rustls#1420 @@ -69,6 +64,11 @@ Delivered in 0.22: Allow plugging in different cryptographic back-ends. rustls/rustls#1184 +* **Comprehensive Performance Benchmarking**. + Performance should be a headline feature of Rustls. We need to develop a more + comprehensive benchmarking system so that we can assess and improve performance + from multiple angles, including CPU usage, latency, and memory usage. + Delivered in 0.21: * **Support IP Address Certificates**. From 3c16afed642f6aa49f7edcd0b5c1fb3c1e1d1801 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Dec 2023 04:52:17 +0000 Subject: [PATCH 0531/1145] build(deps): bump actions/upload-artifact from 3 to 4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/cifuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index f339219cb2..a07c10b112 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -19,7 +19,7 @@ jobs: dry-run: false language: rust - name: Upload Crash - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: failure() && steps.build.outcome == 'success' with: name: artifacts From 6c951b5d232b87c33869cd8e3f452e0105613c1d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Dec 2023 04:48:50 +0000 Subject: [PATCH 0532/1145] build(deps): bump the crates-io group with 1 update Bumps the crates-io group with 1 update: [rcgen](https://github.com/rustls/rcgen). - [Commits](https://github.com/rustls/rcgen/compare/v0.11.3...v0.12.0) --- updated-dependencies: - dependency-name: rcgen dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crates-io ... Signed-off-by: dependabot[bot] --- Cargo.lock | 112 +++--------------------------------- examples/Cargo.toml | 2 +- provider-example/Cargo.toml | 2 +- 3 files changed, 11 insertions(+), 105 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d34f7726da..bc9cb330aa 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -241,12 +241,6 @@ dependencies = [ "generic-array", ] -[[package]] -name = "bumpalo" -version = "3.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" - [[package]] name = "byteorder" version = "1.5.0" @@ -1047,15 +1041,6 @@ version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" -[[package]] -name = "js-sys" -version = "0.3.66" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cee9c64da59eae3b50095c18d3e74f8b73c0b86d2792824ff01bbce68ba229ca" -dependencies = [ - "wasm-bindgen", -] - [[package]] name = "lazy_static" version = "1.4.0" @@ -1515,12 +1500,12 @@ dependencies = [ [[package]] name = "rcgen" -version = "0.11.3" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52c4f3084aa3bc7dfbba4eff4fab2a54db4324965d8872ab933565e6fbd83bc6" +checksum = "5d918c80c5a4c7560db726763020bd16db179e4d5b828078842274a443addb5d" dependencies = [ "pem", - "ring 0.16.20", + "ring", "time", "yasna", ] @@ -1583,21 +1568,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin 0.5.2", - "untrusted 0.7.1", - "web-sys", - "winapi", -] - [[package]] name = "ring" version = "0.17.7" @@ -1674,7 +1644,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", - "ring 0.17.7", + "ring", "rustls-webpki 0.101.7", "sct", ] @@ -1688,7 +1658,7 @@ dependencies = [ "bencher", "env_logger", "log", - "ring 0.17.7", + "ring", "rustls-pemfile 2.0.0", "rustls-pki-types", "rustls-webpki 0.102.0", @@ -1720,7 +1690,7 @@ version = "0.0.1" dependencies = [ "hickory-resolver", "regex", - "ring 0.17.7", + "ring", "rustls 0.23.0-alpha.0", ] @@ -1801,7 +1771,7 @@ version = "0.101.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ - "ring 0.17.7", + "ring", "untrusted 0.9.0", ] @@ -1812,7 +1782,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "de2635c8bc2b88d367767c5de8ea1d8db9af3f6219eba28442242d9ab81d1b89" dependencies = [ "aws-lc-rs", - "ring 0.17.7", + "ring", "rustls-pki-types", "untrusted 0.9.0", ] @@ -1841,7 +1811,7 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ - "ring 0.17.7", + "ring", "untrusted 0.9.0", ] @@ -2204,70 +2174,6 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "wasm-bindgen" -version = "0.2.89" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ed0d4f68a3015cc185aff4db9506a015f4b96f95303897bfa23f846db54064e" -dependencies = [ - "cfg-if", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.89" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b56f625e64f3a1084ded111c4d5f477df9f8c92df113852fa5a374dbda78826" -dependencies = [ - "bumpalo", - "log", - "once_cell", - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.89" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0162dbf37223cd2afce98f3d0785506dcb8d266223983e4b5b525859e6e182b2" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.89" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.89" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f" - -[[package]] -name = "web-sys" -version = "0.3.66" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50c24a44ec86bb68fbecd1b3efed7e85ea5621b39b35ef2766b66cd984f8010f" -dependencies = [ - "js-sys", - "wasm-bindgen", -] - [[package]] name = "webpki-roots" version = "0.25.3" diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 62ee8e9972..edfb44caa0 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -12,7 +12,7 @@ env_logger = "0.10" log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } -rcgen = { version = "0.11.3", features = ["pem"], default-features = false } +rcgen = { version = "0.12", features = ["pem", "ring"], default-features = false } rustls = { path = "../rustls", features = [ "logging" ]} rustls-pemfile = "2" serde = "1.0" diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 0588400dc6..dfdaf6da99 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -28,7 +28,7 @@ x25519-dalek = "2" [dev-dependencies] env_logger = "0.10" hex = "0.4.3" -rcgen = "0.11.1" +rcgen = { version = "0.12", features = ["ring"] } serde = { version = "1", features = ["derive"] } serde_json = "1" webpki-roots = "0.26" From 11b2e6c7825c6e7bb6ef2ecfe5029ad990dfe77f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Mon, 18 Dec 2023 11:07:36 +0100 Subject: [PATCH 0533/1145] bench: remove GitHub Actions for icount benchmarks This is no longer necessary now the benchmarks run on the bare-metal server (triggered through webhooks). --- .github/workflows/icount-bench.yml | 37 ------------------------------ 1 file changed, 37 deletions(-) delete mode 100644 .github/workflows/icount-bench.yml diff --git a/.github/workflows/icount-bench.yml b/.github/workflows/icount-bench.yml deleted file mode 100644 index 2fb5b0901a..0000000000 --- a/.github/workflows/icount-bench.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: icount bench -on: [pull_request] - -jobs: - icount-benchmarks: - name: Run icount benchmarks - runs-on: ubuntu-22.04 - steps: - - name: Install valgrind - run: | - sudo apt update - sudo apt install -y valgrind - valgrind --version - - - name: Install stable toolchain - uses: dtolnay/rust-toolchain@stable - - - name: Checkout ${{ github.base_ref }} - uses: actions/checkout@v4 - with: - clean: false - ref: ${{ github.base_ref }} - persist-credentials: false - - - name: Run icount benchmarks for ${{ github.base_ref }} - run: cd ci-bench && cargo run --locked --release -- run-all --output-dir ${{ runner.temp }}/base - - - name: Checkout PR - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Run icount benchmarks for PR - run: cd ci-bench && cargo run --locked --release -- run-all --output-dir ${{ runner.temp }}/pr - - - name: Compare results - run: cd ci-bench && cargo run --locked --release -- compare ${{ runner.temp }}/base ${{ runner.temp }}/pr > $GITHUB_STEP_SUMMARY From 8e8436578b9ab9572f6625a916560b57fe680241 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Mon, 18 Dec 2023 11:27:14 +0100 Subject: [PATCH 0534/1145] bench: remove split between significant / negligible in comparison When running the comparison locally, we do not have access to past results and are unable to categorize them as significant or negligible. Instead of hardcoding a 0.2% threshold, we remove the threshold altogether and tell users to rely on the CI when they are interested in the significance of the results. --- ci-bench/README.md | 5 ++-- ci-bench/src/main.rs | 71 ++++++++------------------------------------ 2 files changed, 16 insertions(+), 60 deletions(-) diff --git a/ci-bench/README.md b/ci-bench/README.md index 14ff49a2cb..71506e084d 100644 --- a/ci-bench/README.md +++ b/ci-bench/README.md @@ -60,8 +60,9 @@ handshake_no_resume_ring_1.3_rsa_aes,1010150,1400602,936029 ### Comparing results from an instruction count benchmark run Use `cargo run --release -- compare foo bar`. It will output a report using GitHub-flavored markdown -(used by the CI itself to give feedback about PRs). We currently consider differences of 0.2% to be -significant, but might tweak it in the future after we gain experience with the benchmarking setup. +for local use. Note that not all reported differences are significant. When you need to know if a +result is significant you should rely on the CI benchmark report, which automatically categorizes +results into significant / negligible based on historic data. ### Supported scenarios diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 8d9755b52a..661b7a125c 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -56,9 +56,6 @@ const TRANSFER_PLAINTEXT_SIZE: usize = 1024 * 1024 * 10; // 10 MB /// `HashMap` by a `FxHashMap`, which brings the noise down to acceptable levels in a single run). const RESUMED_HANDSHAKE_RUNS: usize = 30; -/// The threshold at which instruction count changes are considered relevant -const CHANGE_THRESHOLD: f64 = 0.002; // 0.2% - /// The name of the file where the instruction counts are stored after a `run-all` run const ICOUNTS_FILENAME: &str = "icounts.csv"; @@ -277,13 +274,6 @@ fn main() -> anyhow::Result<()> { let candidate = read_results(&candidate_dir.join(ICOUNTS_FILENAME))?; let result = compare_results(&baseline_dir, &candidate_dir, &baseline, &candidate)?; print_report(&result); - - if !result.noteworthy.is_empty() { - // Signal to the parent process that there are noteworthy instruction count - // differences (exit code 1 is already used when main returns an error) - eprintln!("Noteworthy instruction count differences found. Check the job summary for details."); - std::process::exit(2); - } } } @@ -660,16 +650,14 @@ async fn run_bench(mut stepper: T, kind: BenchmarkKind) -> anyh /// The results of a comparison between two `run-all` executions struct CompareResult { - /// Results that probably indicate a real change in performance and should be highlighted. + /// Results for benchmark scenarios we know are fairly deterministic. /// /// The string is a detailed diff between the instruction counts obtained from cachegrind. - noteworthy: Vec<(Diff, String)>, - /// Results within the noise threshold - negligible: Vec, + diffs: Vec<(Diff, String)>, + /// Results for benchmark scenarios we know are extremely non-deterministic + known_noisy: Vec, /// Benchmark scenarios present in the candidate but missing in the baseline missing_in_baseline: Vec, - /// Benchmark scenarios we know are extremely non-deterministic. - known_noisy: Vec, } /// Contains information about instruction counts and their difference for a specific scenario @@ -751,17 +739,14 @@ fn compare_results( .total_cmp(&diff1.diff_ratio.abs()) }); - let (noteworthy, negligible) = split_on_threshold(&diffs); - - let mut noteworthy_with_details = Vec::new(); - for diff in noteworthy { + let mut diffs_with_cachegrind_diff = Vec::new(); + for diff in diffs { let detailed_diff = cachegrind::diff(baseline_dir, candidate_dir, &diff.scenario)?; - noteworthy_with_details.push((diff, detailed_diff)); + diffs_with_cachegrind_diff.push((diff, detailed_diff)); } Ok(CompareResult { - noteworthy: noteworthy_with_details, - negligible, + diffs: diffs_with_cachegrind_diff, missing_in_baseline: missing, known_noisy, }) @@ -797,23 +782,20 @@ fn print_report(result: &CompareResult) { } } - println!("## Noteworthy instruction count differences"); - if result.noteworthy.is_empty() { - println!( - "_There are no noteworthy instruction count differences (i.e. above {}%)_", - CHANGE_THRESHOLD * 100.0 - ); + println!("## Instruction count differences"); + if result.diffs.is_empty() { + println!("_There are no instruction count differences_"); } else { table( result - .noteworthy + .diffs .iter() .map(|(diff, _)| diff), true, ); println!("
"); println!("Details per scenario\n"); - for (diff, detailed_diff) in &result.noteworthy { + for (diff, detailed_diff) in &result.diffs { println!("#### {}", diff.scenario); println!("```"); println!("{detailed_diff}"); @@ -822,16 +804,6 @@ fn print_report(result: &CompareResult) { println!("
\n") } - println!("## Other instruction count differences"); - if result.negligible.is_empty() { - println!("_There are no other instruction count differences_"); - } else { - println!("
"); - println!("Click to expand\n"); - table(result.negligible.iter(), false); - println!("
\n") - } - if !result.known_noisy.is_empty() { println!("### â€¼ï¸ Caution: ignored noisy benchmarks"); println!("
"); @@ -841,23 +813,6 @@ fn print_report(result: &CompareResult) { } } -/// Splits the diffs into two `Vec`s, the first one containing the diffs that exceed the threshold, -/// the second one containing the rest. -/// -/// Assumes that the diff slice is sorted by `diff_ratio` in descending order. -fn split_on_threshold(diffs: &[Diff]) -> (Vec, Vec) { - match diffs - .iter() - .position(|diff| diff.diff_ratio.abs() < CHANGE_THRESHOLD) - { - None => (diffs.to_vec(), Vec::new()), - Some(first_below_threshold) => ( - diffs[..first_below_threshold].to_vec(), - diffs[first_below_threshold..].to_vec(), - ), - } -} - /// Renders the diffs as a markdown table fn table<'a>(diffs: impl Iterator, emoji_feedback: bool) { println!("| Scenario | Baseline | Candidate | Diff |"); From b245ffa3d13e308bf25898d8a402f80a72b2f379 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Mon, 18 Dec 2023 11:35:08 +0100 Subject: [PATCH 0535/1145] bench: remove cachegrind diff post-processing This code was meant to strip unnecessary information from the start of a cachegrind diff. However, for some versions of cachegrind it results in a completely blank string. Instead of making it work for all cachegrind versions, it is probably better to get rid of it altogether (it does not make enough of a difference that the complexity of a proper solution would be worth it). --- ci-bench/src/cachegrind.rs | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/ci-bench/src/cachegrind.rs b/ci-bench/src/cachegrind.rs index 3b743d7539..6f945bbad0 100644 --- a/ci-bench/src/cachegrind.rs +++ b/ci-bench/src/cachegrind.rs @@ -284,20 +284,9 @@ pub fn diff(baseline: &Path, candidate: &Path, scenario: &str) -> anyhow::Result ) } - let annotated = + let diff = String::from_utf8(cg_annotate.stdout).context("cg_annotate produced invalid UTF8")?; - // Discard lines before the first `Ir` header - let mut diff = String::new(); - for line in annotated - .trim() - .lines() - .skip_while(|l| l.trim() != "Ir") - { - diff.push_str(line); - diff.push('\n'); - } - fs::remove_file(tmp_path).ok(); Ok(diff) From 5bb2a2536bb6e0877340c34eac31e91f7a38fc92 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 15 Dec 2023 18:12:32 -0500 Subject: [PATCH 0536/1145] examples: add intro doc string for 0rtt client --- examples/src/bin/simple_0rtt_client.rs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index 352397f18c..cdc201b729 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -1,3 +1,12 @@ +//! This is an example client that uses rustls for TLS, and sends early 0-RTT data. +//! +//! You may set the `SSLKEYLOGFILE` env var when using this example to write a +//! log file with key material (insecure) for debugging purposes. See [`rustls::KeyLog`] +//! for more information. +//! +//! Note that `unwrap()` is used to deal with networking errors; this is not something +//! that is sensible outside of example code. + use std::io::{BufRead, BufReader, Write}; use std::net::TcpStream; use std::sync::Arc; From 1e45a8ec1fa77dbb38083b1d3328e46959691792 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 15 Dec 2023 18:13:07 -0500 Subject: [PATCH 0537/1145] examples: add intro doc string for mio client --- examples/src/bin/tlsclient-mio.rs | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index eba7d6a414..a74f068bad 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -1,3 +1,24 @@ +//! This is an example client that uses rustls for TLS, and [mio] for I/O. +//! +//! It uses command line flags to demonstrate configuring a TLS client that may: +//! * Specify supported TLS protocol versions +//! * Customize ciper suite selection +//! * Perform client certificate authentication +//! * Disable session tickets +//! * Disable SNI +//! * Disable certificate validation (insecure) +//! +//! See [`USAGE`] for more details. +//! +//! You may set the `SSLKEYLOGFILE` env var when using this example to write a +//! log file with key material (insecure) for debugging purposes. See [`rustls::KeyLog`] +//! for more information. +//! +//! Note that `unwrap()` is used to deal with networking errors; this is not something +//! that is sensible outside of example code. +//! +//! [mio]: https://docs.rs/mio/latest/mio/ + use std::io::{self, BufReader, Read, Write}; use std::net::ToSocketAddrs; use std::sync::Arc; From 902c8e02645fced249849d7f658a2fd630d51ef4 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 15 Dec 2023 18:13:20 -0500 Subject: [PATCH 0538/1145] examples: add intro doc string for mio server --- examples/src/bin/tlsserver-mio.rs | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index b253bd68df..b1b728f140 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -1,3 +1,24 @@ +//! This is an example server that uses rustls for TLS, and [mio] for I/O. +//! +//! It uses command line flags to demonstrate configuring a TLS server that may: +//! * Specify supported TLS protocol versions +//! * Customize ciper suite selection +//! * Perform optional or mandatory client certificate authentication +//! * Check client certificates for revocation status with CRLs +//! * Support session tickets +//! * Staple an OCSP response +//! +//! See [`USAGE`] for more details. +//! +//! You may set the `SSLKEYLOGFILE` env var when using this example to write a +//! log file with key material (insecure) for debugging purposes. See [`rustls::KeyLog`] +//! for more information. +//! +//! Note that `unwrap()` is used to deal with networking errors; this is not something +//! that is sensible outside of example code. +//! +//! [mio]: https://docs.rs/mio/latest/mio/ + use std::collections::HashMap; use std::io::{self, BufReader, Read, Write}; use std::sync::Arc; From 57c963951fbe2535ae3b8a35f9f581023fb98ec3 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Wed, 22 Nov 2023 12:06:30 +0100 Subject: [PATCH 0539/1145] add UnbufferedClientConnection API + example --- .github/workflows/daily-tests.yml | 3 + examples/src/bin/unbuffered-client.rs | 255 +++++++++++++++ rustls/src/client/client_conn.rs | 33 +- rustls/src/common_state.rs | 121 +++++++ rustls/src/conn.rs | 17 + rustls/src/conn/unbuffered.rs | 438 ++++++++++++++++++++++++++ rustls/src/lib.rs | 36 ++- rustls/src/msgs/fragmenter.rs | 2 +- rustls/src/msgs/message.rs | 5 + rustls/src/record_layer.rs | 14 + 10 files changed, 921 insertions(+), 3 deletions(-) create mode 100644 examples/src/bin/unbuffered-client.rs create mode 100644 rustls/src/conn/unbuffered.rs diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 072fc5835c..b53c19cf78 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -84,6 +84,9 @@ jobs: - name: Check simple 0rtt client run: cargo run --locked --bin simple_0rtt_client + - name: Check unbuffered client + run: cargo run --locked --bin unbuffered-client + # Test the server_acceptor binary builds - we invoke with --help since it # will run a server process that doesn't exit when invoked with no args - name: Check server acceptor diff --git a/examples/src/bin/unbuffered-client.rs b/examples/src/bin/unbuffered-client.rs new file mode 100644 index 0000000000..bbd9fdf395 --- /dev/null +++ b/examples/src/bin/unbuffered-client.rs @@ -0,0 +1,255 @@ +//! This is a simple client using rustls' unbuffered API. Meaning that the application layer must +//! handle the buffers required to receive, process and send TLS data. + +use std::error::Error; +use std::io::{Read, Write}; +use std::net::TcpStream; +use std::sync::Arc; + +use rustls::client::{ClientConnectionData, UnbufferedClientConnection}; +use rustls::unbuffered::{ + AppDataRecord, ConnectionState, EncodeError, EncryptError, InsufficientSizeError, + UnbufferedStatus, WriteTraffic, +}; +#[allow(unused_imports)] +use rustls::version::{TLS12, TLS13}; +use rustls::{ClientConfig, RootCertStore}; + +const SERVER_NAME: &str = "example.com"; +const PORT: u16 = 443; + +const KB: usize = 1024; +const INCOMING_TLS_BUFSIZE: usize = 16 * KB; +const OUTGOING_TLS_INITIAL_BUFSIZE: usize = KB; + +const MAX_ITERATIONS: usize = 20; + +fn main() -> Result<(), Box> { + let root_store = RootCertStore { + roots: webpki_roots::TLS_SERVER_ROOTS.into(), + }; + + let config = ClientConfig::builder_with_protocol_versions(&[&TLS13]) + .with_root_certificates(root_store) + .with_no_client_auth(); + + let config = Arc::new(config); + + let mut incoming_tls = [0; INCOMING_TLS_BUFSIZE]; + let mut outgoing_tls = vec![0; OUTGOING_TLS_INITIAL_BUFSIZE]; + + converse(&config, &mut incoming_tls, &mut outgoing_tls)?; + + Ok(()) +} + +fn converse( + config: &Arc, + incoming_tls: &mut [u8], + outgoing_tls: &mut Vec, +) -> Result<(), Box> { + let mut conn = UnbufferedClientConnection::new(Arc::clone(config), SERVER_NAME.try_into()?)?; + let mut sock = TcpStream::connect(format!("{SERVER_NAME}:{PORT}"))?; + + let mut incoming_used = 0; + let mut outgoing_used = 0; + + let mut open_connection = true; + let mut sent_request = false; + let mut received_response = false; + + let mut iter_count = 0; + while open_connection { + let UnbufferedStatus { mut discard, state } = + conn.process_tls_records(&mut incoming_tls[..incoming_used])?; + + match dbg!(state) { + ConnectionState::ReadTraffic(mut state) => { + while let Some(res) = state.next_record() { + let AppDataRecord { + discard: new_discard, + payload, + } = res?; + discard += new_discard; + + if payload.starts_with(b"HTTP") { + let response = core::str::from_utf8(payload)?; + let header = response + .lines() + .next() + .unwrap_or(response); + + println!("{header}"); + } else { + println!("(.. continued HTTP response ..)"); + } + + received_response = true; + } + } + + ConnectionState::EncodeTlsData(mut state) => { + try_or_resize_and_retry( + |out_buffer| state.encode(out_buffer), + |e| { + if let EncodeError::InsufficientSize(is) = &e { + Ok(*is) + } else { + Err(e.into()) + } + }, + outgoing_tls, + &mut outgoing_used, + )?; + } + + ConnectionState::TransmitTlsData(mut state) => { + if let Some(mut may_encrypt) = state.may_encrypt_app_data() { + encrypt_http_request( + &mut sent_request, + &mut may_encrypt, + outgoing_tls, + &mut outgoing_used, + ); + } + + send_tls(&mut sock, outgoing_tls, &mut outgoing_used)?; + state.done(); + } + + ConnectionState::BlockedHandshake { .. } => { + recv_tls(&mut sock, incoming_tls, &mut incoming_used)?; + } + + ConnectionState::WriteTraffic(mut may_encrypt) => { + if encrypt_http_request( + &mut sent_request, + &mut may_encrypt, + outgoing_tls, + &mut outgoing_used, + ) { + send_tls(&mut sock, outgoing_tls, &mut outgoing_used)?; + recv_tls(&mut sock, incoming_tls, &mut incoming_used)?; + } else if !received_response { + // this happens in the TLS 1.3 case. the app-data was sent in the preceding + // `TransmitTlsData` state. the server should have already written a + // response which we can read out from the socket + recv_tls(&mut sock, incoming_tls, &mut incoming_used)?; + } else { + try_or_resize_and_retry( + |out_buffer| may_encrypt.queue_close_notify(out_buffer), + |e| { + if let EncryptError::InsufficientSize(is) = &e { + Ok(*is) + } else { + Err(e.into()) + } + }, + outgoing_tls, + &mut outgoing_used, + )?; + send_tls(&mut sock, outgoing_tls, &mut outgoing_used)?; + open_connection = false; + } + } + + ConnectionState::Closed => { + open_connection = false; + } + + // other states are not expected in this example + _ => unreachable!(), + } + + if discard != 0 { + assert!(discard <= incoming_used); + + incoming_tls.copy_within(discard..incoming_used, 0); + incoming_used -= discard; + + eprintln!("discarded {discard}B from `incoming_tls`"); + } + + iter_count += 1; + assert!( + iter_count < MAX_ITERATIONS, + "did not get a HTTP response within {MAX_ITERATIONS} iterations" + ); + } + + assert!(sent_request); + assert!(received_response); + assert_eq!(0, incoming_used); + assert_eq!(0, outgoing_used); + + Ok(()) +} + +fn try_or_resize_and_retry( + mut f: impl FnMut(&mut [u8]) -> Result, + map_err: impl FnOnce(E) -> Result>, + outgoing_tls: &mut Vec, + outgoing_used: &mut usize, +) -> Result> +where + E: Error + 'static, +{ + let written = match f(&mut outgoing_tls[*outgoing_used..]) { + Ok(written) => written, + + Err(e) => { + let InsufficientSizeError { required_size } = map_err(e)?; + let new_len = *outgoing_used + required_size; + outgoing_tls.resize(new_len, 0); + eprintln!("resized `outgoing_tls` buffer to {new_len}B"); + + f(&mut outgoing_tls[*outgoing_used..])? + } + }; + + *outgoing_used += written; + + Ok(written) +} + +fn recv_tls( + sock: &mut TcpStream, + incoming_tls: &mut [u8], + incoming_used: &mut usize, +) -> Result<(), Box> { + let read = sock.read(&mut incoming_tls[*incoming_used..])?; + eprintln!("received {read}B of data"); + *incoming_used += read; + Ok(()) +} + +fn send_tls( + sock: &mut TcpStream, + outgoing_tls: &[u8], + outgoing_used: &mut usize, +) -> Result<(), Box> { + sock.write_all(&outgoing_tls[..*outgoing_used])?; + eprintln!("sent {outgoing_used}B of data"); + *outgoing_used = 0; + Ok(()) +} + +fn encrypt_http_request( + sent_request: &mut bool, + may_encrypt: &mut WriteTraffic<'_, ClientConnectionData>, + outgoing_tls: &mut [u8], + outgoing_used: &mut usize, +) -> bool { + if !*sent_request { + let request = format!("GET / HTTP/1.1\r\nHost: {SERVER_NAME}\r\nConnection: close\r\nAccept-Encoding: identity\r\n\r\n").into_bytes(); + let written = may_encrypt + .encrypt(&request, &mut outgoing_tls[*outgoing_used..]) + .expect("encrypted request does not fit in `outgoing_tls`"); + *outgoing_used += written; + *sent_request = true; + eprintln!("queued HTTP request"); + true + } else { + false + } +} diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index dd11959fba..b4eacce607 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -1,6 +1,6 @@ use crate::builder::ConfigBuilder; use crate::common_state::{CommonState, Protocol, Side}; -use crate::conn::{ConnectionCommon, ConnectionCore}; +use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon}; use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -663,6 +663,37 @@ impl ConnectionCore { } } +/// Unbuffered version of `ClientConnection` +/// +/// See the [`crate::unbuffered`] module docs for more details +pub struct UnbufferedClientConnection { + inner: UnbufferedConnectionCommon, +} + +impl UnbufferedClientConnection { + /// Make a new ClientConnection. `config` controls how we behave in the TLS protocol, `name` is + /// the name of the server we want to talk to. + pub fn new(config: Arc, name: ServerName<'static>) -> Result { + Ok(Self { + inner: ConnectionCore::for_client(config, name, Vec::new(), Protocol::Tcp)?.into(), + }) + } +} + +impl Deref for UnbufferedClientConnection { + type Target = UnbufferedConnectionCommon; + + fn deref(&self) -> &Self::Target { + &self.inner + } +} + +impl DerefMut for UnbufferedClientConnection { + fn deref_mut(&mut self) -> &mut Self::Target { + &mut self.inner + } +} + /// State associated with a client connection. #[derive(Debug)] pub struct ClientConnectionData { diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 0f0f55eefc..ef95afe5c9 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -15,6 +15,7 @@ use crate::suites::PartiallyExtractedSecrets; use crate::suites::SupportedCipherSuite; #[cfg(feature = "tls12")] use crate::tls12::ConnectionSecrets; +use crate::unbuffered::{EncryptError, InsufficientSizeError}; use crate::vecbuf::ChunkVecBuffer; use alloc::boxed::Box; @@ -186,6 +187,49 @@ impl CommonState { self.send_plain(data, Limit::Yes) } + pub(crate) fn eager_send_some_plaintext( + &mut self, + plaintext: &[u8], + outgoing_tls: &mut [u8], + ) -> Result { + if plaintext.is_empty() { + return Ok(0); + } + + let fragments = self.message_fragmenter.fragment_slice( + ContentType::ApplicationData, + ProtocolVersion::TLSv1_2, + plaintext, + ); + + let remaining_encryptions = self + .record_layer + .remaining_write_seq() + .ok_or(EncryptError::EncryptExhausted)?; + + if fragments.len() as u64 > remaining_encryptions.get() { + return Err(EncryptError::EncryptExhausted); + } + + self.check_required_size( + outgoing_tls, + self.queued_key_update_message + .as_deref(), + fragments, + )?; + + let fragments = self.message_fragmenter.fragment_slice( + ContentType::ApplicationData, + ProtocolVersion::TLSv1_2, + plaintext, + ); + + let opt_msg = self.queued_key_update_message.take(); + let written = self.write_fragments(outgoing_tls, opt_msg, fragments); + + Ok(written) + } + pub(crate) fn send_early_plaintext(&mut self, data: &[u8]) -> usize { debug_assert!(self.early_traffic); debug_assert!(self.record_layer.is_encrypting()); @@ -493,11 +537,88 @@ impl CommonState { self.send_warning_alert_no_log(AlertDescription::CloseNotify); } + pub(crate) fn eager_send_close_notify( + &mut self, + outgoing_tls: &mut [u8], + ) -> Result { + debug_assert!(self.record_layer.is_encrypting()); + + let m = Message::build_alert(AlertLevel::Warning, AlertDescription::CloseNotify).into(); + + let iter = self + .message_fragmenter + .fragment_message(&m); + + self.check_required_size(outgoing_tls, None, iter)?; + + debug!("Sending warning alert {:?}", AlertDescription::CloseNotify); + + let iter = self + .message_fragmenter + .fragment_message(&m); + + let written = self.write_fragments(outgoing_tls, None, iter); + + Ok(written) + } + fn send_warning_alert_no_log(&mut self, desc: AlertDescription) { let m = Message::build_alert(AlertLevel::Warning, desc); self.send_msg(m, self.record_layer.is_encrypting()); } + fn check_required_size<'a>( + &self, + outgoing_tls: &mut [u8], + opt_msg: Option<&[u8]>, + fragments: impl Iterator>, + ) -> Result<(), EncryptError> { + let mut required_size = 0; + if let Some(message) = opt_msg { + required_size += message.len(); + } + + for m in fragments { + required_size += m.encoded_len(&self.record_layer); + } + + if required_size > outgoing_tls.len() { + return Err(EncryptError::InsufficientSize(InsufficientSizeError { + required_size, + })); + } + + Ok(()) + } + + fn write_fragments<'a>( + &mut self, + outgoing_tls: &mut [u8], + opt_msg: Option>, + fragments: impl Iterator>, + ) -> usize { + let mut written = 0; + + if let Some(message) = opt_msg { + let len = message.len(); + outgoing_tls[written..written + len].copy_from_slice(&message); + written += len; + } + + for m in fragments { + let em = self + .record_layer + .encrypt_outgoing(m) + .encode(); + + let len = em.len(); + outgoing_tls[written..written + len].copy_from_slice(&em); + written += len; + } + + written + } + pub(crate) fn set_max_fragment_size(&mut self, new: Option) -> Result<(), Error> { self.message_fragmenter .set_max_fragment_size(new) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index b4f1f1cfb4..134e73d980 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -15,6 +15,8 @@ use core::mem; use core::ops::{Deref, DerefMut}; use std::io; +pub(crate) mod unbuffered; + /// A client or server connection. #[derive(Debug)] pub enum Connection { @@ -620,6 +622,21 @@ impl From> for ConnectionCommon { } } +/// Interface shared by unbuffered client and server connections. +pub struct UnbufferedConnectionCommon { + pub(crate) core: ConnectionCore, + wants_write: bool, +} + +impl From> for UnbufferedConnectionCommon { + fn from(core: ConnectionCore) -> Self { + Self { + core, + wants_write: false, + } + } +} + pub(crate) struct ConnectionCore { pub(crate) state: Result>, Error>, pub(crate) data: Data, diff --git a/rustls/src/conn/unbuffered.rs b/rustls/src/conn/unbuffered.rs new file mode 100644 index 0000000000..d1abace5a5 --- /dev/null +++ b/rustls/src/conn/unbuffered.rs @@ -0,0 +1,438 @@ +//! Unbuffered connection API + +use alloc::vec::Vec; +use core::num::NonZeroUsize; +use core::{fmt, mem}; +use std::error::Error as StdError; + +use super::UnbufferedConnectionCommon; +use crate::msgs::deframer::DeframerSliceBuffer; +use crate::Error; + +impl UnbufferedConnectionCommon { + /// Processes the TLS records in `incoming_tls` buffer until a new [`UnbufferedStatus`] is + /// reached. + pub fn process_tls_records<'c, 'i>( + &'c mut self, + incoming_tls: &'i mut [u8], + ) -> Result, Error> { + let mut buffer = DeframerSliceBuffer::new(incoming_tls); + + let (discard, state) = loop { + if let Some(chunk) = self + .core + .common_state + .received_plaintext + .pop() + { + break ( + buffer.pending_discard(), + ReadTraffic::new(self, incoming_tls, chunk).into(), + ); + } + + if let Some(chunk) = self + .core + .common_state + .sendable_tls + .pop() + { + break ( + buffer.pending_discard(), + EncodeTlsData::new(self, chunk).into(), + ); + } + + if let Some(msg) = self.core.deframe(None, &mut buffer)? { + let mut state = + match mem::replace(&mut self.core.state, Err(Error::HandshakeNotComplete)) { + Ok(state) => state, + Err(e) => { + self.core.state = Err(e.clone()); + return Err(e); + } + }; + + match self.core.process_msg(msg, state) { + Ok(new) => state = new, + + Err(e) => { + self.core.state = Err(e.clone()); + return Err(e); + } + } + + self.core.state = Ok(state); + } else if self.wants_write { + break ( + buffer.pending_discard(), + TransmitTlsData { conn: self }.into(), + ); + } else if self + .core + .common_state + .has_received_close_notify + { + break (buffer.pending_discard(), ConnectionState::Closed); + } else if self + .core + .common_state + .may_send_application_data + { + break ( + buffer.pending_discard(), + ConnectionState::WriteTraffic(WriteTraffic { conn: self }), + ); + } else { + break (buffer.pending_discard(), ConnectionState::BlockedHandshake); + } + }; + + Ok(UnbufferedStatus { discard, state }) + } +} + +/// The current status of the `UnbufferedConnection*` +#[must_use] +pub struct UnbufferedStatus<'c, 'i, Data> { + /// Number of bytes to discard + /// + /// After the `state` field of this object has been handled, `discard` bytes must be + /// removed from the *front* of the `incoming_tls` buffer that was passed to + /// the [`UnbufferedConnectionCommon::process_tls_records`] call that returned this object. + /// + /// This discard operation MUST happen *before* + /// [`UnbufferedConnectionCommon::process_tls_records`] is called again. + pub discard: usize, + + /// The current state of the handshake process + /// + /// This value MUST be handled prior to calling + /// [`UnbufferedConnectionCommon::process_tls_records`] again. See the documentation on the + /// variants of [`ConnectionState`] for more details. + pub state: ConnectionState<'c, 'i, Data>, +} + +/// The state of the [`UnbufferedConnectionCommon`] object +#[non_exhaustive] // for forwards compatibility; to support caller-side certificate verification +pub enum ConnectionState<'c, 'i, Data> { + /// One, or more, application data records are available + /// + /// See [`ReadTraffic`] for more details on how to use the enclosed object to access + /// the received data. + ReadTraffic(ReadTraffic<'c, 'i, Data>), + + /// Connection has been cleanly closed by the peer + Closed, + + /// A Handshake record is ready for encoding + /// + /// Call [`EncodeTlsData::encode`] on the enclosed object, providing an `outgoing_tls` + /// buffer to store the encoding + EncodeTlsData(EncodeTlsData<'c, Data>), + + /// Previously encoded handshake records need to be transmitted + /// + /// Transmit the contents of the `outgoing_tls` buffer that was passed to previous + /// [`EncodeTlsData::encode`] calls to the peer. + /// + /// After transmitting the contents, call [`TransmitTlsData::done`] on the enclosed object. + /// The transmitted contents MUST not be sent to the peer more than once so they SHOULD be + /// discarded at this point. + /// + /// At some stages of the handshake process, it's possible to send application-data alongside + /// handshake records. Call [`TransmitTlsData::may_encrypt_app_data`] on the enclosed + /// object to probe if that's allowed. + TransmitTlsData(TransmitTlsData<'c, Data>), + + /// More TLS data is needed to continue with the handshake + /// + /// Request more data from the peer and append the contents to the `incoming_tls` buffer that + /// was passed to [`UnbufferedConnectionCommon::process_tls_records`]. + BlockedHandshake, + + /// The handshake process has been completed. + /// + /// [`WriteTraffic::encrypt`] can be called on the enclosed object to encrypt application + /// data into an `outgoing_tls` buffer. Similarly, [`WriteTraffic::queue_close_notify`] can + /// be used to encrypt a close_notify alert message into a buffer to signal the peer that the + /// connection is being closed. Data written into `outgoing_buffer` by either method MAY be + /// transmitted to the peer during this state. + /// + /// Once this state has been reached, data MAY be requested from the peer and appended to an + /// `incoming_tls` buffer that will be passed to a future + /// [`UnbufferedConnectionCommon::process_tls_records`] invocation. When enough data has been + /// appended to `incoming_tls`, [`UnbufferedConnectionCommon::process_tls_records`] will yield + /// the [`ConnectionState::ReadTraffic`] state. + WriteTraffic(WriteTraffic<'c, Data>), +} + +impl<'c, 'i, Data> From> for ConnectionState<'c, 'i, Data> { + fn from(v: ReadTraffic<'c, 'i, Data>) -> Self { + Self::ReadTraffic(v) + } +} + +impl<'c, 'i, Data> From> for ConnectionState<'c, 'i, Data> { + fn from(v: EncodeTlsData<'c, Data>) -> Self { + Self::EncodeTlsData(v) + } +} + +impl<'c, 'i, Data> From> for ConnectionState<'c, 'i, Data> { + fn from(v: TransmitTlsData<'c, Data>) -> Self { + Self::TransmitTlsData(v) + } +} + +impl fmt::Debug for ConnectionState<'_, '_, Data> { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + Self::ReadTraffic(..) => f.debug_tuple("ReadTraffic").finish(), + + Self::Closed => write!(f, "Closed"), + + Self::EncodeTlsData(..) => f.debug_tuple("EncodeTlsData").finish(), + + Self::TransmitTlsData(..) => f + .debug_tuple("TransmitTlsData") + .finish(), + + Self::BlockedHandshake => f + .debug_struct("BlockedHandshake") + .finish(), + + Self::WriteTraffic(..) => f.debug_tuple("WriteTraffic").finish(), + } + } +} + +/// Application data is available +pub struct ReadTraffic<'c, 'i, Data> { + _conn: &'c mut UnbufferedConnectionCommon, + // for forwards compatibility; to support in-place decryption in the future + _incoming_tls: &'i mut [u8], + chunk: Vec, + taken: bool, +} + +impl<'c, 'i, Data> ReadTraffic<'c, 'i, Data> { + fn new( + _conn: &'c mut UnbufferedConnectionCommon, + _incoming_tls: &'i mut [u8], + chunk: Vec, + ) -> Self { + Self { + _conn, + _incoming_tls, + chunk, + taken: false, + } + } + + /// Decrypts and returns the next available app-data record + // TODO deprecate in favor of `Iterator` implementation, which requires in-place decryption + pub fn next_record(&mut self) -> Option> { + if self.taken { + None + } else { + self.taken = true; + Some(Ok(AppDataRecord { + discard: 0, + payload: &self.chunk, + })) + } + } + + /// Returns the payload size of the next app-data record *without* decrypting it + /// + /// Returns `None` if there are no more app-data records + pub fn peek_len(&self) -> Option { + if self.taken { + None + } else { + NonZeroUsize::new(self.chunk.len()) + } + } +} + +/// A decrypted application-data record +pub struct AppDataRecord<'i> { + /// Number of additional bytes to discard + /// + /// This number MUST be added to the value of [`UnbufferedStatus.discard`] *prior* to the + /// discard operation. See [`UnbufferedStatus.discard`] for more details + pub discard: usize, + + /// The payload of the app-data record + pub payload: &'i [u8], +} + +/// Allows encrypting app-data +pub struct WriteTraffic<'c, Data> { + conn: &'c mut UnbufferedConnectionCommon, +} + +impl WriteTraffic<'_, Data> { + /// Encrypts `application_data` into the `outgoing_tls` buffer + /// + /// Returns the number of bytes that were written into `outgoing_tls`, or an error if + /// the provided buffer is too small. In the error case, `outgoing_tls` is not modified + pub fn encrypt( + &mut self, + application_data: &[u8], + outgoing_tls: &mut [u8], + ) -> Result { + self.conn + .core + .common_state + .eager_send_some_plaintext(application_data, outgoing_tls) + } + + /// Encrypts a close_notify warning alert in `outgoing_tls` + /// + /// Returns the number of bytes that were written into `outgoing_tls`, or an error if + /// the provided buffer is too small. In the error case, `outgoing_tls` is not modified + pub fn queue_close_notify(&mut self, outgoing_tls: &mut [u8]) -> Result { + self.conn + .core + .common_state + .eager_send_close_notify(outgoing_tls) + } +} + +/// A handshake record must be encoded +pub struct EncodeTlsData<'c, Data> { + conn: &'c mut UnbufferedConnectionCommon, + chunk: Option>, +} + +impl<'c, Data> EncodeTlsData<'c, Data> { + fn new(conn: &'c mut UnbufferedConnectionCommon, chunk: Vec) -> Self { + Self { + conn, + chunk: Some(chunk), + } + } + + /// Encodes a handshake record into the `outgoing_tls` buffer + /// + /// Returns the number of bytes that were written into `outgoing_tls`, or an error if + /// the provided buffer is too small. In the error case, `outgoing_tls` is not modified + pub fn encode(&mut self, outgoing_tls: &mut [u8]) -> Result { + let chunk = match self.chunk.take() { + Some(chunk) => chunk, + None => return Err(EncodeError::AlreadyEncoded), + }; + + let required_size = chunk.len(); + + if required_size > outgoing_tls.len() { + self.chunk = Some(chunk); + Err(InsufficientSizeError { required_size }.into()) + } else { + let written = chunk.len(); + outgoing_tls[..written].copy_from_slice(&chunk); + + self.conn.wants_write = true; + + Ok(written) + } + } +} + +/// Previously encoded TLS data must be transmitted +pub struct TransmitTlsData<'c, Data> { + conn: &'c mut UnbufferedConnectionCommon, +} + +impl TransmitTlsData<'_, Data> { + /// Signals that the previously encoded TLS data has been transmitted + pub fn done(self) { + self.conn.wants_write = false; + } + + /// Returns an adapter that allows encrypting application data + /// + /// If allowed at this stage of the handshake process + pub fn may_encrypt_app_data(&mut self) -> Option> { + if self + .conn + .core + .common_state + .may_send_application_data + { + Some(WriteTraffic { conn: self.conn }) + } else { + None + } + } +} + +/// Errors that may arise when encoding a handshake record +#[derive(Debug)] +pub enum EncodeError { + /// Provided buffer was too small + InsufficientSize(InsufficientSizeError), + + /// The handshake record has already been encoded; do not call `encode` again + AlreadyEncoded, +} + +impl From for EncodeError { + fn from(v: InsufficientSizeError) -> Self { + Self::InsufficientSize(v) + } +} + +impl fmt::Display for EncodeError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + Self::InsufficientSize(InsufficientSizeError { required_size }) => write!( + f, + "cannot encode due to insufficient size, {} bytes are required", + required_size + ), + Self::AlreadyEncoded => "cannot encode, data has already been encoded".fmt(f), + } + } +} + +impl StdError for EncodeError {} + +/// Errors that may arise when encrypting application data +#[derive(Debug)] +pub enum EncryptError { + /// Provided buffer was too small + InsufficientSize(InsufficientSizeError), + + /// Encrypter has been exhausted + EncryptExhausted, +} + +impl From for EncryptError { + fn from(v: InsufficientSizeError) -> Self { + Self::InsufficientSize(v) + } +} + +impl fmt::Display for EncryptError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + Self::InsufficientSize(InsufficientSizeError { required_size }) => write!( + f, + "cannot encrypt due to insufficient size, {required_size} bytes are required" + ), + Self::EncryptExhausted => f.write_str("encrypter has been exhausted"), + } + } +} + +impl StdError for EncryptError {} + +/// Provided buffer was too small +#[derive(Clone, Copy, Debug)] +pub struct InsufficientSizeError { + /// buffer must be at least this size + pub required_size: usize, +} diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index c57f779deb..6ecb03c034 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -423,6 +423,39 @@ pub mod internal { } } +/// Unbuffered connection API +/// +/// This is an alternative to the [`crate::ConnectionCommon`] API that does not internally buffer +/// TLS nor plaintext data. Instead those buffers are managed by the API user so they have +/// control over when and how to allocate, resize and dispose of them. +/// +/// This API is lower level than the `ConnectionCommon` API and is built around a state machine +/// interface where the API user must handle each state to advance and complete the +/// handshake process. +/// +/// Like the `ConnectionCommon` API, no IO happens internally so all IO must be handled by the API +/// user. Unlike the `ConnectionCommon` API, this API does not make use of the [`std::io::Read`] and +/// [`std::io::Write`] traits so it's usable in no-std context. +/// +/// The entry points into this API are [`crate::client::UnbufferedClientConnection::new`], +/// [`crate::server::UnbufferedServerConnection::new`] and +/// [`unbuffered::UnbufferedConnectionCommon::process_tls_records`]. The state machine API is +/// documented in [`unbuffered::ConnectionState`]. +/// +/// # Examples +/// +/// [`unbuffered-client`] and [`unbuffered-server`] are examples that fully exercise the API in +/// std, non-async context. +/// +/// [`unbuffered-client`]: https://github.com/rustls/rustls/blob/main/examples/src/bin/unbuffererd-client.rs +pub mod unbuffered { + pub use crate::conn::unbuffered::{ + AppDataRecord, ConnectionState, EncodeError, EncodeTlsData, EncryptError, + InsufficientSizeError, ReadTraffic, TransmitTlsData, UnbufferedStatus, WriteTraffic, + }; + pub use crate::conn::UnbufferedConnectionCommon; +} + // Have a (non-public) "test provider" mod which supplies // tests that need part of a *ring*-compatible provider module. #[cfg(all(any(test, bench), not(feature = "ring"), feature = "aws_lc_rs"))] @@ -469,7 +502,8 @@ pub mod client { pub use builder::WantsClientCert; pub use client_conn::{ ClientConfig, ClientConnection, ClientConnectionData, ClientSessionStore, - ResolvesClientCert, Resumption, Tls12Resumption, WriteEarlyData, + ResolvesClientCert, Resumption, Tls12Resumption, UnbufferedClientConnection, + WriteEarlyData, }; pub use handy::ClientSessionMemoryCache; diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index e0a1c5b3d3..8e29a1f5a1 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -37,7 +37,7 @@ impl MessageFragmenter { typ: ContentType, version: ProtocolVersion, payload: &'a [u8], - ) -> impl Iterator> + 'a { + ) -> impl Iterator> + ExactSizeIterator + 'a { payload .chunks(self.max_frag) .map(move |c| BorrowedPlainMessage { diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index 67704af190..abe05d284f 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -1,6 +1,7 @@ use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; +use crate::internal::record_layer::RecordLayer; use crate::msgs::alert::AlertMessagePayload; use crate::msgs::base::Payload; use crate::msgs::ccs::ChangeCipherSpecPayload; @@ -349,6 +350,10 @@ impl<'a> BorrowedPlainMessage<'a> { payload: Payload(self.payload.to_vec()), } } + + pub fn encoded_len(&self, record_layer: &RecordLayer) -> usize { + OpaqueMessage::HEADER_SIZE as usize + record_layer.encrypted_len(self.payload.len()) + } } #[derive(Debug)] diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index b198825a98..26160a8be5 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -1,3 +1,5 @@ +use core::num::NonZeroU64; + use crate::crypto::cipher::{MessageDecrypter, MessageEncrypter}; use crate::error::Error; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; @@ -204,10 +206,22 @@ impl RecordLayer { self.write_seq } + /// Returns the number of remaining write sequences + pub(crate) fn remaining_write_seq(&self) -> Option { + SEQ_SOFT_LIMIT + .checked_sub(self.write_seq) + .and_then(NonZeroU64::new) + } + pub(crate) fn read_seq(&self) -> u64 { self.read_seq } + pub(crate) fn encrypted_len(&self, payload_len: usize) -> usize { + self.message_encrypter + .encrypted_payload_len(payload_len) + } + fn doing_trial_decryption(&mut self, requested: usize) -> bool { match self .trial_decryption_len From 098a052374c51a72a93bec543787d181998b8db4 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Mon, 11 Dec 2023 11:43:45 -0500 Subject: [PATCH 0540/1145] Rename `send_some_plaintext` and `eager_send_some_plaintext` --- rustls/src/common_state.rs | 4 ++-- rustls/src/conn.rs | 4 ++-- rustls/src/conn/unbuffered.rs | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index ef95afe5c9..7576eda1d1 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -182,12 +182,12 @@ impl CommonState { /// /// If internal buffers are too small, this function will not accept /// all the data. - pub(crate) fn send_some_plaintext(&mut self, data: &[u8]) -> usize { + pub(crate) fn buffer_plaintext(&mut self, data: &[u8]) -> usize { self.perhaps_write_key_update(); self.send_plain(data, Limit::Yes) } - pub(crate) fn eager_send_some_plaintext( + pub(crate) fn write_plaintext( &mut self, plaintext: &[u8], outgoing_tls: &mut [u8], diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 134e73d980..ac2c1ce897 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -244,13 +244,13 @@ pub(crate) trait PlaintextSink { impl PlaintextSink for ConnectionCommon { fn write(&mut self, buf: &[u8]) -> io::Result { - Ok(self.send_some_plaintext(buf)) + Ok(self.buffer_plaintext(buf)) } fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result { let mut sz = 0; for buf in bufs { - sz += self.send_some_plaintext(buf); + sz += self.buffer_plaintext(buf); } Ok(sz) } diff --git a/rustls/src/conn/unbuffered.rs b/rustls/src/conn/unbuffered.rs index d1abace5a5..098781c100 100644 --- a/rustls/src/conn/unbuffered.rs +++ b/rustls/src/conn/unbuffered.rs @@ -286,7 +286,7 @@ impl WriteTraffic<'_, Data> { self.conn .core .common_state - .eager_send_some_plaintext(application_data, outgoing_tls) + .write_plaintext(application_data, outgoing_tls) } /// Encrypts a close_notify warning alert in `outgoing_tls` From 3535879a11372516f81815774790cf76e10e9d98 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Mon, 13 Nov 2023 14:29:10 +0100 Subject: [PATCH 0541/1145] add UnbufferedServerConnection API + example --- examples/src/bin/unbuffered-server.rs | 258 ++++++++++++++++++++++++++ rustls/src/lib.rs | 2 + rustls/src/server/server_conn.rs | 38 +++- 3 files changed, 297 insertions(+), 1 deletion(-) create mode 100644 examples/src/bin/unbuffered-server.rs diff --git a/examples/src/bin/unbuffered-server.rs b/examples/src/bin/unbuffered-server.rs new file mode 100644 index 0000000000..05e6fd6814 --- /dev/null +++ b/examples/src/bin/unbuffered-server.rs @@ -0,0 +1,258 @@ +use std::error::Error; +use std::fs::File; +use std::io::{self, BufReader, Read, Write}; +use std::net::{TcpListener, TcpStream}; +use std::sync::Arc; + +use pki_types::{CertificateDer, PrivateKeyDer}; +use rustls::server::UnbufferedServerConnection; +use rustls::unbuffered::{ + AppDataRecord, ConnectionState, EncodeError, EncryptError, InsufficientSizeError, + UnbufferedStatus, +}; +use rustls::ServerConfig; +use rustls_pemfile::Item; + +const KB: usize = 1024; +const INCOMING_TLS_BUFSIZE: usize = 16 * KB; +const OUTGOING_TLS_INITIAL_BUFSIZE: usize = 0; +const MAX_EARLY_DATA_SIZE: Option = Some(128); +const MAX_FRAGMENT_SIZE: Option = None; + +const PORT: u16 = 1443; +const MAX_ITERATIONS: usize = 30; +const CERTFILE: &str = match option_env!("CERTFILE") { + Some(certfile) => certfile, + None => "localhost.pem", +}; +const PRIV_KEY_FILE: &str = match option_env!("PRIV_KEY_FILE") { + Some(priv_key_file) => priv_key_file, + None => "localhost-key.pem", +}; + +fn main() -> Result<(), Box> { + let mut config = ServerConfig::builder() + .with_no_client_auth() + .with_single_cert(load_certs()?, load_private_key()?)?; + + if let Some(max_early_data_size) = MAX_EARLY_DATA_SIZE { + config.max_early_data_size = max_early_data_size; + } + + config.max_fragment_size = MAX_FRAGMENT_SIZE; + + let config = Arc::new(config); + + let listener = TcpListener::bind(format!("[::]:{PORT}"))?; + + let mut incoming_tls = [0; INCOMING_TLS_BUFSIZE]; + let mut outgoing_tls = vec![0; OUTGOING_TLS_INITIAL_BUFSIZE]; + for stream in listener.incoming() { + handle(stream?, &config, &mut incoming_tls, &mut outgoing_tls)?; + } + + Ok(()) +} + +fn handle( + mut sock: TcpStream, + config: &Arc, + incoming_tls: &mut [u8], + outgoing_tls: &mut Vec, +) -> Result<(), Box> { + eprintln!("\n---- new client ----"); + + dbg!(sock.peer_addr()?); + + let mut conn = UnbufferedServerConnection::new(config.clone())?; + + let mut incoming_used = 0; + let mut outgoing_used = 0; + + let mut open_connection = true; + let mut received_request = false; + let mut sent_response = false; + + let mut iter_count = 0; + while open_connection { + let UnbufferedStatus { mut discard, state } = + conn.process_tls_records(&mut incoming_tls[..incoming_used])?; + + match dbg!(state) { + ConnectionState::ReadTraffic(mut state) => { + while let Some(res) = state.next_record() { + let AppDataRecord { + discard: new_discard, + payload, + } = res?; + discard += new_discard; + + if payload.starts_with(b"GET") { + let response = core::str::from_utf8(payload)?; + let header = response + .lines() + .next() + .unwrap_or(response); + + println!("{header}"); + } else { + println!("(.. continued HTTP request ..)"); + } + + received_request = true; + } + } + + ConnectionState::EncodeTlsData(mut state) => { + try_or_resize_and_retry( + |out_buffer| state.encode(out_buffer), + |e| { + if let EncodeError::InsufficientSize(is) = &e { + Ok(*is) + } else { + Err(e.into()) + } + }, + outgoing_tls, + &mut outgoing_used, + )?; + } + + ConnectionState::TransmitTlsData(state) => { + send_tls(&mut sock, outgoing_tls, &mut outgoing_used)?; + state.done(); + } + + ConnectionState::BlockedHandshake { .. } => { + recv_tls(&mut sock, incoming_tls, &mut incoming_used)?; + } + + ConnectionState::WriteTraffic(mut state) => { + if !received_request { + recv_tls(&mut sock, incoming_tls, &mut incoming_used)?; + } else { + let map_err = |e| { + if let EncryptError::InsufficientSize(is) = &e { + Ok(*is) + } else { + Err(e.into()) + } + }; + + let http_response = b"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\nHello world from rustls unbuffered server\r\n"; + try_or_resize_and_retry( + |out_buffer| state.encrypt(http_response, out_buffer), + map_err, + outgoing_tls, + &mut outgoing_used, + )?; + sent_response = true; + + try_or_resize_and_retry( + |out_buffer| state.queue_close_notify(out_buffer), + map_err, + outgoing_tls, + &mut outgoing_used, + )?; + open_connection = false; + + send_tls(&mut sock, outgoing_tls, &mut outgoing_used)?; + } + } + + _ => unreachable!(), + } + + if discard != 0 { + assert!(discard <= incoming_used); + + incoming_tls.copy_within(discard..incoming_used, 0); + incoming_used -= discard; + + eprintln!("discarded {discard}B from `incoming_tls`"); + } + + iter_count += 1; + assert!( + iter_count < MAX_ITERATIONS, + "did not get a HTTP response within {MAX_ITERATIONS} iterations" + ); + } + + assert!(received_request); + assert!(sent_response); + assert_eq!(0, incoming_used); + assert_eq!(0, outgoing_used); + + Ok(()) +} + +fn try_or_resize_and_retry( + mut f: impl FnMut(&mut [u8]) -> Result, + map_err: impl FnOnce(E) -> Result>, + outgoing_tls: &mut Vec, + outgoing_used: &mut usize, +) -> Result> +where + E: Error + 'static, +{ + let written = match f(&mut outgoing_tls[*outgoing_used..]) { + Ok(written) => written, + + Err(e) => { + let InsufficientSizeError { required_size } = map_err(e)?; + let new_len = *outgoing_used + required_size; + outgoing_tls.resize(new_len, 0); + eprintln!("resized `outgoing_tls` buffer to {new_len}B"); + + f(&mut outgoing_tls[*outgoing_used..])? + } + }; + + *outgoing_used += written; + + Ok(written) +} + +fn recv_tls( + sock: &mut TcpStream, + incoming_tls: &mut [u8], + incoming_used: &mut usize, +) -> Result<(), Box> { + let read = sock.read(&mut incoming_tls[*incoming_used..])?; + eprintln!("received {read}B of data"); + *incoming_used += read; + Ok(()) +} + +fn send_tls( + sock: &mut TcpStream, + outgoing_tls: &[u8], + outgoing_used: &mut usize, +) -> Result<(), Box> { + sock.write_all(&outgoing_tls[..*outgoing_used])?; + eprintln!("sent {outgoing_used}B of data"); + *outgoing_used = 0; + Ok(()) +} + +fn load_certs() -> Result>, io::Error> { + let mut reader = BufReader::new(File::open(CERTFILE)?); + rustls_pemfile::certs(&mut reader).collect() +} + +fn load_private_key() -> Result, io::Error> { + let mut reader = BufReader::new(File::open(PRIV_KEY_FILE)?); + + loop { + match rustls_pemfile::read_one(&mut reader)? { + Some(Item::Pkcs1Key(key)) => return Ok(key.into()), + Some(Item::Pkcs8Key(key)) => return Ok(key.into()), + Some(Item::Sec1Key(key)) => return Ok(key.into()), + None => break, + _ => continue, + } + } + + panic!("no keys found in {PRIV_KEY_FILE}") +} diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 6ecb03c034..2a203f4494 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -448,6 +448,7 @@ pub mod internal { /// std, non-async context. /// /// [`unbuffered-client`]: https://github.com/rustls/rustls/blob/main/examples/src/bin/unbuffererd-client.rs +/// [`unbuffered-server`]: https://github.com/rustls/rustls/blob/main/examples/src/bin/unbuffererd-server.rs pub mod unbuffered { pub use crate::conn::unbuffered::{ AppDataRecord, ConnectionState, EncodeError, EncodeTlsData, EncryptError, @@ -546,6 +547,7 @@ pub mod server { pub use server_conn::StoresServerSessions; pub use server_conn::{ Accepted, Acceptor, ReadEarlyData, ServerConfig, ServerConnection, ServerConnectionData, + UnbufferedServerConnection, }; pub use server_conn::{ClientHello, ProducesTickets, ResolvesServerCert}; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 4c6e9f5eb0..60dfa56d43 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,6 +1,6 @@ use crate::builder::ConfigBuilder; use crate::common_state::{CommonState, Context, Protocol, Side, State}; -use crate::conn::{ConnectionCommon, ConnectionCore}; +use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon}; use crate::crypto::CryptoProvider; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -561,6 +561,42 @@ impl From for crate::Connection { } } +/// Unbuffered version of `ServerConnection` +/// +/// See the [`crate::unbuffered`] module docs for more details +pub struct UnbufferedServerConnection { + inner: UnbufferedConnectionCommon, +} + +impl UnbufferedServerConnection { + /// Make a new ServerConnection. `config` controls how we behave in the TLS protocol. + pub fn new(config: Arc) -> Result { + let mut common = CommonState::new(Side::Server); + common.set_max_fragment_size(config.max_fragment_size)?; + common.enable_secret_extraction = config.enable_secret_extraction; + Ok(Self { + inner: UnbufferedConnectionCommon::from(ConnectionCore::for_server( + config, + Vec::new(), + )?), + }) + } +} + +impl Deref for UnbufferedServerConnection { + type Target = UnbufferedConnectionCommon; + + fn deref(&self) -> &Self::Target { + &self.inner + } +} + +impl DerefMut for UnbufferedServerConnection { + fn deref_mut(&mut self) -> &mut Self::Target { + &mut self.inner + } +} + /// Handle a server-side connection before configuration is available. /// /// `Acceptor` allows the caller to choose a [`ServerConfig`] after reading From 07297f7f4f70781a18bc4a9a59cf2d7ebf95a0a4 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Mon, 13 Nov 2023 15:16:20 +0100 Subject: [PATCH 0542/1145] early data support --- examples/src/bin/unbuffered-client.rs | 31 +++++++- examples/src/bin/unbuffered-server.rs | 14 ++++ rustls/src/client/client_conn.rs | 93 ++++++++++++++++++++++-- rustls/src/conn/unbuffered.rs | 100 +++++++++++++++++++++++++- rustls/src/lib.rs | 5 +- rustls/src/server/server_conn.rs | 13 ++++ 6 files changed, 244 insertions(+), 12 deletions(-) diff --git a/examples/src/bin/unbuffered-client.rs b/examples/src/bin/unbuffered-client.rs index bbd9fdf395..9b0b0896aa 100644 --- a/examples/src/bin/unbuffered-client.rs +++ b/examples/src/bin/unbuffered-client.rs @@ -6,7 +6,7 @@ use std::io::{Read, Write}; use std::net::TcpStream; use std::sync::Arc; -use rustls::client::{ClientConnectionData, UnbufferedClientConnection}; +use rustls::client::{ClientConnectionData, EarlyDataError, UnbufferedClientConnection}; use rustls::unbuffered::{ AppDataRecord, ConnectionState, EncodeError, EncryptError, InsufficientSizeError, UnbufferedStatus, WriteTraffic, @@ -23,28 +23,36 @@ const INCOMING_TLS_BUFSIZE: usize = 16 * KB; const OUTGOING_TLS_INITIAL_BUFSIZE: usize = KB; const MAX_ITERATIONS: usize = 20; +const SEND_EARLY_DATA: bool = false; +const EARLY_DATA: &[u8] = b"hello"; fn main() -> Result<(), Box> { let root_store = RootCertStore { roots: webpki_roots::TLS_SERVER_ROOTS.into(), }; - let config = ClientConfig::builder_with_protocol_versions(&[&TLS13]) + let mut config = ClientConfig::builder_with_protocol_versions(&[&TLS13]) .with_root_certificates(root_store) .with_no_client_auth(); + config.enable_early_data = SEND_EARLY_DATA; let config = Arc::new(config); let mut incoming_tls = [0; INCOMING_TLS_BUFSIZE]; let mut outgoing_tls = vec![0; OUTGOING_TLS_INITIAL_BUFSIZE]; - converse(&config, &mut incoming_tls, &mut outgoing_tls)?; + converse(&config, false, &mut incoming_tls, &mut outgoing_tls)?; + if SEND_EARLY_DATA { + eprintln!("---- second connection ----"); + converse(&config, true, &mut incoming_tls, &mut outgoing_tls)?; + } Ok(()) } fn converse( config: &Arc, + send_early_data: bool, incoming_tls: &mut [u8], outgoing_tls: &mut Vec, ) -> Result<(), Box> { @@ -57,6 +65,7 @@ fn converse( let mut open_connection = true; let mut sent_request = false; let mut received_response = false; + let mut sent_early_data = false; let mut iter_count = 0; while open_connection { @@ -104,6 +113,21 @@ fn converse( } ConnectionState::TransmitTlsData(mut state) => { + if let Some(mut may_encrypt_early_data) = state.may_encrypt_early_data() { + let written = try_or_resize_and_retry( + |out_buffer| may_encrypt_early_data.encrypt(EARLY_DATA, out_buffer), + |e| match &e { + EarlyDataError::Encrypt(EncryptError::InsufficientSize(is)) => Ok(*is), + _ => Err(e.into()), + }, + outgoing_tls, + &mut outgoing_used, + )?; + + eprintln!("queued {written}B of early data"); + sent_early_data = true; + } + if let Some(mut may_encrypt) = state.may_encrypt_app_data() { encrypt_http_request( &mut sent_request, @@ -179,6 +203,7 @@ fn converse( assert!(sent_request); assert!(received_response); + assert_eq!(send_early_data, sent_early_data); assert_eq!(0, incoming_used); assert_eq!(0, outgoing_used); diff --git a/examples/src/bin/unbuffered-server.rs b/examples/src/bin/unbuffered-server.rs index 05e6fd6814..8886af25a8 100644 --- a/examples/src/bin/unbuffered-server.rs +++ b/examples/src/bin/unbuffered-server.rs @@ -103,6 +103,20 @@ fn handle( } } + ConnectionState::ReadEarlyData(mut state) => { + while let Some(res) = state.next_record() { + let AppDataRecord { + discard: new_discard, + payload, + } = res?; + discard += new_discard; + + println!("early data: {:?}", core::str::from_utf8(payload)); + + received_request = true; + } + } + ConnectionState::EncodeTlsData(mut state) => { try_or_resize_and_retry( |out_buffer| state.encode(out_buffer), diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index b4eacce607..345991e5fd 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -11,6 +11,7 @@ use crate::msgs::handshake::ClientExtension; use crate::msgs::persist; use crate::sign; use crate::suites::{ExtractedSecrets, SupportedCipherSuite}; +use crate::unbuffered::{EncryptError, TransmitTlsData}; use crate::versions; use crate::KeyLog; #[cfg(feature = "ring")] @@ -28,6 +29,7 @@ use core::fmt; use core::marker::PhantomData; use core::mem; use core::ops::{Deref, DerefMut}; +use std::error::Error as StdError; use std::io; #[cfg(doc)] @@ -466,6 +468,11 @@ impl EarlyData { } fn check_write(&mut self, sz: usize) -> io::Result { + self.check_write_opt(sz) + .ok_or_else(|| io::Error::from(io::ErrorKind::InvalidInput)) + } + + fn check_write_opt(&mut self, sz: usize) -> Option { match self.state { EarlyDataState::Disabled => unreachable!(), EarlyDataState::Ready | EarlyDataState::Accepted => { @@ -476,11 +483,9 @@ impl EarlyData { sz }; - Ok(take) - } - EarlyDataState::Rejected | EarlyDataState::AcceptedFinished => { - Err(io::Error::from(io::ErrorKind::InvalidInput)) + Some(take) } + EarlyDataState::Rejected | EarlyDataState::AcceptedFinished => None, } } @@ -694,6 +699,86 @@ impl DerefMut for UnbufferedClientConnection { } } +impl TransmitTlsData<'_, ClientConnectionData> { + /// returns an adapter that allows encrypting early (RTT-0) data before transmitting the + /// already encoded TLS data + /// + /// IF allowed by the protocol + pub fn may_encrypt_early_data(&mut self) -> Option { + if self + .conn + .core + .data + .early_data + .is_enabled() + { + Some(MayEncryptEarlyData { conn: self.conn }) + } else { + None + } + } +} + +/// Allows encrypting early (RTT-0) data +pub struct MayEncryptEarlyData<'c> { + conn: &'c mut UnbufferedConnectionCommon, +} + +impl MayEncryptEarlyData<'_> { + /// Encrypts `application_data` into the `outgoing_tls` buffer + /// + /// returns the number of bytes that were written into `outgoing_tls`, or an error if + /// the provided buffer was too small. In the error case, `outgoing_tls` is not modified + pub fn encrypt( + &mut self, + early_data: &[u8], + outgoing_tls: &mut [u8], + ) -> Result { + let allowed = match self + .conn + .core + .data + .early_data + .check_write_opt(early_data.len()) + { + Some(allowed) => allowed, + None => return Err(EarlyDataError::ExceededAllowedEarlyData), + }; + + self.conn + .core + .common_state + .write_plaintext(&early_data[..allowed], outgoing_tls) + .map_err(|e| e.into()) + } +} + +/// Errors that may arise when encrypting early (RTT-0) data +#[derive(Debug)] +pub enum EarlyDataError { + /// Cannot encrypt more early data due to imposed limits + ExceededAllowedEarlyData, + /// Encryption error + Encrypt(EncryptError), +} + +impl From for EarlyDataError { + fn from(v: EncryptError) -> Self { + Self::Encrypt(v) + } +} + +impl fmt::Display for EarlyDataError { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + match self { + Self::ExceededAllowedEarlyData => f.write_str("cannot send any more early data"), + Self::Encrypt(e) => fmt::Display::fmt(e, f), + } + } +} + +impl StdError for EarlyDataError {} + /// State associated with a client connection. #[derive(Debug)] pub struct ClientConnectionData { diff --git a/rustls/src/conn/unbuffered.rs b/rustls/src/conn/unbuffered.rs index 098781c100..660596e864 100644 --- a/rustls/src/conn/unbuffered.rs +++ b/rustls/src/conn/unbuffered.rs @@ -6,19 +6,51 @@ use core::{fmt, mem}; use std::error::Error as StdError; use super::UnbufferedConnectionCommon; +use crate::client::ClientConnectionData; use crate::msgs::deframer::DeframerSliceBuffer; +use crate::server::ServerConnectionData; use crate::Error; -impl UnbufferedConnectionCommon { +impl UnbufferedConnectionCommon { + /// Processes the TLS records in `incoming_tls` buffer until a new [`UnbufferedStatus`] is + /// reached. + pub fn process_tls_records<'c, 'i>( + &'c mut self, + incoming_tls: &'i mut [u8], + ) -> Result, Error> { + self.process_tls_records_common(incoming_tls, |_| None, |_, _, ()| unreachable!()) + } +} + +impl UnbufferedConnectionCommon { /// Processes the TLS records in `incoming_tls` buffer until a new [`UnbufferedStatus`] is /// reached. pub fn process_tls_records<'c, 'i>( &'c mut self, incoming_tls: &'i mut [u8], + ) -> Result, Error> { + self.process_tls_records_common( + incoming_tls, + |conn| conn.pop_early_data(), + |conn, incoming_tls, chunk| ReadEarlyData::new(conn, incoming_tls, chunk).into(), + ) + } +} + +impl UnbufferedConnectionCommon { + fn process_tls_records_common<'c, 'i, T>( + &'c mut self, + incoming_tls: &'i mut [u8], + mut check: impl FnMut(&mut Self) -> Option, + execute: impl FnOnce(&'c mut Self, &'i mut [u8], T) -> ConnectionState<'c, 'i, Data>, ) -> Result, Error> { let mut buffer = DeframerSliceBuffer::new(incoming_tls); let (discard, state) = loop { + if let Some(value) = check(self) { + break (buffer.pending_discard(), execute(self, incoming_tls, value)); + } + if let Some(chunk) = self .core .common_state @@ -125,6 +157,9 @@ pub enum ConnectionState<'c, 'i, Data> { /// Connection has been cleanly closed by the peer Closed, + /// One, or more, early (RTT-0) data records are available + ReadEarlyData(ReadEarlyData<'c, 'i, Data>), + /// A Handshake record is ready for encoding /// /// Call [`EncodeTlsData::encode`] on the enclosed object, providing an `outgoing_tls` @@ -173,6 +208,12 @@ impl<'c, 'i, Data> From> for ConnectionState<'c, 'i, D } } +impl<'c, 'i, Data> From> for ConnectionState<'c, 'i, Data> { + fn from(v: ReadEarlyData<'c, 'i, Data>) -> Self { + Self::ReadEarlyData(v) + } +} + impl<'c, 'i, Data> From> for ConnectionState<'c, 'i, Data> { fn from(v: EncodeTlsData<'c, Data>) -> Self { Self::EncodeTlsData(v) @@ -192,6 +233,8 @@ impl fmt::Debug for ConnectionState<'_, '_, Data> { Self::Closed => write!(f, "Closed"), + Self::ReadEarlyData(..) => f.debug_tuple("ReadEarlyData").finish(), + Self::EncodeTlsData(..) => f.debug_tuple("EncodeTlsData").finish(), Self::TransmitTlsData(..) => f @@ -199,7 +242,7 @@ impl fmt::Debug for ConnectionState<'_, '_, Data> { .finish(), Self::BlockedHandshake => f - .debug_struct("BlockedHandshake") + .debug_tuple("BlockedHandshake") .finish(), Self::WriteTraffic(..) => f.debug_tuple("WriteTraffic").finish(), @@ -256,6 +299,57 @@ impl<'c, 'i, Data> ReadTraffic<'c, 'i, Data> { } } +/// Early application-data is available. +pub struct ReadEarlyData<'c, 'i, Data> { + _conn: &'c mut UnbufferedConnectionCommon, + // for forwards compatibility; to support in-place decryption in the future + _incoming_tls: &'i mut [u8], + chunk: Vec, + taken: bool, +} + +impl<'c, 'i, Data> ReadEarlyData<'c, 'i, Data> { + fn new( + _conn: &'c mut UnbufferedConnectionCommon, + _incoming_tls: &'i mut [u8], + chunk: Vec, + ) -> Self { + Self { + _conn, + _incoming_tls, + chunk, + taken: false, + } + } +} + +impl<'c, 'i> ReadEarlyData<'c, 'i, ServerConnectionData> { + /// decrypts and returns the next available app-data record + // TODO deprecate in favor of `Iterator` implementation, which requires in-place decryption + pub fn next_record(&mut self) -> Option> { + if self.taken { + None + } else { + self.taken = true; + Some(Ok(AppDataRecord { + discard: 0, + payload: &self.chunk, + })) + } + } + + /// returns the payload size of the next app-data record *without* decrypting it + /// + /// returns `None` if there are no more app-data records + pub fn peek_len(&self) -> Option { + if self.taken { + None + } else { + NonZeroUsize::new(self.chunk.len()) + } + } +} + /// A decrypted application-data record pub struct AppDataRecord<'i> { /// Number of additional bytes to discard @@ -343,7 +437,7 @@ impl<'c, Data> EncodeTlsData<'c, Data> { /// Previously encoded TLS data must be transmitted pub struct TransmitTlsData<'c, Data> { - conn: &'c mut UnbufferedConnectionCommon, + pub(crate) conn: &'c mut UnbufferedConnectionCommon, } impl TransmitTlsData<'_, Data> { diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 2a203f4494..36ce1bc843 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -452,7 +452,8 @@ pub mod internal { pub mod unbuffered { pub use crate::conn::unbuffered::{ AppDataRecord, ConnectionState, EncodeError, EncodeTlsData, EncryptError, - InsufficientSizeError, ReadTraffic, TransmitTlsData, UnbufferedStatus, WriteTraffic, + InsufficientSizeError, ReadEarlyData, ReadTraffic, TransmitTlsData, UnbufferedStatus, + WriteTraffic, }; pub use crate::conn::UnbufferedConnectionCommon; } @@ -502,7 +503,7 @@ pub mod client { pub use builder::WantsClientCert; pub use client_conn::{ - ClientConfig, ClientConnection, ClientConnectionData, ClientSessionStore, + ClientConfig, ClientConnection, ClientConnectionData, ClientSessionStore, EarlyDataError, ResolvesClientCert, Resumption, Tls12Resumption, UnbufferedClientConnection, WriteEarlyData, }; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 60dfa56d43..b5a6391936 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -597,6 +597,12 @@ impl DerefMut for UnbufferedServerConnection { } } +impl UnbufferedConnectionCommon { + pub(crate) fn pop_early_data(&mut self) -> Option> { + self.core.data.early_data.pop() + } +} + /// Handle a server-side connection before configuration is available. /// /// `Acceptor` allows the caller to choose a [`ServerConfig`] after reading @@ -817,6 +823,13 @@ impl EarlyDataState { matches!(self, Self::Rejected) } + fn pop(&mut self) -> Option> { + match self { + Self::Accepted(ref mut received) => received.pop(), + _ => None, + } + } + fn read(&mut self, buf: &mut [u8]) -> io::Result { match self { Self::Accepted(ref mut received) => received.read(buf), From aec738ffd4489f06e7e3848361091d13f879c1ff Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Mon, 13 Nov 2023 17:15:35 +0100 Subject: [PATCH 0543/1145] test handshake --- rustls/tests/unbuffered.rs | 193 +++++++++++++++++++++++++++++++++++++ 1 file changed, 193 insertions(+) create mode 100644 rustls/tests/unbuffered.rs diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs new file mode 100644 index 0000000000..31614a11e3 --- /dev/null +++ b/rustls/tests/unbuffered.rs @@ -0,0 +1,193 @@ +#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] +use std::sync::Arc; + +use rustls::client::{ClientConnectionData, UnbufferedClientConnection}; +use rustls::server::{ServerConnectionData, UnbufferedServerConnection}; +use rustls::unbuffered::{ConnectionState, UnbufferedConnectionCommon, UnbufferedStatus}; + +use crate::common::*; + +mod common; + +#[test] +fn handshake() { + for version in rustls::ALL_VERSIONS { + let server_config = make_server_config(KeyType::Rsa); + let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]); + + let mut client = + UnbufferedClientConnection::new(Arc::new(client_config), server_name("localhost")) + .unwrap(); + let mut server = UnbufferedServerConnection::new(Arc::new(server_config)).unwrap(); + let mut buffers = BothBuffers::default(); + + let mut count = 0; + let mut client_handshake_done = false; + let mut server_handshake_done = false; + while !client_handshake_done || !server_handshake_done { + match advance_client(&mut client, &mut buffers.client) { + State::EncodedTlsData => {} + State::TransmitTlsData => buffers.client_send(), + State::BlockedHandshake => buffers.server_send(), + State::WriteTraffic => client_handshake_done = true, + } + + match advance_server(&mut server, &mut buffers.server) { + State::EncodedTlsData => {} + State::TransmitTlsData => buffers.server_send(), + State::BlockedHandshake => buffers.client_send(), + State::WriteTraffic => server_handshake_done = true, + } + + count += 1; + + assert!(count <= 100, "handshake {version:?} was not completed"); + } + } +} + +#[derive(Debug)] +enum State { + EncodedTlsData, + BlockedHandshake, + WriteTraffic, + TransmitTlsData, +} + +fn advance_client( + conn: &mut UnbufferedConnectionCommon, + buffers: &mut Buffers, +) -> State { + let UnbufferedStatus { discard, state } = conn + .process_tls_records(buffers.incoming.filled()) + .unwrap(); + + let state = handle_state(state, &mut buffers.outgoing); + buffers.incoming.discard(discard); + + state +} + +fn advance_server( + conn: &mut UnbufferedConnectionCommon, + buffers: &mut Buffers, +) -> State { + let UnbufferedStatus { discard, state } = conn + .process_tls_records(buffers.incoming.filled()) + .unwrap(); + + let state = handle_state(state, &mut buffers.outgoing); + buffers.incoming.discard(discard); + + state +} + +fn handle_state(state: ConnectionState<'_, '_, Data>, outgoing: &mut Buffer) -> State { + match state { + ConnectionState::EncodeTlsData(mut state) => { + let written = state + .encode(outgoing.unfilled()) + .unwrap(); + outgoing.advance(written); + + State::EncodedTlsData + } + + ConnectionState::TransmitTlsData(state) => { + // this should be called *after* the data has been transmitted but it's easier to + // do it in reverse + state.done(); + State::TransmitTlsData + } + + ConnectionState::BlockedHandshake { .. } => State::BlockedHandshake, + + ConnectionState::WriteTraffic(_) => State::WriteTraffic, + + _ => unreachable!(), + } +} + +#[derive(Default)] +struct BothBuffers { + client: Buffers, + server: Buffers, +} + +impl BothBuffers { + fn client_send(&mut self) { + let client_data = self.client.outgoing.filled(); + let num_bytes = client_data.len(); + if num_bytes == 0 { + return; + } + self.server.incoming.append(client_data); + self.client.outgoing.clear(); + eprintln!("client sent {num_bytes}B"); + } + + fn server_send(&mut self) { + let server_data = self.server.outgoing.filled(); + let num_bytes = server_data.len(); + if num_bytes == 0 { + return; + } + self.client.incoming.append(server_data); + self.server.outgoing.clear(); + eprintln!("server sent {num_bytes}B"); + } +} + +#[derive(Default)] +struct Buffers { + incoming: Buffer, + outgoing: Buffer, +} + +struct Buffer { + inner: Vec, + used: usize, +} + +impl Default for Buffer { + fn default() -> Self { + Self { + inner: vec![0; 16 * 1024], + used: 0, + } + } +} + +impl Buffer { + fn advance(&mut self, num_bytes: usize) { + self.used += num_bytes; + } + + fn append(&mut self, bytes: &[u8]) { + let num_bytes = bytes.len(); + self.unfilled()[..num_bytes].copy_from_slice(bytes); + self.advance(num_bytes) + } + + fn clear(&mut self) { + self.used = 0; + } + + fn discard(&mut self, discard: usize) { + if discard != 0 { + assert!(discard <= self.used); + + self.inner + .copy_within(discard..self.used, 0); + self.used -= discard; + } + } + + fn filled(&mut self) -> &mut [u8] { + &mut self.inner[..self.used] + } + + fn unfilled(&mut self) -> &mut [u8] { + &mut self.inner[self.used..] + } +} From 3eacd0cb05e28bf9148c7cf53f3a2bb29d270cd7 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Mon, 13 Nov 2023 17:36:43 +0100 Subject: [PATCH 0544/1145] test app-data transmission --- rustls/tests/unbuffered.rs | 256 +++++++++++++++++++++++++++++++++---- 1 file changed, 234 insertions(+), 22 deletions(-) diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 31614a11e3..cd4ef4deed 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -3,66 +3,228 @@ use std::sync::Arc; use rustls::client::{ClientConnectionData, UnbufferedClientConnection}; use rustls::server::{ServerConnectionData, UnbufferedServerConnection}; -use rustls::unbuffered::{ConnectionState, UnbufferedConnectionCommon, UnbufferedStatus}; +use rustls::unbuffered::{ + ConnectionState, WriteTraffic, UnbufferedConnectionCommon, UnbufferedStatus, +}; use crate::common::*; mod common; +const MAX_ITERATIONS: usize = 100; + #[test] fn handshake() { for version in rustls::ALL_VERSIONS { - let server_config = make_server_config(KeyType::Rsa); - let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]); + let (mut client, mut server) = make_connection_pair(version); + let mut buffers = BothBuffers::default(); - let mut client = - UnbufferedClientConnection::new(Arc::new(client_config), server_name("localhost")) - .unwrap(); - let mut server = UnbufferedServerConnection::new(Arc::new(server_config)).unwrap(); + let mut count = 0; + let mut client_handshake_done = false; + let mut server_handshake_done = false; + while !client_handshake_done || !server_handshake_done { + match advance_client(&mut client, &mut buffers.client, NO_ACTIONS) { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_app_data: false, + } => buffers.client_send(), + State::BlockedHandshake => buffers.server_send(), + State::WriteTraffic { + sent_app_data: false, + } => client_handshake_done = true, + state => unreachable!("{state:?}"), + } + + match advance_server(&mut server, &mut buffers.server, NO_ACTIONS) { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_app_data: false, + } => buffers.server_send(), + State::BlockedHandshake => buffers.client_send(), + State::WriteTraffic { + sent_app_data: false, + } => server_handshake_done = true, + state => unreachable!("{state:?}"), + } + + count += 1; + + assert!( + count <= MAX_ITERATIONS, + "handshake {version:?} was not completed" + ); + } + } +} + +#[test] +fn app_data_client_to_server() { + let expected: &[_] = b"hello"; + for version in rustls::ALL_VERSIONS { + eprintln!("{version:?}"); + + let (mut client, mut server) = make_connection_pair(version); + let mut buffers = BothBuffers::default(); + + let mut client_actions = Actions { + app_data_to_send: Some(expected), + }; + let mut received_app_data = vec![]; + let mut count = 0; + let mut client_handshake_done = false; + let mut server_handshake_done = false; + while !client_handshake_done || !server_handshake_done { + match advance_client(&mut client, &mut buffers.client, client_actions) { + State::EncodedTlsData => {} + State::TransmitTlsData { sent_app_data } => { + buffers.client_send(); + + if sent_app_data { + client_actions.app_data_to_send = None; + } + } + State::BlockedHandshake => buffers.server_send(), + State::WriteTraffic { sent_app_data } => { + if sent_app_data { + buffers.client_send(); + client_actions.app_data_to_send = None; + } + + client_handshake_done = true + } + state => unreachable!("{state:?}"), + } + + match advance_server(&mut server, &mut buffers.server, NO_ACTIONS) { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_app_data: false, + } => buffers.server_send(), + State::BlockedHandshake => buffers.client_send(), + State::ReceivedAppData { records } => { + received_app_data.extend(records); + } + State::WriteTraffic { + sent_app_data: false, + } => server_handshake_done = true, + state => unreachable!("{state:?}"), + } + + count += 1; + + assert!( + count <= MAX_ITERATIONS, + "handshake {version:?} was not completed" + ); + } + + assert!(client_handshake_done); + assert!(server_handshake_done); + + assert!(client_actions + .app_data_to_send + .is_none()); + assert_eq!([expected], received_app_data.as_slice()); + } +} + +#[test] +fn app_data_server_to_client() { + let expected: &[_] = b"hello"; + for version in rustls::ALL_VERSIONS { + eprintln!("{version:?}"); + + let (mut client, mut server) = make_connection_pair(version); let mut buffers = BothBuffers::default(); + let mut server_actions = Actions { + app_data_to_send: Some(expected), + }; + let mut received_app_data = vec![]; let mut count = 0; let mut client_handshake_done = false; let mut server_handshake_done = false; while !client_handshake_done || !server_handshake_done { - match advance_client(&mut client, &mut buffers.client) { + match advance_client(&mut client, &mut buffers.client, NO_ACTIONS) { State::EncodedTlsData => {} - State::TransmitTlsData => buffers.client_send(), + State::TransmitTlsData { + sent_app_data: false, + } => buffers.client_send(), State::BlockedHandshake => buffers.server_send(), - State::WriteTraffic => client_handshake_done = true, + State::WriteTraffic { + sent_app_data: false, + } => client_handshake_done = true, + State::ReceivedAppData { records } => { + received_app_data.extend(records); + } + state => unreachable!("{state:?}"), } - match advance_server(&mut server, &mut buffers.server) { + match advance_server(&mut server, &mut buffers.server, server_actions) { State::EncodedTlsData => {} - State::TransmitTlsData => buffers.server_send(), + State::TransmitTlsData { sent_app_data } => { + buffers.server_send(); + if sent_app_data { + server_actions.app_data_to_send = None; + } + } State::BlockedHandshake => buffers.client_send(), - State::WriteTraffic => server_handshake_done = true, + State::ReceivedAppData { records } => { + received_app_data.extend(records); + } + // server does not need to reach this state to send data to the client + State::WriteTraffic { + sent_app_data: false, + } => server_handshake_done = true, + state => unreachable!("{state:?}"), } count += 1; - assert!(count <= 100, "handshake {version:?} was not completed"); + assert!( + count <= MAX_ITERATIONS, + "handshake {version:?} was not completed" + ); } + + assert!(client_handshake_done); + assert!(server_handshake_done); + + assert!(server_actions + .app_data_to_send + .is_none()); + assert_eq!([expected], received_app_data.as_slice()); } } #[derive(Debug)] enum State { EncodedTlsData, + TransmitTlsData { sent_app_data: bool }, BlockedHandshake, - WriteTraffic, - TransmitTlsData, + ReceivedAppData { records: Vec> }, + WriteTraffic { sent_app_data: bool }, +} + +const NO_ACTIONS: Actions = Actions { + app_data_to_send: None, +}; + +#[derive(Clone, Copy, Debug)] +struct Actions<'a> { + app_data_to_send: Option<&'a [u8]>, } fn advance_client( conn: &mut UnbufferedConnectionCommon, buffers: &mut Buffers, + actions: Actions, ) -> State { let UnbufferedStatus { discard, state } = conn .process_tls_records(buffers.incoming.filled()) .unwrap(); - let state = handle_state(state, &mut buffers.outgoing); + let state = handle_state(state, &mut buffers.outgoing, actions); buffers.incoming.discard(discard); state @@ -71,18 +233,23 @@ fn advance_client( fn advance_server( conn: &mut UnbufferedConnectionCommon, buffers: &mut Buffers, + actions: Actions, ) -> State { let UnbufferedStatus { discard, state } = conn .process_tls_records(buffers.incoming.filled()) .unwrap(); - let state = handle_state(state, &mut buffers.outgoing); + let state = handle_state(state, &mut buffers.outgoing, actions); buffers.incoming.discard(discard); state } -fn handle_state(state: ConnectionState<'_, '_, Data>, outgoing: &mut Buffer) -> State { +fn handle_state( + state: ConnectionState<'_, '_, Data>, + outgoing: &mut Buffer, + actions: Actions, +) -> State { match state { ConnectionState::EncodeTlsData(mut state) => { let written = state @@ -93,21 +260,54 @@ fn handle_state(state: ConnectionState<'_, '_, Data>, outgoing: &mut Buffe State::EncodedTlsData } - ConnectionState::TransmitTlsData(state) => { + ConnectionState::TransmitTlsData(mut state) => { + let mut sent_app_data = false; + if let Some(app_data) = actions.app_data_to_send { + if let Some(mut state) = state.may_encrypt_app_data() { + encrypt(&mut state, app_data, outgoing); + sent_app_data = true; + } + } + // this should be called *after* the data has been transmitted but it's easier to // do it in reverse state.done(); - State::TransmitTlsData + State::TransmitTlsData { sent_app_data } } ConnectionState::BlockedHandshake { .. } => State::BlockedHandshake, - ConnectionState::WriteTraffic(_) => State::WriteTraffic, + ConnectionState::WriteTraffic(mut state) => { + let mut sent_app_data = false; + if let Some(app_data) = actions.app_data_to_send { + encrypt(&mut state, app_data, outgoing); + sent_app_data = true; + } + + State::WriteTraffic { sent_app_data } + } + + ConnectionState::ReadTraffic(mut state) => { + let mut records = vec![]; + + while let Some(res) = state.next_record() { + records.push(res.unwrap().payload.to_vec()); + } + + State::ReceivedAppData { records } + } _ => unreachable!(), } } +fn encrypt(state: &mut WriteTraffic<'_, Data>, app_data: &[u8], outgoing: &mut Buffer) { + let written = state + .encrypt(app_data, outgoing.unfilled()) + .unwrap(); + outgoing.advance(written); +} + #[derive(Default)] struct BothBuffers { client: Buffers, @@ -191,3 +391,15 @@ impl Buffer { &mut self.inner[self.used..] } } + +fn make_connection_pair( + version: &'static rustls::SupportedProtocolVersion, +) -> (UnbufferedClientConnection, UnbufferedServerConnection) { + let server_config = make_server_config(KeyType::Rsa); + let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]); + + let client = + UnbufferedClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); + let server = UnbufferedServerConnection::new(Arc::new(server_config)).unwrap(); + (client, server) +} From 4bb87a11bf34c5e3ba046c8d85e90efb6ef68279 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Mon, 13 Nov 2023 18:04:12 +0100 Subject: [PATCH 0545/1145] test early data transmission --- rustls/tests/unbuffered.rs | 157 ++++++++++++++++++++++++++++++++++--- 1 file changed, 148 insertions(+), 9 deletions(-) diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index cd4ef4deed..b762ef9ae7 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -4,8 +4,9 @@ use std::sync::Arc; use rustls::client::{ClientConnectionData, UnbufferedClientConnection}; use rustls::server::{ServerConnectionData, UnbufferedServerConnection}; use rustls::unbuffered::{ - ConnectionState, WriteTraffic, UnbufferedConnectionCommon, UnbufferedStatus, + ConnectionState, UnbufferedConnectionCommon, UnbufferedStatus, WriteTraffic, }; +use rustls::version::TLS13; use crate::common::*; @@ -27,6 +28,7 @@ fn handshake() { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, + sent_early_data: false, } => buffers.client_send(), State::BlockedHandshake => buffers.server_send(), State::WriteTraffic { @@ -39,6 +41,7 @@ fn handshake() { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, + sent_early_data: false, } => buffers.server_send(), State::BlockedHandshake => buffers.client_send(), State::WriteTraffic { @@ -68,6 +71,7 @@ fn app_data_client_to_server() { let mut client_actions = Actions { app_data_to_send: Some(expected), + ..NO_ACTIONS }; let mut received_app_data = vec![]; let mut count = 0; @@ -76,7 +80,10 @@ fn app_data_client_to_server() { while !client_handshake_done || !server_handshake_done { match advance_client(&mut client, &mut buffers.client, client_actions) { State::EncodedTlsData => {} - State::TransmitTlsData { sent_app_data } => { + State::TransmitTlsData { + sent_app_data, + sent_early_data: false, + } => { buffers.client_send(); if sent_app_data { @@ -99,6 +106,7 @@ fn app_data_client_to_server() { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, + sent_early_data: false, } => buffers.server_send(), State::BlockedHandshake => buffers.client_send(), State::ReceivedAppData { records } => { @@ -139,6 +147,7 @@ fn app_data_server_to_client() { let mut server_actions = Actions { app_data_to_send: Some(expected), + ..NO_ACTIONS }; let mut received_app_data = vec![]; let mut count = 0; @@ -149,6 +158,7 @@ fn app_data_server_to_client() { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, + sent_early_data: false, } => buffers.client_send(), State::BlockedHandshake => buffers.server_send(), State::WriteTraffic { @@ -162,7 +172,10 @@ fn app_data_server_to_client() { match advance_server(&mut server, &mut buffers.server, server_actions) { State::EncodedTlsData => {} - State::TransmitTlsData { sent_app_data } => { + State::TransmitTlsData { + sent_app_data, + sent_early_data: false, + } => { buffers.server_send(); if sent_app_data { server_actions.app_data_to_send = None; @@ -197,22 +210,113 @@ fn app_data_server_to_client() { } } +#[test] +fn early_data() { + let expected: &[_] = b"hello"; + + let mut server_config = make_server_config(KeyType::Rsa); + server_config.max_early_data_size = 128; + let server_config = Arc::new(server_config); + + let mut client_config = make_client_config_with_versions(KeyType::Rsa, &[&TLS13]); + client_config.enable_early_data = true; + let client_config = Arc::new(client_config); + + for conn_count in 0..2 { + eprintln!("----"); + let mut client = + UnbufferedClientConnection::new(client_config.clone(), server_name("localhost")) + .unwrap(); + let mut server = UnbufferedServerConnection::new(server_config.clone()).unwrap(); + let mut buffers = BothBuffers::default(); + + let mut client_actions = Actions { + early_data_to_send: Some(expected), + ..NO_ACTIONS + }; + let mut received_early_data = vec![]; + let mut count = 0; + let mut client_handshake_done = false; + let mut server_handshake_done = false; + while !client_handshake_done || !server_handshake_done { + match advance_client(&mut client, &mut buffers.client, client_actions) { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_app_data: false, + sent_early_data, + } => { + buffers.client_send(); + + if sent_early_data { + client_actions.early_data_to_send = None; + } + } + State::BlockedHandshake => buffers.server_send(), + State::WriteTraffic { + sent_app_data: false, + } => client_handshake_done = true, + state => unreachable!("{state:?}"), + } + + match advance_server(&mut server, &mut buffers.server, NO_ACTIONS) { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_app_data: false, + sent_early_data: false, + } => buffers.server_send(), + State::BlockedHandshake => buffers.client_send(), + State::WriteTraffic { + sent_app_data: false, + } => server_handshake_done = true, + State::ReceivedEarlyData { records } => { + received_early_data.extend(records); + } + state => unreachable!("{state:?}"), + } + + count += 1; + + assert!(count <= MAX_ITERATIONS, "handshake was not completed"); + } + + // early data is not exchanged on the first server interaction + if conn_count == 1 { + assert!(client_actions + .early_data_to_send + .is_none()); + assert_eq!([expected], received_early_data.as_slice()); + } + } +} + #[derive(Debug)] enum State { EncodedTlsData, - TransmitTlsData { sent_app_data: bool }, + TransmitTlsData { + sent_app_data: bool, + sent_early_data: bool, + }, BlockedHandshake, - ReceivedAppData { records: Vec> }, - WriteTraffic { sent_app_data: bool }, + ReceivedAppData { + records: Vec>, + }, + ReceivedEarlyData { + records: Vec>, + }, + WriteTraffic { + sent_app_data: bool, + }, } const NO_ACTIONS: Actions = Actions { app_data_to_send: None, + early_data_to_send: None, }; #[derive(Clone, Copy, Debug)] struct Actions<'a> { app_data_to_send: Option<&'a [u8]>, + early_data_to_send: Option<&'a [u8]>, } fn advance_client( @@ -224,7 +328,27 @@ fn advance_client( .process_tls_records(buffers.incoming.filled()) .unwrap(); - let state = handle_state(state, &mut buffers.outgoing, actions); + let state = match state { + ConnectionState::TransmitTlsData(mut state) => { + let mut sent_early_data = false; + if let Some(early_data) = actions.early_data_to_send { + if let Some(mut state) = state.may_encrypt_early_data() { + let written = state + .encrypt(early_data, buffers.outgoing.unfilled()) + .unwrap(); + buffers.outgoing.advance(written); + sent_early_data = true; + } + } + state.done(); + State::TransmitTlsData { + sent_app_data: false, + sent_early_data, + } + } + + state => handle_state(state, &mut buffers.outgoing, actions), + }; buffers.incoming.discard(discard); state @@ -239,7 +363,19 @@ fn advance_server( .process_tls_records(buffers.incoming.filled()) .unwrap(); - let state = handle_state(state, &mut buffers.outgoing, actions); + let state = match state { + ConnectionState::ReadEarlyData(mut state) => { + let mut records = vec![]; + + while let Some(res) = state.next_record() { + records.push(res.unwrap().payload.to_vec()); + } + + State::ReceivedEarlyData { records } + } + + state => handle_state(state, &mut buffers.outgoing, actions), + }; buffers.incoming.discard(discard); state @@ -272,7 +408,10 @@ fn handle_state( // this should be called *after* the data has been transmitted but it's easier to // do it in reverse state.done(); - State::TransmitTlsData { sent_app_data } + State::TransmitTlsData { + sent_app_data, + sent_early_data: false, + } } ConnectionState::BlockedHandshake { .. } => State::BlockedHandshake, From 4258804df5e77454640b5047e39db3702ecf2e3e Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Mon, 13 Nov 2023 18:51:17 +0100 Subject: [PATCH 0546/1145] test close_notify transmission --- rustls/tests/unbuffered.rs | 200 ++++++++++++++++++++++++++++++++++++- 1 file changed, 198 insertions(+), 2 deletions(-) diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index b762ef9ae7..4bf37e679c 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -28,11 +28,13 @@ fn handshake() { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, + sent_close_notify: false, sent_early_data: false, } => buffers.client_send(), State::BlockedHandshake => buffers.server_send(), State::WriteTraffic { sent_app_data: false, + sent_close_notify: false, } => client_handshake_done = true, state => unreachable!("{state:?}"), } @@ -41,11 +43,13 @@ fn handshake() { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, + sent_close_notify: false, sent_early_data: false, } => buffers.server_send(), State::BlockedHandshake => buffers.client_send(), State::WriteTraffic { sent_app_data: false, + sent_close_notify: false, } => server_handshake_done = true, state => unreachable!("{state:?}"), } @@ -82,6 +86,7 @@ fn app_data_client_to_server() { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data, + sent_close_notify: false, sent_early_data: false, } => { buffers.client_send(); @@ -91,7 +96,10 @@ fn app_data_client_to_server() { } } State::BlockedHandshake => buffers.server_send(), - State::WriteTraffic { sent_app_data } => { + State::WriteTraffic { + sent_app_data, + sent_close_notify: false, + } => { if sent_app_data { buffers.client_send(); client_actions.app_data_to_send = None; @@ -106,6 +114,7 @@ fn app_data_client_to_server() { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, + sent_close_notify: false, sent_early_data: false, } => buffers.server_send(), State::BlockedHandshake => buffers.client_send(), @@ -114,6 +123,7 @@ fn app_data_client_to_server() { } State::WriteTraffic { sent_app_data: false, + sent_close_notify: false, } => server_handshake_done = true, state => unreachable!("{state:?}"), } @@ -158,11 +168,13 @@ fn app_data_server_to_client() { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, + sent_close_notify: false, sent_early_data: false, } => buffers.client_send(), State::BlockedHandshake => buffers.server_send(), State::WriteTraffic { sent_app_data: false, + sent_close_notify: false, } => client_handshake_done = true, State::ReceivedAppData { records } => { received_app_data.extend(records); @@ -174,6 +186,7 @@ fn app_data_server_to_client() { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data, + sent_close_notify: false, sent_early_data: false, } => { buffers.server_send(); @@ -188,6 +201,7 @@ fn app_data_server_to_client() { // server does not need to reach this state to send data to the client State::WriteTraffic { sent_app_data: false, + sent_close_notify: false, } => server_handshake_done = true, state => unreachable!("{state:?}"), } @@ -243,6 +257,7 @@ fn early_data() { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, + sent_close_notify: false, sent_early_data, } => { buffers.client_send(); @@ -254,6 +269,7 @@ fn early_data() { State::BlockedHandshake => buffers.server_send(), State::WriteTraffic { sent_app_data: false, + sent_close_notify: false, } => client_handshake_done = true, state => unreachable!("{state:?}"), } @@ -262,11 +278,13 @@ fn early_data() { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, + sent_close_notify: false, sent_early_data: false, } => buffers.server_send(), State::BlockedHandshake => buffers.client_send(), State::WriteTraffic { sent_app_data: false, + sent_close_notify: false, } => server_handshake_done = true, State::ReceivedEarlyData { records } => { received_early_data.extend(records); @@ -289,11 +307,158 @@ fn early_data() { } } +#[test] +fn close_notify_client_to_server() { + for version in rustls::ALL_VERSIONS { + eprintln!("{version:?}"); + + let (mut client, mut server) = make_connection_pair(version); + let mut buffers = BothBuffers::default(); + + let mut client_actions = Actions { + send_close_notify: true, + ..NO_ACTIONS + }; + let mut count = 0; + let mut client_handshake_done = false; + let mut server_handshake_done = false; + let mut reached_connection_closed_state = false; + while !client_handshake_done || !server_handshake_done { + match advance_client(&mut client, &mut buffers.client, client_actions) { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_app_data: false, + sent_close_notify, + sent_early_data: false, + } => { + buffers.client_send(); + if sent_close_notify { + client_actions.send_close_notify = false; + } + } + State::BlockedHandshake => buffers.server_send(), + State::WriteTraffic { + sent_app_data: false, + sent_close_notify, + } => { + if sent_close_notify { + buffers.client_send(); + client_actions.send_close_notify = false; + } + client_handshake_done = true; + } + state => unreachable!("{state:?}"), + } + + match advance_server(&mut server, &mut buffers.server, NO_ACTIONS) { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_app_data: false, + sent_close_notify: false, + sent_early_data: false, + } => buffers.server_send(), + State::BlockedHandshake => buffers.client_send(), + State::WriteTraffic { + sent_app_data: false, + sent_close_notify: false, + } => server_handshake_done = true, + State::Closed => { + server_handshake_done = true; + reached_connection_closed_state = true + } + state => unreachable!("{state:?}"), + } + + count += 1; + + assert!( + count <= MAX_ITERATIONS, + "handshake {version:?} was not completed" + ); + } + + assert!(!client_actions.send_close_notify); + assert!(reached_connection_closed_state); + } +} + +#[test] +fn close_notify_server_to_client() { + for version in rustls::ALL_VERSIONS { + eprintln!("{version:?}"); + + let (mut client, mut server) = make_connection_pair(version); + let mut buffers = BothBuffers::default(); + + let mut server_actions = Actions { + send_close_notify: true, + ..NO_ACTIONS + }; + let mut count = 0; + let mut client_handshake_done = false; + let mut server_handshake_done = false; + let mut reached_connection_closed_state = false; + while !client_handshake_done || !server_handshake_done { + match advance_client(&mut client, &mut buffers.client, NO_ACTIONS) { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_app_data: false, + sent_close_notify: false, + sent_early_data: false, + } => buffers.client_send(), + State::BlockedHandshake => buffers.server_send(), + State::WriteTraffic { + sent_app_data: false, + sent_close_notify: false, + } => client_handshake_done = true, + State::Closed => { + client_handshake_done = true; + reached_connection_closed_state = true + } + state => unreachable!("{state:?}"), + } + + match advance_server(&mut server, &mut buffers.server, server_actions) { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_app_data: false, + sent_close_notify, + sent_early_data: false, + } => { + buffers.server_send(); + if sent_close_notify { + server_actions.send_close_notify = false; + } + } + State::BlockedHandshake => buffers.client_send(), + State::WriteTraffic { + sent_app_data: false, + // servers don't need to reach this state to send a close_notify alert + sent_close_notify: false, + } => server_handshake_done = true, + state => unreachable!("{state:?}"), + } + + count += 1; + + assert!( + count <= MAX_ITERATIONS, + "handshake {version:?} was not completed" + ); + } + + assert!(!server_actions.send_close_notify); + assert!(reached_connection_closed_state); + } +} + #[derive(Debug)] enum State { + Closed, EncodedTlsData, TransmitTlsData { sent_app_data: bool, + sent_close_notify: bool, sent_early_data: bool, }, BlockedHandshake, @@ -305,18 +470,21 @@ enum State { }, WriteTraffic { sent_app_data: bool, + sent_close_notify: bool, }, } const NO_ACTIONS: Actions = Actions { app_data_to_send: None, early_data_to_send: None, + send_close_notify: false, }; #[derive(Clone, Copy, Debug)] struct Actions<'a> { app_data_to_send: Option<&'a [u8]>, early_data_to_send: Option<&'a [u8]>, + send_close_notify: bool, } fn advance_client( @@ -343,6 +511,7 @@ fn advance_client( state.done(); State::TransmitTlsData { sent_app_data: false, + sent_close_notify: false, sent_early_data, } } @@ -405,12 +574,21 @@ fn handle_state( } } + let mut sent_close_notify = false; + if let Some(mut state) = state.may_encrypt_app_data() { + if actions.send_close_notify { + queue_close_notify(&mut state, outgoing); + sent_close_notify = true; + } + } + // this should be called *after* the data has been transmitted but it's easier to // do it in reverse state.done(); State::TransmitTlsData { sent_app_data, sent_early_data: false, + sent_close_notify, } } @@ -423,7 +601,16 @@ fn handle_state( sent_app_data = true; } - State::WriteTraffic { sent_app_data } + let mut sent_close_notify = false; + if actions.send_close_notify { + queue_close_notify(&mut state, outgoing); + sent_close_notify = true; + } + + State::WriteTraffic { + sent_app_data, + sent_close_notify, + } } ConnectionState::ReadTraffic(mut state) => { @@ -436,10 +623,19 @@ fn handle_state( State::ReceivedAppData { records } } + ConnectionState::Closed => State::Closed, + _ => unreachable!(), } } +fn queue_close_notify(state: &mut WriteTraffic<'_, Data>, outgoing: &mut Buffer) { + let written = state + .queue_close_notify(outgoing.unfilled()) + .unwrap(); + outgoing.advance(written); +} + fn encrypt(state: &mut WriteTraffic<'_, Data>, app_data: &[u8], outgoing: &mut Buffer) { let written = state .encrypt(app_data, outgoing.unfilled()) From 0d7934d611146b31fdc7b44ec57cba6dcea7f4ec Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Wed, 22 Nov 2023 15:10:57 +0100 Subject: [PATCH 0547/1145] add buffer size checks to tests --- rustls/tests/unbuffered.rs | 71 +++++++++++++++++++++++++++++--------- 1 file changed, 54 insertions(+), 17 deletions(-) diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 4bf37e679c..91ecd9310e 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -1,10 +1,11 @@ #![cfg(any(feature = "ring", feature = "aws_lc_rs"))] use std::sync::Arc; -use rustls::client::{ClientConnectionData, UnbufferedClientConnection}; +use rustls::client::{ClientConnectionData, EarlyDataError, UnbufferedClientConnection}; use rustls::server::{ServerConnectionData, UnbufferedServerConnection}; use rustls::unbuffered::{ - ConnectionState, UnbufferedConnectionCommon, UnbufferedStatus, WriteTraffic, + ConnectionState, EncodeError, EncryptError, InsufficientSizeError, UnbufferedConnectionCommon, + UnbufferedStatus, WriteTraffic, }; use rustls::version::TLS13; @@ -501,10 +502,18 @@ fn advance_client( let mut sent_early_data = false; if let Some(early_data) = actions.early_data_to_send { if let Some(mut state) = state.may_encrypt_early_data() { - let written = state - .encrypt(early_data, buffers.outgoing.unfilled()) - .unwrap(); - buffers.outgoing.advance(written); + write_with_buffer_size_checks( + |out_buf| state.encrypt(early_data, out_buf), + |e| { + if let EarlyDataError::Encrypt(EncryptError::InsufficientSize(ise)) = e + { + ise + } else { + unreachable!() + } + }, + &mut buffers.outgoing, + ); sent_early_data = true; } } @@ -557,10 +566,17 @@ fn handle_state( ) -> State { match state { ConnectionState::EncodeTlsData(mut state) => { - let written = state - .encode(outgoing.unfilled()) - .unwrap(); - outgoing.advance(written); + write_with_buffer_size_checks( + |out_buf| state.encode(out_buf), + |e| { + if let EncodeError::InsufficientSize(ise) = e { + ise + } else { + unreachable!() + } + }, + outgoing, + ); State::EncodedTlsData } @@ -630,16 +646,37 @@ fn handle_state( } fn queue_close_notify(state: &mut WriteTraffic<'_, Data>, outgoing: &mut Buffer) { - let written = state - .queue_close_notify(outgoing.unfilled()) - .unwrap(); - outgoing.advance(written); + write_with_buffer_size_checks( + |out_buf| state.queue_close_notify(out_buf), + map_encrypt_error, + outgoing, + ); } fn encrypt(state: &mut WriteTraffic<'_, Data>, app_data: &[u8], outgoing: &mut Buffer) { - let written = state - .encrypt(app_data, outgoing.unfilled()) - .unwrap(); + write_with_buffer_size_checks( + |out_buf| state.encrypt(app_data, out_buf), + map_encrypt_error, + outgoing, + ); +} + +fn map_encrypt_error(e: EncryptError) -> InsufficientSizeError { + if let EncryptError::InsufficientSize(ise) = e { + ise + } else { + unreachable!() + } +} + +fn write_with_buffer_size_checks( + mut try_write: impl FnMut(&mut [u8]) -> Result, + map_err: impl FnOnce(E) -> InsufficientSizeError, + outgoing: &mut Buffer, +) { + let required_size = map_err(try_write(&mut []).unwrap_err()).required_size; + let written = try_write(outgoing.unfilled()).unwrap(); + assert_eq!(required_size, written); outgoing.advance(written); } From a416464099a0a1dce4eb552ed291bc88416ec45c Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Wed, 29 Nov 2023 15:24:08 +0100 Subject: [PATCH 0548/1145] add async example --- .github/workflows/daily-tests.yml | 6 + Cargo.lock | 535 +++++++++++++++++++- examples/Cargo.toml | 2 + examples/src/bin/unbuffered-async-client.rs | 263 ++++++++++ 4 files changed, 791 insertions(+), 15 deletions(-) create mode 100644 examples/src/bin/unbuffered-async-client.rs diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index b53c19cf78..423dc2d2f1 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -87,6 +87,12 @@ jobs: - name: Check unbuffered client run: cargo run --locked --bin unbuffered-client + - name: Check unbuffered tokio client + run: cargo run --locked --bin unbuffered-async-client + + - name: Check unbuffered async-std client + run: cargo run --locked --bin unbuffered-async-client --features=async-std + # Test the server_acceptor binary builds - we invoke with --help since it # will run a server process that doesn't exit when invoked with no args - name: Check server acceptor diff --git a/Cargo.lock b/Cargo.lock index bc9cb330aa..a5bba3cb65 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -115,6 +115,161 @@ version = "1.0.75" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" +[[package]] +name = "async-attributes" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a3203e79f4dd9bdda415ed03cf14dae5a2bf775c683a00f94e9cd1faf0f596e5" +dependencies = [ + "quote", + "syn 1.0.109", +] + +[[package]] +name = "async-channel" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81953c529336010edd6d8e358f886d9581267795c61b19475b71314bffa46d35" +dependencies = [ + "concurrent-queue", + "event-listener 2.5.3", + "futures-core", +] + +[[package]] +name = "async-channel" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ca33f4bc4ed1babef42cad36cc1f51fa88be00420404e5b1e80ab1b18f7678c" +dependencies = [ + "concurrent-queue", + "event-listener 4.0.0", + "event-listener-strategy", + "futures-core", + "pin-project-lite", +] + +[[package]] +name = "async-executor" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "17ae5ebefcc48e7452b4987947920dac9450be1110cadf34d1b8c116bdbaf97c" +dependencies = [ + "async-lock 3.2.0", + "async-task", + "concurrent-queue", + "fastrand 2.0.1", + "futures-lite 2.1.0", + "slab", +] + +[[package]] +name = "async-global-executor" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b4353121d5644cdf2beb5726ab752e79a8db1ebb52031770ec47db31d245526" +dependencies = [ + "async-channel 2.1.1", + "async-executor", + "async-io 2.2.1", + "async-lock 3.2.0", + "blocking", + "futures-lite 2.1.0", + "once_cell", +] + +[[package]] +name = "async-io" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fc5b45d93ef0529756f812ca52e44c221b35341892d3dcc34132ac02f3dd2af" +dependencies = [ + "async-lock 2.8.0", + "autocfg", + "cfg-if", + "concurrent-queue", + "futures-lite 1.13.0", + "log", + "parking", + "polling 2.8.0", + "rustix 0.37.27", + "slab", + "socket2 0.4.10", + "waker-fn", +] + +[[package]] +name = "async-io" +version = "2.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6d3b15875ba253d1110c740755e246537483f152fa334f91abd7fe84c88b3ff" +dependencies = [ + "async-lock 3.2.0", + "cfg-if", + "concurrent-queue", + "futures-io", + "futures-lite 2.1.0", + "parking", + "polling 3.3.1", + "rustix 0.38.28", + "slab", + "tracing", + "windows-sys 0.52.0", +] + +[[package]] +name = "async-lock" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "287272293e9d8c41773cec55e365490fe034813a2f172f502d6ddcf75b2f582b" +dependencies = [ + "event-listener 2.5.3", +] + +[[package]] +name = "async-lock" +version = "3.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7125e42787d53db9dd54261812ef17e937c95a51e4d291373b670342fa44310c" +dependencies = [ + "event-listener 4.0.0", + "event-listener-strategy", + "pin-project-lite", +] + +[[package]] +name = "async-std" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62565bb4402e926b29953c785397c6dc0391b7b446e45008b0049eb43cec6f5d" +dependencies = [ + "async-attributes", + "async-channel 1.9.0", + "async-global-executor", + "async-io 1.13.0", + "async-lock 2.8.0", + "crossbeam-utils", + "futures-channel", + "futures-core", + "futures-io", + "futures-lite 1.13.0", + "gloo-timers", + "kv-log-macro", + "log", + "memchr", + "once_cell", + "pin-project-lite", + "pin-utils", + "slab", + "wasm-bindgen-futures", +] + +[[package]] +name = "async-task" +version = "4.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4eb2cdb97421e01129ccb49169d8279ed21e829929144f4a22a6e54ac549ca1" + [[package]] name = "async-trait" version = "0.1.74" @@ -123,9 +278,15 @@ checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.40", ] +[[package]] +name = "atomic-waker" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" + [[package]] name = "autocfg" version = "1.1.0" @@ -216,7 +377,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn", + "syn 2.0.40", "which", ] @@ -241,6 +402,28 @@ dependencies = [ "generic-array", ] +[[package]] +name = "blocking" +version = "1.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a37913e8dc4ddcc604f0c6d3bf2887c995153af3611de9e23c352b44c1b9118" +dependencies = [ + "async-channel 2.1.1", + "async-lock 3.2.0", + "async-task", + "fastrand 2.0.1", + "futures-io", + "futures-lite 2.1.0", + "piper", + "tracing", +] + +[[package]] +name = "bumpalo" +version = "3.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" + [[package]] name = "byteorder" version = "1.5.0" @@ -354,7 +537,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn", + "syn 2.0.40", ] [[package]] @@ -378,6 +561,15 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" +[[package]] +name = "concurrent-queue" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d16048cd947b08fa32c24458a22f5dc5e835264f689f4f5653210c69fd107363" +dependencies = [ + "crossbeam-utils", +] + [[package]] name = "const-oid" version = "0.9.5" @@ -481,7 +673,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.40", ] [[package]] @@ -588,7 +780,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn", + "syn 2.0.40", ] [[package]] @@ -620,6 +812,48 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "event-listener" +version = "2.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" + +[[package]] +name = "event-listener" +version = "4.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "770d968249b5d99410d61f5bf89057f3199a077a04d087092f58e7d10692baae" +dependencies = [ + "concurrent-queue", + "parking", + "pin-project-lite", +] + +[[package]] +name = "event-listener-strategy" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "958e4d70b6d5e81971bebec42271ec641e7ff4e170a6fa605f2b8a8b65cb97d3" +dependencies = [ + "event-listener 4.0.0", + "pin-project-lite", +] + +[[package]] +name = "fastrand" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e51093e27b0797c359783294ca4f0a911c270184cb10f85783b118614a1501be" +dependencies = [ + "instant", +] + +[[package]] +name = "fastrand" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" + [[package]] name = "ff" version = "0.13.0" @@ -678,6 +912,34 @@ version = "0.3.29" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8bf34a163b5c4c52d0478a4d757da8fb65cabef42ba90515efee0f6f9fa45aaa" +[[package]] +name = "futures-lite" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49a9d51ce47660b1e808d3c990b4709f2f415d928835a17dfd16991515c46bce" +dependencies = [ + "fastrand 1.9.0", + "futures-core", + "futures-io", + "memchr", + "parking", + "pin-project-lite", + "waker-fn", +] + +[[package]] +name = "futures-lite" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aeee267a1883f7ebef3700f262d2d54de95dfaf38189015a74fdc4e0c7ad8143" +dependencies = [ + "fastrand 2.0.1", + "futures-core", + "futures-io", + "parking", + "pin-project-lite", +] + [[package]] name = "futures-sink" version = "0.3.29" @@ -756,6 +1018,18 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" +[[package]] +name = "gloo-timers" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b995a66bb87bebce9a0f4a95aed01daca4872c050bfcb21653361c03bc35e5c" +dependencies = [ + "futures-channel", + "futures-core", + "js-sys", + "wasm-bindgen", +] + [[package]] name = "group" version = "0.13.0" @@ -997,13 +1271,33 @@ dependencies = [ "generic-array", ] +[[package]] +name = "instant" +version = "0.1.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "io-lifetimes" +version = "1.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2" +dependencies = [ + "hermit-abi", + "libc", + "windows-sys 0.48.0", +] + [[package]] name = "ipconfig" version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f" dependencies = [ - "socket2", + "socket2 0.5.5", "widestring", "windows-sys 0.48.0", "winreg", @@ -1022,7 +1316,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" dependencies = [ "hermit-abi", - "rustix", + "rustix 0.38.28", "windows-sys 0.48.0", ] @@ -1041,6 +1335,24 @@ version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" +[[package]] +name = "js-sys" +version = "0.3.66" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cee9c64da59eae3b50095c18d3e74f8b73c0b86d2792824ff01bbce68ba229ca" +dependencies = [ + "wasm-bindgen", +] + +[[package]] +name = "kv-log-macro" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de8b303297635ad57c9f5059fd9cee7a47f8e8daa09df0fcd07dd39fb22977f" +dependencies = [ + "log", +] + [[package]] name = "lazy_static" version = "1.4.0" @@ -1084,6 +1396,12 @@ version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" +[[package]] +name = "linux-raw-sys" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" + [[package]] name = "linux-raw-sys" version = "0.4.12" @@ -1105,6 +1423,9 @@ name = "log" version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +dependencies = [ + "value-bag", +] [[package]] name = "lru-cache" @@ -1280,6 +1601,12 @@ dependencies = [ "primeorder", ] +[[package]] +name = "parking" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae" + [[package]] name = "parking_lot" version = "0.12.1" @@ -1343,6 +1670,17 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "piper" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "668d31b1c4eba19242f2088b2bf3316b82ca31082a8335764db4e083db7485d4" +dependencies = [ + "atomic-waker", + "fastrand 2.0.1", + "futures-io", +] + [[package]] name = "pkcs1" version = "0.7.5" @@ -1370,6 +1708,36 @@ version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "14e6ab3f592e6fb464fc9712d8d6e6912de6473954635fd76a589d832cffcbb0" +[[package]] +name = "polling" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b2d323e8ca7996b3e23126511a523f7e62924d93ecd5ae73b333815b0eb3dce" +dependencies = [ + "autocfg", + "bitflags 1.3.2", + "cfg-if", + "concurrent-queue", + "libc", + "log", + "pin-project-lite", + "windows-sys 0.48.0", +] + +[[package]] +name = "polling" +version = "3.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf63fa624ab313c11656b4cda960bfc46c410187ad493c41f6ba2d8c1e991c9e" +dependencies = [ + "cfg-if", + "concurrent-queue", + "pin-project-lite", + "rustix 0.38.28", + "tracing", + "windows-sys 0.52.0", +] + [[package]] name = "poly1305" version = "0.8.0" @@ -1412,7 +1780,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ae005bd773ab59b4725093fd7df83fd7892f7d8eafb48dbd7de6e024e4215f9d" dependencies = [ "proc-macro2", - "syn", + "syn 2.0.40", ] [[package]] @@ -1624,6 +1992,20 @@ dependencies = [ "semver", ] +[[package]] +name = "rustix" +version = "0.37.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fea8ca367a3a01fe35e6943c400addf443c0f57670e6ec51196f71a4b8762dd2" +dependencies = [ + "bitflags 1.3.2", + "errno", + "io-lifetimes", + "libc", + "linux-raw-sys 0.3.8", + "windows-sys 0.48.0", +] + [[package]] name = "rustix" version = "0.38.28" @@ -1633,7 +2015,7 @@ dependencies = [ "bitflags 2.4.1", "errno", "libc", - "linux-raw-sys", + "linux-raw-sys 0.4.12", "windows-sys 0.52.0", ] @@ -1698,6 +2080,7 @@ dependencies = [ name = "rustls-examples" version = "0.0.1" dependencies = [ + "async-std", "docopt", "env_logger", "log", @@ -1708,6 +2091,7 @@ dependencies = [ "rustls-pki-types", "serde", "serde_derive", + "tokio", "webpki-roots 0.26.0", ] @@ -1852,7 +2236,7 @@ checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.40", ] [[package]] @@ -1908,6 +2292,16 @@ version = "1.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" +[[package]] +name = "socket2" +version = "0.4.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d" +dependencies = [ + "libc", + "winapi", +] + [[package]] name = "socket2" version = "0.5.5" @@ -1952,6 +2346,17 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +[[package]] +name = "syn" +version = "1.0.109" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + [[package]] name = "syn" version = "2.0.40" @@ -1989,7 +2394,7 @@ checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.40", ] [[package]] @@ -2037,10 +2442,22 @@ dependencies = [ "mio", "num_cpus", "pin-project-lite", - "socket2", + "socket2 0.5.5", + "tokio-macros", "windows-sys 0.48.0", ] +[[package]] +name = "tokio-macros" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.40", +] + [[package]] name = "tokio-rustls" version = "0.24.1" @@ -2084,7 +2501,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.40", ] [[package]] @@ -2162,18 +2579,106 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" +[[package]] +name = "value-bag" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4a72e1902dde2bd6441347de2b70b7f5d59bf157c6c62f0c44572607a1d55bbe" + [[package]] name = "version_check" version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +[[package]] +name = "waker-fn" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3c4517f54858c779bbcbf228f4fca63d121bf85fbecb2dc578cdf4a39395690" + [[package]] name = "wasi" version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "wasm-bindgen" +version = "0.2.89" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ed0d4f68a3015cc185aff4db9506a015f4b96f95303897bfa23f846db54064e" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.89" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b56f625e64f3a1084ded111c4d5f477df9f8c92df113852fa5a374dbda78826" +dependencies = [ + "bumpalo", + "log", + "once_cell", + "proc-macro2", + "quote", + "syn 2.0.40", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-futures" +version = "0.4.39" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac36a15a220124ac510204aec1c3e5db8a22ab06fd6706d881dc6149f8ed9a12" +dependencies = [ + "cfg-if", + "js-sys", + "wasm-bindgen", + "web-sys", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.89" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0162dbf37223cd2afce98f3d0785506dcb8d266223983e4b5b525859e6e182b2" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.89" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.40", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.89" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f" + +[[package]] +name = "web-sys" +version = "0.3.66" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50c24a44ec86bb68fbecd1b3efed7e85ea5621b39b35ef2766b66cd984f8010f" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + [[package]] name = "webpki-roots" version = "0.25.3" @@ -2198,7 +2703,7 @@ dependencies = [ "either", "home", "once_cell", - "rustix", + "rustix 0.38.28", ] [[package]] @@ -2418,5 +2923,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn", + "syn 2.0.40", ] diff --git a/examples/Cargo.toml b/examples/Cargo.toml index edfb44caa0..e2f90b7b18 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -7,6 +7,7 @@ description = "Rustls example code and tests." publish = false [dependencies] +async-std = { version = "1.12.0", features = ["attributes"], optional = true } docopt = "~1.1" env_logger = "0.10" log = { version = "0.4.4" } @@ -17,4 +18,5 @@ rustls = { path = "../rustls", features = [ "logging" ]} rustls-pemfile = "2" serde = "1.0" serde_derive = "1.0" +tokio = { version = "1.34.0", features = ["io-util", "macros", "net", "rt"]} webpki-roots = "0.26" diff --git a/examples/src/bin/unbuffered-async-client.rs b/examples/src/bin/unbuffered-async-client.rs new file mode 100644 index 0000000000..db3ec56dbe --- /dev/null +++ b/examples/src/bin/unbuffered-async-client.rs @@ -0,0 +1,263 @@ +use std::error::Error; +use std::sync::Arc; + +#[cfg(feature = "async-std")] +use async_std::io::{ReadExt, WriteExt}; +#[cfg(feature = "async-std")] +use async_std::net::TcpStream; +use rustls::client::{ClientConnectionData, UnbufferedClientConnection}; +use rustls::unbuffered::{ + AppDataRecord, ConnectionState, EncodeError, EncryptError, InsufficientSizeError, + UnbufferedStatus, WriteTraffic, +}; +#[allow(unused_imports)] +use rustls::version::{TLS12, TLS13}; +use rustls::{ClientConfig, RootCertStore}; +#[cfg(not(feature = "async-std"))] +use tokio::io::{AsyncReadExt, AsyncWriteExt}; +#[cfg(not(feature = "async-std"))] +use tokio::net::TcpStream; + +const SERVER_NAME: &str = "example.com"; +const PORT: u16 = 443; + +const KB: usize = 1024; +const INCOMING_TLS_BUFSIZE: usize = 16 * KB; +const OUTGOING_TLS_INITIAL_BUFSIZE: usize = KB; + +const MAX_ITERATIONS: usize = 20; + +#[cfg_attr(not(feature = "async-std"), tokio::main(flavor = "current_thread"))] +#[cfg_attr(feature = "async-std", async_std::main)] +async fn main() -> Result<(), Box> { + let root_store = RootCertStore { + roots: webpki_roots::TLS_SERVER_ROOTS.into(), + }; + + let config = ClientConfig::builder_with_protocol_versions(&[&TLS13]) + .with_root_certificates(root_store) + .with_no_client_auth(); + + let config = Arc::new(config); + + let mut incoming_tls = [0; INCOMING_TLS_BUFSIZE]; + let mut outgoing_tls = vec![0; OUTGOING_TLS_INITIAL_BUFSIZE]; + + converse(&config, &mut incoming_tls, &mut outgoing_tls).await?; + + Ok(()) +} + +async fn converse( + config: &Arc, + incoming_tls: &mut [u8], + outgoing_tls: &mut Vec, +) -> Result<(), Box> { + let mut conn = UnbufferedClientConnection::new(Arc::clone(config), SERVER_NAME.try_into()?)?; + let mut sock = TcpStream::connect(format!("{SERVER_NAME}:{PORT}")).await?; + + let mut incoming_used = 0; + let mut outgoing_used = 0; + + let mut open_connection = true; + let mut sent_request = false; + let mut received_response = false; + + let mut iter_count = 0; + while open_connection { + let UnbufferedStatus { mut discard, state } = + conn.process_tls_records(&mut incoming_tls[..incoming_used])?; + + match dbg!(state) { + ConnectionState::ReadTraffic(mut state) => { + while let Some(res) = state.next_record() { + let AppDataRecord { + discard: new_discard, + payload, + } = res?; + discard += new_discard; + + if payload.starts_with(b"HTTP") { + let response = core::str::from_utf8(payload)?; + let header = response + .lines() + .next() + .unwrap_or(response); + + println!("{header}"); + } else { + println!("(.. continued HTTP response ..)"); + } + + received_response = true; + } + } + + ConnectionState::EncodeTlsData(mut state) => { + try_or_resize_and_retry( + |out_buffer| state.encode(out_buffer), + |e| { + if let EncodeError::InsufficientSize(is) = &e { + Ok(*is) + } else { + Err(e.into()) + } + }, + outgoing_tls, + &mut outgoing_used, + )?; + } + + ConnectionState::TransmitTlsData(mut state) => { + if let Some(mut may_encrypt) = state.may_encrypt_app_data() { + encrypt_http_request( + &mut sent_request, + &mut may_encrypt, + outgoing_tls, + &mut outgoing_used, + ); + } + + send_tls(&mut sock, outgoing_tls, &mut outgoing_used).await?; + state.done(); + } + + ConnectionState::BlockedHandshake { .. } => { + recv_tls(&mut sock, incoming_tls, &mut incoming_used).await?; + } + + ConnectionState::WriteTraffic(mut may_encrypt) => { + if encrypt_http_request( + &mut sent_request, + &mut may_encrypt, + outgoing_tls, + &mut outgoing_used, + ) { + send_tls(&mut sock, outgoing_tls, &mut outgoing_used).await?; + recv_tls(&mut sock, incoming_tls, &mut incoming_used).await?; + } else if !received_response { + // this happens in the TLS 1.3 case. the app-data was sent in the preceding + // `TransmitTlsData` state. the server should have already written a + // response which we can read out from the socket + recv_tls(&mut sock, incoming_tls, &mut incoming_used).await?; + } else { + try_or_resize_and_retry( + |out_buffer| may_encrypt.queue_close_notify(out_buffer), + |e| { + if let EncryptError::InsufficientSize(is) = &e { + Ok(*is) + } else { + Err(e.into()) + } + }, + outgoing_tls, + &mut outgoing_used, + )?; + send_tls(&mut sock, outgoing_tls, &mut outgoing_used).await?; + open_connection = false; + } + } + + ConnectionState::Closed => { + open_connection = false; + } + + // other states are not expected in this example + _ => unreachable!(), + } + + if discard != 0 { + assert!(discard <= incoming_used); + + incoming_tls.copy_within(discard..incoming_used, 0); + incoming_used -= discard; + + eprintln!("discarded {discard}B from `incoming_tls`"); + } + + iter_count += 1; + assert!( + iter_count < MAX_ITERATIONS, + "did not get a HTTP response within {MAX_ITERATIONS} iterations" + ); + } + + assert!(sent_request); + assert!(received_response); + assert_eq!(0, incoming_used); + assert_eq!(0, outgoing_used); + + Ok(()) +} + +fn try_or_resize_and_retry( + mut f: impl FnMut(&mut [u8]) -> Result, + map_err: impl FnOnce(E) -> Result>, + outgoing_tls: &mut Vec, + outgoing_used: &mut usize, +) -> Result> +where + E: Error + 'static, +{ + let written = match f(&mut outgoing_tls[*outgoing_used..]) { + Ok(written) => written, + + Err(e) => { + let InsufficientSizeError { required_size } = map_err(e)?; + let new_len = *outgoing_used + required_size; + outgoing_tls.resize(new_len, 0); + eprintln!("resized `outgoing_tls` buffer to {new_len}B"); + + f(&mut outgoing_tls[*outgoing_used..])? + } + }; + + *outgoing_used += written; + + Ok(written) +} + +async fn recv_tls( + sock: &mut TcpStream, + incoming_tls: &mut [u8], + incoming_used: &mut usize, +) -> Result<(), Box> { + let read = sock + .read(&mut incoming_tls[*incoming_used..]) + .await?; + eprintln!("received {read}B of data"); + *incoming_used += read; + Ok(()) +} + +async fn send_tls( + sock: &mut TcpStream, + outgoing_tls: &[u8], + outgoing_used: &mut usize, +) -> Result<(), Box> { + sock.write_all(&outgoing_tls[..*outgoing_used]) + .await?; + eprintln!("sent {outgoing_used}B of data"); + *outgoing_used = 0; + Ok(()) +} + +fn encrypt_http_request( + sent_request: &mut bool, + may_encrypt: &mut WriteTraffic<'_, ClientConnectionData>, + outgoing_tls: &mut [u8], + outgoing_used: &mut usize, +) -> bool { + if !*sent_request { + let request = format!("GET / HTTP/1.1\r\nHost: {SERVER_NAME}\r\nConnection: close\r\nAccept-Encoding: identity\r\n\r\n").into_bytes(); + let written = may_encrypt + .encrypt(&request, &mut outgoing_tls[*outgoing_used..]) + .expect("encrypted request does not fit in `outgoing_tls`"); + *outgoing_used += written; + *sent_request = true; + eprintln!("queued HTTP request"); + true + } else { + false + } +} From 147dc08816aa5f182632e788037d9d62d2203489 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Wed, 6 Dec 2023 13:18:24 -0500 Subject: [PATCH 0549/1145] Test that the transcripts for client and server match the expectations --- rustls/tests/unbuffered.rs | 218 ++++++++++++++++++++++++++++--------- 1 file changed, 167 insertions(+), 51 deletions(-) diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 91ecd9310e..13d3b529f1 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -16,53 +16,159 @@ mod common; const MAX_ITERATIONS: usize = 100; #[test] -fn handshake() { - for version in rustls::ALL_VERSIONS { - let (mut client, mut server) = make_connection_pair(version); - let mut buffers = BothBuffers::default(); +fn tls12_handshake() { + let (client_transcript, server_transcript) = handshake(&rustls::version::TLS12); + assert_eq!( + client_transcript, + vec![ + "EncodeTlsData", + "TransmitTlsData", + "BlockedHandshake", + "BlockedHandshake", + "BlockedHandshake", + "BlockedHandshake", + "EncodeTlsData", + "EncodeTlsData", + "EncodeTlsData", + "TransmitTlsData", + "BlockedHandshake", + "BlockedHandshake", + "WriteTraffic" + ], + "client transcript mismatch" + ); + assert_eq!( + server_transcript, + vec![ + "BlockedHandshake", + "EncodeTlsData", + "EncodeTlsData", + "EncodeTlsData", + "EncodeTlsData", + "TransmitTlsData", + "BlockedHandshake", + "BlockedHandshake", + "BlockedHandshake", + "EncodeTlsData", + "EncodeTlsData", + "TransmitTlsData", + "WriteTraffic" + ], + "server transcript mismatch" + ); +} - let mut count = 0; - let mut client_handshake_done = false; - let mut server_handshake_done = false; - while !client_handshake_done || !server_handshake_done { - match advance_client(&mut client, &mut buffers.client, NO_ACTIONS) { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data: false, - sent_close_notify: false, - sent_early_data: false, - } => buffers.client_send(), - State::BlockedHandshake => buffers.server_send(), - State::WriteTraffic { - sent_app_data: false, - sent_close_notify: false, - } => client_handshake_done = true, - state => unreachable!("{state:?}"), - } +#[test] +fn tls13_handshake() { + let (client_transcript, server_transcript) = handshake(&rustls::version::TLS13); + assert_eq!( + client_transcript, + vec![ + "EncodeTlsData", + "TransmitTlsData", + "BlockedHandshake", + "EncodeTlsData", + "TransmitTlsData", + "BlockedHandshake", + "BlockedHandshake", + "BlockedHandshake", + "EncodeTlsData", + "TransmitTlsData", + "WriteTraffic", + "WriteTraffic", + "WriteTraffic", + "WriteTraffic", + "WriteTraffic" + ], + "client transcript mismatch" + ); + assert_eq!( + server_transcript, + vec![ + "BlockedHandshake", + "EncodeTlsData", + "EncodeTlsData", + "EncodeTlsData", + "EncodeTlsData", + "EncodeTlsData", + "EncodeTlsData", + "TransmitTlsData", + "BlockedHandshake", + "EncodeTlsData", + "EncodeTlsData", + "EncodeTlsData", + "EncodeTlsData", + "TransmitTlsData", + "WriteTraffic" + ], + "server transcript mismatch" + ); +} - match advance_server(&mut server, &mut buffers.server, NO_ACTIONS) { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data: false, - sent_close_notify: false, - sent_early_data: false, - } => buffers.server_send(), - State::BlockedHandshake => buffers.client_send(), - State::WriteTraffic { - sent_app_data: false, - sent_close_notify: false, - } => server_handshake_done = true, - state => unreachable!("{state:?}"), - } +fn handshake(version: &'static rustls::SupportedProtocolVersion) -> (Vec, Vec) { + let mut client_transcript = Vec::new(); + let mut server_transcript = Vec::new(); + + let (mut client, mut server) = make_connection_pair(version); + let mut buffers = BothBuffers::default(); + + let mut count = 0; + let mut client_handshake_done = false; + let mut server_handshake_done = false; + while !client_handshake_done || !server_handshake_done { + let client_state = advance_client( + &mut client, + &mut buffers.client, + NO_ACTIONS, + Some(&mut client_transcript), + ); + + match client_state { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_app_data: false, + sent_close_notify: false, + sent_early_data: false, + } => buffers.client_send(), + State::BlockedHandshake => buffers.server_send(), + State::WriteTraffic { + sent_app_data: false, + sent_close_notify: false, + } => client_handshake_done = true, + state => unreachable!("{state:?}"), + } - count += 1; + let server_state = advance_server( + &mut server, + &mut buffers.server, + NO_ACTIONS, + Some(&mut server_transcript), + ); - assert!( - count <= MAX_ITERATIONS, - "handshake {version:?} was not completed" - ); + match server_state { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_app_data: false, + sent_close_notify: false, + sent_early_data: false, + } => buffers.server_send(), + State::BlockedHandshake => buffers.client_send(), + State::WriteTraffic { + sent_app_data: false, + sent_close_notify: false, + } => server_handshake_done = true, + state => unreachable!("{state:?}"), } + + count += 1; + + assert!( + count <= MAX_ITERATIONS, + "handshake {version:?} was not completed" + ); } + + (client_transcript, server_transcript) } #[test] @@ -83,7 +189,7 @@ fn app_data_client_to_server() { let mut client_handshake_done = false; let mut server_handshake_done = false; while !client_handshake_done || !server_handshake_done { - match advance_client(&mut client, &mut buffers.client, client_actions) { + match advance_client(&mut client, &mut buffers.client, client_actions, None) { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data, @@ -111,7 +217,7 @@ fn app_data_client_to_server() { state => unreachable!("{state:?}"), } - match advance_server(&mut server, &mut buffers.server, NO_ACTIONS) { + match advance_server(&mut server, &mut buffers.server, NO_ACTIONS, None) { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, @@ -165,7 +271,7 @@ fn app_data_server_to_client() { let mut client_handshake_done = false; let mut server_handshake_done = false; while !client_handshake_done || !server_handshake_done { - match advance_client(&mut client, &mut buffers.client, NO_ACTIONS) { + match advance_client(&mut client, &mut buffers.client, NO_ACTIONS, None) { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, @@ -183,7 +289,7 @@ fn app_data_server_to_client() { state => unreachable!("{state:?}"), } - match advance_server(&mut server, &mut buffers.server, server_actions) { + match advance_server(&mut server, &mut buffers.server, server_actions, None) { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data, @@ -254,7 +360,7 @@ fn early_data() { let mut client_handshake_done = false; let mut server_handshake_done = false; while !client_handshake_done || !server_handshake_done { - match advance_client(&mut client, &mut buffers.client, client_actions) { + match advance_client(&mut client, &mut buffers.client, client_actions, None) { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, @@ -275,7 +381,7 @@ fn early_data() { state => unreachable!("{state:?}"), } - match advance_server(&mut server, &mut buffers.server, NO_ACTIONS) { + match advance_server(&mut server, &mut buffers.server, NO_ACTIONS, None) { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, @@ -325,7 +431,7 @@ fn close_notify_client_to_server() { let mut server_handshake_done = false; let mut reached_connection_closed_state = false; while !client_handshake_done || !server_handshake_done { - match advance_client(&mut client, &mut buffers.client, client_actions) { + match advance_client(&mut client, &mut buffers.client, client_actions, None) { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, @@ -351,7 +457,7 @@ fn close_notify_client_to_server() { state => unreachable!("{state:?}"), } - match advance_server(&mut server, &mut buffers.server, NO_ACTIONS) { + match advance_server(&mut server, &mut buffers.server, NO_ACTIONS, None) { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, @@ -400,7 +506,7 @@ fn close_notify_server_to_client() { let mut server_handshake_done = false; let mut reached_connection_closed_state = false; while !client_handshake_done || !server_handshake_done { - match advance_client(&mut client, &mut buffers.client, NO_ACTIONS) { + match advance_client(&mut client, &mut buffers.client, NO_ACTIONS, None) { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, @@ -419,7 +525,7 @@ fn close_notify_server_to_client() { state => unreachable!("{state:?}"), } - match advance_server(&mut server, &mut buffers.server, server_actions) { + match advance_server(&mut server, &mut buffers.server, server_actions, None) { State::EncodedTlsData => {} State::TransmitTlsData { sent_app_data: false, @@ -492,11 +598,16 @@ fn advance_client( conn: &mut UnbufferedConnectionCommon, buffers: &mut Buffers, actions: Actions, + transcript: Option<&mut Vec>, ) -> State { let UnbufferedStatus { discard, state } = conn .process_tls_records(buffers.incoming.filled()) .unwrap(); + if let Some(transcript) = transcript { + transcript.push(format!("{:?}", state)); + } + let state = match state { ConnectionState::TransmitTlsData(mut state) => { let mut sent_early_data = false; @@ -536,11 +647,16 @@ fn advance_server( conn: &mut UnbufferedConnectionCommon, buffers: &mut Buffers, actions: Actions, + transcript: Option<&mut Vec>, ) -> State { let UnbufferedStatus { discard, state } = conn .process_tls_records(buffers.incoming.filled()) .unwrap(); + if let Some(transcript) = transcript { + transcript.push(format!("{:?}", state)); + } + let state = match state { ConnectionState::ReadEarlyData(mut state) => { let mut records = vec![]; From e0fea8b834e177ac452eec4720b842e14560ef65 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 8 Dec 2023 17:25:45 +0000 Subject: [PATCH 0550/1145] unbuffered: test receiving message byte-by-byte --- rustls/tests/unbuffered.rs | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 13d3b529f1..8bd582433d 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -891,3 +891,41 @@ fn make_connection_pair( let server = UnbufferedServerConnection::new(Arc::new(server_config)).unwrap(); (client, server) } + +#[test] +fn server_receives_handshake_byte_by_byte() { + let (mut client, mut server) = make_connection_pair(&TLS13); + + let mut client_hello_buffer = vec![0u8; 1024]; + let UnbufferedStatus { discard, state } = client + .process_tls_records(&mut []) + .unwrap(); + + assert_eq!(discard, 0); + match state { + ConnectionState::EncodeTlsData(mut inner) => { + let wr = inner + .encode(&mut client_hello_buffer) + .expect("client hello too big"); + client_hello_buffer.truncate(wr); + } + _ => panic!("unexpected first client event"), + }; + + println!("client hello: {:?}", client_hello_buffer); + + for prefix in 0..client_hello_buffer.len() - 1 { + let UnbufferedStatus { discard, state } = server + .process_tls_records(&mut client_hello_buffer[..prefix]) + .unwrap(); + println!("prefix {prefix:?}: ({discard:?}, {state:?}"); + assert!(matches!(state, ConnectionState::BlockedHandshake)); + } + + let UnbufferedStatus { discard, state } = server + .process_tls_records(&mut client_hello_buffer[..]) + .unwrap(); + + assert!(matches!(state, ConnectionState::EncodeTlsData(_))); + assert_eq!(client_hello_buffer.len(), discard); +} From 20f0a76dd5286d7037d3794082f0b742643b9af2 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 8 Dec 2023 17:42:39 +0000 Subject: [PATCH 0551/1145] impl Debug for UnbufferedStatus This allows people to use `unwrap_err`, etc. --- rustls/src/conn/unbuffered.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/src/conn/unbuffered.rs b/rustls/src/conn/unbuffered.rs index 660596e864..7442f674c3 100644 --- a/rustls/src/conn/unbuffered.rs +++ b/rustls/src/conn/unbuffered.rs @@ -126,6 +126,7 @@ impl UnbufferedConnectionCommon { /// The current status of the `UnbufferedConnection*` #[must_use] +#[derive(Debug)] pub struct UnbufferedStatus<'c, 'i, Data> { /// Number of bytes to discard /// From 049b0c000d78d1fa096b5e1849b83a6316bad00c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 8 Dec 2023 18:16:33 +0000 Subject: [PATCH 0552/1145] unbuffered: test for receipt of invalid messages This a) returns an error, and b) sends an alert. But unfortunately (a) doesn't include accounting for the processed bytes. --- rustls/tests/unbuffered.rs | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 8bd582433d..60e6c0a010 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -929,3 +929,38 @@ fn server_receives_handshake_byte_by_byte() { assert!(matches!(state, ConnectionState::EncodeTlsData(_))); assert_eq!(client_hello_buffer.len(), discard); } + +#[test] +fn server_receives_incorrect_first_handshake_message() { + let (_, mut server) = make_connection_pair(&TLS13); + + let mut junk_buffer = [0x16, 0x3, 0x1, 0x0, 0x4, 0xff, 0x0, 0x0, 0x0]; + + let err = server + .process_tls_records(&mut junk_buffer[..]) + .unwrap_err(); + + assert_eq!( + format!("{err:?}"), + "InappropriateHandshakeMessage { expect_types: [ClientHello], got_type: Unknown(255) }" + ); + + let UnbufferedStatus { discard, state } = server + .process_tls_records(&mut junk_buffer[..]) + .unwrap(); + + match state { + ConnectionState::EncodeTlsData(mut inner) => { + let mut alert_buffer = [0u8; 7]; + let wr = inner.encode(&mut alert_buffer).unwrap(); + assert_eq!(wr, 7); + assert_eq!(alert_buffer, &[0x15, 0x3, 0x3, 0x0, 0x2, 0x2, 0xa][..]); + } + _ => panic!("unexpected alert sending state"), + }; + + // XXX: error should be fused here. + let err = server + .process_tls_records(&mut junk_buffer[..]) + .unwrap_err(); +} From 74fb489a2c237edb7ab7cbb30e076ab91c65d80b Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 11 Dec 2023 12:37:50 +0000 Subject: [PATCH 0553/1145] Ensure buffer discard tracking works even on error This sticks the error from `process_tls_records()` inside `UnbufferedStatus`. That means the `discard` field is still available, but continues to require handling the error to learn the `state` field's underlying value. TODO: the example code is made to unwrap errors in this PR. They need reorganising so the discard processing happens before error handling. --- examples/src/bin/unbuffered-async-client.rs | 4 +- examples/src/bin/unbuffered-client.rs | 4 +- examples/src/bin/unbuffered-server.rs | 4 +- rustls/src/conn/unbuffered.rs | 35 ++++- rustls/tests/unbuffered.rs | 166 +++++++++----------- 5 files changed, 109 insertions(+), 104 deletions(-) diff --git a/examples/src/bin/unbuffered-async-client.rs b/examples/src/bin/unbuffered-async-client.rs index db3ec56dbe..ee91a14d44 100644 --- a/examples/src/bin/unbuffered-async-client.rs +++ b/examples/src/bin/unbuffered-async-client.rs @@ -66,9 +66,9 @@ async fn converse( let mut iter_count = 0; while open_connection { let UnbufferedStatus { mut discard, state } = - conn.process_tls_records(&mut incoming_tls[..incoming_used])?; + conn.process_tls_records(&mut incoming_tls[..incoming_used]); - match dbg!(state) { + match dbg!(state.unwrap()) { ConnectionState::ReadTraffic(mut state) => { while let Some(res) = state.next_record() { let AppDataRecord { diff --git a/examples/src/bin/unbuffered-client.rs b/examples/src/bin/unbuffered-client.rs index 9b0b0896aa..8775f35088 100644 --- a/examples/src/bin/unbuffered-client.rs +++ b/examples/src/bin/unbuffered-client.rs @@ -70,9 +70,9 @@ fn converse( let mut iter_count = 0; while open_connection { let UnbufferedStatus { mut discard, state } = - conn.process_tls_records(&mut incoming_tls[..incoming_used])?; + conn.process_tls_records(&mut incoming_tls[..incoming_used]); - match dbg!(state) { + match dbg!(state.unwrap()) { ConnectionState::ReadTraffic(mut state) => { while let Some(res) = state.next_record() { let AppDataRecord { diff --git a/examples/src/bin/unbuffered-server.rs b/examples/src/bin/unbuffered-server.rs index 8886af25a8..73ce8476c0 100644 --- a/examples/src/bin/unbuffered-server.rs +++ b/examples/src/bin/unbuffered-server.rs @@ -76,9 +76,9 @@ fn handle( let mut iter_count = 0; while open_connection { let UnbufferedStatus { mut discard, state } = - conn.process_tls_records(&mut incoming_tls[..incoming_used])?; + conn.process_tls_records(&mut incoming_tls[..incoming_used]); - match dbg!(state) { + match dbg!(state.unwrap()) { ConnectionState::ReadTraffic(mut state) => { while let Some(res) = state.next_record() { let AppDataRecord { diff --git a/rustls/src/conn/unbuffered.rs b/rustls/src/conn/unbuffered.rs index 7442f674c3..db10bb8aa8 100644 --- a/rustls/src/conn/unbuffered.rs +++ b/rustls/src/conn/unbuffered.rs @@ -17,7 +17,7 @@ impl UnbufferedConnectionCommon { pub fn process_tls_records<'c, 'i>( &'c mut self, incoming_tls: &'i mut [u8], - ) -> Result, Error> { + ) -> UnbufferedStatus<'c, 'i, ClientConnectionData> { self.process_tls_records_common(incoming_tls, |_| None, |_, _, ()| unreachable!()) } } @@ -28,7 +28,7 @@ impl UnbufferedConnectionCommon { pub fn process_tls_records<'c, 'i>( &'c mut self, incoming_tls: &'i mut [u8], - ) -> Result, Error> { + ) -> UnbufferedStatus<'c, 'i, ServerConnectionData> { self.process_tls_records_common( incoming_tls, |conn| conn.pop_early_data(), @@ -43,7 +43,7 @@ impl UnbufferedConnectionCommon { incoming_tls: &'i mut [u8], mut check: impl FnMut(&mut Self) -> Option, execute: impl FnOnce(&'c mut Self, &'i mut [u8], T) -> ConnectionState<'c, 'i, Data>, - ) -> Result, Error> { + ) -> UnbufferedStatus<'c, 'i, Data> { let mut buffer = DeframerSliceBuffer::new(incoming_tls); let (discard, state) = loop { @@ -75,13 +75,26 @@ impl UnbufferedConnectionCommon { ); } - if let Some(msg) = self.core.deframe(None, &mut buffer)? { + let deframer_output = match self.core.deframe(None, &mut buffer) { + Err(err) => { + return UnbufferedStatus { + discard: buffer.pending_discard(), + state: Err(err), + }; + } + Ok(r) => r, + }; + + if let Some(msg) = deframer_output { let mut state = match mem::replace(&mut self.core.state, Err(Error::HandshakeNotComplete)) { Ok(state) => state, Err(e) => { self.core.state = Err(e.clone()); - return Err(e); + return UnbufferedStatus { + discard: buffer.pending_discard(), + state: Err(e), + }; } }; @@ -90,7 +103,10 @@ impl UnbufferedConnectionCommon { Err(e) => { self.core.state = Err(e.clone()); - return Err(e); + return UnbufferedStatus { + discard: buffer.pending_discard(), + state: Err(e), + }; } } @@ -120,7 +136,10 @@ impl UnbufferedConnectionCommon { } }; - Ok(UnbufferedStatus { discard, state }) + UnbufferedStatus { + discard, + state: Ok(state), + } } } @@ -143,7 +162,7 @@ pub struct UnbufferedStatus<'c, 'i, Data> { /// This value MUST be handled prior to calling /// [`UnbufferedConnectionCommon::process_tls_records`] again. See the documentation on the /// variants of [`ConnectionState`] for more details. - pub state: ConnectionState<'c, 'i, Data>, + pub state: Result, Error>, } /// The state of the [`UnbufferedConnectionCommon`] object diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 60e6c0a010..1538989294 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -21,38 +21,38 @@ fn tls12_handshake() { assert_eq!( client_transcript, vec![ - "EncodeTlsData", - "TransmitTlsData", - "BlockedHandshake", - "BlockedHandshake", - "BlockedHandshake", - "BlockedHandshake", - "EncodeTlsData", - "EncodeTlsData", - "EncodeTlsData", - "TransmitTlsData", - "BlockedHandshake", - "BlockedHandshake", - "WriteTraffic" + "Ok(EncodeTlsData)", + "Ok(TransmitTlsData)", + "Ok(BlockedHandshake)", + "Ok(BlockedHandshake)", + "Ok(BlockedHandshake)", + "Ok(BlockedHandshake)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(TransmitTlsData)", + "Ok(BlockedHandshake)", + "Ok(BlockedHandshake)", + "Ok(WriteTraffic)" ], "client transcript mismatch" ); assert_eq!( server_transcript, vec![ - "BlockedHandshake", - "EncodeTlsData", - "EncodeTlsData", - "EncodeTlsData", - "EncodeTlsData", - "TransmitTlsData", - "BlockedHandshake", - "BlockedHandshake", - "BlockedHandshake", - "EncodeTlsData", - "EncodeTlsData", - "TransmitTlsData", - "WriteTraffic" + "Ok(BlockedHandshake)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(TransmitTlsData)", + "Ok(BlockedHandshake)", + "Ok(BlockedHandshake)", + "Ok(BlockedHandshake)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(TransmitTlsData)", + "Ok(WriteTraffic)" ], "server transcript mismatch" ); @@ -64,42 +64,42 @@ fn tls13_handshake() { assert_eq!( client_transcript, vec![ - "EncodeTlsData", - "TransmitTlsData", - "BlockedHandshake", - "EncodeTlsData", - "TransmitTlsData", - "BlockedHandshake", - "BlockedHandshake", - "BlockedHandshake", - "EncodeTlsData", - "TransmitTlsData", - "WriteTraffic", - "WriteTraffic", - "WriteTraffic", - "WriteTraffic", - "WriteTraffic" + "Ok(EncodeTlsData)", + "Ok(TransmitTlsData)", + "Ok(BlockedHandshake)", + "Ok(EncodeTlsData)", + "Ok(TransmitTlsData)", + "Ok(BlockedHandshake)", + "Ok(BlockedHandshake)", + "Ok(BlockedHandshake)", + "Ok(EncodeTlsData)", + "Ok(TransmitTlsData)", + "Ok(WriteTraffic)", + "Ok(WriteTraffic)", + "Ok(WriteTraffic)", + "Ok(WriteTraffic)", + "Ok(WriteTraffic)" ], "client transcript mismatch" ); assert_eq!( server_transcript, vec![ - "BlockedHandshake", - "EncodeTlsData", - "EncodeTlsData", - "EncodeTlsData", - "EncodeTlsData", - "EncodeTlsData", - "EncodeTlsData", - "TransmitTlsData", - "BlockedHandshake", - "EncodeTlsData", - "EncodeTlsData", - "EncodeTlsData", - "EncodeTlsData", - "TransmitTlsData", - "WriteTraffic" + "Ok(BlockedHandshake)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(TransmitTlsData)", + "Ok(BlockedHandshake)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(TransmitTlsData)", + "Ok(WriteTraffic)" ], "server transcript mismatch" ); @@ -600,15 +600,13 @@ fn advance_client( actions: Actions, transcript: Option<&mut Vec>, ) -> State { - let UnbufferedStatus { discard, state } = conn - .process_tls_records(buffers.incoming.filled()) - .unwrap(); + let UnbufferedStatus { discard, state } = conn.process_tls_records(buffers.incoming.filled()); if let Some(transcript) = transcript { transcript.push(format!("{:?}", state)); } - let state = match state { + let state = match state.unwrap() { ConnectionState::TransmitTlsData(mut state) => { let mut sent_early_data = false; if let Some(early_data) = actions.early_data_to_send { @@ -649,15 +647,13 @@ fn advance_server( actions: Actions, transcript: Option<&mut Vec>, ) -> State { - let UnbufferedStatus { discard, state } = conn - .process_tls_records(buffers.incoming.filled()) - .unwrap(); + let UnbufferedStatus { discard, state } = conn.process_tls_records(buffers.incoming.filled()); if let Some(transcript) = transcript { transcript.push(format!("{:?}", state)); } - let state = match state { + let state = match state.unwrap() { ConnectionState::ReadEarlyData(mut state) => { let mut records = vec![]; @@ -897,12 +893,10 @@ fn server_receives_handshake_byte_by_byte() { let (mut client, mut server) = make_connection_pair(&TLS13); let mut client_hello_buffer = vec![0u8; 1024]; - let UnbufferedStatus { discard, state } = client - .process_tls_records(&mut []) - .unwrap(); + let UnbufferedStatus { discard, state } = client.process_tls_records(&mut []); assert_eq!(discard, 0); - match state { + match state.unwrap() { ConnectionState::EncodeTlsData(mut inner) => { let wr = inner .encode(&mut client_hello_buffer) @@ -915,18 +909,16 @@ fn server_receives_handshake_byte_by_byte() { println!("client hello: {:?}", client_hello_buffer); for prefix in 0..client_hello_buffer.len() - 1 { - let UnbufferedStatus { discard, state } = server - .process_tls_records(&mut client_hello_buffer[..prefix]) - .unwrap(); + let UnbufferedStatus { discard, state } = + server.process_tls_records(&mut client_hello_buffer[..prefix]); println!("prefix {prefix:?}: ({discard:?}, {state:?}"); - assert!(matches!(state, ConnectionState::BlockedHandshake)); + assert!(matches!(state.unwrap(), ConnectionState::BlockedHandshake)); } - let UnbufferedStatus { discard, state } = server - .process_tls_records(&mut client_hello_buffer[..]) - .unwrap(); + let UnbufferedStatus { discard, state } = + server.process_tls_records(&mut client_hello_buffer[..]); - assert!(matches!(state, ConnectionState::EncodeTlsData(_))); + assert!(matches!(state.unwrap(), ConnectionState::EncodeTlsData(_))); assert_eq!(client_hello_buffer.len(), discard); } @@ -935,21 +927,20 @@ fn server_receives_incorrect_first_handshake_message() { let (_, mut server) = make_connection_pair(&TLS13); let mut junk_buffer = [0x16, 0x3, 0x1, 0x0, 0x4, 0xff, 0x0, 0x0, 0x0]; + let junk_buffer_len = junk_buffer.len(); - let err = server - .process_tls_records(&mut junk_buffer[..]) - .unwrap_err(); + let UnbufferedStatus { discard, state } = server.process_tls_records(&mut junk_buffer[..]); + assert_eq!(discard, junk_buffer_len); assert_eq!( - format!("{err:?}"), - "InappropriateHandshakeMessage { expect_types: [ClientHello], got_type: Unknown(255) }" + format!("{state:?}"), + "Err(InappropriateHandshakeMessage { expect_types: [ClientHello], got_type: Unknown(255) })" ); - let UnbufferedStatus { discard, state } = server - .process_tls_records(&mut junk_buffer[..]) - .unwrap(); + let UnbufferedStatus { discard, state } = server.process_tls_records(&mut []); + assert_eq!(discard, 0); - match state { + match state.unwrap() { ConnectionState::EncodeTlsData(mut inner) => { let mut alert_buffer = [0u8; 7]; let wr = inner.encode(&mut alert_buffer).unwrap(); @@ -958,9 +949,4 @@ fn server_receives_incorrect_first_handshake_message() { } _ => panic!("unexpected alert sending state"), }; - - // XXX: error should be fused here. - let err = server - .process_tls_records(&mut junk_buffer[..]) - .unwrap_err(); } From 7b39b27771cff903bf022ff9ccfdaa06e96ca494 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 19 Dec 2023 09:26:24 +0000 Subject: [PATCH 0554/1145] verify.rs: correct comment for `verify_server_name` This implies webpki checks the DN commonName value for DNS names. It does not. --- rustls/src/webpki/verify.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 957b5657af..474a57014b 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -39,7 +39,7 @@ pub fn verify_server_cert_signed_by_trust_anchor( ) } -/// Verify that the `end_entity` has a name or alternative name matching the `server_name` +/// Verify that the `end_entity` has an alternative name matching the `server_name` /// note: this only verifies the name and should be used in conjuction with more verification /// like [verify_server_cert_signed_by_trust_anchor] pub fn verify_server_name( From 371463d8129f4f0541e38063358ec2ad4428a44a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Tue, 19 Dec 2023 14:00:36 +0100 Subject: [PATCH 0555/1145] ci-bench: explain motivation for wall-time measurements in readme --- ci-bench/README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ci-bench/README.md b/ci-bench/README.md index 71506e084d..1511718666 100644 --- a/ci-bench/README.md +++ b/ci-bench/README.md @@ -154,3 +154,15 @@ when reviewing a PR. For more information, including the alternatives we considered, check out [this comment] (https://github.com/rustls/rustls/issues/1385#issuecomment-1668023152) in the issue tracker. + +### Why measure wall-time + +While instruction counts are a useful proxy to detect changes in runtime performance, they do not +account for important factors such as cache misses and branch mispredictions. As an example, +consider two equivalent functions that calculate an aggregate value based on a `Vec`: if they +use roughly the same code, yet a different memory access pattern, that could result in a similar +instruction count, yet significantly different runtime. + +The bigger the change in code, the higher the chance that memory layout and access patterns are +significantly affected. For that reason, having wall-time measurements is important as a complement +to instruction counts. From 23167ecad67cca1eb00bd15df4d7a587f8705705 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Tue, 19 Dec 2023 14:35:22 -0500 Subject: [PATCH 0556/1145] Condense the `fragment_slice` return type --- rustls/src/msgs/fragmenter.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index 8e29a1f5a1..2f82918b62 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -37,7 +37,7 @@ impl MessageFragmenter { typ: ContentType, version: ProtocolVersion, payload: &'a [u8], - ) -> impl Iterator> + ExactSizeIterator + 'a { + ) -> impl ExactSizeIterator> { payload .chunks(self.max_frag) .map(move |c| BorrowedPlainMessage { From 93228ebdbfbe924cdbf7b4d4825eb385b1c0ac1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Tue, 19 Dec 2023 11:36:39 +0100 Subject: [PATCH 0557/1145] Add BENCHMARKING.md This file is meant as an entry point for users and contributors who are interested in benchmarking rustls. It is linked from the readme so people can find it easily. Closes #1478 and #1685 --- BENCHMARKING.md | 83 +++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 3 +- 2 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 BENCHMARKING.md diff --git a/BENCHMARKING.md b/BENCHMARKING.md new file mode 100644 index 0000000000..93aa804963 --- /dev/null +++ b/BENCHMARKING.md @@ -0,0 +1,83 @@ +# Benchmarking + +This repository includes benchmarks for multiple use cases. They are described below, along with +information on how to run them. + +## Throughput and memory usage benchmarks + +These benchmarks measure the throughput and memory footprint you get from rustls. They have been +used in the past to compare performance against OpenSSL (see the results of [December +2023](https://github.com/aochagavia/rustls-bench-results) and [July +2019](https://jbp.io/2019/07/01/rustls-vs-openssl-performance.html)). You can also use them to +evaluate rustls' performance on different hardware (e.g. a bare-metal server with support for +AVX-512 instructions vs. a cloud VM with a consumer-grade CPU). + +The measured aspects are: + +1. Bulk data transfer throughput in MiB/s; +2. Handshake throughput (full, session id, tickets) in handshakes per second; +3. Memory usage per connection. + +If you are interested in comparing against OpenSSL, check out the [twin OpenSSL +benchmarks](https://github.com/ctz/openssl-bench), which produce similar measurements. + +#### Building + +The benchmarks are implemented in the form of "example code" in `rustls/examples/internal/bench.rs`. +Use `cargo build --release -p rustls --example bench` to obtain the corresponding binary (you can +toggle conditionally compiled code with the `--no-default-features` and `--features` flags). + +Note: while `cargo build --release --example bench` also works, it results in surprises when used +together with `--no-default-features` because of how Cargo's feature unification works (some +features get enabled automatically by other subcrates). + +#### Running + +There is a makefile in [admin/bench-measure.mk](admin/bench-measure.mk) providing useful commands to +facilitate benchmarking: + +- `make measure`: runs bulk transfer and handshake throughput benchmarks using a predefined list of + cipher suites. +- `make memory`: measures memory usage for different amounts of connections. + +You can inspect the makefile to get an idea of the command line arguments accepted by `bench`. With +the right arguments, you can run benchmarks for other cipher suites (through `cargo run --release` +or by directly launching the compiled binary). + +#### Reducing noise + +We usually extend the duration of the benchmarks in an attempt to neutralize the effect of cold CPU +and page caches, giving us more accurate results. This is done through the `BENCH_MULTIPLIER` +environment variable, which tells the benchmark runner to multiply the amount of work done. For +instance, `BENCH_MULTIPLIER=8` will ensure we do 8 times the work. + +Additional ways to reduce noise are: + +- Disabling ASLR (through `setarch -R`). +- Disabling CPU dynamic frequency scaling (usually on the BIOS/UEFI level). +- Disabling CPU hyper-threading (usually on the BIOS/UEFI level). +- Setting the Linux CPU governor to performance for all cores. +- Running the benchmarks multiple times (e.g. 30) and taking the median for each scenario (the + [December 2023 results](https://github.com/aochagavia/rustls-bench-results) include Python code + doing this). + +## CI benchmarks + +These benchmarks are meant to provide _automated_ and _accurate_ feedback on a PR's performance +impact compared to the main branch. By automating them we ensure they are regularly used, by keeping +them accurate we ensure they are actionable (i.e. too much noise would train reviewers to ignore the +information). + +The benchmarks themselves are located under [ci-bench](ci-bench), together with a detailed readme +(including instructions on how to run them locally). The automated runner lives in its own +[repository](https://github.com/rustls/rustls-bench-app) and is deployed to a bare-metal machine to +ensure low-noise results. + +## Nightly benchmarks + +There are some `#[bench]` benchmarks spread throughout the codebase. We do not use them +systematically, but they help understand the performance of smaller pieces of code (one or two +functions), which would be difficult to see when the unit-of-benchmark is an entire handshake. + +These benchmarks require a nightly compiler. If you are using `rustup`, you can run them with +`RUSTFLAGS=--cfg=bench cargo +nightly bench` \ No newline at end of file diff --git a/README.md b/README.md index 9bcc81e7d4..6ce0a3ecc8 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,8 @@ Rustls is used in production at many organizations and projects. We aim to maint reasonable API surface stability but the API may evolve as we make changes to accomodate new features or performance improvements. -We have a [roadmap](ROADMAP.md) for our future plans. +We have a [roadmap](ROADMAP.md) for our future plans. We also have [benchmarks](BENCHMARKING.md) to +prevent performance regressions and to let you evaluate rustls on your target hardware. If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md). From d4bdfa919c914a43b49c979c7f62aa23a2172d7c Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Wed, 15 Nov 2023 18:45:13 +0100 Subject: [PATCH 0558/1145] refactor non-buffering logic out of send_plain --- rustls/src/common_state.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 7576eda1d1..e4c3ec1e7c 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -333,6 +333,11 @@ impl CommonState { return len; } + self.send_plain_non_buffering(data, limit) + } + + fn send_plain_non_buffering(&mut self, data: &[u8], limit: Limit) -> usize { + debug_assert!(self.may_send_application_data); debug_assert!(self.record_layer.is_encrypting()); if data.is_empty() { @@ -409,7 +414,7 @@ impl CommonState { } while let Some(buf) = self.sendable_plaintext.pop() { - self.send_plain(&buf, Limit::No); + self.send_plain_non_buffering(&buf, Limit::No); } } From 390eaec7bcb0f6be5ed1cd874a610ead7f1552e6 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Wed, 15 Nov 2023 19:03:09 +0100 Subject: [PATCH 0559/1145] move CommonState::set_buffer_limit into ConnectionCommon add a `set_buffer_limit` method to `Connection` to minimize breakage --- rustls/src/common_state.rs | 50 +------------------------------ rustls/src/conn.rs | 60 +++++++++++++++++++++++++++++++++++++- 2 files changed, 60 insertions(+), 50 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index e4c3ec1e7c..371dcf3908 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -42,7 +42,7 @@ pub struct CommonState { pub(crate) peer_certificates: Option, message_fragmenter: MessageFragmenter, pub(crate) received_plaintext: ChunkVecBuffer, - sendable_plaintext: ChunkVecBuffer, + pub(crate) sendable_plaintext: ChunkVecBuffer, pub(crate) sendable_tls: ChunkVecBuffer, queued_key_update_message: Option>, @@ -358,54 +358,6 @@ impl CommonState { self.start_outgoing_traffic(); } - /// Sets a limit on the internal buffers used to buffer - /// unsent plaintext (prior to completing the TLS handshake) - /// and unsent TLS records. This limit acts only on application - /// data written through [`Connection::writer`]. - /// - /// By default the limit is 64KB. The limit can be set - /// at any time, even if the current buffer use is higher. - /// - /// [`None`] means no limit applies, and will mean that written - /// data is buffered without bound -- it is up to the application - /// to appropriately schedule its plaintext and TLS writes to bound - /// memory usage. - /// - /// For illustration: `Some(1)` means a limit of one byte applies: - /// [`Connection::writer`] will accept only one byte, encrypt it and - /// add a TLS header. Once this is sent via [`Connection::write_tls`], - /// another byte may be sent. - /// - /// # Internal write-direction buffering - /// rustls has two buffers whose size are bounded by this setting: - /// - /// ## Buffering of unsent plaintext data prior to handshake completion - /// - /// Calls to [`Connection::writer`] before or during the handshake - /// are buffered (up to the limit specified here). Once the - /// handshake completes this data is encrypted and the resulting - /// TLS records are added to the outgoing buffer. - /// - /// ## Buffering of outgoing TLS records - /// - /// This buffer is used to store TLS records that rustls needs to - /// send to the peer. It is used in these two circumstances: - /// - /// - by [`Connection::process_new_packets`] when a handshake or alert - /// TLS record needs to be sent. - /// - by [`Connection::writer`] post-handshake: the plaintext is - /// encrypted and the resulting TLS record is buffered. - /// - /// This buffer is emptied by [`Connection::write_tls`]. - /// - /// [`Connection::writer`]: crate::Connection::writer - /// [`Connection::write_tls`]: crate::Connection::write_tls - /// [`Connection::process_new_packets`]: crate::Connection::process_new_packets - pub fn set_buffer_limit(&mut self, limit: Option) { - self.sendable_plaintext.set_limit(limit); - self.sendable_tls.set_limit(limit); - } - /// Send any buffered plaintext. Plaintext is buffered if /// written during handshake. fn flush_plaintext(&mut self) { diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index ac2c1ce897..9d676d7b06 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -107,6 +107,16 @@ impl Connection { Self::Server(server) => server.dangerous_extract_secrets(), } } + + /// Sets a limit on the internal buffers + /// + /// See [`ConnectionCommon::set_buffer_limit()`] for more information. + pub fn set_buffer_limit(&mut self, limit: Option) { + match self { + Self::Client(client) => client.set_buffer_limit(limit), + Self::Server(server) => server.set_buffer_limit(limit), + } + } } impl Deref for Connection { @@ -283,7 +293,7 @@ impl<'a> io::Write for Writer<'a> { /// /// This function buffers plaintext sent before the /// TLS handshake completes, and sends it as soon - /// as it can. See [`CommonState::set_buffer_limit`] to control + /// as it can. See [`ConnectionCommon::set_buffer_limit`] to control /// the size of this buffer. fn write(&mut self, buf: &[u8]) -> io::Result { self.sink.write(buf) @@ -588,6 +598,54 @@ impl ConnectionCommon { rx: (record_layer.read_seq(), rx), }) } + + /// Sets a limit on the internal buffers used to buffer + /// unsent plaintext (prior to completing the TLS handshake) + /// and unsent TLS records. This limit acts only on application + /// data written through [`Connection::writer`]. + /// + /// By default the limit is 64KB. The limit can be set + /// at any time, even if the current buffer use is higher. + /// + /// [`None`] means no limit applies, and will mean that written + /// data is buffered without bound -- it is up to the application + /// to appropriately schedule its plaintext and TLS writes to bound + /// memory usage. + /// + /// For illustration: `Some(1)` means a limit of one byte applies: + /// [`Connection::writer`] will accept only one byte, encrypt it and + /// add a TLS header. Once this is sent via [`Connection::write_tls`], + /// another byte may be sent. + /// + /// # Internal write-direction buffering + /// rustls has two buffers whose size are bounded by this setting: + /// + /// ## Buffering of unsent plaintext data prior to handshake completion + /// + /// Calls to [`Connection::writer`] before or during the handshake + /// are buffered (up to the limit specified here). Once the + /// handshake completes this data is encrypted and the resulting + /// TLS records are added to the outgoing buffer. + /// + /// ## Buffering of outgoing TLS records + /// + /// This buffer is used to store TLS records that rustls needs to + /// send to the peer. It is used in these two circumstances: + /// + /// - by [`Connection::process_new_packets`] when a handshake or alert + /// TLS record needs to be sent. + /// - by [`Connection::writer`] post-handshake: the plaintext is + /// encrypted and the resulting TLS record is buffered. + /// + /// This buffer is emptied by [`Connection::write_tls`]. + /// + /// [`Connection::writer`]: crate::Connection::writer + /// [`Connection::write_tls`]: crate::Connection::write_tls + /// [`Connection::process_new_packets`]: crate::Connection::process_new_packets + pub fn set_buffer_limit(&mut self, limit: Option) { + self.sendable_plaintext.set_limit(limit); + self.sendable_tls.set_limit(limit); + } } impl<'a, Data> From<&'a mut ConnectionCommon> for Context<'a, Data> { From f544352a2c07ca6e7326d270779d05e735e8b1c1 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Tue, 19 Dec 2023 14:20:16 -0500 Subject: [PATCH 0560/1145] move sendable_plaintext from CommonState to ConnectionCommon --- rustls/src/client/client_conn.rs | 2 ++ rustls/src/client/tls12.rs | 3 +- rustls/src/client/tls13.rs | 3 +- rustls/src/common_state.rs | 60 ++++++++++++++++++++++---------- rustls/src/conn.rs | 23 ++++++++---- rustls/src/conn/unbuffered.rs | 2 +- rustls/src/quic.rs | 7 ++-- rustls/src/server/tls12.rs | 3 +- rustls/src/server/tls13.rs | 6 ++-- 9 files changed, 76 insertions(+), 33 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 345991e5fd..ab1f84b026 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -657,6 +657,8 @@ impl ConnectionCore { let mut cx = hs::ClientContext { common: &mut common_state, data: &mut data, + // `start_handshake` won't produce plaintext + sendable_plaintext: None, }; let state = hs::start_handshake(name, extra_exts, config, &mut cx)?; diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index d572ffda2c..762af22caa 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -1032,7 +1032,8 @@ impl State for ExpectFinished { emit_finished(&st.secrets, &mut st.transcript, cx.common); } - cx.common.start_traffic(); + cx.common + .start_traffic(&mut cx.sendable_plaintext); Ok(Box::new(ExpectTraffic { secrets: st.secrets, _cert_verified: st.cert_verified, diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index fdd53b9518..f593ee2c24 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -895,7 +895,8 @@ impl State for ExpectFinished { /* Now move to our application traffic keys. */ cx.common.check_aligned_handshake()?; let key_schedule_traffic = key_schedule_pre_finished.into_traffic(cx.common); - cx.common.start_traffic(); + cx.common + .start_traffic(&mut cx.sendable_plaintext); let st = ExpectTraffic { session_storage: Arc::clone(&st.config.resumption.store), diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 371dcf3908..e3025934ae 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -42,7 +42,6 @@ pub struct CommonState { pub(crate) peer_certificates: Option, message_fragmenter: MessageFragmenter, pub(crate) received_plaintext: ChunkVecBuffer, - pub(crate) sendable_plaintext: ChunkVecBuffer, pub(crate) sendable_tls: ChunkVecBuffer, queued_key_update_message: Option>, @@ -71,7 +70,6 @@ impl CommonState { peer_certificates: None, message_fragmenter: MessageFragmenter::default(), received_plaintext: ChunkVecBuffer::new(Some(DEFAULT_RECEIVED_PLAINTEXT_LIMIT)), - sendable_plaintext: ChunkVecBuffer::new(Some(DEFAULT_BUFFER_LIMIT)), sendable_tls: ChunkVecBuffer::new(Some(DEFAULT_BUFFER_LIMIT)), queued_key_update_message: None, protocol: Protocol::Tcp, @@ -149,6 +147,7 @@ impl CommonState { msg: Message, mut state: Box>, data: &mut Data, + sendable_plaintext: Option<&mut ChunkVecBuffer>, ) -> Result>, Error> { // For TLS1.2, outside of the handshake, send rejection alerts for // renegotiation requests. These can occur any time. @@ -163,7 +162,11 @@ impl CommonState { } } - let mut cx = Context { common: self, data }; + let mut cx = Context { + common: self, + data, + sendable_plaintext, + }; match state.handle(&mut cx, msg) { Ok(next) => { state = next; @@ -182,9 +185,13 @@ impl CommonState { /// /// If internal buffers are too small, this function will not accept /// all the data. - pub(crate) fn buffer_plaintext(&mut self, data: &[u8]) -> usize { + pub(crate) fn buffer_plaintext( + &mut self, + data: &[u8], + sendable_plaintext: &mut ChunkVecBuffer, + ) -> usize { self.perhaps_write_key_update(); - self.send_plain(data, Limit::Yes) + self.send_plain(data, Limit::Yes, sendable_plaintext) } pub(crate) fn write_plaintext( @@ -318,17 +325,18 @@ impl CommonState { /// /// Returns the number of bytes written from `data`: this might /// be less than `data.len()` if buffer limits were exceeded. - fn send_plain(&mut self, data: &[u8], limit: Limit) -> usize { + fn send_plain( + &mut self, + data: &[u8], + limit: Limit, + sendable_plaintext: &mut ChunkVecBuffer, + ) -> usize { if !self.may_send_application_data { // If we haven't completed handshaking, buffer // plaintext to send once we do. let len = match limit { - Limit::Yes => self - .sendable_plaintext - .append_limited_copy(data), - Limit::No => self - .sendable_plaintext - .append(data.to_vec()), + Limit::Yes => sendable_plaintext.append_limited_copy(data), + Limit::No => sendable_plaintext.append(data.to_vec()), }; return len; } @@ -348,24 +356,35 @@ impl CommonState { self.send_appdata_encrypt(data, limit) } - pub(crate) fn start_outgoing_traffic(&mut self) { + /// Mark the connection as ready to send application data. + /// + /// Also flush `sendable_plaintext` if it is `Some`. + pub(crate) fn start_outgoing_traffic( + &mut self, + sendable_plaintext: &mut Option<&mut ChunkVecBuffer>, + ) { self.may_send_application_data = true; - self.flush_plaintext(); + if let Some(sendable_plaintext) = sendable_plaintext { + self.flush_plaintext(sendable_plaintext); + } } - pub(crate) fn start_traffic(&mut self) { + /// Mark the connection as ready to send and receive application data. + /// + /// Also flush `sendable_plaintext` if it is `Some`. + pub(crate) fn start_traffic(&mut self, sendable_plaintext: &mut Option<&mut ChunkVecBuffer>) { self.may_receive_application_data = true; - self.start_outgoing_traffic(); + self.start_outgoing_traffic(sendable_plaintext); } /// Send any buffered plaintext. Plaintext is buffered if /// written during handshake. - fn flush_plaintext(&mut self) { + fn flush_plaintext(&mut self, sendable_plaintext: &mut ChunkVecBuffer) { if !self.may_send_application_data { return; } - while let Some(buf) = self.sendable_plaintext.pop() { + while let Some(buf) = sendable_plaintext.pop() { self.send_plain_non_buffering(&buf, Limit::No); } } @@ -715,6 +734,9 @@ pub(crate) trait State: Send + Sync { pub(crate) struct Context<'a, Data> { pub(crate) common: &'a mut CommonState, pub(crate) data: &'a mut Data, + /// Buffered plaintext. This is `Some` if any plaintext was written during handshake and `None` + /// otherwise. + pub(crate) sendable_plaintext: Option<&'a mut ChunkVecBuffer>, } /// Side of the connection. @@ -747,4 +769,4 @@ enum Limit { } const DEFAULT_RECEIVED_PLAINTEXT_LIMIT: usize = 16 * 1024; -const DEFAULT_BUFFER_LIMIT: usize = 64 * 1024; +pub(crate) const DEFAULT_BUFFER_LIMIT: usize = 64 * 1024; diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 9d676d7b06..4ab9de5b9a 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -1,4 +1,4 @@ -use crate::common_state::{CommonState, Context, IoState, State}; +use crate::common_state::{CommonState, Context, IoState, State, DEFAULT_BUFFER_LIMIT}; use crate::enums::{AlertDescription, ContentType}; use crate::error::{Error, PeerMisbehaved}; #[cfg(feature = "logging")] @@ -254,13 +254,19 @@ pub(crate) trait PlaintextSink { impl PlaintextSink for ConnectionCommon { fn write(&mut self, buf: &[u8]) -> io::Result { - Ok(self.buffer_plaintext(buf)) + Ok(self + .core + .common_state + .buffer_plaintext(buf, &mut self.sendable_plaintext)) } fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result { let mut sz = 0; for buf in bufs { - sz += self.buffer_plaintext(buf); + sz += self + .core + .common_state + .buffer_plaintext(buf, &mut self.sendable_plaintext); } Ok(sz) } @@ -341,6 +347,7 @@ fn is_valid_ccs(msg: &PlainMessage) -> bool { pub struct ConnectionCommon { pub(crate) core: ConnectionCore, deframer_buffer: DeframerVecBuffer, + sendable_plaintext: ChunkVecBuffer, } impl ConnectionCommon { @@ -503,7 +510,7 @@ impl ConnectionCommon { #[inline] pub fn process_new_packets(&mut self) -> Result { self.core - .process_new_packets(&mut self.deframer_buffer) + .process_new_packets(&mut self.deframer_buffer, &mut self.sendable_plaintext) } /// Read TLS content from `rd` into the internal buffer. @@ -653,6 +660,7 @@ impl<'a, Data> From<&'a mut ConnectionCommon> for Context<'a, Data> { Self { common: &mut conn.core.common_state, data: &mut conn.core.data, + sendable_plaintext: Some(&mut conn.sendable_plaintext), } } } @@ -676,6 +684,7 @@ impl From> for ConnectionCommon { Self { core, deframer_buffer: DeframerVecBuffer::default(), + sendable_plaintext: ChunkVecBuffer::new(Some(DEFAULT_BUFFER_LIMIT)), } } } @@ -715,6 +724,7 @@ impl ConnectionCore { pub(crate) fn process_new_packets( &mut self, deframer_buffer: &mut DeframerVecBuffer, + sendable_plaintext: &mut ChunkVecBuffer, ) -> Result { let mut state = match mem::replace(&mut self.state, Err(Error::HandshakeNotComplete)) { Ok(state) => state, @@ -726,7 +736,7 @@ impl ConnectionCore { let mut borrowed_buffer = deframer_buffer.borrow(); while let Some(msg) = self.deframe(Some(&*state), &mut borrowed_buffer)? { - match self.process_msg(msg, state) { + match self.process_msg(msg, state, Some(sendable_plaintext)) { Ok(new) => state = new, Err(e) => { self.state = Err(e.clone()); @@ -805,6 +815,7 @@ impl ConnectionCore { &mut self, msg: PlainMessage, state: Box>, + sendable_plaintext: Option<&mut ChunkVecBuffer>, ) -> Result>, Error> { // Drop CCS messages during handshake in TLS1.3 if msg.typ == ContentType::ChangeCipherSpec @@ -847,7 +858,7 @@ impl ConnectionCore { } self.common_state - .process_main_protocol(msg, state, &mut self.data) + .process_main_protocol(msg, state, &mut self.data, sendable_plaintext) } pub(crate) fn export_keying_material>( diff --git a/rustls/src/conn/unbuffered.rs b/rustls/src/conn/unbuffered.rs index db10bb8aa8..1605924051 100644 --- a/rustls/src/conn/unbuffered.rs +++ b/rustls/src/conn/unbuffered.rs @@ -98,7 +98,7 @@ impl UnbufferedConnectionCommon { } }; - match self.core.process_msg(msg, state) { + match self.core.process_msg(msg, state, None) { Ok(new) => state = new, Err(e) => { diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index bdc69013df..ba6b1c6c16 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -1,6 +1,6 @@ /// This module contains optional APIs for implementing QUIC TLS. use crate::client::{ClientConfig, ClientConnectionData}; -use crate::common_state::{CommonState, Protocol, Side}; +use crate::common_state::{CommonState, Protocol, Side, DEFAULT_BUFFER_LIMIT}; use crate::conn::{ConnectionCore, SideData}; use crate::crypto::cipher::{AeadKey, Iv}; use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock}; @@ -13,6 +13,7 @@ use crate::tls13::key_schedule::{ hkdf_expand_label, hkdf_expand_label_aead_key, hkdf_expand_label_block, }; use crate::tls13::Tls13CipherSuite; +use crate::vecbuf::ChunkVecBuffer; use pki_types::ServerName; @@ -316,6 +317,7 @@ impl From for Connection { pub struct ConnectionCommon { core: ConnectionCore, deframer_buffer: DeframerVecBuffer, + sendable_plaintext: ChunkVecBuffer, } impl ConnectionCommon { @@ -364,7 +366,7 @@ impl ConnectionCommon { &mut self.deframer_buffer, )?; self.core - .process_new_packets(&mut self.deframer_buffer)?; + .process_new_packets(&mut self.deframer_buffer, &mut self.sendable_plaintext)?; Ok(()) } @@ -405,6 +407,7 @@ impl From> for ConnectionCommon { Self { core, deframer_buffer: DeframerVecBuffer::default(), + sendable_plaintext: ChunkVecBuffer::new(Some(DEFAULT_BUFFER_LIMIT)), } } } diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 45eb15c5e4..4a4d5d7425 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -908,7 +908,8 @@ impl State for ExpectFinished { emit_finished(&self.secrets, &mut self.transcript, cx.common); } - cx.common.start_traffic(); + cx.common + .start_traffic(&mut cx.sendable_plaintext); Ok(Box::new(ExpectTraffic { secrets: self.secrets, _fin_verified, diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 5e6729082c..7ed391383f 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -442,7 +442,8 @@ mod client_hello { // Application data can be sent immediately after Finished, in one // flight. However, if client auth is enabled, we don't want to send // application data to an unauthenticated peer. - cx.common.start_outgoing_traffic(); + cx.common + .start_outgoing_traffic(&mut cx.sendable_plaintext); } if doing_client_auth { @@ -1187,7 +1188,8 @@ impl State for ExpectFinished { } // Application data may now flow, even if we have client auth enabled. - cx.common.start_traffic(); + cx.common + .start_traffic(&mut cx.sendable_plaintext); Ok(match cx.common.is_quic() { true => Box::new(ExpectQuicTraffic { From 0cd488dff6b87f30045b666177744436b27837dc Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 21 Dec 2023 14:45:34 +0000 Subject: [PATCH 0561/1145] Clarify `ClientHello` `legacy_record_version` commentary --- rustls/src/client/hs.rs | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 26ce6383f3..be9704043e 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -309,13 +309,17 @@ fn emit_client_hello_for_retry( }; let ch = Message { - // "This value MUST be set to 0x0303 for all records generated - // by a TLS 1.3 implementation other than an initial ClientHello - // (i.e., one not generated after a HelloRetryRequest)" - version: if retryreq.is_some() { - ProtocolVersion::TLSv1_2 - } else { - ProtocolVersion::TLSv1_0 + version: match retryreq { + // : + // "This value MUST be set to 0x0303 for all records generated + // by a TLS 1.3 implementation ..." + Some(_) => ProtocolVersion::TLSv1_2, + // "... other than an initial ClientHello (i.e., one not + // generated after a HelloRetryRequest), where it MAY also be + // 0x0301 for compatibility purposes" + // + // (retryreq == None means we're in the "initial ClientHello" case) + None => ProtocolVersion::TLSv1_0, }, payload: MessagePayload::handshake(chp), }; From 309a5d5051c42a15d2811a62b476335f36a66ae7 Mon Sep 17 00:00:00 2001 From: Niklas Fiekas Date: Mon, 25 Dec 2023 10:58:26 +0100 Subject: [PATCH 0562/1145] Implement FromIterator for RootCertStore (#1708) Co-authored-by: Daniel McCarney --- examples/src/bin/limitedclient.rs | 3 +-- examples/src/bin/simple_0rtt_client.rs | 3 +-- examples/src/bin/simpleclient.rs | 3 +-- provider-example/examples/client.rs | 3 +-- rustls/src/lib.rs | 10 ++++------ rustls/src/webpki/anchors.rs | 11 +++++++++-- 6 files changed, 17 insertions(+), 16 deletions(-) diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index 248c0c4038..92e5a4ec5f 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -8,8 +8,7 @@ use std::net::TcpStream; use std::sync::Arc; fn main() { - let mut root_store = rustls::RootCertStore::empty(); - root_store.extend( + let root_store = rustls::RootCertStore::from_iter( webpki_roots::TLS_SERVER_ROOTS .iter() .cloned(), diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index cdc201b729..a20ba5c858 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -66,8 +66,7 @@ fn start_connection(config: &Arc, domain_name: &str) { fn main() { env_logger::init(); - let mut root_store = RootCertStore::empty(); - root_store.extend( + let root_store = RootCertStore::from_iter( webpki_roots::TLS_SERVER_ROOTS .iter() .cloned(), diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index 9044144262..35b7c15a66 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -15,8 +15,7 @@ use std::sync::Arc; use rustls::RootCertStore; fn main() { - let mut root_store = RootCertStore::empty(); - root_store.extend( + let root_store = RootCertStore::from_iter( webpki_roots::TLS_SERVER_ROOTS .iter() .cloned(), diff --git a/provider-example/examples/client.rs b/provider-example/examples/client.rs index fa625e4028..9fab7e097a 100644 --- a/provider-example/examples/client.rs +++ b/provider-example/examples/client.rs @@ -5,8 +5,7 @@ use std::sync::Arc; fn main() { env_logger::init(); - let mut root_store = rustls::RootCertStore::empty(); - root_store.extend( + let root_store = rustls::RootCertStore::from_iter( webpki_roots::TLS_SERVER_ROOTS .iter() .cloned(), diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 36ce1bc843..3b9167828b 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -116,11 +116,10 @@ //! //! ```rust,no_run //! # #[cfg(feature = "ring")] { -//! let mut root_store = rustls::RootCertStore::empty(); -//! root_store.extend( +//! let root_store = rustls::RootCertStore::from_iter( //! webpki_roots::TLS_SERVER_ROOTS //! .iter() -//! .cloned() +//! .cloned(), //! ); //! # } //! ``` @@ -147,11 +146,10 @@ //! # use rustls; //! # use webpki; //! # use std::sync::Arc; -//! # let mut root_store = rustls::RootCertStore::empty(); -//! # root_store.extend( +//! # let root_store = rustls::RootCertStore::from_iter( //! # webpki_roots::TLS_SERVER_ROOTS //! # .iter() -//! # .cloned() +//! # .cloned(), //! # ); //! # let config = rustls::ClientConfig::builder() //! # .with_root_certificates(root_store) diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index 429832ab8e..1467b0bfbd 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -103,6 +103,14 @@ impl RootCertStore { } } +impl FromIterator> for RootCertStore { + fn from_iter>>(iter: T) -> Self { + Self { + roots: iter.into_iter().collect(), + } + } +} + impl Extend> for RootCertStore { fn extend>>(&mut self, iter: T) { self.roots.extend(iter); @@ -122,13 +130,12 @@ fn root_cert_store_debug() { use core::iter; use pki_types::Der; - let mut store = RootCertStore::empty(); let ta = TrustAnchor { subject: Der::from_slice(&[]), subject_public_key_info: Der::from_slice(&[]), name_constraints: None, }; - store.extend(iter::repeat(ta).take(138)); + let store = RootCertStore::from_iter(iter::repeat(ta).take(138)); assert_eq!( format!("{:?}", store), From b0bbb314b7fedbb4efc7428103e3197bb07174df Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 2 Jan 2024 09:27:42 -0500 Subject: [PATCH 0563/1145] Cargo: update semver compat deps * Anyhow 1.0.75 -> 1.0.78 * Async-trait 0.1.74 -> 0.1.76 * Clap 4.4.11 -> 4.4.12 * Tokio 1.35.0 -> 1.35.1 * Serde-json 1.0.108 -> 1.0.109 --- Cargo.lock | 211 +++++++++++++++++++++++++---------------------------- 1 file changed, 100 insertions(+), 111 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a5bba3cb65..a911a12cfe 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -111,9 +111,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.75" +version = "1.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4668cab20f66d8d020e1fbc0ebe47217433c1b6c8f2040faf858554e394ace6" +checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca" [[package]] name = "async-attributes" @@ -143,7 +143,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1ca33f4bc4ed1babef42cad36cc1f51fa88be00420404e5b1e80ab1b18f7678c" dependencies = [ "concurrent-queue", - "event-listener 4.0.0", + "event-listener 4.0.2", "event-listener-strategy", "futures-core", "pin-project-lite", @@ -165,13 +165,13 @@ dependencies = [ [[package]] name = "async-global-executor" -version = "2.4.0" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b4353121d5644cdf2beb5726ab752e79a8db1ebb52031770ec47db31d245526" +checksum = "05b1b633a2115cd122d73b955eadd9916c18c8f510ec9cd1686404c60ad1c29c" dependencies = [ "async-channel 2.1.1", "async-executor", - "async-io 2.2.1", + "async-io 2.2.2", "async-lock 3.2.0", "blocking", "futures-lite 2.1.0", @@ -200,9 +200,9 @@ dependencies = [ [[package]] name = "async-io" -version = "2.2.1" +version = "2.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6d3b15875ba253d1110c740755e246537483f152fa334f91abd7fe84c88b3ff" +checksum = "6afaa937395a620e33dc6a742c593c01aced20aa376ffb0f628121198578ccc7" dependencies = [ "async-lock 3.2.0", "cfg-if", @@ -232,7 +232,7 @@ version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7125e42787d53db9dd54261812ef17e937c95a51e4d291373b670342fa44310c" dependencies = [ - "event-listener 4.0.0", + "event-listener 4.0.2", "event-listener-strategy", "pin-project-lite", ] @@ -266,19 +266,19 @@ dependencies = [ [[package]] name = "async-task" -version = "4.5.0" +version = "4.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4eb2cdb97421e01129ccb49169d8279ed21e829929144f4a22a6e54ac549ca1" +checksum = "e1d90cd0b264dfdd8eb5bad0a2c217c1f88fa96a8573f40e7b12de23fb468f46" [[package]] name = "async-trait" -version = "0.1.74" +version = "0.1.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9" +checksum = "c980ee35e870bd1a4d2c8294d4c04d0499e67bca1e4b5cefcc693c2fa00caea9" dependencies = [ "proc-macro2", "quote", - "syn 2.0.40", + "syn 2.0.46", ] [[package]] @@ -377,7 +377,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.40", + "syn 2.0.46", "which", ] @@ -497,9 +497,9 @@ dependencies = [ [[package]] name = "clang-sys" -version = "1.6.1" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c688fc74432808e3eb684cae8830a86be1d66a2bd58e1f248ed0960a590baf6f" +checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1" dependencies = [ "glob", "libc", @@ -508,9 +508,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.11" +version = "4.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfaff671f6b22ca62406885ece523383b9b64022e341e53e009a62ebc47a45f2" +checksum = "dcfab8ba68f3668e89f6ff60f5b205cea56aa7b769451a59f34b8682f51c056d" dependencies = [ "clap_builder", "clap_derive", @@ -518,9 +518,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.11" +version = "4.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a216b506622bb1d316cd51328dce24e07bdff4a6128a47c7e7fad11878d5adbb" +checksum = "fb7fb5e4e979aec3be7791562fcba452f94ad85e954da024396433e0e25a79e9" dependencies = [ "anstream", "anstyle", @@ -537,7 +537,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.40", + "syn 2.0.46", ] [[package]] @@ -572,9 +572,9 @@ dependencies = [ [[package]] name = "const-oid" -version = "0.9.5" +version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" @@ -587,9 +587,9 @@ dependencies = [ [[package]] name = "crossbeam-deque" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce6fd6f855243022dcecf8702fef0c297d4338e226845fe067f6341ad9fa0cef" +checksum = "fca89a0e215bab21874660c67903c5f143333cab1da83d041c7ded6053774751" dependencies = [ "cfg-if", "crossbeam-epoch", @@ -598,22 +598,20 @@ dependencies = [ [[package]] name = "crossbeam-epoch" -version = "0.9.15" +version = "0.9.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae211234986c545741a7dc064309f67ee1e5ad243d0e48335adc0484d960bcc7" +checksum = "0e3681d554572a651dda4186cd47240627c3d0114d45a95f6ad27f2f22e7548d" dependencies = [ "autocfg", "cfg-if", "crossbeam-utils", - "memoffset", - "scopeguard", ] [[package]] name = "crossbeam-utils" -version = "0.8.16" +version = "0.8.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a22b2d63d4d1dc0b7f1b6b2747dd0088008a9be28b6ddf0b1e7d335e3037294" +checksum = "c3a430a770ebd84726f584a90ee7f020d28db52c6d02138900f22341f866d39c" dependencies = [ "cfg-if", ] @@ -673,7 +671,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.40", + "syn 2.0.46", ] [[package]] @@ -694,9 +692,9 @@ dependencies = [ [[package]] name = "deranged" -version = "0.3.10" +version = "0.3.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8eb30d70a07a3b04884d2677f06bec33509dc67ca60d92949e5535352d3191dc" +checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4" dependencies = [ "powerfmt", ] @@ -780,7 +778,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.40", + "syn 2.0.46", ] [[package]] @@ -820,9 +818,9 @@ checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" [[package]] name = "event-listener" -version = "4.0.0" +version = "4.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "770d968249b5d99410d61f5bf89057f3199a077a04d087092f58e7d10692baae" +checksum = "218a870470cce1469024e9fb66b901aa983929d81304a1cdb299f28118e550d5" dependencies = [ "concurrent-queue", "parking", @@ -835,7 +833,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "958e4d70b6d5e81971bebec42271ec641e7ff4e170a6fa605f2b8a8b65cb97d3" dependencies = [ - "event-listener 4.0.0", + "event-listener 4.0.2", "pin-project-lite", ] @@ -893,24 +891,24 @@ checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" [[package]] name = "futures-channel" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff4dd66668b557604244583e3e1e1eada8c5c2e96a6d0d6653ede395b78bbacb" +checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" dependencies = [ "futures-core", ] [[package]] name = "futures-core" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb1d22c66e66d9d72e1758f0bd7d4fd0bee04cad842ee34587d68c07e45d088c" +checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" [[package]] name = "futures-io" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8bf34a163b5c4c52d0478a4d757da8fb65cabef42ba90515efee0f6f9fa45aaa" +checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" [[package]] name = "futures-lite" @@ -942,21 +940,21 @@ dependencies = [ [[package]] name = "futures-sink" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e36d3378ee38c2a36ad710c5d30c2911d752cb941c00c72dbabfb786a7970817" +checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" [[package]] name = "futures-task" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efd193069b0ddadc69c46389b740bbccdd97203899b48d09c5f7969591d6bae2" +checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" [[package]] name = "futures-util" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a19526d624e703a3179b3d322efec918b6246ea0fa51d41124525f00f1cc8104" +checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" dependencies = [ "futures-core", "futures-task", @@ -1141,9 +1139,9 @@ dependencies = [ [[package]] name = "hkdf" -version = "0.12.3" +version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" dependencies = [ "hmac", ] @@ -1159,11 +1157,11 @@ dependencies = [ [[package]] name = "home" -version = "0.5.5" +version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb" +checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -1311,13 +1309,13 @@ checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3" [[package]] name = "is-terminal" -version = "0.4.9" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" +checksum = "0bad00257d07be169d870ab665980b06cdb366d792ad690bf2e76876dc503455" dependencies = [ "hermit-abi", "rustix 0.38.28", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -1376,12 +1374,12 @@ checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" [[package]] name = "libloading" -version = "0.7.4" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f" +checksum = "c571b676ddfc9a8c12f1f3d3085a7b163966a8fd8098a90640953ce5f6170161" dependencies = [ "cfg-if", - "winapi", + "windows-sys 0.48.0", ] [[package]] @@ -1444,18 +1442,9 @@ checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4" [[package]] name = "memchr" -version = "2.6.4" +version = "2.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" - -[[package]] -name = "memoffset" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a634b1c61a95585bd15607c6ab0c4e5b226e695ff2800ba0cdccddf208c406c" -dependencies = [ - "autocfg", -] +checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" [[package]] name = "minimal-lexical" @@ -1560,9 +1549,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.1" +version = "0.32.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" +checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" dependencies = [ "memchr", ] @@ -1644,9 +1633,9 @@ checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" [[package]] name = "pem" -version = "3.0.2" +version = "3.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3163d2912b7c3b52d651a055f2c7eec9ba5cd22d26ef75b8dd3a59980b185923" +checksum = "1b8fcc794035347fb64beda2d3b462595dd2753e3f268d89c5aae77e8cf2c310" dependencies = [ "base64", "serde", @@ -1704,9 +1693,9 @@ dependencies = [ [[package]] name = "platforms" -version = "3.2.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14e6ab3f592e6fb464fc9712d8d6e6912de6473954635fd76a589d832cffcbb0" +checksum = "626dec3cac7cc0e1577a2ec3fc496277ec2baa084bebad95bb6fdbfae235f84c" [[package]] name = "polling" @@ -1775,12 +1764,12 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "prettyplease" -version = "0.2.15" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae005bd773ab59b4725093fd7df83fd7892f7d8eafb48dbd7de6e024e4215f9d" +checksum = "a41cf62165e97c7f814d2221421dbb9afcbcdb0a88068e5ea206e19951c2cbb5" dependencies = [ "proc-macro2", - "syn 2.0.40", + "syn 2.0.46", ] [[package]] @@ -1794,9 +1783,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.70" +version = "1.0.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39278fbbf5fb4f646ce651690877f89d1c5811a3d4acb27700c1cb3cdb78fd3b" +checksum = "2de98502f212cfcea8d0bb305bd0f49d7ebdd75b64ba0a68f937d888f4e0d6db" dependencies = [ "unicode-ident", ] @@ -1809,9 +1798,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" [[package]] name = "quote" -version = "1.0.33" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" dependencies = [ "proc-macro2", ] @@ -2116,9 +2105,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.0.1" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7673e0aa20ee4937c6aacfc12bb8341cfbf054cdd21df6bec5fd0629fe9339b" +checksum = "9e9d979b3ce68192e42760c7810125eb6cf2ea10efae545a156063e61f314e2a" [[package]] name = "rustls-provider-example" @@ -2221,29 +2210,29 @@ checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" [[package]] name = "serde" -version = "1.0.193" +version = "1.0.194" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25dd9975e68d0cb5aa1120c288333fc98731bd1dd12f561e468ea4728c042b89" +checksum = "0b114498256798c94a0689e1a15fec6005dee8ac1f41de56404b67afc2a4b773" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.193" +version = "1.0.194" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" +checksum = "a3385e45322e8f9931410f01b3031ec534c3947d0e94c18049af4d9f9907d4e0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.40", + "syn 2.0.46", ] [[package]] name = "serde_json" -version = "1.0.108" +version = "1.0.110" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d1c7e3eac408d115102c4c24ad393e0821bb3a5df4d506a80f85f7a742a526b" +checksum = "6fbd975230bada99c8bb618e0c365c2eefa219158d5c6c29610fd09ff1833257" dependencies = [ "itoa", "ryu", @@ -2359,9 +2348,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.40" +version = "2.0.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13fa70a4ee923979ffb522cacce59d34421ebdea5625e1073c4326ef9d2dd42e" +checksum = "89456b690ff72fddcecf231caedbe615c59480c93358a93dfae7fc29e3ebbf0e" dependencies = [ "proc-macro2", "quote", @@ -2379,29 +2368,29 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.50" +version = "1.0.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2" +checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.50" +version = "1.0.56" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" +checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" dependencies = [ "proc-macro2", "quote", - "syn 2.0.40", + "syn 2.0.46", ] [[package]] name = "time" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5" +checksum = "f657ba42c3f86e7680e53c8cd3af8abbe56b5491790b46e22e19c0d57463583e" dependencies = [ "deranged", "powerfmt", @@ -2432,9 +2421,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.35.0" +version = "1.35.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "841d45b238a16291a4e1584e61820b8ae57d696cc5015c459c229ccc6990cc1c" +checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104" dependencies = [ "backtrace", "bytes", @@ -2455,7 +2444,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.40", + "syn 2.0.46", ] [[package]] @@ -2501,7 +2490,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.40", + "syn 2.0.46", ] [[package]] @@ -2624,7 +2613,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.40", + "syn 2.0.46", "wasm-bindgen-shared", ] @@ -2658,7 +2647,7 @@ checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" dependencies = [ "proc-macro2", "quote", - "syn 2.0.40", + "syn 2.0.46", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2923,5 +2912,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.40", + "syn 2.0.46", ] From 74dcc950a5603a9423c3d3226b643c835c3d0c30 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 2 Jan 2024 11:37:04 +0000 Subject: [PATCH 0564/1145] ring/kx.rs: exercise `KxGroup::fmt` Remove unusable Debug derivation for `KeyExchange` --- rustls/src/crypto/ring/kx.rs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index 67e9f491d9..72c10cfa38 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -75,7 +75,6 @@ pub static ALL_KX_GROUPS: &[&dyn SupportedKxGroup] = &[X25519, SECP256R1, SECP38 /// An in-progress key exchange. This has the algorithm, /// our private key, and our public key. -#[derive(Debug)] struct KeyExchange { name: NamedGroup, agreement_algorithm: &'static agreement::Algorithm, @@ -102,6 +101,14 @@ impl ActiveKeyExchange for KeyExchange { } } +#[cfg(test)] +mod tests { + #[test] + fn kxgroup_fmt_yields_name() { + assert_eq!("X25519", format!("{:?}", super::X25519)); + } +} + #[cfg(bench)] mod benchmarks { #[bench] From 450224cde970de6749a3d02f2582ec70c4f12a9c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 2 Jan 2024 11:44:32 +0000 Subject: [PATCH 0565/1145] ring/ticketer.rs: cover AeadTicketer --- rustls/src/crypto/ring/ticketer.rs | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/rustls/src/crypto/ring/ticketer.rs b/rustls/src/crypto/ring/ticketer.rs index b5b5a3c9b9..3282ec1e0b 100644 --- a/rustls/src/crypto/ring/ticketer.rs +++ b/rustls/src/crypto/ring/ticketer.rs @@ -194,4 +194,19 @@ mod tests { assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2"); assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3"); } + + #[test] + fn aeadticketer_is_debug_and_producestickets() { + use super::*; + use alloc::format; + + let t = make_ticket_generator().unwrap(); + + assert_eq!( + format!("{:?}", t), + "AeadTicketer { alg: CHACHA20_POLY1305, lifetime: 43200 }" + ); + assert!(t.enabled()); + assert_eq!(t.lifetime(), 43200); + } } From f804902c522cd28897b00c429d5ebb26dab20ebc Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 2 Jan 2024 12:26:27 +0000 Subject: [PATCH 0566/1145] Correct `SignatureScheme::sign()` for ED25519/448 --- rustls/src/enums.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rustls/src/enums.rs b/rustls/src/enums.rs index fd5a653ab5..abeded1c08 100644 --- a/rustls/src/enums.rs +++ b/rustls/src/enums.rs @@ -525,6 +525,8 @@ impl SignatureScheme { Self::ECDSA_NISTP256_SHA256 | Self::ECDSA_NISTP384_SHA384 | Self::ECDSA_NISTP521_SHA512 => SignatureAlgorithm::ECDSA, + Self::ED25519 => SignatureAlgorithm::ED25519, + Self::ED448 => SignatureAlgorithm::ED448, _ => SignatureAlgorithm::Unknown(0), } } From efc3b2e13b136177c6b35b14793ab3fb1eeeb43e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 2 Jan 2024 12:28:40 +0000 Subject: [PATCH 0567/1145] ring/sign.rs: improve testing --- rustls/src/crypto/ring/sign.rs | 124 +++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index 130073ba5d..0fa48f81da 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -409,6 +409,7 @@ impl Debug for Ed25519Signer { #[cfg(test)] mod tests { use super::*; + use alloc::format; use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer}; #[test] @@ -430,6 +431,37 @@ mod tests { assert!(any_ecdsa_type(&key).is_ok()); } + #[test] + fn can_sign_ecdsa_nistp256() { + let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( + &include_bytes!("../../testdata/nistp256key.der")[..], + )); + + let k = any_supported_type(&key).unwrap(); + assert_eq!(format!("{:?}", k), "EcdsaSigningKey { algorithm: ECDSA }"); + assert_eq!(k.algorithm(), SignatureAlgorithm::ECDSA); + + assert!(k + .choose_scheme(&[SignatureScheme::RSA_PKCS1_SHA256]) + .is_none()); + assert!(k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP384_SHA384]) + .is_none()); + let s = k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP256_SHA256]) + .unwrap(); + assert_eq!( + format!("{:?}", s), + "EcdsaSigner { scheme: ECDSA_NISTP256_SHA256 }" + ); + assert_eq!(s.scheme(), SignatureScheme::ECDSA_NISTP256_SHA256); + // nb. signature is variable length and asn.1-encoded + assert!(s + .sign(b"hello") + .unwrap() + .starts_with(&[0x30])); + } + #[test] fn can_load_ecdsa_nistp384_pkcs8() { let key = @@ -449,6 +481,37 @@ mod tests { assert!(any_ecdsa_type(&key).is_ok()); } + #[test] + fn can_sign_ecdsa_nistp384() { + let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( + &include_bytes!("../../testdata/nistp384key.der")[..], + )); + + let k = any_supported_type(&key).unwrap(); + assert_eq!(format!("{:?}", k), "EcdsaSigningKey { algorithm: ECDSA }"); + assert_eq!(k.algorithm(), SignatureAlgorithm::ECDSA); + + assert!(k + .choose_scheme(&[SignatureScheme::RSA_PKCS1_SHA256]) + .is_none()); + assert!(k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP256_SHA256]) + .is_none()); + let s = k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP384_SHA384]) + .unwrap(); + assert_eq!( + format!("{:?}", s), + "EcdsaSigner { scheme: ECDSA_NISTP384_SHA384 }" + ); + assert_eq!(s.scheme(), SignatureScheme::ECDSA_NISTP384_SHA384); + // nb. signature is variable length and asn.1-encoded + assert!(s + .sign(b"hello") + .unwrap() + .starts_with(&[0x30])); + } + #[test] fn can_load_eddsa_pkcs8() { let key = PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/eddsakey.der")[..]); @@ -458,6 +521,31 @@ mod tests { assert!(any_ecdsa_type(&key).is_err()); } + #[test] + fn can_sign_eddsa() { + let key = PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/eddsakey.der")[..]); + + let k = any_eddsa_type(&key).unwrap(); + assert_eq!( + format!("{:?}", k), + "Ed25519SigningKey { algorithm: ED25519 }" + ); + assert_eq!(k.algorithm(), SignatureAlgorithm::ED25519); + + assert!(k + .choose_scheme(&[SignatureScheme::RSA_PKCS1_SHA256]) + .is_none()); + assert!(k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP256_SHA256]) + .is_none()); + let s = k + .choose_scheme(&[SignatureScheme::ED25519]) + .unwrap(); + assert_eq!(format!("{:?}", s), "Ed25519Signer { scheme: ED25519 }"); + assert_eq!(s.scheme(), SignatureScheme::ED25519); + assert_eq!(s.sign(b"hello").unwrap().len(), 64); + } + #[test] fn can_load_rsa2048_pkcs8() { let key = @@ -477,6 +565,42 @@ mod tests { assert!(any_ecdsa_type(&key).is_err()); } + #[test] + fn can_sign_rsa2048() { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/rsa2048key.pkcs8.der")[..], + )); + + let k = any_supported_type(&key).unwrap(); + assert_eq!(format!("{:?}", k), "RsaSigningKey { algorithm: RSA }"); + assert_eq!(k.algorithm(), SignatureAlgorithm::RSA); + + assert!(k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP256_SHA256]) + .is_none()); + assert!(k + .choose_scheme(&[SignatureScheme::ED25519]) + .is_none()); + + let s = k + .choose_scheme(&[SignatureScheme::RSA_PSS_SHA256]) + .unwrap(); + assert_eq!(format!("{:?}", s), "RsaSigner { scheme: RSA_PSS_SHA256 }"); + assert_eq!(s.scheme(), SignatureScheme::RSA_PSS_SHA256); + assert_eq!(s.sign(b"hello").unwrap().len(), 256); + + for scheme in &[ + SignatureScheme::RSA_PKCS1_SHA256, + SignatureScheme::RSA_PKCS1_SHA384, + SignatureScheme::RSA_PKCS1_SHA512, + SignatureScheme::RSA_PSS_SHA256, + SignatureScheme::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA512, + ] { + k.choose_scheme(&[*scheme]).unwrap(); + } + } + #[test] fn cannot_load_invalid_pkcs8_encoding() { let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from(&b"invalid"[..])); From afa7f1476075f6156aa951a610b41aa12ddbcfe0 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 2 Jan 2024 17:37:32 +0000 Subject: [PATCH 0568/1145] tests/unbuffered.rs: refactor and improve coverage Extract out the common structure of most of these tests, leaving just the differences in their own tests. --- rustls/tests/unbuffered.rs | 657 ++++++++++++++++--------------------- 1 file changed, 282 insertions(+), 375 deletions(-) diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 1538989294..a37f243879 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -8,6 +8,7 @@ use rustls::unbuffered::{ UnbufferedStatus, WriteTraffic, }; use rustls::version::TLS13; +use rustls::{ClientConfig, ServerConfig}; use crate::common::*; @@ -17,9 +18,9 @@ const MAX_ITERATIONS: usize = 100; #[test] fn tls12_handshake() { - let (client_transcript, server_transcript) = handshake(&rustls::version::TLS12); + let outcome = handshake(&rustls::version::TLS12); assert_eq!( - client_transcript, + outcome.client_transcript, vec![ "Ok(EncodeTlsData)", "Ok(TransmitTlsData)", @@ -38,7 +39,7 @@ fn tls12_handshake() { "client transcript mismatch" ); assert_eq!( - server_transcript, + outcome.server_transcript, vec![ "Ok(BlockedHandshake)", "Ok(EncodeTlsData)", @@ -60,9 +61,9 @@ fn tls12_handshake() { #[test] fn tls13_handshake() { - let (client_transcript, server_transcript) = handshake(&rustls::version::TLS13); + let outcome = handshake(&rustls::version::TLS13); assert_eq!( - client_transcript, + outcome.client_transcript, vec![ "Ok(EncodeTlsData)", "Ok(TransmitTlsData)", @@ -83,7 +84,7 @@ fn tls13_handshake() { "client transcript mismatch" ); assert_eq!( - server_transcript, + outcome.server_transcript, vec![ "Ok(BlockedHandshake)", "Ok(EncodeTlsData)", @@ -105,70 +106,16 @@ fn tls13_handshake() { ); } -fn handshake(version: &'static rustls::SupportedProtocolVersion) -> (Vec, Vec) { - let mut client_transcript = Vec::new(); - let mut server_transcript = Vec::new(); +fn handshake(version: &'static rustls::SupportedProtocolVersion) -> Outcome { + let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]); + let client_config = make_client_config(KeyType::Rsa); - let (mut client, mut server) = make_connection_pair(version); - let mut buffers = BothBuffers::default(); - - let mut count = 0; - let mut client_handshake_done = false; - let mut server_handshake_done = false; - while !client_handshake_done || !server_handshake_done { - let client_state = advance_client( - &mut client, - &mut buffers.client, - NO_ACTIONS, - Some(&mut client_transcript), - ); - - match client_state { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data: false, - sent_close_notify: false, - sent_early_data: false, - } => buffers.client_send(), - State::BlockedHandshake => buffers.server_send(), - State::WriteTraffic { - sent_app_data: false, - sent_close_notify: false, - } => client_handshake_done = true, - state => unreachable!("{state:?}"), - } - - let server_state = advance_server( - &mut server, - &mut buffers.server, - NO_ACTIONS, - Some(&mut server_transcript), - ); - - match server_state { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data: false, - sent_close_notify: false, - sent_early_data: false, - } => buffers.server_send(), - State::BlockedHandshake => buffers.client_send(), - State::WriteTraffic { - sent_app_data: false, - sent_close_notify: false, - } => server_handshake_done = true, - state => unreachable!("{state:?}"), - } - - count += 1; - - assert!( - count <= MAX_ITERATIONS, - "handshake {version:?} was not completed" - ); - } - - (client_transcript, server_transcript) + run( + Arc::new(client_config), + &mut NO_ACTIONS.clone(), + Arc::new(server_config), + &mut NO_ACTIONS.clone(), + ) } #[test] @@ -176,80 +123,30 @@ fn app_data_client_to_server() { let expected: &[_] = b"hello"; for version in rustls::ALL_VERSIONS { eprintln!("{version:?}"); - - let (mut client, mut server) = make_connection_pair(version); - let mut buffers = BothBuffers::default(); + let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]); + let client_config = make_client_config(KeyType::Rsa); let mut client_actions = Actions { app_data_to_send: Some(expected), ..NO_ACTIONS }; - let mut received_app_data = vec![]; - let mut count = 0; - let mut client_handshake_done = false; - let mut server_handshake_done = false; - while !client_handshake_done || !server_handshake_done { - match advance_client(&mut client, &mut buffers.client, client_actions, None) { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data, - sent_close_notify: false, - sent_early_data: false, - } => { - buffers.client_send(); - - if sent_app_data { - client_actions.app_data_to_send = None; - } - } - State::BlockedHandshake => buffers.server_send(), - State::WriteTraffic { - sent_app_data, - sent_close_notify: false, - } => { - if sent_app_data { - buffers.client_send(); - client_actions.app_data_to_send = None; - } - - client_handshake_done = true - } - state => unreachable!("{state:?}"), - } - - match advance_server(&mut server, &mut buffers.server, NO_ACTIONS, None) { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data: false, - sent_close_notify: false, - sent_early_data: false, - } => buffers.server_send(), - State::BlockedHandshake => buffers.client_send(), - State::ReceivedAppData { records } => { - received_app_data.extend(records); - } - State::WriteTraffic { - sent_app_data: false, - sent_close_notify: false, - } => server_handshake_done = true, - state => unreachable!("{state:?}"), - } - - count += 1; - assert!( - count <= MAX_ITERATIONS, - "handshake {version:?} was not completed" - ); - } - - assert!(client_handshake_done); - assert!(server_handshake_done); + let outcome = run( + Arc::new(client_config), + &mut client_actions, + Arc::new(server_config), + &mut NO_ACTIONS.clone(), + ); assert!(client_actions .app_data_to_send .is_none()); - assert_eq!([expected], received_app_data.as_slice()); + assert_eq!( + [expected], + outcome + .server_received_app_data + .as_slice() + ); } } @@ -258,76 +155,30 @@ fn app_data_server_to_client() { let expected: &[_] = b"hello"; for version in rustls::ALL_VERSIONS { eprintln!("{version:?}"); - - let (mut client, mut server) = make_connection_pair(version); - let mut buffers = BothBuffers::default(); + let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]); + let client_config = make_client_config(KeyType::Rsa); let mut server_actions = Actions { app_data_to_send: Some(expected), ..NO_ACTIONS }; - let mut received_app_data = vec![]; - let mut count = 0; - let mut client_handshake_done = false; - let mut server_handshake_done = false; - while !client_handshake_done || !server_handshake_done { - match advance_client(&mut client, &mut buffers.client, NO_ACTIONS, None) { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data: false, - sent_close_notify: false, - sent_early_data: false, - } => buffers.client_send(), - State::BlockedHandshake => buffers.server_send(), - State::WriteTraffic { - sent_app_data: false, - sent_close_notify: false, - } => client_handshake_done = true, - State::ReceivedAppData { records } => { - received_app_data.extend(records); - } - state => unreachable!("{state:?}"), - } - - match advance_server(&mut server, &mut buffers.server, server_actions, None) { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data, - sent_close_notify: false, - sent_early_data: false, - } => { - buffers.server_send(); - if sent_app_data { - server_actions.app_data_to_send = None; - } - } - State::BlockedHandshake => buffers.client_send(), - State::ReceivedAppData { records } => { - received_app_data.extend(records); - } - // server does not need to reach this state to send data to the client - State::WriteTraffic { - sent_app_data: false, - sent_close_notify: false, - } => server_handshake_done = true, - state => unreachable!("{state:?}"), - } - count += 1; - - assert!( - count <= MAX_ITERATIONS, - "handshake {version:?} was not completed" - ); - } - - assert!(client_handshake_done); - assert!(server_handshake_done); + let outcome = run( + Arc::new(client_config), + &mut NO_ACTIONS.clone(), + Arc::new(server_config), + &mut server_actions, + ); assert!(server_actions .app_data_to_send .is_none()); - assert_eq!([expected], received_app_data.as_slice()); + assert_eq!( + [expected], + outcome + .client_received_app_data + .as_slice() + ); } } @@ -343,149 +194,234 @@ fn early_data() { client_config.enable_early_data = true; let client_config = Arc::new(client_config); - for conn_count in 0..2 { - eprintln!("----"); - let mut client = - UnbufferedClientConnection::new(client_config.clone(), server_name("localhost")) - .unwrap(); - let mut server = UnbufferedServerConnection::new(server_config.clone()).unwrap(); - let mut buffers = BothBuffers::default(); + // first handshake allows the second to be a resumption and use 0-RTT + run( + client_config.clone(), + &mut NO_ACTIONS.clone(), + server_config.clone(), + &mut NO_ACTIONS.clone(), + ); - let mut client_actions = Actions { - early_data_to_send: Some(expected), - ..NO_ACTIONS - }; - let mut received_early_data = vec![]; - let mut count = 0; - let mut client_handshake_done = false; - let mut server_handshake_done = false; - while !client_handshake_done || !server_handshake_done { - match advance_client(&mut client, &mut buffers.client, client_actions, None) { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data: false, - sent_close_notify: false, - sent_early_data, - } => { - buffers.client_send(); - - if sent_early_data { - client_actions.early_data_to_send = None; - } + let mut client_actions = Actions { + early_data_to_send: Some(expected), + ..NO_ACTIONS + }; + + let outcome = run( + client_config.clone(), + &mut client_actions, + server_config.clone(), + &mut NO_ACTIONS.clone(), + ); + + assert_eq!( + outcome.client_transcript, + vec![ + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(TransmitTlsData)", + "Ok(BlockedHandshake)", + "Ok(BlockedHandshake)", + "Ok(BlockedHandshake)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(TransmitTlsData)", + "Ok(WriteTraffic)", + "Ok(WriteTraffic)", + "Ok(WriteTraffic)", + "Ok(WriteTraffic)", + "Ok(WriteTraffic)" + ] + ); + assert_eq!( + outcome.server_transcript, + vec![ + "Ok(BlockedHandshake)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(ReadEarlyData)", + "Ok(TransmitTlsData)", + "Ok(BlockedHandshake)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(EncodeTlsData)", + "Ok(TransmitTlsData)", + "Ok(WriteTraffic)" + ] + ); + assert!(client_actions + .early_data_to_send + .is_none()); + assert_eq!( + [expected], + outcome + .server_received_early_data + .as_slice() + ); +} + +fn run( + client_config: Arc, + client_actions: &mut Actions, + server_config: Arc, + server_actions: &mut Actions, +) -> Outcome { + let mut outcome = Outcome::default(); + let mut count = 0; + let mut client_handshake_done = false; + let mut server_handshake_done = false; + + let mut client = + UnbufferedClientConnection::new(client_config.clone(), server_name("localhost")).unwrap(); + let mut server = UnbufferedServerConnection::new(server_config.clone()).unwrap(); + let mut buffers = BothBuffers::default(); + + while !(client_handshake_done + && server_handshake_done + && client_actions.finished() + && server_actions.finished()) + { + match advance_client( + &mut client, + &mut buffers.client, + *client_actions, + &mut outcome.client_transcript, + ) { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_early_data, + sent_app_data, + sent_close_notify, + } => { + buffers.client_send(); + if sent_app_data { + client_actions.app_data_to_send = None; } - State::BlockedHandshake => buffers.server_send(), - State::WriteTraffic { - sent_app_data: false, - sent_close_notify: false, - } => client_handshake_done = true, - state => unreachable!("{state:?}"), - } - match advance_server(&mut server, &mut buffers.server, NO_ACTIONS, None) { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data: false, - sent_close_notify: false, - sent_early_data: false, - } => buffers.server_send(), - State::BlockedHandshake => buffers.client_send(), - State::WriteTraffic { - sent_app_data: false, - sent_close_notify: false, - } => server_handshake_done = true, - State::ReceivedEarlyData { records } => { - received_early_data.extend(records); + if sent_early_data { + client_actions.early_data_to_send = None; + } + + if sent_close_notify { + client_actions.send_close_notify = false; } - state => unreachable!("{state:?}"), } + State::BlockedHandshake => buffers.server_send(), + State::WriteTraffic { + sent_app_data, + sent_close_notify, + } => { + buffers.client_send(); - count += 1; + if sent_app_data { + client_actions.app_data_to_send = None; + } + + if sent_close_notify { + client_actions.send_close_notify = false; + } - assert!(count <= MAX_ITERATIONS, "handshake was not completed"); + client_handshake_done = true; + } + State::ReceivedAppData { records } => { + outcome + .client_received_app_data + .extend(records); + } + State::Closed => { + client_handshake_done = true; + outcome.client_reached_connection_closed_state = true + } + state => unreachable!("{state:?}"), } - // early data is not exchanged on the first server interaction - if conn_count == 1 { - assert!(client_actions - .early_data_to_send - .is_none()); - assert_eq!([expected], received_early_data.as_slice()); + match advance_server( + &mut server, + &mut buffers.server, + *server_actions, + &mut outcome.server_transcript, + ) { + State::EncodedTlsData => {} + State::TransmitTlsData { + sent_app_data, + sent_close_notify, + .. + } => { + buffers.server_send(); + + if sent_app_data { + server_actions.app_data_to_send = None; + } + + if sent_close_notify { + server_actions.send_close_notify = false; + } + } + State::BlockedHandshake => buffers.client_send(), + State::WriteTraffic { + sent_app_data, + sent_close_notify, + } => { + buffers.server_send(); + + if sent_app_data { + server_actions.app_data_to_send = None; + } + + if sent_close_notify { + server_actions.send_close_notify = false; + } + + server_handshake_done = true; + } + State::ReceivedEarlyData { records } => { + outcome + .server_received_early_data + .extend(records); + } + State::ReceivedAppData { records } => { + outcome + .server_received_app_data + .extend(records); + } + State::Closed => { + server_handshake_done = true; + outcome.server_reached_connection_closed_state = true + } } + + count += 1; + + assert!(count <= MAX_ITERATIONS, "handshake was not completed"); } + + outcome } #[test] fn close_notify_client_to_server() { for version in rustls::ALL_VERSIONS { eprintln!("{version:?}"); - - let (mut client, mut server) = make_connection_pair(version); - let mut buffers = BothBuffers::default(); + let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]); + let client_config = make_client_config(KeyType::Rsa); let mut client_actions = Actions { send_close_notify: true, ..NO_ACTIONS }; - let mut count = 0; - let mut client_handshake_done = false; - let mut server_handshake_done = false; - let mut reached_connection_closed_state = false; - while !client_handshake_done || !server_handshake_done { - match advance_client(&mut client, &mut buffers.client, client_actions, None) { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data: false, - sent_close_notify, - sent_early_data: false, - } => { - buffers.client_send(); - if sent_close_notify { - client_actions.send_close_notify = false; - } - } - State::BlockedHandshake => buffers.server_send(), - State::WriteTraffic { - sent_app_data: false, - sent_close_notify, - } => { - if sent_close_notify { - buffers.client_send(); - client_actions.send_close_notify = false; - } - client_handshake_done = true; - } - state => unreachable!("{state:?}"), - } - match advance_server(&mut server, &mut buffers.server, NO_ACTIONS, None) { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data: false, - sent_close_notify: false, - sent_early_data: false, - } => buffers.server_send(), - State::BlockedHandshake => buffers.client_send(), - State::WriteTraffic { - sent_app_data: false, - sent_close_notify: false, - } => server_handshake_done = true, - State::Closed => { - server_handshake_done = true; - reached_connection_closed_state = true - } - state => unreachable!("{state:?}"), - } - - count += 1; - - assert!( - count <= MAX_ITERATIONS, - "handshake {version:?} was not completed" - ); - } + let outcome = run( + Arc::new(client_config), + &mut client_actions, + Arc::new(server_config), + &mut NO_ACTIONS.clone(), + ); assert!(!client_actions.send_close_notify); - assert!(reached_connection_closed_state); + assert!(outcome.server_reached_connection_closed_state); } } @@ -493,69 +429,23 @@ fn close_notify_client_to_server() { fn close_notify_server_to_client() { for version in rustls::ALL_VERSIONS { eprintln!("{version:?}"); - - let (mut client, mut server) = make_connection_pair(version); - let mut buffers = BothBuffers::default(); + let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]); + let client_config = make_client_config(KeyType::Rsa); let mut server_actions = Actions { send_close_notify: true, ..NO_ACTIONS }; - let mut count = 0; - let mut client_handshake_done = false; - let mut server_handshake_done = false; - let mut reached_connection_closed_state = false; - while !client_handshake_done || !server_handshake_done { - match advance_client(&mut client, &mut buffers.client, NO_ACTIONS, None) { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data: false, - sent_close_notify: false, - sent_early_data: false, - } => buffers.client_send(), - State::BlockedHandshake => buffers.server_send(), - State::WriteTraffic { - sent_app_data: false, - sent_close_notify: false, - } => client_handshake_done = true, - State::Closed => { - client_handshake_done = true; - reached_connection_closed_state = true - } - state => unreachable!("{state:?}"), - } - match advance_server(&mut server, &mut buffers.server, server_actions, None) { - State::EncodedTlsData => {} - State::TransmitTlsData { - sent_app_data: false, - sent_close_notify, - sent_early_data: false, - } => { - buffers.server_send(); - if sent_close_notify { - server_actions.send_close_notify = false; - } - } - State::BlockedHandshake => buffers.client_send(), - State::WriteTraffic { - sent_app_data: false, - // servers don't need to reach this state to send a close_notify alert - sent_close_notify: false, - } => server_handshake_done = true, - state => unreachable!("{state:?}"), - } - - count += 1; - - assert!( - count <= MAX_ITERATIONS, - "handshake {version:?} was not completed" - ); - } + let outcome = run( + Arc::new(client_config), + &mut NO_ACTIONS.clone(), + Arc::new(server_config), + &mut server_actions, + ); assert!(!server_actions.send_close_notify); - assert!(reached_connection_closed_state); + assert!(outcome.client_reached_connection_closed_state); } } @@ -594,17 +484,34 @@ struct Actions<'a> { send_close_notify: bool, } +impl Actions<'_> { + fn finished(&self) -> bool { + self.app_data_to_send.is_none() + && self.early_data_to_send.is_none() + && !self.send_close_notify + } +} + +#[derive(Clone, Debug, Default)] +struct Outcome { + server_transcript: Vec, + server_received_early_data: Vec>, + server_received_app_data: Vec>, + server_reached_connection_closed_state: bool, + client_transcript: Vec, + client_received_app_data: Vec>, + client_reached_connection_closed_state: bool, +} + fn advance_client( conn: &mut UnbufferedConnectionCommon, buffers: &mut Buffers, actions: Actions, - transcript: Option<&mut Vec>, + transcript: &mut Vec, ) -> State { let UnbufferedStatus { discard, state } = conn.process_tls_records(buffers.incoming.filled()); - if let Some(transcript) = transcript { - transcript.push(format!("{:?}", state)); - } + transcript.push(format!("{:?}", state)); let state = match state.unwrap() { ConnectionState::TransmitTlsData(mut state) => { @@ -614,6 +521,7 @@ fn advance_client( write_with_buffer_size_checks( |out_buf| state.encrypt(early_data, out_buf), |e| { + println!("encrypt error: {e}"); if let EarlyDataError::Encrypt(EncryptError::InsufficientSize(ise)) = e { ise @@ -645,13 +553,11 @@ fn advance_server( conn: &mut UnbufferedConnectionCommon, buffers: &mut Buffers, actions: Actions, - transcript: Option<&mut Vec>, + transcript: &mut Vec, ) -> State { let UnbufferedStatus { discard, state } = conn.process_tls_records(buffers.incoming.filled()); - if let Some(transcript) = transcript { - transcript.push(format!("{:?}", state)); - } + transcript.push(format!("{:?}", state)); let state = match state.unwrap() { ConnectionState::ReadEarlyData(mut state) => { @@ -676,11 +582,12 @@ fn handle_state( outgoing: &mut Buffer, actions: Actions, ) -> State { - match state { + match dbg!(state) { ConnectionState::EncodeTlsData(mut state) => { write_with_buffer_size_checks( |out_buf| state.encode(out_buf), |e| { + println!("encode error: {e}"); if let EncodeError::InsufficientSize(ise) = e { ise } else { From 164135c29fb3b48cdd77e993752d68e5757bc419 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 2 Jan 2024 17:54:47 +0000 Subject: [PATCH 0569/1145] Ensure `ReadTraffic::peek_len` works --- rustls/tests/unbuffered.rs | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index a37f243879..3d7159fe65 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -1,4 +1,5 @@ #![cfg(any(feature = "ring", feature = "aws_lc_rs"))] +use std::num::NonZeroUsize; use std::sync::Arc; use rustls::client::{ClientConnectionData, EarlyDataError, UnbufferedClientConnection}; @@ -562,11 +563,17 @@ fn advance_server( let state = match state.unwrap() { ConnectionState::ReadEarlyData(mut state) => { let mut records = vec![]; + let mut peeked_len = state.peek_len(); while let Some(res) = state.next_record() { - records.push(res.unwrap().payload.to_vec()); + let payload = res.unwrap().payload.to_vec(); + assert_eq!(NonZeroUsize::new(payload.len()), peeked_len); + records.push(payload); + peeked_len = state.peek_len(); } + assert_eq!(None, peeked_len); + State::ReceivedEarlyData { records } } @@ -650,11 +657,17 @@ fn handle_state( ConnectionState::ReadTraffic(mut state) => { let mut records = vec![]; + let mut peeked_len = state.peek_len(); while let Some(res) = state.next_record() { - records.push(res.unwrap().payload.to_vec()); + let payload = res.unwrap().payload.to_vec(); + assert_eq!(NonZeroUsize::new(payload.len()), peeked_len); + records.push(payload); + peeked_len = state.peek_len(); } + assert_eq!(None, peeked_len); + State::ReceivedAppData { records } } From 94a128b8d2eac97516f381ed833e3bd55aae4736 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 2 Jan 2024 18:01:40 +0000 Subject: [PATCH 0570/1145] Exercise `AlreadyEncoded` error path in `EncodeTlsData` --- rustls/tests/unbuffered.rs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 3d7159fe65..884240fb7b 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -604,6 +604,11 @@ fn handle_state( outgoing, ); + assert!(matches!( + state.encode(&mut []).unwrap_err(), + EncodeError::AlreadyEncoded + )); + State::EncodedTlsData } From c9963b0eccbef3f6ddf86f3f1686c2ea3cff45b5 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 2 Jan 2024 09:44:08 -0500 Subject: [PATCH 0571/1145] examples: add a simple server example This commit adds an example *server* that is roughly contemporary with the existing "simpleclient". It is the absolute bare minimum needed to run a server using Rustls (e.g. it only accepts a single connection before terminating). You can run the server with: ``` CERTFILE=test-ca/rsa/end.fullchain PRIV_KEY_FILE=test-ca/rsa/end.key cargo run --package rustls-examples --bin simpleserver ``` And connect to it with a client: ``` cargo run --package rustls-examples --bin tlsclient-mio -- --port 4443 --cafile test-ca/rsa/ca.cert localhost --http ``` --- examples/src/bin/simpleserver.rs | 51 ++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 examples/src/bin/simpleserver.rs diff --git a/examples/src/bin/simpleserver.rs b/examples/src/bin/simpleserver.rs new file mode 100644 index 0000000000..050234ac55 --- /dev/null +++ b/examples/src/bin/simpleserver.rs @@ -0,0 +1,51 @@ +//! This is the simplest possible server using rustls that does something useful: +//! it accepts the default configuration, loads a server certificate and private key, +//! and then accepts a single client connection. +//! +//! You must either set the CERTFILE and PRIV_KEY_FILE env vars to point to a server +//! certificate and private key, or place 'localhost.pem' and 'localhost-key.pem' in +//! the directory you run this example from. +//! +//! Note that `unwrap()` is used to deal with networking errors; this is not something +//! that is sensible outside of example code. + +use std::error::Error as StdError; +use std::fs::File; +use std::io::{BufReader, Read, Write}; +use std::net::TcpListener; +use std::sync::Arc; + +const CERTFILE: &str = match option_env!("CERTFILE") { + Some(certfile) => certfile, + None => "localhost.pem", +}; + +const PRIV_KEY_FILE: &str = match option_env!("PRIV_KEY_FILE") { + Some(priv_key_file) => priv_key_file, + None => "localhost-key.pem", +}; + +fn main() -> Result<(), Box> { + let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open(CERTFILE)?)) + .collect::, _>>()?; + let private_key = + rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(PRIV_KEY_FILE)?))?.unwrap(); + let config = rustls::ServerConfig::builder() + .with_no_client_auth() + .with_single_cert(certs, private_key)?; + + let listener = TcpListener::bind(format!("[::]:{}", 4443)).unwrap(); + let (mut stream, _) = listener.accept()?; + + let mut conn = rustls::ServerConnection::new(Arc::new(config))?; + conn.complete_io(&mut stream)?; + + conn.writer() + .write_all(b"Hello from the server")?; + conn.complete_io(&mut stream)?; + let mut buf = [0; 64]; + let len = conn.reader().read(&mut buf)?; + println!("Received message from client: {:?}", &buf[..len]); + + Ok(()) +} From 0d7c256c32d676c7278c846f49ea8b1622d06a66 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 2 Jan 2024 09:56:42 -0500 Subject: [PATCH 0572/1145] docs: add README for examples * Inventory of the existing examples, with brief descriptions * Guidance to look at the "simple" examples first. --- examples/README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 examples/README.md diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000000..b807bef1c9 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,21 @@ +# Rustls Examples + +This directory contains a number of examples that use Rustls. + +We recommend new users start by looking at `simpleclient.rs` and `simpleserver.rs`. Once those are understood, `tlsclient-mio.rs` and `tlsserver-mio.rs` provide more advanced examples. + +## Client examples + +* `simpleclient.rs` - shows a simple client configuration that uses sensible defaults. It demonstrates using the `Stream` helper to treat a Rustls connection as you would a bi-directional TCP stream. +* `tlsclient-mio.rs` - shows a more complete client example that handles command line flags for customizing TLS options, and uses MIO to handle asynchronous I/O. +* `limitedclient.rs` - shows how to configure Rustls so that unused cryptography is discarded by the linker. This client only supports TLS 1.3 and a single cipher suite. +* `simple_0rtt_client.rs` - shows how to make a TLS 1.3 client connection that sends early 0RTT data. +* `unbuffered-client.rs` - shows an advanced example of using Rustls lower-level APIs to implement a client that does not buffer any data inside Rustls. +* `unbuffered-async-client.rs` - shows an advanced example of using Rustls lower-level APIs to implement a client that does not buffer any data inside Rustls, and that processes TLS events asynchronously. + +## Server examples + +* `simpleserver.rs` - shows a very minimal server example that accepts a single TLS connection. See `tlsserver-mio.rs` or `server_acceptor.rs` for a more realistic example. +* `tlsserver-mio.rs` - shows a more complete server example that handles command line flags for customizing TLS options, and uses MIO to handle asynchronous I/O. +* `server_acceptor.rs` - shows how to use the `Acceptor` API to create a server that generates a unique `ServerConfig` for each client. This example also shows how to use client authentication, CRL revocation checking, and uses `rcgen` to generate its own certificates. +* `unbuffered-server.rs` - shows an advanced example of using Rustls lower-level APIs to implement a server that does not buffer any data inside Rustls. From 0d4b2dfa523103d19c2bb92193de6dfaaeda6a1c Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 2 Jan 2024 10:25:39 -0500 Subject: [PATCH 0573/1145] docs: provide more pointers for examples This commit provides more pointers to our existing examples and additionally provides guidance about Rusts being low-level. Users that just want to make an HTTPS request should probably use a crate built on top of Rustls. Similarly, users in the Tokio ecosystem should look at tokio-rustls. --- README.md | 20 ++++++++++++++++---- rustls/src/lib.rs | 21 +++++++++++++++++---- 2 files changed, 33 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 6ce0a3ecc8..baa532c8e8 100644 --- a/README.md +++ b/README.md @@ -110,11 +110,23 @@ Rustls requires Rust 1.61 or later. [crypto::CryptoProvider]: https://docs.rs/rustls/latest/rustls/crypto/trait.CryptoProvider.html # Example code -There are two example programs which use -[mio](https://github.com/carllerche/mio) to do asynchronous IO. + +Our [examples] directory contains demos that show how to handle I/O using the +[`stream::Stream`] helper, as well as more complex asynchronous I/O using [`mio`]. +If you're already using Tokio for an async runtime you may prefer to use +[`tokio-rustls`] instead of interacting with rustls directly. + +The [`mio`] based examples are the most complete, and discussed below. Users +new to Rustls may prefer to look at the simple client/server examples before +diving in to the more complex MIO examples. + +[examples]: examples/ +[`stream::Stream`]: https://docs.rs/rustls/latest/rustls/struct.Stream.html +[`mio`]: https://docs.rs/mio/latest/mio/ +[`tokio-rustls`]: https://docs.rs/tokio-rustls/latest/tokio_rustls/ ## Client example program -The client example program is named `tlsclient-mio`. The interface looks like: +The MIO client example program is named `tlsclient-mio`. The interface looks like: ```tlsclient-mio Connects to the TLS server at hostname:PORT. The default PORT @@ -173,7 +185,7 @@ Connection closed ``` ## Server example program -The server example program is named `tlsserver-mio`. The interface looks like: +The MIO server example program is named `tlsserver-mio`. The interface looks like: ```tlsserver-mio Runs a TLS server on :PORT. The default PORT is 443. diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 3b9167828b..c083db3c93 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -77,11 +77,23 @@ //! [crypto::CryptoProvider]: https://docs.rs/rustls/latest/rustls/crypto/trait.CryptoProvider.html //! //! ## Design Overview +//! +//! Rustls is a low-level library. If your goal is to make HTTPS connections you may prefer +//! to use a library built on top of Rustls like [hyper] or [ureq]. +//! +//! [hyper]: https://crates.io/crates/hyper +//! [ureq]: https://crates.io/crates/ureq +//! //! ### Rustls does not take care of network IO //! It doesn't make or accept TCP connections, or do DNS, or read or write files. //! -//! There's example client and server code which uses mio to do all needed network -//! IO. +//! Our [examples] directory contains demos that show how to handle I/O using the +//! [`stream::Stream`] helper, as well as more complex asynchronous I/O using [`mio`]. +//! If you're already using Tokio for an async runtime you may prefer to use [`tokio-rustls`] instead +//! of interacting with rustls directly. +//! +//! [examples]: examples/README.md +//! [`tokio-rustls`]: https://github.com/rustls/tokio-rustls //! //! ### Rustls provides encrypted pipes //! These are the [`ServerConnection`] and [`ClientConnection`] types. You supply raw TLS traffic @@ -231,9 +243,10 @@ //! //! # Examples //! -//! [`tlsserver-mio`](https://github.com/rustls/rustls/blob/main/examples/src/bin/tlsserver-mio.rs) +//! You can find several client and server examples of varying complexity in the [examples] +//! directory, including [`tlsserver-mio`](https://github.com/rustls/rustls/blob/main/examples/src/bin/tlsserver-mio.rs) //! and [`tlsclient-mio`](https://github.com/rustls/rustls/blob/main/examples/src/bin/tlsclient-mio.rs) -//! are full worked examples using [`mio`]. +//! - full worked examples using [`mio`]. //! //! [`mio`]: https://docs.rs/mio/latest/mio/ //! From 0a61a3ad4a34d4381dce6f3d45caefd445d28e0c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 21 Dec 2023 15:28:42 +0000 Subject: [PATCH 0574/1145] Depend on rustls-webpki 0.102.1 --- Cargo.lock | 8 ++++---- fuzz/Cargo.lock | 4 ++-- rustls/Cargo.toml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a911a12cfe..41262188de 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2032,7 +2032,7 @@ dependencies = [ "ring", "rustls-pemfile 2.0.0", "rustls-pki-types", - "rustls-webpki 0.102.0", + "rustls-webpki 0.102.1", "rustversion", "subtle", "webpki-roots 0.26.0", @@ -2129,7 +2129,7 @@ dependencies = [ "rsa", "rustls 0.23.0-alpha.0", "rustls-pki-types", - "rustls-webpki 0.102.0", + "rustls-webpki 0.102.1", "serde", "serde_json", "sha2", @@ -2150,9 +2150,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.102.0" +version = "0.102.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de2635c8bc2b88d367767c5de8ea1d8db9af3f6219eba28442242d9ab81d1b89" +checksum = "ef4ca26037c909dedb327b48c3327d0ba91d3dd3c4e05dad328f210ffb68e95b" dependencies = [ "aws-lc-rs", "ring", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 24152287d2..ccfb275a44 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -98,9 +98,9 @@ checksum = "e7673e0aa20ee4937c6aacfc12bb8341cfbf054cdd21df6bec5fd0629fe9339b" [[package]] name = "rustls-webpki" -version = "0.102.0" +version = "0.102.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de2635c8bc2b88d367767c5de8ea1d8db9af3f6219eba28442242d9ab81d1b89" +checksum = "ef4ca26037c909dedb327b48c3327d0ba91d3dd3c4e05dad328f210ffb68e95b" dependencies = [ "ring", "rustls-pki-types", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index fd0d588fc6..f1c88c0195 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -20,7 +20,7 @@ aws-lc-rs = { version = "1.5", optional = true } log = { version = "0.4.4", optional = true } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } -webpki = { package = "rustls-webpki", version = "0.102", features = ["std"], default-features = false } +webpki = { package = "rustls-webpki", version = "0.102.1", features = ["std"], default-features = false } pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } zeroize = "1.6.0" From 1980ba6d16f0131fbfbe548c9a13995e88bb38d7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 21 Dec 2023 15:38:00 +0000 Subject: [PATCH 0575/1145] aws-lc-rs: support verifying with ECDSA_P521_SHA512 --- rustls/src/crypto/aws_lc_rs/mod.rs | 5 +++++ rustls/src/enums.rs | 3 ++- rustls/tests/api.rs | 6 ++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index cdb7e48120..5493bef6f8 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -114,6 +114,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms webpki_algs::ECDSA_P256_SHA384, webpki_algs::ECDSA_P384_SHA256, webpki_algs::ECDSA_P384_SHA384, + webpki_algs::ECDSA_P521_SHA512, webpki_algs::ED25519, webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, webpki_algs::RSA_PSS_2048_8192_SHA384_LEGACY_KEY, @@ -125,6 +126,10 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms ], mapping: &[ // Note: for TLS1.2 the curve is not fixed by SignatureScheme. For TLS1.3 it is. + ( + SignatureScheme::ECDSA_NISTP521_SHA512, + &[webpki_algs::ECDSA_P521_SHA512], + ), ( SignatureScheme::ECDSA_NISTP384_SHA384, &[ diff --git a/rustls/src/enums.rs b/rustls/src/enums.rs index abeded1c08..06a3855259 100644 --- a/rustls/src/enums.rs +++ b/rustls/src/enums.rs @@ -541,7 +541,8 @@ impl SignatureScheme { pub(crate) fn supported_in_tls13(&self) -> bool { matches!( *self, - Self::ECDSA_NISTP384_SHA384 + Self::ECDSA_NISTP521_SHA512 + | Self::ECDSA_NISTP384_SHA384 | Self::ECDSA_NISTP256_SHA256 | Self::RSA_PSS_SHA512 | Self::RSA_PSS_SHA384 diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 4d3fbea186..b5c90f3f2b 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -980,6 +980,8 @@ fn server_cert_resolve_reduces_sigalgs_for_ecdsa_ciphersuite() { KeyType::Ecdsa, CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, vec![ + #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] + SignatureScheme::ECDSA_NISTP521_SHA512, SignatureScheme::ECDSA_NISTP384_SHA384, SignatureScheme::ECDSA_NISTP256_SHA256, SignatureScheme::ED25519, @@ -1322,6 +1324,8 @@ fn test_client_cert_resolve( for version in rustls::ALL_VERSIONS { let expected_sigschemes = match version.version { ProtocolVersion::TLSv1_2 => vec![ + #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] + SignatureScheme::ECDSA_NISTP521_SHA512, SignatureScheme::ECDSA_NISTP384_SHA384, SignatureScheme::ECDSA_NISTP256_SHA256, SignatureScheme::ED25519, @@ -1333,6 +1337,8 @@ fn test_client_cert_resolve( SignatureScheme::RSA_PKCS1_SHA256, ], ProtocolVersion::TLSv1_3 => vec![ + #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] + SignatureScheme::ECDSA_NISTP521_SHA512, SignatureScheme::ECDSA_NISTP384_SHA384, SignatureScheme::ECDSA_NISTP256_SHA256, SignatureScheme::ED25519, From ec8d89b4308a8177e3664b095a8e4330b87991a9 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 21 Dec 2023 16:38:30 +0000 Subject: [PATCH 0576/1145] Split off crypto/aws_lc_rs/sign.rs --- rustls/src/crypto/aws_lc_rs/mod.rs | 13 - rustls/src/crypto/aws_lc_rs/sign.rs | 790 ++++++++++++++++++++++++++++ rustls/src/crypto/ring/mod.rs | 12 - rustls/src/crypto/ring/sign.rs | 6 +- 4 files changed, 793 insertions(+), 28 deletions(-) create mode 100644 rustls/src/crypto/aws_lc_rs/sign.rs diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index 5493bef6f8..a2285a1336 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -18,7 +18,6 @@ use alloc::sync::Arc; pub(crate) use aws_lc_rs as ring_like; /// Using software keys for authentication. -#[path = "../ring/sign.rs"] pub mod sign; #[path = "../ring/hash.rs"] @@ -197,16 +196,4 @@ mod ring_shim { Ok(SharedSecret::from(secret)) }) } - - pub(super) fn rsa_key_pair_public_modulus_len(kp: &ring_like::signature::RsaKeyPair) -> usize { - kp.public_modulus_len() - } - - pub(super) fn ecdsa_key_pair_from_pkcs8( - alg: &'static ring_like::signature::EcdsaSigningAlgorithm, - data: &[u8], - _rng: &dyn ring_like::rand::SecureRandom, - ) -> Result { - ring_like::signature::EcdsaKeyPair::from_pkcs8(alg, data).map_err(|_| ()) - } } diff --git a/rustls/src/crypto/aws_lc_rs/sign.rs b/rustls/src/crypto/aws_lc_rs/sign.rs new file mode 100644 index 0000000000..73b3260b69 --- /dev/null +++ b/rustls/src/crypto/aws_lc_rs/sign.rs @@ -0,0 +1,790 @@ +#![allow(clippy::duplicate_mod)] + +use crate::enums::{SignatureAlgorithm, SignatureScheme}; +use crate::error::Error; +use crate::sign::{Signer, SigningKey}; +use crate::x509::{asn1_wrap, wrap_in_sequence}; + +use super::ring_like::io::der; +use super::ring_like::rand::SystemRandom; +use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; + +use alloc::boxed::Box; +use alloc::format; +use alloc::string::ToString; +use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; +use core::fmt::{self, Debug, Formatter}; + +/// Parse `der` as any supported key encoding/type, returning +/// the first which works. +pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result, Error> { + if let Ok(rsa) = RsaSigningKey::new(der) { + return Ok(Arc::new(rsa)); + } + + if let Ok(ecdsa) = any_ecdsa_type(der) { + return Ok(ecdsa); + } + + if let PrivateKeyDer::Pkcs8(pkcs8) = der { + if let Ok(eddsa) = any_eddsa_type(pkcs8) { + return Ok(eddsa); + } + } + + Err(Error::General( + "failed to parse private key as RSA, ECDSA, or EdDSA".into(), + )) +} + +/// Parse `der` as any ECDSA key type, returning the first which works. +/// +/// Both SEC1 (PEM section starting with 'BEGIN EC PRIVATE KEY') and PKCS8 +/// (PEM section starting with 'BEGIN PRIVATE KEY') encodings are supported. +pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result, Error> { + if let Ok(ecdsa_p256) = EcdsaSigningKey::new( + der, + SignatureScheme::ECDSA_NISTP256_SHA256, + &signature::ECDSA_P256_SHA256_ASN1_SIGNING, + ) { + return Ok(Arc::new(ecdsa_p256)); + } + + if let Ok(ecdsa_p384) = EcdsaSigningKey::new( + der, + SignatureScheme::ECDSA_NISTP384_SHA384, + &signature::ECDSA_P384_SHA384_ASN1_SIGNING, + ) { + return Ok(Arc::new(ecdsa_p384)); + } + + Err(Error::General( + "failed to parse ECDSA private key as PKCS#8 or SEC1".into(), + )) +} + +/// Parse `der` as any EdDSA key type, returning the first which works. +pub fn any_eddsa_type(der: &PrivatePkcs8KeyDer<'_>) -> Result, Error> { + // TODO: Add support for Ed448 + Ok(Arc::new(Ed25519SigningKey::new( + der, + SignatureScheme::ED25519, + )?)) +} + +/// A `SigningKey` for RSA-PKCS1 or RSA-PSS. +/// +/// This is used by the test suite, so it must be `pub`, but it isn't part of +/// the public, stable, API. +#[doc(hidden)] +pub struct RsaSigningKey { + key: Arc, +} + +static ALL_RSA_SCHEMES: &[SignatureScheme] = &[ + SignatureScheme::RSA_PSS_SHA512, + SignatureScheme::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA256, + SignatureScheme::RSA_PKCS1_SHA512, + SignatureScheme::RSA_PKCS1_SHA384, + SignatureScheme::RSA_PKCS1_SHA256, +]; + +impl RsaSigningKey { + /// Make a new `RsaSigningKey` from a DER encoding, in either + /// PKCS#1 or PKCS#8 format. + pub fn new(der: &PrivateKeyDer<'_>) -> Result { + let key_pair = match der { + PrivateKeyDer::Pkcs1(pkcs1) => RsaKeyPair::from_der(pkcs1.secret_pkcs1_der()), + PrivateKeyDer::Pkcs8(pkcs8) => RsaKeyPair::from_pkcs8(pkcs8.secret_pkcs8_der()), + _ => { + return Err(Error::General( + "failed to parse RSA private key as either PKCS#1 or PKCS#8".into(), + )); + } + } + .map_err(|key_rejected| { + Error::General(format!("failed to parse RSA private key: {}", key_rejected)) + })?; + + Ok(Self { + key: Arc::new(key_pair), + }) + } +} + +impl SigningKey for RsaSigningKey { + fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { + ALL_RSA_SCHEMES + .iter() + .find(|scheme| offered.contains(scheme)) + .map(|scheme| RsaSigner::new(Arc::clone(&self.key), *scheme)) + } + + fn algorithm(&self) -> SignatureAlgorithm { + SignatureAlgorithm::RSA + } +} + +impl Debug for RsaSigningKey { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("RsaSigningKey") + .field("algorithm", &self.algorithm()) + .finish() + } +} + +struct RsaSigner { + key: Arc, + scheme: SignatureScheme, + encoding: &'static dyn signature::RsaEncoding, +} + +impl RsaSigner { + fn new(key: Arc, scheme: SignatureScheme) -> Box { + let encoding: &dyn signature::RsaEncoding = match scheme { + SignatureScheme::RSA_PKCS1_SHA256 => &signature::RSA_PKCS1_SHA256, + SignatureScheme::RSA_PKCS1_SHA384 => &signature::RSA_PKCS1_SHA384, + SignatureScheme::RSA_PKCS1_SHA512 => &signature::RSA_PKCS1_SHA512, + SignatureScheme::RSA_PSS_SHA256 => &signature::RSA_PSS_SHA256, + SignatureScheme::RSA_PSS_SHA384 => &signature::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA512 => &signature::RSA_PSS_SHA512, + _ => unreachable!(), + }; + + Box::new(Self { + key, + scheme, + encoding, + }) + } +} + +impl Signer for RsaSigner { + fn sign(&self, message: &[u8]) -> Result, Error> { + let mut sig = vec![0; self.key.public_modulus_len()]; + + let rng = SystemRandom::new(); + self.key + .sign(self.encoding, &rng, message, &mut sig) + .map(|_| sig) + .map_err(|_| Error::General("signing failed".to_string())) + } + + fn scheme(&self) -> SignatureScheme { + self.scheme + } +} + +impl Debug for RsaSigner { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("RsaSigner") + .field("scheme", &self.scheme) + .finish() + } +} + +/// A SigningKey that uses exactly one TLS-level SignatureScheme +/// and one ring-level signature::SigningAlgorithm. +/// +/// Compare this to RsaSigningKey, which for a particular key is +/// willing to sign with several algorithms. This is quite poor +/// cryptography practice, but is necessary because a given RSA key +/// is expected to work in TLS1.2 (PKCS#1 signatures) and TLS1.3 +/// (PSS signatures) -- nobody is willing to obtain certificates for +/// different protocol versions. +/// +/// Currently this is only implemented for ECDSA keys. +struct EcdsaSigningKey { + key: Arc, + scheme: SignatureScheme, +} + +impl EcdsaSigningKey { + /// Make a new `ECDSASigningKey` from a DER encoding in PKCS#8 or SEC1 + /// format, expecting a key usable with precisely the given signature + /// scheme. + fn new( + der: &PrivateKeyDer<'_>, + scheme: SignatureScheme, + sigalg: &'static signature::EcdsaSigningAlgorithm, + ) -> Result { + let key_pair = match der { + PrivateKeyDer::Sec1(sec1) => { + Self::convert_sec1_to_pkcs8(scheme, sigalg, sec1.secret_sec1_der())? + } + PrivateKeyDer::Pkcs8(pkcs8) => { + EcdsaKeyPair::from_pkcs8(sigalg, pkcs8.secret_pkcs8_der()).map_err(|_| ())? + } + _ => return Err(()), + }; + + Ok(Self { + key: Arc::new(key_pair), + scheme, + }) + } + + /// Convert a SEC1 encoding to PKCS8, and ask ring to parse it. This + /// can be removed once + /// (or equivalent) is landed. + fn convert_sec1_to_pkcs8( + scheme: SignatureScheme, + sigalg: &'static signature::EcdsaSigningAlgorithm, + maybe_sec1_der: &[u8], + ) -> Result { + let pkcs8_prefix = match scheme { + SignatureScheme::ECDSA_NISTP256_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256, + SignatureScheme::ECDSA_NISTP384_SHA384 => &PKCS8_PREFIX_ECDSA_NISTP384, + _ => unreachable!(), // all callers are in this file + }; + + let sec1_wrap = asn1_wrap(der::Tag::OctetString as u8, maybe_sec1_der); + + let mut pkcs8_inner = Vec::with_capacity(pkcs8_prefix.len() + sec1_wrap.len()); + pkcs8_inner.extend_from_slice(pkcs8_prefix); + pkcs8_inner.extend_from_slice(&sec1_wrap); + + EcdsaKeyPair::from_pkcs8(sigalg, &wrap_in_sequence(&pkcs8_inner)).map_err(|_| ()) + } +} + +// This is (line-by-line): +// - INTEGER Version = 0 +// - SEQUENCE (privateKeyAlgorithm) +// - id-ecPublicKey OID +// - prime256v1 OID +const PKCS8_PREFIX_ECDSA_NISTP256: &[u8] = b"\x02\x01\x00\ + \x30\x13\ + \x06\x07\x2a\x86\x48\xce\x3d\x02\x01\ + \x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"; + +// This is (line-by-line): +// - INTEGER Version = 0 +// - SEQUENCE (privateKeyAlgorithm) +// - id-ecPublicKey OID +// - secp384r1 OID +const PKCS8_PREFIX_ECDSA_NISTP384: &[u8] = b"\x02\x01\x00\ + \x30\x10\ + \x06\x07\x2a\x86\x48\xce\x3d\x02\x01\ + \x06\x05\x2b\x81\x04\x00\x22"; + +impl SigningKey for EcdsaSigningKey { + fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { + if offered.contains(&self.scheme) { + Some(Box::new(EcdsaSigner { + key: Arc::clone(&self.key), + scheme: self.scheme, + })) + } else { + None + } + } + + fn algorithm(&self) -> SignatureAlgorithm { + self.scheme.sign() + } +} + +impl Debug for EcdsaSigningKey { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("EcdsaSigningKey") + .field("algorithm", &self.algorithm()) + .finish() + } +} + +struct EcdsaSigner { + key: Arc, + scheme: SignatureScheme, +} + +impl Signer for EcdsaSigner { + fn sign(&self, message: &[u8]) -> Result, Error> { + let rng = super::ring_like::rand::SystemRandom::new(); + self.key + .sign(&rng, message) + .map_err(|_| Error::General("signing failed".into())) + .map(|sig| sig.as_ref().into()) + } + + fn scheme(&self) -> SignatureScheme { + self.scheme + } +} + +impl Debug for EcdsaSigner { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("EcdsaSigner") + .field("scheme", &self.scheme) + .finish() + } +} + +/// A SigningKey that uses exactly one TLS-level SignatureScheme +/// and one ring-level signature::SigningAlgorithm. +/// +/// Compare this to RsaSigningKey, which for a particular key is +/// willing to sign with several algorithms. This is quite poor +/// cryptography practice, but is necessary because a given RSA key +/// is expected to work in TLS1.2 (PKCS#1 signatures) and TLS1.3 +/// (PSS signatures) -- nobody is willing to obtain certificates for +/// different protocol versions. +/// +/// Currently this is only implemented for Ed25519 keys. +struct Ed25519SigningKey { + key: Arc, + scheme: SignatureScheme, +} + +impl Ed25519SigningKey { + /// Make a new `Ed25519SigningKey` from a DER encoding in PKCS#8 format, + /// expecting a key usable with precisely the given signature scheme. + fn new(der: &PrivatePkcs8KeyDer<'_>, scheme: SignatureScheme) -> Result { + match Ed25519KeyPair::from_pkcs8_maybe_unchecked(der.secret_pkcs8_der()) { + Ok(key_pair) => Ok(Self { + key: Arc::new(key_pair), + scheme, + }), + Err(e) => Err(Error::General(format!( + "failed to parse Ed25519 private key: {e}" + ))), + } + } +} + +impl SigningKey for Ed25519SigningKey { + fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { + if offered.contains(&self.scheme) { + Some(Box::new(Ed25519Signer { + key: Arc::clone(&self.key), + scheme: self.scheme, + })) + } else { + None + } + } + + fn algorithm(&self) -> SignatureAlgorithm { + self.scheme.sign() + } +} + +impl Debug for Ed25519SigningKey { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("Ed25519SigningKey") + .field("algorithm", &self.algorithm()) + .finish() + } +} + +struct Ed25519Signer { + key: Arc, + scheme: SignatureScheme, +} + +impl Signer for Ed25519Signer { + fn sign(&self, message: &[u8]) -> Result, Error> { + Ok(self.key.sign(message).as_ref().into()) + } + + fn scheme(&self) -> SignatureScheme { + self.scheme + } +} + +impl Debug for Ed25519Signer { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("Ed25519Signer") + .field("scheme", &self.scheme) + .finish() + } +} + +#[cfg(test)] +mod tests { + use super::*; + use alloc::format; + use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer}; + + #[test] + fn can_load_ecdsa_nistp256_pkcs8() { + let key = + PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/nistp256key.pkcs8.der")[..]); + assert!(any_eddsa_type(&key).is_err()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } + + #[test] + fn can_load_ecdsa_nistp256_sec1() { + let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( + &include_bytes!("../../testdata/nistp256key.der")[..], + )); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } + + #[test] + fn can_sign_ecdsa_nistp256() { + let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( + &include_bytes!("../../testdata/nistp256key.der")[..], + )); + + let k = any_supported_type(&key).unwrap(); + assert_eq!(format!("{:?}", k), "EcdsaSigningKey { algorithm: ECDSA }"); + assert_eq!(k.algorithm(), SignatureAlgorithm::ECDSA); + + assert!(k + .choose_scheme(&[SignatureScheme::RSA_PKCS1_SHA256]) + .is_none()); + assert!(k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP384_SHA384]) + .is_none()); + let s = k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP256_SHA256]) + .unwrap(); + assert_eq!( + format!("{:?}", s), + "EcdsaSigner { scheme: ECDSA_NISTP256_SHA256 }" + ); + assert_eq!(s.scheme(), SignatureScheme::ECDSA_NISTP256_SHA256); + // nb. signature is variable length and asn.1-encoded + assert!(s + .sign(b"hello") + .unwrap() + .starts_with(&[0x30])); + } + + #[test] + fn can_load_ecdsa_nistp384_pkcs8() { + let key = + PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/nistp384key.pkcs8.der")[..]); + assert!(any_eddsa_type(&key).is_err()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } + + #[test] + fn can_load_ecdsa_nistp384_sec1() { + let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( + &include_bytes!("../../testdata/nistp384key.der")[..], + )); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } + + #[test] + fn can_sign_ecdsa_nistp384() { + let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( + &include_bytes!("../../testdata/nistp384key.der")[..], + )); + + let k = any_supported_type(&key).unwrap(); + assert_eq!(format!("{:?}", k), "EcdsaSigningKey { algorithm: ECDSA }"); + assert_eq!(k.algorithm(), SignatureAlgorithm::ECDSA); + + assert!(k + .choose_scheme(&[SignatureScheme::RSA_PKCS1_SHA256]) + .is_none()); + assert!(k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP256_SHA256]) + .is_none()); + let s = k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP384_SHA384]) + .unwrap(); + assert_eq!( + format!("{:?}", s), + "EcdsaSigner { scheme: ECDSA_NISTP384_SHA384 }" + ); + assert_eq!(s.scheme(), SignatureScheme::ECDSA_NISTP384_SHA384); + // nb. signature is variable length and asn.1-encoded + assert!(s + .sign(b"hello") + .unwrap() + .starts_with(&[0x30])); + } + + #[test] + fn can_load_eddsa_pkcs8() { + let key = PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/eddsakey.der")[..]); + assert!(any_eddsa_type(&key).is_ok()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_err()); + } + + #[test] + fn can_sign_eddsa() { + let key = PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/eddsakey.der")[..]); + + let k = any_eddsa_type(&key).unwrap(); + assert_eq!( + format!("{:?}", k), + "Ed25519SigningKey { algorithm: ED25519 }" + ); + assert_eq!(k.algorithm(), SignatureAlgorithm::ED25519); + + assert!(k + .choose_scheme(&[SignatureScheme::RSA_PKCS1_SHA256]) + .is_none()); + assert!(k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP256_SHA256]) + .is_none()); + let s = k + .choose_scheme(&[SignatureScheme::ED25519]) + .unwrap(); + assert_eq!(format!("{:?}", s), "Ed25519Signer { scheme: ED25519 }"); + assert_eq!(s.scheme(), SignatureScheme::ED25519); + assert_eq!(s.sign(b"hello").unwrap().len(), 64); + } + + #[test] + fn can_load_rsa2048_pkcs8() { + let key = + PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/rsa2048key.pkcs8.der")[..]); + assert!(any_eddsa_type(&key).is_err()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_err()); + } + + #[test] + fn can_load_rsa2048_pkcs1() { + let key = PrivateKeyDer::Pkcs1(PrivatePkcs1KeyDer::from( + &include_bytes!("../../testdata/rsa2048key.pkcs1.der")[..], + )); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_err()); + } + + #[test] + fn can_sign_rsa2048() { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/rsa2048key.pkcs8.der")[..], + )); + + let k = any_supported_type(&key).unwrap(); + assert_eq!(format!("{:?}", k), "RsaSigningKey { algorithm: RSA }"); + assert_eq!(k.algorithm(), SignatureAlgorithm::RSA); + + assert!(k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP256_SHA256]) + .is_none()); + assert!(k + .choose_scheme(&[SignatureScheme::ED25519]) + .is_none()); + + let s = k + .choose_scheme(&[SignatureScheme::RSA_PSS_SHA256]) + .unwrap(); + assert_eq!(format!("{:?}", s), "RsaSigner { scheme: RSA_PSS_SHA256 }"); + assert_eq!(s.scheme(), SignatureScheme::RSA_PSS_SHA256); + assert_eq!(s.sign(b"hello").unwrap().len(), 256); + + for scheme in &[ + SignatureScheme::RSA_PKCS1_SHA256, + SignatureScheme::RSA_PKCS1_SHA384, + SignatureScheme::RSA_PKCS1_SHA512, + SignatureScheme::RSA_PSS_SHA256, + SignatureScheme::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA512, + ] { + k.choose_scheme(&[*scheme]).unwrap(); + } + } + + #[test] + fn cannot_load_invalid_pkcs8_encoding() { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from(&b"invalid"[..])); + assert_eq!( + any_supported_type(&key).err(), + Some(Error::General( + "failed to parse private key as RSA, ECDSA, or EdDSA".into() + )) + ); + assert_eq!( + any_ecdsa_type(&key).err(), + Some(Error::General( + "failed to parse ECDSA private key as PKCS#8 or SEC1".into() + )) + ); + assert_eq!( + RsaSigningKey::new(&key).err(), + Some(Error::General( + "failed to parse RSA private key: InvalidEncoding".into() + )) + ); + } +} + +#[cfg(bench)] +mod benchmarks { + use super::{PrivateKeyDer, PrivatePkcs8KeyDer, SignatureScheme}; + + #[bench] + fn bench_rsa2048_pkcs1_sha256(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/rsa2048key.pkcs8.der")[..], + )); + let sk = super::any_supported_type(&key).unwrap(); + let signer = sk + .choose_scheme(&[SignatureScheme::RSA_PKCS1_SHA256]) + .unwrap(); + + b.iter(|| { + test::black_box( + signer + .sign(SAMPLE_TLS13_MESSAGE) + .unwrap(), + ); + }); + } + + #[bench] + fn bench_rsa2048_pss_sha256(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/rsa2048key.pkcs8.der")[..], + )); + let sk = super::any_supported_type(&key).unwrap(); + let signer = sk + .choose_scheme(&[SignatureScheme::RSA_PSS_SHA256]) + .unwrap(); + + b.iter(|| { + test::black_box( + signer + .sign(SAMPLE_TLS13_MESSAGE) + .unwrap(), + ); + }); + } + + #[bench] + fn bench_eddsa(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/eddsakey.der")[..], + )); + let sk = super::any_supported_type(&key).unwrap(); + let signer = sk + .choose_scheme(&[SignatureScheme::ED25519]) + .unwrap(); + + b.iter(|| { + test::black_box( + signer + .sign(SAMPLE_TLS13_MESSAGE) + .unwrap(), + ); + }); + } + + #[bench] + fn bench_ecdsa_p256_sha256(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/nistp256key.pkcs8.der")[..], + )); + let sk = super::any_supported_type(&key).unwrap(); + let signer = sk + .choose_scheme(&[SignatureScheme::ECDSA_NISTP256_SHA256]) + .unwrap(); + + b.iter(|| { + test::black_box( + signer + .sign(SAMPLE_TLS13_MESSAGE) + .unwrap(), + ); + }); + } + + #[bench] + fn bench_ecdsa_p384_sha384(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/nistp384key.pkcs8.der")[..], + )); + let sk = super::any_supported_type(&key).unwrap(); + let signer = sk + .choose_scheme(&[SignatureScheme::ECDSA_NISTP384_SHA384]) + .unwrap(); + + b.iter(|| { + test::black_box( + signer + .sign(SAMPLE_TLS13_MESSAGE) + .unwrap(), + ); + }); + } + + #[bench] + fn bench_load_and_validate_rsa2048(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/rsa2048key.pkcs8.der")[..], + )); + + b.iter(|| { + test::black_box(super::any_supported_type(&key).unwrap()); + }); + } + + #[bench] + fn bench_load_and_validate_rsa4096(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/rsa4096key.pkcs8.der")[..], + )); + + b.iter(|| { + test::black_box(super::any_supported_type(&key).unwrap()); + }); + } + + #[bench] + fn bench_load_and_validate_p256(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/nistp256key.pkcs8.der")[..], + )); + + b.iter(|| { + test::black_box(super::any_ecdsa_type(&key).unwrap()); + }); + } + + #[bench] + fn bench_load_and_validate_p384(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/nistp384key.pkcs8.der")[..], + )); + + b.iter(|| { + test::black_box(super::any_ecdsa_type(&key).unwrap()); + }); + } + + #[bench] + fn bench_load_and_validate_eddsa(b: &mut test::Bencher) { + let key = PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/eddsakey.der")[..]); + + b.iter(|| { + test::black_box(super::any_eddsa_type(&key).unwrap()); + }); + } + + const SAMPLE_TLS13_MESSAGE: &[u8] = &[ + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e, 0x33, 0x2c, 0x20, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x00, 0x04, 0xca, 0xc4, 0x48, 0x0e, 0x70, 0xf2, + 0x1b, 0xa9, 0x1c, 0x16, 0xca, 0x90, 0x48, 0xbe, 0x28, 0x2f, 0xc7, 0xf8, 0x9b, 0x87, 0x72, + 0x93, 0xda, 0x4d, 0x2f, 0x80, 0x80, 0x60, 0x1a, 0xd3, 0x08, 0xe2, 0xb7, 0x86, 0x14, 0x1b, + 0x54, 0xda, 0x9a, 0xc9, 0x6d, 0xe9, 0x66, 0xb4, 0x9f, 0xe2, 0x2c, + ]; +} diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 324b407ed5..b6f7457280 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -188,16 +188,4 @@ mod ring_shim { }) .map_err(|_| ()) } - - pub(super) fn rsa_key_pair_public_modulus_len(kp: &ring_like::signature::RsaKeyPair) -> usize { - kp.public().modulus_len() - } - - pub(super) fn ecdsa_key_pair_from_pkcs8( - alg: &'static ring_like::signature::EcdsaSigningAlgorithm, - data: &[u8], - rng: &dyn ring_like::rand::SecureRandom, - ) -> Result { - ring_like::signature::EcdsaKeyPair::from_pkcs8(alg, data, rng).map_err(|_| ()) - } } diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index 0fa48f81da..2506dfe0f9 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -165,7 +165,7 @@ impl RsaSigner { impl Signer for RsaSigner { fn sign(&self, message: &[u8]) -> Result, Error> { - let mut sig = vec![0; super::ring_shim::rsa_key_pair_public_modulus_len(&self.key)]; + let mut sig = vec![0; self.key.public().modulus_len()]; let rng = SystemRandom::new(); self.key @@ -218,7 +218,7 @@ impl EcdsaSigningKey { Self::convert_sec1_to_pkcs8(scheme, sigalg, sec1.secret_sec1_der(), &rng)? } PrivateKeyDer::Pkcs8(pkcs8) => { - super::ring_shim::ecdsa_key_pair_from_pkcs8(sigalg, pkcs8.secret_pkcs8_der(), &rng)? + EcdsaKeyPair::from_pkcs8(sigalg, pkcs8.secret_pkcs8_der(), &rng).map_err(|_| ())? } _ => return Err(()), }; @@ -250,7 +250,7 @@ impl EcdsaSigningKey { pkcs8_inner.extend_from_slice(pkcs8_prefix); pkcs8_inner.extend_from_slice(&sec1_wrap); - super::ring_shim::ecdsa_key_pair_from_pkcs8(sigalg, &wrap_in_sequence(&pkcs8_inner), rng) + EcdsaKeyPair::from_pkcs8(sigalg, &wrap_in_sequence(&pkcs8_inner), rng).map_err(|_| ()) } } From 62779dfb5ec5822a4de9e1445e1363d766079aab Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 21 Dec 2023 16:45:58 +0000 Subject: [PATCH 0577/1145] aws_lc_rs::sign: note route to remove SEC1 hack --- rustls/src/crypto/aws_lc_rs/sign.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rustls/src/crypto/aws_lc_rs/sign.rs b/rustls/src/crypto/aws_lc_rs/sign.rs index 73b3260b69..73c4d51b55 100644 --- a/rustls/src/crypto/aws_lc_rs/sign.rs +++ b/rustls/src/crypto/aws_lc_rs/sign.rs @@ -214,6 +214,8 @@ impl EcdsaSigningKey { ) -> Result { let key_pair = match der { PrivateKeyDer::Sec1(sec1) => { + // TODO: once https://github.com/aws/aws-lc-rs/pull/259 is released, we + // can delete `convert_sec1_to_pkcs8` and use `EcdsaKeyPair::from_private_key_der` Self::convert_sec1_to_pkcs8(scheme, sigalg, sec1.secret_sec1_der())? } PrivateKeyDer::Pkcs8(pkcs8) => { From 2ed985853b90c39ea1b677265efdfdf94c3236b7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 21 Dec 2023 17:06:47 +0000 Subject: [PATCH 0578/1145] aws_lc_rs::sign: add support for NISTP521 ECDSA keys --- rustls/src/crypto/aws_lc_rs/sign.rs | 102 ++++++++++++++++++++++ rustls/src/testdata/nistp521key.der | Bin 0 -> 223 bytes rustls/src/testdata/nistp521key.pkcs8.der | Bin 0 -> 241 bytes 3 files changed, 102 insertions(+) create mode 100644 rustls/src/testdata/nistp521key.der create mode 100644 rustls/src/testdata/nistp521key.pkcs8.der diff --git a/rustls/src/crypto/aws_lc_rs/sign.rs b/rustls/src/crypto/aws_lc_rs/sign.rs index 73c4d51b55..93c3e3128b 100644 --- a/rustls/src/crypto/aws_lc_rs/sign.rs +++ b/rustls/src/crypto/aws_lc_rs/sign.rs @@ -61,6 +61,14 @@ pub fn any_ecdsa_type(der: &PrivateKeyDer<'_>) -> Result, Er return Ok(Arc::new(ecdsa_p384)); } + if let Ok(ecdsa_p521) = EcdsaSigningKey::new( + der, + SignatureScheme::ECDSA_NISTP521_SHA512, + &signature::ECDSA_P521_SHA512_ASN1_SIGNING, + ) { + return Ok(Arc::new(ecdsa_p521)); + } + Err(Error::General( "failed to parse ECDSA private key as PKCS#8 or SEC1".into(), )) @@ -241,6 +249,7 @@ impl EcdsaSigningKey { let pkcs8_prefix = match scheme { SignatureScheme::ECDSA_NISTP256_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256, SignatureScheme::ECDSA_NISTP384_SHA384 => &PKCS8_PREFIX_ECDSA_NISTP384, + SignatureScheme::ECDSA_NISTP521_SHA512 => &PKCS8_PREFIX_ECDSA_NISTP521, _ => unreachable!(), // all callers are in this file }; @@ -274,6 +283,16 @@ const PKCS8_PREFIX_ECDSA_NISTP384: &[u8] = b"\x02\x01\x00\ \x06\x07\x2a\x86\x48\xce\x3d\x02\x01\ \x06\x05\x2b\x81\x04\x00\x22"; +// This is (line-by-line): +// - INTEGER Version = 0 +// - SEQUENCE (privateKeyAlgorithm) +// - id-ecPublicKey OID +// - secp521r1 OID +const PKCS8_PREFIX_ECDSA_NISTP521: &[u8] = b"\x02\x01\x00\ + \x30\x10\ + \x06\x07\x2a\x86\x48\xce\x3d\x02\x01\ + \x06\x05\x2b\x81\x04\x00\x23"; + impl SigningKey for EcdsaSigningKey { fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { if offered.contains(&self.scheme) { @@ -512,6 +531,59 @@ mod tests { .starts_with(&[0x30])); } + #[test] + fn can_load_ecdsa_nistp521_pkcs8() { + let key = + PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/nistp521key.pkcs8.der")[..]); + assert!(any_eddsa_type(&key).is_err()); + let key = PrivateKeyDer::Pkcs8(key); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } + + #[test] + fn can_load_ecdsa_nistp521_sec1() { + let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( + &include_bytes!("../../testdata/nistp521key.der")[..], + )); + assert!(any_supported_type(&key).is_ok()); + assert!(any_ecdsa_type(&key).is_ok()); + } + + #[test] + fn can_sign_ecdsa_nistp521() { + let key = PrivateKeyDer::Sec1(PrivateSec1KeyDer::from( + &include_bytes!("../../testdata/nistp521key.der")[..], + )); + + let k = any_supported_type(&key).unwrap(); + assert_eq!(format!("{:?}", k), "EcdsaSigningKey { algorithm: ECDSA }"); + assert_eq!(k.algorithm(), SignatureAlgorithm::ECDSA); + + assert!(k + .choose_scheme(&[SignatureScheme::RSA_PKCS1_SHA256]) + .is_none()); + assert!(k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP256_SHA256]) + .is_none()); + assert!(k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP384_SHA384]) + .is_none()); + let s = k + .choose_scheme(&[SignatureScheme::ECDSA_NISTP521_SHA512]) + .unwrap(); + assert_eq!( + format!("{:?}", s), + "EcdsaSigner { scheme: ECDSA_NISTP521_SHA512 }" + ); + assert_eq!(s.scheme(), SignatureScheme::ECDSA_NISTP521_SHA512); + // nb. signature is variable length and asn.1-encoded + assert!(s + .sign(b"hello") + .unwrap() + .starts_with(&[0x30])); + } + #[test] fn can_load_eddsa_pkcs8() { let key = PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/eddsakey.der")[..]); @@ -724,6 +796,25 @@ mod benchmarks { }); } + #[bench] + fn bench_ecdsa_p521_sha512(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/nistp521key.pkcs8.der")[..], + )); + let sk = super::any_supported_type(&key).unwrap(); + let signer = sk + .choose_scheme(&[SignatureScheme::ECDSA_NISTP521_SHA512]) + .unwrap(); + + b.iter(|| { + test::black_box( + signer + .sign(SAMPLE_TLS13_MESSAGE) + .unwrap(), + ); + }); + } + #[bench] fn bench_load_and_validate_rsa2048(b: &mut test::Bencher) { let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( @@ -768,6 +859,17 @@ mod benchmarks { }); } + #[bench] + fn bench_load_and_validate_p521(b: &mut test::Bencher) { + let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from( + &include_bytes!("../../testdata/nistp521key.pkcs8.der")[..], + )); + + b.iter(|| { + test::black_box(super::any_ecdsa_type(&key).unwrap()); + }); + } + #[bench] fn bench_load_and_validate_eddsa(b: &mut test::Bencher) { let key = PrivatePkcs8KeyDer::from(&include_bytes!("../../testdata/eddsakey.der")[..]); diff --git a/rustls/src/testdata/nistp521key.der b/rustls/src/testdata/nistp521key.der new file mode 100644 index 0000000000000000000000000000000000000000..98700ee10c64ee916c20ed9da0e310c0f1af3ac9 GIT binary patch literal 223 zcmV<503iP`f!qQC0R%z-cR^?YJW)9s&KAI1T3+5gbAnM2Z?#*38im(;&TbR3Wkb=i z?N$fZ-CTHqLT?*N@sLAHcthOIdBbIsb0J?eJ)j2$1uKCB03)G+i35R#00aQj*iXS# z`DgZ{0Bk|RCurY1{S7THD07+_frd?ea`-DLncAw7PsKjrHWv|B;+F$UX6!3VGmE+w z*~K84RGQ2v05!g$Sq40v$3}v1{$v%}{1824_WWWFb literal 0 HcmV?d00001 diff --git a/rustls/src/testdata/nistp521key.pkcs8.der b/rustls/src/testdata/nistp521key.pkcs8.der new file mode 100644 index 0000000000000000000000000000000000000000..1623c3746b8e5bab75e55e353907291f2dae5b53 GIT binary patch literal 241 zcmV97}wOfK3h1Yw|ZWFR)L(#GARtMMJTzG*(ZyQSSkV8v&L)^}J!)23m zAzw5-p@E45frbDC0Mpn{!BzQZ_M-r7LBc0!-#q;dEiNc?ni+wHO?`6sD=C@Us*+E| zKH)YO5m(}u150M?D@!wrx)#~RAemH}%qRdh@tT@{C_mC-ut572I{C-SuUJb>p|kTN r?{`$( Date: Thu, 21 Dec 2023 16:00:42 +0000 Subject: [PATCH 0579/1145] Split test-ca ecdsa by curve; add p521 This goes from being a single set of keys for ECDSA (with a purposeful mix of curves) to a set of keys per curve. That means we can avoid P521 chains in tests when it is not supported. In those tests, reflect this as additional `KeyType` variants. --- ci-bench/src/main.rs | 4 +- ci-bench/src/util.rs | 4 +- connect-tests/tests/common/mod.rs | 161 +----------------- rustls/examples/internal/bench_impl.rs | 14 +- rustls/src/webpki/client_verifier.rs | 4 +- rustls/src/webpki/server_verifier.rs | 4 +- rustls/tests/api.rs | 52 ++++-- rustls/tests/common/mod.rs | 97 ++++++++--- rustls/tests/server_cert_verifier.rs | 1 + test-ca/build-a-pki.sh | 137 +++++++++------ test-ca/ecdsa-p256/ca.cert | 11 ++ test-ca/ecdsa-p256/ca.der | Bin 0 -> 411 bytes test-ca/ecdsa-p256/ca.key | 5 + test-ca/ecdsa-p256/client.cert | 13 ++ test-ca/ecdsa-p256/client.chain | 23 +++ test-ca/ecdsa-p256/client.fullchain | 36 ++++ test-ca/ecdsa-p256/client.key | 5 + test-ca/ecdsa-p256/client.req | 7 + test-ca/ecdsa-p256/client.revoked.crl.pem | 8 + .../nistp256.pem => ecdsa-p256/curve.pem} | 0 test-ca/ecdsa-p256/end.cert | 14 ++ test-ca/ecdsa-p256/end.chain | 23 +++ test-ca/ecdsa-p256/end.fullchain | 37 ++++ test-ca/ecdsa-p256/end.key | 5 + test-ca/ecdsa-p256/end.req | 7 + test-ca/ecdsa-p256/end.revoked.crl.pem | 8 + test-ca/ecdsa-p256/inter.cert | 12 ++ test-ca/ecdsa-p256/inter.key | 5 + test-ca/ecdsa-p256/inter.req | 7 + test-ca/ecdsa-p256/inter.revoked.crl.pem | 8 + test-ca/ecdsa-p384/ca.cert | 12 ++ test-ca/ecdsa-p384/ca.der | Bin 0 -> 472 bytes test-ca/ecdsa-p384/ca.key | 6 + test-ca/ecdsa-p384/client.cert | 14 ++ test-ca/ecdsa-p384/client.chain | 25 +++ test-ca/ecdsa-p384/client.fullchain | 39 +++++ test-ca/ecdsa-p384/client.key | 6 + test-ca/ecdsa-p384/client.req | 8 + test-ca/ecdsa-p384/client.revoked.crl.pem | 9 + .../nistp384.pem => ecdsa-p384/curve.pem} | 0 test-ca/ecdsa-p384/end.cert | 15 ++ test-ca/ecdsa-p384/end.chain | 25 +++ test-ca/ecdsa-p384/end.fullchain | 40 +++++ test-ca/ecdsa-p384/end.key | 6 + test-ca/ecdsa-p384/end.req | 8 + test-ca/ecdsa-p384/end.revoked.crl.pem | 9 + test-ca/ecdsa-p384/inter.cert | 13 ++ test-ca/ecdsa-p384/inter.key | 6 + test-ca/ecdsa-p384/inter.req | 9 + test-ca/ecdsa-p384/inter.revoked.crl.pem | 9 + test-ca/ecdsa-p521/ca.cert | 14 ++ test-ca/ecdsa-p521/ca.der | Bin 0 -> 546 bytes test-ca/ecdsa-p521/ca.key | 8 + test-ca/ecdsa-p521/client.cert | 15 ++ test-ca/ecdsa-p521/client.chain | 29 ++++ test-ca/ecdsa-p521/client.fullchain | 44 +++++ test-ca/ecdsa-p521/client.key | 8 + test-ca/ecdsa-p521/client.req | 10 ++ test-ca/ecdsa-p521/client.revoked.crl.pem | 10 ++ test-ca/ecdsa-p521/curve.pem | 3 + test-ca/ecdsa-p521/end.cert | 17 ++ test-ca/ecdsa-p521/end.chain | 29 ++++ test-ca/ecdsa-p521/end.fullchain | 46 +++++ test-ca/ecdsa-p521/end.key | 8 + test-ca/ecdsa-p521/end.req | 10 ++ test-ca/ecdsa-p521/end.revoked.crl.pem | 10 ++ test-ca/ecdsa-p521/inter.cert | 15 ++ test-ca/ecdsa-p521/inter.key | 8 + test-ca/ecdsa-p521/inter.req | 10 ++ test-ca/ecdsa-p521/inter.revoked.crl.pem | 9 + test-ca/ecdsa/ca.cert | 12 -- test-ca/ecdsa/ca.der | Bin 461 -> 0 bytes test-ca/ecdsa/ca.key | 6 - test-ca/ecdsa/client.cert | 13 -- test-ca/ecdsa/client.chain | 24 --- test-ca/ecdsa/client.fullchain | 37 ---- test-ca/ecdsa/client.key | 6 - test-ca/ecdsa/client.req | 8 - test-ca/ecdsa/client.revoked.crl.pem | 8 - test-ca/ecdsa/end.cert | 14 -- test-ca/ecdsa/end.chain | 24 --- test-ca/ecdsa/end.fullchain | 38 ----- test-ca/ecdsa/end.key | 5 - test-ca/ecdsa/end.req | 7 - test-ca/ecdsa/end.revoked.crl.pem | 8 - test-ca/ecdsa/inter.cert | 12 -- test-ca/ecdsa/inter.key | 5 - test-ca/ecdsa/inter.req | 7 - test-ca/ecdsa/inter.revoked.crl.pem | 8 - test-ca/eddsa/ca.cert | 14 +- test-ca/eddsa/ca.der | Bin 336 -> 336 bytes test-ca/eddsa/ca.key | 2 +- test-ca/eddsa/client.cert | 14 +- test-ca/eddsa/client.chain | 26 +-- test-ca/eddsa/client.fullchain | 40 ++--- test-ca/eddsa/client.key | 2 +- test-ca/eddsa/client.req | 6 +- test-ca/eddsa/client.revoked.crl.pem | 10 +- test-ca/eddsa/end.cert | 14 +- test-ca/eddsa/end.chain | 26 +-- test-ca/eddsa/end.fullchain | 40 ++--- test-ca/eddsa/end.key | 2 +- test-ca/eddsa/end.req | 8 +- test-ca/eddsa/end.revoked.crl.pem | 10 +- test-ca/eddsa/inter.cert | 12 +- test-ca/eddsa/inter.key | 2 +- test-ca/eddsa/inter.req | 6 +- test-ca/eddsa/inter.revoked.crl.pem | 8 +- test-ca/rsa/ca.cert | 56 +++--- test-ca/rsa/ca.der | Bin 1305 -> 1305 bytes test-ca/rsa/ca.key | 100 +++++------ test-ca/rsa/client.cert | 38 ++--- test-ca/rsa/client.chain | 104 +++++------ test-ca/rsa/client.fullchain | 142 +++++++-------- test-ca/rsa/client.key | 52 +++--- test-ca/rsa/client.req | 24 +-- test-ca/rsa/client.revoked.crl.pem | 24 +-- test-ca/rsa/client.rsa | 52 +++--- test-ca/rsa/end.cert | 38 ++--- test-ca/rsa/end.chain | 104 +++++------ test-ca/rsa/end.fullchain | 142 +++++++-------- test-ca/rsa/end.key | 52 +++--- test-ca/rsa/end.req | 24 +-- test-ca/rsa/end.revoked.crl.pem | 24 +-- test-ca/rsa/end.rsa | 52 +++--- test-ca/rsa/inter.cert | 48 +++--- test-ca/rsa/inter.key | 76 ++++----- test-ca/rsa/inter.req | 36 ++-- test-ca/rsa/inter.revoked.crl.pem | 28 +-- 129 files changed, 1735 insertions(+), 1239 deletions(-) create mode 100644 test-ca/ecdsa-p256/ca.cert create mode 100644 test-ca/ecdsa-p256/ca.der create mode 100644 test-ca/ecdsa-p256/ca.key create mode 100644 test-ca/ecdsa-p256/client.cert create mode 100644 test-ca/ecdsa-p256/client.chain create mode 100644 test-ca/ecdsa-p256/client.fullchain create mode 100644 test-ca/ecdsa-p256/client.key create mode 100644 test-ca/ecdsa-p256/client.req create mode 100644 test-ca/ecdsa-p256/client.revoked.crl.pem rename test-ca/{ecdsa/nistp256.pem => ecdsa-p256/curve.pem} (100%) create mode 100644 test-ca/ecdsa-p256/end.cert create mode 100644 test-ca/ecdsa-p256/end.chain create mode 100644 test-ca/ecdsa-p256/end.fullchain create mode 100644 test-ca/ecdsa-p256/end.key create mode 100644 test-ca/ecdsa-p256/end.req create mode 100644 test-ca/ecdsa-p256/end.revoked.crl.pem create mode 100644 test-ca/ecdsa-p256/inter.cert create mode 100644 test-ca/ecdsa-p256/inter.key create mode 100644 test-ca/ecdsa-p256/inter.req create mode 100644 test-ca/ecdsa-p256/inter.revoked.crl.pem create mode 100644 test-ca/ecdsa-p384/ca.cert create mode 100644 test-ca/ecdsa-p384/ca.der create mode 100644 test-ca/ecdsa-p384/ca.key create mode 100644 test-ca/ecdsa-p384/client.cert create mode 100644 test-ca/ecdsa-p384/client.chain create mode 100644 test-ca/ecdsa-p384/client.fullchain create mode 100644 test-ca/ecdsa-p384/client.key create mode 100644 test-ca/ecdsa-p384/client.req create mode 100644 test-ca/ecdsa-p384/client.revoked.crl.pem rename test-ca/{ecdsa/nistp384.pem => ecdsa-p384/curve.pem} (100%) create mode 100644 test-ca/ecdsa-p384/end.cert create mode 100644 test-ca/ecdsa-p384/end.chain create mode 100644 test-ca/ecdsa-p384/end.fullchain create mode 100644 test-ca/ecdsa-p384/end.key create mode 100644 test-ca/ecdsa-p384/end.req create mode 100644 test-ca/ecdsa-p384/end.revoked.crl.pem create mode 100644 test-ca/ecdsa-p384/inter.cert create mode 100644 test-ca/ecdsa-p384/inter.key create mode 100644 test-ca/ecdsa-p384/inter.req create mode 100644 test-ca/ecdsa-p384/inter.revoked.crl.pem create mode 100644 test-ca/ecdsa-p521/ca.cert create mode 100644 test-ca/ecdsa-p521/ca.der create mode 100644 test-ca/ecdsa-p521/ca.key create mode 100644 test-ca/ecdsa-p521/client.cert create mode 100644 test-ca/ecdsa-p521/client.chain create mode 100644 test-ca/ecdsa-p521/client.fullchain create mode 100644 test-ca/ecdsa-p521/client.key create mode 100644 test-ca/ecdsa-p521/client.req create mode 100644 test-ca/ecdsa-p521/client.revoked.crl.pem create mode 100644 test-ca/ecdsa-p521/curve.pem create mode 100644 test-ca/ecdsa-p521/end.cert create mode 100644 test-ca/ecdsa-p521/end.chain create mode 100644 test-ca/ecdsa-p521/end.fullchain create mode 100644 test-ca/ecdsa-p521/end.key create mode 100644 test-ca/ecdsa-p521/end.req create mode 100644 test-ca/ecdsa-p521/end.revoked.crl.pem create mode 100644 test-ca/ecdsa-p521/inter.cert create mode 100644 test-ca/ecdsa-p521/inter.key create mode 100644 test-ca/ecdsa-p521/inter.req create mode 100644 test-ca/ecdsa-p521/inter.revoked.crl.pem delete mode 100644 test-ca/ecdsa/ca.cert delete mode 100644 test-ca/ecdsa/ca.der delete mode 100644 test-ca/ecdsa/ca.key delete mode 100644 test-ca/ecdsa/client.cert delete mode 100644 test-ca/ecdsa/client.chain delete mode 100644 test-ca/ecdsa/client.fullchain delete mode 100644 test-ca/ecdsa/client.key delete mode 100644 test-ca/ecdsa/client.req delete mode 100644 test-ca/ecdsa/client.revoked.crl.pem delete mode 100644 test-ca/ecdsa/end.cert delete mode 100644 test-ca/ecdsa/end.chain delete mode 100644 test-ca/ecdsa/end.fullchain delete mode 100644 test-ca/ecdsa/end.key delete mode 100644 test-ca/ecdsa/end.req delete mode 100644 test-ca/ecdsa/end.revoked.crl.pem delete mode 100644 test-ca/ecdsa/inter.cert delete mode 100644 test-ca/ecdsa/inter.key delete mode 100644 test-ca/ecdsa/inter.req delete mode 100644 test-ca/ecdsa/inter.revoked.crl.pem diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 661b7a125c..97fbbfca56 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -323,7 +323,7 @@ fn all_benchmarks_params() -> Vec { "1.3_rsa_aes", ), ( - KeyType::Ecdsa, + KeyType::EcdsaP256, CipherSuite::TLS13_AES_128_GCM_SHA256, &rustls::version::TLS13, "1.3_ecdsa_aes", @@ -335,7 +335,7 @@ fn all_benchmarks_params() -> Vec { "1.3_rsa_chacha", ), ( - KeyType::Ecdsa, + KeyType::EcdsaP256, CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, &rustls::version::TLS13, "1.3_ecdsa_chacha", diff --git a/ci-bench/src/util.rs b/ci-bench/src/util.rs index ed78076b2e..47c5802016 100644 --- a/ci-bench/src/util.rs +++ b/ci-bench/src/util.rs @@ -5,14 +5,14 @@ use rustls::pki_types::{CertificateDer, PrivateKeyDer}; #[derive(PartialEq, Clone, Copy, Debug)] pub enum KeyType { Rsa, - Ecdsa, + EcdsaP256, } impl KeyType { pub(crate) fn path_for(&self, part: &str) -> String { match self { Self::Rsa => format!("../test-ca/rsa/{}", part), - Self::Ecdsa => format!("../test-ca/ecdsa/{}", part), + Self::EcdsaP256 => format!("../test-ca/ecdsa-p256/{}", part), } } diff --git a/connect-tests/tests/common/mod.rs b/connect-tests/tests/common/mod.rs index 3e77cb2f4e..8942622c93 100644 --- a/connect-tests/tests/common/mod.rs +++ b/connect-tests/tests/common/mod.rs @@ -1,166 +1,7 @@ -use std::env; -use std::net; - -use std::fs::{self, File}; -use std::io::Write; use std::path::{Path, PathBuf}; use std::process; -use std::str; -use std::thread; -use std::time; - -use self::regex::Regex; -use regex; - -use ring::rand::SecureRandom; - -pub struct DeleteFilesOnDrop { - path: PathBuf, -} - -impl DeleteFilesOnDrop { - pub fn path(&self) -> &PathBuf { - &self.path - } -} -impl Drop for DeleteFilesOnDrop { - fn drop(&mut self) { - fs::remove_dir_all(&self.path).unwrap(); - } -} - -macro_rules! embed_files { - ( - $( - ($name:ident, $keytype:expr, $path:expr); - )+ - ) => { - $( - const $name: &'static [u8] = include_bytes!( - concat!("../../../test-ca/", $keytype, "/", $path)); - )+ - - pub fn bytes_for(keytype: &str, path: &str) -> &'static [u8] { - match (keytype, path) { - $( - ($keytype, $path) => $name, - )+ - _ => panic!("unknown keytype {} with path {}", keytype, path), - } - } - - pub fn new_test_ca() -> DeleteFilesOnDrop { - let mut rand = [0u8; 4]; - ring::rand::SystemRandom::new() - .fill(&mut rand) - .unwrap(); - - let dir = env::temp_dir() - .join(format!("rustls-{:02x}{:02x}{:02x}{:02x}", - rand[0], rand[1], rand[2], rand[3])); - let deleter = DeleteFilesOnDrop { - path: dir, - }; - - fs::create_dir(&deleter.path).unwrap(); - fs::create_dir(deleter.path.join("ecdsa")).unwrap(); - fs::create_dir(deleter.path.join("eddsa")).unwrap(); - fs::create_dir(deleter.path.join("rsa")).unwrap(); - - $( - let filename = deleter.path.join($keytype).join($path); - let mut f = File::create(&filename).unwrap(); - f.write_all($name).unwrap(); - )+ - - deleter - } - } -} - -embed_files! { - (ECDSA_CA_CERT, "ecdsa", "ca.cert"); - (ECDSA_CA_DER, "ecdsa", "ca.der"); - (ECDSA_CA_KEY, "ecdsa", "ca.key"); - (ECDSA_CLIENT_CERT, "ecdsa", "client.cert"); - (ECDSA_CLIENT_CHAIN, "ecdsa", "client.chain"); - (ECDSA_CLIENT_FULLCHAIN, "ecdsa", "client.fullchain"); - (ECDSA_CLIENT_KEY, "ecdsa", "client.key"); - (ECDSA_CLIENT_REQ, "ecdsa", "client.req"); - (ECDSA_END_CERT, "ecdsa", "end.cert"); - (ECDSA_END_CHAIN, "ecdsa", "end.chain"); - (ECDSA_END_FULLCHAIN, "ecdsa", "end.fullchain"); - (ECDSA_END_KEY, "ecdsa", "end.key"); - (ECDSA_END_REQ, "ecdsa", "end.req"); - (ECDSA_INTER_CERT, "ecdsa", "inter.cert"); - (ECDSA_INTER_KEY, "ecdsa", "inter.key"); - (ECDSA_INTER_REQ, "ecdsa", "inter.req"); - (ECDSA_NISTP256_PEM, "ecdsa", "nistp256.pem"); - (ECDSA_NISTP384_PEM, "ecdsa", "nistp384.pem"); - - (EDDSA_CA_CERT, "eddsa", "ca.cert"); - (EDDSA_CA_DER, "eddsa", "ca.der"); - (EDDSA_CA_KEY, "eddsa", "ca.key"); - (EDDSA_CLIENT_CERT, "eddsa", "client.cert"); - (EDDSA_CLIENT_CHAIN, "eddsa", "client.chain"); - (EDDSA_CLIENT_FULLCHAIN, "eddsa", "client.fullchain"); - (EDDSA_CLIENT_KEY, "eddsa", "client.key"); - (EDDSA_CLIENT_REQ, "eddsa", "client.req"); - (EDDSA_END_CERT, "eddsa", "end.cert"); - (EDDSA_END_CHAIN, "eddsa", "end.chain"); - (EDDSA_END_FULLCHAIN, "eddsa", "end.fullchain"); - (EDDSA_END_KEY, "eddsa", "end.key"); - (EDDSA_END_REQ, "eddsa", "end.req"); - (EDDSA_INTER_CERT, "eddsa", "inter.cert"); - (EDDSA_INTER_KEY, "eddsa", "inter.key"); - (EDDSA_INTER_REQ, "eddsa", "inter.req"); - - (RSA_CA_CERT, "rsa", "ca.cert"); - (RSA_CA_DER, "rsa", "ca.der"); - (RSA_CA_KEY, "rsa", "ca.key"); - (RSA_CLIENT_CERT, "rsa", "client.cert"); - (RSA_CLIENT_CHAIN, "rsa", "client.chain"); - (RSA_CLIENT_FULLCHAIN, "rsa", "client.fullchain"); - (RSA_CLIENT_KEY, "rsa", "client.key"); - (RSA_CLIENT_REQ, "rsa", "client.req"); - (RSA_CLIENT_RSA, "rsa", "client.rsa"); - (RSA_END_CERT, "rsa", "end.cert"); - (RSA_END_CHAIN, "rsa", "end.chain"); - (RSA_END_FULLCHAIN, "rsa", "end.fullchain"); - (RSA_END_KEY, "rsa", "end.key"); - (RSA_END_REQ, "rsa", "end.req"); - (RSA_END_RSA, "rsa", "end.rsa"); - (RSA_INTER_CERT, "rsa", "inter.cert"); - (RSA_INTER_KEY, "rsa", "inter.key"); - (RSA_INTER_REQ, "rsa", "inter.req"); -} - -// Wait until we can connect to localhost:port. -fn wait_for_port(port: u16) -> Option<()> { - let mut count = 0; - loop { - thread::sleep(time::Duration::from_millis(500)); - if net::TcpStream::connect(("127.0.0.1", port)).is_ok() { - return Some(()); - } - count += 1; - if count == 10 { - return None; - } - } -} - -// Find an unused port -fn unused_port(mut port: u16) -> u16 { - loop { - if net::TcpStream::connect(("127.0.0.1", port)).is_err() { - return port; - } - - port += 1; - } -} +use regex::Regex; pub fn tlsserver_find() -> &'static str { "../target/debug/tlsserver-mio" diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index f0955e2a85..b6ec58f80b 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -147,7 +147,8 @@ impl ResumptionParam { #[derive(PartialEq, Clone, Copy, Debug)] enum KeyType { Rsa, - Ecdsa, + EcdsaP256, + EcdsaP384, Ed25519, } @@ -180,7 +181,7 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[ ), #[cfg(feature = "tls12")] BenchmarkParam::new( - KeyType::Ecdsa, + KeyType::EcdsaP256, cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, &rustls::version::TLS12, ), @@ -198,13 +199,13 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[ ), #[cfg(feature = "tls12")] BenchmarkParam::new( - KeyType::Ecdsa, + KeyType::EcdsaP256, cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, &rustls::version::TLS12, ), #[cfg(feature = "tls12")] BenchmarkParam::new( - KeyType::Ecdsa, + KeyType::EcdsaP384, cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, &rustls::version::TLS12, ), @@ -224,7 +225,7 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[ &rustls::version::TLS13, ), BenchmarkParam::new( - KeyType::Ecdsa, + KeyType::EcdsaP256, cipher_suite::TLS13_AES_128_GCM_SHA256, &rustls::version::TLS13, ), @@ -239,7 +240,8 @@ impl KeyType { fn path_for(&self, part: &str) -> String { match self { Self::Rsa => format!("test-ca/rsa/{}", part), - Self::Ecdsa => format!("test-ca/ecdsa/{}", part), + Self::EcdsaP256 => format!("test-ca/ecdsa-p256/{}", part), + Self::EcdsaP384 => format!("test-ca/ecdsa-p384/{}", part), Self::Ed25519 => format!("test-ca/eddsa/{}", part), } } diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 1264e598b5..87f0028040 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -429,7 +429,7 @@ mod tests { fn test_crls() -> Vec> { load_crls(&[ - include_bytes!("../../../test-ca/ecdsa/client.revoked.crl.pem").as_slice(), + include_bytes!("../../../test-ca/ecdsa-p256/client.revoked.crl.pem").as_slice(), include_bytes!("../../../test-ca/rsa/client.revoked.crl.pem").as_slice(), ]) } @@ -446,7 +446,7 @@ mod tests { fn test_roots() -> Arc { load_roots(&[ - include_bytes!("../../../test-ca/ecdsa/ca.der").as_slice(), + include_bytes!("../../../test-ca/ecdsa-p256/ca.der").as_slice(), include_bytes!("../../../test-ca/rsa/ca.der").as_slice(), ]) } diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index dd17531ab0..fb523e41d6 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -303,7 +303,7 @@ mod tests { fn test_crls() -> Vec> { load_crls(&[ - include_bytes!("../../../test-ca/ecdsa/client.revoked.crl.pem").as_slice(), + include_bytes!("../../../test-ca/ecdsa-p256/client.revoked.crl.pem").as_slice(), include_bytes!("../../../test-ca/rsa/client.revoked.crl.pem").as_slice(), ]) } @@ -320,7 +320,7 @@ mod tests { fn test_roots() -> Arc { load_roots(&[ - include_bytes!("../../../test-ca/ecdsa/ca.der").as_slice(), + include_bytes!("../../../test-ca/ecdsa-p256/ca.der").as_slice(), include_bytes!("../../../test-ca/rsa/ca.der").as_slice(), ]) } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index b5c90f3f2b..34d1d5b60c 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -977,7 +977,7 @@ fn server_cert_resolve_reduces_sigalgs_for_rsa_ciphersuite() { #[test] fn server_cert_resolve_reduces_sigalgs_for_ecdsa_ciphersuite() { check_sigalgs_reduced_by_ciphersuite( - KeyType::Ecdsa, + KeyType::EcdsaP256, CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, vec![ #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] @@ -1233,7 +1233,7 @@ fn client_check_server_certificate_helper_api() { let chain = kt.get_chain(); let correct_roots = get_client_root_store(*kt); let incorrect_roots = get_client_root_store(match kt { - KeyType::Rsa => KeyType::Ecdsa, + KeyType::Rsa => KeyType::EcdsaP256, _ => KeyType::Rsa, }); // Using the correct trust anchors, we should verify without error. @@ -1373,18 +1373,26 @@ fn client_cert_resolve_default() { // Test that in the default configuration that a client cert resolver gets the expected // CA subject hints, and supported signature algorithms. for key_type in ALL_KEY_TYPES.into_iter() { - let server_config = Arc::new(make_server_config_with_mandatory_client_auth(key_type)); + let server_config = Arc::new(make_server_config_with_mandatory_client_auth(*key_type)); // In a default configuration we expect that the verifier's trust anchors are used // for the hint subjects. - let expected_root_hint_subjects = vec![match key_type { + let expected_root_hint_subjects = vec![match *key_type { KeyType::Rsa => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..], - KeyType::Ecdsa => &b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown ECDSA CA"[..], + KeyType::EcdsaP256 => { + &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p256 CA"[..] + } + KeyType::EcdsaP384 => { + &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p384 CA"[..] + } + KeyType::EcdsaP521 => { + &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p521 CA"[..] + } KeyType::Ed25519 => &b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown EdDSA CA"[..], } .to_vec()]; - test_client_cert_resolve(key_type, server_config, expected_root_hint_subjects); + test_client_cert_resolve(*key_type, server_config, expected_root_hint_subjects); } } @@ -1394,11 +1402,11 @@ fn client_cert_resolve_server_no_hints() { // arguments. for key_type in ALL_KEY_TYPES.into_iter() { // Build a verifier with no hint subjects. - let verifier = webpki_client_verifier_builder(get_client_root_store(key_type)) + let verifier = webpki_client_verifier_builder(get_client_root_store(*key_type)) .clear_root_hint_subjects(); - let server_config = make_server_config_with_client_verifier(key_type, verifier); + let server_config = make_server_config_with_client_verifier(*key_type, verifier); let expected_root_hint_subjects = Vec::default(); // no hints expected. - test_client_cert_resolve(key_type, server_config.into(), expected_root_hint_subjects); + test_client_cert_resolve(*key_type, server_config.into(), expected_root_hint_subjects); } } @@ -1411,7 +1419,15 @@ fn client_cert_resolve_server_added_hint() { let expected_hint_subjects = vec![ match key_type { KeyType::Rsa => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..], - KeyType::Ecdsa => &b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown ECDSA CA"[..], + KeyType::EcdsaP256 => { + &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p256 CA"[..] + } + KeyType::EcdsaP384 => { + &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p384 CA"[..] + } + KeyType::EcdsaP521 => { + &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p521 CA"[..] + } KeyType::Ed25519 => { &b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown EdDSA CA"[..] } @@ -1421,10 +1437,10 @@ fn client_cert_resolve_server_added_hint() { ]; // Create a verifier that adds the extra_name as a hint subject in addition to the ones // from the root cert store. - let verifier = webpki_client_verifier_builder(get_client_root_store(key_type)) + let verifier = webpki_client_verifier_builder(get_client_root_store(*key_type)) .add_root_hint_subjects([DistinguishedName::from(extra_name.clone())].into_iter()); - let server_config = make_server_config_with_client_verifier(key_type, verifier); - test_client_cert_resolve(key_type, server_config.into(), expected_hint_subjects); + let server_config = make_server_config_with_client_verifier(*key_type, verifier); + test_client_cert_resolve(*key_type, server_config.into(), expected_hint_subjects); } } @@ -2791,8 +2807,8 @@ fn test_tls13_exporter() { #[test] fn test_tls13_exporter_maximum_output_length() { let client_config = - make_client_config_with_versions(KeyType::Ecdsa, &[&rustls::version::TLS13]); - let server_config = make_server_config(KeyType::Ecdsa); + make_client_config_with_versions(KeyType::EcdsaP256, &[&rustls::version::TLS13]); + let server_config = make_server_config(KeyType::EcdsaP256); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); do_handshake(&mut client, &mut server); @@ -2917,7 +2933,7 @@ static TEST_CIPHERSUITES: &[(&rustls::SupportedProtocolVersion, KeyType, CipherS #[cfg(feature = "tls12")] ( &rustls::version::TLS12, - KeyType::Ecdsa, + KeyType::EcdsaP256, CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, ), #[cfg(feature = "tls12")] @@ -2929,13 +2945,13 @@ static TEST_CIPHERSUITES: &[(&rustls::SupportedProtocolVersion, KeyType, CipherS #[cfg(feature = "tls12")] ( &rustls::version::TLS12, - KeyType::Ecdsa, + KeyType::EcdsaP384, CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, ), #[cfg(feature = "tls12")] ( &rustls::version::TLS12, - KeyType::Ecdsa, + KeyType::EcdsaP384, CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, ), #[cfg(feature = "tls12")] diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index de4ac7af7e..44b0c856e0 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -47,27 +47,65 @@ macro_rules! embed_files { } embed_files! { - (ECDSA_CA_CERT, "ecdsa", "ca.cert"); - (ECDSA_CA_DER, "ecdsa", "ca.der"); - (ECDSA_CA_KEY, "ecdsa", "ca.key"); - (ECDSA_CLIENT_CERT, "ecdsa", "client.cert"); - (ECDSA_CLIENT_CHAIN, "ecdsa", "client.chain"); - (ECDSA_CLIENT_FULLCHAIN, "ecdsa", "client.fullchain"); - (ECDSA_CLIENT_KEY, "ecdsa", "client.key"); - (ECDSA_CLIENT_REQ, "ecdsa", "client.req"); - (ECDSA_END_CRL_PEM, "ecdsa", "end.revoked.crl.pem"); - (ECDSA_CLIENT_CRL_PEM, "ecdsa", "client.revoked.crl.pem"); - (ECDSA_INTERMEDIATE_CRL_PEM, "ecdsa", "inter.revoked.crl.pem"); - (ECDSA_END_CERT, "ecdsa", "end.cert"); - (ECDSA_END_CHAIN, "ecdsa", "end.chain"); - (ECDSA_END_FULLCHAIN, "ecdsa", "end.fullchain"); - (ECDSA_END_KEY, "ecdsa", "end.key"); - (ECDSA_END_REQ, "ecdsa", "end.req"); - (ECDSA_INTER_CERT, "ecdsa", "inter.cert"); - (ECDSA_INTER_KEY, "ecdsa", "inter.key"); - (ECDSA_INTER_REQ, "ecdsa", "inter.req"); - (ECDSA_NISTP256_PEM, "ecdsa", "nistp256.pem"); - (ECDSA_NISTP384_PEM, "ecdsa", "nistp384.pem"); + (ECDSA_P256_CA_CERT, "ecdsa-p256", "ca.cert"); + (ECDSA_P256_CA_DER, "ecdsa-p256", "ca.der"); + (ECDSA_P256_CA_KEY, "ecdsa-p256", "ca.key"); + (ECDSA_P256_CLIENT_CERT, "ecdsa-p256", "client.cert"); + (ECDSA_P256_CLIENT_CHAIN, "ecdsa-p256", "client.chain"); + (ECDSA_P256_CLIENT_FULLCHAIN, "ecdsa-p256", "client.fullchain"); + (ECDSA_P256_CLIENT_KEY, "ecdsa-p256", "client.key"); + (ECDSA_P256_CLIENT_REQ, "ecdsa-p256", "client.req"); + (ECDSA_P256_END_CRL_PEM, "ecdsa-p256", "end.revoked.crl.pem"); + (ECDSA_P256_CLIENT_CRL_PEM, "ecdsa-p256", "client.revoked.crl.pem"); + (ECDSA_P256_INTERMEDIATE_CRL_PEM, "ecdsa-p256", "inter.revoked.crl.pem"); + (ECDSA_P256_END_CERT, "ecdsa-p256", "end.cert"); + (ECDSA_P256_END_CHAIN, "ecdsa-p256", "end.chain"); + (ECDSA_P256_END_FULLCHAIN, "ecdsa-p256", "end.fullchain"); + (ECDSA_P256_END_KEY, "ecdsa-p256", "end.key"); + (ECDSA_P256_END_REQ, "ecdsa-p256", "end.req"); + (ECDSA_P256_INTER_CERT, "ecdsa-p256", "inter.cert"); + (ECDSA_P256_INTER_KEY, "ecdsa-p256", "inter.key"); + (ECDSA_P256_INTER_REQ, "ecdsa-p256", "inter.req"); + + (ECDSA_P384_CA_CERT, "ecdsa-p384", "ca.cert"); + (ECDSA_P384_CA_DER, "ecdsa-p384", "ca.der"); + (ECDSA_P384_CA_KEY, "ecdsa-p384", "ca.key"); + (ECDSA_P384_CLIENT_CERT, "ecdsa-p384", "client.cert"); + (ECDSA_P384_CLIENT_CHAIN, "ecdsa-p384", "client.chain"); + (ECDSA_P384_CLIENT_FULLCHAIN, "ecdsa-p384", "client.fullchain"); + (ECDSA_P384_CLIENT_KEY, "ecdsa-p384", "client.key"); + (ECDSA_P384_CLIENT_REQ, "ecdsa-p384", "client.req"); + (ECDSA_P384_END_CRL_PEM, "ecdsa-p384", "end.revoked.crl.pem"); + (ECDSA_P384_CLIENT_CRL_PEM, "ecdsa-p384", "client.revoked.crl.pem"); + (ECDSA_P384_INTERMEDIATE_CRL_PEM, "ecdsa-p384", "inter.revoked.crl.pem"); + (ECDSA_P384_END_CERT, "ecdsa-p384", "end.cert"); + (ECDSA_P384_END_CHAIN, "ecdsa-p384", "end.chain"); + (ECDSA_P384_END_FULLCHAIN, "ecdsa-p384", "end.fullchain"); + (ECDSA_P384_END_KEY, "ecdsa-p384", "end.key"); + (ECDSA_P384_END_REQ, "ecdsa-p384", "end.req"); + (ECDSA_P384_INTER_CERT, "ecdsa-p384", "inter.cert"); + (ECDSA_P384_INTER_KEY, "ecdsa-p384", "inter.key"); + (ECDSA_P384_INTER_REQ, "ecdsa-p384", "inter.req"); + + (ECDSA_P521_CA_CERT, "ecdsa-p521", "ca.cert"); + (ECDSA_P521_CA_DER, "ecdsa-p521", "ca.der"); + (ECDSA_P521_CA_KEY, "ecdsa-p521", "ca.key"); + (ECDSA_P521_CLIENT_CERT, "ecdsa-p521", "client.cert"); + (ECDSA_P521_CLIENT_CHAIN, "ecdsa-p521", "client.chain"); + (ECDSA_P521_CLIENT_FULLCHAIN, "ecdsa-p521", "client.fullchain"); + (ECDSA_P521_CLIENT_KEY, "ecdsa-p521", "client.key"); + (ECDSA_P521_CLIENT_REQ, "ecdsa-p521", "client.req"); + (ECDSA_P521_END_CRL_PEM, "ecdsa-p521", "end.revoked.crl.pem"); + (ECDSA_P521_CLIENT_CRL_PEM, "ecdsa-p521", "client.revoked.crl.pem"); + (ECDSA_P521_INTERMEDIATE_CRL_PEM, "ecdsa-p521", "inter.revoked.crl.pem"); + (ECDSA_P521_END_CERT, "ecdsa-p521", "end.cert"); + (ECDSA_P521_END_CHAIN, "ecdsa-p521", "end.chain"); + (ECDSA_P521_END_FULLCHAIN, "ecdsa-p521", "end.fullchain"); + (ECDSA_P521_END_KEY, "ecdsa-p521", "end.key"); + (ECDSA_P521_END_REQ, "ecdsa-p521", "end.req"); + (ECDSA_P521_INTER_CERT, "ecdsa-p521", "inter.cert"); + (ECDSA_P521_INTER_KEY, "ecdsa-p521", "inter.key"); + (ECDSA_P521_INTER_REQ, "ecdsa-p521", "inter.req"); (EDDSA_CA_CERT, "eddsa", "ca.cert"); (EDDSA_CA_DER, "eddsa", "ca.der"); @@ -207,17 +245,28 @@ where #[derive(Clone, Copy, Debug, PartialEq)] pub enum KeyType { Rsa, - Ecdsa, + EcdsaP256, + EcdsaP384, + EcdsaP521, Ed25519, } -pub static ALL_KEY_TYPES: [KeyType; 3] = [KeyType::Rsa, KeyType::Ecdsa, KeyType::Ed25519]; +pub static ALL_KEY_TYPES: &[KeyType] = &[ + KeyType::Rsa, + KeyType::EcdsaP256, + KeyType::EcdsaP384, + #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] + KeyType::EcdsaP521, + KeyType::Ed25519, +]; impl KeyType { fn bytes_for(&self, part: &str) -> &'static [u8] { match self { Self::Rsa => bytes_for("rsa", part), - Self::Ecdsa => bytes_for("ecdsa", part), + Self::EcdsaP256 => bytes_for("ecdsa-p256", part), + Self::EcdsaP384 => bytes_for("ecdsa-p384", part), + Self::EcdsaP521 => bytes_for("ecdsa-p521", part), Self::Ed25519 => bytes_for("eddsa", part), } } diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index 15d5a7d807..eb12ee8087 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -270,6 +270,7 @@ impl Default for MockServerVerifier { SignatureScheme::ED25519, SignatureScheme::ECDSA_NISTP256_SHA256, SignatureScheme::ECDSA_NISTP384_SHA384, + SignatureScheme::ECDSA_NISTP521_SHA512, ], } } diff --git a/test-ca/build-a-pki.sh b/test-ca/build-a-pki.sh index f1970cea25..febe68a6d9 100755 --- a/test-ca/build-a-pki.sh +++ b/test-ca/build-a-pki.sh @@ -2,8 +2,8 @@ set -xe -rm -rf rsa/ ecdsa/ eddsa/ -mkdir -p rsa/ ecdsa/ eddsa/ +rm -rf rsa/ ecdsa-p256/ ecdsa-p384/ ecdsa-p521/ eddsa/ +mkdir -p rsa/ ecdsa-p256/ ecdsa-p384/ ecdsa-p521/ eddsa/ openssl req -nodes \ -x509 \ @@ -48,45 +48,56 @@ openssl rsa \ -out rsa/client.rsa # ecdsa -openssl ecparam -name prime256v1 -out ecdsa/nistp256.pem -openssl ecparam -name secp384r1 -out ecdsa/nistp384.pem - -openssl req -nodes \ - -x509 \ - -newkey ec:ecdsa/nistp384.pem \ - -keyout ecdsa/ca.key \ - -out ecdsa/ca.cert \ - -sha256 \ - -batch \ - -days 3650 \ - -subj "/CN=ponytown ECDSA CA" - -openssl req -nodes \ - -newkey ec:ecdsa/nistp256.pem \ - -keyout ecdsa/inter.key \ - -out ecdsa/inter.req \ - -sha256 \ - -batch \ - -days 3000 \ - -subj "/CN=ponytown ECDSA level 2 intermediate" - -openssl req -nodes \ - -newkey ec:ecdsa/nistp256.pem \ - -keyout ecdsa/end.key \ - -out ecdsa/end.req \ - -sha256 \ - -batch \ - -days 2000 \ - -subj "/CN=testserver.com" - -openssl req -nodes \ - -newkey ec:ecdsa/nistp384.pem \ - -keyout ecdsa/client.key \ - -out ecdsa/client.req \ - -sha256 \ - -batch \ - -days 2000 \ - -subj "/CN=ponytown client" +for curve in p256 p384 p521 ; do + case $curve in + p256) + openssl ecparam -name prime256v1 -out ecdsa-$curve/curve.pem + ;; + p384) + openssl ecparam -name secp384r1 -out ecdsa-$curve/curve.pem + ;; + p521) + openssl ecparam -name secp521r1 -out ecdsa-$curve/curve.pem + ;; + esac + + openssl req -nodes \ + -x509 \ + -newkey ec:ecdsa-$curve/curve.pem \ + -keyout ecdsa-$curve/ca.key \ + -out ecdsa-$curve/ca.cert \ + -sha256 \ + -batch \ + -days 3650 \ + -subj "/CN=ponytown ECDSA $curve CA" + + openssl req -nodes \ + -newkey ec:ecdsa-$curve/curve.pem \ + -keyout ecdsa-$curve/inter.key \ + -out ecdsa-$curve/inter.req \ + -sha256 \ + -batch \ + -days 3000 \ + -subj "/CN=ponytown ECDSA $curve level 2 intermediate" + + openssl req -nodes \ + -newkey ec:ecdsa-$curve/curve.pem \ + -keyout ecdsa-$curve/end.key \ + -out ecdsa-$curve/end.req \ + -sha256 \ + -batch \ + -days 2000 \ + -subj "/CN=testserver.com" + + openssl req -nodes \ + -newkey ec:ecdsa-$curve/curve.pem \ + -keyout ecdsa-$curve/client.key \ + -out ecdsa-$curve/client.req \ + -sha256 \ + -batch \ + -days 2000 \ + -subj "/CN=ponytown client" +done # eddsa @@ -138,12 +149,14 @@ openssl req -nodes \ # Generate a CRL revoking a specific certificate, signed by the specified issuer. # Arguments: # 1. the key type (e.g. "rsa") -# 2. the name of the issuer (e.g. "inter") -# 3. the name of the certificate to revoke (e.g. "end") +# 2. signature hash algorithm (e.g. "sha256") +# 3. the name of the issuer (e.g. "inter") +# 4. the name of the certificate to revoke (e.g. "end") function gen_crl { local kt=$1 - local issuer_name=$2 - local revoked_cert_name=$3 + local hash=$2 + local issuer_name=$3 + local revoked_cert_name=$4 # Overwrite the CA state for each revocation - this avoids an # "already revoked" error since we're re-using serial numbers across @@ -158,6 +171,7 @@ function gen_crl { -keyfile "$kt/$issuer_name.key" \ -cert "$kt/$issuer_name.cert" \ -gencrl \ + -md $hash \ -crldays 7 \ -revoke "$kt/$revoked_cert_name.cert" \ -crl_reason keyCompromise \ @@ -168,18 +182,37 @@ function gen_crl { -config ./crl-openssl.cnf \ -keyfile "$kt/$issuer_name.key" \ -cert "$kt/$issuer_name.cert" \ + -md $hash \ -gencrl \ -crldays 7 \ -out "$kt/$revoked_cert_name.revoked.crl.pem" } -for kt in rsa ecdsa eddsa ; do +for kt in rsa ecdsa-p256 ecdsa-p384 ecdsa-p521 eddsa ; do + case $kt in + rsa) + hash=sha256 + ;; + ecdsa-p256) + hash=sha256 + ;; + ecdsa-p384) + hash=sha384 + ;; + ecdsa-p521) + hash=sha512 + ;; + eddsa) + hash=sha512 + ;; + esac + openssl x509 -req \ -in $kt/inter.req \ -out $kt/inter.cert \ -CA $kt/ca.cert \ -CAkey $kt/ca.key \ - -sha256 \ + -$hash \ -days 3650 \ -set_serial 123 \ -extensions v3_inter -extfile openssl.cnf @@ -189,7 +222,7 @@ for kt in rsa ecdsa eddsa ; do -out $kt/end.cert \ -CA $kt/inter.cert \ -CAkey $kt/inter.key \ - -sha256 \ + -$hash \ -days 2000 \ -set_serial 456 \ -extensions v3_end -extfile openssl.cnf @@ -199,17 +232,17 @@ for kt in rsa ecdsa eddsa ; do -out $kt/client.cert \ -CA $kt/inter.cert \ -CAkey $kt/inter.key \ - -sha256 \ + -$hash \ -days 2000 \ -set_serial 789 \ -extensions v3_client -extfile openssl.cnf # Generate a CRL revoking the client certificate - gen_crl $kt inter client + gen_crl $kt $hash inter client # Generate a CRL revoking the server certificate - gen_crl $kt inter end + gen_crl $kt $hash inter end # Generate a CRL revoking the intermediate certificate - gen_crl $kt ca inter + gen_crl $kt $hash ca inter cat $kt/inter.cert $kt/ca.cert > $kt/end.chain cat $kt/end.cert $kt/inter.cert $kt/ca.cert > $kt/end.fullchain diff --git a/test-ca/ecdsa-p256/ca.cert b/test-ca/ecdsa-p256/ca.cert new file mode 100644 index 0000000000..c5e1624b04 --- /dev/null +++ b/test-ca/ecdsa-p256/ca.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBlzCCAT2gAwIBAgIUXNAfCxy5XH9euZCdMIPq/Rvd7RUwCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDI1NiBDQTAeFw0yMzEyMjExNzIz +MTRaFw0zMzEyMTgxNzIzMTRaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAy +NTYgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATt16Sg8z+JLDkcwWpjiAs6 +U0tJR3SfjPV8A3J8ROmXVBNG0yqm6/mPMofftbJEyHNHI3hQ3Dq9lntQ4MmMogWc +o1MwUTAdBgNVHQ4EFgQUPCLByOwqcjYqm6f2yusG+EykRw8wHwYDVR0jBBgwFoAU +PCLByOwqcjYqm6f2yusG+EykRw8wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD +AgNIADBFAiEAyDvCCfom06ef3DUGIuVGu94tWWZawxflnGRgro4aCLUCIHkMsDLh +K2dhBn7uCTO/2+njVegxA2Akap5S1rzsvbMl +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p256/ca.der b/test-ca/ecdsa-p256/ca.der new file mode 100644 index 0000000000000000000000000000000000000000..261389c7a2ad460f4605c79275d290d07d0544f5 GIT binary patch literal 411 zcmXqLVw`T!#Av&KnTe5!NhIciJh#lwnEJS#6XqH;zxpeE_pPV_7aNCGo5wj@7G@>` zMMHT5SvKZS7G@r?g8aP7lKk>K1y^U6U`K@lBU3X4XGa4$ab6>1Ln9+YLvtW)5+%-S z4CESGK)J*i5osXI#tycVi4kf!Gb1~*69dcJ>q{1Vw(r!jlsTA{+`(-X?Ct4ZGQa0* z4RcYA%ggB@!fuzfmc9PjZ`6K&>n4{I#qP=#0e7tSPOA=haI$9+>zu{G27zD?$nvp> zv543x9X#n!bAP@APtTKy)fmj1}1^gfd!io;iafrqM literal 0 HcmV?d00001 diff --git a/test-ca/ecdsa-p256/ca.key b/test-ca/ecdsa-p256/ca.key new file mode 100644 index 0000000000..2546b89b09 --- /dev/null +++ b/test-ca/ecdsa-p256/ca.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgO0Igv4EPhmmbS0eJ +lk8JNGHCMmBccdjFXqUYNjKNY+6hRANCAATt16Sg8z+JLDkcwWpjiAs6U0tJR3Sf +jPV8A3J8ROmXVBNG0yqm6/mPMofftbJEyHNHI3hQ3Dq9lntQ4MmMogWc +-----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p256/client.cert b/test-ca/ecdsa-p256/client.cert new file mode 100644 index 0000000000..20d2b5e91b --- /dev/null +++ b/test-ca/ecdsa-p256/client.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB3TCCAYSgAwIBAgICAxUwCgYIKoZIzj0EAwIwMzExMC8GA1UEAwwocG9ueXRv +d24gRUNEU0EgcDI1NiBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz +MTVaFw0yOTA2MTIxNzIzMTVaMBoxGDAWBgNVBAMMD3Bvbnl0b3duIGNsaWVudDBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABDDDw2ukGkGrzLJLHIRN9aMpVS5B89Jr +CAlUYFyZaX8wcuWvGzggj1ZarDpYeE7ssoQYoa5p6KqtIa5OvInBRe+jgaAwgZ0w +DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUH +AwIwHQYDVR0OBBYEFNdHL7fnjNg55hCpxd+LvRihS1QnMEkGA1UdIwRCMECAFCUj +x8KXFtW1k3MwbEuvlfY1dihpoSWkIzAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RT +QSBwMjU2IENBggF7MAoGCCqGSM49BAMCA0cAMEQCIFHKHBiM7y4CJRl0u/gdb9AK +39QXtSturZkNYTXOfNtjAiAmczmakN0TpQJzErIVMMdAXZpPBhyCD/lkTz6C0XNW +1Q== +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p256/client.chain b/test-ca/ecdsa-p256/client.chain new file mode 100644 index 0000000000..5cd0d94ffc --- /dev/null +++ b/test-ca/ecdsa-p256/client.chain @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIBwjCCAWigAwIBAgIBezAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMjU2IENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow +MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDI1NiBsZXZlbCAyIGludGVybWVk +aWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB/BbDMWZNoaBneK+b5M7KW2 ++vPnATS9T+qk7Pel+888qOKWhlRh+vvaUhYu+qkkDHQRoqs7oJnxDR+6AjwGV/ij +fzB9MB0GA1UdDgQWBBQlI8fClxbVtZNzMGxLr5X2NXYoaTAgBgNVHSUBAf8EFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4w +HwYDVR0jBBgwFoAUPCLByOwqcjYqm6f2yusG+EykRw8wCgYIKoZIzj0EAwIDSAAw +RQIhAKT+GYVLDu9iVVOnQkQDTS1fSAIpUE32EeVMK66MBP3LAiAjaIs3mxSGCZLB +20R757DmPfbXWWOmozVXH3yVLX45YA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBlzCCAT2gAwIBAgIUXNAfCxy5XH9euZCdMIPq/Rvd7RUwCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDI1NiBDQTAeFw0yMzEyMjExNzIz +MTRaFw0zMzEyMTgxNzIzMTRaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAy +NTYgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATt16Sg8z+JLDkcwWpjiAs6 +U0tJR3SfjPV8A3J8ROmXVBNG0yqm6/mPMofftbJEyHNHI3hQ3Dq9lntQ4MmMogWc +o1MwUTAdBgNVHQ4EFgQUPCLByOwqcjYqm6f2yusG+EykRw8wHwYDVR0jBBgwFoAU +PCLByOwqcjYqm6f2yusG+EykRw8wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD +AgNIADBFAiEAyDvCCfom06ef3DUGIuVGu94tWWZawxflnGRgro4aCLUCIHkMsDLh +K2dhBn7uCTO/2+njVegxA2Akap5S1rzsvbMl +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p256/client.fullchain b/test-ca/ecdsa-p256/client.fullchain new file mode 100644 index 0000000000..8391bff607 --- /dev/null +++ b/test-ca/ecdsa-p256/client.fullchain @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIB3TCCAYSgAwIBAgICAxUwCgYIKoZIzj0EAwIwMzExMC8GA1UEAwwocG9ueXRv +d24gRUNEU0EgcDI1NiBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz +MTVaFw0yOTA2MTIxNzIzMTVaMBoxGDAWBgNVBAMMD3Bvbnl0b3duIGNsaWVudDBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABDDDw2ukGkGrzLJLHIRN9aMpVS5B89Jr +CAlUYFyZaX8wcuWvGzggj1ZarDpYeE7ssoQYoa5p6KqtIa5OvInBRe+jgaAwgZ0w +DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUH +AwIwHQYDVR0OBBYEFNdHL7fnjNg55hCpxd+LvRihS1QnMEkGA1UdIwRCMECAFCUj +x8KXFtW1k3MwbEuvlfY1dihpoSWkIzAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RT +QSBwMjU2IENBggF7MAoGCCqGSM49BAMCA0cAMEQCIFHKHBiM7y4CJRl0u/gdb9AK +39QXtSturZkNYTXOfNtjAiAmczmakN0TpQJzErIVMMdAXZpPBhyCD/lkTz6C0XNW +1Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBwjCCAWigAwIBAgIBezAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMjU2IENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow +MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDI1NiBsZXZlbCAyIGludGVybWVk +aWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB/BbDMWZNoaBneK+b5M7KW2 ++vPnATS9T+qk7Pel+888qOKWhlRh+vvaUhYu+qkkDHQRoqs7oJnxDR+6AjwGV/ij +fzB9MB0GA1UdDgQWBBQlI8fClxbVtZNzMGxLr5X2NXYoaTAgBgNVHSUBAf8EFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4w +HwYDVR0jBBgwFoAUPCLByOwqcjYqm6f2yusG+EykRw8wCgYIKoZIzj0EAwIDSAAw +RQIhAKT+GYVLDu9iVVOnQkQDTS1fSAIpUE32EeVMK66MBP3LAiAjaIs3mxSGCZLB +20R757DmPfbXWWOmozVXH3yVLX45YA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBlzCCAT2gAwIBAgIUXNAfCxy5XH9euZCdMIPq/Rvd7RUwCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDI1NiBDQTAeFw0yMzEyMjExNzIz +MTRaFw0zMzEyMTgxNzIzMTRaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAy +NTYgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATt16Sg8z+JLDkcwWpjiAs6 +U0tJR3SfjPV8A3J8ROmXVBNG0yqm6/mPMofftbJEyHNHI3hQ3Dq9lntQ4MmMogWc +o1MwUTAdBgNVHQ4EFgQUPCLByOwqcjYqm6f2yusG+EykRw8wHwYDVR0jBBgwFoAU +PCLByOwqcjYqm6f2yusG+EykRw8wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD +AgNIADBFAiEAyDvCCfom06ef3DUGIuVGu94tWWZawxflnGRgro4aCLUCIHkMsDLh +K2dhBn7uCTO/2+njVegxA2Akap5S1rzsvbMl +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p256/client.key b/test-ca/ecdsa-p256/client.key new file mode 100644 index 0000000000..90c6266a05 --- /dev/null +++ b/test-ca/ecdsa-p256/client.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEP3UeUwVxHHI91OT +Ii0nlivBHI0+Kbp9gj8mn22mnryhRANCAAQww8NrpBpBq8yySxyETfWjKVUuQfPS +awgJVGBcmWl/MHLlrxs4II9WWqw6WHhO7LKEGKGuaeiqrSGuTryJwUXv +-----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p256/client.req b/test-ca/ecdsa-p256/client.req new file mode 100644 index 0000000000..2c56a26260 --- /dev/null +++ b/test-ca/ecdsa-p256/client.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHUMHwCAQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEMMPDa6QaQavMskschE31oylVLkHz0msICVRgXJlpfzBy +5a8bOCCPVlqsOlh4TuyyhBihrmnoqq0hrk68icFF76AAMAoGCCqGSM49BAMCA0gA +MEUCIGNoM5ppNZQB58ebDFr5gi7BfzXQTmSKv1BzHRqKMnv5AiEAvN6+XIGIYju2 +Ju7cb8gJ1ka8aYsSNav0/OiBcRnsXck= +-----END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p256/client.revoked.crl.pem b/test-ca/ecdsa-p256/client.revoked.crl.pem new file mode 100644 index 0000000000..08437c3201 --- /dev/null +++ b/test-ca/ecdsa-p256/client.revoked.crl.pem @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIIBEzCBuQIBATAKBggqhkjOPQQDAjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwMjU2IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yMzEyMjExNzIzMTVaFw0yMzEy +MjgxNzIzMTVaMCMwIQICAxUXDTIzMTIyMTE3MjMxNVowDDAKBgNVHRUEAwoBAaAw +MC4wHwYDVR0jBBgwFoAUJSPHwpcW1bWTczBsS6+V9jV2KGkwCwYDVR0UBAQCAhAB +MAoGCCqGSM49BAMCA0kAMEYCIQDSKQllM9/3mDegf7LyIkvxOzb1xZ7XtxO9YPih +R30C3gIhAOSForDwQacQcZcvlzilgOeVMlkikaOhtG5SM/sL33Z3 +-----END X509 CRL----- diff --git a/test-ca/ecdsa/nistp256.pem b/test-ca/ecdsa-p256/curve.pem similarity index 100% rename from test-ca/ecdsa/nistp256.pem rename to test-ca/ecdsa-p256/curve.pem diff --git a/test-ca/ecdsa-p256/end.cert b/test-ca/ecdsa-p256/end.cert new file mode 100644 index 0000000000..5635378ab8 --- /dev/null +++ b/test-ca/ecdsa-p256/end.cert @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICGzCCAcCgAwIBAgICAcgwCgYIKoZIzj0EAwIwMzExMC8GA1UEAwwocG9ueXRv +d24gRUNEU0EgcDI1NiBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz +MTVaFw0yOTA2MTIxNzIzMTVaMBkxFzAVBgNVBAMMDnRlc3RzZXJ2ZXIuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqa8iXjc9vZ2OMOZJFBNdSxrbI33mwD3h +gUW4/NPOwivnKsr5eehNOhvVvdyDXjqct1ADN2sT2gr5DXlVUv/KS6OB3TCB2jAM +BgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQU3Gu7DKAqOBdJTW/h +Qe8O1+Q/IrMwSQYDVR0jBEIwQIAUJSPHwpcW1bWTczBsS6+V9jV2KGmhJaQjMCEx +HzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAyNTYgQ0GCAXswUwYDVR0RBEwwSoIO +dGVzdHNlcnZlci5jb22HBMYzZAGCFXNlY29uZC50ZXN0c2VydmVyLmNvbYcQIAEN +uAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MAoGCCqGSM49BAMCA0kAMEYCIQD750Gk +UKa8xe9agJ0lJFtESudkzB3LbUnzdYqnHZ4MqAIhAOAeumZzJAt96i42MmFAxwm/ +7zSuo9ek6gYbIolTAQBM +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p256/end.chain b/test-ca/ecdsa-p256/end.chain new file mode 100644 index 0000000000..5cd0d94ffc --- /dev/null +++ b/test-ca/ecdsa-p256/end.chain @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIBwjCCAWigAwIBAgIBezAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMjU2IENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow +MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDI1NiBsZXZlbCAyIGludGVybWVk +aWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB/BbDMWZNoaBneK+b5M7KW2 ++vPnATS9T+qk7Pel+888qOKWhlRh+vvaUhYu+qkkDHQRoqs7oJnxDR+6AjwGV/ij +fzB9MB0GA1UdDgQWBBQlI8fClxbVtZNzMGxLr5X2NXYoaTAgBgNVHSUBAf8EFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4w +HwYDVR0jBBgwFoAUPCLByOwqcjYqm6f2yusG+EykRw8wCgYIKoZIzj0EAwIDSAAw +RQIhAKT+GYVLDu9iVVOnQkQDTS1fSAIpUE32EeVMK66MBP3LAiAjaIs3mxSGCZLB +20R757DmPfbXWWOmozVXH3yVLX45YA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBlzCCAT2gAwIBAgIUXNAfCxy5XH9euZCdMIPq/Rvd7RUwCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDI1NiBDQTAeFw0yMzEyMjExNzIz +MTRaFw0zMzEyMTgxNzIzMTRaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAy +NTYgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATt16Sg8z+JLDkcwWpjiAs6 +U0tJR3SfjPV8A3J8ROmXVBNG0yqm6/mPMofftbJEyHNHI3hQ3Dq9lntQ4MmMogWc +o1MwUTAdBgNVHQ4EFgQUPCLByOwqcjYqm6f2yusG+EykRw8wHwYDVR0jBBgwFoAU +PCLByOwqcjYqm6f2yusG+EykRw8wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD +AgNIADBFAiEAyDvCCfom06ef3DUGIuVGu94tWWZawxflnGRgro4aCLUCIHkMsDLh +K2dhBn7uCTO/2+njVegxA2Akap5S1rzsvbMl +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p256/end.fullchain b/test-ca/ecdsa-p256/end.fullchain new file mode 100644 index 0000000000..51b162d164 --- /dev/null +++ b/test-ca/ecdsa-p256/end.fullchain @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIICGzCCAcCgAwIBAgICAcgwCgYIKoZIzj0EAwIwMzExMC8GA1UEAwwocG9ueXRv +d24gRUNEU0EgcDI1NiBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz +MTVaFw0yOTA2MTIxNzIzMTVaMBkxFzAVBgNVBAMMDnRlc3RzZXJ2ZXIuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqa8iXjc9vZ2OMOZJFBNdSxrbI33mwD3h +gUW4/NPOwivnKsr5eehNOhvVvdyDXjqct1ADN2sT2gr5DXlVUv/KS6OB3TCB2jAM +BgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQU3Gu7DKAqOBdJTW/h +Qe8O1+Q/IrMwSQYDVR0jBEIwQIAUJSPHwpcW1bWTczBsS6+V9jV2KGmhJaQjMCEx +HzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAyNTYgQ0GCAXswUwYDVR0RBEwwSoIO +dGVzdHNlcnZlci5jb22HBMYzZAGCFXNlY29uZC50ZXN0c2VydmVyLmNvbYcQIAEN +uAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MAoGCCqGSM49BAMCA0kAMEYCIQD750Gk +UKa8xe9agJ0lJFtESudkzB3LbUnzdYqnHZ4MqAIhAOAeumZzJAt96i42MmFAxwm/ +7zSuo9ek6gYbIolTAQBM +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBwjCCAWigAwIBAgIBezAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMjU2IENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow +MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDI1NiBsZXZlbCAyIGludGVybWVk +aWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB/BbDMWZNoaBneK+b5M7KW2 ++vPnATS9T+qk7Pel+888qOKWhlRh+vvaUhYu+qkkDHQRoqs7oJnxDR+6AjwGV/ij +fzB9MB0GA1UdDgQWBBQlI8fClxbVtZNzMGxLr5X2NXYoaTAgBgNVHSUBAf8EFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4w +HwYDVR0jBBgwFoAUPCLByOwqcjYqm6f2yusG+EykRw8wCgYIKoZIzj0EAwIDSAAw +RQIhAKT+GYVLDu9iVVOnQkQDTS1fSAIpUE32EeVMK66MBP3LAiAjaIs3mxSGCZLB +20R757DmPfbXWWOmozVXH3yVLX45YA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBlzCCAT2gAwIBAgIUXNAfCxy5XH9euZCdMIPq/Rvd7RUwCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDI1NiBDQTAeFw0yMzEyMjExNzIz +MTRaFw0zMzEyMTgxNzIzMTRaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAy +NTYgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATt16Sg8z+JLDkcwWpjiAs6 +U0tJR3SfjPV8A3J8ROmXVBNG0yqm6/mPMofftbJEyHNHI3hQ3Dq9lntQ4MmMogWc +o1MwUTAdBgNVHQ4EFgQUPCLByOwqcjYqm6f2yusG+EykRw8wHwYDVR0jBBgwFoAU +PCLByOwqcjYqm6f2yusG+EykRw8wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD +AgNIADBFAiEAyDvCCfom06ef3DUGIuVGu94tWWZawxflnGRgro4aCLUCIHkMsDLh +K2dhBn7uCTO/2+njVegxA2Akap5S1rzsvbMl +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p256/end.key b/test-ca/ecdsa-p256/end.key new file mode 100644 index 0000000000..8978f426d4 --- /dev/null +++ b/test-ca/ecdsa-p256/end.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgDMaLbWu2EJWEA2yI +SrTTdsypyJbKaxjLPoascgD6qbmhRANCAASpryJeNz29nY4w5kkUE11LGtsjfebA +PeGBRbj8087CK+cqyvl56E06G9W93INeOpy3UAM3axPaCvkNeVVS/8pL +-----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p256/end.req b/test-ca/ecdsa-p256/end.req new file mode 100644 index 0000000000..bccaad6f0a --- /dev/null +++ b/test-ca/ecdsa-p256/end.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHSMHsCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAASpryJeNz29nY4w5kkUE11LGtsjfebAPeGBRbj8087CK+cq +yvl56E06G9W93INeOpy3UAM3axPaCvkNeVVS/8pLoAAwCgYIKoZIzj0EAwIDRwAw +RAIgIO7DJfnxkVh3h2SUa2l2UeYCyWwjdjLN3bd4aflpLPkCIFYK6bupISwtlb9n +NQgq+9EAWRwUKHjjJ2G5IBXBBFsj +-----END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p256/end.revoked.crl.pem b/test-ca/ecdsa-p256/end.revoked.crl.pem new file mode 100644 index 0000000000..53916eafd0 --- /dev/null +++ b/test-ca/ecdsa-p256/end.revoked.crl.pem @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIIBEjCBuQIBATAKBggqhkjOPQQDAjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwMjU2IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yMzEyMjExNzIzMTVaFw0yMzEy +MjgxNzIzMTVaMCMwIQICAcgXDTIzMTIyMTE3MjMxNVowDDAKBgNVHRUEAwoBAaAw +MC4wHwYDVR0jBBgwFoAUJSPHwpcW1bWTczBsS6+V9jV2KGkwCwYDVR0UBAQCAhAB +MAoGCCqGSM49BAMCA0gAMEUCIQDd2vdcpgSpRpgMdJhtG4AtSXz+chx8VZya0Pgu +44pRHgIgS5prB4fRL5qDxmBw3akUNv5oLwTfYG23JKAuNEROXNk= +-----END X509 CRL----- diff --git a/test-ca/ecdsa-p256/inter.cert b/test-ca/ecdsa-p256/inter.cert new file mode 100644 index 0000000000..78bbf82f91 --- /dev/null +++ b/test-ca/ecdsa-p256/inter.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBwjCCAWigAwIBAgIBezAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMjU2IENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow +MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDI1NiBsZXZlbCAyIGludGVybWVk +aWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABB/BbDMWZNoaBneK+b5M7KW2 ++vPnATS9T+qk7Pel+888qOKWhlRh+vvaUhYu+qkkDHQRoqs7oJnxDR+6AjwGV/ij +fzB9MB0GA1UdDgQWBBQlI8fClxbVtZNzMGxLr5X2NXYoaTAgBgNVHSUBAf8EFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4w +HwYDVR0jBBgwFoAUPCLByOwqcjYqm6f2yusG+EykRw8wCgYIKoZIzj0EAwIDSAAw +RQIhAKT+GYVLDu9iVVOnQkQDTS1fSAIpUE32EeVMK66MBP3LAiAjaIs3mxSGCZLB +20R757DmPfbXWWOmozVXH3yVLX45YA== +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p256/inter.key b/test-ca/ecdsa-p256/inter.key new file mode 100644 index 0000000000..4c3cffd94e --- /dev/null +++ b/test-ca/ecdsa-p256/inter.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgJPBLmZS+Z3roRnZC +EI50P9TOXkebaSIw8KV7hifdKYahRANCAAQfwWwzFmTaGgZ3ivm+TOyltvrz5wE0 +vU/qpOz3pfvPPKjiloZUYfr72lIWLvqpJAx0EaKrO6CZ8Q0fugI8Blf4 +-----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p256/inter.req b/test-ca/ecdsa-p256/inter.req new file mode 100644 index 0000000000..aa3cbd3096 --- /dev/null +++ b/test-ca/ecdsa-p256/inter.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHtMIGVAgEAMDMxMTAvBgNVBAMMKHBvbnl0b3duIEVDRFNBIHAyNTYgbGV2ZWwg +MiBpbnRlcm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQfwWwzFmTa +GgZ3ivm+TOyltvrz5wE0vU/qpOz3pfvPPKjiloZUYfr72lIWLvqpJAx0EaKrO6CZ +8Q0fugI8Blf4oAAwCgYIKoZIzj0EAwIDRwAwRAIgWVdVk8FILzVwikyhkerV/7NF +/+x1how7gI6T+5T21dYCID1ea/fcvCZpszmbMLdFaxNNAxgZ34deCqvNBB1psuDe +-----END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p256/inter.revoked.crl.pem b/test-ca/ecdsa-p256/inter.revoked.crl.pem new file mode 100644 index 0000000000..8c1e235aa6 --- /dev/null +++ b/test-ca/ecdsa-p256/inter.revoked.crl.pem @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIIBADCBpgIBATAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RT +QSBwMjU2IENBFw0yMzEyMjExNzIzMTVaFw0yMzEyMjgxNzIzMTVaMCIwIAIBexcN +MjMxMjIxMTcyMzE1WjAMMAoGA1UdFQQDCgEBoDAwLjAfBgNVHSMEGDAWgBQ8IsHI +7CpyNiqbp/bK6wb4TKRHDzALBgNVHRQEBAICEAEwCgYIKoZIzj0EAwIDSQAwRgIh +APaD9eRVnXiN+WFqcTZs5IIHThVMKpzOPJg30XmRDkW4AiEAvvtGbai/XTC9VzbA +jFx0ZXqyp5OxmxS7iFCSyt0k6o0= +-----END X509 CRL----- diff --git a/test-ca/ecdsa-p384/ca.cert b/test-ca/ecdsa-p384/ca.cert new file mode 100644 index 0000000000..e7600da09a --- /dev/null +++ b/test-ca/ecdsa-p384/ca.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1DCCAVqgAwIBAgIUNYTDNFKGzHKMICUAOVaGMMpWU2YwCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDM4NCBDQTAeFw0yMzEyMjExNzIz +MTRaFw0zMzEyMTgxNzIzMTRaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAz +ODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS7+C+naqU7p5TX1e3QR/p1rMO2 +tduAk61M1S/RiDxYfb5eESK4QB3zPUKnNvCQDiKCUJAd/wFtvnSYzJLAG1+6+5qm +mcspEKW9zPFSFaYhKqkc+Cn7BqOEBBnml7h1Xh6jUzBRMB0GA1UdDgQWBBRzm6Bt +VxTllGOqFrha+EG/CUPRwTAfBgNVHSMEGDAWgBRzm6BtVxTllGOqFrha+EG/CUPR +wTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA2gAMGUCMBj+Dkjs19HjrB2H +5bMWiSyjU7eGkaAgX0AAWdQ4g79VdF45wuWdT6pvwR92DRkHmwIxAPOn14FJ/Dwb +L/pTAoU5fUrNzGVN5cOwcbme2SO15kT2QRNak/TEZSdjm/RfIeA5KA== +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/ca.der b/test-ca/ecdsa-p384/ca.der new file mode 100644 index 0000000000000000000000000000000000000000..d15006dce5b21abce2bbc84445f0fe3bdf255231 GIT binary patch literal 472 zcmXqLV!UF|#2B@JnTe5!NyN0}ut`wcnW7#ARR+tjHiJ`P!D$9uY#dr`9_MUXn3)U| z4do4F*_cCFn0dqs^7AT7^2_rST%BEl9Tf_UEld=g9S!8fd5w$>jf@Np&4IK@lsK<3 zkZWiGR;@ziKyKdC#bZ;LH4t)({i&96Zn*x0w&1*XUyGKGULpo1Jd!ke$QGq^R%YG z(!FOs28k|H)LJR?L-RM=;uaRkXVZ6-#>p)XHV6d!PL_{Fj76k)_JZ7Sk*8CVSBdS2 z`r){r)A`~-19_n5WtCYZ48$6+E8qty5N2fj&%$cJ45W~Qk2!>AKXL0cMwuuWA;vEv52(&@QU|2{D+fy1LL&=!7Y=c(huYr$OD5& zR+&Y@K&%0~0)CJJVMfOPEUX61KngjKnH#$q3>w>+oEWppC!UbvtM5xbf_)faDT?&RgYbD-0k1lehTsA((4|m6#f{@1gpg8$~8J{JYHL z7~M2m^@8y9byAz|)Lz@xewu5BK!xlaj+qk5+=t}tf0wm3i5@m-6n<%GnDy>=Xl|Bn V|Mz__AL@xLIykGZUtmY06#x}U$c+F1 literal 0 HcmV?d00001 diff --git a/test-ca/ecdsa-p521/ca.key b/test-ca/ecdsa-p521/ca.key new file mode 100644 index 0000000000..91fc29cd70 --- /dev/null +++ b/test-ca/ecdsa-p521/ca.key @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBvhXIfR06UCRAZrau +1P0sVNrkpPyQSPslskGAqp9tFHrj+BvSHXKIj0FKTXixoQaqrVr+NChB6j6U2xlS +0MkI5YmhgYkDgYYABADfFINhR9poOClUZF1o5HGgFt+1xIszsu5oEgHnqy6qpmgU +gTL74h1uMmrocnb1GW+fvUWuuC9In0kgwyy3VYzR5ABSp+N+Gf2YdgnxaRsS8Y0F +pLjFy4SmMNmPGgNCSCIp3MNiqkySBg+Xub/6vDLBLKk9DGFu+OdtUDYQeqUNsA3t +Vw== +-----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p521/client.cert b/test-ca/ecdsa-p521/client.cert new file mode 100644 index 0000000000..6025992890 --- /dev/null +++ b/test-ca/ecdsa-p521/client.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICZDCCAcegAwIBAgICAxUwCgYIKoZIzj0EAwQwMzExMC8GA1UEAwwocG9ueXRv +d24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz +MTVaFw0yOTA2MTIxNzIzMTVaMBoxGDAWBgNVBAMMD3Bvbnl0b3duIGNsaWVudDCB +mzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAAddVyNzastXII6Q1g7NPuJjR+5PFOFC +VAku/spDO8nnOICtMVXfcfQqIzh+f6z9Io4WAhovII6QTaqPsiwelgLbAdSimFm7 +RAF9fjmAE801isvGkV//PvyMtP4c1QqLzjZjA72O1UTcgB1liQZSEm/BS5b2nIkn +Xc4nSZmTXcNmtaJto4GgMIGdMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgbAMBYG +A1UdJQEB/wQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBRgFYCZp86OOiidBzHeL8Z3 +3g/OmjBJBgNVHSMEQjBAgBR4RE+Cykz5N5lscu7gZuzIYOyQKaElpCMwITEfMB0G +A1UEAwwWcG9ueXRvd24gRUNEU0EgcDUyMSBDQYIBezAKBggqhkjOPQQDBAOBigAw +gYYCQUBmGw4g20vWKMl/OFA5VJSF8rydiL0OIcMrvkfKbHni40IEo5Z88t9TW9Yu ++gs6xczHfClzzRFUzxbrSOTLPbIFAkEW+FNWNSChhmiz1bJYDU2g/RD32gOYTT6e +/36c+41jcY6Xr/n1QykerqltmfVsJJl9dnshHLxan8gLGeIb35f4Nw== +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/client.chain b/test-ca/ecdsa-p521/client.chain new file mode 100644 index 0000000000..6a8811c440 --- /dev/null +++ b/test-ca/ecdsa-p521/client.chain @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIICSTCCAaugAwIBAgIBezAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow +MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVk +aWF0ZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAOKjqrbfJUM+AO3mQu9JRfD0 +nicl+oXDwkJV6KNmu5amcYNQWP/dkYpHnPRRTp32Lu9RJqcQpPj8lDyi+z4lkQdV +AdQBV184KQkNMprIsE9pNf97fkInmQPTP7m/F9ZyXRErH8RcUskEMfJ+axPuP066 +vDsbxy0bBvDiudmLrr3FKFBjo38wfTAdBgNVHQ4EFgQUeERPgspM+TeZbHLu4Gbs +yGDskCkwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwQF +MAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNa +Z8BuMAoGCCqGSM49BAMEA4GLADCBhwJCAS+FasMpApq/PuDY3iWiZTkmo/pnv0uC +T5idKSsm4qdHCRFh+WQsAsR4Pyw8dY6CK0Cfd9cIGzsOZoSGsV+v9umjAkEuzlo0 +mn2RHi2euaOLnKhBBxUF//y3rXICzilKQgc4ajT2NxICvIrC0f1Fhkg6a27LhaAn +MGxLBzv/KGg+R17wgg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHjCCAYCgAwIBAgIUALzD8Vim1tvXcRKbV660GpcMTacwCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDUyMSBDQTAeFw0yMzEyMjExNzIz +MTVaFw0zMzEyMTgxNzIzMTVaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHA1 +MjEgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABADfFINhR9poOClUZF1o5HGg +Ft+1xIszsu5oEgHnqy6qpmgUgTL74h1uMmrocnb1GW+fvUWuuC9In0kgwyy3VYzR +5ABSp+N+Gf2YdgnxaRsS8Y0FpLjFy4SmMNmPGgNCSCIp3MNiqkySBg+Xub/6vDLB +LKk9DGFu+OdtUDYQeqUNsA3tV6NTMFEwHQYDVR0OBBYEFIb4Sl9Mw/wJA7AB1sBT +hJNaZ8BuMB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNaZ8BuMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDgYsAMIGHAkIBaneRyZEFDZBszD+PftHfOyZc +/lHjHnHufUbOM0GxzZpQY3RPCdp3Jqgx4/4fOPjwUwqQOhYmA03Cf7mxFJOA/tMC +QVuCmyXQE5euGrLcfda2h8sKmBB4HZwImRgjC8IfP/t2hYIVwzSBE+k5MWru+1Vt +ai2P977p4S4UosGajo8QuIE6 +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/client.fullchain b/test-ca/ecdsa-p521/client.fullchain new file mode 100644 index 0000000000..01b3b95b03 --- /dev/null +++ b/test-ca/ecdsa-p521/client.fullchain @@ -0,0 +1,44 @@ +-----BEGIN CERTIFICATE----- +MIICZDCCAcegAwIBAgICAxUwCgYIKoZIzj0EAwQwMzExMC8GA1UEAwwocG9ueXRv +d24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz +MTVaFw0yOTA2MTIxNzIzMTVaMBoxGDAWBgNVBAMMD3Bvbnl0b3duIGNsaWVudDCB +mzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAAddVyNzastXII6Q1g7NPuJjR+5PFOFC +VAku/spDO8nnOICtMVXfcfQqIzh+f6z9Io4WAhovII6QTaqPsiwelgLbAdSimFm7 +RAF9fjmAE801isvGkV//PvyMtP4c1QqLzjZjA72O1UTcgB1liQZSEm/BS5b2nIkn +Xc4nSZmTXcNmtaJto4GgMIGdMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgbAMBYG +A1UdJQEB/wQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBRgFYCZp86OOiidBzHeL8Z3 +3g/OmjBJBgNVHSMEQjBAgBR4RE+Cykz5N5lscu7gZuzIYOyQKaElpCMwITEfMB0G +A1UEAwwWcG9ueXRvd24gRUNEU0EgcDUyMSBDQYIBezAKBggqhkjOPQQDBAOBigAw +gYYCQUBmGw4g20vWKMl/OFA5VJSF8rydiL0OIcMrvkfKbHni40IEo5Z88t9TW9Yu ++gs6xczHfClzzRFUzxbrSOTLPbIFAkEW+FNWNSChhmiz1bJYDU2g/RD32gOYTT6e +/36c+41jcY6Xr/n1QykerqltmfVsJJl9dnshHLxan8gLGeIb35f4Nw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICSTCCAaugAwIBAgIBezAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow +MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVk +aWF0ZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAOKjqrbfJUM+AO3mQu9JRfD0 +nicl+oXDwkJV6KNmu5amcYNQWP/dkYpHnPRRTp32Lu9RJqcQpPj8lDyi+z4lkQdV +AdQBV184KQkNMprIsE9pNf97fkInmQPTP7m/F9ZyXRErH8RcUskEMfJ+axPuP066 +vDsbxy0bBvDiudmLrr3FKFBjo38wfTAdBgNVHQ4EFgQUeERPgspM+TeZbHLu4Gbs +yGDskCkwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwQF +MAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNa +Z8BuMAoGCCqGSM49BAMEA4GLADCBhwJCAS+FasMpApq/PuDY3iWiZTkmo/pnv0uC +T5idKSsm4qdHCRFh+WQsAsR4Pyw8dY6CK0Cfd9cIGzsOZoSGsV+v9umjAkEuzlo0 +mn2RHi2euaOLnKhBBxUF//y3rXICzilKQgc4ajT2NxICvIrC0f1Fhkg6a27LhaAn +MGxLBzv/KGg+R17wgg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHjCCAYCgAwIBAgIUALzD8Vim1tvXcRKbV660GpcMTacwCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDUyMSBDQTAeFw0yMzEyMjExNzIz +MTVaFw0zMzEyMTgxNzIzMTVaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHA1 +MjEgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABADfFINhR9poOClUZF1o5HGg +Ft+1xIszsu5oEgHnqy6qpmgUgTL74h1uMmrocnb1GW+fvUWuuC9In0kgwyy3VYzR +5ABSp+N+Gf2YdgnxaRsS8Y0FpLjFy4SmMNmPGgNCSCIp3MNiqkySBg+Xub/6vDLB +LKk9DGFu+OdtUDYQeqUNsA3tV6NTMFEwHQYDVR0OBBYEFIb4Sl9Mw/wJA7AB1sBT +hJNaZ8BuMB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNaZ8BuMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDgYsAMIGHAkIBaneRyZEFDZBszD+PftHfOyZc +/lHjHnHufUbOM0GxzZpQY3RPCdp3Jqgx4/4fOPjwUwqQOhYmA03Cf7mxFJOA/tMC +QVuCmyXQE5euGrLcfda2h8sKmBB4HZwImRgjC8IfP/t2hYIVwzSBE+k5MWru+1Vt +ai2P977p4S4UosGajo8QuIE6 +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/client.key b/test-ca/ecdsa-p521/client.key new file mode 100644 index 0000000000..dba222cf9c --- /dev/null +++ b/test-ca/ecdsa-p521/client.key @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA8tqzhtJXGmwcCOBj +W5JDrD4JnyDuc9DsWC63wHkqxPWPmg+PRX6ka3F3AdLNP57BZG/Tx1gBY/YC6D8j +q++Q2YuhgYkDgYYABAAHXVcjc2rLVyCOkNYOzT7iY0fuTxThQlQJLv7KQzvJ5ziA +rTFV33H0KiM4fn+s/SKOFgIaLyCOkE2qj7IsHpYC2wHUophZu0QBfX45gBPNNYrL +xpFf/z78jLT+HNUKi842YwO9jtVE3IAdZYkGUhJvwUuW9pyJJ13OJ0mZk13DZrWi +bQ== +-----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p521/client.req b/test-ca/ecdsa-p521/client.req new file mode 100644 index 0000000000..c365eb2f4f --- /dev/null +++ b/test-ca/ecdsa-p521/client.req @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBXTCBvwIBADAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwgZswEAYHKoZI +zj0CAQYFK4EEACMDgYYABAAHXVcjc2rLVyCOkNYOzT7iY0fuTxThQlQJLv7KQzvJ +5ziArTFV33H0KiM4fn+s/SKOFgIaLyCOkE2qj7IsHpYC2wHUophZu0QBfX45gBPN +NYrLxpFf/z78jLT+HNUKi842YwO9jtVE3IAdZYkGUhJvwUuW9pyJJ13OJ0mZk13D +ZrWibaAAMAoGCCqGSM49BAMCA4GMADCBiAJCAZGBk2lJndJvSaQCWpHlHPl4Toi5 +v8wQfLuq4AGIBpa+J2TB5E23zESehsNoMCVnmbdN52kQhkeKyO7JFAsf63CGAkIB +QbRy7+QbVBQn+LZovUvTnIEX809GJPBaGh4WC98yHxT80x/QdsMYqKCWt7itPLUR +mytyieJoWEcM0T++ErppepQ= +-----END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p521/client.revoked.crl.pem b/test-ca/ecdsa-p521/client.revoked.crl.pem new file mode 100644 index 0000000000..a916ce5c06 --- /dev/null +++ b/test-ca/ecdsa-p521/client.revoked.crl.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBVTCBuQIBATAKBggqhkjOPQQDBDAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwNTIxIGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yMzEyMjExNzIzMTVaFw0yMzEy +MjgxNzIzMTVaMCMwIQICAxUXDTIzMTIyMTE3MjMxNVowDDAKBgNVHRUEAwoBAaAw +MC4wHwYDVR0jBBgwFoAUeERPgspM+TeZbHLu4GbsyGDskCkwCwYDVR0UBAQCAhAB +MAoGCCqGSM49BAMEA4GKADCBhgJBS8NJ1uNWBV0Fl7TIL1zAsQGxEnYPGQ9IP7m+ +dNczvlyP2N3FwCbEMNUiecqrd5d8Nr4toYqyjHIV5fou7NWvjMsCQSbqg7ZLd6cQ +yoXq4odysrua90Hdf9unH4GsST8/UbCJKPJj+bToph90ZUURMRTQxx8Pj2WqPMr0 +ht7IXU1cYXWS +-----END X509 CRL----- diff --git a/test-ca/ecdsa-p521/curve.pem b/test-ca/ecdsa-p521/curve.pem new file mode 100644 index 0000000000..cdca78c8e2 --- /dev/null +++ b/test-ca/ecdsa-p521/curve.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAIw== +-----END EC PARAMETERS----- diff --git a/test-ca/ecdsa-p521/end.cert b/test-ca/ecdsa-p521/end.cert new file mode 100644 index 0000000000..aceab9f1a5 --- /dev/null +++ b/test-ca/ecdsa-p521/end.cert @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICojCCAgOgAwIBAgICAcgwCgYIKoZIzj0EAwQwMzExMC8GA1UEAwwocG9ueXRv +d24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz +MTVaFw0yOTA2MTIxNzIzMTVaMBkxFzAVBgNVBAMMDnRlc3RzZXJ2ZXIuY29tMIGb +MBAGByqGSM49AgEGBSuBBAAjA4GGAAQAw0kMs8v3GMM5ZPkPiVXhek04lzKek9ku +BrPM7UfD5n5aSLgimUntGYi2l0dQwYzWmRYqp3IfLR+K4jByZucnZJMBBjkJ/CPM +49sR3Le+QckI2MITCG0pDfWWlo0V8J5UK4ZJ+3pnTf6KFMsePcfldgpjl7HL6Lzt +4tWE9TiQjJL7E8qjgd0wgdowDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYD +VR0OBBYEFIax75mJqDfPCOsNtbZmJdl+Z9S9MEkGA1UdIwRCMECAFHhET4LKTPk3 +mWxy7uBm7Mhg7JApoSWkIzAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwNTIx +IENBggF7MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29thwTGM2QBghVzZWNvbmQu +dGVzdHNlcnZlci5jb22HECABDbgAAAAAAAAAAAAAAAGCCWxvY2FsaG9zdDAKBggq +hkjOPQQDBAOBjAAwgYgCQgF5+BU+r/SvRT48NXaR05hMQy/LZwY3n8ITJUw8vfp3 +5X7yk/OxfKPWbiBtUIU4xPdWFobH6cl3FZ7GfgsxSNejKgJCAVxGrlMhaZKjlXL0 +utHWXTswTvTyb6cT4V+YXCvD/cyIo5pOSjumVbFycXQfaa/H/PCUxrSRISRWyRV1 +xDBdqcKy +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/end.chain b/test-ca/ecdsa-p521/end.chain new file mode 100644 index 0000000000..6a8811c440 --- /dev/null +++ b/test-ca/ecdsa-p521/end.chain @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIICSTCCAaugAwIBAgIBezAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow +MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVk +aWF0ZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAOKjqrbfJUM+AO3mQu9JRfD0 +nicl+oXDwkJV6KNmu5amcYNQWP/dkYpHnPRRTp32Lu9RJqcQpPj8lDyi+z4lkQdV +AdQBV184KQkNMprIsE9pNf97fkInmQPTP7m/F9ZyXRErH8RcUskEMfJ+axPuP066 +vDsbxy0bBvDiudmLrr3FKFBjo38wfTAdBgNVHQ4EFgQUeERPgspM+TeZbHLu4Gbs +yGDskCkwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwQF +MAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNa +Z8BuMAoGCCqGSM49BAMEA4GLADCBhwJCAS+FasMpApq/PuDY3iWiZTkmo/pnv0uC +T5idKSsm4qdHCRFh+WQsAsR4Pyw8dY6CK0Cfd9cIGzsOZoSGsV+v9umjAkEuzlo0 +mn2RHi2euaOLnKhBBxUF//y3rXICzilKQgc4ajT2NxICvIrC0f1Fhkg6a27LhaAn +MGxLBzv/KGg+R17wgg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHjCCAYCgAwIBAgIUALzD8Vim1tvXcRKbV660GpcMTacwCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDUyMSBDQTAeFw0yMzEyMjExNzIz +MTVaFw0zMzEyMTgxNzIzMTVaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHA1 +MjEgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABADfFINhR9poOClUZF1o5HGg +Ft+1xIszsu5oEgHnqy6qpmgUgTL74h1uMmrocnb1GW+fvUWuuC9In0kgwyy3VYzR +5ABSp+N+Gf2YdgnxaRsS8Y0FpLjFy4SmMNmPGgNCSCIp3MNiqkySBg+Xub/6vDLB +LKk9DGFu+OdtUDYQeqUNsA3tV6NTMFEwHQYDVR0OBBYEFIb4Sl9Mw/wJA7AB1sBT +hJNaZ8BuMB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNaZ8BuMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDgYsAMIGHAkIBaneRyZEFDZBszD+PftHfOyZc +/lHjHnHufUbOM0GxzZpQY3RPCdp3Jqgx4/4fOPjwUwqQOhYmA03Cf7mxFJOA/tMC +QVuCmyXQE5euGrLcfda2h8sKmBB4HZwImRgjC8IfP/t2hYIVwzSBE+k5MWru+1Vt +ai2P977p4S4UosGajo8QuIE6 +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/end.fullchain b/test-ca/ecdsa-p521/end.fullchain new file mode 100644 index 0000000000..89d565ea1d --- /dev/null +++ b/test-ca/ecdsa-p521/end.fullchain @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIICojCCAgOgAwIBAgICAcgwCgYIKoZIzj0EAwQwMzExMC8GA1UEAwwocG9ueXRv +d24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz +MTVaFw0yOTA2MTIxNzIzMTVaMBkxFzAVBgNVBAMMDnRlc3RzZXJ2ZXIuY29tMIGb +MBAGByqGSM49AgEGBSuBBAAjA4GGAAQAw0kMs8v3GMM5ZPkPiVXhek04lzKek9ku +BrPM7UfD5n5aSLgimUntGYi2l0dQwYzWmRYqp3IfLR+K4jByZucnZJMBBjkJ/CPM +49sR3Le+QckI2MITCG0pDfWWlo0V8J5UK4ZJ+3pnTf6KFMsePcfldgpjl7HL6Lzt +4tWE9TiQjJL7E8qjgd0wgdowDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYD +VR0OBBYEFIax75mJqDfPCOsNtbZmJdl+Z9S9MEkGA1UdIwRCMECAFHhET4LKTPk3 +mWxy7uBm7Mhg7JApoSWkIzAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwNTIx +IENBggF7MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29thwTGM2QBghVzZWNvbmQu +dGVzdHNlcnZlci5jb22HECABDbgAAAAAAAAAAAAAAAGCCWxvY2FsaG9zdDAKBggq +hkjOPQQDBAOBjAAwgYgCQgF5+BU+r/SvRT48NXaR05hMQy/LZwY3n8ITJUw8vfp3 +5X7yk/OxfKPWbiBtUIU4xPdWFobH6cl3FZ7GfgsxSNejKgJCAVxGrlMhaZKjlXL0 +utHWXTswTvTyb6cT4V+YXCvD/cyIo5pOSjumVbFycXQfaa/H/PCUxrSRISRWyRV1 +xDBdqcKy +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICSTCCAaugAwIBAgIBezAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow +MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVk +aWF0ZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAOKjqrbfJUM+AO3mQu9JRfD0 +nicl+oXDwkJV6KNmu5amcYNQWP/dkYpHnPRRTp32Lu9RJqcQpPj8lDyi+z4lkQdV +AdQBV184KQkNMprIsE9pNf97fkInmQPTP7m/F9ZyXRErH8RcUskEMfJ+axPuP066 +vDsbxy0bBvDiudmLrr3FKFBjo38wfTAdBgNVHQ4EFgQUeERPgspM+TeZbHLu4Gbs +yGDskCkwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwQF +MAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNa +Z8BuMAoGCCqGSM49BAMEA4GLADCBhwJCAS+FasMpApq/PuDY3iWiZTkmo/pnv0uC +T5idKSsm4qdHCRFh+WQsAsR4Pyw8dY6CK0Cfd9cIGzsOZoSGsV+v9umjAkEuzlo0 +mn2RHi2euaOLnKhBBxUF//y3rXICzilKQgc4ajT2NxICvIrC0f1Fhkg6a27LhaAn +MGxLBzv/KGg+R17wgg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHjCCAYCgAwIBAgIUALzD8Vim1tvXcRKbV660GpcMTacwCgYIKoZIzj0EAwIw +ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDUyMSBDQTAeFw0yMzEyMjExNzIz +MTVaFw0zMzEyMTgxNzIzMTVaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHA1 +MjEgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABADfFINhR9poOClUZF1o5HGg +Ft+1xIszsu5oEgHnqy6qpmgUgTL74h1uMmrocnb1GW+fvUWuuC9In0kgwyy3VYzR +5ABSp+N+Gf2YdgnxaRsS8Y0FpLjFy4SmMNmPGgNCSCIp3MNiqkySBg+Xub/6vDLB +LKk9DGFu+OdtUDYQeqUNsA3tV6NTMFEwHQYDVR0OBBYEFIb4Sl9Mw/wJA7AB1sBT +hJNaZ8BuMB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNaZ8BuMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDgYsAMIGHAkIBaneRyZEFDZBszD+PftHfOyZc +/lHjHnHufUbOM0GxzZpQY3RPCdp3Jqgx4/4fOPjwUwqQOhYmA03Cf7mxFJOA/tMC +QVuCmyXQE5euGrLcfda2h8sKmBB4HZwImRgjC8IfP/t2hYIVwzSBE+k5MWru+1Vt +ai2P977p4S4UosGajo8QuIE6 +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/end.key b/test-ca/ecdsa-p521/end.key new file mode 100644 index 0000000000..f54b96e204 --- /dev/null +++ b/test-ca/ecdsa-p521/end.key @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBJ3psoaQ6uCFUWEEX +cXLwAGzu5+hm4bieFRnlVlFNPH/J8m8V10KpDI43+2R9u3ZidtsrFj1jrN+cS+0u +b9gmueChgYkDgYYABADDSQyzy/cYwzlk+Q+JVeF6TTiXMp6T2S4Gs8ztR8PmflpI +uCKZSe0ZiLaXR1DBjNaZFiqnch8tH4riMHJm5ydkkwEGOQn8I8zj2xHct75ByQjY +whMIbSkN9ZaWjRXwnlQrhkn7emdN/ooUyx49x+V2CmOXscvovO3i1YT1OJCMkvsT +yg== +-----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p521/end.req b/test-ca/ecdsa-p521/end.req new file mode 100644 index 0000000000..1726a9e552 --- /dev/null +++ b/test-ca/ecdsa-p521/end.req @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBWzCBvgIBADAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTCBmzAQBgcqhkjO +PQIBBgUrgQQAIwOBhgAEAMNJDLPL9xjDOWT5D4lV4XpNOJcynpPZLgazzO1Hw+Z+ +Wki4IplJ7RmItpdHUMGM1pkWKqdyHy0fiuIwcmbnJ2STAQY5CfwjzOPbEdy3vkHJ +CNjCEwhtKQ31lpaNFfCeVCuGSft6Z03+ihTLHj3H5XYKY5exy+i87eLVhPU4kIyS ++xPKoAAwCgYIKoZIzj0EAwIDgYsAMIGHAkIA1nmRLkhAStTXvVa2lJiSrNXtd22a +MdI6KeE0Aws6x4jeXhSsq9f8K71R1ANCiwZOzqvtqX03wUqtI9gg8tfKY+0CQV0O +/AEPmqQo0BP+ASBGG1VuJ01KCngFcFRI4lRkR1RNkNHX+XCVGrGgsl9L1eRlDBfz ++4xn4kYCcixnYTNa1ZQh +-----END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p521/end.revoked.crl.pem b/test-ca/ecdsa-p521/end.revoked.crl.pem new file mode 100644 index 0000000000..a76de96536 --- /dev/null +++ b/test-ca/ecdsa-p521/end.revoked.crl.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBVjCBuQIBATAKBggqhkjOPQQDBDAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwNTIxIGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yMzEyMjExNzIzMTVaFw0yMzEy +MjgxNzIzMTVaMCMwIQICAcgXDTIzMTIyMTE3MjMxNVowDDAKBgNVHRUEAwoBAaAw +MC4wHwYDVR0jBBgwFoAUeERPgspM+TeZbHLu4GbsyGDskCkwCwYDVR0UBAQCAhAB +MAoGCCqGSM49BAMEA4GLADCBhwJBMXDak7r+CTY6DR3KoKWZXEE22onBZg+CqHWv +FpbR/N8W/o/mfLzOzbDTF2LBjUOsIjKPKdwh8RyA3q3xIS02ApICQgCwxVFEVkz+ +lGwfv+bbuszMmOK7es62OSD+hBPZUim3nv1brEV+PSyjX+bzmPJ+6q1cVCw9uiGB +0XS+XnWSTJERGw== +-----END X509 CRL----- diff --git a/test-ca/ecdsa-p521/inter.cert b/test-ca/ecdsa-p521/inter.cert new file mode 100644 index 0000000000..a55af8fb5d --- /dev/null +++ b/test-ca/ecdsa-p521/inter.cert @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICSTCCAaugAwIBAgIBezAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow +MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVk +aWF0ZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAOKjqrbfJUM+AO3mQu9JRfD0 +nicl+oXDwkJV6KNmu5amcYNQWP/dkYpHnPRRTp32Lu9RJqcQpPj8lDyi+z4lkQdV +AdQBV184KQkNMprIsE9pNf97fkInmQPTP7m/F9ZyXRErH8RcUskEMfJ+axPuP066 +vDsbxy0bBvDiudmLrr3FKFBjo38wfTAdBgNVHQ4EFgQUeERPgspM+TeZbHLu4Gbs +yGDskCkwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwQF +MAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNa +Z8BuMAoGCCqGSM49BAMEA4GLADCBhwJCAS+FasMpApq/PuDY3iWiZTkmo/pnv0uC +T5idKSsm4qdHCRFh+WQsAsR4Pyw8dY6CK0Cfd9cIGzsOZoSGsV+v9umjAkEuzlo0 +mn2RHi2euaOLnKhBBxUF//y3rXICzilKQgc4ajT2NxICvIrC0f1Fhkg6a27LhaAn +MGxLBzv/KGg+R17wgg== +-----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/inter.key b/test-ca/ecdsa-p521/inter.key new file mode 100644 index 0000000000..8d6d80113a --- /dev/null +++ b/test-ca/ecdsa-p521/inter.key @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBqS1b/fzcxaPEXyvT +3qO/dmFcPd+r7b0vI9V0BNEcNrqyhLhcRQVkujWy8dJjllkvFVPBkSKemKH56S4z +74g9MI2hgYkDgYYABADio6q23yVDPgDt5kLvSUXw9J4nJfqFw8JCVeijZruWpnGD +UFj/3ZGKR5z0UU6d9i7vUSanEKT4/JQ8ovs+JZEHVQHUAVdfOCkJDTKayLBPaTX/ +e35CJ5kD0z+5vxfWcl0RKx/EXFLJBDHyfmsT7j9Ourw7G8ctGwbw4rnZi669xShQ +Yw== +-----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p521/inter.req b/test-ca/ecdsa-p521/inter.req new file mode 100644 index 0000000000..fd027a4048 --- /dev/null +++ b/test-ca/ecdsa-p521/inter.req @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBdTCB2AIBADAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwNTIxIGxldmVs +IDIgaW50ZXJtZWRpYXRlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA4qOqtt8l +Qz4A7eZC70lF8PSeJyX6hcPCQlXoo2a7lqZxg1BY/92Rikec9FFOnfYu71EmpxCk ++PyUPKL7PiWRB1UB1AFXXzgpCQ0ymsiwT2k1/3t+QieZA9M/ub8X1nJdESsfxFxS +yQQx8n5rE+4/Trq8OxvHLRsG8OK52YuuvcUoUGOgADAKBggqhkjOPQQDAgOBiwAw +gYcCQSsQTDtq5TVDdSEuiINUpfh/yV3hpNZQsUEkJrt0eqTeMTiUoDSOlzbsPR6H +sAXAeH+AoIUgAiyQwupwDK97wOX8AkIB1TRbZjAQJWsnx8bqGeGkGMsX5bdaGt/c +rGf5cOi12esPo19Jll+RbcQ7cvkL5PUgwTalFQu82YoTh4y6G4d5uEI= +-----END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p521/inter.revoked.crl.pem b/test-ca/ecdsa-p521/inter.revoked.crl.pem new file mode 100644 index 0000000000..22431b0906 --- /dev/null +++ b/test-ca/ecdsa-p521/inter.revoked.crl.pem @@ -0,0 +1,9 @@ +-----BEGIN X509 CRL----- +MIIBRDCBpgIBATAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RT +QSBwNTIxIENBFw0yMzEyMjExNzIzMTVaFw0yMzEyMjgxNzIzMTVaMCIwIAIBexcN +MjMxMjIxMTcyMzE1WjAMMAoGA1UdFQQDCgEBoDAwLjAfBgNVHSMEGDAWgBSG+Epf +TMP8CQOwAdbAU4STWmfAbjALBgNVHRQEBAICEAEwCgYIKoZIzj0EAwQDgYwAMIGI +AkIAjjT7o9peCiOmpE69FsMxEoclR6ZcFLi+/bc2DEixrmwMpg5ntfN0dEAKUw+b +UfhFfXkmFyvoHX3PbGIB4sMR3XwCQgH/YrP4MYQRK9uzqipzCMh7ZQpDwHiiv8Vc +5ePHmDyPKix5JibjSK8HQ/xSUc8l8PFKoMTyRLcUkCtq8C/MjB2FqA== +-----END X509 CRL----- diff --git a/test-ca/ecdsa/ca.cert b/test-ca/ecdsa/ca.cert deleted file mode 100644 index 0e0017b8c8..0000000000 --- a/test-ca/ecdsa/ca.cert +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIByTCCAVCgAwIBAgIUeZqAHHuoavuELrRjQI5C2u1Yfn8wCgYIKoZIzj0EAwIw -HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcN -MzMxMDIwMTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABMY2qaD6fLoR3X7iNVzc1fXiP45ndjhNU+h9ZjDE -tFrJD+NtaiC2L39leMksfGG9LTzeuZR3l6KaXKcXPjEKsohotv6SYtrtw1IZT4oI -exUVXVUuo0Tq8JMoeYmSBY0egaNTMFEwHQYDVR0OBBYEFKJ+6/Eduk7UEWurmHlh -+MMtFCS5MB8GA1UdIwQYMBaAFKJ+6/Eduk7UEWurmHlh+MMtFCS5MA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDZwAwZAIwSqLm28kaRhlRL+C6rC7jIIRTJ0lm -pq+9PMU50cHbnL1NDgCy86Q8/EogQHYS1PXDAjAQxSSTztVAMqCB9CxcXmAM9wRW -T4+ZiLscgZuFGfHWB69pWloR39vLw72w3RbDRpE= ------END CERTIFICATE----- diff --git a/test-ca/ecdsa/ca.der b/test-ca/ecdsa/ca.der deleted file mode 100644 index 100fd6029f96efd3da8aa1467c7c09ab47eea20e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 461 zcmXqLVmxWk#2B!EnTe5!Nu+XCgG}{`tluqqTaq36oNm31sH->NV&l+i^EhYA!pvkK zV<=@H!NwfQ!ptLBke^psl3$*u;OguW?5N=EXdoxfYh-L_0K{e{1_s7a;=INnt^t%w zKzEse02@2lCMHHUR_#U>1|{Ys29{%HD;NB#*(G?l?vZKCovU9T+4rTFS@;IOs7*6C zvL)&y|Kr>&g>CxvsTC)6Y7+PA+T7bYrF{CLSuxAS?F_j#b!2S&H!11X+rvSU{#_i^ zqN1^(dW&6NeVD9K**S@|SFUk!utA`KEYMG~d@N!tB8%!?f0W(jcSSIJ^^D5IABS~C zRCXH3gQS&NBn-qFuq)sPDG+94{LjK_zzn321C2SI!61dnz-!U7+b5;mBm?yy>{_Gu zSfM3Y-7{_3`n@(sEiWFtJ!h{kAH$~4OKkplDL9k~UHN*L$w1(!%H(rb9gG$bb(39po!7Ppz;3#W+p}^CXveZob3}H`s-Rs>DtGvw7QyFDe+~Zl8&U2k)ffv zk+Gp^lsK=kv7wQn1(Z8cQ@&oyfR&9|JGFpWkzodJdc|yB{_OB`&MBV{%&RflnNhPY z_i_9+r;YyC8uCso4mJohkY!^ImE~g*V-c~4YGe9xSEL}~&eK?BSH@>P$F=4d$b+Pn zStJa^8n7$i2PqI{Wc<&bb(39po!7Ppz;3#W+p}^CXwJRI;oDE{`MV`xh?i)Q@N^b<;+DBm2@NxjEoJ< zObiT+qr`cQjSUTq44~YJn)3Bp2CQt%+NlN1iVU?T{m1sHBsHAf^|YO@UF&Gk##fxH zKA(6z<@1I1>u$AY76%&y8pyIShsyG?h_Q&giO#$(UG{nAg}oLW+Y5i*SD$`!zkxhR zTA4+{K&%0~0)CJJVMfOPEUX61jEvs@VfH&RoY3xEzr?4=^#0YV*RLywObc-Fv~yC-;B$Y0I~Q>Fb*GYxcF}i7);8|Hocd0JM~DcK`qY diff --git a/test-ca/eddsa/ca.key b/test-ca/eddsa/ca.key index f1f4c3cefd..00f9a51dc4 100644 --- a/test-ca/eddsa/ca.key +++ b/test-ca/eddsa/ca.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIBghvincUxfOg+M781C9ryJ9FQ1xT0EkCNNe7PaE5mIa +MC4CAQAwBQYDK2VwBCIEIMFptLNAyZcW37rMyj9laRboQc1mjiS62zgMVVWvnU5p -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/client.cert b/test-ca/eddsa/client.cert index ec6f18f13b..d159479196 100644 --- a/test-ca/eddsa/client.cert +++ b/test-ca/eddsa/client.cert @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- MIIBlDCCAUagAwIBAgICAxUwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTAyMzE2NDAwNFoXDTI5MDQx -NDE2NDAwNFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA -J4orr/JsbIidCCuuxXRvEUVN5yMAeoOQLhxTj9bt9H2jgZswgZgwDAYDVR0TAQH/ +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTIyMTE3MjMxNVoXDTI5MDYx +MjE3MjMxNVowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA +7i3DAVKkLlgm4KMmN86tsKmHg6V/gD8eJVUtEyWhKZqjgZswgZgwDAYDVR0TAQH/ BAIwADALBgNVHQ8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0O -BBYEFBJeM9KRUu8UH6UX9cqmBcI98+jQMEQGA1UdIwQ9MDuAFGelezYB8S5fQhGU -4RsvtTEEZ4aFoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF -BgMrZXADQQBGEzlbVkzJD0R+Wv4Zav4bhW5arIM7W8ursDYX96QZvqimSjW6nrIa -thOf5ia/nSJP72jfcYJ57lHeksaA8MgI +BBYEFHzt7FKo1DGy1FSmSWDgZEB/1jFrMEQGA1UdIwQ9MDuAFMcINYDLAH8hGurC +z9cuKO9ZIn4uoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF +BgMrZXADQQBAeVAmkUiaQYk4HS71pp9m715dxDU+Bx8FseiXdBaiTJgShWBwuDdz +Hmx3Yuu5/vGPyf+Eps05137tnxpQgYYO -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.chain b/test-ca/eddsa/client.chain index 2d0fe168bb..39d60fd742 100644 --- a/test-ca/eddsa/client.chain +++ b/test-ca/eddsa/client.chain @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AJwzAzcBUOC1W8DNjttmM/uKliQYIONZu9RNzjiGNSkyo38wfTAdBgNVHQ4EFgQU -Z6V7NgHxLl9CEZThGy+1MQRnhoUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFOxb -adcbdvOZ0L04CLdx+d8nl9m/MAUGAytlcANBABBykGh+W049HT0f8/ta2II1zBGo -bTgA/MLQjHx3f6wK+InKVGRRX4adWN3a8fk258P9HiVmLMovz5X+YlBH8QM= +AEZ0Q6H7K8Blul4086JDZCRWtzRM1Qh/Ppu4d5j+9duJo38wfTAdBgNVHQ4EFgQU +xwg1gMsAfyEa6sLP1y4o71kifi4wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFDha +hgL03RRwWNzlXSNFAeZMxyqcMAUGAytlcANBAFPdVYhESKRDGyoWLR3aqDaLN0nn +jxWzGRPtiLBxZLBmxKS4j5J6dCtKKX85E90oSmV/ElorbpGznBk2l+ky6wY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhRTtCxlQbL9jsIc2xbssnclPXmZojAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcNMzMxMDIw -MTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AH00j8a+JGKAzbrlhw6HKsVyseoJqvPI45Tz0IfXRn3Mo1MwUTAdBgNVHQ4EFgQU -7Ftp1xt285nQvTgIt3H53yeX2b8wHwYDVR0jBBgwFoAU7Ftp1xt285nQvTgIt3H5 -3yeX2b8wDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDIK4mvpExyNd/Veuvr0+iH -hh3JJ+FagRyoKzcIe/Wq6nSU7CllTb3QSkxt/2vLOe0RZ66CL3y+hm4Xpf3/+L0F +MIIBTDCB/6ADAgECAhR5rwmHkOFPLTkaLT9cqTrVZXkY9DAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4 +MTcyMzE1WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AJgNZ3ibDQ9rV85DZPPAnnwyuWh8rm3jX9ZCsU/WgG7Io1MwUTAdBgNVHQ4EFgQU +OFqGAvTdFHBY3OVdI0UB5kzHKpwwHwYDVR0jBBgwFoAUOFqGAvTdFHBY3OVdI0UB +5kzHKpwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQAsRwN+gYyaM5yN45Uo+R1y +tbiv8+TrEH0W8/oE/RCeRiPGV5qXpr2DqicljjNmNGixJ6ELuymaQ/1oMGuUDkEF -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.fullchain b/test-ca/eddsa/client.fullchain index 18f97ca53d..af1fe22ce2 100644 --- a/test-ca/eddsa/client.fullchain +++ b/test-ca/eddsa/client.fullchain @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- MIIBlDCCAUagAwIBAgICAxUwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTAyMzE2NDAwNFoXDTI5MDQx -NDE2NDAwNFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA -J4orr/JsbIidCCuuxXRvEUVN5yMAeoOQLhxTj9bt9H2jgZswgZgwDAYDVR0TAQH/ +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTIyMTE3MjMxNVoXDTI5MDYx +MjE3MjMxNVowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA +7i3DAVKkLlgm4KMmN86tsKmHg6V/gD8eJVUtEyWhKZqjgZswgZgwDAYDVR0TAQH/ BAIwADALBgNVHQ8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0O -BBYEFBJeM9KRUu8UH6UX9cqmBcI98+jQMEQGA1UdIwQ9MDuAFGelezYB8S5fQhGU -4RsvtTEEZ4aFoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF -BgMrZXADQQBGEzlbVkzJD0R+Wv4Zav4bhW5arIM7W8ursDYX96QZvqimSjW6nrIa -thOf5ia/nSJP72jfcYJ57lHeksaA8MgI +BBYEFHzt7FKo1DGy1FSmSWDgZEB/1jFrMEQGA1UdIwQ9MDuAFMcINYDLAH8hGurC +z9cuKO9ZIn4uoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF +BgMrZXADQQBAeVAmkUiaQYk4HS71pp9m715dxDU+Bx8FseiXdBaiTJgShWBwuDdz +Hmx3Yuu5/vGPyf+Eps05137tnxpQgYYO -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AJwzAzcBUOC1W8DNjttmM/uKliQYIONZu9RNzjiGNSkyo38wfTAdBgNVHQ4EFgQU -Z6V7NgHxLl9CEZThGy+1MQRnhoUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFOxb -adcbdvOZ0L04CLdx+d8nl9m/MAUGAytlcANBABBykGh+W049HT0f8/ta2II1zBGo -bTgA/MLQjHx3f6wK+InKVGRRX4adWN3a8fk258P9HiVmLMovz5X+YlBH8QM= +AEZ0Q6H7K8Blul4086JDZCRWtzRM1Qh/Ppu4d5j+9duJo38wfTAdBgNVHQ4EFgQU +xwg1gMsAfyEa6sLP1y4o71kifi4wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFDha +hgL03RRwWNzlXSNFAeZMxyqcMAUGAytlcANBAFPdVYhESKRDGyoWLR3aqDaLN0nn +jxWzGRPtiLBxZLBmxKS4j5J6dCtKKX85E90oSmV/ElorbpGznBk2l+ky6wY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhRTtCxlQbL9jsIc2xbssnclPXmZojAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcNMzMxMDIw -MTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AH00j8a+JGKAzbrlhw6HKsVyseoJqvPI45Tz0IfXRn3Mo1MwUTAdBgNVHQ4EFgQU -7Ftp1xt285nQvTgIt3H53yeX2b8wHwYDVR0jBBgwFoAU7Ftp1xt285nQvTgIt3H5 -3yeX2b8wDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDIK4mvpExyNd/Veuvr0+iH -hh3JJ+FagRyoKzcIe/Wq6nSU7CllTb3QSkxt/2vLOe0RZ66CL3y+hm4Xpf3/+L0F +MIIBTDCB/6ADAgECAhR5rwmHkOFPLTkaLT9cqTrVZXkY9DAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4 +MTcyMzE1WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AJgNZ3ibDQ9rV85DZPPAnnwyuWh8rm3jX9ZCsU/WgG7Io1MwUTAdBgNVHQ4EFgQU +OFqGAvTdFHBY3OVdI0UB5kzHKpwwHwYDVR0jBBgwFoAUOFqGAvTdFHBY3OVdI0UB +5kzHKpwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQAsRwN+gYyaM5yN45Uo+R1y +tbiv8+TrEH0W8/oE/RCeRiPGV5qXpr2DqicljjNmNGixJ6ELuymaQ/1oMGuUDkEF -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.key b/test-ca/eddsa/client.key index 6da45d1d70..7e95226cdb 100644 --- a/test-ca/eddsa/client.key +++ b/test-ca/eddsa/client.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIKk3Fv6+Yiql1JsyUSwF8dUg5xI2QJka7VCrvyY1V9pU +MC4CAQAwBQYDK2VwBCIEIIn2sO8HDl1w5hEPjF0FZh7PQm8tAkErbg4UctDE0jQZ -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/client.req b/test-ca/eddsa/client.req index 0c3ba64a6c..d7927614f8 100644 --- a/test-ca/eddsa/client.req +++ b/test-ca/eddsa/client.req @@ -1,6 +1,6 @@ -----BEGIN CERTIFICATE REQUEST----- MIGZME0CAQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA -J4orr/JsbIidCCuuxXRvEUVN5yMAeoOQLhxTj9bt9H2gADAFBgMrZXADQQBsOliJ -dN8NQkntaTuYRcvfLSEIiTR3bbqbB8Kseb8vEDRiVB8jwsfsZzDwuhTccNsRrNIL -hVycQSc7EUsvgWwC +7i3DAVKkLlgm4KMmN86tsKmHg6V/gD8eJVUtEyWhKZqgADAFBgMrZXADQQDpXE9Q +AsTzLPuVNGrRjqKkxSx0ZR1MU9pusj/pscyMZhVnbHUnOXUfNXTusVokOncHtSU6 +rrPNEQNOFPTbfOYJ -----END CERTIFICATE REQUEST----- diff --git a/test-ca/eddsa/client.revoked.crl.pem b/test-ca/eddsa/client.revoked.crl.pem index ea72c42aa1..9e451f3526 100644 --- a/test-ca/eddsa/client.revoked.crl.pem +++ b/test-ca/eddsa/client.revoked.crl.pem @@ -1,8 +1,8 @@ -----BEGIN X509 CRL----- MIH8MIGvAgEBMAUGAytlcDAuMSwwKgYDVQQDDCNwb255dG93biBFZERTQSBsZXZl -bCAyIGludGVybWVkaWF0ZRcNMjMxMDIzMTY0MDA0WhcNMjMxMDMwMTY0MDA0WjAj -MCECAgMVFw0yMzEwMjMxNjQwMDRaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQY -MBaAFGelezYB8S5fQhGU4RsvtTEEZ4aFMAsGA1UdFAQEAgIQATAFBgMrZXADQQDu -oFRRioDfvoo0wWllFqQzChcc57xs5kX5N4QhOJwDoJ3iOm9dWc3ZR6379CPKLx7s -PScMHpQmjzO/9RKlsTsD +bCAyIGludGVybWVkaWF0ZRcNMjMxMjIxMTcyMzE1WhcNMjMxMjI4MTcyMzE1WjAj +MCECAgMVFw0yMzEyMjExNzIzMTVaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQY +MBaAFMcINYDLAH8hGurCz9cuKO9ZIn4uMAsGA1UdFAQEAgIQATAFBgMrZXADQQCC +pFK+R+krCpjsmX0ZsIhzBRs9N+88m3NBInLy0Ea08lKA+/2FTNlOnjkx0v2B1PiO +8UKmZtwTjKoGzWLPR70D -----END X509 CRL----- diff --git a/test-ca/eddsa/end.cert b/test-ca/eddsa/end.cert index 941e942f5b..cafb166dcc 100644 --- a/test-ca/eddsa/end.cert +++ b/test-ca/eddsa/end.cert @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- MIIB0DCCAYKgAwIBAgICAcgwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTAyMzE2NDAwNFoXDTI5MDQx -NDE2NDAwNFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQAO -j64BOLMpqqxKiC0Dd2EPSToZFbm/p5WHSI4nNKZ+iaOB2DCB1TAMBgNVHRMBAf8E -AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQU/0iGbVq8VIt83pdkmn7MeRqoPE8w -RAYDVR0jBD0wO4AUZ6V7NgHxLl9CEZThGy+1MQRnhoWhIKQeMBwxGjAYBgNVBAMM +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTIyMTE3MjMxNVoXDTI5MDYx +MjE3MjMxNVowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQBG +aQQnDqqVjKAWWubCZJrG6S2ZZcI9/ZO65doj0GcDBqOB2DCB1TAMBgNVHRMBAf8E +AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUmyF3DidQEKhYUCk+ITezcqPhqAsw +RAYDVR0jBD0wO4AUxwg1gMsAfyEa6sLP1y4o71kifi6hIKQeMBwxGjAYBgNVBAMM EXBvbnl0b3duIEVkRFNBIENBggF7MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29t hwTGM2QBghVzZWNvbmQudGVzdHNlcnZlci5jb22HECABDbgAAAAAAAAAAAAAAAGC -CWxvY2FsaG9zdDAFBgMrZXADQQDpDp/hVJAWoKfGV/aZz72Slm480R0+KwDLrZSA -arvXA+K4TNCGLtA0WIFktwo/OvpOzfNRQMrnSjibcI/BeH8O +CWxvY2FsaG9zdDAFBgMrZXADQQA5X4Gdwo2e2TmhjgMcFB5SVbo/IPh3i8FaqKYc +k+O941Y4S0aBC/7zGZDZx2m0VAThR0eHsyGGnsKUB/uH1MoG -----END CERTIFICATE----- diff --git a/test-ca/eddsa/end.chain b/test-ca/eddsa/end.chain index 2d0fe168bb..39d60fd742 100644 --- a/test-ca/eddsa/end.chain +++ b/test-ca/eddsa/end.chain @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AJwzAzcBUOC1W8DNjttmM/uKliQYIONZu9RNzjiGNSkyo38wfTAdBgNVHQ4EFgQU -Z6V7NgHxLl9CEZThGy+1MQRnhoUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFOxb -adcbdvOZ0L04CLdx+d8nl9m/MAUGAytlcANBABBykGh+W049HT0f8/ta2II1zBGo -bTgA/MLQjHx3f6wK+InKVGRRX4adWN3a8fk258P9HiVmLMovz5X+YlBH8QM= +AEZ0Q6H7K8Blul4086JDZCRWtzRM1Qh/Ppu4d5j+9duJo38wfTAdBgNVHQ4EFgQU +xwg1gMsAfyEa6sLP1y4o71kifi4wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFDha +hgL03RRwWNzlXSNFAeZMxyqcMAUGAytlcANBAFPdVYhESKRDGyoWLR3aqDaLN0nn +jxWzGRPtiLBxZLBmxKS4j5J6dCtKKX85E90oSmV/ElorbpGznBk2l+ky6wY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhRTtCxlQbL9jsIc2xbssnclPXmZojAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcNMzMxMDIw -MTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AH00j8a+JGKAzbrlhw6HKsVyseoJqvPI45Tz0IfXRn3Mo1MwUTAdBgNVHQ4EFgQU -7Ftp1xt285nQvTgIt3H53yeX2b8wHwYDVR0jBBgwFoAU7Ftp1xt285nQvTgIt3H5 -3yeX2b8wDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDIK4mvpExyNd/Veuvr0+iH -hh3JJ+FagRyoKzcIe/Wq6nSU7CllTb3QSkxt/2vLOe0RZ66CL3y+hm4Xpf3/+L0F +MIIBTDCB/6ADAgECAhR5rwmHkOFPLTkaLT9cqTrVZXkY9DAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4 +MTcyMzE1WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AJgNZ3ibDQ9rV85DZPPAnnwyuWh8rm3jX9ZCsU/WgG7Io1MwUTAdBgNVHQ4EFgQU +OFqGAvTdFHBY3OVdI0UB5kzHKpwwHwYDVR0jBBgwFoAUOFqGAvTdFHBY3OVdI0UB +5kzHKpwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQAsRwN+gYyaM5yN45Uo+R1y +tbiv8+TrEH0W8/oE/RCeRiPGV5qXpr2DqicljjNmNGixJ6ELuymaQ/1oMGuUDkEF -----END CERTIFICATE----- diff --git a/test-ca/eddsa/end.fullchain b/test-ca/eddsa/end.fullchain index d7f40e665c..f1d9cbea48 100644 --- a/test-ca/eddsa/end.fullchain +++ b/test-ca/eddsa/end.fullchain @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- MIIB0DCCAYKgAwIBAgICAcgwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTAyMzE2NDAwNFoXDTI5MDQx -NDE2NDAwNFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQAO -j64BOLMpqqxKiC0Dd2EPSToZFbm/p5WHSI4nNKZ+iaOB2DCB1TAMBgNVHRMBAf8E -AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQU/0iGbVq8VIt83pdkmn7MeRqoPE8w -RAYDVR0jBD0wO4AUZ6V7NgHxLl9CEZThGy+1MQRnhoWhIKQeMBwxGjAYBgNVBAMM +RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTIyMTE3MjMxNVoXDTI5MDYx +MjE3MjMxNVowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQBG +aQQnDqqVjKAWWubCZJrG6S2ZZcI9/ZO65doj0GcDBqOB2DCB1TAMBgNVHRMBAf8E +AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUmyF3DidQEKhYUCk+ITezcqPhqAsw +RAYDVR0jBD0wO4AUxwg1gMsAfyEa6sLP1y4o71kifi6hIKQeMBwxGjAYBgNVBAMM EXBvbnl0b3duIEVkRFNBIENBggF7MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29t hwTGM2QBghVzZWNvbmQudGVzdHNlcnZlci5jb22HECABDbgAAAAAAAAAAAAAAAGC -CWxvY2FsaG9zdDAFBgMrZXADQQDpDp/hVJAWoKfGV/aZz72Slm480R0+KwDLrZSA -arvXA+K4TNCGLtA0WIFktwo/OvpOzfNRQMrnSjibcI/BeH8O +CWxvY2FsaG9zdDAFBgMrZXADQQA5X4Gdwo2e2TmhjgMcFB5SVbo/IPh3i8FaqKYc +k+O941Y4S0aBC/7zGZDZx2m0VAThR0eHsyGGnsKUB/uH1MoG -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AJwzAzcBUOC1W8DNjttmM/uKliQYIONZu9RNzjiGNSkyo38wfTAdBgNVHQ4EFgQU -Z6V7NgHxLl9CEZThGy+1MQRnhoUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFOxb -adcbdvOZ0L04CLdx+d8nl9m/MAUGAytlcANBABBykGh+W049HT0f8/ta2II1zBGo -bTgA/MLQjHx3f6wK+InKVGRRX4adWN3a8fk258P9HiVmLMovz5X+YlBH8QM= +AEZ0Q6H7K8Blul4086JDZCRWtzRM1Qh/Ppu4d5j+9duJo38wfTAdBgNVHQ4EFgQU +xwg1gMsAfyEa6sLP1y4o71kifi4wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFDha +hgL03RRwWNzlXSNFAeZMxyqcMAUGAytlcANBAFPdVYhESKRDGyoWLR3aqDaLN0nn +jxWzGRPtiLBxZLBmxKS4j5J6dCtKKX85E90oSmV/ElorbpGznBk2l+ky6wY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhRTtCxlQbL9jsIc2xbssnclPXmZojAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMDIzMTY0MDAzWhcNMzMxMDIw -MTY0MDAzWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AH00j8a+JGKAzbrlhw6HKsVyseoJqvPI45Tz0IfXRn3Mo1MwUTAdBgNVHQ4EFgQU -7Ftp1xt285nQvTgIt3H53yeX2b8wHwYDVR0jBBgwFoAU7Ftp1xt285nQvTgIt3H5 -3yeX2b8wDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDIK4mvpExyNd/Veuvr0+iH -hh3JJ+FagRyoKzcIe/Wq6nSU7CllTb3QSkxt/2vLOe0RZ66CL3y+hm4Xpf3/+L0F +MIIBTDCB/6ADAgECAhR5rwmHkOFPLTkaLT9cqTrVZXkY9DAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4 +MTcyMzE1WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AJgNZ3ibDQ9rV85DZPPAnnwyuWh8rm3jX9ZCsU/WgG7Io1MwUTAdBgNVHQ4EFgQU +OFqGAvTdFHBY3OVdI0UB5kzHKpwwHwYDVR0jBBgwFoAUOFqGAvTdFHBY3OVdI0UB +5kzHKpwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQAsRwN+gYyaM5yN45Uo+R1y +tbiv8+TrEH0W8/oE/RCeRiPGV5qXpr2DqicljjNmNGixJ6ELuymaQ/1oMGuUDkEF -----END CERTIFICATE----- diff --git a/test-ca/eddsa/end.key b/test-ca/eddsa/end.key index 6701332062..58a361dfbf 100644 --- a/test-ca/eddsa/end.key +++ b/test-ca/eddsa/end.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIBOlKbPZIvsapxU9ExsbukTI6M68Y+ke8/aF9OUPngSX +MC4CAQAwBQYDK2VwBCIEIFAeJeUKTXguiUHfGJmqh5nG8AdqjNDKQy9nctnekBE3 -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/end.req b/test-ca/eddsa/end.req index 779a4a398f..953d4b500e 100644 --- a/test-ca/eddsa/end.req +++ b/test-ca/eddsa/end.req @@ -1,6 +1,6 @@ -----BEGIN CERTIFICATE REQUEST----- -MIGYMEwCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQAO -j64BOLMpqqxKiC0Dd2EPSToZFbm/p5WHSI4nNKZ+iaAAMAUGAytlcANBACna8zs+ -HnR2QBS6cfrH2TkOzg7krQ9xGvrRNyeDFDhP/bdqsla/iAFcDMfMaLXDAuQ7xFsg -A6OUQDezwMZIbgM= +MIGYMEwCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQBG +aQQnDqqVjKAWWubCZJrG6S2ZZcI9/ZO65doj0GcDBqAAMAUGAytlcANBADE3pcNY +30zNG509Wxcvs0vZuTPmwZ9LtIjjbi10WPfMbEQ5oJISE4k7igpqVTEGTMV4Axyq +UaZv/WKqQ8MVbAM= -----END CERTIFICATE REQUEST----- diff --git a/test-ca/eddsa/end.revoked.crl.pem b/test-ca/eddsa/end.revoked.crl.pem index 5c2ffe0eb3..5c95a4f775 100644 --- a/test-ca/eddsa/end.revoked.crl.pem +++ b/test-ca/eddsa/end.revoked.crl.pem @@ -1,8 +1,8 @@ -----BEGIN X509 CRL----- MIH8MIGvAgEBMAUGAytlcDAuMSwwKgYDVQQDDCNwb255dG93biBFZERTQSBsZXZl -bCAyIGludGVybWVkaWF0ZRcNMjMxMDIzMTY0MDA0WhcNMjMxMDMwMTY0MDA0WjAj -MCECAgHIFw0yMzEwMjMxNjQwMDRaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQY -MBaAFGelezYB8S5fQhGU4RsvtTEEZ4aFMAsGA1UdFAQEAgIQATAFBgMrZXADQQA+ -tF2+zT/gIi7HYJwMeAdsvP9dsDUEEz/OtwnZCep7IhH979rGvTgQZJbllMfTurFs -Y/41ILf1+TzC8+9LGZwM +bCAyIGludGVybWVkaWF0ZRcNMjMxMjIxMTcyMzE1WhcNMjMxMjI4MTcyMzE1WjAj +MCECAgHIFw0yMzEyMjExNzIzMTVaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQY +MBaAFMcINYDLAH8hGurCz9cuKO9ZIn4uMAsGA1UdFAQEAgIQATAFBgMrZXADQQDU +R7YgYPMSfy7mZRJzG38amqx8Cuf1i6N5lL/IHI05tMN4ZQ7aHe6xxakxVTJw29dQ +bB7Hgh4VBRb/Sq+cqsQL -----END X509 CRL----- diff --git a/test-ca/eddsa/inter.cert b/test-ca/eddsa/inter.cert index e0dd534c5a..6c4c842ca5 100644 --- a/test-ca/eddsa/inter.cert +++ b/test-ca/eddsa/inter.cert @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMxMDIzMTY0MDA0WhcNMzMxMDIwMTY0MDA0WjAuMSwwKgYDVQQD +U0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAuMSwwKgYDVQQD DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AJwzAzcBUOC1W8DNjttmM/uKliQYIONZu9RNzjiGNSkyo38wfTAdBgNVHQ4EFgQU -Z6V7NgHxLl9CEZThGy+1MQRnhoUwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFOxb -adcbdvOZ0L04CLdx+d8nl9m/MAUGAytlcANBABBykGh+W049HT0f8/ta2II1zBGo -bTgA/MLQjHx3f6wK+InKVGRRX4adWN3a8fk258P9HiVmLMovz5X+YlBH8QM= +AEZ0Q6H7K8Blul4086JDZCRWtzRM1Qh/Ppu4d5j+9duJo38wfTAdBgNVHQ4EFgQU +xwg1gMsAfyEa6sLP1y4o71kifi4wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFDha +hgL03RRwWNzlXSNFAeZMxyqcMAUGAytlcANBAFPdVYhESKRDGyoWLR3aqDaLN0nn +jxWzGRPtiLBxZLBmxKS4j5J6dCtKKX85E90oSmV/ElorbpGznBk2l+ky6wY= -----END CERTIFICATE----- diff --git a/test-ca/eddsa/inter.key b/test-ca/eddsa/inter.key index af443e51d7..f47707a519 100644 --- a/test-ca/eddsa/inter.key +++ b/test-ca/eddsa/inter.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEII76J/qZcFnEZbXjx7SNcGAf/GqBdBhJ4vi8vtROn5V1 +MC4CAQAwBQYDK2VwBCIEIACsY1AVlJ0k6/9oIFXvgaRmg+xa4dUFLuoiX89XdIha -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/inter.req b/test-ca/eddsa/inter.req index 218417a7d0..84a48c5350 100644 --- a/test-ca/eddsa/inter.req +++ b/test-ca/eddsa/inter.req @@ -1,6 +1,6 @@ -----BEGIN CERTIFICATE REQUEST----- MIGtMGECAQAwLjEsMCoGA1UEAwwjcG9ueXRvd24gRWREU0EgbGV2ZWwgMiBpbnRl -cm1lZGlhdGUwKjAFBgMrZXADIQCcMwM3AVDgtVvAzY7bZjP7ipYkGCDjWbvUTc44 -hjUpMqAAMAUGAytlcANBABFku7ohuVUqK/iTUnXZewmU72aDU0oiu9HCZtE3mRLq -qX0R9t1Z2+eFGR6LHTqzdJNQUyIzflx6ye36DJXdWgs= +cm1lZGlhdGUwKjAFBgMrZXADIQBGdEOh+yvAZbpeNPOiQ2QkVrc0TNUIfz6buHeY +/vXbiaAAMAUGAytlcANBAI0uRTsuQuXSFlW4llEt1aOQ13oORdeZCrygDEl9ssAu +H3SaBwckseAV5mf6DpO1gk58Zhhq5wZ1NUw9i5DSkwo= -----END CERTIFICATE REQUEST----- diff --git a/test-ca/eddsa/inter.revoked.crl.pem b/test-ca/eddsa/inter.revoked.crl.pem index 963c18721b..970cefa45e 100644 --- a/test-ca/eddsa/inter.revoked.crl.pem +++ b/test-ca/eddsa/inter.revoked.crl.pem @@ -1,7 +1,7 @@ -----BEGIN X509 CRL----- MIHpMIGcAgEBMAUGAytlcDAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQRcN -MjMxMDIzMTY0MDA0WhcNMjMxMDMwMTY0MDA0WjAiMCACAXsXDTIzMTAyMzE2NDAw -NFowDDAKBgNVHRUEAwoBAaAwMC4wHwYDVR0jBBgwFoAU7Ftp1xt285nQvTgIt3H5 -3yeX2b8wCwYDVR0UBAQCAhABMAUGAytlcANBADOqMI246XRgiVUL5vsReN7R3ycY -lwW/n1lDScTl15ZwGNGj8YG0ZDeFoV9I0ptbmGhuzZfZcsugZcaONtQipQ4= +MjMxMjIxMTcyMzE1WhcNMjMxMjI4MTcyMzE1WjAiMCACAXsXDTIzMTIyMTE3MjMx +NVowDDAKBgNVHRUEAwoBAaAwMC4wHwYDVR0jBBgwFoAUOFqGAvTdFHBY3OVdI0UB +5kzHKpwwCwYDVR0UBAQCAhABMAUGAytlcANBAHzYdYmfUnKnS4ZWmFHqxD2ZVp9x +hjxB8a91h+TSlNSRms9r/BlTJxsIkTr18BVlRpsLiPig9y83/2JEIF3ABQ4= -----END X509 CRL----- diff --git a/test-ca/rsa/ca.cert b/test-ca/rsa/ca.cert index 44cdf39321..5dac1c9c49 100644 --- a/test-ca/rsa/ca.cert +++ b/test-ca/rsa/ca.cert @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUWGj6bltbjWrqNVeP8QkDGMmNV5AwDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMTAyMzE2NDAwMloX -DTMzMTAyMDE2NDAwMlowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvOn06bbCkCE7wuwCXojGngKuPj5k -oNB1k99U2X4CNiyPez3EhHFTRJ2sZ8XMf+mgVVS8QBmJb17mHzPDbKlVVqm8W5jV -n0q0AMFBTxbPzupI9puISAlrnnP1EgX4DM8WfPlzIYmVwR5G80qSKy1YLjiQlI8J -N3E5HBQiTrVyjBpSAyAujhhDJ0pjkBRA1CuwU3wL4OM6VlRnaEXV4RiUxsQVnyy3 -15x2VIPYjWm4pj6HLbxvReTuJO+kZy1OJnkAY5f5OMXYbabcp5JBHDafrRh/C1ls -iCRzhfHuaxeMMSHSOSeiN7yrE23tVB/F+dQ3k3MQVziuMGngK0GJ+aYbQ9bo3JPf -kuUk0WMMGNfjnEPJ9WHOiEAaG90IF94s1oR3JKa7RepmCazf9hA7/2RMxlnxzhUl -JiZyNVG3HpnNzd37VGOpLt2UXhdtWNhcwUwHKXuAE2QYTVkQsCfEW+es/yN05Vyn -DHocS8vGReS9Jc+ABqpqF8nXd/BKUNrLI7hSZAP0MNeoHTWY0XBXxICeLGeU0S4B -fVe0WFmnuS0Mw/bowuG186lXbzZCqf8v0/95D+NoQdbv7M5bKN8Y/EC/+FbQHeuk -rL0ISplPxmLq9H1Ldt0P91Yc3FbMSvg7m5eTlYPFWuiFW7XKjIAtIsihEtGeDneT -C0+yenpLAEGOpOsCAwEAAaNTMFEwHQYDVR0OBBYEFBGSqBeIIX9SwLsIniIRrGy9 -TN26MB8GA1UdIwQYMBaAFBGSqBeIIX9SwLsIniIRrGy9TN26MA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBACzcRcYKjUFndZjGhGQwGBtbZlSq4SX1 -YGhqO8sov3uQiWhtSFcL3qTJy69pxB1nfTDiloMFGaXORYJgvyRnD3fZugFiTp+C -LRcQnStiZZWxsCARLQ78FOTy8hMxA5U47BE9h4Ut8eIbDsvBaGYWYGntUqSf0qjK -tFjmmmeQI8EKv1YI3gDnkgoGNwycmXXYhPct4sjRnl158B60bneJwSCrla/BmLfM -PYHCzF7cE29k2n4oi4QUCaFh2Ozmrw14UuEfv6MSGzDXoKxHSs0YMLE8/AF7YeHv -6Wrd2BUOYMCmP0JK4s/JOoeNCWWZ1aA53C1Ch961/XToXzJILmCK9SaAYV/cu+Md -U26s8gRRVfW29OML9F5Caue4jruFc7GEv1zjM2tuSFk2Io2itZXfTed3JDuf49qu -AJoksI+J5iLzo55oL5wnYmtKlcF16EWaPXKDX8SlFWqAU1np9wpU9OZeB6g8UbAV -3TrMQ/sN6CKpPnasJPBIowapKZ3sGf/PQnZeEE5SJiBinm703xrSu13cm19tdGTE -SMGg6QerUfO9MWypM1ZAd8/TWH1a3rv6ezoyp+3HxoA6J5E0kIp9TswK+pVwxqHb -RkVObe8gIk+Q4q45bYuhdn/jZrQ4VNSi5/LJDvqIF/HDF3FzTRcoynIFrOJXNC7s -K4XIODjx7ooL +MIIFFTCCAv2gAwIBAgIUZBEaAuV4ORnPH4GxeJGyEiqXUN8wDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMTIyMTE3MjMxNFoX +DTMzMTIxODE3MjMxNFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzvK/b5WhfthXBMVIHboJJuR9XuG9 ++ioSrlzwT9DW7QV31UpgBUZyf1nvT7CmDplNiWZtpqSdJ9pjskBIj5dv4m5cX8A9 +fK1IATdkd6j5/c2ZFkqi5k9iPeJa5rZY6SoGKgvBEr/Y5oiO8HZJZOFetafSr6zV +WRAsKlagrmiNS0oiWC0P0yPVWZyhlHHbtYrHtF/CuWEJ9HqzUk9KeTPwgjfphlYJ +YM0bCZzqN8TEbWPksU1WnmU15YbTgjwI0bNjUXA7W9LmMvbW7EXFJ2+LI+oiF3mk +TQEXqhfdTL9NtqAikD+cfAM1y5e5QSpi8dQuexBteFtXphRZzFk8M9DVKHyngKTH +/QZo6B4Gj9VPrNRPlbPkpbnu8JWD7hO/22VLU4YhghsdwQ/833pfokdV89NMoLo4 +JOUzbTTGtjH0bq6LWTMtLifuQ4H0D1WLtdy/EGgKptnTaeYaXNYT7+v+NNcBHaW8 +W3Orbx0s9IXgQnZTk1u03RbRdIxNxqm+HYEM8gT6S9IUymNZkzDCfZC0bC/saevd +zVE2xpZmuLOfhDl+EcalDYNPrM72+NzkAwRPFGec+bcUEhBxhvxpav+SxDiRC1gD +43qFU7hVfuqVH/EFp0lR3I3Xo8TZ5OIgEyJ5vQH5Ne1+C+sqdCqdGoqf1TZuIE80 +ZwKYcMnRwDXpiGsCAwEAAaNTMFEwHQYDVR0OBBYEFEIQj1cHn3me0sRqu6KjbEb2 +kb8rMB8GA1UdIwQYMBaAFEIQj1cHn3me0sRqu6KjbEb2kb8rMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEKDnm8x+NOaWNrPNH5kIlGD0tGdDJvw +/KvBZmkMcgFkb4zhbbeUmlu0j5CX4+6Lck0uw62zRgP4Nw3x36W3DL7pmoV4MYHC +djNG1ruNoojvgZyyGgMaSabto0nSHSE9opAorrSXB9RoOv2WcBuQSBNl72eaCQ1F +4kAYjKN6ZwPxEdTsdEmqWyUyEPy6E5kNoM0jW1uI2ZBxzbIOYeePvQ3muUSIMtmC +jShiEOOpmYpzENsAMouY3ZN+CWVS5kB5umnYSviQlAVEKSjC764FD9vMLL+rNhfP +fz+y6EhKcnnYy7mdXIRY73uh5eMyCLUO0yr2Y2ophhD8D79f2w7KtYjaSKfAch0L +lETe9Ch+fGDxUCph3J1IuR/3n01ZjB47WXu/yDZ6s7SHGXIgPaptzP+nZkDnmlZX +bvjB5s6r4U2spuqeLxrwd/1Jin7It+LOYLVmkihpbta9+/KKiXOuSYN1rSiQ2XKp +n1ZN0XxhcZzsALklBIU+Lm11b8gPVS7rXqll/sDmaAH9Iw+AXwUYjCb62Gy58yzu +uk3Q+msRr3oVI9bBhmEXmZxyENYJrw305qOlI3+tHBoJLUSP6zQ214aEu4trJr5K +kmbF7DZRG9MSBXeRk7e5ojK13xI1/XCjgIOTkGxF4rEFbVwhc0B8zS/2x3zw0fkE +M4J0J+gz0QYr -----END CERTIFICATE----- diff --git a/test-ca/rsa/ca.der b/test-ca/rsa/ca.der index 9b69d76cb91e22228db95d805a464090739bb275..a8770533d28dcdbde30407deefadd38515f05c2e 100644 GIT binary patch delta 1182 zcmV;P1Y!G`3YiKcFoFdYFoFX8paTK{0s<6d5gG#JcsUu*AAzxWk+Kphmr&o4BQh8= zGBGhXGBYtWS{Ds7GchtTI59UeGch!gZ9ad_^1pADp?=s`1jR@lx(O!aeO}?c`YIBx zT<}lO*6js%)k3TwlOFe62_UH)MCH z`TfnA7D}S#PhvgdTIRM`=_&>)3&9e<*yf0i@ODXL;a;_;(yy%5Sr9BLR-mqEjZ1$@ zB3LaC(<9YcoS~F)+qH_vv|qxxVF~nlvrLM3;q)h=Asu$f%zfHEFB9K3vd;>Mh zm$^YIV)4{2dk}4STUVwOSu8UbSEiNbSLxJ=URg1OU zzYu5&rrFbJ<{Dhq6YuN(G}i$grMz2nt8X1F^o8I;c2kpEwA~ibbc{{LslI<5fei8l z`b*Lj%41oRFv5M1v}`ZzY3tq1Q8vbwX1KGTggJf@#-$B|Ppr=N_}t_J1Wy!aocXsD z5)g5Q{Ap_clEgTX3s?i=dWBQCRetJ~AMpjJNm1O5*Q3PQ4<9r0|5X5qf;}pLw3r z#A>^uqija@k-sZ29|i+e9U}x7FcyFmLJ*Hv2cLPK(!^@JqN8j^_L09Ulk@^5e?o(v zZ!!4OnpoP;G=5|vQG?RaoeZ1s{HwucX$*1!WN(b&ZMT$~TeOdmm*eh>a!oG7t+Pf0 z_%{vl-=((;y@UTqk3lpfAJC2>~u-0TO~3O{JImF4WP{fVDq-B6NVy;PpG{ee9y?ikzsNRvv$Tg9av(jbZOs3tWYgte@OS-5ihjtq;?7{TW|AmrZq~i~@`{Obu1SM+ttgP$a;cwIP0@T| zah&V`xg`XJJ}zx_Z^#c-e=h4@sb&7a=4b)^BM*RI1sIGb`q*r_^DOSVP0;#l5wCg` zBi6x&VHcU4auC)DuMPC(qopH%tsEK&Ekuv&G&a|Ugu9DtCca9NX2t9_Q5(||1$U8? wx4EJ+wcipo{cxjzgOiYKMdGmqZCoL9Kzz+F_Q!ni(fI^3f^;Y71T)bFD@QIfJ^%m! delta 1182 zcmV;P1Y!G`3YiKcFoFdYFoFX8paTK{0s<6RX!>qjTa9Y!HCK=E2?H3(jaQJ7BQh8; zGBYtYG%zqSS{Ds7GchnSFfleXFfcNaZ9adz>GbKg!jK_5!t4TGh{m1*u0B3wpwM-b z-&EOt0yZp(m5xhH@vG8 zZS7Pa#rf1XlXDPPIIb{h;449i`KEsxL)Pfrli!l%B++9G7}w*RL&^1F&WJ!78{G&O z-YnLHcO<5}Me1e=tl#z!JO5-%##!;s6(uGnay3!69+}O}-TPEysV?1=UKedx*j&L( z2Pu1i6J!`oSrD)%#9QaA|08teT&E0r981f_MdZCD&wvK1Y8T1ZckoJ3+RJ|E^nFWq-4FLx9NbpSO87gQmy?x)#aifvTeZrJ zfGr}(p%T%a4tJ9aPqKP?O8`wlj-=}X0|5X5qf;ZA`z@?y-eM@lk@^5e=OWZ z#tMx=XLXpygk&%n8(U^ns^KN|U}$PP%P7Blkcnt*NLLHqq{+*#X~Z38eK6vdg9RC- z&P9S?za(c5ciFlDVosleEf)}-D`I7pv9KT!Ee`w?=8YOg)Q;o8xG6C zXl52*Y3)*^pVFwxv{>evXOJVoe+s`=2;Knak_rYl44j#D*o5~j;>gjSU3u^xv~G8a z!62)ZufdqN%sqj^%wF6RZ)DnjD2s#?387)w?B=fxcv9gXzoQZxFxQ~0M@r2YFtI%R z0efNL@9ApY*cA?7z@|S!O5)GSI){x3Wtr8WIovHmhu*dQbm(6)NG@QCfAuDSVPD+4 z;~i6Otnvg=RrR*?;|ug<cx@j=P0(v4p=|<1=e+NLe-_jiR-c-%aOtBs-tu+O7ba zB(RT(<|6Z>o@g(eCt_<#mBDrBMVdWwgI~m@6>5M}S?Tu*RP^Rv2dF$zuoc}p%tQMP z=pv~;cB~}uNTUX+DV^*YfB(-yc3u!pQYIi`o^JHt8q&L6+?!u*bY#Rx!Jz2}t5Ng4 zF>I+bRzP>p(^!34-n;sHIx?s2$Hss Date: Fri, 22 Dec 2023 10:34:48 +0000 Subject: [PATCH 0580/1145] Avoid extraenous `.iter()` in for loops clippy was complaining about manual `.into_iter()` calls, but actually the manual `.iter()` calls are also not very idiomatic. --- rustls/tests/api.rs | 86 ++++++++++++++++++++++----------------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 34d1d5b60c..83aa7b916f 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -397,7 +397,7 @@ fn buffered_both_data_sent() { #[test] fn client_can_get_server_cert() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { for version in rustls::ALL_VERSIONS { let client_config = make_client_config_with_versions(*kt, &[version]); let (mut client, mut server) = @@ -412,7 +412,7 @@ fn client_can_get_server_cert() { #[test] fn client_can_get_server_cert_after_resumption() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let server_config = make_server_config(*kt); for version in rustls::ALL_VERSIONS { let client_config = make_client_config_with_versions(*kt, &[version]); @@ -435,7 +435,7 @@ fn client_can_get_server_cert_after_resumption() { #[test] fn server_can_get_client_cert() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let server_config = Arc::new(make_server_config_with_mandatory_client_auth(*kt)); for version in rustls::ALL_VERSIONS { @@ -452,7 +452,7 @@ fn server_can_get_client_cert() { #[test] fn server_can_get_client_cert_after_resumption() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let server_config = Arc::new(make_server_config_with_mandatory_client_auth(*kt)); for version in rustls::ALL_VERSIONS { @@ -515,7 +515,7 @@ fn test_config_builders_debug() { #[test] fn server_allow_any_anonymous_or_authenticated_client() { let kt = KeyType::Rsa; - for client_cert_chain in [None, Some(kt.get_client_chain())].iter() { + for client_cert_chain in [None, Some(kt.get_client_chain())] { let client_auth_roots = get_client_root_store(kt); let client_auth = webpki_client_verifier_builder(client_auth_roots.clone()) .allow_unauthenticated() @@ -861,7 +861,7 @@ impl ResolvesServerCert for ServerCheckCertResolve { #[test] fn server_cert_resolve_with_sni() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let client_config = make_client_config(*kt); let mut server_config = make_server_config(*kt); @@ -882,7 +882,7 @@ fn server_cert_resolve_with_sni() { #[test] fn server_cert_resolve_with_alpn() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let mut client_config = make_client_config(*kt); client_config.alpn_protocols = vec!["foo".into(), "bar".into()]; @@ -903,7 +903,7 @@ fn server_cert_resolve_with_alpn() { #[test] fn client_trims_terminating_dot() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let client_config = make_client_config(*kt); let mut server_config = make_server_config(*kt); @@ -1002,7 +1002,7 @@ impl ResolvesServerCert for ServerCheckNoSni { #[test] fn client_with_sni_disabled_does_not_send_sni() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let mut server_config = make_server_config(*kt); server_config.cert_resolver = Arc::new(ServerCheckNoSni {}); let server_config = Arc::new(server_config); @@ -1024,7 +1024,7 @@ fn client_with_sni_disabled_does_not_send_sni() { #[test] fn client_checks_server_certificate_with_given_name() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let server_config = Arc::new(make_server_config(*kt)); for version in rustls::ALL_VERSIONS { @@ -1059,7 +1059,7 @@ fn client_checks_server_certificate_with_given_ip_address() { do_handshake_until_error(&mut client, &mut server) } - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let server_config = Arc::new(make_server_config(*kt)); for version in rustls::ALL_VERSIONS { @@ -1098,7 +1098,7 @@ fn client_checks_server_certificate_with_given_ip_address() { #[test] fn client_check_server_certificate_ee_revoked() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let server_config = Arc::new(make_server_config(*kt)); // Setup a server verifier that will check the EE certificate's revocation status. @@ -1127,7 +1127,7 @@ fn client_check_server_certificate_ee_revoked() { #[test] fn client_check_server_certificate_ee_unknown_revocation() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let server_config = Arc::new(make_server_config(*kt)); // Setup a server verifier builder that will check the EE certificate's revocation status, but not @@ -1175,7 +1175,7 @@ fn client_check_server_certificate_ee_unknown_revocation() { #[test] fn client_check_server_certificate_intermediate_revoked() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let server_config = Arc::new(make_server_config(*kt)); // Setup a server verifier builder that will check the full chain revocation status against a CRL @@ -1229,7 +1229,7 @@ fn client_check_server_certificate_intermediate_revoked() { /// so isn't used by the other existing verifier tests. #[test] fn client_check_server_certificate_helper_api() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let chain = kt.get_chain(); let correct_roots = get_client_root_store(*kt); let incorrect_roots = get_client_root_store(match kt { @@ -1372,7 +1372,7 @@ fn test_client_cert_resolve( fn client_cert_resolve_default() { // Test that in the default configuration that a client cert resolver gets the expected // CA subject hints, and supported signature algorithms. - for key_type in ALL_KEY_TYPES.into_iter() { + for key_type in ALL_KEY_TYPES { let server_config = Arc::new(make_server_config_with_mandatory_client_auth(*key_type)); // In a default configuration we expect that the verifier's trust anchors are used @@ -1400,7 +1400,7 @@ fn client_cert_resolve_default() { fn client_cert_resolve_server_no_hints() { // Test that a server can provide no hints and the client cert resolver gets the expected // arguments. - for key_type in ALL_KEY_TYPES.into_iter() { + for key_type in ALL_KEY_TYPES { // Build a verifier with no hint subjects. let verifier = webpki_client_verifier_builder(get_client_root_store(*key_type)) .clear_root_hint_subjects(); @@ -1415,7 +1415,7 @@ fn client_cert_resolve_server_added_hint() { // Test that a server can add an extra subject above/beyond those found in its trust store // and the client cert resolver gets the expected arguments. let extra_name = b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponyland IDK CA".to_vec(); - for key_type in ALL_KEY_TYPES.into_iter() { + for key_type in ALL_KEY_TYPES { let expected_hint_subjects = vec![ match key_type { KeyType::Rsa => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..], @@ -1446,7 +1446,7 @@ fn client_cert_resolve_server_added_hint() { #[test] fn client_auth_works() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let server_config = Arc::new(make_server_config_with_mandatory_client_auth(*kt)); for version in rustls::ALL_VERSIONS { @@ -1460,7 +1460,7 @@ fn client_auth_works() { #[test] fn client_mandatory_auth_client_revocation_works() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { // Create a server configuration that includes a CRL that specifies the client certificate // is revoked. let relevant_crls = vec![kt.client_crl()]; @@ -1532,7 +1532,7 @@ fn client_mandatory_auth_client_revocation_works() { #[test] fn client_mandatory_auth_intermediate_revocation_works() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { // Create a server configuration that includes a CRL that specifies the intermediate certificate // is revoked. We check the full chain for revocation status (default), and allow unknown // revocation status so the EE's unknown revocation status isn't an error. @@ -1581,7 +1581,7 @@ fn client_mandatory_auth_intermediate_revocation_works() { #[test] fn client_optional_auth_client_revocation_works() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { // Create a server configuration that includes a CRL that specifies the client certificate // is revoked. let crls = vec![kt.client_crl()]; @@ -2013,7 +2013,7 @@ fn client_complete_io_for_handshake_eof() { #[test] fn client_complete_io_for_write() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let (mut client, mut server) = make_pair(*kt); do_handshake(&mut client, &mut server); @@ -2042,7 +2042,7 @@ fn client_complete_io_for_write() { #[test] fn buffered_client_complete_io_for_write() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let (mut client, mut server) = make_pair(*kt); do_handshake(&mut client, &mut server); @@ -2071,7 +2071,7 @@ fn buffered_client_complete_io_for_write() { #[test] fn client_complete_io_for_read() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let (mut client, mut server) = make_pair(*kt); do_handshake(&mut client, &mut server); @@ -2092,7 +2092,7 @@ fn client_complete_io_for_read() { #[test] fn server_complete_io_for_handshake() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let (mut client, mut server) = make_pair(*kt); assert!(server.is_handshaking()); @@ -2119,7 +2119,7 @@ fn server_complete_io_for_handshake_eof() { #[test] fn server_complete_io_for_write() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let (mut client, mut server) = make_pair(*kt); do_handshake(&mut client, &mut server); @@ -2147,7 +2147,7 @@ fn server_complete_io_for_write() { #[test] fn server_complete_io_for_read() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let (mut client, mut server) = make_pair(*kt); do_handshake(&mut client, &mut server); @@ -2185,7 +2185,7 @@ enum StreamKind { } fn test_client_stream_write(stream_kind: StreamKind) { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let (mut client, mut server) = make_pair(*kt); let data = b"hello"; { @@ -2201,7 +2201,7 @@ fn test_client_stream_write(stream_kind: StreamKind) { } fn test_server_stream_write(stream_kind: StreamKind) { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let (mut client, mut server) = make_pair(*kt); let data = b"hello"; { @@ -2260,7 +2260,7 @@ fn test_stream_read(read_kind: ReadKind, mut stream: impl Read, data: &[u8]) { } fn test_client_stream_read(stream_kind: StreamKind, read_kind: ReadKind) { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let (mut client, mut server) = make_pair(*kt); let data = b"world"; server.writer().write_all(data).unwrap(); @@ -2280,7 +2280,7 @@ fn test_client_stream_read(stream_kind: StreamKind, read_kind: ReadKind) { } fn test_server_stream_read(stream_kind: StreamKind, read_kind: ReadKind) { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let (mut client, mut server) = make_pair(*kt); let data = b"world"; client.writer().write_all(data).unwrap(); @@ -2786,7 +2786,7 @@ fn do_exporter_test(client_config: ClientConfig, server_config: ServerConfig) { #[cfg(feature = "tls12")] #[test] fn test_tls12_exporter() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let client_config = make_client_config_with_versions(*kt, &[&rustls::version::TLS12]); let server_config = make_server_config(*kt); @@ -2796,7 +2796,7 @@ fn test_tls12_exporter() { #[test] fn test_tls13_exporter() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let client_config = make_client_config_with_versions(*kt, &[&rustls::version::TLS13]); let server_config = make_server_config(*kt); @@ -2970,7 +2970,7 @@ static TEST_CIPHERSUITES: &[(&rustls::SupportedProtocolVersion, KeyType, CipherS #[test] fn negotiated_ciphersuite_default() { - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { do_suite_test( make_client_config(*kt), make_server_config(*kt), @@ -2987,7 +2987,7 @@ fn all_suites_covered() { #[test] fn negotiated_ciphersuite_client() { - for item in TEST_CIPHERSUITES.iter() { + for item in TEST_CIPHERSUITES { let (version, kt, suite) = *item; let scs = find_suite(suite); let client_config = finish_client_config( @@ -3009,7 +3009,7 @@ fn negotiated_ciphersuite_client() { #[test] fn negotiated_ciphersuite_server() { - for item in TEST_CIPHERSUITES.iter() { + for item in TEST_CIPHERSUITES { let (version, kt, suite) = *item; let scs = find_suite(suite); let server_config = finish_server_config( @@ -4054,7 +4054,7 @@ mod test_quic { let client_params = &b"client params"[..]; let server_params = &b"server params"[..]; - for &kt in ALL_KEY_TYPES.iter() { + for &kt in ALL_KEY_TYPES { let client_config = make_client_config_with_versions(kt, &[&rustls::version::TLS13]); let client_config = Arc::new(client_config); @@ -4472,7 +4472,7 @@ mod test_quic { #[test] fn test_quic_exporter() { - for &kt in ALL_KEY_TYPES.iter() { + for &kt in ALL_KEY_TYPES { let client_config = make_client_config_with_versions(kt, &[&rustls::version::TLS13]); let server_config = make_server_config_with_versions(kt, &[&rustls::version::TLS13]); @@ -4488,7 +4488,7 @@ fn test_client_does_not_offer_sha1() { }; use rustls::HandshakeType; - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { for version in rustls::ALL_VERSIONS { let client_config = make_client_config_with_versions(*kt, &[version]); let (mut client, _) = make_pair_for_configs(client_config, make_server_config(*kt)); @@ -4839,7 +4839,7 @@ fn test_client_mtu_reduction() { collector.writevs[0].clone() } - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { let mut client_config = make_client_config(*kt); client_config.max_fragment_size = Some(64); let mut client = @@ -4925,7 +4925,7 @@ fn bad_client_max_fragment_sizes() { #[test] fn handshakes_complete_and_data_flows_with_gratuitious_max_fragment_sizes() { // general exercising of msgs::fragmenter and msgs::deframer - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { for version in rustls::ALL_VERSIONS { // no hidden significance to these numbers for frag_size in [37, 61, 101, 257] { @@ -5277,7 +5277,7 @@ fn test_no_warning_logging_during_successful_sessions() { CountingLogger::install(); CountingLogger::reset(); - for kt in ALL_KEY_TYPES.iter() { + for kt in ALL_KEY_TYPES { for version in rustls::ALL_VERSIONS { let client_config = make_client_config_with_versions(*kt, &[version]); let (mut client, mut server) = From b1101a8737674384600a9e1767885721af4cc687 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 22 Dec 2023 10:44:48 +0000 Subject: [PATCH 0581/1145] De-duplicate knowledge of test-ca/ CA names --- rustls/tests/api.rs | 36 ++++++------------------------------ rustls/tests/common/mod.rs | 16 ++++++++++++++++ 2 files changed, 22 insertions(+), 30 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 83aa7b916f..7c9358988b 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1377,20 +1377,9 @@ fn client_cert_resolve_default() { // In a default configuration we expect that the verifier's trust anchors are used // for the hint subjects. - let expected_root_hint_subjects = vec![match *key_type { - KeyType::Rsa => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..], - KeyType::EcdsaP256 => { - &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p256 CA"[..] - } - KeyType::EcdsaP384 => { - &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p384 CA"[..] - } - KeyType::EcdsaP521 => { - &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p521 CA"[..] - } - KeyType::Ed25519 => &b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown EdDSA CA"[..], - } - .to_vec()]; + let expected_root_hint_subjects = vec![key_type + .ca_distinguished_name() + .to_vec()]; test_client_cert_resolve(*key_type, server_config, expected_root_hint_subjects); } @@ -1417,22 +1406,9 @@ fn client_cert_resolve_server_added_hint() { let extra_name = b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponyland IDK CA".to_vec(); for key_type in ALL_KEY_TYPES { let expected_hint_subjects = vec![ - match key_type { - KeyType::Rsa => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..], - KeyType::EcdsaP256 => { - &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p256 CA"[..] - } - KeyType::EcdsaP384 => { - &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p384 CA"[..] - } - KeyType::EcdsaP521 => { - &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p521 CA"[..] - } - KeyType::Ed25519 => { - &b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown EdDSA CA"[..] - } - } - .to_vec(), + key_type + .ca_distinguished_name() + .to_vec(), extra_name.clone(), ]; // Create a verifier that adds the extra_name as a hint subject in addition to the ones diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 44b0c856e0..be48374995 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -323,6 +323,22 @@ impl KeyType { .next() // We only expect one CRL. .unwrap() } + + pub fn ca_distinguished_name(&self) -> &'static [u8] { + match self { + KeyType::Rsa => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..], + KeyType::EcdsaP256 => { + &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p256 CA"[..] + } + KeyType::EcdsaP384 => { + &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p384 CA"[..] + } + KeyType::EcdsaP521 => { + &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p521 CA"[..] + } + KeyType::Ed25519 => &b"0\x1c1\x1a0\x18\x06\x03U\x04\x03\x0c\x11ponytown EdDSA CA"[..], + } + } } pub fn server_config_builder() -> rustls::ConfigBuilder { From da14317122e22d24e1de2061dae384491783c9c7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 21 Dec 2023 17:44:20 +0000 Subject: [PATCH 0582/1145] Test P521-SHA512 in bogo This makes it possible for our bogo config.json to vary between providers. That is achieved by -- with my sincere apologies -- applying the C preprocessor. --- bogo/.gitignore | 1 + bogo/{config.json => config.json.in} | 10 ++++++++-- bogo/runme | 2 ++ rustls/examples/internal/bogo_shim_impl.rs | 1 + 4 files changed, 12 insertions(+), 2 deletions(-) rename bogo/{config.json => config.json.in} (98%) diff --git a/bogo/.gitignore b/bogo/.gitignore index 6991abf95b..6755ef792a 100644 --- a/bogo/.gitignore +++ b/bogo/.gitignore @@ -1,3 +1,4 @@ runner.tar.gz testresult.tar.gz bogo/ +config.json diff --git a/bogo/config.json b/bogo/config.json.in similarity index 98% rename from bogo/config.json rename to bogo/config.json.in index ce0319555d..104de70d2b 100644 --- a/bogo/config.json +++ b/bogo/config.json.in @@ -63,8 +63,10 @@ "*-VerifyDefault-RSA_PKCS1_SHA1-*": "no sha1", "*_P224_*": "no p224", "*-P-224-*": "", - "*_P521_*": "no p521", - "CurveTest-Client-P-521-TLS12": "", +#ifdef RING + "*-ECDSA_P521_SHA512-*": "no p521 signatures/verification", +#endif + "CurveTest-Client-P-521-TLS12": "no p521 key exchange", "CurveTest-Server-P-521-TLS12": "", "CurveTest-Client-Compressed-P-521-TLS12": "", "CurveTest-Server-Compressed-P-521-TLS12": "", @@ -121,6 +123,10 @@ "Server-VerifyDefault-Ed25519-TLS12": "", "Client-VerifyDefault-Ed25519-TLS13": "", "Client-VerifyDefault-Ed25519-TLS12": "", + "Server-VerifyDefault-ECDSA_P521_SHA512-TLS13": "p521-sha512 accepted by default (where supported)", + "Server-VerifyDefault-ECDSA_P521_SHA512-TLS12": "", + "Client-VerifyDefault-ECDSA_P521_SHA512-TLS13": "", + "Client-VerifyDefault-ECDSA_P521_SHA512-TLS12": "", "*-HintMismatch-*": "hints are a boringssl-specific feature", "*-QUIC-*" :"", "QUIC-*": "", diff --git a/bogo/runme b/bogo/runme index 8ac3155e95..b741a68cb7 100755 --- a/bogo/runme +++ b/bogo/runme @@ -8,9 +8,11 @@ set -xe case ${BOGO_SHIM_PROVIDER:-ring} in ring) cargo build -p rustls --example bogo_shim + cpp -P -DRING config.json.in -oconfig.json ;; aws-lc-rs) cargo build -p rustls --example bogo_shim --no-default-features --features aws_lc_rs,tls12,logging + cpp -P -DAWS_LC_RS config.json.in -oconfig.json ;; existing) ;; diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index e4035ace94..8007181783 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -397,6 +397,7 @@ fn lookup_scheme(scheme: u16) -> SignatureScheme { 0x0601 => SignatureScheme::RSA_PKCS1_SHA512, 0x0403 => SignatureScheme::ECDSA_NISTP256_SHA256, 0x0503 => SignatureScheme::ECDSA_NISTP384_SHA384, + 0x0603 => SignatureScheme::ECDSA_NISTP521_SHA512, 0x0804 => SignatureScheme::RSA_PSS_SHA256, 0x0805 => SignatureScheme::RSA_PSS_SHA384, 0x0806 => SignatureScheme::RSA_PSS_SHA512, From f8cd4e82ecadcdc1877fd4d10cbbf4b4635cbd84 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 3 Jan 2024 13:04:34 +0000 Subject: [PATCH 0583/1145] ci-bench: separately bench use of P384 curve This renames the P256 cases, so will introduce a discontinuity in results tracking. --- ci-bench/src/main.rs | 16 ++++++++++++++-- ci-bench/src/util.rs | 2 ++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 97fbbfca56..17204e170b 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -326,7 +326,13 @@ fn all_benchmarks_params() -> Vec { KeyType::EcdsaP256, CipherSuite::TLS13_AES_128_GCM_SHA256, &rustls::version::TLS13, - "1.3_ecdsa_aes", + "1.3_ecdsap256_aes", + ), + ( + KeyType::EcdsaP384, + CipherSuite::TLS13_AES_128_GCM_SHA256, + &rustls::version::TLS13, + "1.3_ecdsap384_aes", ), ( KeyType::Rsa, @@ -338,7 +344,13 @@ fn all_benchmarks_params() -> Vec { KeyType::EcdsaP256, CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, &rustls::version::TLS13, - "1.3_ecdsa_chacha", + "1.3_ecdsap256_chacha", + ), + ( + KeyType::EcdsaP384, + CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, + &rustls::version::TLS13, + "1.3_ecdsap384_chacha", ), ] { all.push(BenchmarkParams::new( diff --git a/ci-bench/src/util.rs b/ci-bench/src/util.rs index 47c5802016..e20680be75 100644 --- a/ci-bench/src/util.rs +++ b/ci-bench/src/util.rs @@ -6,6 +6,7 @@ use rustls::pki_types::{CertificateDer, PrivateKeyDer}; pub enum KeyType { Rsa, EcdsaP256, + EcdsaP384, } impl KeyType { @@ -13,6 +14,7 @@ impl KeyType { match self { Self::Rsa => format!("../test-ca/rsa/{}", part), Self::EcdsaP256 => format!("../test-ca/ecdsa-p256/{}", part), + Self::EcdsaP384 => format!("../test-ca/ecdsa-p384/{}", part), } } From 83fa7a3d4fc1e5b3815daf51282b63ed56f7f529 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 3 Jan 2024 12:38:07 -0500 Subject: [PATCH 0584/1145] examples: top-level doc comment for unbuffered-server --- examples/src/bin/unbuffered-server.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/examples/src/bin/unbuffered-server.rs b/examples/src/bin/unbuffered-server.rs index 73ce8476c0..f60614ed6e 100644 --- a/examples/src/bin/unbuffered-server.rs +++ b/examples/src/bin/unbuffered-server.rs @@ -1,3 +1,6 @@ +//! This is a simple server using rustls' unbuffered API. Meaning that the application layer must +//! handle the buffers required to receive, process and send TLS data. + use std::error::Error; use std::fs::File; use std::io::{self, BufReader, Read, Write}; From 8c6fb1c9c33a242547be7ba5249bc945d2b3a1e0 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 3 Jan 2024 12:38:25 -0500 Subject: [PATCH 0585/1145] examples: top-level doc comment for unbuffered-async-client --- examples/src/bin/unbuffered-async-client.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/examples/src/bin/unbuffered-async-client.rs b/examples/src/bin/unbuffered-async-client.rs index ee91a14d44..45ae991d81 100644 --- a/examples/src/bin/unbuffered-async-client.rs +++ b/examples/src/bin/unbuffered-async-client.rs @@ -1,3 +1,7 @@ +//! This is a simple client using rustls' unbuffered API. Meaning that the application layer must +//! handle the buffers required to receive, process and send TLS data. Additionally it demonstrates +//! using asynchronous I/O using either async-std or tokio. + use std::error::Error; use std::sync::Arc; From 85b36ec8b09fd644d45b39ad4d61fd0e94d5c872 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 3 Jan 2024 12:39:29 -0500 Subject: [PATCH 0586/1145] examples: move consts to bottom in unbuff-async-client --- examples/src/bin/unbuffered-async-client.rs | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/examples/src/bin/unbuffered-async-client.rs b/examples/src/bin/unbuffered-async-client.rs index 45ae991d81..342d11e529 100644 --- a/examples/src/bin/unbuffered-async-client.rs +++ b/examples/src/bin/unbuffered-async-client.rs @@ -22,15 +22,6 @@ use tokio::io::{AsyncReadExt, AsyncWriteExt}; #[cfg(not(feature = "async-std"))] use tokio::net::TcpStream; -const SERVER_NAME: &str = "example.com"; -const PORT: u16 = 443; - -const KB: usize = 1024; -const INCOMING_TLS_BUFSIZE: usize = 16 * KB; -const OUTGOING_TLS_INITIAL_BUFSIZE: usize = KB; - -const MAX_ITERATIONS: usize = 20; - #[cfg_attr(not(feature = "async-std"), tokio::main(flavor = "current_thread"))] #[cfg_attr(feature = "async-std", async_std::main)] async fn main() -> Result<(), Box> { @@ -265,3 +256,12 @@ fn encrypt_http_request( false } } + +const SERVER_NAME: &str = "example.com"; +const PORT: u16 = 443; + +const KB: usize = 1024; +const INCOMING_TLS_BUFSIZE: usize = 16 * KB; +const OUTGOING_TLS_INITIAL_BUFSIZE: usize = KB; + +const MAX_ITERATIONS: usize = 20; From 90fce7e9b42c30d384eb74f3eab8a7ee53e25c4f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 3 Jan 2024 12:40:01 -0500 Subject: [PATCH 0587/1145] examples: move consts to bottom in unbuff-client --- examples/src/bin/unbuffered-client.rs | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/examples/src/bin/unbuffered-client.rs b/examples/src/bin/unbuffered-client.rs index 8775f35088..01e2c5ea76 100644 --- a/examples/src/bin/unbuffered-client.rs +++ b/examples/src/bin/unbuffered-client.rs @@ -15,17 +15,6 @@ use rustls::unbuffered::{ use rustls::version::{TLS12, TLS13}; use rustls::{ClientConfig, RootCertStore}; -const SERVER_NAME: &str = "example.com"; -const PORT: u16 = 443; - -const KB: usize = 1024; -const INCOMING_TLS_BUFSIZE: usize = 16 * KB; -const OUTGOING_TLS_INITIAL_BUFSIZE: usize = KB; - -const MAX_ITERATIONS: usize = 20; -const SEND_EARLY_DATA: bool = false; -const EARLY_DATA: &[u8] = b"hello"; - fn main() -> Result<(), Box> { let root_store = RootCertStore { roots: webpki_roots::TLS_SERVER_ROOTS.into(), @@ -278,3 +267,14 @@ fn encrypt_http_request( false } } + +const SERVER_NAME: &str = "example.com"; +const PORT: u16 = 443; + +const KB: usize = 1024; +const INCOMING_TLS_BUFSIZE: usize = 16 * KB; +const OUTGOING_TLS_INITIAL_BUFSIZE: usize = KB; + +const MAX_ITERATIONS: usize = 20; +const SEND_EARLY_DATA: bool = false; +const EARLY_DATA: &[u8] = b"hello"; From 59351ff6a41875f0bf1fbee5e3f795a2284f6402 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 3 Jan 2024 12:40:27 -0500 Subject: [PATCH 0588/1145] examples: move consts to bottom in unbuff-server --- examples/src/bin/unbuffered-server.rs | 34 +++++++++++++-------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/examples/src/bin/unbuffered-server.rs b/examples/src/bin/unbuffered-server.rs index f60614ed6e..ba7929dc9a 100644 --- a/examples/src/bin/unbuffered-server.rs +++ b/examples/src/bin/unbuffered-server.rs @@ -16,23 +16,6 @@ use rustls::unbuffered::{ use rustls::ServerConfig; use rustls_pemfile::Item; -const KB: usize = 1024; -const INCOMING_TLS_BUFSIZE: usize = 16 * KB; -const OUTGOING_TLS_INITIAL_BUFSIZE: usize = 0; -const MAX_EARLY_DATA_SIZE: Option = Some(128); -const MAX_FRAGMENT_SIZE: Option = None; - -const PORT: u16 = 1443; -const MAX_ITERATIONS: usize = 30; -const CERTFILE: &str = match option_env!("CERTFILE") { - Some(certfile) => certfile, - None => "localhost.pem", -}; -const PRIV_KEY_FILE: &str = match option_env!("PRIV_KEY_FILE") { - Some(priv_key_file) => priv_key_file, - None => "localhost-key.pem", -}; - fn main() -> Result<(), Box> { let mut config = ServerConfig::builder() .with_no_client_auth() @@ -273,3 +256,20 @@ fn load_private_key() -> Result, io::Error> { panic!("no keys found in {PRIV_KEY_FILE}") } + +const KB: usize = 1024; +const INCOMING_TLS_BUFSIZE: usize = 16 * KB; +const OUTGOING_TLS_INITIAL_BUFSIZE: usize = 0; +const MAX_EARLY_DATA_SIZE: Option = Some(128); +const MAX_FRAGMENT_SIZE: Option = None; + +const PORT: u16 = 1443; +const MAX_ITERATIONS: usize = 30; +const CERTFILE: &str = match option_env!("CERTFILE") { + Some(certfile) => certfile, + None => "localhost.pem", +}; +const PRIV_KEY_FILE: &str = match option_env!("PRIV_KEY_FILE") { + Some(priv_key_file) => priv_key_file, + None => "localhost-key.pem", +}; From f0934452ca6541145de53dfb0606194b1a70d5d3 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 3 Jan 2024 12:45:16 -0500 Subject: [PATCH 0589/1145] examples: use CLI args vs env vars in unbuff-server --- examples/src/bin/unbuffered-server.rs | 30 ++++++++++++++------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/examples/src/bin/unbuffered-server.rs b/examples/src/bin/unbuffered-server.rs index ba7929dc9a..de5d882838 100644 --- a/examples/src/bin/unbuffered-server.rs +++ b/examples/src/bin/unbuffered-server.rs @@ -1,10 +1,12 @@ //! This is a simple server using rustls' unbuffered API. Meaning that the application layer must //! handle the buffers required to receive, process and send TLS data. +use std::env; use std::error::Error; use std::fs::File; use std::io::{self, BufReader, Read, Write}; use std::net::{TcpListener, TcpStream}; +use std::path::Path; use std::sync::Arc; use pki_types::{CertificateDer, PrivateKeyDer}; @@ -17,9 +19,17 @@ use rustls::ServerConfig; use rustls_pemfile::Item; fn main() -> Result<(), Box> { + let mut args = env::args(); + let cert_file = args + .next() + .expect("missing certificate file argument"); + let private_key_file = args + .next() + .expect("missing private key file argument"); + let mut config = ServerConfig::builder() .with_no_client_auth() - .with_single_cert(load_certs()?, load_private_key()?)?; + .with_single_cert(load_certs(cert_file)?, load_private_key(private_key_file)?)?; if let Some(max_early_data_size) = MAX_EARLY_DATA_SIZE { config.max_early_data_size = max_early_data_size; @@ -236,13 +246,13 @@ fn send_tls( Ok(()) } -fn load_certs() -> Result>, io::Error> { - let mut reader = BufReader::new(File::open(CERTFILE)?); +fn load_certs(path: impl AsRef) -> Result>, io::Error> { + let mut reader = BufReader::new(File::open(path)?); rustls_pemfile::certs(&mut reader).collect() } -fn load_private_key() -> Result, io::Error> { - let mut reader = BufReader::new(File::open(PRIV_KEY_FILE)?); +fn load_private_key(path: impl AsRef) -> Result, io::Error> { + let mut reader = BufReader::new(File::open(&path)?); loop { match rustls_pemfile::read_one(&mut reader)? { @@ -254,7 +264,7 @@ fn load_private_key() -> Result, io::Error> { } } - panic!("no keys found in {PRIV_KEY_FILE}") + panic!("no keys found in {}", path.as_ref().display()) } const KB: usize = 1024; @@ -265,11 +275,3 @@ const MAX_FRAGMENT_SIZE: Option = None; const PORT: u16 = 1443; const MAX_ITERATIONS: usize = 30; -const CERTFILE: &str = match option_env!("CERTFILE") { - Some(certfile) => certfile, - None => "localhost.pem", -}; -const PRIV_KEY_FILE: &str = match option_env!("PRIV_KEY_FILE") { - Some(priv_key_file) => priv_key_file, - None => "localhost-key.pem", -}; From ba97712be2e9654c3f609737218df74441c1e254 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 3 Jan 2024 12:46:17 -0500 Subject: [PATCH 0590/1145] examples: use CLI args vs env vars in simpleserver --- examples/src/bin/simpleserver.rs | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/examples/src/bin/simpleserver.rs b/examples/src/bin/simpleserver.rs index 050234ac55..cf30e84d79 100644 --- a/examples/src/bin/simpleserver.rs +++ b/examples/src/bin/simpleserver.rs @@ -9,27 +9,27 @@ //! Note that `unwrap()` is used to deal with networking errors; this is not something //! that is sensible outside of example code. +use std::env; use std::error::Error as StdError; use std::fs::File; use std::io::{BufReader, Read, Write}; use std::net::TcpListener; use std::sync::Arc; -const CERTFILE: &str = match option_env!("CERTFILE") { - Some(certfile) => certfile, - None => "localhost.pem", -}; - -const PRIV_KEY_FILE: &str = match option_env!("PRIV_KEY_FILE") { - Some(priv_key_file) => priv_key_file, - None => "localhost-key.pem", -}; - fn main() -> Result<(), Box> { - let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open(CERTFILE)?)) + let mut args = env::args(); + let cert_file = args + .next() + .expect("missing certificate file argument"); + let private_key_file = args + .next() + .expect("missing private key file argument"); + + let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open(cert_file)?)) .collect::, _>>()?; let private_key = - rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(PRIV_KEY_FILE)?))?.unwrap(); + rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(private_key_file)?))? + .unwrap(); let config = rustls::ServerConfig::builder() .with_no_client_auth() .with_single_cert(certs, private_key)?; From 2a4aaa249ec3fe1cbee269fc5d5fe411767e04ca Mon Sep 17 00:00:00 2001 From: Josh Aas Date: Thu, 4 Jan 2024 08:51:30 -0500 Subject: [PATCH 0591/1145] Update roadmap to reflect the fact that rustls-platform-verifier 0.1.0 has been released. --- ROADMAP.md | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index a24f9b8e1e..9c31d8eaf0 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -25,16 +25,6 @@ In rough order of priority: message. rustls/rustls#508 -* **Improve OS Trust Verifier Support**. - While we currently have a way to trust certificates stored in the platform trust - store, platform trust stores can have other ways of restricting how/when roots - that they expose are trusted. In order to rely on these (on Windows, Android, - and Apple platforms) we should rely on the platform verifier directly. - - Given that platform verifiers may require blocking I/O, some API changes are - required. - rustls/rustls-native-certs#25 - * **Additional Performance Optimization**. Additional performance optimization including CPU usage, latency, and memory usage. The goal is to outperform OpenSSL across the board if we are not already. @@ -58,6 +48,14 @@ In rough order of priority: ## Past priorities +Delivered in [rustls-platform-verifier](https://github.com/rustls/rustls-platform-verifier) 0.1.0: + +* **Improve OS Trust Verifier Support**. + While we currently have a way to trust certificates stored in the platform trust + store, platform trust stores can have other ways of restricting how/when roots + that they expose are trusted. In order to rely on these (on Windows, Android, + and Apple platforms) we should rely on the platform verifier directly. + Delivered in 0.22: * **Enable Pluggable Cryptographic Back-ends**. From d683f4f7c089df2af2e037ff87229d64b598d15e Mon Sep 17 00:00:00 2001 From: Josh Aas Date: Thu, 4 Jan 2024 10:52:52 -0500 Subject: [PATCH 0592/1145] Update ECH roadmap entry to reflect that it refers only to client side support. --- ROADMAP.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index 9c31d8eaf0..88a387bfcf 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -19,11 +19,11 @@ In rough order of priority: * **OpenSSL API Compatibility Layer**. Add an OpenSSL C API compatibility layer for adoption purposes. -* **Support Encrypted Client Hello**. +* **Support Encrypted Client Hello (Client Side)**. Encrypted Client Hello is an upcoming standard from the TLS WG providing better protection for some of the data sent by a client in the initial Client Hello message. - rustls/rustls#508 + rustls/rustls#1718 * **Additional Performance Optimization**. Additional performance optimization including CPU usage, latency, and memory From 1dce0df615060b5898dbedc1f68967aa2c01b604 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 15:38:30 -0500 Subject: [PATCH 0593/1145] macros: allow trailing enum_builder comma Without allowing a trailing comma for invocations of the `enum_builder!` macro we end up creating messy two line diffs for every addition to an existing built enum. This commit updates the macro definition to allow an optional trailing comma. --- rustls/src/msgs/macros.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/msgs/macros.rs b/rustls/src/msgs/macros.rs index d2a4300bb3..51572a86ea 100644 --- a/rustls/src/msgs/macros.rs +++ b/rustls/src/msgs/macros.rs @@ -4,7 +4,7 @@ macro_rules! enum_builder { $(#[$comment:meta])* @U8 $enum_vis:vis enum $enum_name:ident - { $( $enum_var: ident => $enum_val: expr ),* } + { $( $enum_var: ident => $enum_val: expr ),* $(,)? } ) => { $(#[$comment])* #[non_exhaustive] @@ -49,7 +49,7 @@ macro_rules! enum_builder { $(#[$comment:meta])* @U16 $enum_vis:vis enum $enum_name:ident - { $( $enum_var: ident => $enum_val: expr ),* } + { $( $enum_var: ident => $enum_val: expr ),* $(,)?} ) => { $(#[$comment])* #[non_exhaustive] From b3913a5ac2ecc4d3daea3c4259c84bfeceb749f6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 15:40:55 -0500 Subject: [PATCH 0594/1145] enums: trailing commas for all enum_builder! uses Now that the `enum_builder!` macro allows a trailing comma this commit updates each usage to include one. This will make any future diffs that add elements to these enums easier to review. --- rustls/src/enums.rs | 14 +++++++------- rustls/src/msgs/enums.rs | 38 +++++++++++++++++++------------------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/rustls/src/enums.rs b/rustls/src/enums.rs index 06a3855259..c1ba8eac51 100644 --- a/rustls/src/enums.rs +++ b/rustls/src/enums.rs @@ -41,7 +41,7 @@ enum_builder! { BadCertificateHashValue => 0x72, UnknownPSKIdentity => 0x73, CertificateRequired => 0x74, - NoApplicationProtocol => 0x78 + NoApplicationProtocol => 0x78, } } @@ -69,7 +69,7 @@ enum_builder! { CertificateURL => 0x15, CertificateStatus => 0x16, KeyUpdate => 0x18, - MessageHash => 0xfe + MessageHash => 0xfe, } } @@ -83,7 +83,7 @@ enum_builder! { Alert => 0x15, Handshake => 0x16, ApplicationData => 0x17, - Heartbeat => 0x18 + Heartbeat => 0x18, } } @@ -101,7 +101,7 @@ enum_builder! { TLSv1_3 => 0x0304, DTLSv1_0 => 0xFEFF, DTLSv1_2 => 0xFEFD, - DTLSv1_3 => 0xFEFC + DTLSv1_3 => 0xFEFC, } } @@ -486,7 +486,7 @@ enum_builder! { TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccad, TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 => 0xccae, SSL_RSA_FIPS_WITH_DES_CBC_SHA => 0xfefe, - SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA => 0xfeff + SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA => 0xfeff, } } @@ -508,7 +508,7 @@ enum_builder! { RSA_PSS_SHA384 => 0x0805, RSA_PSS_SHA512 => 0x0806, ED25519 => 0x0807, - ED448 => 0x0808 + ED448 => 0x0808, } } @@ -563,7 +563,7 @@ enum_builder! { DSA => 0x02, ECDSA => 0x03, ED25519 => 0x07, - ED448 => 0x08 + ED448 => 0x08, } } diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 9978d6457e..53835c7594 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -15,7 +15,7 @@ enum_builder! { SHA224 => 0x03, SHA256 => 0x04, SHA384 => 0x05, - SHA512 => 0x06 + SHA512 => 0x06, } } @@ -34,7 +34,7 @@ enum_builder! { FortezzaDMS => 0x14, ECDSASign => 0x40, RSAFixedECDH => 0x41, - ECDSAFixedECDH => 0x42 + ECDSAFixedECDH => 0x42, } } @@ -46,7 +46,7 @@ enum_builder! { pub enum Compression { Null => 0x00, Deflate => 0x01, - LSZ => 0x40 + LSZ => 0x40, } } @@ -57,7 +57,7 @@ enum_builder! { @U8 pub enum AlertLevel { Warning => 0x01, - Fatal => 0x02 + Fatal => 0x02, } } @@ -68,7 +68,7 @@ enum_builder! { @U8 pub(crate) enum HeartbeatMessageType { Request => 0x01, - Response => 0x02 + Response => 0x02, } } @@ -114,7 +114,7 @@ enum_builder! { NextProtocolNegotiation => 0x3374, ChannelId => 0x754f, RenegotiationInfo => 0xff01, - TransportParametersDraft => 0xffa5 + TransportParametersDraft => 0xffa5, } } @@ -124,7 +124,7 @@ enum_builder! { /// The `Unknown` item is used when processing unrecognised ordinals. @U8 pub(crate) enum ServerNameType { - HostName => 0x00 + HostName => 0x00, } } @@ -170,7 +170,7 @@ enum_builder! { X25519 => 0x001d, X448 => 0x001e, arbitrary_explicit_prime_curves => 0xff01, - arbitrary_explicit_char2_curves => 0xff02 + arbitrary_explicit_char2_curves => 0xff02, } } @@ -189,7 +189,7 @@ enum_builder! { FFDHE3072 => 0x0101, FFDHE4096 => 0x0102, FFDHE6144 => 0x0103, - FFDHE8192 => 0x0104 + FFDHE8192 => 0x0104, } } @@ -201,7 +201,7 @@ enum_builder! { pub enum ECPointFormat { Uncompressed => 0x00, ANSIX962CompressedPrime => 0x01, - ANSIX962CompressedChar2 => 0x02 + ANSIX962CompressedChar2 => 0x02, } } @@ -216,7 +216,7 @@ enum_builder! { @U8 pub(crate) enum HeartbeatMode { PeerAllowedToSend => 0x01, - PeerNotAllowedToSend => 0x02 + PeerNotAllowedToSend => 0x02, } } @@ -228,7 +228,7 @@ enum_builder! { pub(crate) enum ECCurveType { ExplicitPrime => 0x01, ExplicitChar2 => 0x02, - NamedCurve => 0x03 + NamedCurve => 0x03, } } @@ -239,7 +239,7 @@ enum_builder! { @U8 pub enum PSKKeyExchangeMode { PSK_KE => 0x00, - PSK_DHE_KE => 0x01 + PSK_DHE_KE => 0x01, } } @@ -250,7 +250,7 @@ enum_builder! { @U8 pub enum KeyUpdateRequest { UpdateNotRequested => 0x00, - UpdateRequested => 0x01 + UpdateRequested => 0x01, } } @@ -260,7 +260,7 @@ enum_builder! { /// The `Unknown` item is used when processing unrecognised ordinals. @U8 pub enum CertificateStatusType { - OCSP => 0x01 + OCSP => 0x01, } } @@ -275,7 +275,7 @@ enum_builder! { DHKEM_P384_HKDF_SHA384 => 0x0011, DHKEM_P521_HKDF_SHA512 => 0x0012, DHKEM_X25519_HKDF_SHA256 => 0x0020, - DHKEM_X448_HKDF_SHA512 => 0x0021 + DHKEM_X448_HKDF_SHA512 => 0x0021, } } @@ -288,7 +288,7 @@ enum_builder! { pub enum HpkeKdf { HKDF_SHA256 => 0x0001, HKDF_SHA384 => 0x0002, - HKDF_SHA512 => 0x0003 + HKDF_SHA512 => 0x0003, } } @@ -309,7 +309,7 @@ enum_builder! { AES_128_GCM => 0x0001, AES_256_GCM => 0x0002, CHACHA20_POLY_1305 => 0x0003, - EXPORT_ONLY => 0xFFFF + EXPORT_ONLY => 0xFFFF, } } @@ -329,7 +329,7 @@ enum_builder! { /// [draft-ietf-tls-esni Section 4]: @U16 pub enum EchVersion { - V14 => 0xfe0d + V14 => 0xfe0d, } } From 400b6e199208dbe07e8481faf56611aecf477daa Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 16:54:50 -0500 Subject: [PATCH 0595/1145] msgs: get_single_hostname -> single_hostname --- rustls/src/msgs/handshake.rs | 4 ++-- rustls/src/msgs/handshake_test.rs | 4 ++-- rustls/src/server/hs.rs | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index a0fb927390..bdf51cbe2e 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -278,7 +278,7 @@ impl TlsListElement for ServerName { pub(crate) trait ConvertServerNameList { fn has_duplicate_names_for_type(&self) -> bool; - fn get_single_hostname(&self) -> Option>; + fn single_hostname(&self) -> Option>; } impl ConvertServerNameList for [ServerName] { @@ -295,7 +295,7 @@ impl ConvertServerNameList for [ServerName] { false } - fn get_single_hostname(&self) -> Option> { + fn single_hostname(&self) -> Option> { fn only_dns_hostnames(name: &ServerName) -> Option> { if let ServerNamePayload::HostName(ref dns) = name.payload { Some(dns.borrow()) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 9b53f36707..f7c2082946 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -203,7 +203,7 @@ fn get_single_hostname_returns_none_for_other_sni_name_types() { assert_eq!(ext.get_type(), ExtensionType::ServerName); if let ClientExtension::ServerName(snr) = ext { assert!(!snr.has_duplicate_names_for_type()); - assert!(snr.get_single_hostname().is_none()); + assert!(snr.single_hostname().is_none()); } else { unreachable!(); } @@ -224,7 +224,7 @@ fn can_roundtrip_multiname_sni() { assert!(req.has_duplicate_names_for_type()); - let dns_name = req.get_single_hostname().unwrap(); + let dns_name = req.single_hostname().unwrap(); assert_eq!(dns_name.as_ref(), "hi"); assert_eq!(req[0].typ, ServerNameType::HostName); diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 4e9f62ac29..c5113ac13a 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -484,7 +484,7 @@ pub(super) fn process_client_hello<'a>( )); } - if let Some(hostname) = sni.get_single_hostname() { + if let Some(hostname) = sni.single_hostname() { Some(hostname.to_lowercase_owned()) } else { return Err(cx.common.send_fatal_alert( From 042c913636efecb0331de7fd7a9cc4d47a17028f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 16:55:45 -0500 Subject: [PATCH 0596/1145] msgs: ClientExtension::get_type -> ext_type Unfortunately "type" is not a valid fn identifier, so we use "ext_type". --- rustls/src/client/hs.rs | 2 +- rustls/src/msgs/handshake.rs | 10 +++++----- rustls/src/msgs/handshake_test.rs | 18 +++++++++--------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index be9704043e..586d2d8d83 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -274,7 +274,7 @@ fn emit_client_hello_for_retry( // Note what extensions we sent. input.hello.sent_extensions = exts .iter() - .map(ClientExtension::get_type) + .map(ClientExtension::ext_type) .collect(); let mut cipher_suites: Vec<_> = config diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index bdf51cbe2e..bc93ecebc0 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -559,7 +559,7 @@ pub enum ClientExtension { } impl ClientExtension { - pub(crate) fn get_type(&self) -> ExtensionType { + pub(crate) fn ext_type(&self) -> ExtensionType { match *self { Self::EcPointFormats(_) => ExtensionType::ECPointFormats, Self::NamedGroups(_) => ExtensionType::EllipticCurves, @@ -584,7 +584,7 @@ impl ClientExtension { impl Codec for ClientExtension { fn encode(&self, bytes: &mut Vec) { - self.get_type().encode(bytes); + self.ext_type().encode(bytes); let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { @@ -857,7 +857,7 @@ impl ClientHelloPayload { let mut seen = BTreeSet::new(); for ext in &self.extensions { - let typ = ext.get_type().get_u16(); + let typ = ext.ext_type().get_u16(); if seen.contains(&typ) { return true; @@ -871,7 +871,7 @@ impl ClientHelloPayload { pub(crate) fn find_extension(&self, ext: ExtensionType) -> Option<&ClientExtension> { self.extensions .iter() - .find(|x| x.get_type() == ext) + .find(|x| x.ext_type() == ext) } pub(crate) fn get_sni_extension(&self) -> Option<&[ServerName]> { @@ -974,7 +974,7 @@ impl ClientHelloPayload { pub(crate) fn check_psk_ext_is_last(&self) -> bool { self.extensions .last() - .map_or(false, |ext| ext.get_type() == ExtensionType::PreSharedKey) + .map_or(false, |ext| ext.ext_type() == ExtensionType::PreSharedKey) } pub(crate) fn get_psk_modes(&self) -> Option<&[PSKKeyExchangeMode]> { diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index f7c2082946..0916f65b8e 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -114,7 +114,7 @@ fn can_roundtrip_unknown_client_ext() { let ext = ClientExtension::read(&mut rd).unwrap(); println!("{:?}", ext); - assert_eq!(ext.get_type(), ExtensionType::Unknown(0x1234)); + assert_eq!(ext.ext_type(), ExtensionType::Unknown(0x1234)); assert_eq!(bytes.to_vec(), ext.get_encoding()); } @@ -167,7 +167,7 @@ fn can_roundtrip_single_sni() { let ext = ClientExtension::read(&mut rd).unwrap(); println!("{:?}", ext); - assert_eq!(ext.get_type(), ExtensionType::ServerName); + assert_eq!(ext.ext_type(), ExtensionType::ServerName); assert_eq!(bytes.to_vec(), ext.get_encoding()); } @@ -178,7 +178,7 @@ fn can_round_trip_mixed_case_sni() { let ext = ClientExtension::read(&mut rd).unwrap(); println!("{:?}", ext); - assert_eq!(ext.get_type(), ExtensionType::ServerName); + assert_eq!(ext.ext_type(), ExtensionType::ServerName); assert_eq!(bytes.to_vec(), ext.get_encoding()); } @@ -189,7 +189,7 @@ fn can_roundtrip_other_sni_name_types() { let ext = ClientExtension::read(&mut rd).unwrap(); println!("{:?}", ext); - assert_eq!(ext.get_type(), ExtensionType::ServerName); + assert_eq!(ext.ext_type(), ExtensionType::ServerName); assert_eq!(bytes.to_vec(), ext.get_encoding()); } @@ -200,7 +200,7 @@ fn get_single_hostname_returns_none_for_other_sni_name_types() { let ext = ClientExtension::read(&mut rd).unwrap(); println!("{:?}", ext); - assert_eq!(ext.get_type(), ExtensionType::ServerName); + assert_eq!(ext.ext_type(), ExtensionType::ServerName); if let ClientExtension::ServerName(snr) = ext { assert!(!snr.has_duplicate_names_for_type()); assert!(snr.single_hostname().is_none()); @@ -216,7 +216,7 @@ fn can_roundtrip_multiname_sni() { let ext = ClientExtension::read(&mut rd).unwrap(); println!("{:?}", ext); - assert_eq!(ext.get_type(), ExtensionType::ServerName); + assert_eq!(ext.ext_type(), ExtensionType::ServerName); assert_eq!(bytes.to_vec(), ext.get_encoding()); match ext { ClientExtension::ServerName(req) => { @@ -326,7 +326,7 @@ fn can_roundtrip_multi_proto() { let ext = ClientExtension::read(&mut rd).unwrap(); println!("{:?}", ext); - assert_eq!(ext.get_type(), ExtensionType::ALProtocolNegotiation); + assert_eq!(ext.ext_type(), ExtensionType::ALProtocolNegotiation); assert_eq!(ext.get_encoding(), bytes.to_vec()); match ext { ClientExtension::Protocols(prot) => { @@ -345,7 +345,7 @@ fn can_roundtrip_single_proto() { let ext = ClientExtension::read(&mut rd).unwrap(); println!("{:?}", ext); - assert_eq!(ext.get_type(), ExtensionType::ALProtocolNegotiation); + assert_eq!(ext.ext_type(), ExtensionType::ALProtocolNegotiation); assert_eq!(bytes.to_vec(), ext.get_encoding()); match ext { ClientExtension::Protocols(prot) => { @@ -468,7 +468,7 @@ fn test_truncated_client_extension_is_detected() { } // these extension types don't have any internal encoding that rustls validates: - match ext.get_type() { + match ext.ext_type() { ExtensionType::TransportParameters | ExtensionType::Unknown(_) => { continue; } From 7fbf361e77b12b44509ad1225ad778af1e1bd08c Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 16:56:31 -0500 Subject: [PATCH 0597/1145] msgs: ServerExtension::get_type -> ext_type Again, `type` isn't valid so we use `ext_type`. --- rustls/src/client/common.rs | 2 +- rustls/src/client/tls13.rs | 6 +++--- rustls/src/msgs/handshake.rs | 8 ++++---- rustls/src/msgs/handshake_test.rs | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/rustls/src/client/common.rs b/rustls/src/client/common.rs index faed755787..7c49e42393 100644 --- a/rustls/src/client/common.rs +++ b/rustls/src/client/common.rs @@ -42,7 +42,7 @@ impl ClientHelloDetails { allowed_unsolicited: &[ExtensionType], ) -> bool { for ext in received_exts { - let ext_type = ext.get_type(); + let ext_type = ext.ext_type(); if !self.sent_extensions.contains(&ext_type) && !allowed_unsolicited.contains(&ext_type) { trace!("Unsolicited extension {:?}", ext_type); diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index f593ee2c24..64dab9a663 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -191,7 +191,7 @@ fn validate_server_hello( server_hello: &ServerHelloPayload, ) -> Result<(), Error> { for ext in &server_hello.extensions { - if !ALLOWED_PLAINTEXT_EXTS.contains(&ext.get_type()) { + if !ALLOWED_PLAINTEXT_EXTS.contains(&ext.ext_type()) { return Err(common.send_fatal_alert( AlertDescription::UnsupportedExtension, PeerMisbehaved::UnexpectedCleartextExtension, @@ -355,8 +355,8 @@ fn validate_encrypted_extensions( } for ext in exts { - if ALLOWED_PLAINTEXT_EXTS.contains(&ext.get_type()) - || DISALLOWED_TLS13_EXTS.contains(&ext.get_type()) + if ALLOWED_PLAINTEXT_EXTS.contains(&ext.ext_type()) + || DISALLOWED_TLS13_EXTS.contains(&ext.ext_type()) { return Err(common.send_fatal_alert( AlertDescription::UnsupportedExtension, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index bc93ecebc0..c4188ea3f9 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -706,7 +706,7 @@ pub enum ServerExtension { } impl ServerExtension { - pub(crate) fn get_type(&self) -> ExtensionType { + pub(crate) fn ext_type(&self) -> ExtensionType { match *self { Self::EcPointFormats(_) => ExtensionType::ECPointFormats, Self::ServerNameAck => ExtensionType::ServerName, @@ -728,7 +728,7 @@ impl ServerExtension { impl Codec for ServerExtension { fn encode(&self, bytes: &mut Vec) { - self.get_type().encode(bytes); + self.ext_type().encode(bytes); let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { @@ -1643,7 +1643,7 @@ pub(crate) trait HasServerExtensions { let mut seen = BTreeSet::new(); for ext in self.get_extensions() { - let typ = ext.get_type().get_u16(); + let typ = ext.ext_type().get_u16(); if seen.contains(&typ) { return true; @@ -1657,7 +1657,7 @@ pub(crate) trait HasServerExtensions { fn find_extension(&self, ext: ExtensionType) -> Option<&ServerExtension> { self.get_extensions() .iter() - .find(|x| x.get_type() == ext) + .find(|x| x.ext_type() == ext) } fn get_alpn_protocol(&self) -> Option<&[u8]> { diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 0916f65b8e..dd24b9c526 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -654,7 +654,7 @@ fn test_truncated_server_extension_is_detected() { } // these extension types don't have any internal encoding that rustls validates: - match ext.get_type() { + match ext.ext_type() { ExtensionType::TransportParameters | ExtensionType::Unknown(_) => { continue; } From e54f5dffc0037027fd5bd394a9175a29bacb0242 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 16:57:17 -0500 Subject: [PATCH 0598/1145] msgs: ClientHelloPayload::get_sni_extension -> sni_extension --- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/server/hs.rs | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index c4188ea3f9..1e8d05c534 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -874,7 +874,7 @@ impl ClientHelloPayload { .find(|x| x.ext_type() == ext) } - pub(crate) fn get_sni_extension(&self) -> Option<&[ServerName]> { + pub(crate) fn sni_extension(&self) -> Option<&[ServerName]> { let ext = self.find_extension(ExtensionType::ServerName)?; match *ext { ClientExtension::ServerName(ref req) => Some(req), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index dd24b9c526..cbd82a3b6e 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -505,7 +505,7 @@ fn test_client_extension_getter(typ: ExtensionType, getter: fn(&ClientHelloPaylo #[test] fn client_get_sni_extension() { test_client_extension_getter(ExtensionType::ServerName, |chp| { - chp.get_sni_extension().is_some() + chp.sni_extension().is_some() }); } diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index c5113ac13a..1d8c231961 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -133,7 +133,7 @@ impl ExtensionProcessing { let for_resume = resumedata.is_some(); // SNI - if !for_resume && hello.get_sni_extension().is_some() { + if !for_resume && hello.sni_extension().is_some() { self.exts .push(ServerExtension::ServerNameAck); } @@ -475,7 +475,7 @@ pub(super) fn process_client_hello<'a>( // send an Illegal Parameter alert instead of the Internal Error alert // (or whatever) that we'd send if this were checked later or in a // different way. - let sni: Option = match client_hello.get_sni_extension() { + let sni: Option = match client_hello.sni_extension() { Some(sni) => { if sni.has_duplicate_names_for_type() { return Err(cx.common.send_fatal_alert( From 349f531af32839a5480dc312e2b0e15e1a1e0c93 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 16:57:50 -0500 Subject: [PATCH 0599/1145] msgs: ClientHelloPayload::get_sigalgs_extension -> sigalgs_extension --- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/server/hs.rs | 2 +- rustls/tests/api.rs | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 1e8d05c534..c09e3c10c7 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -882,7 +882,7 @@ impl ClientHelloPayload { } } - pub fn get_sigalgs_extension(&self) -> Option<&[SignatureScheme]> { + pub fn sigalgs_extension(&self) -> Option<&[SignatureScheme]> { let ext = self.find_extension(ExtensionType::SignatureAlgorithms)?; match *ext { ClientExtension::SignatureAlgorithms(ref req) => Some(req), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index cbd82a3b6e..9850a67f26 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -512,7 +512,7 @@ fn client_get_sni_extension() { #[test] fn client_get_sigalgs_extension() { test_client_extension_getter(ExtensionType::SignatureAlgorithms, |chp| { - chp.get_sigalgs_extension().is_some() + chp.sigalgs_extension().is_some() }); } diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 1d8c231961..0d30e8c81a 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -507,7 +507,7 @@ pub(super) fn process_client_hello<'a>( } let sig_schemes = client_hello - .get_sigalgs_extension() + .sigalgs_extension() .ok_or_else(|| { cx.common.send_fatal_alert( AlertDescription::HandshakeFailure, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 7c9358988b..9076c94881 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4487,7 +4487,7 @@ fn test_client_does_not_offer_sha1() { }; let sigalgs = client_hello - .get_sigalgs_extension() + .sigalgs_extension() .unwrap(); assert!( !sigalgs.contains(&SignatureScheme::RSA_PKCS1_SHA1), From d954bc792b99ec94f7dd61511d7438abfa6c8870 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 16:58:29 -0500 Subject: [PATCH 0600/1145] msgs: ClientHelloPayload::get_namedgroups_extension -> namedgroups_extension --- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 3 +-- rustls/src/server/tls12.rs | 2 +- rustls/src/server/tls13.rs | 2 +- 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index c09e3c10c7..2f6c648a30 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -890,7 +890,7 @@ impl ClientHelloPayload { } } - pub(crate) fn get_namedgroups_extension(&self) -> Option<&[NamedGroup]> { + pub(crate) fn namedgroups_extension(&self) -> Option<&[NamedGroup]> { let ext = self.find_extension(ExtensionType::EllipticCurves)?; match *ext { ClientExtension::NamedGroups(ref req) => Some(req), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 9850a67f26..47b633abdc 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -519,8 +519,7 @@ fn client_get_sigalgs_extension() { #[test] fn client_get_namedgroups_extension() { test_client_extension_getter(ExtensionType::EllipticCurves, |chp| { - chp.get_namedgroups_extension() - .is_some() + chp.namedgroups_extension().is_some() }); } diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 4a4d5d7425..9da2247d99 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -84,7 +84,7 @@ mod client_hello { } let groups_ext = client_hello - .get_namedgroups_extension() + .namedgroups_extension() .ok_or_else(|| { cx.common.send_fatal_alert( AlertDescription::HandshakeFailure, diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 7ed391383f..0e712f32f7 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -161,7 +161,7 @@ mod client_hello { } let groups_ext = client_hello - .get_namedgroups_extension() + .namedgroups_extension() .ok_or_else(|| { cx.common.send_fatal_alert( AlertDescription::HandshakeFailure, From 937327983dbf6d47e50bbccbb6229f3149a71d8c Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 16:59:01 -0500 Subject: [PATCH 0601/1145] msgs: ClientHelloPayload::get_ecpoints_extension -> expoints_extension --- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/server/tls12.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 2f6c648a30..3a943da183 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -899,7 +899,7 @@ impl ClientHelloPayload { } #[cfg(feature = "tls12")] - pub(crate) fn get_ecpoints_extension(&self) -> Option<&[ECPointFormat]> { + pub(crate) fn ecpoints_extension(&self) -> Option<&[ECPointFormat]> { let ext = self.find_extension(ExtensionType::ECPointFormats)?; match *ext { ClientExtension::EcPointFormats(ref req) => Some(req), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 47b633abdc..8f8ea24dde 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -527,7 +527,7 @@ fn client_get_namedgroups_extension() { #[test] fn client_get_ecpoints_extension() { test_client_extension_getter(ExtensionType::ECPointFormats, |chp| { - chp.get_ecpoints_extension().is_some() + chp.ecpoints_extension().is_some() }); } diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 9da2247d99..7a0469c126 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -92,7 +92,7 @@ mod client_hello { ) })?; let ecpoints_ext = client_hello - .get_ecpoints_extension() + .ecpoints_extension() .ok_or_else(|| { cx.common.send_fatal_alert( AlertDescription::HandshakeFailure, From 04d63536f28f1665fa4cf419d187cf93151b94cd Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 16:59:30 -0500 Subject: [PATCH 0602/1145] msgs: ClientHelloPayload::get_alpn_extension -> alpn_extension --- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/server/hs.rs | 4 ++-- rustls/src/server/server_conn.rs | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 3a943da183..28e1bc65f8 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -907,7 +907,7 @@ impl ClientHelloPayload { } } - pub(crate) fn get_alpn_extension(&self) -> Option<&Vec> { + pub(crate) fn alpn_extension(&self) -> Option<&Vec> { let ext = self.find_extension(ExtensionType::ALProtocolNegotiation)?; match *ext { ClientExtension::Protocols(ref req) => Some(req), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 8f8ea24dde..17d34662d4 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -534,7 +534,7 @@ fn client_get_ecpoints_extension() { #[test] fn client_get_alpn_extension() { test_client_extension_getter(ExtensionType::ALProtocolNegotiation, |chp| { - chp.get_alpn_extension().is_some() + chp.alpn_extension().is_some() }); } diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 0d30e8c81a..2db42dd650 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -77,7 +77,7 @@ impl ExtensionProcessing { ) -> Result<(), Error> { // ALPN let our_protocols = &config.alpn_protocols; - let maybe_their_protocols = hello.get_alpn_extension(); + let maybe_their_protocols = hello.alpn_extension(); if let Some(their_protocols) = maybe_their_protocols { let their_protocols = their_protocols.to_slices(); @@ -316,7 +316,7 @@ impl ExpectClientHello { let client_hello = ClientHello::new( &cx.data.sni, &sig_schemes, - client_hello.get_alpn_extension(), + client_hello.alpn_extension(), &client_hello.cipher_suites, ); diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index b5a6391936..fcf81b3e62 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -738,7 +738,7 @@ impl Accepted { ClientHello::new( &self.connection.core.data.sni, &self.sig_schemes, - payload.get_alpn_extension(), + payload.alpn_extension(), &payload.cipher_suites, ) } From c1472c505a2c0100f569cc3c7cc17d8cee5ea465 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 16:59:57 -0500 Subject: [PATCH 0603/1145] msgs: ClientHelloPayload::get_quic_params_extension -> quic_params_extension --- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 3 +-- rustls/src/server/hs.rs | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 28e1bc65f8..902debf58f 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -915,7 +915,7 @@ impl ClientHelloPayload { } } - pub(crate) fn get_quic_params_extension(&self) -> Option> { + pub(crate) fn quic_params_extension(&self) -> Option> { let ext = self .find_extension(ExtensionType::TransportParameters) .or_else(|| self.find_extension(ExtensionType::TransportParametersDraft))?; diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 17d34662d4..7a7cbcd1c6 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -541,8 +541,7 @@ fn client_get_alpn_extension() { #[test] fn client_get_quic_params_extension() { test_client_extension_getter(ExtensionType::TransportParameters, |chp| { - chp.get_quic_params_extension() - .is_some() + chp.quic_params_extension().is_some() }); } diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 2db42dd650..6c05d0dc3a 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -121,7 +121,7 @@ impl ExtensionProcessing { )); } - match hello.get_quic_params_extension() { + match hello.quic_params_extension() { Some(params) => cx.common.quic.params = Some(params), None => { return Err(cx From b2e472aae00c0a190f93ece1334defc6d47b70ec Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:00:33 -0500 Subject: [PATCH 0604/1145] msgs: ClientHelloPayload::get_ticket_extension -> ticket_extension --- rustls/src/msgs/handshake.rs | 2 +- rustls/src/server/tls12.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 902debf58f..24d4d8f6fc 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -927,7 +927,7 @@ impl ClientHelloPayload { } #[cfg(feature = "tls12")] - pub(crate) fn get_ticket_extension(&self) -> Option<&ClientExtension> { + pub(crate) fn ticket_extension(&self) -> Option<&ClientExtension> { self.find_extension(ExtensionType::SessionTicket) } diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 7a0469c126..3673d818ed 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -129,7 +129,7 @@ mod client_hello { // let mut ticket_received = false; let resume_data = client_hello - .get_ticket_extension() + .ticket_extension() .and_then(|ticket_ext| match ticket_ext { ClientExtension::SessionTicket(ClientSessionTicket::Offer(ticket)) => { Some(ticket) From 03e33ae22061dfed775ceb96042dbc7be3c11964 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:01:02 -0500 Subject: [PATCH 0605/1145] msgs: ClientHelloPayload::get_versions_extension -> versions_extension --- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/server/hs.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 24d4d8f6fc..8bb497c8c6 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -931,7 +931,7 @@ impl ClientHelloPayload { self.find_extension(ExtensionType::SessionTicket) } - pub(crate) fn get_versions_extension(&self) -> Option<&[ProtocolVersion]> { + pub(crate) fn versions_extension(&self) -> Option<&[ProtocolVersion]> { let ext = self.find_extension(ExtensionType::SupportedVersions)?; match *ext { ClientExtension::SupportedVersions(ref vers) => Some(vers), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 7a7cbcd1c6..4ede1fedc2 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -548,7 +548,7 @@ fn client_get_quic_params_extension() { #[test] fn client_get_versions_extension() { test_client_extension_getter(ExtensionType::SupportedVersions, |chp| { - chp.get_versions_extension().is_some() + chp.versions_extension().is_some() }); } diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 6c05d0dc3a..bdc581ce35 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -252,7 +252,7 @@ impl ExpectClientHello { .supports_version(ProtocolVersion::TLSv1_2); // Are we doing TLS1.3? - let maybe_versions_ext = client_hello.get_versions_extension(); + let maybe_versions_ext = client_hello.versions_extension(); let version = if let Some(versions) = maybe_versions_ext { if versions.contains(&ProtocolVersion::TLSv1_3) && tls13_enabled { ProtocolVersion::TLSv1_3 From 3345415e525d3de7d6729c42d773c1233bc38e04 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:01:40 -0500 Subject: [PATCH 0606/1145] msgs: ClientHelloPayload::get_keyshare_extension -> keyshare_extension --- rustls/src/msgs/handshake.rs | 4 ++-- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/server/tls13.rs | 2 +- rustls/tests/api.rs | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 8bb497c8c6..446470be5e 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -939,7 +939,7 @@ impl ClientHelloPayload { } } - pub fn get_keyshare_extension(&self) -> Option<&[KeyShareEntry]> { + pub fn keyshare_extension(&self) -> Option<&[KeyShareEntry]> { let ext = self.find_extension(ExtensionType::KeyShare)?; match *ext { ClientExtension::KeyShare(ref shares) => Some(shares), @@ -948,7 +948,7 @@ impl ClientHelloPayload { } pub(crate) fn has_keyshare_extension_with_duplicates(&self) -> bool { - if let Some(entries) = self.get_keyshare_extension() { + if let Some(entries) = self.keyshare_extension() { let mut seen = BTreeSet::new(); for kse in entries { diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 4ede1fedc2..a08026bf62 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -555,7 +555,7 @@ fn client_get_versions_extension() { #[test] fn client_get_keyshare_extension() { test_client_extension_getter(ExtensionType::KeyShare, |chp| { - chp.get_keyshare_extension().is_some() + chp.keyshare_extension().is_some() }); } diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 0e712f32f7..0b18e6936f 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -172,7 +172,7 @@ mod client_hello { sigschemes_ext.retain(SignatureScheme::supported_in_tls13); let shares_ext = client_hello - .get_keyshare_extension() + .keyshare_extension() .ok_or_else(|| { cx.common.send_fatal_alert( AlertDescription::HandshakeFailure, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 9076c94881..075ea3f0bb 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4624,7 +4624,7 @@ fn test_client_rejects_hrr_with_varied_session_id() { if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { if let HandshakePayload::ClientHello(ch) = &mut parsed.payload { let keyshares = ch - .get_keyshare_extension() + .keyshare_extension() .expect("missing key share extension"); assert_eq!(keyshares.len(), 1); assert_eq!(keyshares[0].group(), rustls::NamedGroup::secp384r1); From 1b2bc1cd3a02a1a34f031ab2fb4f3c49d25a6c1e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:02:13 -0500 Subject: [PATCH 0607/1145] msgs: ClientHelloPayload::get_psk -> psk --- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/server/tls13.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 446470be5e..74a9ebc05e 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -963,7 +963,7 @@ impl ClientHelloPayload { false } - pub(crate) fn get_psk(&self) -> Option<&PresharedKeyOffer> { + pub(crate) fn psk(&self) -> Option<&PresharedKeyOffer> { let ext = self.find_extension(ExtensionType::PreSharedKey)?; match *ext { ClientExtension::PresharedKey(ref psk) => Some(psk), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index a08026bf62..9e8fda3757 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -561,7 +561,7 @@ fn client_get_keyshare_extension() { #[test] fn client_get_psk() { - test_client_extension_getter(ExtensionType::PreSharedKey, |chp| chp.get_psk().is_some()); + test_client_extension_getter(ExtensionType::PreSharedKey, |chp| chp.psk().is_some()); } #[test] diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 0b18e6936f..f4ea425885 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -278,7 +278,7 @@ mod client_hello { let mut chosen_psk_index = None; let mut resumedata = None; - if let Some(psk_offer) = client_hello.get_psk() { + if let Some(psk_offer) = client_hello.psk() { if !client_hello.check_psk_ext_is_last() { return Err(cx.common.send_fatal_alert( AlertDescription::IllegalParameter, From 7042da585a8550c99dabbfcdd65219f91ee969a8 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:02:40 -0500 Subject: [PATCH 0608/1145] msgs: ClientHelloPayload::get_psk_modes -> psk_modes --- rustls/src/msgs/handshake.rs | 4 ++-- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/server/tls13.rs | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 74a9ebc05e..f77b58fead 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -977,7 +977,7 @@ impl ClientHelloPayload { .map_or(false, |ext| ext.ext_type() == ExtensionType::PreSharedKey) } - pub(crate) fn get_psk_modes(&self) -> Option<&[PSKKeyExchangeMode]> { + pub(crate) fn psk_modes(&self) -> Option<&[PSKKeyExchangeMode]> { let ext = self.find_extension(ExtensionType::PSKKeyExchangeModes)?; match *ext { ClientExtension::PresharedKeyModes(ref psk_modes) => Some(psk_modes), @@ -986,7 +986,7 @@ impl ClientHelloPayload { } pub(crate) fn psk_mode_offered(&self, mode: PSKKeyExchangeMode) -> bool { - self.get_psk_modes() + self.psk_modes() .map(|modes| modes.contains(&mode)) .unwrap_or(false) } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 9e8fda3757..6a98553861 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -567,7 +567,7 @@ fn client_get_psk() { #[test] fn client_get_psk_modes() { test_client_extension_getter(ExtensionType::PSKKeyExchangeModes, |chp| { - chp.get_psk_modes().is_some() + chp.psk_modes().is_some() }); } diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index f4ea425885..5942cad24b 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -290,7 +290,7 @@ mod client_hello { // offers a "pre_shared_key" extension. If clients offer // "pre_shared_key" without a "psk_key_exchange_modes" extension, // servers MUST abort the handshake." - RFC8446 4.2.9 - if client_hello.get_psk_modes().is_none() { + if client_hello.psk_modes().is_none() { return Err(cx.common.send_fatal_alert( AlertDescription::MissingExtension, PeerMisbehaved::MissingPskModesExtension, From 0a354072640d842de06270b564004d143c7914f7 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:03:05 -0500 Subject: [PATCH 0609/1145] msgs: HelloRetryExtension::get_type -> ext_type --- rustls/src/msgs/handshake.rs | 14 +++++++------- rustls/src/msgs/handshake_test.rs | 4 ++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index f77b58fead..645ba7d904 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1019,7 +1019,7 @@ pub(crate) enum HelloRetryExtension { } impl HelloRetryExtension { - pub(crate) fn get_type(&self) -> ExtensionType { + pub(crate) fn ext_type(&self) -> ExtensionType { match *self { Self::KeyShare(_) => ExtensionType::KeyShare, Self::Cookie(_) => ExtensionType::Cookie, @@ -1031,7 +1031,7 @@ impl HelloRetryExtension { impl Codec for HelloRetryExtension { fn encode(&self, bytes: &mut Vec) { - self.get_type().encode(bytes); + self.ext_type().encode(bytes); let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { @@ -1108,7 +1108,7 @@ impl HelloRetryRequest { let mut seen = BTreeSet::new(); for ext in &self.extensions { - let typ = ext.get_type().get_u16(); + let typ = ext.ext_type().get_u16(); if seen.contains(&typ) { return true; @@ -1121,16 +1121,16 @@ impl HelloRetryRequest { pub(crate) fn has_unknown_extension(&self) -> bool { self.extensions.iter().any(|ext| { - ext.get_type() != ExtensionType::KeyShare - && ext.get_type() != ExtensionType::SupportedVersions - && ext.get_type() != ExtensionType::Cookie + ext.ext_type() != ExtensionType::KeyShare + && ext.ext_type() != ExtensionType::SupportedVersions + && ext.ext_type() != ExtensionType::Cookie }) } fn find_extension(&self, ext: ExtensionType) -> Option<&HelloRetryExtension> { self.extensions .iter() - .find(|x| x.get_type() == ext) + .find(|x| x.ext_type() == ext) } pub fn get_requested_key_share_group(&self) -> Option { diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 6a98553861..9529cddb20 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -586,7 +586,7 @@ fn test_truncated_helloretry_extension_is_detected() { } // these extension types don't have any internal encoding that rustls validates: - if let ExtensionType::Unknown(_) = ext.get_type() { + if let ExtensionType::Unknown(_) = ext.ext_type() { continue; } @@ -603,7 +603,7 @@ fn test_truncated_helloretry_extension_is_detected() { fn test_helloretry_extension_getter(typ: ExtensionType, getter: fn(&HelloRetryRequest) -> bool) { let mut hrr = get_sample_helloretryrequest(); let mut exts = core::mem::take(&mut hrr.extensions); - exts.retain(|ext| ext.get_type() == typ); + exts.retain(|ext| ext.ext_type() == typ); assert!(!getter(&hrr)); From 2d7a39c102d2407d9a758105c559bdb6d48bfefa Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:03:31 -0500 Subject: [PATCH 0610/1145] msgs: HelloRetryRequest::get_requested_key_share_group -> requested_key_share_group --- rustls/src/client/hs.rs | 2 +- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 2 +- rustls/tests/api.rs | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 586d2d8d83..963bf303f2 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -693,7 +693,7 @@ impl ExpectServerHelloOrHelloRetryRequest { cx.common.check_aligned_handshake()?; let cookie = hrr.get_cookie(); - let req_group = hrr.get_requested_key_share_group(); + let req_group = hrr.requested_key_share_group(); // We always send a key share when TLS 1.3 is enabled. let offered_key_share = self.next.offered_key_share.unwrap(); diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 645ba7d904..047612293c 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1133,7 +1133,7 @@ impl HelloRetryRequest { .find(|x| x.ext_type() == ext) } - pub fn get_requested_key_share_group(&self) -> Option { + pub fn requested_key_share_group(&self) -> Option { let ext = self.find_extension(ExtensionType::KeyShare)?; match *ext { HelloRetryExtension::KeyShare(grp) => Some(grp), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 9529cddb20..851ced8e84 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -620,7 +620,7 @@ fn test_helloretry_extension_getter(typ: ExtensionType, getter: fn(&HelloRetryRe #[test] fn helloretry_get_requested_key_share_group() { test_helloretry_extension_getter(ExtensionType::KeyShare, |hrr| { - hrr.get_requested_key_share_group() + hrr.requested_key_share_group() .is_some() }); } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 075ea3f0bb..53b9653c50 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4639,7 +4639,7 @@ fn test_client_rejects_hrr_with_varied_session_id() { let assert_server_requests_retry_and_echoes_session_id = |msg: &mut Message| -> Altered { if let MessagePayload::Handshake { parsed, .. } = &mut msg.payload { if let HandshakePayload::HelloRetryRequest(hrr) = &mut parsed.payload { - let group = hrr.get_requested_key_share_group(); + let group = hrr.requested_key_share_group(); assert_eq!(group, Some(rustls::NamedGroup::X25519)); assert_eq!(hrr.session_id, different_session_id); From e8f1ad6ccf59454e7556bf091fd8dd725d8d2760 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:04:16 -0500 Subject: [PATCH 0611/1145] msgs: HelloRetryRequest::get_cookie -> cookie --- rustls/src/client/hs.rs | 4 ++-- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 963bf303f2..2cb305e2f3 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -244,7 +244,7 @@ fn emit_client_hello_for_retry( exts.push(ClientExtension::KeyShare(vec![key_share])); } - if let Some(cookie) = retryreq.and_then(HelloRetryRequest::get_cookie) { + if let Some(cookie) = retryreq.and_then(HelloRetryRequest::cookie) { exts.push(ClientExtension::Cookie(cookie.clone())); } @@ -692,7 +692,7 @@ impl ExpectServerHelloOrHelloRetryRequest { cx.common.check_aligned_handshake()?; - let cookie = hrr.get_cookie(); + let cookie = hrr.cookie(); let req_group = hrr.requested_key_share_group(); // We always send a key share when TLS 1.3 is enabled. diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 047612293c..6317e4268f 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1141,7 +1141,7 @@ impl HelloRetryRequest { } } - pub(crate) fn get_cookie(&self) -> Option<&PayloadU16> { + pub(crate) fn cookie(&self) -> Option<&PayloadU16> { let ext = self.find_extension(ExtensionType::Cookie)?; match *ext { HelloRetryExtension::Cookie(ref ck) => Some(ck), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 851ced8e84..a2a739e811 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -627,7 +627,7 @@ fn helloretry_get_requested_key_share_group() { #[test] fn helloretry_get_cookie() { - test_helloretry_extension_getter(ExtensionType::Cookie, |hrr| hrr.get_cookie().is_some()); + test_helloretry_extension_getter(ExtensionType::Cookie, |hrr| hrr.cookie().is_some()); } #[test] From 71a639f75a080bf3605bb01d017af6b8edb6278d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:04:41 -0500 Subject: [PATCH 0612/1145] msgs: HelloRetryRequest::get_supported_versions -> supported_versions --- rustls/src/client/hs.rs | 2 +- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 2cb305e2f3..3192cf5ac5 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -772,7 +772,7 @@ impl ExpectServerHelloOrHelloRetryRequest { } // Or asks us to talk a protocol we didn't offer, or doesn't support HRR at all. - match hrr.get_supported_versions() { + match hrr.supported_versions() { Some(ProtocolVersion::TLSv1_3) => { cx.common.negotiated_version = Some(ProtocolVersion::TLSv1_3); } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 6317e4268f..d30c599ab4 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1149,7 +1149,7 @@ impl HelloRetryRequest { } } - pub(crate) fn get_supported_versions(&self) -> Option { + pub(crate) fn supported_versions(&self) -> Option { let ext = self.find_extension(ExtensionType::SupportedVersions)?; match *ext { HelloRetryExtension::SupportedVersions(ver) => Some(ver), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index a2a739e811..714ca2e1fc 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -633,7 +633,7 @@ fn helloretry_get_cookie() { #[test] fn helloretry_get_supported_versions() { test_helloretry_extension_getter(ExtensionType::SupportedVersions, |hrr| { - hrr.get_supported_versions().is_some() + hrr.supported_versions().is_some() }); } From cbace374b122adcac37a8040b919adc452ed5966 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:05:17 -0500 Subject: [PATCH 0613/1145] msgs: ServerHelloPayload::get_extensions -> extensions --- rustls/src/msgs/handshake.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index d30c599ab4..62141d39f9 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1209,7 +1209,7 @@ impl Codec for ServerHelloPayload { } impl HasServerExtensions for ServerHelloPayload { - fn get_extensions(&self) -> &[ServerExtension] { + fn extensions(&self) -> &[ServerExtension] { &self.extensions } } @@ -1635,14 +1635,14 @@ impl TlsListElement for ServerExtension { } pub(crate) trait HasServerExtensions { - fn get_extensions(&self) -> &[ServerExtension]; + fn extensions(&self) -> &[ServerExtension]; /// Returns true if there is more than one extension of a given /// type. fn has_duplicate_extension(&self) -> bool { let mut seen = BTreeSet::new(); - for ext in self.get_extensions() { + for ext in self.extensions() { let typ = ext.ext_type().get_u16(); if seen.contains(&typ) { @@ -1655,7 +1655,7 @@ pub(crate) trait HasServerExtensions { } fn find_extension(&self, ext: ExtensionType) -> Option<&ServerExtension> { - self.get_extensions() + self.extensions() .iter() .find(|x| x.ext_type() == ext) } @@ -1686,7 +1686,7 @@ pub(crate) trait HasServerExtensions { } impl HasServerExtensions for Vec { - fn get_extensions(&self) -> &[ServerExtension] { + fn extensions(&self) -> &[ServerExtension] { self } } From 4f3d60e7901109939a9b7a8d00b3c8f7a7b6a73f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:05:42 -0500 Subject: [PATCH 0614/1145] msgs: ServerHelloPayload::get_key_share -> key_share --- rustls/src/client/tls13.rs | 2 +- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 64dab9a663..8dbfb20f71 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -81,7 +81,7 @@ pub(super) fn handle_server_hello( validate_server_hello(cx.common, server_hello)?; let their_key_share = server_hello - .get_key_share() + .key_share() .ok_or_else(|| { cx.common.send_fatal_alert( AlertDescription::MissingExtension, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 62141d39f9..7d561731bc 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1215,7 +1215,7 @@ impl HasServerExtensions for ServerHelloPayload { } impl ServerHelloPayload { - pub(crate) fn get_key_share(&self) -> Option<&KeyShareEntry> { + pub(crate) fn key_share(&self) -> Option<&KeyShareEntry> { let ext = self.find_extension(ExtensionType::KeyShare)?; match *ext { ServerExtension::KeyShare(ref share) => Some(share), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 714ca2e1fc..93accd4f25 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -688,7 +688,7 @@ fn test_server_extension_getter(typ: ExtensionType, getter: fn(&ServerHelloPaylo #[test] fn server_get_key_share() { - test_server_extension_getter(ExtensionType::KeyShare, |shp| shp.get_key_share().is_some()); + test_server_extension_getter(ExtensionType::KeyShare, |shp| shp.key_share().is_some()); } #[test] From 5119e52b9caa75ad57684b06c0fdb810c13851d2 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:06:05 -0500 Subject: [PATCH 0615/1145] msgs: ServerHelloPayload::get_psk_index -> psk_index --- rustls/src/client/tls13.rs | 2 +- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 4 +--- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 8dbfb20f71..f9c22a8e38 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -99,7 +99,7 @@ pub(super) fn handle_server_hello( } let key_schedule_pre_handshake = if let (Some(selected_psk), Some(early_key_schedule)) = - (server_hello.get_psk_index(), early_key_schedule) + (server_hello.psk_index(), early_key_schedule) { if let Some(ref resuming) = resuming_session { let resuming_suite = match suite.can_resume_from(resuming.suite()) { diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 7d561731bc..a07fba2719 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1223,7 +1223,7 @@ impl ServerHelloPayload { } } - pub(crate) fn get_psk_index(&self) -> Option { + pub(crate) fn psk_index(&self) -> Option { let ext = self.find_extension(ExtensionType::PreSharedKey)?; match *ext { ServerExtension::PresharedKey(ref index) => Some(*index), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 93accd4f25..79c8bd3960 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -693,9 +693,7 @@ fn server_get_key_share() { #[test] fn server_get_psk_index() { - test_server_extension_getter(ExtensionType::PreSharedKey, |shp| { - shp.get_psk_index().is_some() - }); + test_server_extension_getter(ExtensionType::PreSharedKey, |shp| shp.psk_index().is_some()); } #[test] From ee1c77992168a32307fa7a6cf4e1db4902da9228 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:06:29 -0500 Subject: [PATCH 0616/1145] msgs: ServerHelloPayload::get_ecpoints_extension -> ecpoints_extension --- rustls/src/client/hs.rs | 2 +- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 3192cf5ac5..eb6a479b3d 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -569,7 +569,7 @@ impl State for ExpectServerHello { // If ECPointFormats extension is supplied by the server, it must contain // Uncompressed. But it's allowed to be omitted. - if let Some(point_fmts) = server_hello.get_ecpoints_extension() { + if let Some(point_fmts) = server_hello.ecpoints_extension() { if !point_fmts.contains(&ECPointFormat::Uncompressed) { return Err(cx.common.send_fatal_alert( AlertDescription::HandshakeFailure, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index a07fba2719..6f112112e1 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1231,7 +1231,7 @@ impl ServerHelloPayload { } } - pub(crate) fn get_ecpoints_extension(&self) -> Option<&[ECPointFormat]> { + pub(crate) fn ecpoints_extension(&self) -> Option<&[ECPointFormat]> { let ext = self.find_extension(ExtensionType::ECPointFormats)?; match *ext { ServerExtension::EcPointFormats(ref fmts) => Some(fmts), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 79c8bd3960..8def6d0359 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -699,7 +699,7 @@ fn server_get_psk_index() { #[test] fn server_get_ecpoints_extension() { test_server_extension_getter(ExtensionType::ECPointFormats, |shp| { - shp.get_ecpoints_extension().is_some() + shp.ecpoints_extension().is_some() }); } From 4ab13e2fff3d7cb1f70d0a1a144b6209daa3cf98 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:06:57 -0500 Subject: [PATCH 0617/1145] msgs: ServerHelloPayload::get_supported_versions -> supported_versions --- rustls/src/client/hs.rs | 4 ++-- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index eb6a479b3d..0626502026 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -492,7 +492,7 @@ impl State for ExpectServerHello { let server_version = if server_hello.legacy_version == TLSv1_2 { server_hello - .get_supported_versions() + .supported_versions() .unwrap_or(server_hello.legacy_version) } else { server_hello.legacy_version @@ -508,7 +508,7 @@ impl State for ExpectServerHello { } if server_hello - .get_supported_versions() + .supported_versions() .is_some() { return Err({ diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 6f112112e1..8c386e462f 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1245,7 +1245,7 @@ impl ServerHelloPayload { .is_some() } - pub(crate) fn get_supported_versions(&self) -> Option { + pub(crate) fn supported_versions(&self) -> Option { let ext = self.find_extension(ExtensionType::SupportedVersions)?; match *ext { ServerExtension::SupportedVersions(vers) => Some(vers), diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 8def6d0359..5f7de2ef07 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -706,7 +706,7 @@ fn server_get_ecpoints_extension() { #[test] fn server_get_supported_versions() { test_server_extension_getter(ExtensionType::SupportedVersions, |shp| { - shp.get_supported_versions().is_some() + shp.supported_versions().is_some() }); } From 8e88a65670fffcb39029bbc579e6e4e9df5ad953 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:07:38 -0500 Subject: [PATCH 0618/1145] msgs: CertificateExtension::get_type -> ext_type --- rustls/src/msgs/handshake.rs | 10 +++++----- rustls/src/msgs/handshake_test.rs | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 8c386e462f..c30d02f4a7 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1290,7 +1290,7 @@ pub(crate) enum CertificateExtension { } impl CertificateExtension { - pub(crate) fn get_type(&self) -> ExtensionType { + pub(crate) fn ext_type(&self) -> ExtensionType { match *self { Self::CertificateStatus(_) => ExtensionType::StatusRequest, Self::Unknown(ref r) => r.typ, @@ -1307,7 +1307,7 @@ impl CertificateExtension { impl Codec for CertificateExtension { fn encode(&self, bytes: &mut Vec) { - self.get_type().encode(bytes); + self.ext_type().encode(bytes); let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { @@ -1370,7 +1370,7 @@ impl CertificateEntry { let mut seen = BTreeSet::new(); for ext in &self.exts { - let typ = ext.get_type().get_u16(); + let typ = ext.ext_type().get_u16(); if seen.contains(&typ) { return true; @@ -1384,13 +1384,13 @@ impl CertificateEntry { pub(crate) fn has_unknown_extension(&self) -> bool { self.exts .iter() - .any(|ext| ext.get_type() != ExtensionType::StatusRequest) + .any(|ext| ext.ext_type() != ExtensionType::StatusRequest) } pub(crate) fn get_ocsp_response(&self) -> Option<&Vec> { self.exts .iter() - .find(|ext| ext.get_type() == ExtensionType::StatusRequest) + .find(|ext| ext.ext_type() == ExtensionType::StatusRequest) .and_then(CertificateExtension::get_cert_status) } } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 5f7de2ef07..e764184efd 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -715,7 +715,7 @@ fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry) .entries .remove(0); let mut exts = core::mem::take(&mut ce.exts); - exts.retain(|ext| ext.get_type() == typ); + exts.retain(|ext| ext.ext_type() == typ); assert!(!getter(&ce)); From 5e490060797c7e8df07c548e701693bf676b195f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:08:02 -0500 Subject: [PATCH 0619/1145] msgs: CertificateExtension::get_cert_status -> cert_status --- rustls/src/msgs/handshake.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index c30d02f4a7..df2dbb6785 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1297,7 +1297,7 @@ impl CertificateExtension { } } - pub(crate) fn get_cert_status(&self) -> Option<&Vec> { + pub(crate) fn cert_status(&self) -> Option<&Vec> { match *self { Self::CertificateStatus(ref cs) => Some(&cs.ocsp_response.0), _ => None, @@ -1391,7 +1391,7 @@ impl CertificateEntry { self.exts .iter() .find(|ext| ext.ext_type() == ExtensionType::StatusRequest) - .and_then(CertificateExtension::get_cert_status) + .and_then(CertificateExtension::cert_status) } } From ad9692d5e8ef29c9b9b750535d197aadb3b80128 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:09:08 -0500 Subject: [PATCH 0620/1145] msgs: CertificateEntry::get_ocsp_response -> ocsp_response --- rustls/src/msgs/handshake.rs | 4 ++-- rustls/src/msgs/handshake_test.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index df2dbb6785..8e9cc85b77 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1387,7 +1387,7 @@ impl CertificateEntry { .any(|ext| ext.ext_type() != ExtensionType::StatusRequest) } - pub(crate) fn get_ocsp_response(&self) -> Option<&Vec> { + pub(crate) fn ocsp_response(&self) -> Option<&Vec> { self.exts .iter() .find(|ext| ext.ext_type() == ExtensionType::StatusRequest) @@ -1460,7 +1460,7 @@ impl CertificatePayloadTls13 { pub(crate) fn get_end_entity_ocsp(&self) -> Vec { self.entries .first() - .and_then(CertificateEntry::get_ocsp_response) + .and_then(CertificateEntry::ocsp_response) .cloned() .unwrap_or_default() } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index e764184efd..a69209a846 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -732,7 +732,7 @@ fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry) #[test] fn certentry_get_ocsp_response() { test_cert_extension_getter(ExtensionType::StatusRequest, |ce| { - ce.get_ocsp_response().is_some() + ce.ocsp_response().is_some() }); } From f675ae14afe4678654c419922a145c9e1c47a6a9 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:09:33 -0500 Subject: [PATCH 0621/1145] msgs: CertificatePayloadTls13::get_end_entity_ocsp -> end_entity_ocsp --- rustls/src/client/tls13.rs | 2 +- rustls/src/msgs/handshake.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index f9c22a8e38..80ec89aab4 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -621,7 +621,7 @@ impl State for ExpectCertificate { PeerMisbehaved::BadCertChainExtensions, )); } - let end_entity_ocsp = cert_chain.get_end_entity_ocsp(); + let end_entity_ocsp = cert_chain.end_entity_ocsp(); let server_cert = ServerCertDetails::new(cert_chain.convert(), end_entity_ocsp); Ok(Box::new(ExpectCertificateVerify { diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 8e9cc85b77..b93c56b3db 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1457,7 +1457,7 @@ impl CertificatePayloadTls13 { false } - pub(crate) fn get_end_entity_ocsp(&self) -> Vec { + pub(crate) fn end_entity_ocsp(&self) -> Vec { self.entries .first() .and_then(CertificateEntry::ocsp_response) From 7eead604570fd02e30fe4b6b31447336dc39aa68 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:10:21 -0500 Subject: [PATCH 0622/1145] msgs: HasServerExtensions::get_alpn_protocol -> alpn_protocol --- rustls/src/client/hs.rs | 2 +- rustls/src/client/tls13.rs | 2 +- rustls/src/msgs/handshake.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 0626502026..f00ee13641 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -564,7 +564,7 @@ impl State for ExpectServerHello { // Extract ALPN protocol if !cx.common.is_tls13() { - process_alpn_protocol(cx.common, config, server_hello.get_alpn_protocol())?; + process_alpn_protocol(cx.common, config, server_hello.alpn_protocol())?; } // If ECPointFormats extension is supplied by the server, it must contain diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 80ec89aab4..903df348f6 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -390,7 +390,7 @@ impl State for ExpectEncryptedExtensions { self.transcript.add_message(&m); validate_encrypted_extensions(cx.common, &self.hello, exts)?; - hs::process_alpn_protocol(cx.common, &self.config, exts.get_alpn_protocol())?; + hs::process_alpn_protocol(cx.common, &self.config, exts.alpn_protocol())?; // QUIC transport parameters if cx.common.is_quic() { diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index b93c56b3db..3c810e8b58 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1660,7 +1660,7 @@ pub(crate) trait HasServerExtensions { .find(|x| x.ext_type() == ext) } - fn get_alpn_protocol(&self) -> Option<&[u8]> { + fn alpn_protocol(&self) -> Option<&[u8]> { let ext = self.find_extension(ExtensionType::ALProtocolNegotiation)?; match *ext { ServerExtension::Protocols(ref protos) => protos.as_single_slice(), From ffc0a205e8bd0768b461e76c74b2b7e1193c1976 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:10:59 -0500 Subject: [PATCH 0623/1145] msgs: HasServerExtensions::get_quic_params_extension -> quic_params_extension --- rustls/src/client/tls13.rs | 2 +- rustls/src/msgs/handshake.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 903df348f6..e260f0ab16 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -394,7 +394,7 @@ impl State for ExpectEncryptedExtensions { // QUIC transport parameters if cx.common.is_quic() { - match exts.get_quic_params_extension() { + match exts.quic_params_extension() { Some(params) => cx.common.quic.params = Some(params), None => { return Err(cx diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 3c810e8b58..fc19028649 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1668,7 +1668,7 @@ pub(crate) trait HasServerExtensions { } } - fn get_quic_params_extension(&self) -> Option> { + fn quic_params_extension(&self) -> Option> { let ext = self .find_extension(ExtensionType::TransportParameters) .or_else(|| self.find_extension(ExtensionType::TransportParametersDraft))?; From d03c8ea19af03370f15cf9544146ec52b017b55e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:11:28 -0500 Subject: [PATCH 0624/1145] msgs: CertReqExtension::get_type -> ext_type --- rustls/src/msgs/handshake.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index fc19028649..685e98f593 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1770,7 +1770,7 @@ pub(crate) enum CertReqExtension { } impl CertReqExtension { - pub(crate) fn get_type(&self) -> ExtensionType { + pub(crate) fn ext_type(&self) -> ExtensionType { match *self { Self::SignatureAlgorithms(_) => ExtensionType::SignatureAlgorithms, Self::AuthorityNames(_) => ExtensionType::CertificateAuthorities, @@ -1781,7 +1781,7 @@ impl CertReqExtension { impl Codec for CertReqExtension { fn encode(&self, bytes: &mut Vec) { - self.get_type().encode(bytes); + self.ext_type().encode(bytes); let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { @@ -1847,7 +1847,7 @@ impl CertificateRequestPayloadTls13 { pub(crate) fn find_extension(&self, ext: ExtensionType) -> Option<&CertReqExtension> { self.extensions .iter() - .find(|x| x.get_type() == ext) + .find(|x| x.ext_type() == ext) } pub(crate) fn get_sigalgs_extension(&self) -> Option<&[SignatureScheme]> { From 6bfb8e4dba9eb7a85884dbe4064c9f2a5b8bd8f1 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:11:54 -0500 Subject: [PATCH 0625/1145] msgs: CertificateRequestPayloadTls13::get_sigalgs_extension -> sigalgs_extension --- rustls/src/client/tls13.rs | 2 +- rustls/src/msgs/handshake.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index e260f0ab16..93390f1d6d 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -551,7 +551,7 @@ impl State for ExpectCertificateRequest { let no_sigschemes = Vec::new(); let compat_sigschemes = certreq - .get_sigalgs_extension() + .sigalgs_extension() .unwrap_or(&no_sigschemes) .iter() .cloned() diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 685e98f593..29dee4394a 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1850,7 +1850,7 @@ impl CertificateRequestPayloadTls13 { .find(|x| x.ext_type() == ext) } - pub(crate) fn get_sigalgs_extension(&self) -> Option<&[SignatureScheme]> { + pub(crate) fn sigalgs_extension(&self) -> Option<&[SignatureScheme]> { let ext = self.find_extension(ExtensionType::SignatureAlgorithms)?; match *ext { CertReqExtension::SignatureAlgorithms(ref sa) => Some(sa), From 334a3258f827ec195257df9e075746ac91e87e6f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:12:24 -0500 Subject: [PATCH 0626/1145] msgs: CertificateRequestPayloadTls13::get_authorities_extension -> authorities_extension --- rustls/src/client/tls13.rs | 2 +- rustls/src/msgs/handshake.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 93390f1d6d..4d0e1c2c9e 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -569,7 +569,7 @@ impl State for ExpectCertificateRequest { self.config .client_auth_cert_resolver .as_ref(), - certreq.get_authorities_extension(), + certreq.authorities_extension(), &compat_sigschemes, Some(certreq.context.0.clone()), ); diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 29dee4394a..ec000351bb 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1858,7 +1858,7 @@ impl CertificateRequestPayloadTls13 { } } - pub(crate) fn get_authorities_extension(&self) -> Option<&[DistinguishedName]> { + pub(crate) fn authorities_extension(&self) -> Option<&[DistinguishedName]> { let ext = self.find_extension(ExtensionType::CertificateAuthorities)?; match *ext { CertReqExtension::AuthorityNames(ref an) => Some(an), From 13dc47af0c03d8010c9066f6775e117a76508c9d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:13:02 -0500 Subject: [PATCH 0627/1145] msgs: NewSessionTicketExtension::get_type -> ext_type --- rustls/src/msgs/handshake.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index ec000351bb..c737eced8f 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1909,7 +1909,7 @@ pub(crate) enum NewSessionTicketExtension { } impl NewSessionTicketExtension { - pub(crate) fn get_type(&self) -> ExtensionType { + pub(crate) fn ext_type(&self) -> ExtensionType { match *self { Self::EarlyData(_) => ExtensionType::EarlyData, Self::Unknown(ref r) => r.typ, @@ -1919,7 +1919,7 @@ impl NewSessionTicketExtension { impl Codec for NewSessionTicketExtension { fn encode(&self, bytes: &mut Vec) { - self.get_type().encode(bytes); + self.ext_type().encode(bytes); let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); match *self { @@ -1971,7 +1971,7 @@ impl NewSessionTicketPayloadTls13 { let mut seen = BTreeSet::new(); for ext in &self.exts { - let typ = ext.get_type().get_u16(); + let typ = ext.ext_type().get_u16(); if seen.contains(&typ) { return true; @@ -1985,7 +1985,7 @@ impl NewSessionTicketPayloadTls13 { pub(crate) fn find_extension(&self, ext: ExtensionType) -> Option<&NewSessionTicketExtension> { self.exts .iter() - .find(|x| x.get_type() == ext) + .find(|x| x.ext_type() == ext) } pub(crate) fn get_max_early_data_size(&self) -> Option { From 923c6e215be757bbbcef9b5728f1b50950d97239 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:13:28 -0500 Subject: [PATCH 0628/1145] msgs: NewSessionTicketPayloadTls13::get_max_early_data_size -> max_early_data_size --- rustls/src/client/tls13.rs | 4 ++-- rustls/src/msgs/handshake.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 4d0e1c2c9e..a302b0d05e 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -960,12 +960,12 @@ impl ExpectTraffic { UnixTime::now(), nst.lifetime, nst.age_add, - nst.get_max_early_data_size() + nst.max_early_data_size() .unwrap_or_default(), ); if cx.common.is_quic() { - if let Some(sz) = nst.get_max_early_data_size() { + if let Some(sz) = nst.max_early_data_size() { if sz != 0 && sz != 0xffff_ffff { return Err(PeerMisbehaved::InvalidMaxEarlyDataSize.into()); } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index c737eced8f..ccc2b96fed 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1988,7 +1988,7 @@ impl NewSessionTicketPayloadTls13 { .find(|x| x.ext_type() == ext) } - pub(crate) fn get_max_early_data_size(&self) -> Option { + pub(crate) fn max_early_data_size(&self) -> Option { let ext = self.find_extension(ExtensionType::EarlyData)?; match *ext { NewSessionTicketExtension::EarlyData(ref sz) => Some(*sz), From acdb721546e913b07a1cbef99cf85da4bc0fae7f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 17:14:04 -0500 Subject: [PATCH 0629/1145] msgs: HandshakeMessagePayload::get_encoding_for_binder_signing -> encoding_for_binder_signing --- rustls/src/client/tls13.rs | 2 +- rustls/src/msgs/handshake.rs | 2 +- rustls/src/server/tls13.rs | 4 +--- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index a302b0d05e..3bf866dec2 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -239,7 +239,7 @@ pub(super) fn fill_in_psk_binder( // The binder is calculated over the clienthello, but doesn't include itself or its // length, or the length of its container. - let binder_plaintext = hmp.get_encoding_for_binder_signing(); + let binder_plaintext = hmp.encoding_for_binder_signing(); let handshake_hash = transcript.get_hash_given(suite_hash, &binder_plaintext); // Run a fake key_schedule to simulate what the server will do if it chooses diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index ccc2b96fed..d176876ae3 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2241,7 +2241,7 @@ impl HandshakeMessagePayload { } } - pub(crate) fn get_encoding_for_binder_signing(&self) -> Vec { + pub(crate) fn encoding_for_binder_signing(&self) -> Vec { let mut ret = self.get_encoding(); let binder_len = match self.payload { diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 5942cad24b..944745aa77 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -111,9 +111,7 @@ mod client_hello { binder: &[u8], ) -> bool { let binder_plaintext = match &client_hello.payload { - MessagePayload::Handshake { parsed, .. } => { - parsed.get_encoding_for_binder_signing() - } + MessagePayload::Handshake { parsed, .. } => parsed.encoding_for_binder_signing(), _ => unreachable!(), }; From fccff8024184244711871c78146006dd05c6688b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 13:56:14 -0500 Subject: [PATCH 0630/1145] crypto: KeyProvider pointer to customizing private key usage The `KeyProvider` trait associted with the `CryptoProvider` struct is specific to private key material that can be loaded from a DER representation. For users that want to use private keys used through a handle, or PKCS11 style interface an alternative integration approach is needed. This commit adds a doc string update to the `KeyProvider` to guide such users to look at the Rustls manual's section on customizing private key usage. --- rustls/src/crypto/mod.rs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 563005e5a5..d0ab66c952 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -202,6 +202,13 @@ pub trait SecureRandom: Send + Sync + Debug { } /// A mechanism for loading private [SigningKey]s from [PrivateKeyDer]. +/// +/// This trait is intended to be used with private key material that is sourced from DER, +/// such as a private-key that may be present on-disk. It is not intended to be used with +/// keys held in hardware security modules (HSMs) or physical tokens. For these use-cases +/// see the Rustls manual section on [customizing private key usage]. +/// +/// [customizing private key usage]: pub trait KeyProvider: Send + Sync + Debug { /// Decode and validate a private signing key from `key_der`. /// From f1cfaec5556b7da1a617fd607b7c4e56f08c0cc3 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 4 Jan 2024 14:06:47 -0500 Subject: [PATCH 0631/1145] manual: add pointer to rustls-cng This commit adds a small pointer to rustls-cng in the manual's section on customizing private key usage. --- rustls/src/manual/howto.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rustls/src/manual/howto.rs b/rustls/src/manual/howto.rs index e0160deefd..826f5a5136 100644 --- a/rustls/src/manual/howto.rs +++ b/rustls/src/manual/howto.rs @@ -21,6 +21,9 @@ Once you have these two pieces, configuring a server to use them involves, brief - making a [`ResolvesServerCertUsingSni`][cert_using_sni] and feeding in your `sign::CertifiedKey` for all SNI hostnames you want to use it for, - setting that as your `ServerConfig`'s [`cert_resolver`][cert_resolver] +For a complete example of implementing a custom `sign::SigningKey` and `sign::Signer` see +the [rustls-cng] crate. + [signing_key]: ../../sign/trait.SigningKey.html [choose_scheme]: ../../sign/trait.SigningKey.html#tymethod.choose_scheme [sig_scheme]: ../../enum.SignatureScheme.html @@ -29,6 +32,7 @@ Once you have these two pieces, configuring a server to use them involves, brief [certified_key]: ../../sign/struct.CertifiedKey.html [cert_using_sni]: ../../struct.ResolvesServerCertUsingSni.html [cert_resolver]: ../../struct.ServerConfig.html#structfield.cert_resolver +[rustls-cng]: https://github.com/rustls/rustls-cng/blob/dev/src/signer.rs [^1]: For PKCS#8 it does not support password encryption -- there's not a meaningful threat model addressed by this, and the encryption supported is typically extremely poor. From 9f79bac621082e7913c0f4e7d72c789e6933c494 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 5 Jan 2024 09:04:38 +0000 Subject: [PATCH 0632/1145] Don't add empty `certificate_authorities` extension --- rustls/src/server/tls13.rs | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 944745aa77..6dcd60fe27 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -712,13 +712,11 @@ mod client_hello { cr.extensions .push(CertReqExtension::SignatureAlgorithms(schemes.to_vec())); - cr.extensions - .push(CertReqExtension::AuthorityNames( - config - .verifier - .root_hint_subjects() - .to_vec(), - )); + let authorities = config.verifier.root_hint_subjects(); + if !authorities.is_empty() { + cr.extensions + .push(CertReqExtension::AuthorityNames(authorities.to_vec())); + } let m = Message { version: ProtocolVersion::TLSv1_3, From a3cc0bcb723adc368ff24f43dce466bbb3664107 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 5 Jan 2024 11:02:27 +0000 Subject: [PATCH 0633/1145] bogo: enable TLS13-Empty-Client-CA-List test This acts as a regression test for the previous commit. This also enables: - TLS12-Server-CertReq-CA-List - TLS13-Server-CertReq-CA-List - Null-Client-CA-List --- rustls/examples/internal/bogo_shim_impl.rs | 34 +++++++++++++++++++--- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 8007181783..c99ef7d27d 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -48,6 +48,7 @@ struct Options { resumes: usize, verify_peer: bool, require_any_client_cert: bool, + root_hint_subjects: Vec, offer_no_client_cas: bool, tickets: bool, resume_with_tickets_disabled: bool, @@ -105,6 +106,7 @@ impl Options { shut_down_after_handshake: false, check_close_notify: false, require_any_client_cert: false, + root_hint_subjects: vec![], offer_no_client_cas: false, key_file: "".to_string(), cert_file: "".to_string(), @@ -202,16 +204,26 @@ fn split_protocols(protos: &str) -> Vec { ret } +fn decode_hex(hex: &str) -> Vec { + (0..hex.len()) + .step_by(2) + .map(|i| u8::from_str_radix(&hex[i..i + 2], 16).unwrap()) + .inspect(|x| println!("item {:?}", x)) + .collect() +} + #[derive(Debug)] struct DummyClientAuth { mandatory: bool, + root_hint_subjects: Vec, parent: Arc, } impl DummyClientAuth { - fn new(mandatory: bool) -> Self { + fn new(mandatory: bool, root_hint_subjects: Vec) -> Self { Self { mandatory, + root_hint_subjects, parent: WebPkiClientVerifier::builder_with_provider( load_root_certs(), provider::default_provider().into(), @@ -232,7 +244,7 @@ impl ClientCertVerifier for DummyClientAuth { } fn root_hint_subjects(&self) -> &[DistinguishedName] { - &[] + &self.root_hint_subjects } fn verify_client_cert( @@ -485,7 +497,10 @@ impl server::StoresServerSessions for ServerCacheWithResumptionDelay { fn make_server_cfg(opts: &Options) -> Arc { let client_auth = if opts.verify_peer || opts.offer_no_client_cas || opts.require_any_client_cert { - Arc::new(DummyClientAuth::new(opts.require_any_client_cert)) + Arc::new(DummyClientAuth::new( + opts.require_any_client_cert, + opts.root_hint_subjects.clone(), + )) } else { server::WebPkiClientVerifier::no_client_auth() }; @@ -1056,6 +1071,18 @@ pub fn main() { let alg = args.remove(0).parse::().unwrap(); opts.use_signing_scheme = alg; } + "-use-client-ca-list" => { + match args.remove(0).as_ref() { + "" | "" => { + opts.root_hint_subjects = vec![]; + } + list => { + opts.root_hint_subjects = list.split(',') + .map(|entry| DistinguishedName::from(decode_hex(entry))) + .collect(); + } + } + } "-max-cert-list" | "-expect-curve-id" | "-expect-resume-curve-id" | @@ -1268,7 +1295,6 @@ pub fn main() { "-expect-early-data-info" | "-expect-cipher-aes" | "-retain-only-sha256-client-cert-initial" | - "-use-client-ca-list" | "-expect-draft-downgrade" | "-allow-unknown-alpn-protos" | "-on-initial-tls13-variant" | From 567d89227dd66dabb910a881ccfca36f90b7fe8f Mon Sep 17 00:00:00 2001 From: Benjamin Jurk Date: Sat, 6 Jan 2024 15:58:37 +0100 Subject: [PATCH 0634/1145] examples: simpleserver: skip argv[0] & update doc comment --- examples/src/bin/simpleserver.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/examples/src/bin/simpleserver.rs b/examples/src/bin/simpleserver.rs index cf30e84d79..3a8130b14f 100644 --- a/examples/src/bin/simpleserver.rs +++ b/examples/src/bin/simpleserver.rs @@ -2,9 +2,7 @@ //! it accepts the default configuration, loads a server certificate and private key, //! and then accepts a single client connection. //! -//! You must either set the CERTFILE and PRIV_KEY_FILE env vars to point to a server -//! certificate and private key, or place 'localhost.pem' and 'localhost-key.pem' in -//! the directory you run this example from. +//! Usage: cargo r --bin simpleserver //! //! Note that `unwrap()` is used to deal with networking errors; this is not something //! that is sensible outside of example code. @@ -18,6 +16,7 @@ use std::sync::Arc; fn main() -> Result<(), Box> { let mut args = env::args(); + args.next(); let cert_file = args .next() .expect("missing certificate file argument"); From 20ac87f64f28a7295e0a2085e0702461c3f2f513 Mon Sep 17 00:00:00 2001 From: Benjamin Jurk Date: Sat, 6 Jan 2024 18:17:37 +0100 Subject: [PATCH 0635/1145] examples: unbuffered-server: skip argv[0] --- examples/src/bin/unbuffered-server.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/src/bin/unbuffered-server.rs b/examples/src/bin/unbuffered-server.rs index de5d882838..b5a35d8bcd 100644 --- a/examples/src/bin/unbuffered-server.rs +++ b/examples/src/bin/unbuffered-server.rs @@ -20,6 +20,7 @@ use rustls_pemfile::Item; fn main() -> Result<(), Box> { let mut args = env::args(); + args.next(); let cert_file = args .next() .expect("missing certificate file argument"); From 8285bf1b28e2f12d05ac7ca47a9a29a4499682f5 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Dec 2023 13:24:40 -0500 Subject: [PATCH 0636/1145] client: move TLs12Resumption enum down The `ClientConfig` parts should appear before the types it references. The `Tls12Resumption` enum should appear after the `Resumption` type that uses it. --- rustls/src/client/client_conn.rs | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index ab1f84b026..c6b707d6e9 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -204,22 +204,6 @@ pub struct ClientConfig { pub enable_early_data: bool, } -/// What mechanisms to support for resuming a TLS 1.2 session. -#[derive(Clone, Copy, Debug, PartialEq)] -pub enum Tls12Resumption { - /// Disable 1.2 resumption. - Disabled, - /// Support 1.2 resumption using session ids only. - SessionIdOnly, - /// Support 1.2 resumption using session ids or RFC 5077 tickets. - /// - /// See[^1] for why you might like to disable RFC 5077 by instead choosing the `SessionIdOnly` - /// option. Note that TLS 1.3 tickets do not have those issues. - /// - /// [^1]: - SessionIdOrTickets, -} - impl Clone for ClientConfig { fn clone(&self) -> Self { Self { @@ -386,6 +370,22 @@ impl Default for Resumption { } } +/// What mechanisms to support for resuming a TLS 1.2 session. +#[derive(Clone, Copy, Debug, PartialEq)] +pub enum Tls12Resumption { + /// Disable 1.2 resumption. + Disabled, + /// Support 1.2 resumption using session ids only. + SessionIdOnly, + /// Support 1.2 resumption using session ids or RFC 5077 tickets. + /// + /// See[^1] for why you might like to disable RFC 5077 by instead choosing the `SessionIdOnly` + /// option. Note that TLS 1.3 tickets do not have those issues. + /// + /// [^1]: + SessionIdOrTickets, +} + /// Container for unsafe APIs pub(super) mod danger { use alloc::sync::Arc; From be5a62294cc735b2ec62bb73e290d1bfb1e600eb Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Dec 2023 13:26:35 -0500 Subject: [PATCH 0637/1145] client: order ClientConfig impls The inherit `ClientConfig` impl should appear first, and then the `Clone` impl. --- rustls/src/client/client_conn.rs | 36 ++++++++++++++++---------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index c6b707d6e9..32cb9ed5f4 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -204,24 +204,6 @@ pub struct ClientConfig { pub enable_early_data: bool, } -impl Clone for ClientConfig { - fn clone(&self) -> Self { - Self { - provider: Arc::::clone(&self.provider), - resumption: self.resumption.clone(), - alpn_protocols: self.alpn_protocols.clone(), - max_fragment_size: self.max_fragment_size, - client_auth_cert_resolver: Arc::clone(&self.client_auth_cert_resolver), - versions: self.versions, - enable_sni: self.enable_sni, - verifier: Arc::clone(&self.verifier), - key_log: Arc::clone(&self.key_log), - enable_secret_extraction: self.enable_secret_extraction, - enable_early_data: self.enable_early_data, - } - } -} - impl ClientConfig { /// Create a builder for a client configuration with the default /// [`CryptoProvider`]: [`crypto::ring::default_provider`] and safe ciphersuite and @@ -312,6 +294,24 @@ impl ClientConfig { } } +impl Clone for ClientConfig { + fn clone(&self) -> Self { + Self { + provider: Arc::::clone(&self.provider), + resumption: self.resumption.clone(), + alpn_protocols: self.alpn_protocols.clone(), + max_fragment_size: self.max_fragment_size, + client_auth_cert_resolver: Arc::clone(&self.client_auth_cert_resolver), + versions: self.versions, + enable_sni: self.enable_sni, + verifier: Arc::clone(&self.verifier), + key_log: Arc::clone(&self.key_log), + enable_secret_extraction: self.enable_secret_extraction, + enable_early_data: self.enable_early_data, + } + } +} + /// Configuration for how/when a client is allowed to resume a previous session. #[derive(Clone, Debug)] pub struct Resumption { From 962814eadbf65651b0b793cd211c8d8a35125e22 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Dec 2023 13:27:24 -0500 Subject: [PATCH 0638/1145] client: reorder ClientConfig fields by visibility `pub` fields should appear first, then `pub(super)` ones. --- rustls/src/client/client_conn.rs | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 32cb9ed5f4..df6388867f 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -150,9 +150,6 @@ pub trait ResolvesClientCert: fmt::Debug + Send + Sync { /// [`RootCertStore`]: crate::RootCertStore #[derive(Debug)] pub struct ClientConfig { - /// Source of randomness and other crypto. - pub(super) provider: Arc, - /// Which ALPN protocols we include in our client hello. /// If empty, no ALPN extension is sent. pub alpn_protocols: Vec>, @@ -176,19 +173,12 @@ pub struct ClientConfig { /// How to decide what client auth certificate/keys to use. pub client_auth_cert_resolver: Arc, - /// Supported versions, in no particular order. The default - /// is all supported versions. - pub(super) versions: versions::EnabledVersions, - /// Whether to send the Server Name Indication (SNI) extension /// during the client handshake. /// /// The default is true. pub enable_sni: bool, - /// How to verify the server certificate chain. - pub(super) verifier: Arc, - /// How to output key material for debugging. The default /// does nothing. pub key_log: Arc, @@ -202,6 +192,16 @@ pub struct ClientConfig { /// /// The default is false. pub enable_early_data: bool, + + /// Source of randomness and other crypto. + pub(super) provider: Arc, + + /// Supported versions, in no particular order. The default + /// is all supported versions. + pub(super) versions: versions::EnabledVersions, + + /// How to verify the server certificate chain. + pub(super) verifier: Arc, } impl ClientConfig { From bd7122f15015c6985ee3503c892c5f5789000920 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 8 Jan 2024 15:17:01 -0500 Subject: [PATCH 0639/1145] hpke: reorder seal/open args, less terse arg names * Move the public key/secret key arguments to be last, since they are "long lived". * Rename `pk_r` -> `pub_key` and `sk_r` to `secret_key`. Reference RFC 9180's terse names. --- provider-example/src/hpke.rs | 8 ++++---- provider-example/tests/hpke.rs | 4 ++-- rustls/src/crypto/hpke.rs | 11 ++++++----- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index d7183a51ae..4685898f43 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -54,12 +54,12 @@ impl Debug for HpkeRs { impl Hpke for HpkeRs { fn seal( &mut self, - pk_r: &HpkePublicKey, info: &[u8], aad: &[u8], plaintext: &[u8], + pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Vec), Error> { - let pk_r = hpke_rs::HpkePublicKey::new(pk_r.0.clone()); + let pk_r = hpke_rs::HpkePublicKey::new(pub_key.0.clone()); let (enc, ciphertext) = self .0 .seal(&pk_r, info, aad, plaintext, None, None, None) @@ -70,12 +70,12 @@ impl Hpke for HpkeRs { fn open( &mut self, enc: &EncapsulatedSecret, - sk_r: &HpkePrivateKey, info: &[u8], aad: &[u8], ciphertext: &[u8], + secret_key: &HpkePrivateKey, ) -> Result, Error> { - let sk_r = hpke_rs::HpkePrivateKey::new(sk_r.secret_bytes().to_vec()); + let sk_r = hpke_rs::HpkePrivateKey::new(secret_key.secret_bytes().to_vec()); self.0 .open( enc.0.as_slice(), diff --git a/provider-example/tests/hpke.rs b/provider-example/tests/hpke.rs index b8e124da10..9925cc2b49 100644 --- a/provider-example/tests/hpke.rs +++ b/provider-example/tests/hpke.rs @@ -30,11 +30,11 @@ fn check_test_vectors() { let pt = hex::decode(enc.pt).unwrap(); let (enc, ciphertext) = hpke - .seal(&pk_r, &info, &aad, &pt) + .seal(&info, &aad, &pt, &pk_r) .unwrap(); let plaintext = hpke - .open(&enc, &sk_r, &info, &aad, &ciphertext) + .open(&enc, &info, &aad, &ciphertext, &sk_r) .unwrap(); assert_eq!(plaintext, pt); } diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index cd0e6a8949..c96a8071e7 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -39,31 +39,32 @@ pub struct HpkeSuite { /// An HPKE instance that can be used for base-mode single-shot encryption and decryption. pub trait Hpke: Debug + Send + Sync { - /// Seal the provided `plaintext` to the recipient public key `pk_r` with application supplied + /// Seal the provided `plaintext` to the recipient public key `pub_key` with application supplied /// `info`, and additional data `aad`. /// /// Returns ciphertext that can be used with [Self::open] by the recipient to recover plaintext - /// using the same `info` and `aad` and the private key corresponding to `pk_r`. + /// using the same `info` and `aad` and the private key corresponding to `pub_key`. RFC 9180 + /// refers to `pub_key` as `pkR`. fn seal( &mut self, - pk_r: &HpkePublicKey, info: &[u8], aad: &[u8], plaintext: &[u8], + pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Vec), Error>; /// Open the provided `ciphertext` using the encapsulated secret `enc`, with application /// supplied `info`, and additional data `aad`. /// /// Returns plaintext if the `info` and `aad` match those used with [Self::seal], and - /// decryption with `sk_r` succeeds. + /// decryption with `secret_key` succeeds. RFC 9180 refers to `secret_key` as `skR`. fn open( &mut self, enc: &EncapsulatedSecret, - sk_r: &HpkePrivateKey, info: &[u8], aad: &[u8], ciphertext: &[u8], + secret_key: &HpkePrivateKey, ) -> Result, Error>; } From 9ab0139f5d82c94ad055761c1fc71212bbd4fa03 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 20 Dec 2023 10:15:32 -0500 Subject: [PATCH 0640/1145] crypto: add stateful HPKE interfaces Encrypted Client Hello support requires that clients maintain the HPKE sealer context between sending an initial client hello, and processing a hello retry request, such that the subsequent client hello can re-use the HPKE state. This commit updates the HPKE trait to add `setup_sealer` and `setup_opener` fns in addition to the "one-shot" APIs. New `HpkeSealer` and `HpkeOpener` traits are used to represent the stateful sender/receiver contexts in a backend neutral way. The existing hpke-rs provider example is updated to implement the new required traits and fns. --- provider-example/src/hpke.rs | 62 ++++++++++++++++++++++++++++++++++-- rustls/src/crypto/hpke.rs | 42 +++++++++++++++++++++++- 2 files changed, 101 insertions(+), 3 deletions(-) diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index 4685898f43..2907b89d05 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -8,7 +8,8 @@ use hpke_rs_crypto::types::{AeadAlgorithm, KdfAlgorithm, KemAlgorithm}; use hpke_rs_crypto::HpkeCrypto; use hpke_rs_rust_crypto::HpkeRustCrypto; use rustls::crypto::hpke::{ - EncapsulatedSecret, Hpke, HpkePrivateKey, HpkeProvider, HpkePublicKey, HpkeSuite, + EncapsulatedSecret, Hpke, HpkeOpener, HpkePrivateKey, HpkeProvider, HpkePublicKey, HpkeSealer, + HpkeSuite, }; use rustls::{Error, OtherError}; @@ -19,7 +20,7 @@ pub static HPKE_PROVIDER: &'static dyn HpkeProvider = &HpkeRsProvider {}; struct HpkeRsProvider {} impl HpkeProvider for HpkeRsProvider { - fn start(&self, suite: &HpkeSuite) -> Result, Error> { + fn start(&self, suite: &HpkeSuite) -> Result, Error> { Ok(Box::new(HpkeRs(hpke_rs::Hpke::new( hpke_rs::Mode::Base, KemAlgorithm::try_from(suite.kem.get_u16()).map_err(other_err)?, @@ -67,6 +68,22 @@ impl Hpke for HpkeRs { Ok((EncapsulatedSecret(enc.to_vec()), ciphertext)) } + fn setup_sealer( + &mut self, + info: &[u8], + pub_key: &HpkePublicKey, + ) -> Result<(EncapsulatedSecret, Box), Error> { + let pk_r = hpke_rs::HpkePublicKey::new(pub_key.0.clone()); + let (enc, context) = self + .0 + .setup_sender(&pk_r, info, None, None, None) + .map_err(other_err)?; + Ok(( + EncapsulatedSecret(enc.to_vec()), + Box::new(HpkeRsSender { context }), + )) + } + fn open( &mut self, enc: &EncapsulatedSecret, @@ -89,6 +106,47 @@ impl Hpke for HpkeRs { ) .map_err(other_err) } + + fn setup_opener( + &mut self, + enc: &EncapsulatedSecret, + info: &[u8], + secret_key: &HpkePrivateKey, + ) -> Result, Error> { + let sk_r = hpke_rs::HpkePrivateKey::new(secret_key.secret_bytes().to_vec()); + Ok(Box::new(HpkeRsReceiver { + context: self + .0 + .setup_receiver(enc.0.as_slice(), &sk_r, info, None, None, None) + .map_err(other_err)?, + })) + } +} + +#[derive(Debug)] +struct HpkeRsSender { + context: hpke_rs::Context, +} + +impl HpkeSealer for HpkeRsSender { + fn seal(&mut self, aad: &[u8], plaintext: &[u8]) -> Result, Error> { + self.context + .seal(aad, plaintext) + .map_err(other_err) + } +} + +#[derive(Debug)] +struct HpkeRsReceiver { + context: hpke_rs::Context, +} + +impl HpkeOpener for HpkeRsReceiver { + fn open(&mut self, aad: &[u8], ciphertext: &[u8]) -> Result, Error> { + self.context + .open(aad, ciphertext) + .map_err(other_err) + } } #[cfg(feature = "std")] diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index c96a8071e7..b66aee5c4b 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -19,7 +19,7 @@ pub trait HpkeProvider: Debug + Send + Sync + 'static { /// Start setting up to use HPKE in base mode with the chosen suite. /// /// May return an error if the suite is unsupported by the provider. - fn start(&self, suite: &HpkeSuite) -> Result, Error>; + fn start(&self, suite: &HpkeSuite) -> Result, Error>; /// Does the provider support the given [HpkeSuite]? fn supports_suite(&self, suite: &HpkeSuite) -> bool; @@ -53,6 +53,16 @@ pub trait Hpke: Debug + Send + Sync { pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Vec), Error>; + /// Set up a sealer context for the receiver public key `pub_key` with application supplied `info`. + /// + /// Returns both an encapsulated ciphertext and a sealer context that can be used to seal + /// messages to the recipient. RFC 9180 refers to `pub_key` as `pkR`. + fn setup_sealer( + &mut self, + info: &[u8], + pub_key: &HpkePublicKey, + ) -> Result<(EncapsulatedSecret, Box), Error>; + /// Open the provided `ciphertext` using the encapsulated secret `enc`, with application /// supplied `info`, and additional data `aad`. /// @@ -66,6 +76,36 @@ pub trait Hpke: Debug + Send + Sync { ciphertext: &[u8], secret_key: &HpkePrivateKey, ) -> Result, Error>; + + /// Set up an opener context for the secret key `secret_key` with application supplied `info`. + /// + /// Returns an opener context that can be used to open sealed messages encrypted to the + /// public key corresponding to `secret_key`. RFC 9180 refers to `secret_key` as `skR`. + fn setup_opener( + &mut self, + enc: &EncapsulatedSecret, + info: &[u8], + secret_key: &HpkePrivateKey, + ) -> Result, Error>; +} + +/// An HPKE sealer context. +/// +/// This is a stateful object that can be used to seal messages for receipt by +/// a receiver. +pub trait HpkeSealer: Debug + Send + Sync { + /// Seal the provided `plaintext` with additional data `aad`, returning + /// ciphertext. + fn seal(&mut self, aad: &[u8], plaintext: &[u8]) -> Result, Error>; +} + +/// An HPKE opener context. +/// +/// This is a stateful object that can be used to open sealed messages sealed +/// by a sender. +pub trait HpkeOpener: Debug + Send + Sync { + /// Open the provided `ciphertext` with additional data `aad`, returning plaintext. + fn open(&mut self, aad: &[u8], ciphertext: &[u8]) -> Result, Error>; } /// An HPKE public key. From 461c6936ce774af4246a2ccf88cfc374908c373b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Dec 2023 14:50:34 -0500 Subject: [PATCH 0641/1145] msgs: derive Copy for HpkeSymmetricCipherSuite This type holds simple numeric identifiers and can be cheaply copied. --- rustls/src/msgs/handshake.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index d176876ae3..de932b253d 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2271,7 +2271,7 @@ impl HandshakeMessagePayload { } } -#[derive(Clone, Debug, Default, Eq, PartialEq)] +#[derive(Clone, Copy, Debug, Default, Eq, PartialEq)] pub struct HpkeSymmetricCipherSuite { pub kdf_id: HpkeKdf, pub aead_id: HpkeAead, From e855192df65b4bdb50da7e8956f66a6e740acf9e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 8 Jan 2024 15:25:42 -0500 Subject: [PATCH 0642/1145] crypto: tighten up HPKE lifetime bounds In practice we need `'static` here to be able to easily hold `Box` and friends. Our existing provider implementation already matches this lifetime bound. --- provider-example/src/hpke.rs | 6 +++--- rustls/src/crypto/hpke.rs | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index 2907b89d05..71ce48367c 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -20,7 +20,7 @@ pub static HPKE_PROVIDER: &'static dyn HpkeProvider = &HpkeRsProvider {}; struct HpkeRsProvider {} impl HpkeProvider for HpkeRsProvider { - fn start(&self, suite: &HpkeSuite) -> Result, Error> { + fn start(&self, suite: &HpkeSuite) -> Result, Error> { Ok(Box::new(HpkeRs(hpke_rs::Hpke::new( hpke_rs::Mode::Base, KemAlgorithm::try_from(suite.kem.get_u16()).map_err(other_err)?, @@ -72,7 +72,7 @@ impl Hpke for HpkeRs { &mut self, info: &[u8], pub_key: &HpkePublicKey, - ) -> Result<(EncapsulatedSecret, Box), Error> { + ) -> Result<(EncapsulatedSecret, Box), Error> { let pk_r = hpke_rs::HpkePublicKey::new(pub_key.0.clone()); let (enc, context) = self .0 @@ -112,7 +112,7 @@ impl Hpke for HpkeRs { enc: &EncapsulatedSecret, info: &[u8], secret_key: &HpkePrivateKey, - ) -> Result, Error> { + ) -> Result, Error> { let sk_r = hpke_rs::HpkePrivateKey::new(secret_key.secret_bytes().to_vec()); Ok(Box::new(HpkeRsReceiver { context: self diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index b66aee5c4b..999f495d52 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -19,7 +19,7 @@ pub trait HpkeProvider: Debug + Send + Sync + 'static { /// Start setting up to use HPKE in base mode with the chosen suite. /// /// May return an error if the suite is unsupported by the provider. - fn start(&self, suite: &HpkeSuite) -> Result, Error>; + fn start(&self, suite: &HpkeSuite) -> Result, Error>; /// Does the provider support the given [HpkeSuite]? fn supports_suite(&self, suite: &HpkeSuite) -> bool; @@ -61,7 +61,7 @@ pub trait Hpke: Debug + Send + Sync { &mut self, info: &[u8], pub_key: &HpkePublicKey, - ) -> Result<(EncapsulatedSecret, Box), Error>; + ) -> Result<(EncapsulatedSecret, Box), Error>; /// Open the provided `ciphertext` using the encapsulated secret `enc`, with application /// supplied `info`, and additional data `aad`. @@ -86,14 +86,14 @@ pub trait Hpke: Debug + Send + Sync { enc: &EncapsulatedSecret, info: &[u8], secret_key: &HpkePrivateKey, - ) -> Result, Error>; + ) -> Result, Error>; } /// An HPKE sealer context. /// /// This is a stateful object that can be used to seal messages for receipt by /// a receiver. -pub trait HpkeSealer: Debug + Send + Sync { +pub trait HpkeSealer: Debug + Send + Sync + 'static { /// Seal the provided `plaintext` with additional data `aad`, returning /// ciphertext. fn seal(&mut self, aad: &[u8], plaintext: &[u8]) -> Result, Error>; @@ -103,7 +103,7 @@ pub trait HpkeSealer: Debug + Send + Sync { /// /// This is a stateful object that can be used to open sealed messages sealed /// by a sender. -pub trait HpkeOpener: Debug + Send + Sync { +pub trait HpkeOpener: Debug + Send + Sync + 'static { /// Open the provided `ciphertext` with additional data `aad`, returning plaintext. fn open(&mut self, aad: &[u8], ciphertext: &[u8]) -> Result, Error>; } From 166b598032c22a281f559ba9f3561b9b4e42026b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 20 Dec 2023 11:51:32 -0500 Subject: [PATCH 0643/1145] crypto: make EncapsulatedSecret derive Debug --- rustls/src/crypto/hpke.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index 999f495d52..ec38f35127 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -136,4 +136,5 @@ pub struct HpkeKeyPair { } /// An encapsulated secret returned from setting up a sender or receiver context. +#[derive(Debug)] pub struct EncapsulatedSecret(pub Vec); From 1a2405a26ec522668c755817bcf665d848876e38 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 2 Jan 2024 11:34:01 -0500 Subject: [PATCH 0644/1145] provider-example: clarify the hpke-rs backend --- provider-example/src/hpke.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index 71ce48367c..f446b3e459 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -15,7 +15,7 @@ use rustls::{Error, OtherError}; pub static HPKE_PROVIDER: &'static dyn HpkeProvider = &HpkeRsProvider {}; -/// A Rustls HPKE provider backed by hpke-rs. +/// A Rustls HPKE provider backed by hpke-rs and the RustCrypto backend. #[derive(Debug)] struct HpkeRsProvider {} From e521e949121c946d3c92d5fe51034c63839e2216 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 8 Jan 2024 15:50:04 -0500 Subject: [PATCH 0645/1145] handshake: derive PartialEq on more types As part of implementing client-side ECH support we will want to be able to return a `PeerIncompatible` error variant that includes ECH configs to use for potential retry. Since `PeerIncompatible` derives `PartialEq` we need to thread derivations of this trait down through the `EchConfig` and associated types. --- rustls/src/msgs/handshake.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index de932b253d..4507b98da3 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -182,7 +182,7 @@ impl SessionId { } } -#[derive(Clone, Debug)] +#[derive(Clone, Debug, PartialEq)] pub struct UnknownExtension { pub(crate) typ: ExtensionType, pub(crate) payload: Payload, @@ -2295,7 +2295,7 @@ impl TlsListElement for HpkeSymmetricCipherSuite { const SIZE_LEN: ListLength = ListLength::U16; } -#[derive(Clone, Debug)] +#[derive(Clone, Debug, PartialEq)] pub struct HpkeKeyConfig { pub config_id: u8, pub kem_id: HpkeKem, @@ -2322,7 +2322,7 @@ impl Codec for HpkeKeyConfig { } } -#[derive(Clone, Debug)] +#[derive(Clone, Debug, PartialEq)] pub struct EchConfigContents { pub key_config: HpkeKeyConfig, pub maximum_name_length: u8, @@ -2353,7 +2353,7 @@ impl Codec for EchConfigContents { } } -#[derive(Clone, Debug)] +#[derive(Clone, Debug, PartialEq)] pub struct EchConfig { pub version: EchVersion, pub contents: EchConfigContents, From ab774c73cdd267d564b81d07907c068620b5ab8b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 8 Jan 2024 15:51:50 -0500 Subject: [PATCH 0646/1145] handshake: derive Clone on a few more messages To support implementing client-side ECH we'll need to clone a few message types to make modifications. This commit adds derived `Clone` implementations for `ClientHelloPayload`, `HelloRetryExtension` and `ServerHelloPayload`. --- rustls/src/msgs/handshake.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 4507b98da3..a61227cf36 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -793,7 +793,7 @@ impl ServerExtension { } } -#[derive(Debug)] +#[derive(Clone, Debug)] pub struct ClientHelloPayload { pub client_version: ProtocolVersion, pub random: Random, @@ -1010,7 +1010,7 @@ impl ClientHelloPayload { } } -#[derive(Debug)] +#[derive(Clone, Debug)] pub(crate) enum HelloRetryExtension { KeyShare(NamedGroup), Cookie(PayloadU16), @@ -1158,7 +1158,7 @@ impl HelloRetryRequest { } } -#[derive(Debug)] +#[derive(Clone, Debug)] pub struct ServerHelloPayload { pub(crate) legacy_version: ProtocolVersion, pub(crate) random: Random, From b1c0a29b6a404b8814f7df9ae4070b0fbfd3c7c8 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Mon, 4 Dec 2023 10:34:44 -0500 Subject: [PATCH 0647/1145] Batch discard operations --- fuzz/fuzzers/deframer.rs | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/fuzz/fuzzers/deframer.rs b/fuzz/fuzzers/deframer.rs index b46459addf..7961d20d19 100644 --- a/fuzz/fuzzers/deframer.rs +++ b/fuzz/fuzzers/deframer.rs @@ -20,10 +20,21 @@ fuzz_target!(|data: &[u8]| { buf.has_pending(); let mut rl = RecordLayer::new(); - let mut borrowed_buf = buf.borrow(); - while let Ok(Some(decrypted)) = dfm.pop(&mut rl, None, &mut borrowed_buf) { - Message::try_from(decrypted.message).ok(); + let mut discard = 0; + + loop { + let mut borrowed_buf = buf.borrow(); + borrowed_buf.queue_discard(discard); + + let res = dfm.pop(&mut rl, None, &mut borrowed_buf); + discard = borrowed_buf.pending_discard(); + + if let Ok(Some(decrypted)) = res { + Message::try_from(decrypted.message).ok(); + } else { + break; + } } - let discard = borrowed_buf.pending_discard(); + buf.discard(discard); }); From b068ca364364632a646193d273982de14afcb715 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Thu, 7 Dec 2023 12:19:16 -0500 Subject: [PATCH 0648/1145] maximize lifetimes in Reader API Co-authored-by: Jorge Aparicio --- rustls/src/msgs/codec.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index 55d246ffe0..87923d2cbf 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -19,7 +19,7 @@ pub struct Reader<'a> { impl<'a> Reader<'a> { /// Creates a new Reader of the provided `bytes` slice with /// the initial cursor position of zero. - pub fn init(bytes: &[u8]) -> Reader { + pub fn init(bytes: &'a [u8]) -> Self { Reader { buffer: bytes, cursor: 0, @@ -29,7 +29,7 @@ impl<'a> Reader<'a> { /// Attempts to create a new Reader on a sub section of this /// readers bytes by taking a slice of the provided `length` /// will return None if there is not enough bytes - pub fn sub(&mut self, length: usize) -> Result { + pub fn sub(&mut self, length: usize) -> Result { match self.take(length) { Some(bytes) => Ok(Reader::init(bytes)), None => Err(InvalidMessage::MessageTooShort), @@ -40,7 +40,7 @@ impl<'a> Reader<'a> { /// that appear after the cursor position. /// /// Moves the cursor to the end of the buffer length. - pub fn rest(&mut self) -> &[u8] { + pub fn rest(&mut self) -> &'a [u8] { let rest = &self.buffer[self.cursor..]; self.cursor = self.buffer.len(); rest @@ -50,7 +50,7 @@ impl<'a> Reader<'a> { /// cursor position of `length` if there is not enough /// bytes remaining after the cursor to take the length /// then None is returned instead. - pub fn take(&mut self, length: usize) -> Option<&[u8]> { + pub fn take(&mut self, length: usize) -> Option<&'a [u8]> { if self.left() < length { return None; } From ef41a6dbd6f056bf683acc0148aa2efbc3647e8b Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Thu, 7 Dec 2023 12:21:46 -0500 Subject: [PATCH 0649/1145] introduce ReaderMut Co-authored-by: Jorge Aparicio --- rustls/src/msgs/codec.rs | 64 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index 87923d2cbf..140e2c8976 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -1,7 +1,7 @@ use crate::error::InvalidMessage; use alloc::vec::Vec; -use core::fmt::Debug; +use core::{fmt::Debug, mem}; /// Wrapper over a slice of bytes that allows reading chunks from /// with the current position state held using a cursor. @@ -85,6 +85,68 @@ impl<'a> Reader<'a> { } } +/// A version of [`Reader`] that operates on mutable slices +pub(crate) struct ReaderMut<'a> { + /// The underlying buffer storing the readers content + buffer: &'a mut [u8], + used: usize, +} + +#[allow(dead_code)] // TODO(@cpu): remove in "introduce and expose BorrowedOpaqueMessage" +impl<'a> ReaderMut<'a> { + pub(crate) fn init(bytes: &'a mut [u8]) -> Self { + Self { + buffer: bytes, + used: 0, + } + } + + pub(crate) fn sub(&mut self, length: usize) -> Result { + match self.take(length) { + Some(bytes) => Ok(ReaderMut::init(bytes)), + None => Err(InvalidMessage::MessageTooShort), + } + } + + pub(crate) fn rest(&mut self) -> &'a mut [u8] { + let rest = mem::take(&mut self.buffer); + self.used += rest.len(); + rest + } + + pub(crate) fn take(&mut self, length: usize) -> Option<&'a mut [u8]> { + if self.left() < length { + return None; + } + let (taken, rest) = mem::take(&mut self.buffer).split_at_mut(length); + self.used += taken.len(); + self.buffer = rest; + Some(taken) + } + + pub(crate) fn used(&self) -> usize { + self.used + } + + pub(crate) fn left(&self) -> usize { + self.buffer.len() + } + + pub(crate) fn as_reader(&mut self, f: impl FnOnce(&mut Reader) -> T) -> T { + let mut r = Reader { + buffer: self.buffer, + cursor: 0, + }; + let ret = f(&mut r); + let cursor = r.cursor; + self.used += cursor; + let (_used, rest) = mem::take(&mut self.buffer).split_at_mut(cursor); + self.buffer = rest; + + ret + } +} + /// Trait for implementing encoding and decoding functionality /// on something. pub trait Codec: Debug + Sized { From e6dede5f5fd5d0986ef74d12d3fd34b4494a7e8b Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Thu, 7 Dec 2023 12:23:19 -0500 Subject: [PATCH 0650/1145] introduce and expose BorrowedPayload Co-authored-by: Jorge Aparicio --- rustls/src/crypto/cipher.rs | 1 + rustls/src/msgs/base.rs | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index d1ac707c4e..66ed7e76fd 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -5,6 +5,7 @@ use std::error::Error as StdError; use crate::enums::{ContentType, ProtocolVersion}; use crate::error::Error; +pub use crate::msgs::base::BorrowedPayload; use crate::msgs::codec; pub use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; use crate::suites::ConnectionTrafficSecrets; diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index 1ef8b901c0..85afc6f71c 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -4,10 +4,13 @@ use crate::msgs::codec::{Codec, Reader}; use alloc::vec::Vec; use core::fmt; +use core::ops::{Deref, DerefMut}; use pki_types::CertificateDer; use zeroize::Zeroize; +use super::codec::ReaderMut; + /// An externally length'd payload #[derive(Clone, Eq, PartialEq)] pub struct Payload(pub Vec); @@ -36,6 +39,30 @@ impl Payload { } } +/// Non-owning version of [`Payload`] +pub struct BorrowedPayload<'a>(&'a mut [u8]); + +impl Deref for BorrowedPayload<'_> { + type Target = [u8]; + + fn deref(&self) -> &Self::Target { + self.0 + } +} + +impl<'a> DerefMut for BorrowedPayload<'a> { + fn deref_mut(&mut self) -> &mut Self::Target { + self.0 + } +} + +impl<'a> BorrowedPayload<'a> { + #[allow(dead_code)] // TODO(@cpu): remove in "introduce and expose BorrowedOpaqueMessage" + pub(crate) fn read(r: &mut ReaderMut<'a>) -> Self { + Self(r.rest()) + } +} + impl<'a> Codec for CertificateDer<'a> { fn encode(&self, bytes: &mut Vec) { codec::u24(self.as_ref().len() as u32).encode(bytes); From aa820d1e382513cf020f0bf2ef530f5ae79582ae Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Thu, 7 Dec 2023 12:26:24 -0500 Subject: [PATCH 0651/1145] introduce and expose BorrowedOpaqueMessage Co-authored-by: Jorge Aparicio --- rustls/src/crypto/cipher.rs | 4 +- rustls/src/msgs/base.rs | 1 - rustls/src/msgs/codec.rs | 2 +- rustls/src/msgs/message.rs | 92 ++++++++++++++++++++++++++----------- 4 files changed, 68 insertions(+), 31 deletions(-) diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 66ed7e76fd..4e6e5a8386 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -7,7 +7,9 @@ use crate::enums::{ContentType, ProtocolVersion}; use crate::error::Error; pub use crate::msgs::base::BorrowedPayload; use crate::msgs::codec; -pub use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +pub use crate::msgs::message::{ + BorrowedOpaqueMessage, BorrowedPlainMessage, OpaqueMessage, PlainMessage, +}; use crate::suites::ConnectionTrafficSecrets; use zeroize::Zeroize; diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index 85afc6f71c..5f47112dde 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -57,7 +57,6 @@ impl<'a> DerefMut for BorrowedPayload<'a> { } impl<'a> BorrowedPayload<'a> { - #[allow(dead_code)] // TODO(@cpu): remove in "introduce and expose BorrowedOpaqueMessage" pub(crate) fn read(r: &mut ReaderMut<'a>) -> Self { Self(r.rest()) } diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index 140e2c8976..c434c3d77d 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -92,7 +92,6 @@ pub(crate) struct ReaderMut<'a> { used: usize, } -#[allow(dead_code)] // TODO(@cpu): remove in "introduce and expose BorrowedOpaqueMessage" impl<'a> ReaderMut<'a> { pub(crate) fn init(bytes: &'a mut [u8]) -> Self { Self { @@ -124,6 +123,7 @@ impl<'a> ReaderMut<'a> { Some(taken) } + #[allow(dead_code)] // TODO(@cpu): Remove in "use BorrowedOpaqueMessage in MessageDeframer". pub(crate) fn used(&self) -> usize { self.used } diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index abe05d284f..1264d07f31 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -12,6 +12,9 @@ use crate::msgs::handshake::HandshakeMessagePayload; use alloc::vec::Vec; +use super::base::BorrowedPayload; +use super::codec::ReaderMut; + #[derive(Debug)] pub enum MessagePayload { Alert(AlertMessagePayload), @@ -116,34 +119,7 @@ impl OpaqueMessage { /// `MessageError` allows callers to distinguish between valid prefixes (might /// become valid if we read more data) and invalid data. pub fn read(r: &mut Reader) -> Result { - let typ = ContentType::read(r).map_err(|_| MessageError::TooShortForHeader)?; - // Don't accept any new content-types. - if let ContentType::Unknown(_) = typ { - return Err(MessageError::InvalidContentType); - } - - let version = ProtocolVersion::read(r).map_err(|_| MessageError::TooShortForHeader)?; - // Accept only versions 0x03XX for any XX. - match version { - ProtocolVersion::Unknown(ref v) if (v & 0xff00) != 0x0300 => { - return Err(MessageError::UnknownProtocolVersion); - } - _ => {} - }; - - let len = u16::read(r).map_err(|_| MessageError::TooShortForHeader)?; - - // Reject undersize messages - // implemented per section 5.1 of RFC8446 (TLSv1.3) - // per section 6.2.1 of RFC5246 (TLSv1.2) - if typ != ContentType::ApplicationData && len == 0 { - return Err(MessageError::InvalidEmptyPayload); - } - - // Reject oversize messages - if len >= Self::MAX_PAYLOAD { - return Err(MessageError::MessageTooLarge); - } + let (typ, version, len) = read_opaque_message_header(r)?; let mut sub = r .sub(len as usize) @@ -214,6 +190,66 @@ impl OpaqueMessage { pub const MAX_WIRE_SIZE: usize = (Self::MAX_PAYLOAD + Self::HEADER_SIZE) as usize; } +/// A borrowed version of [`OpaqueMessage`]. +pub struct BorrowedOpaqueMessage<'a> { + pub typ: ContentType, + pub version: ProtocolVersion, + pub payload: BorrowedPayload<'a>, +} + +#[allow(dead_code)] +impl<'a> BorrowedOpaqueMessage<'a> { + pub(crate) fn read(r: &mut ReaderMut<'a>) -> Result { + let (typ, version, len) = r.as_reader(read_opaque_message_header)?; + + let mut sub = r + .sub(len as usize) + .map_err(|_| MessageError::TooShortForLength)?; + let payload = BorrowedPayload::read(&mut sub); + + Ok(Self { + typ, + version, + payload, + }) + } +} + +fn read_opaque_message_header( + r: &mut Reader<'_>, +) -> Result<(ContentType, ProtocolVersion, u16), MessageError> { + let typ = ContentType::read(r).map_err(|_| MessageError::TooShortForHeader)?; + // Don't accept any new content-types. + if let ContentType::Unknown(_) = typ { + return Err(MessageError::InvalidContentType); + } + + let version = ProtocolVersion::read(r).map_err(|_| MessageError::TooShortForHeader)?; + // Accept only versions 0x03XX for any XX. + match version { + ProtocolVersion::Unknown(ref v) if (v & 0xff00) != 0x0300 => { + return Err(MessageError::UnknownProtocolVersion); + } + _ => {} + }; + + let len = u16::read(r).map_err(|_| MessageError::TooShortForHeader)?; + + // Reject undersize messages + // implemented per section 5.1 of RFC8446 (TLSv1.3) + // per section 6.2.1 of RFC5246 (TLSv1.2) + if typ != ContentType::ApplicationData && len == 0 { + return Err(MessageError::InvalidEmptyPayload); + } + + // Reject oversize messages + if len >= OpaqueMessage::MAX_PAYLOAD { + return Err(MessageError::MessageTooLarge); + } + + Ok((typ, version, len)) +} + /// `v` is a message payload, immediately post-decryption. This function /// removes zero padding bytes, until a non-zero byte is encountered which is /// the content type, which is returned. See RFC8446 s5.2. From 1b551e712e31f15f2b127d8dab2d98d5175f42b2 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Mon, 18 Dec 2023 11:27:36 -0500 Subject: [PATCH 0652/1145] use BorrowedOpaqueMessage in MessageDeframer --- rustls/src/msgs/codec.rs | 1 - rustls/src/msgs/deframer.rs | 14 ++++++++++---- rustls/src/msgs/message.rs | 13 +++++++++++++ 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index c434c3d77d..43ba49d0d4 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -123,7 +123,6 @@ impl<'a> ReaderMut<'a> { Some(taken) } - #[allow(dead_code)] // TODO(@cpu): Remove in "use BorrowedOpaqueMessage in MessageDeframer". pub(crate) fn used(&self) -> usize { self.used } diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 6da2d9d4a7..17b8583158 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -5,7 +5,7 @@ use std::io; use super::base::Payload; use super::codec::Codec; -use super::message::PlainMessage; +use super::message::{BorrowedOpaqueMessage, PlainMessage}; use crate::enums::{ContentType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; use crate::msgs::codec; @@ -66,9 +66,9 @@ impl MessageDeframer { // Does our `buf` contain a full message? It does if it is big enough to // contain a header, and that header has a length which falls within `buf`. // If so, deframe it and place the message onto the frames output queue. - let mut rd = codec::Reader::init(buffer.filled_get(start..)); - let m = match OpaqueMessage::read(&mut rd) { - Ok(m) => m, + let mut rd = codec::ReaderMut::init(buffer.filled_get_mut(start..)); + let m = match BorrowedOpaqueMessage::read(&mut rd) { + Ok(m) => m.into_owned(), Err(msg_err) => { let err_kind = match msg_err { MessageError::TooShortForHeader | MessageError::TooShortForLength => { @@ -491,6 +491,12 @@ fn copy_into_buffer(buf: &mut [u8], src: &[u8], at: usize) { } trait FilledDeframerBuffer { + fn filled_get_mut>(&mut self, index: I) -> &mut I::Output { + self.filled_mut() + .get_mut(index) + .unwrap() + } + fn filled_mut(&mut self) -> &mut [u8]; fn filled_get(&self, index: I) -> &I::Output diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index 1264d07f31..80d00a75c0 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -213,6 +213,19 @@ impl<'a> BorrowedOpaqueMessage<'a> { payload, }) } + + pub(crate) fn into_owned(self) -> OpaqueMessage { + let Self { + typ, + version, + payload, + } = self; + OpaqueMessage { + typ, + version, + payload: Payload::new(&*payload), + } + } } fn read_opaque_message_header( From dc4cf38c03ef92adcfc65c670c790fc6c50f24ba Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Mon, 18 Dec 2023 11:31:49 -0500 Subject: [PATCH 0653/1145] make Decrypt trait use Borrowed{Opaque,Plain}Message --- provider-example/src/aead.rs | 51 ++++++++++---- rustls/src/crypto/aws_lc_rs/tls12.rs | 26 +++++--- rustls/src/crypto/aws_lc_rs/tls13.rs | 22 +++++-- rustls/src/crypto/cipher.rs | 12 +++- rustls/src/crypto/ring/tls12.rs | 26 +++++--- rustls/src/crypto/ring/tls13.rs | 14 ++-- rustls/src/msgs/base.rs | 30 +++++++++ rustls/src/msgs/deframer.rs | 7 +- rustls/src/msgs/message.rs | 99 +++++++++++++++++----------- rustls/src/record_layer.rs | 20 +++--- 10 files changed, 212 insertions(+), 95 deletions(-) diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index f17536d84b..2fe030c593 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -1,8 +1,11 @@ use alloc::boxed::Box; use alloc::vec::Vec; +use chacha20poly1305::aead::Buffer; use chacha20poly1305::{AeadInPlace, KeyInit, KeySizeUser}; -use rustls::crypto::cipher::{self, AeadKey, Iv, UnsupportedOperationError, NONCE_LEN}; +use rustls::crypto::cipher::{ + self, AeadKey, BorrowedPayload, Iv, UnsupportedOperationError, NONCE_LEN, +}; use rustls::{ConnectionTrafficSecrets, ContentType, ProtocolVersion}; pub struct Chacha20Poly1305; @@ -114,17 +117,17 @@ impl cipher::MessageEncrypter for Tls13Cipher { } impl cipher::MessageDecrypter for Tls13Cipher { - fn decrypt( + fn decrypt<'a>( &mut self, - mut m: cipher::OpaqueMessage, + mut m: cipher::BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result { - let payload = m.payload_mut(); + ) -> Result, rustls::Error> { + let payload = &mut m.payload; let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); let aad = cipher::make_tls13_aad(payload.len()); self.0 - .decrypt_in_place(&nonce, &aad, payload) + .decrypt_in_place(&nonce, &aad, &mut BufferAdapter(payload)) .map_err(|_| rustls::Error::DecryptError)?; m.into_tls13_unpadded_message() @@ -159,12 +162,12 @@ impl cipher::MessageEncrypter for Tls12Cipher { } impl cipher::MessageDecrypter for Tls12Cipher { - fn decrypt( + fn decrypt<'a>( &mut self, - mut m: cipher::OpaqueMessage, + mut m: cipher::BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result { - let payload = m.payload(); + ) -> Result, rustls::Error> { + let payload = &m.payload; let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); let aad = cipher::make_tls12_aad( seq, @@ -173,9 +176,9 @@ impl cipher::MessageDecrypter for Tls12Cipher { payload.len() - CHACHAPOLY1305_OVERHEAD, ); - let payload = m.payload_mut(); + let payload = &mut m.payload; self.0 - .decrypt_in_place(&nonce, &aad, payload) + .decrypt_in_place(&nonce, &aad, &mut BufferAdapter(payload)) .map_err(|_| rustls::Error::DecryptError)?; Ok(m.into_plain_message()) @@ -183,3 +186,27 @@ impl cipher::MessageDecrypter for Tls12Cipher { } const CHACHAPOLY1305_OVERHEAD: usize = 16; + +struct BufferAdapter<'a, 'p>(&'a mut BorrowedPayload<'p>); + +impl AsRef<[u8]> for BufferAdapter<'_, '_> { + fn as_ref(&self) -> &[u8] { + self.0 + } +} + +impl AsMut<[u8]> for BufferAdapter<'_, '_> { + fn as_mut(&mut self) -> &mut [u8] { + self.0 + } +} + +impl Buffer for BufferAdapter<'_, '_> { + fn extend_from_slice(&mut self, _: &[u8]) -> chacha20poly1305::aead::Result<()> { + unreachable!("not used by `AeadInPlace::decrypt_in_place`") + } + + fn truncate(&mut self, len: usize) { + self.0.truncate(len) + } +} diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 66d906110d..0ef42f68b0 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -1,13 +1,13 @@ use crate::crypto::cipher::{ - make_tls12_aad, AeadKey, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, - Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, + make_tls12_aad, AeadKey, BorrowedOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter, + MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, }; use crate::crypto::tls12::Prf; use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm}; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; -use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; @@ -252,8 +252,12 @@ const GCM_EXPLICIT_NONCE_LEN: usize = 8; const GCM_OVERHEAD: usize = GCM_EXPLICIT_NONCE_LEN + 16; impl MessageDecrypter for GcmMessageDecrypter { - fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { - let payload = msg.payload(); + fn decrypt<'a>( + &mut self, + mut msg: BorrowedOpaqueMessage<'a>, + seq: u64, + ) -> Result, Error> { + let payload = &msg.payload; if payload.len() < GCM_OVERHEAD { return Err(Error::DecryptError); } @@ -272,7 +276,7 @@ impl MessageDecrypter for GcmMessageDecrypter { payload.len() - GCM_OVERHEAD, )); - let payload = msg.payload_mut(); + let payload = &mut msg.payload; let plain_len = self .dec_key .open_within(nonce, aad, payload, GCM_EXPLICIT_NONCE_LEN..) @@ -330,8 +334,12 @@ struct ChaCha20Poly1305MessageDecrypter { const CHACHAPOLY1305_OVERHEAD: usize = 16; impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { - fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { - let payload = msg.payload(); + fn decrypt<'a>( + &mut self, + mut msg: BorrowedOpaqueMessage<'a>, + seq: u64, + ) -> Result, Error> { + let payload = &msg.payload; if payload.len() < CHACHAPOLY1305_OVERHEAD { return Err(Error::DecryptError); @@ -345,7 +353,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { payload.len() - CHACHAPOLY1305_OVERHEAD, )); - let payload = msg.payload_mut(); + let payload = &mut msg.payload; let plain_len = self .dec_key .open_in_place(nonce, aad, payload) diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index a1b750cf1c..782ad40df6 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -3,14 +3,14 @@ use alloc::vec::Vec; use crate::crypto; use crate::crypto::cipher::{ - make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, Tls13AeadAlgorithm, - UnsupportedOperationError, + make_tls13_aad, AeadKey, BorrowedOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce, + Tls13AeadAlgorithm, UnsupportedOperationError, }; use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec::Codec; -use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; @@ -235,8 +235,12 @@ impl MessageEncrypter for AeadMessageEncrypter { } impl MessageDecrypter for AeadMessageDecrypter { - fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { - let payload = msg.payload_mut(); + fn decrypt<'a>( + &mut self, + mut msg: BorrowedOpaqueMessage<'a>, + seq: u64, + ) -> Result, Error> { + let payload = &mut msg.payload; if payload.len() < self.dec_key.algorithm().tag_len() { return Err(Error::DecryptError); } @@ -290,8 +294,12 @@ struct GcmMessageDecrypter { } impl MessageDecrypter for GcmMessageDecrypter { - fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { - let payload = msg.payload_mut(); + fn decrypt<'a>( + &mut self, + mut msg: BorrowedOpaqueMessage<'a>, + seq: u64, + ) -> Result, Error> { + let payload = &mut msg.payload; if payload.len() < self.dec_key.algorithm().tag_len() { return Err(Error::DecryptError); } diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 4e6e5a8386..2ebc5a5cb4 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -127,7 +127,11 @@ pub struct KeyBlockShape { pub trait MessageDecrypter: Send + Sync { /// Decrypt the given TLS message `msg`, using the sequence number /// `seq` which can be used to derive a unique [`Nonce`]. - fn decrypt(&mut self, msg: OpaqueMessage, seq: u64) -> Result; + fn decrypt<'a>( + &mut self, + msg: BorrowedOpaqueMessage<'a>, + seq: u64, + ) -> Result, Error>; } /// Objects with this trait can encrypt TLS messages. @@ -317,7 +321,11 @@ impl MessageEncrypter for InvalidMessageEncrypter { struct InvalidMessageDecrypter {} impl MessageDecrypter for InvalidMessageDecrypter { - fn decrypt(&mut self, _m: OpaqueMessage, _seq: u64) -> Result { + fn decrypt<'a>( + &mut self, + _m: BorrowedOpaqueMessage<'a>, + _seq: u64, + ) -> Result, Error> { Err(Error::DecryptError) } } diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 5e2f030cf4..e79d6a5c5c 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -1,13 +1,13 @@ use crate::crypto::cipher::{ - make_tls12_aad, AeadKey, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, - Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, + make_tls12_aad, AeadKey, BorrowedOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter, + MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, }; use crate::crypto::tls12::PrfUsingHmac; use crate::crypto::KeyExchangeAlgorithm; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; -use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; @@ -237,8 +237,12 @@ const GCM_EXPLICIT_NONCE_LEN: usize = 8; const GCM_OVERHEAD: usize = GCM_EXPLICIT_NONCE_LEN + 16; impl MessageDecrypter for GcmMessageDecrypter { - fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { - let payload = msg.payload(); + fn decrypt<'a>( + &mut self, + mut msg: BorrowedOpaqueMessage<'a>, + seq: u64, + ) -> Result, Error> { + let payload = &msg.payload; if payload.len() < GCM_OVERHEAD { return Err(Error::DecryptError); } @@ -257,7 +261,7 @@ impl MessageDecrypter for GcmMessageDecrypter { payload.len() - GCM_OVERHEAD, )); - let payload = msg.payload_mut(); + let payload = &mut msg.payload; let plain_len = self .dec_key .open_within(nonce, aad, payload, GCM_EXPLICIT_NONCE_LEN..) @@ -315,8 +319,12 @@ struct ChaCha20Poly1305MessageDecrypter { const CHACHAPOLY1305_OVERHEAD: usize = 16; impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { - fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { - let payload = msg.payload(); + fn decrypt<'a>( + &mut self, + mut msg: BorrowedOpaqueMessage<'a>, + seq: u64, + ) -> Result, Error> { + let payload = &msg.payload; if payload.len() < CHACHAPOLY1305_OVERHEAD { return Err(Error::DecryptError); @@ -330,7 +338,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { payload.len() - CHACHAPOLY1305_OVERHEAD, )); - let payload = msg.payload_mut(); + let payload = &mut msg.payload; let plain_len = self .dec_key .open_in_place(nonce, aad, payload) diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 73d93d64db..630232b771 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -3,14 +3,14 @@ use alloc::vec::Vec; use crate::crypto; use crate::crypto::cipher::{ - make_tls13_aad, AeadKey, Iv, MessageDecrypter, MessageEncrypter, Nonce, Tls13AeadAlgorithm, - UnsupportedOperationError, + make_tls13_aad, AeadKey, BorrowedOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce, + Tls13AeadAlgorithm, UnsupportedOperationError, }; use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec::Codec; -use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; @@ -207,8 +207,12 @@ impl MessageEncrypter for Tls13MessageEncrypter { } impl MessageDecrypter for Tls13MessageDecrypter { - fn decrypt(&mut self, mut msg: OpaqueMessage, seq: u64) -> Result { - let payload = msg.payload_mut(); + fn decrypt<'a>( + &mut self, + mut msg: BorrowedOpaqueMessage<'a>, + seq: u64, + ) -> Result, Error> { + let payload = &mut msg.payload; if payload.len() < self.dec_key.algorithm().tag_len() { return Err(Error::DecryptError); } diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index 5f47112dde..60b51a0d59 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -57,9 +57,39 @@ impl<'a> DerefMut for BorrowedPayload<'a> { } impl<'a> BorrowedPayload<'a> { + #[cfg(test)] + pub(crate) fn new(bytes: &'a mut [u8]) -> Self { + Self(bytes) + } + + pub fn truncate(&mut self, len: usize) { + if len >= self.len() { + return; + } + + self.0 = core::mem::take(&mut self.0) + .split_at_mut(len) + .0; + } + pub(crate) fn read(r: &mut ReaderMut<'a>) -> Self { Self(r.rest()) } + + pub(crate) fn into_inner(self) -> &'a mut [u8] { + self.0 + } + + pub(crate) fn pop(&mut self) -> Option { + if self.is_empty() { + return None; + } + + let len = self.len(); + let last = self[len - 1]; + self.truncate(len - 1); + Some(last) + } } impl<'a> Codec for CertificateDer<'a> { diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 17b8583158..0e3f526e88 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -68,7 +68,7 @@ impl MessageDeframer { // If so, deframe it and place the message onto the frames output queue. let mut rd = codec::ReaderMut::init(buffer.filled_get_mut(start..)); let m = match BorrowedOpaqueMessage::read(&mut rd) { - Ok(m) => m.into_owned(), + Ok(m) => m, Err(msg_err) => { let err_kind = match msg_err { MessageError::TooShortForHeader | MessageError::TooShortForLength => { @@ -101,7 +101,7 @@ impl MessageDeframer { ContentType::Alert if version_is_tls13 && !record_layer.has_decrypted() - && m.payload().len() <= 2 => + && m.payload.len() <= 2 => { true } @@ -109,13 +109,14 @@ impl MessageDeframer { _ => false, }; if self.joining_hs.is_none() && allowed_plaintext { + let message = m.into_plain_message().into_owned(); // This is unencrypted. We check the contents later. buffer.queue_discard(end); return Ok(Some(Deframed { want_close_before_decrypt: false, aligned: true, trial_decryption_finished: false, - message: m.into_plain_message(), + message, })); } diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index 80d00a75c0..1b7cf2503b 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -84,9 +84,8 @@ impl MessagePayload { /// # Decryption /// Internally the message payload is stored as a `Vec`; this can by mutably borrowed with /// [`OpaqueMessage::payload_mut()`]. This is useful for decrypting a message in-place. -/// After the message is decrypted, call [`OpaqueMessage::into_plain_message()`] or -/// [`OpaqueMessage::into_tls13_unpadded_message()`] (depending on the -/// protocol version). +/// After the message is decrypted, call [`OpaqueMessage::into_plain_message()`] or borrow this +/// message and call [`BorrowedOpaqueMessage::into_tls13_unpadded_message`]. #[derive(Clone, Debug)] pub struct OpaqueMessage { pub typ: ContentType, @@ -154,28 +153,13 @@ impl OpaqueMessage { } } - /// For TLS1.3 (only), checks the length msg.payload is valid and removes the padding. - /// - /// Returns an error if the message (pre-unpadding) is too long, or the padding is invalid, - /// or the message (post-unpadding) is too long. - pub fn into_tls13_unpadded_message(mut self) -> Result { - let payload = &mut self.payload.0; - - if payload.len() > MAX_FRAGMENT_LEN + 1 { - return Err(Error::PeerSentOversizedRecord); - } - - self.typ = unpad_tls13(payload); - if self.typ == ContentType::Unknown(0) { - return Err(PeerMisbehaved::IllegalTlsInnerPlaintext.into()); - } - - if payload.len() > MAX_FRAGMENT_LEN { - return Err(Error::PeerSentOversizedRecord); + #[cfg(test)] + pub(crate) fn borrow(&mut self) -> BorrowedOpaqueMessage { + BorrowedOpaqueMessage { + typ: self.typ, + version: self.version, + payload: BorrowedPayload::new(self.payload_mut()), } - - self.version = ProtocolVersion::TLSv1_3; - Ok(self.into_plain_message()) } /// This is the maximum on-the-wire size of a TLSCiphertext. @@ -197,8 +181,42 @@ pub struct BorrowedOpaqueMessage<'a> { pub payload: BorrowedPayload<'a>, } -#[allow(dead_code)] impl<'a> BorrowedOpaqueMessage<'a> { + /// Force conversion into a plaintext message. + /// + /// See [`OpaqueMessage::into_plain_message`] for more information + pub fn into_plain_message(self) -> BorrowedPlainMessage<'a> { + BorrowedPlainMessage { + typ: self.typ, + version: self.version, + payload: self.payload.into_inner(), + } + } + + /// For TLS1.3 (only), checks the length msg.payload is valid and removes the padding. + /// + /// Returns an error if the message (pre-unpadding) is too long, or the padding is invalid, + /// or the message (post-unpadding) is too long. + pub fn into_tls13_unpadded_message(mut self) -> Result, Error> { + let payload = &mut self.payload; + + if payload.len() > MAX_FRAGMENT_LEN + 1 { + return Err(Error::PeerSentOversizedRecord); + } + + self.typ = unpad_tls13_payload(payload); + if self.typ == ContentType::Unknown(0) { + return Err(PeerMisbehaved::IllegalTlsInnerPlaintext.into()); + } + + if payload.len() > MAX_FRAGMENT_LEN { + return Err(Error::PeerSentOversizedRecord); + } + + self.version = ProtocolVersion::TLSv1_3; + Ok(self.into_plain_message()) + } + pub(crate) fn read(r: &mut ReaderMut<'a>) -> Result { let (typ, version, len) = r.as_reader(read_opaque_message_header)?; @@ -213,19 +231,6 @@ impl<'a> BorrowedOpaqueMessage<'a> { payload, }) } - - pub(crate) fn into_owned(self) -> OpaqueMessage { - let Self { - typ, - version, - payload, - } = self; - OpaqueMessage { - typ, - version, - payload: Payload::new(&*payload), - } - } } fn read_opaque_message_header( @@ -268,9 +273,9 @@ fn read_opaque_message_header( /// the content type, which is returned. See RFC8446 s5.2. /// /// ContentType(0) is returned if the message payload is empty or all zeroes. -fn unpad_tls13(v: &mut Vec) -> ContentType { +fn unpad_tls13_payload(p: &mut BorrowedPayload) -> ContentType { loop { - match v.pop() { + match p.pop() { Some(0) => {} Some(content_type) => return ContentType::from(content_type), None => return ContentType::Unknown(0), @@ -385,6 +390,7 @@ impl TryFrom for Message { /// /// This type also cannot decode its internals and /// cannot be read/encoded; only `OpaqueMessage` can do that. +#[derive(Debug)] pub struct BorrowedPlainMessage<'a> { pub typ: ContentType, pub version: ProtocolVersion, @@ -403,6 +409,19 @@ impl<'a> BorrowedPlainMessage<'a> { pub fn encoded_len(&self, record_layer: &RecordLayer) -> usize { OpaqueMessage::HEADER_SIZE as usize + record_layer.encrypted_len(self.payload.len()) } + + pub(crate) fn into_owned(self) -> PlainMessage { + let Self { + typ, + version, + payload, + } = self; + PlainMessage { + typ, + version, + payload: Payload::new(payload), + } + } } #[derive(Debug)] diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index 26160a8be5..7445b3ba82 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -1,6 +1,6 @@ use core::num::NonZeroU64; -use crate::crypto::cipher::{MessageDecrypter, MessageEncrypter}; +use crate::crypto::cipher::{BorrowedOpaqueMessage, MessageDecrypter, MessageEncrypter}; use crate::error::Error; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; @@ -62,12 +62,12 @@ impl RecordLayer { /// an error is returned. pub(crate) fn decrypt_incoming( &mut self, - encr: OpaqueMessage, + encr: BorrowedOpaqueMessage<'_>, ) -> Result, Error> { if self.decrypt_state != DirectionState::Active { return Ok(Some(Decrypted { want_close_before_decrypt: false, - plaintext: encr.into_plain_message(), + plaintext: encr.into_plain_message().into_owned(), })); } @@ -81,7 +81,7 @@ impl RecordLayer { // failure has already happened. let want_close_before_decrypt = self.read_seq == SEQ_SOFT_LIMIT; - let encrypted_len = encr.payload().len(); + let encrypted_len = encr.payload.len(); match self .message_decrypter .decrypt(encr, self.read_seq) @@ -93,7 +93,7 @@ impl RecordLayer { } Ok(Some(Decrypted { want_close_before_decrypt, - plaintext, + plaintext: plaintext.into_owned(), })) } Err(Error::DecryptError) if self.doing_trial_decryption(encrypted_len) => { @@ -255,7 +255,11 @@ mod tests { struct PassThroughDecrypter; impl MessageDecrypter for PassThroughDecrypter { - fn decrypt(&mut self, m: OpaqueMessage, _: u64) -> Result { + fn decrypt<'a>( + &mut self, + m: BorrowedOpaqueMessage<'a>, + _: u64, + ) -> Result, Error> { Ok(m.into_plain_message()) } } @@ -287,13 +291,13 @@ mod tests { // Decrypting a message should update the read_seq and track that we have now performed // a decryption. - let msg = OpaqueMessage::new( + let mut msg = OpaqueMessage::new( ContentType::Handshake, ProtocolVersion::TLSv1_2, vec![0xC0, 0xFF, 0xEE], ); record_layer - .decrypt_incoming(msg) + .decrypt_incoming(msg.borrow()) .unwrap(); assert!(matches!(record_layer.decrypt_state, DirectionState::Active)); assert_eq!(record_layer.read_seq, 1); From a4ddaa2b6d5b7c01dd9ce05f03d755b88c21d7e8 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Mon, 18 Dec 2023 11:49:07 -0500 Subject: [PATCH 0654/1145] switch Decrypted to BorrowedPlainMessage --- rustls/src/msgs/deframer.rs | 6 ++++-- rustls/src/record_layer.rs | 16 ++++++++-------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 0e3f526e88..5ede7a1564 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -154,19 +154,21 @@ impl MessageDeframer { // If it's not a handshake message, just return it -- no joining necessary. if msg.typ != ContentType::Handshake { + let message = msg.into_owned(); let end = start + rd.used(); buffer.queue_discard(end); return Ok(Some(Deframed { want_close_before_decrypt: false, aligned: true, trial_decryption_finished: false, - message: msg, + message, })); } // If we don't know the payload size yet or if the payload size is larger // than the currently buffered payload, we need to wait for more data. - match self.append_hs::<_, false>(msg.version, &msg.payload.0, end, buffer)? { + let payload = msg.payload.to_vec(); + match self.append_hs::<_, false>(msg.version, &payload, end, buffer)? { HandshakePayloadState::Blocked => return Ok(None), HandshakePayloadState::Complete(len) => break len, HandshakePayloadState::Continue => continue, diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index 7445b3ba82..5bc8893019 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -2,7 +2,7 @@ use core::num::NonZeroU64; use crate::crypto::cipher::{BorrowedOpaqueMessage, MessageDecrypter, MessageEncrypter}; use crate::error::Error; -use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage, PlainMessage}; +use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage}; #[cfg(feature = "logging")] use crate::log::trace; @@ -60,14 +60,14 @@ impl RecordLayer { /// `encr` is a decoded message allegedly received from the peer. /// If it can be decrypted, its decryption is returned. Otherwise, /// an error is returned. - pub(crate) fn decrypt_incoming( + pub(crate) fn decrypt_incoming<'a>( &mut self, - encr: BorrowedOpaqueMessage<'_>, - ) -> Result, Error> { + encr: BorrowedOpaqueMessage<'a>, + ) -> Result>, Error> { if self.decrypt_state != DirectionState::Active { return Ok(Some(Decrypted { want_close_before_decrypt: false, - plaintext: encr.into_plain_message().into_owned(), + plaintext: encr.into_plain_message(), })); } @@ -93,7 +93,7 @@ impl RecordLayer { } Ok(Some(Decrypted { want_close_before_decrypt, - plaintext: plaintext.into_owned(), + plaintext, })) } Err(Error::DecryptError) if self.doing_trial_decryption(encrypted_len) => { @@ -238,11 +238,11 @@ impl RecordLayer { /// Result of decryption. #[derive(Debug)] -pub(crate) struct Decrypted { +pub(crate) struct Decrypted<'a> { /// Whether the peer appears to be getting close to encrypting too many messages with this key. pub(crate) want_close_before_decrypt: bool, /// The decrypted message. - pub(crate) plaintext: PlainMessage, + pub(crate) plaintext: BorrowedPlainMessage<'a>, } #[cfg(test)] From a2d4e720c575b87f3204cace9ee317771352e12c Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Thu, 7 Dec 2023 14:57:17 -0500 Subject: [PATCH 0655/1145] simplify MessageDeframer tests with util functions Co-authored-by: Jorge Aparicio --- rustls/src/msgs/deframer.rs | 57 +++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 25 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 5ede7a1564..4700041d5b 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -588,6 +588,7 @@ const READ_SIZE: usize = 4096; mod tests { use std::io; + use crate::crypto::cipher::PlainMessage; use crate::msgs::message::Message; use super::*; @@ -704,7 +705,7 @@ mod tests { let mut rl = RecordLayer::new(); assert_eq!( - d.pop(&mut rl, None).unwrap_err(), + d.pop_error(&mut rl, None), Error::InvalidMessage(InvalidMessage::InvalidContentType) ); } @@ -719,7 +720,7 @@ mod tests { let mut rl = RecordLayer::new(); assert_eq!( - d.pop(&mut rl, None).unwrap_err(), + d.pop_error(&mut rl, None), Error::InvalidMessage(InvalidMessage::UnknownProtocolVersion) ); } @@ -734,7 +735,7 @@ mod tests { let mut rl = RecordLayer::new(); assert_eq!( - d.pop(&mut rl, None).unwrap_err(), + d.pop_error(&mut rl, None), Error::InvalidMessage(InvalidMessage::MessageTooLarge) ); } @@ -748,11 +749,7 @@ mod tests { ); let mut rl = RecordLayer::new(); - let m = d - .pop(&mut rl, None) - .unwrap() - .unwrap() - .message; + let m = d.pop_message(&mut rl, None); assert_eq!(m.typ, ContentType::ApplicationData); assert_eq!(m.payload.0.len(), 0); assert!(!d.has_pending()); @@ -769,12 +766,12 @@ mod tests { let mut rl = RecordLayer::new(); assert_eq!( - d.pop(&mut rl, None).unwrap_err(), + d.pop_error(&mut rl, None), Error::InvalidMessage(InvalidMessage::InvalidEmptyPayload) ); // CorruptMessage has been fused assert_eq!( - d.pop(&mut rl, None).unwrap_err(), + d.pop_error(&mut rl, None), Error::InvalidMessage(InvalidMessage::InvalidEmptyPayload) ); } @@ -819,21 +816,13 @@ mod tests { } fn pop_first(d: &mut BufferedDeframer, rl: &mut RecordLayer) { - let m = d - .pop(rl, None) - .unwrap() - .unwrap() - .message; + let m = d.pop_message(rl, None); assert_eq!(m.typ, ContentType::Handshake); Message::try_from(m).unwrap(); } fn pop_second(d: &mut BufferedDeframer, rl: &mut RecordLayer) { - let m = d - .pop(rl, None) - .unwrap() - .unwrap() - .message; + let m = d.pop_message(rl, None); assert_eq!(m.typ, ContentType::Alert); Message::try_from(m).unwrap(); } @@ -859,18 +848,36 @@ mod tests { self.read(&mut rd) } - fn pop( + fn pop_error( + &mut self, + record_layer: &mut RecordLayer, + negotiated_version: Option, + ) -> Error { + let mut deframer_buffer = self.buffer.borrow(); + let err = self + .inner + .pop(record_layer, negotiated_version, &mut deframer_buffer) + .unwrap_err(); + let discard = deframer_buffer.pending_discard(); + self.buffer.discard(discard); + err + } + + fn pop_message( &mut self, record_layer: &mut RecordLayer, negotiated_version: Option, - ) -> Result, Error> { + ) -> PlainMessage { let mut deframer_buffer = self.buffer.borrow(); - let res = self + let m = self .inner - .pop(record_layer, negotiated_version, &mut deframer_buffer); + .pop(record_layer, negotiated_version, &mut deframer_buffer) + .unwrap() + .unwrap() + .message; let discard = deframer_buffer.pending_discard(); self.buffer.discard(discard); - res + m } fn read(&mut self, rd: &mut dyn io::Read) -> io::Result { From 0d88ef5564853a6522fe2add02ec0947a038e93a Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Thu, 7 Dec 2023 15:09:39 -0500 Subject: [PATCH 0656/1145] add and use RawSlice to return slices from MessageDeframer::pop Co-authored-by: Jorge Aparicio --- rustls/src/conn.rs | 28 ++++++++-- rustls/src/msgs/deframer.rs | 102 +++++++++++++++++++++++++++++------- rustls/src/msgs/message.rs | 2 +- 3 files changed, 106 insertions(+), 26 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 4ab9de5b9a..c008edda67 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -734,20 +734,38 @@ impl ConnectionCore { } }; - let mut borrowed_buffer = deframer_buffer.borrow(); - while let Some(msg) = self.deframe(Some(&*state), &mut borrowed_buffer)? { + let mut discard = 0; + loop { + let mut borrowed_buffer = deframer_buffer.borrow(); + borrowed_buffer.queue_discard(discard); + + let res = self.deframe(Some(&*state), &mut borrowed_buffer); + discard = borrowed_buffer.pending_discard(); + + let opt_msg = match res { + Ok(opt_msg) => opt_msg, + Err(e) => { + self.state = Err(e.clone()); + deframer_buffer.discard(discard); + return Err(e); + } + }; + + let msg = match opt_msg { + Some(msg) => msg, + None => break, + }; + match self.process_msg(msg, state, Some(sendable_plaintext)) { Ok(new) => state = new, Err(e) => { self.state = Err(e.clone()); - let discard = borrowed_buffer.pending_discard(); deframer_buffer.discard(discard); return Err(e); } } } - let discard = borrowed_buffer.pending_discard(); deframer_buffer.discard(discard); self.state = Ok(state); Ok(self.common_state.current_io_state()) @@ -781,7 +799,7 @@ impl ConnectionCore { } self.common_state.aligned_handshake = aligned; - Ok(Some(message)) + Ok(Some(message.into_owned())) } Ok(None) => Ok(None), Err(err @ Error::InvalidMessage(_)) => { diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 4700041d5b..ab26f28e9b 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -3,9 +3,8 @@ use core::ops::Range; use core::slice::SliceIndex; use std::io; -use super::base::Payload; use super::codec::Codec; -use super::message::{BorrowedOpaqueMessage, PlainMessage}; +use super::message::{BorrowedOpaqueMessage, BorrowedPlainMessage}; use crate::enums::{ContentType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; use crate::msgs::codec; @@ -33,12 +32,12 @@ impl MessageDeframer { /// Returns an `Error` if the deframer failed to parse some message contents or if decryption /// failed, `Ok(None)` if no full message is buffered or if trial decryption failed, and /// `Ok(Some(_))` if a valid message was found and decrypted successfully. - pub fn pop( + pub fn pop<'b>( &mut self, record_layer: &mut RecordLayer, negotiated_version: Option, - buffer: &mut DeframerSliceBuffer, - ) -> Result, Error> { + buffer: &mut DeframerSliceBuffer<'b>, + ) -> Result>, Error> { if let Some(last_err) = self.last_error.clone() { return Err(last_err); } else if buffer.is_empty() { @@ -109,9 +108,19 @@ impl MessageDeframer { _ => false, }; if self.joining_hs.is_none() && allowed_plaintext { - let message = m.into_plain_message().into_owned(); + let BorrowedOpaqueMessage { + typ, + version, + payload, + } = m; + let raw_payload = RawSlice::from(&*payload); // This is unencrypted. We check the contents later. buffer.queue_discard(end); + let message = BorrowedPlainMessage { + typ, + version, + payload: buffer.take(raw_payload), + }; return Ok(Some(Deframed { want_close_before_decrypt: false, aligned: true, @@ -154,9 +163,19 @@ impl MessageDeframer { // If it's not a handshake message, just return it -- no joining necessary. if msg.typ != ContentType::Handshake { - let message = msg.into_owned(); + let BorrowedPlainMessage { + typ, + version, + payload, + } = msg; + let raw_payload = RawSlice::from(payload); let end = start + rd.used(); buffer.queue_discard(end); + let message = BorrowedPlainMessage { + typ, + version, + payload: buffer.take(raw_payload), + }; return Ok(Some(Deframed { want_close_before_decrypt: false, aligned: true, @@ -178,13 +197,11 @@ impl MessageDeframer { let meta = self.joining_hs.as_mut().unwrap(); // safe after calling `append_hs()` // We can now wrap the complete handshake payload in a `PlainMessage`, to be returned. - let message = PlainMessage { - typ: ContentType::Handshake, - version: meta.version, - payload: Payload::new( - buffer.filled_get(meta.payload.start..meta.payload.start + expected_len), - ), - }; + let typ = ContentType::Handshake; + let version = meta.version; + let raw_payload = RawSlice::from( + buffer.filled_get(meta.payload.start..meta.payload.start + expected_len), + ); // But before we return, update the `joining_hs` state to skip past this payload. if meta.payload.len() > expected_len { @@ -202,6 +219,12 @@ impl MessageDeframer { buffer.queue_discard(end); } + let message = BorrowedPlainMessage { + typ, + version, + payload: buffer.take(raw_payload), + }; + Ok(Some(Deframed { want_close_before_decrypt: false, aligned: self.joining_hs.is_none(), @@ -437,16 +460,22 @@ impl DeframerBuffer for DeframerVecBuffer { } /// A borrowed version of [`DeframerVecBuffer`] that tracks discard operations +#[derive(Debug)] pub struct DeframerSliceBuffer<'a> { // a fully initialized buffer that will be deframed buf: &'a mut [u8], // number of bytes to discard from the front of `buf` at a later time discard: usize, + taken: usize, } impl<'a> DeframerSliceBuffer<'a> { pub fn new(buf: &'a mut [u8]) -> Self { - Self { buf, discard: 0 } + Self { + buf, + discard: 0, + taken: 0, + } } /// Tracks a pending discard operation of `num_bytes` @@ -462,15 +491,33 @@ impl<'a> DeframerSliceBuffer<'a> { pub fn is_empty(&self) -> bool { self.len() == 0 } + + /// Remove a `RawSlice` range from the deframer buffer, returning a mutable reference to the + /// removed portion. + /// + /// Safety: the caller *must* ensure that the `RawSlice` refers to a range from the same + /// allocation as the deframer's buffer. + fn take(&mut self, raw: RawSlice) -> &'a mut [u8] { + let start = (raw.ptr as usize) + .checked_sub(self.buf.as_ptr() as usize) + .unwrap(); + let end = start + raw.len; + + let (taken, rest) = core::mem::take(&mut self.buf).split_at_mut(end); + self.buf = rest; + self.taken += end; + + &mut taken[start..] + } } impl FilledDeframerBuffer for DeframerSliceBuffer<'_> { fn filled_mut(&mut self) -> &mut [u8] { - &mut self.buf[self.discard..] + &mut self.buf[self.discard - self.taken..] } fn filled(&self) -> &[u8] { - &self.buf[self.discard..] + &self.buf[self.discard - self.taken..] } } @@ -480,6 +527,20 @@ impl DeframerBuffer for DeframerSliceBuffer<'_> { } } +pub(crate) struct RawSlice { + ptr: *const u8, + len: usize, +} + +impl From<&'_ [u8]> for RawSlice { + fn from(value: &'_ [u8]) -> Self { + Self { + ptr: value.as_ptr(), + len: value.len(), + } + } +} + trait DeframerBuffer: FilledDeframerBuffer { /// Copies from the `src` buffer into this buffer at the requested index /// @@ -568,11 +629,11 @@ fn payload_size(buf: &[u8]) -> Result, Error> { } #[derive(Debug)] -pub struct Deframed { +pub struct Deframed<'a> { pub(crate) want_close_before_decrypt: bool, pub(crate) aligned: bool, pub(crate) trial_decryption_finished: bool, - pub message: PlainMessage, + pub message: BorrowedPlainMessage<'a>, } const HEADER_SIZE: usize = 1 + 3; @@ -874,7 +935,8 @@ mod tests { .pop(record_layer, negotiated_version, &mut deframer_buffer) .unwrap() .unwrap() - .message; + .message + .into_owned(); let discard = deframer_buffer.pending_discard(); self.buffer.discard(discard); m diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index 1b7cf2503b..d126abfa8e 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -410,7 +410,7 @@ impl<'a> BorrowedPlainMessage<'a> { OpaqueMessage::HEADER_SIZE as usize + record_layer.encrypted_len(self.payload.len()) } - pub(crate) fn into_owned(self) -> PlainMessage { + pub fn into_owned(self) -> PlainMessage { let Self { typ, version, From 4e214a091ce8213fd6ecc2a470372bae49e9f0e0 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Fri, 8 Dec 2023 12:23:58 -0500 Subject: [PATCH 0657/1145] add copy_within logic to DeframerBuffer::copy Co-authored-by: Jorge Aparicio --- rustls/src/msgs/deframer.rs | 107 +++++++++++++++++++++++++++--------- 1 file changed, 80 insertions(+), 27 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index ab26f28e9b..4daa2aeec9 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -186,8 +186,10 @@ impl MessageDeframer { // If we don't know the payload size yet or if the payload size is larger // than the currently buffered payload, we need to wait for more data. - let payload = msg.payload.to_vec(); - match self.append_hs::<_, false>(msg.version, &payload, end, buffer)? { + let raw = RawSlice::from(msg.payload); + let version = msg.version; + let src = buffer.raw_slice_to_filled_range(raw); + match self.append_hs(version, InternalPayload(src), end, buffer)? { HandshakePayloadState::Blocked => return Ok(None), HandshakePayloadState::Complete(len) => break len, HandshakePayloadState::Continue => continue, @@ -258,28 +260,28 @@ impl MessageDeframer { } let end = buffer.len() + payload.len(); - self.append_hs::<_, true>(version, payload, end, buffer)?; + self.append_hs(version, ExternalPayload(payload), end, buffer)?; Ok(()) } /// Write the handshake message contents into the buffer and update the metadata. /// /// Returns true if a complete message is found. - fn append_hs, const QUIC: bool>( + fn append_hs<'a, P: AppendPayload<'a>, B: DeframerBuffer<'a, P>>( &mut self, version: ProtocolVersion, - payload: &[u8], + payload: P, end: usize, - buffer: &mut T, + buffer: &mut B, ) -> Result { let meta = match &mut self.joining_hs { Some(meta) => { - debug_assert_eq!(meta.quic, QUIC); + debug_assert_eq!(meta.quic, P::QUIC); // We're joining a handshake message to the previous one here. // Write it into the buffer and update the metadata. - DeframerBuffer::::copy(buffer, payload, meta.payload.end); + buffer.copy(&payload, meta.payload.end); meta.message.end = end; meta.payload.end += payload.len(); @@ -295,8 +297,8 @@ impl MessageDeframer { // We've found a new handshake message here. // Write it into the buffer and create the metadata. - let expected_len = payload_size(payload)?; - DeframerBuffer::::copy(buffer, payload, 0); + let expected_len = payload.size(buffer)?; + buffer.copy(&payload, 0); self.joining_hs .insert(HandshakePayloadMeta { message: Range { start: 0, end }, @@ -306,7 +308,7 @@ impl MessageDeframer { }, version, expected_len, - quic: QUIC, + quic: P::QUIC, }) } }; @@ -341,6 +343,48 @@ impl MessageDeframer { } } +trait AppendPayload<'a>: Sized { + const QUIC: bool; + + fn len(&self) -> usize; + + fn size>( + &self, + internal_buffer: &B, + ) -> Result, Error>; +} + +struct ExternalPayload<'a>(&'a [u8]); + +impl<'a> AppendPayload<'a> for ExternalPayload<'a> { + const QUIC: bool = true; + + fn len(&self) -> usize { + self.0.len() + } + + fn size>(&self, _: &B) -> Result, Error> { + payload_size(self.0) + } +} + +struct InternalPayload(Range); + +impl<'a> AppendPayload<'a> for InternalPayload { + const QUIC: bool = false; + + fn len(&self) -> usize { + self.0.end - self.0.start + } + + fn size>( + &self, + internal_buffer: &B, + ) -> Result, Error> { + payload_size(internal_buffer.filled_get(self.0.clone())) + } +} + #[derive(Default, Debug)] pub struct DeframerVecBuffer { /// Buffer of data read from the socket, in the process of being parsed into messages. @@ -446,16 +490,17 @@ impl FilledDeframerBuffer for DeframerVecBuffer { } } -impl DeframerBuffer for DeframerVecBuffer { - fn copy(&mut self, src: &[u8], at: usize) { - copy_into_buffer(self.unfilled(), src, at); - self.advance(src.len()); +impl DeframerBuffer<'_, InternalPayload> for DeframerVecBuffer { + fn copy(&mut self, payload: &InternalPayload, at: usize) { + self.borrow().copy(payload, at) } } -impl DeframerBuffer for DeframerVecBuffer { - fn copy(&mut self, src: &[u8], at: usize) { - self.borrow().copy(src, at) +impl<'a> DeframerBuffer<'a, ExternalPayload<'a>> for DeframerVecBuffer { + fn copy(&mut self, payload: &ExternalPayload<'a>, at: usize) { + let len = payload.len(); + self.unfilled()[at..at + len].copy_from_slice(payload.0); + self.advance(len); } } @@ -509,6 +554,17 @@ impl<'a> DeframerSliceBuffer<'a> { &mut taken[start..] } + + /// Converts a raw slice to a filled range based on the offset and length. + /// + /// Safety: the caller *must* ensure that the `RawSlice` refers to a range from the same + /// allocation as the deframer's buffer. + fn raw_slice_to_filled_range(&self, raw: RawSlice) -> Range { + let adjust = self.discard - self.taken; + let start = ((raw.ptr as usize).checked_sub(self.buf.as_ptr() as usize)).unwrap() - adjust; + let end = start + raw.len; + start..end + } } impl FilledDeframerBuffer for DeframerSliceBuffer<'_> { @@ -521,9 +577,10 @@ impl FilledDeframerBuffer for DeframerSliceBuffer<'_> { } } -impl DeframerBuffer for DeframerSliceBuffer<'_> { - fn copy(&mut self, src: &[u8], at: usize) { - copy_into_buffer(self.filled_mut(), src, at) +impl DeframerBuffer<'_, InternalPayload> for DeframerSliceBuffer<'_> { + fn copy(&mut self, payload: &InternalPayload, at: usize) { + let buf = self.filled_mut(); + buf.copy_within(payload.0.clone(), at) } } @@ -541,17 +598,13 @@ impl From<&'_ [u8]> for RawSlice { } } -trait DeframerBuffer: FilledDeframerBuffer { +trait DeframerBuffer<'a, P: AppendPayload<'a>>: FilledDeframerBuffer { /// Copies from the `src` buffer into this buffer at the requested index /// /// If `QUIC` is true the data will be copied into the *un*filled section of the buffer /// /// If `QUIC` is false the data will be copied into the filled section of the buffer - fn copy(&mut self, src: &[u8], at: usize); -} - -fn copy_into_buffer(buf: &mut [u8], src: &[u8], at: usize) { - buf[at..at + src.len()].copy_from_slice(src); + fn copy(&mut self, payload: &P, at: usize); } trait FilledDeframerBuffer { From d2b95ae772744346a513eb11c47f97aafc2e394c Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Fri, 8 Dec 2023 12:31:16 -0500 Subject: [PATCH 0658/1145] prepare Codec for non-allocating decoding Co-authored-by: Jorge Aparicio --- fuzz/fuzzers/persist.rs | 2 +- rustls/src/msgs/alert.rs | 2 +- rustls/src/msgs/base.rs | 10 ++--- rustls/src/msgs/ccs.rs | 2 +- rustls/src/msgs/codec.rs | 20 +++++----- rustls/src/msgs/enums.rs | 8 ++-- rustls/src/msgs/handshake.rs | 72 ++++++++++++++++++------------------ rustls/src/msgs/macros.rs | 4 +- rustls/src/msgs/persist.rs | 2 +- rustls/src/tls12/mod.rs | 4 +- rustls/src/verify.rs | 2 +- 11 files changed, 64 insertions(+), 64 deletions(-) diff --git a/fuzz/fuzzers/persist.rs b/fuzz/fuzzers/persist.rs index 52c5872d93..6d17727f9b 100644 --- a/fuzz/fuzzers/persist.rs +++ b/fuzz/fuzzers/persist.rs @@ -8,7 +8,7 @@ use rustls::internal::msgs::persist; fn try_type(data: &[u8]) where - T: Codec, + T: for<'a> Codec<'a>, { let mut rdr = Reader::init(data); diff --git a/rustls/src/msgs/alert.rs b/rustls/src/msgs/alert.rs index a45c0d68f1..c4a78bfe8f 100644 --- a/rustls/src/msgs/alert.rs +++ b/rustls/src/msgs/alert.rs @@ -11,7 +11,7 @@ pub struct AlertMessagePayload { pub description: AlertDescription, } -impl Codec for AlertMessagePayload { +impl Codec<'_> for AlertMessagePayload { fn encode(&self, bytes: &mut Vec) { self.level.encode(bytes); self.description.encode(bytes); diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index 60b51a0d59..2f0f20a764 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -15,7 +15,7 @@ use super::codec::ReaderMut; #[derive(Clone, Eq, PartialEq)] pub struct Payload(pub Vec); -impl Codec for Payload { +impl Codec<'_> for Payload { fn encode(&self, bytes: &mut Vec) { bytes.extend_from_slice(&self.0); } @@ -92,7 +92,7 @@ impl<'a> BorrowedPayload<'a> { } } -impl<'a> Codec for CertificateDer<'a> { +impl<'a> Codec<'_> for CertificateDer<'a> { fn encode(&self, bytes: &mut Vec) { codec::u24(self.as_ref().len() as u32).encode(bytes); bytes.extend(self.as_ref()); @@ -122,7 +122,7 @@ impl PayloadU24 { } } -impl Codec for PayloadU24 { +impl Codec<'_> for PayloadU24 { fn encode(&self, bytes: &mut Vec) { codec::u24(self.0.len() as u32).encode(bytes); bytes.extend_from_slice(&self.0); @@ -161,7 +161,7 @@ impl PayloadU16 { } } -impl Codec for PayloadU16 { +impl Codec<'_> for PayloadU16 { fn encode(&self, bytes: &mut Vec) { Self::encode_slice(&self.0, bytes); } @@ -199,7 +199,7 @@ impl PayloadU8 { } } -impl Codec for PayloadU8 { +impl Codec<'_> for PayloadU8 { fn encode(&self, bytes: &mut Vec) { (self.0.len() as u8).encode(bytes); bytes.extend_from_slice(&self.0); diff --git a/rustls/src/msgs/ccs.rs b/rustls/src/msgs/ccs.rs index 15a2f50a83..d0bdd17470 100644 --- a/rustls/src/msgs/ccs.rs +++ b/rustls/src/msgs/ccs.rs @@ -6,7 +6,7 @@ use crate::msgs::codec::{Codec, Reader}; #[derive(Debug)] pub struct ChangeCipherSpecPayload; -impl Codec for ChangeCipherSpecPayload { +impl Codec<'_> for ChangeCipherSpecPayload { fn encode(&self, bytes: &mut Vec) { 1u8.encode(bytes); } diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index 43ba49d0d4..ba00e1d5e8 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -148,7 +148,7 @@ impl<'a> ReaderMut<'a> { /// Trait for implementing encoding and decoding functionality /// on something. -pub trait Codec: Debug + Sized { +pub trait Codec<'a>: Debug + Sized { /// Function for encoding itself by appending itself to /// the provided vec of bytes. fn encode(&self, bytes: &mut Vec); @@ -156,7 +156,7 @@ pub trait Codec: Debug + Sized { /// Function for decoding itself from the provided reader /// will return Some if the decoding was successful or /// None if it was not. - fn read(_: &mut Reader) -> Result; + fn read(_: &mut Reader<'a>) -> Result; /// Convenience function for encoding the implementation /// into a vec and returning it @@ -168,13 +168,13 @@ pub trait Codec: Debug + Sized { /// Function for wrapping a call to the read function in /// a Reader for the slice of bytes provided - fn read_bytes(bytes: &[u8]) -> Result { + fn read_bytes(bytes: &'a [u8]) -> Result { let mut reader = Reader::init(bytes); Self::read(&mut reader) } } -impl Codec for u8 { +impl Codec<'_> for u8 { fn encode(&self, bytes: &mut Vec) { bytes.push(*self); } @@ -192,7 +192,7 @@ pub(crate) fn put_u16(v: u16, out: &mut [u8]) { *out = u16::to_be_bytes(v); } -impl Codec for u16 { +impl Codec<'_> for u16 { fn encode(&self, bytes: &mut Vec) { let mut b16 = [0u8; 2]; put_u16(*self, &mut b16); @@ -220,7 +220,7 @@ impl From for usize { } } -impl Codec for u24 { +impl Codec<'_> for u24 { fn encode(&self, bytes: &mut Vec) { let be_bytes = u32::to_be_bytes(self.0); bytes.extend_from_slice(&be_bytes[1..]); @@ -234,7 +234,7 @@ impl Codec for u24 { } } -impl Codec for u32 { +impl Codec<'_> for u32 { fn encode(&self, bytes: &mut Vec) { bytes.extend(Self::to_be_bytes(*self)); } @@ -252,7 +252,7 @@ pub(crate) fn put_u64(v: u64, bytes: &mut [u8]) { *bytes = u64::to_be_bytes(v); } -impl Codec for u64 { +impl Codec<'_> for u64 { fn encode(&self, bytes: &mut Vec) { let mut b64 = [0u8; 8]; put_u64(*self, &mut b64); @@ -270,7 +270,7 @@ impl Codec for u64 { /// Implement `Codec` for lists of elements that implement `TlsListElement`. /// /// `TlsListElement` provides the size of the length prefix for the list. -impl Codec for Vec { +impl<'a, T: Codec<'a> + TlsListElement + Debug> Codec<'a> for Vec { fn encode(&self, bytes: &mut Vec) { let nest = LengthPrefixedBuffer::new(T::SIZE_LEN, bytes); @@ -279,7 +279,7 @@ impl Codec for Vec { } } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'a>) -> Result { let len = match T::SIZE_LEN { ListLength::U8 => usize::from(u8::read(r)?), ListLength::U16 => usize::from(u16::read(r)?), diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 53835c7594..f380b50191 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -384,7 +384,7 @@ pub(crate) mod tests { ); } - pub(crate) fn test_enum8(first: T, last: T) { + pub(crate) fn test_enum8 Codec<'a>>(first: T, last: T) { let first_v = get8(&first); let last_v = get8(&last); @@ -398,7 +398,7 @@ pub(crate) mod tests { } } - pub(crate) fn test_enum16(first: T, last: T) { + pub(crate) fn test_enum16 Codec<'a>>(first: T, last: T) { let first_v = get16(&first); let last_v = get16(&last); @@ -412,13 +412,13 @@ pub(crate) mod tests { } } - fn get8(enum_value: &T) -> u8 { + fn get8 Codec<'a>>(enum_value: &T) -> u8 { let enc = enum_value.get_encoding(); assert_eq!(enc.len(), 1); enc[0] } - fn get16(enum_value: &T) -> u16 { + fn get16 Codec<'a>>(enum_value: &T) -> u16 { let enc = enum_value.get_encoding(); assert_eq!(enc.len(), 2); (enc[0] as u16 >> 8) | (enc[1] as u16) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index a61227cf36..9fedcbb080 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -51,7 +51,7 @@ macro_rules! wrapped_payload( } } - impl Codec for $name { + impl Codec<'_> for $name { fn encode(&self, bytes: &mut Vec) { self.0.encode(bytes); } @@ -79,7 +79,7 @@ static HELLO_RETRY_REQUEST_RANDOM: Random = Random([ static ZERO_RANDOM: Random = Random([0u8; 32]); -impl Codec for Random { +impl Codec<'_> for Random { fn encode(&self, bytes: &mut Vec) { bytes.extend_from_slice(&self.0); } @@ -138,7 +138,7 @@ impl PartialEq for SessionId { } } -impl Codec for SessionId { +impl Codec<'_> for SessionId { fn encode(&self, bytes: &mut Vec) { debug_assert!(self.len <= 32); bytes.push(self.len as u8); @@ -254,7 +254,7 @@ pub struct ServerName { pub(crate) payload: ServerNamePayload, } -impl Codec for ServerName { +impl Codec<'_> for ServerName { fn encode(&self, bytes: &mut Vec) { self.typ.encode(bytes); self.payload.encode(bytes); @@ -368,7 +368,7 @@ impl KeyShareEntry { } } -impl Codec for KeyShareEntry { +impl Codec<'_> for KeyShareEntry { fn encode(&self, bytes: &mut Vec) { self.group.encode(bytes); self.payload.encode(bytes); @@ -398,7 +398,7 @@ impl PresharedKeyIdentity { } } -impl Codec for PresharedKeyIdentity { +impl Codec<'_> for PresharedKeyIdentity { fn encode(&self, bytes: &mut Vec) { self.identity.encode(bytes); self.obfuscated_ticket_age.encode(bytes); @@ -438,7 +438,7 @@ impl PresharedKeyOffer { } } -impl Codec for PresharedKeyOffer { +impl Codec<'_> for PresharedKeyOffer { fn encode(&self, bytes: &mut Vec) { self.identities.encode(bytes); self.binders.encode(bytes); @@ -465,7 +465,7 @@ pub struct OcspCertificateStatusRequest { pub(crate) extensions: PayloadU16, } -impl Codec for OcspCertificateStatusRequest { +impl Codec<'_> for OcspCertificateStatusRequest { fn encode(&self, bytes: &mut Vec) { CertificateStatusType::OCSP.encode(bytes); self.responder_ids.encode(bytes); @@ -486,7 +486,7 @@ pub enum CertificateStatusRequest { Unknown((CertificateStatusType, Payload)), } -impl Codec for CertificateStatusRequest { +impl Codec<'_> for CertificateStatusRequest { fn encode(&self, bytes: &mut Vec) { match self { Self::Ocsp(ref r) => r.encode(bytes), @@ -582,7 +582,7 @@ impl ClientExtension { } } -impl Codec for ClientExtension { +impl Codec<'_> for ClientExtension { fn encode(&self, bytes: &mut Vec) { self.ext_type().encode(bytes); @@ -726,7 +726,7 @@ impl ServerExtension { } } -impl Codec for ServerExtension { +impl Codec<'_> for ServerExtension { fn encode(&self, bytes: &mut Vec) { self.ext_type().encode(bytes); @@ -803,7 +803,7 @@ pub struct ClientHelloPayload { pub extensions: Vec, } -impl Codec for ClientHelloPayload { +impl Codec<'_> for ClientHelloPayload { fn encode(&self, bytes: &mut Vec) { self.client_version.encode(bytes); self.random.encode(bytes); @@ -1029,7 +1029,7 @@ impl HelloRetryExtension { } } -impl Codec for HelloRetryExtension { +impl Codec<'_> for HelloRetryExtension { fn encode(&self, bytes: &mut Vec) { self.ext_type().encode(bytes); @@ -1073,7 +1073,7 @@ pub struct HelloRetryRequest { pub(crate) extensions: Vec, } -impl Codec for HelloRetryRequest { +impl Codec<'_> for HelloRetryRequest { fn encode(&self, bytes: &mut Vec) { self.legacy_version.encode(bytes); HELLO_RETRY_REQUEST_RANDOM.encode(bytes); @@ -1168,7 +1168,7 @@ pub struct ServerHelloPayload { pub(crate) extensions: Vec, } -impl Codec for ServerHelloPayload { +impl Codec<'_> for ServerHelloPayload { fn encode(&self, bytes: &mut Vec) { self.legacy_version.encode(bytes); self.random.encode(bytes); @@ -1257,7 +1257,7 @@ impl ServerHelloPayload { #[derive(Clone, Default, Debug)] pub struct CertificateChain(pub Vec>); -impl Codec for CertificateChain { +impl Codec<'_> for CertificateChain { fn encode(&self, bytes: &mut Vec) { Vec::encode(&self.0, bytes) } @@ -1305,7 +1305,7 @@ impl CertificateExtension { } } -impl Codec for CertificateExtension { +impl Codec<'_> for CertificateExtension { fn encode(&self, bytes: &mut Vec) { self.ext_type().encode(bytes); @@ -1344,7 +1344,7 @@ pub(crate) struct CertificateEntry { pub(crate) exts: Vec, } -impl Codec for CertificateEntry { +impl Codec<'_> for CertificateEntry { fn encode(&self, bytes: &mut Vec) { self.cert.encode(bytes); self.exts.encode(bytes); @@ -1405,7 +1405,7 @@ pub struct CertificatePayloadTls13 { pub(crate) entries: Vec, } -impl Codec for CertificatePayloadTls13 { +impl Codec<'_> for CertificatePayloadTls13 { fn encode(&self, bytes: &mut Vec) { self.context.encode(bytes); self.entries.encode(bytes); @@ -1492,7 +1492,7 @@ pub(crate) struct EcParameters { pub(crate) named_group: NamedGroup, } -impl Codec for EcParameters { +impl Codec<'_> for EcParameters { fn encode(&self, bytes: &mut Vec) { self.curve_type.encode(bytes); self.named_group.encode(bytes); @@ -1518,7 +1518,7 @@ pub(crate) struct ClientEcdhParams { pub(crate) public: PayloadU8, } -impl Codec for ClientEcdhParams { +impl Codec<'_> for ClientEcdhParams { fn encode(&self, bytes: &mut Vec) { self.public.encode(bytes); } @@ -1548,7 +1548,7 @@ impl ServerEcdhParams { } } -impl Codec for ServerEcdhParams { +impl Codec<'_> for ServerEcdhParams { fn encode(&self, bytes: &mut Vec) { self.curve_params.encode(bytes); self.public.encode(bytes); @@ -1571,7 +1571,7 @@ pub struct EcdheServerKeyExchange { pub(crate) dss: DigitallySignedStruct, } -impl Codec for EcdheServerKeyExchange { +impl Codec<'_> for EcdheServerKeyExchange { fn encode(&self, bytes: &mut Vec) { self.params.encode(bytes); self.dss.encode(bytes); @@ -1591,7 +1591,7 @@ pub enum ServerKeyExchangePayload { Unknown(Payload), } -impl Codec for ServerKeyExchangePayload { +impl Codec<'_> for ServerKeyExchangePayload { fn encode(&self, bytes: &mut Vec) { match *self { Self::Ecdhe(ref x) => x.encode(bytes), @@ -1737,7 +1737,7 @@ pub struct CertificateRequestPayload { pub(crate) canames: Vec, } -impl Codec for CertificateRequestPayload { +impl Codec<'_> for CertificateRequestPayload { fn encode(&self, bytes: &mut Vec) { self.certtypes.encode(bytes); self.sigschemes.encode(bytes); @@ -1779,7 +1779,7 @@ impl CertReqExtension { } } -impl Codec for CertReqExtension { +impl Codec<'_> for CertReqExtension { fn encode(&self, bytes: &mut Vec) { self.ext_type().encode(bytes); @@ -1826,7 +1826,7 @@ pub struct CertificateRequestPayloadTls13 { pub(crate) extensions: Vec, } -impl Codec for CertificateRequestPayloadTls13 { +impl Codec<'_> for CertificateRequestPayloadTls13 { fn encode(&self, bytes: &mut Vec) { self.context.encode(bytes); self.extensions.encode(bytes); @@ -1884,7 +1884,7 @@ impl NewSessionTicketPayload { } } -impl Codec for NewSessionTicketPayload { +impl Codec<'_> for NewSessionTicketPayload { fn encode(&self, bytes: &mut Vec) { self.lifetime_hint.encode(bytes); self.ticket.encode(bytes); @@ -1917,7 +1917,7 @@ impl NewSessionTicketExtension { } } -impl Codec for NewSessionTicketExtension { +impl Codec<'_> for NewSessionTicketExtension { fn encode(&self, bytes: &mut Vec) { self.ext_type().encode(bytes); @@ -1997,7 +1997,7 @@ impl NewSessionTicketPayloadTls13 { } } -impl Codec for NewSessionTicketPayloadTls13 { +impl Codec<'_> for NewSessionTicketPayloadTls13 { fn encode(&self, bytes: &mut Vec) { self.lifetime.encode(bytes); self.age_add.encode(bytes); @@ -2031,7 +2031,7 @@ pub struct CertificateStatus { pub(crate) ocsp_response: PayloadU24, } -impl Codec for CertificateStatus { +impl Codec<'_> for CertificateStatus { fn encode(&self, bytes: &mut Vec) { CertificateStatusType::OCSP.encode(bytes); self.ocsp_response.encode(bytes); @@ -2120,7 +2120,7 @@ pub struct HandshakeMessagePayload { pub payload: HandshakePayload, } -impl Codec for HandshakeMessagePayload { +impl Codec<'_> for HandshakeMessagePayload { fn encode(&self, bytes: &mut Vec) { // output type, length, and encoded payload match self.typ { @@ -2277,7 +2277,7 @@ pub struct HpkeSymmetricCipherSuite { pub aead_id: HpkeAead, } -impl Codec for HpkeSymmetricCipherSuite { +impl Codec<'_> for HpkeSymmetricCipherSuite { fn encode(&self, bytes: &mut Vec) { self.kdf_id.encode(bytes); self.aead_id.encode(bytes); @@ -2303,7 +2303,7 @@ pub struct HpkeKeyConfig { pub symmetric_cipher_suites: Vec, } -impl Codec for HpkeKeyConfig { +impl Codec<'_> for HpkeKeyConfig { fn encode(&self, bytes: &mut Vec) { self.config_id.encode(bytes); self.kem_id.encode(bytes); @@ -2330,7 +2330,7 @@ pub struct EchConfigContents { pub extensions: PayloadU16, } -impl Codec for EchConfigContents { +impl Codec<'_> for EchConfigContents { fn encode(&self, bytes: &mut Vec) { self.key_config.encode(bytes); self.maximum_name_length.encode(bytes); @@ -2359,7 +2359,7 @@ pub struct EchConfig { pub contents: EchConfigContents, } -impl Codec for EchConfig { +impl Codec<'_> for EchConfig { fn encode(&self, bytes: &mut Vec) { self.version.encode(bytes); let mut contents = Vec::with_capacity(128); diff --git a/rustls/src/msgs/macros.rs b/rustls/src/msgs/macros.rs index 51572a86ea..cf0eec5de6 100644 --- a/rustls/src/msgs/macros.rs +++ b/rustls/src/msgs/macros.rs @@ -22,7 +22,7 @@ macro_rules! enum_builder { } } } - impl Codec for $enum_name { + impl Codec<'_> for $enum_name { // NOTE(allow) fully qualified Vec is only needed in no-std mode #[allow(unused_qualifications)] fn encode(&self, bytes: &mut alloc::vec::Vec) { @@ -75,7 +75,7 @@ macro_rules! enum_builder { } } } - impl Codec for $enum_name { + impl Codec<'_> for $enum_name { // NOTE(allow) fully qualified Vec is only needed in no-std mode #[allow(unused_qualifications)] fn encode(&self, bytes: &mut alloc::vec::Vec) { diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index c670473556..49e9a2e4d7 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -264,7 +264,7 @@ pub struct ServerSessionValue { freshness: Option, } -impl Codec for ServerSessionValue { +impl Codec<'_> for ServerSessionValue { fn encode(&self, bytes: &mut Vec) { if let Some(ref sni) = self.sni { 1u8.encode(bytes); diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 23dbcb345c..ceb746ced1 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -313,9 +313,9 @@ fn join_randoms(first: &[u8; 32], second: &[u8; 32]) -> [u8; 64] { type MessageCipherPair = (Box, Box); -pub(crate) fn decode_ecdh_params( +pub(crate) fn decode_ecdh_params<'a, T: Codec<'a>>( common: &mut CommonState, - kx_params: &[u8], + kx_params: &'a [u8], ) -> Result { let mut rd = Reader::init(kx_params); let ecdh_params = T::read(&mut rd)?; diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index be2637626c..0a63d284d3 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -321,7 +321,7 @@ impl DigitallySignedStruct { } } -impl Codec for DigitallySignedStruct { +impl Codec<'_> for DigitallySignedStruct { fn encode(&self, bytes: &mut Vec) { self.scheme.encode(bytes); self.sig.encode(bytes); From d8abdb3e0a752399001995f880ee390838188b0f Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Fri, 8 Dec 2023 14:24:15 -0500 Subject: [PATCH 0659/1145] add a Borrowed variant to Payload Co-authored-by: Jorge Aparicio --- fuzz/fuzzers/fragment.rs | 2 +- rustls/src/client/tls12.rs | 18 +++++++-------- rustls/src/client/tls13.rs | 3 ++- rustls/src/common_state.rs | 3 ++- rustls/src/conn.rs | 2 +- rustls/src/hash_hs.rs | 4 ++-- rustls/src/msgs/base.rs | 38 +++++++++++++++++++++++-------- rustls/src/msgs/deframer.rs | 2 +- rustls/src/msgs/fragmenter.rs | 2 +- rustls/src/msgs/handshake.rs | 20 ++++++++-------- rustls/src/msgs/handshake_test.rs | 36 ++++++++++++++--------------- rustls/src/msgs/message.rs | 29 ++++++++++++----------- rustls/src/msgs/message_test.rs | 2 +- rustls/src/server/server_conn.rs | 4 ++-- rustls/src/server/tls12.rs | 25 +++++++++++--------- rustls/src/server/tls13.rs | 7 +++--- 16 files changed, 112 insertions(+), 85 deletions(-) diff --git a/fuzz/fuzzers/fragment.rs b/fuzz/fuzzers/fragment.rs index e7d9f7bf67..e78cb42659 100644 --- a/fuzz/fuzzers/fragment.rs +++ b/fuzz/fuzzers/fragment.rs @@ -27,7 +27,7 @@ fuzz_target!(|data: &[u8]| { Message::try_from(PlainMessage { typ: msg.typ, version: msg.version, - payload: Payload(msg.payload.to_vec()), + payload: Payload::Owned(msg.payload.to_vec()), }) .ok(); } diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 762af22caa..2f5478baba 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -1009,15 +1009,15 @@ impl State for ExpectFinished { // Constant-time verification of this is relatively unimportant: they only // get one chance. But it can't hurt. - let _fin_verified = match ConstantTimeEq::ct_eq(&expect_verify_data[..], &finished.0).into() - { - true => verify::FinishedMessageVerified::assertion(), - false => { - return Err(cx - .common - .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError)); - } - }; + let _fin_verified = + match ConstantTimeEq::ct_eq(&expect_verify_data[..], finished.bytes()).into() { + true => verify::FinishedMessageVerified::assertion(), + false => { + return Err(cx + .common + .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError)); + } + }; // Hash this message too. st.transcript.add_message(&m); diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 3bf866dec2..5e581f23a4 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -827,7 +827,8 @@ impl State for ExpectFinished { .key_schedule .sign_server_finish(&handshake_hash); - let fin = match ConstantTimeEq::ct_eq(expect_verify_data.as_ref(), &finished.0).into() { + let fin = match ConstantTimeEq::ct_eq(expect_verify_data.as_ref(), finished.bytes()).into() + { true => verify::FinishedMessageVerified::assertion(), false => { return Err(cx diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index e3025934ae..c862354118 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -428,7 +428,8 @@ impl CommonState { } pub(crate) fn take_received_plaintext(&mut self, bytes: Payload) { - self.received_plaintext.append(bytes.0); + self.received_plaintext + .append(bytes.into_vec()); } #[cfg(feature = "tls12")] diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index c008edda67..d2e95633bd 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -340,7 +340,7 @@ fn is_valid_ccs(msg: &PlainMessage) -> bool { // We passthrough ChangeCipherSpec messages in the deframer without decrypting them. // Note: this is prior to the record layer, so is unencrypted. See // third paragraph of section 5 in RFC8446. - msg.typ == ContentType::ChangeCipherSpec && msg.payload.0 == [0x01] + msg.typ == ContentType::ChangeCipherSpec && msg.payload.bytes() == [0x01] } /// Interface shared by client and server connections. diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index d7d5dcb26a..56ef04bce8 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -36,7 +36,7 @@ impl HandshakeHashBuffer { pub(crate) fn add_message(&mut self, m: &Message) { if let MessagePayload::Handshake { encoded, .. } = &m.payload { self.buffer - .extend_from_slice(&encoded.0); + .extend_from_slice(encoded.bytes()); } } @@ -98,7 +98,7 @@ impl HandshakeHash { /// Hash/buffer a handshake message. pub(crate) fn add_message(&mut self, m: &Message) -> &mut Self { if let MessagePayload::Handshake { encoded, .. } = &m.payload { - self.update_raw(&encoded.0); + self.update_raw(encoded.bytes()); } self } diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index 2f0f20a764..fa016cf479 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -13,29 +13,47 @@ use super::codec::ReaderMut; /// An externally length'd payload #[derive(Clone, Eq, PartialEq)] -pub struct Payload(pub Vec); +pub enum Payload<'a> { + Borrowed(&'a [u8]), + Owned(Vec), +} -impl Codec<'_> for Payload { +impl<'a> Codec<'a> for Payload<'static> { fn encode(&self, bytes: &mut Vec) { - bytes.extend_from_slice(&self.0); + bytes.extend_from_slice(self.bytes()); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'a>) -> Result { Ok(Self::read(r)) } } -impl Payload { +impl<'a> Payload<'a> { + pub fn bytes(&self) -> &[u8] { + match self { + Self::Borrowed(bytes) => bytes, + Self::Owned(bytes) => bytes, + } + } + pub fn into_vec(self) -> Vec { + match self { + Self::Borrowed(bytes) => bytes.to_vec(), + Self::Owned(bytes) => bytes, + } + } +} + +impl Payload<'static> { pub fn new(bytes: impl Into>) -> Self { - Self(bytes.into()) + Self::Owned(bytes.into()) } pub fn empty() -> Self { - Self::new(Vec::new()) + Self::Borrowed(&[]) } pub fn read(r: &mut Reader) -> Self { - Self(r.rest().to_vec()) + Self::Owned(r.rest().to_vec()) } } @@ -106,9 +124,9 @@ impl<'a> Codec<'_> for CertificateDer<'a> { } } -impl fmt::Debug for Payload { +impl fmt::Debug for Payload<'_> { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - hex(f, &self.0) + hex(f, self.bytes()) } } diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 4daa2aeec9..b656f76cce 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -865,7 +865,7 @@ mod tests { let mut rl = RecordLayer::new(); let m = d.pop_message(&mut rl, None); assert_eq!(m.typ, ContentType::ApplicationData); - assert_eq!(m.payload.0.len(), 0); + assert_eq!(m.payload.bytes().len(), 0); assert!(!d.has_pending()); assert!(d.last_error.is_none()); } diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index 2f82918b62..7d131cced5 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -27,7 +27,7 @@ impl MessageFragmenter { &self, msg: &'a PlainMessage, ) -> impl Iterator> + 'a { - self.fragment_slice(msg.typ, msg.version, &msg.payload.0) + self.fragment_slice(msg.typ, msg.version, msg.payload.bytes()) } /// Enqueue borrowed fragments of (version, typ, payload) which diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 9fedcbb080..a4e72e1b3b 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -185,7 +185,7 @@ impl SessionId { #[derive(Clone, Debug, PartialEq)] pub struct UnknownExtension { pub(crate) typ: ExtensionType, - pub(crate) payload: Payload, + pub(crate) payload: Payload<'static>, } impl UnknownExtension { @@ -214,7 +214,7 @@ impl TlsListElement for SignatureScheme { #[derive(Clone, Debug)] pub(crate) enum ServerNamePayload { HostName(DnsName<'static>), - Unknown(Payload), + Unknown(Payload<'static>), } impl ServerNamePayload { @@ -483,7 +483,7 @@ impl Codec<'_> for OcspCertificateStatusRequest { #[derive(Clone, Debug)] pub enum CertificateStatusRequest { Ocsp(OcspCertificateStatusRequest), - Unknown((CertificateStatusType, Payload)), + Unknown((CertificateStatusType, Payload<'static>)), } impl Codec<'_> for CertificateStatusRequest { @@ -684,7 +684,7 @@ impl ClientExtension { #[derive(Clone, Debug)] pub enum ClientSessionTicket { Request, - Offer(Payload), + Offer(Payload<'static>), } #[derive(Clone, Debug)] @@ -1588,7 +1588,7 @@ impl Codec<'_> for EcdheServerKeyExchange { #[derive(Debug)] pub enum ServerKeyExchangePayload { Ecdhe(EcdheServerKeyExchange), - Unknown(Payload), + Unknown(Payload<'static>), } impl Codec<'_> for ServerKeyExchangePayload { @@ -1613,7 +1613,7 @@ impl ServerKeyExchangePayload { kxa: KeyExchangeAlgorithm, ) -> Option { if let Self::Unknown(ref unk) = *self { - let mut rd = Reader::init(&unk.0); + let mut rd = Reader::init(unk.bytes()); let result = match kxa { KeyExchangeAlgorithm::ECDHE => EcdheServerKeyExchange::read(&mut rd), @@ -2076,15 +2076,15 @@ pub enum HandshakePayload { CertificateVerify(DigitallySignedStruct), ServerHelloDone, EndOfEarlyData, - ClientKeyExchange(Payload), + ClientKeyExchange(Payload<'static>), NewSessionTicket(NewSessionTicketPayload), NewSessionTicketTls13(NewSessionTicketPayloadTls13), EncryptedExtensions(Vec), KeyUpdate(KeyUpdateRequest), - Finished(Payload), + Finished(Payload<'static>), CertificateStatus(CertificateStatus), - MessageHash(Payload), - Unknown(Payload), + MessageHash(Payload<'static>), + Unknown(Payload<'static>), } impl HandshakePayload { diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index a69209a846..05ec9e1256 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -370,7 +370,7 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload { ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]), ClientExtension::make_sni(&DnsName::try_from("hello").unwrap()), ClientExtension::SessionTicket(ClientSessionTicket::Request), - ClientExtension::SessionTicket(ClientSessionTicket::Offer(Payload(vec![]))), + ClientExtension::SessionTicket(ClientSessionTicket::Offer(Payload::Borrowed(&[]))), ClientExtension::Protocols(vec![ProtocolName::from(vec![0])]), ClientExtension::SupportedVersions(vec![ProtocolVersion::TLSv1_3]), ClientExtension::KeyShare(vec![KeyShareEntry::new(NamedGroup::X25519, &[1, 2, 3])]), @@ -391,7 +391,7 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload { ClientExtension::TransportParameters(vec![1, 2, 3]), ClientExtension::Unknown(UnknownExtension { typ: ExtensionType::Unknown(12345), - payload: Payload(vec![1, 2, 3]), + payload: Payload::Borrowed(&[1, 2, 3]), }), ], } @@ -497,7 +497,7 @@ fn test_client_extension_getter(typ: ExtensionType, getter: fn(&ClientHelloPaylo chp.extensions = vec![ClientExtension::Unknown(UnknownExtension { typ, - payload: Payload(vec![]), + payload: Payload::Borrowed(&[]), })]; assert!(!getter(&chp)); } @@ -612,7 +612,7 @@ fn test_helloretry_extension_getter(typ: ExtensionType, getter: fn(&HelloRetryRe hrr.extensions = vec![HelloRetryExtension::Unknown(UnknownExtension { typ, - payload: Payload(vec![]), + payload: Payload::Borrowed(&[]), })]; assert!(!getter(&hrr)); } @@ -681,7 +681,7 @@ fn test_server_extension_getter(typ: ExtensionType, getter: fn(&ServerHelloPaylo shp.extensions = vec![ServerExtension::Unknown(UnknownExtension { typ, - payload: Payload(vec![]), + payload: Payload::Borrowed(&[]), })]; assert!(!getter(&shp)); } @@ -724,7 +724,7 @@ fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry) ce.exts = vec![CertificateExtension::Unknown(UnknownExtension { typ, - payload: Payload(vec![]), + payload: Payload::Borrowed(&[]), })]; assert!(!getter(&ce)); } @@ -757,7 +757,7 @@ fn get_sample_serverhellopayload() -> ServerHelloPayload { ServerExtension::TransportParameters(vec![1, 2, 3]), ServerExtension::Unknown(UnknownExtension { typ: ExtensionType::Unknown(12345), - payload: Payload(vec![1, 2, 3]), + payload: Payload::Borrowed(&[1, 2, 3]), }), ], } @@ -784,7 +784,7 @@ fn get_sample_helloretryrequest() -> HelloRetryRequest { HelloRetryExtension::SupportedVersions(ProtocolVersion::TLSv1_2), HelloRetryExtension::Unknown(UnknownExtension { typ: ExtensionType::Unknown(12345), - payload: Payload(vec![1, 2, 3]), + payload: Payload::Borrowed(&[1, 2, 3]), }), ], } @@ -801,7 +801,7 @@ fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13 { }), CertificateExtension::Unknown(UnknownExtension { typ: ExtensionType::Unknown(12345), - payload: Payload(vec![1, 2, 3]), + payload: Payload::Borrowed(&[1, 2, 3]), }), ], }], @@ -822,7 +822,7 @@ fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload { } fn get_sample_serverkeyexchangepayload_unknown() -> ServerKeyExchangePayload { - ServerKeyExchangePayload::Unknown(Payload(vec![1, 2, 3])) + ServerKeyExchangePayload::Unknown(Payload::Borrowed(&[1, 2, 3])) } fn get_sample_certificaterequestpayload() -> CertificateRequestPayload { @@ -841,7 +841,7 @@ fn get_sample_certificaterequestpayloadtls13() -> CertificateRequestPayloadTls13 CertReqExtension::AuthorityNames(vec![DistinguishedName::from(vec![1, 2, 3])]), CertReqExtension::Unknown(UnknownExtension { typ: ExtensionType::Unknown(12345), - payload: Payload(vec![1, 2, 3]), + payload: Payload::Borrowed(&[1, 2, 3]), }), ], } @@ -862,7 +862,7 @@ fn get_sample_newsessionticketpayloadtls13() -> NewSessionTicketPayloadTls13 { ticket: PayloadU16(vec![4, 5, 6]), exts: vec![NewSessionTicketExtension::Unknown(UnknownExtension { typ: ExtensionType::Unknown(12345), - payload: Payload(vec![1, 2, 3]), + payload: Payload::Borrowed(&[1, 2, 3]), })], } } @@ -923,7 +923,7 @@ fn get_all_tls12_handshake_payloads() -> Vec { }, HandshakeMessagePayload { typ: HandshakeType::ClientKeyExchange, - payload: HandshakePayload::ClientKeyExchange(Payload(vec![1, 2, 3])), + payload: HandshakePayload::ClientKeyExchange(Payload::Borrowed(&[1, 2, 3])), }, HandshakeMessagePayload { typ: HandshakeType::NewSessionTicket, @@ -943,7 +943,7 @@ fn get_all_tls12_handshake_payloads() -> Vec { }, HandshakeMessagePayload { typ: HandshakeType::Finished, - payload: HandshakePayload::Finished(Payload(vec![1, 2, 3])), + payload: HandshakePayload::Finished(Payload::Borrowed(&[1, 2, 3])), }, HandshakeMessagePayload { typ: HandshakeType::CertificateStatus, @@ -951,7 +951,7 @@ fn get_all_tls12_handshake_payloads() -> Vec { }, HandshakeMessagePayload { typ: HandshakeType::Unknown(99), - payload: HandshakePayload::Unknown(Payload(vec![1, 2, 3])), + payload: HandshakePayload::Unknown(Payload::Borrowed(&[1, 2, 3])), }, ] } @@ -1060,7 +1060,7 @@ fn get_all_tls13_handshake_payloads() -> Vec { }, HandshakeMessagePayload { typ: HandshakeType::ClientKeyExchange, - payload: HandshakePayload::ClientKeyExchange(Payload(vec![1, 2, 3])), + payload: HandshakePayload::ClientKeyExchange(Payload::Borrowed(&[1, 2, 3])), }, HandshakeMessagePayload { typ: HandshakeType::NewSessionTicket, @@ -1082,7 +1082,7 @@ fn get_all_tls13_handshake_payloads() -> Vec { }, HandshakeMessagePayload { typ: HandshakeType::Finished, - payload: HandshakePayload::Finished(Payload(vec![1, 2, 3])), + payload: HandshakePayload::Finished(Payload::Borrowed(&[1, 2, 3])), }, HandshakeMessagePayload { typ: HandshakeType::CertificateStatus, @@ -1090,7 +1090,7 @@ fn get_all_tls13_handshake_payloads() -> Vec { }, HandshakeMessagePayload { typ: HandshakeType::Unknown(99), - payload: HandshakePayload::Unknown(Payload(vec![1, 2, 3])), + payload: HandshakePayload::Unknown(Payload::Borrowed(&[1, 2, 3])), }, ] } diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index d126abfa8e..ff039b8009 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -20,17 +20,17 @@ pub enum MessagePayload { Alert(AlertMessagePayload), Handshake { parsed: HandshakeMessagePayload, - encoded: Payload, + encoded: Payload<'static>, }, ChangeCipherSpec(ChangeCipherSpecPayload), - ApplicationData(Payload), + ApplicationData(Payload<'static>), } impl MessagePayload { pub fn encode(&self, bytes: &mut Vec) { match self { Self::Alert(x) => x.encode(bytes), - Self::Handshake { encoded, .. } => bytes.extend(&encoded.0), + Self::Handshake { encoded, .. } => bytes.extend(encoded.bytes()), Self::ChangeCipherSpec(x) => x.encode(bytes), Self::ApplicationData(x) => x.encode(bytes), } @@ -46,9 +46,9 @@ impl MessagePayload { pub fn new( typ: ContentType, vers: ProtocolVersion, - payload: Payload, + payload: Payload<'static>, ) -> Result { - let mut r = Reader::init(&payload.0); + let mut r = Reader::init(payload.bytes()); match typ { ContentType::ApplicationData => Ok(Self::ApplicationData(payload)), ContentType::Alert => AlertMessagePayload::read(&mut r).map(MessagePayload::Alert), @@ -90,7 +90,7 @@ impl MessagePayload { pub struct OpaqueMessage { pub typ: ContentType, pub version: ProtocolVersion, - payload: Payload, + payload: Payload<'static>, } impl OpaqueMessage { @@ -107,12 +107,15 @@ impl OpaqueMessage { /// Access the message payload as a slice. pub fn payload(&self) -> &[u8] { - &self.payload.0 + self.payload.bytes() } /// Access the message payload as a mutable `Vec`. pub fn payload_mut(&mut self) -> &mut Vec { - &mut self.payload.0 + match &mut self.payload { + Payload::Borrowed(_) => unreachable!("due to how constructor works"), + Payload::Owned(bytes) => bytes, + } } /// `MessageError` allows callers to distinguish between valid prefixes (might @@ -136,7 +139,7 @@ impl OpaqueMessage { let mut buf = Vec::new(); self.typ.encode(&mut buf); self.version.encode(&mut buf); - (self.payload.0.len() as u16).encode(&mut buf); + (self.payload.bytes().len() as u16).encode(&mut buf); self.payload.encode(&mut buf); buf } @@ -291,7 +294,7 @@ impl From for PlainMessage { _ => { let mut buf = Vec::new(); msg.payload.encode(&mut buf); - Payload(buf) + Payload::Owned(buf) } }; @@ -311,7 +314,7 @@ impl From for PlainMessage { pub struct PlainMessage { pub typ: ContentType, pub version: ProtocolVersion, - pub payload: Payload, + pub payload: Payload<'static>, } impl PlainMessage { @@ -327,7 +330,7 @@ impl PlainMessage { BorrowedPlainMessage { version: self.version, typ: self.typ, - payload: &self.payload.0, + payload: self.payload.bytes(), } } } @@ -402,7 +405,7 @@ impl<'a> BorrowedPlainMessage<'a> { OpaqueMessage { version: self.version, typ: self.typ, - payload: Payload(self.payload.to_vec()), + payload: Payload::Owned(self.payload.to_vec()), } } diff --git a/rustls/src/msgs/message_test.rs b/rustls/src/msgs/message_test.rs index 5ba8f120bc..8270584cff 100644 --- a/rustls/src/msgs/message_test.rs +++ b/rustls/src/msgs/message_test.rs @@ -100,7 +100,7 @@ fn construct_all_types() { #[test] fn debug_payload() { - assert_eq!("01020304", format!("{:?}", Payload(vec![1, 2, 3, 4]))); + assert_eq!("01020304", format!("{:?}", Payload::new(vec![1, 2, 3, 4]))); assert_eq!("01020304", format!("{:?}", PayloadU8(vec![1, 2, 3, 4]))); assert_eq!("01020304", format!("{:?}", PayloadU16(vec![1, 2, 3, 4]))); assert_eq!("01020304", format!("{:?}", PayloadU24(vec![1, 2, 3, 4]))); diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index fcf81b3e62..e03c82529d 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -846,10 +846,10 @@ impl EarlyDataState { } pub(super) fn take_received_plaintext(&mut self, bytes: Payload) -> bool { - let available = bytes.0.len(); + let available = bytes.bytes().len(); match self { Self::Accepted(ref mut received) if received.apply_limit(available) == available => { - received.append(bytes.0); + received.append(bytes.into_vec()); true } _ => false, diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 3673d818ed..f4954aefdf 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -139,7 +139,10 @@ mod client_hello { .and_then(|ticket| { ticket_received = true; debug!("Ticket received"); - let data = self.config.ticketer.decrypt(&ticket.0); + let data = self + .config + .ticketer + .decrypt(ticket.bytes()); if data.is_none() { debug!("Ticket didn't decrypt"); } @@ -602,7 +605,7 @@ impl State for ExpectClientKx { // Complete key agreement, and set up encryption with the // resulting premaster secret. let peer_kx_params = - tls12::decode_ecdh_params::(cx.common, &client_kx.0)?; + tls12::decode_ecdh_params::(cx.common, client_kx.bytes())?; let secrets = ConnectionSecrets::from_key_exchange( self.server_kx, &peer_kx_params.public.0, @@ -859,15 +862,15 @@ impl State for ExpectFinished { let vh = self.transcript.get_current_hash(); let expect_verify_data = self.secrets.client_verify_data(&vh); - let _fin_verified = match ConstantTimeEq::ct_eq(&expect_verify_data[..], &finished.0).into() - { - true => verify::FinishedMessageVerified::assertion(), - false => { - return Err(cx - .common - .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError)); - } - }; + let _fin_verified = + match ConstantTimeEq::ct_eq(&expect_verify_data[..], finished.bytes()).into() { + true => verify::FinishedMessageVerified::assertion(), + false => { + return Err(cx + .common + .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError)); + } + }; // Save connection, perhaps if !self.resuming && !self.session_id.is_empty() { diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 6dcd60fe27..4c65afb3cc 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -856,8 +856,8 @@ impl State for ExpectAndSkipRejectedEarlyData { * up to the configured max_early_data_size." * (RFC8446, 14.2.10) */ if let MessagePayload::ApplicationData(ref skip_data) = m.payload { - if skip_data.0.len() <= self.skip_data_left { - self.skip_data_left -= skip_data.0.len(); + if skip_data.bytes().len() <= self.skip_data_left { + self.skip_data_left -= skip_data.bytes().len(); return Ok(self); } } @@ -1158,7 +1158,8 @@ impl State for ExpectFinished { .key_schedule .sign_client_finish(&handshake_hash, cx.common); - let fin = match ConstantTimeEq::ct_eq(expect_verify_data.as_ref(), &finished.0[..]).into() { + let fin = match ConstantTimeEq::ct_eq(expect_verify_data.as_ref(), finished.bytes()).into() + { true => verify::FinishedMessageVerified::assertion(), false => { return Err(cx From 8ddbc77b213d2af55b841582479c54c322376ac0 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Fri, 8 Dec 2023 14:28:47 -0500 Subject: [PATCH 0660/1145] make ConnectionCommon::deframe return a borrowed message Co-authored-by: Jorge Aparicio --- rustls/src/conn.rs | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index d2e95633bd..e0b9f80b25 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -1,11 +1,12 @@ use crate::common_state::{CommonState, Context, IoState, State, DEFAULT_BUFFER_LIMIT}; +use crate::crypto::cipher::BorrowedPlainMessage; use crate::enums::{AlertDescription, ContentType}; use crate::error::{Error, PeerMisbehaved}; #[cfg(feature = "logging")] use crate::log::trace; use crate::msgs::deframer::{Deframed, DeframerSliceBuffer, DeframerVecBuffer, MessageDeframer}; use crate::msgs::handshake::Random; -use crate::msgs::message::{Message, MessagePayload, PlainMessage}; +use crate::msgs::message::{Message, MessagePayload}; use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; use crate::vecbuf::ChunkVecBuffer; @@ -336,11 +337,11 @@ impl ConnectionRandoms { // --- Common (to client and server) connection functions --- -fn is_valid_ccs(msg: &PlainMessage) -> bool { +fn is_valid_ccs(msg: &BorrowedPlainMessage) -> bool { // We passthrough ChangeCipherSpec messages in the deframer without decrypting them. // Note: this is prior to the record layer, so is unencrypted. See // third paragraph of section 5 in RFC8446. - msg.typ == ContentType::ChangeCipherSpec && msg.payload.bytes() == [0x01] + msg.typ == ContentType::ChangeCipherSpec && msg.payload == [0x01] } /// Interface shared by client and server connections. @@ -474,7 +475,8 @@ impl ConnectionCommon { let mut deframer_buffer = self.deframer_buffer.borrow(); let res = self .core - .deframe(None, &mut deframer_buffer); + .deframe(None, &mut deframer_buffer) + .map(|opt| opt.map(|m| m.into_owned())); let discard = deframer_buffer.pending_discard(); self.deframer_buffer.discard(discard); @@ -772,11 +774,11 @@ impl ConnectionCore { } /// Pull a message out of the deframer and send any messages that need to be sent as a result. - fn deframe( + fn deframe<'b>( &mut self, state: Option<&dyn State>, - deframer_buffer: &mut DeframerSliceBuffer, - ) -> Result, Error> { + deframer_buffer: &mut DeframerSliceBuffer<'b>, + ) -> Result>, Error> { match self.message_deframer.pop( &mut self.common_state.record_layer, self.common_state.negotiated_version, @@ -799,7 +801,7 @@ impl ConnectionCore { } self.common_state.aligned_handshake = aligned; - Ok(Some(message.into_owned())) + Ok(Some(message)) } Ok(None) => Ok(None), Err(err @ Error::InvalidMessage(_)) => { @@ -831,7 +833,7 @@ impl ConnectionCore { fn process_msg( &mut self, - msg: PlainMessage, + msg: BorrowedPlainMessage, state: Box>, sendable_plaintext: Option<&mut ChunkVecBuffer>, ) -> Result>, Error> { @@ -860,7 +862,7 @@ impl ConnectionCore { } // Now we can fully parse the message payload. - let msg = match Message::try_from(msg) { + let msg = match Message::try_from(msg.into_owned()) { Ok(msg) => msg, Err(err) => { return Err(self From 85a175450fb0b50988022a47d403ef782e94b048 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Fri, 8 Dec 2023 14:36:08 -0500 Subject: [PATCH 0661/1145] make Payload::read non-allocating Co-authored-by: Jorge Aparicio --- rustls/src/msgs/base.rs | 15 ++++++++++----- rustls/src/msgs/handshake.rs | 18 ++++++++++-------- rustls/src/msgs/message.rs | 2 +- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index fa016cf479..a94bbf9491 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -18,7 +18,7 @@ pub enum Payload<'a> { Owned(Vec), } -impl<'a> Codec<'a> for Payload<'static> { +impl<'a> Codec<'a> for Payload<'a> { fn encode(&self, bytes: &mut Vec) { bytes.extend_from_slice(self.bytes()); } @@ -35,12 +35,21 @@ impl<'a> Payload<'a> { Self::Owned(bytes) => bytes, } } + + pub fn into_owned(self) -> Payload<'static> { + Payload::Owned(self.into_vec()) + } + pub fn into_vec(self) -> Vec { match self { Self::Borrowed(bytes) => bytes.to_vec(), Self::Owned(bytes) => bytes, } } + + pub fn read(r: &mut Reader<'a>) -> Self { + Self::Borrowed(r.rest()) + } } impl Payload<'static> { @@ -51,10 +60,6 @@ impl Payload<'static> { pub fn empty() -> Self { Self::Borrowed(&[]) } - - pub fn read(r: &mut Reader) -> Self { - Self::Owned(r.rest().to_vec()) - } } /// Non-owning version of [`Payload`] diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index a4e72e1b3b..30ba70035f 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -194,7 +194,7 @@ impl UnknownExtension { } fn read(typ: ExtensionType, r: &mut Reader) -> Self { - let payload = Payload::read(r); + let payload = Payload::read(r).into_owned(); Self { typ, payload } } } @@ -265,7 +265,7 @@ impl Codec<'_> for ServerName { let payload = match typ { ServerNameType::HostName => ServerNamePayload::read_hostname(r)?, - _ => ServerNamePayload::Unknown(Payload::read(r)), + _ => ServerNamePayload::Unknown(Payload::read(r).into_owned()), }; Ok(Self { typ, payload }) @@ -506,7 +506,7 @@ impl Codec<'_> for CertificateStatusRequest { Ok(Self::Ocsp(ocsp_req)) } _ => { - let data = Payload::read(r); + let data = Payload::read(r).into_owned(); Ok(Self::Unknown((typ, data))) } } @@ -622,7 +622,7 @@ impl Codec<'_> for ClientExtension { ExtensionType::ServerName => Self::ServerName(Vec::read(&mut sub)?), ExtensionType::SessionTicket => { if sub.any_left() { - let contents = Payload::read(&mut sub); + let contents = Payload::read(&mut sub).into_owned(); Self::SessionTicket(ClientSessionTicket::Offer(contents)) } else { Self::SessionTicket(ClientSessionTicket::Request) @@ -1602,7 +1602,7 @@ impl Codec<'_> for ServerKeyExchangePayload { fn read(r: &mut Reader) -> Result { // read as Unknown, fully parse when we know the // KeyExchangeAlgorithm - Ok(Self::Unknown(Payload::read(r))) + Ok(Self::Unknown(Payload::read(r).into_owned())) } } @@ -2184,7 +2184,7 @@ impl HandshakeMessagePayload { HandshakePayload::ServerHelloDone } HandshakeType::ClientKeyExchange => { - HandshakePayload::ClientKeyExchange(Payload::read(&mut sub)) + HandshakePayload::ClientKeyExchange(Payload::read(&mut sub).into_owned()) } HandshakeType::CertificateRequest if vers == ProtocolVersion::TLSv1_3 => { let p = CertificateRequestPayloadTls13::read(&mut sub)?; @@ -2215,7 +2215,9 @@ impl HandshakeMessagePayload { sub.expect_empty("EndOfEarlyData")?; HandshakePayload::EndOfEarlyData } - HandshakeType::Finished => HandshakePayload::Finished(Payload::read(&mut sub)), + HandshakeType::Finished => { + HandshakePayload::Finished(Payload::read(&mut sub).into_owned()) + } HandshakeType::CertificateStatus => { HandshakePayload::CertificateStatus(CertificateStatus::read(&mut sub)?) } @@ -2227,7 +2229,7 @@ impl HandshakeMessagePayload { // not legal on wire return Err(InvalidMessage::UnexpectedMessage("HelloRetryRequest")); } - _ => HandshakePayload::Unknown(Payload::read(&mut sub)), + _ => HandshakePayload::Unknown(Payload::read(&mut sub).into_owned()), }; sub.expect_empty("HandshakeMessagePayload") diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index ff039b8009..c9dad411fb 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -126,7 +126,7 @@ impl OpaqueMessage { let mut sub = r .sub(len as usize) .map_err(|_| MessageError::TooShortForLength)?; - let payload = Payload::read(&mut sub); + let payload = Payload::read(&mut sub).into_owned(); Ok(Self { typ, From 0423bb69e795046a79a5fd9333357968d441c961 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Fri, 8 Dec 2023 14:43:39 -0500 Subject: [PATCH 0662/1145] make MessagePayload decoding partially non-allocating Co-authored-by: Jorge Aparicio --- rustls/src/conn.rs | 8 ++-- rustls/src/msgs/message.rs | 63 ++++++++++++++++++++++++-------- rustls/src/server/server_conn.rs | 4 +- 3 files changed, 54 insertions(+), 21 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index e0b9f80b25..f087d1b583 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -471,16 +471,16 @@ impl ConnectionCommon { /// /// This is a shortcut to the `process_new_packets()` -> `process_msg()` -> /// `process_handshake_messages()` path, specialized for the first handshake message. - pub(crate) fn first_handshake_message(&mut self) -> Result, Error> { + pub(crate) fn first_handshake_message(&mut self) -> Result>, Error> { let mut deframer_buffer = self.deframer_buffer.borrow(); let res = self .core .deframe(None, &mut deframer_buffer) - .map(|opt| opt.map(|m| m.into_owned())); + .map(|opt| opt.map(|pm| Message::try_from(pm).map(|m| m.into_owned()))); let discard = deframer_buffer.pending_discard(); self.deframer_buffer.discard(discard); - match res?.map(Message::try_from) { + match res? { Some(Ok(msg)) => Ok(Some(msg)), Some(Err(err)) => Err(self.send_fatal_alert(AlertDescription::DecodeError, err)), None => Ok(None), @@ -862,7 +862,7 @@ impl ConnectionCore { } // Now we can fully parse the message payload. - let msg = match Message::try_from(msg.into_owned()) { + let msg = match Message::try_from(msg) { Ok(msg) => msg, Err(err) => { return Err(self diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index c9dad411fb..be004c3eda 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -16,17 +16,17 @@ use super::base::BorrowedPayload; use super::codec::ReaderMut; #[derive(Debug)] -pub enum MessagePayload { +pub enum MessagePayload<'a> { Alert(AlertMessagePayload), Handshake { parsed: HandshakeMessagePayload, - encoded: Payload<'static>, + encoded: Payload<'a>, }, ChangeCipherSpec(ChangeCipherSpecPayload), - ApplicationData(Payload<'static>), + ApplicationData(Payload<'a>), } -impl MessagePayload { +impl<'a> MessagePayload<'a> { pub fn encode(&self, bytes: &mut Vec) { match self { Self::Alert(x) => x.encode(bytes), @@ -46,16 +46,16 @@ impl MessagePayload { pub fn new( typ: ContentType, vers: ProtocolVersion, - payload: Payload<'static>, + payload: &'a [u8], ) -> Result { - let mut r = Reader::init(payload.bytes()); + let mut r = Reader::init(payload); match typ { - ContentType::ApplicationData => Ok(Self::ApplicationData(payload)), + ContentType::ApplicationData => Ok(Self::ApplicationData(Payload::Borrowed(payload))), ContentType::Alert => AlertMessagePayload::read(&mut r).map(MessagePayload::Alert), ContentType::Handshake => { HandshakeMessagePayload::read_version(&mut r, vers).map(|parsed| Self::Handshake { parsed, - encoded: payload, + encoded: Payload::Borrowed(payload), }) } ContentType::ChangeCipherSpec => { @@ -73,6 +73,19 @@ impl MessagePayload { Self::ApplicationData(_) => ContentType::ApplicationData, } } + + pub(crate) fn into_owned(self) -> MessagePayload<'static> { + use MessagePayload::*; + match self { + Alert(x) => Alert(x), + Handshake { parsed, encoded } => Handshake { + parsed, + encoded: encoded.into_owned(), + }, + ChangeCipherSpec(x) => ChangeCipherSpec(x), + ApplicationData(x) => ApplicationData(x.into_owned()), + } + } } /// A TLS frame, named TLSPlaintext in the standard. @@ -286,11 +299,11 @@ fn unpad_tls13_payload(p: &mut BorrowedPayload) -> ContentType { } } -impl From for PlainMessage { +impl From> for PlainMessage { fn from(msg: Message) -> Self { let typ = msg.payload.content_type(); let payload = match msg.payload { - MessagePayload::ApplicationData(payload) => payload, + MessagePayload::ApplicationData(payload) => payload.into_owned(), _ => { let mut buf = Vec::new(); msg.payload.encode(&mut buf); @@ -337,12 +350,12 @@ impl PlainMessage { /// A message with decoded payload #[derive(Debug)] -pub struct Message { +pub struct Message<'a> { pub version: ProtocolVersion, - pub payload: MessagePayload, + pub payload: MessagePayload<'a>, } -impl Message { +impl Message<'_> { pub fn is_handshake_type(&self, hstyp: HandshakeType) -> bool { // Bit of a layering violation, but OK. if let MessagePayload::Handshake { parsed, .. } = &self.payload { @@ -368,16 +381,36 @@ impl Message { payload: MessagePayload::handshake(HandshakeMessagePayload::build_key_update_notify()), } } + + pub(crate) fn into_owned(self) -> Message<'static> { + let Self { version, payload } = self; + Message { + version, + payload: payload.into_owned(), + } + } +} + +impl TryFrom for Message<'static> { + type Error = Error; + + fn try_from(plain: PlainMessage) -> Result { + Ok(Self { + version: plain.version, + payload: MessagePayload::new(plain.typ, plain.version, plain.payload.bytes())? + .into_owned(), + }) + } } /// Parses a plaintext message into a well-typed [`Message`]. /// /// A [`PlainMessage`] must contain plaintext content. Encrypted content should be stored in an /// [`OpaqueMessage`] and decrypted before being stored into a [`PlainMessage`]. -impl TryFrom for Message { +impl<'a> TryFrom> for Message<'a> { type Error = Error; - fn try_from(plain: PlainMessage) -> Result { + fn try_from(plain: BorrowedPlainMessage<'a>) -> Result { Ok(Self { version: plain.version, payload: MessagePayload::new(plain.typ, plain.version, plain.payload)?, diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index e03c82529d..6306caab55 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -727,7 +727,7 @@ impl Acceptor { /// Contains the state required to resume the connection through [`Accepted::into_connection()`]. pub struct Accepted { connection: ConnectionCommon, - message: Message, + message: Message<'static>, sig_schemes: Vec, } @@ -770,7 +770,7 @@ impl Accepted { }) } - fn client_hello_payload(message: &Message) -> &ClientHelloPayload { + fn client_hello_payload<'a>(message: &'a Message) -> &'a ClientHelloPayload { match &message.payload { crate::msgs::message::MessagePayload::Handshake { parsed, .. } => match &parsed.payload { From 65370b8de167ef8ae65fa0337e2d12df01cc9fe5 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Fri, 8 Dec 2023 15:05:06 -0500 Subject: [PATCH 0663/1145] prepare State trait to handle borrowed types Co-authored-by: Jorge Aparicio --- rustls/src/client/hs.rs | 38 ++++++-- rustls/src/client/tls12.rs | 145 ++++++++++++++++++++++++++----- rustls/src/client/tls13.rs | 106 ++++++++++++++++++++-- rustls/src/common_state.rs | 12 ++- rustls/src/server/hs.rs | 19 +++- rustls/src/server/server_conn.rs | 13 ++- rustls/src/server/tls12.rs | 82 +++++++++++++++-- rustls/src/server/tls13.rs | 93 ++++++++++++++++++-- 8 files changed, 444 insertions(+), 64 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index f00ee13641..7092e72b2a 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -39,8 +39,8 @@ use alloc::vec; use alloc::vec::Vec; use core::ops::Deref; -pub(super) type NextState = Box>; -pub(super) type NextStateOrError = Result; +pub(super) type NextState<'a> = Box + 'a>; +pub(super) type NextStateOrError<'a> = Result, Error>; pub(super) type ClientContext<'a> = crate::common_state::Context<'a, ClientConnectionData>; fn find_session( @@ -95,7 +95,7 @@ pub(super) fn start_handshake( extra_exts: Vec, config: Arc, cx: &mut ClientContext<'_>, -) -> NextStateOrError { +) -> NextStateOrError<'static> { let mut transcript_buffer = HandshakeHashBuffer::new(); if config .client_auth_cert_resolver @@ -196,7 +196,7 @@ fn emit_client_hello_for_retry( suite: Option, mut input: ClientHelloInput, cx: &mut ClientContext<'_>, -) -> NextState { +) -> NextState<'static> { let config = &input.config; let support_tls12 = config.supports_version(ProtocolVersion::TLSv1_2) && !cx.common.is_quic(); let support_tls13 = config.supports_version(ProtocolVersion::TLSv1_3); @@ -481,7 +481,14 @@ pub(super) fn process_alpn_protocol( } impl State for ExpectServerHello { - fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> NextStateOrError<'m> + where + Self: 'm, + { let server_hello = require_handshake_msg!(m, HandshakeType::ServerHello, HandshakePayload::ServerHello)?; trace!("We got ServerHello {:#?}", server_hello); @@ -671,10 +678,14 @@ impl State for ExpectServerHello { } } } + + fn into_owned(self: Box) -> NextState<'static> { + self + } } impl ExpectServerHelloOrHelloRetryRequest { - fn into_expect_server_hello(self) -> NextState { + fn into_expect_server_hello(self) -> NextState<'static> { Box::new(self.next) } @@ -682,7 +693,7 @@ impl ExpectServerHelloOrHelloRetryRequest { self, cx: &mut ClientContext<'_>, m: Message, - ) -> NextStateOrError { + ) -> NextStateOrError<'static> { let hrr = require_handshake_msg!( m, HandshakeType::HelloRetryRequest, @@ -847,7 +858,14 @@ impl ExpectServerHelloOrHelloRetryRequest { } impl State for ExpectServerHelloOrHelloRetryRequest { - fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> NextStateOrError { + fn handle<'m>( + self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> NextStateOrError<'m> + where + Self: 'm, + { match m.payload { MessagePayload::Handshake { parsed: @@ -874,6 +892,10 @@ impl State for ExpectServerHelloOrHelloRetryRequest { )), } } + + fn into_owned(self: Box) -> NextState<'static> { + self + } } enum ClientSessionValue { diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 2f5478baba..2e769d6f8e 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -61,7 +61,7 @@ mod server_hello { suite: &'static Tls12CipherSuite, server_hello: &ServerHelloPayload, tls13_supported: bool, - ) -> hs::NextStateOrError { + ) -> hs::NextStateOrError<'static> { self.randoms .server .clone_from_slice(&server_hello.random.0[..]); @@ -194,11 +194,14 @@ struct ExpectCertificate { } impl State for ExpectCertificate { - fn handle( + fn handle<'m>( mut self: Box, _cx: &mut ClientContext<'_>, - m: Message, - ) -> hs::NextStateOrError { + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { self.transcript.add_message(&m); let server_cert_chain = require_handshake_msg_move!( m, @@ -236,6 +239,10 @@ impl State for ExpectCertificate { })) } } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectCertificateStatusOrServerKx { @@ -252,7 +259,14 @@ struct ExpectCertificateStatusOrServerKx { } impl State for ExpectCertificateStatusOrServerKx { - fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { match m.payload { MessagePayload::Handshake { parsed: @@ -304,6 +318,10 @@ impl State for ExpectCertificateStatusOrServerKx { )), } } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectCertificateStatus { @@ -320,11 +338,14 @@ struct ExpectCertificateStatus { } impl State for ExpectCertificateStatus { - fn handle( + fn handle<'m>( mut self: Box, _cx: &mut ClientContext<'_>, - m: Message, - ) -> hs::NextStateOrError { + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { self.transcript.add_message(&m); let server_cert_ocsp_response = require_handshake_msg_move!( m, @@ -353,6 +374,10 @@ impl State for ExpectCertificateStatus { must_issue_new_ticket: self.must_issue_new_ticket, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectServerKx { @@ -369,7 +394,14 @@ struct ExpectServerKx { } impl State for ExpectServerKx { - fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let opaque_kx = require_handshake_msg!( m, HandshakeType::ServerKeyExchange, @@ -410,6 +442,10 @@ impl State for ExpectServerKx { must_issue_new_ticket: self.must_issue_new_ticket, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } fn emit_certificate( @@ -535,7 +571,14 @@ struct ExpectServerDoneOrCertReq { } impl State for ExpectServerDoneOrCertReq { - fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { if matches!( m.payload, MessagePayload::Handshake { @@ -580,6 +623,10 @@ impl State for ExpectServerDoneOrCertReq { .handle(cx, m) } } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectCertificateRequest { @@ -597,11 +644,14 @@ struct ExpectCertificateRequest { } impl State for ExpectCertificateRequest { - fn handle( + fn handle<'m>( mut self: Box, _cx: &mut ClientContext<'_>, - m: Message, - ) -> hs::NextStateOrError { + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let certreq = require_handshake_msg!( m, HandshakeType::CertificateRequest, @@ -641,6 +691,10 @@ impl State for ExpectCertificateRequest { must_issue_new_ticket: self.must_issue_new_ticket, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectServerDone { @@ -659,7 +713,14 @@ struct ExpectServerDone { } impl State for ExpectServerDone { - fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { match m.payload { MessagePayload::Handshake { parsed: @@ -843,6 +904,10 @@ impl State for ExpectServerDone { })) } } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectNewTicket { @@ -859,11 +924,14 @@ struct ExpectNewTicket { } impl State for ExpectNewTicket { - fn handle( + fn handle<'m>( mut self: Box, _cx: &mut ClientContext<'_>, - m: Message, - ) -> hs::NextStateOrError { + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { self.transcript.add_message(&m); let nst = require_handshake_msg_move!( @@ -886,6 +954,10 @@ impl State for ExpectNewTicket { sig_verified: self.sig_verified, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // -- Waiting for their CCS -- @@ -904,7 +976,14 @@ struct ExpectCcs { } impl State for ExpectCcs { - fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { match m.payload { MessagePayload::ChangeCipherSpec(..) => {} payload => { @@ -937,6 +1016,10 @@ impl State for ExpectCcs { sig_verified: self.sig_verified, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectFinished { @@ -996,7 +1079,14 @@ impl ExpectFinished { } impl State for ExpectFinished { - fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let mut st = *self; let finished = require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?; @@ -1053,6 +1143,10 @@ impl State for ExpectFinished { .remove_tls12_session(&self.server_name); } } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // -- Traffic transit state -- @@ -1064,7 +1158,14 @@ struct ExpectTraffic { } impl State for ExpectTraffic { - fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { match m.payload { MessagePayload::ApplicationData(payload) => cx .common @@ -1094,4 +1195,8 @@ impl State for ExpectTraffic { self.secrets .extract_secrets(Side::Client) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 5e581f23a4..0d597b7eaa 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -77,7 +77,7 @@ pub(super) fn handle_server_hello( hello: ClientHelloDetails, our_key_share: Box, mut sent_tls13_fake_ccs: bool, -) -> hs::NextStateOrError { +) -> hs::NextStateOrError<'static> { validate_server_hello(cx.common, server_hello)?; let their_key_share = server_hello @@ -380,7 +380,14 @@ struct ExpectEncryptedExtensions { } impl State for ExpectEncryptedExtensions { - fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let exts = require_handshake_msg!( m, HandshakeType::EncryptedExtensions, @@ -456,6 +463,10 @@ impl State for ExpectEncryptedExtensions { })) } } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectCertificateOrCertReq { @@ -468,7 +479,14 @@ struct ExpectCertificateOrCertReq { } impl State for ExpectCertificateOrCertReq { - fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { match m.payload { MessagePayload::Handshake { parsed: @@ -513,6 +531,10 @@ impl State for ExpectCertificateOrCertReq { )), } } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // TLS1.3 version of CertificateRequest handling. We then move to expecting the server @@ -528,7 +550,14 @@ struct ExpectCertificateRequest { } impl State for ExpectCertificateRequest { - fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let certreq = &require_handshake_msg!( m, HandshakeType::CertificateRequest, @@ -584,6 +613,10 @@ impl State for ExpectCertificateRequest { client_auth: Some(client_auth), })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectCertificate { @@ -597,7 +630,14 @@ struct ExpectCertificate { } impl State for ExpectCertificate { - fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { self.transcript.add_message(&m); let cert_chain = require_handshake_msg_move!( m, @@ -635,6 +675,10 @@ impl State for ExpectCertificate { client_auth: self.client_auth, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // --- TLS1.3 CertificateVerify --- @@ -650,7 +694,14 @@ struct ExpectCertificateVerify { } impl State for ExpectCertificateVerify { - fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let cert_verify = require_handshake_msg!( m, HandshakeType::CertificateVerify, @@ -710,6 +761,10 @@ impl State for ExpectCertificateVerify { sig_verified, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } fn emit_certificate_tls13( @@ -817,7 +872,14 @@ struct ExpectFinished { } impl State for ExpectFinished { - fn handle(self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let mut st = *self; let finished = require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?; @@ -915,6 +977,10 @@ impl State for ExpectFinished { false => Box::new(st), }) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // -- Traffic transit state (TLS1.3) -- @@ -1010,7 +1076,14 @@ impl ExpectTraffic { } impl State for ExpectTraffic { - fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { match m.payload { MessagePayload::ApplicationData(payload) => cx .common @@ -1057,12 +1130,23 @@ impl State for ExpectTraffic { self.key_schedule .extract_secrets(Side::Client) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectQuicTraffic(ExpectTraffic); impl State for ExpectQuicTraffic { - fn handle(mut self: Box, cx: &mut ClientContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let nst = require_handshake_msg!( m, HandshakeType::NewSessionTicket, @@ -1082,4 +1166,8 @@ impl State for ExpectQuicTraffic { self.0 .export_keying_material(output, label, context) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index c862354118..df3e0cbe23 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -169,7 +169,7 @@ impl CommonState { }; match state.handle(&mut cx, msg) { Ok(next) => { - state = next; + state = next.into_owned(); Ok(state) } Err(e @ Error::InappropriateMessage { .. }) @@ -710,11 +710,13 @@ impl IoState { } pub(crate) trait State: Send + Sync { - fn handle( + fn handle<'m>( self: Box, cx: &mut Context<'_, Data>, - message: Message, - ) -> Result>, Error>; + message: Message<'m>, + ) -> Result + 'm>, Error> + where + Self: 'm; fn export_keying_material( &self, @@ -730,6 +732,8 @@ pub(crate) trait State: Send + Sync { } fn handle_decrypt_error(&self) {} + + fn into_owned(self: Box) -> Box + 'static>; } pub(crate) struct Context<'a, Data> { diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index bdc581ce35..5622c05963 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -31,8 +31,8 @@ use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; -pub(super) type NextState = Box>; -pub(super) type NextStateOrError = Result; +pub(super) type NextState<'a> = Box + 'a>; +pub(super) type NextStateOrError<'a> = Result, Error>; pub(super) type ServerContext<'a> = crate::common_state::Context<'a, ServerConnectionData>; pub(super) fn can_resume( @@ -243,7 +243,7 @@ impl ExpectClientHello { client_hello: &ClientHelloPayload, m: &Message, cx: &mut ServerContext<'_>, - ) -> NextStateOrError { + ) -> NextStateOrError<'static> { let tls13_enabled = self .config .supports_version(ProtocolVersion::TLSv1_3); @@ -426,10 +426,21 @@ impl ExpectClientHello { } impl State for ExpectClientHello { - fn handle(self: Box, cx: &mut ServerContext<'_>, m: Message) -> NextStateOrError { + fn handle<'m>( + self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> NextStateOrError<'m> + where + Self: 'm, + { let (client_hello, sig_schemes) = process_client_hello(&m, self.done_retry, cx)?; self.with_certified_key(sig_schemes, client_hello, &m, cx) } + + fn into_owned(self: Box) -> NextState<'static> { + self + } } /// Configuration-independent validation of a `ClientHello` message. diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 6306caab55..029911cd5e 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -785,13 +785,20 @@ impl Accepted { struct Accepting; impl State for Accepting { - fn handle( + fn handle<'m>( self: Box, _cx: &mut hs::ServerContext<'_>, - _m: Message, - ) -> Result>, Error> { + _m: Message<'m>, + ) -> Result + 'm>, Error> + where + Self: 'm, + { Err(Error::General("unreachable state".into())) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } pub(super) enum EarlyDataState { diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index f4954aefdf..62da9024ba 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -75,7 +75,7 @@ mod client_hello { client_hello: &ClientHelloPayload, sigschemes_ext: Vec, tls13_enabled: bool, - ) -> hs::NextStateOrError { + ) -> hs::NextStateOrError<'static> { // -- TLS1.2 only from hereon in -- self.transcript.add_message(chm); @@ -276,7 +276,7 @@ mod client_hello { client_hello: &ClientHelloPayload, id: &SessionId, resumedata: persist::ServerSessionValue, - ) -> hs::NextStateOrError { + ) -> hs::NextStateOrError<'static> { debug!("Resuming connection"); if resumedata.extended_ms && !self.using_ems { @@ -522,7 +522,14 @@ struct ExpectCertificate { } impl State for ExpectCertificate { - fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { self.transcript.add_message(&m); let cert_chain = require_handshake_msg_move!( m, @@ -575,6 +582,10 @@ impl State for ExpectCertificate { send_ticket: self.send_ticket, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // --- Process client's KeyExchange --- @@ -591,7 +602,14 @@ struct ExpectClientKx { } impl State for ExpectClientKx { - fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let client_kx = require_handshake_msg!( m, HandshakeType::ClientKeyExchange, @@ -644,6 +662,10 @@ impl State for ExpectClientKx { })) } } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // --- Process client's certificate proof --- @@ -658,7 +680,14 @@ struct ExpectCertificateVerify { } impl State for ExpectCertificateVerify { - fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let rc = { let sig = require_handshake_msg!( m, @@ -707,6 +736,10 @@ impl State for ExpectCertificateVerify { send_ticket: self.send_ticket, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // --- Process client's ChangeCipherSpec --- @@ -721,7 +754,14 @@ struct ExpectCcs { } impl State for ExpectCcs { - fn handle(self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { match m.payload { MessagePayload::ChangeCipherSpec(..) => {} payload => { @@ -749,6 +789,10 @@ impl State for ExpectCcs { send_ticket: self.send_ticket, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // --- Process client's Finished --- @@ -853,7 +897,14 @@ struct ExpectFinished { } impl State for ExpectFinished { - fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let finished = require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?; @@ -918,6 +969,10 @@ impl State for ExpectFinished { _fin_verified, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // --- Process traffic --- @@ -929,7 +984,14 @@ struct ExpectTraffic { impl ExpectTraffic {} impl State for ExpectTraffic { - fn handle(self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { match m.payload { MessagePayload::ApplicationData(payload) => cx .common @@ -959,4 +1021,8 @@ impl State for ExpectTraffic { self.secrets .extract_secrets(Side::Server) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 4c65afb3cc..7d0a36a368 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -150,7 +150,7 @@ mod client_hello { chm: &Message, client_hello: &ClientHelloPayload, mut sigschemes_ext: Vec, - ) -> hs::NextStateOrError { + ) -> hs::NextStateOrError<'static> { if client_hello.compression_methods.len() != 1 { return Err(cx.common.send_fatal_alert( AlertDescription::IllegalParameter, @@ -850,7 +850,14 @@ struct ExpectAndSkipRejectedEarlyData { } impl State for ExpectAndSkipRejectedEarlyData { - fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { /* "The server then ignores early data by skipping all records with an external * content type of "application_data" (indicating that they are encrypted), * up to the configured max_early_data_size." @@ -864,6 +871,10 @@ impl State for ExpectAndSkipRejectedEarlyData { self.next.handle(cx, m) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectCertificate { @@ -875,7 +886,14 @@ struct ExpectCertificate { } impl State for ExpectCertificate { - fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { self.transcript.add_message(&m); let certp = require_handshake_msg_move!( m, @@ -935,6 +953,10 @@ impl State for ExpectCertificate { send_tickets: self.send_tickets, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectCertificateVerify { @@ -947,7 +969,14 @@ struct ExpectCertificateVerify { } impl State for ExpectCertificateVerify { - fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let rc = { let sig = require_handshake_msg!( m, @@ -982,6 +1011,10 @@ impl State for ExpectCertificateVerify { send_tickets: self.send_tickets, })) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // --- Process (any number of) early ApplicationData messages, @@ -996,7 +1029,14 @@ struct ExpectEarlyData { } impl State for ExpectEarlyData { - fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { match m.payload { MessagePayload::ApplicationData(payload) => { match cx @@ -1037,6 +1077,10 @@ impl State for ExpectEarlyData { )), } } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // --- Process client's Finished --- @@ -1149,7 +1193,14 @@ impl ExpectFinished { } impl State for ExpectFinished { - fn handle(mut self: Box, cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { let finished = require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?; @@ -1199,6 +1250,10 @@ impl State for ExpectFinished { }), }) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } // --- Process traffic --- @@ -1235,7 +1290,14 @@ impl ExpectTraffic { } impl State for ExpectTraffic { - fn handle(mut self: Box, cx: &mut ServerContext, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + mut self: Box, + cx: &mut ServerContext, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { match m.payload { MessagePayload::ApplicationData(payload) => cx .common @@ -1274,6 +1336,10 @@ impl State for ExpectTraffic { self.key_schedule .extract_secrets(Side::Server) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } struct ExpectQuicTraffic { @@ -1282,7 +1348,14 @@ struct ExpectQuicTraffic { } impl State for ExpectQuicTraffic { - fn handle(self: Box, _cx: &mut ServerContext<'_>, m: Message) -> hs::NextStateOrError { + fn handle<'m>( + self: Box, + _cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { // reject all messages Err(inappropriate_message(&m.payload, &[])) } @@ -1296,4 +1369,8 @@ impl State for ExpectQuicTraffic { self.key_schedule .export_keying_material(output, label, context) } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } } From a27c713b377526a26f201893ebfbd3284a8dc07b Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Fri, 8 Dec 2023 15:09:52 -0500 Subject: [PATCH 0664/1145] make HandshakePayload decoding partially non-allocating Co-authored-by: Jorge Aparicio --- rustls/src/msgs/handshake.rs | 68 +++++++++++++++++++++++-------- rustls/src/msgs/handshake_test.rs | 4 +- rustls/src/msgs/message.rs | 6 +-- 3 files changed, 56 insertions(+), 22 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 30ba70035f..7049999a7d 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2063,7 +2063,7 @@ impl CertificateStatus { } #[derive(Debug)] -pub enum HandshakePayload { +pub enum HandshakePayload<'a> { HelloRequest, ClientHello(ClientHelloPayload), ServerHello(ServerHelloPayload), @@ -2076,18 +2076,18 @@ pub enum HandshakePayload { CertificateVerify(DigitallySignedStruct), ServerHelloDone, EndOfEarlyData, - ClientKeyExchange(Payload<'static>), + ClientKeyExchange(Payload<'a>), NewSessionTicket(NewSessionTicketPayload), NewSessionTicketTls13(NewSessionTicketPayloadTls13), EncryptedExtensions(Vec), KeyUpdate(KeyUpdateRequest), - Finished(Payload<'static>), + Finished(Payload<'a>), CertificateStatus(CertificateStatus), - MessageHash(Payload<'static>), - Unknown(Payload<'static>), + MessageHash(Payload<'a>), + Unknown(Payload<'a>), } -impl HandshakePayload { +impl HandshakePayload<'_> { fn encode(&self, bytes: &mut Vec) { use self::HandshakePayload::*; match *self { @@ -2112,15 +2112,43 @@ impl HandshakePayload { Unknown(ref x) => x.encode(bytes), } } + + fn into_owned(self) -> HandshakePayload<'static> { + use HandshakePayload::*; + + match self { + HelloRequest => HelloRequest, + ClientHello(x) => ClientHello(x), + ServerHello(x) => ServerHello(x), + HelloRetryRequest(x) => HelloRetryRequest(x), + Certificate(x) => Certificate(x), + CertificateTls13(x) => CertificateTls13(x), + ServerKeyExchange(x) => ServerKeyExchange(x), + CertificateRequest(x) => CertificateRequest(x), + CertificateRequestTls13(x) => CertificateRequestTls13(x), + CertificateVerify(x) => CertificateVerify(x), + ServerHelloDone => ServerHelloDone, + EndOfEarlyData => EndOfEarlyData, + ClientKeyExchange(x) => ClientKeyExchange(x.into_owned()), + NewSessionTicket(x) => NewSessionTicket(x), + NewSessionTicketTls13(x) => NewSessionTicketTls13(x), + EncryptedExtensions(x) => EncryptedExtensions(x), + KeyUpdate(x) => KeyUpdate(x), + Finished(x) => Finished(x.into_owned()), + CertificateStatus(x) => CertificateStatus(x), + MessageHash(x) => MessageHash(x.into_owned()), + Unknown(x) => Unknown(x.into_owned()), + } + } } #[derive(Debug)] -pub struct HandshakeMessagePayload { +pub struct HandshakeMessagePayload<'a> { pub typ: HandshakeType, - pub payload: HandshakePayload, + pub payload: HandshakePayload<'a>, } -impl Codec<'_> for HandshakeMessagePayload { +impl<'a> Codec<'a> for HandshakeMessagePayload<'a> { fn encode(&self, bytes: &mut Vec) { // output type, length, and encoded payload match self.typ { @@ -2133,14 +2161,14 @@ impl Codec<'_> for HandshakeMessagePayload { self.payload.encode(nested.buf); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'a>) -> Result { Self::read_version(r, ProtocolVersion::TLSv1_2) } } -impl HandshakeMessagePayload { +impl<'a> HandshakeMessagePayload<'a> { pub(crate) fn read_version( - r: &mut Reader, + r: &mut Reader<'a>, vers: ProtocolVersion, ) -> Result { let mut typ = HandshakeType::read(r)?; @@ -2184,7 +2212,7 @@ impl HandshakeMessagePayload { HandshakePayload::ServerHelloDone } HandshakeType::ClientKeyExchange => { - HandshakePayload::ClientKeyExchange(Payload::read(&mut sub).into_owned()) + HandshakePayload::ClientKeyExchange(Payload::read(&mut sub)) } HandshakeType::CertificateRequest if vers == ProtocolVersion::TLSv1_3 => { let p = CertificateRequestPayloadTls13::read(&mut sub)?; @@ -2215,9 +2243,7 @@ impl HandshakeMessagePayload { sub.expect_empty("EndOfEarlyData")?; HandshakePayload::EndOfEarlyData } - HandshakeType::Finished => { - HandshakePayload::Finished(Payload::read(&mut sub).into_owned()) - } + HandshakeType::Finished => HandshakePayload::Finished(Payload::read(&mut sub)), HandshakeType::CertificateStatus => { HandshakePayload::CertificateStatus(CertificateStatus::read(&mut sub)?) } @@ -2229,7 +2255,7 @@ impl HandshakeMessagePayload { // not legal on wire return Err(InvalidMessage::UnexpectedMessage("HelloRetryRequest")); } - _ => HandshakePayload::Unknown(Payload::read(&mut sub).into_owned()), + _ => HandshakePayload::Unknown(Payload::read(&mut sub)), }; sub.expect_empty("HandshakeMessagePayload") @@ -2271,6 +2297,14 @@ impl HandshakeMessagePayload { payload: HandshakePayload::MessageHash(Payload::new(hash.to_vec())), } } + + pub(crate) fn into_owned(self) -> HandshakeMessagePayload<'static> { + let Self { typ, payload } = self; + HandshakeMessagePayload { + typ, + payload: payload.into_owned(), + } + } } #[derive(Clone, Copy, Debug, Default, Eq, PartialEq)] diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 05ec9e1256..f2f2ed3190 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -877,7 +877,7 @@ fn get_sample_certificatestatus() -> CertificateStatus { } } -fn get_all_tls12_handshake_payloads() -> Vec { +fn get_all_tls12_handshake_payloads() -> Vec> { vec![ HandshakeMessagePayload { typ: HandshakeType::HelloRequest, @@ -1007,7 +1007,7 @@ fn can_detect_truncation_of_all_tls12_handshake_payloads() { } } -fn get_all_tls13_handshake_payloads() -> Vec { +fn get_all_tls13_handshake_payloads() -> Vec> { vec![ HandshakeMessagePayload { typ: HandshakeType::HelloRequest, diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index be004c3eda..bc4946ac29 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -19,7 +19,7 @@ use super::codec::ReaderMut; pub enum MessagePayload<'a> { Alert(AlertMessagePayload), Handshake { - parsed: HandshakeMessagePayload, + parsed: HandshakeMessagePayload<'a>, encoded: Payload<'a>, }, ChangeCipherSpec(ChangeCipherSpecPayload), @@ -36,7 +36,7 @@ impl<'a> MessagePayload<'a> { } } - pub fn handshake(parsed: HandshakeMessagePayload) -> Self { + pub fn handshake(parsed: HandshakeMessagePayload<'a>) -> Self { Self::Handshake { encoded: Payload::new(parsed.get_encoding()), parsed, @@ -79,7 +79,7 @@ impl<'a> MessagePayload<'a> { match self { Alert(x) => Alert(x), Handshake { parsed, encoded } => Handshake { - parsed, + parsed: parsed.into_owned(), encoded: encoded.into_owned(), }, ChangeCipherSpec(x) => ChangeCipherSpec(x), From 49d5d4c97661553d29a117f0bc6754855045264a Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Fri, 8 Dec 2023 15:26:51 -0500 Subject: [PATCH 0665/1145] decode CertificateChain without allocating Co-authored-by: Jorge Aparicio --- rustls/src/client/common.rs | 19 ++++-- rustls/src/client/handy.rs | 2 +- rustls/src/client/tls12.rs | 129 +++++++++++++++++++++++++++-------- rustls/src/client/tls13.rs | 19 ++++-- rustls/src/common_state.rs | 2 +- rustls/src/msgs/base.rs | 6 +- rustls/src/msgs/handshake.rs | 31 ++++++--- rustls/src/msgs/persist.rs | 16 ++--- rustls/src/server/handy.rs | 7 +- rustls/src/server/tls12.rs | 38 ++++++++--- rustls/src/server/tls13.rs | 2 +- 11 files changed, 200 insertions(+), 71 deletions(-) diff --git a/rustls/src/client/common.rs b/rustls/src/client/common.rs index 7c49e42393..cbad1f5cf4 100644 --- a/rustls/src/client/common.rs +++ b/rustls/src/client/common.rs @@ -11,18 +11,29 @@ use alloc::sync::Arc; use alloc::vec::Vec; #[derive(Debug)] -pub(super) struct ServerCertDetails { - pub(super) cert_chain: CertificateChain, +pub(super) struct ServerCertDetails<'a> { + pub(super) cert_chain: CertificateChain<'a>, pub(super) ocsp_response: Vec, } -impl ServerCertDetails { - pub(super) fn new(cert_chain: CertificateChain, ocsp_response: Vec) -> Self { +impl<'a> ServerCertDetails<'a> { + pub(super) fn new(cert_chain: CertificateChain<'a>, ocsp_response: Vec) -> Self { Self { cert_chain, ocsp_response, } } + + pub(super) fn into_owned(self) -> ServerCertDetails<'static> { + let Self { + cert_chain, + ocsp_response, + } = self; + ServerCertDetails { + cert_chain: cert_chain.into_owned(), + ocsp_response, + } + } } pub(super) struct ClientHelloDetails { diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index d2b8762804..40d0403974 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -195,7 +195,7 @@ pub(super) struct AlwaysResolvesClientCert(Arc); impl AlwaysResolvesClientCert { pub(super) fn new( private_key: Arc, - chain: CertificateChain, + chain: CertificateChain<'static>, ) -> Result { Ok(Self(Arc::new(sign::CertifiedKey::new( chain.0, diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 2e769d6f8e..0a15d409d5 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -129,7 +129,12 @@ mod server_hello { // Since we're resuming, we verified the certificate and // proof of possession in the prior session. - cx.common.peer_certificates = Some(resuming.server_cert_chain().clone()); + cx.common.peer_certificates = Some( + resuming + .server_cert_chain() + .clone() + .into_owned(), + ); let cert_verified = verify::ServerCertVerified::assertion(); let sig_verified = verify::HandshakeSignatureValid::assertion(); @@ -245,7 +250,7 @@ impl State for ExpectCertificate { } } -struct ExpectCertificateStatusOrServerKx { +struct ExpectCertificateStatusOrServerKx<'m> { config: Arc, resuming_session: Option, session_id: SessionId, @@ -254,11 +259,11 @@ struct ExpectCertificateStatusOrServerKx { using_ems: bool, transcript: HandshakeHash, suite: &'static Tls12CipherSuite, - server_cert_chain: CertificateChain, + server_cert_chain: CertificateChain<'m>, must_issue_new_ticket: bool, } -impl State for ExpectCertificateStatusOrServerKx { +impl State for ExpectCertificateStatusOrServerKx<'_> { fn handle<'m>( self: Box, cx: &mut ClientContext<'_>, @@ -320,11 +325,22 @@ impl State for ExpectCertificateStatusOrServerKx { } fn into_owned(self: Box) -> hs::NextState<'static> { - self + Box::new(ExpectCertificateStatusOrServerKx { + config: self.config, + resuming_session: self.resuming_session, + session_id: self.session_id, + server_name: self.server_name, + randoms: self.randoms, + using_ems: self.using_ems, + transcript: self.transcript, + suite: self.suite, + server_cert_chain: self.server_cert_chain.into_owned(), + must_issue_new_ticket: self.must_issue_new_ticket, + }) } } -struct ExpectCertificateStatus { +struct ExpectCertificateStatus<'a> { config: Arc, resuming_session: Option, session_id: SessionId, @@ -333,11 +349,11 @@ struct ExpectCertificateStatus { using_ems: bool, transcript: HandshakeHash, suite: &'static Tls12CipherSuite, - server_cert_chain: CertificateChain, + server_cert_chain: CertificateChain<'a>, must_issue_new_ticket: bool, } -impl State for ExpectCertificateStatus { +impl State for ExpectCertificateStatus<'_> { fn handle<'m>( mut self: Box, _cx: &mut ClientContext<'_>, @@ -376,11 +392,22 @@ impl State for ExpectCertificateStatus { } fn into_owned(self: Box) -> hs::NextState<'static> { - self + Box::new(ExpectCertificateStatus { + config: self.config, + resuming_session: self.resuming_session, + session_id: self.session_id, + server_name: self.server_name, + randoms: self.randoms, + using_ems: self.using_ems, + transcript: self.transcript, + suite: self.suite, + server_cert_chain: self.server_cert_chain.into_owned(), + must_issue_new_ticket: self.must_issue_new_ticket, + }) } } -struct ExpectServerKx { +struct ExpectServerKx<'a> { config: Arc, resuming_session: Option, session_id: SessionId, @@ -389,11 +416,11 @@ struct ExpectServerKx { using_ems: bool, transcript: HandshakeHash, suite: &'static Tls12CipherSuite, - server_cert: ServerCertDetails, + server_cert: ServerCertDetails<'a>, must_issue_new_ticket: bool, } -impl State for ExpectServerKx { +impl State for ExpectServerKx<'_> { fn handle<'m>( mut self: Box, cx: &mut ClientContext<'_>, @@ -444,13 +471,24 @@ impl State for ExpectServerKx { } fn into_owned(self: Box) -> hs::NextState<'static> { - self + Box::new(ExpectServerKx { + config: self.config, + resuming_session: self.resuming_session, + session_id: self.session_id, + server_name: self.server_name, + randoms: self.randoms, + using_ems: self.using_ems, + transcript: self.transcript, + suite: self.suite, + server_cert: self.server_cert.into_owned(), + must_issue_new_ticket: self.must_issue_new_ticket, + }) } } fn emit_certificate( transcript: &mut HandshakeHash, - cert_chain: CertificateChain, + cert_chain: CertificateChain<'static>, common: &mut CommonState, ) { let cert = Message { @@ -556,7 +594,7 @@ impl ServerKxDetails { // --- Either a CertificateRequest, or a ServerHelloDone. --- // Existence of the CertificateRequest tells us the server is asking for // client auth. Otherwise we go straight to ServerHelloDone. -struct ExpectServerDoneOrCertReq { +struct ExpectServerDoneOrCertReq<'a> { config: Arc, resuming_session: Option, session_id: SessionId, @@ -565,12 +603,12 @@ struct ExpectServerDoneOrCertReq { using_ems: bool, transcript: HandshakeHash, suite: &'static Tls12CipherSuite, - server_cert: ServerCertDetails, + server_cert: ServerCertDetails<'a>, server_kx: ServerKxDetails, must_issue_new_ticket: bool, } -impl State for ExpectServerDoneOrCertReq { +impl State for ExpectServerDoneOrCertReq<'_> { fn handle<'m>( mut self: Box, cx: &mut ClientContext<'_>, @@ -625,11 +663,23 @@ impl State for ExpectServerDoneOrCertReq { } fn into_owned(self: Box) -> hs::NextState<'static> { - self + Box::new(ExpectServerDoneOrCertReq { + config: self.config, + resuming_session: self.resuming_session, + session_id: self.session_id, + server_name: self.server_name, + randoms: self.randoms, + using_ems: self.using_ems, + transcript: self.transcript, + suite: self.suite, + server_cert: self.server_cert.into_owned(), + server_kx: self.server_kx, + must_issue_new_ticket: self.must_issue_new_ticket, + }) } } -struct ExpectCertificateRequest { +struct ExpectCertificateRequest<'a> { config: Arc, resuming_session: Option, session_id: SessionId, @@ -638,12 +688,12 @@ struct ExpectCertificateRequest { using_ems: bool, transcript: HandshakeHash, suite: &'static Tls12CipherSuite, - server_cert: ServerCertDetails, + server_cert: ServerCertDetails<'a>, server_kx: ServerKxDetails, must_issue_new_ticket: bool, } -impl State for ExpectCertificateRequest { +impl State for ExpectCertificateRequest<'_> { fn handle<'m>( mut self: Box, _cx: &mut ClientContext<'_>, @@ -693,11 +743,23 @@ impl State for ExpectCertificateRequest { } fn into_owned(self: Box) -> hs::NextState<'static> { - self + Box::new(ExpectCertificateRequest { + config: self.config, + resuming_session: self.resuming_session, + session_id: self.session_id, + server_name: self.server_name, + randoms: self.randoms, + using_ems: self.using_ems, + transcript: self.transcript, + suite: self.suite, + server_cert: self.server_cert.into_owned(), + server_kx: self.server_kx, + must_issue_new_ticket: self.must_issue_new_ticket, + }) } } -struct ExpectServerDone { +struct ExpectServerDone<'a> { config: Arc, resuming_session: Option, session_id: SessionId, @@ -706,13 +768,13 @@ struct ExpectServerDone { using_ems: bool, transcript: HandshakeHash, suite: &'static Tls12CipherSuite, - server_cert: ServerCertDetails, + server_cert: ServerCertDetails<'a>, server_kx: ServerKxDetails, client_auth: Option, must_issue_new_ticket: bool, } -impl State for ExpectServerDone { +impl State for ExpectServerDone<'_> { fn handle<'m>( self: Box, cx: &mut ClientContext<'_>, @@ -811,7 +873,7 @@ impl State for ExpectServerDone { .send_cert_verify_error_alert(err) })? }; - cx.common.peer_certificates = Some(st.server_cert.cert_chain); + cx.common.peer_certificates = Some(st.server_cert.cert_chain.into_owned()); // 4. if let Some(client_auth) = &st.client_auth { @@ -906,7 +968,20 @@ impl State for ExpectServerDone { } fn into_owned(self: Box) -> hs::NextState<'static> { - self + Box::new(ExpectServerDone { + config: self.config, + resuming_session: self.resuming_session, + session_id: self.session_id, + server_name: self.server_name, + randoms: self.randoms, + using_ems: self.using_ems, + transcript: self.transcript, + suite: self.suite, + server_cert: self.server_cert.into_owned(), + server_kx: self.server_kx, + client_auth: self.client_auth, + must_issue_new_ticket: self.must_issue_new_ticket, + }) } } diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 0d597b7eaa..573608ffa6 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -682,18 +682,18 @@ impl State for ExpectCertificate { } // --- TLS1.3 CertificateVerify --- -struct ExpectCertificateVerify { +struct ExpectCertificateVerify<'a> { config: Arc, server_name: ServerName<'static>, randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, transcript: HandshakeHash, key_schedule: KeyScheduleHandshake, - server_cert: ServerCertDetails, + server_cert: ServerCertDetails<'a>, client_auth: Option, } -impl State for ExpectCertificateVerify { +impl State for ExpectCertificateVerify<'_> { fn handle<'m>( mut self: Box, cx: &mut ClientContext<'_>, @@ -746,7 +746,7 @@ impl State for ExpectCertificateVerify { .send_cert_verify_error_alert(err) })?; - cx.common.peer_certificates = Some(self.server_cert.cert_chain); + cx.common.peer_certificates = Some(self.server_cert.cert_chain.into_owned()); self.transcript.add_message(&m); Ok(Box::new(ExpectFinished { @@ -763,7 +763,16 @@ impl State for ExpectCertificateVerify { } fn into_owned(self: Box) -> hs::NextState<'static> { - self + Box::new(ExpectCertificateVerify { + config: self.config, + server_name: self.server_name, + randoms: self.randoms, + suite: self.suite, + transcript: self.transcript, + key_schedule: self.key_schedule, + server_cert: self.server_cert.into_owned(), + client_auth: self.client_auth, + }) } } diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index df3e0cbe23..ea5f979f15 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -39,7 +39,7 @@ pub struct CommonState { pub(crate) has_received_close_notify: bool, pub(crate) has_seen_eof: bool, pub(crate) received_middlebox_ccs: u8, - pub(crate) peer_certificates: Option, + pub(crate) peer_certificates: Option>, message_fragmenter: MessageFragmenter, pub(crate) received_plaintext: ChunkVecBuffer, pub(crate) sendable_tls: ChunkVecBuffer, diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index a94bbf9491..4104b3f823 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -115,16 +115,16 @@ impl<'a> BorrowedPayload<'a> { } } -impl<'a> Codec<'_> for CertificateDer<'a> { +impl<'a> Codec<'a> for CertificateDer<'a> { fn encode(&self, bytes: &mut Vec) { codec::u24(self.as_ref().len() as u32).encode(bytes); bytes.extend(self.as_ref()); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'a>) -> Result { let len = codec::u24::read(r)?.0 as usize; let mut sub = r.sub(len)?; - let body = sub.rest().to_vec(); + let body = sub.rest(); Ok(Self::from(body)) } } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 7049999a7d..9dfa2a45ee 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1255,22 +1255,33 @@ impl ServerHelloPayload { } #[derive(Clone, Default, Debug)] -pub struct CertificateChain(pub Vec>); +pub struct CertificateChain<'a>(pub Vec>); -impl Codec<'_> for CertificateChain { +impl CertificateChain<'_> { + pub(crate) fn into_owned(self) -> CertificateChain<'static> { + CertificateChain( + self.0 + .into_iter() + .map(|c| c.into_owned()) + .collect(), + ) + } +} + +impl<'a> Codec<'a> for CertificateChain<'a> { fn encode(&self, bytes: &mut Vec) { Vec::encode(&self.0, bytes) } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'a>) -> Result { Vec::read(r).map(Self) } } -impl Deref for CertificateChain { - type Target = [CertificateDer<'static>]; +impl<'a> Deref for CertificateChain<'a> { + type Target = [CertificateDer<'a>]; - fn deref(&self) -> &[CertificateDer<'static>] { + fn deref(&self) -> &[CertificateDer<'a>] { &self.0 } } @@ -1352,7 +1363,7 @@ impl Codec<'_> for CertificateEntry { fn read(r: &mut Reader) -> Result { Ok(Self { - cert: CertificateDer::read(r)?, + cert: CertificateDer::read(r)?.into_owned(), exts: Vec::read(r)?, }) } @@ -1465,7 +1476,7 @@ impl CertificatePayloadTls13 { .unwrap_or_default() } - pub(crate) fn convert(self) -> CertificateChain { + pub(crate) fn convert(self) -> CertificateChain<'static> { CertificateChain( self.entries .into_iter() @@ -2068,7 +2079,7 @@ pub enum HandshakePayload<'a> { ClientHello(ClientHelloPayload), ServerHello(ServerHelloPayload), HelloRetryRequest(HelloRetryRequest), - Certificate(CertificateChain), + Certificate(CertificateChain<'a>), CertificateTls13(CertificatePayloadTls13), ServerKeyExchange(ServerKeyExchangePayload), CertificateRequest(CertificateRequestPayload), @@ -2121,7 +2132,7 @@ impl HandshakePayload<'_> { ClientHello(x) => ClientHello(x), ServerHello(x) => ServerHello(x), HelloRetryRequest(x) => HelloRetryRequest(x), - Certificate(x) => Certificate(x), + Certificate(x) => Certificate(x.into_owned()), CertificateTls13(x) => CertificateTls13(x), ServerKeyExchange(x) => ServerKeyExchange(x), CertificateRequest(x) => CertificateRequest(x), diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index 49e9a2e4d7..2a9e6b555f 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -82,7 +82,7 @@ impl Tls13ClientSessionValue { suite: &'static Tls13CipherSuite, ticket: Vec, secret: &[u8], - server_cert_chain: CertificateChain, + server_cert_chain: CertificateChain<'static>, time_now: UnixTime, lifetime_secs: u32, age_add: u32, @@ -154,7 +154,7 @@ impl Tls12ClientSessionValue { session_id: SessionId, ticket: Vec, master_secret: &[u8], - server_cert_chain: CertificateChain, + server_cert_chain: CertificateChain<'static>, time_now: UnixTime, lifetime_secs: u32, extended_ms: bool, @@ -207,7 +207,7 @@ pub struct ClientSessionCommon { secret: Zeroizing, epoch: u64, lifetime_secs: u32, - server_cert_chain: CertificateChain, + server_cert_chain: CertificateChain<'static>, } impl ClientSessionCommon { @@ -216,7 +216,7 @@ impl ClientSessionCommon { secret: &[u8], time_now: UnixTime, lifetime_secs: u32, - server_cert_chain: CertificateChain, + server_cert_chain: CertificateChain<'static>, ) -> Self { Self { ticket: PayloadU16(ticket), @@ -227,7 +227,7 @@ impl ClientSessionCommon { } } - pub(crate) fn server_cert_chain(&self) -> &CertificateChain { + pub(crate) fn server_cert_chain(&self) -> &CertificateChain<'static> { &self.server_cert_chain } @@ -256,7 +256,7 @@ pub struct ServerSessionValue { pub(crate) cipher_suite: CipherSuite, pub(crate) master_secret: Zeroizing, pub(crate) extended_ms: bool, - pub(crate) client_cert_chain: Option, + pub(crate) client_cert_chain: Option>, pub(crate) alpn: Option, pub(crate) application_data: PayloadU16, pub creation_time_sec: u64, @@ -315,7 +315,7 @@ impl Codec<'_> for ServerSessionValue { let ems = u8::read(r)?; let has_ccert = u8::read(r)? == 1; let ccert = if has_ccert { - Some(CertificateChain::read(r)?) + Some(CertificateChain::read(r)?.into_owned()) } else { None }; @@ -351,7 +351,7 @@ impl ServerSessionValue { v: ProtocolVersion, cs: CipherSuite, ms: &[u8], - client_cert_chain: Option, + client_cert_chain: Option>, alpn: Option>, application_data: Vec, creation_time: UnixTime, diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 083f748516..68a9a47682 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -110,7 +110,10 @@ pub(super) struct AlwaysResolvesChain(Arc); impl AlwaysResolvesChain { /// Creates an `AlwaysResolvesChain`, using the supplied key and certificate chain. - pub(super) fn new(private_key: Arc, chain: CertificateChain) -> Self { + pub(super) fn new( + private_key: Arc, + chain: CertificateChain<'static>, + ) -> Self { Self(Arc::new(sign::CertifiedKey::new(chain.0, private_key))) } @@ -119,7 +122,7 @@ impl AlwaysResolvesChain { /// If non-empty, the given OCSP response is attached. pub(super) fn new_with_extras( private_key: Arc, - chain: CertificateChain, + chain: CertificateChain<'static>, ocsp: Vec, ) -> Self { let mut r = Self::new(private_key, chain); diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 62da9024ba..030a5d1cff 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -589,7 +589,7 @@ impl State for ExpectCertificate { } // --- Process client's KeyExchange --- -struct ExpectClientKx { +struct ExpectClientKx<'a> { config: Arc, transcript: HandshakeHash, randoms: ConnectionRandoms, @@ -597,11 +597,11 @@ struct ExpectClientKx { suite: &'static Tls12CipherSuite, using_ems: bool, server_kx: Box, - client_cert: Option, + client_cert: Option>, send_ticket: bool, } -impl State for ExpectClientKx { +impl State for ExpectClientKx<'_> { fn handle<'m>( mut self: Box, cx: &mut ServerContext<'_>, @@ -664,22 +664,34 @@ impl State for ExpectClientKx { } fn into_owned(self: Box) -> hs::NextState<'static> { - self + Box::new(ExpectClientKx { + config: self.config, + transcript: self.transcript, + randoms: self.randoms, + session_id: self.session_id, + suite: self.suite, + using_ems: self.using_ems, + server_kx: self.server_kx, + client_cert: self + .client_cert + .map(|cert| cert.into_owned()), + send_ticket: self.send_ticket, + }) } } // --- Process client's certificate proof --- -struct ExpectCertificateVerify { +struct ExpectCertificateVerify<'a> { config: Arc, secrets: ConnectionSecrets, transcript: HandshakeHash, session_id: SessionId, using_ems: bool, - client_cert: CertificateChain, + client_cert: CertificateChain<'a>, send_ticket: bool, } -impl State for ExpectCertificateVerify { +impl State for ExpectCertificateVerify<'_> { fn handle<'m>( mut self: Box, cx: &mut ServerContext<'_>, @@ -723,7 +735,7 @@ impl State for ExpectCertificateVerify { } trace!("client CertificateVerify OK"); - cx.common.peer_certificates = Some(self.client_cert); + cx.common.peer_certificates = Some(self.client_cert.into_owned()); self.transcript.add_message(&m); Ok(Box::new(ExpectCcs { @@ -738,7 +750,15 @@ impl State for ExpectCertificateVerify { } fn into_owned(self: Box) -> hs::NextState<'static> { - self + Box::new(ExpectCertificateVerify { + config: self.config, + secrets: self.secrets, + transcript: self.transcript, + session_id: self.session_id, + using_ems: self.using_ems, + client_cert: self.client_cert.into_owned(), + send_ticket: self.send_ticket, + }) } } diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 7d0a36a368..0c660d1c52 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -964,7 +964,7 @@ struct ExpectCertificateVerify { transcript: HandshakeHash, suite: &'static Tls13CipherSuite, key_schedule: KeyScheduleTrafficWithClientFinishedPending, - client_cert: CertificateChain, + client_cert: CertificateChain<'static>, send_tickets: usize, } From f357aa0a3bc8651929c7141b1d6afc8271ee5c4b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 8 Jan 2024 16:22:33 -0500 Subject: [PATCH 0666/1145] hash_hs: rename get_xxx methods to avoid get_ prefix --- rustls/src/client/tls12.rs | 6 +++--- rustls/src/client/tls13.rs | 19 +++++++++---------- rustls/src/hash_hs.rs | 12 ++++++------ rustls/src/server/tls12.rs | 6 +++--- rustls/src/server/tls13.rs | 18 +++++++++--------- 5 files changed, 30 insertions(+), 31 deletions(-) diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 0a15d409d5..d3a70e9ec8 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -561,7 +561,7 @@ fn emit_finished( transcript: &mut HandshakeHash, common: &mut CommonState, ) { - let vh = transcript.get_current_hash(); + let vh = transcript.current_hash(); let verify_data = secrets.client_verify_data(&vh); let verify_data_payload = Payload::new(verify_data); @@ -904,7 +904,7 @@ impl State for ExpectServerDone<'_> { // Note: EMS handshake hash only runs up to ClientKeyExchange. let ems_seed = st .using_ems - .then(|| transcript.get_current_hash()); + .then(|| transcript.current_hash()); // 5c. if let Some(ClientAuthDetails::Verify { signer, .. }) = &st.client_auth { @@ -1169,7 +1169,7 @@ impl State for ExpectFinished { cx.common.check_aligned_handshake()?; // Work out what verify_data we expect. - let vh = st.transcript.get_current_hash(); + let vh = st.transcript.current_hash(); let expect_verify_data = st.secrets.server_verify_data(&vh); // Constant-time verification of this is relatively unimportant: they only diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 573608ffa6..50c3f07f5b 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -162,7 +162,7 @@ pub(super) fn handle_server_hello( // the two halves will have different record layer protections. Disallow this. cx.common.check_aligned_handshake()?; - let hash_at_client_recvd_server_hello = transcript.get_current_hash(); + let hash_at_client_recvd_server_hello = transcript.current_hash(); let key_schedule = key_schedule.derive_client_handshake_secrets( cx.data.early_data.is_enabled(), hash_at_client_recvd_server_hello, @@ -240,7 +240,7 @@ pub(super) fn fill_in_psk_binder( // The binder is calculated over the clienthello, but doesn't include itself or its // length, or the length of its container. let binder_plaintext = hmp.encoding_for_binder_signing(); - let handshake_hash = transcript.get_hash_given(suite_hash, &binder_plaintext); + let handshake_hash = transcript.hash_given(suite_hash, &binder_plaintext); // Run a fake key_schedule to simulate what the server will do if it chooses // to resume. @@ -305,8 +305,7 @@ pub(super) fn derive_early_traffic_secret( // For middlebox compatibility emit_fake_ccs(sent_tls13_fake_ccs, cx.common); - let client_hello_hash = - transcript_buffer.get_hash_given(resuming_suite.common.hash_provider, &[]); + let client_hello_hash = transcript_buffer.hash_given(resuming_suite.common.hash_provider, &[]); early_key_schedule.client_early_traffic_secret( &client_hello_hash, key_log, @@ -732,7 +731,7 @@ impl State for ExpectCertificateVerify<'_> { })?; // 2. Verify their signature on the handshake. - let handshake_hash = self.transcript.get_current_hash(); + let handshake_hash = self.transcript.current_hash(); let sig_verified = self .config .verifier @@ -813,7 +812,7 @@ fn emit_certverify_tls13( signer: &dyn Signer, common: &mut CommonState, ) -> Result<(), Error> { - let message = construct_client_verify_message(&transcript.get_current_hash()); + let message = construct_client_verify_message(&transcript.current_hash()); let scheme = signer.scheme(); let sig = signer.sign(&message)?; @@ -893,7 +892,7 @@ impl State for ExpectFinished { let finished = require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?; - let handshake_hash = st.transcript.get_current_hash(); + let handshake_hash = st.transcript.current_hash(); let expect_verify_data = st .key_schedule .sign_server_finish(&handshake_hash); @@ -910,7 +909,7 @@ impl State for ExpectFinished { st.transcript.add_message(&m); - let hash_after_handshake = st.transcript.get_current_hash(); + let hash_after_handshake = st.transcript.current_hash(); /* The EndOfEarlyData message to server is still encrypted with early data keys, * but appears in the transcript after the server Finished. */ if cx.common.early_traffic { @@ -950,7 +949,7 @@ impl State for ExpectFinished { .key_schedule .into_pre_finished_client_traffic( hash_after_handshake, - st.transcript.get_current_hash(), + st.transcript.current_hash(), &*st.config.key_log, &st.randoms.client, ); @@ -1019,7 +1018,7 @@ impl ExpectTraffic { )); } - let handshake_hash = self.transcript.get_current_hash(); + let handshake_hash = self.transcript.current_hash(); let secret = self .key_schedule .resumption_master_secret_and_derive_ticket_psk(&handshake_hash, &nst.nonce.0); diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index 56ef04bce8..cab715dd83 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -47,7 +47,7 @@ impl HandshakeHashBuffer { } /// Get the hash value if we were to hash `extra` too. - pub(crate) fn get_hash_given( + pub(crate) fn hash_given( &self, provider: &'static dyn hash::Hash, extra: &[u8], @@ -116,7 +116,7 @@ impl HandshakeHash { /// Get the hash value if we were to hash `extra` too, /// using hash function `hash`. - pub(crate) fn get_hash_given(&self, extra: &[u8]) -> hash::Output { + pub(crate) fn hash_given(&self, extra: &[u8]) -> hash::Output { let mut ctx = self.ctx.fork(); ctx.update(extra); ctx.finish() @@ -148,7 +148,7 @@ impl HandshakeHash { } /// Get the current hash value. - pub(crate) fn get_current_hash(&self) -> hash::Output { + pub(crate) fn current_hash(&self) -> hash::Output { self.ctx.fork_finish() } @@ -179,7 +179,7 @@ mod tests { let mut hh = hhb.start_hash(&SHA256); assert!(hh.client_auth.is_none()); hh.update_raw(b"world"); - let h = hh.get_current_hash(); + let h = hh.current_hash(); let h = h.as_ref(); assert_eq!(h[0], 0x93); assert_eq!(h[1], 0x6a); @@ -208,7 +208,7 @@ mod tests { .map(|buf| buf.len()), Some(10) ); - let h = hh.get_current_hash(); + let h = hh.current_hash(); let h = h.as_ref(); assert_eq!(h[0], 0x93); assert_eq!(h[1], 0x6a); @@ -235,7 +235,7 @@ mod tests { assert_eq!(hh.client_auth, None); hh.update_raw(b"world"); assert_eq!(hh.client_auth, None); - let h = hh.get_current_hash(); + let h = hh.current_hash(); let h = h.as_ref(); assert_eq!(h[0], 0x93); assert_eq!(h[1], 0x6a); diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 030a5d1cff..3570826b56 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -618,7 +618,7 @@ impl State for ExpectClientKx<'_> { self.transcript.add_message(&m); let ems_seed = self .using_ems - .then(|| self.transcript.get_current_hash()); + .then(|| self.transcript.current_hash()); // Complete key agreement, and set up encryption with the // resulting premaster secret. @@ -890,7 +890,7 @@ fn emit_finished( transcript: &mut HandshakeHash, common: &mut CommonState, ) { - let vh = transcript.get_current_hash(); + let vh = transcript.current_hash(); let verify_data = secrets.server_verify_data(&vh); let verify_data_payload = Payload::new(verify_data); @@ -930,7 +930,7 @@ impl State for ExpectFinished { cx.common.check_aligned_handshake()?; - let vh = self.transcript.get_current_hash(); + let vh = self.transcript.current_hash(); let expect_verify_data = self.secrets.client_verify_data(&vh); let _fin_verified = diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 0c660d1c52..35b46d8fba 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -117,7 +117,7 @@ mod client_hello { let handshake_hash = self .transcript - .get_hash_given(&binder_plaintext); + .hash_given(&binder_plaintext); let key_schedule = KeyScheduleEarly::new(suite, psk); let real_binder = @@ -520,7 +520,7 @@ mod client_hello { cx.common.check_aligned_handshake()?; - let client_hello_hash = transcript.get_hash_given(&[]); + let client_hello_hash = transcript.hash_given(&[]); trace!("sending server hello {:?}", sh); transcript.add_message(&sh); @@ -544,7 +544,7 @@ mod client_hello { // Do key exchange let key_schedule = key_schedule_pre_handshake.into_handshake(kx, &share.payload.0)?; - let handshake_hash = transcript.get_current_hash(); + let handshake_hash = transcript.current_hash(); let key_schedule = key_schedule.derive_server_handshake_secrets( handshake_hash, &*config.key_log, @@ -779,7 +779,7 @@ mod client_hello { signing_key: &dyn sign::SigningKey, schemes: &[SignatureScheme], ) -> Result<(), Error> { - let message = construct_server_verify_message(&transcript.get_current_hash()); + let message = construct_server_verify_message(&transcript.current_hash()); let signer = signing_key .choose_scheme(schemes) @@ -816,7 +816,7 @@ mod client_hello { key_schedule: KeyScheduleHandshake, config: &ServerConfig, ) -> KeyScheduleTrafficWithClientFinishedPending { - let handshake_hash = transcript.get_current_hash(); + let handshake_hash = transcript.current_hash(); let verify_data = key_schedule.sign_server_finish(&handshake_hash); let verify_data_payload = Payload::new(verify_data.as_ref()); @@ -830,7 +830,7 @@ mod client_hello { trace!("sending finished {:?}", m); transcript.add_message(&m); - let hash_at_server_fin = transcript.get_current_hash(); + let hash_at_server_fin = transcript.current_hash(); cx.common.send_msg(m, true); // Now move to application data keys. Read key change is deferred until @@ -983,7 +983,7 @@ impl State for ExpectCertificateVerify { HandshakeType::CertificateVerify, HandshakePayload::CertificateVerify )?; - let handshake_hash = self.transcript.get_current_hash(); + let handshake_hash = self.transcript.current_hash(); self.transcript.abandon_client_auth(); let certs = &self.client_cert; let msg = construct_client_verify_message(&handshake_hash); @@ -1095,7 +1095,7 @@ fn get_server_session_value( ) -> persist::ServerSessionValue { let version = ProtocolVersion::TLSv1_3; - let handshake_hash = transcript.get_current_hash(); + let handshake_hash = transcript.current_hash(); let secret = key_schedule.resumption_master_secret_and_derive_ticket_psk(&handshake_hash, nonce); @@ -1204,7 +1204,7 @@ impl State for ExpectFinished { let finished = require_handshake_msg!(m, HandshakeType::Finished, HandshakePayload::Finished)?; - let handshake_hash = self.transcript.get_current_hash(); + let handshake_hash = self.transcript.current_hash(); let (key_schedule_traffic, expect_verify_data) = self .key_schedule .sign_client_finish(&handshake_hash, cx.common); From 25135a06f092c82f71c1c5c52133eabe8c71b16e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 8 Jan 2024 16:24:19 -0500 Subject: [PATCH 0667/1145] hash_hs: derive Clone for HandshakeHash[Buffer] For client ECH support we'll need to be able to fork (e.g. clone) the `HandshakeHashBuffer` and `HandshakeHash` types used to maintain the client transcript. For ECH confirmation we'll fork the existing hash(buffer), add some specially encoded messages, and then use the hash state to derive a shared secret. If the secret matches an expected value we'll use the original `HandshakeHash`/`HandshakeHashBuffer`'s state from before our twiddling to continue the handshake. --- rustls/src/hash_hs.rs | 44 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index cab715dd83..bb7ca239eb 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -13,6 +13,7 @@ use core::mem; /// Before we know the hash algorithm to use to verify the handshake, we just buffer the messages. /// During the handshake, we may restart the transcript due to a HelloRetryRequest, reverting /// from the `HandshakeHash` to a `HandshakeHashBuffer` again. +#[derive(Clone)] pub(crate) struct HandshakeHashBuffer { buffer: Vec, client_auth_enabled: bool, @@ -166,6 +167,16 @@ impl HandshakeHash { } } +impl Clone for HandshakeHash { + fn clone(&self) -> Self { + Self { + provider: self.provider, + ctx: self.ctx.fork(), + client_auth: self.client_auth.clone(), + } + } +} + #[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] mod tests { use super::HandshakeHashBuffer; @@ -242,4 +253,37 @@ mod tests { assert_eq!(h[2], 0x18); assert_eq!(h[3], 0x5c); } + + #[test] + fn clones_correctly() { + let mut hhb = HandshakeHashBuffer::new(); + hhb.set_client_auth_enabled(); + hhb.update_raw(b"hello"); + assert_eq!(hhb.buffer.len(), 5); + + // Cloning the HHB should result in the same buffer and client auth state. + let mut hhb_prime = hhb.clone(); + assert_eq!(hhb_prime.buffer, hhb.buffer); + assert!(hhb_prime.client_auth_enabled); + + // Updating the HHB clone shouldn't affect the original. + hhb_prime.update_raw(b"world"); + assert_eq!(hhb_prime.buffer.len(), 10); + assert_ne!(hhb.buffer, hhb_prime.buffer); + + let hh = hhb.start_hash(&SHA256); + let hh_hash = hh.current_hash(); + let hh_hash = hh_hash.as_ref(); + + // Cloning the HH should result in the same current hash. + let mut hh_prime = hh.clone(); + let hh_prime_hash = hh_prime.current_hash(); + let hh_prime_hash = hh_prime_hash.as_ref(); + assert_eq!(hh_hash, hh_prime_hash); + + // Updating the HH clone shouldn't affect the original. + hh_prime.update_raw(b"goodbye"); + assert_eq!(hh.current_hash().as_ref(), hh_hash); + assert_ne!(hh_prime.current_hash().as_ref(), hh_hash); + } } From 235008b8d5db03071c33b08de75cd804ff3b0788 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 10 Jan 2024 10:25:51 +0000 Subject: [PATCH 0668/1145] Take newer bogo version - implement -shim-id option - ignore -ipv6 option - track name change on ALPS test --- bogo/config.json.in | 2 +- bogo/fetch-and-build | 2 +- rustls/examples/internal/bogo_shim_impl.rs | 9 +++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/bogo/config.json.in b/bogo/config.json.in index 104de70d2b..40eb77078f 100644 --- a/bogo/config.json.in +++ b/bogo/config.json.in @@ -34,7 +34,7 @@ "TLS-ECH-*": "", "ALPS-*": "", "*Kyber*": "", - "ExtraClientEncryptedExtension-TLS-TLS13": "uses ALPS", + "ExtraClientEncryptedExtension-*": "we don't implement ALPS", "SendHelloRetryRequest-2-TLS13": "we accept any supported keyshare", "OmitExtensions-ServerHello-TLS12": "bug in bogo if sct offered", "EmptyExtensions-ServerHello-TLS12": "", diff --git a/bogo/fetch-and-build b/bogo/fetch-and-build index 82c14c92b3..0b06cd39ee 100755 --- a/bogo/fetch-and-build +++ b/bogo/fetch-and-build @@ -15,7 +15,7 @@ util/testresult EOF # fix on a tested point of rustls-testing branch -COMMIT=b81c2d26009b6cc5159b7a9cbdddfa4ae79defea +COMMIT=586adb914834a953d48fcc7a5d22aeed9d7f53c8 git fetch --depth=1 https://github.com/rustls/boringssl.git $COMMIT git checkout $COMMIT (cd ssl/test/runner && go test -c) diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index c99ef7d27d..26a6181eee 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -43,6 +43,7 @@ macro_rules! println_err( #[derive(Debug)] struct Options { port: u16, + shim_id: u64, side: Side, max_fragment: Option, resumes: usize, @@ -91,6 +92,7 @@ impl Options { fn new() -> Self { Options { port: 0, + shim_id: 0, side: Side::Client, max_fragment: None, resumes: 0, @@ -844,6 +846,9 @@ fn exec(opts: &Options, mut sess: Connection, count: usize) { let mut sent_exporter = false; let mut quench_writes = false; + conn.write_all(&opts.shim_id.to_le_bytes()) + .unwrap(); + loop { if !sent_message && (opts.queue_data || (opts.queue_data_on_resume && count > 0)) { if !opts @@ -1020,6 +1025,9 @@ pub fn main() { "-port" => { opts.port = args.remove(0).parse::().unwrap(); } + "-shim-id" => { + opts.shim_id = args.remove(0).parse::().unwrap(); + } "-server" => { opts.side = Side::Server; } @@ -1253,6 +1261,7 @@ pub fn main() { "-no-tls1" | "-no-ssl3" | "-handoff" | + "-ipv6" | "-decline-alpn" | "-expect-no-session" | "-expect-session-miss" | From 432ceca9b8c0c2b19a019995befdce39743cb5a3 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 10 Jan 2024 12:04:25 +0000 Subject: [PATCH 0669/1145] Partially support -verify-prefs This exits with BOGO_NACK if an unsupported verification algorithm is requested. That is enough to enable 78 more test cases. --- bogo/config.json.in | 21 +++++---------------- rustls/examples/internal/bogo_shim_impl.rs | 8 +++++++- 2 files changed, 12 insertions(+), 17 deletions(-) diff --git a/bogo/config.json.in b/bogo/config.json.in index 40eb77078f..e8f22ba756 100644 --- a/bogo/config.json.in +++ b/bogo/config.json.in @@ -61,6 +61,8 @@ "*-ECDSA_SHA1-*": "no ecdsa-sha1", "*-Sign-RSA_PKCS1_SHA1-*": "no sha1", "*-VerifyDefault-RSA_PKCS1_SHA1-*": "no sha1", + "VerifyPreferences-NoCommonAlgorithms": "we validate but don't actually implement -verify-prefs", + "VerifyPreferences-Enforced": "", "*_P224_*": "no p224", "*-P-224-*": "", #ifdef RING @@ -186,12 +188,9 @@ "ALPNClient-EmptyProtocolName-TLS-TLS13": ":PEER_MISBEHAVIOUR:", "ALPNServer-EmptyProtocolName-TLS-TLS12": ":PEER_MISBEHAVIOUR:", "ALPNServer-EmptyProtocolName-TLS-TLS13": ":PEER_MISBEHAVIOUR:", - "Verify-ServerAuth-SignatureType": ":PEER_MISBEHAVIOUR:", "Verify-ClientAuth-SignatureType": ":BAD_SIGNATURE:", "Verify-ServerAuth-SignatureType-TLS13": ":BAD_SIGNATURE:", "Verify-ClientAuth-SignatureType-TLS13": ":BAD_SIGNATURE:", - "ClientAuth-Enforced": ":PEER_MISBEHAVIOUR:", - "ServerAuth-Enforced": ":PEER_MISBEHAVIOUR:", "UnofferedExtension-Client": ":PEER_MISBEHAVIOUR:", "UnknownExtension-Client": ":PEER_MISBEHAVIOUR:", "KeyUpdate-InvalidRequestMode": ":BAD_HANDSHAKE_MSG:", @@ -226,14 +225,6 @@ "NoSupportedVersions": ":INCOMPATIBLE:", "Client-VerifyDefault-RSA_PKCS1_SHA1-TLS12": ":PEER_ALERT_INTERNAL_ERROR:", "Server-VerifyDefault-RSA_PKCS1_SHA1-TLS12": ":HANDSHAKE_FAILURE:", - "Client-VerifyDefault-RSA_PKCS1_SHA1-TLS13": ":PEER_MISBEHAVIOUR:", - "Server-VerifyDefault-RSA_PKCS1_SHA1-TLS13": ":PEER_MISBEHAVIOUR:", - "Client-VerifyDefault-RSA_PKCS1_SHA256-TLS13": ":PEER_MISBEHAVIOUR:", - "Server-VerifyDefault-RSA_PKCS1_SHA256-TLS13": ":PEER_MISBEHAVIOUR:", - "Client-VerifyDefault-RSA_PKCS1_SHA384-TLS13": ":PEER_MISBEHAVIOUR:", - "Server-VerifyDefault-RSA_PKCS1_SHA384-TLS13": ":PEER_MISBEHAVIOUR:", - "Client-VerifyDefault-RSA_PKCS1_SHA512-TLS13": ":PEER_MISBEHAVIOUR:", - "Server-VerifyDefault-RSA_PKCS1_SHA512-TLS13": ":PEER_MISBEHAVIOUR:", "ClientAuth-InvalidSignature-RSA-PKCS1-SHA1-TLS12": ":PEER_MISBEHAVIOUR:", "ServerAuth-InvalidSignature-RSA-PKCS1-SHA1-TLS12": ":PEER_MISBEHAVIOUR:", "Server-Sign-RSA_PKCS1_SHA256-TLS13": ":INCOMPATIBLE:", @@ -252,8 +243,6 @@ "ClientAuth-NoFallback-ECDSA": ":BAD_HANDSHAKE_MSG:", "ClientAuth-NoFallback-TLS13": ":BAD_HANDSHAKE_MSG:", "ServerAuth-NoFallback-TLS13": ":INCOMPATIBLE:", - "ClientAuth-Enforced-TLS13": ":PEER_MISBEHAVIOUR:", - "ServerAuth-Enforced-TLS13": ":PEER_MISBEHAVIOUR:", "SecondClientHelloWrongCurve-TLS13": ":PEER_MISBEHAVIOUR:", "SecondClientHelloMissingKeyShare-TLS13": ":INCOMPATIBLE:", "Resume-Server-BinderWrongLength-SecondBinder": ":PEER_MISBEHAVIOUR:", @@ -347,9 +336,9 @@ "SendExtensionOnClientCertificate-TLS13": ":PEER_MISBEHAVIOUR:", "SendBogusAlertType": ":BAD_ALERT:", "TLS13-HRR-InvalidCompressionMethod": ":BAD_HANDSHAKE_MSG:", - "CertificateCipherMismatch-RSA": ":PEER_MISBEHAVIOUR:", - "CertificateCipherMismatch-ECDSA": ":PEER_MISBEHAVIOUR:", - "CertificateCipherMismatch-Ed25519": ":PEER_MISBEHAVIOUR:", + "CertificateCipherMismatch-RSA": ":WRONG_SIGNATURE_TYPE:", + "CertificateCipherMismatch-ECDSA": ":WRONG_SIGNATURE_TYPE:", + "CertificateCipherMismatch-Ed25519": ":WRONG_SIGNATURE_TYPE:", "ServerCipherFilter-RSA": ":INCOMPATIBLE:", "ServerCipherFilter-ECDSA": ":INCOMPATIBLE:", "ServerCipherFilter-Ed25519": ":INCOMPATIBLE:", diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 26a6181eee..d56ddecfde 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -760,6 +760,10 @@ fn handle_err(err: Error) -> ! { Error::PeerMisbehaved(PeerMisbehaved::TooMuchEarlyDataReceived) => { quit(":TOO_MUCH_READ_EARLY_DATA:") } + Error::PeerMisbehaved(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme) + | Error::PeerMisbehaved(PeerMisbehaved::SignedKxWithWrongAlgorithm) => { + quit(":WRONG_SIGNATURE_TYPE:") + } Error::PeerMisbehaved(_) => quit(":PEER_MISBEHAVIOUR:"), Error::NoCertificatesPresented => quit(":NO_CERTS:"), Error::AlertReceived(AlertDescription::UnexpectedMessage) => quit(":BAD_ALERT:"), @@ -1091,6 +1095,9 @@ pub fn main() { } } } + "-verify-prefs" => { + lookup_scheme(args.remove(0).parse::().unwrap()); + } "-max-cert-list" | "-expect-curve-id" | "-expect-resume-curve-id" | @@ -1314,7 +1321,6 @@ pub fn main() { "-handshake-twice" | "-on-resume-verify-fail" | "-reverify-on-resume" | - "-verify-prefs" | "-no-op-extra-handshake" | "-expect-peer-cert-file" | "-no-rsa-pss-rsae-certs" | From c296594db33c7d50ab642ab48f8302e6a88dcebf Mon Sep 17 00:00:00 2001 From: Goncalo Gomes Date: Mon, 8 Jan 2024 15:15:30 +0000 Subject: [PATCH 0670/1145] Randomize ClientHello extensions Google Chrome project proposes Client Hello extensions should be randomized in order to prevent fingerprinting [1] This commit sorts all the extensions that have been sent in the same order as before by using a seed that is saved at the start of the connection. And keeps the PSK extension in the end. [1] https://chromestatus.com/feature/5124606246518784 resolves #1313 Co-authored-by: Joseph Birr-Pixton --- rustls/src/client/common.rs | 4 +++- rustls/src/client/hs.rs | 35 ++++++++++++++++++++++++++++++++++- rustls/src/rand.rs | 7 +++++++ rustls/tests/api.rs | 4 ++-- 4 files changed, 46 insertions(+), 4 deletions(-) diff --git a/rustls/src/client/common.rs b/rustls/src/client/common.rs index cbad1f5cf4..52daa4111c 100644 --- a/rustls/src/client/common.rs +++ b/rustls/src/client/common.rs @@ -38,12 +38,14 @@ impl<'a> ServerCertDetails<'a> { pub(super) struct ClientHelloDetails { pub(super) sent_extensions: Vec, + pub(super) extension_order_seed: u16, } impl ClientHelloDetails { - pub(super) fn new() -> Self { + pub(super) fn new(extension_order_seed: u16) -> Self { Self { sent_extensions: Vec::new(), + extension_order_seed, } } diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 7092e72b2a..e046fc9eb3 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -141,6 +141,7 @@ pub(super) fn start_handshake( }; let random = Random::new(config.provider.secure_random)?; + let extension_order_seed = crate::rand::random_u16(config.provider.secure_random)?; Ok(emit_client_hello_for_retry( transcript_buffer, @@ -155,7 +156,7 @@ pub(super) fn start_handshake( #[cfg(feature = "tls12")] using_ems: false, sent_tls13_fake_ccs: false, - hello: ClientHelloDetails::new(), + hello: ClientHelloDetails::new(extension_order_seed), session_id, server_name, }, @@ -271,6 +272,22 @@ fn emit_client_hello_for_retry( // Do we have a SessionID or ticket cached for this host? let tls13_session = prepare_resumption(&input.resuming, &mut exts, suite, cx, config); + // Extensions MAY be randomized + // but they also need to keep the same order as the the previous ClientHello + exts.sort_by_cached_key(|new_ext| { + // PSK extension is always last + if let ClientExtension::PresharedKey(..) = new_ext { + return u32::MAX; + } + + let seed = + (input.hello.extension_order_seed as u32) << 16 | (new_ext.ext_type().get_u16() as u32); + match low_quality_integer_hash(seed) { + u32::MAX => 0, + key => key, + } + }); + // Note what extensions we sent. input.hello.sent_extensions = exts .iter() @@ -929,3 +946,19 @@ impl Deref for ClientSessionValue { self.common() } } + +fn low_quality_integer_hash(mut x: u32) -> u32 { + x = x + .wrapping_add(0x7ed55d16) + .wrapping_add(x << 12); + x = (x ^ 0xc761c23c) ^ (x >> 19); + x = x + .wrapping_add(0x165667b1) + .wrapping_add(x << 5); + x = x.wrapping_add(0xd3a2646c) ^ (x << 9); + x = x + .wrapping_add(0xfd7046c5) + .wrapping_add(x << 3); + x = (x ^ 0xb55a4f09) ^ (x >> 16); + x +} diff --git a/rustls/src/rand.rs b/rustls/src/rand.rs index 63a2e40c3f..2f2c37952c 100644 --- a/rustls/src/rand.rs +++ b/rustls/src/rand.rs @@ -22,6 +22,13 @@ pub(crate) fn random_u32(secure_random: &dyn SecureRandom) -> Result Result { + let mut buf = [0u8; 2]; + secure_random.fill(&mut buf)?; + Ok(u16::from_be_bytes(buf)) +} + /// Random material generation failed. #[derive(Debug)] pub struct GetRandomFailed; diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 53b9653c50..a471cc96c4 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5623,10 +5623,10 @@ fn test_client_construction_fails_if_random_source_fails_in_second_request() { } #[test] -fn test_client_construction_requires_64_bytes_of_random_material() { +fn test_client_construction_requires_66_bytes_of_random_material() { static FAULTY_RANDOM: FaultyRandom = FaultyRandom { rand_queue: Mutex::new( - b"nice random number generator !!!\ + b"nice random number generator !!!!!\ it's really not very good is it?", ), }; From 021933ce7d8c0fc1437c13ffb42ca52af8e3336e Mon Sep 17 00:00:00 2001 From: Nick Kirby Date: Sat, 13 Jan 2024 14:45:59 +0000 Subject: [PATCH 0671/1145] Update hs.rs Fix typo in comment --- rustls/src/client/hs.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index e046fc9eb3..296ff6923b 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -273,7 +273,7 @@ fn emit_client_hello_for_retry( let tls13_session = prepare_resumption(&input.resuming, &mut exts, suite, cx, config); // Extensions MAY be randomized - // but they also need to keep the same order as the the previous ClientHello + // but they also need to keep the same order as the previous ClientHello exts.sort_by_cached_key(|new_ext| { // PSK extension is always last if let ClientExtension::PresharedKey(..) = new_ext { From 06069d5e3879abc4c1c55dddac7d10d73126f077 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 15 Jan 2024 11:18:18 -0500 Subject: [PATCH 0672/1145] deps: clap v4.4.12 -> v4.4.16 --- Cargo.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 41262188de..3af0113943 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -63,9 +63,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.5" +version = "0.6.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d664a92ecae85fd0a7392615844904654d1d5f5514837f471ddef4a057aba1b6" +checksum = "4cd2405b3ac1faab2990b74d728624cd9fd115651fcecc7c2d8daf01376275ba" dependencies = [ "anstyle", "anstyle-parse", @@ -508,9 +508,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.12" +version = "4.4.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dcfab8ba68f3668e89f6ff60f5b205cea56aa7b769451a59f34b8682f51c056d" +checksum = "58e54881c004cec7895b0068a0a954cd5d62da01aef83fa35b1e594497bf5445" dependencies = [ "clap_builder", "clap_derive", @@ -518,9 +518,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.12" +version = "4.4.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb7fb5e4e979aec3be7791562fcba452f94ad85e954da024396433e0e25a79e9" +checksum = "59cb82d7f531603d2fd1f507441cdd35184fa81beff7bd489570de7f773460bb" dependencies = [ "anstream", "anstyle", From 4dc47b8104dc2c24439f40c6a5f6f68db26f91c1 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 15 Jan 2024 11:19:00 -0500 Subject: [PATCH 0673/1145] deps: serde v1.0.194 -> v1.0.195 --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3af0113943..713f530431 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2210,18 +2210,18 @@ checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" [[package]] name = "serde" -version = "1.0.194" +version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b114498256798c94a0689e1a15fec6005dee8ac1f41de56404b67afc2a4b773" +checksum = "63261df402c67811e9ac6def069e4786148c4563f4b50fd4bf30aa370d626b02" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.194" +version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3385e45322e8f9931410f01b3031ec534c3947d0e94c18049af4d9f9907d4e0" +checksum = "46fe8f8603d81ba86327b23a2e9cdf49e1255fb94a4c5f297f6ee0547178ea2c" dependencies = [ "proc-macro2", "quote", From 50ae4c1d65fb1065a6e22ce846d75fc912131088 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 15 Jan 2024 11:19:24 -0500 Subject: [PATCH 0674/1145] deps: base64 v0.21.5 -> v0.21.7 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 713f530431..0d6ed2a3b8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -342,9 +342,9 @@ checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" [[package]] name = "base64" -version = "0.21.5" +version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "base64ct" From fa81bd23c00d71f1c53509be9ea58701265b0c4d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 15 Jan 2024 11:19:49 -0500 Subject: [PATCH 0675/1145] deps: serde_json v1.0.110 -> v1.0.111 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0d6ed2a3b8..8157b82a3f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2230,9 +2230,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.110" +version = "1.0.111" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fbd975230bada99c8bb618e0c365c2eefa219158d5c6c29610fd09ff1833257" +checksum = "176e46fa42316f18edd598015a5166857fc835ec732f5215eac6b7bdbf0a84f4" dependencies = [ "itoa", "ryu", From d9d0879432384ab10f1604294c019156cf13c284 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 12 Jan 2024 12:13:48 -0500 Subject: [PATCH 0676/1145] docs: add more documentation on crypto providers * Describe why crypto providers exist, how they are chosen * Enumerate the built-in providers and associated feature flags * Link to third-party providers we're aware of * Add some documentation about implementing a custom provider --- README.md | 54 +++++++++++++++++++++++++++++++++++++++++---- admin/pull-readme | 2 +- rustls/src/lib.rs | 56 ++++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 102 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index baa532c8e8..a7aede81d5 100644 --- a/README.md +++ b/README.md @@ -87,9 +87,8 @@ need them. ### Platform support -While Rustls itself is platform independent, by default it uses -[`ring`](https://crates.io/crates/ring) for implementing the cryptography in -TLS. As a result, rustls only runs on platforms +While Rustls itself is platform independent, by default it uses [`ring`] for implementing +the cryptography in TLS. As a result, rustls only runs on platforms supported by `ring`. At the time of writing, this means 32-bit ARM, Aarch64 (64-bit ARM), x86, x86-64, LoongArch64, 32-bit & 64-bit Little Endian MIPS, 32-bit PowerPC (Big Endian), 64-bit PowerPC (Big and Little Endian), 64-bit RISC-V, and s390x. We do not presently @@ -107,7 +106,54 @@ dependency on *ring*. Rustls requires Rust 1.61 or later. [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 -[crypto::CryptoProvider]: https://docs.rs/rustls/latest/rustls/crypto/trait.CryptoProvider.html +[`crypto::CryptoProvider`]: https://docs.rs/rustls/latest/rustls/crypto/trait.CryptoProvider.html +[`ring`]: https://crates.io/crates/ring + +### Cryptography providers + +Since Rustls 0.22 it has been possible to choose the provider of the cryptographic primitives +that Rustls uses. This may be appealing if you have specific platform, compliance or feature +requirements that aren't met by the default provider, [`ring`]. + +Users that wish to customize the provider in use can do so when constructing `ClientConfig` +and `ServerConfig` instances using the `with_crypto_provider` method on the respective config +builder types. See the [`crypto::CryptoProvider`] documentation for more details. + +#### Built-in providers + +Rustls ships with two built-in providers controlled with associated feature flags: + +* [`ring`] - enabled by default, available with the `ring` feature flag enabled. This +provider is used by default when an explicit provider is not specified. +* [`aws-lc-rs`] - available with the `aws_lc_rs` feature flag enabled. + +[`aws-lc-rs`]: https://github.com/aws/aws-lc-rs + +#### Third-party providers + +The community has also started developing third-party providers for Rustls: + +* [`rustls-mbedtls-provider`] - a provider that uses [`mbedtls`] for cryptography. +* [`boring-rustls-provider`] - a work-in-progress provider that uses [`boringssl`] for +cryptography. + +[`rustls-mbedtls-provider`]: https://github.com/fortanix/rustls-mbedtls-provider +[`mbedtls`]: https://github.com/Mbed-TLS/mbedtls +[`boring-rustls-provider`]: https://github.com/janrueth/boring-rustls-provider +[`boringssl`]: https://github.com/google/boringssl + +#### Custom provider + +We also provide a simple example of writing your own provider in the [`custom-provider`] +example. This example implements a minimal provider using parts of the [`RustCrypto`] +ecosystem. + +See the [Making a custom CryptoProvider] section of the documentation for more information +on this topic. + +[`custom-provider`]: https://github.com/rustls/rustls/tree/main/provider-example/ +[`RustCrypto`]: https://github.com/RustCrypto +[Making a custom CryptoProvider]: https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html#making-a-custom-cryptoprovider # Example code diff --git a/admin/pull-readme b/admin/pull-readme index e9c153fd1b..2b60a09c28 100755 --- a/admin/pull-readme +++ b/admin/pull-readme @@ -7,6 +7,6 @@ awk 'BEGIN { take=1 }/# Approach/{take=0;print}take' < README.md > README.md.new grep '^//!' rustls/src/lib.rs | \ sed -e 's@^\/\/\! *@@g' | \ sed -e 's@manual](manual)@manual](https://docs.rs/rustls/latest/rustls/manual/_02_tls_vulnerabilities/index.html)@' | \ - awk '/# Rustls - a modern TLS library/{take=1;next}/## Design Overview/{take=0}take' >> README.md.new + awk '/# Rustls - a modern TLS library/{take=1;next}/## Design overview/{take=0}take' >> README.md.new awk '/# Example code/{take=1}take' < README.md >> README.md.new mv README.md.new README.md diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index c083db3c93..059f03c83b 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -54,9 +54,8 @@ //! //! ### Platform support //! -//! While Rustls itself is platform independent, by default it uses -//! [`ring`](https://crates.io/crates/ring) for implementing the cryptography in -//! TLS. As a result, rustls only runs on platforms +//! While Rustls itself is platform independent, by default it uses [`ring`] for implementing +//! the cryptography in TLS. As a result, rustls only runs on platforms //! supported by `ring`. At the time of writing, this means 32-bit ARM, Aarch64 (64-bit ARM), //! x86, x86-64, LoongArch64, 32-bit & 64-bit Little Endian MIPS, 32-bit PowerPC (Big Endian), //! 64-bit PowerPC (Big and Little Endian), 64-bit RISC-V, and s390x. We do not presently @@ -74,9 +73,56 @@ //! Rustls requires Rust 1.61 or later. //! //! [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 -//! [crypto::CryptoProvider]: https://docs.rs/rustls/latest/rustls/crypto/trait.CryptoProvider.html +//! [`crypto::CryptoProvider`]: https://docs.rs/rustls/latest/rustls/crypto/trait.CryptoProvider.html +//! [`ring`]: https://crates.io/crates/ring //! -//! ## Design Overview +//! ### Cryptography providers +//! +//! Since Rustls 0.22 it has been possible to choose the provider of the cryptographic primitives +//! that Rustls uses. This may be appealing if you have specific platform, compliance or feature +//! requirements that aren't met by the default provider, [`ring`]. +//! +//! Users that wish to customize the provider in use can do so when constructing `ClientConfig` +//! and `ServerConfig` instances using the `with_crypto_provider` method on the respective config +//! builder types. See the [`crypto::CryptoProvider`] documentation for more details. +//! +//! #### Built-in providers +//! +//! Rustls ships with two built-in providers controlled with associated feature flags: +//! +//! * [`ring`] - enabled by default, available with the `ring` feature flag enabled. This +//! provider is used by default when an explicit provider is not specified. +//! * [`aws-lc-rs`] - available with the `aws_lc_rs` feature flag enabled. +//! +//! [`aws-lc-rs`]: https://github.com/aws/aws-lc-rs +//! +//! #### Third-party providers +//! +//! The community has also started developing third-party providers for Rustls: +//! +//! * [`rustls-mbedtls-provider`] - a provider that uses [`mbedtls`] for cryptography. +//! * [`boring-rustls-provider`] - a work-in-progress provider that uses [`boringssl`] for +//! cryptography. +//! +//! [`rustls-mbedtls-provider`]: https://github.com/fortanix/rustls-mbedtls-provider +//! [`mbedtls`]: https://github.com/Mbed-TLS/mbedtls +//! [`boring-rustls-provider`]: https://github.com/janrueth/boring-rustls-provider +//! [`boringssl`]: https://github.com/google/boringssl +//! +//! #### Custom provider +//! +//! We also provide a simple example of writing your own provider in the [`custom-provider`] +//! example. This example implements a minimal provider using parts of the [`RustCrypto`] +//! ecosystem. +//! +//! See the [Making a custom CryptoProvider] section of the documentation for more information +//! on this topic. +//! +//! [`custom-provider`]: https://github.com/rustls/rustls/tree/main/provider-example/ +//! [`RustCrypto`]: https://github.com/RustCrypto +//! [Making a custom CryptoProvider]: https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html#making-a-custom-cryptoprovider +//! +//! ## Design overview //! //! Rustls is a low-level library. If your goal is to make HTTPS connections you may prefer //! to use a library built on top of Rustls like [hyper] or [ureq]. From cd50cdc176404eecda2c17a4c51e86f5c04cb25d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 18 Jan 2024 10:09:04 -0500 Subject: [PATCH 0677/1145] examples: minor optimization for mio client NoCertificateVerification Previously we implemented the Rustls 0.22 update for the tlsclient-mio example's `NoCertificateVerification` verifier by invoking the ring `default_provider()` constructor in three of the trait functions. Since this example is often referenced by folks looking to do the same thing in their codebase we should try and make this example slightly more efficient by having the verifier struct hold onto a single `CryptoProvider` it can reference from each of the three trait fns. --- examples/src/bin/tlsclient-mio.rs | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index a74f068bad..730d6da5ee 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -334,11 +334,17 @@ fn load_private_key(filename: &str) -> PrivateKeyDer<'static> { mod danger { use pki_types::{CertificateDer, ServerName, UnixTime}; use rustls::client::danger::HandshakeSignatureValid; - use rustls::crypto::{verify_tls12_signature, verify_tls13_signature}; + use rustls::crypto::{verify_tls12_signature, verify_tls13_signature, CryptoProvider}; use rustls::DigitallySignedStruct; #[derive(Debug)] - pub struct NoCertificateVerification {} + pub struct NoCertificateVerification(CryptoProvider); + + impl NoCertificateVerification { + pub fn new(provider: CryptoProvider) -> Self { + Self(provider) + } + } impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification { fn verify_server_cert( @@ -362,7 +368,7 @@ mod danger { message, cert, dss, - &rustls::crypto::ring::default_provider().signature_verification_algorithms, + &self.0.signature_verification_algorithms, ) } @@ -376,12 +382,12 @@ mod danger { message, cert, dss, - &rustls::crypto::ring::default_provider().signature_verification_algorithms, + &self.0.signature_verification_algorithms, ) } fn supported_verify_schemes(&self) -> Vec { - rustls::crypto::ring::default_provider() + self.0 .signature_verification_algorithms .supported_schemes() } @@ -467,7 +473,9 @@ fn make_config(args: &Args) -> Arc { if args.flag_insecure { config .dangerous() - .set_certificate_verifier(Arc::new(danger::NoCertificateVerification {})); + .set_certificate_verifier(Arc::new(danger::NoCertificateVerification::new( + rustls::crypto::ring::default_provider(), + ))); } Arc::new(config) From a4d915e69014418fa635bbee81a74e701fa56258 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 16:22:28 +0000 Subject: [PATCH 0678/1145] build(deps): bump h2 from 0.3.22 to 0.3.24 Bumps [h2](https://github.com/hyperium/h2) from 0.3.22 to 0.3.24. - [Release notes](https://github.com/hyperium/h2/releases) - [Changelog](https://github.com/hyperium/h2/blob/v0.3.24/CHANGELOG.md) - [Commits](https://github.com/hyperium/h2/compare/v0.3.22...v0.3.24) --- updated-dependencies: - dependency-name: h2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8157b82a3f..4866f8ef5c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1041,9 +1041,9 @@ dependencies = [ [[package]] name = "h2" -version = "0.3.22" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d6250322ef6e60f93f9a2162799302cd6f68f79f6e5d85c8c16f14d1d958178" +checksum = "bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9" dependencies = [ "bytes", "fnv", From 0306226ecf42b945d1f0e6e0b7de162e4a15a12f Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 23 Jan 2024 09:49:03 +0100 Subject: [PATCH 0679/1145] Update semver-compatible dependencies --- Cargo.lock | 232 ++++++++++++++++++++++++++--------------------------- 1 file changed, 113 insertions(+), 119 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4866f8ef5c..5f2976cdaa 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -63,9 +63,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.7" +version = "0.6.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4cd2405b3ac1faab2990b74d728624cd9fd115651fcecc7c2d8daf01376275ba" +checksum = "6e2e1ebcb11de5c03c67de28a7df593d32191b44939c482e97702baaaa6ab6a5" dependencies = [ "anstyle", "anstyle-parse", @@ -143,7 +143,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1ca33f4bc4ed1babef42cad36cc1f51fa88be00420404e5b1e80ab1b18f7678c" dependencies = [ "concurrent-queue", - "event-listener 4.0.2", + "event-listener 4.0.3", "event-listener-strategy", "futures-core", "pin-project-lite", @@ -155,11 +155,11 @@ version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "17ae5ebefcc48e7452b4987947920dac9450be1110cadf34d1b8c116bdbaf97c" dependencies = [ - "async-lock 3.2.0", + "async-lock 3.3.0", "async-task", "concurrent-queue", "fastrand 2.0.1", - "futures-lite 2.1.0", + "futures-lite 2.2.0", "slab", ] @@ -171,10 +171,10 @@ checksum = "05b1b633a2115cd122d73b955eadd9916c18c8f510ec9cd1686404c60ad1c29c" dependencies = [ "async-channel 2.1.1", "async-executor", - "async-io 2.2.2", - "async-lock 3.2.0", + "async-io 2.3.0", + "async-lock 3.3.0", "blocking", - "futures-lite 2.1.0", + "futures-lite 2.2.0", "once_cell", ] @@ -200,18 +200,18 @@ dependencies = [ [[package]] name = "async-io" -version = "2.2.2" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6afaa937395a620e33dc6a742c593c01aced20aa376ffb0f628121198578ccc7" +checksum = "fb41eb19024a91746eba0773aa5e16036045bbf45733766661099e182ea6a744" dependencies = [ - "async-lock 3.2.0", + "async-lock 3.3.0", "cfg-if", "concurrent-queue", "futures-io", - "futures-lite 2.1.0", + "futures-lite 2.2.0", "parking", - "polling 3.3.1", - "rustix 0.38.28", + "polling 3.3.2", + "rustix 0.38.30", "slab", "tracing", "windows-sys 0.52.0", @@ -228,11 +228,11 @@ dependencies = [ [[package]] name = "async-lock" -version = "3.2.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7125e42787d53db9dd54261812ef17e937c95a51e4d291373b670342fa44310c" +checksum = "d034b430882f8381900d3fe6f0aaa3ad94f2cb4ac519b429692a1bc2dda4ae7b" dependencies = [ - "event-listener 4.0.2", + "event-listener 4.0.3", "event-listener-strategy", "pin-project-lite", ] @@ -266,9 +266,9 @@ dependencies = [ [[package]] name = "async-task" -version = "4.6.0" +version = "4.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1d90cd0b264dfdd8eb5bad0a2c217c1f88fa96a8573f40e7b12de23fb468f46" +checksum = "fbb36e985947064623dbd357f727af08ffd077f93d696782f3c56365fa2e2799" [[package]] name = "async-trait" @@ -278,7 +278,7 @@ checksum = "c980ee35e870bd1a4d2c8294d4c04d0499e67bca1e4b5cefcc693c2fa00caea9" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.48", ] [[package]] @@ -364,7 +364,7 @@ version = "0.68.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "726e4313eb6ec35d2730258ad4e15b547ee75d6afaa1361a922e78e59b7d8078" dependencies = [ - "bitflags 2.4.1", + "bitflags 2.4.2", "cexpr", "clang-sys", "lazy_static", @@ -377,7 +377,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.46", + "syn 2.0.48", "which", ] @@ -389,9 +389,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.1" +version = "2.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" +checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" [[package]] name = "block-buffer" @@ -409,11 +409,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a37913e8dc4ddcc604f0c6d3bf2887c995153af3611de9e23c352b44c1b9118" dependencies = [ "async-channel 2.1.1", - "async-lock 3.2.0", + "async-lock 3.3.0", "async-task", "fastrand 2.0.1", "futures-io", - "futures-lite 2.1.0", + "futures-lite 2.2.0", "piper", "tracing", ] @@ -508,9 +508,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.16" +version = "4.4.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58e54881c004cec7895b0068a0a954cd5d62da01aef83fa35b1e594497bf5445" +checksum = "1e578d6ec4194633722ccf9544794b71b1385c3c027efe0c55db226fc880865c" dependencies = [ "clap_builder", "clap_derive", @@ -518,9 +518,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.16" +version = "4.4.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59cb82d7f531603d2fd1f507441cdd35184fa81beff7bd489570de7f773460bb" +checksum = "4df4df40ec50c46000231c914968278b1eb05098cf8f1b3a518a95030e71d1c7" dependencies = [ "anstream", "anstyle", @@ -537,7 +537,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.48", ] [[package]] @@ -578,43 +578,37 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" dependencies = [ "libc", ] [[package]] name = "crossbeam-deque" -version = "0.8.4" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fca89a0e215bab21874660c67903c5f143333cab1da83d041c7ded6053774751" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" dependencies = [ - "cfg-if", "crossbeam-epoch", "crossbeam-utils", ] [[package]] name = "crossbeam-epoch" -version = "0.9.17" +version = "0.9.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e3681d554572a651dda4186cd47240627c3d0114d45a95f6ad27f2f22e7548d" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" dependencies = [ - "autocfg", - "cfg-if", "crossbeam-utils", ] [[package]] name = "crossbeam-utils" -version = "0.8.18" +version = "0.8.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3a430a770ebd84726f584a90ee7f020d28db52c6d02138900f22341f866d39c" -dependencies = [ - "cfg-if", -] +checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" [[package]] name = "crypto-bigint" @@ -671,7 +665,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.48", ] [[package]] @@ -778,14 +772,14 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.48", ] [[package]] name = "env_logger" -version = "0.10.1" +version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95b3f3e67048839cb0d0781f445682a35113da7121f7c949db0e2be96a4fbece" +checksum = "4cd405aab171cb85d6735e5c8d9db038c17d3ca007a4d2c25f337935c3d90580" dependencies = [ "humantime", "is-terminal", @@ -818,9 +812,9 @@ checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" [[package]] name = "event-listener" -version = "4.0.2" +version = "4.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "218a870470cce1469024e9fb66b901aa983929d81304a1cdb299f28118e550d5" +checksum = "67b215c49b2b248c855fb73579eb1f4f26c38ffdc12973e20e07b91d78d5646e" dependencies = [ "concurrent-queue", "parking", @@ -833,7 +827,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "958e4d70b6d5e81971bebec42271ec641e7ff4e170a6fa605f2b8a8b65cb97d3" dependencies = [ - "event-listener 4.0.2", + "event-listener 4.0.3", "pin-project-lite", ] @@ -927,9 +921,9 @@ dependencies = [ [[package]] name = "futures-lite" -version = "2.1.0" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aeee267a1883f7ebef3700f262d2d54de95dfaf38189015a74fdc4e0c7ad8143" +checksum = "445ba825b27408685aaecefd65178908c36c6e96aaf6d8599419d46e624192ba" dependencies = [ "fastrand 2.0.1", "futures-core", @@ -985,9 +979,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" +checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" dependencies = [ "cfg-if", "libc", @@ -1072,9 +1066,9 @@ checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" [[package]] name = "hermit-abi" -version = "0.3.3" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" +checksum = "5d3d0e0f38255e7fa3cf31335b3a56f05febd18025f4db5ef7a0cfb4f8da651f" [[package]] name = "hex" @@ -1314,7 +1308,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0bad00257d07be169d870ab665980b06cdb366d792ad690bf2e76876dc503455" dependencies = [ "hermit-abi", - "rustix 0.38.28", + "rustix 0.38.30", "windows-sys 0.52.0", ] @@ -1335,9 +1329,9 @@ checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" [[package]] name = "js-sys" -version = "0.3.66" +version = "0.3.67" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cee9c64da59eae3b50095c18d3e74f8b73c0b86d2792824ff01bbce68ba229ca" +checksum = "9a1d36f1235bc969acba30b7f5990b864423a6068a10f7c90ae8f0112e3a59d1" dependencies = [ "wasm-bindgen", ] @@ -1368,9 +1362,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.151" +version = "0.2.152" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" +checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7" [[package]] name = "libloading" @@ -1402,9 +1396,9 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" [[package]] name = "linux-raw-sys" -version = "0.4.12" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4cd1a83af159aa67994778be9070f0ae1bd732942279cabb14f86f986a21456" +checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" [[package]] name = "lock_api" @@ -1715,14 +1709,14 @@ dependencies = [ [[package]] name = "polling" -version = "3.3.1" +version = "3.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf63fa624ab313c11656b4cda960bfc46c410187ad493c41f6ba2d8c1e991c9e" +checksum = "545c980a3880efd47b2e262f6a4bb6daad6555cf3367aa9c4e52895f69537a41" dependencies = [ "cfg-if", "concurrent-queue", "pin-project-lite", - "rustix 0.38.28", + "rustix 0.38.30", "tracing", "windows-sys 0.52.0", ] @@ -1769,7 +1763,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a41cf62165e97c7f814d2221421dbb9afcbcdb0a88068e5ea206e19951c2cbb5" dependencies = [ "proc-macro2", - "syn 2.0.46", + "syn 2.0.48", ] [[package]] @@ -1783,9 +1777,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.74" +version = "1.0.78" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2de98502f212cfcea8d0bb305bd0f49d7ebdd75b64ba0a68f937d888f4e0d6db" +checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae" dependencies = [ "unicode-ident", ] @@ -1837,9 +1831,9 @@ dependencies = [ [[package]] name = "rayon" -version = "1.8.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c27db03db7734835b3f53954b534c91069375ce6ccaa2e065441e07d9b6cdb1" +checksum = "fa7237101a77a10773db45d62004a272517633fbcc3df19d96455ede1122e051" dependencies = [ "either", "rayon-core", @@ -1847,9 +1841,9 @@ dependencies = [ [[package]] name = "rayon-core" -version = "1.12.0" +version = "1.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ce3fb6ad83f861aac485e76e1985cd109d9a3713802152be56c3b1f0e0658ed" +checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" dependencies = [ "crossbeam-deque", "crossbeam-utils", @@ -1878,9 +1872,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.10.2" +version = "1.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" +checksum = "b62dbe01f0b06f9d8dc7d49e05a0785f153b00b2c227856282f671e0318c9b15" dependencies = [ "aho-corasick", "memchr", @@ -1890,9 +1884,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.3" +version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" +checksum = "3b7fa1134405e2ec9353fd416b17f8dacd46c473d7d3fd1cf202706a14eb792a" dependencies = [ "aho-corasick", "memchr", @@ -1997,14 +1991,14 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.28" +version = "0.38.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72e572a5e8ca657d7366229cdde4bd14c4eb5499a9573d4d366fe1b599daa316" +checksum = "322394588aaf33c24007e8bb3238ee3e4c5c09c084ab32bc73890b99ff326bca" dependencies = [ - "bitflags 2.4.1", + "bitflags 2.4.2", "errno", "libc", - "linux-raw-sys 0.4.12", + "linux-raw-sys 0.4.13", "windows-sys 0.52.0", ] @@ -2204,9 +2198,9 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.20" +version = "1.0.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" +checksum = "b97ed7a9823b74f99c7742f5336af7be5ecd3eeafcb1507d1fa93347b1d589b0" [[package]] name = "serde" @@ -2225,7 +2219,7 @@ checksum = "46fe8f8603d81ba86327b23a2e9cdf49e1255fb94a4c5f297f6ee0547178ea2c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.48", ] [[package]] @@ -2252,9 +2246,9 @@ dependencies = [ [[package]] name = "shlex" -version = "1.2.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7cee0529a6d40f580e7a5e6c495c8fbfe21b7b52795ed4bb5e62cdf92bc6380" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "signature" @@ -2277,9 +2271,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.11.2" +version = "1.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" +checksum = "e6ecd384b10a64542d77071bd64bd7b231f4ed5940fba55e98c3de13824cf3d7" [[package]] name = "socket2" @@ -2348,9 +2342,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.46" +version = "2.0.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89456b690ff72fddcecf231caedbe615c59480c93358a93dfae7fc29e3ebbf0e" +checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" dependencies = [ "proc-macro2", "quote", @@ -2359,9 +2353,9 @@ dependencies = [ [[package]] name = "termcolor" -version = "1.4.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff1bc3d3f05aff0403e8ac0d92ced918ec05b666a43f83297ccef5bea8a3d449" +checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" dependencies = [ "winapi-util", ] @@ -2383,7 +2377,7 @@ checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.48", ] [[package]] @@ -2444,7 +2438,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.48", ] [[package]] @@ -2490,7 +2484,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.48", ] [[package]] @@ -2510,9 +2504,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-bidi" -version = "0.3.14" +version = "0.3.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f2528f27a9eb2b21e69c95319b30bd0efd85d09c379741b0f78ea1d86be2416" +checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75" [[package]] name = "unicode-ident" @@ -2570,9 +2564,9 @@ checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" [[package]] name = "value-bag" -version = "1.4.2" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4a72e1902dde2bd6441347de2b70b7f5d59bf157c6c62f0c44572607a1d55bbe" +checksum = "7cdbaf5e132e593e9fc1de6a15bbec912395b11fb9719e061cf64f804524c503" [[package]] name = "version_check" @@ -2594,9 +2588,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.89" +version = "0.2.90" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ed0d4f68a3015cc185aff4db9506a015f4b96f95303897bfa23f846db54064e" +checksum = "b1223296a201415c7fad14792dbefaace9bd52b62d33453ade1c5b5f07555406" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -2604,24 +2598,24 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.89" +version = "0.2.90" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b56f625e64f3a1084ded111c4d5f477df9f8c92df113852fa5a374dbda78826" +checksum = "fcdc935b63408d58a32f8cc9738a0bffd8f05cc7c002086c6ef20b7312ad9dcd" dependencies = [ "bumpalo", "log", "once_cell", "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.48", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-futures" -version = "0.4.39" +version = "0.4.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac36a15a220124ac510204aec1c3e5db8a22ab06fd6706d881dc6149f8ed9a12" +checksum = "bde2032aeb86bdfaecc8b261eef3cba735cc426c1f3a3416d1e0791be95fc461" dependencies = [ "cfg-if", "js-sys", @@ -2631,9 +2625,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.89" +version = "0.2.90" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0162dbf37223cd2afce98f3d0785506dcb8d266223983e4b5b525859e6e182b2" +checksum = "3e4c238561b2d428924c49815533a8b9121c664599558a5d9ec51f8a1740a999" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2641,28 +2635,28 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.89" +version = "0.2.90" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283" +checksum = "bae1abb6806dc1ad9e560ed242107c0f6c84335f1749dd4e8ddb012ebd5e25a7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.48", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.89" +version = "0.2.90" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f" +checksum = "4d91413b1c31d7539ba5ef2451af3f0b833a005eb27a631cec32bc0635a8602b" [[package]] name = "web-sys" -version = "0.3.66" +version = "0.3.67" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50c24a44ec86bb68fbecd1b3efed7e85ea5621b39b35ef2766b66cd984f8010f" +checksum = "58cd2333b6e0be7a39605f0e255892fd7418a682d8da8fe042fe25128794d2ed" dependencies = [ "js-sys", "wasm-bindgen", @@ -2692,7 +2686,7 @@ dependencies = [ "either", "home", "once_cell", - "rustix 0.38.28", + "rustix 0.38.30", ] [[package]] @@ -2912,5 +2906,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.46", + "syn 2.0.48", ] From 50af9a8bcb49778249e0dcd16206548e765c9d6e Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 23 Jan 2024 09:51:06 +0100 Subject: [PATCH 0680/1145] Add note about env_logger 0.11 upgrade --- examples/Cargo.toml | 2 +- provider-example/Cargo.toml | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/Cargo.toml b/examples/Cargo.toml index e2f90b7b18..e9ddb606de 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -9,7 +9,7 @@ publish = false [dependencies] async-std = { version = "1.12.0", features = ["attributes"], optional = true } docopt = "~1.1" -env_logger = "0.10" +env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index dfdaf6da99..1ae2918516 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -26,7 +26,7 @@ webpki = { package = "rustls-webpki", version = "0.102", features = ["alloc"], d x25519-dalek = "2" [dev-dependencies] -env_logger = "0.10" +env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) hex = "0.4.3" rcgen = { version = "0.12", features = ["ring"] } serde = { version = "1", features = ["derive"] } diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index f1c88c0195..a24b4a7277 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -35,7 +35,7 @@ read_buf = ["rustversion"] [dev-dependencies] base64 = "0.21" bencher = "0.1.5" -env_logger = "0.10" +env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) log = "0.4.4" rustls-pemfile = "2" webpki-roots = "0.26" From 93591ebe226a4f3cc1daf9a61f6d4b1fff64a0bf Mon Sep 17 00:00:00 2001 From: elardus-erasmus <127624117+elardus-erasmus@users.noreply.github.com> Date: Sun, 21 Jan 2024 22:32:53 -0500 Subject: [PATCH 0681/1145] Update README.md - server auth Correct the text per the original intent. Servers are authenticated by clients. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a7aede81d5..3933dbb82c 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ obsolete cryptography by default. * TLS1.3 resumption via tickets or session storage. * TLS1.3 0-RTT data for clients. * TLS1.3 0-RTT data for servers. -* Client authentication by clients. +* Server authentication by clients. * Client authentication by servers. * Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)). * Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)). From ad1d015f11ce8d5452b7b8f6a9cc8017b01aa000 Mon Sep 17 00:00:00 2001 From: elardus-erasmus <127624117+elardus-erasmus@users.noreply.github.com> Date: Mon, 22 Jan 2024 08:36:49 -0500 Subject: [PATCH 0682/1145] Update README.md Combine server and client authentication bullet points in the `Current functionality` list. --- README.md | 3 +-- rustls/src/lib.rs | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3933dbb82c..27a7110ea9 100644 --- a/README.md +++ b/README.md @@ -54,8 +54,7 @@ obsolete cryptography by default. * TLS1.3 resumption via tickets or session storage. * TLS1.3 0-RTT data for clients. * TLS1.3 0-RTT data for servers. -* Server authentication by clients. -* Client authentication by servers. +* Server and optional client authentication. * Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)). * Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)). * OCSP stapling by servers. diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 059f03c83b..51460b9174 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -21,8 +21,7 @@ //! * TLS1.3 resumption via tickets or session storage. //! * TLS1.3 0-RTT data for clients. //! * TLS1.3 0-RTT data for servers. -//! * Client authentication by clients. -//! * Client authentication by servers. +//! * Server and optional client authentication. //! * Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)). //! * Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)). //! * OCSP stapling by servers. From f965b9cd59bd6abac2ff5197c1e437546ef66b87 Mon Sep 17 00:00:00 2001 From: YX Cao Date: Thu, 18 Jan 2024 16:12:07 -0800 Subject: [PATCH 0683/1145] Add config field to require `extended_master_secret` extension support from peer in TLS 1.2 * Add server config for requiring `extended_master_secret` extension from peer. * Add client config for requiring `extended_master_secret` extension from peer. * Add tests cases for server and client when requiring `extended_master_secret` extension from peer. --- rustls/src/client/builder.rs | 2 ++ rustls/src/client/client_conn.rs | 16 +++++++++ rustls/src/client/tls12.rs | 10 +++++- rustls/src/error.rs | 1 + rustls/src/server/builder.rs | 2 ++ rustls/src/server/server_conn.rs | 16 +++++++++ rustls/src/server/tls12.rs | 5 +++ rustls/tests/api.rs | 58 ++++++++++++++++++++++++++++++++ 8 files changed, 109 insertions(+), 1 deletion(-) diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 27666e1966..1f5db007fd 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -159,6 +159,8 @@ impl ConfigBuilder { key_log: Arc::new(NoKeyLog {}), enable_secret_extraction: false, enable_early_data: false, + #[cfg(feature = "tls12")] + require_ems: false, } } } diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index df6388867f..15a22f77d5 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -193,6 +193,20 @@ pub struct ClientConfig { /// The default is false. pub enable_early_data: bool, + /// If set to `true`, requires the server to support the extended + /// master secret extraction method defined in [RFC 7627]. + /// + /// The default is `false`. + /// + /// It must be set to `true` to meet FIPS requirement mentioned in section + /// **D.Q Transition of the TLS 1.2 KDF to Support the Extended Master + /// Secret** from [FIPS 140-3 IG.pdf]. + /// + /// [RFC 7627]: https://datatracker.ietf.org/doc/html/rfc7627 + /// [FIPS 140-3 IG.pdf]: https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf + #[cfg(feature = "tls12")] + pub require_ems: bool, + /// Source of randomness and other crypto. pub(super) provider: Arc, @@ -308,6 +322,8 @@ impl Clone for ClientConfig { key_log: Arc::clone(&self.key_log), enable_secret_extraction: self.enable_secret_extraction, enable_early_data: self.enable_early_data, + #[cfg(feature = "tls12")] + require_ems: self.require_ems, } } } diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index d3a70e9ec8..d99f05efee 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -3,7 +3,7 @@ use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; -use crate::error::{Error, InvalidMessage, PeerMisbehaved}; +use crate::error::{Error, InvalidMessage, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHash; #[cfg(feature = "logging")] use crate::log::{debug, trace, warn}; @@ -81,6 +81,14 @@ mod server_hello { // Doing EMS? self.using_ems = server_hello.ems_support_acked(); + if self.config.require_ems && !self.using_ems { + return Err({ + cx.common.send_fatal_alert( + AlertDescription::HandshakeFailure, + PeerIncompatible::ExtendedMasterSecretExtensionRequired, + ) + }); + } // Might the server send a ticket? let must_issue_new_ticket = if server_hello diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 062b54ec2c..3ac65772ba 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -257,6 +257,7 @@ impl From for Error { /// versions. pub enum PeerIncompatible { EcPointsExtensionRequired, + ExtendedMasterSecretExtensionRequired, KeyShareExtensionRequired, NamedGroupsExtensionRequired, NoCertificateRequestSignatureSchemesInCommon, diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index f2128b883e..c29502d132 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -124,6 +124,8 @@ impl ConfigBuilder { max_early_data_size: 0, send_half_rtt_data: false, send_tls13_tickets: 4, + #[cfg(feature = "tls12")] + require_ems: false, } } } diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 029911cd5e..e37f49ed01 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -315,6 +315,20 @@ pub struct ServerConfig { /// If this is 0, no tickets are sent and clients will not be able to /// do any resumption. pub send_tls13_tickets: usize, + + /// If set to `true`, requires the client to support the extended + /// master secret extraction method defined in [RFC 7627]. + /// + /// The default is `false`. + /// + /// It must be set to `true` to meet FIPS requirement mentioned in section + /// **D.Q Transition of the TLS 1.2 KDF to Support the Extended Master + /// Secret** from [FIPS 140-3 IG.pdf]. + /// + /// [RFC 7627]: https://datatracker.ietf.org/doc/html/rfc7627 + /// [FIPS 140-3 IG.pdf]: https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf + #[cfg(feature = "tls12")] + pub require_ems: bool, } // Avoid a `Clone` bound on `C`. @@ -335,6 +349,8 @@ impl Clone for ServerConfig { max_early_data_size: self.max_early_data_size, send_half_rtt_data: self.send_half_rtt_data, send_tls13_tickets: self.send_tls13_tickets, + #[cfg(feature = "tls12")] + require_ems: self.require_ems, } } } diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 3570826b56..081ae33698 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -81,6 +81,11 @@ mod client_hello { if client_hello.ems_support_offered() { self.using_ems = true; + } else if self.config.require_ems { + return Err(cx.common.send_fatal_alert( + AlertDescription::HandshakeFailure, + PeerIncompatible::ExtendedMasterSecretExtensionRequired, + )); } let groups_ext = client_hello diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index a471cc96c4..68ab650ef7 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5057,6 +5057,64 @@ fn test_client_rejects_illegal_tls13_ccs() { ); } +#[cfg(feature = "tls12")] +#[test] +fn test_client_rejects_no_extended_master_secret_extension_when_require_ems() { + let key_type = KeyType::Rsa; + let mut client_config = make_client_config(key_type); + client_config.require_ems = true; + let server_config = finish_server_config( + key_type, + server_config_builder_with_versions(&[&rustls::version::TLS12]), + ); + let (client, server) = make_pair_for_configs(client_config, server_config); + let (mut client, mut server) = (client.into(), server.into()); + transfer_altered(&mut client, remove_ems_request, &mut server); + server.process_new_packets().unwrap(); + transfer_altered(&mut server, |_| Altered::InPlace, &mut client); + assert_eq!( + client.process_new_packets(), + Err(Error::PeerIncompatible( + PeerIncompatible::ExtendedMasterSecretExtensionRequired + )) + ); +} + +#[cfg(feature = "tls12")] +#[test] +fn test_server_rejects_no_extended_master_secret_extension_when_require_ems() { + let key_type = KeyType::Rsa; + let client_config = make_client_config(key_type); + let mut server_config = finish_server_config( + key_type, + server_config_builder_with_versions(&[&rustls::version::TLS12]), + ); + server_config.require_ems = true; + let (client, server) = make_pair_for_configs(client_config, server_config); + let (mut client, mut server) = (client.into(), server.into()); + transfer_altered(&mut client, remove_ems_request, &mut server); + assert_eq!( + server.process_new_packets(), + Err(Error::PeerIncompatible( + PeerIncompatible::ExtendedMasterSecretExtensionRequired + )) + ); +} + +#[cfg(feature = "tls12")] +fn remove_ems_request(msg: &mut Message) -> Altered { + if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { + if let HandshakePayload::ClientHello(ch) = &mut parsed.payload { + ch.extensions + .retain(|ext| !matches!(ext, ClientExtension::ExtendedMasterSecretRequest)) + } + + *encoded = Payload::new(parsed.get_encoding()); + } + + Altered::InPlace +} + /// https://github.com/rustls/rustls/issues/797 #[cfg(feature = "tls12")] #[test] From 582516e241c8330275a2149304c322e4b80baece Mon Sep 17 00:00:00 2001 From: Yuxiang Cao Date: Mon, 22 Jan 2024 11:27:11 -0800 Subject: [PATCH 0684/1145] update bogo test shim for new ems config option Update bog test shim to cover new config about requiring `extended_master_secret` extension: `require-ems`. --- rustls/examples/internal/bogo_shim_impl.rs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index d56ddecfde..839267abbd 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -86,6 +86,7 @@ struct Options { expect_version: u16, resumption_delay: u32, queue_early_data_after_received_messages: Vec, + require_ems: bool, } impl Options { @@ -135,6 +136,7 @@ impl Options { expect_version: 0, resumption_delay: 0, queue_early_data_after_received_messages: vec![], + require_ems: false, } } @@ -535,6 +537,7 @@ fn make_server_cfg(opts: &Options) -> Arc { cfg.session_storage = ServerCacheWithResumptionDelay::new(opts.resumption_delay); cfg.max_fragment_size = opts.max_fragment; cfg.send_tls13_tickets = 1; + cfg.require_ems = opts.require_ems; if opts.use_signing_scheme > 0 { let scheme = lookup_scheme(opts.use_signing_scheme); @@ -683,6 +686,7 @@ fn make_client_cfg(opts: &Options) -> Arc { cfg.resumption = Resumption::store(ClientCacheWithoutKxHints::new(opts.resumption_delay)); cfg.enable_sni = opts.use_sni; cfg.max_fragment_size = opts.max_fragment; + cfg.require_ems = opts.require_ems; if !opts.protocols.is_empty() { cfg.alpn_protocols = opts @@ -1260,6 +1264,9 @@ pub fn main() { opts.resumption_delay = args.remove(0).parse::().unwrap(); align_time(); } + "-expect-extended-master-secret" => { + opts.require_ems = true; + } // defaults: "-enable-all-curves" | @@ -1272,7 +1279,6 @@ pub fn main() { "-decline-alpn" | "-expect-no-session" | "-expect-session-miss" | - "-expect-extended-master-secret" | "-expect-ticket-renewal" | "-enable-ocsp-stapling" | // internal openssl details: From b11e9bf0f5b5d8ad7349c4cd3b38b0eb9e9ea050 Mon Sep 17 00:00:00 2001 From: dan Date: Wed, 24 Jan 2024 09:16:39 +0200 Subject: [PATCH 0685/1145] Clarify MAX_PAYLOAD comment --- rustls/src/msgs/message.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index bc4946ac29..ce80cf9eff 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -178,15 +178,14 @@ impl OpaqueMessage { } } - /// This is the maximum on-the-wire size of a TLSCiphertext. - /// That's 2^14 payload bytes, a header, and a 2KB allowance - /// for ciphertext overheads. - const MAX_PAYLOAD: u16 = 16384 + 2048; + /// Maximum message payload size. + /// That's 2^14 payload bytes and a 2KB allowance for ciphertext overheads. + const MAX_PAYLOAD: u16 = 16_384 + 2048; /// Content type, version and size. const HEADER_SIZE: u16 = 1 + 2 + 2; - /// Maximum on-wire message size. + /// Maximum on-the-wire message size. pub const MAX_WIRE_SIZE: usize = (Self::MAX_PAYLOAD + Self::HEADER_SIZE) as usize; } From 1853e3aad81b4a93eefb070751d08a1569c52857 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 29 Jan 2024 09:43:43 +0000 Subject: [PATCH 0686/1145] Move to aws-lc-rs 1.6 --- Cargo.lock | 13 +++++++------ rustls/Cargo.toml | 2 +- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5f2976cdaa..f9364e6f48 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -295,21 +295,22 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "aws-lc-rs" -version = "1.5.2" +version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7bc2aa0a35a53d7cfda07a69f74d67a918ced3ec1a607f5bce5da7c3aff6bab7" +checksum = "bb94ba389c4c48d9dc1983f8653cb92f7d9fc50b261e0501be2b7a636cbcbc4a" dependencies = [ "aws-lc-sys", "mirai-annotations", + "paste", "untrusted 0.7.1", "zeroize", ] [[package]] name = "aws-lc-sys" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2c6f9497a1bd3bed0a28a01b8836dbe9c7a2c521e47a14b165c64c4df592331" +checksum = "b6e564487156f6ea22217c06263abd92ee65e4d9ff3dbc1f99f703f060f94715" dependencies = [ "bindgen", "cmake", @@ -360,9 +361,9 @@ checksum = "7dfdb4953a096c551ce9ace855a604d702e6e62d77fac690575ae347571717f5" [[package]] name = "bindgen" -version = "0.68.1" +version = "0.69.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "726e4313eb6ec35d2730258ad4e15b547ee75d6afaa1361a922e78e59b7d8078" +checksum = "a4c69fae65a523209d34240b60abe0c42d33d1045d445c0839d8a4894a736e2d" dependencies = [ "bitflags 2.4.2", "cexpr", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index a24b4a7277..e2ccd7b8be 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -16,7 +16,7 @@ build = "build.rs" rustversion = { version = "1.0.6", optional = true } [dependencies] -aws-lc-rs = { version = "1.5", optional = true } +aws-lc-rs = { version = "1.6", optional = true } log = { version = "0.4.4", optional = true } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } From f902d142e1e0b0ae57b4fadffc49e305b3de1710 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 29 Jan 2024 09:55:18 +0000 Subject: [PATCH 0687/1145] Specify zeroize 1.7 for minimal-version checks Note we don't rely on 1.7 features, but -Zdirect-minimal-versions doesn't handle the case where one of our dependencies requires a later version: it errors rather than yielding a solution with two versions of zeroize. --- rustls/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index e2ccd7b8be..f01b801961 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -22,7 +22,7 @@ ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } webpki = { package = "rustls-webpki", version = "0.102.1", features = ["std"], default-features = false } pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } -zeroize = "1.6.0" +zeroize = "1.7" [features] default = ["logging", "ring", "tls12"] From c1c917cfbecdf5c3d4035d852c198b0308b11899 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 30 Jan 2024 10:51:54 +0000 Subject: [PATCH 0688/1145] Remove work-around for loading SEC1-format ECDSA keys --- rustls/src/crypto/aws_lc_rs/sign.rs | 61 +---------------------------- 1 file changed, 2 insertions(+), 59 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/sign.rs b/rustls/src/crypto/aws_lc_rs/sign.rs index 93c3e3128b..79397ef93f 100644 --- a/rustls/src/crypto/aws_lc_rs/sign.rs +++ b/rustls/src/crypto/aws_lc_rs/sign.rs @@ -3,9 +3,7 @@ use crate::enums::{SignatureAlgorithm, SignatureScheme}; use crate::error::Error; use crate::sign::{Signer, SigningKey}; -use crate::x509::{asn1_wrap, wrap_in_sequence}; -use super::ring_like::io::der; use super::ring_like::rand::SystemRandom; use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; @@ -222,9 +220,8 @@ impl EcdsaSigningKey { ) -> Result { let key_pair = match der { PrivateKeyDer::Sec1(sec1) => { - // TODO: once https://github.com/aws/aws-lc-rs/pull/259 is released, we - // can delete `convert_sec1_to_pkcs8` and use `EcdsaKeyPair::from_private_key_der` - Self::convert_sec1_to_pkcs8(scheme, sigalg, sec1.secret_sec1_der())? + EcdsaKeyPair::from_private_key_der(sigalg, sec1.secret_sec1_der()) + .map_err(|_| ())? } PrivateKeyDer::Pkcs8(pkcs8) => { EcdsaKeyPair::from_pkcs8(sigalg, pkcs8.secret_pkcs8_der()).map_err(|_| ())? @@ -237,62 +234,8 @@ impl EcdsaSigningKey { scheme, }) } - - /// Convert a SEC1 encoding to PKCS8, and ask ring to parse it. This - /// can be removed once - /// (or equivalent) is landed. - fn convert_sec1_to_pkcs8( - scheme: SignatureScheme, - sigalg: &'static signature::EcdsaSigningAlgorithm, - maybe_sec1_der: &[u8], - ) -> Result { - let pkcs8_prefix = match scheme { - SignatureScheme::ECDSA_NISTP256_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256, - SignatureScheme::ECDSA_NISTP384_SHA384 => &PKCS8_PREFIX_ECDSA_NISTP384, - SignatureScheme::ECDSA_NISTP521_SHA512 => &PKCS8_PREFIX_ECDSA_NISTP521, - _ => unreachable!(), // all callers are in this file - }; - - let sec1_wrap = asn1_wrap(der::Tag::OctetString as u8, maybe_sec1_der); - - let mut pkcs8_inner = Vec::with_capacity(pkcs8_prefix.len() + sec1_wrap.len()); - pkcs8_inner.extend_from_slice(pkcs8_prefix); - pkcs8_inner.extend_from_slice(&sec1_wrap); - - EcdsaKeyPair::from_pkcs8(sigalg, &wrap_in_sequence(&pkcs8_inner)).map_err(|_| ()) - } } -// This is (line-by-line): -// - INTEGER Version = 0 -// - SEQUENCE (privateKeyAlgorithm) -// - id-ecPublicKey OID -// - prime256v1 OID -const PKCS8_PREFIX_ECDSA_NISTP256: &[u8] = b"\x02\x01\x00\ - \x30\x13\ - \x06\x07\x2a\x86\x48\xce\x3d\x02\x01\ - \x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"; - -// This is (line-by-line): -// - INTEGER Version = 0 -// - SEQUENCE (privateKeyAlgorithm) -// - id-ecPublicKey OID -// - secp384r1 OID -const PKCS8_PREFIX_ECDSA_NISTP384: &[u8] = b"\x02\x01\x00\ - \x30\x10\ - \x06\x07\x2a\x86\x48\xce\x3d\x02\x01\ - \x06\x05\x2b\x81\x04\x00\x22"; - -// This is (line-by-line): -// - INTEGER Version = 0 -// - SEQUENCE (privateKeyAlgorithm) -// - id-ecPublicKey OID -// - secp521r1 OID -const PKCS8_PREFIX_ECDSA_NISTP521: &[u8] = b"\x02\x01\x00\ - \x30\x10\ - \x06\x07\x2a\x86\x48\xce\x3d\x02\x01\ - \x06\x05\x2b\x81\x04\x00\x23"; - impl SigningKey for EcdsaSigningKey { fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option> { if offered.contains(&self.scheme) { From d8b918c74dd2a8ad11534c9ffd508dc03662900b Mon Sep 17 00:00:00 2001 From: Josh Triplett Date: Tue, 30 Jan 2024 12:01:22 -0800 Subject: [PATCH 0689/1145] Depend on `aws-lc-rs` with `default-features = false` rustls does not seem to need the ring-io or ring-sig-verify features, and omitting them avoids a dependency on an old version of the `untrusted` crate. --- rustls/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index f01b801961..2b9e1ea7eb 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -16,7 +16,7 @@ build = "build.rs" rustversion = { version = "1.0.6", optional = true } [dependencies] -aws-lc-rs = { version = "1.6", optional = true } +aws-lc-rs = { version = "1.6", optional = true, default-features = false, features = ["aws-lc-sys"] } log = { version = "0.4.4", optional = true } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } From 15d64283c255309996116211781dae86ce59bc54 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 6 Oct 2023 11:54:54 +0100 Subject: [PATCH 0690/1145] aws-lc-rs: avoid chaha20poly1305 for ticketer algorithm --- rustls/src/crypto/aws_lc_rs/mod.rs | 3 +++ rustls/src/crypto/ring/mod.rs | 3 +++ rustls/src/crypto/ring/ticketer.rs | 15 +++++++-------- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index a2285a1336..cd77c5ad22 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -197,3 +197,6 @@ mod ring_shim { }) } } + +/// AEAD algorithm that is used by `mod ticketer`. +pub(super) static TICKETER_AEAD: &ring_like::aead::Algorithm = &ring_like::aead::AES_256_GCM; diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index b6f7457280..42bb4f262d 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -189,3 +189,6 @@ mod ring_shim { .map_err(|_| ()) } } + +/// AEAD algorithm that is used by `mod ticketer`. +pub(super) static TICKETER_AEAD: &ring_like::aead::Algorithm = &ring_like::aead::CHACHA20_POLY1305; diff --git a/rustls/src/crypto/ring/ticketer.rs b/rustls/src/crypto/ring/ticketer.rs index 3282ec1e0b..89d4cbc900 100644 --- a/rustls/src/crypto/ring/ticketer.rs +++ b/rustls/src/crypto/ring/ticketer.rs @@ -6,6 +6,7 @@ use crate::server::ProducesTickets; use super::ring_like::aead; use super::ring_like::rand::{SecureRandom, SystemRandom}; +use super::TICKETER_AEAD; use alloc::boxed::Box; use alloc::sync::Arc; @@ -20,7 +21,8 @@ impl Ticketer { /// Make the recommended Ticketer. This produces tickets /// with a 12 hour life and randomly generated keys. /// - /// The encryption mechanism used is Chacha20Poly1305. + /// The encryption mechanism used is injected via TICKETER_AEAD; + /// it must take a 256-bit key and 96-bit nonce. pub fn new() -> Result, Error> { Ok(Arc::new(crate::ticketer::TicketSwitcher::new( 6 * 60 * 60, @@ -35,11 +37,10 @@ fn make_ticket_generator() -> Result, GetRandomFailed> .fill(&mut key) .map_err(|_| GetRandomFailed)?; - let alg = &aead::CHACHA20_POLY1305; - let key = aead::UnboundKey::new(alg, &key).unwrap(); + let key = aead::UnboundKey::new(TICKETER_AEAD, &key).unwrap(); Ok(Box::new(AeadTicketer { - alg, + alg: TICKETER_AEAD, key: aead::LessSafeKey::new(key), lifetime: 60 * 60 * 12, })) @@ -202,10 +203,8 @@ mod tests { let t = make_ticket_generator().unwrap(); - assert_eq!( - format!("{:?}", t), - "AeadTicketer { alg: CHACHA20_POLY1305, lifetime: 43200 }" - ); + let expect = format!("AeadTicketer {{ alg: {TICKETER_AEAD:?}, lifetime: 43200 }}"); + assert_eq!(format!("{:?}", t), expect); assert!(t.enabled()); assert_eq!(t.lifetime(), 43200); } From c83b4243b6a740ad7379d0e49e4a0c6d9154fa04 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 6 Oct 2023 12:56:55 +0100 Subject: [PATCH 0691/1145] Expose FIPS "service indicator" This means a `ClientConfig` and `ServerConfig` can be asked whether it is in fips mode, and it answers by asking the same of all its constituent cryptography. Take new rustls-webpki and pki-types to ask the same of `SignatureVerificationAlgorithm`. --- Cargo.lock | 27 ++++++++------------- fuzz/Cargo.lock | 8 +++---- rustls/Cargo.toml | 4 ++-- rustls/src/client/client_conn.rs | 6 +++++ rustls/src/crypto/aws_lc_rs/mod.rs | 26 ++++++++++++++++++-- rustls/src/crypto/aws_lc_rs/tls12.rs | 12 ++++++++++ rustls/src/crypto/aws_lc_rs/tls13.rs | 16 +++++++++++++ rustls/src/crypto/cipher.rs | 10 ++++++++ rustls/src/crypto/hash.rs | 5 ++++ rustls/src/crypto/hmac.rs | 5 ++++ rustls/src/crypto/mod.rs | 36 ++++++++++++++++++++++++++++ rustls/src/crypto/ring/hash.rs | 4 ++++ rustls/src/crypto/ring/hmac.rs | 4 ++++ rustls/src/crypto/ring/kx.rs | 4 ++++ rustls/src/crypto/ring/mod.rs | 4 ++++ rustls/src/crypto/ring/quic.rs | 4 ++++ rustls/src/crypto/ring/tls12.rs | 8 +++++++ rustls/src/crypto/ring/tls13.rs | 16 +++++++++++++ rustls/src/crypto/tls12.rs | 5 ++++ rustls/src/crypto/tls13.rs | 5 ++++ rustls/src/quic.rs | 5 ++++ rustls/src/server/server_conn.rs | 6 +++++ rustls/src/suites.rs | 18 ++++++++++++++ rustls/src/tls12/mod.rs | 7 ++++++ rustls/src/tls13/mod.rs | 16 +++++++++++++ rustls/src/webpki/verify.rs | 9 +++++++ rustls/tests/api.rs | 24 +++++++++++++++++++ 27 files changed, 269 insertions(+), 25 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f9364e6f48..88f80a3b25 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -302,7 +302,6 @@ dependencies = [ "aws-lc-sys", "mirai-annotations", "paste", - "untrusted 0.7.1", "zeroize", ] @@ -1930,7 +1929,7 @@ dependencies = [ "getrandom", "libc", "spin 0.9.8", - "untrusted 0.9.0", + "untrusted", "windows-sys 0.48.0", ] @@ -2027,7 +2026,7 @@ dependencies = [ "ring", "rustls-pemfile 2.0.0", "rustls-pki-types", - "rustls-webpki 0.102.1", + "rustls-webpki 0.102.2", "rustversion", "subtle", "webpki-roots 0.26.0", @@ -2100,9 +2099,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.1.0" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e9d979b3ce68192e42760c7810125eb6cf2ea10efae545a156063e61f314e2a" +checksum = "0a716eb65e3158e90e17cd93d855216e27bde02745ab842f2cab4a39dba1bacf" [[package]] name = "rustls-provider-example" @@ -2124,7 +2123,7 @@ dependencies = [ "rsa", "rustls 0.23.0-alpha.0", "rustls-pki-types", - "rustls-webpki 0.102.1", + "rustls-webpki 0.102.2", "serde", "serde_json", "sha2", @@ -2140,19 +2139,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ "ring", - "untrusted 0.9.0", + "untrusted", ] [[package]] name = "rustls-webpki" -version = "0.102.1" +version = "0.102.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef4ca26037c909dedb327b48c3327d0ba91d3dd3c4e05dad328f210ffb68e95b" +checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" dependencies = [ "aws-lc-rs", "ring", "rustls-pki-types", - "untrusted 0.9.0", + "untrusted", ] [[package]] @@ -2180,7 +2179,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ "ring", - "untrusted 0.9.0", + "untrusted", ] [[package]] @@ -2534,12 +2533,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - [[package]] name = "untrusted" version = "0.9.0" diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index ccfb275a44..8bde904da5 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -92,15 +92,15 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.0.1" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7673e0aa20ee4937c6aacfc12bb8341cfbf054cdd21df6bec5fd0629fe9339b" +checksum = "0a716eb65e3158e90e17cd93d855216e27bde02745ab842f2cab4a39dba1bacf" [[package]] name = "rustls-webpki" -version = "0.102.1" +version = "0.102.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef4ca26037c909dedb327b48c3327d0ba91d3dd3c4e05dad328f210ffb68e95b" +checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" dependencies = [ "ring", "rustls-pki-types", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 2b9e1ea7eb..3349fa51c4 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -20,8 +20,8 @@ aws-lc-rs = { version = "1.6", optional = true, default-features = false, featur log = { version = "0.4.4", optional = true } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } -webpki = { package = "rustls-webpki", version = "0.102.1", features = ["std"], default-features = false } -pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } +webpki = { package = "rustls-webpki", version = "0.102.2", features = ["std"], default-features = false } +pki-types = { package = "rustls-pki-types", version = "1.2", features = ["std"] } zeroize = "1.7" [features] diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 15a22f77d5..727a547490 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -266,6 +266,12 @@ impl ClientConfig { } } + /// Return true if connections made with this `ClientConfig` will + /// operate in FIPS mode. + pub fn fips(&self) -> bool { + self.provider.fips() + } + /// We support a given TLS version if it's quoted in the configured /// versions *and* at least one ciphersuite for this version is /// also configured. diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index cd77c5ad22..d03cc75217 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -35,8 +35,17 @@ pub(crate) mod tls13; /// A `CryptoProvider` backed by aws-lc-rs. pub fn default_provider() -> CryptoProvider { CryptoProvider { - cipher_suites: DEFAULT_CIPHER_SUITES.to_vec(), - kx_groups: ALL_KX_GROUPS.to_vec(), + // TODO: make this filtering conditional on fips feature + cipher_suites: DEFAULT_CIPHER_SUITES + .iter() + .filter(|cs| cs.fips()) + .copied() + .collect(), + kx_groups: ALL_KX_GROUPS + .iter() + .filter(|kx| kx.fips()) + .copied() + .collect(), signature_verification_algorithms: SUPPORTED_SIG_ALGS, secure_random: &AwsLcRs, key_provider: &AwsLcRs, @@ -54,6 +63,10 @@ impl SecureRandom for AwsLcRs { .fill(buf) .map_err(|_| GetRandomFailed) } + + fn fips(&self) -> bool { + fips() + } } impl KeyProvider for AwsLcRs { @@ -63,6 +76,10 @@ impl KeyProvider for AwsLcRs { ) -> Result, Error> { sign::any_supported_type(&key_der) } + + fn fips(&self) -> bool { + fips() + } } /// The cipher suite configuration that an application should use by default. @@ -200,3 +217,8 @@ mod ring_shim { /// AEAD algorithm that is used by `mod ticketer`. pub(super) static TICKETER_AEAD: &ring_like::aead::Algorithm = &ring_like::aead::AES_256_GCM; + +/// Are we in FIPS mode? +pub(super) fn fips() -> bool { + aws_lc_rs::try_fips_mode().is_ok() +} diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 0ef42f68b0..9e4c2a3646 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -188,6 +188,10 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { iv: gcm_iv(write_iv, explicit), }) } + + fn fips(&self) -> bool { + super::fips() + } } pub(crate) struct ChaCha20Poly1305; @@ -234,6 +238,10 @@ impl Tls12AeadAlgorithm for ChaCha20Poly1305 { iv: Iv::new(iv[..].try_into().unwrap()), }) } + + fn fips(&self) -> bool { + false // not FIPS approved + } } /// A `MessageEncrypter` for AES-GCM AEAD ciphersuites. TLS 1.2 only. @@ -441,4 +449,8 @@ impl Prf for Tls12Prf { ); Ok(()) } + + fn fips(&self) -> bool { + super::fips() + } } diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index 782ad40df6..745f184ccd 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -106,6 +106,10 @@ impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { ) -> Result { Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) } + + fn fips(&self) -> bool { + false // not FIPS approved + } } struct Aes256GcmAead(AeadAlgorithm); @@ -130,6 +134,10 @@ impl Tls13AeadAlgorithm for Aes256GcmAead { ) -> Result { Ok(ConnectionTrafficSecrets::Aes256Gcm { key, iv }) } + + fn fips(&self) -> bool { + super::fips() + } } struct Aes128GcmAead(AeadAlgorithm); @@ -154,6 +162,10 @@ impl Tls13AeadAlgorithm for Aes128GcmAead { ) -> Result { Ok(ConnectionTrafficSecrets::Aes128Gcm { key, iv }) } + + fn fips(&self) -> bool { + super::fips() + } } // common encrypter/decrypter/key_len items for above Tls13AeadAlgorithm impls @@ -354,6 +366,10 @@ impl Hkdf for RingHkdf { fn hmac_sign(&self, key: &OkmBlock, message: &[u8]) -> crypto::hmac::Tag { crypto::hmac::Tag::new(hmac::sign(&hmac::Key::new(self.1, key.as_ref()), message).as_ref()) } + + fn fips(&self) -> bool { + super::fips() + } } struct RingHkdfExpander { diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 2ebc5a5cb4..9f2fcb5b15 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -34,6 +34,11 @@ pub trait Tls13AeadAlgorithm: Send + Sync { key: AeadKey, iv: Iv, ) -> Result; + + /// Return `true` if this is backed by a FIPS-approved implementation. + fn fips(&self) -> bool { + false + } } /// Factory trait for building `MessageEncrypter` and `MessageDecrypter` for a TLS1.2 cipher suite. @@ -75,6 +80,11 @@ pub trait Tls12AeadAlgorithm: Send + Sync + 'static { iv: &[u8], explicit: &[u8], ) -> Result; + + /// Return `true` if this is backed by a FIPS-approved implementation. + fn fips(&self) -> bool { + false + } } /// An error indicating that the AEAD algorithm does not support the requested operation. diff --git a/rustls/src/crypto/hash.rs b/rustls/src/crypto/hash.rs index 7f645f5443..6c07f7f438 100644 --- a/rustls/src/crypto/hash.rs +++ b/rustls/src/crypto/hash.rs @@ -18,6 +18,11 @@ pub trait Hash: Send + Sync { /// Which hash function this is, eg, `HashAlgorithm::SHA256`. fn algorithm(&self) -> HashAlgorithm; + + /// Return `true` if this is backed by a FIPS-approved implementation. + fn fips(&self) -> bool { + false + } } /// A hash output, stored as a value. diff --git a/rustls/src/crypto/hmac.rs b/rustls/src/crypto/hmac.rs index 16cca43aa7..6960b7e65b 100644 --- a/rustls/src/crypto/hmac.rs +++ b/rustls/src/crypto/hmac.rs @@ -12,6 +12,11 @@ pub trait Hmac: Send + Sync { /// Give the length of the underlying hash function. In RFC2104 terminology this is `L`. fn hash_output_len(&self) -> usize; + + /// Return `true` if this is backed by a FIPS-approved implementation. + fn fips(&self) -> bool { + false + } } /// A HMAC tag, stored as a value. diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index d0ab66c952..efc4c44e66 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -186,6 +186,24 @@ pub struct CryptoProvider { pub key_provider: &'static dyn KeyProvider, } +impl CryptoProvider { + /// Returns `true` if this `CryptoProvider` is operating in FIPS mode. + pub fn fips(&self) -> bool { + let Self { + cipher_suites, + kx_groups, + signature_verification_algorithms, + secure_random, + key_provider, + } = self; + cipher_suites.iter().all(|cs| cs.fips()) + && kx_groups.iter().all(|kx| kx.fips()) + && signature_verification_algorithms.fips() + && secure_random.fips() + && key_provider.fips() + } +} + /// A source of cryptographically secure randomness. pub trait SecureRandom: Send + Sync + Debug { /// Fill the given buffer with random bytes. @@ -199,6 +217,11 @@ pub trait SecureRandom: Send + Sync + Debug { /// an ephemeral key exchange key, but this is not included in the interface with /// rustls: it is assumed that the cryptography library provides for this itself. fn fill(&self, buf: &mut [u8]) -> Result<(), GetRandomFailed>; + + /// Return `true` if this is backed by a FIPS-approved implementation. + fn fips(&self) -> bool { + false + } } /// A mechanism for loading private [SigningKey]s from [PrivateKeyDer]. @@ -221,6 +244,14 @@ pub trait KeyProvider: Send + Sync + Debug { &self, key_der: PrivateKeyDer<'static>, ) -> Result, Error>; + + /// Return `true` if this is backed by a FIPS-approved implementation. + /// + /// If this returns `true`, that must be the case for all possible key types + /// supported by [`KeyProvider::load_private_key()`]. + fn fips(&self) -> bool { + false + } } /// A supported key exchange group. @@ -247,6 +278,11 @@ pub trait SupportedKxGroup: Send + Sync + Debug { /// If the `NamedGroup` enum does not have a name for the algorithm you are implementing, /// you can use [`NamedGroup::Unknown`]. fn name(&self) -> NamedGroup; + + /// Return `true` if this is backed by a FIPS-approved implementation. + fn fips(&self) -> bool { + false + } } /// An in-progress key exchange originating from a [`SupportedKxGroup`]. diff --git a/rustls/src/crypto/ring/hash.rs b/rustls/src/crypto/ring/hash.rs index f97c101122..41f4098107 100644 --- a/rustls/src/crypto/ring/hash.rs +++ b/rustls/src/crypto/ring/hash.rs @@ -29,6 +29,10 @@ impl crypto::hash::Hash for Hash { fn algorithm(&self) -> HashAlgorithm { self.1 } + + fn fips(&self) -> bool { + super::fips() + } } struct Context(digest::Context); diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index 47c7ec50fe..8e93d2f834 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -23,6 +23,10 @@ impl crypto::hmac::Hmac for Hmac { fn hash_output_len(&self) -> usize { self.0.digest_algorithm().output_len() } + + fn fips(&self) -> bool { + super::fips() + } } struct Key(ring_like::hmac::Key); diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index 72c10cfa38..a9a79070ec 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -44,6 +44,10 @@ impl SupportedKxGroup for KxGroup { fn name(&self) -> NamedGroup { self.name } + + fn fips(&self) -> bool { + super::fips() + } } impl fmt::Debug for KxGroup { diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 42bb4f262d..f69c7f72b6 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -192,3 +192,7 @@ mod ring_shim { /// AEAD algorithm that is used by `mod ticketer`. pub(super) static TICKETER_AEAD: &ring_like::aead::Algorithm = &ring_like::aead::CHACHA20_POLY1305; + +pub(super) fn fips() -> bool { + false +} diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 2d6669cae2..611e3791d3 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -177,6 +177,10 @@ impl crate::quic::Algorithm for KeyBuilder { fn aead_key_len(&self) -> usize { self.0.key_len() } + + fn fips(&self) -> bool { + super::fips() + } } #[cfg(test)] diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index e79d6a5c5c..d7b3572ab1 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -173,6 +173,10 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { iv: gcm_iv(write_iv, explicit), }) } + + fn fips(&self) -> bool { + super::fips() + } } pub(crate) struct ChaCha20Poly1305; @@ -219,6 +223,10 @@ impl Tls12AeadAlgorithm for ChaCha20Poly1305 { iv: Iv::new(iv[..].try_into().unwrap()), }) } + + fn fips(&self) -> bool { + false // not fips approved + } } /// A `MessageEncrypter` for AES-GCM AEAD ciphersuites. TLS 1.2 only. diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 630232b771..85ee9bcd4c 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -94,6 +94,10 @@ impl Tls13AeadAlgorithm for Chacha20Poly1305Aead { ) -> Result { Ok(ConnectionTrafficSecrets::Chacha20Poly1305 { key, iv }) } + + fn fips(&self) -> bool { + false // chacha20poly1305 not FIPS approved + } } struct Aes256GcmAead(AeadAlgorithm); @@ -118,6 +122,10 @@ impl Tls13AeadAlgorithm for Aes256GcmAead { ) -> Result { Ok(ConnectionTrafficSecrets::Aes256Gcm { key, iv }) } + + fn fips(&self) -> bool { + super::fips() + } } struct Aes128GcmAead(AeadAlgorithm); @@ -142,6 +150,10 @@ impl Tls13AeadAlgorithm for Aes128GcmAead { ) -> Result { Ok(ConnectionTrafficSecrets::Aes128Gcm { key, iv }) } + + fn fips(&self) -> bool { + super::fips() + } } // common encrypter/decrypter/key_len items for above Tls13AeadAlgorithm impls @@ -267,6 +279,10 @@ impl Hkdf for RingHkdf { fn hmac_sign(&self, key: &OkmBlock, message: &[u8]) -> crypto::hmac::Tag { crypto::hmac::Tag::new(hmac::sign(&hmac::Key::new(self.1, key.as_ref()), message).as_ref()) } + + fn fips(&self) -> bool { + super::fips() + } } struct RingHkdfExpander { diff --git a/rustls/src/crypto/tls12.rs b/rustls/src/crypto/tls12.rs index ea01b68d81..df373faf62 100644 --- a/rustls/src/crypto/tls12.rs +++ b/rustls/src/crypto/tls12.rs @@ -63,6 +63,11 @@ pub trait Prf: Send + Sync { /// /// The caller guarantees that `secret`, `label`, and `seed` are non-empty. fn for_secret(&self, output: &mut [u8], secret: &[u8], label: &[u8], seed: &[u8]); + + /// Return `true` if this is backed by a FIPS-approved implementation. + fn fips(&self) -> bool { + false + } } pub(crate) fn prf(out: &mut [u8], hmac_key: &dyn hmac::Key, label: &[u8], seed: &[u8]) { diff --git a/rustls/src/crypto/tls13.rs b/rustls/src/crypto/tls13.rs index 3130faea8d..9637218b6b 100644 --- a/rustls/src/crypto/tls13.rs +++ b/rustls/src/crypto/tls13.rs @@ -176,6 +176,11 @@ pub trait Hkdf: Send + Sync { /// See [RFC2104](https://datatracker.ietf.org/doc/html/rfc2104) for the /// definition of HMAC. fn hmac_sign(&self, key: &OkmBlock, message: &[u8]) -> hmac::Tag; + + /// Return `true` if this is backed by a FIPS-approved implementation. + fn fips(&self) -> bool { + false + } } /// `HKDF-Expand(PRK, info, L)` to construct any type from a byte array. diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index ba6b1c6c16..10fe7c0763 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -587,6 +587,11 @@ pub trait Algorithm: Send + Sync { /// /// This controls the size of `AeadKey`s presented to `packet_key()` and `header_protection_key()`. fn aead_key_len(&self) -> usize; + + /// Whether this algorithm is FIPS-approved. + fn fips(&self) -> bool { + false + } } /// A QUIC header protection key diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index e37f49ed01..8b4e933491 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -403,6 +403,12 @@ impl ServerConfig { } } + /// Return `true` if connections made with this `ServerConfig` will + /// operate in FIPS mode. + pub fn fips(&self) -> bool { + self.provider.fips() + } + /// We support a given TLS version if it's quoted in the configured /// versions *and* at least one ciphersuite for this version is /// also configured. diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 575acf753c..c9695a2597 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -41,6 +41,15 @@ pub struct CipherSuiteCommon { pub integrity_limit: u64, } +impl CipherSuiteCommon { + /// Return `true` if this is backed by a FIPS-approved implementation. + /// + /// This means all the constituent parts that do cryptography return `true` for `fips()`. + pub fn fips(&self) -> bool { + self.hash_provider.fips() + } +} + /// A cipher suite supported by rustls. /// /// This type carries both configuration and implementation. Compare with @@ -117,6 +126,15 @@ impl SupportedCipherSuite { .is_some(), } } + + /// Return `true` if this is backed by a FIPS-approved implementation. + pub fn fips(&self) -> bool { + match self { + #[cfg(feature = "tls12")] + Self::Tls12(cs) => cs.fips(), + Self::Tls13(cs) => cs.fips(), + } + } } impl fmt::Debug for SupportedCipherSuite { diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index ceb746ced1..9f492ac389 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -62,6 +62,13 @@ impl Tls12CipherSuite { .cloned() .collect() } + + /// Return `true` if this is backed by a FIPS-approved implementation. + /// + /// This means all the constituent parts that do cryptography return `true` for `fips()`. + pub fn fips(&self) -> bool { + self.common.fips() && self.prf_provider.fips() && self.aead_alg.fips() + } } impl From<&'static Tls12CipherSuite> for SupportedCipherSuite { diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index b4e38f0fa9..d9676071aa 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -42,6 +42,22 @@ impl Tls13CipherSuite { (prev.common.hash_provider.algorithm() == self.common.hash_provider.algorithm()) .then(|| prev) } + + /// Return `true` if this is backed by a FIPS-approved implementation. + /// + /// This means all the constituent parts that do cryptography return `true` for `fips()`. + pub fn fips(&self) -> bool { + let Self { + common, + hkdf_provider, + aead_alg, + quic, + } = self; + common.fips() + && hkdf_provider.fips() + && aead_alg.fips() + && quic.map(|q| q.fips()).unwrap_or(true) + } } impl From<&'static Tls13CipherSuite> for SupportedCipherSuite { diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 474a57014b..f2cb7395b8 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -100,6 +100,15 @@ impl WebPkiSupportedAlgorithms { .next() .ok_or_else(|| PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()) } + + /// Return `true` if all cryptography is FIPS-approved. + pub fn fips(&self) -> bool { + self.all.iter().all(|alg| alg.fips()) + && self + .mapping + .iter() + .all(|item| item.1.iter().all(|alg| alg.fips())) + } } impl fmt::Debug for WebPkiSupportedAlgorithms { diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 68ab650ef7..d2adc738ad 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5763,3 +5763,27 @@ fn test_client_removes_tls12_session_if_server_sends_undecryptable_first_message ClientStorageOp::RemoveTls12Session(_) )); } + +#[cfg(feature = "ring")] +#[test] +fn test_client_fips_service_indicator() { + assert!(!make_client_config(KeyType::Rsa).fips()); +} + +#[cfg(feature = "ring")] +#[test] +fn test_server_fips_service_indicator() { + assert!(!make_server_config(KeyType::Rsa).fips()); +} + +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +#[test] +fn test_client_fips_service_indicator() { + assert!(make_client_config(KeyType::Rsa).fips()); +} + +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +#[test] +fn test_server_fips_service_indicator() { + assert!(make_server_config(KeyType::Rsa).fips()); +} From 6bd851e72e3658963800e815e5fb3881f6fdfa11 Mon Sep 17 00:00:00 2001 From: Sean McGrail Date: Thu, 4 Jan 2024 17:45:14 +0000 Subject: [PATCH 0692/1145] Add 'fips' Cargo feature Add `rustls::crypto::default_fips_provider()` behind this feature. --- .github/workflows/build.yml | 22 +++++++- Cargo.lock | 15 ++++++ admin/coverage | 2 + rustls/Cargo.toml | 1 + rustls/examples/internal/bench_impl.rs | 5 +- rustls/src/client/client_conn.rs | 33 ++++++++---- rustls/src/crypto/aws_lc_rs/mod.rs | 69 +++++++++++++++++++++----- rustls/src/crypto/mod.rs | 46 ++++++++++++++++- rustls/src/crypto/ring/mod.rs | 2 - rustls/src/lib.rs | 4 ++ rustls/src/server/server_conn.rs | 35 ++++++++----- rustls/tests/api.rs | 40 +++++++++++---- rustls/tests/common/mod.rs | 13 +++-- 13 files changed, 227 insertions(+), 60 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 52dd189fd6..33911deedc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -43,11 +43,17 @@ jobs: if: runner.os == 'Windows' uses: ilammy/setup-nasm@v1 + - name: Install ninja-build tool for aws-lc-fips-sys on Windows + if: runner.os == 'Windows' + uses: seanmiddleditch/gha-setup-ninja@v4 + - name: cargo build (debug; default features) run: cargo build --locked - - name: cargo test (debug; all features) - run: cargo test --locked --all-features + # nb. feature sets that include "fips" should be --release -- + # this is required for fips on windows. + - name: cargo test (release; all features) + run: cargo test --release --locked --all-features env: RUST_BACKTRACE: 1 @@ -56,6 +62,11 @@ jobs: env: RUST_BACKTRACE: 1 + - name: cargo test (release; fips) + run: cargo test --release --no-default-features --features fips,tls12,read_buf,logging + env: + RUST_BACKTRACE: 1 + - name: cargo build (debug; rustls-provider-example) run: cargo build --locked -p rustls-provider-example @@ -111,6 +122,10 @@ jobs: run: cargo test --no-default-features --features aws_lc_rs,tls12 working-directory: rustls + - name: cargo test (debug; no default features; fips,tls12) + run: cargo test --no-default-features --features fips,tls12 + working-directory: rustls + - name: cargo test (release; no run) run: cargo test --locked --release --no-run working-directory: rustls @@ -186,6 +201,9 @@ jobs: - name: Smoke-test benchmark program (aws-lc-rs) run: cargo run -p rustls --release --locked --example bench --no-default-features --features aws_lc_rs,tls12 + - name: Smoke-test benchmark program (fips) + run: cargo run -p rustls --release --locked --example bench --no-default-features --features fips,tls12 + - name: Run micro-benchmarks run: cargo bench --locked --all-features env: diff --git a/Cargo.lock b/Cargo.lock index 88f80a3b25..a2e98971d2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -293,12 +293,27 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +[[package]] +name = "aws-lc-fips-sys" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07fcdffa26123df7f3cf4215be038e3836734f31154abd602195a7ca5ef9623b" +dependencies = [ + "bindgen", + "cmake", + "dunce", + "fs_extra", + "libc", + "paste", +] + [[package]] name = "aws-lc-rs" version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bb94ba389c4c48d9dc1983f8653cb92f7d9fc50b261e0501be2b7a636cbcbc4a" dependencies = [ + "aws-lc-fips-sys", "aws-lc-sys", "mirai-annotations", "paste", diff --git a/admin/coverage b/admin/coverage index 18d6375659..70076acea9 100755 --- a/admin/coverage +++ b/admin/coverage @@ -7,6 +7,8 @@ cargo llvm-cov clean --workspace cargo build --locked --all-targets --all-features cargo test --locked --all-features +cargo test --locked --no-default-features --features tls12,logging,aws_lc_rs,fips +cargo test --locked --no-default-features --features tls12,logging,ring ## bogo cargo test --locked --all-features run_bogo_tests_ring -- --ignored diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 3349fa51c4..c570426805 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -31,6 +31,7 @@ aws_lc_rs = ["dep:aws-lc-rs", "webpki/aws_lc_rs"] ring = ["dep:ring", "webpki/ring"] tls12 = [] read_buf = ["rustversion"] +fips = ["aws_lc_rs", "aws-lc-rs?/fips"] [dev-dependencies] base64 = "0.21" diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index b6ec58f80b..160db03123 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -173,13 +173,13 @@ impl BenchmarkParam { } static ALL_BENCHMARKS: &[BenchmarkParam] = &[ - #[cfg(feature = "tls12")] + #[cfg(all(feature = "tls12", not(feature = "fips")))] BenchmarkParam::new( KeyType::Rsa, cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, &rustls::version::TLS12, ), - #[cfg(feature = "tls12")] + #[cfg(all(feature = "tls12", not(feature = "fips")))] BenchmarkParam::new( KeyType::EcdsaP256, cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, @@ -209,6 +209,7 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[ cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, &rustls::version::TLS12, ), + #[cfg(not(feature = "fips"))] BenchmarkParam::new( KeyType::Rsa, cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 727a547490..ff94ab738e 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -1,6 +1,8 @@ use crate::builder::ConfigBuilder; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon}; +#[cfg(any(feature = "ring", feature = "fips"))] +use crate::crypto::default_provider; use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -14,7 +16,7 @@ use crate::suites::{ExtractedSecrets, SupportedCipherSuite}; use crate::unbuffered::{EncryptError, TransmitTlsData}; use crate::versions; use crate::KeyLog; -#[cfg(feature = "ring")] +#[cfg(any(feature = "ring", feature = "fips"))] use crate::WantsVerifier; use crate::{verify, WantsVersions}; @@ -220,31 +222,40 @@ pub struct ClientConfig { impl ClientConfig { /// Create a builder for a client configuration with the default - /// [`CryptoProvider`]: [`crypto::ring::default_provider`] and safe ciphersuite and - /// protocol defaults. + /// [`CryptoProvider`]. + /// + /// This is: + /// + /// - [`crypto::aws_lc_rs::default_provider`] if the `fips` crate feature is + /// enabled. + /// - [`crypto::ring::default_provider`] if the `ring` crate feature is + /// enabled and the `fips` crate feature is not enabled. + /// + /// If neither of these are true, this function is not available and you + /// must use [`ClientConfig::builder_with_provider()`] instead. /// /// For more information, see the [`ConfigBuilder`] documentation. - #[cfg(feature = "ring")] + #[cfg(any(feature = "ring", feature = "fips"))] pub fn builder() -> ConfigBuilder { - // Safety: we know the *ring* provider's ciphersuites are compatible with the safe default protocol versions. - Self::builder_with_provider(crate::crypto::ring::default_provider().into()) + // Safety: we know the *ring* and aws-lc-rs providers' ciphersuites are compatible with the safe default protocol versions. + Self::builder_with_provider(default_provider().into()) .with_safe_default_protocol_versions() .unwrap() } /// Create a builder for a client configuration with the default - /// [`CryptoProvider`]: [`crypto::ring::default_provider`], safe ciphersuite defaults and - /// the provided protocol versions. + /// [`CryptoProvider`] (see [`ClientConfig::builder()`] for details), safe + /// ciphersuite defaults and the provided protocol versions. /// /// Panics if provided an empty slice of supported versions. /// /// For more information, see the [`ConfigBuilder`] documentation. - #[cfg(feature = "ring")] + #[cfg(any(feature = "ring", feature = "fips"))] pub fn builder_with_protocol_versions( versions: &[&'static versions::SupportedProtocolVersion], ) -> ConfigBuilder { - // Safety: we know the *ring* provider's ciphersuites are compatible with all protocol version choices. - Self::builder_with_provider(crate::crypto::ring::default_provider().into()) + // Safety: we know the *ring* and aws-lc-rs providers' ciphersuites are compatible with all protocol version choices. + Self::builder_with_provider(default_provider().into()) .with_protocol_versions(versions) .unwrap() } diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index d03cc75217..512de10756 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -10,6 +10,7 @@ use pki_types::PrivateKeyDer; use webpki::aws_lc_rs as webpki_algs; use alloc::sync::Arc; +use alloc::vec::Vec; // aws-lc-rs has a -- roughly -- ring-compatible API, so we just reuse all that // glue here. The shared files should always use `super::ring_like` to access a @@ -35,23 +36,29 @@ pub(crate) mod tls13; /// A `CryptoProvider` backed by aws-lc-rs. pub fn default_provider() -> CryptoProvider { CryptoProvider { - // TODO: make this filtering conditional on fips feature - cipher_suites: DEFAULT_CIPHER_SUITES - .iter() - .filter(|cs| cs.fips()) - .copied() - .collect(), - kx_groups: ALL_KX_GROUPS - .iter() - .filter(|kx| kx.fips()) - .copied() - .collect(), + cipher_suites: DEFAULT_CIPHER_SUITES.to_vec(), + kx_groups: default_kx_groups(), signature_verification_algorithms: SUPPORTED_SIG_ALGS, secure_random: &AwsLcRs, key_provider: &AwsLcRs, } } +fn default_kx_groups() -> Vec<&'static dyn SupportedKxGroup> { + #[cfg(feature = "fips")] + { + ALL_KX_GROUPS + .iter() + .filter(|cs| cs.fips()) + .copied() + .collect() + } + #[cfg(not(feature = "fips"))] + { + ALL_KX_GROUPS.to_vec() + } +} + #[derive(Debug)] struct AwsLcRs; @@ -86,7 +93,26 @@ impl KeyProvider for AwsLcRs { /// /// This will be [`ALL_CIPHER_SUITES`] sans any supported cipher suites that /// shouldn't be enabled by most applications. -pub static DEFAULT_CIPHER_SUITES: &[SupportedCipherSuite] = ALL_CIPHER_SUITES; +pub static DEFAULT_CIPHER_SUITES: &[SupportedCipherSuite] = &[ + // TLS1.3 suites + tls13::TLS13_AES_256_GCM_SHA384, + tls13::TLS13_AES_128_GCM_SHA256, + #[cfg(not(feature = "fips"))] + tls13::TLS13_CHACHA20_POLY1305_SHA256, + // TLS1.2 suites + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + #[cfg(all(feature = "tls12", not(feature = "fips")))] + tls12::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + #[cfg(feature = "tls12")] + tls12::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + #[cfg(all(feature = "tls12", not(feature = "fips")))] + tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +]; /// A list of all the cipher suites supported by the rustls *ring* provider. pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[ @@ -200,6 +226,8 @@ pub mod kx_group { pub use kx::ALL_KX_GROUPS; pub use ticketer::Ticketer; +use super::SupportedKxGroup; + /// Compatibility shims between ring 0.16.x and 0.17.x API mod ring_shim { use super::ring_like; @@ -222,3 +250,20 @@ pub(super) static TICKETER_AEAD: &ring_like::aead::Algorithm = &ring_like::aead: pub(super) fn fips() -> bool { aws_lc_rs::try_fips_mode().is_ok() } + +#[cfg(test)] +mod tests { + #[cfg(feature = "fips")] + #[test] + fn default_suites_are_fips() { + assert!(super::DEFAULT_CIPHER_SUITES + .iter() + .all(|scs| scs.fips())); + } + + #[cfg(not(feature = "fips"))] + #[test] + fn default_suites() { + assert_eq!(super::DEFAULT_CIPHER_SUITES, super::ALL_CIPHER_SUITES); + } +} diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index efc4c44e66..43096663b3 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -69,7 +69,7 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// crate. /// - [`crypto::aws_lc_rs::default_provider`]: (behind the `aws_lc_rs` feature, /// which is optional). This provider uses the [aws-lc-rs](https://github.com/aws/aws-lc-rs) -/// crate. +/// crate. The `fips` crate feature makes this option use FIPS140-3-approved cryptography. /// /// This structure provides defaults. Everything in it can be overridden at /// runtime by replacing field values as needed. @@ -153,6 +153,12 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// [provider-example/]: https://github.com/rustls/rustls/tree/main/provider-example/ /// [rust-crypto]: https://github.com/rustcrypto /// [dalek-cryptography]: https://github.com/dalek-cryptography +/// +/// # FIPS-approved cryptography +/// The `fips` crate feature enables use of the `aws-lc-rs` crate in FIPS mode. +/// +/// You can verify the configuration at runtime by checking +/// [`ServerConfig::fips()`]/[`ClientConfig::fips()`] return `true`. #[derive(Debug, Clone)] pub struct CryptoProvider { /// List of supported ciphersuites, in preference order -- the first element @@ -330,3 +336,41 @@ impl From<&[u8]> for SharedSecret { Self(source.to_vec()) } } + +#[cfg(any(feature = "ring", feature = "fips"))] +pub(crate) fn default_provider() -> CryptoProvider { + #[cfg(all(feature = "ring", not(feature = "fips")))] + { + crate::crypto::ring::default_provider() + } + #[cfg(feature = "fips")] + { + crate::crypto::aws_lc_rs::default_provider() + } +} + +/// This function returns a [`CryptoProvider`] that uses +/// FIPS140-3-approved cryptography. +/// +/// You can use this like: +/// +/// ```rust +/// # #[cfg(feature = "fips")] { +/// # let root_store = rustls::RootCertStore::empty(); +/// let config = rustls::ClientConfig::builder_with_provider( +/// rustls::crypto::default_fips_provider().into() +/// ) +/// .with_safe_default_protocol_versions() +/// .unwrap() +/// .with_root_certificates(root_store) +/// .with_no_client_auth(); +/// # } +/// ``` +/// +/// This expresses in your code that you require FIPS-approved +/// cryptography, and will not compile if you make a mistake +/// with cargo features. +#[cfg(feature = "fips")] +pub fn default_fips_provider() -> CryptoProvider { + crate::crypto::aws_lc_rs::default_provider() +} diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index f69c7f72b6..2076455eed 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -78,13 +78,11 @@ pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[ tls12::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, #[cfg(feature = "tls12")] tls12::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - #[cfg(feature = "tls12")] tls12::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, #[cfg(feature = "tls12")] tls12::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, #[cfg(feature = "tls12")] tls12::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - #[cfg(feature = "tls12")] tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ]; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 51460b9174..59b3ff0757 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -311,6 +311,10 @@ //! Note that aws-lc-rs has additional build-time dependencies like cmake. //! See [the documentation](https://aws.github.io/aws-lc-rs/requirements/index.html) for details. //! +//! - `fips`: enable support for FIPS140-3-approved cryptography, via the aws-lc-rs crate. +//! This feature enables the `aws_lc_rs` feature, which makes the rustls crate depend +//! on [aws-lc-rs](https://github.com/aws/aws-lc-rs). +//! //! - `tls12` (enabled by default): enable support for TLS version 1.2. Note that, due to the //! additive nature of Cargo features and because it is enabled by default, other crates //! in your dependency graph could re-enable it for your application. If you want to disable diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 8b4e933491..f9af19a050 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,6 +1,8 @@ use crate::builder::ConfigBuilder; use crate::common_state::{CommonState, Context, Protocol, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon}; +#[cfg(any(feature = "ring", feature = "fips"))] +use crate::crypto::default_provider; use crate::crypto::CryptoProvider; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -12,10 +14,10 @@ use crate::msgs::message::Message; use crate::suites::ExtractedSecrets; use crate::vecbuf::ChunkVecBuffer; use crate::verify; -#[cfg(feature = "ring")] +#[cfg(any(feature = "ring", feature = "fips"))] use crate::versions; use crate::KeyLog; -#[cfg(feature = "ring")] +#[cfg(any(feature = "ring", feature = "fips"))] use crate::WantsVerifier; use crate::{sign, WantsVersions}; @@ -357,31 +359,40 @@ impl Clone for ServerConfig { impl ServerConfig { /// Create a builder for a server configuration with the default - /// [`CryptoProvider`]: [`crypto::ring::default_provider`] and safe ciphersuite and protocol - /// defaults. + /// [`CryptoProvider`]. + /// + /// This is: + /// + /// - [`crypto::aws_lc_rs::default_provider`] if the `fips` crate feature is + /// enabled. + /// - [`crypto::ring::default_provider`] if the `ring` crate feature is + /// enabled and the `fips` crate feature is not enabled. + /// + /// If neither of these are true, this function is not available and you + /// must use [`ServerConfig::builder_with_provider()`] instead. /// /// For more information, see the [`ConfigBuilder`] documentation. - #[cfg(feature = "ring")] + #[cfg(any(feature = "ring", feature = "fips"))] pub fn builder() -> ConfigBuilder { - // Safety: we know the *ring* provider's ciphersuites are compatible with the safe default protocol versions. - Self::builder_with_provider(crate::crypto::ring::default_provider().into()) + // Safety: we know the *ring* and aws-lc-rs providers' ciphersuites are compatible with the safe default protocol versions. + Self::builder_with_provider(default_provider().into()) .with_safe_default_protocol_versions() .unwrap() } /// Create a builder for a server configuration with the default - /// [`CryptoProvider`]: [`crypto::ring::default_provider`], safe ciphersuite defaults and - /// the provided protocol versions. + /// [`CryptoProvider`] (see [`ServerConfig::builder()`] for details), safe + /// ciphersuite defaults and the provided protocol versions. /// /// Panics if provided an empty slice of supported versions. /// /// For more information, see the [`ConfigBuilder`] documentation. - #[cfg(feature = "ring")] + #[cfg(any(feature = "ring", feature = "fips"))] pub fn builder_with_protocol_versions( versions: &[&'static versions::SupportedProtocolVersion], ) -> ConfigBuilder { - // Safety: we know the *ring* provider's ciphersuites are compatible with all protocol version choices. - Self::builder_with_provider(crate::crypto::ring::default_provider().into()) + // Safety: we know the *ring* and aws-lc-rs providers' ciphersuites are compatible with all protocol version choices. + Self::builder_with_provider(default_provider().into()) .with_protocol_versions(versions) .unwrap() } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index d2adc738ad..c48b40cb18 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -473,7 +473,7 @@ fn server_can_get_client_cert_after_resumption() { } #[test] -#[cfg(feature = "ring")] +#[cfg(all(feature = "ring", not(feature = "fips")))] fn test_config_builders_debug() { let b = ServerConfig::builder_with_provider( CryptoProvider { @@ -961,7 +961,7 @@ fn check_sigalgs_reduced_by_ciphersuite( fn server_cert_resolve_reduces_sigalgs_for_rsa_ciphersuite() { check_sigalgs_reduced_by_ciphersuite( KeyType::Rsa, - CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, vec![ SignatureScheme::RSA_PSS_SHA512, SignatureScheme::RSA_PSS_SHA384, @@ -978,9 +978,9 @@ fn server_cert_resolve_reduces_sigalgs_for_rsa_ciphersuite() { fn server_cert_resolve_reduces_sigalgs_for_ecdsa_ciphersuite() { check_sigalgs_reduced_by_ciphersuite( KeyType::EcdsaP256, - CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, vec![ - #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] + #[cfg(any(feature = "fips", all(not(feature = "ring"), feature = "aws_lc_rs")))] SignatureScheme::ECDSA_NISTP521_SHA512, SignatureScheme::ECDSA_NISTP384_SHA384, SignatureScheme::ECDSA_NISTP256_SHA256, @@ -2891,6 +2891,7 @@ fn find_suite(suite: CipherSuite) -> SupportedCipherSuite { } static TEST_CIPHERSUITES: &[(&rustls::SupportedProtocolVersion, KeyType, CipherSuite)] = &[ + #[cfg(not(feature = "fips"))] ( &rustls::version::TLS13, KeyType::Rsa, @@ -2906,13 +2907,13 @@ static TEST_CIPHERSUITES: &[(&rustls::SupportedProtocolVersion, KeyType, CipherS KeyType::Rsa, CipherSuite::TLS13_AES_128_GCM_SHA256, ), - #[cfg(feature = "tls12")] + #[cfg(all(feature = "tls12", not(feature = "fips")))] ( &rustls::version::TLS12, KeyType::EcdsaP256, CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, ), - #[cfg(feature = "tls12")] + #[cfg(all(feature = "tls12", not(feature = "fips")))] ( &rustls::version::TLS12, KeyType::Rsa, @@ -2958,7 +2959,10 @@ fn negotiated_ciphersuite_default() { #[test] fn all_suites_covered() { - assert_eq!(provider::ALL_CIPHER_SUITES.len(), TEST_CIPHERSUITES.len()); + assert_eq!( + provider::DEFAULT_CIPHER_SUITES.len(), + TEST_CIPHERSUITES.len() + ); } #[test] @@ -5357,9 +5361,11 @@ fn test_secret_extraction_enabled() { for suite in [ cipher_suite::TLS13_AES_128_GCM_SHA256, cipher_suite::TLS13_AES_256_GCM_SHA384, + #[cfg(not(feature = "fips"))] cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + #[cfg(not(feature = "fips"))] cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ] { let version = suite.version(); @@ -5764,26 +5770,38 @@ fn test_client_removes_tls12_session_if_server_sends_undecryptable_first_message )); } -#[cfg(feature = "ring")] +#[cfg(all(feature = "ring", not(feature = "fips")))] #[test] fn test_client_fips_service_indicator() { assert!(!make_client_config(KeyType::Rsa).fips()); } -#[cfg(feature = "ring")] +#[cfg(all(feature = "ring", not(feature = "fips")))] #[test] fn test_server_fips_service_indicator() { assert!(!make_server_config(KeyType::Rsa).fips()); } -#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +#[cfg(feature = "fips")] #[test] fn test_client_fips_service_indicator() { assert!(make_client_config(KeyType::Rsa).fips()); } -#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +#[cfg(feature = "fips")] #[test] fn test_server_fips_service_indicator() { assert!(make_server_config(KeyType::Rsa).fips()); } + +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs", not(feature = "fips")))] +#[test] +fn test_client_fips_service_indicator() { + assert!(!make_client_config(KeyType::Rsa).fips()); +} + +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs", not(feature = "fips")))] +#[test] +fn test_server_fips_service_indicator() { + assert!(!make_server_config(KeyType::Rsa).fips()); +} diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index be48374995..bdf8c0bd3b 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -18,9 +18,9 @@ use rustls::RootCertStore; use rustls::{ClientConfig, ClientConnection}; use rustls::{ConnectionCommon, ServerConfig, ServerConnection, SideData}; -#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +#[cfg(all(any(not(feature = "ring"), feature = "fips"), feature = "aws_lc_rs"))] pub use rustls::crypto::aws_lc_rs as provider; -#[cfg(feature = "ring")] +#[cfg(all(feature = "ring", not(feature = "fips")))] pub use rustls::crypto::ring as provider; use rustls::crypto::CryptoProvider; @@ -344,11 +344,11 @@ impl KeyType { pub fn server_config_builder() -> rustls::ConfigBuilder { // ensure `ServerConfig::builder()` is covered, even though it is // equivalent to `builder_with_provider(provider::provider().into())`. - #[cfg(feature = "ring")] + #[cfg(any(feature = "ring", feature = "fips"))] { rustls::ServerConfig::builder() } - #[cfg(not(feature = "ring"))] + #[cfg(all(not(feature = "ring"), not(feature = "fips")))] { rustls::ServerConfig::builder_with_provider(provider::default_provider().into()) .with_safe_default_protocol_versions() @@ -374,12 +374,11 @@ pub fn server_config_builder_with_versions( pub fn client_config_builder() -> rustls::ConfigBuilder { // ensure `ClientConfig::builder()` is covered, even though it is // equivalent to `builder_with_provider(provider::provider().into())`. - #[cfg(feature = "ring")] + #[cfg(any(feature = "ring", feature = "fips"))] { rustls::ClientConfig::builder() } - - #[cfg(not(feature = "ring"))] + #[cfg(all(not(feature = "ring"), not(feature = "fips")))] { rustls::ClientConfig::builder_with_provider(provider::default_provider().into()) .with_safe_default_protocol_versions() From ec085746117b7dc01a500d0c135c8fa69b77fe6e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 1 Feb 2024 15:14:02 +0000 Subject: [PATCH 0693/1145] Avoid doctests on macOS and Windows This relies on `cargo test --all-targets` not including doctests (mysterious, but explicitly documented). We don't have any platform-specific doctests in this crate, so this is probably inconsequential. --- .github/workflows/build.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 33911deedc..27b8a1d7cf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,18 +52,27 @@ jobs: # nb. feature sets that include "fips" should be --release -- # this is required for fips on windows. + # nb. "--all-targets" does not include doctests - name: cargo test (release; all features) - run: cargo test --release --locked --all-features + run: cargo test --release --locked --all-features --all-targets + env: + RUST_BACKTRACE: 1 + + # nb. this is separate so it can be skipped on macOS & windows, where + # doctests don't work: https://github.com/rust-lang/cargo/issues/8531 + - name: cargo test --doc (release; all-features) + if: ${{ runner.os != 'macOS' && runner.os != 'Windows' }} + run: cargo test --release --locked --all-features --doc env: RUST_BACKTRACE: 1 - name: cargo test (debug; aws-lc-rs) - run: cargo test --no-default-features --features aws_lc_rs,tls12,read_buf,logging + run: cargo test --no-default-features --features aws_lc_rs,tls12,read_buf,logging --all-targets env: RUST_BACKTRACE: 1 - name: cargo test (release; fips) - run: cargo test --release --no-default-features --features fips,tls12,read_buf,logging + run: cargo test --release --no-default-features --features fips,tls12,read_buf,logging --all-targets env: RUST_BACKTRACE: 1 From da6ea82063694f8f44fe8ef75937cf95fbeda6e6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 2 Feb 2024 13:49:30 -0500 Subject: [PATCH 0694/1145] ring: restore dropped tls12 ciphersuite feat. gates It looks like the `#[cfg(feature = "tls12")]` gates on the non-fips CHACHA20_POLY1305 ciphersuites were accidentally dropped, breaking builds with `--no-default-features --features ring` unless feature unification kicks in to bring along the `tls12` feature. This commit restores the cfg gates. --- rustls/src/crypto/ring/mod.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 2076455eed..f69c7f72b6 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -78,11 +78,13 @@ pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[ tls12::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, #[cfg(feature = "tls12")] tls12::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + #[cfg(feature = "tls12")] tls12::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, #[cfg(feature = "tls12")] tls12::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, #[cfg(feature = "tls12")] tls12::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + #[cfg(feature = "tls12")] tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ]; From 1507a5328f01c36796bbdb8f9b92002aefc362fd Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 2 Feb 2024 13:54:40 -0500 Subject: [PATCH 0695/1145] ci: add workflow_dispatch to daily-tests This allows triggering the workflow manually for a specific build in the GitHub UI. See: https://docs.github.com/en/actions/using-workflows/manually-running-a-workflow --- .github/workflows/daily-tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 423dc2d2f1..899dcfc041 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -4,6 +4,7 @@ permissions: contents: read on: + workflow_dispatch: schedule: # We run these tests on a daily basis (at a time slightly offset from the # top of the hour), as their runtime is either too long for the usual per-PR From bc71528bbddb405786fbdac4ef5a5ca3283edb3c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 04:49:18 +0000 Subject: [PATCH 0696/1145] build(deps): bump codecov/codecov-action from 3 to 4 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3 to 4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v3...v4) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 27b8a1d7cf..0341437ba4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -263,7 +263,7 @@ jobs: run: ./admin/coverage --lcov --output-path final.info - name: Report to codecov.io - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@v4 with: file: final.info fail_ci_if_error: false From 5cc71572e486943f7018df42a33d93902a4cd85f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 5 Feb 2024 09:55:21 +0000 Subject: [PATCH 0697/1145] Default to `require_ems` in FIPS mode Change default for `require_ems` based on `fips` crate feature, generalising the existing tests for `require_ems` to verify this too. Include `require_ems` in `fips()` determination. --- rustls/src/client/builder.rs | 2 +- rustls/src/client/client_conn.rs | 17 +++++++++++++-- rustls/src/crypto/mod.rs | 5 +++++ rustls/src/lib.rs | 3 ++- rustls/src/server/builder.rs | 2 +- rustls/src/server/server_conn.rs | 17 +++++++++++++-- rustls/tests/api.rs | 37 +++++++++++++++++++++++++++----- 7 files changed, 71 insertions(+), 12 deletions(-) diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 1f5db007fd..f57f38fc39 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -160,7 +160,7 @@ impl ConfigBuilder { enable_secret_extraction: false, enable_early_data: false, #[cfg(feature = "tls12")] - require_ems: false, + require_ems: cfg!(feature = "fips"), } } } diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index ff94ab738e..58f926fb3b 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -198,7 +198,8 @@ pub struct ClientConfig { /// If set to `true`, requires the server to support the extended /// master secret extraction method defined in [RFC 7627]. /// - /// The default is `false`. + /// The default is `true` if the `fips` crate feature is enabled, + /// `false` otherwise. /// /// It must be set to `true` to meet FIPS requirement mentioned in section /// **D.Q Transition of the TLS 1.2 KDF to Support the Extended Master @@ -279,8 +280,20 @@ impl ClientConfig { /// Return true if connections made with this `ClientConfig` will /// operate in FIPS mode. + /// + /// This is different from [`CryptoProvider::fips()`]: [`CryptoProvider::fips()`] + /// is concerned only with cryptography, whereas this _also_ covers TLS-level + /// configuration that NIST recommends. pub fn fips(&self) -> bool { - self.provider.fips() + #[cfg(feature = "tls12")] + { + self.provider.fips() && self.require_ems + } + + #[cfg(not(feature = "tls12"))] + { + self.provider.fips() + } } /// We support a given TLS version if it's quoted in the configured diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 43096663b3..38bf95a99d 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -194,6 +194,11 @@ pub struct CryptoProvider { impl CryptoProvider { /// Returns `true` if this `CryptoProvider` is operating in FIPS mode. + /// + /// This covers only the cryptographic parts of FIPS approval. There are + /// also TLS protocol-level recommendations made by NIST. You should + /// prefer to call [`ClientConfig::fips()`] or [`ServerConfig::fips()`] + /// which take these into account. pub fn fips(&self) -> bool { let Self { cipher_suites, diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 59b3ff0757..2b6fdb44f1 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -313,7 +313,8 @@ //! //! - `fips`: enable support for FIPS140-3-approved cryptography, via the aws-lc-rs crate. //! This feature enables the `aws_lc_rs` feature, which makes the rustls crate depend -//! on [aws-lc-rs](https://github.com/aws/aws-lc-rs). +//! on [aws-lc-rs](https://github.com/aws/aws-lc-rs). It also changes the default +//! for [`ServerConfig::require_ems`] and [`ClientConfig::require_ems`]. //! //! - `tls12` (enabled by default): enable support for TLS version 1.2. Note that, due to the //! additive nature of Cargo features and because it is enabled by default, other crates diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index c29502d132..bbf85880eb 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -125,7 +125,7 @@ impl ConfigBuilder { send_half_rtt_data: false, send_tls13_tickets: 4, #[cfg(feature = "tls12")] - require_ems: false, + require_ems: cfg!(feature = "fips"), } } } diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index f9af19a050..6889bdcfd2 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -321,7 +321,8 @@ pub struct ServerConfig { /// If set to `true`, requires the client to support the extended /// master secret extraction method defined in [RFC 7627]. /// - /// The default is `false`. + /// The default is `true` if the "fips" crate feature is enabled, + /// `false` otherwise. /// /// It must be set to `true` to meet FIPS requirement mentioned in section /// **D.Q Transition of the TLS 1.2 KDF to Support the Extended Master @@ -416,8 +417,20 @@ impl ServerConfig { /// Return `true` if connections made with this `ServerConfig` will /// operate in FIPS mode. + /// + /// This is different from [`CryptoProvider::fips()`]: [`CryptoProvider::fips()`] + /// is concerned only with cryptography, whereas this _also_ covers TLS-level + /// configuration that NIST recommends. pub fn fips(&self) -> bool { - self.provider.fips() + #[cfg(feature = "tls12")] + { + self.provider.fips() && self.require_ems + } + + #[cfg(not(feature = "tls12"))] + { + self.provider.fips() + } } /// We support a given TLS version if it's quoted in the configured diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index c48b40cb18..1ca3179fc4 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5063,14 +5063,19 @@ fn test_client_rejects_illegal_tls13_ccs() { #[cfg(feature = "tls12")] #[test] -fn test_client_rejects_no_extended_master_secret_extension_when_require_ems() { +fn test_client_rejects_no_extended_master_secret_extension_when_require_ems_or_fips() { let key_type = KeyType::Rsa; let mut client_config = make_client_config(key_type); - client_config.require_ems = true; - let server_config = finish_server_config( + if cfg!(feature = "fips") { + assert!(client_config.require_ems); + } else { + client_config.require_ems = true; + } + let mut server_config = finish_server_config( key_type, server_config_builder_with_versions(&[&rustls::version::TLS12]), ); + server_config.require_ems = false; let (client, server) = make_pair_for_configs(client_config, server_config); let (mut client, mut server) = (client.into(), server.into()); transfer_altered(&mut client, remove_ems_request, &mut server); @@ -5086,14 +5091,18 @@ fn test_client_rejects_no_extended_master_secret_extension_when_require_ems() { #[cfg(feature = "tls12")] #[test] -fn test_server_rejects_no_extended_master_secret_extension_when_require_ems() { +fn test_server_rejects_no_extended_master_secret_extension_when_require_ems_or_fips() { let key_type = KeyType::Rsa; let client_config = make_client_config(key_type); let mut server_config = finish_server_config( key_type, server_config_builder_with_versions(&[&rustls::version::TLS12]), ); - server_config.require_ems = true; + if cfg!(feature = "fips") { + assert!(server_config.require_ems); + } else { + server_config.require_ems = true; + } let (client, server) = make_pair_for_configs(client_config, server_config); let (mut client, mut server) = (client.into(), server.into()); transfer_altered(&mut client, remove_ems_request, &mut server); @@ -5794,6 +5803,24 @@ fn test_server_fips_service_indicator() { assert!(make_server_config(KeyType::Rsa).fips()); } +#[cfg(feature = "fips")] +#[test] +fn test_client_fips_service_indicator_includes_require_ems() { + let mut client_config = make_client_config(KeyType::Rsa); + assert!(client_config.fips()); + client_config.require_ems = false; + assert!(!client_config.fips()); +} + +#[cfg(feature = "fips")] +#[test] +fn test_server_fips_service_indicator_includes_require_ems() { + let mut server_config = make_server_config(KeyType::Rsa); + assert!(server_config.fips()); + server_config.require_ems = false; + assert!(!server_config.fips()); +} + #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs", not(feature = "fips")))] #[test] fn test_client_fips_service_indicator() { From 97579d422f55d3ea4a0dd8dbaee3496d8fee7aea Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Tue, 6 Feb 2024 14:36:10 +0000 Subject: [PATCH 0698/1145] github actions: standardise on ubuntu-latest (#1773) --- .github/workflows/build.yml | 18 +++++++++--------- .github/workflows/daily-tests.yml | 6 +++--- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0341437ba4..8be53fc119 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -21,7 +21,7 @@ jobs: - stable - beta - nightly - os: [ubuntu-20.04] + os: [ubuntu-latest] # but only stable on macos/windows (slower platforms) include: - os: macos-latest @@ -84,7 +84,7 @@ jobs: msrv: name: MSRV - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout sources uses: actions/checkout@v4 @@ -141,7 +141,7 @@ jobs: bogo: name: BoGo test suite - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout sources uses: actions/checkout@v4 @@ -172,7 +172,7 @@ jobs: fuzz: name: Smoke-test fuzzing targets - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout sources uses: actions/checkout@v4 @@ -194,7 +194,7 @@ jobs: benchmarks: name: Run benchmarks - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout sources uses: actions/checkout@v4 @@ -220,7 +220,7 @@ jobs: docs: name: Check for documentation errors - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout sources uses: actions/checkout@v4 @@ -244,7 +244,7 @@ jobs: coverage: name: Measure coverage - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout sources uses: actions/checkout@v4 @@ -271,7 +271,7 @@ jobs: minver: name: Check minimum versions of direct dependencies - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout sources uses: actions/checkout@v4 @@ -294,7 +294,7 @@ jobs: cross: name: Check cross compilation targets - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout sources uses: actions/checkout@v4 diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 899dcfc041..1e50835126 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -22,7 +22,7 @@ jobs: - stable - beta - nightly - os: [ubuntu-20.04] + os: [ubuntu-latest] # but only stable on macos/windows (slower platforms) include: - os: macos-latest @@ -58,7 +58,7 @@ jobs: - stable - beta - nightly - os: [ubuntu-20.04] + os: [ubuntu-latest] # but only stable on macos/windows (slower platforms) include: - os: macos-latest @@ -105,7 +105,7 @@ jobs: feature-powerset: name: Feature Powerset - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest steps: - name: Checkout sources uses: actions/checkout@v4 From d89d84f6558ddc148b572ec2922cb1c90f3dbcce Mon Sep 17 00:00:00 2001 From: Arash Sahebolamri Date: Wed, 17 Jan 2024 15:44:11 -0800 Subject: [PATCH 0699/1145] Do not require EC Point Formats extension in TLS 1.2 --- rustls/src/server/tls12.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 081ae33698..2ee1a28ffd 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -96,14 +96,14 @@ mod client_hello { PeerIncompatible::NamedGroupsExtensionRequired, ) })?; + + // "RFC 4492 specified that if this extension is missing, + // it means that only the uncompressed point format is + // supported" + // - let ecpoints_ext = client_hello .ecpoints_extension() - .ok_or_else(|| { - cx.common.send_fatal_alert( - AlertDescription::HandshakeFailure, - PeerIncompatible::EcPointsExtensionRequired, - ) - })?; + .unwrap_or(&[ECPointFormat::Uncompressed]); trace!("namedgroups {:?}", groups_ext); trace!("ecpoints {:?}", ecpoints_ext); From cb91090a60756501ced215e3af2b6b30e8a01939 Mon Sep 17 00:00:00 2001 From: Arash Sahebolamri Date: Mon, 5 Feb 2024 11:32:15 -0800 Subject: [PATCH 0700/1145] Minor refactors in preparation for FFDHE work --- rustls/src/client/tls12.rs | 10 ++++---- rustls/src/server/tls12.rs | 8 +++--- rustls/src/tls12/mod.rs | 6 ++--- rustls/tests/api.rs | 49 ------------------------------------- rustls/tests/common/mod.rs | 50 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 62 insertions(+), 61 deletions(-) diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index d99f05efee..8f536c7880 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -444,7 +444,7 @@ impl State for ExpectServerKx<'_> { )?; self.transcript.add_message(&m); - let ecdhe = opaque_kx + let kx = opaque_kx .unwrap_given_kxa(self.suite.kx) .ok_or_else(|| { cx.common.send_fatal_alert( @@ -455,12 +455,12 @@ impl State for ExpectServerKx<'_> { // Save the signature and signed parameters for later verification. let mut kx_params = Vec::new(); - ecdhe.params.encode(&mut kx_params); - let server_kx = ServerKxDetails::new(kx_params, ecdhe.dss); + kx.params.encode(&mut kx_params); + let server_kx = ServerKxDetails::new(kx_params, kx.dss); #[cfg_attr(not(feature = "logging"), allow(unused_variables))] { - debug!("ECDHE curve is {:?}", ecdhe.params.curve_params); + debug!("ECDHE curve is {:?}", kx.params.curve_params); } Ok(Box::new(ExpectServerDoneOrCertReq { @@ -894,7 +894,7 @@ impl State for ExpectServerDone<'_> { // 5a. let ecdh_params = - tls12::decode_ecdh_params::(cx.common, &st.server_kx.kx_params)?; + tls12::decode_kx_params::(cx.common, &st.server_kx.kx_params)?; let named_group = ecdh_params.curve_params.named_group; let skxg = match st.config.find_kx_group(named_group) { Some(skxg) => skxg, diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 2ee1a28ffd..2f39b973a1 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -428,12 +428,12 @@ mod client_hello { let kx = selected_group .start() .map_err(|_| Error::FailedToGetRandomBytes)?; - let secdh = ServerEcdhParams::new(&*kx); + let kx_params = ServerEcdhParams::new(&*kx); let mut msg = Vec::new(); msg.extend(randoms.client); msg.extend(randoms.server); - secdh.encode(&mut msg); + kx_params.encode(&mut msg); let signer = signing_key .choose_scheme(&sigschemes) @@ -442,7 +442,7 @@ mod client_hello { let sig = signer.sign(&msg)?; let skx = ServerKeyExchangePayload::Ecdhe(EcdheServerKeyExchange { - params: secdh, + params: kx_params, dss: DigitallySignedStruct::new(sigscheme, sig), }); @@ -628,7 +628,7 @@ impl State for ExpectClientKx<'_> { // Complete key agreement, and set up encryption with the // resulting premaster secret. let peer_kx_params = - tls12::decode_ecdh_params::(cx.common, client_kx.bytes())?; + tls12::decode_kx_params::(cx.common, client_kx.bytes())?; let secrets = ConnectionSecrets::from_key_exchange( self.server_kx, &peer_kx_params.public.0, diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 9f492ac389..2893163e28 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -320,7 +320,7 @@ fn join_randoms(first: &[u8; 32], second: &[u8; 32]) -> [u8; 64] { type MessageCipherPair = (Box, Box); -pub(crate) fn decode_ecdh_params<'a, T: Codec<'a>>( +pub(crate) fn decode_kx_params<'a, T: Codec<'a>>( common: &mut CommonState, kx_params: &'a [u8], ) -> Result { @@ -353,12 +353,12 @@ mod tests { server_buf.push(34); let mut common = CommonState::new(Side::Client); - assert!(decode_ecdh_params::(&mut common, &server_buf).is_err()); + assert!(decode_kx_params::(&mut common, &server_buf).is_err()); } #[test] fn client_ecdhe_invalid() { let mut common = CommonState::new(Side::Server); - assert!(decode_ecdh_params::(&mut common, &[34]).is_err()); + assert!(decode_kx_params::(&mut common, &[34]).is_err()); } } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 1ca3179fc4..9b6e07601d 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -2828,55 +2828,6 @@ fn test_tls13_exporter_maximum_output_length() { ); } -fn do_suite_test( - client_config: ClientConfig, - server_config: ServerConfig, - expect_suite: SupportedCipherSuite, - expect_version: ProtocolVersion, -) { - println!( - "do_suite_test {:?} {:?}", - expect_version, - expect_suite.suite() - ); - let (mut client, mut server) = make_pair_for_configs(client_config, server_config); - - assert_eq!(None, client.negotiated_cipher_suite()); - assert_eq!(None, server.negotiated_cipher_suite()); - assert_eq!(None, client.protocol_version()); - assert_eq!(None, server.protocol_version()); - assert!(client.is_handshaking()); - assert!(server.is_handshaking()); - - transfer(&mut client, &mut server); - server.process_new_packets().unwrap(); - - assert!(client.is_handshaking()); - assert!(server.is_handshaking()); - assert_eq!(None, client.protocol_version()); - assert_eq!(Some(expect_version), server.protocol_version()); - assert_eq!(None, client.negotiated_cipher_suite()); - assert_eq!(Some(expect_suite), server.negotiated_cipher_suite()); - - transfer(&mut server, &mut client); - client.process_new_packets().unwrap(); - - assert_eq!(Some(expect_suite), client.negotiated_cipher_suite()); - assert_eq!(Some(expect_suite), server.negotiated_cipher_suite()); - - transfer(&mut client, &mut server); - server.process_new_packets().unwrap(); - transfer(&mut server, &mut client); - client.process_new_packets().unwrap(); - - assert!(!client.is_handshaking()); - assert!(!server.is_handshaking()); - assert_eq!(Some(expect_version), client.protocol_version()); - assert_eq!(Some(expect_version), server.protocol_version()); - assert_eq!(Some(expect_suite), client.negotiated_cipher_suite()); - assert_eq!(Some(expect_suite), server.negotiated_cipher_suite()); -} - fn find_suite(suite: CipherSuite) -> SupportedCipherSuite { for scs in provider::ALL_CIPHER_SUITES .iter() diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index bdf8c0bd3b..57ef741648 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -17,6 +17,7 @@ use rustls::Error; use rustls::RootCertStore; use rustls::{ClientConfig, ClientConnection}; use rustls::{ConnectionCommon, ServerConfig, ServerConnection, SideData}; +use rustls::{ProtocolVersion, SupportedCipherSuite}; #[cfg(all(any(not(feature = "ring"), feature = "fips"), feature = "aws_lc_rs"))] pub use rustls::crypto::aws_lc_rs as provider; @@ -705,3 +706,52 @@ impl io::Read for FailsReads { Err(io::Error::from(self.errkind)) } } + +pub fn do_suite_test( + client_config: ClientConfig, + server_config: ServerConfig, + expect_suite: SupportedCipherSuite, + expect_version: ProtocolVersion, +) { + println!( + "do_suite_test {:?} {:?}", + expect_version, + expect_suite.suite() + ); + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + + assert_eq!(None, client.negotiated_cipher_suite()); + assert_eq!(None, server.negotiated_cipher_suite()); + assert_eq!(None, client.protocol_version()); + assert_eq!(None, server.protocol_version()); + assert!(client.is_handshaking()); + assert!(server.is_handshaking()); + + transfer(&mut client, &mut server); + server.process_new_packets().unwrap(); + + assert!(client.is_handshaking()); + assert!(server.is_handshaking()); + assert_eq!(None, client.protocol_version()); + assert_eq!(Some(expect_version), server.protocol_version()); + assert_eq!(None, client.negotiated_cipher_suite()); + assert_eq!(Some(expect_suite), server.negotiated_cipher_suite()); + + transfer(&mut server, &mut client); + client.process_new_packets().unwrap(); + + assert_eq!(Some(expect_suite), client.negotiated_cipher_suite()); + assert_eq!(Some(expect_suite), server.negotiated_cipher_suite()); + + transfer(&mut client, &mut server); + server.process_new_packets().unwrap(); + transfer(&mut server, &mut client); + client.process_new_packets().unwrap(); + + assert!(!client.is_handshaking()); + assert!(!server.is_handshaking()); + assert_eq!(Some(expect_version), client.protocol_version()); + assert_eq!(Some(expect_version), server.protocol_version()); + assert_eq!(Some(expect_suite), client.negotiated_cipher_suite()); + assert_eq!(Some(expect_suite), server.negotiated_cipher_suite()); +} From 32f3d50a87c4986dbf8e431a085b0d4ca3e34ede Mon Sep 17 00:00:00 2001 From: Arash Sahebolamri Date: Mon, 5 Feb 2024 12:26:02 -0800 Subject: [PATCH 0701/1145] Refactor `SharedSecret` definition --- rustls/src/crypto/mod.rs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 38bf95a99d..1a76c41080 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -321,24 +321,26 @@ pub trait ActiveKeyExchange: Send + Sync { } /// The result from [`ActiveKeyExchange::complete`]. -pub struct SharedSecret(Vec); +pub struct SharedSecret { + buf: Vec, +} impl SharedSecret { /// Returns the shared secret as a slice of bytes. pub fn secret_bytes(&self) -> &[u8] { - &self.0 + &self.buf } } impl Drop for SharedSecret { fn drop(&mut self) { - self.0.zeroize(); + self.buf.zeroize(); } } impl From<&[u8]> for SharedSecret { fn from(source: &[u8]) -> Self { - Self(source.to_vec()) + Self { buf: source.to_vec() } } } From 941d051196a04b2211868c20498df932f90faa8a Mon Sep 17 00:00:00 2001 From: Arash Sahebolamri Date: Mon, 5 Feb 2024 11:58:30 -0800 Subject: [PATCH 0702/1145] Refactor TLS1.2 kx group selection logic --- rustls/src/server/tls12.rs | 54 ++++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 23 deletions(-) diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 2f39b973a1..4936b44ca4 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -88,15 +88,6 @@ mod client_hello { )); } - let groups_ext = client_hello - .namedgroups_extension() - .ok_or_else(|| { - cx.common.send_fatal_alert( - AlertDescription::HandshakeFailure, - PeerIncompatible::NamedGroupsExtensionRequired, - ) - })?; - // "RFC 4492 specified that if this extension is missing, // it means that only the uncompressed point format is // supported" @@ -105,7 +96,6 @@ mod client_hello { .ecpoints_extension() .unwrap_or(&[ECPointFormat::Uncompressed]); - trace!("namedgroups {:?}", groups_ext); trace!("ecpoints {:?}", ecpoints_ext); if !ecpoints_ext.contains(&ECPointFormat::Uncompressed) { @@ -185,19 +175,7 @@ mod client_hello { )); } - let group = self - .config - .provider - .kx_groups - .iter() - .find(|skxg| groups_ext.contains(&skxg.name())) - .cloned() - .ok_or_else(|| { - cx.common.send_fatal_alert( - AlertDescription::HandshakeFailure, - PeerIncompatible::NoKxGroupsInCommon, - ) - })?; + let group = self.pick_kx_group(client_hello, cx)?; let ecpoint = ECPointFormat::SUPPORTED .iter() @@ -275,6 +253,36 @@ mod client_hello { } } + fn pick_kx_group( + &self, + client_hello: &ClientHelloPayload, + cx: &mut ServerContext<'_>, + ) -> Result<&'static dyn SupportedKxGroup, Error> { + let peer_groups_ext = client_hello + .namedgroups_extension() + .ok_or_else(|| { + cx.common.send_fatal_alert( + AlertDescription::HandshakeFailure, + PeerIncompatible::NamedGroupsExtensionRequired, + ) + })?; + + trace!("namedgroups {:?}", peer_groups_ext); + + self.config + .provider + .kx_groups + .iter() + .find(|skxg| peer_groups_ext.contains(&skxg.name())) + .cloned() + .ok_or_else(|| { + cx.common.send_fatal_alert( + AlertDescription::HandshakeFailure, + PeerIncompatible::NoKxGroupsInCommon, + ) + }) + } + fn start_resumption( mut self, cx: &mut ServerContext<'_>, From ec112297875d4b535bcfcdfc05f5328d79e3bff4 Mon Sep 17 00:00:00 2001 From: Arash Sahebolamri Date: Mon, 5 Feb 2024 13:35:37 -0800 Subject: [PATCH 0703/1145] Refactor handshake kx types --- rustls/src/client/tls12.rs | 3 +- rustls/src/msgs/handshake.rs | 54 +++++++++++++++++++------------ rustls/src/msgs/handshake_test.rs | 19 +++++------ rustls/src/server/tls12.rs | 10 +++--- 4 files changed, 52 insertions(+), 34 deletions(-) diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 8f536c7880..52fb678763 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -460,7 +460,8 @@ impl State for ExpectServerKx<'_> { #[cfg_attr(not(feature = "logging"), allow(unused_variables))] { - debug!("ECDHE curve is {:?}", kx.params.curve_params); + let crate::msgs::handshake::ServerKeyExchangeParams::Ecdh(ecdh) = kx.params; + debug!("ECDHE curve is {:?}", ecdh.curve_params); } Ok(Box::new(ExpectServerDoneOrCertReq { diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 9dfa2a45ee..2eef3d6613 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1577,35 +1577,47 @@ impl Codec<'_> for ServerEcdhParams { } #[derive(Debug)] -pub struct EcdheServerKeyExchange { - pub(crate) params: ServerEcdhParams, - pub(crate) dss: DigitallySignedStruct, +pub(crate) enum ServerKeyExchangeParams { + Ecdh(ServerEcdhParams), } -impl Codec<'_> for EcdheServerKeyExchange { - fn encode(&self, bytes: &mut Vec) { - self.params.encode(bytes); - self.dss.encode(bytes); +impl ServerKeyExchangeParams { + pub(crate) fn encode(&self, buf: &mut Vec) { + match self { + Self::Ecdh(ecdh) => ecdh.encode(buf), + } } +} - fn read(r: &mut Reader) -> Result { - let params = ServerEcdhParams::read(r)?; - let dss = DigitallySignedStruct::read(r)?; +#[derive(Debug)] +pub struct ServerKeyExchange { + pub(crate) params: ServerKeyExchangeParams, + pub(crate) dss: DigitallySignedStruct, +} - Ok(Self { params, dss }) +impl ServerKeyExchange { + pub fn encode(&self, buf: &mut Vec) { + self.params.encode(buf); + self.dss.encode(buf); } } #[derive(Debug)] pub enum ServerKeyExchangePayload { - Ecdhe(EcdheServerKeyExchange), + Known(ServerKeyExchange), Unknown(Payload<'static>), } +impl From for ServerKeyExchangePayload { + fn from(value: ServerKeyExchange) -> Self { + Self::Known(value) + } +} + impl Codec<'_> for ServerKeyExchangePayload { fn encode(&self, bytes: &mut Vec) { match *self { - Self::Ecdhe(ref x) => x.encode(bytes), + Self::Known(ref x) => x.encode(bytes), Self::Unknown(ref x) => x.encode(bytes), } } @@ -1619,19 +1631,21 @@ impl Codec<'_> for ServerKeyExchangePayload { impl ServerKeyExchangePayload { #[cfg(feature = "tls12")] - pub(crate) fn unwrap_given_kxa( - &self, - kxa: KeyExchangeAlgorithm, - ) -> Option { + pub(crate) fn unwrap_given_kxa(&self, kxa: KeyExchangeAlgorithm) -> Option { if let Self::Unknown(ref unk) = *self { let mut rd = Reader::init(unk.bytes()); - let result = match kxa { - KeyExchangeAlgorithm::ECDHE => EcdheServerKeyExchange::read(&mut rd), + let result = ServerKeyExchange { + params: match kxa { + KeyExchangeAlgorithm::ECDHE => { + ServerKeyExchangeParams::Ecdh(ServerEcdhParams::read(&mut rd).ok()?) + }, + }, + dss: DigitallySignedStruct::read(&mut rd).ok()?, }; if !rd.any_left() { - return result.ok(); + return Some(result); }; } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index f2f2ed3190..262ec64127 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -10,17 +10,18 @@ use crate::msgs::handshake::{ CertificatePayloadTls13, CertificateRequestPayload, CertificateRequestPayloadTls13, CertificateStatus, CertificateStatusRequest, ClientExtension, ClientHelloPayload, ClientSessionTicket, ConvertProtocolNameList, ConvertServerNameList, DistinguishedName, - EcParameters, EcdheServerKeyExchange, HandshakeMessagePayload, HandshakePayload, - HasServerExtensions, HelloRetryExtension, HelloRetryRequest, KeyShareEntry, - NewSessionTicketExtension, NewSessionTicketPayload, NewSessionTicketPayloadTls13, - PresharedKeyBinder, PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, - ServerEcdhParams, ServerExtension, ServerHelloPayload, ServerKeyExchangePayload, SessionId, - UnknownExtension, + EcParameters, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, + HelloRetryExtension, HelloRetryRequest, KeyShareEntry, NewSessionTicketExtension, + NewSessionTicketPayload, NewSessionTicketPayloadTls13, PresharedKeyBinder, + PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, ServerEcdhParams, + ServerExtension, ServerHelloPayload, ServerKeyExchangePayload, SessionId, UnknownExtension, }; use crate::verify::DigitallySignedStruct; use pki_types::{CertificateDer, DnsName}; +use super::handshake::{ServerKeyExchange, ServerKeyExchangeParams}; + #[test] fn rejects_short_random() { let bytes = [0x01; 31]; @@ -809,14 +810,14 @@ fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13 { } fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload { - ServerKeyExchangePayload::Ecdhe(EcdheServerKeyExchange { - params: ServerEcdhParams { + ServerKeyExchangePayload::Known(ServerKeyExchange { + params: ServerKeyExchangeParams::Ecdh(ServerEcdhParams { curve_params: EcParameters { curve_type: ECCurveType::NamedCurve, named_group: NamedGroup::X25519, }, public: PayloadU8(vec![1, 2, 3]), - }, + }), dss: DigitallySignedStruct::new(SignatureScheme::RSA_PSS_SHA256, vec![1, 2, 3]), }) } diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 4936b44ca4..15c59a6ebe 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -44,9 +44,11 @@ mod client_hello { use crate::enums::SignatureScheme; use crate::msgs::enums::ECPointFormat; use crate::msgs::enums::{ClientCertificateType, Compression}; - use crate::msgs::handshake::{CertificateChain, ServerEcdhParams}; + use crate::msgs::handshake::CertificateStatus; + use crate::msgs::handshake::{ + CertificateChain, ServerEcdhParams, ServerKeyExchange, ServerKeyExchangeParams, + }; use crate::msgs::handshake::{CertificateRequestPayload, ClientSessionTicket, Random}; - use crate::msgs::handshake::{CertificateStatus, EcdheServerKeyExchange}; use crate::msgs::handshake::{ClientExtension, SessionId}; use crate::msgs::handshake::{ClientHelloPayload, ServerHelloPayload}; use crate::msgs::handshake::{ServerExtension, ServerKeyExchangePayload}; @@ -449,8 +451,8 @@ mod client_hello { let sigscheme = signer.scheme(); let sig = signer.sign(&msg)?; - let skx = ServerKeyExchangePayload::Ecdhe(EcdheServerKeyExchange { - params: kx_params, + let skx = ServerKeyExchangePayload::Known(ServerKeyExchange { + params: ServerKeyExchangeParams::Ecdh(kx_params), dss: DigitallySignedStruct::new(sigscheme, sig), }); From 616d0dde7a45ce93aee6b9de0640387da945a769 Mon Sep 17 00:00:00 2001 From: Arash Sahebolamri Date: Mon, 5 Feb 2024 14:10:14 -0800 Subject: [PATCH 0704/1145] Avoid reallocating for `suitable_suites` in `server/hs.rs` --- rustls/src/server/hs.rs | 26 +++++++++++++------------- rustls/src/suites.rs | 28 +--------------------------- 2 files changed, 14 insertions(+), 40 deletions(-) diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 5622c05963..4dae3db490 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -334,19 +334,19 @@ impl ExpectClientHello { }; let certkey = ActiveCertifiedKey::from_certified_key(&certkey); - // Reduce our supported ciphersuites by the certificate. - // (no-op for TLS1.3) - let suitable_suites = suites::reduce_given_sigalg( - &self.config.provider.cipher_suites, - certkey.get_key().algorithm(), - ); - - // And version - let suitable_suites = suites::reduce_given_version_and_protocol( - &suitable_suites, - version, - cx.common.protocol, - ); + let suitable_suites = self + .config + .provider + .cipher_suites + .iter() + .filter(|suite| { + // Reduce our supported ciphersuites by the certificate. + suite.usable_for_signature_algorithm(certkey.get_key().algorithm()) + // And version + && suite.version().version == version && suite.usable_for_protocol(cx.common.protocol) + }) + .copied() + .collect::>(); let suite = if self.config.ignore_client_order { suites::choose_ciphersuite_preferring_server( diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index c9695a2597..eedb411108 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -1,7 +1,7 @@ use crate::common_state::Protocol; use crate::crypto; use crate::crypto::cipher::{AeadKey, Iv}; -use crate::enums::{CipherSuite, ProtocolVersion, SignatureAlgorithm, SignatureScheme}; +use crate::enums::{CipherSuite, SignatureAlgorithm, SignatureScheme}; #[cfg(feature = "tls12")] use crate::tls12::Tls12CipherSuite; use crate::tls13::Tls13CipherSuite; @@ -9,7 +9,6 @@ use crate::tls13::Tls13CipherSuite; use crate::versions::TLS12; use crate::versions::{SupportedProtocolVersion, TLS13}; -use alloc::vec::Vec; use core::fmt; /// Common state for cipher suites (both for TLS 1.2 and TLS 1.3) @@ -174,31 +173,6 @@ pub(crate) fn choose_ciphersuite_preferring_server( None } -/// Return a list of the ciphersuites in `all` with the suites -/// incompatible with `SignatureAlgorithm` `sigalg` removed. -pub(crate) fn reduce_given_sigalg( - all: &[SupportedCipherSuite], - sigalg: SignatureAlgorithm, -) -> Vec { - all.iter() - .filter(|&&suite| suite.usable_for_signature_algorithm(sigalg)) - .copied() - .collect() -} - -/// Return a list of the ciphersuites in `all` with the suites -/// incompatible with the chosen `version` removed. -pub(crate) fn reduce_given_version_and_protocol( - all: &[SupportedCipherSuite], - version: ProtocolVersion, - proto: Protocol, -) -> Vec { - all.iter() - .filter(|&&suite| suite.version().version == version && suite.usable_for_protocol(proto)) - .copied() - .collect() -} - /// Return true if `sigscheme` is usable by any of the given suites. pub(crate) fn compatible_sigscheme_for_suites( sigscheme: SignatureScheme, From 1340ea95e698f95b18ac88e284e2c513746f4fa0 Mon Sep 17 00:00:00 2001 From: Arash Sahebolamri Date: Tue, 6 Feb 2024 10:28:35 -0800 Subject: [PATCH 0705/1145] Rename `emit_clientkx` to `emit_client_kx` --- rustls/src/client/tls12.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 52fb678763..83d1c3e01b 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -512,7 +512,7 @@ fn emit_certificate( common.send_msg(cert, false); } -fn emit_clientkx(transcript: &mut HandshakeHash, common: &mut CommonState, pub_key: &[u8]) { +fn emit_client_kx(transcript: &mut HandshakeHash, common: &mut CommonState, pub_key: &[u8]) { let mut buf = Vec::new(); let ecpoint = PayloadU8::new(Vec::from(pub_key)); ecpoint.encode(&mut buf); @@ -909,7 +909,7 @@ impl State for ExpectServerDone<'_> { // 5b. let mut transcript = st.transcript; - emit_clientkx(&mut transcript, cx.common, kx.pub_key()); + emit_client_kx(&mut transcript, cx.common, kx.pub_key()); // Note: EMS handshake hash only runs up to ClientKeyExchange. let ems_seed = st .using_ems From c8c56a7aef7126bea62fb2c32a62566c3912c563 Mon Sep 17 00:00:00 2001 From: Arash Sahebolamri Date: Wed, 13 Dec 2023 16:34:42 -0800 Subject: [PATCH 0706/1145] Implement FFDHE support + Make server avoid cipher suites with kx without common kx groups with client + Handle FFDHE shared secret leading zeros correctly --- Cargo.lock | 12 + rustls/Cargo.toml | 1 + rustls/src/builder.rs | 32 +- rustls/src/client/hs.rs | 15 +- rustls/src/client/tls12.rs | 52 ++- rustls/src/crypto/aws_lc_rs/tls12.rs | 3 +- rustls/src/crypto/mod.rs | 107 ++++- rustls/src/crypto/tls12.rs | 3 +- rustls/src/crypto/tls13.rs | 3 +- rustls/src/lib.rs | 1 + rustls/src/msgs/enums.rs | 11 + rustls/src/msgs/ffdhe_groups.rs | 111 +++++ .../msgs/ffdhe_groups/ffdhe2048-modulus.bin | 3 + .../msgs/ffdhe_groups/ffdhe3072-modulus.bin | 4 + .../msgs/ffdhe_groups/ffdhe4096-modulus.bin | Bin 0 -> 512 bytes .../msgs/ffdhe_groups/ffdhe6144-modulus.bin | Bin 0 -> 768 bytes .../msgs/ffdhe_groups/ffdhe8192-modulus.bin | Bin 0 -> 1024 bytes rustls/src/msgs/handshake.rs | 152 ++++++- rustls/src/msgs/handshake_test.rs | 21 +- rustls/src/msgs/mod.rs | 1 + rustls/src/server/hs.rs | 28 +- rustls/src/server/tls12.rs | 82 ++-- rustls/src/suites.rs | 71 ++- rustls/src/tls12/mod.rs | 27 +- rustls/tests/api_ffdhe.rs | 428 ++++++++++++++++++ 25 files changed, 1099 insertions(+), 69 deletions(-) create mode 100644 rustls/src/msgs/ffdhe_groups.rs create mode 100644 rustls/src/msgs/ffdhe_groups/ffdhe2048-modulus.bin create mode 100644 rustls/src/msgs/ffdhe_groups/ffdhe3072-modulus.bin create mode 100644 rustls/src/msgs/ffdhe_groups/ffdhe4096-modulus.bin create mode 100644 rustls/src/msgs/ffdhe_groups/ffdhe6144-modulus.bin create mode 100644 rustls/src/msgs/ffdhe_groups/ffdhe8192-modulus.bin create mode 100644 rustls/tests/api_ffdhe.rs diff --git a/Cargo.lock b/Cargo.lock index a2e98971d2..f9499f5813 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1498,6 +1498,17 @@ dependencies = [ "minimal-lexical", ] +[[package]] +name = "num-bigint" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "608e7659b5c3d7cba262d894801b9ec9d00de989e8a82bd4bef91d08da45cdc0" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + [[package]] name = "num-bigint-dig" version = "0.8.4" @@ -2038,6 +2049,7 @@ dependencies = [ "bencher", "env_logger", "log", + "num-bigint", "ring", "rustls-pemfile 2.0.0", "rustls-pki-types", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index c570426805..1629976c36 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -38,6 +38,7 @@ base64 = "0.21" bencher = "0.1.5" env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) log = "0.4.4" +num-bigint = "0.4.4" rustls-pemfile = "2" webpki-roots = "0.26" diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index a3acb23c4b..5524193d5d 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -1,8 +1,9 @@ -use crate::crypto::CryptoProvider; use crate::error::Error; use crate::versions; +use crate::{crypto::CryptoProvider, msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS}; use alloc::format; +use alloc::vec::Vec; use core::fmt; use core::marker::PhantomData; use std::sync::Arc; @@ -210,6 +211,35 @@ impl ConfigBuilder { return Err(Error::General("no kx groups configured".into())); } + // verifying cipher suites have matching kx groups + let mut supported_kx_algos = Vec::with_capacity(ALL_KEY_EXCHANGE_ALGORITHMS.len()); + for group in self.state.provider.kx_groups.iter() { + let kx = group.name().key_exchange_algorithm(); + if !supported_kx_algos.contains(&kx) { + supported_kx_algos.push(kx); + } + // Small optimization. We don't need to go over other key exchange groups + // if we already cover all supported key exchange algorithms + if supported_kx_algos.len() == ALL_KEY_EXCHANGE_ALGORITHMS.len() { + break; + } + } + + for cs in self.state.provider.cipher_suites.iter() { + let cs_kx = cs.key_exchange_algorithms(); + if cs_kx + .iter() + .any(|kx| supported_kx_algos.contains(kx)) + { + continue; + } + let suite_name = cs.common().suite; + return Err(Error::General(alloc::format!( + "Ciphersuite {suite_name:?} requires {cs_kx:?} key exchange, but no {cs_kx:?}-compatible \ + key exchange groups were present in `CryptoProvider`'s `kx_groups` field", + ))); + } + Ok(ConfigBuilder { state: WantsVerifier { provider: self.state.provider, diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 296ff6923b..361fbd0398 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -3,7 +3,7 @@ use crate::bs_debug; use crate::check::inappropriate_handshake_message; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; -use crate::crypto::ActiveKeyExchange; +use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm}; use crate::enums::{AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHashBuffer; @@ -216,7 +216,6 @@ fn emit_client_hello_for_retry( let mut exts = vec![ ClientExtension::SupportedVersions(supported_versions), - ClientExtension::EcPointFormats(ECPointFormat::SUPPORTED.to_vec()), ClientExtension::NamedGroups( config .provider @@ -234,6 +233,18 @@ fn emit_client_hello_for_retry( ClientExtension::CertificateStatusRequest(CertificateStatusRequest::build_ocsp()), ]; + // Send the ECPointFormat extension only if we are proposing ECDHE + if config + .provider + .kx_groups + .iter() + .any(|skxg| skxg.name().key_exchange_algorithm() == KeyExchangeAlgorithm::ECDHE) + { + exts.push(ClientExtension::EcPointFormats( + ECPointFormat::SUPPORTED.to_vec(), + )); + } + if let (ServerName::DnsName(dns), true) = (&input.server_name, config.enable_sni) { // We only want to send the SNI extension if the server name contains a DNS name. exts.push(ClientExtension::make_sni(dns)); diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 83d1c3e01b..dd52109538 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -1,18 +1,19 @@ use crate::check::{inappropriate_handshake_message, inappropriate_message}; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; +use crate::crypto::KeyExchangeAlgorithm; use crate::enums::ProtocolVersion; use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, InvalidMessage, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHash; #[cfg(feature = "logging")] use crate::log::{debug, trace, warn}; -use crate::msgs::base::{Payload, PayloadU8}; +use crate::msgs::base::{Payload, PayloadU16, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; -use crate::msgs::codec::Codec; use crate::msgs::handshake::{ - CertificateChain, HandshakeMessagePayload, HandshakePayload, NewSessionTicketPayload, - ServerEcdhParams, SessionId, + CertificateChain, ClientDhParams, ClientEcdhParams, ClientKeyExchangeParams, + HandshakeMessagePayload, HandshakePayload, NewSessionTicketPayload, ServerKeyExchangeParams, + SessionId, }; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; @@ -460,8 +461,14 @@ impl State for ExpectServerKx<'_> { #[cfg_attr(not(feature = "logging"), allow(unused_variables))] { - let crate::msgs::handshake::ServerKeyExchangeParams::Ecdh(ecdh) = kx.params; - debug!("ECDHE curve is {:?}", ecdh.curve_params); + match &kx.params { + ServerKeyExchangeParams::Ecdh(ecdhe) => { + debug!("ECDHE curve is {:?}", ecdhe.curve_params) + } + ServerKeyExchangeParams::Dh(dhe) => { + debug!("DHE params are p = {:?}, g = {:?}", dhe.dh_p, dhe.dh_g) + } + } } Ok(Box::new(ExpectServerDoneOrCertReq { @@ -512,10 +519,22 @@ fn emit_certificate( common.send_msg(cert, false); } -fn emit_client_kx(transcript: &mut HandshakeHash, common: &mut CommonState, pub_key: &[u8]) { +fn emit_client_kx( + transcript: &mut HandshakeHash, + kxa: KeyExchangeAlgorithm, + common: &mut CommonState, + pub_key: &[u8], +) { let mut buf = Vec::new(); - let ecpoint = PayloadU8::new(Vec::from(pub_key)); - ecpoint.encode(&mut buf); + match kxa { + KeyExchangeAlgorithm::ECDHE => ClientKeyExchangeParams::Ecdh(ClientEcdhParams { + public: PayloadU8::new(pub_key.to_vec()), + }), + KeyExchangeAlgorithm::DHE => ClientKeyExchangeParams::Dh(ClientDhParams { + public: PayloadU16::new(pub_key.to_vec()), + }), + } + .encode(&mut buf); let pubkey = Payload::new(buf); let ckx = Message { @@ -894,9 +913,14 @@ impl State for ExpectServerDone<'_> { } // 5a. - let ecdh_params = - tls12::decode_kx_params::(cx.common, &st.server_kx.kx_params)?; - let named_group = ecdh_params.curve_params.named_group; + let kx_params = tls12::decode_kx_params::( + st.suite.kx, + cx.common, + &st.server_kx.kx_params, + )?; + let named_group = kx_params + .named_group() + .ok_or(PeerMisbehaved::SelectedUnofferedKxGroup)?; let skxg = match st.config.find_kx_group(named_group) { Some(skxg) => skxg, None => { @@ -909,7 +933,7 @@ impl State for ExpectServerDone<'_> { // 5b. let mut transcript = st.transcript; - emit_client_kx(&mut transcript, cx.common, kx.pub_key()); + emit_client_kx(&mut transcript, st.suite.kx, cx.common, kx.pub_key()); // Note: EMS handshake hash only runs up to ClientKeyExchange. let ems_seed = st .using_ems @@ -926,7 +950,7 @@ impl State for ExpectServerDone<'_> { // 5e. Now commit secrets. let secrets = ConnectionSecrets::from_key_exchange( kx, - &ecdh_params.public.0, + kx_params.pub_key(), ems_seed, st.randoms, suite, diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 9e4c2a3646..d0840afc8a 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -10,6 +10,7 @@ use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; +use crate::version::TLS12; use alloc::boxed::Box; use alloc::vec::Vec; @@ -442,7 +443,7 @@ impl Prf for Tls12Prf { ) -> Result<(), Error> { self.for_secret( output, - kx.complete(peer_pub_key)? + kx.complete_for_tls_version(peer_pub_key, &TLS12)? .secret_bytes(), label, seed, diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 1a76c41080..cc44acad7b 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,5 +1,5 @@ use crate::sign::SigningKey; -use crate::suites; +use crate::{suites, ProtocolVersion, SupportedProtocolVersion}; use crate::{Error, NamedGroup}; use alloc::boxed::Box; @@ -39,6 +39,7 @@ pub mod hash; /// HMAC interfaces. pub mod hmac; +#[cfg(feature = "tls12")] /// Cryptography specific to TLS1.2. pub mod tls12; @@ -165,6 +166,9 @@ pub struct CryptoProvider { /// is the highest priority. /// /// The `SupportedCipherSuite` type carries both configuration and implementation. + /// + /// A valid `CryptoProvider` must ensure that all cipher suites are accompanied by at least + /// one matching key exchange group in [`CryptoProvider::kx_groups`]. pub cipher_suites: Vec, /// List of supported key exchange groups, in preference order -- the @@ -213,6 +217,12 @@ impl CryptoProvider { && secure_random.fips() && key_provider.fips() } + + pub(crate) fn supported_kx_group_names(&self) -> impl Iterator + '_ { + self.kx_groups + .iter() + .map(|skxg| skxg.name()) + } } /// A source of cryptographically secure randomness. @@ -304,16 +314,64 @@ pub trait ActiveKeyExchange: Send + Sync { /// mis-encoded, or an invalid public key (such as, but not limited to, being /// in a small order subgroup). /// + /// If the key exchange algorithm is FFDHE, the result must be left-padded with zeros, + /// as required by [RFC 8446](https://www.rfc-editor.org/rfc/rfc8446#section-7.4.1) + /// (see [`complete_for_tls_version()`](Self::complete_for_tls_version) for more details). + /// /// The shared secret is returned as a [`SharedSecret`] which can be constructed /// from a `&[u8]`. /// /// This consumes and so terminates the [`ActiveKeyExchange`]. fn complete(self: Box, peer_pub_key: &[u8]) -> Result; + /// Completes the key exchange for the given TLS version, given the peer's public key. + /// + /// Note that finite-field Diffie–Hellman key exchange has different requirements for the derived + /// shared secret in TLS 1.2 and TLS 1.3 (ECDHE key exchange is the same in TLS 1.2 and TLS 1.3): + /// + /// In TLS 1.2, the calculated secret is required to be stripped of leading zeros + /// [(RFC 5246)](https://www.rfc-editor.org/rfc/rfc5246#section-8.1.2). + /// + /// In TLS 1.3, the calculated secret is required to be padded with leading zeros to be the same + /// byte-length as the group modulus [(RFC 8446)](https://www.rfc-editor.org/rfc/rfc8446#section-7.4.1). + /// + /// The default implementation of this method delegates to [`complete()`](Self::complete) assuming it is + /// implemented for TLS 1.3 (i.e., for FFDHE KX, removes padding as needed). Implementers of this trait + /// are encouraged to just implement [`complete()`](Self::complete) assuming TLS 1.3, and let the default + /// implementation of this method handle TLS 1.2-specific requirements. + /// + /// This method must return an error if `peer_pub_key` is invalid: either + /// mis-encoded, or an invalid public key (such as, but not limited to, being + /// in a small order subgroup). + /// + /// The shared secret is returned as a [`SharedSecret`] which can be constructed + /// from a `&[u8]`. + /// + /// This consumes and so terminates the [`ActiveKeyExchange`]. + fn complete_for_tls_version( + self: Box, + peer_pub_key: &[u8], + tls_version: &SupportedProtocolVersion, + ) -> Result { + if tls_version.version != ProtocolVersion::TLSv1_2 { + return self.complete(peer_pub_key); + } + + let group = self.group(); + let mut complete_res = self.complete(peer_pub_key)?; + if group.key_exchange_algorithm() == KeyExchangeAlgorithm::DHE { + complete_res.strip_leading_zeros(); + } + Ok(complete_res) + } + /// Return the public key being used. /// - /// The encoding required is defined in + /// For ECDHE, the encoding required is defined in /// [RFC8446 section 4.2.8.2](https://www.rfc-editor.org/rfc/rfc8446#section-4.2.8.2). + /// + /// For FFDHE, the encoding required is defined in + /// [RFC8446 section 4.2.8.1](https://www.rfc-editor.org/rfc/rfc8446#section-4.2.8.1). fn pub_key(&self) -> &[u8]; /// Return the group being used. @@ -323,12 +381,27 @@ pub trait ActiveKeyExchange: Send + Sync { /// The result from [`ActiveKeyExchange::complete`]. pub struct SharedSecret { buf: Vec, + offset: usize, } impl SharedSecret { /// Returns the shared secret as a slice of bytes. pub fn secret_bytes(&self) -> &[u8] { - &self.buf + &self.buf[self.offset..] + } + + /// Removes leading zeros from `secret_bytes()` by adjusting the `offset`. + /// + /// This function does not re-allocate. + fn strip_leading_zeros(&mut self) { + let start = self + .secret_bytes() + .iter() + .enumerate() + .find(|(_i, x)| **x != 0) + .map(|(i, _x)| i) + .unwrap_or(self.secret_bytes().len()); + self.offset += start; } } @@ -340,7 +413,10 @@ impl Drop for SharedSecret { impl From<&[u8]> for SharedSecret { fn from(source: &[u8]) -> Self { - Self { buf: source.to_vec() } + Self { + buf: source.to_vec(), + offset: 0, + } } } @@ -381,3 +457,26 @@ pub(crate) fn default_provider() -> CryptoProvider { pub fn default_fips_provider() -> CryptoProvider { crate::crypto::aws_lc_rs::default_provider() } + +#[cfg(test)] +mod tests { + use super::SharedSecret; + + #[test] + fn test_shared_secret_strip_leading_zeros() { + let test_cases = [ + (vec![0, 1], vec![1]), + (vec![1], vec![1]), + (vec![1, 0, 2], vec![1, 0, 2]), + (vec![0, 0, 1, 2], vec![1, 2]), + (vec![0, 0, 0], vec![]), + (vec![], vec![]), + ]; + for (buf, expected) in test_cases { + let mut secret = SharedSecret::from(&buf[..]); + assert_eq!(secret.secret_bytes(), buf); + secret.strip_leading_zeros(); + assert_eq!(secret.secret_bytes(), expected); + } + } +} diff --git a/rustls/src/crypto/tls12.rs b/rustls/src/crypto/tls12.rs index df373faf62..9ac561f93e 100644 --- a/rustls/src/crypto/tls12.rs +++ b/rustls/src/crypto/tls12.rs @@ -1,6 +1,7 @@ use super::hmac; use super::ActiveKeyExchange; use crate::error::Error; +use crate::version::TLS12; use alloc::boxed::Box; @@ -20,7 +21,7 @@ impl<'a> Prf for PrfUsingHmac<'a> { output, self.0 .with_key( - kx.complete(peer_pub_key)? + kx.complete_for_tls_version(peer_pub_key, &TLS12)? .secret_bytes(), ) .as_ref(), diff --git a/rustls/src/crypto/tls13.rs b/rustls/src/crypto/tls13.rs index 9637218b6b..f030875b8e 100644 --- a/rustls/src/crypto/tls13.rs +++ b/rustls/src/crypto/tls13.rs @@ -1,6 +1,7 @@ use super::hmac; use super::ActiveKeyExchange; use crate::error::Error; +use crate::version::TLS13; use alloc::boxed::Box; use zeroize::Zeroize; @@ -160,7 +161,7 @@ pub trait Hkdf: Send + Sync { ) -> Result, Error> { Ok(self.extract_from_secret( salt, - kx.complete(peer_pub_key)? + kx.complete_for_tls_version(peer_pub_key, &TLS13)? .secret_bytes(), )) } diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 2b6fdb44f1..1390531d2e 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -541,6 +541,7 @@ pub use crate::error::{ pub use crate::key_log::{KeyLog, NoKeyLog}; pub use crate::key_log_file::KeyLogFile; pub use crate::msgs::enums::NamedGroup; +pub use crate::msgs::ffdhe_groups; pub use crate::msgs::handshake::DistinguishedName; pub use crate::stream::{Stream, StreamOwned}; pub use crate::suites::{ConnectionTrafficSecrets, ExtractedSecrets, SupportedCipherSuite}; diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index f380b50191..5902d67f5a 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -1,6 +1,7 @@ #![allow(clippy::upper_case_acronyms)] #![allow(non_camel_case_types)] /// This file is autogenerated. See https://github.com/ctz/tls-hacking/ +use crate::crypto::KeyExchangeAlgorithm; use crate::msgs::codec::{Codec, Reader}; enum_builder! { @@ -193,6 +194,16 @@ enum_builder! { } } +impl NamedGroup { + /// Return the key exchange algorithm associated with this `NamedGroup` + pub fn key_exchange_algorithm(&self) -> KeyExchangeAlgorithm { + match self.get_u16() { + x if (0x100..0x200).contains(&x) => KeyExchangeAlgorithm::DHE, + _ => KeyExchangeAlgorithm::ECDHE, + } + } +} + enum_builder! { /// The `ECPointFormat` TLS protocol enum. Values in this enum are taken /// from the various RFCs covering TLS, and are listed by IANA. diff --git a/rustls/src/msgs/ffdhe_groups.rs b/rustls/src/msgs/ffdhe_groups.rs new file mode 100644 index 0000000000..9c17c4cd1e --- /dev/null +++ b/rustls/src/msgs/ffdhe_groups.rs @@ -0,0 +1,111 @@ +//! This module contains parameters for FFDHE named groups as defined +//! in [RFC 7919 Appendix A](https://datatracker.ietf.org/doc/html/rfc7919#appendix-A). + +use crate::NamedGroup; + +#[derive(Clone, Copy, PartialEq, Eq)] +/// Parameters of an FFDHE group, with Big-endian byte order +pub struct FfdheGroup<'a> { + pub p: &'a [u8], + pub g: &'a [u8], +} + +impl FfdheGroup<'static> { + /// Return the `FfdheGroup` corresponding to the provided `NamedGroup` + /// if it is indeed an FFDHE group + pub fn from_named_group(named_group: NamedGroup) -> Option { + match named_group { + NamedGroup::FFDHE2048 => Some(FFDHE2048), + NamedGroup::FFDHE3072 => Some(FFDHE3072), + NamedGroup::FFDHE4096 => Some(FFDHE4096), + NamedGroup::FFDHE6144 => Some(FFDHE6144), + NamedGroup::FFDHE8192 => Some(FFDHE8192), + _ => None, + } + } +} + +impl<'a> FfdheGroup<'a> { + /// Return the `NamedGroup` for the `FfdheGroup` if it represents one. + pub fn named_group(&self) -> Option { + match *self { + FFDHE2048 => Some(NamedGroup::FFDHE2048), + FFDHE3072 => Some(NamedGroup::FFDHE3072), + FFDHE4096 => Some(NamedGroup::FFDHE4096), + FFDHE6144 => Some(NamedGroup::FFDHE6144), + FFDHE8192 => Some(NamedGroup::FFDHE8192), + _ => None, + } + } + + /// Construct an `FfdheGroup` from the given `p` and `g`, trimming any potential leading zeros. + pub fn from_params_trimming_leading_zeros(p: &'a [u8], g: &'a [u8]) -> Self { + fn trim_leading_zeros(buf: &[u8]) -> &[u8] { + for start in 0..buf.len() { + if buf[start] != 0 { + return &buf[start..]; + } + } + &[] + } + + FfdheGroup { + p: trim_leading_zeros(p), + g: trim_leading_zeros(g), + } + } +} + +/// FFDHE2048 group defined in [RFC 7919 Appendix A.1] +/// +/// [RFC 7919 Appendix A.1]: https://datatracker.ietf.org/doc/html/rfc7919#appendix-A.1 +pub const FFDHE2048: FfdheGroup = FfdheGroup { + p: include_bytes!("ffdhe_groups/ffdhe2048-modulus.bin"), + g: &[2], +}; + +/// FFDHE3072 group defined in [RFC 7919 Appendix A.2] +/// +/// [RFC 7919 Appendix A.2]: https://datatracker.ietf.org/doc/html/rfc7919#appendix-A.2 +pub const FFDHE3072: FfdheGroup = FfdheGroup { + p: include_bytes!("ffdhe_groups/ffdhe3072-modulus.bin"), + g: &[2], +}; + +/// FFDHE4096 group defined in [RFC 7919 Appendix A.3] +/// +/// [RFC 7919 Appendix A.3]: https://datatracker.ietf.org/doc/html/rfc7919#appendix-A.3 +pub const FFDHE4096: FfdheGroup = FfdheGroup { + p: include_bytes!("ffdhe_groups/ffdhe4096-modulus.bin"), + g: &[2], +}; + +/// FFDHE6144 group defined in [RFC 7919 Appendix A.4] +/// +/// [RFC 7919 Appendix A.4]: https://datatracker.ietf.org/doc/html/rfc7919#appendix-A.4 +pub const FFDHE6144: FfdheGroup = FfdheGroup { + p: include_bytes!("ffdhe_groups/ffdhe6144-modulus.bin"), + g: &[2], +}; + +/// FFDHE8192 group defined in [RFC 7919 Appendix A.5] +/// +/// [RFC 7919 Appendix A.5]: https://datatracker.ietf.org/doc/html/rfc7919#appendix-A.5 +pub const FFDHE8192: FfdheGroup = FfdheGroup { + p: include_bytes!("ffdhe_groups/ffdhe8192-modulus.bin"), + g: &[2], +}; + +#[test] +fn named_group_ffdhe_group_roudtrip() { + use NamedGroup::*; + let ffdhe_groups = [FFDHE2048, FFDHE3072, FFDHE4096, FFDHE6144, FFDHE8192]; + for g in ffdhe_groups { + assert_eq!( + FfdheGroup::from_named_group(g) + .unwrap() + .named_group(), + Some(g) + ); + } +} diff --git a/rustls/src/msgs/ffdhe_groups/ffdhe2048-modulus.bin b/rustls/src/msgs/ffdhe_groups/ffdhe2048-modulus.bin new file mode 100644 index 0000000000..18b12b79e8 --- /dev/null +++ b/rustls/src/msgs/ffdhe_groups/ffdhe2048-modulus.bin @@ -0,0 +1,3 @@ +ÿÿÿÿÿÿÿÿ­øTX¢»Jš¯ÜV '=<ñعŃÎ-6•©á6Ad3ûÌ“Î$›>ù}/ãcc uØö²®ÄazÓßÕÕýea$3õ_nÐ…ceU=íóµW^WÉ5˜O pàæ‹w⦉ÚóïèrñX¡6­ç50¬ÊOH:yz¼ +±‚³$ûaÑ©K²Èãû¹jÚ·`×ôhOB£Þ9Mô®Víçcr» §Èî +mpžüáÍ÷âìÀ4Í(4/a‘rþœé…ƒÿŽO2îòƒÃþ;Lo­s;µü¼. ÅŽñƒ}ƒ²ÆóJ&Á²ïúˆkB8a(\—ÿÿÿÿÿÿÿÿ \ No newline at end of file diff --git a/rustls/src/msgs/ffdhe_groups/ffdhe3072-modulus.bin b/rustls/src/msgs/ffdhe_groups/ffdhe3072-modulus.bin new file mode 100644 index 0000000000..36e2cafa01 --- /dev/null +++ b/rustls/src/msgs/ffdhe_groups/ffdhe3072-modulus.bin @@ -0,0 +1,4 @@ +ÿÿÿÿÿÿÿÿ­øTX¢»Jš¯ÜV '=<ñعŃÎ-6•©á6Ad3ûÌ“Î$›>ù}/ãcc uØö²®ÄazÓßÕÕýea$3õ_nÐ…ceU=íóµW^WÉ5˜O pàæ‹w⦉ÚóïèrñX¡6­ç50¬ÊOH:yz¼ +±‚³$ûaÑ©K²Èãû¹jÚ·`×ôhOB£Þ9Mô®Víçcr» §Èî +mpžüáÍ÷âìÀ4Í(4/a‘rþœé…ƒÿŽO2îòƒÃþ;Lo­s;µü¼. ÅŽñƒ}ƒ²ÆóJ&Á²ïúˆkB8aÏÜÞ5[;e[¼4ôÞùœ8a´oÉÖæÉzÙ&‘÷÷îYŒ°úÁ†Ù®þ …’p´ “¼CyDôýDRâ×MÓdòâqõKÿ\®‚«œöžèm+Å"6: «Å!—› êÚ¿šBÕÄHN +¼ÐkúSÝï< î?Õ|%ä+fÆ.7ÿÿÿÿÿÿÿÿ \ No newline at end of file diff --git a/rustls/src/msgs/ffdhe_groups/ffdhe4096-modulus.bin b/rustls/src/msgs/ffdhe_groups/ffdhe4096-modulus.bin new file mode 100644 index 0000000000000000000000000000000000000000..698beb0bc13f6b6330fc01e248c30b224adf0762 GIT binary patch literal 512 zcmV+b0{{L0|NsC0|NsB3_*7V;yGoj`+*TkbJv{N)xy6IdEjE>@;Wj}OWHbBBlby~a zn?Ct{FXLll40YJ{fwBUw#9?~V-yYS~{bgY!GxZ-|25!)WV`Wu6?Hcp7R})@;SIIS) zPYiJ2=8JdYrit3~@91(J@mQfYt>-l`tjbSFI(d4$3bBH-B>Q2}2&qf5$m9FDYTCD8 z*Ys!|PeP;KIZgDgR_*6wa=RG|2dBvH3T<$n0{r34_u}lpGz85kG%sP1a{ip@g@gZ& zPZBcj@_~cH{yQ5?Z>@7Xwfwv;!XO33j`4$i7K5_J^GYVcvhVtcYeG0-AJ5$0HCsDn z83S9qH1yv2oB}vuv~S7Q=E(6OwSW6AY8QLwQ8> z{X|mY*GpKTa-W6vE`13(0a z^;@NWG0b{#HOPkVv@we9Y90YCo@g?u2Ve@3fiT2v$9Va1tpGR)DVd`)%Zqv%9l1Sm zKma@{PR^Pf|1S6$$ig`$+cR4h@@*xwWv|_L4x7NiU59IWnXIl|NsC0|Ns9N C4-ka_ literal 0 HcmV?d00001 diff --git a/rustls/src/msgs/ffdhe_groups/ffdhe6144-modulus.bin b/rustls/src/msgs/ffdhe_groups/ffdhe6144-modulus.bin new file mode 100644 index 0000000000000000000000000000000000000000..7d21cb5d2d5e85217bbeb4a3e7ab27ea4cf68111 GIT binary patch literal 768 zcmV+b1ONR0|NsC0|NsB3_*7V;yGoj`+*TkbJv{N)xy6IdEjE>@;Wj}OWHbBBlby~a zn?Ct{FXLll40YJ{fwBUw#9?~V-yYS~{bgY!GxZ-|25!)WV`Wu6?Hcp7R})@;SIIS) zPYiJ2=8JdYrit3~@91(J@mQfYt>-l`tjbSFI(d4$3bBH-B>Q2}2&qf5$m9FDYTCD8 z*Ys!|PeP;KIZgDgR_*6wa=RG|2dBvH3T<$n0{r34_u}lpGz85kG%sP1a{ip@g@gZ& zPZBcj@_~cH{yQ5?Z>@7Xwfwv;!XO33j`4$i7K5_J^GYVcvhVtcYeG0-AJ5$0HCsDn z83S9qH1yv2oB}vuv~S7Q=E(6OwSW6AY8QLwQ8> z{X|mY*GpKTa-W6vE`13(0a z^;@NWG0b{#HOPkVv@we9Y90YCo@g?u2Ve@3fiT2v$9Va1tpGR)DVd`)%Zqv%9l1Sm zKma@{PR^Pf|1S6$$ig`$+cR4h@@*xwWv|_L4x7NiU59I4cP(<{baU918jOu zXMHR8&+KuVA6!08 zMg$)?fk*pH{j_(bBysntsc8_nRWdHyV?fxT4)BsS1rg&4zQO!>(r#ZnQVHSc4=-XIFrhLBn$q5@q zEmMrwD+6?D=YL*eDJ(G+VyH$?UC1rCR5Oa?pHel+Tag!x&n?x;&h!K9ofr_tCo2S7 yJ8}8kYk<~2-Aay{+a76Rrj;htF=4@^9ajx`INH>t4l@;Wj}OWHbBBlby~a zn?Ct{FXLll40YJ{fwBUw#9?~V-yYS~{bgY!GxZ-|25!)WV`Wu6?Hcp7R})@;SIIS) zPYiJ2=8JdYrit3~@91(J@mQfYt>-l`tjbSFI(d4$3bBH-B>Q2}2&qf5$m9FDYTCD8 z*Ys!|PeP;KIZgDgR_*6wa=RG|2dBvH3T<$n0{r34_u}lpGz85kG%sP1a{ip@g@gZ& zPZBcj@_~cH{yQ5?Z>@7Xwfwv;!XO33j`4$i7K5_J^GYVcvhVtcYeG0-AJ5$0HCsDn z83S9qH1yv2oB}vuv~S7Q=E(6OwSW6AY8QLwQ8> z{X|mY*GpKTa-W6vE`13(0a z^;@NWG0b{#HOPkVv@we9Y90YCo@g?u2Ve@3fiT2v$9Va1tpGR)DVd`)%Zqv%9l1Sm zKma@{PR^Pf|1S6$$ig`$+cR4h@@*xwWv|_L4x7NiU59I4cP(<{baU918jOu zXMHR8&+KuVA6!08 zMg$)?fk*pH{j_(bBysntsc8_nRWdHyV?fxT4)BsS1rg&4zQO!>(r#ZnQVHSc4=-XIFrhLBn$q5@q zEmMrwD+6?D=YL*eDJ(G+VyH$?UC1rCR5Oa?pHel+Tag!x&n?x;&h!K9ofr_tCo2S7 zJ8}8kYk<~2-Aay{+a76Rrj;htF=4@^9ajx`INH>t4lo?!(Uuk77V~f{en?cAI6NFhOi>LaG8f{MhEjkq!6AEMNEXelnw9z0xB--i*}$No{xEf=cj7UF z_#H|=FQiu<{EXnbicjdagR_()+9X<%%%+`o0`paj1STbRPJ@{)YahyZz-b uXMYWs(H%+ms6;&oBIO3D^kGf`9x9ZBkNAw%jElF$#zIX0|NsC0|NsA4L for EcParameters { } } +pub(crate) trait KxDecode<'a>: fmt::Debug + Sized { + /// Decode a key exchange message given the key_exchange `algo` + fn decode(r: &mut Reader<'a>, algo: KeyExchangeAlgorithm) -> Result; +} + +#[derive(Debug)] +pub(crate) enum ClientKeyExchangeParams { + Ecdh(ClientEcdhParams), + Dh(ClientDhParams), +} + +impl ClientKeyExchangeParams { + #[cfg(feature = "tls12")] + pub(crate) fn pub_key(&self) -> &[u8] { + match self { + Self::Ecdh(ecdh) => &ecdh.public.0, + Self::Dh(dh) => &dh.public.0, + } + } + + #[cfg(feature = "tls12")] + pub(crate) fn encode(&self, buf: &mut Vec) { + match self { + Self::Ecdh(ecdh) => ecdh.encode(buf), + Self::Dh(dh) => dh.encode(buf), + } + } +} + +impl KxDecode<'_> for ClientKeyExchangeParams { + fn decode(r: &mut Reader, algo: KeyExchangeAlgorithm) -> Result { + use KeyExchangeAlgorithm::*; + Ok(match algo { + ECDHE => Self::Ecdh(ClientEcdhParams::read(r)?), + DHE => Self::Dh(ClientDhParams::read(r)?), + }) + } +} + #[derive(Debug)] pub(crate) struct ClientEcdhParams { pub(crate) public: PayloadU8, @@ -1540,6 +1588,23 @@ impl Codec<'_> for ClientEcdhParams { } } +#[derive(Debug)] +pub(crate) struct ClientDhParams { + pub(crate) public: PayloadU16, +} + +impl Codec<'_> for ClientDhParams { + fn encode(&self, bytes: &mut Vec) { + self.public.encode(bytes); + } + + fn read(r: &mut Reader) -> Result { + Ok(Self { + public: PayloadU16::read(r)?, + }) + } +} + #[derive(Debug)] pub(crate) struct ServerEcdhParams { pub(crate) curve_params: EcParameters, @@ -1576,19 +1641,100 @@ impl Codec<'_> for ServerEcdhParams { } } +#[derive(Debug)] +#[allow(non_snake_case)] +pub(crate) struct ServerDhParams { + pub(crate) dh_p: PayloadU16, + pub(crate) dh_g: PayloadU16, + pub(crate) dh_Ys: PayloadU16, +} + +impl ServerDhParams { + #[cfg(feature = "tls12")] + pub(crate) fn new(kx: &dyn ActiveKeyExchange) -> Self { + let params = match FfdheGroup::from_named_group(kx.group()) { + Some(params) => params, + None => panic!("invalid NamedGroup for DHE key exchange: {:?}", kx.group()), + }; + + Self { + dh_p: PayloadU16::new(params.p.to_vec()), + dh_g: PayloadU16::new(params.g.to_vec()), + dh_Ys: PayloadU16::new(kx.pub_key().to_vec()), + } + } + + #[cfg(feature = "tls12")] + fn named_group(&self) -> Option { + FfdheGroup::from_params_trimming_leading_zeros(&self.dh_p.0, &self.dh_g.0).named_group() + } +} + +impl Codec<'_> for ServerDhParams { + fn encode(&self, bytes: &mut Vec) { + self.dh_p.encode(bytes); + self.dh_g.encode(bytes); + self.dh_Ys.encode(bytes); + } + + fn read(r: &mut Reader) -> Result { + Ok(Self { + dh_p: PayloadU16::read(r)?, + dh_g: PayloadU16::read(r)?, + dh_Ys: PayloadU16::read(r)?, + }) + } +} + #[derive(Debug)] pub(crate) enum ServerKeyExchangeParams { Ecdh(ServerEcdhParams), + Dh(ServerDhParams), } impl ServerKeyExchangeParams { + #[cfg(feature = "tls12")] + pub(crate) fn new(kx: &dyn ActiveKeyExchange) -> Self { + match kx.group().key_exchange_algorithm() { + KeyExchangeAlgorithm::DHE => Self::Dh(ServerDhParams::new(kx)), + KeyExchangeAlgorithm::ECDHE => Self::Ecdh(ServerEcdhParams::new(kx)), + } + } + + #[cfg(feature = "tls12")] + pub(crate) fn pub_key(&self) -> &[u8] { + match self { + Self::Ecdh(ecdh) => &ecdh.public.0, + Self::Dh(dh) => &dh.dh_Ys.0, + } + } + pub(crate) fn encode(&self, buf: &mut Vec) { match self { Self::Ecdh(ecdh) => ecdh.encode(buf), + Self::Dh(dh) => dh.encode(buf), + } + } + + #[cfg(feature = "tls12")] + pub(crate) fn named_group(&self) -> Option { + match self { + Self::Ecdh(ecdh) => Some(ecdh.curve_params.named_group), + Self::Dh(dh) => dh.named_group(), } } } +impl KxDecode<'_> for ServerKeyExchangeParams { + fn decode(r: &mut Reader, algo: KeyExchangeAlgorithm) -> Result { + use KeyExchangeAlgorithm::*; + Ok(match algo { + ECDHE => Self::Ecdh(ServerEcdhParams::read(r)?), + DHE => Self::Dh(ServerDhParams::read(r)?), + }) + } +} + #[derive(Debug)] pub struct ServerKeyExchange { pub(crate) params: ServerKeyExchangeParams, @@ -1636,11 +1782,7 @@ impl ServerKeyExchangePayload { let mut rd = Reader::init(unk.bytes()); let result = ServerKeyExchange { - params: match kxa { - KeyExchangeAlgorithm::ECDHE => { - ServerKeyExchangeParams::Ecdh(ServerEcdhParams::read(&mut rd).ok()?) - }, - }, + params: ServerKeyExchangeParams::decode(&mut rd, kxa).ok()?, dss: DigitallySignedStruct::read(&mut rd).ok()?, }; diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 262ec64127..36d85b9480 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -20,7 +20,7 @@ use crate::verify::DigitallySignedStruct; use pki_types::{CertificateDer, DnsName}; -use super::handshake::{ServerKeyExchange, ServerKeyExchangeParams}; +use super::handshake::{ServerDhParams, ServerKeyExchange, ServerKeyExchangeParams}; #[test] fn rejects_short_random() { @@ -822,6 +822,17 @@ fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload { }) } +fn get_sample_serverkeyexchangepayload_dhe() -> ServerKeyExchangePayload { + ServerKeyExchangePayload::Known(ServerKeyExchange { + params: ServerKeyExchangeParams::Dh(ServerDhParams { + dh_p: PayloadU16(vec![1, 2, 3]), + dh_g: PayloadU16(vec![2]), + dh_Ys: PayloadU16(vec![1, 2]), + }), + dss: DigitallySignedStruct::new(SignatureScheme::RSA_PSS_SHA256, vec![1, 2, 3]), + }) +} + fn get_sample_serverkeyexchangepayload_unknown() -> ServerKeyExchangePayload { ServerKeyExchangePayload::Unknown(Payload::Borrowed(&[1, 2, 3])) } @@ -908,6 +919,10 @@ fn get_all_tls12_handshake_payloads() -> Vec> { get_sample_serverkeyexchangepayload_ecdhe(), ), }, + HandshakeMessagePayload { + typ: HandshakeType::ServerKeyExchange, + payload: HandshakePayload::ServerKeyExchange(get_sample_serverkeyexchangepayload_dhe()), + }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( @@ -1036,6 +1051,10 @@ fn get_all_tls13_handshake_payloads() -> Vec> { get_sample_serverkeyexchangepayload_ecdhe(), ), }, + HandshakeMessagePayload { + typ: HandshakeType::ServerKeyExchange, + payload: HandshakePayload::ServerKeyExchange(get_sample_serverkeyexchangepayload_dhe()), + }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( diff --git a/rustls/src/msgs/mod.rs b/rustls/src/msgs/mod.rs index 6f918223f9..8ae05cefbf 100644 --- a/rustls/src/msgs/mod.rs +++ b/rustls/src/msgs/mod.rs @@ -18,6 +18,7 @@ pub(crate) mod persist; #[cfg(test)] mod handshake_test; +pub mod ffdhe_groups; #[cfg(test)] mod message_test; diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 4dae3db490..82e159bb77 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -334,7 +334,7 @@ impl ExpectClientHello { }; let certkey = ActiveCertifiedKey::from_certified_key(&certkey); - let suitable_suites = self + let mut suitable_suites = self .config .provider .cipher_suites @@ -348,6 +348,32 @@ impl ExpectClientHello { .copied() .collect::>(); + let suitable_suites_before_kx_reduce_not_empty = !suitable_suites.is_empty(); + + // And supported kx groups + suites::reduce_given_kx_groups( + &mut suitable_suites, + client_hello.namedgroups_extension(), + &self + .config + .provider + .supported_kx_group_names() + .collect::>(), + ); + + if suitable_suites_before_kx_reduce_not_empty && suitable_suites.is_empty() { + return Err(cx.common.send_fatal_alert( + AlertDescription::HandshakeFailure, + PeerIncompatible::NoKxGroupsInCommon, + )); + } + + // RFC 7919 (https://datatracker.ietf.org/doc/html/rfc7919#section-4) requires us to send + // the InsufficientSecurity alert in case we don't recognize client's FFDHE groups (i.e., + // `suitable_suites` becomes empty). But that does not make a lot of sense (e.g., client + // proposes FFDHE4096 and we only support FFDHE2048), so we ignore that requirement here, + // and continue to send HandshakeFailure. + let suite = if self.config.ignore_client_order { suites::choose_ciphersuite_preferring_server( &client_hello.cipher_suites, diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 15c59a6ebe..59e79baca1 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -12,7 +12,7 @@ use crate::msgs::base::Payload; use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::codec::Codec; use crate::msgs::handshake::{ - CertificateChain, ClientEcdhParams, HandshakeMessagePayload, HandshakePayload, + CertificateChain, ClientKeyExchangeParams, HandshakeMessagePayload, HandshakePayload, }; use crate::msgs::handshake::{NewSessionTicketPayload, SessionId}; use crate::msgs::message::{Message, MessagePayload}; @@ -40,14 +40,12 @@ pub(super) use client_hello::CompleteClientHelloHandling; mod client_hello { use pki_types::CertificateDer; - use crate::crypto::SupportedKxGroup; + use crate::crypto::{KeyExchangeAlgorithm, SupportedKxGroup}; use crate::enums::SignatureScheme; use crate::msgs::enums::ECPointFormat; use crate::msgs::enums::{ClientCertificateType, Compression}; use crate::msgs::handshake::CertificateStatus; - use crate::msgs::handshake::{ - CertificateChain, ServerEcdhParams, ServerKeyExchange, ServerKeyExchangeParams, - }; + use crate::msgs::handshake::{CertificateChain, ServerKeyExchange, ServerKeyExchangeParams}; use crate::msgs::handshake::{CertificateRequestPayload, ClientSessionTicket, Random}; use crate::msgs::handshake::{ClientExtension, SessionId}; use crate::msgs::handshake::{ClientHelloPayload, ServerHelloPayload}; @@ -260,29 +258,52 @@ mod client_hello { client_hello: &ClientHelloPayload, cx: &mut ServerContext<'_>, ) -> Result<&'static dyn SupportedKxGroup, Error> { - let peer_groups_ext = client_hello - .namedgroups_extension() - .ok_or_else(|| { - cx.common.send_fatal_alert( - AlertDescription::HandshakeFailure, - PeerIncompatible::NamedGroupsExtensionRequired, - ) - })?; + let peer_groups_ext = client_hello.namedgroups_extension(); + + if peer_groups_ext.is_none() && self.suite.kx == KeyExchangeAlgorithm::ECDHE { + return Err(cx.common.send_fatal_alert( + AlertDescription::HandshakeFailure, + PeerIncompatible::NamedGroupsExtensionRequired, + )); + } trace!("namedgroups {:?}", peer_groups_ext); - self.config - .provider - .kx_groups + let peer_kx_groups = peer_groups_ext.unwrap_or(&[]); + let our_kx_groups = &self.config.provider.kx_groups; + + let matching_kx_group = our_kx_groups.iter().find(|skxg| { + skxg.name().key_exchange_algorithm() == self.suite.kx + && peer_kx_groups.contains(&skxg.name()) + }); + if let Some(&kx_group) = matching_kx_group { + return Ok(kx_group); + } + + let mut send_err = || { + cx.common.send_fatal_alert( + AlertDescription::HandshakeFailure, + PeerIncompatible::NoKxGroupsInCommon, + ) + }; + + // If kx for the selected cipher suite is DHE and no DHE groups are specified in the extension, + // the server is free to choose DHE params, we choose the first DHE kx group of the provider. + use KeyExchangeAlgorithm::DHE; + let we_get_to_choose_dhe_group = self.suite.kx == DHE + && !peer_kx_groups + .iter() + .any(|g| g.key_exchange_algorithm() == DHE); + + if !we_get_to_choose_dhe_group { + return Err(send_err()); + } + trace!("No DHE groups specified in ClientHello groups extension, server choosing DHE parameters"); + our_kx_groups .iter() - .find(|skxg| peer_groups_ext.contains(&skxg.name())) + .find(|skxg| skxg.name().key_exchange_algorithm() == DHE) .cloned() - .ok_or_else(|| { - cx.common.send_fatal_alert( - AlertDescription::HandshakeFailure, - PeerIncompatible::NoKxGroupsInCommon, - ) - }) + .ok_or_else(send_err) } fn start_resumption( @@ -438,7 +459,7 @@ mod client_hello { let kx = selected_group .start() .map_err(|_| Error::FailedToGetRandomBytes)?; - let kx_params = ServerEcdhParams::new(&*kx); + let kx_params = ServerKeyExchangeParams::new(&*kx); let mut msg = Vec::new(); msg.extend(randoms.client); @@ -451,8 +472,8 @@ mod client_hello { let sigscheme = signer.scheme(); let sig = signer.sign(&msg)?; - let skx = ServerKeyExchangePayload::Known(ServerKeyExchange { - params: ServerKeyExchangeParams::Ecdh(kx_params), + let skx = ServerKeyExchangePayload::from(ServerKeyExchange { + params: kx_params, dss: DigitallySignedStruct::new(sigscheme, sig), }); @@ -637,11 +658,14 @@ impl State for ExpectClientKx<'_> { // Complete key agreement, and set up encryption with the // resulting premaster secret. - let peer_kx_params = - tls12::decode_kx_params::(cx.common, client_kx.bytes())?; + let peer_kx_params = tls12::decode_kx_params::( + self.suite.kx, + cx.common, + client_kx.bytes(), + )?; let secrets = ConnectionSecrets::from_key_exchange( self.server_kx, - &peer_kx_params.public.0, + peer_kx_params.pub_key(), ems_seed, self.randoms, self.suite, diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index eedb411108..0535e58c5c 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -1,13 +1,16 @@ use crate::common_state::Protocol; -use crate::crypto; use crate::crypto::cipher::{AeadKey, Iv}; +use crate::crypto::{self, KeyExchangeAlgorithm}; use crate::enums::{CipherSuite, SignatureAlgorithm, SignatureScheme}; +use crate::msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS; #[cfg(feature = "tls12")] use crate::tls12::Tls12CipherSuite; use crate::tls13::Tls13CipherSuite; #[cfg(feature = "tls12")] use crate::versions::TLS12; use crate::versions::{SupportedProtocolVersion, TLS13}; +use crate::NamedGroup; +use alloc::vec::Vec; use core::fmt; @@ -134,6 +137,18 @@ impl SupportedCipherSuite { Self::Tls13(cs) => cs.fips(), } } + + /// Return the list of `KeyExchangeAlgorithm`s supported by this cipher suite. + /// + /// TLS 1.3 cipher suites support both ECDHE and DHE key exchange, but TLS 1.2 suites + /// support one or the other. + pub(crate) fn key_exchange_algorithms(&self) -> &[KeyExchangeAlgorithm] { + match self { + #[cfg(feature = "tls12")] + Self::Tls12(tls12) => core::slice::from_ref(&tls12.kx), + Self::Tls13(_) => ALL_KEY_EXCHANGE_ALGORITHMS, + } + } } impl fmt::Debug for SupportedCipherSuite { @@ -173,6 +188,60 @@ pub(crate) fn choose_ciphersuite_preferring_server( None } +/// Return a list of the ciphersuites in `all` with the suites +/// incompatible with the Groups extension removed. +pub(crate) fn reduce_given_kx_groups( + all: &mut Vec, + groups_ext: Option<&[NamedGroup]>, + supported_groups: &[NamedGroup], +) { + let mut ecdhe_kx_ok = false; + + #[cfg(feature = "tls12")] + let mut ext_has_ffdhe_groups = false; + let mut ext_has_known_ffdhe_groups = false; + for g in groups_ext.into_iter().flatten() { + if g.key_exchange_algorithm() == KeyExchangeAlgorithm::DHE { + #[cfg(feature = "tls12")] + { + ext_has_ffdhe_groups = true; + } + if supported_groups.contains(g) { + ext_has_known_ffdhe_groups = true; + } + } else if supported_groups.contains(g) { + ecdhe_kx_ok = true; + } + if ecdhe_kx_ok & ext_has_known_ffdhe_groups { + break; + } + } + + #[cfg(feature = "tls12")] + let ffdhe_kx_ok_tls12 = ext_has_known_ffdhe_groups || + // https://datatracker.ietf.org/doc/html/rfc7919#section-4 (paragraph 2) + !ext_has_ffdhe_groups && supported_groups + .iter() + .any(|g| g.key_exchange_algorithm() == KeyExchangeAlgorithm::DHE); + + let ffdhe_kx_ok_tls13 = ext_has_known_ffdhe_groups; + + all.retain(|suite| { + let suite_kx = suite.key_exchange_algorithms(); + // echde: + ecdhe_kx_ok && suite_kx.contains(&KeyExchangeAlgorithm::ECDHE) || + // dhe: + { + let ffdhe_kx_ok = match suite { + #[cfg(feature = "tls12")] + SupportedCipherSuite::Tls12(_) => ffdhe_kx_ok_tls12, + SupportedCipherSuite::Tls13(_) => ffdhe_kx_ok_tls13, + }; + ffdhe_kx_ok && suite_kx.contains(&KeyExchangeAlgorithm::DHE) + } + }) +} + /// Return true if `sigscheme` is usable by any of the given suites. pub(crate) fn compatible_sigscheme_for_suites( sigscheme: SignatureScheme, diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 2893163e28..7872ae034b 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -6,7 +6,7 @@ use crate::crypto::hash; use crate::enums::{AlertDescription, SignatureScheme}; use crate::error::{Error, InvalidMessage}; use crate::msgs::codec::{Codec, Reader}; -use crate::msgs::handshake::KeyExchangeAlgorithm; +use crate::msgs::handshake::{KeyExchangeAlgorithm, KxDecode}; use crate::suites::{CipherSuiteCommon, PartiallyExtractedSecrets, SupportedCipherSuite}; use alloc::boxed::Box; @@ -320,14 +320,15 @@ fn join_randoms(first: &[u8; 32], second: &[u8; 32]) -> [u8; 64] { type MessageCipherPair = (Box, Box); -pub(crate) fn decode_kx_params<'a, T: Codec<'a>>( +pub(crate) fn decode_kx_params<'a, T: KxDecode<'a>>( + kx_algorithm: KeyExchangeAlgorithm, common: &mut CommonState, kx_params: &'a [u8], ) -> Result { let mut rd = Reader::init(kx_params); - let ecdh_params = T::read(&mut rd)?; + let kx_params = T::decode(&mut rd, kx_algorithm)?; match rd.any_left() { - false => Ok(ecdh_params), + false => Ok(kx_params), true => Err(common.send_fatal_alert( AlertDescription::DecodeError, InvalidMessage::InvalidDhParams, @@ -341,8 +342,8 @@ pub(crate) const DOWNGRADE_SENTINEL: [u8; 8] = [0x44, 0x4f, 0x57, 0x4e, 0x47, 0x mod tests { use super::*; use crate::common_state::{CommonState, Side}; - use crate::msgs::handshake::{ClientEcdhParams, ServerEcdhParams}; - use crate::test_provider::kx_group::X25519; + use crate::msgs::handshake::ServerEcdhParams; + use crate::{msgs::handshake::ServerKeyExchangeParams, test_provider::kx_group::X25519}; #[test] fn server_ecdhe_remaining_bytes() { @@ -353,12 +354,22 @@ mod tests { server_buf.push(34); let mut common = CommonState::new(Side::Client); - assert!(decode_kx_params::(&mut common, &server_buf).is_err()); + assert!(decode_kx_params::( + KeyExchangeAlgorithm::ECDHE, + &mut common, + &server_buf + ) + .is_err()); } #[test] fn client_ecdhe_invalid() { let mut common = CommonState::new(Side::Server); - assert!(decode_kx_params::(&mut common, &[34]).is_err()); + assert!(decode_kx_params::( + KeyExchangeAlgorithm::ECDHE, + &mut common, + &[34], + ) + .is_err()); } } diff --git a/rustls/tests/api_ffdhe.rs b/rustls/tests/api_ffdhe.rs new file mode 100644 index 0000000000..a24f9f8ed8 --- /dev/null +++ b/rustls/tests/api_ffdhe.rs @@ -0,0 +1,428 @@ +#![cfg(feature = "tls12")] +#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] +//! This file contains tests that use the test-only FFDHE KX group (defined in submodule `ffdhe`) + +mod common; +use crate::common::*; + +use rustls::crypto::CryptoProvider; +use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; +use rustls::internal::msgs::message::{Message, MessagePayload}; +use rustls::internal::msgs::{base::Payload, codec::Codec}; +use rustls::version::{TLS12, TLS13}; +use rustls::{CipherSuite, ClientConfig}; + +#[test] +fn config_builder_for_client_rejects_cipher_suites_without_compatible_kx_groups() { + let bad_crypto_provider = CryptoProvider { + kx_groups: vec![&ffdhe::FFDHE2048_KX_GROUP], + cipher_suites: vec![ + provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + ffdhe::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + ], + ..provider::default_provider() + }; + + let build_err = ClientConfig::builder_with_provider(bad_crypto_provider.into()) + .with_safe_default_protocol_versions() + .unwrap_err() + .to_string(); + + // Current expected error: + // Ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 requires [ECDHE] key exchange, but no \ + // [ECDHE]-compatible key exchange groups were present in `CryptoProvider`'s `kx_groups` field + assert!(build_err.contains("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256")); + assert!(build_err.contains("ECDHE")); + assert!(build_err.contains("key exchange")); +} + +#[test] +fn ffdhe_ciphersuite() { + use provider::cipher_suite; + use rustls::version::{TLS12, TLS13}; + + let test_cases = [ + (&TLS12, ffdhe::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), + (&TLS13, cipher_suite::TLS13_CHACHA20_POLY1305_SHA256), + ]; + + for (expected_protocol, expected_cipher_suite) in test_cases { + let client_config = finish_client_config( + KeyType::Rsa, + rustls::ClientConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) + .with_protocol_versions(&[expected_protocol]) + .unwrap(), + ); + let server_config = finish_server_config( + KeyType::Rsa, + rustls::ServerConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) + .with_safe_default_protocol_versions() + .unwrap(), + ); + do_suite_test( + client_config, + server_config, + expected_cipher_suite, + expected_protocol.version, + ); + } +} + +#[test] +fn server_picks_ffdhe_group_when_clienthello_has_no_ffdhe_group_in_groups_ext() { + fn clear_named_groups_ext(msg: &mut Message) -> Altered { + if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { + if let HandshakePayload::ClientHello(ch) = &mut parsed.payload { + for mut ext in ch.extensions.iter_mut() { + if let ClientExtension::NamedGroups(ngs) = &mut ext { + ngs.clear(); + } + } + } + *encoded = Payload::new(parsed.get_encoding()); + } + Altered::InPlace + } + + let client_config = finish_client_config( + KeyType::Rsa, + rustls::ClientConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) + .with_protocol_versions(&[&rustls::version::TLS12]) + .unwrap(), + ); + let server_config = finish_server_config( + KeyType::Rsa, + rustls::ServerConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) + .with_protocol_versions(&[&rustls::version::TLS12]) + .unwrap(), + ); + + let (client, server) = make_pair_for_configs(client_config, server_config); + let (mut client, mut server) = (client.into(), server.into()); + transfer_altered(&mut client, clear_named_groups_ext, &mut server); + assert!(server.process_new_packets().is_ok()); +} + +#[test] +fn server_picks_ffdhe_group_when_clienthello_has_no_groups_ext() { + fn remove_named_groups_ext(msg: &mut Message) -> Altered { + if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { + if let HandshakePayload::ClientHello(ch) = &mut parsed.payload { + ch.extensions + .retain(|ext| !matches!(ext, ClientExtension::NamedGroups(_))); + } + *encoded = Payload::new(parsed.get_encoding()); + } + Altered::InPlace + } + + let client_config = finish_client_config( + KeyType::Rsa, + rustls::ClientConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) + .with_protocol_versions(&[&rustls::version::TLS12]) + .unwrap(), + ); + let server_config = finish_server_config( + KeyType::Rsa, + rustls::ServerConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) + .with_safe_default_protocol_versions() + .unwrap(), + ); + + let (client, server) = make_pair_for_configs(client_config, server_config); + let (mut client, mut server) = (client.into(), server.into()); + transfer_altered(&mut client, remove_named_groups_ext, &mut server); + assert!(server.process_new_packets().is_ok()); +} + +#[test] +fn server_avoids_dhe_cipher_suites_when_client_has_no_known_dhe_in_groups_ext() { + use rustls::{CipherSuite, NamedGroup}; + + let client_config = finish_client_config( + KeyType::Rsa, + rustls::ClientConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![ + ffdhe::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + ], + kx_groups: vec![ + &ffdhe::FfdheKxGroup(NamedGroup::FFDHE4096), + provider::kx_group::SECP256R1, + ], + ..provider::default_provider() + } + .into(), + ) + .with_safe_default_protocol_versions() + .unwrap(), + ); + + let server_config = finish_server_config( + KeyType::Rsa, + rustls::ServerConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![ + ffdhe::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + ], + kx_groups: vec![&ffdhe::FFDHE2048_KX_GROUP, provider::kx_group::SECP256R1], + ..provider::default_provider() + } + .into(), + ) + .with_safe_default_protocol_versions() + .unwrap(), + ); + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + transfer(&mut client, &mut server); + assert!(server.process_new_packets().is_ok()); + assert_eq!( + server + .negotiated_cipher_suite() + .unwrap() + .suite(), + CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + ); +} + +#[test] +fn server_accepts_client_with_no_ecpoints_extension_and_only_ffdhe_cipher_suites() { + fn remove_ecpoints_ext(msg: &mut Message) -> Altered { + if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { + if let HandshakePayload::ClientHello(ch) = &mut parsed.payload { + ch.extensions + .retain(|ext| !matches!(ext, ClientExtension::EcPointFormats(_))); + } + *encoded = Payload::new(parsed.get_encoding()); + } + Altered::InPlace + } + + let client_config = finish_client_config( + KeyType::Rsa, + rustls::ClientConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) + .with_protocol_versions(&[&rustls::version::TLS12]) + .unwrap(), + ); + let server_config = finish_server_config( + KeyType::Rsa, + rustls::ServerConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) + .with_safe_default_protocol_versions() + .unwrap(), + ); + + let (client, server) = make_pair_for_configs(client_config, server_config); + let (mut client, mut server) = (client.into(), server.into()); + transfer_altered(&mut client, remove_ecpoints_ext, &mut server); + assert!(server.process_new_packets().is_ok()); +} + +#[test] +fn server_avoids_cipher_suite_with_no_common_kx_groups() { + let server_config = finish_server_config( + KeyType::Rsa, + rustls::ServerConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![ + provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + ffdhe::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + provider::cipher_suite::TLS13_AES_128_GCM_SHA256, + ], + kx_groups: vec![provider::kx_group::SECP256R1, &ffdhe::FFDHE2048_KX_GROUP], + ..provider::default_provider() + } + .into(), + ) + .with_safe_default_protocol_versions() + .unwrap(), + ) + .into(); + + let test_cases = [ + ( + vec![ + // this matches: + provider::kx_group::SECP256R1, + &ffdhe::FFDHE3072_KX_GROUP, + ], + &TLS12, + CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + ), + ( + vec![ + provider::kx_group::SECP384R1, + // this matches: + &ffdhe::FFDHE2048_KX_GROUP, + ], + &TLS12, + CipherSuite::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + ), + ( + vec![ + // this matches: + provider::kx_group::SECP256R1, + &ffdhe::FFDHE3072_KX_GROUP, + ], + &TLS13, + CipherSuite::TLS13_AES_128_GCM_SHA256, + ), + ( + vec![ + provider::kx_group::SECP384R1, + // this matches: + &ffdhe::FFDHE2048_KX_GROUP, + ], + &TLS13, + CipherSuite::TLS13_AES_128_GCM_SHA256, + ), + ]; + + for (client_kx_groups, protocol_version, expected_cipher_suite) in test_cases { + let client_config = finish_client_config( + KeyType::Rsa, + rustls::ClientConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![ + provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + ffdhe::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + provider::cipher_suite::TLS13_AES_128_GCM_SHA256, + ], + kx_groups: client_kx_groups, + ..provider::default_provider() + } + .into(), + ) + .with_protocol_versions(&[protocol_version]) + .unwrap(), + ) + .into(); + + let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); + transfer(&mut client, &mut server); + assert!(dbg!(server.process_new_packets()).is_ok()); + assert_eq!( + server + .negotiated_cipher_suite() + .unwrap() + .suite(), + expected_cipher_suite + ); + assert_eq!(server.protocol_version(), Some(protocol_version.version)); + } +} + +mod ffdhe { + use crate::common::provider; + use num_bigint::BigUint; + use rustls::crypto::{ + ActiveKeyExchange, CipherSuiteCommon, CryptoProvider, KeyExchangeAlgorithm, SharedSecret, + SupportedKxGroup, + }; + use rustls::{ + ffdhe_groups::FfdheGroup, CipherSuite, NamedGroup, SupportedCipherSuite, Tls12CipherSuite, + }; + + /// A test-only `CryptoProvider`, only supporting FFDHE key exchange + pub fn ffdhe_provider() -> CryptoProvider { + CryptoProvider { + cipher_suites: FFDHE_CIPHER_SUITES.to_vec(), + kx_groups: FFDHE_KX_GROUPS.to_vec(), + ..provider::default_provider() + } + } + + static FFDHE_KX_GROUPS: &[&dyn SupportedKxGroup] = &[&FFDHE2048_KX_GROUP, &FFDHE3072_KX_GROUP]; + + pub const FFDHE2048_KX_GROUP: FfdheKxGroup = FfdheKxGroup(NamedGroup::FFDHE2048); + pub const FFDHE3072_KX_GROUP: FfdheKxGroup = FfdheKxGroup(NamedGroup::FFDHE3072); + + static FFDHE_CIPHER_SUITES: &[rustls::SupportedCipherSuite] = &[ + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + provider::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, + ]; + + /// The (test-only) TLS1.2 ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + pub static TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256); + + static TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256: Tls12CipherSuite = + match &provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 { + SupportedCipherSuite::Tls12(provider) => Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + ..provider.common + }, + kx: KeyExchangeAlgorithm::DHE, + ..**provider + }, + _ => unreachable!(), + }; + + #[derive(Debug)] + pub struct FfdheKxGroup(pub NamedGroup); + + impl SupportedKxGroup for FfdheKxGroup { + fn start(&self) -> Result, rustls::Error> { + let mut x = vec![0; 64]; + ffdhe_provider() + .secure_random + .fill(&mut x)?; + let x = BigUint::from_bytes_be(&x); + + let group = FfdheGroup::from_named_group(self.0).unwrap(); + let p = BigUint::from_bytes_be(group.p); + let g = BigUint::from_bytes_be(group.g); + + let x_pub = g.modpow(&x, &p); + let x_pub = to_bytes_be_with_len(x_pub, group.p.len()); + + Ok(Box::new(ActiveFfdheKx { + x_pub, + x, + p, + group, + named_group: self.0, + })) + } + + fn name(&self) -> NamedGroup { + self.0 + } + } + + struct ActiveFfdheKx { + x_pub: Vec, + x: BigUint, + p: BigUint, + group: FfdheGroup<'static>, + named_group: NamedGroup, + } + + impl ActiveKeyExchange for ActiveFfdheKx { + fn complete(self: Box, peer_pub_key: &[u8]) -> Result { + let peer_pub = BigUint::from_bytes_be(peer_pub_key); + let secret = peer_pub.modpow(&self.x, &self.p); + let secret = to_bytes_be_with_len(secret, self.group.p.len()); + + Ok(SharedSecret::from(&secret[..])) + } + + fn pub_key(&self) -> &[u8] { + &self.x_pub + } + + fn group(&self) -> NamedGroup { + self.named_group + } + } + + fn to_bytes_be_with_len(n: BigUint, len_bytes: usize) -> Vec { + let mut bytes = n.to_bytes_le(); + bytes.resize(len_bytes, 0); + bytes.reverse(); + bytes + } +} From 8c29d91ed38fa57be5d8ed8f9b379d742ba2c7a4 Mon Sep 17 00:00:00 2001 From: Arash Sahebolamri Date: Tue, 6 Feb 2024 11:40:00 -0800 Subject: [PATCH 0707/1145] Test FFDHE support against OpenSSL This commit adds a new test crate `openssl-tests` that includes tests of FFDHE kx and validation of baked-in FFDHE parameters --- .github/workflows/build.yml | 21 ++ Cargo.lock | 99 +++++++++ Cargo.toml | 2 + openssl-tests/Cargo.toml | 17 ++ openssl-tests/src/ffdhe.rs | 88 ++++++++ openssl-tests/src/ffdhe_kx_with_openssl.rs | 233 +++++++++++++++++++++ openssl-tests/src/lib.rs | 6 + openssl-tests/src/utils.rs | 48 +++++ openssl-tests/src/validate_ffdhe_params.rs | 89 ++++++++ rustls/src/msgs/ffdhe_groups.rs | 2 +- 10 files changed, 604 insertions(+), 1 deletion(-) create mode 100644 openssl-tests/Cargo.toml create mode 100644 openssl-tests/src/ffdhe.rs create mode 100644 openssl-tests/src/ffdhe_kx_with_openssl.rs create mode 100644 openssl-tests/src/lib.rs create mode 100644 openssl-tests/src/utils.rs create mode 100644 openssl-tests/src/validate_ffdhe_params.rs diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8be53fc119..8cba50b2e8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -390,3 +390,24 @@ jobs: - name: run cargo-check-external-types for rustls/ working-directory: rustls/ run: cargo check-external-types + + openssl-tests: + name: Run openssl-tests + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Install stable toolchain + uses: dtolnay/rust-toolchain@stable + + - name: openssl version + run: openssl version + + - name: cargo test (in openssl-tests/) + working-directory: openssl-tests/ + run: cargo test --locked -- --include-ignored + env: + RUST_BACKTRACE: 1 diff --git a/Cargo.lock b/Cargo.lock index f9499f5813..e62284cbe2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -115,6 +115,26 @@ version = "1.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca" +[[package]] +name = "asn1" +version = "0.15.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae3ecbce89a22627b5e8e6e11d69715617138290289e385cde773b1fe50befdb" +dependencies = [ + "asn1_derive", +] + +[[package]] +name = "asn1_derive" +version = "0.15.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "861af988fac460ac69a09f41e6217a8fb9178797b76fcc9478444be6a59be19c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.48", +] + [[package]] name = "async-attributes" version = "1.1.2" @@ -883,6 +903,21 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + [[package]] name = "form_urlencoded" version = "1.2.1" @@ -1588,6 +1623,44 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +[[package]] +name = "openssl" +version = "0.10.62" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8cde4d2d9200ad5909f8dac647e29482e07c3a35de8a13fce7c9c7747ad9f671" +dependencies = [ + "bitflags 2.4.2", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.48", +] + +[[package]] +name = "openssl-sys" +version = "0.9.98" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "p256" version = "0.13.2" @@ -1711,6 +1784,12 @@ dependencies = [ "spki", ] +[[package]] +name = "pkg-config" +version = "0.3.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69d3587f8a9e599cc7ec2c00e331f71c4e69a5f9a4b8a6efd5b07466b9736f9a" + [[package]] name = "platforms" version = "3.3.0" @@ -2105,6 +2184,20 @@ dependencies = [ "webpki-roots 0.26.0", ] +[[package]] +name = "rustls-openssl-tests" +version = "0.0.1" +dependencies = [ + "asn1", + "base64", + "num-bigint", + "once_cell", + "openssl", + "rustls 0.23.0-alpha.0", + "rustls-pemfile 2.0.0", + "rustls-pki-types", +] + [[package]] name = "rustls-pemfile" version = "1.0.4" @@ -2589,6 +2682,12 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7cdbaf5e132e593e9fc1de6a15bbec912395b11fb9719e061cf64f804524c503" +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + [[package]] name = "version_check" version = "0.9.4" diff --git a/Cargo.toml b/Cargo.toml index 3c8b7d8352..1a26a0f796 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,6 +2,8 @@ members = [ # CI benchmarks "ci-bench", + # Tests that require OpenSSL + "openssl-tests", # Network-based tests "connect-tests", # tests and example code diff --git a/openssl-tests/Cargo.toml b/openssl-tests/Cargo.toml new file mode 100644 index 0000000000..bd5c7b9503 --- /dev/null +++ b/openssl-tests/Cargo.toml @@ -0,0 +1,17 @@ +[package] +description = "Rustls tests that require OpenSSL" +edition = "2021" +license = "Apache-2.0 OR ISC OR MIT" +name = "rustls-openssl-tests" +publish = false +version = "0.0.1" + +[dependencies] +asn1 = "0.15" +base64 = "0.21" +num-bigint = "0.4.4" +once_cell = "1.19" +rustls = {path = "../rustls"} +rustls-pemfile = "2" +rustls-pki-types = "1.0" +openssl = "0.10" diff --git a/openssl-tests/src/ffdhe.rs b/openssl-tests/src/ffdhe.rs new file mode 100644 index 0000000000..dae7cbeab1 --- /dev/null +++ b/openssl-tests/src/ffdhe.rs @@ -0,0 +1,88 @@ +use num_bigint::BigUint; +use rustls::crypto::{ + ActiveKeyExchange, CipherSuiteCommon, KeyExchangeAlgorithm, SharedSecret, SupportedKxGroup, +}; +use rustls::ffdhe_groups::FfdheGroup; +use rustls::{CipherSuite, NamedGroup, SupportedCipherSuite, Tls12CipherSuite}; + +/// The (test-only) TLS1.2 ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 +pub static TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = + SupportedCipherSuite::Tls12(&TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256); + +#[derive(Debug)] +pub struct FfdheKxGroup(pub NamedGroup); + +impl SupportedKxGroup for FfdheKxGroup { + fn start(&self) -> Result, rustls::Error> { + let mut x = vec![0; 64]; + rustls::crypto::ring::default_provider() + .secure_random + .fill(&mut x)?; + let x = BigUint::from_bytes_be(&x); + + let group = FfdheGroup::from_named_group(self.0).unwrap(); + let p = BigUint::from_bytes_be(group.p); + let g = BigUint::from_bytes_be(group.g); + + let x_pub = g.modpow(&x, &p); + let x_pub = to_bytes_be_with_len(x_pub, group.p.len()); + + Ok(Box::new(ActiveFfdheKx { + x_pub, + x, + p, + group, + named_group: self.0, + })) + } + + fn name(&self) -> NamedGroup { + self.0 + } +} + +static TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256: Tls12CipherSuite = + match &rustls::crypto::ring::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 { + SupportedCipherSuite::Tls12(provider) => Tls12CipherSuite { + common: CipherSuiteCommon { + suite: CipherSuite::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + ..provider.common + }, + kx: KeyExchangeAlgorithm::DHE, + ..**provider + }, + _ => unreachable!(), + }; + +struct ActiveFfdheKx { + x_pub: Vec, + x: BigUint, + p: BigUint, + group: FfdheGroup<'static>, + named_group: NamedGroup, +} + +impl ActiveKeyExchange for ActiveFfdheKx { + fn complete(self: Box, peer_pub_key: &[u8]) -> Result { + let peer_pub = BigUint::from_bytes_be(peer_pub_key); + let secret = peer_pub.modpow(&self.x, &self.p); + let secret = to_bytes_be_with_len(secret, self.group.p.len()); + + Ok(SharedSecret::from(&secret[..])) + } + + fn pub_key(&self) -> &[u8] { + &self.x_pub + } + + fn group(&self) -> NamedGroup { + self.named_group + } +} + +fn to_bytes_be_with_len(n: BigUint, len_bytes: usize) -> Vec { + let mut bytes = n.to_bytes_le(); + bytes.resize(len_bytes, 0); + bytes.reverse(); + bytes +} diff --git a/openssl-tests/src/ffdhe_kx_with_openssl.rs b/openssl-tests/src/ffdhe_kx_with_openssl.rs new file mode 100644 index 0000000000..581448418b --- /dev/null +++ b/openssl-tests/src/ffdhe_kx_with_openssl.rs @@ -0,0 +1,233 @@ +use std::fs::{self, File}; +use std::io::{BufReader, Read, Write}; +use std::net::{TcpListener, TcpStream}; +use std::sync::Arc; +use std::{str, thread}; + +use rustls::crypto::ring::default_provider; +use rustls::crypto::CryptoProvider; +use rustls::version::{TLS12, TLS13}; +use rustls::{ClientConfig, RootCertStore, ServerConfig, SupportedProtocolVersion}; +use rustls_pemfile::Item; +use rustls_pki_types::{CertificateDer, PrivateKeyDer}; + +use crate::ffdhe::{self, FfdheKxGroup}; +use crate::utils::verify_openssl3_available; + +use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod}; + +#[test] +fn rustls_server_with_ffdhe_kx_tls13() { + test_rustls_server_with_ffdhe_kx(&TLS13, 1) +} + +#[test] +fn rustls_server_with_ffdhe_kx_tls12() { + test_rustls_server_with_ffdhe_kx(&TLS12, 1) +} + +fn test_rustls_server_with_ffdhe_kx( + protocol_version: &'static SupportedProtocolVersion, + iters: usize, +) { + verify_openssl3_available(); + + let message = "Hello from rustls!\n"; + + let listener = std::net::TcpListener::bind(("localhost", 0)).unwrap(); + let port = listener.local_addr().unwrap().port(); + + let server_thread = std::thread::spawn(move || { + let config = Arc::new(server_config_with_ffdhe_kx(protocol_version)); + for _ in 0..iters { + let mut server = rustls::ServerConnection::new(config.clone()).unwrap(); + let (mut tcp_stream, _addr) = listener.accept().unwrap(); + server + .writer() + .write_all(message.as_bytes()) + .unwrap(); + server + .complete_io(&mut tcp_stream) + .unwrap(); + tcp_stream.flush().unwrap(); + } + }); + + let mut connector = openssl::ssl::SslConnector::builder(SslMethod::tls()).unwrap(); + connector + .set_ca_file(CA_PEM_FILE) + .unwrap(); + connector + .set_groups_list("ffdhe2048") + .unwrap(); + + let connector = connector.build(); + + for _iter in 0..iters { + let stream = TcpStream::connect(("localhost", port)).unwrap(); + let mut stream = connector + .connect("testserver.com", stream) + .unwrap(); + + let mut buf = String::new(); + stream.read_to_string(&mut buf).unwrap(); + assert_eq!(buf, message); + } + + server_thread.join().unwrap(); +} + +#[test] +fn rustls_client_with_ffdhe_kx() { + test_rustls_client_with_ffdhe_kx(1); +} + +fn test_rustls_client_with_ffdhe_kx(iters: usize) { + verify_openssl3_available(); + + let message = "Hello from rustls!\n"; + + println!("crate openssl version: {}", openssl::version::version()); + + let mut acceptor = SslAcceptor::mozilla_modern_v5(SslMethod::tls()).unwrap(); + acceptor + .set_groups_list("ffdhe2048") + .unwrap(); + acceptor + .set_private_key_file(PRIV_KEY_FILE, SslFiletype::PEM) + .unwrap(); + acceptor + .set_certificate_chain_file(CERT_CHAIN_FILE) + .unwrap(); + acceptor.check_private_key().unwrap(); + let acceptor = Arc::new(acceptor.build()); + + let listener = TcpListener::bind(("localhost", 0)).unwrap(); + let port = listener.local_addr().unwrap().port(); + + let server_thread = std::thread::spawn(move || { + for stream in listener.incoming().take(iters) { + match stream { + Ok(stream) => { + let acceptor = acceptor.clone(); + thread::spawn(move || { + let mut stream = acceptor.accept(stream).unwrap(); + let mut buf = String::new(); + stream.read_to_string(&mut buf).unwrap(); + assert_eq!(buf, message); + }); + } + Err(e) => { + panic!("openssl connection failed: {e}"); + } + } + } + }); + + // client: + for _ in 0..iters { + let mut tcp_stream = std::net::TcpStream::connect(("localhost", port)).unwrap(); + let mut client = rustls::client::ClientConnection::new( + client_config_with_ffdhe_kx().into(), + "localhost".try_into().unwrap(), + ) + .unwrap(); + client + .writer() + .write_all(message.as_bytes()) + .unwrap(); + client + .complete_io(&mut tcp_stream) + .unwrap(); + client.send_close_notify(); + client + .write_tls(&mut tcp_stream) + .unwrap(); + tcp_stream.flush().unwrap(); + } + + server_thread.join().unwrap(); +} + +fn client_config_with_ffdhe_kx() -> ClientConfig { + ClientConfig::builder_with_provider(ffdhe_provider().into()) + // OpenSSL 3 does not support RFC 7919 with TLS 1.2: https://github.com/openssl/openssl/issues/10971 + .with_protocol_versions(&[&TLS13]) + .unwrap() + .with_root_certificates(root_ca()) + .with_no_client_auth() +} + +// TLS 1.2 requires stripping leading zeros of the shared secret, +// While TLS 1.3 requires the shared secret to be padded with zeros. +// The chance of getting a shared secret with the first byte being zero is 1 in 256, +// so we repeat the tests to have a high chance of getting a kx with this property. +#[test] +#[ignore] +fn rustls_client_with_ffdhe_kx_repeated() { + test_rustls_client_with_ffdhe_kx(512); +} + +#[test] +#[ignore] +fn rustls_server_with_ffdhe_tls13_repeated() { + test_rustls_server_with_ffdhe_kx(&TLS13, 512) +} + +#[test] +#[ignore] +fn rustls_server_with_ffdhe_tls12_repeated() { + test_rustls_server_with_ffdhe_kx(&TLS12, 512); +} + +fn root_ca() -> RootCertStore { + let mut res = RootCertStore::empty(); + res.add_parsable_certificates([CertificateDer::from(fs::read(CA_FILE).unwrap())]); + res +} + +fn load_certs() -> Vec> { + let mut reader = BufReader::new(File::open(CERT_CHAIN_FILE).unwrap()); + rustls_pemfile::certs(&mut reader) + .map(|c| c.unwrap()) + .collect() +} + +fn load_private_key() -> PrivateKeyDer<'static> { + let mut reader = BufReader::new(File::open(PRIV_KEY_FILE).unwrap()); + + match rustls_pemfile::read_one(&mut reader) + .unwrap() + .unwrap() + { + Item::Pkcs1Key(key) => key.into(), + Item::Pkcs8Key(key) => key.into(), + Item::Sec1Key(key) => key.into(), + _ => panic!("no key in key file {PRIV_KEY_FILE}"), + } +} + +fn ffdhe_provider() -> CryptoProvider { + CryptoProvider { + cipher_suites: vec![ + ffdhe::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + rustls::crypto::ring::cipher_suite::TLS13_AES_128_GCM_SHA256, + ], + kx_groups: vec![&FfdheKxGroup(rustls::NamedGroup::FFDHE2048)], + ..default_provider() + } +} + +fn server_config_with_ffdhe_kx(protocol: &'static SupportedProtocolVersion) -> ServerConfig { + ServerConfig::builder_with_provider(ffdhe_provider().into()) + .with_protocol_versions(&[protocol]) + .unwrap() + .with_no_client_auth() + .with_single_cert(load_certs(), load_private_key()) + .unwrap() +} + +const CERT_CHAIN_FILE: &str = "../test-ca/rsa/end.fullchain"; +const PRIV_KEY_FILE: &str = "../test-ca/rsa/end.key"; +const CA_FILE: &str = "../test-ca/rsa/ca.der"; +const CA_PEM_FILE: &str = "../test-ca/rsa/ca.cert"; diff --git a/openssl-tests/src/lib.rs b/openssl-tests/src/lib.rs new file mode 100644 index 0000000000..e6582799ed --- /dev/null +++ b/openssl-tests/src/lib.rs @@ -0,0 +1,6 @@ +#![cfg(test)] + +mod ffdhe; +mod ffdhe_kx_with_openssl; +mod utils; +mod validate_ffdhe_params; diff --git a/openssl-tests/src/utils.rs b/openssl-tests/src/utils.rs new file mode 100644 index 0000000000..0364d972e3 --- /dev/null +++ b/openssl-tests/src/utils.rs @@ -0,0 +1,48 @@ +use once_cell::sync::Lazy; + +pub fn verify_openssl3_available() { + static VERIFIED: Lazy<()> = Lazy::new(verify_openssl3_available_internal); + *VERIFIED +} + +/// If OpenSSL 3 is not avaialble, panics with a helpful message +fn verify_openssl3_available_internal() { + let openssl_output = std::process::Command::new("openssl") + .args(["version"]) + .output(); + match openssl_output { + Ok(output) if !output.status.success() => { + panic!( + "OpenSSL exited with an error status: {}\n{}", + output.status, + std::str::from_utf8(&output.stderr).unwrap_or_default() + ); + } + Ok(output) => { + let version_str = std::str::from_utf8(&output.stdout).unwrap(); + let parts = version_str + .split(' ') + .collect::>(); + assert_eq!( + parts.first().copied(), + Some("OpenSSL"), + "Unknown version response from OpenSSL: {version_str}" + ); + let version = parts.get(1); + let major_version = version + .and_then(|v| v.split('.').next()) + .unwrap_or_else(|| { + panic!("Unexpected version response from OpenSSL: {version_str}") + }); + assert!( + major_version + .parse::() + .is_ok_and(|v| v >= 3), + "OpenSSL 3+ is required for the tests here. The installed version is {version:?}" + ); + } + Err(e) => { + panic!("OpenSSL 3+ needs to be installed and in PATH.\nThe error encountered: {e}") + } + } +} diff --git a/openssl-tests/src/validate_ffdhe_params.rs b/openssl-tests/src/validate_ffdhe_params.rs new file mode 100644 index 0000000000..9b4f292b50 --- /dev/null +++ b/openssl-tests/src/validate_ffdhe_params.rs @@ -0,0 +1,89 @@ +use base64::prelude::*; +use rustls::ffdhe_groups::FfdheGroup; +use rustls::NamedGroup; + +use crate::utils::verify_openssl3_available; + +#[test] +fn ffdhe_params_correct() { + use NamedGroup::*; + + verify_openssl3_available(); + + let groups = [FFDHE2048, FFDHE3072, FFDHE4096, FFDHE6144, FFDHE8192]; + for group in groups { + println!("testing {group:?}"); + test_ffdhe_params_correct(group); + } +} + +fn test_ffdhe_params_correct(group: NamedGroup) { + let (p, g) = get_ffdhe_params_from_openssl(group); + let openssl_params = FfdheGroup::from_params_trimming_leading_zeros(&p, &g); + let rustls_params = FfdheGroup::from_named_group(group).unwrap(); + assert_eq!(rustls_params.named_group(), Some(group)); + + assert_eq!(rustls_params, openssl_params); +} + +/// Get FFDHE parameters `(p, g)` for the given `ffdhe_group` from OpenSSL +fn get_ffdhe_params_from_openssl(ffdhe_group: NamedGroup) -> (Vec, Vec) { + let group = match ffdhe_group { + NamedGroup::FFDHE2048 => "group:ffdhe2048", + NamedGroup::FFDHE3072 => "group:ffdhe3072", + NamedGroup::FFDHE4096 => "group:ffdhe4096", + NamedGroup::FFDHE6144 => "group:ffdhe6144", + NamedGroup::FFDHE8192 => "group:ffdhe8192", + _ => panic!("not an ffdhe group: {ffdhe_group:?}"), + }; + + let openssl_output = std::process::Command::new("openssl") + .args([ + "genpkey", + "-genparam", + "-algorithm", + "DH", + "-text", + "-pkeyopt", + group, + ]) + .output() + .unwrap(); + + parse_dh_params_pem(&openssl_output.stdout) +} + +/// Parse PEM-encoded DH parameters, returning `(p, g)` +fn parse_dh_params_pem(data: &[u8]) -> (Vec, Vec) { + let output_str = std::str::from_utf8(data).unwrap(); + let output_str_lines = output_str.lines().collect::>(); + assert_eq!(output_str_lines[0], "-----BEGIN DH PARAMETERS-----"); + + let last_line = output_str_lines + .iter() + .enumerate() + .find(|(_i, l)| **l == "-----END DH PARAMETERS-----") + .unwrap() + .0; + + let stripped = &output_str_lines[1..last_line]; + + let base64_encoded = stripped + .iter() + .fold(String::new(), |acc, l| acc + l); + + let base64_decoded = BASE64_STANDARD + .decode(base64_encoded) + .unwrap(); + + let res: asn1::ParseResult<_> = asn1::parse(&base64_decoded, |d| { + d.read_element::()? + .parse(|d| { + let p = d.read_element::()?; + let g = d.read_element::()?; + Ok((p, g)) + }) + }); + let res = res.unwrap(); + (res.0.as_bytes().to_vec(), res.1.as_bytes().to_vec()) +} diff --git a/rustls/src/msgs/ffdhe_groups.rs b/rustls/src/msgs/ffdhe_groups.rs index 9c17c4cd1e..719473995b 100644 --- a/rustls/src/msgs/ffdhe_groups.rs +++ b/rustls/src/msgs/ffdhe_groups.rs @@ -3,7 +3,7 @@ use crate::NamedGroup; -#[derive(Clone, Copy, PartialEq, Eq)] +#[derive(Clone, Copy, Debug, PartialEq, Eq)] /// Parameters of an FFDHE group, with Big-endian byte order pub struct FfdheGroup<'a> { pub p: &'a [u8], From e84c07b67e269d18b47a7e89e3e5bc50d67a9a6c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 7 Feb 2024 14:07:48 +0000 Subject: [PATCH 0708/1145] Take curve25519-dalek 4.1.2 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e62284cbe2..122b1120e8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -678,9 +678,9 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.1.1" +version = "4.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e89b8c6a2e4b1f45971ad09761aafb85514a84744b67a95e32c3cc1352d1f65c" +checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348" dependencies = [ "cfg-if", "cpufeatures", From 501f91c9e61a6d415d07a80f00033a38a88aa57f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 7 Feb 2024 14:27:22 +0000 Subject: [PATCH 0709/1145] Take semver-compatible updated deps --- Cargo.lock | 169 ++++++++++++++++++++++++------------------------ fuzz/Cargo.lock | 8 +-- 2 files changed, 89 insertions(+), 88 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 122b1120e8..8d8bf31447 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -77,9 +77,9 @@ dependencies = [ [[package]] name = "anstyle" -version = "1.0.4" +version = "1.0.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87" +checksum = "8901269c6307e8d93993578286ac0edf7f195079ffff5ebdeea6a59ffb7e36bc" [[package]] name = "anstyle-parse" @@ -191,7 +191,7 @@ checksum = "05b1b633a2115cd122d73b955eadd9916c18c8f510ec9cd1686404c60ad1c29c" dependencies = [ "async-channel 2.1.1", "async-executor", - "async-io 2.3.0", + "async-io 2.3.1", "async-lock 3.3.0", "blocking", "futures-lite 2.2.0", @@ -220,9 +220,9 @@ dependencies = [ [[package]] name = "async-io" -version = "2.3.0" +version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb41eb19024a91746eba0773aa5e16036045bbf45733766661099e182ea6a744" +checksum = "8f97ab0c5b00a7cdbe5a371b9a782ee7be1316095885c8a4ea1daf490eb0ef65" dependencies = [ "async-lock 3.3.0", "cfg-if", @@ -230,8 +230,8 @@ dependencies = [ "futures-io", "futures-lite 2.2.0", "parking", - "polling 3.3.2", - "rustix 0.38.30", + "polling 3.4.0", + "rustix 0.38.31", "slab", "tracing", "windows-sys 0.52.0", @@ -395,17 +395,17 @@ checksum = "7dfdb4953a096c551ce9ace855a604d702e6e62d77fac690575ae347571717f5" [[package]] name = "bindgen" -version = "0.69.2" +version = "0.69.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4c69fae65a523209d34240b60abe0c42d33d1045d445c0839d8a4894a736e2d" +checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" dependencies = [ "bitflags 2.4.2", "cexpr", "clang-sys", + "itertools", "lazy_static", "lazycell", "log", - "peeking_take_while", "prettyplease", "proc-macro2", "quote", @@ -893,9 +893,9 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.2.5" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7" +checksum = "1676f435fc1dadde4d03e43f5d62b259e1ce5f40bd4ffb21db2b42ebe59c1382" [[package]] name = "fnv" @@ -1116,9 +1116,9 @@ checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" [[package]] name = "hermit-abi" -version = "0.3.4" +version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d3d0e0f38255e7fa3cf31335b3a56f05febd18025f4db5ef7a0cfb4f8da651f" +checksum = "d0c62115964e08cb8039170eb33c1d0e2388a256930279edca206fff675f82c3" [[package]] name = "hex" @@ -1154,7 +1154,7 @@ dependencies = [ "tokio-rustls", "tracing", "url", - "webpki-roots 0.25.3", + "webpki-roots 0.25.4", ] [[package]] @@ -1178,7 +1178,7 @@ dependencies = [ "tokio", "tokio-rustls", "tracing", - "webpki-roots 0.25.3", + "webpki-roots 0.25.4", ] [[package]] @@ -1296,9 +1296,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.1.0" +version = "2.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f" +checksum = "824b2ae422412366ba479e8111fd301f7b5faece8149317bb81925979a53f520" dependencies = [ "equivalent", "hashbrown", @@ -1358,15 +1358,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0bad00257d07be169d870ab665980b06cdb366d792ad690bf2e76876dc503455" dependencies = [ "hermit-abi", - "rustix 0.38.30", + "rustix 0.38.31", "windows-sys 0.52.0", ] [[package]] name = "itertools" -version = "0.12.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25db6b064527c5d482d0423354fcd07a89a2dfe07b67892e62411946db7f07b0" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" dependencies = [ "either", ] @@ -1379,9 +1379,9 @@ checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" [[package]] name = "js-sys" -version = "0.3.67" +version = "0.3.68" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a1d36f1235bc969acba30b7f5990b864423a6068a10f7c90ae8f0112e3a59d1" +checksum = "406cda4b368d531c842222cf9d2600a9a4acce8d29423695379c6868a143a9ee" dependencies = [ "wasm-bindgen", ] @@ -1412,9 +1412,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.152" +version = "0.2.153" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13e3bf6590cbc649f4d1a3eefc9d5d6eb746f5200ffb04e5e142700b8faa56e7" +checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" [[package]] name = "libloading" @@ -1498,9 +1498,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.7.1" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7" dependencies = [ "adler", ] @@ -1561,6 +1561,12 @@ dependencies = [ "zeroize", ] +[[package]] +name = "num-conv" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" + [[package]] name = "num-integer" version = "0.1.45" @@ -1625,9 +1631,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "openssl" -version = "0.10.62" +version = "0.10.63" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cde4d2d9200ad5909f8dac647e29482e07c3a35de8a13fce7c9c7747ad9f671" +checksum = "15c9d69dd87a29568d4d017cfe8ec518706046a05184e5aea92d0af890b803c8" dependencies = [ "bitflags 2.4.2", "cfg-if", @@ -1651,9 +1657,9 @@ dependencies = [ [[package]] name = "openssl-sys" -version = "0.9.98" +version = "0.9.99" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7" +checksum = "22e1bf214306098e4832460f797824c05d25aacdf896f64a985fb0fd992454ae" dependencies = [ "cc", "libc", @@ -1718,12 +1724,6 @@ version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" -[[package]] -name = "peeking_take_while" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" - [[package]] name = "pem" version = "3.0.3" @@ -1786,9 +1786,9 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.28" +version = "0.3.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69d3587f8a9e599cc7ec2c00e331f71c4e69a5f9a4b8a6efd5b07466b9736f9a" +checksum = "2900ede94e305130c13ddd391e0ab7cbaeb783945ae07a279c268cb05109c6cb" [[package]] name = "platforms" @@ -1814,14 +1814,14 @@ dependencies = [ [[package]] name = "polling" -version = "3.3.2" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "545c980a3880efd47b2e262f6a4bb6daad6555cf3367aa9c4e52895f69537a41" +checksum = "30054e72317ab98eddd8561db0f6524df3367636884b7b21b703e4b280a84a14" dependencies = [ "cfg-if", "concurrent-queue", "pin-project-lite", - "rustix 0.38.30", + "rustix 0.38.31", "tracing", "windows-sys 0.52.0", ] @@ -1956,9 +1956,9 @@ dependencies = [ [[package]] name = "rcgen" -version = "0.12.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d918c80c5a4c7560db726763020bd16db179e4d5b828078842274a443addb5d" +checksum = "48406db8ac1f3cbc7dcdb56ec355343817958a356ff430259bb07baf7607e1e1" dependencies = [ "pem", "ring", @@ -1989,9 +1989,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.4" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b7fa1134405e2ec9353fd416b17f8dacd46c473d7d3fd1cf202706a14eb792a" +checksum = "5bb987efffd3c6d0d8f5f89510bb458559eab11e4f869acb20bf845e016259cd" dependencies = [ "aho-corasick", "memchr", @@ -2096,9 +2096,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.30" +version = "0.38.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "322394588aaf33c24007e8bb3238ee3e4c5c09c084ab32bc73890b99ff326bca" +checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949" dependencies = [ "bitflags 2.4.2", "errno", @@ -2135,7 +2135,7 @@ dependencies = [ "rustls-webpki 0.102.2", "rustversion", "subtle", - "webpki-roots 0.26.0", + "webpki-roots 0.26.1", "zeroize", ] @@ -2181,7 +2181,7 @@ dependencies = [ "serde", "serde_derive", "tokio", - "webpki-roots 0.26.0", + "webpki-roots 0.26.1", ] [[package]] @@ -2248,7 +2248,7 @@ dependencies = [ "serde_json", "sha2", "signature", - "webpki-roots 0.26.0", + "webpki-roots 0.26.1", "x25519-dalek", ] @@ -2324,18 +2324,18 @@ checksum = "b97ed7a9823b74f99c7742f5336af7be5ecd3eeafcb1507d1fa93347b1d589b0" [[package]] name = "serde" -version = "1.0.195" +version = "1.0.196" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "63261df402c67811e9ac6def069e4786148c4563f4b50fd4bf30aa370d626b02" +checksum = "870026e60fa08c69f064aa766c10f10b1d62db9ccd4d0abb206472bee0ce3b32" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.195" +version = "1.0.196" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46fe8f8603d81ba86327b23a2e9cdf49e1255fb94a4c5f297f6ee0547178ea2c" +checksum = "33c85360c95e7d137454dc81d9a4ed2b8efd8fbe19cee57357b32b9771fccb67" dependencies = [ "proc-macro2", "quote", @@ -2344,9 +2344,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.111" +version = "1.0.113" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "176e46fa42316f18edd598015a5166857fc835ec732f5215eac6b7bdbf0a84f4" +checksum = "69801b70b1c3dac963ecb03a364ba0ceda9cf60c71cfe475e99864759c8b8a79" dependencies = [ "itoa", "ryu", @@ -2502,11 +2502,12 @@ dependencies = [ [[package]] name = "time" -version = "0.3.31" +version = "0.3.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f657ba42c3f86e7680e53c8cd3af8abbe56b5491790b46e22e19c0d57463583e" +checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749" dependencies = [ "deranged", + "num-conv", "powerfmt", "serde", "time-core", @@ -2535,9 +2536,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.35.1" +version = "1.36.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104" +checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931" dependencies = [ "backtrace", "bytes", @@ -2678,9 +2679,9 @@ checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" [[package]] name = "value-bag" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7cdbaf5e132e593e9fc1de6a15bbec912395b11fb9719e061cf64f804524c503" +checksum = "126e423afe2dd9ac52142e7e9d5ce4135d7e13776c529d27fd6bc49f19e3280b" [[package]] name = "vcpkg" @@ -2708,9 +2709,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1223296a201415c7fad14792dbefaace9bd52b62d33453ade1c5b5f07555406" +checksum = "c1e124130aee3fb58c5bdd6b639a0509486b0338acaaae0c84a5124b0f588b7f" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -2718,9 +2719,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcdc935b63408d58a32f8cc9738a0bffd8f05cc7c002086c6ef20b7312ad9dcd" +checksum = "c9e7e1900c352b609c8488ad12639a311045f40a35491fb69ba8c12f758af70b" dependencies = [ "bumpalo", "log", @@ -2733,9 +2734,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.40" +version = "0.4.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bde2032aeb86bdfaecc8b261eef3cba735cc426c1f3a3416d1e0791be95fc461" +checksum = "877b9c3f61ceea0e56331985743b13f3d25c406a7098d45180fb5f09bc19ed97" dependencies = [ "cfg-if", "js-sys", @@ -2745,9 +2746,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e4c238561b2d428924c49815533a8b9121c664599558a5d9ec51f8a1740a999" +checksum = "b30af9e2d358182b5c7449424f017eba305ed32a7010509ede96cdc4696c46ed" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2755,9 +2756,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bae1abb6806dc1ad9e560ed242107c0f6c84335f1749dd4e8ddb012ebd5e25a7" +checksum = "642f325be6301eb8107a83d12a8ac6c1e1c54345a7ef1a9261962dfefda09e66" dependencies = [ "proc-macro2", "quote", @@ -2768,15 +2769,15 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d91413b1c31d7539ba5ef2451af3f0b833a005eb27a631cec32bc0635a8602b" +checksum = "4f186bd2dcf04330886ce82d6f33dd75a7bfcf69ecf5763b89fcde53b6ac9838" [[package]] name = "web-sys" -version = "0.3.67" +version = "0.3.68" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58cd2333b6e0be7a39605f0e255892fd7418a682d8da8fe042fe25128794d2ed" +checksum = "96565907687f7aceb35bc5fc03770a8a0471d82e479f25832f54a0e3f4b28446" dependencies = [ "js-sys", "wasm-bindgen", @@ -2784,15 +2785,15 @@ dependencies = [ [[package]] name = "webpki-roots" -version = "0.25.3" +version = "0.25.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10" +checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" [[package]] name = "webpki-roots" -version = "0.26.0" +version = "0.26.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0de2cfda980f21be5a7ed2eadb3e6fe074d56022bea2cdeb1a62eb220fc04188" +checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009" dependencies = [ "rustls-pki-types", ] @@ -2806,7 +2807,7 @@ dependencies = [ "either", "home", "once_cell", - "rustix 0.38.30", + "rustix 0.38.31", ] [[package]] @@ -2990,9 +2991,9 @@ dependencies = [ [[package]] name = "x25519-dalek" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb66477291e7e8d2b0ff1bcb900bf29489a9692816d79874bea351e7a8b6de96" +checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" dependencies = [ "curve25519-dalek", "rand_core", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 8bde904da5..2bbe3b67ae 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -25,9 +25,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "getrandom" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" +checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" dependencies = [ "cfg-if", "libc", @@ -36,9 +36,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.151" +version = "0.2.153" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4" +checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" [[package]] name = "libfuzzer-sys" From 7e19ba171d5f85ee77776163fbd525bc995a8fd5 Mon Sep 17 00:00:00 2001 From: Steve Fan <29133953+stevefan1999-personal@users.noreply.github.com> Date: Sat, 3 Feb 2024 23:02:30 +0800 Subject: [PATCH 0710/1145] docs: add rustls-rustcrypt to documented providers --- README.md | 4 ++++ rustls/src/lib.rs | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/README.md b/README.md index 27a7110ea9..6ead0283bd 100644 --- a/README.md +++ b/README.md @@ -135,11 +135,15 @@ The community has also started developing third-party providers for Rustls: * [`rustls-mbedtls-provider`] - a provider that uses [`mbedtls`] for cryptography. * [`boring-rustls-provider`] - a work-in-progress provider that uses [`boringssl`] for cryptography. +* [`rustls-rustcrypto`] - an experimental provider that uses the crypto primitives +from [`RustCrypto`] for cryptography. [`rustls-mbedtls-provider`]: https://github.com/fortanix/rustls-mbedtls-provider [`mbedtls`]: https://github.com/Mbed-TLS/mbedtls [`boring-rustls-provider`]: https://github.com/janrueth/boring-rustls-provider [`boringssl`]: https://github.com/google/boringssl +[`rustls-rustcrypto`]: https://github.com/RustCrypto/rustls-rustcrypto +[`RustCrypto`]: https://github.com/RustCrypto #### Custom provider diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 1390531d2e..9b0df7ff81 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -102,11 +102,15 @@ //! * [`rustls-mbedtls-provider`] - a provider that uses [`mbedtls`] for cryptography. //! * [`boring-rustls-provider`] - a work-in-progress provider that uses [`boringssl`] for //! cryptography. +//! * [`rustls-rustcrypto`] - an experimental provider that uses the crypto primitives +//! from [`RustCrypto`] for cryptography. //! //! [`rustls-mbedtls-provider`]: https://github.com/fortanix/rustls-mbedtls-provider //! [`mbedtls`]: https://github.com/Mbed-TLS/mbedtls //! [`boring-rustls-provider`]: https://github.com/janrueth/boring-rustls-provider //! [`boringssl`]: https://github.com/google/boringssl +//! [`rustls-rustcrypto`]: https://github.com/RustCrypto/rustls-rustcrypto +//! [`RustCrypto`]: https://github.com/RustCrypto //! //! #### Custom provider //! From e7a1b418527eceba639457dc2ad2dcb29078f612 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 29 Jan 2024 14:54:16 +0000 Subject: [PATCH 0711/1145] Introduce concept of "process default" provider One can be installed with `CryptoProvider::install_default`. First call wins. The current value can be retrieved with `CryptoProvider::get_default()`. This can be set from the crate features, if and only if they are unambigious, by installing the result of `CryptoProvider::from_crate_features()`. Use this for `ClientConfig::builder` and `ServerConfig::builder` et al. Naturally, `ClientConfig::builder_with_provider` and co. continue to exist. --- Cargo.lock | 1 + fuzz/Cargo.lock | 7 +++ rustls/Cargo.toml | 2 + rustls/src/builder.rs | 4 ++ rustls/src/client/client_conn.rs | 53 +++++++--------- rustls/src/crypto/mod.rs | 89 ++++++++++++++++++++++---- rustls/src/lib.rs | 1 + rustls/src/server/server_conn.rs | 54 +++++++--------- rustls/src/webpki/client_verifier.rs | 94 ++++++++++++++++++++-------- rustls/src/webpki/server_verifier.rs | 8 ++- rustls/tests/api.rs | 10 ++- rustls/tests/common/mod.rs | 51 ++++++--------- rustls/tests/process_provider.rs | 65 +++++++++++++++++++ 13 files changed, 300 insertions(+), 139 deletions(-) create mode 100644 rustls/tests/process_provider.rs diff --git a/Cargo.lock b/Cargo.lock index 8d8bf31447..4249f78059 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2129,6 +2129,7 @@ dependencies = [ "env_logger", "log", "num-bigint", + "once_cell", "ring", "rustls-pemfile 2.0.0", "rustls-pki-types", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 2bbe3b67ae..77f9ac26c7 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -55,6 +55,12 @@ version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +[[package]] +name = "once_cell" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" + [[package]] name = "ring" version = "0.17.7" @@ -74,6 +80,7 @@ name = "rustls" version = "0.23.0-alpha.0" dependencies = [ "log", + "once_cell", "ring", "rustls-pki-types", "rustls-webpki", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 1629976c36..99f2d5bbba 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -18,6 +18,8 @@ rustversion = { version = "1.0.6", optional = true } [dependencies] aws-lc-rs = { version = "1.6", optional = true, default-features = false, features = ["aws-lc-sys"] } log = { version = "0.4.4", optional = true } +# remove once our MSRV is >= 1.70 +once_cell = "1" ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } webpki = { package = "rustls-webpki", version = "0.102.2", features = ["std"], default-features = false } diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 5524193d5d..c0bc4c4780 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -29,6 +29,7 @@ use crate::{ClientConfig, ServerConfig}; /// /// ``` /// # #[cfg(feature = "ring")] { +/// # rustls::crypto::ring::default_provider().install_default(); /// use rustls::{ClientConfig, ServerConfig}; /// ClientConfig::builder() /// // ... @@ -44,6 +45,7 @@ use crate::{ClientConfig, ServerConfig}; /// /// ```no_run /// # #[cfg(feature = "ring")] { +/// # rustls::crypto::ring::default_provider().install_default(); /// # use rustls::ServerConfig; /// ServerConfig::builder_with_protocol_versions(&[&rustls::version::TLS13]) /// // ... @@ -79,6 +81,7 @@ use crate::{ClientConfig, ServerConfig}; /// /// ``` /// # #[cfg(feature = "ring")] { +/// # rustls::crypto::ring::default_provider().install_default(); /// # use rustls::ClientConfig; /// # let root_certs = rustls::RootCertStore::empty(); /// ClientConfig::builder() @@ -102,6 +105,7 @@ use crate::{ClientConfig, ServerConfig}; /// /// ```no_run /// # #[cfg(feature = "ring")] { +/// # rustls::crypto::ring::default_provider().install_default(); /// # use rustls::ServerConfig; /// # let certs = vec![]; /// # let private_key = pki_types::PrivateKeyDer::from( diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 58f926fb3b..08aff07975 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -1,8 +1,6 @@ use crate::builder::ConfigBuilder; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon}; -#[cfg(any(feature = "ring", feature = "fips"))] -use crate::crypto::default_provider; use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -16,9 +14,7 @@ use crate::suites::{ExtractedSecrets, SupportedCipherSuite}; use crate::unbuffered::{EncryptError, TransmitTlsData}; use crate::versions; use crate::KeyLog; -#[cfg(any(feature = "ring", feature = "fips"))] -use crate::WantsVerifier; -use crate::{verify, WantsVersions}; +use crate::{verify, WantsVerifier, WantsVersions}; use super::handy::{ClientSessionMemoryCache, NoClientSessionStorage}; use super::hs; @@ -222,43 +218,38 @@ pub struct ClientConfig { } impl ClientConfig { - /// Create a builder for a client configuration with the default - /// [`CryptoProvider`]. - /// - /// This is: - /// - /// - [`crypto::aws_lc_rs::default_provider`] if the `fips` crate feature is - /// enabled. - /// - [`crypto::ring::default_provider`] if the `ring` crate feature is - /// enabled and the `fips` crate feature is not enabled. - /// - /// If neither of these are true, this function is not available and you - /// must use [`ClientConfig::builder_with_provider()`] instead. + /// Create a builder for a client configuration with the process-default + /// [`CryptoProvider`]: [`CryptoProvider::get_default`] and safe + /// protocol version defaults. /// /// For more information, see the [`ConfigBuilder`] documentation. - #[cfg(any(feature = "ring", feature = "fips"))] pub fn builder() -> ConfigBuilder { - // Safety: we know the *ring* and aws-lc-rs providers' ciphersuites are compatible with the safe default protocol versions. - Self::builder_with_provider(default_provider().into()) - .with_safe_default_protocol_versions() - .unwrap() + Self::builder_with_protocol_versions(versions::DEFAULT_VERSIONS) } - /// Create a builder for a client configuration with the default - /// [`CryptoProvider`] (see [`ClientConfig::builder()`] for details), safe - /// ciphersuite defaults and the provided protocol versions. + /// Create a builder for a client configuration with the process-default + /// [`CryptoProvider`]: [`CryptoProvider::get_default`] and + /// the provided protocol versions. /// - /// Panics if provided an empty slice of supported versions. + /// Panics if + /// - the supported versions are not compatible with the provider (eg. + /// the combination of ciphersuites supported by the provider and supported + /// versions lead to zero cipher suites being usable), + /// - if a `CryptoProvider` cannot be resolved using a combination of + /// the crate features and process default. /// /// For more information, see the [`ConfigBuilder`] documentation. - #[cfg(any(feature = "ring", feature = "fips"))] pub fn builder_with_protocol_versions( versions: &[&'static versions::SupportedProtocolVersion], ) -> ConfigBuilder { - // Safety: we know the *ring* and aws-lc-rs providers' ciphersuites are compatible with all protocol version choices. - Self::builder_with_provider(default_provider().into()) - .with_protocol_versions(versions) - .unwrap() + // Safety assumptions: + // 1. that the provider has been installed (explicitly or implicitly) + // 2. that the process-level default provider is usable with the supplied protocol versions. + Self::builder_with_provider(Arc::clone( + CryptoProvider::get_default_or_install_from_crate_features(), + )) + .with_protocol_versions(versions) + .unwrap() } /// Create a builder for a client configuration with a specific [`CryptoProvider`]. diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index cc44acad7b..0e639915fe 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -7,6 +7,7 @@ use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; +use once_cell::sync::OnceCell; use pki_types::PrivateKeyDer; use zeroize::Zeroize; @@ -75,6 +76,25 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// This structure provides defaults. Everything in it can be overridden at /// runtime by replacing field values as needed. /// +/// # Using the per-process default `CryptoProvider` +/// +/// There is the concept of an implicit default provider, configured at run-time once in +/// a given process. +/// +/// It is used for functions like [`ClientConfig::builder()`] and [`ServerConfig::builder()`]. +/// +/// The intention is that an application can specify the [`CryptoProvider`] they wish to use +/// once, and have that apply to the variety of places where their application does TLS +/// (which may be wrapped inside other libraries). +/// They should do this by calling [`CryptoProvider::install_default()`] early on. +/// +/// To achieve this goal: +/// +/// - _libraries_ should use [`ClientConfig::builder()`]/[`ServerConfig::builder()`] +/// or otherwise rely on the [`CryptoProvider::get_default()`] provider. +/// - _applications_ should call [`CryptoProvider::install_default()`] early +/// in their `fn main()`. +/// /// # Using a specific `CryptoProvider` /// /// Supply the provider when constructing your [`ClientConfig`] or [`ServerConfig`]: @@ -197,6 +217,61 @@ pub struct CryptoProvider { } impl CryptoProvider { + /// Sets this `CryptoProvider` as the default for this process. + /// + /// This can be called successfully at most once in any process execution. + /// + /// Call this early in your process to configure which provider is used for + /// the provider. The configuration should happen before any use of + /// [`ClientConfig::builder()`] or [`ServerConfig::builder()`]. + pub fn install_default(self) -> Result<(), Arc> { + PROCESS_DEFAULT_PROVIDER.set(Arc::new(self)) + } + + /// Returns the default `CryptoProvider` for this process. + /// + /// This will be `None` if no default has been set yet. + pub fn get_default() -> Option<&'static Arc> { + PROCESS_DEFAULT_PROVIDER.get() + } + + /// An internal function that: + /// + /// - gets the pre-installed default, or + /// - installs one `from_crate_features()`, or else + /// - panics about the need to call [`CryptoProvider::install_default()`] + pub(crate) fn get_default_or_install_from_crate_features() -> &'static Arc { + if let Some(provider) = Self::get_default() { + return provider; + } + + let provider = Self::from_crate_features() + .expect("no process-level `CryptoProvider` available. call `CryptoProvider::install_default()` before this point"); + // Ignore the error resulting from us losing a race, and accept the outcome. + let _ = provider.install_default(); + Self::get_default().unwrap() + } + + /// Returns a provider named unambiguously by rustls crate features. + /// + /// This function returns `None` if the crate features are ambiguous (ie, specify two + /// providers), or specify no providers. In both cases the application should + /// explicitly specify the provider to use with [`CryptoProvider::install_default`]. + fn from_crate_features() -> Option { + #[cfg(all(feature = "ring", not(feature = "aws_lc_rs")))] + { + return Some(ring::default_provider()); + } + + #[cfg(all(feature = "aws_lc_rs", not(feature = "ring")))] + { + return Some(aws_lc_rs::default_provider()); + } + + #[allow(unreachable_code)] + None + } + /// Returns `true` if this `CryptoProvider` is operating in FIPS mode. /// /// This covers only the cryptographic parts of FIPS approval. There are @@ -225,6 +300,8 @@ impl CryptoProvider { } } +static PROCESS_DEFAULT_PROVIDER: OnceCell> = OnceCell::new(); + /// A source of cryptographically secure randomness. pub trait SecureRandom: Send + Sync + Debug { /// Fill the given buffer with random bytes. @@ -420,18 +497,6 @@ impl From<&[u8]> for SharedSecret { } } -#[cfg(any(feature = "ring", feature = "fips"))] -pub(crate) fn default_provider() -> CryptoProvider { - #[cfg(all(feature = "ring", not(feature = "fips")))] - { - crate::crypto::ring::default_provider() - } - #[cfg(feature = "fips")] - { - crate::crypto::aws_lc_rs::default_provider() - } -} - /// This function returns a [`CryptoProvider`] that uses /// FIPS140-3-approved cryptography. /// diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 9b0df7ff81..c80ed8a127 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -207,6 +207,7 @@ //! # use rustls; //! # use webpki; //! # use std::sync::Arc; +//! # rustls::crypto::ring::default_provider().install_default(); //! # let root_store = rustls::RootCertStore::from_iter( //! # webpki_roots::TLS_SERVER_ROOTS //! # .iter() diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 6889bdcfd2..3bece3d1b7 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,8 +1,6 @@ use crate::builder::ConfigBuilder; use crate::common_state::{CommonState, Context, Protocol, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon}; -#[cfg(any(feature = "ring", feature = "fips"))] -use crate::crypto::default_provider; use crate::crypto::CryptoProvider; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -14,12 +12,9 @@ use crate::msgs::message::Message; use crate::suites::ExtractedSecrets; use crate::vecbuf::ChunkVecBuffer; use crate::verify; -#[cfg(any(feature = "ring", feature = "fips"))] use crate::versions; use crate::KeyLog; -#[cfg(any(feature = "ring", feature = "fips"))] -use crate::WantsVerifier; -use crate::{sign, WantsVersions}; +use crate::{sign, WantsVerifier, WantsVersions}; use super::hs; @@ -359,43 +354,38 @@ impl Clone for ServerConfig { } impl ServerConfig { - /// Create a builder for a server configuration with the default - /// [`CryptoProvider`]. - /// - /// This is: - /// - /// - [`crypto::aws_lc_rs::default_provider`] if the `fips` crate feature is - /// enabled. - /// - [`crypto::ring::default_provider`] if the `ring` crate feature is - /// enabled and the `fips` crate feature is not enabled. - /// - /// If neither of these are true, this function is not available and you - /// must use [`ServerConfig::builder_with_provider()`] instead. + /// Create a builder for a server configuration with the process-default + /// [`CryptoProvider`]: [`CryptoProvider::get_default`] and safe + /// protocol version defaults. /// /// For more information, see the [`ConfigBuilder`] documentation. - #[cfg(any(feature = "ring", feature = "fips"))] pub fn builder() -> ConfigBuilder { - // Safety: we know the *ring* and aws-lc-rs providers' ciphersuites are compatible with the safe default protocol versions. - Self::builder_with_provider(default_provider().into()) - .with_safe_default_protocol_versions() - .unwrap() + Self::builder_with_protocol_versions(versions::DEFAULT_VERSIONS) } - /// Create a builder for a server configuration with the default - /// [`CryptoProvider`] (see [`ServerConfig::builder()`] for details), safe - /// ciphersuite defaults and the provided protocol versions. + /// Create a builder for a server configuration with the process-default + /// [`CryptoProvider`]: [`CryptoProvider::get_default`] and + /// the provided protocol versions. /// - /// Panics if provided an empty slice of supported versions. + /// Panics if + /// - the supported versions are not compatible with the provider (eg. + /// the combination of ciphersuites supported by the provider and supported + /// versions lead to zero cipher suites being usable), + /// - if a `CryptoProvider` cannot be resolved using a combination of + /// the crate features and process default. /// /// For more information, see the [`ConfigBuilder`] documentation. - #[cfg(any(feature = "ring", feature = "fips"))] pub fn builder_with_protocol_versions( versions: &[&'static versions::SupportedProtocolVersion], ) -> ConfigBuilder { - // Safety: we know the *ring* and aws-lc-rs providers' ciphersuites are compatible with all protocol version choices. - Self::builder_with_provider(default_provider().into()) - .with_protocol_versions(versions) - .unwrap() + // Safety assumptions: + // 1. that the provider has been installed (explicitly or implicitly) + // 2. that the process-level default provider is usable with the supplied protocol versions. + Self::builder_with_provider(Arc::clone( + CryptoProvider::get_default_or_install_from_crate_features(), + )) + .with_protocol_versions(versions) + .unwrap() } /// Create a builder for a server configuration with a specific [`CryptoProvider`]. diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 87f0028040..861c14b332 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -182,7 +182,7 @@ impl ClientCertVerifierBuilder { /// /// To require all clients present a client certificate issued by a trusted CA: /// ```no_run -/// # #[cfg(feature = "ring")] { +/// # #[cfg(any(feature = "ring", feature = "aws_lc_rs"))] { /// # use rustls::RootCertStore; /// # use rustls::server::WebPkiClientVerifier; /// # let roots = RootCertStore::empty(); @@ -195,7 +195,7 @@ impl ClientCertVerifierBuilder { /// Or, to allow clients presenting a client certificate authenticated by a trusted CA, or /// anonymous clients that present no client certificate: /// ```no_run -/// # #[cfg(feature = "ring")] { +/// # #[cfg(any(feature = "ring", feature = "aws_lc_rs"))] { /// # use rustls::RootCertStore; /// # use rustls::server::WebPkiClientVerifier; /// # let roots = RootCertStore::empty(); @@ -217,7 +217,7 @@ impl ClientCertVerifierBuilder { /// You can also configure the client verifier to check for certificate revocation with /// client certificate revocation lists (CRLs): /// ```no_run -/// # #[cfg(feature = "ring")] { +/// # #[cfg(any(feature = "ring", feature = "aws_lc_rs"))] { /// # use rustls::RootCertStore; /// # use rustls::server::{WebPkiClientVerifier}; /// # let roots = RootCertStore::empty(); @@ -249,13 +249,15 @@ impl WebPkiClientVerifier { /// will be verified using the trust anchors found in the provided `roots`. If you /// wish to disable client authentication use [WebPkiClientVerifier::no_client_auth()] instead. /// - /// The cryptography used comes from the default [`CryptoProvider`]: [`crypto::ring::default_provider`]. + /// The cryptography used comes from the process-default [`CryptoProvider`]: [`CryptoProvider::get_default`]. /// Use [`Self::builder_with_provider`] if you wish to customize this. /// /// For more information, see the [`ClientCertVerifierBuilder`] documentation. - #[cfg(feature = "ring")] pub fn builder(roots: Arc) -> ClientCertVerifierBuilder { - Self::builder_with_provider(roots, crate::crypto::ring::default_provider().into()) + Self::builder_with_provider( + roots, + Arc::clone(CryptoProvider::get_default_or_install_from_crate_features()), + ) } /// Create a builder for the `webpki` client certificate verifier configuration using @@ -409,6 +411,7 @@ pub(crate) enum AnonymousClientPolicy { mod tests { use super::WebPkiClientVerifier; use crate::server::VerifierBuilderError; + use crate::test_provider; use crate::RootCertStore; use pki_types::{CertificateDer, CertificateRevocationListDer}; @@ -461,7 +464,10 @@ mod tests { fn test_client_verifier_required_auth() { // We should be able to build a verifier that requires client authentication, and does // no revocation checking. - let builder = WebPkiClientVerifier::builder(test_roots()); + let builder = WebPkiClientVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); @@ -471,7 +477,11 @@ mod tests { fn test_client_verifier_optional_auth() { // We should be able to build a verifier that allows client authentication, and anonymous // access, and does no revocation checking. - let builder = WebPkiClientVerifier::builder(test_roots()).allow_unauthenticated(); + let builder = WebPkiClientVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .allow_unauthenticated(); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); @@ -482,7 +492,10 @@ mod tests { // We should be able to build a verifier that requires client authentication, and does // no revocation checking, that hasn't been configured to determine how to handle // unauthenticated clients yet. - let builder = WebPkiClientVerifier::builder(test_roots()); + let builder = WebPkiClientVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); @@ -492,7 +505,11 @@ mod tests { fn test_client_verifier_without_crls_opptional_auth() { // We should be able to build a verifier that allows client authentication, // and anonymous access, that does no revocation checking. - let builder = WebPkiClientVerifier::builder(test_roots()).allow_unauthenticated(); + let builder = WebPkiClientVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .allow_unauthenticated(); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); @@ -501,9 +518,12 @@ mod tests { #[test] fn test_with_invalid_crls() { // Trying to build a client verifier with invalid CRLs should error at build time. - let result = WebPkiClientVerifier::builder(test_roots()) - .with_crls(vec![CertificateRevocationListDer::from(vec![0xFF])]) - .build(); + let result = WebPkiClientVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .with_crls(vec![CertificateRevocationListDer::from(vec![0xFF])]) + .build(); assert!(matches!(result, Err(VerifierBuilderError::InvalidCrl(_)))); } @@ -515,9 +535,12 @@ mod tests { load_crls(&[ include_bytes!("../../../test-ca/eddsa/client.revoked.crl.pem").as_slice(), ]); - let builder = WebPkiClientVerifier::builder(test_roots()) - .with_crls(initial_crls.clone()) - .with_crls(extra_crls.clone()); + let builder = WebPkiClientVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .with_crls(initial_crls.clone()) + .with_crls(extra_crls.clone()); // There should be the expected number of crls. assert_eq!(builder.crls.len(), initial_crls.len() + extra_crls.len()); @@ -530,7 +553,11 @@ mod tests { fn test_client_verifier_with_crls_required_auth_implicit() { // We should be able to build a verifier that requires client authentication, and that does // revocation checking with CRLs, and that does not allow any anonymous access. - let builder = WebPkiClientVerifier::builder(test_roots()).with_crls(test_crls()); + let builder = WebPkiClientVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .with_crls(test_crls()); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); @@ -540,9 +567,12 @@ mod tests { fn test_client_verifier_with_crls_optional_auth() { // We should be able to build a verifier that supports client authentication, that does // revocation checking with CRLs, and that allows anonymous access. - let builder = WebPkiClientVerifier::builder(test_roots()) - .with_crls(test_crls()) - .allow_unauthenticated(); + let builder = WebPkiClientVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .with_crls(test_crls()) + .allow_unauthenticated(); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); @@ -551,9 +581,12 @@ mod tests { #[test] fn test_client_verifier_ee_only() { // We should be able to build a client verifier that only checks EE revocation status. - let builder = WebPkiClientVerifier::builder(test_roots()) - .with_crls(test_crls()) - .only_check_end_entity_revocation(); + let builder = WebPkiClientVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .with_crls(test_crls()) + .only_check_end_entity_revocation(); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); @@ -562,9 +595,12 @@ mod tests { #[test] fn test_client_verifier_allow_unknown() { // We should be able to build a client verifier that allows unknown revocation status - let builder = WebPkiClientVerifier::builder(test_roots()) - .with_crls(test_crls()) - .allow_unknown_revocation_status(); + let builder = WebPkiClientVerifier::builder_with_provider( + test_roots(), + test_provider::default_provider().into(), + ) + .with_crls(test_crls()) + .allow_unknown_revocation_status(); // The builder should be Debug. println!("{:?}", builder); builder.build().unwrap(); @@ -573,7 +609,11 @@ mod tests { #[test] fn test_builder_no_roots() { // Trying to create a client verifier builder with no trust anchors should fail at build time - let result = WebPkiClientVerifier::builder(RootCertStore::empty().into()).build(); + let result = WebPkiClientVerifier::builder_with_provider( + RootCertStore::empty().into(), + test_provider::default_provider().into(), + ) + .build(); assert!(matches!(result, Err(VerifierBuilderError::NoRootAnchors))); } diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index fb523e41d6..cea41aff4c 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -132,13 +132,15 @@ impl WebPkiServerVerifier { /// /// Server certificates will be verified using the trust anchors found in the provided `roots`. /// - /// The cryptography used comes from the default [`CryptoProvider`]: [`crypto::ring::default_provider`]. + /// The cryptography used comes from the process-default [`CryptoProvider`]: [`CryptoProvider::get_default`]. /// Use [`Self::builder_with_provider`] if you wish to customize this. /// /// For more information, see the [`ServerCertVerifierBuilder`] documentation. - #[cfg(feature = "ring")] pub fn builder(roots: Arc) -> ServerCertVerifierBuilder { - Self::builder_with_provider(roots, crate::crypto::ring::default_provider().into()) + Self::builder_with_provider( + roots, + Arc::clone(CryptoProvider::get_default_or_install_from_crate_features()), + ) } /// Create a builder for the `webpki` server certificate verifier configuration using diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 9b6e07601d..262ec73c98 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1324,7 +1324,10 @@ fn test_client_cert_resolve( for version in rustls::ALL_VERSIONS { let expected_sigschemes = match version.version { ProtocolVersion::TLSv1_2 => vec![ - #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] + #[cfg(all( + not(all(feature = "ring", not(feature = "fips"))), + feature = "aws_lc_rs" + ))] SignatureScheme::ECDSA_NISTP521_SHA512, SignatureScheme::ECDSA_NISTP384_SHA384, SignatureScheme::ECDSA_NISTP256_SHA256, @@ -1337,7 +1340,10 @@ fn test_client_cert_resolve( SignatureScheme::RSA_PKCS1_SHA256, ], ProtocolVersion::TLSv1_3 => vec![ - #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] + #[cfg(all( + not(all(feature = "ring", not(feature = "fips"))), + feature = "aws_lc_rs" + ))] SignatureScheme::ECDSA_NISTP521_SHA512, SignatureScheme::ECDSA_NISTP384_SHA384, SignatureScheme::ECDSA_NISTP256_SHA256, diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 57ef741648..670327dea1 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -345,12 +345,9 @@ impl KeyType { pub fn server_config_builder() -> rustls::ConfigBuilder { // ensure `ServerConfig::builder()` is covered, even though it is // equivalent to `builder_with_provider(provider::provider().into())`. - #[cfg(any(feature = "ring", feature = "fips"))] - { + if exactly_one_provider() { rustls::ServerConfig::builder() - } - #[cfg(all(not(feature = "ring"), not(feature = "fips")))] - { + } else { rustls::ServerConfig::builder_with_provider(provider::default_provider().into()) .with_safe_default_protocol_versions() .unwrap() @@ -360,12 +357,9 @@ pub fn server_config_builder() -> rustls::ConfigBuilder rustls::ConfigBuilder { - #[cfg(feature = "ring")] - { + if exactly_one_provider() { rustls::ServerConfig::builder_with_protocol_versions(versions) - } - #[cfg(not(feature = "ring"))] - { + } else { rustls::ServerConfig::builder_with_provider(provider::default_provider().into()) .with_protocol_versions(versions) .unwrap() @@ -375,12 +369,9 @@ pub fn server_config_builder_with_versions( pub fn client_config_builder() -> rustls::ConfigBuilder { // ensure `ClientConfig::builder()` is covered, even though it is // equivalent to `builder_with_provider(provider::provider().into())`. - #[cfg(any(feature = "ring", feature = "fips"))] - { + if exactly_one_provider() { rustls::ClientConfig::builder() - } - #[cfg(all(not(feature = "ring"), not(feature = "fips")))] - { + } else { rustls::ClientConfig::builder_with_provider(provider::default_provider().into()) .with_safe_default_protocol_versions() .unwrap() @@ -390,12 +381,9 @@ pub fn client_config_builder() -> rustls::ConfigBuilder rustls::ConfigBuilder { - #[cfg(feature = "ring")] - { + if exactly_one_provider() { rustls::ClientConfig::builder_with_protocol_versions(versions) - } - #[cfg(not(feature = "ring"))] - { + } else { rustls::ClientConfig::builder_with_provider(provider::default_provider().into()) .with_protocol_versions(versions) .unwrap() @@ -574,25 +562,17 @@ pub fn make_client_config_with_verifier( } pub fn webpki_client_verifier_builder(roots: Arc) -> ClientCertVerifierBuilder { - #[cfg(feature = "ring")] - { + if exactly_one_provider() { WebPkiClientVerifier::builder(roots) - } - - #[cfg(not(feature = "ring"))] - { + } else { WebPkiClientVerifier::builder_with_provider(roots, provider::default_provider().into()) } } pub fn webpki_server_verifier_builder(roots: Arc) -> ServerCertVerifierBuilder { - #[cfg(feature = "ring")] - { + if exactly_one_provider() { WebPkiServerVerifier::builder(roots) - } - - #[cfg(not(feature = "ring"))] - { + } else { WebPkiServerVerifier::builder_with_provider(roots, provider::default_provider().into()) } } @@ -755,3 +735,10 @@ pub fn do_suite_test( assert_eq!(Some(expect_suite), client.negotiated_cipher_suite()); assert_eq!(Some(expect_suite), server.negotiated_cipher_suite()); } + +fn exactly_one_provider() -> bool { + cfg!(any( + all(feature = "ring", not(feature = "aws_lc_rs")), + all(feature = "aws_lc_rs", not(feature = "ring")) + )) +} diff --git a/rustls/tests/process_provider.rs b/rustls/tests/process_provider.rs new file mode 100644 index 0000000000..074921653a --- /dev/null +++ b/rustls/tests/process_provider.rs @@ -0,0 +1,65 @@ +#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] + +//! Note that the default test runner builds each test file into a separate +//! executable, and runs tests in an indeterminate order. That restricts us +//! to doing all the desired tests, in series, in one function. + +use rustls::crypto::CryptoProvider; +use rustls::ClientConfig; + +mod common; +use crate::common::*; + +#[test] +fn test_process_provider() { + if dbg!(cfg!(all(feature = "ring", feature = "aws_lc_rs"))) { + test_explicit_choice_required(); + } else if dbg!(cfg!(all(feature = "ring", not(feature = "aws_lc_rs")))) { + test_ring_used_as_implicit_provider(); + } else if dbg!(cfg!(all(feature = "aws_lc_rs", not(feature = "ring")))) { + test_aws_lc_rs_used_as_implicit_provider(); + } else { + panic!("fix feature combinations"); + } +} + +fn test_explicit_choice_required() { + assert!(CryptoProvider::get_default().is_none()); + provider::default_provider() + .install_default() + .expect("cannot install"); + CryptoProvider::get_default().expect("provider missing"); + provider::default_provider() + .install_default() + .expect_err("install succeeded a second time"); + CryptoProvider::get_default().expect("provider missing"); + + // does not panic + finish_client_config(KeyType::Rsa, ClientConfig::builder()); +} + +fn test_ring_used_as_implicit_provider() { + assert!(CryptoProvider::get_default().is_none()); + + // implicitly installs ring provider + finish_client_config(KeyType::Rsa, ClientConfig::builder()); + + assert!(format!( + "{:?}", + CryptoProvider::get_default().expect("provider missing") + ) + .contains("secure_random: Ring")); +} + +fn test_aws_lc_rs_used_as_implicit_provider() { + assert!(CryptoProvider::get_default().is_none()); + + // implicitly installs aws-lc-rs provider + finish_client_config(KeyType::Rsa, ClientConfig::builder()); + + assert!(format!( + "{:?}", + CryptoProvider::get_default().expect("provider missing") + ) + .contains("secure_random: AwsLcRs")); +} From 89b8f45ba52ded89c673c2f05eecd03b2343b145 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 6 Feb 2024 16:35:05 +0000 Subject: [PATCH 0712/1145] Ensure unit tests happen for all enabled providers Prior to this, we chose one provider as a tie breaker (`crate::test_provider`) if two were enabled. That meant the other provider was left untested. Introduce a macro `test_for_each_provider!` which expands tests into their own modules for each enabled provider. `bench_for_each_provider!` ditto. Downside: this hides the test code from rustfmt :( --- rustls/src/client/handy.rs | 5 +-- rustls/src/crypto/ring/quic.rs | 5 +-- rustls/src/crypto/tls12.rs | 8 ++-- rustls/src/crypto/tls13.rs | 4 +- rustls/src/hash_hs.rs | 5 +-- rustls/src/lib.rs | 10 ++--- rustls/src/suites.rs | 12 +++--- rustls/src/test_macros.rs | 57 ++++++++++++++++++++++++++++ rustls/src/tls12/mod.rs | 7 ++-- rustls/src/tls13/key_schedule.rs | 13 +++---- rustls/src/webpki/client_verifier.rs | 26 ++++++------- rustls/src/webpki/server_verifier.rs | 17 ++++----- 12 files changed, 107 insertions(+), 62 deletions(-) create mode 100644 rustls/src/test_macros.rs diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 40d0403974..772f18fa51 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -218,8 +218,7 @@ impl client::ResolvesClientCert for AlwaysResolvesClientCert { } } -#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] -mod tests { +test_for_each_provider! { use super::NoClientSessionStorage; use crate::client::ClientSessionStore; use crate::msgs::enums::NamedGroup; @@ -228,7 +227,7 @@ mod tests { use crate::msgs::handshake::SessionId; use crate::msgs::persist::Tls13ClientSessionValue; use crate::suites::SupportedCipherSuite; - use crate::test_provider::cipher_suite; + use provider::cipher_suite; use pki_types::{ServerName, UnixTime}; diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 611e3791d3..1cbfe17d0c 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -183,12 +183,11 @@ impl crate::quic::Algorithm for KeyBuilder { } } -#[cfg(test)] -mod tests { +test_for_each_provider! { use crate::common_state::Side; use crate::crypto::tls13::OkmBlock; use crate::quic::*; - use crate::test_provider::tls13::{ + use provider::tls13::{ TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, }; diff --git a/rustls/src/crypto/tls12.rs b/rustls/src/crypto/tls12.rs index 9ac561f93e..ac853c0d49 100644 --- a/rustls/src/crypto/tls12.rs +++ b/rustls/src/crypto/tls12.rs @@ -89,7 +89,9 @@ pub(crate) fn prf(out: &mut [u8], hmac_key: &dyn hmac::Key, label: &[u8], seed: #[cfg(all(test, feature = "ring"))] mod tests { use crate::crypto::hmac::Hmac; - use crate::test_provider::hmac; + // nb: crypto::aws_lc_rs provider doesn't provide (or need) hmac, + // so cannot be used for this test. + use crate::crypto::ring::hmac; // Below known answer tests come from https://mailarchive.ietf.org/arch/msg/tls/fzVCzk-z3FShgGJ6DOXqM1ydxms/ @@ -148,12 +150,12 @@ mod tests { } } -#[cfg(all(bench, any(feature = "ring", feature = "aws_lc_rs")))] +#[cfg(all(bench, feature = "ring"))] mod benchmarks { #[bench] fn bench_sha256(b: &mut test::Bencher) { use crate::crypto::hmac::Hmac; - use crate::test_provider::hmac; + use crate::crypto::ring::hmac; let label = &b"extended master secret"[..]; let seed = [0u8; 32]; diff --git a/rustls/src/crypto/tls13.rs b/rustls/src/crypto/tls13.rs index f030875b8e..fecedcc5f3 100644 --- a/rustls/src/crypto/tls13.rs +++ b/rustls/src/crypto/tls13.rs @@ -248,7 +248,9 @@ pub struct OutputLengthError; #[cfg(all(test, feature = "ring"))] mod tests { use super::{expand, Hkdf, HkdfUsingHmac}; - use crate::test_provider::hmac; + // nb: crypto::aws_lc_rs provider doesn't provide (or need) hmac, + // so cannot be used for this test. + use crate::crypto::ring::hmac; struct ByteArray([u8; N]); diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index bb7ca239eb..71b6cbf8af 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -177,10 +177,9 @@ impl Clone for HandshakeHash { } } -#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] -mod tests { +test_for_each_provider! { use super::HandshakeHashBuffer; - use crate::test_provider::hash::SHA256; + use provider::hash::SHA256; #[test] fn hashes_correctly() { diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index c80ed8a127..13d9e9dd70 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -415,6 +415,9 @@ mod log { macro_rules! warn ( ($($tt:tt)*) => {{}} ); } +#[macro_use] +mod test_macros; + #[macro_use] mod msgs; mod common_state; @@ -524,13 +527,6 @@ pub mod unbuffered { pub use crate::conn::UnbufferedConnectionCommon; } -// Have a (non-public) "test provider" mod which supplies -// tests that need part of a *ring*-compatible provider module. -#[cfg(all(any(test, bench), not(feature = "ring"), feature = "aws_lc_rs"))] -use crate::crypto::aws_lc_rs as test_provider; -#[cfg(all(any(test, bench), feature = "ring"))] -use crate::crypto::ring as test_provider; - // The public interface is: pub use crate::builder::{ConfigBuilder, ConfigSide, WantsVerifier, WantsVersions}; pub use crate::common_state::{CommonState, IoState, Side}; diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 0535e58c5c..865af74584 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -307,12 +307,10 @@ pub enum ConnectionTrafficSecrets { }, } -#[cfg(all(test, feature = "ring"))] -#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] -mod tests { +test_for_each_provider! { use super::*; use crate::enums::CipherSuite; - use crate::test_provider::tls13::*; + use provider::tls13::*; #[test] fn test_client_pref() { @@ -342,19 +340,19 @@ mod tests { fn test_pref_fails() { assert!(choose_ciphersuite_preferring_client( &[CipherSuite::TLS_NULL_WITH_NULL_NULL], - crypto::ring::ALL_CIPHER_SUITES + provider::ALL_CIPHER_SUITES ) .is_none()); assert!(choose_ciphersuite_preferring_server( &[CipherSuite::TLS_NULL_WITH_NULL_NULL], - crypto::ring::ALL_CIPHER_SUITES + provider::ALL_CIPHER_SUITES ) .is_none()); } #[test] fn test_scs_is_debug() { - println!("{:?}", crypto::ring::ALL_CIPHER_SUITES); + println!("{:?}", provider::ALL_CIPHER_SUITES); } #[test] diff --git a/rustls/src/test_macros.rs b/rustls/src/test_macros.rs new file mode 100644 index 0000000000..7a4f1160e6 --- /dev/null +++ b/rustls/src/test_macros.rs @@ -0,0 +1,57 @@ +/// Macros used for unit testing. + +/// Instantiate the given test functions once for each built-in provider. +/// +/// The selected provider module is bound as `provider`; you can rely on this +/// having the union of the items common to the `crypto::ring` and +/// `crypto::aws_lc_rs` modules. +macro_rules! test_for_each_provider { + ($($tt:tt)+) => { + #[cfg(all(test, feature = "ring"))] + mod test_with_ring { + use crate::crypto::ring as provider; + $($tt)+ + } + + #[cfg(all(test, feature = "aws_lc_rs"))] + mod test_with_aws_lc_rs { + use crate::crypto::aws_lc_rs as provider; + $($tt)+ + } + }; +} + +/// Instantiate the given benchmark functions once for each built-in provider. +/// +/// The selected provider module is bound as `provider`; you can rely on this +/// having the union of the items common to the `crypto::ring` and +/// `crypto::aws_lc_rs` modules. +macro_rules! bench_for_each_provider { + ($($tt:tt)+) => { + #[cfg(all(bench, feature = "ring"))] + mod bench_with_ring { + use crate::crypto::ring as provider; + $($tt)+ + } + + #[cfg(all(bench, feature = "aws_lc_rs"))] + mod bench_with_aws_lc_rs { + use crate::crypto::aws_lc_rs as provider; + $($tt)+ + } + }; +} + +test_for_each_provider! { + #[test] + fn test_each_provider() { + println!("provider is {:?}", provider::default_provider()); + } +} + +bench_for_each_provider! { + #[bench] + fn bench_each_provider(b: &mut test::Bencher) { + b.iter(|| provider::default_provider()); + } +} diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 7872ae034b..420cab5e2b 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -338,12 +338,11 @@ pub(crate) fn decode_kx_params<'a, T: KxDecode<'a>>( pub(crate) const DOWNGRADE_SENTINEL: [u8; 8] = [0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01]; -#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] -mod tests { +test_for_each_provider! { use super::*; use crate::common_state::{CommonState, Side}; - use crate::msgs::handshake::ServerEcdhParams; - use crate::{msgs::handshake::ServerKeyExchangeParams, test_provider::kx_group::X25519}; + use crate::msgs::handshake::{ServerEcdhParams, ServerKeyExchangeParams}; + use provider::kx_group::X25519; #[test] fn server_ecdhe_remaining_bytes() { diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 3deb72f6d4..48a97d0f14 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -828,13 +828,12 @@ where f(expander, info) } -#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] -mod tests { +test_for_each_provider! { use core::fmt::Debug; use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; - use crate::test_provider::ring_like::aead; - use crate::test_provider::tls13::{ + use provider::ring_like::aead; + use provider::tls13::{ TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL, }; use crate::KeyLog; @@ -1010,15 +1009,13 @@ mod tests { } } -#[cfg(bench)] -mod benchmarks { - #[cfg(any(feature = "ring", feature = "aws_lc_rs"))] +bench_for_each_provider! { #[bench] fn bench_sha256(b: &mut test::Bencher) { use core::fmt::Debug; use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; - use crate::test_provider::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; + use provider::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL; use crate::KeyLog; fn extract_traffic_secret(ks: &KeySchedule, kind: SecretKind) { diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 861c14b332..448f55a674 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -407,11 +407,9 @@ pub(crate) enum AnonymousClientPolicy { Deny, } -#[cfg(all(test, feature = "ring"))] -mod tests { +test_for_each_provider! { use super::WebPkiClientVerifier; use crate::server::VerifierBuilderError; - use crate::test_provider; use crate::RootCertStore; use pki_types::{CertificateDer, CertificateRevocationListDer}; @@ -466,7 +464,7 @@ mod tests { // no revocation checking. let builder = WebPkiClientVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ); // The builder should be Debug. println!("{:?}", builder); @@ -479,7 +477,7 @@ mod tests { // access, and does no revocation checking. let builder = WebPkiClientVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .allow_unauthenticated(); // The builder should be Debug. @@ -494,7 +492,7 @@ mod tests { // unauthenticated clients yet. let builder = WebPkiClientVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ); // The builder should be Debug. println!("{:?}", builder); @@ -507,7 +505,7 @@ mod tests { // and anonymous access, that does no revocation checking. let builder = WebPkiClientVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .allow_unauthenticated(); // The builder should be Debug. @@ -520,7 +518,7 @@ mod tests { // Trying to build a client verifier with invalid CRLs should error at build time. let result = WebPkiClientVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .with_crls(vec![CertificateRevocationListDer::from(vec![0xFF])]) .build(); @@ -537,7 +535,7 @@ mod tests { ]); let builder = WebPkiClientVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .with_crls(initial_crls.clone()) .with_crls(extra_crls.clone()); @@ -555,7 +553,7 @@ mod tests { // revocation checking with CRLs, and that does not allow any anonymous access. let builder = WebPkiClientVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .with_crls(test_crls()); // The builder should be Debug. @@ -569,7 +567,7 @@ mod tests { // revocation checking with CRLs, and that allows anonymous access. let builder = WebPkiClientVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .with_crls(test_crls()) .allow_unauthenticated(); @@ -583,7 +581,7 @@ mod tests { // We should be able to build a client verifier that only checks EE revocation status. let builder = WebPkiClientVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .with_crls(test_crls()) .only_check_end_entity_revocation(); @@ -597,7 +595,7 @@ mod tests { // We should be able to build a client verifier that allows unknown revocation status let builder = WebPkiClientVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .with_crls(test_crls()) .allow_unknown_revocation_status(); @@ -611,7 +609,7 @@ mod tests { // Trying to create a client verifier builder with no trust anchors should fail at build time let result = WebPkiClientVerifier::builder_with_provider( RootCertStore::empty().into(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .build(); assert!(matches!(result, Err(VerifierBuilderError::NoRootAnchors))); diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index cea41aff4c..9ecb9cd4bf 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -282,14 +282,13 @@ impl ServerCertVerifier for WebPkiServerVerifier { } } -#[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] -mod tests { +test_for_each_provider! { use std::sync::Arc; use pki_types::{CertificateDer, CertificateRevocationListDer}; use super::{VerifierBuilderError, WebPkiServerVerifier}; - use crate::{test_provider, RootCertStore}; + use crate::RootCertStore; fn load_crls(crls_der: &[&[u8]]) -> Vec> { crls_der @@ -332,7 +331,7 @@ mod tests { // Trying to build a server verifier with invalid CRLs should error at build time. let result = WebPkiServerVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .with_crls(vec![CertificateRevocationListDer::from(vec![0xFF])]) .build(); @@ -350,7 +349,7 @@ mod tests { let builder = WebPkiServerVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .with_crls(initial_crls.clone()) .with_crls(extra_crls.clone()); @@ -367,7 +366,7 @@ mod tests { // Trying to create a server verifier builder with no trust anchors should fail at build time let result = WebPkiServerVerifier::builder_with_provider( RootCertStore::empty().into(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .build(); assert!(matches!(result, Err(VerifierBuilderError::NoRootAnchors))); @@ -378,7 +377,7 @@ mod tests { // We should be able to build a server cert. verifier that only checks the EE cert. let builder = WebPkiServerVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .only_check_end_entity_revocation(); // The builder should be Debug. @@ -392,7 +391,7 @@ mod tests { // status. let builder = WebPkiServerVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .allow_unknown_revocation_status(); // The builder should be Debug. @@ -406,7 +405,7 @@ mod tests { // status and only checks the EE cert. let builder = WebPkiServerVerifier::builder_with_provider( test_roots(), - test_provider::default_provider().into(), + provider::default_provider().into(), ) .allow_unknown_revocation_status() .only_check_end_entity_revocation(); From 1c21bdd5c88ee60f88869299e154bb0d52b69cfb Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 6 Feb 2024 17:45:59 +0000 Subject: [PATCH 0713/1145] Rework verifybench.rs: - cover all providers - now we use test::Bencher elsewhere, use it --- rustls/src/verifybench.rs | 361 ++++++++++++++++++-------------------- 1 file changed, 171 insertions(+), 190 deletions(-) diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index 458375064e..ac1045cfb6 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -1,194 +1,189 @@ // This program does benchmarking of the functions in verify.rs, // that do certificate chain validation and signature verification. -// -// Note: we don't use any of the standard 'cargo bench', 'test::Bencher', -// etc. because it's unstable at the time of writing. -#![cfg(feature = "ring")] +#![cfg(bench)] use core::time::Duration; -use std::time::Instant; -use crate::crypto::ring; +use crate::crypto::CryptoProvider; use crate::verify::ServerCertVerifier; use crate::webpki::{RootCertStore, WebPkiServerVerifier}; -use pki_types::{CertificateDer, UnixTime}; +use pki_types::{CertificateDer, ServerName, UnixTime}; use webpki_roots; -fn duration_nanos(d: Duration) -> u64 { - ((d.as_secs() as f64) * 1e9 + (d.subsec_nanos() as f64)) as u64 -} - -#[test] -fn test_reddit_cert() { - Context::new( - "reddit", - "reddit.com", - &[ - include_bytes!("testdata/cert-reddit.0.der"), - include_bytes!("testdata/cert-reddit.1.der"), - ], - ) - .bench(100) -} +bench_for_each_provider! { + use super::Context; + + #[bench] + fn reddit_cert(b: &mut test::Bencher) { + let ctx = Context::new( + provider::default_provider(), + "reddit.com", + &[ + include_bytes!("testdata/cert-reddit.0.der"), + include_bytes!("testdata/cert-reddit.1.der"), + ], + ); + b.iter(|| ctx.verify_once()); + } -#[test] -fn test_github_cert() { - Context::new( - "github", - "github.com", - &[ - include_bytes!("testdata/cert-github.0.der"), - include_bytes!("testdata/cert-github.1.der"), - ], - ) - .bench(100) -} + #[bench] + fn github_cert(b: &mut test::Bencher) { + let ctx = Context::new( + provider::default_provider(), + "github.com", + &[ + include_bytes!("testdata/cert-github.0.der"), + include_bytes!("testdata/cert-github.1.der"), + ], + ); + b.iter(|| ctx.verify_once()); + } -#[test] -fn test_arstechnica_cert() { - Context::new( - "arstechnica", - "arstechnica.com", - &[ - include_bytes!("testdata/cert-arstechnica.0.der"), - include_bytes!("testdata/cert-arstechnica.1.der"), - include_bytes!("testdata/cert-arstechnica.2.der"), - include_bytes!("testdata/cert-arstechnica.3.der"), - ], - ) - .bench(100) -} + #[bench] + fn arstechnica_cert(b: &mut test::Bencher) { + let ctx = Context::new( + provider::default_provider(), + "arstechnica.com", + &[ + include_bytes!("testdata/cert-arstechnica.0.der"), + include_bytes!("testdata/cert-arstechnica.1.der"), + include_bytes!("testdata/cert-arstechnica.2.der"), + include_bytes!("testdata/cert-arstechnica.3.der"), + ], + ); + b.iter(|| ctx.verify_once()); + } -#[test] -fn test_servo_cert() { - Context::new( - "servo", - "servo.org", - &[ - include_bytes!("testdata/cert-servo.0.der"), - include_bytes!("testdata/cert-servo.1.der"), - ], - ) - .bench(100) -} + #[bench] + fn servo_cert(b: &mut test::Bencher) { + let ctx = Context::new( + provider::default_provider(), + "servo.org", + &[ + include_bytes!("testdata/cert-servo.0.der"), + include_bytes!("testdata/cert-servo.1.der"), + ], + ); + b.iter(|| ctx.verify_once()); + } -#[test] -fn test_twitter_cert() { - Context::new( - "twitter", - "twitter.com", - &[ - include_bytes!("testdata/cert-twitter.0.der"), - include_bytes!("testdata/cert-twitter.1.der"), - ], - ) - .bench(100) -} + #[bench] + fn twitter_cert(b: &mut test::Bencher) { + let ctx = Context::new( + provider::default_provider(), + "twitter.com", + &[ + include_bytes!("testdata/cert-twitter.0.der"), + include_bytes!("testdata/cert-twitter.1.der"), + ], + ); + b.iter(|| ctx.verify_once()); + } -#[test] -fn test_wikipedia_cert() { - Context::new( - "wikipedia", - "wikipedia.org", - &[ - include_bytes!("testdata/cert-wikipedia.0.der"), - include_bytes!("testdata/cert-wikipedia.1.der"), - ], - ) - .bench(100) -} + #[bench] + fn wikipedia_cert(b: &mut test::Bencher) { + let ctx = Context::new( + provider::default_provider(), + "wikipedia.org", + &[ + include_bytes!("testdata/cert-wikipedia.0.der"), + include_bytes!("testdata/cert-wikipedia.1.der"), + ], + ); + b.iter(|| ctx.verify_once()); + } -#[test] -fn test_google_cert() { - Context::new( - "google", - "www.google.com", - &[ - include_bytes!("testdata/cert-google.0.der"), - include_bytes!("testdata/cert-google.1.der"), - ], - ) - .bench(100) -} + #[bench] + fn google_cert(b: &mut test::Bencher) { + let ctx = Context::new( + provider::default_provider(), + "www.google.com", + &[ + include_bytes!("testdata/cert-google.0.der"), + include_bytes!("testdata/cert-google.1.der"), + ], + ); + b.iter(|| ctx.verify_once()); + } -#[test] -fn test_hn_cert() { - Context::new( - "hn", - "news.ycombinator.com", - &[ - include_bytes!("testdata/cert-hn.0.der"), - include_bytes!("testdata/cert-hn.1.der"), - ], - ) - .bench(100) -} + #[bench] + fn hn_cert(b: &mut test::Bencher) { + let ctx = Context::new( + provider::default_provider(), + "news.ycombinator.com", + &[ + include_bytes!("testdata/cert-hn.0.der"), + include_bytes!("testdata/cert-hn.1.der"), + ], + ); + b.iter(|| ctx.verify_once()); + } -#[test] -fn test_stackoverflow_cert() { - Context::new( - "stackoverflow", - "stackoverflow.com", - &[ - include_bytes!("testdata/cert-stackoverflow.0.der"), - include_bytes!("testdata/cert-stackoverflow.1.der"), - ], - ) - .bench(100) -} + #[bench] + fn stackoverflow_cert(b: &mut test::Bencher) { + let ctx = Context::new( + provider::default_provider(), + "stackoverflow.com", + &[ + include_bytes!("testdata/cert-stackoverflow.0.der"), + include_bytes!("testdata/cert-stackoverflow.1.der"), + ], + ); + b.iter(|| ctx.verify_once()); + } -#[test] -fn test_duckduckgo_cert() { - Context::new( - "duckduckgo", - "duckduckgo.com", - &[ - include_bytes!("testdata/cert-duckduckgo.0.der"), - include_bytes!("testdata/cert-duckduckgo.1.der"), - ], - ) - .bench(100) -} + #[bench] + fn duckduckgo_cert(b: &mut test::Bencher) { + let ctx = Context::new( + provider::default_provider(), + "duckduckgo.com", + &[ + include_bytes!("testdata/cert-duckduckgo.0.der"), + include_bytes!("testdata/cert-duckduckgo.1.der"), + ], + ); + b.iter(|| ctx.verify_once()); + } -#[test] -fn test_rustlang_cert() { - Context::new( - "rustlang", - "www.rust-lang.org", - &[ - include_bytes!("testdata/cert-rustlang.0.der"), - include_bytes!("testdata/cert-rustlang.1.der"), - include_bytes!("testdata/cert-rustlang.2.der"), - ], - ) - .bench(100) -} + #[bench] + fn rustlang_cert(b: &mut test::Bencher) { + let ctx = Context::new( + provider::default_provider(), + "www.rust-lang.org", + &[ + include_bytes!("testdata/cert-rustlang.0.der"), + include_bytes!("testdata/cert-rustlang.1.der"), + include_bytes!("testdata/cert-rustlang.2.der"), + ], + ); + b.iter(|| ctx.verify_once()); + } -#[test] -fn test_wapo_cert() { - Context::new( - "wapo", - "www.washingtonpost.com", - &[ - include_bytes!("testdata/cert-wapo.0.der"), - include_bytes!("testdata/cert-wapo.1.der"), - ], - ) - .bench(100) + #[bench] + fn wapo_cert(b: &mut test::Bencher) { + let ctx = Context::new( + provider::default_provider(), + "www.washingtonpost.com", + &[ + include_bytes!("testdata/cert-wapo.0.der"), + include_bytes!("testdata/cert-wapo.1.der"), + ], + ); + b.iter(|| ctx.verify_once()); + } } struct Context { - name: &'static str, - domain: &'static str, - roots: RootCertStore, + server_name: ServerName<'static>, chain: Vec>, now: UnixTime, + verifier: WebPkiServerVerifier, } impl Context { - fn new(name: &'static str, domain: &'static str, certs: &[&'static [u8]]) -> Self { + fn new(provider: CryptoProvider, domain: &'static str, certs: &[&'static [u8]]) -> Self { let mut roots = RootCertStore::empty(); roots.extend( webpki_roots::TLS_SERVER_ROOTS @@ -196,46 +191,32 @@ impl Context { .cloned(), ); Self { - name, - domain, - roots, + server_name: domain.try_into().unwrap(), chain: certs .iter() .copied() .map(|bytes| CertificateDer::from(bytes.to_vec())) .collect(), now: UnixTime::since_unix_epoch(Duration::from_secs(1_640_870_720)), + verifier: WebPkiServerVerifier::new_without_revocation( + roots, + provider.signature_verification_algorithms, + ), } } - fn bench(&self, count: usize) { - let verifier = WebPkiServerVerifier::new_without_revocation( - self.roots.clone(), - ring::default_provider().signature_verification_algorithms, - ); + fn verify_once(&self) { const OCSP_RESPONSE: &[u8] = &[]; - let mut times = Vec::new(); let (end_entity, intermediates) = self.chain.split_first().unwrap(); - for _ in 0..count { - let start = Instant::now(); - let server_name = self.domain.try_into().unwrap(); - verifier - .verify_server_cert( - end_entity, - intermediates, - &server_name, - OCSP_RESPONSE, - self.now, - ) - .unwrap(); - times.push(duration_nanos(Instant::now().duration_since(start))); - } - - println!( - "verify_server_cert({}): min {:?}us", - self.name, - times.iter().min().unwrap() / 1000 - ); + self.verifier + .verify_server_cert( + end_entity, + intermediates, + &self.server_name, + OCSP_RESPONSE, + self.now, + ) + .unwrap(); } } From 94107b0376353ea2939be937bfe8e0ac88e0205c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 9 Feb 2024 10:49:53 +0000 Subject: [PATCH 0714/1145] tests: move `CountingLogger` and co to bottom --- rustls/tests/api.rs | 132 ++++++++++++++++++++++---------------------- 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 262ec73c98..f1ba9da349 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5210,72 +5210,6 @@ fn test_acceptor() { assert!(acceptor.accept().is_err()); } -#[derive(Default, Debug)] -struct LogCounts { - trace: usize, - debug: usize, - info: usize, - warn: usize, - error: usize, -} - -impl LogCounts { - fn new() -> Self { - Self { - ..Default::default() - } - } - - fn reset(&mut self) { - *self = Self::new(); - } - - fn add(&mut self, level: log::Level) { - match level { - log::Level::Trace => self.trace += 1, - log::Level::Debug => self.debug += 1, - log::Level::Info => self.info += 1, - log::Level::Warn => self.warn += 1, - log::Level::Error => self.error += 1, - } - } -} - -thread_local!(static COUNTS: RefCell = RefCell::new(LogCounts::new())); - -struct CountingLogger; - -static LOGGER: CountingLogger = CountingLogger; - -impl CountingLogger { - fn install() { - log::set_logger(&LOGGER).unwrap(); - log::set_max_level(log::LevelFilter::Trace); - } - - fn reset() { - COUNTS.with(|c| { - c.borrow_mut().reset(); - }); - } -} - -impl log::Log for CountingLogger { - fn enabled(&self, _metadata: &log::Metadata) -> bool { - true - } - - fn log(&self, record: &log::Record) { - println!("logging at {:?}: {:?}", record.level(), record.args()); - - COUNTS.with(|c| { - c.borrow_mut().add(record.level()); - }); - } - - fn flush(&self) {} -} - #[test] fn test_no_warning_logging_during_successful_sessions() { CountingLogger::install(); @@ -5789,3 +5723,69 @@ fn test_client_fips_service_indicator() { fn test_server_fips_service_indicator() { assert!(!make_server_config(KeyType::Rsa).fips()); } + +#[derive(Default, Debug)] +struct LogCounts { + trace: usize, + debug: usize, + info: usize, + warn: usize, + error: usize, +} + +impl LogCounts { + fn new() -> Self { + Self { + ..Default::default() + } + } + + fn reset(&mut self) { + *self = Self::new(); + } + + fn add(&mut self, level: log::Level) { + match level { + log::Level::Trace => self.trace += 1, + log::Level::Debug => self.debug += 1, + log::Level::Info => self.info += 1, + log::Level::Warn => self.warn += 1, + log::Level::Error => self.error += 1, + } + } +} + +thread_local!(static COUNTS: RefCell = RefCell::new(LogCounts::new())); + +struct CountingLogger; + +static LOGGER: CountingLogger = CountingLogger; + +impl CountingLogger { + fn install() { + log::set_logger(&LOGGER).unwrap(); + log::set_max_level(log::LevelFilter::Trace); + } + + fn reset() { + COUNTS.with(|c| { + c.borrow_mut().reset(); + }); + } +} + +impl log::Log for CountingLogger { + fn enabled(&self, _metadata: &log::Metadata) -> bool { + true + } + + fn log(&self, record: &log::Record) { + println!("logging at {:?}: {:?}", record.level(), record.args()); + + COUNTS.with(|c| { + c.borrow_mut().add(record.level()); + }); + } + + fn flush(&self) {} +} From 07747f6c5649804a18bac65a0180d37aaf293e83 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 8 Feb 2024 15:47:03 +0000 Subject: [PATCH 0715/1145] Ensure integration tests happen for all providers --- rustls/benches/benchmarks.rs | 4 + rustls/tests/api.rs | 275 ++++++++++++++------------- rustls/tests/api_ffdhe.rs | 13 +- rustls/tests/client_cert_verifier.rs | 11 +- rustls/tests/common/mod.rs | 9 +- rustls/tests/key_log_file_env.rs | 36 ++-- rustls/tests/macros.rs | 37 ++++ rustls/tests/process_provider.rs | 7 + rustls/tests/server_cert_verifier.rs | 9 +- rustls/tests/unbuffered.rs | 11 +- 10 files changed, 249 insertions(+), 163 deletions(-) create mode 100644 rustls/tests/macros.rs diff --git a/rustls/benches/benchmarks.rs b/rustls/benches/benchmarks.rs index c0f64d8c80..27b5959322 100644 --- a/rustls/benches/benchmarks.rs +++ b/rustls/benches/benchmarks.rs @@ -1,5 +1,9 @@ +#![cfg(feature = "ring")] + use bencher::{benchmark_group, benchmark_main, Bencher}; +use rustls::crypto::ring as provider; + #[path = "../tests/common/mod.rs"] mod test_utils; use test_utils::*; diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index f1ba9da349..6411f80b45 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1,8 +1,16 @@ -#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] #![cfg_attr(read_buf, feature(read_buf))] #![cfg_attr(read_buf, feature(core_io_borrowed_buf))] + //! Assorted public API tests. + use std::cell::RefCell; + +#[macro_use] +mod macros; + +test_for_each_provider! { +use super::*; + use std::fmt; use std::fmt::Debug; use std::io::{self, IoSlice, Read, Write}; @@ -13,8 +21,6 @@ use std::sync::Arc; use std::sync::Mutex; use pki_types::{CertificateDer, IpAddr, ServerName, UnixTime}; -use provider::cipher_suite; -use provider::sign::RsaSigningKey; use rustls::client::{verify_server_cert_signed_by_trust_anchor, ResolvesClientCert, Resumption}; use rustls::crypto::CryptoProvider; use rustls::internal::msgs::base::Payload; @@ -35,7 +41,10 @@ use rustls::{ServerConfig, ServerConnection}; use rustls::{Stream, StreamOwned}; mod common; -use crate::common::*; +use common::*; + +use provider::cipher_suite; +use provider::sign::RsaSigningKey; fn alpn_test_error( server_protos: Vec>, @@ -473,8 +482,11 @@ fn server_can_get_client_cert_after_resumption() { } #[test] -#[cfg(all(feature = "ring", not(feature = "fips")))] fn test_config_builders_debug() { + if !provider_is_ring() { + return; + } + let b = ServerConfig::builder_with_provider( CryptoProvider { cipher_suites: vec![cipher_suite::TLS13_CHACHA20_POLY1305_SHA256], @@ -979,13 +991,16 @@ fn server_cert_resolve_reduces_sigalgs_for_ecdsa_ciphersuite() { check_sigalgs_reduced_by_ciphersuite( KeyType::EcdsaP256, CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - vec![ - #[cfg(any(feature = "fips", all(not(feature = "ring"), feature = "aws_lc_rs")))] + if provider_is_aws_lc_rs() { vec![ SignatureScheme::ECDSA_NISTP521_SHA512, SignatureScheme::ECDSA_NISTP384_SHA384, SignatureScheme::ECDSA_NISTP256_SHA256, SignatureScheme::ED25519, - ], + ] } else { vec![ + SignatureScheme::ECDSA_NISTP384_SHA384, + SignatureScheme::ECDSA_NISTP256_SHA256, + SignatureScheme::ED25519, + ] } ); } @@ -1322,46 +1337,13 @@ fn test_client_cert_resolve( expected_root_hint_subjects: Vec>, ) { for version in rustls::ALL_VERSIONS { - let expected_sigschemes = match version.version { - ProtocolVersion::TLSv1_2 => vec![ - #[cfg(all( - not(all(feature = "ring", not(feature = "fips"))), - feature = "aws_lc_rs" - ))] - SignatureScheme::ECDSA_NISTP521_SHA512, - SignatureScheme::ECDSA_NISTP384_SHA384, - SignatureScheme::ECDSA_NISTP256_SHA256, - SignatureScheme::ED25519, - SignatureScheme::RSA_PSS_SHA512, - SignatureScheme::RSA_PSS_SHA384, - SignatureScheme::RSA_PSS_SHA256, - SignatureScheme::RSA_PKCS1_SHA512, - SignatureScheme::RSA_PKCS1_SHA384, - SignatureScheme::RSA_PKCS1_SHA256, - ], - ProtocolVersion::TLSv1_3 => vec![ - #[cfg(all( - not(all(feature = "ring", not(feature = "fips"))), - feature = "aws_lc_rs" - ))] - SignatureScheme::ECDSA_NISTP521_SHA512, - SignatureScheme::ECDSA_NISTP384_SHA384, - SignatureScheme::ECDSA_NISTP256_SHA256, - SignatureScheme::ED25519, - SignatureScheme::RSA_PSS_SHA512, - SignatureScheme::RSA_PSS_SHA384, - SignatureScheme::RSA_PSS_SHA256, - ], - _ => unreachable!(), - }; - println!("{:?} {:?}:", version.version, key_type); let mut client_config = make_client_config_with_versions(key_type, &[version]); client_config.client_auth_cert_resolver = Arc::new(ClientCheckCertResolve::new( 1, expected_root_hint_subjects.clone(), - expected_sigschemes, + default_signature_schemes(version.version), )); let (mut client, mut server) = @@ -1374,6 +1356,35 @@ fn test_client_cert_resolve( } } +fn default_signature_schemes(version: ProtocolVersion) -> Vec { + let mut v = vec![]; + + if provider_is_aws_lc_rs() { + v.push(SignatureScheme::ECDSA_NISTP521_SHA512); + } + + v.extend_from_slice(&[ + SignatureScheme::ECDSA_NISTP384_SHA384, + SignatureScheme::ECDSA_NISTP256_SHA256, + SignatureScheme::ED25519, + SignatureScheme::RSA_PSS_SHA512, + SignatureScheme::RSA_PSS_SHA384, + SignatureScheme::RSA_PSS_SHA256, + ]); + + if version == ProtocolVersion::TLSv1_2 { + v.extend_from_slice(&[ + SignatureScheme::RSA_PKCS1_SHA512, + SignatureScheme::RSA_PKCS1_SHA384, + SignatureScheme::RSA_PKCS1_SHA256, + ]); + } + + v +} + + + #[test] fn client_cert_resolve_default() { // Test that in the default configuration that a client cert resolver gets the expected @@ -2847,60 +2858,68 @@ fn find_suite(suite: CipherSuite) -> SupportedCipherSuite { panic!("find_suite given unsupported suite"); } -static TEST_CIPHERSUITES: &[(&rustls::SupportedProtocolVersion, KeyType, CipherSuite)] = &[ - #[cfg(not(feature = "fips"))] - ( - &rustls::version::TLS13, - KeyType::Rsa, - CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, - ), - ( - &rustls::version::TLS13, - KeyType::Rsa, - CipherSuite::TLS13_AES_256_GCM_SHA384, - ), - ( - &rustls::version::TLS13, - KeyType::Rsa, - CipherSuite::TLS13_AES_128_GCM_SHA256, - ), - #[cfg(all(feature = "tls12", not(feature = "fips")))] - ( - &rustls::version::TLS12, - KeyType::EcdsaP256, - CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - ), - #[cfg(all(feature = "tls12", not(feature = "fips")))] - ( - &rustls::version::TLS12, - KeyType::Rsa, - CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - ), - #[cfg(feature = "tls12")] - ( - &rustls::version::TLS12, - KeyType::EcdsaP384, - CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - ), - #[cfg(feature = "tls12")] - ( - &rustls::version::TLS12, - KeyType::EcdsaP384, - CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - ), - #[cfg(feature = "tls12")] - ( - &rustls::version::TLS12, - KeyType::Rsa, - CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - ), - #[cfg(feature = "tls12")] - ( - &rustls::version::TLS12, - KeyType::Rsa, - CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - ), -]; +fn test_ciphersuites() -> Vec<(&'static rustls::SupportedProtocolVersion, KeyType, CipherSuite)> { + let mut v = vec![ + ( + &rustls::version::TLS13, + KeyType::Rsa, + CipherSuite::TLS13_AES_256_GCM_SHA384, + ), + ( + &rustls::version::TLS13, + KeyType::Rsa, + CipherSuite::TLS13_AES_128_GCM_SHA256, + ), + #[cfg(feature = "tls12")] + ( + &rustls::version::TLS12, + KeyType::EcdsaP384, + CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + ), + #[cfg(feature = "tls12")] + ( + &rustls::version::TLS12, + KeyType::EcdsaP384, + CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + ), + #[cfg(feature = "tls12")] + ( + &rustls::version::TLS12, + KeyType::Rsa, + CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + ), + #[cfg(feature = "tls12")] + ( + &rustls::version::TLS12, + KeyType::Rsa, + CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + ), + ]; + + if !provider_is_fips() { + v.extend_from_slice(&[ + ( + &rustls::version::TLS13, + KeyType::Rsa, + CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, + ), + #[cfg(feature = "tls12")] + ( + &rustls::version::TLS12, + KeyType::EcdsaP256, + CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + ), + #[cfg(feature = "tls12")] + ( + &rustls::version::TLS12, + KeyType::Rsa, + CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + ), + ]); + } + + v +} #[test] fn negotiated_ciphersuite_default() { @@ -2918,14 +2937,13 @@ fn negotiated_ciphersuite_default() { fn all_suites_covered() { assert_eq!( provider::DEFAULT_CIPHER_SUITES.len(), - TEST_CIPHERSUITES.len() + test_ciphersuites().len() ); } #[test] fn negotiated_ciphersuite_client() { - for item in TEST_CIPHERSUITES { - let (version, kt, suite) = *item; + for (version, kt, suite) in test_ciphersuites() { let scs = find_suite(suite); let client_config = finish_client_config( kt, @@ -2946,8 +2964,7 @@ fn negotiated_ciphersuite_client() { #[test] fn negotiated_ciphersuite_server() { - for item in TEST_CIPHERSUITES { - let (version, kt, suite) = *item; + for (version, kt, suite) in test_ciphersuites() { let scs = find_suite(suite); let server_config = finish_server_config( kt, @@ -5023,7 +5040,7 @@ fn test_client_rejects_illegal_tls13_ccs() { fn test_client_rejects_no_extended_master_secret_extension_when_require_ems_or_fips() { let key_type = KeyType::Rsa; let mut client_config = make_client_config(key_type); - if cfg!(feature = "fips") { + if provider_is_fips() { assert!(client_config.require_ems); } else { client_config.require_ems = true; @@ -5055,7 +5072,7 @@ fn test_server_rejects_no_extended_master_secret_extension_when_require_ems_or_f key_type, server_config_builder_with_versions(&[&rustls::version::TLS12]), ); - if cfg!(feature = "fips") { + if provider_is_fips() { assert!(server_config.require_ems); } else { server_config.require_ems = true; @@ -5670,59 +5687,47 @@ fn test_client_removes_tls12_session_if_server_sends_undecryptable_first_message )); } -#[cfg(all(feature = "ring", not(feature = "fips")))] -#[test] -fn test_client_fips_service_indicator() { - assert!(!make_client_config(KeyType::Rsa).fips()); -} - -#[cfg(all(feature = "ring", not(feature = "fips")))] -#[test] -fn test_server_fips_service_indicator() { - assert!(!make_server_config(KeyType::Rsa).fips()); -} - -#[cfg(feature = "fips")] #[test] fn test_client_fips_service_indicator() { - assert!(make_client_config(KeyType::Rsa).fips()); + assert_eq!( + make_client_config(KeyType::Rsa).fips(), + provider_is_fips(), + ); } -#[cfg(feature = "fips")] #[test] fn test_server_fips_service_indicator() { - assert!(make_server_config(KeyType::Rsa).fips()); + assert_eq!( + make_server_config(KeyType::Rsa).fips(), + provider_is_fips(), + ); } -#[cfg(feature = "fips")] #[test] fn test_client_fips_service_indicator_includes_require_ems() { + if !provider_is_fips() { + return; + } + let mut client_config = make_client_config(KeyType::Rsa); assert!(client_config.fips()); client_config.require_ems = false; assert!(!client_config.fips()); } -#[cfg(feature = "fips")] #[test] fn test_server_fips_service_indicator_includes_require_ems() { + if !provider_is_fips() { + return; + } + let mut server_config = make_server_config(KeyType::Rsa); assert!(server_config.fips()); server_config.require_ems = false; assert!(!server_config.fips()); } -#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs", not(feature = "fips")))] -#[test] -fn test_client_fips_service_indicator() { - assert!(!make_client_config(KeyType::Rsa).fips()); -} - -#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs", not(feature = "fips")))] -#[test] -fn test_server_fips_service_indicator() { - assert!(!make_server_config(KeyType::Rsa).fips()); -} +} // test_for_each_provider! #[derive(Default, Debug)] struct LogCounts { @@ -5755,15 +5760,19 @@ impl LogCounts { } } +// this must be outside test_for_each_provider!, as we want +// one thread_local!, not one per provider. thread_local!(static COUNTS: RefCell = RefCell::new(LogCounts::new())); struct CountingLogger; +#[allow(dead_code)] static LOGGER: CountingLogger = CountingLogger; +#[allow(dead_code)] impl CountingLogger { fn install() { - log::set_logger(&LOGGER).unwrap(); + let _ = log::set_logger(&LOGGER); log::set_max_level(log::LevelFilter::Trace); } diff --git a/rustls/tests/api_ffdhe.rs b/rustls/tests/api_ffdhe.rs index a24f9f8ed8..4731d3469b 100644 --- a/rustls/tests/api_ffdhe.rs +++ b/rustls/tests/api_ffdhe.rs @@ -1,9 +1,14 @@ #![cfg(feature = "tls12")] -#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] + //! This file contains tests that use the test-only FFDHE KX group (defined in submodule `ffdhe`) +#[macro_use] +mod macros; + +test_for_each_provider! { + mod common; -use crate::common::*; +use common::*; use rustls::crypto::CryptoProvider; use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; @@ -315,7 +320,7 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { } mod ffdhe { - use crate::common::provider; + use super::provider; use num_bigint::BigUint; use rustls::crypto::{ ActiveKeyExchange, CipherSuiteCommon, CryptoProvider, KeyExchangeAlgorithm, SharedSecret, @@ -426,3 +431,5 @@ mod ffdhe { bytes } } + +} // test_for_each_provider! diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index fc0152ea7c..59027fa514 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -1,15 +1,18 @@ //! Tests for configuring and using a [`ClientCertVerifier`] for a server. -#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] +#[macro_use] +mod macros; -mod common; +test_for_each_provider! { -use crate::common::{ +mod common; +use common::{ do_handshake_until_both_error, do_handshake_until_error, get_client_root_store, make_client_config_with_versions, make_client_config_with_versions_with_auth, make_pair_for_arc_configs, server_config_builder, server_name, webpki_client_verifier_builder, ErrorFromPeer, KeyType, ALL_KEY_TYPES, }; + use rustls::client::danger::HandshakeSignatureValid; use rustls::internal::msgs::handshake::DistinguishedName; use rustls::server::danger::{ClientCertVerified, ClientCertVerifier}; @@ -207,3 +210,5 @@ impl ClientCertVerifier for MockClientVerifier { } } } + +} // test_for_each_provider! diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 670327dea1..1bc8719c74 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -1,5 +1,5 @@ #![allow(dead_code)] -#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] +#![allow(clippy::duplicate_mod)] use std::io; use std::ops::{Deref, DerefMut}; @@ -9,6 +9,7 @@ use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, Ser use webpki::anchor_from_trusted_cert; use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier}; +use rustls::crypto::CryptoProvider; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage}; use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier}; @@ -19,11 +20,7 @@ use rustls::{ClientConfig, ClientConnection}; use rustls::{ConnectionCommon, ServerConfig, ServerConnection, SideData}; use rustls::{ProtocolVersion, SupportedCipherSuite}; -#[cfg(all(any(not(feature = "ring"), feature = "fips"), feature = "aws_lc_rs"))] -pub use rustls::crypto::aws_lc_rs as provider; -#[cfg(all(feature = "ring", not(feature = "fips")))] -pub use rustls::crypto::ring as provider; -use rustls::crypto::CryptoProvider; +use super::provider; macro_rules! embed_files { ( diff --git a/rustls/tests/key_log_file_env.rs b/rustls/tests/key_log_file_env.rs index d23b41b7a5..831a1e7c71 100644 --- a/rustls/tests/key_log_file_env.rs +++ b/rustls/tests/key_log_file_env.rs @@ -1,5 +1,3 @@ -#![cfg(feature = "ring")] - //! Tests of [`rustls::KeyLogFile`] that require us to set environment variables. //! //! vvvv @@ -23,24 +21,20 @@ //! file was created successfully, with the right permissions, etc., and that it //! contains something like what we expect. -#[allow(dead_code)] -mod common; - -use crate::common::{ - do_handshake, make_client_config_with_versions, make_pair_for_arc_configs, make_server_config, - transfer, KeyType, -}; use std::{ env, - io::Write, - sync::{Arc, Mutex, Once}, + sync::{Mutex, Once}, }; +#[macro_use] +mod macros; + /// Approximates `#[serial]` from the `serial_test` crate. /// /// No attempt is made to recover from a poisoned mutex, which will /// happen when `f` panics. In other words, all the tests that use /// `serialized` will start failing after one test panics. +#[allow(dead_code)] fn serialized(f: impl FnOnce()) { // Ensure every test is run serialized // TODO: Use `std::sync::Lazy` once that is stable. @@ -59,9 +53,23 @@ fn serialized(f: impl FnOnce()) { f() } +test_for_each_provider! { + +use super::*; + +use std::sync::Arc; +use std::io::Write; + +mod common; +use common::{ + do_handshake, make_client_config_with_versions, make_pair_for_arc_configs, make_server_config, + transfer, KeyType, +}; + + #[test] fn exercise_key_log_file_for_client() { - serialized(|| { + super::serialized(|| { let server_config = Arc::new(make_server_config(KeyType::Rsa)); env::set_var("SSLKEYLOGFILE", "./sslkeylogfile.txt"); @@ -83,7 +91,7 @@ fn exercise_key_log_file_for_client() { #[test] fn exercise_key_log_file_for_server() { - serialized(|| { + super::serialized(|| { let mut server_config = make_server_config(KeyType::Rsa); env::set_var("SSLKEYLOGFILE", "./sslkeylogfile.txt"); @@ -104,3 +112,5 @@ fn exercise_key_log_file_for_server() { } }) } + +} // test_for_each_provider! diff --git a/rustls/tests/macros.rs b/rustls/tests/macros.rs new file mode 100644 index 0000000000..beaf0cef93 --- /dev/null +++ b/rustls/tests/macros.rs @@ -0,0 +1,37 @@ +/// Instantiate the given test functions once for each built-in provider. +/// +/// The selected provider module is bound as `provider`; you can rely on this +/// having the union of the public items common to the `rustls::crypto::ring` +/// and `rustls::crypto::aws_lc_rs` modules. +#[allow(unused_macros)] +macro_rules! test_for_each_provider { + ($($tt:tt)+) => { + #[cfg(feature = "ring")] + #[path = "."] + mod test_with_ring { + #[allow(unused_imports)] + use rustls::crypto::ring as provider; + #[allow(dead_code)] + const fn provider_is_aws_lc_rs() -> bool { false } + #[allow(dead_code)] + const fn provider_is_ring() -> bool { true } + #[allow(dead_code)] + const fn provider_is_fips() -> bool { false } + $($tt)+ + } + + #[cfg(feature = "aws_lc_rs")] + #[path = "."] + mod test_with_aws_lc_rs { + #[allow(unused_imports)] + use rustls::crypto::aws_lc_rs as provider; + #[allow(dead_code)] + const fn provider_is_aws_lc_rs() -> bool { true } + #[allow(dead_code)] + const fn provider_is_ring() -> bool { false } + #[allow(dead_code)] + const fn provider_is_fips() -> bool { cfg!(feature = "fips") } + $($tt)+ + } + }; +} diff --git a/rustls/tests/process_provider.rs b/rustls/tests/process_provider.rs index 074921653a..ef93a2968d 100644 --- a/rustls/tests/process_provider.rs +++ b/rustls/tests/process_provider.rs @@ -7,6 +7,13 @@ use rustls::crypto::CryptoProvider; use rustls::ClientConfig; +#[cfg(all(feature = "aws_lc_rs", not(feature = "ring")))] +use rustls::crypto::aws_lc_rs as provider; +#[cfg(all(feature = "ring", not(feature = "aws_lc_rs")))] +use rustls::crypto::ring as provider; +#[cfg(all(feature = "ring", feature = "aws_lc_rs"))] +use rustls::crypto::ring as provider; + mod common; use crate::common::*; diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index eb12ee8087..63bc67a6de 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -1,9 +1,12 @@ //! Tests for configuring and using a [`ServerCertVerifier`] for a client. -#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] +#[macro_use] +mod macros; + +test_for_each_provider! { mod common; -use crate::common::{ +use common::{ do_handshake, do_handshake_until_both_error, make_client_config_with_versions, make_pair_for_arc_configs, make_server_config, ErrorFromPeer, ALL_KEY_TYPES, }; @@ -275,3 +278,5 @@ impl Default for MockServerVerifier { } } } + +} // test_for_each_provider! diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 884240fb7b..1e0e4c1cc1 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -1,4 +1,8 @@ -#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] +#[macro_use] +mod macros; + +test_for_each_provider! { + use std::num::NonZeroUsize; use std::sync::Arc; @@ -11,9 +15,8 @@ use rustls::unbuffered::{ use rustls::version::TLS13; use rustls::{ClientConfig, ServerConfig}; -use crate::common::*; - mod common; +use common::*; const MAX_ITERATIONS: usize = 100; @@ -875,3 +878,5 @@ fn server_receives_incorrect_first_handshake_message() { _ => panic!("unexpected alert sending state"), }; } + +} // test_for_each_provider! From 95067cb3338a3a71c0c178a05de7a9d7f1d0aa00 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 9 Feb 2024 18:20:21 +0000 Subject: [PATCH 0716/1145] provide codecov token for coverage job --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8cba50b2e8..358e259a3e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -266,6 +266,7 @@ jobs: uses: codecov/codecov-action@v4 with: file: final.info + token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: false From fdeff32eb866dcb2d0525bc6d337c4716e0c8524 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 12 Feb 2024 10:11:10 +0100 Subject: [PATCH 0717/1145] openssl-tests: bump asn1 to 0.16 --- Cargo.lock | 8 ++++---- openssl-tests/Cargo.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4249f78059..e7a9ba4b91 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -117,18 +117,18 @@ checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca" [[package]] name = "asn1" -version = "0.15.5" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae3ecbce89a22627b5e8e6e11d69715617138290289e385cde773b1fe50befdb" +checksum = "a227d599843d72985b747c71958d16d670a6e6bc06fadf064570cae70c11fd0a" dependencies = [ "asn1_derive", ] [[package]] name = "asn1_derive" -version = "0.15.5" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "861af988fac460ac69a09f41e6217a8fb9178797b76fcc9478444be6a59be19c" +checksum = "87132221a3cb3794c8def2208c723276686e0cd771541deb7768905ce13dc603" dependencies = [ "proc-macro2", "quote", diff --git a/openssl-tests/Cargo.toml b/openssl-tests/Cargo.toml index bd5c7b9503..bca0f11877 100644 --- a/openssl-tests/Cargo.toml +++ b/openssl-tests/Cargo.toml @@ -7,7 +7,7 @@ publish = false version = "0.0.1" [dependencies] -asn1 = "0.15" +asn1 = "0.16" base64 = "0.21" num-bigint = "0.4.4" once_cell = "1.19" From c469593c9015965435c934bf77622cc857c68d87 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Mon, 12 Feb 2024 10:15:29 +0100 Subject: [PATCH 0718/1145] Update semver-compatible dependencies --- Cargo.lock | 96 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 61 insertions(+), 35 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e7a9ba4b91..9dc52d62d2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -158,13 +158,13 @@ dependencies = [ [[package]] name = "async-channel" -version = "2.1.1" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ca33f4bc4ed1babef42cad36cc1f51fa88be00420404e5b1e80ab1b18f7678c" +checksum = "f28243a43d821d11341ab73c80bed182dc015c514b951616cf79bd4af39af0c3" dependencies = [ "concurrent-queue", - "event-listener 4.0.3", - "event-listener-strategy", + "event-listener 5.0.0", + "event-listener-strategy 0.5.0", "futures-core", "pin-project-lite", ] @@ -189,7 +189,7 @@ version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "05b1b633a2115cd122d73b955eadd9916c18c8f510ec9cd1686404c60ad1c29c" dependencies = [ - "async-channel 2.1.1", + "async-channel 2.2.0", "async-executor", "async-io 2.3.1", "async-lock 3.3.0", @@ -253,7 +253,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d034b430882f8381900d3fe6f0aaa3ad94f2cb4ac519b429692a1bc2dda4ae7b" dependencies = [ "event-listener 4.0.3", - "event-listener-strategy", + "event-listener-strategy 0.4.0", "pin-project-lite", ] @@ -443,7 +443,7 @@ version = "1.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a37913e8dc4ddcc604f0c6d3bf2887c995153af3611de9e23c352b44c1b9118" dependencies = [ - "async-channel 2.1.1", + "async-channel 2.2.0", "async-lock 3.3.0", "async-task", "fastrand 2.0.1", @@ -543,9 +543,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.4.18" +version = "4.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e578d6ec4194633722ccf9544794b71b1385c3c027efe0c55db226fc880865c" +checksum = "80c21025abd42669a92efc996ef13cfb2c5c627858421ea58d5c3b331a6c134f" dependencies = [ "clap_builder", "clap_derive", @@ -553,21 +553,21 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.4.18" +version = "4.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4df4df40ec50c46000231c914968278b1eb05098cf8f1b3a518a95030e71d1c7" +checksum = "458bf1f341769dfcf849846f65dffdf9146daa56bcd2a47cb4e1de9915567c99" dependencies = [ "anstream", "anstyle", "clap_lex", - "strsim", + "strsim 0.11.0", ] [[package]] name = "clap_derive" -version = "4.4.7" +version = "4.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf9804afaaf59a91e75b022a30fb7229a7901f60c755489cc61c9b423b836442" +checksum = "307bc0538d5f0f83b8248db3087aa92fe504e4691294d0c96c0eabc33f47ba47" dependencies = [ "heck", "proc-macro2", @@ -577,9 +577,9 @@ dependencies = [ [[package]] name = "clap_lex" -version = "0.6.0" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1" +checksum = "98cc8fbded0c607b7ba9dd60cd98df59af97e84d24e49c8557331cfc26d301ce" [[package]] name = "cmake" @@ -749,7 +749,7 @@ dependencies = [ "lazy_static", "regex", "serde", - "strsim", + "strsim 0.10.0", ] [[package]] @@ -774,9 +774,9 @@ dependencies = [ [[package]] name = "either" -version = "1.9.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" +checksum = "11157ac094ffbdde99aa67b23417ebdd801842852b500e395a45a9c0aac03e4a" [[package]] name = "elliptic-curve" @@ -856,6 +856,17 @@ dependencies = [ "pin-project-lite", ] +[[package]] +name = "event-listener" +version = "5.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b72557800024fabbaa2449dd4bf24e37b93702d457a4d4f2b0dd1f0f039f20c1" +dependencies = [ + "concurrent-queue", + "parking", + "pin-project-lite", +] + [[package]] name = "event-listener-strategy" version = "0.4.0" @@ -866,6 +877,16 @@ dependencies = [ "pin-project-lite", ] +[[package]] +name = "event-listener-strategy" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "feedafcaa9b749175d5ac357452a9d41ea2911da598fde46ce1fe02c37751291" +dependencies = [ + "event-listener 5.0.0", + "pin-project-lite", +] + [[package]] name = "fastrand" version = "1.9.0" @@ -1296,9 +1317,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.2.2" +version = "2.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "824b2ae422412366ba479e8111fd301f7b5faece8149317bb81925979a53f520" +checksum = "233cf39063f058ea2caae4091bf4a3ef70a653afbc026f5c4a4135d114e3c177" dependencies = [ "equivalent", "hashbrown", @@ -1353,12 +1374,12 @@ checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3" [[package]] name = "is-terminal" -version = "0.4.10" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bad00257d07be169d870ab665980b06cdb366d792ad690bf2e76876dc503455" +checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" dependencies = [ "hermit-abi", - "rustix 0.38.31", + "libc", "windows-sys 0.52.0", ] @@ -1569,19 +1590,18 @@ checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" [[package]] name = "num-integer" -version = "0.1.45" +version = "0.1.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" dependencies = [ - "autocfg", "num-traits", ] [[package]] name = "num-iter" -version = "0.1.43" +version = "0.1.44" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252" +checksum = "d869c01cc0c455284163fd0092f1f93835385ccab5a98a0dcc497b2f8bf055a9" dependencies = [ "autocfg", "num-integer", @@ -1590,9 +1610,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.17" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" +checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" dependencies = [ "autocfg", "libm", @@ -2444,6 +2464,12 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +[[package]] +name = "strsim" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ee073c9e4cd00e28217186dbe12796d692868f432bf2e97ee73bed0c56dfa01" + [[package]] name = "subtle" version = "2.5.0" @@ -2483,18 +2509,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.56" +version = "1.0.57" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d54378c645627613241d077a3a79db965db602882668f9136ac42af9ecb730ad" +checksum = "1e45bcbe8ed29775f228095caf2cd67af7a4ccf756ebff23a306bf3e8b47b24b" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.56" +version = "1.0.57" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471" +checksum = "a953cb265bef375dae3de6663da4d3804eee9682ea80d8e2542529b73c531c81" dependencies = [ "proc-macro2", "quote", From abbc1bb501213a0020c5aa9f84916df8745975b1 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 9 Feb 2024 13:18:01 +0000 Subject: [PATCH 0719/1145] examples: take provider references through alias --- examples/src/bin/limitedclient.rs | 8 ++++---- examples/src/bin/tlsclient-mio.rs | 10 +++++----- examples/src/bin/tlsserver-mio.rs | 10 +++++----- openssl-tests/src/ffdhe.rs | 13 +++++++------ openssl-tests/src/ffdhe_kx_with_openssl.rs | 7 +++---- 5 files changed, 24 insertions(+), 24 deletions(-) diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index 92e5a4ec5f..d36b1a0789 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -2,7 +2,7 @@ //! so that unused cryptography in rustls can be discarded by the linker. You can //! observe using `nm` that the binary of this program does not contain any AES code. -use rustls::crypto::{ring, CryptoProvider}; +use rustls::crypto::{ring as provider, CryptoProvider}; use std::io::{stdout, Read, Write}; use std::net::TcpStream; use std::sync::Arc; @@ -16,9 +16,9 @@ fn main() { let config = rustls::ClientConfig::builder_with_provider( CryptoProvider { - cipher_suites: vec![ring::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256], - kx_groups: vec![ring::kx_group::X25519], - ..ring::default_provider() + cipher_suites: vec![provider::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256], + kx_groups: vec![provider::kx_group::X25519], + ..provider::default_provider() } .into(), ) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 730d6da5ee..7267bfe45f 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -28,7 +28,7 @@ use docopt::Docopt; use mio::net::TcpStream; use serde::Deserialize; -use rustls::crypto::CryptoProvider; +use rustls::crypto::{ring as provider, CryptoProvider}; use rustls::pki_types::{CertificateDer, PrivateKeyDer, ServerName}; use rustls::RootCertStore; @@ -258,7 +258,7 @@ struct Args { /// Find a ciphersuite with the given name fn find_suite(name: &str) -> Option { - for suite in rustls::crypto::ring::ALL_CIPHER_SUITES { + for suite in provider::ALL_CIPHER_SUITES { let sname = format!("{:?}", suite.suite()).to_lowercase(); if sname == name.to_string().to_lowercase() { @@ -417,7 +417,7 @@ fn make_config(args: &Args) -> Arc { let suites = if !args.flag_suite.is_empty() { lookup_suites(&args.flag_suite) } else { - rustls::crypto::ring::DEFAULT_CIPHER_SUITES.to_vec() + provider::DEFAULT_CIPHER_SUITES.to_vec() }; let versions = if !args.flag_protover.is_empty() { @@ -429,7 +429,7 @@ fn make_config(args: &Args) -> Arc { let config = rustls::ClientConfig::builder_with_provider( CryptoProvider { cipher_suites: suites, - ..rustls::crypto::ring::default_provider() + ..provider::default_provider() } .into(), ) @@ -474,7 +474,7 @@ fn make_config(args: &Args) -> Arc { config .dangerous() .set_certificate_verifier(Arc::new(danger::NoCertificateVerification::new( - rustls::crypto::ring::default_provider(), + provider::default_provider(), ))); } diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index b1b728f140..553f870be1 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -29,7 +29,7 @@ use log::{debug, error}; use mio::net::{TcpListener, TcpStream}; use serde::Deserialize; -use rustls::crypto::{ring, CryptoProvider}; +use rustls::crypto::{ring as provider, CryptoProvider}; use rustls::pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use rustls::server::WebPkiClientVerifier; use rustls::{self, RootCertStore}; @@ -479,7 +479,7 @@ struct Args { } fn find_suite(name: &str) -> Option { - for suite in rustls::crypto::ring::ALL_CIPHER_SUITES { + for suite in provider::ALL_CIPHER_SUITES { let sname = format!("{:?}", suite.suite()).to_lowercase(); if sname == name.to_string().to_lowercase() { @@ -605,7 +605,7 @@ fn make_config(args: &Args) -> Arc { let suites = if !args.flag_suite.is_empty() { lookup_suites(&args.flag_suite) } else { - rustls::crypto::ring::ALL_CIPHER_SUITES.to_vec() + provider::ALL_CIPHER_SUITES.to_vec() }; let versions = if !args.flag_protover.is_empty() { @@ -629,7 +629,7 @@ fn make_config(args: &Args) -> Arc { let mut config = rustls::ServerConfig::builder_with_provider( CryptoProvider { cipher_suites: suites, - ..ring::default_provider() + ..provider::default_provider() } .into(), ) @@ -646,7 +646,7 @@ fn make_config(args: &Args) -> Arc { } if args.flag_tickets { - config.ticketer = rustls::crypto::ring::Ticketer::new().unwrap(); + config.ticketer = provider::Ticketer::new().unwrap(); } config.alpn_protocols = args diff --git a/openssl-tests/src/ffdhe.rs b/openssl-tests/src/ffdhe.rs index dae7cbeab1..4ab51890dc 100644 --- a/openssl-tests/src/ffdhe.rs +++ b/openssl-tests/src/ffdhe.rs @@ -1,6 +1,7 @@ use num_bigint::BigUint; use rustls::crypto::{ - ActiveKeyExchange, CipherSuiteCommon, KeyExchangeAlgorithm, SharedSecret, SupportedKxGroup, + ring as provider, ActiveKeyExchange, CipherSuiteCommon, KeyExchangeAlgorithm, SharedSecret, + SupportedKxGroup, }; use rustls::ffdhe_groups::FfdheGroup; use rustls::{CipherSuite, NamedGroup, SupportedCipherSuite, Tls12CipherSuite}; @@ -15,7 +16,7 @@ pub struct FfdheKxGroup(pub NamedGroup); impl SupportedKxGroup for FfdheKxGroup { fn start(&self) -> Result, rustls::Error> { let mut x = vec![0; 64]; - rustls::crypto::ring::default_provider() + provider::default_provider() .secure_random .fill(&mut x)?; let x = BigUint::from_bytes_be(&x); @@ -42,14 +43,14 @@ impl SupportedKxGroup for FfdheKxGroup { } static TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256: Tls12CipherSuite = - match &rustls::crypto::ring::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 { - SupportedCipherSuite::Tls12(provider) => Tls12CipherSuite { + match &provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 { + SupportedCipherSuite::Tls12(original) => Tls12CipherSuite { common: CipherSuiteCommon { suite: CipherSuite::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, - ..provider.common + ..original.common }, kx: KeyExchangeAlgorithm::DHE, - ..**provider + ..**original }, _ => unreachable!(), }; diff --git a/openssl-tests/src/ffdhe_kx_with_openssl.rs b/openssl-tests/src/ffdhe_kx_with_openssl.rs index 581448418b..c8441bc8be 100644 --- a/openssl-tests/src/ffdhe_kx_with_openssl.rs +++ b/openssl-tests/src/ffdhe_kx_with_openssl.rs @@ -4,8 +4,7 @@ use std::net::{TcpListener, TcpStream}; use std::sync::Arc; use std::{str, thread}; -use rustls::crypto::ring::default_provider; -use rustls::crypto::CryptoProvider; +use rustls::crypto::{ring as provider, CryptoProvider}; use rustls::version::{TLS12, TLS13}; use rustls::{ClientConfig, RootCertStore, ServerConfig, SupportedProtocolVersion}; use rustls_pemfile::Item; @@ -211,10 +210,10 @@ fn ffdhe_provider() -> CryptoProvider { CryptoProvider { cipher_suites: vec![ ffdhe::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, - rustls::crypto::ring::cipher_suite::TLS13_AES_128_GCM_SHA256, + provider::cipher_suite::TLS13_AES_128_GCM_SHA256, ], kx_groups: vec![&FfdheKxGroup(rustls::NamedGroup::FFDHE2048)], - ..default_provider() + ..provider::default_provider() } } From 7415b5ff3d60a988a407b4e09680a06d4c17e837 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 9 Feb 2024 13:21:30 +0000 Subject: [PATCH 0720/1145] Change crate default provider to aws-lc-rs --- README.md | 27 +- examples/src/bin/limitedclient.rs | 2 +- examples/src/bin/tlsclient-mio.rs | 2 +- examples/src/bin/tlsserver-mio.rs | 2 +- fuzz/Cargo.lock | 405 ++++++++++++++++++++- openssl-tests/src/ffdhe.rs | 4 +- openssl-tests/src/ffdhe_kx_with_openssl.rs | 2 +- rustls/Cargo.toml | 2 +- rustls/src/builder.rs | 20 +- rustls/src/crypto/mod.rs | 14 +- rustls/src/lib.rs | 54 +-- rustls/src/server/server_conn.rs | 2 +- 12 files changed, 462 insertions(+), 74 deletions(-) diff --git a/README.md b/README.md index 6ead0283bd..84e989c991 100644 --- a/README.md +++ b/README.md @@ -86,13 +86,12 @@ need them. ### Platform support -While Rustls itself is platform independent, by default it uses [`ring`] for implementing -the cryptography in TLS. As a result, rustls only runs on platforms -supported by `ring`. At the time of writing, this means 32-bit ARM, Aarch64 (64-bit ARM), -x86, x86-64, LoongArch64, 32-bit & 64-bit Little Endian MIPS, 32-bit PowerPC (Big Endian), -64-bit PowerPC (Big and Little Endian), 64-bit RISC-V, and s390x. We do not presently -support WebAssembly. -For more information, see [the supported `ring` target platforms][ring-target-platforms]. +While Rustls itself is platform independent, by default it uses [`aws-lc-rs`] for implementing +the cryptography in TLS. See [the aws-lc-rs FAQ][aws-lc-rs-platforms-faq] for more details of the +platform/architecture support constraints in aws-lc-rs. + +[`ring`] is also available via the `ring` crate feature: see +[the supported `ring` target platforms][ring-target-platforms]. By providing a custom instance of the [`crypto::CryptoProvider`] struct, you can replace all cryptography dependencies of rustls. This is a route to being portable @@ -100,19 +99,21 @@ to a wider set of architectures and environments, or compliance requirements. S [`crypto::CryptoProvider`] documentation for more details. Specifying `default-features = false` when depending on rustls will remove the -dependency on *ring*. +dependency on aws-lc-rs. Rustls requires Rust 1.61 or later. [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 [`crypto::CryptoProvider`]: https://docs.rs/rustls/latest/rustls/crypto/trait.CryptoProvider.html [`ring`]: https://crates.io/crates/ring +[aws-lc-rs-platforms-faq]: https://aws.github.io/aws-lc-rs/faq.html#can-i-run-aws-lc-rs-on-x-platform-or-architecture +[`aws-lc-rs`]: https://crates.io/crates/aws-lc-rs ### Cryptography providers Since Rustls 0.22 it has been possible to choose the provider of the cryptographic primitives that Rustls uses. This may be appealing if you have specific platform, compliance or feature -requirements that aren't met by the default provider, [`ring`]. +requirements that aren't met by the default provider, [`aws-lc-rs`]. Users that wish to customize the provider in use can do so when constructing `ClientConfig` and `ServerConfig` instances using the `with_crypto_provider` method on the respective config @@ -122,11 +123,11 @@ builder types. See the [`crypto::CryptoProvider`] documentation for more details Rustls ships with two built-in providers controlled with associated feature flags: -* [`ring`] - enabled by default, available with the `ring` feature flag enabled. This -provider is used by default when an explicit provider is not specified. -* [`aws-lc-rs`] - available with the `aws_lc_rs` feature flag enabled. +* [`aws-lc-rs`] - enabled by default, available with the `aws_lc_rs` feature flag enabled. +* [`ring`] - available with the `ring` feature flag enabled. -[`aws-lc-rs`]: https://github.com/aws/aws-lc-rs +See the documentation for [`crypto::CryptoProvider`] for details on how providers are +selected. #### Third-party providers diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index d36b1a0789..abe85cbde3 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -2,7 +2,7 @@ //! so that unused cryptography in rustls can be discarded by the linker. You can //! observe using `nm` that the binary of this program does not contain any AES code. -use rustls::crypto::{ring as provider, CryptoProvider}; +use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use std::io::{stdout, Read, Write}; use std::net::TcpStream; use std::sync::Arc; diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 7267bfe45f..481af79bc7 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -28,7 +28,7 @@ use docopt::Docopt; use mio::net::TcpStream; use serde::Deserialize; -use rustls::crypto::{ring as provider, CryptoProvider}; +use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use rustls::pki_types::{CertificateDer, PrivateKeyDer, ServerName}; use rustls::RootCertStore; diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 553f870be1..6ee3bba450 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -29,7 +29,7 @@ use log::{debug, error}; use mio::net::{TcpListener, TcpStream}; use serde::Deserialize; -use rustls::crypto::{ring as provider, CryptoProvider}; +use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use rustls::pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use rustls::server::WebPkiClientVerifier; use rustls::{self, RootCertStore}; diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 77f9ac26c7..83ea046f94 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -2,12 +2,76 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "aho-corasick" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" +dependencies = [ + "memchr", +] + [[package]] name = "arbitrary" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64cf76cb6e2222ed0ea86b2b0ee2f71c96ec6edd5af42e84d59160e91b836ec4" +[[package]] +name = "aws-lc-rs" +version = "1.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb94ba389c4c48d9dc1983f8653cb92f7d9fc50b261e0501be2b7a636cbcbc4a" +dependencies = [ + "aws-lc-sys", + "mirai-annotations", + "paste", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6e564487156f6ea22217c06263abd92ee65e4d9ff3dbc1f99f703f060f94715" +dependencies = [ + "bindgen", + "cmake", + "dunce", + "fs_extra", + "libc", + "paste", +] + +[[package]] +name = "bindgen" +version = "0.69.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "itertools", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn", + "which", +] + +[[package]] +name = "bitflags" +version = "2.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" + [[package]] name = "cc" version = "1.0.83" @@ -17,12 +81,69 @@ dependencies = [ "libc", ] +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + [[package]] name = "cfg-if" version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "clang-sys" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "cmake" +version = "0.1.50" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130" +dependencies = [ + "cc", +] + +[[package]] +name = "dunce" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" + +[[package]] +name = "either" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" + +[[package]] +name = "errno" +version = "0.3.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +dependencies = [ + "libc", + "windows-sys 0.52.0", +] + +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + [[package]] name = "getrandom" version = "0.2.12" @@ -34,6 +155,42 @@ dependencies = [ "wasi", ] +[[package]] +name = "glob" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" + +[[package]] +name = "home" +version = "0.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" +dependencies = [ + "windows-sys 0.52.0", +] + +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + [[package]] name = "libc" version = "0.2.153" @@ -49,18 +206,125 @@ dependencies = [ "cc", ] +[[package]] +name = "libloading" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c571b676ddfc9a8c12f1f3d3085a7b163966a8fd8098a90640953ce5f6170161" +dependencies = [ + "cfg-if", + "windows-sys 0.48.0", +] + +[[package]] +name = "linux-raw-sys" +version = "0.4.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" + [[package]] name = "log" version = "0.4.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +[[package]] +name = "memchr" +version = "2.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "mirai-annotations" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1" + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + [[package]] name = "once_cell" version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" +[[package]] +name = "paste" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" + +[[package]] +name = "prettyplease" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a41cf62165e97c7f814d2221421dbb9afcbcdb0a88068e5ea206e19951c2cbb5" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "proc-macro2" +version = "1.0.78" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "regex" +version = "1.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b62dbe01f0b06f9d8dc7d49e05a0785f153b00b2c227856282f671e0318c9b15" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5bb987efffd3c6d0d8f5f89510bb458559eab11e4f869acb20bf845e016259cd" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" + [[package]] name = "ring" version = "0.17.7" @@ -72,16 +336,35 @@ dependencies = [ "libc", "spin", "untrusted", - "windows-sys", + "windows-sys 0.48.0", +] + +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + +[[package]] +name = "rustix" +version = "0.38.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys 0.52.0", ] [[package]] name = "rustls" version = "0.23.0-alpha.0" dependencies = [ + "aws-lc-rs", "log", "once_cell", - "ring", "rustls-pki-types", "rustls-webpki", "subtle", @@ -109,11 +392,18 @@ version = "0.102.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" dependencies = [ + "aws-lc-rs", "ring", "rustls-pki-types", "untrusted", ] +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + [[package]] name = "spin" version = "0.9.8" @@ -126,6 +416,23 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +[[package]] +name = "syn" +version = "2.0.48" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + [[package]] name = "untrusted" version = "0.9.0" @@ -138,13 +445,34 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + [[package]] name = "windows-sys" version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" dependencies = [ - "windows-targets", + "windows-targets 0.48.5", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.0", ] [[package]] @@ -153,13 +481,28 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", + "windows_aarch64_gnullvm 0.48.5", + "windows_aarch64_msvc 0.48.5", + "windows_i686_gnu 0.48.5", + "windows_i686_msvc 0.48.5", + "windows_x86_64_gnu 0.48.5", + "windows_x86_64_gnullvm 0.48.5", + "windows_x86_64_msvc 0.48.5", +] + +[[package]] +name = "windows-targets" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +dependencies = [ + "windows_aarch64_gnullvm 0.52.0", + "windows_aarch64_msvc 0.52.0", + "windows_i686_gnu 0.52.0", + "windows_i686_msvc 0.52.0", + "windows_x86_64_gnu 0.52.0", + "windows_x86_64_gnullvm 0.52.0", + "windows_x86_64_msvc 0.52.0", ] [[package]] @@ -168,42 +511,84 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" + [[package]] name = "windows_aarch64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" + [[package]] name = "windows_i686_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +[[package]] +name = "windows_i686_gnu" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" + [[package]] name = "windows_i686_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +[[package]] +name = "windows_i686_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" + [[package]] name = "windows_x86_64_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" + [[package]] name = "windows_x86_64_gnullvm" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" + [[package]] name = "windows_x86_64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" + [[package]] name = "zeroize" version = "1.7.0" diff --git a/openssl-tests/src/ffdhe.rs b/openssl-tests/src/ffdhe.rs index 4ab51890dc..c45f519912 100644 --- a/openssl-tests/src/ffdhe.rs +++ b/openssl-tests/src/ffdhe.rs @@ -1,7 +1,7 @@ use num_bigint::BigUint; use rustls::crypto::{ - ring as provider, ActiveKeyExchange, CipherSuiteCommon, KeyExchangeAlgorithm, SharedSecret, - SupportedKxGroup, + aws_lc_rs as provider, ActiveKeyExchange, CipherSuiteCommon, KeyExchangeAlgorithm, + SharedSecret, SupportedKxGroup, }; use rustls::ffdhe_groups::FfdheGroup; use rustls::{CipherSuite, NamedGroup, SupportedCipherSuite, Tls12CipherSuite}; diff --git a/openssl-tests/src/ffdhe_kx_with_openssl.rs b/openssl-tests/src/ffdhe_kx_with_openssl.rs index c8441bc8be..0a20a697e4 100644 --- a/openssl-tests/src/ffdhe_kx_with_openssl.rs +++ b/openssl-tests/src/ffdhe_kx_with_openssl.rs @@ -4,7 +4,7 @@ use std::net::{TcpListener, TcpStream}; use std::sync::Arc; use std::{str, thread}; -use rustls::crypto::{ring as provider, CryptoProvider}; +use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use rustls::version::{TLS12, TLS13}; use rustls::{ClientConfig, RootCertStore, ServerConfig, SupportedProtocolVersion}; use rustls_pemfile::Item; diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 99f2d5bbba..ff4555c446 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -27,7 +27,7 @@ pki-types = { package = "rustls-pki-types", version = "1.2", features = ["std"] zeroize = "1.7" [features] -default = ["logging", "ring", "tls12"] +default = ["aws_lc_rs", "logging", "tls12"] logging = ["log"] aws_lc_rs = ["dep:aws-lc-rs", "webpki/aws_lc_rs"] ring = ["dep:ring", "webpki/ring"] diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index c0bc4c4780..03a70408f6 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -28,8 +28,8 @@ use crate::{ClientConfig, ServerConfig}; /// supported protocol versions. /// /// ``` -/// # #[cfg(feature = "ring")] { -/// # rustls::crypto::ring::default_provider().install_default(); +/// # #[cfg(feature = "aws_lc_rs")] { +/// # rustls::crypto::aws_lc_rs::default_provider().install_default(); /// use rustls::{ClientConfig, ServerConfig}; /// ClientConfig::builder() /// // ... @@ -44,8 +44,8 @@ use crate::{ClientConfig, ServerConfig}; /// You may also override the choice of protocol versions: /// /// ```no_run -/// # #[cfg(feature = "ring")] { -/// # rustls::crypto::ring::default_provider().install_default(); +/// # #[cfg(feature = "aws_lc_rs")] { +/// # rustls::crypto::aws_lc_rs::default_provider().install_default(); /// # use rustls::ServerConfig; /// ServerConfig::builder_with_protocol_versions(&[&rustls::version::TLS13]) /// // ... @@ -80,8 +80,8 @@ use crate::{ClientConfig, ServerConfig}; /// For example: /// /// ``` -/// # #[cfg(feature = "ring")] { -/// # rustls::crypto::ring::default_provider().install_default(); +/// # #[cfg(feature = "aws_lc_rs")] { +/// # rustls::crypto::aws_lc_rs::default_provider().install_default(); /// # use rustls::ClientConfig; /// # let root_certs = rustls::RootCertStore::empty(); /// ClientConfig::builder() @@ -104,8 +104,8 @@ use crate::{ClientConfig, ServerConfig}; /// For example: /// /// ```no_run -/// # #[cfg(feature = "ring")] { -/// # rustls::crypto::ring::default_provider().install_default(); +/// # #[cfg(feature = "aws_lc_rs")] { +/// # rustls::crypto::aws_lc_rs::default_provider().install_default(); /// # use rustls::ServerConfig; /// # let certs = vec![]; /// # let private_key = pki_types::PrivateKeyDer::from( @@ -141,7 +141,7 @@ use crate::{ClientConfig, ServerConfig}; /// Additionally, ServerConfig and ClientConfig carry a private field containing a /// [`CryptoProvider`], from [`ClientConfig::builder_with_provider()`] or /// [`ServerConfig::builder_with_provider()`]. This determines which cryptographic backend -/// is used. The default is [`ring::provider`]. +/// is used. The default is [the process-default provider](`CryptoProvider::get_default`). /// /// [builder]: https://rust-unofficial.github.io/patterns/patterns/creational/builder.html /// [typestate]: http://cliffle.com/blog/rust-typestate/ @@ -156,7 +156,7 @@ use crate::{ClientConfig, ServerConfig}; /// [`ConfigBuilder`]: struct.ConfigBuilder.html#impl-6 /// [`WantsClientCert`]: crate::client::WantsClientCert /// [`WantsServerCert`]: crate::server::WantsServerCert -/// [`ring::provider`]: crate::crypto::ring::default_provider +/// [`CryptoProvider::get_default`]: crate::crypto::CryptoProvider::get_default /// [`DangerousClientConfigBuilder::with_custom_certificate_verifier`]: crate::client::danger::DangerousClientConfigBuilder::with_custom_certificate_verifier #[derive(Clone)] pub struct ConfigBuilder { diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 0e639915fe..6c4581565b 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -66,12 +66,12 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// This crate comes with two built-in options, provided as /// `CryptoProvider` structures: /// -/// - [`crypto::ring::default_provider`]: (behind the `ring` crate feature, which -/// is enabled by default). This provider uses the [*ring*](https://github.com/briansmith/ring) -/// crate. /// - [`crypto::aws_lc_rs::default_provider`]: (behind the `aws_lc_rs` feature, -/// which is optional). This provider uses the [aws-lc-rs](https://github.com/aws/aws-lc-rs) +/// which is enabled by default). This provider uses the [aws-lc-rs](https://github.com/aws/aws-lc-rs) /// crate. The `fips` crate feature makes this option use FIPS140-3-approved cryptography. +/// - [`crypto::ring::default_provider`]: (behind the `ring` crate feature, which +/// is optional). This provider uses the [*ring*](https://github.com/briansmith/ring) +/// crate. /// /// This structure provides defaults. Everything in it can be overridden at /// runtime by replacing field values as needed. @@ -123,15 +123,15 @@ pub use crate::msgs::handshake::KeyExchangeAlgorithm; /// API ([`ConfigBuilder::with_single_cert`] etc.), it might look like this: /// /// ``` -/// # #[cfg(feature = "ring")] { +/// # #[cfg(feature = "aws_lc_rs")] { /// # use std::sync::Arc; /// # mod fictious_hsm_api { pub fn load_private_key(key_der: pki_types::PrivateKeyDer<'static>) -> ! { unreachable!(); } } -/// use rustls::crypto::ring; +/// use rustls::crypto::aws_lc_rs; /// /// pub fn provider() -> rustls::crypto::CryptoProvider { /// rustls::crypto::CryptoProvider{ /// key_provider: &HsmKeyLoader, -/// ..ring::default_provider() +/// ..aws_lc_rs::default_provider() /// } /// } /// diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 13d9e9dd70..5b8738d891 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -53,13 +53,12 @@ //! //! ### Platform support //! -//! While Rustls itself is platform independent, by default it uses [`ring`] for implementing -//! the cryptography in TLS. As a result, rustls only runs on platforms -//! supported by `ring`. At the time of writing, this means 32-bit ARM, Aarch64 (64-bit ARM), -//! x86, x86-64, LoongArch64, 32-bit & 64-bit Little Endian MIPS, 32-bit PowerPC (Big Endian), -//! 64-bit PowerPC (Big and Little Endian), 64-bit RISC-V, and s390x. We do not presently -//! support WebAssembly. -//! For more information, see [the supported `ring` target platforms][ring-target-platforms]. +//! While Rustls itself is platform independent, by default it uses [`aws-lc-rs`] for implementing +//! the cryptography in TLS. See [the aws-lc-rs FAQ][aws-lc-rs-platforms-faq] for more details of the +//! platform/architecture support constraints in aws-lc-rs. +//! +//! [`ring`] is also available via the `ring` crate feature: see +//! [the supported `ring` target platforms][ring-target-platforms]. //! //! By providing a custom instance of the [`crypto::CryptoProvider`] struct, you //! can replace all cryptography dependencies of rustls. This is a route to being portable @@ -67,19 +66,21 @@ //! [`crypto::CryptoProvider`] documentation for more details. //! //! Specifying `default-features = false` when depending on rustls will remove the -//! dependency on *ring*. +//! dependency on aws-lc-rs. //! //! Rustls requires Rust 1.61 or later. //! //! [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 //! [`crypto::CryptoProvider`]: https://docs.rs/rustls/latest/rustls/crypto/trait.CryptoProvider.html //! [`ring`]: https://crates.io/crates/ring +//! [aws-lc-rs-platforms-faq]: https://aws.github.io/aws-lc-rs/faq.html#can-i-run-aws-lc-rs-on-x-platform-or-architecture +//! [`aws-lc-rs`]: https://crates.io/crates/aws-lc-rs //! //! ### Cryptography providers //! //! Since Rustls 0.22 it has been possible to choose the provider of the cryptographic primitives //! that Rustls uses. This may be appealing if you have specific platform, compliance or feature -//! requirements that aren't met by the default provider, [`ring`]. +//! requirements that aren't met by the default provider, [`aws-lc-rs`]. //! //! Users that wish to customize the provider in use can do so when constructing `ClientConfig` //! and `ServerConfig` instances using the `with_crypto_provider` method on the respective config @@ -89,11 +90,11 @@ //! //! Rustls ships with two built-in providers controlled with associated feature flags: //! -//! * [`ring`] - enabled by default, available with the `ring` feature flag enabled. This -//! provider is used by default when an explicit provider is not specified. -//! * [`aws-lc-rs`] - available with the `aws_lc_rs` feature flag enabled. +//! * [`aws-lc-rs`] - enabled by default, available with the `aws_lc_rs` feature flag enabled. +//! * [`ring`] - available with the `ring` feature flag enabled. //! -//! [`aws-lc-rs`]: https://github.com/aws/aws-lc-rs +//! See the documentation for [`crypto::CryptoProvider`] for details on how providers are +//! selected. //! //! #### Third-party providers //! @@ -176,7 +177,7 @@ //! the Mozilla set of root certificates. //! //! ```rust,no_run -//! # #[cfg(feature = "ring")] { +//! # #[cfg(feature = "aws-lc-rs")] { //! let root_store = rustls::RootCertStore::from_iter( //! webpki_roots::TLS_SERVER_ROOTS //! .iter() @@ -191,7 +192,7 @@ //! and use it for all connections made by that process. //! //! ```rust,no_run -//! # #[cfg(feature = "ring")] { +//! # #[cfg(feature = "aws_lc_rs")] { //! # let root_store: rustls::RootCertStore = panic!(); //! let config = rustls::ClientConfig::builder() //! .with_root_certificates(root_store) @@ -203,11 +204,11 @@ //! know what to expect to find in the server's certificate. //! //! ```rust -//! # #[cfg(feature = "ring")] { +//! # #[cfg(feature = "aws_lc_rs")] { //! # use rustls; //! # use webpki; //! # use std::sync::Arc; -//! # rustls::crypto::ring::default_provider().install_default(); +//! # rustls::crypto::aws_lc_rs::default_provider().install_default(); //! # let root_store = rustls::RootCertStore::from_iter( //! # webpki_roots::TLS_SERVER_ROOTS //! # .iter() @@ -246,7 +247,7 @@ //! errors. //! //! ```rust,no_run -//! # #[cfg(feature = "ring")] { +//! # #[cfg(feature = "aws_lc_rs")] { //! # let mut client = rustls::ClientConnection::new(panic!(), panic!()).unwrap(); //! # struct Socket { } //! # impl Socket { @@ -304,18 +305,19 @@ //! Here's a list of what features are exposed by the rustls crate and what //! they mean. //! -//! - `ring` (enabled by default): makes the rustls crate depend on the *ring* crate, which is -//! used for cryptography by default. Without this feature, these items must be provided -//! externally to the core rustls crate: see [`CryptoProvider`]. -//! -//! - `aws_lc_rs`: makes the rustls crate depend on the aws-lc-rs crate, -//! which can be used for cryptography as an alternative to *ring*. -//! Use `rustls::crypto::aws_lc_rs::default_provider()` as a `CryptoProvider` -//! when making a `ClientConfig` or `ServerConfig` to use aws-lc-rs +//! - `aws_lc_rs` (enabled by default): makes the rustls crate depend on the [`aws-lc-rs`] crate. +//! Use `rustls::crypto::aws_lc_rs::default_provider().install_default()` to +//! use it as the default `CryptoProvider`, or provide it explicitly +//! when making a `ClientConfig` or `ServerConfig`. //! //! Note that aws-lc-rs has additional build-time dependencies like cmake. //! See [the documentation](https://aws.github.io/aws-lc-rs/requirements/index.html) for details. //! +//! - `ring`: makes the rustls crate depend on the *ring* crate for cryptography. +//! Use `rustls::crypto::ring::default_provider().install_default()` to +//! use it as the default `CryptoProvider`, or provide it explicitly +//! when making a `ClientConfig` or `ServerConfig`. +//! //! - `fips`: enable support for FIPS140-3-approved cryptography, via the aws-lc-rs crate. //! This feature enables the `aws_lc_rs` feature, which makes the rustls crate depend //! on [aws-lc-rs](https://github.com/aws/aws-lc-rs). It also changes the default diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 3bece3d1b7..fe1569ca87 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -654,7 +654,7 @@ impl UnbufferedConnectionCommon { /// # Example /// /// ```no_run -/// # #[cfg(feature = "ring")] { +/// # #[cfg(feature = "aws_lc_rs")] { /// # fn choose_server_config( /// # _: rustls::server::ClientHello, /// # ) -> std::sync::Arc { From 8e4afc6d141ba4e0df0f32e9079b2ac1c011d7b9 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 9 Feb 2024 15:24:47 +0000 Subject: [PATCH 0721/1145] Improve/extend docs of `default_fips_provider()` --- rustls/src/crypto/mod.rs | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 6c4581565b..3d18d78599 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -500,7 +500,20 @@ impl From<&[u8]> for SharedSecret { /// This function returns a [`CryptoProvider`] that uses /// FIPS140-3-approved cryptography. /// -/// You can use this like: +/// Using this function expresses in your code that you require +/// FIPS-approved cryptography, and will not compile if you make +/// a mistake with cargo features. +/// +/// Install this as the process-default provider, like: +/// +/// ```rust +/// # #[cfg(feature = "fips")] { +/// rustls::crypto::default_fips_provider().install_default() +/// .expect("default provider already set elsewhere"); +/// # } +/// ``` +/// +/// You can also use this explicitly, like: /// /// ```rust /// # #[cfg(feature = "fips")] { @@ -514,10 +527,6 @@ impl From<&[u8]> for SharedSecret { /// .with_no_client_auth(); /// # } /// ``` -/// -/// This expresses in your code that you require FIPS-approved -/// cryptography, and will not compile if you make a mistake -/// with cargo features. #[cfg(feature = "fips")] pub fn default_fips_provider() -> CryptoProvider { crate::crypto::aws_lc_rs::default_provider() From 3179b925c2becc8d19eb83078590e412dff4ed28 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 12 Feb 2024 13:34:58 -0500 Subject: [PATCH 0722/1145] ci: add Windows aws-lc-rs build reqs to daily-tests --- .github/workflows/daily-tests.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 1e50835126..55098835fe 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -40,6 +40,14 @@ jobs: with: toolchain: ${{ matrix.rust }} + - name: Install NASM for aws-lc-rs on Windows + if: runner.os == 'Windows' + uses: ilammy/setup-nasm@v1 + + - name: Install ninja-build tool for aws-lc-fips-sys on Windows + if: runner.os == 'Windows' + uses: seanmiddleditch/gha-setup-ninja@v4 + - name: Build main crate run: cargo build --locked @@ -76,6 +84,14 @@ jobs: with: toolchain: ${{ matrix.rust }} + - name: Install NASM for aws-lc-rs on Windows + if: runner.os == 'Windows' + uses: ilammy/setup-nasm@v1 + + - name: Install ninja-build tool for aws-lc-fips-sys on Windows + if: runner.os == 'Windows' + uses: seanmiddleditch/gha-setup-ninja@v4 + - name: Check simple client run: cargo run --locked --bin simpleclient From 563c5c12dc0192d67ab5f55aac24bb26cf57a1e2 Mon Sep 17 00:00:00 2001 From: Richard Pringle Date: Tue, 13 Feb 2024 11:53:05 -0500 Subject: [PATCH 0723/1145] Make peer-certificates lifetime explicit --- rustls/src/common_state.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index ea5f979f15..98f328b0ee 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -111,7 +111,7 @@ impl CommonState { /// if client authentication was completed. /// /// The return value is None until this value is available. - pub fn peer_certificates(&self) -> Option<&[CertificateDer<'_>]> { + pub fn peer_certificates(&self) -> Option<&[CertificateDer<'static>]> { self.peer_certificates.as_deref() } From deffd3fa55815f617531f32ae305042105e13ff1 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 15 Feb 2024 10:58:55 +0000 Subject: [PATCH 0724/1145] Update version of nightly for check-external-types --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 358e259a3e..601d0f626a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -385,7 +385,7 @@ jobs: - name: Install rust toolchain uses: dtolnay/rust-toolchain@master with: - toolchain: nightly-2023-10-10 + toolchain: nightly-2024-02-07 # ^ sync with https://github.com/awslabs/cargo-check-external-types/blob/main/rust-toolchain.toml - run: cargo install --locked cargo-check-external-types - name: run cargo-check-external-types for rustls/ From 1cdb10f8b4b3401f329c548a470541b5df7bb5d1 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 13 Feb 2024 12:56:25 -0500 Subject: [PATCH 0725/1145] examples: ignore interrupted syscalls for mio poll While in general these examples shouldn't be written to handle errors, the long-running MIO poll operation is especially prone to returning interrupted syscall errors when a debugger is attached. This commit updates each MIO example to ignore this class of error rather than panicing, improving the debugging experience. --- examples/src/bin/tlsclient-mio.rs | 9 ++++++++- examples/src/bin/tlsserver-mio.rs | 9 ++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 481af79bc7..265bf6ea5d 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -534,7 +534,14 @@ fn main() { tlsclient.register(poll.registry()); loop { - poll.poll(&mut events, None).unwrap(); + match poll.poll(&mut events, None) { + Ok(_) => {} + // Polling can be interrupted (e.g. by a debugger) - retry if so. + Err(e) if e.kind() == io::ErrorKind::Interrupted => continue, + Err(e) => { + panic!("poll failed: {:?}", e) + } + } for ev in events.iter() { tlsclient.ready(ev); diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 6ee3bba450..00dc7e12f4 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -702,7 +702,14 @@ fn main() { let mut events = mio::Events::with_capacity(256); loop { - poll.poll(&mut events, None).unwrap(); + match poll.poll(&mut events, None) { + Ok(_) => {} + // Polling can be interrupted (e.g. by a debugger) - retry if so. + Err(e) if e.kind() == io::ErrorKind::Interrupted => continue, + Err(e) => { + panic!("poll failed: {:?}", e) + } + } for event in events.iter() { match event.token() { From 9af53f25f94a604e775a7f6d65249bf4051e254b Mon Sep 17 00:00:00 2001 From: Eloi DEMOLIS Date: Thu, 1 Feb 2024 17:53:33 +0100 Subject: [PATCH 0726/1145] Split BorrowedPlainMessage in inbound and outbound types Signed-off-by: Eloi DEMOLIS --- provider-example/src/aead.rs | 10 +- rustls/src/common_state.rs | 13 +-- rustls/src/conn.rs | 9 +- rustls/src/crypto/aws_lc_rs/tls12.rs | 14 +-- rustls/src/crypto/aws_lc_rs/tls13.rs | 10 +- rustls/src/crypto/cipher.rs | 10 +- rustls/src/crypto/ring/tls12.rs | 14 +-- rustls/src/crypto/ring/tls13.rs | 6 +- rustls/src/lib.rs | 4 +- rustls/src/msgs/deframer.rs | 45 ++++----- rustls/src/msgs/fragmenter.rs | 14 +-- rustls/src/msgs/message.rs | 133 +++++++++++++++++++-------- rustls/src/record_layer.rs | 12 +-- rustls/tests/api.rs | 12 ++- 14 files changed, 183 insertions(+), 123 deletions(-) diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index 2fe030c593..0483cf9939 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -86,7 +86,7 @@ struct Tls13Cipher(chacha20poly1305::ChaCha20Poly1305, cipher::Iv); impl cipher::MessageEncrypter for Tls13Cipher { fn encrypt( &mut self, - m: cipher::BorrowedPlainMessage, + m: cipher::OutboundMessage, seq: u64, ) -> Result { let total_len = self.encrypted_payload_len(m.payload.len()); @@ -121,7 +121,7 @@ impl cipher::MessageDecrypter for Tls13Cipher { &mut self, mut m: cipher::BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result, rustls::Error> { + ) -> Result, rustls::Error> { let payload = &mut m.payload; let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); let aad = cipher::make_tls13_aad(payload.len()); @@ -139,7 +139,7 @@ struct Tls12Cipher(chacha20poly1305::ChaCha20Poly1305, cipher::Iv); impl cipher::MessageEncrypter for Tls12Cipher { fn encrypt( &mut self, - m: cipher::BorrowedPlainMessage, + m: cipher::OutboundMessage, seq: u64, ) -> Result { let total_len = self.encrypted_payload_len(m.payload.len()); @@ -166,7 +166,7 @@ impl cipher::MessageDecrypter for Tls12Cipher { &mut self, mut m: cipher::BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result, rustls::Error> { + ) -> Result, rustls::Error> { let payload = &m.payload; let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); let aad = cipher::make_tls12_aad( @@ -181,7 +181,7 @@ impl cipher::MessageDecrypter for Tls12Cipher { .decrypt_in_place(&nonce, &aad, &mut BufferAdapter(payload)) .map_err(|_| rustls::Error::DecryptError)?; - Ok(m.into_plain_message()) + Ok(m.into_inbound_message()) } } diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 98f328b0ee..0ae7d11ab4 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -7,8 +7,9 @@ use crate::msgs::base::Payload; use crate::msgs::enums::{AlertLevel, KeyUpdateRequest}; use crate::msgs::fragmenter::MessageFragmenter; use crate::msgs::handshake::CertificateChain; -use crate::msgs::message::MessagePayload; -use crate::msgs::message::{BorrowedPlainMessage, Message, OpaqueMessage, PlainMessage}; +use crate::msgs::message::{ + BorrowedPlainMessage, Message, MessagePayload, OpaqueMessage, OutboundMessage, PlainMessage, +}; use crate::quic; use crate::record_layer; use crate::suites::PartiallyExtractedSecrets; @@ -300,7 +301,7 @@ impl CommonState { len } - fn send_single_fragment(&mut self, m: BorrowedPlainMessage) { + fn send_single_fragment(&mut self, m: OutboundMessage) { // Close connection once we start to run out of // sequence space. if self @@ -548,7 +549,7 @@ impl CommonState { &self, outgoing_tls: &mut [u8], opt_msg: Option<&[u8]>, - fragments: impl Iterator>, + fragments: impl Iterator>, ) -> Result<(), EncryptError> { let mut required_size = 0; if let Some(message) = opt_msg { @@ -572,7 +573,7 @@ impl CommonState { &mut self, outgoing_tls: &mut [u8], opt_msg: Option>, - fragments: impl Iterator>, + fragments: impl Iterator>, ) -> usize { let mut written = 0; @@ -658,7 +659,7 @@ impl CommonState { let message = PlainMessage::from(Message::build_key_update_notify()); self.queued_key_update_message = Some( self.record_layer - .encrypt_outgoing(message.borrow()) + .encrypt_outgoing(message.borrow_outbound()) .encode(), ); } diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index f087d1b583..bdd0faef15 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -1,12 +1,11 @@ use crate::common_state::{CommonState, Context, IoState, State, DEFAULT_BUFFER_LIMIT}; -use crate::crypto::cipher::BorrowedPlainMessage; use crate::enums::{AlertDescription, ContentType}; use crate::error::{Error, PeerMisbehaved}; #[cfg(feature = "logging")] use crate::log::trace; use crate::msgs::deframer::{Deframed, DeframerSliceBuffer, DeframerVecBuffer, MessageDeframer}; use crate::msgs::handshake::Random; -use crate::msgs::message::{Message, MessagePayload}; +use crate::msgs::message::{InboundMessage, Message, MessagePayload}; use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; use crate::vecbuf::ChunkVecBuffer; @@ -337,7 +336,7 @@ impl ConnectionRandoms { // --- Common (to client and server) connection functions --- -fn is_valid_ccs(msg: &BorrowedPlainMessage) -> bool { +fn is_valid_ccs(msg: &InboundMessage) -> bool { // We passthrough ChangeCipherSpec messages in the deframer without decrypting them. // Note: this is prior to the record layer, so is unencrypted. See // third paragraph of section 5 in RFC8446. @@ -778,7 +777,7 @@ impl ConnectionCore { &mut self, state: Option<&dyn State>, deframer_buffer: &mut DeframerSliceBuffer<'b>, - ) -> Result>, Error> { + ) -> Result>, Error> { match self.message_deframer.pop( &mut self.common_state.record_layer, self.common_state.negotiated_version, @@ -833,7 +832,7 @@ impl ConnectionCore { fn process_msg( &mut self, - msg: BorrowedPlainMessage, + msg: InboundMessage, state: Box>, sendable_plaintext: Option<&mut ChunkVecBuffer>, ) -> Result>, Error> { diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index d0840afc8a..e790363776 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -7,7 +7,7 @@ use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm}; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; -use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage}; +use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; use crate::version::TLS12; @@ -265,7 +265,7 @@ impl MessageDecrypter for GcmMessageDecrypter { &mut self, mut msg: BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &msg.payload; if payload.len() < GCM_OVERHEAD { return Err(Error::DecryptError); @@ -297,12 +297,12 @@ impl MessageDecrypter for GcmMessageDecrypter { } payload.truncate(plain_len); - Ok(msg.into_plain_message()) + Ok(msg.into_inbound_message()) } } impl MessageEncrypter for GcmMessageEncrypter { - fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); @@ -347,7 +347,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { &mut self, mut msg: BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &msg.payload; if payload.len() < CHACHAPOLY1305_OVERHEAD { @@ -374,12 +374,12 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { } payload.truncate(plain_len); - Ok(msg.into_plain_message()) + Ok(msg.into_inbound_message()) } } impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { - fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.enc_offset, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index 745f184ccd..d6dacbea00 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -10,7 +10,7 @@ use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec::Codec; -use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage}; +use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; @@ -220,7 +220,7 @@ struct AeadMessageDecrypter { } impl MessageEncrypter for AeadMessageEncrypter { - fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(msg.payload); @@ -251,7 +251,7 @@ impl MessageDecrypter for AeadMessageDecrypter { &mut self, mut msg: BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &mut msg.payload; if payload.len() < self.dec_key.algorithm().tag_len() { return Err(Error::DecryptError); @@ -276,7 +276,7 @@ struct GcmMessageEncrypter { } impl MessageEncrypter for GcmMessageEncrypter { - fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { let total_len = msg.payload.len() + 1 + self.enc_key.algorithm().tag_len(); let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(msg.payload); @@ -310,7 +310,7 @@ impl MessageDecrypter for GcmMessageDecrypter { &mut self, mut msg: BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &mut msg.payload; if payload.len() < self.dec_key.algorithm().tag_len() { return Err(Error::DecryptError); diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 9f2fcb5b15..78f0e4dd6a 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -8,7 +8,7 @@ use crate::error::Error; pub use crate::msgs::base::BorrowedPayload; use crate::msgs::codec; pub use crate::msgs::message::{ - BorrowedOpaqueMessage, BorrowedPlainMessage, OpaqueMessage, PlainMessage, + BorrowedOpaqueMessage, InboundMessage, OpaqueMessage, OutboundMessage, PlainMessage, }; use crate::suites::ConnectionTrafficSecrets; @@ -141,14 +141,14 @@ pub trait MessageDecrypter: Send + Sync { &mut self, msg: BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result, Error>; + ) -> Result, Error>; } /// Objects with this trait can encrypt TLS messages. pub trait MessageEncrypter: Send + Sync { /// Encrypt the given TLS message `msg`, using the sequence number /// `seq which can be used to derive a unique [`Nonce`]. - fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result; + fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result; /// Return the length of the ciphertext that results from encrypting plaintext of /// length `payload_len` @@ -318,7 +318,7 @@ impl From<[u8; Self::MAX_LEN]> for AeadKey { struct InvalidMessageEncrypter {} impl MessageEncrypter for InvalidMessageEncrypter { - fn encrypt(&mut self, _m: BorrowedPlainMessage, _seq: u64) -> Result { + fn encrypt(&mut self, _m: OutboundMessage, _seq: u64) -> Result { Err(Error::EncryptError) } @@ -335,7 +335,7 @@ impl MessageDecrypter for InvalidMessageDecrypter { &mut self, _m: BorrowedOpaqueMessage<'a>, _seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { Err(Error::DecryptError) } } diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index d7b3572ab1..bff49cce84 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -7,7 +7,7 @@ use crate::crypto::KeyExchangeAlgorithm; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; -use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage}; +use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; @@ -249,7 +249,7 @@ impl MessageDecrypter for GcmMessageDecrypter { &mut self, mut msg: BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &msg.payload; if payload.len() < GCM_OVERHEAD { return Err(Error::DecryptError); @@ -281,12 +281,12 @@ impl MessageDecrypter for GcmMessageDecrypter { } payload.truncate(plain_len); - Ok(msg.into_plain_message()) + Ok(msg.into_inbound_message()) } } impl MessageEncrypter for GcmMessageEncrypter { - fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); @@ -331,7 +331,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { &mut self, mut msg: BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &msg.payload; if payload.len() < CHACHAPOLY1305_OVERHEAD { @@ -358,12 +358,12 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { } payload.truncate(plain_len); - Ok(msg.into_plain_message()) + Ok(msg.into_inbound_message()) } } impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { - fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.enc_offset, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 85ee9bcd4c..9651055753 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -10,7 +10,7 @@ use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec::Codec; -use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage}; +use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; @@ -192,7 +192,7 @@ struct Tls13MessageDecrypter { } impl MessageEncrypter for Tls13MessageEncrypter { - fn encrypt(&mut self, msg: BorrowedPlainMessage, seq: u64) -> Result { + fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(msg.payload); @@ -223,7 +223,7 @@ impl MessageDecrypter for Tls13MessageDecrypter { &mut self, mut msg: BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &mut msg.payload; if payload.len() < self.dec_key.algorithm().tag_len() { return Err(Error::DecryptError); diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 5b8738d891..36d5816d0c 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -482,7 +482,9 @@ pub mod internal { }; } pub mod message { - pub use crate::msgs::message::{Message, MessagePayload, OpaqueMessage, PlainMessage}; + pub use crate::msgs::message::{ + BorrowedPlainMessage, Message, MessagePayload, OpaqueMessage, PlainMessage, + }; } pub mod persist { pub use crate::msgs::persist::ServerSessionValue; diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index b656f76cce..7a422b80e1 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -4,11 +4,10 @@ use core::slice::SliceIndex; use std::io; use super::codec::Codec; -use super::message::{BorrowedOpaqueMessage, BorrowedPlainMessage}; use crate::enums::{ContentType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; use crate::msgs::codec; -use crate::msgs::message::{MessageError, OpaqueMessage}; +use crate::msgs::message::{BorrowedOpaqueMessage, InboundMessage, MessageError, OpaqueMessage}; use crate::record_layer::{Decrypted, RecordLayer}; /// This deframer works to reconstruct TLS messages from a stream of arbitrary-sized reads. @@ -113,13 +112,13 @@ impl MessageDeframer { version, payload, } = m; - let raw_payload = RawSlice::from(&*payload); + let raw_payload_slice = RawSlice::from(&*payload); // This is unencrypted. We check the contents later. buffer.queue_discard(end); - let message = BorrowedPlainMessage { + let message = InboundMessage { typ, version, - payload: buffer.take(raw_payload), + payload: buffer.take(raw_payload_slice), }; return Ok(Some(Deframed { want_close_before_decrypt: false, @@ -130,14 +129,19 @@ impl MessageDeframer { } // Decrypt the encrypted message (if necessary). - let msg = match record_layer.decrypt_incoming(m) { + let (typ, version, plain_payload_slice) = match record_layer.decrypt_incoming(m) { Ok(Some(decrypted)) => { let Decrypted { want_close_before_decrypt, - plaintext, + plaintext: + InboundMessage { + typ, + version, + payload, + }, } = decrypted; debug_assert!(!want_close_before_decrypt); - plaintext + (typ, version, RawSlice::from(payload)) } // This was rejected early data, discard it. If we currently have a handshake // payload in progress, this counts as interleaved, so we error out. @@ -153,7 +157,7 @@ impl MessageDeframer { Err(e) => return Err(e), }; - if self.joining_hs.is_some() && msg.typ != ContentType::Handshake { + if self.joining_hs.is_some() && typ != ContentType::Handshake { // "Handshake messages MUST NOT be interleaved with other record // types. That is, if a handshake message is split over two or more // records, there MUST NOT be any other records between them." @@ -162,19 +166,12 @@ impl MessageDeframer { } // If it's not a handshake message, just return it -- no joining necessary. - if msg.typ != ContentType::Handshake { - let BorrowedPlainMessage { - typ, - version, - payload, - } = msg; - let raw_payload = RawSlice::from(payload); - let end = start + rd.used(); + if typ != ContentType::Handshake { buffer.queue_discard(end); - let message = BorrowedPlainMessage { + let message = InboundMessage { typ, version, - payload: buffer.take(raw_payload), + payload: buffer.take(plain_payload_slice), }; return Ok(Some(Deframed { want_close_before_decrypt: false, @@ -186,9 +183,7 @@ impl MessageDeframer { // If we don't know the payload size yet or if the payload size is larger // than the currently buffered payload, we need to wait for more data. - let raw = RawSlice::from(msg.payload); - let version = msg.version; - let src = buffer.raw_slice_to_filled_range(raw); + let src = buffer.raw_slice_to_filled_range(plain_payload_slice); match self.append_hs(version, InternalPayload(src), end, buffer)? { HandshakePayloadState::Blocked => return Ok(None), HandshakePayloadState::Complete(len) => break len, @@ -221,7 +216,7 @@ impl MessageDeframer { buffer.queue_discard(end); } - let message = BorrowedPlainMessage { + let message = InboundMessage { typ, version, payload: buffer.take(raw_payload), @@ -686,7 +681,7 @@ pub struct Deframed<'a> { pub(crate) want_close_before_decrypt: bool, pub(crate) aligned: bool, pub(crate) trial_decryption_finished: bool, - pub message: BorrowedPlainMessage<'a>, + pub message: InboundMessage<'a>, } const HEADER_SIZE: usize = 1 + 3; @@ -703,7 +698,7 @@ mod tests { use std::io; use crate::crypto::cipher::PlainMessage; - use crate::msgs::message::Message; + use crate::msgs::message::{BorrowedPlainMessage, Message}; use super::*; diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index 7d131cced5..6cd72608d8 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -1,6 +1,6 @@ use crate::enums::ContentType; use crate::enums::ProtocolVersion; -use crate::msgs::message::{BorrowedPlainMessage, PlainMessage}; +use crate::msgs::message::{OutboundMessage, PlainMessage}; use crate::Error; pub(crate) const MAX_FRAGMENT_LEN: usize = 16384; pub(crate) const PACKET_OVERHEAD: usize = 1 + 2 + 2; @@ -26,7 +26,7 @@ impl MessageFragmenter { pub fn fragment_message<'a>( &self, msg: &'a PlainMessage, - ) -> impl Iterator> + 'a { + ) -> impl Iterator> + 'a { self.fragment_slice(msg.typ, msg.version, msg.payload.bytes()) } @@ -37,13 +37,13 @@ impl MessageFragmenter { typ: ContentType, version: ProtocolVersion, payload: &'a [u8], - ) -> impl ExactSizeIterator> { + ) -> impl ExactSizeIterator> { payload .chunks(self.max_frag) - .map(move |c| BorrowedPlainMessage { + .map(move |payload| OutboundMessage { typ, version, - payload: c, + payload, }) } @@ -71,10 +71,10 @@ mod tests { use crate::enums::ContentType; use crate::enums::ProtocolVersion; use crate::msgs::base::Payload; - use crate::msgs::message::{BorrowedPlainMessage, PlainMessage}; + use crate::msgs::message::{BorrowedPlainMessage, OutboundMessage, PlainMessage}; fn msg_eq( - m: &BorrowedPlainMessage, + m: &OutboundMessage, total_len: usize, typ: &ContentType, version: &ProtocolVersion, diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index ce80cf9eff..9ab670ebd7 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -3,18 +3,15 @@ use crate::enums::{AlertDescription, ContentType, HandshakeType}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; use crate::internal::record_layer::RecordLayer; use crate::msgs::alert::AlertMessagePayload; -use crate::msgs::base::Payload; +use crate::msgs::base::{BorrowedPayload, Payload}; use crate::msgs::ccs::ChangeCipherSpecPayload; -use crate::msgs::codec::{Codec, Reader}; +use crate::msgs::codec::{Codec, Reader, ReaderMut}; use crate::msgs::enums::AlertLevel; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; use crate::msgs::handshake::HandshakeMessagePayload; use alloc::vec::Vec; -use super::base::BorrowedPayload; -use super::codec::ReaderMut; - #[derive(Debug)] pub enum MessagePayload<'a> { Alert(AlertMessagePayload), @@ -197,11 +194,11 @@ pub struct BorrowedOpaqueMessage<'a> { } impl<'a> BorrowedOpaqueMessage<'a> { - /// Force conversion into a plaintext message. + /// Force conversion into an inbound plaintext message. /// /// See [`OpaqueMessage::into_plain_message`] for more information - pub fn into_plain_message(self) -> BorrowedPlainMessage<'a> { - BorrowedPlainMessage { + pub fn into_inbound_message(self) -> InboundMessage<'a> { + InboundMessage { typ: self.typ, version: self.version, payload: self.payload.into_inner(), @@ -212,7 +209,7 @@ impl<'a> BorrowedOpaqueMessage<'a> { /// /// Returns an error if the message (pre-unpadding) is too long, or the padding is invalid, /// or the message (post-unpadding) is too long. - pub fn into_tls13_unpadded_message(mut self) -> Result, Error> { + pub fn into_tls13_unpadded_message(mut self) -> Result, Error> { let payload = &mut self.payload; if payload.len() > MAX_FRAGMENT_LEN + 1 { @@ -229,7 +226,7 @@ impl<'a> BorrowedOpaqueMessage<'a> { } self.version = ProtocolVersion::TLSv1_3; - Ok(self.into_plain_message()) + Ok(self.into_inbound_message()) } pub(crate) fn read(r: &mut ReaderMut<'a>) -> Result { @@ -338,8 +335,16 @@ impl PlainMessage { } } - pub fn borrow(&self) -> BorrowedPlainMessage<'_> { - BorrowedPlainMessage { + pub fn borrow_inbound(&self) -> InboundMessage<'_> { + InboundMessage { + version: self.version, + typ: self.typ, + payload: self.payload.bytes(), + } + } + + pub fn borrow_outbound(&self) -> OutboundMessage<'_> { + OutboundMessage { version: self.version, typ: self.typ, payload: self.payload.bytes(), @@ -406,10 +411,10 @@ impl TryFrom for Message<'static> { /// /// A [`PlainMessage`] must contain plaintext content. Encrypted content should be stored in an /// [`OpaqueMessage`] and decrypted before being stored into a [`PlainMessage`]. -impl<'a> TryFrom> for Message<'a> { +impl<'a> TryFrom> for Message<'a> { type Error = Error; - fn try_from(plain: BorrowedPlainMessage<'a>) -> Result { + fn try_from(plain: InboundMessage<'a>) -> Result { Ok(Self { version: plain.version, payload: MessagePayload::new(plain.typ, plain.version, plain.payload)?, @@ -419,44 +424,100 @@ impl<'a> TryFrom> for Message<'a> { /// A TLS frame, named TLSPlaintext in the standard. /// -/// This type differs from `OpaqueMessage` because it borrows -/// its payload. You can make a `OpaqueMessage` from an -/// `BorrowMessage`, but this involves a copy. +/// This type borrows its decrypted payload from a `MessageDeframer`. +/// You can make a `OpaqueMessage` from an `InboundMessage`, +/// but this involves a copy. /// /// This type also cannot decode its internals and /// cannot be read/encoded; only `OpaqueMessage` can do that. #[derive(Debug)] -pub struct BorrowedPlainMessage<'a> { +pub struct InboundMessage<'a> { pub typ: ContentType, pub version: ProtocolVersion, pub payload: &'a [u8], } -impl<'a> BorrowedPlainMessage<'a> { - pub fn to_unencrypted_opaque(&self) -> OpaqueMessage { - OpaqueMessage { - version: self.version, - typ: self.typ, - payload: Payload::Owned(self.payload.to_vec()), - } +impl BorrowedPlainMessage for InboundMessage<'_> { + fn payload_to_vec(&self) -> Vec { + self.payload.to_vec() } - pub fn encoded_len(&self, record_layer: &RecordLayer) -> usize { - OpaqueMessage::HEADER_SIZE as usize + record_layer.encrypted_len(self.payload.len()) + fn payload_len(&self) -> usize { + self.payload.len() } - pub fn into_owned(self) -> PlainMessage { - let Self { - typ, - version, - payload, - } = self; + fn typ(&self) -> ContentType { + self.typ + } + + fn version(&self) -> ProtocolVersion { + self.version + } +} + +/// A TLS frame, named TLSPlaintext in the standard. +/// +/// This type borrows its "to be encrypted" data from the client. +/// You can make a `OpaqueMessage` from an `OutboundMessage`, +/// but this involves a copy. +/// +/// This type also cannot decode its internals and +/// cannot be read/encoded; only `OpaqueMessage` can do that. + +#[derive(Debug)] +pub struct OutboundMessage<'a> { + pub typ: ContentType, + pub version: ProtocolVersion, + pub payload: &'a [u8], +} + +impl BorrowedPlainMessage for OutboundMessage<'_> { + fn payload_to_vec(&self) -> Vec { + self.payload.to_vec() + } + + fn payload_len(&self) -> usize { + self.payload.len() + } + + fn typ(&self) -> ContentType { + self.typ + } + + fn version(&self) -> ProtocolVersion { + self.version + } +} + +/// Abstract both inbound and outbound variants of a plaintext message +pub trait BorrowedPlainMessage: Sized { + fn into_owned(self) -> PlainMessage { PlainMessage { - typ, - version, - payload: Payload::new(payload), + version: self.version(), + typ: self.typ(), + payload: Payload::Owned(self.payload_to_vec()), + } + } + + fn to_unencrypted_opaque(&self) -> OpaqueMessage { + OpaqueMessage { + version: self.version(), + typ: self.typ(), + payload: Payload::Owned(self.payload_to_vec()), } } + + fn encoded_len(&self, record_layer: &RecordLayer) -> usize { + OpaqueMessage::HEADER_SIZE as usize + record_layer.encrypted_len(self.payload_len()) + } + + fn payload_to_vec(&self) -> Vec; + + fn payload_len(&self) -> usize; + + fn typ(&self) -> ContentType; + + fn version(&self) -> ProtocolVersion; } #[derive(Debug)] diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index 5bc8893019..feabd77fa2 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -2,7 +2,7 @@ use core::num::NonZeroU64; use crate::crypto::cipher::{BorrowedOpaqueMessage, MessageDecrypter, MessageEncrypter}; use crate::error::Error; -use crate::msgs::message::{BorrowedPlainMessage, OpaqueMessage}; +use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage}; #[cfg(feature = "logging")] use crate::log::trace; @@ -67,7 +67,7 @@ impl RecordLayer { if self.decrypt_state != DirectionState::Active { return Ok(Some(Decrypted { want_close_before_decrypt: false, - plaintext: encr.into_plain_message(), + plaintext: encr.into_inbound_message(), })); } @@ -108,7 +108,7 @@ impl RecordLayer { /// /// `plain` is a TLS message we'd like to send. This function /// panics if the requisite keying material hasn't been established yet. - pub(crate) fn encrypt_outgoing(&mut self, plain: BorrowedPlainMessage) -> OpaqueMessage { + pub(crate) fn encrypt_outgoing(&mut self, plain: OutboundMessage) -> OpaqueMessage { debug_assert!(self.encrypt_state == DirectionState::Active); assert!(!self.encrypt_exhausted()); let seq = self.write_seq; @@ -242,7 +242,7 @@ pub(crate) struct Decrypted<'a> { /// Whether the peer appears to be getting close to encrypting too many messages with this key. pub(crate) want_close_before_decrypt: bool, /// The decrypted message. - pub(crate) plaintext: BorrowedPlainMessage<'a>, + pub(crate) plaintext: InboundMessage<'a>, } #[cfg(test)] @@ -259,8 +259,8 @@ mod tests { &mut self, m: BorrowedOpaqueMessage<'a>, _: u64, - ) -> Result, Error> { - Ok(m.into_plain_message()) + ) -> Result, Error> { + Ok(m.into_inbound_message()) } } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 6411f80b45..f4e3d7c121 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -27,7 +27,9 @@ use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; -use rustls::internal::msgs::message::{Message, MessagePayload, PlainMessage}; +use rustls::internal::msgs::message::{ + BorrowedPlainMessage, Message, MessagePayload, PlainMessage, +}; use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert}; use rustls::SupportedCipherSuite; use rustls::{ @@ -745,11 +747,11 @@ fn test_tls13_valid_early_plaintext_alert() { // * The negotiated protocol version is TLS 1.3. server .read_tls(&mut io::Cursor::new( - >::into(Message::build_alert( + PlainMessage::from(Message::build_alert( AlertLevel::Fatal, AlertDescription::UnknownCA, )) - .borrow() + .borrow_inbound() .to_unencrypted_opaque() .encode(), )) @@ -797,11 +799,11 @@ fn test_tls13_late_plaintext_alert() { // Inject a plaintext alert from the client. The server should attempt to decrypt this message. server .read_tls(&mut io::Cursor::new( - >::into(Message::build_alert( + PlainMessage::from(Message::build_alert( AlertLevel::Fatal, AlertDescription::UnknownCA, )) - .borrow() + .borrow_inbound() .to_unencrypted_opaque() .encode(), )) From 2f02ddc21b39d31ccacc6a1396ac96d29aa6b867 Mon Sep 17 00:00:00 2001 From: Eloi DEMOLIS Date: Tue, 6 Feb 2024 01:45:56 +0100 Subject: [PATCH 0727/1145] Create type OutboundChunks for OutboundMessage The ConnectionCommon::write_vectored was implemented by processing each chunk, fragmenting them and wrapping each fragment in a OutboundMessage before encrypting and sending it as separate TLS frames. For very fragmented payloads this generates a lot of very small payloads with most of the data being TLS headers. OutboundChunks can contain an arbitrary amount of fragmented chunks. This allows write_vectored to process all its chunks at once, fragmenting it in place if needed and wrapping it in a OutboundMessage. All the chunks are merged in a contiguous vector (taking atvantage of an already existent copy) before being encrypted and sent as a single TLS frame. Signed-off-by: Eloi DEMOLIS Co-Authored-By: Emmanuel Bosquet --- provider-example/src/aead.rs | 4 +- rustls/src/client/client_conn.rs | 2 +- rustls/src/common_state.rs | 67 ++++---- rustls/src/conn.rs | 30 ++-- rustls/src/conn/unbuffered.rs | 2 +- rustls/src/crypto/aws_lc_rs/tls12.rs | 4 +- rustls/src/crypto/aws_lc_rs/tls13.rs | 4 +- rustls/src/crypto/ring/tls12.rs | 4 +- rustls/src/crypto/ring/tls13.rs | 2 +- rustls/src/msgs/fragmenter.rs | 89 ++++++++-- rustls/src/msgs/message.rs | 239 ++++++++++++++++++++++++++- rustls/src/vecbuf.rs | 16 +- rustls/tests/api.rs | 29 ++++ 13 files changed, 419 insertions(+), 73 deletions(-) diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index 0483cf9939..97840211c1 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -93,7 +93,7 @@ impl cipher::MessageEncrypter for Tls13Cipher { // construct a TLSInnerPlaintext let mut payload = Vec::with_capacity(total_len); - payload.extend_from_slice(m.payload); + m.payload.copy_to_vec(&mut payload); payload.push(m.typ.get_u8()); let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); @@ -145,7 +145,7 @@ impl cipher::MessageEncrypter for Tls12Cipher { let total_len = self.encrypted_payload_len(m.payload.len()); let mut payload = Vec::with_capacity(total_len); - payload.extend_from_slice(m.payload); + m.payload.copy_to_vec(&mut payload); let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); let aad = cipher::make_tls12_aad(seq, m.typ, m.version, payload.len()); diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 08aff07975..fdc8b555ea 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -787,7 +787,7 @@ impl MayEncryptEarlyData<'_> { self.conn .core .common_state - .write_plaintext(&early_data[..allowed], outgoing_tls) + .write_plaintext(early_data[..allowed].into(), outgoing_tls) .map_err(|e| e.into()) } } diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 0ae7d11ab4..69f7fae08c 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -8,7 +8,8 @@ use crate::msgs::enums::{AlertLevel, KeyUpdateRequest}; use crate::msgs::fragmenter::MessageFragmenter; use crate::msgs::handshake::CertificateChain; use crate::msgs::message::{ - BorrowedPlainMessage, Message, MessagePayload, OpaqueMessage, OutboundMessage, PlainMessage, + BorrowedPlainMessage, Message, MessagePayload, OpaqueMessage, OutboundChunks, OutboundMessage, + PlainMessage, }; use crate::quic; use crate::record_layer; @@ -188,27 +189,29 @@ impl CommonState { /// all the data. pub(crate) fn buffer_plaintext( &mut self, - data: &[u8], + payload: OutboundChunks<'_>, sendable_plaintext: &mut ChunkVecBuffer, ) -> usize { self.perhaps_write_key_update(); - self.send_plain(data, Limit::Yes, sendable_plaintext) + self.send_plain(payload, Limit::Yes, sendable_plaintext) } pub(crate) fn write_plaintext( &mut self, - plaintext: &[u8], + payload: OutboundChunks<'_>, outgoing_tls: &mut [u8], ) -> Result { - if plaintext.is_empty() { + if payload.is_empty() { return Ok(0); } - let fragments = self.message_fragmenter.fragment_slice( - ContentType::ApplicationData, - ProtocolVersion::TLSv1_2, - plaintext, - ); + let fragments = self + .message_fragmenter + .fragment_payload( + ContentType::ApplicationData, + ProtocolVersion::TLSv1_2, + payload.clone(), + ); let remaining_encryptions = self .record_layer @@ -226,11 +229,13 @@ impl CommonState { fragments, )?; - let fragments = self.message_fragmenter.fragment_slice( - ContentType::ApplicationData, - ProtocolVersion::TLSv1_2, - plaintext, - ); + let fragments = self + .message_fragmenter + .fragment_payload( + ContentType::ApplicationData, + ProtocolVersion::TLSv1_2, + payload, + ); let opt_msg = self.queued_key_update_message.take(); let written = self.write_fragments(outgoing_tls, opt_msg, fragments); @@ -247,7 +252,7 @@ impl CommonState { return 0; } - self.send_appdata_encrypt(data, Limit::Yes) + self.send_appdata_encrypt(data.into(), Limit::Yes) } // Changing the keys must not span any fragmented handshake @@ -277,7 +282,7 @@ impl CommonState { } /// Like send_msg_encrypt, but operate on an appdata directly. - fn send_appdata_encrypt(&mut self, payload: &[u8], limit: Limit) -> usize { + fn send_appdata_encrypt(&mut self, payload: OutboundChunks<'_>, limit: Limit) -> usize { // Here, the limit on sendable_tls applies to encrypted data, // but we're respecting it for plaintext data -- so we'll // be out by whatever the cipher+record overhead is. That's a @@ -289,11 +294,13 @@ impl CommonState { Limit::No => payload.len(), }; - let iter = self.message_fragmenter.fragment_slice( - ContentType::ApplicationData, - ProtocolVersion::TLSv1_2, - &payload[..len], - ); + let iter = self + .message_fragmenter + .fragment_payload( + ContentType::ApplicationData, + ProtocolVersion::TLSv1_2, + payload.split_at(len).0, + ); for m in iter { self.send_single_fragment(m); } @@ -328,7 +335,7 @@ impl CommonState { /// be less than `data.len()` if buffer limits were exceeded. fn send_plain( &mut self, - data: &[u8], + payload: OutboundChunks<'_>, limit: Limit, sendable_plaintext: &mut ChunkVecBuffer, ) -> usize { @@ -336,25 +343,25 @@ impl CommonState { // If we haven't completed handshaking, buffer // plaintext to send once we do. let len = match limit { - Limit::Yes => sendable_plaintext.append_limited_copy(data), - Limit::No => sendable_plaintext.append(data.to_vec()), + Limit::Yes => sendable_plaintext.append_limited_copy(payload), + Limit::No => sendable_plaintext.append(payload.to_vec()), }; return len; } - self.send_plain_non_buffering(data, limit) + self.send_plain_non_buffering(payload, limit) } - fn send_plain_non_buffering(&mut self, data: &[u8], limit: Limit) -> usize { + fn send_plain_non_buffering(&mut self, payload: OutboundChunks<'_>, limit: Limit) -> usize { debug_assert!(self.may_send_application_data); debug_assert!(self.record_layer.is_encrypting()); - if data.is_empty() { + if payload.is_empty() { // Don't send empty fragments. return 0; } - self.send_appdata_encrypt(data, limit) + self.send_appdata_encrypt(payload, limit) } /// Mark the connection as ready to send application data. @@ -386,7 +393,7 @@ impl CommonState { } while let Some(buf) = sendable_plaintext.pop() { - self.send_plain_non_buffering(&buf, Limit::No); + self.send_plain_non_buffering(buf.as_slice().into(), Limit::No); } } diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index bdd0faef15..c88456d8ec 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -5,11 +5,12 @@ use crate::error::{Error, PeerMisbehaved}; use crate::log::trace; use crate::msgs::deframer::{Deframed, DeframerSliceBuffer, DeframerVecBuffer, MessageDeframer}; use crate::msgs::handshake::Random; -use crate::msgs::message::{InboundMessage, Message, MessagePayload}; +use crate::msgs::message::{InboundMessage, Message, MessagePayload, OutboundChunks}; use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; use crate::vecbuf::ChunkVecBuffer; use alloc::boxed::Box; +use alloc::vec::Vec; use core::fmt::Debug; use core::mem; use core::ops::{Deref, DerefMut}; @@ -257,18 +258,27 @@ impl PlaintextSink for ConnectionCommon { Ok(self .core .common_state - .buffer_plaintext(buf, &mut self.sendable_plaintext)) + .buffer_plaintext(buf.into(), &mut self.sendable_plaintext)) } fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result { - let mut sz = 0; - for buf in bufs { - sz += self - .core - .common_state - .buffer_plaintext(buf, &mut self.sendable_plaintext); - } - Ok(sz) + let payload_owner: Vec<&[u8]>; + let payload = match bufs.len() { + 0 => return Ok(0), + 1 => OutboundChunks::Single(bufs[0].deref()), + _ => { + payload_owner = bufs + .iter() + .map(|io_slice| io_slice.deref()) + .collect(); + + OutboundChunks::new(&payload_owner) + } + }; + Ok(self + .core + .common_state + .buffer_plaintext(payload, &mut self.sendable_plaintext)) } fn flush(&mut self) -> io::Result<()> { diff --git a/rustls/src/conn/unbuffered.rs b/rustls/src/conn/unbuffered.rs index 1605924051..b4946dfd5b 100644 --- a/rustls/src/conn/unbuffered.rs +++ b/rustls/src/conn/unbuffered.rs @@ -400,7 +400,7 @@ impl WriteTraffic<'_, Data> { self.conn .core .common_state - .write_plaintext(application_data, outgoing_tls) + .write_plaintext(application_data.into(), outgoing_tls) } /// Encrypts a close_notify warning alert in `outgoing_tls` diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index e790363776..94764d7ff6 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -309,7 +309,7 @@ impl MessageEncrypter for GcmMessageEncrypter { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(&nonce.as_ref()[4..]); - payload.extend_from_slice(msg.payload); + msg.payload.copy_to_vec(&mut payload); self.enc_key .seal_in_place_separate_tag(nonce, aad, &mut payload[GCM_EXPLICIT_NONCE_LEN..]) @@ -385,7 +385,7 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut buf = Vec::with_capacity(total_len); - buf.extend_from_slice(msg.payload); + msg.payload.copy_to_vec(&mut buf); self.enc_key .seal_in_place_append_tag(nonce, aad, &mut buf) diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index d6dacbea00..abcdf3a566 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -223,7 +223,7 @@ impl MessageEncrypter for AeadMessageEncrypter { fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = Vec::with_capacity(total_len); - payload.extend_from_slice(msg.payload); + msg.payload.copy_to_vec(&mut payload); msg.typ.encode(&mut payload); let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); @@ -279,7 +279,7 @@ impl MessageEncrypter for GcmMessageEncrypter { fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { let total_len = msg.payload.len() + 1 + self.enc_key.algorithm().tag_len(); let mut payload = Vec::with_capacity(total_len); - payload.extend_from_slice(msg.payload); + msg.payload.copy_to_vec(&mut payload); msg.typ.encode(&mut payload); let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index bff49cce84..a01da6ef0c 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -293,7 +293,7 @@ impl MessageEncrypter for GcmMessageEncrypter { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(&nonce.as_ref()[4..]); - payload.extend_from_slice(msg.payload); + msg.payload.copy_to_vec(&mut payload); self.enc_key .seal_in_place_separate_tag(nonce, aad, &mut payload[GCM_EXPLICIT_NONCE_LEN..]) @@ -369,7 +369,7 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut buf = Vec::with_capacity(total_len); - buf.extend_from_slice(msg.payload); + msg.payload.copy_to_vec(&mut buf); self.enc_key .seal_in_place_append_tag(nonce, aad, &mut buf) diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 9651055753..4876b55ef1 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -195,7 +195,7 @@ impl MessageEncrypter for Tls13MessageEncrypter { fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = Vec::with_capacity(total_len); - payload.extend_from_slice(msg.payload); + msg.payload.copy_to_vec(&mut payload); msg.typ.encode(&mut payload); let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index 6cd72608d8..d9314134e4 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -1,6 +1,6 @@ use crate::enums::ContentType; use crate::enums::ProtocolVersion; -use crate::msgs::message::{OutboundMessage, PlainMessage}; +use crate::msgs::message::{OutboundChunks, OutboundMessage, PlainMessage}; use crate::Error; pub(crate) const MAX_FRAGMENT_LEN: usize = 16384; pub(crate) const PACKET_OVERHEAD: usize = 1 + 2 + 2; @@ -27,24 +27,22 @@ impl MessageFragmenter { &self, msg: &'a PlainMessage, ) -> impl Iterator> + 'a { - self.fragment_slice(msg.typ, msg.version, msg.payload.bytes()) + self.fragment_payload(msg.typ, msg.version, msg.payload.bytes().into()) } /// Enqueue borrowed fragments of (version, typ, payload) which /// are no longer than max_frag onto the `out` deque. - pub(crate) fn fragment_slice<'a>( + pub(crate) fn fragment_payload<'a>( &self, typ: ContentType, version: ProtocolVersion, - payload: &'a [u8], + payload: OutboundChunks<'a>, ) -> impl ExactSizeIterator> { - payload - .chunks(self.max_frag) - .map(move |payload| OutboundMessage { - typ, - version, - payload, - }) + Chunker::new(payload, self.max_frag).map(move |payload| OutboundMessage { + typ, + version, + payload, + }) } /// Set the maximum fragment size that will be produced. @@ -65,13 +63,47 @@ impl MessageFragmenter { } } +/// An iterator over borrowed fragments of a payload +struct Chunker<'a> { + payload: OutboundChunks<'a>, + limit: usize, +} + +impl<'a> Chunker<'a> { + fn new(payload: OutboundChunks<'a>, limit: usize) -> Self { + Self { payload, limit } + } +} + +impl<'a> Iterator for Chunker<'a> { + type Item = OutboundChunks<'a>; + + fn next(&mut self) -> Option { + if self.payload.is_empty() { + return None; + } + + let (before, after) = self.payload.split_at(self.limit); + self.payload = after; + Some(before) + } +} + +impl<'a> ExactSizeIterator for Chunker<'a> { + fn len(&self) -> usize { + (self.payload.len() + self.limit - 1) / self.limit + } +} + #[cfg(test)] mod tests { use super::{MessageFragmenter, PACKET_OVERHEAD}; use crate::enums::ContentType; use crate::enums::ProtocolVersion; use crate::msgs::base::Payload; - use crate::msgs::message::{BorrowedPlainMessage, OutboundMessage, PlainMessage}; + use crate::msgs::message::{ + BorrowedPlainMessage, OutboundChunks, OutboundMessage, PlainMessage, + }; fn msg_eq( m: &OutboundMessage, @@ -82,7 +114,7 @@ mod tests { ) { assert_eq!(&m.typ, typ); assert_eq!(&m.version, version); - assert_eq!(m.payload, bytes); + assert_eq!(m.payload.to_vec(), bytes); let buf = m.to_unencrypted_opaque().encode(); @@ -159,4 +191,35 @@ mod tests { b"\x01\x02\x03\x04\x05\x06\x07\x08", ); } + + #[test] + fn fragment_multiple_slices() { + let typ = ContentType::Handshake; + let version = ProtocolVersion::TLSv1_2; + let payload_owner: Vec<&[u8]> = vec![&[b'a'; 8], &[b'b'; 12], &[b'c'; 32], &[b'd'; 20]]; + let borrowed_payload = OutboundChunks::new(&payload_owner); + let mut frag = MessageFragmenter::default(); + frag.set_max_fragment_size(Some(37)) // 32 + packet overhead + .unwrap(); + + let fragments = frag + .fragment_payload(typ, version, borrowed_payload) + .collect::>(); + assert_eq!(fragments.len(), 3); + msg_eq( + &fragments[0], + 37, + &typ, + &version, + b"aaaaaaaabbbbbbbbbbbbcccccccccccc", + ); + msg_eq( + &fragments[1], + 37, + &typ, + &version, + b"ccccccccccccccccccccdddddddddddd", + ); + msg_eq(&fragments[2], 13, &typ, &version, b"dddddddd"); + } } diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index 9ab670ebd7..38d1234f4a 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -347,7 +347,7 @@ impl PlainMessage { OutboundMessage { version: self.version, typ: self.typ, - payload: self.payload.bytes(), + payload: self.payload.bytes().into(), } } } @@ -468,7 +468,7 @@ impl BorrowedPlainMessage for InboundMessage<'_> { pub struct OutboundMessage<'a> { pub typ: ContentType, pub version: ProtocolVersion, - pub payload: &'a [u8], + pub payload: OutboundChunks<'a>, } impl BorrowedPlainMessage for OutboundMessage<'_> { @@ -520,6 +520,126 @@ pub trait BorrowedPlainMessage: Sized { fn version(&self) -> ProtocolVersion; } +#[derive(Debug, Clone)] +/// A collection of borrowed plaintext slices. +/// Warning: OutboundChunks does not guarantee that the simplest variant is used. +/// Multiple can hold non fragmented or empty payloads. +pub enum OutboundChunks<'a> { + /// A single byte slice. Contrary to `Multiple`, this uses a single pointer indirection + Single(&'a [u8]), + /// A collection of chunks (byte slices) + /// and cursors to single out a fragmented range of bytes. + /// OutboundChunks assumes that start <= end + Multiple { + chunks: &'a [&'a [u8]], + start: usize, + end: usize, + }, +} + +impl<'a> OutboundChunks<'a> { + /// Create a payload from a slice of byte slices. + /// If fragmented the cursors are added by default: start = 0, end = length + pub fn new(chunks: &'a [&'a [u8]]) -> Self { + if chunks.len() == 1 { + Self::Single(chunks[0]) + } else { + Self::Multiple { + chunks, + start: 0, + end: chunks + .iter() + .map(|chunk| chunk.len()) + .sum(), + } + } + } + + /// Create a payload with a single empty slice + pub fn new_empty() -> Self { + Self::Single(&[]) + } + + /// Flatten the slice of byte slices to an owned vector of bytes + pub fn to_vec(&self) -> Vec { + let mut vec = Vec::with_capacity(self.len()); + self.copy_to_vec(&mut vec); + vec + } + + /// Append all bytes to a vector + pub fn copy_to_vec(&self, vec: &mut Vec) { + match *self { + Self::Single(chunk) => vec.extend_from_slice(chunk), + Self::Multiple { chunks, start, end } => { + let mut size = 0; + for chunk in chunks.iter() { + let psize = size; + let len = chunk.len(); + size += len; + if size <= start || psize >= end { + continue; + } + let start = if psize < start { start - psize } else { 0 }; + let end = if end - psize < len { end - psize } else { len }; + vec.extend_from_slice(&chunk[start..end]); + } + } + } + } + + /// Split self in two, around an index + /// Works similarly to `split_at` in the core library, except it doesn't panic if out of bound + pub fn split_at(&self, mid: usize) -> (Self, Self) { + match *self { + Self::Single(chunk) => { + let mid = Ord::min(mid, chunk.len()); + (Self::Single(&chunk[..mid]), Self::Single(&chunk[mid..])) + } + Self::Multiple { chunks, start, end } => { + let mid = Ord::min(start + mid, end); + ( + Self::Multiple { + chunks, + start, + end: mid, + }, + Self::Multiple { + chunks, + start: mid, + end, + }, + ) + } + } + } + + /// Returns true if the payload is empty + pub fn is_empty(&self) -> bool { + self.len() == 0 + } + + /// Returns the cumulative length of all chunks + pub fn len(&self) -> usize { + match self { + Self::Single(chunk) => chunk.len(), + Self::Multiple { start, end, .. } => end - start, + } + } +} + +impl<'a> From<&'a [u8]> for OutboundChunks<'a> { + fn from(payload: &'a [u8]) -> Self { + Self::Single(payload) + } +} + +impl<'a, const N: usize> From<&'a [u8; N]> for OutboundChunks<'a> { + fn from(payload: &'a [u8; N]) -> Self { + Self::Single(payload) + } +} + #[derive(Debug)] pub enum MessageError { TooShortForHeader, @@ -529,3 +649,118 @@ pub enum MessageError { InvalidContentType, UnknownProtocolVersion, } + +#[cfg(test)] +mod tests { + use std::{println, vec}; + + use super::*; + + #[test] + fn split_at_with_single_slice() { + let owner: &[u8] = &[0, 1, 2, 3, 4, 5, 6, 7]; + let borrowed_payload = OutboundChunks::Single(owner); + + let (before, after) = borrowed_payload.split_at(6); + println!("before:{:?}\nafter:{:?}", before, after); + assert_eq!(before.to_vec(), &[0, 1, 2, 3, 4, 5]); + assert_eq!(after.to_vec(), &[6, 7]); + } + + #[test] + fn split_at_with_multiple_slices() { + let owner: Vec<&[u8]> = vec![&[0, 1, 2, 3], &[4, 5], &[6, 7, 8], &[9, 10, 11, 12]]; + let borrowed_payload = OutboundChunks::new(&owner); + + let (before, after) = borrowed_payload.split_at(3); + println!("before:{:?}\nafter:{:?}", before, after); + assert_eq!(before.to_vec(), &[0, 1, 2]); + assert_eq!(after.to_vec(), &[3, 4, 5, 6, 7, 8, 9, 10, 11, 12]); + + let (before, after) = borrowed_payload.split_at(8); + println!("before:{:?}\nafter:{:?}", before, after); + assert_eq!(before.to_vec(), &[0, 1, 2, 3, 4, 5, 6, 7]); + assert_eq!(after.to_vec(), &[8, 9, 10, 11, 12]); + + let (before, after) = borrowed_payload.split_at(11); + println!("before:{:?}\nafter:{:?}", before, after); + assert_eq!(before.to_vec(), &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10]); + assert_eq!(after.to_vec(), &[11, 12]); + } + + #[test] + fn split_out_of_bounds() { + let owner: Vec<&[u8]> = vec![&[0, 1, 2, 3], &[4, 5], &[6, 7, 8], &[9, 10, 11, 12]]; + + let single_payload = OutboundChunks::Single(owner[0]); + let (before, after) = single_payload.split_at(17); + println!("before:{:?}\nafter:{:?}", before, after); + assert_eq!(before.to_vec(), &[0, 1, 2, 3]); + assert!(after.is_empty()); + + let multiple_payload = OutboundChunks::new(&owner); + let (before, after) = multiple_payload.split_at(17); + println!("before:{:?}\nafter:{:?}", before, after); + assert_eq!(before.to_vec(), &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]); + assert!(after.is_empty()); + + let empty_payload = OutboundChunks::new_empty(); + let (before, after) = empty_payload.split_at(17); + println!("before:{:?}\nafter:{:?}", before, after); + assert!(before.is_empty()); + assert!(after.is_empty()); + } + + #[test] + fn empty_slices_mixed() { + let owner: Vec<&[u8]> = vec![&[], &[], &[0], &[], &[1, 2], &[], &[3], &[4], &[], &[]]; + let mut borrowed_payload = OutboundChunks::new(&owner); + let mut fragment_count = 0; + let mut fragment; + let expected_fragments: &[&[u8]] = &[&[0, 1], &[2, 3], &[4]]; + + while !borrowed_payload.is_empty() { + (fragment, borrowed_payload) = borrowed_payload.split_at(2); + println!("{fragment:?}"); + assert_eq!(&expected_fragments[fragment_count], &fragment.to_vec()); + fragment_count += 1; + } + assert_eq!(fragment_count, expected_fragments.len()); + } + + #[test] + fn exhaustive_splitting() { + let owner: Vec = (0..127).collect(); + let slices = (0..7) + .map(|i| &owner[((1 << i) - 1)..((1 << (i + 1)) - 1)]) + .collect::>(); + let payload = OutboundChunks::new(&slices); + + assert_eq!(payload.to_vec(), owner); + println!("{:#?}", payload); + + for start in 0..128 { + for end in start..128 { + for mid in 0..(end - start) { + let witness = owner[start..end].split_at(mid); + let split_payload = payload + .split_at(end) + .0 + .split_at(start) + .1 + .split_at(mid); + assert_eq!( + witness.0, + split_payload.0.to_vec(), + "start: {start}, mid:{mid}, end:{end}" + ); + assert_eq!( + witness.1, + split_payload.1.to_vec(), + "start: {start}, mid:{mid}, end:{end}" + ); + } + } + } + } +} diff --git a/rustls/src/vecbuf.rs b/rustls/src/vecbuf.rs index c7b9908212..55ff6a54c1 100644 --- a/rustls/src/vecbuf.rs +++ b/rustls/src/vecbuf.rs @@ -4,6 +4,8 @@ use core::cmp; use std::io; use std::io::Read; +use crate::msgs::message::OutboundChunks; + /// This is a byte buffer that is built from a vector /// of byte vectors. This avoids extra copies when /// appending a new byte vector, at the expense of @@ -66,9 +68,9 @@ impl ChunkVecBuffer { /// Append a copy of `bytes`, perhaps a prefix if /// we're near the limit. - pub(crate) fn append_limited_copy(&mut self, bytes: &[u8]) -> usize { - let take = self.apply_limit(bytes.len()); - self.append(bytes[..take].to_vec()); + pub(crate) fn append_limited_copy(&mut self, payload: OutboundChunks<'_>) -> usize { + let take = self.apply_limit(payload.len()); + self.append(payload.split_at(take).0.to_vec()); take } @@ -155,10 +157,10 @@ mod tests { #[test] fn short_append_copy_with_limit() { let mut cvb = ChunkVecBuffer::new(Some(12)); - assert_eq!(cvb.append_limited_copy(b"hello"), 5); - assert_eq!(cvb.append_limited_copy(b"world"), 5); - assert_eq!(cvb.append_limited_copy(b"hello"), 2); - assert_eq!(cvb.append_limited_copy(b"world"), 0); + assert_eq!(cvb.append_limited_copy(b"hello".into()), 5); + assert_eq!(cvb.append_limited_copy(b"world".into()), 5); + assert_eq!(cvb.append_limited_copy(b"hello".into()), 2); + assert_eq!(cvb.append_limited_copy(b"world".into()), 0); let mut buf = [0u8; 12]; assert_eq!(cvb.read(&mut buf).unwrap(), 12); diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index f4e3d7c121..a994f90808 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -2294,6 +2294,35 @@ fn test_server_stream_read(stream_kind: StreamKind, read_kind: ReadKind) { } } +#[test] +fn test_client_write_and_vectored_write_equivalence() { + let (mut client, mut server) = make_pair(KeyType::Rsa); + do_handshake(&mut client, &mut server); + + const N: usize = 1000; + + let data_chunked: Vec = std::iter::repeat(IoSlice::new(b"A")) + .take(N) + .collect(); + let bytes_written_chunked = client + .writer() + .write_vectored(&data_chunked) + .unwrap(); + let bytes_sent_chunked = transfer(&mut client, &mut server); + println!("write_vectored returned {bytes_written_chunked} and sent {bytes_sent_chunked}"); + + let data_contiguous = &[b'A'; N]; + let bytes_written_contiguous = client + .writer() + .write(data_contiguous) + .unwrap(); + let bytes_sent_contiguous = transfer(&mut client, &mut server); + println!("write returned {bytes_written_contiguous} and sent {bytes_sent_contiguous}"); + + assert_eq!(bytes_written_chunked, bytes_written_contiguous); + assert_eq!(bytes_sent_chunked, bytes_sent_contiguous); +} + struct FailsWrites { errkind: io::ErrorKind, after: usize, From cf09842ca5666727d1823aca08672d32e31c625d Mon Sep 17 00:00:00 2001 From: Eloi DEMOLIS Date: Fri, 9 Feb 2024 16:02:43 +0100 Subject: [PATCH 0728/1145] Move is_valid_ccs as a method of InboundMessage Signed-off-by: Eloi DEMOLIS --- rustls/src/conn.rs | 11 +---------- rustls/src/msgs/message.rs | 11 +++++++++++ 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index c88456d8ec..97a47d87e1 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -344,15 +344,6 @@ impl ConnectionRandoms { } } -// --- Common (to client and server) connection functions --- - -fn is_valid_ccs(msg: &InboundMessage) -> bool { - // We passthrough ChangeCipherSpec messages in the deframer without decrypting them. - // Note: this is prior to the record layer, so is unencrypted. See - // third paragraph of section 5 in RFC8446. - msg.typ == ContentType::ChangeCipherSpec && msg.payload == [0x01] -} - /// Interface shared by client and server connections. pub struct ConnectionCommon { pub(crate) core: ConnectionCore, @@ -853,7 +844,7 @@ impl ConnectionCore { .may_receive_application_data && self.common_state.is_tls13() { - if !is_valid_ccs(&msg) + if !msg.is_valid_ccs() || self.common_state.received_middlebox_ccs > TLS13_MAX_DROPPED_CCS { // "An implementation which receives any other change_cipher_spec value or diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index 38d1234f4a..8e344bf1f5 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -437,6 +437,17 @@ pub struct InboundMessage<'a> { pub payload: &'a [u8], } +impl InboundMessage<'_> { + /// Returns true if the payload is a CCS message. + /// + /// We passthrough ChangeCipherSpec messages in the deframer without decrypting them. + /// Note: this is prior to the record layer, so is unencrypted. See + /// third paragraph of section 5 in RFC8446. + pub(crate) fn is_valid_ccs(&self) -> bool { + self.typ == ContentType::ChangeCipherSpec && self.payload == [0x01] + } +} + impl BorrowedPlainMessage for InboundMessage<'_> { fn payload_to_vec(&self) -> Vec { self.payload.to_vec() From fe0c345254ab50357fece1342e2bd443b5c15641 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 14 Feb 2024 10:15:05 +0000 Subject: [PATCH 0729/1145] Publish pre-release documentation via github-pages --- .github/workflows/docs.yml | 64 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 .github/workflows/docs.yml diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml new file mode 100644 index 0000000000..77465d54cd --- /dev/null +++ b/.github/workflows/docs.yml @@ -0,0 +1,64 @@ +name: documentation + +permissions: + contents: read + pages: write + id-token: write + +on: + push: + branches: + - main + schedule: + - cron: '0 18 * * *' + +jobs: + generate: + name: Generate pre-release documentation + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Install rust toolchain + uses: dtolnay/rust-toolchain@nightly + + - name: Generate version information + run: | + echo >tag.html \ + "" + + - name: cargo doc + run: cargo doc --locked --all-features --no-deps --package rustls + env: + RUSTDOCFLAGS: -Dwarnings --cfg=docsrs --html-after-content tag.html + + - name: Massage rustdoc output + run: | + # lockfile causes deployment step to go wrong, due to permissions + rm -f target/doc/.lock + # make resulting url be more sensible + mv target/doc/rustls target/doc/prerelease + + - name: Package and upload artifact + uses: actions/upload-pages-artifact@v3 + with: + path: ./target/doc/ + + deploy: + name: Deploy + runs-on: ubuntu-latest + needs: generate + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }}prerelease/ + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v4 + From a76614b719ac432ad9ed14e99ad5ed45b20b0aa4 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 14 Feb 2024 12:03:19 +0000 Subject: [PATCH 0730/1145] Fix stray list in "Examples" section --- rustls/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 36d5816d0c..0c0ab44866 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -297,7 +297,7 @@ //! You can find several client and server examples of varying complexity in the [examples] //! directory, including [`tlsserver-mio`](https://github.com/rustls/rustls/blob/main/examples/src/bin/tlsserver-mio.rs) //! and [`tlsclient-mio`](https://github.com/rustls/rustls/blob/main/examples/src/bin/tlsclient-mio.rs) -//! - full worked examples using [`mio`]. +//! \- full worked examples using [`mio`]. //! //! [`mio`]: https://docs.rs/mio/latest/mio/ //! From e2c5276cacd3e468d7d880e0812196caa6eee50c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 14 Feb 2024 12:34:35 +0000 Subject: [PATCH 0731/1145] Update manual::features and refer to it --- README.md | 48 ++--------------------------------- admin/pull-readme | 2 +- rustls/src/lib.rs | 48 ++--------------------------------- rustls/src/manual/features.rs | 27 +++++++++----------- 4 files changed, 17 insertions(+), 108 deletions(-) diff --git a/README.md b/README.md index 84e989c991..48ab75e4a6 100644 --- a/README.md +++ b/README.md @@ -37,52 +37,8 @@ Rustls is a TLS library that aims to provide a good level of cryptographic secur requires no configuration to achieve that security, and provides no unsafe features or obsolete cryptography by default. -## Current functionality (with default crate features) - -* TLS1.2 and TLS1.3. -* ECDSA, Ed25519 or RSA server authentication by clients. -* ECDSA, Ed25519 or RSA server authentication by servers. -* Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves. -* AES128-GCM and AES256-GCM bulk encryption, with safe nonces. -* ChaCha20-Poly1305 bulk encryption ([RFC7905](https://tools.ietf.org/html/rfc7905)). -* ALPN support. -* SNI support. -* Tunable fragment size to make TLS messages match size of underlying transport. -* Optional use of vectored IO to minimise system calls. -* TLS1.2 session resumption. -* TLS1.2 resumption via tickets ([RFC5077](https://tools.ietf.org/html/rfc5077)). -* TLS1.3 resumption via tickets or session storage. -* TLS1.3 0-RTT data for clients. -* TLS1.3 0-RTT data for servers. -* Server and optional client authentication. -* Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)). -* Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)). -* OCSP stapling by servers. - -## Non-features - -For reasons [explained in the manual](https://docs.rs/rustls/latest/rustls/manual/_02_tls_vulnerabilities/index.html), -rustls does not and will not support: - -* SSL1, SSL2, SSL3, TLS1 or TLS1.1. -* RC4. -* DES or triple DES. -* EXPORT ciphersuites. -* MAC-then-encrypt ciphersuites. -* Ciphersuites without forward secrecy. -* Renegotiation. -* Kerberos. -* TLS 1.2 protocol compression. -* Discrete-log Diffie-Hellman. -* Automatic protocol version downgrade. -* Using CA certificates directly to authenticate a server/client (often called "self-signed -certificates"). _Rustls' default certificate verifier does not support using a trust anchor as -both a CA certificate and an end-entity certificate in order to limit complexity and risk in -path building. While dangerous, all authentication can be turned off if required -- -see the [example code](https://github.com/rustls/rustls/blob/992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de/examples/src/bin/tlsclient-mio.rs#L318)_. - -There are plenty of other libraries that provide these features should you -need them. +Rustls implements TLS1.2 and TLS1.3 for both clients and servers. See [the full +list of protocol features](https://docs.rs/rustls/latest/rustls/manual/_04_features/index.html). ### Platform support diff --git a/admin/pull-readme b/admin/pull-readme index 2b60a09c28..f358993f2e 100755 --- a/admin/pull-readme +++ b/admin/pull-readme @@ -6,7 +6,7 @@ set -e awk 'BEGIN { take=1 }/# Approach/{take=0;print}take' < README.md > README.md.new grep '^//!' rustls/src/lib.rs | \ sed -e 's@^\/\/\! *@@g' | \ - sed -e 's@manual](manual)@manual](https://docs.rs/rustls/latest/rustls/manual/_02_tls_vulnerabilities/index.html)@' | \ + sed -e 's@](manual::_04_features)@](https://docs.rs/rustls/latest/rustls/manual/_04_features/index.html)@' | \ awk '/# Rustls - a modern TLS library/{take=1;next}/## Design overview/{take=0}take' >> README.md.new awk '/# Example code/{take=1}take' < README.md >> README.md.new mv README.md.new README.md diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 0c0ab44866..2e5776a97a 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -4,52 +4,8 @@ //! requires no configuration to achieve that security, and provides no unsafe features or //! obsolete cryptography by default. //! -//! ## Current functionality (with default crate features) -//! -//! * TLS1.2 and TLS1.3. -//! * ECDSA, Ed25519 or RSA server authentication by clients. -//! * ECDSA, Ed25519 or RSA server authentication by servers. -//! * Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves. -//! * AES128-GCM and AES256-GCM bulk encryption, with safe nonces. -//! * ChaCha20-Poly1305 bulk encryption ([RFC7905](https://tools.ietf.org/html/rfc7905)). -//! * ALPN support. -//! * SNI support. -//! * Tunable fragment size to make TLS messages match size of underlying transport. -//! * Optional use of vectored IO to minimise system calls. -//! * TLS1.2 session resumption. -//! * TLS1.2 resumption via tickets ([RFC5077](https://tools.ietf.org/html/rfc5077)). -//! * TLS1.3 resumption via tickets or session storage. -//! * TLS1.3 0-RTT data for clients. -//! * TLS1.3 0-RTT data for servers. -//! * Server and optional client authentication. -//! * Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)). -//! * Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)). -//! * OCSP stapling by servers. -//! -//! ## Non-features -//! -//! For reasons [explained in the manual](manual), -//! rustls does not and will not support: -//! -//! * SSL1, SSL2, SSL3, TLS1 or TLS1.1. -//! * RC4. -//! * DES or triple DES. -//! * EXPORT ciphersuites. -//! * MAC-then-encrypt ciphersuites. -//! * Ciphersuites without forward secrecy. -//! * Renegotiation. -//! * Kerberos. -//! * TLS 1.2 protocol compression. -//! * Discrete-log Diffie-Hellman. -//! * Automatic protocol version downgrade. -//! * Using CA certificates directly to authenticate a server/client (often called "self-signed -//! certificates"). _Rustls' default certificate verifier does not support using a trust anchor as -//! both a CA certificate and an end-entity certificate in order to limit complexity and risk in -//! path building. While dangerous, all authentication can be turned off if required -- -//! see the [example code](https://github.com/rustls/rustls/blob/992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de/examples/src/bin/tlsclient-mio.rs#L318)_. -//! -//! There are plenty of other libraries that provide these features should you -//! need them. +//! Rustls implements TLS1.2 and TLS1.3 for both clients and servers. See [the full +//! list of protocol features](manual::_04_features). //! //! ### Platform support //! diff --git a/rustls/src/manual/features.rs b/rustls/src/manual/features.rs index 639a23184c..e0e73eee62 100644 --- a/rustls/src/manual/features.rs +++ b/rustls/src/manual/features.rs @@ -10,25 +10,17 @@ * ChaCha20-Poly1305 bulk encryption ([RFC7905](https://tools.ietf.org/html/rfc7905)). * ALPN support. * SNI support. -* Tunable MTU to make TLS messages match size of underlying transport. +* Tunable fragment size to make TLS messages match size of underlying transport. * Optional use of vectored IO to minimise system calls. * TLS1.2 session resumption. -* TLS1.2 resumption via tickets (RFC5077). +* TLS1.2 resumption via tickets ([RFC5077](https://tools.ietf.org/html/rfc5077)). * TLS1.3 resumption via tickets or session storage. * TLS1.3 0-RTT data for clients. -* Client authentication by clients. -* Client authentication by servers. -* Extended master secret support (RFC7627). -* Exporters (RFC5705). +* TLS1.3 0-RTT data for servers. +* Server and optional client authentication. +* Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)). +* Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)). * OCSP stapling by servers. -* SCT stapling by servers. -* SCT verification by clients. - -## Possible future features - -* PSK support. -* OCSP verification by clients. -* Certificate pinning. ## Non-features @@ -43,8 +35,13 @@ and will not support: * Ciphersuites without forward secrecy. * Renegotiation. * Kerberos. -* Compression. +* TLS 1.2 protocol compression. * Discrete-log Diffie-Hellman. * Automatic protocol version downgrade. +* Using CA certificates directly to authenticate a server/client (often called "self-signed + certificates"). _Rustls' default certificate verifier does not support using a trust anchor as + both a CA certificate and an end-entity certificate in order to limit complexity and risk in + path building. While dangerous, all authentication can be turned off if required -- + see the [example code](https://github.com/rustls/rustls/blob/992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de/examples/src/bin/tlsclient-mio.rs#L318)_. */ From 581b14d605aeb3640b2ae6f8143cbe47d823da30 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 19 Feb 2024 10:02:01 +0000 Subject: [PATCH 0732/1145] features.rs: de-duplicate 0rtt item --- rustls/src/manual/features.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/rustls/src/manual/features.rs b/rustls/src/manual/features.rs index e0e73eee62..c6a3112cca 100644 --- a/rustls/src/manual/features.rs +++ b/rustls/src/manual/features.rs @@ -15,8 +15,7 @@ * TLS1.2 session resumption. * TLS1.2 resumption via tickets ([RFC5077](https://tools.ietf.org/html/rfc5077)). * TLS1.3 resumption via tickets or session storage. -* TLS1.3 0-RTT data for clients. -* TLS1.3 0-RTT data for servers. +* TLS1.3 0-RTT data. * Server and optional client authentication. * Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)). * Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)). From e2f1e604c4edc96f95855c0ec40b08c4b2a46d16 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 19 Feb 2024 10:02:50 +0000 Subject: [PATCH 0733/1145] features.rs: remove punctuation from list --- rustls/src/manual/features.rs | 60 +++++++++++++++++------------------ 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/rustls/src/manual/features.rs b/rustls/src/manual/features.rs index c6a3112cca..5fca37fafd 100644 --- a/rustls/src/manual/features.rs +++ b/rustls/src/manual/features.rs @@ -2,45 +2,45 @@ ## Current features -* TLS1.2 and TLS1.3. -* ECDSA, Ed25519 or RSA server authentication by clients. -* ECDSA, Ed25519 or RSA server authentication by servers. -* Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves. -* AES128-GCM and AES256-GCM bulk encryption, with safe nonces. -* ChaCha20-Poly1305 bulk encryption ([RFC7905](https://tools.ietf.org/html/rfc7905)). -* ALPN support. -* SNI support. -* Tunable fragment size to make TLS messages match size of underlying transport. -* Optional use of vectored IO to minimise system calls. -* TLS1.2 session resumption. -* TLS1.2 resumption via tickets ([RFC5077](https://tools.ietf.org/html/rfc5077)). -* TLS1.3 resumption via tickets or session storage. -* TLS1.3 0-RTT data. -* Server and optional client authentication. -* Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)). -* Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)). -* OCSP stapling by servers. +* TLS1.2 and TLS1.3 +* ECDSA, Ed25519 or RSA server authentication by clients +* ECDSA, Ed25519 or RSA server authentication by servers +* Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves +* AES128-GCM and AES256-GCM bulk encryption, with safe nonces +* ChaCha20-Poly1305 bulk encryption ([RFC7905](https://tools.ietf.org/html/rfc7905)) +* ALPN support +* SNI support +* Tunable fragment size to make TLS messages match size of underlying transport +* Optional use of vectored IO to minimise system calls +* TLS1.2 session resumption +* TLS1.2 resumption via tickets ([RFC5077](https://tools.ietf.org/html/rfc5077)) +* TLS1.3 resumption via tickets or session storage +* TLS1.3 0-RTT data +* Server and optional client authentication +* Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)) +* Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)) +* OCSP stapling by servers ## Non-features For reasons explained in the other sections of this manual, rustls does not and will not support: -* SSL1, SSL2, SSL3, TLS1 or TLS1.1. -* RC4. -* DES or triple DES. -* EXPORT ciphersuites. -* MAC-then-encrypt ciphersuites. -* Ciphersuites without forward secrecy. -* Renegotiation. -* Kerberos. -* TLS 1.2 protocol compression. -* Discrete-log Diffie-Hellman. -* Automatic protocol version downgrade. +* SSL1, SSL2, SSL3, TLS1 or TLS1.1 +* RC4 +* DES or triple DES +* EXPORT ciphersuites +* MAC-then-encrypt ciphersuites +* Ciphersuites without forward secrecy +* Renegotiation +* Kerberos +* TLS 1.2 protocol compression +* Discrete-log Diffie-Hellman +* Automatic protocol version downgrade * Using CA certificates directly to authenticate a server/client (often called "self-signed certificates"). _Rustls' default certificate verifier does not support using a trust anchor as both a CA certificate and an end-entity certificate in order to limit complexity and risk in path building. While dangerous, all authentication can be turned off if required -- - see the [example code](https://github.com/rustls/rustls/blob/992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de/examples/src/bin/tlsclient-mio.rs#L318)_. + see the [example code](https://github.com/rustls/rustls/blob/992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de/examples/src/bin/tlsclient-mio.rs#L318)_ */ From 33d4f01e166420f069eea1e945716caf4596d9b6 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 14 Feb 2024 12:41:29 +0000 Subject: [PATCH 0734/1145] features.rs: label which are extensible --- rustls/src/manual/features.rs | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/rustls/src/manual/features.rs b/rustls/src/manual/features.rs index 5fca37fafd..2032bd7186 100644 --- a/rustls/src/manual/features.rs +++ b/rustls/src/manual/features.rs @@ -1,13 +1,19 @@ /*! +The below list reflects the support provided with the default crate features. +Items marked with an asterisk `*` can be extended or altered via public +APIs ([`CryptoProvider`] for example). + +[`CryptoProvider`]: crate::crypto::CryptoProvider + ## Current features * TLS1.2 and TLS1.3 -* ECDSA, Ed25519 or RSA server authentication by clients -* ECDSA, Ed25519 or RSA server authentication by servers -* Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves -* AES128-GCM and AES256-GCM bulk encryption, with safe nonces -* ChaCha20-Poly1305 bulk encryption ([RFC7905](https://tools.ietf.org/html/rfc7905)) +* ECDSA, Ed25519 or RSA server authentication by clients `*` +* ECDSA, Ed25519 or RSA server authentication by servers `*` +* Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves `*` +* AES128-GCM and AES256-GCM bulk encryption, with safe nonces `*` +* ChaCha20-Poly1305 bulk encryption ([RFC7905](https://tools.ietf.org/html/rfc7905)) `*` * ALPN support * SNI support * Tunable fragment size to make TLS messages match size of underlying transport @@ -35,12 +41,12 @@ and will not support: * Renegotiation * Kerberos * TLS 1.2 protocol compression -* Discrete-log Diffie-Hellman +* Discrete-log Diffie-Hellman `*` * Automatic protocol version downgrade * Using CA certificates directly to authenticate a server/client (often called "self-signed certificates"). _Rustls' default certificate verifier does not support using a trust anchor as both a CA certificate and an end-entity certificate in order to limit complexity and risk in path building. While dangerous, all authentication can be turned off if required -- - see the [example code](https://github.com/rustls/rustls/blob/992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de/examples/src/bin/tlsclient-mio.rs#L318)_ + see the [example code](https://github.com/rustls/rustls/blob/992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de/examples/src/bin/tlsclient-mio.rs#L318)_ `*` */ From 3f0e0fc66f0f149b728ed5301e1a9f5dd0d27443 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 14 Feb 2024 12:51:10 +0000 Subject: [PATCH 0735/1145] Fix broken link to `CryptoProvider` --- README.md | 2 +- admin/pull-readme | 1 + rustls/src/lib.rs | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 48ab75e4a6..087ce167fa 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ dependency on aws-lc-rs. Rustls requires Rust 1.61 or later. [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 -[`crypto::CryptoProvider`]: https://docs.rs/rustls/latest/rustls/crypto/trait.CryptoProvider.html +[`crypto::CryptoProvider`]: https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html [`ring`]: https://crates.io/crates/ring [aws-lc-rs-platforms-faq]: https://aws.github.io/aws-lc-rs/faq.html#can-i-run-aws-lc-rs-on-x-platform-or-architecture [`aws-lc-rs`]: https://crates.io/crates/aws-lc-rs diff --git a/admin/pull-readme b/admin/pull-readme index f358993f2e..1da8f2bafc 100755 --- a/admin/pull-readme +++ b/admin/pull-readme @@ -7,6 +7,7 @@ awk 'BEGIN { take=1 }/# Approach/{take=0;print}take' < README.md > README.md.new grep '^//!' rustls/src/lib.rs | \ sed -e 's@^\/\/\! *@@g' | \ sed -e 's@](manual::_04_features)@](https://docs.rs/rustls/latest/rustls/manual/_04_features/index.html)@' | \ + sed -e 's@\[`crypto::CryptoProvider`\]: crate::crypto::CryptoProvider@[`crypto::CryptoProvider`]: https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html@' | \ awk '/# Rustls - a modern TLS library/{take=1;next}/## Design overview/{take=0}take' >> README.md.new awk '/# Example code/{take=1}take' < README.md >> README.md.new mv README.md.new README.md diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 2e5776a97a..d7347d170d 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -27,7 +27,7 @@ //! Rustls requires Rust 1.61 or later. //! //! [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 -//! [`crypto::CryptoProvider`]: https://docs.rs/rustls/latest/rustls/crypto/trait.CryptoProvider.html +//! [`crypto::CryptoProvider`]: crate::crypto::CryptoProvider //! [`ring`]: https://crates.io/crates/ring //! [aws-lc-rs-platforms-faq]: https://aws.github.io/aws-lc-rs/faq.html#can-i-run-aws-lc-rs-on-x-platform-or-architecture //! [`aws-lc-rs`]: https://crates.io/crates/aws-lc-rs From 96dc28de32d56e146e5b3f5c7f5250961c369b51 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 14 Feb 2024 14:44:29 +0000 Subject: [PATCH 0736/1145] Add manual section for FIPS --- rustls/src/crypto/mod.rs | 3 +++ rustls/src/lib.rs | 2 ++ rustls/src/manual/fips.rs | 56 +++++++++++++++++++++++++++++++++++++++ rustls/src/manual/mod.rs | 4 +++ 4 files changed, 65 insertions(+) create mode 100644 rustls/src/manual/fips.rs diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 3d18d78599..52d4de6049 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -504,6 +504,9 @@ impl From<&[u8]> for SharedSecret { /// FIPS-approved cryptography, and will not compile if you make /// a mistake with cargo features. /// +/// See our [FIPS documentation](crate::manual::_06_fips) for +/// more detail. +/// /// Install this as the process-default provider, like: /// /// ```rust diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index d7347d170d..0de26783ce 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -279,6 +279,8 @@ //! on [aws-lc-rs](https://github.com/aws/aws-lc-rs). It also changes the default //! for [`ServerConfig::require_ems`] and [`ClientConfig::require_ems`]. //! +//! See [manual::_06_fips] for more details. +//! //! - `tls12` (enabled by default): enable support for TLS version 1.2. Note that, due to the //! additive nature of Cargo features and because it is enabled by default, other crates //! in your dependency graph could re-enable it for your application. If you want to disable diff --git a/rustls/src/manual/fips.rs b/rustls/src/manual/fips.rs new file mode 100644 index 0000000000..52f6c4b03c --- /dev/null +++ b/rustls/src/manual/fips.rs @@ -0,0 +1,56 @@ +/*! # Using rustls with FIPS-approved cryptography + +To use FIPS-approved cryptography with rustls, you should take +these actions: + +## 1. Enable the `fips` crate feature for rustls. + +Use: + +```toml +rustls = { version = "0.23", features = [ "fips" ] } +``` + +## 2. Use the FIPS `CryptoProvider` + +This is [`default_fips_provider()`]: + +```rust,ignore +rustls::crypto::default_fips_provider() + .install_default() + .expect("default provider already set elsewhere"); +``` + +This snippet makes use of the process-default provider, +and that assumes all your uses of rustls use that. +See [`CryptoProvider`] documentation for other ways to +specify which `CryptoProvider` to use. + +## 3. Validate the FIPS status of your `ClientConfig`/`ServerConfig` at run-time + +See [`ClientConfig::fips()`] or [`ServerConfig::fips()`]. + +You could, for example: + +```rust,ignore +# let client_config = unreachable!(); +assert!(client_config.fips()); +``` + +But maybe your application has an error handling +or health-check strategy better than panicking. + +# aws-lc-rs FIPS approval status + +At the time of writing, this is pending approval on Linux +for two architectures (ARM aarch64 and Intel x86-64). + +For the most up-to-date details see the latest documentation +for the [`aws-lc-fips-sys`] crate. + +[`aws-lc-fips-sys`]: https://crates.io/crates/aws-lc-fips-sys +[`default_fips_provider()`]: crate::crypto::default_fips_provider +[`CryptoProvider`]: crate::crypto::CryptoProvider +[`ClientConfig::fips()`]: crate::client::ClientConfig::fips +[`ServerConfig::fips()`]: crate::server::ServerConfig::fips +*/ diff --git a/rustls/src/manual/mod.rs b/rustls/src/manual/mod.rs index 778d24b280..0e4fddce1c 100644 --- a/rustls/src/manual/mod.rs +++ b/rustls/src/manual/mod.rs @@ -28,3 +28,7 @@ pub mod _04_features; /// This section provides rationale for the defaults in rustls. #[path = "defaults.rs"] pub mod _05_defaults; + +/// This section provides guidance on using rustls with FIPS-approved cryptography. +#[path = "fips.rs"] +pub mod _06_fips; From 3a52829b17c841a9eaba9975c12b181baf8307c7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 14 Feb 2024 17:00:04 +0000 Subject: [PATCH 0737/1145] ClientCertVerifierBuilder docs nits --- rustls/src/webpki/client_verifier.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 448f55a674..bb43a53e9e 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -173,7 +173,8 @@ impl ClientCertVerifierBuilder { } /// A client certificate verifier that uses the `webpki` crate[^1] to perform client certificate -/// validation. It must be created via the [WebPkiClientVerifier::builder()] function. +/// validation. It must be created via the [`WebPkiClientVerifier::builder()`] or +/// [`WebPkiClientVerifier::builder_with_provider()`] functions. /// /// Once built, the provided `Arc` can be used with a Rustls [`ServerConfig`] /// to configure client certificate validation using [`with_client_cert_verifier`][ConfigBuilder::with_client_cert_verifier]. @@ -247,7 +248,7 @@ impl WebPkiClientVerifier { /// /// Client certificate authentication will be offered by the server, and client certificates /// will be verified using the trust anchors found in the provided `roots`. If you - /// wish to disable client authentication use [WebPkiClientVerifier::no_client_auth()] instead. + /// wish to disable client authentication use [`WebPkiClientVerifier::no_client_auth()`] instead. /// /// The cryptography used comes from the process-default [`CryptoProvider`]: [`CryptoProvider::get_default`]. /// Use [`Self::builder_with_provider`] if you wish to customize this. From f6cd567fc2798c88f9eefc7b8747a89f4f621a27 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 14 Feb 2024 17:00:53 +0000 Subject: [PATCH 0738/1145] Improve linking to per-process default provider docs --- rustls/src/client/client_conn.rs | 12 ++++++------ rustls/src/server/server_conn.rs | 12 ++++++------ rustls/src/webpki/client_verifier.rs | 5 ++--- rustls/src/webpki/server_verifier.rs | 5 ++--- 4 files changed, 16 insertions(+), 18 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index fdc8b555ea..f46f42ec4c 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -218,18 +218,18 @@ pub struct ClientConfig { } impl ClientConfig { - /// Create a builder for a client configuration with the process-default - /// [`CryptoProvider`]: [`CryptoProvider::get_default`] and safe - /// protocol version defaults. + /// Create a builder for a client configuration with + /// [the process-default `CryptoProvider`][CryptoProvider#using-the-per-process-default-cryptoprovider] + /// and safe protocol version defaults. /// /// For more information, see the [`ConfigBuilder`] documentation. pub fn builder() -> ConfigBuilder { Self::builder_with_protocol_versions(versions::DEFAULT_VERSIONS) } - /// Create a builder for a client configuration with the process-default - /// [`CryptoProvider`]: [`CryptoProvider::get_default`] and - /// the provided protocol versions. + /// Create a builder for a client configuration with + /// [the process-default `CryptoProvider`][CryptoProvider#using-the-per-process-default-cryptoprovider] + /// and the provided protocol versions. /// /// Panics if /// - the supported versions are not compatible with the provider (eg. diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index fe1569ca87..79f7d2b22b 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -354,18 +354,18 @@ impl Clone for ServerConfig { } impl ServerConfig { - /// Create a builder for a server configuration with the process-default - /// [`CryptoProvider`]: [`CryptoProvider::get_default`] and safe - /// protocol version defaults. + /// Create a builder for a server configuration with + /// [the process-default `CryptoProvider`][CryptoProvider#using-the-per-process-default-cryptoprovider] + /// and safe protocol version defaults. /// /// For more information, see the [`ConfigBuilder`] documentation. pub fn builder() -> ConfigBuilder { Self::builder_with_protocol_versions(versions::DEFAULT_VERSIONS) } - /// Create a builder for a server configuration with the process-default - /// [`CryptoProvider`]: [`CryptoProvider::get_default`] and - /// the provided protocol versions. + /// Create a builder for a server configuration with + /// [the process-default `CryptoProvider`][CryptoProvider#using-the-per-process-default-cryptoprovider] + /// and the provided protocol versions. /// /// Panics if /// - the supported versions are not compatible with the provider (eg. diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index bb43a53e9e..c1562276de 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -244,14 +244,13 @@ pub struct WebPkiClientVerifier { impl WebPkiClientVerifier { /// Create a builder for the `webpki` client certificate verifier configuration using - /// the default [`CryptoProvider`]. + /// the [process-default `CryptoProvider`][CryptoProvider#using-the-per-process-default-cryptoprovider]. /// /// Client certificate authentication will be offered by the server, and client certificates /// will be verified using the trust anchors found in the provided `roots`. If you /// wish to disable client authentication use [`WebPkiClientVerifier::no_client_auth()`] instead. /// - /// The cryptography used comes from the process-default [`CryptoProvider`]: [`CryptoProvider::get_default`]. - /// Use [`Self::builder_with_provider`] if you wish to customize this. + /// Use [`Self::builder_with_provider`] if you wish to specify an explicit provider. /// /// For more information, see the [`ClientCertVerifierBuilder`] documentation. pub fn builder(roots: Arc) -> ClientCertVerifierBuilder { diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 9ecb9cd4bf..47840294b6 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -128,12 +128,11 @@ pub struct WebPkiServerVerifier { #[allow(unreachable_pub)] impl WebPkiServerVerifier { /// Create a builder for the `webpki` server certificate verifier configuration using - /// the default [`CryptoProvider`]. + /// the [process-default `CryptoProvider`][CryptoProvider#using-the-per-process-default-cryptoprovider]. /// /// Server certificates will be verified using the trust anchors found in the provided `roots`. /// - /// The cryptography used comes from the process-default [`CryptoProvider`]: [`CryptoProvider::get_default`]. - /// Use [`Self::builder_with_provider`] if you wish to customize this. + /// Use [`Self::builder_with_provider`] if you wish to specify an explicit provider. /// /// For more information, see the [`ServerCertVerifierBuilder`] documentation. pub fn builder(roots: Arc) -> ServerCertVerifierBuilder { From 40a56fcca6b7f2d3b78b07089d893434a5e6139e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 19 Feb 2024 12:33:52 +0000 Subject: [PATCH 0739/1145] Simplify tests that inject alerts --- rustls/tests/api.rs | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index a994f90808..95f1d36db9 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -28,7 +28,7 @@ use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; use rustls::internal::msgs::message::{ - BorrowedPlainMessage, Message, MessagePayload, PlainMessage, + Message, MessagePayload, }; use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert}; use rustls::SupportedCipherSuite; @@ -747,13 +747,7 @@ fn test_tls13_valid_early_plaintext_alert() { // * The negotiated protocol version is TLS 1.3. server .read_tls(&mut io::Cursor::new( - PlainMessage::from(Message::build_alert( - AlertLevel::Fatal, - AlertDescription::UnknownCA, - )) - .borrow_inbound() - .to_unencrypted_opaque() - .encode(), + &build_alert(AlertLevel::Fatal, AlertDescription::UnknownCA, &[]) )) .unwrap(); @@ -775,13 +769,8 @@ fn test_tls13_too_short_early_plaintext_alert() { // Inject a plaintext alert from the client. The server should attempt to decrypt this message // because the payload length is too large to be considered an early plaintext alert. - let mut payload = vec![ContentType::Alert.get_u8()]; - ProtocolVersion::TLSv1_2.encode(&mut payload); - payload.extend(&[0x00, 0x03]); // Length of 3. - payload.extend(&[AlertLevel::Fatal.get_u8(), 0xDE, 0xAD]); // Three byte fatal alert. - server - .read_tls(&mut io::Cursor::new(payload)) + .read_tls(&mut io::Cursor::new(&build_alert(AlertLevel::Fatal, AlertDescription::UnknownCA, &[0xff]))) .unwrap(); // The server should produce a decrypt error trying to decrypt the plaintext alert. @@ -798,21 +787,23 @@ fn test_tls13_late_plaintext_alert() { // Inject a plaintext alert from the client. The server should attempt to decrypt this message. server - .read_tls(&mut io::Cursor::new( - PlainMessage::from(Message::build_alert( - AlertLevel::Fatal, - AlertDescription::UnknownCA, - )) - .borrow_inbound() - .to_unencrypted_opaque() - .encode(), - )) + .read_tls(&mut io::Cursor::new(&build_alert(AlertLevel::Fatal, AlertDescription::UnknownCA, &[]))) .unwrap(); // The server should produce a decrypt error, trying to decrypt a plaintext alert. assert_eq!(server.process_new_packets(), Err(Error::DecryptError)); } +fn build_alert(level: AlertLevel, desc: AlertDescription, suffix: &[u8]) -> Vec { + let mut v = vec![ ContentType::Alert.get_u8() ]; + ProtocolVersion::TLSv1_2.encode(&mut v); + ((2 + suffix.len()) as u16).encode(&mut v); + level.encode(&mut v); + desc.encode(&mut v); + v.extend_from_slice(suffix); + v +} + #[derive(Default, Debug)] struct ServerCheckCertResolve { expected_sni: Option, From cf619616d29e1a56512e6217e929319265501caa Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 19 Feb 2024 12:45:08 +0000 Subject: [PATCH 0740/1145] Remove unused `trait BorrowedPlainMessage` There are no uses of this trait inside the crate, so remove it and transfer the used parts into the `OutboundMessage` inherent impl. --- rustls/src/common_state.rs | 3 +- rustls/src/lib.rs | 4 +- rustls/src/msgs/deframer.rs | 2 +- rustls/src/msgs/fragmenter.rs | 4 +- rustls/src/msgs/message.rs | 72 +++++++---------------------------- 5 files changed, 18 insertions(+), 67 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 69f7fae08c..b7d1a7d199 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -8,8 +8,7 @@ use crate::msgs::enums::{AlertLevel, KeyUpdateRequest}; use crate::msgs::fragmenter::MessageFragmenter; use crate::msgs::handshake::CertificateChain; use crate::msgs::message::{ - BorrowedPlainMessage, Message, MessagePayload, OpaqueMessage, OutboundChunks, OutboundMessage, - PlainMessage, + Message, MessagePayload, OpaqueMessage, OutboundChunks, OutboundMessage, PlainMessage, }; use crate::quic; use crate::record_layer; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 0de26783ce..168610baff 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -440,9 +440,7 @@ pub mod internal { }; } pub mod message { - pub use crate::msgs::message::{ - BorrowedPlainMessage, Message, MessagePayload, OpaqueMessage, PlainMessage, - }; + pub use crate::msgs::message::{Message, MessagePayload, OpaqueMessage, PlainMessage}; } pub mod persist { pub use crate::msgs::persist::ServerSessionValue; diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 7a422b80e1..070a3996bd 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -698,7 +698,7 @@ mod tests { use std::io; use crate::crypto::cipher::PlainMessage; - use crate::msgs::message::{BorrowedPlainMessage, Message}; + use crate::msgs::message::Message; use super::*; diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index d9314134e4..6ce79aabdf 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -101,9 +101,7 @@ mod tests { use crate::enums::ContentType; use crate::enums::ProtocolVersion; use crate::msgs::base::Payload; - use crate::msgs::message::{ - BorrowedPlainMessage, OutboundChunks, OutboundMessage, PlainMessage, - }; + use crate::msgs::message::{OutboundChunks, OutboundMessage, PlainMessage}; fn msg_eq( m: &OutboundMessage, diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index 8e344bf1f5..dceb5d622e 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -446,23 +446,14 @@ impl InboundMessage<'_> { pub(crate) fn is_valid_ccs(&self) -> bool { self.typ == ContentType::ChangeCipherSpec && self.payload == [0x01] } -} - -impl BorrowedPlainMessage for InboundMessage<'_> { - fn payload_to_vec(&self) -> Vec { - self.payload.to_vec() - } - - fn payload_len(&self) -> usize { - self.payload.len() - } - - fn typ(&self) -> ContentType { - self.typ - } - fn version(&self) -> ProtocolVersion { - self.version + #[cfg(test)] + pub(crate) fn into_owned(self) -> PlainMessage { + PlainMessage { + version: self.version, + typ: self.typ, + payload: Payload::Owned(self.payload.to_vec()), + } } } @@ -482,53 +473,18 @@ pub struct OutboundMessage<'a> { pub payload: OutboundChunks<'a>, } -impl BorrowedPlainMessage for OutboundMessage<'_> { - fn payload_to_vec(&self) -> Vec { - self.payload.to_vec() - } - - fn payload_len(&self) -> usize { - self.payload.len() - } - - fn typ(&self) -> ContentType { - self.typ +impl OutboundMessage<'_> { + pub(crate) fn encoded_len(&self, record_layer: &RecordLayer) -> usize { + OpaqueMessage::HEADER_SIZE as usize + record_layer.encrypted_len(self.payload.len()) } - fn version(&self) -> ProtocolVersion { - self.version - } -} - -/// Abstract both inbound and outbound variants of a plaintext message -pub trait BorrowedPlainMessage: Sized { - fn into_owned(self) -> PlainMessage { - PlainMessage { - version: self.version(), - typ: self.typ(), - payload: Payload::Owned(self.payload_to_vec()), - } - } - - fn to_unencrypted_opaque(&self) -> OpaqueMessage { + pub(crate) fn to_unencrypted_opaque(&self) -> OpaqueMessage { OpaqueMessage { - version: self.version(), - typ: self.typ(), - payload: Payload::Owned(self.payload_to_vec()), + version: self.version, + typ: self.typ, + payload: Payload::Owned(self.payload.to_vec()), } } - - fn encoded_len(&self, record_layer: &RecordLayer) -> usize { - OpaqueMessage::HEADER_SIZE as usize + record_layer.encrypted_len(self.payload_len()) - } - - fn payload_to_vec(&self) -> Vec; - - fn payload_len(&self) -> usize; - - fn typ(&self) -> ContentType; - - fn version(&self) -> ProtocolVersion; } #[derive(Debug, Clone)] From 9e4fd799d183d0e1c6bcba546b318aae378490d4 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Dec 2023 17:57:13 +0000 Subject: [PATCH 0741/1145] Pass through key exchange errors In 3355e06f9 we generalised the error type here, but we didn't get rid of code that discarded the information-less error. --- rustls/src/client/hs.rs | 3 +-- rustls/src/client/tls12.rs | 4 +--- rustls/src/client/tls13.rs | 4 +--- rustls/src/server/tls12.rs | 4 +--- rustls/src/server/tls13.rs | 4 +--- 5 files changed, 5 insertions(+), 14 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 361fbd0398..d3ce656280 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -867,8 +867,7 @@ impl ExpectServerHelloOrHelloRetryRequest { } }; - skxg.start() - .map_err(|_| Error::FailedToGetRandomBytes)? + skxg.start()? } _ => offered_key_share, }; diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index dd52109538..88bdda3272 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -927,9 +927,7 @@ impl State for ExpectServerDone<'_> { return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into()); } }; - let kx = skxg - .start() - .map_err(|_| Error::FailedToGetRandomBytes)?; + let kx = skxg.start()?; // 5b. let mut transcript = st.transcript; diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 50c3f07f5b..7aaf637ece 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -221,9 +221,7 @@ pub(super) fn initial_key_share( .expect("No kx groups configured") }); - group - .start() - .map_err(|_| Error::FailedToGetRandomBytes) + group.start() } /// This implements the horrifying TLS1.3 hack where PSK binders have a diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 59e79baca1..2aebb37ef5 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -456,9 +456,7 @@ mod client_hello { signing_key: &dyn sign::SigningKey, randoms: &ConnectionRandoms, ) -> Result, Error> { - let kx = selected_group - .start() - .map_err(|_| Error::FailedToGetRandomBytes)?; + let kx = selected_group.start()?; let kx_params = ServerKeyExchangeParams::new(&*kx); let mut msg = Vec::new(); diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 35b46d8fba..b374ec10ac 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -491,9 +491,7 @@ mod client_hello { // Prepare key exchange; the caller already found the matching SupportedKxGroup let (share, kxgroup) = share_and_kxgroup; debug_assert_eq!(kxgroup.name(), share.group); - let kx = kxgroup - .start() - .map_err(|_| Error::FailedToGetRandomBytes)?; + let kx = kxgroup.start()?; let kse = KeyShareEntry::new(share.group, kx.pub_key()); extensions.push(ServerExtension::KeyShare(kse)); From 30438654f3d8626f534a00910b5999d06a929c82 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 12 Feb 2024 11:23:11 +0000 Subject: [PATCH 0742/1145] tests/api.rs: minor formatting corrections --- rustls/tests/api.rs | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 95f1d36db9..b89f505899 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -984,16 +984,20 @@ fn server_cert_resolve_reduces_sigalgs_for_ecdsa_ciphersuite() { check_sigalgs_reduced_by_ciphersuite( KeyType::EcdsaP256, CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - if provider_is_aws_lc_rs() { vec![ - SignatureScheme::ECDSA_NISTP521_SHA512, - SignatureScheme::ECDSA_NISTP384_SHA384, - SignatureScheme::ECDSA_NISTP256_SHA256, - SignatureScheme::ED25519, - ] } else { vec![ - SignatureScheme::ECDSA_NISTP384_SHA384, - SignatureScheme::ECDSA_NISTP256_SHA256, - SignatureScheme::ED25519, - ] } + if provider_is_aws_lc_rs() { + vec![ + SignatureScheme::ECDSA_NISTP521_SHA512, + SignatureScheme::ECDSA_NISTP384_SHA384, + SignatureScheme::ECDSA_NISTP256_SHA256, + SignatureScheme::ED25519, + ] + } else { + vec![ + SignatureScheme::ECDSA_NISTP384_SHA384, + SignatureScheme::ECDSA_NISTP256_SHA256, + SignatureScheme::ED25519, + ] + }, ); } @@ -1376,8 +1380,6 @@ fn default_signature_schemes(version: ProtocolVersion) -> Vec { v } - - #[test] fn client_cert_resolve_default() { // Test that in the default configuration that a client cert resolver gets the expected @@ -2880,7 +2882,11 @@ fn find_suite(suite: CipherSuite) -> SupportedCipherSuite { panic!("find_suite given unsupported suite"); } -fn test_ciphersuites() -> Vec<(&'static rustls::SupportedProtocolVersion, KeyType, CipherSuite)> { +fn test_ciphersuites() -> Vec<( + &'static rustls::SupportedProtocolVersion, + KeyType, + CipherSuite, +)> { let mut v = vec![ ( &rustls::version::TLS13, @@ -5711,18 +5717,12 @@ fn test_client_removes_tls12_session_if_server_sends_undecryptable_first_message #[test] fn test_client_fips_service_indicator() { - assert_eq!( - make_client_config(KeyType::Rsa).fips(), - provider_is_fips(), - ); + assert_eq!(make_client_config(KeyType::Rsa).fips(), provider_is_fips()); } #[test] fn test_server_fips_service_indicator() { - assert_eq!( - make_server_config(KeyType::Rsa).fips(), - provider_is_fips(), - ); + assert_eq!(make_server_config(KeyType::Rsa).fips(), provider_is_fips()); } #[test] From e178646af59fae54400f92c49c14b3bbf939de41 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 12 Feb 2024 12:02:57 +0000 Subject: [PATCH 0743/1145] test_client_rejects_hrr_with_varied_session_id: tighten By ignoring everything not precisely expected, these ran the risk of incorrectly passing. eg, `assert_server_requests_retry_and_echoes_session_id` would pass if the server sent a `ServerHello`. --- rustls/tests/api.rs | 47 +++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index b89f505899..9e05664d86 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4627,30 +4627,39 @@ fn test_client_rejects_hrr_with_varied_session_id() { SessionId::random(provider::default_provider().secure_random).unwrap(); let assert_client_sends_hello_with_secp384 = |msg: &mut Message| -> Altered { - if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { - if let HandshakePayload::ClientHello(ch) = &mut parsed.payload { - let keyshares = ch - .keyshare_extension() - .expect("missing key share extension"); - assert_eq!(keyshares.len(), 1); - assert_eq!(keyshares[0].group(), rustls::NamedGroup::secp384r1); - - ch.session_id = different_session_id; - *encoded = Payload::new(parsed.get_encoding()); - } - } + match &mut msg.payload { + MessagePayload::Handshake { parsed, encoded } => match &mut parsed.payload { + HandshakePayload::ClientHello(ch) => { + let keyshares = ch + .keyshare_extension() + .expect("missing key share extension"); + assert_eq!(keyshares.len(), 1); + assert_eq!(keyshares[0].group(), rustls::NamedGroup::secp384r1); + + ch.session_id = different_session_id; + *encoded = Payload::new(parsed.get_encoding()); + } + _ => panic!("unexpected handshake message {parsed:?}"), + }, + _ => panic!("unexpected non-handshake message {msg:?}"), + }; Altered::InPlace }; let assert_server_requests_retry_and_echoes_session_id = |msg: &mut Message| -> Altered { - if let MessagePayload::Handshake { parsed, .. } = &mut msg.payload { - if let HandshakePayload::HelloRetryRequest(hrr) = &mut parsed.payload { - let group = hrr.requested_key_share_group(); - assert_eq!(group, Some(rustls::NamedGroup::X25519)); + match &msg.payload { + MessagePayload::Handshake { parsed, .. } => match &parsed.payload { + HandshakePayload::HelloRetryRequest(hrr) => { + let group = hrr.requested_key_share_group(); + assert_eq!(group, Some(rustls::NamedGroup::X25519)); - assert_eq!(hrr.session_id, different_session_id); - } - } + assert_eq!(hrr.session_id, different_session_id); + } + _ => panic!("unexpected handshake message {parsed:?}"), + }, + MessagePayload::ChangeCipherSpec(_) => (), + _ => panic!("unexpected non-handshake message {msg:?}"), + }; Altered::InPlace }; From d23e58c3dba22c6fc04098bd0babe92d6e073fcc Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 9 Feb 2024 14:45:11 +0000 Subject: [PATCH 0744/1145] Prefer `supported_groups` extension in kx group choice Prior to this, we preferred to avoid a `HelloRetryRequest` when any supported `KeyShare` was supplied. But as [1] describes, this means a client which sends a `KeyShare` for a less-preferred group would end up using that, rather than a more-preferred group supported by both peers. [1]: https://www.ietf.org/archive/id/draft-davidben-tls-key-share-prediction-00.html#name-downgrades --- rustls/src/server/tls13.rs | 117 ++++++++++++++++++------------------- rustls/tests/api.rs | 86 +++++++++++++++++++++++++++ 2 files changed, 142 insertions(+), 61 deletions(-) diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index b374ec10ac..49c395d594 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -197,79 +197,74 @@ mod client_hello { }); } - // choose a share that we support - let chosen_share_and_kxg = self + // Choose the most preferred common group. + let mutually_preferred_group = match self .config .provider .kx_groups .iter() - .find_map(|group| { - shares_ext - .iter() - .find(|share| share.group == group.name()) - .map(|share| (share, *group)) - }); + .find(|group| groups_ext.contains(&group.name())) + { + Some(group) => *group, + None => { + return Err(cx.common.send_fatal_alert( + AlertDescription::HandshakeFailure, + PeerIncompatible::NoKxGroupsInCommon, + )); + } + }; + + // See if there is a KeyShare for that group. + let chosen_share_and_kxg = shares_ext.iter().find_map(|share| { + (share.group == mutually_preferred_group.name()) + .then(|| (share, mutually_preferred_group)) + }); let chosen_share_and_kxg = match chosen_share_and_kxg { Some(s) => s, None => { - // We don't have a suitable key share. Choose a suitable group and - // send a HelloRetryRequest. - let retry_group_maybe = self - .config - .provider - .kx_groups - .iter() - .find(|group| groups_ext.contains(&group.name())) - .cloned(); - + // We don't have a suitable key share. Send a HelloRetryRequest + // for the mutually_preferred_group. self.transcript.add_message(chm); - if let Some(group) = retry_group_maybe { - if self.done_retry { - return Err(cx.common.send_fatal_alert( - AlertDescription::IllegalParameter, - PeerMisbehaved::RefusedToFollowHelloRetryRequest, - )); - } - - emit_hello_retry_request( - &mut self.transcript, - self.suite, - client_hello.session_id, - cx.common, - group.name(), - ); - emit_fake_ccs(cx.common); - - let skip_early_data = max_early_data_size(self.config.max_early_data_size); - - let next = Box::new(hs::ExpectClientHello { - config: self.config, - transcript: HandshakeHashOrBuffer::Hash(self.transcript), - #[cfg(feature = "tls12")] - session_id: SessionId::empty(), - #[cfg(feature = "tls12")] - using_ems: false, - done_retry: true, - send_tickets: self.send_tickets, - extra_exts: self.extra_exts, - }); - - return if early_data_requested { - Ok(Box::new(ExpectAndSkipRejectedEarlyData { - skip_data_left: skip_early_data, - next, - })) - } else { - Ok(next) - }; + if self.done_retry { + return Err(cx.common.send_fatal_alert( + AlertDescription::IllegalParameter, + PeerMisbehaved::RefusedToFollowHelloRetryRequest, + )); } - return Err(cx.common.send_fatal_alert( - AlertDescription::HandshakeFailure, - PeerIncompatible::NoKxGroupsInCommon, - )); + emit_hello_retry_request( + &mut self.transcript, + self.suite, + client_hello.session_id, + cx.common, + mutually_preferred_group.name(), + ); + emit_fake_ccs(cx.common); + + let skip_early_data = max_early_data_size(self.config.max_early_data_size); + + let next = Box::new(hs::ExpectClientHello { + config: self.config, + transcript: HandshakeHashOrBuffer::Hash(self.transcript), + #[cfg(feature = "tls12")] + session_id: SessionId::empty(), + #[cfg(feature = "tls12")] + using_ems: false, + done_retry: true, + send_tickets: self.send_tickets, + extra_exts: self.extra_exts, + }); + + return if early_data_requested { + Ok(Box::new(ExpectAndSkipRejectedEarlyData { + skip_data_left: skip_early_data, + next, + })) + } else { + Ok(next) + }; } }; diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 9e05664d86..8be2f88773 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4743,6 +4743,92 @@ fn test_client_attempts_to_use_unsupported_kx_group() { )); } +#[cfg(feature = "tls12")] +#[test] +fn test_client_sends_share_for_less_preferred_group() { + // this is a test for the case described in: + // https://datatracker.ietf.org/doc/draft-davidben-tls-key-share-prediction/ + + // common to both client configs + let shared_storage = Arc::new(ClientStorage::new()); + + // first, client sends a secp384r1 share and server agrees. secp384r1 is inserted + // into kx group cache. + let mut client_config_1 = + make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::SECP384R1]); + client_config_1.resumption = Resumption::store(shared_storage.clone()); + + // second, client supports (x25519, secp384r1) and so kx group cache + // contains a supported but less-preferred group. + let mut client_config_2 = make_client_config_with_kx_groups( + KeyType::Rsa, + vec![provider::kx_group::X25519, provider::kx_group::SECP384R1], + ); + client_config_2.resumption = Resumption::store(shared_storage.clone()); + + let server_config = make_server_config(KeyType::Rsa); + + // first handshake + let (mut client_1, mut server) = make_pair_for_configs(client_config_1, server_config.clone()); + do_handshake_until_error(&mut client_1, &mut server).unwrap(); + + let ops = shared_storage.ops(); + println!("storage {:#?}", ops); + assert_eq!(ops.len(), 9); + assert!(matches!( + ops[3], + ClientStorageOp::SetKxHint(_, rustls::NamedGroup::secp384r1) + )); + + // second handshake (this must HRR to the most-preferred group) + let assert_client_sends_secp384_share = |msg: &mut Message| -> Altered { + match &msg.payload { + MessagePayload::Handshake { parsed, .. } => match &parsed.payload { + HandshakePayload::ClientHello(ch) => { + let keyshares = ch + .keyshare_extension() + .expect("missing key share extension"); + assert_eq!(keyshares.len(), 1); + assert_eq!(keyshares[0].group(), rustls::NamedGroup::secp384r1); + } + _ => panic!("unexpected handshake message {:?}", parsed), + }, + _ => panic!("unexpected non-handshake message {:?}", msg), + }; + Altered::InPlace + }; + + let assert_server_requests_retry_to_x25519 = |msg: &mut Message| -> Altered { + match &msg.payload { + MessagePayload::Handshake { parsed, .. } => match &parsed.payload { + HandshakePayload::HelloRetryRequest(hrr) => { + let group = hrr.requested_key_share_group(); + assert_eq!(group, Some(rustls::NamedGroup::X25519)); + } + _ => panic!("unexpected handshake message {:?}", parsed), + }, + MessagePayload::ChangeCipherSpec(_) => (), + _ => panic!("unexpected non-handshake message {:?}", msg), + }; + Altered::InPlace + }; + + let (client_2, server) = make_pair_for_configs(client_config_2, server_config); + let (mut client_2, mut server) = (client_2.into(), server.into()); + transfer_altered( + &mut client_2, + assert_client_sends_secp384_share, + &mut server, + ); + server.process_new_packets().unwrap(); + transfer_altered( + &mut server, + assert_server_requests_retry_to_x25519, + &mut client_2, + ); + client_2.process_new_packets().unwrap(); +} + #[cfg(feature = "tls12")] #[test] fn test_tls13_client_resumption_does_not_reuse_tickets() { From 651b5a4f149b208acdc5d01dfa3322e8f9f66992 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 12 Feb 2024 16:06:30 +0000 Subject: [PATCH 0745/1145] Select key exchange group and cipher suite together This is complex because the choice of usable cipher suites depends on selected protocol version, and the set of mutually supported key exchange groups. Then, the usable set of key exchange groups depends on the actually-selected cipher suite. --- rustls/src/crypto/mod.rs | 6 -- rustls/src/server/hs.rs | 204 ++++++++++++++++++++++++++----------- rustls/src/server/tls12.rs | 60 +---------- rustls/src/server/tls13.rs | 34 +------ rustls/src/suites.rs | 68 +++---------- rustls/tests/api.rs | 39 ++++++- 6 files changed, 197 insertions(+), 214 deletions(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 52d4de6049..13818def7e 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -292,12 +292,6 @@ impl CryptoProvider { && secure_random.fips() && key_provider.fips() } - - pub(crate) fn supported_kx_group_names(&self) -> impl Iterator + '_ { - self.kx_groups - .iter() - .map(|skxg| skxg.name()) - } } static PROCESS_DEFAULT_PROVIDER: OnceCell> = OnceCell::new(); diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 82e159bb77..3f24e1b4d8 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -1,16 +1,18 @@ -use crate::common_state::State; +use crate::common_state::{Protocol, State}; use crate::conn::ConnectionRandoms; -#[cfg(feature = "tls12")] -use crate::enums::CipherSuite; -use crate::enums::{AlertDescription, HandshakeType, ProtocolVersion, SignatureScheme}; +use crate::crypto::SupportedKxGroup; +use crate::enums::{ + AlertDescription, CipherSuite, HandshakeType, ProtocolVersion, SignatureAlgorithm, + SignatureScheme, +}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::{HandshakeHash, HandshakeHashBuffer}; #[cfg(feature = "logging")] use crate::log::{debug, trace}; -use crate::msgs::enums::{Compression, ExtensionType}; +use crate::msgs::enums::{Compression, ExtensionType, NamedGroup}; #[cfg(feature = "tls12")] use crate::msgs::handshake::SessionId; -use crate::msgs::handshake::{ClientHelloPayload, Random, ServerExtension}; +use crate::msgs::handshake::{ClientHelloPayload, KeyExchangeAlgorithm, Random, ServerExtension}; use crate::msgs::handshake::{ConvertProtocolNameList, ConvertServerNameList, HandshakePayload}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; @@ -334,63 +336,20 @@ impl ExpectClientHello { }; let certkey = ActiveCertifiedKey::from_certified_key(&certkey); - let mut suitable_suites = self - .config - .provider - .cipher_suites - .iter() - .filter(|suite| { - // Reduce our supported ciphersuites by the certificate. - suite.usable_for_signature_algorithm(certkey.get_key().algorithm()) - // And version - && suite.version().version == version && suite.usable_for_protocol(cx.common.protocol) - }) - .copied() - .collect::>(); - - let suitable_suites_before_kx_reduce_not_empty = !suitable_suites.is_empty(); - - // And supported kx groups - suites::reduce_given_kx_groups( - &mut suitable_suites, - client_hello.namedgroups_extension(), - &self - .config - .provider - .supported_kx_group_names() - .collect::>(), - ); - - if suitable_suites_before_kx_reduce_not_empty && suitable_suites.is_empty() { - return Err(cx.common.send_fatal_alert( - AlertDescription::HandshakeFailure, - PeerIncompatible::NoKxGroupsInCommon, - )); - } - - // RFC 7919 (https://datatracker.ietf.org/doc/html/rfc7919#section-4) requires us to send - // the InsufficientSecurity alert in case we don't recognize client's FFDHE groups (i.e., - // `suitable_suites` becomes empty). But that does not make a lot of sense (e.g., client - // proposes FFDHE4096 and we only support FFDHE2048), so we ignore that requirement here, - // and continue to send HandshakeFailure. - - let suite = if self.config.ignore_client_order { - suites::choose_ciphersuite_preferring_server( - &client_hello.cipher_suites, - &suitable_suites, - ) - } else { - suites::choose_ciphersuite_preferring_client( + let (suite, skxg) = self + .choose_suite_and_kx_group( + version, + certkey.get_key().algorithm(), + cx.common.protocol, + client_hello + .namedgroups_extension() + .unwrap_or(&[]), &client_hello.cipher_suites, - &suitable_suites, ) - } - .ok_or_else(|| { - cx.common.send_fatal_alert( - AlertDescription::HandshakeFailure, - PeerIncompatible::NoCipherSuitesInCommon, - ) - })?; + .map_err(|incompat| { + cx.common + .send_fatal_alert(AlertDescription::HandshakeFailure, incompat) + })?; debug!("decided upon suite {:?}", suite); cx.common.suite = Some(suite); @@ -427,7 +386,7 @@ impl ExpectClientHello { send_tickets: self.send_tickets, extra_exts: self.extra_exts, } - .handle_client_hello(cx, certkey, m, client_hello, sig_schemes), + .handle_client_hello(cx, certkey, m, client_hello, skxg, sig_schemes), #[cfg(feature = "tls12")] SupportedCipherSuite::Tls12(suite) => tls12::CompleteClientHelloHandling { config: self.config, @@ -444,11 +403,132 @@ impl ExpectClientHello { certkey, m, client_hello, + skxg, sig_schemes, tls13_enabled, ), } } + + fn choose_suite_and_kx_group( + &self, + selected_version: ProtocolVersion, + sig_key_algorithm: SignatureAlgorithm, + protocol: Protocol, + client_groups: &[NamedGroup], + client_suites: &[CipherSuite], + ) -> Result<(SupportedCipherSuite, &'static dyn SupportedKxGroup), PeerIncompatible> { + // Determine which `KeyExchangeAlgorithm`s are theoretically possible, based + // on the offered and supported groups. + let mut ecdhe_possible = false; + let mut ffdhe_possible = false; + let mut ffdhe_offered = false; + let mut supported_groups = Vec::with_capacity(client_groups.len()); + + for offered_group in client_groups { + let supported = self + .config + .provider + .kx_groups + .iter() + .find(|skxg| skxg.name() == *offered_group); + + match offered_group.key_exchange_algorithm() { + KeyExchangeAlgorithm::DHE => { + ffdhe_possible |= supported.is_some(); + ffdhe_offered = true; + } + KeyExchangeAlgorithm::ECDHE => { + ecdhe_possible |= supported.is_some(); + } + } + + supported_groups.push(supported); + } + + let first_supported_dhe_kxg = if selected_version == ProtocolVersion::TLSv1_2 { + // https://datatracker.ietf.org/doc/html/rfc7919#section-4 (paragraph 2) + let first_supported_dhe_kxg = self + .config + .provider + .kx_groups + .iter() + .find(|skxg| skxg.name().key_exchange_algorithm() == KeyExchangeAlgorithm::DHE); + ffdhe_possible |= !ffdhe_offered && first_supported_dhe_kxg.is_some(); + first_supported_dhe_kxg + } else { + // In TLS1.3, the server may only directly negotiate a group. + None + }; + + if !ecdhe_possible && !ffdhe_possible { + return Err(PeerIncompatible::NoKxGroupsInCommon); + } + + let suitable_suites = self + .config + .provider + .cipher_suites + .iter() + .filter(|suite| { + // Reduce our supported ciphersuites by the certified key's algorithm. + suite.usable_for_signature_algorithm(sig_key_algorithm) + // And version + && suite.version().version == selected_version + // And protocol + && suite.usable_for_protocol(protocol) + // And key exchange groups + && (!ecdhe_possible || suite.usable_for_kx_algorithm(KeyExchangeAlgorithm::ECDHE)) + && (!ffdhe_possible || suite.usable_for_kx_algorithm(KeyExchangeAlgorithm::DHE)) + }) + .copied() + .collect::>(); + + // RFC 7919 (https://datatracker.ietf.org/doc/html/rfc7919#section-4) requires us to send + // the InsufficientSecurity alert in case we don't recognize client's FFDHE groups (i.e., + // `suitable_suites` becomes empty). But that does not make a lot of sense (e.g., client + // proposes FFDHE4096 and we only support FFDHE2048), so we ignore that requirement here, + // and continue to send HandshakeFailure. + + let suite = if self.config.ignore_client_order { + suites::choose_ciphersuite_preferring_server(client_suites, &suitable_suites) + } else { + suites::choose_ciphersuite_preferring_client(client_suites, &suitable_suites) + } + .ok_or(PeerIncompatible::NoCipherSuitesInCommon)?; + + // Finally, choose a key exchange group that is compatible with the selected cipher + // suite. + let maybe_skxg = supported_groups + .iter() + .find_map(|maybe_skxg| match maybe_skxg { + Some(skxg) => suite + .usable_for_kx_algorithm(skxg.name().key_exchange_algorithm()) + .then(|| *skxg), + None => None, + }); + + if selected_version == ProtocolVersion::TLSv1_3 { + // This unwrap is structurally guaranteed by the early return for `!ffdhe_possible && !ecdhe_possible` + return Ok((suite, *maybe_skxg.unwrap())); + } + + // For TLS1.2, the server can unilaterally choose a DHE group if it has one and + // there was no better option. + match maybe_skxg { + Some(skxg) => Ok((suite, *skxg)), + None if suite.usable_for_kx_algorithm(KeyExchangeAlgorithm::DHE) => { + // If kx for the selected cipher suite is DHE and no DHE groups are specified in the extension, + // the server is free to choose DHE params, we choose the first DHE kx group of the provider. + if let Some(server_selected_ffdhe_skxg) = first_supported_dhe_kxg { + Ok((suite, *server_selected_ffdhe_skxg)) + } else { + Err(PeerIncompatible::NoKxGroupsInCommon) + } + } + None => Err(PeerIncompatible::NoKxGroupsInCommon), + } + } } impl State for ExpectClientHello { diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 2aebb37ef5..3988a8e59c 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -40,7 +40,7 @@ pub(super) use client_hello::CompleteClientHelloHandling; mod client_hello { use pki_types::CertificateDer; - use crate::crypto::{KeyExchangeAlgorithm, SupportedKxGroup}; + use crate::crypto::SupportedKxGroup; use crate::enums::SignatureScheme; use crate::msgs::enums::ECPointFormat; use crate::msgs::enums::{ClientCertificateType, Compression}; @@ -73,6 +73,7 @@ mod client_hello { server_key: ActiveCertifiedKey, chm: &Message, client_hello: &ClientHelloPayload, + selected_kxg: &'static dyn SupportedKxGroup, sigschemes_ext: Vec, tls13_enabled: bool, ) -> hs::NextStateOrError<'static> { @@ -175,8 +176,6 @@ mod client_hello { )); } - let group = self.pick_kx_group(client_hello, cx)?; - let ecpoint = ECPointFormat::SUPPORTED .iter() .find(|format| ecpoints_ext.contains(format)) @@ -220,7 +219,7 @@ mod client_hello { &mut self.transcript, cx.common, sigschemes, - group, + selected_kxg, server_key.get_key(), &self.randoms, )?; @@ -253,59 +252,6 @@ mod client_hello { } } - fn pick_kx_group( - &self, - client_hello: &ClientHelloPayload, - cx: &mut ServerContext<'_>, - ) -> Result<&'static dyn SupportedKxGroup, Error> { - let peer_groups_ext = client_hello.namedgroups_extension(); - - if peer_groups_ext.is_none() && self.suite.kx == KeyExchangeAlgorithm::ECDHE { - return Err(cx.common.send_fatal_alert( - AlertDescription::HandshakeFailure, - PeerIncompatible::NamedGroupsExtensionRequired, - )); - } - - trace!("namedgroups {:?}", peer_groups_ext); - - let peer_kx_groups = peer_groups_ext.unwrap_or(&[]); - let our_kx_groups = &self.config.provider.kx_groups; - - let matching_kx_group = our_kx_groups.iter().find(|skxg| { - skxg.name().key_exchange_algorithm() == self.suite.kx - && peer_kx_groups.contains(&skxg.name()) - }); - if let Some(&kx_group) = matching_kx_group { - return Ok(kx_group); - } - - let mut send_err = || { - cx.common.send_fatal_alert( - AlertDescription::HandshakeFailure, - PeerIncompatible::NoKxGroupsInCommon, - ) - }; - - // If kx for the selected cipher suite is DHE and no DHE groups are specified in the extension, - // the server is free to choose DHE params, we choose the first DHE kx group of the provider. - use KeyExchangeAlgorithm::DHE; - let we_get_to_choose_dhe_group = self.suite.kx == DHE - && !peer_kx_groups - .iter() - .any(|g| g.key_exchange_algorithm() == DHE); - - if !we_get_to_choose_dhe_group { - return Err(send_err()); - } - trace!("No DHE groups specified in ClientHello groups extension, server choosing DHE parameters"); - our_kx_groups - .iter() - .find(|skxg| skxg.name().key_exchange_algorithm() == DHE) - .cloned() - .ok_or_else(send_err) - } - fn start_resumption( mut self, cx: &mut ServerContext<'_>, diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 49c395d594..c82cc7e71b 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -149,6 +149,7 @@ mod client_hello { server_key: ActiveCertifiedKey, chm: &Message, client_hello: &ClientHelloPayload, + selected_kxg: &'static dyn SupportedKxGroup, mut sigschemes_ext: Vec, ) -> hs::NextStateOrError<'static> { if client_hello.compression_methods.len() != 1 { @@ -158,15 +159,6 @@ mod client_hello { )); } - let groups_ext = client_hello - .namedgroups_extension() - .ok_or_else(|| { - cx.common.send_fatal_alert( - AlertDescription::HandshakeFailure, - PeerIncompatible::NamedGroupsExtensionRequired, - ) - })?; - sigschemes_ext.retain(SignatureScheme::supported_in_tls13); let shares_ext = client_hello @@ -197,27 +189,9 @@ mod client_hello { }); } - // Choose the most preferred common group. - let mutually_preferred_group = match self - .config - .provider - .kx_groups - .iter() - .find(|group| groups_ext.contains(&group.name())) - { - Some(group) => *group, - None => { - return Err(cx.common.send_fatal_alert( - AlertDescription::HandshakeFailure, - PeerIncompatible::NoKxGroupsInCommon, - )); - } - }; - - // See if there is a KeyShare for that group. + // See if there is a KeyShare for the selected kx group. let chosen_share_and_kxg = shares_ext.iter().find_map(|share| { - (share.group == mutually_preferred_group.name()) - .then(|| (share, mutually_preferred_group)) + (share.group == selected_kxg.name()).then(|| (share, selected_kxg)) }); let chosen_share_and_kxg = match chosen_share_and_kxg { @@ -239,7 +213,7 @@ mod client_hello { self.suite, client_hello.session_id, cx.common, - mutually_preferred_group.name(), + selected_kxg.name(), ); emit_fake_ccs(cx.common); diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 865af74584..9a5d72a2a2 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -9,8 +9,6 @@ use crate::tls13::Tls13CipherSuite; #[cfg(feature = "tls12")] use crate::versions::TLS12; use crate::versions::{SupportedProtocolVersion, TLS13}; -use crate::NamedGroup; -use alloc::vec::Vec; use core::fmt; @@ -149,6 +147,18 @@ impl SupportedCipherSuite { Self::Tls13(_) => ALL_KEY_EXCHANGE_ALGORITHMS, } } + + /// Say if the given `KeyExchangeAlgorithm` is supported by this cipher suite. + /// + /// TLS 1.3 cipher suites support all key exchange types, but TLS 1.2 suites + /// support only one. + pub(crate) fn usable_for_kx_algorithm(&self, _kxa: KeyExchangeAlgorithm) -> bool { + match self { + #[cfg(feature = "tls12")] + Self::Tls12(tls12) => tls12.kx == _kxa, + Self::Tls13(_) => true, + } + } } impl fmt::Debug for SupportedCipherSuite { @@ -188,60 +198,6 @@ pub(crate) fn choose_ciphersuite_preferring_server( None } -/// Return a list of the ciphersuites in `all` with the suites -/// incompatible with the Groups extension removed. -pub(crate) fn reduce_given_kx_groups( - all: &mut Vec, - groups_ext: Option<&[NamedGroup]>, - supported_groups: &[NamedGroup], -) { - let mut ecdhe_kx_ok = false; - - #[cfg(feature = "tls12")] - let mut ext_has_ffdhe_groups = false; - let mut ext_has_known_ffdhe_groups = false; - for g in groups_ext.into_iter().flatten() { - if g.key_exchange_algorithm() == KeyExchangeAlgorithm::DHE { - #[cfg(feature = "tls12")] - { - ext_has_ffdhe_groups = true; - } - if supported_groups.contains(g) { - ext_has_known_ffdhe_groups = true; - } - } else if supported_groups.contains(g) { - ecdhe_kx_ok = true; - } - if ecdhe_kx_ok & ext_has_known_ffdhe_groups { - break; - } - } - - #[cfg(feature = "tls12")] - let ffdhe_kx_ok_tls12 = ext_has_known_ffdhe_groups || - // https://datatracker.ietf.org/doc/html/rfc7919#section-4 (paragraph 2) - !ext_has_ffdhe_groups && supported_groups - .iter() - .any(|g| g.key_exchange_algorithm() == KeyExchangeAlgorithm::DHE); - - let ffdhe_kx_ok_tls13 = ext_has_known_ffdhe_groups; - - all.retain(|suite| { - let suite_kx = suite.key_exchange_algorithms(); - // echde: - ecdhe_kx_ok && suite_kx.contains(&KeyExchangeAlgorithm::ECDHE) || - // dhe: - { - let ffdhe_kx_ok = match suite { - #[cfg(feature = "tls12")] - SupportedCipherSuite::Tls12(_) => ffdhe_kx_ok_tls12, - SupportedCipherSuite::Tls13(_) => ffdhe_kx_ok_tls13, - }; - ffdhe_kx_ok && suite_kx.contains(&KeyExchangeAlgorithm::DHE) - } - }) -} - /// Return true if `sigscheme` is usable by any of the given suites. pub(crate) fn compatible_sigscheme_for_suites( sigscheme: SignatureScheme, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 8be2f88773..ac97602ee6 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5103,8 +5103,8 @@ fn test_server_rejects_empty_sni_extension() { } #[test] -fn test_server_rejects_clients_without_any_kx_group_overlap() { - fn different_kx_group(msg: &mut Message) -> Altered { +fn test_server_rejects_clients_without_any_kx_groups() { + fn delete_kx_groups(msg: &mut Message) -> Altered { if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { if let HandshakePayload::ClientHello(ch) = &mut parsed.payload { for mut ext in ch.extensions.iter_mut() { @@ -5124,7 +5124,7 @@ fn test_server_rejects_clients_without_any_kx_group_overlap() { let (client, server) = make_pair(KeyType::Rsa); let (mut client, mut server) = (client.into(), server.into()); - transfer_altered(&mut client, different_kx_group, &mut server); + transfer_altered(&mut client, delete_kx_groups, &mut server); assert_eq!( server.process_new_packets(), Err(Error::PeerIncompatible( @@ -5133,6 +5133,39 @@ fn test_server_rejects_clients_without_any_kx_group_overlap() { ); } +#[test] +fn test_server_rejects_clients_without_any_kx_group_overlap() { + for version in rustls::ALL_VERSIONS { + let (mut client, mut server) = make_pair_for_configs( + make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]), + finish_server_config( + KeyType::Rsa, + ServerConfig::builder_with_provider( + CryptoProvider { + kx_groups: vec![provider::kx_group::SECP384R1], + ..provider::default_provider() + } + .into(), + ) + .with_protocol_versions(&[version]) + .unwrap(), + ), + ); + transfer(&mut client, &mut server); + assert_eq!( + server.process_new_packets(), + Err(Error::PeerIncompatible( + PeerIncompatible::NoKxGroupsInCommon + )) + ); + transfer(&mut server, &mut client); + assert_eq!( + client.process_new_packets(), + Err(Error::AlertReceived(AlertDescription::HandshakeFailure)) + ); + } +} + #[test] fn test_client_rejects_illegal_tls13_ccs() { fn corrupt_ccs(msg: &mut Message) -> Altered { From 114ae6f64314b542a2f85c1a3f7dcfe175a96a0d Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 13 Feb 2024 16:24:50 +0000 Subject: [PATCH 0746/1145] Inline `choose_ciphersuite_preferring_client` and co Test the behaviour of `ServerConfig::ignore_client_order` at the public API level. --- rustls/src/server/hs.rs | 24 ++++++++------ rustls/src/suites.rs | 71 ----------------------------------------- rustls/tests/api.rs | 39 ++++++++++++++++++++++ 3 files changed, 54 insertions(+), 80 deletions(-) diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 3f24e1b4d8..20eb0dfcc6 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -465,7 +465,7 @@ impl ExpectClientHello { return Err(PeerIncompatible::NoKxGroupsInCommon); } - let suitable_suites = self + let mut suitable_suites_iter = self .config .provider .cipher_suites @@ -480,9 +480,7 @@ impl ExpectClientHello { // And key exchange groups && (!ecdhe_possible || suite.usable_for_kx_algorithm(KeyExchangeAlgorithm::ECDHE)) && (!ffdhe_possible || suite.usable_for_kx_algorithm(KeyExchangeAlgorithm::DHE)) - }) - .copied() - .collect::>(); + }); // RFC 7919 (https://datatracker.ietf.org/doc/html/rfc7919#section-4) requires us to send // the InsufficientSecurity alert in case we don't recognize client's FFDHE groups (i.e., @@ -491,9 +489,17 @@ impl ExpectClientHello { // and continue to send HandshakeFailure. let suite = if self.config.ignore_client_order { - suites::choose_ciphersuite_preferring_server(client_suites, &suitable_suites) + suitable_suites_iter.find(|suite| client_suites.contains(&suite.suite())) } else { - suites::choose_ciphersuite_preferring_client(client_suites, &suitable_suites) + let suitable_suites = suitable_suites_iter.collect::>(); + client_suites + .iter() + .find_map(|client_suite| { + suitable_suites + .iter() + .find(|x| *client_suite == x.suite()) + }) + .copied() } .ok_or(PeerIncompatible::NoCipherSuitesInCommon)?; @@ -510,18 +516,18 @@ impl ExpectClientHello { if selected_version == ProtocolVersion::TLSv1_3 { // This unwrap is structurally guaranteed by the early return for `!ffdhe_possible && !ecdhe_possible` - return Ok((suite, *maybe_skxg.unwrap())); + return Ok((*suite, *maybe_skxg.unwrap())); } // For TLS1.2, the server can unilaterally choose a DHE group if it has one and // there was no better option. match maybe_skxg { - Some(skxg) => Ok((suite, *skxg)), + Some(skxg) => Ok((*suite, *skxg)), None if suite.usable_for_kx_algorithm(KeyExchangeAlgorithm::DHE) => { // If kx for the selected cipher suite is DHE and no DHE groups are specified in the extension, // the server is free to choose DHE params, we choose the first DHE kx group of the provider. if let Some(server_selected_ffdhe_skxg) = first_supported_dhe_kxg { - Ok((suite, *server_selected_ffdhe_skxg)) + Ok((*suite, *server_selected_ffdhe_skxg)) } else { Err(PeerIncompatible::NoKxGroupsInCommon) } diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 9a5d72a2a2..f66a834736 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -167,37 +167,6 @@ impl fmt::Debug for SupportedCipherSuite { } } -// These both O(N^2)! -pub(crate) fn choose_ciphersuite_preferring_client( - client_suites: &[CipherSuite], - server_suites: &[SupportedCipherSuite], -) -> Option { - for client_suite in client_suites { - if let Some(selected) = server_suites - .iter() - .find(|x| *client_suite == x.suite()) - { - return Some(*selected); - } - } - - None -} - -pub(crate) fn choose_ciphersuite_preferring_server( - client_suites: &[CipherSuite], - server_suites: &[SupportedCipherSuite], -) -> Option { - if let Some(selected) = server_suites - .iter() - .find(|x| client_suites.contains(&x.suite())) - { - return Some(*selected); - } - - None -} - /// Return true if `sigscheme` is usable by any of the given suites. pub(crate) fn compatible_sigscheme_for_suites( sigscheme: SignatureScheme, @@ -264,48 +233,8 @@ pub enum ConnectionTrafficSecrets { } test_for_each_provider! { - use super::*; - use crate::enums::CipherSuite; use provider::tls13::*; - #[test] - fn test_client_pref() { - let client = vec![ - CipherSuite::TLS13_AES_128_GCM_SHA256, - CipherSuite::TLS13_AES_256_GCM_SHA384, - ]; - let server = vec![TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256]; - let chosen = choose_ciphersuite_preferring_client(&client, &server); - assert!(chosen.is_some()); - assert_eq!(chosen.unwrap(), TLS13_AES_128_GCM_SHA256); - } - - #[test] - fn test_server_pref() { - let client = vec![ - CipherSuite::TLS13_AES_128_GCM_SHA256, - CipherSuite::TLS13_AES_256_GCM_SHA384, - ]; - let server = vec![TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256]; - let chosen = choose_ciphersuite_preferring_server(&client, &server); - assert!(chosen.is_some()); - assert_eq!(chosen.unwrap(), TLS13_AES_256_GCM_SHA384); - } - - #[test] - fn test_pref_fails() { - assert!(choose_ciphersuite_preferring_client( - &[CipherSuite::TLS_NULL_WITH_NULL_NULL], - provider::ALL_CIPHER_SUITES - ) - .is_none()); - assert!(choose_ciphersuite_preferring_server( - &[CipherSuite::TLS_NULL_WITH_NULL_NULL], - provider::ALL_CIPHER_SUITES - ) - .is_none()); - } - #[test] fn test_scs_is_debug() { println!("{:?}", provider::ALL_CIPHER_SUITES); diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index ac97602ee6..53fe411f6f 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3011,6 +3011,45 @@ fn negotiated_ciphersuite_server() { } } +#[test] +fn negotiated_ciphersuite_server_ignoring_client_preference() { + for (version, kt, suite) in test_ciphersuites() { + let scs = find_suite(suite); + let scs_other = if scs.suite() == CipherSuite::TLS13_AES_256_GCM_SHA384 { + find_suite(CipherSuite::TLS13_AES_128_GCM_SHA256) + } else { + find_suite(CipherSuite::TLS13_AES_256_GCM_SHA384) + }; + let mut server_config = finish_server_config( + kt, + ServerConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![scs, scs_other], + ..provider::default_provider() + } + .into(), + ) + .with_protocol_versions(&[version]) + .unwrap(), + ); + server_config.ignore_client_order = true; + + let client_config = finish_client_config( + kt, + ClientConfig::builder_with_provider( + CryptoProvider { + cipher_suites: vec![ scs_other, scs ], + ..provider::default_provider() + }.into(), + ) + .with_safe_default_protocol_versions() + .unwrap()); + + do_suite_test(client_config, server_config, scs, version.version); + } + +} + #[derive(Debug, PartialEq)] struct KeyLogItem { label: String, From fdf71f8ed046d1e8680aa02858b22d69c36b41fb Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 19 Feb 2024 16:49:32 -0500 Subject: [PATCH 0747/1145] Cargo: bump semver compat deps * clap v4.5.0 -> v4.5.1 * rustls-pemfile v2.0.0 -> v2.1.0 * rustls-pki-types v1.2.0 -> v1.3.0 * ring v0.17.7 -> v0.17.8 * aws-lc-rs v1.6.1 -> v1.6.2 --- Cargo.lock | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9dc52d62d2..962da23146 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -329,9 +329,9 @@ dependencies = [ [[package]] name = "aws-lc-rs" -version = "1.6.1" +version = "1.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb94ba389c4c48d9dc1983f8653cb92f7d9fc50b261e0501be2b7a636cbcbc4a" +checksum = "df33e4a55b03f8780ba55041bc7be91a2a8ec8c03517b0379d2d6c96d2c30d95" dependencies = [ "aws-lc-fips-sys", "aws-lc-sys", @@ -543,9 +543,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.0" +version = "4.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80c21025abd42669a92efc996ef13cfb2c5c627858421ea58d5c3b331a6c134f" +checksum = "c918d541ef2913577a0f9566e9ce27cb35b6df072075769e0b26cb5a554520da" dependencies = [ "clap_builder", "clap_derive", @@ -553,9 +553,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.0" +version = "4.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "458bf1f341769dfcf849846f65dffdf9146daa56bcd2a47cb4e1de9915567c99" +checksum = "9f3e7391dad68afb0c2ede1bf619f579a3dc9c2ec67f089baa397123a2f3d1eb" dependencies = [ "anstream", "anstyle", @@ -2046,16 +2046,17 @@ dependencies = [ [[package]] name = "ring" -version = "0.17.7" +version = "0.17.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" +checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d" dependencies = [ "cc", + "cfg-if", "getrandom", "libc", "spin 0.9.8", "untrusted", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -2151,7 +2152,7 @@ dependencies = [ "num-bigint", "once_cell", "ring", - "rustls-pemfile 2.0.0", + "rustls-pemfile 2.1.0", "rustls-pki-types", "rustls-webpki 0.102.2", "rustversion", @@ -2172,7 +2173,7 @@ dependencies = [ "itertools", "rayon", "rustls 0.23.0-alpha.0", - "rustls-pemfile 2.0.0", + "rustls-pemfile 2.1.0", "rustls-pki-types", ] @@ -2197,7 +2198,7 @@ dependencies = [ "mio", "rcgen", "rustls 0.23.0-alpha.0", - "rustls-pemfile 2.0.0", + "rustls-pemfile 2.1.0", "rustls-pki-types", "serde", "serde_derive", @@ -2215,7 +2216,7 @@ dependencies = [ "once_cell", "openssl", "rustls 0.23.0-alpha.0", - "rustls-pemfile 2.0.0", + "rustls-pemfile 2.1.0", "rustls-pki-types", ] @@ -2230,9 +2231,9 @@ dependencies = [ [[package]] name = "rustls-pemfile" -version = "2.0.0" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4" +checksum = "3c333bb734fcdedcea57de1602543590f545f127dc8b533324318fd492c5c70b" dependencies = [ "base64", "rustls-pki-types", @@ -2240,9 +2241,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.2.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a716eb65e3158e90e17cd93d855216e27bde02745ab842f2cab4a39dba1bacf" +checksum = "048a63e5b3ac996d78d402940b5fa47973d2d080c6c6fffa1d0f19c4445310b7" [[package]] name = "rustls-provider-example" From 124f31123cfcb7c03ba29d17a1755d247b073490 Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Wed, 21 Feb 2024 13:01:02 +0100 Subject: [PATCH 0748/1145] Use `end_entity` variable when verifying CertificateVerify The function very nicely constructs the `end_entity` variable, use it throughout instead of selecting it again. This makes it so that we use the position of `end_entity` in the chain only once, and it makes it more clear that we're using the previously-verified certificate. --- rustls/src/client/tls12.rs | 2 +- rustls/src/client/tls13.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 88bdda3272..197317785b 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -895,7 +895,7 @@ impl State for ExpectServerDone<'_> { st.config .verifier - .verify_tls12_signature(&message, &st.server_cert.cert_chain[0], sig) + .verify_tls12_signature(&message, end_entity, sig) .map_err(|err| { cx.common .send_cert_verify_error_alert(err) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 7aaf637ece..ba1b8287b5 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -735,7 +735,7 @@ impl State for ExpectCertificateVerify<'_> { .verifier .verify_tls13_signature( &construct_server_verify_message(&handshake_hash), - &self.server_cert.cert_chain[0], + end_entity, cert_verify, ) .map_err(|err| { From ca4f9bbe6fa38560d93d71a6e006b13a6e831063 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 22 Feb 2024 15:38:28 +0000 Subject: [PATCH 0749/1145] Take semver compatible updates - aes v0.8.3 -> v0.8.4 - anstream v0.6.11 -> v0.6.12 - anyhow v1.0.79 -> v1.0.80 - aws-lc-fips-sys v0.12.1 -> v0.12.3 - aws-lc-sys v0.13.0 -> v0.13.2 - bumpalo v3.14.0 -> v3.15.3 - cc v1.0.83 -> v1.0.86 - event-listener v5.0.0 -> v5.1.0 - hermit-abi v0.3.5 -> v0.3.6 - openssl v0.10.63 -> v0.10.64 - openssl-sys v0.9.99 -> v0.9.101 - pkg-config v0.3.29 -> v0.3.30 - polling v3.4.0 -> v3.5.0 - ryu v1.0.16 -> v1.0.17 - semver v1.0.21 -> v1.0.22 - serde v1.0.196 -> v1.0.197 - serde_derive v1.0.196 -> v1.0.197 - serde_json v1.0.113 -> v1.0.114 - syn v2.0.48 -> v2.0.50 - unicode-normalization v0.1.22 -> v0.1.23 - windows-targets v0.52.0 -> v0.52.3 - windows_aarch64_gnullvm v0.52.0 -> v0.52.3 - windows_aarch64_msvc v0.52.0 -> v0.52.3 - windows_i686_gnu v0.52.0 -> v0.52.3 - windows_i686_msvc v0.52.0 -> v0.52.3 - windows_x86_64_gnu v0.52.0 -> v0.52.3 - windows_x86_64_gnullvm v0.52.0 -> v0.52.3 - windows_x86_64_msvc v0.52.0 -> v0.52.3 --- Cargo.lock | 167 ++++++++++++++++++++++++++--------------------------- 1 file changed, 82 insertions(+), 85 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 962da23146..f7b15c979a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -29,9 +29,9 @@ dependencies = [ [[package]] name = "aes" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac1f845298e95f983ff1944b728ae08b8cebab80d684f0a832ed0fc74dfa27e2" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" dependencies = [ "cfg-if", "cipher", @@ -63,9 +63,9 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.11" +version = "0.6.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e2e1ebcb11de5c03c67de28a7df593d32191b44939c482e97702baaaa6ab6a5" +checksum = "96b09b5178381e0874812a9b157f7fe84982617e48f71f4e3235482775e5b540" dependencies = [ "anstyle", "anstyle-parse", @@ -111,9 +111,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.79" +version = "1.0.80" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca" +checksum = "5ad32ce52e4161730f7098c077cd2ed6229b5804ccf99e5366be1ab72a98b4e1" [[package]] name = "asn1" @@ -132,7 +132,7 @@ checksum = "87132221a3cb3794c8def2208c723276686e0cd771541deb7768905ce13dc603" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", ] [[package]] @@ -163,7 +163,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f28243a43d821d11341ab73c80bed182dc015c514b951616cf79bd4af39af0c3" dependencies = [ "concurrent-queue", - "event-listener 5.0.0", + "event-listener 5.1.0", "event-listener-strategy 0.5.0", "futures-core", "pin-project-lite", @@ -230,7 +230,7 @@ dependencies = [ "futures-io", "futures-lite 2.2.0", "parking", - "polling 3.4.0", + "polling 3.5.0", "rustix 0.38.31", "slab", "tracing", @@ -298,7 +298,7 @@ checksum = "c980ee35e870bd1a4d2c8294d4c04d0499e67bca1e4b5cefcc693c2fa00caea9" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", ] [[package]] @@ -315,9 +315,9 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" [[package]] name = "aws-lc-fips-sys" -version = "0.12.1" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07fcdffa26123df7f3cf4215be038e3836734f31154abd602195a7ca5ef9623b" +checksum = "7e872633d0107cd8f882b08dd9a6ee0e5bf0511da083778f666e325d597069ae" dependencies = [ "bindgen", "cmake", @@ -342,9 +342,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.13.0" +version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6e564487156f6ea22217c06263abd92ee65e4d9ff3dbc1f99f703f060f94715" +checksum = "a5f269b176dc4aeb593910fa56ed6f956cde19542e496bb0bfc1ad9a6ce18815" dependencies = [ "bindgen", "cmake", @@ -412,7 +412,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.48", + "syn 2.0.50", "which", ] @@ -455,9 +455,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.14.0" +version = "3.15.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" +checksum = "8ea184aa71bb362a1157c896979544cc23974e08fd265f29ea96b59f0b4a555b" [[package]] name = "byteorder" @@ -473,12 +473,9 @@ checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" [[package]] name = "cc" -version = "1.0.83" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" -dependencies = [ - "libc", -] +checksum = "7f9fa1897e4325be0d68d48df6aa1a71ac2ed4d27723887e7754192705350730" [[package]] name = "cexpr" @@ -572,7 +569,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", ] [[package]] @@ -700,7 +697,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", ] [[package]] @@ -807,7 +804,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", ] [[package]] @@ -858,9 +855,9 @@ dependencies = [ [[package]] name = "event-listener" -version = "5.0.0" +version = "5.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b72557800024fabbaa2449dd4bf24e37b93702d457a4d4f2b0dd1f0f039f20c1" +checksum = "b7ad6fd685ce13acd6d9541a30f6db6567a7a24c9ffd4ba2955d29e3f22c8b27" dependencies = [ "concurrent-queue", "parking", @@ -883,7 +880,7 @@ version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "feedafcaa9b749175d5ac357452a9d41ea2911da598fde46ce1fe02c37751291" dependencies = [ - "event-listener 5.0.0", + "event-listener 5.1.0", "pin-project-lite", ] @@ -1137,9 +1134,9 @@ checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" [[package]] name = "hermit-abi" -version = "0.3.5" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0c62115964e08cb8039170eb33c1d0e2388a256930279edca206fff675f82c3" +checksum = "bd5256b483761cd23699d0da46cc6fd2ee3be420bbe6d020ae4a091e70b7e9fd" [[package]] name = "hex" @@ -1651,9 +1648,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "openssl" -version = "0.10.63" +version = "0.10.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15c9d69dd87a29568d4d017cfe8ec518706046a05184e5aea92d0af890b803c8" +checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" dependencies = [ "bitflags 2.4.2", "cfg-if", @@ -1672,14 +1669,14 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", ] [[package]] name = "openssl-sys" -version = "0.9.99" +version = "0.9.101" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22e1bf214306098e4832460f797824c05d25aacdf896f64a985fb0fd992454ae" +checksum = "dda2b0f344e78efc2facf7d195d098df0dd72151b26ab98da807afc26c198dff" dependencies = [ "cc", "libc", @@ -1806,9 +1803,9 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2900ede94e305130c13ddd391e0ab7cbaeb783945ae07a279c268cb05109c6cb" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "platforms" @@ -1834,9 +1831,9 @@ dependencies = [ [[package]] name = "polling" -version = "3.4.0" +version = "3.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30054e72317ab98eddd8561db0f6524df3367636884b7b21b703e4b280a84a14" +checksum = "24f040dee2588b4963afb4e420540439d126f73fdacf4a9c486a96d840bac3c9" dependencies = [ "cfg-if", "concurrent-queue", @@ -1888,7 +1885,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a41cf62165e97c7f814d2221421dbb9afcbcdb0a88068e5ea206e19951c2cbb5" dependencies = [ "proc-macro2", - "syn 2.0.48", + "syn 2.0.50", ] [[package]] @@ -2304,9 +2301,9 @@ checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" [[package]] name = "ryu" -version = "1.0.16" +version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c" +checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" [[package]] name = "scopeguard" @@ -2340,35 +2337,35 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.21" +version = "1.0.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b97ed7a9823b74f99c7742f5336af7be5ecd3eeafcb1507d1fa93347b1d589b0" +checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" [[package]] name = "serde" -version = "1.0.196" +version = "1.0.197" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "870026e60fa08c69f064aa766c10f10b1d62db9ccd4d0abb206472bee0ce3b32" +checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.196" +version = "1.0.197" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33c85360c95e7d137454dc81d9a4ed2b8efd8fbe19cee57357b32b9771fccb67" +checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", ] [[package]] name = "serde_json" -version = "1.0.113" +version = "1.0.114" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69801b70b1c3dac963ecb03a364ba0ceda9cf60c71cfe475e99864759c8b8a79" +checksum = "c5f09b1bd632ef549eaa9f60a1f8de742bdbc698e6cee2095fc84dde5f549ae0" dependencies = [ "itoa", "ryu", @@ -2490,9 +2487,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.48" +version = "2.0.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" +checksum = "74f1bdc9872430ce9b75da68329d1c1746faf50ffac5f19e02b71e37ff881ffb" dependencies = [ "proc-macro2", "quote", @@ -2525,7 +2522,7 @@ checksum = "a953cb265bef375dae3de6663da4d3804eee9682ea80d8e2542529b73c531c81" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", ] [[package]] @@ -2587,7 +2584,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", ] [[package]] @@ -2633,7 +2630,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", ] [[package]] @@ -2665,9 +2662,9 @@ checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unicode-normalization" -version = "0.1.22" +version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" +checksum = "a56d1686db2308d901306f92a263857ef59ea39678a5458e7cb17f01415101f5" dependencies = [ "tinyvec", ] @@ -2756,7 +2753,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", "wasm-bindgen-shared", ] @@ -2790,7 +2787,7 @@ checksum = "642f325be6301eb8107a83d12a8ac6c1e1c54345a7ef1a9261962dfefda09e66" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2890,7 +2887,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.0", + "windows-targets 0.52.3", ] [[package]] @@ -2910,17 +2907,17 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.0" +version = "0.52.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +checksum = "d380ba1dc7187569a8a9e91ed34b8ccfc33123bbacb8c0aed2d1ad7f3ef2dc5f" dependencies = [ - "windows_aarch64_gnullvm 0.52.0", - "windows_aarch64_msvc 0.52.0", - "windows_i686_gnu 0.52.0", - "windows_i686_msvc 0.52.0", - "windows_x86_64_gnu 0.52.0", - "windows_x86_64_gnullvm 0.52.0", - "windows_x86_64_msvc 0.52.0", + "windows_aarch64_gnullvm 0.52.3", + "windows_aarch64_msvc 0.52.3", + "windows_i686_gnu 0.52.3", + "windows_i686_msvc 0.52.3", + "windows_x86_64_gnu 0.52.3", + "windows_x86_64_gnullvm 0.52.3", + "windows_x86_64_msvc 0.52.3", ] [[package]] @@ -2931,9 +2928,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.0" +version = "0.52.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" +checksum = "68e5dcfb9413f53afd9c8f86e56a7b4d86d9a2fa26090ea2dc9e40fba56c6ec6" [[package]] name = "windows_aarch64_msvc" @@ -2943,9 +2940,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.0" +version = "0.52.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" +checksum = "8dab469ebbc45798319e69eebf92308e541ce46760b49b18c6b3fe5e8965b30f" [[package]] name = "windows_i686_gnu" @@ -2955,9 +2952,9 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.0" +version = "0.52.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" +checksum = "2a4e9b6a7cac734a8b4138a4e1044eac3404d8326b6c0f939276560687a033fb" [[package]] name = "windows_i686_msvc" @@ -2967,9 +2964,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.0" +version = "0.52.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" +checksum = "28b0ec9c422ca95ff34a78755cfa6ad4a51371da2a5ace67500cf7ca5f232c58" [[package]] name = "windows_x86_64_gnu" @@ -2979,9 +2976,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.0" +version = "0.52.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" +checksum = "704131571ba93e89d7cd43482277d6632589b18ecf4468f591fbae0a8b101614" [[package]] name = "windows_x86_64_gnullvm" @@ -2991,9 +2988,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.0" +version = "0.52.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" +checksum = "42079295511643151e98d61c38c0acc444e52dd42ab456f7ccfd5152e8ecf21c" [[package]] name = "windows_x86_64_msvc" @@ -3003,9 +3000,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.0" +version = "0.52.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" +checksum = "0770833d60a970638e989b3fa9fd2bb1aaadcf88963d1659fd7d9990196ed2d6" [[package]] name = "winreg" @@ -3055,5 +3052,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.48", + "syn 2.0.50", ] From 8e95ae1967bdbdb8a37a233327be453cd5fc5178 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 23 Feb 2024 11:21:01 -0500 Subject: [PATCH 0750/1145] ci: skip docs deploy for forks --- .github/workflows/docs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 77465d54cd..77058c3a9a 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -53,6 +53,7 @@ jobs: deploy: name: Deploy runs-on: ubuntu-latest + if: github.repository == 'rustls/rustls' needs: generate environment: name: github-pages From b6a22bfa0b63e7a5233b806c3a0887d5139f7fa3 Mon Sep 17 00:00:00 2001 From: Eloi DEMOLIS Date: Fri, 23 Feb 2024 12:27:20 -0500 Subject: [PATCH 0751/1145] provider-example: tidy up cipher:: type prefixes --- provider-example/src/aead.rs | 81 ++++++++++++++++-------------------- 1 file changed, 35 insertions(+), 46 deletions(-) diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index 97840211c1..65ae90c817 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -4,21 +4,23 @@ use alloc::vec::Vec; use chacha20poly1305::aead::Buffer; use chacha20poly1305::{AeadInPlace, KeyInit, KeySizeUser}; use rustls::crypto::cipher::{ - self, AeadKey, BorrowedPayload, Iv, UnsupportedOperationError, NONCE_LEN, + make_tls12_aad, make_tls13_aad, AeadKey, BorrowedOpaqueMessage, BorrowedPayload, + InboundMessage, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, OpaqueMessage, + OutboundMessage, Tls12AeadAlgorithm, Tls13AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, }; use rustls::{ConnectionTrafficSecrets, ContentType, ProtocolVersion}; pub struct Chacha20Poly1305; -impl cipher::Tls13AeadAlgorithm for Chacha20Poly1305 { - fn encrypter(&self, key: cipher::AeadKey, iv: cipher::Iv) -> Box { +impl Tls13AeadAlgorithm for Chacha20Poly1305 { + fn encrypter(&self, key: AeadKey, iv: Iv) -> Box { Box::new(Tls13Cipher( chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), iv, )) } - fn decrypter(&self, key: cipher::AeadKey, iv: cipher::Iv) -> Box { + fn decrypter(&self, key: AeadKey, iv: Iv) -> Box { Box::new(Tls13Cipher( chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), iv, @@ -38,28 +40,23 @@ impl cipher::Tls13AeadAlgorithm for Chacha20Poly1305 { } } -impl cipher::Tls12AeadAlgorithm for Chacha20Poly1305 { - fn encrypter( - &self, - key: cipher::AeadKey, - iv: &[u8], - _: &[u8], - ) -> Box { +impl Tls12AeadAlgorithm for Chacha20Poly1305 { + fn encrypter(&self, key: AeadKey, iv: &[u8], _: &[u8]) -> Box { Box::new(Tls12Cipher( chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), - cipher::Iv::copy(iv), + Iv::copy(iv), )) } - fn decrypter(&self, key: cipher::AeadKey, iv: &[u8]) -> Box { + fn decrypter(&self, key: AeadKey, iv: &[u8]) -> Box { Box::new(Tls12Cipher( chacha20poly1305::ChaCha20Poly1305::new_from_slice(key.as_ref()).unwrap(), - cipher::Iv::copy(iv), + Iv::copy(iv), )) } - fn key_block_shape(&self) -> cipher::KeyBlockShape { - cipher::KeyBlockShape { + fn key_block_shape(&self) -> KeyBlockShape { + KeyBlockShape { enc_key_len: 32, fixed_iv_len: 12, explicit_nonce_len: 0, @@ -81,14 +78,10 @@ impl cipher::Tls12AeadAlgorithm for Chacha20Poly1305 { } } -struct Tls13Cipher(chacha20poly1305::ChaCha20Poly1305, cipher::Iv); +struct Tls13Cipher(chacha20poly1305::ChaCha20Poly1305, Iv); -impl cipher::MessageEncrypter for Tls13Cipher { - fn encrypt( - &mut self, - m: cipher::OutboundMessage, - seq: u64, - ) -> Result { +impl MessageEncrypter for Tls13Cipher { + fn encrypt(&mut self, m: OutboundMessage, seq: u64) -> Result { let total_len = self.encrypted_payload_len(m.payload.len()); // construct a TLSInnerPlaintext @@ -96,14 +89,14 @@ impl cipher::MessageEncrypter for Tls13Cipher { m.payload.copy_to_vec(&mut payload); payload.push(m.typ.get_u8()); - let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); - let aad = cipher::make_tls13_aad(total_len); + let nonce = chacha20poly1305::Nonce::from(Nonce::new(&self.1, seq).0); + let aad = make_tls13_aad(total_len); self.0 .encrypt_in_place(&nonce, &aad, &mut payload) .map_err(|_| rustls::Error::EncryptError) .map(|_| { - cipher::OpaqueMessage::new( + OpaqueMessage::new( ContentType::ApplicationData, ProtocolVersion::TLSv1_2, payload, @@ -116,15 +109,15 @@ impl cipher::MessageEncrypter for Tls13Cipher { } } -impl cipher::MessageDecrypter for Tls13Cipher { +impl MessageDecrypter for Tls13Cipher { fn decrypt<'a>( &mut self, - mut m: cipher::BorrowedOpaqueMessage<'a>, + mut m: BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result, rustls::Error> { + ) -> Result, rustls::Error> { let payload = &mut m.payload; - let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); - let aad = cipher::make_tls13_aad(payload.len()); + let nonce = chacha20poly1305::Nonce::from(Nonce::new(&self.1, seq).0); + let aad = make_tls13_aad(payload.len()); self.0 .decrypt_in_place(&nonce, &aad, &mut BufferAdapter(payload)) @@ -134,26 +127,22 @@ impl cipher::MessageDecrypter for Tls13Cipher { } } -struct Tls12Cipher(chacha20poly1305::ChaCha20Poly1305, cipher::Iv); +struct Tls12Cipher(chacha20poly1305::ChaCha20Poly1305, Iv); -impl cipher::MessageEncrypter for Tls12Cipher { - fn encrypt( - &mut self, - m: cipher::OutboundMessage, - seq: u64, - ) -> Result { +impl MessageEncrypter for Tls12Cipher { + fn encrypt(&mut self, m: OutboundMessage, seq: u64) -> Result { let total_len = self.encrypted_payload_len(m.payload.len()); let mut payload = Vec::with_capacity(total_len); m.payload.copy_to_vec(&mut payload); - let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); - let aad = cipher::make_tls12_aad(seq, m.typ, m.version, payload.len()); + let nonce = chacha20poly1305::Nonce::from(Nonce::new(&self.1, seq).0); + let aad = make_tls12_aad(seq, m.typ, m.version, payload.len()); self.0 .encrypt_in_place(&nonce, &aad, &mut payload) .map_err(|_| rustls::Error::EncryptError) - .map(|_| cipher::OpaqueMessage::new(m.typ, m.version, payload)) + .map(|_| OpaqueMessage::new(m.typ, m.version, payload)) } fn encrypted_payload_len(&self, payload_len: usize) -> usize { @@ -161,15 +150,15 @@ impl cipher::MessageEncrypter for Tls12Cipher { } } -impl cipher::MessageDecrypter for Tls12Cipher { +impl MessageDecrypter for Tls12Cipher { fn decrypt<'a>( &mut self, - mut m: cipher::BorrowedOpaqueMessage<'a>, + mut m: BorrowedOpaqueMessage<'a>, seq: u64, - ) -> Result, rustls::Error> { + ) -> Result, rustls::Error> { let payload = &m.payload; - let nonce = chacha20poly1305::Nonce::from(cipher::Nonce::new(&self.1, seq).0); - let aad = cipher::make_tls12_aad( + let nonce = chacha20poly1305::Nonce::from(Nonce::new(&self.1, seq).0); + let aad = make_tls12_aad( seq, m.typ, m.version, From 7b9ba05a0c0a306a6c1bec65ee93ed1bb3e5dc46 Mon Sep 17 00:00:00 2001 From: Eloi DEMOLIS Date: Fri, 23 Feb 2024 12:30:39 -0500 Subject: [PATCH 0752/1145] macros: generalize enum_builder, generate get_array --- rustls/src/msgs/macros.rs | 77 +++++++++++---------------------------- 1 file changed, 22 insertions(+), 55 deletions(-) diff --git a/rustls/src/msgs/macros.rs b/rustls/src/msgs/macros.rs index cf0eec5de6..f066f4c6e9 100644 --- a/rustls/src/msgs/macros.rs +++ b/rustls/src/msgs/macros.rs @@ -1,8 +1,14 @@ /// A macro which defines an enum type. macro_rules! enum_builder { + ($(#[$comment:meta])* @U8 $($enum:tt)+) => { + enum_builder!(u8: get_u8 $(#[$comment])* $($enum)+); + }; + ($(#[$comment:meta])* @U16 $($enum:tt)+) => { + enum_builder!(u16: get_u16 $(#[$comment])* $($enum)+); + }; ( - $(#[$comment:meta])* - @U8 + $uint:ty: $get_uint:ident + $(#[$comment:meta])* $enum_vis:vis enum $enum_name:ident { $( $enum_var: ident => $enum_val: expr ),* $(,)? } ) => { @@ -11,63 +17,24 @@ macro_rules! enum_builder { #[derive(Debug, PartialEq, Eq, Clone, Copy)] $enum_vis enum $enum_name { $( $enum_var),* - ,Unknown(u8) + ,Unknown($uint) } impl $enum_name { - $enum_vis fn get_u8(&self) -> u8 { - let x = self.clone(); - match x { + $enum_vis fn $get_uint(&self) -> $uint { + match self { $( $enum_name::$enum_var => $enum_val),* - ,$enum_name::Unknown(x) => x + ,$enum_name::Unknown(x) => *x } } - } - impl Codec<'_> for $enum_name { - // NOTE(allow) fully qualified Vec is only needed in no-std mode - #[allow(unused_qualifications)] - fn encode(&self, bytes: &mut alloc::vec::Vec) { - self.get_u8().encode(bytes); - } - fn read(r: &mut Reader) -> Result { - match u8::read(r) { - Ok(x) => Ok($enum_name::from(x)), - Err(_) => Err(crate::error::InvalidMessage::MissingData(stringify!($enum_name))), - } - } - } - impl From for $enum_name { - fn from(x: u8) -> Self { - match x { - $($enum_val => $enum_name::$enum_var),* - , x => $enum_name::Unknown(x), - } - } - } - }; - ( - $(#[$comment:meta])* - @U16 - $enum_vis:vis enum $enum_name:ident - { $( $enum_var: ident => $enum_val: expr ),* $(,)?} - ) => { - $(#[$comment])* - #[non_exhaustive] - #[derive(Debug, PartialEq, Eq, Clone, Copy)] - $enum_vis enum $enum_name { - $( $enum_var),* - ,Unknown(u16) - } - impl $enum_name { - $enum_vis fn get_u16(&self) -> u16 { - let x = self.clone(); - match x { - $( $enum_name::$enum_var => $enum_val),* - ,$enum_name::Unknown(x) => x - } + // NOTE(allow) generated irrespective if there are callers + #[allow(dead_code)] + $enum_vis fn get_array(&self) -> [u8; core::mem::size_of::<$uint>()] { + self.$get_uint().to_be_bytes() } - #[allow(dead_code)] // generated irrespective if there are callers + // NOTE(allow) generated irrespective if there are callers + #[allow(dead_code)] $enum_vis fn as_str(&self) -> Option<&'static str> { match self { $( $enum_name::$enum_var => Some(stringify!($enum_var))),* @@ -79,18 +46,18 @@ macro_rules! enum_builder { // NOTE(allow) fully qualified Vec is only needed in no-std mode #[allow(unused_qualifications)] fn encode(&self, bytes: &mut alloc::vec::Vec) { - self.get_u16().encode(bytes); + self.$get_uint().encode(bytes); } fn read(r: &mut Reader) -> Result { - match u16::read(r) { + match <$uint>::read(r) { Ok(x) => Ok($enum_name::from(x)), Err(_) => Err(crate::error::InvalidMessage::MissingData(stringify!($enum_name))), } } } - impl From for $enum_name { - fn from(x: u16) -> Self { + impl From<$uint> for $enum_name { + fn from(x: $uint) -> Self { match x { $($enum_val => $enum_name::$enum_var),* , x => $enum_name::Unknown(x), From fcbe43dde60378accc133748b6daa5caeb510894 Mon Sep 17 00:00:00 2001 From: Eloi DEMOLIS Date: Fri, 23 Feb 2024 12:47:52 -0500 Subject: [PATCH 0753/1145] message: switch HEADER_SIZE from u16 to usize --- rustls/src/msgs/message.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index dceb5d622e..8566b0ef4c 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -180,10 +180,10 @@ impl OpaqueMessage { const MAX_PAYLOAD: u16 = 16_384 + 2048; /// Content type, version and size. - const HEADER_SIZE: u16 = 1 + 2 + 2; + const HEADER_SIZE: usize = 1 + 2 + 2; /// Maximum on-the-wire message size. - pub const MAX_WIRE_SIZE: usize = (Self::MAX_PAYLOAD + Self::HEADER_SIZE) as usize; + pub const MAX_WIRE_SIZE: usize = Self::MAX_PAYLOAD as usize + Self::HEADER_SIZE; } /// A borrowed version of [`OpaqueMessage`]. @@ -475,7 +475,7 @@ pub struct OutboundMessage<'a> { impl OutboundMessage<'_> { pub(crate) fn encoded_len(&self, record_layer: &RecordLayer) -> usize { - OpaqueMessage::HEADER_SIZE as usize + record_layer.encrypted_len(self.payload.len()) + OpaqueMessage::HEADER_SIZE + record_layer.encrypted_len(self.payload.len()) } pub(crate) fn to_unencrypted_opaque(&self) -> OpaqueMessage { From 7055ef047cbcfa176d014571b7cdbab501b41ff5 Mon Sep 17 00:00:00 2001 From: Eloi DEMOLIS Date: Tue, 20 Feb 2024 09:58:22 +0100 Subject: [PATCH 0754/1145] Create type PrefixedPayload for OpaqueMessage PrefixedPayload holds a Vec with a 5 bytes padding before the actual OpaqueMessage's payload. They will be filled when encoding the OpaqueMessage avoiding an allocation and a copy. Signed-off-by: Eloi DEMOLIS --- provider-example/src/aead.rs | 48 +++++++--- rustls/src/crypto/aws_lc_rs/tls12.rs | 27 +++--- rustls/src/crypto/aws_lc_rs/tls13.rs | 20 ++-- rustls/src/crypto/cipher.rs | 1 + rustls/src/crypto/ring/tls12.rs | 27 +++--- rustls/src/crypto/ring/tls13.rs | 11 +-- rustls/src/msgs/message.rs | 135 +++++++++++++++++---------- rustls/src/record_layer.rs | 13 +-- 8 files changed, 172 insertions(+), 110 deletions(-) diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index 65ae90c817..f4b3ac2537 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -1,12 +1,12 @@ use alloc::boxed::Box; -use alloc::vec::Vec; use chacha20poly1305::aead::Buffer; use chacha20poly1305::{AeadInPlace, KeyInit, KeySizeUser}; use rustls::crypto::cipher::{ make_tls12_aad, make_tls13_aad, AeadKey, BorrowedOpaqueMessage, BorrowedPayload, InboundMessage, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, OpaqueMessage, - OutboundMessage, Tls12AeadAlgorithm, Tls13AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, + OutboundMessage, PrefixedPayload, Tls12AeadAlgorithm, Tls13AeadAlgorithm, + UnsupportedOperationError, NONCE_LEN, }; use rustls::{ConnectionTrafficSecrets, ContentType, ProtocolVersion}; @@ -83,17 +83,15 @@ struct Tls13Cipher(chacha20poly1305::ChaCha20Poly1305, Iv); impl MessageEncrypter for Tls13Cipher { fn encrypt(&mut self, m: OutboundMessage, seq: u64) -> Result { let total_len = self.encrypted_payload_len(m.payload.len()); + let mut payload = PrefixedPayload::with_capacity(total_len); - // construct a TLSInnerPlaintext - let mut payload = Vec::with_capacity(total_len); - m.payload.copy_to_vec(&mut payload); - payload.push(m.typ.get_u8()); - + payload.extend_from_chunks(&m.payload); + payload.extend_from_slice(&m.typ.get_array()); let nonce = chacha20poly1305::Nonce::from(Nonce::new(&self.1, seq).0); let aad = make_tls13_aad(total_len); self.0 - .encrypt_in_place(&nonce, &aad, &mut payload) + .encrypt_in_place(&nonce, &aad, &mut EncryptBufferAdapter(&mut payload)) .map_err(|_| rustls::Error::EncryptError) .map(|_| { OpaqueMessage::new( @@ -132,15 +130,14 @@ struct Tls12Cipher(chacha20poly1305::ChaCha20Poly1305, Iv); impl MessageEncrypter for Tls12Cipher { fn encrypt(&mut self, m: OutboundMessage, seq: u64) -> Result { let total_len = self.encrypted_payload_len(m.payload.len()); + let mut payload = PrefixedPayload::with_capacity(total_len); - let mut payload = Vec::with_capacity(total_len); - m.payload.copy_to_vec(&mut payload); - + payload.extend_from_chunks(&m.payload); let nonce = chacha20poly1305::Nonce::from(Nonce::new(&self.1, seq).0); - let aad = make_tls12_aad(seq, m.typ, m.version, payload.len()); + let aad = make_tls12_aad(seq, m.typ, m.version, m.payload.len()); self.0 - .encrypt_in_place(&nonce, &aad, &mut payload) + .encrypt_in_place(&nonce, &aad, &mut EncryptBufferAdapter(&mut payload)) .map_err(|_| rustls::Error::EncryptError) .map(|_| OpaqueMessage::new(m.typ, m.version, payload)) } @@ -176,6 +173,31 @@ impl MessageDecrypter for Tls12Cipher { const CHACHAPOLY1305_OVERHEAD: usize = 16; +struct EncryptBufferAdapter<'a>(&'a mut PrefixedPayload); + +impl AsRef<[u8]> for EncryptBufferAdapter<'_> { + fn as_ref(&self) -> &[u8] { + self.0.as_ref() + } +} + +impl AsMut<[u8]> for EncryptBufferAdapter<'_> { + fn as_mut(&mut self) -> &mut [u8] { + self.0.as_mut() + } +} + +impl Buffer for EncryptBufferAdapter<'_> { + fn extend_from_slice(&mut self, other: &[u8]) -> chacha20poly1305::aead::Result<()> { + self.0.extend_from_slice(other); + Ok(()) + } + + fn truncate(&mut self, len: usize) { + self.0.truncate(len) + } +} + struct BufferAdapter<'a, 'p>(&'a mut BorrowedPayload<'p>); impl AsRef<[u8]> for BufferAdapter<'_, '_> { diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 94764d7ff6..0121cc3f0b 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -7,13 +7,12 @@ use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm}; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; -use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage}; +use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage, PrefixedPayload}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; use crate::version::TLS12; use alloc::boxed::Box; -use alloc::vec::Vec; use aws_lc_rs::{aead, tls_prf}; @@ -303,17 +302,17 @@ impl MessageDecrypter for GcmMessageDecrypter { impl MessageEncrypter for GcmMessageEncrypter { fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { + let total_len = self.encrypted_payload_len(msg.payload.len()); + let mut payload = PrefixedPayload::with_capacity(total_len); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); - - let total_len = self.encrypted_payload_len(msg.payload.len()); - let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(&nonce.as_ref()[4..]); - msg.payload.copy_to_vec(&mut payload); + payload.extend_from_chunks(&msg.payload); self.enc_key - .seal_in_place_separate_tag(nonce, aad, &mut payload[GCM_EXPLICIT_NONCE_LEN..]) - .map(|tag| payload.extend(tag.as_ref())) + .seal_in_place_separate_tag(nonce, aad, &mut payload.as_mut()[GCM_EXPLICIT_NONCE_LEN..]) + .map(|tag| payload.extend_from_slice(tag.as_ref())) .map_err(|_| Error::EncryptError)?; Ok(OpaqueMessage::new(msg.typ, msg.version, payload)) @@ -380,18 +379,18 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { + let total_len = self.encrypted_payload_len(msg.payload.len()); + let mut payload = PrefixedPayload::with_capacity(total_len); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.enc_offset, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); - - let total_len = self.encrypted_payload_len(msg.payload.len()); - let mut buf = Vec::with_capacity(total_len); - msg.payload.copy_to_vec(&mut buf); + payload.extend_from_chunks(&msg.payload); self.enc_key - .seal_in_place_append_tag(nonce, aad, &mut buf) + .seal_in_place_append_tag(nonce, aad, &mut payload) .map_err(|_| Error::EncryptError)?; - Ok(OpaqueMessage::new(msg.typ, msg.version, buf)) + Ok(OpaqueMessage::new(msg.typ, msg.version, payload)) } fn encrypted_payload_len(&self, payload_len: usize) -> usize { diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index abcdf3a566..864cf2d069 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -1,5 +1,4 @@ use alloc::boxed::Box; -use alloc::vec::Vec; use crate::crypto; use crate::crypto::cipher::{ @@ -9,8 +8,7 @@ use crate::crypto::cipher::{ use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; -use crate::msgs::codec::Codec; -use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage}; +use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage, PrefixedPayload}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; @@ -222,12 +220,13 @@ struct AeadMessageDecrypter { impl MessageEncrypter for AeadMessageEncrypter { fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); - let mut payload = Vec::with_capacity(total_len); - msg.payload.copy_to_vec(&mut payload); - msg.typ.encode(&mut payload); + let mut payload = PrefixedPayload::with_capacity(total_len); let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls13_aad(total_len)); + payload.extend_from_chunks(&msg.payload); + payload.extend_from_slice(&msg.typ.get_array()); + self.enc_key .seal_in_place_append_tag(nonce, aad, &mut payload) .map_err(|_| Error::EncryptError)?; @@ -277,13 +276,14 @@ struct GcmMessageEncrypter { impl MessageEncrypter for GcmMessageEncrypter { fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { - let total_len = msg.payload.len() + 1 + self.enc_key.algorithm().tag_len(); - let mut payload = Vec::with_capacity(total_len); - msg.payload.copy_to_vec(&mut payload); - msg.typ.encode(&mut payload); + let total_len = self.encrypted_payload_len(msg.payload.len()); + let mut payload = PrefixedPayload::with_capacity(total_len); let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls13_aad(total_len)); + payload.extend_from_chunks(&msg.payload); + payload.extend_from_slice(&msg.typ.get_array()); + self.enc_key .seal_in_place_append_tag(nonce, aad, &mut payload) .map_err(|_| Error::EncryptError)?; diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 78f0e4dd6a..70bca882ec 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -9,6 +9,7 @@ pub use crate::msgs::base::BorrowedPayload; use crate::msgs::codec; pub use crate::msgs::message::{ BorrowedOpaqueMessage, InboundMessage, OpaqueMessage, OutboundMessage, PlainMessage, + PrefixedPayload, }; use crate::suites::ConnectionTrafficSecrets; diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index a01da6ef0c..362041436a 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -7,12 +7,11 @@ use crate::crypto::KeyExchangeAlgorithm; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; -use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage}; +use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage, PrefixedPayload}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; use alloc::boxed::Box; -use alloc::vec::Vec; use super::ring_like::aead; @@ -287,17 +286,17 @@ impl MessageDecrypter for GcmMessageDecrypter { impl MessageEncrypter for GcmMessageEncrypter { fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { + let total_len = self.encrypted_payload_len(msg.payload.len()); + let mut payload = PrefixedPayload::with_capacity(total_len); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); - - let total_len = self.encrypted_payload_len(msg.payload.len()); - let mut payload = Vec::with_capacity(total_len); payload.extend_from_slice(&nonce.as_ref()[4..]); - msg.payload.copy_to_vec(&mut payload); + payload.extend_from_chunks(&msg.payload); self.enc_key - .seal_in_place_separate_tag(nonce, aad, &mut payload[GCM_EXPLICIT_NONCE_LEN..]) - .map(|tag| payload.extend(tag.as_ref())) + .seal_in_place_separate_tag(nonce, aad, &mut payload.as_mut()[GCM_EXPLICIT_NONCE_LEN..]) + .map(|tag| payload.extend_from_slice(tag.as_ref())) .map_err(|_| Error::EncryptError)?; Ok(OpaqueMessage::new(msg.typ, msg.version, payload)) @@ -364,18 +363,18 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { + let total_len = self.encrypted_payload_len(msg.payload.len()); + let mut payload = PrefixedPayload::with_capacity(total_len); + let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.enc_offset, seq).0); let aad = aead::Aad::from(make_tls12_aad(seq, msg.typ, msg.version, msg.payload.len())); - - let total_len = self.encrypted_payload_len(msg.payload.len()); - let mut buf = Vec::with_capacity(total_len); - msg.payload.copy_to_vec(&mut buf); + payload.extend_from_chunks(&msg.payload); self.enc_key - .seal_in_place_append_tag(nonce, aad, &mut buf) + .seal_in_place_append_tag(nonce, aad, &mut payload) .map_err(|_| Error::EncryptError)?; - Ok(OpaqueMessage::new(msg.typ, msg.version, buf)) + Ok(OpaqueMessage::new(msg.typ, msg.version, payload)) } fn encrypted_payload_len(&self, payload_len: usize) -> usize { diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 4876b55ef1..6816f38b81 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -1,5 +1,4 @@ use alloc::boxed::Box; -use alloc::vec::Vec; use crate::crypto; use crate::crypto::cipher::{ @@ -9,8 +8,7 @@ use crate::crypto::cipher::{ use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; -use crate::msgs::codec::Codec; -use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage}; +use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage, PrefixedPayload}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; @@ -194,12 +192,13 @@ struct Tls13MessageDecrypter { impl MessageEncrypter for Tls13MessageEncrypter { fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); - let mut payload = Vec::with_capacity(total_len); - msg.payload.copy_to_vec(&mut payload); - msg.typ.encode(&mut payload); + let mut payload = PrefixedPayload::with_capacity(total_len); let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls13_aad(total_len)); + payload.extend_from_chunks(&msg.payload); + payload.extend_from_slice(&msg.typ.get_array()); + self.enc_key .seal_in_place_append_tag(nonce, aad, &mut payload) .map_err(|_| Error::EncryptError)?; diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs index 8566b0ef4c..71d9653a21 100644 --- a/rustls/src/msgs/message.rs +++ b/rustls/src/msgs/message.rs @@ -1,5 +1,4 @@ -use crate::enums::ProtocolVersion; -use crate::enums::{AlertDescription, ContentType, HandshakeType}; +use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; use crate::internal::record_layer::RecordLayer; use crate::msgs::alert::AlertMessagePayload; @@ -90,41 +89,22 @@ impl<'a> MessagePayload<'a> { /// This type owns all memory for its interior parts. It is used to read/write from/to I/O /// buffers as well as for fragmenting, joining and encryption/decryption. It can be converted /// into a `Message` by decoding the payload. -/// -/// # Decryption -/// Internally the message payload is stored as a `Vec`; this can by mutably borrowed with -/// [`OpaqueMessage::payload_mut()`]. This is useful for decrypting a message in-place. -/// After the message is decrypted, call [`OpaqueMessage::into_plain_message()`] or borrow this -/// message and call [`BorrowedOpaqueMessage::into_tls13_unpadded_message`]. #[derive(Clone, Debug)] pub struct OpaqueMessage { pub typ: ContentType, pub version: ProtocolVersion, - payload: Payload<'static>, + payload: PrefixedPayload, } impl OpaqueMessage { /// Construct a new `OpaqueMessage` from constituent fields. /// /// `body` is moved into the `payload` field. - pub fn new(typ: ContentType, version: ProtocolVersion, body: Vec) -> Self { + pub fn new(typ: ContentType, version: ProtocolVersion, payload: PrefixedPayload) -> Self { Self { typ, version, - payload: Payload::new(body), - } - } - - /// Access the message payload as a slice. - pub fn payload(&self) -> &[u8] { - self.payload.bytes() - } - - /// Access the message payload as a mutable `Vec`. - pub fn payload_mut(&mut self) -> &mut Vec { - match &mut self.payload { - Payload::Borrowed(_) => unreachable!("due to how constructor works"), - Payload::Owned(bytes) => bytes, + payload, } } @@ -133,25 +113,24 @@ impl OpaqueMessage { pub fn read(r: &mut Reader) -> Result { let (typ, version, len) = read_opaque_message_header(r)?; - let mut sub = r - .sub(len as usize) - .map_err(|_| MessageError::TooShortForLength)?; - let payload = Payload::read(&mut sub).into_owned(); + let content = r + .take(len as usize) + .ok_or(MessageError::TooShortForLength)?; Ok(Self { typ, version, - payload, + payload: PrefixedPayload::from(content), }) } pub fn encode(self) -> Vec { - let mut buf = Vec::new(); - self.typ.encode(&mut buf); - self.version.encode(&mut buf); - (self.payload.bytes().len() as u16).encode(&mut buf); - self.payload.encode(&mut buf); - buf + let length = self.payload.len() as u16; + let mut encoded_payload = self.payload.0; + encoded_payload[0] = self.typ.get_u8(); + encoded_payload[1..3].copy_from_slice(&self.version.get_u16().to_be_bytes()); + encoded_payload[3..5].copy_from_slice(&(length).to_be_bytes()); + encoded_payload } /// Force conversion into a plaintext message. @@ -162,16 +141,7 @@ impl OpaqueMessage { PlainMessage { version: self.version, typ: self.typ, - payload: self.payload, - } - } - - #[cfg(test)] - pub(crate) fn borrow(&mut self) -> BorrowedOpaqueMessage { - BorrowedOpaqueMessage { - typ: self.typ, - version: self.version, - payload: BorrowedPayload::new(self.payload_mut()), + payload: Payload::Owned(self.payload.to_vec()), } } @@ -186,6 +156,75 @@ impl OpaqueMessage { pub const MAX_WIRE_SIZE: usize = Self::MAX_PAYLOAD as usize + Self::HEADER_SIZE; } +#[derive(Clone, Debug)] +pub struct PrefixedPayload(Vec); + +impl PrefixedPayload { + pub fn with_capacity(capacity: usize) -> Self { + let mut prefixed_payload = Vec::with_capacity(OpaqueMessage::HEADER_SIZE + capacity); + prefixed_payload.resize(OpaqueMessage::HEADER_SIZE, 0); + Self(prefixed_payload) + } + + pub fn len(&self) -> usize { + self.0.len() - OpaqueMessage::HEADER_SIZE + } + + pub fn is_empty(&self) -> bool { + self.len() == 0 + } + + pub fn to_vec(&self) -> Vec { + self.as_ref().to_vec() + } + + pub fn extend_from_slice(&mut self, slice: &[u8]) { + self.0.extend_from_slice(slice) + } + + pub fn extend_from_chunks(&mut self, chunks: &OutboundChunks) { + chunks.copy_to_vec(&mut self.0) + } + + pub fn truncate(&mut self, len: usize) { + self.0 + .truncate(len + OpaqueMessage::HEADER_SIZE) + } +} + +impl AsRef<[u8]> for PrefixedPayload { + fn as_ref(&self) -> &[u8] { + &self.0[OpaqueMessage::HEADER_SIZE..] + } +} + +impl AsMut<[u8]> for PrefixedPayload { + fn as_mut(&mut self) -> &mut [u8] { + &mut self.0[OpaqueMessage::HEADER_SIZE..] + } +} + +impl<'a> Extend<&'a u8> for PrefixedPayload { + fn extend>(&mut self, iter: T) { + self.0.extend(iter) + } +} + +impl From<&[u8]> for PrefixedPayload { + fn from(content: &[u8]) -> Self { + let mut payload = Vec::with_capacity(OpaqueMessage::HEADER_SIZE + content.len()); + payload.extend(&[0u8; OpaqueMessage::HEADER_SIZE]); + payload.extend(content); + Self(payload) + } +} + +impl From<&[u8; N]> for PrefixedPayload { + fn from(content: &[u8; N]) -> Self { + Self::from(&content[..]) + } +} + /// A borrowed version of [`OpaqueMessage`]. pub struct BorrowedOpaqueMessage<'a> { pub typ: ContentType, @@ -331,7 +370,7 @@ impl PlainMessage { OpaqueMessage { version: self.version, typ: self.typ, - payload: self.payload, + payload: PrefixedPayload::from(self.payload.bytes()), } } @@ -479,10 +518,12 @@ impl OutboundMessage<'_> { } pub(crate) fn to_unencrypted_opaque(&self) -> OpaqueMessage { + let mut payload = PrefixedPayload::with_capacity(self.payload.len()); + payload.extend_from_chunks(&self.payload); OpaqueMessage { version: self.version, typ: self.typ, - payload: Payload::Owned(self.payload.to_vec()), + payload, } } } diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index feabd77fa2..c49353cf34 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -247,6 +247,8 @@ pub(crate) struct Decrypted<'a> { #[cfg(test)] mod tests { + use crate::crypto::cipher::BorrowedPayload; + use super::*; #[test] @@ -291,13 +293,12 @@ mod tests { // Decrypting a message should update the read_seq and track that we have now performed // a decryption. - let mut msg = OpaqueMessage::new( - ContentType::Handshake, - ProtocolVersion::TLSv1_2, - vec![0xC0, 0xFF, 0xEE], - ); record_layer - .decrypt_incoming(msg.borrow()) + .decrypt_incoming(BorrowedOpaqueMessage { + typ: ContentType::Handshake, + version: ProtocolVersion::TLSv1_2, + payload: BorrowedPayload::new(&mut [0xC0, 0xFF, 0xEE]), + }) .unwrap(); assert!(matches!(record_layer.decrypt_state, DirectionState::Active)); assert_eq!(record_layer.read_seq, 1); From 6031a0d7a81482c6a2e582dfbf9e5e84971800ce Mon Sep 17 00:00:00 2001 From: Eloi DEMOLIS Date: Fri, 23 Feb 2024 14:17:06 -0500 Subject: [PATCH 0755/1145] provider-example: BufferAdapter->DecryptBufferAdapter The previous commit introduced an `EncryptBufferAdapter` alongside `BufferAdapter`. This commit renames `BufferAdapter` to `DecryptBufferAdapter` to better represent its purpose. --- provider-example/src/aead.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index f4b3ac2537..be833ff322 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -118,7 +118,7 @@ impl MessageDecrypter for Tls13Cipher { let aad = make_tls13_aad(payload.len()); self.0 - .decrypt_in_place(&nonce, &aad, &mut BufferAdapter(payload)) + .decrypt_in_place(&nonce, &aad, &mut DecryptBufferAdapter(payload)) .map_err(|_| rustls::Error::DecryptError)?; m.into_tls13_unpadded_message() @@ -164,7 +164,7 @@ impl MessageDecrypter for Tls12Cipher { let payload = &mut m.payload; self.0 - .decrypt_in_place(&nonce, &aad, &mut BufferAdapter(payload)) + .decrypt_in_place(&nonce, &aad, &mut DecryptBufferAdapter(payload)) .map_err(|_| rustls::Error::DecryptError)?; Ok(m.into_inbound_message()) @@ -198,21 +198,21 @@ impl Buffer for EncryptBufferAdapter<'_> { } } -struct BufferAdapter<'a, 'p>(&'a mut BorrowedPayload<'p>); +struct DecryptBufferAdapter<'a, 'p>(&'a mut BorrowedPayload<'p>); -impl AsRef<[u8]> for BufferAdapter<'_, '_> { +impl AsRef<[u8]> for DecryptBufferAdapter<'_, '_> { fn as_ref(&self) -> &[u8] { self.0 } } -impl AsMut<[u8]> for BufferAdapter<'_, '_> { +impl AsMut<[u8]> for DecryptBufferAdapter<'_, '_> { fn as_mut(&mut self) -> &mut [u8] { self.0 } } -impl Buffer for BufferAdapter<'_, '_> { +impl Buffer for DecryptBufferAdapter<'_, '_> { fn extend_from_slice(&mut self, _: &[u8]) -> chacha20poly1305::aead::Result<()> { unreachable!("not used by `AeadInPlace::decrypt_in_place`") } From a8d3857106dd5933d52c8b49252fdee874fa3e5f Mon Sep 17 00:00:00 2001 From: Eloi DEMOLIS Date: Fri, 23 Feb 2024 14:48:44 -0500 Subject: [PATCH 0756/1145] Type renaming Signed-off-by: Eloi DEMOLIS --- fuzz/fuzzers/fragment.rs | 4 +- fuzz/fuzzers/message.rs | 4 +- provider-example/src/aead.rs | 34 +- rustls/src/common_state.rs | 11 +- rustls/src/conn.rs | 6 +- rustls/src/crypto/aws_lc_rs/tls12.rs | 34 +- rustls/src/crypto/aws_lc_rs/tls13.rs | 30 +- rustls/src/crypto/cipher.rs | 25 +- rustls/src/crypto/ring/tls12.rs | 34 +- rustls/src/crypto/ring/tls13.rs | 18 +- rustls/src/lib.rs | 4 +- rustls/src/msgs/base.rs | 56 -- rustls/src/msgs/deframer.rs | 24 +- rustls/src/msgs/fragmenter.rs | 12 +- rustls/src/msgs/message.rs | 774 --------------------- rustls/src/msgs/message/inbound_opaque.rs | 143 ++++ rustls/src/msgs/message/inbound_plain.rs | 32 + rustls/src/msgs/message/mod.rs | 230 ++++++ rustls/src/msgs/message/outbound_opaque.rs | 184 +++++ rustls/src/msgs/message/outbound_plain.rs | 267 +++++++ rustls/src/msgs/message_test.rs | 8 +- rustls/src/msgs/mod.rs | 4 +- rustls/src/record_layer.rs | 33 +- rustls/tests/api.rs | 4 +- rustls/tests/common/mod.rs | 4 +- 25 files changed, 1031 insertions(+), 948 deletions(-) delete mode 100644 rustls/src/msgs/message.rs create mode 100644 rustls/src/msgs/message/inbound_opaque.rs create mode 100644 rustls/src/msgs/message/inbound_plain.rs create mode 100644 rustls/src/msgs/message/mod.rs create mode 100644 rustls/src/msgs/message/outbound_opaque.rs create mode 100644 rustls/src/msgs/message/outbound_plain.rs diff --git a/fuzz/fuzzers/fragment.rs b/fuzz/fuzzers/fragment.rs index e78cb42659..3e22903dcd 100644 --- a/fuzz/fuzzers/fragment.rs +++ b/fuzz/fuzzers/fragment.rs @@ -6,11 +6,11 @@ extern crate rustls; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::fragmenter::MessageFragmenter; -use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage}; +use rustls::internal::msgs::message::{Message, OutboundOpaqueMessage, PlainMessage}; fuzz_target!(|data: &[u8]| { let mut rdr = Reader::init(data); - let msg = match OpaqueMessage::read(&mut rdr) { + let msg = match OutboundOpaqueMessage::read(&mut rdr) { Ok(msg) => msg, Err(_) => return, }; diff --git a/fuzz/fuzzers/message.rs b/fuzz/fuzzers/message.rs index 5ed92e9917..3e1c7af6e5 100644 --- a/fuzz/fuzzers/message.rs +++ b/fuzz/fuzzers/message.rs @@ -4,11 +4,11 @@ extern crate libfuzzer_sys; extern crate rustls; use rustls::internal::msgs::codec::Reader; -use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage}; +use rustls::internal::msgs::message::{Message, OutboundOpaqueMessage, PlainMessage}; fuzz_target!(|data: &[u8]| { let mut rdr = Reader::init(data); - if let Ok(m) = OpaqueMessage::read(&mut rdr) { + if let Ok(m) = OutboundOpaqueMessage::read(&mut rdr) { let msg = match Message::try_from(m.into_plain_message()) { Ok(msg) => msg, Err(_) => return, diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index be833ff322..a3b238324f 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -3,10 +3,10 @@ use alloc::boxed::Box; use chacha20poly1305::aead::Buffer; use chacha20poly1305::{AeadInPlace, KeyInit, KeySizeUser}; use rustls::crypto::cipher::{ - make_tls12_aad, make_tls13_aad, AeadKey, BorrowedOpaqueMessage, BorrowedPayload, - InboundMessage, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, OpaqueMessage, - OutboundMessage, PrefixedPayload, Tls12AeadAlgorithm, Tls13AeadAlgorithm, - UnsupportedOperationError, NONCE_LEN, + make_tls12_aad, make_tls13_aad, AeadKey, BorrowedPayload, InboundOpaqueMessage, + InboundPlainMessage, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, + OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload, Tls12AeadAlgorithm, + Tls13AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, }; use rustls::{ConnectionTrafficSecrets, ContentType, ProtocolVersion}; @@ -81,7 +81,11 @@ impl Tls12AeadAlgorithm for Chacha20Poly1305 { struct Tls13Cipher(chacha20poly1305::ChaCha20Poly1305, Iv); impl MessageEncrypter for Tls13Cipher { - fn encrypt(&mut self, m: OutboundMessage, seq: u64) -> Result { + fn encrypt( + &mut self, + m: OutboundPlainMessage, + seq: u64, + ) -> Result { let total_len = self.encrypted_payload_len(m.payload.len()); let mut payload = PrefixedPayload::with_capacity(total_len); @@ -94,7 +98,7 @@ impl MessageEncrypter for Tls13Cipher { .encrypt_in_place(&nonce, &aad, &mut EncryptBufferAdapter(&mut payload)) .map_err(|_| rustls::Error::EncryptError) .map(|_| { - OpaqueMessage::new( + OutboundOpaqueMessage::new( ContentType::ApplicationData, ProtocolVersion::TLSv1_2, payload, @@ -110,9 +114,9 @@ impl MessageEncrypter for Tls13Cipher { impl MessageDecrypter for Tls13Cipher { fn decrypt<'a>( &mut self, - mut m: BorrowedOpaqueMessage<'a>, + mut m: InboundOpaqueMessage<'a>, seq: u64, - ) -> Result, rustls::Error> { + ) -> Result, rustls::Error> { let payload = &mut m.payload; let nonce = chacha20poly1305::Nonce::from(Nonce::new(&self.1, seq).0); let aad = make_tls13_aad(payload.len()); @@ -128,7 +132,11 @@ impl MessageDecrypter for Tls13Cipher { struct Tls12Cipher(chacha20poly1305::ChaCha20Poly1305, Iv); impl MessageEncrypter for Tls12Cipher { - fn encrypt(&mut self, m: OutboundMessage, seq: u64) -> Result { + fn encrypt( + &mut self, + m: OutboundPlainMessage, + seq: u64, + ) -> Result { let total_len = self.encrypted_payload_len(m.payload.len()); let mut payload = PrefixedPayload::with_capacity(total_len); @@ -139,7 +147,7 @@ impl MessageEncrypter for Tls12Cipher { self.0 .encrypt_in_place(&nonce, &aad, &mut EncryptBufferAdapter(&mut payload)) .map_err(|_| rustls::Error::EncryptError) - .map(|_| OpaqueMessage::new(m.typ, m.version, payload)) + .map(|_| OutboundOpaqueMessage::new(m.typ, m.version, payload)) } fn encrypted_payload_len(&self, payload_len: usize) -> usize { @@ -150,9 +158,9 @@ impl MessageEncrypter for Tls12Cipher { impl MessageDecrypter for Tls12Cipher { fn decrypt<'a>( &mut self, - mut m: BorrowedOpaqueMessage<'a>, + mut m: InboundOpaqueMessage<'a>, seq: u64, - ) -> Result, rustls::Error> { + ) -> Result, rustls::Error> { let payload = &m.payload; let nonce = chacha20poly1305::Nonce::from(Nonce::new(&self.1, seq).0); let aad = make_tls12_aad( @@ -167,7 +175,7 @@ impl MessageDecrypter for Tls12Cipher { .decrypt_in_place(&nonce, &aad, &mut DecryptBufferAdapter(payload)) .map_err(|_| rustls::Error::DecryptError)?; - Ok(m.into_inbound_message()) + Ok(m.into_plain_message()) } } diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index b7d1a7d199..9461024099 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -8,7 +8,8 @@ use crate::msgs::enums::{AlertLevel, KeyUpdateRequest}; use crate::msgs::fragmenter::MessageFragmenter; use crate::msgs::handshake::CertificateChain; use crate::msgs::message::{ - Message, MessagePayload, OpaqueMessage, OutboundChunks, OutboundMessage, PlainMessage, + Message, MessagePayload, OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, + PlainMessage, }; use crate::quic; use crate::record_layer; @@ -307,7 +308,7 @@ impl CommonState { len } - fn send_single_fragment(&mut self, m: OutboundMessage) { + fn send_single_fragment(&mut self, m: OutboundPlainMessage) { // Close connection once we start to run out of // sequence space. if self @@ -397,7 +398,7 @@ impl CommonState { } // Put m into sendable_tls for writing. - fn queue_tls_message(&mut self, m: OpaqueMessage) { + fn queue_tls_message(&mut self, m: OutboundOpaqueMessage) { self.sendable_tls.append(m.encode()); } @@ -555,7 +556,7 @@ impl CommonState { &self, outgoing_tls: &mut [u8], opt_msg: Option<&[u8]>, - fragments: impl Iterator>, + fragments: impl Iterator>, ) -> Result<(), EncryptError> { let mut required_size = 0; if let Some(message) = opt_msg { @@ -579,7 +580,7 @@ impl CommonState { &mut self, outgoing_tls: &mut [u8], opt_msg: Option>, - fragments: impl Iterator>, + fragments: impl Iterator>, ) -> usize { let mut written = 0; diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 97a47d87e1..1d29710a09 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -5,7 +5,7 @@ use crate::error::{Error, PeerMisbehaved}; use crate::log::trace; use crate::msgs::deframer::{Deframed, DeframerSliceBuffer, DeframerVecBuffer, MessageDeframer}; use crate::msgs::handshake::Random; -use crate::msgs::message::{InboundMessage, Message, MessagePayload, OutboundChunks}; +use crate::msgs::message::{InboundPlainMessage, Message, MessagePayload, OutboundChunks}; use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; use crate::vecbuf::ChunkVecBuffer; @@ -778,7 +778,7 @@ impl ConnectionCore { &mut self, state: Option<&dyn State>, deframer_buffer: &mut DeframerSliceBuffer<'b>, - ) -> Result>, Error> { + ) -> Result>, Error> { match self.message_deframer.pop( &mut self.common_state.record_layer, self.common_state.negotiated_version, @@ -833,7 +833,7 @@ impl ConnectionCore { fn process_msg( &mut self, - msg: InboundMessage, + msg: InboundPlainMessage, state: Box>, sendable_plaintext: Option<&mut ChunkVecBuffer>, ) -> Result>, Error> { diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 0121cc3f0b..daff1b20e9 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -1,5 +1,5 @@ use crate::crypto::cipher::{ - make_tls12_aad, AeadKey, BorrowedOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter, + make_tls12_aad, AeadKey, InboundOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, }; use crate::crypto::tls12::Prf; @@ -7,7 +7,9 @@ use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm}; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; -use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage, PrefixedPayload}; +use crate::msgs::message::{ + InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload, +}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; use crate::version::TLS12; @@ -262,9 +264,9 @@ const GCM_OVERHEAD: usize = GCM_EXPLICIT_NONCE_LEN + 16; impl MessageDecrypter for GcmMessageDecrypter { fn decrypt<'a>( &mut self, - mut msg: BorrowedOpaqueMessage<'a>, + mut msg: InboundOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &msg.payload; if payload.len() < GCM_OVERHEAD { return Err(Error::DecryptError); @@ -296,12 +298,16 @@ impl MessageDecrypter for GcmMessageDecrypter { } payload.truncate(plain_len); - Ok(msg.into_inbound_message()) + Ok(msg.into_plain_message()) } } impl MessageEncrypter for GcmMessageEncrypter { - fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { + fn encrypt( + &mut self, + msg: OutboundPlainMessage, + seq: u64, + ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = PrefixedPayload::with_capacity(total_len); @@ -315,7 +321,7 @@ impl MessageEncrypter for GcmMessageEncrypter { .map(|tag| payload.extend_from_slice(tag.as_ref())) .map_err(|_| Error::EncryptError)?; - Ok(OpaqueMessage::new(msg.typ, msg.version, payload)) + Ok(OutboundOpaqueMessage::new(msg.typ, msg.version, payload)) } fn encrypted_payload_len(&self, payload_len: usize) -> usize { @@ -344,9 +350,9 @@ const CHACHAPOLY1305_OVERHEAD: usize = 16; impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { fn decrypt<'a>( &mut self, - mut msg: BorrowedOpaqueMessage<'a>, + mut msg: InboundOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &msg.payload; if payload.len() < CHACHAPOLY1305_OVERHEAD { @@ -373,12 +379,16 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { } payload.truncate(plain_len); - Ok(msg.into_inbound_message()) + Ok(msg.into_plain_message()) } } impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { - fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { + fn encrypt( + &mut self, + msg: OutboundPlainMessage, + seq: u64, + ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = PrefixedPayload::with_capacity(total_len); @@ -390,7 +400,7 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { .seal_in_place_append_tag(nonce, aad, &mut payload) .map_err(|_| Error::EncryptError)?; - Ok(OpaqueMessage::new(msg.typ, msg.version, payload)) + Ok(OutboundOpaqueMessage::new(msg.typ, msg.version, payload)) } fn encrypted_payload_len(&self, payload_len: usize) -> usize { diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index 864cf2d069..1464002e0f 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -2,13 +2,15 @@ use alloc::boxed::Box; use crate::crypto; use crate::crypto::cipher::{ - make_tls13_aad, AeadKey, BorrowedOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce, + make_tls13_aad, AeadKey, InboundOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce, Tls13AeadAlgorithm, UnsupportedOperationError, }; use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; -use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage, PrefixedPayload}; +use crate::msgs::message::{ + InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload, +}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; @@ -218,7 +220,11 @@ struct AeadMessageDecrypter { } impl MessageEncrypter for AeadMessageEncrypter { - fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { + fn encrypt( + &mut self, + msg: OutboundPlainMessage, + seq: u64, + ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = PrefixedPayload::with_capacity(total_len); @@ -231,7 +237,7 @@ impl MessageEncrypter for AeadMessageEncrypter { .seal_in_place_append_tag(nonce, aad, &mut payload) .map_err(|_| Error::EncryptError)?; - Ok(OpaqueMessage::new( + Ok(OutboundOpaqueMessage::new( ContentType::ApplicationData, // Note: all TLS 1.3 application data records use TLSv1_2 (0x0303) as the legacy record // protocol version, see https://www.rfc-editor.org/rfc/rfc8446#section-5.1 @@ -248,9 +254,9 @@ impl MessageEncrypter for AeadMessageEncrypter { impl MessageDecrypter for AeadMessageDecrypter { fn decrypt<'a>( &mut self, - mut msg: BorrowedOpaqueMessage<'a>, + mut msg: InboundOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &mut msg.payload; if payload.len() < self.dec_key.algorithm().tag_len() { return Err(Error::DecryptError); @@ -275,7 +281,11 @@ struct GcmMessageEncrypter { } impl MessageEncrypter for GcmMessageEncrypter { - fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { + fn encrypt( + &mut self, + msg: OutboundPlainMessage, + seq: u64, + ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = PrefixedPayload::with_capacity(total_len); @@ -288,7 +298,7 @@ impl MessageEncrypter for GcmMessageEncrypter { .seal_in_place_append_tag(nonce, aad, &mut payload) .map_err(|_| Error::EncryptError)?; - Ok(OpaqueMessage::new( + Ok(OutboundOpaqueMessage::new( ContentType::ApplicationData, ProtocolVersion::TLSv1_2, payload, @@ -308,9 +318,9 @@ struct GcmMessageDecrypter { impl MessageDecrypter for GcmMessageDecrypter { fn decrypt<'a>( &mut self, - mut msg: BorrowedOpaqueMessage<'a>, + mut msg: InboundOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &mut msg.payload; if payload.len() < self.dec_key.algorithm().tag_len() { return Err(Error::DecryptError); diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 70bca882ec..3c4b42dd2d 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -5,11 +5,10 @@ use std::error::Error as StdError; use crate::enums::{ContentType, ProtocolVersion}; use crate::error::Error; -pub use crate::msgs::base::BorrowedPayload; use crate::msgs::codec; pub use crate::msgs::message::{ - BorrowedOpaqueMessage, InboundMessage, OpaqueMessage, OutboundMessage, PlainMessage, - PrefixedPayload, + BorrowedPayload, InboundOpaqueMessage, InboundPlainMessage, OutboundChunks, + OutboundOpaqueMessage, OutboundPlainMessage, PlainMessage, PrefixedPayload, }; use crate::suites::ConnectionTrafficSecrets; @@ -140,16 +139,20 @@ pub trait MessageDecrypter: Send + Sync { /// `seq` which can be used to derive a unique [`Nonce`]. fn decrypt<'a>( &mut self, - msg: BorrowedOpaqueMessage<'a>, + msg: InboundOpaqueMessage<'a>, seq: u64, - ) -> Result, Error>; + ) -> Result, Error>; } /// Objects with this trait can encrypt TLS messages. pub trait MessageEncrypter: Send + Sync { /// Encrypt the given TLS message `msg`, using the sequence number /// `seq which can be used to derive a unique [`Nonce`]. - fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result; + fn encrypt( + &mut self, + msg: OutboundPlainMessage, + seq: u64, + ) -> Result; /// Return the length of the ciphertext that results from encrypting plaintext of /// length `payload_len` @@ -319,7 +322,11 @@ impl From<[u8; Self::MAX_LEN]> for AeadKey { struct InvalidMessageEncrypter {} impl MessageEncrypter for InvalidMessageEncrypter { - fn encrypt(&mut self, _m: OutboundMessage, _seq: u64) -> Result { + fn encrypt( + &mut self, + _m: OutboundPlainMessage, + _seq: u64, + ) -> Result { Err(Error::EncryptError) } @@ -334,9 +341,9 @@ struct InvalidMessageDecrypter {} impl MessageDecrypter for InvalidMessageDecrypter { fn decrypt<'a>( &mut self, - _m: BorrowedOpaqueMessage<'a>, + _m: InboundOpaqueMessage<'a>, _seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { Err(Error::DecryptError) } } diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 362041436a..c7e01b993e 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -1,5 +1,5 @@ use crate::crypto::cipher::{ - make_tls12_aad, AeadKey, BorrowedOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter, + make_tls12_aad, AeadKey, InboundOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, }; use crate::crypto::tls12::PrfUsingHmac; @@ -7,7 +7,9 @@ use crate::crypto::KeyExchangeAlgorithm; use crate::enums::{CipherSuite, SignatureScheme}; use crate::error::Error; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; -use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage, PrefixedPayload}; +use crate::msgs::message::{ + InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload, +}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; @@ -246,9 +248,9 @@ const GCM_OVERHEAD: usize = GCM_EXPLICIT_NONCE_LEN + 16; impl MessageDecrypter for GcmMessageDecrypter { fn decrypt<'a>( &mut self, - mut msg: BorrowedOpaqueMessage<'a>, + mut msg: InboundOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &msg.payload; if payload.len() < GCM_OVERHEAD { return Err(Error::DecryptError); @@ -280,12 +282,16 @@ impl MessageDecrypter for GcmMessageDecrypter { } payload.truncate(plain_len); - Ok(msg.into_inbound_message()) + Ok(msg.into_plain_message()) } } impl MessageEncrypter for GcmMessageEncrypter { - fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { + fn encrypt( + &mut self, + msg: OutboundPlainMessage, + seq: u64, + ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = PrefixedPayload::with_capacity(total_len); @@ -299,7 +305,7 @@ impl MessageEncrypter for GcmMessageEncrypter { .map(|tag| payload.extend_from_slice(tag.as_ref())) .map_err(|_| Error::EncryptError)?; - Ok(OpaqueMessage::new(msg.typ, msg.version, payload)) + Ok(OutboundOpaqueMessage::new(msg.typ, msg.version, payload)) } fn encrypted_payload_len(&self, payload_len: usize) -> usize { @@ -328,9 +334,9 @@ const CHACHAPOLY1305_OVERHEAD: usize = 16; impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { fn decrypt<'a>( &mut self, - mut msg: BorrowedOpaqueMessage<'a>, + mut msg: InboundOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &msg.payload; if payload.len() < CHACHAPOLY1305_OVERHEAD { @@ -357,12 +363,16 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { } payload.truncate(plain_len); - Ok(msg.into_inbound_message()) + Ok(msg.into_plain_message()) } } impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { - fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { + fn encrypt( + &mut self, + msg: OutboundPlainMessage, + seq: u64, + ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = PrefixedPayload::with_capacity(total_len); @@ -374,7 +384,7 @@ impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { .seal_in_place_append_tag(nonce, aad, &mut payload) .map_err(|_| Error::EncryptError)?; - Ok(OpaqueMessage::new(msg.typ, msg.version, payload)) + Ok(OutboundOpaqueMessage::new(msg.typ, msg.version, payload)) } fn encrypted_payload_len(&self, payload_len: usize) -> usize { diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 6816f38b81..55742aa699 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -2,13 +2,15 @@ use alloc::boxed::Box; use crate::crypto; use crate::crypto::cipher::{ - make_tls13_aad, AeadKey, BorrowedOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce, + make_tls13_aad, AeadKey, InboundOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce, Tls13AeadAlgorithm, UnsupportedOperationError, }; use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::enums::{CipherSuite, ContentType, ProtocolVersion}; use crate::error::Error; -use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage, PrefixedPayload}; +use crate::msgs::message::{ + InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload, +}; use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; @@ -190,7 +192,11 @@ struct Tls13MessageDecrypter { } impl MessageEncrypter for Tls13MessageEncrypter { - fn encrypt(&mut self, msg: OutboundMessage, seq: u64) -> Result { + fn encrypt( + &mut self, + msg: OutboundPlainMessage, + seq: u64, + ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); let mut payload = PrefixedPayload::with_capacity(total_len); @@ -203,7 +209,7 @@ impl MessageEncrypter for Tls13MessageEncrypter { .seal_in_place_append_tag(nonce, aad, &mut payload) .map_err(|_| Error::EncryptError)?; - Ok(OpaqueMessage::new( + Ok(OutboundOpaqueMessage::new( ContentType::ApplicationData, // Note: all TLS 1.3 application data records use TLSv1_2 (0x0303) as the legacy record // protocol version, see https://www.rfc-editor.org/rfc/rfc8446#section-5.1 @@ -220,9 +226,9 @@ impl MessageEncrypter for Tls13MessageEncrypter { impl MessageDecrypter for Tls13MessageDecrypter { fn decrypt<'a>( &mut self, - mut msg: BorrowedOpaqueMessage<'a>, + mut msg: InboundOpaqueMessage<'a>, seq: u64, - ) -> Result, Error> { + ) -> Result, Error> { let payload = &mut msg.payload; if payload.len() < self.dec_key.algorithm().tag_len() { return Err(Error::DecryptError); diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 168610baff..cb0366fd25 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -440,7 +440,9 @@ pub mod internal { }; } pub mod message { - pub use crate::msgs::message::{Message, MessagePayload, OpaqueMessage, PlainMessage}; + pub use crate::msgs::message::{ + Message, MessagePayload, OutboundOpaqueMessage, PlainMessage, + }; } pub mod persist { pub use crate::msgs::persist::ServerSessionValue; diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index 4104b3f823..a2bb63d43a 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -4,13 +4,10 @@ use crate::msgs::codec::{Codec, Reader}; use alloc::vec::Vec; use core::fmt; -use core::ops::{Deref, DerefMut}; use pki_types::CertificateDer; use zeroize::Zeroize; -use super::codec::ReaderMut; - /// An externally length'd payload #[derive(Clone, Eq, PartialEq)] pub enum Payload<'a> { @@ -62,59 +59,6 @@ impl Payload<'static> { } } -/// Non-owning version of [`Payload`] -pub struct BorrowedPayload<'a>(&'a mut [u8]); - -impl Deref for BorrowedPayload<'_> { - type Target = [u8]; - - fn deref(&self) -> &Self::Target { - self.0 - } -} - -impl<'a> DerefMut for BorrowedPayload<'a> { - fn deref_mut(&mut self) -> &mut Self::Target { - self.0 - } -} - -impl<'a> BorrowedPayload<'a> { - #[cfg(test)] - pub(crate) fn new(bytes: &'a mut [u8]) -> Self { - Self(bytes) - } - - pub fn truncate(&mut self, len: usize) { - if len >= self.len() { - return; - } - - self.0 = core::mem::take(&mut self.0) - .split_at_mut(len) - .0; - } - - pub(crate) fn read(r: &mut ReaderMut<'a>) -> Self { - Self(r.rest()) - } - - pub(crate) fn into_inner(self) -> &'a mut [u8] { - self.0 - } - - pub(crate) fn pop(&mut self) -> Option { - if self.is_empty() { - return None; - } - - let len = self.len(); - let last = self[len - 1]; - self.truncate(len - 1); - Some(last) - } -} - impl<'a> Codec<'a> for CertificateDer<'a> { fn encode(&self, bytes: &mut Vec) { codec::u24(self.as_ref().len() as u32).encode(bytes); diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 070a3996bd..d0ea3dee55 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -7,7 +7,9 @@ use super::codec::Codec; use crate::enums::{ContentType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; use crate::msgs::codec; -use crate::msgs::message::{BorrowedOpaqueMessage, InboundMessage, MessageError, OpaqueMessage}; +use crate::msgs::message::{ + InboundOpaqueMessage, InboundPlainMessage, MessageError, OutboundOpaqueMessage, +}; use crate::record_layer::{Decrypted, RecordLayer}; /// This deframer works to reconstruct TLS messages from a stream of arbitrary-sized reads. @@ -65,7 +67,7 @@ impl MessageDeframer { // contain a header, and that header has a length which falls within `buf`. // If so, deframe it and place the message onto the frames output queue. let mut rd = codec::ReaderMut::init(buffer.filled_get_mut(start..)); - let m = match BorrowedOpaqueMessage::read(&mut rd) { + let m = match InboundOpaqueMessage::read(&mut rd) { Ok(m) => m, Err(msg_err) => { let err_kind = match msg_err { @@ -107,7 +109,7 @@ impl MessageDeframer { _ => false, }; if self.joining_hs.is_none() && allowed_plaintext { - let BorrowedOpaqueMessage { + let InboundOpaqueMessage { typ, version, payload, @@ -115,7 +117,7 @@ impl MessageDeframer { let raw_payload_slice = RawSlice::from(&*payload); // This is unencrypted. We check the contents later. buffer.queue_discard(end); - let message = InboundMessage { + let message = InboundPlainMessage { typ, version, payload: buffer.take(raw_payload_slice), @@ -134,7 +136,7 @@ impl MessageDeframer { let Decrypted { want_close_before_decrypt, plaintext: - InboundMessage { + InboundPlainMessage { typ, version, payload, @@ -168,7 +170,7 @@ impl MessageDeframer { // If it's not a handshake message, just return it -- no joining necessary. if typ != ContentType::Handshake { buffer.queue_discard(end); - let message = InboundMessage { + let message = InboundPlainMessage { typ, version, payload: buffer.take(plain_payload_slice), @@ -216,7 +218,7 @@ impl MessageDeframer { buffer.queue_discard(end); } - let message = InboundMessage { + let message = InboundPlainMessage { typ, version, payload: buffer.take(raw_payload), @@ -414,7 +416,7 @@ impl DeframerVecBuffer { // At this point, the buffer resizing logic below should reduce the buffer size. let allow_max = match is_joining_hs { true => MAX_HANDSHAKE_SIZE as usize, - false => OpaqueMessage::MAX_WIRE_SIZE, + false => OutboundOpaqueMessage::MAX_WIRE_SIZE, }; if self.used >= allow_max { @@ -422,7 +424,7 @@ impl DeframerVecBuffer { } // If we can and need to increase the buffer size to allow a 4k read, do so. After - // dealing with a large handshake message (exceeding `OpaqueMessage::MAX_WIRE_SIZE`), + // dealing with a large handshake message (exceeding `OutboundOpaqueMessage::MAX_WIRE_SIZE`), // make sure to reduce the buffer size again (large messages should be rare). // Also, reduce the buffer size if there are neither full nor partial messages in it, // which usually means that the other side suspended sending data. @@ -681,7 +683,7 @@ pub struct Deframed<'a> { pub(crate) want_close_before_decrypt: bool, pub(crate) aligned: bool, pub(crate) trial_decryption_finished: bool, - pub message: InboundMessage<'a>, + pub message: InboundPlainMessage<'a>, } const HEADER_SIZE: usize = 1 + 3; @@ -900,7 +902,7 @@ mod tests { assert_len(4096, d.input_bytes(&message)); assert_len(4096, d.input_bytes(&message)); assert_len( - OpaqueMessage::MAX_WIRE_SIZE - 16_384, + OutboundOpaqueMessage::MAX_WIRE_SIZE - 16_384, d.input_bytes(&message), ); assert!(d.input_bytes(&message).is_err()); diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index 6ce79aabdf..8ec2d4d90b 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -1,6 +1,6 @@ use crate::enums::ContentType; use crate::enums::ProtocolVersion; -use crate::msgs::message::{OutboundChunks, OutboundMessage, PlainMessage}; +use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage}; use crate::Error; pub(crate) const MAX_FRAGMENT_LEN: usize = 16384; pub(crate) const PACKET_OVERHEAD: usize = 1 + 2 + 2; @@ -26,7 +26,7 @@ impl MessageFragmenter { pub fn fragment_message<'a>( &self, msg: &'a PlainMessage, - ) -> impl Iterator> + 'a { + ) -> impl Iterator> + 'a { self.fragment_payload(msg.typ, msg.version, msg.payload.bytes().into()) } @@ -37,8 +37,8 @@ impl MessageFragmenter { typ: ContentType, version: ProtocolVersion, payload: OutboundChunks<'a>, - ) -> impl ExactSizeIterator> { - Chunker::new(payload, self.max_frag).map(move |payload| OutboundMessage { + ) -> impl ExactSizeIterator> { + Chunker::new(payload, self.max_frag).map(move |payload| OutboundPlainMessage { typ, version, payload, @@ -101,10 +101,10 @@ mod tests { use crate::enums::ContentType; use crate::enums::ProtocolVersion; use crate::msgs::base::Payload; - use crate::msgs::message::{OutboundChunks, OutboundMessage, PlainMessage}; + use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage}; fn msg_eq( - m: &OutboundMessage, + m: &OutboundPlainMessage, total_len: usize, typ: &ContentType, version: &ProtocolVersion, diff --git a/rustls/src/msgs/message.rs b/rustls/src/msgs/message.rs deleted file mode 100644 index 71d9653a21..0000000000 --- a/rustls/src/msgs/message.rs +++ /dev/null @@ -1,774 +0,0 @@ -use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; -use crate::error::{Error, InvalidMessage, PeerMisbehaved}; -use crate::internal::record_layer::RecordLayer; -use crate::msgs::alert::AlertMessagePayload; -use crate::msgs::base::{BorrowedPayload, Payload}; -use crate::msgs::ccs::ChangeCipherSpecPayload; -use crate::msgs::codec::{Codec, Reader, ReaderMut}; -use crate::msgs::enums::AlertLevel; -use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; -use crate::msgs::handshake::HandshakeMessagePayload; - -use alloc::vec::Vec; - -#[derive(Debug)] -pub enum MessagePayload<'a> { - Alert(AlertMessagePayload), - Handshake { - parsed: HandshakeMessagePayload<'a>, - encoded: Payload<'a>, - }, - ChangeCipherSpec(ChangeCipherSpecPayload), - ApplicationData(Payload<'a>), -} - -impl<'a> MessagePayload<'a> { - pub fn encode(&self, bytes: &mut Vec) { - match self { - Self::Alert(x) => x.encode(bytes), - Self::Handshake { encoded, .. } => bytes.extend(encoded.bytes()), - Self::ChangeCipherSpec(x) => x.encode(bytes), - Self::ApplicationData(x) => x.encode(bytes), - } - } - - pub fn handshake(parsed: HandshakeMessagePayload<'a>) -> Self { - Self::Handshake { - encoded: Payload::new(parsed.get_encoding()), - parsed, - } - } - - pub fn new( - typ: ContentType, - vers: ProtocolVersion, - payload: &'a [u8], - ) -> Result { - let mut r = Reader::init(payload); - match typ { - ContentType::ApplicationData => Ok(Self::ApplicationData(Payload::Borrowed(payload))), - ContentType::Alert => AlertMessagePayload::read(&mut r).map(MessagePayload::Alert), - ContentType::Handshake => { - HandshakeMessagePayload::read_version(&mut r, vers).map(|parsed| Self::Handshake { - parsed, - encoded: Payload::Borrowed(payload), - }) - } - ContentType::ChangeCipherSpec => { - ChangeCipherSpecPayload::read(&mut r).map(MessagePayload::ChangeCipherSpec) - } - _ => Err(InvalidMessage::InvalidContentType), - } - } - - pub fn content_type(&self) -> ContentType { - match self { - Self::Alert(_) => ContentType::Alert, - Self::Handshake { .. } => ContentType::Handshake, - Self::ChangeCipherSpec(_) => ContentType::ChangeCipherSpec, - Self::ApplicationData(_) => ContentType::ApplicationData, - } - } - - pub(crate) fn into_owned(self) -> MessagePayload<'static> { - use MessagePayload::*; - match self { - Alert(x) => Alert(x), - Handshake { parsed, encoded } => Handshake { - parsed: parsed.into_owned(), - encoded: encoded.into_owned(), - }, - ChangeCipherSpec(x) => ChangeCipherSpec(x), - ApplicationData(x) => ApplicationData(x.into_owned()), - } - } -} - -/// A TLS frame, named TLSPlaintext in the standard. -/// -/// This type owns all memory for its interior parts. It is used to read/write from/to I/O -/// buffers as well as for fragmenting, joining and encryption/decryption. It can be converted -/// into a `Message` by decoding the payload. -#[derive(Clone, Debug)] -pub struct OpaqueMessage { - pub typ: ContentType, - pub version: ProtocolVersion, - payload: PrefixedPayload, -} - -impl OpaqueMessage { - /// Construct a new `OpaqueMessage` from constituent fields. - /// - /// `body` is moved into the `payload` field. - pub fn new(typ: ContentType, version: ProtocolVersion, payload: PrefixedPayload) -> Self { - Self { - typ, - version, - payload, - } - } - - /// `MessageError` allows callers to distinguish between valid prefixes (might - /// become valid if we read more data) and invalid data. - pub fn read(r: &mut Reader) -> Result { - let (typ, version, len) = read_opaque_message_header(r)?; - - let content = r - .take(len as usize) - .ok_or(MessageError::TooShortForLength)?; - - Ok(Self { - typ, - version, - payload: PrefixedPayload::from(content), - }) - } - - pub fn encode(self) -> Vec { - let length = self.payload.len() as u16; - let mut encoded_payload = self.payload.0; - encoded_payload[0] = self.typ.get_u8(); - encoded_payload[1..3].copy_from_slice(&self.version.get_u16().to_be_bytes()); - encoded_payload[3..5].copy_from_slice(&(length).to_be_bytes()); - encoded_payload - } - - /// Force conversion into a plaintext message. - /// - /// This should only be used for messages that are known to be in plaintext. Otherwise, the - /// `OpaqueMessage` should be decrypted into a `PlainMessage` using a `MessageDecrypter`. - pub fn into_plain_message(self) -> PlainMessage { - PlainMessage { - version: self.version, - typ: self.typ, - payload: Payload::Owned(self.payload.to_vec()), - } - } - - /// Maximum message payload size. - /// That's 2^14 payload bytes and a 2KB allowance for ciphertext overheads. - const MAX_PAYLOAD: u16 = 16_384 + 2048; - - /// Content type, version and size. - const HEADER_SIZE: usize = 1 + 2 + 2; - - /// Maximum on-the-wire message size. - pub const MAX_WIRE_SIZE: usize = Self::MAX_PAYLOAD as usize + Self::HEADER_SIZE; -} - -#[derive(Clone, Debug)] -pub struct PrefixedPayload(Vec); - -impl PrefixedPayload { - pub fn with_capacity(capacity: usize) -> Self { - let mut prefixed_payload = Vec::with_capacity(OpaqueMessage::HEADER_SIZE + capacity); - prefixed_payload.resize(OpaqueMessage::HEADER_SIZE, 0); - Self(prefixed_payload) - } - - pub fn len(&self) -> usize { - self.0.len() - OpaqueMessage::HEADER_SIZE - } - - pub fn is_empty(&self) -> bool { - self.len() == 0 - } - - pub fn to_vec(&self) -> Vec { - self.as_ref().to_vec() - } - - pub fn extend_from_slice(&mut self, slice: &[u8]) { - self.0.extend_from_slice(slice) - } - - pub fn extend_from_chunks(&mut self, chunks: &OutboundChunks) { - chunks.copy_to_vec(&mut self.0) - } - - pub fn truncate(&mut self, len: usize) { - self.0 - .truncate(len + OpaqueMessage::HEADER_SIZE) - } -} - -impl AsRef<[u8]> for PrefixedPayload { - fn as_ref(&self) -> &[u8] { - &self.0[OpaqueMessage::HEADER_SIZE..] - } -} - -impl AsMut<[u8]> for PrefixedPayload { - fn as_mut(&mut self) -> &mut [u8] { - &mut self.0[OpaqueMessage::HEADER_SIZE..] - } -} - -impl<'a> Extend<&'a u8> for PrefixedPayload { - fn extend>(&mut self, iter: T) { - self.0.extend(iter) - } -} - -impl From<&[u8]> for PrefixedPayload { - fn from(content: &[u8]) -> Self { - let mut payload = Vec::with_capacity(OpaqueMessage::HEADER_SIZE + content.len()); - payload.extend(&[0u8; OpaqueMessage::HEADER_SIZE]); - payload.extend(content); - Self(payload) - } -} - -impl From<&[u8; N]> for PrefixedPayload { - fn from(content: &[u8; N]) -> Self { - Self::from(&content[..]) - } -} - -/// A borrowed version of [`OpaqueMessage`]. -pub struct BorrowedOpaqueMessage<'a> { - pub typ: ContentType, - pub version: ProtocolVersion, - pub payload: BorrowedPayload<'a>, -} - -impl<'a> BorrowedOpaqueMessage<'a> { - /// Force conversion into an inbound plaintext message. - /// - /// See [`OpaqueMessage::into_plain_message`] for more information - pub fn into_inbound_message(self) -> InboundMessage<'a> { - InboundMessage { - typ: self.typ, - version: self.version, - payload: self.payload.into_inner(), - } - } - - /// For TLS1.3 (only), checks the length msg.payload is valid and removes the padding. - /// - /// Returns an error if the message (pre-unpadding) is too long, or the padding is invalid, - /// or the message (post-unpadding) is too long. - pub fn into_tls13_unpadded_message(mut self) -> Result, Error> { - let payload = &mut self.payload; - - if payload.len() > MAX_FRAGMENT_LEN + 1 { - return Err(Error::PeerSentOversizedRecord); - } - - self.typ = unpad_tls13_payload(payload); - if self.typ == ContentType::Unknown(0) { - return Err(PeerMisbehaved::IllegalTlsInnerPlaintext.into()); - } - - if payload.len() > MAX_FRAGMENT_LEN { - return Err(Error::PeerSentOversizedRecord); - } - - self.version = ProtocolVersion::TLSv1_3; - Ok(self.into_inbound_message()) - } - - pub(crate) fn read(r: &mut ReaderMut<'a>) -> Result { - let (typ, version, len) = r.as_reader(read_opaque_message_header)?; - - let mut sub = r - .sub(len as usize) - .map_err(|_| MessageError::TooShortForLength)?; - let payload = BorrowedPayload::read(&mut sub); - - Ok(Self { - typ, - version, - payload, - }) - } -} - -fn read_opaque_message_header( - r: &mut Reader<'_>, -) -> Result<(ContentType, ProtocolVersion, u16), MessageError> { - let typ = ContentType::read(r).map_err(|_| MessageError::TooShortForHeader)?; - // Don't accept any new content-types. - if let ContentType::Unknown(_) = typ { - return Err(MessageError::InvalidContentType); - } - - let version = ProtocolVersion::read(r).map_err(|_| MessageError::TooShortForHeader)?; - // Accept only versions 0x03XX for any XX. - match version { - ProtocolVersion::Unknown(ref v) if (v & 0xff00) != 0x0300 => { - return Err(MessageError::UnknownProtocolVersion); - } - _ => {} - }; - - let len = u16::read(r).map_err(|_| MessageError::TooShortForHeader)?; - - // Reject undersize messages - // implemented per section 5.1 of RFC8446 (TLSv1.3) - // per section 6.2.1 of RFC5246 (TLSv1.2) - if typ != ContentType::ApplicationData && len == 0 { - return Err(MessageError::InvalidEmptyPayload); - } - - // Reject oversize messages - if len >= OpaqueMessage::MAX_PAYLOAD { - return Err(MessageError::MessageTooLarge); - } - - Ok((typ, version, len)) -} - -/// `v` is a message payload, immediately post-decryption. This function -/// removes zero padding bytes, until a non-zero byte is encountered which is -/// the content type, which is returned. See RFC8446 s5.2. -/// -/// ContentType(0) is returned if the message payload is empty or all zeroes. -fn unpad_tls13_payload(p: &mut BorrowedPayload) -> ContentType { - loop { - match p.pop() { - Some(0) => {} - Some(content_type) => return ContentType::from(content_type), - None => return ContentType::Unknown(0), - } - } -} - -impl From> for PlainMessage { - fn from(msg: Message) -> Self { - let typ = msg.payload.content_type(); - let payload = match msg.payload { - MessagePayload::ApplicationData(payload) => payload.into_owned(), - _ => { - let mut buf = Vec::new(); - msg.payload.encode(&mut buf); - Payload::Owned(buf) - } - }; - - Self { - typ, - version: msg.version, - payload, - } - } -} - -/// A decrypted TLS frame -/// -/// This type owns all memory for its interior parts. It can be decrypted from an OpaqueMessage -/// or encrypted into an OpaqueMessage, and it is also used for joining and fragmenting. -#[derive(Clone, Debug)] -pub struct PlainMessage { - pub typ: ContentType, - pub version: ProtocolVersion, - pub payload: Payload<'static>, -} - -impl PlainMessage { - pub fn into_unencrypted_opaque(self) -> OpaqueMessage { - OpaqueMessage { - version: self.version, - typ: self.typ, - payload: PrefixedPayload::from(self.payload.bytes()), - } - } - - pub fn borrow_inbound(&self) -> InboundMessage<'_> { - InboundMessage { - version: self.version, - typ: self.typ, - payload: self.payload.bytes(), - } - } - - pub fn borrow_outbound(&self) -> OutboundMessage<'_> { - OutboundMessage { - version: self.version, - typ: self.typ, - payload: self.payload.bytes().into(), - } - } -} - -/// A message with decoded payload -#[derive(Debug)] -pub struct Message<'a> { - pub version: ProtocolVersion, - pub payload: MessagePayload<'a>, -} - -impl Message<'_> { - pub fn is_handshake_type(&self, hstyp: HandshakeType) -> bool { - // Bit of a layering violation, but OK. - if let MessagePayload::Handshake { parsed, .. } = &self.payload { - parsed.typ == hstyp - } else { - false - } - } - - pub fn build_alert(level: AlertLevel, desc: AlertDescription) -> Self { - Self { - version: ProtocolVersion::TLSv1_2, - payload: MessagePayload::Alert(AlertMessagePayload { - level, - description: desc, - }), - } - } - - pub fn build_key_update_notify() -> Self { - Self { - version: ProtocolVersion::TLSv1_3, - payload: MessagePayload::handshake(HandshakeMessagePayload::build_key_update_notify()), - } - } - - pub(crate) fn into_owned(self) -> Message<'static> { - let Self { version, payload } = self; - Message { - version, - payload: payload.into_owned(), - } - } -} - -impl TryFrom for Message<'static> { - type Error = Error; - - fn try_from(plain: PlainMessage) -> Result { - Ok(Self { - version: plain.version, - payload: MessagePayload::new(plain.typ, plain.version, plain.payload.bytes())? - .into_owned(), - }) - } -} - -/// Parses a plaintext message into a well-typed [`Message`]. -/// -/// A [`PlainMessage`] must contain plaintext content. Encrypted content should be stored in an -/// [`OpaqueMessage`] and decrypted before being stored into a [`PlainMessage`]. -impl<'a> TryFrom> for Message<'a> { - type Error = Error; - - fn try_from(plain: InboundMessage<'a>) -> Result { - Ok(Self { - version: plain.version, - payload: MessagePayload::new(plain.typ, plain.version, plain.payload)?, - }) - } -} - -/// A TLS frame, named TLSPlaintext in the standard. -/// -/// This type borrows its decrypted payload from a `MessageDeframer`. -/// You can make a `OpaqueMessage` from an `InboundMessage`, -/// but this involves a copy. -/// -/// This type also cannot decode its internals and -/// cannot be read/encoded; only `OpaqueMessage` can do that. -#[derive(Debug)] -pub struct InboundMessage<'a> { - pub typ: ContentType, - pub version: ProtocolVersion, - pub payload: &'a [u8], -} - -impl InboundMessage<'_> { - /// Returns true if the payload is a CCS message. - /// - /// We passthrough ChangeCipherSpec messages in the deframer without decrypting them. - /// Note: this is prior to the record layer, so is unencrypted. See - /// third paragraph of section 5 in RFC8446. - pub(crate) fn is_valid_ccs(&self) -> bool { - self.typ == ContentType::ChangeCipherSpec && self.payload == [0x01] - } - - #[cfg(test)] - pub(crate) fn into_owned(self) -> PlainMessage { - PlainMessage { - version: self.version, - typ: self.typ, - payload: Payload::Owned(self.payload.to_vec()), - } - } -} - -/// A TLS frame, named TLSPlaintext in the standard. -/// -/// This type borrows its "to be encrypted" data from the client. -/// You can make a `OpaqueMessage` from an `OutboundMessage`, -/// but this involves a copy. -/// -/// This type also cannot decode its internals and -/// cannot be read/encoded; only `OpaqueMessage` can do that. - -#[derive(Debug)] -pub struct OutboundMessage<'a> { - pub typ: ContentType, - pub version: ProtocolVersion, - pub payload: OutboundChunks<'a>, -} - -impl OutboundMessage<'_> { - pub(crate) fn encoded_len(&self, record_layer: &RecordLayer) -> usize { - OpaqueMessage::HEADER_SIZE + record_layer.encrypted_len(self.payload.len()) - } - - pub(crate) fn to_unencrypted_opaque(&self) -> OpaqueMessage { - let mut payload = PrefixedPayload::with_capacity(self.payload.len()); - payload.extend_from_chunks(&self.payload); - OpaqueMessage { - version: self.version, - typ: self.typ, - payload, - } - } -} - -#[derive(Debug, Clone)] -/// A collection of borrowed plaintext slices. -/// Warning: OutboundChunks does not guarantee that the simplest variant is used. -/// Multiple can hold non fragmented or empty payloads. -pub enum OutboundChunks<'a> { - /// A single byte slice. Contrary to `Multiple`, this uses a single pointer indirection - Single(&'a [u8]), - /// A collection of chunks (byte slices) - /// and cursors to single out a fragmented range of bytes. - /// OutboundChunks assumes that start <= end - Multiple { - chunks: &'a [&'a [u8]], - start: usize, - end: usize, - }, -} - -impl<'a> OutboundChunks<'a> { - /// Create a payload from a slice of byte slices. - /// If fragmented the cursors are added by default: start = 0, end = length - pub fn new(chunks: &'a [&'a [u8]]) -> Self { - if chunks.len() == 1 { - Self::Single(chunks[0]) - } else { - Self::Multiple { - chunks, - start: 0, - end: chunks - .iter() - .map(|chunk| chunk.len()) - .sum(), - } - } - } - - /// Create a payload with a single empty slice - pub fn new_empty() -> Self { - Self::Single(&[]) - } - - /// Flatten the slice of byte slices to an owned vector of bytes - pub fn to_vec(&self) -> Vec { - let mut vec = Vec::with_capacity(self.len()); - self.copy_to_vec(&mut vec); - vec - } - - /// Append all bytes to a vector - pub fn copy_to_vec(&self, vec: &mut Vec) { - match *self { - Self::Single(chunk) => vec.extend_from_slice(chunk), - Self::Multiple { chunks, start, end } => { - let mut size = 0; - for chunk in chunks.iter() { - let psize = size; - let len = chunk.len(); - size += len; - if size <= start || psize >= end { - continue; - } - let start = if psize < start { start - psize } else { 0 }; - let end = if end - psize < len { end - psize } else { len }; - vec.extend_from_slice(&chunk[start..end]); - } - } - } - } - - /// Split self in two, around an index - /// Works similarly to `split_at` in the core library, except it doesn't panic if out of bound - pub fn split_at(&self, mid: usize) -> (Self, Self) { - match *self { - Self::Single(chunk) => { - let mid = Ord::min(mid, chunk.len()); - (Self::Single(&chunk[..mid]), Self::Single(&chunk[mid..])) - } - Self::Multiple { chunks, start, end } => { - let mid = Ord::min(start + mid, end); - ( - Self::Multiple { - chunks, - start, - end: mid, - }, - Self::Multiple { - chunks, - start: mid, - end, - }, - ) - } - } - } - - /// Returns true if the payload is empty - pub fn is_empty(&self) -> bool { - self.len() == 0 - } - - /// Returns the cumulative length of all chunks - pub fn len(&self) -> usize { - match self { - Self::Single(chunk) => chunk.len(), - Self::Multiple { start, end, .. } => end - start, - } - } -} - -impl<'a> From<&'a [u8]> for OutboundChunks<'a> { - fn from(payload: &'a [u8]) -> Self { - Self::Single(payload) - } -} - -impl<'a, const N: usize> From<&'a [u8; N]> for OutboundChunks<'a> { - fn from(payload: &'a [u8; N]) -> Self { - Self::Single(payload) - } -} - -#[derive(Debug)] -pub enum MessageError { - TooShortForHeader, - TooShortForLength, - InvalidEmptyPayload, - MessageTooLarge, - InvalidContentType, - UnknownProtocolVersion, -} - -#[cfg(test)] -mod tests { - use std::{println, vec}; - - use super::*; - - #[test] - fn split_at_with_single_slice() { - let owner: &[u8] = &[0, 1, 2, 3, 4, 5, 6, 7]; - let borrowed_payload = OutboundChunks::Single(owner); - - let (before, after) = borrowed_payload.split_at(6); - println!("before:{:?}\nafter:{:?}", before, after); - assert_eq!(before.to_vec(), &[0, 1, 2, 3, 4, 5]); - assert_eq!(after.to_vec(), &[6, 7]); - } - - #[test] - fn split_at_with_multiple_slices() { - let owner: Vec<&[u8]> = vec![&[0, 1, 2, 3], &[4, 5], &[6, 7, 8], &[9, 10, 11, 12]]; - let borrowed_payload = OutboundChunks::new(&owner); - - let (before, after) = borrowed_payload.split_at(3); - println!("before:{:?}\nafter:{:?}", before, after); - assert_eq!(before.to_vec(), &[0, 1, 2]); - assert_eq!(after.to_vec(), &[3, 4, 5, 6, 7, 8, 9, 10, 11, 12]); - - let (before, after) = borrowed_payload.split_at(8); - println!("before:{:?}\nafter:{:?}", before, after); - assert_eq!(before.to_vec(), &[0, 1, 2, 3, 4, 5, 6, 7]); - assert_eq!(after.to_vec(), &[8, 9, 10, 11, 12]); - - let (before, after) = borrowed_payload.split_at(11); - println!("before:{:?}\nafter:{:?}", before, after); - assert_eq!(before.to_vec(), &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10]); - assert_eq!(after.to_vec(), &[11, 12]); - } - - #[test] - fn split_out_of_bounds() { - let owner: Vec<&[u8]> = vec![&[0, 1, 2, 3], &[4, 5], &[6, 7, 8], &[9, 10, 11, 12]]; - - let single_payload = OutboundChunks::Single(owner[0]); - let (before, after) = single_payload.split_at(17); - println!("before:{:?}\nafter:{:?}", before, after); - assert_eq!(before.to_vec(), &[0, 1, 2, 3]); - assert!(after.is_empty()); - - let multiple_payload = OutboundChunks::new(&owner); - let (before, after) = multiple_payload.split_at(17); - println!("before:{:?}\nafter:{:?}", before, after); - assert_eq!(before.to_vec(), &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]); - assert!(after.is_empty()); - - let empty_payload = OutboundChunks::new_empty(); - let (before, after) = empty_payload.split_at(17); - println!("before:{:?}\nafter:{:?}", before, after); - assert!(before.is_empty()); - assert!(after.is_empty()); - } - - #[test] - fn empty_slices_mixed() { - let owner: Vec<&[u8]> = vec![&[], &[], &[0], &[], &[1, 2], &[], &[3], &[4], &[], &[]]; - let mut borrowed_payload = OutboundChunks::new(&owner); - let mut fragment_count = 0; - let mut fragment; - let expected_fragments: &[&[u8]] = &[&[0, 1], &[2, 3], &[4]]; - - while !borrowed_payload.is_empty() { - (fragment, borrowed_payload) = borrowed_payload.split_at(2); - println!("{fragment:?}"); - assert_eq!(&expected_fragments[fragment_count], &fragment.to_vec()); - fragment_count += 1; - } - assert_eq!(fragment_count, expected_fragments.len()); - } - - #[test] - fn exhaustive_splitting() { - let owner: Vec = (0..127).collect(); - let slices = (0..7) - .map(|i| &owner[((1 << i) - 1)..((1 << (i + 1)) - 1)]) - .collect::>(); - let payload = OutboundChunks::new(&slices); - - assert_eq!(payload.to_vec(), owner); - println!("{:#?}", payload); - - for start in 0..128 { - for end in start..128 { - for mid in 0..(end - start) { - let witness = owner[start..end].split_at(mid); - let split_payload = payload - .split_at(end) - .0 - .split_at(start) - .1 - .split_at(mid); - assert_eq!( - witness.0, - split_payload.0.to_vec(), - "start: {start}, mid:{mid}, end:{end}" - ); - assert_eq!( - witness.1, - split_payload.1.to_vec(), - "start: {start}, mid:{mid}, end:{end}" - ); - } - } - } - } -} diff --git a/rustls/src/msgs/message/inbound_opaque.rs b/rustls/src/msgs/message/inbound_opaque.rs new file mode 100644 index 0000000000..c6b493f279 --- /dev/null +++ b/rustls/src/msgs/message/inbound_opaque.rs @@ -0,0 +1,143 @@ +use crate::msgs::codec::ReaderMut; +use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; +use crate::msgs::message::outbound_opaque::read_opaque_message_header; +use crate::msgs::message::{InboundPlainMessage, MessageError}; +use crate::{ContentType, Error, PeerMisbehaved, ProtocolVersion}; + +use core::ops::{Deref, DerefMut}; + +/// A TLS frame, named TLSPlaintext in the standard. +/// +/// This inbound type borrows its encrypted payload from a `[MessageDeframer]`. +/// It is used for joining and is consumed by decryption. +pub struct InboundOpaqueMessage<'a> { + pub typ: ContentType, + pub version: ProtocolVersion, + pub payload: BorrowedPayload<'a>, +} + +impl<'a> InboundOpaqueMessage<'a> { + /// Construct a new `InboundOpaqueMessage` from constituent fields. + /// + /// `body` is moved into the `payload` field. + pub fn new(typ: ContentType, version: ProtocolVersion, payload: &'a mut [u8]) -> Self { + Self { + typ, + version, + payload: BorrowedPayload(payload), + } + } + + /// Force conversion into a plaintext message. + /// + /// This should only be used for messages that are known to be in plaintext. Otherwise, the + /// `InboundOpaqueMessage` should be decrypted into a `PlainMessage` using a `MessageDecrypter`. + pub fn into_plain_message(self) -> InboundPlainMessage<'a> { + InboundPlainMessage { + typ: self.typ, + version: self.version, + payload: self.payload.into_inner(), + } + } + + /// For TLS1.3 (only), checks the length msg.payload is valid and removes the padding. + /// + /// Returns an error if the message (pre-unpadding) is too long, or the padding is invalid, + /// or the message (post-unpadding) is too long. + pub fn into_tls13_unpadded_message(mut self) -> Result, Error> { + let payload = &mut self.payload; + + if payload.len() > MAX_FRAGMENT_LEN + 1 { + return Err(Error::PeerSentOversizedRecord); + } + + self.typ = unpad_tls13_payload(payload); + if self.typ == ContentType::Unknown(0) { + return Err(PeerMisbehaved::IllegalTlsInnerPlaintext.into()); + } + + if payload.len() > MAX_FRAGMENT_LEN { + return Err(Error::PeerSentOversizedRecord); + } + + self.version = ProtocolVersion::TLSv1_3; + Ok(self.into_plain_message()) + } + + pub(crate) fn read(r: &mut ReaderMut<'a>) -> Result { + let (typ, version, len) = r.as_reader(read_opaque_message_header)?; + + let mut sub = r + .sub(len as usize) + .map_err(|_| MessageError::TooShortForLength)?; + let payload = BorrowedPayload::read(&mut sub); + + Ok(Self { + typ, + version, + payload, + }) + } +} + +pub struct BorrowedPayload<'a>(&'a mut [u8]); + +impl Deref for BorrowedPayload<'_> { + type Target = [u8]; + + fn deref(&self) -> &Self::Target { + self.0 + } +} + +impl<'a> DerefMut for BorrowedPayload<'a> { + fn deref_mut(&mut self) -> &mut Self::Target { + self.0 + } +} + +impl<'a> BorrowedPayload<'a> { + pub fn truncate(&mut self, len: usize) { + if len >= self.len() { + return; + } + + self.0 = core::mem::take(&mut self.0) + .split_at_mut(len) + .0; + } + + pub(crate) fn read(r: &mut ReaderMut<'a>) -> Self { + Self(r.rest()) + } + + pub(crate) fn into_inner(self) -> &'a mut [u8] { + self.0 + } + + pub(crate) fn pop(&mut self) -> Option { + if self.is_empty() { + return None; + } + + let len = self.len(); + let last = self[len - 1]; + self.truncate(len - 1); + Some(last) + } +} + +/// `v` is a message payload, immediately post-decryption. This function +/// removes zero padding bytes, until a non-zero byte is encountered which is +/// the content type, which is returned. See RFC8446 s5.2. +/// +/// ContentType(0) is returned if the message payload is empty or all zeroes. +fn unpad_tls13_payload(p: &mut BorrowedPayload) -> ContentType { + loop { + match p.pop() { + Some(0) => {} + Some(content_type) => return ContentType::from(content_type), + None => return ContentType::Unknown(0), + } + } +} diff --git a/rustls/src/msgs/message/inbound_plain.rs b/rustls/src/msgs/message/inbound_plain.rs new file mode 100644 index 0000000000..3df0fc64c0 --- /dev/null +++ b/rustls/src/msgs/message/inbound_plain.rs @@ -0,0 +1,32 @@ +use crate::{ContentType, ProtocolVersion}; + +/// A TLS frame, named TLSPlaintext in the standard. +/// +/// This inbound type borrows its decrypted payload from a `[MessageDeframer]`. +/// It results from decryption. +#[derive(Debug)] +pub struct InboundPlainMessage<'a> { + pub typ: ContentType, + pub version: ProtocolVersion, + pub payload: &'a [u8], +} + +impl InboundPlainMessage<'_> { + /// Returns true if the payload is a CCS message. + /// + /// We passthrough ChangeCipherSpec messages in the deframer without decrypting them. + /// Note: this is prior to the record layer, so is unencrypted. See + /// third paragraph of section 5 in RFC8446. + pub(crate) fn is_valid_ccs(&self) -> bool { + self.typ == ContentType::ChangeCipherSpec && self.payload == [0x01] + } + + #[cfg(test)] + pub(crate) fn into_owned(self) -> super::PlainMessage { + super::PlainMessage { + version: self.version, + typ: self.typ, + payload: crate::msgs::base::Payload::Owned(self.payload.to_vec()), + } + } +} diff --git a/rustls/src/msgs/message/mod.rs b/rustls/src/msgs/message/mod.rs new file mode 100644 index 0000000000..052bf93b36 --- /dev/null +++ b/rustls/src/msgs/message/mod.rs @@ -0,0 +1,230 @@ +use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; +use crate::error::{Error, InvalidMessage}; +use crate::msgs::alert::AlertMessagePayload; +use crate::msgs::base::Payload; +use crate::msgs::ccs::ChangeCipherSpecPayload; +use crate::msgs::codec::{Codec, Reader}; +use crate::msgs::enums::AlertLevel; +use crate::msgs::handshake::HandshakeMessagePayload; + +mod inbound_opaque; +mod inbound_plain; +mod outbound_opaque; +mod outbound_plain; + +pub use inbound_opaque::{BorrowedPayload, InboundOpaqueMessage}; +pub use inbound_plain::InboundPlainMessage; +pub use outbound_opaque::{OutboundOpaqueMessage, PrefixedPayload}; +pub use outbound_plain::{OutboundChunks, OutboundPlainMessage}; + +use alloc::vec::Vec; + +#[derive(Debug)] +pub enum MessagePayload<'a> { + Alert(AlertMessagePayload), + Handshake { + parsed: HandshakeMessagePayload<'a>, + encoded: Payload<'a>, + }, + ChangeCipherSpec(ChangeCipherSpecPayload), + ApplicationData(Payload<'a>), +} + +impl<'a> MessagePayload<'a> { + pub fn encode(&self, bytes: &mut Vec) { + match self { + Self::Alert(x) => x.encode(bytes), + Self::Handshake { encoded, .. } => bytes.extend(encoded.bytes()), + Self::ChangeCipherSpec(x) => x.encode(bytes), + Self::ApplicationData(x) => x.encode(bytes), + } + } + + pub fn handshake(parsed: HandshakeMessagePayload<'a>) -> Self { + Self::Handshake { + encoded: Payload::new(parsed.get_encoding()), + parsed, + } + } + + pub fn new( + typ: ContentType, + vers: ProtocolVersion, + payload: &'a [u8], + ) -> Result { + let mut r = Reader::init(payload); + match typ { + ContentType::ApplicationData => Ok(Self::ApplicationData(Payload::Borrowed(payload))), + ContentType::Alert => AlertMessagePayload::read(&mut r).map(MessagePayload::Alert), + ContentType::Handshake => { + HandshakeMessagePayload::read_version(&mut r, vers).map(|parsed| Self::Handshake { + parsed, + encoded: Payload::Borrowed(payload), + }) + } + ContentType::ChangeCipherSpec => { + ChangeCipherSpecPayload::read(&mut r).map(MessagePayload::ChangeCipherSpec) + } + _ => Err(InvalidMessage::InvalidContentType), + } + } + + pub fn content_type(&self) -> ContentType { + match self { + Self::Alert(_) => ContentType::Alert, + Self::Handshake { .. } => ContentType::Handshake, + Self::ChangeCipherSpec(_) => ContentType::ChangeCipherSpec, + Self::ApplicationData(_) => ContentType::ApplicationData, + } + } + + pub(crate) fn into_owned(self) -> MessagePayload<'static> { + use MessagePayload::*; + match self { + Alert(x) => Alert(x), + Handshake { parsed, encoded } => Handshake { + parsed: parsed.into_owned(), + encoded: encoded.into_owned(), + }, + ChangeCipherSpec(x) => ChangeCipherSpec(x), + ApplicationData(x) => ApplicationData(x.into_owned()), + } + } +} + +impl From> for PlainMessage { + fn from(msg: Message) -> Self { + let typ = msg.payload.content_type(); + let payload = match msg.payload { + MessagePayload::ApplicationData(payload) => payload.into_owned(), + _ => { + let mut buf = Vec::new(); + msg.payload.encode(&mut buf); + Payload::Owned(buf) + } + }; + + Self { + typ, + version: msg.version, + payload, + } + } +} + +/// A decrypted TLS frame +/// +/// This type owns all memory for its interior parts. It can be decrypted from an OpaqueMessage +/// or encrypted into an OpaqueMessage, and it is also used for joining and fragmenting. +#[derive(Clone, Debug)] +pub struct PlainMessage { + pub typ: ContentType, + pub version: ProtocolVersion, + pub payload: Payload<'static>, +} + +impl PlainMessage { + pub fn into_unencrypted_opaque(self) -> OutboundOpaqueMessage { + OutboundOpaqueMessage { + version: self.version, + typ: self.typ, + payload: PrefixedPayload::from(self.payload.bytes()), + } + } + + pub fn borrow_inbound(&self) -> InboundPlainMessage<'_> { + InboundPlainMessage { + version: self.version, + typ: self.typ, + payload: self.payload.bytes(), + } + } + + pub fn borrow_outbound(&self) -> OutboundPlainMessage<'_> { + OutboundPlainMessage { + version: self.version, + typ: self.typ, + payload: self.payload.bytes().into(), + } + } +} + +/// A message with decoded payload +#[derive(Debug)] +pub struct Message<'a> { + pub version: ProtocolVersion, + pub payload: MessagePayload<'a>, +} + +impl Message<'_> { + pub fn is_handshake_type(&self, hstyp: HandshakeType) -> bool { + // Bit of a layering violation, but OK. + if let MessagePayload::Handshake { parsed, .. } = &self.payload { + parsed.typ == hstyp + } else { + false + } + } + + pub fn build_alert(level: AlertLevel, desc: AlertDescription) -> Self { + Self { + version: ProtocolVersion::TLSv1_2, + payload: MessagePayload::Alert(AlertMessagePayload { + level, + description: desc, + }), + } + } + + pub fn build_key_update_notify() -> Self { + Self { + version: ProtocolVersion::TLSv1_3, + payload: MessagePayload::handshake(HandshakeMessagePayload::build_key_update_notify()), + } + } + + pub(crate) fn into_owned(self) -> Message<'static> { + let Self { version, payload } = self; + Message { + version, + payload: payload.into_owned(), + } + } +} + +impl TryFrom for Message<'static> { + type Error = Error; + + fn try_from(plain: PlainMessage) -> Result { + Ok(Self { + version: plain.version, + payload: MessagePayload::new(plain.typ, plain.version, plain.payload.bytes())? + .into_owned(), + }) + } +} + +/// Parses a plaintext message into a well-typed [`Message`]. +/// +/// A [`PlainMessage`] must contain plaintext content. Encrypted content should be stored in an +/// [`InboundOpaqueMessage`] and decrypted before being stored into a [`PlainMessage`]. +impl<'a> TryFrom> for Message<'a> { + type Error = Error; + + fn try_from(plain: InboundPlainMessage<'a>) -> Result { + Ok(Self { + version: plain.version, + payload: MessagePayload::new(plain.typ, plain.version, plain.payload)?, + }) + } +} + +#[derive(Debug)] +pub enum MessageError { + TooShortForHeader, + TooShortForLength, + InvalidEmptyPayload, + MessageTooLarge, + InvalidContentType, + UnknownProtocolVersion, +} diff --git a/rustls/src/msgs/message/outbound_opaque.rs b/rustls/src/msgs/message/outbound_opaque.rs new file mode 100644 index 0000000000..6cb1248be0 --- /dev/null +++ b/rustls/src/msgs/message/outbound_opaque.rs @@ -0,0 +1,184 @@ +use crate::msgs::base::Payload; +use crate::msgs::codec::{Codec, Reader}; +use crate::msgs::message::{MessageError, PlainMessage}; +use crate::{ContentType, ProtocolVersion}; + +use alloc::vec::Vec; + +use super::OutboundChunks; + +/// A TLS frame, named TLSPlaintext in the standard. +/// +/// This outbound type owns all memory for its interior parts. +/// It results from encryption and is used for io write. +#[derive(Clone, Debug)] +pub struct OutboundOpaqueMessage { + pub typ: ContentType, + pub version: ProtocolVersion, + pub payload: PrefixedPayload, +} + +impl OutboundOpaqueMessage { + /// Construct a new `OpaqueMessage` from constituent fields. + /// + /// `body` is moved into the `payload` field. + pub fn new(typ: ContentType, version: ProtocolVersion, payload: PrefixedPayload) -> Self { + Self { + typ, + version, + payload, + } + } + + /// `MessageError` allows callers to distinguish between valid prefixes (might + /// become valid if we read more data) and invalid data. + pub fn read(r: &mut Reader) -> Result { + let (typ, version, len) = read_opaque_message_header(r)?; + + let content = r + .take(len as usize) + .ok_or(MessageError::TooShortForLength)?; + + Ok(Self { + typ, + version, + payload: PrefixedPayload::from(content), + }) + } + + pub fn encode(self) -> Vec { + let length = self.payload.len() as u16; + let mut encoded_payload = self.payload.0; + encoded_payload[0] = self.typ.get_u8(); + encoded_payload[1..3].copy_from_slice(&self.version.get_u16().to_be_bytes()); + encoded_payload[3..5].copy_from_slice(&(length).to_be_bytes()); + encoded_payload + } + + /// Force conversion into a plaintext message. + /// + /// This should only be used for messages that are known to be in plaintext. Otherwise, the + /// `OutboundOpaqueMessage` should be decrypted into a `PlainMessage` using a `MessageDecrypter`. + pub fn into_plain_message(self) -> PlainMessage { + PlainMessage { + version: self.version, + typ: self.typ, + payload: Payload::Owned(self.payload.to_vec()), + } + } + + /// Maximum message payload size. + /// That's 2^14 payload bytes and a 2KB allowance for ciphertext overheads. + const MAX_PAYLOAD: u16 = 16_384 + 2048; + + /// Content type, version and size. + pub(crate) const HEADER_SIZE: usize = 1 + 2 + 2; + + /// Maximum on-the-wire message size. + pub const MAX_WIRE_SIZE: usize = Self::MAX_PAYLOAD as usize + Self::HEADER_SIZE; +} + +#[derive(Clone, Debug)] +pub struct PrefixedPayload(pub(super) Vec); + +impl PrefixedPayload { + pub fn with_capacity(capacity: usize) -> Self { + let mut prefixed_payload = + Vec::with_capacity(OutboundOpaqueMessage::HEADER_SIZE + capacity); + prefixed_payload.resize(OutboundOpaqueMessage::HEADER_SIZE, 0); + Self(prefixed_payload) + } + + pub fn len(&self) -> usize { + self.0.len() - OutboundOpaqueMessage::HEADER_SIZE + } + + pub fn is_empty(&self) -> bool { + self.len() == 0 + } + + pub fn to_vec(&self) -> Vec { + self.as_ref().to_vec() + } + + pub fn extend_from_slice(&mut self, slice: &[u8]) { + self.0.extend_from_slice(slice) + } + + pub fn extend_from_chunks(&mut self, chunks: &OutboundChunks) { + chunks.copy_to_vec(&mut self.0) + } + + pub fn truncate(&mut self, len: usize) { + self.0 + .truncate(len + OutboundOpaqueMessage::HEADER_SIZE) + } +} + +impl AsRef<[u8]> for PrefixedPayload { + fn as_ref(&self) -> &[u8] { + &self.0[OutboundOpaqueMessage::HEADER_SIZE..] + } +} + +impl AsMut<[u8]> for PrefixedPayload { + fn as_mut(&mut self) -> &mut [u8] { + &mut self.0[OutboundOpaqueMessage::HEADER_SIZE..] + } +} + +impl<'a> Extend<&'a u8> for PrefixedPayload { + fn extend>(&mut self, iter: T) { + self.0.extend(iter) + } +} + +impl From<&[u8]> for PrefixedPayload { + fn from(content: &[u8]) -> Self { + let mut payload = Vec::with_capacity(OutboundOpaqueMessage::HEADER_SIZE + content.len()); + payload.extend(&[0u8; OutboundOpaqueMessage::HEADER_SIZE]); + payload.extend(content); + Self(payload) + } +} + +impl From<&[u8; N]> for PrefixedPayload { + fn from(content: &[u8; N]) -> Self { + Self::from(&content[..]) + } +} + +pub(crate) fn read_opaque_message_header( + r: &mut Reader<'_>, +) -> Result<(ContentType, ProtocolVersion, u16), MessageError> { + let typ = ContentType::read(r).map_err(|_| MessageError::TooShortForHeader)?; + // Don't accept any new content-types. + if let ContentType::Unknown(_) = typ { + return Err(MessageError::InvalidContentType); + } + + let version = ProtocolVersion::read(r).map_err(|_| MessageError::TooShortForHeader)?; + // Accept only versions 0x03XX for any XX. + match version { + ProtocolVersion::Unknown(ref v) if (v & 0xff00) != 0x0300 => { + return Err(MessageError::UnknownProtocolVersion); + } + _ => {} + }; + + let len = u16::read(r).map_err(|_| MessageError::TooShortForHeader)?; + + // Reject undersize messages + // implemented per section 5.1 of RFC8446 (TLSv1.3) + // per section 6.2.1 of RFC5246 (TLSv1.2) + if typ != ContentType::ApplicationData && len == 0 { + return Err(MessageError::InvalidEmptyPayload); + } + + // Reject oversize messages + if len >= OutboundOpaqueMessage::MAX_PAYLOAD { + return Err(MessageError::MessageTooLarge); + } + + Ok((typ, version, len)) +} diff --git a/rustls/src/msgs/message/outbound_plain.rs b/rustls/src/msgs/message/outbound_plain.rs new file mode 100644 index 0000000000..f5bee373f4 --- /dev/null +++ b/rustls/src/msgs/message/outbound_plain.rs @@ -0,0 +1,267 @@ +use crate::{internal::record_layer::RecordLayer, ContentType, ProtocolVersion}; + +use alloc::vec::Vec; + +use super::{OutboundOpaqueMessage, PrefixedPayload}; + +/// A TLS frame, named TLSPlaintext in the standard. +/// +/// This outbound type borrows its "to be encrypted" payload from the "user". +/// It is used for fragmenting and is consumed by encryption. +#[derive(Debug)] +pub struct OutboundPlainMessage<'a> { + pub typ: ContentType, + pub version: ProtocolVersion, + pub payload: OutboundChunks<'a>, +} + +impl OutboundPlainMessage<'_> { + pub(crate) fn encoded_len(&self, record_layer: &RecordLayer) -> usize { + OutboundOpaqueMessage::HEADER_SIZE + record_layer.encrypted_len(self.payload.len()) + } + + pub(crate) fn to_unencrypted_opaque(&self) -> OutboundOpaqueMessage { + let mut payload = PrefixedPayload::with_capacity(self.payload.len()); + payload.extend_from_chunks(&self.payload); + OutboundOpaqueMessage { + version: self.version, + typ: self.typ, + payload, + } + } +} + +#[derive(Debug, Clone)] +/// A collection of borrowed plaintext slices. +/// Warning: OutboundChunks does not guarantee that the simplest variant is used. +/// Multiple can hold non fragmented or empty payloads. +pub enum OutboundChunks<'a> { + /// A single byte slice. Contrary to `Multiple`, this uses a single pointer indirection + Single(&'a [u8]), + /// A collection of chunks (byte slices) + /// and cursors to single out a fragmented range of bytes. + /// OutboundChunks assumes that start <= end + Multiple { + chunks: &'a [&'a [u8]], + start: usize, + end: usize, + }, +} + +impl<'a> OutboundChunks<'a> { + /// Create a payload from a slice of byte slices. + /// If fragmented the cursors are added by default: start = 0, end = length + pub fn new(chunks: &'a [&'a [u8]]) -> Self { + if chunks.len() == 1 { + Self::Single(chunks[0]) + } else { + Self::Multiple { + chunks, + start: 0, + end: chunks + .iter() + .map(|chunk| chunk.len()) + .sum(), + } + } + } + + /// Create a payload with a single empty slice + pub fn new_empty() -> Self { + Self::Single(&[]) + } + + /// Flatten the slice of byte slices to an owned vector of bytes + pub fn to_vec(&self) -> Vec { + let mut vec = Vec::with_capacity(self.len()); + self.copy_to_vec(&mut vec); + vec + } + + /// Append all bytes to a vector + pub fn copy_to_vec(&self, vec: &mut Vec) { + match *self { + Self::Single(chunk) => vec.extend_from_slice(chunk), + Self::Multiple { chunks, start, end } => { + let mut size = 0; + for chunk in chunks.iter() { + let psize = size; + let len = chunk.len(); + size += len; + if size <= start || psize >= end { + continue; + } + let start = if psize < start { start - psize } else { 0 }; + let end = if end - psize < len { end - psize } else { len }; + vec.extend_from_slice(&chunk[start..end]); + } + } + } + } + + /// Split self in two, around an index + /// Works similarly to `split_at` in the core library, except it doesn't panic if out of bound + pub fn split_at(&self, mid: usize) -> (Self, Self) { + match *self { + Self::Single(chunk) => { + let mid = Ord::min(mid, chunk.len()); + (Self::Single(&chunk[..mid]), Self::Single(&chunk[mid..])) + } + Self::Multiple { chunks, start, end } => { + let mid = Ord::min(start + mid, end); + ( + Self::Multiple { + chunks, + start, + end: mid, + }, + Self::Multiple { + chunks, + start: mid, + end, + }, + ) + } + } + } + + /// Returns true if the payload is empty + pub fn is_empty(&self) -> bool { + self.len() == 0 + } + + /// Returns the cumulative length of all chunks + pub fn len(&self) -> usize { + match self { + Self::Single(chunk) => chunk.len(), + Self::Multiple { start, end, .. } => end - start, + } + } +} + +impl<'a> From<&'a [u8]> for OutboundChunks<'a> { + fn from(payload: &'a [u8]) -> Self { + Self::Single(payload) + } +} + +impl<'a, const N: usize> From<&'a [u8; N]> for OutboundChunks<'a> { + fn from(payload: &'a [u8; N]) -> Self { + Self::Single(payload) + } +} + +#[cfg(test)] +mod tests { + use std::{println, vec}; + + use super::*; + + #[test] + fn split_at_with_single_slice() { + let owner: &[u8] = &[0, 1, 2, 3, 4, 5, 6, 7]; + let borrowed_payload = OutboundChunks::Single(owner); + + let (before, after) = borrowed_payload.split_at(6); + println!("before:{:?}\nafter:{:?}", before, after); + assert_eq!(before.to_vec(), &[0, 1, 2, 3, 4, 5]); + assert_eq!(after.to_vec(), &[6, 7]); + } + + #[test] + fn split_at_with_multiple_slices() { + let owner: Vec<&[u8]> = vec![&[0, 1, 2, 3], &[4, 5], &[6, 7, 8], &[9, 10, 11, 12]]; + let borrowed_payload = OutboundChunks::new(&owner); + + let (before, after) = borrowed_payload.split_at(3); + println!("before:{:?}\nafter:{:?}", before, after); + assert_eq!(before.to_vec(), &[0, 1, 2]); + assert_eq!(after.to_vec(), &[3, 4, 5, 6, 7, 8, 9, 10, 11, 12]); + + let (before, after) = borrowed_payload.split_at(8); + println!("before:{:?}\nafter:{:?}", before, after); + assert_eq!(before.to_vec(), &[0, 1, 2, 3, 4, 5, 6, 7]); + assert_eq!(after.to_vec(), &[8, 9, 10, 11, 12]); + + let (before, after) = borrowed_payload.split_at(11); + println!("before:{:?}\nafter:{:?}", before, after); + assert_eq!(before.to_vec(), &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10]); + assert_eq!(after.to_vec(), &[11, 12]); + } + + #[test] + fn split_out_of_bounds() { + let owner: Vec<&[u8]> = vec![&[0, 1, 2, 3], &[4, 5], &[6, 7, 8], &[9, 10, 11, 12]]; + + let single_payload = OutboundChunks::Single(owner[0]); + let (before, after) = single_payload.split_at(17); + println!("before:{:?}\nafter:{:?}", before, after); + assert_eq!(before.to_vec(), &[0, 1, 2, 3]); + assert!(after.is_empty()); + + let multiple_payload = OutboundChunks::new(&owner); + let (before, after) = multiple_payload.split_at(17); + println!("before:{:?}\nafter:{:?}", before, after); + assert_eq!(before.to_vec(), &[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]); + assert!(after.is_empty()); + + let empty_payload = OutboundChunks::new_empty(); + let (before, after) = empty_payload.split_at(17); + println!("before:{:?}\nafter:{:?}", before, after); + assert!(before.is_empty()); + assert!(after.is_empty()); + } + + #[test] + fn empty_slices_mixed() { + let owner: Vec<&[u8]> = vec![&[], &[], &[0], &[], &[1, 2], &[], &[3], &[4], &[], &[]]; + let mut borrowed_payload = OutboundChunks::new(&owner); + let mut fragment_count = 0; + let mut fragment; + let expected_fragments: &[&[u8]] = &[&[0, 1], &[2, 3], &[4]]; + + while !borrowed_payload.is_empty() { + (fragment, borrowed_payload) = borrowed_payload.split_at(2); + println!("{fragment:?}"); + assert_eq!(&expected_fragments[fragment_count], &fragment.to_vec()); + fragment_count += 1; + } + assert_eq!(fragment_count, expected_fragments.len()); + } + + #[test] + fn exhaustive_splitting() { + let owner: Vec = (0..127).collect(); + let slices = (0..7) + .map(|i| &owner[((1 << i) - 1)..((1 << (i + 1)) - 1)]) + .collect::>(); + let payload = OutboundChunks::new(&slices); + + assert_eq!(payload.to_vec(), owner); + println!("{:#?}", payload); + + for start in 0..128 { + for end in start..128 { + for mid in 0..(end - start) { + let witness = owner[start..end].split_at(mid); + let split_payload = payload + .split_at(end) + .0 + .split_at(start) + .1 + .split_at(mid); + assert_eq!( + witness.0, + split_payload.0.to_vec(), + "start: {start}, mid:{mid}, end:{end}" + ); + assert_eq!( + witness.1, + split_payload.1.to_vec(), + "start: {start}, mid:{mid}, end:{end}" + ); + } + } + } + } +} diff --git a/rustls/src/msgs/message_test.rs b/rustls/src/msgs/message_test.rs index 8270584cff..185636ef01 100644 --- a/rustls/src/msgs/message_test.rs +++ b/rustls/src/msgs/message_test.rs @@ -4,7 +4,7 @@ use crate::msgs::base::{PayloadU16, PayloadU24, PayloadU8}; use super::base::Payload; use super::codec::Reader; use super::enums::AlertLevel; -use super::message::{Message, OpaqueMessage, PlainMessage}; +use super::message::{Message, OutboundOpaqueMessage, PlainMessage}; use std::fs; use std::io::Read; @@ -29,7 +29,7 @@ fn test_read_fuzz_corpus() { f.read_to_end(&mut bytes).unwrap(); let mut rd = Reader::init(&bytes); - let msg = OpaqueMessage::read(&mut rd) + let msg = OutboundOpaqueMessage::read(&mut rd) .unwrap() .into_plain_message(); println!("{:?}", msg); @@ -70,7 +70,7 @@ fn can_read_safari_client_hello() { \x79\x2f\x33\x08\x68\x74\x74\x70\x2f\x31\x2e\x31\x00\x0b\x00\x02\ \x01\x00\x00\x0a\x00\x0a\x00\x08\x00\x1d\x00\x17\x00\x18\x00\x19"; let mut rd = Reader::init(bytes); - let m = OpaqueMessage::read(&mut rd).unwrap(); + let m = OutboundOpaqueMessage::read(&mut rd).unwrap(); println!("m = {:?}", m); assert!(Message::try_from(m.into_plain_message()).is_err()); } @@ -91,7 +91,7 @@ fn construct_all_types() { &b"\x18\x03\x04\x00\x04\x11\x22\x33\x44"[..], ]; for &bytes in samples.iter() { - let m = OpaqueMessage::read(&mut Reader::init(bytes)).unwrap(); + let m = OutboundOpaqueMessage::read(&mut Reader::init(bytes)).unwrap(); println!("m = {:?}", m); let m = Message::try_from(m.into_plain_message()); println!("m' = {:?}", m); diff --git a/rustls/src/msgs/mod.rs b/rustls/src/msgs/mod.rs index 8ae05cefbf..a24cfac862 100644 --- a/rustls/src/msgs/mod.rs +++ b/rustls/src/msgs/mod.rs @@ -25,7 +25,7 @@ mod message_test; #[cfg(test)] mod tests { use super::codec::Reader; - use super::message::{Message, OpaqueMessage}; + use super::message::{Message, OutboundOpaqueMessage}; #[test] fn smoketest() { @@ -33,7 +33,7 @@ mod tests { let mut r = Reader::init(bytes); while r.any_left() { - let m = OpaqueMessage::read(&mut r).unwrap(); + let m = OutboundOpaqueMessage::read(&mut r).unwrap(); let out = m.clone().encode(); assert!(!out.is_empty()); diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index c49353cf34..ab6f5dece4 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -1,8 +1,8 @@ use core::num::NonZeroU64; -use crate::crypto::cipher::{BorrowedOpaqueMessage, MessageDecrypter, MessageEncrypter}; +use crate::crypto::cipher::{InboundOpaqueMessage, MessageDecrypter, MessageEncrypter}; use crate::error::Error; -use crate::msgs::message::{InboundMessage, OpaqueMessage, OutboundMessage}; +use crate::msgs::message::{InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage}; #[cfg(feature = "logging")] use crate::log::trace; @@ -62,12 +62,12 @@ impl RecordLayer { /// an error is returned. pub(crate) fn decrypt_incoming<'a>( &mut self, - encr: BorrowedOpaqueMessage<'a>, + encr: InboundOpaqueMessage<'a>, ) -> Result>, Error> { if self.decrypt_state != DirectionState::Active { return Ok(Some(Decrypted { want_close_before_decrypt: false, - plaintext: encr.into_inbound_message(), + plaintext: encr.into_plain_message(), })); } @@ -108,7 +108,10 @@ impl RecordLayer { /// /// `plain` is a TLS message we'd like to send. This function /// panics if the requisite keying material hasn't been established yet. - pub(crate) fn encrypt_outgoing(&mut self, plain: OutboundMessage) -> OpaqueMessage { + pub(crate) fn encrypt_outgoing( + &mut self, + plain: OutboundPlainMessage, + ) -> OutboundOpaqueMessage { debug_assert!(self.encrypt_state == DirectionState::Active); assert!(!self.encrypt_exhausted()); let seq = self.write_seq; @@ -242,13 +245,11 @@ pub(crate) struct Decrypted<'a> { /// Whether the peer appears to be getting close to encrypting too many messages with this key. pub(crate) want_close_before_decrypt: bool, /// The decrypted message. - pub(crate) plaintext: InboundMessage<'a>, + pub(crate) plaintext: InboundPlainMessage<'a>, } #[cfg(test)] mod tests { - use crate::crypto::cipher::BorrowedPayload; - use super::*; #[test] @@ -259,10 +260,10 @@ mod tests { impl MessageDecrypter for PassThroughDecrypter { fn decrypt<'a>( &mut self, - m: BorrowedOpaqueMessage<'a>, + m: InboundOpaqueMessage<'a>, _: u64, - ) -> Result, Error> { - Ok(m.into_inbound_message()) + ) -> Result, Error> { + Ok(m.into_plain_message()) } } @@ -294,11 +295,11 @@ mod tests { // Decrypting a message should update the read_seq and track that we have now performed // a decryption. record_layer - .decrypt_incoming(BorrowedOpaqueMessage { - typ: ContentType::Handshake, - version: ProtocolVersion::TLSv1_2, - payload: BorrowedPayload::new(&mut [0xC0, 0xFF, 0xEE]), - }) + .decrypt_incoming(InboundOpaqueMessage::new( + ContentType::Handshake, + ProtocolVersion::TLSv1_2, + &mut [0xC0, 0xFF, 0xEE], + )) .unwrap(); assert!(matches!(record_layer.decrypt_state, DirectionState::Active)); assert_eq!(record_layer.read_seq, 1); diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 53fe411f6f..eb36ac1ee4 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4505,7 +4505,7 @@ mod test_quic { #[test] fn test_client_does_not_offer_sha1() { use rustls::internal::msgs::{ - codec::Reader, handshake::HandshakePayload, message::MessagePayload, message::OpaqueMessage, + codec::Reader, handshake::HandshakePayload, message::MessagePayload, message::OutboundOpaqueMessage, }; use rustls::HandshakeType; @@ -4519,7 +4519,7 @@ fn test_client_does_not_offer_sha1() { let sz = client .write_tls(&mut buf.as_mut()) .unwrap(); - let msg = OpaqueMessage::read(&mut Reader::init(&buf[..sz])).unwrap(); + let msg = OutboundOpaqueMessage::read(&mut Reader::init(&buf[..sz])).unwrap(); let msg = Message::try_from(msg.into_plain_message()).unwrap(); assert!(msg.is_handshake_type(HandshakeType::ClientHello)); diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 1bc8719c74..b2a5db3d2e 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -11,7 +11,7 @@ use webpki::anchor_from_trusted_cert; use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier}; use rustls::crypto::CryptoProvider; use rustls::internal::msgs::codec::Reader; -use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage}; +use rustls::internal::msgs::message::{Message, OutboundOpaqueMessage, PlainMessage}; use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier}; use rustls::Connection; use rustls::Error; @@ -211,7 +211,7 @@ where let mut reader = Reader::init(&buf[..sz]); while reader.any_left() { - let message = OpaqueMessage::read(&mut reader).unwrap(); + let message = OutboundOpaqueMessage::read(&mut reader).unwrap(); // this is a bit of a falsehood: we don't know whether message // is encrypted. it is quite unlikely that a genuine encrypted From a943e070584eb108623521436fd4f9530d4ccbb5 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 26 Feb 2024 14:52:29 +0000 Subject: [PATCH 0757/1145] Assorted docs nits --- rustls/src/msgs/fragmenter.rs | 18 +++++++++++++----- rustls/src/msgs/message/inbound_opaque.rs | 6 ++++-- rustls/src/msgs/message/inbound_plain.rs | 6 ++++-- rustls/src/msgs/message/outbound_opaque.rs | 4 +++- rustls/src/msgs/message/outbound_plain.rs | 5 +++-- 5 files changed, 27 insertions(+), 12 deletions(-) diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index 8ec2d4d90b..8b8990eff2 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -19,10 +19,13 @@ impl Default for MessageFragmenter { } impl MessageFragmenter { - /// Take the Message `msg` and re-fragment it into new - /// messages whose fragment is no more than max_frag. + /// Take `msg` and fragment it into new messages with the same type and version. + /// + /// Each returned message size is no more than `max_frag`. + /// /// Return an iterator across those messages. - /// Payloads are borrowed. + /// + /// Payloads are borrowed from `msg`. pub fn fragment_message<'a>( &self, msg: &'a PlainMessage, @@ -30,8 +33,13 @@ impl MessageFragmenter { self.fragment_payload(msg.typ, msg.version, msg.payload.bytes().into()) } - /// Enqueue borrowed fragments of (version, typ, payload) which - /// are no longer than max_frag onto the `out` deque. + /// Take `payload` and fragment it into new messages with given type and version. + /// + /// Each returned message size is no more than `max_frag`. + /// + /// Return an iterator across those messages. + /// + /// Payloads are borrowed from `payload`. pub(crate) fn fragment_payload<'a>( &self, typ: ContentType, diff --git a/rustls/src/msgs/message/inbound_opaque.rs b/rustls/src/msgs/message/inbound_opaque.rs index c6b493f279..90843c32b1 100644 --- a/rustls/src/msgs/message/inbound_opaque.rs +++ b/rustls/src/msgs/message/inbound_opaque.rs @@ -19,7 +19,7 @@ pub struct InboundOpaqueMessage<'a> { impl<'a> InboundOpaqueMessage<'a> { /// Construct a new `InboundOpaqueMessage` from constituent fields. /// - /// `body` is moved into the `payload` field. + /// `payload` is borrowed. pub fn new(typ: ContentType, version: ProtocolVersion, payload: &'a mut [u8]) -> Self { Self { typ, @@ -127,7 +127,9 @@ impl<'a> BorrowedPayload<'a> { } } -/// `v` is a message payload, immediately post-decryption. This function +/// Decode a TLS1.3 `TLSInnerPlaintext` encoding. +/// +/// `p` is a message payload, immediately post-decryption. This function /// removes zero padding bytes, until a non-zero byte is encountered which is /// the content type, which is returned. See RFC8446 s5.2. /// diff --git a/rustls/src/msgs/message/inbound_plain.rs b/rustls/src/msgs/message/inbound_plain.rs index 3df0fc64c0..36fca08b00 100644 --- a/rustls/src/msgs/message/inbound_plain.rs +++ b/rustls/src/msgs/message/inbound_plain.rs @@ -1,9 +1,11 @@ use crate::{ContentType, ProtocolVersion}; -/// A TLS frame, named TLSPlaintext in the standard. +/// A TLS frame, named `TLSPlaintext` in the standard. /// -/// This inbound type borrows its decrypted payload from a `[MessageDeframer]`. +/// This inbound type borrows its decrypted payload from a [`MessageDeframer`]. /// It results from decryption. +/// +/// [`MessageDeframer`]: crate::msgs::deframer::MessageDeframer #[derive(Debug)] pub struct InboundPlainMessage<'a> { pub typ: ContentType, diff --git a/rustls/src/msgs/message/outbound_opaque.rs b/rustls/src/msgs/message/outbound_opaque.rs index 6cb1248be0..1eb559afcc 100644 --- a/rustls/src/msgs/message/outbound_opaque.rs +++ b/rustls/src/msgs/message/outbound_opaque.rs @@ -7,7 +7,7 @@ use alloc::vec::Vec; use super::OutboundChunks; -/// A TLS frame, named TLSPlaintext in the standard. +/// A TLS frame, named `TLSPlaintext` in the standard. /// /// This outbound type owns all memory for its interior parts. /// It results from encryption and is used for io write. @@ -30,6 +30,8 @@ impl OutboundOpaqueMessage { } } + /// Construct by decoding from a [`Reader`]. + /// /// `MessageError` allows callers to distinguish between valid prefixes (might /// become valid if we read more data) and invalid data. pub fn read(r: &mut Reader) -> Result { diff --git a/rustls/src/msgs/message/outbound_plain.rs b/rustls/src/msgs/message/outbound_plain.rs index f5bee373f4..2767bfc08f 100644 --- a/rustls/src/msgs/message/outbound_plain.rs +++ b/rustls/src/msgs/message/outbound_plain.rs @@ -4,7 +4,7 @@ use alloc::vec::Vec; use super::{OutboundOpaqueMessage, PrefixedPayload}; -/// A TLS frame, named TLSPlaintext in the standard. +/// A TLS frame, named `TLSPlaintext` in the standard. /// /// This outbound type borrows its "to be encrypted" payload from the "user". /// It is used for fragmenting and is consumed by encryption. @@ -31,10 +31,11 @@ impl OutboundPlainMessage<'_> { } } -#[derive(Debug, Clone)] /// A collection of borrowed plaintext slices. +/// /// Warning: OutboundChunks does not guarantee that the simplest variant is used. /// Multiple can hold non fragmented or empty payloads. +#[derive(Debug, Clone)] pub enum OutboundChunks<'a> { /// A single byte slice. Contrary to `Multiple`, this uses a single pointer indirection Single(&'a [u8]), From a31c5da2e50d04898a4573ff95250268560cf51a Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 26 Feb 2024 15:15:40 +0000 Subject: [PATCH 0758/1145] OutboundChunks: remove array constructor This was only used for test code; just use the slice one. --- rustls/src/msgs/message/outbound_plain.rs | 6 ------ rustls/src/vecbuf.rs | 8 ++++---- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/rustls/src/msgs/message/outbound_plain.rs b/rustls/src/msgs/message/outbound_plain.rs index 2767bfc08f..614d68a280 100644 --- a/rustls/src/msgs/message/outbound_plain.rs +++ b/rustls/src/msgs/message/outbound_plain.rs @@ -146,12 +146,6 @@ impl<'a> From<&'a [u8]> for OutboundChunks<'a> { } } -impl<'a, const N: usize> From<&'a [u8; N]> for OutboundChunks<'a> { - fn from(payload: &'a [u8; N]) -> Self { - Self::Single(payload) - } -} - #[cfg(test)] mod tests { use std::{println, vec}; diff --git a/rustls/src/vecbuf.rs b/rustls/src/vecbuf.rs index 55ff6a54c1..892e852f73 100644 --- a/rustls/src/vecbuf.rs +++ b/rustls/src/vecbuf.rs @@ -157,10 +157,10 @@ mod tests { #[test] fn short_append_copy_with_limit() { let mut cvb = ChunkVecBuffer::new(Some(12)); - assert_eq!(cvb.append_limited_copy(b"hello".into()), 5); - assert_eq!(cvb.append_limited_copy(b"world".into()), 5); - assert_eq!(cvb.append_limited_copy(b"hello".into()), 2); - assert_eq!(cvb.append_limited_copy(b"world".into()), 0); + assert_eq!(cvb.append_limited_copy(b"hello"[..].into()), 5); + assert_eq!(cvb.append_limited_copy(b"world"[..].into()), 5); + assert_eq!(cvb.append_limited_copy(b"hello"[..].into()), 2); + assert_eq!(cvb.append_limited_copy(b"world"[..].into()), 0); let mut buf = [0u8; 12]; assert_eq!(cvb.read(&mut buf).unwrap(), 12); From 0dd873a41c9c16cf7a90c45e5109a6569ef8a66c Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 10:27:20 +0100 Subject: [PATCH 0759/1145] Rename get_array() to to_array() --- provider-example/src/aead.rs | 2 +- rustls/src/crypto/aws_lc_rs/tls13.rs | 4 ++-- rustls/src/crypto/ring/tls13.rs | 2 +- rustls/src/msgs/macros.rs | 5 ++++- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/provider-example/src/aead.rs b/provider-example/src/aead.rs index a3b238324f..cd7eb23a88 100644 --- a/provider-example/src/aead.rs +++ b/provider-example/src/aead.rs @@ -90,7 +90,7 @@ impl MessageEncrypter for Tls13Cipher { let mut payload = PrefixedPayload::with_capacity(total_len); payload.extend_from_chunks(&m.payload); - payload.extend_from_slice(&m.typ.get_array()); + payload.extend_from_slice(&m.typ.to_array()); let nonce = chacha20poly1305::Nonce::from(Nonce::new(&self.1, seq).0); let aad = make_tls13_aad(total_len); diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index 1464002e0f..63e1495c7d 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -231,7 +231,7 @@ impl MessageEncrypter for AeadMessageEncrypter { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls13_aad(total_len)); payload.extend_from_chunks(&msg.payload); - payload.extend_from_slice(&msg.typ.get_array()); + payload.extend_from_slice(&msg.typ.to_array()); self.enc_key .seal_in_place_append_tag(nonce, aad, &mut payload) @@ -292,7 +292,7 @@ impl MessageEncrypter for GcmMessageEncrypter { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls13_aad(total_len)); payload.extend_from_chunks(&msg.payload); - payload.extend_from_slice(&msg.typ.get_array()); + payload.extend_from_slice(&msg.typ.to_array()); self.enc_key .seal_in_place_append_tag(nonce, aad, &mut payload) diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 55742aa699..b44594bcea 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -203,7 +203,7 @@ impl MessageEncrypter for Tls13MessageEncrypter { let nonce = aead::Nonce::assume_unique_for_key(Nonce::new(&self.iv, seq).0); let aad = aead::Aad::from(make_tls13_aad(total_len)); payload.extend_from_chunks(&msg.payload); - payload.extend_from_slice(&msg.typ.get_array()); + payload.extend_from_slice(&msg.typ.to_array()); self.enc_key .seal_in_place_append_tag(nonce, aad, &mut payload) diff --git a/rustls/src/msgs/macros.rs b/rustls/src/msgs/macros.rs index f066f4c6e9..28fe910dc8 100644 --- a/rustls/src/msgs/macros.rs +++ b/rustls/src/msgs/macros.rs @@ -19,6 +19,7 @@ macro_rules! enum_builder { $( $enum_var),* ,Unknown($uint) } + impl $enum_name { $enum_vis fn $get_uint(&self) -> $uint { match self { @@ -29,7 +30,7 @@ macro_rules! enum_builder { // NOTE(allow) generated irrespective if there are callers #[allow(dead_code)] - $enum_vis fn get_array(&self) -> [u8; core::mem::size_of::<$uint>()] { + $enum_vis fn to_array(&self) -> [u8; core::mem::size_of::<$uint>()] { self.$get_uint().to_be_bytes() } @@ -42,6 +43,7 @@ macro_rules! enum_builder { } } } + impl Codec<'_> for $enum_name { // NOTE(allow) fully qualified Vec is only needed in no-std mode #[allow(unused_qualifications)] @@ -56,6 +58,7 @@ macro_rules! enum_builder { } } } + impl From<$uint> for $enum_name { fn from(x: $uint) -> Self { match x { From d09e6e4069159ab387843c17ce2b956e1a11d82b Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 10:30:08 +0100 Subject: [PATCH 0760/1145] Use enum to_array() in more places --- rustls/src/crypto/cipher.rs | 5 +++-- rustls/src/msgs/message/outbound_opaque.rs | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 3c4b42dd2d..5eeee508fc 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -237,11 +237,12 @@ pub const NONCE_LEN: usize = 12; /// See RFC8446 s5.2 for the `additional_data` definition. #[inline] pub fn make_tls13_aad(payload_len: usize) -> [u8; 5] { + let version = ProtocolVersion::TLSv1_2.to_array(); [ ContentType::ApplicationData.get_u8(), // Note: this is `legacy_record_version`, i.e. TLS1.2 even for TLS1.3. - (ProtocolVersion::TLSv1_2.get_u16() >> 8) as u8, - (ProtocolVersion::TLSv1_2.get_u16() & 0xff) as u8, + version[0], + version[1], (payload_len >> 8) as u8, (payload_len & 0xff) as u8, ] diff --git a/rustls/src/msgs/message/outbound_opaque.rs b/rustls/src/msgs/message/outbound_opaque.rs index 1eb559afcc..334d0ec823 100644 --- a/rustls/src/msgs/message/outbound_opaque.rs +++ b/rustls/src/msgs/message/outbound_opaque.rs @@ -52,7 +52,7 @@ impl OutboundOpaqueMessage { let length = self.payload.len() as u16; let mut encoded_payload = self.payload.0; encoded_payload[0] = self.typ.get_u8(); - encoded_payload[1..3].copy_from_slice(&self.version.get_u16().to_be_bytes()); + encoded_payload[1..3].copy_from_slice(&self.version.to_array()); encoded_payload[3..5].copy_from_slice(&(length).to_be_bytes()); encoded_payload } From 4f71a2b82e23ab86f493b0006dbe6c75224dbf46 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 10:32:45 +0100 Subject: [PATCH 0761/1145] Replace enum value getters with From impl --- provider-example/src/hpke.rs | 12 +++++----- rustls/examples/internal/bogo_shim_impl.rs | 5 ++-- rustls/src/client/hs.rs | 4 ++-- rustls/src/crypto/cipher.rs | 6 ++--- rustls/src/msgs/enums.rs | 4 ++-- rustls/src/msgs/handshake.rs | 14 +++++------ rustls/src/msgs/macros.rs | 28 ++++++++++++---------- rustls/src/msgs/message/outbound_opaque.rs | 2 +- rustls/src/server/hs.rs | 2 +- rustls/tests/api.rs | 2 +- 10 files changed, 41 insertions(+), 38 deletions(-) diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index f446b3e459..8fbbd952a1 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -23,16 +23,16 @@ impl HpkeProvider for HpkeRsProvider { fn start(&self, suite: &HpkeSuite) -> Result, Error> { Ok(Box::new(HpkeRs(hpke_rs::Hpke::new( hpke_rs::Mode::Base, - KemAlgorithm::try_from(suite.kem.get_u16()).map_err(other_err)?, - KdfAlgorithm::try_from(suite.sym.kdf_id.get_u16()).map_err(other_err)?, - AeadAlgorithm::try_from(suite.sym.aead_id.get_u16()).map_err(other_err)?, + KemAlgorithm::try_from(u16::from(suite.kem)).map_err(other_err)?, + KdfAlgorithm::try_from(u16::from(suite.sym.kdf_id)).map_err(other_err)?, + AeadAlgorithm::try_from(u16::from(suite.sym.aead_id)).map_err(other_err)?, )))) } fn supports_suite(&self, suite: &HpkeSuite) -> bool { - let kem = KemAlgorithm::try_from(suite.kem.get_u16()).ok(); - let kdf = KdfAlgorithm::try_from(suite.sym.kdf_id.get_u16()).ok(); - let aead = AeadAlgorithm::try_from(suite.sym.aead_id.get_u16()).ok(); + let kem = KemAlgorithm::try_from(u16::from(suite.kem)).ok(); + let kdf = KdfAlgorithm::try_from(u16::from(suite.sym.kdf_id)).ok(); + let aead = AeadAlgorithm::try_from(u16::from(suite.sym.aead_id)).ok(); match (kem, kdf, aead) { (Some(kem), Some(kdf), Some(aead)) => { HpkeRustCrypto::supports_kem(kem).is_ok() diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 839267abbd..43e3830382 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -141,8 +141,9 @@ impl Options { } fn version_allowed(&self, vers: ProtocolVersion) -> bool { - (self.min_version.is_none() || vers.get_u16() >= self.min_version.unwrap().get_u16()) - && (self.max_version.is_none() || vers.get_u16() <= self.max_version.unwrap().get_u16()) + (self.min_version.is_none() || u16::from(vers) >= u16::from(self.min_version.unwrap())) + && (self.max_version.is_none() + || u16::from(vers) <= u16::from(self.max_version.unwrap())) } fn tls13_supported(&self) -> bool { diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index d3ce656280..a4064cea3c 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -291,8 +291,8 @@ fn emit_client_hello_for_retry( return u32::MAX; } - let seed = - (input.hello.extension_order_seed as u32) << 16 | (new_ext.ext_type().get_u16() as u32); + let seed = (input.hello.extension_order_seed as u32) << 16 + | (u16::from(new_ext.ext_type()) as u32); match low_quality_integer_hash(seed) { u32::MAX => 0, key => key, diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 5eeee508fc..1bfce32ef0 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -239,7 +239,7 @@ pub const NONCE_LEN: usize = 12; pub fn make_tls13_aad(payload_len: usize) -> [u8; 5] { let version = ProtocolVersion::TLSv1_2.to_array(); [ - ContentType::ApplicationData.get_u8(), + ContentType::ApplicationData.into(), // Note: this is `legacy_record_version`, i.e. TLS1.2 even for TLS1.3. version[0], version[1], @@ -260,8 +260,8 @@ pub fn make_tls12_aad( ) -> [u8; TLS12_AAD_SIZE] { let mut out = [0; TLS12_AAD_SIZE]; codec::put_u64(seq, &mut out[0..]); - out[8] = typ.get_u8(); - codec::put_u16(vers.get_u16(), &mut out[9..]); + out[8] = typ.into(); + codec::put_u16(vers.into(), &mut out[9..]); codec::put_u16(len as u16, &mut out[11..]); out } diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 5902d67f5a..683a7a8d2e 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -196,8 +196,8 @@ enum_builder! { impl NamedGroup { /// Return the key exchange algorithm associated with this `NamedGroup` - pub fn key_exchange_algorithm(&self) -> KeyExchangeAlgorithm { - match self.get_u16() { + pub fn key_exchange_algorithm(self) -> KeyExchangeAlgorithm { + match u16::from(self) { x if (0x100..0x200).contains(&x) => KeyExchangeAlgorithm::DHE, _ => KeyExchangeAlgorithm::ECDHE, } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 208affe5af..7ed0249c05 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -289,7 +289,7 @@ impl ConvertServerNameList for [ServerName] { let mut seen = BTreeSet::new(); for name in self { - if !seen.insert(name.typ.get_u8()) { + if !seen.insert(u8::from(name.typ)) { return true; } } @@ -859,7 +859,7 @@ impl ClientHelloPayload { let mut seen = BTreeSet::new(); for ext in &self.extensions { - let typ = ext.ext_type().get_u16(); + let typ = u16::from(ext.ext_type()); if seen.contains(&typ) { return true; @@ -954,7 +954,7 @@ impl ClientHelloPayload { let mut seen = BTreeSet::new(); for kse in entries { - let grp = kse.group.get_u16(); + let grp = u16::from(kse.group); if !seen.insert(grp) { return true; @@ -1110,7 +1110,7 @@ impl HelloRetryRequest { let mut seen = BTreeSet::new(); for ext in &self.extensions { - let typ = ext.ext_type().get_u16(); + let typ = u16::from(ext.ext_type()); if seen.contains(&typ) { return true; @@ -1383,7 +1383,7 @@ impl CertificateEntry { let mut seen = BTreeSet::new(); for ext in &self.exts { - let typ = ext.ext_type().get_u16(); + let typ = u16::from(ext.ext_type()); if seen.contains(&typ) { return true; @@ -1810,7 +1810,7 @@ pub(crate) trait HasServerExtensions { let mut seen = BTreeSet::new(); for ext in self.extensions() { - let typ = ext.ext_type().get_u16(); + let typ = u16::from(ext.ext_type()); if seen.contains(&typ) { return true; @@ -2138,7 +2138,7 @@ impl NewSessionTicketPayloadTls13 { let mut seen = BTreeSet::new(); for ext in &self.exts { - let typ = ext.ext_type().get_u16(); + let typ = u16::from(ext.ext_type()); if seen.contains(&typ) { return true; diff --git a/rustls/src/msgs/macros.rs b/rustls/src/msgs/macros.rs index 28fe910dc8..6aa136ba5a 100644 --- a/rustls/src/msgs/macros.rs +++ b/rustls/src/msgs/macros.rs @@ -1,13 +1,13 @@ /// A macro which defines an enum type. macro_rules! enum_builder { ($(#[$comment:meta])* @U8 $($enum:tt)+) => { - enum_builder!(u8: get_u8 $(#[$comment])* $($enum)+); + enum_builder!(u8: $(#[$comment])* $($enum)+); }; ($(#[$comment:meta])* @U16 $($enum:tt)+) => { - enum_builder!(u16: get_u16 $(#[$comment])* $($enum)+); + enum_builder!(u16: $(#[$comment])* $($enum)+); }; ( - $uint:ty: $get_uint:ident + $uint:ty: $(#[$comment:meta])* $enum_vis:vis enum $enum_name:ident { $( $enum_var: ident => $enum_val: expr ),* $(,)? } @@ -21,17 +21,10 @@ macro_rules! enum_builder { } impl $enum_name { - $enum_vis fn $get_uint(&self) -> $uint { - match self { - $( $enum_name::$enum_var => $enum_val),* - ,$enum_name::Unknown(x) => *x - } - } - // NOTE(allow) generated irrespective if there are callers #[allow(dead_code)] - $enum_vis fn to_array(&self) -> [u8; core::mem::size_of::<$uint>()] { - self.$get_uint().to_be_bytes() + $enum_vis fn to_array(self) -> [u8; core::mem::size_of::<$uint>()] { + <$uint>::from(self).to_be_bytes() } // NOTE(allow) generated irrespective if there are callers @@ -48,7 +41,7 @@ macro_rules! enum_builder { // NOTE(allow) fully qualified Vec is only needed in no-std mode #[allow(unused_qualifications)] fn encode(&self, bytes: &mut alloc::vec::Vec) { - self.$get_uint().encode(bytes); + <$uint>::from(*self).encode(bytes); } fn read(r: &mut Reader) -> Result { @@ -67,5 +60,14 @@ macro_rules! enum_builder { } } } + + impl From<$enum_name> for $uint { + fn from(value: $enum_name) -> Self { + match value { + $( $enum_name::$enum_var => $enum_val),* + ,$enum_name::Unknown(x) => x + } + } + } }; } diff --git a/rustls/src/msgs/message/outbound_opaque.rs b/rustls/src/msgs/message/outbound_opaque.rs index 334d0ec823..f59ffbfe58 100644 --- a/rustls/src/msgs/message/outbound_opaque.rs +++ b/rustls/src/msgs/message/outbound_opaque.rs @@ -51,7 +51,7 @@ impl OutboundOpaqueMessage { pub fn encode(self) -> Vec { let length = self.payload.len() as u16; let mut encoded_payload = self.payload.0; - encoded_payload[0] = self.typ.get_u8(); + encoded_payload[0] = self.typ.into(); encoded_payload[1..3].copy_from_slice(&self.version.to_array()); encoded_payload[3..5].copy_from_slice(&(length).to_be_bytes()); encoded_payload diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 20eb0dfcc6..797c8e8b53 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -271,7 +271,7 @@ impl ExpectClientHello { } else { ProtocolVersion::TLSv1_2 } - } else if client_hello.client_version.get_u16() < ProtocolVersion::TLSv1_2.get_u16() { + } else if u16::from(client_hello.client_version) < u16::from(ProtocolVersion::TLSv1_2) { return Err(cx.common.send_fatal_alert( AlertDescription::ProtocolVersion, PeerIncompatible::Tls12NotOffered, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index eb36ac1ee4..0f455b3798 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -795,7 +795,7 @@ fn test_tls13_late_plaintext_alert() { } fn build_alert(level: AlertLevel, desc: AlertDescription, suffix: &[u8]) -> Vec { - let mut v = vec![ ContentType::Alert.get_u8() ]; + let mut v = vec![ContentType::Alert.into()]; ProtocolVersion::TLSv1_2.encode(&mut v); ((2 + suffix.len()) as u16).encode(&mut v); level.encode(&mut v); From 29c3a7421d4ec12abfb2da72ee3221cb447d517e Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 10:44:14 +0100 Subject: [PATCH 0762/1145] Create abstraction for duplicate detection --- rustls/src/msgs/handshake.rs | 107 +++++++++++++---------------------- 1 file changed, 38 insertions(+), 69 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 7ed0249c05..776a80007b 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -286,15 +286,7 @@ pub(crate) trait ConvertServerNameList { impl ConvertServerNameList for [ServerName] { /// RFC6066: "The ServerNameList MUST NOT contain more than one name of the same name_type." fn has_duplicate_names_for_type(&self) -> bool { - let mut seen = BTreeSet::new(); - - for name in self { - if !seen.insert(u8::from(name.typ)) { - return true; - } - } - - false + has_duplicates::<_, _, u8>(self.iter().map(|name| name.typ)) } fn single_hostname(&self) -> Option> { @@ -856,18 +848,11 @@ impl ClientHelloPayload { /// Returns true if there is more than one extension of a given /// type. pub(crate) fn has_duplicate_extension(&self) -> bool { - let mut seen = BTreeSet::new(); - - for ext in &self.extensions { - let typ = u16::from(ext.ext_type()); - - if seen.contains(&typ) { - return true; - } - seen.insert(typ); - } - - false + has_duplicates::<_, _, u16>( + self.extensions + .iter() + .map(|ext| ext.ext_type()), + ) } pub(crate) fn find_extension(&self, ext: ExtensionType) -> Option<&ClientExtension> { @@ -1107,18 +1092,11 @@ impl HelloRetryRequest { /// Returns true if there is more than one extension of a given /// type. pub(crate) fn has_duplicate_extension(&self) -> bool { - let mut seen = BTreeSet::new(); - - for ext in &self.extensions { - let typ = u16::from(ext.ext_type()); - - if seen.contains(&typ) { - return true; - } - seen.insert(typ); - } - - false + has_duplicates::<_, _, u16>( + self.extensions + .iter() + .map(|ext| ext.ext_type()), + ) } pub(crate) fn has_unknown_extension(&self) -> bool { @@ -1380,18 +1358,11 @@ impl CertificateEntry { } pub(crate) fn has_duplicate_extension(&self) -> bool { - let mut seen = BTreeSet::new(); - - for ext in &self.exts { - let typ = u16::from(ext.ext_type()); - - if seen.contains(&typ) { - return true; - } - seen.insert(typ); - } - - false + has_duplicates::<_, _, u16>( + self.exts + .iter() + .map(|ext| ext.ext_type()), + ) } pub(crate) fn has_unknown_extension(&self) -> bool { @@ -1807,18 +1778,11 @@ pub(crate) trait HasServerExtensions { /// Returns true if there is more than one extension of a given /// type. fn has_duplicate_extension(&self) -> bool { - let mut seen = BTreeSet::new(); - - for ext in self.extensions() { - let typ = u16::from(ext.ext_type()); - - if seen.contains(&typ) { - return true; - } - seen.insert(typ); - } - - false + has_duplicates::<_, _, u16>( + self.extensions() + .iter() + .map(|ext| ext.ext_type()), + ) } fn find_extension(&self, ext: ExtensionType) -> Option<&ServerExtension> { @@ -2135,18 +2099,11 @@ impl NewSessionTicketPayloadTls13 { } pub(crate) fn has_duplicate_extension(&self) -> bool { - let mut seen = BTreeSet::new(); - - for ext in &self.exts { - let typ = u16::from(ext.ext_type()); - - if seen.contains(&typ) { - return true; - } - seen.insert(typ); - } - - false + has_duplicates::<_, _, u16>( + self.exts + .iter() + .map(|ext| ext.ext_type()), + ) } pub(crate) fn find_extension(&self, ext: ExtensionType) -> Option<&NewSessionTicketExtension> { @@ -2586,3 +2543,15 @@ impl Codec<'_> for EchConfig { impl TlsListElement for EchConfig { const SIZE_LEN: ListLength = ListLength::U16; } + +fn has_duplicates, E: Into, T: Eq + Ord>(iter: I) -> bool { + let mut seen = BTreeSet::new(); + + for x in iter { + if !seen.insert(x.into()) { + return true; + } + } + + false +} From 15535493295ac6c9c461eca36738e8ac6c0129be Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 16:53:43 +0200 Subject: [PATCH 0763/1145] add std feature Since aws-lc-rs doesn't support no-std it's moved from the default features to the std features. Similarly we must tweak our `once_cell` usage to provide the `race` feature for builds without `std`. See the upstream[0] docs section on "Does this crate support no_std?" for some important caveats. [0]: https://docs.rs/once_cell/latest/once_cell/ --- provider-example/Cargo.toml | 2 +- rustls/Cargo.toml | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 1ae2918516..dedca2f25d 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -18,7 +18,7 @@ p256 = { version = "0.13.2", default-features = false, features = ["alloc", "ecd pkcs8 = "0.10.2" pki-types = { package = "rustls-pki-types", version = "1" } rand_core = { version = "0.6", features = ["getrandom"] } -rustls = { path = "../rustls", default-features = false, features = ["logging", "tls12"] } +rustls = { path = "../rustls", default-features = false, features = ["logging", "std", "tls12"] } rsa = { version = "0.9", features = ["sha2"], default-features = false } sha2 = { version = "0.10", default-features = false } signature = "2" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index ff4555c446..666446bf92 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -19,20 +19,21 @@ rustversion = { version = "1.0.6", optional = true } aws-lc-rs = { version = "1.6", optional = true, default-features = false, features = ["aws-lc-sys"] } log = { version = "0.4.4", optional = true } # remove once our MSRV is >= 1.70 -once_cell = "1" +once_cell = { version = "1.16", default-features = false, features = ["alloc", "race"] } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } -webpki = { package = "rustls-webpki", version = "0.102.2", features = ["std"], default-features = false } -pki-types = { package = "rustls-pki-types", version = "1.2", features = ["std"] } +webpki = { package = "rustls-webpki", version = "0.102.2", features = ["alloc"], default-features = false } +pki-types = { package = "rustls-pki-types", version = "1.2", features = ["alloc"] } zeroize = "1.7" [features] -default = ["aws_lc_rs", "logging", "tls12"] +default = ["logging", "std", "tls12"] +std = ["aws_lc_rs", "webpki/std", "pki-types/std", "once_cell/std"] logging = ["log"] -aws_lc_rs = ["dep:aws-lc-rs", "webpki/aws_lc_rs"] +aws_lc_rs = ["dep:aws-lc-rs", "webpki/aws_lc_rs", "std"] ring = ["dep:ring", "webpki/ring"] tls12 = [] -read_buf = ["rustversion"] +read_buf = ["rustversion", "std"] fips = ["aws_lc_rs", "aws-lc-rs?/fips"] [dev-dependencies] From e3ebc823893af2708aa67745ee9e96219a498e20 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Wed, 6 Dec 2023 15:31:26 -0500 Subject: [PATCH 0764/1145] no_std: rm use of `std` in `builder` --- rustls/src/builder.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 03a70408f6..aad5276654 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -3,10 +3,10 @@ use crate::versions; use crate::{crypto::CryptoProvider, msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS}; use alloc::format; +use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; use core::marker::PhantomData; -use std::sync::Arc; #[cfg(doc)] use crate::{ClientConfig, ServerConfig}; From 96b217bb22df832097f26843d6c7420eac1df9b5 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 17:45:21 +0200 Subject: [PATCH 0765/1145] no-std: add TimeProvider to ClientConfig For no-std users, the new `ClientConfig::builder_with_details()` must be used, which requires a `TimeProvider` implementation up-front. For std builds, the `ClientConfig` uses the `DefaultTimeProvider` for existing `ClientConfig::builder*` functions. --- rustls/src/builder.rs | 4 +++ rustls/src/client/builder.rs | 5 +++ rustls/src/client/client_conn.rs | 53 ++++++++++++++++++++++++++++++-- rustls/src/client/hs.rs | 9 ++++-- rustls/src/client/tls12.rs | 17 ++++++++-- rustls/src/client/tls13.rs | 13 ++++++-- rustls/src/lib.rs | 2 ++ rustls/src/server/server_conn.rs | 6 +++- rustls/src/time_provider.rs | 30 ++++++++++++++++++ rustls/tests/api.rs | 18 ++++++++--- 10 files changed, 141 insertions(+), 16 deletions(-) create mode 100644 rustls/src/time_provider.rs diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index aad5276654..4ccd82b891 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -1,4 +1,5 @@ use crate::error::Error; +use crate::time_provider::TimeProvider; use crate::versions; use crate::{crypto::CryptoProvider, msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS}; @@ -184,6 +185,7 @@ impl fmt::Debug for ConfigBuilder, + pub(crate) time_provider: Arc, } impl ConfigBuilder { @@ -248,6 +250,7 @@ impl ConfigBuilder { state: WantsVerifier { provider: self.state.provider, versions: versions::EnabledVersions::new(versions), + time_provider: self.state.time_provider, }, side: self.side, }) @@ -261,6 +264,7 @@ impl ConfigBuilder { pub struct WantsVerifier { pub(crate) provider: Arc, pub(crate) versions: versions::EnabledVersions, + pub(crate) time_provider: Arc, } /// Helper trait to abstract [`ConfigBuilder`] over building a [`ClientConfig`] or [`ServerConfig`]. diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index f57f38fc39..ac2df168c1 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -5,6 +5,7 @@ use crate::crypto::CryptoProvider; use crate::error::Error; use crate::key_log::NoKeyLog; use crate::msgs::handshake::CertificateChain; +use crate::time_provider::TimeProvider; use crate::webpki::{self, WebPkiServerVerifier}; use crate::{verify, versions}; @@ -56,6 +57,7 @@ impl ConfigBuilder { provider: self.state.provider, versions: self.state.versions, verifier, + time_provider: self.state.time_provider, }, side: PhantomData, } @@ -94,6 +96,7 @@ pub(super) mod danger { provider: self.cfg.state.provider, versions: self.cfg.state.versions, verifier, + time_provider: self.cfg.state.time_provider, }, side: PhantomData, } @@ -110,6 +113,7 @@ pub struct WantsClientCert { provider: Arc, versions: versions::EnabledVersions, verifier: Arc, + time_provider: Arc, } impl ConfigBuilder { @@ -161,6 +165,7 @@ impl ConfigBuilder { enable_early_data: false, #[cfg(feature = "tls12")] require_ems: cfg!(feature = "fips"), + time_provider: self.state.time_provider, } } } diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index f46f42ec4c..a8e6560258 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -11,15 +11,20 @@ use crate::msgs::handshake::ClientExtension; use crate::msgs::persist; use crate::sign; use crate::suites::{ExtractedSecrets, SupportedCipherSuite}; +#[cfg(feature = "std")] +use crate::time_provider::DefaultTimeProvider; +use crate::time_provider::TimeProvider; use crate::unbuffered::{EncryptError, TransmitTlsData}; use crate::versions; use crate::KeyLog; -use crate::{verify, WantsVerifier, WantsVersions}; +#[cfg(feature = "std")] +use crate::WantsVerifier; +use crate::{verify, WantsVersions}; use super::handy::{ClientSessionMemoryCache, NoClientSessionStorage}; use super::hs; -use pki_types::ServerName; +use pki_types::{ServerName, UnixTime}; use alloc::sync::Arc; use alloc::vec::Vec; @@ -206,6 +211,9 @@ pub struct ClientConfig { #[cfg(feature = "tls12")] pub require_ems: bool, + /// Provides the current system time + pub time_provider: Arc, + /// Source of randomness and other crypto. pub(super) provider: Arc, @@ -223,6 +231,7 @@ impl ClientConfig { /// and safe protocol version defaults. /// /// For more information, see the [`ConfigBuilder`] documentation. + #[cfg(feature = "std")] pub fn builder() -> ConfigBuilder { Self::builder_with_protocol_versions(versions::DEFAULT_VERSIONS) } @@ -239,6 +248,7 @@ impl ClientConfig { /// the crate features and process default. /// /// For more information, see the [`ConfigBuilder`] documentation. + #[cfg(feature = "std")] pub fn builder_with_protocol_versions( versions: &[&'static versions::SupportedProtocolVersion], ) -> ConfigBuilder { @@ -260,11 +270,41 @@ impl ClientConfig { /// version is not supported by the provider's ciphersuites. /// /// For more information, see the [`ConfigBuilder`] documentation. + #[cfg(feature = "std")] pub fn builder_with_provider( provider: Arc, ) -> ConfigBuilder { ConfigBuilder { - state: WantsVersions { provider }, + state: WantsVersions { + provider, + time_provider: Arc::new(DefaultTimeProvider), + }, + side: PhantomData, + } + } + /// Create a builder for a client configuration with no default implementation details. + /// + /// This API must be used by `no_std` users. + /// + /// You must provide a specific [`TimeProvider`]. + /// + /// You must provide a specific [`CryptoProvider`]. + /// + /// This will use the provider's configured ciphersuites. You must additionally choose + /// which protocol versions to enable, using `with_protocol_versions` or + /// `with_safe_default_protocol_versions` and handling the `Result` in case a protocol + /// version is not supported by the provider's ciphersuites. + /// + /// For more information, see the [`ConfigBuilder`] documentation. + pub fn builder_with_details( + provider: Arc, + time_provider: Arc, + ) -> ConfigBuilder { + ConfigBuilder { + state: WantsVersions { + provider, + time_provider, + }, side: PhantomData, } } @@ -327,6 +367,12 @@ impl ClientConfig { .copied() .find(|skxg| skxg.name() == group) } + + pub(super) fn current_time(&self) -> Result { + self.time_provider + .current_time() + .ok_or(Error::FailedToGetCurrentTime) + } } impl Clone for ClientConfig { @@ -345,6 +391,7 @@ impl Clone for ClientConfig { enable_early_data: self.enable_early_data, #[cfg(feature = "tls12")] require_ems: self.require_ems, + time_provider: Arc::clone(&self.time_provider), } } } diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index a4064cea3c..ed6e85256c 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -30,7 +30,7 @@ use crate::client::client_conn::ClientConnectionData; use crate::client::common::ClientHelloDetails; use crate::client::{tls13, ClientConfig}; -use pki_types::{ServerName, UnixTime}; +use pki_types::ServerName; use alloc::borrow::ToOwned; use alloc::boxed::Box; @@ -68,7 +68,12 @@ fn find_session( None }) .and_then(|resuming| { - let retrieved = persist::Retrieved::new(resuming, UnixTime::now()); + let now = config + .current_time() + .map_err(|_err| debug!("Could not get current time: {_err}")) + .ok()?; + + let retrieved = persist::Retrieved::new(resuming, now); match retrieved.has_expired() { false => Some(retrieved), true => None, diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 197317785b..65ffbb428e 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -28,7 +28,7 @@ use crate::client::common::ClientAuthDetails; use crate::client::common::ServerCertDetails; use crate::client::{hs, ClientConfig}; -use pki_types::{ServerName, UnixTime}; +use pki_types::ServerName; use subtle::ConstantTimeEq; use alloc::borrow::ToOwned; @@ -857,6 +857,9 @@ impl State for ExpectServerDone<'_> { .cert_chain .split_first() .ok_or(Error::NoCertificatesPresented)?; + + let now = st.config.current_time()?; + let cert_verified = st .config .verifier @@ -865,7 +868,7 @@ impl State for ExpectServerDone<'_> { intermediates, &st.server_name, &st.server_cert.ocsp_response, - UnixTime::now(), + now, ) .map_err(|err| { cx.common @@ -1163,6 +1166,14 @@ impl ExpectFinished { return; } + let now = match self.config.current_time() { + Ok(now) => now, + Err(_) => { + debug!("Could not get current time"); + return; + } + }; + let session_value = persist::Tls12ClientSessionValue::new( self.secrets.suite(), self.session_id, @@ -1172,7 +1183,7 @@ impl ExpectFinished { .peer_certificates .clone() .unwrap_or_default(), - UnixTime::now(), + now, lifetime, self.using_ems, ); diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index ba1b8287b5..d9ddd65c7d 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -40,7 +40,7 @@ use crate::client::common::ServerCertDetails; use crate::client::common::{ClientAuthDetails, ClientHelloDetails}; use crate::client::{hs, ClientConfig, ClientSessionStore}; -use pki_types::{ServerName, UnixTime}; +use pki_types::ServerName; use subtle::ConstantTimeEq; use alloc::boxed::Box; @@ -713,6 +713,9 @@ impl State for ExpectCertificateVerify<'_> { .cert_chain .split_first() .ok_or(Error::NoCertificatesPresented)?; + + let now = self.config.current_time()?; + let cert_verified = self .config .verifier @@ -721,7 +724,7 @@ impl State for ExpectCertificateVerify<'_> { intermediates, &self.server_name, &self.server_cert.ocsp_response, - UnixTime::now(), + now, ) .map_err(|err| { cx.common @@ -968,6 +971,7 @@ impl State for ExpectFinished { .start_traffic(&mut cx.sendable_plaintext); let st = ExpectTraffic { + config: Arc::clone(&st.config), session_storage: Arc::clone(&st.config.resumption.store), server_name: st.server_name, suite: st.suite, @@ -993,6 +997,7 @@ impl State for ExpectFinished { // In this state we can be sent tickets, key updates, // and application data. struct ExpectTraffic { + config: Arc, session_storage: Arc, server_name: ServerName<'static>, suite: &'static Tls13CipherSuite, @@ -1021,6 +1026,8 @@ impl ExpectTraffic { .key_schedule .resumption_master_secret_and_derive_ticket_psk(&handshake_hash, &nst.nonce.0); + let now = self.config.current_time()?; + #[allow(unused_mut)] let mut value = persist::Tls13ClientSessionValue::new( self.suite, @@ -1030,7 +1037,7 @@ impl ExpectTraffic { .peer_certificates .clone() .unwrap_or_default(), - UnixTime::now(), + now, nst.lifetime, nst.age_add, nst.max_early_data_size() diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index cb0366fd25..9d8cbfc6e8 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -612,3 +612,5 @@ pub mod ticketer; /// This is the rustls manual. pub mod manual; + +pub mod time_provider; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 79f7d2b22b..7190144336 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -10,6 +10,7 @@ use crate::msgs::base::Payload; use crate::msgs::handshake::{ClientHelloPayload, ProtocolName, ServerExtension}; use crate::msgs::message::Message; use crate::suites::ExtractedSecrets; +use crate::time_provider::{DefaultTimeProvider, TimeProvider}; use crate::vecbuf::ChunkVecBuffer; use crate::verify; use crate::versions; @@ -400,7 +401,10 @@ impl ServerConfig { provider: Arc, ) -> ConfigBuilder { ConfigBuilder { - state: WantsVersions { provider }, + state: WantsVersions { + provider, + time_provider: Arc::new(DefaultTimeProvider), + }, side: PhantomData, } } diff --git a/rustls/src/time_provider.rs b/rustls/src/time_provider.rs new file mode 100644 index 0000000000..e43f4d6ddf --- /dev/null +++ b/rustls/src/time_provider.rs @@ -0,0 +1,30 @@ +//! The library's source of time. + +use core::fmt::Debug; + +use pki_types::UnixTime; + +/// An object that provides the current time. +/// +/// This is used to, for example, check if a certificate has expired during +/// certificate validation, or to check the age of a ticket. +pub trait TimeProvider: Debug + Send + Sync { + /// Returns the current wall time. + /// + /// This is not required to be monotonic. + /// + /// Return `None` if unable to retrieve the time. + fn current_time(&self) -> Option; +} + +#[derive(Debug)] +#[cfg(feature = "std")] +/// Default `TimeProvider` implementation that uses `std` +pub struct DefaultTimeProvider; + +#[cfg(feature = "std")] +impl TimeProvider for DefaultTimeProvider { + fn current_time(&self) -> Option { + Some(UnixTime::now()) + } +} diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 0f455b3798..383916baa3 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -332,6 +332,16 @@ fn config_builder_for_server_rejects_incompatible_cipher_suites() { ); } +#[test] +fn config_builder_for_client_with_time() { + ClientConfig::builder_with_details( + provider::default_provider().into(), + Arc::new(rustls::time_provider::DefaultTimeProvider), + ) + .with_safe_default_protocol_versions() + .unwrap(); +} + #[test] fn buffered_client_data_sent() { let server_config = Arc::new(make_server_config(KeyType::Rsa)); @@ -497,10 +507,10 @@ fn test_config_builders_debug() { } .into(), ); - assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, time_provider: DefaultTimeProvider } }", format!("{:?}", b)); let b = server_config_builder_with_versions(&[&rustls::version::TLS13]); assert_eq!( - "ConfigBuilder { state: WantsVerifier { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3] } }", + "ConfigBuilder { state: WantsVerifier { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3], time_provider: DefaultTimeProvider } }", format!("{:?}", b) ); let b = b.with_no_client_auth(); @@ -514,10 +524,10 @@ fn test_config_builders_debug() { } .into(), ); - assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring } } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, time_provider: DefaultTimeProvider } }", format!("{:?}", b)); let b = client_config_builder_with_versions(&[&rustls::version::TLS13]); assert_eq!( - "ConfigBuilder { state: WantsVerifier { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3] } }", + "ConfigBuilder { state: WantsVerifier { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3], time_provider: DefaultTimeProvider } }", format!("{:?}", b) ); } From 956062816caa8eb9d82228ddc481b7e1cb981312 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 16:57:25 +0200 Subject: [PATCH 0766/1145] no-std: remove field from `OtherError` --- rustls/src/error.rs | 88 +++++++++++++++++++++++++++------------- rustls/src/webpki/mod.rs | 14 +++++-- 2 files changed, 70 insertions(+), 32 deletions(-) diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 3ac65772ba..f9d4ddd9d3 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -4,7 +4,6 @@ use crate::rand; use alloc::format; use alloc::string::String; -use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; use std::error::Error as StdError; @@ -387,7 +386,7 @@ impl From for AlertDescription { // certificate_unknown // Some other (unspecified) issue arose in processing the // certificate, rendering it unacceptable. - Other(_) => Self::CertificateUnknown, + Other(..) => Self::CertificateUnknown, } } } @@ -544,43 +543,64 @@ impl From for Error { } } -/// Any other error that cannot be expressed by a more specific [`Error`] variant. -/// -/// For example, an `OtherError` could be produced by a custom crypto provider -/// exposing a provider specific error. -/// -/// Enums holding this type will never compare equal to each other. -#[derive(Debug, Clone)] -pub struct OtherError(pub Arc); +mod other_error { + #[cfg(feature = "std")] + use alloc::sync::Arc; + use core::fmt; + #[cfg(feature = "std")] + use std::error::Error as StdError; -impl PartialEq for OtherError { - fn eq(&self, _other: &Self) -> bool { - false + use super::Error; + + /// Any other error that cannot be expressed by a more specific [`Error`] variant. + /// + /// For example, an `OtherError` could be produced by a custom crypto provider + /// exposing a provider specific error. + /// + /// Enums holding this type will never compare equal to each other. + #[derive(Debug, Clone)] + pub struct OtherError(#[cfg(feature = "std")] pub Arc); + + impl PartialEq for OtherError { + fn eq(&self, _other: &Self) -> bool { + false + } } -} -impl From for Error { - fn from(value: OtherError) -> Self { - Self::Other(value) + impl From for Error { + fn from(value: OtherError) -> Self { + Self::Other(value) + } } -} -impl fmt::Display for OtherError { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "{}", self.0) + impl fmt::Display for OtherError { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + #[cfg(feature = "std")] + { + write!(f, "{}", self.0) + } + #[cfg(not(feature = "std"))] + { + f.write_str("no further information available") + } + } } -} -impl StdError for OtherError { - fn source(&self) -> Option<&(dyn StdError + 'static)> { - Some(self.0.as_ref()) + #[cfg(feature = "std")] + impl StdError for OtherError { + fn source(&self) -> Option<&(dyn StdError + 'static)> { + Some(self.0.as_ref()) + } } } +pub use other_error::OtherError; + #[cfg(test)] mod tests { use super::{Error, InvalidMessage}; - use crate::error::{CertRevocationListError, OtherError}; + use crate::error::CertRevocationListError; + use crate::error::OtherError; #[test] fn certificate_error_equality() { @@ -598,7 +618,10 @@ mod tests { ApplicationVerificationFailure, ApplicationVerificationFailure ); - let other = Other(OtherError(alloc::sync::Arc::from(Box::from("")))); + let other = Other(OtherError( + #[cfg(feature = "std")] + alloc::sync::Arc::from(Box::from("")), + )); assert_ne!(other, other); assert_ne!(BadEncoding, Expired); } @@ -619,12 +642,16 @@ mod tests { assert_eq!(UnsupportedDeltaCrl, UnsupportedDeltaCrl); assert_eq!(UnsupportedIndirectCrl, UnsupportedIndirectCrl); assert_eq!(UnsupportedRevocationReason, UnsupportedRevocationReason); - let other = Other(OtherError(alloc::sync::Arc::from(Box::from("")))); + let other = Other(OtherError( + #[cfg(feature = "std")] + alloc::sync::Arc::from(Box::from("")), + )); assert_ne!(other, other); assert_ne!(BadSignature, InvalidCrlNumber); } #[test] + #[cfg(feature = "std")] fn other_error_equality() { let other_error = OtherError(alloc::sync::Arc::from(Box::from(""))); assert_ne!(other_error, other_error); @@ -660,7 +687,10 @@ mod tests { Error::NoApplicationProtocol, Error::BadMaxFragmentSize, Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), - Error::Other(OtherError(alloc::sync::Arc::from(Box::from("")))), + Error::Other(OtherError( + #[cfg(feature = "std")] + alloc::sync::Arc::from(Box::from("")), + )), ]; for err in all { diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index f275bd6d53..1491b8d762 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -1,3 +1,4 @@ +#[cfg(feature = "std")] use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; @@ -75,7 +76,11 @@ fn pki_error(error: webpki::Error) -> Error { CertRevocationListError::BadSignature.into() } - _ => CertificateError::Other(OtherError(Arc::new(error))).into(), + _ => CertificateError::Other(OtherError( + #[cfg(feature = "std")] + Arc::new(error), + )) + .into(), } } @@ -95,7 +100,10 @@ fn crl_error(e: webpki::Error) -> CertRevocationListError { UnsupportedIndirectCrl => CertRevocationListError::UnsupportedIndirectCrl, UnsupportedRevocationReason => CertRevocationListError::UnsupportedRevocationReason, - _ => CertRevocationListError::Other(OtherError(Arc::new(e))), + _ => CertRevocationListError::Other(OtherError( + #[cfg(feature = "std")] + Arc::new(e), + )), } } @@ -184,7 +192,7 @@ mod tests { assert!(matches!( crl_error(webpki::Error::NameConstraintViolation), - Other(_) + Other(..) )); } } From 0cbe92bd6d2247e244466ac054985276436a9cad Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:19:11 +0200 Subject: [PATCH 0767/1145] no-std: rm TicketSwitcher will be back in phase II --- rustls/src/lib.rs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 9d8cbfc6e8..04841297be 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -507,7 +507,11 @@ pub use crate::msgs::enums::NamedGroup; pub use crate::msgs::ffdhe_groups; pub use crate::msgs::handshake::DistinguishedName; pub use crate::stream::{Stream, StreamOwned}; -pub use crate::suites::{ConnectionTrafficSecrets, ExtractedSecrets, SupportedCipherSuite}; +pub use crate::suites::{ + CipherSuiteCommon, ConnectionTrafficSecrets, ExtractedSecrets, SupportedCipherSuite, +}; +#[cfg(feature = "std")] +pub use crate::ticketer::TicketSwitcher; #[cfg(feature = "tls12")] pub use crate::tls12::Tls12CipherSuite; pub use crate::tls13::Tls13CipherSuite; @@ -607,6 +611,7 @@ pub mod sign { /// APIs for implementing QUIC TLS pub mod quic; +#[cfg(feature = "std")] /// APIs for implementing TLS tickets pub mod ticketer; From df9c28caa22b681b61fec6200c0e69084fae198e Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:28:19 +0200 Subject: [PATCH 0768/1145] no-std: add TimeProvider to ServerConfig no-std users must use the new ServerConfig::builder_with_details(), which requires a `TimeProvider` to be provided up-front. For std builds, the `ServerConfig` uses the `DefaultTimeProvider` for existing, other `ServerConfig::builder*` functions. --- rustls/src/msgs/persist.rs | 2 +- rustls/src/server/builder.rs | 4 +++ rustls/src/server/server_conn.rs | 52 +++++++++++++++++++++++++++++--- rustls/src/server/tls12.rs | 22 ++++++++------ rustls/src/server/tls13.rs | 24 +++++++-------- rustls/tests/api.rs | 12 +++++++- 6 files changed, 89 insertions(+), 27 deletions(-) diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index 2a9e6b555f..f5d41f4ae2 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -406,9 +406,9 @@ impl ServerSessionValue { #[cfg(test)] mod tests { use super::*; - use crate::enums::*; use crate::msgs::codec::{Codec, Reader}; + #[cfg(feature = "std")] #[test] fn serversessionvalue_is_debug() { let ssv = ServerSessionValue::new( diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index bbf85880eb..2165f5c539 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -4,6 +4,7 @@ use crate::error::Error; use crate::msgs::handshake::CertificateChain; use crate::server::handy; use crate::server::{ResolvesServerCert, ServerConfig}; +use crate::time_provider::TimeProvider; use crate::verify::{ClientCertVerifier, NoClientAuth}; use crate::versions; use crate::NoKeyLog; @@ -25,6 +26,7 @@ impl ConfigBuilder { provider: self.state.provider, versions: self.state.versions, verifier: client_cert_verifier, + time_provider: self.state.time_provider, }, side: PhantomData, } @@ -45,6 +47,7 @@ pub struct WantsServerCert { provider: Arc, versions: versions::EnabledVersions, verifier: Arc, + time_provider: Arc, } impl ConfigBuilder { @@ -126,6 +129,7 @@ impl ConfigBuilder { send_tls13_tickets: 4, #[cfg(feature = "tls12")] require_ems: cfg!(feature = "fips"), + time_provider: self.state.time_provider, } } } diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 7190144336..eef8e46bab 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -10,16 +10,20 @@ use crate::msgs::base::Payload; use crate::msgs::handshake::{ClientHelloPayload, ProtocolName, ServerExtension}; use crate::msgs::message::Message; use crate::suites::ExtractedSecrets; -use crate::time_provider::{DefaultTimeProvider, TimeProvider}; +#[cfg(feature = "std")] +use crate::time_provider::DefaultTimeProvider; +use crate::time_provider::TimeProvider; use crate::vecbuf::ChunkVecBuffer; use crate::verify; use crate::versions; use crate::KeyLog; -use crate::{sign, WantsVerifier, WantsVersions}; +#[cfg(feature = "std")] +use crate::WantsVerifier; +use crate::{sign, WantsVersions}; use super::hs; -use pki_types::DnsName; +use pki_types::{DnsName, UnixTime}; use alloc::boxed::Box; use alloc::sync::Arc; @@ -255,7 +259,7 @@ pub struct ServerConfig { /// Supported protocol versions, in no particular order. /// The default is all supported versions. - pub(super) versions: crate::versions::EnabledVersions, + pub(super) versions: versions::EnabledVersions, /// How to verify client certificates. pub(super) verifier: Arc, @@ -328,6 +332,9 @@ pub struct ServerConfig { /// [FIPS 140-3 IG.pdf]: https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf #[cfg(feature = "tls12")] pub require_ems: bool, + + /// Provides the current system time + pub time_provider: Arc, } // Avoid a `Clone` bound on `C`. @@ -350,6 +357,7 @@ impl Clone for ServerConfig { send_tls13_tickets: self.send_tls13_tickets, #[cfg(feature = "tls12")] require_ems: self.require_ems, + time_provider: Arc::clone(&self.time_provider), } } } @@ -360,6 +368,7 @@ impl ServerConfig { /// and safe protocol version defaults. /// /// For more information, see the [`ConfigBuilder`] documentation. + #[cfg(feature = "std")] pub fn builder() -> ConfigBuilder { Self::builder_with_protocol_versions(versions::DEFAULT_VERSIONS) } @@ -376,6 +385,7 @@ impl ServerConfig { /// the crate features and process default. /// /// For more information, see the [`ConfigBuilder`] documentation. + #[cfg(feature = "std")] pub fn builder_with_protocol_versions( versions: &[&'static versions::SupportedProtocolVersion], ) -> ConfigBuilder { @@ -397,6 +407,7 @@ impl ServerConfig { /// version is not supported by the provider's ciphersuites. /// /// For more information, see the [`ConfigBuilder`] documentation. + #[cfg(feature = "std")] pub fn builder_with_provider( provider: Arc, ) -> ConfigBuilder { @@ -409,6 +420,33 @@ impl ServerConfig { } } + /// Create a builder for a server configuration with no default implementation details. + /// + /// This API must be used by `no_std` users. + /// + /// You must provide a specific [`TimeProvider`]. + /// + /// You must provide a specific [`CryptoProvider`]. + /// + /// This will use the provider's configured ciphersuites. You must additionally choose + /// which protocol versions to enable, using `with_protocol_versions` or + /// `with_safe_default_protocol_versions` and handling the `Result` in case a protocol + /// version is not supported by the provider's ciphersuites. + /// + /// For more information, see the [`ConfigBuilder`] documentation. + pub fn builder_with_details( + provider: Arc, + time_provider: Arc, + ) -> ConfigBuilder { + ConfigBuilder { + state: WantsVersions { + provider, + time_provider, + }, + side: PhantomData, + } + } + /// Return `true` if connections made with this `ServerConfig` will /// operate in FIPS mode. /// @@ -445,6 +483,12 @@ impl ServerConfig { .iter() .any(|cs| cs.usable_for_protocol(proto)) } + + pub(super) fn current_time(&self) -> Result { + self.time_provider + .current_time() + .ok_or(Error::FailedToGetCurrentTime) + } } /// Allows reading of early data in resumed TLS1.3 connections. diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 3988a8e59c..8824ab8817 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -298,12 +298,15 @@ mod client_hello { cx.common.peer_certificates = resumedata.client_cert_chain; if self.send_ticket { + let now = self.config.current_time()?; + emit_ticket( &secrets, &mut self.transcript, self.using_ems, cx, &*self.config.ticketer, + now, )?; } emit_ccs(cx.common); @@ -538,9 +541,11 @@ impl State for ExpectCertificate { None } Some((end_entity, intermediates)) => { + let now = self.config.current_time()?; + self.config .verifier - .verify_client_cert(end_entity, intermediates, UnixTime::now()) + .verify_client_cert(end_entity, intermediates, now) .map_err(|err| { cx.common .send_cert_verify_error_alert(err) @@ -832,9 +837,9 @@ fn emit_ticket( using_ems: bool, cx: &mut ServerContext<'_>, ticketer: &dyn ProducesTickets, + now: UnixTime, ) -> Result<(), Error> { - let plain = - get_server_connection_value_tls12(secrets, using_ems, cx, UnixTime::now()).get_encoding(); + let plain = get_server_connection_value_tls12(secrets, using_ems, cx, now).get_encoding(); // If we can't produce a ticket for some reason, we can't // report an error. Send an empty one. @@ -928,12 +933,9 @@ impl State for ExpectFinished { // Save connection, perhaps if !self.resuming && !self.session_id.is_empty() { - let value = get_server_connection_value_tls12( - &self.secrets, - self.using_ems, - cx, - UnixTime::now(), - ); + let now = self.config.current_time()?; + + let value = get_server_connection_value_tls12(&self.secrets, self.using_ems, cx, now); let worked = self .config @@ -950,12 +952,14 @@ impl State for ExpectFinished { self.transcript.add_message(&m); if !self.resuming { if self.send_ticket { + let now = self.config.current_time()?; emit_ticket( &self.secrets, &mut self.transcript, self.using_ems, cx, &*self.config.ticketer, + now, )?; } emit_ccs(cx.common); diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index c82cc7e71b..e1f73f0bd1 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -279,10 +279,12 @@ mod client_hello { } for (i, psk_id) in psk_offer.identities.iter().enumerate() { + let now = self.config.current_time()?; + let resume = match self .attempt_tls13_ticket_decryption(&psk_id.identity.0) .map(|resumedata| { - resumedata.set_freshness(psk_id.obfuscated_ticket_age, UnixTime::now()) + resumedata.set_freshness(psk_id.obfuscated_ticket_age, now) }) .filter(|resumedata| { hs::can_resume(self.suite.into(), &cx.data.sni, false, resumedata) @@ -903,9 +905,11 @@ impl State for ExpectCertificate { Some(chain) => chain, }; + let now = self.config.current_time()?; + self.config .verifier - .verify_client_cert(end_entity, intermediates, UnixTime::now()) + .verify_client_cert(end_entity, intermediates, now) .map_err(|err| { cx.common .send_cert_verify_error_alert(err) @@ -1098,16 +1102,12 @@ impl ExpectFinished { let secure_random = config.provider.secure_random; let nonce = rand::random_vec(secure_random, 32)?; let age_add = rand::random_u32(secure_random)?; - let plain = get_server_session_value( - transcript, - suite, - key_schedule, - cx, - &nonce, - UnixTime::now(), - age_add, - ) - .get_encoding(); + + let now = config.current_time()?; + + let plain = + get_server_session_value(transcript, suite, key_schedule, cx, &nonce, now, age_add) + .get_encoding(); let stateless = config.ticketer.enabled(); let (ticket, lifetime) = if stateless { diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 383916baa3..3570dd3b2a 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -342,6 +342,16 @@ fn config_builder_for_client_with_time() { .unwrap(); } +#[test] +fn config_builder_for_server_with_time() { + ServerConfig::builder_with_details( + provider::default_provider().into(), + Arc::new(rustls::time_provider::DefaultTimeProvider), + ) + .with_safe_default_protocol_versions() + .unwrap(); +} + #[test] fn buffered_client_data_sent() { let server_config = Arc::new(make_server_config(KeyType::Rsa)); @@ -514,7 +524,7 @@ fn test_config_builders_debug() { format!("{:?}", b) ); let b = b.with_no_client_auth(); - assert_eq!("ConfigBuilder { state: WantsServerCert { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3], verifier: NoClientAuth } }", format!("{:?}", b)); + assert_eq!("ConfigBuilder { state: WantsServerCert { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3], verifier: NoClientAuth, time_provider: DefaultTimeProvider } }", format!("{:?}", b)); let b = ClientConfig::builder_with_provider( CryptoProvider { From 83ace0d35fc7088ed455b7b5c0b6a37f1078dbab Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 17:09:09 +0200 Subject: [PATCH 0769/1145] no-std: remove ClientSessionMemoryCache default Resumption to disabled --- rustls/src/client/client_conn.rs | 18 ++- rustls/src/client/handy.rs | 240 ++++++++++++++++--------------- rustls/src/lib.rs | 1 + rustls/src/limited_cache.rs | 41 +++--- 4 files changed, 166 insertions(+), 134 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index a8e6560258..f249166b7d 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -21,7 +21,7 @@ use crate::KeyLog; use crate::WantsVerifier; use crate::{verify, WantsVersions}; -use super::handy::{ClientSessionMemoryCache, NoClientSessionStorage}; +use super::handy::NoClientSessionStorage; use super::hs; use pki_types::{ServerName, UnixTime}; @@ -400,7 +400,7 @@ impl Clone for ClientConfig { #[derive(Clone, Debug)] pub struct Resumption { /// How we store session data or tickets. The default is to use an in-memory - /// [ClientSessionMemoryCache]. + /// [super::handy::ClientSessionMemoryCache]. pub(super) store: Arc, /// What mechanism is used for resuming a TLS 1.2 session. @@ -412,9 +412,10 @@ impl Resumption { /// /// This is the default `Resumption` choice, and enables resuming a TLS 1.2 session with /// a session id or RFC 5077 ticket. + #[cfg(feature = "std")] pub fn in_memory_sessions(num: usize) -> Self { Self { - store: Arc::new(ClientSessionMemoryCache::new(num)), + store: Arc::new(super::handy::ClientSessionMemoryCache::new(num)), tls12_resumption: Tls12Resumption::SessionIdOrTickets, } } @@ -439,7 +440,8 @@ impl Resumption { /// Configure whether TLS 1.2 sessions may be resumed, and by what mechanism. /// - /// This is meaningless if you've disabled resumption entirely. + /// This is meaningless if you've disabled resumption entirely, which is the case in `no-std` + /// contexts. pub fn tls12_resumption(mut self, tls12: Tls12Resumption) -> Self { self.tls12_resumption = tls12; self @@ -450,7 +452,13 @@ impl Default for Resumption { /// Create an in-memory session store resumption with up to 256 server names, allowing /// a TLS 1.2 session to resume with a session id or RFC 5077 ticket. fn default() -> Self { - Self::in_memory_sessions(256) + #[cfg(feature = "std")] + let ret = Self::in_memory_sessions(256); + + #[cfg(not(feature = "std"))] + let ret = Self::disabled(); + + ret } } diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 772f18fa51..5fde7a87c1 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -1,7 +1,6 @@ use crate::client; use crate::enums::SignatureScheme; use crate::error::Error; -use crate::limited_cache; use crate::msgs::handshake::CertificateChain; use crate::msgs::persist; use crate::sign; @@ -9,10 +8,7 @@ use crate::NamedGroup; use pki_types::ServerName; -use alloc::collections::VecDeque; use alloc::sync::Arc; -use core::fmt; -use std::sync::Mutex; /// An implementer of `ClientSessionStore` which does nothing. #[derive(Debug)] @@ -40,138 +36,156 @@ impl client::ClientSessionStore for NoClientSessionStorage { } } -const MAX_TLS13_TICKETS_PER_SERVER: usize = 8; +#[cfg(feature = "std")] +mod cache { + use alloc::collections::VecDeque; + use core::fmt; + use std::sync::Mutex; -struct ServerData { - kx_hint: Option, + use crate::limited_cache; + use crate::msgs::persist; + use crate::NamedGroup; - // Zero or one TLS1.2 sessions. - #[cfg(feature = "tls12")] - tls12: Option, + use pki_types::ServerName; - // Up to MAX_TLS13_TICKETS_PER_SERVER TLS1.3 tickets, oldest first. - tls13: VecDeque, -} + const MAX_TLS13_TICKETS_PER_SERVER: usize = 8; -impl Default for ServerData { - fn default() -> Self { - Self { - kx_hint: None, - #[cfg(feature = "tls12")] - tls12: None, - tls13: VecDeque::with_capacity(MAX_TLS13_TICKETS_PER_SERVER), - } - } -} + struct ServerData { + kx_hint: Option, -/// An implementer of `ClientSessionStore` that stores everything -/// in memory. -/// -/// It enforces a limit on the number of entries to bound memory usage. -pub struct ClientSessionMemoryCache { - servers: Mutex, ServerData>>, -} + // Zero or one TLS1.2 sessions. + #[cfg(feature = "tls12")] + tls12: Option, -impl ClientSessionMemoryCache { - /// Make a new ClientSessionMemoryCache. `size` is the - /// maximum number of stored sessions. - pub fn new(size: usize) -> Self { - let max_servers = - size.saturating_add(MAX_TLS13_TICKETS_PER_SERVER - 1) / MAX_TLS13_TICKETS_PER_SERVER; - Self { - servers: Mutex::new(limited_cache::LimitedCache::new(max_servers)), - } + // Up to MAX_TLS13_TICKETS_PER_SERVER TLS1.3 tickets, oldest first. + tls13: VecDeque, } -} -impl client::ClientSessionStore for ClientSessionMemoryCache { - fn set_kx_hint(&self, server_name: ServerName<'static>, group: NamedGroup) { - self.servers - .lock() - .unwrap() - .get_or_insert_default_and_edit(server_name, |data| data.kx_hint = Some(group)); + impl Default for ServerData { + fn default() -> Self { + Self { + kx_hint: None, + #[cfg(feature = "tls12")] + tls12: None, + tls13: VecDeque::with_capacity(MAX_TLS13_TICKETS_PER_SERVER), + } + } } - fn kx_hint(&self, server_name: &ServerName<'_>) -> Option { - self.servers - .lock() - .unwrap() - .get(server_name) - .and_then(|sd| sd.kx_hint) + /// An implementer of `ClientSessionStore` that stores everything + /// in memory. + /// + /// It enforces a limit on the number of entries to bound memory usage. + pub struct ClientSessionMemoryCache { + servers: Mutex, ServerData>>, } - fn set_tls12_session( - &self, - _server_name: ServerName<'static>, - _value: persist::Tls12ClientSessionValue, - ) { - #[cfg(feature = "tls12")] - self.servers - .lock() - .unwrap() - .get_or_insert_default_and_edit(_server_name.clone(), |data| data.tls12 = Some(_value)); + impl ClientSessionMemoryCache { + /// Make a new ClientSessionMemoryCache. `size` is the + /// maximum number of stored sessions. + pub fn new(size: usize) -> Self { + let max_servers = size.saturating_add(MAX_TLS13_TICKETS_PER_SERVER - 1) + / MAX_TLS13_TICKETS_PER_SERVER; + Self { + servers: Mutex::new(limited_cache::LimitedCache::new(max_servers)), + } + } } - fn tls12_session( - &self, - _server_name: &ServerName<'_>, - ) -> Option { - #[cfg(not(feature = "tls12"))] - return None; + impl super::client::ClientSessionStore for ClientSessionMemoryCache { + fn set_kx_hint(&self, server_name: ServerName<'static>, group: NamedGroup) { + self.servers + .lock() + .unwrap() + .get_or_insert_default_and_edit(server_name, |data| data.kx_hint = Some(group)); + } - #[cfg(feature = "tls12")] - self.servers - .lock() - .unwrap() - .get(_server_name) - .and_then(|sd| sd.tls12.as_ref().cloned()) - } + fn kx_hint(&self, server_name: &ServerName<'_>) -> Option { + self.servers + .lock() + .unwrap() + .get(server_name) + .and_then(|sd| sd.kx_hint) + } - fn remove_tls12_session(&self, _server_name: &ServerName<'static>) { - #[cfg(feature = "tls12")] - self.servers - .lock() - .unwrap() - .get_mut(_server_name) - .and_then(|data| data.tls12.take()); - } + fn set_tls12_session( + &self, + _server_name: ServerName<'static>, + _value: persist::Tls12ClientSessionValue, + ) { + #[cfg(feature = "tls12")] + self.servers + .lock() + .unwrap() + .get_or_insert_default_and_edit(_server_name.clone(), |data| { + data.tls12 = Some(_value) + }); + } - fn insert_tls13_ticket( - &self, - server_name: ServerName<'static>, - value: persist::Tls13ClientSessionValue, - ) { - self.servers - .lock() - .unwrap() - .get_or_insert_default_and_edit(server_name.clone(), |data| { - if data.tls13.len() == data.tls13.capacity() { - data.tls13.pop_front(); - } - data.tls13.push_back(value); - }); - } + fn tls12_session( + &self, + _server_name: &ServerName<'_>, + ) -> Option { + #[cfg(not(feature = "tls12"))] + return None; - fn take_tls13_ticket( - &self, - server_name: &ServerName<'static>, - ) -> Option { - self.servers - .lock() - .unwrap() - .get_mut(server_name) - .and_then(|data| data.tls13.pop_back()) + #[cfg(feature = "tls12")] + self.servers + .lock() + .unwrap() + .get(_server_name) + .and_then(|sd| sd.tls12.as_ref().cloned()) + } + + fn remove_tls12_session(&self, _server_name: &ServerName<'static>) { + #[cfg(feature = "tls12")] + self.servers + .lock() + .unwrap() + .get_mut(_server_name) + .and_then(|data| data.tls12.take()); + } + + fn insert_tls13_ticket( + &self, + server_name: ServerName<'static>, + value: persist::Tls13ClientSessionValue, + ) { + self.servers + .lock() + .unwrap() + .get_or_insert_default_and_edit(server_name.clone(), |data| { + if data.tls13.len() == data.tls13.capacity() { + data.tls13.pop_front(); + } + data.tls13.push_back(value); + }); + } + + fn take_tls13_ticket( + &self, + server_name: &ServerName<'static>, + ) -> Option { + self.servers + .lock() + .unwrap() + .get_mut(server_name) + .and_then(|data| data.tls13.pop_back()) + } } -} -impl fmt::Debug for ClientSessionMemoryCache { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - // Note: we omit self.servers as it may contain sensitive data. - f.debug_struct("ClientSessionMemoryCache") - .finish() + impl fmt::Debug for ClientSessionMemoryCache { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + // Note: we omit self.servers as it may contain sensitive data. + f.debug_struct("ClientSessionMemoryCache") + .finish() + } } } +#[cfg(feature = "std")] +pub use cache::ClientSessionMemoryCache; + #[derive(Debug)] pub(super) struct FailResolveClientCert {} diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 04841297be..0605e46ed7 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -536,6 +536,7 @@ pub mod client { ResolvesClientCert, Resumption, Tls12Resumption, UnbufferedClientConnection, WriteEarlyData, }; + #[cfg(feature = "std")] pub use handy::ClientSessionMemoryCache; /// Dangerous configuration that should be audited and used with extreme care. diff --git a/rustls/src/limited_cache.rs b/rustls/src/limited_cache.rs index 70b581fc9e..db527be25f 100644 --- a/rustls/src/limited_cache.rs +++ b/rustls/src/limited_cache.rs @@ -19,19 +19,12 @@ pub(crate) struct LimitedCache { oldest: VecDeque, } +#[cfg(feature = "std")] impl LimitedCache where K: Eq + Hash + Clone + core::fmt::Debug, V: Default, { - /// Create a new LimitedCache with the given rough capacity. - pub(crate) fn new(capacity_order_of_magnitude: usize) -> Self { - Self { - map: HashMap::with_capacity(capacity_order_of_magnitude), - oldest: VecDeque::with_capacity(capacity_order_of_magnitude), - } - } - pub(crate) fn get_or_insert_default_and_edit(&mut self, k: K, edit: impl FnOnce(&mut V)) { let inserted_new_item = match self.map.entry(k) { Entry::Occupied(value) => { @@ -54,6 +47,28 @@ where } } + pub(crate) fn get_mut(&mut self, k: &Q) -> Option<&mut V> + where + K: Borrow, + Q: Hash + Eq, + { + self.map.get_mut(k) + } +} + +impl LimitedCache +where + K: Eq + Hash + Clone + core::fmt::Debug, + V: Default, +{ + /// Create a new LimitedCache with the given rough capacity. + pub(crate) fn new(capacity_order_of_magnitude: usize) -> Self { + Self { + map: HashMap::with_capacity(capacity_order_of_magnitude), + oldest: VecDeque::with_capacity(capacity_order_of_magnitude), + } + } + pub(crate) fn insert(&mut self, k: K, v: V) { let inserted_new_item = match self.map.entry(k) { Entry::Occupied(mut old) => { @@ -86,14 +101,6 @@ where self.map.get(k) } - pub(crate) fn get_mut(&mut self, k: &Q) -> Option<&mut V> - where - K: Borrow, - Q: Hash + Eq, - { - self.map.get_mut(k) - } - pub(crate) fn remove(&mut self, k: &Q) -> Option where K: Borrow, @@ -205,6 +212,7 @@ mod tests { } } + #[cfg(feature = "std")] #[test] fn test_get_or_insert_default_and_edit_evicts_old_items_to_meet_capacity() { let mut t = Test::new(3); @@ -233,6 +241,7 @@ mod tests { assert_eq!(t.get("jkl"), None); } + #[cfg(feature = "std")] #[test] fn test_get_or_insert_default_and_edit_edits_existing_item() { let mut t = Test::new(3); From 7a79ea03e8c72be468677b48d956636224a608a1 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 18:45:03 +0200 Subject: [PATCH 0770/1145] no-std: rm KeyLogFile --- rustls/src/key_log.rs | 2 +- rustls/src/lib.rs | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/rustls/src/key_log.rs b/rustls/src/key_log.rs index bca28b6697..2bf1c34412 100644 --- a/rustls/src/key_log.rs +++ b/rustls/src/key_log.rs @@ -1,6 +1,6 @@ use core::fmt::Debug; -#[cfg(doc)] +#[cfg(all(doc, feature = "std"))] use crate::KeyLogFile; /// This trait represents the ability to do something useful diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 0605e46ed7..85483cb12e 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -404,6 +404,7 @@ mod bs_debug; mod builder; mod enums; mod key_log; +#[cfg(feature = "std")] mod key_log_file; mod suites; mod versions; @@ -502,6 +503,7 @@ pub use crate::error::{ PeerMisbehaved, }; pub use crate::key_log::{KeyLog, NoKeyLog}; +#[cfg(feature = "std")] pub use crate::key_log_file::KeyLogFile; pub use crate::msgs::enums::NamedGroup; pub use crate::msgs::ffdhe_groups; From b02ae65965e44b55cfb5d813be52d2f7a7d2229a Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 18:45:33 +0200 Subject: [PATCH 0771/1145] no-std: rm Stream* --- rustls/src/lib.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 85483cb12e..7b6e8b5dda 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -389,6 +389,7 @@ mod hash_hs; mod limited_cache; mod rand; mod record_layer; +#[cfg(feature = "std")] mod stream; #[cfg(feature = "tls12")] mod tls12; @@ -508,6 +509,7 @@ pub use crate::key_log_file::KeyLogFile; pub use crate::msgs::enums::NamedGroup; pub use crate::msgs::ffdhe_groups; pub use crate::msgs::handshake::DistinguishedName; +#[cfg(feature = "std")] pub use crate::stream::{Stream, StreamOwned}; pub use crate::suites::{ CipherSuiteCommon, ConnectionTrafficSecrets, ExtractedSecrets, SupportedCipherSuite, From 730a0fc59995e733581ac60f26974887de791213 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Tue, 19 Dec 2023 11:32:57 -0500 Subject: [PATCH 0772/1145] no-std: rm Connection --- rustls/src/client/client_conn.rs | 2 + rustls/src/conn.rs | 210 +++++++++++++++++-------------- rustls/src/lib.rs | 4 +- rustls/src/server/server_conn.rs | 1 + 4 files changed, 120 insertions(+), 97 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index f249166b7d..102b9e4655 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -714,6 +714,7 @@ impl DerefMut for ClientConnection { } } +#[cfg(feature = "std")] #[doc(hidden)] impl<'a> TryFrom<&'a mut crate::Connection> for &'a mut ClientConnection { type Error = (); @@ -727,6 +728,7 @@ impl<'a> TryFrom<&'a mut crate::Connection> for &'a mut ClientConnection { } } +#[cfg(feature = "std")] impl From for crate::Connection { fn from(conn: ClientConnection) -> Self { Self::Client(conn) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 1d29710a09..eea7c2a629 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -18,128 +18,146 @@ use std::io; pub(crate) mod unbuffered; -/// A client or server connection. -#[derive(Debug)] -pub enum Connection { - /// A client connection - Client(crate::client::ClientConnection), - /// A server connection - Server(crate::server::ServerConnection), -} - -impl Connection { - /// Read TLS content from `rd`. - /// - /// See [`ConnectionCommon::read_tls()`] for more information. - pub fn read_tls(&mut self, rd: &mut dyn io::Read) -> Result { - match self { - Self::Client(conn) => conn.read_tls(rd), - Self::Server(conn) => conn.read_tls(rd), +#[cfg(feature = "std")] +mod connection { + use crate::common_state::{CommonState, IoState}; + use crate::error::Error; + use crate::suites::ExtractedSecrets; + + use core::fmt::Debug; + use core::ops::{Deref, DerefMut}; + use std::io; + + #[cfg(doc)] + use super::ConnectionCommon; + use super::{Reader, Writer}; + + /// A client or server connection. + #[derive(Debug)] + pub enum Connection { + /// A client connection + Client(crate::client::ClientConnection), + /// A server connection + Server(crate::server::ServerConnection), + } + + impl Connection { + /// Read TLS content from `rd`. + /// + /// See [`ConnectionCommon::read_tls()`] for more information. + pub fn read_tls(&mut self, rd: &mut dyn io::Read) -> Result { + match self { + Self::Client(conn) => conn.read_tls(rd), + Self::Server(conn) => conn.read_tls(rd), + } } - } - /// Writes TLS messages to `wr`. - /// - /// See [`ConnectionCommon::write_tls()`] for more information. - pub fn write_tls(&mut self, wr: &mut dyn io::Write) -> Result { - self.sendable_tls.write_to(wr) - } + /// Writes TLS messages to `wr`. + /// + /// See [`ConnectionCommon::write_tls()`] for more information. + pub fn write_tls(&mut self, wr: &mut dyn io::Write) -> Result { + self.sendable_tls.write_to(wr) + } - /// Returns an object that allows reading plaintext. - pub fn reader(&mut self) -> Reader { - match self { - Self::Client(conn) => conn.reader(), - Self::Server(conn) => conn.reader(), + /// Returns an object that allows reading plaintext. + pub fn reader(&mut self) -> Reader { + match self { + Self::Client(conn) => conn.reader(), + Self::Server(conn) => conn.reader(), + } } - } - /// Returns an object that allows writing plaintext. - pub fn writer(&mut self) -> Writer { - match self { - Self::Client(conn) => Writer::new(&mut **conn), - Self::Server(conn) => Writer::new(&mut **conn), + /// Returns an object that allows writing plaintext. + pub fn writer(&mut self) -> Writer { + match self { + Self::Client(conn) => Writer::new(&mut **conn), + Self::Server(conn) => Writer::new(&mut **conn), + } } - } - /// Processes any new packets read by a previous call to [`Connection::read_tls`]. - /// - /// See [`ConnectionCommon::process_new_packets()`] for more information. - pub fn process_new_packets(&mut self) -> Result { - match self { - Self::Client(conn) => conn.process_new_packets(), - Self::Server(conn) => conn.process_new_packets(), + /// Processes any new packets read by a previous call to [`Connection::read_tls`]. + /// + /// See [`ConnectionCommon::process_new_packets()`] for more information. + pub fn process_new_packets(&mut self) -> Result { + match self { + Self::Client(conn) => conn.process_new_packets(), + Self::Server(conn) => conn.process_new_packets(), + } } - } - /// Derives key material from the agreed connection secrets. - /// - /// See [`ConnectionCommon::export_keying_material()`] for more information. - pub fn export_keying_material>( - &self, - output: T, - label: &[u8], - context: Option<&[u8]>, - ) -> Result { - match self { - Self::Client(conn) => conn.export_keying_material(output, label, context), - Self::Server(conn) => conn.export_keying_material(output, label, context), + /// Derives key material from the agreed connection secrets. + /// + /// See [`ConnectionCommon::export_keying_material()`] for more information. + pub fn export_keying_material>( + &self, + output: T, + label: &[u8], + context: Option<&[u8]>, + ) -> Result { + match self { + Self::Client(conn) => conn.export_keying_material(output, label, context), + Self::Server(conn) => conn.export_keying_material(output, label, context), + } } - } - /// This function uses `io` to complete any outstanding IO for this connection. - /// - /// See [`ConnectionCommon::complete_io()`] for more information. - pub fn complete_io(&mut self, io: &mut T) -> Result<(usize, usize), io::Error> - where - Self: Sized, - T: io::Read + io::Write, - { - match self { - Self::Client(conn) => conn.complete_io(io), - Self::Server(conn) => conn.complete_io(io), + /// This function uses `io` to complete any outstanding IO for this connection. + /// + /// See [`ConnectionCommon::complete_io()`] for more information. + pub fn complete_io(&mut self, io: &mut T) -> Result<(usize, usize), io::Error> + where + Self: Sized, + T: io::Read + io::Write, + { + match self { + Self::Client(conn) => conn.complete_io(io), + Self::Server(conn) => conn.complete_io(io), + } } - } - /// Extract secrets, so they can be used when configuring kTLS, for example. - /// Should be used with care as it exposes secret key material. - pub fn dangerous_extract_secrets(self) -> Result { - match self { - Self::Client(client) => client.dangerous_extract_secrets(), - Self::Server(server) => server.dangerous_extract_secrets(), + /// Extract secrets, so they can be used when configuring kTLS, for example. + /// Should be used with care as it exposes secret key material. + pub fn dangerous_extract_secrets(self) -> Result { + match self { + Self::Client(client) => client.dangerous_extract_secrets(), + Self::Server(server) => server.dangerous_extract_secrets(), + } } - } - /// Sets a limit on the internal buffers - /// - /// See [`ConnectionCommon::set_buffer_limit()`] for more information. - pub fn set_buffer_limit(&mut self, limit: Option) { - match self { - Self::Client(client) => client.set_buffer_limit(limit), - Self::Server(server) => server.set_buffer_limit(limit), + /// Sets a limit on the internal buffers + /// + /// See [`ConnectionCommon::set_buffer_limit()`] for more information. + pub fn set_buffer_limit(&mut self, limit: Option) { + match self { + Self::Client(client) => client.set_buffer_limit(limit), + Self::Server(server) => server.set_buffer_limit(limit), + } } } -} -impl Deref for Connection { - type Target = CommonState; + impl Deref for Connection { + type Target = CommonState; - fn deref(&self) -> &Self::Target { - match self { - Self::Client(conn) => &conn.core.common_state, - Self::Server(conn) => &conn.core.common_state, + fn deref(&self) -> &Self::Target { + match self { + Self::Client(conn) => &conn.core.common_state, + Self::Server(conn) => &conn.core.common_state, + } } } -} -impl DerefMut for Connection { - fn deref_mut(&mut self) -> &mut Self::Target { - match self { - Self::Client(conn) => &mut conn.core.common_state, - Self::Server(conn) => &mut conn.core.common_state, + impl DerefMut for Connection { + fn deref_mut(&mut self) -> &mut Self::Target { + match self { + Self::Client(conn) => &mut conn.core.common_state, + Self::Server(conn) => &mut conn.core.common_state, + } } } } +#[cfg(feature = "std")] +pub use connection::Connection; + /// A structure that implements [`std::io::Read`] for reading plaintext. pub struct Reader<'a> { received_plaintext: &'a mut ChunkVecBuffer, diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 7b6e8b5dda..84d5f04fc5 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -494,7 +494,9 @@ pub mod unbuffered { // The public interface is: pub use crate::builder::{ConfigBuilder, ConfigSide, WantsVerifier, WantsVersions}; pub use crate::common_state::{CommonState, IoState, Side}; -pub use crate::conn::{Connection, ConnectionCommon, Reader, SideData, Writer}; +#[cfg(feature = "std")] +pub use crate::conn::Connection; +pub use crate::conn::{ConnectionCommon, Reader, SideData, Writer}; pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, SignatureScheme, diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index eef8e46bab..fda8400f39 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -639,6 +639,7 @@ impl DerefMut for ServerConnection { } } +#[cfg(feature = "std")] impl From for crate::Connection { fn from(conn: ServerConnection) -> Self { Self::Server(conn) From 771419f68e3cb789f0377fc2d96cf0ffcf968ea1 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 18:50:41 +0200 Subject: [PATCH 0773/1145] no-std: rm ServerConnection --- rustls/src/conn.rs | 1 + rustls/src/lib.rs | 9 +- rustls/src/server/server_conn.rs | 279 +++++++++++++++++-------------- 3 files changed, 157 insertions(+), 132 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index eea7c2a629..14095c32b7 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -505,6 +505,7 @@ impl ConnectionCommon { } } + #[cfg(feature = "std")] pub(crate) fn replace_state(&mut self, new: Box>) { self.core.state = Ok(new); } diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 84d5f04fc5..9715592768 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -583,10 +583,11 @@ pub mod server { pub use handy::{NoServerSessionStorage, ServerSessionMemoryCache}; pub use server_conn::StoresServerSessions; pub use server_conn::{ - Accepted, Acceptor, ReadEarlyData, ServerConfig, ServerConnection, ServerConnectionData, - UnbufferedServerConnection, + Accepted, Acceptor, ServerConfig, ServerConnectionData, UnbufferedServerConnection, }; pub use server_conn::{ClientHello, ProducesTickets, ResolvesServerCert}; + #[cfg(feature = "std")] + pub use server_conn::{ReadEarlyData, ServerConnection}; /// Dangerous configuration that should be audited and used with extreme care. pub mod danger { @@ -594,7 +595,9 @@ pub mod server { } } -pub use server::{ServerConfig, ServerConnection}; +pub use server::ServerConfig; +#[cfg(feature = "std")] +pub use server::ServerConnection; /// All defined protocol versions appear in this module. /// diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index fda8400f39..c6028dd807 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -9,7 +9,6 @@ use crate::log::trace; use crate::msgs::base::Payload; use crate::msgs::handshake::{ClientHelloPayload, ProtocolName, ServerExtension}; use crate::msgs::message::Message; -use crate::suites::ExtractedSecrets; #[cfg(feature = "std")] use crate::time_provider::DefaultTimeProvider; use crate::time_provider::TimeProvider; @@ -491,160 +490,178 @@ impl ServerConfig { } } -/// Allows reading of early data in resumed TLS1.3 connections. -/// -/// "Early data" is also known as "0-RTT data". -/// -/// This structure implements [`std::io::Read`]. -pub struct ReadEarlyData<'a> { - early_data: &'a mut EarlyDataState, -} - -impl<'a> ReadEarlyData<'a> { - fn new(early_data: &'a mut EarlyDataState) -> Self { - ReadEarlyData { early_data } - } -} - -impl<'a> std::io::Read for ReadEarlyData<'a> { - fn read(&mut self, buf: &mut [u8]) -> io::Result { - self.early_data.read(buf) +#[cfg(feature = "std")] +mod connection { + use crate::common_state::{CommonState, Side}; + use crate::conn::{ConnectionCommon, ConnectionCore}; + use crate::error::Error; + use crate::suites::ExtractedSecrets; + + use alloc::sync::Arc; + use alloc::vec::Vec; + use core::fmt; + use core::fmt::{Debug, Formatter}; + use core::ops::{Deref, DerefMut}; + use std::io; + + use super::{EarlyDataState, ServerConfig, ServerConnectionData}; + + /// Allows reading of early data in resumed TLS1.3 connections. + /// + /// "Early data" is also known as "0-RTT data". + /// + /// This structure implements [`std::io::Read`]. + pub struct ReadEarlyData<'a> { + early_data: &'a mut EarlyDataState, } - #[cfg(read_buf)] - fn read_buf(&mut self, cursor: core::io::BorrowedCursor<'_>) -> io::Result<()> { - self.early_data.read_buf(cursor) + impl<'a> ReadEarlyData<'a> { + fn new(early_data: &'a mut EarlyDataState) -> Self { + ReadEarlyData { early_data } + } } -} -/// This represents a single TLS server connection. -/// -/// Send TLS-protected data to the peer using the `io::Write` trait implementation. -/// Read data from the peer using the `io::Read` trait implementation. -pub struct ServerConnection { - inner: ConnectionCommon, -} + impl<'a> std::io::Read for ReadEarlyData<'a> { + fn read(&mut self, buf: &mut [u8]) -> io::Result { + self.early_data.read(buf) + } -impl ServerConnection { - /// Make a new ServerConnection. `config` controls how - /// we behave in the TLS protocol. - pub fn new(config: Arc) -> Result { - let mut common = CommonState::new(Side::Server); - common.set_max_fragment_size(config.max_fragment_size)?; - common.enable_secret_extraction = config.enable_secret_extraction; - Ok(Self { - inner: ConnectionCommon::from(ConnectionCore::for_server(config, Vec::new())?), - }) + #[cfg(read_buf)] + fn read_buf(&mut self, cursor: core::io::BorrowedCursor<'_>) -> io::Result<()> { + self.early_data.read_buf(cursor) + } } - /// Retrieves the server name, if any, used to select the certificate and - /// private key. - /// - /// This returns `None` until some time after the client's server name indication - /// (SNI) extension value is processed during the handshake. It will never be - /// `None` when the connection is ready to send or process application data, - /// unless the client does not support SNI. + /// This represents a single TLS server connection. /// - /// This is useful for application protocols that need to enforce that the - /// server name matches an application layer protocol hostname. For - /// example, HTTP/1.1 servers commonly expect the `Host:` header field of - /// every request on a connection to match the hostname in the SNI extension - /// when the client provides the SNI extension. - /// - /// The server name is also used to match sessions during session resumption. - pub fn server_name(&self) -> Option<&str> { - self.inner.core.get_sni_str() + /// Send TLS-protected data to the peer using the `io::Write` trait implementation. + /// Read data from the peer using the `io::Read` trait implementation. + pub struct ServerConnection { + pub(super) inner: ConnectionCommon, } - /// Application-controlled portion of the resumption ticket supplied by the client, if any. - /// - /// Recovered from the prior session's `set_resumption_data`. Integrity is guaranteed by rustls. - /// - /// Returns `Some` iff a valid resumption ticket has been received from the client. - pub fn received_resumption_data(&self) -> Option<&[u8]> { - self.inner - .core - .data - .received_resumption_data - .as_ref() - .map(|x| &x[..]) - } + impl ServerConnection { + /// Make a new ServerConnection. `config` controls how + /// we behave in the TLS protocol. + pub fn new(config: Arc) -> Result { + let mut common = CommonState::new(Side::Server); + common.set_max_fragment_size(config.max_fragment_size)?; + common.enable_secret_extraction = config.enable_secret_extraction; + Ok(Self { + inner: ConnectionCommon::from(ConnectionCore::for_server(config, Vec::new())?), + }) + } - /// Set the resumption data to embed in future resumption tickets supplied to the client. - /// - /// Defaults to the empty byte string. Must be less than 2^15 bytes to allow room for other - /// data. Should be called while `is_handshaking` returns true to ensure all transmitted - /// resumption tickets are affected. - /// - /// Integrity will be assured by rustls, but the data will be visible to the client. If secrecy - /// from the client is desired, encrypt the data separately. - pub fn set_resumption_data(&mut self, data: &[u8]) { - assert!(data.len() < 2usize.pow(15)); - self.inner.core.data.resumption_data = data.into(); - } + /// Retrieves the server name, if any, used to select the certificate and + /// private key. + /// + /// This returns `None` until some time after the client's server name indication + /// (SNI) extension value is processed during the handshake. It will never be + /// `None` when the connection is ready to send or process application data, + /// unless the client does not support SNI. + /// + /// This is useful for application protocols that need to enforce that the + /// server name matches an application layer protocol hostname. For + /// example, HTTP/1.1 servers commonly expect the `Host:` header field of + /// every request on a connection to match the hostname in the SNI extension + /// when the client provides the SNI extension. + /// + /// The server name is also used to match sessions during session resumption. + pub fn server_name(&self) -> Option<&str> { + self.inner.core.get_sni_str() + } - /// Explicitly discard early data, notifying the client - /// - /// Useful if invariants encoded in `received_resumption_data()` cannot be respected. - /// - /// Must be called while `is_handshaking` is true. - pub fn reject_early_data(&mut self) { - self.inner.core.reject_early_data() - } + /// Application-controlled portion of the resumption ticket supplied by the client, if any. + /// + /// Recovered from the prior session's `set_resumption_data`. Integrity is guaranteed by rustls. + /// + /// Returns `Some` iff a valid resumption ticket has been received from the client. + pub fn received_resumption_data(&self) -> Option<&[u8]> { + self.inner + .core + .data + .received_resumption_data + .as_ref() + .map(|x| &x[..]) + } - /// Returns an `io::Read` implementer you can read bytes from that are - /// received from a client as TLS1.3 0RTT/"early" data, during the handshake. - /// - /// This returns `None` in many circumstances, such as : - /// - /// - Early data is disabled if [`ServerConfig::max_early_data_size`] is zero (the default). - /// - The session negotiated with the client is not TLS1.3. - /// - The client just doesn't support early data. - /// - The connection doesn't resume an existing session. - /// - The client hasn't sent a full ClientHello yet. - pub fn early_data(&mut self) -> Option { - let data = &mut self.inner.core.data; - if data.early_data.was_accepted() { - Some(ReadEarlyData::new(&mut data.early_data)) - } else { - None + /// Set the resumption data to embed in future resumption tickets supplied to the client. + /// + /// Defaults to the empty byte string. Must be less than 2^15 bytes to allow room for other + /// data. Should be called while `is_handshaking` returns true to ensure all transmitted + /// resumption tickets are affected. + /// + /// Integrity will be assured by rustls, but the data will be visible to the client. If secrecy + /// from the client is desired, encrypt the data separately. + pub fn set_resumption_data(&mut self, data: &[u8]) { + assert!(data.len() < 2usize.pow(15)); + self.inner.core.data.resumption_data = data.into(); + } + + /// Explicitly discard early data, notifying the client + /// + /// Useful if invariants encoded in `received_resumption_data()` cannot be respected. + /// + /// Must be called while `is_handshaking` is true. + pub fn reject_early_data(&mut self) { + self.inner.core.reject_early_data() + } + + /// Returns an `io::Read` implementer you can read bytes from that are + /// received from a client as TLS1.3 0RTT/"early" data, during the handshake. + /// + /// This returns `None` in many circumstances, such as : + /// + /// - Early data is disabled if [`ServerConfig::max_early_data_size`] is zero (the default). + /// - The session negotiated with the client is not TLS1.3. + /// - The client just doesn't support early data. + /// - The connection doesn't resume an existing session. + /// - The client hasn't sent a full ClientHello yet. + pub fn early_data(&mut self) -> Option { + let data = &mut self.inner.core.data; + if data.early_data.was_accepted() { + Some(ReadEarlyData::new(&mut data.early_data)) + } else { + None + } } - } - /// Extract secrets, so they can be used when configuring kTLS, for example. - /// Should be used with care as it exposes secret key material. - pub fn dangerous_extract_secrets(self) -> Result { - self.inner.dangerous_extract_secrets() + /// Extract secrets, so they can be used when configuring kTLS, for example. + /// Should be used with care as it exposes secret key material. + pub fn dangerous_extract_secrets(self) -> Result { + self.inner.dangerous_extract_secrets() + } } -} -impl Debug for ServerConnection { - fn fmt(&self, f: &mut Formatter) -> fmt::Result { - f.debug_struct("ServerConnection") - .finish() + impl Debug for ServerConnection { + fn fmt(&self, f: &mut Formatter) -> fmt::Result { + f.debug_struct("ServerConnection") + .finish() + } } -} -impl Deref for ServerConnection { - type Target = ConnectionCommon; + impl Deref for ServerConnection { + type Target = ConnectionCommon; - fn deref(&self) -> &Self::Target { - &self.inner + fn deref(&self) -> &Self::Target { + &self.inner + } } -} -impl DerefMut for ServerConnection { - fn deref_mut(&mut self) -> &mut Self::Target { - &mut self.inner + impl DerefMut for ServerConnection { + fn deref_mut(&mut self) -> &mut Self::Target { + &mut self.inner + } } -} -#[cfg(feature = "std")] -impl From for crate::Connection { - fn from(conn: ServerConnection) -> Self { - Self::Server(conn) + impl From for crate::Connection { + fn from(conn: ServerConnection) -> Self { + Self::Server(conn) + } } } +#[cfg(feature = "std")] +pub use connection::{ReadEarlyData, ServerConnection}; /// Unbuffered version of `ServerConnection` /// @@ -833,6 +850,7 @@ impl Accepted { /// Takes the state returned from [`Acceptor::accept()`] as well as the [`ServerConfig`] and /// [`sign::CertifiedKey`] that should be used for the session. Returns an error if /// configuration-dependent validation of the received `ClientHello` message fails. + #[cfg(feature = "std")] pub fn into_connection(mut self, config: Arc) -> Result { self.connection .set_max_fragment_size(config.max_fragment_size)?; @@ -907,6 +925,7 @@ impl EarlyDataState { *self = Self::Accepted(ChunkVecBuffer::new(Some(max_size))); } + #[cfg(feature = "std")] fn was_accepted(&self) -> bool { matches!(self, Self::Accepted(_)) } @@ -922,6 +941,7 @@ impl EarlyDataState { } } + #[cfg(feature = "std")] fn read(&mut self, buf: &mut [u8]) -> io::Result { match self { Self::Accepted(ref mut received) => received.read(buf), @@ -1004,6 +1024,7 @@ impl ServerConnectionData { impl crate::conn::SideData for ServerConnectionData {} +#[cfg(feature = "std")] #[cfg(test)] mod tests { use super::*; From 034d6cf5c92fa841b291e8684bdfffc45d0881a3 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 18:53:21 +0200 Subject: [PATCH 0774/1145] no-std: rm ClientConnection --- rustls/src/client/client_conn.rs | 279 +++++++++++++++++-------------- rustls/src/common_state.rs | 1 + rustls/src/lib.rs | 11 +- 3 files changed, 158 insertions(+), 133 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 102b9e4655..5c641e873e 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -1,6 +1,6 @@ use crate::builder::ConfigBuilder; use crate::common_state::{CommonState, Protocol, Side}; -use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon}; +use crate::conn::{ConnectionCore, UnbufferedConnectionCommon}; use crate::crypto::{CryptoProvider, SupportedKxGroup}; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -10,7 +10,7 @@ use crate::msgs::enums::NamedGroup; use crate::msgs::handshake::ClientExtension; use crate::msgs::persist; use crate::sign; -use crate::suites::{ExtractedSecrets, SupportedCipherSuite}; +use crate::suites::SupportedCipherSuite; #[cfg(feature = "std")] use crate::time_provider::DefaultTimeProvider; use crate::time_provider::TimeProvider; @@ -33,7 +33,6 @@ use core::marker::PhantomData; use core::mem; use core::ops::{Deref, DerefMut}; use std::error::Error as StdError; -use std::io; #[cfg(doc)] use crate::{crypto, DistinguishedName}; @@ -559,11 +558,6 @@ impl EarlyData { } } - fn check_write(&mut self, sz: usize) -> io::Result { - self.check_write_opt(sz) - .ok_or_else(|| io::Error::from(io::ErrorKind::InvalidInput)) - } - fn check_write_opt(&mut self, sz: usize) -> Option { match self.state { EarlyDataState::Disabled => unreachable!(), @@ -580,160 +574,187 @@ impl EarlyData { EarlyDataState::Rejected | EarlyDataState::AcceptedFinished => None, } } - - fn bytes_left(&self) -> usize { - self.left - } } -/// Stub that implements io::Write and dispatches to `write_early_data`. -pub struct WriteEarlyData<'a> { - sess: &'a mut ClientConnection, -} +#[cfg(feature = "std")] +mod connection { + use crate::common_state::Protocol; + use crate::conn::ConnectionCommon; + use crate::conn::ConnectionCore; + use crate::error::Error; + use crate::suites::ExtractedSecrets; + use crate::ClientConfig; -impl<'a> WriteEarlyData<'a> { - fn new(sess: &'a mut ClientConnection) -> WriteEarlyData<'a> { - WriteEarlyData { sess } - } + use pki_types::ServerName; - /// How many bytes you may send. Writes will become short - /// once this reaches zero. - pub fn bytes_left(&self) -> usize { - self.sess - .inner - .core - .data - .early_data - .bytes_left() - } -} + use alloc::sync::Arc; + use alloc::vec::Vec; + use core::fmt; + use core::ops::{Deref, DerefMut}; + use std::io; -impl<'a> io::Write for WriteEarlyData<'a> { - fn write(&mut self, buf: &[u8]) -> io::Result { - self.sess.write_early_data(buf) - } + use super::ClientConnectionData; - fn flush(&mut self) -> io::Result<()> { - Ok(()) + /// Stub that implements io::Write and dispatches to `write_early_data`. + pub struct WriteEarlyData<'a> { + sess: &'a mut ClientConnection, } -} -/// This represents a single TLS client connection. -pub struct ClientConnection { - inner: ConnectionCommon, -} + impl<'a> WriteEarlyData<'a> { + fn new(sess: &'a mut ClientConnection) -> WriteEarlyData<'a> { + WriteEarlyData { sess } + } -impl fmt::Debug for ClientConnection { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - f.debug_struct("ClientConnection") - .finish() + /// How many bytes you may send. Writes will become short + /// once this reaches zero. + pub fn bytes_left(&self) -> usize { + self.sess + .inner + .core + .data + .early_data + .bytes_left() + } } -} -impl ClientConnection { - /// Make a new ClientConnection. `config` controls how - /// we behave in the TLS protocol, `name` is the - /// name of the server we want to talk to. - pub fn new(config: Arc, name: ServerName<'static>) -> Result { - Ok(Self { - inner: ConnectionCore::for_client(config, name, Vec::new(), Protocol::Tcp)?.into(), - }) + impl<'a> io::Write for WriteEarlyData<'a> { + fn write(&mut self, buf: &[u8]) -> io::Result { + self.sess.write_early_data(buf) + } + + fn flush(&mut self) -> io::Result<()> { + Ok(()) + } } - /// Returns an `io::Write` implementer you can write bytes to - /// to send TLS1.3 early data (a.k.a. "0-RTT data") to the server. - /// - /// This returns None in many circumstances when the capability to - /// send early data is not available, including but not limited to: - /// - /// - The server hasn't been talked to previously. - /// - The server does not support resumption. - /// - The server does not support early data. - /// - The resumption data for the server has expired. - /// - /// The server specifies a maximum amount of early data. You can - /// learn this limit through the returned object, and writes through - /// it will process only this many bytes. - /// - /// The server can choose not to accept any sent early data -- - /// in this case the data is lost but the connection continues. You - /// can tell this happened using `is_early_data_accepted`. - pub fn early_data(&mut self) -> Option { - if self - .inner - .core - .data - .early_data - .is_enabled() - { - Some(WriteEarlyData::new(self)) - } else { - None + impl super::EarlyData { + fn check_write(&mut self, sz: usize) -> io::Result { + self.check_write_opt(sz) + .ok_or_else(|| io::Error::from(io::ErrorKind::InvalidInput)) + } + + fn bytes_left(&self) -> usize { + self.left } } - /// Returns True if the server signalled it will process early data. - /// - /// If you sent early data and this returns false at the end of the - /// handshake then the server will not process the data. This - /// is not an error, but you may wish to resend the data. - pub fn is_early_data_accepted(&self) -> bool { - self.inner.core.is_early_data_accepted() + /// This represents a single TLS client connection. + pub struct ClientConnection { + inner: ConnectionCommon, } - /// Extract secrets, so they can be used when configuring kTLS, for example. - /// Should be used with care as it exposes secret key material. - pub fn dangerous_extract_secrets(self) -> Result { - self.inner.dangerous_extract_secrets() + impl fmt::Debug for ClientConnection { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + f.debug_struct("ClientConnection") + .finish() + } } - fn write_early_data(&mut self, data: &[u8]) -> io::Result { - self.inner - .core - .data - .early_data - .check_write(data.len()) - .map(|sz| { - self.inner - .send_early_plaintext(&data[..sz]) + impl ClientConnection { + /// Make a new ClientConnection. `config` controls how + /// we behave in the TLS protocol, `name` is the + /// name of the server we want to talk to. + pub fn new(config: Arc, name: ServerName<'static>) -> Result { + Ok(Self { + inner: ConnectionCore::for_client(config, name, Vec::new(), Protocol::Tcp)?.into(), }) + } + + /// Returns an `io::Write` implementer you can write bytes to + /// to send TLS1.3 early data (a.k.a. "0-RTT data") to the server. + /// + /// This returns None in many circumstances when the capability to + /// send early data is not available, including but not limited to: + /// + /// - The server hasn't been talked to previously. + /// - The server does not support resumption. + /// - The server does not support early data. + /// - The resumption data for the server has expired. + /// + /// The server specifies a maximum amount of early data. You can + /// learn this limit through the returned object, and writes through + /// it will process only this many bytes. + /// + /// The server can choose not to accept any sent early data -- + /// in this case the data is lost but the connection continues. You + /// can tell this happened using `is_early_data_accepted`. + pub fn early_data(&mut self) -> Option { + if self + .inner + .core + .data + .early_data + .is_enabled() + { + Some(WriteEarlyData::new(self)) + } else { + None + } + } + + /// Returns True if the server signalled it will process early data. + /// + /// If you sent early data and this returns false at the end of the + /// handshake then the server will not process the data. This + /// is not an error, but you may wish to resend the data. + pub fn is_early_data_accepted(&self) -> bool { + self.inner.core.is_early_data_accepted() + } + + /// Extract secrets, so they can be used when configuring kTLS, for example. + /// Should be used with care as it exposes secret key material. + pub fn dangerous_extract_secrets(self) -> Result { + self.inner.dangerous_extract_secrets() + } + + fn write_early_data(&mut self, data: &[u8]) -> io::Result { + self.inner + .core + .data + .early_data + .check_write(data.len()) + .map(|sz| { + self.inner + .send_early_plaintext(&data[..sz]) + }) + } } -} -impl Deref for ClientConnection { - type Target = ConnectionCommon; + impl Deref for ClientConnection { + type Target = ConnectionCommon; - fn deref(&self) -> &Self::Target { - &self.inner + fn deref(&self) -> &Self::Target { + &self.inner + } } -} -impl DerefMut for ClientConnection { - fn deref_mut(&mut self) -> &mut Self::Target { - &mut self.inner + impl DerefMut for ClientConnection { + fn deref_mut(&mut self) -> &mut Self::Target { + &mut self.inner + } } -} -#[cfg(feature = "std")] -#[doc(hidden)] -impl<'a> TryFrom<&'a mut crate::Connection> for &'a mut ClientConnection { - type Error = (); - - fn try_from(value: &'a mut crate::Connection) -> Result { - use crate::Connection::*; - match value { - Client(conn) => Ok(conn), - Server(_) => Err(()), + #[doc(hidden)] + impl<'a> TryFrom<&'a mut crate::Connection> for &'a mut ClientConnection { + type Error = (); + + fn try_from(value: &'a mut crate::Connection) -> Result { + use crate::Connection::*; + match value { + Client(conn) => Ok(conn), + Server(_) => Err(()), + } } } -} -#[cfg(feature = "std")] -impl From for crate::Connection { - fn from(conn: ClientConnection) -> Self { - Self::Client(conn) + impl From for crate::Connection { + fn from(conn: ClientConnection) -> Self { + Self::Client(conn) + } } } +#[cfg(feature = "std")] +pub use connection::{ClientConnection, WriteEarlyData}; impl ConnectionCore { pub(crate) fn for_client( diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 9461024099..70567dcd21 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -243,6 +243,7 @@ impl CommonState { Ok(written) } + #[cfg(feature = "std")] pub(crate) fn send_early_plaintext(&mut self, data: &[u8]) -> usize { debug_assert!(self.early_traffic); debug_assert!(self.record_layer.is_encrypting()); diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 9715592768..35f5122d02 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -538,11 +538,12 @@ pub mod client { pub use builder::WantsClientCert; pub use client_conn::{ - ClientConfig, ClientConnection, ClientConnectionData, ClientSessionStore, EarlyDataError, - ResolvesClientCert, Resumption, Tls12Resumption, UnbufferedClientConnection, - WriteEarlyData, + ClientConfig, ClientConnectionData, ClientSessionStore, EarlyDataError, ResolvesClientCert, + Resumption, Tls12Resumption, UnbufferedClientConnection, }; #[cfg(feature = "std")] + pub use client_conn::{ClientConnection, WriteEarlyData}; + #[cfg(feature = "std")] pub use handy::ClientSessionMemoryCache; /// Dangerous configuration that should be audited and used with extreme care. @@ -561,7 +562,9 @@ pub mod client { pub use crate::msgs::persist::Tls13ClientSessionValue; } -pub use client::{ClientConfig, ClientConnection}; +pub use client::ClientConfig; +#[cfg(feature = "std")] +pub use client::ClientConnection; /// Items for use in a server. pub mod server { From 64f02d1ed52c19aed41efe061e2ad16dd6a1e275 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 18:57:11 +0200 Subject: [PATCH 0775/1145] no-std: rm Acceptor --- rustls/src/conn.rs | 1 + rustls/src/lib.rs | 6 +- rustls/src/server/server_conn.rs | 249 ++++++++++++++++--------------- 3 files changed, 130 insertions(+), 126 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 14095c32b7..e61292b5c2 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -489,6 +489,7 @@ impl ConnectionCommon { /// /// This is a shortcut to the `process_new_packets()` -> `process_msg()` -> /// `process_handshake_messages()` path, specialized for the first handshake message. + #[cfg(feature = "std")] pub(crate) fn first_handshake_message(&mut self) -> Result>, Error> { let mut deframer_buffer = self.deframer_buffer.borrow(); let res = self diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 35f5122d02..3e976342ab 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -586,11 +586,11 @@ pub mod server { pub use handy::{NoServerSessionStorage, ServerSessionMemoryCache}; pub use server_conn::StoresServerSessions; pub use server_conn::{ - Accepted, Acceptor, ServerConfig, ServerConnectionData, UnbufferedServerConnection, + Accepted, ServerConfig, ServerConnectionData, UnbufferedServerConnection, }; - pub use server_conn::{ClientHello, ProducesTickets, ResolvesServerCert}; #[cfg(feature = "std")] - pub use server_conn::{ReadEarlyData, ServerConnection}; + pub use server_conn::{Acceptor, ReadEarlyData, ServerConnection}; + pub use server_conn::{ClientHello, ProducesTickets, ResolvesServerCert}; /// Dangerous configuration that should be audited and used with extreme care. pub mod danger { diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index c6028dd807..d93fff21da 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,5 +1,5 @@ use crate::builder::ConfigBuilder; -use crate::common_state::{CommonState, Context, Protocol, Side, State}; +use crate::common_state::{CommonState, Protocol, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon}; use crate::crypto::CryptoProvider; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; @@ -31,6 +31,7 @@ use core::fmt; use core::fmt::{Debug, Formatter}; use core::marker::PhantomData; use core::ops::{Deref, DerefMut}; +#[cfg(feature = "std")] use std::io; #[cfg(doc)] @@ -492,11 +493,13 @@ impl ServerConfig { #[cfg(feature = "std")] mod connection { - use crate::common_state::{CommonState, Side}; + use crate::common_state::{CommonState, Context, Side}; use crate::conn::{ConnectionCommon, ConnectionCore}; use crate::error::Error; + use crate::server::hs; use crate::suites::ExtractedSecrets; + use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; @@ -504,7 +507,7 @@ mod connection { use core::ops::{Deref, DerefMut}; use std::io; - use super::{EarlyDataState, ServerConfig, ServerConnectionData}; + use super::{Accepted, Accepting, EarlyDataState, ServerConfig, ServerConnectionData}; /// Allows reading of early data in resumed TLS1.3 connections. /// @@ -659,9 +662,128 @@ mod connection { Self::Server(conn) } } + + /// Handle a server-side connection before configuration is available. + /// + /// `Acceptor` allows the caller to choose a [`ServerConfig`] after reading + /// the [`super::ClientHello`] of an incoming connection. This is useful for servers + /// that choose different certificates or cipher suites based on the + /// characteristics of the `ClientHello`. In particular it is useful for + /// servers that need to do some I/O to load a certificate and its private key + /// and don't want to use the blocking interface provided by + /// [`super::ResolvesServerCert`]. + /// + /// Create an Acceptor with [`Acceptor::default()`]. + /// + /// # Example + /// + /// ```no_run + /// # #[cfg(feature = "aws_lc_rs")] { + /// # fn choose_server_config( + /// # _: rustls::server::ClientHello, + /// # ) -> std::sync::Arc { + /// # unimplemented!(); + /// # } + /// # #[allow(unused_variables)] + /// # fn main() { + /// use rustls::server::{Acceptor, ServerConfig}; + /// let listener = std::net::TcpListener::bind("127.0.0.1:0").unwrap(); + /// for stream in listener.incoming() { + /// let mut stream = stream.unwrap(); + /// let mut acceptor = Acceptor::default(); + /// let accepted = loop { + /// acceptor.read_tls(&mut stream).unwrap(); + /// if let Some(accepted) = acceptor.accept().unwrap() { + /// break accepted; + /// } + /// }; + /// + /// // For some user-defined choose_server_config: + /// let config = choose_server_config(accepted.client_hello()); + /// let conn = accepted + /// .into_connection(config) + /// .unwrap(); + + /// // Proceed with handling the ServerConnection. + /// } + /// # } + /// # } + /// ``` + pub struct Acceptor { + inner: Option>, + } + + impl Default for Acceptor { + /// Return an empty Acceptor, ready to receive bytes from a new client connection. + fn default() -> Self { + Self { + inner: Some( + ConnectionCore::new( + Box::new(Accepting), + ServerConnectionData::default(), + CommonState::new(Side::Server), + ) + .into(), + ), + } + } + } + + impl Acceptor { + /// Read TLS content from `rd`. + /// + /// Returns an error if this `Acceptor` has already yielded an [`Accepted`]. For more details, + /// refer to [`Connection::read_tls()`]. + /// + /// [`Connection::read_tls()`]: crate::Connection::read_tls + pub fn read_tls(&mut self, rd: &mut dyn io::Read) -> Result { + match &mut self.inner { + Some(conn) => conn.read_tls(rd), + None => Err(io::Error::new( + io::ErrorKind::Other, + "acceptor cannot read after successful acceptance", + )), + } + } + + /// Check if a `ClientHello` message has been received. + /// + /// Returns `Ok(None)` if the complete `ClientHello` has not yet been received. + /// Do more I/O and then call this function again. + /// + /// Returns `Ok(Some(accepted))` if the connection has been accepted. Call + /// `accepted.into_connection()` to continue. Do not call this function again. + /// + /// Returns `Err(err)` if an error occurred. Do not call this function again. + pub fn accept(&mut self) -> Result, Error> { + let mut connection = match self.inner.take() { + Some(conn) => conn, + None => { + return Err(Error::General("Acceptor polled after completion".into())); + } + }; + + let message = match connection.first_handshake_message()? { + Some(msg) => msg, + None => { + self.inner = Some(connection); + return Ok(None); + } + }; + + let (_, sig_schemes) = + hs::process_client_hello(&message, false, &mut Context::from(&mut connection))?; + + Ok(Some(Accepted { + connection, + message, + sig_schemes, + })) + } + } } #[cfg(feature = "std")] -pub use connection::{ReadEarlyData, ServerConnection}; +pub use connection::{Acceptor, ReadEarlyData, ServerConnection}; /// Unbuffered version of `ServerConnection` /// @@ -705,125 +827,6 @@ impl UnbufferedConnectionCommon { } } -/// Handle a server-side connection before configuration is available. -/// -/// `Acceptor` allows the caller to choose a [`ServerConfig`] after reading -/// the [`ClientHello`] of an incoming connection. This is useful for servers -/// that choose different certificates or cipher suites based on the -/// characteristics of the `ClientHello`. In particular it is useful for -/// servers that need to do some I/O to load a certificate and its private key -/// and don't want to use the blocking interface provided by -/// [`ResolvesServerCert`]. -/// -/// Create an Acceptor with [`Acceptor::default()`]. -/// -/// # Example -/// -/// ```no_run -/// # #[cfg(feature = "aws_lc_rs")] { -/// # fn choose_server_config( -/// # _: rustls::server::ClientHello, -/// # ) -> std::sync::Arc { -/// # unimplemented!(); -/// # } -/// # #[allow(unused_variables)] -/// # fn main() { -/// use rustls::server::{Acceptor, ServerConfig}; -/// let listener = std::net::TcpListener::bind("127.0.0.1:0").unwrap(); -/// for stream in listener.incoming() { -/// let mut stream = stream.unwrap(); -/// let mut acceptor = Acceptor::default(); -/// let accepted = loop { -/// acceptor.read_tls(&mut stream).unwrap(); -/// if let Some(accepted) = acceptor.accept().unwrap() { -/// break accepted; -/// } -/// }; -/// -/// // For some user-defined choose_server_config: -/// let config = choose_server_config(accepted.client_hello()); -/// let conn = accepted -/// .into_connection(config) -/// .unwrap(); - -/// // Proceed with handling the ServerConnection. -/// } -/// # } -/// # } -/// ``` -pub struct Acceptor { - inner: Option>, -} - -impl Default for Acceptor { - /// Return an empty Acceptor, ready to receive bytes from a new client connection. - fn default() -> Self { - Self { - inner: Some( - ConnectionCore::new( - Box::new(Accepting), - ServerConnectionData::default(), - CommonState::new(Side::Server), - ) - .into(), - ), - } - } -} - -impl Acceptor { - /// Read TLS content from `rd`. - /// - /// Returns an error if this `Acceptor` has already yielded an [`Accepted`]. For more details, - /// refer to [`Connection::read_tls()`]. - /// - /// [`Connection::read_tls()`]: crate::Connection::read_tls - pub fn read_tls(&mut self, rd: &mut dyn io::Read) -> Result { - match &mut self.inner { - Some(conn) => conn.read_tls(rd), - None => Err(io::Error::new( - io::ErrorKind::Other, - "acceptor cannot read after successful acceptance", - )), - } - } - - /// Check if a `ClientHello` message has been received. - /// - /// Returns `Ok(None)` if the complete `ClientHello` has not yet been received. - /// Do more I/O and then call this function again. - /// - /// Returns `Ok(Some(accepted))` if the connection has been accepted. Call - /// `accepted.into_connection()` to continue. Do not call this function again. - /// - /// Returns `Err(err)` if an error occurred. Do not call this function again. - pub fn accept(&mut self) -> Result, Error> { - let mut connection = match self.inner.take() { - Some(conn) => conn, - None => { - return Err(Error::General("Acceptor polled after completion".into())); - } - }; - - let message = match connection.first_handshake_message()? { - Some(msg) => msg, - None => { - self.inner = Some(connection); - return Ok(None); - } - }; - - let (_, sig_schemes) = - hs::process_client_hello(&message, false, &mut Context::from(&mut connection))?; - - Ok(Some(Accepted { - connection, - message, - sig_schemes, - })) - } -} - /// Represents a `ClientHello` message received through the [`Acceptor`]. /// /// Contains the state required to resume the connection through [`Accepted::into_connection()`]. From 5c67d6ecebd5f4b154d4f27eb15026b716676d87 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:03:36 +0200 Subject: [PATCH 0776/1145] no-std: rm Reader --- rustls/src/conn.rs | 201 ++++++++++++++++++++++--------------------- rustls/src/lib.rs | 4 +- rustls/src/vecbuf.rs | 4 + 3 files changed, 108 insertions(+), 101 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index e61292b5c2..f334123741 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -23,6 +23,7 @@ mod connection { use crate::common_state::{CommonState, IoState}; use crate::error::Error; use crate::suites::ExtractedSecrets; + use crate::vecbuf::ChunkVecBuffer; use core::fmt::Debug; use core::ops::{Deref, DerefMut}; @@ -30,7 +31,7 @@ mod connection { #[cfg(doc)] use super::ConnectionCommon; - use super::{Reader, Writer}; + use super::Writer; /// A client or server connection. #[derive(Debug)] @@ -153,113 +154,117 @@ mod connection { } } } -} - -#[cfg(feature = "std")] -pub use connection::Connection; -/// A structure that implements [`std::io::Read`] for reading plaintext. -pub struct Reader<'a> { - received_plaintext: &'a mut ChunkVecBuffer, - peer_cleanly_closed: bool, - has_seen_eof: bool, -} + /// A structure that implements [`std::io::Read`] for reading plaintext. + pub struct Reader<'a> { + pub(super) received_plaintext: &'a mut ChunkVecBuffer, + pub(super) peer_cleanly_closed: bool, + pub(super) has_seen_eof: bool, + } -impl<'a> io::Read for Reader<'a> { - /// Obtain plaintext data received from the peer over this TLS connection. - /// - /// If the peer closes the TLS session cleanly, this returns `Ok(0)` once all - /// the pending data has been read. No further data can be received on that - /// connection, so the underlying TCP connection should be half-closed too. - /// - /// If the peer closes the TLS session uncleanly (a TCP EOF without sending a - /// `close_notify` alert) this function returns a `std::io::Error` of type - /// `ErrorKind::UnexpectedEof` once any pending data has been read. - /// - /// Note that support for `close_notify` varies in peer TLS libraries: many do not - /// support it and uncleanly close the TCP connection (this might be - /// vulnerable to truncation attacks depending on the application protocol). - /// This means applications using rustls must both handle EOF - /// from this function, *and* unexpected EOF of the underlying TCP connection. - /// - /// If there are no bytes to read, this returns `Err(ErrorKind::WouldBlock.into())`. - /// - /// You may learn the number of bytes available at any time by inspecting - /// the return of [`Connection::process_new_packets`]. - fn read(&mut self, buf: &mut [u8]) -> io::Result { - let len = self.received_plaintext.read(buf)?; - - if len == 0 && !buf.is_empty() { - // No bytes available: - match (self.peer_cleanly_closed, self.has_seen_eof) { - // cleanly closed; don't care about TCP EOF: express this as Ok(0) - (true, _) => {} - // unclean closure - (false, true) => { - return Err(io::Error::new( - io::ErrorKind::UnexpectedEof, - UNEXPECTED_EOF_MESSAGE, - )) + impl<'a> io::Read for Reader<'a> { + /// Obtain plaintext data received from the peer over this TLS connection. + /// + /// If the peer closes the TLS session cleanly, this returns `Ok(0)` once all + /// the pending data has been read. No further data can be received on that + /// connection, so the underlying TCP connection should be half-closed too. + /// + /// If the peer closes the TLS session uncleanly (a TCP EOF without sending a + /// `close_notify` alert) this function returns a `std::io::Error` of type + /// `ErrorKind::UnexpectedEof` once any pending data has been read. + /// + /// Note that support for `close_notify` varies in peer TLS libraries: many do not + /// support it and uncleanly close the TCP connection (this might be + /// vulnerable to truncation attacks depending on the application protocol). + /// This means applications using rustls must both handle EOF + /// from this function, *and* unexpected EOF of the underlying TCP connection. + /// + /// If there are no bytes to read, this returns `Err(ErrorKind::WouldBlock.into())`. + /// + /// You may learn the number of bytes available at any time by inspecting + /// the return of [`Connection::process_new_packets`]. + fn read(&mut self, buf: &mut [u8]) -> io::Result { + let len = self.received_plaintext.read(buf)?; + + if len == 0 && !buf.is_empty() { + // No bytes available: + match (self.peer_cleanly_closed, self.has_seen_eof) { + // cleanly closed; don't care about TCP EOF: express this as Ok(0) + (true, _) => {} + // unclean closure + (false, true) => { + return Err(io::Error::new( + io::ErrorKind::UnexpectedEof, + UNEXPECTED_EOF_MESSAGE, + )) + } + // connection still going, but needs more data: signal `WouldBlock` so that + // the caller knows this + (false, false) => return Err(io::ErrorKind::WouldBlock.into()), } - // connection still going, but needs more data: signal `WouldBlock` so that - // the caller knows this - (false, false) => return Err(io::ErrorKind::WouldBlock.into()), } + + Ok(len) } - Ok(len) - } - - /// Obtain plaintext data received from the peer over this TLS connection. - /// - /// If the peer closes the TLS session, this returns `Ok(())` without filling - /// any more of the buffer once all the pending data has been read. No further - /// data can be received on that connection, so the underlying TCP connection - /// should be half-closed too. - /// - /// If the peer closes the TLS session uncleanly (a TCP EOF without sending a - /// `close_notify` alert) this function returns a `std::io::Error` of type - /// `ErrorKind::UnexpectedEof` once any pending data has been read. - /// - /// Note that support for `close_notify` varies in peer TLS libraries: many do not - /// support it and uncleanly close the TCP connection (this might be - /// vulnerable to truncation attacks depending on the application protocol). - /// This means applications using rustls must both handle EOF - /// from this function, *and* unexpected EOF of the underlying TCP connection. - /// - /// If there are no bytes to read, this returns `Err(ErrorKind::WouldBlock.into())`. - /// - /// You may learn the number of bytes available at any time by inspecting - /// the return of [`Connection::process_new_packets`]. - #[cfg(read_buf)] - fn read_buf(&mut self, mut cursor: core::io::BorrowedCursor<'_>) -> io::Result<()> { - let before = cursor.written(); - self.received_plaintext - .read_buf(cursor.reborrow())?; - let len = cursor.written() - before; - - if len == 0 && cursor.capacity() > 0 { - // No bytes available: - match (self.peer_cleanly_closed, self.has_seen_eof) { - // cleanly closed; don't care about TCP EOF: express this as Ok(0) - (true, _) => {} - // unclean closure - (false, true) => { - return Err(io::Error::new( - io::ErrorKind::UnexpectedEof, - UNEXPECTED_EOF_MESSAGE, - )); + /// Obtain plaintext data received from the peer over this TLS connection. + /// + /// If the peer closes the TLS session, this returns `Ok(())` without filling + /// any more of the buffer once all the pending data has been read. No further + /// data can be received on that connection, so the underlying TCP connection + /// should be half-closed too. + /// + /// If the peer closes the TLS session uncleanly (a TCP EOF without sending a + /// `close_notify` alert) this function returns a `std::io::Error` of type + /// `ErrorKind::UnexpectedEof` once any pending data has been read. + /// + /// Note that support for `close_notify` varies in peer TLS libraries: many do not + /// support it and uncleanly close the TCP connection (this might be + /// vulnerable to truncation attacks depending on the application protocol). + /// This means applications using rustls must both handle EOF + /// from this function, *and* unexpected EOF of the underlying TCP connection. + /// + /// If there are no bytes to read, this returns `Err(ErrorKind::WouldBlock.into())`. + /// + /// You may learn the number of bytes available at any time by inspecting + /// the return of [`Connection::process_new_packets`]. + #[cfg(read_buf)] + fn read_buf(&mut self, mut cursor: core::io::BorrowedCursor<'_>) -> io::Result<()> { + let before = cursor.written(); + self.received_plaintext + .read_buf(cursor.reborrow())?; + let len = cursor.written() - before; + + if len == 0 && cursor.capacity() > 0 { + // No bytes available: + match (self.peer_cleanly_closed, self.has_seen_eof) { + // cleanly closed; don't care about TCP EOF: express this as Ok(0) + (true, _) => {} + // unclean closure + (false, true) => { + return Err(io::Error::new( + io::ErrorKind::UnexpectedEof, + UNEXPECTED_EOF_MESSAGE, + )); + } + // connection still going, but need more data: signal `WouldBlock` so that + // the caller knows this + (false, false) => return Err(io::ErrorKind::WouldBlock.into()), } - // connection still going, but need more data: signal `WouldBlock` so that - // the caller knows this - (false, false) => return Err(io::ErrorKind::WouldBlock.into()), } - } - Ok(()) + Ok(()) + } } + + const UNEXPECTED_EOF_MESSAGE: &str = + "peer closed connection without sending TLS close_notify: \ +https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eof"; } +#[cfg(feature = "std")] +pub use connection::{Connection, Reader}; + /// Internal trait implemented by the [`ServerConnection`]/[`ClientConnection`] /// allowing them to be the subject of a [`Writer`]. /// @@ -371,6 +376,7 @@ pub struct ConnectionCommon { impl ConnectionCommon { /// Returns an object that allows reading plaintext. + #[cfg(feature = "std")] pub fn reader(&mut self) -> Reader { let common = &mut self.core.common_state; Reader { @@ -924,6 +930,3 @@ impl ConnectionCore { /// Data specific to the peer's side (client or server). pub trait SideData: Debug {} - -const UNEXPECTED_EOF_MESSAGE: &str = "peer closed connection without sending TLS close_notify: \ -https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eof"; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 3e976342ab..0e9721c090 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -495,8 +495,8 @@ pub mod unbuffered { pub use crate::builder::{ConfigBuilder, ConfigSide, WantsVerifier, WantsVersions}; pub use crate::common_state::{CommonState, IoState, Side}; #[cfg(feature = "std")] -pub use crate::conn::Connection; -pub use crate::conn::{ConnectionCommon, Reader, SideData, Writer}; +pub use crate::conn::{Connection, Reader}; +pub use crate::conn::{ConnectionCommon, SideData, Writer}; pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, SignatureScheme, diff --git a/rustls/src/vecbuf.rs b/rustls/src/vecbuf.rs index 892e852f73..7989e208c5 100644 --- a/rustls/src/vecbuf.rs +++ b/rustls/src/vecbuf.rs @@ -2,8 +2,10 @@ use alloc::collections::VecDeque; use alloc::vec::Vec; use core::cmp; use std::io; +#[cfg(feature = "std")] use std::io::Read; +#[cfg(feature = "std")] use crate::msgs::message::OutboundChunks; /// This is a byte buffer that is built from a vector @@ -93,6 +95,7 @@ impl ChunkVecBuffer { /// Read data out of this object, writing it into `buf` /// and returning how many bytes were written there. + #[cfg(feature = "std")] pub(crate) fn read(&mut self, buf: &mut [u8]) -> io::Result { let mut offs = 0; @@ -150,6 +153,7 @@ impl ChunkVecBuffer { } } +#[cfg(feature = "std")] #[cfg(test)] mod tests { use super::ChunkVecBuffer; From 5799fc87fd94a87712fb4d7a247e24b59a9eebfd Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:04:24 +0200 Subject: [PATCH 0777/1145] no-std: rm Writer --- rustls/src/conn.rs | 81 +++++++++++++++++++++++----------------------- rustls/src/lib.rs | 4 +-- 2 files changed, 43 insertions(+), 42 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index f334123741..f6744b4d54 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -31,7 +31,7 @@ mod connection { #[cfg(doc)] use super::ConnectionCommon; - use super::Writer; + use super::PlaintextSink; /// A client or server connection. #[derive(Debug)] @@ -260,10 +260,48 @@ mod connection { const UNEXPECTED_EOF_MESSAGE: &str = "peer closed connection without sending TLS close_notify: \ https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eof"; + + /// A structure that implements [`std::io::Write`] for writing plaintext. + pub struct Writer<'a> { + sink: &'a mut dyn PlaintextSink, + } + + impl<'a> Writer<'a> { + /// Create a new Writer. + /// + /// This is not an external interface. Get one of these objects + /// from [`Connection::writer`]. + pub(crate) fn new(sink: &'a mut dyn PlaintextSink) -> Writer<'a> { + Writer { sink } + } + } + + impl<'a> io::Write for Writer<'a> { + /// Send the plaintext `buf` to the peer, encrypting + /// and authenticating it. Once this function succeeds + /// you should call [`Connection::write_tls`] which will output the + /// corresponding TLS records. + /// + /// This function buffers plaintext sent before the + /// TLS handshake completes, and sends it as soon + /// as it can. See [`ConnectionCommon::set_buffer_limit`] to control + /// the size of this buffer. + fn write(&mut self, buf: &[u8]) -> io::Result { + self.sink.write(buf) + } + + fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result { + self.sink.write_vectored(bufs) + } + + fn flush(&mut self) -> io::Result<()> { + self.sink.flush() + } + } } #[cfg(feature = "std")] -pub use connection::{Connection, Reader}; +pub use connection::{Connection, Reader, Writer}; /// Internal trait implemented by the [`ServerConnection`]/[`ClientConnection`] /// allowing them to be the subject of a [`Writer`]. @@ -309,44 +347,6 @@ impl PlaintextSink for ConnectionCommon { } } -/// A structure that implements [`std::io::Write`] for writing plaintext. -pub struct Writer<'a> { - sink: &'a mut dyn PlaintextSink, -} - -impl<'a> Writer<'a> { - /// Create a new Writer. - /// - /// This is not an external interface. Get one of these objects - /// from [`Connection::writer`]. - pub(crate) fn new(sink: &'a mut dyn PlaintextSink) -> Writer<'a> { - Writer { sink } - } -} - -impl<'a> io::Write for Writer<'a> { - /// Send the plaintext `buf` to the peer, encrypting - /// and authenticating it. Once this function succeeds - /// you should call [`Connection::write_tls`] which will output the - /// corresponding TLS records. - /// - /// This function buffers plaintext sent before the - /// TLS handshake completes, and sends it as soon - /// as it can. See [`ConnectionCommon::set_buffer_limit`] to control - /// the size of this buffer. - fn write(&mut self, buf: &[u8]) -> io::Result { - self.sink.write(buf) - } - - fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result { - self.sink.write_vectored(bufs) - } - - fn flush(&mut self) -> io::Result<()> { - self.sink.flush() - } -} - #[derive(Debug)] pub(crate) struct ConnectionRandoms { pub(crate) client: [u8; 32], @@ -390,6 +390,7 @@ impl ConnectionCommon { } /// Returns an object that allows writing plaintext. + #[cfg(feature = "std")] pub fn writer(&mut self) -> Writer { Writer::new(self) } diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 0e9721c090..efde031b1a 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -495,8 +495,8 @@ pub mod unbuffered { pub use crate::builder::{ConfigBuilder, ConfigSide, WantsVerifier, WantsVersions}; pub use crate::common_state::{CommonState, IoState, Side}; #[cfg(feature = "std")] -pub use crate::conn::{Connection, Reader}; -pub use crate::conn::{ConnectionCommon, SideData, Writer}; +pub use crate::conn::{Connection, Reader, Writer}; +pub use crate::conn::{ConnectionCommon, SideData}; pub use crate::enums::{ AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, SignatureScheme, From d8ff76c260e83842bfdd66e773211ef31ab9945f Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:05:24 +0200 Subject: [PATCH 0778/1145] no-std: rm PlaintextSink --- rustls/src/common_state.rs | 106 +++++++++++++++++++------------------ rustls/src/conn.rs | 94 ++++++++++++++++---------------- rustls/src/vecbuf.rs | 1 + 3 files changed, 102 insertions(+), 99 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 70567dcd21..2d3fe37421 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -182,20 +182,6 @@ impl CommonState { } } - /// Send plaintext application data, fragmenting and - /// encrypting it as it goes out. - /// - /// If internal buffers are too small, this function will not accept - /// all the data. - pub(crate) fn buffer_plaintext( - &mut self, - payload: OutboundChunks<'_>, - sendable_plaintext: &mut ChunkVecBuffer, - ) -> usize { - self.perhaps_write_key_update(); - self.send_plain(payload, Limit::Yes, sendable_plaintext) - } - pub(crate) fn write_plaintext( &mut self, payload: OutboundChunks<'_>, @@ -243,19 +229,6 @@ impl CommonState { Ok(written) } - #[cfg(feature = "std")] - pub(crate) fn send_early_plaintext(&mut self, data: &[u8]) -> usize { - debug_assert!(self.early_traffic); - debug_assert!(self.record_layer.is_encrypting()); - - if data.is_empty() { - // Don't send empty fragments. - return 0; - } - - self.send_appdata_encrypt(data.into(), Limit::Yes) - } - // Changing the keys must not span any fragmented handshake // messages. Otherwise the defragmented messages will have // been protected with two different record layer protections, @@ -289,6 +262,7 @@ impl CommonState { // be out by whatever the cipher+record overhead is. That's a // constant and predictable amount, so it's not a terrible issue. let len = match limit { + #[cfg(feature = "std")] Limit::Yes => self .sendable_tls .apply_limit(payload.len()), @@ -329,30 +303,6 @@ impl CommonState { self.queue_tls_message(em); } - /// Encrypt and send some plaintext `data`. `limit` controls - /// whether the per-connection buffer limits apply. - /// - /// Returns the number of bytes written from `data`: this might - /// be less than `data.len()` if buffer limits were exceeded. - fn send_plain( - &mut self, - payload: OutboundChunks<'_>, - limit: Limit, - sendable_plaintext: &mut ChunkVecBuffer, - ) -> usize { - if !self.may_send_application_data { - // If we haven't completed handshaking, buffer - // plaintext to send once we do. - let len = match limit { - Limit::Yes => sendable_plaintext.append_limited_copy(payload), - Limit::No => sendable_plaintext.append(payload.to_vec()), - }; - return len; - } - - self.send_plain_non_buffering(payload, limit) - } - fn send_plain_non_buffering(&mut self, payload: OutboundChunks<'_>, limit: Limit) -> usize { debug_assert!(self.may_send_application_data); debug_assert!(self.record_layer.is_encrypting()); @@ -671,6 +621,59 @@ impl CommonState { .encode(), ); } +} + +#[cfg(feature = "std")] +impl CommonState { + /// Send plaintext application data, fragmenting and + /// encrypting it as it goes out. + /// + /// If internal buffers are too small, this function will not accept + /// all the data. + pub(crate) fn buffer_plaintext( + &mut self, + payload: OutboundChunks<'_>, + sendable_plaintext: &mut ChunkVecBuffer, + ) -> usize { + self.perhaps_write_key_update(); + self.send_plain(payload, Limit::Yes, sendable_plaintext) + } + + pub(crate) fn send_early_plaintext(&mut self, data: &[u8]) -> usize { + debug_assert!(self.early_traffic); + debug_assert!(self.record_layer.is_encrypting()); + + if data.is_empty() { + // Don't send empty fragments. + return 0; + } + + self.send_appdata_encrypt(data.into(), Limit::Yes) + } + + /// Encrypt and send some plaintext `data`. `limit` controls + /// whether the per-connection buffer limits apply. + /// + /// Returns the number of bytes written from `data`: this might + /// be less than `data.len()` if buffer limits were exceeded. + fn send_plain( + &mut self, + payload: OutboundChunks<'_>, + limit: Limit, + sendable_plaintext: &mut ChunkVecBuffer, + ) -> usize { + if !self.may_send_application_data { + // If we haven't completed handshaking, buffer + // plaintext to send once we do. + let len = match limit { + Limit::Yes => sendable_plaintext.append_limited_copy(payload), + Limit::No => sendable_plaintext.append(payload.to_vec()), + }; + return len; + } + + self.send_plain_non_buffering(payload, limit) + } pub(crate) fn perhaps_write_key_update(&mut self) { if let Some(message) = self.queued_key_update_message.take() { @@ -778,6 +781,7 @@ pub(crate) enum Protocol { } enum Limit { + #[cfg(feature = "std")] Yes, No, } diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index f6744b4d54..959c45235e 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -5,12 +5,11 @@ use crate::error::{Error, PeerMisbehaved}; use crate::log::trace; use crate::msgs::deframer::{Deframed, DeframerSliceBuffer, DeframerVecBuffer, MessageDeframer}; use crate::msgs::handshake::Random; -use crate::msgs::message::{InboundPlainMessage, Message, MessagePayload, OutboundChunks}; +use crate::msgs::message::{InboundPlainMessage, Message, MessagePayload}; use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; use crate::vecbuf::ChunkVecBuffer; use alloc::boxed::Box; -use alloc::vec::Vec; use core::fmt::Debug; use core::mem; use core::ops::{Deref, DerefMut}; @@ -22,17 +21,16 @@ pub(crate) mod unbuffered; mod connection { use crate::common_state::{CommonState, IoState}; use crate::error::Error; + use crate::msgs::message::OutboundChunks; use crate::suites::ExtractedSecrets; use crate::vecbuf::ChunkVecBuffer; + use crate::ConnectionCommon; + use alloc::vec::Vec; use core::fmt::Debug; use core::ops::{Deref, DerefMut}; use std::io; - #[cfg(doc)] - use super::ConnectionCommon; - use super::PlaintextSink; - /// A client or server connection. #[derive(Debug)] pub enum Connection { @@ -298,55 +296,55 @@ https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eof" self.sink.flush() } } -} -#[cfg(feature = "std")] -pub use connection::{Connection, Reader, Writer}; + /// Internal trait implemented by the [`ServerConnection`]/[`ClientConnection`] + /// allowing them to be the subject of a [`Writer`]. + /// + /// [`ServerConnection`]: crate::ServerConnection + /// [`ClientConnection`]: crate::ClientConnection + pub(crate) trait PlaintextSink { + fn write(&mut self, buf: &[u8]) -> io::Result; + fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result; + fn flush(&mut self) -> io::Result<()>; + } -/// Internal trait implemented by the [`ServerConnection`]/[`ClientConnection`] -/// allowing them to be the subject of a [`Writer`]. -/// -/// [`ServerConnection`]: crate::ServerConnection -/// [`ClientConnection`]: crate::ClientConnection -pub(crate) trait PlaintextSink { - fn write(&mut self, buf: &[u8]) -> io::Result; - fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result; - fn flush(&mut self) -> io::Result<()>; -} + impl PlaintextSink for ConnectionCommon { + fn write(&mut self, buf: &[u8]) -> io::Result { + Ok(self + .core + .common_state + .buffer_plaintext(buf.into(), &mut self.sendable_plaintext)) + } -impl PlaintextSink for ConnectionCommon { - fn write(&mut self, buf: &[u8]) -> io::Result { - Ok(self - .core - .common_state - .buffer_plaintext(buf.into(), &mut self.sendable_plaintext)) - } - - fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result { - let payload_owner: Vec<&[u8]>; - let payload = match bufs.len() { - 0 => return Ok(0), - 1 => OutboundChunks::Single(bufs[0].deref()), - _ => { - payload_owner = bufs - .iter() - .map(|io_slice| io_slice.deref()) - .collect(); - - OutboundChunks::new(&payload_owner) - } - }; - Ok(self - .core - .common_state - .buffer_plaintext(payload, &mut self.sendable_plaintext)) - } + fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result { + let payload_owner: Vec<&[u8]>; + let payload = match bufs.len() { + 0 => return Ok(0), + 1 => OutboundChunks::Single(bufs[0].deref()), + _ => { + payload_owner = bufs + .iter() + .map(|io_slice| io_slice.deref()) + .collect(); + + OutboundChunks::new(&payload_owner) + } + }; + Ok(self + .core + .common_state + .buffer_plaintext(payload, &mut self.sendable_plaintext)) + } - fn flush(&mut self) -> io::Result<()> { - Ok(()) + fn flush(&mut self) -> io::Result<()> { + Ok(()) + } } } +#[cfg(feature = "std")] +pub use connection::{Connection, Reader, Writer}; + #[derive(Debug)] pub(crate) struct ConnectionRandoms { pub(crate) client: [u8; 32], diff --git a/rustls/src/vecbuf.rs b/rustls/src/vecbuf.rs index 7989e208c5..ea0c19ce45 100644 --- a/rustls/src/vecbuf.rs +++ b/rustls/src/vecbuf.rs @@ -70,6 +70,7 @@ impl ChunkVecBuffer { /// Append a copy of `bytes`, perhaps a prefix if /// we're near the limit. + #[cfg(feature = "std")] pub(crate) fn append_limited_copy(&mut self, payload: OutboundChunks<'_>) -> usize { let take = self.apply_limit(payload.len()); self.append(payload.split_at(take).0.to_vec()); From c6d577867c69751df510d1d405128a7cd9ee435a Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:07:15 +0200 Subject: [PATCH 0779/1145] no-std: rm ConnectionCommon IO methods --- rustls/src/common_state.rs | 2 + rustls/src/conn.rs | 242 +++++++++++------------ rustls/src/msgs/message/inbound_plain.rs | 2 +- rustls/src/msgs/message/mod.rs | 1 + rustls/src/vecbuf.rs | 63 +++--- 5 files changed, 157 insertions(+), 153 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 2d3fe37421..015c345cef 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -39,6 +39,7 @@ pub struct CommonState { sent_fatal_alert: bool, /// If the peer has signaled end of stream. pub(crate) has_received_close_notify: bool, + #[cfg(feature = "std")] pub(crate) has_seen_eof: bool, pub(crate) received_middlebox_ccs: u8, pub(crate) peer_certificates: Option>, @@ -67,6 +68,7 @@ impl CommonState { early_traffic: false, sent_fatal_alert: false, has_received_close_notify: false, + #[cfg(feature = "std")] has_seen_eof: false, received_middlebox_ccs: 0, peer_certificates: None, diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 959c45235e..42d158943d 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -13,6 +13,7 @@ use alloc::boxed::Box; use core::fmt::Debug; use core::mem; use core::ops::{Deref, DerefMut}; +#[cfg(feature = "std")] use std::io; pub(crate) mod unbuffered; @@ -372,9 +373,128 @@ pub struct ConnectionCommon { sendable_plaintext: ChunkVecBuffer, } +impl ConnectionCommon { + /// Processes any new packets read by a previous call to + /// [`Connection::read_tls`]. + /// + /// Errors from this function relate to TLS protocol errors, and + /// are fatal to the connection. Future calls after an error will do + /// no new work and will return the same error. After an error is + /// received from [`process_new_packets`], you should not call [`read_tls`] + /// any more (it will fill up buffers to no purpose). However, you + /// may call the other methods on the connection, including `write`, + /// `send_close_notify`, and `write_tls`. Most likely you will want to + /// call `write_tls` to send any alerts queued by the error and then + /// close the underlying connection. + /// + /// Success from this function comes with some sundry state data + /// about the connection. + /// + /// [`read_tls`]: Connection::read_tls + /// [`process_new_packets`]: Connection::process_new_packets + #[inline] + pub fn process_new_packets(&mut self) -> Result { + self.core + .process_new_packets(&mut self.deframer_buffer, &mut self.sendable_plaintext) + } + + /// Derives key material from the agreed connection secrets. + /// + /// This function fills in `output` with `output.len()` bytes of key + /// material derived from the master session secret using `label` + /// and `context` for diversification. Ownership of the buffer is taken + /// by the function and returned via the Ok result to ensure no key + /// material leaks if the function fails. + /// + /// See RFC5705 for more details on what this does and is for. + /// + /// For TLS1.3 connections, this function does not use the + /// "early" exporter at any point. + /// + /// This function fails if called prior to the handshake completing; + /// check with [`CommonState::is_handshaking`] first. + /// + /// This function fails if `output.len()` is zero. + #[inline] + pub fn export_keying_material>( + &self, + output: T, + label: &[u8], + context: Option<&[u8]>, + ) -> Result { + self.core + .export_keying_material(output, label, context) + } + + /// Extract secrets, so they can be used when configuring kTLS, for example. + /// Should be used with care as it exposes secret key material. + pub fn dangerous_extract_secrets(self) -> Result { + if !self.enable_secret_extraction { + return Err(Error::General("Secret extraction is disabled".into())); + } + + let st = self.core.state?; + + let record_layer = self.core.common_state.record_layer; + let PartiallyExtractedSecrets { tx, rx } = st.extract_secrets()?; + Ok(ExtractedSecrets { + tx: (record_layer.write_seq(), tx), + rx: (record_layer.read_seq(), rx), + }) + } + + /// Sets a limit on the internal buffers used to buffer + /// unsent plaintext (prior to completing the TLS handshake) + /// and unsent TLS records. This limit acts only on application + /// data written through [`Connection::writer`]. + /// + /// By default the limit is 64KB. The limit can be set + /// at any time, even if the current buffer use is higher. + /// + /// [`None`] means no limit applies, and will mean that written + /// data is buffered without bound -- it is up to the application + /// to appropriately schedule its plaintext and TLS writes to bound + /// memory usage. + /// + /// For illustration: `Some(1)` means a limit of one byte applies: + /// [`Connection::writer`] will accept only one byte, encrypt it and + /// add a TLS header. Once this is sent via [`Connection::write_tls`], + /// another byte may be sent. + /// + /// # Internal write-direction buffering + /// rustls has two buffers whose size are bounded by this setting: + /// + /// ## Buffering of unsent plaintext data prior to handshake completion + /// + /// Calls to [`Connection::writer`] before or during the handshake + /// are buffered (up to the limit specified here). Once the + /// handshake completes this data is encrypted and the resulting + /// TLS records are added to the outgoing buffer. + /// + /// ## Buffering of outgoing TLS records + /// + /// This buffer is used to store TLS records that rustls needs to + /// send to the peer. It is used in these two circumstances: + /// + /// - by [`Connection::process_new_packets`] when a handshake or alert + /// TLS record needs to be sent. + /// - by [`Connection::writer`] post-handshake: the plaintext is + /// encrypted and the resulting TLS record is buffered. + /// + /// This buffer is emptied by [`Connection::write_tls`]. + /// + /// [`Connection::writer`]: crate::Connection::writer + /// [`Connection::write_tls`]: crate::Connection::write_tls + /// [`Connection::process_new_packets`]: crate::Connection::process_new_packets + pub fn set_buffer_limit(&mut self, limit: Option) { + self.sendable_plaintext.set_limit(limit); + self.sendable_tls.set_limit(limit); + } +} + +#[cfg(feature = "std")] impl ConnectionCommon { /// Returns an object that allows reading plaintext. - #[cfg(feature = "std")] pub fn reader(&mut self) -> Reader { let common = &mut self.core.common_state; Reader { @@ -388,7 +508,6 @@ impl ConnectionCommon { } /// Returns an object that allows writing plaintext. - #[cfg(feature = "std")] pub fn writer(&mut self) -> Writer { Writer::new(self) } @@ -494,7 +613,6 @@ impl ConnectionCommon { /// /// This is a shortcut to the `process_new_packets()` -> `process_msg()` -> /// `process_handshake_messages()` path, specialized for the first handshake message. - #[cfg(feature = "std")] pub(crate) fn first_handshake_message(&mut self) -> Result>, Error> { let mut deframer_buffer = self.deframer_buffer.borrow(); let res = self @@ -511,35 +629,10 @@ impl ConnectionCommon { } } - #[cfg(feature = "std")] pub(crate) fn replace_state(&mut self, new: Box>) { self.core.state = Ok(new); } - /// Processes any new packets read by a previous call to - /// [`Connection::read_tls`]. - /// - /// Errors from this function relate to TLS protocol errors, and - /// are fatal to the connection. Future calls after an error will do - /// no new work and will return the same error. After an error is - /// received from [`process_new_packets`], you should not call [`read_tls`] - /// any more (it will fill up buffers to no purpose). However, you - /// may call the other methods on the connection, including `write`, - /// `send_close_notify`, and `write_tls`. Most likely you will want to - /// call `write_tls` to send any alerts queued by the error and then - /// close the underlying connection. - /// - /// Success from this function comes with some sundry state data - /// about the connection. - /// - /// [`read_tls`]: Connection::read_tls - /// [`process_new_packets`]: Connection::process_new_packets - #[inline] - pub fn process_new_packets(&mut self) -> Result { - self.core - .process_new_packets(&mut self.deframer_buffer, &mut self.sendable_plaintext) - } - /// Read TLS content from `rd` into the internal buffer. /// /// Due to the internal buffering, `rd` can supply TLS messages in arbitrary-sized chunks (like @@ -587,99 +680,6 @@ impl ConnectionCommon { pub fn write_tls(&mut self, wr: &mut dyn io::Write) -> Result { self.sendable_tls.write_to(wr) } - - /// Derives key material from the agreed connection secrets. - /// - /// This function fills in `output` with `output.len()` bytes of key - /// material derived from the master session secret using `label` - /// and `context` for diversification. Ownership of the buffer is taken - /// by the function and returned via the Ok result to ensure no key - /// material leaks if the function fails. - /// - /// See RFC5705 for more details on what this does and is for. - /// - /// For TLS1.3 connections, this function does not use the - /// "early" exporter at any point. - /// - /// This function fails if called prior to the handshake completing; - /// check with [`CommonState::is_handshaking`] first. - /// - /// This function fails if `output.len()` is zero. - #[inline] - pub fn export_keying_material>( - &self, - output: T, - label: &[u8], - context: Option<&[u8]>, - ) -> Result { - self.core - .export_keying_material(output, label, context) - } - - /// Extract secrets, so they can be used when configuring kTLS, for example. - /// Should be used with care as it exposes secret key material. - pub fn dangerous_extract_secrets(self) -> Result { - if !self.enable_secret_extraction { - return Err(Error::General("Secret extraction is disabled".into())); - } - - let st = self.core.state?; - - let record_layer = self.core.common_state.record_layer; - let PartiallyExtractedSecrets { tx, rx } = st.extract_secrets()?; - Ok(ExtractedSecrets { - tx: (record_layer.write_seq(), tx), - rx: (record_layer.read_seq(), rx), - }) - } - - /// Sets a limit on the internal buffers used to buffer - /// unsent plaintext (prior to completing the TLS handshake) - /// and unsent TLS records. This limit acts only on application - /// data written through [`Connection::writer`]. - /// - /// By default the limit is 64KB. The limit can be set - /// at any time, even if the current buffer use is higher. - /// - /// [`None`] means no limit applies, and will mean that written - /// data is buffered without bound -- it is up to the application - /// to appropriately schedule its plaintext and TLS writes to bound - /// memory usage. - /// - /// For illustration: `Some(1)` means a limit of one byte applies: - /// [`Connection::writer`] will accept only one byte, encrypt it and - /// add a TLS header. Once this is sent via [`Connection::write_tls`], - /// another byte may be sent. - /// - /// # Internal write-direction buffering - /// rustls has two buffers whose size are bounded by this setting: - /// - /// ## Buffering of unsent plaintext data prior to handshake completion - /// - /// Calls to [`Connection::writer`] before or during the handshake - /// are buffered (up to the limit specified here). Once the - /// handshake completes this data is encrypted and the resulting - /// TLS records are added to the outgoing buffer. - /// - /// ## Buffering of outgoing TLS records - /// - /// This buffer is used to store TLS records that rustls needs to - /// send to the peer. It is used in these two circumstances: - /// - /// - by [`Connection::process_new_packets`] when a handshake or alert - /// TLS record needs to be sent. - /// - by [`Connection::writer`] post-handshake: the plaintext is - /// encrypted and the resulting TLS record is buffered. - /// - /// This buffer is emptied by [`Connection::write_tls`]. - /// - /// [`Connection::writer`]: crate::Connection::writer - /// [`Connection::write_tls`]: crate::Connection::write_tls - /// [`Connection::process_new_packets`]: crate::Connection::process_new_packets - pub fn set_buffer_limit(&mut self, limit: Option) { - self.sendable_plaintext.set_limit(limit); - self.sendable_tls.set_limit(limit); - } } impl<'a, Data> From<&'a mut ConnectionCommon> for Context<'a, Data> { diff --git a/rustls/src/msgs/message/inbound_plain.rs b/rustls/src/msgs/message/inbound_plain.rs index 36fca08b00..398bf56f00 100644 --- a/rustls/src/msgs/message/inbound_plain.rs +++ b/rustls/src/msgs/message/inbound_plain.rs @@ -23,7 +23,7 @@ impl InboundPlainMessage<'_> { self.typ == ContentType::ChangeCipherSpec && self.payload == [0x01] } - #[cfg(test)] + #[cfg(all(test, feature = "std"))] pub(crate) fn into_owned(self) -> super::PlainMessage { super::PlainMessage { version: self.version, diff --git a/rustls/src/msgs/message/mod.rs b/rustls/src/msgs/message/mod.rs index 052bf93b36..435715a4d3 100644 --- a/rustls/src/msgs/message/mod.rs +++ b/rustls/src/msgs/message/mod.rs @@ -183,6 +183,7 @@ impl Message<'_> { } } + #[cfg(feature = "std")] pub(crate) fn into_owned(self) -> Message<'static> { let Self { version, payload } = self; Message { diff --git a/rustls/src/vecbuf.rs b/rustls/src/vecbuf.rs index ea0c19ce45..8637bc0666 100644 --- a/rustls/src/vecbuf.rs +++ b/rustls/src/vecbuf.rs @@ -1,6 +1,7 @@ use alloc::collections::VecDeque; use alloc::vec::Vec; use core::cmp; +#[cfg(feature = "std")] use std::io; #[cfg(feature = "std")] use std::io::Read; @@ -41,12 +42,6 @@ impl ChunkVecBuffer { self.chunks.is_empty() } - pub(crate) fn is_full(&self) -> bool { - self.limit - .map(|limit| self.len() > limit) - .unwrap_or_default() - } - /// How many bytes we're storing pub(crate) fn len(&self) -> usize { let mut len = 0; @@ -68,15 +63,6 @@ impl ChunkVecBuffer { } } - /// Append a copy of `bytes`, perhaps a prefix if - /// we're near the limit. - #[cfg(feature = "std")] - pub(crate) fn append_limited_copy(&mut self, payload: OutboundChunks<'_>) -> usize { - let take = self.apply_limit(payload.len()); - self.append(payload.split_at(take).0.to_vec()); - take - } - /// Take and append the given `bytes`. pub(crate) fn append(&mut self, bytes: Vec) -> usize { let len = bytes.len(); @@ -94,9 +80,38 @@ impl ChunkVecBuffer { self.chunks.pop_front() } + #[cfg(read_buf)] + /// Read data out of this object, writing it into `cursor`. + pub(crate) fn read_buf(&mut self, mut cursor: core::io::BorrowedCursor<'_>) -> io::Result<()> { + while !self.is_empty() && cursor.capacity() > 0 { + let chunk = self.chunks[0].as_slice(); + let used = core::cmp::min(chunk.len(), cursor.capacity()); + cursor.append(&chunk[..used]); + self.consume(used); + } + + Ok(()) + } +} + +#[cfg(feature = "std")] +impl ChunkVecBuffer { + pub(crate) fn is_full(&self) -> bool { + self.limit + .map(|limit| self.len() > limit) + .unwrap_or_default() + } + + /// Append a copy of `bytes`, perhaps a prefix if + /// we're near the limit. + pub(crate) fn append_limited_copy(&mut self, payload: OutboundChunks<'_>) -> usize { + let take = self.apply_limit(payload.len()); + self.append(payload.split_at(take).0.to_vec()); + take + } + /// Read data out of this object, writing it into `buf` /// and returning how many bytes were written there. - #[cfg(feature = "std")] pub(crate) fn read(&mut self, buf: &mut [u8]) -> io::Result { let mut offs = 0; @@ -112,19 +127,6 @@ impl ChunkVecBuffer { Ok(offs) } - #[cfg(read_buf)] - /// Read data out of this object, writing it into `cursor`. - pub(crate) fn read_buf(&mut self, mut cursor: core::io::BorrowedCursor<'_>) -> io::Result<()> { - while !self.is_empty() && cursor.capacity() > 0 { - let chunk = self.chunks[0].as_slice(); - let used = core::cmp::min(chunk.len(), cursor.capacity()); - cursor.append(&chunk[..used]); - self.consume(used); - } - - Ok(()) - } - fn consume(&mut self, mut used: usize) { while let Some(mut buf) = self.chunks.pop_front() { if used < buf.len() { @@ -154,8 +156,7 @@ impl ChunkVecBuffer { } } -#[cfg(feature = "std")] -#[cfg(test)] +#[cfg(all(test, feature = "std"))] mod tests { use super::ChunkVecBuffer; From 77c9adfc5a4724bb86afd6390172511fef2941ef Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:10:05 +0200 Subject: [PATCH 0780/1145] no-std: rm StdError implementations --- rustls/src/client/client_conn.rs | 4 ++-- rustls/src/conn/unbuffered.rs | 3 +++ rustls/src/crypto/cipher.rs | 4 ++-- rustls/src/error.rs | 4 ++-- rustls/src/webpki/mod.rs | 4 ++-- 5 files changed, 11 insertions(+), 8 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 5c641e873e..d57a5a18b8 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -32,7 +32,6 @@ use core::fmt; use core::marker::PhantomData; use core::mem; use core::ops::{Deref, DerefMut}; -use std::error::Error as StdError; #[cfg(doc)] use crate::{crypto, DistinguishedName}; @@ -894,7 +893,8 @@ impl fmt::Display for EarlyDataError { } } -impl StdError for EarlyDataError {} +#[cfg(feature = "std")] +impl std::error::Error for EarlyDataError {} /// State associated with a client connection. #[derive(Debug)] diff --git a/rustls/src/conn/unbuffered.rs b/rustls/src/conn/unbuffered.rs index b4946dfd5b..eef4066343 100644 --- a/rustls/src/conn/unbuffered.rs +++ b/rustls/src/conn/unbuffered.rs @@ -3,6 +3,7 @@ use alloc::vec::Vec; use core::num::NonZeroUsize; use core::{fmt, mem}; +#[cfg(feature = "std")] use std::error::Error as StdError; use super::UnbufferedConnectionCommon; @@ -512,6 +513,7 @@ impl fmt::Display for EncodeError { } } +#[cfg(feature = "std")] impl StdError for EncodeError {} /// Errors that may arise when encrypting application data @@ -542,6 +544,7 @@ impl fmt::Display for EncryptError { } } +#[cfg(feature = "std")] impl StdError for EncryptError {} /// Provided buffer was too small diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 1bfce32ef0..43e6c54bdf 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -1,7 +1,6 @@ use alloc::boxed::Box; use alloc::string::ToString; use core::fmt; -use std::error::Error as StdError; use crate::enums::{ContentType, ProtocolVersion}; use crate::error::Error; @@ -103,7 +102,8 @@ impl fmt::Display for UnsupportedOperationError { } } -impl StdError for UnsupportedOperationError {} +#[cfg(feature = "std")] +impl std::error::Error for UnsupportedOperationError {} /// How a TLS1.2 `key_block` is partitioned. /// diff --git a/rustls/src/error.rs b/rustls/src/error.rs index f9d4ddd9d3..510d96c37f 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -6,7 +6,6 @@ use alloc::format; use alloc::string::String; use alloc::vec::Vec; use core::fmt; -use std::error::Error as StdError; use std::time::SystemTimeError; /// rustls reports protocol errors using this type. @@ -535,7 +534,8 @@ impl From for Error { } } -impl StdError for Error {} +#[cfg(feature = "std")] +impl std::error::Error for Error {} impl From for Error { fn from(_: rand::GetRandomFailed) -> Self { diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 1491b8d762..0b64c2ce59 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -4,7 +4,6 @@ use alloc::vec::Vec; use core::fmt; use pki_types::CertificateRevocationListDer; -use std::error::Error as StdError; use webpki::{CertRevocationList, OwnedCertRevocationList}; use crate::error::{CertRevocationListError, CertificateError, Error, OtherError}; @@ -52,7 +51,8 @@ impl fmt::Display for VerifierBuilderError { } } -impl StdError for VerifierBuilderError {} +#[cfg(feature = "std")] +impl std::error::Error for VerifierBuilderError {} fn pki_error(error: webpki::Error) -> Error { use webpki::Error::*; From 36444f979f13720e0d3d992e5815392ba026d49e Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:12:54 +0200 Subject: [PATCH 0781/1145] no-std: rm ResolvesServerCertUsingSni --- rustls/src/lib.rs | 1 + rustls/src/server/handy.rs | 168 ++++++++++++++++++++----------------- 2 files changed, 94 insertions(+), 75 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index efde031b1a..26874c4047 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -582,6 +582,7 @@ pub mod server { ClientCertVerifierBuilder, ParsedCertificate, VerifierBuilderError, WebPkiClientVerifier, }; pub use builder::WantsServerCert; + #[cfg(feature = "std")] pub use handy::ResolvesServerCertUsingSni; pub use handy::{NoServerSessionStorage, ServerSessionMemoryCache}; pub use server_conn::StoresServerSessions; diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 68a9a47682..0ac343dcf8 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -1,18 +1,12 @@ -use crate::error::Error; use crate::limited_cache; use crate::msgs::handshake::CertificateChain; use crate::server; use crate::server::ClientHello; use crate::sign; -use crate::webpki::{verify_server_name, ParsedCertificate}; -use pki_types::{DnsName, ServerName}; - -use alloc::string::{String, ToString}; use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::{Debug, Formatter}; -use std::collections::HashMap; use std::sync::Mutex; /// Something which never stores sessions. @@ -144,71 +138,114 @@ impl server::ResolvesServerCert for AlwaysResolvesChain { } } -/// Something that resolves do different cert chains/keys based -/// on client-supplied server name (via SNI). -#[derive(Debug)] -pub struct ResolvesServerCertUsingSni { - by_name: HashMap>, -} +#[cfg(feature = "std")] +mod sni_resolver { + use crate::error::Error; + use crate::server; + use crate::server::ClientHello; + use crate::sign; + use crate::webpki::{verify_server_name, ParsedCertificate}; + + use pki_types::{DnsName, ServerName}; + + use alloc::string::{String, ToString}; + use alloc::sync::Arc; + use core::fmt::Debug; + use std::collections::HashMap; + + /// Something that resolves do different cert chains/keys based + /// on client-supplied server name (via SNI). + #[derive(Debug)] + pub struct ResolvesServerCertUsingSni { + by_name: HashMap>, + } -impl ResolvesServerCertUsingSni { - /// Create a new and empty (i.e., knows no certificates) resolver. - pub fn new() -> Self { - Self { - by_name: HashMap::new(), + impl ResolvesServerCertUsingSni { + /// Create a new and empty (i.e., knows no certificates) resolver. + pub fn new() -> Self { + Self { + by_name: HashMap::new(), + } + } + + /// Add a new `sign::CertifiedKey` to be used for the given SNI `name`. + /// + /// This function fails if `name` is not a valid DNS name, or if + /// it's not valid for the supplied certificate, or if the certificate + /// chain is syntactically faulty. + pub fn add(&mut self, name: &str, ck: sign::CertifiedKey) -> Result<(), Error> { + let server_name = { + let checked_name = DnsName::try_from(name) + .map_err(|_| Error::General("Bad DNS name".into())) + .map(|name| name.to_lowercase_owned())?; + ServerName::DnsName(checked_name) + }; + + // Check the certificate chain for validity: + // - it should be non-empty list + // - the first certificate should be parsable as a x509v3, + // - the first certificate should quote the given server name + // (if provided) + // + // These checks are not security-sensitive. They are the + // *server* attempting to detect accidental misconfiguration. + + ck.end_entity_cert() + .and_then(ParsedCertificate::try_from) + .and_then(|cert| verify_server_name(&cert, &server_name))?; + + if let ServerName::DnsName(name) = server_name { + self.by_name + .insert(name.as_ref().to_string(), Arc::new(ck)); + } + Ok(()) } } - /// Add a new `sign::CertifiedKey` to be used for the given SNI `name`. - /// - /// This function fails if `name` is not a valid DNS name, or if - /// it's not valid for the supplied certificate, or if the certificate - /// chain is syntactically faulty. - pub fn add(&mut self, name: &str, ck: sign::CertifiedKey) -> Result<(), Error> { - let server_name = { - let checked_name = DnsName::try_from(name) - .map_err(|_| Error::General("Bad DNS name".into())) - .map(|name| name.to_lowercase_owned())?; - ServerName::DnsName(checked_name) - }; - - // Check the certificate chain for validity: - // - it should be non-empty list - // - the first certificate should be parsable as a x509v3, - // - the first certificate should quote the given server name - // (if provided) - // - // These checks are not security-sensitive. They are the - // *server* attempting to detect accidental misconfiguration. - - ck.end_entity_cert() - .and_then(ParsedCertificate::try_from) - .and_then(|cert| verify_server_name(&cert, &server_name))?; - - if let ServerName::DnsName(name) = server_name { - self.by_name - .insert(name.as_ref().to_string(), Arc::new(ck)); + impl server::ResolvesServerCert for ResolvesServerCertUsingSni { + fn resolve(&self, client_hello: ClientHello) -> Option> { + if let Some(name) = client_hello.server_name() { + self.by_name.get(name).map(Arc::clone) + } else { + // This kind of resolver requires SNI + None + } } - Ok(()) } -} -impl server::ResolvesServerCert for ResolvesServerCertUsingSni { - fn resolve(&self, client_hello: ClientHello) -> Option> { - if let Some(name) = client_hello.server_name() { - self.by_name.get(name).map(Arc::clone) - } else { - // This kind of resolver requires SNI - None + #[cfg(test)] + mod tests { + use super::*; + use crate::server::ResolvesServerCert; + + #[test] + fn test_resolvesservercertusingsni_requires_sni() { + let rscsni = ResolvesServerCertUsingSni::new(); + assert!(rscsni + .resolve(ClientHello::new(&None, &[], None, &[])) + .is_none()); + } + + #[test] + fn test_resolvesservercertusingsni_handles_unknown_name() { + let rscsni = ResolvesServerCertUsingSni::new(); + let name = DnsName::try_from("hello.com") + .unwrap() + .to_owned(); + assert!(rscsni + .resolve(ClientHello::new(&Some(name), &[], None, &[])) + .is_none()); } } } +#[cfg(feature = "std")] +pub use sni_resolver::ResolvesServerCertUsingSni; + #[cfg(test)] mod tests { use super::*; use crate::server::ProducesTickets; - use crate::server::ResolvesServerCert; use crate::server::StoresServerSessions; #[test] @@ -282,23 +319,4 @@ mod tests { assert_eq!(None, npt.encrypt(&[])); assert_eq!(None, npt.decrypt(&[])); } - - #[test] - fn test_resolvesservercertusingsni_requires_sni() { - let rscsni = ResolvesServerCertUsingSni::new(); - assert!(rscsni - .resolve(ClientHello::new(&None, &[], None, &[])) - .is_none()); - } - - #[test] - fn test_resolvesservercertusingsni_handles_unknown_name() { - let rscsni = ResolvesServerCertUsingSni::new(); - let name = DnsName::try_from("hello.com") - .unwrap() - .to_owned(); - assert!(rscsni - .resolve(ClientHello::new(&Some(name), &[], None, &[])) - .is_none()); - } } From f293711b35b460ab46b762f5af5918ea1354a396 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:13:49 +0200 Subject: [PATCH 0782/1145] no-std: rm SystemTimeError -> Error conversion --- rustls/src/error.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 510d96c37f..cf6bdf4d7f 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -6,6 +6,7 @@ use alloc::format; use alloc::string::String; use alloc::vec::Vec; use core::fmt; +#[cfg(feature = "std")] use std::time::SystemTimeError; /// rustls reports protocol errors using this type. @@ -527,6 +528,7 @@ impl fmt::Display for Error { } } +#[cfg(feature = "std")] impl From for Error { #[inline] fn from(_: SystemTimeError) -> Self { @@ -706,6 +708,7 @@ mod tests { assert_eq!(err, Error::FailedToGetRandomBytes); } + #[cfg(feature = "std")] #[test] fn time_error_mapping() { use std::time::SystemTime; From 932b245ba675c98eba25befcc03cec5d3b3dd42c Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:17:10 +0200 Subject: [PATCH 0783/1145] no-std: rm ServerSessionMemoryCache will be back in phase II --- rustls/src/lib.rs | 5 +- rustls/src/server/builder.rs | 3 + rustls/src/server/handy.rs | 179 +++++++++++++++++-------------- rustls/src/server/server_conn.rs | 4 +- 4 files changed, 108 insertions(+), 83 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 26874c4047..11e5b76a1d 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -386,6 +386,7 @@ mod conn; pub mod crypto; mod error; mod hash_hs; +#[cfg(feature = "std")] mod limited_cache; mod rand; mod record_layer; @@ -582,9 +583,11 @@ pub mod server { ClientCertVerifierBuilder, ParsedCertificate, VerifierBuilderError, WebPkiClientVerifier, }; pub use builder::WantsServerCert; + pub use handy::NoServerSessionStorage; #[cfg(feature = "std")] pub use handy::ResolvesServerCertUsingSni; - pub use handy::{NoServerSessionStorage, ServerSessionMemoryCache}; + #[cfg(feature = "std")] + pub use handy::ServerSessionMemoryCache; pub use server_conn::StoresServerSessions; pub use server_conn::{ Accepted, ServerConfig, ServerConnectionData, UnbufferedServerConnection, diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 2165f5c539..11ea41ab9d 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -118,7 +118,10 @@ impl ConfigBuilder { cert_resolver, ignore_client_order: false, max_fragment_size: None, + #[cfg(feature = "std")] session_storage: handy::ServerSessionMemoryCache::new(256), + #[cfg(not(feature = "std"))] + session_storage: Arc::new(handy::NoServerSessionStorage {}), ticketer: Arc::new(handy::NeverProducesTickets {}), alpn_protocols: Vec::new(), versions: self.state.versions, diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 0ac343dcf8..c4524e629e 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -1,4 +1,3 @@ -use crate::limited_cache; use crate::msgs::handshake::CertificateChain; use crate::server; use crate::server::ClientHello; @@ -6,8 +5,7 @@ use crate::sign; use alloc::sync::Arc; use alloc::vec::Vec; -use core::fmt::{Debug, Formatter}; -use std::sync::Mutex; +use core::fmt::Debug; /// Something which never stores sessions. #[derive(Debug)] @@ -28,56 +26,115 @@ impl server::StoresServerSessions for NoServerSessionStorage { } } -/// An implementer of `StoresServerSessions` that stores everything -/// in memory. If enforces a limit on the number of stored sessions -/// to bound memory usage. -pub struct ServerSessionMemoryCache { - cache: Mutex, Vec>>, -} +#[cfg(feature = "std")] +mod cache { + use crate::limited_cache; + use crate::server; -impl ServerSessionMemoryCache { - /// Make a new ServerSessionMemoryCache. `size` is the maximum - /// number of stored sessions, and may be rounded-up for - /// efficiency. - pub fn new(size: usize) -> Arc { - Arc::new(Self { - cache: Mutex::new(limited_cache::LimitedCache::new(size)), - }) + use alloc::sync::Arc; + use alloc::vec::Vec; + use core::fmt::{Debug, Formatter}; + use std::sync::Mutex; + + /// An implementer of `StoresServerSessions` that stores everything + /// in memory. If enforces a limit on the number of stored sessions + /// to bound memory usage. + pub struct ServerSessionMemoryCache { + cache: Mutex, Vec>>, } -} -impl server::StoresServerSessions for ServerSessionMemoryCache { - fn put(&self, key: Vec, value: Vec) -> bool { - self.cache - .lock() - .unwrap() - .insert(key, value); - true + impl ServerSessionMemoryCache { + /// Make a new ServerSessionMemoryCache. `size` is the maximum + /// number of stored sessions, and may be rounded-up for + /// efficiency. + pub fn new(size: usize) -> Arc { + Arc::new(Self { + cache: Mutex::new(limited_cache::LimitedCache::new(size)), + }) + } } - fn get(&self, key: &[u8]) -> Option> { - self.cache - .lock() - .unwrap() - .get(key) - .cloned() - } + impl server::StoresServerSessions for ServerSessionMemoryCache { + fn put(&self, key: Vec, value: Vec) -> bool { + self.cache + .lock() + .unwrap() + .insert(key, value); + true + } + + fn get(&self, key: &[u8]) -> Option> { + self.cache + .lock() + .unwrap() + .get(key) + .cloned() + } - fn take(&self, key: &[u8]) -> Option> { - self.cache.lock().unwrap().remove(key) + fn take(&self, key: &[u8]) -> Option> { + self.cache.lock().unwrap().remove(key) + } + + fn can_cache(&self) -> bool { + true + } } - fn can_cache(&self) -> bool { - true + impl Debug for ServerSessionMemoryCache { + fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result { + f.debug_struct("ServerSessionMemoryCache") + .finish() + } } -} -impl Debug for ServerSessionMemoryCache { - fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result { - f.debug_struct("ServerSessionMemoryCache") - .finish() + #[cfg(test)] + mod tests { + use super::*; + use crate::server::StoresServerSessions; + + #[test] + fn test_serversessionmemorycache_accepts_put() { + let c = ServerSessionMemoryCache::new(4); + assert!(c.put(vec![0x01], vec![0x02])); + } + + #[test] + fn test_serversessionmemorycache_persists_put() { + let c = ServerSessionMemoryCache::new(4); + assert!(c.put(vec![0x01], vec![0x02])); + assert_eq!(c.get(&[0x01]), Some(vec![0x02])); + assert_eq!(c.get(&[0x01]), Some(vec![0x02])); + } + + #[test] + fn test_serversessionmemorycache_overwrites_put() { + let c = ServerSessionMemoryCache::new(4); + assert!(c.put(vec![0x01], vec![0x02])); + assert!(c.put(vec![0x01], vec![0x04])); + assert_eq!(c.get(&[0x01]), Some(vec![0x04])); + } + + #[test] + fn test_serversessionmemorycache_drops_to_maintain_size_invariant() { + let c = ServerSessionMemoryCache::new(2); + assert!(c.put(vec![0x01], vec![0x02])); + assert!(c.put(vec![0x03], vec![0x04])); + assert!(c.put(vec![0x05], vec![0x06])); + assert!(c.put(vec![0x07], vec![0x08])); + assert!(c.put(vec![0x09], vec![0x0a])); + + let count = c.get(&[0x01]).iter().count() + + c.get(&[0x03]).iter().count() + + c.get(&[0x05]).iter().count() + + c.get(&[0x07]).iter().count() + + c.get(&[0x09]).iter().count(); + + assert!(count < 5); + } } } +#[cfg(feature = "std")] +pub use cache::ServerSessionMemoryCache; /// Something which never produces tickets. #[derive(Debug)] @@ -271,46 +328,6 @@ mod tests { assert_eq!(c.take(&[0x02]), None); } - #[test] - fn test_serversessionmemorycache_accepts_put() { - let c = ServerSessionMemoryCache::new(4); - assert!(c.put(vec![0x01], vec![0x02])); - } - - #[test] - fn test_serversessionmemorycache_persists_put() { - let c = ServerSessionMemoryCache::new(4); - assert!(c.put(vec![0x01], vec![0x02])); - assert_eq!(c.get(&[0x01]), Some(vec![0x02])); - assert_eq!(c.get(&[0x01]), Some(vec![0x02])); - } - - #[test] - fn test_serversessionmemorycache_overwrites_put() { - let c = ServerSessionMemoryCache::new(4); - assert!(c.put(vec![0x01], vec![0x02])); - assert!(c.put(vec![0x01], vec![0x04])); - assert_eq!(c.get(&[0x01]), Some(vec![0x04])); - } - - #[test] - fn test_serversessionmemorycache_drops_to_maintain_size_invariant() { - let c = ServerSessionMemoryCache::new(2); - assert!(c.put(vec![0x01], vec![0x02])); - assert!(c.put(vec![0x03], vec![0x04])); - assert!(c.put(vec![0x05], vec![0x06])); - assert!(c.put(vec![0x07], vec![0x08])); - assert!(c.put(vec![0x09], vec![0x0a])); - - let count = c.get(&[0x01]).iter().count() - + c.get(&[0x03]).iter().count() - + c.get(&[0x05]).iter().count() - + c.get(&[0x07]).iter().count() - + c.get(&[0x09]).iter().count(); - - assert!(count < 5); - } - #[test] fn test_neverproducestickets_does_nothing() { let npt = NeverProducesTickets {}; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index d93fff21da..fda881febf 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -213,7 +213,9 @@ impl<'a> ClientHello<'a> { /// # Defaults /// /// * [`ServerConfig::max_fragment_size`]: the default is `None` (meaning 16kB). -/// * [`ServerConfig::session_storage`]: the default stores 256 sessions in memory. +/// * [`ServerConfig::session_storage`]: if the `std` feature is enabled, the default stores 256 +/// sessions in memory. If the `std` feature is not enabled, the default is to not store any +/// sessions. /// * [`ServerConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. /// * [`ServerConfig::key_log`]: key material is not logged. /// * [`ServerConfig::send_tls13_tickets`]: 4 tickets are sent. From 711fd7d5e12d1cf51056099670115b78387ca480 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Fri, 24 Nov 2023 15:33:27 +0100 Subject: [PATCH 0784/1145] no-std: rm quic::*Connection API --- rustls/src/client/client_conn.rs | 3 + rustls/src/msgs/deframer.rs | 1 + rustls/src/quic.rs | 690 ++++++++++++++++--------------- rustls/src/server/server_conn.rs | 8 +- 4 files changed, 365 insertions(+), 337 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index d57a5a18b8..0e184329bf 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -337,6 +337,7 @@ impl ClientConfig { .any(|cs| cs.version().version == v) } + #[cfg(feature = "std")] pub(crate) fn supports_protocol(&self, proto: Protocol) -> bool { self.provider .cipher_suites @@ -525,6 +526,7 @@ impl EarlyData { matches!(self.state, EarlyDataState::Ready | EarlyDataState::Accepted) } + #[cfg(feature = "std")] fn is_accepted(&self) -> bool { matches!( self.state, @@ -779,6 +781,7 @@ impl ConnectionCore { Ok(Self::new(state, data, common_state)) } + #[cfg(feature = "std")] pub(crate) fn is_early_data_accepted(&self) -> bool { self.data.early_data.is_accepted() } diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index d0ea3dee55..7f897de7d4 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -242,6 +242,7 @@ impl MessageDeframer { } /// Allow pushing handshake messages directly into the buffer. + #[cfg(feature = "std")] pub(crate) fn push( &mut self, version: ProtocolVersion, diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 10fe7c0763..e7baa20316 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -1,417 +1,433 @@ /// This module contains optional APIs for implementing QUIC TLS. -use crate::client::{ClientConfig, ClientConnectionData}; -use crate::common_state::{CommonState, Protocol, Side, DEFAULT_BUFFER_LIMIT}; -use crate::conn::{ConnectionCore, SideData}; +use crate::common_state::Side; use crate::crypto::cipher::{AeadKey, Iv}; use crate::crypto::tls13::{Hkdf, HkdfExpander, OkmBlock}; -use crate::enums::{AlertDescription, ProtocolVersion}; +use crate::enums::AlertDescription; use crate::error::Error; -use crate::msgs::deframer::DeframerVecBuffer; -use crate::msgs::handshake::{ClientExtension, ServerExtension}; -use crate::server::{ServerConfig, ServerConnectionData}; use crate::tls13::key_schedule::{ hkdf_expand_label, hkdf_expand_label_aead_key, hkdf_expand_label_block, }; use crate::tls13::Tls13CipherSuite; -use crate::vecbuf::ChunkVecBuffer; - -use pki_types::ServerName; use alloc::boxed::Box; use alloc::collections::VecDeque; -use alloc::sync::Arc; -use alloc::vec; use alloc::vec::Vec; -use core::fmt::{self, Debug}; -use core::ops::{Deref, DerefMut}; - -/// A QUIC client or server connection. -#[derive(Debug)] -pub enum Connection { - /// A client connection - Client(ClientConnection), - /// A server connection - Server(ServerConnection), -} - -impl Connection { - /// Return the TLS-encoded transport parameters for the session's peer. - /// - /// See [`ConnectionCommon::quic_transport_parameters()`] for more details. - pub fn quic_transport_parameters(&self) -> Option<&[u8]> { - match self { - Self::Client(conn) => conn.quic_transport_parameters(), - Self::Server(conn) => conn.quic_transport_parameters(), +#[cfg(feature = "std")] +use core::fmt::Debug; + +#[cfg(feature = "std")] +mod connection { + use crate::client::{ClientConfig, ClientConnectionData}; + use crate::common_state::{CommonState, Protocol, DEFAULT_BUFFER_LIMIT}; + use crate::conn::{ConnectionCore, SideData}; + use crate::enums::{AlertDescription, ProtocolVersion}; + use crate::error::Error; + use crate::msgs::deframer::DeframerVecBuffer; + use crate::msgs::handshake::{ClientExtension, ServerExtension}; + use crate::server::{ServerConfig, ServerConnectionData}; + use crate::vecbuf::ChunkVecBuffer; + + use pki_types::ServerName; + + use alloc::sync::Arc; + use alloc::vec; + use alloc::vec::Vec; + use core::fmt::{self, Debug}; + use core::ops::{Deref, DerefMut}; + + use super::{DirectionalKeys, KeyChange, Version}; + + /// A QUIC client or server connection. + #[derive(Debug)] + pub enum Connection { + /// A client connection + Client(ClientConnection), + /// A server connection + Server(ServerConnection), + } + + impl Connection { + /// Return the TLS-encoded transport parameters for the session's peer. + /// + /// See [`ConnectionCommon::quic_transport_parameters()`] for more details. + pub fn quic_transport_parameters(&self) -> Option<&[u8]> { + match self { + Self::Client(conn) => conn.quic_transport_parameters(), + Self::Server(conn) => conn.quic_transport_parameters(), + } } - } - /// Compute the keys for encrypting/decrypting 0-RTT packets, if available - pub fn zero_rtt_keys(&self) -> Option { - match self { - Self::Client(conn) => conn.zero_rtt_keys(), - Self::Server(conn) => conn.zero_rtt_keys(), + /// Compute the keys for encrypting/decrypting 0-RTT packets, if available + pub fn zero_rtt_keys(&self) -> Option { + match self { + Self::Client(conn) => conn.zero_rtt_keys(), + Self::Server(conn) => conn.zero_rtt_keys(), + } } - } - /// Consume unencrypted TLS handshake data. - /// - /// Handshake data obtained from separate encryption levels should be supplied in separate calls. - pub fn read_hs(&mut self, plaintext: &[u8]) -> Result<(), Error> { - match self { - Self::Client(conn) => conn.read_hs(plaintext), - Self::Server(conn) => conn.read_hs(plaintext), + /// Consume unencrypted TLS handshake data. + /// + /// Handshake data obtained from separate encryption levels should be supplied in separate calls. + pub fn read_hs(&mut self, plaintext: &[u8]) -> Result<(), Error> { + match self { + Self::Client(conn) => conn.read_hs(plaintext), + Self::Server(conn) => conn.read_hs(plaintext), + } } - } - /// Emit unencrypted TLS handshake data. - /// - /// When this returns `Some(_)`, the new keys must be used for future handshake data. - pub fn write_hs(&mut self, buf: &mut Vec) -> Option { - match self { - Self::Client(conn) => conn.write_hs(buf), - Self::Server(conn) => conn.write_hs(buf), + /// Emit unencrypted TLS handshake data. + /// + /// When this returns `Some(_)`, the new keys must be used for future handshake data. + pub fn write_hs(&mut self, buf: &mut Vec) -> Option { + match self { + Self::Client(conn) => conn.write_hs(buf), + Self::Server(conn) => conn.write_hs(buf), + } } - } - /// Emit the TLS description code of a fatal alert, if one has arisen. - /// - /// Check after `read_hs` returns `Err(_)`. - pub fn alert(&self) -> Option { - match self { - Self::Client(conn) => conn.alert(), - Self::Server(conn) => conn.alert(), + /// Emit the TLS description code of a fatal alert, if one has arisen. + /// + /// Check after `read_hs` returns `Err(_)`. + pub fn alert(&self) -> Option { + match self { + Self::Client(conn) => conn.alert(), + Self::Server(conn) => conn.alert(), + } } - } - /// Derives key material from the agreed connection secrets. - /// - /// This function fills in `output` with `output.len()` bytes of key - /// material derived from the master session secret using `label` - /// and `context` for diversification. Ownership of the buffer is taken - /// by the function and returned via the Ok result to ensure no key - /// material leaks if the function fails. - /// - /// See RFC5705 for more details on what this does and is for. - /// - /// For TLS1.3 connections, this function does not use the - /// "early" exporter at any point. - /// - /// This function fails if called prior to the handshake completing; - /// check with [`CommonState::is_handshaking`] first. - #[inline] - pub fn export_keying_material>( - &self, - output: T, - label: &[u8], - context: Option<&[u8]>, - ) -> Result { - match self { - Self::Client(conn) => conn - .core - .export_keying_material(output, label, context), - Self::Server(conn) => conn - .core - .export_keying_material(output, label, context), + /// Derives key material from the agreed connection secrets. + /// + /// This function fills in `output` with `output.len()` bytes of key + /// material derived from the master session secret using `label` + /// and `context` for diversification. Ownership of the buffer is taken + /// by the function and returned via the Ok result to ensure no key + /// material leaks if the function fails. + /// + /// See RFC5705 for more details on what this does and is for. + /// + /// For TLS1.3 connections, this function does not use the + /// "early" exporter at any point. + /// + /// This function fails if called prior to the handshake completing; + /// check with [`CommonState::is_handshaking`] first. + #[inline] + pub fn export_keying_material>( + &self, + output: T, + label: &[u8], + context: Option<&[u8]>, + ) -> Result { + match self { + Self::Client(conn) => conn + .core + .export_keying_material(output, label, context), + Self::Server(conn) => conn + .core + .export_keying_material(output, label, context), + } } } -} -impl Deref for Connection { - type Target = CommonState; + impl Deref for Connection { + type Target = CommonState; - fn deref(&self) -> &Self::Target { - match self { - Self::Client(conn) => &conn.core.common_state, - Self::Server(conn) => &conn.core.common_state, + fn deref(&self) -> &Self::Target { + match self { + Self::Client(conn) => &conn.core.common_state, + Self::Server(conn) => &conn.core.common_state, + } } } -} -impl DerefMut for Connection { - fn deref_mut(&mut self) -> &mut Self::Target { - match self { - Self::Client(conn) => &mut conn.core.common_state, - Self::Server(conn) => &mut conn.core.common_state, + impl DerefMut for Connection { + fn deref_mut(&mut self) -> &mut Self::Target { + match self { + Self::Client(conn) => &mut conn.core.common_state, + Self::Server(conn) => &mut conn.core.common_state, + } } } -} -/// A QUIC client connection. -pub struct ClientConnection { - inner: ConnectionCommon, -} + /// A QUIC client connection. + pub struct ClientConnection { + inner: ConnectionCommon, + } + + impl ClientConnection { + /// Make a new QUIC ClientConnection. + /// + /// This differs from `ClientConnection::new()` in that it takes an extra `params` argument, + /// which contains the TLS-encoded transport parameters to send. + pub fn new( + config: Arc, + quic_version: Version, + name: ServerName<'static>, + params: Vec, + ) -> Result { + if !config.supports_version(ProtocolVersion::TLSv1_3) { + return Err(Error::General( + "TLS 1.3 support is required for QUIC".into(), + )); + } -impl ClientConnection { - /// Make a new QUIC ClientConnection. - /// - /// This differs from `ClientConnection::new()` in that it takes an extra `params` argument, - /// which contains the TLS-encoded transport parameters to send. - pub fn new( - config: Arc, - quic_version: Version, - name: ServerName<'static>, - params: Vec, - ) -> Result { - if !config.supports_version(ProtocolVersion::TLSv1_3) { - return Err(Error::General( - "TLS 1.3 support is required for QUIC".into(), - )); - } - - if !config.supports_protocol(Protocol::Quic) { - return Err(Error::General( - "at least one ciphersuite must support QUIC".into(), - )); - } - - let ext = match quic_version { - Version::V1Draft => ClientExtension::TransportParametersDraft(params), - Version::V1 | Version::V2 => ClientExtension::TransportParameters(params), - }; + if !config.supports_protocol(Protocol::Quic) { + return Err(Error::General( + "at least one ciphersuite must support QUIC".into(), + )); + } - let mut inner = ConnectionCore::for_client(config, name, vec![ext], Protocol::Quic)?; - inner.common_state.quic.version = quic_version; - Ok(Self { - inner: inner.into(), - }) - } + let ext = match quic_version { + Version::V1Draft => ClientExtension::TransportParametersDraft(params), + Version::V1 | Version::V2 => ClientExtension::TransportParameters(params), + }; - /// Returns True if the server signalled it will process early data. - /// - /// If you sent early data and this returns false at the end of the - /// handshake then the server will not process the data. This - /// is not an error, but you may wish to resend the data. - pub fn is_early_data_accepted(&self) -> bool { - self.inner.core.is_early_data_accepted() + let mut inner = ConnectionCore::for_client(config, name, vec![ext], Protocol::Quic)?; + inner.common_state.quic.version = quic_version; + Ok(Self { + inner: inner.into(), + }) + } + + /// Returns True if the server signalled it will process early data. + /// + /// If you sent early data and this returns false at the end of the + /// handshake then the server will not process the data. This + /// is not an error, but you may wish to resend the data. + pub fn is_early_data_accepted(&self) -> bool { + self.inner.core.is_early_data_accepted() + } } -} -impl Deref for ClientConnection { - type Target = ConnectionCommon; + impl Deref for ClientConnection { + type Target = ConnectionCommon; - fn deref(&self) -> &Self::Target { - &self.inner + fn deref(&self) -> &Self::Target { + &self.inner + } } -} -impl DerefMut for ClientConnection { - fn deref_mut(&mut self) -> &mut Self::Target { - &mut self.inner + impl DerefMut for ClientConnection { + fn deref_mut(&mut self) -> &mut Self::Target { + &mut self.inner + } } -} -impl Debug for ClientConnection { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - f.debug_struct("quic::ClientConnection") - .finish() + impl Debug for ClientConnection { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + f.debug_struct("quic::ClientConnection") + .finish() + } } -} -impl From for Connection { - fn from(c: ClientConnection) -> Self { - Self::Client(c) + impl From for Connection { + fn from(c: ClientConnection) -> Self { + Self::Client(c) + } } -} -/// A QUIC server connection. -pub struct ServerConnection { - inner: ConnectionCommon, -} + /// A QUIC server connection. + pub struct ServerConnection { + inner: ConnectionCommon, + } + + impl ServerConnection { + /// Make a new QUIC ServerConnection. + /// + /// This differs from `ServerConnection::new()` in that it takes an extra `params` argument, + /// which contains the TLS-encoded transport parameters to send. + pub fn new( + config: Arc, + quic_version: Version, + params: Vec, + ) -> Result { + if !config.supports_version(ProtocolVersion::TLSv1_3) { + return Err(Error::General( + "TLS 1.3 support is required for QUIC".into(), + )); + } -impl ServerConnection { - /// Make a new QUIC ServerConnection. - /// - /// This differs from `ServerConnection::new()` in that it takes an extra `params` argument, - /// which contains the TLS-encoded transport parameters to send. - pub fn new( - config: Arc, - quic_version: Version, - params: Vec, - ) -> Result { - if !config.supports_version(ProtocolVersion::TLSv1_3) { - return Err(Error::General( - "TLS 1.3 support is required for QUIC".into(), - )); - } - - if !config.supports_protocol(Protocol::Quic) { - return Err(Error::General( - "at least one ciphersuite must support QUIC".into(), - )); - } - - if config.max_early_data_size != 0 && config.max_early_data_size != 0xffff_ffff { - return Err(Error::General( - "QUIC sessions must set a max early data of 0 or 2^32-1".into(), - )); - } - - let ext = match quic_version { - Version::V1Draft => ServerExtension::TransportParametersDraft(params), - Version::V1 | Version::V2 => ServerExtension::TransportParameters(params), - }; + if !config.supports_protocol(Protocol::Quic) { + return Err(Error::General( + "at least one ciphersuite must support QUIC".into(), + )); + } - let mut core = ConnectionCore::for_server(config, vec![ext])?; - core.common_state.protocol = Protocol::Quic; - core.common_state.quic.version = quic_version; - Ok(Self { inner: core.into() }) - } + if config.max_early_data_size != 0 && config.max_early_data_size != 0xffff_ffff { + return Err(Error::General( + "QUIC sessions must set a max early data of 0 or 2^32-1".into(), + )); + } - /// Explicitly discard early data, notifying the client - /// - /// Useful if invariants encoded in `received_resumption_data()` cannot be respected. - /// - /// Must be called while `is_handshaking` is true. - pub fn reject_early_data(&mut self) { - self.inner.core.reject_early_data() - } + let ext = match quic_version { + Version::V1Draft => ServerExtension::TransportParametersDraft(params), + Version::V1 | Version::V2 => ServerExtension::TransportParameters(params), + }; - /// Retrieves the server name, if any, used to select the certificate and - /// private key. - /// - /// This returns `None` until some time after the client's server name indication - /// (SNI) extension value is processed during the handshake. It will never be - /// `None` when the connection is ready to send or process application data, - /// unless the client does not support SNI. - /// - /// This is useful for application protocols that need to enforce that the - /// server name matches an application layer protocol hostname. For - /// example, HTTP/1.1 servers commonly expect the `Host:` header field of - /// every request on a connection to match the hostname in the SNI extension - /// when the client provides the SNI extension. - /// - /// The server name is also used to match sessions during session resumption. - pub fn server_name(&self) -> Option<&str> { - self.inner.core.get_sni_str() + let mut core = ConnectionCore::for_server(config, vec![ext])?; + core.common_state.protocol = Protocol::Quic; + core.common_state.quic.version = quic_version; + Ok(Self { inner: core.into() }) + } + + /// Explicitly discard early data, notifying the client + /// + /// Useful if invariants encoded in `received_resumption_data()` cannot be respected. + /// + /// Must be called while `is_handshaking` is true. + pub fn reject_early_data(&mut self) { + self.inner.core.reject_early_data() + } + + /// Retrieves the server name, if any, used to select the certificate and + /// private key. + /// + /// This returns `None` until some time after the client's server name indication + /// (SNI) extension value is processed during the handshake. It will never be + /// `None` when the connection is ready to send or process application data, + /// unless the client does not support SNI. + /// + /// This is useful for application protocols that need to enforce that the + /// server name matches an application layer protocol hostname. For + /// example, HTTP/1.1 servers commonly expect the `Host:` header field of + /// every request on a connection to match the hostname in the SNI extension + /// when the client provides the SNI extension. + /// + /// The server name is also used to match sessions during session resumption. + pub fn server_name(&self) -> Option<&str> { + self.inner.core.get_sni_str() + } } -} -impl Deref for ServerConnection { - type Target = ConnectionCommon; + impl Deref for ServerConnection { + type Target = ConnectionCommon; - fn deref(&self) -> &Self::Target { - &self.inner + fn deref(&self) -> &Self::Target { + &self.inner + } } -} -impl DerefMut for ServerConnection { - fn deref_mut(&mut self) -> &mut Self::Target { - &mut self.inner + impl DerefMut for ServerConnection { + fn deref_mut(&mut self) -> &mut Self::Target { + &mut self.inner + } } -} -impl Debug for ServerConnection { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - f.debug_struct("quic::ServerConnection") - .finish() + impl Debug for ServerConnection { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + f.debug_struct("quic::ServerConnection") + .finish() + } } -} -impl From for Connection { - fn from(c: ServerConnection) -> Self { - Self::Server(c) + impl From for Connection { + fn from(c: ServerConnection) -> Self { + Self::Server(c) + } } -} -/// A shared interface for QUIC connections. -pub struct ConnectionCommon { - core: ConnectionCore, - deframer_buffer: DeframerVecBuffer, - sendable_plaintext: ChunkVecBuffer, -} + /// A shared interface for QUIC connections. + pub struct ConnectionCommon { + core: ConnectionCore, + deframer_buffer: DeframerVecBuffer, + sendable_plaintext: ChunkVecBuffer, + } -impl ConnectionCommon { - /// Return the TLS-encoded transport parameters for the session's peer. - /// - /// While the transport parameters are technically available prior to the - /// completion of the handshake, they cannot be fully trusted until the - /// handshake completes, and reliance on them should be minimized. - /// However, any tampering with the parameters will cause the handshake - /// to fail. - pub fn quic_transport_parameters(&self) -> Option<&[u8]> { - self.core - .common_state - .quic - .params - .as_ref() - .map(|v| v.as_ref()) - } - - /// Compute the keys for encrypting/decrypting 0-RTT packets, if available - pub fn zero_rtt_keys(&self) -> Option { - let suite = self - .core - .common_state - .suite - .and_then(|suite| suite.tls13())?; - Some(DirectionalKeys::new( - suite, - suite.quic?, + impl ConnectionCommon { + /// Return the TLS-encoded transport parameters for the session's peer. + /// + /// While the transport parameters are technically available prior to the + /// completion of the handshake, they cannot be fully trusted until the + /// handshake completes, and reliance on them should be minimized. + /// However, any tampering with the parameters will cause the handshake + /// to fail. + pub fn quic_transport_parameters(&self) -> Option<&[u8]> { self.core .common_state .quic - .early_secret - .as_ref()?, - self.core.common_state.quic.version, - )) - } + .params + .as_ref() + .map(|v| v.as_ref()) + } - /// Consume unencrypted TLS handshake data. - /// - /// Handshake data obtained from separate encryption levels should be supplied in separate calls. - pub fn read_hs(&mut self, plaintext: &[u8]) -> Result<(), Error> { - self.core.message_deframer.push( - ProtocolVersion::TLSv1_3, - plaintext, - &mut self.deframer_buffer, - )?; - self.core - .process_new_packets(&mut self.deframer_buffer, &mut self.sendable_plaintext)?; - Ok(()) - } - - /// Emit unencrypted TLS handshake data. - /// - /// When this returns `Some(_)`, the new keys must be used for future handshake data. - pub fn write_hs(&mut self, buf: &mut Vec) -> Option { - self.core - .common_state - .quic - .write_hs(buf) - } + /// Compute the keys for encrypting/decrypting 0-RTT packets, if available + pub fn zero_rtt_keys(&self) -> Option { + let suite = self + .core + .common_state + .suite + .and_then(|suite| suite.tls13())?; + Some(DirectionalKeys::new( + suite, + suite.quic?, + self.core + .common_state + .quic + .early_secret + .as_ref()?, + self.core.common_state.quic.version, + )) + } - /// Emit the TLS description code of a fatal alert, if one has arisen. - /// - /// Check after `read_hs` returns `Err(_)`. - pub fn alert(&self) -> Option { - self.core.common_state.quic.alert + /// Consume unencrypted TLS handshake data. + /// + /// Handshake data obtained from separate encryption levels should be supplied in separate calls. + pub fn read_hs(&mut self, plaintext: &[u8]) -> Result<(), Error> { + self.core.message_deframer.push( + ProtocolVersion::TLSv1_3, + plaintext, + &mut self.deframer_buffer, + )?; + self.core + .process_new_packets(&mut self.deframer_buffer, &mut self.sendable_plaintext)?; + Ok(()) + } + + /// Emit unencrypted TLS handshake data. + /// + /// When this returns `Some(_)`, the new keys must be used for future handshake data. + pub fn write_hs(&mut self, buf: &mut Vec) -> Option { + self.core + .common_state + .quic + .write_hs(buf) + } + + /// Emit the TLS description code of a fatal alert, if one has arisen. + /// + /// Check after `read_hs` returns `Err(_)`. + pub fn alert(&self) -> Option { + self.core.common_state.quic.alert + } } -} -impl Deref for ConnectionCommon { - type Target = CommonState; + impl Deref for ConnectionCommon { + type Target = CommonState; - fn deref(&self) -> &Self::Target { - &self.core.common_state + fn deref(&self) -> &Self::Target { + &self.core.common_state + } } -} -impl DerefMut for ConnectionCommon { - fn deref_mut(&mut self) -> &mut Self::Target { - &mut self.core.common_state + impl DerefMut for ConnectionCommon { + fn deref_mut(&mut self) -> &mut Self::Target { + &mut self.core.common_state + } } -} -impl From> for ConnectionCommon { - fn from(core: ConnectionCore) -> Self { - Self { - core, - deframer_buffer: DeframerVecBuffer::default(), - sendable_plaintext: ChunkVecBuffer::new(Some(DEFAULT_BUFFER_LIMIT)), + impl From> for ConnectionCommon { + fn from(core: ConnectionCore) -> Self { + Self { + core, + deframer_buffer: DeframerVecBuffer::default(), + sendable_plaintext: ChunkVecBuffer::new(Some(DEFAULT_BUFFER_LIMIT)), + } } } } +#[cfg(feature = "std")] +pub use connection::{ClientConnection, Connection, ConnectionCommon, ServerConnection}; + #[derive(Default)] pub(crate) struct Quic { /// QUIC transport parameters received from the peer during the handshake @@ -422,10 +438,12 @@ pub(crate) struct Quic { pub(crate) hs_secrets: Option, pub(crate) traffic_secrets: Option, /// Whether keys derived from traffic_secrets have been passed to the QUIC implementation + #[cfg(feature = "std")] pub(crate) returned_traffic_keys: bool, pub(crate) version: Version, } +#[cfg(feature = "std")] impl Quic { pub(crate) fn write_hs(&mut self, buf: &mut Vec) -> Option { while let Some((_, msg)) = self.hs_queue.pop_front() { diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index fda881febf..f22cef9468 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,5 +1,7 @@ use crate::builder::ConfigBuilder; -use crate::common_state::{CommonState, Protocol, Side, State}; +#[cfg(feature = "std")] +use crate::common_state::Protocol; +use crate::common_state::{CommonState, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon}; use crate::crypto::CryptoProvider; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; @@ -479,6 +481,7 @@ impl ServerConfig { .any(|cs| cs.version().version == v) } + #[cfg(feature = "std")] pub(crate) fn supports_protocol(&self, proto: Protocol) -> bool { self.provider .cipher_suites @@ -999,6 +1002,7 @@ impl ConnectionCore { )) } + #[cfg(feature = "std")] pub(crate) fn reject_early_data(&mut self) { assert!( self.common_state.is_handshaking(), @@ -1007,6 +1011,7 @@ impl ConnectionCore { self.data.early_data.reject(); } + #[cfg(feature = "std")] pub(crate) fn get_sni_str(&self) -> Option<&str> { self.data.get_sni_str() } @@ -1022,6 +1027,7 @@ pub struct ServerConnectionData { } impl ServerConnectionData { + #[cfg(feature = "std")] pub(super) fn get_sni_str(&self) -> Option<&str> { self.sni.as_ref().map(AsRef::as_ref) } From e2f8c0790e98412a662118408675796cb0938973 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:21:41 +0200 Subject: [PATCH 0785/1145] no-std: rm MessageDeframer IO methods --- rustls/src/msgs/deframer.rs | 109 ++++++++++++++++++++---------------- 1 file changed, 60 insertions(+), 49 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 7f897de7d4..c171c9df7c 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -1,15 +1,16 @@ use alloc::vec::Vec; use core::ops::Range; use core::slice::SliceIndex; +#[cfg(feature = "std")] use std::io; use super::codec::Codec; use crate::enums::{ContentType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; use crate::msgs::codec; -use crate::msgs::message::{ - InboundOpaqueMessage, InboundPlainMessage, MessageError, OutboundOpaqueMessage, -}; +#[cfg(feature = "std")] +use crate::msgs::message::OutboundOpaqueMessage; +use crate::msgs::message::{InboundOpaqueMessage, InboundPlainMessage, MessageError}; use crate::record_layer::{Decrypted, RecordLayer}; /// This deframer works to reconstruct TLS messages from a stream of arbitrary-sized reads. @@ -241,27 +242,6 @@ impl MessageDeframer { err } - /// Allow pushing handshake messages directly into the buffer. - #[cfg(feature = "std")] - pub(crate) fn push( - &mut self, - version: ProtocolVersion, - payload: &[u8], - buffer: &mut DeframerVecBuffer, - ) -> Result<(), Error> { - if !buffer.is_empty() && self.joining_hs.is_none() { - return Err(Error::General( - "cannot push QUIC messages into unrelated connection".into(), - )); - } else if let Err(err) = buffer.prepare_read(self.joining_hs.is_some()) { - return Err(Error::General(err.into())); - } - - let end = buffer.len() + payload.len(); - self.append_hs(version, ExternalPayload(payload), end, buffer)?; - Ok(()) - } - /// Write the handshake message contents into the buffer and update the metadata. /// /// Returns true if a complete message is found. @@ -319,6 +299,29 @@ impl MessageDeframer { }, }) } +} + +#[cfg(feature = "std")] +impl MessageDeframer { + /// Allow pushing handshake messages directly into the buffer. + pub(crate) fn push( + &mut self, + version: ProtocolVersion, + payload: &[u8], + buffer: &mut DeframerVecBuffer, + ) -> Result<(), Error> { + if !buffer.is_empty() && self.joining_hs.is_none() { + return Err(Error::General( + "cannot push QUIC messages into unrelated connection".into(), + )); + } else if let Err(err) = buffer.prepare_read(self.joining_hs.is_some()) { + return Err(Error::General(err.into())); + } + + let end = buffer.len() + payload.len(); + self.append_hs(version, ExternalPayload(payload), end, buffer)?; + Ok(()) + } /// Read some bytes from `rd`, and add them to our internal buffer. #[allow(clippy::comparison_chain)] @@ -401,6 +404,34 @@ impl DeframerVecBuffer { DeframerSliceBuffer::new(&mut self.buf[..self.used]) } + /// Discard `taken` bytes from the start of our buffer. + pub fn discard(&mut self, taken: usize) { + #[allow(clippy::comparison_chain)] + if taken < self.used { + /* Before: + * +----------+----------+----------+ + * | taken | pending |xxxxxxxxxx| + * +----------+----------+----------+ + * 0 ^ taken ^ self.used + * + * After: + * +----------+----------+----------+ + * | pending |xxxxxxxxxxxxxxxxxxxxx| + * +----------+----------+----------+ + * 0 ^ self.used + */ + + self.buf + .copy_within(taken..self.used, 0); + self.used -= taken; + } else if taken == self.used { + self.used = 0; + } + } +} + +#[cfg(feature = "std")] +impl DeframerVecBuffer { /// Returns true if there are messages for the caller to process pub fn has_pending(&self) -> bool { !self.is_empty() @@ -440,31 +471,6 @@ impl DeframerVecBuffer { Ok(()) } - /// Discard `taken` bytes from the start of our buffer. - pub fn discard(&mut self, taken: usize) { - #[allow(clippy::comparison_chain)] - if taken < self.used { - /* Before: - * +----------+----------+----------+ - * | taken | pending |xxxxxxxxxx| - * +----------+----------+----------+ - * 0 ^ taken ^ self.used - * - * After: - * +----------+----------+----------+ - * | pending |xxxxxxxxxxxxxxxxxxxxx| - * +----------+----------+----------+ - * 0 ^ self.used - */ - - self.buf - .copy_within(taken..self.used, 0); - self.used -= taken; - } else if taken == self.used { - self.used = 0; - } - } - fn is_empty(&self) -> bool { self.len() == 0 } @@ -478,6 +484,7 @@ impl DeframerVecBuffer { } } +#[cfg(feature = "std")] impl FilledDeframerBuffer for DeframerVecBuffer { fn filled_mut(&mut self) -> &mut [u8] { &mut self.buf[..self.used] @@ -488,12 +495,14 @@ impl FilledDeframerBuffer for DeframerVecBuffer { } } +#[cfg(feature = "std")] impl DeframerBuffer<'_, InternalPayload> for DeframerVecBuffer { fn copy(&mut self, payload: &InternalPayload, at: usize) { self.borrow().copy(payload, at) } } +#[cfg(feature = "std")] impl<'a> DeframerBuffer<'a, ExternalPayload<'a>> for DeframerVecBuffer { fn copy(&mut self, payload: &ExternalPayload<'a>, at: usize) { let len = payload.len(); @@ -694,8 +703,10 @@ const HEADER_SIZE: usize = 1 + 3; /// service. const MAX_HANDSHAKE_SIZE: u32 = 0xffff; +#[cfg(feature = "std")] const READ_SIZE: usize = 4096; +#[cfg(feature = "std")] #[cfg(test)] mod tests { use std::io; From eb9ffbe96333cc4f5ecc589c77da65fb77f75c47 Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Thu, 5 Oct 2023 19:23:38 +0200 Subject: [PATCH 0786/1145] no-std: rm temporary extern crate std --- rustls/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 11e5b76a1d..6b4ff649f9 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -352,7 +352,7 @@ extern crate alloc; // is in `std::prelude` but not in `core::prelude`. This helps maintain no-std support as even // developers that are not interested in, or aware of, no-std support and / or that never run // `cargo build --no-default-features` locally will get errors when they rely on `std::prelude` API. -#[cfg(not(test))] +#[cfg(all(feature = "std", not(test)))] extern crate std; // Import `test` sysroot crate for `Bencher` definitions. From ea571f2740cbbc7ea99bf082357cb002f9a902df Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Tue, 19 Dec 2023 11:37:14 -0500 Subject: [PATCH 0787/1145] make ring's ticketer module std-only --- rustls/src/crypto/ring/mod.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index f69c7f72b6..68969ac781 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -20,6 +20,7 @@ pub(crate) mod hash; pub(crate) mod hmac; pub(crate) mod kx; pub(crate) mod quic; +#[cfg(feature = "std")] pub(crate) mod ticketer; #[cfg(feature = "tls12")] pub(crate) mod tls12; @@ -172,6 +173,7 @@ pub mod kx_group { } pub use kx::ALL_KX_GROUPS; +#[cfg(feature = "std")] pub use ticketer::Ticketer; /// Compatibility shims between ring 0.16.x and 0.17.x API From 8ed615e5d989e5fcc24012f89e72d84827d6978c Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 19 Feb 2024 11:01:51 -0500 Subject: [PATCH 0788/1145] crypto: use race::OnceBox for no-std support When built w/ the `std` feature, the `DEFAULT_CRYPTO_PROVIDER` and assoc. fns use a standard `once_cell::sync::OnceCell`. When built w/o the `std` feature we use `once_cell::race::OnceBox`, requiring some minor adjustments to account for the expectation of storing a `Box>` in place of a `Arc`. --- rustls/src/crypto/mod.rs | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 13818def7e..cd73454b3d 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -7,7 +7,11 @@ use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; +#[cfg(not(feature = "std"))] +use once_cell::race::OnceBox; +#[cfg(feature = "std")] use once_cell::sync::OnceCell; + use pki_types::PrivateKeyDer; use zeroize::Zeroize; @@ -224,10 +228,23 @@ impl CryptoProvider { /// Call this early in your process to configure which provider is used for /// the provider. The configuration should happen before any use of /// [`ClientConfig::builder()`] or [`ServerConfig::builder()`]. + #[cfg(feature = "std")] pub fn install_default(self) -> Result<(), Arc> { PROCESS_DEFAULT_PROVIDER.set(Arc::new(self)) } + /// Sets this `CryptoProvider` as the default for this process. + /// + /// This can be called successfully at most once in any process execution. + /// + /// Call this early in your process to configure which provider is used for + /// the provider. The configuration should happen before any use of + /// [`ClientConfig::builder()`] or [`ServerConfig::builder()`]. + #[cfg(not(feature = "std"))] + pub fn install_default(self) -> Result<(), Box>> { + PROCESS_DEFAULT_PROVIDER.set(Box::new(Arc::new(self))) + } + /// Returns the default `CryptoProvider` for this process. /// /// This will be `None` if no default has been set yet. @@ -294,7 +311,10 @@ impl CryptoProvider { } } +#[cfg(feature = "std")] static PROCESS_DEFAULT_PROVIDER: OnceCell> = OnceCell::new(); +#[cfg(not(feature = "std"))] +static PROCESS_DEFAULT_PROVIDER: OnceBox> = OnceBox::new(); /// A source of cryptographically secure randomness. pub trait SecureRandom: Send + Sync + Debug { From 7770f2bef73c2249ee49f731952dbfaf3fd2b58d Mon Sep 17 00:00:00 2001 From: Jorge Aparicio Date: Tue, 14 Nov 2023 17:47:26 +0100 Subject: [PATCH 0789/1145] CI: check that deps are not using libstd API --- .github/workflows/build.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 601d0f626a..16f18f251d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -108,11 +108,19 @@ jobs: - name: Install stable toolchain uses: dtolnay/rust-toolchain@stable + with: + target: x86_64-unknown-none - name: cargo build (debug; default features) run: cargo build --locked working-directory: rustls + # this target does _not_ include the libstd crate in its sysroot + # it will catch unwanted usage of libstd in _dependencies_ + - name: cargo build (debug; default features; no-std) + run: cargo build --locked --no-default-features --target x86_64-unknown-none + working-directory: rustls + - name: cargo test (debug; default features) run: cargo test --locked working-directory: rustls From cad5b06da4609f604134bd8191de8b490b71147b Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 11:02:48 +0100 Subject: [PATCH 0790/1145] Merge inbound message modules --- .../message/{inbound_opaque.rs => inbound.rs} | 40 +++++++++++++++++-- rustls/src/msgs/message/inbound_plain.rs | 34 ---------------- rustls/src/msgs/message/mod.rs | 8 ++-- 3 files changed, 40 insertions(+), 42 deletions(-) rename rustls/src/msgs/message/{inbound_opaque.rs => inbound.rs} (76%) delete mode 100644 rustls/src/msgs/message/inbound_plain.rs diff --git a/rustls/src/msgs/message/inbound_opaque.rs b/rustls/src/msgs/message/inbound.rs similarity index 76% rename from rustls/src/msgs/message/inbound_opaque.rs rename to rustls/src/msgs/message/inbound.rs index 90843c32b1..f42c0580ce 100644 --- a/rustls/src/msgs/message/inbound_opaque.rs +++ b/rustls/src/msgs/message/inbound.rs @@ -1,8 +1,9 @@ +use super::outbound_opaque::read_opaque_message_header; +use super::MessageError; +use crate::enums::{ContentType, ProtocolVersion}; +use crate::error::{Error, PeerMisbehaved}; use crate::msgs::codec::ReaderMut; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; -use crate::msgs::message::outbound_opaque::read_opaque_message_header; -use crate::msgs::message::{InboundPlainMessage, MessageError}; -use crate::{ContentType, Error, PeerMisbehaved, ProtocolVersion}; use core::ops::{Deref, DerefMut}; @@ -127,6 +128,39 @@ impl<'a> BorrowedPayload<'a> { } } +/// A TLS frame, named `TLSPlaintext` in the standard. +/// +/// This inbound type borrows its decrypted payload from a [`MessageDeframer`]. +/// It results from decryption. +/// +/// [`MessageDeframer`]: crate::msgs::deframer::MessageDeframer +#[derive(Debug)] +pub struct InboundPlainMessage<'a> { + pub typ: ContentType, + pub version: ProtocolVersion, + pub payload: &'a [u8], +} + +impl InboundPlainMessage<'_> { + /// Returns true if the payload is a CCS message. + /// + /// We passthrough ChangeCipherSpec messages in the deframer without decrypting them. + /// Note: this is prior to the record layer, so is unencrypted. See + /// third paragraph of section 5 in RFC8446. + pub(crate) fn is_valid_ccs(&self) -> bool { + self.typ == ContentType::ChangeCipherSpec && self.payload == [0x01] + } + + #[cfg(all(test, feature = "std"))] + pub(crate) fn into_owned(self) -> super::PlainMessage { + super::PlainMessage { + version: self.version, + typ: self.typ, + payload: crate::msgs::base::Payload::Owned(self.payload.to_vec()), + } + } +} + /// Decode a TLS1.3 `TLSInnerPlaintext` encoding. /// /// `p` is a message payload, immediately post-decryption. This function diff --git a/rustls/src/msgs/message/inbound_plain.rs b/rustls/src/msgs/message/inbound_plain.rs deleted file mode 100644 index 398bf56f00..0000000000 --- a/rustls/src/msgs/message/inbound_plain.rs +++ /dev/null @@ -1,34 +0,0 @@ -use crate::{ContentType, ProtocolVersion}; - -/// A TLS frame, named `TLSPlaintext` in the standard. -/// -/// This inbound type borrows its decrypted payload from a [`MessageDeframer`]. -/// It results from decryption. -/// -/// [`MessageDeframer`]: crate::msgs::deframer::MessageDeframer -#[derive(Debug)] -pub struct InboundPlainMessage<'a> { - pub typ: ContentType, - pub version: ProtocolVersion, - pub payload: &'a [u8], -} - -impl InboundPlainMessage<'_> { - /// Returns true if the payload is a CCS message. - /// - /// We passthrough ChangeCipherSpec messages in the deframer without decrypting them. - /// Note: this is prior to the record layer, so is unencrypted. See - /// third paragraph of section 5 in RFC8446. - pub(crate) fn is_valid_ccs(&self) -> bool { - self.typ == ContentType::ChangeCipherSpec && self.payload == [0x01] - } - - #[cfg(all(test, feature = "std"))] - pub(crate) fn into_owned(self) -> super::PlainMessage { - super::PlainMessage { - version: self.version, - typ: self.typ, - payload: crate::msgs::base::Payload::Owned(self.payload.to_vec()), - } - } -} diff --git a/rustls/src/msgs/message/mod.rs b/rustls/src/msgs/message/mod.rs index 435715a4d3..96a8e36423 100644 --- a/rustls/src/msgs/message/mod.rs +++ b/rustls/src/msgs/message/mod.rs @@ -7,13 +7,11 @@ use crate::msgs::codec::{Codec, Reader}; use crate::msgs::enums::AlertLevel; use crate::msgs::handshake::HandshakeMessagePayload; -mod inbound_opaque; -mod inbound_plain; +mod inbound; +pub use inbound::{BorrowedPayload, InboundOpaqueMessage, InboundPlainMessage}; + mod outbound_opaque; mod outbound_plain; - -pub use inbound_opaque::{BorrowedPayload, InboundOpaqueMessage}; -pub use inbound_plain::InboundPlainMessage; pub use outbound_opaque::{OutboundOpaqueMessage, PrefixedPayload}; pub use outbound_plain::{OutboundChunks, OutboundPlainMessage}; From 8d01ccbaac11930fddf25c8a4d624e2975bf2faf Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 11:09:15 +0100 Subject: [PATCH 0791/1145] Merge outbound message modules --- rustls/src/msgs/message/inbound.rs | 2 +- rustls/src/msgs/message/mod.rs | 8 +- .../{outbound_plain.rs => outbound.rs} | 186 +++++++++++++++++- rustls/src/msgs/message/outbound_opaque.rs | 186 ------------------ 4 files changed, 188 insertions(+), 194 deletions(-) rename rustls/src/msgs/message/{outbound_plain.rs => outbound.rs} (60%) delete mode 100644 rustls/src/msgs/message/outbound_opaque.rs diff --git a/rustls/src/msgs/message/inbound.rs b/rustls/src/msgs/message/inbound.rs index f42c0580ce..cd5979eb61 100644 --- a/rustls/src/msgs/message/inbound.rs +++ b/rustls/src/msgs/message/inbound.rs @@ -1,4 +1,4 @@ -use super::outbound_opaque::read_opaque_message_header; +use super::outbound::read_opaque_message_header; use super::MessageError; use crate::enums::{ContentType, ProtocolVersion}; use crate::error::{Error, PeerMisbehaved}; diff --git a/rustls/src/msgs/message/mod.rs b/rustls/src/msgs/message/mod.rs index 96a8e36423..77c0475c60 100644 --- a/rustls/src/msgs/message/mod.rs +++ b/rustls/src/msgs/message/mod.rs @@ -10,10 +10,10 @@ use crate::msgs::handshake::HandshakeMessagePayload; mod inbound; pub use inbound::{BorrowedPayload, InboundOpaqueMessage, InboundPlainMessage}; -mod outbound_opaque; -mod outbound_plain; -pub use outbound_opaque::{OutboundOpaqueMessage, PrefixedPayload}; -pub use outbound_plain::{OutboundChunks, OutboundPlainMessage}; +mod outbound; +pub use outbound::{ + OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload, +}; use alloc::vec::Vec; diff --git a/rustls/src/msgs/message/outbound_plain.rs b/rustls/src/msgs/message/outbound.rs similarity index 60% rename from rustls/src/msgs/message/outbound_plain.rs rename to rustls/src/msgs/message/outbound.rs index 614d68a280..0b2cabbe50 100644 --- a/rustls/src/msgs/message/outbound_plain.rs +++ b/rustls/src/msgs/message/outbound.rs @@ -1,9 +1,11 @@ -use crate::{internal::record_layer::RecordLayer, ContentType, ProtocolVersion}; +use super::{MessageError, PlainMessage}; +use crate::enums::{ContentType, ProtocolVersion}; +use crate::internal::record_layer::RecordLayer; +use crate::msgs::base::Payload; +use crate::msgs::codec::{Codec, Reader}; use alloc::vec::Vec; -use super::{OutboundOpaqueMessage, PrefixedPayload}; - /// A TLS frame, named `TLSPlaintext` in the standard. /// /// This outbound type borrows its "to be encrypted" payload from the "user". @@ -146,6 +148,184 @@ impl<'a> From<&'a [u8]> for OutboundChunks<'a> { } } +/// A TLS frame, named `TLSPlaintext` in the standard. +/// +/// This outbound type owns all memory for its interior parts. +/// It results from encryption and is used for io write. +#[derive(Clone, Debug)] +pub struct OutboundOpaqueMessage { + pub typ: ContentType, + pub version: ProtocolVersion, + pub payload: PrefixedPayload, +} + +impl OutboundOpaqueMessage { + /// Construct a new `OpaqueMessage` from constituent fields. + /// + /// `body` is moved into the `payload` field. + pub fn new(typ: ContentType, version: ProtocolVersion, payload: PrefixedPayload) -> Self { + Self { + typ, + version, + payload, + } + } + + /// Construct by decoding from a [`Reader`]. + /// + /// `MessageError` allows callers to distinguish between valid prefixes (might + /// become valid if we read more data) and invalid data. + pub fn read(r: &mut Reader) -> Result { + let (typ, version, len) = read_opaque_message_header(r)?; + + let content = r + .take(len as usize) + .ok_or(MessageError::TooShortForLength)?; + + Ok(Self { + typ, + version, + payload: PrefixedPayload::from(content), + }) + } + + pub fn encode(self) -> Vec { + let length = self.payload.len() as u16; + let mut encoded_payload = self.payload.0; + encoded_payload[0] = self.typ.into(); + encoded_payload[1..3].copy_from_slice(&self.version.to_array()); + encoded_payload[3..5].copy_from_slice(&(length).to_be_bytes()); + encoded_payload + } + + /// Force conversion into a plaintext message. + /// + /// This should only be used for messages that are known to be in plaintext. Otherwise, the + /// `OutboundOpaqueMessage` should be decrypted into a `PlainMessage` using a `MessageDecrypter`. + pub fn into_plain_message(self) -> PlainMessage { + PlainMessage { + version: self.version, + typ: self.typ, + payload: Payload::Owned(self.payload.to_vec()), + } + } + + /// Maximum message payload size. + /// That's 2^14 payload bytes and a 2KB allowance for ciphertext overheads. + const MAX_PAYLOAD: u16 = 16_384 + 2048; + + /// Content type, version and size. + pub(crate) const HEADER_SIZE: usize = 1 + 2 + 2; + + /// Maximum on-the-wire message size. + pub const MAX_WIRE_SIZE: usize = Self::MAX_PAYLOAD as usize + Self::HEADER_SIZE; +} + +#[derive(Clone, Debug)] +pub struct PrefixedPayload(pub(super) Vec); + +impl PrefixedPayload { + pub fn with_capacity(capacity: usize) -> Self { + let mut prefixed_payload = + Vec::with_capacity(OutboundOpaqueMessage::HEADER_SIZE + capacity); + prefixed_payload.resize(OutboundOpaqueMessage::HEADER_SIZE, 0); + Self(prefixed_payload) + } + + pub fn len(&self) -> usize { + self.0.len() - OutboundOpaqueMessage::HEADER_SIZE + } + + pub fn is_empty(&self) -> bool { + self.len() == 0 + } + + pub fn to_vec(&self) -> Vec { + self.as_ref().to_vec() + } + + pub fn extend_from_slice(&mut self, slice: &[u8]) { + self.0.extend_from_slice(slice) + } + + pub fn extend_from_chunks(&mut self, chunks: &OutboundChunks) { + chunks.copy_to_vec(&mut self.0) + } + + pub fn truncate(&mut self, len: usize) { + self.0 + .truncate(len + OutboundOpaqueMessage::HEADER_SIZE) + } +} + +impl AsRef<[u8]> for PrefixedPayload { + fn as_ref(&self) -> &[u8] { + &self.0[OutboundOpaqueMessage::HEADER_SIZE..] + } +} + +impl AsMut<[u8]> for PrefixedPayload { + fn as_mut(&mut self) -> &mut [u8] { + &mut self.0[OutboundOpaqueMessage::HEADER_SIZE..] + } +} + +impl<'a> Extend<&'a u8> for PrefixedPayload { + fn extend>(&mut self, iter: T) { + self.0.extend(iter) + } +} + +impl From<&[u8]> for PrefixedPayload { + fn from(content: &[u8]) -> Self { + let mut payload = Vec::with_capacity(OutboundOpaqueMessage::HEADER_SIZE + content.len()); + payload.extend(&[0u8; OutboundOpaqueMessage::HEADER_SIZE]); + payload.extend(content); + Self(payload) + } +} + +impl From<&[u8; N]> for PrefixedPayload { + fn from(content: &[u8; N]) -> Self { + Self::from(&content[..]) + } +} + +pub(crate) fn read_opaque_message_header( + r: &mut Reader<'_>, +) -> Result<(ContentType, ProtocolVersion, u16), MessageError> { + let typ = ContentType::read(r).map_err(|_| MessageError::TooShortForHeader)?; + // Don't accept any new content-types. + if let ContentType::Unknown(_) = typ { + return Err(MessageError::InvalidContentType); + } + + let version = ProtocolVersion::read(r).map_err(|_| MessageError::TooShortForHeader)?; + // Accept only versions 0x03XX for any XX. + match version { + ProtocolVersion::Unknown(ref v) if (v & 0xff00) != 0x0300 => { + return Err(MessageError::UnknownProtocolVersion); + } + _ => {} + }; + + let len = u16::read(r).map_err(|_| MessageError::TooShortForHeader)?; + + // Reject undersize messages + // implemented per section 5.1 of RFC8446 (TLSv1.3) + // per section 6.2.1 of RFC5246 (TLSv1.2) + if typ != ContentType::ApplicationData && len == 0 { + return Err(MessageError::InvalidEmptyPayload); + } + + // Reject oversize messages + if len >= OutboundOpaqueMessage::MAX_PAYLOAD { + return Err(MessageError::MessageTooLarge); + } + + Ok((typ, version, len)) +} + #[cfg(test)] mod tests { use std::{println, vec}; diff --git a/rustls/src/msgs/message/outbound_opaque.rs b/rustls/src/msgs/message/outbound_opaque.rs deleted file mode 100644 index f59ffbfe58..0000000000 --- a/rustls/src/msgs/message/outbound_opaque.rs +++ /dev/null @@ -1,186 +0,0 @@ -use crate::msgs::base::Payload; -use crate::msgs::codec::{Codec, Reader}; -use crate::msgs::message::{MessageError, PlainMessage}; -use crate::{ContentType, ProtocolVersion}; - -use alloc::vec::Vec; - -use super::OutboundChunks; - -/// A TLS frame, named `TLSPlaintext` in the standard. -/// -/// This outbound type owns all memory for its interior parts. -/// It results from encryption and is used for io write. -#[derive(Clone, Debug)] -pub struct OutboundOpaqueMessage { - pub typ: ContentType, - pub version: ProtocolVersion, - pub payload: PrefixedPayload, -} - -impl OutboundOpaqueMessage { - /// Construct a new `OpaqueMessage` from constituent fields. - /// - /// `body` is moved into the `payload` field. - pub fn new(typ: ContentType, version: ProtocolVersion, payload: PrefixedPayload) -> Self { - Self { - typ, - version, - payload, - } - } - - /// Construct by decoding from a [`Reader`]. - /// - /// `MessageError` allows callers to distinguish between valid prefixes (might - /// become valid if we read more data) and invalid data. - pub fn read(r: &mut Reader) -> Result { - let (typ, version, len) = read_opaque_message_header(r)?; - - let content = r - .take(len as usize) - .ok_or(MessageError::TooShortForLength)?; - - Ok(Self { - typ, - version, - payload: PrefixedPayload::from(content), - }) - } - - pub fn encode(self) -> Vec { - let length = self.payload.len() as u16; - let mut encoded_payload = self.payload.0; - encoded_payload[0] = self.typ.into(); - encoded_payload[1..3].copy_from_slice(&self.version.to_array()); - encoded_payload[3..5].copy_from_slice(&(length).to_be_bytes()); - encoded_payload - } - - /// Force conversion into a plaintext message. - /// - /// This should only be used for messages that are known to be in plaintext. Otherwise, the - /// `OutboundOpaqueMessage` should be decrypted into a `PlainMessage` using a `MessageDecrypter`. - pub fn into_plain_message(self) -> PlainMessage { - PlainMessage { - version: self.version, - typ: self.typ, - payload: Payload::Owned(self.payload.to_vec()), - } - } - - /// Maximum message payload size. - /// That's 2^14 payload bytes and a 2KB allowance for ciphertext overheads. - const MAX_PAYLOAD: u16 = 16_384 + 2048; - - /// Content type, version and size. - pub(crate) const HEADER_SIZE: usize = 1 + 2 + 2; - - /// Maximum on-the-wire message size. - pub const MAX_WIRE_SIZE: usize = Self::MAX_PAYLOAD as usize + Self::HEADER_SIZE; -} - -#[derive(Clone, Debug)] -pub struct PrefixedPayload(pub(super) Vec); - -impl PrefixedPayload { - pub fn with_capacity(capacity: usize) -> Self { - let mut prefixed_payload = - Vec::with_capacity(OutboundOpaqueMessage::HEADER_SIZE + capacity); - prefixed_payload.resize(OutboundOpaqueMessage::HEADER_SIZE, 0); - Self(prefixed_payload) - } - - pub fn len(&self) -> usize { - self.0.len() - OutboundOpaqueMessage::HEADER_SIZE - } - - pub fn is_empty(&self) -> bool { - self.len() == 0 - } - - pub fn to_vec(&self) -> Vec { - self.as_ref().to_vec() - } - - pub fn extend_from_slice(&mut self, slice: &[u8]) { - self.0.extend_from_slice(slice) - } - - pub fn extend_from_chunks(&mut self, chunks: &OutboundChunks) { - chunks.copy_to_vec(&mut self.0) - } - - pub fn truncate(&mut self, len: usize) { - self.0 - .truncate(len + OutboundOpaqueMessage::HEADER_SIZE) - } -} - -impl AsRef<[u8]> for PrefixedPayload { - fn as_ref(&self) -> &[u8] { - &self.0[OutboundOpaqueMessage::HEADER_SIZE..] - } -} - -impl AsMut<[u8]> for PrefixedPayload { - fn as_mut(&mut self) -> &mut [u8] { - &mut self.0[OutboundOpaqueMessage::HEADER_SIZE..] - } -} - -impl<'a> Extend<&'a u8> for PrefixedPayload { - fn extend>(&mut self, iter: T) { - self.0.extend(iter) - } -} - -impl From<&[u8]> for PrefixedPayload { - fn from(content: &[u8]) -> Self { - let mut payload = Vec::with_capacity(OutboundOpaqueMessage::HEADER_SIZE + content.len()); - payload.extend(&[0u8; OutboundOpaqueMessage::HEADER_SIZE]); - payload.extend(content); - Self(payload) - } -} - -impl From<&[u8; N]> for PrefixedPayload { - fn from(content: &[u8; N]) -> Self { - Self::from(&content[..]) - } -} - -pub(crate) fn read_opaque_message_header( - r: &mut Reader<'_>, -) -> Result<(ContentType, ProtocolVersion, u16), MessageError> { - let typ = ContentType::read(r).map_err(|_| MessageError::TooShortForHeader)?; - // Don't accept any new content-types. - if let ContentType::Unknown(_) = typ { - return Err(MessageError::InvalidContentType); - } - - let version = ProtocolVersion::read(r).map_err(|_| MessageError::TooShortForHeader)?; - // Accept only versions 0x03XX for any XX. - match version { - ProtocolVersion::Unknown(ref v) if (v & 0xff00) != 0x0300 => { - return Err(MessageError::UnknownProtocolVersion); - } - _ => {} - }; - - let len = u16::read(r).map_err(|_| MessageError::TooShortForHeader)?; - - // Reject undersize messages - // implemented per section 5.1 of RFC8446 (TLSv1.3) - // per section 6.2.1 of RFC5246 (TLSv1.2) - if typ != ContentType::ApplicationData && len == 0 { - return Err(MessageError::InvalidEmptyPayload); - } - - // Reject oversize messages - if len >= OutboundOpaqueMessage::MAX_PAYLOAD { - return Err(MessageError::MessageTooLarge); - } - - Ok((typ, version, len)) -} From 89f03dc7a993e1228d7444ee5734b6ef900c1314 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 11:24:09 +0100 Subject: [PATCH 0792/1145] Remove trivial single-use PrefixedPayload::to_vec() --- rustls/src/msgs/message/outbound.rs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/rustls/src/msgs/message/outbound.rs b/rustls/src/msgs/message/outbound.rs index 0b2cabbe50..2fff2f110b 100644 --- a/rustls/src/msgs/message/outbound.rs +++ b/rustls/src/msgs/message/outbound.rs @@ -206,7 +206,7 @@ impl OutboundOpaqueMessage { PlainMessage { version: self.version, typ: self.typ, - payload: Payload::Owned(self.payload.to_vec()), + payload: Payload::Owned(self.payload.as_ref().to_vec()), } } @@ -240,10 +240,6 @@ impl PrefixedPayload { self.len() == 0 } - pub fn to_vec(&self) -> Vec { - self.as_ref().to_vec() - } - pub fn extend_from_slice(&mut self, slice: &[u8]) { self.0.extend_from_slice(slice) } From 93c66d4e25115b7b98fc17807fbebcb3a7fe203b Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 11:25:23 +0100 Subject: [PATCH 0793/1145] Remove unused is_empty() method and make len() private --- rustls/src/msgs/message/outbound.rs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/rustls/src/msgs/message/outbound.rs b/rustls/src/msgs/message/outbound.rs index 2fff2f110b..d723abfb33 100644 --- a/rustls/src/msgs/message/outbound.rs +++ b/rustls/src/msgs/message/outbound.rs @@ -232,14 +232,10 @@ impl PrefixedPayload { Self(prefixed_payload) } - pub fn len(&self) -> usize { + fn len(&self) -> usize { self.0.len() - OutboundOpaqueMessage::HEADER_SIZE } - pub fn is_empty(&self) -> bool { - self.len() == 0 - } - pub fn extend_from_slice(&mut self, slice: &[u8]) { self.0.extend_from_slice(slice) } From e3fe0752fd88553207a765085943b17a63939526 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 11:25:59 +0100 Subject: [PATCH 0794/1145] Make PrefixedPayload contents private --- rustls/src/msgs/message/outbound.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/msgs/message/outbound.rs b/rustls/src/msgs/message/outbound.rs index d723abfb33..29b573622b 100644 --- a/rustls/src/msgs/message/outbound.rs +++ b/rustls/src/msgs/message/outbound.rs @@ -222,7 +222,7 @@ impl OutboundOpaqueMessage { } #[derive(Clone, Debug)] -pub struct PrefixedPayload(pub(super) Vec); +pub struct PrefixedPayload(Vec); impl PrefixedPayload { pub fn with_capacity(capacity: usize) -> Self { From e7bb2a75dc95d1640a5dc88eb82d28cc2392528b Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 11:32:05 +0100 Subject: [PATCH 0795/1145] Reorder PrefixedPayload methods --- rustls/src/msgs/message/outbound.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/msgs/message/outbound.rs b/rustls/src/msgs/message/outbound.rs index 29b573622b..ea9776414a 100644 --- a/rustls/src/msgs/message/outbound.rs +++ b/rustls/src/msgs/message/outbound.rs @@ -232,10 +232,6 @@ impl PrefixedPayload { Self(prefixed_payload) } - fn len(&self) -> usize { - self.0.len() - OutboundOpaqueMessage::HEADER_SIZE - } - pub fn extend_from_slice(&mut self, slice: &[u8]) { self.0.extend_from_slice(slice) } @@ -248,6 +244,10 @@ impl PrefixedPayload { self.0 .truncate(len + OutboundOpaqueMessage::HEADER_SIZE) } + + fn len(&self) -> usize { + self.0.len() - OutboundOpaqueMessage::HEADER_SIZE + } } impl AsRef<[u8]> for PrefixedPayload { From faef005b362b32ce5a91ae89fbd1982d3c4e5530 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 11:36:50 +0100 Subject: [PATCH 0796/1145] Move message size constants to message module These affect both inbound and outbound messages. --- rustls/src/msgs/deframer.rs | 9 +++----- rustls/src/msgs/message/mod.rs | 15 ++++++++++--- rustls/src/msgs/message/outbound.rs | 34 ++++++++++------------------- 3 files changed, 26 insertions(+), 32 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index c171c9df7c..e52a344131 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -9,7 +9,7 @@ use crate::enums::{ContentType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; use crate::msgs::codec; #[cfg(feature = "std")] -use crate::msgs::message::OutboundOpaqueMessage; +use crate::msgs::message::MAX_WIRE_SIZE; use crate::msgs::message::{InboundOpaqueMessage, InboundPlainMessage, MessageError}; use crate::record_layer::{Decrypted, RecordLayer}; @@ -448,7 +448,7 @@ impl DeframerVecBuffer { // At this point, the buffer resizing logic below should reduce the buffer size. let allow_max = match is_joining_hs { true => MAX_HANDSHAKE_SIZE as usize, - false => OutboundOpaqueMessage::MAX_WIRE_SIZE, + false => MAX_WIRE_SIZE, }; if self.used >= allow_max { @@ -913,10 +913,7 @@ mod tests { assert_len(4096, d.input_bytes(&message)); assert_len(4096, d.input_bytes(&message)); assert_len(4096, d.input_bytes(&message)); - assert_len( - OutboundOpaqueMessage::MAX_WIRE_SIZE - 16_384, - d.input_bytes(&message), - ); + assert_len(MAX_WIRE_SIZE - 16_384, d.input_bytes(&message)); assert!(d.input_bytes(&message).is_err()); } diff --git a/rustls/src/msgs/message/mod.rs b/rustls/src/msgs/message/mod.rs index 77c0475c60..f36606d99f 100644 --- a/rustls/src/msgs/message/mod.rs +++ b/rustls/src/msgs/message/mod.rs @@ -11,9 +11,7 @@ mod inbound; pub use inbound::{BorrowedPayload, InboundOpaqueMessage, InboundPlainMessage}; mod outbound; -pub use outbound::{ - OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload, -}; +pub use outbound::{OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload}; use alloc::vec::Vec; @@ -227,3 +225,14 @@ pub enum MessageError { InvalidContentType, UnknownProtocolVersion, } + +/// Content type, version and size. +pub(crate) const HEADER_SIZE: usize = 1 + 2 + 2; + +/// Maximum message payload size. +/// That's 2^14 payload bytes and a 2KB allowance for ciphertext overheads. +const MAX_PAYLOAD: u16 = 16_384 + 2048; + +/// Maximum on-the-wire message size. +#[cfg(feature = "std")] +pub(crate) const MAX_WIRE_SIZE: usize = MAX_PAYLOAD as usize + HEADER_SIZE; diff --git a/rustls/src/msgs/message/outbound.rs b/rustls/src/msgs/message/outbound.rs index ea9776414a..825647ccd0 100644 --- a/rustls/src/msgs/message/outbound.rs +++ b/rustls/src/msgs/message/outbound.rs @@ -1,4 +1,4 @@ -use super::{MessageError, PlainMessage}; +use super::{MessageError, PlainMessage, HEADER_SIZE, MAX_PAYLOAD}; use crate::enums::{ContentType, ProtocolVersion}; use crate::internal::record_layer::RecordLayer; use crate::msgs::base::Payload; @@ -19,7 +19,7 @@ pub struct OutboundPlainMessage<'a> { impl OutboundPlainMessage<'_> { pub(crate) fn encoded_len(&self, record_layer: &RecordLayer) -> usize { - OutboundOpaqueMessage::HEADER_SIZE + record_layer.encrypted_len(self.payload.len()) + HEADER_SIZE + record_layer.encrypted_len(self.payload.len()) } pub(crate) fn to_unencrypted_opaque(&self) -> OutboundOpaqueMessage { @@ -209,16 +209,6 @@ impl OutboundOpaqueMessage { payload: Payload::Owned(self.payload.as_ref().to_vec()), } } - - /// Maximum message payload size. - /// That's 2^14 payload bytes and a 2KB allowance for ciphertext overheads. - const MAX_PAYLOAD: u16 = 16_384 + 2048; - - /// Content type, version and size. - pub(crate) const HEADER_SIZE: usize = 1 + 2 + 2; - - /// Maximum on-the-wire message size. - pub const MAX_WIRE_SIZE: usize = Self::MAX_PAYLOAD as usize + Self::HEADER_SIZE; } #[derive(Clone, Debug)] @@ -226,9 +216,8 @@ pub struct PrefixedPayload(Vec); impl PrefixedPayload { pub fn with_capacity(capacity: usize) -> Self { - let mut prefixed_payload = - Vec::with_capacity(OutboundOpaqueMessage::HEADER_SIZE + capacity); - prefixed_payload.resize(OutboundOpaqueMessage::HEADER_SIZE, 0); + let mut prefixed_payload = Vec::with_capacity(HEADER_SIZE + capacity); + prefixed_payload.resize(HEADER_SIZE, 0); Self(prefixed_payload) } @@ -241,24 +230,23 @@ impl PrefixedPayload { } pub fn truncate(&mut self, len: usize) { - self.0 - .truncate(len + OutboundOpaqueMessage::HEADER_SIZE) + self.0.truncate(len + HEADER_SIZE) } fn len(&self) -> usize { - self.0.len() - OutboundOpaqueMessage::HEADER_SIZE + self.0.len() - HEADER_SIZE } } impl AsRef<[u8]> for PrefixedPayload { fn as_ref(&self) -> &[u8] { - &self.0[OutboundOpaqueMessage::HEADER_SIZE..] + &self.0[HEADER_SIZE..] } } impl AsMut<[u8]> for PrefixedPayload { fn as_mut(&mut self) -> &mut [u8] { - &mut self.0[OutboundOpaqueMessage::HEADER_SIZE..] + &mut self.0[HEADER_SIZE..] } } @@ -270,8 +258,8 @@ impl<'a> Extend<&'a u8> for PrefixedPayload { impl From<&[u8]> for PrefixedPayload { fn from(content: &[u8]) -> Self { - let mut payload = Vec::with_capacity(OutboundOpaqueMessage::HEADER_SIZE + content.len()); - payload.extend(&[0u8; OutboundOpaqueMessage::HEADER_SIZE]); + let mut payload = Vec::with_capacity(HEADER_SIZE + content.len()); + payload.extend(&[0u8; HEADER_SIZE]); payload.extend(content); Self(payload) } @@ -311,7 +299,7 @@ pub(crate) fn read_opaque_message_header( } // Reject oversize messages - if len >= OutboundOpaqueMessage::MAX_PAYLOAD { + if len >= MAX_PAYLOAD { return Err(MessageError::MessageTooLarge); } From 02fb7125ae1e4a529ffddceaae12b9074519f29b Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 11:41:36 +0100 Subject: [PATCH 0797/1145] Clarify name of deframer's HEADER_SIZE --- rustls/src/msgs/deframer.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index e52a344131..8662a7eec9 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -674,16 +674,16 @@ struct HandshakePayloadMeta { /// (`MAX_HANDSHAKE_SIZE`), `Ok(None)` if the buffer is too small to contain a complete header, /// and `Ok(Some(len))` otherwise. fn payload_size(buf: &[u8]) -> Result, Error> { - if buf.len() < HEADER_SIZE { + if buf.len() < HANDSHAKE_HEADER_SIZE { return Ok(None); } - let (header, _) = buf.split_at(HEADER_SIZE); + let (header, _) = buf.split_at(HANDSHAKE_HEADER_SIZE); match codec::u24::read_bytes(&header[1..]) { Ok(len) if len.0 > MAX_HANDSHAKE_SIZE => Err(Error::InvalidMessage( InvalidMessage::HandshakePayloadTooLarge, )), - Ok(len) => Ok(Some(HEADER_SIZE + usize::from(len))), + Ok(len) => Ok(Some(HANDSHAKE_HEADER_SIZE + usize::from(len))), _ => Ok(None), } } @@ -696,7 +696,7 @@ pub struct Deframed<'a> { pub message: InboundPlainMessage<'a>, } -const HEADER_SIZE: usize = 1 + 3; +const HANDSHAKE_HEADER_SIZE: usize = 1 + 3; /// TLS allows for handshake messages of up to 16MB. We /// restrict that to 64KB to limit potential for denial-of- From 64f9742b0ad63c82000e09f53328ab789bd9107a Mon Sep 17 00:00:00 2001 From: haroldbruintjes <115722879+haroldbruintjes@users.noreply.github.com> Date: Tue, 27 Feb 2024 17:00:41 +0100 Subject: [PATCH 0798/1145] Fix a typo Fixes a missing backtick in the documentation for MessageEncrypter::encrypt --- rustls/src/crypto/cipher.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index 43e6c54bdf..ae1827b685 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -147,7 +147,7 @@ pub trait MessageDecrypter: Send + Sync { /// Objects with this trait can encrypt TLS messages. pub trait MessageEncrypter: Send + Sync { /// Encrypt the given TLS message `msg`, using the sequence number - /// `seq which can be used to derive a unique [`Nonce`]. + /// `seq` which can be used to derive a unique [`Nonce`]. fn encrypt( &mut self, msg: OutboundPlainMessage, From 38316291df79b8da635e3d28fb8f2880eaf60f16 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 27 Feb 2024 13:00:28 +0100 Subject: [PATCH 0799/1145] server: allow acceptor to send alerts after error --- provider-example/examples/server.rs | 4 +- rustls/src/lib.rs | 2 +- rustls/src/server/server_conn.rs | 92 +++++++++++++++++++++++------ rustls/tests/api.rs | 60 ++++++++++++++++--- 4 files changed, 130 insertions(+), 28 deletions(-) diff --git a/provider-example/examples/server.rs b/provider-example/examples/server.rs index 7d592cdfc6..f38c63560e 100644 --- a/provider-example/examples/server.rs +++ b/provider-example/examples/server.rs @@ -43,8 +43,8 @@ fn main() { conn.write_tls(&mut stream).unwrap(); conn.complete_io(&mut stream).unwrap(); } - Err(e) => { - eprintln!("{}", e); + Err((err, _)) => { + eprintln!("{err}"); } } } diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 6b4ff649f9..81e393fb62 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -593,7 +593,7 @@ pub mod server { Accepted, ServerConfig, ServerConnectionData, UnbufferedServerConnection, }; #[cfg(feature = "std")] - pub use server_conn::{Acceptor, ReadEarlyData, ServerConnection}; + pub use server_conn::{AcceptedAlert, Acceptor, ReadEarlyData, ServerConnection}; pub use server_conn::{ClientHello, ProducesTickets, ResolvesServerCert}; /// Dangerous configuration that should be audited and used with extreme care. diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index f22cef9468..f157869526 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -503,6 +503,7 @@ mod connection { use crate::error::Error; use crate::server::hs; use crate::suites::ExtractedSecrets; + use crate::vecbuf::ChunkVecBuffer; use alloc::boxed::Box; use alloc::sync::Arc; @@ -759,25 +760,36 @@ mod connection { /// Returns `Ok(Some(accepted))` if the connection has been accepted. Call /// `accepted.into_connection()` to continue. Do not call this function again. /// - /// Returns `Err(err)` if an error occurred. Do not call this function again. - pub fn accept(&mut self) -> Result, Error> { + /// Returns `Err((err, alert))` if an error occurred. If an alert is returned, the + /// application should call `alert.write()` to send the alert to the client. It should + /// not call `accept()` again. + pub fn accept(&mut self) -> Result, (Error, AcceptedAlert)> { let mut connection = match self.inner.take() { Some(conn) => conn, None => { - return Err(Error::General("Acceptor polled after completion".into())); + return Err(( + Error::General("Acceptor polled after completion".into()), + AcceptedAlert::empty(), + )); } }; - let message = match connection.first_handshake_message()? { - Some(msg) => msg, - None => { + let message = match connection.first_handshake_message() { + Ok(Some(msg)) => msg, + Ok(None) => { self.inner = Some(connection); return Ok(None); } + Err(err) => return Err((err, AcceptedAlert::from(connection))), }; - let (_, sig_schemes) = - hs::process_client_hello(&message, false, &mut Context::from(&mut connection))?; + let mut cx = Context::from(&mut connection); + let sig_schemes = match hs::process_client_hello(&message, false, &mut cx) { + Ok((_, sig_schemes)) => sig_schemes, + Err(err) => { + return Err((err, AcceptedAlert::from(connection))); + } + }; Ok(Some(Accepted { connection, @@ -786,9 +798,39 @@ mod connection { })) } } + + /// Represents a TLS alert resulting from handling the client's `ClientHello` message. + /// + /// When [`Acceptor::accept()`] returns an error, it yields an `AcceptedAlert` such that the + /// application can communicate failure to the client via [`AcceptedAlert::write()`]. + pub struct AcceptedAlert(ChunkVecBuffer); + + impl AcceptedAlert { + pub(super) fn empty() -> Self { + Self(ChunkVecBuffer::new(None)) + } + + /// Send the alert to the client. + pub fn write(&mut self, wr: &mut dyn io::Write) -> Result { + self.0.write_to(wr) + } + } + + impl From> for AcceptedAlert { + fn from(conn: ConnectionCommon) -> Self { + Self(conn.core.common_state.sendable_tls) + } + } + + impl Debug for AcceptedAlert { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("AcceptedAlert").finish() + } + } } + #[cfg(feature = "std")] -pub use connection::{Acceptor, ReadEarlyData, ServerConnection}; +pub use connection::{AcceptedAlert, Acceptor, ReadEarlyData, ServerConnection}; /// Unbuffered version of `ServerConnection` /// @@ -859,21 +901,29 @@ impl Accepted { /// [`sign::CertifiedKey`] that should be used for the session. Returns an error if /// configuration-dependent validation of the received `ClientHello` message fails. #[cfg(feature = "std")] - pub fn into_connection(mut self, config: Arc) -> Result { - self.connection - .set_max_fragment_size(config.max_fragment_size)?; + pub fn into_connection( + mut self, + config: Arc, + ) -> Result { + if let Err(err) = self + .connection + .set_max_fragment_size(config.max_fragment_size) + { + // We have a connection here, but it won't contain an alert since the error + // is with the fragment size configured in the `ServerConfig`. + return Err((err, AcceptedAlert::empty())); + } self.connection.enable_secret_extraction = config.enable_secret_extraction; let state = hs::ExpectClientHello::new(config, Vec::new()); let mut cx = hs::ServerContext::from(&mut self.connection); - let new = state.with_certified_key( - self.sig_schemes, - Self::client_hello_payload(&self.message), - &self.message, - &mut cx, - )?; + let ch = Self::client_hello_payload(&self.message); + let new = match state.with_certified_key(self.sig_schemes, ch, &self.message, &mut cx) { + Ok(new) => new, + Err(err) => return Err((err, AcceptedAlert::from(self.connection))), + }; self.connection.replace_state(new); Ok(ServerConnection { @@ -893,6 +943,12 @@ impl Accepted { } } +impl Debug for Accepted { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("Accepted").finish() + } +} + struct Accepting; impl State for Accepting { diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 3570dd3b2a..186117266f 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -33,8 +33,8 @@ use rustls::internal::msgs::message::{ use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert}; use rustls::SupportedCipherSuite; use rustls::{ - sign, AlertDescription, CertificateError, ConnectionCommon, ContentType, Error, KeyLog, - PeerIncompatible, PeerMisbehaved, SideData, + sign, AlertDescription, CertificateError, ConnectionCommon, ContentType, Error, InvalidMessage, + KeyLog, PeerIncompatible, PeerMisbehaved, SideData, }; use rustls::{CipherSuite, ProtocolVersion, SignatureScheme}; use rustls::{ClientConfig, ClientConnection}; @@ -5412,8 +5412,8 @@ fn test_acceptor() { io::ErrorKind::Other, ); assert_eq!( - acceptor.accept().err(), - Some(Error::General("Acceptor polled after completion".into())) + acceptor.accept().err().unwrap().0, + Error::General("Acceptor polled after completion".into()) ); let mut acceptor = Acceptor::default(); @@ -5422,24 +5422,70 @@ fn test_acceptor() { .read_tls(&mut &buf[..3]) .unwrap(); // incomplete message assert!(acceptor.accept().unwrap().is_none()); + acceptor .read_tls(&mut [0x80, 0x00].as_ref()) .unwrap(); // invalid message (len = 32k bytes) - assert!(acceptor.accept().is_err()); + let (err, mut alert) = acceptor.accept().unwrap_err(); + assert_eq!(err, Error::InvalidMessage(InvalidMessage::MessageTooLarge)); + let mut alert_content = Vec::new(); + let _ = alert.write(&mut alert_content); + let expected = build_alert(AlertLevel::Fatal, AlertDescription::DecodeError, &[]); + assert_eq!(alert_content, expected); let mut acceptor = Acceptor::default(); // Minimal valid 1-byte application data message is not a handshake message acceptor .read_tls(&mut [0x17, 0x03, 0x03, 0x00, 0x01, 0x00].as_ref()) .unwrap(); - assert!(acceptor.accept().is_err()); + let (err, mut alert) = acceptor.accept().unwrap_err(); + assert!(matches!(err, Error::InappropriateMessage { .. })); + let mut alert_content = Vec::new(); + let _ = alert.write(&mut alert_content); + assert!(alert_content.is_empty()); // We do not expect an alert for this condition. let mut acceptor = Acceptor::default(); // Minimal 1-byte ClientHello message is not a legal handshake message acceptor .read_tls(&mut [0x16, 0x03, 0x03, 0x00, 0x05, 0x01, 0x00, 0x00, 0x01, 0x00].as_ref()) .unwrap(); - assert!(acceptor.accept().is_err()); + let (err, mut alert) = acceptor.accept().unwrap_err(); + assert!(matches!(err, Error::InvalidMessage(InvalidMessage::MissingData(_)))); + let mut alert_content = Vec::new(); + let _ = alert.write(&mut alert_content); + let expected = build_alert(AlertLevel::Fatal, AlertDescription::DecodeError, &[]); + assert_eq!(alert_content, expected); +} + +#[test] +fn test_acceptor_rejected_handshake() { + use rustls::server::Acceptor; + + let client_config = finish_client_config(KeyType::Ed25519, ClientConfig::builder_with_provider(provider::default_provider().into()) + .with_protocol_versions(&[&rustls::version::TLS13]) + .unwrap()); + let mut client = ClientConnection::new(client_config.into(), server_name("localhost")).unwrap(); + let mut buf = Vec::new(); + client.write_tls(&mut buf).unwrap(); + + let server_config = finish_server_config(KeyType::Ed25519, ServerConfig::builder_with_provider(provider::default_provider().into()) + .with_protocol_versions(&[&rustls::version::TLS12]) + .unwrap()); + let mut acceptor = Acceptor::default(); + acceptor + .read_tls(&mut buf.as_slice()) + .unwrap(); + let accepted = acceptor.accept().unwrap().unwrap(); + let ch = accepted.client_hello(); + assert_eq!(ch.server_name(), Some("localhost")); + + let (err, mut alert) = accepted.into_connection(server_config.into()).unwrap_err(); + assert_eq!(err, Error::PeerIncompatible(PeerIncompatible::Tls12NotOfferedOrEnabled)); + + let mut alert_content = Vec::new(); + let _ = alert.write(&mut alert_content); + let expected = build_alert(AlertLevel::Fatal, AlertDescription::ProtocolVersion, &[]); + assert_eq!(alert_content, expected); } #[test] From 0106e7e493f740dd7344ca30ce716c18d9be3600 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 27 Feb 2024 10:01:27 -0500 Subject: [PATCH 0800/1145] examples: have server_acceptor write accept alerts --- examples/src/bin/server_acceptor.rs | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index 8f9897be8a..595b92b63d 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -117,17 +117,27 @@ fn main() { // connection. let accepted = loop { acceptor.read_tls(&mut stream).unwrap(); - if let Some(accepted) = acceptor.accept().unwrap() { - break accepted; + + match acceptor.accept() { + Ok(Some(accepted)) => break accepted, + Ok(None) => continue, + Err((e, mut alert)) => { + alert.write(&mut stream).unwrap(); + panic!("error accepting connection: {e}"); + } } }; // Generate a server config for the accepted connection, optionally customizing the // configuration based on the client hello. let config = test_pki.server_config(&crl_path, accepted.client_hello()); - let mut conn = accepted - .into_connection(config) - .unwrap(); + let mut conn = match accepted.into_connection(config) { + Ok(conn) => conn, + Err((e, mut alert)) => { + alert.write(&mut stream).unwrap(); + panic!("error completing accepting connection: {e}"); + } + }; // Proceed with handling the ServerConnection // Important: We do no error handling here, but you should! From 498fae5d13a8aa8784ccad28c64599c3b66bb3d0 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 27 Feb 2024 14:27:22 +0000 Subject: [PATCH 0801/1145] tlsserver-mio: fix new nightly warning "warning: the item `rustls` is imported redundantly" --- examples/src/bin/tlsserver-mio.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 00dc7e12f4..1b41557835 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -32,7 +32,7 @@ use serde::Deserialize; use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use rustls::pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use rustls::server::WebPkiClientVerifier; -use rustls::{self, RootCertStore}; +use rustls::RootCertStore; // Token for our listening socket. const LISTENER: mio::Token = mio::Token(0); From 3410aab75a860490f75baf35205e6bef16ce687b Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 27 Feb 2024 14:28:47 +0000 Subject: [PATCH 0802/1145] server::tls12: fix new nightly warnings "warning: the item `CertificateChain` is imported redundantly" "warning: the item `SessionId` is imported redundantly" --- rustls/src/server/tls12.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 8824ab8817..808484f6d2 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -45,11 +45,10 @@ mod client_hello { use crate::msgs::enums::ECPointFormat; use crate::msgs::enums::{ClientCertificateType, Compression}; use crate::msgs::handshake::CertificateStatus; - use crate::msgs::handshake::{CertificateChain, ServerKeyExchange, ServerKeyExchangeParams}; use crate::msgs::handshake::{CertificateRequestPayload, ClientSessionTicket, Random}; - use crate::msgs::handshake::{ClientExtension, SessionId}; - use crate::msgs::handshake::{ClientHelloPayload, ServerHelloPayload}; + use crate::msgs::handshake::{ClientExtension, ClientHelloPayload, ServerHelloPayload}; use crate::msgs::handshake::{ServerExtension, ServerKeyExchangePayload}; + use crate::msgs::handshake::{ServerKeyExchange, ServerKeyExchangeParams}; use crate::sign; use crate::verify::DigitallySignedStruct; From a76a8b3ec480dd23b8a915275a2d33abb0a7519b Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 27 Feb 2024 14:29:54 +0000 Subject: [PATCH 0803/1145] server::handy: fix new nightly clippy lint "warning: you are explicitly cloning with `.map()`" --- rustls/src/server/handy.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index c4524e629e..65205b6470 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -262,7 +262,7 @@ mod sni_resolver { impl server::ResolvesServerCert for ResolvesServerCertUsingSni { fn resolve(&self, client_hello: ClientHello) -> Option> { if let Some(name) = client_hello.server_name() { - self.by_name.get(name).map(Arc::clone) + self.by_name.get(name).cloned() } else { // This kind of resolver requires SNI None From dae2b3e0aec3d7c6a9d5e37f9ca3d16f792770e3 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 27 Feb 2024 16:08:25 +0000 Subject: [PATCH 0804/1145] bogo_shim: fix new nightly warning "warning: the item `rustls` is imported redundantly" --- rustls/examples/internal/bogo_shim_impl.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 43e3830382..2dfa2dfdc1 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -12,7 +12,7 @@ use rustls::internal::msgs::persist::ServerSessionValue; use rustls::server::danger::{ClientCertVerified, ClientCertVerifier}; use rustls::server::{ClientHello, ServerConfig, ServerConnection, WebPkiClientVerifier}; use rustls::{ - self, client, server, sign, version, AlertDescription, CertificateError, Connection, + client, server, sign, version, AlertDescription, CertificateError, Connection, DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, PeerIncompatible, PeerMisbehaved, ProtocolVersion, RootCertStore, Side, SignatureAlgorithm, SignatureScheme, SupportedProtocolVersion, From 2a7aeec6e80ed2045a39382a9bc60a46e46aba14 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 27 Feb 2024 14:37:39 +0000 Subject: [PATCH 0805/1145] Clean up no_std and use of std in test code This fixes a wedge of instances of: ``` warning: the item `String` is imported redundantly --> rustls/src/msgs/handshake.rs:27:5 | 27 | use alloc::string::String; | ^^^^^^^^^^^^^^^^^^^^^ ``` Where `String` is present from the std prelude when built for testing. Like we just did in webpki, _always_ opt-in to no_std, and then import the std prelude in tests where necessary. --- rustls/src/bs_debug.rs | 2 ++ rustls/src/client/handy.rs | 1 + rustls/src/crypto/mod.rs | 1 + rustls/src/crypto/ring/kx.rs | 2 ++ rustls/src/crypto/ring/quic.rs | 1 + rustls/src/crypto/tls13.rs | 1 + rustls/src/error.rs | 2 ++ rustls/src/lib.rs | 4 ++-- rustls/src/limited_cache.rs | 2 ++ rustls/src/msgs/codec.rs | 2 ++ rustls/src/msgs/deframer.rs | 3 ++- rustls/src/msgs/enums.rs | 2 +- rustls/src/msgs/fragmenter.rs | 2 ++ rustls/src/msgs/handshake_test.rs | 3 +++ rustls/src/msgs/message_test.rs | 3 ++- rustls/src/msgs/persist.rs | 4 ++-- rustls/src/quic.rs | 4 ++-- rustls/src/server/handy.rs | 2 ++ rustls/src/server/server_conn.rs | 1 + rustls/src/suites.rs | 1 + rustls/src/test_macros.rs | 2 +- rustls/src/tls13/key_schedule.rs | 2 ++ rustls/src/verify.rs | 2 ++ rustls/src/verifybench.rs | 1 + rustls/src/webpki/client_verifier.rs | 2 ++ rustls/src/webpki/server_verifier.rs | 2 ++ rustls/src/webpki/verify.rs | 1 + rustls/src/x509.rs | 1 + 28 files changed, 46 insertions(+), 10 deletions(-) diff --git a/rustls/src/bs_debug.rs b/rustls/src/bs_debug.rs index 5524fac4ab..1891528063 100644 --- a/rustls/src/bs_debug.rs +++ b/rustls/src/bs_debug.rs @@ -42,6 +42,8 @@ impl<'a> fmt::Debug for BsDebug<'a> { #[cfg(test)] mod tests { use super::BsDebug; + use std::format; + use std::prelude::v1::*; #[test] fn debug() { diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 5fde7a87c1..af2dc2e2cc 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -233,6 +233,7 @@ impl client::ResolvesClientCert for AlwaysResolvesClientCert { } test_for_each_provider! { + use std::prelude::v1::*; use super::NoClientSessionStorage; use crate::client::ClientSessionStore; use crate::msgs::enums::NamedGroup; diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index cd73454b3d..eb6324c48a 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -552,6 +552,7 @@ pub fn default_fips_provider() -> CryptoProvider { #[cfg(test)] mod tests { use super::SharedSecret; + use std::vec; #[test] fn test_shared_secret_strip_leading_zeros() { diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index a9a79070ec..3466cd9c84 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -107,6 +107,8 @@ impl ActiveKeyExchange for KeyExchange { #[cfg(test)] mod tests { + use std::format; + #[test] fn kxgroup_fmt_yields_name() { assert_eq!("X25519", format!("{:?}", super::X25519)); diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 1cbfe17d0c..7f92051a33 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -184,6 +184,7 @@ impl crate::quic::Algorithm for KeyBuilder { } test_for_each_provider! { + use std::dbg; use crate::common_state::Side; use crate::crypto::tls13::OkmBlock; use crate::quic::*; diff --git a/rustls/src/crypto/tls13.rs b/rustls/src/crypto/tls13.rs index fecedcc5f3..a0ec5f3257 100644 --- a/rustls/src/crypto/tls13.rs +++ b/rustls/src/crypto/tls13.rs @@ -251,6 +251,7 @@ mod tests { // nb: crypto::aws_lc_rs provider doesn't provide (or need) hmac, // so cannot be used for this test. use crate::crypto::ring::hmac; + use std::prelude::v1::*; struct ByteArray([u8; N]); diff --git a/rustls/src/error.rs b/rustls/src/error.rs index cf6bdf4d7f..a0b298cd28 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -603,6 +603,8 @@ mod tests { use super::{Error, InvalidMessage}; use crate::error::CertRevocationListError; use crate::error::OtherError; + use std::prelude::v1::*; + use std::{println, vec}; #[test] fn certificate_error_equality() { diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 81e393fb62..e460c5b405 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -344,7 +344,7 @@ #![cfg_attr(read_buf, feature(read_buf))] #![cfg_attr(read_buf, feature(core_io_borrowed_buf))] #![cfg_attr(bench, feature(test))] -#![cfg_attr(not(test), no_std)] +#![no_std] extern crate alloc; // This `extern crate` plus the `#![no_std]` attribute changes the default prelude from @@ -352,7 +352,7 @@ extern crate alloc; // is in `std::prelude` but not in `core::prelude`. This helps maintain no-std support as even // developers that are not interested in, or aware of, no-std support and / or that never run // `cargo build --no-default-features` locally will get errors when they rely on `std::prelude` API. -#[cfg(all(feature = "std", not(test)))] +#[cfg(any(feature = "std", test))] extern crate std; // Import `test` sysroot crate for `Bencher` definitions. diff --git a/rustls/src/limited_cache.rs b/rustls/src/limited_cache.rs index db527be25f..67215a0454 100644 --- a/rustls/src/limited_cache.rs +++ b/rustls/src/limited_cache.rs @@ -124,6 +124,8 @@ where #[cfg(test)] mod tests { + use std::prelude::v1::*; + type Test = super::LimitedCache; #[test] diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index ba00e1d5e8..84ac606b12 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -378,6 +378,8 @@ impl<'a> Drop for LengthPrefixedBuffer<'a> { #[cfg(test)] mod tests { use super::*; + use std::prelude::v1::*; + use std::vec; #[test] fn interrupted_length_prefixed_buffer_leaves_maximum_length() { diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 8662a7eec9..ebe415db3e 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -709,7 +709,8 @@ const READ_SIZE: usize = 4096; #[cfg(feature = "std")] #[cfg(test)] mod tests { - use std::io; + use std::prelude::v1::*; + use std::vec; use crate::crypto::cipher::PlainMessage; use crate::msgs::message::Message; diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 683a7a8d2e..2c66620de2 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -350,7 +350,7 @@ pub(crate) mod tests { //! check panic-safety of relatively unused values. use super::*; - use crate::msgs::codec::Codec; + use std::prelude::v1::*; #[test] fn test_enums() { diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index 8b8990eff2..b1a25d02ba 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -110,6 +110,8 @@ mod tests { use crate::enums::ProtocolVersion; use crate::msgs::base::Payload; use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage}; + use std::prelude::v1::*; + use std::vec; fn msg_eq( m: &OutboundPlainMessage, diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 36d85b9480..fa5051425b 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -22,6 +22,9 @@ use pki_types::{CertificateDer, DnsName}; use super::handshake::{ServerDhParams, ServerKeyExchange, ServerKeyExchangeParams}; +use std::prelude::v1::*; +use std::{format, println, vec}; + #[test] fn rejects_short_random() { let bytes = [0x01; 31]; diff --git a/rustls/src/msgs/message_test.rs b/rustls/src/msgs/message_test.rs index 185636ef01..bc40c4f496 100644 --- a/rustls/src/msgs/message_test.rs +++ b/rustls/src/msgs/message_test.rs @@ -6,9 +6,10 @@ use super::codec::Reader; use super::enums::AlertLevel; use super::message::{Message, OutboundOpaqueMessage, PlainMessage}; -use std::fs; use std::io::Read; use std::path::{Path, PathBuf}; +use std::prelude::v1::*; +use std::{format, fs, println, vec}; #[test] fn test_read_fuzz_corpus() { diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index f5d41f4ae2..c1a61b6206 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -406,11 +406,11 @@ impl ServerSessionValue { #[cfg(test)] mod tests { use super::*; - use crate::msgs::codec::{Codec, Reader}; - #[cfg(feature = "std")] + #[cfg(feature = "std")] // for UnixTime::now #[test] fn serversessionvalue_is_debug() { + use std::{println, vec}; let ssv = ServerSessionValue::new( None, ProtocolVersion::TLSv1_3, diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index e7baa20316..a3d284e3aa 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -923,9 +923,9 @@ impl Default for Version { #[cfg(test)] mod tests { - use crate::quic::HeaderProtectionKey; - use super::PacketKey; + use crate::quic::HeaderProtectionKey; + use std::prelude::v1::*; #[test] fn auto_traits() { diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 65205b6470..dbf86041f7 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -91,6 +91,7 @@ mod cache { mod tests { use super::*; use crate::server::StoresServerSessions; + use std::vec; #[test] fn test_serversessionmemorycache_accepts_put() { @@ -304,6 +305,7 @@ mod tests { use super::*; use crate::server::ProducesTickets; use crate::server::StoresServerSessions; + use std::vec; #[test] fn test_noserversessionstorage_drops_put() { diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index f157869526..f52f20d49b 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1095,6 +1095,7 @@ impl crate::conn::SideData for ServerConnectionData {} #[cfg(test)] mod tests { use super::*; + use std::format; // these branches not reachable externally, unless something else goes wrong. #[test] diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index f66a834736..ba1eb5c20a 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -234,6 +234,7 @@ pub enum ConnectionTrafficSecrets { test_for_each_provider! { use provider::tls13::*; + use std::println; #[test] fn test_scs_is_debug() { diff --git a/rustls/src/test_macros.rs b/rustls/src/test_macros.rs index 7a4f1160e6..05a3dc14a1 100644 --- a/rustls/src/test_macros.rs +++ b/rustls/src/test_macros.rs @@ -45,7 +45,7 @@ macro_rules! bench_for_each_provider { test_for_each_provider! { #[test] fn test_each_provider() { - println!("provider is {:?}", provider::default_provider()); + std::println!("provider is {:?}", provider::default_provider()); } } diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 48a97d0f14..3a9af55837 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -830,6 +830,8 @@ where test_for_each_provider! { use core::fmt::Debug; + use std::vec; + use std::prelude::v1::*; use super::{derive_traffic_iv, derive_traffic_key, KeySchedule, SecretKind}; use provider::ring_like::aead; diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index 0a63d284d3..a7deaab394 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -337,6 +337,8 @@ impl Codec<'_> for DigitallySignedStruct { #[test] fn assertions_are_debug() { + use std::format; + assert_eq!( format!("{:?}", ClientCertVerified::assertion()), "ClientCertVerified(())" diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index ac1045cfb6..3cea3cb969 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -4,6 +4,7 @@ #![cfg(bench)] use core::time::Duration; +use std::prelude::v1::*; use crate::crypto::CryptoProvider; use crate::verify::ServerCertVerifier; diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index c1562276de..623a8dd966 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -414,7 +414,9 @@ test_for_each_provider! { use pki_types::{CertificateDer, CertificateRevocationListDer}; + use std::prelude::v1::*; use std::sync::Arc; + use std::{vec, format, println}; fn load_crls(crls_der: &[&[u8]]) -> Vec> { crls_der diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 47840294b6..b716853232 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -283,6 +283,8 @@ impl ServerCertVerifier for WebPkiServerVerifier { test_for_each_provider! { use std::sync::Arc; + use std::{vec, println}; + use std::prelude::v1::*; use pki_types::{CertificateDer, CertificateRevocationListDer}; diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index f2cb7395b8..97c24043ab 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -229,6 +229,7 @@ pub(crate) fn verify_server_cert_signed_by_trust_anchor_impl( #[cfg(test)] mod tests { use super::*; + use std::format; #[test] fn certificate_debug() { diff --git a/rustls/src/x509.rs b/rustls/src/x509.rs index 1b8e4cfd51..31207bed56 100644 --- a/rustls/src/x509.rs +++ b/rustls/src/x509.rs @@ -43,6 +43,7 @@ const DER_SEQUENCE_TAG: u8 = 0x30; #[cfg(test)] mod tests { use super::*; + use std::vec; #[test] fn test_empty() { From 0eab92f3f09ffa87b15d1bad4add45e95e7d6947 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 27 Feb 2024 16:03:31 +0000 Subject: [PATCH 0806/1145] API tests: ignore warnings in ClientStorage mock This is a complete mock for `rustls::client::ClientSessionStore`, but we don't have tests that use 100% of its abilities. --- rustls/tests/api.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 186117266f..f26d485888 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3503,6 +3503,7 @@ impl rustls::server::StoresServerSessions for ServerStorage { } #[derive(Debug, Clone)] +#[allow(dead_code)] // complete mock, but not 100% used in tests enum ClientStorageOp { SetKxHint(ServerName<'static>, rustls::NamedGroup), GetKxHint(ServerName<'static>, Option), From e8243d8dd5d0938f688623d81263bbadc830be02 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 19 Feb 2024 15:45:47 -0500 Subject: [PATCH 0807/1145] deframer: test out-of-bounds panic for quic append_hs The `append_hs` function of the `MessageDeframer` (used only by QUIC connections) mishandles the case where we were in the process of deframing a QUIC HS message that required joining. When copying a payload of the fragmented HS message into the deframer buffer the `DeframerBuffer<'a, ExternalPayload<'a>>` trait implementation for `DeframerVecBuffer` _already_ positioned the write into the unfilled section of the buffer, `self.unfilled()` (e.g. `self.buf[self.used..]`). However, the branch of `append_hs` that continues processing of joining a fragmented HS message was incorrectly further offsetting the copy position by `meta.payload.end`, which is equal to `self.used` at this point. In effect trying to write to `self.buf[self.used+self.used..]`. As a result, if we have buffered more than half the capacity of `self.buf` and then attempt to join in more payload bytes, the unfilled offset is outside the bounds of `buf` and an out-of-bounds indexing panic occurs. This commit adds a simple integration test, as well as a fix. --- rustls/src/msgs/deframer.rs | 4 ++-- rustls/tests/api.rs | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index ebe415db3e..4e1098b397 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -504,9 +504,9 @@ impl DeframerBuffer<'_, InternalPayload> for DeframerVecBuffer { #[cfg(feature = "std")] impl<'a> DeframerBuffer<'a, ExternalPayload<'a>> for DeframerVecBuffer { - fn copy(&mut self, payload: &ExternalPayload<'a>, at: usize) { + fn copy(&mut self, payload: &ExternalPayload<'a>, _at: usize) { let len = payload.len(); - self.unfilled()[at..at + len].copy_from_slice(payload.0); + self.unfilled()[..len].copy_from_slice(payload.0); self.advance(len); } } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index f26d485888..75a31a4657 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4521,6 +4521,39 @@ mod test_quic { do_exporter_test(client_config, server_config); } } + + #[test] + fn test_fragmented_append() { + // Create a QUIC client connection. + let client_config = make_client_config_with_versions(KeyType::Rsa, &[&rustls::version::TLS13]); + let client_config = Arc::new(client_config); + let mut client = quic::ClientConnection::new( + Arc::clone(&client_config), + quic::Version::V1, + server_name("localhost"), + b"client params"[..].into(), + ) + .unwrap(); + + // Construct a message that is too large to fit in a single QUIC packet. + // We want the partial pieces to be large enough to overflow the deframer's + // 4096 byte buffer if mishandled. + let mut out = vec![0; 4096]; + let len_bytes = u32::to_be_bytes(9266_u32); + out[1..4].copy_from_slice(&len_bytes[1..]); + + // Read the message - this will put us into a joining handshake message state, buffering + // 4096 bytes into the deframer buffer. + client.read_hs(&out).unwrap(); + + // Read the message again - once more it isn't a complete message, so we'll try to + // append another 4096 bytes into the deframer buffer. + // + // If the deframer mishandles writing into the used buffer space this will panic with + // an index out of range error: + // range end index 8192 out of range for slice of length 4096 + client.read_hs(&out).unwrap(); + } } // mod test_quic #[test] From 3e4630fb8f836c43cd2d76718101ee6835984cee Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 19 Dec 2023 12:08:54 +0100 Subject: [PATCH 0808/1145] quic: name fields of ring::quic::KeyBuilder --- rustls/src/crypto/aws_lc_rs/tls13.rs | 24 ++++++++++++------------ rustls/src/crypto/ring/quic.rs | 14 +++++++------- rustls/src/crypto/ring/tls13.rs | 24 ++++++++++++------------ 3 files changed, 31 insertions(+), 31 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index 63e1495c7d..df6e52cc91 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -30,10 +30,10 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&aead::CHACHA20_POLY1305)), - quic: Some(&super::quic::KeyBuilder( - &aead::CHACHA20_POLY1305, - &aead::quic::CHACHA20, - )), + quic: Some(&super::quic::KeyBuilder { + packet_alg: &aead::CHACHA20_POLY1305, + header_alg: &aead::quic::CHACHA20, + }), }; /// The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384 @@ -47,10 +47,10 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA384, hmac::HMAC_SHA384), aead_alg: &Aes256GcmAead(AeadAlgorithm(&aead::AES_256_GCM)), - quic: Some(&super::quic::KeyBuilder( - &aead::AES_256_GCM, - &aead::quic::AES_256, - )), + quic: Some(&super::quic::KeyBuilder { + packet_alg: &aead::AES_256_GCM, + header_alg: &aead::quic::AES_256, + }), }); /// The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256 @@ -66,10 +66,10 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Aes128GcmAead(AeadAlgorithm(&aead::AES_128_GCM)), - quic: Some(&super::quic::KeyBuilder( - &aead::AES_128_GCM, - &aead::quic::AES_128, - )), + quic: Some(&super::quic::KeyBuilder { + packet_alg: &aead::AES_128_GCM, + header_alg: &aead::quic::AES_128, + }), }; struct Chacha20Poly1305Aead(AeadAlgorithm); diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 7f92051a33..ac76ddcf3c 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -160,22 +160,22 @@ impl quic::PacketKey for PacketKey { } } -pub(crate) struct KeyBuilder( - pub(crate) &'static aead::Algorithm, - pub(crate) &'static aead::quic::Algorithm, -); +pub(crate) struct KeyBuilder { + pub(crate) packet_alg: &'static aead::Algorithm, + pub(crate) header_alg: &'static aead::quic::Algorithm, +} impl crate::quic::Algorithm for KeyBuilder { fn packet_key(&self, key: AeadKey, iv: Iv) -> Box { - Box::new(super::quic::PacketKey::new(key, iv, self.0)) + Box::new(super::quic::PacketKey::new(key, iv, self.packet_alg)) } fn header_protection_key(&self, key: AeadKey) -> Box { - Box::new(super::quic::HeaderProtectionKey::new(key, self.1)) + Box::new(super::quic::HeaderProtectionKey::new(key, self.header_alg)) } fn aead_key_len(&self) -> usize { - self.0.key_len() + self.packet_alg.key_len() } fn fips(&self) -> bool { diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index b44594bcea..20bfd1fe16 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -30,10 +30,10 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&aead::CHACHA20_POLY1305)), - quic: Some(&super::quic::KeyBuilder( - &aead::CHACHA20_POLY1305, - &aead::quic::CHACHA20, - )), + quic: Some(&super::quic::KeyBuilder { + packet_alg: &aead::CHACHA20_POLY1305, + header_alg: &aead::quic::CHACHA20, + }), }; /// The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384 @@ -47,10 +47,10 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA384, hmac::HMAC_SHA384), aead_alg: &Aes256GcmAead(AeadAlgorithm(&aead::AES_256_GCM)), - quic: Some(&super::quic::KeyBuilder( - &aead::AES_256_GCM, - &aead::quic::AES_256, - )), + quic: Some(&super::quic::KeyBuilder { + packet_alg: &aead::AES_256_GCM, + header_alg: &aead::quic::AES_256, + }), }); /// The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256 @@ -66,10 +66,10 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Aes128GcmAead(AeadAlgorithm(&aead::AES_128_GCM)), - quic: Some(&super::quic::KeyBuilder( - &aead::AES_128_GCM, - &aead::quic::AES_128, - )), + quic: Some(&super::quic::KeyBuilder { + packet_alg: &aead::AES_128_GCM, + header_alg: &aead::quic::AES_128, + }), }; struct Chacha20Poly1305Aead(AeadAlgorithm); From 542b12ca899cd50802bdf1f10056e36a71a1196f Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Tue, 19 Dec 2023 12:21:05 +0100 Subject: [PATCH 0809/1145] quic: expose limits via PacketKey trait --- rustls/src/crypto/aws_lc_rs/tls13.rs | 6 ++++ rustls/src/crypto/ring/quic.rs | 42 ++++++++++++++++++++++++++-- rustls/src/crypto/ring/tls13.rs | 6 ++++ rustls/src/quic.rs | 14 ++++++++++ 4 files changed, 66 insertions(+), 2 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index df6e52cc91..cd3c2fcd5d 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -33,6 +33,8 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & quic: Some(&super::quic::KeyBuilder { packet_alg: &aead::CHACHA20_POLY1305, header_alg: &aead::quic::CHACHA20, + confidentiality_limit: u64::MAX, + integrity_limit: 1 << 36, }), }; @@ -50,6 +52,8 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = quic: Some(&super::quic::KeyBuilder { packet_alg: &aead::AES_256_GCM, header_alg: &aead::quic::AES_256, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, }), }); @@ -69,6 +73,8 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C quic: Some(&super::quic::KeyBuilder { packet_alg: &aead::AES_128_GCM, header_alg: &aead::quic::AES_128, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, }), }; diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index ac76ddcf3c..0cfd9b0156 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -100,15 +100,31 @@ pub(crate) struct PacketKey { key: aead::LessSafeKey, /// Computes unique nonces for each packet iv: Iv, + /// Confidentiality limit (see [`CipherSuiteCommon::confidentiality_limit`][csc-limit]) + /// + /// [csc-limit]: crate::crypto::CipherSuiteCommon::confidentiality_limit + confidentiality_limit: u64, + /// Integrity limit (see [`CipherSuiteCommon::integrity_limit`][csc-limit]) + /// + /// [csc-limit]: crate::crypto::CipherSuiteCommon::integrity_limit + integrity_limit: u64, } impl PacketKey { - pub(crate) fn new(key: AeadKey, iv: Iv, aead_algorithm: &'static aead::Algorithm) -> Self { + pub(crate) fn new( + key: AeadKey, + iv: Iv, + confidentiality_limit: u64, + integrity_limit: u64, + aead_algorithm: &'static aead::Algorithm, + ) -> Self { Self { key: aead::LessSafeKey::new( aead::UnboundKey::new(aead_algorithm, key.as_ref()).unwrap(), ), iv, + confidentiality_limit, + integrity_limit, } } } @@ -158,16 +174,38 @@ impl quic::PacketKey for PacketKey { fn tag_len(&self) -> usize { self.key.algorithm().tag_len() } + + /// Confidentiality limit (see [`CipherSuiteCommon::confidentiality_limit`][csc-limit]) + /// + /// [csc-limit]: crate::crypto::CipherSuiteCommon::confidentiality_limit + fn confidentiality_limit(&self) -> u64 { + self.confidentiality_limit + } + + /// Integrity limit (see [`CipherSuiteCommon::integrity_limit`][csc-limit]) + /// + /// [csc-limit]: crate::crypto::CipherSuiteCommon::integrity_limit + fn integrity_limit(&self) -> u64 { + self.integrity_limit + } } pub(crate) struct KeyBuilder { pub(crate) packet_alg: &'static aead::Algorithm, pub(crate) header_alg: &'static aead::quic::Algorithm, + pub(crate) confidentiality_limit: u64, + pub(crate) integrity_limit: u64, } impl crate::quic::Algorithm for KeyBuilder { fn packet_key(&self, key: AeadKey, iv: Iv) -> Box { - Box::new(super::quic::PacketKey::new(key, iv, self.packet_alg)) + Box::new(super::quic::PacketKey::new( + key, + iv, + self.confidentiality_limit, + self.integrity_limit, + self.packet_alg, + )) } fn header_protection_key(&self, key: AeadKey) -> Box { diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 20bfd1fe16..c2a71c0c02 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -33,6 +33,8 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & quic: Some(&super::quic::KeyBuilder { packet_alg: &aead::CHACHA20_POLY1305, header_alg: &aead::quic::CHACHA20, + confidentiality_limit: u64::MAX, + integrity_limit: 1 << 36, }), }; @@ -50,6 +52,8 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = quic: Some(&super::quic::KeyBuilder { packet_alg: &aead::AES_256_GCM, header_alg: &aead::quic::AES_256, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, }), }); @@ -69,6 +73,8 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C quic: Some(&super::quic::KeyBuilder { packet_alg: &aead::AES_128_GCM, header_alg: &aead::quic::AES_128, + confidentiality_limit: 1 << 23, + integrity_limit: 1 << 52, }), }; diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index a3d284e3aa..066ffd4802 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -705,6 +705,20 @@ pub trait PacketKey: Send + Sync { /// Tag length for the underlying AEAD algorithm fn tag_len(&self) -> usize; + + /// Number of messages that can be safely encrypted with a single key of this type. + /// + /// See [`CipherSuiteCommon::confidentiality_limit`][csc-limit]. + /// + /// [csc-limit]: crate::crypto::CipherSuiteCommon::confidentiality_limit + fn confidentiality_limit(&self) -> u64; + + /// Number of messages that can be safely authenticated with a single key of this type. + /// + /// See [`CipherSuiteCommon::integrity_limit`][csc-limit]. + /// + /// [csc-limit]: crate::crypto::CipherSuiteCommon::integrity_limit + fn integrity_limit(&self) -> u64; } /// Packet protection keys for bidirectional 1-RTT communication From 5138cd81e1835c8cfeb0b6d12ec9fdb3c5631f28 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 14 Feb 2024 16:12:03 -0500 Subject: [PATCH 0810/1145] suites: split integrity and confidentiality limit handling Previously the `CipherSuiteCommon` type had a `confidentiality_limit` and a `integrity_limit`. Recent refactoring for better downstream QUIC ergonomics has pulled these limits into the `quic::PacketKey` trait. To reduce duplication this commit adjusts our handling of these two limits. For the `integrity_limit`, it was already documented in `CipherSuiteCommon` as being specific to QUIC and irrelevant for TLS over TCP. For this reason we delete the field from `CipherSuiteCommon`, leaving it only in `quic::PacketKey` where it is actually useful. For the `confidentiality_limit` it was described imprecisely and erred on the side of caution, proposing a limit calculated based on QUIC overhead even for the TCP usecase. Now that we've split this field the `CipherSuiteCommon` version's documentation is updated to use a tighter bound for the TCP use-case, and the associated `PacketKey` field can be documented to use the QUIC bound. --- provider-example/src/lib.rs | 2 -- rustls/src/crypto/aws_lc_rs/tls12.rs | 6 ------ rustls/src/crypto/aws_lc_rs/tls13.rs | 3 --- rustls/src/crypto/ring/quic.rs | 16 ++++------------ rustls/src/crypto/ring/tls12.rs | 6 ------ rustls/src/crypto/ring/tls13.rs | 3 --- rustls/src/quic.rs | 18 +++++++++++++----- rustls/src/suites.rs | 16 ++++------------ 8 files changed, 21 insertions(+), 49 deletions(-) diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index 18f8776928..e117d1a7c6 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -71,7 +71,6 @@ pub static TLS13_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherSuite = suite: rustls::CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, hash_provider: &hash::Sha256, confidentiality_limit: u64::MAX, - integrity_limit: 1 << 36, }, hkdf_provider: &rustls::crypto::tls13::HkdfUsingHmac(&hmac::Sha256Hmac), aead_alg: &aead::Chacha20Poly1305, @@ -84,7 +83,6 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherS suite: rustls::CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, hash_provider: &hash::Sha256, confidentiality_limit: u64::MAX, - integrity_limit: 1 << 36, }, kx: rustls::crypto::KeyExchangeAlgorithm::ECDHE, sign: &[ diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index daff1b20e9..39aae7c7bf 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -25,7 +25,6 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, confidentiality_limit: u64::MAX, - integrity_limit: 1 << 36, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, @@ -40,7 +39,6 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = suite: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, confidentiality_limit: u64::MAX, - integrity_limit: 1 << 36, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -55,7 +53,6 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -70,7 +67,6 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -85,7 +81,6 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, @@ -100,7 +95,6 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index cd3c2fcd5d..711ba70903 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -26,7 +26,6 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, confidentiality_limit: u64::MAX, - integrity_limit: 1 << 36, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&aead::CHACHA20_POLY1305)), @@ -45,7 +44,6 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = suite: CipherSuite::TLS13_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA384, hmac::HMAC_SHA384), aead_alg: &Aes256GcmAead(AeadAlgorithm(&aead::AES_256_GCM)), @@ -66,7 +64,6 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C suite: CipherSuite::TLS13_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Aes128GcmAead(AeadAlgorithm(&aead::AES_128_GCM)), diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 0cfd9b0156..2b21630274 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -100,13 +100,9 @@ pub(crate) struct PacketKey { key: aead::LessSafeKey, /// Computes unique nonces for each packet iv: Iv, - /// Confidentiality limit (see [`CipherSuiteCommon::confidentiality_limit`][csc-limit]) - /// - /// [csc-limit]: crate::crypto::CipherSuiteCommon::confidentiality_limit + /// Confidentiality limit (see [`quic::PacketKey::confidentiality_limit`]) confidentiality_limit: u64, - /// Integrity limit (see [`CipherSuiteCommon::integrity_limit`][csc-limit]) - /// - /// [csc-limit]: crate::crypto::CipherSuiteCommon::integrity_limit + /// Integrity limit (see [`quic::PacketKey::integrity_limit`]) integrity_limit: u64, } @@ -175,16 +171,12 @@ impl quic::PacketKey for PacketKey { self.key.algorithm().tag_len() } - /// Confidentiality limit (see [`CipherSuiteCommon::confidentiality_limit`][csc-limit]) - /// - /// [csc-limit]: crate::crypto::CipherSuiteCommon::confidentiality_limit + /// Confidentiality limit (see [`quic::PacketKey::confidentiality_limit`]) fn confidentiality_limit(&self) -> u64 { self.confidentiality_limit } - /// Integrity limit (see [`CipherSuiteCommon::integrity_limit`][csc-limit]) - /// - /// [csc-limit]: crate::crypto::CipherSuiteCommon::integrity_limit + /// Integrity limit (see [`quic::PacketKey::integrity_limit`]) fn integrity_limit(&self) -> u64 { self.integrity_limit } diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index c7e01b993e..88458df88b 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -24,7 +24,6 @@ pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, confidentiality_limit: u64::MAX, - integrity_limit: 1 << 36, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, @@ -39,7 +38,6 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = suite: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, confidentiality_limit: u64::MAX, - integrity_limit: 1 << 36, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -54,7 +52,6 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -69,7 +66,6 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -84,7 +80,6 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, @@ -99,7 +94,6 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index c2a71c0c02..fadefb955a 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -26,7 +26,6 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, confidentiality_limit: u64::MAX, - integrity_limit: 1 << 36, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Chacha20Poly1305Aead(AeadAlgorithm(&aead::CHACHA20_POLY1305)), @@ -45,7 +44,6 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = suite: CipherSuite::TLS13_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA384, hmac::HMAC_SHA384), aead_alg: &Aes256GcmAead(AeadAlgorithm(&aead::AES_256_GCM)), @@ -66,7 +64,6 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C suite: CipherSuite::TLS13_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, confidentiality_limit: 1 << 23, - integrity_limit: 1 << 52, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Aes128GcmAead(AeadAlgorithm(&aead::AES_128_GCM)), diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 066ffd4802..28f0b19f81 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -706,18 +706,26 @@ pub trait PacketKey: Send + Sync { /// Tag length for the underlying AEAD algorithm fn tag_len(&self) -> usize; - /// Number of messages that can be safely encrypted with a single key of this type. + /// Number of QUIC messages that can be safely encrypted with a single key of this type. /// - /// See [`CipherSuiteCommon::confidentiality_limit`][csc-limit]. + /// Once a `MessageEncrypter` produced for this suite has encrypted more than + /// `confidentiality_limit` messages, an attacker gains an advantage in distinguishing it + /// from an ideal pseudorandom permutation (PRP). + /// + /// This is to be set on the assumption that messages are maximally sized -- + /// 2 ** 16. For non-QUIC TCP connections see [`CipherSuiteCommon::confidentiality_limit`][csc-limit]. /// /// [csc-limit]: crate::crypto::CipherSuiteCommon::confidentiality_limit fn confidentiality_limit(&self) -> u64; - /// Number of messages that can be safely authenticated with a single key of this type. + /// Number of QUIC messages that can be safely decrypted with a single key of this type /// - /// See [`CipherSuiteCommon::integrity_limit`][csc-limit]. + /// Once a `MessageDecrypter` produced for this suite has failed to decrypt `integrity_limit` + /// messages, an attacker gains an advantage in forging messages. /// - /// [csc-limit]: crate::crypto::CipherSuiteCommon::integrity_limit + /// This is not relevant for TLS over TCP (which is implemented in this crate) + /// because a single failed decryption is fatal to the connection. However, + /// this quantity is used by QUIC. fn integrity_limit(&self) -> u64; } diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index ba1eb5c20a..36007fd189 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -20,25 +20,17 @@ pub struct CipherSuiteCommon { /// Which hash function the suite uses. pub hash_provider: &'static dyn crypto::hash::Hash, - /// Number of messages that can be safely encrypted with a single key of this type + /// Number of TCP-TLS messages that can be safely encrypted with a single key of this type /// /// Once a `MessageEncrypter` produced for this suite has encrypted more than /// `confidentiality_limit` messages, an attacker gains an advantage in distinguishing it /// from an ideal pseudorandom permutation (PRP). /// /// This is to be set on the assumption that messages are maximally sized -- - /// at least 2 ** 14 bytes for TCP-TLS and 2 ** 16 for QUIC. + /// at least 2 ** 14 bytes. It **does not** consider confidentiality limits for + /// QUIC connections - see the [`quic::KeyBuilder.confidentiality_limit`] field for + /// this context. pub confidentiality_limit: u64, - - /// Number of messages that can be safely decrypted with a single key of this type - /// - /// Once a `MessageDecrypter` produced for this suite has failed to decrypt `integrity_limit` - /// messages, an attacker gains an advantage in forging messages. - /// - /// This is not relevant for TLS over TCP (which is implemented in this crate) - /// because a single failed decryption is fatal to the connection. However, - /// this quantity is used by QUIC. - pub integrity_limit: u64, } impl CipherSuiteCommon { From 50a656330b9b89af70ed14dac80304639294ca63 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 20 Feb 2024 09:58:21 -0500 Subject: [PATCH 0811/1145] client_conn: reorder ClientConfig members The `pub(crate)` members should be below the `pub` members and above the `pub(super)` members. --- rustls/src/client/client_conn.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 0e184329bf..7c2db87c7f 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -325,6 +325,12 @@ impl ClientConfig { } } + /// Access configuration options whose use is dangerous and requires + /// extra care. + pub fn dangerous(&mut self) -> danger::DangerousClientConfig<'_> { + danger::DangerousClientConfig { cfg: self } + } + /// We support a given TLS version if it's quoted in the configured /// versions *and* at least one ciphersuite for this version is /// also configured. @@ -345,12 +351,6 @@ impl ClientConfig { .any(|cs| cs.usable_for_protocol(proto)) } - /// Access configuration options whose use is dangerous and requires - /// extra care. - pub fn dangerous(&mut self) -> danger::DangerousClientConfig<'_> { - danger::DangerousClientConfig { cfg: self } - } - pub(super) fn find_cipher_suite(&self, suite: CipherSuite) -> Option { self.provider .cipher_suites From 4aafdc838b1bd41f6c1ba4cfd28577b00f3de62b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 20 Feb 2024 10:00:55 -0500 Subject: [PATCH 0812/1145] client/server: crypto_provider accessor for configs When holding a `ClientConfig` or a `ServerConfig` it may be helpful to be able to access the `&Arc` that will be used for the configuration. This commit adds accessor functions for this purpose. --- rustls/src/client/client_conn.rs | 5 +++++ rustls/src/server/server_conn.rs | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 7c2db87c7f..7addc82ea1 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -325,6 +325,11 @@ impl ClientConfig { } } + /// Return the crypto provider used to construct this client configuration. + pub fn crypto_provider(&self) -> &Arc { + &self.provider + } + /// Access configuration options whose use is dangerous and requires /// extra care. pub fn dangerous(&mut self) -> danger::DangerousClientConfig<'_> { diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index f52f20d49b..b89c6a7dbc 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -469,6 +469,11 @@ impl ServerConfig { } } + /// Return the crypto provider used to construct this client configuration. + pub fn crypto_provider(&self) -> &Arc { + &self.provider + } + /// We support a given TLS version if it's quoted in the configured /// versions *and* at least one ciphersuite for this version is /// also configured. From d5842f461e3049d4e3857a60a083f65158a303be Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 21 Feb 2024 11:25:24 -0500 Subject: [PATCH 0813/1145] tls13/quic: construct QUIC suite from TLS 1.3 suite This commit adds a `quic::Suite` struct for representing the combination of a `Tls13CipherSuite` and a `quic::Algorithm`. This can optionally be constructed from a `Tls13CipherSuite` that supports QUIC. Having this type helps downstream users that otherwise need to juggle the `Option` and `Option` from a `SupportedCipherSuite` separately. --- rustls/src/quic.rs | 21 +++++++++++++++++++++ rustls/src/tls13/mod.rs | 6 ++++++ 2 files changed, 27 insertions(+) diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 28f0b19f81..dccdff1698 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -797,6 +797,27 @@ impl<'a> KeyBuilder<'a> { } } +/// Produces QUIC initial keys from a TLS 1.3 ciphersuite and a QUIC key generation algorithm. +pub struct Suite { + /// The TLS 1.3 ciphersuite used to derive keys. + pub suite: &'static Tls13CipherSuite, + /// The QUIC key generation algorithm used to derive keys. + pub quic: &'static dyn Algorithm, +} + +impl Suite { + /// Produce a set of initial keys given the connection ID, side and version + pub fn keys(&self, client_dst_connection_id: &[u8], side: Side, version: Version) -> Keys { + Keys::initial( + version, + self.suite, + self.quic, + client_dst_connection_id, + side, + ) + } +} + /// Complete set of keys used to communicate with the peer pub struct Keys { /// Encrypts outgoing packets diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index d9676071aa..b6b48f890e 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -58,6 +58,12 @@ impl Tls13CipherSuite { && aead_alg.fips() && quic.map(|q| q.fips()).unwrap_or(true) } + + /// Returns a `quic::Suite` for the ciphersuite, if supported. + pub fn quic_suite(&'static self) -> Option { + self.quic + .map(|quic| crate::quic::Suite { quic, suite: self }) + } } impl From<&'static Tls13CipherSuite> for SupportedCipherSuite { From 425b5272901d60a4e3d18d4f17d5d7291c331272 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 23 Feb 2024 17:30:05 +0000 Subject: [PATCH 0814/1145] ROADMAP.md: prepare for 0.23 release --- ROADMAP.md | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index 88a387bfcf..a35fae0df6 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -4,18 +4,6 @@ In rough order of priority: -* **FIPS Certification for Default Cryptographic Library**. - Change the default cryptographic library to something with FIPS certification. - rustls/rustls#1540 - -* **Add No-Allocation / Write-Through API**. - Would make handshakes faster and give the caller more control over allocations. - RFC: rustls/rustls#1420 - -* **Support no_std**. - Enables use of rustls in more memory-constrained environments. - RFC: rustls/rustls#1399 - * **OpenSSL API Compatibility Layer**. Add an OpenSSL C API compatibility layer for adoption purposes. @@ -48,6 +36,20 @@ In rough order of priority: ## Past priorities +Delivered in 0.23: + +* **FIPS Certification for Default Cryptographic Library**. + Change the default cryptographic library to something with FIPS certification. + rustls/rustls#1540 + +* **Add No-Allocation / Write-Through API**. + Would make handshakes faster and give the caller more control over allocations. + RFC: rustls/rustls#1420 + +* **Support no_std**. + Enables use of rustls in more memory-constrained environments. + RFC: rustls/rustls#1399 + Delivered in [rustls-platform-verifier](https://github.com/rustls/rustls-platform-verifier) 0.1.0: * **Improve OS Trust Verifier Support**. From cf098b08d32b8f9636faf3dd82a1b8d4a85a146e Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Wed, 28 Feb 2024 19:29:40 +0000 Subject: [PATCH 0815/1145] Cargo.toml: disentangle std/aws_lc_rs features --- .github/workflows/build.yml | 14 +++++++------- admin/coverage | 4 ++-- bogo/runme | 4 ++-- rustls/Cargo.toml | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 16f18f251d..65ec5748b3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -67,12 +67,12 @@ jobs: RUST_BACKTRACE: 1 - name: cargo test (debug; aws-lc-rs) - run: cargo test --no-default-features --features aws_lc_rs,tls12,read_buf,logging --all-targets + run: cargo test --no-default-features --features aws_lc_rs,tls12,read_buf,logging,std --all-targets env: RUST_BACKTRACE: 1 - name: cargo test (release; fips) - run: cargo test --release --no-default-features --features fips,tls12,read_buf,logging --all-targets + run: cargo test --release --no-default-features --features fips,tls12,read_buf,logging,std --all-targets env: RUST_BACKTRACE: 1 @@ -132,15 +132,15 @@ jobs: working-directory: rustls - name: cargo test (debug; no default features; tls12) - run: cargo test --locked --no-default-features --features tls12 + run: cargo test --locked --no-default-features --features tls12,std working-directory: rustls - name: cargo test (debug; no default features; aws-lc-rs,tls12) - run: cargo test --no-default-features --features aws_lc_rs,tls12 + run: cargo test --no-default-features --features aws_lc_rs,tls12,std working-directory: rustls - name: cargo test (debug; no default features; fips,tls12) - run: cargo test --no-default-features --features fips,tls12 + run: cargo test --no-default-features --features fips,tls12,std working-directory: rustls - name: cargo test (release; no run) @@ -216,10 +216,10 @@ jobs: run: cargo run -p rustls --release --locked --example bench - name: Smoke-test benchmark program (aws-lc-rs) - run: cargo run -p rustls --release --locked --example bench --no-default-features --features aws_lc_rs,tls12 + run: cargo run -p rustls --release --locked --example bench --no-default-features --features aws_lc_rs,tls12,std - name: Smoke-test benchmark program (fips) - run: cargo run -p rustls --release --locked --example bench --no-default-features --features fips,tls12 + run: cargo run -p rustls --release --locked --example bench --no-default-features --features fips,tls12,std - name: Run micro-benchmarks run: cargo bench --locked --all-features diff --git a/admin/coverage b/admin/coverage index 70076acea9..fba613b061 100755 --- a/admin/coverage +++ b/admin/coverage @@ -7,8 +7,8 @@ cargo llvm-cov clean --workspace cargo build --locked --all-targets --all-features cargo test --locked --all-features -cargo test --locked --no-default-features --features tls12,logging,aws_lc_rs,fips -cargo test --locked --no-default-features --features tls12,logging,ring +cargo test --locked --no-default-features --features tls12,logging,aws_lc_rs,fips,std +cargo test --locked --no-default-features --features tls12,logging,ring,std ## bogo cargo test --locked --all-features run_bogo_tests_ring -- --ignored diff --git a/bogo/runme b/bogo/runme index b741a68cb7..435a74195b 100755 --- a/bogo/runme +++ b/bogo/runme @@ -7,11 +7,11 @@ set -xe case ${BOGO_SHIM_PROVIDER:-ring} in ring) - cargo build -p rustls --example bogo_shim + cargo build -p rustls --example bogo_shim --no-default-features --features ring,tls12,logging,std cpp -P -DRING config.json.in -oconfig.json ;; aws-lc-rs) - cargo build -p rustls --example bogo_shim --no-default-features --features aws_lc_rs,tls12,logging + cargo build -p rustls --example bogo_shim --no-default-features --features aws_lc_rs,tls12,logging,std cpp -P -DAWS_LC_RS config.json.in -oconfig.json ;; existing) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 666446bf92..38e1d4f9a2 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -27,10 +27,10 @@ pki-types = { package = "rustls-pki-types", version = "1.2", features = ["alloc" zeroize = "1.7" [features] -default = ["logging", "std", "tls12"] -std = ["aws_lc_rs", "webpki/std", "pki-types/std", "once_cell/std"] +default = ["aws_lc_rs", "logging", "std", "tls12"] +std = ["webpki/std", "pki-types/std", "once_cell/std"] logging = ["log"] -aws_lc_rs = ["dep:aws-lc-rs", "webpki/aws_lc_rs", "std"] +aws_lc_rs = ["dep:aws-lc-rs", "webpki/aws_lc_rs"] ring = ["dep:ring", "webpki/ring"] tls12 = [] read_buf = ["rustversion", "std"] From d5c6036716ba3326e7e3b5ed4d332db226470638 Mon Sep 17 00:00:00 2001 From: Yuxiang Cao Date: Wed, 28 Feb 2024 15:47:58 -0800 Subject: [PATCH 0816/1145] refactor: avoid pretty printing when logging Pretty printing should not used in logging with level that's higher then Debug. --- rustls/src/common_state.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 015c345cef..b3815379e5 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -434,7 +434,7 @@ impl CommonState { if self.is_tls13() && alert.description != AlertDescription::UserCanceled { return Err(self.send_fatal_alert(AlertDescription::DecodeError, err)); } else { - warn!("TLS alert warning received: {:#?}", alert); + warn!("TLS alert warning received: {:?}", alert); return Ok(()); } } From 88022fc91d7e566a329cc65d8c85a77042efe5f7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 29 Feb 2024 11:04:46 +0000 Subject: [PATCH 0817/1145] Reword `no process-level CryptoProvider` panic Avoid markdown and ensure it is a single sentence. --- rustls/src/crypto/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index eb6324c48a..70e74fca47 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -263,7 +263,7 @@ impl CryptoProvider { } let provider = Self::from_crate_features() - .expect("no process-level `CryptoProvider` available. call `CryptoProvider::install_default()` before this point"); + .expect("no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point"); // Ignore the error resulting from us losing a race, and accept the outcome. let _ = provider.install_default(); Self::get_default().unwrap() From eb0791bc94cfdc4c42f743902a35074ce58ced11 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 28 Feb 2024 17:47:11 +0000 Subject: [PATCH 0818/1145] Prepare 0.23.0 --- Cargo.lock | 12 ++++++------ fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f7b15c979a..390b6cf7f1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2139,7 +2139,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.0-alpha.0" +version = "0.23.0" dependencies = [ "aws-lc-rs", "base64", @@ -2169,7 +2169,7 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls 0.23.0-alpha.0", + "rustls 0.23.0", "rustls-pemfile 2.1.0", "rustls-pki-types", ] @@ -2181,7 +2181,7 @@ dependencies = [ "hickory-resolver", "regex", "ring", - "rustls 0.23.0-alpha.0", + "rustls 0.23.0", ] [[package]] @@ -2194,7 +2194,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.0-alpha.0", + "rustls 0.23.0", "rustls-pemfile 2.1.0", "rustls-pki-types", "serde", @@ -2212,7 +2212,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.0-alpha.0", + "rustls 0.23.0", "rustls-pemfile 2.1.0", "rustls-pki-types", ] @@ -2260,7 +2260,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.0-alpha.0", + "rustls 0.23.0", "rustls-pki-types", "rustls-webpki 0.102.2", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 83ea046f94..5468622bd7 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -360,7 +360,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.0-alpha.0" +version = "0.23.0" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 38e1d4f9a2..2d23bacbbd 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.0-alpha.0" +version = "0.23.0" edition = "2021" rust-version = "1.61" license = "Apache-2.0 OR ISC OR MIT" From 408a42ae0e483774e9f73ad0c08f0393e4864f2a Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 29 Feb 2024 14:02:12 -0500 Subject: [PATCH 0819/1145] docs: update RELEASING to mention running daily-tests Our daily tests CI job runs some additional tests that are too slow or too flaky to be run for every merge requests. Before doing a release it's a good idea to run this workflow manually to make sure there aren't any lurking regressions that `cargo hack` or another test from this workflow could catch pre-release. This commit adds that guidance to `RELEASING.md` for future releases. --- RELEASING.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/RELEASING.md b/RELEASING.md index 5f82effc7b..3766f2ac3f 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -4,12 +4,16 @@ dependency updates which are not already automatically taken by their semver specs. - If we do, take them if possible. There should be dependabot PRs submitted for these already, but if not make separate commits for these and land those first. -2. Update `rustls/Cargo.toml` to set the correct version. -3. Make a commit with the new version number, something like 'Prepare $VERSION'. This +2. Run the daily-tests CI workflow to check if we have any unfixed regressions. + You can run the workflow manually for the to-be-released branch by visiting + [the daily-tests workflow](https://github.com/rustls/rustls/actions/workflows/daily-tests.yml) + in your browser and selecting "Run workflow". +3. Update `rustls/Cargo.toml` to set the correct version. +4. Make a commit with the new version number, something like 'Prepare $VERSION'. This should not contain functional changes: just version numbers, and perhaps markdown changes. -4. Do a dry run: in `rustls/` check `cargo publish --dry-run`. +5. Do a dry run: in `rustls/` check `cargo publish --dry-run`. - Do not use `--allow-dirty`; use a separate working tree if needed. -5. Come up with text detailing headline changes for this release. General guidelines: +6. Come up with text detailing headline changes for this release. General guidelines: * :green_heart: include any breaking changes. * :green_heart: include any major new headline features. * :green_heart: include any major, user-visible bug fixes. @@ -18,7 +22,7 @@ * :x: omit any internal build, process or test improvements. * :x: omit any minor or user-invisible bug fixes. * :x: omit any changes to dependency versions (unless these cause breaking changes). -5. Open a PR with the above commit and include the release notes in the description. +7. Open a PR with the above commit and include the release notes in the description. Wait for review and CI to confirm it as green. - Any red _should_ naturally block the release. - If rustc nightly is broken, this _may_ be acceptable if the reason is understood From 03f52c1efcbf653490abd7a8b8a3711eb00abfca Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 29 Feb 2024 13:47:29 -0500 Subject: [PATCH 0820/1145] crypto: gate ticketer module on std for aws-lc-rs Fixes a missing import error when building without std and with aws_lc_rs: ``` $ cargo check -p rustls --no-default-features --features aws_lc_rs Compiling rustls v0.23.0 (/home/daniel/Code/Rust/rustls/rustls) error[E0432]: unresolved import `ticketer` --> rustls/src/crypto/aws_lc_rs/mod.rs:228:9 | 228 | pub use ticketer::Ticketer; | ^^^^^^^^ use of undeclared crate or module `ticketer` ``` Adding a `std` gate on `TICKETER_AEAD` was also required to fix unused warnings for builds w/o `std` using either ring or aws_lc_rs: ``` $ cargo check -p rustls --no-default-features --features aws_lc_rs Compiling rustls v0.23.0 (/home/daniel/Code/Rust/rustls/rustls) warning: static `TICKETER_AEAD` is never used --> rustls/src/crypto/aws_lc_rs/mod.rs:249:19 | 249 | pub(super) static TICKETER_AEAD: &ring_like::aead::Algorithm = &ring_like::aead::AES_256_GCM; | ^^^^^^^^^^^^^ | = note: `#[warn(dead_code)]` on by default ``` --- rustls/src/crypto/aws_lc_rs/mod.rs | 3 +++ rustls/src/crypto/ring/mod.rs | 1 + 2 files changed, 4 insertions(+) diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index 512de10756..10632b9a03 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -27,6 +27,7 @@ pub(crate) mod hash; pub(crate) mod kx; #[path = "../ring/quic.rs"] pub(crate) mod quic; +#[cfg(feature = "std")] #[path = "../ring/ticketer.rs"] pub(crate) mod ticketer; #[cfg(feature = "tls12")] @@ -224,6 +225,7 @@ pub mod kx_group { } pub use kx::ALL_KX_GROUPS; +#[cfg(feature = "std")] pub use ticketer::Ticketer; use super::SupportedKxGroup; @@ -244,6 +246,7 @@ mod ring_shim { } /// AEAD algorithm that is used by `mod ticketer`. +#[cfg(feature = "std")] pub(super) static TICKETER_AEAD: &ring_like::aead::Algorithm = &ring_like::aead::AES_256_GCM; /// Are we in FIPS mode? diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 68969ac781..81754173a7 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -193,6 +193,7 @@ mod ring_shim { } /// AEAD algorithm that is used by `mod ticketer`. +#[cfg(feature = "std")] pub(super) static TICKETER_AEAD: &ring_like::aead::Algorithm = &ring_like::aead::CHACHA20_POLY1305; pub(super) fn fips() -> bool { From 384b3d6fb0f60efdc1e71e153251ef08b65bc343 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 1 Mar 2024 10:28:45 +0000 Subject: [PATCH 0821/1145] Avoid `fips` feature for docs.rs The docs.rs environment has golang installed, but doesn't have the environment variables needed to make it actually work: https://github.com/rust-lang/docs.rs/issues/1303 So avoid that entirely. --- .github/workflows/docs.yml | 3 ++- rustls/Cargo.toml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 77058c3a9a..a4a3039583 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -34,7 +34,8 @@ jobs: "" - name: cargo doc - run: cargo doc --locked --all-features --no-deps --package rustls + # keep features in sync with Cargo.toml `[package.metadata.docs.rs]` section + run: cargo doc --locked --features read_buf,ring --no-deps --package rustls env: RUSTDOCFLAGS: -Dwarnings --cfg=docsrs --html-after-content tag.html diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 2d23bacbbd..b941dafa5c 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -61,7 +61,8 @@ harness = false required-features = ["ring"] [package.metadata.docs.rs] -all-features = true +# all non-default features except fips (cannot build on docs.rs environment) +features = ["read_buf", "ring"] rustdoc-args = ["--cfg", "docsrs"] [package.metadata.cargo_check_external_types] From 69920b0b7ec18a47c4e22f371f67a4fe532b293a Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 1 Mar 2024 10:38:44 +0000 Subject: [PATCH 0822/1145] default_fips_provider(): make visible in docs --- rustls/src/crypto/mod.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 70e74fca47..f67420f1d8 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -544,7 +544,8 @@ impl From<&[u8]> for SharedSecret { /// .with_no_client_auth(); /// # } /// ``` -#[cfg(feature = "fips")] +#[cfg(any(feature = "fips", docsrs))] +#[cfg_attr(docsrs, doc(cfg(feature = "fips")))] pub fn default_fips_provider() -> CryptoProvider { crate::crypto::aws_lc_rs::default_provider() } From bce2e5e2413083f2f57a790206827686b6e69867 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 1 Mar 2024 14:01:08 +0000 Subject: [PATCH 0823/1145] Prepare 0.23.1 --- Cargo.lock | 12 ++++++------ fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 390b6cf7f1..2185a394eb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2139,7 +2139,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.0" +version = "0.23.1" dependencies = [ "aws-lc-rs", "base64", @@ -2169,7 +2169,7 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls 0.23.0", + "rustls 0.23.1", "rustls-pemfile 2.1.0", "rustls-pki-types", ] @@ -2181,7 +2181,7 @@ dependencies = [ "hickory-resolver", "regex", "ring", - "rustls 0.23.0", + "rustls 0.23.1", ] [[package]] @@ -2194,7 +2194,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.0", + "rustls 0.23.1", "rustls-pemfile 2.1.0", "rustls-pki-types", "serde", @@ -2212,7 +2212,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.0", + "rustls 0.23.1", "rustls-pemfile 2.1.0", "rustls-pki-types", ] @@ -2260,7 +2260,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.0", + "rustls 0.23.1", "rustls-pki-types", "rustls-webpki 0.102.2", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 5468622bd7..e8cbc615e8 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -360,7 +360,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.0" +version = "0.23.1" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index b941dafa5c..706e8bbbec 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.0" +version = "0.23.1" edition = "2021" rust-version = "1.61" license = "Apache-2.0 OR ISC OR MIT" From b6f283ed798c2d068a7fdee66cf892cac04a5ce7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 8 Nov 2023 14:07:29 +0000 Subject: [PATCH 0824/1145] Ask rustfmt to make our imports consistent These are nightly-only options: so keep them in a separate file. When it sees unstable features, stable rustfmt gives a diagnostic like: > Warning: can't set `imports_granularity = Module`, unstable features are only available in nightly channel. > Warning: can't set `group_imports = StdExternalCrate`, unstable features are only available in nightly channel. But: _does_ otherwise format the files and exit non-zero. However, this is noisy. We arrange that `cargo +nightly fmt-unstable` also does the right thing. --- .cargo/config.toml | 3 +++ .rustfmt.unstable.toml | 6 ++++++ 2 files changed, 9 insertions(+) create mode 100644 .cargo/config.toml create mode 100644 .rustfmt.unstable.toml diff --git a/.cargo/config.toml b/.cargo/config.toml new file mode 100644 index 0000000000..b975a61377 --- /dev/null +++ b/.cargo/config.toml @@ -0,0 +1,3 @@ +[alias] + +fmt-unstable = ["fmt", "--", "--config-path", ".rustfmt.unstable.toml"] diff --git a/.rustfmt.unstable.toml b/.rustfmt.unstable.toml new file mode 100644 index 0000000000..521dae776b --- /dev/null +++ b/.rustfmt.unstable.toml @@ -0,0 +1,6 @@ +# keep in sync with .rustfmt.toml +chain_width = 40 + +# format imports +group_imports = "StdExternalCrate" +imports_granularity = "Module" From a47352629d21c8c044c2dbe8848aaff114573701 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 8 Nov 2023 14:26:26 +0000 Subject: [PATCH 0825/1145] Run rustfmt nightly in CI Do not fail the job on changes on nightly. --- .github/workflows/build.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 65ec5748b3..e03cea4476 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -347,6 +347,29 @@ jobs: - name: Check formatting (fuzz workspace) run: cargo fmt --all --manifest-path=fuzz/Cargo.toml -- --check + format-unstable: + name: Format (unstable) + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Install rust nightly toolchain + uses: dtolnay/rust-toolchain@master + with: + components: rustfmt + toolchain: nightly-2024-02-21 + - name: Check formatting (unstable) + run: cargo fmt-unstable --all -- --check + continue-on-error: true + - name: Check formatting (unstable, connect-tests workspace) + run: cargo fmt-unstable --all --manifest-path=connect-tests/Cargo.toml -- --check + continue-on-error: true + - name: Check formatting (unstable, fuzz workspace) + run: cargo fmt-unstable --all --manifest-path=fuzz/Cargo.toml -- --check + continue-on-error: true + clippy: name: Clippy runs-on: ubuntu-latest From 2d66fe4d9b54b2c0911381556d930b090950719c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 20 Dec 2023 17:28:28 +0000 Subject: [PATCH 0826/1145] Fix `name` for benchmarking toolchain step --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e03cea4476..a3f567f40e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -209,7 +209,7 @@ jobs: with: persist-credentials: false - - name: Install stable toolchain + - name: Install nightly toolchain uses: dtolnay/rust-toolchain@nightly - name: Smoke-test benchmark program (ring) From 546a85d91277a1009d199aa1e2829ecf153e2631 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 28 Feb 2024 09:10:20 +0000 Subject: [PATCH 0827/1145] Format imports with `cargo +nightly fmt-unstable` Run with nightly-2024-02-21 --- ci-bench/src/util.rs | 6 +- connect-tests/tests/ech.rs | 1 - examples/src/bin/limitedclient.rs | 3 +- examples/src/bin/server_acceptor.rs | 3 +- examples/src/bin/tlsclient-mio.rs | 3 +- examples/src/bin/tlsserver-mio.rs | 3 +- openssl-tests/src/ffdhe_kx_with_openssl.rs | 3 +- rustls/benches/benchmarks.rs | 8 +-- rustls/examples/internal/bench_impl.rs | 15 ++--- rustls/examples/internal/bogo_shim_impl.rs | 25 ++++--- rustls/src/bs_debug.rs | 3 +- rustls/src/builder.rs | 10 +-- rustls/src/client/builder.rs | 18 +++-- rustls/src/client/client_conn.rs | 44 +++++-------- rustls/src/client/common.rs | 11 ++-- rustls/src/client/handy.rs | 19 +++--- rustls/src/client/hs.rs | 45 ++++++------- rustls/src/client/tls12.rs | 40 +++++------ rustls/src/client/tls13.rs | 52 +++++++-------- rustls/src/common_state.rs | 16 ++--- rustls/src/conn.rs | 24 +++---- rustls/src/crypto/aws_lc_rs/mod.rs | 25 ++++--- rustls/src/crypto/aws_lc_rs/sign.rs | 23 +++---- rustls/src/crypto/aws_lc_rs/tls12.rs | 8 +-- rustls/src/crypto/aws_lc_rs/tls13.rs | 6 +- rustls/src/crypto/cipher.rs | 4 +- rustls/src/crypto/hash.rs | 4 +- rustls/src/crypto/mod.rs | 21 +++--- rustls/src/crypto/ring/hash.rs | 4 +- rustls/src/crypto/ring/hmac.rs | 4 +- rustls/src/crypto/ring/kx.rs | 11 ++-- rustls/src/crypto/ring/mod.rs | 17 ++--- rustls/src/crypto/ring/quic.rs | 7 +- rustls/src/crypto/ring/sign.rs | 27 ++++---- rustls/src/crypto/ring/ticketer.rs | 23 +++---- rustls/src/crypto/ring/tls12.rs | 7 +- rustls/src/crypto/ring/tls13.rs | 5 +- rustls/src/crypto/signer.rs | 10 +-- rustls/src/crypto/tls12.rs | 7 +- rustls/src/crypto/tls13.rs | 13 ++-- rustls/src/error.rs | 14 ++-- rustls/src/hash_hs.rs | 8 +-- rustls/src/key_log_file.rs | 11 ++-- rustls/src/lib.rs | 24 ++++--- rustls/src/msgs/alert.rs | 4 +- rustls/src/msgs/base.rs | 8 +-- rustls/src/msgs/codec.rs | 10 +-- rustls/src/msgs/deframer.rs | 3 +- rustls/src/msgs/enums.rs | 3 +- rustls/src/msgs/fragmenter.rs | 11 ++-- rustls/src/msgs/handshake.rs | 20 +++--- rustls/src/msgs/handshake_test.rs | 13 ++-- rustls/src/msgs/message/inbound.rs | 4 +- rustls/src/msgs/message/mod.rs | 4 +- rustls/src/msgs/message/outbound.rs | 4 +- rustls/src/msgs/message_test.rs | 13 ++-- rustls/src/msgs/persist.rs | 16 ++--- rustls/src/quic.rs | 34 +++++----- rustls/src/rand.rs | 4 +- rustls/src/record_layer.rs | 6 +- rustls/src/server/builder.rs | 18 +++-- rustls/src/server/common.rs | 4 +- rustls/src/server/handy.rs | 38 +++++------ rustls/src/server/hs.rs | 33 +++++----- rustls/src/server/server_conn.rs | 53 +++++++-------- rustls/src/server/tls12.rs | 51 +++++++------- rustls/src/server/tls13.rs | 77 +++++++++------------- rustls/src/stream.rs | 7 +- rustls/src/suites.rs | 4 +- rustls/src/ticketer.rs | 11 ++-- rustls/src/tls12/mod.rs | 14 ++-- rustls/src/tls13/key_schedule.rs | 9 ++- rustls/src/tls13/mod.rs | 6 +- rustls/src/verifybench.rs | 6 +- rustls/src/webpki/anchors.rs | 1 + rustls/src/webpki/client_verifier.rs | 11 ++-- rustls/src/webpki/mod.rs | 8 +-- rustls/src/webpki/server_verifier.rs | 7 +- rustls/src/webpki/verify.rs | 4 +- rustls/src/x509.rs | 3 +- rustls/tests/common/mod.rs | 13 ++-- rustls/tests/ech.rs | 1 - rustls/tests/key_log_file_env.rs | 6 +- rustls/tests/process_provider.rs | 5 +- 84 files changed, 541 insertions(+), 641 deletions(-) diff --git a/ci-bench/src/util.rs b/ci-bench/src/util.rs index e20680be75..49be6fbd45 100644 --- a/ci-bench/src/util.rs +++ b/ci-bench/src/util.rs @@ -401,10 +401,12 @@ pub mod transport { //! but that doesn't matter (we are measuring performance differences, and overhead is automatically //! ignored as long as it remains constant). - use super::async_io::{AsyncRead, AsyncWrite}; + use std::io::{Cursor, Read, Write}; + use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt}; use rustls::{ClientConnection, ConnectionCommon, ServerConnection, SideData}; - use std::io::{Cursor, Read, Write}; + + use super::async_io::{AsyncRead, AsyncWrite}; /// Sends one side's handshake data to the other side in one go. /// diff --git a/connect-tests/tests/ech.rs b/connect-tests/tests/ech.rs index 3cadb73007..12ac1346d9 100644 --- a/connect-tests/tests/ech.rs +++ b/connect-tests/tests/ech.rs @@ -3,7 +3,6 @@ mod ech_config { use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; use hickory_resolver::proto::rr::{RData, RecordType}; use hickory_resolver::Resolver; - use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::enums::EchVersion; use rustls::internal::msgs::handshake::EchConfig; diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index abe85cbde3..62443caef7 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -2,11 +2,12 @@ //! so that unused cryptography in rustls can be discarded by the linker. You can //! observe using `nm` that the binary of this program does not contain any AES code. -use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use std::io::{stdout, Read, Write}; use std::net::TcpStream; use std::sync::Arc; +use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; + fn main() { let root_store = rustls::RootCertStore::from_iter( webpki_roots::TLS_SERVER_ROOTS diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index 595b92b63d..093080fb6b 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -13,13 +13,12 @@ use std::time::Duration; use std::{fs, thread}; use docopt::Docopt; -use serde_derive::Deserialize; - use rustls::pki_types::{ CertificateDer, CertificateRevocationListDer, PrivateKeyDer, PrivatePkcs8KeyDer, }; use rustls::server::{Acceptor, ClientHello, ServerConfig, WebPkiClientVerifier}; use rustls::RootCertStore; +use serde_derive::Deserialize; fn main() { let version = concat!( diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 265bf6ea5d..d4b51dbd18 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -26,11 +26,10 @@ use std::{fs, process, str}; use docopt::Docopt; use mio::net::TcpStream; -use serde::Deserialize; - use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use rustls::pki_types::{CertificateDer, PrivateKeyDer, ServerName}; use rustls::RootCertStore; +use serde::Deserialize; const CLIENT: mio::Token = mio::Token(0); diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 1b41557835..08ecae5a54 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -27,12 +27,11 @@ use std::{fs, net}; use docopt::Docopt; use log::{debug, error}; use mio::net::{TcpListener, TcpStream}; -use serde::Deserialize; - use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use rustls::pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use rustls::server::WebPkiClientVerifier; use rustls::RootCertStore; +use serde::Deserialize; // Token for our listening socket. const LISTENER: mio::Token = mio::Token(0); diff --git a/openssl-tests/src/ffdhe_kx_with_openssl.rs b/openssl-tests/src/ffdhe_kx_with_openssl.rs index 0a20a697e4..9d7e19634a 100644 --- a/openssl-tests/src/ffdhe_kx_with_openssl.rs +++ b/openssl-tests/src/ffdhe_kx_with_openssl.rs @@ -4,6 +4,7 @@ use std::net::{TcpListener, TcpStream}; use std::sync::Arc; use std::{str, thread}; +use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod}; use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use rustls::version::{TLS12, TLS13}; use rustls::{ClientConfig, RootCertStore, ServerConfig, SupportedProtocolVersion}; @@ -13,8 +14,6 @@ use rustls_pki_types::{CertificateDer, PrivateKeyDer}; use crate::ffdhe::{self, FfdheKxGroup}; use crate::utils::verify_openssl3_available; -use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod}; - #[test] fn rustls_server_with_ffdhe_kx_tls13() { test_rustls_server_with_ffdhe_kx(&TLS13, 1) diff --git a/rustls/benches/benchmarks.rs b/rustls/benches/benchmarks.rs index 27b5959322..82582e6d0b 100644 --- a/rustls/benches/benchmarks.rs +++ b/rustls/benches/benchmarks.rs @@ -1,18 +1,16 @@ #![cfg(feature = "ring")] use bencher::{benchmark_group, benchmark_main, Bencher}; - use rustls::crypto::ring as provider; #[path = "../tests/common/mod.rs"] mod test_utils; -use test_utils::*; - -use rustls::ServerConnection; - use std::io; use std::sync::Arc; +use rustls::ServerConnection; +use test_utils::*; + fn bench_ewouldblock(c: &mut Bencher) { let server_config = make_server_config(KeyType::Rsa); let mut server = ServerConnection::new(Arc::new(server_config)).unwrap(); diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 160db03123..13c9eb5ce8 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -3,16 +3,13 @@ // Note: we don't use any of the standard 'cargo bench', 'test::Bencher', // etc. because it's unstable at the time of writing. -use std::env; -use std::fs; use std::io::{self, Read, Write}; -use std::ops::Deref; -use std::ops::DerefMut; +use std::ops::{Deref, DerefMut}; use std::sync::Arc; use std::time::{Duration, Instant}; +use std::{env, fs}; use pki_types::{CertificateDer, PrivateKeyDer}; - use rustls::client::Resumption; #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] use rustls::crypto::aws_lc_rs as provider; @@ -24,10 +21,10 @@ use rustls::crypto::ring as provider; use rustls::crypto::ring::{cipher_suite, Ticketer}; use rustls::crypto::CryptoProvider; use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; -use rustls::RootCertStore; -use rustls::{ClientConfig, ClientConnection}; -use rustls::{ConnectionCommon, SideData}; -use rustls::{ServerConfig, ServerConnection}; +use rustls::{ + ClientConfig, ClientConnection, ConnectionCommon, RootCertStore, ServerConfig, + ServerConnection, SideData, +}; pub fn main() { let mut args = std::env::args(); diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 2dfa2dfdc1..9edf1c530b 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -4,8 +4,19 @@ // https://boringssl.googlesource.com/boringssl/+/master/ssl/test // +use std::fmt::{Debug, Formatter}; +use std::io::{self, BufReader, Read, Write}; +use std::sync::Arc; +use std::{env, fs, net, process, thread, time}; + +use base64::prelude::{Engine, BASE64_STANDARD}; +use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime}; use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier}; +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +use rustls::crypto::aws_lc_rs as provider; +#[cfg(feature = "ring")] +use rustls::crypto::ring as provider; use rustls::crypto::{CryptoProvider, SupportedKxGroup}; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist::ServerSessionValue; @@ -18,20 +29,6 @@ use rustls::{ SupportedProtocolVersion, }; -#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] -use rustls::crypto::aws_lc_rs as provider; -#[cfg(feature = "ring")] -use rustls::crypto::ring as provider; - -use base64::prelude::{Engine, BASE64_STANDARD}; -use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime}; - -use std::fmt::{Debug, Formatter}; -use std::io::{self, BufReader, Read, Write}; -use std::sync::Arc; -use std::time; -use std::{env, fs, net, process, thread}; - static BOGO_NACK: i32 = 89; macro_rules! println_err( diff --git a/rustls/src/bs_debug.rs b/rustls/src/bs_debug.rs index 1891528063..858e8bdc3a 100644 --- a/rustls/src/bs_debug.rs +++ b/rustls/src/bs_debug.rs @@ -41,10 +41,11 @@ impl<'a> fmt::Debug for BsDebug<'a> { #[cfg(test)] mod tests { - use super::BsDebug; use std::format; use std::prelude::v1::*; + use super::BsDebug; + #[test] fn debug() { let vec: Vec<_> = (0..0x100).map(|b| b as u8).collect(); diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 4ccd82b891..8a114003b0 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -1,14 +1,14 @@ -use crate::error::Error; -use crate::time_provider::TimeProvider; -use crate::versions; -use crate::{crypto::CryptoProvider, msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS}; - use alloc::format; use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; use core::marker::PhantomData; +use crate::crypto::CryptoProvider; +use crate::error::Error; +use crate::msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS; +use crate::time_provider::TimeProvider; +use crate::versions; #[cfg(doc)] use crate::{ClientConfig, ServerConfig}; diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index ac2df168c1..eaa265b5d5 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -1,6 +1,12 @@ +use alloc::sync::Arc; +use alloc::vec::Vec; +use core::marker::PhantomData; + +use pki_types::{CertificateDer, PrivateKeyDer}; + +use super::client_conn::Resumption; use crate::builder::{ConfigBuilder, WantsVerifier}; -use crate::client::handy; -use crate::client::{ClientConfig, ResolvesClientCert}; +use crate::client::{handy, ClientConfig, ResolvesClientCert}; use crate::crypto::CryptoProvider; use crate::error::Error; use crate::key_log::NoKeyLog; @@ -9,14 +15,6 @@ use crate::time_provider::TimeProvider; use crate::webpki::{self, WebPkiServerVerifier}; use crate::{verify, versions}; -use super::client_conn::Resumption; - -use pki_types::{CertificateDer, PrivateKeyDer}; - -use alloc::sync::Arc; -use alloc::vec::Vec; -use core::marker::PhantomData; - impl ConfigBuilder { /// Choose how to verify server certificates. /// diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 7addc82ea1..ddcb58ba61 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -1,3 +1,13 @@ +use alloc::sync::Arc; +use alloc::vec::Vec; +use core::marker::PhantomData; +use core::ops::{Deref, DerefMut}; +use core::{fmt, mem}; + +use pki_types::{ServerName, UnixTime}; + +use super::handy::NoClientSessionStorage; +use super::hs; use crate::builder::ConfigBuilder; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, UnbufferedConnectionCommon}; @@ -9,32 +19,16 @@ use crate::log::trace; use crate::msgs::enums::NamedGroup; use crate::msgs::handshake::ClientExtension; use crate::msgs::persist; -use crate::sign; use crate::suites::SupportedCipherSuite; #[cfg(feature = "std")] use crate::time_provider::DefaultTimeProvider; use crate::time_provider::TimeProvider; use crate::unbuffered::{EncryptError, TransmitTlsData}; -use crate::versions; -use crate::KeyLog; #[cfg(feature = "std")] use crate::WantsVerifier; -use crate::{verify, WantsVersions}; - -use super::handy::NoClientSessionStorage; -use super::hs; - -use pki_types::{ServerName, UnixTime}; - -use alloc::sync::Arc; -use alloc::vec::Vec; -use core::fmt; -use core::marker::PhantomData; -use core::mem; -use core::ops::{Deref, DerefMut}; - #[cfg(doc)] use crate::{crypto, DistinguishedName}; +use crate::{sign, verify, versions, KeyLog, WantsVersions}; /// A trait for the ability to store client session data, so that sessions /// can be resumed in future connections. @@ -584,22 +578,20 @@ impl EarlyData { #[cfg(feature = "std")] mod connection { - use crate::common_state::Protocol; - use crate::conn::ConnectionCommon; - use crate::conn::ConnectionCore; - use crate::error::Error; - use crate::suites::ExtractedSecrets; - use crate::ClientConfig; - - use pki_types::ServerName; - use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; use core::ops::{Deref, DerefMut}; use std::io; + use pki_types::ServerName; + use super::ClientConnectionData; + use crate::common_state::Protocol; + use crate::conn::{ConnectionCommon, ConnectionCore}; + use crate::error::Error; + use crate::suites::ExtractedSecrets; + use crate::ClientConfig; /// Stub that implements io::Write and dispatches to `write_early_data`. pub struct WriteEarlyData<'a> { diff --git a/rustls/src/client/common.rs b/rustls/src/client/common.rs index 52daa4111c..86a6ce5cd4 100644 --- a/rustls/src/client/common.rs +++ b/rustls/src/client/common.rs @@ -1,15 +1,14 @@ +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec::Vec; + use super::ResolvesClientCert; #[cfg(feature = "logging")] use crate::log::{debug, trace}; use crate::msgs::enums::ExtensionType; -use crate::msgs::handshake::ServerExtension; -use crate::msgs::handshake::{CertificateChain, DistinguishedName}; +use crate::msgs::handshake::{CertificateChain, DistinguishedName, ServerExtension}; use crate::{sign, SignatureScheme}; -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec::Vec; - #[derive(Debug)] pub(super) struct ServerCertDetails<'a> { pub(super) cert_chain: CertificateChain<'a>, diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index af2dc2e2cc..8ce7745a1f 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -1,14 +1,12 @@ -use crate::client; +use alloc::sync::Arc; + +use pki_types::ServerName; + use crate::enums::SignatureScheme; use crate::error::Error; use crate::msgs::handshake::CertificateChain; use crate::msgs::persist; -use crate::sign; -use crate::NamedGroup; - -use pki_types::ServerName; - -use alloc::sync::Arc; +use crate::{client, sign, NamedGroup}; /// An implementer of `ClientSessionStore` which does nothing. #[derive(Debug)] @@ -42,12 +40,11 @@ mod cache { use core::fmt; use std::sync::Mutex; - use crate::limited_cache; - use crate::msgs::persist; - use crate::NamedGroup; - use pki_types::ServerName; + use crate::msgs::persist; + use crate::{limited_cache, NamedGroup}; + const MAX_TLS13_TICKETS_PER_SERVER: usize = 8; struct ServerData { diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index ed6e85256c..b1accd5df6 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -1,6 +1,21 @@ +use alloc::borrow::ToOwned; +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; +use core::ops::Deref; + +use pki_types::ServerName; + +#[cfg(feature = "tls12")] +use super::tls12; +use super::Tls12Resumption; #[cfg(feature = "logging")] use crate::bs_debug; use crate::check::inappropriate_handshake_message; +use crate::client::client_conn::ClientConnectionData; +use crate::client::common::ClientHelloDetails; +use crate::client::{tls13, ClientConfig}; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm}; @@ -10,35 +25,17 @@ use crate::hash_hs::HandshakeHashBuffer; #[cfg(feature = "logging")] use crate::log::{debug, trace}; use crate::msgs::base::Payload; -use crate::msgs::enums::{Compression, ExtensionType}; -use crate::msgs::enums::{ECPointFormat, PSKKeyExchangeMode}; -use crate::msgs::handshake::ConvertProtocolNameList; -use crate::msgs::handshake::{CertificateStatusRequest, ClientSessionTicket}; -use crate::msgs::handshake::{ClientExtension, HasServerExtensions}; -use crate::msgs::handshake::{ClientHelloPayload, HandshakeMessagePayload, HandshakePayload}; -use crate::msgs::handshake::{HelloRetryRequest, KeyShareEntry}; -use crate::msgs::handshake::{Random, SessionId}; +use crate::msgs::enums::{Compression, ECPointFormat, ExtensionType, PSKKeyExchangeMode}; +use crate::msgs::handshake::{ + CertificateStatusRequest, ClientExtension, ClientHelloPayload, ClientSessionTicket, + ConvertProtocolNameList, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, + HelloRetryRequest, KeyShareEntry, Random, SessionId, +}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; use crate::tls13::key_schedule::KeyScheduleEarly; use crate::SupportedCipherSuite; -#[cfg(feature = "tls12")] -use super::tls12; -use super::Tls12Resumption; -use crate::client::client_conn::ClientConnectionData; -use crate::client::common::ClientHelloDetails; -use crate::client::{tls13, ClientConfig}; - -use pki_types::ServerName; - -use alloc::borrow::ToOwned; -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec; -use alloc::vec::Vec; -use core::ops::Deref; - pub(super) type NextState<'a> = Box + 'a>; pub(super) type NextStateOrError<'a> = Result, Error>; pub(super) type ClientContext<'a> = crate::common_state::Context<'a, ClientConnectionData>; diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 65ffbb428e..46e9e50f28 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -1,9 +1,22 @@ +use alloc::borrow::ToOwned; +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; + +use pki_types::ServerName; +pub(super) use server_hello::CompleteServerHelloHandling; +use subtle::ConstantTimeEq; + +use super::client_conn::ClientConnectionData; +use super::hs::ClientContext; use crate::check::{inappropriate_handshake_message, inappropriate_message}; +use crate::client::common::{ClientAuthDetails, ServerCertDetails}; +use crate::client::{hs, ClientConfig}; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; use crate::crypto::KeyExchangeAlgorithm; -use crate::enums::ProtocolVersion; -use crate::enums::{AlertDescription, ContentType, HandshakeType}; +use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHash; #[cfg(feature = "logging")] @@ -22,29 +35,10 @@ use crate::suites::{PartiallyExtractedSecrets, SupportedCipherSuite}; use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite}; use crate::verify::{self, DigitallySignedStruct}; -use super::client_conn::ClientConnectionData; -use super::hs::ClientContext; -use crate::client::common::ClientAuthDetails; -use crate::client::common::ServerCertDetails; -use crate::client::{hs, ClientConfig}; - -use pki_types::ServerName; -use subtle::ConstantTimeEq; - -use alloc::borrow::ToOwned; -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec; -use alloc::vec::Vec; - -pub(super) use server_hello::CompleteServerHelloHandling; - mod server_hello { - use crate::msgs::enums::ExtensionType; - use crate::msgs::handshake::HasServerExtensions; - use crate::msgs::handshake::ServerHelloPayload; - use super::*; + use crate::msgs::enums::ExtensionType; + use crate::msgs::handshake::{HasServerExtensions, ServerHelloPayload}; pub(in crate::client) struct CompleteServerHelloHandling { pub(in crate::client) config: Arc, diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index d9ddd65c7d..698e8dd7d2 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -1,8 +1,18 @@ +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; + +use pki_types::ServerName; +use subtle::ConstantTimeEq; + +use super::client_conn::ClientConnectionData; +use super::hs::ClientContext; use crate::check::inappropriate_handshake_message; -use crate::common_state::Protocol; -use crate::common_state::{CommonState, Side, State}; +use crate::client::common::{ClientAuthDetails, ClientHelloDetails, ServerCertDetails}; +use crate::client::{hs, ClientConfig, ClientSessionStore}; +use crate::common_state::{CommonState, Protocol, Side, State}; use crate::conn::ConnectionRandoms; -use crate::crypto; use crate::crypto::ActiveKeyExchange; use crate::enums::{ AlertDescription, ContentType, HandshakeType, ProtocolVersion, SignatureScheme, @@ -13,40 +23,24 @@ use crate::hash_hs::{HandshakeHash, HandshakeHashBuffer}; use crate::log::{debug, trace, warn}; use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; -use crate::msgs::enums::ExtensionType; -use crate::msgs::enums::KeyUpdateRequest; -use crate::msgs::handshake::NewSessionTicketPayloadTls13; -use crate::msgs::handshake::{CertificateEntry, CertificatePayloadTls13}; -use crate::msgs::handshake::{ClientExtension, ServerExtension}; -use crate::msgs::handshake::{HandshakeMessagePayload, HandshakePayload}; -use crate::msgs::handshake::{HasServerExtensions, ServerHelloPayload}; -use crate::msgs::handshake::{PresharedKeyIdentity, PresharedKeyOffer}; +use crate::msgs::enums::{ExtensionType, KeyUpdateRequest}; +use crate::msgs::handshake::{ + CertificateEntry, CertificatePayloadTls13, ClientExtension, HandshakeMessagePayload, + HandshakePayload, HasServerExtensions, NewSessionTicketPayloadTls13, PresharedKeyIdentity, + PresharedKeyOffer, ServerExtension, ServerHelloPayload, +}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; use crate::sign::{CertifiedKey, Signer}; use crate::suites::PartiallyExtractedSecrets; -use crate::tls13::construct_client_verify_message; -use crate::tls13::construct_server_verify_message; use crate::tls13::key_schedule::{ KeyScheduleEarly, KeyScheduleHandshake, KeySchedulePreHandshake, KeyScheduleTraffic, }; -use crate::tls13::Tls13CipherSuite; +use crate::tls13::{ + construct_client_verify_message, construct_server_verify_message, Tls13CipherSuite, +}; use crate::verify::{self, DigitallySignedStruct}; -use crate::KeyLog; - -use super::client_conn::ClientConnectionData; -use super::hs::ClientContext; -use crate::client::common::ServerCertDetails; -use crate::client::common::{ClientAuthDetails, ClientHelloDetails}; -use crate::client::{hs, ClientConfig, ClientSessionStore}; - -use pki_types::ServerName; -use subtle::ConstantTimeEq; - -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec; -use alloc::vec::Vec; +use crate::{crypto, KeyLog}; // Extensions we expect in plaintext in the ServerHello. static ALLOWED_PLAINTEXT_EXTS: &[ExtensionType] = &[ diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index b3815379e5..5ef47763f8 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -1,3 +1,8 @@ +use alloc::boxed::Box; +use alloc::vec::Vec; + +use pki_types::CertificateDer; + use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; #[cfg(feature = "logging")] @@ -11,19 +16,12 @@ use crate::msgs::message::{ Message, MessagePayload, OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PlainMessage, }; -use crate::quic; -use crate::record_layer; -use crate::suites::PartiallyExtractedSecrets; -use crate::suites::SupportedCipherSuite; +use crate::suites::{PartiallyExtractedSecrets, SupportedCipherSuite}; #[cfg(feature = "tls12")] use crate::tls12::ConnectionSecrets; use crate::unbuffered::{EncryptError, InsufficientSizeError}; use crate::vecbuf::ChunkVecBuffer; - -use alloc::boxed::Box; -use alloc::vec::Vec; - -use pki_types::CertificateDer; +use crate::{quic, record_layer}; /// Connection state common to both client and server connections. pub struct CommonState { diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 42d158943d..6968cae793 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -1,3 +1,10 @@ +use alloc::boxed::Box; +use core::fmt::Debug; +use core::mem; +use core::ops::{Deref, DerefMut}; +#[cfg(feature = "std")] +use std::io; + use crate::common_state::{CommonState, Context, IoState, State, DEFAULT_BUFFER_LIMIT}; use crate::enums::{AlertDescription, ContentType}; use crate::error::{Error, PeerMisbehaved}; @@ -9,17 +16,15 @@ use crate::msgs::message::{InboundPlainMessage, Message, MessagePayload}; use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; use crate::vecbuf::ChunkVecBuffer; -use alloc::boxed::Box; -use core::fmt::Debug; -use core::mem; -use core::ops::{Deref, DerefMut}; -#[cfg(feature = "std")] -use std::io; - pub(crate) mod unbuffered; #[cfg(feature = "std")] mod connection { + use alloc::vec::Vec; + use core::fmt::Debug; + use core::ops::{Deref, DerefMut}; + use std::io; + use crate::common_state::{CommonState, IoState}; use crate::error::Error; use crate::msgs::message::OutboundChunks; @@ -27,11 +32,6 @@ mod connection { use crate::vecbuf::ChunkVecBuffer; use crate::ConnectionCommon; - use alloc::vec::Vec; - use core::fmt::Debug; - use core::ops::{Deref, DerefMut}; - use std::io; - /// A client or server connection. #[derive(Debug)] pub enum Connection { diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index 10632b9a03..d8f90e530f 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -1,14 +1,3 @@ -use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom}; -use crate::enums::SignatureScheme; -use crate::rand::GetRandomFailed; -use crate::sign::SigningKey; -use crate::suites::SupportedCipherSuite; -use crate::webpki::WebPkiSupportedAlgorithms; -use crate::Error; - -use pki_types::PrivateKeyDer; -use webpki::aws_lc_rs as webpki_algs; - use alloc::sync::Arc; use alloc::vec::Vec; @@ -17,6 +6,16 @@ use alloc::vec::Vec; // ring-compatible crate, and `super::ring_shim` to bridge the gaps where they are // small. pub(crate) use aws_lc_rs as ring_like; +use pki_types::PrivateKeyDer; +use webpki::aws_lc_rs as webpki_algs; + +use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom}; +use crate::enums::SignatureScheme; +use crate::rand::GetRandomFailed; +use crate::sign::SigningKey; +use crate::suites::SupportedCipherSuite; +use crate::webpki::WebPkiSupportedAlgorithms; +use crate::Error; /// Using software keys for authentication. pub mod sign; @@ -219,9 +218,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms /// /// [`ALL_KX_GROUPS`] is provided as an array of all of these values. pub mod kx_group { - pub use super::kx::SECP256R1; - pub use super::kx::SECP384R1; - pub use super::kx::X25519; + pub use super::kx::{SECP256R1, SECP384R1, X25519}; } pub use kx::ALL_KX_GROUPS; diff --git a/rustls/src/crypto/aws_lc_rs/sign.rs b/rustls/src/crypto/aws_lc_rs/sign.rs index 79397ef93f..859afa3523 100644 --- a/rustls/src/crypto/aws_lc_rs/sign.rs +++ b/rustls/src/crypto/aws_lc_rs/sign.rs @@ -1,21 +1,20 @@ #![allow(clippy::duplicate_mod)] -use crate::enums::{SignatureAlgorithm, SignatureScheme}; -use crate::error::Error; -use crate::sign::{Signer, SigningKey}; - -use super::ring_like::rand::SystemRandom; -use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; -use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; - use alloc::boxed::Box; -use alloc::format; use alloc::string::ToString; use alloc::sync::Arc; -use alloc::vec; use alloc::vec::Vec; +use alloc::{format, vec}; use core::fmt::{self, Debug, Formatter}; +use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; + +use super::ring_like::rand::SystemRandom; +use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use crate::enums::{SignatureAlgorithm, SignatureScheme}; +use crate::error::Error; +use crate::sign::{Signer, SigningKey}; + /// Parse `der` as any supported key encoding/type, returning /// the first which works. pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result, Error> { @@ -370,10 +369,12 @@ impl Debug for Ed25519Signer { #[cfg(test)] mod tests { - use super::*; use alloc::format; + use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer}; + use super::*; + #[test] fn can_load_ecdsa_nistp256_pkcs8() { let key = diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 39aae7c7bf..af51379459 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -1,3 +1,7 @@ +use alloc::boxed::Box; + +use aws_lc_rs::{aead, tls_prf}; + use crate::crypto::cipher::{ make_tls12_aad, AeadKey, InboundOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, @@ -14,10 +18,6 @@ use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipher use crate::tls12::Tls12CipherSuite; use crate::version::TLS12; -use alloc::boxed::Box; - -use aws_lc_rs::{aead, tls_prf}; - /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&Tls12CipherSuite { diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index 711ba70903..d18c5dccfe 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -1,5 +1,8 @@ use alloc::boxed::Box; +use aws_lc_rs::hkdf::KeyType; +use aws_lc_rs::{aead, hkdf, hmac}; + use crate::crypto; use crate::crypto::cipher::{ make_tls13_aad, AeadKey, InboundOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce, @@ -14,9 +17,6 @@ use crate::msgs::message::{ use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; -use aws_lc_rs::hkdf::KeyType; -use aws_lc_rs::{aead, hkdf, hmac}; - /// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256 pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL); diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index ae1827b685..ec8eecd7c3 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -2,6 +2,8 @@ use alloc::boxed::Box; use alloc::string::ToString; use core::fmt; +use zeroize::Zeroize; + use crate::enums::{ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec; @@ -11,8 +13,6 @@ pub use crate::msgs::message::{ }; use crate::suites::ConnectionTrafficSecrets; -use zeroize::Zeroize; - /// Factory trait for building `MessageEncrypter` and `MessageDecrypter` for a TLS1.3 cipher suite. pub trait Tls13AeadAlgorithm: Send + Sync { /// Build a `MessageEncrypter` for the given key/iv. diff --git a/rustls/src/crypto/hash.rs b/rustls/src/crypto/hash.rs index 6c07f7f438..214dad4e0f 100644 --- a/rustls/src/crypto/hash.rs +++ b/rustls/src/crypto/hash.rs @@ -1,7 +1,7 @@ -pub use crate::msgs::enums::HashAlgorithm; - use alloc::boxed::Box; +pub use crate::msgs::enums::HashAlgorithm; + /// Describes a single cryptographic hash function. /// /// This interface can do both one-shot and incremental hashing, using diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index f67420f1d8..a5e424c517 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,7 +1,3 @@ -use crate::sign::SigningKey; -use crate::{suites, ProtocolVersion, SupportedProtocolVersion}; -use crate::{Error, NamedGroup}; - use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; @@ -11,10 +7,13 @@ use core::fmt::Debug; use once_cell::race::OnceBox; #[cfg(feature = "std")] use once_cell::sync::OnceCell; - use pki_types::PrivateKeyDer; use zeroize::Zeroize; +use crate::sign::SigningKey; +pub use crate::webpki::{ + verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms, +}; #[cfg(all(doc, feature = "tls12"))] use crate::Tls12CipherSuite; #[cfg(doc)] @@ -22,10 +21,7 @@ use crate::{ client, crypto, server, sign, ClientConfig, ConfigBuilder, ServerConfig, SupportedCipherSuite, Tls13CipherSuite, }; - -pub use crate::webpki::{ - verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms, -}; +use crate::{suites, Error, NamedGroup, ProtocolVersion, SupportedProtocolVersion}; /// *ring* based CryptoProvider. #[cfg(feature = "ring")] @@ -59,12 +55,10 @@ pub mod hpke; // avoid having two import paths to the same types. pub(crate) mod signer; +pub use crate::msgs::handshake::KeyExchangeAlgorithm; pub use crate::rand::GetRandomFailed; - pub use crate::suites::CipherSuiteCommon; -pub use crate::msgs::handshake::KeyExchangeAlgorithm; - /// Controls core cryptography used by rustls. /// /// This crate comes with two built-in options, provided as @@ -552,9 +546,10 @@ pub fn default_fips_provider() -> CryptoProvider { #[cfg(test)] mod tests { - use super::SharedSecret; use std::vec; + use super::SharedSecret; + #[test] fn test_shared_secret_strip_leading_zeros() { let test_cases = [ diff --git a/rustls/src/crypto/ring/hash.rs b/rustls/src/crypto/ring/hash.rs index 41f4098107..220dc53639 100644 --- a/rustls/src/crypto/ring/hash.rs +++ b/rustls/src/crypto/ring/hash.rs @@ -1,11 +1,11 @@ #![allow(clippy::duplicate_mod)] +use alloc::boxed::Box; + use super::ring_like::digest; use crate::crypto; use crate::msgs::enums::HashAlgorithm; -use alloc::boxed::Box; - pub(crate) static SHA256: Hash = Hash(&digest::SHA256, HashAlgorithm::SHA256); pub(crate) static SHA384: Hash = Hash(&digest::SHA384, HashAlgorithm::SHA384); diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index 8e93d2f834..9bc814de63 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -1,10 +1,10 @@ #![allow(clippy::duplicate_mod)] +use alloc::boxed::Box; + use super::ring_like; use crate::crypto; -use alloc::boxed::Box; - #[cfg(feature = "tls12")] pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring_like::hmac::HMAC_SHA256); #[cfg(feature = "tls12")] diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index 3466cd9c84..db8734d981 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -1,16 +1,15 @@ #![allow(clippy::duplicate_mod)] +use alloc::boxed::Box; +use core::fmt; + +use super::ring_like::agreement; +use super::ring_like::rand::SystemRandom; use crate::crypto::{ActiveKeyExchange, SharedSecret, SupportedKxGroup}; use crate::error::{Error, PeerMisbehaved}; use crate::msgs::enums::NamedGroup; use crate::rand::GetRandomFailed; -use super::ring_like::agreement; -use super::ring_like::rand::SystemRandom; - -use alloc::boxed::Box; -use core::fmt; - /// A key-exchange group supported by *ring*. /// /// All possible instances of this class are provided by the library in diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 81754173a7..ca197f4254 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -1,3 +1,9 @@ +use alloc::sync::Arc; + +use pki_types::PrivateKeyDer; +pub(crate) use ring as ring_like; +use webpki::ring as webpki_algs; + use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom}; use crate::enums::SignatureScheme; use crate::rand::GetRandomFailed; @@ -6,13 +12,6 @@ use crate::suites::SupportedCipherSuite; use crate::webpki::WebPkiSupportedAlgorithms; use crate::Error; -use pki_types::PrivateKeyDer; -use webpki::ring as webpki_algs; - -use alloc::sync::Arc; - -pub(crate) use ring as ring_like; - /// Using software keys for authentication. pub mod sign; @@ -167,9 +166,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms /// /// [`ALL_KX_GROUPS`] is provided as an array of all of these values. pub mod kx_group { - pub use super::kx::SECP256R1; - pub use super::kx::SECP384R1; - pub use super::kx::X25519; + pub use super::kx::{SECP256R1, SECP384R1, X25519}; } pub use kx::ALL_KX_GROUPS; diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 2b21630274..2ac9d01439 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -1,12 +1,11 @@ #![allow(clippy::duplicate_mod)] -use crate::crypto::cipher::{AeadKey, Iv, Nonce}; -use crate::error::Error; -use crate::quic; - use alloc::boxed::Box; use super::ring_like::aead; +use crate::crypto::cipher::{AeadKey, Iv, Nonce}; +use crate::error::Error; +use crate::quic; pub(crate) struct HeaderProtectionKey(aead::quic::HeaderProtectionKey); diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index 2506dfe0f9..6924836848 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -1,23 +1,22 @@ #![allow(clippy::duplicate_mod)] -use crate::enums::{SignatureAlgorithm, SignatureScheme}; -use crate::error::Error; -use crate::sign::{Signer, SigningKey}; -use crate::x509::{asn1_wrap, wrap_in_sequence}; - -use super::ring_like::io::der; -use super::ring_like::rand::{SecureRandom, SystemRandom}; -use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; -use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; - use alloc::boxed::Box; -use alloc::format; use alloc::string::ToString; use alloc::sync::Arc; -use alloc::vec; use alloc::vec::Vec; +use alloc::{format, vec}; use core::fmt::{self, Debug, Formatter}; +use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; + +use super::ring_like::io::der; +use super::ring_like::rand::{SecureRandom, SystemRandom}; +use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use crate::enums::{SignatureAlgorithm, SignatureScheme}; +use crate::error::Error; +use crate::sign::{Signer, SigningKey}; +use crate::x509::{asn1_wrap, wrap_in_sequence}; + /// Parse `der` as any supported key encoding/type, returning /// the first which works. pub fn any_supported_type(der: &PrivateKeyDer<'_>) -> Result, Error> { @@ -408,10 +407,12 @@ impl Debug for Ed25519Signer { #[cfg(test)] mod tests { - use super::*; use alloc::format; + use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer}; + use super::*; + #[test] fn can_load_ecdsa_nistp256_pkcs8() { let key = diff --git a/rustls/src/crypto/ring/ticketer.rs b/rustls/src/crypto/ring/ticketer.rs index 89d4cbc900..d13407cccc 100644 --- a/rustls/src/crypto/ring/ticketer.rs +++ b/rustls/src/crypto/ring/ticketer.rs @@ -1,19 +1,18 @@ #![allow(clippy::duplicate_mod)] -use crate::error::Error; -use crate::rand::GetRandomFailed; -use crate::server::ProducesTickets; - -use super::ring_like::aead; -use super::ring_like::rand::{SecureRandom, SystemRandom}; -use super::TICKETER_AEAD; - use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; use core::fmt::{Debug, Formatter}; +use super::ring_like::aead; +use super::ring_like::rand::{SecureRandom, SystemRandom}; +use super::TICKETER_AEAD; +use crate::error::Error; +use crate::rand::GetRandomFailed; +use crate::server::ProducesTickets; + /// A concrete, safe ticket creation mechanism. pub struct Ticketer {} @@ -121,11 +120,12 @@ impl Debug for AeadTicketer { #[cfg(test)] mod tests { - use super::*; - use core::time::Duration; + use pki_types::UnixTime; + use super::*; + #[test] fn basic_pairwise_test() { let t = Ticketer::new().unwrap(); @@ -198,9 +198,10 @@ mod tests { #[test] fn aeadticketer_is_debug_and_producestickets() { - use super::*; use alloc::format; + use super::*; + let t = make_ticket_generator().unwrap(); let expect = format!("AeadTicketer {{ alg: {TICKETER_AEAD:?}, lifetime: 43200 }}"); diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 88458df88b..1630a82759 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -1,3 +1,6 @@ +use alloc::boxed::Box; + +use super::ring_like::aead; use crate::crypto::cipher::{ make_tls12_aad, AeadKey, InboundOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, @@ -13,10 +16,6 @@ use crate::msgs::message::{ use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; -use alloc::boxed::Box; - -use super::ring_like::aead; - /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&Tls12CipherSuite { diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index fadefb955a..3c67b5c544 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -1,5 +1,7 @@ use alloc::boxed::Box; +use super::ring_like::hkdf::KeyType; +use super::ring_like::{aead, hkdf, hmac}; use crate::crypto; use crate::crypto::cipher::{ make_tls13_aad, AeadKey, InboundOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce, @@ -14,9 +16,6 @@ use crate::msgs::message::{ use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; -use super::ring_like::hkdf::KeyType; -use super::ring_like::{aead, hkdf, hmac}; - /// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256 pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL); diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index 560aea09a8..b6f65747d6 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -1,13 +1,13 @@ -use crate::enums::{SignatureAlgorithm, SignatureScheme}; -use crate::error::Error; - -use pki_types::CertificateDer; - use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; +use pki_types::CertificateDer; + +use crate::enums::{SignatureAlgorithm, SignatureScheme}; +use crate::error::Error; + /// An abstract signing key. /// /// This interface is used by rustls to use a private signing key diff --git a/rustls/src/crypto/tls12.rs b/rustls/src/crypto/tls12.rs index ac853c0d49..4943a60653 100644 --- a/rustls/src/crypto/tls12.rs +++ b/rustls/src/crypto/tls12.rs @@ -1,10 +1,9 @@ -use super::hmac; -use super::ActiveKeyExchange; +use alloc::boxed::Box; + +use super::{hmac, ActiveKeyExchange}; use crate::error::Error; use crate::version::TLS12; -use alloc::boxed::Box; - /// Implements [`Prf`] using a [`hmac::Hmac`]. pub struct PrfUsingHmac<'a>(pub &'a dyn hmac::Hmac); diff --git a/rustls/src/crypto/tls13.rs b/rustls/src/crypto/tls13.rs index a0ec5f3257..e6fd4230c8 100644 --- a/rustls/src/crypto/tls13.rs +++ b/rustls/src/crypto/tls13.rs @@ -1,11 +1,11 @@ -use super::hmac; -use super::ActiveKeyExchange; -use crate::error::Error; -use crate::version::TLS13; - use alloc::boxed::Box; + use zeroize::Zeroize; +use super::{hmac, ActiveKeyExchange}; +use crate::error::Error; +use crate::version::TLS13; + /// Implementation of `HkdfExpander` via `hmac::Key`. pub struct HkdfExpanderUsingHmac(Box); @@ -247,11 +247,12 @@ pub struct OutputLengthError; #[cfg(all(test, feature = "ring"))] mod tests { + use std::prelude::v1::*; + use super::{expand, Hkdf, HkdfUsingHmac}; // nb: crypto::aws_lc_rs provider doesn't provide (or need) hmac, // so cannot be used for this test. use crate::crypto::ring::hmac; - use std::prelude::v1::*; struct ByteArray([u8; N]); diff --git a/rustls/src/error.rs b/rustls/src/error.rs index a0b298cd28..7b85d79ee9 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -1,7 +1,3 @@ -use crate::enums::{AlertDescription, ContentType, HandshakeType}; -use crate::msgs::handshake::KeyExchangeAlgorithm; -use crate::rand; - use alloc::format; use alloc::string::String; use alloc::vec::Vec; @@ -9,6 +5,10 @@ use core::fmt; #[cfg(feature = "std")] use std::time::SystemTimeError; +use crate::enums::{AlertDescription, ContentType, HandshakeType}; +use crate::msgs::handshake::KeyExchangeAlgorithm; +use crate::rand; + /// rustls reports protocol errors using this type. #[non_exhaustive] #[derive(Debug, PartialEq, Clone)] @@ -600,12 +600,12 @@ pub use other_error::OtherError; #[cfg(test)] mod tests { - use super::{Error, InvalidMessage}; - use crate::error::CertRevocationListError; - use crate::error::OtherError; use std::prelude::v1::*; use std::{println, vec}; + use super::{Error, InvalidMessage}; + use crate::error::{CertRevocationListError, OtherError}; + #[test] fn certificate_error_equality() { use super::CertificateError::*; diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index 71b6cbf8af..7b11eb2435 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -1,13 +1,13 @@ +use alloc::boxed::Box; +use alloc::vec::Vec; +use core::mem; + use crate::crypto::hash; use crate::msgs::codec::Codec; use crate::msgs::enums::HashAlgorithm; use crate::msgs::handshake::HandshakeMessagePayload; use crate::msgs::message::{Message, MessagePayload}; -use alloc::boxed::Box; -use alloc::vec::Vec; -use core::mem; - /// Early stage buffering of handshake payloads. /// /// Before we know the hash algorithm to use to verify the handshake, we just buffer the messages. diff --git a/rustls/src/key_log_file.rs b/rustls/src/key_log_file.rs index 2d69769c33..99b65161db 100644 --- a/rustls/src/key_log_file.rs +++ b/rustls/src/key_log_file.rs @@ -1,15 +1,14 @@ -#[cfg(feature = "logging")] -use crate::log::warn; -use crate::KeyLog; - use alloc::vec::Vec; use core::fmt::{Debug, Formatter}; -use std::env; use std::ffi::OsString; use std::fs::{File, OpenOptions}; -use std::io; use std::io::Write; use std::sync::Mutex; +use std::{env, io}; + +#[cfg(feature = "logging")] +use crate::log::warn; +use crate::KeyLog; // Internal mutable state for KeyLogFile struct KeyLogFileInner { diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index e460c5b405..b88b63e7dd 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -360,13 +360,13 @@ extern crate std; #[allow(unused_extern_crates)] extern crate test; -#[cfg(doc)] -use crate::crypto::CryptoProvider; - // log for logging (optional). #[cfg(feature = "logging")] use log; +#[cfg(doc)] +use crate::crypto::CryptoProvider; + #[cfg(not(feature = "logging"))] #[macro_use] mod log { @@ -554,13 +554,11 @@ pub mod client { pub use crate::verify::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; } + pub use crate::msgs::persist::{Tls12ClientSessionValue, Tls13ClientSessionValue}; pub use crate::webpki::{ verify_server_cert_signed_by_trust_anchor, verify_server_name, ServerCertVerifierBuilder, VerifierBuilderError, WebPkiServerVerifier, }; - - pub use crate::msgs::persist::Tls12ClientSessionValue; - pub use crate::msgs::persist::Tls13ClientSessionValue; } pub use client::ClientConfig; @@ -578,23 +576,23 @@ pub mod server { mod tls12; mod tls13; - pub use crate::verify::NoClientAuth; - pub use crate::webpki::{ - ClientCertVerifierBuilder, ParsedCertificate, VerifierBuilderError, WebPkiClientVerifier, - }; pub use builder::WantsServerCert; pub use handy::NoServerSessionStorage; #[cfg(feature = "std")] pub use handy::ResolvesServerCertUsingSni; #[cfg(feature = "std")] pub use handy::ServerSessionMemoryCache; - pub use server_conn::StoresServerSessions; pub use server_conn::{ - Accepted, ServerConfig, ServerConnectionData, UnbufferedServerConnection, + Accepted, ClientHello, ProducesTickets, ResolvesServerCert, ServerConfig, + ServerConnectionData, StoresServerSessions, UnbufferedServerConnection, }; #[cfg(feature = "std")] pub use server_conn::{AcceptedAlert, Acceptor, ReadEarlyData, ServerConnection}; - pub use server_conn::{ClientHello, ProducesTickets, ResolvesServerCert}; + + pub use crate::verify::NoClientAuth; + pub use crate::webpki::{ + ClientCertVerifierBuilder, ParsedCertificate, VerifierBuilderError, WebPkiClientVerifier, + }; /// Dangerous configuration that should be audited and used with extreme care. pub mod danger { diff --git a/rustls/src/msgs/alert.rs b/rustls/src/msgs/alert.rs index c4a78bfe8f..3ee5c975e5 100644 --- a/rustls/src/msgs/alert.rs +++ b/rustls/src/msgs/alert.rs @@ -1,10 +1,10 @@ +use alloc::vec::Vec; + use crate::enums::AlertDescription; use crate::error::InvalidMessage; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::enums::AlertLevel; -use alloc::vec::Vec; - #[derive(Debug)] pub struct AlertMessagePayload { pub level: AlertLevel, diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index a2bb63d43a..b05e106851 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -1,13 +1,13 @@ -use crate::error::InvalidMessage; -use crate::msgs::codec; -use crate::msgs::codec::{Codec, Reader}; - use alloc::vec::Vec; use core::fmt; use pki_types::CertificateDer; use zeroize::Zeroize; +use crate::error::InvalidMessage; +use crate::msgs::codec; +use crate::msgs::codec::{Codec, Reader}; + /// An externally length'd payload #[derive(Clone, Eq, PartialEq)] pub enum Payload<'a> { diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index 84ac606b12..dc7be14172 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -1,7 +1,8 @@ -use crate::error::InvalidMessage; - use alloc::vec::Vec; -use core::{fmt::Debug, mem}; +use core::fmt::Debug; +use core::mem; + +use crate::error::InvalidMessage; /// Wrapper over a slice of bytes that allows reading chunks from /// with the current position state held using a cursor. @@ -377,10 +378,11 @@ impl<'a> Drop for LengthPrefixedBuffer<'a> { #[cfg(test)] mod tests { - use super::*; use std::prelude::v1::*; use std::vec; + use super::*; + #[test] fn interrupted_length_prefixed_buffer_leaves_maximum_length() { let mut buf = Vec::new(); diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 4e1098b397..4734c376d6 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -712,11 +712,10 @@ mod tests { use std::prelude::v1::*; use std::vec; + use super::*; use crate::crypto::cipher::PlainMessage; use crate::msgs::message::Message; - use super::*; - #[test] fn check_incremental() { let mut d = BufferedDeframer::default(); diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 2c66620de2..53bab99447 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -349,9 +349,10 @@ pub(crate) mod tests { //! These tests are intended to provide coverage and //! check panic-safety of relatively unused values. - use super::*; use std::prelude::v1::*; + use super::*; + #[test] fn test_enums() { test_enum8::(HashAlgorithm::NONE, HashAlgorithm::SHA512); diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index b1a25d02ba..85bc755ad2 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -1,5 +1,4 @@ -use crate::enums::ContentType; -use crate::enums::ProtocolVersion; +use crate::enums::{ContentType, ProtocolVersion}; use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage}; use crate::Error; pub(crate) const MAX_FRAGMENT_LEN: usize = 16384; @@ -105,13 +104,13 @@ impl<'a> ExactSizeIterator for Chunker<'a> { #[cfg(test)] mod tests { + use std::prelude::v1::*; + use std::vec; + use super::{MessageFragmenter, PACKET_OVERHEAD}; - use crate::enums::ContentType; - use crate::enums::ProtocolVersion; + use crate::enums::{ContentType, ProtocolVersion}; use crate::msgs::base::Payload; use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage}; - use std::prelude::v1::*; - use std::vec; fn msg_eq( m: &OutboundPlainMessage, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 776a80007b..131dbcce72 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1,5 +1,15 @@ #![allow(non_camel_case_types)] +use alloc::collections::BTreeSet; +#[cfg(feature = "logging")] +use alloc::string::String; +use alloc::vec; +use alloc::vec::Vec; +use core::fmt; +use core::ops::Deref; + +use pki_types::{CertificateDer, DnsName}; + #[cfg(feature = "tls12")] use crate::crypto::ActiveKeyExchange; use crate::crypto::SecureRandom; @@ -20,16 +30,6 @@ use crate::rand; use crate::verify::DigitallySignedStruct; use crate::x509::wrap_in_sequence; -use pki_types::{CertificateDer, DnsName}; - -use alloc::collections::BTreeSet; -#[cfg(feature = "logging")] -use alloc::string::String; -use alloc::vec; -use alloc::vec::Vec; -use core::fmt; -use core::ops::Deref; - /// Create a newtype wrapper around a given type. /// /// This is used to create newtypes for the various TLS message types which is used to wrap diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index fa5051425b..2f94de396b 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -1,3 +1,9 @@ +use std::prelude::v1::*; +use std::{format, println, vec}; + +use pki_types::{CertificateDer, DnsName}; + +use super::handshake::{ServerDhParams, ServerKeyExchange, ServerKeyExchangeParams}; use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; use crate::msgs::base::{Payload, PayloadU16, PayloadU24, PayloadU8}; use crate::msgs::codec::{put_u16, Codec, Reader}; @@ -18,13 +24,6 @@ use crate::msgs::handshake::{ }; use crate::verify::DigitallySignedStruct; -use pki_types::{CertificateDer, DnsName}; - -use super::handshake::{ServerDhParams, ServerKeyExchange, ServerKeyExchangeParams}; - -use std::prelude::v1::*; -use std::{format, println, vec}; - #[test] fn rejects_short_random() { let bytes = [0x01; 31]; diff --git a/rustls/src/msgs/message/inbound.rs b/rustls/src/msgs/message/inbound.rs index cd5979eb61..4fb280428c 100644 --- a/rustls/src/msgs/message/inbound.rs +++ b/rustls/src/msgs/message/inbound.rs @@ -1,3 +1,5 @@ +use core::ops::{Deref, DerefMut}; + use super::outbound::read_opaque_message_header; use super::MessageError; use crate::enums::{ContentType, ProtocolVersion}; @@ -5,8 +7,6 @@ use crate::error::{Error, PeerMisbehaved}; use crate::msgs::codec::ReaderMut; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; -use core::ops::{Deref, DerefMut}; - /// A TLS frame, named TLSPlaintext in the standard. /// /// This inbound type borrows its encrypted payload from a `[MessageDeframer]`. diff --git a/rustls/src/msgs/message/mod.rs b/rustls/src/msgs/message/mod.rs index f36606d99f..c37b9868bd 100644 --- a/rustls/src/msgs/message/mod.rs +++ b/rustls/src/msgs/message/mod.rs @@ -11,10 +11,10 @@ mod inbound; pub use inbound::{BorrowedPayload, InboundOpaqueMessage, InboundPlainMessage}; mod outbound; -pub use outbound::{OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload}; - use alloc::vec::Vec; +pub use outbound::{OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload}; + #[derive(Debug)] pub enum MessagePayload<'a> { Alert(AlertMessagePayload), diff --git a/rustls/src/msgs/message/outbound.rs b/rustls/src/msgs/message/outbound.rs index 825647ccd0..4b41e2b8d9 100644 --- a/rustls/src/msgs/message/outbound.rs +++ b/rustls/src/msgs/message/outbound.rs @@ -1,11 +1,11 @@ +use alloc::vec::Vec; + use super::{MessageError, PlainMessage, HEADER_SIZE, MAX_PAYLOAD}; use crate::enums::{ContentType, ProtocolVersion}; use crate::internal::record_layer::RecordLayer; use crate::msgs::base::Payload; use crate::msgs::codec::{Codec, Reader}; -use alloc::vec::Vec; - /// A TLS frame, named `TLSPlaintext` in the standard. /// /// This outbound type borrows its "to be encrypted" payload from the "user". diff --git a/rustls/src/msgs/message_test.rs b/rustls/src/msgs/message_test.rs index bc40c4f496..3bcb2ae665 100644 --- a/rustls/src/msgs/message_test.rs +++ b/rustls/src/msgs/message_test.rs @@ -1,15 +1,14 @@ -use crate::enums::{AlertDescription, HandshakeType}; -use crate::msgs::base::{PayloadU16, PayloadU24, PayloadU8}; +use std::io::Read; +use std::path::{Path, PathBuf}; +use std::prelude::v1::*; +use std::{format, fs, println, vec}; use super::base::Payload; use super::codec::Reader; use super::enums::AlertLevel; use super::message::{Message, OutboundOpaqueMessage, PlainMessage}; - -use std::io::Read; -use std::path::{Path, PathBuf}; -use std::prelude::v1::*; -use std::{format, fs, println, vec}; +use crate::enums::{AlertDescription, HandshakeType}; +use crate::msgs::base::{PayloadU16, PayloadU24, PayloadU8}; #[test] fn test_read_fuzz_corpus() { diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index c1a61b6206..05fba56fa8 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -1,3 +1,11 @@ +use alloc::vec::Vec; +use core::cmp; +#[cfg(feature = "tls12")] +use core::mem; + +use pki_types::{DnsName, UnixTime}; +use zeroize::Zeroizing; + use crate::enums::{CipherSuite, ProtocolVersion}; use crate::error::InvalidMessage; use crate::msgs::base::{PayloadU16, PayloadU8}; @@ -9,14 +17,6 @@ use crate::msgs::handshake::SessionId; use crate::tls12::Tls12CipherSuite; use crate::tls13::Tls13CipherSuite; -use pki_types::{DnsName, UnixTime}; -use zeroize::Zeroizing; - -use alloc::vec::Vec; -use core::cmp; -#[cfg(feature = "tls12")] -use core::mem; - pub(crate) struct Retrieved { pub(crate) value: T, retrieved_at: UnixTime, diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index dccdff1698..96f0f83d4a 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -1,3 +1,9 @@ +use alloc::boxed::Box; +use alloc::collections::VecDeque; +use alloc::vec::Vec; +#[cfg(feature = "std")] +use core::fmt::Debug; + /// This module contains optional APIs for implementing QUIC TLS. use crate::common_state::Side; use crate::crypto::cipher::{AeadKey, Iv}; @@ -9,14 +15,17 @@ use crate::tls13::key_schedule::{ }; use crate::tls13::Tls13CipherSuite; -use alloc::boxed::Box; -use alloc::collections::VecDeque; -use alloc::vec::Vec; -#[cfg(feature = "std")] -use core::fmt::Debug; - #[cfg(feature = "std")] mod connection { + use alloc::sync::Arc; + use alloc::vec; + use alloc::vec::Vec; + use core::fmt::{self, Debug}; + use core::ops::{Deref, DerefMut}; + + use pki_types::ServerName; + + use super::{DirectionalKeys, KeyChange, Version}; use crate::client::{ClientConfig, ClientConnectionData}; use crate::common_state::{CommonState, Protocol, DEFAULT_BUFFER_LIMIT}; use crate::conn::{ConnectionCore, SideData}; @@ -27,16 +36,6 @@ mod connection { use crate::server::{ServerConfig, ServerConnectionData}; use crate::vecbuf::ChunkVecBuffer; - use pki_types::ServerName; - - use alloc::sync::Arc; - use alloc::vec; - use alloc::vec::Vec; - use core::fmt::{self, Debug}; - use core::ops::{Deref, DerefMut}; - - use super::{DirectionalKeys, KeyChange, Version}; - /// A QUIC client or server connection. #[derive(Debug)] pub enum Connection { @@ -966,9 +965,10 @@ impl Default for Version { #[cfg(test)] mod tests { + use std::prelude::v1::*; + use super::PacketKey; use crate::quic::HeaderProtectionKey; - use std::prelude::v1::*; #[test] fn auto_traits() { diff --git a/rustls/src/rand.rs b/rustls/src/rand.rs index 2f2c37952c..23593863d3 100644 --- a/rustls/src/rand.rs +++ b/rustls/src/rand.rs @@ -1,10 +1,10 @@ //! The single place where we generate random material for our own use. -use crate::crypto::SecureRandom; - use alloc::vec; use alloc::vec::Vec; +use crate::crypto::SecureRandom; + /// Make a [`Vec`] of the given size containing random material. pub(crate) fn random_vec( secure_random: &dyn SecureRandom, diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index ab6f5dece4..fe391ddd08 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -1,13 +1,11 @@ +use alloc::boxed::Box; use core::num::NonZeroU64; use crate::crypto::cipher::{InboundOpaqueMessage, MessageDecrypter, MessageEncrypter}; use crate::error::Error; -use crate::msgs::message::{InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage}; - #[cfg(feature = "logging")] use crate::log::trace; - -use alloc::boxed::Box; +use crate::msgs::message::{InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage}; static SEQ_SOFT_LIMIT: u64 = 0xffff_ffff_ffff_0000u64; static SEQ_HARD_LIMIT: u64 = 0xffff_ffff_ffff_fffeu64; diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 11ea41ab9d..cd5bdb8762 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -1,19 +1,17 @@ +use alloc::sync::Arc; +use alloc::vec::Vec; +use core::marker::PhantomData; + +use pki_types::{CertificateDer, PrivateKeyDer}; + use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::crypto::CryptoProvider; use crate::error::Error; use crate::msgs::handshake::CertificateChain; -use crate::server::handy; -use crate::server::{ResolvesServerCert, ServerConfig}; +use crate::server::{handy, ResolvesServerCert, ServerConfig}; use crate::time_provider::TimeProvider; use crate::verify::{ClientCertVerifier, NoClientAuth}; -use crate::versions; -use crate::NoKeyLog; - -use pki_types::{CertificateDer, PrivateKeyDer}; - -use alloc::sync::Arc; -use alloc::vec::Vec; -use core::marker::PhantomData; +use crate::{versions, NoKeyLog}; impl ConfigBuilder { /// Choose how to verify client certificates. diff --git a/rustls/src/server/common.rs b/rustls/src/server/common.rs index 5e41ed42bb..973bfe5156 100644 --- a/rustls/src/server/common.rs +++ b/rustls/src/server/common.rs @@ -1,7 +1,7 @@ -use crate::sign; - use pki_types::CertificateDer; +use crate::sign; + /// ActiveCertifiedKey wraps [`sign::CertifiedKey`] and tracks OSCP state in a single handshake. pub(super) struct ActiveCertifiedKey<'a> { key: &'a sign::CertifiedKey, diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index dbf86041f7..49a49878d5 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -1,12 +1,11 @@ -use crate::msgs::handshake::CertificateChain; -use crate::server; -use crate::server::ClientHello; -use crate::sign; - use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; +use crate::msgs::handshake::CertificateChain; +use crate::server::ClientHello; +use crate::{server, sign}; + /// Something which never stores sessions. #[derive(Debug)] pub struct NoServerSessionStorage {} @@ -28,14 +27,13 @@ impl server::StoresServerSessions for NoServerSessionStorage { #[cfg(feature = "std")] mod cache { - use crate::limited_cache; - use crate::server; - use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::{Debug, Formatter}; use std::sync::Mutex; + use crate::{limited_cache, server}; + /// An implementer of `StoresServerSessions` that stores everything /// in memory. If enforces a limit on the number of stored sessions /// to bound memory usage. @@ -89,9 +87,10 @@ mod cache { #[cfg(test)] mod tests { + use std::vec; + use super::*; use crate::server::StoresServerSessions; - use std::vec; #[test] fn test_serversessionmemorycache_accepts_put() { @@ -198,19 +197,18 @@ impl server::ResolvesServerCert for AlwaysResolvesChain { #[cfg(feature = "std")] mod sni_resolver { - use crate::error::Error; - use crate::server; - use crate::server::ClientHello; - use crate::sign; - use crate::webpki::{verify_server_name, ParsedCertificate}; - - use pki_types::{DnsName, ServerName}; - use alloc::string::{String, ToString}; use alloc::sync::Arc; use core::fmt::Debug; use std::collections::HashMap; + use pki_types::{DnsName, ServerName}; + + use crate::error::Error; + use crate::server::ClientHello; + use crate::webpki::{verify_server_name, ParsedCertificate}; + use crate::{server, sign}; + /// Something that resolves do different cert chains/keys based /// on client-supplied server name (via SNI). #[derive(Debug)] @@ -302,11 +300,11 @@ pub use sni_resolver::ResolvesServerCertUsingSni; #[cfg(test)] mod tests { - use super::*; - use crate::server::ProducesTickets; - use crate::server::StoresServerSessions; use std::vec; + use super::*; + use crate::server::{ProducesTickets, StoresServerSessions}; + #[test] fn test_noserversessionstorage_drops_put() { let c = NoServerSessionStorage {}; diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 797c8e8b53..fed76e288c 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -1,3 +1,13 @@ +use alloc::borrow::ToOwned; +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec::Vec; + +use pki_types::DnsName; + +use super::server_conn::ServerConnectionData; +#[cfg(feature = "tls12")] +use super::tls12; use crate::common_state::{Protocol, State}; use crate::conn::ConnectionRandoms; use crate::crypto::SupportedKxGroup; @@ -12,26 +22,15 @@ use crate::log::{debug, trace}; use crate::msgs::enums::{Compression, ExtensionType, NamedGroup}; #[cfg(feature = "tls12")] use crate::msgs::handshake::SessionId; -use crate::msgs::handshake::{ClientHelloPayload, KeyExchangeAlgorithm, Random, ServerExtension}; -use crate::msgs::handshake::{ConvertProtocolNameList, ConvertServerNameList, HandshakePayload}; +use crate::msgs::handshake::{ + ClientHelloPayload, ConvertProtocolNameList, ConvertServerNameList, HandshakePayload, + KeyExchangeAlgorithm, Random, ServerExtension, +}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; -use crate::server::{ClientHello, ServerConfig}; -use crate::suites; -use crate::SupportedCipherSuite; - -use super::server_conn::ServerConnectionData; -#[cfg(feature = "tls12")] -use super::tls12; use crate::server::common::ActiveCertifiedKey; -use crate::server::tls13; - -use pki_types::DnsName; - -use alloc::borrow::ToOwned; -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec::Vec; +use crate::server::{tls13, ClientHello, ServerConfig}; +use crate::{suites, SupportedCipherSuite}; pub(super) type NextState<'a> = Box + 'a>; pub(super) type NextStateOrError<'a> = Result, Error>; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index b89c6a7dbc..a897220b75 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,8 +1,23 @@ +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec::Vec; +use core::fmt; +use core::fmt::{Debug, Formatter}; +use core::marker::PhantomData; +use core::ops::{Deref, DerefMut}; +#[cfg(feature = "std")] +use std::io; + +use pki_types::{DnsName, UnixTime}; + +use super::hs; use crate::builder::ConfigBuilder; #[cfg(feature = "std")] use crate::common_state::Protocol; use crate::common_state::{CommonState, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon}; +#[cfg(doc)] +use crate::crypto; use crate::crypto::CryptoProvider; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -15,29 +30,9 @@ use crate::msgs::message::Message; use crate::time_provider::DefaultTimeProvider; use crate::time_provider::TimeProvider; use crate::vecbuf::ChunkVecBuffer; -use crate::verify; -use crate::versions; -use crate::KeyLog; #[cfg(feature = "std")] use crate::WantsVerifier; -use crate::{sign, WantsVersions}; - -use super::hs; - -use pki_types::{DnsName, UnixTime}; - -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec::Vec; -use core::fmt; -use core::fmt::{Debug, Formatter}; -use core::marker::PhantomData; -use core::ops::{Deref, DerefMut}; -#[cfg(feature = "std")] -use std::io; - -#[cfg(doc)] -use crate::crypto; +use crate::{sign, verify, versions, KeyLog, WantsVersions}; /// A trait for the ability to store server session data. /// @@ -503,13 +498,6 @@ impl ServerConfig { #[cfg(feature = "std")] mod connection { - use crate::common_state::{CommonState, Context, Side}; - use crate::conn::{ConnectionCommon, ConnectionCore}; - use crate::error::Error; - use crate::server::hs; - use crate::suites::ExtractedSecrets; - use crate::vecbuf::ChunkVecBuffer; - use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; @@ -519,6 +507,12 @@ mod connection { use std::io; use super::{Accepted, Accepting, EarlyDataState, ServerConfig, ServerConnectionData}; + use crate::common_state::{CommonState, Context, Side}; + use crate::conn::{ConnectionCommon, ConnectionCore}; + use crate::error::Error; + use crate::server::hs; + use crate::suites::ExtractedSecrets; + use crate::vecbuf::ChunkVecBuffer; /// Allows reading of early data in resumed TLS1.3 connections. /// @@ -1099,9 +1093,10 @@ impl crate::conn::SideData for ServerConnectionData {} #[cfg(feature = "std")] #[cfg(test)] mod tests { - use super::*; use std::format; + use super::*; + // these branches not reachable externally, unless something else goes wrong. #[test] fn test_read_in_new_state() { diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 808484f6d2..1b337f1781 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -1,9 +1,22 @@ +use alloc::borrow::ToOwned; +use alloc::boxed::Box; +use alloc::string::ToString; +use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; + +pub(super) use client_hello::CompleteClientHelloHandling; +use pki_types::UnixTime; +use subtle::ConstantTimeEq; + +use super::common::ActiveCertifiedKey; +use super::hs::{self, ServerContext}; +use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData}; use crate::check::inappropriate_message; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; use crate::crypto::ActiveKeyExchange; -use crate::enums::ProtocolVersion; -use crate::enums::{AlertDescription, ContentType, HandshakeType}; +use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHash; #[cfg(feature = "logging")] @@ -13,47 +26,29 @@ use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::codec::Codec; use crate::msgs::handshake::{ CertificateChain, ClientKeyExchangeParams, HandshakeMessagePayload, HandshakePayload, + NewSessionTicketPayload, SessionId, }; -use crate::msgs::handshake::{NewSessionTicketPayload, SessionId}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; use crate::suites::PartiallyExtractedSecrets; use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite}; use crate::verify; -use super::common::ActiveCertifiedKey; -use super::hs::{self, ServerContext}; -use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData}; - -use pki_types::UnixTime; -use subtle::ConstantTimeEq; - -use alloc::borrow::ToOwned; -use alloc::boxed::Box; -use alloc::string::ToString; -use alloc::sync::Arc; -use alloc::vec; -use alloc::vec::Vec; - -pub(super) use client_hello::CompleteClientHelloHandling; - mod client_hello { use pki_types::CertificateDer; + use super::*; use crate::crypto::SupportedKxGroup; use crate::enums::SignatureScheme; - use crate::msgs::enums::ECPointFormat; - use crate::msgs::enums::{ClientCertificateType, Compression}; - use crate::msgs::handshake::CertificateStatus; - use crate::msgs::handshake::{CertificateRequestPayload, ClientSessionTicket, Random}; - use crate::msgs::handshake::{ClientExtension, ClientHelloPayload, ServerHelloPayload}; - use crate::msgs::handshake::{ServerExtension, ServerKeyExchangePayload}; - use crate::msgs::handshake::{ServerKeyExchange, ServerKeyExchangeParams}; + use crate::msgs::enums::{ClientCertificateType, Compression, ECPointFormat}; + use crate::msgs::handshake::{ + CertificateRequestPayload, CertificateStatus, ClientExtension, ClientHelloPayload, + ClientSessionTicket, Random, ServerExtension, ServerHelloPayload, ServerKeyExchange, + ServerKeyExchangeParams, ServerKeyExchangePayload, + }; use crate::sign; use crate::verify::DigitallySignedStruct; - use super::*; - pub(in crate::server) struct CompleteClientHelloHandling { pub(in crate::server) config: Arc, pub(in crate::server) transcript: HandshakeHash, diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index e1f73f0bd1..1391f2ed81 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1,66 +1,51 @@ -use crate::check::inappropriate_handshake_message; -use crate::check::inappropriate_message; -use crate::common_state::Protocol; -use crate::common_state::{CommonState, Side, State}; +use alloc::borrow::ToOwned; +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; + +pub(super) use client_hello::CompleteClientHelloHandling; +use pki_types::{CertificateDer, UnixTime}; +use subtle::ConstantTimeEq; + +use super::hs::{self, HandshakeHashOrBuffer, ServerContext}; +use super::server_conn::ServerConnectionData; +use crate::check::{inappropriate_handshake_message, inappropriate_message}; +use crate::common_state::{CommonState, Protocol, Side, State}; use crate::conn::ConnectionRandoms; -use crate::enums::ProtocolVersion; -use crate::enums::{AlertDescription, ContentType, HandshakeType}; +use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHash; #[cfg(feature = "logging")] use crate::log::{debug, trace, warn}; use crate::msgs::codec::Codec; use crate::msgs::enums::KeyUpdateRequest; -use crate::msgs::handshake::CertificateChain; -use crate::msgs::handshake::HandshakeMessagePayload; -use crate::msgs::handshake::HandshakePayload; -use crate::msgs::handshake::{NewSessionTicketExtension, NewSessionTicketPayloadTls13}; +use crate::msgs::handshake::{ + CertificateChain, HandshakeMessagePayload, HandshakePayload, NewSessionTicketExtension, + NewSessionTicketPayloadTls13, +}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; -use crate::rand; use crate::server::ServerConfig; use crate::suites::PartiallyExtractedSecrets; -use crate::tls13::construct_client_verify_message; -use crate::tls13::construct_server_verify_message; use crate::tls13::key_schedule::{KeyScheduleTraffic, KeyScheduleTrafficWithClientFinishedPending}; -use crate::tls13::Tls13CipherSuite; -use crate::verify; - -use super::hs::{self, HandshakeHashOrBuffer, ServerContext}; -use super::server_conn::ServerConnectionData; - -use alloc::borrow::ToOwned; -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec; -use alloc::vec::Vec; - -use pki_types::{CertificateDer, UnixTime}; -use subtle::ConstantTimeEq; - -pub(super) use client_hello::CompleteClientHelloHandling; +use crate::tls13::{ + construct_client_verify_message, construct_server_verify_message, Tls13CipherSuite, +}; +use crate::{rand, verify}; mod client_hello { + use super::*; use crate::crypto::SupportedKxGroup; use crate::enums::SignatureScheme; use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; - use crate::msgs::enums::NamedGroup; - use crate::msgs::enums::{Compression, PSKKeyExchangeMode}; - use crate::msgs::handshake::CertReqExtension; - use crate::msgs::handshake::CertificateEntry; - use crate::msgs::handshake::CertificateExtension; - use crate::msgs::handshake::CertificatePayloadTls13; - use crate::msgs::handshake::CertificateRequestPayloadTls13; - use crate::msgs::handshake::CertificateStatus; - use crate::msgs::handshake::ClientHelloPayload; - use crate::msgs::handshake::HelloRetryExtension; - use crate::msgs::handshake::HelloRetryRequest; - use crate::msgs::handshake::KeyShareEntry; - use crate::msgs::handshake::Random; - use crate::msgs::handshake::ServerExtension; - use crate::msgs::handshake::ServerHelloPayload; - use crate::msgs::handshake::SessionId; + use crate::msgs::enums::{Compression, NamedGroup, PSKKeyExchangeMode}; + use crate::msgs::handshake::{ + CertReqExtension, CertificateEntry, CertificateExtension, CertificatePayloadTls13, + CertificateRequestPayloadTls13, CertificateStatus, ClientHelloPayload, HelloRetryExtension, + HelloRetryRequest, KeyShareEntry, Random, ServerExtension, ServerHelloPayload, SessionId, + }; use crate::server::common::ActiveCertifiedKey; use crate::sign; use crate::tls13::key_schedule::{ @@ -68,8 +53,6 @@ mod client_hello { }; use crate::verify::DigitallySignedStruct; - use super::*; - #[derive(PartialEq)] pub(super) enum EarlyDataDecision { Disabled, diff --git a/rustls/src/stream.rs b/rustls/src/stream.rs index ef7ee66c9b..a6a394a912 100644 --- a/rustls/src/stream.rs +++ b/rustls/src/stream.rs @@ -1,8 +1,8 @@ -use crate::conn::{ConnectionCommon, SideData}; - use core::ops::{Deref, DerefMut}; use std::io::{IoSlice, Read, Result, Write}; +use crate::conn::{ConnectionCommon, SideData}; + /// This type implements `io::Read` and `io::Write`, encapsulating /// a Connection `C` and an underlying transport `T`, such as a socket. /// @@ -221,10 +221,11 @@ where #[cfg(test)] mod tests { + use std::net::TcpStream; + use super::{Stream, StreamOwned}; use crate::client::ClientConnection; use crate::server::ServerConnection; - use std::net::TcpStream; #[test] fn stream_can_be_created_for_connection_and_tcpstream() { diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 36007fd189..92437d99f3 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -1,3 +1,5 @@ +use core::fmt; + use crate::common_state::Protocol; use crate::crypto::cipher::{AeadKey, Iv}; use crate::crypto::{self, KeyExchangeAlgorithm}; @@ -10,8 +12,6 @@ use crate::tls13::Tls13CipherSuite; use crate::versions::TLS12; use crate::versions::{SupportedProtocolVersion, TLS13}; -use core::fmt; - /// Common state for cipher suites (both for TLS 1.2 and TLS 1.3) pub struct CipherSuiteCommon { /// The TLS enumeration naming this cipher suite. diff --git a/rustls/src/ticketer.rs b/rustls/src/ticketer.rs index ddadb0efbd..ad3717f671 100644 --- a/rustls/src/ticketer.rs +++ b/rustls/src/ticketer.rs @@ -1,14 +1,13 @@ -use crate::rand; -use crate::server::ProducesTickets; -use crate::Error; - -use pki_types::UnixTime; - use alloc::boxed::Box; use alloc::vec::Vec; use core::mem; use std::sync::{Mutex, MutexGuard}; +use pki_types::UnixTime; + +use crate::server::ProducesTickets; +use crate::{rand, Error}; + #[derive(Debug)] pub(crate) struct TicketSwitcherState { next: Option>, diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 420cab5e2b..30e0a2cc99 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -1,3 +1,10 @@ +use alloc::boxed::Box; +use alloc::vec; +use alloc::vec::Vec; +use core::fmt; + +use zeroize::Zeroize; + use crate::common_state::{CommonState, Side}; use crate::conn::ConnectionRandoms; use crate::crypto; @@ -9,13 +16,6 @@ use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::{KeyExchangeAlgorithm, KxDecode}; use crate::suites::{CipherSuiteCommon, PartiallyExtractedSecrets, SupportedCipherSuite}; -use alloc::boxed::Box; -use alloc::vec; -use alloc::vec::Vec; -use core::fmt; - -use zeroize::Zeroize; - /// A TLS 1.2 cipher suite supported by rustls. pub struct Tls12CipherSuite { /// Common cipher suite fields. diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 3a9af55837..85636b3a58 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -1,14 +1,13 @@ +use alloc::boxed::Box; +use alloc::string::ToString; + use crate::common_state::{CommonState, Side}; use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter}; use crate::crypto::tls13::{expand, Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::crypto::{hash, hmac, ActiveKeyExchange}; use crate::error::Error; -use crate::quic; use crate::suites::PartiallyExtractedSecrets; -use crate::{KeyLog, Tls13CipherSuite}; - -use alloc::boxed::Box; -use alloc::string::ToString; +use crate::{quic, KeyLog, Tls13CipherSuite}; /// Key schedule maintenance for TLS1.3 diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index b6b48f890e..e41c65fed2 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -1,10 +1,10 @@ +use alloc::vec::Vec; +use core::fmt; + use crate::crypto; use crate::crypto::hash; use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; -use alloc::vec::Vec; -use core::fmt; - pub(crate) mod key_schedule; /// A TLS 1.3 cipher suite supported by rustls. diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index 3cea3cb969..58fd30bb3b 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -6,13 +6,13 @@ use core::time::Duration; use std::prelude::v1::*; +use pki_types::{CertificateDer, ServerName, UnixTime}; +use webpki_roots; + use crate::crypto::CryptoProvider; use crate::verify::ServerCertVerifier; use crate::webpki::{RootCertStore, WebPkiServerVerifier}; -use pki_types::{CertificateDer, ServerName, UnixTime}; -use webpki_roots; - bench_for_each_provider! { use super::Context; diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index 1467b0bfbd..0e4fb005f1 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -128,6 +128,7 @@ impl fmt::Debug for RootCertStore { #[test] fn root_cert_store_debug() { use core::iter; + use pki_types::Der; let ta = TrustAnchor { diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 623a8dd966..a8c42b2ace 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -5,21 +5,20 @@ use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; use super::{pki_error, VerifierBuilderError}; +#[cfg(doc)] +use crate::crypto; use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms}; +#[cfg(doc)] +use crate::server::ServerConfig; use crate::verify::{ ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid, NoClientAuth, }; use crate::webpki::parse_crls; use crate::webpki::verify::{verify_tls12_signature, verify_tls13_signature, ParsedCertificate}; -use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme}; - -#[cfg(doc)] -use crate::crypto; -#[cfg(doc)] -use crate::server::ServerConfig; #[cfg(doc)] use crate::ConfigBuilder; +use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme}; /// A builder for configuring a `webpki` client certificate verifier. /// diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 0b64c2ce59..73dae651e6 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -14,17 +14,14 @@ mod server_verifier; mod verify; pub use anchors::RootCertStore; - pub use client_verifier::{ClientCertVerifierBuilder, WebPkiClientVerifier}; pub use server_verifier::{ServerCertVerifierBuilder, WebPkiServerVerifier}; - -pub use verify::{verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms}; - // Conditionally exported from crate. #[allow(unreachable_pub)] pub use verify::{ verify_server_cert_signed_by_trust_anchor, verify_server_name, ParsedCertificate, }; +pub use verify::{verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms}; /// An error that can occur when building a certificate verifier. #[derive(Debug, Clone)] @@ -150,7 +147,8 @@ mod tests { #[test] fn crl_error_from_webpki() { - use super::{crl_error, CertRevocationListError::*}; + use super::crl_error; + use super::CertRevocationListError::*; let testcases = &[ (webpki::Error::InvalidCrlSignatureForPublicKey, BadSignature), diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index b716853232..9f7a9dbc90 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -1,5 +1,3 @@ -#[cfg(feature = "logging")] -use crate::log::trace; use alloc::sync::Arc; use alloc::vec::Vec; @@ -7,6 +5,8 @@ use pki_types::{CertificateDer, CertificateRevocationListDer, ServerName, UnixTi use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms}; +#[cfg(feature = "logging")] +use crate::log::trace; use crate::verify::{ DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, }; @@ -15,10 +15,9 @@ use crate::webpki::verify::{ ParsedCertificate, }; use crate::webpki::{parse_crls, verify_server_name, VerifierBuilderError}; -use crate::{Error, RootCertStore, SignatureScheme}; - #[cfg(doc)] use crate::{crypto, ConfigBuilder, ServerConfig}; +use crate::{Error, RootCertStore, SignatureScheme}; /// A builder for configuring a `webpki` server certificate verifier. /// diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 97c24043ab..d7fbe6ef0e 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -7,7 +7,6 @@ use super::anchors::RootCertStore; use super::pki_error; use crate::enums::SignatureScheme; use crate::error::{Error, PeerMisbehaved}; - use crate::verify::{DigitallySignedStruct, HandshakeSignatureValid}; /// Verify that the end-entity certificate `end_entity` is a valid server cert @@ -228,9 +227,10 @@ pub(crate) fn verify_server_cert_signed_by_trust_anchor_impl( #[cfg(test)] mod tests { - use super::*; use std::format; + use super::*; + #[test] fn certificate_debug() { assert_eq!( diff --git a/rustls/src/x509.rs b/rustls/src/x509.rs index 31207bed56..a023ac7122 100644 --- a/rustls/src/x509.rs +++ b/rustls/src/x509.rs @@ -42,9 +42,10 @@ const DER_SEQUENCE_TAG: u8 = 0x30; #[cfg(test)] mod tests { - use super::*; use std::vec; + use super::*; + #[test] fn test_empty() { assert_eq!(vec![0x30, 0x00], wrap_in_sequence(&[])); diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index b2a5db3d2e..8a241e8a3b 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -6,19 +6,16 @@ use std::ops::{Deref, DerefMut}; use std::sync::Arc; use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName}; -use webpki::anchor_from_trusted_cert; - use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier}; use rustls::crypto::CryptoProvider; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::message::{Message, OutboundOpaqueMessage, PlainMessage}; use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier}; -use rustls::Connection; -use rustls::Error; -use rustls::RootCertStore; -use rustls::{ClientConfig, ClientConnection}; -use rustls::{ConnectionCommon, ServerConfig, ServerConnection, SideData}; -use rustls::{ProtocolVersion, SupportedCipherSuite}; +use rustls::{ + ClientConfig, ClientConnection, Connection, ConnectionCommon, Error, ProtocolVersion, + RootCertStore, ServerConfig, ServerConnection, SideData, SupportedCipherSuite, +}; +use webpki::anchor_from_trusted_cert; use super::provider; diff --git a/rustls/tests/ech.rs b/rustls/tests/ech.rs index 6e058a2f54..d1f6ee2563 100644 --- a/rustls/tests/ech.rs +++ b/rustls/tests/ech.rs @@ -1,6 +1,5 @@ use base64::prelude::{Engine, BASE64_STANDARD}; use pki_types::DnsName; - use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::enums::{EchVersion, HpkeAead, HpkeKdf, HpkeKem}; use rustls::internal::msgs::handshake::{EchConfig, HpkeKeyConfig, HpkeSymmetricCipherSuite}; diff --git a/rustls/tests/key_log_file_env.rs b/rustls/tests/key_log_file_env.rs index 831a1e7c71..9e56e6a0ce 100644 --- a/rustls/tests/key_log_file_env.rs +++ b/rustls/tests/key_log_file_env.rs @@ -21,10 +21,8 @@ //! file was created successfully, with the right permissions, etc., and that it //! contains something like what we expect. -use std::{ - env, - sync::{Mutex, Once}, -}; +use std::env; +use std::sync::{Mutex, Once}; #[macro_use] mod macros; diff --git a/rustls/tests/process_provider.rs b/rustls/tests/process_provider.rs index ef93a2968d..ea5da7b0df 100644 --- a/rustls/tests/process_provider.rs +++ b/rustls/tests/process_provider.rs @@ -4,15 +4,14 @@ //! executable, and runs tests in an indeterminate order. That restricts us //! to doing all the desired tests, in series, in one function. -use rustls::crypto::CryptoProvider; -use rustls::ClientConfig; - #[cfg(all(feature = "aws_lc_rs", not(feature = "ring")))] use rustls::crypto::aws_lc_rs as provider; #[cfg(all(feature = "ring", not(feature = "aws_lc_rs")))] use rustls::crypto::ring as provider; #[cfg(all(feature = "ring", feature = "aws_lc_rs"))] use rustls::crypto::ring as provider; +use rustls::crypto::CryptoProvider; +use rustls::ClientConfig; mod common; use crate::common::*; From 3f5d37e9760301ebeff2671bcf781bcd2fc1bf47 Mon Sep 17 00:00:00 2001 From: Arnav Singh Date: Sat, 2 Mar 2024 02:09:34 -0800 Subject: [PATCH 0828/1145] Return correct `ConnectionTrafficSecrets` variant when AES-256-GCM is negotiated. 55bb27953d52eb2762f20aa6e30dc54252b1f77e inadvertently changed `extract_keys` to always return `ConnectionTrafficSecrets::Aes128Gcm`, even when AES-256-GCM was negotiated. This change fixes it by restoring the key length check. Fixes #1833 --- rustls/src/crypto/ring/tls12.rs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 1630a82759..bbdad6c957 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -162,9 +162,11 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { write_iv: &[u8], explicit: &[u8], ) -> Result { - Ok(ConnectionTrafficSecrets::Aes128Gcm { - key, - iv: gcm_iv(write_iv, explicit), + let iv = gcm_iv(write_iv, explicit); + Ok(match self.0.key_len() { + 16 => ConnectionTrafficSecrets::Aes128Gcm { key, iv }, + 32 => ConnectionTrafficSecrets::Aes256Gcm { key, iv }, + _ => unreachable!(), }) } From 9ef2150472a9b3363bc081870685fe4c26404715 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Sat, 2 Mar 2024 13:39:38 +0000 Subject: [PATCH 0829/1145] dangerous_extract_secrets(): test `ConnectionTrafficSecrets` variant --- rustls/src/crypto/aws_lc_rs/tls12.rs | 8 ++-- rustls/tests/api.rs | 69 ++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 3 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index af51379459..67c8e9c200 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -179,9 +179,11 @@ impl Tls12AeadAlgorithm for GcmAlgorithm { write_iv: &[u8], explicit: &[u8], ) -> Result { - Ok(ConnectionTrafficSecrets::Aes128Gcm { - key, - iv: gcm_iv(write_iv, explicit), + let iv = gcm_iv(write_iv, explicit); + Ok(match self.0.key_len() { + 16 => ConnectionTrafficSecrets::Aes128Gcm { key, iv }, + 32 => ConnectionTrafficSecrets::Aes256Gcm { key, iv }, + _ => unreachable!(), }) } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 75a31a4657..451bf8754e 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5643,6 +5643,75 @@ fn test_secret_extraction_enabled() { } } +#[test] +fn test_secret_extract_produces_correct_variant() { + fn check(suite: SupportedCipherSuite, f: impl Fn(ConnectionTrafficSecrets) -> bool) { + let kt = KeyType::Rsa; + + let provider: Arc = CryptoProvider { + cipher_suites: vec![suite], + ..provider::default_provider() + } + .into(); + + let mut server_config = finish_server_config( + kt, + ServerConfig::builder_with_provider(provider.clone()) + .with_safe_default_protocol_versions() + .unwrap(), + ); + + server_config.enable_secret_extraction = true; + let server_config = Arc::new(server_config); + + let mut client_config = finish_client_config( + kt, + ClientConfig::builder_with_provider(provider) + .with_safe_default_protocol_versions() + .unwrap(), + ); + client_config.enable_secret_extraction = true; + + let (mut client, mut server) = + make_pair_for_arc_configs(&Arc::new(client_config), &server_config); + + do_handshake(&mut client, &mut server); + + let client_secrets = client + .dangerous_extract_secrets() + .unwrap(); + let server_secrets = server + .dangerous_extract_secrets() + .unwrap(); + + assert!(f(client_secrets.tx.1)); + assert!(f(client_secrets.rx.1)); + assert!(f(server_secrets.tx.1)); + assert!(f(server_secrets.rx.1)); + } + + check(cipher_suite::TLS13_AES_128_GCM_SHA256, |sec| { + matches!(sec, ConnectionTrafficSecrets::Aes128Gcm { .. }) + }); + check(cipher_suite::TLS13_AES_256_GCM_SHA384, |sec| { + matches!(sec, ConnectionTrafficSecrets::Aes256Gcm { .. }) + }); + check(cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, |sec| { + matches!(sec, ConnectionTrafficSecrets::Chacha20Poly1305 { .. }) + }); + + check(cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |sec| { + matches!(sec, ConnectionTrafficSecrets::Aes128Gcm { .. }) + }); + check(cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |sec| { + matches!(sec, ConnectionTrafficSecrets::Aes256Gcm { .. }) + }); + check( + cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + |sec| matches!(sec, ConnectionTrafficSecrets::Chacha20Poly1305 { .. }), + ); +} + /// Test that secrets cannot be extracted unless explicitly enabled, and until /// the handshake is done. #[cfg(feature = "tls12")] From 536a0cdc0392c6efe04415a3d72c2610fc4396cd Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 1 Mar 2024 13:17:05 -0500 Subject: [PATCH 0830/1145] fuzz: apply fmt-unstable to fuzz crate --- fuzz/fuzzers/client.rs | 3 ++- fuzz/fuzzers/deframer.rs | 3 ++- fuzz/fuzzers/server.rs | 6 +++--- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/fuzz/fuzzers/client.rs b/fuzz/fuzzers/client.rs index 389b24b0cb..c0c197db81 100644 --- a/fuzz/fuzzers/client.rs +++ b/fuzz/fuzzers/client.rs @@ -3,10 +3,11 @@ extern crate libfuzzer_sys; extern crate rustls; -use rustls::{ClientConfig, ClientConnection, RootCertStore}; use std::io; use std::sync::Arc; +use rustls::{ClientConfig, ClientConnection, RootCertStore}; + fuzz_target!(|data: &[u8]| { let root_store = RootCertStore::empty(); let config = Arc::new( diff --git a/fuzz/fuzzers/deframer.rs b/fuzz/fuzzers/deframer.rs index 7961d20d19..c6c554f47d 100644 --- a/fuzz/fuzzers/deframer.rs +++ b/fuzz/fuzzers/deframer.rs @@ -3,10 +3,11 @@ extern crate libfuzzer_sys; extern crate rustls; +use std::io; + use rustls::internal::msgs::deframer; use rustls::internal::msgs::message::Message; use rustls::internal::record_layer::RecordLayer; -use std::io; fuzz_target!(|data: &[u8]| { let mut buf = deframer::DeframerVecBuffer::default(); diff --git a/fuzz/fuzzers/server.rs b/fuzz/fuzzers/server.rs index 3c68c09274..0f3b82ea8c 100644 --- a/fuzz/fuzzers/server.rs +++ b/fuzz/fuzzers/server.rs @@ -3,12 +3,12 @@ extern crate libfuzzer_sys; extern crate rustls; -use rustls::server::ResolvesServerCert; -use rustls::{ServerConfig, ServerConnection}; - use std::io; use std::sync::Arc; +use rustls::server::ResolvesServerCert; +use rustls::{ServerConfig, ServerConnection}; + #[derive(Debug)] struct Fail; From 1e656ba1fc852ddaf86192b2b0a210785cf19617 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 1 Mar 2024 13:12:47 -0500 Subject: [PATCH 0831/1145] ci: avoid fmt-unstable alias for unstable fmt job Unfortunately the alias doesn't allow passing in custom arguments like `--all` or `--manifest-path`. Doing so in the manner we tried before results in output like: ``` > Run cargo fmt-unstable --all --manifest-path=connect-tests/Cargo.toml -- --check Unrecognized option: 'all' ``` This commit switches to the full `cargo fmt` invocation in each case. --- .github/workflows/build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a3f567f40e..ea7a052d53 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -361,13 +361,13 @@ jobs: components: rustfmt toolchain: nightly-2024-02-21 - name: Check formatting (unstable) - run: cargo fmt-unstable --all -- --check + run: cargo fmt --all -- --check --config-path .rustfmt.unstable.toml continue-on-error: true - name: Check formatting (unstable, connect-tests workspace) - run: cargo fmt-unstable --all --manifest-path=connect-tests/Cargo.toml -- --check + run: cargo fmt --all --manifest-path=connect-tests/Cargo.toml -- --check --config-path .rustfmt.unstable.toml continue-on-error: true - name: Check formatting (unstable, fuzz workspace) - run: cargo fmt-unstable --all --manifest-path=fuzz/Cargo.toml -- --check + run: cargo fmt --all --manifest-path=fuzz/Cargo.toml -- --check --config-path .rustfmt.unstable.toml continue-on-error: true clippy: From 3cd97d8f2a06e79212a580dd09b15a0242362054 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 1 Mar 2024 13:14:07 -0500 Subject: [PATCH 0832/1145] cargo: add --all to the fmt-unstable alias It isn't possible to add extra arguments to an alias like this, so we might as well add `--all` to make it more useful for developers. --- .cargo/config.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index b975a61377..de598eaaf6 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -1,3 +1,3 @@ [alias] -fmt-unstable = ["fmt", "--", "--config-path", ".rustfmt.unstable.toml"] +fmt-unstable = ["fmt", "--all", "--", "--config-path", ".rustfmt.unstable.toml"] From 54a95575be0995559bf200f78cdcf562028f4860 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 21:29:40 +0000 Subject: [PATCH 0833/1145] build(deps): bump mio from 0.8.10 to 0.8.11 Bumps [mio](https://github.com/tokio-rs/mio) from 0.8.10 to 0.8.11. - [Release notes](https://github.com/tokio-rs/mio/releases) - [Changelog](https://github.com/tokio-rs/mio/blob/master/CHANGELOG.md) - [Commits](https://github.com/tokio-rs/mio/compare/v0.8.10...v0.8.11) --- updated-dependencies: - dependency-name: mio dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2185a394eb..274ddfb727 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1525,9 +1525,9 @@ dependencies = [ [[package]] name = "mio" -version = "0.8.10" +version = "0.8.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09" +checksum = "a4a650543ca06a924e8b371db273b2756685faae30f8487da1b56505a8f78b0c" dependencies = [ "libc", "log", From e1eb447a6717d67ef9ee186c196eda584626c93c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 6 Mar 2024 17:21:12 +0000 Subject: [PATCH 0834/1145] Fix newly found `unused_qualifications` warnings eg. ``` error: unnecessary qualification --> rustls/src/vecbuf.rs:88:24 | 88 | let used = core::cmp::min(chunk.len(), cursor.capacity()); | ^^^^^^^^^^^^^^ | help: remove the unnecessary path segments | 88 - let used = core::cmp::min(chunk.len(), cursor.capacity()); 88 + let used = cmp::min(chunk.len(), cursor.capacity()); | ``` --- rustls/src/client/handy.rs | 4 ++-- rustls/src/crypto/aws_lc_rs/sign.rs | 2 +- rustls/src/crypto/mod.rs | 2 +- rustls/src/crypto/ring/quic.rs | 6 +++--- rustls/src/crypto/ring/sign.rs | 2 +- rustls/src/server/server_conn.rs | 2 +- rustls/src/vecbuf.rs | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 8ce7745a1f..79be5b26ab 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -52,10 +52,10 @@ mod cache { // Zero or one TLS1.2 sessions. #[cfg(feature = "tls12")] - tls12: Option, + tls12: Option, // Up to MAX_TLS13_TICKETS_PER_SERVER TLS1.3 tickets, oldest first. - tls13: VecDeque, + tls13: VecDeque, } impl Default for ServerData { diff --git a/rustls/src/crypto/aws_lc_rs/sign.rs b/rustls/src/crypto/aws_lc_rs/sign.rs index 859afa3523..43eda7caf0 100644 --- a/rustls/src/crypto/aws_lc_rs/sign.rs +++ b/rustls/src/crypto/aws_lc_rs/sign.rs @@ -267,7 +267,7 @@ struct EcdsaSigner { impl Signer for EcdsaSigner { fn sign(&self, message: &[u8]) -> Result, Error> { - let rng = super::ring_like::rand::SystemRandom::new(); + let rng = SystemRandom::new(); self.key .sign(&rng, message) .map_err(|_| Error::General("signing failed".into())) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index a5e424c517..853ff6bb91 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -541,7 +541,7 @@ impl From<&[u8]> for SharedSecret { #[cfg(any(feature = "fips", docsrs))] #[cfg_attr(docsrs, doc(cfg(feature = "fips")))] pub fn default_fips_provider() -> CryptoProvider { - crate::crypto::aws_lc_rs::default_provider() + aws_lc_rs::default_provider() } #[cfg(test)] diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 2ac9d01439..13c25ba280 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -188,9 +188,9 @@ pub(crate) struct KeyBuilder { pub(crate) integrity_limit: u64, } -impl crate::quic::Algorithm for KeyBuilder { +impl quic::Algorithm for KeyBuilder { fn packet_key(&self, key: AeadKey, iv: Iv) -> Box { - Box::new(super::quic::PacketKey::new( + Box::new(PacketKey::new( key, iv, self.confidentiality_limit, @@ -200,7 +200,7 @@ impl crate::quic::Algorithm for KeyBuilder { } fn header_protection_key(&self, key: AeadKey) -> Box { - Box::new(super::quic::HeaderProtectionKey::new(key, self.header_alg)) + Box::new(HeaderProtectionKey::new(key, self.header_alg)) } fn aead_key_len(&self) -> usize { diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index 6924836848..b55792b795 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -305,7 +305,7 @@ struct EcdsaSigner { impl Signer for EcdsaSigner { fn sign(&self, message: &[u8]) -> Result, Error> { - let rng = super::ring_like::rand::SystemRandom::new(); + let rng = SystemRandom::new(); self.key .sign(&rng, message) .map_err(|_| Error::General("signing failed".into())) diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index a897220b75..f8745edac5 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -529,7 +529,7 @@ mod connection { } } - impl<'a> std::io::Read for ReadEarlyData<'a> { + impl<'a> io::Read for ReadEarlyData<'a> { fn read(&mut self, buf: &mut [u8]) -> io::Result { self.early_data.read(buf) } diff --git a/rustls/src/vecbuf.rs b/rustls/src/vecbuf.rs index 8637bc0666..b2377797d6 100644 --- a/rustls/src/vecbuf.rs +++ b/rustls/src/vecbuf.rs @@ -85,7 +85,7 @@ impl ChunkVecBuffer { pub(crate) fn read_buf(&mut self, mut cursor: core::io::BorrowedCursor<'_>) -> io::Result<()> { while !self.is_empty() && cursor.capacity() > 0 { let chunk = self.chunks[0].as_slice(); - let used = core::cmp::min(chunk.len(), cursor.capacity()); + let used = cmp::min(chunk.len(), cursor.capacity()); cursor.append(&chunk[..used]); self.consume(used); } From 85fdfd4a230a42d31797221d4a37830bae48082c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 7 Mar 2024 10:19:30 +0000 Subject: [PATCH 0835/1145] Attempt to improve `merge_group` job performance --- .github/workflows/build.yml | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ea7a052d53..ca5f3263f6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,18 +16,27 @@ jobs: runs-on: ${{ matrix.os }} strategy: matrix: - # test a bunch of toolchains on ubuntu rust: - stable - beta - nightly - os: [ubuntu-latest] - # but only stable on macos/windows (slower platforms) - include: - - os: macos-latest - rust: stable + os: + - ubuntu-latest + - windows-latest + - macos-latest + exclude: + # only stable on macos/windows (slower platforms) + - os: windows-latest + rust: beta - os: windows-latest - rust: stable + rust: nightly + - os: macos-latest + rust: beta + - os: macos-latest + rust: nightly + # and never use macos/windows for merge checks + - os: ${{ github.event_name == 'merge_group' && 'windows-latest' }} + - os: ${{ github.event_name == 'merge_group' && 'macos-latest' }} steps: - name: Checkout sources uses: actions/checkout@v4 From 0bc3a2eee551cc1e2bc07f31659960c52a688063 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 11 Mar 2024 13:32:20 +0000 Subject: [PATCH 0836/1145] Address `clippy::assigning_clones` --- rustls/src/server/tls13.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 1391f2ed81..d1c8083286 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -305,7 +305,9 @@ mod client_hello { if let Some(ref resume) = resumedata { cx.data.received_resumption_data = Some(resume.application_data.0.clone()); - cx.common.peer_certificates = resume.client_cert_chain.clone(); + cx.common + .peer_certificates + .clone_from(&resume.client_cert_chain); } let full_handshake = resumedata.is_none(); From db4b6c8069954e6ab4ea5ac40b0b65542c073301 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 11 Mar 2024 13:33:47 +0000 Subject: [PATCH 0837/1145] Address `clippy::multiple_bound_locations` --- rustls/src/limited_cache.rs | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/rustls/src/limited_cache.rs b/rustls/src/limited_cache.rs index 67215a0454..6c1c777515 100644 --- a/rustls/src/limited_cache.rs +++ b/rustls/src/limited_cache.rs @@ -47,10 +47,9 @@ where } } - pub(crate) fn get_mut(&mut self, k: &Q) -> Option<&mut V> + pub(crate) fn get_mut(&mut self, k: &Q) -> Option<&mut V> where K: Borrow, - Q: Hash + Eq, { self.map.get_mut(k) } @@ -93,18 +92,16 @@ where } } - pub(crate) fn get(&self, k: &Q) -> Option<&V> + pub(crate) fn get(&self, k: &Q) -> Option<&V> where K: Borrow, - Q: Hash + Eq, { self.map.get(k) } - pub(crate) fn remove(&mut self, k: &Q) -> Option + pub(crate) fn remove(&mut self, k: &Q) -> Option where K: Borrow, - Q: Hash + Eq, { if let Some(value) = self.map.remove(k) { // O(N) search, followed by O(N) removal From 7a9d9788c8daf48ba6105e85d6071878e3a5e03f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 11 Mar 2024 13:34:29 +0000 Subject: [PATCH 0838/1145] Address `clippy::mixed_attributes_style` --- rustls/src/msgs/enums.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 53bab99447..862023b25d 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -346,8 +346,8 @@ enum_builder! { #[cfg(test)] pub(crate) mod tests { - //! These tests are intended to provide coverage and - //! check panic-safety of relatively unused values. + // These tests are intended to provide coverage and + // check panic-safety of relatively unused values. use std::prelude::v1::*; From 52efdc99c9eeabf2cc42cc3ee765b4ca395cb1ee Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 11 Mar 2024 13:36:29 +0000 Subject: [PATCH 0839/1145] Avoid `clippy::std_instead_of_core` false positive This is complaining about the import of the `env` module from `std::env`, instead of `core::env`. However, `core::env` is a completely different item -- it is the `env!` macro. --- rustls/src/key_log_file.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rustls/src/key_log_file.rs b/rustls/src/key_log_file.rs index 99b65161db..2e028be912 100644 --- a/rustls/src/key_log_file.rs +++ b/rustls/src/key_log_file.rs @@ -1,10 +1,11 @@ use alloc::vec::Vec; use core::fmt::{Debug, Formatter}; +use std::env::var_os; use std::ffi::OsString; use std::fs::{File, OpenOptions}; +use std::io; use std::io::Write; use std::sync::Mutex; -use std::{env, io}; #[cfg(feature = "logging")] use crate::log::warn; @@ -92,7 +93,7 @@ impl KeyLogFile { /// Makes a new `KeyLogFile`. The environment variable is /// inspected and the named file is opened during this call. pub fn new() -> Self { - let var = env::var_os("SSLKEYLOGFILE"); + let var = var_os("SSLKEYLOGFILE"); Self(Mutex::new(KeyLogFileInner::new(var))) } } From 700028200af82e3b77c08fc85f150c527774c05a Mon Sep 17 00:00:00 2001 From: Josh Triplett Date: Mon, 11 Mar 2024 10:11:07 -0700 Subject: [PATCH 0840/1145] Add an `aws-lc-rs` feature as an alias for `aws_lc_rs` The vast majority of Cargo features in the crates ecosystem use dashes to separate words, rather than underscores. The fact that `aws_lc_rs` uses underscores, and some crates depending on rustls naturally use the same name for the feature that rustls does, has led some crates to end up with inconsistent feature naming that throws people off (e.g. using the wrong feature name and being surprised at the resulting compilation failures), and has led other crates to use `aws-lc-rs` for consistency with their other features which causes inconsistency with rustls. Add an alias, so that it works either way, and people can reference either one. --- rustls/Cargo.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 706e8bbbec..74599e134a 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -31,6 +31,7 @@ default = ["aws_lc_rs", "logging", "std", "tls12"] std = ["webpki/std", "pki-types/std", "once_cell/std"] logging = ["log"] aws_lc_rs = ["dep:aws-lc-rs", "webpki/aws_lc_rs"] +aws-lc-rs = ["aws_lc_rs"] # Alias because Cargo features commonly use `-` ring = ["dep:ring", "webpki/ring"] tls12 = [] read_buf = ["rustversion", "std"] From 479aec0a9add7f5ca9cffb2216781d342d313039 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Mar 2024 15:01:12 -0400 Subject: [PATCH 0841/1145] deps: clap 4.5.1 -> 4.5.2 --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 274ddfb727..a0796ec8b2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -540,9 +540,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.1" +version = "4.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c918d541ef2913577a0f9566e9ce27cb35b6df072075769e0b26cb5a554520da" +checksum = "b230ab84b0ffdf890d5a10abdbc8b83ae1c4918275daea1ab8801f71536b2651" dependencies = [ "clap_builder", "clap_derive", @@ -550,9 +550,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.1" +version = "4.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f3e7391dad68afb0c2ede1bf619f579a3dc9c2ec67f089baa397123a2f3d1eb" +checksum = "ae129e2e766ae0ec03484e609954119f123cc1fe650337e155d03b022f24f7b4" dependencies = [ "anstream", "anstyle", From afedcfe7334bb0541d7e2fac2cf057e38ac9016b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Mar 2024 15:02:16 -0400 Subject: [PATCH 0842/1145] deps: rayon 0.8.1 -> 1.9.0 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a0796ec8b2..f229102e2e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1953,9 +1953,9 @@ dependencies = [ [[package]] name = "rayon" -version = "1.8.1" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa7237101a77a10773db45d62004a272517633fbcc3df19d96455ede1122e051" +checksum = "e4963ed1bc86e4f3ee217022bd855b297cef07fb9eac5dfa1f788b220b49b3bd" dependencies = [ "either", "rayon-core", From f4ba5341d6543df7a49dde2635cc88f47b741067 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Mar 2024 15:02:40 -0400 Subject: [PATCH 0843/1145] deps: rustls-pemfile 2.1.0 -> 2.1.1 --- Cargo.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f229102e2e..93bce3a9cd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2149,7 +2149,7 @@ dependencies = [ "num-bigint", "once_cell", "ring", - "rustls-pemfile 2.1.0", + "rustls-pemfile 2.1.1", "rustls-pki-types", "rustls-webpki 0.102.2", "rustversion", @@ -2170,7 +2170,7 @@ dependencies = [ "itertools", "rayon", "rustls 0.23.1", - "rustls-pemfile 2.1.0", + "rustls-pemfile 2.1.1", "rustls-pki-types", ] @@ -2195,7 +2195,7 @@ dependencies = [ "mio", "rcgen", "rustls 0.23.1", - "rustls-pemfile 2.1.0", + "rustls-pemfile 2.1.1", "rustls-pki-types", "serde", "serde_derive", @@ -2213,7 +2213,7 @@ dependencies = [ "once_cell", "openssl", "rustls 0.23.1", - "rustls-pemfile 2.1.0", + "rustls-pemfile 2.1.1", "rustls-pki-types", ] @@ -2228,9 +2228,9 @@ dependencies = [ [[package]] name = "rustls-pemfile" -version = "2.1.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c333bb734fcdedcea57de1602543590f545f127dc8b533324318fd492c5c70b" +checksum = "f48172685e6ff52a556baa527774f61fcaa884f59daf3375c62a3f1cd2549dab" dependencies = [ "base64", "rustls-pki-types", From 811d55eda430b917e070976899d3e9786541b3ea Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Mar 2024 15:03:02 -0400 Subject: [PATCH 0844/1145] deps: asn1 0.16.0 -> 0.16.1 --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 93bce3a9cd..191e9e4fef 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -117,18 +117,18 @@ checksum = "5ad32ce52e4161730f7098c077cd2ed6229b5804ccf99e5366be1ab72a98b4e1" [[package]] name = "asn1" -version = "0.16.0" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a227d599843d72985b747c71958d16d670a6e6bc06fadf064570cae70c11fd0a" +checksum = "889adc8fd6c1344619926529e605cccad1f832b3a2a5a3fe6d7c8557c8f05368" dependencies = [ "asn1_derive", ] [[package]] name = "asn1_derive" -version = "0.16.0" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87132221a3cb3794c8def2208c723276686e0cd771541deb7768905ce13dc603" +checksum = "e2271cec9b830009b9c3b9e21767083c553f51f996b690c476c27f541199aa99" dependencies = [ "proc-macro2", "quote", From 7588262aaca2636daeca7a69c84bb36d05e14338 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Mar 2024 15:03:33 -0400 Subject: [PATCH 0845/1145] deps: rustls-pki-types 1.3.0 -> 1.3.1 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 191e9e4fef..a95d253974 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2238,9 +2238,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.3.0" +version = "1.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "048a63e5b3ac996d78d402940b5fa47973d2d080c6c6fffa1d0f19c4445310b7" +checksum = "5ede67b28608b4c60685c7d54122d4400d90f62b40caee7700e700380a390fa8" [[package]] name = "rustls-provider-example" From 0398ac50fe18521da038aa39b55eec6c83450523 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 11 Mar 2024 15:04:06 -0400 Subject: [PATCH 0846/1145] deps: log 0.4.20 -> 0.4.21 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a95d253974..d5af90a1ca 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1480,9 +1480,9 @@ dependencies = [ [[package]] name = "log" -version = "0.4.20" +version = "0.4.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" dependencies = [ "value-bag", ] From 6304e8f24c3577521b96fb4428fef086c7271845 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 12 Dec 2023 10:02:04 +0000 Subject: [PATCH 0847/1145] Introduce rustls-post-quantum "crate" skeleton --- Cargo.lock | 7 +++++++ Cargo.toml | 3 +++ rustls-post-quantum/Cargo.toml | 8 ++++++++ rustls-post-quantum/src/lib.rs | 7 +++++++ 4 files changed, 25 insertions(+) create mode 100644 rustls-post-quantum/Cargo.toml create mode 100644 rustls-post-quantum/src/lib.rs diff --git a/Cargo.lock b/Cargo.lock index d5af90a1ca..ee36684b5c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2242,6 +2242,13 @@ version = "1.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5ede67b28608b4c60685c7d54122d4400d90f62b40caee7700e700380a390fa8" +[[package]] +name = "rustls-post-quantum" +version = "0.1.0" +dependencies = [ + "rustls 0.23.1", +] + [[package]] name = "rustls-provider-example" version = "0.0.1" diff --git a/Cargo.toml b/Cargo.toml index 1a26a0f796..6bd163fc01 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,10 +12,13 @@ members = [ "rustls", # example of custom provider "provider-example", + # experimental post-quantum algorithm support + "rustls-post-quantum", ] default-members = [ "examples", "rustls", + "rustls-post-quantum", ] exclude = ["admin/rustfmt"] resolver = "2" diff --git a/rustls-post-quantum/Cargo.toml b/rustls-post-quantum/Cargo.toml new file mode 100644 index 0000000000..eb5e523450 --- /dev/null +++ b/rustls-post-quantum/Cargo.toml @@ -0,0 +1,8 @@ +[package] +name = "rustls-post-quantum" +version = "0.1.0" +edition = "2021" +publish = false + +[dependencies] +rustls = { path = "../rustls", features = ["aws_lc_rs"] } diff --git a/rustls-post-quantum/src/lib.rs b/rustls-post-quantum/src/lib.rs new file mode 100644 index 0000000000..503975ed91 --- /dev/null +++ b/rustls-post-quantum/src/lib.rs @@ -0,0 +1,7 @@ +use rustls::crypto::aws_lc_rs::default_provider; +use rustls::crypto::CryptoProvider; + +/// A `CryptoProvider` which includes `X25519Kyber768Draft00` key exchange. +pub fn provider() -> CryptoProvider { + default_provider() +} From 96f07d7e208fb3222d4f1073efbd9c84c6216f5c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Dec 2023 17:53:56 +0000 Subject: [PATCH 0848/1145] Support KEM-shaped key exchange algorithms In these, the server's share has a data dependency on the client's share. Therefore, fuse the start() and complete() operations in this case. This is only supported for TLS1.3. TLS1.2 does not allow this arrangement. --- rustls/src/crypto/mod.rs | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 853ff6bb91..74b19ea634 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -379,6 +379,25 @@ pub trait SupportedKxGroup: Send + Sync + Debug { /// This can fail if the random source fails during ephemeral key generation. fn start(&self) -> Result, Error>; + /// Start and complete a key exchange, in one operation. + /// + /// The default implementation for this calls `start()` and then calls + /// `complete()` on the result. This is suitable for Diffie-Hellman-like + /// key exchange algorithms, where there is not a data dependency between + /// our key share (named "pub_key" in this API) and the peer's (`peer_pub_key`). + /// + /// If there is such a data dependency (like key encapsulation mechanisms), this + /// function should be implemented. + fn start_and_complete(&self, peer_pub_key: &[u8]) -> Result { + let kx = self.start()?; + + Ok(CompletedKeyExchange { + group: kx.group(), + pub_key: kx.pub_key().to_vec(), + secret: kx.complete(peer_pub_key)?, + }) + } + /// Named group the SupportedKxGroup operates in. /// /// If the `NamedGroup` enum does not have a name for the algorithm you are implementing, @@ -463,6 +482,18 @@ pub trait ActiveKeyExchange: Send + Sync { fn group(&self) -> NamedGroup; } +/// The result from [`SupportedKxGroup::start_and_complete()`]. +pub struct CompletedKeyExchange { + /// Which group was used. + pub group: NamedGroup, + + /// Our key share (sometimes a public key). + pub pub_key: Vec, + + /// The computed shared secret. + pub secret: SharedSecret, +} + /// The result from [`ActiveKeyExchange::complete`]. pub struct SharedSecret { buf: Vec, From d4ec42ec1c294ce35b3366de77a293fee4f10cc2 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Dec 2023 18:12:45 +0000 Subject: [PATCH 0849/1145] Switch to using `SupportedKxGroup::start_and_complete()` This isn't really compatible with the plumbing to allow a HKDF implementation to do the key exchange completion, so unpick this. --- rustls/src/client/tls13.rs | 5 +++-- rustls/src/msgs/handshake.rs | 4 ++-- rustls/src/msgs/handshake_test.rs | 4 ++-- rustls/src/server/tls13.rs | 10 ++++++---- rustls/src/tls13/key_schedule.rs | 26 +++++--------------------- 5 files changed, 18 insertions(+), 31 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 698e8dd7d2..a3c746e757 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -143,8 +143,9 @@ pub(super) fn handle_server_hello( KeySchedulePreHandshake::new(suite) }; - let key_schedule = - key_schedule_pre_handshake.into_handshake(our_key_share, &their_key_share.payload.0)?; + let shared_secret = our_key_share.complete(&their_key_share.payload.0)?; + + let key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret); // Remember what KX group the server liked for next time. config diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 131dbcce72..3875c30a36 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -350,10 +350,10 @@ pub struct KeyShareEntry { } impl KeyShareEntry { - pub fn new(group: NamedGroup, payload: &[u8]) -> Self { + pub fn new(group: NamedGroup, payload: impl Into>) -> Self { Self { group, - payload: PayloadU16::new(payload.to_vec()), + payload: PayloadU16::new(payload.into()), } } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 2f94de396b..11efe6be7c 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -376,7 +376,7 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload { ClientExtension::SessionTicket(ClientSessionTicket::Offer(Payload::Borrowed(&[]))), ClientExtension::Protocols(vec![ProtocolName::from(vec![0])]), ClientExtension::SupportedVersions(vec![ProtocolVersion::TLSv1_3]), - ClientExtension::KeyShare(vec![KeyShareEntry::new(NamedGroup::X25519, &[1, 2, 3])]), + ClientExtension::KeyShare(vec![KeyShareEntry::new(NamedGroup::X25519, &[1, 2, 3][..])]), ClientExtension::PresharedKeyModes(vec![PSKKeyExchangeMode::PSK_DHE_KE]), ClientExtension::PresharedKey(PresharedKeyOffer { identities: vec![ @@ -752,7 +752,7 @@ fn get_sample_serverhellopayload() -> ServerHelloPayload { ServerExtension::SessionTicketAck, ServerExtension::RenegotiationInfo(PayloadU8(vec![0])), ServerExtension::Protocols(vec![ProtocolName::from(vec![0])]), - ServerExtension::KeyShare(KeyShareEntry::new(NamedGroup::X25519, &[1, 2, 3])), + ServerExtension::KeyShare(KeyShareEntry::new(NamedGroup::X25519, &[1, 2, 3][..])), ServerExtension::PresharedKey(3), ServerExtension::ExtendedMasterSecretAck, ServerExtension::CertificateStatusAck, diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index d1c8083286..de8f41cea7 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -447,10 +447,12 @@ mod client_hello { // Prepare key exchange; the caller already found the matching SupportedKxGroup let (share, kxgroup) = share_and_kxgroup; debug_assert_eq!(kxgroup.name(), share.group); - let kx = kxgroup.start()?; + let ckx = kxgroup.start_and_complete(&share.payload.0)?; - let kse = KeyShareEntry::new(share.group, kx.pub_key()); - extensions.push(ServerExtension::KeyShare(kse)); + extensions.push(ServerExtension::KeyShare(KeyShareEntry::new( + ckx.group, + ckx.pub_key, + ))); extensions.push(ServerExtension::SupportedVersions(ProtocolVersion::TLSv1_3)); if let Some(psk_idx) = chosen_psk_idx { @@ -496,7 +498,7 @@ mod client_hello { }; // Do key exchange - let key_schedule = key_schedule_pre_handshake.into_handshake(kx, &share.payload.0)?; + let key_schedule = key_schedule_pre_handshake.into_handshake(ckx.secret); let handshake_hash = transcript.current_hash(); let key_schedule = key_schedule.derive_server_handshake_secrets( diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 85636b3a58..d95986ff8d 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -4,7 +4,7 @@ use alloc::string::ToString; use crate::common_state::{CommonState, Side}; use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter}; use crate::crypto::tls13::{expand, Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; -use crate::crypto::{hash, hmac, ActiveKeyExchange}; +use crate::crypto::{hash, hmac, SharedSecret}; use crate::error::Error; use crate::suites::PartiallyExtractedSecrets; use crate::{quic, KeyLog, Tls13CipherSuite}; @@ -142,12 +142,11 @@ impl KeySchedulePreHandshake { pub(crate) fn into_handshake( mut self, - kx: Box, - peer_public_key: &[u8], - ) -> Result { + shared_secret: SharedSecret, + ) -> KeyScheduleHandshakeStart { self.ks - .input_from_key_exchange(kx, peer_public_key)?; - Ok(KeyScheduleHandshakeStart { ks: self.ks }) + .input_secret(shared_secret.secret_bytes()); + KeyScheduleHandshakeStart { ks: self.ks } } } @@ -606,7 +605,6 @@ impl KeySchedule { } /// Input the given secret. - #[cfg(all(test, any(feature = "ring", feature = "aws_lc_rs")))] fn input_secret(&mut self, secret: &[u8]) { let salt = self.derive_for_empty_hash(SecretKind::DerivedSecret); self.current = self @@ -615,20 +613,6 @@ impl KeySchedule { .extract_from_secret(Some(salt.as_ref()), secret); } - /// Input the shared secret resulting from completing the given key exchange. - fn input_from_key_exchange( - &mut self, - kx: Box, - peer_public_key: &[u8], - ) -> Result<(), Error> { - let salt = self.derive_for_empty_hash(SecretKind::DerivedSecret); - self.current = self - .suite - .hkdf_provider - .extract_from_kx_shared_secret(Some(salt.as_ref()), kx, peer_public_key)?; - Ok(()) - } - /// Derive a secret of given `kind`, using current handshake hash `hs_hash`. fn derive(&self, kind: SecretKind, hs_hash: &[u8]) -> OkmBlock { hkdf_expand_label_block(self.current.as_ref(), kind.to_bytes(), hs_hash) From 092f3b569a36bb5754a53cfac0009e7efcf0850d Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 12 Dec 2023 12:46:34 +0000 Subject: [PATCH 0850/1145] Implement X25519Kyber768Draft00 key exchange --- Cargo.lock | 1 + rustls-post-quantum/Cargo.toml | 1 + rustls-post-quantum/src/lib.rs | 227 ++++++++++++++++++++++++++++++++- 3 files changed, 226 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ee36684b5c..4131fc50b4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2246,6 +2246,7 @@ checksum = "5ede67b28608b4c60685c7d54122d4400d90f62b40caee7700e700380a390fa8" name = "rustls-post-quantum" version = "0.1.0" dependencies = [ + "aws-lc-rs", "rustls 0.23.1", ] diff --git a/rustls-post-quantum/Cargo.toml b/rustls-post-quantum/Cargo.toml index eb5e523450..5b95ed6cea 100644 --- a/rustls-post-quantum/Cargo.toml +++ b/rustls-post-quantum/Cargo.toml @@ -6,3 +6,4 @@ publish = false [dependencies] rustls = { path = "../rustls", features = ["aws_lc_rs"] } +aws-lc-rs = { version = "1.6", features = ["unstable"], default-features = false } diff --git a/rustls-post-quantum/src/lib.rs b/rustls-post-quantum/src/lib.rs index 503975ed91..9453c43d8c 100644 --- a/rustls-post-quantum/src/lib.rs +++ b/rustls-post-quantum/src/lib.rs @@ -1,7 +1,228 @@ -use rustls::crypto::aws_lc_rs::default_provider; -use rustls::crypto::CryptoProvider; +//! This crate provides a [`rustls::crypto::CryptoProvider`] that includes +//! a hybrid[^1], post-quantum-secure[^2] key exchange algorithm -- +//! specifically [X25519Kyber768Draft00]. +//! +//! X25519Kyber768Draft00 is pre-standardization, so you should treat +//! this as experimental. You may see unexpected interop failures, and +//! the algorithm implemented here may not be the one that eventually +//! becomes widely deployed. +//! +//! However, the two components of this key exchange are well regarded: +//! X25519 alone is already used by default by rustls, and tends to have +//! higher quality implementations than other elliptic curves. +//! Kyber768 was recently standardized by NIST as ML-KEM-768. +//! +//! [^1]: meaning: a construction that runs a classical and post-quantum +//! key exchange, and uses the output of both together. This is a hedge +//! against the post-quantum half being broken. +//! +//! [^2]: a "post-quantum-secure" algorithm is one posited to be invulnerable +//! to attack using a cryptographically-relevant quantum computer. In contrast, +//! classical algorithms would be broken by such a computer. Note that such computers +//! do not currently exist, and may never exist, but current traffic could be captured +//! now and attacked later. +//! +//! [X25519Kyber768Draft00]: +//! +//! # How to use this crate +//! +//! There are a few options: +//! +//! **To use this as the rustls default provider**: include this code early in your program: +//! +//! ```rust +//! rustls_post_quantum::provider().install_default().unwrap(); +//! ``` +//! +//! **To incorporate just the key exchange algorithm in a custom [`rustls::crypto::CryptoProvider`]**: +//! +//! ```rust +//! use rustls::crypto::{aws_lc_rs, CryptoProvider}; +//! let parent = aws_lc_rs::default_provider(); +//! let my_provider = CryptoProvider { +//! kx_groups: vec![ +//! &rustls_post_quantum::X25519Kyber768Draft00, +//! aws_lc_rs::kx_group::X25519, +//! ], +//! ..parent +//! }; +//! ``` +//! + +use rustls::crypto::aws_lc_rs::{default_provider, kx_group}; +use rustls::crypto::{ + ActiveKeyExchange, CompletedKeyExchange, CryptoProvider, SharedSecret, SupportedKxGroup, +}; +use rustls::{Error, NamedGroup, PeerMisbehaved}; + +use aws_lc_rs::kem; +use aws_lc_rs::unstable::kem::{get_algorithm, AlgorithmId}; /// A `CryptoProvider` which includes `X25519Kyber768Draft00` key exchange. pub fn provider() -> CryptoProvider { - default_provider() + let mut parent = default_provider(); + parent + .kx_groups + .insert(0, &X25519Kyber768Draft00); + parent +} + +/// This is the [X25519Kyber768Draft00] key exchange. +/// +/// [X25519Kyber768Draft00]: +#[derive(Debug)] +pub struct X25519Kyber768Draft00; + +impl SupportedKxGroup for X25519Kyber768Draft00 { + fn start(&self) -> Result, Error> { + let x25519 = kx_group::X25519.start()?; + + let kyber = kem::DecapsulationKey::generate(kyber768_r3()) + .map_err(|_| Error::FailedToGetRandomBytes)?; + + let kyber_pub = kyber + .encapsulation_key() + .map_err(|_| Error::FailedToGetRandomBytes)?; + + let mut combined_pub_key = Vec::with_capacity(COMBINED_PUBKEY_LEN); + combined_pub_key.extend_from_slice(x25519.pub_key()); + combined_pub_key.extend_from_slice(kyber_pub.key_bytes().unwrap().as_ref()); + + Ok(Box::new(Active { + x25519, + decap_key: Box::new(kyber), + combined_pub_key, + })) + } + + fn start_and_complete(&self, client_share: &[u8]) -> Result { + let share = match ReceivedShare::new(client_share) { + Some(share) => share, + None => return Err(INVALID_KEY_SHARE), + }; + + let x25519 = kx_group::X25519.start_and_complete(share.x25519)?; + + let (kyber_share, kyber_secret) = kem::EncapsulationKey::new(kyber768_r3(), share.kyber) + .map_err(|_| INVALID_KEY_SHARE) + .and_then(|pk| { + pk.encapsulate() + .map_err(|_| INVALID_KEY_SHARE) + })?; + + let combined_secret = CombinedSecret::combine(x25519.secret, kyber_secret); + let combined_share = CombinedShare::combine(&x25519.pub_key, kyber_share); + + Ok(CompletedKeyExchange { + group: self.name(), + pub_key: combined_share.0, + secret: SharedSecret::from(&combined_secret.0[..]), + }) + } + + fn name(&self) -> NamedGroup { + NAMED_GROUP + } +} + +struct Active { + x25519: Box, + decap_key: Box>, + combined_pub_key: Vec, +} + +impl ActiveKeyExchange for Active { + fn complete(self: Box, peer_pub_key: &[u8]) -> Result { + let ciphertext = match ReceivedCiphertext::new(peer_pub_key) { + Some(ct) => ct, + None => { + return Err(INVALID_KEY_SHARE); + } + }; + + let combined = CombinedSecret::combine( + self.x25519 + .complete(ciphertext.x25519)?, + self.decap_key + .decapsulate(ciphertext.kyber.into()) + .map_err(|_| INVALID_KEY_SHARE)?, + ); + Ok(SharedSecret::from(&combined.0[..])) + } + + fn pub_key(&self) -> &[u8] { + &self.combined_pub_key + } + + fn group(&self) -> NamedGroup { + NAMED_GROUP + } } + +struct ReceivedShare<'a> { + x25519: &'a [u8], + kyber: &'a [u8], +} + +impl<'a> ReceivedShare<'a> { + fn new(buf: &'a [u8]) -> Option> { + if buf.len() != COMBINED_PUBKEY_LEN { + return None; + } + + let (x25519, kyber) = buf.split_at(X25519_LEN); + Some(ReceivedShare { x25519, kyber }) + } +} + +struct ReceivedCiphertext<'a> { + x25519: &'a [u8], + kyber: &'a [u8], +} + +impl<'a> ReceivedCiphertext<'a> { + fn new(buf: &'a [u8]) -> Option> { + if buf.len() != COMBINED_CIPHERTEXT_LEN { + return None; + } + + let (x25519, kyber) = buf.split_at(X25519_LEN); + Some(ReceivedCiphertext { x25519, kyber }) + } +} + +struct CombinedSecret([u8; COMBINED_SHARED_SECRET_LEN]); + +impl CombinedSecret { + fn combine(x25519: SharedSecret, kyber: kem::SharedSecret) -> Self { + let mut out = CombinedSecret([0u8; COMBINED_SHARED_SECRET_LEN]); + out.0[..X25519_LEN].copy_from_slice(x25519.secret_bytes()); + out.0[X25519_LEN..].copy_from_slice(kyber.as_ref()); + out + } +} + +struct CombinedShare(Vec); + +impl CombinedShare { + fn combine(x25519: &[u8], kyber: kem::Ciphertext) -> Self { + let mut out = CombinedShare(vec![0u8; COMBINED_CIPHERTEXT_LEN]); + out.0[..X25519_LEN].copy_from_slice(x25519); + out.0[X25519_LEN..].copy_from_slice(kyber.as_ref()); + out + } +} + +fn kyber768_r3() -> &'static kem::Algorithm { + get_algorithm(AlgorithmId::Kyber768_R3).expect("Kyber768_R3 not available") +} + +const NAMED_GROUP: NamedGroup = NamedGroup::Unknown(0x6399); + +const INVALID_KEY_SHARE: Error = Error::PeerMisbehaved(PeerMisbehaved::InvalidKeyShare); + +const X25519_LEN: usize = 32; +const KYBER_CIPHERTEXT_LEN: usize = 1088; +const COMBINED_PUBKEY_LEN: usize = X25519_LEN + 1184; +const COMBINED_CIPHERTEXT_LEN: usize = X25519_LEN + KYBER_CIPHERTEXT_LEN; +const COMBINED_SHARED_SECRET_LEN: usize = X25519_LEN + 32; From 62e154cb997a81a1425ec99cf1b8da69acf49dd8 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 14 Dec 2023 13:44:40 +0000 Subject: [PATCH 0851/1145] Add example client --- .github/workflows/daily-tests.yml | 3 ++ Cargo.lock | 2 + examples/src/bin/simpleclient.rs | 8 ++-- rustls-post-quantum/Cargo.toml | 4 ++ rustls-post-quantum/examples/client.rs | 58 ++++++++++++++++++++++++++ 5 files changed, 70 insertions(+), 5 deletions(-) create mode 100644 rustls-post-quantum/examples/client.rs diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 55098835fe..a0533f89d3 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -118,6 +118,9 @@ jobs: - name: Check provider-example client run: cargo run --locked -p rustls-provider-example --example client + - name: Check rustls-post-quantum client + run: cargo run --locked -p rustls-post-quantum --example client | grep 'kex=X25519Kyber768Draft00' + feature-powerset: name: Feature Powerset diff --git a/Cargo.lock b/Cargo.lock index 4131fc50b4..a20f4d72e4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2247,7 +2247,9 @@ name = "rustls-post-quantum" version = "0.1.0" dependencies = [ "aws-lc-rs", + "env_logger", "rustls 0.23.1", + "webpki-roots 0.26.1", ] [[package]] diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs index 35b7c15a66..6b042ed021 100644 --- a/examples/src/bin/simpleclient.rs +++ b/examples/src/bin/simpleclient.rs @@ -15,11 +15,9 @@ use std::sync::Arc; use rustls::RootCertStore; fn main() { - let root_store = RootCertStore::from_iter( - webpki_roots::TLS_SERVER_ROOTS - .iter() - .cloned(), - ); + let root_store = RootCertStore { + roots: webpki_roots::TLS_SERVER_ROOTS.into(), + }; let mut config = rustls::ClientConfig::builder() .with_root_certificates(root_store) .with_no_client_auth(); diff --git a/rustls-post-quantum/Cargo.toml b/rustls-post-quantum/Cargo.toml index 5b95ed6cea..c2a9627bf9 100644 --- a/rustls-post-quantum/Cargo.toml +++ b/rustls-post-quantum/Cargo.toml @@ -7,3 +7,7 @@ publish = false [dependencies] rustls = { path = "../rustls", features = ["aws_lc_rs"] } aws-lc-rs = { version = "1.6", features = ["unstable"], default-features = false } + +[dev-dependencies] +env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) +webpki-roots = "0.26" diff --git a/rustls-post-quantum/examples/client.rs b/rustls-post-quantum/examples/client.rs new file mode 100644 index 0000000000..574252faad --- /dev/null +++ b/rustls-post-quantum/examples/client.rs @@ -0,0 +1,58 @@ +//! This is the simplest possible client using rustls-postquantum, based on +//! `simpleclient.rs`. +//! +//! It sends a HTTP request to pq.cloudflareresearch.com and prints the response to +//! stdout. Observe in that output: `kex=X25519Kyber768Draft00` +//! +//! Note that `unwrap()` is used to deal with networking errors; this is not something +//! that is sensible outside of example code. + +use std::io::{stdout, Read, Write}; +use std::net::TcpStream; +use std::sync::Arc; + +fn main() { + env_logger::init(); + rustls_post_quantum::provider() + .install_default() + .unwrap(); + + let root_store = rustls::RootCertStore { + roots: webpki_roots::TLS_SERVER_ROOTS.into(), + }; + + let config = rustls::ClientConfig::builder() + .with_root_certificates(root_store) + .with_no_client_auth(); + + let server_name = "pq.cloudflareresearch.com" + .try_into() + .unwrap(); + let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap(); + let mut sock = TcpStream::connect("pq.cloudflareresearch.com:443").unwrap(); + let mut tls = rustls::Stream::new(&mut conn, &mut sock); + tls.write_all( + concat!( + "GET /cdn-cgi/trace HTTP/1.0\r\n", + "Host: pq.cloudflareresearch.com\r\n", + "Connection: close\r\n", + "Accept-Encoding: identity\r\n", + "\r\n" + ) + .as_bytes(), + ) + .unwrap(); + let ciphersuite = tls + .conn + .negotiated_cipher_suite() + .unwrap(); + writeln!( + &mut std::io::stderr(), + "Current ciphersuite: {:?}", + ciphersuite.suite() + ) + .unwrap(); + let mut plaintext = Vec::new(); + tls.read_to_end(&mut plaintext).unwrap(); + stdout().write_all(&plaintext).unwrap(); +} From 295cfdef46b293493e44d2371959a889e1e36dcd Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Mar 2024 16:03:03 +0000 Subject: [PATCH 0852/1145] Mention rustls-post-quantum in providers docs --- README.md | 3 +++ rustls/src/lib.rs | 3 +++ 2 files changed, 6 insertions(+) diff --git a/README.md b/README.md index 087ce167fa..01db620444 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,8 @@ The community has also started developing third-party providers for Rustls: cryptography. * [`rustls-rustcrypto`] - an experimental provider that uses the crypto primitives from [`RustCrypto`] for cryptography. +* [`rustls-post-quantum`]: an experimental provider that adds support for post-quantum +key exchange to the default aws-lc-rs provider. [`rustls-mbedtls-provider`]: https://github.com/fortanix/rustls-mbedtls-provider [`mbedtls`]: https://github.com/Mbed-TLS/mbedtls @@ -101,6 +103,7 @@ from [`RustCrypto`] for cryptography. [`boringssl`]: https://github.com/google/boringssl [`rustls-rustcrypto`]: https://github.com/RustCrypto/rustls-rustcrypto [`RustCrypto`]: https://github.com/RustCrypto +[`rustls-post-quantum`]: https://crates.io/crates/rustls-post-quantum #### Custom provider diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index b88b63e7dd..1cdaaa4f1c 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -61,6 +61,8 @@ //! cryptography. //! * [`rustls-rustcrypto`] - an experimental provider that uses the crypto primitives //! from [`RustCrypto`] for cryptography. +//! * [`rustls-post-quantum`]: an experimental provider that adds support for post-quantum +//! key exchange to the default aws-lc-rs provider. //! //! [`rustls-mbedtls-provider`]: https://github.com/fortanix/rustls-mbedtls-provider //! [`mbedtls`]: https://github.com/Mbed-TLS/mbedtls @@ -68,6 +70,7 @@ //! [`boringssl`]: https://github.com/google/boringssl //! [`rustls-rustcrypto`]: https://github.com/RustCrypto/rustls-rustcrypto //! [`RustCrypto`]: https://github.com/RustCrypto +//! [`rustls-post-quantum`]: https://crates.io/crates/rustls-post-quantum //! //! #### Custom provider //! From bbef4b3ea72e610c8afad8d33706ee2e0e6a3c47 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Mar 2024 16:02:54 +0000 Subject: [PATCH 0853/1145] Prepare 0.23.2 --- Cargo.lock | 14 +++++++------- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a20f4d72e4..a4f5060a1a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2139,7 +2139,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.1" +version = "0.23.2" dependencies = [ "aws-lc-rs", "base64", @@ -2169,7 +2169,7 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls 0.23.1", + "rustls 0.23.2", "rustls-pemfile 2.1.1", "rustls-pki-types", ] @@ -2181,7 +2181,7 @@ dependencies = [ "hickory-resolver", "regex", "ring", - "rustls 0.23.1", + "rustls 0.23.2", ] [[package]] @@ -2194,7 +2194,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.1", + "rustls 0.23.2", "rustls-pemfile 2.1.1", "rustls-pki-types", "serde", @@ -2212,7 +2212,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.1", + "rustls 0.23.2", "rustls-pemfile 2.1.1", "rustls-pki-types", ] @@ -2248,7 +2248,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.1", + "rustls 0.23.2", "webpki-roots 0.26.1", ] @@ -2270,7 +2270,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.1", + "rustls 0.23.2", "rustls-pki-types", "rustls-webpki 0.102.2", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index e8cbc615e8..130ed95030 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -360,7 +360,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.1" +version = "0.23.2" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 74599e134a..d73d914ed1 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.1" +version = "0.23.2" edition = "2021" rust-version = "1.61" license = "Apache-2.0 OR ISC OR MIT" From 92cb23e6e5cb6247664d9ee9d98bb3f8e25be1e4 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Mar 2024 16:51:34 +0000 Subject: [PATCH 0854/1145] Add bare-bones README.md --- rustls-post-quantum/README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 rustls-post-quantum/README.md diff --git a/rustls-post-quantum/README.md b/rustls-post-quantum/README.md new file mode 100644 index 0000000000..d6b3bf4b9e --- /dev/null +++ b/rustls-post-quantum/README.md @@ -0,0 +1,18 @@ +

+ +

+ +

+Rustls is a modern TLS library written in Rust. +

+ +# rustls-post-quantum + +This crate provides experimental support for [X25519Kyber768Draft00] post-quantum +key exchange. See [the documentation][docs] for more details. + +This crate is release under the same licenses as the [main rustls crate][rustls]. + +[X25519Kyber768Draft00]: https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/03/ +[docs]: https://docs.rs/rustls-post-quantum/latest/ +[rustls]: https://crates.io/crates/rustls From 9a911841cd073244e995015fd52e0e5d6797c6c7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 13 Mar 2024 16:51:56 +0000 Subject: [PATCH 0855/1145] Prepare rustls-post-quantum 0.1.0 --- Cargo.lock | 17 ++++++++++++++++- rustls-post-quantum/Cargo.toml | 9 +++++++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a4f5060a1a..960e07da77 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2158,6 +2158,21 @@ dependencies = [ "zeroize", ] +[[package]] +name = "rustls" +version = "0.23.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dfbdb5ddfafe3040e01fe9dced711e27b5336ac97d4a9b2089f0066a04b5846" +dependencies = [ + "aws-lc-rs", + "log", + "once_cell", + "rustls-pki-types", + "rustls-webpki 0.102.2", + "subtle", + "zeroize", +] + [[package]] name = "rustls-ci-bench" version = "0.0.1" @@ -2248,7 +2263,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.2", + "rustls 0.23.2 (registry+https://github.com/rust-lang/crates.io-index)", "webpki-roots 0.26.1", ] diff --git a/rustls-post-quantum/Cargo.toml b/rustls-post-quantum/Cargo.toml index c2a9627bf9..7c137933e3 100644 --- a/rustls-post-quantum/Cargo.toml +++ b/rustls-post-quantum/Cargo.toml @@ -2,10 +2,15 @@ name = "rustls-post-quantum" version = "0.1.0" edition = "2021" -publish = false +license = "Apache-2.0 OR ISC OR MIT" +readme = "README.md" +description = "Experimental support for post-quantum key exchange in rustls" +homepage = "https://github.com/rustls/rustls" +repository = "https://github.com/rustls/rustls" +categories = ["network-programming", "cryptography"] [dependencies] -rustls = { path = "../rustls", features = ["aws_lc_rs"] } +rustls = { version = "0.23.2", features = ["aws_lc_rs"] } aws-lc-rs = { version = "1.6", features = ["unstable"], default-features = false } [dev-dependencies] From b4722053c22d5c35a587e933360b45cdd2800ff2 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 13 Mar 2024 13:29:06 -0400 Subject: [PATCH 0856/1145] ci: fix typo in no-std run name It uses `--no-default-features` but the name described using default features. --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ca5f3263f6..b93be92258 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -126,7 +126,7 @@ jobs: # this target does _not_ include the libstd crate in its sysroot # it will catch unwanted usage of libstd in _dependencies_ - - name: cargo build (debug; default features; no-std) + - name: cargo build (debug; no default features; no-std) run: cargo build --locked --no-default-features --target x86_64-unknown-none working-directory: rustls From d7aad5970b36cbe8d4e361b6bedb6701466beea0 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 13 Mar 2024 13:30:07 -0400 Subject: [PATCH 0857/1145] provider-example: conditionally enable rusts std feat Previously the `std` feature was in the explicit rustls dependency feature list, and not opted-in by the provider's own `std` feature. I believe this means when building the provider with `--no-default-features` we were still using Rustls w/ the `std` feature. --- provider-example/Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index dedca2f25d..4c32ed0b55 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -18,7 +18,7 @@ p256 = { version = "0.13.2", default-features = false, features = ["alloc", "ecd pkcs8 = "0.10.2" pki-types = { package = "rustls-pki-types", version = "1" } rand_core = { version = "0.6", features = ["getrandom"] } -rustls = { path = "../rustls", default-features = false, features = ["logging", "std", "tls12"] } +rustls = { path = "../rustls", default-features = false, features = ["logging", "tls12"] } rsa = { version = "0.9", features = ["sha2"], default-features = false } sha2 = { version = "0.10", default-features = false } signature = "2" @@ -35,7 +35,7 @@ webpki-roots = "0.26" [features] default = ["std"] -std = ["hpke-rs/std", "hpke-rs-crypto/std", "pkcs8/std"] +std = ["hpke-rs/std", "hpke-rs-crypto/std", "pkcs8/std", "rustls/std"] [[test]] name = "hpke" From 2278226559fd5f28338ef3363c915a35fff4c954 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 1 Mar 2024 17:09:13 +0000 Subject: [PATCH 0858/1145] ci-bench: use jemalloc --- Cargo.lock | 21 +++++++++++++++++++++ ci-bench/Cargo.toml | 3 +++ ci-bench/src/main.rs | 4 ++++ 3 files changed, 28 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index 960e07da77..eb4a089341 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2187,6 +2187,7 @@ dependencies = [ "rustls 0.23.2", "rustls-pemfile 2.1.1", "rustls-pki-types", + "tikv-jemallocator", ] [[package]] @@ -2550,6 +2551,26 @@ dependencies = [ "syn 2.0.50", ] +[[package]] +name = "tikv-jemalloc-sys" +version = "0.5.4+5.3.0-patched" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9402443cb8fd499b6f327e40565234ff34dbda27460c5b47db0db77443dd85d1" +dependencies = [ + "cc", + "libc", +] + +[[package]] +name = "tikv-jemallocator" +version = "0.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "965fe0c26be5c56c94e38ba547249074803efd52adfb66de62107d95aab3eaca" +dependencies = [ + "libc", + "tikv-jemalloc-sys", +] + [[package]] name = "time" version = "0.3.34" diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index f02958bde2..2d8369b4d2 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -17,3 +17,6 @@ pki-types = { package = "rustls-pki-types", version = "1" } rayon = "1.7.0" rustls = { path = "../rustls", features = ["ring", "aws_lc_rs"] } rustls-pemfile = "2" + +[target.'cfg(not(target_env = "msvc"))'.dependencies] +tikv-jemallocator = "0.5" diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 17204e170b..25ebe41fac 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -847,3 +847,7 @@ fn table<'a>(diffs: impl Iterator, emoji_feedback: bool) { ) } } + +#[cfg(not(target_env = "msvc"))] +#[global_allocator] +static GLOBAL: tikv_jemallocator::Jemalloc = tikv_jemallocator::Jemalloc; From c64d0b54b10dac6a447c3c42a587271c2ec85222 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 14 Mar 2024 08:44:25 +0000 Subject: [PATCH 0859/1145] bench: use jemalloc --- Cargo.lock | 1 + rustls/Cargo.toml | 3 +++ rustls/examples/internal/bench_impl.rs | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index eb4a089341..e2e30b4c4e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2154,6 +2154,7 @@ dependencies = [ "rustls-webpki 0.102.2", "rustversion", "subtle", + "tikv-jemallocator", "webpki-roots 0.26.1", "zeroize", ] diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index d73d914ed1..32bc2f90b7 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -46,6 +46,9 @@ num-bigint = "0.4.4" rustls-pemfile = "2" webpki-roots = "0.26" +[target.'cfg(not(target_env = "msvc"))'.dev-dependencies] +tikv-jemallocator = "0.5" + [[example]] name = "bogo_shim" path = "examples/internal/bogo_shim.rs" diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 13c9eb5ce8..0246849113 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -658,3 +658,7 @@ fn all_tests() { bench_handshake(test, ClientAuth::Yes, ResumptionParam::Tickets); } } + +#[cfg(not(target_env = "msvc"))] +#[global_allocator] +static GLOBAL: tikv_jemallocator::Jemalloc = tikv_jemallocator::Jemalloc; From 134e43f9a38f875af3c3d3afb12bd29a3bb5bdbf Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 14 Mar 2024 08:55:44 +0000 Subject: [PATCH 0860/1145] Enable lto for `bench` profile Gives: - 11-12% improvement on bulk receiving benchmarks. - 2-5% improvement on handshake benchmarks Use this when building the `bench` tool. --- .github/workflows/build.yml | 6 +++--- Cargo.toml | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b93be92258..d0dd0bd425 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -222,13 +222,13 @@ jobs: uses: dtolnay/rust-toolchain@nightly - name: Smoke-test benchmark program (ring) - run: cargo run -p rustls --release --locked --example bench + run: cargo run -p rustls --profile=bench --locked --example bench - name: Smoke-test benchmark program (aws-lc-rs) - run: cargo run -p rustls --release --locked --example bench --no-default-features --features aws_lc_rs,tls12,std + run: cargo run -p rustls --profile=bench --locked --example bench --no-default-features --features aws_lc_rs,tls12,std - name: Smoke-test benchmark program (fips) - run: cargo run -p rustls --release --locked --example bench --no-default-features --features fips,tls12,std + run: cargo run -p rustls --profile=bench --locked --example bench --no-default-features --features fips,tls12,std - name: Run micro-benchmarks run: cargo bench --locked --all-features diff --git a/Cargo.toml b/Cargo.toml index 6bd163fc01..caef8c49a4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,3 +22,7 @@ default-members = [ ] exclude = ["admin/rustfmt"] resolver = "2" + +[profile.bench] +codegen-units = 1 +lto = "yes" From 38573b26d56af2e1f1f5dc15e9daf70b58efdea7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 14 Mar 2024 15:57:38 +0000 Subject: [PATCH 0861/1145] rustls-post-quantum: correct formatting --- rustls-post-quantum/src/lib.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/rustls-post-quantum/src/lib.rs b/rustls-post-quantum/src/lib.rs index 9453c43d8c..9816bc1a44 100644 --- a/rustls-post-quantum/src/lib.rs +++ b/rustls-post-quantum/src/lib.rs @@ -49,15 +49,14 @@ //! ``` //! +use aws_lc_rs::kem; +use aws_lc_rs::unstable::kem::{get_algorithm, AlgorithmId}; use rustls::crypto::aws_lc_rs::{default_provider, kx_group}; use rustls::crypto::{ ActiveKeyExchange, CompletedKeyExchange, CryptoProvider, SharedSecret, SupportedKxGroup, }; use rustls::{Error, NamedGroup, PeerMisbehaved}; -use aws_lc_rs::kem; -use aws_lc_rs::unstable::kem::{get_algorithm, AlgorithmId}; - /// A `CryptoProvider` which includes `X25519Kyber768Draft00` key exchange. pub fn provider() -> CryptoProvider { let mut parent = default_provider(); From 71e1d657cc392494b6c4de1829e4243201ff10e7 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 18 Mar 2024 10:27:22 -0400 Subject: [PATCH 0862/1145] deps: anyhow 1.0.80 -> 1.0.81 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e2e30b4c4e..1a9dc94e86 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -111,9 +111,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.80" +version = "1.0.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ad32ce52e4161730f7098c077cd2ed6229b5804ccf99e5366be1ab72a98b4e1" +checksum = "0952808a6c2afd1aa8947271f3a60f1a6763c7b912d210184c5149b5cf147247" [[package]] name = "asn1" From 848d9021af1eb36a81d67cc085f982b5616e5645 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 18 Mar 2024 10:27:45 -0400 Subject: [PATCH 0863/1145] deps: async-trait 0.1.77 -> 0.1.78 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1a9dc94e86..09cf395688 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -292,9 +292,9 @@ checksum = "fbb36e985947064623dbd357f727af08ffd077f93d696782f3c56365fa2e2799" [[package]] name = "async-trait" -version = "0.1.77" +version = "0.1.78" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c980ee35e870bd1a4d2c8294d4c04d0499e67bca1e4b5cefcc693c2fa00caea9" +checksum = "461abc97219de0eaaf81fe3ef974a540158f3d079c2ab200f891f1a2ef201e85" dependencies = [ "proc-macro2", "quote", From 8f5ebbb43caa531fddedd803dc9d99b125a9160b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 18 Mar 2024 10:28:15 -0400 Subject: [PATCH 0864/1145] deps: clap 4.5.2 -> 4.5.3, clap_derive 4.5.0 -> 4.5.3 --- Cargo.lock | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 09cf395688..a4abe3d68b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -540,9 +540,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.2" +version = "4.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b230ab84b0ffdf890d5a10abdbc8b83ae1c4918275daea1ab8801f71536b2651" +checksum = "949626d00e063efc93b6dca932419ceb5432f99769911c0b995f7e884c778813" dependencies = [ "clap_builder", "clap_derive", @@ -562,11 +562,11 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.0" +version = "4.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "307bc0538d5f0f83b8248db3087aa92fe504e4691294d0c96c0eabc33f47ba47" +checksum = "90239a040c80f5e14809ca132ddc4176ab33d5e17e49691793296e3fcb34d72f" dependencies = [ - "heck", + "heck 0.5.0", "proc-macro2", "quote", "syn 2.0.50", @@ -801,7 +801,7 @@ version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5ffccbb6966c05b32ef8fbac435df276c4ae4d3dc55a8cd0eb9745e6c12f546a" dependencies = [ - "heck", + "heck 0.4.1", "proc-macro2", "quote", "syn 2.0.50", @@ -1132,6 +1132,12 @@ version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + [[package]] name = "hermit-abi" version = "0.3.6" From b3750ee83502cc547955212e7e43cd68b684b1aa Mon Sep 17 00:00:00 2001 From: Simon Tate Date: Mon, 18 Mar 2024 15:25:21 +0000 Subject: [PATCH 0865/1145] Add auto build to bench-measure To allow for easy running and simplification of benchmarking, add cargo build to the bench measure. Also add .PHONY for recipes with no output that are always expected to run. --- BENCHMARKING.md | 8 ++++---- admin/bench-measure.mk | 35 +++++++++++++++++++++++------------ 2 files changed, 27 insertions(+), 16 deletions(-) diff --git a/BENCHMARKING.md b/BENCHMARKING.md index 93aa804963..6eb059efd9 100644 --- a/BENCHMARKING.md +++ b/BENCHMARKING.md @@ -24,12 +24,12 @@ benchmarks](https://github.com/ctz/openssl-bench), which produce similar measure #### Building The benchmarks are implemented in the form of "example code" in `rustls/examples/internal/bench.rs`. -Use `cargo build --release -p rustls --example bench` to obtain the corresponding binary (you can -toggle conditionally compiled code with the `--no-default-features` and `--features` flags). +Use `cargo build --profile=bench -p rustls --example bench` to obtain the corresponding binary (you can +toggle conditionally compiled code with the `--no-default-features` and `--features` flags) or simply run below, which will build and run the benchmark. Note: while `cargo build --release --example bench` also works, it results in surprises when used together with `--no-default-features` because of how Cargo's feature unification works (some -features get enabled automatically by other subcrates). +features get enabled automatically by other subcrates). It is also less performant than `--profile=bench`. #### Running @@ -80,4 +80,4 @@ systematically, but they help understand the performance of smaller pieces of co functions), which would be difficult to see when the unit-of-benchmark is an entire handshake. These benchmarks require a nightly compiler. If you are using `rustup`, you can run them with -`RUSTFLAGS=--cfg=bench cargo +nightly bench` \ No newline at end of file +`RUSTFLAGS=--cfg=bench cargo +nightly bench` diff --git a/admin/bench-measure.mk b/admin/bench-measure.mk index a6f6cf4c26..5567ad1e6a 100644 --- a/admin/bench-measure.mk +++ b/admin/bench-measure.mk @@ -1,29 +1,31 @@ +.PHONY: perf perffull perf13 measure memory clean + RECORD=perf record -F2000 --call-graph dwarf,16000 -- FLAMEGRAPH=perf script | ~/FlameGraph/stackcollapse-perf.pl | ~/FlameGraph/flamegraph.pl > MEMUSAGE=/usr/bin/env time -f %M +BENCH:=./target/release/examples/bench -perf: ./target/release/examples/bench - $(RECORD) ./target/release/examples/bench bulk TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +perf: $(BENCH) + $(RECORD) $(BENCH) bulk TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 $(FLAMEGRAPH) perf-aes128-rustls.svg -perffull: ./target/release/examples/bench - $(RECORD) ./target/release/examples/bench bulk TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +perffull: $(BENCH) + $(RECORD) $(BENCH) bulk TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 $(FLAMEGRAPH) perf-aes256-rustls.svg - $(RECORD) ./target/release/examples/bench bulk TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + $(RECORD) $(BENCH) bulk TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 $(FLAMEGRAPH) perf-chacha-rustls.svg - - $(RECORD) ./target/release/examples/bench handshake TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + $(RECORD) $(BENCH) handshake TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 $(FLAMEGRAPH) perf-fullhs-rustls.svg - $(RECORD) ./target/release/examples/bench handshake-resume TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + $(RECORD) $(BENCH) handshake-resume TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 $(FLAMEGRAPH) perf-resume-rustls.svg - $(RECORD) ./target/release/examples/bench handshake-ticket TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + $(RECORD) $(BENCH) handshake-ticket TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 $(FLAMEGRAPH) perf-ticket-rustls.svg perf13: - $(RECORD) ./target/release/examples/bench handshake-ticket TLS13_AES_256_GCM_SHA384 + $(RECORD) $(BENCH) handshake-ticket TLS13_AES_256_GCM_SHA384 $(FLAMEGRAPH) perf-ticket13-rustls.svg -measure: ./target/release/examples/bench +measure: $(BENCH) $^ bulk TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 $^ bulk TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 $^ bulk TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 @@ -35,10 +37,19 @@ measure: ./target/release/examples/bench $^ handshake-resume TLS13_AES_256_GCM_SHA384 $^ handshake-ticket TLS13_AES_256_GCM_SHA384 -memory: ./target/release/examples/bench +memory: $(BENCH) $(MEMUSAGE) $^ memory TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 100 $(MEMUSAGE) $^ memory TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 1000 $(MEMUSAGE) $^ memory TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 5000 $(MEMUSAGE) $^ memory TLS13_AES_256_GCM_SHA384 100 $(MEMUSAGE) $^ memory TLS13_AES_256_GCM_SHA384 1000 $(MEMUSAGE) $^ memory TLS13_AES_256_GCM_SHA384 5000 + +clean: + rm -f perf-*.svg + cargo clean + +$(BENCH): + cargo build --profile=bench -p rustls --example bench + + From 9c4974515e8ca08991102ac62ef923253134666b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Mar 2024 11:58:25 -0400 Subject: [PATCH 0866/1145] tests: fix assigning-clones clippy warn ``` error: assigning the result of `Clone::clone()` may be inefficient --> rustls/tests/api.rs:64:9 | 64 | client_config.alpn_protocols = client_protos.clone(); | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: use `clone_from()`: `client_config.alpn_protocols.clone_from(&client_protos)` | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#assigning_clones = note: `-D clippy::assigning-clones` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(clippy::assigning_clones)]` ``` --- rustls/tests/api.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 451bf8754e..d0b6a4befe 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -61,7 +61,7 @@ fn alpn_test_error( for version in rustls::ALL_VERSIONS { let mut client_config = make_client_config_with_versions(KeyType::Rsa, &[version]); - client_config.alpn_protocols = client_protos.clone(); + client_config.alpn_protocols.clone_from(&client_protos); let (mut client, mut server) = make_pair_for_arc_configs(&Arc::new(client_config), &server_config); From fb67f0145608c995241b852c68ed7ce28b1c241e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Mar 2024 11:59:01 -0400 Subject: [PATCH 0867/1145] tests: fix implied_bounds_in_impls clippy warn ``` error: this bound is already specified as the supertrait of `DerefMut` --> rustls/tests/./common/mod.rs:596:35 | 596 | client: &mut (impl DerefMut + Deref>), | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#implied_bounds_in_impls help: try removing this bound | 596 - client: &mut (impl DerefMut + Deref>), 596 + client: &mut (impl DerefMut>), ``` --- rustls/tests/common/mod.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 8a241e8a3b..b8b6fc8b33 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -2,7 +2,7 @@ #![allow(clippy::duplicate_mod)] use std::io; -use std::ops::{Deref, DerefMut}; +use std::ops::DerefMut; use std::sync::Arc; use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName}; @@ -146,8 +146,8 @@ embed_files! { } pub fn transfer( - left: &mut (impl DerefMut + Deref>), - right: &mut (impl DerefMut + Deref>), + left: &mut impl DerefMut>, + right: &mut impl DerefMut>, ) -> usize { let mut buf = [0u8; 262144]; let mut total = 0; @@ -175,7 +175,7 @@ pub fn transfer( total } -pub fn transfer_eof(conn: &mut (impl DerefMut + Deref>)) { +pub fn transfer_eof(conn: &mut impl DerefMut>) { let empty_buf = [0u8; 0]; let empty_cursor: &mut dyn io::Read = &mut &empty_buf[..]; let sz = conn.read_tls(empty_cursor).unwrap(); @@ -593,8 +593,8 @@ pub fn make_pair_for_arc_configs( } pub fn do_handshake( - client: &mut (impl DerefMut + Deref>), - server: &mut (impl DerefMut + Deref>), + client: &mut impl DerefMut>, + server: &mut impl DerefMut>, ) -> (usize, usize) { let (mut to_client, mut to_server) = (0, 0); while server.is_handshaking() || client.is_handshaking() { From a3d21f24da36e4ec3dc736f9d86b25c4a19071d9 Mon Sep 17 00:00:00 2001 From: Yuxiang Cao Date: Tue, 19 Mar 2024 17:55:55 -0700 Subject: [PATCH 0868/1145] fix: ffdhe no common cipher suite bug - Fix the bug that when both FFDHE and DHE ciphersuites are available on client and server, no ciphersuite is choose. - Add missing test cases. --- rustls/src/server/hs.rs | 6 +++--- rustls/tests/api_ffdhe.rs | 20 ++++++++++++++++++++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index fed76e288c..d49d8f5e0e 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -476,9 +476,9 @@ impl ExpectClientHello { && suite.version().version == selected_version // And protocol && suite.usable_for_protocol(protocol) - // And key exchange groups - && (!ecdhe_possible || suite.usable_for_kx_algorithm(KeyExchangeAlgorithm::ECDHE)) - && (!ffdhe_possible || suite.usable_for_kx_algorithm(KeyExchangeAlgorithm::DHE)) + // And support one of key exchange groups + && (ecdhe_possible && suite.usable_for_kx_algorithm(KeyExchangeAlgorithm::ECDHE) + || ffdhe_possible && suite.usable_for_kx_algorithm(KeyExchangeAlgorithm::DHE)) }); // RFC 7919 (https://datatracker.ietf.org/doc/html/rfc7919#section-4) requires us to send diff --git a/rustls/tests/api_ffdhe.rs b/rustls/tests/api_ffdhe.rs index 4731d3469b..05ee194912 100644 --- a/rustls/tests/api_ffdhe.rs +++ b/rustls/tests/api_ffdhe.rs @@ -247,6 +247,16 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { .into(); let test_cases = [ + ( + // TLS 1.2, have common + vec![ + // this matches: + provider::kx_group::SECP256R1, + &ffdhe::FFDHE2048_KX_GROUP, + ], + &TLS12, + CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + ), ( vec![ // this matches: @@ -265,6 +275,16 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { &TLS12, CipherSuite::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, ), + ( + // TLS 1.3, have common + vec![ + // this matches: + provider::kx_group::SECP256R1, + &ffdhe::FFDHE2048_KX_GROUP, + ], + &TLS13, + CipherSuite::TLS13_AES_128_GCM_SHA256, + ), ( vec![ // this matches: From 03e44999a5bbc22d92207aed87e7e325194b3822 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Tue, 19 Mar 2024 21:26:33 +0000 Subject: [PATCH 0869/1145] admin/coverage: pass script args to all llvm-cov calls This allows the new, nightly-only, `--branch` argument to get everywhere it needs to. That enables branch coverage tracking. Example use: $ ./admin/coverage --branch --html --open --- admin/coverage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/coverage b/admin/coverage index fba613b061..42e7bad8f4 100755 --- a/admin/coverage +++ b/admin/coverage @@ -2,7 +2,7 @@ set -e -source <(cargo llvm-cov show-env --export-prefix) +source <(cargo llvm-cov show-env --export-prefix "$@") cargo llvm-cov clean --workspace cargo build --locked --all-targets --all-features From 5ce0a1712834bda4c3704540676bf06a4a967f74 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 20 Mar 2024 16:27:11 +0000 Subject: [PATCH 0870/1145] Prepare 0.23.3 --- Cargo.lock | 36 ++++++++++++++++++------------------ fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a4abe3d68b..7d37f2d9e1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2146,37 +2146,37 @@ dependencies = [ [[package]] name = "rustls" version = "0.23.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dfbdb5ddfafe3040e01fe9dced711e27b5336ac97d4a9b2089f0066a04b5846" dependencies = [ "aws-lc-rs", - "base64", - "bencher", - "env_logger", "log", - "num-bigint", "once_cell", - "ring", - "rustls-pemfile 2.1.1", "rustls-pki-types", "rustls-webpki 0.102.2", - "rustversion", "subtle", - "tikv-jemallocator", - "webpki-roots 0.26.1", "zeroize", ] [[package]] name = "rustls" -version = "0.23.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dfbdb5ddfafe3040e01fe9dced711e27b5336ac97d4a9b2089f0066a04b5846" +version = "0.23.3" dependencies = [ "aws-lc-rs", + "base64", + "bencher", + "env_logger", "log", + "num-bigint", "once_cell", + "ring", + "rustls-pemfile 2.1.1", "rustls-pki-types", "rustls-webpki 0.102.2", + "rustversion", "subtle", + "tikv-jemallocator", + "webpki-roots 0.26.1", "zeroize", ] @@ -2191,7 +2191,7 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls 0.23.2", + "rustls 0.23.3", "rustls-pemfile 2.1.1", "rustls-pki-types", "tikv-jemallocator", @@ -2204,7 +2204,7 @@ dependencies = [ "hickory-resolver", "regex", "ring", - "rustls 0.23.2", + "rustls 0.23.3", ] [[package]] @@ -2217,7 +2217,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.2", + "rustls 0.23.3", "rustls-pemfile 2.1.1", "rustls-pki-types", "serde", @@ -2235,7 +2235,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.2", + "rustls 0.23.3", "rustls-pemfile 2.1.1", "rustls-pki-types", ] @@ -2271,7 +2271,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.2 (registry+https://github.com/rust-lang/crates.io-index)", + "rustls 0.23.2", "webpki-roots 0.26.1", ] @@ -2293,7 +2293,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.2", + "rustls 0.23.3", "rustls-pki-types", "rustls-webpki 0.102.2", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 130ed95030..8cb7852aa0 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -360,7 +360,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.2" +version = "0.23.3" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 32bc2f90b7..c2f11c29f6 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.2" +version = "0.23.3" edition = "2021" rust-version = "1.61" license = "Apache-2.0 OR ISC OR MIT" From 46454a98c10af1aec082a3d54259489353b56a6b Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 21 Mar 2024 16:07:34 +0000 Subject: [PATCH 0871/1145] ClientKeyExchangeParams: widen feature gate to avoid clippy lint --- rustls/src/msgs/handshake.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 3875c30a36..f4246e9092 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1509,14 +1509,15 @@ pub(crate) trait KxDecode<'a>: fmt::Debug + Sized { fn decode(r: &mut Reader<'a>, algo: KeyExchangeAlgorithm) -> Result; } +#[cfg(feature = "tls12")] #[derive(Debug)] pub(crate) enum ClientKeyExchangeParams { Ecdh(ClientEcdhParams), Dh(ClientDhParams), } +#[cfg(feature = "tls12")] impl ClientKeyExchangeParams { - #[cfg(feature = "tls12")] pub(crate) fn pub_key(&self) -> &[u8] { match self { Self::Ecdh(ecdh) => &ecdh.public.0, @@ -1524,7 +1525,6 @@ impl ClientKeyExchangeParams { } } - #[cfg(feature = "tls12")] pub(crate) fn encode(&self, buf: &mut Vec) { match self { Self::Ecdh(ecdh) => ecdh.encode(buf), @@ -1533,6 +1533,7 @@ impl ClientKeyExchangeParams { } } +#[cfg(feature = "tls12")] impl KxDecode<'_> for ClientKeyExchangeParams { fn decode(r: &mut Reader, algo: KeyExchangeAlgorithm) -> Result { use KeyExchangeAlgorithm::*; From 667482a17fbcbd02819d1dacd0c9da6af5f0a71e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 21 Mar 2024 14:53:17 +0000 Subject: [PATCH 0872/1145] Add path dependency for rustls-post-quantum This avoids our Cargo.lock containing a previous version of this crate, and means a local `cargo build` is sufficient to check rustls-post-quantum/ builds against the current rustls/. --- Cargo.lock | 17 +---------------- rustls-post-quantum/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 17 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7d37f2d9e1..f409e18663 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2143,21 +2143,6 @@ dependencies = [ "sct", ] -[[package]] -name = "rustls" -version = "0.23.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dfbdb5ddfafe3040e01fe9dced711e27b5336ac97d4a9b2089f0066a04b5846" -dependencies = [ - "aws-lc-rs", - "log", - "once_cell", - "rustls-pki-types", - "rustls-webpki 0.102.2", - "subtle", - "zeroize", -] - [[package]] name = "rustls" version = "0.23.3" @@ -2271,7 +2256,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.2", + "rustls 0.23.3", "webpki-roots 0.26.1", ] diff --git a/rustls-post-quantum/Cargo.toml b/rustls-post-quantum/Cargo.toml index 7c137933e3..b0aae2ae4b 100644 --- a/rustls-post-quantum/Cargo.toml +++ b/rustls-post-quantum/Cargo.toml @@ -10,7 +10,7 @@ repository = "https://github.com/rustls/rustls" categories = ["network-programming", "cryptography"] [dependencies] -rustls = { version = "0.23.2", features = ["aws_lc_rs"] } +rustls = { version = "0.23.2", features = ["aws_lc_rs"], path = "../rustls" } aws-lc-rs = { version = "1.6", features = ["unstable"], default-features = false } [dev-dependencies] From d633942e7444b10aa8e450955fd28c3d1e911a08 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 22 Mar 2024 16:28:50 +0000 Subject: [PATCH 0873/1145] Move `MockServerVerifier` to tests::common --- rustls/tests/common/mod.rs | 132 ++++++++++++++++++++++++++- rustls/tests/server_cert_verifier.rs | 130 +------------------------- 2 files changed, 131 insertions(+), 131 deletions(-) diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index b8b6fc8b33..012dd7e4c4 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -5,15 +5,19 @@ use std::io; use std::ops::DerefMut; use std::sync::Arc; -use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName}; +use pki_types::{ + CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName, UnixTime, +}; +use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier}; use rustls::crypto::CryptoProvider; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::message::{Message, OutboundOpaqueMessage, PlainMessage}; use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier}; use rustls::{ - ClientConfig, ClientConnection, Connection, ConnectionCommon, Error, ProtocolVersion, - RootCertStore, ServerConfig, ServerConnection, SideData, SupportedCipherSuite, + ClientConfig, ClientConnection, Connection, ConnectionCommon, DigitallySignedStruct, Error, + ProtocolVersion, RootCertStore, ServerConfig, ServerConnection, SideData, SignatureScheme, + SupportedCipherSuite, }; use webpki::anchor_from_trusted_cert; @@ -736,3 +740,125 @@ fn exactly_one_provider() -> bool { all(feature = "aws_lc_rs", not(feature = "ring")) )) } + +#[derive(Debug)] +pub struct MockServerVerifier { + cert_rejection_error: Option, + tls12_signature_error: Option, + tls13_signature_error: Option, + signature_schemes: Vec, +} + +impl ServerCertVerifier for MockServerVerifier { + fn verify_server_cert( + &self, + end_entity: &CertificateDer<'_>, + intermediates: &[CertificateDer<'_>], + server_name: &ServerName<'_>, + oscp_response: &[u8], + now: UnixTime, + ) -> Result { + println!( + "verify_server_cert({:?}, {:?}, {:?}, {:?}, {:?})", + end_entity, intermediates, server_name, oscp_response, now + ); + if let Some(error) = &self.cert_rejection_error { + Err(error.clone()) + } else { + Ok(ServerCertVerified::assertion()) + } + } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + println!( + "verify_tls12_signature({:?}, {:?}, {:?})", + message, cert, dss + ); + if let Some(error) = &self.tls12_signature_error { + Err(error.clone()) + } else { + Ok(HandshakeSignatureValid::assertion()) + } + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + println!( + "verify_tls13_signature({:?}, {:?}, {:?})", + message, cert, dss + ); + if let Some(error) = &self.tls13_signature_error { + Err(error.clone()) + } else { + Ok(HandshakeSignatureValid::assertion()) + } + } + + fn supported_verify_schemes(&self) -> Vec { + self.signature_schemes.clone() + } +} + +impl MockServerVerifier { + pub fn accepts_anything() -> Self { + MockServerVerifier { + cert_rejection_error: None, + ..Default::default() + } + } + + pub fn rejects_certificate(err: Error) -> Self { + MockServerVerifier { + cert_rejection_error: Some(err), + ..Default::default() + } + } + + pub fn rejects_tls12_signatures(err: Error) -> Self { + MockServerVerifier { + tls12_signature_error: Some(err), + ..Default::default() + } + } + + pub fn rejects_tls13_signatures(err: Error) -> Self { + MockServerVerifier { + tls13_signature_error: Some(err), + ..Default::default() + } + } + + pub fn offers_no_signature_schemes() -> Self { + MockServerVerifier { + signature_schemes: vec![], + ..Default::default() + } + } +} + +impl Default for MockServerVerifier { + fn default() -> Self { + MockServerVerifier { + cert_rejection_error: None, + tls12_signature_error: None, + tls13_signature_error: None, + signature_schemes: vec![ + SignatureScheme::RSA_PSS_SHA256, + SignatureScheme::RSA_PKCS1_SHA256, + SignatureScheme::ED25519, + SignatureScheme::ECDSA_NISTP256_SHA256, + SignatureScheme::ECDSA_NISTP384_SHA384, + SignatureScheme::ECDSA_NISTP521_SHA512, + ], + } + } +} diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index 63bc67a6de..ce3b6c5440 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -8,13 +8,9 @@ test_for_each_provider! { mod common; use common::{ do_handshake, do_handshake_until_both_error, make_client_config_with_versions, - make_pair_for_arc_configs, make_server_config, ErrorFromPeer, ALL_KEY_TYPES, + make_pair_for_arc_configs, make_server_config, ErrorFromPeer, ALL_KEY_TYPES, MockServerVerifier, }; -use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; -use rustls::DigitallySignedStruct; -use rustls::{AlertDescription, Error, InvalidMessage, SignatureScheme}; - -use pki_types::{CertificateDer, ServerName, UnixTime}; +use rustls::{AlertDescription, Error, InvalidMessage}; use std::sync::Arc; @@ -157,126 +153,4 @@ fn client_can_override_certificate_verification_and_offer_no_signature_schemes() } } -#[derive(Debug)] -pub struct MockServerVerifier { - cert_rejection_error: Option, - tls12_signature_error: Option, - tls13_signature_error: Option, - signature_schemes: Vec, -} - -impl ServerCertVerifier for MockServerVerifier { - fn verify_server_cert( - &self, - end_entity: &CertificateDer<'_>, - intermediates: &[CertificateDer<'_>], - server_name: &ServerName<'_>, - oscp_response: &[u8], - now: UnixTime, - ) -> Result { - println!( - "verify_server_cert({:?}, {:?}, {:?}, {:?}, {:?})", - end_entity, intermediates, server_name, oscp_response, now - ); - if let Some(error) = &self.cert_rejection_error { - Err(error.clone()) - } else { - Ok(ServerCertVerified::assertion()) - } - } - - fn verify_tls12_signature( - &self, - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - println!( - "verify_tls12_signature({:?}, {:?}, {:?})", - message, cert, dss - ); - if let Some(error) = &self.tls12_signature_error { - Err(error.clone()) - } else { - Ok(HandshakeSignatureValid::assertion()) - } - } - - fn verify_tls13_signature( - &self, - message: &[u8], - cert: &CertificateDer<'_>, - dss: &DigitallySignedStruct, - ) -> Result { - println!( - "verify_tls13_signature({:?}, {:?}, {:?})", - message, cert, dss - ); - if let Some(error) = &self.tls13_signature_error { - Err(error.clone()) - } else { - Ok(HandshakeSignatureValid::assertion()) - } - } - - fn supported_verify_schemes(&self) -> Vec { - self.signature_schemes.clone() - } -} - -impl MockServerVerifier { - pub fn accepts_anything() -> Self { - MockServerVerifier { - cert_rejection_error: None, - ..Default::default() - } - } - - pub fn rejects_certificate(err: Error) -> Self { - MockServerVerifier { - cert_rejection_error: Some(err), - ..Default::default() - } - } - - pub fn rejects_tls12_signatures(err: Error) -> Self { - MockServerVerifier { - tls12_signature_error: Some(err), - ..Default::default() - } - } - - pub fn rejects_tls13_signatures(err: Error) -> Self { - MockServerVerifier { - tls13_signature_error: Some(err), - ..Default::default() - } - } - - pub fn offers_no_signature_schemes() -> Self { - MockServerVerifier { - signature_schemes: vec![], - ..Default::default() - } - } -} - -impl Default for MockServerVerifier { - fn default() -> Self { - MockServerVerifier { - cert_rejection_error: None, - tls12_signature_error: None, - tls13_signature_error: None, - signature_schemes: vec![ - SignatureScheme::RSA_PSS_SHA256, - SignatureScheme::RSA_PKCS1_SHA256, - SignatureScheme::ED25519, - SignatureScheme::ECDSA_NISTP256_SHA256, - SignatureScheme::ECDSA_NISTP384_SHA384, - SignatureScheme::ECDSA_NISTP521_SHA512, - ], - } - } -} - } // test_for_each_provider! From 9f3adc7e0858d5a74427db6d11097811f557c373 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 22 Mar 2024 16:33:28 +0000 Subject: [PATCH 0874/1145] Map `SignatureScheme::ECDSA_SHA1_Legacy` to `SignatureAlgorithm::ECDSA` --- rustls/src/enums.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rustls/src/enums.rs b/rustls/src/enums.rs index c1ba8eac51..08ed69d146 100644 --- a/rustls/src/enums.rs +++ b/rustls/src/enums.rs @@ -522,7 +522,8 @@ impl SignatureScheme { | Self::RSA_PSS_SHA256 | Self::RSA_PSS_SHA384 | Self::RSA_PSS_SHA512 => SignatureAlgorithm::RSA, - Self::ECDSA_NISTP256_SHA256 + Self::ECDSA_SHA1_Legacy + | Self::ECDSA_NISTP256_SHA256 | Self::ECDSA_NISTP384_SHA384 | Self::ECDSA_NISTP521_SHA512 => SignatureAlgorithm::ECDSA, Self::ED25519 => SignatureAlgorithm::ED25519, From a7d2ad61a8364dae6ee1bf4e13afdfe54aef6559 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 22 Mar 2024 16:19:56 +0000 Subject: [PATCH 0875/1145] Test that reproduces the problem Prior to the fix this fails with: ``` called `Result::unwrap()` on an `Err` value: PeerMisbehaved(SignedKxWithWrongAlgorithm) ``` --- rustls/tests/api.rs | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index d0b6a4befe..4a51966a58 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5413,6 +5413,51 @@ fn test_client_tls12_no_resume_after_server_downgrade() { ); } +#[cfg(feature = "tls12")] +#[test] +fn test_client_with_custom_verifier_can_accept_ecdsa_sha1_signatures() { + fn alter_server_signature_to_ecdsa_sha1(msg: &mut Message) -> Altered { + if let MessagePayload::Handshake { + parsed, + ref mut encoded, + } = &mut msg.payload + { + if let HandshakePayload::ServerKeyExchange(_) = &mut parsed.payload { + // nb. we don't care that this corrupts the signature, key exchange, etc. + let original = encoded.bytes(); + let offset = 40; // of signature scheme + assert_eq!( + &original[offset..offset + 2], + &SignatureScheme::ECDSA_NISTP256_SHA256.to_array(), + "expected ecdsa-sha256" + ); + let mut altered = original.to_vec(); + altered[offset..offset + 2] + .copy_from_slice(&SignatureScheme::ECDSA_SHA1_Legacy.to_array()); + + *encoded = Payload::new(altered); + } + } + Altered::InPlace + } + + let client_config = client_config_builder_with_versions(&[&rustls::version::TLS12]) + .dangerous() + .with_custom_certificate_verifier(Arc::new(MockServerVerifier::accepts_anything())) + .with_no_client_auth(); + let server_config = make_server_config(KeyType::EcdsaP256); + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + transfer(&mut client, &mut server); + server.process_new_packets().unwrap(); + let (mut client, mut server) = (client.into(), server.into()); + transfer_altered( + &mut server, + alter_server_signature_to_ecdsa_sha1, + &mut client, + ); + client.process_new_packets().unwrap(); +} + #[test] fn test_acceptor() { use rustls::server::Acceptor; From e06c9fea99b799b90908f4531e33763e35b7bf6c Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 21 Mar 2024 17:24:05 -0400 Subject: [PATCH 0876/1145] server: improve AcceptedAlert::write documentation The `wr: &mut dyn io::Write` provided to `AcceptedAlert::write` may return from a short write without having written the entire alert contents. To avoid dropping the remaining data in this circumstance the caller should make sure to repeatedly call `AcceptedAlert::write` until it returns `Ok(0)` or an error. --- rustls/src/server/server_conn.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index f8745edac5..f62a68c4b3 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -810,6 +810,9 @@ mod connection { } /// Send the alert to the client. + /// + /// To account for short writes this function should be called repeatedly until it + /// returns `Ok(0)` or an error. pub fn write(&mut self, wr: &mut dyn io::Write) -> Result { self.0.write_to(wr) } From b5a8cef58c923227ca60b369d642b9e74957d6f0 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 22 Mar 2024 09:30:54 -0400 Subject: [PATCH 0877/1145] server: add AcceptedAlert::write_all This is a convenient helper for blocking contexts where the caller simply wants to ensure all bytes are written in a single call. --- rustls/src/server/server_conn.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index f62a68c4b3..d02b82a801 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -816,6 +816,14 @@ mod connection { pub fn write(&mut self, wr: &mut dyn io::Write) -> Result { self.0.write_to(wr) } + + /// Send the alert to the client. + /// + /// This function will invoke the writer until the buffer is empty. + pub fn write_all(&mut self, wr: &mut dyn io::Write) -> Result<(), io::Error> { + while self.write(wr)? != 0 {} + Ok(()) + } } impl From> for AcceptedAlert { From 3185d7f315e3587074ee40d1b7589b991e9455e8 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 21 Mar 2024 17:25:23 -0400 Subject: [PATCH 0878/1145] examples: fix server acceptor alert write behaviour The `AcceptedAlert::write` fn may return having only written some of the alert buffer. We could either repeatedly call `write` until it returns `Ok(0)` or an error, or use the new `write_all` fn. This commit does updates the acceptor example to do the latter. --- examples/src/bin/server_acceptor.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index 093080fb6b..3457b5345d 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -121,7 +121,7 @@ fn main() { Ok(Some(accepted)) => break accepted, Ok(None) => continue, Err((e, mut alert)) => { - alert.write(&mut stream).unwrap(); + alert.write_all(&mut stream).unwrap(); panic!("error accepting connection: {e}"); } } @@ -133,7 +133,7 @@ fn main() { let mut conn = match accepted.into_connection(config) { Ok(conn) => conn, Err((e, mut alert)) => { - alert.write(&mut stream).unwrap(); + alert.write_all(&mut stream).unwrap(); panic!("error completing accepting connection: {e}"); } }; From d8a0f94aa70b7839c9401ea35cd1769ef61c0389 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 25 Mar 2024 12:26:50 +0000 Subject: [PATCH 0879/1145] Fix new `clippy::use_self` warnings Seems this has improved when the explicit lifetime bound is the same as the one implied in `Self`. --- rustls/src/client/client_conn.rs | 2 +- rustls/src/conn.rs | 2 +- rustls/src/msgs/codec.rs | 2 +- rustls/src/webpki/verify.rs | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index ddcb58ba61..5d274ef9a0 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -599,7 +599,7 @@ mod connection { } impl<'a> WriteEarlyData<'a> { - fn new(sess: &'a mut ClientConnection) -> WriteEarlyData<'a> { + fn new(sess: &'a mut ClientConnection) -> Self { WriteEarlyData { sess } } diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 6968cae793..d6d06cdc9b 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -270,7 +270,7 @@ https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eof" /// /// This is not an external interface. Get one of these objects /// from [`Connection::writer`]. - pub(crate) fn new(sink: &'a mut dyn PlaintextSink) -> Writer<'a> { + pub(crate) fn new(sink: &'a mut dyn PlaintextSink) -> Self { Writer { sink } } } diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index dc7be14172..2af661f639 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -330,7 +330,7 @@ impl<'a> LengthPrefixedBuffer<'a> { /// /// After this, the body of the length-delimited structure should be appended to `LengthPrefixedBuffer::buf`. /// The length header is corrected in `LengthPrefixedBuffer::drop`. - pub(crate) fn new(size_len: ListLength, buf: &'a mut Vec) -> LengthPrefixedBuffer<'a> { + pub(crate) fn new(size_len: ListLength, buf: &'a mut Vec) -> Self { let len_offset = buf.len(); buf.extend(match size_len { ListLength::U8 => &[0xff][..], diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index d7fbe6ef0e..637bec2b94 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -127,7 +127,7 @@ pub struct ParsedCertificate<'a>(pub(crate) webpki::EndEntityCert<'a>); impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { type Error = Error; - fn try_from(value: &'a CertificateDer<'a>) -> Result, Self::Error> { + fn try_from(value: &'a CertificateDer<'a>) -> Result { webpki::EndEntityCert::try_from(value) .map_err(pki_error) .map(ParsedCertificate) From 3a03df6a348521269ac6ec245b385159a8d275c4 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 25 Mar 2024 12:46:05 +0000 Subject: [PATCH 0880/1145] Correct further `dead_code` warnings --- rustls/src/msgs/handshake.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index f4246e9092..c7d9cc25c9 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1504,6 +1504,7 @@ impl Codec<'_> for EcParameters { } } +#[cfg(feature = "tls12")] pub(crate) trait KxDecode<'a>: fmt::Debug + Sized { /// Decode a key exchange message given the key_exchange `algo` fn decode(r: &mut Reader<'a>, algo: KeyExchangeAlgorithm) -> Result; @@ -1658,6 +1659,7 @@ impl Codec<'_> for ServerDhParams { } } +#[allow(dead_code)] #[derive(Debug)] pub(crate) enum ServerKeyExchangeParams { Ecdh(ServerEcdhParams), @@ -1697,6 +1699,7 @@ impl ServerKeyExchangeParams { } } +#[cfg(feature = "tls12")] impl KxDecode<'_> for ServerKeyExchangeParams { fn decode(r: &mut Reader, algo: KeyExchangeAlgorithm) -> Result { use KeyExchangeAlgorithm::*; From 1dee8b13134d877ade94dda7b68c7bf072e18d62 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 25 Mar 2024 14:38:53 +0000 Subject: [PATCH 0881/1145] Prepare 0.23.4 --- Cargo.lock | 14 +++++++------- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f409e18663..9056148d57 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2145,7 +2145,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.3" +version = "0.23.4" dependencies = [ "aws-lc-rs", "base64", @@ -2176,7 +2176,7 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls 0.23.3", + "rustls 0.23.4", "rustls-pemfile 2.1.1", "rustls-pki-types", "tikv-jemallocator", @@ -2189,7 +2189,7 @@ dependencies = [ "hickory-resolver", "regex", "ring", - "rustls 0.23.3", + "rustls 0.23.4", ] [[package]] @@ -2202,7 +2202,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.3", + "rustls 0.23.4", "rustls-pemfile 2.1.1", "rustls-pki-types", "serde", @@ -2220,7 +2220,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.3", + "rustls 0.23.4", "rustls-pemfile 2.1.1", "rustls-pki-types", ] @@ -2256,7 +2256,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.3", + "rustls 0.23.4", "webpki-roots 0.26.1", ] @@ -2278,7 +2278,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.3", + "rustls 0.23.4", "rustls-pki-types", "rustls-webpki 0.102.2", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 8cb7852aa0..6de4a5dcad 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -360,7 +360,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.3" +version = "0.23.4" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index c2f11c29f6..b4d7e46b74 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.3" +version = "0.23.4" edition = "2021" rust-version = "1.61" license = "Apache-2.0 OR ISC OR MIT" From 8b43f2338204b97639008d5dc21cef0a9cf969b4 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 25 Mar 2024 11:19:11 -0400 Subject: [PATCH 0882/1145] deps: async-trait 0.1.78 -> 0.1.79 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9056148d57..566e91c3ad 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -292,9 +292,9 @@ checksum = "fbb36e985947064623dbd357f727af08ffd077f93d696782f3c56365fa2e2799" [[package]] name = "async-trait" -version = "0.1.78" +version = "0.1.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "461abc97219de0eaaf81fe3ef974a540158f3d079c2ab200f891f1a2ef201e85" +checksum = "a507401cad91ec6a857ed5513a2073c82a9b9048762b885bb98655b306964681" dependencies = [ "proc-macro2", "quote", From 737a24e038bcd9193cbacd7dc245ed8e3d0a1afa Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 25 Mar 2024 11:19:36 -0400 Subject: [PATCH 0883/1145] deps: rayon 1.9.0 -> 1.10.0 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 566e91c3ad..407e6c2730 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1959,9 +1959,9 @@ dependencies = [ [[package]] name = "rayon" -version = "1.9.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4963ed1bc86e4f3ee217022bd855b297cef07fb9eac5dfa1f788b220b49b3bd" +checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" dependencies = [ "either", "rayon-core", From 69dacfe7c77211324a63026be56b371544e697cf Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 25 Mar 2024 11:20:15 -0400 Subject: [PATCH 0884/1145] deps: rustls-pki-types 1.10.3 -> 1.10.4 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 407e6c2730..edd63e8dd5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2246,9 +2246,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.3.1" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ede67b28608b4c60685c7d54122d4400d90f62b40caee7700e700380a390fa8" +checksum = "868e20fada228fefaf6b652e00cc73623d54f8171e7352c18bb281571f2d92da" [[package]] name = "rustls-post-quantum" From 46bd6916c80b71f1be60082468d3961cacfda12d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 25 Mar 2024 11:20:41 -0400 Subject: [PATCH 0885/1145] deps: regex 1.10.3 -> 1.10.4 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index edd63e8dd5..753f0ab2cf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2000,9 +2000,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.10.3" +version = "1.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b62dbe01f0b06f9d8dc7d49e05a0785f153b00b2c227856282f671e0318c9b15" +checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" dependencies = [ "aho-corasick", "memchr", From 074ced1fd5cbc06309d811c51c125707a7e17013 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 25 Mar 2024 11:43:14 -0400 Subject: [PATCH 0886/1145] deps: base64 0.21.7 -> 0.22.0 --- Cargo.lock | 16 +++++++++++----- openssl-tests/Cargo.toml | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 753f0ab2cf..361f8f7526 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -381,6 +381,12 @@ version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" +[[package]] +name = "base64" +version = "0.22.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9475866fec1451be56a3c2400fd081ff546538961565ccb5b7142cbd22bc7a51" + [[package]] name = "base64ct" version = "1.6.0" @@ -1753,7 +1759,7 @@ version = "3.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b8fcc794035347fb64beda2d3b462595dd2753e3f268d89c5aae77e8cf2c310" dependencies = [ - "base64", + "base64 0.21.7", "serde", ] @@ -2148,7 +2154,7 @@ name = "rustls" version = "0.23.4" dependencies = [ "aws-lc-rs", - "base64", + "base64 0.22.0", "bencher", "env_logger", "log", @@ -2216,7 +2222,7 @@ name = "rustls-openssl-tests" version = "0.0.1" dependencies = [ "asn1", - "base64", + "base64 0.22.0", "num-bigint", "once_cell", "openssl", @@ -2231,7 +2237,7 @@ version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" dependencies = [ - "base64", + "base64 0.21.7", ] [[package]] @@ -2240,7 +2246,7 @@ version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f48172685e6ff52a556baa527774f61fcaa884f59daf3375c62a3f1cd2549dab" dependencies = [ - "base64", + "base64 0.21.7", "rustls-pki-types", ] diff --git a/openssl-tests/Cargo.toml b/openssl-tests/Cargo.toml index bca0f11877..e98a6caddd 100644 --- a/openssl-tests/Cargo.toml +++ b/openssl-tests/Cargo.toml @@ -8,7 +8,7 @@ version = "0.0.1" [dependencies] asn1 = "0.16" -base64 = "0.21" +base64 = "0.22" num-bigint = "0.4.4" once_cell = "1.19" rustls = {path = "../rustls"} diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index b4d7e46b74..bd4b197bc2 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -38,7 +38,7 @@ read_buf = ["rustversion", "std"] fips = ["aws_lc_rs", "aws-lc-rs?/fips"] [dev-dependencies] -base64 = "0.21" +base64 = "0.22" bencher = "0.1.5" env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) log = "0.4.4" From 0786ab13bef7a4e3d9236528f0d6d2640994b1ec Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 28 Mar 2024 22:46:41 +0100 Subject: [PATCH 0887/1145] quic: make Suite Copy --- rustls/src/quic.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 96f0f83d4a..a5db7ac93f 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -797,6 +797,7 @@ impl<'a> KeyBuilder<'a> { } /// Produces QUIC initial keys from a TLS 1.3 ciphersuite and a QUIC key generation algorithm. +#[derive(Clone, Copy)] pub struct Suite { /// The TLS 1.3 ciphersuite used to derive keys. pub suite: &'static Tls13CipherSuite, From bbc5ef742b141cff62c699be0b3c2f7b64beedf8 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 25 Mar 2024 13:18:39 -0400 Subject: [PATCH 0888/1145] lib: gate bs_debug module It's only used in logging builds and so produces a dead code warning when the feature is omitted. --- rustls/src/lib.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 1cdaaa4f1c..ee55527e41 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -405,6 +405,7 @@ mod verifybench; mod x509; #[macro_use] mod check; +#[cfg(feature = "logging")] mod bs_debug; mod builder; mod enums; From 8831ced544ac3ef921b0d477a124928f5e4fb221 Mon Sep 17 00:00:00 2001 From: Christian Poveda Date: Mon, 26 Feb 2024 11:58:20 -0500 Subject: [PATCH 0889/1145] no-std: limited_cache, sni_resolver support w/ hashbrown This commit introduces a new `hash_map` module that exports `HashMap` and `Entry` types when the `std` or `hashbrown` feature are enabled. The underlying types are provided from `std::collections` for the former, and the optional `hashbrown` dependency for the latter. `LimitedCache` and `ResolvesServerCertUsingSni` both relied on a `HashMap` implementation, and so were gated as requiring the `std` feature previously. With the `hashbrown` feature we can allow both when either `std` or `hashbrown` features are enabled, supporting their use in no-std environments. --- .github/workflows/build.yml | 4 ++++ Cargo.lock | 44 ++++++++++++++++++++++++++++++++++++- rustls/Cargo.toml | 1 + rustls/src/lib.rs | 17 ++++++++++++-- rustls/src/limited_cache.rs | 7 ++---- rustls/src/server/handy.rs | 6 ++--- 6 files changed, 68 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d0dd0bd425..2723948397 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -130,6 +130,10 @@ jobs: run: cargo build --locked --no-default-features --target x86_64-unknown-none working-directory: rustls + - name: cargo build (debug; no default features; no-std, hashbrown) + run: cargo build --locked --no-default-features --features hashbrown --target x86_64-unknown-none + working-directory: rustls + - name: cargo test (debug; default features) run: cargo test --locked working-directory: rustls diff --git a/Cargo.lock b/Cargo.lock index 361f8f7526..1c894dde9d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -52,6 +52,18 @@ dependencies = [ "subtle", ] +[[package]] +name = "ahash" +version = "0.8.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d713b3834d76b85304d4d525563c1276e2e30dc97cc67bfb4585a4a29fc2c89f" +dependencies = [ + "cfg-if", + "once_cell", + "version_check", + "zerocopy", +] + [[package]] name = "aho-corasick" version = "1.1.2" @@ -1126,6 +1138,15 @@ dependencies = [ "tracing", ] +[[package]] +name = "hashbrown" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e" +dependencies = [ + "ahash", +] + [[package]] name = "hashbrown" version = "0.14.3" @@ -1331,7 +1352,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "233cf39063f058ea2caae4091bf4a3ef70a653afbc026f5c4a4135d114e3c177" dependencies = [ "equivalent", - "hashbrown", + "hashbrown 0.14.3", ] [[package]] @@ -2157,6 +2178,7 @@ dependencies = [ "base64 0.22.0", "bencher", "env_logger", + "hashbrown 0.13.2", "log", "num-bigint", "once_cell", @@ -3079,6 +3101,26 @@ dependencies = [ "time", ] +[[package]] +name = "zerocopy" +version = "0.7.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.50", +] + [[package]] name = "zeroize" version = "1.7.0" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index bd4b197bc2..5e192c55bd 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -17,6 +17,7 @@ rustversion = { version = "1.0.6", optional = true } [dependencies] aws-lc-rs = { version = "1.6", optional = true, default-features = false, features = ["aws-lc-sys"] } +hashbrown = { version = "0.13", optional = true } # 0.14+ requires 1.63 MSRV log = { version = "0.4.4", optional = true } # remove once our MSRV is >= 1.70 once_cell = { version = "1.16", default-features = false, features = ["alloc", "race"] } diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index ee55527e41..98a2ce90b2 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -389,7 +389,7 @@ mod conn; pub mod crypto; mod error; mod hash_hs; -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] mod limited_cache; mod rand; mod record_layer; @@ -582,7 +582,7 @@ pub mod server { pub use builder::WantsServerCert; pub use handy::NoServerSessionStorage; - #[cfg(feature = "std")] + #[cfg(any(feature = "std", feature = "hashbrown"))] pub use handy::ResolvesServerCertUsingSni; #[cfg(feature = "std")] pub use handy::ServerSessionMemoryCache; @@ -638,3 +638,16 @@ pub mod ticketer; pub mod manual; pub mod time_provider; + +#[cfg(any(feature = "std", feature = "hashbrown"))] +mod hash_map { + #[cfg(feature = "std")] + pub(crate) use std::collections::hash_map::Entry; + #[cfg(feature = "std")] + pub(crate) use std::collections::HashMap; + + #[cfg(all(not(feature = "std"), feature = "hashbrown"))] + pub(crate) use hashbrown::hash_map::Entry; + #[cfg(all(not(feature = "std"), feature = "hashbrown"))] + pub(crate) use hashbrown::HashMap; +} diff --git a/rustls/src/limited_cache.rs b/rustls/src/limited_cache.rs index 6c1c777515..4252a337f9 100644 --- a/rustls/src/limited_cache.rs +++ b/rustls/src/limited_cache.rs @@ -1,8 +1,8 @@ use alloc::collections::VecDeque; use core::borrow::Borrow; use core::hash::Hash; -use std::collections::hash_map::Entry; -use std::collections::HashMap; + +use crate::hash_map::{Entry, HashMap}; /// A HashMap-alike, which never gets larger than a specified /// capacity, and evicts the oldest insertion to maintain this. @@ -19,7 +19,6 @@ pub(crate) struct LimitedCache { oldest: VecDeque, } -#[cfg(feature = "std")] impl LimitedCache where K: Eq + Hash + Clone + core::fmt::Debug, @@ -211,7 +210,6 @@ mod tests { } } - #[cfg(feature = "std")] #[test] fn test_get_or_insert_default_and_edit_evicts_old_items_to_meet_capacity() { let mut t = Test::new(3); @@ -240,7 +238,6 @@ mod tests { assert_eq!(t.get("jkl"), None); } - #[cfg(feature = "std")] #[test] fn test_get_or_insert_default_and_edit_edits_existing_item() { let mut t = Test::new(3); diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 49a49878d5..674b20a4e5 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -195,16 +195,16 @@ impl server::ResolvesServerCert for AlwaysResolvesChain { } } -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] mod sni_resolver { use alloc::string::{String, ToString}; use alloc::sync::Arc; use core::fmt::Debug; - use std::collections::HashMap; use pki_types::{DnsName, ServerName}; use crate::error::Error; + use crate::hash_map::HashMap; use crate::server::ClientHello; use crate::webpki::{verify_server_name, ParsedCertificate}; use crate::{server, sign}; @@ -295,7 +295,7 @@ mod sni_resolver { } } -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] pub use sni_resolver::ResolvesServerCertUsingSni; #[cfg(test)] From d8d438aecc2f06ddc1e4975822580dd6b2f4c64a Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 29 Mar 2024 16:43:18 -0400 Subject: [PATCH 0890/1145] no-std: ServerSessionMemoryCache, ClientSessionStore, Ticketer This commit introduces a new `lock` module that exports a `Mutex` wrapper type. When the `std` feature is enabled the `Mutex` is a thin wrapper around `std::sync::Mutex`. When the `std` feature is disabled, the user of the library must provide a `Lock` implementation and a `MakeMutex` implementation for producing instances of an appropriate lock. `ServerSessionMemoryCache`, `ClientSessionStore`, `TicketSwitcher`, and the aws-lc-rs/ring `Ticketer`s all rely on both a `HashMap` implementation, and a `Mutex` implementation and so were gated as requiring the `std` feature previously. With the `hashbrown` and `crate::lock` module we can allow all of these items when either `std` or the `hashbrown` features are enabled, supporting use in no-std environments. --- rustls/src/client/handy.rs | 18 +++++- rustls/src/crypto/aws_lc_rs/mod.rs | 6 +- rustls/src/crypto/ring/mod.rs | 6 +- rustls/src/crypto/ring/ticketer.rs | 16 ++++++ rustls/src/lib.rs | 11 ++-- rustls/src/lock.rs | 88 ++++++++++++++++++++++++++++++ rustls/src/server/handy.rs | 18 +++++- rustls/src/server/server_conn.rs | 5 +- rustls/src/ticketer.rs | 82 ++++++++++++++++++++++++---- 9 files changed, 223 insertions(+), 27 deletions(-) create mode 100644 rustls/src/lock.rs diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index 79be5b26ab..7eec4bd482 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -34,14 +34,14 @@ impl client::ClientSessionStore for NoClientSessionStorage { } } -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] mod cache { use alloc::collections::VecDeque; use core::fmt; - use std::sync::Mutex; use pki_types::ServerName; + use crate::lock::Mutex; use crate::msgs::persist; use crate::{limited_cache, NamedGroup}; @@ -80,6 +80,7 @@ mod cache { impl ClientSessionMemoryCache { /// Make a new ClientSessionMemoryCache. `size` is the /// maximum number of stored sessions. + #[cfg(feature = "std")] pub fn new(size: usize) -> Self { let max_servers = size.saturating_add(MAX_TLS13_TICKETS_PER_SERVER - 1) / MAX_TLS13_TICKETS_PER_SERVER; @@ -87,6 +88,17 @@ mod cache { servers: Mutex::new(limited_cache::LimitedCache::new(max_servers)), } } + + /// Make a new ClientSessionMemoryCache. `size` is the + /// maximum number of stored sessions. + #[cfg(not(feature = "std"))] + pub fn new(size: usize) -> Self { + let max_servers = size.saturating_add(MAX_TLS13_TICKETS_PER_SERVER - 1) + / MAX_TLS13_TICKETS_PER_SERVER; + Self { + servers: Mutex::new::(limited_cache::LimitedCache::new(max_servers)), + } + } } impl super::client::ClientSessionStore for ClientSessionMemoryCache { @@ -180,7 +192,7 @@ mod cache { } } -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] pub use cache::ClientSessionMemoryCache; #[derive(Debug)] diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index d8f90e530f..98fcd8c973 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -26,7 +26,7 @@ pub(crate) mod hash; pub(crate) mod kx; #[path = "../ring/quic.rs"] pub(crate) mod quic; -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] #[path = "../ring/ticketer.rs"] pub(crate) mod ticketer; #[cfg(feature = "tls12")] @@ -222,7 +222,7 @@ pub mod kx_group { } pub use kx::ALL_KX_GROUPS; -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] pub use ticketer::Ticketer; use super::SupportedKxGroup; @@ -243,7 +243,7 @@ mod ring_shim { } /// AEAD algorithm that is used by `mod ticketer`. -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] pub(super) static TICKETER_AEAD: &ring_like::aead::Algorithm = &ring_like::aead::AES_256_GCM; /// Are we in FIPS mode? diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index ca197f4254..b0d5585bff 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -19,7 +19,7 @@ pub(crate) mod hash; pub(crate) mod hmac; pub(crate) mod kx; pub(crate) mod quic; -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] pub(crate) mod ticketer; #[cfg(feature = "tls12")] pub(crate) mod tls12; @@ -170,7 +170,7 @@ pub mod kx_group { } pub use kx::ALL_KX_GROUPS; -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] pub use ticketer::Ticketer; /// Compatibility shims between ring 0.16.x and 0.17.x API @@ -190,7 +190,7 @@ mod ring_shim { } /// AEAD algorithm that is used by `mod ticketer`. -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] pub(super) static TICKETER_AEAD: &ring_like::aead::Algorithm = &ring_like::aead::CHACHA20_POLY1305; pub(super) fn fips() -> bool { diff --git a/rustls/src/crypto/ring/ticketer.rs b/rustls/src/crypto/ring/ticketer.rs index d13407cccc..fbcaaef6a0 100644 --- a/rustls/src/crypto/ring/ticketer.rs +++ b/rustls/src/crypto/ring/ticketer.rs @@ -22,12 +22,28 @@ impl Ticketer { /// /// The encryption mechanism used is injected via TICKETER_AEAD; /// it must take a 256-bit key and 96-bit nonce. + #[cfg(feature = "std")] pub fn new() -> Result, Error> { Ok(Arc::new(crate::ticketer::TicketSwitcher::new( 6 * 60 * 60, make_ticket_generator, )?)) } + + /// Make the recommended Ticketer. This produces tickets + /// with a 12 hour life and randomly generated keys. + /// + /// The encryption mechanism used is Chacha20Poly1305. + #[cfg(not(feature = "std"))] + pub fn new( + time_provider: &'static dyn TimeProvider, + ) -> Result, Error> { + Ok(Arc::new(crate::ticketer::TicketSwitcher::new::( + 6 * 60 * 60, + make_ticket_generator, + time_provider, + )?)) + } } fn make_ticket_generator() -> Result, GetRandomFailed> { diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 98a2ce90b2..574da9f251 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -521,7 +521,7 @@ pub use crate::stream::{Stream, StreamOwned}; pub use crate::suites::{ CipherSuiteCommon, ConnectionTrafficSecrets, ExtractedSecrets, SupportedCipherSuite, }; -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] pub use crate::ticketer::TicketSwitcher; #[cfg(feature = "tls12")] pub use crate::tls12::Tls12CipherSuite; @@ -548,7 +548,7 @@ pub mod client { }; #[cfg(feature = "std")] pub use client_conn::{ClientConnection, WriteEarlyData}; - #[cfg(feature = "std")] + #[cfg(any(feature = "std", feature = "hashbrown"))] pub use handy::ClientSessionMemoryCache; /// Dangerous configuration that should be audited and used with extreme care. @@ -584,7 +584,7 @@ pub mod server { pub use handy::NoServerSessionStorage; #[cfg(any(feature = "std", feature = "hashbrown"))] pub use handy::ResolvesServerCertUsingSni; - #[cfg(feature = "std")] + #[cfg(any(feature = "std", feature = "hashbrown"))] pub use handy::ServerSessionMemoryCache; pub use server_conn::{ Accepted, ClientHello, ProducesTickets, ResolvesServerCert, ServerConfig, @@ -630,7 +630,7 @@ pub mod sign { /// APIs for implementing QUIC TLS pub mod quic; -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] /// APIs for implementing TLS tickets pub mod ticketer; @@ -639,6 +639,9 @@ pub mod manual; pub mod time_provider; +/// APIs abstracting over locking primitives. +pub mod lock; + #[cfg(any(feature = "std", feature = "hashbrown"))] mod hash_map { #[cfg(feature = "std")] diff --git a/rustls/src/lock.rs b/rustls/src/lock.rs new file mode 100644 index 0000000000..fa023856e6 --- /dev/null +++ b/rustls/src/lock.rs @@ -0,0 +1,88 @@ +#[cfg(not(feature = "std"))] +pub use no_std_lock::*; +#[cfg(feature = "std")] +pub use std_lock::*; + +#[cfg(feature = "std")] +mod std_lock { + use std::sync::Mutex as StdMutex; + pub use std::sync::MutexGuard; + + /// A wrapper around [`std::sync::Mutex`]. + #[derive(Debug)] + pub struct Mutex { + inner: std::sync::Mutex, + } + + impl Mutex { + /// Creates a new mutex in an unlocked state ready for use. + pub fn new(data: T) -> Self { + Self { + inner: StdMutex::new(data), + } + } + + /// Acquires the mutex, blocking the current thread until it is able to do so. + /// + /// This will return `None` in the case the mutex is poisoned. + #[inline] + pub fn lock(&self) -> Option> { + self.inner.lock().ok() + } + } +} + +#[cfg(not(feature = "std"))] +mod no_std_lock { + use alloc::boxed::Box; + use alloc::sync::Arc; + use core::fmt::Debug; + use core::ops::DerefMut; + + #[derive(Debug)] + /// A no-std compatible wrapper around [`Lock`]. + pub struct Mutex { + inner: Arc>, + } + + impl Mutex { + /// Creates a new mutex in an unlocked state ready for use. + pub fn new(val: T) -> Self + where + M: MakeMutex, + T: Send + 'static, + { + Self { + inner: M::make_mutex(val), + } + } + + /// Acquires the mutex, blocking the current thread until it is able to do so. + /// + /// This will return `None` in the case the mutex is poisoned. + #[inline] + pub fn lock(&self) -> Option> { + self.inner.lock().ok() + } + } + + /// A lock protecting shared data. + pub trait Lock: Debug + Send + Sync { + /// Acquire the lock. + fn lock(&self) -> Result, Poisoned>; + } + + /// A lock builder. + pub trait MakeMutex { + /// Create a new mutex. + fn make_mutex(value: T) -> Arc> + where + T: Send + 'static; + } + + /// A no-std compatible mutex guard. + pub type MutexGuard<'a, T> = Box + 'a>; + + /// A marker type used to indicate `Lock::lock` failed due to a poisoned lock. + pub struct Poisoned; +} diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 674b20a4e5..21bf049a31 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -25,13 +25,13 @@ impl server::StoresServerSessions for NoServerSessionStorage { } } -#[cfg(feature = "std")] +#[cfg(any(feature = "std", feature = "hashbrown"))] mod cache { use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::{Debug, Formatter}; - use std::sync::Mutex; + use crate::lock::Mutex; use crate::{limited_cache, server}; /// An implementer of `StoresServerSessions` that stores everything @@ -45,11 +45,22 @@ mod cache { /// Make a new ServerSessionMemoryCache. `size` is the maximum /// number of stored sessions, and may be rounded-up for /// efficiency. + #[cfg(feature = "std")] pub fn new(size: usize) -> Arc { Arc::new(Self { cache: Mutex::new(limited_cache::LimitedCache::new(size)), }) } + + /// Make a new ServerSessionMemoryCache. `size` is the maximum + /// number of stored sessions, and may be rounded-up for + /// efficiency. + #[cfg(not(feature = "std"))] + pub fn new(size: usize) -> Arc { + Arc::new(Self { + cache: Mutex::new::(limited_cache::LimitedCache::new(size)), + }) + } } impl server::StoresServerSessions for ServerSessionMemoryCache { @@ -133,7 +144,8 @@ mod cache { } } } -#[cfg(feature = "std")] + +#[cfg(any(feature = "std", feature = "hashbrown"))] pub use cache::ServerSessionMemoryCache; /// Something which never produces tickets. diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index d02b82a801..9dfac10646 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -212,12 +212,15 @@ impl<'a> ClientHello<'a> { /// * [`ServerConfig::max_fragment_size`]: the default is `None` (meaning 16kB). /// * [`ServerConfig::session_storage`]: if the `std` feature is enabled, the default stores 256 /// sessions in memory. If the `std` feature is not enabled, the default is to not store any -/// sessions. +/// sessions. In a no-std context, by enabling the `hashbrown` feature you may provide your +/// own `session_storage` using [`ServerSessionMemoryCache`] and a `crate::lock::MakeMutex` +/// implementation. /// * [`ServerConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. /// * [`ServerConfig::key_log`]: key material is not logged. /// * [`ServerConfig::send_tls13_tickets`]: 4 tickets are sent. /// /// [`RootCertStore`]: crate::RootCertStore +/// [`ServerSessionMemoryCache`]: crate::server::handy::ServerSessionMemoryCache #[derive(Debug)] pub struct ServerConfig { /// Source of randomness and other crypto. diff --git a/rustls/src/ticketer.rs b/rustls/src/ticketer.rs index ad3717f671..e556307c90 100644 --- a/rustls/src/ticketer.rs +++ b/rustls/src/ticketer.rs @@ -1,11 +1,13 @@ use alloc::boxed::Box; use alloc::vec::Vec; use core::mem; -use std::sync::{Mutex, MutexGuard}; use pki_types::UnixTime; +use crate::lock::{Mutex, MutexGuard}; use crate::server::ProducesTickets; +#[cfg(not(feature = "std"))] +use crate::time_provider::TimeProvider; use crate::{rand, Error}; #[derive(Debug)] @@ -19,11 +21,13 @@ pub(crate) struct TicketSwitcherState { /// A ticketer that has a 'current' sub-ticketer and a single /// 'previous' ticketer. It creates a new ticketer every so /// often, demoting the current ticketer. -#[derive(Debug)] +#[cfg_attr(feature = "std", derive(Debug))] pub struct TicketSwitcher { pub(crate) generator: fn() -> Result, rand::GetRandomFailed>, lifetime: u32, state: Mutex, + #[cfg(not(feature = "std"))] + time_provider: &'static dyn TimeProvider, } impl TicketSwitcher { @@ -34,6 +38,7 @@ impl TicketSwitcher { /// is used to generate new tickets. Tickets are accepted for no /// longer than twice this duration. `generator` produces a new /// `ProducesTickets` implementation. + #[cfg(feature = "std")] pub fn new( lifetime: u32, generator: fn() -> Result, rand::GetRandomFailed>, @@ -52,6 +57,36 @@ impl TicketSwitcher { }) } + /// Creates a new `TicketSwitcher`, which rotates through sub-ticketers + /// based on the passage of time. + /// + /// `lifetime` is in seconds, and is how long the current ticketer + /// is used to generate new tickets. Tickets are accepted for no + /// longer than twice this duration. `generator` produces a new + /// `ProducesTickets` implementation. + #[cfg(not(feature = "std"))] + pub fn new( + lifetime: u32, + generator: fn() -> Result, rand::GetRandomFailed>, + time_provider: &'static dyn TimeProvider, + ) -> Result { + Ok(Self { + generator, + lifetime, + state: Mutex::new::(TicketSwitcherState { + next: Some(generator()?), + current: generator()?, + previous: None, + next_switch_time: time_provider + .current_time() + .unwrap() + .as_secs() + .saturating_add(u64::from(lifetime)), + }), + time_provider, + }) + } + /// If it's time, demote the `current` ticketer to `previous` (so it /// does no new encryptions but can do decryption) and use next for a /// new `current` ticketer. @@ -61,7 +96,7 @@ impl TicketSwitcher { /// /// For efficiency, this is also responsible for locking the state mutex /// and returning the mutexguard. - pub(crate) fn maybe_roll(&self, now: UnixTime) -> Option> { + pub(crate) fn maybe_roll(&self, now: UnixTime) -> Option> { // The code below aims to make switching as efficient as possible // in the common case that the generator never fails. To achieve this // we run the following steps: @@ -94,7 +129,7 @@ impl TicketSwitcher { let mut are_recovering = false; // Are we recovering from previous failure? { // Scope the mutex so we only take it for as long as needed - let mut state = self.state.lock().ok()?; + let mut state = self.state.lock()?; // Fast path in case we do not need to switch to the next ticketer yet if now <= state.next_switch_time { @@ -114,7 +149,7 @@ impl TicketSwitcher { let next = (self.generator)().ok()?; if !are_recovering { // Normal path, generate new next and place it in the state - let mut state = self.state.lock().ok()?; + let mut state = self.state.lock()?; state.next = Some(next); Some(state) } else { @@ -122,7 +157,7 @@ impl TicketSwitcher { // as needed. (we need to redo the time check, otherwise this might // result in very rapid switching of ticketers) let new_current = (self.generator)().ok()?; - let mut state = self.state.lock().ok()?; + let mut state = self.state.lock()?; state.next = Some(next); if now > state.next_switch_time { state.previous = Some(mem::replace(&mut state.current, new_current)); @@ -143,13 +178,29 @@ impl ProducesTickets for TicketSwitcher { } fn encrypt(&self, message: &[u8]) -> Option> { - let state = self.maybe_roll(UnixTime::now())?; - - state.current.encrypt(message) + #[cfg(feature = "std")] + let now = UnixTime::now(); + #[cfg(not(feature = "std"))] + let now = self + .time_provider + .current_time() + .unwrap(); + + self.maybe_roll(now)? + .current + .encrypt(message) } fn decrypt(&self, ciphertext: &[u8]) -> Option> { - let state = self.maybe_roll(UnixTime::now())?; + #[cfg(feature = "std")] + let now = UnixTime::now(); + #[cfg(not(feature = "std"))] + let now = self + .time_provider + .current_time() + .unwrap(); + + let state = self.maybe_roll(now)?; // Decrypt with the current key; if that fails, try with the previous. state @@ -163,3 +214,14 @@ impl ProducesTickets for TicketSwitcher { }) } } + +#[cfg(not(feature = "std"))] +impl core::fmt::Debug for TicketSwitcher { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + f.debug_struct("TicketSwitcher") + .field("generator", &self.generator) + .field("lifetime", &self.lifetime) + .field("state", &**self.state.lock().unwrap()) + .finish() + } +} From f0d33d13a8d3519ec98cc2ad11bc81d200a205a0 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 29 Mar 2024 09:20:24 +0000 Subject: [PATCH 0891/1145] Ignore `server_name` extension containing IP address This works around quality-of-implementation issues in OpenSSL and Apple SecureTransport: they send `server_name` extensions containing IP addresses. RFC6066 specifically disallows that. It is a similar work-around to that adopted by LibreSSL: ignore SNI contents if they can be parsed as an IP address. --- rustls/src/lib.rs | 3 ++- rustls/src/msgs/handshake.rs | 28 ++++++++++++++++++++++++---- rustls/src/msgs/message_test.rs | 4 ++-- 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 574da9f251..d5708f2df2 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -443,7 +443,8 @@ pub mod internal { pub use crate::msgs::handshake::{ CertificateChain, ClientExtension, ClientHelloPayload, DistinguishedName, EchConfig, EchConfigContents, HandshakeMessagePayload, HandshakePayload, - HpkeKeyConfig, HpkeSymmetricCipherSuite, KeyShareEntry, Random, SessionId, + HpkeKeyConfig, HpkeSymmetricCipherSuite, KeyShareEntry, Random, ServerName, + SessionId, }; } pub mod message { diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index c7d9cc25c9..f4d3096430 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -216,6 +216,7 @@ impl TlsListElement for SignatureScheme { #[derive(Clone, Debug)] pub(crate) enum ServerNamePayload { HostName(DnsName<'static>), + IpAddress(PayloadU16), Unknown(Payload<'static>), } @@ -225,11 +226,13 @@ impl ServerNamePayload { } fn read_hostname(r: &mut Reader) -> Result { + use pki_types::ServerName; let raw = PayloadU16::read(r)?; - match DnsName::try_from(raw.0.as_slice()) { - Ok(dns_name) => Ok(Self::HostName(dns_name.to_owned())), - Err(_) => { + match ServerName::try_from(raw.0.as_slice()) { + Ok(ServerName::DnsName(d)) => Ok(Self::HostName(d.to_owned())), + Ok(ServerName::IpAddress(_)) => Ok(Self::IpAddress(raw)), + Ok(_) | Err(_) => { warn!( "Illegal SNI hostname received {:?}", String::from_utf8_lossy(&raw.0) @@ -245,6 +248,7 @@ impl ServerNamePayload { (name.as_ref().len() as u16).encode(bytes); bytes.extend_from_slice(name.as_ref().as_bytes()); } + Self::IpAddress(ref r) => r.encode(bytes), Self::Unknown(ref r) => r.encode(bytes), } } @@ -864,7 +868,23 @@ impl ClientHelloPayload { pub(crate) fn sni_extension(&self) -> Option<&[ServerName]> { let ext = self.find_extension(ExtensionType::ServerName)?; match *ext { - ClientExtension::ServerName(ref req) => Some(req), + // Does this comply with RFC6066? + // + // [RFC6066][] specifies that literal IP addresses are illegal in + // `ServerName`s with a `name_type` of `host_name`. + // + // Some clients incorrectly send such extensions: we choose to + // successfully parse these (into `ServerNamePayload::IpAddress`) + // but then act like the client sent no `server_name` extension. + // + // [RFC6066]: https://datatracker.ietf.org/doc/html/rfc6066#section-3 + ClientExtension::ServerName(ref req) + if !req + .iter() + .any(|name| matches!(name.payload, ServerNamePayload::IpAddress(_))) => + { + Some(req) + } _ => None, } } diff --git a/rustls/src/msgs/message_test.rs b/rustls/src/msgs/message_test.rs index 3bcb2ae665..69450a9b67 100644 --- a/rustls/src/msgs/message_test.rs +++ b/rustls/src/msgs/message_test.rs @@ -48,7 +48,7 @@ fn test_read_fuzz_corpus() { } #[test] -fn can_read_safari_client_hello() { +fn can_read_safari_client_hello_with_ip_address_in_sni_extension() { let _ = env_logger::Builder::new() .filter(None, log::LevelFilter::Trace) .try_init(); @@ -72,7 +72,7 @@ fn can_read_safari_client_hello() { let mut rd = Reader::init(bytes); let m = OutboundOpaqueMessage::read(&mut rd).unwrap(); println!("m = {:?}", m); - assert!(Message::try_from(m.into_plain_message()).is_err()); + Message::try_from(m.into_plain_message()).unwrap(); } #[test] From 3d4dae2f97dace5741cfb503d0c19dd86faf56ec Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 29 Mar 2024 11:34:33 +0000 Subject: [PATCH 0892/1145] api.rs: reformat --- rustls/tests/api.rs | 81 ++++++++++++++++++++++++++++++--------------- 1 file changed, 54 insertions(+), 27 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 4a51966a58..99d8c90350 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -27,9 +27,7 @@ use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; -use rustls::internal::msgs::message::{ - Message, MessagePayload, -}; +use rustls::internal::msgs::message::{Message, MessagePayload}; use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert}; use rustls::SupportedCipherSuite; use rustls::{ @@ -61,7 +59,9 @@ fn alpn_test_error( for version in rustls::ALL_VERSIONS { let mut client_config = make_client_config_with_versions(KeyType::Rsa, &[version]); - client_config.alpn_protocols.clone_from(&client_protos); + client_config + .alpn_protocols + .clone_from(&client_protos); let (mut client, mut server) = make_pair_for_arc_configs(&Arc::new(client_config), &server_config); @@ -766,9 +766,11 @@ fn test_tls13_valid_early_plaintext_alert() { // * The payload size is indicative of a plaintext alert message. // * The negotiated protocol version is TLS 1.3. server - .read_tls(&mut io::Cursor::new( - &build_alert(AlertLevel::Fatal, AlertDescription::UnknownCA, &[]) - )) + .read_tls(&mut io::Cursor::new(&build_alert( + AlertLevel::Fatal, + AlertDescription::UnknownCA, + &[], + ))) .unwrap(); // The server should process the plaintext alert without error. @@ -790,7 +792,11 @@ fn test_tls13_too_short_early_plaintext_alert() { // Inject a plaintext alert from the client. The server should attempt to decrypt this message // because the payload length is too large to be considered an early plaintext alert. server - .read_tls(&mut io::Cursor::new(&build_alert(AlertLevel::Fatal, AlertDescription::UnknownCA, &[0xff]))) + .read_tls(&mut io::Cursor::new(&build_alert( + AlertLevel::Fatal, + AlertDescription::UnknownCA, + &[0xff], + ))) .unwrap(); // The server should produce a decrypt error trying to decrypt the plaintext alert. @@ -807,7 +813,11 @@ fn test_tls13_late_plaintext_alert() { // Inject a plaintext alert from the client. The server should attempt to decrypt this message. server - .read_tls(&mut io::Cursor::new(&build_alert(AlertLevel::Fatal, AlertDescription::UnknownCA, &[]))) + .read_tls(&mut io::Cursor::new(&build_alert( + AlertLevel::Fatal, + AlertDescription::UnknownCA, + &[], + ))) .unwrap(); // The server should produce a decrypt error, trying to decrypt a plaintext alert. @@ -3058,16 +3068,17 @@ fn negotiated_ciphersuite_server_ignoring_client_preference() { kt, ClientConfig::builder_with_provider( CryptoProvider { - cipher_suites: vec![ scs_other, scs ], - ..provider::default_provider() - }.into(), - ) - .with_safe_default_protocol_versions() - .unwrap()); + cipher_suites: vec![scs_other, scs], + ..provider::default_provider() + } + .into(), + ) + .with_safe_default_protocol_versions() + .unwrap(), + ); do_suite_test(client_config, server_config, scs, version.version); } - } #[derive(Debug, PartialEq)] @@ -4525,7 +4536,8 @@ mod test_quic { #[test] fn test_fragmented_append() { // Create a QUIC client connection. - let client_config = make_client_config_with_versions(KeyType::Rsa, &[&rustls::version::TLS13]); + let client_config = + make_client_config_with_versions(KeyType::Rsa, &[&rustls::version::TLS13]); let client_config = Arc::new(client_config); let mut client = quic::ClientConnection::new( Arc::clone(&client_config), @@ -4559,7 +4571,8 @@ mod test_quic { #[test] fn test_client_does_not_offer_sha1() { use rustls::internal::msgs::{ - codec::Reader, handshake::HandshakePayload, message::MessagePayload, message::OutboundOpaqueMessage, + codec::Reader, handshake::HandshakePayload, message::MessagePayload, + message::OutboundOpaqueMessage, }; use rustls::HandshakeType; @@ -5529,7 +5542,10 @@ fn test_acceptor() { .read_tls(&mut [0x16, 0x03, 0x03, 0x00, 0x05, 0x01, 0x00, 0x00, 0x01, 0x00].as_ref()) .unwrap(); let (err, mut alert) = acceptor.accept().unwrap_err(); - assert!(matches!(err, Error::InvalidMessage(InvalidMessage::MissingData(_)))); + assert!(matches!( + err, + Error::InvalidMessage(InvalidMessage::MissingData(_)) + )); let mut alert_content = Vec::new(); let _ = alert.write(&mut alert_content); let expected = build_alert(AlertLevel::Fatal, AlertDescription::DecodeError, &[]); @@ -5540,16 +5556,22 @@ fn test_acceptor() { fn test_acceptor_rejected_handshake() { use rustls::server::Acceptor; - let client_config = finish_client_config(KeyType::Ed25519, ClientConfig::builder_with_provider(provider::default_provider().into()) - .with_protocol_versions(&[&rustls::version::TLS13]) - .unwrap()); + let client_config = finish_client_config( + KeyType::Ed25519, + ClientConfig::builder_with_provider(provider::default_provider().into()) + .with_protocol_versions(&[&rustls::version::TLS13]) + .unwrap(), + ); let mut client = ClientConnection::new(client_config.into(), server_name("localhost")).unwrap(); let mut buf = Vec::new(); client.write_tls(&mut buf).unwrap(); - let server_config = finish_server_config(KeyType::Ed25519, ServerConfig::builder_with_provider(provider::default_provider().into()) - .with_protocol_versions(&[&rustls::version::TLS12]) - .unwrap()); + let server_config = finish_server_config( + KeyType::Ed25519, + ServerConfig::builder_with_provider(provider::default_provider().into()) + .with_protocol_versions(&[&rustls::version::TLS12]) + .unwrap(), + ); let mut acceptor = Acceptor::default(); acceptor .read_tls(&mut buf.as_slice()) @@ -5558,8 +5580,13 @@ fn test_acceptor_rejected_handshake() { let ch = accepted.client_hello(); assert_eq!(ch.server_name(), Some("localhost")); - let (err, mut alert) = accepted.into_connection(server_config.into()).unwrap_err(); - assert_eq!(err, Error::PeerIncompatible(PeerIncompatible::Tls12NotOfferedOrEnabled)); + let (err, mut alert) = accepted + .into_connection(server_config.into()) + .unwrap_err(); + assert_eq!( + err, + Error::PeerIncompatible(PeerIncompatible::Tls12NotOfferedOrEnabled) + ); let mut alert_content = Vec::new(); let _ = alert.write(&mut alert_content); From aff893f0ca02226c8733b5c8d5e0615d972fdd67 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 29 Mar 2024 12:01:53 +0000 Subject: [PATCH 0893/1145] Test for illegal IP address in server name extension --- rustls/tests/api.rs | 129 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 103 insertions(+), 26 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 99d8c90350..dae739b390 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -26,7 +26,10 @@ use rustls::crypto::CryptoProvider; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::enums::AlertLevel; -use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; +use rustls::internal::msgs::handshake::{ + ClientExtension, HandshakeMessagePayload, HandshakePayload, + ServerName as ServerNameExtensionItem, +}; use rustls::internal::msgs::message::{Message, MessagePayload}; use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert}; use rustls::SupportedCipherSuite; @@ -956,6 +959,93 @@ fn client_trims_terminating_dot() { } } +#[test] +fn server_ignores_sni_with_ip_address() { + fn insert_ip_address_server_name(msg: &mut Message) -> Altered { + alter_sni_extension( + msg, + |snr| { + snr.clear(); + snr.push(ServerNameExtensionItem::read_bytes(b"\x00\x00\x071.1.1.1").unwrap()); + }, + |parsed, _encoded| Payload::new(parsed.get_encoding()), + ) + } + + check_sni_error( + insert_ip_address_server_name, + Error::General("no server certificate chain resolved".to_string()), + ); +} + +#[test] +fn server_rejects_sni_with_illegal_dns_name() { + fn insert_illegal_server_name(msg: &mut Message) -> Altered { + alter_sni_extension( + msg, + |_| (), + |_, encoded| { + // replace "localhost" with invalid DNS name + let mut altered = encoded.clone().into_vec(); + let needle = b"localhost"; + let index = altered + .windows(needle.len()) + .position(|window| window == needle) + .unwrap(); + altered[index..index + needle.len()].copy_from_slice(b"ab@cd.com"); + Payload::new(altered) + }, + ) + } + + check_sni_error( + insert_illegal_server_name, + Error::InvalidMessage(InvalidMessage::InvalidServerName), + ); +} + +fn alter_sni_extension( + msg: &mut Message, + alter_inner: impl Fn(&mut Vec), + alter_encoding: impl Fn(&mut HandshakeMessagePayload, &mut Payload) -> Payload<'static>, +) -> Altered { + if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { + if let HandshakePayload::ClientHello(ch) = &mut parsed.payload { + for mut ext in ch.extensions.iter_mut() { + if let ClientExtension::ServerName(snr) = &mut ext { + alter_inner(snr); + } + } + *encoded = alter_encoding(parsed, encoded); + } + } + + Altered::InPlace +} + +fn check_sni_error(alteration: impl Fn(&mut Message) -> Altered, expected_error: Error) { + for kt in ALL_KEY_TYPES { + let client_config = make_client_config(*kt); + let mut server_config = make_server_config(*kt); + + server_config.cert_resolver = Arc::new(ServerCheckNoSni {}); + + let client = + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); + let server = ServerConnection::new(Arc::new(server_config)).unwrap(); + let (mut client, mut server) = (client.into(), server.into()); + + transfer_altered(&mut client, &alteration, &mut server); + assert_eq!(server.process_new_packets(), Err(expected_error.clone()),); + + let server_inner = match server { + rustls::Connection::Server(server) => server, + _ => unreachable!(), + }; + assert_eq!(None, server_inner.server_name()); + } +} + #[cfg(feature = "tls12")] fn check_sigalgs_reduced_by_ciphersuite( kt: KeyType, @@ -5154,18 +5244,13 @@ fn connection_types_are_not_huge() { #[test] fn test_server_rejects_duplicate_sni_names() { fn duplicate_sni_payload(msg: &mut Message) -> Altered { - if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { - if let HandshakePayload::ClientHello(ch) = &mut parsed.payload { - for mut ext in ch.extensions.iter_mut() { - if let ClientExtension::ServerName(snr) = &mut ext { - snr.push(snr[0].clone()); - } - } - } - - *encoded = Payload::new(parsed.get_encoding()); - } - Altered::InPlace + alter_sni_extension( + msg, + |snr| { + snr.push(snr[0].clone()); + }, + |parsed, _encoded| Payload::new(parsed.get_encoding()), + ) } let (client, server) = make_pair(KeyType::Rsa); @@ -5182,19 +5267,11 @@ fn test_server_rejects_duplicate_sni_names() { #[test] fn test_server_rejects_empty_sni_extension() { fn empty_sni_payload(msg: &mut Message) -> Altered { - if let MessagePayload::Handshake { parsed, encoded } = &mut msg.payload { - if let HandshakePayload::ClientHello(ch) = &mut parsed.payload { - for mut ext in ch.extensions.iter_mut() { - if let ClientExtension::ServerName(snr) = &mut ext { - snr.clear(); - } - } - } - - *encoded = Payload::new(parsed.get_encoding()); - } - - Altered::InPlace + alter_sni_extension( + msg, + |snr| snr.clear(), + |parsed, _encoded| Payload::new(parsed.get_encoding()), + ) } let (client, server) = make_pair(KeyType::Rsa); From a5a992a0db53731124904a352fa44756c24c246b Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 2 Apr 2024 15:36:23 +0100 Subject: [PATCH 0894/1145] Correct references to `VerifierBuilderError` --- rustls/src/webpki/client_verifier.rs | 2 +- rustls/src/webpki/server_verifier.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index a8c42b2ace..a06b2ef53e 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -151,7 +151,7 @@ impl ClientCertVerifierBuilder { /// [`with_client_cert_verifier`][ConfigBuilder::with_client_cert_verifier]. /// /// # Errors - /// This function will return a `ClientCertVerifierBuilderError` if: + /// This function will return a [`VerifierBuilderError`] if: /// 1. No trust anchors have been provided. /// 2. DER encoded CRLs have been provided that can not be parsed successfully. pub fn build(self) -> Result, VerifierBuilderError> { diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 9f7a9dbc90..4866f6a6f4 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -94,7 +94,7 @@ impl ServerCertVerifierBuilder { /// [`with_client_cert_verifier`][ConfigBuilder::with_client_cert_verifier]. /// /// # Errors - /// This function will return a `CertVerifierBuilderError` if: + /// This function will return a [`VerifierBuilderError`] if: /// 1. No trust anchors have been provided. /// 2. DER encoded CRLs have been provided that can not be parsed successfully. pub fn build(self) -> Result, VerifierBuilderError> { From 4b72f384e8d6128aecc04695a976de3f5b32808b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 2 Apr 2024 14:35:05 -0400 Subject: [PATCH 0895/1145] connect-tests: ignore rsa8192.badssl.com This test server's certificate has expired. The issue has been flagged with the upstream project. Until resolved let's ignore this test. --- connect-tests/tests/badssl.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/connect-tests/tests/badssl.rs b/connect-tests/tests/badssl.rs index 5016112ea3..a3671e532e 100644 --- a/connect-tests/tests/badssl.rs +++ b/connect-tests/tests/badssl.rs @@ -106,6 +106,7 @@ mod online { .unwrap(); } + #[ignore] // https://github.com/chromium/badssl.com/issues/530 #[test] fn rsa8192() { connect("rsa8192.badssl.com") From c5d283a40041ef25559007916b99f3237d3dacc5 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 2 Apr 2024 12:55:43 -0400 Subject: [PATCH 0896/1145] deps: update semver compatible deps clap v4.5.3 -> v4.5.4 rustls-pki-types v1.4.0 -> v1.4.1 tokio v1.36.0 -> v1.37.0 serde_json v1.0.114 -> v1.0.115 --- Cargo.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1c894dde9d..29e5d039f0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -558,9 +558,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.3" +version = "4.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "949626d00e063efc93b6dca932419ceb5432f99769911c0b995f7e884c778813" +checksum = "90bc066a67923782aa8515dbaea16946c5bcc5addbd668bb80af688e53e548a0" dependencies = [ "clap_builder", "clap_derive", @@ -580,9 +580,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.3" +version = "4.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90239a040c80f5e14809ca132ddc4176ab33d5e17e49691793296e3fcb34d72f" +checksum = "528131438037fd55894f62d6e9f068b8f45ac57ffa77517819645d10aed04f64" dependencies = [ "heck 0.5.0", "proc-macro2", @@ -2274,9 +2274,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.4.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "868e20fada228fefaf6b652e00cc73623d54f8171e7352c18bb281571f2d92da" +checksum = "ecd36cc4259e3e4514335c4a138c6b43171a8d61d8f5c9348f9fc7529416f247" [[package]] name = "rustls-post-quantum" @@ -2409,9 +2409,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.114" +version = "1.0.115" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5f09b1bd632ef549eaa9f60a1f8de742bdbc698e6cee2095fc84dde5f549ae0" +checksum = "12dc5c46daa8e9fdf4f5e71b6cf9a53f2487da0e86e55808e2d35539666497dd" dependencies = [ "itoa", "ryu", @@ -2627,9 +2627,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.36.0" +version = "1.37.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931" +checksum = "1adbebffeca75fcfd058afa480fb6c0b81e165a0323f9c9d39c9697e37c46787" dependencies = [ "backtrace", "bytes", From cc87ce19871631aefa362720117a70e4a6fe5988 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 5 Apr 2024 11:20:41 -0400 Subject: [PATCH 0897/1145] deps: aws-lc-rs 1.6.2 -> 1.6.4 Notably this brings in pre-generated bindings for more platforms. See the upstream release notes[0][1] for more details. [0]: https://github.com/aws/aws-lc-rs/releases/tag/v1.6.3 [1]: https://github.com/aws/aws-lc-rs/releases/tag/v1.6.4 --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 29e5d039f0..69fee33126 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -341,9 +341,9 @@ dependencies = [ [[package]] name = "aws-lc-rs" -version = "1.6.2" +version = "1.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df33e4a55b03f8780ba55041bc7be91a2a8ec8c03517b0379d2d6c96d2c30d95" +checksum = "9f379c4e505c0692333bd90a334baa234990faa06bdabefd3261f765946aa920" dependencies = [ "aws-lc-fips-sys", "aws-lc-sys", @@ -354,9 +354,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.13.2" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5f269b176dc4aeb593910fa56ed6f956cde19542e496bb0bfc1ad9a6ce18815" +checksum = "68aa3d613f42dbf301dbbcaf3dc260805fd33ffd95f6d290ad7231a9e5d877a7" dependencies = [ "bindgen", "cmake", From 3b90d88315a181306ff84c0ed0141802934ea77f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Apr 2024 16:17:07 +0000 Subject: [PATCH 0898/1145] build(deps): bump h2 from 0.3.24 to 0.3.26 Bumps [h2](https://github.com/hyperium/h2) from 0.3.24 to 0.3.26. - [Release notes](https://github.com/hyperium/h2/releases) - [Changelog](https://github.com/hyperium/h2/blob/v0.3.26/CHANGELOG.md) - [Commits](https://github.com/hyperium/h2/compare/v0.3.24...v0.3.26) --- updated-dependencies: - dependency-name: h2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 69fee33126..d652e530f3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1121,9 +1121,9 @@ dependencies = [ [[package]] name = "h2" -version = "0.3.24" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9" +checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" dependencies = [ "bytes", "fnv", From bf5b0734c7e56e4c58e67ebee24e2f24abe69cb1 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 8 Apr 2024 09:40:27 -0400 Subject: [PATCH 0899/1145] deps: update cargo semver compatible deps * rustls-pemfile 2.1.1 -> 2.1.2 * rustversion 1.0.14 -> 1.0.15 * der 0.7.8 -> 0.7.9 --- Cargo.lock | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d652e530f3..0c3582763a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -726,9 +726,9 @@ checksum = "7e962a19be5cfc3f3bf6dd8f61eb50107f356ad6270fbb3ed41476571db78be5" [[package]] name = "der" -version = "0.7.8" +version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" dependencies = [ "const-oid", "zeroize", @@ -2183,7 +2183,7 @@ dependencies = [ "num-bigint", "once_cell", "ring", - "rustls-pemfile 2.1.1", + "rustls-pemfile 2.1.2", "rustls-pki-types", "rustls-webpki 0.102.2", "rustversion", @@ -2205,7 +2205,7 @@ dependencies = [ "itertools", "rayon", "rustls 0.23.4", - "rustls-pemfile 2.1.1", + "rustls-pemfile 2.1.2", "rustls-pki-types", "tikv-jemallocator", ] @@ -2231,7 +2231,7 @@ dependencies = [ "mio", "rcgen", "rustls 0.23.4", - "rustls-pemfile 2.1.1", + "rustls-pemfile 2.1.2", "rustls-pki-types", "serde", "serde_derive", @@ -2249,7 +2249,7 @@ dependencies = [ "once_cell", "openssl", "rustls 0.23.4", - "rustls-pemfile 2.1.1", + "rustls-pemfile 2.1.2", "rustls-pki-types", ] @@ -2264,11 +2264,11 @@ dependencies = [ [[package]] name = "rustls-pemfile" -version = "2.1.1" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f48172685e6ff52a556baa527774f61fcaa884f59daf3375c62a3f1cd2549dab" +checksum = "29993a25686778eb88d4189742cd713c9bce943bc54251a33509dc63cbacf73d" dependencies = [ - "base64 0.21.7", + "base64 0.22.0", "rustls-pki-types", ] @@ -2341,9 +2341,9 @@ dependencies = [ [[package]] name = "rustversion" -version = "1.0.14" +version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" +checksum = "80af6f9131f277a45a3fba6ce8e2258037bb0477a67e610d3c1fe046ab31de47" [[package]] name = "ryu" From 277b4a607c01e4852fbe7159f87409bca11e7891 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 15 Mar 2024 13:30:23 -0400 Subject: [PATCH 0900/1145] tests: move existing RSA test data to RSA 2048 This prepares for a change where we will generate RSA certificate chains for three modulus sizes. The existing certificates are left as-is, meaning the rsa-2048 intermediate and CA are using RSA 3072 and 4096 respectively. This will be fixed in subsequent commits with a switch to new tooling. --- ci-bench/src/main.rs | 6 +- ci-bench/src/util.rs | 4 +- openssl-tests/src/ffdhe_kx_with_openssl.rs | 8 +- rustls/benches/benchmarks.rs | 2 +- rustls/examples/internal/bench_impl.rs | 16 +- rustls/src/webpki/client_verifier.rs | 4 +- rustls/src/webpki/server_verifier.rs | 4 +- rustls/tests/api.rs | 244 +++++++++--------- rustls/tests/api_ffdhe.rs | 24 +- rustls/tests/common/mod.rs | 50 ++-- rustls/tests/key_log_file_env.rs | 8 +- rustls/tests/process_provider.rs | 6 +- rustls/tests/unbuffered.rs | 28 +- test-ca/{rsa => rsa-2048}/ca.cert | 0 test-ca/{rsa => rsa-2048}/ca.der | Bin test-ca/{rsa => rsa-2048}/ca.key | 0 test-ca/{rsa => rsa-2048}/client.cert | 0 test-ca/{rsa => rsa-2048}/client.chain | 0 test-ca/{rsa => rsa-2048}/client.fullchain | 0 test-ca/{rsa => rsa-2048}/client.key | 0 test-ca/{rsa => rsa-2048}/client.req | 0 .../{rsa => rsa-2048}/client.revoked.crl.pem | 0 test-ca/{rsa => rsa-2048}/client.rsa | 0 test-ca/{rsa => rsa-2048}/end.cert | 0 test-ca/{rsa => rsa-2048}/end.chain | 0 test-ca/{rsa => rsa-2048}/end.fullchain | 0 test-ca/{rsa => rsa-2048}/end.key | 0 test-ca/{rsa => rsa-2048}/end.req | 0 test-ca/{rsa => rsa-2048}/end.revoked.crl.pem | 0 test-ca/{rsa => rsa-2048}/end.rsa | 0 test-ca/{rsa => rsa-2048}/inter.cert | 0 test-ca/{rsa => rsa-2048}/inter.key | 0 test-ca/{rsa => rsa-2048}/inter.req | 0 .../{rsa => rsa-2048}/inter.revoked.crl.pem | 0 34 files changed, 202 insertions(+), 202 deletions(-) rename test-ca/{rsa => rsa-2048}/ca.cert (100%) rename test-ca/{rsa => rsa-2048}/ca.der (100%) rename test-ca/{rsa => rsa-2048}/ca.key (100%) rename test-ca/{rsa => rsa-2048}/client.cert (100%) rename test-ca/{rsa => rsa-2048}/client.chain (100%) rename test-ca/{rsa => rsa-2048}/client.fullchain (100%) rename test-ca/{rsa => rsa-2048}/client.key (100%) rename test-ca/{rsa => rsa-2048}/client.req (100%) rename test-ca/{rsa => rsa-2048}/client.revoked.crl.pem (100%) rename test-ca/{rsa => rsa-2048}/client.rsa (100%) rename test-ca/{rsa => rsa-2048}/end.cert (100%) rename test-ca/{rsa => rsa-2048}/end.chain (100%) rename test-ca/{rsa => rsa-2048}/end.fullchain (100%) rename test-ca/{rsa => rsa-2048}/end.key (100%) rename test-ca/{rsa => rsa-2048}/end.req (100%) rename test-ca/{rsa => rsa-2048}/end.revoked.crl.pem (100%) rename test-ca/{rsa => rsa-2048}/end.rsa (100%) rename test-ca/{rsa => rsa-2048}/inter.cert (100%) rename test-ca/{rsa => rsa-2048}/inter.key (100%) rename test-ca/{rsa => rsa-2048}/inter.req (100%) rename test-ca/{rsa => rsa-2048}/inter.revoked.crl.pem (100%) diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs index 25ebe41fac..b045e05b4c 100644 --- a/ci-bench/src/main.rs +++ b/ci-bench/src/main.rs @@ -311,13 +311,13 @@ fn all_benchmarks_params() -> Vec { ] { for (key_type, suite_name, version, name) in [ ( - KeyType::Rsa, + KeyType::Rsa2048, CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, &rustls::version::TLS12, "1.2_rsa_aes", ), ( - KeyType::Rsa, + KeyType::Rsa2048, CipherSuite::TLS13_AES_128_GCM_SHA256, &rustls::version::TLS13, "1.3_rsa_aes", @@ -335,7 +335,7 @@ fn all_benchmarks_params() -> Vec { "1.3_ecdsap384_aes", ), ( - KeyType::Rsa, + KeyType::Rsa2048, CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, &rustls::version::TLS13, "1.3_rsa_chacha", diff --git a/ci-bench/src/util.rs b/ci-bench/src/util.rs index 49be6fbd45..cd67878b57 100644 --- a/ci-bench/src/util.rs +++ b/ci-bench/src/util.rs @@ -4,7 +4,7 @@ use rustls::pki_types::{CertificateDer, PrivateKeyDer}; #[derive(PartialEq, Clone, Copy, Debug)] pub enum KeyType { - Rsa, + Rsa2048, EcdsaP256, EcdsaP384, } @@ -12,7 +12,7 @@ pub enum KeyType { impl KeyType { pub(crate) fn path_for(&self, part: &str) -> String { match self { - Self::Rsa => format!("../test-ca/rsa/{}", part), + Self::Rsa2048 => format!("../test-ca/rsa-2048/{}", part), Self::EcdsaP256 => format!("../test-ca/ecdsa-p256/{}", part), Self::EcdsaP384 => format!("../test-ca/ecdsa-p384/{}", part), } diff --git a/openssl-tests/src/ffdhe_kx_with_openssl.rs b/openssl-tests/src/ffdhe_kx_with_openssl.rs index 9d7e19634a..fe3fe5329a 100644 --- a/openssl-tests/src/ffdhe_kx_with_openssl.rs +++ b/openssl-tests/src/ffdhe_kx_with_openssl.rs @@ -225,7 +225,7 @@ fn server_config_with_ffdhe_kx(protocol: &'static SupportedProtocolVersion) -> S .unwrap() } -const CERT_CHAIN_FILE: &str = "../test-ca/rsa/end.fullchain"; -const PRIV_KEY_FILE: &str = "../test-ca/rsa/end.key"; -const CA_FILE: &str = "../test-ca/rsa/ca.der"; -const CA_PEM_FILE: &str = "../test-ca/rsa/ca.cert"; +const CERT_CHAIN_FILE: &str = "../test-ca/rsa-2048/end.fullchain"; +const PRIV_KEY_FILE: &str = "../test-ca/rsa-2048/end.key"; +const CA_FILE: &str = "../test-ca/rsa-2048/ca.der"; +const CA_PEM_FILE: &str = "../test-ca/rsa-2048/ca.cert"; diff --git a/rustls/benches/benchmarks.rs b/rustls/benches/benchmarks.rs index 82582e6d0b..cc8016fc7a 100644 --- a/rustls/benches/benchmarks.rs +++ b/rustls/benches/benchmarks.rs @@ -12,7 +12,7 @@ use rustls::ServerConnection; use test_utils::*; fn bench_ewouldblock(c: &mut Bencher) { - let server_config = make_server_config(KeyType::Rsa); + let server_config = make_server_config(KeyType::Rsa2048); let mut server = ServerConnection::new(Arc::new(server_config)).unwrap(); let mut read_ewouldblock = FailsReads::new(io::ErrorKind::WouldBlock); c.iter(|| server.read_tls(&mut read_ewouldblock)); diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 0246849113..b94932c7a2 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -143,7 +143,7 @@ impl ResumptionParam { // copied from tests/api.rs #[derive(PartialEq, Clone, Copy, Debug)] enum KeyType { - Rsa, + Rsa2048, EcdsaP256, EcdsaP384, Ed25519, @@ -172,7 +172,7 @@ impl BenchmarkParam { static ALL_BENCHMARKS: &[BenchmarkParam] = &[ #[cfg(all(feature = "tls12", not(feature = "fips")))] BenchmarkParam::new( - KeyType::Rsa, + KeyType::Rsa2048, cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, &rustls::version::TLS12, ), @@ -184,13 +184,13 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[ ), #[cfg(feature = "tls12")] BenchmarkParam::new( - KeyType::Rsa, + KeyType::Rsa2048, cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, &rustls::version::TLS12, ), #[cfg(feature = "tls12")] BenchmarkParam::new( - KeyType::Rsa, + KeyType::Rsa2048, cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, &rustls::version::TLS12, ), @@ -208,17 +208,17 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[ ), #[cfg(not(feature = "fips"))] BenchmarkParam::new( - KeyType::Rsa, + KeyType::Rsa2048, cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, &rustls::version::TLS13, ), BenchmarkParam::new( - KeyType::Rsa, + KeyType::Rsa2048, cipher_suite::TLS13_AES_256_GCM_SHA384, &rustls::version::TLS13, ), BenchmarkParam::new( - KeyType::Rsa, + KeyType::Rsa2048, cipher_suite::TLS13_AES_128_GCM_SHA256, &rustls::version::TLS13, ), @@ -237,7 +237,7 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[ impl KeyType { fn path_for(&self, part: &str) -> String { match self { - Self::Rsa => format!("test-ca/rsa/{}", part), + Self::Rsa2048 => format!("test-ca/rsa-2048/{}", part), Self::EcdsaP256 => format!("test-ca/ecdsa-p256/{}", part), Self::EcdsaP384 => format!("test-ca/ecdsa-p384/{}", part), Self::Ed25519 => format!("test-ca/eddsa/{}", part), diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index a06b2ef53e..90ec814afb 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -432,7 +432,7 @@ test_for_each_provider! { fn test_crls() -> Vec> { load_crls(&[ include_bytes!("../../../test-ca/ecdsa-p256/client.revoked.crl.pem").as_slice(), - include_bytes!("../../../test-ca/rsa/client.revoked.crl.pem").as_slice(), + include_bytes!("../../../test-ca/rsa-2048/client.revoked.crl.pem").as_slice(), ]) } @@ -449,7 +449,7 @@ test_for_each_provider! { fn test_roots() -> Arc { load_roots(&[ include_bytes!("../../../test-ca/ecdsa-p256/ca.der").as_slice(), - include_bytes!("../../../test-ca/rsa/ca.der").as_slice(), + include_bytes!("../../../test-ca/rsa-2048/ca.der").as_slice(), ]) } diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 4866f6a6f4..f04ce96a68 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -305,7 +305,7 @@ test_for_each_provider! { fn test_crls() -> Vec> { load_crls(&[ include_bytes!("../../../test-ca/ecdsa-p256/client.revoked.crl.pem").as_slice(), - include_bytes!("../../../test-ca/rsa/client.revoked.crl.pem").as_slice(), + include_bytes!("../../../test-ca/rsa-2048/client.revoked.crl.pem").as_slice(), ]) } @@ -322,7 +322,7 @@ test_for_each_provider! { fn test_roots() -> Arc { load_roots(&[ include_bytes!("../../../test-ca/ecdsa-p256/ca.der").as_slice(), - include_bytes!("../../../test-ca/rsa/ca.der").as_slice(), + include_bytes!("../../../test-ca/rsa-2048/ca.der").as_slice(), ]) } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index dae739b390..c6d8e72ab2 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -55,13 +55,13 @@ fn alpn_test_error( agreed: Option<&[u8]>, expected_error: Option, ) { - let mut server_config = make_server_config(KeyType::Rsa); + let mut server_config = make_server_config(KeyType::Rsa2048); server_config.alpn_protocols = server_protos; let server_config = Arc::new(server_config); for version in rustls::ALL_VERSIONS { - let mut client_config = make_client_config_with_versions(KeyType::Rsa, &[version]); + let mut client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]); client_config .alpn_protocols .clone_from(&client_protos); @@ -133,8 +133,8 @@ fn version_test( server_versions }; - let client_config = make_client_config_with_versions(KeyType::Rsa, client_versions); - let server_config = make_server_config_with_versions(KeyType::Rsa, server_versions); + let client_config = make_client_config_with_versions(KeyType::Rsa2048, client_versions); + let server_config = make_server_config_with_versions(KeyType::Rsa2048, server_versions); println!( "version {:?} {:?} -> {:?}", @@ -357,10 +357,10 @@ fn config_builder_for_server_with_time() { #[test] fn buffered_client_data_sent() { - let server_config = Arc::new(make_server_config(KeyType::Rsa)); + let server_config = Arc::new(make_server_config(KeyType::Rsa2048)); for version in rustls::ALL_VERSIONS { - let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]); + let client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]); let (mut client, mut server) = make_pair_for_arc_configs(&Arc::new(client_config), &server_config); @@ -376,10 +376,10 @@ fn buffered_client_data_sent() { #[test] fn buffered_server_data_sent() { - let server_config = Arc::new(make_server_config(KeyType::Rsa)); + let server_config = Arc::new(make_server_config(KeyType::Rsa2048)); for version in rustls::ALL_VERSIONS { - let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]); + let client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]); let (mut client, mut server) = make_pair_for_arc_configs(&Arc::new(client_config), &server_config); @@ -395,10 +395,10 @@ fn buffered_server_data_sent() { #[test] fn buffered_both_data_sent() { - let server_config = Arc::new(make_server_config(KeyType::Rsa)); + let server_config = Arc::new(make_server_config(KeyType::Rsa2048)); for version in rustls::ALL_VERSIONS { - let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]); + let client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]); let (mut client, mut server) = make_pair_for_arc_configs(&Arc::new(client_config), &server_config); @@ -551,7 +551,7 @@ fn test_config_builders_debug() { /// certificate and not being given one. #[test] fn server_allow_any_anonymous_or_authenticated_client() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; for client_cert_chain in [None, Some(kt.get_client_chain())] { let client_auth_roots = get_client_root_store(kt); let client_auth = webpki_client_verifier_builder(client_auth_roots.clone()) @@ -588,7 +588,7 @@ fn check_read_and_close(reader: &mut dyn io::Read, expect: &[u8]) { #[test] fn server_close_notify() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let server_config = Arc::new(make_server_config_with_mandatory_client_auth(kt)); for version in rustls::ALL_VERSIONS { @@ -627,7 +627,7 @@ fn server_close_notify() { #[test] fn client_close_notify() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let server_config = Arc::new(make_server_config_with_mandatory_client_auth(kt)); for version in rustls::ALL_VERSIONS { @@ -666,7 +666,7 @@ fn client_close_notify() { #[test] fn server_closes_uncleanly() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let server_config = Arc::new(make_server_config(kt)); for version in rustls::ALL_VERSIONS { @@ -711,7 +711,7 @@ fn server_closes_uncleanly() { #[test] fn client_closes_uncleanly() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let server_config = Arc::new(make_server_config(kt)); for version in rustls::ALL_VERSIONS { @@ -756,7 +756,7 @@ fn client_closes_uncleanly() { #[test] fn test_tls13_valid_early_plaintext_alert() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); // Perform the start of a TLS 1.3 handshake, sending a client hello to the server. // The client will not have written a CCS or any encrypted messages to the server yet. @@ -785,7 +785,7 @@ fn test_tls13_valid_early_plaintext_alert() { #[test] fn test_tls13_too_short_early_plaintext_alert() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); // Perform the start of a TLS 1.3 handshake, sending a client hello to the server. // The client will not have written a CCS or any encrypted messages to the server yet. @@ -808,7 +808,7 @@ fn test_tls13_too_short_early_plaintext_alert() { #[test] fn test_tls13_late_plaintext_alert() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); // Complete a bi-directional TLS1.3 handshake. After this point no plaintext messages // should occur. @@ -1085,7 +1085,7 @@ fn check_sigalgs_reduced_by_ciphersuite( #[test] fn server_cert_resolve_reduces_sigalgs_for_rsa_ciphersuite() { check_sigalgs_reduced_by_ciphersuite( - KeyType::Rsa, + KeyType::Rsa2048, CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, vec![ SignatureScheme::RSA_PSS_SHA512, @@ -1365,8 +1365,8 @@ fn client_check_server_certificate_helper_api() { let chain = kt.get_chain(); let correct_roots = get_client_root_store(*kt); let incorrect_roots = get_client_root_store(match kt { - KeyType::Rsa => KeyType::EcdsaP256, - _ => KeyType::Rsa, + KeyType::Rsa2048 => KeyType::EcdsaP256, + _ => KeyType::Rsa2048, }); // Using the correct trust anchors, we should verify without error. assert!(verify_server_cert_signed_by_trust_anchor( @@ -1713,7 +1713,7 @@ fn client_optional_auth_client_revocation_works() { #[test] fn client_error_is_sticky() { - let (mut client, _) = make_pair(KeyType::Rsa); + let (mut client, _) = make_pair(KeyType::Rsa2048); client .read_tls(&mut b"\x16\x03\x03\x00\x08\x0f\x00\x00\x04junk".as_ref()) .unwrap(); @@ -1725,7 +1725,7 @@ fn client_error_is_sticky() { #[test] fn server_error_is_sticky() { - let (_, mut server) = make_pair(KeyType::Rsa); + let (_, mut server) = make_pair(KeyType::Rsa2048); server .read_tls(&mut b"\x16\x03\x03\x00\x08\x0f\x00\x00\x04junk".as_ref()) .unwrap(); @@ -1737,20 +1737,20 @@ fn server_error_is_sticky() { #[test] fn server_flush_does_nothing() { - let (_, mut server) = make_pair(KeyType::Rsa); + let (_, mut server) = make_pair(KeyType::Rsa2048); assert!(matches!(server.writer().flush(), Ok(()))); } #[test] fn client_flush_does_nothing() { - let (mut client, _) = make_pair(KeyType::Rsa); + let (mut client, _) = make_pair(KeyType::Rsa2048); assert!(matches!(client.writer().flush(), Ok(()))); } #[allow(clippy::no_effect)] #[test] fn server_is_send_and_sync() { - let (_, server) = make_pair(KeyType::Rsa); + let (_, server) = make_pair(KeyType::Rsa2048); &server as &dyn Send; &server as &dyn Sync; } @@ -1758,14 +1758,14 @@ fn server_is_send_and_sync() { #[allow(clippy::no_effect)] #[test] fn client_is_send_and_sync() { - let (client, _) = make_pair(KeyType::Rsa); + let (client, _) = make_pair(KeyType::Rsa2048); &client as &dyn Send; &client as &dyn Sync; } #[test] fn server_respects_buffer_limit_pre_handshake() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); server.set_buffer_limit(Some(32)); @@ -1793,7 +1793,7 @@ fn server_respects_buffer_limit_pre_handshake() { #[test] fn server_respects_buffer_limit_pre_handshake_with_vectored_write() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); server.set_buffer_limit(Some(32)); @@ -1817,7 +1817,7 @@ fn server_respects_buffer_limit_pre_handshake_with_vectored_write() { #[test] fn server_respects_buffer_limit_post_handshake() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); // this test will vary in behaviour depending on the default suites do_handshake(&mut client, &mut server); @@ -1846,7 +1846,7 @@ fn server_respects_buffer_limit_post_handshake() { #[test] fn client_respects_buffer_limit_pre_handshake() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); client.set_buffer_limit(Some(32)); @@ -1874,7 +1874,7 @@ fn client_respects_buffer_limit_pre_handshake() { #[test] fn client_respects_buffer_limit_pre_handshake_with_vectored_write() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); client.set_buffer_limit(Some(32)); @@ -1898,7 +1898,7 @@ fn client_respects_buffer_limit_pre_handshake_with_vectored_write() { #[test] fn client_respects_buffer_limit_post_handshake() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); do_handshake(&mut client, &mut server); client.set_buffer_limit(Some(48)); @@ -2049,21 +2049,21 @@ where #[test] fn server_read_returns_wouldblock_when_no_data() { - let (_, mut server) = make_pair(KeyType::Rsa); + let (_, mut server) = make_pair(KeyType::Rsa2048); assert!(matches!(server.reader().read(&mut [0u8; 1]), Err(err) if err.kind() == io::ErrorKind::WouldBlock)); } #[test] fn client_read_returns_wouldblock_when_no_data() { - let (mut client, _) = make_pair(KeyType::Rsa); + let (mut client, _) = make_pair(KeyType::Rsa2048); assert!(matches!(client.reader().read(&mut [0u8; 1]), Err(err) if err.kind() == io::ErrorKind::WouldBlock)); } #[test] fn new_server_returns_initial_io_state() { - let (_, mut server) = make_pair(KeyType::Rsa); + let (_, mut server) = make_pair(KeyType::Rsa2048); let io_state = server.process_new_packets().unwrap(); println!("IoState is Debug {:?}", io_state); assert_eq!(io_state.plaintext_bytes_to_read(), 0); @@ -2073,7 +2073,7 @@ fn new_server_returns_initial_io_state() { #[test] fn new_client_returns_initial_io_state() { - let (mut client, _) = make_pair(KeyType::Rsa); + let (mut client, _) = make_pair(KeyType::Rsa2048); let io_state = client.process_new_packets().unwrap(); println!("IoState is Debug {:?}", io_state); assert_eq!(io_state.plaintext_bytes_to_read(), 0); @@ -2083,7 +2083,7 @@ fn new_client_returns_initial_io_state() { #[test] fn client_complete_io_for_handshake() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); assert!(client.is_handshaking()); let (rdlen, wrlen) = client @@ -2096,7 +2096,7 @@ fn client_complete_io_for_handshake() { #[test] fn buffered_client_complete_io_for_handshake() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); assert!(client.is_handshaking()); let (rdlen, wrlen) = client @@ -2109,7 +2109,7 @@ fn buffered_client_complete_io_for_handshake() { #[test] fn client_complete_io_for_handshake_eof() { - let (mut client, _) = make_pair(KeyType::Rsa); + let (mut client, _) = make_pair(KeyType::Rsa2048); let mut input = io::Cursor::new(Vec::new()); assert!(client.is_handshaking()); @@ -2215,7 +2215,7 @@ fn server_complete_io_for_handshake() { #[test] fn server_complete_io_for_handshake_eof() { - let (_, mut server) = make_pair(KeyType::Rsa); + let (_, mut server) = make_pair(KeyType::Rsa2048); let mut input = io::Cursor::new(Vec::new()); assert!(server.is_handshaking()); @@ -2409,7 +2409,7 @@ fn test_server_stream_read(stream_kind: StreamKind, read_kind: ReadKind) { #[test] fn test_client_write_and_vectored_write_equivalence() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); do_handshake(&mut client, &mut server); const N: usize = 1000; @@ -2464,7 +2464,7 @@ impl io::Write for FailsWrites { #[test] fn stream_write_reports_underlying_io_error_before_plaintext_processed() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); do_handshake(&mut client, &mut server); let mut pipe = FailsWrites { @@ -2484,7 +2484,7 @@ fn stream_write_reports_underlying_io_error_before_plaintext_processed() { #[test] fn stream_write_swallows_underlying_io_error_after_plaintext_processed() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); do_handshake(&mut client, &mut server); let mut pipe = FailsWrites { @@ -2501,7 +2501,7 @@ fn stream_write_swallows_underlying_io_error_after_plaintext_processed() { } fn make_disjoint_suite_configs() -> (ClientConfig, ServerConfig) { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let client_provider = CryptoProvider { cipher_suites: vec![cipher_suite::TLS13_CHACHA20_POLY1305_SHA256], ..provider::default_provider() @@ -2619,23 +2619,23 @@ fn server_streamowned_handshake_error() { #[test] fn server_config_is_clone() { - let _ = make_server_config(KeyType::Rsa); + let _ = make_server_config(KeyType::Rsa2048); } #[test] fn client_config_is_clone() { - let _ = make_client_config(KeyType::Rsa); + let _ = make_client_config(KeyType::Rsa2048); } #[test] fn client_connection_is_debug() { - let (client, _) = make_pair(KeyType::Rsa); + let (client, _) = make_pair(KeyType::Rsa2048); println!("{:?}", client); } #[test] fn server_connection_is_debug() { - let (_, server) = make_pair(KeyType::Rsa); + let (_, server) = make_pair(KeyType::Rsa2048); println!("{:?}", server); } @@ -2659,7 +2659,7 @@ fn server_complete_io_for_handshake_ending_with_alert() { #[test] fn server_exposes_offered_sni() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; for version in rustls::ALL_VERSIONS { let client_config = make_client_config_with_versions(kt, &[version]); let mut client = ClientConnection::new( @@ -2678,7 +2678,7 @@ fn server_exposes_offered_sni() { #[test] fn server_exposes_offered_sni_smashed_to_lowercase() { // webpki actually does this for us in its DnsName type - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; for version in rustls::ALL_VERSIONS { let client_config = make_client_config_with_versions(kt, &[version]); let mut client = ClientConnection::new( @@ -2696,7 +2696,7 @@ fn server_exposes_offered_sni_smashed_to_lowercase() { #[test] fn server_exposes_offered_sni_even_if_resolver_fails() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let resolver = rustls::server::ResolvesServerCertUsingSni::new(); let mut server_config = make_server_config(kt); @@ -2724,7 +2724,7 @@ fn server_exposes_offered_sni_even_if_resolver_fails() { #[test] fn sni_resolver_works() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let mut resolver = rustls::server::ResolvesServerCertUsingSni::new(); let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap(); let signing_key: Arc = Arc::new(signing_key); @@ -2762,7 +2762,7 @@ fn sni_resolver_works() { #[test] fn sni_resolver_rejects_wrong_names() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let mut resolver = rustls::server::ResolvesServerCertUsingSni::new(); let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap(); let signing_key: Arc = Arc::new(signing_key); @@ -2792,7 +2792,7 @@ fn sni_resolver_rejects_wrong_names() { #[test] fn sni_resolver_lower_cases_configured_names() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let mut resolver = rustls::server::ResolvesServerCertUsingSni::new(); let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap(); let signing_key: Arc = Arc::new(signing_key); @@ -2819,7 +2819,7 @@ fn sni_resolver_lower_cases_configured_names() { #[test] fn sni_resolver_lower_cases_queried_names() { // actually, the handshake parser does this, but the effect is the same. - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let mut resolver = rustls::server::ResolvesServerCertUsingSni::new(); let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap(); let signing_key: Arc = Arc::new(signing_key); @@ -2845,7 +2845,7 @@ fn sni_resolver_lower_cases_queried_names() { #[test] fn sni_resolver_rejects_bad_certs() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let mut resolver = rustls::server::ResolvesServerCertUsingSni::new(); let signing_key = RsaSigningKey::new(&kt.get_key()).unwrap(); let signing_key: Arc = Arc::new(signing_key); @@ -3010,12 +3010,12 @@ fn test_ciphersuites() -> Vec<( let mut v = vec![ ( &rustls::version::TLS13, - KeyType::Rsa, + KeyType::Rsa2048, CipherSuite::TLS13_AES_256_GCM_SHA384, ), ( &rustls::version::TLS13, - KeyType::Rsa, + KeyType::Rsa2048, CipherSuite::TLS13_AES_128_GCM_SHA256, ), #[cfg(feature = "tls12")] @@ -3033,13 +3033,13 @@ fn test_ciphersuites() -> Vec<( #[cfg(feature = "tls12")] ( &rustls::version::TLS12, - KeyType::Rsa, + KeyType::Rsa2048, CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, ), #[cfg(feature = "tls12")] ( &rustls::version::TLS12, - KeyType::Rsa, + KeyType::Rsa2048, CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, ), ]; @@ -3048,7 +3048,7 @@ fn test_ciphersuites() -> Vec<( v.extend_from_slice(&[ ( &rustls::version::TLS13, - KeyType::Rsa, + KeyType::Rsa2048, CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, ), #[cfg(feature = "tls12")] @@ -3060,7 +3060,7 @@ fn test_ciphersuites() -> Vec<( #[cfg(feature = "tls12")] ( &rustls::version::TLS12, - KeyType::Rsa, + KeyType::Rsa2048, CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ), ]); @@ -3217,7 +3217,7 @@ fn key_log_for_tls12() { let client_key_log = Arc::new(KeyLogToVec::new("client")); let server_key_log = Arc::new(KeyLogToVec::new("server")); - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let mut client_config = make_client_config_with_versions(kt, &[&rustls::version::TLS12]); client_config.key_log = client_key_log.clone(); let client_config = Arc::new(client_config); @@ -3253,7 +3253,7 @@ fn key_log_for_tls13() { let client_key_log = Arc::new(KeyLogToVec::new("client")); let server_key_log = Arc::new(KeyLogToVec::new("server")); - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let mut client_config = make_client_config_with_versions(kt, &[&rustls::version::TLS13]); client_config.key_log = client_key_log.clone(); let client_config = Arc::new(client_config); @@ -3325,7 +3325,7 @@ fn key_log_for_tls13() { #[test] fn vectored_write_for_server_appdata() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); do_handshake(&mut client, &mut server); server @@ -3350,7 +3350,7 @@ fn vectored_write_for_server_appdata() { #[test] fn vectored_write_for_client_appdata() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); do_handshake(&mut client, &mut server); client @@ -3375,10 +3375,10 @@ fn vectored_write_for_client_appdata() { #[test] fn vectored_write_for_server_handshake_with_half_rtt_data() { - let mut server_config = make_server_config(KeyType::Rsa); + let mut server_config = make_server_config(KeyType::Rsa2048); server_config.send_half_rtt_data = true; let (mut client, mut server) = - make_pair_for_configs(make_client_config_with_auth(KeyType::Rsa), server_config); + make_pair_for_configs(make_client_config_with_auth(KeyType::Rsa2048), server_config); server .writer() @@ -3418,7 +3418,7 @@ fn vectored_write_for_server_handshake_with_half_rtt_data() { fn check_half_rtt_does_not_work(server_config: ServerConfig) { let (mut client, mut server) = - make_pair_for_configs(make_client_config_with_auth(KeyType::Rsa), server_config); + make_pair_for_configs(make_client_config_with_auth(KeyType::Rsa2048), server_config); server .writer() @@ -3462,21 +3462,21 @@ fn check_half_rtt_does_not_work(server_config: ServerConfig) { #[test] fn vectored_write_for_server_handshake_no_half_rtt_with_client_auth() { - let mut server_config = make_server_config_with_mandatory_client_auth(KeyType::Rsa); + let mut server_config = make_server_config_with_mandatory_client_auth(KeyType::Rsa2048); server_config.send_half_rtt_data = true; // ask even though it will be ignored check_half_rtt_does_not_work(server_config); } #[test] fn vectored_write_for_server_handshake_no_half_rtt_by_default() { - let server_config = make_server_config(KeyType::Rsa); + let server_config = make_server_config(KeyType::Rsa2048); assert!(!server_config.send_half_rtt_data); check_half_rtt_does_not_work(server_config); } #[test] fn vectored_write_for_client_handshake() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); client .writer() @@ -3513,7 +3513,7 @@ fn vectored_write_for_client_handshake() { #[test] fn vectored_write_with_slow_client() { - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); client.set_buffer_limit(Some(32)); @@ -3734,7 +3734,7 @@ impl rustls::client::ClientSessionStore for ClientStorage { #[test] fn tls13_stateful_resumption() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let client_config = make_client_config_with_versions(kt, &[&rustls::version::TLS13]); let client_config = Arc::new(client_config); @@ -3789,7 +3789,7 @@ fn tls13_stateful_resumption() { #[test] fn tls13_stateless_resumption() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let client_config = make_client_config_with_versions(kt, &[&rustls::version::TLS13]); let client_config = Arc::new(client_config); @@ -3845,12 +3845,12 @@ fn tls13_stateless_resumption() { #[test] fn early_data_not_available() { - let (mut client, _) = make_pair(KeyType::Rsa); + let (mut client, _) = make_pair(KeyType::Rsa2048); assert!(client.early_data().is_none()); } fn early_data_configs() -> (Arc, Arc) { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let mut client_config = make_client_config(kt); client_config.enable_early_data = true; client_config.resumption = Resumption::store(Arc::new(ClientStorage::new())); @@ -3905,7 +3905,7 @@ fn early_data_is_available_on_resumption() { #[test] fn early_data_not_available_on_server_before_client_hello() { - let mut server = ServerConnection::new(Arc::new(make_server_config(KeyType::Rsa))).unwrap(); + let mut server = ServerConnection::new(Arc::new(make_server_config(KeyType::Rsa2048))).unwrap(); assert!(server.early_data().is_none()); } @@ -4004,7 +4004,7 @@ mod test_quic { && equal_packet_keys(x.remote.packet.as_ref(), y.local.packet.as_ref()) } - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let mut client_config = make_client_config_with_versions(kt, &[&rustls::version::TLS13]); client_config.enable_early_data = true; let client_config = Arc::new(client_config); @@ -4627,7 +4627,7 @@ mod test_quic { fn test_fragmented_append() { // Create a QUIC client connection. let client_config = - make_client_config_with_versions(KeyType::Rsa, &[&rustls::version::TLS13]); + make_client_config_with_versions(KeyType::Rsa2048, &[&rustls::version::TLS13]); let client_config = Arc::new(client_config); let mut client = quic::ClientConnection::new( Arc::clone(&client_config), @@ -4702,8 +4702,8 @@ fn test_client_does_not_offer_sha1() { #[test] fn test_client_config_keyshare() { let kx_groups = vec![provider::kx_group::SECP384R1]; - let client_config = make_client_config_with_kx_groups(KeyType::Rsa, kx_groups.clone()); - let server_config = make_server_config_with_kx_groups(KeyType::Rsa, kx_groups); + let client_config = make_client_config_with_kx_groups(KeyType::Rsa2048, kx_groups.clone()); + let server_config = make_server_config_with_kx_groups(KeyType::Rsa2048, kx_groups); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); do_handshake_until_error(&mut client, &mut server).unwrap(); } @@ -4711,9 +4711,9 @@ fn test_client_config_keyshare() { #[test] fn test_client_config_keyshare_mismatch() { let client_config = - make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::SECP384R1]); + make_client_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::SECP384R1]); let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::X25519]); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); assert!(do_handshake_until_error(&mut client, &mut server).is_err()); } @@ -4723,7 +4723,7 @@ fn test_client_config_keyshare_mismatch() { fn test_client_sends_helloretryrequest() { // client sends a secp384r1 key share let mut client_config = make_client_config_with_kx_groups( - KeyType::Rsa, + KeyType::Rsa2048, vec![provider::kx_group::SECP384R1, provider::kx_group::X25519], ); @@ -4732,7 +4732,7 @@ fn test_client_sends_helloretryrequest() { // but server only accepts x25519, so a HRR is required let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::X25519]); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); @@ -4861,12 +4861,12 @@ fn test_client_rejects_hrr_with_varied_session_id() { // client prefers a secp384r1 key share, server only accepts x25519 let client_config = make_client_config_with_kx_groups( - KeyType::Rsa, + KeyType::Rsa2048, vec![provider::kx_group::SECP384R1, provider::kx_group::X25519], ); let server_config = - make_server_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]); + make_server_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::X25519]); let (client, server) = make_pair_for_configs(client_config, server_config); let (mut client, mut server) = (client.into(), server.into()); @@ -4898,16 +4898,16 @@ fn test_client_attempts_to_use_unsupported_kx_group() { // first, client sends a x25519 and server agrees. x25519 is inserted // into kx group cache. let mut client_config_1 = - make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]); + make_client_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::X25519]); client_config_1.resumption = Resumption::store(shared_storage.clone()); // second, client only supports secp-384 and so kx group cache // contains an unusable value. let mut client_config_2 = - make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::SECP384R1]); + make_client_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::SECP384R1]); client_config_2.resumption = Resumption::store(shared_storage.clone()); - let server_config = make_server_config(KeyType::Rsa); + let server_config = make_server_config(KeyType::Rsa2048); // first handshake let (mut client_1, mut server) = make_pair_for_configs(client_config_1, server_config.clone()); @@ -4951,18 +4951,18 @@ fn test_client_sends_share_for_less_preferred_group() { // first, client sends a secp384r1 share and server agrees. secp384r1 is inserted // into kx group cache. let mut client_config_1 = - make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::SECP384R1]); + make_client_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::SECP384R1]); client_config_1.resumption = Resumption::store(shared_storage.clone()); // second, client supports (x25519, secp384r1) and so kx group cache // contains a supported but less-preferred group. let mut client_config_2 = make_client_config_with_kx_groups( - KeyType::Rsa, + KeyType::Rsa2048, vec![provider::kx_group::X25519, provider::kx_group::SECP384R1], ); client_config_2.resumption = Resumption::store(shared_storage.clone()); - let server_config = make_server_config(KeyType::Rsa); + let server_config = make_server_config(KeyType::Rsa2048); // first handshake let (mut client_1, mut server) = make_pair_for_configs(client_config_1, server_config.clone()); @@ -5030,11 +5030,11 @@ fn test_client_sends_share_for_less_preferred_group() { fn test_tls13_client_resumption_does_not_reuse_tickets() { let shared_storage = Arc::new(ClientStorage::new()); - let mut client_config = make_client_config(KeyType::Rsa); + let mut client_config = make_client_config(KeyType::Rsa2048); client_config.resumption = Resumption::store(shared_storage.clone()); let client_config = Arc::new(client_config); - let mut server_config = make_server_config(KeyType::Rsa); + let mut server_config = make_server_config(KeyType::Rsa2048); server_config.send_tls13_tickets = 5; let server_config = Arc::new(server_config); @@ -5126,11 +5126,11 @@ fn test_client_mtu_reduction() { #[test] fn test_server_mtu_reduction() { - let mut server_config = make_server_config(KeyType::Rsa); + let mut server_config = make_server_config(KeyType::Rsa2048); server_config.max_fragment_size = Some(64); server_config.send_half_rtt_data = true; let (mut client, mut server) = - make_pair_for_configs(make_client_config(KeyType::Rsa), server_config); + make_pair_for_configs(make_client_config(KeyType::Rsa2048), server_config); let big_data = [0u8; 2048]; server @@ -5253,7 +5253,7 @@ fn test_server_rejects_duplicate_sni_names() { ) } - let (client, server) = make_pair(KeyType::Rsa); + let (client, server) = make_pair(KeyType::Rsa2048); let (mut client, mut server) = (client.into(), server.into()); transfer_altered(&mut client, duplicate_sni_payload, &mut server); assert_eq!( @@ -5274,7 +5274,7 @@ fn test_server_rejects_empty_sni_extension() { ) } - let (client, server) = make_pair(KeyType::Rsa); + let (client, server) = make_pair(KeyType::Rsa2048); let (mut client, mut server) = (client.into(), server.into()); transfer_altered(&mut client, empty_sni_payload, &mut server); assert_eq!( @@ -5305,7 +5305,7 @@ fn test_server_rejects_clients_without_any_kx_groups() { Altered::InPlace } - let (client, server) = make_pair(KeyType::Rsa); + let (client, server) = make_pair(KeyType::Rsa2048); let (mut client, mut server) = (client.into(), server.into()); transfer_altered(&mut client, delete_kx_groups, &mut server); assert_eq!( @@ -5320,9 +5320,9 @@ fn test_server_rejects_clients_without_any_kx_groups() { fn test_server_rejects_clients_without_any_kx_group_overlap() { for version in rustls::ALL_VERSIONS { let (mut client, mut server) = make_pair_for_configs( - make_client_config_with_kx_groups(KeyType::Rsa, vec![provider::kx_group::X25519]), + make_client_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::X25519]), finish_server_config( - KeyType::Rsa, + KeyType::Rsa2048, ServerConfig::builder_with_provider( CryptoProvider { kx_groups: vec![provider::kx_group::SECP384R1], @@ -5359,7 +5359,7 @@ fn test_client_rejects_illegal_tls13_ccs() { Altered::InPlace } - let (mut client, mut server) = make_pair(KeyType::Rsa); + let (mut client, mut server) = make_pair(KeyType::Rsa2048); transfer(&mut client, &mut server); server.process_new_packets().unwrap(); @@ -5377,7 +5377,7 @@ fn test_client_rejects_illegal_tls13_ccs() { #[cfg(feature = "tls12")] #[test] fn test_client_rejects_no_extended_master_secret_extension_when_require_ems_or_fips() { - let key_type = KeyType::Rsa; + let key_type = KeyType::Rsa2048; let mut client_config = make_client_config(key_type); if provider_is_fips() { assert!(client_config.require_ems); @@ -5405,7 +5405,7 @@ fn test_client_rejects_no_extended_master_secret_extension_when_require_ems_or_f #[cfg(feature = "tls12")] #[test] fn test_server_rejects_no_extended_master_secret_extension_when_require_ems_or_fips() { - let key_type = KeyType::Rsa; + let key_type = KeyType::Rsa2048; let client_config = make_client_config(key_type); let mut server_config = finish_server_config( key_type, @@ -5718,7 +5718,7 @@ fn test_secret_extraction_enabled() { // and secrets are stored/extracted differently, so we want to test them both. // We support 3 different AEAD algorithms (AES-128-GCM mode, AES-256-GCM, and // Chacha20Poly1305), so that's 2*3 = 6 combinations to test. - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; for suite in [ cipher_suite::TLS13_AES_128_GCM_SHA256, cipher_suite::TLS13_AES_256_GCM_SHA384, @@ -5795,7 +5795,7 @@ fn test_secret_extraction_enabled() { #[test] fn test_secret_extract_produces_correct_variant() { fn check(suite: SupportedCipherSuite, f: impl Fn(ConnectionTrafficSecrets) -> bool) { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let provider: Arc = CryptoProvider { cipher_suites: vec![suite], @@ -5866,7 +5866,7 @@ fn test_secret_extract_produces_correct_variant() { #[cfg(feature = "tls12")] #[test] fn test_secret_extraction_disabled_or_too_early() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let provider = Arc::new(CryptoProvider { cipher_suites: vec![cipher_suite::TLS13_AES_128_GCM_SHA256], ..provider::default_provider() @@ -5923,7 +5923,7 @@ fn test_secret_extraction_disabled_or_too_early() { #[test] fn test_received_plaintext_backpressure() { - let kt = KeyType::Rsa; + let kt = KeyType::Rsa2048; let server_config = Arc::new( ServerConfig::builder_with_provider( @@ -6019,7 +6019,7 @@ fn test_debug_server_name_from_string() { #[test] fn test_explicit_provider_selection() { let client_config = finish_client_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ClientConfig::builder_with_provider( rustls::crypto::ring::default_provider().into(), ) @@ -6027,7 +6027,7 @@ fn test_explicit_provider_selection() { .unwrap(), ); let server_config = finish_server_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ServerConfig::builder_with_provider( rustls::crypto::aws_lc_rs::default_provider().into(), ) @@ -6073,7 +6073,7 @@ fn test_client_construction_fails_if_random_source_fails_in_first_request() { }; let client_config = finish_client_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ClientConfig::builder_with_provider( CryptoProvider { secure_random: &FAULTY_RANDOM, @@ -6098,7 +6098,7 @@ fn test_client_construction_fails_if_random_source_fails_in_second_request() { }; let client_config = finish_client_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ClientConfig::builder_with_provider( CryptoProvider { secure_random: &FAULTY_RANDOM, @@ -6126,7 +6126,7 @@ fn test_client_construction_requires_66_bytes_of_random_material() { }; let client_config = finish_client_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ClientConfig::builder_with_provider( CryptoProvider { secure_random: &FAULTY_RANDOM, @@ -6163,11 +6163,11 @@ fn test_client_removes_tls12_session_if_server_sends_undecryptable_first_message } let mut client_config = - make_client_config_with_versions(KeyType::Rsa, &[&rustls::version::TLS12]); + make_client_config_with_versions(KeyType::Rsa2048, &[&rustls::version::TLS12]); let storage = Arc::new(ClientStorage::new()); client_config.resumption = Resumption::store(storage.clone()); let client_config = Arc::new(client_config); - let server_config = Arc::new(make_server_config(KeyType::Rsa)); + let server_config = Arc::new(make_server_config(KeyType::Rsa2048)); // successful handshake to allow resumption let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); @@ -6202,12 +6202,12 @@ fn test_client_removes_tls12_session_if_server_sends_undecryptable_first_message #[test] fn test_client_fips_service_indicator() { - assert_eq!(make_client_config(KeyType::Rsa).fips(), provider_is_fips()); + assert_eq!(make_client_config(KeyType::Rsa2048).fips(), provider_is_fips()); } #[test] fn test_server_fips_service_indicator() { - assert_eq!(make_server_config(KeyType::Rsa).fips(), provider_is_fips()); + assert_eq!(make_server_config(KeyType::Rsa2048).fips(), provider_is_fips()); } #[test] @@ -6216,7 +6216,7 @@ fn test_client_fips_service_indicator_includes_require_ems() { return; } - let mut client_config = make_client_config(KeyType::Rsa); + let mut client_config = make_client_config(KeyType::Rsa2048); assert!(client_config.fips()); client_config.require_ems = false; assert!(!client_config.fips()); @@ -6228,7 +6228,7 @@ fn test_server_fips_service_indicator_includes_require_ems() { return; } - let mut server_config = make_server_config(KeyType::Rsa); + let mut server_config = make_server_config(KeyType::Rsa2048); assert!(server_config.fips()); server_config.require_ems = false; assert!(!server_config.fips()); diff --git a/rustls/tests/api_ffdhe.rs b/rustls/tests/api_ffdhe.rs index 05ee194912..d10d6a7cae 100644 --- a/rustls/tests/api_ffdhe.rs +++ b/rustls/tests/api_ffdhe.rs @@ -53,13 +53,13 @@ fn ffdhe_ciphersuite() { for (expected_protocol, expected_cipher_suite) in test_cases { let client_config = finish_client_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ClientConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) .with_protocol_versions(&[expected_protocol]) .unwrap(), ); let server_config = finish_server_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ServerConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) .with_safe_default_protocol_versions() .unwrap(), @@ -90,13 +90,13 @@ fn server_picks_ffdhe_group_when_clienthello_has_no_ffdhe_group_in_groups_ext() } let client_config = finish_client_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ClientConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) .with_protocol_versions(&[&rustls::version::TLS12]) .unwrap(), ); let server_config = finish_server_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ServerConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) .with_protocol_versions(&[&rustls::version::TLS12]) .unwrap(), @@ -122,13 +122,13 @@ fn server_picks_ffdhe_group_when_clienthello_has_no_groups_ext() { } let client_config = finish_client_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ClientConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) .with_protocol_versions(&[&rustls::version::TLS12]) .unwrap(), ); let server_config = finish_server_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ServerConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) .with_safe_default_protocol_versions() .unwrap(), @@ -145,7 +145,7 @@ fn server_avoids_dhe_cipher_suites_when_client_has_no_known_dhe_in_groups_ext() use rustls::{CipherSuite, NamedGroup}; let client_config = finish_client_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ClientConfig::builder_with_provider( CryptoProvider { cipher_suites: vec![ @@ -165,7 +165,7 @@ fn server_avoids_dhe_cipher_suites_when_client_has_no_known_dhe_in_groups_ext() ); let server_config = finish_server_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ServerConfig::builder_with_provider( CryptoProvider { cipher_suites: vec![ @@ -207,13 +207,13 @@ fn server_accepts_client_with_no_ecpoints_extension_and_only_ffdhe_cipher_suites } let client_config = finish_client_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ClientConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) .with_protocol_versions(&[&rustls::version::TLS12]) .unwrap(), ); let server_config = finish_server_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ServerConfig::builder_with_provider(ffdhe::ffdhe_provider().into()) .with_safe_default_protocol_versions() .unwrap(), @@ -228,7 +228,7 @@ fn server_accepts_client_with_no_ecpoints_extension_and_only_ffdhe_cipher_suites #[test] fn server_avoids_cipher_suite_with_no_common_kx_groups() { let server_config = finish_server_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ServerConfig::builder_with_provider( CryptoProvider { cipher_suites: vec![ @@ -307,7 +307,7 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { for (client_kx_groups, protocol_version, expected_cipher_suite) in test_cases { let client_config = finish_client_config( - KeyType::Rsa, + KeyType::Rsa2048, rustls::ClientConfig::builder_with_provider( CryptoProvider { cipher_suites: vec![ diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 012dd7e4c4..e75cf8a9a8 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -126,27 +126,27 @@ embed_files! { (EDDSA_INTER_KEY, "eddsa", "inter.key"); (EDDSA_INTER_REQ, "eddsa", "inter.req"); - (RSA_CA_CERT, "rsa", "ca.cert"); - (RSA_CA_DER, "rsa", "ca.der"); - (RSA_CA_KEY, "rsa", "ca.key"); - (RSA_CLIENT_CERT, "rsa", "client.cert"); - (RSA_CLIENT_CHAIN, "rsa", "client.chain"); - (RSA_CLIENT_FULLCHAIN, "rsa", "client.fullchain"); - (RSA_CLIENT_KEY, "rsa", "client.key"); - (RSA_CLIENT_REQ, "rsa", "client.req"); - (RSA_CLIENT_RSA, "rsa", "client.rsa"); - (RSA_END_CRL_PEM, "rsa", "end.revoked.crl.pem"); - (RSA_CLIENT_CRL_PEM, "rsa", "client.revoked.crl.pem"); - (RSA_INTERMEDIATE_CRL_PEM, "rsa", "inter.revoked.crl.pem"); - (RSA_END_CERT, "rsa", "end.cert"); - (RSA_END_CHAIN, "rsa", "end.chain"); - (RSA_END_FULLCHAIN, "rsa", "end.fullchain"); - (RSA_END_KEY, "rsa", "end.key"); - (RSA_END_REQ, "rsa", "end.req"); - (RSA_END_RSA, "rsa", "end.rsa"); - (RSA_INTER_CERT, "rsa", "inter.cert"); - (RSA_INTER_KEY, "rsa", "inter.key"); - (RSA_INTER_REQ, "rsa", "inter.req"); + (RSA_2048_CA_CERT, "rsa-2048", "ca.cert"); + (RSA_2048_CA_DER, "rsa-2048", "ca.der"); + (RSA_2048_CA_KEY, "rsa-2048", "ca.key"); + (RSA_2048_CLIENT_CERT, "rsa-2048", "client.cert"); + (RSA_2048_CLIENT_CHAIN, "rsa-2048", "client.chain"); + (RSA_2048_CLIENT_FULLCHAIN, "rsa-2048", "client.fullchain"); + (RSA_2048_CLIENT_KEY, "rsa-2048", "client.key"); + (RSA_2048_CLIENT_REQ, "rsa-2048", "client.req"); + (RSA_2048_CLIENT, "rsa-2048", "client.rsa"); + (RSA_2048_END_CRL_PEM, "rsa-2048", "end.revoked.crl.pem"); + (RSA_2048_CLIENT_CRL_PEM, "rsa-2048", "client.revoked.crl.pem"); + (RSA_2048_INTERMEDIATE_CRL_PEM, "rsa-2048", "inter.revoked.crl.pem"); + (RSA_2048_END_CERT, "rsa-2048", "end.cert"); + (RSA_2048_END_CHAIN, "rsa-2048", "end.chain"); + (RSA_2048_END_FULLCHAIN, "rsa-2048", "end.fullchain"); + (RSA_2048_END_KEY, "rsa-2048", "end.key"); + (RSA_2048_END_REQ, "rsa-2048", "end.req"); + (RSA_2048_END, "rsa-2048", "end.rsa"); + (RSA_2048_INTER_CERT, "rsa-2048", "inter.cert"); + (RSA_2048_INTER_KEY, "rsa-2048", "inter.key"); + (RSA_2048_INTER_REQ, "rsa-2048", "inter.req"); } pub fn transfer( @@ -243,7 +243,7 @@ where #[derive(Clone, Copy, Debug, PartialEq)] pub enum KeyType { - Rsa, + Rsa2048, EcdsaP256, EcdsaP384, EcdsaP521, @@ -251,7 +251,7 @@ pub enum KeyType { } pub static ALL_KEY_TYPES: &[KeyType] = &[ - KeyType::Rsa, + KeyType::Rsa2048, KeyType::EcdsaP256, KeyType::EcdsaP384, #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] @@ -262,7 +262,7 @@ pub static ALL_KEY_TYPES: &[KeyType] = &[ impl KeyType { fn bytes_for(&self, part: &str) -> &'static [u8] { match self { - Self::Rsa => bytes_for("rsa", part), + Self::Rsa2048 => bytes_for("rsa-2048", part), Self::EcdsaP256 => bytes_for("ecdsa-p256", part), Self::EcdsaP384 => bytes_for("ecdsa-p384", part), Self::EcdsaP521 => bytes_for("ecdsa-p521", part), @@ -325,7 +325,7 @@ impl KeyType { pub fn ca_distinguished_name(&self) -> &'static [u8] { match self { - KeyType::Rsa => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..], + KeyType::Rsa2048 => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..], KeyType::EcdsaP256 => { &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p256 CA"[..] } diff --git a/rustls/tests/key_log_file_env.rs b/rustls/tests/key_log_file_env.rs index 9e56e6a0ce..08eb9614df 100644 --- a/rustls/tests/key_log_file_env.rs +++ b/rustls/tests/key_log_file_env.rs @@ -68,11 +68,11 @@ use common::{ #[test] fn exercise_key_log_file_for_client() { super::serialized(|| { - let server_config = Arc::new(make_server_config(KeyType::Rsa)); + let server_config = Arc::new(make_server_config(KeyType::Rsa2048)); env::set_var("SSLKEYLOGFILE", "./sslkeylogfile.txt"); for version in rustls::ALL_VERSIONS { - let mut client_config = make_client_config_with_versions(KeyType::Rsa, &[version]); + let mut client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]); client_config.key_log = Arc::new(rustls::KeyLogFile::new()); let (mut client, mut server) = @@ -90,7 +90,7 @@ fn exercise_key_log_file_for_client() { #[test] fn exercise_key_log_file_for_server() { super::serialized(|| { - let mut server_config = make_server_config(KeyType::Rsa); + let mut server_config = make_server_config(KeyType::Rsa2048); env::set_var("SSLKEYLOGFILE", "./sslkeylogfile.txt"); server_config.key_log = Arc::new(rustls::KeyLogFile::new()); @@ -98,7 +98,7 @@ fn exercise_key_log_file_for_server() { let server_config = Arc::new(server_config); for version in rustls::ALL_VERSIONS { - let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]); + let client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]); let (mut client, mut server) = make_pair_for_arc_configs(&Arc::new(client_config), &server_config); diff --git a/rustls/tests/process_provider.rs b/rustls/tests/process_provider.rs index ea5da7b0df..2193aebc48 100644 --- a/rustls/tests/process_provider.rs +++ b/rustls/tests/process_provider.rs @@ -41,14 +41,14 @@ fn test_explicit_choice_required() { CryptoProvider::get_default().expect("provider missing"); // does not panic - finish_client_config(KeyType::Rsa, ClientConfig::builder()); + finish_client_config(KeyType::Rsa2048, ClientConfig::builder()); } fn test_ring_used_as_implicit_provider() { assert!(CryptoProvider::get_default().is_none()); // implicitly installs ring provider - finish_client_config(KeyType::Rsa, ClientConfig::builder()); + finish_client_config(KeyType::Rsa2048, ClientConfig::builder()); assert!(format!( "{:?}", @@ -61,7 +61,7 @@ fn test_aws_lc_rs_used_as_implicit_provider() { assert!(CryptoProvider::get_default().is_none()); // implicitly installs aws-lc-rs provider - finish_client_config(KeyType::Rsa, ClientConfig::builder()); + finish_client_config(KeyType::Rsa2048, ClientConfig::builder()); assert!(format!( "{:?}", diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 1e0e4c1cc1..245ddb3ab7 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -111,8 +111,8 @@ fn tls13_handshake() { } fn handshake(version: &'static rustls::SupportedProtocolVersion) -> Outcome { - let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]); - let client_config = make_client_config(KeyType::Rsa); + let server_config = make_server_config_with_versions(KeyType::Rsa2048, &[version]); + let client_config = make_client_config(KeyType::Rsa2048); run( Arc::new(client_config), @@ -127,8 +127,8 @@ fn app_data_client_to_server() { let expected: &[_] = b"hello"; for version in rustls::ALL_VERSIONS { eprintln!("{version:?}"); - let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]); - let client_config = make_client_config(KeyType::Rsa); + let server_config = make_server_config_with_versions(KeyType::Rsa2048, &[version]); + let client_config = make_client_config(KeyType::Rsa2048); let mut client_actions = Actions { app_data_to_send: Some(expected), @@ -159,8 +159,8 @@ fn app_data_server_to_client() { let expected: &[_] = b"hello"; for version in rustls::ALL_VERSIONS { eprintln!("{version:?}"); - let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]); - let client_config = make_client_config(KeyType::Rsa); + let server_config = make_server_config_with_versions(KeyType::Rsa2048, &[version]); + let client_config = make_client_config(KeyType::Rsa2048); let mut server_actions = Actions { app_data_to_send: Some(expected), @@ -190,11 +190,11 @@ fn app_data_server_to_client() { fn early_data() { let expected: &[_] = b"hello"; - let mut server_config = make_server_config(KeyType::Rsa); + let mut server_config = make_server_config(KeyType::Rsa2048); server_config.max_early_data_size = 128; let server_config = Arc::new(server_config); - let mut client_config = make_client_config_with_versions(KeyType::Rsa, &[&TLS13]); + let mut client_config = make_client_config_with_versions(KeyType::Rsa2048, &[&TLS13]); client_config.enable_early_data = true; let client_config = Arc::new(client_config); @@ -409,8 +409,8 @@ fn run( fn close_notify_client_to_server() { for version in rustls::ALL_VERSIONS { eprintln!("{version:?}"); - let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]); - let client_config = make_client_config(KeyType::Rsa); + let server_config = make_server_config_with_versions(KeyType::Rsa2048, &[version]); + let client_config = make_client_config(KeyType::Rsa2048); let mut client_actions = Actions { send_close_notify: true, @@ -433,8 +433,8 @@ fn close_notify_client_to_server() { fn close_notify_server_to_client() { for version in rustls::ALL_VERSIONS { eprintln!("{version:?}"); - let server_config = make_server_config_with_versions(KeyType::Rsa, &[version]); - let client_config = make_client_config(KeyType::Rsa); + let server_config = make_server_config_with_versions(KeyType::Rsa2048, &[version]); + let client_config = make_client_config(KeyType::Rsa2048); let mut server_actions = Actions { send_close_notify: true, @@ -807,8 +807,8 @@ impl Buffer { fn make_connection_pair( version: &'static rustls::SupportedProtocolVersion, ) -> (UnbufferedClientConnection, UnbufferedServerConnection) { - let server_config = make_server_config(KeyType::Rsa); - let client_config = make_client_config_with_versions(KeyType::Rsa, &[version]); + let server_config = make_server_config(KeyType::Rsa2048); + let client_config = make_client_config_with_versions(KeyType::Rsa2048, &[version]); let client = UnbufferedClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); diff --git a/test-ca/rsa/ca.cert b/test-ca/rsa-2048/ca.cert similarity index 100% rename from test-ca/rsa/ca.cert rename to test-ca/rsa-2048/ca.cert diff --git a/test-ca/rsa/ca.der b/test-ca/rsa-2048/ca.der similarity index 100% rename from test-ca/rsa/ca.der rename to test-ca/rsa-2048/ca.der diff --git a/test-ca/rsa/ca.key b/test-ca/rsa-2048/ca.key similarity index 100% rename from test-ca/rsa/ca.key rename to test-ca/rsa-2048/ca.key diff --git a/test-ca/rsa/client.cert b/test-ca/rsa-2048/client.cert similarity index 100% rename from test-ca/rsa/client.cert rename to test-ca/rsa-2048/client.cert diff --git a/test-ca/rsa/client.chain b/test-ca/rsa-2048/client.chain similarity index 100% rename from test-ca/rsa/client.chain rename to test-ca/rsa-2048/client.chain diff --git a/test-ca/rsa/client.fullchain b/test-ca/rsa-2048/client.fullchain similarity index 100% rename from test-ca/rsa/client.fullchain rename to test-ca/rsa-2048/client.fullchain diff --git a/test-ca/rsa/client.key b/test-ca/rsa-2048/client.key similarity index 100% rename from test-ca/rsa/client.key rename to test-ca/rsa-2048/client.key diff --git a/test-ca/rsa/client.req b/test-ca/rsa-2048/client.req similarity index 100% rename from test-ca/rsa/client.req rename to test-ca/rsa-2048/client.req diff --git a/test-ca/rsa/client.revoked.crl.pem b/test-ca/rsa-2048/client.revoked.crl.pem similarity index 100% rename from test-ca/rsa/client.revoked.crl.pem rename to test-ca/rsa-2048/client.revoked.crl.pem diff --git a/test-ca/rsa/client.rsa b/test-ca/rsa-2048/client.rsa similarity index 100% rename from test-ca/rsa/client.rsa rename to test-ca/rsa-2048/client.rsa diff --git a/test-ca/rsa/end.cert b/test-ca/rsa-2048/end.cert similarity index 100% rename from test-ca/rsa/end.cert rename to test-ca/rsa-2048/end.cert diff --git a/test-ca/rsa/end.chain b/test-ca/rsa-2048/end.chain similarity index 100% rename from test-ca/rsa/end.chain rename to test-ca/rsa-2048/end.chain diff --git a/test-ca/rsa/end.fullchain b/test-ca/rsa-2048/end.fullchain similarity index 100% rename from test-ca/rsa/end.fullchain rename to test-ca/rsa-2048/end.fullchain diff --git a/test-ca/rsa/end.key b/test-ca/rsa-2048/end.key similarity index 100% rename from test-ca/rsa/end.key rename to test-ca/rsa-2048/end.key diff --git a/test-ca/rsa/end.req b/test-ca/rsa-2048/end.req similarity index 100% rename from test-ca/rsa/end.req rename to test-ca/rsa-2048/end.req diff --git a/test-ca/rsa/end.revoked.crl.pem b/test-ca/rsa-2048/end.revoked.crl.pem similarity index 100% rename from test-ca/rsa/end.revoked.crl.pem rename to test-ca/rsa-2048/end.revoked.crl.pem diff --git a/test-ca/rsa/end.rsa b/test-ca/rsa-2048/end.rsa similarity index 100% rename from test-ca/rsa/end.rsa rename to test-ca/rsa-2048/end.rsa diff --git a/test-ca/rsa/inter.cert b/test-ca/rsa-2048/inter.cert similarity index 100% rename from test-ca/rsa/inter.cert rename to test-ca/rsa-2048/inter.cert diff --git a/test-ca/rsa/inter.key b/test-ca/rsa-2048/inter.key similarity index 100% rename from test-ca/rsa/inter.key rename to test-ca/rsa-2048/inter.key diff --git a/test-ca/rsa/inter.req b/test-ca/rsa-2048/inter.req similarity index 100% rename from test-ca/rsa/inter.req rename to test-ca/rsa-2048/inter.req diff --git a/test-ca/rsa/inter.revoked.crl.pem b/test-ca/rsa-2048/inter.revoked.crl.pem similarity index 100% rename from test-ca/rsa/inter.revoked.crl.pem rename to test-ca/rsa-2048/inter.revoked.crl.pem From 961db38da15a8ca35baf45937fc27123e26677fa Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 15 Mar 2024 13:44:07 -0400 Subject: [PATCH 0901/1145] tests: remove .req and .rsa test files These aren't used anywhere and are just a byproduct of the OpenSSL based generation script. We'll soon be rid of this script, so let's remove these files. --- rustls/tests/common/mod.rs | 17 ----------------- test-ca/ecdsa-p256/client.req | 7 ------- test-ca/ecdsa-p256/end.req | 7 ------- test-ca/ecdsa-p256/inter.req | 7 ------- test-ca/ecdsa-p384/client.req | 8 -------- test-ca/ecdsa-p384/end.req | 8 -------- test-ca/ecdsa-p384/inter.req | 9 --------- test-ca/ecdsa-p521/client.req | 10 ---------- test-ca/ecdsa-p521/end.req | 10 ---------- test-ca/ecdsa-p521/inter.req | 10 ---------- test-ca/eddsa/client.req | 6 ------ test-ca/eddsa/end.req | 6 ------ test-ca/eddsa/inter.req | 6 ------ test-ca/rsa-2048/client.req | 15 --------------- test-ca/rsa-2048/client.rsa | 28 ---------------------------- test-ca/rsa-2048/end.req | 15 --------------- test-ca/rsa-2048/end.rsa | 28 ---------------------------- test-ca/rsa-2048/inter.req | 21 --------------------- 18 files changed, 218 deletions(-) delete mode 100644 test-ca/ecdsa-p256/client.req delete mode 100644 test-ca/ecdsa-p256/end.req delete mode 100644 test-ca/ecdsa-p256/inter.req delete mode 100644 test-ca/ecdsa-p384/client.req delete mode 100644 test-ca/ecdsa-p384/end.req delete mode 100644 test-ca/ecdsa-p384/inter.req delete mode 100644 test-ca/ecdsa-p521/client.req delete mode 100644 test-ca/ecdsa-p521/end.req delete mode 100644 test-ca/ecdsa-p521/inter.req delete mode 100644 test-ca/eddsa/client.req delete mode 100644 test-ca/eddsa/end.req delete mode 100644 test-ca/eddsa/inter.req delete mode 100644 test-ca/rsa-2048/client.req delete mode 100644 test-ca/rsa-2048/client.rsa delete mode 100644 test-ca/rsa-2048/end.req delete mode 100644 test-ca/rsa-2048/end.rsa delete mode 100644 test-ca/rsa-2048/inter.req diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index e75cf8a9a8..8d38d1d10b 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -53,7 +53,6 @@ embed_files! { (ECDSA_P256_CLIENT_CHAIN, "ecdsa-p256", "client.chain"); (ECDSA_P256_CLIENT_FULLCHAIN, "ecdsa-p256", "client.fullchain"); (ECDSA_P256_CLIENT_KEY, "ecdsa-p256", "client.key"); - (ECDSA_P256_CLIENT_REQ, "ecdsa-p256", "client.req"); (ECDSA_P256_END_CRL_PEM, "ecdsa-p256", "end.revoked.crl.pem"); (ECDSA_P256_CLIENT_CRL_PEM, "ecdsa-p256", "client.revoked.crl.pem"); (ECDSA_P256_INTERMEDIATE_CRL_PEM, "ecdsa-p256", "inter.revoked.crl.pem"); @@ -61,10 +60,8 @@ embed_files! { (ECDSA_P256_END_CHAIN, "ecdsa-p256", "end.chain"); (ECDSA_P256_END_FULLCHAIN, "ecdsa-p256", "end.fullchain"); (ECDSA_P256_END_KEY, "ecdsa-p256", "end.key"); - (ECDSA_P256_END_REQ, "ecdsa-p256", "end.req"); (ECDSA_P256_INTER_CERT, "ecdsa-p256", "inter.cert"); (ECDSA_P256_INTER_KEY, "ecdsa-p256", "inter.key"); - (ECDSA_P256_INTER_REQ, "ecdsa-p256", "inter.req"); (ECDSA_P384_CA_CERT, "ecdsa-p384", "ca.cert"); (ECDSA_P384_CA_DER, "ecdsa-p384", "ca.der"); @@ -73,7 +70,6 @@ embed_files! { (ECDSA_P384_CLIENT_CHAIN, "ecdsa-p384", "client.chain"); (ECDSA_P384_CLIENT_FULLCHAIN, "ecdsa-p384", "client.fullchain"); (ECDSA_P384_CLIENT_KEY, "ecdsa-p384", "client.key"); - (ECDSA_P384_CLIENT_REQ, "ecdsa-p384", "client.req"); (ECDSA_P384_END_CRL_PEM, "ecdsa-p384", "end.revoked.crl.pem"); (ECDSA_P384_CLIENT_CRL_PEM, "ecdsa-p384", "client.revoked.crl.pem"); (ECDSA_P384_INTERMEDIATE_CRL_PEM, "ecdsa-p384", "inter.revoked.crl.pem"); @@ -81,10 +77,8 @@ embed_files! { (ECDSA_P384_END_CHAIN, "ecdsa-p384", "end.chain"); (ECDSA_P384_END_FULLCHAIN, "ecdsa-p384", "end.fullchain"); (ECDSA_P384_END_KEY, "ecdsa-p384", "end.key"); - (ECDSA_P384_END_REQ, "ecdsa-p384", "end.req"); (ECDSA_P384_INTER_CERT, "ecdsa-p384", "inter.cert"); (ECDSA_P384_INTER_KEY, "ecdsa-p384", "inter.key"); - (ECDSA_P384_INTER_REQ, "ecdsa-p384", "inter.req"); (ECDSA_P521_CA_CERT, "ecdsa-p521", "ca.cert"); (ECDSA_P521_CA_DER, "ecdsa-p521", "ca.der"); @@ -93,7 +87,6 @@ embed_files! { (ECDSA_P521_CLIENT_CHAIN, "ecdsa-p521", "client.chain"); (ECDSA_P521_CLIENT_FULLCHAIN, "ecdsa-p521", "client.fullchain"); (ECDSA_P521_CLIENT_KEY, "ecdsa-p521", "client.key"); - (ECDSA_P521_CLIENT_REQ, "ecdsa-p521", "client.req"); (ECDSA_P521_END_CRL_PEM, "ecdsa-p521", "end.revoked.crl.pem"); (ECDSA_P521_CLIENT_CRL_PEM, "ecdsa-p521", "client.revoked.crl.pem"); (ECDSA_P521_INTERMEDIATE_CRL_PEM, "ecdsa-p521", "inter.revoked.crl.pem"); @@ -101,10 +94,8 @@ embed_files! { (ECDSA_P521_END_CHAIN, "ecdsa-p521", "end.chain"); (ECDSA_P521_END_FULLCHAIN, "ecdsa-p521", "end.fullchain"); (ECDSA_P521_END_KEY, "ecdsa-p521", "end.key"); - (ECDSA_P521_END_REQ, "ecdsa-p521", "end.req"); (ECDSA_P521_INTER_CERT, "ecdsa-p521", "inter.cert"); (ECDSA_P521_INTER_KEY, "ecdsa-p521", "inter.key"); - (ECDSA_P521_INTER_REQ, "ecdsa-p521", "inter.req"); (EDDSA_CA_CERT, "eddsa", "ca.cert"); (EDDSA_CA_DER, "eddsa", "ca.der"); @@ -113,7 +104,6 @@ embed_files! { (EDDSA_CLIENT_CHAIN, "eddsa", "client.chain"); (EDDSA_CLIENT_FULLCHAIN, "eddsa", "client.fullchain"); (EDDSA_CLIENT_KEY, "eddsa", "client.key"); - (EDDSA_CLIENT_REQ, "eddsa", "client.req"); (EDDSA_END_CRL_PEM, "eddsa", "end.revoked.crl.pem"); (EDDSA_CLIENT_CRL_PEM, "eddsa", "client.revoked.crl.pem"); (EDDSA_INTERMEDIATE_CRL_PEM, "eddsa", "inter.revoked.crl.pem"); @@ -121,10 +111,8 @@ embed_files! { (EDDSA_END_CHAIN, "eddsa", "end.chain"); (EDDSA_END_FULLCHAIN, "eddsa", "end.fullchain"); (EDDSA_END_KEY, "eddsa", "end.key"); - (EDDSA_END_REQ, "eddsa", "end.req"); (EDDSA_INTER_CERT, "eddsa", "inter.cert"); (EDDSA_INTER_KEY, "eddsa", "inter.key"); - (EDDSA_INTER_REQ, "eddsa", "inter.req"); (RSA_2048_CA_CERT, "rsa-2048", "ca.cert"); (RSA_2048_CA_DER, "rsa-2048", "ca.der"); @@ -133,8 +121,6 @@ embed_files! { (RSA_2048_CLIENT_CHAIN, "rsa-2048", "client.chain"); (RSA_2048_CLIENT_FULLCHAIN, "rsa-2048", "client.fullchain"); (RSA_2048_CLIENT_KEY, "rsa-2048", "client.key"); - (RSA_2048_CLIENT_REQ, "rsa-2048", "client.req"); - (RSA_2048_CLIENT, "rsa-2048", "client.rsa"); (RSA_2048_END_CRL_PEM, "rsa-2048", "end.revoked.crl.pem"); (RSA_2048_CLIENT_CRL_PEM, "rsa-2048", "client.revoked.crl.pem"); (RSA_2048_INTERMEDIATE_CRL_PEM, "rsa-2048", "inter.revoked.crl.pem"); @@ -142,11 +128,8 @@ embed_files! { (RSA_2048_END_CHAIN, "rsa-2048", "end.chain"); (RSA_2048_END_FULLCHAIN, "rsa-2048", "end.fullchain"); (RSA_2048_END_KEY, "rsa-2048", "end.key"); - (RSA_2048_END_REQ, "rsa-2048", "end.req"); - (RSA_2048_END, "rsa-2048", "end.rsa"); (RSA_2048_INTER_CERT, "rsa-2048", "inter.cert"); (RSA_2048_INTER_KEY, "rsa-2048", "inter.key"); - (RSA_2048_INTER_REQ, "rsa-2048", "inter.req"); } pub fn transfer( diff --git a/test-ca/ecdsa-p256/client.req b/test-ca/ecdsa-p256/client.req deleted file mode 100644 index 2c56a26260..0000000000 --- a/test-ca/ecdsa-p256/client.req +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIHUMHwCAQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MFkwEwYHKoZIzj0C -AQYIKoZIzj0DAQcDQgAEMMPDa6QaQavMskschE31oylVLkHz0msICVRgXJlpfzBy -5a8bOCCPVlqsOlh4TuyyhBihrmnoqq0hrk68icFF76AAMAoGCCqGSM49BAMCA0gA -MEUCIGNoM5ppNZQB58ebDFr5gi7BfzXQTmSKv1BzHRqKMnv5AiEAvN6+XIGIYju2 -Ju7cb8gJ1ka8aYsSNav0/OiBcRnsXck= ------END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p256/end.req b/test-ca/ecdsa-p256/end.req deleted file mode 100644 index bccaad6f0a..0000000000 --- a/test-ca/ecdsa-p256/end.req +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIHSMHsCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wWTATBgcqhkjOPQIB -BggqhkjOPQMBBwNCAASpryJeNz29nY4w5kkUE11LGtsjfebAPeGBRbj8087CK+cq -yvl56E06G9W93INeOpy3UAM3axPaCvkNeVVS/8pLoAAwCgYIKoZIzj0EAwIDRwAw -RAIgIO7DJfnxkVh3h2SUa2l2UeYCyWwjdjLN3bd4aflpLPkCIFYK6bupISwtlb9n -NQgq+9EAWRwUKHjjJ2G5IBXBBFsj ------END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p256/inter.req b/test-ca/ecdsa-p256/inter.req deleted file mode 100644 index aa3cbd3096..0000000000 --- a/test-ca/ecdsa-p256/inter.req +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIHtMIGVAgEAMDMxMTAvBgNVBAMMKHBvbnl0b3duIEVDRFNBIHAyNTYgbGV2ZWwg -MiBpbnRlcm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQfwWwzFmTa -GgZ3ivm+TOyltvrz5wE0vU/qpOz3pfvPPKjiloZUYfr72lIWLvqpJAx0EaKrO6CZ -8Q0fugI8Blf4oAAwCgYIKoZIzj0EAwIDRwAwRAIgWVdVk8FILzVwikyhkerV/7NF -/+x1how7gI6T+5T21dYCID1ea/fcvCZpszmbMLdFaxNNAxgZ34deCqvNBB1psuDe ------END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p384/client.req b/test-ca/ecdsa-p384/client.req deleted file mode 100644 index 3c3f786e4e..0000000000 --- a/test-ca/ecdsa-p384/client.req +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBEjCBmQIBADAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcqhkjO -PQIBBgUrgQQAIgNiAAQUSK2x/evG1d9Wrgp9OKmNBPsIyqXODMY0ahVKgPuAOEHu -mmB0j4HnrowGopzahDkYYZnp8dako/dkoNvyFKOxxLkSLqSv5iYrnRZ+2Ii0Rbyv -MJYtEnTUAshGZGamM02gADAKBggqhkjOPQQDAgNoADBlAjEA9r+rIolUknvieH8z -WZfAWSOlq8Ikk9RGOncmyDdbL7HLqmTQAIDWbKrXOCpuVrblAjAIjzm7ut/x4eze -M7NLVLHFjr/deZBaUJl1LRWyyD+obfS2xaMU4PYEwqdDqutoqXs= ------END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p384/end.req b/test-ca/ecdsa-p384/end.req deleted file mode 100644 index cc896b128a..0000000000 --- a/test-ca/ecdsa-p384/end.req +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBETCBmAIBADAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTB2MBAGByqGSM49 -AgEGBSuBBAAiA2IABFFe4wMQuVjA0vHxoN1MUqZuV4GfxsL6hlAiuitdjI+hHx8c -P0zbuakIgW1xdmNgSemaF+z+B3qn84brLbdupGPDl/H9FH0DlCdD4C1yEvvVQDTR -O/khMf1UcVsxrbp2c6AAMAoGCCqGSM49BAMCA2gAMGUCMBLN045jZXOKBWtTiBNF -oe6LiK5m++trsZxPDdEB8PvGHTu64tAWaiDYn02b3y+xmAIxAM4p48ZlmJcqkDb7 -gmDLXXgHuO7xQBd3/1K5KJ00gNDR8qCgkkF/aFOmMPu1cCUG6w== ------END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p384/inter.req b/test-ca/ecdsa-p384/inter.req deleted file mode 100644 index 4ee162f032..0000000000 --- a/test-ca/ecdsa-p384/inter.req +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBKjCBsgIBADAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMzg0IGxldmVs -IDIgaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9fposPIZxXJg -N67j1wACKtNalsS4AMJ/5owN9meErJzKPDYfYG0u1A33ytHTlXYhBPHmfCoBrnla -37OXmiwe81XjhsJbbKJy9KtHPT7vcInq2BeDYshZPk1FJ+kwiI2aoAAwCgYIKoZI -zj0EAwIDZwAwZAIwHvESxYFJUoBh8tpH+5htxdHZChVBYkNxTqnW8AmIpIr1cqek -Jld0Qe8ByV8S6ImHAjBlropUQN94lKr8yMXhLBxQiliCRWJJV/Iq5KZ3ttCMOi3T -DoquA6isK55zbo1RtLM= ------END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p521/client.req b/test-ca/ecdsa-p521/client.req deleted file mode 100644 index c365eb2f4f..0000000000 --- a/test-ca/ecdsa-p521/client.req +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBXTCBvwIBADAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwgZswEAYHKoZI -zj0CAQYFK4EEACMDgYYABAAHXVcjc2rLVyCOkNYOzT7iY0fuTxThQlQJLv7KQzvJ -5ziArTFV33H0KiM4fn+s/SKOFgIaLyCOkE2qj7IsHpYC2wHUophZu0QBfX45gBPN -NYrLxpFf/z78jLT+HNUKi842YwO9jtVE3IAdZYkGUhJvwUuW9pyJJ13OJ0mZk13D -ZrWibaAAMAoGCCqGSM49BAMCA4GMADCBiAJCAZGBk2lJndJvSaQCWpHlHPl4Toi5 -v8wQfLuq4AGIBpa+J2TB5E23zESehsNoMCVnmbdN52kQhkeKyO7JFAsf63CGAkIB -QbRy7+QbVBQn+LZovUvTnIEX809GJPBaGh4WC98yHxT80x/QdsMYqKCWt7itPLUR -mytyieJoWEcM0T++ErppepQ= ------END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p521/end.req b/test-ca/ecdsa-p521/end.req deleted file mode 100644 index 1726a9e552..0000000000 --- a/test-ca/ecdsa-p521/end.req +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBWzCBvgIBADAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTCBmzAQBgcqhkjO -PQIBBgUrgQQAIwOBhgAEAMNJDLPL9xjDOWT5D4lV4XpNOJcynpPZLgazzO1Hw+Z+ -Wki4IplJ7RmItpdHUMGM1pkWKqdyHy0fiuIwcmbnJ2STAQY5CfwjzOPbEdy3vkHJ -CNjCEwhtKQ31lpaNFfCeVCuGSft6Z03+ihTLHj3H5XYKY5exy+i87eLVhPU4kIyS -+xPKoAAwCgYIKoZIzj0EAwIDgYsAMIGHAkIA1nmRLkhAStTXvVa2lJiSrNXtd22a -MdI6KeE0Aws6x4jeXhSsq9f8K71R1ANCiwZOzqvtqX03wUqtI9gg8tfKY+0CQV0O -/AEPmqQo0BP+ASBGG1VuJ01KCngFcFRI4lRkR1RNkNHX+XCVGrGgsl9L1eRlDBfz -+4xn4kYCcixnYTNa1ZQh ------END CERTIFICATE REQUEST----- diff --git a/test-ca/ecdsa-p521/inter.req b/test-ca/ecdsa-p521/inter.req deleted file mode 100644 index fd027a4048..0000000000 --- a/test-ca/ecdsa-p521/inter.req +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBdTCB2AIBADAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwNTIxIGxldmVs -IDIgaW50ZXJtZWRpYXRlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA4qOqtt8l -Qz4A7eZC70lF8PSeJyX6hcPCQlXoo2a7lqZxg1BY/92Rikec9FFOnfYu71EmpxCk -+PyUPKL7PiWRB1UB1AFXXzgpCQ0ymsiwT2k1/3t+QieZA9M/ub8X1nJdESsfxFxS -yQQx8n5rE+4/Trq8OxvHLRsG8OK52YuuvcUoUGOgADAKBggqhkjOPQQDAgOBiwAw -gYcCQSsQTDtq5TVDdSEuiINUpfh/yV3hpNZQsUEkJrt0eqTeMTiUoDSOlzbsPR6H -sAXAeH+AoIUgAiyQwupwDK97wOX8AkIB1TRbZjAQJWsnx8bqGeGkGMsX5bdaGt/c -rGf5cOi12esPo19Jll+RbcQ7cvkL5PUgwTalFQu82YoTh4y6G4d5uEI= ------END CERTIFICATE REQUEST----- diff --git a/test-ca/eddsa/client.req b/test-ca/eddsa/client.req deleted file mode 100644 index d7927614f8..0000000000 --- a/test-ca/eddsa/client.req +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIGZME0CAQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA -7i3DAVKkLlgm4KMmN86tsKmHg6V/gD8eJVUtEyWhKZqgADAFBgMrZXADQQDpXE9Q -AsTzLPuVNGrRjqKkxSx0ZR1MU9pusj/pscyMZhVnbHUnOXUfNXTusVokOncHtSU6 -rrPNEQNOFPTbfOYJ ------END CERTIFICATE REQUEST----- diff --git a/test-ca/eddsa/end.req b/test-ca/eddsa/end.req deleted file mode 100644 index 953d4b500e..0000000000 --- a/test-ca/eddsa/end.req +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIGYMEwCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQBG -aQQnDqqVjKAWWubCZJrG6S2ZZcI9/ZO65doj0GcDBqAAMAUGAytlcANBADE3pcNY -30zNG509Wxcvs0vZuTPmwZ9LtIjjbi10WPfMbEQ5oJISE4k7igpqVTEGTMV4Axyq -UaZv/WKqQ8MVbAM= ------END CERTIFICATE REQUEST----- diff --git a/test-ca/eddsa/inter.req b/test-ca/eddsa/inter.req deleted file mode 100644 index 84a48c5350..0000000000 --- a/test-ca/eddsa/inter.req +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIGtMGECAQAwLjEsMCoGA1UEAwwjcG9ueXRvd24gRWREU0EgbGV2ZWwgMiBpbnRl -cm1lZGlhdGUwKjAFBgMrZXADIQBGdEOh+yvAZbpeNPOiQ2QkVrc0TNUIfz6buHeY -/vXbiaAAMAUGAytlcANBAI0uRTsuQuXSFlW4llEt1aOQ13oORdeZCrygDEl9ssAu -H3SaBwckseAV5mf6DpO1gk58Zhhq5wZ1NUw9i5DSkwo= ------END CERTIFICATE REQUEST----- diff --git a/test-ca/rsa-2048/client.req b/test-ca/rsa-2048/client.req deleted file mode 100644 index 5426577b53..0000000000 --- a/test-ca/rsa-2048/client.req +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICXzCCAUcCAQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKiPnwCtC2OgSrWGT66eBMXcdGqjIZ4U -/pi7LeZQd2nR3tY0S/vY3lKobDa0XoXVrxZPiVqg5OSYghab4QLL9bnX9lcJ98nh -BOgJ0ILYE7Y0YW/mi6V6QEO3cG909Y8VmsS6wKetA2Zh2fo5azCRydbO7zOb7KWk -LRQseYC/0FCflT04heKp6E5yzQbbv13p4j3p/GTgEXhdxlcPLHqGkBRkUeNEe+N2 -v+9yh1xxb9L8gOVM4bM5/6rFsaqEI7g9/SLnVi38/lvZIYk2sNLv7+p7wrxyWcAO -wn/+y/m/FDdjIQOpNsu+Epms3mqT41AFpXbd1dvKxZmnIp5xw4qzCQIDAQABoAAw -DQYJKoZIhvcNAQELBQADggEBABIxuTwcAtW7sN/+2VwxAl3grc3skyEceomp+j13 -VuH+9Mn/YdaLFAHxNeFrxyZifUD3SxG3e8ScX+hqbWbCN/QpaiXy7vRk9A3IpnFp -JU+AM/hJ7E9yJtcCJmFv55PeOPiQR1xbD01GIv2aUtkwMISf3JsypDbUEsrhBZ2w -piIFJxmRRmlCLyowmP8/5oUIIdWpzi6yKFmHN7vRdhRq/t/YxSMJOoiimaHk+Soi -0DdHbA6JzrZsB+Z2so3vTzphwtMrp5B/O3LiMhTplfCp5hjzm2evPjfrYxi1pb+h -8yTGm8SpEcmmYsOcoQ2Cx3i7U9NXXKBAleRlvpuqWrS78fc= ------END CERTIFICATE REQUEST----- diff --git a/test-ca/rsa-2048/client.rsa b/test-ca/rsa-2048/client.rsa deleted file mode 100644 index 0d39ec30ab..0000000000 --- a/test-ca/rsa-2048/client.rsa +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCMqI+fAK0LY6BK -tYZPrp4Exdx0aqMhnhT+mLst5lB3adHe1jRL+9jeUqhsNrRehdWvFk+JWqDk5JiC -FpvhAsv1udf2Vwn3yeEE6AnQgtgTtjRhb+aLpXpAQ7dwb3T1jxWaxLrAp60DZmHZ -+jlrMJHJ1s7vM5vspaQtFCx5gL/QUJ+VPTiF4qnoTnLNBtu/XeniPen8ZOAReF3G -Vw8seoaQFGRR40R743a/73KHXHFv0vyA5Uzhszn/qsWxqoQjuD39IudWLfz+W9kh -iTaw0u/v6nvCvHJZwA7Cf/7L+b8UN2MhA6k2y74SmazeapPjUAWldt3V28rFmaci -nnHDirMJAgMBAAECggEAHGJTgSmYweibyxewf9nj52CqKQ/v1XPaFrppY0zLxh0j -jc06Bm9PByY0+IldgomNYmSlLjmMqEP9BptbX1+6Gt8i1oIf79HcR6oveNU+l1O4 -ZEU5h8qfzeIcXWMQfhEesfmrGf98KWh6rIsTFS9a7Bkd7yVB/NI8PCCLDQXPL1EZ -HCrfZjtUhiT/FSYjNU4eC4mEuDMRHEDxIViYd6JiejLbvgw8zcDOtItRRz4Zkq6w -ixplEF9drNrIK2wDg/IgAlTdN7fKyf/IrdJQVvCt0ewWYwh1RKEhCNGP4T/8PdKp -j4Z+qqK4h2KV+CUZhvDYh19Ik53r/HGEMk2MBNJFpQKBgQC/hGV+0mfm/WfeF6mU -hyzOHaUOr+A6aiBc4e8p7YgEFl9iMyvYcyWFu4LhL13KxHrNpT+gCbgY8K5W9Tan -zvR5aj/mkEaHTpzo4rzOL04p61YKOWXf7Etj9ULVnzxcQeiGhXmFrlkeXGtUgX7W -alocH/4CpfFl+WJjlms+T32Z0wKBgQC8BHRQlswa++fapLtxxw/EuZdcdMQdFPaI -O5O0YjgYz+YFpRNkLN7DNg5DNPhYGjLRsge8ZF75GdE6BbdhTAqiv24m4FOeTVd6 -48fbLGx3JQs2ugtJI6OEsDECo1gtOZS77cmggEV/tkaN5BxaRALfWsYI301gDFFE -hN5aEF/6MwKBgQCRhsI03x7SuAWgDmzujtSt/nq4sU36NUBIM+ou+u5a5MEv9mA/ -xidh+j0WbY6gkDIcZ4/0RM5eLSzcqNISK0E7rU/HHCRrloHGuNvs9Kc5VTj45eqS -f5Q97VUOzEPqeq584ZmYygWv+1wXR5sgxImaS3kRfBT1fs2TjO4K2A5BvwKBgQCA -rjPFbE/pL/txY0l/B5S9OaBkgO4wUUah2tSuooJuSOvPdTmeWC9mP7rnOHu4IMYj -SsuMns15g7f1FDB8AQVOeeIz7ViNgbWbwAXq9a6OpOXV4OMUfbXOfKAuhAk3eq9X -J9nVZbUrQV9sgXD+PooQwBnFvL9CO2vrj1x3G7n0jQKBgClGEuZrhBPrIWphUdB3 -lyczpS6NjrQeLjAVt29BU6/F06WsUiK+iakU3ifX6ZIwWjYwWCvu375SkjeRjEpm -/mKN226RHhuvXKRA4AK0Uqrb6XofyV2p0JgdqEnc8L4PeQZL3+c+mfOI355PIy2f -ddTbABcoaSbKNAUFMP6lb4gB ------END PRIVATE KEY----- diff --git a/test-ca/rsa-2048/end.req b/test-ca/rsa-2048/end.req deleted file mode 100644 index 2532d46e56..0000000000 --- a/test-ca/rsa-2048/end.req +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDI1plwQmA+rr6Evlvn2hzIB/zYKlxTm14 -SPzomxpaf3OpzXzHuOn34yVvU1vTDijUl/YJbcnx052m0075SYeuW08VQB/pzjhL -rFp1ULSD272IddbB88T8Jq/VZ5dAxBB1q6Tm0vGBYQ8eIcmJv+fJQTbTXHKQKPHQ -RmVyqXVkwvwcgEJi9gpOcEEpJ6SDGdyGh1ck3wGnhrSpmsu+hwUVi7las+KaQUlv -kmD+UGQKo8Ta91Xu8ja25QLTpjVcYxbi719rtA6I9DpX4+3aeIy/0s1xk0XiyMXI -jSl3dn47gp3IZFRCECuoTdOwOZ9+y9ENnpHvZ84jCBXddU09qheJAgMBAAGgADAN -BgkqhkiG9w0BAQsFAAOCAQEAQZ6gnsdiofBHpVnlOfr7XO5opYeQkQdY/d6YE19U -hsuBWssyEe0dgvMOC9gNuUV5JYBgHdQjM2A2zG7vYdAHbizuywx4iVZNGMtPecja -ANDZD9jK5AavYUZPyGtQqFQu/2zmHfwExfF+txruEnhDCcYB+jk9Tr6KXGq79IDn -8vUzI3yE7IIIPem/hJeI402vYhqpKX82k4+YTfrEe/vj9fYdRZWjwOq4SwmlN+B4 -Krdv2+fC+XUBekmW1+obM/Q6ZpmE97IpCzYjBCgir6vWTJIq1tGvtXEYTkoG1pkK -TaCKbI0ptVsWsFi2t0MQ1pdgKymLDfJCRLt0cYsUyVtQdA== ------END CERTIFICATE REQUEST----- diff --git a/test-ca/rsa-2048/end.rsa b/test-ca/rsa-2048/end.rsa deleted file mode 100644 index cb236b69be..0000000000 --- a/test-ca/rsa-2048/end.rsa +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDI1plwQmA+rr6 -Evlvn2hzIB/zYKlxTm14SPzomxpaf3OpzXzHuOn34yVvU1vTDijUl/YJbcnx052m -0075SYeuW08VQB/pzjhLrFp1ULSD272IddbB88T8Jq/VZ5dAxBB1q6Tm0vGBYQ8e -IcmJv+fJQTbTXHKQKPHQRmVyqXVkwvwcgEJi9gpOcEEpJ6SDGdyGh1ck3wGnhrSp -msu+hwUVi7las+KaQUlvkmD+UGQKo8Ta91Xu8ja25QLTpjVcYxbi719rtA6I9DpX -4+3aeIy/0s1xk0XiyMXIjSl3dn47gp3IZFRCECuoTdOwOZ9+y9ENnpHvZ84jCBXd -dU09qheJAgMBAAECggEABbzZYJqPc/prWwUJzo1qXdA5AEf8U3eR4nKK9S/yU2zh -8sE3BQxb3M0SAbb6wTbuXmnlcxuGT5UAUrJt5QiTc739kktjZNWKdDcqJb7sv9/L -L+L/II7RYPSmQOkd2mqpbTxRyfOz5DD9Z85ohaNd5l4Dha13NOPvUEdxnjB7Yi4I -YbUYZ/Zq6MUosFRObS0XPBvk6d+zDI3WUZatVTNfuS7fqI1BvkXs5EkV34DQXgQs -LKb1LFAoEZoh64UnfkONIT9oG4OTbbaQ9gCbfQPpKw07GuaMdtjp0QD0yldOKvL4 -V4crSZyj2f3LnPCqCjUwcz6quKSUqUgosVApH+JCcQKBgQDpaGXy3laYTK3zbauh -+eHY5Ia+7fM2ETZx4LfwAYA1K5E84T98swpO571lZVrbOKjBukpUrbHdOcEVcBRH -BTvCh1vL1AXXWR0cCvWtp/WAbu90rDqgu6mxaD+V8wGq29URTWOCRG1WA7zeNHPB -0XAZPLQVeqeSvHGLSqyPf4aoHQKBgQDWBqvl5To7P4ZT6VFl18v0EB3zgzpRuyC3 -xKKz5mGw4tuvspdMU2XaOGQsRl5emMijGeII7JUweHbBdkq44S2FZ9wyn4+I+8Oi -Atu4Nce06ARnw+5RRcJlSs/LrExfOtxF3xp8EQqpL/jEO03n7G5cwcFwuWTKoVTI -0RwcuU4JXQKBgDBMCvRzb2W6UDBT3DT7GPGhcARoBnCEpUhxIH6IQPg/mKEJVvK9 -tX9YUod9row4MCtOGf1lp61IOxztgTSk75W0HpmRuNezt+NKnUWewJ0f12rEDKmf -y2BLWwTzMMAjFvaqldGpyRoIUfeE0QMlDFYcioL7S1uApNoWzJgw4jM9AoGBANIk -osuLku1xphbl08JHbD4rRP1AMBbnwWwuagJxhiID3OhaVivfBvaIv/Ko9Se0o+th -EorooGODJDc4So3Uqrl+DLq36Fr7uE5uuAXa6Ec8OHcZ7flmoUSLfBPjDOnEBVul -f3+py+nq7Drgb9H0VzhEFgb0QX6jgXfbudqKJ5ERAoGAR5Q6wQEoT9VT53nuKprl -3K/6agd+4wlpVQW0W1LImdrJHRHUXO7KJe7Bo5rtjL3lw8dCl3olHlLPJKg9frMn -ZWvJ2t0zca18S76rNcsPew2BecJxNRFlGwdcE1BBA2p/yzBhsZbIO7eqfh+dK5va -rnlrPNbWDhylxMaU4/CoU7k= ------END PRIVATE KEY----- diff --git a/test-ca/rsa-2048/inter.req b/test-ca/rsa-2048/inter.req deleted file mode 100644 index d7ff0d96f9..0000000000 --- a/test-ca/rsa-2048/inter.req +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIDcTCCAdkCAQAwLDEqMCgGA1UEAwwhcG9ueXRvd24gUlNBIGxldmVsIDIgaW50 -ZXJtZWRpYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwvSESLM6 -Oc5JMZc/qZFPKLa2dicJXwUOI+YXqD5KZrxbLNnwxJWWQlYWbeeHoZNvqEbmYX4J -XX5rk9CgkBDJ8fIjeyvqZNi4GgFRs0+F/zQb/qmpoJM0bvVL60uTa5VrrR7Dz0bd -k5XVVSdVBIi7lq6xTEMIviQE44AR8+j4YQ/lJz7M2TP0iWgZrTF0/fazv7EummkI -ZGSQkg1VTp53nF2n7IZBBbZTJCg0U08cUzokxrtjUh+TDMwdxfedgIhvGQzjUUsg -bcYf5KUVevonTv+LnyEN8GVD4y5UWSBfXAyBiV0VPnI2LzElesj8zNqz/uu3T0vT -e4EEtQBYjDpS0EW6d0s/XkennrV/4IGhz3CMzb/qS6dC+PvDyDWVoXCZ2VJYJDUf -RoNuZnTwugS6Vh9tDR9+1VX0rONMrcR8sOUEaJMMI3BlJpc10iX9EfnlIV5CQJkf -m4Cm0CkWwlujPm8jXaYX7nN0doqzb0W2JMEzj9xbxZHAvnGMjCB8iooTAgMBAAGg -ADANBgkqhkiG9w0BAQsFAAOCAYEAnMQtAhiCwa/jZuljFI4r/1JwJE2Z4tpRyJVq -tukA6lONTtXM9PwfZpyZQZ6l62CClW16j95whYVeZEs4tXxIvtyywd5bCFGqNaBL -Tbm1fNeeFqUnLfpQaT1ogccm4vmmtdxGcHESNS2+lfg2Fgkid9I2qneRMO0+jsfC -Vbzg9gQFKd5aG32UciIaZO4YazEvLAoudvzqDq3n5DbR/OXNCceVShD9gdLuf4N2 -bD8cGVb/nMQ4RGKvuVfkbvidsm7kZIcKi25J3yEaZp+MVdWzgbMv4iCa/uTEjeZ8 -3UhxOcPPLJnZamLcuqdA/Z+HKOWSsStj+jnjcQS/6yR16E9V6A3HT4h/KbQuOscI -iOfq1JzeeS3rssd4vkLZX9Rd7ugS24pGWLFNlkvSdunjSOdtkx/RmmeiJcZYXhvX -1THrOaZOMMiEIL++LIOsGh9qQUuwy7/7uYQQjWsLchWTePJEz6hYyhQLcmzRSWdd -IuhbwhUCFMT/hMnZ5OU193Hl7jOc ------END CERTIFICATE REQUEST----- From 9444dcbc7b009c460f775d2ef8bf452d46720e42 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 15 Mar 2024 13:46:11 -0400 Subject: [PATCH 0902/1145] Cargo: alphabetize workspace members --- Cargo.toml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index caef8c49a4..9fe4b16f89 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,16 +2,16 @@ members = [ # CI benchmarks "ci-bench", - # Tests that require OpenSSL - "openssl-tests", # Network-based tests "connect-tests", # tests and example code "examples", - # the main library and tests - "rustls", + # Tests that require OpenSSL + "openssl-tests", # example of custom provider "provider-example", + # the main library and tests + "rustls", # experimental post-quantum algorithm support "rustls-post-quantum", ] From 2b0e174be299db51a55638671e82b8ec84e3de64 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Sun, 7 Apr 2024 13:15:12 -0400 Subject: [PATCH 0903/1145] deps: rcgen 0.12 -> 0.13 This updates the project dev dependency on rcgen from 0.12 to 0.13, fixing breaking API changes as appropriate. --- Cargo.lock | 21 +++++-- examples/Cargo.toml | 2 +- examples/src/bin/server_acceptor.rs | 98 +++++++++++++++-------------- provider-example/Cargo.toml | 2 +- provider-example/examples/server.rs | 27 ++++---- 5 files changed, 80 insertions(+), 70 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0c3582763a..b708ca3683 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -349,6 +349,7 @@ dependencies = [ "aws-lc-sys", "mirai-annotations", "paste", + "untrusted 0.7.1", "zeroize", ] @@ -2006,12 +2007,14 @@ dependencies = [ [[package]] name = "rcgen" -version = "0.12.1" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48406db8ac1f3cbc7dcdb56ec355343817958a356ff430259bb07baf7607e1e1" +checksum = "54077e1872c46788540de1ea3d7f4ccb1983d12f9aa909b234468676c1a36779" dependencies = [ + "aws-lc-rs", "pem", "ring", + "rustls-pki-types", "time", "yasna", ] @@ -2085,7 +2088,7 @@ dependencies = [ "getrandom", "libc", "spin 0.9.8", - "untrusted", + "untrusted 0.9.0", "windows-sys 0.52.0", ] @@ -2324,7 +2327,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ "ring", - "untrusted", + "untrusted 0.9.0", ] [[package]] @@ -2336,7 +2339,7 @@ dependencies = [ "aws-lc-rs", "ring", "rustls-pki-types", - "untrusted", + "untrusted 0.9.0", ] [[package]] @@ -2364,7 +2367,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ "ring", - "untrusted", + "untrusted 0.9.0", ] [[package]] @@ -2745,6 +2748,12 @@ dependencies = [ "subtle", ] +[[package]] +name = "untrusted" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" + [[package]] name = "untrusted" version = "0.9.0" diff --git a/examples/Cargo.toml b/examples/Cargo.toml index e9ddb606de..3e6b123798 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -13,7 +13,7 @@ env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } -rcgen = { version = "0.12", features = ["pem", "ring"], default-features = false } +rcgen = { version = "0.13", features = ["pem", "aws_lc_rs"], default-features = false } rustls = { path = "../rustls", features = [ "logging" ]} rustls-pemfile = "2" serde = "1.0" diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index 3457b5345d..feda1968d9 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -13,9 +13,8 @@ use std::time::Duration; use std::{fs, thread}; use docopt::Docopt; -use rustls::pki_types::{ - CertificateDer, CertificateRevocationListDer, PrivateKeyDer, PrivatePkcs8KeyDer, -}; +use rcgen::KeyPair; +use rustls::pki_types::{CertificateRevocationListDer, PrivatePkcs8KeyDer}; use rustls::server::{Acceptor, ClientHello, ServerConfig, WebPkiClientVerifier}; use rustls::RootCertStore; use serde_derive::Deserialize; @@ -58,19 +57,13 @@ fn main() { &args .flag_ca_path .unwrap_or("ca-cert.pem".to_string()), - &test_pki - .ca_cert - .serialize_pem() - .unwrap(), + &test_pki.ca_cert.cert.pem(), ); write_pem( &args .flag_client_cert_path .unwrap_or("client-cert.pem".to_string()), - &test_pki - .client_cert - .serialize_pem_with_signer(&test_pki.ca_cert) - .unwrap(), + &test_pki.client_cert.cert.pem(), ); write_pem( &args @@ -78,7 +71,8 @@ fn main() { .unwrap_or("client-key.pem".to_string()), &test_pki .client_cert - .serialize_private_key_pem(), + .key_pair + .serialize_pem(), ); // Write out an initial DER CRL that has no revoked certificates. @@ -147,10 +141,9 @@ fn main() { /// A test PKI with a CA certificate, server certificate, and client certificate. struct TestPki { roots: Arc, - ca_cert: rcgen::Certificate, - client_cert: rcgen::Certificate, - server_cert_der: CertificateDer<'static>, - server_key_der: PrivateKeyDer<'static>, + ca_cert: rcgen::CertifiedKey, + client_cert: rcgen::CertifiedKey, + server_cert: rcgen::CertifiedKey, } impl TestPki { @@ -158,7 +151,7 @@ impl TestPki { fn new() -> Self { // Create an issuer CA cert. let alg = &rcgen::PKCS_ECDSA_P256_SHA256; - let mut ca_params = rcgen::CertificateParams::new(Vec::new()); + let mut ca_params = rcgen::CertificateParams::new(Vec::new()).unwrap(); ca_params .distinguished_name .push(rcgen::DnType::OrganizationName, "Rustls Server Acceptor"); @@ -171,44 +164,51 @@ impl TestPki { rcgen::KeyUsagePurpose::DigitalSignature, rcgen::KeyUsagePurpose::CrlSign, ]; - ca_params.alg = alg; - let ca_cert = rcgen::Certificate::from_params(ca_params).unwrap(); + let ca_key = KeyPair::generate_for(alg).unwrap(); + let ca_cert = ca_params.self_signed(&ca_key).unwrap(); // Create a server end entity cert issued by the CA. - let mut server_ee_params = rcgen::CertificateParams::new(vec!["localhost".to_string()]); + let mut server_ee_params = + rcgen::CertificateParams::new(vec!["localhost".to_string()]).unwrap(); server_ee_params.is_ca = rcgen::IsCa::NoCa; server_ee_params.extended_key_usages = vec![rcgen::ExtendedKeyUsagePurpose::ServerAuth]; - server_ee_params.alg = alg; - let server_cert = rcgen::Certificate::from_params(server_ee_params).unwrap(); - let server_cert_der = CertificateDer::from( - server_cert - .serialize_der_with_signer(&ca_cert) - .unwrap(), - ); - let server_key_der = PrivatePkcs8KeyDer::from(server_cert.serialize_private_key_der()); + let ee_key = KeyPair::generate_for(alg).unwrap(); + let server_cert = server_ee_params + .signed_by(&ee_key, &ca_cert, &ca_key) + .unwrap(); // Create a client end entity cert issued by the CA. - let mut client_ee_params = rcgen::CertificateParams::new(Vec::new()); + let mut client_ee_params = rcgen::CertificateParams::new(Vec::new()).unwrap(); client_ee_params .distinguished_name .push(rcgen::DnType::CommonName, "Example Client"); client_ee_params.is_ca = rcgen::IsCa::NoCa; client_ee_params.extended_key_usages = vec![rcgen::ExtendedKeyUsagePurpose::ClientAuth]; - client_ee_params.alg = alg; client_ee_params.serial_number = Some(rcgen::SerialNumber::from(vec![0xC0, 0xFF, 0xEE])); - let client_cert = rcgen::Certificate::from_params(client_ee_params).unwrap(); + let client_key = KeyPair::generate_for(alg).unwrap(); + let client_cert = client_ee_params + .signed_by(&client_key, &ca_cert, &ca_key) + .unwrap(); // Create a root cert store that includes the CA certificate. let mut roots = RootCertStore::empty(); roots - .add(CertificateDer::from(ca_cert.serialize_der().unwrap())) + .add(ca_cert.der().clone()) .unwrap(); Self { roots: roots.into(), - ca_cert, - client_cert, - server_cert_der, - server_key_der: server_key_der.into(), + ca_cert: rcgen::CertifiedKey { + cert: ca_cert, + key_pair: ca_key, + }, + client_cert: rcgen::CertifiedKey { + cert: client_cert, + key_pair: client_key, + }, + server_cert: rcgen::CertifiedKey { + cert: server_cert, + key_pair: ee_key, + }, } } @@ -238,11 +238,11 @@ impl TestPki { let mut server_config = ServerConfig::builder() .with_client_cert_verifier(verifier) .with_single_cert( - vec![self.server_cert_der.clone()], + vec![self.server_cert.cert.der().clone()], PrivatePkcs8KeyDer::from( - self.server_key_der - .secret_der() - .to_owned(), + self.server_cert + .key_pair + .serialize_der(), ) .into(), ) @@ -256,7 +256,11 @@ impl TestPki { /// Issue a certificate revocation list (CRL) for the revoked `serials` provided (may be empty). /// The CRL will be signed by the test PKI CA and returned in DER serialized form. - fn crl(&self, serials: Vec, next_update_seconds: u64) -> Vec { + fn crl( + &self, + serials: Vec, + next_update_seconds: u64, + ) -> CertificateRevocationListDer { // In a real use-case you would want to set this to the current date/time. let now = rcgen::date_time_ymd(2023, 1, 1); @@ -272,19 +276,18 @@ impl TestPki { .collect(); // Create a new CRL signed by the CA cert. - let crl = rcgen::CertificateRevocationListParams { + let crl_params = rcgen::CertificateRevocationListParams { this_update: now, next_update: now.add(Duration::from_secs(next_update_seconds)), crl_number: rcgen::SerialNumber::from(1234), issuing_distribution_point: None, revoked_certs, key_identifier_method: rcgen::KeyIdMethod::Sha256, - alg: &rcgen::PKCS_ECDSA_P256_SHA256, }; - rcgen::CertificateRevocationList::from_params(crl) - .unwrap() - .serialize_der_with_signer(&self.ca_cert) + crl_params + .signed_by(&self.ca_cert.cert, &self.ca_cert.key_pair) .unwrap() + .into() } } @@ -311,7 +314,8 @@ impl CrlUpdater { vec![self .pki .client_cert - .get_params() + .cert + .params() .serial_number .clone() .unwrap()] diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 4c32ed0b55..40e214667f 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -28,7 +28,7 @@ x25519-dalek = "2" [dev-dependencies] env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) hex = "0.4.3" -rcgen = { version = "0.12", features = ["ring"] } +rcgen = { version = "0.13", features = ["aws_lc_rs"] } serde = { version = "1", features = ["derive"] } serde_json = "1" webpki-roots = "0.26" diff --git a/provider-example/examples/server.rs b/provider-example/examples/server.rs index f38c63560e..4f69fc237c 100644 --- a/provider-example/examples/server.rs +++ b/provider-example/examples/server.rs @@ -58,7 +58,7 @@ struct TestPki { impl TestPki { fn new() -> Self { let alg = &rcgen::PKCS_ECDSA_P256_SHA256; - let mut ca_params = rcgen::CertificateParams::new(Vec::new()); + let mut ca_params = rcgen::CertificateParams::new(Vec::new()).unwrap(); ca_params .distinguished_name .push(rcgen::DnType::OrganizationName, "Provider Server Example"); @@ -70,25 +70,22 @@ impl TestPki { rcgen::KeyUsagePurpose::KeyCertSign, rcgen::KeyUsagePurpose::DigitalSignature, ]; - ca_params.alg = alg; - let ca_cert = rcgen::Certificate::from_params(ca_params).unwrap(); + let ca_key = rcgen::KeyPair::generate_for(alg).unwrap(); + let ca_cert = ca_params.self_signed(&ca_key).unwrap(); // Create a server end entity cert issued by the CA. - let mut server_ee_params = rcgen::CertificateParams::new(vec!["localhost".to_string()]); + let mut server_ee_params = + rcgen::CertificateParams::new(vec!["localhost".to_string()]).unwrap(); server_ee_params.is_ca = rcgen::IsCa::NoCa; server_ee_params.extended_key_usages = vec![rcgen::ExtendedKeyUsagePurpose::ServerAuth]; - server_ee_params.alg = alg; - let server_cert = rcgen::Certificate::from_params(server_ee_params).unwrap(); - let server_cert_der = CertificateDer::from( - server_cert - .serialize_der_with_signer(&ca_cert) - .unwrap(), - ); - let server_key_der = - PrivatePkcs8KeyDer::from(server_cert.serialize_private_key_der()).into(); + let server_key = rcgen::KeyPair::generate_for(alg).unwrap(); + let server_cert = server_ee_params + .signed_by(&server_key, &ca_cert, &ca_key) + .unwrap(); Self { - server_cert_der, - server_key_der, + server_cert_der: server_cert.into(), + // TODO(XXX): update below once https://github.com/rustls/rcgen/issues/260 is resolved. + server_key_der: PrivatePkcs8KeyDer::from(server_key.serialize_der()).into(), } } From cf8f5a3c0392b6577e6c66311a9f8eb1ba72ef96 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 18 Mar 2024 12:37:23 -0400 Subject: [PATCH 0904/1145] rustls/examples: add rcgen based CA generation tool This commit updates the rustls crate's `examples/internal` module with a new `test_ca` binary that generates the Rustls test PKI. It closely matches the existing `build-a-pki.sh` script that generates the existing test data, but does so in pure Rust using `rcgen`. It can be run with: ``` cargo run -p rustls --example test_ca ``` Unlike the existing script the RSA chain generation was switched to be uniform with the approach used for ECDSA. Previously there was one RSA chain with the EE/client certs using RSA 2048, the intermediate using 3072 and the root using 4096. This version instead uses the same key size for all certs in the chain, but generates three chains: one for RSA 2048, one for 3072, and one for 4096. The existing test-data is left as-is with this commit and will be regenerated in a subsequent commit. --- Cargo.lock | 2 + ci-bench/Cargo.toml | 2 +- rustls/Cargo.toml | 6 + rustls/examples/internal/test_ca.rs | 321 ++++++++++++++++++++++++++++ 4 files changed, 330 insertions(+), 1 deletion(-) create mode 100644 rustls/examples/internal/test_ca.rs diff --git a/Cargo.lock b/Cargo.lock index b708ca3683..6565061f07 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2185,6 +2185,7 @@ dependencies = [ "log", "num-bigint", "once_cell", + "rcgen", "ring", "rustls-pemfile 2.1.2", "rustls-pki-types", @@ -2192,6 +2193,7 @@ dependencies = [ "rustversion", "subtle", "tikv-jemallocator", + "time", "webpki-roots 0.26.1", "zeroize", ] diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index 2d8369b4d2..f51b462d30 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -13,7 +13,7 @@ byteorder = "1.4.3" clap = { version = "4.3.21", features = ["derive"] } fxhash = "0.2.1" itertools = "0.12" -pki-types = { package = "rustls-pki-types", version = "1" } +pki-types = { package = "rustls-pki-types", version = "1.4.1" } rayon = "1.7.0" rustls = { path = "../rustls", features = ["ring", "aws_lc_rs"] } rustls-pemfile = "2" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 5e192c55bd..8cff9390f2 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -44,7 +44,9 @@ bencher = "0.1.5" env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) log = "0.4.4" num-bigint = "0.4.4" +rcgen = { version = "0.13", default-features = false, features = ["aws_lc_rs", "pem"] } rustls-pemfile = "2" +time = { version = "0.3.6", default-features = false } webpki-roots = "0.26" [target.'cfg(not(target_env = "msvc"))'.dev-dependencies] @@ -65,6 +67,10 @@ path = "benches/benchmarks.rs" harness = false required-features = ["ring"] +[[example]] +name = "test_ca" +path = "examples/internal/test_ca.rs" + [package.metadata.docs.rs] # all non-default features except fips (cannot build on docs.rs environment) features = ["read_buf", "ring"] diff --git a/rustls/examples/internal/test_ca.rs b/rustls/examples/internal/test_ca.rs new file mode 100644 index 0000000000..52e62b8d1a --- /dev/null +++ b/rustls/examples/internal/test_ca.rs @@ -0,0 +1,321 @@ +use std::collections::HashMap; +use std::env; +use std::fs::{self, File}; +use std::io::Write; +use std::net::IpAddr; +use std::path::PathBuf; +use std::str::FromStr; +use std::sync::atomic::{AtomicU64, Ordering}; +use std::time::Duration; + +use rcgen::{ + BasicConstraints, CertificateParams, CertificateRevocationListParams, CertifiedKey, + DistinguishedName, DnType, ExtendedKeyUsagePurpose, Ia5String, IsCa, KeyIdMethod, KeyPair, + KeyUsagePurpose, RevocationReason, RevokedCertParams, RsaKeySize, SanType, SerialNumber, + SignatureAlgorithm, PKCS_ECDSA_P256_SHA256, PKCS_ECDSA_P384_SHA384, PKCS_ECDSA_P521_SHA512, + PKCS_ED25519, PKCS_RSA_SHA256, PKCS_RSA_SHA384, PKCS_RSA_SHA512, +}; +use time::OffsetDateTime; + +fn main() -> Result<(), Box> { + let mut certified_keys = HashMap::with_capacity(ROLES.len() * SIG_ALGS.len()); + for role in ROLES { + for alg in SIG_ALGS { + // Generate a key pair and serialize it to a PEM encoded file. + let key_pair = alg.key_pair(); + let mut key_pair_file = File::create(role.key_file_path(alg))?; + key_pair_file.write_all(key_pair.serialize_pem().as_bytes())?; + + // Issue a certificate for the key pair. For trust anchors, this will be self-signed. + // Otherwise we dig out the issuer and issuer_key for the issuer, which should have + // been produced in earlier iterations based on the careful ordering of roles. + let cert = match role { + Role::TrustAnchor => role + .params(alg) + .self_signed(&key_pair)?, + Role::Intermediate => { + let issuer: &CertifiedKey = certified_keys + .get(&(Role::TrustAnchor, alg.inner)) + .unwrap(); + role.params(alg) + .signed_by(&key_pair, &issuer.cert, &issuer.key_pair)? + } + Role::EndEntity | Role::Client => { + let issuer = certified_keys + .get(&(Role::Intermediate, alg.inner)) + .unwrap(); + role.params(alg) + .signed_by(&key_pair, &issuer.cert, &issuer.key_pair)? + } + }; + + // Serialize the issued certificate to a PEM encoded file. + let mut cert_file = File::create(role.cert_pem_file_path(alg))?; + cert_file.write_all(cert.pem().as_bytes())?; + // And to a DER encoded file. + let mut cert_file = File::create(role.cert_der_file_path(alg))?; + cert_file.write_all(cert.der())?; + + // If we're not a trust anchor, generate a CRL for the certificate we just issued. + if role != Role::TrustAnchor { + // The CRL will be signed by the issuer of the certificate being revoked. For + // intermediates this will be the trust anchor, and for client/EE certs this will + // be the intermediate. + let issuer = match role { + Role::Intermediate => certified_keys + .get(&(Role::TrustAnchor, alg.inner)) + .unwrap(), + Role::EndEntity | Role::Client => certified_keys + .get(&(Role::Intermediate, alg.inner)) + .unwrap(), + _ => panic!("unexpected role for CRL generation: {role:?}"), + }; + let crl = crl_for_serial( + cert.params() + .serial_number + .clone() + .unwrap(), + ) + .signed_by(&issuer.cert, &issuer.key_pair)?; + let mut crl_file = File::create( + alg.output_directory() + .join(format!("{}.revoked.crl.pem", role.label())), + )?; + crl_file.write_all(crl.pem().unwrap().as_bytes())?; + } + + // When we're issuing end entity or client certs we have a bit of extra work to do + // now that we have full chains in hand. + if matches!(role, Role::EndEntity | Role::Client) { + let root = &certified_keys + .get(&(Role::TrustAnchor, alg.inner)) + .unwrap() + .cert; + let intermediate = &certified_keys + .get(&(Role::Intermediate, alg.inner)) + .unwrap() + .cert; + + // Write the PEM chain and full chain files for the end entity and client certs. + // Chain files include the intermediate and root certs, while full chain files include + // the end entity or client cert as well. + for f in [ + ("chain", &[intermediate, root][..]), + ("fullchain", &[&cert, intermediate, root][..]), + ] { + let mut chain_file = File::create(alg.output_directory().join(format!( + "{}.{}", + role.label(), + f.0 + )))?; + for cert in f.1 { + chain_file.write_all(cert.pem().as_bytes())?; + } + } + } + + certified_keys.insert((role, alg.inner), CertifiedKey { cert, key_pair }); + } + } + + Ok(()) +} + +fn crl_for_serial(serial_number: SerialNumber) -> CertificateRevocationListParams { + let now = OffsetDateTime::now_utc(); + CertificateRevocationListParams { + this_update: now, + next_update: now + Duration::from_secs(60 * 60 * 24 * 5), + crl_number: SerialNumber::from(1234), + issuing_distribution_point: None, + revoked_certs: vec![RevokedCertParams { + serial_number, + revocation_time: now, + reason_code: Some(RevocationReason::KeyCompromise), + invalidity_date: None, + }], + key_identifier_method: KeyIdMethod::Sha256, + } +} + +// Note: these are ordered such that the data dependencies for issuance are satisfied. +const ROLES: [Role; 4] = [ + Role::TrustAnchor, + Role::Intermediate, + Role::EndEntity, + Role::Client, +]; + +#[derive(Debug, Clone, Copy, Eq, PartialEq, Hash)] +enum Role { + Client, + EndEntity, + Intermediate, + TrustAnchor, +} + +impl Role { + fn params(&self, alg: &'static SigAlgContext) -> CertificateParams { + let mut params = CertificateParams::default(); + params.distinguished_name = self.common_name(alg); + params.use_authority_key_identifier_extension = true; + let serial = SERIAL_NUMBER.fetch_add(1, Ordering::SeqCst); + params.serial_number = Some(SerialNumber::from_slice(&serial.to_be_bytes()[..])); + + match self { + Self::TrustAnchor | Self::Intermediate => { + params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained); + params.key_usages = ISSUER_KEY_USAGES.to_vec(); + params.extended_key_usages = ISSUER_EXTENDED_KEY_USAGES.to_vec(); + } + Self::EndEntity | Self::Client => { + params.is_ca = IsCa::NoCa; + params.key_usages = EE_KEY_USAGES.to_vec(); + params.subject_alt_names = vec![ + SanType::DnsName(Ia5String::try_from("testserver.com".to_string()).unwrap()), + SanType::DnsName( + Ia5String::try_from("second.testserver.com".to_string()).unwrap(), + ), + SanType::DnsName(Ia5String::try_from("localhost".to_string()).unwrap()), + SanType::IpAddress(IpAddr::from_str("198.51.100.1").unwrap()), + SanType::IpAddress(IpAddr::from_str("2001:db8::1").unwrap()), + ]; + } + } + + // Client certificates additionally get the client auth EKU. + if *self == Self::Client { + params.extended_key_usages = vec![ExtendedKeyUsagePurpose::ClientAuth]; + } + + params + } + + fn common_name(&self, alg: &'static SigAlgContext) -> DistinguishedName { + let mut distinguished_name = DistinguishedName::new(); + distinguished_name.push( + DnType::CommonName, + match self { + Self::Client => "ponytown client".to_owned(), + Self::EndEntity => "testserver.com".to_owned(), + Self::Intermediate => { + format!("ponytown {} level 2 intermediate", alg.issuer_cn) + } + Self::TrustAnchor => format!("ponytown {} CA", alg.issuer_cn), + }, + ); + distinguished_name + } + + fn key_file_path(&self, alg: &'static SigAlgContext) -> PathBuf { + alg.output_directory() + .join(format!("{}.key", self.label())) + } + + fn cert_pem_file_path(&self, alg: &'static SigAlgContext) -> PathBuf { + alg.output_directory() + .join(format!("{}.cert", self.label())) + } + + fn cert_der_file_path(&self, alg: &'static SigAlgContext) -> PathBuf { + alg.output_directory() + .join(format!("{}.der", self.label())) + } + + fn label(&self) -> &'static str { + match self { + Self::Client => "client", + Self::EndEntity => "end", + Self::Intermediate => "inter", + Self::TrustAnchor => "ca", + } + } +} + +// Note: for convenience we use the RSA sigalg digest algorithm to inform the RSA modulus +// size, mapping SHA256 to RSA 2048, SHA384 to RSA 3072, and SHA512 to RSA 4096. +static SIG_ALGS: &[SigAlgContext] = &[ + SigAlgContext { + inner: &PKCS_RSA_SHA256, + issuer_cn: "RSA 2048", + }, + SigAlgContext { + inner: &PKCS_RSA_SHA384, + issuer_cn: "RSA 3072", + }, + SigAlgContext { + inner: &PKCS_RSA_SHA512, + issuer_cn: "RSA 4096", + }, + SigAlgContext { + inner: &PKCS_ECDSA_P256_SHA256, + issuer_cn: "ECDSA p256", + }, + SigAlgContext { + inner: &PKCS_ECDSA_P384_SHA384, + issuer_cn: "ECDSA p384", + }, + SigAlgContext { + inner: &PKCS_ECDSA_P521_SHA512, + issuer_cn: "ECDSA p521", + }, + SigAlgContext { + inner: &PKCS_ED25519, + issuer_cn: "EdDSA", + }, +]; + +struct SigAlgContext { + pub(crate) inner: &'static SignatureAlgorithm, + pub(crate) issuer_cn: &'static str, +} + +impl SigAlgContext { + fn output_directory(&self) -> PathBuf { + let output_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap()) + .join("../") + .join("test-ca") + .join( + self.issuer_cn + .to_lowercase() + .replace(' ', "-"), + ); + fs::create_dir_all(&output_dir).unwrap(); + output_dir + } + + fn key_pair(&self) -> KeyPair { + if *self.inner == PKCS_RSA_SHA256 { + KeyPair::generate_rsa_for(&PKCS_RSA_SHA256, RsaKeySize::_2048) + } else if *self.inner == PKCS_RSA_SHA384 { + KeyPair::generate_rsa_for(&PKCS_RSA_SHA384, RsaKeySize::_3072) + } else if *self.inner == PKCS_RSA_SHA512 { + KeyPair::generate_rsa_for(&PKCS_RSA_SHA512, RsaKeySize::_4096) + } else { + KeyPair::generate_for(self.inner) + } + .unwrap() + } +} + +const ISSUER_KEY_USAGES: &[KeyUsagePurpose; 7] = &[ + KeyUsagePurpose::CrlSign, + KeyUsagePurpose::KeyCertSign, + KeyUsagePurpose::DigitalSignature, + KeyUsagePurpose::ContentCommitment, + KeyUsagePurpose::KeyEncipherment, + KeyUsagePurpose::DataEncipherment, + KeyUsagePurpose::KeyAgreement, +]; + +const ISSUER_EXTENDED_KEY_USAGES: &[ExtendedKeyUsagePurpose; 2] = &[ + ExtendedKeyUsagePurpose::ServerAuth, + ExtendedKeyUsagePurpose::ClientAuth, +]; + +const EE_KEY_USAGES: &[KeyUsagePurpose; 2] = &[ + KeyUsagePurpose::DigitalSignature, + KeyUsagePurpose::ContentCommitment, +]; + +static SERIAL_NUMBER: AtomicU64 = AtomicU64::new(1); From c8aac1ba6948d8619708c1901e828151d48508fd Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 15 Mar 2024 14:16:34 -0400 Subject: [PATCH 0905/1145] test-ca: regenerate with rcgen This commit regenerates the test-ca PKI using the rcgen tooling. A couple of small adjustments to unit tests are required: 1. We have to adjust down some expected write sizes: previously the singular RSA chain had 2048, 3072 and 4096 bit keys and the larger modulus sizes ensured a certain unit test always wrote more than 4000 bytes of data. With the new 2048 chain having _only_ 2048 bit keys the expected write threshold needs to be adjusted down to 3000 bytes. 2. The expected subject common names expected in the client auth hint tests need adjusting for the new RSA root common names. 3. We introduce new RSA_3072 and RSA_4096 key sizes, using the newly generated test chains. Otherwise all existing tests continue to pass as expected without modification. --- rustls/tests/api.rs | 4 +- rustls/tests/common/mod.rs | 50 ++++++++- test-ca/ecdsa-p256/ca.cert | 19 ++-- test-ca/ecdsa-p256/ca.der | Bin 411 -> 443 bytes test-ca/ecdsa-p256/ca.key | 6 +- test-ca/ecdsa-p256/client.cert | 21 ++-- test-ca/ecdsa-p256/client.chain | 39 +++---- test-ca/ecdsa-p256/client.der | Bin 0 -> 480 bytes test-ca/ecdsa-p256/client.fullchain | 60 +++++----- test-ca/ecdsa-p256/client.key | 6 +- test-ca/ecdsa-p256/client.revoked.crl.pem | 12 +- test-ca/ecdsa-p256/end.cert | 22 ++-- test-ca/ecdsa-p256/end.chain | 39 +++---- test-ca/ecdsa-p256/end.der | Bin 0 -> 458 bytes test-ca/ecdsa-p256/end.fullchain | 61 +++++----- test-ca/ecdsa-p256/end.key | 6 +- test-ca/ecdsa-p256/end.revoked.crl.pem | 12 +- test-ca/ecdsa-p256/inter.cert | 20 ++-- test-ca/ecdsa-p256/inter.der | Bin 0 -> 460 bytes test-ca/ecdsa-p256/inter.key | 6 +- test-ca/ecdsa-p256/inter.revoked.crl.pem | 12 +- test-ca/ecdsa-p384/ca.cert | 21 ++-- test-ca/ecdsa-p384/ca.der | Bin 472 -> 504 bytes test-ca/ecdsa-p384/ca.key | 8 +- test-ca/ecdsa-p384/client.cert | 24 ++-- test-ca/ecdsa-p384/client.chain | 43 +++---- test-ca/ecdsa-p384/client.der | Bin 0 -> 542 bytes test-ca/ecdsa-p384/client.fullchain | 67 +++++------ test-ca/ecdsa-p384/client.key | 8 +- test-ca/ecdsa-p384/client.revoked.crl.pem | 14 +-- test-ca/ecdsa-p384/end.cert | 24 ++-- test-ca/ecdsa-p384/end.chain | 43 +++---- test-ca/ecdsa-p384/end.der | Bin 0 -> 521 bytes test-ca/ecdsa-p384/end.fullchain | 67 ++++++----- test-ca/ecdsa-p384/end.key | 8 +- test-ca/ecdsa-p384/end.revoked.crl.pem | 14 +-- test-ca/ecdsa-p384/inter.cert | 22 ++-- test-ca/ecdsa-p384/inter.der | Bin 0 -> 522 bytes test-ca/ecdsa-p384/inter.key | 8 +- test-ca/ecdsa-p384/inter.revoked.crl.pem | 14 +-- test-ca/ecdsa-p521/ca.cert | 25 +++-- test-ca/ecdsa-p521/ca.der | Bin 546 -> 578 bytes test-ca/ecdsa-p521/ca.key | 12 +- test-ca/ecdsa-p521/client.cert | 26 ++--- test-ca/ecdsa-p521/client.chain | 51 ++++----- test-ca/ecdsa-p521/client.der | Bin 0 -> 616 bytes test-ca/ecdsa-p521/client.fullchain | 77 ++++++------- test-ca/ecdsa-p521/client.key | 12 +- test-ca/ecdsa-p521/client.revoked.crl.pem | 16 +-- test-ca/ecdsa-p521/end.cert | 28 +++-- test-ca/ecdsa-p521/end.chain | 51 ++++----- test-ca/ecdsa-p521/end.der | Bin 0 -> 595 bytes test-ca/ecdsa-p521/end.fullchain | 79 +++++++------ test-ca/ecdsa-p521/end.key | 12 +- test-ca/ecdsa-p521/end.revoked.crl.pem | 16 +-- test-ca/ecdsa-p521/inter.cert | 26 ++--- test-ca/ecdsa-p521/inter.der | Bin 0 -> 596 bytes test-ca/ecdsa-p521/inter.key | 12 +- test-ca/ecdsa-p521/inter.revoked.crl.pem | 12 +- test-ca/eddsa/ca.cert | 15 +-- test-ca/eddsa/ca.der | Bin 336 -> 369 bytes test-ca/eddsa/ca.key | 3 +- test-ca/eddsa/client.cert | 18 +-- test-ca/eddsa/client.chain | 32 +++--- test-ca/eddsa/client.der | Bin 0 -> 412 bytes test-ca/eddsa/client.fullchain | 50 +++++---- test-ca/eddsa/client.key | 3 +- test-ca/eddsa/client.revoked.crl.pem | 12 +- test-ca/eddsa/end.cert | 19 ++-- test-ca/eddsa/end.chain | 32 +++--- test-ca/eddsa/end.der | Bin 0 -> 390 bytes test-ca/eddsa/end.fullchain | 51 ++++----- test-ca/eddsa/end.key | 3 +- test-ca/eddsa/end.revoked.crl.pem | 12 +- test-ca/eddsa/inter.cert | 17 +-- test-ca/eddsa/inter.der | Bin 0 -> 387 bytes test-ca/eddsa/inter.key | 3 +- test-ca/eddsa/inter.revoked.crl.pem | 8 +- test-ca/rsa-2048/ca.cert | 46 +++----- test-ca/rsa-2048/ca.der | Bin 1305 -> 835 bytes test-ca/rsa-2048/ca.key | 76 +++++-------- test-ca/rsa-2048/client.cert | 40 ++++--- test-ca/rsa-2048/client.chain | 90 ++++++--------- test-ca/rsa-2048/client.der | Bin 0 -> 875 bytes test-ca/rsa-2048/client.fullchain | 130 +++++++++------------- test-ca/rsa-2048/client.key | 52 ++++----- test-ca/rsa-2048/client.revoked.crl.pem | 23 ++-- test-ca/rsa-2048/end.cert | 40 +++---- test-ca/rsa-2048/end.chain | 90 ++++++--------- test-ca/rsa-2048/end.der | Bin 0 -> 853 bytes test-ca/rsa-2048/end.fullchain | 130 +++++++++------------- test-ca/rsa-2048/end.key | 52 ++++----- test-ca/rsa-2048/end.revoked.crl.pem | 23 ++-- test-ca/rsa-2048/inter.cert | 44 +++----- test-ca/rsa-2048/inter.der | Bin 0 -> 853 bytes test-ca/rsa-2048/inter.key | 64 +++++------ test-ca/rsa-2048/inter.revoked.crl.pem | 25 ++--- test-ca/rsa-3072/ca.cert | 25 +++++ test-ca/rsa-3072/ca.der | Bin 0 -> 1091 bytes test-ca/rsa-3072/ca.key | 40 +++++++ test-ca/rsa-3072/client.cert | 26 +++++ test-ca/rsa-3072/client.chain | 51 +++++++++ test-ca/rsa-3072/client.der | Bin 0 -> 1131 bytes test-ca/rsa-3072/client.fullchain | 77 +++++++++++++ test-ca/rsa-3072/client.key | 40 +++++++ test-ca/rsa-3072/client.revoked.crl.pem | 15 +++ test-ca/rsa-3072/end.cert | 26 +++++ test-ca/rsa-3072/end.chain | 51 +++++++++ test-ca/rsa-3072/end.der | Bin 0 -> 1109 bytes test-ca/rsa-3072/end.fullchain | 77 +++++++++++++ test-ca/rsa-3072/end.key | 40 +++++++ test-ca/rsa-3072/end.revoked.crl.pem | 15 +++ test-ca/rsa-3072/inter.cert | 26 +++++ test-ca/rsa-3072/inter.der | Bin 0 -> 1109 bytes test-ca/rsa-3072/inter.key | 40 +++++++ test-ca/rsa-3072/inter.revoked.crl.pem | 15 +++ test-ca/rsa-4096/ca.cert | 31 ++++++ test-ca/rsa-4096/ca.der | Bin 0 -> 1347 bytes test-ca/rsa-4096/ca.key | 52 +++++++++ test-ca/rsa-4096/client.cert | 31 ++++++ test-ca/rsa-4096/client.chain | 62 +++++++++++ test-ca/rsa-4096/client.der | Bin 0 -> 1387 bytes test-ca/rsa-4096/client.fullchain | 93 ++++++++++++++++ test-ca/rsa-4096/client.key | 52 +++++++++ test-ca/rsa-4096/client.revoked.crl.pem | 18 +++ test-ca/rsa-4096/end.cert | 31 ++++++ test-ca/rsa-4096/end.chain | 62 +++++++++++ test-ca/rsa-4096/end.der | Bin 0 -> 1365 bytes test-ca/rsa-4096/end.fullchain | 93 ++++++++++++++++ test-ca/rsa-4096/end.key | 52 +++++++++ test-ca/rsa-4096/end.revoked.crl.pem | 18 +++ test-ca/rsa-4096/inter.cert | 31 ++++++ test-ca/rsa-4096/inter.der | Bin 0 -> 1365 bytes test-ca/rsa-4096/inter.key | 52 +++++++++ test-ca/rsa-4096/inter.revoked.crl.pem | 17 +++ 135 files changed, 2434 insertions(+), 1263 deletions(-) create mode 100644 test-ca/ecdsa-p256/client.der create mode 100644 test-ca/ecdsa-p256/end.der create mode 100644 test-ca/ecdsa-p256/inter.der create mode 100644 test-ca/ecdsa-p384/client.der create mode 100644 test-ca/ecdsa-p384/end.der create mode 100644 test-ca/ecdsa-p384/inter.der create mode 100644 test-ca/ecdsa-p521/client.der create mode 100644 test-ca/ecdsa-p521/end.der create mode 100644 test-ca/ecdsa-p521/inter.der create mode 100644 test-ca/eddsa/client.der create mode 100644 test-ca/eddsa/end.der create mode 100644 test-ca/eddsa/inter.der create mode 100644 test-ca/rsa-2048/client.der create mode 100644 test-ca/rsa-2048/end.der create mode 100644 test-ca/rsa-2048/inter.der create mode 100644 test-ca/rsa-3072/ca.cert create mode 100644 test-ca/rsa-3072/ca.der create mode 100644 test-ca/rsa-3072/ca.key create mode 100644 test-ca/rsa-3072/client.cert create mode 100644 test-ca/rsa-3072/client.chain create mode 100644 test-ca/rsa-3072/client.der create mode 100644 test-ca/rsa-3072/client.fullchain create mode 100644 test-ca/rsa-3072/client.key create mode 100644 test-ca/rsa-3072/client.revoked.crl.pem create mode 100644 test-ca/rsa-3072/end.cert create mode 100644 test-ca/rsa-3072/end.chain create mode 100644 test-ca/rsa-3072/end.der create mode 100644 test-ca/rsa-3072/end.fullchain create mode 100644 test-ca/rsa-3072/end.key create mode 100644 test-ca/rsa-3072/end.revoked.crl.pem create mode 100644 test-ca/rsa-3072/inter.cert create mode 100644 test-ca/rsa-3072/inter.der create mode 100644 test-ca/rsa-3072/inter.key create mode 100644 test-ca/rsa-3072/inter.revoked.crl.pem create mode 100644 test-ca/rsa-4096/ca.cert create mode 100644 test-ca/rsa-4096/ca.der create mode 100644 test-ca/rsa-4096/ca.key create mode 100644 test-ca/rsa-4096/client.cert create mode 100644 test-ca/rsa-4096/client.chain create mode 100644 test-ca/rsa-4096/client.der create mode 100644 test-ca/rsa-4096/client.fullchain create mode 100644 test-ca/rsa-4096/client.key create mode 100644 test-ca/rsa-4096/client.revoked.crl.pem create mode 100644 test-ca/rsa-4096/end.cert create mode 100644 test-ca/rsa-4096/end.chain create mode 100644 test-ca/rsa-4096/end.der create mode 100644 test-ca/rsa-4096/end.fullchain create mode 100644 test-ca/rsa-4096/end.key create mode 100644 test-ca/rsa-4096/end.revoked.crl.pem create mode 100644 test-ca/rsa-4096/inter.cert create mode 100644 test-ca/rsa-4096/inter.der create mode 100644 test-ca/rsa-4096/inter.key create mode 100644 test-ca/rsa-4096/inter.revoked.crl.pem diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index c6d8e72ab2..d22a04f30a 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3395,7 +3395,7 @@ fn vectored_write_for_server_handshake_with_half_rtt_data() { let mut pipe = OtherSession::new(&mut client); let wrlen = server.write_tls(&mut pipe).unwrap(); // don't assert exact sizes here, to avoid a brittle test - assert!(wrlen > 4000); // its pretty big (contains cert chain) + assert!(wrlen > 3000); // its pretty big (contains cert chain) assert_eq!(pipe.writevs.len(), 1); // only one writev assert_eq!(pipe.writevs[0].len(), 8); // at least a server hello/ccs/cert/serverkx/0.5rtt data } @@ -3435,7 +3435,7 @@ fn check_half_rtt_does_not_work(server_config: ServerConfig) { let mut pipe = OtherSession::new(&mut client); let wrlen = server.write_tls(&mut pipe).unwrap(); // don't assert exact sizes here, to avoid a brittle test - assert!(wrlen > 4000); // its pretty big (contains cert chain) + assert!(wrlen > 3000); // its pretty big (contains cert chain) assert_eq!(pipe.writevs.len(), 1); // only one writev assert!(pipe.writevs[0].len() >= 6); // at least a server hello/ccs/cert/serverkx data } diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 8d38d1d10b..9e5df0bd10 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -130,6 +130,40 @@ embed_files! { (RSA_2048_END_KEY, "rsa-2048", "end.key"); (RSA_2048_INTER_CERT, "rsa-2048", "inter.cert"); (RSA_2048_INTER_KEY, "rsa-2048", "inter.key"); + + (RSA_3072_CA_CERT, "rsa-3072", "ca.cert"); + (RSA_3072_CA_DER, "rsa-3072", "ca.der"); + (RSA_3072_CA_KEY, "rsa-3072", "ca.key"); + (RSA_3072_CLIENT_CERT, "rsa-3072", "client.cert"); + (RSA_3072_CLIENT_CHAIN, "rsa-3072", "client.chain"); + (RSA_3072_CLIENT_FULLCHAIN, "rsa-3072", "client.fullchain"); + (RSA_3072_CLIENT_KEY, "rsa-3072", "client.key"); + (RSA_3072_END_CRL_PEM, "rsa-3072", "end.revoked.crl.pem"); + (RSA_3072_CLIENT_CRL_PEM, "rsa-3072", "client.revoked.crl.pem"); + (RSA_3072_INTERMEDIATE_CRL_PEM, "rsa-3072", "inter.revoked.crl.pem"); + (RSA_3072_END_CERT, "rsa-3072", "end.cert"); + (RSA_3072_END_CHAIN, "rsa-3072", "end.chain"); + (RSA_3072_END_FULLCHAIN, "rsa-3072", "end.fullchain"); + (RSA_3072_END_KEY, "rsa-3072", "end.key"); + (RSA_3072_INTER_CERT, "rsa-3072", "inter.cert"); + (RSA_3072_INTER_KEY, "rsa-3072", "inter.key"); + + (RSA_4096_CA_CERT, "rsa-4096", "ca.cert"); + (RSA_4096_CA_DER, "rsa-4096", "ca.der"); + (RSA_4096_CA_KEY, "rsa-4096", "ca.key"); + (RSA_4096_CLIENT_CERT, "rsa-4096", "client.cert"); + (RSA_4096_CLIENT_CHAIN, "rsa-4096", "client.chain"); + (RSA_4096_CLIENT_FULLCHAIN, "rsa-4096", "client.fullchain"); + (RSA_4096_CLIENT_KEY, "rsa-4096", "client.key"); + (RSA_4096_END_CRL_PEM, "rsa-4096", "end.revoked.crl.pem"); + (RSA_4096_CLIENT_CRL_PEM, "rsa-4096", "client.revoked.crl.pem"); + (RSA_4096_INTERMEDIATE_CRL_PEM, "rsa-4096", "inter.revoked.crl.pem"); + (RSA_4096_END_CERT, "rsa-4096", "end.cert"); + (RSA_4096_END_CHAIN, "rsa-4096", "end.chain"); + (RSA_4096_END_FULLCHAIN, "rsa-4096", "end.fullchain"); + (RSA_4096_END_KEY, "rsa-4096", "end.key"); + (RSA_4096_INTER_CERT, "rsa-4096", "inter.cert"); + (RSA_4096_INTER_KEY, "rsa-4096", "inter.key"); } pub fn transfer( @@ -227,6 +261,8 @@ where #[derive(Clone, Copy, Debug, PartialEq)] pub enum KeyType { Rsa2048, + Rsa3072, + Rsa4096, EcdsaP256, EcdsaP384, EcdsaP521, @@ -235,6 +271,8 @@ pub enum KeyType { pub static ALL_KEY_TYPES: &[KeyType] = &[ KeyType::Rsa2048, + KeyType::Rsa3072, + KeyType::Rsa4096, KeyType::EcdsaP256, KeyType::EcdsaP384, #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] @@ -246,6 +284,8 @@ impl KeyType { fn bytes_for(&self, part: &str) -> &'static [u8] { match self { Self::Rsa2048 => bytes_for("rsa-2048", part), + Self::Rsa3072 => bytes_for("rsa-3072", part), + Self::Rsa4096 => bytes_for("rsa-4096", part), Self::EcdsaP256 => bytes_for("ecdsa-p256", part), Self::EcdsaP384 => bytes_for("ecdsa-p384", part), Self::EcdsaP521 => bytes_for("ecdsa-p521", part), @@ -308,7 +348,15 @@ impl KeyType { pub fn ca_distinguished_name(&self) -> &'static [u8] { match self { - KeyType::Rsa2048 => &b"0\x1a1\x180\x16\x06\x03U\x04\x03\x0c\x0fponytown RSA CA"[..], + KeyType::Rsa2048 => { + &b"0\x1f1\x1d0\x1b\x06\x03U\x04\x03\x0c\x14ponytown RSA 2048 CA"[..] + } + KeyType::Rsa3072 => { + &b"0\x1f1\x1d0\x1b\x06\x03U\x04\x03\x0c\x14ponytown RSA 3072 CA"[..] + } + KeyType::Rsa4096 => { + &b"0\x1f1\x1d0\x1b\x06\x03U\x04\x03\x0c\x14ponytown RSA 4096 CA"[..] + } KeyType::EcdsaP256 => { &b"0\x211\x1f0\x1d\x06\x03U\x04\x03\x0c\x16ponytown ECDSA p256 CA"[..] } diff --git a/test-ca/ecdsa-p256/ca.cert b/test-ca/ecdsa-p256/ca.cert index c5e1624b04..0666d8f107 100644 --- a/test-ca/ecdsa-p256/ca.cert +++ b/test-ca/ecdsa-p256/ca.cert @@ -1,11 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBlzCCAT2gAwIBAgIUXNAfCxy5XH9euZCdMIPq/Rvd7RUwCgYIKoZIzj0EAwIw -ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDI1NiBDQTAeFw0yMzEyMjExNzIz -MTRaFw0zMzEyMTgxNzIzMTRaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAy -NTYgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATt16Sg8z+JLDkcwWpjiAs6 -U0tJR3SfjPV8A3J8ROmXVBNG0yqm6/mPMofftbJEyHNHI3hQ3Dq9lntQ4MmMogWc -o1MwUTAdBgNVHQ4EFgQUPCLByOwqcjYqm6f2yusG+EykRw8wHwYDVR0jBBgwFoAU -PCLByOwqcjYqm6f2yusG+EykRw8wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD -AgNIADBFAiEAyDvCCfom06ef3DUGIuVGu94tWWZawxflnGRgro4aCLUCIHkMsDLh -K2dhBn7uCTO/2+njVegxA2Akap5S1rzsvbMl +MIIBtzCCAV2gAwIBAgIBBDAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMjU2IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMjU2IENBMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEt7wL3biRoR6fSefjp0t08cudi2zQUounGCxjHQY1brlh +IVUp2VfP/FhPKBX7VgHRHTJoukAAtg12Aks7cqalEKOBgzCBgDAfBgNVHSMEGDAW +gBRfW6pxJGPHn4+tADqUNDV6Uo8xyDAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYw +FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRfW6pxJGPHn4+tADqUNDV6 +Uo8xyDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFZel8Z3muq9 +cA5ZQfnoPyXbPv5yf0aT+VsXDk0mirdoAiEAjzViKYx3OOYAnlRSvlDabDbqXy2f +Vezw14zRbrDN9D4= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p256/ca.der b/test-ca/ecdsa-p256/ca.der index 261389c7a2ad460f4605c79275d290d07d0544f5..5b9804071ebc87d3e03575331e007bd7ceb3815d 100644 GIT binary patch delta 316 zcmbQuyqj6Tpowui5XUZHW@2PwVq}@9Y@nbZ&TDRJU++-6*Wfz68 zxar5rXT926z!&NG^M$?YZM%O(^=^}YMvL?Ls&#G8U{Yl0H%-#)DYtmWFfSx%U%;&# VvsdxD^F!Z!xZZOyZ^PLyb^tK?XJG&U delta 284 zcmdnZJeyhBpowuh5Zf+bW@2Pw5{bDW&n>evrao@xgt-RIul`EkeJeUqz(7t;oY%TpcM2Yhn1G$D45bneT`}()nmn`^f->G9Mb1*BpgWD?D+ta;de$Uq$=As&x zm(xRp-7ae_d;PQDsQv!dO)e*j-IXf>?pW=eRvqx*WX~ejIg5i00u5x@m_udxSj1RF zY?Kb3c%xNhrZs!{w^Og#e)ueL=QofCNh`BR7>G5XD_{kym>j~W?4rnU!uk;BFSX0d z=if19Q+n#Q`<`xOTGV0jr*l#g*7ZqoY-LiYv8Ihm<>B?gfO!ffnd2QV>0UBb-B&g{g%@^iY%^qZO%jM5*fKOMMv zdBw>ayDaWK@V}7rfZ5%3xsqqGqNUC>rd=W~j>%804{mGQ;klY;$|tFieF44F-5dAICY z#<^*oU+$$N1?}(F^8q#F1?4j-7#)vlJlCOToHyyAS4+2buE04bjr@MDD=OZ4?h@L< FE&ylmk=p_NnG0H(Rwxcf$vD5A!%gjJU%LFP)dKZx(Sp`FTCp-0JtcDppLG%(G{Kp8jj^ z90m2KGy4}eb{aIc8OQ_el~rbuFc51Hxnw+NNq+Svhn0NEUs=3d>&!*x6d44A6bQ2T z7%ZE=&p>fguorL6ii)iGigVl7NA+p`n33#1IW^hUBD{rRFFY zDP-oAq!#6-rer3Tq#8sT2(z(+-ND2Nbr3TnJF^o5%QoA3v#n)3@tS3C)${G;B$J%J zMKSV4PCf0?qC;{ zWE!ghGmt_KW@dK=0~aO*p}zeaCh{rOpRL)bzryoSOg5{Qkk>ZHN}H)BcF8NaFEJ_P l-FdP?bFqlyflJ-z@5cFfaDQF7{Jpo#Gd5LYc=W@2PwVq`VoV&l+i^EhYA!puBTUqwMdoY&mczz_(*AWDMY z#K6)FAuzGfrk=-PmzHw<+#5^+OSyh^d7Tv3ox1Ip``RX>#Yb=JzmWWvsr+AV3Eb}4H9of`oHms!@TWS6Kin@d!@EuZgoL)5_F zU&$d;d&cC&jm-v)4F>XT%%QT%ED{D{4I)0ORoVV3yHuXfvhohI+1hZ$_o1|n=6+H8!htnAE;a269pnvX?{1;sd+X_EsPWwM!>GZ+j~ znG6}W{btLavDy3RQ&zoY%X(XlM4E+tv+I3-2Tl|YVVdhI`|9fBzit~s1hT7i59Rte z-DWay%?n)HrK8a#xveI}>G12UY38$ql(tGWO`BdF`ga4{kFA=2Pj5}SB)!;2L0;H; GOAY{GUy0lR delta 367 zcmeyte1lovpo#Gc5JxRwW@2Pw5;1K#Y!cLVrl?0jmBBKs&EQm6aGC)Z8;4e#$2nUT zW~PaWDspn-yhg@`Mn;B)=0MscN}Sgi$ThTpa3?0%)bIYGzdUQH_3|m#ufDzD{;PD& z;cZ)QH%wmZb5;LhhfPH7zBoap9S*XeZJm~zeVD+f)D$p5_CI6pzLFVdCLNHD-}QUe zvYDqf1(xnT^D#(tnWEN8nID?J*%r63NIsjsqcl!#aj-$4fh-$ys4O3g7>h{p>;<{u zB2T9zuM*o4^}}($DyQ?sg9h>-d1V#}1F;4S6(9wZ3mIjynV2&e3{sg4B>wSvyt#hy z@fz9or<=t(bruJ2Z=1M4A>M%@@`^?C{?L**%R^7+`mf4AC||}a$v&IOkm2+4>y4g& xY^3#n1v9l;)_R>ilj{5Q@P@*j^KL3{edhAbQ8;Symm{g_$+N%2D?YH)0031Mltusm diff --git a/test-ca/ecdsa-p384/ca.key b/test-ca/ecdsa-p384/ca.key index 0056c568f6..d2c467a4f8 100644 --- a/test-ca/ecdsa-p384/ca.key +++ b/test-ca/ecdsa-p384/ca.key @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBLeL7yVcjQMu8hgwXO -ChBwHB4RRNkfCrGEMlWM3zHXHoY5WkusLYGnwpdBfcTr7h6hZANiAAS7+C+naqU7 -p5TX1e3QR/p1rMO2tduAk61M1S/RiDxYfb5eESK4QB3zPUKnNvCQDiKCUJAd/wFt -vnSYzJLAG1+6+5qmmcspEKW9zPFSFaYhKqkc+Cn7BqOEBBnml7h1Xh4= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA0mvB1fRcyygdq7yqo +/TgC/0e0MP3COpHv+J6ikE7QopZjlGN4mjMTLE/mfC46FhehZANiAAQMQLoqI3+d +2AIQpQr6ikrJFy2VtvpHrYIyo8XbL+gZ9mUio1PJ+Zjq1DR6pHp+jQoDGKfBTqZt +/J3K7T6kgZbSWp/c2FAQ0wStJGt0JQM3GHjtd59K2BUwMP50wjU/AWM= -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p384/client.cert b/test-ca/ecdsa-p384/client.cert index eecf6314ea..eabfa936c6 100644 --- a/test-ca/ecdsa-p384/client.cert +++ b/test-ca/ecdsa-p384/client.cert @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIICGzCCAaGgAwIBAgICAxUwCgYIKoZIzj0EAwMwMzExMC8GA1UEAwwocG9ueXRv -d24gRUNEU0EgcDM4NCBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz -MTVaFw0yOTA2MTIxNzIzMTVaMBoxGDAWBgNVBAMMD3Bvbnl0b3duIGNsaWVudDB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABBRIrbH968bV31auCn04qY0E+wjKpc4MxjRq -FUqA+4A4Qe6aYHSPgeeujAainNqEORhhmenx1qSj92Sg2/IUo7HEuRIupK/mJiud -Fn7YiLRFvK8wli0SdNQCyEZkZqYzTaOBoDCBnTAMBgNVHRMBAf8EAjAAMAsGA1Ud -DwQEAwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQUsTwbjOZY -jG0ZAhsB6zzNT7K07hEwSQYDVR0jBEIwQIAUHl/afC4y4pJ1K9t43p8KgB/Hgtyh -JaQjMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAzODQgQ0GCAXswCgYIKoZI -zj0EAwMDaAAwZQIxAIKAHQ1Dq2kWqeBAm86hGBeUn/Pbchwcy+QY9DcbcoWaYL6j -rUs78z2v9ubQg7s2FQIwKOQ7YdSLwLbUK/O6DnJ+lENTXbqdkEheo049mLs4csWd -vO1K7h1UBtViOE4y3gxR +MIICGjCCAaCgAwIBAgIBGjAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93 +biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw +MFoYDzQwOTYwMTAxMDAwMDAwWjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQw +djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQ9QppVZhgucWNMMESGn3Tj0aSbLV1Ztfmv +o4aIytluAO0CRa6bwWC1D8YbnjLgYRAMeQZFxdsnq9wEaJx2W9irzeIaYDbHspST +mwuG5Dgx852be5edRj17aVN9M6k5duGjgZ4wgZswHwYDVR0jBBgwFoAUexEISQwb +vPjrWXcNjge5T3QM+zQwUwYDVR0RBEwwSoIOdGVzdHNlcnZlci5jb22CFXNlY29u +ZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0hwTGM2QBhxAgAQ24AAAAAAAAAAAA +AAABMA4GA1UdDwEB/wQEAwIGwDATBgNVHSUEDDAKBggrBgEFBQcDAjAKBggqhkjO +PQQDAwNoADBlAjA8ipZip6hGTTklgm3xmDO4ubbM6WjjWkZUlDighLvNo6U7ULOh ++IydkM+WoQiaFa8CMQC00UZfPAiHqyTgno+hlUjDDFMJXaEKWjeshh7hz0Ju2zDP +X3bQZUj3Bf14od31ciw= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/client.chain b/test-ca/ecdsa-p384/client.chain index 7e9911fad0..cdf7ef04f3 100644 --- a/test-ca/ecdsa-p384/client.chain +++ b/test-ca/ecdsa-p384/client.chain @@ -1,25 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIB/zCCAYWgAwIBAgIBezAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 -biBFQ0RTQSBwMzg0IENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow -MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDM4NCBsZXZlbCAyIGludGVybWVk -aWF0ZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABPX6aLDyGcVyYDeu49cAAirTWpbE -uADCf+aMDfZnhKycyjw2H2BtLtQN98rR05V2IQTx5nwqAa55Wt+zl5osHvNV44bC -W2yicvSrRz0+73CJ6tgXg2LIWT5NRSfpMIiNmqN/MH0wHQYDVR0OBBYEFB5f2nwu -MuKSdSvbeN6fCoAfx4LcMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBRzm6BtVxTl -lGOqFrha+EG/CUPRwTAKBggqhkjOPQQDAwNoADBlAjEA09d6+H8wXFCbO1TvreLK -sar0KL2QvQpju7MAI5EljY4ElmUnrlU5ZBoJqmZ5IQmIAjAqYjJwkwOiKDOlBORu -ToJ5rIImD7aDG5oRTHSzPibIS/SGG7rBa0JSmRGtaI6jrUA= +MIICBjCCAYygAwIBAgIBDDAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJt +ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkFxZ96EGr/pFtojEWPXSTqfE +tD4VAwDKrmvL2H9zLt5ze2E0fohwpJWQ29EtgFbKwndwIHXh6Rh9H5yhKGTfgEQp +p6wlVb7BNaE7C1mCNwlY2Qbolmvz3AF8U2mVokuEo4GDMIGAMB8GA1UdIwQYMBaA +FEwlemtPJLok55o6Szy1gNQz72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFHsRCEkMG7z461l3DY4HuU90 +DPs0MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAJX7SRwwOwlD +yQdga5IK5GbPuQQLAeQiWuQROtjikqpDfrsqbO8+cMCYXSUYRPmYjQIwIqzzADyz ++51kgssYK3Sq1hJ4glZ3vTjyxv1ihafzMCkgjmSqxAwnlfQolPRKVdHl -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB1DCCAVqgAwIBAgIUNYTDNFKGzHKMICUAOVaGMMpWU2YwCgYIKoZIzj0EAwIw -ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDM4NCBDQTAeFw0yMzEyMjExNzIz -MTRaFw0zMzEyMTgxNzIzMTRaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAz -ODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS7+C+naqU7p5TX1e3QR/p1rMO2 -tduAk61M1S/RiDxYfb5eESK4QB3zPUKnNvCQDiKCUJAd/wFtvnSYzJLAG1+6+5qm -mcspEKW9zPFSFaYhKqkc+Cn7BqOEBBnml7h1Xh6jUzBRMB0GA1UdDgQWBBRzm6Bt -VxTllGOqFrha+EG/CUPRwTAfBgNVHSMEGDAWgBRzm6BtVxTllGOqFrha+EG/CUPR -wTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA2gAMGUCMBj+Dkjs19HjrB2H -5bMWiSyjU7eGkaAgX0AAWdQ4g79VdF45wuWdT6pvwR92DRkHmwIxAPOn14FJ/Dwb -L/pTAoU5fUrNzGVN5cOwcbme2SO15kT2QRNak/TEZSdjm/RfIeA5KA== +MIIB9DCCAXqgAwIBAgIBBTAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMzg0IENBMHYwEAYHKoZIzj0C +AQYFK4EEACIDYgAEDEC6KiN/ndgCEKUK+opKyRctlbb6R62CMqPF2y/oGfZlIqNT +yfmY6tQ0eqR6fo0KAxinwU6mbfydyu0+pIGW0lqf3NhQENMErSRrdCUDNxh47Xef +StgVMDD+dMI1PwFjo4GDMIGAMB8GA1UdIwQYMBaAFEwlemtPJLok55o6Szy1gNQz +72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH +AwIwHQYDVR0OBBYEFEwlemtPJLok55o6Szy1gNQz72dpMA8GA1UdEwEB/wQFMAMB +Af8wCgYIKoZIzj0EAwMDaAAwZQIxALb7BmuYs0vF5QUupqaNhTIUgxNNa39N+1GR +E1QCnUUd6tXj/UawVBBrei3CbUxC2wIwRW5RrYosKIIZtnxkQsPrapY3mxIitRqC +lpd7Vf2wBvi1Kf3LtWLSG6NMIB8TO7Rs -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/client.der b/test-ca/ecdsa-p384/client.der new file mode 100644 index 0000000000000000000000000000000000000000..eb5131f4deb6d099f1b8ec563872aead11c37267 GIT binary patch literal 542 zcmXqLVv;gwVqCC*nTe5!iBZaci;Y98&EuRc3p2BUv7w=XJ{xl=3p0;KL4ICkNq%{r zf~&Jju%kkOv4x33PHI_dj)IXwW?o5ZQEqBVW@1UIfr2=%xv7C65Q0IJ1iy)ar5Tcd zfs~v8Ihm<>B?e^%0&MJH2QV?Rv1&K6Feou6F|gP=%?eGE&?`*#F>q;{ zU-J0klG(bkkz0SRU)Si9pTPD|avkxY0(SfltM9O6%qfe$ zvHI*IsRXm*o2E>j&E59I!tnFl+11nMy4hA|2G<&|v@CnLxN)9A<7@+YpsQq+S%A)K z5UCdA@Z^!+^W$}7Id32PPX7{~-zEmZAO(UfJ_cS*d?l&HCB>;lWvNAa$@#fWqQ$An z`FSaNXu_O1`N@en8TrK}?JUQPQyAL?6c~ATFdzV<0UyXven!UsEG*1SYzGX4L3~vf z9#C9pvoW%=vNJOw#|v`?gFz~jflb%6q~$Bzd@WU*azD;6-m!DrnU@)lqufHKSS)DS zeRlCu>wwJ*fAq|qaDLiCj#;AXnG6}WTy%@K;b>p2@?c*7!l@pId4f4(7ji|JuW6He ac-|@Rw!!)MvJ0sm-&y}wEWG=*NCyCzzq54! literal 0 HcmV?d00001 diff --git a/test-ca/ecdsa-p384/client.fullchain b/test-ca/ecdsa-p384/client.fullchain index 12d568a300..38d8eaf762 100644 --- a/test-ca/ecdsa-p384/client.fullchain +++ b/test-ca/ecdsa-p384/client.fullchain @@ -1,39 +1,40 @@ -----BEGIN CERTIFICATE----- -MIICGzCCAaGgAwIBAgICAxUwCgYIKoZIzj0EAwMwMzExMC8GA1UEAwwocG9ueXRv -d24gRUNEU0EgcDM4NCBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz -MTVaFw0yOTA2MTIxNzIzMTVaMBoxGDAWBgNVBAMMD3Bvbnl0b3duIGNsaWVudDB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABBRIrbH968bV31auCn04qY0E+wjKpc4MxjRq -FUqA+4A4Qe6aYHSPgeeujAainNqEORhhmenx1qSj92Sg2/IUo7HEuRIupK/mJiud -Fn7YiLRFvK8wli0SdNQCyEZkZqYzTaOBoDCBnTAMBgNVHRMBAf8EAjAAMAsGA1Ud -DwQEAwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAjAdBgNVHQ4EFgQUsTwbjOZY -jG0ZAhsB6zzNT7K07hEwSQYDVR0jBEIwQIAUHl/afC4y4pJ1K9t43p8KgB/Hgtyh -JaQjMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAzODQgQ0GCAXswCgYIKoZI -zj0EAwMDaAAwZQIxAIKAHQ1Dq2kWqeBAm86hGBeUn/Pbchwcy+QY9DcbcoWaYL6j -rUs78z2v9ubQg7s2FQIwKOQ7YdSLwLbUK/O6DnJ+lENTXbqdkEheo049mLs4csWd -vO1K7h1UBtViOE4y3gxR +MIICGjCCAaCgAwIBAgIBGjAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93 +biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw +MFoYDzQwOTYwMTAxMDAwMDAwWjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQw +djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQ9QppVZhgucWNMMESGn3Tj0aSbLV1Ztfmv +o4aIytluAO0CRa6bwWC1D8YbnjLgYRAMeQZFxdsnq9wEaJx2W9irzeIaYDbHspST +mwuG5Dgx852be5edRj17aVN9M6k5duGjgZ4wgZswHwYDVR0jBBgwFoAUexEISQwb +vPjrWXcNjge5T3QM+zQwUwYDVR0RBEwwSoIOdGVzdHNlcnZlci5jb22CFXNlY29u +ZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0hwTGM2QBhxAgAQ24AAAAAAAAAAAA +AAABMA4GA1UdDwEB/wQEAwIGwDATBgNVHSUEDDAKBggrBgEFBQcDAjAKBggqhkjO +PQQDAwNoADBlAjA8ipZip6hGTTklgm3xmDO4ubbM6WjjWkZUlDighLvNo6U7ULOh ++IydkM+WoQiaFa8CMQC00UZfPAiHqyTgno+hlUjDDFMJXaEKWjeshh7hz0Ju2zDP +X3bQZUj3Bf14od31ciw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB/zCCAYWgAwIBAgIBezAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 -biBFQ0RTQSBwMzg0IENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow -MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDM4NCBsZXZlbCAyIGludGVybWVk -aWF0ZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABPX6aLDyGcVyYDeu49cAAirTWpbE -uADCf+aMDfZnhKycyjw2H2BtLtQN98rR05V2IQTx5nwqAa55Wt+zl5osHvNV44bC -W2yicvSrRz0+73CJ6tgXg2LIWT5NRSfpMIiNmqN/MH0wHQYDVR0OBBYEFB5f2nwu -MuKSdSvbeN6fCoAfx4LcMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBRzm6BtVxTl -lGOqFrha+EG/CUPRwTAKBggqhkjOPQQDAwNoADBlAjEA09d6+H8wXFCbO1TvreLK -sar0KL2QvQpju7MAI5EljY4ElmUnrlU5ZBoJqmZ5IQmIAjAqYjJwkwOiKDOlBORu -ToJ5rIImD7aDG5oRTHSzPibIS/SGG7rBa0JSmRGtaI6jrUA= +MIICBjCCAYygAwIBAgIBDDAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJt +ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkFxZ96EGr/pFtojEWPXSTqfE +tD4VAwDKrmvL2H9zLt5ze2E0fohwpJWQ29EtgFbKwndwIHXh6Rh9H5yhKGTfgEQp +p6wlVb7BNaE7C1mCNwlY2Qbolmvz3AF8U2mVokuEo4GDMIGAMB8GA1UdIwQYMBaA +FEwlemtPJLok55o6Szy1gNQz72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFHsRCEkMG7z461l3DY4HuU90 +DPs0MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAJX7SRwwOwlD +yQdga5IK5GbPuQQLAeQiWuQROtjikqpDfrsqbO8+cMCYXSUYRPmYjQIwIqzzADyz ++51kgssYK3Sq1hJ4glZ3vTjyxv1ihafzMCkgjmSqxAwnlfQolPRKVdHl -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB1DCCAVqgAwIBAgIUNYTDNFKGzHKMICUAOVaGMMpWU2YwCgYIKoZIzj0EAwIw -ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDM4NCBDQTAeFw0yMzEyMjExNzIz -MTRaFw0zMzEyMTgxNzIzMTRaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAz -ODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS7+C+naqU7p5TX1e3QR/p1rMO2 -tduAk61M1S/RiDxYfb5eESK4QB3zPUKnNvCQDiKCUJAd/wFtvnSYzJLAG1+6+5qm -mcspEKW9zPFSFaYhKqkc+Cn7BqOEBBnml7h1Xh6jUzBRMB0GA1UdDgQWBBRzm6Bt -VxTllGOqFrha+EG/CUPRwTAfBgNVHSMEGDAWgBRzm6BtVxTllGOqFrha+EG/CUPR -wTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA2gAMGUCMBj+Dkjs19HjrB2H -5bMWiSyjU7eGkaAgX0AAWdQ4g79VdF45wuWdT6pvwR92DRkHmwIxAPOn14FJ/Dwb -L/pTAoU5fUrNzGVN5cOwcbme2SO15kT2QRNak/TEZSdjm/RfIeA5KA== +MIIB9DCCAXqgAwIBAgIBBTAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMzg0IENBMHYwEAYHKoZIzj0C +AQYFK4EEACIDYgAEDEC6KiN/ndgCEKUK+opKyRctlbb6R62CMqPF2y/oGfZlIqNT +yfmY6tQ0eqR6fo0KAxinwU6mbfydyu0+pIGW0lqf3NhQENMErSRrdCUDNxh47Xef +StgVMDD+dMI1PwFjo4GDMIGAMB8GA1UdIwQYMBaAFEwlemtPJLok55o6Szy1gNQz +72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH +AwIwHQYDVR0OBBYEFEwlemtPJLok55o6Szy1gNQz72dpMA8GA1UdEwEB/wQFMAMB +Af8wCgYIKoZIzj0EAwMDaAAwZQIxALb7BmuYs0vF5QUupqaNhTIUgxNNa39N+1GR +E1QCnUUd6tXj/UawVBBrei3CbUxC2wIwRW5RrYosKIIZtnxkQsPrapY3mxIitRqC +lpd7Vf2wBvi1Kf3LtWLSG6NMIB8TO7Rs -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/client.key b/test-ca/ecdsa-p384/client.key index 02a577b650..1b3f55ab98 100644 --- a/test-ca/ecdsa-p384/client.key +++ b/test-ca/ecdsa-p384/client.key @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDZr5xMqVBYjLSrltkr -c+y7pkEX+5PfO9AMVCXuXoGjtWFuJ0m2Xzo1wKKUxL5QVjKhZANiAAQUSK2x/evG -1d9Wrgp9OKmNBPsIyqXODMY0ahVKgPuAOEHummB0j4HnrowGopzahDkYYZnp8dak -o/dkoNvyFKOxxLkSLqSv5iYrnRZ+2Ii0RbyvMJYtEnTUAshGZGamM00= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCYZD0DjyELBNt5PwmN +hDQv7KOsU78qfbHbIsXz4+3SnUvlI1av+YvEjkbdZzKWNR6hZANiAAQ9QppVZhgu +cWNMMESGn3Tj0aSbLV1Ztfmvo4aIytluAO0CRa6bwWC1D8YbnjLgYRAMeQZFxdsn +q9wEaJx2W9irzeIaYDbHspSTmwuG5Dgx852be5edRj17aVN9M6k5duE= -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p384/client.revoked.crl.pem b/test-ca/ecdsa-p384/client.revoked.crl.pem index 1e8a935cde..f35d696087 100644 --- a/test-ca/ecdsa-p384/client.revoked.crl.pem +++ b/test-ca/ecdsa-p384/client.revoked.crl.pem @@ -1,9 +1,9 @@ -----BEGIN X509 CRL----- -MIIBMzCBuQIBATAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT -QSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yMzEyMjExNzIzMTVaFw0yMzEy -MjgxNzIzMTVaMCMwIQICAxUXDTIzMTIyMTE3MjMxNVowDDAKBgNVHRUEAwoBAaAw -MC4wHwYDVR0jBBgwFoAUHl/afC4y4pJ1K9t43p8KgB/HgtwwCwYDVR0UBAQCAhAB -MAoGCCqGSM49BAMDA2kAMGYCMQDGrCImPePyTruoH+K8q4sL7x/WNs19aHvFrKuE -Ipddfqr7YLsL/p9smk5VPcgDm+wCMQCGfHVMFEWV1l2t6haI+/dCEWM5gcyiKaVc -SnEJenOSv74pa8410M3kEkhm3aKXhh8= +MIIBMjCBuAIBATAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA0MDcxODI0NDVaFw0yNDA0 +MTIxODI0NDVaMCIwIAIBGhcNMjQwNDA3MTgyNDQ1WjAMMAoGA1UdFQQDCgEBoDAw +LjAfBgNVHSMEGDAWgBR7EQhJDBu8+OtZdw2OB7lPdAz7NDALBgNVHRQEBAICBNIw +CgYIKoZIzj0EAwMDaQAwZgIxANuvhmWZq6b8AQI7b7tWt+7k/Aa9A7/sZoKhcpvw +qKTbXHyN4Yrn8S41iZV47P+KLgIxANUAGNvYA5L6JLR5hg+m0OLY+lzkAv6KJj0/ +S5oHO5FANV8PFQLF18gWX2gwtBOcyA== -----END X509 CRL----- diff --git a/test-ca/ecdsa-p384/end.cert b/test-ca/ecdsa-p384/end.cert index 5d78b33fcd..07129ffe6c 100644 --- a/test-ca/ecdsa-p384/end.cert +++ b/test-ca/ecdsa-p384/end.cert @@ -1,15 +1,13 @@ -----BEGIN CERTIFICATE----- -MIICVjCCAd2gAwIBAgICAcgwCgYIKoZIzj0EAwMwMzExMC8GA1UEAwwocG9ueXRv -d24gRUNEU0EgcDM4NCBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz -MTVaFw0yOTA2MTIxNzIzMTVaMBkxFzAVBgNVBAMMDnRlc3RzZXJ2ZXIuY29tMHYw -EAYHKoZIzj0CAQYFK4EEACIDYgAEUV7jAxC5WMDS8fGg3UxSpm5XgZ/GwvqGUCK6 -K12Mj6EfHxw/TNu5qQiBbXF2Y2BJ6ZoX7P4Heqfzhustt26kY8OX8f0UfQOUJ0Pg -LXIS+9VANNE7+SEx/VRxWzGtunZzo4HdMIHaMAwGA1UdEwEB/wQCMAAwCwYDVR0P -BAQDAgbAMB0GA1UdDgQWBBQ/lFO7qF6QDoBjXsTmDX4gS2g5FzBJBgNVHSMEQjBA -gBQeX9p8LjLiknUr23jenwqAH8eC3KElpCMwITEfMB0GA1UEAwwWcG9ueXRvd24g -RUNEU0EgcDM4NCBDQYIBezBTBgNVHREETDBKgg50ZXN0c2VydmVyLmNvbYcExjNk -AYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29thxAgAQ24AAAAAAAAAAAAAAABgglsb2Nh -bGhvc3QwCgYIKoZIzj0EAwMDZwAwZAIwfuslVcYCY4A4XRz8VlhBu1aObilUtzOU -ybtrQtepL1YFgt5YSWUYsPVT97EDtoL0AjBs4V+BPQYaVCT5D4GFAZQH6yDe2Ws6 -9TInz7bavogiI3qQwdTzYgE3y0u2TAIbF48= +MIICBTCCAYqgAwIBAgIBEzAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93 +biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw +MFoYDzQwOTYwMTAxMDAwMDAwWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABO+9bzwsp+UMJE9q1hZHotYJ6HYIT0wz3nML +54iNzsZlA9f1yIqf2aL+BMfSD2pCHfVgWTEZFp7WEvIhrDu+WcUXHoRQ31p9lw6X +MzJWXihbN0OU5nBOPPcyImL5TIhIWKOBiTCBhjAfBgNVHSMEGDAWgBR7EQhJDBu8 ++OtZdw2OB7lPdAz7NDBTBgNVHREETDBKgg50ZXN0c2VydmVyLmNvbYIVc2Vjb25k +LnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3SHBMYzZAGHECABDbgAAAAAAAAAAAAA +AAEwDgYDVR0PAQH/BAQDAgbAMAoGCCqGSM49BAMDA2kAMGYCMQDkM+CEeHnsf4Ww +YNDUjNlodcpJDxEk4PTsIECvu2EdQjLXHt0vrogZeAVvHhUMixcCMQDB/pZCcjsW +ly7qVSS2f9PJE/LY7dLv9Gg2gLQyhAj3hG1zVC8psFK/KRKME6ypVZ0= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/end.chain b/test-ca/ecdsa-p384/end.chain index 7e9911fad0..cdf7ef04f3 100644 --- a/test-ca/ecdsa-p384/end.chain +++ b/test-ca/ecdsa-p384/end.chain @@ -1,25 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIB/zCCAYWgAwIBAgIBezAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 -biBFQ0RTQSBwMzg0IENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow -MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDM4NCBsZXZlbCAyIGludGVybWVk -aWF0ZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABPX6aLDyGcVyYDeu49cAAirTWpbE -uADCf+aMDfZnhKycyjw2H2BtLtQN98rR05V2IQTx5nwqAa55Wt+zl5osHvNV44bC -W2yicvSrRz0+73CJ6tgXg2LIWT5NRSfpMIiNmqN/MH0wHQYDVR0OBBYEFB5f2nwu -MuKSdSvbeN6fCoAfx4LcMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBRzm6BtVxTl -lGOqFrha+EG/CUPRwTAKBggqhkjOPQQDAwNoADBlAjEA09d6+H8wXFCbO1TvreLK -sar0KL2QvQpju7MAI5EljY4ElmUnrlU5ZBoJqmZ5IQmIAjAqYjJwkwOiKDOlBORu -ToJ5rIImD7aDG5oRTHSzPibIS/SGG7rBa0JSmRGtaI6jrUA= +MIICBjCCAYygAwIBAgIBDDAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJt +ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkFxZ96EGr/pFtojEWPXSTqfE +tD4VAwDKrmvL2H9zLt5ze2E0fohwpJWQ29EtgFbKwndwIHXh6Rh9H5yhKGTfgEQp +p6wlVb7BNaE7C1mCNwlY2Qbolmvz3AF8U2mVokuEo4GDMIGAMB8GA1UdIwQYMBaA +FEwlemtPJLok55o6Szy1gNQz72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFHsRCEkMG7z461l3DY4HuU90 +DPs0MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAJX7SRwwOwlD +yQdga5IK5GbPuQQLAeQiWuQROtjikqpDfrsqbO8+cMCYXSUYRPmYjQIwIqzzADyz ++51kgssYK3Sq1hJ4glZ3vTjyxv1ihafzMCkgjmSqxAwnlfQolPRKVdHl -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB1DCCAVqgAwIBAgIUNYTDNFKGzHKMICUAOVaGMMpWU2YwCgYIKoZIzj0EAwIw -ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDM4NCBDQTAeFw0yMzEyMjExNzIz -MTRaFw0zMzEyMTgxNzIzMTRaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAz -ODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS7+C+naqU7p5TX1e3QR/p1rMO2 -tduAk61M1S/RiDxYfb5eESK4QB3zPUKnNvCQDiKCUJAd/wFtvnSYzJLAG1+6+5qm -mcspEKW9zPFSFaYhKqkc+Cn7BqOEBBnml7h1Xh6jUzBRMB0GA1UdDgQWBBRzm6Bt -VxTllGOqFrha+EG/CUPRwTAfBgNVHSMEGDAWgBRzm6BtVxTllGOqFrha+EG/CUPR -wTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA2gAMGUCMBj+Dkjs19HjrB2H -5bMWiSyjU7eGkaAgX0AAWdQ4g79VdF45wuWdT6pvwR92DRkHmwIxAPOn14FJ/Dwb -L/pTAoU5fUrNzGVN5cOwcbme2SO15kT2QRNak/TEZSdjm/RfIeA5KA== +MIIB9DCCAXqgAwIBAgIBBTAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMzg0IENBMHYwEAYHKoZIzj0C +AQYFK4EEACIDYgAEDEC6KiN/ndgCEKUK+opKyRctlbb6R62CMqPF2y/oGfZlIqNT +yfmY6tQ0eqR6fo0KAxinwU6mbfydyu0+pIGW0lqf3NhQENMErSRrdCUDNxh47Xef +StgVMDD+dMI1PwFjo4GDMIGAMB8GA1UdIwQYMBaAFEwlemtPJLok55o6Szy1gNQz +72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH +AwIwHQYDVR0OBBYEFEwlemtPJLok55o6Szy1gNQz72dpMA8GA1UdEwEB/wQFMAMB +Af8wCgYIKoZIzj0EAwMDaAAwZQIxALb7BmuYs0vF5QUupqaNhTIUgxNNa39N+1GR +E1QCnUUd6tXj/UawVBBrei3CbUxC2wIwRW5RrYosKIIZtnxkQsPrapY3mxIitRqC +lpd7Vf2wBvi1Kf3LtWLSG6NMIB8TO7Rs -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/end.der b/test-ca/ecdsa-p384/end.der new file mode 100644 index 0000000000000000000000000000000000000000..a3cc82a6626e29b8607a216bf10abde68543ac68 GIT binary patch literal 521 zcmXqLVq!IDV(ePL%*4pV#3*dQ#m1r4=5fxJg_+sF*wD~GpN%<`g_%dAAV06NB)>dQ z!PVI%*ioUt*uq31C$%g!N5M!TGp{7IC^t1FGqEJqKtY_>+|$L7>^uEScz&B01cMX^viKNyHKDn@NwhdMIX^E&57k3W zoH_Z)i8&eh#U<@5$Ba`L+XWODd3P`%0HXmP$WVSp#{VoV%uH+tkYj*3lffX3$&lfR z@q?C%$~X0`8xk&D>A9IvddibuQ02jwHwq5xcPGj^8C{pVtG}*8vVt{VPL!ux9H`~s zziCcI)?(B3UWKY`tG|3w_|uKIm)?KLFl*Ri)WY$-CAT<4Uvopyeodhs;WaBm=K=s@ C|E!?^ literal 0 HcmV?d00001 diff --git a/test-ca/ecdsa-p384/end.fullchain b/test-ca/ecdsa-p384/end.fullchain index 7094f20376..da3c58980f 100644 --- a/test-ca/ecdsa-p384/end.fullchain +++ b/test-ca/ecdsa-p384/end.fullchain @@ -1,40 +1,39 @@ -----BEGIN CERTIFICATE----- -MIICVjCCAd2gAwIBAgICAcgwCgYIKoZIzj0EAwMwMzExMC8GA1UEAwwocG9ueXRv -d24gRUNEU0EgcDM4NCBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz -MTVaFw0yOTA2MTIxNzIzMTVaMBkxFzAVBgNVBAMMDnRlc3RzZXJ2ZXIuY29tMHYw -EAYHKoZIzj0CAQYFK4EEACIDYgAEUV7jAxC5WMDS8fGg3UxSpm5XgZ/GwvqGUCK6 -K12Mj6EfHxw/TNu5qQiBbXF2Y2BJ6ZoX7P4Heqfzhustt26kY8OX8f0UfQOUJ0Pg -LXIS+9VANNE7+SEx/VRxWzGtunZzo4HdMIHaMAwGA1UdEwEB/wQCMAAwCwYDVR0P -BAQDAgbAMB0GA1UdDgQWBBQ/lFO7qF6QDoBjXsTmDX4gS2g5FzBJBgNVHSMEQjBA -gBQeX9p8LjLiknUr23jenwqAH8eC3KElpCMwITEfMB0GA1UEAwwWcG9ueXRvd24g -RUNEU0EgcDM4NCBDQYIBezBTBgNVHREETDBKgg50ZXN0c2VydmVyLmNvbYcExjNk -AYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29thxAgAQ24AAAAAAAAAAAAAAABgglsb2Nh -bGhvc3QwCgYIKoZIzj0EAwMDZwAwZAIwfuslVcYCY4A4XRz8VlhBu1aObilUtzOU -ybtrQtepL1YFgt5YSWUYsPVT97EDtoL0AjBs4V+BPQYaVCT5D4GFAZQH6yDe2Ws6 -9TInz7bavogiI3qQwdTzYgE3y0u2TAIbF48= +MIICBTCCAYqgAwIBAgIBEzAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93 +biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw +MFoYDzQwOTYwMTAxMDAwMDAwWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTB2 +MBAGByqGSM49AgEGBSuBBAAiA2IABO+9bzwsp+UMJE9q1hZHotYJ6HYIT0wz3nML +54iNzsZlA9f1yIqf2aL+BMfSD2pCHfVgWTEZFp7WEvIhrDu+WcUXHoRQ31p9lw6X +MzJWXihbN0OU5nBOPPcyImL5TIhIWKOBiTCBhjAfBgNVHSMEGDAWgBR7EQhJDBu8 ++OtZdw2OB7lPdAz7NDBTBgNVHREETDBKgg50ZXN0c2VydmVyLmNvbYIVc2Vjb25k +LnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3SHBMYzZAGHECABDbgAAAAAAAAAAAAA +AAEwDgYDVR0PAQH/BAQDAgbAMAoGCCqGSM49BAMDA2kAMGYCMQDkM+CEeHnsf4Ww +YNDUjNlodcpJDxEk4PTsIECvu2EdQjLXHt0vrogZeAVvHhUMixcCMQDB/pZCcjsW +ly7qVSS2f9PJE/LY7dLv9Gg2gLQyhAj3hG1zVC8psFK/KRKME6ypVZ0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB/zCCAYWgAwIBAgIBezAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 -biBFQ0RTQSBwMzg0IENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow -MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDM4NCBsZXZlbCAyIGludGVybWVk -aWF0ZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABPX6aLDyGcVyYDeu49cAAirTWpbE -uADCf+aMDfZnhKycyjw2H2BtLtQN98rR05V2IQTx5nwqAa55Wt+zl5osHvNV44bC -W2yicvSrRz0+73CJ6tgXg2LIWT5NRSfpMIiNmqN/MH0wHQYDVR0OBBYEFB5f2nwu -MuKSdSvbeN6fCoAfx4LcMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBRzm6BtVxTl -lGOqFrha+EG/CUPRwTAKBggqhkjOPQQDAwNoADBlAjEA09d6+H8wXFCbO1TvreLK -sar0KL2QvQpju7MAI5EljY4ElmUnrlU5ZBoJqmZ5IQmIAjAqYjJwkwOiKDOlBORu -ToJ5rIImD7aDG5oRTHSzPibIS/SGG7rBa0JSmRGtaI6jrUA= +MIICBjCCAYygAwIBAgIBDDAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJt +ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkFxZ96EGr/pFtojEWPXSTqfE +tD4VAwDKrmvL2H9zLt5ze2E0fohwpJWQ29EtgFbKwndwIHXh6Rh9H5yhKGTfgEQp +p6wlVb7BNaE7C1mCNwlY2Qbolmvz3AF8U2mVokuEo4GDMIGAMB8GA1UdIwQYMBaA +FEwlemtPJLok55o6Szy1gNQz72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFHsRCEkMG7z461l3DY4HuU90 +DPs0MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAJX7SRwwOwlD +yQdga5IK5GbPuQQLAeQiWuQROtjikqpDfrsqbO8+cMCYXSUYRPmYjQIwIqzzADyz ++51kgssYK3Sq1hJ4glZ3vTjyxv1ihafzMCkgjmSqxAwnlfQolPRKVdHl -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB1DCCAVqgAwIBAgIUNYTDNFKGzHKMICUAOVaGMMpWU2YwCgYIKoZIzj0EAwIw -ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDM4NCBDQTAeFw0yMzEyMjExNzIz -MTRaFw0zMzEyMTgxNzIzMTRaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHAz -ODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS7+C+naqU7p5TX1e3QR/p1rMO2 -tduAk61M1S/RiDxYfb5eESK4QB3zPUKnNvCQDiKCUJAd/wFtvnSYzJLAG1+6+5qm -mcspEKW9zPFSFaYhKqkc+Cn7BqOEBBnml7h1Xh6jUzBRMB0GA1UdDgQWBBRzm6Bt -VxTllGOqFrha+EG/CUPRwTAfBgNVHSMEGDAWgBRzm6BtVxTllGOqFrha+EG/CUPR -wTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA2gAMGUCMBj+Dkjs19HjrB2H -5bMWiSyjU7eGkaAgX0AAWdQ4g79VdF45wuWdT6pvwR92DRkHmwIxAPOn14FJ/Dwb -L/pTAoU5fUrNzGVN5cOwcbme2SO15kT2QRNak/TEZSdjm/RfIeA5KA== +MIIB9DCCAXqgAwIBAgIBBTAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMzg0IENBMHYwEAYHKoZIzj0C +AQYFK4EEACIDYgAEDEC6KiN/ndgCEKUK+opKyRctlbb6R62CMqPF2y/oGfZlIqNT +yfmY6tQ0eqR6fo0KAxinwU6mbfydyu0+pIGW0lqf3NhQENMErSRrdCUDNxh47Xef +StgVMDD+dMI1PwFjo4GDMIGAMB8GA1UdIwQYMBaAFEwlemtPJLok55o6Szy1gNQz +72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH +AwIwHQYDVR0OBBYEFEwlemtPJLok55o6Szy1gNQz72dpMA8GA1UdEwEB/wQFMAMB +Af8wCgYIKoZIzj0EAwMDaAAwZQIxALb7BmuYs0vF5QUupqaNhTIUgxNNa39N+1GR +E1QCnUUd6tXj/UawVBBrei3CbUxC2wIwRW5RrYosKIIZtnxkQsPrapY3mxIitRqC +lpd7Vf2wBvi1Kf3LtWLSG6NMIB8TO7Rs -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/end.key b/test-ca/ecdsa-p384/end.key index d7861ffc8c..7c183fa98d 100644 --- a/test-ca/ecdsa-p384/end.key +++ b/test-ca/ecdsa-p384/end.key @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCJtAPgzuZoc9R7xS25 -nDwhdEQesRkQbKIQ8av99/JLmarOu5z03dlucPQolXRazVOhZANiAARRXuMDELlY -wNLx8aDdTFKmbleBn8bC+oZQIrorXYyPoR8fHD9M27mpCIFtcXZjYEnpmhfs/gd6 -p/OG6y23bqRjw5fx/RR9A5QnQ+AtchL71UA00Tv5ITH9VHFbMa26dnM= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA9ijAQuSTgVl10LcJO +f9UA7L8jb9N0bxvCjAvGWzzojcYD6sWFkq9Fyc7YNa0K9YihZANiAATvvW88LKfl +DCRPatYWR6LWCeh2CE9MM95zC+eIjc7GZQPX9ciKn9mi/gTH0g9qQh31YFkxGRae +1hLyIaw7vlnFFx6EUN9afZcOlzMyVl4oWzdDlOZwTjz3MiJi+UyISFg= -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p384/end.revoked.crl.pem b/test-ca/ecdsa-p384/end.revoked.crl.pem index 6c47a3fc9e..1ba8951662 100644 --- a/test-ca/ecdsa-p384/end.revoked.crl.pem +++ b/test-ca/ecdsa-p384/end.revoked.crl.pem @@ -1,9 +1,9 @@ -----BEGIN X509 CRL----- -MIIBMTCBuQIBATAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT -QSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yMzEyMjExNzIzMTVaFw0yMzEy -MjgxNzIzMTVaMCMwIQICAcgXDTIzMTIyMTE3MjMxNVowDDAKBgNVHRUEAwoBAaAw -MC4wHwYDVR0jBBgwFoAUHl/afC4y4pJ1K9t43p8KgB/HgtwwCwYDVR0UBAQCAhAB -MAoGCCqGSM49BAMDA2cAMGQCMGJ46pVWPItJINDRQvD2Y8kDwrYZkyiMtt3ZR2lz -evtAkEgK+YhLV30PhROXw5repQIwNGbo3eHrOOTYdB35DZQSB8T6AXjE0mkZOTKT -uKBVCloc+vwL/qsKa9r8QUqk4lqN +MIIBMTCBuAIBATAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA0MDcxODI0NDNaFw0yNDA0 +MTIxODI0NDNaMCIwIAIBExcNMjQwNDA3MTgyNDQzWjAMMAoGA1UdFQQDCgEBoDAw +LjAfBgNVHSMEGDAWgBR7EQhJDBu8+OtZdw2OB7lPdAz7NDALBgNVHRQEBAICBNIw +CgYIKoZIzj0EAwMDaAAwZQIwYCxo+tD0BvD9VpAs+wTy+fL0VmczdUGgkglsJfy6 +AcemHA3pLKpU2qA75oSXYdUpAjEAxp3Uywn5tLoA5fsIF17cdj+au3e13RuR6oUn +Vx0V2zlnCmv0VQ7Gna85g5/DqkeI -----END X509 CRL----- diff --git a/test-ca/ecdsa-p384/inter.cert b/test-ca/ecdsa-p384/inter.cert index c22e9c5e76..cfd98d88f7 100644 --- a/test-ca/ecdsa-p384/inter.cert +++ b/test-ca/ecdsa-p384/inter.cert @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- -MIIB/zCCAYWgAwIBAgIBezAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 -biBFQ0RTQSBwMzg0IENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow -MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDM4NCBsZXZlbCAyIGludGVybWVk -aWF0ZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABPX6aLDyGcVyYDeu49cAAirTWpbE -uADCf+aMDfZnhKycyjw2H2BtLtQN98rR05V2IQTx5nwqAa55Wt+zl5osHvNV44bC -W2yicvSrRz0+73CJ6tgXg2LIWT5NRSfpMIiNmqN/MH0wHQYDVR0OBBYEFB5f2nwu -MuKSdSvbeN6fCoAfx4LcMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBRzm6BtVxTl -lGOqFrha+EG/CUPRwTAKBggqhkjOPQQDAwNoADBlAjEA09d6+H8wXFCbO1TvreLK -sar0KL2QvQpju7MAI5EljY4ElmUnrlU5ZBoJqmZ5IQmIAjAqYjJwkwOiKDOlBORu -ToJ5rIImD7aDG5oRTHSzPibIS/SGG7rBa0JSmRGtaI6jrUA= +MIICBjCCAYygAwIBAgIBDDAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJt +ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkFxZ96EGr/pFtojEWPXSTqfE +tD4VAwDKrmvL2H9zLt5ze2E0fohwpJWQ29EtgFbKwndwIHXh6Rh9H5yhKGTfgEQp +p6wlVb7BNaE7C1mCNwlY2Qbolmvz3AF8U2mVokuEo4GDMIGAMB8GA1UdIwQYMBaA +FEwlemtPJLok55o6Szy1gNQz72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFHsRCEkMG7z461l3DY4HuU90 +DPs0MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAJX7SRwwOwlD +yQdga5IK5GbPuQQLAeQiWuQROtjikqpDfrsqbO8+cMCYXSUYRPmYjQIwIqzzADyz ++51kgssYK3Sq1hJ4glZ3vTjyxv1ihafzMCkgjmSqxAwnlfQolPRKVdHl -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/inter.der b/test-ca/ecdsa-p384/inter.der new file mode 100644 index 0000000000000000000000000000000000000000..63e453c727b34aa0dcdc3630154f306964fff53b GIT binary patch literal 522 zcmXqLVq!CBV(eMK%*4pV#K>d7#m1r4=5fxJg_+qv(NNw%mW?@-g_%dJAV06NB)>dQ z!PVI%*ioUt*uq4?+0j5joY&mczz_(*AWDMY#K6)FNx;C^(9l31Vu%JdLvm8fQgalH z6f*NlQj2m^Q!*1vQVq%s1lZWY?qFhMW7TeCVNhaDVqlpN6Zw51+xlOw+d7U!e7)qi z{KytNQD%ly>#|SZs4v#LS6rQFQrA(iWa@<57j+xLP8}*QP$+%)QleIV&O(ip`wcFd z%h#xe?mK9@(3(54$(%FdCfkc?*`Mz))&yrxUF6-exUt!wvB5wd=v-N476}8f1`!|C zs%(FiT`JFKS$W%RZMb6mK0VWb52S#fk?}tZ3ozXNfdffal|{@zgpEU+jggg=otY8N zVuDEXv52vVR10!=@<{Lb@j9}cw~u|Ne+kcT69aybX~H1WSPhtg6mlFeXD}F~G8r;V z{p~4ZV9n`#l06}N64#To^E+9%8J{RcJrT6J@o3U2=epfmIq&TX4$O#Em2mkvqnF7* zY0YN_o6W!HrZkfWtu~Kywk*sn6ZKUT6vTPWO$`iz5DcOu z_)QEf%@6_;3+?I|P5c&>FFCc{_qmqNm#-U+7)O-WCwX4vxYnewVoz~&kLw1JK7VIt zErt^hb6*Lv{XQ4t!d>3$d9hrYv%*B0Eo=)#sgN)jqqpvDu)p z!9bpkIaF4eMZ!R=LBz`P){@JKQ(Uvu<;%9uxXqRyzTu1kA4mZ|BjbM-7ND2^8OVb8 zsw`p#B5WMmY>cd|?97aC78698k420HyJ`GD-Sx7_%SzjGZ-|sGdW5o zFg@j(n^*SksqhJpH<{CQHXYErze|-f^g!+nwFME6@67MdX`u^CSa z7l_^8dZgQU)4L2I#^qSx7SIPYOdtKM<(D#_{sc=|lduY$a zCk#Q$AJ<9#ol(a5F;iOTV=wEH9Y;^MEHk*-FU9QSp`>}|aMCKDNo@SnckchS$LOHW zN?V@9ydTeV1Iz@fme%ub;C&muIM^W2K$eX;RF;oLj76mFhgZDM;Xjljol0ejqOZMj9KLqPfldzose_J zzQ69`{ZebSn16wf*lI;l-}YOif;Kg~5mph9*I$4m)j?nCnSzsp*iL=T%Z3cs{8 d%zF1bG&f7P|NFj|5A{SA9h}wIFR-K03INlmw@Uy3 diff --git a/test-ca/ecdsa-p521/ca.key b/test-ca/ecdsa-p521/ca.key index 91fc29cd70..129c3674ae 100644 --- a/test-ca/ecdsa-p521/ca.key +++ b/test-ca/ecdsa-p521/ca.key @@ -1,8 +1,8 @@ -----BEGIN PRIVATE KEY----- -MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBvhXIfR06UCRAZrau -1P0sVNrkpPyQSPslskGAqp9tFHrj+BvSHXKIj0FKTXixoQaqrVr+NChB6j6U2xlS -0MkI5YmhgYkDgYYABADfFINhR9poOClUZF1o5HGgFt+1xIszsu5oEgHnqy6qpmgU -gTL74h1uMmrocnb1GW+fvUWuuC9In0kgwyy3VYzR5ABSp+N+Gf2YdgnxaRsS8Y0F -pLjFy4SmMNmPGgNCSCIp3MNiqkySBg+Xub/6vDLBLKk9DGFu+OdtUDYQeqUNsA3t -Vw== +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBAjLAOVIG2qfK12XV +zT4ArmY5NC3mrvHfI1yBzz2Xlm8/YkOyafwnKFRFQl6POMTzpNczXcZwTOAMlTlj +l5o+iQChgYkDgYYABAE0TqJ3pMq3TecqLPT1sMQzWHV/YknRCNaCIKi8c1uMRbAU +jk9DQyoAyOFt6hEG+85cRAt3jUnRdxsJeDQbBmqZ2ACtyZOU7wgB2hVAKDeOnfDe +z1IfGT95tmrJ3qI2zJgYLAhWvsW0EZSbf0401LyfGtwhSk/TSGlQX2N2FpJuywUr +zQ== -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p521/client.cert b/test-ca/ecdsa-p521/client.cert index 6025992890..96f8a578fe 100644 --- a/test-ca/ecdsa-p521/client.cert +++ b/test-ca/ecdsa-p521/client.cert @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICZDCCAcegAwIBAgICAxUwCgYIKoZIzj0EAwQwMzExMC8GA1UEAwwocG9ueXRv -d24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz -MTVaFw0yOTA2MTIxNzIzMTVaMBoxGDAWBgNVBAMMD3Bvbnl0b3duIGNsaWVudDCB -mzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAAddVyNzastXII6Q1g7NPuJjR+5PFOFC -VAku/spDO8nnOICtMVXfcfQqIzh+f6z9Io4WAhovII6QTaqPsiwelgLbAdSimFm7 -RAF9fjmAE801isvGkV//PvyMtP4c1QqLzjZjA72O1UTcgB1liQZSEm/BS5b2nIkn -Xc4nSZmTXcNmtaJto4GgMIGdMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgbAMBYG -A1UdJQEB/wQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBRgFYCZp86OOiidBzHeL8Z3 -3g/OmjBJBgNVHSMEQjBAgBR4RE+Cykz5N5lscu7gZuzIYOyQKaElpCMwITEfMB0G -A1UEAwwWcG9ueXRvd24gRUNEU0EgcDUyMSBDQYIBezAKBggqhkjOPQQDBAOBigAw -gYYCQUBmGw4g20vWKMl/OFA5VJSF8rydiL0OIcMrvkfKbHni40IEo5Z88t9TW9Yu -+gs6xczHfClzzRFUzxbrSOTLPbIFAkEW+FNWNSChhmiz1bJYDU2g/RD32gOYTT6e -/36c+41jcY6Xr/n1QykerqltmfVsJJl9dnshHLxan8gLGeIb35f4Nw== +MIICZDCCAcagAwIBAgIBGzAKBggqhkjOPQQDBDAzMTEwLwYDVQQDDChwb255dG93 +biBFQ0RTQSBwNTIxIGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw +MFoYDzQwOTYwMTAxMDAwMDAwWjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQw +gZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAFlvmAaaDco/RrdP9a9UJqzXVuHNvAQ +7aUBbLV+piIurPFavonNTFzMS7neNEQ401vmxpwyzENsm+wIYinhGa0iMgHiH/CW +u7+1jXP/njwAR6xugrhYDNbP0+E2tJBCJ3L4vejJ//SgPlh/EBAAvHxRlSzOtt4D +fyGHYOCDR88a//yNSaOBnjCBmzAfBgNVHSMEGDAWgBSsxAPnqlMmrQ59EBdvworT +T4UUNDBTBgNVHREETDBKgg50ZXN0c2VydmVyLmNvbYIVc2Vjb25kLnRlc3RzZXJ2 +ZXIuY29tgglsb2NhbGhvc3SHBMYzZAGHECABDbgAAAAAAAAAAAAAAAEwDgYDVR0P +AQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAoGCCqGSM49BAMEA4GLADCB +hwJBZoOWGbu8gWBIHNyMi204HPCYo1BkPMxnRjAb04bMq+51Gpt8PKOwiP2W2E7T +GuRaPFiqp/d7+HtB2HeSDsmVrlsCQgCUPn3l3cxEDEaOeC2PbvdIosIM7DMXss6W +Q0uTFYNSzA8Pn0E9snzH3PfaiS8NDnJMQBxqMpNZZ6fN6P6dBj+T/w== -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/client.chain b/test-ca/ecdsa-p521/client.chain index 6a8811c440..8ae6a5cacb 100644 --- a/test-ca/ecdsa-p521/client.chain +++ b/test-ca/ecdsa-p521/client.chain @@ -1,29 +1,30 @@ -----BEGIN CERTIFICATE----- -MIICSTCCAaugAwIBAgIBezAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 -biBFQ0RTQSBwNTIxIENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow -MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVk -aWF0ZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAOKjqrbfJUM+AO3mQu9JRfD0 -nicl+oXDwkJV6KNmu5amcYNQWP/dkYpHnPRRTp32Lu9RJqcQpPj8lDyi+z4lkQdV -AdQBV184KQkNMprIsE9pNf97fkInmQPTP7m/F9ZyXRErH8RcUskEMfJ+axPuP066 -vDsbxy0bBvDiudmLrr3FKFBjo38wfTAdBgNVHQ4EFgQUeERPgspM+TeZbHLu4Gbs -yGDskCkwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwQF -MAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNa -Z8BuMAoGCCqGSM49BAMEA4GLADCBhwJCAS+FasMpApq/PuDY3iWiZTkmo/pnv0uC -T5idKSsm4qdHCRFh+WQsAsR4Pyw8dY6CK0Cfd9cIGzsOZoSGsV+v9umjAkEuzlo0 -mn2RHi2euaOLnKhBBxUF//y3rXICzilKQgc4ajT2NxICvIrC0f1Fhkg6a27LhaAn -MGxLBzv/KGg+R17wgg== +MIICUDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwNTIxIGxldmVsIDIgaW50ZXJt +ZWRpYXRlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBecdhU3/ueIjmAf2NPGZH +dT44+uxq+rc7aZXy+6ucFRRHq5OdFSh3Z/qSFlk9n682wLQJRG+8hi230pnPwM7E +j5ABAAcyK6nDHPKBZK4+YXuiUYsKBbD82Gn4zXff2dyahjlKtuBjjqlLaMCwgADO +QdGfF5/peH4i46dN7xm6HHWULVujgYMwgYAwHwYDVR0jBBgwFoAUOjnapNNhlEVq +Jx92t5jbBm9XsMwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAdBgNVHQ4EFgQUrMQD56pTJq0OfRAXb8KK00+FFDQwDwYDVR0T +AQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBiwAwgYcCQXhkIhVuUfxQqafd3jG75ugN +vg4nZdHZx715Du1cKErBfN5x1Ib1fQMKe+Y4qZ8R1S3uLfoHlOzirLwCzeRaExne +AkIBVkovuBx1n/y5HK+uRIQTpGRjH4srgvW4Q2PxsXjVEe2jP1R2smUwz8+VamPo +j1CGz5rAaj99YdMqNKXG8/avL9Q= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICHjCCAYCgAwIBAgIUALzD8Vim1tvXcRKbV660GpcMTacwCgYIKoZIzj0EAwIw -ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDUyMSBDQTAeFw0yMzEyMjExNzIz -MTVaFw0zMzEyMTgxNzIzMTVaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHA1 -MjEgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABADfFINhR9poOClUZF1o5HGg -Ft+1xIszsu5oEgHnqy6qpmgUgTL74h1uMmrocnb1GW+fvUWuuC9In0kgwyy3VYzR -5ABSp+N+Gf2YdgnxaRsS8Y0FpLjFy4SmMNmPGgNCSCIp3MNiqkySBg+Xub/6vDLB -LKk9DGFu+OdtUDYQeqUNsA3tV6NTMFEwHQYDVR0OBBYEFIb4Sl9Mw/wJA7AB1sBT -hJNaZ8BuMB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNaZ8BuMA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDgYsAMIGHAkIBaneRyZEFDZBszD+PftHfOyZc -/lHjHnHufUbOM0GxzZpQY3RPCdp3Jqgx4/4fOPjwUwqQOhYmA03Cf7mxFJOA/tMC -QVuCmyXQE5euGrLcfda2h8sKmBB4HZwImRgjC8IfP/t2hYIVwzSBE+k5MWru+1Vt -ai2P977p4S4UosGajo8QuIE6 +MIICPjCCAaCgAwIBAgIBBjAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwNTIxIENBMIGbMBAGByqGSM49 +AgEGBSuBBAAjA4GGAAQBNE6id6TKt03nKiz09bDEM1h1f2JJ0QjWgiCovHNbjEWw +FI5PQ0MqAMjhbeoRBvvOXEQLd41J0XcbCXg0GwZqmdgArcmTlO8IAdoVQCg3jp3w +3s9SHxk/ebZqyd6iNsyYGCwIVr7FtBGUm39ONNS8nxrcIUpP00hpUF9jdhaSbssF +K82jgYMwgYAwHwYDVR0jBBgwFoAUOjnapNNhlEVqJx92t5jbBm9XsMwwDgYDVR0P +AQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E +FgQUOjnapNNhlEVqJx92t5jbBm9XsMwwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO +PQQDBAOBiwAwgYcCQRlgAuUKnW527uUTyEjsaZcsssAu37olCWXuduP9tNyhLYPr +lYlu+ltLmR250DdikBXAl3unkpYEAdQam9lc1nMxAkIBVBah69psNw9vjrR9jNtp +Ql22JD6hpeJsWFe0gdDhNZjIS+sKPXrDj3YfmRHLm9JsgVKinMaVMfI8DstuIaET +IzE= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/client.der b/test-ca/ecdsa-p521/client.der new file mode 100644 index 0000000000000000000000000000000000000000..40479ae420ddd11757e0d92698f8214a25610f74 GIT binary patch literal 616 zcmXqLVoEV+Vm!8hnTe5!iBZ~si;Y98&EuRc3p0y>v7w=XJ{xl=3p0;KL4ICkNq%{r zf~&Jju%kkOsga>VPHI_dj)IXwW?o5ZQEqBVW@1UIfr2=%xv7C65Q0IJ1iy)ar5Tcd zfs~v8Ihm<>B?gVN4FuTO!7gB8WMkECWMNQdZfs*DC-tHqdtaRV|7C$)M7@9j z!=9SJsXFJj-D9p-Y)^R5?0#PA|DRsZ#f|eo4wMJFT~?U|=!piAHAk4AuL@RM%U3HP zo`0z8vVW_Hi9s+(fgp>Ifmah>NosLPacWUnYLQ-Yer}U!acXjYUWy)?FlSDFa$-(K zesM`V%Q52=#&!V(M&2C^2*7B-2QrkOk?}tZ3o{ej0Rv$WUzLRi6l2V9?mk+01#sm+UJ3ZaG7BU}ZEDlJqIg{>YAbq**%<6ZgQnPDp7H{bI zJMD(wWvM4oHW90qf3N;g?RcYn65q+G>!O*Q7^c|OKD~R!g~zS0LbpHfyT_tKJa3G} yH=Ud2>^)huIp_>O|9nT=O*O~we81JH&&yZj;~v7w=XJ{xl=3p0;KL4ICkNq%{r zf~&Jju%kkOsga>VPHI_dj)IXwW?o5ZQEqBVW@1UIfr2=%xv7C65Q0IJ1iy)ar5Tcd zfuy0hfhfdSzLM19lH$~&veY8IRYB#blC^I*G59tU1E` zd{wa8TE1EV@%%$wm;GBsObmiS3Ithv47{4q{MRH}oSK}Um!gO2?IzBg{N%)(jQrw~ zc9vttDU9s`3XHrv7!ZKbfDdFSKO^IR78YhEwgbrV#N61!V9?mXj5T7WyQP4 zp1t{P7_^khiSdY(ied7Pt%7ZA92-tNZeIU-!^ZcFU*veNn;$OQY~5RK{z;+PYPQ$m f*TsyYg*+3jRW3cW>=ntq`F_g@-|H7&ZchLJWrNr^ literal 0 HcmV?d00001 diff --git a/test-ca/ecdsa-p521/end.fullchain b/test-ca/ecdsa-p521/end.fullchain index 89d565ea1d..ea8d7b0154 100644 --- a/test-ca/ecdsa-p521/end.fullchain +++ b/test-ca/ecdsa-p521/end.fullchain @@ -1,46 +1,45 @@ -----BEGIN CERTIFICATE----- -MIICojCCAgOgAwIBAgICAcgwCgYIKoZIzj0EAwQwMzExMC8GA1UEAwwocG9ueXRv -d24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVkaWF0ZTAeFw0yMzEyMjExNzIz -MTVaFw0yOTA2MTIxNzIzMTVaMBkxFzAVBgNVBAMMDnRlc3RzZXJ2ZXIuY29tMIGb -MBAGByqGSM49AgEGBSuBBAAjA4GGAAQAw0kMs8v3GMM5ZPkPiVXhek04lzKek9ku -BrPM7UfD5n5aSLgimUntGYi2l0dQwYzWmRYqp3IfLR+K4jByZucnZJMBBjkJ/CPM -49sR3Le+QckI2MITCG0pDfWWlo0V8J5UK4ZJ+3pnTf6KFMsePcfldgpjl7HL6Lzt -4tWE9TiQjJL7E8qjgd0wgdowDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYD -VR0OBBYEFIax75mJqDfPCOsNtbZmJdl+Z9S9MEkGA1UdIwRCMECAFHhET4LKTPk3 -mWxy7uBm7Mhg7JApoSWkIzAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwNTIx -IENBggF7MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29thwTGM2QBghVzZWNvbmQu -dGVzdHNlcnZlci5jb22HECABDbgAAAAAAAAAAAAAAAGCCWxvY2FsaG9zdDAKBggq -hkjOPQQDBAOBjAAwgYgCQgF5+BU+r/SvRT48NXaR05hMQy/LZwY3n8ITJUw8vfp3 -5X7yk/OxfKPWbiBtUIU4xPdWFobH6cl3FZ7GfgsxSNejKgJCAVxGrlMhaZKjlXL0 -utHWXTswTvTyb6cT4V+YXCvD/cyIo5pOSjumVbFycXQfaa/H/PCUxrSRISRWyRV1 -xDBdqcKy +MIICTzCCAbCgAwIBAgIBFDAKBggqhkjOPQQDBDAzMTEwLwYDVQQDDChwb255dG93 +biBFQ0RTQSBwNTIxIGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw +MFoYDzQwOTYwMTAxMDAwMDAwWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTCB +mzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAIeQ9nmRpEKiaPHndWHt+MHk0HhYKJ68 +mRNXyqIV2h2PdBRnX2LOMFUG6soS0C+DwY6PJnxggheUAUFfPuj7FO5eABouUuKS +wO7BsOQgWk0tJBPMWpE1M+nqab3Sq79B2bdtZaoMciP1fMO7Y92RMWJHTEWuo+cV +V2TOPN6QsMPA17sno4GJMIGGMB8GA1UdIwQYMBaAFKzEA+eqUyatDn0QF2/CitNP +hRQ0MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29tghVzZWNvbmQudGVzdHNlcnZl +ci5jb22CCWxvY2FsaG9zdIcExjNkAYcQIAENuAAAAAAAAAAAAAAAATAOBgNVHQ8B +Af8EBAMCBsAwCgYIKoZIzj0EAwQDgYwAMIGIAkIAyxKBhR9HWpLZ5WFPB72MZB2s +pBWkSl60DkryT+YkB26LjJdEYHFifDjqc0f0Aq4hDvHGtcACGSMh3cbm7PsxUqUC +QgHEGiQxY/i1EYYGCLDI44Ov67Cx7wH0Hg3XN8N2szuNdzfyIIM6m0rD63MBFXEM +kTsk0uE5jRRt2e+0yE3X0em3YA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICSTCCAaugAwIBAgIBezAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 -biBFQ0RTQSBwNTIxIENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow -MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVk -aWF0ZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAOKjqrbfJUM+AO3mQu9JRfD0 -nicl+oXDwkJV6KNmu5amcYNQWP/dkYpHnPRRTp32Lu9RJqcQpPj8lDyi+z4lkQdV -AdQBV184KQkNMprIsE9pNf97fkInmQPTP7m/F9ZyXRErH8RcUskEMfJ+axPuP066 -vDsbxy0bBvDiudmLrr3FKFBjo38wfTAdBgNVHQ4EFgQUeERPgspM+TeZbHLu4Gbs -yGDskCkwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwQF -MAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNa -Z8BuMAoGCCqGSM49BAMEA4GLADCBhwJCAS+FasMpApq/PuDY3iWiZTkmo/pnv0uC -T5idKSsm4qdHCRFh+WQsAsR4Pyw8dY6CK0Cfd9cIGzsOZoSGsV+v9umjAkEuzlo0 -mn2RHi2euaOLnKhBBxUF//y3rXICzilKQgc4ajT2NxICvIrC0f1Fhkg6a27LhaAn -MGxLBzv/KGg+R17wgg== +MIICUDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwNTIxIGxldmVsIDIgaW50ZXJt +ZWRpYXRlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBecdhU3/ueIjmAf2NPGZH +dT44+uxq+rc7aZXy+6ucFRRHq5OdFSh3Z/qSFlk9n682wLQJRG+8hi230pnPwM7E +j5ABAAcyK6nDHPKBZK4+YXuiUYsKBbD82Gn4zXff2dyahjlKtuBjjqlLaMCwgADO +QdGfF5/peH4i46dN7xm6HHWULVujgYMwgYAwHwYDVR0jBBgwFoAUOjnapNNhlEVq +Jx92t5jbBm9XsMwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAdBgNVHQ4EFgQUrMQD56pTJq0OfRAXb8KK00+FFDQwDwYDVR0T +AQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBiwAwgYcCQXhkIhVuUfxQqafd3jG75ugN +vg4nZdHZx715Du1cKErBfN5x1Ib1fQMKe+Y4qZ8R1S3uLfoHlOzirLwCzeRaExne +AkIBVkovuBx1n/y5HK+uRIQTpGRjH4srgvW4Q2PxsXjVEe2jP1R2smUwz8+VamPo +j1CGz5rAaj99YdMqNKXG8/avL9Q= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICHjCCAYCgAwIBAgIUALzD8Vim1tvXcRKbV660GpcMTacwCgYIKoZIzj0EAwIw -ITEfMB0GA1UEAwwWcG9ueXRvd24gRUNEU0EgcDUyMSBDQTAeFw0yMzEyMjExNzIz -MTVaFw0zMzEyMTgxNzIzMTVaMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNBIHA1 -MjEgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABADfFINhR9poOClUZF1o5HGg -Ft+1xIszsu5oEgHnqy6qpmgUgTL74h1uMmrocnb1GW+fvUWuuC9In0kgwyy3VYzR -5ABSp+N+Gf2YdgnxaRsS8Y0FpLjFy4SmMNmPGgNCSCIp3MNiqkySBg+Xub/6vDLB -LKk9DGFu+OdtUDYQeqUNsA3tV6NTMFEwHQYDVR0OBBYEFIb4Sl9Mw/wJA7AB1sBT -hJNaZ8BuMB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNaZ8BuMA8GA1UdEwEB -/wQFMAMBAf8wCgYIKoZIzj0EAwIDgYsAMIGHAkIBaneRyZEFDZBszD+PftHfOyZc -/lHjHnHufUbOM0GxzZpQY3RPCdp3Jqgx4/4fOPjwUwqQOhYmA03Cf7mxFJOA/tMC -QVuCmyXQE5euGrLcfda2h8sKmBB4HZwImRgjC8IfP/t2hYIVwzSBE+k5MWru+1Vt -ai2P977p4S4UosGajo8QuIE6 +MIICPjCCAaCgAwIBAgIBBjAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwNTIxIENBMIGbMBAGByqGSM49 +AgEGBSuBBAAjA4GGAAQBNE6id6TKt03nKiz09bDEM1h1f2JJ0QjWgiCovHNbjEWw +FI5PQ0MqAMjhbeoRBvvOXEQLd41J0XcbCXg0GwZqmdgArcmTlO8IAdoVQCg3jp3w +3s9SHxk/ebZqyd6iNsyYGCwIVr7FtBGUm39ONNS8nxrcIUpP00hpUF9jdhaSbssF +K82jgYMwgYAwHwYDVR0jBBgwFoAUOjnapNNhlEVqJx92t5jbBm9XsMwwDgYDVR0P +AQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E +FgQUOjnapNNhlEVqJx92t5jbBm9XsMwwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO +PQQDBAOBiwAwgYcCQRlgAuUKnW527uUTyEjsaZcsssAu37olCWXuduP9tNyhLYPr +lYlu+ltLmR250DdikBXAl3unkpYEAdQam9lc1nMxAkIBVBah69psNw9vjrR9jNtp +Ql22JD6hpeJsWFe0gdDhNZjIS+sKPXrDj3YfmRHLm9JsgVKinMaVMfI8DstuIaET +IzE= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/end.key b/test-ca/ecdsa-p521/end.key index f54b96e204..e90764246d 100644 --- a/test-ca/ecdsa-p521/end.key +++ b/test-ca/ecdsa-p521/end.key @@ -1,8 +1,8 @@ -----BEGIN PRIVATE KEY----- -MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBJ3psoaQ6uCFUWEEX -cXLwAGzu5+hm4bieFRnlVlFNPH/J8m8V10KpDI43+2R9u3ZidtsrFj1jrN+cS+0u -b9gmueChgYkDgYYABADDSQyzy/cYwzlk+Q+JVeF6TTiXMp6T2S4Gs8ztR8PmflpI -uCKZSe0ZiLaXR1DBjNaZFiqnch8tH4riMHJm5ydkkwEGOQn8I8zj2xHct75ByQjY -whMIbSkN9ZaWjRXwnlQrhkn7emdN/ooUyx49x+V2CmOXscvovO3i1YT1OJCMkvsT -yg== +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA2udCT3jmo9pjJThF +nw5rUTOWEUsJqvOSGi9huhY6K4q3vMk7oOdRke3UiR6CebOdv0drE8aYVEJM6+yD +eu8752ihgYkDgYYABACHkPZ5kaRComjx53Vh7fjB5NB4WCievJkTV8qiFdodj3QU +Z19izjBVBurKEtAvg8GOjyZ8YIIXlAFBXz7o+xTuXgAaLlLiksDuwbDkIFpNLSQT +zFqRNTPp6mm90qu/Qdm3bWWqDHIj9XzDu2PdkTFiR0xFrqPnFVdkzjzekLDDwNe7 +Jw== -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p521/end.revoked.crl.pem b/test-ca/ecdsa-p521/end.revoked.crl.pem index a76de96536..d8bc231230 100644 --- a/test-ca/ecdsa-p521/end.revoked.crl.pem +++ b/test-ca/ecdsa-p521/end.revoked.crl.pem @@ -1,10 +1,10 @@ -----BEGIN X509 CRL----- -MIIBVjCBuQIBATAKBggqhkjOPQQDBDAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT -QSBwNTIxIGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yMzEyMjExNzIzMTVaFw0yMzEy -MjgxNzIzMTVaMCMwIQICAcgXDTIzMTIyMTE3MjMxNVowDDAKBgNVHRUEAwoBAaAw -MC4wHwYDVR0jBBgwFoAUeERPgspM+TeZbHLu4GbsyGDskCkwCwYDVR0UBAQCAhAB -MAoGCCqGSM49BAMEA4GLADCBhwJBMXDak7r+CTY6DR3KoKWZXEE22onBZg+CqHWv -FpbR/N8W/o/mfLzOzbDTF2LBjUOsIjKPKdwh8RyA3q3xIS02ApICQgCwxVFEVkz+ -lGwfv+bbuszMmOK7es62OSD+hBPZUim3nv1brEV+PSyjX+bzmPJ+6q1cVCw9uiGB -0XS+XnWSTJERGw== +MIIBVjCBuAIBATAKBggqhkjOPQQDBDAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwNTIxIGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA0MDcxODI0NDNaFw0yNDA0 +MTIxODI0NDNaMCIwIAIBFBcNMjQwNDA3MTgyNDQzWjAMMAoGA1UdFQQDCgEBoDAw +LjAfBgNVHSMEGDAWgBSsxAPnqlMmrQ59EBdvworTT4UUNDALBgNVHRQEBAICBNIw +CgYIKoZIzj0EAwQDgYwAMIGIAkIBbJwgPhFHxbKVAjY4O8o2yEwRFdliQgSGVJ7M +iiHQTohKxr0tVAWiEFicAi0OWx2QLIKjS2f6ZB+dXFGu6ahVjqcCQgFyc9Bqj6on +zRbPgIM5TR8tB0DrcHSTPJ+33X2PxkyRHUSooiyR4iebczPva8zqNQrWXgM3QFiF +oORBxRc55dJz2g== -----END X509 CRL----- diff --git a/test-ca/ecdsa-p521/inter.cert b/test-ca/ecdsa-p521/inter.cert index a55af8fb5d..fa1b9f6abf 100644 --- a/test-ca/ecdsa-p521/inter.cert +++ b/test-ca/ecdsa-p521/inter.cert @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICSTCCAaugAwIBAgIBezAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 -biBFQ0RTQSBwNTIxIENBMB4XDTIzMTIyMTE3MjMxNVoXDTMzMTIxODE3MjMxNVow -MzExMC8GA1UEAwwocG9ueXRvd24gRUNEU0EgcDUyMSBsZXZlbCAyIGludGVybWVk -aWF0ZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAOKjqrbfJUM+AO3mQu9JRfD0 -nicl+oXDwkJV6KNmu5amcYNQWP/dkYpHnPRRTp32Lu9RJqcQpPj8lDyi+z4lkQdV -AdQBV184KQkNMprIsE9pNf97fkInmQPTP7m/F9ZyXRErH8RcUskEMfJ+axPuP066 -vDsbxy0bBvDiudmLrr3FKFBjo38wfTAdBgNVHQ4EFgQUeERPgspM+TeZbHLu4Gbs -yGDskCkwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwQF -MAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFIb4Sl9Mw/wJA7AB1sBThJNa -Z8BuMAoGCCqGSM49BAMEA4GLADCBhwJCAS+FasMpApq/PuDY3iWiZTkmo/pnv0uC -T5idKSsm4qdHCRFh+WQsAsR4Pyw8dY6CK0Cfd9cIGzsOZoSGsV+v9umjAkEuzlo0 -mn2RHi2euaOLnKhBBxUF//y3rXICzilKQgc4ajT2NxICvIrC0f1Fhkg6a27LhaAn -MGxLBzv/KGg+R17wgg== +MIICUDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +biBFQ0RTQSBwNTIxIENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw +WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwNTIxIGxldmVsIDIgaW50ZXJt +ZWRpYXRlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBecdhU3/ueIjmAf2NPGZH +dT44+uxq+rc7aZXy+6ucFRRHq5OdFSh3Z/qSFlk9n682wLQJRG+8hi230pnPwM7E +j5ABAAcyK6nDHPKBZK4+YXuiUYsKBbD82Gn4zXff2dyahjlKtuBjjqlLaMCwgADO +QdGfF5/peH4i46dN7xm6HHWULVujgYMwgYAwHwYDVR0jBBgwFoAUOjnapNNhlEVq +Jx92t5jbBm9XsMwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAdBgNVHQ4EFgQUrMQD56pTJq0OfRAXb8KK00+FFDQwDwYDVR0T +AQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBiwAwgYcCQXhkIhVuUfxQqafd3jG75ugN +vg4nZdHZx715Du1cKErBfN5x1Ib1fQMKe+Y4qZ8R1S3uLfoHlOzirLwCzeRaExne +AkIBVkovuBx1n/y5HK+uRIQTpGRjH4srgvW4Q2PxsXjVEe2jP1R2smUwz8+VamPo +j1CGz5rAaj99YdMqNKXG8/avL9Q= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/inter.der b/test-ca/ecdsa-p521/inter.der new file mode 100644 index 0000000000000000000000000000000000000000..cb2bff0bb91528b518c6f86950dc135d406aecef GIT binary patch literal 596 zcmXqLVhS*5V%)TVnTe5!iILZUi;Y98&EuRc3p0y>qM^KjEE{tu3p0;cL4ICkNq%{r zf~&Jju%kkOsga?Av!j86IIp>>fguorL6ii)iGigVl7NA+p`n33#1IW^hUBD{rRFFY zDP-oAq!#6-rer3Tq#88NHV|NA2Rnp`k&RWmk%d8-xv`Cbg|YH@VsQPtijHTDe|v4x z+)M2&e!a>1wcR>%>ZjkU=ZK29ubw+xhFw4s79c$=}nayZzG4^9Rly z>7T&Jz;2|y^03UO#*}q-iPeh&ySZ35{JD|&<81l;n|EflS$b`IkleS@JLABH28MHv z7w3!5e_2td^mw`Nd&ylgrBigH7dJK=G&UH>13e|H%pzeR)*xbKd27k##3`;>>hfjV zXWVAX58rUcfDfdApONuD3kxuG|AB*2R+UA}K!lA$n~jl`m7SRp&SHW{^RbArh^#rn z{Crig+FHI^0rC7pU6=h^MNAC%L8b|VOk*`*22#i|#oXAb}$c#XjZDqcwY& z&OV6}mb}O0#2DtKzeA>U{-2#P>({xo2ro%VmhaYX`ntn8`QyfltAcMA+lQ2GN;Not eeri_oi~fMN^Ro_Q+1Dms)-qXo?DMzv`d0uXP1Owm literal 0 HcmV?d00001 diff --git a/test-ca/ecdsa-p521/inter.key b/test-ca/ecdsa-p521/inter.key index 8d6d80113a..551f07be55 100644 --- a/test-ca/ecdsa-p521/inter.key +++ b/test-ca/ecdsa-p521/inter.key @@ -1,8 +1,8 @@ -----BEGIN PRIVATE KEY----- -MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBqS1b/fzcxaPEXyvT -3qO/dmFcPd+r7b0vI9V0BNEcNrqyhLhcRQVkujWy8dJjllkvFVPBkSKemKH56S4z -74g9MI2hgYkDgYYABADio6q23yVDPgDt5kLvSUXw9J4nJfqFw8JCVeijZruWpnGD -UFj/3ZGKR5z0UU6d9i7vUSanEKT4/JQ8ovs+JZEHVQHUAVdfOCkJDTKayLBPaTX/ -e35CJ5kD0z+5vxfWcl0RKx/EXFLJBDHyfmsT7j9Ourw7G8ctGwbw4rnZi669xShQ -Yw== +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAvUOfRk5kxE5AV83z +rks0adiwx0DkRgOdVGuXkXEFSQ1g/Tg3LQCSIzOQunaTsIUloLFNq+T9KVgE042w +VPhwpx2hgYkDgYYABAF5x2FTf+54iOYB/Y08Zkd1Pjj67Gr6tztplfL7q5wVFEer +k50VKHdn+pIWWT2frzbAtAlEb7yGLbfSmc/AzsSPkAEABzIrqcMc8oFkrj5he6JR +iwoFsPzYafjNd9/Z3JqGOUq24GOOqUtowLCAAM5B0Z8Xn+l4fiLjp03vGbocdZQt +Ww== -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p521/inter.revoked.crl.pem b/test-ca/ecdsa-p521/inter.revoked.crl.pem index 22431b0906..0a164b1d21 100644 --- a/test-ca/ecdsa-p521/inter.revoked.crl.pem +++ b/test-ca/ecdsa-p521/inter.revoked.crl.pem @@ -1,9 +1,9 @@ -----BEGIN X509 CRL----- MIIBRDCBpgIBATAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RT -QSBwNTIxIENBFw0yMzEyMjExNzIzMTVaFw0yMzEyMjgxNzIzMTVaMCIwIAIBexcN -MjMxMjIxMTcyMzE1WjAMMAoGA1UdFQQDCgEBoDAwLjAfBgNVHSMEGDAWgBSG+Epf -TMP8CQOwAdbAU4STWmfAbjALBgNVHRQEBAICEAEwCgYIKoZIzj0EAwQDgYwAMIGI -AkIAjjT7o9peCiOmpE69FsMxEoclR6ZcFLi+/bc2DEixrmwMpg5ntfN0dEAKUw+b -UfhFfXkmFyvoHX3PbGIB4sMR3XwCQgH/YrP4MYQRK9uzqipzCMh7ZQpDwHiiv8Vc -5ePHmDyPKix5JibjSK8HQ/xSUc8l8PFKoMTyRLcUkCtq8C/MjB2FqA== +QSBwNTIxIENBFw0yNDA0MDcxODI0NDFaFw0yNDA0MTIxODI0NDFaMCIwIAIBDRcN +MjQwNDA3MTgyNDQxWjAMMAoGA1UdFQQDCgEBoDAwLjAfBgNVHSMEGDAWgBQ6Odqk +02GURWonH3a3mNsGb1ewzDALBgNVHRQEBAICBNIwCgYIKoZIzj0EAwQDgYwAMIGI +AkIBHBqEewFWSLyUsNHb71seYtqJF3j0znRS/k3dImcCWg2bsXI6lECcu3M8QE/P +HMCSTRdwxAqaQF2GZuPtbZuRbJQCQgEHCdt4mrK7xVbMheL9E+XjxbXfoFOkhsPB +/fE9aANJT/XmvFP0npE3haFSoGFBtLY4D56saChbzdbYQC/+IephyQ== -----END X509 CRL----- diff --git a/test-ca/eddsa/ca.cert b/test-ca/eddsa/ca.cert index c8a622350e..ef1aad0585 100644 --- a/test-ca/eddsa/ca.cert +++ b/test-ca/eddsa/ca.cert @@ -1,9 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhR5rwmHkOFPLTkaLT9cqTrVZXkY9DAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4 -MTcyMzE1WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AJgNZ3ibDQ9rV85DZPPAnnwyuWh8rm3jX9ZCsU/WgG7Io1MwUTAdBgNVHQ4EFgQU -OFqGAvTdFHBY3OVdI0UB5kzHKpwwHwYDVR0jBBgwFoAUOFqGAvTdFHBY3OVdI0UB -5kzHKpwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQAsRwN+gYyaM5yN45Uo+R1y -tbiv8+TrEH0W8/oE/RCeRiPGV5qXpr2DqicljjNmNGixJ6ELuymaQ/1oMGuUDkEF +MIIBbTCCAR+gAwIBAgIBBzAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE +U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMBwxGjAYBgNV +BAMMEXBvbnl0b3duIEVkRFNBIENBMCowBQYDK2VwAyEAwXROi6SzCpBGUXAoePUH +kE/t75P6MCFKLhgme6GD2AijgYMwgYAwHwYDVR0jBBgwFoAUI7SoTxJvow+B0Ni4 +PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjAdBgNVHQ4EFgQUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDwYDVR0TAQH/ +BAUwAwEB/zAFBgMrZXADQQBkxyECqXXb3l/90A0ghe31Gkq2LCRBouXN+gUsdufi +EQ7KlpoaiLJuhJgu+rkDNoWrufETTN2vj3JnCaN8X/MP -----END CERTIFICATE----- diff --git a/test-ca/eddsa/ca.der b/test-ca/eddsa/ca.der index b929c23cf65bfabb5b6d5337149a5b40cb85bd58..401c0e6fd05a602f43f324ece7dfd91eb9f6b211 100644 GIT binary patch literal 369 zcmXqLV$3yYVw7LN%*4pV#K>;I%EqjnT3{e!C}kkQ#vIDR%p+KkpI2FuU!JGnn&J}d zsNn2qpdij`Zfal%gkTUQ!Ea(~K))8$8fHa?gC&05OEz;&a0@KZsQAi0!T;_1 z$-fK~z4Rp1suwoj;8@()Y|z+XAP;nltTKy)fmnlx@|G3;LivmN8!z10VN+dG^2Yq& zF#|r30)9ru|12y(ulzHR1@To`#0*5(IJDUqSy|bc8R0A@h%_II7z=jO_(8gbL8h@9 zFas%=dmR~4jw>>)EWLd%{_h1|h1R!UrM$N3s5mZqdiEEqPTBKEf_$f@&64Wal-Dvt b@7GRdv)0u+KMMQYUEg1n&bhcI{xd%Sm%nUZ delta 269 zcmey!bb(39po!7Ppz;3#W+p}^CXveZob3}H`s-Rs>DtGvw7QyFDe+~ZfSR0~IIoeh zp^=fHp*fH?jS}ZI267E8Al!*z+VwMd(<^54@@I#ib58kuU|x;U&WxIMxsT(oIc@a6 z){u8%aj-$4fh-$ys4O3g7>kHSR2$QmyCMY*7yD~oWIj%LwKprHm%pzeR)_`3B zKS+TvBjbM-Rs&`rWx&eDteslG?8xAtIm`KPhC%ieK1Wsn7Cv6b diff --git a/test-ca/eddsa/ca.key b/test-ca/eddsa/ca.key index 00f9a51dc4..f3c671e700 100644 --- a/test-ca/eddsa/ca.key +++ b/test-ca/eddsa/ca.key @@ -1,3 +1,4 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIMFptLNAyZcW37rMyj9laRboQc1mjiS62zgMVVWvnU5p +MFECAQEwBQYDK2VwBCIEIHKBGGgoLpqiqJ6w46Zqov58in9Ipl+AZkeaOBrq727T +gSEAwXROi6SzCpBGUXAoePUHkE/t75P6MCFKLhgme6GD2Ag= -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/client.cert b/test-ca/eddsa/client.cert index d159479196..5e95942db8 100644 --- a/test-ca/eddsa/client.cert +++ b/test-ca/eddsa/client.cert @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBlDCCAUagAwIBAgICAxUwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTIyMTE3MjMxNVoXDTI5MDYx -MjE3MjMxNVowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA -7i3DAVKkLlgm4KMmN86tsKmHg6V/gD8eJVUtEyWhKZqjgZswgZgwDAYDVR0TAQH/ -BAIwADALBgNVHQ8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0O -BBYEFHzt7FKo1DGy1FSmSWDgZEB/1jFrMEQGA1UdIwQ9MDuAFMcINYDLAH8hGurC -z9cuKO9ZIn4uoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF -BgMrZXADQQBAeVAmkUiaQYk4HS71pp9m715dxDU+Bx8FseiXdBaiTJgShWBwuDdz -Hmx3Yuu5/vGPyf+Eps05137tnxpQgYYO +MIIBmDCCAUqgAwIBAgIBHDAFBgMrZXAwLjEsMCoGA1UEAwwjcG9ueXRvd24gRWRE +U0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAx +MDEwMDAwMDBaMBoxGDAWBgNVBAMMD3Bvbnl0b3duIGNsaWVudDAqMAUGAytlcAMh +AFBzzivwYw3/ggX/KhRoC4q+fAOUbC07C+q1nCJRxCD8o4GeMIGbMB8GA1UdIwQY +MBaAFMUlmwtQ3/cgMIGKh0REVDrOvAV8MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIu +Y29tghVzZWNvbmQudGVzdHNlcnZlci5jb22CCWxvY2FsaG9zdIcExjNkAYcQIAEN +uAAAAAAAAAAAAAAAATAOBgNVHQ8BAf8EBAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUH +AwIwBQYDK2VwA0EAcO4Vm+lhILnqWGSap7jE8TCmz8cSw9GkzQO4Z28mJk1dAFES +5sqTsDzE3I1Mo6AVHXd2HnIguxH9uiCiivrkAQ== -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.chain b/test-ca/eddsa/client.chain index 39d60fd742..dbefd823ee 100644 --- a/test-ca/eddsa/client.chain +++ b/test-ca/eddsa/client.chain @@ -1,19 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAuMSwwKgYDVQQD -DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AEZ0Q6H7K8Blul4086JDZCRWtzRM1Qh/Ppu4d5j+9duJo38wfTAdBgNVHQ4EFgQU -xwg1gMsAfyEa6sLP1y4o71kifi4wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFDha -hgL03RRwWNzlXSNFAeZMxyqcMAUGAytlcANBAFPdVYhESKRDGyoWLR3aqDaLN0nn -jxWzGRPtiLBxZLBmxKS4j5J6dCtKKX85E90oSmV/ElorbpGznBk2l+ky6wY= +MIIBfzCCATGgAwIBAgIBDjAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE +U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMC4xLDAqBgNV +BAMMI3Bvbnl0b3duIEVkRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCowBQYDK2Vw +AyEAdA/pcEqhCS7FsUiy5toe3ADEdJ2vjfcgrO/RdzaJNMKjgYMwgYAwHwYDVR0j +BBgwFoAUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUxSWbC1Df9yAwgYqH +RERUOs68BXwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDcvvoovHlDlarpjiT/ +8JcbFVe0r3mKXjyug6OvDhK34kIr4z6zIaay4bwENRjabRI1LDHkTDPcY86kF5Nq +g9oO -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhR5rwmHkOFPLTkaLT9cqTrVZXkY9DAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4 -MTcyMzE1WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AJgNZ3ibDQ9rV85DZPPAnnwyuWh8rm3jX9ZCsU/WgG7Io1MwUTAdBgNVHQ4EFgQU -OFqGAvTdFHBY3OVdI0UB5kzHKpwwHwYDVR0jBBgwFoAUOFqGAvTdFHBY3OVdI0UB -5kzHKpwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQAsRwN+gYyaM5yN45Uo+R1y -tbiv8+TrEH0W8/oE/RCeRiPGV5qXpr2DqicljjNmNGixJ6ELuymaQ/1oMGuUDkEF +MIIBbTCCAR+gAwIBAgIBBzAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE +U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMBwxGjAYBgNV +BAMMEXBvbnl0b3duIEVkRFNBIENBMCowBQYDK2VwAyEAwXROi6SzCpBGUXAoePUH +kE/t75P6MCFKLhgme6GD2AijgYMwgYAwHwYDVR0jBBgwFoAUI7SoTxJvow+B0Ni4 +PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjAdBgNVHQ4EFgQUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDwYDVR0TAQH/ +BAUwAwEB/zAFBgMrZXADQQBkxyECqXXb3l/90A0ghe31Gkq2LCRBouXN+gUsdufi +EQ7KlpoaiLJuhJgu+rkDNoWrufETTN2vj3JnCaN8X/MP -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.der b/test-ca/eddsa/client.der new file mode 100644 index 0000000000000000000000000000000000000000..5ad53e73b9ef5e486a64cce5c1dffa045a7120b4 GIT binary patch literal 412 zcmXqLVw_>n#OSqvnTe5!iBZOYm5o_DwZK5nP{%-vjX9KsnMb)GKd-VRzdTRDHN_>^ zQ6VR_EHy{LNFg(?B(*3vH6=5#B-KDcoY&mczz_(*AWDMY#K6)FNx(qLP{KeAVj@4> z#N?dJ)VvY{EvU83iVOk8=d?d0^ZsvQ{jVjG!QHj5hIvYkt~K|ot#gzDk0|_E+&Ism zakhax&?H%97NC(0B1ctca|hi2u3*sE)$ZaFVs&m0YmGrLNP!@WkAYVcUrB0lNpWgX zS!$79a(-@;XmM(CeqM?mnlNWhesW??Mt*TgJIgWS6vlP|1xDT-3<$tzzy~svpONuD z3kx$7+W`Y%5MPyr$AF8CLz|6}m6e^D3FZ|?hJtsZvtK4E?0glGGHdycBOeWxoj)#g x_~MeY%sbNa)zo}r83Ki#otnJC=E$91pT!GAWy{OtiWGJW{@tapsO#4gMgW;veG32p literal 0 HcmV?d00001 diff --git a/test-ca/eddsa/client.fullchain b/test-ca/eddsa/client.fullchain index af1fe22ce2..cd413abe0e 100644 --- a/test-ca/eddsa/client.fullchain +++ b/test-ca/eddsa/client.fullchain @@ -1,30 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIBlDCCAUagAwIBAgICAxUwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTIyMTE3MjMxNVoXDTI5MDYx -MjE3MjMxNVowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MCowBQYDK2VwAyEA -7i3DAVKkLlgm4KMmN86tsKmHg6V/gD8eJVUtEyWhKZqjgZswgZgwDAYDVR0TAQH/ -BAIwADALBgNVHQ8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0O -BBYEFHzt7FKo1DGy1FSmSWDgZEB/1jFrMEQGA1UdIwQ9MDuAFMcINYDLAH8hGurC -z9cuKO9ZIn4uoSCkHjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQYIBezAF -BgMrZXADQQBAeVAmkUiaQYk4HS71pp9m715dxDU+Bx8FseiXdBaiTJgShWBwuDdz -Hmx3Yuu5/vGPyf+Eps05137tnxpQgYYO +MIIBmDCCAUqgAwIBAgIBHDAFBgMrZXAwLjEsMCoGA1UEAwwjcG9ueXRvd24gRWRE +U0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAx +MDEwMDAwMDBaMBoxGDAWBgNVBAMMD3Bvbnl0b3duIGNsaWVudDAqMAUGAytlcAMh +AFBzzivwYw3/ggX/KhRoC4q+fAOUbC07C+q1nCJRxCD8o4GeMIGbMB8GA1UdIwQY +MBaAFMUlmwtQ3/cgMIGKh0REVDrOvAV8MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIu +Y29tghVzZWNvbmQudGVzdHNlcnZlci5jb22CCWxvY2FsaG9zdIcExjNkAYcQIAEN +uAAAAAAAAAAAAAAAATAOBgNVHQ8BAf8EBAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUH +AwIwBQYDK2VwA0EAcO4Vm+lhILnqWGSap7jE8TCmz8cSw9GkzQO4Z28mJk1dAFES +5sqTsDzE3I1Mo6AVHXd2HnIguxH9uiCiivrkAQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAuMSwwKgYDVQQD -DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AEZ0Q6H7K8Blul4086JDZCRWtzRM1Qh/Ppu4d5j+9duJo38wfTAdBgNVHQ4EFgQU -xwg1gMsAfyEa6sLP1y4o71kifi4wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFDha -hgL03RRwWNzlXSNFAeZMxyqcMAUGAytlcANBAFPdVYhESKRDGyoWLR3aqDaLN0nn -jxWzGRPtiLBxZLBmxKS4j5J6dCtKKX85E90oSmV/ElorbpGznBk2l+ky6wY= +MIIBfzCCATGgAwIBAgIBDjAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE +U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMC4xLDAqBgNV +BAMMI3Bvbnl0b3duIEVkRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCowBQYDK2Vw +AyEAdA/pcEqhCS7FsUiy5toe3ADEdJ2vjfcgrO/RdzaJNMKjgYMwgYAwHwYDVR0j +BBgwFoAUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUxSWbC1Df9yAwgYqH +RERUOs68BXwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDcvvoovHlDlarpjiT/ +8JcbFVe0r3mKXjyug6OvDhK34kIr4z6zIaay4bwENRjabRI1LDHkTDPcY86kF5Nq +g9oO -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhR5rwmHkOFPLTkaLT9cqTrVZXkY9DAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4 -MTcyMzE1WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AJgNZ3ibDQ9rV85DZPPAnnwyuWh8rm3jX9ZCsU/WgG7Io1MwUTAdBgNVHQ4EFgQU -OFqGAvTdFHBY3OVdI0UB5kzHKpwwHwYDVR0jBBgwFoAUOFqGAvTdFHBY3OVdI0UB -5kzHKpwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQAsRwN+gYyaM5yN45Uo+R1y -tbiv8+TrEH0W8/oE/RCeRiPGV5qXpr2DqicljjNmNGixJ6ELuymaQ/1oMGuUDkEF +MIIBbTCCAR+gAwIBAgIBBzAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE +U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMBwxGjAYBgNV +BAMMEXBvbnl0b3duIEVkRFNBIENBMCowBQYDK2VwAyEAwXROi6SzCpBGUXAoePUH +kE/t75P6MCFKLhgme6GD2AijgYMwgYAwHwYDVR0jBBgwFoAUI7SoTxJvow+B0Ni4 +PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjAdBgNVHQ4EFgQUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDwYDVR0TAQH/ +BAUwAwEB/zAFBgMrZXADQQBkxyECqXXb3l/90A0ghe31Gkq2LCRBouXN+gUsdufi +EQ7KlpoaiLJuhJgu+rkDNoWrufETTN2vj3JnCaN8X/MP -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.key b/test-ca/eddsa/client.key index 7e95226cdb..43dadf0834 100644 --- a/test-ca/eddsa/client.key +++ b/test-ca/eddsa/client.key @@ -1,3 +1,4 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIIn2sO8HDl1w5hEPjF0FZh7PQm8tAkErbg4UctDE0jQZ +MFECAQEwBQYDK2VwBCIEIPAa8m4a5fgpoz8OQIVD56M5Z/Y84NGknxzxU5iAik0S +gSEAUHPOK/BjDf+CBf8qFGgLir58A5RsLTsL6rWcIlHEIPw= -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/client.revoked.crl.pem b/test-ca/eddsa/client.revoked.crl.pem index 9e451f3526..a85ab252ec 100644 --- a/test-ca/eddsa/client.revoked.crl.pem +++ b/test-ca/eddsa/client.revoked.crl.pem @@ -1,8 +1,8 @@ -----BEGIN X509 CRL----- -MIH8MIGvAgEBMAUGAytlcDAuMSwwKgYDVQQDDCNwb255dG93biBFZERTQSBsZXZl -bCAyIGludGVybWVkaWF0ZRcNMjMxMjIxMTcyMzE1WhcNMjMxMjI4MTcyMzE1WjAj -MCECAgMVFw0yMzEyMjExNzIzMTVaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQY -MBaAFMcINYDLAH8hGurCz9cuKO9ZIn4uMAsGA1UdFAQEAgIQATAFBgMrZXADQQCC -pFK+R+krCpjsmX0ZsIhzBRs9N+88m3NBInLy0Ea08lKA+/2FTNlOnjkx0v2B1PiO -8UKmZtwTjKoGzWLPR70D +MIH7MIGuAgEBMAUGAytlcDAuMSwwKgYDVQQDDCNwb255dG93biBFZERTQSBsZXZl +bCAyIGludGVybWVkaWF0ZRcNMjQwNDA3MTgyNDQ1WhcNMjQwNDEyMTgyNDQ1WjAi +MCACARwXDTI0MDQwNzE4MjQ0NVowDDAKBgNVHRUEAwoBAaAwMC4wHwYDVR0jBBgw +FoAUxSWbC1Df9yAwgYqHRERUOs68BXwwCwYDVR0UBAQCAgTSMAUGAytlcANBANzH +VOAY3iMyZQ/pWVWeIAWSTLmQPvKMt/cr7zG1TJM4WIHTItlqXb0YNRWN+Rf+KcmL +fd94viGG8S3IEdZXVA0= -----END X509 CRL----- diff --git a/test-ca/eddsa/end.cert b/test-ca/eddsa/end.cert index cafb166dcc..4810d6f465 100644 --- a/test-ca/eddsa/end.cert +++ b/test-ca/eddsa/end.cert @@ -1,12 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIB0DCCAYKgAwIBAgICAcgwBQYDK2VwMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVk -RFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTIyMTE3MjMxNVoXDTI5MDYx -MjE3MjMxNVowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wKjAFBgMrZXADIQBG -aQQnDqqVjKAWWubCZJrG6S2ZZcI9/ZO65doj0GcDBqOB2DCB1TAMBgNVHRMBAf8E -AjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUmyF3DidQEKhYUCk+ITezcqPhqAsw -RAYDVR0jBD0wO4AUxwg1gMsAfyEa6sLP1y4o71kifi6hIKQeMBwxGjAYBgNVBAMM -EXBvbnl0b3duIEVkRFNBIENBggF7MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29t -hwTGM2QBghVzZWNvbmQudGVzdHNlcnZlci5jb22HECABDbgAAAAAAAAAAAAAAAGC -CWxvY2FsaG9zdDAFBgMrZXADQQA5X4Gdwo2e2TmhjgMcFB5SVbo/IPh3i8FaqKYc -k+O941Y4S0aBC/7zGZDZx2m0VAThR0eHsyGGnsKUB/uH1MoG +MIIBgjCCATSgAwIBAgIBFTAFBgMrZXAwLjEsMCoGA1UEAwwjcG9ueXRvd24gRWRE +U0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAx +MDEwMDAwMDBaMBkxFzAVBgNVBAMMDnRlc3RzZXJ2ZXIuY29tMCowBQYDK2VwAyEA +GjQgTP+Fb35IrQhqBKKzgqjLpqkapZMKNcfCxAPRbI2jgYkwgYYwHwYDVR0jBBgw +FoAUxSWbC1Df9yAwgYqHRERUOs68BXwwUwYDVR0RBEwwSoIOdGVzdHNlcnZlci5j +b22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0hwTGM2QBhxAgAQ24 +AAAAAAAAAAAAAAABMA4GA1UdDwEB/wQEAwIGwDAFBgMrZXADQQDoaza/1OsPpo7N +gK9gTnWl3XmTbHbs21EQUwI1XPPqlFQHq/V+QN040Fv2iB899Wx19oEQ4lr336wC +1U8HGCgH -----END CERTIFICATE----- diff --git a/test-ca/eddsa/end.chain b/test-ca/eddsa/end.chain index 39d60fd742..dbefd823ee 100644 --- a/test-ca/eddsa/end.chain +++ b/test-ca/eddsa/end.chain @@ -1,19 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIBeDCCASqgAwIBAgIBezAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE -U0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAuMSwwKgYDVQQD -DCNwb255dG93biBFZERTQSBsZXZlbCAyIGludGVybWVkaWF0ZTAqMAUGAytlcAMh -AEZ0Q6H7K8Blul4086JDZCRWtzRM1Qh/Ppu4d5j+9duJo38wfTAdBgNVHQ4EFgQU -xwg1gMsAfyEa6sLP1y4o71kifi4wIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsG -AQUFBwMCMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgH+MB8GA1UdIwQYMBaAFDha -hgL03RRwWNzlXSNFAeZMxyqcMAUGAytlcANBAFPdVYhESKRDGyoWLR3aqDaLN0nn -jxWzGRPtiLBxZLBmxKS4j5J6dCtKKX85E90oSmV/ElorbpGznBk2l+ky6wY= +MIIBfzCCATGgAwIBAgIBDjAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE +U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMC4xLDAqBgNV +BAMMI3Bvbnl0b3duIEVkRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCowBQYDK2Vw +AyEAdA/pcEqhCS7FsUiy5toe3ADEdJ2vjfcgrO/RdzaJNMKjgYMwgYAwHwYDVR0j +BBgwFoAUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUxSWbC1Df9yAwgYqH +RERUOs68BXwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDcvvoovHlDlarpjiT/ +8JcbFVe0r3mKXjyug6OvDhK34kIr4z6zIaay4bwENRjabRI1LDHkTDPcY86kF5Nq +g9oO -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBTDCB/6ADAgECAhR5rwmHkOFPLTkaLT9cqTrVZXkY9DAFBgMrZXAwHDEaMBgG -A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4 -MTcyMzE1WjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh -AJgNZ3ibDQ9rV85DZPPAnnwyuWh8rm3jX9ZCsU/WgG7Io1MwUTAdBgNVHQ4EFgQU -OFqGAvTdFHBY3OVdI0UB5kzHKpwwHwYDVR0jBBgwFoAUOFqGAvTdFHBY3OVdI0UB -5kzHKpwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQAsRwN+gYyaM5yN45Uo+R1y -tbiv8+TrEH0W8/oE/RCeRiPGV5qXpr2DqicljjNmNGixJ6ELuymaQ/1oMGuUDkEF +MIIBbTCCAR+gAwIBAgIBBzAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE +U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMBwxGjAYBgNV +BAMMEXBvbnl0b3duIEVkRFNBIENBMCowBQYDK2VwAyEAwXROi6SzCpBGUXAoePUH +kE/t75P6MCFKLhgme6GD2AijgYMwgYAwHwYDVR0jBBgwFoAUI7SoTxJvow+B0Ni4 +PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjAdBgNVHQ4EFgQUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDwYDVR0TAQH/ +BAUwAwEB/zAFBgMrZXADQQBkxyECqXXb3l/90A0ghe31Gkq2LCRBouXN+gUsdufi +EQ7KlpoaiLJuhJgu+rkDNoWrufETTN2vj3JnCaN8X/MP -----END CERTIFICATE----- diff --git a/test-ca/eddsa/end.der b/test-ca/eddsa/end.der new file mode 100644 index 0000000000000000000000000000000000000000..ecd518c2a620133e452f953e1b42887a97847850 GIT binary patch literal 390 zcmXqLVr(*KVl-L6%*4pV#3*XO%EqjnT411OsAHhT#vIDR%%fb8pI2FuU!JGnn&J}d zsF0IdmYSnrq>!0cl3J9Tnv$7Vl4_tJ&TDRJUwWut$NG~}**FXzuE3+bll!=1R|JM9EkF^|GEQ>ZbtvJ1GrPR{NT&Bkl9bvwh z)4RB_)1a}pB%EqjnT3{e!C}kkQ#vIDR%p+KkpI2FuU!JGnn&J}d zsNn2qpdij`Zfal%gkTUQ!Ea(3oO(w$dTe@jOYRQCk&?OVd%r8Jd4I9otkdMs;>Ko!#s&j< zpy{&8ED{D{4I;{0R`?6$FXnH&aASu}bxp||^Ml6>_&^Hy85#exumC;x&p;N$S7i}1 z5MkrcW@BV!WoKrDvzQ>#d@N!tB1ctca|hi2u3*sE)$ZaFVs&m0YmEUvNVhP^G*$y< zAO&-;Bg372zclt#I!|5ovQOpzhw0Ly;ak>McE#DOYhJvbPiXriC+){}n-!OBdbo$h aRN_{ykg1O06CdL{$>)}cPtIz-#RmYp>~uK* literal 0 HcmV?d00001 diff --git a/test-ca/eddsa/inter.key b/test-ca/eddsa/inter.key index f47707a519..2c4571fbd0 100644 --- a/test-ca/eddsa/inter.key +++ b/test-ca/eddsa/inter.key @@ -1,3 +1,4 @@ -----BEGIN PRIVATE KEY----- -MC4CAQAwBQYDK2VwBCIEIACsY1AVlJ0k6/9oIFXvgaRmg+xa4dUFLuoiX89XdIha +MFECAQEwBQYDK2VwBCIEINbsBxHqZEvfz6efupnoNNkED96RZmgjAyp4wz2hd2Xs +gSEAdA/pcEqhCS7FsUiy5toe3ADEdJ2vjfcgrO/RdzaJNMI= -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/inter.revoked.crl.pem b/test-ca/eddsa/inter.revoked.crl.pem index 970cefa45e..bbac17725b 100644 --- a/test-ca/eddsa/inter.revoked.crl.pem +++ b/test-ca/eddsa/inter.revoked.crl.pem @@ -1,7 +1,7 @@ -----BEGIN X509 CRL----- MIHpMIGcAgEBMAUGAytlcDAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQRcN -MjMxMjIxMTcyMzE1WhcNMjMxMjI4MTcyMzE1WjAiMCACAXsXDTIzMTIyMTE3MjMx -NVowDDAKBgNVHRUEAwoBAaAwMC4wHwYDVR0jBBgwFoAUOFqGAvTdFHBY3OVdI0UB -5kzHKpwwCwYDVR0UBAQCAhABMAUGAytlcANBAHzYdYmfUnKnS4ZWmFHqxD2ZVp9x -hjxB8a91h+TSlNSRms9r/BlTJxsIkTr18BVlRpsLiPig9y83/2JEIF3ABQ4= +MjQwNDA3MTgyNDQxWhcNMjQwNDEyMTgyNDQxWjAiMCACAQ4XDTI0MDQwNzE4MjQ0 +MVowDDAKBgNVHRUEAwoBAaAwMC4wHwYDVR0jBBgwFoAUI7SoTxJvow+B0Ni4PHt8 +dOw3wcYwCwYDVR0UBAQCAgTSMAUGAytlcANBAKvNq5vFY4DDwO4eJ+sdFcACFnTp +U+sNtM+PHBlMb38Zh8Ik0a3YMrTSeLWt8TGZ8bvapmz8UKVwtKk/lTTHxQE= -----END X509 CRL----- diff --git a/test-ca/rsa-2048/ca.cert b/test-ca/rsa-2048/ca.cert index 5dac1c9c49..8b35015ab6 100644 --- a/test-ca/rsa-2048/ca.cert +++ b/test-ca/rsa-2048/ca.cert @@ -1,30 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUZBEaAuV4ORnPH4GxeJGyEiqXUN8wDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMTIyMTE3MjMxNFoX -DTMzMTIxODE3MjMxNFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzvK/b5WhfthXBMVIHboJJuR9XuG9 -+ioSrlzwT9DW7QV31UpgBUZyf1nvT7CmDplNiWZtpqSdJ9pjskBIj5dv4m5cX8A9 -fK1IATdkd6j5/c2ZFkqi5k9iPeJa5rZY6SoGKgvBEr/Y5oiO8HZJZOFetafSr6zV -WRAsKlagrmiNS0oiWC0P0yPVWZyhlHHbtYrHtF/CuWEJ9HqzUk9KeTPwgjfphlYJ -YM0bCZzqN8TEbWPksU1WnmU15YbTgjwI0bNjUXA7W9LmMvbW7EXFJ2+LI+oiF3mk -TQEXqhfdTL9NtqAikD+cfAM1y5e5QSpi8dQuexBteFtXphRZzFk8M9DVKHyngKTH -/QZo6B4Gj9VPrNRPlbPkpbnu8JWD7hO/22VLU4YhghsdwQ/833pfokdV89NMoLo4 -JOUzbTTGtjH0bq6LWTMtLifuQ4H0D1WLtdy/EGgKptnTaeYaXNYT7+v+NNcBHaW8 -W3Orbx0s9IXgQnZTk1u03RbRdIxNxqm+HYEM8gT6S9IUymNZkzDCfZC0bC/saevd -zVE2xpZmuLOfhDl+EcalDYNPrM72+NzkAwRPFGec+bcUEhBxhvxpav+SxDiRC1gD -43qFU7hVfuqVH/EFp0lR3I3Xo8TZ5OIgEyJ5vQH5Ne1+C+sqdCqdGoqf1TZuIE80 -ZwKYcMnRwDXpiGsCAwEAAaNTMFEwHQYDVR0OBBYEFEIQj1cHn3me0sRqu6KjbEb2 -kb8rMB8GA1UdIwQYMBaAFEIQj1cHn3me0sRqu6KjbEb2kb8rMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEKDnm8x+NOaWNrPNH5kIlGD0tGdDJvw -/KvBZmkMcgFkb4zhbbeUmlu0j5CX4+6Lck0uw62zRgP4Nw3x36W3DL7pmoV4MYHC -djNG1ruNoojvgZyyGgMaSabto0nSHSE9opAorrSXB9RoOv2WcBuQSBNl72eaCQ1F -4kAYjKN6ZwPxEdTsdEmqWyUyEPy6E5kNoM0jW1uI2ZBxzbIOYeePvQ3muUSIMtmC -jShiEOOpmYpzENsAMouY3ZN+CWVS5kB5umnYSviQlAVEKSjC764FD9vMLL+rNhfP -fz+y6EhKcnnYy7mdXIRY73uh5eMyCLUO0yr2Y2ophhD8D79f2w7KtYjaSKfAch0L -lETe9Ch+fGDxUCph3J1IuR/3n01ZjB47WXu/yDZ6s7SHGXIgPaptzP+nZkDnmlZX -bvjB5s6r4U2spuqeLxrwd/1Jin7It+LOYLVmkihpbta9+/KKiXOuSYN1rSiQ2XKp -n1ZN0XxhcZzsALklBIU+Lm11b8gPVS7rXqll/sDmaAH9Iw+AXwUYjCb62Gy58yzu -uk3Q+msRr3oVI9bBhmEXmZxyENYJrw305qOlI3+tHBoJLUSP6zQ214aEu4trJr5K -kmbF7DZRG9MSBXeRk7e5ojK13xI1/XCjgIOTkGxF4rEFbVwhc0B8zS/2x3zw0fkE -M4J0J+gz0QYr +MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDIwNDggQ0EwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDTXuIjkCRylAcmwd5V8WdRM5d3nbsoyugrc1xl +JxTavaWtrf/L5UdI1O4UViV8Ml2EZyQmZI2FCWic98Nuv+yBLoWaSF13NEK9X4gg +L49UqwfncSHxlUQX29zn5Sg2jc8Og0EBUoGeVWzp0oxwRkuqBg3PWfa3TLsnVp/9 +bxh1Gnek/pQ3p3klDRnFMGs/e5VbYqOsPG/r7ieMOJokcBdwZJMoA3jyl6yQyNLn +CTVIBPiJDy59Pfi31PWlYqXHVzmWDMVxHpdBA16TxYzZ5p77jUIabd6MKRQfEnXo +PzhANizZld9Iuq1OZOTdYT9KhrbPaQ3ekjw6TXpkO7CuI2ZnAgMBAAGjgYMwgYAw +HwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUlCAwwDgYDVR0PAQH/BAQDAgH+ +MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUQYavl+JC +AKDn+YLXo5BOgVUlCAwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAkaNfCjipp8Ki9cy4IJfpCD2RKUEC8nbVYENrSm0EAUGr8XFrKRJOIQ3pHEyl +D6EZ3UxQBMhXe/QgoFU6tJ9MjhxO267CwjEowFyBE8cxvp74mzBC807GXKVAAVXb +gRXuKzVmSnF6GM9hIKvMguxE4Yao65jxme85/kH9phd/VZxG/tofrK0Hemrsj+MJ +Fzdbz12BLTmQof+1B/hfC6Rrnk+ljYarswoomcz13MsaO4hzFvXGL8Q92/4O2jKn +l4ijtJ5SyjpVWT9f6F3BQ2oTigL3+eLdjsBxodl0/YrXyr4WyqwjKvDyiPqGdGuF +32//5q0MnVJ2QAa0gJdSISLnpQ== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/ca.der b/test-ca/rsa-2048/ca.der index a8770533d28dcdbde30407deefadd38515f05c2e..d1e56bd3b3d9569a197358cd561c4f1329f674ba 100644 GIT binary patch literal 835 zcmXqLVzxJEVp3ng%*4pV#K>sC%f_kI=F#?@mywa1mBB#XP}V@2jX9KsnMb4`Kd-VR zzdTPNDA-ZK$iT!x!P(J3L7dmz)W8r3!5~V4-^9Su3`u~n5lxIr$ksBlGB7tW@-rAT zF>*0AF)}h-j(em$L8WL4yV}8fp&!!&ji;B--K}xzg?4dFs=COny-U}w{eSwYyT_Gx zB4MgEMzJmFDrzact(+Niz8}up|E5u|b(TkLxrx)>_zngA{*cw|&kGelPIVE#edqa8 z4YS_!e9exGL5=f5b6#HRDRA>%#m0L+^4oTw-RfcU|K>}SN|i79H^qE;r7ExFQG;yz z>Z#F5i`UrXzka9QV=+smK)fJjvIcX-r|D}ZoVfIy)6|3IM<>5tt?iHPSH3PyT6#R( zavIOkLb>UV%yE;C_S}3n?{}}0RPMbVO%Zva(iip?4rV$xr{4G2wbn1?$=yVIueNRH zGkNb#va#~5O0nLsPB|@|iJ6gsadBg_L1Tk~JTNX~m02VV#2Q2#+tyEiAKyPDvf?Ul>I z=(zf0VYa4_pCa!|8K0&63nlOR1hAY4ul}O2Ak=Ehe4joUzuW5$9WvB75Ys4p+;HE# zAF~adKKmVuS?a(Tdb?5dowjM3S7DXJ`9y`)XPVx)JZxL>ddA0@?=Am1{#__Kc@0^yh?kE=f zdQAU_?d^Yjw~Urg?^wKLUeGD4&`A6E7qJJOvxK{tzW;o5x9>pV!kZ<3yRM(wCw6L$ jvet)B9lzR2vRm)x|9`fYXKqlL1KXB{=|PH0&zAxK;3__g literal 1305 zcmXqLVih%LV*0y)nTe5!NhC#3is@;ErQ~_}#*GydHwkG?54dl@%f_kI=F#?@mywa1 zmBB#DP{KfrjX9KsnTNk1Kd-VRzdTPNDA-ZK+0j5woY%TpcM2Yhn1G$D4 zP%d7*O-xG2Rxz?NFgG#rGXP!3#ni;a$Z+n{{`{#6>u!Xz9QBah#i{nBHtylxUs^)z zVm|m^xb~K{{Hj+1t6NchHu{FmOErDkcDc!hFMb^9kr4^UeT)-$gPMDUnUZHCep_E!c~o$@yVU-(12x8B(=kioU==H<+1QZd(r-@pE6a-C6j>7MA~)%mhIUs@kHl?6|Z z-f~y$Vo8thv6cH|8+ksl{PMmeaw<7;vcaL+30rdX-(O}=G?a*cb+h__=}{^`MF(0NT9IoPiEHtNk=Ruaz`*fu4)b55nA_Zs{BXR<(`3e zdao}&a`VX}1!1Miy^KFi-_~)z)+*7OE7djss#%_bzezgNjDnLF5178}$Yx?@WMEtz zY!GN53ru~od@N!tB2EJR;q3D(=UqCIwR_Rx9Jg;1_iG!-gQS&NfT^?ry8?cY0%1nR z|17Kq%s>h`*#T2HFxfFOI5p49H~evVR>ZCICUq%Ffz6jL&gGf?;m_)WX_-7lj4Am& z4|BIqnH9aIf5P;~@4Ab8^$xGy?8f}VocH7XrQ3P-y`0rrVc2-6%-HSP?%qWm?;GcA zl46$fT=sUc=OtN1+eH&J)@_;2ekH@|@3aEx2_C|!@6%^-^1429kmy-lmCpQ8@XDJK z&sEW?Mgo6!3D4wRa8@}wy5r`A!n2$B5})_)<$bo(rNiiEQ?Evnz~hxOyNU&FGZ=Nx zxI4LyGd1X$L*=f_8(u#qOks7=)Hw8h9V`FsGdlZMn~9&Vx8L-_!>g$B#_64NV_G8K zS1)|}*ob2*-({_D$yu6h0)P1T$KU2VwYB4x$MOS3vfNW#?tRgyt4a76pp|%MuE$RK z@AG{ld*rMmtM{KUtJ=J!U9w2Qc2(|~|I5=Hp3e#k&--!k*}2sZeb+2|HBVpaL-}9N zuDTQ3ADv6snl?!zGw<5o-=DfVi`RKJm#)>AaI8sH^j3_^r-#1k+bu&&bwW{7k*_6uCEeRzIL!JQGDi{B7tk1 z>v_LCTf9`ceyxlYr>;x?YZJ5UZ7sXIv(@%_O-eiZ#w<|!vJh+e#L3%tE;8DBU&!=t p!QzJI$rEy1A8lmKjZrLis5z_u?Rd?Hi$7V6n@ZGQ7++-51^_@8M*;u< diff --git a/test-ca/rsa-2048/ca.key b/test-ca/rsa-2048/ca.key index efebfd78e1..7d827b3bc8 100644 --- a/test-ca/rsa-2048/ca.key +++ b/test-ca/rsa-2048/ca.key @@ -1,52 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDO8r9vlaF+2FcE -xUgdugkm5H1e4b36KhKuXPBP0NbtBXfVSmAFRnJ/We9PsKYOmU2JZm2mpJ0n2mOy -QEiPl2/iblxfwD18rUgBN2R3qPn9zZkWSqLmT2I94lrmtljpKgYqC8ESv9jmiI7w -dklk4V61p9KvrNVZECwqVqCuaI1LSiJYLQ/TI9VZnKGUcdu1ise0X8K5YQn0erNS -T0p5M/CCN+mGVglgzRsJnOo3xMRtY+SxTVaeZTXlhtOCPAjRs2NRcDtb0uYy9tbs -RcUnb4sj6iIXeaRNAReqF91Mv022oCKQP5x8AzXLl7lBKmLx1C57EG14W1emFFnM -WTwz0NUofKeApMf9BmjoHgaP1U+s1E+Vs+Slue7wlYPuE7/bZUtThiGCGx3BD/zf -el+iR1Xz00ygujgk5TNtNMa2MfRurotZMy0uJ+5DgfQPVYu13L8QaAqm2dNp5hpc -1hPv6/401wEdpbxbc6tvHSz0heBCdlOTW7TdFtF0jE3Gqb4dgQzyBPpL0hTKY1mT -MMJ9kLRsL+xp693NUTbGlma4s5+EOX4RxqUNg0+szvb43OQDBE8UZ5z5txQSEHGG -/Glq/5LEOJELWAPjeoVTuFV+6pUf8QWnSVHcjdejxNnk4iATInm9Afk17X4L6yp0 -Kp0aip/VNm4gTzRnAphwydHANemIawIDAQABAoICAFSN+EvGLkLeb8eCN7H1pfGf -H95Zi76f3Bwj2wgxgu868bhS+CKPow6Hl3DO8zo5xuVh1WFmFtQGtf9JppwMuukg -QFva9wRu5GGi2UjO4L2jeG4UNrS1MKWqS4vCa1dxFS2uucdIXX3rw8NaASjXsFO2 -ay3eBxmpsvHljSdVjo15j8jJOJMDLBO+HILDdoqZVnlLOwt1K5UZYRU7UmltIFKE -N8TseE513xsxYr1AhyVO0EzlFYQIRFowmVC36L6NdgH7QjWFWQrvsea9pw0y1P3q -lt1SlR/lV17m+0N1UnJQwW6AnxZIVX2G02ldwSmfkRI1JxUq9Qflfr8wopllNQHm -ukrnV83yzCCXaha7l/Xisue1aFu25E0gJWDjXuM0ViXkw9NjUwRf8JwaJidKdXdd -u+plLeNjKLS03NV776hA8TopQXZHq75jPQzS/CU59lBfYfyBmZocCqnxmwHtXuCK -8KffV831mJe+4JPlDQsIUbHR4tn3v2suHNX25zXb2ineDmC/S8G2xp90RuYCHmya -hxgwDUZEY18i+Gkzt0LC/Xg/VPkwJmM23vicxDfcRB2kGWVR3tvWQL9I4bMDda4c -K3JST3pDJm2U6/kjlcib6xTiAhesPy5HFkJNGkh7GgKMr8SXP+z4rgrnJadZfkfX -B5SNdIANFSdpi5fMIjR5AoIBAQDpBCfyoF7N3mRI7UWNM/PQHqk1SHTwTXr7EucR -ds7U9Gkk6TWmLE1GTaWEluPZ9YG4G6HIZQxY277C0C4yUnb2i4P+iMl0hk3JTLwz -5T/JdmGSmmtCuiJ/S7cW5AUj9EBre65xzNie+okmOgJUhOiHtRfPPWoofjYeaVEf -fqA22uFvU8B+AeqUzfMysO109ItQ5FOK+QNk2pOMZVkZZM5iBRFKHwQSugbk7OMw -sEA/zWzzWhLgV48Ee644PrdRmzcClkw+M2KjS0JtxNLDzid0BA+iwDWsuusNTOY8 -FvEv0BZ2elxbUVpBS4QyBM3fYjc3wDWX/h9OVgCihkRLw5ZFAoIBAQDjXFqox1xX -+Z9rLoNQEMV8h8k+AnKqjyHBAOb0hTxzL7S6NhHSOHXpIQE9g4Mxx31nnWj6hZpj -XZTdlGstEAQfWkryi3u4mOFM5MdWmxeDDziyv+uN3MEoQWHps/OI/8r3uSYL3vCe -f0RLBTzEj0EP2pGUeMnvUNXXrbceG7AVeDF9UR+iFQZ20zsBpoCZ565iCo6F754h -TzEwzlQegNJxsxROny0Fx4MLeHIf6fK8vl0jheW1SF1n+8w5/WfObXlnLofc6CQK -gxLbGDhIeoEelKctC+ApiyPAz0h6/S0tgKYvO/PrXlu/ZCqJWpUC6drc+/3Ouu+b -z78MlTrjGibvAoIBAC5sjozvWJQJh89jvmSogh3nzex4uBucRDE7jd/T3NderogV -EoQ99VNZau2kplapbCPDFZN4VmJpvXLQyTNrbJooJ68Rj5lwnJTLff+U4AWCWWQ8 -8bvEm9Tiv+KGoWONaTxA0vuHRW0/Gw4LpqUyKaXH9atrX/gbVSrv7qKotsDXEOz+ -Ma6pMRReh+KEj3qqsgr2wpJAlGWGirkBBCRkCh5LRiuPTF9ywqbfb1Am/VX41okR -XAtoRm0tOwOnsxxGIUqZqS0HTdKczupRuXAbZY7etELHqqn0P5pRxNkZ9QmCmscW -D8p9xc6Wfgr9HAsyZS/tUoAquBACYHQA7iBuIkUCggEAM3ctYnU2Vwe/aXCu8snJ -GmZWTH4bXLZnqpu8q+8Y/u32mAwzPoXfUvVQpY8GfJcusOy13beuef2t+/ZjyGCO -vlYfDwY57FBW96P154nV6anhaLz+4i7tXmJmepNsdj+Iv0ie7yL5Dre6Ss0Vs1zG -GoOcXqJ0+4It1dOR1vPniQSbF0XsxjDCNNWdzsLU64HBPJotJu5Vui6F8QlTi1AX -0vr5hs6LT3qZFFigZM79TnI8/RSLKd0Gn8oksZ/GBrlLOOsUgBHgTqza8NNrsiRg -4/48VXsRs/W2EygYvRZgSqOLere0gDvswsc2xb7GalFrZIh6LHiuUnPVSFDjcpLx -6wKCAQAZtK8X9rdC9er/KP95beXJR5qWA7BxRBHxsOJ0PZI8VfZFNLAhvU6X02Ei -Cc1GLpMDuPpLhCk73+Ht0xj1aM8KsVn1iyxG1yq0WEyNSqDuWEu4EkwTGdtnnT7a -GG73RsyOQf7fVBYIDME1wgKd8hJ6vtzJBZeuxeLd4i7HIWRqQJBZR3rl9rXOcj3m -21MyQ08zApSah3crNV4w3Re3QdCbLZuovJwIMoZXKKUsLfdRwHbUiccHc0tQAa10 -czVHyG/Q/IJ3+8MocfN6VrvTdReYDxRWfSNd7e5QC1lsby2Tzu1+8QeLtnSCINqV -tpsS22v8l5sXbbCwwf1Yp9aovYgb +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDTXuIjkCRylAcm +wd5V8WdRM5d3nbsoyugrc1xlJxTavaWtrf/L5UdI1O4UViV8Ml2EZyQmZI2FCWic +98Nuv+yBLoWaSF13NEK9X4ggL49UqwfncSHxlUQX29zn5Sg2jc8Og0EBUoGeVWzp +0oxwRkuqBg3PWfa3TLsnVp/9bxh1Gnek/pQ3p3klDRnFMGs/e5VbYqOsPG/r7ieM +OJokcBdwZJMoA3jyl6yQyNLnCTVIBPiJDy59Pfi31PWlYqXHVzmWDMVxHpdBA16T +xYzZ5p77jUIabd6MKRQfEnXoPzhANizZld9Iuq1OZOTdYT9KhrbPaQ3ekjw6TXpk +O7CuI2ZnAgMBAAECggEANVn3vn49lOYkP/YjRpIeP/LDwp9/hDZjD8SYh7erneLM +lOAcdryyl4GXbm6oG4ci766RA1fSGMhdLXGkVKoA6kJx2pV1cgcw6VfZpjYa+YYK +ArMdnDrO6y7FvYqr8cktgD5FBC5tJSfuy74nUJeNtaa9iZ7tlSq6+pz02SVXiQbl +cqmdEbtil1rjt145bM8yKVzdcGSjN4gCL3qqJskHHSMIBp8F4UCHz1oYW7/Ite4k +ZFDB2fDC2EqOvJxtc7sY5d31N/FrgarXBUuShjORqfT4ypIBrAMLO/8CTcohThH0 +cp7PzJE0rQJiBavKHyLp6AQOGyuT7rKzfFS0d6TxYQKBgQD7Ck5T4WxxtaU2QDWc +N/bQNc4XHM57hfuUetXyOlL40a1wf+tb+/DuEYZNltbTpgV5BzcyGmM/M8Hvxqva +hq3TgleP2OYFa7j7W+Ff4qxoFGMxNRaCEJiXIadkGVDplsN5/RyozqbUFcp7KjHk +UlPweCYmCTTkvCmyY6bBTksHPwKBgQDXi/Bq/4dB8/qs2ubs8YiP5stx1GNn/+Gl +/LpBIg5LnvXy70wih86/fUfJeI4tLKXLq/tcYw/Db2CCdnOJC3p/WXWWUdPMz1ev +orIhPRViXcK8/k6JTNj1GL6iTwBln/UW4zt9LgOcVg15g+zIJvM3FTYe6H9fElNp +rVG6Gfc+2QKBgG2CsGqdAr6T289PsVNFgpCPeCjS8ywlZXr/Hsd9M+bBKSTTWKuW +uyJPWMQOEgbf/LEwOZ7MrhDLFkXv59X7PGbxDBt/JdCljltwWF+ItWbtxduYagox +DS+Yibn75TURBJL5nH/zLgmEvACAhqUwWNekwheDmqRRhOsB16Op8MbnAoGBAL8C +3woi6d0TddiKoEvneypyz2VPXsxB4Nh0jyW7JUn0U2Z2k1SiXyAoyF4M/Imh4EcO +YFEt5EE/yRm0GIyg5GxIfcC5QOVl9QHLPunftLyX9EQBZN2dgUIqLH2vXt2wE8S1 +l/lFtqNrSsOdmk6A3dW5cV2QkZdRqSOkGSG/cvB5AoGAIMNCOTICJynA4BR+vHsA +naWXiHm7TnJsJ1W9Q00/B8fHRsredpKL8JF2aobCDigcBBVUI2F+utGsfNmsZ0tJ +uV2kAUPa548kfWAyvll847vtOM3tXAU4vhR4xQA+wri/zfO4BSE8LB4ygRRVsOTA +vJMbVOiuyjU3h5fgOMfxB3g= -----END PRIVATE KEY----- diff --git a/test-ca/rsa-2048/client.cert b/test-ca/rsa-2048/client.cert index be8e8aa3a4..0d24af406e 100644 --- a/test-ca/rsa-2048/client.cert +++ b/test-ca/rsa-2048/client.cert @@ -1,23 +1,21 @@ -----BEGIN CERTIFICATE----- -MIID3DCCAkSgAwIBAgICAxUwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u -eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTIyMTE3MjMxNVoX -DTI5MDYxMjE3MjMxNVowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKiPnwCtC2OgSrWGT66eBMXcdGqj -IZ4U/pi7LeZQd2nR3tY0S/vY3lKobDa0XoXVrxZPiVqg5OSYghab4QLL9bnX9lcJ -98nhBOgJ0ILYE7Y0YW/mi6V6QEO3cG909Y8VmsS6wKetA2Zh2fo5azCRydbO7zOb -7KWkLRQseYC/0FCflT04heKp6E5yzQbbv13p4j3p/GTgEXhdxlcPLHqGkBRkUeNE -e+N2v+9yh1xxb9L8gOVM4bM5/6rFsaqEI7g9/SLnVi38/lvZIYk2sNLv7+p7wrxy -WcAOwn/+y/m/FDdjIQOpNsu+Epms3mqT41AFpXbd1dvKxZmnIp5xw4qzCQIDAQAB -o4GZMIGWMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgbAMBYGA1UdJQEB/wQMMAoG -CCsGAQUFBwMCMB0GA1UdDgQWBBQtH6waKqkaP10N5HDKgH1+C87DsTBCBgNVHSME -OzA5gBSQodd0RX6RcmeS0UfgOp3UUb7xmqEepBwwGjEYMBYGA1UEAwwPcG9ueXRv -d24gUlNBIENBggF7MA0GCSqGSIb3DQEBCwUAA4IBgQC1LWY2dfmtAZABD2lYny/N -c0DT7rmWepXssc1TpWvwlnXgdWMMxtLx46XjIqITCItR/QKqYdf/JAEoKFyO17NY -h6VYUUznLmjmuKGUiLlKn8lEdK4UTgMRiFJ7tRkhRm4dLCyJ1mVD4sQgGlQm74qN -qGNHucVSVyYfiFraQOZu9PHE8WOuUPyp9xmQiCAFGWVGO3ElmaBl/80GYCT8yccm -jSwejGVQoOpSTY/ouiwGee3Jy4yJ4TtQd1ltgFuZQDoYe8BiqkMwg76GnyzEK6GL -uEraJNh/1oW2RcQ+PP+7SQLaqd624U9KQaC2m4ZuiMll4CegxSSYsuKNAxGj1s+s -psSSbFMae2KaH2dg4v4n2BLLt17ZSxF9zFhdbrfs8iuVcapr4JnJYaTCN3ar9m0o -NntFnXXCg9a5YIlvPDjfWMVjhrq4NXeIyvfiQ4tpgI2E5QTgexodHYmmmVg5T9G3 -4KqpAVxduyka59Z9XqZMRTct5+bV23pvrVeWdyQJBWg= +MIIDZzCCAk+gAwIBAgIBFjANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255 +dG93biBSU0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw +MDBaGA80MDk2MDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztoC+XuDSsrNRfdjUqAE +TXpPRwflWSRGnrTwqbVn33rJvi3NfQvPsy2w+6gek8u7YOT7l/hv03olZMGKkONa +22xd9qMhYocTTMo/p4e38XBtvnt9gBp7pR64qmkR29AcsK7+3t45shrOI6bkmP88 +PhTgODzcnjvdn0q5UCcWQphhYP+0LhJEeu7/9ClRiQWV1YZayVOU4ktTf9TjFM2x +iyBMNXRUACbXrjAypHpL+Z3BnmcsQD8xNZawYN9vBfEHzN0OorcxJiCvuEogWoGV +LU7p+U1jhXqpdky90axIxq7n1X+W+hSduTigywasLZ9Yo+GyBUY2paWx9kBG0IdG +QQIDAQABo4GeMIGbMB8GA1UdIwQYMBaAFDemuXxiNwiygzt2hCqqb7u5meSaMFMG +A1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29tghVzZWNvbmQudGVzdHNlcnZlci5jb22C +CWxvY2FsaG9zdIcExjNkAYcQIAENuAAAAAAAAAAAAAAAATAOBgNVHQ8BAf8EBAMC +BsAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAGDARaF+ +XQYjRSvtjIHty+xbCF7mAUaZ55D6/qvUp7WNiPx4vgFJPFLqCZbWBsajQSl9NgRh +syLIjI9MUWEhzaTVRzGqmtK1vcNYTwMrGoMVnjwI1P3pryjoKRGFa96JT47NZ46l +3oOsnNr7FaC3ZV8aEi6eeQKNG1By8XeeRU56fpwdCbf2et1YrI8zTcgtRT3ZxXYq +Z7P0TQBC/CbBVs0y4DO+zOr3Jm2j3OVxEzFV2mJSXKrnn1BbEiZVQxP5TMmLnOTh +suEnTJfd/cXOysY2MtCijFETYz3Jx9A0qyyPzbRe5f/qmzTkrGQyrBmmXdSdbfwA +OC4X8+/yIhMzwH0= -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/client.chain b/test-ca/rsa-2048/client.chain index 90a68d670b..eaef9f0baa 100644 --- a/test-ca/rsa-2048/client.chain +++ b/test-ca/rsa-2048/client.chain @@ -1,58 +1,40 @@ -----BEGIN CERTIFICATE----- -MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAsMSow -KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDC9IRIszo5zkkxlz+pkU8otrZ2Jwlf -BQ4j5heoPkpmvFss2fDElZZCVhZt54ehk2+oRuZhfgldfmuT0KCQEMnx8iN7K+pk -2LgaAVGzT4X/NBv+qamgkzRu9UvrS5NrlWutHsPPRt2TldVVJ1UEiLuWrrFMQwi+ -JATjgBHz6PhhD+UnPszZM/SJaBmtMXT99rO/sS6aaQhkZJCSDVVOnnecXafshkEF -tlMkKDRTTxxTOiTGu2NSH5MMzB3F952AiG8ZDONRSyBtxh/kpRV6+idO/4ufIQ3w -ZUPjLlRZIF9cDIGJXRU+cjYvMSV6yPzM2rP+67dPS9N7gQS1AFiMOlLQRbp3Sz9e -R6eetX/ggaHPcIzNv+pLp0L4+8PINZWhcJnZUlgkNR9Gg25mdPC6BLpWH20NH37V -VfSs40ytxHyw5QRokwwjcGUmlzXSJf0R+eUhXkJAmR+bgKbQKRbCW6M+byNdphfu -c3R2irNvRbYkwTOP3FvFkcC+cYyMIHyKihMCAwEAAaN/MH0wHQYDVR0OBBYEFJCh -13RFfpFyZ5LRR+A6ndRRvvGaMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBRCEI9X -B595ntLEaruio2xG9pG/KzANBgkqhkiG9w0BAQsFAAOCAgEAxyqRDyGCkF07q/2P -44Mkwg+olQdT7moiO7V7MauwLZmCNqkr4hQcAk1NKi1QdYw/xCgd/x7PQ/INVMYN -oAG/xxr4nh0whygSsPGk9LkzoeG4dfeVv7tbsYw+4o7wU9kgCM1v0c2vMskyHh3F -vdMJV+5hWZqHZLUOZY1l9ziJysz/aSD4WpMtXdwT5fFgbJ8zggcMADkIESSBPrK5 -ykjFqFnoryK938IUw8fHEdU5ZdjM+1li4Q6P3YT6ovY9aA9gXbD/xb4mUb5kG+ug -tmGV+MDvi6Qgyt1O9ZgaW0tLdbjdxzTjEgU0KwUDpK6AZ9ebcyL5PGj3JA15ZPvS -36AHH/3N+u3w1Poyxb8NxyOgNY7AX3hRQax9G1/43F3VZ1C991xVrwWL++mRD+Ai -5FhMKjZ258+8DKgYaT2JIExwNWA5taafmR2CKpxgVWSFLha/WogJH3kyyTJHXLjU -Bm5qvwqWAvS3Px+WkSbtqFKRDCs+oaj2wGGuwxqEEEriMJ26AC3Si2n9k0a17TOj -lezKgblBHlpokEgcqOkRDB8k1g/Hkx7eRX4RlBRJ4PVRFT6qSTyy3dESsWhb7Sz2 -+uB8SQIYH+5QXwD3MpNrg2BILQYtcciPiGmLNyQB3ZvJUKcj0n63CjxAfcSnbkUF -AnF6iUVbZu9AMRaBDiRdNLGnBms= +MIIDUTCCAjmgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDIwNDggbGV2ZWwgMiBpbnRlcm1l +ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5V3i+L4xmeCdv +LprK/Z7KT7Sn49qYIkd9nkb1xcoQzbZKlZ6BtGa7O3on0uodRYbFpb9VMXvvAR6z +CUDKriMvkS8jfv2TiEzbrbGYVgRiEpyt7obzve0EvaFD4VNp8DYwBUzOWY4L3Ffv +HkRMvjh8DXe62WD7v7RImkV9qYuDR3lZPz/TmVKa4QF+3VNQjXR6sVaLTKxjbLtx +I7icudw6jgA/8oQEY3fnGJGVABLQz7MIko7xHAjaT2M0vRCWuls3I4ehueAWr5Nf +6CGCRGAmZls9/rE06tl2nIbDfYYrBFg9OKgvqY7q/Zuj01fSTxWhb9KsYdLZcGk6 +W7WNJuZ1AgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUl +CAwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAdBgNVHQ4EFgQUN6a5fGI3CLKDO3aEKqpvu7mZ5JowDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAVYrrSfQRhrf3wIKaprhgmvb/lCHVs48I2n5A +UJLtkJCDkCuNQkH4uHHsGOyA1EixHNJoCfL2IIT2rrpxmcZ+wDjhyLxrUiDQhQQu ++J2yvdgZbs4hhXT+/px29MoyQwLEgN4tdk7F24nIJzLHZuD6ou6TKKS9Hy7kkDBQ +JcZj3GVqwt5HMTyXaFyvsTnGSmRdVadxnSr4tM8Ywp4C+0qif7t6pHbB9nzxsL+q +4N08TC5oFBuJs/PUmmZ1hXNrILluqZtyo9ZlDWeVeG56TRdPrDHP5Cnb68UViUt5 +AuH2VAkceGSYNsMiIBX77+w+TvAt50FGK+1MM2mJy+A2PUvxmg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUZBEaAuV4ORnPH4GxeJGyEiqXUN8wDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMTIyMTE3MjMxNFoX -DTMzMTIxODE3MjMxNFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzvK/b5WhfthXBMVIHboJJuR9XuG9 -+ioSrlzwT9DW7QV31UpgBUZyf1nvT7CmDplNiWZtpqSdJ9pjskBIj5dv4m5cX8A9 -fK1IATdkd6j5/c2ZFkqi5k9iPeJa5rZY6SoGKgvBEr/Y5oiO8HZJZOFetafSr6zV -WRAsKlagrmiNS0oiWC0P0yPVWZyhlHHbtYrHtF/CuWEJ9HqzUk9KeTPwgjfphlYJ -YM0bCZzqN8TEbWPksU1WnmU15YbTgjwI0bNjUXA7W9LmMvbW7EXFJ2+LI+oiF3mk -TQEXqhfdTL9NtqAikD+cfAM1y5e5QSpi8dQuexBteFtXphRZzFk8M9DVKHyngKTH -/QZo6B4Gj9VPrNRPlbPkpbnu8JWD7hO/22VLU4YhghsdwQ/833pfokdV89NMoLo4 -JOUzbTTGtjH0bq6LWTMtLifuQ4H0D1WLtdy/EGgKptnTaeYaXNYT7+v+NNcBHaW8 -W3Orbx0s9IXgQnZTk1u03RbRdIxNxqm+HYEM8gT6S9IUymNZkzDCfZC0bC/saevd -zVE2xpZmuLOfhDl+EcalDYNPrM72+NzkAwRPFGec+bcUEhBxhvxpav+SxDiRC1gD -43qFU7hVfuqVH/EFp0lR3I3Xo8TZ5OIgEyJ5vQH5Ne1+C+sqdCqdGoqf1TZuIE80 -ZwKYcMnRwDXpiGsCAwEAAaNTMFEwHQYDVR0OBBYEFEIQj1cHn3me0sRqu6KjbEb2 -kb8rMB8GA1UdIwQYMBaAFEIQj1cHn3me0sRqu6KjbEb2kb8rMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEKDnm8x+NOaWNrPNH5kIlGD0tGdDJvw -/KvBZmkMcgFkb4zhbbeUmlu0j5CX4+6Lck0uw62zRgP4Nw3x36W3DL7pmoV4MYHC -djNG1ruNoojvgZyyGgMaSabto0nSHSE9opAorrSXB9RoOv2WcBuQSBNl72eaCQ1F -4kAYjKN6ZwPxEdTsdEmqWyUyEPy6E5kNoM0jW1uI2ZBxzbIOYeePvQ3muUSIMtmC -jShiEOOpmYpzENsAMouY3ZN+CWVS5kB5umnYSviQlAVEKSjC764FD9vMLL+rNhfP -fz+y6EhKcnnYy7mdXIRY73uh5eMyCLUO0yr2Y2ophhD8D79f2w7KtYjaSKfAch0L -lETe9Ch+fGDxUCph3J1IuR/3n01ZjB47WXu/yDZ6s7SHGXIgPaptzP+nZkDnmlZX -bvjB5s6r4U2spuqeLxrwd/1Jin7It+LOYLVmkihpbta9+/KKiXOuSYN1rSiQ2XKp -n1ZN0XxhcZzsALklBIU+Lm11b8gPVS7rXqll/sDmaAH9Iw+AXwUYjCb62Gy58yzu -uk3Q+msRr3oVI9bBhmEXmZxyENYJrw305qOlI3+tHBoJLUSP6zQ214aEu4trJr5K -kmbF7DZRG9MSBXeRk7e5ojK13xI1/XCjgIOTkGxF4rEFbVwhc0B8zS/2x3zw0fkE -M4J0J+gz0QYr +MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDIwNDggQ0EwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDTXuIjkCRylAcmwd5V8WdRM5d3nbsoyugrc1xl +JxTavaWtrf/L5UdI1O4UViV8Ml2EZyQmZI2FCWic98Nuv+yBLoWaSF13NEK9X4gg +L49UqwfncSHxlUQX29zn5Sg2jc8Og0EBUoGeVWzp0oxwRkuqBg3PWfa3TLsnVp/9 +bxh1Gnek/pQ3p3klDRnFMGs/e5VbYqOsPG/r7ieMOJokcBdwZJMoA3jyl6yQyNLn +CTVIBPiJDy59Pfi31PWlYqXHVzmWDMVxHpdBA16TxYzZ5p77jUIabd6MKRQfEnXo +PzhANizZld9Iuq1OZOTdYT9KhrbPaQ3ekjw6TXpkO7CuI2ZnAgMBAAGjgYMwgYAw +HwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUlCAwwDgYDVR0PAQH/BAQDAgH+ +MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUQYavl+JC +AKDn+YLXo5BOgVUlCAwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAkaNfCjipp8Ki9cy4IJfpCD2RKUEC8nbVYENrSm0EAUGr8XFrKRJOIQ3pHEyl +D6EZ3UxQBMhXe/QgoFU6tJ9MjhxO267CwjEowFyBE8cxvp74mzBC807GXKVAAVXb +gRXuKzVmSnF6GM9hIKvMguxE4Yao65jxme85/kH9phd/VZxG/tofrK0Hemrsj+MJ +Fzdbz12BLTmQof+1B/hfC6Rrnk+ljYarswoomcz13MsaO4hzFvXGL8Q92/4O2jKn +l4ijtJ5SyjpVWT9f6F3BQ2oTigL3+eLdjsBxodl0/YrXyr4WyqwjKvDyiPqGdGuF +32//5q0MnVJ2QAa0gJdSISLnpQ== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/client.der b/test-ca/rsa-2048/client.der new file mode 100644 index 0000000000000000000000000000000000000000..a4ef0b3afbc1a1e6113d692efd1580016ab34bdc GIT binary patch literal 875 zcmXqLVoo<`V)9?W%*4pV#3*LK%f_kI=F#?@mywa1mBGN!P~Sk8jX9KsnMbW4Kd-VR zzdTPNDA-ZK$iT!xAt$vgHAlfnAv3QewJ0|=B{Q)k)j&a<*WA>=5D38_N`l|Sz|ss! zz(C4S!axjSC_miL5b)>a6Sc z`x7ubkEjupWm#z;r9x;$)|TGJo!ESNB-q1)s%x> z6COw1&WZiDSTU(x*yoh}^7ic?3v%~W*EUF1FO}P|DpT7r^0Fs0 z{@d7zJg~62Gtc_&e6O7W>S9ha5)=M!(Gzm1diVc}W?(1l)T?b#CxfRv@(!-Q@>t~T z#%={4(~=Mdwd?B)jFwb+|D1bpUb>Ehy`kx}4GH)2SwFI$xy!d`yP=xG`W;>hQH@h| z{a*g`O>V7PS?06%;u?=*>z-e&pY}^+?oNvZr`gu%&W~99a1*PW+0vyOzd5*FXm@jD zVrFDuT--R%pmDZ=JTMGpm05s+*&t%RY-df9Imf1E>#`QDRr$Mj&U`YwWut$NG~}*w@I`(H90>oMGsAwGbcYeF()IxxTKxsm~jeYyMO{C?+yk8 zU^L(Z8OqPd_@9M^nThRyfiQ@#%EDv7#m1q{#>mRb&dh`yg}`J4j6z0+gafV%>tflI zUA5o#G`>CkCYmGe8Kc|G=M#SYTYY8u*4~ak75f-HZGv8LPP@i-Y_X$etr<(=W~CE7 z{XT(-if5NxbvIl!>(bV}ha>!%wWXRx=h<*v`TKIc#tTis*6e$o{(WcD`Q_}aN0xK@x2n4lYx<3SPw2YZ-aJ~SmA?6lFN4z` zwS!@2jUE{9JM-$hTJGXIPYZ<&LvJMo#jJWhKOkC2E!0`~r_agmIZqyLdZ_L*{qEnR z=T03nGrF*-Cr~)q_T=#kCaZP&&u)o(`v28zlP7CZjMhjli@h>8_YZ@Gp7`hYpOl1+ H57YtxQGQ&f literal 0 HcmV?d00001 diff --git a/test-ca/rsa-2048/client.fullchain b/test-ca/rsa-2048/client.fullchain index 3f5e874e03..428a71021c 100644 --- a/test-ca/rsa-2048/client.fullchain +++ b/test-ca/rsa-2048/client.fullchain @@ -1,81 +1,61 @@ -----BEGIN CERTIFICATE----- -MIID3DCCAkSgAwIBAgICAxUwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u -eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTIyMTE3MjMxNVoX -DTI5MDYxMjE3MjMxNVowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKiPnwCtC2OgSrWGT66eBMXcdGqj -IZ4U/pi7LeZQd2nR3tY0S/vY3lKobDa0XoXVrxZPiVqg5OSYghab4QLL9bnX9lcJ -98nhBOgJ0ILYE7Y0YW/mi6V6QEO3cG909Y8VmsS6wKetA2Zh2fo5azCRydbO7zOb -7KWkLRQseYC/0FCflT04heKp6E5yzQbbv13p4j3p/GTgEXhdxlcPLHqGkBRkUeNE -e+N2v+9yh1xxb9L8gOVM4bM5/6rFsaqEI7g9/SLnVi38/lvZIYk2sNLv7+p7wrxy -WcAOwn/+y/m/FDdjIQOpNsu+Epms3mqT41AFpXbd1dvKxZmnIp5xw4qzCQIDAQAB -o4GZMIGWMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgbAMBYGA1UdJQEB/wQMMAoG -CCsGAQUFBwMCMB0GA1UdDgQWBBQtH6waKqkaP10N5HDKgH1+C87DsTBCBgNVHSME -OzA5gBSQodd0RX6RcmeS0UfgOp3UUb7xmqEepBwwGjEYMBYGA1UEAwwPcG9ueXRv -d24gUlNBIENBggF7MA0GCSqGSIb3DQEBCwUAA4IBgQC1LWY2dfmtAZABD2lYny/N -c0DT7rmWepXssc1TpWvwlnXgdWMMxtLx46XjIqITCItR/QKqYdf/JAEoKFyO17NY -h6VYUUznLmjmuKGUiLlKn8lEdK4UTgMRiFJ7tRkhRm4dLCyJ1mVD4sQgGlQm74qN -qGNHucVSVyYfiFraQOZu9PHE8WOuUPyp9xmQiCAFGWVGO3ElmaBl/80GYCT8yccm -jSwejGVQoOpSTY/ouiwGee3Jy4yJ4TtQd1ltgFuZQDoYe8BiqkMwg76GnyzEK6GL -uEraJNh/1oW2RcQ+PP+7SQLaqd624U9KQaC2m4ZuiMll4CegxSSYsuKNAxGj1s+s -psSSbFMae2KaH2dg4v4n2BLLt17ZSxF9zFhdbrfs8iuVcapr4JnJYaTCN3ar9m0o -NntFnXXCg9a5YIlvPDjfWMVjhrq4NXeIyvfiQ4tpgI2E5QTgexodHYmmmVg5T9G3 -4KqpAVxduyka59Z9XqZMRTct5+bV23pvrVeWdyQJBWg= +MIIDZzCCAk+gAwIBAgIBFjANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255 +dG93biBSU0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw +MDBaGA80MDk2MDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztoC+XuDSsrNRfdjUqAE +TXpPRwflWSRGnrTwqbVn33rJvi3NfQvPsy2w+6gek8u7YOT7l/hv03olZMGKkONa +22xd9qMhYocTTMo/p4e38XBtvnt9gBp7pR64qmkR29AcsK7+3t45shrOI6bkmP88 +PhTgODzcnjvdn0q5UCcWQphhYP+0LhJEeu7/9ClRiQWV1YZayVOU4ktTf9TjFM2x +iyBMNXRUACbXrjAypHpL+Z3BnmcsQD8xNZawYN9vBfEHzN0OorcxJiCvuEogWoGV +LU7p+U1jhXqpdky90axIxq7n1X+W+hSduTigywasLZ9Yo+GyBUY2paWx9kBG0IdG +QQIDAQABo4GeMIGbMB8GA1UdIwQYMBaAFDemuXxiNwiygzt2hCqqb7u5meSaMFMG +A1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29tghVzZWNvbmQudGVzdHNlcnZlci5jb22C +CWxvY2FsaG9zdIcExjNkAYcQIAENuAAAAAAAAAAAAAAAATAOBgNVHQ8BAf8EBAMC +BsAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAGDARaF+ +XQYjRSvtjIHty+xbCF7mAUaZ55D6/qvUp7WNiPx4vgFJPFLqCZbWBsajQSl9NgRh +syLIjI9MUWEhzaTVRzGqmtK1vcNYTwMrGoMVnjwI1P3pryjoKRGFa96JT47NZ46l +3oOsnNr7FaC3ZV8aEi6eeQKNG1By8XeeRU56fpwdCbf2et1YrI8zTcgtRT3ZxXYq +Z7P0TQBC/CbBVs0y4DO+zOr3Jm2j3OVxEzFV2mJSXKrnn1BbEiZVQxP5TMmLnOTh +suEnTJfd/cXOysY2MtCijFETYz3Jx9A0qyyPzbRe5f/qmzTkrGQyrBmmXdSdbfwA +OC4X8+/yIhMzwH0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAsMSow -KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDC9IRIszo5zkkxlz+pkU8otrZ2Jwlf -BQ4j5heoPkpmvFss2fDElZZCVhZt54ehk2+oRuZhfgldfmuT0KCQEMnx8iN7K+pk -2LgaAVGzT4X/NBv+qamgkzRu9UvrS5NrlWutHsPPRt2TldVVJ1UEiLuWrrFMQwi+ -JATjgBHz6PhhD+UnPszZM/SJaBmtMXT99rO/sS6aaQhkZJCSDVVOnnecXafshkEF -tlMkKDRTTxxTOiTGu2NSH5MMzB3F952AiG8ZDONRSyBtxh/kpRV6+idO/4ufIQ3w -ZUPjLlRZIF9cDIGJXRU+cjYvMSV6yPzM2rP+67dPS9N7gQS1AFiMOlLQRbp3Sz9e -R6eetX/ggaHPcIzNv+pLp0L4+8PINZWhcJnZUlgkNR9Gg25mdPC6BLpWH20NH37V -VfSs40ytxHyw5QRokwwjcGUmlzXSJf0R+eUhXkJAmR+bgKbQKRbCW6M+byNdphfu -c3R2irNvRbYkwTOP3FvFkcC+cYyMIHyKihMCAwEAAaN/MH0wHQYDVR0OBBYEFJCh -13RFfpFyZ5LRR+A6ndRRvvGaMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBRCEI9X -B595ntLEaruio2xG9pG/KzANBgkqhkiG9w0BAQsFAAOCAgEAxyqRDyGCkF07q/2P -44Mkwg+olQdT7moiO7V7MauwLZmCNqkr4hQcAk1NKi1QdYw/xCgd/x7PQ/INVMYN -oAG/xxr4nh0whygSsPGk9LkzoeG4dfeVv7tbsYw+4o7wU9kgCM1v0c2vMskyHh3F -vdMJV+5hWZqHZLUOZY1l9ziJysz/aSD4WpMtXdwT5fFgbJ8zggcMADkIESSBPrK5 -ykjFqFnoryK938IUw8fHEdU5ZdjM+1li4Q6P3YT6ovY9aA9gXbD/xb4mUb5kG+ug -tmGV+MDvi6Qgyt1O9ZgaW0tLdbjdxzTjEgU0KwUDpK6AZ9ebcyL5PGj3JA15ZPvS -36AHH/3N+u3w1Poyxb8NxyOgNY7AX3hRQax9G1/43F3VZ1C991xVrwWL++mRD+Ai -5FhMKjZ258+8DKgYaT2JIExwNWA5taafmR2CKpxgVWSFLha/WogJH3kyyTJHXLjU -Bm5qvwqWAvS3Px+WkSbtqFKRDCs+oaj2wGGuwxqEEEriMJ26AC3Si2n9k0a17TOj -lezKgblBHlpokEgcqOkRDB8k1g/Hkx7eRX4RlBRJ4PVRFT6qSTyy3dESsWhb7Sz2 -+uB8SQIYH+5QXwD3MpNrg2BILQYtcciPiGmLNyQB3ZvJUKcj0n63CjxAfcSnbkUF -AnF6iUVbZu9AMRaBDiRdNLGnBms= +MIIDUTCCAjmgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDIwNDggbGV2ZWwgMiBpbnRlcm1l +ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5V3i+L4xmeCdv +LprK/Z7KT7Sn49qYIkd9nkb1xcoQzbZKlZ6BtGa7O3on0uodRYbFpb9VMXvvAR6z +CUDKriMvkS8jfv2TiEzbrbGYVgRiEpyt7obzve0EvaFD4VNp8DYwBUzOWY4L3Ffv +HkRMvjh8DXe62WD7v7RImkV9qYuDR3lZPz/TmVKa4QF+3VNQjXR6sVaLTKxjbLtx +I7icudw6jgA/8oQEY3fnGJGVABLQz7MIko7xHAjaT2M0vRCWuls3I4ehueAWr5Nf +6CGCRGAmZls9/rE06tl2nIbDfYYrBFg9OKgvqY7q/Zuj01fSTxWhb9KsYdLZcGk6 +W7WNJuZ1AgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUl +CAwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAdBgNVHQ4EFgQUN6a5fGI3CLKDO3aEKqpvu7mZ5JowDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAVYrrSfQRhrf3wIKaprhgmvb/lCHVs48I2n5A +UJLtkJCDkCuNQkH4uHHsGOyA1EixHNJoCfL2IIT2rrpxmcZ+wDjhyLxrUiDQhQQu ++J2yvdgZbs4hhXT+/px29MoyQwLEgN4tdk7F24nIJzLHZuD6ou6TKKS9Hy7kkDBQ +JcZj3GVqwt5HMTyXaFyvsTnGSmRdVadxnSr4tM8Ywp4C+0qif7t6pHbB9nzxsL+q +4N08TC5oFBuJs/PUmmZ1hXNrILluqZtyo9ZlDWeVeG56TRdPrDHP5Cnb68UViUt5 +AuH2VAkceGSYNsMiIBX77+w+TvAt50FGK+1MM2mJy+A2PUvxmg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUZBEaAuV4ORnPH4GxeJGyEiqXUN8wDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMTIyMTE3MjMxNFoX -DTMzMTIxODE3MjMxNFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzvK/b5WhfthXBMVIHboJJuR9XuG9 -+ioSrlzwT9DW7QV31UpgBUZyf1nvT7CmDplNiWZtpqSdJ9pjskBIj5dv4m5cX8A9 -fK1IATdkd6j5/c2ZFkqi5k9iPeJa5rZY6SoGKgvBEr/Y5oiO8HZJZOFetafSr6zV -WRAsKlagrmiNS0oiWC0P0yPVWZyhlHHbtYrHtF/CuWEJ9HqzUk9KeTPwgjfphlYJ -YM0bCZzqN8TEbWPksU1WnmU15YbTgjwI0bNjUXA7W9LmMvbW7EXFJ2+LI+oiF3mk -TQEXqhfdTL9NtqAikD+cfAM1y5e5QSpi8dQuexBteFtXphRZzFk8M9DVKHyngKTH -/QZo6B4Gj9VPrNRPlbPkpbnu8JWD7hO/22VLU4YhghsdwQ/833pfokdV89NMoLo4 -JOUzbTTGtjH0bq6LWTMtLifuQ4H0D1WLtdy/EGgKptnTaeYaXNYT7+v+NNcBHaW8 -W3Orbx0s9IXgQnZTk1u03RbRdIxNxqm+HYEM8gT6S9IUymNZkzDCfZC0bC/saevd -zVE2xpZmuLOfhDl+EcalDYNPrM72+NzkAwRPFGec+bcUEhBxhvxpav+SxDiRC1gD -43qFU7hVfuqVH/EFp0lR3I3Xo8TZ5OIgEyJ5vQH5Ne1+C+sqdCqdGoqf1TZuIE80 -ZwKYcMnRwDXpiGsCAwEAAaNTMFEwHQYDVR0OBBYEFEIQj1cHn3me0sRqu6KjbEb2 -kb8rMB8GA1UdIwQYMBaAFEIQj1cHn3me0sRqu6KjbEb2kb8rMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEKDnm8x+NOaWNrPNH5kIlGD0tGdDJvw -/KvBZmkMcgFkb4zhbbeUmlu0j5CX4+6Lck0uw62zRgP4Nw3x36W3DL7pmoV4MYHC -djNG1ruNoojvgZyyGgMaSabto0nSHSE9opAorrSXB9RoOv2WcBuQSBNl72eaCQ1F -4kAYjKN6ZwPxEdTsdEmqWyUyEPy6E5kNoM0jW1uI2ZBxzbIOYeePvQ3muUSIMtmC -jShiEOOpmYpzENsAMouY3ZN+CWVS5kB5umnYSviQlAVEKSjC764FD9vMLL+rNhfP -fz+y6EhKcnnYy7mdXIRY73uh5eMyCLUO0yr2Y2ophhD8D79f2w7KtYjaSKfAch0L -lETe9Ch+fGDxUCph3J1IuR/3n01ZjB47WXu/yDZ6s7SHGXIgPaptzP+nZkDnmlZX -bvjB5s6r4U2spuqeLxrwd/1Jin7It+LOYLVmkihpbta9+/KKiXOuSYN1rSiQ2XKp -n1ZN0XxhcZzsALklBIU+Lm11b8gPVS7rXqll/sDmaAH9Iw+AXwUYjCb62Gy58yzu -uk3Q+msRr3oVI9bBhmEXmZxyENYJrw305qOlI3+tHBoJLUSP6zQ214aEu4trJr5K -kmbF7DZRG9MSBXeRk7e5ojK13xI1/XCjgIOTkGxF4rEFbVwhc0B8zS/2x3zw0fkE -M4J0J+gz0QYr +MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDIwNDggQ0EwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDTXuIjkCRylAcmwd5V8WdRM5d3nbsoyugrc1xl +JxTavaWtrf/L5UdI1O4UViV8Ml2EZyQmZI2FCWic98Nuv+yBLoWaSF13NEK9X4gg +L49UqwfncSHxlUQX29zn5Sg2jc8Og0EBUoGeVWzp0oxwRkuqBg3PWfa3TLsnVp/9 +bxh1Gnek/pQ3p3klDRnFMGs/e5VbYqOsPG/r7ieMOJokcBdwZJMoA3jyl6yQyNLn +CTVIBPiJDy59Pfi31PWlYqXHVzmWDMVxHpdBA16TxYzZ5p77jUIabd6MKRQfEnXo +PzhANizZld9Iuq1OZOTdYT9KhrbPaQ3ekjw6TXpkO7CuI2ZnAgMBAAGjgYMwgYAw +HwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUlCAwwDgYDVR0PAQH/BAQDAgH+ +MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUQYavl+JC +AKDn+YLXo5BOgVUlCAwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAkaNfCjipp8Ki9cy4IJfpCD2RKUEC8nbVYENrSm0EAUGr8XFrKRJOIQ3pHEyl +D6EZ3UxQBMhXe/QgoFU6tJ9MjhxO267CwjEowFyBE8cxvp74mzBC807GXKVAAVXb +gRXuKzVmSnF6GM9hIKvMguxE4Yao65jxme85/kH9phd/VZxG/tofrK0Hemrsj+MJ +Fzdbz12BLTmQof+1B/hfC6Rrnk+ljYarswoomcz13MsaO4hzFvXGL8Q92/4O2jKn +l4ijtJ5SyjpVWT9f6F3BQ2oTigL3+eLdjsBxodl0/YrXyr4WyqwjKvDyiPqGdGuF +32//5q0MnVJ2QAa0gJdSISLnpQ== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/client.key b/test-ca/rsa-2048/client.key index 0d39ec30ab..f05e46a46c 100644 --- a/test-ca/rsa-2048/client.key +++ b/test-ca/rsa-2048/client.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCMqI+fAK0LY6BK -tYZPrp4Exdx0aqMhnhT+mLst5lB3adHe1jRL+9jeUqhsNrRehdWvFk+JWqDk5JiC -FpvhAsv1udf2Vwn3yeEE6AnQgtgTtjRhb+aLpXpAQ7dwb3T1jxWaxLrAp60DZmHZ -+jlrMJHJ1s7vM5vspaQtFCx5gL/QUJ+VPTiF4qnoTnLNBtu/XeniPen8ZOAReF3G -Vw8seoaQFGRR40R743a/73KHXHFv0vyA5Uzhszn/qsWxqoQjuD39IudWLfz+W9kh -iTaw0u/v6nvCvHJZwA7Cf/7L+b8UN2MhA6k2y74SmazeapPjUAWldt3V28rFmaci -nnHDirMJAgMBAAECggEAHGJTgSmYweibyxewf9nj52CqKQ/v1XPaFrppY0zLxh0j -jc06Bm9PByY0+IldgomNYmSlLjmMqEP9BptbX1+6Gt8i1oIf79HcR6oveNU+l1O4 -ZEU5h8qfzeIcXWMQfhEesfmrGf98KWh6rIsTFS9a7Bkd7yVB/NI8PCCLDQXPL1EZ -HCrfZjtUhiT/FSYjNU4eC4mEuDMRHEDxIViYd6JiejLbvgw8zcDOtItRRz4Zkq6w -ixplEF9drNrIK2wDg/IgAlTdN7fKyf/IrdJQVvCt0ewWYwh1RKEhCNGP4T/8PdKp -j4Z+qqK4h2KV+CUZhvDYh19Ik53r/HGEMk2MBNJFpQKBgQC/hGV+0mfm/WfeF6mU -hyzOHaUOr+A6aiBc4e8p7YgEFl9iMyvYcyWFu4LhL13KxHrNpT+gCbgY8K5W9Tan -zvR5aj/mkEaHTpzo4rzOL04p61YKOWXf7Etj9ULVnzxcQeiGhXmFrlkeXGtUgX7W -alocH/4CpfFl+WJjlms+T32Z0wKBgQC8BHRQlswa++fapLtxxw/EuZdcdMQdFPaI -O5O0YjgYz+YFpRNkLN7DNg5DNPhYGjLRsge8ZF75GdE6BbdhTAqiv24m4FOeTVd6 -48fbLGx3JQs2ugtJI6OEsDECo1gtOZS77cmggEV/tkaN5BxaRALfWsYI301gDFFE -hN5aEF/6MwKBgQCRhsI03x7SuAWgDmzujtSt/nq4sU36NUBIM+ou+u5a5MEv9mA/ -xidh+j0WbY6gkDIcZ4/0RM5eLSzcqNISK0E7rU/HHCRrloHGuNvs9Kc5VTj45eqS -f5Q97VUOzEPqeq584ZmYygWv+1wXR5sgxImaS3kRfBT1fs2TjO4K2A5BvwKBgQCA -rjPFbE/pL/txY0l/B5S9OaBkgO4wUUah2tSuooJuSOvPdTmeWC9mP7rnOHu4IMYj -SsuMns15g7f1FDB8AQVOeeIz7ViNgbWbwAXq9a6OpOXV4OMUfbXOfKAuhAk3eq9X -J9nVZbUrQV9sgXD+PooQwBnFvL9CO2vrj1x3G7n0jQKBgClGEuZrhBPrIWphUdB3 -lyczpS6NjrQeLjAVt29BU6/F06WsUiK+iakU3ifX6ZIwWjYwWCvu375SkjeRjEpm -/mKN226RHhuvXKRA4AK0Uqrb6XofyV2p0JgdqEnc8L4PeQZL3+c+mfOI355PIy2f -ddTbABcoaSbKNAUFMP6lb4gB +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDO2gL5e4NKys1F +92NSoARNek9HB+VZJEaetPCptWffesm+Lc19C8+zLbD7qB6Ty7tg5PuX+G/TeiVk +wYqQ41rbbF32oyFihxNMyj+nh7fxcG2+e32AGnulHriqaRHb0Bywrv7e3jmyGs4j +puSY/zw+FOA4PNyeO92fSrlQJxZCmGFg/7QuEkR67v/0KVGJBZXVhlrJU5TiS1N/ +1OMUzbGLIEw1dFQAJteuMDKkekv5ncGeZyxAPzE1lrBg328F8QfM3Q6itzEmIK+4 +SiBagZUtTun5TWOFeql2TL3RrEjGrufVf5b6FJ25OKDLBqwtn1ij4bIFRjalpbH2 +QEbQh0ZBAgMBAAECggEAAqVByVtvu3+2YkMiqmBs66mBPPAkOhiTXWVkqFP/UAm1 +zbSP4q35biILB93vpa3i769gCyKYmgqfcq9hwH6C54hmV4CgvT4LZHWX/LJY+znY +EnoJee9kxlDrNVU+jupVipozXOn4UI+ElErGtND7XhMl5rw7CVxMRmS2E+kLEScU +OP5al49//mRYIhOrHYN3XETvN2HueFKvoa7auWr+YQ/yDTehPiZE0kWxSBLhczEf +qMKSNPYpHaO0CTxy6mA3pShJV4kpOiUBEj5D5RYBzFeXiZ5ZRS72NquC5rWNMmM1 +ttl8yUBaU55WzFe7D3kMiAunXsuw/HzNeDEU8WxPkQKBgQD/sUiLi4Tq9PmdtX5S +rPbkwYCJFx9PahrvsHD1wPnHFlCqPPJMTuh4kBfWiovPpo5IqLnareKs2l/F4tc2 +LSdRsT1bVwLLf+SVyJg4cELDmoYDGAPT5dRA/YCLNRvtthfH8iXEMH0iPsQgv34U +2s+tiameEuHjdz0eDLydvMmdMQKBgQDPGbE3Dddg7K/MIqsDYqWR6R3RclN4Jh3j +Os6uTvhNxwD2KPAlgAd2Qn5HD3qIcVnZi9+vXThvRFgYknY0IM6+kHfcvAqZIkxz +p40Pfk8eIJwoAQdRkz9vtFfjDvVdPY3MFtQ8lL/oXqFYm/0jhp98pksdt3cKkfHb +yINfAtO2EQKBgEFBp7gllXi5qPM9HM5Q4nojgIB8bDtCYzmFGG9AHv9WjKPGBji/ +cslCTTMuDNykL3APz88lzdI7sXG5oR9sirpot7YWENqK+3XWyjKtQ/zT9RvZBzEP +WQp1KFde6I/Uh2E6RbU6gtU4m6mX9b+w0IwDtExpmUkKZ4jBy2megv4hAoGAfKOH +xgxsfQa1XnPW3Di4ULItoeneVkcKYcD4tmsMgTKtX3iP3uHIm+G0weuM4STm4EiQ +HKhL2JsXMeKjhQfhpUqo+I2rCzJbNJe4C4UG9KjHkkPcNboayY2N/zb3cGAlQJjU +rokPXjflfsCSfpj8zzX9qyrJV/Ex0AZDGiFHbSECgYEA+GQaLOLlrP2qPbw2yf6a +r3B9Z3ktzDdZC/mGN/TTGeFlwk3PjCVschg7yCQDJJAmhb1y30U0nPD1zW35YiIU +5xq2vW0gsVZpehf4wCrokEsOGQHTD0QGjHSoY8wjK/5M8mYzzjpX+Qm3p9qy6/r4 +29yJBRgeCGTvO96fy/FHEWw= -----END PRIVATE KEY----- diff --git a/test-ca/rsa-2048/client.revoked.crl.pem b/test-ca/rsa-2048/client.revoked.crl.pem index 9c562492ee..67970052cc 100644 --- a/test-ca/rsa-2048/client.revoked.crl.pem +++ b/test-ca/rsa-2048/client.revoked.crl.pem @@ -1,15 +1,12 @@ -----BEGIN X509 CRL----- -MIICTDCBtQIBATANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDDCFwb255dG93biBS -U0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUXDTIzMTIyMTE3MjMxNVoXDTIzMTIyODE3 -MjMxNVowIzAhAgIDFRcNMjMxMjIxMTcyMzE1WjAMMAoGA1UdFQQDCgEBoDAwLjAf -BgNVHSMEGDAWgBSQodd0RX6RcmeS0UfgOp3UUb7xmjALBgNVHRQEBAICEAEwDQYJ -KoZIhvcNAQELBQADggGBALuvdewpSLDw5DAeyLiHWT4mhw2jM5Zgtjdhw/DPYR1U -j5NSNJT+jmeMep38GAaQ+OC+/X/2Afy/Y4ZyuDMOPdvKMtqWqhoWHcVdjkn2XNlG -0ujZxhAD8Hc31P2Pm4fjCqCkf1W/BM1brdz+Asw9qxttFYiZGc7gtUUE0eYvOp13 -NoREbDn+sR7RZHM9mF13KRGvQJaEvAHc6H/mExUBQf6o1/UmBpLOGEyjUf/Gx4x8 -QV8tcaTegTn0w+GHXdoC+EUlZeaPtRCyIneprAM4QCWaSVfasVpVs92yMroc0he+ -qt8TzycGdAjVX8rIYfc56S9ushHQMoF+atJNGLhr+HhZuPy3eOheuRHL81B4bIfn -Ka/lFfQ60ZNlRtWDQ6HIARyz7iwfHW+/oXvrO0b2BQttmGNfdm9xFKCUA3alvxoh -5iFNh53sU5tdDhVtVXbeXFDEoO2Ge3cA9rgZ5/kH95K306nOBctMZPXzRyd33J7W -Z0tvJiRES6j3VmceyX+pEA== +MIIB0DCBuQIBATANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNDA3MTgyNDQzWhcNMjQw +NDEyMTgyNDQzWjAiMCACARYXDTI0MDQwNzE4MjQ0M1owDDAKBgNVHRUEAwoBAaAw +MC4wHwYDVR0jBBgwFoAUN6a5fGI3CLKDO3aEKqpvu7mZ5JowCwYDVR0UBAQCAgTS +MA0GCSqGSIb3DQEBCwUAA4IBAQAybxs1pEwfj8ANKO9myUa/cq+fXXPRfkFccyp9 +jlEXIi/ic9f3yf1E6XNAU9rc7LJmVFiMQx0gT1Xc5JyFluvf5/WG44kBKP1A0Cib +uBxgWT4QvBANVNuk97TA9gfxai9VkMek2aBlxLw5t5lJZ/vIY/bXpJtgb6es6TvV +BPbPUQ4k9cqAXXV2Z/W4ykc0DrhODuDi247uJRWjl+sLtFyRZBDV2BtpkcY2EdYa +Sf6sUSEvwjV/xX8ehRkH7nQR4Tx7BYfQBkmhlqu1k33yjGHBLxcrfjziNzC60v6t +YuBxhKQnf85V5aZbEX3AEXHuRoow1GSYGAXa/xt0VpnIW0SI -----END X509 CRL----- diff --git a/test-ca/rsa-2048/end.cert b/test-ca/rsa-2048/end.cert index fc36be9f36..e613ef1de5 100644 --- a/test-ca/rsa-2048/end.cert +++ b/test-ca/rsa-2048/end.cert @@ -1,24 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIEGDCCAoCgAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u -eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTIyMTE3MjMxNVoX -DTI5MDYxMjE3MjMxNVowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDI1plwQmA+rr6Evlvn2hzIB/zYKlx -Tm14SPzomxpaf3OpzXzHuOn34yVvU1vTDijUl/YJbcnx052m0075SYeuW08VQB/p -zjhLrFp1ULSD272IddbB88T8Jq/VZ5dAxBB1q6Tm0vGBYQ8eIcmJv+fJQTbTXHKQ -KPHQRmVyqXVkwvwcgEJi9gpOcEEpJ6SDGdyGh1ck3wGnhrSpmsu+hwUVi7las+Ka -QUlvkmD+UGQKo8Ta91Xu8ja25QLTpjVcYxbi719rtA6I9DpX4+3aeIy/0s1xk0Xi -yMXIjSl3dn47gp3IZFRCECuoTdOwOZ9+y9ENnpHvZ84jCBXddU09qheJAgMBAAGj -gdYwgdMwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFAUefby7 -fPnK64BnGdIizLlWDkbPMEIGA1UdIwQ7MDmAFJCh13RFfpFyZ5LRR+A6ndRRvvGa -oR6kHDAaMRgwFgYDVQQDDA9wb255dG93biBSU0EgQ0GCAXswUwYDVR0RBEwwSoIO -dGVzdHNlcnZlci5jb22HBMYzZAGCFXNlY29uZC50ZXN0c2VydmVyLmNvbYcQIAEN -uAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBgQC2gxGT -c3aayDPR5/ICnuK8aVSsM67xRsGsWvzBxdyyXaB+qSGxa+sCkw8guuAp2W7MrrO/ -zu7yhXDI2nyav6ZP6NvLABFYZ6pXokV/Hj4rQpCDVxvvDVh/E/rW/wx6z580zfdo -auHqUCD9QfR97nENwtGv7ESLN6qFeU0CsJd2GE3y3pnadlpCW3AYHeLX4crm7poj -SfG1F4ipqM1i0knQN86KBzG5PO49azGJGmcsu5lPFQgTRvvR7W+Niq/kIQPu00AW -so8aSB1gp2lypUGHqwsrd51yrQ374jKvXSDt1ptc0xDI9004TuYre9XQsyjxq4Qn -VjmpnKLCbumkrlELf93oomWxT5g6Nb/vu1TUgsrdWgDAW0AZ+rfcWorrZAjbvYw9 -4MJ1PdAmeg+sk51xoh2KF7syHPaMcNCaoSBtXrB5LqrAxixdmB6ORM/KlQU7h9A7 -X+WysEwMowV2MsGr8VsHxYTOpoiE8nUPfnRmbrGPpUU24bzvqTxtxxqQU14= +MIIDUTCCAjmgAwIBAgIBDzANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255 +dG93biBSU0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw +MDBaGA80MDk2MDEwMTAwMDAwMFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20w +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxZ9dwzo7jhKvj/kMZBmGj +tgcTaXq+GwIs9dB5RnXs7RH8rdic0vrqwmk1jJPhz9gfuXd3rnbV5lnB7NAmTIkr +lJXnI+cDlXMzdlruCJowWMyWdg8nDFgmQr3XelgNHz+WH+qFzJQ4PpBoa4YCnXr+ +UWhk5ZwU8nj/5Yc0H/AsK2ubCbyP+GsdkHkfwm/CCE3Dvq7/l8K2KczqN5qxmKXR +M6q3Yy6xgUd54+gFNsef95qzuYdX1/tnnTFOWoHEVz94q2P830CZVOSZP4ytdvOb +wrip10rxif4CpAZ0BwmjVGHYflUqckX74Af6vTBZhjRpteQZXvL4zixYAshyT/RD +AgMBAAGjgYkwgYYwHwYDVR0jBBgwFoAUN6a5fGI3CLKDO3aEKqpvu7mZ5JowUwYD +VR0RBEwwSoIOdGVzdHNlcnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJ +bG9jYWxob3N0hwTGM2QBhxAgAQ24AAAAAAAAAAAAAAABMA4GA1UdDwEB/wQEAwIG +wDANBgkqhkiG9w0BAQsFAAOCAQEAiAWrwKoKyhA9DxzcJTf10LACqNfzi3aux9XU +eJ8EXSCRpvb567iEZlxOlZiap8M1k0G1F9rYfGPxgVD5H/YqZk/TsMFu1F9XnHWv +TtoTdQMH4zLa4m/DWoMGxYGgr4dTkcegSsmTcCG33J8OlOMYp6Q9dMvMM47YR89E +2ZwEo97LtKijZ6JM64hYS2p5LVl0FVIq7KV6Fm19u85xuB5IxyLrDqoGGWMg8uRU +RZCo3A3xP09sDZp8oHeWCV0ARol/5aqjehiLWS3SL2epVMvGtLArnH61aF5T60i6 +1coszJUnVu53a1jaYYRYLBJF+Ku1VQzSw0w+3G1SOW1/nioijQ== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/end.chain b/test-ca/rsa-2048/end.chain index 90a68d670b..eaef9f0baa 100644 --- a/test-ca/rsa-2048/end.chain +++ b/test-ca/rsa-2048/end.chain @@ -1,58 +1,40 @@ -----BEGIN CERTIFICATE----- -MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAsMSow -KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDC9IRIszo5zkkxlz+pkU8otrZ2Jwlf -BQ4j5heoPkpmvFss2fDElZZCVhZt54ehk2+oRuZhfgldfmuT0KCQEMnx8iN7K+pk -2LgaAVGzT4X/NBv+qamgkzRu9UvrS5NrlWutHsPPRt2TldVVJ1UEiLuWrrFMQwi+ -JATjgBHz6PhhD+UnPszZM/SJaBmtMXT99rO/sS6aaQhkZJCSDVVOnnecXafshkEF -tlMkKDRTTxxTOiTGu2NSH5MMzB3F952AiG8ZDONRSyBtxh/kpRV6+idO/4ufIQ3w -ZUPjLlRZIF9cDIGJXRU+cjYvMSV6yPzM2rP+67dPS9N7gQS1AFiMOlLQRbp3Sz9e -R6eetX/ggaHPcIzNv+pLp0L4+8PINZWhcJnZUlgkNR9Gg25mdPC6BLpWH20NH37V -VfSs40ytxHyw5QRokwwjcGUmlzXSJf0R+eUhXkJAmR+bgKbQKRbCW6M+byNdphfu -c3R2irNvRbYkwTOP3FvFkcC+cYyMIHyKihMCAwEAAaN/MH0wHQYDVR0OBBYEFJCh -13RFfpFyZ5LRR+A6ndRRvvGaMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBRCEI9X -B595ntLEaruio2xG9pG/KzANBgkqhkiG9w0BAQsFAAOCAgEAxyqRDyGCkF07q/2P -44Mkwg+olQdT7moiO7V7MauwLZmCNqkr4hQcAk1NKi1QdYw/xCgd/x7PQ/INVMYN -oAG/xxr4nh0whygSsPGk9LkzoeG4dfeVv7tbsYw+4o7wU9kgCM1v0c2vMskyHh3F -vdMJV+5hWZqHZLUOZY1l9ziJysz/aSD4WpMtXdwT5fFgbJ8zggcMADkIESSBPrK5 -ykjFqFnoryK938IUw8fHEdU5ZdjM+1li4Q6P3YT6ovY9aA9gXbD/xb4mUb5kG+ug -tmGV+MDvi6Qgyt1O9ZgaW0tLdbjdxzTjEgU0KwUDpK6AZ9ebcyL5PGj3JA15ZPvS -36AHH/3N+u3w1Poyxb8NxyOgNY7AX3hRQax9G1/43F3VZ1C991xVrwWL++mRD+Ai -5FhMKjZ258+8DKgYaT2JIExwNWA5taafmR2CKpxgVWSFLha/WogJH3kyyTJHXLjU -Bm5qvwqWAvS3Px+WkSbtqFKRDCs+oaj2wGGuwxqEEEriMJ26AC3Si2n9k0a17TOj -lezKgblBHlpokEgcqOkRDB8k1g/Hkx7eRX4RlBRJ4PVRFT6qSTyy3dESsWhb7Sz2 -+uB8SQIYH+5QXwD3MpNrg2BILQYtcciPiGmLNyQB3ZvJUKcj0n63CjxAfcSnbkUF -AnF6iUVbZu9AMRaBDiRdNLGnBms= +MIIDUTCCAjmgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDIwNDggbGV2ZWwgMiBpbnRlcm1l +ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5V3i+L4xmeCdv +LprK/Z7KT7Sn49qYIkd9nkb1xcoQzbZKlZ6BtGa7O3on0uodRYbFpb9VMXvvAR6z +CUDKriMvkS8jfv2TiEzbrbGYVgRiEpyt7obzve0EvaFD4VNp8DYwBUzOWY4L3Ffv +HkRMvjh8DXe62WD7v7RImkV9qYuDR3lZPz/TmVKa4QF+3VNQjXR6sVaLTKxjbLtx +I7icudw6jgA/8oQEY3fnGJGVABLQz7MIko7xHAjaT2M0vRCWuls3I4ehueAWr5Nf +6CGCRGAmZls9/rE06tl2nIbDfYYrBFg9OKgvqY7q/Zuj01fSTxWhb9KsYdLZcGk6 +W7WNJuZ1AgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUl +CAwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAdBgNVHQ4EFgQUN6a5fGI3CLKDO3aEKqpvu7mZ5JowDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAVYrrSfQRhrf3wIKaprhgmvb/lCHVs48I2n5A +UJLtkJCDkCuNQkH4uHHsGOyA1EixHNJoCfL2IIT2rrpxmcZ+wDjhyLxrUiDQhQQu ++J2yvdgZbs4hhXT+/px29MoyQwLEgN4tdk7F24nIJzLHZuD6ou6TKKS9Hy7kkDBQ +JcZj3GVqwt5HMTyXaFyvsTnGSmRdVadxnSr4tM8Ywp4C+0qif7t6pHbB9nzxsL+q +4N08TC5oFBuJs/PUmmZ1hXNrILluqZtyo9ZlDWeVeG56TRdPrDHP5Cnb68UViUt5 +AuH2VAkceGSYNsMiIBX77+w+TvAt50FGK+1MM2mJy+A2PUvxmg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUZBEaAuV4ORnPH4GxeJGyEiqXUN8wDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMTIyMTE3MjMxNFoX -DTMzMTIxODE3MjMxNFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzvK/b5WhfthXBMVIHboJJuR9XuG9 -+ioSrlzwT9DW7QV31UpgBUZyf1nvT7CmDplNiWZtpqSdJ9pjskBIj5dv4m5cX8A9 -fK1IATdkd6j5/c2ZFkqi5k9iPeJa5rZY6SoGKgvBEr/Y5oiO8HZJZOFetafSr6zV -WRAsKlagrmiNS0oiWC0P0yPVWZyhlHHbtYrHtF/CuWEJ9HqzUk9KeTPwgjfphlYJ -YM0bCZzqN8TEbWPksU1WnmU15YbTgjwI0bNjUXA7W9LmMvbW7EXFJ2+LI+oiF3mk -TQEXqhfdTL9NtqAikD+cfAM1y5e5QSpi8dQuexBteFtXphRZzFk8M9DVKHyngKTH -/QZo6B4Gj9VPrNRPlbPkpbnu8JWD7hO/22VLU4YhghsdwQ/833pfokdV89NMoLo4 -JOUzbTTGtjH0bq6LWTMtLifuQ4H0D1WLtdy/EGgKptnTaeYaXNYT7+v+NNcBHaW8 -W3Orbx0s9IXgQnZTk1u03RbRdIxNxqm+HYEM8gT6S9IUymNZkzDCfZC0bC/saevd -zVE2xpZmuLOfhDl+EcalDYNPrM72+NzkAwRPFGec+bcUEhBxhvxpav+SxDiRC1gD -43qFU7hVfuqVH/EFp0lR3I3Xo8TZ5OIgEyJ5vQH5Ne1+C+sqdCqdGoqf1TZuIE80 -ZwKYcMnRwDXpiGsCAwEAAaNTMFEwHQYDVR0OBBYEFEIQj1cHn3me0sRqu6KjbEb2 -kb8rMB8GA1UdIwQYMBaAFEIQj1cHn3me0sRqu6KjbEb2kb8rMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEKDnm8x+NOaWNrPNH5kIlGD0tGdDJvw -/KvBZmkMcgFkb4zhbbeUmlu0j5CX4+6Lck0uw62zRgP4Nw3x36W3DL7pmoV4MYHC -djNG1ruNoojvgZyyGgMaSabto0nSHSE9opAorrSXB9RoOv2WcBuQSBNl72eaCQ1F -4kAYjKN6ZwPxEdTsdEmqWyUyEPy6E5kNoM0jW1uI2ZBxzbIOYeePvQ3muUSIMtmC -jShiEOOpmYpzENsAMouY3ZN+CWVS5kB5umnYSviQlAVEKSjC764FD9vMLL+rNhfP -fz+y6EhKcnnYy7mdXIRY73uh5eMyCLUO0yr2Y2ophhD8D79f2w7KtYjaSKfAch0L -lETe9Ch+fGDxUCph3J1IuR/3n01ZjB47WXu/yDZ6s7SHGXIgPaptzP+nZkDnmlZX -bvjB5s6r4U2spuqeLxrwd/1Jin7It+LOYLVmkihpbta9+/KKiXOuSYN1rSiQ2XKp -n1ZN0XxhcZzsALklBIU+Lm11b8gPVS7rXqll/sDmaAH9Iw+AXwUYjCb62Gy58yzu -uk3Q+msRr3oVI9bBhmEXmZxyENYJrw305qOlI3+tHBoJLUSP6zQ214aEu4trJr5K -kmbF7DZRG9MSBXeRk7e5ojK13xI1/XCjgIOTkGxF4rEFbVwhc0B8zS/2x3zw0fkE -M4J0J+gz0QYr +MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDIwNDggQ0EwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDTXuIjkCRylAcmwd5V8WdRM5d3nbsoyugrc1xl +JxTavaWtrf/L5UdI1O4UViV8Ml2EZyQmZI2FCWic98Nuv+yBLoWaSF13NEK9X4gg +L49UqwfncSHxlUQX29zn5Sg2jc8Og0EBUoGeVWzp0oxwRkuqBg3PWfa3TLsnVp/9 +bxh1Gnek/pQ3p3klDRnFMGs/e5VbYqOsPG/r7ieMOJokcBdwZJMoA3jyl6yQyNLn +CTVIBPiJDy59Pfi31PWlYqXHVzmWDMVxHpdBA16TxYzZ5p77jUIabd6MKRQfEnXo +PzhANizZld9Iuq1OZOTdYT9KhrbPaQ3ekjw6TXpkO7CuI2ZnAgMBAAGjgYMwgYAw +HwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUlCAwwDgYDVR0PAQH/BAQDAgH+ +MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUQYavl+JC +AKDn+YLXo5BOgVUlCAwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAkaNfCjipp8Ki9cy4IJfpCD2RKUEC8nbVYENrSm0EAUGr8XFrKRJOIQ3pHEyl +D6EZ3UxQBMhXe/QgoFU6tJ9MjhxO267CwjEowFyBE8cxvp74mzBC807GXKVAAVXb +gRXuKzVmSnF6GM9hIKvMguxE4Yao65jxme85/kH9phd/VZxG/tofrK0Hemrsj+MJ +Fzdbz12BLTmQof+1B/hfC6Rrnk+ljYarswoomcz13MsaO4hzFvXGL8Q92/4O2jKn +l4ijtJ5SyjpVWT9f6F3BQ2oTigL3+eLdjsBxodl0/YrXyr4WyqwjKvDyiPqGdGuF +32//5q0MnVJ2QAa0gJdSISLnpQ== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/end.der b/test-ca/rsa-2048/end.der new file mode 100644 index 0000000000000000000000000000000000000000..dc793eddce802170de8b9e6f8a1d4da3e0ee9d33 GIT binary patch literal 853 zcmXqLVh%KDVzOMo%*4pV#K>>J%f_kI=F#?@mywa1mBGN!P~Sk8jX9KsnMbW4Kd-VR zzdTPNDA-ZK$iT!xAt$vgHAlfnAv3QewJ0|=B{Q)k)j&a<*WA>=5D38_N`l|Sz|ss! zz(CSa+&~m!C|^lxaY=D%QCVt{UUGh}K@+1AvJ)6t8JL?G`5A!XTue=jj0_vouNR!_ zd)%`6@jqutw#3ET*o8Bz_DM78e7#WVR{G|x;GeZO=3M&q>QJU>&*X>aZ^-W~FJD)7 z^;zV>Hy6}=I<==veXjhRd1|q7S=2j@Sq2ejrj_xl^F*jQ?Y&+V!7Fb+P5xEunJE@_ z6Ed>fnC4df3(QD)I!EMF#s8=6Ch{M2w6kY(?&<%LEjyu7{!soQ4&TH3*8QJ;Xq)Dl zSLU-e&RBZUc-8h~y^W3Tm5*PrnjN42eb(lk?cvvdr_VL?i)uU)ZeOuF`OkfanITVR z+V`w2`#k&5j+NKFK6d_NTEbSs&bc@w@kU*!R*~!P2kgK08br34WNv*T8TaYOIh_cm z6Gi@CoSB#z85kEgb{aIc8OQ^JP*#~m!a%G+#C+M#nj~|MP0iM2En2Jccki6}WR^iN zNP!@WkAYVcS~xd}7N;iX=cVYO27eQ0PJVJ?PDXxlNju9i;}phr0R=|h9SjJ-Xuterc=6`v^!MrQ+;d4sY``r>Q zWoCbDbn8+6;izV|qm2vJw+Bx=zQF6`zPJdP{9=3B)knXK^XNr>x&6?b?) z+WY75&Z=2ZK8-V$!L76Y>8iz565Wxym-N$DhMYdOWrOydx~&;;!LL1bT|K39W~zGF jyYlRaTZt_ZIzp~LR&NdExpdga?oMuyWp4dEEu~%nltf!t literal 0 HcmV?d00001 diff --git a/test-ca/rsa-2048/end.fullchain b/test-ca/rsa-2048/end.fullchain index 960366aba8..0c5265097f 100644 --- a/test-ca/rsa-2048/end.fullchain +++ b/test-ca/rsa-2048/end.fullchain @@ -1,82 +1,60 @@ -----BEGIN CERTIFICATE----- -MIIEGDCCAoCgAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u -eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTIzMTIyMTE3MjMxNVoX -DTI5MDYxMjE3MjMxNVowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDI1plwQmA+rr6Evlvn2hzIB/zYKlx -Tm14SPzomxpaf3OpzXzHuOn34yVvU1vTDijUl/YJbcnx052m0075SYeuW08VQB/p -zjhLrFp1ULSD272IddbB88T8Jq/VZ5dAxBB1q6Tm0vGBYQ8eIcmJv+fJQTbTXHKQ -KPHQRmVyqXVkwvwcgEJi9gpOcEEpJ6SDGdyGh1ck3wGnhrSpmsu+hwUVi7las+Ka -QUlvkmD+UGQKo8Ta91Xu8ja25QLTpjVcYxbi719rtA6I9DpX4+3aeIy/0s1xk0Xi -yMXIjSl3dn47gp3IZFRCECuoTdOwOZ9+y9ENnpHvZ84jCBXddU09qheJAgMBAAGj -gdYwgdMwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFAUefby7 -fPnK64BnGdIizLlWDkbPMEIGA1UdIwQ7MDmAFJCh13RFfpFyZ5LRR+A6ndRRvvGa -oR6kHDAaMRgwFgYDVQQDDA9wb255dG93biBSU0EgQ0GCAXswUwYDVR0RBEwwSoIO -dGVzdHNlcnZlci5jb22HBMYzZAGCFXNlY29uZC50ZXN0c2VydmVyLmNvbYcQIAEN -uAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBgQC2gxGT -c3aayDPR5/ICnuK8aVSsM67xRsGsWvzBxdyyXaB+qSGxa+sCkw8guuAp2W7MrrO/ -zu7yhXDI2nyav6ZP6NvLABFYZ6pXokV/Hj4rQpCDVxvvDVh/E/rW/wx6z580zfdo -auHqUCD9QfR97nENwtGv7ESLN6qFeU0CsJd2GE3y3pnadlpCW3AYHeLX4crm7poj -SfG1F4ipqM1i0knQN86KBzG5PO49azGJGmcsu5lPFQgTRvvR7W+Niq/kIQPu00AW -so8aSB1gp2lypUGHqwsrd51yrQ374jKvXSDt1ptc0xDI9004TuYre9XQsyjxq4Qn -VjmpnKLCbumkrlELf93oomWxT5g6Nb/vu1TUgsrdWgDAW0AZ+rfcWorrZAjbvYw9 -4MJ1PdAmeg+sk51xoh2KF7syHPaMcNCaoSBtXrB5LqrAxixdmB6ORM/KlQU7h9A7 -X+WysEwMowV2MsGr8VsHxYTOpoiE8nUPfnRmbrGPpUU24bzvqTxtxxqQU14= +MIIDUTCCAjmgAwIBAgIBDzANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255 +dG93biBSU0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw +MDBaGA80MDk2MDEwMTAwMDAwMFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20w +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxZ9dwzo7jhKvj/kMZBmGj +tgcTaXq+GwIs9dB5RnXs7RH8rdic0vrqwmk1jJPhz9gfuXd3rnbV5lnB7NAmTIkr +lJXnI+cDlXMzdlruCJowWMyWdg8nDFgmQr3XelgNHz+WH+qFzJQ4PpBoa4YCnXr+ +UWhk5ZwU8nj/5Yc0H/AsK2ubCbyP+GsdkHkfwm/CCE3Dvq7/l8K2KczqN5qxmKXR +M6q3Yy6xgUd54+gFNsef95qzuYdX1/tnnTFOWoHEVz94q2P830CZVOSZP4ytdvOb +wrip10rxif4CpAZ0BwmjVGHYflUqckX74Af6vTBZhjRpteQZXvL4zixYAshyT/RD +AgMBAAGjgYkwgYYwHwYDVR0jBBgwFoAUN6a5fGI3CLKDO3aEKqpvu7mZ5JowUwYD +VR0RBEwwSoIOdGVzdHNlcnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJ +bG9jYWxob3N0hwTGM2QBhxAgAQ24AAAAAAAAAAAAAAABMA4GA1UdDwEB/wQEAwIG +wDANBgkqhkiG9w0BAQsFAAOCAQEAiAWrwKoKyhA9DxzcJTf10LACqNfzi3aux9XU +eJ8EXSCRpvb567iEZlxOlZiap8M1k0G1F9rYfGPxgVD5H/YqZk/TsMFu1F9XnHWv +TtoTdQMH4zLa4m/DWoMGxYGgr4dTkcegSsmTcCG33J8OlOMYp6Q9dMvMM47YR89E +2ZwEo97LtKijZ6JM64hYS2p5LVl0FVIq7KV6Fm19u85xuB5IxyLrDqoGGWMg8uRU +RZCo3A3xP09sDZp8oHeWCV0ARol/5aqjehiLWS3SL2epVMvGtLArnH61aF5T60i6 +1coszJUnVu53a1jaYYRYLBJF+Ku1VQzSw0w+3G1SOW1/nioijQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAsMSow -KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDC9IRIszo5zkkxlz+pkU8otrZ2Jwlf -BQ4j5heoPkpmvFss2fDElZZCVhZt54ehk2+oRuZhfgldfmuT0KCQEMnx8iN7K+pk -2LgaAVGzT4X/NBv+qamgkzRu9UvrS5NrlWutHsPPRt2TldVVJ1UEiLuWrrFMQwi+ -JATjgBHz6PhhD+UnPszZM/SJaBmtMXT99rO/sS6aaQhkZJCSDVVOnnecXafshkEF -tlMkKDRTTxxTOiTGu2NSH5MMzB3F952AiG8ZDONRSyBtxh/kpRV6+idO/4ufIQ3w -ZUPjLlRZIF9cDIGJXRU+cjYvMSV6yPzM2rP+67dPS9N7gQS1AFiMOlLQRbp3Sz9e -R6eetX/ggaHPcIzNv+pLp0L4+8PINZWhcJnZUlgkNR9Gg25mdPC6BLpWH20NH37V -VfSs40ytxHyw5QRokwwjcGUmlzXSJf0R+eUhXkJAmR+bgKbQKRbCW6M+byNdphfu -c3R2irNvRbYkwTOP3FvFkcC+cYyMIHyKihMCAwEAAaN/MH0wHQYDVR0OBBYEFJCh -13RFfpFyZ5LRR+A6ndRRvvGaMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBRCEI9X -B595ntLEaruio2xG9pG/KzANBgkqhkiG9w0BAQsFAAOCAgEAxyqRDyGCkF07q/2P -44Mkwg+olQdT7moiO7V7MauwLZmCNqkr4hQcAk1NKi1QdYw/xCgd/x7PQ/INVMYN -oAG/xxr4nh0whygSsPGk9LkzoeG4dfeVv7tbsYw+4o7wU9kgCM1v0c2vMskyHh3F -vdMJV+5hWZqHZLUOZY1l9ziJysz/aSD4WpMtXdwT5fFgbJ8zggcMADkIESSBPrK5 -ykjFqFnoryK938IUw8fHEdU5ZdjM+1li4Q6P3YT6ovY9aA9gXbD/xb4mUb5kG+ug -tmGV+MDvi6Qgyt1O9ZgaW0tLdbjdxzTjEgU0KwUDpK6AZ9ebcyL5PGj3JA15ZPvS -36AHH/3N+u3w1Poyxb8NxyOgNY7AX3hRQax9G1/43F3VZ1C991xVrwWL++mRD+Ai -5FhMKjZ258+8DKgYaT2JIExwNWA5taafmR2CKpxgVWSFLha/WogJH3kyyTJHXLjU -Bm5qvwqWAvS3Px+WkSbtqFKRDCs+oaj2wGGuwxqEEEriMJ26AC3Si2n9k0a17TOj -lezKgblBHlpokEgcqOkRDB8k1g/Hkx7eRX4RlBRJ4PVRFT6qSTyy3dESsWhb7Sz2 -+uB8SQIYH+5QXwD3MpNrg2BILQYtcciPiGmLNyQB3ZvJUKcj0n63CjxAfcSnbkUF -AnF6iUVbZu9AMRaBDiRdNLGnBms= +MIIDUTCCAjmgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDIwNDggbGV2ZWwgMiBpbnRlcm1l +ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5V3i+L4xmeCdv +LprK/Z7KT7Sn49qYIkd9nkb1xcoQzbZKlZ6BtGa7O3on0uodRYbFpb9VMXvvAR6z +CUDKriMvkS8jfv2TiEzbrbGYVgRiEpyt7obzve0EvaFD4VNp8DYwBUzOWY4L3Ffv +HkRMvjh8DXe62WD7v7RImkV9qYuDR3lZPz/TmVKa4QF+3VNQjXR6sVaLTKxjbLtx +I7icudw6jgA/8oQEY3fnGJGVABLQz7MIko7xHAjaT2M0vRCWuls3I4ehueAWr5Nf +6CGCRGAmZls9/rE06tl2nIbDfYYrBFg9OKgvqY7q/Zuj01fSTxWhb9KsYdLZcGk6 +W7WNJuZ1AgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUl +CAwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAdBgNVHQ4EFgQUN6a5fGI3CLKDO3aEKqpvu7mZ5JowDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAVYrrSfQRhrf3wIKaprhgmvb/lCHVs48I2n5A +UJLtkJCDkCuNQkH4uHHsGOyA1EixHNJoCfL2IIT2rrpxmcZ+wDjhyLxrUiDQhQQu ++J2yvdgZbs4hhXT+/px29MoyQwLEgN4tdk7F24nIJzLHZuD6ou6TKKS9Hy7kkDBQ +JcZj3GVqwt5HMTyXaFyvsTnGSmRdVadxnSr4tM8Ywp4C+0qif7t6pHbB9nzxsL+q +4N08TC5oFBuJs/PUmmZ1hXNrILluqZtyo9ZlDWeVeG56TRdPrDHP5Cnb68UViUt5 +AuH2VAkceGSYNsMiIBX77+w+TvAt50FGK+1MM2mJy+A2PUvxmg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFFTCCAv2gAwIBAgIUZBEaAuV4ORnPH4GxeJGyEiqXUN8wDQYJKoZIhvcNAQEL -BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTIzMTIyMTE3MjMxNFoX -DTMzMTIxODE3MjMxNFowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzvK/b5WhfthXBMVIHboJJuR9XuG9 -+ioSrlzwT9DW7QV31UpgBUZyf1nvT7CmDplNiWZtpqSdJ9pjskBIj5dv4m5cX8A9 -fK1IATdkd6j5/c2ZFkqi5k9iPeJa5rZY6SoGKgvBEr/Y5oiO8HZJZOFetafSr6zV -WRAsKlagrmiNS0oiWC0P0yPVWZyhlHHbtYrHtF/CuWEJ9HqzUk9KeTPwgjfphlYJ -YM0bCZzqN8TEbWPksU1WnmU15YbTgjwI0bNjUXA7W9LmMvbW7EXFJ2+LI+oiF3mk -TQEXqhfdTL9NtqAikD+cfAM1y5e5QSpi8dQuexBteFtXphRZzFk8M9DVKHyngKTH -/QZo6B4Gj9VPrNRPlbPkpbnu8JWD7hO/22VLU4YhghsdwQ/833pfokdV89NMoLo4 -JOUzbTTGtjH0bq6LWTMtLifuQ4H0D1WLtdy/EGgKptnTaeYaXNYT7+v+NNcBHaW8 -W3Orbx0s9IXgQnZTk1u03RbRdIxNxqm+HYEM8gT6S9IUymNZkzDCfZC0bC/saevd -zVE2xpZmuLOfhDl+EcalDYNPrM72+NzkAwRPFGec+bcUEhBxhvxpav+SxDiRC1gD -43qFU7hVfuqVH/EFp0lR3I3Xo8TZ5OIgEyJ5vQH5Ne1+C+sqdCqdGoqf1TZuIE80 -ZwKYcMnRwDXpiGsCAwEAAaNTMFEwHQYDVR0OBBYEFEIQj1cHn3me0sRqu6KjbEb2 -kb8rMB8GA1UdIwQYMBaAFEIQj1cHn3me0sRqu6KjbEb2kb8rMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEKDnm8x+NOaWNrPNH5kIlGD0tGdDJvw -/KvBZmkMcgFkb4zhbbeUmlu0j5CX4+6Lck0uw62zRgP4Nw3x36W3DL7pmoV4MYHC -djNG1ruNoojvgZyyGgMaSabto0nSHSE9opAorrSXB9RoOv2WcBuQSBNl72eaCQ1F -4kAYjKN6ZwPxEdTsdEmqWyUyEPy6E5kNoM0jW1uI2ZBxzbIOYeePvQ3muUSIMtmC -jShiEOOpmYpzENsAMouY3ZN+CWVS5kB5umnYSviQlAVEKSjC764FD9vMLL+rNhfP -fz+y6EhKcnnYy7mdXIRY73uh5eMyCLUO0yr2Y2ophhD8D79f2w7KtYjaSKfAch0L -lETe9Ch+fGDxUCph3J1IuR/3n01ZjB47WXu/yDZ6s7SHGXIgPaptzP+nZkDnmlZX -bvjB5s6r4U2spuqeLxrwd/1Jin7It+LOYLVmkihpbta9+/KKiXOuSYN1rSiQ2XKp -n1ZN0XxhcZzsALklBIU+Lm11b8gPVS7rXqll/sDmaAH9Iw+AXwUYjCb62Gy58yzu -uk3Q+msRr3oVI9bBhmEXmZxyENYJrw305qOlI3+tHBoJLUSP6zQ214aEu4trJr5K -kmbF7DZRG9MSBXeRk7e5ojK13xI1/XCjgIOTkGxF4rEFbVwhc0B8zS/2x3zw0fkE -M4J0J+gz0QYr +MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDIwNDggQ0EwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDTXuIjkCRylAcmwd5V8WdRM5d3nbsoyugrc1xl +JxTavaWtrf/L5UdI1O4UViV8Ml2EZyQmZI2FCWic98Nuv+yBLoWaSF13NEK9X4gg +L49UqwfncSHxlUQX29zn5Sg2jc8Og0EBUoGeVWzp0oxwRkuqBg3PWfa3TLsnVp/9 +bxh1Gnek/pQ3p3klDRnFMGs/e5VbYqOsPG/r7ieMOJokcBdwZJMoA3jyl6yQyNLn +CTVIBPiJDy59Pfi31PWlYqXHVzmWDMVxHpdBA16TxYzZ5p77jUIabd6MKRQfEnXo +PzhANizZld9Iuq1OZOTdYT9KhrbPaQ3ekjw6TXpkO7CuI2ZnAgMBAAGjgYMwgYAw +HwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUlCAwwDgYDVR0PAQH/BAQDAgH+ +MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUQYavl+JC +AKDn+YLXo5BOgVUlCAwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAkaNfCjipp8Ki9cy4IJfpCD2RKUEC8nbVYENrSm0EAUGr8XFrKRJOIQ3pHEyl +D6EZ3UxQBMhXe/QgoFU6tJ9MjhxO267CwjEowFyBE8cxvp74mzBC807GXKVAAVXb +gRXuKzVmSnF6GM9hIKvMguxE4Yao65jxme85/kH9phd/VZxG/tofrK0Hemrsj+MJ +Fzdbz12BLTmQof+1B/hfC6Rrnk+ljYarswoomcz13MsaO4hzFvXGL8Q92/4O2jKn +l4ijtJ5SyjpVWT9f6F3BQ2oTigL3+eLdjsBxodl0/YrXyr4WyqwjKvDyiPqGdGuF +32//5q0MnVJ2QAa0gJdSISLnpQ== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/end.key b/test-ca/rsa-2048/end.key index cb236b69be..9b0f1d31ca 100644 --- a/test-ca/rsa-2048/end.key +++ b/test-ca/rsa-2048/end.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDI1plwQmA+rr6 -Evlvn2hzIB/zYKlxTm14SPzomxpaf3OpzXzHuOn34yVvU1vTDijUl/YJbcnx052m -0075SYeuW08VQB/pzjhLrFp1ULSD272IddbB88T8Jq/VZ5dAxBB1q6Tm0vGBYQ8e -IcmJv+fJQTbTXHKQKPHQRmVyqXVkwvwcgEJi9gpOcEEpJ6SDGdyGh1ck3wGnhrSp -msu+hwUVi7las+KaQUlvkmD+UGQKo8Ta91Xu8ja25QLTpjVcYxbi719rtA6I9DpX -4+3aeIy/0s1xk0XiyMXIjSl3dn47gp3IZFRCECuoTdOwOZ9+y9ENnpHvZ84jCBXd -dU09qheJAgMBAAECggEABbzZYJqPc/prWwUJzo1qXdA5AEf8U3eR4nKK9S/yU2zh -8sE3BQxb3M0SAbb6wTbuXmnlcxuGT5UAUrJt5QiTc739kktjZNWKdDcqJb7sv9/L -L+L/II7RYPSmQOkd2mqpbTxRyfOz5DD9Z85ohaNd5l4Dha13NOPvUEdxnjB7Yi4I -YbUYZ/Zq6MUosFRObS0XPBvk6d+zDI3WUZatVTNfuS7fqI1BvkXs5EkV34DQXgQs -LKb1LFAoEZoh64UnfkONIT9oG4OTbbaQ9gCbfQPpKw07GuaMdtjp0QD0yldOKvL4 -V4crSZyj2f3LnPCqCjUwcz6quKSUqUgosVApH+JCcQKBgQDpaGXy3laYTK3zbauh -+eHY5Ia+7fM2ETZx4LfwAYA1K5E84T98swpO571lZVrbOKjBukpUrbHdOcEVcBRH -BTvCh1vL1AXXWR0cCvWtp/WAbu90rDqgu6mxaD+V8wGq29URTWOCRG1WA7zeNHPB -0XAZPLQVeqeSvHGLSqyPf4aoHQKBgQDWBqvl5To7P4ZT6VFl18v0EB3zgzpRuyC3 -xKKz5mGw4tuvspdMU2XaOGQsRl5emMijGeII7JUweHbBdkq44S2FZ9wyn4+I+8Oi -Atu4Nce06ARnw+5RRcJlSs/LrExfOtxF3xp8EQqpL/jEO03n7G5cwcFwuWTKoVTI -0RwcuU4JXQKBgDBMCvRzb2W6UDBT3DT7GPGhcARoBnCEpUhxIH6IQPg/mKEJVvK9 -tX9YUod9row4MCtOGf1lp61IOxztgTSk75W0HpmRuNezt+NKnUWewJ0f12rEDKmf -y2BLWwTzMMAjFvaqldGpyRoIUfeE0QMlDFYcioL7S1uApNoWzJgw4jM9AoGBANIk -osuLku1xphbl08JHbD4rRP1AMBbnwWwuagJxhiID3OhaVivfBvaIv/Ko9Se0o+th -EorooGODJDc4So3Uqrl+DLq36Fr7uE5uuAXa6Ec8OHcZ7flmoUSLfBPjDOnEBVul -f3+py+nq7Drgb9H0VzhEFgb0QX6jgXfbudqKJ5ERAoGAR5Q6wQEoT9VT53nuKprl -3K/6agd+4wlpVQW0W1LImdrJHRHUXO7KJe7Bo5rtjL3lw8dCl3olHlLPJKg9frMn -ZWvJ2t0zca18S76rNcsPew2BecJxNRFlGwdcE1BBA2p/yzBhsZbIO7eqfh+dK5va -rnlrPNbWDhylxMaU4/CoU7k= +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCxZ9dwzo7jhKvj +/kMZBmGjtgcTaXq+GwIs9dB5RnXs7RH8rdic0vrqwmk1jJPhz9gfuXd3rnbV5lnB +7NAmTIkrlJXnI+cDlXMzdlruCJowWMyWdg8nDFgmQr3XelgNHz+WH+qFzJQ4PpBo +a4YCnXr+UWhk5ZwU8nj/5Yc0H/AsK2ubCbyP+GsdkHkfwm/CCE3Dvq7/l8K2Kczq +N5qxmKXRM6q3Yy6xgUd54+gFNsef95qzuYdX1/tnnTFOWoHEVz94q2P830CZVOSZ +P4ytdvObwrip10rxif4CpAZ0BwmjVGHYflUqckX74Af6vTBZhjRpteQZXvL4zixY +AshyT/RDAgMBAAECggEAFw4ctH9TmIPUZuPTSnxG0iTE1KP/nJcb+EXV2vzqNGk2 +zjS1kuPkUgAD9j6XtV/ygWTz/qzAqtmtzoL9Jg0KQoyj0o8a5Z9VglmeRZL+nsvb +gq5DF9sF1asUyt0Odl4aQGNTciH9HTYcREW8+7gFlOl1fK9OUnaUfQUSRhbkeojO +jZMJDCYdrGZVUrD1dy5I17fZpSnz+c95Trd5zhdlQXEULfBV10NVn8/1DfGtS5Au +YBRIIRWGAmZrbH4NeXBy0hIAIgIXuT3he0LHKCkQDIz9BD5rjk8/GYvuUKkip8Gt +jaW2TKRKjpu6NVspgZnGoR3IpsqOIfiIPLayJSVt4QKBgQDiAOP2hPvINbxkVmb/ +eiXvHjuiHVgL1sgFM5tcVUAEiZqXEO1veagMGfTSsWYl6qay2RbZYQtyTrlJi6XV +Bih80tWoYKv+pgJLvqvzhdwc3K6ZJZsfpfaYZUzmmo4KwbEwBSyRCMRVXi6eb9dI +aQfIiSZuT1+EmUlUotm5I4bWMwKBgQDI87OJSoYI4BLKH3aqf3+KMyb5IrRNpfVj +nbL7QVk4gQcg9xa94K0rxT2Jl8h6mKB4Rc0GO2aT3DDytEOKCq5v2o+poq+VaQKA +iHOav+ZWSsjuotIKwEPaNsh5u9o45UtjI92YatJdGL1w2BMd3qlGyhhRrDRdX/Ml +wnpW8Im5sQKBgQCK4YM0zVmwGZ1wh0v5+MTw4UJCCAhAFjeKQsFZByY045508LkH +xNnIvfadttgPute/lfodkS4oi0n/cOpyMruUoTccpnNrI/bLNxuRpZOyxMYiZGKk +GyejVLTiDN32rDpHSRau9ZU45Ix/XjkMTUa0K9vK88m9wTi34u8qfzNv0wKBgQC0 +bGq0R98UNOtp4toOty7yDH9fjNNKLEmoyTyb7s6GtwKJjJA0p3eUJyHbWhY8TLE3 +i6RLhiXReA/Suhsx4+k+sIPwkQsJISGH+fuh486Rh8/kwvfHg1zonetdsVZ7YxRO +zTL22GJMCBx/JuHzHanqzyUKn4zckXukWXqyeIGP4QKBgQDA4DIiK754/tP95W1G ++F0VkrNxBYgTL55DzdAtnFevQdVQGiEm3v93c+zIrlo/LbDauDUymCOv8TdrqwxD +ObJ/ca78qGffmEWBJ9IdTzHt4ygtZYFaepFIW/35+/f/eIi0EmReKkTqngciBvzt +TaNNTfWTq6BscnVDPPohWFYLyQ== -----END PRIVATE KEY----- diff --git a/test-ca/rsa-2048/end.revoked.crl.pem b/test-ca/rsa-2048/end.revoked.crl.pem index 5c89ac19cb..3b6779deb0 100644 --- a/test-ca/rsa-2048/end.revoked.crl.pem +++ b/test-ca/rsa-2048/end.revoked.crl.pem @@ -1,15 +1,12 @@ -----BEGIN X509 CRL----- -MIICTDCBtQIBATANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDDCFwb255dG93biBS -U0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUXDTIzMTIyMTE3MjMxNVoXDTIzMTIyODE3 -MjMxNVowIzAhAgIByBcNMjMxMjIxMTcyMzE1WjAMMAoGA1UdFQQDCgEBoDAwLjAf -BgNVHSMEGDAWgBSQodd0RX6RcmeS0UfgOp3UUb7xmjALBgNVHRQEBAICEAEwDQYJ -KoZIhvcNAQELBQADggGBAC1EscJighlKjrV2C6XjbuL45UwyXcRjKhhpYSrdihuQ -IZXgak3xhvm+hn6Tk6tZnYy8GyFT9XWC07Wohs5SZQT8prGAd2RR8vRnZka18a7b -wOyVGY+p69G4QUXE+crpGshfRmaSeH/VIf/MB37leWGODvf7MNdizfjnvSEAZEnx -NC0/pea+FoMgmFiccq0yhTtMVcs+nMpyjuxHK8IeMpLAewQ+gFR1rzFDCMNo7/nQ -l+Tvik9NsqXK1Umzc+efHYf62YQQPAXkdeIQNqN2DxJjNuJ5NAFjvUKBbqo2RL7S -mjvZajvD0noIPtHRzYvPbS2B1Xm7iZ+nzesKtoYziI71oyoX+uQl3Jv5589e7Ko7 -z4UxoUI74ytliaH9TVQpFfp64pcD6fugisX/fmjIg6FHq6IlcQeIC39U+fV9BjGI -WzvVAnsyUBsu4wxsCOB2a5fbLgippBuNAAgjgENm1oYQh4jobGmmM+MTstrIBEZu -nCqmhKPk2zOVWz6h6FDOHw== +MIIB0DCBuQIBATANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNDA3MTgyNDQxWhcNMjQw +NDEyMTgyNDQxWjAiMCACAQ8XDTI0MDQwNzE4MjQ0MVowDDAKBgNVHRUEAwoBAaAw +MC4wHwYDVR0jBBgwFoAUN6a5fGI3CLKDO3aEKqpvu7mZ5JowCwYDVR0UBAQCAgTS +MA0GCSqGSIb3DQEBCwUAA4IBAQBX3CF/28EkF2vhZ3NcFeRXZWv6shHTPuO0usoc +lhOB6WzCIMqo+atW+RWjs18FX/Fcejz1L6kOyD+hFJ/6D3G3w1pw5jng5Kw0N3fv +nx8T2QS44LDMAUeeiUkwZz84zWUhUVz/bZNEDsu6ZrfYiuvPZswRSSFsLmx7T4iH +inqHvZUU4loN9Y8v8ai3KqF571pB0G8vniUQDqjGgMeuigLAxG3wm7A7733S57dQ +/q9foSWu7PvJs3MO9vrLWBuSV+LzGZklFBrZUKx8NbgHL1WYsa8iqoCoZiLdlpPJ +YZbSS1xdLqfVuel0XEhICmW+w+xy84pgsw6/07AoqXtTUZwO -----END X509 CRL----- diff --git a/test-ca/rsa-2048/inter.cert b/test-ca/rsa-2048/inter.cert index c46d1105a8..241337eb85 100644 --- a/test-ca/rsa-2048/inter.cert +++ b/test-ca/rsa-2048/inter.cert @@ -1,28 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIEwDCCAqigAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 -dG93biBSU0EgQ0EwHhcNMjMxMjIxMTcyMzE1WhcNMzMxMjE4MTcyMzE1WjAsMSow -KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G -CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDC9IRIszo5zkkxlz+pkU8otrZ2Jwlf -BQ4j5heoPkpmvFss2fDElZZCVhZt54ehk2+oRuZhfgldfmuT0KCQEMnx8iN7K+pk -2LgaAVGzT4X/NBv+qamgkzRu9UvrS5NrlWutHsPPRt2TldVVJ1UEiLuWrrFMQwi+ -JATjgBHz6PhhD+UnPszZM/SJaBmtMXT99rO/sS6aaQhkZJCSDVVOnnecXafshkEF -tlMkKDRTTxxTOiTGu2NSH5MMzB3F952AiG8ZDONRSyBtxh/kpRV6+idO/4ufIQ3w -ZUPjLlRZIF9cDIGJXRU+cjYvMSV6yPzM2rP+67dPS9N7gQS1AFiMOlLQRbp3Sz9e -R6eetX/ggaHPcIzNv+pLp0L4+8PINZWhcJnZUlgkNR9Gg25mdPC6BLpWH20NH37V -VfSs40ytxHyw5QRokwwjcGUmlzXSJf0R+eUhXkJAmR+bgKbQKRbCW6M+byNdphfu -c3R2irNvRbYkwTOP3FvFkcC+cYyMIHyKihMCAwEAAaN/MH0wHQYDVR0OBBYEFJCh -13RFfpFyZ5LRR+A6ndRRvvGaMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAfBgNVHSMEGDAWgBRCEI9X -B595ntLEaruio2xG9pG/KzANBgkqhkiG9w0BAQsFAAOCAgEAxyqRDyGCkF07q/2P -44Mkwg+olQdT7moiO7V7MauwLZmCNqkr4hQcAk1NKi1QdYw/xCgd/x7PQ/INVMYN -oAG/xxr4nh0whygSsPGk9LkzoeG4dfeVv7tbsYw+4o7wU9kgCM1v0c2vMskyHh3F -vdMJV+5hWZqHZLUOZY1l9ziJysz/aSD4WpMtXdwT5fFgbJ8zggcMADkIESSBPrK5 -ykjFqFnoryK938IUw8fHEdU5ZdjM+1li4Q6P3YT6ovY9aA9gXbD/xb4mUb5kG+ug -tmGV+MDvi6Qgyt1O9ZgaW0tLdbjdxzTjEgU0KwUDpK6AZ9ebcyL5PGj3JA15ZPvS -36AHH/3N+u3w1Poyxb8NxyOgNY7AX3hRQax9G1/43F3VZ1C991xVrwWL++mRD+Ai -5FhMKjZ258+8DKgYaT2JIExwNWA5taafmR2CKpxgVWSFLha/WogJH3kyyTJHXLjU -Bm5qvwqWAvS3Px+WkSbtqFKRDCs+oaj2wGGuwxqEEEriMJ26AC3Si2n9k0a17TOj -lezKgblBHlpokEgcqOkRDB8k1g/Hkx7eRX4RlBRJ4PVRFT6qSTyy3dESsWhb7Sz2 -+uB8SQIYH+5QXwD3MpNrg2BILQYtcciPiGmLNyQB3ZvJUKcj0n63CjxAfcSnbkUF -AnF6iUVbZu9AMRaBDiRdNLGnBms= +MIIDUTCCAjmgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDIwNDggbGV2ZWwgMiBpbnRlcm1l +ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5V3i+L4xmeCdv +LprK/Z7KT7Sn49qYIkd9nkb1xcoQzbZKlZ6BtGa7O3on0uodRYbFpb9VMXvvAR6z +CUDKriMvkS8jfv2TiEzbrbGYVgRiEpyt7obzve0EvaFD4VNp8DYwBUzOWY4L3Ffv +HkRMvjh8DXe62WD7v7RImkV9qYuDR3lZPz/TmVKa4QF+3VNQjXR6sVaLTKxjbLtx +I7icudw6jgA/8oQEY3fnGJGVABLQz7MIko7xHAjaT2M0vRCWuls3I4ehueAWr5Nf +6CGCRGAmZls9/rE06tl2nIbDfYYrBFg9OKgvqY7q/Zuj01fSTxWhb9KsYdLZcGk6 +W7WNJuZ1AgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUl +CAwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAdBgNVHQ4EFgQUN6a5fGI3CLKDO3aEKqpvu7mZ5JowDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAVYrrSfQRhrf3wIKaprhgmvb/lCHVs48I2n5A +UJLtkJCDkCuNQkH4uHHsGOyA1EixHNJoCfL2IIT2rrpxmcZ+wDjhyLxrUiDQhQQu ++J2yvdgZbs4hhXT+/px29MoyQwLEgN4tdk7F24nIJzLHZuD6ou6TKKS9Hy7kkDBQ +JcZj3GVqwt5HMTyXaFyvsTnGSmRdVadxnSr4tM8Ywp4C+0qif7t6pHbB9nzxsL+q +4N08TC5oFBuJs/PUmmZ1hXNrILluqZtyo9ZlDWeVeG56TRdPrDHP5Cnb68UViUt5 +AuH2VAkceGSYNsMiIBX77+w+TvAt50FGK+1MM2mJy+A2PUvxmg== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/inter.der b/test-ca/rsa-2048/inter.der new file mode 100644 index 0000000000000000000000000000000000000000..2826a6377d85aaec414243001de360cdad726a83 GIT binary patch literal 853 zcmXqLVh%KDVzOMo%*4pV#K>X5%f_kI=F#?@mywa1mBB#XP}V@2jX9KsnMb4`Kd-VR zzdTPNDA-ZK$iT!x!P(J3L7dmz)W8r3!5~V4-^9Su3`xMi&`{q%7h;4OrV%-*WvMv| zMhcmEC8C8-8Yj7rE3VPs`sZerwT0E%-lH8C(t+Q zr~J1pe|&3(l6&nux35P}37p;LHFaL&mbBg0RqB^s$-1^3UAjNiu=+it+-6RPQ|pxV zC+aKL{hi$5b9?Q^8DT6*LUY!>Yx}(SEz918&JTk#KbRS?`kagGhJ8um%}gli!RK+v?lS=&4Ns;=&ikK&q|q?85tNC zH#QqIHW@7_7{$t(kY zkZxg+X{-j!KngjYfC&Z|PmBzqU9UaA2)1qiexPaAvK$E`YtfJtvB zOlY2<-RtD|V@Kf|i8l>bJT}T)%HaI;O`+x6x?P1ckJTNpcz9w@c96n_Ru;VP5Z5nac1Y~2WGb3A7=posEJdB literal 0 HcmV?d00001 diff --git a/test-ca/rsa-2048/inter.key b/test-ca/rsa-2048/inter.key index d81f6c6622..25d3bb8713 100644 --- a/test-ca/rsa-2048/inter.key +++ b/test-ca/rsa-2048/inter.key @@ -1,40 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDC9IRIszo5zkkx -lz+pkU8otrZ2JwlfBQ4j5heoPkpmvFss2fDElZZCVhZt54ehk2+oRuZhfgldfmuT -0KCQEMnx8iN7K+pk2LgaAVGzT4X/NBv+qamgkzRu9UvrS5NrlWutHsPPRt2TldVV -J1UEiLuWrrFMQwi+JATjgBHz6PhhD+UnPszZM/SJaBmtMXT99rO/sS6aaQhkZJCS -DVVOnnecXafshkEFtlMkKDRTTxxTOiTGu2NSH5MMzB3F952AiG8ZDONRSyBtxh/k -pRV6+idO/4ufIQ3wZUPjLlRZIF9cDIGJXRU+cjYvMSV6yPzM2rP+67dPS9N7gQS1 -AFiMOlLQRbp3Sz9eR6eetX/ggaHPcIzNv+pLp0L4+8PINZWhcJnZUlgkNR9Gg25m -dPC6BLpWH20NH37VVfSs40ytxHyw5QRokwwjcGUmlzXSJf0R+eUhXkJAmR+bgKbQ -KRbCW6M+byNdphfuc3R2irNvRbYkwTOP3FvFkcC+cYyMIHyKihMCAwEAAQKCAYAH -GUrEMAP6NFPUJYjYF0ZCzojBmKEzoowIuA87YC2lAdlYD9bLQyrImWdXUBFPVzin -+25h74F9P6vvIt3QCdsCE80S8dNVfumcgYdtVVTfNMtzzSxLI0VuC3AuQnOC2hUZ -GfRoa/P8btsAI1MNAZQgKcSjUbWOJuKzDIr35iaDuBctptZ7bpbhdlnXi1iSUEO9 -2eNtznzq1RmDo5SmW054CX7RHovQqld2fzhHFtotXl7+oSsPZqdKeIw/LD3wfu/3 -7RqISfFu5ATrcOs7fhMuE2r+aM3pHOiGsgxqJtfndace4TF+dCFpzXaqCb8VNPhc -oxtE1UU1PevwkXUGQ/BWE7L41LrFv8gkEhf+jeAye3mppqVmQ69twcLLIW9sg0YJ -kSMGfXav1l59sZ9y/LiW8+9KSd3Ifi0SbknJPajo5M0W5zQAzPm0Q1DWRhsmyaje -Fa4mU/Ea4C2EiDYFceVniqLkpKGL/mh5dVMPEqE7txRNmykN1zhxTFAyu/E2d7EC -gcEAxRknlDrwIqsabdjm/x1JKBi+TxCh21GO5JhXDEumR4BojUY32ajj/CjY8Gxy -7OssoYXCAfIrRxcugctjEGDbU3f59cUh58hHJrOXa7Q9ZASSwdVt49ESYfj6TmX/ -a3T33qUWlTD7ig1QbT+k4CTanYwkyKBGHCq+oZuCaqSMKi9r6wqRYJtGxQ5ad32A -b4VuKmERJpi5PTkwwthI+PISnJitQyB/qaVX1RO3MILtIcKISlLryqejIJw/zRIS -vHy/AoHBAP03Z5oFS7mjpy1rIbP+ZwAt0jUcWCNJP05lcKY5DKooRLw8bg8zZvql -yfN3tJrdFaK8eM9Kp0qlCx9WdAp7Y6ZEXWxkqv8gom4h44ywqL7R/Ze2ZKEQdsT0 -GXJ912HBPCb2kchiv3qJ/wg78RulU7Y3rm3XCzgcMzqR8YRteW3kLMIelqcH39o3 -2kRSUWTojhX7Wkt0sIkDU+uo9uuS9eIZ/6uDRdpGYvCx+IQiOmoVO+xmLhVLZQHA -xrvXq0wDrQKBwFt/ifguRDxT4jkMcHAOUF/k3LQnrHv8KLHGZuK2W8LlwaOT7WmG -FhCBhfRW5CNIKbfyOFZe7ehawqROnvaDgE4HbGrD0TGgsCcvSCQf0EAWP2rsgc84 -x6fjxY+PmjtwWYFqcklgK+WyuJt+6DOF6FcrMAhTHzkEPusXHjwTl14eFaNPjJ2k -d/4S47yE7pLXBoV1+lhInfXmDtTlQzsOZcV8uzJma919fIDWXjyPCzaY8FxQklXJ -7Ni+sH+q3DfUUQKBwQCQf8iQXUtMYbaqNYOjKp9uu7dEdataX5dPzpWNVesDQz2O -SdHovMWcbXWkiYA4C8gn+PPcH1b+QtbpCDXqMWW5YTQLAhuOwfnPbWlkRP/W/RCB -PiWIwFN2q3HGI0gA0fvYpEanGqr4a71s3oAF7b+qsXXJ2rjdSUJ2vwgbMTnlWxur -nzcLlHPLHKpi6LLoKcnDg4+QlcOUPKDsT5yw7EmCwKFlJ+F54Ube4kDWbo31Ma7j -hZ/wqPi4GmGOmlF3bHUCgcALbVVVyobr6vYDGwtzR0SF1YGQ9F5wKfIDYPvoqQhc -XV+MWECyqTtZ+pTJemSyjBgRsOCyBJBf8vM8u0odEFgqaw0dYlHs5iF5CV1KckEG -Q2y0MeyfT7at+EaFElkoxlvAg2U8DJWLK62ztoWyXjEgBCGFcFyKTe//azhWUBzE -t+kQEAhQ28ERoRqn/CGpLpu9F5SOOCvc1mF5Ox+umUVvYS8I2B3Rek1NdkZBqWUD -nsXeFeIOjo5ZCSvEdaIpxm0= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5V3i+L4xmeCdv +LprK/Z7KT7Sn49qYIkd9nkb1xcoQzbZKlZ6BtGa7O3on0uodRYbFpb9VMXvvAR6z +CUDKriMvkS8jfv2TiEzbrbGYVgRiEpyt7obzve0EvaFD4VNp8DYwBUzOWY4L3Ffv +HkRMvjh8DXe62WD7v7RImkV9qYuDR3lZPz/TmVKa4QF+3VNQjXR6sVaLTKxjbLtx +I7icudw6jgA/8oQEY3fnGJGVABLQz7MIko7xHAjaT2M0vRCWuls3I4ehueAWr5Nf +6CGCRGAmZls9/rE06tl2nIbDfYYrBFg9OKgvqY7q/Zuj01fSTxWhb9KsYdLZcGk6 +W7WNJuZ1AgMBAAECggEACcLREZcYelcOoJzgOxuTTs1W0ta9rvBzOmrpCs2RYEQt +Ow1ZLTSOioLN4qYJfWQpfmRFyNtTzxkMgFpW5rW4Fau8Q07PVQNDJPinV0IEdhPL +258pzVFt16eTBCusRHKJsAq/akiuIfLHUMkTyMTl3aap7RXAtVF50a8KRN12gwHc +Jf5dLzY5LlUCytGjGWpKgVT76Jg0iIxfMLYEuYQ4wx3YYXrdNjpNP3UE0masuWe+ +z8yY5+9PD8krFnWqHQAEYLxa3/MGZeexHjOzJso18M9EtdE3WHIQIFqOCcyR88ZY +yyl5Ncp0ydI3Zq57wSbcPPKGlQo0mWzHv4onAqOfuwKBgQDnpVm6ySFfNGjkdX/G +LbVNUda6RGdeoAvGCLXnvupXduqv4hIHUUddMXDw0YqNr3EBgcYGwyQH6g8j5nPg +J5RVcQP3j6nPfKof5lBiUWO4dfo8jOGJIfSp1MV/2RSOWxbhXjaC9oRVf8+z+dhW +h6VMtAkhOAU0P08PreDSQFDKjwKBgQDM09z6E5kv615ncT8lvQQkXnrpmBEqjOhN +Z772neEmitozTgX3VYFi28I8C7OXcc9qsLZNeJsH8MpJyp1Bl6xRTEfdx2FeAQAl +axGevfXZyjfdfU+nmTei5kk4gnOqwqp7sQoz0LNnT0pxtACJFozBVtCuTCPU4qQZ +jYaaZ+YQuwKBgQDBDiphJF0etlQxCsgJh3CRVwJpTLcFwsbtLbdEw/UUHfRrzzKN +TKz4O0tQOKKLgMrioaBDZIDz45ropZivGO1j5AOVX/L7DH/QhCc8OW6tfg2mRxd0 +LYt1uvE6otWh6sJ/4v/1V7RkeVfGPBST0QrviSAOwlx79cNTYut67sUmewKBgQDD +iGEEbl8nirZ1Y3uX6CgjG/qUMrH4f8ln02lOfosoQxdoMMyrP3ojyIxUzArmwSPz +wrxVmpPM8cX6yaxzqHo8pehZRHOjzKq6DcslUkx3W38XNwAqi668GMC/bHFFC066 +g9isfEg3kE8N2ntEYz19eAYAzfjKyo1DQ4LCtfq/7wKBgCI/pmg/gP0eHknfTaix +K2RuAGhaKNFDPB0uDrUx0JC6x8fDQm0VI7EjYJnYpbpTYXOgwfTfy7B2vBc7g2b0 +F8ZWASaSWBhQvxzZx0As5LVYzfCtU71BpTt5GGRDDWGVbmPwSg/gltkY6OTsWfXx ++WfzLbJD6EVgOYsmf2ZbvPp3 -----END PRIVATE KEY----- diff --git a/test-ca/rsa-2048/inter.revoked.crl.pem b/test-ca/rsa-2048/inter.revoked.crl.pem index 8e08f38396..40126223b2 100644 --- a/test-ca/rsa-2048/inter.revoked.crl.pem +++ b/test-ca/rsa-2048/inter.revoked.crl.pem @@ -1,17 +1,12 @@ -----BEGIN X509 CRL----- -MIICuTCBogIBATANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255dG93biBS -U0EgQ0EXDTIzMTIyMTE3MjMxNVoXDTIzMTIyODE3MjMxNVowIjAgAgF7Fw0yMzEy -MjExNzIzMTVaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQYMBaAFEIQj1cHn3me -0sRqu6KjbEb2kb8rMAsGA1UdFAQEAgIQATANBgkqhkiG9w0BAQsFAAOCAgEARGKb -Ln3pmBaeQNChd1GbXMRK0ggXaoLJMzYjA6TVoVuCtKxU9yb0TcTQfsRWbIJ1oHf7 -/s+to26BWwpoVJDe7O9nqEZcrS8bjdAbwF6FUGNbyHyYj0J2Ffjwnb+FVUBG9A/d -Vck4RykbuNTzb75YHhjOfyOJFHKitG+w0ZLnHU6uOpkjSM30Q5JVfg4fVicrUW+N -mAWHJKejxrDR+RpHT8SwIwdo1CGyZYZrU7pkCkR26GudopaHcPNhdYD/ExUdtCG5 -DSq3oYSIxOSIm45ZbBfTiPRLlEKiw9yzR32XRCTiBzXx23V/jkotcCHrbihBt0wh -gNPYeLJCy3gDFBhTB34IRme08LUA04EmVRg/HcwsFNw9Xqw/EAxewqcZU8lzYpCK -57VdHi1+96vQD1vj6OssinAjm/VtSh7wQ3akgq++zj+7hSiOlRrITLegVE19YlaN -HQ3YSARw9H/sg2Ygnnk8tyZZ2D3JgBp1TjFJwZyfhBQbCHTxMES2aGrJ1EjiSyEl -1GTZVooDYnJPPMICddfKDwPP0h5syCPhekQN6qRPbEeCS6ckfR8LVrJ6U8rEZCFN -Rg7mkXkyvazGaqCSQ3gYuja+sN/VHQP1f8X3eGWvyliRBkJFJvJp/GyGf2sMGmYk -iIFUNMjh/n9AqDSp6kR/uW2fs5ADygazackhPHA= +MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255dG93biBS +U0EgMjA0OCBDQRcNMjQwNDA3MTgyNDQwWhcNMjQwNDEyMTgyNDQwWjAiMCACAQgX +DTI0MDQwNzE4MjQ0MFowDDAKBgNVHRUEAwoBAaAwMC4wHwYDVR0jBBgwFoAUQYav +l+JCAKDn+YLXo5BOgVUlCAwwCwYDVR0UBAQCAgTSMA0GCSqGSIb3DQEBCwUAA4IB +AQBf0Jy/DOdX8GmZsGmfd9hzBW5OKEIt3kd4Hudm0IVNFo6vTMSWKjFEw+xHrT8M +g459Pk+i9Q9jpUcnNPsO+wkv5gbEGKaY8eChNiapMUwV1vZ8HRcy3Shjz4XEWa8m +x5XamU4vvQT0BJVg7lklLPEnETm7ikIrWf4xO0v1AQZjRNenHq0H0au8ZKv8B0/F +tdvr9u6ZbAL2pUrxsaHxm0zqhgijXO91Fvp/Ch4TpOEcvllAlFCka1IL6DOkpFhM +BAzKocfHjDycm2+tmzH/wgdTmwo/NgdsDkd9fBUw6BzV0xGaTMF4ZtlIrP7BY4PQ +kgvsUoJ6kzEBxYYoYy3LYnHq -----END X509 CRL----- diff --git a/test-ca/rsa-3072/ca.cert b/test-ca/rsa-3072/ca.cert new file mode 100644 index 0000000000..33a13f8a43 --- /dev/null +++ b/test-ca/rsa-3072/ca.cert @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEPzCCAqegAwIBAgIBAjANBgkqhkiG9w0BAQwFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMzA3MiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDMwNzIgQ0EwggGiMA0GCSqGSIb3 +DQEBAQUAA4IBjwAwggGKAoIBgQDPfwaxtqkf/vZlLww8265tmTtltO9/x08ZHZ39 +XWjVQsuRfGv1hnTw/H2OAtJA3TgOUkcctXvhWIC302kPnPYeQJOyquj5HCRpRezX +DZWw6lN9TJAB/h1JEvjazikPvG3jW7/0fQOf8B9iDUfv/OdVOTh+SNWxmkswXpdS +7eXwHfZ7VfAdCY3YRX68LjfpuuckT4mWhA9q2skQ2OKMsLyyOVYJxnEX5e4xytOu +rtCyN5Ng+oMZ1HXjjiwnzj/3MuxdWzIkB5cGlXWEj6ZJUTuesvF/zJ+1n+M/P/mq +g+Fc+I2a1XmbgRzLfyzgRPIJQFfS4V+NXA2YsnhJItlIbE/QuSUupPzxOjXfJre1 +ArRCflh0ELlZPYWbX4dbe49EE5WMsjHKNloi+ZbsXvVjt3jQWQ6BjNRLyNMdfJeX +i4yOznxX7wnHDC3oVyePiLIBzwoHyUItE6o8TortcQD1wbIJOOLz6yV3+ChPq+kN +L84z8ZtOYMz4MePMQRh2Gwz+gwkCAwEAAaOBgzCBgDAfBgNVHSMEGDAWgBRpF7fH +LYkLSELPjsjU2qh7LucbsTAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRpF7fHLYkLSELPjsjU2qh7LucbsTAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4IBgQBuufGGoWttdM4NOJoU +xZbQWOkaWIObpZ+LS0FZDdLpgH9zBesXK1vaHqeD0hHCF5u+2F7FZJyG5hmGwbuE +bbxJDhnrtWkXOaYVpWvz0063FbdKWQa9RidzC4nOnct4a7soEPV99EZPaci3Ym/K +ZMmzbQYO2b9x/X6lNZbw2GPHa+qyRl7uOpNzAG6MHEHHR+GLAoQLsYUEjm75wVzK +JSz/594cBzzqr1jIBsB9it3J1IP1sKOLXiVZZR8YlpBa6hb92tin3FA3fgTByl7s +fVjk+lbqBela3o1RJUonbHe/lpz8IIxfeQe+sCrhhm4zVK6/cpnFLrOrc6AOYi37 +NVxiMRrnMfZyH+yrKHs+ecreOfSq2h/VTYLZXqgQz30Jxmf2H0MpgxHxn5ukro3Q +yYsSCaDJgzinN1uk0uKkM6rLq9+QGH7hXH5iTfPBh6K9JkA4A90N1nOAXupQG6HV +f5AKbuYKFcTCEaZraS91MzWTeCtAf/RJRSatmq+52hLrSv8= +-----END CERTIFICATE----- diff --git a/test-ca/rsa-3072/ca.der b/test-ca/rsa-3072/ca.der new file mode 100644 index 0000000000000000000000000000000000000000..034f82f43954582643c516ca653c484462007894 GIT binary patch literal 1091 zcmXqLVzD=9Vp_g{nTe4JhzxkyIJMe5+P?ELGV-u87|0vS8c4G-hq5s9h!o`KRhHzJ z=P3jQJ1Q6(m>VfLI~pj6^O~C)7y=;}L`m?Q7+9Ji2@p1-iE$CKwT!F`%uS5_3g+?RB{`ty8zWuRrcDDLeOXY{pfm(-Uj5zqXZp_*2`* zbjjha1z(W6%+~6M5e?ffXY$YaCg(7D)2bIgWmGa<-(2UNy5UuDtn?0EpPcZkS@KHh<31hrbN1hj z-o!>5sjyFHn_Ak^zsxhxdfujw^=Ia9o&VV0{^zRZhcQ2TXI-tF-6(UqUgv?!Cr*d( zOAq6FV|Zt5s_<00>5=1qVW+Czl0P4+JaU=<0qK;i)~F z3{ROwDgB)GChlwU_KFLUe2qOw`MwiZZmp=+doI1vfDfdApONuD3kxtw z{WFjS@l{#G3`E#CwAmP0S=pHx;VdSIG#`r?3wG1^LAr%Orm-3@11aQm0!*I3bkfL> zxASA$!tC6VbG#O_M2=3o5b;tfqIvex`Q6@*k-V2)Hq;lhz82Sxz9qN3`I6uv@!9)s z#2rnU)AmfV?cnZ~+&!LrlCQUBid!xdU7G#*vfp;m?Ou^=d)?HFxjWCzJzbH#TSMS$ z?H4!y%oE#_@=v9l+?>nCcXNN?-@2uy(>~ltKA!z*lUv+7tI5R-c|9_Y$K4-xGqrGU zY-Q=o`*|?tl&a4E=l5jTZCVmiNonTe5!iBa5umyJ`a&7sdJJMwqutw%q*S~OevC|La05gr#d2T_ile1bcxDwl4HPmkg_;gICIOvB!VbJ_Y?rT>2vuD-5zefut{ zwj-?@=Dm=ytk6@~yWr2-;L>oZ4~G@~dgi^{v`F)cI&1B&(CXORsuI0ITeiN?T>Ql2 zw9@j*?;X!mkICPd&o;M?>3_;1mFYKXi}x^u$;z$?ufP0jYF>$6(*oY?-sL5atxJz2 zpY?4jww*ZJfZ%m|6aboVoWgpT}UvnWmC`?nQrg8~J0{A2OD z%^Li6TO1d2cWH(H+5L{~d(3>@rT5*AYk6|)_#`-KWslK?^|Dttr7u@}5OK`^!iJ@5 zg3|igD&mRx_hz7XO1a5G3}Ay(sgY8=#k4_W97J~>(HI2Z?|q%oXzK} zFuh;iU`xV*DW4nqe192zzGiTL!SwE`wSP*#SNTlh+>V@4285dWz8@No$JGabnb-?-XrPmLZY0OR9JlB}x$q}c( z2j~Cu_uh?pd04`!JlgraAV-c-O3ULXN7ojFCB8V%oWYnTe5!iBZ6SmyJ`a&7}LRqcQG|FHZq(DXuhwc z_FtVzrF*YVe3O0@latKWLS}RMKg)fdI`uA>eSW9uh03WFVh7%E{B|temKx9TN8$X& zu!w|J*B%D>3xAitH}i$sPrmp1#oaGEe)|O;?tXn|>J|yJrk*+b;#+6OK6v|l($y&K z8C9ROUd~&}JheV=%hS?FEF1qji@4@*XWDO+%zB~8>BY1?55*%BH{U;XLEw@4oYau~ zkNKKheeHMMKfPEa(|I`W#;tStvCJ=5ofeLpxK&DL|A)EV7j}JEA7is=# zcQbkS3;#CamA|n1nEvM9D`zrZWNqF0J^at}K+CduZkzKb{@eB7h$(;hIiXb_Evrw~ zy<2oaWK+<4&YWc5B%6;yW|pV+2yg#X+B_?I%O#yh7u0iJ{mZ;!Q9rYCW#HRcdA8eQ z{``z|J$ClTp1!!~EC~(#!td z%eOKnB&0YA-TCTOxlH-!w`=R}eVAA|At`f;=(*PD-%I`KRhgI>85kEgb{aIc8OQ^p zP*#~m!a%G+g!iCK^0Q2bqo)onwC;BBDZIcr%flcTq(G3x$H1!zEuNc1i&K;H^HTIs zqrZtWCqFqcCnLYOq@CrMaSCI*fC3}$4h95ZG~fdn%FoF7pM`~)iR}P#Y5^u#U}|Y( z*zo3x)nop%I)$>v#f)M88XD|xpR~!P^&0OIT>oE{al0G$;;qdham{V7q!{eh|5eJ# z_$gxFkh&=KPYhqsJ{M<~id)n7g&I$aTq&Ge+UiwwUP;`mo?)XCulfQjmoM)oDM%K? z{HgzaY+}@Rt77X4{czQ)pa8yAFAm1=zh3(}NNiWe#knh6EK@(1J3h+U+5TGZ`_<*M zy-fcuJ-cqhlLudtBp$Q`-6&ta@l^Z$jP{!uyw}B7XYc0`zM5)V#$! z?k1<7x4N!4O@Fw|7+!{}u-v3&Xc;x*Fjt}OWt_K^c#%)`X6LFYNf0b!oU^(N* zKg&+K=$CiZPl`2t#<}WJ$A*+E+A}Xp)LXurr&YfrLjK?HgtKRK9$ed@)8n?x+F4_= zc9j3iii0LnFmk05-qg50{i~GN?t$jyV2}- uYdW8OFYP+LYTJE<3kiR7|AmJ&{*SRX=GeGE*T&A+;%3v6lUDD77XkpjWa8)m literal 0 HcmV?d00001 diff --git a/test-ca/rsa-3072/end.fullchain b/test-ca/rsa-3072/end.fullchain new file mode 100644 index 0000000000..d9ce71dfcf --- /dev/null +++ b/test-ca/rsa-3072/end.fullchain @@ -0,0 +1,77 @@ +-----BEGIN CERTIFICATE----- +MIIEUTCCArmgAwIBAgIBEDANBgkqhkiG9w0BAQwFADAxMS8wLQYDVQQDDCZwb255 +dG93biBSU0EgMzA3MiBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw +MDBaGA80MDk2MDEwMTAwMDAwMFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20w +ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDIUIPfIib/JwIki70sX4Iv +WgJCHLVxAzcf/KdM5UKNpx3n3ILoJMqoFsDsCPtBdbZlXwj8IM+xVlhgqtbhUk8T +9x/emegm+Q7vL3OL6Yj7TlHDi+vclbQYNoKMnL5fhZtd4O3nktVaK5h68irpnqUD +lX9utOV14gSx/0MURW+3Ar8yYwXQgkLolrzhF1lhs9/K0BDiJ5xlVG/xbykKjofd +R/LoohyJw27Y2s5vXQPpqssTXpG1Giy/8J2L0Lrwr1w8sqn6NQ7eLzcB3WkNvxP7 +Mg0f0KvGL7P7qZkB0QWFtfdX/OdROXaeRrNvkf664MQ1D3fOEqrxOXvJfu6i0BSy +Uu8JbGNNYjzxEjY5yrwTt/J1g5pbtNIs4tAnbOr+adQ4f5l5qVHtmm49t1z8+VlF +xs34vI5eW2pAAZAGQ0YT5BPQ45s2DHa/OMYZcAW5LmhS2pnkzs0uupal009Lp7UB +YGBkQhLc9Up5piPF9tau3vCReZBiaZQVzoVb+6VOfyUCAwEAAaOBiTCBhjAfBgNV +HSMEGDAWgBQNwRxj5mlAxcrCoTuLQExx0AmaSDBTBgNVHREETDBKgg50ZXN0c2Vy +dmVyLmNvbYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3SHBMYzZAGH +ECABDbgAAAAAAAAAAAAAAAEwDgYDVR0PAQH/BAQDAgbAMA0GCSqGSIb3DQEBDAUA +A4IBgQCw7NQ64w/NLHEdM3MBVk8oKAft5IYeZo0zuhGv/yUBt0YLo7WDFF6Dhuoa +AD6v/SJsaPkUP4BlomX8XA5SvkRDRHjal75VM5JZqRNtdYVKcs8iF0p/ALFCDSeg +OkT07pIgGXBc/H/7xpFa9zpzO3gvVyV6UlAOqujBXA/rrfNSFrpo0Z2phDll83dB +4my5h+su99Wnm0o1/aXNrrDk4PRiGOCEUth3p7HKh99oh9loDdcXq2u/DBPVbTr6 +QiiCZfYZj5VuowxHNMvnhUWt5207q8OyH9ILKORC7/qkYcTvyAjwN7LXUzElXrao +bFjDDi+qNW5RdwHx/KbJRC93in+SXTXmCarSiLBk1CuZ0xh/Oe6eKn+4WB/++2DN +zCzg1rgsjEamO0MokytaT+l4wdgjlNM+H/go904R1dL59+aF0iqWeq6Lvszg5Iph +OCuKUY7+6mOvnvcym+6sieb3dYrLqrbfINBg/W3+V1aB/1w7MwixoC08PjM42YLk +yTruU6E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEUTCCArmgAwIBAgIBCTANBgkqhkiG9w0BAQwFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMzA3MiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDMwNzIgbGV2ZWwgMiBpbnRlcm1l +ZGlhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDYW3SgPbYqzNwQ +CGhSrzCNCx2x7UJseZFkfc6Df0tZMpd0qvJh3pMiVqDq9l96EM0Uyr6iVFM90Ilu +8vAGkLDqCjZ97wXxj52QDZ6+q+qjpeFdCRR+xIYcuuWskHLi4LzX3tT1Y+C8ew/E +iA82sYWl8Sj3PnCrLEnVS6hAA3sbxaZskOXz7JVTqqMj3y4OrcGdC5DuRZY+JRol +ZNEpW6BwtoREvLNm39vqmcLVtSBWqj3c2W9+DsoHdlbbJecH5XqY8ND9HXwlyINb +bncPGMHA092Aw1g/z05viJugF7t574apUw1RKqEkIwtcpEqDZKfK9hPlkTcyYu0W +K0sKwIofDgB7Qp9DSzT60hjLg+oZopA4kbdmhOWUn1L/qSaBXJV1y6Rtwr9Uz0VN +SWIJMgz8njg4nNCI074luKhqojPR9pSijNkuhxf6Rw8vGmEGFthgn3BlhODozyxk +8S/GeXVNtdo8GFJaY2PQwLC9wJ6LWl8M4R3gysOSRqLbRgR6WUkCAwEAAaOBgzCB +gDAfBgNVHSMEGDAWgBRpF7fHLYkLSELPjsjU2qh7LucbsTAOBgNVHQ8BAf8EBAMC +Af4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQNwRxj +5mlAxcrCoTuLQExx0AmaSDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUA +A4IBgQBiAf8LZqkAaCSivUZiYGjhCXvvvN9JoVyyX4gmO736K2YtR62qh49U25fM +wTtCevxFlo4aa1w3mHMROwTZQXC5B2idOKFptc/Ehbcg68jh8SRu8hG6QTwmDir3 +RiTXaAZrubQMzUBO3/8A9ptFHCxBv7OEvdzhfvMu4Jj5EAsME620KuKdK/bx3s9p +gJawmMvmolIeaw8orwbbmP1fnPCu5tVHLE8Bz0cc5ETfbXy84Pj/wBjebeLC+t/j +YMA3rOpEVQJE13fhYt9nXb8l6L2Wr4YyQ2XZF1oqGZvYFOtSULVjHmNujdwiBuf3 +Gfk6RhtW9YimoqdGT/s4+nMZEDy5G6vRxU6jQfq0yaFxsmDFamPToPHqhTa7vEES +qVpKnKbiwEAuSOmKJemaYaL+SiIv6K4QOcQv1U8NjlvhKwsJ7BFg13YXHGbOFZs6 +DAT9y/MzNQIL22n4YHRLI79HyQkbl4FXDEDZ7Ah1ZlzG+wYmXqKiWEvw1Gw5iHOK +DnVgy+0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEPzCCAqegAwIBAgIBAjANBgkqhkiG9w0BAQwFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMzA3MiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDMwNzIgQ0EwggGiMA0GCSqGSIb3 +DQEBAQUAA4IBjwAwggGKAoIBgQDPfwaxtqkf/vZlLww8265tmTtltO9/x08ZHZ39 +XWjVQsuRfGv1hnTw/H2OAtJA3TgOUkcctXvhWIC302kPnPYeQJOyquj5HCRpRezX +DZWw6lN9TJAB/h1JEvjazikPvG3jW7/0fQOf8B9iDUfv/OdVOTh+SNWxmkswXpdS +7eXwHfZ7VfAdCY3YRX68LjfpuuckT4mWhA9q2skQ2OKMsLyyOVYJxnEX5e4xytOu +rtCyN5Ng+oMZ1HXjjiwnzj/3MuxdWzIkB5cGlXWEj6ZJUTuesvF/zJ+1n+M/P/mq +g+Fc+I2a1XmbgRzLfyzgRPIJQFfS4V+NXA2YsnhJItlIbE/QuSUupPzxOjXfJre1 +ArRCflh0ELlZPYWbX4dbe49EE5WMsjHKNloi+ZbsXvVjt3jQWQ6BjNRLyNMdfJeX +i4yOznxX7wnHDC3oVyePiLIBzwoHyUItE6o8TortcQD1wbIJOOLz6yV3+ChPq+kN +L84z8ZtOYMz4MePMQRh2Gwz+gwkCAwEAAaOBgzCBgDAfBgNVHSMEGDAWgBRpF7fH +LYkLSELPjsjU2qh7LucbsTAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRpF7fHLYkLSELPjsjU2qh7LucbsTAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4IBgQBuufGGoWttdM4NOJoU +xZbQWOkaWIObpZ+LS0FZDdLpgH9zBesXK1vaHqeD0hHCF5u+2F7FZJyG5hmGwbuE +bbxJDhnrtWkXOaYVpWvz0063FbdKWQa9RidzC4nOnct4a7soEPV99EZPaci3Ym/K +ZMmzbQYO2b9x/X6lNZbw2GPHa+qyRl7uOpNzAG6MHEHHR+GLAoQLsYUEjm75wVzK +JSz/594cBzzqr1jIBsB9it3J1IP1sKOLXiVZZR8YlpBa6hb92tin3FA3fgTByl7s +fVjk+lbqBela3o1RJUonbHe/lpz8IIxfeQe+sCrhhm4zVK6/cpnFLrOrc6AOYi37 +NVxiMRrnMfZyH+yrKHs+ecreOfSq2h/VTYLZXqgQz30Jxmf2H0MpgxHxn5ukro3Q +yYsSCaDJgzinN1uk0uKkM6rLq9+QGH7hXH5iTfPBh6K9JkA4A90N1nOAXupQG6HV +f5AKbuYKFcTCEaZraS91MzWTeCtAf/RJRSatmq+52hLrSv8= +-----END CERTIFICATE----- diff --git a/test-ca/rsa-3072/end.key b/test-ca/rsa-3072/end.key new file mode 100644 index 0000000000..3bbe64a2da --- /dev/null +++ b/test-ca/rsa-3072/end.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDIUIPfIib/JwIk +i70sX4IvWgJCHLVxAzcf/KdM5UKNpx3n3ILoJMqoFsDsCPtBdbZlXwj8IM+xVlhg +qtbhUk8T9x/emegm+Q7vL3OL6Yj7TlHDi+vclbQYNoKMnL5fhZtd4O3nktVaK5h6 +8irpnqUDlX9utOV14gSx/0MURW+3Ar8yYwXQgkLolrzhF1lhs9/K0BDiJ5xlVG/x +bykKjofdR/LoohyJw27Y2s5vXQPpqssTXpG1Giy/8J2L0Lrwr1w8sqn6NQ7eLzcB +3WkNvxP7Mg0f0KvGL7P7qZkB0QWFtfdX/OdROXaeRrNvkf664MQ1D3fOEqrxOXvJ +fu6i0BSyUu8JbGNNYjzxEjY5yrwTt/J1g5pbtNIs4tAnbOr+adQ4f5l5qVHtmm49 +t1z8+VlFxs34vI5eW2pAAZAGQ0YT5BPQ45s2DHa/OMYZcAW5LmhS2pnkzs0uupal +009Lp7UBYGBkQhLc9Up5piPF9tau3vCReZBiaZQVzoVb+6VOfyUCAwEAAQKCAYAe +p/HSnYGt1Vy21pr0Nkawc/w5/XZILieK0eoRstlpX9zMDfuLxwurx1Wtmd9IAJmS +MIXpviTC/VWnr6WUlLns8opSUSgOBNpEATVUAYDZAv6w6FJHrzKBbSA0IE3jRQmG +x8RpBxf3RYo/sJ2gJMsYvhGjUfR3AsjYq9nqeYj0D2vO7IgohbLzMRSFd0MS2Iok +mgyna8v71v0NzEcR6kfBNgBnGV44OCxX7D6hHPFbGqwbEgNHHdMg6dRWoDJn4NI9 +XdjnXOWNYnh8zBGhRGHAaZiO+UTHZ6aqGuqNZuGgjgibwGMK/6JHrS8uMNo0nehq +WBNg5zUo7NDIUX3SgJU7KYR56vh9pCrmOl43CeWZEG/sXLZ+/YdWpVtFPUycRhRG +kLuSl55LPY0XCDi5q+y7QrM8wn9HIT4/aFiTk5SjMVJBiBRXtmTDUzlPdZjh7e7b +Cx9kM6whq2rcq+2RvVNtNQmdtZjx73bv//nDxi+npINB8n812nSPDPqTtYIEk4EC +gcEA/rRxDbAhRmckby7o5yeDJyR/YPOE7v3LJg/HJ+JkCZ9YHOQ38aeVTT6i8fLB +u5AiSToFC5Jcw8L6xpY0dBmWSLJ2xLikxRzqI8mHHtP6Vb14aPyoa6hlBulUfrMQ +OrYGapNbMzZnaMgFUGhqwfo6JE1S7mm/KHHI662DAlEFalslf6Du8XQPRuu5/3XS +URz5GrrjGK93fbBXJGhdon7ZwRf6SxyYO4EJ/4fU7iqsylZjZxRInarN8GRY3T+D +AAilAoHBAMlVRYvsEQ7LFM5N7qElQxmcI2QxrLJ3ta139UIAeKxh1lYewjaHbWQc +lUHgL9jKNY1oYNYGYBRPP7/Rh1hWsi6SEHaxPsgQbHz3MytSbEnct0yOoaWEg9w8 +ptmIWRtSVsnR0oRdiuclApRpsfuUBMqktkoBpFVTaVNk8Rm23Yn4E6gQy7TGIZRW +6KtdYo4fcJxjrG0iCcST1A9JLqi1j1xfeiJ7lj8zlwLKCjcS352cSlt9tZBqqWSk +rZdLE2RUgQKBwCHU0+NujqzsTFGcWIFDpU8QsP6uueyIt3AhzmFE1+bTTH/h7HBj +wxgUhs4+YW9JcNRrKXplAX9bKbYxA1ycfXLAibgNko1ADvWb8h+tJmY3GYRQcwqB +vpGRcpC1tiUmQmnrksSVqFypnNMWW3/SfeCOiMJ0N1jm7DopvOoU2vRKkQuH09Us +hk70Rqtg+gOeJpRfWITR4bxHLPwABNfto3zbc3qAnNPiivJvF2BfOL5ThTaO4ipX +Iq2Ylpkks4DQpQKBwHpFUCRG7KEYUn1sNOUm1RZjjdbWmDQWoX5FIOzBjofaLypE +Kdyl6JhpB3hnZ4d4XoePgWfZnVYYPvYGkPTkSfggeuEqiZ9E4i4OjsPbnapJ4gQb +hy4XSWFicE4iEUOXgN+2juwWRzpTbrqlahMIdNSArbhKQPwU2R1ta0MbnHWi9IUY +Fi6mOVR2Z31TDHyVuXUwz1HD3zzELoBOCIkrInKOBYWVmsytTyPBgeyqiKWWek4Q +DUk0jcVygX4leRRwgQKBwQDsqdFazYXWbdoTba45rR5sgkTBqik4/wKs6pvutqJz +zy1IpHddED5ToBTuTq5wb4/PvqjvkO5iE3ZSlhmvQphL69zudWhN8R4AbNTaPPap +2/vM13jRQHZXR7cMy4SQVHmJbcDnLJK9iVcLIKbPquENpth2l+VxTSoohM34Rp8J +/ctr2B9wABH9PrJNweP3B/oN27at0OMTv7dj1GBknNt6Bk1tvIDqTNw0zgQ2fyD4 +KDd1Mx6SdXt4zi01xvEuLmA= +-----END PRIVATE KEY----- diff --git a/test-ca/rsa-3072/end.revoked.crl.pem b/test-ca/rsa-3072/end.revoked.crl.pem new file mode 100644 index 0000000000..758f3b15f5 --- /dev/null +++ b/test-ca/rsa-3072/end.revoked.crl.pem @@ -0,0 +1,15 @@ +-----BEGIN X509 CRL----- +MIICUDCBuQIBATANBgkqhkiG9w0BAQwFADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgMzA3MiBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNDA3MTgyNDQyWhcNMjQw +NDEyMTgyNDQyWjAiMCACARAXDTI0MDQwNzE4MjQ0MlowDDAKBgNVHRUEAwoBAaAw +MC4wHwYDVR0jBBgwFoAUDcEcY+ZpQMXKwqE7i0BMcdAJmkgwCwYDVR0UBAQCAgTS +MA0GCSqGSIb3DQEBDAUAA4IBgQCd7J05etqDyqlQIys2a/DbUrWUaiwBoW9YmaEq +H+Kcs8oZYPdbFJxKkJPl3MtEejvmuS5n3gpqDgr4CVyGB4SctoS2KJ4zZcVpbcTE +bfWJXOYyE+AZrNx+NWMWmap6Xmmq7m3BFxxb+RFscQcyqPCKSbkp4yD+Ay4uUzqx +TBo8P0oLZiP1oZVIwavM2ELCu6DCkquUywGrnvLrYPLd1oVfAHXp/bXgGlWRbDeu +kL9qbbwoylJOzm5DABFjbsT+AppVioXcQ08+gGCtxlzfwAjxl3CE+JE48Theh3aa +DMnxC3p1zTHDyI0/MrDzCX7WM8XeNbrGO3hv2mw32wiS6WmICFufAd8jXBh58jNh +DtOA+Mm2/ZwVtqGR2oJt3mpD/LvALZnCjcf1dFUFJEr9VQf0DIfK7r3jKy2HxcxM +RRhj3chgnTDkm/IzZU5QAoPCXddYbqc41KG67X4b512z1Tzd5q80vRb9k6dv3alq +bGOpAlwpiCZdllFvQXhrn3/yUcc= +-----END X509 CRL----- diff --git a/test-ca/rsa-3072/inter.cert b/test-ca/rsa-3072/inter.cert new file mode 100644 index 0000000000..fc48a316b7 --- /dev/null +++ b/test-ca/rsa-3072/inter.cert @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUTCCArmgAwIBAgIBCTANBgkqhkiG9w0BAQwFADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgMzA3MiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDMwNzIgbGV2ZWwgMiBpbnRlcm1l +ZGlhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDYW3SgPbYqzNwQ +CGhSrzCNCx2x7UJseZFkfc6Df0tZMpd0qvJh3pMiVqDq9l96EM0Uyr6iVFM90Ilu +8vAGkLDqCjZ97wXxj52QDZ6+q+qjpeFdCRR+xIYcuuWskHLi4LzX3tT1Y+C8ew/E +iA82sYWl8Sj3PnCrLEnVS6hAA3sbxaZskOXz7JVTqqMj3y4OrcGdC5DuRZY+JRol +ZNEpW6BwtoREvLNm39vqmcLVtSBWqj3c2W9+DsoHdlbbJecH5XqY8ND9HXwlyINb +bncPGMHA092Aw1g/z05viJugF7t574apUw1RKqEkIwtcpEqDZKfK9hPlkTcyYu0W +K0sKwIofDgB7Qp9DSzT60hjLg+oZopA4kbdmhOWUn1L/qSaBXJV1y6Rtwr9Uz0VN +SWIJMgz8njg4nNCI074luKhqojPR9pSijNkuhxf6Rw8vGmEGFthgn3BlhODozyxk +8S/GeXVNtdo8GFJaY2PQwLC9wJ6LWl8M4R3gysOSRqLbRgR6WUkCAwEAAaOBgzCB +gDAfBgNVHSMEGDAWgBRpF7fHLYkLSELPjsjU2qh7LucbsTAOBgNVHQ8BAf8EBAMC +Af4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQNwRxj +5mlAxcrCoTuLQExx0AmaSDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUA +A4IBgQBiAf8LZqkAaCSivUZiYGjhCXvvvN9JoVyyX4gmO736K2YtR62qh49U25fM +wTtCevxFlo4aa1w3mHMROwTZQXC5B2idOKFptc/Ehbcg68jh8SRu8hG6QTwmDir3 +RiTXaAZrubQMzUBO3/8A9ptFHCxBv7OEvdzhfvMu4Jj5EAsME620KuKdK/bx3s9p +gJawmMvmolIeaw8orwbbmP1fnPCu5tVHLE8Bz0cc5ETfbXy84Pj/wBjebeLC+t/j +YMA3rOpEVQJE13fhYt9nXb8l6L2Wr4YyQ2XZF1oqGZvYFOtSULVjHmNujdwiBuf3 +Gfk6RhtW9YimoqdGT/s4+nMZEDy5G6vRxU6jQfq0yaFxsmDFamPToPHqhTa7vEES +qVpKnKbiwEAuSOmKJemaYaL+SiIv6K4QOcQv1U8NjlvhKwsJ7BFg13YXHGbOFZs6 +DAT9y/MzNQIL22n4YHRLI79HyQkbl4FXDEDZ7Ah1ZlzG+wYmXqKiWEvw1Gw5iHOK +DnVgy+0= +-----END CERTIFICATE----- diff --git a/test-ca/rsa-3072/inter.der b/test-ca/rsa-3072/inter.der new file mode 100644 index 0000000000000000000000000000000000000000..537a16ae39b943370bbe4dffb45638cbc463b316 GIT binary patch literal 1109 zcmXqLVhJ>8V%oWYnTe5!iILNQmyJ`a&7Yn*Q&Tb%OHvJ*7#ATsgprkjxrwo#0Vv+Z)Wq1xa3i{8f$cV}Gj{|yGJ@6{ z^m5B?eCw1`IWeX7Tywp5q|x+}Ri6^?O;!q9@akK9mB3k%Q~MT$1lwNd%=`3#ZNi3E zTxPZJSwHsAoxnS9-|AP3mp+W;6sbGXCbR45nh8aZ9_+b(@5xZERio zQRBN^!D=1PtKKUdn5(6aF3Xwl^z)mk!K)T4-`C??dvGrIgm{O*xQ!Z*oFDTg7 z;<9IR+Wp(FW*)k_RUvGZ?VX$Xb$qAT%ffD}K4*VgHRHpDzp^!|Cz_-4%K0S@9=LqB z;c$fgdB6OQ*$c#XSH5ps8O$4~wNOQwJ7$SjbIS5l--Mq|G&f3mE2izub)ZY0kD=OW zzO%Qc_@u$Xh9 z{_m?)>^viELsw66P1Awmf)oUMJtW7B!Z%n zlP?_Du=l{c?x=X4hq4b&9iHU2=(Zb6Riq~qGb01z;>Ko!#s&jTX)75rR2J=ZOG?Oi$XWe<&wbB@F`ME$)U5aZ(oWNLU%RTkKjilGGY74ms{Xi6 z>yyfkF`rQ^Xw7odv0x{A#$1bqnOn~vY2B{y`ozPJDtVs-cRAXq@o9Z`Q@NhOmc4Te z&shh*`~Mlf&32X1aooSTW$&Gbb)WSf%=jt5%_F>ai`JvL+TT9jJD=GwZNrSy&lUyA zW%FySXS+S)Z~UAO>z-Y8*YRgO?=JJi<$i9>o(DhvACS10`{>ZG`;QY2n6G)|63XOq zz5HR){q)%VsxS6VTi<5noO)9{N=tI~4UyMD0b7&hlJk1+D6u{NF8R~SO*-sr$FfDs z-TZ%B{3@0du-PfS`r=W)#g4zWoLpGADdA{V^5q2|U$vU;-s32=GRkYtvPTCT^gLd6 zslJ?*xagmklKzWz0+vVguln=$ML*Q$=6oZVaJ@`iCheT)Y%3m?zo$PNn=*0V&is*3 t;;p>j{UoRK^u}-=hnsIWO4DMF{bo~(TeK*``@@wS%Z}nMzS4x#ZvnQU&&G%f_kI=F#?@mywZ|mBB#XP}V@2jX9KsnMb4`Kd-VR zzdTPNDA-ZK#K6)_!P(J3L7dmz)W8r3!5~V4A0&e$K-h>TCM9HR8Ce;ao0#|+44Rm@ zn3|Xv85XquW1D?NLu~WypL74R%YRw&WX6)fokn-}*!;azlUH!y>BU3q41c|EjGezv zdWWk*Pxk*U68qo0YO-Q-Tkr9ajjM(lN}F!8sG9!XcGo(1>4#5VU+=^(s8dPg z{C07AQ%(Gumb7KA5u9~)rW>!k?YPhpc-=SLCo|;mrxu^9I%)>-cWqm_HgUSFQ8^#b)5XAV%j# zzvFqcu64tlKa~t$7?sMFUQJ4W9?)32EF*2jua+ImJCE+|n!6(@;^yAgISRRt zj~&Wh71;Q4D}&yZhQAy}YAd&HRNXwg;9AYAD}P-+FxmDjJi5h^W$GtZo7`&;iY)|Z zKh}JA_XPLRhlg7Ie{XHG|9ybly>W@_ z{$dw<Z+}_16Gr#ioVD_UNudtm{TQ+PD**LUeezoPku zXB*4Ab(zJkY9B3I)VXaYlVOT?fkR69tD{WJj0}v68=DOp8w})uX;D_0MZ!R=LBt?U z;?le=6-&)>!g?wA&8OVb8sw`p#B5WMmY>cd|?97aC z78698k420HyJ`F&-NGQ#SPhtg6mmKRW)EOGWn|FE_I&s#!fkJqmKtOIgxC4@-nR`G zL}R^~>Ju zxtTk4*GoliU0bid^Cjc9w3zLAE2>vLR#x=ZDw*;iEp+x2S$6|l+1zcn`)~G5 zuj`LbpQ|yx?_2&*nEz^#$z83>7nRX3K_7zmrI&3eQ&JL6fT*!-U0^i%y@*&b|fw7P_Zt|h(t^dyw? zn2UPE+k49Y-dhKA`)_TiVt(WDV#>$Ib+_Ki{LhT;&hgjX&*qxeV(D_@wn<68^-BO1 Cy-AG# literal 0 HcmV?d00001 diff --git a/test-ca/rsa-4096/ca.key b/test-ca/rsa-4096/ca.key new file mode 100644 index 0000000000..468303d9d8 --- /dev/null +++ b/test-ca/rsa-4096/ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCghf4Gm9QoFrPb ++Z39Bx/0pOSYpFG5Mt28PP3SfG5wwOXRwq4x+u+BXZ++G7hFIIxr/7QYv+zqgjoC +RqT5V+VzeLoo1TEoIrLbBCU1+7bdO1Ol8PJK9dxfoH4kYQn20ZeCfF+shGamRVgJ +fj41sdTtiNCIUddNV0xpVMPyhEzVLCYwX909hQqxiwgsB050AY7cLjhVKQnUu4Tr +Etb6ccXiuGXWfDOgca1GcoH+MoPfwhIDbNJDeq5P+gYwR6BcLNhZ2u2u64ldoRx/ +Imd0ubYBR1/aCAlUDYahfJn1HlxkqzWTpVQqrKQB1XRFcsMRc8Nc+Dox39ujwrIg +KyJdyHVH4duTocybqmqLYl2vfrC6mWx2ArKbdyzSJ9+O5Qg1DrqHIWBSo9ov3EnZ +foWwnPx5APQBInal1WJn51CBdaZoZqj6hLgDucW9ip24YljZvYWcIG3jxsJrqlGB +6bUALtSA/QgyJqm1sSWzm3DWfOrU/UTwAj2MocW0QQSV8gU8bdbgczgRm+Mp7t3I +C8XhwoVP+7WGP/vAC0eBpEXj/yFwVIISRihg6yJ4JBmuZg9/pNgNc807gBOfo0Q/ +M+9KkkbuX6Y31O3Ba+JsSla5lYSyHdqEtscfjbCZC8Os9y66kI6O0siPITew5rF3 +iy0DFtUrxXaiibaZAjFkS3BAZHfqxQIDAQABAoICAAXd59MfgmFFtSSiyqSrDD6x +gR5YERmS85oz43X8MMAjuLKSKjIu8O56OMKmujUik6dF1PP7ncHTaSHYqaJoVT1D +ahBgfFeybvWEwQRoUv5icvPzarOVKU0AbWPQfR/9eItfFtMUErlcevN73vOw8G6P +C8oTraoIuQT3gWLddX5sCuhFNK2RLXsgMPgE+1fPj8RZ1xq7sX2KLfk2es9z9Y7L +/QLaDrv8M6BJwpkDCSFWMzjXUxb+xpyrL2s3zvNXez/LedjlCGP45bT60aupNu70 +iBsMpKSjCurfhjP4fFl8jWx8RCd8IFFl1wZLw7fhUoBVHTFh9GHXlZGJ6gth7nFX +iTERUkkP2y2oq4K7IA08aW19iGMA2EsiOCVtDjRNfANnnO0lUUZeNsQUP6OGVbBn +EWXcl09pInIraZrXZFRwekTfz6Wfraeu10D9p5JuAKStfn9IsFRp7o9Ho3A7+E2Y +iM5SUIVwkWOLLEq4xT6y8EqRQbiRY94JVIG155z6U4TN8mLREtrtfEBryEDoKtWs +WNBF5FmCi1hyw1QfmZa71LfbxeFgXwA9SAt2JlCngC50q/LPLuV3Vuj9FNBaRD17 +CkcW3Zdo4aFT38ZGMC5n+rGD8913VzLz8uQwbfmi0FiAwBrUZEpnr2XsROJEBiJC +/6sRTTBgMxtfrPz3X905AoIBAQDURynxf8bTcpkGapabXdtTM/3T/kZfdrf2zEkM +yHgpTQm//fJdvPAPAC5uknWRzbdccLYDdxlxP+6hrxBiqrFgzs//6TJguRtq1iWS ++gsXBQkFV7DEcfS79ixpa/4/ORjAQcb9gYsNZK5glIgIa5SQpl3452wGmR5k88oB +maclyFHVeZtxAtVlgIncq2PzS57Mlvj3DL9UZNaYd0M7Qb5rqfu5OTyD/0X+RfCF +BAmPUqLjGgbcp4ZGJlBs/XGM6oX576xisp5OxPGcXPeCEh85mMOMf51zpsa1p17u +cs5fdMZiX+kwUT8V1AExYdpmQLn6YPRXb8ETAlxTGJkhIGXpAoIBAQDBlfOWPM/o +f2Lx4a/JFOXMOnUIpGdYEt/360IVGiib9/ZaYAYYl7Y5YXiB4r3/wCOK1HmWao9c +6LNEvwvqDq1YIEtEtJYMky5ZSWv4N8LOQM1yVYWGngwUD5aRmlQpbJZmQRp7SGqm +cbtKUnHg5t+SsiDmmM+21fftDfya2zredilaT2noU4SfQU3kN3ZBnNa0o2pXKXnD +6c2VORBoM/x3NgOG8z20xVhTmBPlLvc9RUtD/5lNte+aQ7Swkykk7v3WJeXgZzHr +VRZEXnmW/h6yp5wrcOfNEYMfsxGIkc48KiDRLOvkplbimedbSKgtt97tsal/OnQR +jAHf4c4TE+h9AoIBADV1FmLywqdNHKw4+2R05l61oR5Z0m8H/pvwJhVKBrif5eyr +jvV8NxgP+6Fs0J6/J4Xn/G4y9/1FFFszMvUl9zVh34+ask0ZUIY/F4dD4LcTVYo6 +4xEVgYQ0IksKHyTcxBbmea4tiU7+I8u+m+NC9E7ZFqEv5kxjEvxpSF3OzAD/yVvx +G+wBwqulCxK/NpR2Xq829cuBMk2Wd1Q99Hhfvgxu6i1i9JJpHr9B7agRtDaboNmA +HGpE5dOUonxP9uB9zu96I/dW8/byMcYmw03GMobWqaggGw6c2T21wHpb/wya47qy +XI8GZtSgZwyAj/dgJXWgJOhABGc9GPL0JtvoxMECggEBALHD1iQPAch5Oc3uNfLL +ut2YjKH7/l5VLs/FfDBOjh3zTIjfBpoMrqvwgq2bHmg88yZoSKLEhZOGqCAn43Py +OGHlfdjAj81KVlRtZLVR1xR5U297cxsUBPli+xwHgONtMIsDm6K79BuV8qukG6iv +uXxHEIlQp+U4hOttXZqCWIOyM/UXWaSbFPz9Bd7cwz4rHMpSCbOyhXtPNpaiCRv3 +KQ37Tq/cq7xVP++7hgF96FGeUShHDWrb+ANLyyAecrjUscm1kWtIuAFnaAQuUS9D +ecMKwRDvJB0eyK8SS7aCVcTP1sTeoFueF8kMFPSxOqaI4zCYZZJMhgsa6xnAi/De +5i0CggEBAKFSgN+oWq3XGjUq2ii1RrXgBGh0CDZ28hZ1FMZ7YLHa66maiO8r7lZT +VS3G/Rcgrhi2+/JuY2XnEskglFWMbX38O8HIfT08hwkUKHJii6N1qGF3XTDe2HJx +Am/2PfdzcIDofv39cqfxvgUpOndO5VIn4d/49oRJTrOE1TuBSRj09bkL5T4j0TnU +SXuruZd2bXCKh+ta0XsGTnFONW8zFrAXn6gp6ZLdwYKCmGdWB226AXmEYqObNtEB +dJXzL+n+5Qmbl5z9Wnm8kCdC5T/5V39XwNtURI3knqt77qaRJZMmmo4mnV4J7ZjC +S5Njobv4Qw2pYUMPm11+nhd1oJdfA+8= +-----END PRIVATE KEY----- diff --git a/test-ca/rsa-4096/client.cert b/test-ca/rsa-4096/client.cert new file mode 100644 index 0000000000..163d05fbda --- /dev/null +++ b/test-ca/rsa-4096/client.cert @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFZzCCA0+gAwIBAgIBGDANBgkqhkiG9w0BAQ0FADAxMS8wLQYDVQQDDCZwb255 +dG93biBSU0EgNDA5NiBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw +MDBaGA80MDk2MDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs6cy+DIMUGy4rEt+8Vqx +2/Uhze+fJlN95mXefJLREJRdpsTdxYz3v+5v7DCuT5KaAuQA1Sqlvl192mCyxM8S +xii11u97nEJXdiq8D+U+SRBEL58RRcRpYAsfZ+e7UjsShO0JQp96JjswnK7IVq7y +HwBSCBXWZNKrFdYQVfpnwicoYfcvXq7z7LDD2HeQ65oO9JHzGm+Pr1TjnkTD7M6I +1d/qBJdsIVE0lV14+NDqUArlOPwVeGCChYNGiBuukxysty4px97EA+2IOsf9diSc +befwubgphq+JOzpxxjq1aVgKdhn4EDvg3iBHFcA2nZdAuXsXPIGIEqP6rezwEfBs +EIP2CYtDGOjRgTt8D3oLhSdBP8ZV0KGD3jQqhjETIHvkdEt8mlnWH82F61v1kns1 +Z5nAxMm1UwQhHrvWdLcnMiYAp4iXY1//2cTBRk7QqLoD4Z3B6qIxyR3uudj4qpvL +vrT9FtDlkCW0909uif3DDJbKW603CIBXtBgrtzKBa4tmLL+PZyJTMVCXATpezM1q +WRPIl9ju5+Jbvry1qNaLuEGeHPzU8mmFL98yzWreYaZ6Vnw2mhi+C3SHN1LUVNqD +WlEgW6NhA1bdXlAYWPbsuzuLFtMdXymhGKLx/Rsh3a9fjLQBii2G4zxS0qyZ1Lzl +/NJQqH6XpQNCKsJ4D0uy1+8CAwEAAaOBnjCBmzAfBgNVHSMEGDAWgBQ9dvslR1q5 +YCa1S9NcWpm3tbjIpjBTBgNVHREETDBKgg50ZXN0c2VydmVyLmNvbYIVc2Vjb25k +LnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3SHBMYzZAGHECABDbgAAAAAAAAAAAAA +AAEwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQBn7+LzVpUpVVtslpjXiKDlT/f+a6UbYPjV22JNxgwcVawYnd4B +W6ukrXa6vq5dGkG92ngIE58fMBRy8Y5fPyXp4J0WduBjypTzoAERcHS8rW05nSuJ +2CTvlPlnZP2BFw/RSVqTunDG4STBjU44FBCTU4cgDptkJTNxVu83WYldjARyRjgE +Mi6ZnnpayVvzOYl/ZByEIdoXEsEAqeldxk69suPmmlZfX6oZv/Gk456MIUZLThfE +Wn4J9cXrgK/EL9nCLQsTFXYF9o/dOz1LLF67Z78Vyo+U+Y6ilaV5FAsCVvVesBHx +Y+vFB3zDU8a17tVNAqsqWV3FWA4qF8UExaig/mfKrcFySgFWzmXXG0Yc/RPPIQpP +l030z6y1waZ85nmDnmHYEMaXqm065EOu7JKxG/pD0xTxmpm/h9SuQr55mQdmrJ6Z +LH1cpMUp6gG8cgHBsNl9O/sEUcgFEU9nUgq2rSL/gJ9SR9E8uOJGM4nHjsPWDOxM +MkWu6FBAlAMb1IwBrkM0/ZlHAwUGJEGtpynBGF4CwabkO7sef4vozl4pJiBCTACW +gQzyXB7yCkhf00iykyMC7tmUJ/rCwQEZe9er65zQGssSBYQ5Kz9jNHfGCQn5vv+p +FMmziRsLIrrkQxplVNnA3WLau/g4jsShyEX8Rz3/AMi6XYlJJjIFJteiEg== +-----END CERTIFICATE----- diff --git a/test-ca/rsa-4096/client.chain b/test-ca/rsa-4096/client.chain new file mode 100644 index 0000000000..2b5bea12c4 --- /dev/null +++ b/test-ca/rsa-4096/client.chain @@ -0,0 +1,62 @@ +-----BEGIN CERTIFICATE----- +MIIFUTCCAzmgAwIBAgIBCjANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgNDA5NiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDQwOTYgbGV2ZWwgMiBpbnRlcm1l +ZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC66Ip2Q+5nD2XO +HYbS8ESBaJd331RJ+j52EwCHFs/UNMkhDV/R+lhlE34vTHV5/K0TkwSBgY4ePRId +pKkivi8lchHrm4Y6tSwjRbJoPO5GQxuZwyuM88nMBwilxnIYNuKTLxq4Pch8zkk5 +IGhRJFMRcwvfm3NfBWz+54i/ZZMcwP9k3yQNkK3eJcAykjn3wVxg1D2lF35h0LGu +SBYpMhwZpqz4z9NAvULuybQZc8w/XTO1OYtzBp4JFpCEzupC6BkhhN7Ttjkq0mfT +CngxdsvKRCu5T7Ta6wysp37Hg+bxk25/uYuAuGHzJLUSNCTfqn38ZKF+Iy92+Ntb +kYn28zMtEWwxlpk++vS/Q1Yr8H7PA3VxZXDI8cI8xO7hHWYW0lhbkXb7V2S/+Nyr +Kw/wXc9kwW8s8lut8FChJb77xku43KfsYf+JrpCiTn+VHTH3sv6A0ZK6lMYglLzc +e0QY27KZ4P1sBHbOrN/f0qJHqGzZkcyy6gtxvGT0j7zamjmBjjPjj8cxb0mjdcmr +UIFKlGCRRqoMkyOnnwHCGy+Kp9uP6XiKNa+YKXOSAJMcdvO7d/+m/vGRjflSwr5x +w2l/xka87ZmqawrbaU/lXCnZJws8JkufK01iUM8tkKMKJuBpSwuaFOvTxT1SI1lN +4f59UGRmcEJnFobiFf2IFfFI2xq7fwIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFDBm +GNKetHilNmxWjHmwe1ER3H2zMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFD12+yVHWrlgJrVL01xambe1uMim +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAFFRgG0j8rn21GYW +0wgajHVZ/xmvMUpcno3pfKp9u3CmvN/kKWUyzvLFEYxMsxqfkGe4bwWIi2BAC4oQ +T88ezOfvwnvWSKqx5kUCqqh0YScltA3AGeyNw8weB5f/4TrXiFQXatCl0OCxODqh +7kydekUrpZcU+S+VCxe6MceMM+734XBCqzgxO3MsrUUrZ4R89ZLvLgPAjZhbFjjb +qvMUJWZsplk5m6W2Fq7dTvUsOkWaQ3q5sGkzd7kbDFmDI3crqSILP5iVBc72BGeX +PBvY0onU6W4+JEO3RvkblrFPYO9MrA+MnRxwDNIYY6D6+T+uBvQ4kYm+tYd5XjtW +nF25g8sahKAS9cI55/iurcMc/aKwUpuDAKWhMXYYiC3Az+GXh+e6kbSxQYgKKYsF +ijvDXGxD0NNZSdNa7GquuSQDqg1+I0iToX478naRf0YZLyUFE+cXDroeRC9Gtpip +t31mSW+I711aNmZ1EZfYkvu0p54heaSe+018J5rA1dPvuf/VxTrrqsKBxZ5RpWJ7 +HxDTTsh6ZLN3epGdtTTMKO1JWdsjxWih4QE5xsE4QouFzurYv2SOe8cOYuTwKOMf +jU8zMXLzZZhC7MorbI6ZrvpAESYp4YufPm2E6iDb01dFHaAC+232i+PSpYSovM6U +5qqQq7jRjSJSMOllidL16LmSaj46 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFPzCCAyegAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgNDA5NiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDQwOTYgQ0EwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQCghf4Gm9QoFrPb+Z39Bx/0pOSYpFG5Mt28PP3S +fG5wwOXRwq4x+u+BXZ++G7hFIIxr/7QYv+zqgjoCRqT5V+VzeLoo1TEoIrLbBCU1 ++7bdO1Ol8PJK9dxfoH4kYQn20ZeCfF+shGamRVgJfj41sdTtiNCIUddNV0xpVMPy +hEzVLCYwX909hQqxiwgsB050AY7cLjhVKQnUu4TrEtb6ccXiuGXWfDOgca1GcoH+ +MoPfwhIDbNJDeq5P+gYwR6BcLNhZ2u2u64ldoRx/Imd0ubYBR1/aCAlUDYahfJn1 +HlxkqzWTpVQqrKQB1XRFcsMRc8Nc+Dox39ujwrIgKyJdyHVH4duTocybqmqLYl2v +frC6mWx2ArKbdyzSJ9+O5Qg1DrqHIWBSo9ov3EnZfoWwnPx5APQBInal1WJn51CB +daZoZqj6hLgDucW9ip24YljZvYWcIG3jxsJrqlGB6bUALtSA/QgyJqm1sSWzm3DW +fOrU/UTwAj2MocW0QQSV8gU8bdbgczgRm+Mp7t3IC8XhwoVP+7WGP/vAC0eBpEXj +/yFwVIISRihg6yJ4JBmuZg9/pNgNc807gBOfo0Q/M+9KkkbuX6Y31O3Ba+JsSla5 +lYSyHdqEtscfjbCZC8Os9y66kI6O0siPITew5rF3iy0DFtUrxXaiibaZAjFkS3BA +ZHfqxQIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFDBmGNKetHilNmxWjHmwe1ER3H2z +MA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +HQYDVR0OBBYEFDBmGNKetHilNmxWjHmwe1ER3H2zMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQENBQADggIBAChrSeHiWEa9WiomAX+Q628/S9sxom6TqmbkXIJm +wFHFodotEJIOA3SSIsMiV0kBLRu2q+T3Cbu4pulL6vK0sPzx9r4PLxkOsePv6+AG +uyykgAik9HFOG7YCXbRc7feJ7nU0njiJM4OiDyA8qkkLGShCfxSF9L1rnWm5La8a +WbWtfye56QG2Zly3bqh7quMjIUsqdJTgZlWblB1HMD0zVKXzebU/1pRJw3DPR1ll +LKPPvbezwQ38PFZr9nxyZVeGg4Eu2SwE9hmz1UAOUXTGS66/6//bc9eW0bogxYxF +rFGbTDbCm3g3ZiZzpX7D3iO9cYitYZZmzCJ7QYOJo5ocCyZ2yuNYNYJORYxyPoDn +zwsa6oJn+pt2wV5i3AusV1z+wQIJcSRkfiTTAA0+l/6JFy8JY2fe4mSziz67/WvZ +Stfjy858M99Nd+ETD9VyNJND4jimPi16jwRwH8iAxlifnRjEcK+ensNxaV3Ql4ap +ddHR2F5knstikMpbv/N3xgDiKbPD5dXhfAYPAZ+7QWFEqcvNDq2f0jf0Sf3SCYt/ +f6I5jBz7w+DWpf8xHarYpXwwEzcmmuIKm2jmWRafjFNnyo8Ka0gG7CqKEhLWYury +5FUJxkQnWO3eI/7vO1MLT7WAegPsROiU8eN+2u0c/2lbi2xPLb8GRWaEOUTY2zR0 +bzvp +-----END CERTIFICATE----- diff --git a/test-ca/rsa-4096/client.der b/test-ca/rsa-4096/client.der new file mode 100644 index 0000000000000000000000000000000000000000..808f3f31bcf94b2b5fdf074a4523dd0f7fecb4b2 GIT binary patch literal 1387 zcmXqLVof(_V)kFa%*4pV#3*6F%f_kI=F#?@mywZ|mBGN!P~Sk8jX9KsnMbW4Kd-VR zzdTPNDA-ZK#K6)_At$vgHAlfnAv3QewJ0|=B{Q)k)j&a<*WA>=5D38_N`fDx7D>QB z%22{U3}Prh+|cBl%+$ORgC-^=WH&IfGB7tW@iPF$xtN-m7#TJ%H~L}36OglGjd$J0 zsExP3DxQ5mUoE)yS?ax-Nf!mC#4bB>_h`@e{qOSM7_9T3G>hp8!&R-N`(kTvC2Tr! zUg(&{)@$#p=QxFzY3<>EYUe57qCa2I^+;v{w|x5Z-9gquEpIuU=2xj%8_ZdEB5d6! zd4?bk(Q7G}R*PN}2>q3QNL?fGyMEld&u=yyzEM8m^(?+G6F*Dk_pc9mJkRCun{ypk z@4sT1o}(COGBvj1$Awn`Tu&|jh*l&twKltTNUxhLvu3-V=J9(+nBR6-9sgUVGAH-> zhn+h#+tznlTNNI&+L{@`RVMjE!1}>G1$WT{W^<=I?5q~IY3vYM{A=x-4}u?Z1e(8b zb~{VFxY%f2!(YYSs_tliEcC*{=6fbuZHB@M)lW*iYi31WlRw+~I{NFRYSZ+Y2acTF z8qA_7xBFVjc6B2)hUFd8ljHy2JaW*@@4|{*%n#=te6`5%r0lz$H-4;|eR|)PzhW1j zPEg(Q-9NAM?_r*4r=r)Ib2Nl+kOI%hJR%13xVjp)&yLr%+kXy}BfeO)!6Pd&A z#sx@3e0#Iox?AkBY`o?|iA5j(N-N%7AK$Zuu}in@u}#pWH8Zd5dHUy4z>2!*OPQUt z4ps1bZ@T`TiJ6gsadG23gT~ng^1w7CtIPsSObsHoWxrM3qjn~!ZS}q!6E$=D)*UC7 z83cnA2(tJXcs22rq!yPHrxul^7U?DD=QfEJrzYp;rRbpvbLQkHC+1}27niiN95YT~ zY!^^qza4 zy|*ejgy+i}h!lP7i?>&O`CzVC*@NU$Q$8340~@L*%{lzQsidAVx%{7URBh|=+Bm&^(itf zinqjt4l=BK8GFoc@21DkW`)JauaeyVamnL(J&JDLe&R=>>Nvk1eciDBi2lt(y4=E| zWvt)&?^@e>>%{F&-!FQqf6C9kMN^knif}W9eT~~7_%ZqQQTCd{!N<0~yXwodS}QX4 zXat{@_)(UlD;E4qKehH?kr!jwxzy{@ZZdy`&nt5IPxt+De$Cc{%W9rgHqT4EA#iN^ zs$8ol&g_Y`Lf8zSu^*yUs>n0uW}}P+M0PYb!ual9MycqxTlEm;D(#E*1uT- zPp}I5rw4IuTdVZHVSbSNMVlRu+>ASq_Z_~*^Tx->b=`{qhbhd`S9%!NIh*{Q>CVi` zrsBAEx#mHMIHrTko>=detM7hsE>2TT!O4eVS|iV=7`abe9`TnwHceJ$dUtb*`maL= z86~T)uYNt}g4Agt))q@``(%^yW1O5n_x)cfa&mL0G`G^OC(cr-AvX`)O}e%Fheh9! Zg(qD9xZD0`II%0X(^JieRqgsBAppQ_Q@sEH literal 0 HcmV?d00001 diff --git a/test-ca/rsa-4096/client.fullchain b/test-ca/rsa-4096/client.fullchain new file mode 100644 index 0000000000..5cb072a0a7 --- /dev/null +++ b/test-ca/rsa-4096/client.fullchain @@ -0,0 +1,93 @@ +-----BEGIN CERTIFICATE----- +MIIFZzCCA0+gAwIBAgIBGDANBgkqhkiG9w0BAQ0FADAxMS8wLQYDVQQDDCZwb255 +dG93biBSU0EgNDA5NiBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw +MDBaGA80MDk2MDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs6cy+DIMUGy4rEt+8Vqx +2/Uhze+fJlN95mXefJLREJRdpsTdxYz3v+5v7DCuT5KaAuQA1Sqlvl192mCyxM8S +xii11u97nEJXdiq8D+U+SRBEL58RRcRpYAsfZ+e7UjsShO0JQp96JjswnK7IVq7y +HwBSCBXWZNKrFdYQVfpnwicoYfcvXq7z7LDD2HeQ65oO9JHzGm+Pr1TjnkTD7M6I +1d/qBJdsIVE0lV14+NDqUArlOPwVeGCChYNGiBuukxysty4px97EA+2IOsf9diSc +befwubgphq+JOzpxxjq1aVgKdhn4EDvg3iBHFcA2nZdAuXsXPIGIEqP6rezwEfBs +EIP2CYtDGOjRgTt8D3oLhSdBP8ZV0KGD3jQqhjETIHvkdEt8mlnWH82F61v1kns1 +Z5nAxMm1UwQhHrvWdLcnMiYAp4iXY1//2cTBRk7QqLoD4Z3B6qIxyR3uudj4qpvL +vrT9FtDlkCW0909uif3DDJbKW603CIBXtBgrtzKBa4tmLL+PZyJTMVCXATpezM1q +WRPIl9ju5+Jbvry1qNaLuEGeHPzU8mmFL98yzWreYaZ6Vnw2mhi+C3SHN1LUVNqD +WlEgW6NhA1bdXlAYWPbsuzuLFtMdXymhGKLx/Rsh3a9fjLQBii2G4zxS0qyZ1Lzl +/NJQqH6XpQNCKsJ4D0uy1+8CAwEAAaOBnjCBmzAfBgNVHSMEGDAWgBQ9dvslR1q5 +YCa1S9NcWpm3tbjIpjBTBgNVHREETDBKgg50ZXN0c2VydmVyLmNvbYIVc2Vjb25k +LnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3SHBMYzZAGHECABDbgAAAAAAAAAAAAA +AAEwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBDQUAA4ICAQBn7+LzVpUpVVtslpjXiKDlT/f+a6UbYPjV22JNxgwcVawYnd4B +W6ukrXa6vq5dGkG92ngIE58fMBRy8Y5fPyXp4J0WduBjypTzoAERcHS8rW05nSuJ +2CTvlPlnZP2BFw/RSVqTunDG4STBjU44FBCTU4cgDptkJTNxVu83WYldjARyRjgE +Mi6ZnnpayVvzOYl/ZByEIdoXEsEAqeldxk69suPmmlZfX6oZv/Gk456MIUZLThfE +Wn4J9cXrgK/EL9nCLQsTFXYF9o/dOz1LLF67Z78Vyo+U+Y6ilaV5FAsCVvVesBHx +Y+vFB3zDU8a17tVNAqsqWV3FWA4qF8UExaig/mfKrcFySgFWzmXXG0Yc/RPPIQpP +l030z6y1waZ85nmDnmHYEMaXqm065EOu7JKxG/pD0xTxmpm/h9SuQr55mQdmrJ6Z +LH1cpMUp6gG8cgHBsNl9O/sEUcgFEU9nUgq2rSL/gJ9SR9E8uOJGM4nHjsPWDOxM +MkWu6FBAlAMb1IwBrkM0/ZlHAwUGJEGtpynBGF4CwabkO7sef4vozl4pJiBCTACW +gQzyXB7yCkhf00iykyMC7tmUJ/rCwQEZe9er65zQGssSBYQ5Kz9jNHfGCQn5vv+p +FMmziRsLIrrkQxplVNnA3WLau/g4jsShyEX8Rz3/AMi6XYlJJjIFJteiEg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFUTCCAzmgAwIBAgIBCjANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgNDA5NiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDQwOTYgbGV2ZWwgMiBpbnRlcm1l +ZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC66Ip2Q+5nD2XO +HYbS8ESBaJd331RJ+j52EwCHFs/UNMkhDV/R+lhlE34vTHV5/K0TkwSBgY4ePRId +pKkivi8lchHrm4Y6tSwjRbJoPO5GQxuZwyuM88nMBwilxnIYNuKTLxq4Pch8zkk5 +IGhRJFMRcwvfm3NfBWz+54i/ZZMcwP9k3yQNkK3eJcAykjn3wVxg1D2lF35h0LGu +SBYpMhwZpqz4z9NAvULuybQZc8w/XTO1OYtzBp4JFpCEzupC6BkhhN7Ttjkq0mfT +CngxdsvKRCu5T7Ta6wysp37Hg+bxk25/uYuAuGHzJLUSNCTfqn38ZKF+Iy92+Ntb +kYn28zMtEWwxlpk++vS/Q1Yr8H7PA3VxZXDI8cI8xO7hHWYW0lhbkXb7V2S/+Nyr +Kw/wXc9kwW8s8lut8FChJb77xku43KfsYf+JrpCiTn+VHTH3sv6A0ZK6lMYglLzc +e0QY27KZ4P1sBHbOrN/f0qJHqGzZkcyy6gtxvGT0j7zamjmBjjPjj8cxb0mjdcmr +UIFKlGCRRqoMkyOnnwHCGy+Kp9uP6XiKNa+YKXOSAJMcdvO7d/+m/vGRjflSwr5x +w2l/xka87ZmqawrbaU/lXCnZJws8JkufK01iUM8tkKMKJuBpSwuaFOvTxT1SI1lN +4f59UGRmcEJnFobiFf2IFfFI2xq7fwIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFDBm +GNKetHilNmxWjHmwe1ER3H2zMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFD12+yVHWrlgJrVL01xambe1uMim +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAFFRgG0j8rn21GYW +0wgajHVZ/xmvMUpcno3pfKp9u3CmvN/kKWUyzvLFEYxMsxqfkGe4bwWIi2BAC4oQ +T88ezOfvwnvWSKqx5kUCqqh0YScltA3AGeyNw8weB5f/4TrXiFQXatCl0OCxODqh +7kydekUrpZcU+S+VCxe6MceMM+734XBCqzgxO3MsrUUrZ4R89ZLvLgPAjZhbFjjb +qvMUJWZsplk5m6W2Fq7dTvUsOkWaQ3q5sGkzd7kbDFmDI3crqSILP5iVBc72BGeX +PBvY0onU6W4+JEO3RvkblrFPYO9MrA+MnRxwDNIYY6D6+T+uBvQ4kYm+tYd5XjtW +nF25g8sahKAS9cI55/iurcMc/aKwUpuDAKWhMXYYiC3Az+GXh+e6kbSxQYgKKYsF +ijvDXGxD0NNZSdNa7GquuSQDqg1+I0iToX478naRf0YZLyUFE+cXDroeRC9Gtpip +t31mSW+I711aNmZ1EZfYkvu0p54heaSe+018J5rA1dPvuf/VxTrrqsKBxZ5RpWJ7 +HxDTTsh6ZLN3epGdtTTMKO1JWdsjxWih4QE5xsE4QouFzurYv2SOe8cOYuTwKOMf +jU8zMXLzZZhC7MorbI6ZrvpAESYp4YufPm2E6iDb01dFHaAC+232i+PSpYSovM6U +5qqQq7jRjSJSMOllidL16LmSaj46 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFPzCCAyegAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgNDA5NiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDQwOTYgQ0EwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQCghf4Gm9QoFrPb+Z39Bx/0pOSYpFG5Mt28PP3S +fG5wwOXRwq4x+u+BXZ++G7hFIIxr/7QYv+zqgjoCRqT5V+VzeLoo1TEoIrLbBCU1 ++7bdO1Ol8PJK9dxfoH4kYQn20ZeCfF+shGamRVgJfj41sdTtiNCIUddNV0xpVMPy +hEzVLCYwX909hQqxiwgsB050AY7cLjhVKQnUu4TrEtb6ccXiuGXWfDOgca1GcoH+ +MoPfwhIDbNJDeq5P+gYwR6BcLNhZ2u2u64ldoRx/Imd0ubYBR1/aCAlUDYahfJn1 +HlxkqzWTpVQqrKQB1XRFcsMRc8Nc+Dox39ujwrIgKyJdyHVH4duTocybqmqLYl2v +frC6mWx2ArKbdyzSJ9+O5Qg1DrqHIWBSo9ov3EnZfoWwnPx5APQBInal1WJn51CB +daZoZqj6hLgDucW9ip24YljZvYWcIG3jxsJrqlGB6bUALtSA/QgyJqm1sSWzm3DW +fOrU/UTwAj2MocW0QQSV8gU8bdbgczgRm+Mp7t3IC8XhwoVP+7WGP/vAC0eBpEXj +/yFwVIISRihg6yJ4JBmuZg9/pNgNc807gBOfo0Q/M+9KkkbuX6Y31O3Ba+JsSla5 +lYSyHdqEtscfjbCZC8Os9y66kI6O0siPITew5rF3iy0DFtUrxXaiibaZAjFkS3BA +ZHfqxQIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFDBmGNKetHilNmxWjHmwe1ER3H2z +MA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +HQYDVR0OBBYEFDBmGNKetHilNmxWjHmwe1ER3H2zMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQENBQADggIBAChrSeHiWEa9WiomAX+Q628/S9sxom6TqmbkXIJm +wFHFodotEJIOA3SSIsMiV0kBLRu2q+T3Cbu4pulL6vK0sPzx9r4PLxkOsePv6+AG +uyykgAik9HFOG7YCXbRc7feJ7nU0njiJM4OiDyA8qkkLGShCfxSF9L1rnWm5La8a +WbWtfye56QG2Zly3bqh7quMjIUsqdJTgZlWblB1HMD0zVKXzebU/1pRJw3DPR1ll +LKPPvbezwQ38PFZr9nxyZVeGg4Eu2SwE9hmz1UAOUXTGS66/6//bc9eW0bogxYxF +rFGbTDbCm3g3ZiZzpX7D3iO9cYitYZZmzCJ7QYOJo5ocCyZ2yuNYNYJORYxyPoDn +zwsa6oJn+pt2wV5i3AusV1z+wQIJcSRkfiTTAA0+l/6JFy8JY2fe4mSziz67/WvZ +Stfjy858M99Nd+ETD9VyNJND4jimPi16jwRwH8iAxlifnRjEcK+ensNxaV3Ql4ap +ddHR2F5knstikMpbv/N3xgDiKbPD5dXhfAYPAZ+7QWFEqcvNDq2f0jf0Sf3SCYt/ +f6I5jBz7w+DWpf8xHarYpXwwEzcmmuIKm2jmWRafjFNnyo8Ka0gG7CqKEhLWYury +5FUJxkQnWO3eI/7vO1MLT7WAegPsROiU8eN+2u0c/2lbi2xPLb8GRWaEOUTY2zR0 +bzvp +-----END CERTIFICATE----- diff --git a/test-ca/rsa-4096/client.key b/test-ca/rsa-4096/client.key new file mode 100644 index 0000000000..7c3163bb8b --- /dev/null +++ b/test-ca/rsa-4096/client.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCzpzL4MgxQbLis +S37xWrHb9SHN758mU33mZd58ktEQlF2mxN3FjPe/7m/sMK5PkpoC5ADVKqW+XX3a +YLLEzxLGKLXW73ucQld2KrwP5T5JEEQvnxFFxGlgCx9n57tSOxKE7QlCn3omOzCc +rshWrvIfAFIIFdZk0qsV1hBV+mfCJyhh9y9ervPssMPYd5Drmg70kfMab4+vVOOe +RMPszojV3+oEl2whUTSVXXj40OpQCuU4/BV4YIKFg0aIG66THKy3LinH3sQD7Yg6 +x/12JJxt5/C5uCmGr4k7OnHGOrVpWAp2GfgQO+DeIEcVwDadl0C5exc8gYgSo/qt +7PAR8GwQg/YJi0MY6NGBO3wPeguFJ0E/xlXQoYPeNCqGMRMge+R0S3yaWdYfzYXr +W/WSezVnmcDEybVTBCEeu9Z0tycyJgCniJdjX//ZxMFGTtCougPhncHqojHJHe65 +2Piqm8u+tP0W0OWQJbT3T26J/cMMlspbrTcIgFe0GCu3MoFri2Ysv49nIlMxUJcB +Ol7MzWpZE8iX2O7n4lu+vLWo1ou4QZ4c/NTyaYUv3zLNat5hpnpWfDaaGL4LdIc3 +UtRU2oNaUSBbo2EDVt1eUBhY9uy7O4sW0x1fKaEYovH9GyHdr1+MtAGKLYbjPFLS +rJnUvOX80lCofpelA0IqwngPS7LX7wIDAQABAoICABR0D17Sfom+1web+3KJsNYq +Amnqbg7Jp/vN0pa8NbEoMxau3dDaoRo+OzUuFapZi889xhp+0H/r2k2Sf3KIth/O +uA/QaXJQ20RIzpXAs7v9w3A92+mQLa8RlRxvSumscAn83UuzJw+ojXrz1eXd5RLt +Jmm6kr4dKKfucc2tb0Kw0pgqBuqbYIoCAJ9p0sYACX6ECflohM32tt4TViW6czm7 +qcOmua4mtfs2DnUa0+e+Vc/huKVhLNBRMdEtKvhKEMqKJuzqdRvoCdUnZQ6eUcZG +3HvzIPHZ6ksj9vAVSbIZ+UGY6J/F3Blt81SL8wEzcdsBeJPFljMJGEZ/mJVyRIXW +nySoNRyicxvhAKoTfVQrsjN0syZz7Zkm47vcBNboi31Vm+KcRJvOs95O9/T5vxgL +FPNaFDD8i52zNqkuqiT2xV+pgCahnUuoHKIc7RYCWVc/2mbMWdf56oJZj5xZ5H52 +WlfBFh6KXzCFBZDyEJ6bOPmDFQCKU7FLfpuRu2BGYa6cmMVNSa+AewEiYrYGCKKO +N2XwnfQeZj7Cu9Ri94BPLBgMrwixQ8uc2u0QGligAFUTr5JtZWY4kDnMTNSfY4oL +i/atwy+He44bK/JFymDoQ96ehLxlMi8ucPeLd4p9WNZUM+bOrBSu3rGj4fX72mWj +X08GhXA2vfgbtSntag6BAoIBAQDgIDG54JVbC83M2L9mikLLeZVqP4oapTPMdn3G +NzKgBObGSGdvGQl7Oj4GXDeNgOQq/dNEICY+U94t/Eon0t8bEvG2u8Pt+eAPSblA +KR6WxYbqvEZK5wpb8kPCkYFWOhcQEyj6YcoAx6N/qrVzmZiGeYQ/zADC5emyLB25 +4r3XLTcwASOKzBrdKvmkqjJqWVxqO9NuW5iuZdD1L/zaaE/Q6/fcOp7VSk+wvkDW +mBNe794tIOlUzkZc9OHNv+14zmYjn9D/npksgIkilARqC17KYdYfmCjxUYahgyKM +55TBZPRmCeENYTmPK390t9s+4yWYWNF8BUkKaeggC2uslAlFAoIBAQDNM+C3ELw0 +HfVZh6rg7d/IzhlhKsDixg/+CwpwUyMD3YVuYUxBaQBuq3t23vAwLE8db18qMiov +gJg+1bcYRe1FIUZrNUhIWbHKxm8V0YauJ1WgTPZFVk7SvFxUXluiIb7goba7gWhw +B6uAUon8HBJ9qlfWUjPc9MbzFd1ZFzLb3RxpyjgJ7gl51QJeINOLjX1vBKooM0Li +ipzGD5VV8YXa88XbAeVo+3xuRtPumXLjUnwDiMNZ5q3sKlDhoIp2SZUOMCIvlvTe +xjmXHznGRTnEQbhLGifKBJP/O2lokESNnPZHZRNaa9Cknsxzacdttkz20yj4uF9l +mhV4bkaTRb2jAoIBAHPSr1/rm8OtWfFeoasQEGyurHR32ZrjfN1Q7racl+DyJ4CY +sjtLqQaxlpQa2+qYjVFaUu+F3b2gAdWp53ilFP8czyUr65jz5MKByuZJWbF46rws +B/d1ZnkVvcazAy/YXUrFXAvotUep4+h6A8N1wMjdy2Zcupf90MNu4P3LG2gzya1Z +KVD1IXziVJiwC9XB0Gxl9mG1nDWkEFRlNDp6ZaUGDNUWxjZbbMtdxowfkwMg2qRf +ubVF1D79niOB5+riXw5R7OPsxiOlWTkxXQagUaAs50b0j1QGWZjl99jxZIJ89YA1 +4sPTVreSNw/OY9Mf97G/VKLO6GwlRvwoasCI0DECggEBAKSGzcu5zUx0IL3R+v4x +e1YDeXHg15p7d2MW8x2wasi0mkEwHfXr/H6/W1Sp1yaowB43p7OrWQuRLYBj1lPN +7TmaPl3C8Nuhnt2YUITL5BJKU2sdie96DeUFRXoX1ZyfNe3heyPH1DbOz4EprJzI +3UKIi7i5W//y+nj4tOqzoQGLvTZM/rVnd42JbkaOR08C+OlEcjGdOClvPdfHstKf +vdUZ0y+Py6Jq0Q+SFmad/fGptukWhJrWS+io3QSqtZm10Z74lNBXVqovgQlb7fS8 +mF502xDMPc7J8OeZeSBvW6e3i/ceYXAENdtnv0FiNJYQrpDQKW+SVFqgOkq/EDMQ +ncUCggEAR6m4V2d5SFuQYgp2CHMFjy1vh8QouihtyY8A9fgIFUur1DooBNbJ7QtG +ZsqJB3mNXFKodJhCuPv6jDd2oHWMjxnd/Pksg+08ayY+cCHp08YE+2GUMFk3ICeb +JzbzIjIrTog/CnRuV27kFhfQcvdhOH2U21Pwx2nWD9MdWWfsNAeWtmv5cqcJBnQJ +GubKnRmwWpbrzBjeQzMCaPPQKVY97oE1HPTIFdzcfDMgv8vYQO8Aiq9mzmQ/zJiC +GriGyXMZLp9BGfpqgAguA7Ws28U5DP6763s3mcqMLVEssSpz36UxJGyOvS6qONhb +23DXA42grSldaYeX5D+LwqK/0MZyZw== +-----END PRIVATE KEY----- diff --git a/test-ca/rsa-4096/client.revoked.crl.pem b/test-ca/rsa-4096/client.revoked.crl.pem new file mode 100644 index 0000000000..847ac7c021 --- /dev/null +++ b/test-ca/rsa-4096/client.revoked.crl.pem @@ -0,0 +1,18 @@ +-----BEGIN X509 CRL----- +MIIC0DCBuQIBATANBgkqhkiG9w0BAQ0FADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgNDA5NiBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNDA3MTgyNDQ1WhcNMjQw +NDEyMTgyNDQ1WjAiMCACARgXDTI0MDQwNzE4MjQ0NVowDDAKBgNVHRUEAwoBAaAw +MC4wHwYDVR0jBBgwFoAUPXb7JUdauWAmtUvTXFqZt7W4yKYwCwYDVR0UBAQCAgTS +MA0GCSqGSIb3DQEBDQUAA4ICAQA0L8CRjM65oKhE0S/O4+Imi3QnS2WTKjHy3w+E +DvPoM6Q2JPUTIJogNgxKeCiCg+tLGP9xj4kziP0IJzDzfUIQJAFmVYFSSDl6zrr3 +pqcApIx3ath8exSI3UJugJ9K8geMc2kwZQT9rW0CDUxGfqPausSDze0zs6m8zDJF +f2r9g/KfP2wxmUXEOkF87uuYwj72TSp/WGb2I12MoeB924CYdU4XOLNnX7HzCoQr +gQL2ksMAaQbzOkrxQYG5jUVjQ358S4Wjz8ifBzWDfrTJ8Q3bXsbENATHQ2OXCx0F +MraUAmw8cs2uIhAzOpaAvkZhgZhwAzdtQ6Qk6B9uJXA28PlzZ/eQ8nMVyA4jI02N +xZ332+7kbvefni6WQq+jT9kRWmu+yibf1onRvjgJS/MtSJkFtxc/Ws/sX6N7H7gu +4Q/funE7uPfNA32gj4awEHyfZIZmGGU3xxyAY31E4lzOhGjDLOwR7AdLnscX00Ad +qIYaA7yBomLjnx+NY65HFCIYzJDmVMkYn0Cfxd9udFsl9JSTwV/WTc6hNDpjQJXJ +2+ZmZb372JCKYLGjqppHLYmxGolr340rEh7QffQCqw9Ui6ahplX2UObPaIlte0IT +hx/OoG+mmUNRIVPTRpvnqRgq6fZkXDBkr01aiEKynyFj3AkUjAZd0/sQ3TFZxttE ++EujMw== +-----END X509 CRL----- diff --git a/test-ca/rsa-4096/end.cert b/test-ca/rsa-4096/end.cert new file mode 100644 index 0000000000..7624e57652 --- /dev/null +++ b/test-ca/rsa-4096/end.cert @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFUTCCAzmgAwIBAgIBETANBgkqhkiG9w0BAQ0FADAxMS8wLQYDVQQDDCZwb255 +dG93biBSU0EgNDA5NiBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw +MDBaGA80MDk2MDEwMTAwMDAwMFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20w +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCmpW6YlulsrNKwmMBl7IvG +dP79HgQm9tc2Xb3Cw067NCCkZBqTSEGOJhvYoBNrDPa3VvT2tDot+JSlPPojuHOH +6ygeOjbGgQrS2wG30T73EzXDJ3GC6Q16QS2mQFf0nHHO4hy9B6VJBFRdwL4amYGX +sgTakeEZOPXNYp0t+bXduV8LiKpymcZxnj6prI0oeeFGiICSLxB+A7EyVeoncVD8 +2PMT4LOoAaxQyfjZsWfIbCcM64ohJLYKITkZBi3fMxsaJTK7XNoS/A9+R1fMbdxz +qrBZYnx3QbwfO+ebzxkyPzj7ymwLhMEJkRWUq/d56xp8ZWKq6mYN/CusnkuGCScG +Ma53tQjRe3Zg2sWt0uXhUb5f4BIc2zTv2hCy8u24CG3eWDtmFJ5O8R8dK8TV8DOh +NTC3o/2WKOb2lqqX9By9MEf0gClVraYGpDhc6d7pgs9DuWshLEGRgGKqD2EUB7Jd +trHyfZgi76LfnBYHZHETnZtMcHg7jPOQazk43ZeVTfu1LF/BDvptUk/zPcJlJpHl +9SU/QcY5j6AaWU1s+XY5oi9ev+7qTfl/1G26/GOyavplSIKSRNDrOZh7YMb+TdBT +6ZlBKg+Q+SR166uzw4aoYAyUhMv+Zdutk9vgJ47RVpmLpOKZlAHO+Ya0rB+x/ouR +lMPYEF+dOjk5A35vqPEerQIDAQABo4GJMIGGMB8GA1UdIwQYMBaAFD12+yVHWrlg +JrVL01xambe1uMimMFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29tghVzZWNvbmQu +dGVzdHNlcnZlci5jb22CCWxvY2FsaG9zdIcExjNkAYcQIAENuAAAAAAAAAAAAAAA +ATAOBgNVHQ8BAf8EBAMCBsAwDQYJKoZIhvcNAQENBQADggIBAIg8KDmQR/+Fe8o9 +5houTeE53KqSe91v0dqyZzRYudz+iTtIDw8+A7O0fo6gKeYK+P3Y8winVgSNkl6X +NU1rnkmkYtTSx0ilJ0CHar8Ac5P9pmB51WHNpybRhZeQ+Fjs6tjJtXe10hdIFqFu +B/g/NYJ58nUwpqHIA5FyHw2TaxiY4x7WLtqi09HqPXgfkmtgb3N2Agx4MXoyMQXw +8qGZimk3ijDL5w9fCATc6J7FafVY5PjIc9fmmAxJdOd+tzoZb3OWEqQROwP2z4Ax +SSxlKXkQgPG7exOTJPC5KduqDjLyXYQyY6Hk23pJ6acVRRj00sUTYc/OGpF1prsN +d97mdnkONo/0NfpEIQlKkpNS5ERlB178Tf7P7gPOjdlhA4FY8flX8rVorL5GabLE +hJ/lUTq4AMO33SCBta+rOTxDJ6PUTyc1CLM3zzZ3wVXbiPu+mBhJ72AHrjNWdRVq +geVRRfqS/3NbZ2EDb8jK1CNwRPudYfxa/LxlQNbhBTBegJQaStazRXrEwGXyfh4H +7ER28jVXO3Y6CwAfEbsAvLs2ZqWZVbEgGzV6v3+qaybfx2kKXO4TYX6TvWJ/ahuw +KRGRpWWuxyCPqDIJuf8w/v5Bvo17ym9eHOBLGo2R/l0gIjVJUVSX2ALtKP3NKmTy +oTzqnJePQNOUkg0X8vG3XFKO2wHP +-----END CERTIFICATE----- diff --git a/test-ca/rsa-4096/end.chain b/test-ca/rsa-4096/end.chain new file mode 100644 index 0000000000..2b5bea12c4 --- /dev/null +++ b/test-ca/rsa-4096/end.chain @@ -0,0 +1,62 @@ +-----BEGIN CERTIFICATE----- +MIIFUTCCAzmgAwIBAgIBCjANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgNDA5NiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDQwOTYgbGV2ZWwgMiBpbnRlcm1l +ZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC66Ip2Q+5nD2XO +HYbS8ESBaJd331RJ+j52EwCHFs/UNMkhDV/R+lhlE34vTHV5/K0TkwSBgY4ePRId +pKkivi8lchHrm4Y6tSwjRbJoPO5GQxuZwyuM88nMBwilxnIYNuKTLxq4Pch8zkk5 +IGhRJFMRcwvfm3NfBWz+54i/ZZMcwP9k3yQNkK3eJcAykjn3wVxg1D2lF35h0LGu +SBYpMhwZpqz4z9NAvULuybQZc8w/XTO1OYtzBp4JFpCEzupC6BkhhN7Ttjkq0mfT +CngxdsvKRCu5T7Ta6wysp37Hg+bxk25/uYuAuGHzJLUSNCTfqn38ZKF+Iy92+Ntb +kYn28zMtEWwxlpk++vS/Q1Yr8H7PA3VxZXDI8cI8xO7hHWYW0lhbkXb7V2S/+Nyr +Kw/wXc9kwW8s8lut8FChJb77xku43KfsYf+JrpCiTn+VHTH3sv6A0ZK6lMYglLzc +e0QY27KZ4P1sBHbOrN/f0qJHqGzZkcyy6gtxvGT0j7zamjmBjjPjj8cxb0mjdcmr +UIFKlGCRRqoMkyOnnwHCGy+Kp9uP6XiKNa+YKXOSAJMcdvO7d/+m/vGRjflSwr5x +w2l/xka87ZmqawrbaU/lXCnZJws8JkufK01iUM8tkKMKJuBpSwuaFOvTxT1SI1lN +4f59UGRmcEJnFobiFf2IFfFI2xq7fwIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFDBm +GNKetHilNmxWjHmwe1ER3H2zMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFD12+yVHWrlgJrVL01xambe1uMim +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAFFRgG0j8rn21GYW +0wgajHVZ/xmvMUpcno3pfKp9u3CmvN/kKWUyzvLFEYxMsxqfkGe4bwWIi2BAC4oQ +T88ezOfvwnvWSKqx5kUCqqh0YScltA3AGeyNw8weB5f/4TrXiFQXatCl0OCxODqh +7kydekUrpZcU+S+VCxe6MceMM+734XBCqzgxO3MsrUUrZ4R89ZLvLgPAjZhbFjjb +qvMUJWZsplk5m6W2Fq7dTvUsOkWaQ3q5sGkzd7kbDFmDI3crqSILP5iVBc72BGeX +PBvY0onU6W4+JEO3RvkblrFPYO9MrA+MnRxwDNIYY6D6+T+uBvQ4kYm+tYd5XjtW +nF25g8sahKAS9cI55/iurcMc/aKwUpuDAKWhMXYYiC3Az+GXh+e6kbSxQYgKKYsF +ijvDXGxD0NNZSdNa7GquuSQDqg1+I0iToX478naRf0YZLyUFE+cXDroeRC9Gtpip +t31mSW+I711aNmZ1EZfYkvu0p54heaSe+018J5rA1dPvuf/VxTrrqsKBxZ5RpWJ7 +HxDTTsh6ZLN3epGdtTTMKO1JWdsjxWih4QE5xsE4QouFzurYv2SOe8cOYuTwKOMf +jU8zMXLzZZhC7MorbI6ZrvpAESYp4YufPm2E6iDb01dFHaAC+232i+PSpYSovM6U +5qqQq7jRjSJSMOllidL16LmSaj46 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFPzCCAyegAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgNDA5NiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDQwOTYgQ0EwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQCghf4Gm9QoFrPb+Z39Bx/0pOSYpFG5Mt28PP3S +fG5wwOXRwq4x+u+BXZ++G7hFIIxr/7QYv+zqgjoCRqT5V+VzeLoo1TEoIrLbBCU1 ++7bdO1Ol8PJK9dxfoH4kYQn20ZeCfF+shGamRVgJfj41sdTtiNCIUddNV0xpVMPy +hEzVLCYwX909hQqxiwgsB050AY7cLjhVKQnUu4TrEtb6ccXiuGXWfDOgca1GcoH+ +MoPfwhIDbNJDeq5P+gYwR6BcLNhZ2u2u64ldoRx/Imd0ubYBR1/aCAlUDYahfJn1 +HlxkqzWTpVQqrKQB1XRFcsMRc8Nc+Dox39ujwrIgKyJdyHVH4duTocybqmqLYl2v +frC6mWx2ArKbdyzSJ9+O5Qg1DrqHIWBSo9ov3EnZfoWwnPx5APQBInal1WJn51CB +daZoZqj6hLgDucW9ip24YljZvYWcIG3jxsJrqlGB6bUALtSA/QgyJqm1sSWzm3DW +fOrU/UTwAj2MocW0QQSV8gU8bdbgczgRm+Mp7t3IC8XhwoVP+7WGP/vAC0eBpEXj +/yFwVIISRihg6yJ4JBmuZg9/pNgNc807gBOfo0Q/M+9KkkbuX6Y31O3Ba+JsSla5 +lYSyHdqEtscfjbCZC8Os9y66kI6O0siPITew5rF3iy0DFtUrxXaiibaZAjFkS3BA +ZHfqxQIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFDBmGNKetHilNmxWjHmwe1ER3H2z +MA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +HQYDVR0OBBYEFDBmGNKetHilNmxWjHmwe1ER3H2zMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQENBQADggIBAChrSeHiWEa9WiomAX+Q628/S9sxom6TqmbkXIJm +wFHFodotEJIOA3SSIsMiV0kBLRu2q+T3Cbu4pulL6vK0sPzx9r4PLxkOsePv6+AG +uyykgAik9HFOG7YCXbRc7feJ7nU0njiJM4OiDyA8qkkLGShCfxSF9L1rnWm5La8a +WbWtfye56QG2Zly3bqh7quMjIUsqdJTgZlWblB1HMD0zVKXzebU/1pRJw3DPR1ll +LKPPvbezwQ38PFZr9nxyZVeGg4Eu2SwE9hmz1UAOUXTGS66/6//bc9eW0bogxYxF +rFGbTDbCm3g3ZiZzpX7D3iO9cYitYZZmzCJ7QYOJo5ocCyZ2yuNYNYJORYxyPoDn +zwsa6oJn+pt2wV5i3AusV1z+wQIJcSRkfiTTAA0+l/6JFy8JY2fe4mSziz67/WvZ +Stfjy858M99Nd+ETD9VyNJND4jimPi16jwRwH8iAxlifnRjEcK+ensNxaV3Ql4ap +ddHR2F5knstikMpbv/N3xgDiKbPD5dXhfAYPAZ+7QWFEqcvNDq2f0jf0Sf3SCYt/ +f6I5jBz7w+DWpf8xHarYpXwwEzcmmuIKm2jmWRafjFNnyo8Ka0gG7CqKEhLWYury +5FUJxkQnWO3eI/7vO1MLT7WAegPsROiU8eN+2u0c/2lbi2xPLb8GRWaEOUTY2zR0 +bzvp +-----END CERTIFICATE----- diff --git a/test-ca/rsa-4096/end.der b/test-ca/rsa-4096/end.der new file mode 100644 index 0000000000000000000000000000000000000000..3fe214bd674c43cb6126651a7cedb39740e644c9 GIT binary patch literal 1365 zcmZ9LdpOez9LD$CZ?2hJ|VwH+=$#ENg6~ zLe8QSTH}b6l6102C8Ov>2i=V1I!B#9PUpPe|K8_)-sk(r=Y@DGUJwr?mw-qBi3D^Z zw5rC&bdU5eXaGQ~ARq!^3uLVd`k+89i{p$~4vUc(i}OB6!P!A%dmJ5R!*m=G7a7Zf z<7426NE!=wIm}q*hKv9SUk`#)?vfwWvP+kdedZM`1^kQJHYcu`wi@wQ*9vMf16 zyE0P*TXeW!4bf)|A9rA(cT#V#t`ev^@L=Xe&Czx`UTgfU`T850=42yP>sPkM*bT(S zz`m6W7_PhDA2Iz*@wLNYCle_*&79tzml+YaJIr^`SESw6;OpmK`NA2;o`l21V@J>n zo2rWUq-)?+30D&(>Rrj~(7t=s-NQp(%^`y;P2_eT`*dm*@9WiLUiv#7SyjAm!fef^ zyH7vamXaXprNsivk?8`laLS|!a-T}E@~N&+EprGQeL2dL?P!QL-%R1Bgo!bsId~r+gtq)_Kv!{AueqRW$jhcf!cmlV_XjVGs0=~V+! zQnlrKT9*g2Oe=uMbhaetx-Xqh?r<5w+IS9;`^AFf0Y+C}?NK}bhJNK4Cl3r}8(4Rp zn_XfxqB*nJJE?xz7nLOl7Lq)pi>YN{J>B;`%JHrlQMVAxyv2%8&Qsc>%NAXyg}F2S z@5Xu`ND?L81|F+RW7TH1lXx6O0#s4j4)Wv8(0S2@g@2kpv+29|q-)IOgqa{Zl)+>p zwN4O{hy;~Sic-Zty|itj~!_J1?e&U`*ns6}PHIji?xZ0pfqB5=^J?xb@a0SPQ$70dwMikCzhX3(TGlb zIl|^>+viM?=G@FRb_?>n-?+hQ!3&;B*$1#Q>je!=^`DsaQ%H_gHSdb7y_@#Su$N;! zqE$M8OO^a~h3vcof2n6bo}^y4Rc4=f+ee-`-&|-&{TQlt)z&vbKPq+DYv-I`iTT4( z8pvqx=vjB%ZN7-M5U_9)c6~Oa0tKh!V|PER+nIE?1y*oP)!wy$X!;??~~&A<O6KqnB)2+Uw}4HOh^O0v*m#7Z?*MT A5C8xG literal 0 HcmV?d00001 diff --git a/test-ca/rsa-4096/end.fullchain b/test-ca/rsa-4096/end.fullchain new file mode 100644 index 0000000000..31188dd24d --- /dev/null +++ b/test-ca/rsa-4096/end.fullchain @@ -0,0 +1,93 @@ +-----BEGIN CERTIFICATE----- +MIIFUTCCAzmgAwIBAgIBETANBgkqhkiG9w0BAQ0FADAxMS8wLQYDVQQDDCZwb255 +dG93biBSU0EgNDA5NiBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw +MDBaGA80MDk2MDEwMTAwMDAwMFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20w +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCmpW6YlulsrNKwmMBl7IvG +dP79HgQm9tc2Xb3Cw067NCCkZBqTSEGOJhvYoBNrDPa3VvT2tDot+JSlPPojuHOH +6ygeOjbGgQrS2wG30T73EzXDJ3GC6Q16QS2mQFf0nHHO4hy9B6VJBFRdwL4amYGX +sgTakeEZOPXNYp0t+bXduV8LiKpymcZxnj6prI0oeeFGiICSLxB+A7EyVeoncVD8 +2PMT4LOoAaxQyfjZsWfIbCcM64ohJLYKITkZBi3fMxsaJTK7XNoS/A9+R1fMbdxz +qrBZYnx3QbwfO+ebzxkyPzj7ymwLhMEJkRWUq/d56xp8ZWKq6mYN/CusnkuGCScG +Ma53tQjRe3Zg2sWt0uXhUb5f4BIc2zTv2hCy8u24CG3eWDtmFJ5O8R8dK8TV8DOh +NTC3o/2WKOb2lqqX9By9MEf0gClVraYGpDhc6d7pgs9DuWshLEGRgGKqD2EUB7Jd +trHyfZgi76LfnBYHZHETnZtMcHg7jPOQazk43ZeVTfu1LF/BDvptUk/zPcJlJpHl +9SU/QcY5j6AaWU1s+XY5oi9ev+7qTfl/1G26/GOyavplSIKSRNDrOZh7YMb+TdBT +6ZlBKg+Q+SR166uzw4aoYAyUhMv+Zdutk9vgJ47RVpmLpOKZlAHO+Ya0rB+x/ouR +lMPYEF+dOjk5A35vqPEerQIDAQABo4GJMIGGMB8GA1UdIwQYMBaAFD12+yVHWrlg +JrVL01xambe1uMimMFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29tghVzZWNvbmQu +dGVzdHNlcnZlci5jb22CCWxvY2FsaG9zdIcExjNkAYcQIAENuAAAAAAAAAAAAAAA +ATAOBgNVHQ8BAf8EBAMCBsAwDQYJKoZIhvcNAQENBQADggIBAIg8KDmQR/+Fe8o9 +5houTeE53KqSe91v0dqyZzRYudz+iTtIDw8+A7O0fo6gKeYK+P3Y8winVgSNkl6X +NU1rnkmkYtTSx0ilJ0CHar8Ac5P9pmB51WHNpybRhZeQ+Fjs6tjJtXe10hdIFqFu +B/g/NYJ58nUwpqHIA5FyHw2TaxiY4x7WLtqi09HqPXgfkmtgb3N2Agx4MXoyMQXw +8qGZimk3ijDL5w9fCATc6J7FafVY5PjIc9fmmAxJdOd+tzoZb3OWEqQROwP2z4Ax +SSxlKXkQgPG7exOTJPC5KduqDjLyXYQyY6Hk23pJ6acVRRj00sUTYc/OGpF1prsN +d97mdnkONo/0NfpEIQlKkpNS5ERlB178Tf7P7gPOjdlhA4FY8flX8rVorL5GabLE +hJ/lUTq4AMO33SCBta+rOTxDJ6PUTyc1CLM3zzZ3wVXbiPu+mBhJ72AHrjNWdRVq +geVRRfqS/3NbZ2EDb8jK1CNwRPudYfxa/LxlQNbhBTBegJQaStazRXrEwGXyfh4H +7ER28jVXO3Y6CwAfEbsAvLs2ZqWZVbEgGzV6v3+qaybfx2kKXO4TYX6TvWJ/ahuw +KRGRpWWuxyCPqDIJuf8w/v5Bvo17ym9eHOBLGo2R/l0gIjVJUVSX2ALtKP3NKmTy +oTzqnJePQNOUkg0X8vG3XFKO2wHP +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFUTCCAzmgAwIBAgIBCjANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgNDA5NiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDQwOTYgbGV2ZWwgMiBpbnRlcm1l +ZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC66Ip2Q+5nD2XO +HYbS8ESBaJd331RJ+j52EwCHFs/UNMkhDV/R+lhlE34vTHV5/K0TkwSBgY4ePRId +pKkivi8lchHrm4Y6tSwjRbJoPO5GQxuZwyuM88nMBwilxnIYNuKTLxq4Pch8zkk5 +IGhRJFMRcwvfm3NfBWz+54i/ZZMcwP9k3yQNkK3eJcAykjn3wVxg1D2lF35h0LGu +SBYpMhwZpqz4z9NAvULuybQZc8w/XTO1OYtzBp4JFpCEzupC6BkhhN7Ttjkq0mfT +CngxdsvKRCu5T7Ta6wysp37Hg+bxk25/uYuAuGHzJLUSNCTfqn38ZKF+Iy92+Ntb +kYn28zMtEWwxlpk++vS/Q1Yr8H7PA3VxZXDI8cI8xO7hHWYW0lhbkXb7V2S/+Nyr +Kw/wXc9kwW8s8lut8FChJb77xku43KfsYf+JrpCiTn+VHTH3sv6A0ZK6lMYglLzc +e0QY27KZ4P1sBHbOrN/f0qJHqGzZkcyy6gtxvGT0j7zamjmBjjPjj8cxb0mjdcmr +UIFKlGCRRqoMkyOnnwHCGy+Kp9uP6XiKNa+YKXOSAJMcdvO7d/+m/vGRjflSwr5x +w2l/xka87ZmqawrbaU/lXCnZJws8JkufK01iUM8tkKMKJuBpSwuaFOvTxT1SI1lN +4f59UGRmcEJnFobiFf2IFfFI2xq7fwIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFDBm +GNKetHilNmxWjHmwe1ER3H2zMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFD12+yVHWrlgJrVL01xambe1uMim +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAFFRgG0j8rn21GYW +0wgajHVZ/xmvMUpcno3pfKp9u3CmvN/kKWUyzvLFEYxMsxqfkGe4bwWIi2BAC4oQ +T88ezOfvwnvWSKqx5kUCqqh0YScltA3AGeyNw8weB5f/4TrXiFQXatCl0OCxODqh +7kydekUrpZcU+S+VCxe6MceMM+734XBCqzgxO3MsrUUrZ4R89ZLvLgPAjZhbFjjb +qvMUJWZsplk5m6W2Fq7dTvUsOkWaQ3q5sGkzd7kbDFmDI3crqSILP5iVBc72BGeX +PBvY0onU6W4+JEO3RvkblrFPYO9MrA+MnRxwDNIYY6D6+T+uBvQ4kYm+tYd5XjtW +nF25g8sahKAS9cI55/iurcMc/aKwUpuDAKWhMXYYiC3Az+GXh+e6kbSxQYgKKYsF +ijvDXGxD0NNZSdNa7GquuSQDqg1+I0iToX478naRf0YZLyUFE+cXDroeRC9Gtpip +t31mSW+I711aNmZ1EZfYkvu0p54heaSe+018J5rA1dPvuf/VxTrrqsKBxZ5RpWJ7 +HxDTTsh6ZLN3epGdtTTMKO1JWdsjxWih4QE5xsE4QouFzurYv2SOe8cOYuTwKOMf +jU8zMXLzZZhC7MorbI6ZrvpAESYp4YufPm2E6iDb01dFHaAC+232i+PSpYSovM6U +5qqQq7jRjSJSMOllidL16LmSaj46 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFPzCCAyegAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgNDA5NiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDQwOTYgQ0EwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQCghf4Gm9QoFrPb+Z39Bx/0pOSYpFG5Mt28PP3S +fG5wwOXRwq4x+u+BXZ++G7hFIIxr/7QYv+zqgjoCRqT5V+VzeLoo1TEoIrLbBCU1 ++7bdO1Ol8PJK9dxfoH4kYQn20ZeCfF+shGamRVgJfj41sdTtiNCIUddNV0xpVMPy +hEzVLCYwX909hQqxiwgsB050AY7cLjhVKQnUu4TrEtb6ccXiuGXWfDOgca1GcoH+ +MoPfwhIDbNJDeq5P+gYwR6BcLNhZ2u2u64ldoRx/Imd0ubYBR1/aCAlUDYahfJn1 +HlxkqzWTpVQqrKQB1XRFcsMRc8Nc+Dox39ujwrIgKyJdyHVH4duTocybqmqLYl2v +frC6mWx2ArKbdyzSJ9+O5Qg1DrqHIWBSo9ov3EnZfoWwnPx5APQBInal1WJn51CB +daZoZqj6hLgDucW9ip24YljZvYWcIG3jxsJrqlGB6bUALtSA/QgyJqm1sSWzm3DW +fOrU/UTwAj2MocW0QQSV8gU8bdbgczgRm+Mp7t3IC8XhwoVP+7WGP/vAC0eBpEXj +/yFwVIISRihg6yJ4JBmuZg9/pNgNc807gBOfo0Q/M+9KkkbuX6Y31O3Ba+JsSla5 +lYSyHdqEtscfjbCZC8Os9y66kI6O0siPITew5rF3iy0DFtUrxXaiibaZAjFkS3BA +ZHfqxQIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFDBmGNKetHilNmxWjHmwe1ER3H2z +MA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +HQYDVR0OBBYEFDBmGNKetHilNmxWjHmwe1ER3H2zMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQENBQADggIBAChrSeHiWEa9WiomAX+Q628/S9sxom6TqmbkXIJm +wFHFodotEJIOA3SSIsMiV0kBLRu2q+T3Cbu4pulL6vK0sPzx9r4PLxkOsePv6+AG +uyykgAik9HFOG7YCXbRc7feJ7nU0njiJM4OiDyA8qkkLGShCfxSF9L1rnWm5La8a +WbWtfye56QG2Zly3bqh7quMjIUsqdJTgZlWblB1HMD0zVKXzebU/1pRJw3DPR1ll +LKPPvbezwQ38PFZr9nxyZVeGg4Eu2SwE9hmz1UAOUXTGS66/6//bc9eW0bogxYxF +rFGbTDbCm3g3ZiZzpX7D3iO9cYitYZZmzCJ7QYOJo5ocCyZ2yuNYNYJORYxyPoDn +zwsa6oJn+pt2wV5i3AusV1z+wQIJcSRkfiTTAA0+l/6JFy8JY2fe4mSziz67/WvZ +Stfjy858M99Nd+ETD9VyNJND4jimPi16jwRwH8iAxlifnRjEcK+ensNxaV3Ql4ap +ddHR2F5knstikMpbv/N3xgDiKbPD5dXhfAYPAZ+7QWFEqcvNDq2f0jf0Sf3SCYt/ +f6I5jBz7w+DWpf8xHarYpXwwEzcmmuIKm2jmWRafjFNnyo8Ka0gG7CqKEhLWYury +5FUJxkQnWO3eI/7vO1MLT7WAegPsROiU8eN+2u0c/2lbi2xPLb8GRWaEOUTY2zR0 +bzvp +-----END CERTIFICATE----- diff --git a/test-ca/rsa-4096/end.key b/test-ca/rsa-4096/end.key new file mode 100644 index 0000000000..d79b9c58d4 --- /dev/null +++ b/test-ca/rsa-4096/end.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCmpW6YlulsrNKw +mMBl7IvGdP79HgQm9tc2Xb3Cw067NCCkZBqTSEGOJhvYoBNrDPa3VvT2tDot+JSl +PPojuHOH6ygeOjbGgQrS2wG30T73EzXDJ3GC6Q16QS2mQFf0nHHO4hy9B6VJBFRd +wL4amYGXsgTakeEZOPXNYp0t+bXduV8LiKpymcZxnj6prI0oeeFGiICSLxB+A7Ey +VeoncVD82PMT4LOoAaxQyfjZsWfIbCcM64ohJLYKITkZBi3fMxsaJTK7XNoS/A9+ +R1fMbdxzqrBZYnx3QbwfO+ebzxkyPzj7ymwLhMEJkRWUq/d56xp8ZWKq6mYN/Cus +nkuGCScGMa53tQjRe3Zg2sWt0uXhUb5f4BIc2zTv2hCy8u24CG3eWDtmFJ5O8R8d +K8TV8DOhNTC3o/2WKOb2lqqX9By9MEf0gClVraYGpDhc6d7pgs9DuWshLEGRgGKq +D2EUB7JdtrHyfZgi76LfnBYHZHETnZtMcHg7jPOQazk43ZeVTfu1LF/BDvptUk/z +PcJlJpHl9SU/QcY5j6AaWU1s+XY5oi9ev+7qTfl/1G26/GOyavplSIKSRNDrOZh7 +YMb+TdBT6ZlBKg+Q+SR166uzw4aoYAyUhMv+Zdutk9vgJ47RVpmLpOKZlAHO+Ya0 +rB+x/ouRlMPYEF+dOjk5A35vqPEerQIDAQABAoICAAHjVO3wo8Nh798lU+Szud+t +OqhWeziPyl9oz3oR6WXwkMAcDDsH8gowv1cEdUPcuTzZhNv4rcIQk2qN1s2pzNFI +5kL1aOJ12tAJwCq7eaml85F69GvFxSvR6jj8eKKiVR3BbQ7tM7+wh14qjVzSyWeV +Ej4BshmtjgdeKya2sgtJitygF0JGILvvzYjxlgXT36wDZuWBGAA9fXfzBjydKYw7 +zwE2JgLsxe2CZEnfGyxnoUehsYZvmoph1vpEGifxtchljH4X7raRWYGWQFXmFr3O +vMG+fmeBfKaj8JtQzNnHYpdjszasMd2wYZy2GA8vDTVElsoV7sMQzNPfVT63AtSn +60cQFqUfARBgHPD68pob2KOZ5oQjJ9HDZrZkArRYoQTy/4NRcNKgANlAs8p/rjGx +aukm3KMeLgDNMIXEm19mYQHYp2gpoDG3+6sOlqrCCkneQYYSjv8tuiUcMtPdD8wL +HUBfhQk1UDif7CcC+2r0RrDcJ6SqCrC4Ma/+lVz1cUke6ujampZxW3fjkMovyz3F +YjJDzN8Wv0ZvpiilJU0DOrFV+kw/3jSyc4yfO1WhtWEgEmlkMeEMpqpXlwH+fE6m +uepddsR/NLc3KGPo8k1NbtNPoUC5AgGASpjliR4gJqJUgjnRmYugezBGMw/ow9vZ +gqFdMTShp1GXe1AofCZBAoIBAQDpgwq3oTc4KgRu3CH697Ni9pRR7yws6nyj+zt8 +hPXBHmGinbZhULLnMMuW24czpr4Lk7SGRVoOSuUCt8lKm3pJBnAn9gQ3xCDZudTK +zQDqA8MgvRMOc5NbeFltVFIW4KvWVfda63P9kt64/601lC8MMLeA0sbzgj4BkpKz +JMl+h4apciaBqhCYPM42TfMZjeyxUuOUMerxhO1DQQAtXok2Ve6aartTnomFK4Fe +Ow9WTNg66iEDZuwOjiFGnACkx2LykPaYRsGL7ZzMnmfbMS01bGTrcLFX5ZT9HBzw +QtxlA4vucjbT9lnjbrh1YKG5ycI671fgMZZ8jeKvNhLByLpNAoIBAQC2seWJfI/e +Nq5rHQ8SK4fwPxuH49UKBHzKANn+OF3VD9ka0oBPGH2V69EiFYrpIgx/bZSxL7Vb +jyVWHvQy2gpFwgrtDwHOBfsbNklIXdA35ThZcygeeGe+Dxcbx29nXlRMhNeHjetV +jmMZo7w6F7MyjS9zhiSL37v0oT1ua15ozBQ87VZz/h2moBNC3jTSxbfixu3dzTv1 +YfcnbWEkYAnhsZfo9g4qo9xllaMGIBCIsWagdaHVO134+R2BTyn3iogj1LcLckig +V0jfv4ZnfC7jjoSaXnRxLfKPeYjm9TBTagu7EwJxp2SHErm1rqYitCbMTegzbmOJ +G3qZndIGmWXhAoIBAQCNgqBoEAcKvkvZcwYUtS+89XmE/dBjl+bY6VNvbpQP6H16 +suDnsKP6fxOh5H/WyWG6WlS4WibtKm4Ga6JM2FQPFRu629hKg0z1JSzTidDYAFer +62k1BM10TUbEfqkQvC7mwUoZiz7LmMnoiulI4vhwBsXuB84RnAg/o7fLYKvLRg5R +eZ/kTE+qMo81UZ/VCLE79ON915JtswSmESouVHAKwaDLa4sCbb0hOvA3TstInWEc +su42xZSgbXm09K1fLoXEQh1uwtJgHis7xXNi3jZrfbjbBXwzrCnSCctvvtUZUkDm +y8h2Q4DN1zdpypm3oZFXbdxvPR3ZdZK+Y6KSVTaxAoIBAF5ndK3jwM/Zv6032dbQ +ybDaW1aP40EG6pjTcdHMvKfhRZV3mrfEdvimX23WZe5sGrsqG8CnX3aNdISZACTa +yJ4dU9oFfDBCpOv91EZhu7t2ZfTK7bs5CpqKX62KE8X9V2Am8Nxp+GZAanMQSa5X +GtEPZaqzcWUZ2pzhSMYrEyDh+780AQ11DUtRwkI2YmNbqda0ZqvLZqU41yb3fU/3 +lIOcalwF8XIVNEkF1rTOktyfluFph5OQ1tFVoOp1xsDUQ98IBwISLvczw0NjS4dk +AzKxLVI7Zr4pOQLskVKO9kbUMHWdsBCcp/SoN3BrbAvYvYeq5kbVTvfFTEfe5m1k +jOECggEBAKO2AcO+K2AF+0g4d5KJmAr++86dHuVjOOO3cFPt3+VXss0fIUAIKE7/ +tqGaQ4cNJH0bZJDnD8u2t+rsZeZzXdf051w0eG5IUkumWI0Eq2YXZU3MuAITB3nr +IRc28j3BY4nJgNDe+7vKLSb+If1msQuyJE/VILw95s8DEgNihM7DcBBMO0J6c2mJ +Xk/Q7wIB+JT+ssPpsXacnk1cXwhbW1J9tZT5Iilnv/RORKFWKuE1HriMQsqOXU9i +T1W9/TmdPmOqAnM52qaREXwrUcaKLthbPZzDR5IEU4crYsmpoDnUhr+qm5uUvO3i +LDRccFoG/QLGZgz9aGrQZdr7uRIQ2Ow= +-----END PRIVATE KEY----- diff --git a/test-ca/rsa-4096/end.revoked.crl.pem b/test-ca/rsa-4096/end.revoked.crl.pem new file mode 100644 index 0000000000..82884933fa --- /dev/null +++ b/test-ca/rsa-4096/end.revoked.crl.pem @@ -0,0 +1,18 @@ +-----BEGIN X509 CRL----- +MIIC0DCBuQIBATANBgkqhkiG9w0BAQ0FADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgNDA5NiBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNDA3MTgyNDQzWhcNMjQw +NDEyMTgyNDQzWjAiMCACAREXDTI0MDQwNzE4MjQ0M1owDDAKBgNVHRUEAwoBAaAw +MC4wHwYDVR0jBBgwFoAUPXb7JUdauWAmtUvTXFqZt7W4yKYwCwYDVR0UBAQCAgTS +MA0GCSqGSIb3DQEBDQUAA4ICAQAfCTOEfTApBGX0TwH1D/EXT3Q6QbMyUg3Rc904 +OOjdQ64k1a8CQYggNGQUbGiojhy0Eg3wWuFkusf7fvT9VokH4VN1x3a7B2EHw6Qt +mm+YtC5RwkICpzOIgAm85Qwgc7r5hPpZd7fE6fyDLKh//maVor1RTMzHlj5ojEWQ +7CZ9TaSjB8sdjvNxFa82CxlT5DwbaoGzJ0hYxITn7k5pU9uEQnDMlMI1JqQilVmN +JaFh6I6hG9CcV4uc39UqFSV7J24C7YN7zynyJFzH4etbjgw90EGFYED9EK4dWX25 +9Plq8IscolUT2OmNvxgTNX4fUK0ZKcFc6EfBL6o1Zz5uH2FEesOZRSZ6Baf/s7Gx +6WQ2fo51iTPO3YMKfJL4Qx+2Sels6kaYlUspCK3g7mt/sHI5MMFswKLfPK68CqQ2 +x4qHo1Vt4LgO557wMGui18l/iUI9losDIIEmBBGjGExEepY4WdvJEYBgXpRldqCb +XbScDOHNEfOFm8jldc5aYU+v5s1aPk6tpnaMoAn5ua6uAADVw6hyyNbRl9jUH3an +rWEl0QLZM4eHnCZK3xjT4ldVJBxh3rpgJyhYvmc13viUsE1yVs2ARjnClAX9vl7L +sQLvfbrWk4TpSBA14A8puWhULEU2DGrmvfFFo5RsRjHnu+yDy6OZBiDShCnRFraR +Kmf9/w== +-----END X509 CRL----- diff --git a/test-ca/rsa-4096/inter.cert b/test-ca/rsa-4096/inter.cert new file mode 100644 index 0000000000..e89db40bca --- /dev/null +++ b/test-ca/rsa-4096/inter.cert @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFUTCCAzmgAwIBAgIBCjANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255 +dG93biBSU0EgNDA5NiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw +MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDQwOTYgbGV2ZWwgMiBpbnRlcm1l +ZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC66Ip2Q+5nD2XO +HYbS8ESBaJd331RJ+j52EwCHFs/UNMkhDV/R+lhlE34vTHV5/K0TkwSBgY4ePRId +pKkivi8lchHrm4Y6tSwjRbJoPO5GQxuZwyuM88nMBwilxnIYNuKTLxq4Pch8zkk5 +IGhRJFMRcwvfm3NfBWz+54i/ZZMcwP9k3yQNkK3eJcAykjn3wVxg1D2lF35h0LGu +SBYpMhwZpqz4z9NAvULuybQZc8w/XTO1OYtzBp4JFpCEzupC6BkhhN7Ttjkq0mfT +CngxdsvKRCu5T7Ta6wysp37Hg+bxk25/uYuAuGHzJLUSNCTfqn38ZKF+Iy92+Ntb +kYn28zMtEWwxlpk++vS/Q1Yr8H7PA3VxZXDI8cI8xO7hHWYW0lhbkXb7V2S/+Nyr +Kw/wXc9kwW8s8lut8FChJb77xku43KfsYf+JrpCiTn+VHTH3sv6A0ZK6lMYglLzc +e0QY27KZ4P1sBHbOrN/f0qJHqGzZkcyy6gtxvGT0j7zamjmBjjPjj8cxb0mjdcmr +UIFKlGCRRqoMkyOnnwHCGy+Kp9uP6XiKNa+YKXOSAJMcdvO7d/+m/vGRjflSwr5x +w2l/xka87ZmqawrbaU/lXCnZJws8JkufK01iUM8tkKMKJuBpSwuaFOvTxT1SI1lN +4f59UGRmcEJnFobiFf2IFfFI2xq7fwIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFDBm +GNKetHilNmxWjHmwe1ER3H2zMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFD12+yVHWrlgJrVL01xambe1uMim +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAFFRgG0j8rn21GYW +0wgajHVZ/xmvMUpcno3pfKp9u3CmvN/kKWUyzvLFEYxMsxqfkGe4bwWIi2BAC4oQ +T88ezOfvwnvWSKqx5kUCqqh0YScltA3AGeyNw8weB5f/4TrXiFQXatCl0OCxODqh +7kydekUrpZcU+S+VCxe6MceMM+734XBCqzgxO3MsrUUrZ4R89ZLvLgPAjZhbFjjb +qvMUJWZsplk5m6W2Fq7dTvUsOkWaQ3q5sGkzd7kbDFmDI3crqSILP5iVBc72BGeX +PBvY0onU6W4+JEO3RvkblrFPYO9MrA+MnRxwDNIYY6D6+T+uBvQ4kYm+tYd5XjtW +nF25g8sahKAS9cI55/iurcMc/aKwUpuDAKWhMXYYiC3Az+GXh+e6kbSxQYgKKYsF +ijvDXGxD0NNZSdNa7GquuSQDqg1+I0iToX478naRf0YZLyUFE+cXDroeRC9Gtpip +t31mSW+I711aNmZ1EZfYkvu0p54heaSe+018J5rA1dPvuf/VxTrrqsKBxZ5RpWJ7 +HxDTTsh6ZLN3epGdtTTMKO1JWdsjxWih4QE5xsE4QouFzurYv2SOe8cOYuTwKOMf +jU8zMXLzZZhC7MorbI6ZrvpAESYp4YufPm2E6iDb01dFHaAC+232i+PSpYSovM6U +5qqQq7jRjSJSMOllidL16LmSaj46 +-----END CERTIFICATE----- diff --git a/test-ca/rsa-4096/inter.der b/test-ca/rsa-4096/inter.der new file mode 100644 index 0000000000000000000000000000000000000000..b43d2bcdb4842d5f790fb11fa222db23ff1393a0 GIT binary patch literal 1365 zcmXqLVhuECVzyks%*4pV#K>j9%f_kI=F#?@mywZ|mBB#XP}V@2jX9KsnMb4`Kd-VR zzdTPNDA-ZK#K6)_!P(J3L7dmz)W8r3!5~V4A0&e$U|?vdZ=ee?LJiZ1oYb<^90enV z%)FA+qTJM!%*2vZgC-^=WQQ=aGB7tW@iPF$xtN-m7#ViG=qhu5m(HJhPPXmR2bac- z>E-uBJb&4h2{W{doxfsoQjs_Q;;)EQ;W~Yv(#k(;g(tH#HulNc3dt^6skBdDwMg*w z>^7^dI?Aq_GHl+tIZMwxtljhZlCq5psIr8qIY?|1mi0FxBzr$1Z|G2YSoBu=X`ILkCI-jD~eh65o zy6^Wf?;UrRze)Vxxo*NDzxt`NhTk{+Yq&UR*OX%lQ}*1cc9FQfY375!IV@%8*4)2; zX_5PioSPHRYD7EfZBEK~M*clrNi|2|Ia{TXyA||7nco zO?7S?HShV_zDWV+btf$5QhSi;%{@!x_2r|sLCTT75C7E$q@)!%rHi#a68+mD`qAUI z)b4sFW=00a#f{AdjSU9!z@#Os%pzeR)*xb#CUI%rmWrijIbl7O8>#~Z@6>KK-~%b( zXJq`(!U9a>{|sb7d{q`P0}(b3Z8k<$R(57aIEx7)&Br3fB4S(iTh%>kXM);R@5?b! zGq-QuablSPKS;MQ$TU_1W*~)}PJtN)m`)iP0s|Xzl|SwLb|p>hGKW-8Y2<&&^@d(C z^Lk&_tg78zux!u$Cz`27=RO@3?D5$wHGe|-j(paR?gR(!E&>1Za%Y~uKU96qW7WoI zu1u>|lq9OFZs9#3`KI^q89Dap{~uai?+6jky0G-ZgN+te3*Y(7t#Z{~I$h+a{#0)9 zU53YdjNg5KSm3nU!qB={XRWJtdP~jMN$>TT5A@E67PGj$>a&PyTF$aa%h^k}iLJZq z_f^Nrb(VA0&JCHy!*mET8{axAw5i z-$fgOW;Zh|U1(S)(V=_b{KM((&v#ASveB`FOS7A`%ldFkj`M}fk)D^M-ej%YslvR9 zw@%q(^1?dnPh}J9-6Zu@S%sgA^X-yz(RbT6W99bRG|&8w_pwoCX{CbGZ%q2VW%)eC z$|duD`_`z>I&k&!`QLj+d4Wrls^tYP`< Date: Fri, 15 Mar 2024 14:24:56 -0400 Subject: [PATCH 0906/1145] test-ca: remove legacy OpenSSL tooling/config --- test-ca/build-a-pki.sh | 258 ---------------------------------------- test-ca/crl-openssl.cnf | 13 -- test-ca/openssl.cnf | 27 ----- 3 files changed, 298 deletions(-) delete mode 100755 test-ca/build-a-pki.sh delete mode 100644 test-ca/crl-openssl.cnf delete mode 100644 test-ca/openssl.cnf diff --git a/test-ca/build-a-pki.sh b/test-ca/build-a-pki.sh deleted file mode 100755 index febe68a6d9..0000000000 --- a/test-ca/build-a-pki.sh +++ /dev/null @@ -1,258 +0,0 @@ -#!/usr/bin/env bash - -set -xe - -rm -rf rsa/ ecdsa-p256/ ecdsa-p384/ ecdsa-p521/ eddsa/ -mkdir -p rsa/ ecdsa-p256/ ecdsa-p384/ ecdsa-p521/ eddsa/ - -openssl req -nodes \ - -x509 \ - -days 3650 \ - -newkey rsa:4096 \ - -keyout rsa/ca.key \ - -out rsa/ca.cert \ - -sha256 \ - -batch \ - -subj "/CN=ponytown RSA CA" - -openssl req -nodes \ - -newkey rsa:3072 \ - -keyout rsa/inter.key \ - -out rsa/inter.req \ - -sha256 \ - -batch \ - -subj "/CN=ponytown RSA level 2 intermediate" - -openssl req -nodes \ - -newkey rsa:2048 \ - -keyout rsa/end.key \ - -out rsa/end.req \ - -sha256 \ - -batch \ - -subj "/CN=testserver.com" - -openssl rsa \ - -in rsa/end.key \ - -out rsa/end.rsa - -openssl req -nodes \ - -newkey rsa:2048 \ - -keyout rsa/client.key \ - -out rsa/client.req \ - -sha256 \ - -batch \ - -subj "/CN=ponytown client" - -openssl rsa \ - -in rsa/client.key \ - -out rsa/client.rsa - -# ecdsa -for curve in p256 p384 p521 ; do - case $curve in - p256) - openssl ecparam -name prime256v1 -out ecdsa-$curve/curve.pem - ;; - p384) - openssl ecparam -name secp384r1 -out ecdsa-$curve/curve.pem - ;; - p521) - openssl ecparam -name secp521r1 -out ecdsa-$curve/curve.pem - ;; - esac - - openssl req -nodes \ - -x509 \ - -newkey ec:ecdsa-$curve/curve.pem \ - -keyout ecdsa-$curve/ca.key \ - -out ecdsa-$curve/ca.cert \ - -sha256 \ - -batch \ - -days 3650 \ - -subj "/CN=ponytown ECDSA $curve CA" - - openssl req -nodes \ - -newkey ec:ecdsa-$curve/curve.pem \ - -keyout ecdsa-$curve/inter.key \ - -out ecdsa-$curve/inter.req \ - -sha256 \ - -batch \ - -days 3000 \ - -subj "/CN=ponytown ECDSA $curve level 2 intermediate" - - openssl req -nodes \ - -newkey ec:ecdsa-$curve/curve.pem \ - -keyout ecdsa-$curve/end.key \ - -out ecdsa-$curve/end.req \ - -sha256 \ - -batch \ - -days 2000 \ - -subj "/CN=testserver.com" - - openssl req -nodes \ - -newkey ec:ecdsa-$curve/curve.pem \ - -keyout ecdsa-$curve/client.key \ - -out ecdsa-$curve/client.req \ - -sha256 \ - -batch \ - -days 2000 \ - -subj "/CN=ponytown client" -done - -# eddsa - -# TODO: add support for Ed448 -# openssl genpkey -algorithm Ed448 -out eddsa/ca.key -openssl genpkey -algorithm Ed25519 -out eddsa/ca.key - -openssl req -nodes \ - -x509 \ - -key eddsa/ca.key \ - -out eddsa/ca.cert \ - -sha256 \ - -batch \ - -days 3650 \ - -subj "/CN=ponytown EdDSA CA" - -openssl genpkey -algorithm Ed25519 -out eddsa/inter.key - -openssl req -nodes \ - -new \ - -key eddsa/inter.key \ - -out eddsa/inter.req \ - -sha256 \ - -batch \ - -subj "/CN=ponytown EdDSA level 2 intermediate" - -openssl genpkey -algorithm Ed25519 -out eddsa/end.key - -openssl req -nodes \ - -new \ - -key eddsa/end.key \ - -out eddsa/end.req \ - -sha256 \ - -batch \ - -subj "/CN=testserver.com" - -# TODO: add support for Ed448 -# openssl genpkey -algorithm Ed448 -out eddsa/client.key -openssl genpkey -algorithm Ed25519 -out eddsa/client.key - -openssl req -nodes \ - -new \ - -key eddsa/client.key \ - -out eddsa/client.req \ - -sha256 \ - -batch \ - -subj "/CN=ponytown client" - -# Generate a CRL revoking a specific certificate, signed by the specified issuer. -# Arguments: -# 1. the key type (e.g. "rsa") -# 2. signature hash algorithm (e.g. "sha256") -# 3. the name of the issuer (e.g. "inter") -# 4. the name of the certificate to revoke (e.g. "end") -function gen_crl { - local kt=$1 - local hash=$2 - local issuer_name=$3 - local revoked_cert_name=$4 - - # Overwrite the CA state for each revocation - this avoids an - # "already revoked" error since we're re-using serial numbers across - # key types. - echo -n '' > index.txt - echo '1000' > crlnumber - - # Revoke the certificate in the openssl CA index. This produces a CRL but - # doesn't include the revoked certificate in the CRL... - openssl ca \ - -config ./crl-openssl.cnf \ - -keyfile "$kt/$issuer_name.key" \ - -cert "$kt/$issuer_name.cert" \ - -gencrl \ - -md $hash \ - -crldays 7 \ - -revoke "$kt/$revoked_cert_name.cert" \ - -crl_reason keyCompromise \ - -out "$kt/$revoked_cert_name.revoked.crl.pem" - - # Run -gencrl again to actually include the revoked certificate in the CRL. - openssl ca \ - -config ./crl-openssl.cnf \ - -keyfile "$kt/$issuer_name.key" \ - -cert "$kt/$issuer_name.cert" \ - -md $hash \ - -gencrl \ - -crldays 7 \ - -out "$kt/$revoked_cert_name.revoked.crl.pem" -} - -for kt in rsa ecdsa-p256 ecdsa-p384 ecdsa-p521 eddsa ; do - case $kt in - rsa) - hash=sha256 - ;; - ecdsa-p256) - hash=sha256 - ;; - ecdsa-p384) - hash=sha384 - ;; - ecdsa-p521) - hash=sha512 - ;; - eddsa) - hash=sha512 - ;; - esac - - openssl x509 -req \ - -in $kt/inter.req \ - -out $kt/inter.cert \ - -CA $kt/ca.cert \ - -CAkey $kt/ca.key \ - -$hash \ - -days 3650 \ - -set_serial 123 \ - -extensions v3_inter -extfile openssl.cnf - - openssl x509 -req \ - -in $kt/end.req \ - -out $kt/end.cert \ - -CA $kt/inter.cert \ - -CAkey $kt/inter.key \ - -$hash \ - -days 2000 \ - -set_serial 456 \ - -extensions v3_end -extfile openssl.cnf - - openssl x509 -req \ - -in $kt/client.req \ - -out $kt/client.cert \ - -CA $kt/inter.cert \ - -CAkey $kt/inter.key \ - -$hash \ - -days 2000 \ - -set_serial 789 \ - -extensions v3_client -extfile openssl.cnf - - # Generate a CRL revoking the client certificate - gen_crl $kt $hash inter client - # Generate a CRL revoking the server certificate - gen_crl $kt $hash inter end - # Generate a CRL revoking the intermediate certificate - gen_crl $kt $hash ca inter - - cat $kt/inter.cert $kt/ca.cert > $kt/end.chain - cat $kt/end.cert $kt/inter.cert $kt/ca.cert > $kt/end.fullchain - - cat $kt/inter.cert $kt/ca.cert > $kt/client.chain - cat $kt/client.cert $kt/inter.cert $kt/ca.cert > $kt/client.fullchain - - openssl asn1parse -in $kt/ca.cert -out $kt/ca.der > /dev/null -done - -# Tidy up openssl CA state. -rm index.txt* || true -rm crlnumber* || true diff --git a/test-ca/crl-openssl.cnf b/test-ca/crl-openssl.cnf deleted file mode 100644 index 2dc3e2cdf7..0000000000 --- a/test-ca/crl-openssl.cnf +++ /dev/null @@ -1,13 +0,0 @@ -# The bare minimum OpenSSL config required to issue CRLs with 'openssl ca' - -[ ca ] -default_ca = CA_default - -[ CA_default ] -database = ./index.txt -crlnumber = ./crlnumber -default_md = default -crl_extensions = crl_ext - -[ crl_ext ] -authorityKeyIdentifier=keyid:always diff --git a/test-ca/openssl.cnf b/test-ca/openssl.cnf deleted file mode 100644 index 549a5c4874..0000000000 --- a/test-ca/openssl.cnf +++ /dev/null @@ -1,27 +0,0 @@ - -[ v3_end ] -basicConstraints = critical,CA:false -keyUsage = nonRepudiation, digitalSignature -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always -subjectAltName = @alt_names - -[ v3_client ] -basicConstraints = critical,CA:false -keyUsage = nonRepudiation, digitalSignature -extendedKeyUsage = critical, clientAuth -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always - -[ v3_inter ] -subjectKeyIdentifier = hash -extendedKeyUsage = critical, serverAuth, clientAuth -basicConstraints = CA:true -keyUsage = cRLSign, keyCertSign, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign - -[ alt_names ] -DNS.1 = testserver.com -IP.1 = 198.51.100.1 -DNS.2 = second.testserver.com -IP.2 = 2001:db8::1 -DNS.3 = localhost From fa605bfff02d7c2b7b31cca01ea2f5faf003fc3d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 18 Mar 2024 12:49:06 -0400 Subject: [PATCH 0907/1145] test-ca: add README, point to test_ca.rs tool --- test-ca/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 test-ca/README.md diff --git a/test-ca/README.md b/test-ca/README.md new file mode 100644 index 0000000000..e16fc2109f --- /dev/null +++ b/test-ca/README.md @@ -0,0 +1,11 @@ +# Rustls Test CA + +This directory contains various test certificate authorities, intermediates, +end-entity, and client certificates that are used by Rustls integration tests. + +You can regenerate the data in this directory by running the +`rustls/examples/internal/test_ca.rs` tool: + +```bash +cargo run -p rustls --example test_ca +``` From 793553ea9915e957265c23a445af45e65b0839e6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 11 Apr 2024 11:00:49 -0400 Subject: [PATCH 0908/1145] docs: update ROADMAP post-quantum kex item Rustls 0.23.2 added the groundwork for opting in to experimental post-quantum key exchange support using `X25519Kyber768Draft00`. Afterwards the remaining required pieces were released in a separate crate, `rustls-post-quantum`. As a result this commit moves the post-quantum KEX feature from the Future priorities to the Past priorities. --- ROADMAP.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index a35fae0df6..a1b133c64b 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -29,13 +29,15 @@ In rough order of priority: consider implementing limits for TLS over TCP as well. rustls/rustls#755 +## Past priorities + +Delivered in 0.23.2: + * **Support Post-Quantum Hybrid Key Exchange**. Experimental, optional support for the `X25519Kyber768Draft00` key exchange. This should track [the draft](https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/). rustls/rustls#1687 -## Past priorities - Delivered in 0.23: * **FIPS Certification for Default Cryptographic Library**. From 5ed2c9739d0a4f2dc5cf70fbd3ab0e213a753b01 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 15 Apr 2024 09:31:31 -0400 Subject: [PATCH 0909/1145] deps: update cargo semver compatible deps * anyhow 1.0.81 -> 1.0.82 * async-trait 0.1.79 -> 0.1.80 * time 0.3.34 -> 0.3.36 --- Cargo.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6565061f07..c004bbe18d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -123,9 +123,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.81" +version = "1.0.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0952808a6c2afd1aa8947271f3a60f1a6763c7b912d210184c5149b5cf147247" +checksum = "f538837af36e6f6a9be0faa67f9a314f8119e4e4b5867c6ab40ed60360142519" [[package]] name = "asn1" @@ -304,9 +304,9 @@ checksum = "fbb36e985947064623dbd357f727af08ffd077f93d696782f3c56365fa2e2799" [[package]] name = "async-trait" -version = "0.1.79" +version = "0.1.80" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a507401cad91ec6a857ed5513a2073c82a9b9048762b885bb98655b306964681" +checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca" dependencies = [ "proc-macro2", "quote", @@ -2598,9 +2598,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.34" +version = "0.3.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749" +checksum = "5dfd88e563464686c916c7e46e623e520ddc6d79fa6641390f2e3fa86e83e885" dependencies = [ "deranged", "num-conv", From 740ca417738cdcf6e50e24837e8e085777fe3c5c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 16 Apr 2024 15:55:02 +0100 Subject: [PATCH 0910/1145] tests/api.rs: reformat --- rustls/tests/api.rs | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index d22a04f30a..d98689a045 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3377,8 +3377,10 @@ fn vectored_write_for_client_appdata() { fn vectored_write_for_server_handshake_with_half_rtt_data() { let mut server_config = make_server_config(KeyType::Rsa2048); server_config.send_half_rtt_data = true; - let (mut client, mut server) = - make_pair_for_configs(make_client_config_with_auth(KeyType::Rsa2048), server_config); + let (mut client, mut server) = make_pair_for_configs( + make_client_config_with_auth(KeyType::Rsa2048), + server_config, + ); server .writer() @@ -3417,8 +3419,10 @@ fn vectored_write_for_server_handshake_with_half_rtt_data() { } fn check_half_rtt_does_not_work(server_config: ServerConfig) { - let (mut client, mut server) = - make_pair_for_configs(make_client_config_with_auth(KeyType::Rsa2048), server_config); + let (mut client, mut server) = make_pair_for_configs( + make_client_config_with_auth(KeyType::Rsa2048), + server_config, + ); server .writer() @@ -6202,12 +6206,18 @@ fn test_client_removes_tls12_session_if_server_sends_undecryptable_first_message #[test] fn test_client_fips_service_indicator() { - assert_eq!(make_client_config(KeyType::Rsa2048).fips(), provider_is_fips()); + assert_eq!( + make_client_config(KeyType::Rsa2048).fips(), + provider_is_fips() + ); } #[test] fn test_server_fips_service_indicator() { - assert_eq!(make_server_config(KeyType::Rsa2048).fips(), provider_is_fips()); + assert_eq!( + make_server_config(KeyType::Rsa2048).fips(), + provider_is_fips() + ); } #[test] From d8a2ae040c697cc90e9c6581ac84ed7394382b0b Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 16 Apr 2024 15:55:14 +0100 Subject: [PATCH 0911/1145] Add API exposing shape of the performed handshake This allows callers to see if their handshake was Resumed, Full, or Full-with-HelloRetryRequest (which, broadly, are the three "cost" levels for handshakes). This is exposed as soon as it is known for sure. --- rustls/src/client/hs.rs | 3 +- rustls/src/client/tls12.rs | 4 ++- rustls/src/client/tls13.rs | 6 +++- rustls/src/common_state.rs | 37 +++++++++++++++++++++ rustls/src/lib.rs | 2 +- rustls/src/server/tls12.rs | 5 ++- rustls/src/server/tls13.rs | 11 ++++++- rustls/tests/api.rs | 66 ++++++++++++++++++++++++++++++++++++-- 8 files changed, 126 insertions(+), 8 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index b1accd5df6..a71b05bf15 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -16,7 +16,7 @@ use crate::check::inappropriate_handshake_message; use crate::client::client_conn::ClientConnectionData; use crate::client::common::ClientHelloDetails; use crate::client::{tls13, ClientConfig}; -use crate::common_state::{CommonState, State}; +use crate::common_state::{CommonState, HandshakeKind, State}; use crate::conn::ConnectionRandoms; use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm}; use crate::enums::{AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion}; @@ -843,6 +843,7 @@ impl ExpectServerHelloOrHelloRetryRequest { // HRR selects the ciphersuite. cx.common.suite = Some(cs); + cx.common.handshake_kind = Some(HandshakeKind::FullWithHelloRetryRequest); // This is the draft19 change where the transcript became a tree let transcript = self diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 46e9e50f28..bd1364f87e 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -13,7 +13,7 @@ use super::hs::ClientContext; use crate::check::{inappropriate_handshake_message, inappropriate_message}; use crate::client::common::{ClientAuthDetails, ServerCertDetails}; use crate::client::{hs, ClientConfig}; -use crate::common_state::{CommonState, Side, State}; +use crate::common_state::{CommonState, HandshakeKind, Side, State}; use crate::conn::ConnectionRandoms; use crate::crypto::KeyExchangeAlgorithm; use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; @@ -138,6 +138,7 @@ mod server_hello { .clone() .into_owned(), ); + cx.common.handshake_kind = Some(HandshakeKind::Resumed); let cert_verified = verify::ServerCertVerified::assertion(); let sig_verified = verify::HandshakeSignatureValid::assertion(); @@ -172,6 +173,7 @@ mod server_hello { } } + cx.common.handshake_kind = Some(HandshakeKind::Full); Ok(Box::new(ExpectCertificate { config: self.config, resuming_session: None, diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index a3c746e757..ffe84170fb 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -11,7 +11,7 @@ use super::hs::ClientContext; use crate::check::inappropriate_handshake_message; use crate::client::common::{ClientAuthDetails, ClientHelloDetails, ServerCertDetails}; use crate::client::{hs, ClientConfig, ClientSessionStore}; -use crate::common_state::{CommonState, Protocol, Side, State}; +use crate::common_state::{CommonState, HandshakeKind, Protocol, Side, State}; use crate::conn::ConnectionRandoms; use crate::crypto::ActiveKeyExchange; use crate::enums::{ @@ -425,6 +425,7 @@ impl State for ExpectEncryptedExtensions { .server_cert_chain() .clone(), ); + cx.common.handshake_kind = Some(HandshakeKind::Resumed); // We *don't* reverify the certificate chain here: resumption is a // continuation of the previous session in terms of security policy. @@ -445,6 +446,9 @@ impl State for ExpectEncryptedExtensions { if exts.early_data_extension_offered() { return Err(PeerMisbehaved::EarlyDataExtensionWithoutResumption.into()); } + cx.common + .handshake_kind + .get_or_insert(HandshakeKind::Full); Ok(Box::new(ExpectCertificateOrCertReq { config: self.config, server_name: self.server_name, diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 5ef47763f8..558990d629 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -26,6 +26,7 @@ use crate::{quic, record_layer}; /// Connection state common to both client and server connections. pub struct CommonState { pub(crate) negotiated_version: Option, + pub(crate) handshake_kind: Option, pub(crate) side: Side, pub(crate) record_layer: record_layer::RecordLayer, pub(crate) suite: Option, @@ -56,6 +57,7 @@ impl CommonState { pub(crate) fn new(side: Side) -> Self { Self { negotiated_version: None, + handshake_kind: None, side, record_layer: record_layer::RecordLayer::new(), suite: None, @@ -140,6 +142,17 @@ impl CommonState { self.negotiated_version } + /// Which kind of handshake was performed. + /// + /// This tells you whether the handshake was a resumption or not. + /// + /// This will return `Err(Error::HandshakeNotComplete)` before it is + /// known which sort of handshake occurred. + pub fn handshake_kind(&self) -> Result { + self.handshake_kind + .ok_or(Error::HandshakeNotComplete) + } + pub(crate) fn is_tls13(&self) -> bool { matches!(self.negotiated_version, Some(ProtocolVersion::TLSv1_3)) } @@ -682,6 +695,30 @@ impl CommonState { } } +/// Describes which sort of handshake happened. +#[derive(Debug, PartialEq, Clone, Copy)] +pub enum HandshakeKind { + /// A full handshake. + /// + /// This is the typical TLS connection initiation process when resumption is + /// not yet unavailable, and the initial `ClientHello` was accepted by the server. + Full, + + /// A full TLS1.3 handshake, with an extra round-trip for a `HelloRetryRequest`. + /// + /// The server can respond with a `HelloRetryRequest` if the initial `ClientHello` + /// is unacceptable for several reasons, the most likely if no supported key + /// shares were offered by the client. + FullWithHelloRetryRequest, + + /// A resumed handshake. + /// + /// Resumed handshakes involve fewer round trips and less cryptography than + /// full ones, but can only happen when the peers have previously done a full + /// handshake together, and then remember data about it. + Resumed, +} + /// Values of this structure are returned from [`Connection::process_new_packets`] /// and tell the caller the current I/O state of the TLS connection. /// diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index d5708f2df2..8781462510 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -499,7 +499,7 @@ pub mod unbuffered { // The public interface is: pub use crate::builder::{ConfigBuilder, ConfigSide, WantsVerifier, WantsVersions}; -pub use crate::common_state::{CommonState, IoState, Side}; +pub use crate::common_state::{CommonState, HandshakeKind, IoState, Side}; #[cfg(feature = "std")] pub use crate::conn::{Connection, Reader, Writer}; pub use crate::conn::{ConnectionCommon, SideData}; diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 1b337f1781..4fb9f30d54 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -13,7 +13,7 @@ use super::common::ActiveCertifiedKey; use super::hs::{self, ServerContext}; use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData}; use crate::check::inappropriate_message; -use crate::common_state::{CommonState, Side, State}; +use crate::common_state::{CommonState, HandshakeKind, Side, State}; use crate::conn::ConnectionRandoms; use crate::crypto::ActiveKeyExchange; use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; @@ -192,6 +192,8 @@ mod client_hello { self.session_id = SessionId::random(self.config.provider.secure_random)?; } + cx.common.handshake_kind = Some(HandshakeKind::Full); + self.send_ticket = emit_server_hello( &self.config, &mut self.transcript, @@ -290,6 +292,7 @@ mod client_hello { cx.common .start_encryption_tls12(&secrets, Side::Server); cx.common.peer_certificates = resumedata.client_cert_chain; + cx.common.handshake_kind = Some(HandshakeKind::Resumed); if self.send_ticket { let now = self.config.current_time()?; diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index de8f41cea7..feb8227cda 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -11,7 +11,7 @@ use subtle::ConstantTimeEq; use super::hs::{self, HandshakeHashOrBuffer, ServerContext}; use super::server_conn::ServerConnectionData; use crate::check::{inappropriate_handshake_message, inappropriate_message}; -use crate::common_state::{CommonState, Protocol, Side, State}; +use crate::common_state::{CommonState, HandshakeKind, Protocol, Side, State}; use crate::conn::ConnectionRandoms; use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; @@ -329,6 +329,14 @@ mod client_hello { emit_fake_ccs(cx.common); } + if full_handshake { + cx.common + .handshake_kind + .get_or_insert(HandshakeKind::Full); + } else { + cx.common.handshake_kind = Some(HandshakeKind::Resumed); + } + let mut ocsp_response = server_key.get_ocsp(); let doing_early_data = emit_encrypted_extensions( &mut self.transcript, @@ -555,6 +563,7 @@ mod client_hello { transcript.rollup_for_hrr(); transcript.add_message(&m); common.send_msg(m, false); + common.handshake_kind = Some(HandshakeKind::FullWithHelloRetryRequest); } fn decide_if_early_data_allowed( diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index d98689a045..112f1815a8 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -34,8 +34,8 @@ use rustls::internal::msgs::message::{Message, MessagePayload}; use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert}; use rustls::SupportedCipherSuite; use rustls::{ - sign, AlertDescription, CertificateError, ConnectionCommon, ContentType, Error, InvalidMessage, - KeyLog, PeerIncompatible, PeerMisbehaved, SideData, + sign, AlertDescription, CertificateError, ConnectionCommon, ContentType, Error, HandshakeKind, + InvalidMessage, KeyLog, PeerIncompatible, PeerMisbehaved, SideData, }; use rustls::{CipherSuite, ProtocolVersion, SignatureScheme}; use rustls::{ClientConfig, ClientConnection}; @@ -506,6 +506,29 @@ fn server_can_get_client_cert_after_resumption() { } } +#[test] +fn resumption_combinations() { + for kt in ALL_KEY_TYPES { + let server_config = make_server_config(*kt); + for version in rustls::ALL_VERSIONS { + let client_config = make_client_config_with_versions(*kt, &[version]); + let (mut client, mut server) = + make_pair_for_configs(client_config.clone(), server_config.clone()); + do_handshake(&mut client, &mut server); + + assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Full)); + assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Full)); + + let (mut client, mut server) = + make_pair_for_configs(client_config.clone(), server_config.clone()); + do_handshake(&mut client, &mut server); + + assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Resumed)); + assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Resumed)); + } + } +} + #[test] fn test_config_builders_debug() { if !provider_is_ring() { @@ -3759,6 +3782,8 @@ fn tls13_stateful_resumption() { .map(|certs| certs.len()), Some(3) ); + assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Full)); + assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Full)); // resumed let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); @@ -3774,6 +3799,8 @@ fn tls13_stateful_resumption() { .map(|certs| certs.len()), Some(3) ); + assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Resumed)); + assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Resumed)); // resumed again let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); @@ -3789,6 +3816,8 @@ fn tls13_stateful_resumption() { .map(|certs| certs.len()), Some(3) ); + assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Resumed)); + assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Resumed)); } #[test] @@ -3815,6 +3844,8 @@ fn tls13_stateless_resumption() { .map(|certs| certs.len()), Some(3) ); + assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Full)); + assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Full)); // resumed let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); @@ -3830,6 +3861,8 @@ fn tls13_stateless_resumption() { .map(|certs| certs.len()), Some(3) ); + assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Resumed)); + assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Resumed)); // resumed again let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); @@ -3845,6 +3878,8 @@ fn tls13_stateless_resumption() { .map(|certs| certs.len()), Some(3) ); + assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Resumed)); + assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Resumed)); } #[test] @@ -4740,6 +4775,9 @@ fn test_client_sends_helloretryrequest() { let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + assert_eq!(client.handshake_kind(), Err(Error::HandshakeNotComplete)); + assert_eq!(server.handshake_kind(), Err(Error::HandshakeNotComplete)); + // client sends hello { let mut pipe = OtherSession::new(&mut server); @@ -4749,6 +4787,12 @@ fn test_client_sends_helloretryrequest() { assert!(pipe.writevs[0].len() == 1); } + assert_eq!(client.handshake_kind(), Err(Error::HandshakeNotComplete)); + assert_eq!( + server.handshake_kind(), + Ok(HandshakeKind::FullWithHelloRetryRequest) + ); + // server sends HRR { let mut pipe = OtherSession::new(&mut client); @@ -4758,6 +4802,15 @@ fn test_client_sends_helloretryrequest() { assert!(pipe.writevs[0].len() == 2); // hello retry request and CCS } + assert_eq!( + client.handshake_kind(), + Ok(HandshakeKind::FullWithHelloRetryRequest) + ); + assert_eq!( + server.handshake_kind(), + Ok(HandshakeKind::FullWithHelloRetryRequest) + ); + // client sends fixed hello { let mut pipe = OtherSession::new(&mut server); @@ -4776,6 +4829,15 @@ fn test_client_sends_helloretryrequest() { assert!(pipe.writevs[0].len() == 5); // server hello / encrypted exts / cert / cert-verify / finished } + assert_eq!( + client.handshake_kind(), + Ok(HandshakeKind::FullWithHelloRetryRequest) + ); + assert_eq!( + server.handshake_kind(), + Ok(HandshakeKind::FullWithHelloRetryRequest) + ); + do_handshake_until_error(&mut client, &mut server).unwrap(); // client only did following storage queries: From d2e1e668aae3d9807ffa782ea29ed26f2778371d Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 16 Apr 2024 15:31:43 +0100 Subject: [PATCH 0912/1145] bogo: verify expected handshake kind --- rustls/examples/internal/bogo_shim_impl.rs | 40 ++++++++++++++++++---- 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 9edf1c530b..ca4bc1b93b 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -24,9 +24,9 @@ use rustls::server::danger::{ClientCertVerified, ClientCertVerifier}; use rustls::server::{ClientHello, ServerConfig, ServerConnection, WebPkiClientVerifier}; use rustls::{ client, server, sign, version, AlertDescription, CertificateError, Connection, - DigitallySignedStruct, DistinguishedName, Error, InvalidMessage, NamedGroup, PeerIncompatible, - PeerMisbehaved, ProtocolVersion, RootCertStore, Side, SignatureAlgorithm, SignatureScheme, - SupportedProtocolVersion, + DigitallySignedStruct, DistinguishedName, Error, HandshakeKind, InvalidMessage, NamedGroup, + PeerIncompatible, PeerMisbehaved, ProtocolVersion, RootCertStore, Side, SignatureAlgorithm, + SignatureScheme, SupportedProtocolVersion, }; static BOGO_NACK: i32 = 89; @@ -84,6 +84,8 @@ struct Options { resumption_delay: u32, queue_early_data_after_received_messages: Vec, require_ems: bool, + expect_handshake_kind: Option>, + expect_handshake_kind_resumed: Option>, } impl Options { @@ -134,6 +136,8 @@ impl Options { resumption_delay: 0, queue_early_data_after_received_messages: vec![], require_ems: false, + expect_handshake_kind: None, + expect_handshake_kind_resumed: Some(vec![HandshakeKind::Resumed]), } } @@ -967,6 +971,18 @@ fn exec(opts: &Options, mut sess: Connection, count: usize) { } } + if opts.expect_handshake_kind.is_some() && !sess.is_handshaking() { + let expected_options = opts + .expect_handshake_kind + .as_ref() + .unwrap(); + let actual = sess.handshake_kind().unwrap(); + assert!( + expected_options.contains(&actual), + "wanted to see {expected_options:?} but got {actual:?}" + ); + } + let mut buf = [0u8; 1024]; let len = match sess .reader() @@ -1131,8 +1147,6 @@ pub fn main() { "-expect-secure-renegotiation" | "-expect-no-session-id" | "-enable-ed25519" | - "-expect-hrr" | - "-expect-no-hrr" | "-on-resume-expect-no-offer-early-data" | "-key-update" | //< we could implement an API for this "-expect-tls13-downgrade" | @@ -1141,6 +1155,18 @@ pub fn main() { println!("not checking {}; NYI", arg); } + "-expect-hrr" => { + opts.expect_handshake_kind = Some(vec![HandshakeKind::FullWithHelloRetryRequest]); + } + "-expect-no-hrr" => { + opts.expect_handshake_kind = Some(vec![HandshakeKind::Full]); + } + "-expect-session-miss" => { + opts.expect_handshake_kind_resumed = Some(vec![ + HandshakeKind::Full, + HandshakeKind::FullWithHelloRetryRequest + ]); + } "-export-keying-material" => { opts.export_keying_material = args.remove(0).parse::().unwrap(); } @@ -1276,7 +1302,6 @@ pub fn main() { "-ipv6" | "-decline-alpn" | "-expect-no-session" | - "-expect-session-miss" | "-expect-ticket-renewal" | "-enable-ocsp-stapling" | // internal openssl details: @@ -1388,5 +1413,8 @@ pub fn main() { opts.tickets = false; server_cfg = Some(make_server_cfg(&opts)); } + opts.expect_handshake_kind = opts + .expect_handshake_kind_resumed + .clone(); } } From 5ea02ed56fdba5cf5195d01476e8ce8fd80f1d77 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 17 Apr 2024 09:44:27 +0100 Subject: [PATCH 0913/1145] Return `Option` from `handshake_kind()` --- rustls/src/common_state.rs | 7 +++--- rustls/tests/api.rs | 48 +++++++++++++++++++------------------- 2 files changed, 27 insertions(+), 28 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 558990d629..a1afbb3e25 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -146,11 +146,10 @@ impl CommonState { /// /// This tells you whether the handshake was a resumption or not. /// - /// This will return `Err(Error::HandshakeNotComplete)` before it is - /// known which sort of handshake occurred. - pub fn handshake_kind(&self) -> Result { + /// This will return `None` before it is known which sort of + /// handshake occurred. + pub fn handshake_kind(&self) -> Option { self.handshake_kind - .ok_or(Error::HandshakeNotComplete) } pub(crate) fn is_tls13(&self) -> bool { diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 112f1815a8..0774e61eaf 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -516,15 +516,15 @@ fn resumption_combinations() { make_pair_for_configs(client_config.clone(), server_config.clone()); do_handshake(&mut client, &mut server); - assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Full)); - assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Full)); + assert_eq!(client.handshake_kind(), Some(HandshakeKind::Full)); + assert_eq!(server.handshake_kind(), Some(HandshakeKind::Full)); let (mut client, mut server) = make_pair_for_configs(client_config.clone(), server_config.clone()); do_handshake(&mut client, &mut server); - assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Resumed)); - assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Resumed)); + assert_eq!(client.handshake_kind(), Some(HandshakeKind::Resumed)); + assert_eq!(server.handshake_kind(), Some(HandshakeKind::Resumed)); } } } @@ -3782,8 +3782,8 @@ fn tls13_stateful_resumption() { .map(|certs| certs.len()), Some(3) ); - assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Full)); - assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Full)); + assert_eq!(client.handshake_kind(), Some(HandshakeKind::Full)); + assert_eq!(server.handshake_kind(), Some(HandshakeKind::Full)); // resumed let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); @@ -3799,8 +3799,8 @@ fn tls13_stateful_resumption() { .map(|certs| certs.len()), Some(3) ); - assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Resumed)); - assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Resumed)); + assert_eq!(client.handshake_kind(), Some(HandshakeKind::Resumed)); + assert_eq!(server.handshake_kind(), Some(HandshakeKind::Resumed)); // resumed again let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); @@ -3816,8 +3816,8 @@ fn tls13_stateful_resumption() { .map(|certs| certs.len()), Some(3) ); - assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Resumed)); - assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Resumed)); + assert_eq!(client.handshake_kind(), Some(HandshakeKind::Resumed)); + assert_eq!(server.handshake_kind(), Some(HandshakeKind::Resumed)); } #[test] @@ -3844,8 +3844,8 @@ fn tls13_stateless_resumption() { .map(|certs| certs.len()), Some(3) ); - assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Full)); - assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Full)); + assert_eq!(client.handshake_kind(), Some(HandshakeKind::Full)); + assert_eq!(server.handshake_kind(), Some(HandshakeKind::Full)); // resumed let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); @@ -3861,8 +3861,8 @@ fn tls13_stateless_resumption() { .map(|certs| certs.len()), Some(3) ); - assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Resumed)); - assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Resumed)); + assert_eq!(client.handshake_kind(), Some(HandshakeKind::Resumed)); + assert_eq!(server.handshake_kind(), Some(HandshakeKind::Resumed)); // resumed again let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); @@ -3878,8 +3878,8 @@ fn tls13_stateless_resumption() { .map(|certs| certs.len()), Some(3) ); - assert_eq!(client.handshake_kind(), Ok(HandshakeKind::Resumed)); - assert_eq!(server.handshake_kind(), Ok(HandshakeKind::Resumed)); + assert_eq!(client.handshake_kind(), Some(HandshakeKind::Resumed)); + assert_eq!(server.handshake_kind(), Some(HandshakeKind::Resumed)); } #[test] @@ -4775,8 +4775,8 @@ fn test_client_sends_helloretryrequest() { let (mut client, mut server) = make_pair_for_configs(client_config, server_config); - assert_eq!(client.handshake_kind(), Err(Error::HandshakeNotComplete)); - assert_eq!(server.handshake_kind(), Err(Error::HandshakeNotComplete)); + assert_eq!(client.handshake_kind(), None); + assert_eq!(server.handshake_kind(), None); // client sends hello { @@ -4787,10 +4787,10 @@ fn test_client_sends_helloretryrequest() { assert!(pipe.writevs[0].len() == 1); } - assert_eq!(client.handshake_kind(), Err(Error::HandshakeNotComplete)); + assert_eq!(client.handshake_kind(), None); assert_eq!( server.handshake_kind(), - Ok(HandshakeKind::FullWithHelloRetryRequest) + Some(HandshakeKind::FullWithHelloRetryRequest) ); // server sends HRR @@ -4804,11 +4804,11 @@ fn test_client_sends_helloretryrequest() { assert_eq!( client.handshake_kind(), - Ok(HandshakeKind::FullWithHelloRetryRequest) + Some(HandshakeKind::FullWithHelloRetryRequest) ); assert_eq!( server.handshake_kind(), - Ok(HandshakeKind::FullWithHelloRetryRequest) + Some(HandshakeKind::FullWithHelloRetryRequest) ); // client sends fixed hello @@ -4831,11 +4831,11 @@ fn test_client_sends_helloretryrequest() { assert_eq!( client.handshake_kind(), - Ok(HandshakeKind::FullWithHelloRetryRequest) + Some(HandshakeKind::FullWithHelloRetryRequest) ); assert_eq!( server.handshake_kind(), - Ok(HandshakeKind::FullWithHelloRetryRequest) + Some(HandshakeKind::FullWithHelloRetryRequest) ); do_handshake_until_error(&mut client, &mut server).unwrap(); From 1f5146cdfa9198ba75534a86243d3c4e1a94ca61 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 18 Apr 2024 13:43:27 -0400 Subject: [PATCH 0914/1145] docs: update SECURITY example The existing example should be easy enough to understand, but it's also easy enough to update for the current major releases for maximum clarity. --- SECURITY.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 2bf8066740..bb0e868ff4 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -5,13 +5,20 @@ Security fixes will be backported only to the rustls versions for which the original semver-compatible release was published less than 2 years ago. -For example, as of 2023-06-13 the latest release is 0.21.1. +For example, as of 2024-04-18 the latest release is 0.23.4. +* 0.23.0 was released in February of 2024 +* 0.22.0 was released in December of 2023 * 0.21.0 was released in March of 2023 * 0.20.0 was released in September of 2021 * 0.19.0 was released in November of 2020 -Therefore 0.20.x and 0.21.x will be updated, while 0.19.x will not be. +Therefore 0.23.x, 0.22.x and 0.21.x will be updated, while 0.20.x and 0.19.x +will not be. + +_Note: We use the date of `crates.io` publication when evaluating the security +policy. For example, while the Rustls 0.20.0 GitHub release note was created +Jul, 2023 the actual release in `crates.io` was published in Sept. 2021._ ## Reporting a Vulnerability From f45664fbded03d833dffd806503d3c8becd1b71e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 18 Apr 2024 09:01:36 +0100 Subject: [PATCH 0915/1145] Don't specially handle unauthenticated close_notify alerts --- rustls/src/common_state.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index a1afbb3e25..19589cf6dd 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -431,8 +431,8 @@ impl CommonState { } // If we get a CloseNotify, make a note to declare EOF to our - // caller. - if alert.description == AlertDescription::CloseNotify { + // caller. But do not treat unauthenticated alerts like this. + if self.may_receive_application_data && alert.description == AlertDescription::CloseNotify { self.has_received_close_notify = true; return Ok(()); } From 2123576840aa31043a31b0770e6572136fbe0c2d Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 18 Apr 2024 08:54:37 +0100 Subject: [PATCH 0916/1145] Regression test for `complete_io` infinite loop bug --- rustls/tests/api.rs | 51 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 0774e61eaf..61a9fce73b 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -6306,6 +6306,57 @@ fn test_server_fips_service_indicator_includes_require_ems() { assert!(!server_config.fips()); } +#[test] +fn test_complete_io_errors_if_close_notify_received_too_early() { + let mut server = ServerConnection::new(Arc::new(make_server_config(KeyType::Rsa2048))).unwrap(); + let client_hello_followed_by_close_notify_alert = b"\ + \x16\x03\x01\x00\xc8\x01\x00\x00\xc4\x03\x03\xec\x12\xdd\x17\x64\ + \xa4\x39\xfd\x7e\x8c\x85\x46\xb8\x4d\x1e\xa0\x6e\xb3\xd7\xa0\x51\ + \xf0\x3c\xb8\x17\x47\x0d\x4c\x54\xc5\xdf\x72\x00\x00\x1c\xea\xea\ + \xc0\x2b\xc0\x2f\xc0\x2c\xc0\x30\xcc\xa9\xcc\xa8\xc0\x13\xc0\x14\ + \x00\x9c\x00\x9d\x00\x2f\x00\x35\x00\x0a\x01\x00\x00\x7f\xda\xda\ + \x00\x00\xff\x01\x00\x01\x00\x00\x00\x00\x16\x00\x14\x00\x00\x11\ + \x77\x77\x77\x2e\x77\x69\x6b\x69\x70\x65\x64\x69\x61\x2e\x6f\x72\ + \x67\x00\x17\x00\x00\x00\x23\x00\x00\x00\x0d\x00\x14\x00\x12\x04\ + \x03\x08\x04\x04\x01\x05\x03\x08\x05\x05\x01\x08\x06\x06\x01\x02\ + \x01\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\x12\x00\x00\x00\x10\ + \x00\x0e\x00\x0c\x02\x68\x32\x08\x68\x74\x74\x70\x2f\x31\x2e\x31\ + \x75\x50\x00\x00\x00\x0b\x00\x02\x01\x00\x00\x0a\x00\x0a\x00\x08\ + \x1a\x1a\x00\x1d\x00\x17\x00\x18\x1a\x1a\x00\x01\x00\ + \x15\x03\x03\x00\x02\x01\x00"; + + let mut stream = FakeStream(client_hello_followed_by_close_notify_alert); + assert_eq!( + server + .complete_io(&mut stream) + .unwrap_err() + .kind(), + io::ErrorKind::UnexpectedEof + ); +} + +struct FakeStream<'a>(&'a [u8]); + +impl<'a> io::Read for FakeStream<'a> { + fn read(&mut self, b: &mut [u8]) -> io::Result { + let take = core::cmp::min(b.len(), self.0.len()); + let (taken, remain) = self.0.split_at(take); + b[..take].copy_from_slice(taken); + self.0 = remain; + Ok(take) + } +} + +impl<'a> io::Write for FakeStream<'a> { + fn write(&mut self, b: &[u8]) -> io::Result { + Ok(b.len()) + } + + fn flush(&mut self) -> io::Result<()> { + Ok(()) + } +} + } // test_for_each_provider! #[derive(Default, Debug)] From 6e938bcfe82a9da7a2e1cbf10b928c7eca26426e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 18 Apr 2024 09:08:59 +0100 Subject: [PATCH 0917/1145] complete_io: bail out if progress is impossible Have a test that demonstrates another route to reaching this state: a fully & cleanly closed connection. --- rustls/src/conn.rs | 5 +++++ rustls/tests/api.rs | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index d6d06cdc9b..2a046895a1 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -553,6 +553,11 @@ impl ConnectionCommon { loop { let until_handshaked = self.is_handshaking(); + if !self.wants_write() && !self.wants_read() { + // We will make no further progress. + return Ok((rdlen, wrlen)); + } + while self.wants_write() { wrlen += self.write_tls(io)?; } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 61a9fce73b..f7c0b80d4f 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -6335,6 +6335,44 @@ fn test_complete_io_errors_if_close_notify_received_too_early() { ); } +#[test] +fn test_complete_io_with_no_io_needed() { + let (mut client, mut server) = make_pair(KeyType::Rsa2048); + do_handshake(&mut client, &mut server); + client + .writer() + .write_all(b"hello") + .unwrap(); + client.send_close_notify(); + transfer(&mut client, &mut server); + server.process_new_packets().unwrap(); + server + .writer() + .write_all(b"hello") + .unwrap(); + server.send_close_notify(); + transfer(&mut server, &mut client); + client.process_new_packets().unwrap(); + + // neither want any IO: both directions are closed. + assert!(!client.wants_write()); + assert!(!client.wants_read()); + assert!(!server.wants_write()); + assert!(!server.wants_read()); + assert_eq!( + client + .complete_io(&mut FakeStream(&[])) + .unwrap(), + (0, 0) + ); + assert_eq!( + server + .complete_io(&mut FakeStream(&[])) + .unwrap(), + (0, 0) + ); +} + struct FakeStream<'a>(&'a [u8]); impl<'a> io::Read for FakeStream<'a> { From 14cb5d2eac709f6c9bd46c697f090bb1f1543db1 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 18 Apr 2024 09:41:02 +0100 Subject: [PATCH 0918/1145] Prepare 0.23.5 --- Cargo.lock | 14 +++++++------- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c004bbe18d..3a25d52061 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2175,7 +2175,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.4" +version = "0.23.5" dependencies = [ "aws-lc-rs", "base64 0.22.0", @@ -2209,7 +2209,7 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls 0.23.4", + "rustls 0.23.5", "rustls-pemfile 2.1.2", "rustls-pki-types", "tikv-jemallocator", @@ -2222,7 +2222,7 @@ dependencies = [ "hickory-resolver", "regex", "ring", - "rustls 0.23.4", + "rustls 0.23.5", ] [[package]] @@ -2235,7 +2235,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.4", + "rustls 0.23.5", "rustls-pemfile 2.1.2", "rustls-pki-types", "serde", @@ -2253,7 +2253,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.4", + "rustls 0.23.5", "rustls-pemfile 2.1.2", "rustls-pki-types", ] @@ -2289,7 +2289,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.4", + "rustls 0.23.5", "webpki-roots 0.26.1", ] @@ -2311,7 +2311,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.4", + "rustls 0.23.5", "rustls-pki-types", "rustls-webpki 0.102.2", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 6de4a5dcad..16b7019179 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -360,7 +360,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.4" +version = "0.23.5" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 8cff9390f2..da6c4aee1e 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.4" +version = "0.23.5" edition = "2021" rust-version = "1.61" license = "Apache-2.0 OR ISC OR MIT" From dd0b2cea2979996bb55e53426624b2a2e219c4ac Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 18 Apr 2024 11:34:06 -0400 Subject: [PATCH 0919/1145] proj: MSRV 1.61 -> 1.63 We're seeing more of our deps move to this MSRV or higher (e.g. `webpki`, `rustls-platform-verifier`) and it's shipped in Debian stable. Time to move our MSRV to 1.63. --- .github/workflows/build.yml | 2 +- README.md | 2 +- rustls/Cargo.toml | 2 +- rustls/src/lib.rs | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2723948397..c42b4910ea 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -102,7 +102,7 @@ jobs: - uses: dtolnay/rust-toolchain@master with: - toolchain: "1.61" + toolchain: "1.63" - run: cargo check --locked --lib --all-features -p rustls diff --git a/README.md b/README.md index 01db620444..d0df253257 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ to a wider set of architectures and environments, or compliance requirements. S Specifying `default-features = false` when depending on rustls will remove the dependency on aws-lc-rs. -Rustls requires Rust 1.61 or later. +Rustls requires Rust 1.63 or later. [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 [`crypto::CryptoProvider`]: https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index da6c4aee1e..bf50c3bf40 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -2,7 +2,7 @@ name = "rustls" version = "0.23.5" edition = "2021" -rust-version = "1.61" +rust-version = "1.63" license = "Apache-2.0 OR ISC OR MIT" readme = "../README.md" description = "Rustls is a modern TLS library written in Rust." diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 8781462510..24243ece85 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -24,7 +24,7 @@ //! Specifying `default-features = false` when depending on rustls will remove the //! dependency on aws-lc-rs. //! -//! Rustls requires Rust 1.61 or later. +//! Rustls requires Rust 1.63 or later. //! //! [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 //! [`crypto::CryptoProvider`]: crate::crypto::CryptoProvider From f57d4b79549ac97a77b52d7dd5189477c72eb20f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 18 Apr 2024 11:41:36 -0400 Subject: [PATCH 0920/1145] proj: fix clippy::unnecessary_lazy_evaluation findings Of the form: ``` error: unnecessary closure used with `bool::then` --> rustls/src/tls13/mod.rs:42:9 | 42 | / (prev.common.hash_provider.algorithm() == self.common.hash_provider.algorithm()) 43 | | .then(|| prev) | |______________------------^ | | | help: use `then_some(..)` instead: `then_some(prev)` | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#unnecessary_lazy_evaluations = note: `-D clippy::unnecessary-lazy-evaluations` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(clippy::unnecessary_lazy_evaluations)]` ``` --- rustls/src/server/hs.rs | 2 +- rustls/src/server/tls13.rs | 2 +- rustls/src/tls13/mod.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index d49d8f5e0e..76cef8bcba 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -509,7 +509,7 @@ impl ExpectClientHello { .find_map(|maybe_skxg| match maybe_skxg { Some(skxg) => suite .usable_for_kx_algorithm(skxg.name().key_exchange_algorithm()) - .then(|| *skxg), + .then_some(*skxg), None => None, }); diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index feb8227cda..b18f39da49 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -174,7 +174,7 @@ mod client_hello { // See if there is a KeyShare for the selected kx group. let chosen_share_and_kxg = shares_ext.iter().find_map(|share| { - (share.group == selected_kxg.name()).then(|| (share, selected_kxg)) + (share.group == selected_kxg.name()).then_some((share, selected_kxg)) }); let chosen_share_and_kxg = match chosen_share_and_kxg { diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index e41c65fed2..25834c63f1 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -40,7 +40,7 @@ impl Tls13CipherSuite { /// Can a session using suite self resume from suite prev? pub fn can_resume_from(&self, prev: &'static Self) -> Option<&'static Self> { (prev.common.hash_provider.algorithm() == self.common.hash_provider.algorithm()) - .then(|| prev) + .then_some(prev) } /// Return `true` if this is backed by a FIPS-approved implementation. From 7b936042cc936bea5defcfc3fdec6d05b692a996 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Wed, 24 Apr 2024 19:50:07 +0100 Subject: [PATCH 0921/1145] Install golang on macos runners The macos-latest runner no longer comes with golang preinstalled. Note that the fips build is not technically certified on macos, but it is still nonetheless useful to defend the ability to do `cargo test --all-features` on developer laptops. --- .github/workflows/build.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c42b4910ea..a35b70255d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -56,6 +56,12 @@ jobs: if: runner.os == 'Windows' uses: seanmiddleditch/gha-setup-ninja@v4 + - name: Install golang for aws-lc-fips-sys on macos + if: runner.os == 'MacOS' + uses: actions/setup-go@v5 + with: + go-version: "1.22.2" + - name: cargo build (debug; default features) run: cargo build --locked From a74f9d531b49904a3b328f00740717fb8862a870 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 22 Apr 2024 11:07:05 -0400 Subject: [PATCH 0922/1145] deps: update cargo semver compatible deps Updating hickory-resolver v0.24.0 -> v0.24.1 Updating serde v1.0.197 -> v1.0.198 Updating serde_derive v1.0.197 -> v1.0.198 Updating serde_json v1.0.115 -> v1.0.116 Updating aws-lc-rs v1.6.4 -> v1.7.0 Updating aws-lc-sys v0.14.1 -> v0.15.0 Updating hashbrown v0.13.2 -> v0.14.3 --- Cargo.lock | 54 +++++++++++++++++++++++------------------------ rustls/Cargo.toml | 2 +- 2 files changed, 27 insertions(+), 29 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3a25d52061..0abd839416 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -54,9 +54,9 @@ dependencies = [ [[package]] name = "ahash" -version = "0.8.9" +version = "0.8.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d713b3834d76b85304d4d525563c1276e2e30dc97cc67bfb4585a4a29fc2c89f" +checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011" dependencies = [ "cfg-if", "once_cell", @@ -341,9 +341,9 @@ dependencies = [ [[package]] name = "aws-lc-rs" -version = "1.6.4" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f379c4e505c0692333bd90a334baa234990faa06bdabefd3261f765946aa920" +checksum = "5509d663b2c00ee421bda8d6a24d6c42e15970957de1701b8df9f6fbe5707df1" dependencies = [ "aws-lc-fips-sys", "aws-lc-sys", @@ -355,11 +355,12 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.14.1" +version = "0.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68aa3d613f42dbf301dbbcaf3dc260805fd33ffd95f6d290ad7231a9e5d877a7" +checksum = "8d5d317212c2a78d86ba6622e969413c38847b62f48111f8b763af3dac2f9840" dependencies = [ "bindgen", + "cc", "cmake", "dunce", "fs_extra", @@ -495,6 +496,9 @@ name = "cc" version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f9fa1897e4325be0d68d48df6aa1a71ac2ed4d27723887e7754192705350730" +dependencies = [ + "libc", +] [[package]] name = "cexpr" @@ -1141,19 +1145,13 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.13.2" +version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e" +checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" dependencies = [ "ahash", ] -[[package]] -name = "hashbrown" -version = "0.14.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" - [[package]] name = "heck" version = "0.4.1" @@ -1211,9 +1209,9 @@ dependencies = [ [[package]] name = "hickory-resolver" -version = "0.24.0" +version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35b8f021164e6a984c9030023544c57789c51760065cd510572fedcfb04164e8" +checksum = "28757f23aa75c98f254cf0405e6d8c25b831b32921b050a66692427679b1f243" dependencies = [ "cfg-if", "futures-util", @@ -1353,7 +1351,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "233cf39063f058ea2caae4091bf4a3ef70a653afbc026f5c4a4135d114e3c177" dependencies = [ "equivalent", - "hashbrown 0.14.3", + "hashbrown", ] [[package]] @@ -2181,7 +2179,7 @@ dependencies = [ "base64 0.22.0", "bencher", "env_logger", - "hashbrown 0.13.2", + "hashbrown", "log", "num-bigint", "once_cell", @@ -2189,7 +2187,7 @@ dependencies = [ "ring", "rustls-pemfile 2.1.2", "rustls-pki-types", - "rustls-webpki 0.102.2", + "rustls-webpki 0.102.3", "rustversion", "subtle", "tikv-jemallocator", @@ -2313,7 +2311,7 @@ dependencies = [ "rsa", "rustls 0.23.5", "rustls-pki-types", - "rustls-webpki 0.102.2", + "rustls-webpki 0.102.3", "serde", "serde_json", "sha2", @@ -2334,9 +2332,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.102.2" +version = "0.102.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" +checksum = "f3bce581c0dd41bce533ce695a1437fa16a7ab5ac3ccfa99fe1a620a7885eabf" dependencies = [ "aws-lc-rs", "ring", @@ -2394,18 +2392,18 @@ checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" [[package]] name = "serde" -version = "1.0.197" +version = "1.0.198" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2" +checksum = "9846a40c979031340571da2545a4e5b7c4163bdae79b301d5f86d03979451fcc" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.197" +version = "1.0.198" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b" +checksum = "e88edab869b01783ba905e7d0153f9fc1a6505a96e4ad3018011eedb838566d9" dependencies = [ "proc-macro2", "quote", @@ -2414,9 +2412,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.115" +version = "1.0.116" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12dc5c46daa8e9fdf4f5e71b6cf9a53f2487da0e86e55808e2d35539666497dd" +checksum = "3e17db7126d17feb94eb3fad46bf1a96b034e8aacbc2e775fe81505f8b0b2813" dependencies = [ "itoa", "ryu", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index bf50c3bf40..b087e44683 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -17,7 +17,7 @@ rustversion = { version = "1.0.6", optional = true } [dependencies] aws-lc-rs = { version = "1.6", optional = true, default-features = false, features = ["aws-lc-sys"] } -hashbrown = { version = "0.13", optional = true } # 0.14+ requires 1.63 MSRV +hashbrown = { version = "0.14", optional = true, default-features = false, features = ["ahash", "inline-more"] } log = { version = "0.4.4", optional = true } # remove once our MSRV is >= 1.70 once_cell = { version = "1.16", default-features = false, features = ["alloc", "race"] } From 513e374b2e2ce9f1fb57ac78ab3ca053afc8f133 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 26 Apr 2024 08:03:19 +0100 Subject: [PATCH 0923/1145] crypto::aws_lc_rs: minor docs nits --- rustls/src/crypto/aws_lc_rs/mod.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index 98fcd8c973..9216b573f6 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -114,7 +114,7 @@ pub static DEFAULT_CIPHER_SUITES: &[SupportedCipherSuite] = &[ tls12::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ]; -/// A list of all the cipher suites supported by the rustls *ring* provider. +/// A list of all the cipher suites supported by the rustls aws-lc-rs provider. pub static ALL_CIPHER_SUITES: &[SupportedCipherSuite] = &[ // TLS1.3 suites tls13::TLS13_AES_256_GCM_SHA384, @@ -149,7 +149,7 @@ pub mod cipher_suite { } /// A `WebPkiSupportedAlgorithms` value that reflects webpki's capabilities when -/// compiled against *ring*. +/// compiled against aws-lc-rs. static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms { all: &[ webpki_algs::ECDSA_P256_SHA256, From 59c33df57f4f411fcf8cd7b729c1341d3c06459c Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 29 Apr 2024 11:17:42 -0400 Subject: [PATCH 0924/1145] deps: update cargo semver compatible deps * serde v1.0.198 -> v1.0.199 * serde_derive v1.0.198 -> v1.0.199 * rustls-pki-types v1.4.1 -> v1.5.0 * hashbrown v0.14.3 -> v0.14.5 --- Cargo.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0abd839416..2aca35dc1c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1145,9 +1145,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.14.3" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" dependencies = [ "ahash", ] @@ -2277,9 +2277,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.4.1" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecd36cc4259e3e4514335c4a138c6b43171a8d61d8f5c9348f9fc7529416f247" +checksum = "beb461507cee2c2ff151784c52762cf4d9ff6a61f3e80968600ed24fa837fa54" [[package]] name = "rustls-post-quantum" @@ -2392,18 +2392,18 @@ checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" [[package]] name = "serde" -version = "1.0.198" +version = "1.0.199" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9846a40c979031340571da2545a4e5b7c4163bdae79b301d5f86d03979451fcc" +checksum = "0c9f6e76df036c77cd94996771fb40db98187f096dd0b9af39c6c6e452ba966a" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.198" +version = "1.0.199" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e88edab869b01783ba905e7d0153f9fc1a6505a96e4ad3018011eedb838566d9" +checksum = "11bd257a6541e141e42ca6d24ae26f7714887b47e89aa739099104c7e4d3b7fc" dependencies = [ "proc-macro2", "quote", From 682f16c85c9922af35237b3dbafcaf4aa6bf1ec2 Mon Sep 17 00:00:00 2001 From: MOZGIII Date: Mon, 29 Apr 2024 14:51:45 -0300 Subject: [PATCH 0925/1145] Small correction to the quic::PacketKey::integrity_limit doc --- rustls/src/quic.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index a5db7ac93f..4f30ac0477 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -722,9 +722,9 @@ pub trait PacketKey: Send + Sync { /// Once a `MessageDecrypter` produced for this suite has failed to decrypt `integrity_limit` /// messages, an attacker gains an advantage in forging messages. /// - /// This is not relevant for TLS over TCP (which is implemented in this crate) - /// because a single failed decryption is fatal to the connection. However, - /// this quantity is used by QUIC. + /// This is not relevant for TLS over TCP (which is also implemented in this crate) + /// because a single failed decryption is fatal to the connection. + /// However, this quantity is used by QUIC. fn integrity_limit(&self) -> u64; } From ffcc718e23e8f2f8b9aef8035ceb0bd36a7f7f68 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 1 May 2024 12:07:27 +0100 Subject: [PATCH 0926/1145] README.md: fix spelling error --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d0df253257..c785cee8bd 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Rustls is a modern TLS library written in Rust. # Status Rustls is used in production at many organizations and projects. We aim to maintain -reasonable API surface stability but the API may evolve as we make changes to accomodate +reasonable API surface stability but the API may evolve as we make changes to accommodate new features or performance improvements. We have a [roadmap](ROADMAP.md) for our future plans. We also have [benchmarks](BENCHMARKING.md) to From c46cf7e6cad1f65112a1a39e3e3548b9998e3ab4 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 2 May 2024 22:39:59 +0200 Subject: [PATCH 0927/1145] Apply suggestions from clippy 1.78 --- rustls/examples/internal/bogo_shim_impl.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index ca4bc1b93b..c862531cbd 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -1413,8 +1413,7 @@ pub fn main() { opts.tickets = false; server_cfg = Some(make_server_cfg(&opts)); } - opts.expect_handshake_kind = opts - .expect_handshake_kind_resumed - .clone(); + opts.expect_handshake_kind + .clone_from(&opts.expect_handshake_kind_resumed); } } From 08af80a25a6cd5b289bfed4e00f4e30f6989f53f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 26 Apr 2024 10:29:40 +0100 Subject: [PATCH 0928/1145] aws-lc-rs: reduce priority of `ECDSA_NISTP521_SHA512` In TLS1.2, this actually means ECDSA_SHA512. If the peer selects that, we get caught out depending on the curve of the public key because we don't support (for example) `ECDSA_NISTP256_SHA512`. Reducing the preference of this improves matters, because a peer that respects our priority will only select that if nothing else is possible (which includes the cases that SHA256 and SHA384 are not supported, in which case we are hosed, but also if the version is TLS1.3 and public key is on P521). --- rustls/src/crypto/aws_lc_rs/mod.rs | 8 ++++---- rustls/tests/api.rs | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index 9216b573f6..5c6b87f34f 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -168,10 +168,6 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms ], mapping: &[ // Note: for TLS1.2 the curve is not fixed by SignatureScheme. For TLS1.3 it is. - ( - SignatureScheme::ECDSA_NISTP521_SHA512, - &[webpki_algs::ECDSA_P521_SHA512], - ), ( SignatureScheme::ECDSA_NISTP384_SHA384, &[ @@ -186,6 +182,10 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms webpki_algs::ECDSA_P384_SHA256, ], ), + ( + SignatureScheme::ECDSA_NISTP521_SHA512, + &[webpki_algs::ECDSA_P521_SHA512], + ), (SignatureScheme::ED25519, &[webpki_algs::ED25519]), ( SignatureScheme::RSA_PSS_SHA512, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index f7c0b80d4f..5a1e4de90a 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1129,9 +1129,9 @@ fn server_cert_resolve_reduces_sigalgs_for_ecdsa_ciphersuite() { CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, if provider_is_aws_lc_rs() { vec![ - SignatureScheme::ECDSA_NISTP521_SHA512, SignatureScheme::ECDSA_NISTP384_SHA384, SignatureScheme::ECDSA_NISTP256_SHA256, + SignatureScheme::ECDSA_NISTP521_SHA512, SignatureScheme::ED25519, ] } else { @@ -1499,10 +1499,6 @@ fn test_client_cert_resolve( fn default_signature_schemes(version: ProtocolVersion) -> Vec { let mut v = vec![]; - if provider_is_aws_lc_rs() { - v.push(SignatureScheme::ECDSA_NISTP521_SHA512); - } - v.extend_from_slice(&[ SignatureScheme::ECDSA_NISTP384_SHA384, SignatureScheme::ECDSA_NISTP256_SHA256, @@ -1512,6 +1508,10 @@ fn default_signature_schemes(version: ProtocolVersion) -> Vec { SignatureScheme::RSA_PSS_SHA256, ]); + if provider_is_aws_lc_rs() { + v.insert(2, SignatureScheme::ECDSA_NISTP521_SHA512); + } + if version == ProtocolVersion::TLSv1_2 { v.extend_from_slice(&[ SignatureScheme::RSA_PKCS1_SHA512, From ec8320b4c272ba3fea729cfe433822f80bdcc86d Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 3 May 2024 10:31:30 +0100 Subject: [PATCH 0929/1145] Rename `SignatureScheme::sign` The old name doesn't really make sense for me. --- rustls/src/client/tls12.rs | 5 +++-- rustls/src/crypto/aws_lc_rs/sign.rs | 4 ++-- rustls/src/crypto/ring/sign.rs | 4 ++-- rustls/src/enums.rs | 2 +- rustls/src/suites.rs | 4 ++-- 5 files changed, 10 insertions(+), 9 deletions(-) diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index bd1364f87e..d4f03b60c4 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -882,11 +882,12 @@ impl State for ExpectServerDone<'_> { // Check the signature is compatible with the ciphersuite. let sig = &st.server_kx.kx_sig; - if !SupportedCipherSuite::from(suite).usable_for_signature_algorithm(sig.scheme.sign()) + if !SupportedCipherSuite::from(suite) + .usable_for_signature_algorithm(sig.scheme.algorithm()) { warn!( "peer signed kx with wrong algorithm (got {:?} expect {:?})", - sig.scheme.sign(), + sig.scheme.algorithm(), suite.sign ); return Err(PeerMisbehaved::SignedKxWithWrongAlgorithm.into()); diff --git a/rustls/src/crypto/aws_lc_rs/sign.rs b/rustls/src/crypto/aws_lc_rs/sign.rs index 43eda7caf0..e8000a3b1f 100644 --- a/rustls/src/crypto/aws_lc_rs/sign.rs +++ b/rustls/src/crypto/aws_lc_rs/sign.rs @@ -248,7 +248,7 @@ impl SigningKey for EcdsaSigningKey { } fn algorithm(&self) -> SignatureAlgorithm { - self.scheme.sign() + self.scheme.algorithm() } } @@ -332,7 +332,7 @@ impl SigningKey for Ed25519SigningKey { } fn algorithm(&self) -> SignatureAlgorithm { - self.scheme.sign() + self.scheme.algorithm() } } diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index b55792b795..9234d61853 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -286,7 +286,7 @@ impl SigningKey for EcdsaSigningKey { } fn algorithm(&self) -> SignatureAlgorithm { - self.scheme.sign() + self.scheme.algorithm() } } @@ -370,7 +370,7 @@ impl SigningKey for Ed25519SigningKey { } fn algorithm(&self) -> SignatureAlgorithm { - self.scheme.sign() + self.scheme.algorithm() } } diff --git a/rustls/src/enums.rs b/rustls/src/enums.rs index 08ed69d146..44057a6f07 100644 --- a/rustls/src/enums.rs +++ b/rustls/src/enums.rs @@ -513,7 +513,7 @@ enum_builder! { } impl SignatureScheme { - pub(crate) fn sign(&self) -> SignatureAlgorithm { + pub(crate) fn algorithm(&self) -> SignatureAlgorithm { match *self { Self::RSA_PKCS1_SHA1 | Self::RSA_PKCS1_SHA256 diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 92437d99f3..6dce3242e6 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -101,7 +101,7 @@ impl SupportedCipherSuite { Self::Tls12(inner) => inner .sign .iter() - .any(|scheme| scheme.sign() == _sig_alg), + .any(|scheme| scheme.algorithm() == _sig_alg), } } @@ -164,7 +164,7 @@ pub(crate) fn compatible_sigscheme_for_suites( sigscheme: SignatureScheme, common_suites: &[SupportedCipherSuite], ) -> bool { - let sigalg = sigscheme.sign(); + let sigalg = sigscheme.algorithm(); common_suites .iter() .any(|&suite| suite.usable_for_signature_algorithm(sigalg)) From 4ba3a0a8c55edd9a81ce46c7c8ccedac2597c596 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 3 May 2024 10:58:25 +0100 Subject: [PATCH 0930/1145] Cargo.lock: update rustls version under hickory This avoids a dependency on a vulnerable version of ourself. --- Cargo.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2aca35dc1c..ff6ef3aff6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1196,7 +1196,7 @@ dependencies = [ "ipnet", "once_cell", "rand", - "rustls 0.21.10", + "rustls 0.21.12", "rustls-pemfile 1.0.4", "thiserror", "tinyvec", @@ -1222,7 +1222,7 @@ dependencies = [ "parking_lot", "rand", "resolv-conf", - "rustls 0.21.10", + "rustls 0.21.12", "smallvec", "thiserror", "tokio", @@ -2161,9 +2161,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.10" +version = "0.21.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" +checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e" dependencies = [ "log", "ring", @@ -2662,7 +2662,7 @@ version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls 0.21.10", + "rustls 0.21.12", "tokio", ] From 1265e55111b8c8d3ee5df221fb8a67ed7a4d493d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 3 May 2024 14:39:33 -0400 Subject: [PATCH 0931/1145] ring: cfg-gate the hmac module When building with `--no-default-features --features ring` there are a couple clippy warnings produced: ``` $ cargo check --manifest-path=rustls/Cargo.toml --no-default-features --features=ring error: struct `Hmac` is never constructed --> rustls/src/crypto/ring/hmac.rs:16:19 | 16 | pub(crate) struct Hmac(&'static ring_like::hmac::Algorithm); | ^^^^ | = note: `-D dead-code` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(dead_code)]` error: struct `Key` is never constructed --> rustls/src/crypto/ring/hmac.rs:32:8 | 32 | struct Key(ring_like::hmac::Key); | ^^^ ``` This is fixed in this branch by conditionally compiling the `crypto/ring/hmac.rs` mod based on whether we're building tests, or have the tls-12 feature enabled. --- rustls/src/crypto/ring/mod.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index b0d5585bff..b24c245df9 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -16,6 +16,7 @@ use crate::Error; pub mod sign; pub(crate) mod hash; +#[cfg(any(test, feature = "tls12"))] pub(crate) mod hmac; pub(crate) mod kx; pub(crate) mod quic; From 69b5d2374eccdc4093967a188dff9a62e0c8d884 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 6 May 2024 09:02:39 -0400 Subject: [PATCH 0932/1145] build: emit rustc-check-cfg for bench, read_buf Fixes warnings generated with nightly when generating cargo docs of the form: ``` error: unexpected `cfg` condition name: `bench` --> rustls/src/lib.rs:305:31 | 305 | #![cfg_attr(not(any(read_buf, bench)), forbid(unstable_features))] | ^^^^^ | = help: consider using a Cargo feature instead or adding `println!("cargo::rustc-check-cfg=cfg(bench)");` to the top of the `build.rs` = note: see for more information about checking conditional configuration ``` We also need to apply this suggestion for `read_buf`, because of a workaround documented for another upstream rust issue. Note, because our MSRV is 1.63 we have to add the new `build.rs` directives with the prefix `cargo:` instead of `cargo::` as described in the warning output, or we get a new error of the form: ``` error: the `cargo::` syntax for build script output instructions was added in Rust 1.77.0, but the minimum supported Rust version of `rustls v0.23.5 (/home/daniel/Code/Rust/rustls/rustls)` is 1.63. See https://doc.rust-lang.org/cargo/reference/build-scripts.html#outputs-of-the-build-script for more information about build script outputs. ``` --- rustls/build.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rustls/build.rs b/rustls/build.rs index 9c73252a65..2cf4812151 100644 --- a/rustls/build.rs +++ b/rustls/build.rs @@ -9,5 +9,7 @@ fn main() {} #[cfg(feature = "read_buf")] #[rustversion::nightly] fn main() { + println!("cargo:rustc-check-cfg=cfg(bench)"); + println!("cargo:rustc-check-cfg=cfg(read_buf)"); println!("cargo:rustc-cfg=read_buf"); } From a2c21fe0509f634431e72bffe8803fca1f892d56 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 6 May 2024 09:57:42 -0400 Subject: [PATCH 0933/1145] deps: update cargo semver compatible deps Updating serde v1.0.199 -> v1.0.200 Updating serde_derive v1.0.199 -> v1.0.200 Updating base64 v0.22.0 -> v0.22.1 Updating aws-lc-rs v1.7.0 -> v1.7.1 Updating aws-lc-sys v0.15.0 -> v0.16.0 --- Cargo.lock | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ff6ef3aff6..0ac372e792 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -341,9 +341,9 @@ dependencies = [ [[package]] name = "aws-lc-rs" -version = "1.7.0" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5509d663b2c00ee421bda8d6a24d6c42e15970957de1701b8df9f6fbe5707df1" +checksum = "8487b59d62764df8231cb371c459314df895b41756df457a1fb1243d65c89195" dependencies = [ "aws-lc-fips-sys", "aws-lc-sys", @@ -355,9 +355,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.15.0" +version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d5d317212c2a78d86ba6622e969413c38847b62f48111f8b763af3dac2f9840" +checksum = "c15eb61145320320eb919d9bab524617a7aa4216c78d342fae3a758bc33073e4" dependencies = [ "bindgen", "cc", @@ -397,9 +397,9 @@ checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "base64" -version = "0.22.0" +version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9475866fec1451be56a3c2400fd081ff546538961565ccb5b7142cbd22bc7a51" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "base64ct" @@ -2176,7 +2176,7 @@ name = "rustls" version = "0.23.5" dependencies = [ "aws-lc-rs", - "base64 0.22.0", + "base64 0.22.1", "bencher", "env_logger", "hashbrown", @@ -2247,7 +2247,7 @@ name = "rustls-openssl-tests" version = "0.0.1" dependencies = [ "asn1", - "base64 0.22.0", + "base64 0.22.1", "num-bigint", "once_cell", "openssl", @@ -2271,7 +2271,7 @@ version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "29993a25686778eb88d4189742cd713c9bce943bc54251a33509dc63cbacf73d" dependencies = [ - "base64 0.22.0", + "base64 0.22.1", "rustls-pki-types", ] @@ -2392,18 +2392,18 @@ checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" [[package]] name = "serde" -version = "1.0.199" +version = "1.0.200" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c9f6e76df036c77cd94996771fb40db98187f096dd0b9af39c6c6e452ba966a" +checksum = "ddc6f9cc94d67c0e21aaf7eda3a010fd3af78ebf6e096aa6e2e13c79749cce4f" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.199" +version = "1.0.200" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11bd257a6541e141e42ca6d24ae26f7714887b47e89aa739099104c7e4d3b7fc" +checksum = "856f046b9400cee3c8c94ed572ecdb752444c24528c035cd35882aad6f492bcb" dependencies = [ "proc-macro2", "quote", From e155c6aadee55902c3f96109527ac8b6f046e703 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 12 Apr 2024 11:05:00 -0400 Subject: [PATCH 0934/1145] crypto: derive Clone & Debug for HpkeSuite We will want to store this type in configurations that are `Clone` and `Debug`. --- rustls/src/crypto/hpke.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index ec38f35127..623eb4a617 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -26,6 +26,7 @@ pub trait HpkeProvider: Debug + Send + Sync + 'static { } /// An HPKE suite, specifying a key encapsulation mechanism and a symmetric cipher suite. +#[derive(Clone, Debug)] pub struct HpkeSuite { /// The choice of HPKE key encapsulation mechanism. pub kem: HpkeKem, From 41d283bbc5a8e4a92c523e3bc39ab69c734bad7b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 18 Apr 2024 16:39:42 -0400 Subject: [PATCH 0935/1145] crypto: trait tweaks for HpkeSuite, HpkePublicKey The `HpkeSuite` type is small enough to be a candidate for `Copy`. The `HpkePublicKey` type should be `Debug` and `Clone` so we can easily use it for GREASE ECH configurations. --- rustls/src/crypto/hpke.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index 623eb4a617..a62f6767ea 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -26,7 +26,7 @@ pub trait HpkeProvider: Debug + Send + Sync + 'static { } /// An HPKE suite, specifying a key encapsulation mechanism and a symmetric cipher suite. -#[derive(Clone, Debug)] +#[derive(Clone, Copy, Debug)] pub struct HpkeSuite { /// The choice of HPKE key encapsulation mechanism. pub kem: HpkeKem, @@ -110,6 +110,7 @@ pub trait HpkeOpener: Debug + Send + Sync + 'static { } /// An HPKE public key. +#[derive(Clone, Debug)] pub struct HpkePublicKey(pub Vec); /// An HPKE private key. From 86904117a58dd07fc7638099de6ad0fbe69ced16 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 29 Apr 2024 11:42:33 -0400 Subject: [PATCH 0936/1145] crypto: implement Zeroize for HpkePrivateKey --- rustls/src/crypto/hpke.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index a62f6767ea..668b3a07be 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -2,6 +2,8 @@ use alloc::boxed::Box; use alloc::vec::Vec; use core::fmt::Debug; +use zeroize::Zeroize; + use crate::msgs::enums::HpkeKem; use crate::msgs::handshake::HpkeSymmetricCipherSuite; use crate::Error; @@ -129,6 +131,12 @@ impl From> for HpkePrivateKey { } } +impl Drop for HpkePrivateKey { + fn drop(&mut self) { + self.0.zeroize(); + } +} + /// An HPKE key pair, made of a matching public and private key. pub struct HpkeKeyPair { /// A HPKE public key. From 5ce2a49926cd7103fd01fe576267a0745a6145fd Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 12 Apr 2024 11:05:19 -0400 Subject: [PATCH 0937/1145] handshake: derive Clone for HelloRetryRequest In order to process ECH HRR acceptance it is convenient to be able to clone the `HelloRetryRequest`. --- rustls/src/msgs/handshake.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index f4d3096430..729a79a905 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1072,7 +1072,7 @@ impl TlsListElement for HelloRetryExtension { const SIZE_LEN: ListLength = ListLength::U16; } -#[derive(Debug)] +#[derive(Clone, Debug)] pub struct HelloRetryRequest { pub(crate) legacy_version: ProtocolVersion, pub session_id: SessionId, From 6faac22b106db600c6bb83f1623a19b2f84a221d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 29 Apr 2024 11:46:12 -0400 Subject: [PATCH 0938/1145] tests: rework test_config_builders_debug In practice this test is more noisy than useful. This commit relaxes it to only check that the builder types/intermediate states are debug, but not that the debug representation is a byte-for-byte match to an expected value. --- rustls/tests/api.rs | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 5a1e4de90a..b582d81399 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -543,14 +543,11 @@ fn test_config_builders_debug() { } .into(), ); - assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, time_provider: DefaultTimeProvider } }", format!("{:?}", b)); + let _ = format!("{:?}", b); let b = server_config_builder_with_versions(&[&rustls::version::TLS13]); - assert_eq!( - "ConfigBuilder { state: WantsVerifier { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3], time_provider: DefaultTimeProvider } }", - format!("{:?}", b) - ); + let _ = format!("{:?}", b); let b = b.with_no_client_auth(); - assert_eq!("ConfigBuilder { state: WantsServerCert { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3], verifier: NoClientAuth, time_provider: DefaultTimeProvider } }", format!("{:?}", b)); + let _ = format!("{:?}", b); let b = ClientConfig::builder_with_provider( CryptoProvider { @@ -560,12 +557,9 @@ fn test_config_builders_debug() { } .into(), ); - assert_eq!("ConfigBuilder { state: WantsVersions { provider: CryptoProvider { cipher_suites: [TLS13_CHACHA20_POLY1305_SHA256], kx_groups: [X25519], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, time_provider: DefaultTimeProvider } }", format!("{:?}", b)); + let _ = format!("{:?}", b); let b = client_config_builder_with_versions(&[&rustls::version::TLS13]); - assert_eq!( - "ConfigBuilder { state: WantsVerifier { provider: CryptoProvider { cipher_suites: [TLS13_AES_256_GCM_SHA384, TLS13_AES_128_GCM_SHA256, TLS13_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256], kx_groups: [X25519, secp256r1, secp384r1], signature_verification_algorithms: WebPkiSupportedAlgorithms { all: [ .. ], mapping: [ECDSA_NISTP384_SHA384, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA512, RSA_PSS_SHA384, RSA_PSS_SHA256, RSA_PKCS1_SHA512, RSA_PKCS1_SHA384, RSA_PKCS1_SHA256] }, secure_random: Ring, key_provider: Ring }, versions: [TLSv1_3], time_provider: DefaultTimeProvider } }", - format!("{:?}", b) - ); + let _ = format!("{:?}", b); } /// Test that the server handles combination of `offer_client_auth()` returning true From f214df9826720a32e48d98b47e12478ab096975a Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 15 May 2024 14:37:34 +0200 Subject: [PATCH 0939/1145] bogo: fix config rewriting when cpp is clang --- bogo/runme | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bogo/runme b/bogo/runme index 435a74195b..c13fbe673d 100755 --- a/bogo/runme +++ b/bogo/runme @@ -8,11 +8,11 @@ set -xe case ${BOGO_SHIM_PROVIDER:-ring} in ring) cargo build -p rustls --example bogo_shim --no-default-features --features ring,tls12,logging,std - cpp -P -DRING config.json.in -oconfig.json + cpp -P -DRING config.json.in > config.json ;; aws-lc-rs) cargo build -p rustls --example bogo_shim --no-default-features --features aws_lc_rs,tls12,logging,std - cpp -P -DAWS_LC_RS config.json.in -oconfig.json + cpp -P -DAWS_LC_RS config.json.in > config.json ;; existing) ;; From 27d81e01e877fa47044e41e3466bc0273ce4a3a5 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 15 May 2024 14:47:24 +0200 Subject: [PATCH 0940/1145] Warn on lints, don't deny We deny warnings in CI (during clippy runs), which seems sufficient. Denying lints is annoying during development especially when working on a release branches (after the lints have gotten more precise). --- rustls/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 24243ece85..ccc27ef627 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -303,7 +303,7 @@ // Require docs for public APIs, deny unsafe code, etc. #![forbid(unsafe_code, unused_must_use)] #![cfg_attr(not(any(read_buf, bench)), forbid(unstable_features))] -#![deny( +#![warn( clippy::alloc_instead_of_core, clippy::clone_on_ref_ptr, clippy::std_instead_of_core, From ccb352c075ae06ba83377615d5b05b953d2481c5 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 15 May 2024 15:14:14 +0200 Subject: [PATCH 0941/1145] Linearize Reader::read() and read_buf() --- rustls/src/conn.rs | 66 ++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 35 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 2a046895a1..bca9e27c5f 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -184,26 +184,25 @@ mod connection { /// the return of [`Connection::process_new_packets`]. fn read(&mut self, buf: &mut [u8]) -> io::Result { let len = self.received_plaintext.read(buf)?; + if len > 0 || buf.is_empty() { + return Ok(len); + } - if len == 0 && !buf.is_empty() { - // No bytes available: - match (self.peer_cleanly_closed, self.has_seen_eof) { - // cleanly closed; don't care about TCP EOF: express this as Ok(0) - (true, _) => {} - // unclean closure - (false, true) => { - return Err(io::Error::new( - io::ErrorKind::UnexpectedEof, - UNEXPECTED_EOF_MESSAGE, - )) - } - // connection still going, but needs more data: signal `WouldBlock` so that - // the caller knows this - (false, false) => return Err(io::ErrorKind::WouldBlock.into()), + // No bytes available: + match (self.peer_cleanly_closed, self.has_seen_eof) { + // cleanly closed; don't care about TCP EOF: express this as Ok(0) + (true, _) => Ok(len), + // unclean closure + (false, true) => { + return Err(io::Error::new( + io::ErrorKind::UnexpectedEof, + UNEXPECTED_EOF_MESSAGE, + )) } + // connection still going, but needs more data: signal `WouldBlock` so that + // the caller knows this + (false, false) => return Err(io::ErrorKind::WouldBlock.into()), } - - Ok(len) } /// Obtain plaintext data received from the peer over this TLS connection. @@ -233,26 +232,23 @@ mod connection { self.received_plaintext .read_buf(cursor.reborrow())?; let len = cursor.written() - before; - - if len == 0 && cursor.capacity() > 0 { - // No bytes available: - match (self.peer_cleanly_closed, self.has_seen_eof) { - // cleanly closed; don't care about TCP EOF: express this as Ok(0) - (true, _) => {} - // unclean closure - (false, true) => { - return Err(io::Error::new( - io::ErrorKind::UnexpectedEof, - UNEXPECTED_EOF_MESSAGE, - )); - } - // connection still going, but need more data: signal `WouldBlock` so that - // the caller knows this - (false, false) => return Err(io::ErrorKind::WouldBlock.into()), - } + if len > 0 || cursor.capacity() == 0 { + return Ok(()); } - Ok(()) + // No bytes available: + match (self.peer_cleanly_closed, self.has_seen_eof) { + // cleanly closed; don't care about TCP EOF: express this as Ok(0) + (true, _) => Ok(()), + // unclean closure + (false, true) => Err(io::Error::new( + io::ErrorKind::UnexpectedEof, + UNEXPECTED_EOF_MESSAGE, + )), + // connection still going, but need more data: signal `WouldBlock` so that + // the caller knows this + (false, false) => Err(io::ErrorKind::WouldBlock.into()), + } } } From ef024342d156ddbfd2769809fcf408b2f5a1d65c Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 15 May 2024 15:22:45 +0200 Subject: [PATCH 0942/1145] Deduplicate Reader state checks --- rustls/src/conn.rs | 49 ++++++++++++++++++++-------------------------- 1 file changed, 21 insertions(+), 28 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index bca9e27c5f..0f4b0ef474 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -161,6 +161,24 @@ mod connection { pub(super) has_seen_eof: bool, } + impl<'a> Reader<'a> { + /// Check the connection's state if no bytes are available for reading. + fn check_no_bytes_state(&self) -> io::Result<()> { + match (self.peer_cleanly_closed, self.has_seen_eof) { + // cleanly closed; don't care about TCP EOF: express this as Ok(0) + (true, _) => Ok(()), + // unclean closure + (false, true) => Err(io::Error::new( + io::ErrorKind::UnexpectedEof, + UNEXPECTED_EOF_MESSAGE, + )), + // connection still going, but need more data: signal `WouldBlock` so that + // the caller knows this + (false, false) => Err(io::ErrorKind::WouldBlock.into()), + } + } + } + impl<'a> io::Read for Reader<'a> { /// Obtain plaintext data received from the peer over this TLS connection. /// @@ -188,21 +206,8 @@ mod connection { return Ok(len); } - // No bytes available: - match (self.peer_cleanly_closed, self.has_seen_eof) { - // cleanly closed; don't care about TCP EOF: express this as Ok(0) - (true, _) => Ok(len), - // unclean closure - (false, true) => { - return Err(io::Error::new( - io::ErrorKind::UnexpectedEof, - UNEXPECTED_EOF_MESSAGE, - )) - } - // connection still going, but needs more data: signal `WouldBlock` so that - // the caller knows this - (false, false) => return Err(io::ErrorKind::WouldBlock.into()), - } + self.check_no_bytes_state() + .map(|()| len) } /// Obtain plaintext data received from the peer over this TLS connection. @@ -236,19 +241,7 @@ mod connection { return Ok(()); } - // No bytes available: - match (self.peer_cleanly_closed, self.has_seen_eof) { - // cleanly closed; don't care about TCP EOF: express this as Ok(0) - (true, _) => Ok(()), - // unclean closure - (false, true) => Err(io::Error::new( - io::ErrorKind::UnexpectedEof, - UNEXPECTED_EOF_MESSAGE, - )), - // connection still going, but need more data: signal `WouldBlock` so that - // the caller knows this - (false, false) => Err(io::ErrorKind::WouldBlock.into()), - } + self.check_no_bytes_state() } } From 749121a9760d73a5bba5f4602f3572d6eacbcd91 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 15 May 2024 14:33:18 +0200 Subject: [PATCH 0943/1145] Ignore data appearing after `close_notify` --- rustls/src/conn.rs | 23 +++++++++++++++++------ rustls/src/msgs/deframer.rs | 2 +- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 0f4b0ef474..a019dce236 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -10,7 +10,9 @@ use crate::enums::{AlertDescription, ContentType}; use crate::error::{Error, PeerMisbehaved}; #[cfg(feature = "logging")] use crate::log::trace; -use crate::msgs::deframer::{Deframed, DeframerSliceBuffer, DeframerVecBuffer, MessageDeframer}; +use crate::msgs::deframer::{ + Deframed, DeframerSliceBuffer, DeframerVecBuffer, FilledDeframerBuffer, MessageDeframer, +}; use crate::msgs::handshake::Random; use crate::msgs::message::{InboundPlainMessage, Message, MessagePayload}; use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; @@ -157,14 +159,14 @@ mod connection { /// A structure that implements [`std::io::Read`] for reading plaintext. pub struct Reader<'a> { pub(super) received_plaintext: &'a mut ChunkVecBuffer, - pub(super) peer_cleanly_closed: bool, + pub(super) has_received_close_notify: bool, pub(super) has_seen_eof: bool, } impl<'a> Reader<'a> { /// Check the connection's state if no bytes are available for reading. fn check_no_bytes_state(&self) -> io::Result<()> { - match (self.peer_cleanly_closed, self.has_seen_eof) { + match (self.has_received_close_notify, self.has_seen_eof) { // cleanly closed; don't care about TCP EOF: express this as Ok(0) (true, _) => Ok(()), // unclean closure @@ -172,7 +174,7 @@ mod connection { io::ErrorKind::UnexpectedEof, UNEXPECTED_EOF_MESSAGE, )), - // connection still going, but need more data: signal `WouldBlock` so that + // connection still going, but needs more data: signal `WouldBlock` so that // the caller knows this (false, false) => Err(io::ErrorKind::WouldBlock.into()), } @@ -490,8 +492,7 @@ impl ConnectionCommon { received_plaintext: &mut common.received_plaintext, // Are we done? i.e., have we processed all received messages, and received a // close_notify to indicate that no new messages will arrive? - peer_cleanly_closed: common.has_received_close_notify - && !self.deframer_buffer.has_pending(), + has_received_close_notify: common.has_received_close_notify, has_seen_eof: common.has_seen_eof, } } @@ -785,6 +786,16 @@ impl ConnectionCore { return Err(e); } } + + if self + .common_state + .has_received_close_notify + { + // "Any data received after a closure alert has been received MUST be ignored." + // -- + discard = borrowed_buffer.filled().len(); + break; + } } deframer_buffer.discard(discard); diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 4734c376d6..8c6ec710bd 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -614,7 +614,7 @@ trait DeframerBuffer<'a, P: AppendPayload<'a>>: FilledDeframerBuffer { fn copy(&mut self, payload: &P, at: usize); } -trait FilledDeframerBuffer { +pub(crate) trait FilledDeframerBuffer { fn filled_get_mut>(&mut self, index: I) -> &mut I::Output { self.filled_mut() .get_mut(index) From 424bb317ea53db3b3f25724df224abfbefa226ae Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 15 May 2024 15:03:45 +0100 Subject: [PATCH 0944/1145] Test for junk in deframer buffer after `close_notify` --- rustls/tests/api.rs | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index b582d81399..b09cdccbb2 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -6367,6 +6367,48 @@ fn test_complete_io_with_no_io_needed() { ); } +#[test] +fn test_junk_after_close_notify_received() { + let (mut client, mut server) = make_pair(KeyType::Rsa2048); + do_handshake(&mut client, &mut server); + client + .writer() + .write_all(b"hello") + .unwrap(); + client.send_close_notify(); + + let mut client_buffer = vec![]; + client + .write_tls(&mut io::Cursor::new(&mut client_buffer)) + .unwrap(); + + // add some junk that will be dropped from the deframer buffer + // after the close_notify + client_buffer.extend_from_slice(&[0x17, 0x03, 0x03, 0x01]); + + server + .read_tls(&mut io::Cursor::new(&client_buffer[..])) + .unwrap(); + server.process_new_packets().unwrap(); + + // can read data received prior to close_notify + let mut received_data = [0u8; 128]; + let len = server + .reader() + .read(&mut received_data) + .unwrap(); + assert_eq!(&received_data[..len], b"hello"); + + // but subsequent reads just report clean EOF + assert_eq!( + server + .reader() + .read(&mut received_data) + .unwrap(), + 0 + ); +} + struct FakeStream<'a>(&'a [u8]); impl<'a> io::Read for FakeStream<'a> { From 972da7ff71031abb5e180ef3eb92d52d439f3e73 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 15 May 2024 14:24:57 +0100 Subject: [PATCH 0945/1145] Test app data after `close_notify` is ignored --- rustls/tests/api.rs | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index b09cdccbb2..3a04960a0d 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -6409,6 +6409,38 @@ fn test_junk_after_close_notify_received() { ); } +#[test] +fn test_data_after_close_notify_is_ignored() { + let (mut client, mut server) = make_pair(KeyType::Rsa2048); + do_handshake(&mut client, &mut server); + + client + .writer() + .write_all(b"before") + .unwrap(); + client.send_close_notify(); + client + .writer() + .write_all(b"after") + .unwrap(); + transfer(&mut client, &mut server); + server.process_new_packets().unwrap(); + + let mut received_data = [0u8; 128]; + let count = server + .reader() + .read(&mut received_data) + .unwrap(); + assert_eq!(&received_data[..count], b"before"); + assert_eq!( + server + .reader() + .read(&mut received_data) + .unwrap(), + 0 + ); +} + struct FakeStream<'a>(&'a [u8]); impl<'a> io::Read for FakeStream<'a> { From 55890f0ee6974850f1c85de4abc6adc9d4a83d60 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 16 May 2024 12:17:13 +0100 Subject: [PATCH 0946/1145] Test for junk in unbuffered input after `close_notify` --- rustls/tests/unbuffered.rs | 58 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 56 insertions(+), 2 deletions(-) diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 245ddb3ab7..c2d2f91d31 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -13,7 +13,7 @@ use rustls::unbuffered::{ UnbufferedStatus, WriteTraffic, }; use rustls::version::TLS13; -use rustls::{ClientConfig, ServerConfig}; +use rustls::{ClientConfig, ServerConfig, SideData}; mod common; use common::*; @@ -402,6 +402,8 @@ fn run( assert!(count <= MAX_ITERATIONS, "handshake was not completed"); } + outcome.server = Some(server); + outcome.client = Some(client); outcome } @@ -453,6 +455,56 @@ fn close_notify_server_to_client() { } } +#[test] +fn junk_after_close_notify_received() { + // cf. test_junk_after_close_notify_received in api.rs + let mut outcome = handshake(&rustls::version::TLS13); + let mut client = outcome.client.take().unwrap(); + let mut server = outcome.server.take().unwrap(); + + let mut client_send_buf = [0u8; 128]; + let mut len = dbg!(write_traffic( + client.process_tls_records(&mut []), + |mut wt: WriteTraffic<_>| wt.queue_close_notify(&mut client_send_buf), + ) + .unwrap()); + + client_send_buf[len..len + 4].copy_from_slice(&[0x17, 0x03, 0x03, 0x01]); + len += 4; + + let discard = match dbg!(server.process_tls_records(dbg!(&mut client_send_buf[..len]))) { + UnbufferedStatus { + discard, + state: Ok(ConnectionState::Closed), + } => { + assert_eq!(discard, 24); + discard + } + st => { + panic!("unexpected server state {st:?} (wanted Closed)"); + } + }; + + // further data in client_send_buf is ignored + let UnbufferedStatus { discard, .. } = + server.process_tls_records(dbg!(&mut client_send_buf[discard..len])); + assert_eq!(discard, 0); +} + +fn write_traffic) -> Result>( + status: UnbufferedStatus<'_, '_, T>, + mut f: F, +) -> Result { + let UnbufferedStatus { discard, state } = status; + assert_eq!(discard, 0); + let state = state.unwrap(); + if let ConnectionState::WriteTraffic(state) = state { + f(state) + } else { + panic!("unexpected client state {state:?} (wanted WriteTraffic)"); + } +} + #[derive(Debug)] enum State { Closed, @@ -496,12 +548,14 @@ impl Actions<'_> { } } -#[derive(Clone, Debug, Default)] +#[derive(Default)] struct Outcome { + server: Option, server_transcript: Vec, server_received_early_data: Vec>, server_received_app_data: Vec>, server_reached_connection_closed_state: bool, + client: Option, client_transcript: Vec, client_received_app_data: Vec>, client_reached_connection_closed_state: bool, From 252b5d360b6163bc70682e6143e1c55cbeb82ea8 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 16 May 2024 14:19:42 +0100 Subject: [PATCH 0947/1145] Prepare 0.23.6 --- Cargo.lock | 14 +++++++------- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0ac372e792..2d12026a6d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2173,7 +2173,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.5" +version = "0.23.6" dependencies = [ "aws-lc-rs", "base64 0.22.1", @@ -2207,7 +2207,7 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls 0.23.5", + "rustls 0.23.6", "rustls-pemfile 2.1.2", "rustls-pki-types", "tikv-jemallocator", @@ -2220,7 +2220,7 @@ dependencies = [ "hickory-resolver", "regex", "ring", - "rustls 0.23.5", + "rustls 0.23.6", ] [[package]] @@ -2233,7 +2233,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.5", + "rustls 0.23.6", "rustls-pemfile 2.1.2", "rustls-pki-types", "serde", @@ -2251,7 +2251,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.5", + "rustls 0.23.6", "rustls-pemfile 2.1.2", "rustls-pki-types", ] @@ -2287,7 +2287,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.5", + "rustls 0.23.6", "webpki-roots 0.26.1", ] @@ -2309,7 +2309,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.5", + "rustls 0.23.6", "rustls-pki-types", "rustls-webpki 0.102.3", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 16b7019179..e26755c8a2 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -360,7 +360,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.5" +version = "0.23.6" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index b087e44683..9165743e97 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.5" +version = "0.23.6" edition = "2021" rust-version = "1.63" license = "Apache-2.0 OR ISC OR MIT" From 06dc1d540cc0a28941790430a37788fd04db956e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 16 May 2024 10:19:46 -0400 Subject: [PATCH 0948/1145] deps: update cargo semver compatible deps * Updating anyhow v1.0.82 -> v1.0.83 * Updating serde v1.0.200 -> v1.0.202 * Updating serde_derive v1.0.200 -> v1.0.202 * Updating num-bigint v0.4.4 -> v0.4.5 * Updating rustls-pki-types v1.5.0 -> v1.7.0 * Updating serde_json v1.0.116 -> v1.0.117 * Updating rustversion v1.0.15 -> v1.0.17 --- Cargo.lock | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2d12026a6d..11a28e26b5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -123,9 +123,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.82" +version = "1.0.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f538837af36e6f6a9be0faa67f9a314f8119e4e4b5867c6ab40ed60360142519" +checksum = "25bdb32cbbdce2b519a9cd7df3a678443100e265d5e25ca763b7572a5104f5f3" [[package]] name = "asn1" @@ -1585,11 +1585,10 @@ dependencies = [ [[package]] name = "num-bigint" -version = "0.4.4" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "608e7659b5c3d7cba262d894801b9ec9d00de989e8a82bd4bef91d08da45cdc0" +checksum = "c165a9ab64cf766f73521c0dd2cfdff64f488b8f0b3e621face3462d3db536d7" dependencies = [ - "autocfg", "num-integer", "num-traits", ] @@ -2277,9 +2276,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.5.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "beb461507cee2c2ff151784c52762cf4d9ff6a61f3e80968600ed24fa837fa54" +checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" [[package]] name = "rustls-post-quantum" @@ -2344,9 +2343,9 @@ dependencies = [ [[package]] name = "rustversion" -version = "1.0.15" +version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80af6f9131f277a45a3fba6ce8e2258037bb0477a67e610d3c1fe046ab31de47" +checksum = "955d28af4278de8121b7ebeb796b6a45735dc01436d898801014aced2773a3d6" [[package]] name = "ryu" @@ -2392,18 +2391,18 @@ checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" [[package]] name = "serde" -version = "1.0.200" +version = "1.0.202" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ddc6f9cc94d67c0e21aaf7eda3a010fd3af78ebf6e096aa6e2e13c79749cce4f" +checksum = "226b61a0d411b2ba5ff6d7f73a476ac4f8bb900373459cd00fab8512828ba395" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.200" +version = "1.0.202" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "856f046b9400cee3c8c94ed572ecdb752444c24528c035cd35882aad6f492bcb" +checksum = "6048858004bcff69094cd972ed40a32500f153bd3be9f716b2eed2e8217c4838" dependencies = [ "proc-macro2", "quote", @@ -2412,9 +2411,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.116" +version = "1.0.117" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e17db7126d17feb94eb3fad46bf1a96b034e8aacbc2e775fe81505f8b0b2813" +checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3" dependencies = [ "itoa", "ryu", From 386b6fd2f9577709a6bd4f115e3e2f60b98bac7b Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 17 May 2024 14:12:47 +0100 Subject: [PATCH 0949/1145] Correctly discard data after `close_notify` alert --- rustls/src/conn.rs | 3 ++- rustls/tests/api.rs | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index a019dce236..1f6fa8387e 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -793,7 +793,8 @@ impl ConnectionCore { { // "Any data received after a closure alert has been received MUST be ignored." // -- - discard = borrowed_buffer.filled().len(); + // This is data that has already been accepted in `read_tls`. + discard += borrowed_buffer.filled().len(); break; } } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 3a04960a0d..f8de2558ac 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -6390,6 +6390,7 @@ fn test_junk_after_close_notify_received() { .read_tls(&mut io::Cursor::new(&client_buffer[..])) .unwrap(); server.process_new_packets().unwrap(); + server.process_new_packets().unwrap(); // check for desync // can read data received prior to close_notify let mut received_data = [0u8; 128]; From ced64bcedf997ac11b8e245f2b38e6c2f9cd0fa3 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 17 May 2024 14:14:03 +0100 Subject: [PATCH 0950/1145] `read_tls` refuse to read further data after `close_notify` alert --- rustls/src/conn.rs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 1f6fa8387e..20b305a9f3 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -645,6 +645,9 @@ impl ConnectionCommon { /// * In order to empty the incoming plaintext data buffer, you should empty it through /// the [`reader()`] after the call to [`process_new_packets()`]. /// + /// This function also returns `Ok(0)` once a `close_notify` alert has been successfully + /// received. No additional data is ever read in this state. + /// /// [`process_new_packets()`]: ConnectionCommon::process_new_packets /// [`reader()`]: ConnectionCommon::reader pub fn read_tls(&mut self, rd: &mut dyn io::Read) -> Result { @@ -655,6 +658,10 @@ impl ConnectionCommon { )); } + if self.has_received_close_notify { + return Ok(0); + } + let res = self .core .message_deframer From 7d4e809e5eb535228fc4aef4f472b139a3adb4f4 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 17 May 2024 14:15:35 +0100 Subject: [PATCH 0951/1145] Ignore duplicative `send_close_notify` calls `tokio-rustls` has a test that accidentally does this twice. Make this call idempotent. --- rustls/src/common_state.rs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 19589cf6dd..29825ea7d2 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -475,14 +475,20 @@ impl CommonState { err.into() } - /// Queues a close_notify warning alert to be sent in the next + /// Queues a `close_notify` warning alert to be sent in the next /// [`Connection::write_tls`] call. This informs the peer that the /// connection is being closed. /// + /// Does nothing if any `close_notify` or fatal alert was already sent. + /// /// [`Connection::write_tls`]: crate::Connection::write_tls pub fn send_close_notify(&mut self) { + if self.sent_fatal_alert { + return; + } debug!("Sending warning alert {:?}", AlertDescription::CloseNotify); self.send_warning_alert_no_log(AlertDescription::CloseNotify); + self.sent_fatal_alert = true; } pub(crate) fn eager_send_close_notify( From 2c72fb0c31094b2cdda26cab8fa813e2f881ba64 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 17 May 2024 14:24:14 +0100 Subject: [PATCH 0952/1145] Test for more `close_notify` conditions - before the handshake finishes - after a `close_notify` before the handshake finishes - after a `close_notify` after the handshake finishes - `read_tls` artificial EOF after `close_notify` --- rustls/tests/api.rs | 53 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index f8de2558ac..bfebb640e5 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -6442,6 +6442,59 @@ fn test_data_after_close_notify_is_ignored() { ); } +#[test] +fn test_close_notify_sent_prior_to_handshake_complete() { + let (mut client, mut server) = make_pair(KeyType::Rsa2048); + client.send_close_notify(); + assert_eq!( + do_handshake_until_error(&mut client, &mut server), + Err(ErrorFromPeer::Server(Error::AlertReceived( + AlertDescription::CloseNotify + ))) + ); +} + +#[test] +fn test_subsequent_close_notify_ignored() { + let (mut client, mut server) = make_pair(KeyType::Rsa2048); + client.send_close_notify(); + assert!(transfer(&mut client, &mut server) > 0); + + // does nothing + client.send_close_notify(); + assert_eq!(transfer(&mut client, &mut server), 0); +} + +#[test] +fn test_second_close_notify_after_handshake() { + let (mut client, mut server) = make_pair(KeyType::Rsa2048); + do_handshake(&mut client, &mut server); + client.send_close_notify(); + assert!(transfer(&mut client, &mut server) > 0); + server.process_new_packets().unwrap(); + + // does nothing + client.send_close_notify(); + assert_eq!(transfer(&mut client, &mut server), 0); +} + +#[test] +fn test_read_tls_artificial_eof_after_close_notify() { + let (mut client, mut server) = make_pair(KeyType::Rsa2048); + do_handshake(&mut client, &mut server); + client.send_close_notify(); + assert!(transfer(&mut client, &mut server) > 0); + server.process_new_packets().unwrap(); + + let buf = [1, 2, 3, 4]; + assert_eq!( + server + .read_tls(&mut io::Cursor::new(buf)) + .unwrap(), + 0 + ); +} + struct FakeStream<'a>(&'a [u8]); impl<'a> io::Read for FakeStream<'a> { From e45fec43e1b200b5b206d61ffb6aac8289cb014f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 17 May 2024 15:13:39 +0100 Subject: [PATCH 0953/1145] Prepare 0.23.7 --- Cargo.lock | 14 +++++++------- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 11a28e26b5..05369325f2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2172,7 +2172,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.6" +version = "0.23.7" dependencies = [ "aws-lc-rs", "base64 0.22.1", @@ -2206,7 +2206,7 @@ dependencies = [ "fxhash", "itertools", "rayon", - "rustls 0.23.6", + "rustls 0.23.7", "rustls-pemfile 2.1.2", "rustls-pki-types", "tikv-jemallocator", @@ -2219,7 +2219,7 @@ dependencies = [ "hickory-resolver", "regex", "ring", - "rustls 0.23.6", + "rustls 0.23.7", ] [[package]] @@ -2232,7 +2232,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.6", + "rustls 0.23.7", "rustls-pemfile 2.1.2", "rustls-pki-types", "serde", @@ -2250,7 +2250,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.6", + "rustls 0.23.7", "rustls-pemfile 2.1.2", "rustls-pki-types", ] @@ -2286,7 +2286,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.6", + "rustls 0.23.7", "webpki-roots 0.26.1", ] @@ -2308,7 +2308,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.6", + "rustls 0.23.7", "rustls-pki-types", "rustls-webpki 0.102.3", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index e26755c8a2..f3faec490f 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -360,7 +360,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.6" +version = "0.23.7" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 9165743e97..9141d9346b 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.6" +version = "0.23.7" edition = "2021" rust-version = "1.63" license = "Apache-2.0 OR ISC OR MIT" From 4e2856b1fa4917a6a8c35c5c4aada1f5fd649cc5 Mon Sep 17 00:00:00 2001 From: sarath Date: Sat, 18 May 2024 17:59:15 +0530 Subject: [PATCH 0954/1145] updated the command to run the examples tlsserver-mio and tlsclient-mio --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c785cee8bd..7f5d55b107 100644 --- a/README.md +++ b/README.md @@ -250,13 +250,13 @@ Here's a sample run; we start a TLS echo server, then connect to it with `openssl` and `tlsclient-mio`: ``` -$ cargo run --bin tlsserver-mio -- --certs test-ca/rsa/end.fullchain --key test-ca/rsa/end.rsa -p 8443 echo & +$ cargo run --bin tlsserver-mio -- --certs test-ca/rsa-2048/end.fullchain --key test-ca/rsa-2048/end.key -p 8443 echo & $ echo hello world | openssl s_client -ign_eof -quiet -connect localhost:8443 depth=2 CN = ponytown RSA CA verify error:num=19:self signed certificate in certificate chain hello world ^C -$ echo hello world | cargo run --bin tlsclient-mio -- --cafile test-ca/rsa/ca.cert -p 8443 localhost +$ echo hello world | cargo run --bin tlsclient-mio -- --cafile test-ca/rsa-2048/ca.cert -p 8443 localhost hello world ^C ``` From b6e37397a06f023ef8dc66f4b5cd68a0c147301b Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 20 May 2024 09:13:16 -0400 Subject: [PATCH 0955/1145] deps: anyhow v1.0.83 -> v1.0.86 --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 05369325f2..5ad791272e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -123,9 +123,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.83" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25bdb32cbbdce2b519a9cd7df3a678443100e265d5e25ca763b7572a5104f5f3" +checksum = "b3d1d046238990b9cf5bcde22a3fb3584ee5cf65fb2765f454ed428c7a0063da" [[package]] name = "asn1" From 80f1fe416f5a357d1ec15a4f66100a0bddc1d0f5 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 20 May 2024 09:13:48 -0400 Subject: [PATCH 0956/1145] deps: itertools 0.12 -> 0.13 --- Cargo.lock | 13 +++++++++++-- ci-bench/Cargo.toml | 2 +- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5ad791272e..9f35fa7253 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -422,7 +422,7 @@ dependencies = [ "bitflags 2.4.2", "cexpr", "clang-sys", - "itertools", + "itertools 0.12.1", "lazy_static", "lazycell", "log", @@ -1421,6 +1421,15 @@ dependencies = [ "either", ] +[[package]] +name = "itertools" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" +dependencies = [ + "either", +] + [[package]] name = "itoa" version = "1.0.10" @@ -2204,7 +2213,7 @@ dependencies = [ "byteorder", "clap", "fxhash", - "itertools", + "itertools 0.13.0", "rayon", "rustls 0.23.7", "rustls-pemfile 2.1.2", diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index f51b462d30..96cf6cd71a 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -12,7 +12,7 @@ async-trait = "0.1.74" byteorder = "1.4.3" clap = { version = "4.3.21", features = ["derive"] } fxhash = "0.2.1" -itertools = "0.12" +itertools = "0.13" pki-types = { package = "rustls-pki-types", version = "1.4.1" } rayon = "1.7.0" rustls = { path = "../rustls", features = ["ring", "aws_lc_rs"] } From fbaa0f940a4c293374012f2257db2ec4add2c998 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 15 May 2024 06:44:34 +0100 Subject: [PATCH 0957/1145] Rename `CertificatePayloadTls13::convert` --- rustls/src/client/tls13.rs | 3 ++- rustls/src/msgs/handshake.rs | 2 +- rustls/src/server/tls13.rs | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index ffe84170fb..0b51d21b96 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -658,7 +658,8 @@ impl State for ExpectCertificate { )); } let end_entity_ocsp = cert_chain.end_entity_ocsp(); - let server_cert = ServerCertDetails::new(cert_chain.convert(), end_entity_ocsp); + let server_cert = + ServerCertDetails::new(cert_chain.into_certificate_chain(), end_entity_ocsp); Ok(Box::new(ExpectCertificateVerify { config: self.config, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 729a79a905..c1395964d3 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1469,7 +1469,7 @@ impl CertificatePayloadTls13 { .unwrap_or_default() } - pub(crate) fn convert(self) -> CertificateChain<'static> { + pub(crate) fn into_certificate_chain(self) -> CertificateChain<'static> { CertificateChain( self.entries .into_iter() diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index b18f39da49..586f083480 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -872,7 +872,7 @@ impl State for ExpectCertificate { return Err(PeerMisbehaved::UnsolicitedCertExtension.into()); } - let client_cert = certp.convert(); + let client_cert = certp.into_certificate_chain(); let mandatory = self .config From 3ef136c66110c6656a4f46b19a4dce43a39ad8c5 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 15 May 2024 06:46:33 +0100 Subject: [PATCH 0958/1145] Extend borrowed certificate data support to TLS1.3 Previously this covered only certificates received in a TLS1.2 handshake. Now it covers TLS1.3 certificates and OCSP responses. --- rustls/src/client/tls13.rs | 8 ++- rustls/src/msgs/base.rs | 28 ++++---- rustls/src/msgs/handshake.rs | 113 +++++++++++++++++++----------- rustls/src/msgs/handshake_test.rs | 8 +-- rustls/src/msgs/message_test.rs | 5 +- rustls/src/server/tls13.rs | 2 +- 6 files changed, 105 insertions(+), 59 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 0b51d21b96..917b6a7a77 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -658,8 +658,12 @@ impl State for ExpectCertificate { )); } let end_entity_ocsp = cert_chain.end_entity_ocsp(); - let server_cert = - ServerCertDetails::new(cert_chain.into_certificate_chain(), end_entity_ocsp); + let server_cert = ServerCertDetails::new( + cert_chain + .into_certificate_chain() + .into_owned(), + end_entity_ocsp, + ); Ok(Box::new(ExpectCertificateVerify { config: self.config, diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index b05e106851..244e774c4a 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -81,31 +81,35 @@ impl fmt::Debug for Payload<'_> { /// An arbitrary, unknown-content, u24-length-prefixed payload #[derive(Clone, Eq, PartialEq)] -pub(crate) struct PayloadU24(pub(crate) Vec); +pub(crate) struct PayloadU24<'a>(pub(crate) Payload<'a>); -impl PayloadU24 { - pub(crate) fn new(bytes: Vec) -> Self { - Self(bytes) +impl<'a> PayloadU24<'a> { + pub(crate) fn new(bytes: Vec) -> PayloadU24<'static> { + PayloadU24(Payload::Owned(bytes)) + } + + pub(crate) fn into_owned(self) -> PayloadU24<'static> { + PayloadU24(self.0.into_owned()) } } -impl Codec<'_> for PayloadU24 { +impl<'a> Codec<'a> for PayloadU24<'a> { fn encode(&self, bytes: &mut Vec) { - codec::u24(self.0.len() as u32).encode(bytes); - bytes.extend_from_slice(&self.0); + let inner = self.0.bytes(); + codec::u24(inner.len() as u32).encode(bytes); + bytes.extend_from_slice(inner); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'a>) -> Result { let len = codec::u24::read(r)?.0 as usize; let mut sub = r.sub(len)?; - let body = sub.rest().to_vec(); - Ok(Self(body)) + Ok(Self(Payload::read(&mut sub))) } } -impl fmt::Debug for PayloadU24 { +impl<'a> fmt::Debug for PayloadU24<'a> { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - hex(f, &self.0) + self.0.fmt(f) } } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index c1395964d3..969e1cb787 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1295,12 +1295,12 @@ impl TlsListElement for CertificateDer<'_> { // context-free any more. #[derive(Debug)] -pub(crate) enum CertificateExtension { - CertificateStatus(CertificateStatus), +pub(crate) enum CertificateExtension<'a> { + CertificateStatus(CertificateStatus<'a>), Unknown(UnknownExtension), } -impl CertificateExtension { +impl<'a> CertificateExtension<'a> { pub(crate) fn ext_type(&self) -> ExtensionType { match *self { Self::CertificateStatus(_) => ExtensionType::StatusRequest, @@ -1308,15 +1308,22 @@ impl CertificateExtension { } } - pub(crate) fn cert_status(&self) -> Option<&Vec> { + pub(crate) fn cert_status(&self) -> Option<&[u8]> { match *self { - Self::CertificateStatus(ref cs) => Some(&cs.ocsp_response.0), + Self::CertificateStatus(ref cs) => Some(cs.ocsp_response.0.bytes()), _ => None, } } + + pub(crate) fn into_owned(self) -> CertificateExtension<'static> { + match self { + Self::CertificateStatus(st) => CertificateExtension::CertificateStatus(st.into_owned()), + Self::Unknown(unk) => CertificateExtension::Unknown(unk), + } + } } -impl Codec<'_> for CertificateExtension { +impl<'a> Codec<'a> for CertificateExtension<'a> { fn encode(&self, bytes: &mut Vec) { self.ext_type().encode(bytes); @@ -1327,7 +1334,7 @@ impl Codec<'_> for CertificateExtension { } } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'a>) -> Result { let typ = ExtensionType::read(r)?; let len = u16::read(r)? as usize; let mut sub = r.sub(len)?; @@ -1345,38 +1352,49 @@ impl Codec<'_> for CertificateExtension { } } -impl TlsListElement for CertificateExtension { +impl<'a> TlsListElement for CertificateExtension<'a> { const SIZE_LEN: ListLength = ListLength::U16; } #[derive(Debug)] -pub(crate) struct CertificateEntry { - pub(crate) cert: CertificateDer<'static>, - pub(crate) exts: Vec, +pub(crate) struct CertificateEntry<'a> { + pub(crate) cert: CertificateDer<'a>, + pub(crate) exts: Vec>, } -impl Codec<'_> for CertificateEntry { +impl<'a> Codec<'a> for CertificateEntry<'a> { fn encode(&self, bytes: &mut Vec) { self.cert.encode(bytes); self.exts.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'a>) -> Result { Ok(Self { - cert: CertificateDer::read(r)?.into_owned(), + cert: CertificateDer::read(r)?, exts: Vec::read(r)?, }) } } -impl CertificateEntry { - pub(crate) fn new(cert: CertificateDer<'static>) -> Self { - Self { +impl<'a> CertificateEntry<'a> { + pub(crate) fn new(cert: CertificateDer<'static>) -> CertificateEntry<'static> { + CertificateEntry { cert, exts: Vec::new(), } } + pub(crate) fn into_owned(self) -> CertificateEntry<'static> { + CertificateEntry { + cert: self.cert.into_owned(), + exts: self + .exts + .into_iter() + .map(CertificateExtension::into_owned) + .collect(), + } + } + pub(crate) fn has_duplicate_extension(&self) -> bool { has_duplicates::<_, _, u16>( self.exts @@ -1391,7 +1409,7 @@ impl CertificateEntry { .any(|ext| ext.ext_type() != ExtensionType::StatusRequest) } - pub(crate) fn ocsp_response(&self) -> Option<&Vec> { + pub(crate) fn ocsp_response(&self) -> Option<&[u8]> { self.exts .iter() .find(|ext| ext.ext_type() == ExtensionType::StatusRequest) @@ -1399,23 +1417,23 @@ impl CertificateEntry { } } -impl TlsListElement for CertificateEntry { +impl<'a> TlsListElement for CertificateEntry<'a> { const SIZE_LEN: ListLength = ListLength::U24 { max: 0x1_0000 }; } #[derive(Debug)] -pub struct CertificatePayloadTls13 { +pub struct CertificatePayloadTls13<'a> { pub(crate) context: PayloadU8, - pub(crate) entries: Vec, + pub(crate) entries: Vec>, } -impl Codec<'_> for CertificatePayloadTls13 { +impl<'a> Codec<'a> for CertificatePayloadTls13<'a> { fn encode(&self, bytes: &mut Vec) { self.context.encode(bytes); self.entries.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'a>) -> Result { Ok(Self { context: PayloadU8::read(r)?, entries: Vec::read(r)?, @@ -1423,14 +1441,25 @@ impl Codec<'_> for CertificatePayloadTls13 { } } -impl CertificatePayloadTls13 { - pub(crate) fn new(entries: Vec) -> Self { +impl<'a> CertificatePayloadTls13<'a> { + pub(crate) fn new(entries: Vec>) -> Self { Self { context: PayloadU8::empty(), entries, } } + pub(crate) fn into_owned(self) -> CertificatePayloadTls13<'static> { + CertificatePayloadTls13 { + context: self.context, + entries: self + .entries + .into_iter() + .map(CertificateEntry::into_owned) + .collect(), + } + } + pub(crate) fn any_entry_has_duplicate_extension(&self) -> bool { for entry in &self.entries { if entry.has_duplicate_extension() { @@ -1465,11 +1494,11 @@ impl CertificatePayloadTls13 { self.entries .first() .and_then(CertificateEntry::ocsp_response) - .cloned() + .map(|resp| resp.to_vec()) .unwrap_or_default() } - pub(crate) fn into_certificate_chain(self) -> CertificateChain<'static> { + pub(crate) fn into_certificate_chain(self) -> CertificateChain<'a> { CertificateChain( self.entries .into_iter() @@ -2175,17 +2204,17 @@ impl Codec<'_> for NewSessionTicketPayloadTls13 { /// Only supports OCSP #[derive(Debug)] -pub struct CertificateStatus { - pub(crate) ocsp_response: PayloadU24, +pub struct CertificateStatus<'a> { + pub(crate) ocsp_response: PayloadU24<'a>, } -impl Codec<'_> for CertificateStatus { +impl<'a> Codec<'a> for CertificateStatus<'a> { fn encode(&self, bytes: &mut Vec) { CertificateStatusType::OCSP.encode(bytes); self.ocsp_response.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'a>) -> Result { let typ = CertificateStatusType::read(r)?; match typ { @@ -2197,16 +2226,22 @@ impl Codec<'_> for CertificateStatus { } } -impl CertificateStatus { - pub(crate) fn new(ocsp: Vec) -> Self { - Self { +impl<'a> CertificateStatus<'a> { + pub(crate) fn new(ocsp: Vec) -> CertificateStatus<'static> { + CertificateStatus { ocsp_response: PayloadU24::new(ocsp), } } #[cfg(feature = "tls12")] pub(crate) fn into_inner(self) -> Vec { - self.ocsp_response.0 + self.ocsp_response.0.into_vec() + } + + pub(crate) fn into_owned(self) -> CertificateStatus<'static> { + CertificateStatus { + ocsp_response: self.ocsp_response.into_owned(), + } } } @@ -2217,7 +2252,7 @@ pub enum HandshakePayload<'a> { ServerHello(ServerHelloPayload), HelloRetryRequest(HelloRetryRequest), Certificate(CertificateChain<'a>), - CertificateTls13(CertificatePayloadTls13), + CertificateTls13(CertificatePayloadTls13<'a>), ServerKeyExchange(ServerKeyExchangePayload), CertificateRequest(CertificateRequestPayload), CertificateRequestTls13(CertificateRequestPayloadTls13), @@ -2230,7 +2265,7 @@ pub enum HandshakePayload<'a> { EncryptedExtensions(Vec), KeyUpdate(KeyUpdateRequest), Finished(Payload<'a>), - CertificateStatus(CertificateStatus), + CertificateStatus(CertificateStatus<'a>), MessageHash(Payload<'a>), Unknown(Payload<'a>), } @@ -2270,7 +2305,7 @@ impl HandshakePayload<'_> { ServerHello(x) => ServerHello(x), HelloRetryRequest(x) => HelloRetryRequest(x), Certificate(x) => Certificate(x.into_owned()), - CertificateTls13(x) => CertificateTls13(x), + CertificateTls13(x) => CertificateTls13(x.into_owned()), ServerKeyExchange(x) => ServerKeyExchange(x), CertificateRequest(x) => CertificateRequest(x), CertificateRequestTls13(x) => CertificateRequestTls13(x), @@ -2283,7 +2318,7 @@ impl HandshakePayload<'_> { EncryptedExtensions(x) => EncryptedExtensions(x), KeyUpdate(x) => KeyUpdate(x), Finished(x) => Finished(x.into_owned()), - CertificateStatus(x) => CertificateStatus(x), + CertificateStatus(x) => CertificateStatus(x.into_owned()), MessageHash(x) => MessageHash(x.into_owned()), Unknown(x) => Unknown(x.into_owned()), } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 11efe6be7c..b663ae2f29 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -793,14 +793,14 @@ fn get_sample_helloretryrequest() -> HelloRetryRequest { } } -fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13 { +fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13<'static> { CertificatePayloadTls13 { context: PayloadU8(vec![1, 2, 3]), entries: vec![CertificateEntry { cert: CertificateDer::from(vec![3, 4, 5]), exts: vec![ CertificateExtension::CertificateStatus(CertificateStatus { - ocsp_response: PayloadU24(vec![1, 2, 3]), + ocsp_response: PayloadU24::new(vec![1, 2, 3]), }), CertificateExtension::Unknown(UnknownExtension { typ: ExtensionType::Unknown(12345), @@ -885,9 +885,9 @@ fn get_sample_encryptedextensions() -> Vec { get_sample_serverhellopayload().extensions } -fn get_sample_certificatestatus() -> CertificateStatus { +fn get_sample_certificatestatus() -> CertificateStatus<'static> { CertificateStatus { - ocsp_response: PayloadU24(vec![1, 2, 3]), + ocsp_response: PayloadU24::new(vec![1, 2, 3]), } } diff --git a/rustls/src/msgs/message_test.rs b/rustls/src/msgs/message_test.rs index 69450a9b67..ba91c1f6ec 100644 --- a/rustls/src/msgs/message_test.rs +++ b/rustls/src/msgs/message_test.rs @@ -103,5 +103,8 @@ fn debug_payload() { assert_eq!("01020304", format!("{:?}", Payload::new(vec![1, 2, 3, 4]))); assert_eq!("01020304", format!("{:?}", PayloadU8(vec![1, 2, 3, 4]))); assert_eq!("01020304", format!("{:?}", PayloadU16(vec![1, 2, 3, 4]))); - assert_eq!("01020304", format!("{:?}", PayloadU24(vec![1, 2, 3, 4]))); + assert_eq!( + "01020304", + format!("{:?}", PayloadU24::new(vec![1, 2, 3, 4])) + ); } diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 586f083480..87041af816 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -916,7 +916,7 @@ impl State for ExpectCertificate { suite: self.suite, transcript: self.transcript, key_schedule: self.key_schedule, - client_cert, + client_cert: client_cert.into_owned(), send_tickets: self.send_tickets, })) } From dfa926abf2728fa3b3ca0a8c33bbc61013fef9cc Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 15 May 2024 12:29:59 +0100 Subject: [PATCH 0959/1145] Unify limits on certificate message size Remove misplaced comment complaining about TLS1.3 design. --- rustls/src/msgs/handshake.rs | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 969e1cb787..d6534a9a8d 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1287,12 +1287,17 @@ impl<'a> Deref for CertificateChain<'a> { } impl TlsListElement for CertificateDer<'_> { - const SIZE_LEN: ListLength = ListLength::U24 { max: 0x1_0000 }; + const SIZE_LEN: ListLength = ListLength::U24 { + max: CERTIFICATE_MAX_SIZE_LIMIT, + }; } -// TLS1.3 changes the Certificate payload encoding. -// That's annoying. It means the parsing is not -// context-free any more. +/// TLS has a 16MB size limit on any handshake message, +/// plus a 16MB limit on any given certificate. +/// +/// We contract that to 64KB to limit the amount of memory allocation +/// that is directly controllable by the peer. +pub(crate) const CERTIFICATE_MAX_SIZE_LIMIT: usize = 0x1_0000; #[derive(Debug)] pub(crate) enum CertificateExtension<'a> { @@ -1418,7 +1423,9 @@ impl<'a> CertificateEntry<'a> { } impl<'a> TlsListElement for CertificateEntry<'a> { - const SIZE_LEN: ListLength = ListLength::U24 { max: 0x1_0000 }; + const SIZE_LEN: ListLength = ListLength::U24 { + max: CERTIFICATE_MAX_SIZE_LIMIT, + }; } #[derive(Debug)] From ce3d12a933d131a2d174c5606a38a333940fd385 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 20 May 2024 15:25:21 +0100 Subject: [PATCH 0960/1145] Replace manual feature computations with python script Inspired by actix/actix-net's justfile. --- .github/workflows/build.yml | 6 ++-- admin/all-features-except | 58 +++++++++++++++++++++++++++++++++++++ bogo/runme | 4 +-- 3 files changed, 63 insertions(+), 5 deletions(-) create mode 100755 admin/all-features-except diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a35b70255d..68f29796f1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -232,13 +232,13 @@ jobs: uses: dtolnay/rust-toolchain@nightly - name: Smoke-test benchmark program (ring) - run: cargo run -p rustls --profile=bench --locked --example bench + run: cargo run -p rustls --profile=bench --locked --example bench $(admin/all-features-except aws_lc_rs,aws-lc-rs,fips rustls) - name: Smoke-test benchmark program (aws-lc-rs) - run: cargo run -p rustls --profile=bench --locked --example bench --no-default-features --features aws_lc_rs,tls12,std + run: cargo run -p rustls --profile=bench --locked --example bench $(admin/all-features-except ring,fips rustls) - name: Smoke-test benchmark program (fips) - run: cargo run -p rustls --profile=bench --locked --example bench --no-default-features --features fips,tls12,std + run: cargo run -p rustls --profile=bench --locked --example bench $(admin/all-features-except aws_lc_rs,aws-lc-rs,ring rustls) - name: Run micro-benchmarks run: cargo bench --locked --all-features diff --git a/admin/all-features-except b/admin/all-features-except new file mode 100755 index 0000000000..395ee9d161 --- /dev/null +++ b/admin/all-features-except @@ -0,0 +1,58 @@ +#!/usr/bin/env python3 + +DESCRIPTION = """ +Usage: admin/all-features-except a,b,c crate + +Prints the set of all features declared by the given crate, minus +a, b and c. + +The output is decorated with `--no-default-features --features` meaning +it can be used directly with cargo, for example: + +$ cargo build $(admin/all-features-except std,logging rustls) + +It is assumed but not verified that the remaining features do not +have dependencies on the disabled features (otherwise, cargo will +re-enable them without notification). +""" + +import subprocess +import argparse +import json + + +def crate_features(crate_name): + js = json.loads( + subprocess.check_output( + ["cargo", "metadata", "--no-deps", "--format-version=1"] + ) + ) + package = [p for p in js["packages"] if p["name"] == crate_name] + if len(package) != 1: + raise ValueError(f"crate {crate_name} not found in {js}") + return set(package[0]["features"].keys()) + + +if __name__ == "__main__": + ap = argparse.ArgumentParser(description=DESCRIPTION) + ap.add_argument( + dest="except_features", + metavar="FEATURE,FEATURE,..", + type=lambda x: set(x.strip().split(",")), + help="Which features to remove from the complete set of features", + ) + ap.add_argument("crate", help="Which crate to determine features for") + opts = ap.parse_args() + + features = crate_features(opts.crate) + + for f in opts.except_features: + try: + features.remove(f) + except KeyError as e: + ap.error(f"feature `{f}' not found (known are {features})") + + # drop default, as it may re-enable other features + features.discard("default") + + print("--no-default-features", "--features", ",".join(sorted(features))) diff --git a/bogo/runme b/bogo/runme index c13fbe673d..d2f0ff924f 100755 --- a/bogo/runme +++ b/bogo/runme @@ -7,11 +7,11 @@ set -xe case ${BOGO_SHIM_PROVIDER:-ring} in ring) - cargo build -p rustls --example bogo_shim --no-default-features --features ring,tls12,logging,std + cargo build -p rustls --example bogo_shim $(../admin/all-features-except aws-lc-rs,aws_lc_rs,fips rustls) cpp -P -DRING config.json.in > config.json ;; aws-lc-rs) - cargo build -p rustls --example bogo_shim --no-default-features --features aws_lc_rs,tls12,logging,std + cargo build -p rustls --example bogo_shim $(../admin/all-features-except ring,fips rustls) cpp -P -DAWS_LC_RS config.json.in > config.json ;; existing) From 125d64164e785d7675806f31c97338a8813d2b1f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 20 May 2024 16:21:57 +0100 Subject: [PATCH 0961/1145] Test theoretical support for OCSP pinning --- rustls/tests/api.rs | 23 +++++++++++++++++++++++ rustls/tests/common/mod.rs | 16 ++++++++++++++-- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index bfebb640e5..4f9016d0ab 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -6495,6 +6495,29 @@ fn test_read_tls_artificial_eof_after_close_notify() { ); } +#[test] +fn test_pinned_ocsp_response_given_to_custom_server_cert_verifier() { + let ocsp_response = b"hello-ocsp-world!"; + let kt = KeyType::EcdsaP256; + + for version in rustls::ALL_VERSIONS { + let server_config = server_config_builder() + .with_no_client_auth() + .with_single_cert_with_ocsp(kt.get_chain(), kt.get_key(), ocsp_response.to_vec()) + .unwrap(); + + let client_config = client_config_builder_with_versions(&[version]) + .dangerous() + .with_custom_certificate_verifier(Arc::new(MockServerVerifier::expects_ocsp_response( + ocsp_response, + ))) + .with_no_client_auth(); + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + do_handshake(&mut client, &mut server); + } +} + struct FakeStream<'a>(&'a [u8]); impl<'a> io::Read for FakeStream<'a> { diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 9e5df0bd10..d24e04655a 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -778,6 +778,7 @@ pub struct MockServerVerifier { tls12_signature_error: Option, tls13_signature_error: Option, signature_schemes: Vec, + expected_ocsp_response: Option>, } impl ServerCertVerifier for MockServerVerifier { @@ -786,13 +787,16 @@ impl ServerCertVerifier for MockServerVerifier { end_entity: &CertificateDer<'_>, intermediates: &[CertificateDer<'_>], server_name: &ServerName<'_>, - oscp_response: &[u8], + ocsp_response: &[u8], now: UnixTime, ) -> Result { println!( "verify_server_cert({:?}, {:?}, {:?}, {:?}, {:?})", - end_entity, intermediates, server_name, oscp_response, now + end_entity, intermediates, server_name, ocsp_response, now ); + if let Some(expected_ocsp) = &self.expected_ocsp_response { + assert_eq!(expected_ocsp, ocsp_response); + } if let Some(error) = &self.cert_rejection_error { Err(error.clone()) } else { @@ -847,6 +851,13 @@ impl MockServerVerifier { } } + pub fn expects_ocsp_response(response: &[u8]) -> Self { + MockServerVerifier { + expected_ocsp_response: Some(response.to_vec()), + ..Default::default() + } + } + pub fn rejects_certificate(err: Error) -> Self { MockServerVerifier { cert_rejection_error: Some(err), @@ -890,6 +901,7 @@ impl Default for MockServerVerifier { SignatureScheme::ECDSA_NISTP384_SHA384, SignatureScheme::ECDSA_NISTP521_SHA512, ], + expected_ocsp_response: None, } } } From c57079361b410bfbdae5f70913d8c89de2e71ed3 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 20 May 2024 17:25:13 +0100 Subject: [PATCH 0962/1145] Cover `HandshakeMessagePayload::into_owned()` --- rustls/src/msgs/handshake_test.rs | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index b663ae2f29..9236023dba 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -989,6 +989,17 @@ fn can_roundtrip_all_tls12_handshake_payloads() { } } +#[test] +fn can_into_owned_all_tls12_handshake_payloads() { + for hm in get_all_tls12_handshake_payloads().drain(..) { + let enc = hm.get_encoding(); + let debug = format!("{hm:?}"); + let other = hm.into_owned(); + assert_eq!(enc, other.get_encoding()); + assert_eq!(debug, format!("{other:?}")); + } +} + #[test] fn can_detect_truncation_of_all_tls12_handshake_payloads() { for hm in get_all_tls12_handshake_payloads().iter() { @@ -1134,6 +1145,17 @@ fn can_roundtrip_all_tls13_handshake_payloads() { } } +#[test] +fn can_into_owned_all_tls13_handshake_payloads() { + for hm in get_all_tls13_handshake_payloads().drain(..) { + let enc = hm.get_encoding(); + let debug = format!("{hm:?}"); + let other = hm.into_owned(); + assert_eq!(enc, other.get_encoding()); + assert_eq!(debug, format!("{other:?}")); + } +} + fn put_u24(u: u32, b: &mut [u8]) { b[0] = (u >> 16) as u8; b[1] = (u >> 8) as u8; From 8da353056a0d3a7af3216df31d8754f3a939ca58 Mon Sep 17 00:00:00 2001 From: jasperpatterson Date: Thu, 25 Apr 2024 15:02:04 -0600 Subject: [PATCH 0963/1145] Add support for enforcing CRL expiration --- Cargo.lock | 8 +++--- fuzz/Cargo.lock | 8 +++--- rustls/Cargo.toml | 4 +-- rustls/src/error.rs | 6 ++++- rustls/src/webpki/client_verifier.rs | 36 ++++++++++++++++++++++++++- rustls/src/webpki/mod.rs | 1 + rustls/src/webpki/server_verifier.rs | 37 +++++++++++++++++++++++++++- 7 files changed, 87 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9f35fa7253..62325ddef9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2195,7 +2195,7 @@ dependencies = [ "ring", "rustls-pemfile 2.1.2", "rustls-pki-types", - "rustls-webpki 0.102.3", + "rustls-webpki 0.102.4", "rustversion", "subtle", "tikv-jemallocator", @@ -2319,7 +2319,7 @@ dependencies = [ "rsa", "rustls 0.23.7", "rustls-pki-types", - "rustls-webpki 0.102.3", + "rustls-webpki 0.102.4", "serde", "serde_json", "sha2", @@ -2340,9 +2340,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.102.3" +version = "0.102.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3bce581c0dd41bce533ce695a1437fa16a7ab5ac3ccfa99fe1a620a7885eabf" +checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" dependencies = [ "aws-lc-rs", "ring", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index f3faec490f..563763cb87 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -382,15 +382,15 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.2.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a716eb65e3158e90e17cd93d855216e27bde02745ab842f2cab4a39dba1bacf" +checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" [[package]] name = "rustls-webpki" -version = "0.102.2" +version = "0.102.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" +checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" dependencies = [ "aws-lc-rs", "ring", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 9141d9346b..a338ddb9d5 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -23,8 +23,8 @@ log = { version = "0.4.4", optional = true } once_cell = { version = "1.16", default-features = false, features = ["alloc", "race"] } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } -webpki = { package = "rustls-webpki", version = "0.102.2", features = ["alloc"], default-features = false } -pki-types = { package = "rustls-pki-types", version = "1.2", features = ["alloc"] } +webpki = { package = "rustls-webpki", version = "0.102.4", features = ["alloc"], default-features = false } +pki-types = { package = "rustls-pki-types", version = "1.7", features = ["alloc"] } zeroize = "1.7" [features] diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 7b85d79ee9..d8665489cb 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -315,6 +315,9 @@ pub enum CertificateError { /// The certificate's revocation status could not be determined. UnknownRevocationStatus, + /// The certificate's revocation status could not be determined, because the CRL is expired. + ExpiredRevocationList, + /// A certificate is not correctly signed by the key of its alleged /// issuer. BadSignature, @@ -358,6 +361,7 @@ impl PartialEq for CertificateError { (NotValidForName, NotValidForName) => true, (InvalidPurpose, InvalidPurpose) => true, (ApplicationVerificationFailure, ApplicationVerificationFailure) => true, + (ExpiredRevocationList, ExpiredRevocationList) => true, _ => false, } } @@ -378,7 +382,7 @@ impl From for AlertDescription { Revoked => Self::CertificateRevoked, // OpenSSL, BoringSSL and AWS-LC all generate an Unknown CA alert for // the case where revocation status can not be determined, so we do the same here. - UnknownIssuer | UnknownRevocationStatus => Self::UnknownCA, + UnknownIssuer | UnknownRevocationStatus | ExpiredRevocationList => Self::UnknownCA, BadSignature => Self::DecryptError, InvalidPurpose => Self::UnsupportedCertificate, ApplicationVerificationFailure => Self::AccessDenied, diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 90ec814afb..ea62baf23a 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -2,7 +2,7 @@ use alloc::sync::Arc; use alloc::vec::Vec; use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; -use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; +use webpki::{CertRevocationList, ExpirationPolicy, RevocationCheckDepth, UnknownStatusPolicy}; use super::{pki_error, VerifierBuilderError}; #[cfg(doc)] @@ -30,6 +30,7 @@ pub struct ClientCertVerifierBuilder { crls: Vec>, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, + revocation_expiration_policy: ExpirationPolicy, anon_policy: AnonymousClientPolicy, supported_algs: WebPkiSupportedAlgorithms, } @@ -46,6 +47,7 @@ impl ClientCertVerifierBuilder { anon_policy: AnonymousClientPolicy::Deny, revocation_check_depth: RevocationCheckDepth::Chain, unknown_revocation_policy: UnknownStatusPolicy::Deny, + revocation_expiration_policy: ExpirationPolicy::Ignore, supported_algs, } } @@ -138,6 +140,19 @@ impl ClientCertVerifierBuilder { self } + /// Enforce the CRL nextUpdate field (i.e. expiration) + /// + /// If CRLs are provided with [`with_crls`][Self::with_crls] and the verification time is + /// beyond the time in the CRL nextUpdate field, it is expired and treated as an error condition. + /// Overrides the default behavior where expired CRLs are not treated as an error condition. + /// + /// If no CRLs are provided then this setting has no effect as revocation status checks + /// are not performed. + pub fn enforce_revocation_expiration(mut self) -> Self { + self.revocation_expiration_policy = ExpirationPolicy::Enforce; + self + } + /// Build a client certificate verifier. The built verifier will be used for the server to offer /// client certificate authentication, to control how offered client certificates are validated, /// and to determine what to do with anonymous clients that do not respond to the client @@ -165,6 +180,7 @@ impl ClientCertVerifierBuilder { parse_crls(self.crls)?, self.revocation_check_depth, self.unknown_revocation_policy, + self.revocation_expiration_policy, self.anon_policy, self.supported_algs, ))) @@ -237,6 +253,7 @@ pub struct WebPkiClientVerifier { crls: Vec>, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, + revocation_expiration_policy: ExpirationPolicy, anonymous_policy: AnonymousClientPolicy, supported_algs: WebPkiSupportedAlgorithms, } @@ -305,6 +322,7 @@ impl WebPkiClientVerifier { crls: Vec>, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, + revocation_expiration_policy: ExpirationPolicy, anonymous_policy: AnonymousClientPolicy, supported_algs: WebPkiSupportedAlgorithms, ) -> Self { @@ -314,6 +332,7 @@ impl WebPkiClientVerifier { crls, revocation_check_depth, unknown_revocation_policy, + revocation_expiration_policy, anonymous_policy, supported_algs, } @@ -356,6 +375,7 @@ impl ClientCertVerifier for WebPkiClientVerifier { .unwrap() .with_depth(self.revocation_check_depth) .with_status_policy(self.unknown_revocation_policy) + .with_expiration_policy(self.revocation_expiration_policy) .build(), ) }; @@ -605,6 +625,20 @@ test_for_each_provider! { builder.build().unwrap(); } + #[test] + fn test_client_verifier_enforce_expiration() { + // We should be able to build a client verifier that allows unknown revocation status + let builder = WebPkiClientVerifier::builder_with_provider( + test_roots(), + provider::default_provider().into(), + ) + .with_crls(test_crls()) + .enforce_revocation_expiration(); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } + #[test] fn test_builder_no_roots() { // Trying to create a client verifier builder with no trust anchors should fail at build time diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 73dae651e6..dbbf6c8c9c 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -61,6 +61,7 @@ fn pki_error(error: webpki::Error) -> Error { CertNotValidForName => CertificateError::NotValidForName.into(), CertRevoked => CertificateError::Revoked.into(), UnknownRevocationStatus => CertificateError::UnknownRevocationStatus.into(), + CrlExpired => CertificateError::ExpiredRevocationList.into(), IssuerNotCrlSigner => CertRevocationListError::IssuerInvalidForCrl.into(), InvalidSignatureForPublicKey diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index f04ce96a68..6297eccbac 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -2,7 +2,7 @@ use alloc::sync::Arc; use alloc::vec::Vec; use pki_types::{CertificateDer, CertificateRevocationListDer, ServerName, UnixTime}; -use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; +use webpki::{CertRevocationList, ExpirationPolicy, RevocationCheckDepth, UnknownStatusPolicy}; use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms}; #[cfg(feature = "logging")] @@ -28,6 +28,7 @@ pub struct ServerCertVerifierBuilder { crls: Vec>, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, + revocation_expiration_policy: ExpirationPolicy, supported_algs: WebPkiSupportedAlgorithms, } @@ -41,6 +42,7 @@ impl ServerCertVerifierBuilder { crls: Vec::new(), revocation_check_depth: RevocationCheckDepth::Chain, unknown_revocation_policy: UnknownStatusPolicy::Deny, + revocation_expiration_policy: ExpirationPolicy::Ignore, supported_algs, } } @@ -83,6 +85,19 @@ impl ServerCertVerifierBuilder { self } + /// Enforce the CRL nextUpdate field (i.e. expiration) + /// + /// If CRLs are provided with [`with_crls`][Self::with_crls] and the verification time is + /// beyond the time in the CRL nextUpdate field, it is expired and treated as an error condition. + /// Overrides the default behavior where expired CRLs are not treated as an error condition. + /// + /// If no CRLs are provided then this setting has no effect as revocation status checks + /// are not performed. + pub fn enforce_revocation_expiration(mut self) -> Self { + self.revocation_expiration_policy = ExpirationPolicy::Enforce; + self + } + /// Build a server certificate verifier, allowing control over the root certificates to use as /// trust anchors, and to control how server certificate revocation checking is performed. /// @@ -107,6 +122,7 @@ impl ServerCertVerifierBuilder { parse_crls(self.crls)?, self.revocation_check_depth, self.unknown_revocation_policy, + self.revocation_expiration_policy, self.supported_algs, ) .into()) @@ -121,6 +137,7 @@ pub struct WebPkiServerVerifier { crls: Vec>, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, + revocation_expiration_policy: ExpirationPolicy, supported: WebPkiSupportedAlgorithms, } @@ -167,6 +184,7 @@ impl WebPkiServerVerifier { Vec::default(), RevocationCheckDepth::Chain, UnknownStatusPolicy::Allow, + ExpirationPolicy::Ignore, supported_algs, ) } @@ -187,6 +205,7 @@ impl WebPkiServerVerifier { crls: Vec>, revocation_check_depth: RevocationCheckDepth, unknown_revocation_policy: UnknownStatusPolicy, + revocation_expiration_policy: ExpirationPolicy, supported: WebPkiSupportedAlgorithms, ) -> Self { Self { @@ -194,6 +213,7 @@ impl WebPkiServerVerifier { crls, revocation_check_depth, unknown_revocation_policy, + revocation_expiration_policy, supported, } } @@ -234,6 +254,7 @@ impl ServerCertVerifier for WebPkiServerVerifier { .unwrap() .with_depth(self.revocation_check_depth) .with_status_policy(self.unknown_revocation_policy) + .with_expiration_policy(self.revocation_expiration_policy) .build(), ) }; @@ -413,4 +434,18 @@ test_for_each_provider! { println!("{:?}", builder); builder.build().unwrap(); } + + #[test] + fn test_server_verifier_enforce_expiration() { + // We should be able to build a server cert. verifier that allows unknown revocation + // status. + let builder = WebPkiServerVerifier::builder_with_provider( + test_roots(), + provider::default_provider().into(), + ) + .enforce_revocation_expiration(); + // The builder should be Debug. + println!("{:?}", builder); + builder.build().unwrap(); + } } From 572f970b0bfb9ba30d15fcaa0f095d0f4d3d46d3 Mon Sep 17 00:00:00 2001 From: jasperpatterson Date: Tue, 30 Apr 2024 16:43:00 -0600 Subject: [PATCH 0964/1145] Add test for CRL expiration --- rustls/examples/internal/test_ca.rs | 28 +++- rustls/tests/api.rs | 45 +++++++ rustls/tests/common/mod.rs | 21 ++- test-ca/ecdsa-p256/ca.cert | 16 +-- test-ca/ecdsa-p256/ca.der | Bin 443 -> 444 bytes test-ca/ecdsa-p256/ca.key | 6 +- test-ca/ecdsa-p256/client.cert | 13 +- test-ca/ecdsa-p256/client.chain | 30 ++--- test-ca/ecdsa-p256/client.der | Bin 480 -> 482 bytes test-ca/ecdsa-p256/client.expired.crl.pem | 7 + test-ca/ecdsa-p256/client.fullchain | 43 +++--- test-ca/ecdsa-p256/client.key | 6 +- test-ca/ecdsa-p256/client.revoked.crl.pem | 12 +- test-ca/ecdsa-p256/end.cert | 12 +- test-ca/ecdsa-p256/end.chain | 30 ++--- test-ca/ecdsa-p256/end.der | Bin 458 -> 459 bytes test-ca/ecdsa-p256/end.expired.crl.pem | 7 + test-ca/ecdsa-p256/end.fullchain | 42 +++--- test-ca/ecdsa-p256/end.key | 6 +- test-ca/ecdsa-p256/end.revoked.crl.pem | 12 +- test-ca/ecdsa-p256/inter.cert | 14 +- test-ca/ecdsa-p256/inter.der | Bin 460 -> 461 bytes test-ca/ecdsa-p256/inter.expired.crl.pem | 7 + test-ca/ecdsa-p256/inter.key | 6 +- test-ca/ecdsa-p256/inter.revoked.crl.pem | 12 +- test-ca/ecdsa-p384/ca.cert | 16 +-- test-ca/ecdsa-p384/ca.der | Bin 504 -> 504 bytes test-ca/ecdsa-p384/ca.key | 8 +- test-ca/ecdsa-p384/client.cert | 14 +- test-ca/ecdsa-p384/client.chain | 32 ++--- test-ca/ecdsa-p384/client.der | Bin 542 -> 542 bytes test-ca/ecdsa-p384/client.expired.crl.pem | 8 ++ test-ca/ecdsa-p384/client.fullchain | 46 +++---- test-ca/ecdsa-p384/client.key | 8 +- test-ca/ecdsa-p384/client.revoked.crl.pem | 14 +- test-ca/ecdsa-p384/end.cert | 16 +-- test-ca/ecdsa-p384/end.chain | 32 ++--- test-ca/ecdsa-p384/end.der | Bin 521 -> 520 bytes test-ca/ecdsa-p384/end.expired.crl.pem | 8 ++ test-ca/ecdsa-p384/end.fullchain | 48 +++---- test-ca/ecdsa-p384/end.key | 8 +- test-ca/ecdsa-p384/end.revoked.crl.pem | 14 +- test-ca/ecdsa-p384/inter.cert | 16 +-- test-ca/ecdsa-p384/inter.der | Bin 522 -> 522 bytes test-ca/ecdsa-p384/inter.expired.crl.pem | 8 ++ test-ca/ecdsa-p384/inter.key | 8 +- test-ca/ecdsa-p384/inter.revoked.crl.pem | 14 +- test-ca/ecdsa-p521/ca.cert | 20 +-- test-ca/ecdsa-p521/ca.der | Bin 578 -> 579 bytes test-ca/ecdsa-p521/ca.key | 12 +- test-ca/ecdsa-p521/client.cert | 20 +-- test-ca/ecdsa-p521/client.chain | 42 +++--- test-ca/ecdsa-p521/client.der | Bin 616 -> 617 bytes test-ca/ecdsa-p521/client.expired.crl.pem | 9 ++ test-ca/ecdsa-p521/client.fullchain | 62 ++++----- test-ca/ecdsa-p521/client.key | 12 +- test-ca/ecdsa-p521/client.revoked.crl.pem | 16 +-- test-ca/ecdsa-p521/end.cert | 18 +-- test-ca/ecdsa-p521/end.chain | 42 +++--- test-ca/ecdsa-p521/end.der | Bin 595 -> 595 bytes test-ca/ecdsa-p521/end.expired.crl.pem | 9 ++ test-ca/ecdsa-p521/end.fullchain | 60 ++++----- test-ca/ecdsa-p521/end.key | 12 +- test-ca/ecdsa-p521/end.revoked.crl.pem | 16 +-- test-ca/ecdsa-p521/inter.cert | 22 ++-- test-ca/ecdsa-p521/inter.der | Bin 596 -> 597 bytes test-ca/ecdsa-p521/inter.expired.crl.pem | 9 ++ test-ca/ecdsa-p521/inter.key | 12 +- test-ca/ecdsa-p521/inter.revoked.crl.pem | 14 +- test-ca/eddsa/ca.cert | 12 +- test-ca/eddsa/ca.der | Bin 369 -> 369 bytes test-ca/eddsa/ca.key | 4 +- test-ca/eddsa/client.cert | 8 +- test-ca/eddsa/client.chain | 24 ++-- test-ca/eddsa/client.der | Bin 412 -> 412 bytes test-ca/eddsa/client.expired.crl.pem | 7 + test-ca/eddsa/client.fullchain | 32 ++--- test-ca/eddsa/client.key | 4 +- test-ca/eddsa/client.revoked.crl.pem | 12 +- test-ca/eddsa/end.cert | 10 +- test-ca/eddsa/end.chain | 24 ++-- test-ca/eddsa/end.der | Bin 390 -> 390 bytes test-ca/eddsa/end.expired.crl.pem | 7 + test-ca/eddsa/end.fullchain | 34 ++--- test-ca/eddsa/end.key | 4 +- test-ca/eddsa/end.revoked.crl.pem | 12 +- test-ca/eddsa/inter.cert | 12 +- test-ca/eddsa/inter.der | Bin 387 -> 387 bytes test-ca/eddsa/inter.expired.crl.pem | 7 + test-ca/eddsa/inter.key | 4 +- test-ca/eddsa/inter.revoked.crl.pem | 10 +- test-ca/rsa-2048/ca.cert | 30 ++--- test-ca/rsa-2048/ca.der | Bin 835 -> 835 bytes test-ca/rsa-2048/ca.key | 52 ++++---- test-ca/rsa-2048/client.cert | 28 ++-- test-ca/rsa-2048/client.chain | 60 ++++----- test-ca/rsa-2048/client.der | Bin 875 -> 875 bytes test-ca/rsa-2048/client.expired.crl.pem | 11 ++ test-ca/rsa-2048/client.fullchain | 88 ++++++------- test-ca/rsa-2048/client.key | 52 ++++---- test-ca/rsa-2048/client.revoked.crl.pem | 20 +-- test-ca/rsa-2048/end.cert | 26 ++-- test-ca/rsa-2048/end.chain | 60 ++++----- test-ca/rsa-2048/end.der | Bin 853 -> 853 bytes test-ca/rsa-2048/end.expired.crl.pem | 11 ++ test-ca/rsa-2048/end.fullchain | 86 ++++++------ test-ca/rsa-2048/end.key | 52 ++++---- test-ca/rsa-2048/end.revoked.crl.pem | 20 +-- test-ca/rsa-2048/inter.cert | 30 ++--- test-ca/rsa-2048/inter.der | Bin 853 -> 853 bytes test-ca/rsa-2048/inter.expired.crl.pem | 11 ++ test-ca/rsa-2048/inter.key | 52 ++++---- test-ca/rsa-2048/inter.revoked.crl.pem | 20 +-- test-ca/rsa-3072/ca.cert | 40 +++--- test-ca/rsa-3072/ca.der | Bin 1091 -> 1091 bytes test-ca/rsa-3072/ca.key | 76 +++++------ test-ca/rsa-3072/client.cert | 38 +++--- test-ca/rsa-3072/client.chain | 82 ++++++------ test-ca/rsa-3072/client.der | Bin 1131 -> 1131 bytes test-ca/rsa-3072/client.expired.crl.pem | 14 ++ test-ca/rsa-3072/client.fullchain | 120 ++++++++--------- test-ca/rsa-3072/client.key | 76 +++++------ test-ca/rsa-3072/client.revoked.crl.pem | 26 ++-- test-ca/rsa-3072/end.cert | 38 +++--- test-ca/rsa-3072/end.chain | 82 ++++++------ test-ca/rsa-3072/end.der | Bin 1109 -> 1109 bytes test-ca/rsa-3072/end.expired.crl.pem | 14 ++ test-ca/rsa-3072/end.fullchain | 120 ++++++++--------- test-ca/rsa-3072/end.key | 76 +++++------ test-ca/rsa-3072/end.revoked.crl.pem | 26 ++-- test-ca/rsa-3072/inter.cert | 42 +++--- test-ca/rsa-3072/inter.der | Bin 1109 -> 1109 bytes test-ca/rsa-3072/inter.expired.crl.pem | 14 ++ test-ca/rsa-3072/inter.key | 76 +++++------ test-ca/rsa-3072/inter.revoked.crl.pem | 26 ++-- test-ca/rsa-4096/ca.cert | 50 +++---- test-ca/rsa-4096/ca.der | Bin 1347 -> 1347 bytes test-ca/rsa-4096/ca.key | 100 +++++++------- test-ca/rsa-4096/client.cert | 48 +++---- test-ca/rsa-4096/client.chain | 102 +++++++-------- test-ca/rsa-4096/client.der | Bin 1387 -> 1387 bytes test-ca/rsa-4096/client.expired.crl.pem | 17 +++ test-ca/rsa-4096/client.fullchain | 150 ++++++++++----------- test-ca/rsa-4096/client.key | 100 +++++++------- test-ca/rsa-4096/client.revoked.crl.pem | 32 ++--- test-ca/rsa-4096/end.cert | 50 +++---- test-ca/rsa-4096/end.chain | 102 +++++++-------- test-ca/rsa-4096/end.der | Bin 1365 -> 1365 bytes test-ca/rsa-4096/end.expired.crl.pem | 17 +++ test-ca/rsa-4096/end.fullchain | 152 +++++++++++----------- test-ca/rsa-4096/end.key | 100 +++++++------- test-ca/rsa-4096/end.revoked.crl.pem | 32 ++--- test-ca/rsa-4096/inter.cert | 52 ++++---- test-ca/rsa-4096/inter.der | Bin 1365 -> 1365 bytes test-ca/rsa-4096/inter.expired.crl.pem | 16 +++ test-ca/rsa-4096/inter.key | 100 +++++++------- test-ca/rsa-4096/inter.revoked.crl.pem | 30 ++--- 157 files changed, 2284 insertions(+), 1988 deletions(-) create mode 100644 test-ca/ecdsa-p256/client.expired.crl.pem create mode 100644 test-ca/ecdsa-p256/end.expired.crl.pem create mode 100644 test-ca/ecdsa-p256/inter.expired.crl.pem create mode 100644 test-ca/ecdsa-p384/client.expired.crl.pem create mode 100644 test-ca/ecdsa-p384/end.expired.crl.pem create mode 100644 test-ca/ecdsa-p384/inter.expired.crl.pem create mode 100644 test-ca/ecdsa-p521/client.expired.crl.pem create mode 100644 test-ca/ecdsa-p521/end.expired.crl.pem create mode 100644 test-ca/ecdsa-p521/inter.expired.crl.pem create mode 100644 test-ca/eddsa/client.expired.crl.pem create mode 100644 test-ca/eddsa/end.expired.crl.pem create mode 100644 test-ca/eddsa/inter.expired.crl.pem create mode 100644 test-ca/rsa-2048/client.expired.crl.pem create mode 100644 test-ca/rsa-2048/end.expired.crl.pem create mode 100644 test-ca/rsa-2048/inter.expired.crl.pem create mode 100644 test-ca/rsa-3072/client.expired.crl.pem create mode 100644 test-ca/rsa-3072/end.expired.crl.pem create mode 100644 test-ca/rsa-3072/inter.expired.crl.pem create mode 100644 test-ca/rsa-4096/client.expired.crl.pem create mode 100644 test-ca/rsa-4096/end.expired.crl.pem create mode 100644 test-ca/rsa-4096/inter.expired.crl.pem diff --git a/rustls/examples/internal/test_ca.rs b/rustls/examples/internal/test_ca.rs index 52e62b8d1a..1e581d599e 100644 --- a/rustls/examples/internal/test_ca.rs +++ b/rustls/examples/internal/test_ca.rs @@ -70,18 +70,26 @@ fn main() -> Result<(), Box> { .unwrap(), _ => panic!("unexpected role for CRL generation: {role:?}"), }; - let crl = crl_for_serial( + + let revoked_crl = crl_for_serial( cert.params() .serial_number .clone() .unwrap(), ) .signed_by(&issuer.cert, &issuer.key_pair)?; - let mut crl_file = File::create( + let mut revoked_crl_file = File::create( alg.output_directory() .join(format!("{}.revoked.crl.pem", role.label())), )?; - crl_file.write_all(crl.pem().unwrap().as_bytes())?; + revoked_crl_file.write_all(revoked_crl.pem().unwrap().as_bytes())?; + + let expired_crl = expired_crl().signed_by(&issuer.cert, &issuer.key_pair)?; + let mut expired_crl_file = File::create( + alg.output_directory() + .join(format!("{}.expired.crl.pem", role.label())), + )?; + expired_crl_file.write_all(expired_crl.pem().unwrap().as_bytes())?; } // When we're issuing end entity or client certs we have a bit of extra work to do @@ -125,7 +133,7 @@ fn crl_for_serial(serial_number: SerialNumber) -> CertificateRevocationListParam let now = OffsetDateTime::now_utc(); CertificateRevocationListParams { this_update: now, - next_update: now + Duration::from_secs(60 * 60 * 24 * 5), + next_update: now + Duration::from_secs(60 * 60 * 24 * 365 * 100), // 100 years crl_number: SerialNumber::from(1234), issuing_distribution_point: None, revoked_certs: vec![RevokedCertParams { @@ -138,6 +146,18 @@ fn crl_for_serial(serial_number: SerialNumber) -> CertificateRevocationListParam } } +fn expired_crl() -> CertificateRevocationListParams { + let now = OffsetDateTime::now_utc(); + CertificateRevocationListParams { + this_update: now - Duration::from_secs(60), + next_update: now, + crl_number: SerialNumber::from(1234), + issuing_distribution_point: None, + revoked_certs: vec![], + key_identifier_method: KeyIdMethod::Sha256, + } +} + // Note: these are ordered such that the data dependencies for issuance are satisfied. const ROLES: [Role; 4] = [ Role::TrustAnchor, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 4f9016d0ab..f520917779 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1373,6 +1373,51 @@ fn client_check_server_certificate_intermediate_revoked() { } } +#[test] +fn client_check_server_certificate_ee_crl_expired() { + for kt in ALL_KEY_TYPES { + let server_config = Arc::new(make_server_config(*kt)); + + // Setup a server verifier that will check the EE certificate's revocation status, with CRL expiration enforced. + let crls = vec![kt.end_entity_crl_expired()]; + let enforce_expiration_builder = webpki_server_verifier_builder(get_client_root_store(*kt)) + .with_crls(crls) + .only_check_end_entity_revocation() + .enforce_revocation_expiration(); + + // Also setup a server verifier without CRL expiration enforced. + let crls = vec![kt.end_entity_crl_expired()]; + let ignore_expiration_builder = webpki_server_verifier_builder(get_client_root_store(*kt)) + .with_crls(crls) + .only_check_end_entity_revocation(); + + for version in rustls::ALL_VERSIONS { + let client_config = make_client_config_with_verifier(&[version], enforce_expiration_builder.clone()); + let mut client = + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); + let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); + + // We expect the handshake to fail since the CRL is expired. + let err = do_handshake_until_error(&mut client, &mut server); + assert_eq!( + err, + Err(ErrorFromPeer::Client(Error::InvalidCertificate( + CertificateError::ExpiredRevocationList + ))) + ); + + let client_config = make_client_config_with_verifier(&[version], ignore_expiration_builder.clone()); + let mut client = + ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); + let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); + + // We expect the handshake to succeed when CRL expiration is ignored. + let res = do_handshake_until_error(&mut client, &mut server); + assert!(res.is_ok()) + } + } +} + /// Simple smoke-test of the webpki verify_server_cert_signed_by_trust_anchor helper API. /// This public API is intended to be used by consumers implementing their own verifier and /// so isn't used by the other existing verifier tests. diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index d24e04655a..2db3e89590 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -56,6 +56,7 @@ embed_files! { (ECDSA_P256_END_CRL_PEM, "ecdsa-p256", "end.revoked.crl.pem"); (ECDSA_P256_CLIENT_CRL_PEM, "ecdsa-p256", "client.revoked.crl.pem"); (ECDSA_P256_INTERMEDIATE_CRL_PEM, "ecdsa-p256", "inter.revoked.crl.pem"); + (ECDSA_P256_EXPIRED_CRL_PEM, "ecdsa-p256", "end.expired.crl.pem"); (ECDSA_P256_END_CERT, "ecdsa-p256", "end.cert"); (ECDSA_P256_END_CHAIN, "ecdsa-p256", "end.chain"); (ECDSA_P256_END_FULLCHAIN, "ecdsa-p256", "end.fullchain"); @@ -73,6 +74,7 @@ embed_files! { (ECDSA_P384_END_CRL_PEM, "ecdsa-p384", "end.revoked.crl.pem"); (ECDSA_P384_CLIENT_CRL_PEM, "ecdsa-p384", "client.revoked.crl.pem"); (ECDSA_P384_INTERMEDIATE_CRL_PEM, "ecdsa-p384", "inter.revoked.crl.pem"); + (ECDSA_P384_EXPIRED_CRL_PEM, "ecdsa-p384", "end.expired.crl.pem"); (ECDSA_P384_END_CERT, "ecdsa-p384", "end.cert"); (ECDSA_P384_END_CHAIN, "ecdsa-p384", "end.chain"); (ECDSA_P384_END_FULLCHAIN, "ecdsa-p384", "end.fullchain"); @@ -90,6 +92,7 @@ embed_files! { (ECDSA_P521_END_CRL_PEM, "ecdsa-p521", "end.revoked.crl.pem"); (ECDSA_P521_CLIENT_CRL_PEM, "ecdsa-p521", "client.revoked.crl.pem"); (ECDSA_P521_INTERMEDIATE_CRL_PEM, "ecdsa-p521", "inter.revoked.crl.pem"); + (ECDSA_P521_EXPIRED_CRL_PEM, "ecdsa-p521", "end.expired.crl.pem"); (ECDSA_P521_END_CERT, "ecdsa-p521", "end.cert"); (ECDSA_P521_END_CHAIN, "ecdsa-p521", "end.chain"); (ECDSA_P521_END_FULLCHAIN, "ecdsa-p521", "end.fullchain"); @@ -107,6 +110,7 @@ embed_files! { (EDDSA_END_CRL_PEM, "eddsa", "end.revoked.crl.pem"); (EDDSA_CLIENT_CRL_PEM, "eddsa", "client.revoked.crl.pem"); (EDDSA_INTERMEDIATE_CRL_PEM, "eddsa", "inter.revoked.crl.pem"); + (EDDSA_EXPIRED_CRL_PEM, "eddsa", "end.expired.crl.pem"); (EDDSA_END_CERT, "eddsa", "end.cert"); (EDDSA_END_CHAIN, "eddsa", "end.chain"); (EDDSA_END_FULLCHAIN, "eddsa", "end.fullchain"); @@ -124,6 +128,7 @@ embed_files! { (RSA_2048_END_CRL_PEM, "rsa-2048", "end.revoked.crl.pem"); (RSA_2048_CLIENT_CRL_PEM, "rsa-2048", "client.revoked.crl.pem"); (RSA_2048_INTERMEDIATE_CRL_PEM, "rsa-2048", "inter.revoked.crl.pem"); + (RSA_2048_EXPIRED_CRL_PEM, "rsa-2048", "end.expired.crl.pem"); (RSA_2048_END_CERT, "rsa-2048", "end.cert"); (RSA_2048_END_CHAIN, "rsa-2048", "end.chain"); (RSA_2048_END_FULLCHAIN, "rsa-2048", "end.fullchain"); @@ -141,6 +146,7 @@ embed_files! { (RSA_3072_END_CRL_PEM, "rsa-3072", "end.revoked.crl.pem"); (RSA_3072_CLIENT_CRL_PEM, "rsa-3072", "client.revoked.crl.pem"); (RSA_3072_INTERMEDIATE_CRL_PEM, "rsa-3072", "inter.revoked.crl.pem"); + (RSA_3072_EXPIRED_CRL_PEM, "rsa-3072", "end.expired.crl.pem"); (RSA_3072_END_CERT, "rsa-3072", "end.cert"); (RSA_3072_END_CHAIN, "rsa-3072", "end.chain"); (RSA_3072_END_FULLCHAIN, "rsa-3072", "end.fullchain"); @@ -158,6 +164,7 @@ embed_files! { (RSA_4096_END_CRL_PEM, "rsa-4096", "end.revoked.crl.pem"); (RSA_4096_CLIENT_CRL_PEM, "rsa-4096", "client.revoked.crl.pem"); (RSA_4096_INTERMEDIATE_CRL_PEM, "rsa-4096", "inter.revoked.crl.pem"); + (RSA_4096_EXPIRED_CRL_PEM, "rsa-4096", "end.expired.crl.pem"); (RSA_4096_END_CERT, "rsa-4096", "end.cert"); (RSA_4096_END_CHAIN, "rsa-4096", "end.chain"); (RSA_4096_END_FULLCHAIN, "rsa-4096", "end.fullchain"); @@ -315,15 +322,19 @@ impl KeyType { } pub fn end_entity_crl(&self) -> CertificateRevocationListDer<'static> { - self.get_crl("end") + self.get_crl("end", "revoked") } pub fn client_crl(&self) -> CertificateRevocationListDer<'static> { - self.get_crl("client") + self.get_crl("client", "revoked") } pub fn intermediate_crl(&self) -> CertificateRevocationListDer<'static> { - self.get_crl("inter") + self.get_crl("inter", "revoked") + } + + pub fn end_entity_crl_expired(&self) -> CertificateRevocationListDer<'static> { + self.get_crl("end", "expired") } fn get_client_key(&self) -> PrivateKeyDer<'static> { @@ -337,9 +348,9 @@ impl KeyType { ) } - fn get_crl(&self, role: &str) -> CertificateRevocationListDer<'static> { + fn get_crl(&self, role: &str, r#type: &str) -> CertificateRevocationListDer<'static> { rustls_pemfile::crls(&mut io::BufReader::new( - self.bytes_for(&format!("{role}.revoked.crl.pem")), + self.bytes_for(&format!("{role}.{type}.crl.pem")), )) .map(|result| result.unwrap()) .next() // We only expect one CRL. diff --git a/test-ca/ecdsa-p256/ca.cert b/test-ca/ecdsa-p256/ca.cert index 0666d8f107..83a9c923fe 100644 --- a/test-ca/ecdsa-p256/ca.cert +++ b/test-ca/ecdsa-p256/ca.cert @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBtzCCAV2gAwIBAgIBBDAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +MIIBuDCCAV2gAwIBAgIBBDAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwMjU2IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMjU2IENBMFkwEwYHKoZIzj0C -AQYIKoZIzj0DAQcDQgAEt7wL3biRoR6fSefjp0t08cudi2zQUounGCxjHQY1brlh -IVUp2VfP/FhPKBX7VgHRHTJoukAAtg12Aks7cqalEKOBgzCBgDAfBgNVHSMEGDAW -gBRfW6pxJGPHn4+tADqUNDV6Uo8xyDAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYw -FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRfW6pxJGPHn4+tADqUNDV6 -Uo8xyDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFZel8Z3muq9 -cA5ZQfnoPyXbPv5yf0aT+VsXDk0mirdoAiEAjzViKYx3OOYAnlRSvlDabDbqXy2f -Vezw14zRbrDN9D4= +AQYIKoZIzj0DAQcDQgAEIWDRAiNc4PlgbWENf/rx9zK3his5SIVcxu3FYxFP373u +u0AkaihNKcMRilOMHp7nRDFaoEdhtG39l2yMnIWyFaOBgzCBgDAfBgNVHSMEGDAW +gBT5ZI4b2HIp/Qx0uhqxVahE4Ru2jzAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYw +FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBT5ZI4b2HIp/Qx0uhqxVahE +4Ru2jzAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCDF92qG5i+ +iUTLZHkmq2DIdl7btDjb2duW9elQ2fH0/AIhAMiAkN4NlC+vLl7UJQhw98CPOQ1T +oap++H3F6OeEVtgM -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p256/ca.der b/test-ca/ecdsa-p256/ca.der index 5b9804071ebc87d3e03575331e007bd7ceb3815d..f9bf0e35fe82c70d8576715de7c71c1135989a25 100644 GIT binary patch delta 269 zcmdnZyoZ^^powwEM3&k0iU}8)lw%(JOvp{-t^f7$yV3SGZA*{Vm}75`CJXxC-}`R2 zgG!c$ujXOFuHYWIdCy%8qZYU)Zpr;SJ*Q_*>n72~jm-v)4F>XT%%QT%ED{D{4I)2N z`lN3ZY5wIY*(J3xbcM@9>23W6d>{qF?w^-c1d3)N| vmjO3Fe)$7ba-w0vJ>Dt$>-FNUsB#p1KhST<8@zB;-H+O%FP^uA-QWQLs}yU~ delta 268 zcmdnPyqlTDpoww&M3&k0+xKwa-7#^Y+{q{Q0biu!&lmQpx9$EF)w@mp876S++PX@dMr1QCm07ld zMEn|I*g@pmfEzPWAQBx5q=d7{Q?ng49e<(|m(e9hqk*0%{#JXAm3XoZUXwH?m`F)9PqzR7 delta 193 zcmV;y06zcX1Ky8}NJbz}eHN$=JF$-r!HrY~TY&MW-T3 zb0Ik_mIAsIL_uTaJHfVwxI@0L-5&~T@LN_z+sN!~qk*0d+)kG>q~4PC*_%sqk)Mqfrc<21_M1CK#24$rW<>%Z3PTAt-cjPw&Ixkk|7UK+do1^#(E7dXUbBe~fBos%^pRQU diff --git a/test-ca/ecdsa-p256/end.expired.crl.pem b/test-ca/ecdsa-p256/end.expired.crl.pem new file mode 100644 index 0000000000..121d01c413 --- /dev/null +++ b/test-ca/ecdsa-p256/end.expired.crl.pem @@ -0,0 +1,7 @@ +-----BEGIN X509 CRL----- +MIHsMIGUAgEBMAoGCCqGSM49BAMCMDMxMTAvBgNVBAMMKHBvbnl0b3duIEVDRFNB +IHAyNTYgbGV2ZWwgMiBpbnRlcm1lZGlhdGUXDTI0MDUwNzE4NDYwM1oXDTI0MDUw +NzE4NDcwM1qgMDAuMB8GA1UdIwQYMBaAFCK1qP6zPz5Re4f9g160j5iYOWQZMAsG +A1UdFAQEAgIE0jAKBggqhkjOPQQDAgNHADBEAiAu/9HsQ69bLMRc+vikJI8LJWuk +4e+uWm3epFCj+XkM4AIgc3FE3fHlVVhcxGhbJteKByw2mVLQbOf3sNpY3nsjvis= +-----END X509 CRL----- diff --git a/test-ca/ecdsa-p256/end.fullchain b/test-ca/ecdsa-p256/end.fullchain index 953f3c97bc..4badeaaa7c 100644 --- a/test-ca/ecdsa-p256/end.fullchain +++ b/test-ca/ecdsa-p256/end.fullchain @@ -1,36 +1,36 @@ -----BEGIN CERTIFICATE----- -MIIBxjCCAW2gAwIBAgIBEjAKBggqhkjOPQQDAjAzMTEwLwYDVQQDDChwb255dG93 +MIIBxzCCAW2gAwIBAgIBEjAKBggqhkjOPQQDAjAzMTEwLwYDVQQDDChwb255dG93 biBFQ0RTQSBwMjU2IGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw MFoYDzQwOTYwMTAxMDAwMDAwWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTBZ -MBMGByqGSM49AgEGCCqGSM49AwEHA0IABNjZ6JNt+53aq8bcp33lKeJGPSZZRzHg -fuFuCBQyC1Yx0s8ff4MUQcnzrwqde++6eKiQkwy8oC4v60tsICflmY+jgYkwgYYw -HwYDVR0jBBgwFoAU0jOcpG97skCpDmP1BEpFfjcVnHIwUwYDVR0RBEwwSoIOdGVz +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABFsnpBv9XmtDYSxZWAvTb/Z2ivHMRHNQ +sCRcVzsFRYVv3Uq9B2Whz385O2EP47GS+mNYdxuGQimZHdVNW4W/HwmjgYkwgYYw +HwYDVR0jBBgwFoAUIrWo/rM/PlF7h/2DXrSPmJg5ZBkwUwYDVR0RBEwwSoIOdGVz dHNlcnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0hwTG M2QBhxAgAQ24AAAAAAAAAAAAAAABMA4GA1UdDwEB/wQEAwIGwDAKBggqhkjOPQQD -AgNHADBEAiAoZIrzdGAMX4UJ6Nq9pfKk8s95OmY6sPv2cMQX68JmRQIgCkMJNt5R -4tHOCXLj/2duxXss95/Q+r3sXrOJDn/96dk= +AgNIADBFAiEAtZoWeIHfkHuvUrG/GNF1ObJ4UQkSUptUmjAj+nKz5MMCIBlcUoAN +t8dW62VdZas/wBwJqgns7jbZDAj7LA1XO+h3 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIByDCCAW+gAwIBAgIBCzAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +MIIByTCCAW+gAwIBAgIBCzAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwMjU2IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMjU2IGxldmVsIDIgaW50ZXJt -ZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtj1/NrV2DF8pdu0nbz8e -GWJC9loBDlmVy0SCKcBezKOErTzNV6PvE3qPy2vNJgzkEKZYpgjEMYKvDImZlOE2 -OqOBgzCBgDAfBgNVHSMEGDAWgBRfW6pxJGPHn4+tADqUNDV6Uo8xyDAOBgNVHQ8B +ZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExI5YPrwz3uD1jx+Wy/ai +FF7V1NqqiF61WjUduN/JWrDxQ2K5VxgPzNNaEM7Ors07WbRQ2btWK60lY+aIHu2P +NKOBgzCBgDAfBgNVHSMEGDAWgBT5ZI4b2HIp/Qx0uhqxVahE4Ru2jzAOBgNVHQ8B Af8EBAMCAf4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW -BBTSM5ykb3uyQKkOY/UESkV+NxWccjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 -BAMCA0cAMEQCIBKOv7CRDiJ/zXyxL6hJwlxrBSoSSrZBeTyVND5jqAvSAiBu3OSo -KaMUQcDSi8/dXkxIC/Wpp8D0IUV2AyEC+7kBZA== +BBQitaj+sz8+UXuH/YNetI+YmDlkGTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 +BAMCA0gAMEUCIQCdGYi9ebaxVvmw8H/r9ZZVAcqmgqCpZF/OZ9bIGLzOjgIgWJyM +yHVgM+P8aoFgFMbZV//U5j+sGfeocX5NWDtDTDk= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtzCCAV2gAwIBAgIBBDAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +MIIBuDCCAV2gAwIBAgIBBDAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwMjU2IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMjU2IENBMFkwEwYHKoZIzj0C -AQYIKoZIzj0DAQcDQgAEt7wL3biRoR6fSefjp0t08cudi2zQUounGCxjHQY1brlh -IVUp2VfP/FhPKBX7VgHRHTJoukAAtg12Aks7cqalEKOBgzCBgDAfBgNVHSMEGDAW -gBRfW6pxJGPHn4+tADqUNDV6Uo8xyDAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYw -FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRfW6pxJGPHn4+tADqUNDV6 -Uo8xyDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFZel8Z3muq9 -cA5ZQfnoPyXbPv5yf0aT+VsXDk0mirdoAiEAjzViKYx3OOYAnlRSvlDabDbqXy2f -Vezw14zRbrDN9D4= +AQYIKoZIzj0DAQcDQgAEIWDRAiNc4PlgbWENf/rx9zK3his5SIVcxu3FYxFP373u +u0AkaihNKcMRilOMHp7nRDFaoEdhtG39l2yMnIWyFaOBgzCBgDAfBgNVHSMEGDAW +gBT5ZI4b2HIp/Qx0uhqxVahE4Ru2jzAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYw +FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBT5ZI4b2HIp/Qx0uhqxVahE +4Ru2jzAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCDF92qG5i+ +iUTLZHkmq2DIdl7btDjb2duW9elQ2fH0/AIhAMiAkN4NlC+vLl7UJQhw98CPOQ1T +oap++H3F6OeEVtgM -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p256/end.key b/test-ca/ecdsa-p256/end.key index af856102d3..24656acfe1 100644 --- a/test-ca/ecdsa-p256/end.key +++ b/test-ca/ecdsa-p256/end.key @@ -1,5 +1,5 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgMyvFQ1aDiQcxbZAT -EtOOXL91NxQ9mwzZojvaJF276kihRANCAATY2eiTbfud2qvG3Kd95SniRj0mWUcx -4H7hbggUMgtWMdLPH3+DFEHJ868KnXvvuniokJMMvKAuL+tLbCAn5ZmP +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgwYJ1vKja0MXukoM7 +qPcvC10rsV0ZYi+T4reIV5/s8FmhRANCAARbJ6Qb/V5rQ2EsWVgL02/2dorxzERz +ULAkXFc7BUWFb91KvQdloc9/OTthD+OxkvpjWHcbhkIpmR3VTVuFvx8J -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p256/end.revoked.crl.pem b/test-ca/ecdsa-p256/end.revoked.crl.pem index 1a60254bf0..4073a209ff 100644 --- a/test-ca/ecdsa-p256/end.revoked.crl.pem +++ b/test-ca/ecdsa-p256/end.revoked.crl.pem @@ -1,8 +1,8 @@ -----BEGIN X509 CRL----- -MIIBEDCBuAIBATAKBggqhkjOPQQDAjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT -QSBwMjU2IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA0MDcxODI0NDNaFw0yNDA0 -MTIxODI0NDNaMCIwIAIBEhcNMjQwNDA3MTgyNDQzWjAMMAoGA1UdFQQDCgEBoDAw -LjAfBgNVHSMEGDAWgBTSM5ykb3uyQKkOY/UESkV+NxWccjALBgNVHRQEBAICBNIw -CgYIKoZIzj0EAwIDRwAwRAIgLzFsA0BlfGvAE3kMALKnkRbS5GGOLcv15NqgaduC -OKoCIC84wFUt7nxLViQ7mrF8AXGOOZxu9b93tH+gt8a75W9a +MIIBEzCBugIBATAKBggqhkjOPQQDAjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwMjU2IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA1MDcxODQ3MDNaGA8yMTI0 +MDQxMzE4NDcwM1owIjAgAgESFw0yNDA1MDcxODQ3MDNaMAwwCgYDVR0VBAMKAQGg +MDAuMB8GA1UdIwQYMBaAFCK1qP6zPz5Re4f9g160j5iYOWQZMAsGA1UdFAQEAgIE +0jAKBggqhkjOPQQDAgNIADBFAiANTUC4OmRQhQOKVrRKknob1XyTc0kTaIMRwrG2 +pStozQIhAPONILKKzw4uHAN9oPq+GgT/cuSI7V3EB1js0VLgN2L2 -----END X509 CRL----- diff --git a/test-ca/ecdsa-p256/inter.cert b/test-ca/ecdsa-p256/inter.cert index b726808c21..19d8d4541d 100644 --- a/test-ca/ecdsa-p256/inter.cert +++ b/test-ca/ecdsa-p256/inter.cert @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIByDCCAW+gAwIBAgIBCzAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 +MIIByTCCAW+gAwIBAgIBCzAKBggqhkjOPQQDAjAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwMjU2IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMjU2IGxldmVsIDIgaW50ZXJt -ZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtj1/NrV2DF8pdu0nbz8e -GWJC9loBDlmVy0SCKcBezKOErTzNV6PvE3qPy2vNJgzkEKZYpgjEMYKvDImZlOE2 -OqOBgzCBgDAfBgNVHSMEGDAWgBRfW6pxJGPHn4+tADqUNDV6Uo8xyDAOBgNVHQ8B +ZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExI5YPrwz3uD1jx+Wy/ai +FF7V1NqqiF61WjUduN/JWrDxQ2K5VxgPzNNaEM7Ors07WbRQ2btWK60lY+aIHu2P +NKOBgzCBgDAfBgNVHSMEGDAWgBT5ZI4b2HIp/Qx0uhqxVahE4Ru2jzAOBgNVHQ8B Af8EBAMCAf4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW -BBTSM5ykb3uyQKkOY/UESkV+NxWccjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 -BAMCA0cAMEQCIBKOv7CRDiJ/zXyxL6hJwlxrBSoSSrZBeTyVND5jqAvSAiBu3OSo -KaMUQcDSi8/dXkxIC/Wpp8D0IUV2AyEC+7kBZA== +BBQitaj+sz8+UXuH/YNetI+YmDlkGTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 +BAMCA0gAMEUCIQCdGYi9ebaxVvmw8H/r9ZZVAcqmgqCpZF/OZ9bIGLzOjgIgWJyM +yHVgM+P8aoFgFMbZV//U5j+sGfeocX5NWDtDTDk= -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p256/inter.der b/test-ca/ecdsa-p256/inter.der index 0533cdb5953267edae38a8d970b614c069b3a141..ef3bb6fe760034f130cc3919b9717568fce50792 100644 GIT binary patch delta 204 zcmV;-05kv01I+^jFoFTekp!(k#Ew`#yffb5^^YHx%l4uaUe(mvs)$~-S~VTG-^p6A z@k3&{R~Qe>(^?SD&aTZnS+r2uyH+c$C1d7@9_^1bk?|80`DBh8*m5cT40O60u~n!< z;TyJ(lNbRy6e6{#{3W delta 203 zcmV;+05t#21Iz;iFoFTdkp!(kwmp9~wRQ|&DR%8AZ$BOxVnX&>0S;M}%S3`Hz+TLw zgsnWySEKI}dXLL%%_a=w5T;nB2*fdhuMCNql;Jiyk?|80Ut6kiBxA>)kF5YYlr%MZ zQjamnlNbRy6w))Cq;Gq&K&cL6^#n>qem51Ia+78O9!N(3Fhl|%5{|#Hkq#n%&3v&h zs7b84W6R)dRcncXNA?TA4&*&I4`+7W&WMZk8_x$-*0$- zbb>{g$Yc2%HHn(C?9oqK$}1*ZJDa*%z18=rJ^MypdBwkKYc~e^w6Un2mv5GOwRFz6 z^I4zEzy1BYxUt!wvB5x|jX6|SnMJ}ttU*NQ>9m4PmaMN{`sUkn%yB<*<+Dy}+GJ%$ zD-;>HL?NSU(uOS`jvV*?WbdT9V5RNdPkIZo#T+y>E8G6ed^+h?3CC@9ezD9mbw77? ziFY~X3H|uYWDv2-ZT|nGet}PP76}-cPRS~GU3Tyy`$j|0u*SWYKJ1&P|7_#eGaIxw NXP(?I`!6l15&#MMgQ@@k delta 271 zcmeyt{DXPIoO&LIU0TZZb8j#SEam#u<#keAcj~rZ?rWQj79YK>|3dOxs?y@%lRsy? zx?)nbq^ho$i&{59?%gUR>W^2P0daA+?7E|qXnlMrEx$2 delta 248 zcmVI6vIVFN^@t8BXxwg#dXyaN&RFpWNguBh7r8`iwq4^>Qo|f^gLU diff --git a/test-ca/ecdsa-p384/client.expired.crl.pem b/test-ca/ecdsa-p384/client.expired.crl.pem new file mode 100644 index 0000000000..2916e24898 --- /dev/null +++ b/test-ca/ecdsa-p384/client.expired.crl.pem @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIIBDDCBlAIBATAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA1MDcxODQ2MDVaFw0yNDA1 +MDcxODQ3MDVaoDAwLjAfBgNVHSMEGDAWgBQlvhd76g1kaix6oOZBe75XmTMg3zAL +BgNVHRQEBAICBNIwCgYIKoZIzj0EAwMDZwAwZAIwAcbncL/YVLW5ikHJ7mstiKCm +j69XKaFtWpy9cb8CxI7UqsLhcGDskREH0o62n8ArAjBVW+ZgbRq6N18OvyApIC62 +L9dZtzFv2e3bg8zrdpFHFISX22bIjEic7bszgwWKQ/I= +-----END X509 CRL----- diff --git a/test-ca/ecdsa-p384/client.fullchain b/test-ca/ecdsa-p384/client.fullchain index 38d8eaf762..795ee4ec27 100644 --- a/test-ca/ecdsa-p384/client.fullchain +++ b/test-ca/ecdsa-p384/client.fullchain @@ -2,39 +2,39 @@ MIICGjCCAaCgAwIBAgIBGjAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93 biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw MFoYDzQwOTYwMTAxMDAwMDAwWjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQw -djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQ9QppVZhgucWNMMESGn3Tj0aSbLV1Ztfmv -o4aIytluAO0CRa6bwWC1D8YbnjLgYRAMeQZFxdsnq9wEaJx2W9irzeIaYDbHspST -mwuG5Dgx852be5edRj17aVN9M6k5duGjgZ4wgZswHwYDVR0jBBgwFoAUexEISQwb -vPjrWXcNjge5T3QM+zQwUwYDVR0RBEwwSoIOdGVzdHNlcnZlci5jb22CFXNlY29u +djAQBgcqhkjOPQIBBgUrgQQAIgNiAAREDUiBH3/iXUUUsUAonD++a0y+h5W/OuPg +3P7YNYihPBkuumpZkc17KbELrd6HI+MwqnQ6nZmwdOjBvXJBmNyciIc60rMbDfDT +E+8Lr+5b+QBtC+BqPapnjdGoUH5V0tKjgZ4wgZswHwYDVR0jBBgwFoAUJb4Xe+oN +ZGoseqDmQXu+V5kzIN8wUwYDVR0RBEwwSoIOdGVzdHNlcnZlci5jb22CFXNlY29u ZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0hwTGM2QBhxAgAQ24AAAAAAAAAAAA AAABMA4GA1UdDwEB/wQEAwIGwDATBgNVHSUEDDAKBggrBgEFBQcDAjAKBggqhkjO -PQQDAwNoADBlAjA8ipZip6hGTTklgm3xmDO4ubbM6WjjWkZUlDighLvNo6U7ULOh -+IydkM+WoQiaFa8CMQC00UZfPAiHqyTgno+hlUjDDFMJXaEKWjeshh7hz0Ju2zDP -X3bQZUj3Bf14od31ciw= +PQQDAwNoADBlAjEAwW/UukT4JNgf0iSVKfqmIWTstgTY59xKg++KEiSAaWaMlLoV +CHgr+BYj8eiAHlV6AjBEQuprEgGUkddWcswMpq0WN92FJPVmkFRaMTA8ZGfQhoBf +wSMb4/1XmkQWfHujBac= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICBjCCAYygAwIBAgIBDDAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJt -ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkFxZ96EGr/pFtojEWPXSTqfE -tD4VAwDKrmvL2H9zLt5ze2E0fohwpJWQ29EtgFbKwndwIHXh6Rh9H5yhKGTfgEQp -p6wlVb7BNaE7C1mCNwlY2Qbolmvz3AF8U2mVokuEo4GDMIGAMB8GA1UdIwQYMBaA -FEwlemtPJLok55o6Szy1gNQz72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU -BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFHsRCEkMG7z461l3DY4HuU90 -DPs0MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAJX7SRwwOwlD -yQdga5IK5GbPuQQLAeQiWuQROtjikqpDfrsqbO8+cMCYXSUYRPmYjQIwIqzzADyz -+51kgssYK3Sq1hJ4glZ3vTjyxv1ihafzMCkgjmSqxAwnlfQolPRKVdHl +ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEExV//BidqMHrVOWg8GeZx2gq +gHcwmAM/tPl9s1Gw+padbkXX9DjRbF3Y8hUJiPJi92PIpOo1IUAW7gD8wHkeH9iH +Ji6Fk+L80w8DFDTqrl/4yv7aRoEmoaK7PUARYiOKo4GDMIGAMB8GA1UdIwQYMBaA +FCzllnCyOQXq6U1vP5xHxNTzLIVmMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFCW+F3vqDWRqLHqg5kF7vleZ +MyDfMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIwF5uIXatjJBcA +5NEopCON3RstLrpB3zh+shUaJ/QGYdq8wazJw8M0vnvGcXdfGdXvAjEAo9qO3Stb +NJf4qz7sBsZqgpB9Bcr7Dwm6IK9SHteo/p6xlttkhrkpGjExcPVV9Atg -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIB9DCCAXqgAwIBAgIBBTAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMzg0IENBMHYwEAYHKoZIzj0C -AQYFK4EEACIDYgAEDEC6KiN/ndgCEKUK+opKyRctlbb6R62CMqPF2y/oGfZlIqNT -yfmY6tQ0eqR6fo0KAxinwU6mbfydyu0+pIGW0lqf3NhQENMErSRrdCUDNxh47Xef -StgVMDD+dMI1PwFjo4GDMIGAMB8GA1UdIwQYMBaAFEwlemtPJLok55o6Szy1gNQz -72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH -AwIwHQYDVR0OBBYEFEwlemtPJLok55o6Szy1gNQz72dpMA8GA1UdEwEB/wQFMAMB -Af8wCgYIKoZIzj0EAwMDaAAwZQIxALb7BmuYs0vF5QUupqaNhTIUgxNNa39N+1GR -E1QCnUUd6tXj/UawVBBrei3CbUxC2wIwRW5RrYosKIIZtnxkQsPrapY3mxIitRqC -lpd7Vf2wBvi1Kf3LtWLSG6NMIB8TO7Rs +AQYFK4EEACIDYgAEDxF0LvIlR+683VOUKuumZ4rzIKvr4RgTSEOk3ZSf3NPjbAIb +77DvxZA4VhTjH9h8YSkdB1vlhHd4kNbNZasnhU3lPwexDR8h/SatsVFMhgQmzx+D +GuqlnPbPavN39v39o4GDMIGAMB8GA1UdIwQYMBaAFCzllnCyOQXq6U1vP5xHxNTz +LIVmMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH +AwIwHQYDVR0OBBYEFCzllnCyOQXq6U1vP5xHxNTzLIVmMA8GA1UdEwEB/wQFMAMB +Af8wCgYIKoZIzj0EAwMDaAAwZQIxALC08MTHS/I/QiWgqT3d8i6gaxZAKSl5hvyZ +5ZLadAjbJw8Wacx++bqKF4pBbhL48wIwWLpGn//FTlHkLKIQMjWUanDrdsHRB7Ex +SVaBvdLwvp4v5rH1zLArs2nJvx3+ZlJ5 -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/client.key b/test-ca/ecdsa-p384/client.key index 1b3f55ab98..514f01040e 100644 --- a/test-ca/ecdsa-p384/client.key +++ b/test-ca/ecdsa-p384/client.key @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCYZD0DjyELBNt5PwmN -hDQv7KOsU78qfbHbIsXz4+3SnUvlI1av+YvEjkbdZzKWNR6hZANiAAQ9QppVZhgu -cWNMMESGn3Tj0aSbLV1Ztfmvo4aIytluAO0CRa6bwWC1D8YbnjLgYRAMeQZFxdsn -q9wEaJx2W9irzeIaYDbHspSTmwuG5Dgx852be5edRj17aVN9M6k5duE= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDQjSDsyNDdNBDuh3fQ +Z8O9qzkFqCJeJgLnwqhXdPW4oClQFTcCJWd4caeWuxKWB5yhZANiAAREDUiBH3/i +XUUUsUAonD++a0y+h5W/OuPg3P7YNYihPBkuumpZkc17KbELrd6HI+MwqnQ6nZmw +dOjBvXJBmNyciIc60rMbDfDTE+8Lr+5b+QBtC+BqPapnjdGoUH5V0tI= -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p384/client.revoked.crl.pem b/test-ca/ecdsa-p384/client.revoked.crl.pem index f35d696087..befe541040 100644 --- a/test-ca/ecdsa-p384/client.revoked.crl.pem +++ b/test-ca/ecdsa-p384/client.revoked.crl.pem @@ -1,9 +1,9 @@ -----BEGIN X509 CRL----- -MIIBMjCBuAIBATAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT -QSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA0MDcxODI0NDVaFw0yNDA0 -MTIxODI0NDVaMCIwIAIBGhcNMjQwNDA3MTgyNDQ1WjAMMAoGA1UdFQQDCgEBoDAw -LjAfBgNVHSMEGDAWgBR7EQhJDBu8+OtZdw2OB7lPdAz7NDALBgNVHRQEBAICBNIw -CgYIKoZIzj0EAwMDaQAwZgIxANuvhmWZq6b8AQI7b7tWt+7k/Aa9A7/sZoKhcpvw -qKTbXHyN4Yrn8S41iZV47P+KLgIxANUAGNvYA5L6JLR5hg+m0OLY+lzkAv6KJj0/ -S5oHO5FANV8PFQLF18gWX2gwtBOcyA== +MIIBMzCBugIBATAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA1MDcxODQ3MDVaGA8yMTI0 +MDQxMzE4NDcwNVowIjAgAgEaFw0yNDA1MDcxODQ3MDVaMAwwCgYDVR0VBAMKAQGg +MDAuMB8GA1UdIwQYMBaAFCW+F3vqDWRqLHqg5kF7vleZMyDfMAsGA1UdFAQEAgIE +0jAKBggqhkjOPQQDAwNoADBlAjBUmlLs5Z1FajG/07BmU4Afey6KjKyXFqj+EFzl +Uck5pETmloFLp2BM8hQAiWpMmiwCMQDhLaVm4U6s6Y9+VjJ1KHVwBIQXofJa3Cs3 +0JQiJ9ycaHDOlrKHmj1d1t2MP98Sajc= -----END X509 CRL----- diff --git a/test-ca/ecdsa-p384/end.cert b/test-ca/ecdsa-p384/end.cert index 07129ffe6c..3eac147413 100644 --- a/test-ca/ecdsa-p384/end.cert +++ b/test-ca/ecdsa-p384/end.cert @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- -MIICBTCCAYqgAwIBAgIBEzAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93 +MIICBDCCAYqgAwIBAgIBEzAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93 biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw MFoYDzQwOTYwMTAxMDAwMDAwWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABO+9bzwsp+UMJE9q1hZHotYJ6HYIT0wz3nML -54iNzsZlA9f1yIqf2aL+BMfSD2pCHfVgWTEZFp7WEvIhrDu+WcUXHoRQ31p9lw6X -MzJWXihbN0OU5nBOPPcyImL5TIhIWKOBiTCBhjAfBgNVHSMEGDAWgBR7EQhJDBu8 -+OtZdw2OB7lPdAz7NDBTBgNVHREETDBKgg50ZXN0c2VydmVyLmNvbYIVc2Vjb25k +MBAGByqGSM49AgEGBSuBBAAiA2IABJJJjsI/z2Mo45lYWM8hhGNljCw0KQpkphMt +4TCYCFkWeu++789rQzQ64Dum2lplf0oqEUBTu09MH/hif4z8sTgcH8Tgs5haN6PW +olbuA61sqrDRPC5Z9M4duuRzrG9lG6OBiTCBhjAfBgNVHSMEGDAWgBQlvhd76g1k +aix6oOZBe75XmTMg3zBTBgNVHREETDBKgg50ZXN0c2VydmVyLmNvbYIVc2Vjb25k LnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3SHBMYzZAGHECABDbgAAAAAAAAAAAAA -AAEwDgYDVR0PAQH/BAQDAgbAMAoGCCqGSM49BAMDA2kAMGYCMQDkM+CEeHnsf4Ww -YNDUjNlodcpJDxEk4PTsIECvu2EdQjLXHt0vrogZeAVvHhUMixcCMQDB/pZCcjsW -ly7qVSS2f9PJE/LY7dLv9Gg2gLQyhAj3hG1zVC8psFK/KRKME6ypVZ0= +AAEwDgYDVR0PAQH/BAQDAgbAMAoGCCqGSM49BAMDA2gAMGUCMQCmbOi3LTgU7pI9 +haeqkDjVspPul5XekGCMQ6fhLhg8ROAig1zzaCWu68ggP8RbxakCMGfCjLrKnURX +PYDTOev0KCSPIFkvdDzWRGLfC2AILC1zgx8Y2UR5AJkMWO1+ILtYvg== -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/end.chain b/test-ca/ecdsa-p384/end.chain index cdf7ef04f3..5d968e55f4 100644 --- a/test-ca/ecdsa-p384/end.chain +++ b/test-ca/ecdsa-p384/end.chain @@ -2,25 +2,25 @@ MIICBjCCAYygAwIBAgIBDDAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJt -ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkFxZ96EGr/pFtojEWPXSTqfE -tD4VAwDKrmvL2H9zLt5ze2E0fohwpJWQ29EtgFbKwndwIHXh6Rh9H5yhKGTfgEQp -p6wlVb7BNaE7C1mCNwlY2Qbolmvz3AF8U2mVokuEo4GDMIGAMB8GA1UdIwQYMBaA -FEwlemtPJLok55o6Szy1gNQz72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU -BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFHsRCEkMG7z461l3DY4HuU90 -DPs0MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAJX7SRwwOwlD -yQdga5IK5GbPuQQLAeQiWuQROtjikqpDfrsqbO8+cMCYXSUYRPmYjQIwIqzzADyz -+51kgssYK3Sq1hJ4glZ3vTjyxv1ihafzMCkgjmSqxAwnlfQolPRKVdHl +ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEExV//BidqMHrVOWg8GeZx2gq +gHcwmAM/tPl9s1Gw+padbkXX9DjRbF3Y8hUJiPJi92PIpOo1IUAW7gD8wHkeH9iH +Ji6Fk+L80w8DFDTqrl/4yv7aRoEmoaK7PUARYiOKo4GDMIGAMB8GA1UdIwQYMBaA +FCzllnCyOQXq6U1vP5xHxNTzLIVmMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFCW+F3vqDWRqLHqg5kF7vleZ +MyDfMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIwF5uIXatjJBcA +5NEopCON3RstLrpB3zh+shUaJ/QGYdq8wazJw8M0vnvGcXdfGdXvAjEAo9qO3Stb +NJf4qz7sBsZqgpB9Bcr7Dwm6IK9SHteo/p6xlttkhrkpGjExcPVV9Atg -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIB9DCCAXqgAwIBAgIBBTAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMzg0IENBMHYwEAYHKoZIzj0C -AQYFK4EEACIDYgAEDEC6KiN/ndgCEKUK+opKyRctlbb6R62CMqPF2y/oGfZlIqNT -yfmY6tQ0eqR6fo0KAxinwU6mbfydyu0+pIGW0lqf3NhQENMErSRrdCUDNxh47Xef -StgVMDD+dMI1PwFjo4GDMIGAMB8GA1UdIwQYMBaAFEwlemtPJLok55o6Szy1gNQz -72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH -AwIwHQYDVR0OBBYEFEwlemtPJLok55o6Szy1gNQz72dpMA8GA1UdEwEB/wQFMAMB -Af8wCgYIKoZIzj0EAwMDaAAwZQIxALb7BmuYs0vF5QUupqaNhTIUgxNNa39N+1GR -E1QCnUUd6tXj/UawVBBrei3CbUxC2wIwRW5RrYosKIIZtnxkQsPrapY3mxIitRqC -lpd7Vf2wBvi1Kf3LtWLSG6NMIB8TO7Rs +AQYFK4EEACIDYgAEDxF0LvIlR+683VOUKuumZ4rzIKvr4RgTSEOk3ZSf3NPjbAIb +77DvxZA4VhTjH9h8YSkdB1vlhHd4kNbNZasnhU3lPwexDR8h/SatsVFMhgQmzx+D +GuqlnPbPavN39v39o4GDMIGAMB8GA1UdIwQYMBaAFCzllnCyOQXq6U1vP5xHxNTz +LIVmMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH +AwIwHQYDVR0OBBYEFCzllnCyOQXq6U1vP5xHxNTzLIVmMA8GA1UdEwEB/wQFMAMB +Af8wCgYIKoZIzj0EAwMDaAAwZQIxALC08MTHS/I/QiWgqT3d8i6gaxZAKSl5hvyZ +5ZLadAjbJw8Wacx++bqKF4pBbhL48wIwWLpGn//FTlHkLKIQMjWUanDrdsHRB7Ex +SVaBvdLwvp4v5rH1zLArs2nJvx3+ZlJ5 -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/end.der b/test-ca/ecdsa-p384/end.der index a3cc82a6626e29b8607a216bf10abde68543ac68..2e78ecbc88e1abe1e2e8c5881f52712395b685cc 100644 GIT binary patch delta 259 zcmV+e0sQ`n1c(F#FoFUEkp!ZDl1YxjKhI+*EU?gOoCs<6>K zE?M->9lGRmtZ!u-qk)Mqfrc<21_M&PHK#9PIw0x)O7jJnF5L{~k4(>d$(C?t;{Sub=v) za85k;G9qI6Oo&KWqk)Mqfrc<21_M>xm|yI~zdGS?p6FRq9g zcm;1B6%30P0x=I~JEN>QyARf78hm^4RUt@APOkfV47%2=|0-b5t)Wuu{J% K5{wh9sa2f?2W_7K diff --git a/test-ca/ecdsa-p384/end.expired.crl.pem b/test-ca/ecdsa-p384/end.expired.crl.pem new file mode 100644 index 0000000000..01666a20db --- /dev/null +++ b/test-ca/ecdsa-p384/end.expired.crl.pem @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIIBDjCBlAIBATAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA1MDcxODQ2MDNaFw0yNDA1 +MDcxODQ3MDNaoDAwLjAfBgNVHSMEGDAWgBQlvhd76g1kaix6oOZBe75XmTMg3zAL +BgNVHRQEBAICBNIwCgYIKoZIzj0EAwMDaQAwZgIxAK6cfYziPXvw0BS9qCbYfJn+ +LTPwPMLl9NLeKiDReCv62l2WH1lrbhp3zvBOPpgLSAIxAPrnnEidafjOwp8RH896 +NReGL1vT/nmgOqKJpCtX/uqVbxVHtRUuTnH28kk7djdI6w== +-----END X509 CRL----- diff --git a/test-ca/ecdsa-p384/end.fullchain b/test-ca/ecdsa-p384/end.fullchain index da3c58980f..2ee6c4bc60 100644 --- a/test-ca/ecdsa-p384/end.fullchain +++ b/test-ca/ecdsa-p384/end.fullchain @@ -1,39 +1,39 @@ -----BEGIN CERTIFICATE----- -MIICBTCCAYqgAwIBAgIBEzAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93 +MIICBDCCAYqgAwIBAgIBEzAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93 biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw MFoYDzQwOTYwMTAxMDAwMDAwWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABO+9bzwsp+UMJE9q1hZHotYJ6HYIT0wz3nML -54iNzsZlA9f1yIqf2aL+BMfSD2pCHfVgWTEZFp7WEvIhrDu+WcUXHoRQ31p9lw6X -MzJWXihbN0OU5nBOPPcyImL5TIhIWKOBiTCBhjAfBgNVHSMEGDAWgBR7EQhJDBu8 -+OtZdw2OB7lPdAz7NDBTBgNVHREETDBKgg50ZXN0c2VydmVyLmNvbYIVc2Vjb25k +MBAGByqGSM49AgEGBSuBBAAiA2IABJJJjsI/z2Mo45lYWM8hhGNljCw0KQpkphMt +4TCYCFkWeu++789rQzQ64Dum2lplf0oqEUBTu09MH/hif4z8sTgcH8Tgs5haN6PW +olbuA61sqrDRPC5Z9M4duuRzrG9lG6OBiTCBhjAfBgNVHSMEGDAWgBQlvhd76g1k +aix6oOZBe75XmTMg3zBTBgNVHREETDBKgg50ZXN0c2VydmVyLmNvbYIVc2Vjb25k LnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3SHBMYzZAGHECABDbgAAAAAAAAAAAAA -AAEwDgYDVR0PAQH/BAQDAgbAMAoGCCqGSM49BAMDA2kAMGYCMQDkM+CEeHnsf4Ww -YNDUjNlodcpJDxEk4PTsIECvu2EdQjLXHt0vrogZeAVvHhUMixcCMQDB/pZCcjsW -ly7qVSS2f9PJE/LY7dLv9Gg2gLQyhAj3hG1zVC8psFK/KRKME6ypVZ0= +AAEwDgYDVR0PAQH/BAQDAgbAMAoGCCqGSM49BAMDA2gAMGUCMQCmbOi3LTgU7pI9 +haeqkDjVspPul5XekGCMQ6fhLhg8ROAig1zzaCWu68ggP8RbxakCMGfCjLrKnURX +PYDTOev0KCSPIFkvdDzWRGLfC2AILC1zgx8Y2UR5AJkMWO1+ILtYvg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICBjCCAYygAwIBAgIBDDAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJt -ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkFxZ96EGr/pFtojEWPXSTqfE -tD4VAwDKrmvL2H9zLt5ze2E0fohwpJWQ29EtgFbKwndwIHXh6Rh9H5yhKGTfgEQp -p6wlVb7BNaE7C1mCNwlY2Qbolmvz3AF8U2mVokuEo4GDMIGAMB8GA1UdIwQYMBaA -FEwlemtPJLok55o6Szy1gNQz72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU -BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFHsRCEkMG7z461l3DY4HuU90 -DPs0MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAJX7SRwwOwlD -yQdga5IK5GbPuQQLAeQiWuQROtjikqpDfrsqbO8+cMCYXSUYRPmYjQIwIqzzADyz -+51kgssYK3Sq1hJ4glZ3vTjyxv1ihafzMCkgjmSqxAwnlfQolPRKVdHl +ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEExV//BidqMHrVOWg8GeZx2gq +gHcwmAM/tPl9s1Gw+padbkXX9DjRbF3Y8hUJiPJi92PIpOo1IUAW7gD8wHkeH9iH +Ji6Fk+L80w8DFDTqrl/4yv7aRoEmoaK7PUARYiOKo4GDMIGAMB8GA1UdIwQYMBaA +FCzllnCyOQXq6U1vP5xHxNTzLIVmMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFCW+F3vqDWRqLHqg5kF7vleZ +MyDfMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIwF5uIXatjJBcA +5NEopCON3RstLrpB3zh+shUaJ/QGYdq8wazJw8M0vnvGcXdfGdXvAjEAo9qO3Stb +NJf4qz7sBsZqgpB9Bcr7Dwm6IK9SHteo/p6xlttkhrkpGjExcPVV9Atg -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIB9DCCAXqgAwIBAgIBBTAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwMzg0IENBMHYwEAYHKoZIzj0C -AQYFK4EEACIDYgAEDEC6KiN/ndgCEKUK+opKyRctlbb6R62CMqPF2y/oGfZlIqNT -yfmY6tQ0eqR6fo0KAxinwU6mbfydyu0+pIGW0lqf3NhQENMErSRrdCUDNxh47Xef -StgVMDD+dMI1PwFjo4GDMIGAMB8GA1UdIwQYMBaAFEwlemtPJLok55o6Szy1gNQz -72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH -AwIwHQYDVR0OBBYEFEwlemtPJLok55o6Szy1gNQz72dpMA8GA1UdEwEB/wQFMAMB -Af8wCgYIKoZIzj0EAwMDaAAwZQIxALb7BmuYs0vF5QUupqaNhTIUgxNNa39N+1GR -E1QCnUUd6tXj/UawVBBrei3CbUxC2wIwRW5RrYosKIIZtnxkQsPrapY3mxIitRqC -lpd7Vf2wBvi1Kf3LtWLSG6NMIB8TO7Rs +AQYFK4EEACIDYgAEDxF0LvIlR+683VOUKuumZ4rzIKvr4RgTSEOk3ZSf3NPjbAIb +77DvxZA4VhTjH9h8YSkdB1vlhHd4kNbNZasnhU3lPwexDR8h/SatsVFMhgQmzx+D +GuqlnPbPavN39v39o4GDMIGAMB8GA1UdIwQYMBaAFCzllnCyOQXq6U1vP5xHxNTz +LIVmMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH +AwIwHQYDVR0OBBYEFCzllnCyOQXq6U1vP5xHxNTzLIVmMA8GA1UdEwEB/wQFMAMB +Af8wCgYIKoZIzj0EAwMDaAAwZQIxALC08MTHS/I/QiWgqT3d8i6gaxZAKSl5hvyZ +5ZLadAjbJw8Wacx++bqKF4pBbhL48wIwWLpGn//FTlHkLKIQMjWUanDrdsHRB7Ex +SVaBvdLwvp4v5rH1zLArs2nJvx3+ZlJ5 -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/end.key b/test-ca/ecdsa-p384/end.key index 7c183fa98d..d60becc830 100644 --- a/test-ca/ecdsa-p384/end.key +++ b/test-ca/ecdsa-p384/end.key @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA9ijAQuSTgVl10LcJO -f9UA7L8jb9N0bxvCjAvGWzzojcYD6sWFkq9Fyc7YNa0K9YihZANiAATvvW88LKfl -DCRPatYWR6LWCeh2CE9MM95zC+eIjc7GZQPX9ciKn9mi/gTH0g9qQh31YFkxGRae -1hLyIaw7vlnFFx6EUN9afZcOlzMyVl4oWzdDlOZwTjz3MiJi+UyISFg= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCuPZEIbHgkFeDFfNTc +M6ATp0fuWyX7P+lDa186HlwV7SR9uTCbeAKOI5i4fumiWNahZANiAASSSY7CP89j +KOOZWFjPIYRjZYwsNCkKZKYTLeEwmAhZFnrvvu/Pa0M0OuA7ptpaZX9KKhFAU7tP +TB/4Yn+M/LE4HB/E4LOYWjej1qJW7gOtbKqw0TwuWfTOHbrkc6xvZRs= -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p384/end.revoked.crl.pem b/test-ca/ecdsa-p384/end.revoked.crl.pem index 1ba8951662..7ba99d122a 100644 --- a/test-ca/ecdsa-p384/end.revoked.crl.pem +++ b/test-ca/ecdsa-p384/end.revoked.crl.pem @@ -1,9 +1,9 @@ -----BEGIN X509 CRL----- -MIIBMTCBuAIBATAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT -QSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA0MDcxODI0NDNaFw0yNDA0 -MTIxODI0NDNaMCIwIAIBExcNMjQwNDA3MTgyNDQzWjAMMAoGA1UdFQQDCgEBoDAw -LjAfBgNVHSMEGDAWgBR7EQhJDBu8+OtZdw2OB7lPdAz7NDALBgNVHRQEBAICBNIw -CgYIKoZIzj0EAwMDaAAwZQIwYCxo+tD0BvD9VpAs+wTy+fL0VmczdUGgkglsJfy6 -AcemHA3pLKpU2qA75oSXYdUpAjEAxp3Uywn5tLoA5fsIF17cdj+au3e13RuR6oUn -Vx0V2zlnCmv0VQ7Gna85g5/DqkeI +MIIBMzCBugIBATAKBggqhkjOPQQDAzAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwMzg0IGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA1MDcxODQ3MDNaGA8yMTI0 +MDQxMzE4NDcwM1owIjAgAgETFw0yNDA1MDcxODQ3MDNaMAwwCgYDVR0VBAMKAQGg +MDAuMB8GA1UdIwQYMBaAFCW+F3vqDWRqLHqg5kF7vleZMyDfMAsGA1UdFAQEAgIE +0jAKBggqhkjOPQQDAwNoADBlAjEAy9MMKxNg4HBv+V+qpHGbm126G5BOgo3GSiGe +QFYLtd01/yAeL4YTo3kQEfJLt+C+AjBzDskWotjD8+Q/DDZVEwaQUh/4MNYyWcUC +aUe1xREdSeoOrfabzWiv879K6bA9rck= -----END X509 CRL----- diff --git a/test-ca/ecdsa-p384/inter.cert b/test-ca/ecdsa-p384/inter.cert index cfd98d88f7..00eeb28b9e 100644 --- a/test-ca/ecdsa-p384/inter.cert +++ b/test-ca/ecdsa-p384/inter.cert @@ -2,12 +2,12 @@ MIICBjCCAYygAwIBAgIBDDAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwMzg0IENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwMzg0IGxldmVsIDIgaW50ZXJt -ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkFxZ96EGr/pFtojEWPXSTqfE -tD4VAwDKrmvL2H9zLt5ze2E0fohwpJWQ29EtgFbKwndwIHXh6Rh9H5yhKGTfgEQp -p6wlVb7BNaE7C1mCNwlY2Qbolmvz3AF8U2mVokuEo4GDMIGAMB8GA1UdIwQYMBaA -FEwlemtPJLok55o6Szy1gNQz72dpMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU -BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFHsRCEkMG7z461l3DY4HuU90 -DPs0MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAJX7SRwwOwlD -yQdga5IK5GbPuQQLAeQiWuQROtjikqpDfrsqbO8+cMCYXSUYRPmYjQIwIqzzADyz -+51kgssYK3Sq1hJ4glZ3vTjyxv1ihafzMCkgjmSqxAwnlfQolPRKVdHl +ZWRpYXRlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEExV//BidqMHrVOWg8GeZx2gq +gHcwmAM/tPl9s1Gw+padbkXX9DjRbF3Y8hUJiPJi92PIpOo1IUAW7gD8wHkeH9iH +Ji6Fk+L80w8DFDTqrl/4yv7aRoEmoaK7PUARYiOKo4GDMIGAMB8GA1UdIwQYMBaA +FCzllnCyOQXq6U1vP5xHxNTzLIVmMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFCW+F3vqDWRqLHqg5kF7vleZ +MyDfMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIwF5uIXatjJBcA +5NEopCON3RstLrpB3zh+shUaJ/QGYdq8wazJw8M0vnvGcXdfGdXvAjEAo9qO3Stb +NJf4qz7sBsZqgpB9Bcr7Dwm6IK9SHteo/p6xlttkhrkpGjExcPVV9Atg -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p384/inter.der b/test-ca/ecdsa-p384/inter.der index 63e453c727b34aa0dcdc3630154f306964fff53b..51a0fee2109aa198bed6e0545abe228262fa25be 100644 GIT binary patch delta 273 zcmV+s0q*{a1d0TZu7491fBYDosKM)0<)H9qna5}gi2yKM0&h#MJXFg=UjA0Xh^V zz88Dy4PrGazQHx2I}2HYHwjqT2I!V+^V|V^ zQ)!i=ON66=gD`=BFdqg3RUIP)7%&!q6ig+0YfmJ)Bbg8?ICF#whONgOac2}8*TU~7^J$P207ZEA diff --git a/test-ca/ecdsa-p384/inter.expired.crl.pem b/test-ca/ecdsa-p384/inter.expired.crl.pem new file mode 100644 index 0000000000..e57c5b3616 --- /dev/null +++ b/test-ca/ecdsa-p384/inter.expired.crl.pem @@ -0,0 +1,8 @@ +-----BEGIN X509 CRL----- +MIH6MIGCAgEBMAoGCCqGSM49BAMDMCExHzAdBgNVBAMMFnBvbnl0b3duIEVDRFNB +IHAzODQgQ0EXDTI0MDUwNzE4NDYwMVoXDTI0MDUwNzE4NDcwMVqgMDAuMB8GA1Ud +IwQYMBaAFCzllnCyOQXq6U1vP5xHxNTzLIVmMAsGA1UdFAQEAgIE0jAKBggqhkjO +PQQDAwNnADBkAjA+72U8N8Vh3++y/siIX8hgGQO0GJ5Ss0ndN9zSF0W2CdKsuenJ +EjK3G3JadsNQcLoCMEN+y4246TMJK9Fc1jxnrqSZhcDzYh4JHlj6YXGQcXelQ12B +2sabFeZctrsMFrWUWA== +-----END X509 CRL----- diff --git a/test-ca/ecdsa-p384/inter.key b/test-ca/ecdsa-p384/inter.key index e90e71ed9d..829ac92a92 100644 --- a/test-ca/ecdsa-p384/inter.key +++ b/test-ca/ecdsa-p384/inter.key @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDATDJHNj4a+BE0CiISi -26dSuFsezP1+QbIDJbfAk0MfCDfMm4fratgt3RgNyO4cqxyhZANiAASQXFn3oQav -+kW2iMRY9dJOp8S0PhUDAMqua8vYf3Mu3nN7YTR+iHCklZDb0S2AVsrCd3AgdeHp -GH0fnKEoZN+ARCmnrCVVvsE1oTsLWYI3CVjZBuiWa/PcAXxTaZWiS4Q= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBqQHLsWvCXg9+pDkEe +Ypc6wE/l2HXg/1mxducJ1SvwiwkjUQo4E6Dly116jxIalv6hZANiAAQTFX/8GJ2o +wetU5aDwZ5nHaCqAdzCYAz+0+X2zUbD6lp1uRdf0ONFsXdjyFQmI8mL3Y8ik6jUh +QBbuAPzAeR4f2IcmLoWT4vzTDwMUNOquX/jK/tpGgSahors9QBFiI4o= -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p384/inter.revoked.crl.pem b/test-ca/ecdsa-p384/inter.revoked.crl.pem index 2d2f712597..7ca851942e 100644 --- a/test-ca/ecdsa-p384/inter.revoked.crl.pem +++ b/test-ca/ecdsa-p384/inter.revoked.crl.pem @@ -1,9 +1,9 @@ -----BEGIN X509 CRL----- -MIIBHzCBpgIBATAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RT -QSBwMzg0IENBFw0yNDA0MDcxODI0NDFaFw0yNDA0MTIxODI0NDFaMCIwIAIBDBcN -MjQwNDA3MTgyNDQxWjAMMAoGA1UdFQQDCgEBoDAwLjAfBgNVHSMEGDAWgBRMJXpr -TyS6JOeaOks8tYDUM+9naTALBgNVHRQEBAICBNIwCgYIKoZIzj0EAwMDaAAwZQIx -AJHGSTc1ol1i++3JW3e8Cn7RCBje708RQZ2bCo/WgjEKN8caLzxO5d0sOdGn3QvY -pgIwWza1fjGoduN6Cet2wH4xExt7j6fcAvgDOj5TnIhLIQ7lAzGeN8RKSD5Yql3F -ZUP1 +MIIBIDCBqAIBATAKBggqhkjOPQQDAzAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RT +QSBwMzg0IENBFw0yNDA1MDcxODQ3MDFaGA8yMTI0MDQxMzE4NDcwMVowIjAgAgEM +Fw0yNDA1MDcxODQ3MDFaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQYMBaAFCzl +lnCyOQXq6U1vP5xHxNTzLIVmMAsGA1UdFAQEAgIE0jAKBggqhkjOPQQDAwNnADBk +AjA4wwg8NXuD/Kb7cAZRVtrkeqdyDoh4UaMbKJRkpClbNQTPP7Ie+yxkTFGlv0Tb +1pwCMCCY+6w8KQRL4CsSPrHVqecLEM3JNmaoedp2Iwj4kaHZt8Rkb+p1L8gNDo7x +ab1pSw== -----END X509 CRL----- diff --git a/test-ca/ecdsa-p521/ca.cert b/test-ca/ecdsa-p521/ca.cert index 3082bfeedc..8368f387f2 100644 --- a/test-ca/ecdsa-p521/ca.cert +++ b/test-ca/ecdsa-p521/ca.cert @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICPjCCAaCgAwIBAgIBBjAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +MIICPzCCAaCgAwIBAgIBBjAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwNTIxIENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwNTIxIENBMIGbMBAGByqGSM49 -AgEGBSuBBAAjA4GGAAQBNE6id6TKt03nKiz09bDEM1h1f2JJ0QjWgiCovHNbjEWw -FI5PQ0MqAMjhbeoRBvvOXEQLd41J0XcbCXg0GwZqmdgArcmTlO8IAdoVQCg3jp3w -3s9SHxk/ebZqyd6iNsyYGCwIVr7FtBGUm39ONNS8nxrcIUpP00hpUF9jdhaSbssF -K82jgYMwgYAwHwYDVR0jBBgwFoAUOjnapNNhlEVqJx92t5jbBm9XsMwwDgYDVR0P +AgEGBSuBBAAjA4GGAAQA7PiEEFyD3SXyH+rfSJOyjgro9P9NowuCLouzf59XTzJH +Y0l1wGTsCI3ufTx9KrcjMwYHpKGe/njkSS5prMLxfWYAIjZElryIL9g03ZvKk1Ky +ro8atD1uIsxtxpX4t5R1c6FTQJJ6S6OREmRgKxohGNnpp/ZorUqjw4I26IZVjBj9 +mAyjgYMwgYAwHwYDVR0jBBgwFoAUzRE0+SXO8fSwGIf8/JzWDjiBzkkwDgYDVR0P AQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E -FgQUOjnapNNhlEVqJx92t5jbBm9XsMwwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO -PQQDBAOBiwAwgYcCQRlgAuUKnW527uUTyEjsaZcsssAu37olCWXuduP9tNyhLYPr -lYlu+ltLmR250DdikBXAl3unkpYEAdQam9lc1nMxAkIBVBah69psNw9vjrR9jNtp -Ql22JD6hpeJsWFe0gdDhNZjIS+sKPXrDj3YfmRHLm9JsgVKinMaVMfI8DstuIaET -IzE= +FgQUzRE0+SXO8fSwGIf8/JzWDjiBzkkwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO +PQQDBAOBjAAwgYgCQgCj3pVDiWcr9ZQHY+QY6nMkIJy/UoyKfgWRDnN4s80kZOxQ +i1BHFgr0D6Q9A+ncpi6H9LXQjcfwyvkb3SiKsnWNdwJCAS4Hn1m19yoDXMaoJzLd +g8oJNnNfrUwosn8aVAa2yg5cfDw2Q1vq2EFWja8OHVbZDCK1tqOAzoEnoQj/nnY1 +sDxn -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/ca.der b/test-ca/ecdsa-p521/ca.der index 4478be6a5cd060ed101c096e4a9b44c33192c86f..de0219f6e9f26ba3e6eca668cfe1f3aec2738c53 100644 GIT binary patch delta 357 zcmX@aa+rn1poz(TBFn6LhBrT21Y(-+s(zAxb>Cz1rarD0U;g_p=5EsK-dsOF+~3GO z*|YRO${UW}ceOUPTHBS4+1QsXocFKdiKkxXnnNFJ(-@S@T&C^m(7$1FclN2tL7Ud~ zOKq{uQ#zA-Z0e8gQ%Z{$20Kiu@?JbqC?!E#N>SqG%jMrP)_N^I++_BmEmWsR;_nQe z#f{AdjSU9!Y|Npu$}AEFVhti^1x^+}!=Ij%J+tk_c=-Q&7J zq|e{kS&QMs!`xSbY`@RNxNw*EdR{D-=BzN0X3Ls+gJJE-$y45QFy0b%&@k_t`{CaC zAbCmq%57OE?=3PrGebg$BW&N%ErL^K*ZY}V*)w12j-r?UWsl5&_~bINNjiC_S+&nD zZfrJaY%q{#V-A&7W|1%uYY?%rytU+V;uO~`b@{UGGj6lxhi^DD*^|)2ubGpu^1A6y&sdA>iD|`HR%bkU~&9A3+=KYHHo+-QY zf_c&e(F4<~mrt6;!gxh$_RW}U#fD5yj3HtRU*F0x=g;rkQrmMo(A(d@-qcb&%Tt?7_?{(@3EFoFVQkp!iG06B3n0$(=@)h`YGGK)qei?A_z5Ix9h+7NL$Wh7Tt z%4ge=W>Oc9K1jiHwR`PI@)1!%yp}1_cgzrKL=2(#b{PS?Td6$cX=S-Odpt{^eFJ-> z4V?@@ZeW|W`rbHQRF*P1I~)pc|FS`4NgYqB8$8loaif6k?ae}H)<9t_$5uZ&vC&c<2;*+HzFv18WumT%3@n2s z;m43O@a{UsC5-|?0ai`c_>FzAItWv&`pt~8D&0pP6qM9hs5jbqm=rvx{VYZ~UDlCV e0IaCSOOr?7Cs||*4zHq8<^39I7D*ftF=t07BaCza delta 331 zcmV-R0kr<<1n2|=FoFVPkp!iG0cE~m8fZ5t{Tkgr*1b@gvt3(;=3?bv`Orb(y6md0lEWC{fooH0^|Tx zBTmqKl}*Ex&E{7VYw#R_{0@F@zBJ=Xs0ua#&`)KiXd?eFo5}-iQt6?rq)+KPQWDur zOs3Fi+a8vE6nsa|@}uzxQ#q!}KR&k()<*X&BAaqp@R!w>2P-707(b(di7q!m5T`%<);|}LIDTX z3{(85{j%6D)JNVrR^^N%6C`;yVpvh1INf!B;SM8~HWEw0M{L?vG7!z;koyC>I PZQ1X%$OcW<(doBf;MbKp diff --git a/test-ca/ecdsa-p521/end.expired.crl.pem b/test-ca/ecdsa-p521/end.expired.crl.pem new file mode 100644 index 0000000000..1eb2b6149c --- /dev/null +++ b/test-ca/ecdsa-p521/end.expired.crl.pem @@ -0,0 +1,9 @@ +-----BEGIN X509 CRL----- +MIIBMTCBlAIBATAKBggqhkjOPQQDBDAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwNTIxIGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA1MDcxODQ2MDNaFw0yNDA1 +MDcxODQ3MDNaoDAwLjAfBgNVHSMEGDAWgBR1WwKcQDUenQG4qTUNUciO/YPOxDAL +BgNVHRQEBAICBNIwCgYIKoZIzj0EAwQDgYsAMIGHAkFZfT316o1vNjR/EhxdLzHN +HF7Lpi5Ek8xI6IwiLMLBeu0XOua5IG5adcyJfguip51uKfx6VK+kV12UDxt2dDPc +YgJCAQ+OEREGOXZCp9kMx+HHmI9yvtQjt8Q+GMazBdG9De6wARSC3AT6g3aAxLd1 +0HskZvPQ91GDZl5v2VDTa0jZh4tx +-----END X509 CRL----- diff --git a/test-ca/ecdsa-p521/end.fullchain b/test-ca/ecdsa-p521/end.fullchain index ea8d7b0154..f6b1067560 100644 --- a/test-ca/ecdsa-p521/end.fullchain +++ b/test-ca/ecdsa-p521/end.fullchain @@ -2,44 +2,44 @@ MIICTzCCAbCgAwIBAgIBFDAKBggqhkjOPQQDBDAzMTEwLwYDVQQDDChwb255dG93 biBFQ0RTQSBwNTIxIGxldmVsIDIgaW50ZXJtZWRpYXRlMCAXDTc1MDEwMTAwMDAw MFoYDzQwOTYwMTAxMDAwMDAwWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTCB -mzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAIeQ9nmRpEKiaPHndWHt+MHk0HhYKJ68 -mRNXyqIV2h2PdBRnX2LOMFUG6soS0C+DwY6PJnxggheUAUFfPuj7FO5eABouUuKS -wO7BsOQgWk0tJBPMWpE1M+nqab3Sq79B2bdtZaoMciP1fMO7Y92RMWJHTEWuo+cV -V2TOPN6QsMPA17sno4GJMIGGMB8GA1UdIwQYMBaAFKzEA+eqUyatDn0QF2/CitNP -hRQ0MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29tghVzZWNvbmQudGVzdHNlcnZl +mzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAF3mXqYSMvYy2Wr1VRg94rswVrRJ7I/S +qbNMAboDTf2Lw8MC5ABUI07QfJVNw5TN5lcTa/AcgfwOfm6+NONKqAo2AdBPZaZo +Iv8vm8oDbVLpoaykT+k7UhLZTEym0GjbHpZ9FHxHz/Kj8QhTOabKPz63DtZG9y0i +m3JY8JfVlwckqRg/o4GJMIGGMB8GA1UdIwQYMBaAFHVbApxANR6dAbipNQ1RyI79 +g87EMFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29tghVzZWNvbmQudGVzdHNlcnZl ci5jb22CCWxvY2FsaG9zdIcExjNkAYcQIAENuAAAAAAAAAAAAAAAATAOBgNVHQ8B -Af8EBAMCBsAwCgYIKoZIzj0EAwQDgYwAMIGIAkIAyxKBhR9HWpLZ5WFPB72MZB2s -pBWkSl60DkryT+YkB26LjJdEYHFifDjqc0f0Aq4hDvHGtcACGSMh3cbm7PsxUqUC -QgHEGiQxY/i1EYYGCLDI44Ov67Cx7wH0Hg3XN8N2szuNdzfyIIM6m0rD63MBFXEM -kTsk0uE5jRRt2e+0yE3X0em3YA== +Af8EBAMCBsAwCgYIKoZIzj0EAwQDgYwAMIGIAkIA8P1FwrSQq/7olK8KjiBwGH01 ++acC4i3tcnbZy/OUyVDdrUjM6l8KIMsqATqmF3pAYcMRqQwD48AbfpWLCRflpxkC +QgEH1gxT/Kj9stgu1EfeOlbljCMTJHk2YlhRnzjddX/hDiOWNhJLwUds2lXkU1XS +CaOOg3J7OBmC3FUc8HY4p/WyNA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICUDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +MIICUTCCAbKgAwIBAgIBDTAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwNTIxIENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwNTIxIGxldmVsIDIgaW50ZXJt -ZWRpYXRlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBecdhU3/ueIjmAf2NPGZH -dT44+uxq+rc7aZXy+6ucFRRHq5OdFSh3Z/qSFlk9n682wLQJRG+8hi230pnPwM7E -j5ABAAcyK6nDHPKBZK4+YXuiUYsKBbD82Gn4zXff2dyahjlKtuBjjqlLaMCwgADO -QdGfF5/peH4i46dN7xm6HHWULVujgYMwgYAwHwYDVR0jBBgwFoAUOjnapNNhlEVq -Jx92t5jbBm9XsMwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjAdBgNVHQ4EFgQUrMQD56pTJq0OfRAXb8KK00+FFDQwDwYDVR0T -AQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBiwAwgYcCQXhkIhVuUfxQqafd3jG75ugN -vg4nZdHZx715Du1cKErBfN5x1Ib1fQMKe+Y4qZ8R1S3uLfoHlOzirLwCzeRaExne -AkIBVkovuBx1n/y5HK+uRIQTpGRjH4srgvW4Q2PxsXjVEe2jP1R2smUwz8+VamPo -j1CGz5rAaj99YdMqNKXG8/avL9Q= +ZWRpYXRlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBuYXYyKfiY+aZulB4ZwVm +jfQyNfdclTef+tWDT8Zzlc4z4ENj5vhDD+iBpICpJpvSHtRRRnabhpnoy25xM6z0 +UksAse1RoR9JpWdcaGfEO94kK+AY48I58pRFf2QBVThXMadzlLZZhJ1eWeVC29Ui +HMlAHRyQU5PVfuPaucEXQl42jmijgYMwgYAwHwYDVR0jBBgwFoAUzRE0+SXO8fSw +GIf8/JzWDjiBzkkwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAdBgNVHQ4EFgQUdVsCnEA1Hp0BuKk1DVHIjv2DzsQwDwYDVR0T +AQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBjAAwgYgCQgDqjy3punInhBI4Gy22n/BB +txxGn07uT8JEzbbK0Wp9XEVUT82MWwGoHaQ74jA1fhDkmaUdgqrOZ4n0VbenMjWv +UAJCAfGkb7UgOq19nYeFR+fqEM46G0DuGns2fK8IqCD0DrnoXtTJ4SGZjULiiBQK +X/6kZ84oslUN3URJsnU46cxNh1Jz -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICPjCCAaCgAwIBAgIBBjAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +MIICPzCCAaCgAwIBAgIBBjAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwNTIxIENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RTQSBwNTIxIENBMIGbMBAGByqGSM49 -AgEGBSuBBAAjA4GGAAQBNE6id6TKt03nKiz09bDEM1h1f2JJ0QjWgiCovHNbjEWw -FI5PQ0MqAMjhbeoRBvvOXEQLd41J0XcbCXg0GwZqmdgArcmTlO8IAdoVQCg3jp3w -3s9SHxk/ebZqyd6iNsyYGCwIVr7FtBGUm39ONNS8nxrcIUpP00hpUF9jdhaSbssF -K82jgYMwgYAwHwYDVR0jBBgwFoAUOjnapNNhlEVqJx92t5jbBm9XsMwwDgYDVR0P +AgEGBSuBBAAjA4GGAAQA7PiEEFyD3SXyH+rfSJOyjgro9P9NowuCLouzf59XTzJH +Y0l1wGTsCI3ufTx9KrcjMwYHpKGe/njkSS5prMLxfWYAIjZElryIL9g03ZvKk1Ky +ro8atD1uIsxtxpX4t5R1c6FTQJJ6S6OREmRgKxohGNnpp/ZorUqjw4I26IZVjBj9 +mAyjgYMwgYAwHwYDVR0jBBgwFoAUzRE0+SXO8fSwGIf8/JzWDjiBzkkwDgYDVR0P AQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4E -FgQUOjnapNNhlEVqJx92t5jbBm9XsMwwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO -PQQDBAOBiwAwgYcCQRlgAuUKnW527uUTyEjsaZcsssAu37olCWXuduP9tNyhLYPr -lYlu+ltLmR250DdikBXAl3unkpYEAdQam9lc1nMxAkIBVBah69psNw9vjrR9jNtp -Ql22JD6hpeJsWFe0gdDhNZjIS+sKPXrDj3YfmRHLm9JsgVKinMaVMfI8DstuIaET -IzE= +FgQUzRE0+SXO8fSwGIf8/JzWDjiBzkkwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO +PQQDBAOBjAAwgYgCQgCj3pVDiWcr9ZQHY+QY6nMkIJy/UoyKfgWRDnN4s80kZOxQ +i1BHFgr0D6Q9A+ncpi6H9LXQjcfwyvkb3SiKsnWNdwJCAS4Hn1m19yoDXMaoJzLd +g8oJNnNfrUwosn8aVAa2yg5cfDw2Q1vq2EFWja8OHVbZDCK1tqOAzoEnoQj/nnY1 +sDxn -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/end.key b/test-ca/ecdsa-p521/end.key index e90764246d..4719ba91c0 100644 --- a/test-ca/ecdsa-p521/end.key +++ b/test-ca/ecdsa-p521/end.key @@ -1,8 +1,8 @@ -----BEGIN PRIVATE KEY----- -MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA2udCT3jmo9pjJThF -nw5rUTOWEUsJqvOSGi9huhY6K4q3vMk7oOdRke3UiR6CebOdv0drE8aYVEJM6+yD -eu8752ihgYkDgYYABACHkPZ5kaRComjx53Vh7fjB5NB4WCievJkTV8qiFdodj3QU -Z19izjBVBurKEtAvg8GOjyZ8YIIXlAFBXz7o+xTuXgAaLlLiksDuwbDkIFpNLSQT -zFqRNTPp6mm90qu/Qdm3bWWqDHIj9XzDu2PdkTFiR0xFrqPnFVdkzjzekLDDwNe7 -Jw== +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAapyPsECI3cr1/lSd +L5vd2aIaJHqVzynvJsY7DAxm7/nM5TL9abhAAUMgxSDKUd2LGISVBfz2wr9pjm5y +rQnXiFahgYkDgYYABABd5l6mEjL2Mtlq9VUYPeK7MFa0SeyP0qmzTAG6A039i8PD +AuQAVCNO0HyVTcOUzeZXE2vwHIH8Dn5uvjTjSqgKNgHQT2WmaCL/L5vKA21S6aGs +pE/pO1IS2UxMptBo2x6WfRR8R8/yo/EIUzmmyj8+tw7WRvctIptyWPCX1ZcHJKkY +Pw== -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p521/end.revoked.crl.pem b/test-ca/ecdsa-p521/end.revoked.crl.pem index d8bc231230..20b2bfe773 100644 --- a/test-ca/ecdsa-p521/end.revoked.crl.pem +++ b/test-ca/ecdsa-p521/end.revoked.crl.pem @@ -1,10 +1,10 @@ -----BEGIN X509 CRL----- -MIIBVjCBuAIBATAKBggqhkjOPQQDBDAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT -QSBwNTIxIGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA0MDcxODI0NDNaFw0yNDA0 -MTIxODI0NDNaMCIwIAIBFBcNMjQwNDA3MTgyNDQzWjAMMAoGA1UdFQQDCgEBoDAw -LjAfBgNVHSMEGDAWgBSsxAPnqlMmrQ59EBdvworTT4UUNDALBgNVHRQEBAICBNIw -CgYIKoZIzj0EAwQDgYwAMIGIAkIBbJwgPhFHxbKVAjY4O8o2yEwRFdliQgSGVJ7M -iiHQTohKxr0tVAWiEFicAi0OWx2QLIKjS2f6ZB+dXFGu6ahVjqcCQgFyc9Bqj6on -zRbPgIM5TR8tB0DrcHSTPJ+33X2PxkyRHUSooiyR4iebczPva8zqNQrWXgM3QFiF -oORBxRc55dJz2g== +MIIBVzCBugIBATAKBggqhkjOPQQDBDAzMTEwLwYDVQQDDChwb255dG93biBFQ0RT +QSBwNTIxIGxldmVsIDIgaW50ZXJtZWRpYXRlFw0yNDA1MDcxODQ3MDNaGA8yMTI0 +MDQxMzE4NDcwM1owIjAgAgEUFw0yNDA1MDcxODQ3MDNaMAwwCgYDVR0VBAMKAQGg +MDAuMB8GA1UdIwQYMBaAFHVbApxANR6dAbipNQ1RyI79g87EMAsGA1UdFAQEAgIE +0jAKBggqhkjOPQQDBAOBiwAwgYcCQgD9wUFQ4WBR9AuFKjQaS9+urHRrasZ0AB1/ +WYS1uF6J6igtgLb1mepBaRaZ8Nlx1ECg4OFGmbAsjHvCBoQmk6UeXwJBU5zAX6iC +ygs+Hg88+8v5V6C1qHedDRpoWKAVyUNSrYMErlBWDQc5EA0oLRXCDOthhw05Sqii +kojij19Bi9KNiAU= -----END X509 CRL----- diff --git a/test-ca/ecdsa-p521/inter.cert b/test-ca/ecdsa-p521/inter.cert index fa1b9f6abf..086a4311a5 100644 --- a/test-ca/ecdsa-p521/inter.cert +++ b/test-ca/ecdsa-p521/inter.cert @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICUDCCAbKgAwIBAgIBDTAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 +MIICUTCCAbKgAwIBAgIBDTAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93 biBFQ0RTQSBwNTIxIENBMCAXDTc1MDEwMTAwMDAwMFoYDzQwOTYwMTAxMDAwMDAw WjAzMTEwLwYDVQQDDChwb255dG93biBFQ0RTQSBwNTIxIGxldmVsIDIgaW50ZXJt -ZWRpYXRlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBecdhU3/ueIjmAf2NPGZH -dT44+uxq+rc7aZXy+6ucFRRHq5OdFSh3Z/qSFlk9n682wLQJRG+8hi230pnPwM7E -j5ABAAcyK6nDHPKBZK4+YXuiUYsKBbD82Gn4zXff2dyahjlKtuBjjqlLaMCwgADO -QdGfF5/peH4i46dN7xm6HHWULVujgYMwgYAwHwYDVR0jBBgwFoAUOjnapNNhlEVq -Jx92t5jbBm9XsMwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjAdBgNVHQ4EFgQUrMQD56pTJq0OfRAXb8KK00+FFDQwDwYDVR0T -AQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBiwAwgYcCQXhkIhVuUfxQqafd3jG75ugN -vg4nZdHZx715Du1cKErBfN5x1Ib1fQMKe+Y4qZ8R1S3uLfoHlOzirLwCzeRaExne -AkIBVkovuBx1n/y5HK+uRIQTpGRjH4srgvW4Q2PxsXjVEe2jP1R2smUwz8+VamPo -j1CGz5rAaj99YdMqNKXG8/avL9Q= +ZWRpYXRlMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBuYXYyKfiY+aZulB4ZwVm +jfQyNfdclTef+tWDT8Zzlc4z4ENj5vhDD+iBpICpJpvSHtRRRnabhpnoy25xM6z0 +UksAse1RoR9JpWdcaGfEO94kK+AY48I58pRFf2QBVThXMadzlLZZhJ1eWeVC29Ui +HMlAHRyQU5PVfuPaucEXQl42jmijgYMwgYAwHwYDVR0jBBgwFoAUzRE0+SXO8fSw +GIf8/JzWDjiBzkkwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAdBgNVHQ4EFgQUdVsCnEA1Hp0BuKk1DVHIjv2DzsQwDwYDVR0T +AQH/BAUwAwEB/zAKBggqhkjOPQQDBAOBjAAwgYgCQgDqjy3punInhBI4Gy22n/BB +txxGn07uT8JEzbbK0Wp9XEVUT82MWwGoHaQ74jA1fhDkmaUdgqrOZ4n0VbenMjWv +UAJCAfGkb7UgOq19nYeFR+fqEM46G0DuGns2fK8IqCD0DrnoXtTJ4SGZjULiiBQK +X/6kZ84oslUN3URJsnU46cxNh1Jz -----END CERTIFICATE----- diff --git a/test-ca/ecdsa-p521/inter.der b/test-ca/ecdsa-p521/inter.der index cb2bff0bb91528b518c6f86950dc135d406aecef..777225307239533832ad0cc7d7a259da21a8497c 100644 GIT binary patch delta 356 zcmV-q0h|8R1l0rtFoFV6kp!)OxrNxsr{ZJgnYvJTX9Z@B^fEQ~T$MMU`qhI^#&ea< zGvGsG=J-Po=z*kwsV1A!9@J4rcAJKo=*w<#GpzJdO8~L$QK276rDt4dXT&?+BrD(; zE4)oYoFFfzC;jTLC&0bz1_QKs6qn0l29( z4N=IB{e#ZLlc@n8e~bVyfrtV^0P2q|>AG?!gc3L#Ew-QVLAM-6pHA*i!bHus%F$|l zTt!q*&5T@F?izbGe6I+oAoLEo=w8&x;USrgLgI)N3Sa)DXU-_H4pj}^L`kxBIO)tyhf;Ic C{-v$} delta 355 zcmV-p0i6ET1k?lsFoFV5kp!)OdBf9`mQ<^lbUJZ49AJ~;a9YWlZ3X_fN(tDF@S zN2`;a6)1OS`jQq|J)f^Oz_bZOZ@h*rx6+xvkO2S(GApUW9P)u=u0COVqEU+q z1+e_sY52`|-`U)nhB->M;A4)dOK8BbfB?=x(VrKe>3Du3 Br{e$s diff --git a/test-ca/ecdsa-p521/inter.expired.crl.pem b/test-ca/ecdsa-p521/inter.expired.crl.pem new file mode 100644 index 0000000000..a0b847b1fb --- /dev/null +++ b/test-ca/ecdsa-p521/inter.expired.crl.pem @@ -0,0 +1,9 @@ +-----BEGIN X509 CRL----- +MIIBIDCBggIBATAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RT +QSBwNTIxIENBFw0yNDA1MDcxODQ2MDFaFw0yNDA1MDcxODQ3MDFaoDAwLjAfBgNV +HSMEGDAWgBTNETT5Jc7x9LAYh/z8nNYOOIHOSTALBgNVHRQEBAICBNIwCgYIKoZI +zj0EAwQDgYwAMIGIAkIBzEHxHS59Z95Ct1KDeaFoaGDbYVtmszA2LgAIKKligtd6 +0bTsTJLxBlKNf4sIHmjHHWp0lYoqej5fLFUcQ/nNCfYCQgHDSf/rjkzFrNkkzTnt +WqWC0MXcf71BuwfIyeoPAjWx3qQPlA8TaZ2/9QZDnpZt3v+u0yUhxz8wOzhYEzJ7 +gWT2cA== +-----END X509 CRL----- diff --git a/test-ca/ecdsa-p521/inter.key b/test-ca/ecdsa-p521/inter.key index 551f07be55..9b19cd85ef 100644 --- a/test-ca/ecdsa-p521/inter.key +++ b/test-ca/ecdsa-p521/inter.key @@ -1,8 +1,8 @@ -----BEGIN PRIVATE KEY----- -MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIAvUOfRk5kxE5AV83z -rks0adiwx0DkRgOdVGuXkXEFSQ1g/Tg3LQCSIzOQunaTsIUloLFNq+T9KVgE042w -VPhwpx2hgYkDgYYABAF5x2FTf+54iOYB/Y08Zkd1Pjj67Gr6tztplfL7q5wVFEer -k50VKHdn+pIWWT2frzbAtAlEb7yGLbfSmc/AzsSPkAEABzIrqcMc8oFkrj5he6JR -iwoFsPzYafjNd9/Z3JqGOUq24GOOqUtowLCAAM5B0Z8Xn+l4fiLjp03vGbocdZQt -Ww== +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIB04CxbN3mJoXvsK1S ++65jHBCArsfzklK0+jd7Mm9JJ9AQHGq6/N3P4lehmTRRg+nqx5BiA12ee+WGKOhy +4tx/1quhgYkDgYYABAG5hdjIp+Jj5pm6UHhnBWaN9DI191yVN5/61YNPxnOVzjPg +Q2Pm+EMP6IGkgKkmm9Ie1FFGdpuGmejLbnEzrPRSSwCx7VGhH0mlZ1xoZ8Q73iQr +4BjjwjnylEV/ZAFVOFcxp3OUtlmEnV5Z5ULb1SIcyUAdHJBTk9V+49q5wRdCXjaO +aA== -----END PRIVATE KEY----- diff --git a/test-ca/ecdsa-p521/inter.revoked.crl.pem b/test-ca/ecdsa-p521/inter.revoked.crl.pem index 0a164b1d21..1d63b13b98 100644 --- a/test-ca/ecdsa-p521/inter.revoked.crl.pem +++ b/test-ca/ecdsa-p521/inter.revoked.crl.pem @@ -1,9 +1,9 @@ -----BEGIN X509 CRL----- -MIIBRDCBpgIBATAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RT -QSBwNTIxIENBFw0yNDA0MDcxODI0NDFaFw0yNDA0MTIxODI0NDFaMCIwIAIBDRcN -MjQwNDA3MTgyNDQxWjAMMAoGA1UdFQQDCgEBoDAwLjAfBgNVHSMEGDAWgBQ6Odqk -02GURWonH3a3mNsGb1ewzDALBgNVHRQEBAICBNIwCgYIKoZIzj0EAwQDgYwAMIGI -AkIBHBqEewFWSLyUsNHb71seYtqJF3j0znRS/k3dImcCWg2bsXI6lECcu3M8QE/P -HMCSTRdwxAqaQF2GZuPtbZuRbJQCQgEHCdt4mrK7xVbMheL9E+XjxbXfoFOkhsPB -/fE9aANJT/XmvFP0npE3haFSoGFBtLY4D56saChbzdbYQC/+IephyQ== +MIIBRTCBqAIBATAKBggqhkjOPQQDBDAhMR8wHQYDVQQDDBZwb255dG93biBFQ0RT +QSBwNTIxIENBFw0yNDA1MDcxODQ3MDFaGA8yMTI0MDQxMzE4NDcwMVowIjAgAgEN +Fw0yNDA1MDcxODQ3MDFaMAwwCgYDVR0VBAMKAQGgMDAuMB8GA1UdIwQYMBaAFM0R +NPklzvH0sBiH/Pyc1g44gc5JMAsGA1UdFAQEAgIE0jAKBggqhkjOPQQDBAOBiwAw +gYcCQgGDT+Ywr1NoF1UVpXOsqAMcf5IhyI+BBEY5cmZwcFHQW2S2uJesrDTxnS3E +jLyAyuNwH2j4vyAg8s2G8G4nDm+mcwJBEMcMrxAX7P+bU+Shz94S+8CVBPWs2gHe +Ap6GBZMA2XBVGQ56VDI1VrWb6KzgISgA+AnXa7ewr9vJwBIZH1YOdD0= -----END X509 CRL----- diff --git a/test-ca/eddsa/ca.cert b/test-ca/eddsa/ca.cert index ef1aad0585..abe61bcee4 100644 --- a/test-ca/eddsa/ca.cert +++ b/test-ca/eddsa/ca.cert @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- MIIBbTCCAR+gAwIBAgIBBzAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMBwxGjAYBgNV -BAMMEXBvbnl0b3duIEVkRFNBIENBMCowBQYDK2VwAyEAwXROi6SzCpBGUXAoePUH -kE/t75P6MCFKLhgme6GD2AijgYMwgYAwHwYDVR0jBBgwFoAUI7SoTxJvow+B0Ni4 -PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjAdBgNVHQ4EFgQUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDwYDVR0TAQH/ -BAUwAwEB/zAFBgMrZXADQQBkxyECqXXb3l/90A0ghe31Gkq2LCRBouXN+gUsdufi -EQ7KlpoaiLJuhJgu+rkDNoWrufETTN2vj3JnCaN8X/MP +BAMMEXBvbnl0b3duIEVkRFNBIENBMCowBQYDK2VwAyEApNtSnEIA43Y/ZA2f23yO +NZOQ6BPOEXdLnf2A/owXzf2jgYMwgYAwHwYDVR0jBBgwFoAUoGfnIhOtezRt1txo +KDnWZg0NaHcwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjAdBgNVHQ4EFgQUoGfnIhOtezRt1txoKDnWZg0NaHcwDwYDVR0TAQH/ +BAUwAwEB/zAFBgMrZXADQQDI6VakhCwcJeoRe1mjXe9BQGaI7cgjEoiJbz3pAbUB +SFwtAPKT+VnsjM6/z1nmTQt8SDhJ06wrQmwVAmb3iR8A -----END CERTIFICATE----- diff --git a/test-ca/eddsa/ca.der b/test-ca/eddsa/ca.der index 401c0e6fd05a602f43f324ece7dfd91eb9f6b211..528a8be276f5614a6708d7f9aa290ac4e2d570cd 100644 GIT binary patch delta 178 zcmey!^pR;oqr#HgL35lK9+%mt@Xo(o(`Pz)!VBSZg5}r6X6XIe$!ylTdgn)B RpS$b(i_$q4*TjG32LJ(pP3r&v diff --git a/test-ca/eddsa/ca.key b/test-ca/eddsa/ca.key index f3c671e700..a13809a366 100644 --- a/test-ca/eddsa/ca.key +++ b/test-ca/eddsa/ca.key @@ -1,4 +1,4 @@ -----BEGIN PRIVATE KEY----- -MFECAQEwBQYDK2VwBCIEIHKBGGgoLpqiqJ6w46Zqov58in9Ipl+AZkeaOBrq727T -gSEAwXROi6SzCpBGUXAoePUHkE/t75P6MCFKLhgme6GD2Ag= +MFECAQEwBQYDK2VwBCIEIKvdkDL/MylWpHSpzcnRL28s+BB/DZ+g5izBOLjd4Ns3 +gSEApNtSnEIA43Y/ZA2f23yONZOQ6BPOEXdLnf2A/owXzf0= -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/client.cert b/test-ca/eddsa/client.cert index 5e95942db8..cb533211d1 100644 --- a/test-ca/eddsa/client.cert +++ b/test-ca/eddsa/client.cert @@ -2,10 +2,10 @@ MIIBmDCCAUqgAwIBAgIBHDAFBgMrZXAwLjEsMCoGA1UEAwwjcG9ueXRvd24gRWRE U0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAx MDEwMDAwMDBaMBoxGDAWBgNVBAMMD3Bvbnl0b3duIGNsaWVudDAqMAUGAytlcAMh -AFBzzivwYw3/ggX/KhRoC4q+fAOUbC07C+q1nCJRxCD8o4GeMIGbMB8GA1UdIwQY -MBaAFMUlmwtQ3/cgMIGKh0REVDrOvAV8MFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIu +AGHfkzOmNznYqgRZYKqLJXPjppUrEbQPUJ5OXZrTtQLjo4GeMIGbMB8GA1UdIwQY +MBaAFLyFyvml7jAJ52YZhBh7tHTZ/FqHMFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIu Y29tghVzZWNvbmQudGVzdHNlcnZlci5jb22CCWxvY2FsaG9zdIcExjNkAYcQIAEN uAAAAAAAAAAAAAAAATAOBgNVHQ8BAf8EBAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUH -AwIwBQYDK2VwA0EAcO4Vm+lhILnqWGSap7jE8TCmz8cSw9GkzQO4Z28mJk1dAFES -5sqTsDzE3I1Mo6AVHXd2HnIguxH9uiCiivrkAQ== +AwIwBQYDK2VwA0EARRbM0OZUvmVK1ava1tswjIKLWZ+fUWQQka5dmlXuOCZP0T/6 +/NzIVgI2ppdbPrUCBUF9xFfQDvyVUC0gYYLQCQ== -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.chain b/test-ca/eddsa/client.chain index dbefd823ee..e5e4fc16e9 100644 --- a/test-ca/eddsa/client.chain +++ b/test-ca/eddsa/client.chain @@ -2,20 +2,20 @@ MIIBfzCCATGgAwIBAgIBDjAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMC4xLDAqBgNV BAMMI3Bvbnl0b3duIEVkRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCowBQYDK2Vw -AyEAdA/pcEqhCS7FsUiy5toe3ADEdJ2vjfcgrO/RdzaJNMKjgYMwgYAwHwYDVR0j -BBgwFoAUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1Ud -JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUxSWbC1Df9yAwgYqH -RERUOs68BXwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDcvvoovHlDlarpjiT/ -8JcbFVe0r3mKXjyug6OvDhK34kIr4z6zIaay4bwENRjabRI1LDHkTDPcY86kF5Nq -g9oO +AyEAWEJzy2Rejd/eXRbLjRcWxBuYZgHzmqHtO7AHfh9WU7SjgYMwgYAwHwYDVR0j +BBgwFoAUoGfnIhOtezRt1txoKDnWZg0NaHcwDgYDVR0PAQH/BAQDAgH+MB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUvIXK+aXuMAnnZhmE +GHu0dNn8WocwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDkxE/52oIDkV4syjAC +tlDYDOa1eqQ7XbJs5VOvx1160B3AIasl7AUIrWtQls8tDGw3BL2QxSp9zBAHRzdf +oDUC -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBbTCCAR+gAwIBAgIBBzAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMBwxGjAYBgNV -BAMMEXBvbnl0b3duIEVkRFNBIENBMCowBQYDK2VwAyEAwXROi6SzCpBGUXAoePUH -kE/t75P6MCFKLhgme6GD2AijgYMwgYAwHwYDVR0jBBgwFoAUI7SoTxJvow+B0Ni4 -PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjAdBgNVHQ4EFgQUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDwYDVR0TAQH/ -BAUwAwEB/zAFBgMrZXADQQBkxyECqXXb3l/90A0ghe31Gkq2LCRBouXN+gUsdufi -EQ7KlpoaiLJuhJgu+rkDNoWrufETTN2vj3JnCaN8X/MP +BAMMEXBvbnl0b3duIEVkRFNBIENBMCowBQYDK2VwAyEApNtSnEIA43Y/ZA2f23yO +NZOQ6BPOEXdLnf2A/owXzf2jgYMwgYAwHwYDVR0jBBgwFoAUoGfnIhOtezRt1txo +KDnWZg0NaHcwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjAdBgNVHQ4EFgQUoGfnIhOtezRt1txoKDnWZg0NaHcwDwYDVR0TAQH/ +BAUwAwEB/zAFBgMrZXADQQDI6VakhCwcJeoRe1mjXe9BQGaI7cgjEoiJbz3pAbUB +SFwtAPKT+VnsjM6/z1nmTQt8SDhJ06wrQmwVAmb3iR8A -----END CERTIFICATE----- diff --git a/test-ca/eddsa/client.der b/test-ca/eddsa/client.der index 5ad53e73b9ef5e486a64cce5c1dffa045a7120b4..002f32181eb3acbcfee534603361bdb51ec37050 100644 GIT binary patch delta 131 zcmV-}0DS+P1Dpepksx8;lQX6_IoPTMSzxM*C3EAZl`9dn4^W;?U7FLi0^^af6BN9K z%K4@4FbU^o8H5;nv~=10T8EL?gg`|W%+TgkzGX_)tJ>DvFpPqWS)ZR#WDt?AU7A(y lI3`cgKl=RK$W{V2rk7hjwE_h}eZ*JL4*Zo+Eg)fn&d%gg|ia6`Sc{Ai3&TWSXbA#PKku&&LwO(WK1-xMy!B lCQV%cQ4;3LldwF*+>K15pcNf=b{=vdyAl1mAfk%;z?@_5G9Qrv3$_^V9akVE3<5Dj AEC2ui delta 146 zcmV;D0B!$<1BL^TkVhIcAWZ*-Z+=Lv2xlIVi7d@FPX`z%2l~E2 Ar2qf` diff --git a/test-ca/eddsa/end.expired.crl.pem b/test-ca/eddsa/end.expired.crl.pem new file mode 100644 index 0000000000..664703995b --- /dev/null +++ b/test-ca/eddsa/end.expired.crl.pem @@ -0,0 +1,7 @@ +-----BEGIN X509 CRL----- +MIHXMIGKAgEBMAUGAytlcDAuMSwwKgYDVQQDDCNwb255dG93biBFZERTQSBsZXZl +bCAyIGludGVybWVkaWF0ZRcNMjQwNTA3MTg0NjAzWhcNMjQwNTA3MTg0NzAzWqAw +MC4wHwYDVR0jBBgwFoAUvIXK+aXuMAnnZhmEGHu0dNn8WocwCwYDVR0UBAQCAgTS +MAUGAytlcANBAGpjzD60ne0OlID9ELsVp/t/KbyuAWzsOCYj0YeTsSkZZR1lQTdV +FqQGuhM0f8wT3yfjPNaKr1bZUK9BXSgP/Ao= +-----END X509 CRL----- diff --git a/test-ca/eddsa/end.fullchain b/test-ca/eddsa/end.fullchain index 16170655a4..3bbc9c6029 100644 --- a/test-ca/eddsa/end.fullchain +++ b/test-ca/eddsa/end.fullchain @@ -2,31 +2,31 @@ MIIBgjCCATSgAwIBAgIBFTAFBgMrZXAwLjEsMCoGA1UEAwwjcG9ueXRvd24gRWRE U0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAx MDEwMDAwMDBaMBkxFzAVBgNVBAMMDnRlc3RzZXJ2ZXIuY29tMCowBQYDK2VwAyEA -GjQgTP+Fb35IrQhqBKKzgqjLpqkapZMKNcfCxAPRbI2jgYkwgYYwHwYDVR0jBBgw -FoAUxSWbC1Df9yAwgYqHRERUOs68BXwwUwYDVR0RBEwwSoIOdGVzdHNlcnZlci5j +E2Inv89YZjjns1wyiVP3WowqTnjUviYiXdPRth9+V/qjgYkwgYYwHwYDVR0jBBgw +FoAUvIXK+aXuMAnnZhmEGHu0dNn8WocwUwYDVR0RBEwwSoIOdGVzdHNlcnZlci5j b22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0hwTGM2QBhxAgAQ24 -AAAAAAAAAAAAAAABMA4GA1UdDwEB/wQEAwIGwDAFBgMrZXADQQDoaza/1OsPpo7N -gK9gTnWl3XmTbHbs21EQUwI1XPPqlFQHq/V+QN040Fv2iB899Wx19oEQ4lr336wC -1U8HGCgH +AAAAAAAAAAAAAAABMA4GA1UdDwEB/wQEAwIGwDAFBgMrZXADQQBo1Gz/McPB1+gg +N+1R4fufIjUKtWyk+x3WNoFhCck/rbXwFcO/GUP6YQ+9hqzuKcCcY+4yH5EBC7YY +7x1XICQM -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBfzCCATGgAwIBAgIBDjAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMC4xLDAqBgNV BAMMI3Bvbnl0b3duIEVkRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCowBQYDK2Vw -AyEAdA/pcEqhCS7FsUiy5toe3ADEdJ2vjfcgrO/RdzaJNMKjgYMwgYAwHwYDVR0j -BBgwFoAUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1Ud -JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUxSWbC1Df9yAwgYqH -RERUOs68BXwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDcvvoovHlDlarpjiT/ -8JcbFVe0r3mKXjyug6OvDhK34kIr4z6zIaay4bwENRjabRI1LDHkTDPcY86kF5Nq -g9oO +AyEAWEJzy2Rejd/eXRbLjRcWxBuYZgHzmqHtO7AHfh9WU7SjgYMwgYAwHwYDVR0j +BBgwFoAUoGfnIhOtezRt1txoKDnWZg0NaHcwDgYDVR0PAQH/BAQDAgH+MB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUvIXK+aXuMAnnZhmE +GHu0dNn8WocwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDkxE/52oIDkV4syjAC +tlDYDOa1eqQ7XbJs5VOvx1160B3AIasl7AUIrWtQls8tDGw3BL2QxSp9zBAHRzdf +oDUC -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBbTCCAR+gAwIBAgIBBzAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMBwxGjAYBgNV -BAMMEXBvbnl0b3duIEVkRFNBIENBMCowBQYDK2VwAyEAwXROi6SzCpBGUXAoePUH -kE/t75P6MCFKLhgme6GD2AijgYMwgYAwHwYDVR0jBBgwFoAUI7SoTxJvow+B0Ni4 -PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjAdBgNVHQ4EFgQUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDwYDVR0TAQH/ -BAUwAwEB/zAFBgMrZXADQQBkxyECqXXb3l/90A0ghe31Gkq2LCRBouXN+gUsdufi -EQ7KlpoaiLJuhJgu+rkDNoWrufETTN2vj3JnCaN8X/MP +BAMMEXBvbnl0b3duIEVkRFNBIENBMCowBQYDK2VwAyEApNtSnEIA43Y/ZA2f23yO +NZOQ6BPOEXdLnf2A/owXzf2jgYMwgYAwHwYDVR0jBBgwFoAUoGfnIhOtezRt1txo +KDnWZg0NaHcwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjAdBgNVHQ4EFgQUoGfnIhOtezRt1txoKDnWZg0NaHcwDwYDVR0TAQH/ +BAUwAwEB/zAFBgMrZXADQQDI6VakhCwcJeoRe1mjXe9BQGaI7cgjEoiJbz3pAbUB +SFwtAPKT+VnsjM6/z1nmTQt8SDhJ06wrQmwVAmb3iR8A -----END CERTIFICATE----- diff --git a/test-ca/eddsa/end.key b/test-ca/eddsa/end.key index d4556df133..ce1c08dcab 100644 --- a/test-ca/eddsa/end.key +++ b/test-ca/eddsa/end.key @@ -1,4 +1,4 @@ -----BEGIN PRIVATE KEY----- -MFECAQEwBQYDK2VwBCIEIASUHSgjfjswR+zuRaYAznWcHWZCG2Aj+BBI+iBxIGHU -gSEAGjQgTP+Fb35IrQhqBKKzgqjLpqkapZMKNcfCxAPRbI0= +MFECAQEwBQYDK2VwBCIEIMhxYyPTSM2evhpcTsiD9kf4HVW6wjTq2XHXPmvSo2wH +gSEAE2Inv89YZjjns1wyiVP3WowqTnjUviYiXdPRth9+V/o= -----END PRIVATE KEY----- diff --git a/test-ca/eddsa/end.revoked.crl.pem b/test-ca/eddsa/end.revoked.crl.pem index ebacabcfe6..27422db0f1 100644 --- a/test-ca/eddsa/end.revoked.crl.pem +++ b/test-ca/eddsa/end.revoked.crl.pem @@ -1,8 +1,8 @@ -----BEGIN X509 CRL----- -MIH7MIGuAgEBMAUGAytlcDAuMSwwKgYDVQQDDCNwb255dG93biBFZERTQSBsZXZl -bCAyIGludGVybWVkaWF0ZRcNMjQwNDA3MTgyNDQzWhcNMjQwNDEyMTgyNDQzWjAi -MCACARUXDTI0MDQwNzE4MjQ0M1owDDAKBgNVHRUEAwoBAaAwMC4wHwYDVR0jBBgw -FoAUxSWbC1Df9yAwgYqHRERUOs68BXwwCwYDVR0UBAQCAgTSMAUGAytlcANBAGis -zsd/pHOqknh1x9CrXdTxo/xZlN84rw1bMALgryYcbfVWEybIEm9TInYX3KiMi4PE -4Dm3jR3zSCKkUpRzvQA= +MIH9MIGwAgEBMAUGAytlcDAuMSwwKgYDVQQDDCNwb255dG93biBFZERTQSBsZXZl +bCAyIGludGVybWVkaWF0ZRcNMjQwNTA3MTg0NzAzWhgPMjEyNDA0MTMxODQ3MDNa +MCIwIAIBFRcNMjQwNTA3MTg0NzAzWjAMMAoGA1UdFQQDCgEBoDAwLjAfBgNVHSME +GDAWgBS8hcr5pe4wCedmGYQYe7R02fxahzALBgNVHRQEBAICBNIwBQYDK2VwA0EA +Q/U8StI4cUkzjAmTW2KhsQcvI4YErI9vMIU+wJNelhWMgCco8KjT0WmqtXhZKVnj +Sxb3pR5GleNvhAJtJzIuCg== -----END X509 CRL----- diff --git a/test-ca/eddsa/inter.cert b/test-ca/eddsa/inter.cert index c554fe206c..b7504e5097 100644 --- a/test-ca/eddsa/inter.cert +++ b/test-ca/eddsa/inter.cert @@ -2,10 +2,10 @@ MIIBfzCCATGgAwIBAgIBDjAFBgMrZXAwHDEaMBgGA1UEAwwRcG9ueXRvd24gRWRE U0EgQ0EwIBcNNzUwMTAxMDAwMDAwWhgPNDA5NjAxMDEwMDAwMDBaMC4xLDAqBgNV BAMMI3Bvbnl0b3duIEVkRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMCowBQYDK2Vw -AyEAdA/pcEqhCS7FsUiy5toe3ADEdJ2vjfcgrO/RdzaJNMKjgYMwgYAwHwYDVR0j -BBgwFoAUI7SoTxJvow+B0Ni4PHt8dOw3wcYwDgYDVR0PAQH/BAQDAgH+MB0GA1Ud -JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUxSWbC1Df9yAwgYqH -RERUOs68BXwwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDcvvoovHlDlarpjiT/ -8JcbFVe0r3mKXjyug6OvDhK34kIr4z6zIaay4bwENRjabRI1LDHkTDPcY86kF5Nq -g9oO +AyEAWEJzy2Rejd/eXRbLjRcWxBuYZgHzmqHtO7AHfh9WU7SjgYMwgYAwHwYDVR0j +BBgwFoAUoGfnIhOtezRt1txoKDnWZg0NaHcwDgYDVR0PAQH/BAQDAgH+MB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUvIXK+aXuMAnnZhmE +GHu0dNn8WocwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQDkxE/52oIDkV4syjAC +tlDYDOa1eqQ7XbJs5VOvx1160B3AIasl7AUIrWtQls8tDGw3BL2QxSp9zBAHRzdf +oDUC -----END CERTIFICATE----- diff --git a/test-ca/eddsa/inter.der b/test-ca/eddsa/inter.der index d18a1ed79ee09c7844f01860d84711890c2ce996..e1e74e0b18a25e699f837da3396bab4c261576b1 100644 GIT binary patch delta 193 zcmV;y06zbN1A_yQlSf!WbIW92jo;o~7R!wn7Q`EvW&!h>q3t`c2Yw$`Q?#RjgD`=B zFdqg3RUIP)7%&!q6rgA4A``89G;P-0Xec?>W(^H!cahpUZ@h)d`K9hK3Fl@Rgcy6Y zblLn`hcFKY163Up0RjI61uz2v0sk-s1_LW)a05XA2OM+2`3sB$pATWW7heSkF zI?lWWd@v6N163Up0RjI61uz2v0sk-s1_LW)a05XA+`jrKym>>Fs_Bj-|L~U^6<4&c vd5T^JP2EzuBq<`c_DQM&3oaZ~}tlIh2lD?S)HahP!nfH^q7ZXC9>iJ`#<;J^L zaZJHR0qm?=<+znYs`_X>P;-a;g9K(Ds~!w)@G?+iA;xs<VF??lHmw;Drm(u(l?q^ z-1kozINNsu+4*u!f0(7?eD4Owus>M5oj7uetQZ5i?qKI`81|5dvx;B4mC%_9TP)g3 z*NCbr1qV2;_MvW*03X9^wA^dK#s(fVoLei_P+er%1>2RN;ViSUTcnVpr_8?)uM*=H zv);u|v9@Dq*e= zW1}qblh6S=6c5im!gx^s?9G)w5Kv}f++(9G@sl0`C4UPxwZ_>p&={sMnS%DZgVh_h z+k}~i!0C?$W2}wjL$F2D0X_q|?a-;lNeE*iDGwj>CGY-a|0nWY#^-tIU()pn3@HBP zY;`0GdF1wVtl%KmM9Js(W+em;sUV!TBLa^rqlWq;PTlGF$fRRsOr26BN(~CuEtHjH zMXLGrCX4qW_iFhWM!YWTDz6VQFDHgh)GqhD4;0RI?~|=MggUb+Z|T=F*lfNa5%ZEf j7I+K9d8&=;vC-n%^VdU?a*TmeJ@LtYeEklx0s@3l8JP2EzuBq<_<1;v!h#)VIRI3N)aUt=QL>JrK z=jA9ijn58)K><>Mo>gq=(u{CMOR5G9&sp}jOuHvmpZ#wbb$=Rnr2dpQr+Fm}8O1Pb zKYNv1Vxz1)Z|m+Sj5wMka2If7lPCjt@|UcT$kOKtHAn>bi4QJ)J@~iO^`&B^$5%O) z48?ICmq7zwlf{hL=AQeFLKr^2H3%(x(z=?FcM zDM14AcGX}*Yf5bd0YR(race0OP9Y8H989GTp&8vwPz1zMJG?>YWK z{iYXxRezjD{@Nd`tp|E)?2qFK7dKnaU4bn*kfHyz2l!tLq-&l}rHzKGvkEAg%=O&M z8as${7WKw2#68>o4%#xOmx!aZo>Iy>Rark@=v~1>Y7>eA_xa-8j=*uD*>wGi*UG*Y j%B&+Q@bZZIhIDI%-*5lstqh$~c0dNSfR|DsA_C{7Xtfz^ diff --git a/test-ca/rsa-2048/ca.key b/test-ca/rsa-2048/ca.key index 7d827b3bc8..2c676a0ba6 100644 --- a/test-ca/rsa-2048/ca.key +++ b/test-ca/rsa-2048/ca.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDTXuIjkCRylAcm -wd5V8WdRM5d3nbsoyugrc1xlJxTavaWtrf/L5UdI1O4UViV8Ml2EZyQmZI2FCWic -98Nuv+yBLoWaSF13NEK9X4ggL49UqwfncSHxlUQX29zn5Sg2jc8Og0EBUoGeVWzp -0oxwRkuqBg3PWfa3TLsnVp/9bxh1Gnek/pQ3p3klDRnFMGs/e5VbYqOsPG/r7ieM -OJokcBdwZJMoA3jyl6yQyNLnCTVIBPiJDy59Pfi31PWlYqXHVzmWDMVxHpdBA16T -xYzZ5p77jUIabd6MKRQfEnXoPzhANizZld9Iuq1OZOTdYT9KhrbPaQ3ekjw6TXpk -O7CuI2ZnAgMBAAECggEANVn3vn49lOYkP/YjRpIeP/LDwp9/hDZjD8SYh7erneLM -lOAcdryyl4GXbm6oG4ci766RA1fSGMhdLXGkVKoA6kJx2pV1cgcw6VfZpjYa+YYK -ArMdnDrO6y7FvYqr8cktgD5FBC5tJSfuy74nUJeNtaa9iZ7tlSq6+pz02SVXiQbl -cqmdEbtil1rjt145bM8yKVzdcGSjN4gCL3qqJskHHSMIBp8F4UCHz1oYW7/Ite4k -ZFDB2fDC2EqOvJxtc7sY5d31N/FrgarXBUuShjORqfT4ypIBrAMLO/8CTcohThH0 -cp7PzJE0rQJiBavKHyLp6AQOGyuT7rKzfFS0d6TxYQKBgQD7Ck5T4WxxtaU2QDWc -N/bQNc4XHM57hfuUetXyOlL40a1wf+tb+/DuEYZNltbTpgV5BzcyGmM/M8Hvxqva -hq3TgleP2OYFa7j7W+Ff4qxoFGMxNRaCEJiXIadkGVDplsN5/RyozqbUFcp7KjHk -UlPweCYmCTTkvCmyY6bBTksHPwKBgQDXi/Bq/4dB8/qs2ubs8YiP5stx1GNn/+Gl -/LpBIg5LnvXy70wih86/fUfJeI4tLKXLq/tcYw/Db2CCdnOJC3p/WXWWUdPMz1ev -orIhPRViXcK8/k6JTNj1GL6iTwBln/UW4zt9LgOcVg15g+zIJvM3FTYe6H9fElNp -rVG6Gfc+2QKBgG2CsGqdAr6T289PsVNFgpCPeCjS8ywlZXr/Hsd9M+bBKSTTWKuW -uyJPWMQOEgbf/LEwOZ7MrhDLFkXv59X7PGbxDBt/JdCljltwWF+ItWbtxduYagox -DS+Yibn75TURBJL5nH/zLgmEvACAhqUwWNekwheDmqRRhOsB16Op8MbnAoGBAL8C -3woi6d0TddiKoEvneypyz2VPXsxB4Nh0jyW7JUn0U2Z2k1SiXyAoyF4M/Imh4EcO -YFEt5EE/yRm0GIyg5GxIfcC5QOVl9QHLPunftLyX9EQBZN2dgUIqLH2vXt2wE8S1 -l/lFtqNrSsOdmk6A3dW5cV2QkZdRqSOkGSG/cvB5AoGAIMNCOTICJynA4BR+vHsA -naWXiHm7TnJsJ1W9Q00/B8fHRsredpKL8JF2aobCDigcBBVUI2F+utGsfNmsZ0tJ -uV2kAUPa548kfWAyvll847vtOM3tXAU4vhR4xQA+wri/zfO4BSE8LB4ygRRVsOTA -vJMbVOiuyjU3h5fgOMfxB3g= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDkRilo4+Kc5zvo +rNr51ZK+mQQ2Ou8zmfeTuRcTQpzq+WOh5ca7V3FMwUYB7Kxa5biVQ6r6aD1Qc4f8 +gwRmH6seDG7wMlBjIcZ07OT2erKUvq6BZj4appjNW3gse/TfOXbxXojaouDoLrWD +2xtW5GtvTjzenwB+O4+PXLhVBCLqH22S4Qh2KmjFNdI3mlTc908ZONt3Atn5ck1/ +mKXjfO8Gx7A/WLydOHKKrBgDue5g524Y9pCHs4pfu5XQmQlbLNpL14iqKgUHOK72 +oW6TAB/Da7Tca8HGBh40nFsr1lBdZNkF25Wg4SyzsVukkKKnzL8QrxLjFrPexU+x +tmNo2NmxAgMBAAECggEAJXq4k1JxM1pK7Y+t712n15fnh2DjQ8loiw5VcdHa0kCq +oVsI51r6zQOhszCw9sanaQiActc5E/O4FNdNGlhiP8+CSnk0ViZmP23ixO5N0lrB +a5kGItmOFo+JWmJqyNjWRNiE50LdYvnCTzkjEr/zvMVvfIzGJ7OvRTZPxJOmiOJb +KV7sp/pd+8va7Vnl/nMbz+Q7CDyvIaDrFv1n7HSJIEDlDt0+cX1HoWDnTTeo8FRi +qWYQNeHa2OYEUQc/MAbxBIJCgm5oz47aagatON74zGC7ZfZkarIl3IbAAoq1gXuV +fb0wcGrK+nRdvf5XgKZvkTJO+uYWFDOFzjLtyRvX3QKBgQD7gCLJe3itxR6YoT9N +LY5+MDnTuC/ONBgPc7Vw/pWyQQye/wsuMfmW23q79F70Hz2aWWF3llCzofARnRFf +v3/qP9re24KuVJ+Iq4nv3qXbCsAnYQsOPnEl4RT8VCg1e1MsT+caBRXPYy7sY1sd +Qi1Aqkw2FuSbgICFsFzzpwem7QKBgQDoW6ZCAMpLvhd1IchTKSELIJt3MkW3knY4 +vkAyZLeFpmo8Lqwhlg7+Qt1J87LuH4n7lIDCXib7AVFd7pTR5ea2tgdJIgCai5CU +VjZH5/gW+W3ilCS7eUsxIrx3PUyegPNxSM1lP4nJTx8VYW6uAL5aD8PfhdNSvT20 +f6bRadWBVQKBgEzICdbJQ0aJ75VZZSICzoXn4z+n87BYZyAQi0w77SfGhDvmUVuB +FlngF9BaAsM05nHA5+jCk1DEF67I7Qz2Qe8aH4/6JCNk4m+vLyV0K957ob5j+iQX +HCQcW3PNnZj2VaYpnrxq4QW3mhPBIYgFNBuR4kKBKrnuuU4XUclxLPzhAoGAMeQ7 +9sAkr87JSqVOVkzmg3Uk7JsmzRvttpFjR27I2TG6beG3pB6MaZwB1/cz3F15S0O/ +wfxlck/+IKUx3z/2IhVDyzg52PVOvgsk7JuqcYRtS9Fzca3Br3M99Hx9DyuxGgn/ +0FWsSEVs7zJUiZgvRzdLX5tknMd1kGQ4dY68AWECgYEAk0h/pOqiaB4jPKpIlsCK +3ESM+Adke1+/Q9Bjeubg0yJwlBcImx7nVvyJLUGduLcqIz/0qHBRDjhFtX+vXdOt +GgmONQn6Iv7PidxgUOvnH3Z8W7+Ke8BqxbPP1EQeO98Xn7jD+PA24LmeKkqmngoY +3eQHppq4+LZzoCxDS/3AsTc= -----END PRIVATE KEY----- diff --git a/test-ca/rsa-2048/client.cert b/test-ca/rsa-2048/client.cert index 0d24af406e..2f98afdbe4 100644 --- a/test-ca/rsa-2048/client.cert +++ b/test-ca/rsa-2048/client.cert @@ -2,20 +2,20 @@ MIIDZzCCAk+gAwIBAgIBFjANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255 dG93biBSU0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw MDBaGA80MDk2MDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztoC+XuDSsrNRfdjUqAE -TXpPRwflWSRGnrTwqbVn33rJvi3NfQvPsy2w+6gek8u7YOT7l/hv03olZMGKkONa -22xd9qMhYocTTMo/p4e38XBtvnt9gBp7pR64qmkR29AcsK7+3t45shrOI6bkmP88 -PhTgODzcnjvdn0q5UCcWQphhYP+0LhJEeu7/9ClRiQWV1YZayVOU4ktTf9TjFM2x -iyBMNXRUACbXrjAypHpL+Z3BnmcsQD8xNZawYN9vBfEHzN0OorcxJiCvuEogWoGV -LU7p+U1jhXqpdky90axIxq7n1X+W+hSduTigywasLZ9Yo+GyBUY2paWx9kBG0IdG -QQIDAQABo4GeMIGbMB8GA1UdIwQYMBaAFDemuXxiNwiygzt2hCqqb7u5meSaMFMG +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjulDnDCapebq6Q4jz0v +BPpV3K4AATzLSHq3QJMlUJOfkFOLHLgCRllyZA+4E8mSeKxctyqxNZOOTw+DABh5 +dQtS/a2AJC+UvE/kmwRHkhpdVhncm3NgiewFJiXawAao8vTBxfwABd1EgQuRpjEE +QE7V2DWFzEPWmGauN/a5AXHUZU9HtaPk80HMrTtqf1C+dXccutSDlQ0C7L+W5FvC +H2dk8lil8jqmqw+j5r38ciwb+HYrDog0nrD6SYUyZrbpV8WjpzrgxC9q1FNK6oI/ +4MkCCBua4ZIwB51bgHoxSYC8O21cYEzAIUmoVteSlajp8lGWERhIFsG6KrEO3jPK +IQIDAQABo4GeMIGbMB8GA1UdIwQYMBaAFArol3txOc/V4UoXzhhplo5lqcDiMFMG A1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29tghVzZWNvbmQudGVzdHNlcnZlci5jb22C CWxvY2FsaG9zdIcExjNkAYcQIAENuAAAAAAAAAAAAAAAATAOBgNVHQ8BAf8EBAMC -BsAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAGDARaF+ -XQYjRSvtjIHty+xbCF7mAUaZ55D6/qvUp7WNiPx4vgFJPFLqCZbWBsajQSl9NgRh -syLIjI9MUWEhzaTVRzGqmtK1vcNYTwMrGoMVnjwI1P3pryjoKRGFa96JT47NZ46l -3oOsnNr7FaC3ZV8aEi6eeQKNG1By8XeeRU56fpwdCbf2et1YrI8zTcgtRT3ZxXYq -Z7P0TQBC/CbBVs0y4DO+zOr3Jm2j3OVxEzFV2mJSXKrnn1BbEiZVQxP5TMmLnOTh -suEnTJfd/cXOysY2MtCijFETYz3Jx9A0qyyPzbRe5f/qmzTkrGQyrBmmXdSdbfwA -OC4X8+/yIhMzwH0= +BsAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAA54PvGX +9xX9yJ3gHbIUjikxH06cmSG6nQyvHsT1VMy7t7aSKLYXOrsWxwuVV+VznKqQIQCz +yP2MqpWGSJ+sf6w0y4RGodWefyV0OXwFSqSFwOt29OFlhw2mI+g06OwvnIjeozgQ +EHJK/HD/XD7KqvEYI0RE2qWX2ytc5NHNLd52PfOytjxLbOF0cmLSWZNhTsI2/cJl +TgvM8CZgUgZ5WMvB35lL7uAXd0MbkBYKCretpHuk4Dyni43NNLrA6aQzY6RttiY5 +tdoBCwhiRX3yiAx/2G9Jd+oU0nDASToIgf17+NyVd8jzQkviJXjM1y/mTky6j6sO +IsMun+vLFhRWPsQ= -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/client.chain b/test-ca/rsa-2048/client.chain index eaef9f0baa..11afd0220d 100644 --- a/test-ca/rsa-2048/client.chain +++ b/test-ca/rsa-2048/client.chain @@ -2,39 +2,39 @@ MIIDUTCCAjmgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDIwNDggbGV2ZWwgMiBpbnRlcm1l -ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5V3i+L4xmeCdv -LprK/Z7KT7Sn49qYIkd9nkb1xcoQzbZKlZ6BtGa7O3on0uodRYbFpb9VMXvvAR6z -CUDKriMvkS8jfv2TiEzbrbGYVgRiEpyt7obzve0EvaFD4VNp8DYwBUzOWY4L3Ffv -HkRMvjh8DXe62WD7v7RImkV9qYuDR3lZPz/TmVKa4QF+3VNQjXR6sVaLTKxjbLtx -I7icudw6jgA/8oQEY3fnGJGVABLQz7MIko7xHAjaT2M0vRCWuls3I4ehueAWr5Nf -6CGCRGAmZls9/rE06tl2nIbDfYYrBFg9OKgvqY7q/Zuj01fSTxWhb9KsYdLZcGk6 -W7WNJuZ1AgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUl -CAwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAdBgNVHQ4EFgQUN6a5fGI3CLKDO3aEKqpvu7mZ5JowDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAVYrrSfQRhrf3wIKaprhgmvb/lCHVs48I2n5A -UJLtkJCDkCuNQkH4uHHsGOyA1EixHNJoCfL2IIT2rrpxmcZ+wDjhyLxrUiDQhQQu -+J2yvdgZbs4hhXT+/px29MoyQwLEgN4tdk7F24nIJzLHZuD6ou6TKKS9Hy7kkDBQ -JcZj3GVqwt5HMTyXaFyvsTnGSmRdVadxnSr4tM8Ywp4C+0qif7t6pHbB9nzxsL+q -4N08TC5oFBuJs/PUmmZ1hXNrILluqZtyo9ZlDWeVeG56TRdPrDHP5Cnb68UViUt5 -AuH2VAkceGSYNsMiIBX77+w+TvAt50FGK+1MM2mJy+A2PUvxmg== +ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHy9RkWjmOLdPE +A4fiUO2YYN8bTjYjlXCxvyq3q4eQCX6p9EnHo3m+yGjWEppNxr9gfqscJhxsIV2Y +acazx9aa+cuPq04QUU91Zh5xVQUvwYDv8ZzIcABs31JvRjXfnUX62CM1Ke2b9QAN +DefEZ1wVlYCkuTblzLmA7cvMZfi79SafD4oeb/rwyzCU4yheuvRin58jloneE+oi +zgLh56bjyR3qYXfxgnJqY2iiBtaHjC8+HcQrYw14Sai9CMyXqXGjDo5b/Q16No38 +j+5SD2Uzn/rQUbotNzNYNsRbwM6gWxeBXc9sSxA98piYL6tBMQmV+JoTDUeLUmsv +SW7Wh+dRAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUD889wnhQ/+zNlT8QUGZi3GOj +LPEwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAdBgNVHQ4EFgQUCuiXe3E5z9XhShfOGGmWjmWpwOIwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAzWcY4x3CA7sO1iHUSlDyHEn2TJkdNlT8JygA +qKow1rCeDcGvzmurzEz1UsgOO7mAJ6W5lMHQ64dEW4aCfs96mkM9fTpqP+vFXN+g +vKPeE7t2MzVWo/DHgs1SaPNr6xW2lbAj+KUBqt8yy8ybM+6sZCDaPzfqmuhMaeFF +Tu2ziwPwSbhzPBlgZEn5lZN0Ix0G4J5nWhqMsUYr6o9ZbxJmtYzUjNOBrSitnT/U +lqh0773/sShgCtY9edRLWxa4aVR7UQJJTxMlNIQ0W8yKUQ47eXbDFVV5c5IZm6sR +vtkBO5tn2v4MlJlLE/4JsuAgzixRGtA9LvYC7NP1uG/jgqtPhw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDIwNDggQ0EwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDTXuIjkCRylAcmwd5V8WdRM5d3nbsoyugrc1xl -JxTavaWtrf/L5UdI1O4UViV8Ml2EZyQmZI2FCWic98Nuv+yBLoWaSF13NEK9X4gg -L49UqwfncSHxlUQX29zn5Sg2jc8Og0EBUoGeVWzp0oxwRkuqBg3PWfa3TLsnVp/9 -bxh1Gnek/pQ3p3klDRnFMGs/e5VbYqOsPG/r7ieMOJokcBdwZJMoA3jyl6yQyNLn -CTVIBPiJDy59Pfi31PWlYqXHVzmWDMVxHpdBA16TxYzZ5p77jUIabd6MKRQfEnXo -PzhANizZld9Iuq1OZOTdYT9KhrbPaQ3ekjw6TXpkO7CuI2ZnAgMBAAGjgYMwgYAw -HwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUlCAwwDgYDVR0PAQH/BAQDAgH+ -MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUQYavl+JC -AKDn+YLXo5BOgVUlCAwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC -AQEAkaNfCjipp8Ki9cy4IJfpCD2RKUEC8nbVYENrSm0EAUGr8XFrKRJOIQ3pHEyl -D6EZ3UxQBMhXe/QgoFU6tJ9MjhxO267CwjEowFyBE8cxvp74mzBC807GXKVAAVXb -gRXuKzVmSnF6GM9hIKvMguxE4Yao65jxme85/kH9phd/VZxG/tofrK0Hemrsj+MJ -Fzdbz12BLTmQof+1B/hfC6Rrnk+ljYarswoomcz13MsaO4hzFvXGL8Q92/4O2jKn -l4ijtJ5SyjpVWT9f6F3BQ2oTigL3+eLdjsBxodl0/YrXyr4WyqwjKvDyiPqGdGuF -32//5q0MnVJ2QAa0gJdSISLnpQ== +DQEBAQUAA4IBDwAwggEKAoIBAQDkRilo4+Kc5zvorNr51ZK+mQQ2Ou8zmfeTuRcT +Qpzq+WOh5ca7V3FMwUYB7Kxa5biVQ6r6aD1Qc4f8gwRmH6seDG7wMlBjIcZ07OT2 +erKUvq6BZj4appjNW3gse/TfOXbxXojaouDoLrWD2xtW5GtvTjzenwB+O4+PXLhV +BCLqH22S4Qh2KmjFNdI3mlTc908ZONt3Atn5ck1/mKXjfO8Gx7A/WLydOHKKrBgD +ue5g524Y9pCHs4pfu5XQmQlbLNpL14iqKgUHOK72oW6TAB/Da7Tca8HGBh40nFsr +1lBdZNkF25Wg4SyzsVukkKKnzL8QrxLjFrPexU+xtmNo2NmxAgMBAAGjgYMwgYAw +HwYDVR0jBBgwFoAUD889wnhQ/+zNlT8QUGZi3GOjLPEwDgYDVR0PAQH/BAQDAgH+ +MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUD889wnhQ +/+zNlT8QUGZi3GOjLPEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEACza1xtky0BimMZmC9rqD1Ru224SZh8DpjwZjrI3kQ7BF0wE+A7rt0KnGSQhj +IikPH/Ml7/5l/yfyXcbneelf0vUJDCj+5Wx1JAp55PaeK1tScbYi2AiX6r1LBlOm +LrkmkQ/HNKRdO50jwBD4gqe7jFA1fUSdFADPWuCS64Ngmki8rOAg10TJ5/dmJQQO +qSCctiMCjyujhvojTt3p+MikY2VMnVIkSg0K1i2UlWRFqvn1Jov3Ifdq+RlGvC7r +Kq8PMS8nhk7ULve8DxTOde+TrTqEOrMpb+nXM9hsviAR85I8FngLxHmqjeux0eLa +89dDknKMgVI98cl+fP0OsgKEUQ== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/client.der b/test-ca/rsa-2048/client.der index a4ef0b3afbc1a1e6113d692efd1580016ab34bdc..1ec9fae00a479a1e7bbee283151ff232fe0d09c7 100644 GIT binary patch delta 552 zcmV+@0@wZP2I~fpvVS|J4sgP1mz%4kIFCIq1o~Cnt^ff%%Sd{+K$9gLa8eLWy+?#V?iR=X? zCECCSsPgo|#ryyT-9&*4k)|;OKu*=zHHFMW)|h6lH}<&!aevfhPe-+*r$vI;N`+qvpN*ax5G8b}J5uG@h{fNrf_Iw&_>J zqo+FH#4l>pQ%dTBKj6s%2pgK=k}wCITY!2oNr1dNZCqeXz#&PfR@ai1sOj=imJt|8 z7QwnIu@2rd$^jvhu>lwq3h0-6aXHV`;Yt_I7-^P{WvRg8lidN1e-3y)@t5}%{m7l* z9kLXTDKQ^ToS7lIoeZxY#Pw9nySKKID7F_myB5a_l~?6+oT`u^0JF&bjH;D}NS~~K ztTfAnMxoW7e~A z7k5J&kQNFGx2>dmq~JWKi;c}Ry1?nAGh?J}wkA2X+5rm)Vnu!Ohzx(&Z%KFR6w+|O qNjeCD{d@S_m3PSVLQCQ$c+A%?=1xqykE;$M!!Doe%N7(?0zSmq&JC3S delta 552 zcmV+@0@wZP2I~fpvVYnF`Fn#(%FRXhV^W|5O?pp92jy8LMxM0rskLX{dda>m&3y~c zvn{aus2-EcyI|z|m-uhfdL?ARijd=4+iYF-qak946HLlKr-!%kaBaSOeSjK!r5?Dd zX%XAd9I&qb-rhN~8qOo8A@dwP^ z4x+a)CLpi4N+4Q+l`T%``AuVmdZ~6yz0s^l#;)hpf0p_bow+!m%Lc41pID>evIRyq zrKPdlwqH>SCKVmAn~gFAMFDynb0xtZjelidN1e_+5xp?+NkBSkCi zjDhXT>{|$4<^e{T=aBmTtJJ5pjfnhsz5z)*QtAno)&|C-K`DJU1Yxrx$c&FnQDGs? zq}4|;s+!WZy~9{f11lPX6`ni@)cxtNDCj8>g=^l4PmaxJj-}p%teo2W6`;3eUm6lF zo_PX|8&Gobcb-K~e|mnL9SOJgdfiy8k26ikEk!-q#da!Zv-C{>Li{GdR?RZtGrr8~ z_a<$l+~si-F;&`PQe3L%pHN#8CRIZd`Ao@+oaEuM;U`R&-TlSR%EmS_(4ve{6JtHe q$IvvZERW5!UgiJln>6ICWHPK7rd`yXZTtW@E*JCf@*)#60>FLPl@|&C diff --git a/test-ca/rsa-2048/client.expired.crl.pem b/test-ca/rsa-2048/client.expired.crl.pem new file mode 100644 index 0000000000..1ff0708250 --- /dev/null +++ b/test-ca/rsa-2048/client.expired.crl.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBrDCBlQIBATANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNTA3MTg0NjAzWhcNMjQw +NTA3MTg0NzAzWqAwMC4wHwYDVR0jBBgwFoAUCuiXe3E5z9XhShfOGGmWjmWpwOIw +CwYDVR0UBAQCAgTSMA0GCSqGSIb3DQEBCwUAA4IBAQAzQnWjBAKmpoJEfGdrGLWP +uLR6RroCt5OBLTRgI1YivA3VKoOeg53XSNSSc6H8szDekCGsuZVlCYV6SsHOcrzq +jZW2YnUlV8tYvif9OP50aWr091CM+1i9ACdGph6iKlXUC/b6pLTJWU9wBEol9ZTW +8Z7T7FwXjIo/gbpZkMfEID544sdGjMTcsXL92ujZEsty0eAluFQFGfczhe8SuI5l +ovPULQYu5aEAwsbY4lDfQdWWMYQw+cFTxN7NjxsYX8I66L5b1EY8+BtwsDkeHMNI +Nt5ydRt9mVjTFCVx10LuyNUdR96PNr2G1oXE0GNAfNyJ31mL4YZfVjkipPLPjneN +-----END X509 CRL----- diff --git a/test-ca/rsa-2048/client.fullchain b/test-ca/rsa-2048/client.fullchain index 428a71021c..5fbc2c2344 100644 --- a/test-ca/rsa-2048/client.fullchain +++ b/test-ca/rsa-2048/client.fullchain @@ -2,60 +2,60 @@ MIIDZzCCAk+gAwIBAgIBFjANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255 dG93biBSU0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw MDBaGA80MDk2MDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztoC+XuDSsrNRfdjUqAE -TXpPRwflWSRGnrTwqbVn33rJvi3NfQvPsy2w+6gek8u7YOT7l/hv03olZMGKkONa -22xd9qMhYocTTMo/p4e38XBtvnt9gBp7pR64qmkR29AcsK7+3t45shrOI6bkmP88 -PhTgODzcnjvdn0q5UCcWQphhYP+0LhJEeu7/9ClRiQWV1YZayVOU4ktTf9TjFM2x -iyBMNXRUACbXrjAypHpL+Z3BnmcsQD8xNZawYN9vBfEHzN0OorcxJiCvuEogWoGV -LU7p+U1jhXqpdky90axIxq7n1X+W+hSduTigywasLZ9Yo+GyBUY2paWx9kBG0IdG -QQIDAQABo4GeMIGbMB8GA1UdIwQYMBaAFDemuXxiNwiygzt2hCqqb7u5meSaMFMG +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjulDnDCapebq6Q4jz0v +BPpV3K4AATzLSHq3QJMlUJOfkFOLHLgCRllyZA+4E8mSeKxctyqxNZOOTw+DABh5 +dQtS/a2AJC+UvE/kmwRHkhpdVhncm3NgiewFJiXawAao8vTBxfwABd1EgQuRpjEE +QE7V2DWFzEPWmGauN/a5AXHUZU9HtaPk80HMrTtqf1C+dXccutSDlQ0C7L+W5FvC +H2dk8lil8jqmqw+j5r38ciwb+HYrDog0nrD6SYUyZrbpV8WjpzrgxC9q1FNK6oI/ +4MkCCBua4ZIwB51bgHoxSYC8O21cYEzAIUmoVteSlajp8lGWERhIFsG6KrEO3jPK +IQIDAQABo4GeMIGbMB8GA1UdIwQYMBaAFArol3txOc/V4UoXzhhplo5lqcDiMFMG A1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29tghVzZWNvbmQudGVzdHNlcnZlci5jb22C CWxvY2FsaG9zdIcExjNkAYcQIAENuAAAAAAAAAAAAAAAATAOBgNVHQ8BAf8EBAMC -BsAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAGDARaF+ -XQYjRSvtjIHty+xbCF7mAUaZ55D6/qvUp7WNiPx4vgFJPFLqCZbWBsajQSl9NgRh -syLIjI9MUWEhzaTVRzGqmtK1vcNYTwMrGoMVnjwI1P3pryjoKRGFa96JT47NZ46l -3oOsnNr7FaC3ZV8aEi6eeQKNG1By8XeeRU56fpwdCbf2et1YrI8zTcgtRT3ZxXYq -Z7P0TQBC/CbBVs0y4DO+zOr3Jm2j3OVxEzFV2mJSXKrnn1BbEiZVQxP5TMmLnOTh -suEnTJfd/cXOysY2MtCijFETYz3Jx9A0qyyPzbRe5f/qmzTkrGQyrBmmXdSdbfwA -OC4X8+/yIhMzwH0= +BsAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAA54PvGX +9xX9yJ3gHbIUjikxH06cmSG6nQyvHsT1VMy7t7aSKLYXOrsWxwuVV+VznKqQIQCz +yP2MqpWGSJ+sf6w0y4RGodWefyV0OXwFSqSFwOt29OFlhw2mI+g06OwvnIjeozgQ +EHJK/HD/XD7KqvEYI0RE2qWX2ytc5NHNLd52PfOytjxLbOF0cmLSWZNhTsI2/cJl +TgvM8CZgUgZ5WMvB35lL7uAXd0MbkBYKCretpHuk4Dyni43NNLrA6aQzY6RttiY5 +tdoBCwhiRX3yiAx/2G9Jd+oU0nDASToIgf17+NyVd8jzQkviJXjM1y/mTky6j6sO +IsMun+vLFhRWPsQ= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDIwNDggbGV2ZWwgMiBpbnRlcm1l -ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5V3i+L4xmeCdv -LprK/Z7KT7Sn49qYIkd9nkb1xcoQzbZKlZ6BtGa7O3on0uodRYbFpb9VMXvvAR6z -CUDKriMvkS8jfv2TiEzbrbGYVgRiEpyt7obzve0EvaFD4VNp8DYwBUzOWY4L3Ffv -HkRMvjh8DXe62WD7v7RImkV9qYuDR3lZPz/TmVKa4QF+3VNQjXR6sVaLTKxjbLtx -I7icudw6jgA/8oQEY3fnGJGVABLQz7MIko7xHAjaT2M0vRCWuls3I4ehueAWr5Nf -6CGCRGAmZls9/rE06tl2nIbDfYYrBFg9OKgvqY7q/Zuj01fSTxWhb9KsYdLZcGk6 -W7WNJuZ1AgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUl -CAwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAdBgNVHQ4EFgQUN6a5fGI3CLKDO3aEKqpvu7mZ5JowDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAVYrrSfQRhrf3wIKaprhgmvb/lCHVs48I2n5A -UJLtkJCDkCuNQkH4uHHsGOyA1EixHNJoCfL2IIT2rrpxmcZ+wDjhyLxrUiDQhQQu -+J2yvdgZbs4hhXT+/px29MoyQwLEgN4tdk7F24nIJzLHZuD6ou6TKKS9Hy7kkDBQ -JcZj3GVqwt5HMTyXaFyvsTnGSmRdVadxnSr4tM8Ywp4C+0qif7t6pHbB9nzxsL+q -4N08TC5oFBuJs/PUmmZ1hXNrILluqZtyo9ZlDWeVeG56TRdPrDHP5Cnb68UViUt5 -AuH2VAkceGSYNsMiIBX77+w+TvAt50FGK+1MM2mJy+A2PUvxmg== +ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHy9RkWjmOLdPE +A4fiUO2YYN8bTjYjlXCxvyq3q4eQCX6p9EnHo3m+yGjWEppNxr9gfqscJhxsIV2Y +acazx9aa+cuPq04QUU91Zh5xVQUvwYDv8ZzIcABs31JvRjXfnUX62CM1Ke2b9QAN +DefEZ1wVlYCkuTblzLmA7cvMZfi79SafD4oeb/rwyzCU4yheuvRin58jloneE+oi +zgLh56bjyR3qYXfxgnJqY2iiBtaHjC8+HcQrYw14Sai9CMyXqXGjDo5b/Q16No38 +j+5SD2Uzn/rQUbotNzNYNsRbwM6gWxeBXc9sSxA98piYL6tBMQmV+JoTDUeLUmsv +SW7Wh+dRAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUD889wnhQ/+zNlT8QUGZi3GOj +LPEwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAdBgNVHQ4EFgQUCuiXe3E5z9XhShfOGGmWjmWpwOIwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAzWcY4x3CA7sO1iHUSlDyHEn2TJkdNlT8JygA +qKow1rCeDcGvzmurzEz1UsgOO7mAJ6W5lMHQ64dEW4aCfs96mkM9fTpqP+vFXN+g +vKPeE7t2MzVWo/DHgs1SaPNr6xW2lbAj+KUBqt8yy8ybM+6sZCDaPzfqmuhMaeFF +Tu2ziwPwSbhzPBlgZEn5lZN0Ix0G4J5nWhqMsUYr6o9ZbxJmtYzUjNOBrSitnT/U +lqh0773/sShgCtY9edRLWxa4aVR7UQJJTxMlNIQ0W8yKUQ47eXbDFVV5c5IZm6sR +vtkBO5tn2v4MlJlLE/4JsuAgzixRGtA9LvYC7NP1uG/jgqtPhw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDIwNDggQ0EwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDTXuIjkCRylAcmwd5V8WdRM5d3nbsoyugrc1xl -JxTavaWtrf/L5UdI1O4UViV8Ml2EZyQmZI2FCWic98Nuv+yBLoWaSF13NEK9X4gg -L49UqwfncSHxlUQX29zn5Sg2jc8Og0EBUoGeVWzp0oxwRkuqBg3PWfa3TLsnVp/9 -bxh1Gnek/pQ3p3klDRnFMGs/e5VbYqOsPG/r7ieMOJokcBdwZJMoA3jyl6yQyNLn -CTVIBPiJDy59Pfi31PWlYqXHVzmWDMVxHpdBA16TxYzZ5p77jUIabd6MKRQfEnXo -PzhANizZld9Iuq1OZOTdYT9KhrbPaQ3ekjw6TXpkO7CuI2ZnAgMBAAGjgYMwgYAw -HwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUlCAwwDgYDVR0PAQH/BAQDAgH+ -MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUQYavl+JC -AKDn+YLXo5BOgVUlCAwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC -AQEAkaNfCjipp8Ki9cy4IJfpCD2RKUEC8nbVYENrSm0EAUGr8XFrKRJOIQ3pHEyl -D6EZ3UxQBMhXe/QgoFU6tJ9MjhxO267CwjEowFyBE8cxvp74mzBC807GXKVAAVXb -gRXuKzVmSnF6GM9hIKvMguxE4Yao65jxme85/kH9phd/VZxG/tofrK0Hemrsj+MJ -Fzdbz12BLTmQof+1B/hfC6Rrnk+ljYarswoomcz13MsaO4hzFvXGL8Q92/4O2jKn -l4ijtJ5SyjpVWT9f6F3BQ2oTigL3+eLdjsBxodl0/YrXyr4WyqwjKvDyiPqGdGuF -32//5q0MnVJ2QAa0gJdSISLnpQ== +DQEBAQUAA4IBDwAwggEKAoIBAQDkRilo4+Kc5zvorNr51ZK+mQQ2Ou8zmfeTuRcT +Qpzq+WOh5ca7V3FMwUYB7Kxa5biVQ6r6aD1Qc4f8gwRmH6seDG7wMlBjIcZ07OT2 +erKUvq6BZj4appjNW3gse/TfOXbxXojaouDoLrWD2xtW5GtvTjzenwB+O4+PXLhV +BCLqH22S4Qh2KmjFNdI3mlTc908ZONt3Atn5ck1/mKXjfO8Gx7A/WLydOHKKrBgD +ue5g524Y9pCHs4pfu5XQmQlbLNpL14iqKgUHOK72oW6TAB/Da7Tca8HGBh40nFsr +1lBdZNkF25Wg4SyzsVukkKKnzL8QrxLjFrPexU+xtmNo2NmxAgMBAAGjgYMwgYAw +HwYDVR0jBBgwFoAUD889wnhQ/+zNlT8QUGZi3GOjLPEwDgYDVR0PAQH/BAQDAgH+ +MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUD889wnhQ +/+zNlT8QUGZi3GOjLPEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEACza1xtky0BimMZmC9rqD1Ru224SZh8DpjwZjrI3kQ7BF0wE+A7rt0KnGSQhj +IikPH/Ml7/5l/yfyXcbneelf0vUJDCj+5Wx1JAp55PaeK1tScbYi2AiX6r1LBlOm +LrkmkQ/HNKRdO50jwBD4gqe7jFA1fUSdFADPWuCS64Ngmki8rOAg10TJ5/dmJQQO +qSCctiMCjyujhvojTt3p+MikY2VMnVIkSg0K1i2UlWRFqvn1Jov3Ifdq+RlGvC7r +Kq8PMS8nhk7ULve8DxTOde+TrTqEOrMpb+nXM9hsviAR85I8FngLxHmqjeux0eLa +89dDknKMgVI98cl+fP0OsgKEUQ== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/client.key b/test-ca/rsa-2048/client.key index f05e46a46c..44c6c26a57 100644 --- a/test-ca/rsa-2048/client.key +++ b/test-ca/rsa-2048/client.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDO2gL5e4NKys1F -92NSoARNek9HB+VZJEaetPCptWffesm+Lc19C8+zLbD7qB6Ty7tg5PuX+G/TeiVk -wYqQ41rbbF32oyFihxNMyj+nh7fxcG2+e32AGnulHriqaRHb0Bywrv7e3jmyGs4j -puSY/zw+FOA4PNyeO92fSrlQJxZCmGFg/7QuEkR67v/0KVGJBZXVhlrJU5TiS1N/ -1OMUzbGLIEw1dFQAJteuMDKkekv5ncGeZyxAPzE1lrBg328F8QfM3Q6itzEmIK+4 -SiBagZUtTun5TWOFeql2TL3RrEjGrufVf5b6FJ25OKDLBqwtn1ij4bIFRjalpbH2 -QEbQh0ZBAgMBAAECggEAAqVByVtvu3+2YkMiqmBs66mBPPAkOhiTXWVkqFP/UAm1 -zbSP4q35biILB93vpa3i769gCyKYmgqfcq9hwH6C54hmV4CgvT4LZHWX/LJY+znY -EnoJee9kxlDrNVU+jupVipozXOn4UI+ElErGtND7XhMl5rw7CVxMRmS2E+kLEScU -OP5al49//mRYIhOrHYN3XETvN2HueFKvoa7auWr+YQ/yDTehPiZE0kWxSBLhczEf -qMKSNPYpHaO0CTxy6mA3pShJV4kpOiUBEj5D5RYBzFeXiZ5ZRS72NquC5rWNMmM1 -ttl8yUBaU55WzFe7D3kMiAunXsuw/HzNeDEU8WxPkQKBgQD/sUiLi4Tq9PmdtX5S -rPbkwYCJFx9PahrvsHD1wPnHFlCqPPJMTuh4kBfWiovPpo5IqLnareKs2l/F4tc2 -LSdRsT1bVwLLf+SVyJg4cELDmoYDGAPT5dRA/YCLNRvtthfH8iXEMH0iPsQgv34U -2s+tiameEuHjdz0eDLydvMmdMQKBgQDPGbE3Dddg7K/MIqsDYqWR6R3RclN4Jh3j -Os6uTvhNxwD2KPAlgAd2Qn5HD3qIcVnZi9+vXThvRFgYknY0IM6+kHfcvAqZIkxz -p40Pfk8eIJwoAQdRkz9vtFfjDvVdPY3MFtQ8lL/oXqFYm/0jhp98pksdt3cKkfHb -yINfAtO2EQKBgEFBp7gllXi5qPM9HM5Q4nojgIB8bDtCYzmFGG9AHv9WjKPGBji/ -cslCTTMuDNykL3APz88lzdI7sXG5oR9sirpot7YWENqK+3XWyjKtQ/zT9RvZBzEP -WQp1KFde6I/Uh2E6RbU6gtU4m6mX9b+w0IwDtExpmUkKZ4jBy2megv4hAoGAfKOH -xgxsfQa1XnPW3Di4ULItoeneVkcKYcD4tmsMgTKtX3iP3uHIm+G0weuM4STm4EiQ -HKhL2JsXMeKjhQfhpUqo+I2rCzJbNJe4C4UG9KjHkkPcNboayY2N/zb3cGAlQJjU -rokPXjflfsCSfpj8zzX9qyrJV/Ex0AZDGiFHbSECgYEA+GQaLOLlrP2qPbw2yf6a -r3B9Z3ktzDdZC/mGN/TTGeFlwk3PjCVschg7yCQDJJAmhb1y30U0nPD1zW35YiIU -5xq2vW0gsVZpehf4wCrokEsOGQHTD0QGjHSoY8wjK/5M8mYzzjpX+Qm3p9qy6/r4 -29yJBRgeCGTvO96fy/FHEWw= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDOO6UOcMJql5ur +pDiPPS8E+lXcrgABPMtIerdAkyVQk5+QU4scuAJGWXJkD7gTyZJ4rFy3KrE1k45P +D4MAGHl1C1L9rYAkL5S8T+SbBEeSGl1WGdybc2CJ7AUmJdrABqjy9MHF/AAF3USB +C5GmMQRATtXYNYXMQ9aYZq439rkBcdRlT0e1o+TzQcytO2p/UL51dxy61IOVDQLs +v5bkW8IfZ2TyWKXyOqarD6PmvfxyLBv4disOiDSesPpJhTJmtulXxaOnOuDEL2rU +U0rqgj/gyQIIG5rhkjAHnVuAejFJgLw7bVxgTMAhSahW15KVqOnyUZYRGEgWwboq +sQ7eM8ohAgMBAAECggEACi1DTd0emuf0VJn7+IWKZnJ7/jHP6j+3wFHd7R/VvY4r +V5Hn0Xj7E8GiNXHZIZDW24GV6av/pqcrZJddXYnXpID0jXQcWKzIaCqBG20wovMO +HAuWqU0ePHAbKPDBRKyPdb3COiTfU2rB0KRjgZH1pb6+KrcpbRUD5+1ZN4XDR2Dh +65QBzVwsy1U7fHp2ujgx011Ay3FZ3hVx0yBjzL9kk4KKx5dFiYZQslbmGicf9bm7 +i9XVkqMs37qoLpYLTC6m9YFnkZg3GTuNFJBMfwEu5bHKdNRGYqK0LlNsqn2O3Hd2 +3OQ4RSp7ZrAeoEO0ZjSxtfw9OL2bO/scyIB57/UFgQKBgQDtsgcef396rK8OqXEr +5fUZPw/YGzjvjMvSOnlUbcJiWjw+uEjMrji2+OsnNOAvqLxkCjwbXL4udYGZitbc +1CzV3R/iMScHWhtGYqHKhG2qQai3Cv+pUI0SnNNRWpv7fSYTRGFw2FkmNHrN6VWC +2zrI51nX6ef3+WHuZ3jwOvCOyQKBgQDeHVxQ/9dNV6tf/zPnyWnj8PmKi31k5fRB +RkjgsOyLZPsn9TCH/E0eqhmvv4r9o8f1jOkMpiw4RqtZDBSd5+BtZCM3fL52CNHw +0sqXF+WSYsCoMFikPDvUCNJaGu0ksq5OD/mfHLX4gaotg6V427+rW99EK7bil2jq ++1KGJLDUmQKBgDwwL1NOr6YNogpRZ6HZCfZJnKZ5RjKKcXYbbmutm2IyPT0Yhv6l +QyE56Lm1zurijEm8ubmoA1RaVuXdXUjvxSamZpNtJNfcvjlVcmiInghVtfYbp99k +0UQcR/o6unK1HvYUA6SCdBiTg2Euq4OGJd2Hj5130lBdaqnms54JHq7ZAoGBAMAG +nDA+75GjMLs+tE44uH5jcCoSLGeV0tS4AfuXmfltZSGHfdyjCL1xC+IAdBaSiSZG +G5le9K32kt7abdySglmwkC3BgBwlxfMxGgsEkuo6zBrcKVZb6NGIiutxigIHJGDC +uOmRddURrOHKhb12Jj/snpqePG+rvP4iJ5dnkyVJAoGAelRep3cROtbFwFdgzmVg +AGffcNJtEAuIP1BoeVBt3Emgzc/slHES86SL/l3smYtD2FHuuA66T0z877t6m3GR +BahEFV6f/bTRSSb+0PxZdWv7Gp+MpKirkobaGtYIxo8MygTa5F37JuJEswVKJCzX +wXWqLPSlgcbUMziAM47DEtE= -----END PRIVATE KEY----- diff --git a/test-ca/rsa-2048/client.revoked.crl.pem b/test-ca/rsa-2048/client.revoked.crl.pem index 67970052cc..0f6036dffc 100644 --- a/test-ca/rsa-2048/client.revoked.crl.pem +++ b/test-ca/rsa-2048/client.revoked.crl.pem @@ -1,12 +1,12 @@ -----BEGIN X509 CRL----- -MIIB0DCBuQIBATANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255dG93biBS -U0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNDA3MTgyNDQzWhcNMjQw -NDEyMTgyNDQzWjAiMCACARYXDTI0MDQwNzE4MjQ0M1owDDAKBgNVHRUEAwoBAaAw -MC4wHwYDVR0jBBgwFoAUN6a5fGI3CLKDO3aEKqpvu7mZ5JowCwYDVR0UBAQCAgTS -MA0GCSqGSIb3DQEBCwUAA4IBAQAybxs1pEwfj8ANKO9myUa/cq+fXXPRfkFccyp9 -jlEXIi/ic9f3yf1E6XNAU9rc7LJmVFiMQx0gT1Xc5JyFluvf5/WG44kBKP1A0Cib -uBxgWT4QvBANVNuk97TA9gfxai9VkMek2aBlxLw5t5lJZ/vIY/bXpJtgb6es6TvV -BPbPUQ4k9cqAXXV2Z/W4ykc0DrhODuDi247uJRWjl+sLtFyRZBDV2BtpkcY2EdYa -Sf6sUSEvwjV/xX8ehRkH7nQR4Tx7BYfQBkmhlqu1k33yjGHBLxcrfjziNzC60v6t -YuBxhKQnf85V5aZbEX3AEXHuRoow1GSYGAXa/xt0VpnIW0SI +MIIB0jCBuwIBATANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNTA3MTg0NzAzWhgPMjEy +NDA0MTMxODQ3MDNaMCIwIAIBFhcNMjQwNTA3MTg0NzAzWjAMMAoGA1UdFQQDCgEB +oDAwLjAfBgNVHSMEGDAWgBQK6Jd7cTnP1eFKF84YaZaOZanA4jALBgNVHRQEBAIC +BNIwDQYJKoZIhvcNAQELBQADggEBACIkjNrUCkMsOMgeB66DL0Q6o0UwnxkNxO3j +k0fGIcTKqvuBdOP1rT7NxbY1HH3RS01IljkAblOKsr5imuwU4E8STP+8jxMC8+c+ +5/e1idomagi4F+KPLZLEdVOtXlJiV1jSLMLsYNCqi25XJerxmfH/T7i3UF3n121h +rjWIHneF0hZRgOBkwmhsLCRdR2UJjpOzkEuU0TVssnLQt9y3zVXA7vWLGuvaIJoz +LU0eo4PaKAV7p8EjqbrjIaUdNJADm3a0buPbItePzuhEHSPxVHIJa+VqI05X0em/ +/Pu5U8P0Hl2JeraAJ4OSB1zF1BINm4RQzjuOteunizu30KEPxHI= -----END X509 CRL----- diff --git a/test-ca/rsa-2048/end.cert b/test-ca/rsa-2048/end.cert index e613ef1de5..10c5cd16c3 100644 --- a/test-ca/rsa-2048/end.cert +++ b/test-ca/rsa-2048/end.cert @@ -2,19 +2,19 @@ MIIDUTCCAjmgAwIBAgIBDzANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255 dG93biBSU0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw MDBaGA80MDk2MDEwMTAwMDAwMFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20w -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxZ9dwzo7jhKvj/kMZBmGj -tgcTaXq+GwIs9dB5RnXs7RH8rdic0vrqwmk1jJPhz9gfuXd3rnbV5lnB7NAmTIkr -lJXnI+cDlXMzdlruCJowWMyWdg8nDFgmQr3XelgNHz+WH+qFzJQ4PpBoa4YCnXr+ -UWhk5ZwU8nj/5Yc0H/AsK2ubCbyP+GsdkHkfwm/CCE3Dvq7/l8K2KczqN5qxmKXR -M6q3Yy6xgUd54+gFNsef95qzuYdX1/tnnTFOWoHEVz94q2P830CZVOSZP4ytdvOb -wrip10rxif4CpAZ0BwmjVGHYflUqckX74Af6vTBZhjRpteQZXvL4zixYAshyT/RD -AgMBAAGjgYkwgYYwHwYDVR0jBBgwFoAUN6a5fGI3CLKDO3aEKqpvu7mZ5JowUwYD +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpMDOSLa+kGkuG9PBwVEsE +2yMuBDLUTmjOocObj9vDNZwJ2CBD01FQH5WSZetDt0plUKZ3wcaCw7r1NpXhTI/r +HjYWquiSZoMNSqi2HGDTso37gy3fVjsZCQaU5ie1DzsI47Ns6Q77e80p58tl2BhB +tAsFH8LaBO8kcc7Cntvjqf61gcW7D7zIESW80iQeNLdylY4qmhObRntKHDE+aW8p +97iOVSvzY+gBpCgLduDPptUhgY/ADdkZTfmbKci3zv7gW5AMO/ORQzl+75TayXLu +BuCJ/PvdATwmOKEPrMsoYoxOFvCYmdDqVkx6zI9lozX8EwYVaBkl0jAHwgIn2d/j +AgMBAAGjgYkwgYYwHwYDVR0jBBgwFoAUCuiXe3E5z9XhShfOGGmWjmWpwOIwUwYD VR0RBEwwSoIOdGVzdHNlcnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJ bG9jYWxob3N0hwTGM2QBhxAgAQ24AAAAAAAAAAAAAAABMA4GA1UdDwEB/wQEAwIG -wDANBgkqhkiG9w0BAQsFAAOCAQEAiAWrwKoKyhA9DxzcJTf10LACqNfzi3aux9XU -eJ8EXSCRpvb567iEZlxOlZiap8M1k0G1F9rYfGPxgVD5H/YqZk/TsMFu1F9XnHWv -TtoTdQMH4zLa4m/DWoMGxYGgr4dTkcegSsmTcCG33J8OlOMYp6Q9dMvMM47YR89E -2ZwEo97LtKijZ6JM64hYS2p5LVl0FVIq7KV6Fm19u85xuB5IxyLrDqoGGWMg8uRU -RZCo3A3xP09sDZp8oHeWCV0ARol/5aqjehiLWS3SL2epVMvGtLArnH61aF5T60i6 -1coszJUnVu53a1jaYYRYLBJF+Ku1VQzSw0w+3G1SOW1/nioijQ== +wDANBgkqhkiG9w0BAQsFAAOCAQEApdBV++rixvYskL3FtsK+jER49GolCApeWiNx +JCYWfqDX9DU64NKc/1EbeLjxx8RJnqSgtGtpmusDNhkIMrn61DkBnP1i3BwQfRv5 +HFY9r410ulhEY1DpIrH7fL3MF5UPK8TawxAMWKEz1/LuSY7VydVHbseM7SeEjPc+ +Mv8YPS/1GS3e/ywyCkgH/msWXEac8vbc5YLKXPEsmdXIfym7vCAmlr496VVD3B5d +hcFNtKUWUqUHQVc6RnWrkUzoBOVK2V5rX2ar9VqiIWoGVKaqOy8E8ietPy2UCSxZ +gxPOE8i2O/QbJQR2vdIQomFopKcfATuqErVaju1GlDp48nuCOw== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/end.chain b/test-ca/rsa-2048/end.chain index eaef9f0baa..11afd0220d 100644 --- a/test-ca/rsa-2048/end.chain +++ b/test-ca/rsa-2048/end.chain @@ -2,39 +2,39 @@ MIIDUTCCAjmgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDIwNDggbGV2ZWwgMiBpbnRlcm1l -ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5V3i+L4xmeCdv -LprK/Z7KT7Sn49qYIkd9nkb1xcoQzbZKlZ6BtGa7O3on0uodRYbFpb9VMXvvAR6z -CUDKriMvkS8jfv2TiEzbrbGYVgRiEpyt7obzve0EvaFD4VNp8DYwBUzOWY4L3Ffv -HkRMvjh8DXe62WD7v7RImkV9qYuDR3lZPz/TmVKa4QF+3VNQjXR6sVaLTKxjbLtx -I7icudw6jgA/8oQEY3fnGJGVABLQz7MIko7xHAjaT2M0vRCWuls3I4ehueAWr5Nf -6CGCRGAmZls9/rE06tl2nIbDfYYrBFg9OKgvqY7q/Zuj01fSTxWhb9KsYdLZcGk6 -W7WNJuZ1AgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUl -CAwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAdBgNVHQ4EFgQUN6a5fGI3CLKDO3aEKqpvu7mZ5JowDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAVYrrSfQRhrf3wIKaprhgmvb/lCHVs48I2n5A -UJLtkJCDkCuNQkH4uHHsGOyA1EixHNJoCfL2IIT2rrpxmcZ+wDjhyLxrUiDQhQQu -+J2yvdgZbs4hhXT+/px29MoyQwLEgN4tdk7F24nIJzLHZuD6ou6TKKS9Hy7kkDBQ -JcZj3GVqwt5HMTyXaFyvsTnGSmRdVadxnSr4tM8Ywp4C+0qif7t6pHbB9nzxsL+q -4N08TC5oFBuJs/PUmmZ1hXNrILluqZtyo9ZlDWeVeG56TRdPrDHP5Cnb68UViUt5 -AuH2VAkceGSYNsMiIBX77+w+TvAt50FGK+1MM2mJy+A2PUvxmg== +ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHy9RkWjmOLdPE +A4fiUO2YYN8bTjYjlXCxvyq3q4eQCX6p9EnHo3m+yGjWEppNxr9gfqscJhxsIV2Y +acazx9aa+cuPq04QUU91Zh5xVQUvwYDv8ZzIcABs31JvRjXfnUX62CM1Ke2b9QAN +DefEZ1wVlYCkuTblzLmA7cvMZfi79SafD4oeb/rwyzCU4yheuvRin58jloneE+oi +zgLh56bjyR3qYXfxgnJqY2iiBtaHjC8+HcQrYw14Sai9CMyXqXGjDo5b/Q16No38 +j+5SD2Uzn/rQUbotNzNYNsRbwM6gWxeBXc9sSxA98piYL6tBMQmV+JoTDUeLUmsv +SW7Wh+dRAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUD889wnhQ/+zNlT8QUGZi3GOj +LPEwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAdBgNVHQ4EFgQUCuiXe3E5z9XhShfOGGmWjmWpwOIwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAzWcY4x3CA7sO1iHUSlDyHEn2TJkdNlT8JygA +qKow1rCeDcGvzmurzEz1UsgOO7mAJ6W5lMHQ64dEW4aCfs96mkM9fTpqP+vFXN+g +vKPeE7t2MzVWo/DHgs1SaPNr6xW2lbAj+KUBqt8yy8ybM+6sZCDaPzfqmuhMaeFF +Tu2ziwPwSbhzPBlgZEn5lZN0Ix0G4J5nWhqMsUYr6o9ZbxJmtYzUjNOBrSitnT/U +lqh0773/sShgCtY9edRLWxa4aVR7UQJJTxMlNIQ0W8yKUQ47eXbDFVV5c5IZm6sR +vtkBO5tn2v4MlJlLE/4JsuAgzixRGtA9LvYC7NP1uG/jgqtPhw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDIwNDggQ0EwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDTXuIjkCRylAcmwd5V8WdRM5d3nbsoyugrc1xl -JxTavaWtrf/L5UdI1O4UViV8Ml2EZyQmZI2FCWic98Nuv+yBLoWaSF13NEK9X4gg -L49UqwfncSHxlUQX29zn5Sg2jc8Og0EBUoGeVWzp0oxwRkuqBg3PWfa3TLsnVp/9 -bxh1Gnek/pQ3p3klDRnFMGs/e5VbYqOsPG/r7ieMOJokcBdwZJMoA3jyl6yQyNLn -CTVIBPiJDy59Pfi31PWlYqXHVzmWDMVxHpdBA16TxYzZ5p77jUIabd6MKRQfEnXo -PzhANizZld9Iuq1OZOTdYT9KhrbPaQ3ekjw6TXpkO7CuI2ZnAgMBAAGjgYMwgYAw -HwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUlCAwwDgYDVR0PAQH/BAQDAgH+ -MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUQYavl+JC -AKDn+YLXo5BOgVUlCAwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC -AQEAkaNfCjipp8Ki9cy4IJfpCD2RKUEC8nbVYENrSm0EAUGr8XFrKRJOIQ3pHEyl -D6EZ3UxQBMhXe/QgoFU6tJ9MjhxO267CwjEowFyBE8cxvp74mzBC807GXKVAAVXb -gRXuKzVmSnF6GM9hIKvMguxE4Yao65jxme85/kH9phd/VZxG/tofrK0Hemrsj+MJ -Fzdbz12BLTmQof+1B/hfC6Rrnk+ljYarswoomcz13MsaO4hzFvXGL8Q92/4O2jKn -l4ijtJ5SyjpVWT9f6F3BQ2oTigL3+eLdjsBxodl0/YrXyr4WyqwjKvDyiPqGdGuF -32//5q0MnVJ2QAa0gJdSISLnpQ== +DQEBAQUAA4IBDwAwggEKAoIBAQDkRilo4+Kc5zvorNr51ZK+mQQ2Ou8zmfeTuRcT +Qpzq+WOh5ca7V3FMwUYB7Kxa5biVQ6r6aD1Qc4f8gwRmH6seDG7wMlBjIcZ07OT2 +erKUvq6BZj4appjNW3gse/TfOXbxXojaouDoLrWD2xtW5GtvTjzenwB+O4+PXLhV +BCLqH22S4Qh2KmjFNdI3mlTc908ZONt3Atn5ck1/mKXjfO8Gx7A/WLydOHKKrBgD +ue5g524Y9pCHs4pfu5XQmQlbLNpL14iqKgUHOK72oW6TAB/Da7Tca8HGBh40nFsr +1lBdZNkF25Wg4SyzsVukkKKnzL8QrxLjFrPexU+xtmNo2NmxAgMBAAGjgYMwgYAw +HwYDVR0jBBgwFoAUD889wnhQ/+zNlT8QUGZi3GOjLPEwDgYDVR0PAQH/BAQDAgH+ +MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUD889wnhQ +/+zNlT8QUGZi3GOjLPEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEACza1xtky0BimMZmC9rqD1Ru224SZh8DpjwZjrI3kQ7BF0wE+A7rt0KnGSQhj +IikPH/Ml7/5l/yfyXcbneelf0vUJDCj+5Wx1JAp55PaeK1tScbYi2AiX6r1LBlOm +LrkmkQ/HNKRdO50jwBD4gqe7jFA1fUSdFADPWuCS64Ngmki8rOAg10TJ5/dmJQQO +qSCctiMCjyujhvojTt3p+MikY2VMnVIkSg0K1i2UlWRFqvn1Jov3Ifdq+RlGvC7r +Kq8PMS8nhk7ULve8DxTOde+TrTqEOrMpb+nXM9hsviAR85I8FngLxHmqjeux0eLa +89dDknKMgVI98cl+fP0OsgKEUQ== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/end.der b/test-ca/rsa-2048/end.der index dc793eddce802170de8b9e6f8a1d4da3e0ee9d33..a0d72f02ebb5443231ffd1fa536488e2c5ac0609 100644 GIT binary patch delta 553 zcmV+^0@nT22Gs_Tuz#sAGmTd_xQ)!|AP&KPNyj%BI9;*;C~d4HwQRr~7V#`Y|b zy~Vb|zKle8^lBvt3SL?xaU>=dexTR%H9FwZoc~c9c)0P$#7Ul{ptNggn(G5L83;1D z`qViAoc&_l91wjQ`5aa~uZ?uNSVUt`=_0ZFe7(#Ul@BY#+QSeGSfMl5^6p8F)ydUI zZpV!6CxndmJ~ICpJ%2Ct87 z`s%`IHH?$t&)6TicXzIK)#h2j?9e7mi7S+q=OgC>m2)$8TJ8v%Fj&l%b`K{ESSCWf z*LqkDA3v5K>V?ddI6jbQYlZ@ydj3&pWaXR`@_7H{hcqAXEPpF&n+d#+_-h@Ic^|@W z!U#>nzOMh5!nP^Q>NlFPn5EG(s<&e#2l~A*S%x%ewd5II z^7zgySOUm$PXhEqldu686gQ^1d}22UvV%Kzget0UySbUiCd4GrntH7!X$`Cyd z9NZ;0_0X^asMqt0cCN?O)Oeo+T_BOB_WA3$gl1e$m6)2R!!?sZwHMmhd}Hx}Q28JB zDrQg9u)%KBUss%UuTI(%bpr?EGTP#A!&-v|#etx&hf|Tqpi0S;a3QzcpAMAc7^kE? zbj!>$j@U=fMA@7KqkrDZw5X$JqDkg_0 z8Dk*wgvH diff --git a/test-ca/rsa-2048/end.expired.crl.pem b/test-ca/rsa-2048/end.expired.crl.pem new file mode 100644 index 0000000000..b00fb8b695 --- /dev/null +++ b/test-ca/rsa-2048/end.expired.crl.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBrDCBlQIBATANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNTA3MTg0NjAxWhcNMjQw +NTA3MTg0NzAxWqAwMC4wHwYDVR0jBBgwFoAUCuiXe3E5z9XhShfOGGmWjmWpwOIw +CwYDVR0UBAQCAgTSMA0GCSqGSIb3DQEBCwUAA4IBAQCMuv5uyq9VNc+1SevjVpRb +yYMQ0ngnL2YSW7pb85TYiDMo7Ft0BxYPjFc0z5ZAYy3OKSM6hLnswQbIYsMmja/E +Kix2sehRZ90U81ZCn3Fw7yF14HRpespZyYevpUfHkGGrAv16Mpn3vlOfeCMGVMCO +yhlruXZjNMBUviEcZ+inTSvGvTaQ2vEr7JX2E957vPUkekkAZN6hBAQ/9AoE3s1x +Fdd4/FTfm/+OrpMyb681AIbn7HBDPRt0jXeF7hr8HgYU75Wuq14ZWd8Yq7msEIXL +aS8ifPmXpxvrzZCFvZUeJp60S8HvBvPhy0WsbOFHbaRPGMqr5VkUg6RXZ2pUjgBn +-----END X509 CRL----- diff --git a/test-ca/rsa-2048/end.fullchain b/test-ca/rsa-2048/end.fullchain index 0c5265097f..48ebae7d06 100644 --- a/test-ca/rsa-2048/end.fullchain +++ b/test-ca/rsa-2048/end.fullchain @@ -2,59 +2,59 @@ MIIDUTCCAjmgAwIBAgIBDzANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255 dG93biBSU0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw MDBaGA80MDk2MDEwMTAwMDAwMFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20w -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxZ9dwzo7jhKvj/kMZBmGj -tgcTaXq+GwIs9dB5RnXs7RH8rdic0vrqwmk1jJPhz9gfuXd3rnbV5lnB7NAmTIkr -lJXnI+cDlXMzdlruCJowWMyWdg8nDFgmQr3XelgNHz+WH+qFzJQ4PpBoa4YCnXr+ -UWhk5ZwU8nj/5Yc0H/AsK2ubCbyP+GsdkHkfwm/CCE3Dvq7/l8K2KczqN5qxmKXR -M6q3Yy6xgUd54+gFNsef95qzuYdX1/tnnTFOWoHEVz94q2P830CZVOSZP4ytdvOb -wrip10rxif4CpAZ0BwmjVGHYflUqckX74Af6vTBZhjRpteQZXvL4zixYAshyT/RD -AgMBAAGjgYkwgYYwHwYDVR0jBBgwFoAUN6a5fGI3CLKDO3aEKqpvu7mZ5JowUwYD +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpMDOSLa+kGkuG9PBwVEsE +2yMuBDLUTmjOocObj9vDNZwJ2CBD01FQH5WSZetDt0plUKZ3wcaCw7r1NpXhTI/r +HjYWquiSZoMNSqi2HGDTso37gy3fVjsZCQaU5ie1DzsI47Ns6Q77e80p58tl2BhB +tAsFH8LaBO8kcc7Cntvjqf61gcW7D7zIESW80iQeNLdylY4qmhObRntKHDE+aW8p +97iOVSvzY+gBpCgLduDPptUhgY/ADdkZTfmbKci3zv7gW5AMO/ORQzl+75TayXLu +BuCJ/PvdATwmOKEPrMsoYoxOFvCYmdDqVkx6zI9lozX8EwYVaBkl0jAHwgIn2d/j +AgMBAAGjgYkwgYYwHwYDVR0jBBgwFoAUCuiXe3E5z9XhShfOGGmWjmWpwOIwUwYD VR0RBEwwSoIOdGVzdHNlcnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJ bG9jYWxob3N0hwTGM2QBhxAgAQ24AAAAAAAAAAAAAAABMA4GA1UdDwEB/wQEAwIG -wDANBgkqhkiG9w0BAQsFAAOCAQEAiAWrwKoKyhA9DxzcJTf10LACqNfzi3aux9XU -eJ8EXSCRpvb567iEZlxOlZiap8M1k0G1F9rYfGPxgVD5H/YqZk/TsMFu1F9XnHWv -TtoTdQMH4zLa4m/DWoMGxYGgr4dTkcegSsmTcCG33J8OlOMYp6Q9dMvMM47YR89E -2ZwEo97LtKijZ6JM64hYS2p5LVl0FVIq7KV6Fm19u85xuB5IxyLrDqoGGWMg8uRU -RZCo3A3xP09sDZp8oHeWCV0ARol/5aqjehiLWS3SL2epVMvGtLArnH61aF5T60i6 -1coszJUnVu53a1jaYYRYLBJF+Ku1VQzSw0w+3G1SOW1/nioijQ== +wDANBgkqhkiG9w0BAQsFAAOCAQEApdBV++rixvYskL3FtsK+jER49GolCApeWiNx +JCYWfqDX9DU64NKc/1EbeLjxx8RJnqSgtGtpmusDNhkIMrn61DkBnP1i3BwQfRv5 +HFY9r410ulhEY1DpIrH7fL3MF5UPK8TawxAMWKEz1/LuSY7VydVHbseM7SeEjPc+ +Mv8YPS/1GS3e/ywyCkgH/msWXEac8vbc5YLKXPEsmdXIfym7vCAmlr496VVD3B5d +hcFNtKUWUqUHQVc6RnWrkUzoBOVK2V5rX2ar9VqiIWoGVKaqOy8E8ietPy2UCSxZ +gxPOE8i2O/QbJQR2vdIQomFopKcfATuqErVaju1GlDp48nuCOw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDUTCCAjmgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDIwNDggbGV2ZWwgMiBpbnRlcm1l -ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5V3i+L4xmeCdv -LprK/Z7KT7Sn49qYIkd9nkb1xcoQzbZKlZ6BtGa7O3on0uodRYbFpb9VMXvvAR6z -CUDKriMvkS8jfv2TiEzbrbGYVgRiEpyt7obzve0EvaFD4VNp8DYwBUzOWY4L3Ffv -HkRMvjh8DXe62WD7v7RImkV9qYuDR3lZPz/TmVKa4QF+3VNQjXR6sVaLTKxjbLtx -I7icudw6jgA/8oQEY3fnGJGVABLQz7MIko7xHAjaT2M0vRCWuls3I4ehueAWr5Nf -6CGCRGAmZls9/rE06tl2nIbDfYYrBFg9OKgvqY7q/Zuj01fSTxWhb9KsYdLZcGk6 -W7WNJuZ1AgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUl -CAwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAdBgNVHQ4EFgQUN6a5fGI3CLKDO3aEKqpvu7mZ5JowDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAVYrrSfQRhrf3wIKaprhgmvb/lCHVs48I2n5A -UJLtkJCDkCuNQkH4uHHsGOyA1EixHNJoCfL2IIT2rrpxmcZ+wDjhyLxrUiDQhQQu -+J2yvdgZbs4hhXT+/px29MoyQwLEgN4tdk7F24nIJzLHZuD6ou6TKKS9Hy7kkDBQ -JcZj3GVqwt5HMTyXaFyvsTnGSmRdVadxnSr4tM8Ywp4C+0qif7t6pHbB9nzxsL+q -4N08TC5oFBuJs/PUmmZ1hXNrILluqZtyo9ZlDWeVeG56TRdPrDHP5Cnb68UViUt5 -AuH2VAkceGSYNsMiIBX77+w+TvAt50FGK+1MM2mJy+A2PUvxmg== +ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHy9RkWjmOLdPE +A4fiUO2YYN8bTjYjlXCxvyq3q4eQCX6p9EnHo3m+yGjWEppNxr9gfqscJhxsIV2Y +acazx9aa+cuPq04QUU91Zh5xVQUvwYDv8ZzIcABs31JvRjXfnUX62CM1Ke2b9QAN +DefEZ1wVlYCkuTblzLmA7cvMZfi79SafD4oeb/rwyzCU4yheuvRin58jloneE+oi +zgLh56bjyR3qYXfxgnJqY2iiBtaHjC8+HcQrYw14Sai9CMyXqXGjDo5b/Q16No38 +j+5SD2Uzn/rQUbotNzNYNsRbwM6gWxeBXc9sSxA98piYL6tBMQmV+JoTDUeLUmsv +SW7Wh+dRAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUD889wnhQ/+zNlT8QUGZi3GOj +LPEwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAdBgNVHQ4EFgQUCuiXe3E5z9XhShfOGGmWjmWpwOIwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAzWcY4x3CA7sO1iHUSlDyHEn2TJkdNlT8JygA +qKow1rCeDcGvzmurzEz1UsgOO7mAJ6W5lMHQ64dEW4aCfs96mkM9fTpqP+vFXN+g +vKPeE7t2MzVWo/DHgs1SaPNr6xW2lbAj+KUBqt8yy8ybM+6sZCDaPzfqmuhMaeFF +Tu2ziwPwSbhzPBlgZEn5lZN0Ix0G4J5nWhqMsUYr6o9ZbxJmtYzUjNOBrSitnT/U +lqh0773/sShgCtY9edRLWxa4aVR7UQJJTxMlNIQ0W8yKUQ47eXbDFVV5c5IZm6sR +vtkBO5tn2v4MlJlLE/4JsuAgzixRGtA9LvYC7NP1uG/jgqtPhw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDIwNDggQ0EwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDTXuIjkCRylAcmwd5V8WdRM5d3nbsoyugrc1xl -JxTavaWtrf/L5UdI1O4UViV8Ml2EZyQmZI2FCWic98Nuv+yBLoWaSF13NEK9X4gg -L49UqwfncSHxlUQX29zn5Sg2jc8Og0EBUoGeVWzp0oxwRkuqBg3PWfa3TLsnVp/9 -bxh1Gnek/pQ3p3klDRnFMGs/e5VbYqOsPG/r7ieMOJokcBdwZJMoA3jyl6yQyNLn -CTVIBPiJDy59Pfi31PWlYqXHVzmWDMVxHpdBA16TxYzZ5p77jUIabd6MKRQfEnXo -PzhANizZld9Iuq1OZOTdYT9KhrbPaQ3ekjw6TXpkO7CuI2ZnAgMBAAGjgYMwgYAw -HwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUlCAwwDgYDVR0PAQH/BAQDAgH+ -MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUQYavl+JC -AKDn+YLXo5BOgVUlCAwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC -AQEAkaNfCjipp8Ki9cy4IJfpCD2RKUEC8nbVYENrSm0EAUGr8XFrKRJOIQ3pHEyl -D6EZ3UxQBMhXe/QgoFU6tJ9MjhxO267CwjEowFyBE8cxvp74mzBC807GXKVAAVXb -gRXuKzVmSnF6GM9hIKvMguxE4Yao65jxme85/kH9phd/VZxG/tofrK0Hemrsj+MJ -Fzdbz12BLTmQof+1B/hfC6Rrnk+ljYarswoomcz13MsaO4hzFvXGL8Q92/4O2jKn -l4ijtJ5SyjpVWT9f6F3BQ2oTigL3+eLdjsBxodl0/YrXyr4WyqwjKvDyiPqGdGuF -32//5q0MnVJ2QAa0gJdSISLnpQ== +DQEBAQUAA4IBDwAwggEKAoIBAQDkRilo4+Kc5zvorNr51ZK+mQQ2Ou8zmfeTuRcT +Qpzq+WOh5ca7V3FMwUYB7Kxa5biVQ6r6aD1Qc4f8gwRmH6seDG7wMlBjIcZ07OT2 +erKUvq6BZj4appjNW3gse/TfOXbxXojaouDoLrWD2xtW5GtvTjzenwB+O4+PXLhV +BCLqH22S4Qh2KmjFNdI3mlTc908ZONt3Atn5ck1/mKXjfO8Gx7A/WLydOHKKrBgD +ue5g524Y9pCHs4pfu5XQmQlbLNpL14iqKgUHOK72oW6TAB/Da7Tca8HGBh40nFsr +1lBdZNkF25Wg4SyzsVukkKKnzL8QrxLjFrPexU+xtmNo2NmxAgMBAAGjgYMwgYAw +HwYDVR0jBBgwFoAUD889wnhQ/+zNlT8QUGZi3GOjLPEwDgYDVR0PAQH/BAQDAgH+ +MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUD889wnhQ +/+zNlT8QUGZi3GOjLPEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEACza1xtky0BimMZmC9rqD1Ru224SZh8DpjwZjrI3kQ7BF0wE+A7rt0KnGSQhj +IikPH/Ml7/5l/yfyXcbneelf0vUJDCj+5Wx1JAp55PaeK1tScbYi2AiX6r1LBlOm +LrkmkQ/HNKRdO50jwBD4gqe7jFA1fUSdFADPWuCS64Ngmki8rOAg10TJ5/dmJQQO +qSCctiMCjyujhvojTt3p+MikY2VMnVIkSg0K1i2UlWRFqvn1Jov3Ifdq+RlGvC7r +Kq8PMS8nhk7ULve8DxTOde+TrTqEOrMpb+nXM9hsviAR85I8FngLxHmqjeux0eLa +89dDknKMgVI98cl+fP0OsgKEUQ== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/end.key b/test-ca/rsa-2048/end.key index 9b0f1d31ca..5285e019d1 100644 --- a/test-ca/rsa-2048/end.key +++ b/test-ca/rsa-2048/end.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCxZ9dwzo7jhKvj -/kMZBmGjtgcTaXq+GwIs9dB5RnXs7RH8rdic0vrqwmk1jJPhz9gfuXd3rnbV5lnB -7NAmTIkrlJXnI+cDlXMzdlruCJowWMyWdg8nDFgmQr3XelgNHz+WH+qFzJQ4PpBo -a4YCnXr+UWhk5ZwU8nj/5Yc0H/AsK2ubCbyP+GsdkHkfwm/CCE3Dvq7/l8K2Kczq -N5qxmKXRM6q3Yy6xgUd54+gFNsef95qzuYdX1/tnnTFOWoHEVz94q2P830CZVOSZ -P4ytdvObwrip10rxif4CpAZ0BwmjVGHYflUqckX74Af6vTBZhjRpteQZXvL4zixY -AshyT/RDAgMBAAECggEAFw4ctH9TmIPUZuPTSnxG0iTE1KP/nJcb+EXV2vzqNGk2 -zjS1kuPkUgAD9j6XtV/ygWTz/qzAqtmtzoL9Jg0KQoyj0o8a5Z9VglmeRZL+nsvb -gq5DF9sF1asUyt0Odl4aQGNTciH9HTYcREW8+7gFlOl1fK9OUnaUfQUSRhbkeojO -jZMJDCYdrGZVUrD1dy5I17fZpSnz+c95Trd5zhdlQXEULfBV10NVn8/1DfGtS5Au -YBRIIRWGAmZrbH4NeXBy0hIAIgIXuT3he0LHKCkQDIz9BD5rjk8/GYvuUKkip8Gt -jaW2TKRKjpu6NVspgZnGoR3IpsqOIfiIPLayJSVt4QKBgQDiAOP2hPvINbxkVmb/ -eiXvHjuiHVgL1sgFM5tcVUAEiZqXEO1veagMGfTSsWYl6qay2RbZYQtyTrlJi6XV -Bih80tWoYKv+pgJLvqvzhdwc3K6ZJZsfpfaYZUzmmo4KwbEwBSyRCMRVXi6eb9dI -aQfIiSZuT1+EmUlUotm5I4bWMwKBgQDI87OJSoYI4BLKH3aqf3+KMyb5IrRNpfVj -nbL7QVk4gQcg9xa94K0rxT2Jl8h6mKB4Rc0GO2aT3DDytEOKCq5v2o+poq+VaQKA -iHOav+ZWSsjuotIKwEPaNsh5u9o45UtjI92YatJdGL1w2BMd3qlGyhhRrDRdX/Ml -wnpW8Im5sQKBgQCK4YM0zVmwGZ1wh0v5+MTw4UJCCAhAFjeKQsFZByY045508LkH -xNnIvfadttgPute/lfodkS4oi0n/cOpyMruUoTccpnNrI/bLNxuRpZOyxMYiZGKk -GyejVLTiDN32rDpHSRau9ZU45Ix/XjkMTUa0K9vK88m9wTi34u8qfzNv0wKBgQC0 -bGq0R98UNOtp4toOty7yDH9fjNNKLEmoyTyb7s6GtwKJjJA0p3eUJyHbWhY8TLE3 -i6RLhiXReA/Suhsx4+k+sIPwkQsJISGH+fuh486Rh8/kwvfHg1zonetdsVZ7YxRO -zTL22GJMCBx/JuHzHanqzyUKn4zckXukWXqyeIGP4QKBgQDA4DIiK754/tP95W1G -+F0VkrNxBYgTL55DzdAtnFevQdVQGiEm3v93c+zIrlo/LbDauDUymCOv8TdrqwxD -ObJ/ca78qGffmEWBJ9IdTzHt4ygtZYFaepFIW/35+/f/eIi0EmReKkTqngciBvzt -TaNNTfWTq6BscnVDPPohWFYLyQ== +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCpMDOSLa+kGkuG +9PBwVEsE2yMuBDLUTmjOocObj9vDNZwJ2CBD01FQH5WSZetDt0plUKZ3wcaCw7r1 +NpXhTI/rHjYWquiSZoMNSqi2HGDTso37gy3fVjsZCQaU5ie1DzsI47Ns6Q77e80p +58tl2BhBtAsFH8LaBO8kcc7Cntvjqf61gcW7D7zIESW80iQeNLdylY4qmhObRntK +HDE+aW8p97iOVSvzY+gBpCgLduDPptUhgY/ADdkZTfmbKci3zv7gW5AMO/ORQzl+ +75TayXLuBuCJ/PvdATwmOKEPrMsoYoxOFvCYmdDqVkx6zI9lozX8EwYVaBkl0jAH +wgIn2d/jAgMBAAECggEAAfHBCKMyxgwxUFiR8iXd2NfwibpYSof+J1saOuLxL8dM +HEbaFBLNIpfCVHThunJUTgwaZaeZ8Zhwlm8tU3IEThDs+99fSIjEunXgW3tsV3J8 +CZHCiLMJKdVTOInZQfjuAOumUmWZRlBFatUJnt7YDy/pAoLmGTL+UT5nlbqqpJf4 +6VllhlgzXaqjA1dv+G+gSRAncJnADgz4WZiaR/eBtIjTNA5YTmQIpqEuxzWTrSwD +bnQcU1aoV9mzXvoN7hXI7qxlX25ZkguzP5OCEk6TCTnUJvSbd2OWiJljgQYNoOta +J/qwGz8kl7WS49sm1z628shHBDgQeuexZ6RX9loHtQKBgQDf+QeYpK3QycnPATU0 +Uwy8WTNiYARMvgpelNiQ2BrGpMlszF06Tn8zXO7fgSjYlLrBLL5YMLsOZR7rbXpF +84PDtn0+qZHVSJ9fIv5kCLSVGMBVw+r7GaiuMRktc1ulMVv2WwT6k391Eb3eKCxt +K8ZJm0zSj/x+u+fwgPekWBYfnwKBgQDBYa0lpBmfOK8A2/oTeCGskzNvHjErtjHV +7hmT2z9q7ZNyt2pPUbq2zBRfdqPWsL7km7HmkWzYd43BTRhJrFCM3dijIhCY2kBG +sVbiI/KIlig4I3RCl14E6jdEHH7tGRQn77ljbsh/eOoHhwMlqP2oZj/Igtf2iVp6 +qxM9OnBJPQKBgAp8IfrnWqu3hpcGO3Njn+kBVAJ69DiTfPDIjwrY0wgRlsxdFNAx +9Ip3A0e7SCo7bDK24YJHZbpayYPD8EFuEPEMjfhs/8K4T52oibgtICcKrZZWQZ3X +qand6ovSJqwpD2ENCcKhPQpB9l18C/hgYDv55TLGQs+8BDOiFfW/memJAoGAGDFn +Hwlrpy7JPhtHKv5hgByeV614S1as3229R3Ereu4j/zsREsFP0aSwe8z07FwKVcFg +vU6+RkqWsnM5saXcIfNzMd2GJAlR90Yib4I9yna2q2dMGTSkr4q5xUynWHRFwEVO +dTEb5k6zQKPUcfa1XUcFfclYyWAfsK8MZiGUgKUCgYAQhxjKwecCBbGPfpubo+uJ +Mufw3NvnNEvgtjTEmp3R+YpvTA4OX90oY9DllP39Jo4OfFKyUgiv6Y/zFS64lryI +t/v8TNCRDLGBV6P9qmnMKZL7k2E+vkIZDFzc9lrtHNTYzUZXYnTfVwzfGRTnmiP+ +kqz/Ur49QTGJXWtrdJ/QiQ== -----END PRIVATE KEY----- diff --git a/test-ca/rsa-2048/end.revoked.crl.pem b/test-ca/rsa-2048/end.revoked.crl.pem index 3b6779deb0..79c2940566 100644 --- a/test-ca/rsa-2048/end.revoked.crl.pem +++ b/test-ca/rsa-2048/end.revoked.crl.pem @@ -1,12 +1,12 @@ -----BEGIN X509 CRL----- -MIIB0DCBuQIBATANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255dG93biBS -U0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNDA3MTgyNDQxWhcNMjQw -NDEyMTgyNDQxWjAiMCACAQ8XDTI0MDQwNzE4MjQ0MVowDDAKBgNVHRUEAwoBAaAw -MC4wHwYDVR0jBBgwFoAUN6a5fGI3CLKDO3aEKqpvu7mZ5JowCwYDVR0UBAQCAgTS -MA0GCSqGSIb3DQEBCwUAA4IBAQBX3CF/28EkF2vhZ3NcFeRXZWv6shHTPuO0usoc -lhOB6WzCIMqo+atW+RWjs18FX/Fcejz1L6kOyD+hFJ/6D3G3w1pw5jng5Kw0N3fv -nx8T2QS44LDMAUeeiUkwZz84zWUhUVz/bZNEDsu6ZrfYiuvPZswRSSFsLmx7T4iH -inqHvZUU4loN9Y8v8ai3KqF571pB0G8vniUQDqjGgMeuigLAxG3wm7A7733S57dQ -/q9foSWu7PvJs3MO9vrLWBuSV+LzGZklFBrZUKx8NbgHL1WYsa8iqoCoZiLdlpPJ -YZbSS1xdLqfVuel0XEhICmW+w+xy84pgsw6/07AoqXtTUZwO +MIIB0jCBuwIBATANBgkqhkiG9w0BAQsFADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgMjA0OCBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNTA3MTg0NzAxWhgPMjEy +NDA0MTMxODQ3MDFaMCIwIAIBDxcNMjQwNTA3MTg0NzAxWjAMMAoGA1UdFQQDCgEB +oDAwLjAfBgNVHSMEGDAWgBQK6Jd7cTnP1eFKF84YaZaOZanA4jALBgNVHRQEBAIC +BNIwDQYJKoZIhvcNAQELBQADggEBABu/zXRRgyQIdUSiyKl9WYmlTwYs7Gewtq6G +Zcms2c/wQWKYAOqrYzg0fiSJfWJ4xBDnuzHZtw3l+iC3VazZcapE/wLLVEPl3wAJ +cXRr9RabqS72d4vVbWEiBJB6S+sUjO3D8lO88A09Vp2j9mmskCTDIGXUmKTUt2Gp +X42PsdNPEBirAcoWWoCE37IbrnpQ69S7qFiJnrS8kRX/VDBAJmPUihvAGOC0Gl9k +vhxnFKJpxO+bb1txqqgKjCj1RkZr1xBx6ojdUj72gGkymT4c+dyOLAv192DzwvD6 +hJSC1V9j3N/CSQkqboDojqiLNbWImCV7sAdvO5kIxRje9S5UpeM= -----END X509 CRL----- diff --git a/test-ca/rsa-2048/inter.cert b/test-ca/rsa-2048/inter.cert index 241337eb85..7d274cf5db 100644 --- a/test-ca/rsa-2048/inter.cert +++ b/test-ca/rsa-2048/inter.cert @@ -2,19 +2,19 @@ MIIDUTCCAjmgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMjA0OCBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDIwNDggbGV2ZWwgMiBpbnRlcm1l -ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5V3i+L4xmeCdv -LprK/Z7KT7Sn49qYIkd9nkb1xcoQzbZKlZ6BtGa7O3on0uodRYbFpb9VMXvvAR6z -CUDKriMvkS8jfv2TiEzbrbGYVgRiEpyt7obzve0EvaFD4VNp8DYwBUzOWY4L3Ffv -HkRMvjh8DXe62WD7v7RImkV9qYuDR3lZPz/TmVKa4QF+3VNQjXR6sVaLTKxjbLtx -I7icudw6jgA/8oQEY3fnGJGVABLQz7MIko7xHAjaT2M0vRCWuls3I4ehueAWr5Nf -6CGCRGAmZls9/rE06tl2nIbDfYYrBFg9OKgvqY7q/Zuj01fSTxWhb9KsYdLZcGk6 -W7WNJuZ1AgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUQYavl+JCAKDn+YLXo5BOgVUl -CAwwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAdBgNVHQ4EFgQUN6a5fGI3CLKDO3aEKqpvu7mZ5JowDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAVYrrSfQRhrf3wIKaprhgmvb/lCHVs48I2n5A -UJLtkJCDkCuNQkH4uHHsGOyA1EixHNJoCfL2IIT2rrpxmcZ+wDjhyLxrUiDQhQQu -+J2yvdgZbs4hhXT+/px29MoyQwLEgN4tdk7F24nIJzLHZuD6ou6TKKS9Hy7kkDBQ -JcZj3GVqwt5HMTyXaFyvsTnGSmRdVadxnSr4tM8Ywp4C+0qif7t6pHbB9nzxsL+q -4N08TC5oFBuJs/PUmmZ1hXNrILluqZtyo9ZlDWeVeG56TRdPrDHP5Cnb68UViUt5 -AuH2VAkceGSYNsMiIBX77+w+TvAt50FGK+1MM2mJy+A2PUvxmg== +ZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHy9RkWjmOLdPE +A4fiUO2YYN8bTjYjlXCxvyq3q4eQCX6p9EnHo3m+yGjWEppNxr9gfqscJhxsIV2Y +acazx9aa+cuPq04QUU91Zh5xVQUvwYDv8ZzIcABs31JvRjXfnUX62CM1Ke2b9QAN +DefEZ1wVlYCkuTblzLmA7cvMZfi79SafD4oeb/rwyzCU4yheuvRin58jloneE+oi +zgLh56bjyR3qYXfxgnJqY2iiBtaHjC8+HcQrYw14Sai9CMyXqXGjDo5b/Q16No38 +j+5SD2Uzn/rQUbotNzNYNsRbwM6gWxeBXc9sSxA98piYL6tBMQmV+JoTDUeLUmsv +SW7Wh+dRAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUD889wnhQ/+zNlT8QUGZi3GOj +LPEwDgYDVR0PAQH/BAQDAgH+MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjAdBgNVHQ4EFgQUCuiXe3E5z9XhShfOGGmWjmWpwOIwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAzWcY4x3CA7sO1iHUSlDyHEn2TJkdNlT8JygA +qKow1rCeDcGvzmurzEz1UsgOO7mAJ6W5lMHQ64dEW4aCfs96mkM9fTpqP+vFXN+g +vKPeE7t2MzVWo/DHgs1SaPNr6xW2lbAj+KUBqt8yy8ybM+6sZCDaPzfqmuhMaeFF +Tu2ziwPwSbhzPBlgZEn5lZN0Ix0G4J5nWhqMsUYr6o9ZbxJmtYzUjNOBrSitnT/U +lqh0773/sShgCtY9edRLWxa4aVR7UQJJTxMlNIQ0W8yKUQ47eXbDFVV5c5IZm6sR +vtkBO5tn2v4MlJlLE/4JsuAgzixRGtA9LvYC7NP1uG/jgqtPhw== -----END CERTIFICATE----- diff --git a/test-ca/rsa-2048/inter.der b/test-ca/rsa-2048/inter.der index 2826a6377d85aaec414243001de360cdad726a83..f8e4c9a2c39128b464002e412551e01d9e760a89 100644 GIT binary patch delta 597 zcmV-b0;>Jh2Gs_TwtvUV)MQ#YjxE!~1Bc>J?U-QS8%{POm2k1YDz~eLkO_XN^hw8~ zdA`VK))Jac#=l^Gs~jdAY$08kX~wh1)|&atkE>1)QBQSd9&uF#FTsHC@tnwT0Bqk< zZ$>rWokjZCBQ+`QoAm$<4d=vXTosjoq`5Zb%(;N=%gkl?yMOg2pAU*2Z~E}dFqGpc zUb^&RpPwU^iQW_HBF+Ng=cePy9qM6s@q%({V`!oV)`yHQJ{`m>V-0vosJ#fxm#J~1 z4vt&>4SF_>{EzNZ4`nl-`p{9jEjKe*HpE-N&Y)WtfnCpROAtNsn3ylCK`{xH_?i<9 zM~hNxFG+6Jhc4$)0s{d60i%I~FoA$D9|i+e9U}x7FcyFm56?Zqcu@cB&6Ph8P-bG> zW1}qbli~q76bk5)!|AP&KPNyj%BI9;*&4}C4bFl7~>tn1G^5^A=FAx@*GL_ zOqm@vRQx9>0H~@k*07!p!LQD1tISOGQpgTFxqv67xs<`s>xV>JhJt?2dYVH$eL8AC z>&0B(puD5r6T5aZHCChW$AZmLX!C396}FYIBlx8Os^2op%$qartYjeCKR4={=uBzh zMNaLri+=;~Nw{-78DL~d`IVD&BOM0do@ZJbjIl;5>W^7(5@xlG)Qr=CtthRXKh&0} zbnm_Yu_#~));)RDOIsGWX;gbr0!dF3B{YOITg-}44m){v!xdF|bCMaGs}a800Xv&# j+WribnM)J?39{fI&MZ+H&^<2p0_@ZExNqZvs{&7l-yI;c delta 597 zcmV-b0;>Jh2Gs_Twtu--c)l-;W_TxWE}F{yp2|pnYu~v&rtYd7uaU-~#x!gLA06+4C1Y>vS7?G6#641}H2$GKR90=M^V>G=GmbzOv zBZr~6;1;iwU+5u%L|`UnTRr}q+zxhPU^?f|{ndV4C*- zlp)o#j|kd+Kv0tHkdT9rD~&=y__%TG80>)5NUP( zAkc*bF8H0Yz1SIU&LM?#{{EbH^vW_r0>pscEp|@D+lk00GRJ1%`l9ZWD5Sj~F659f zP$kA=+<#?i!rn(QJeO!(udzACN@QJCr*WMs__WU$!kz;AN}_+edZc#2_I&ZMzpCKf zJWMWV6dQ@N^VFJVb%k?lAh~X-n{uPpWesPQcy4-47f-A)&*UlF>%|p`OL+p}_EZTR jcx0G1!y+IR`|s>NPVg<~K}IX>OfzYT%iuOWO9JtlA>SuV diff --git a/test-ca/rsa-2048/inter.expired.crl.pem b/test-ca/rsa-2048/inter.expired.crl.pem new file mode 100644 index 0000000000..5d77e2b7aa --- /dev/null +++ b/test-ca/rsa-2048/inter.expired.crl.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255dG93biBS +U0EgMjA0OCBDQRcNMjQwNTA3MTg0NTU4WhcNMjQwNTA3MTg0NjU4WqAwMC4wHwYD +VR0jBBgwFoAUD889wnhQ/+zNlT8QUGZi3GOjLPEwCwYDVR0UBAQCAgTSMA0GCSqG +SIb3DQEBCwUAA4IBAQCfagl6afG6wCUOidAy0gCqnsOnxLxUuwrMvlMso2eZPNaA +0AT3ddaaPrJGwYa7E9tr940nJ9l+i8Q6S4GFrbGaY8XcVCIRnpWAaw5GB3V1P/L4 +xCUaAeYrFXouMB8TkWH58+sUVAQgjC4nRmxyntSPnNbWCKpZNhe3OrVSS7vRJCvV +UXIBllJE7SzT2cP3jqL8e1WhtEZm4v+jX0o9QA5cHO3M22ZG9N7U78XFp31WNKgs +S4nM2U/D8NMr43Z46bJ5VKFA/zL6sDJGIOBMNRUcClkd3kzWW5KZUdu5+f5KW/BU +fSBnaCBEfQvvFPsM6XcyTT/P292dYP5lUxXop3Vw +-----END X509 CRL----- diff --git a/test-ca/rsa-2048/inter.key b/test-ca/rsa-2048/inter.key index 25d3bb8713..d46cc38620 100644 --- a/test-ca/rsa-2048/inter.key +++ b/test-ca/rsa-2048/inter.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5V3i+L4xmeCdv -LprK/Z7KT7Sn49qYIkd9nkb1xcoQzbZKlZ6BtGa7O3on0uodRYbFpb9VMXvvAR6z -CUDKriMvkS8jfv2TiEzbrbGYVgRiEpyt7obzve0EvaFD4VNp8DYwBUzOWY4L3Ffv -HkRMvjh8DXe62WD7v7RImkV9qYuDR3lZPz/TmVKa4QF+3VNQjXR6sVaLTKxjbLtx -I7icudw6jgA/8oQEY3fnGJGVABLQz7MIko7xHAjaT2M0vRCWuls3I4ehueAWr5Nf -6CGCRGAmZls9/rE06tl2nIbDfYYrBFg9OKgvqY7q/Zuj01fSTxWhb9KsYdLZcGk6 -W7WNJuZ1AgMBAAECggEACcLREZcYelcOoJzgOxuTTs1W0ta9rvBzOmrpCs2RYEQt -Ow1ZLTSOioLN4qYJfWQpfmRFyNtTzxkMgFpW5rW4Fau8Q07PVQNDJPinV0IEdhPL -258pzVFt16eTBCusRHKJsAq/akiuIfLHUMkTyMTl3aap7RXAtVF50a8KRN12gwHc -Jf5dLzY5LlUCytGjGWpKgVT76Jg0iIxfMLYEuYQ4wx3YYXrdNjpNP3UE0masuWe+ -z8yY5+9PD8krFnWqHQAEYLxa3/MGZeexHjOzJso18M9EtdE3WHIQIFqOCcyR88ZY -yyl5Ncp0ydI3Zq57wSbcPPKGlQo0mWzHv4onAqOfuwKBgQDnpVm6ySFfNGjkdX/G -LbVNUda6RGdeoAvGCLXnvupXduqv4hIHUUddMXDw0YqNr3EBgcYGwyQH6g8j5nPg -J5RVcQP3j6nPfKof5lBiUWO4dfo8jOGJIfSp1MV/2RSOWxbhXjaC9oRVf8+z+dhW -h6VMtAkhOAU0P08PreDSQFDKjwKBgQDM09z6E5kv615ncT8lvQQkXnrpmBEqjOhN -Z772neEmitozTgX3VYFi28I8C7OXcc9qsLZNeJsH8MpJyp1Bl6xRTEfdx2FeAQAl -axGevfXZyjfdfU+nmTei5kk4gnOqwqp7sQoz0LNnT0pxtACJFozBVtCuTCPU4qQZ -jYaaZ+YQuwKBgQDBDiphJF0etlQxCsgJh3CRVwJpTLcFwsbtLbdEw/UUHfRrzzKN -TKz4O0tQOKKLgMrioaBDZIDz45ropZivGO1j5AOVX/L7DH/QhCc8OW6tfg2mRxd0 -LYt1uvE6otWh6sJ/4v/1V7RkeVfGPBST0QrviSAOwlx79cNTYut67sUmewKBgQDD -iGEEbl8nirZ1Y3uX6CgjG/qUMrH4f8ln02lOfosoQxdoMMyrP3ojyIxUzArmwSPz -wrxVmpPM8cX6yaxzqHo8pehZRHOjzKq6DcslUkx3W38XNwAqi668GMC/bHFFC066 -g9isfEg3kE8N2ntEYz19eAYAzfjKyo1DQ4LCtfq/7wKBgCI/pmg/gP0eHknfTaix -K2RuAGhaKNFDPB0uDrUx0JC6x8fDQm0VI7EjYJnYpbpTYXOgwfTfy7B2vBc7g2b0 -F8ZWASaSWBhQvxzZx0As5LVYzfCtU71BpTt5GGRDDWGVbmPwSg/gltkY6OTsWfXx -+WfzLbJD6EVgOYsmf2ZbvPp3 +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDHy9RkWjmOLdPE +A4fiUO2YYN8bTjYjlXCxvyq3q4eQCX6p9EnHo3m+yGjWEppNxr9gfqscJhxsIV2Y +acazx9aa+cuPq04QUU91Zh5xVQUvwYDv8ZzIcABs31JvRjXfnUX62CM1Ke2b9QAN +DefEZ1wVlYCkuTblzLmA7cvMZfi79SafD4oeb/rwyzCU4yheuvRin58jloneE+oi +zgLh56bjyR3qYXfxgnJqY2iiBtaHjC8+HcQrYw14Sai9CMyXqXGjDo5b/Q16No38 +j+5SD2Uzn/rQUbotNzNYNsRbwM6gWxeBXc9sSxA98piYL6tBMQmV+JoTDUeLUmsv +SW7Wh+dRAgMBAAECggEAD9+RCn8DkxjveeN47IFW+xP5LcNvODEDgM+qDmkVjls+ +wbRrly2U+tQTxiw4r6SyaDFwGT6q4+lbtQP0Wiyuj2X4pvuqak/3cuGP2hux24sx +Wf7VYLRLSFsOwtHubktht63r0Cm6W7lhjWf1Kay3i2xzCcNASg4Tj9t0pVLVqeMK +b1pqINrzP08ibuVATKft174U7763tNEBSKwomb8sD55zSFBKuQQqLSSSX9xXK82f +U8+cN7vsEgYGYQWXJJLfbhEUwP+3KirB/taB3z9paI3IWdthfkf/OVyfkEMB9h6x +6ZoLZ9dFUmQjD6XUxW+rJnjq6xK3wows9LzR3FsfVQKBgQDyDt08EvDVo53ZnYrI +/T/btggJZUeQp+yWE0vm3BtLF/S/MzPNDSTtslZz/R30UUq15PBRDogb3tbJ9UuV +q4OUVk8PQI5PIywciYnnVmgMpnPh/AIrm4hsAovcwMr1FNX0G2nWMx6HZh8hFJKc +2d8U5m+CEGhzvrXpozWRUj4vNQKBgQDTTdD0iRb7AVF9dmIvIMQSjoe+j3tP6nA8 +7lw5pn/Tz4qGrN/PVY2bRX3hBIEXNPNg0TvnQLDqZizZWFDnaVOA5Lwc4UUEbupH +rWJzaH7P96VrzdJWCApTxlELIlNkJxOcNiDDpjezIYeBmpq2Z/yidZbEgC9Z45me +CAna4K+PLQKBgGGtWd06D3FGexYrmquMdk5k4E1aT0yyVqgg1Uotm93rptnZAZhH +K5W3l2dqxsGmZC2OWuN6p7YHcElC8ONOuOQNCA4xkLuih9RkM//kQEyKhsy0cvPB +6YUcafAE5GGNrOC6hzTmn/UnYnxo3tjomjrG2kxz7pJ2bNYBBEbGF03ZAoGBALwn +fZpR/EGUIfEbGkCm55Eyk5NPBlnaAwluona/WPHNy6cyhrSDlO2fSoC01xJIFzOt +/K5l/2MpimQa7SeytSWACDWbLi7NaRZcQN9NPCaJeSZuhw4OaMvCOuY0MZdr6F1g +IXq2JsD+aUAx3/Pu0poDJTZigkeDkIWU2Nmq2wkdAoGBANz3/fCZt3s4+pGdbjXB +JQbhTb3Njts8gWqomw+NcrKU++A0Oyuj5X5b4/vRxcU7uGOY2BFsB2x+tt9FTm42 +G1HffTYQlC2mGthmxHpWPfofYaHpWma6cfiiIM2BSHsPfp8HxuQVE8fZcyJjcCa6 +jWhnMlmaEftOsqymoQe7Wz3H -----END PRIVATE KEY----- diff --git a/test-ca/rsa-2048/inter.revoked.crl.pem b/test-ca/rsa-2048/inter.revoked.crl.pem index 40126223b2..22c59b4b7c 100644 --- a/test-ca/rsa-2048/inter.revoked.crl.pem +++ b/test-ca/rsa-2048/inter.revoked.crl.pem @@ -1,12 +1,12 @@ -----BEGIN X509 CRL----- -MIIBvjCBpwIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255dG93biBS -U0EgMjA0OCBDQRcNMjQwNDA3MTgyNDQwWhcNMjQwNDEyMTgyNDQwWjAiMCACAQgX -DTI0MDQwNzE4MjQ0MFowDDAKBgNVHRUEAwoBAaAwMC4wHwYDVR0jBBgwFoAUQYav -l+JCAKDn+YLXo5BOgVUlCAwwCwYDVR0UBAQCAgTSMA0GCSqGSIb3DQEBCwUAA4IB -AQBf0Jy/DOdX8GmZsGmfd9hzBW5OKEIt3kd4Hudm0IVNFo6vTMSWKjFEw+xHrT8M -g459Pk+i9Q9jpUcnNPsO+wkv5gbEGKaY8eChNiapMUwV1vZ8HRcy3Shjz4XEWa8m -x5XamU4vvQT0BJVg7lklLPEnETm7ikIrWf4xO0v1AQZjRNenHq0H0au8ZKv8B0/F -tdvr9u6ZbAL2pUrxsaHxm0zqhgijXO91Fvp/Ch4TpOEcvllAlFCka1IL6DOkpFhM -BAzKocfHjDycm2+tmzH/wgdTmwo/NgdsDkd9fBUw6BzV0xGaTMF4ZtlIrP7BY4PQ -kgvsUoJ6kzEBxYYoYy3LYnHq +MIIBwDCBqQIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRwb255dG93biBS +U0EgMjA0OCBDQRcNMjQwNTA3MTg0NjU4WhgPMjEyNDA0MTMxODQ2NThaMCIwIAIB +CBcNMjQwNTA3MTg0NjU4WjAMMAoGA1UdFQQDCgEBoDAwLjAfBgNVHSMEGDAWgBQP +zz3CeFD/7M2VPxBQZmLcY6Ms8TALBgNVHRQEBAICBNIwDQYJKoZIhvcNAQELBQAD +ggEBAMBeknJAe3eMefIjhHZS7yzZb+IqzRoZMOGde3pCYLCP24A5GzOFBRzh84t0 +TZQ27307FNK4lyoyrmR6m+UKpL4inUpbL0DZznKYqmd36zOkUoNLhfRjmNnDzY9m +fHW3UIOjfRIn9pFjQy3pF7GH0pnZnUCPX74LDRitNegyFePw4e0KNqtzP//2XMcw +1XHogwGEERKjf6p+4WpCVe9/CP+Otu2XOWwJdNAKIqjHbpIAX1vNdRd89BHKq+WG +sneiB0ryzGx3aCn6uqwpoz3hTPddRoJf4GtZiFoFtikXuoU1dq9SI1NwheXO8/VZ +bBeH/e+9Xfx5khIp+POe6bwjUMA= -----END X509 CRL----- diff --git a/test-ca/rsa-3072/ca.cert b/test-ca/rsa-3072/ca.cert index 33a13f8a43..ab621fde85 100644 --- a/test-ca/rsa-3072/ca.cert +++ b/test-ca/rsa-3072/ca.cert @@ -2,24 +2,24 @@ MIIEPzCCAqegAwIBAgIBAjANBgkqhkiG9w0BAQwFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMzA3MiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDMwNzIgQ0EwggGiMA0GCSqGSIb3 -DQEBAQUAA4IBjwAwggGKAoIBgQDPfwaxtqkf/vZlLww8265tmTtltO9/x08ZHZ39 -XWjVQsuRfGv1hnTw/H2OAtJA3TgOUkcctXvhWIC302kPnPYeQJOyquj5HCRpRezX -DZWw6lN9TJAB/h1JEvjazikPvG3jW7/0fQOf8B9iDUfv/OdVOTh+SNWxmkswXpdS -7eXwHfZ7VfAdCY3YRX68LjfpuuckT4mWhA9q2skQ2OKMsLyyOVYJxnEX5e4xytOu -rtCyN5Ng+oMZ1HXjjiwnzj/3MuxdWzIkB5cGlXWEj6ZJUTuesvF/zJ+1n+M/P/mq -g+Fc+I2a1XmbgRzLfyzgRPIJQFfS4V+NXA2YsnhJItlIbE/QuSUupPzxOjXfJre1 -ArRCflh0ELlZPYWbX4dbe49EE5WMsjHKNloi+ZbsXvVjt3jQWQ6BjNRLyNMdfJeX -i4yOznxX7wnHDC3oVyePiLIBzwoHyUItE6o8TortcQD1wbIJOOLz6yV3+ChPq+kN -L84z8ZtOYMz4MePMQRh2Gwz+gwkCAwEAAaOBgzCBgDAfBgNVHSMEGDAWgBRpF7fH -LYkLSELPjsjU2qh7LucbsTAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYwFAYIKwYB -BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRpF7fHLYkLSELPjsjU2qh7LucbsTAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4IBgQBuufGGoWttdM4NOJoU -xZbQWOkaWIObpZ+LS0FZDdLpgH9zBesXK1vaHqeD0hHCF5u+2F7FZJyG5hmGwbuE -bbxJDhnrtWkXOaYVpWvz0063FbdKWQa9RidzC4nOnct4a7soEPV99EZPaci3Ym/K -ZMmzbQYO2b9x/X6lNZbw2GPHa+qyRl7uOpNzAG6MHEHHR+GLAoQLsYUEjm75wVzK -JSz/594cBzzqr1jIBsB9it3J1IP1sKOLXiVZZR8YlpBa6hb92tin3FA3fgTByl7s -fVjk+lbqBela3o1RJUonbHe/lpz8IIxfeQe+sCrhhm4zVK6/cpnFLrOrc6AOYi37 -NVxiMRrnMfZyH+yrKHs+ecreOfSq2h/VTYLZXqgQz30Jxmf2H0MpgxHxn5ukro3Q -yYsSCaDJgzinN1uk0uKkM6rLq9+QGH7hXH5iTfPBh6K9JkA4A90N1nOAXupQG6HV -f5AKbuYKFcTCEaZraS91MzWTeCtAf/RJRSatmq+52hLrSv8= +DQEBAQUAA4IBjwAwggGKAoIBgQCindnncWNELSXM1DvmVEjoqyTf7p2HCdtg/k1D +aH1kyFAdxqBV8tf4hR8SwiU0TRdphc5nWACGZeQP+qMZqRY53CWFcilxSNQQ+ofL +aP0uqb023zphMCVnNQRWyBKXc7znNq09zKyq57OOjgqT7VHaABI0bFJC2a694LwS +e3a0Cv70X3asjlwjysJr178JSTPpgmnS7sOwnIEI9eIJ251F78dJzpSmX9H0iADU +Er/l6rCpiWqFglO6HS5+aikCnK6XNVthe90nQSXjG01I9lmdbzSyCeROWatmtxbQ +ufGh79ayjn3c9keKZApA7ttYQsS1QqEVH7vdhgMUhBx14Qw2HJ7p8Gk4jUydOinw +QeJGYa0/6Orjw1Gtf54L4KQR7be5SO6O4pzg4ZjU6DchbNrWTWSbFH1fCPkjZco/ +HuQeA999x+3E8rQtmqdJCa0XDZatNOihYUWVcZEt+mZUQFOjMwlKPUsgIpzQdGCK +qIRSHE8lSwi1Lj29pDISttwRJN0CAwEAAaOBgzCBgDAfBgNVHSMEGDAWgBRLyOzM +8FiprNlyysdCmMY4HJh1izAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRLyOzM8FiprNlyysdCmMY4HJh1izAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4IBgQAf4lA0wErKKkDdRRrf +Cc0YWDFqLjfU5eBZydSuW6SgSxmZz3u7H/F1ZcJfxEj8z74jCiC+G/8Z+sIFTOI/ +R1ZoW+WhXZDWmqDyhftDmbdssQNR83eoF3FmMRHjsrSqqtX5zIXmH+y2xnqfh050 +rth1n0QPj08qIUWr5+EQFHUEFGht2lETb+6/P3i0r4hBSd1ZCTYGQ0Jjzx0NFEIv +oDGZz6treRrQlTcuQWZkJb4IxzzOdB/ooE1aakxgjn4D0Qfs2Q8n6UegqAS0XfNU +GFjmGOtSJp1U18Jf0/sPX4pQ9Ge4dtmh08eOjxCVq6BftwOH+4ycV9c2c9k1O9cx +BDKHWtyjlLb+rMJSrfW6SQ7YwjlBevfkv7ah84DVexpNedYxRYurhQ9KpTXynVuN +7EefBVNXRoA0C6h58tpjQQVBbYYJFqmp8ocDbnxk8sllGAGeuwvWA3rvnqZL9Yj/ +KsE9pvt4eEtogpYQjZnzBP911CibO4ebHYcaZpyLiKOyj8w= -----END CERTIFICATE----- diff --git a/test-ca/rsa-3072/ca.der b/test-ca/rsa-3072/ca.der index 034f82f43954582643c516ca653c484462007894..f7786d57c71771e7ec6d73a3b9110495d701c398 100644 GIT binary patch delta 855 zcmV-d1E~DN2*U`Fq<^BF+2?U%L@g!E)H~)>Na(91-|n4<3EN=)O+#pXWXMn*#-LU5 z*Z74W62c`kO&4i}&SzKvhGpar`lA`C7CGD{g>orzNYoJehs$XFE~&jX-#TG1C1*7R zR>%^UbG+v^tv$@Fs^_zgjtZ0QQQ80!G;C5r*{;3dyb^nMw0{cz^j~(Yj$9+k!fV&R z2}v{Qf@#w3!?2uz2=(F#+nq)4$4SnVreD$Yhyc_Qzvb$%sflWZf>XL3E`Dk$0-Uaw zHCthO-6ugM;~Py#_F0{8G_ncgPFbsFw-(U3@uBb5vW|V+_D70j3PA4LSVF|LLZKBO zyWNHZ6oedg;eQM^9G>a$X*i8cojNJ-LE=VXtv~4M#O=O!CeP0OqBW21z9^@Va-+jmJ#PYN)nx{z#trrcJtu*MNVMUd3kuCaW zR6tXsGYLvPOCTbg&~#vmsDx4+PbEtTwJtrqq%sn=+%FL%-2wvv00EAMtf%!e7Kl z{Lj843Lw54{~7wi1x(^UM^-L=TToDj`Ly=iv|(bp(GDXl>e26L0RnKX|mSh(Sr+SqU}< zLqcQE9SsyhFQ74*&#P;B8qk$DE!Uy4xlXSjCRq0`5Xj}VospkKEGhx?42SJyUk*)==Y zF$8}yhg#gDl(zn?!cwjEx=9Y$!Z|^D_vF8}q4R*%dm2r7)-gqktA!6rr8V-MTaD~T zp9ND_Mu0R6sCn|*V?hN$ZH5UJsj2dZ18#g|^2ucw0iL@H)&qL)o~BFni2o|VJ*NA3 hcuQ!4mJp4Z^928O)F_)fhnpRT8fKh}h@%6tkIWD=q1gZc delta 855 zcmV-d1E~DN2*U`Fq<_zU2C=rOAO7}bFAO}}u5Fn+Wwh^q$4?m@o&8;C)k4dWd~5ZF zbnyIrjsns^-8c?XM;x_#;aGsT(`gT!_8vf!va0C$93*K)?AHyIu z>AL46Pl=X<4{F-U5ZL03u)MN4Rtd&&7v=6T%G0i{(6Tp^VETg@)OF*IEGN!C_cH8V zTQVdEmj;z}gpa04Q9GWp@qf&pwV&fZKl!SI;avEQn$>xmfgH7{P8+9-zK-U0<=PYSacA%Sv`fDUx!y#7sCzEw z8?lp~0wsTLx$%afYi)GS4LF(<#g@=m=^9vro28$NOF>x;(&>PIa|P=cD_hzgr-RZF z!WWyq*j~kCoQCEZhQYgpZM;bi8SAxa7dfUCrEBxkPPY}eN?8WIMkjL%iO!wNcx$^T z5cPfZMo($Tw_as>&?mClm0B(#NLB~hoivolT zv4sSVZu!An$|WrS=iVF#JnFAl$OgcDirvZ7gY~eZi(VyJWgi%pkXq^%{o2^4+)y`u z1i{K)?0s0|`c~=%=~~{6Q6)+zY44c2pjUg}UAq1Ato3U1~K h6~w|3rfX?0bu%@Scq>4E^hre~t(vd7+7binO8-q1rS$*+ diff --git a/test-ca/rsa-3072/ca.key b/test-ca/rsa-3072/ca.key index 8f455f9023..16424809f0 100644 --- a/test-ca/rsa-3072/ca.key +++ b/test-ca/rsa-3072/ca.key @@ -1,40 +1,40 @@ -----BEGIN PRIVATE KEY----- -MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDPfwaxtqkf/vZl -Lww8265tmTtltO9/x08ZHZ39XWjVQsuRfGv1hnTw/H2OAtJA3TgOUkcctXvhWIC3 -02kPnPYeQJOyquj5HCRpRezXDZWw6lN9TJAB/h1JEvjazikPvG3jW7/0fQOf8B9i -DUfv/OdVOTh+SNWxmkswXpdS7eXwHfZ7VfAdCY3YRX68LjfpuuckT4mWhA9q2skQ -2OKMsLyyOVYJxnEX5e4xytOurtCyN5Ng+oMZ1HXjjiwnzj/3MuxdWzIkB5cGlXWE -j6ZJUTuesvF/zJ+1n+M/P/mqg+Fc+I2a1XmbgRzLfyzgRPIJQFfS4V+NXA2YsnhJ -ItlIbE/QuSUupPzxOjXfJre1ArRCflh0ELlZPYWbX4dbe49EE5WMsjHKNloi+Zbs -XvVjt3jQWQ6BjNRLyNMdfJeXi4yOznxX7wnHDC3oVyePiLIBzwoHyUItE6o8Tort -cQD1wbIJOOLz6yV3+ChPq+kNL84z8ZtOYMz4MePMQRh2Gwz+gwkCAwEAAQKCAYA9 -yUp6ArVLxMUkDiVrvdKr6hQIzh7/Ap9oECyqdHUyA8jQUqdnHhmWZOkSL37iN71o -blGkl9oCmTMDCh3fu1KCYaJZcpEbFKk2+85xnyby3mPsDK9ZGI0p5E9cAEWz3N0v -9XMsX0mEB6Ggtem06a8M7pQG7rNLRnGbPp9630I4BQQPZ+CvFNg7DT6W1IBrxe7s -Hg8PVdWtcOascJjNYhdeTrpzALdOcXZDN21fN8kHOItXNmFxgJV2JDC7zau4dV3o -/HbHXNlSAmQvKnFA1BGus7YDGGiPHBOBbGUXe6Zr5+/T1lMCUYRp5Gr60dSq7lS/ -H85u5rbZw/B5pysRPgRQoxe+vKJd6XK6YzBKGLsWajLGZh8lLcGJ1mJZeOn1CSHk -YHo4oiGcmBbzQx5dg1kDluu7mD6weFUih/juKLF9Ju+xaDVXUBisZ9qQ/A4GHiO6 -u2YNi9YlBIOuAsN1wxnD/4a2ieUEZKIRKxmaHhW1Vay11bLLG7IG4uci7/kdre0C -gcEA/JjY8e3z9UvfbDY5xEfk5lA91PXk1cFkxrG/1Ek42CNkf5Ei3rgqQmttbdLX -OWsIrtqTQa7QBQgRRtMOWdqWi3X9jMTnv+CfXtoE5hclyWgBAP7ZH7EIyD8dhuql -C4QW8Vy6ukTfpSJIGIDSeIw/JpAgugyE0tsH5E73hmZJ1eT0aUcO3zP1jN4fsx5+ -ury9oyLLOgTbKbSEMRdjtkzC+1eT+4/f0WMVruYPjeGNUx18LwtH9nr1HdAxBfaS -jb9zAoHBANJKorY+aUVewaPTdMsswD7QmJS6sB+7njXP2V4plGolTXkPOcBH1E5S -xNk942QUwKiuy145SvN09L4TcJ8V4aO4c7TdiVi068IJGuWTKg1KvvhFw5WCD/nW -1NmMKRjC06G3r4jIYE+4v6o+N+Y6IjV3qGrFAZtjz0CdYrLe35qXN4OCOr6ihyNc -FFNIddzniQ2SDkEmxECLt+pMB+QpE/RFDJ4stWZwd5nKtNDxnZdw2zCrvJc3HuwV -fyoNDHMckwKBwGXSb1FGrFqrFQsX6L1YhcrZebNI08/ev3Lg4AUA5yspSS+rH7VL -460WhOwKW7vHi56AeW+2uh/tGpnEJjrORHU/QM/n58uPDm87z1G47wB7Ljxqfrep -s3KVDp/+Ij28J0twJ81CSizU3t8RvsXdMu+mlaqptTkSFeJQerLwtL7GJkfx3urW -lRsNxxV7K3a28nK6adWfc4EiRU9MsGMiGk8bBIoZew16tZjlIEv/KerhLdgA4idX -dUtpSvmuZXFCRQKBwQCUgqcUg1D+76NbGjuyPOFruw72gj1du7dIk4gUCtNIfx2O -cCU92Lxjr+pa7W0IQeupdQAkg9udwawSDFKN1vsqD1qPkaCsp+CTgLChDuQ0zOO/ -HC27CUZVD9Xz6Rsg5H5nB/0MYU47HuMkzJnXmpiMH/wtowG2hq9YF44benB5kW9g -DXmFJezAGQg1pMewAUf18H7mngUc/E8fRSCRjj0MVjNKBZL6TFT6pIA7y1abG9WA -MtiWBhRtb+UFgn+XT8cCgcBgqioSc2qRvXGg/zml2rwxJtXHFS+voSkrehR9VXUr -Wi7w+dxspp7y2kz9mAQyr+b0yWt9Xuu+kiYv3bF59RtQrGlHd74FB2T3Q7AzHmh0 -94ncmjHG1eXiQ/IJBB8z0tInXSYkaRXQWdZ8OcqtzARNIITSHLce6rCOXwHA8Xnd -gq1wZXkmMOZ+ENH2MLhKxiLCC7HLb/I8GO7Km8LdVePQawluWqoj0OtaSZIXjqBO -ltqSPFn9VgKYuulCBy1eV8w= +MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCindnncWNELSXM +1DvmVEjoqyTf7p2HCdtg/k1DaH1kyFAdxqBV8tf4hR8SwiU0TRdphc5nWACGZeQP ++qMZqRY53CWFcilxSNQQ+ofLaP0uqb023zphMCVnNQRWyBKXc7znNq09zKyq57OO +jgqT7VHaABI0bFJC2a694LwSe3a0Cv70X3asjlwjysJr178JSTPpgmnS7sOwnIEI +9eIJ251F78dJzpSmX9H0iADUEr/l6rCpiWqFglO6HS5+aikCnK6XNVthe90nQSXj +G01I9lmdbzSyCeROWatmtxbQufGh79ayjn3c9keKZApA7ttYQsS1QqEVH7vdhgMU +hBx14Qw2HJ7p8Gk4jUydOinwQeJGYa0/6Orjw1Gtf54L4KQR7be5SO6O4pzg4ZjU +6DchbNrWTWSbFH1fCPkjZco/HuQeA999x+3E8rQtmqdJCa0XDZatNOihYUWVcZEt ++mZUQFOjMwlKPUsgIpzQdGCKqIRSHE8lSwi1Lj29pDISttwRJN0CAwEAAQKCAYAN +L8c3NH4+ovmae/MKiQxWKmYFrwQWVVHf8jyM344xjBPWbPWyBTdcYgZ5ydq5/G65 +Ah58H1+q27GBgTXU03MSXebWBNgAUCNQPXyhsvcQSmKQrqE9jH8FTkA2kv1SS5Kb +3kFwo5EJ6oWTOl34Y77Rh9QcwlRDswLE8ifWHi3AnlamiuTk9nCu1KxCPKnIuedW +2MTg6QyJ3RBn9rEYfbb/Gu6lGSEml6+/Has8MfQJPn2Ka0gDIQ/N5bwQM2bKx9k4 +aptFp71+fdbKlX8wEoHF8vVC8eNW2UwNc/aUxQPy0O/jcxgRA+DpHxX/6sZYql06 +qEqgA2Ltdd/7Z1hjIR8KEkPUTvYxTGa/DODAKxEdWv9aZjRDssykSlyZ6q9xQeU7 +8sOywL1wWtkQn/NFIp5YsBvngyPV+axlHR9U0kNJ7bLaMeP4HOGmTY0jCmWcVtsF +bxXujrGWCfhWHdpLr39kV/d/OZzY33S6EPaa9Q+isz+gXV8JkEaDhOlv+qCQX6EC +gcEA12INhstgoFHkKjBIRG482lJWoB06G3y3+5DRAY7Jfw68bBjk7fbEJYrsh91p +B2uguwYyQ4Y1m/pMyOWUs6GHzik1mzeyLivA4Hg5WUeu7/Gm6gvZ7qR1czLfhFsD +H6KHmBmZBbaCDnW3NQUmmfYOd5QmCf2FCjlWz7EQHZD6zmCP8PlgcxSKaKh6itp2 +AIpQ+g2zDzTMrCLzxeHpkoBcq4XrfjptRbBHNwhujuLDbCII3Onu4YNQyx05UF+L +uKG9AoHBAMFIayAhkHh/2RY/SyCGj/DYB3k5Q0xgAiipMgclgJP5U6TnNzKbyX+j +qSMjomjDXQr4bh0WPuLhJFD1X1MX7LgDHq3lq5+iSAP0xg6ClCQGgSTZ18uhXOE2 +LWrVoJBYmJFLazATQmr3/XoGIUbFnmd+K6I/mv+sMtmMQAlmcCXtNRXURb7q87FS +n66iusmoZg18AzKMa/ddwzh4OyudgsNQM9Z/xze8JbuCaq3so5PrjwTvqtDzdpC6 +WRgVAztxoQKBwQC50KIS1Ir8RSovK5BtWR2uzLJnWE+1PxgLNJjcWy+DKldset2m +XupB6WS+oknmWPhF4cajcrn1Yy+zcj2j64uaVPsmehqCssSn45C2cZ1+7GAwMyFF +PSUGybEEIvDC7hlFI3Bc+WOizfPNDjCLSziX+XwHymxosacvb3aTy2xVeAE2yC5p +miL+v7tY57g+JxZNZFxCli6to0nkQk6cUZmhcNwF/qofIUGPPPsE0qX+OC6lSD0K +2ZtuYDv+FzAXjZECgcBrX0abj+nI9wTq9fhPNlGKMwhb0HLRX9hzLCLtk2jNS0mr +JwMj6yVR8eII8kfLuRPb/0x0fiIrOXVKQDVXXMgVJS6K3jasNKObBwRrlSCkrrRZ +e2cE6TxGpCkw20IaTg1bUbFXAKv57o/ylKsxvKCVz6J/vKPneoq5Dc+ZKT4N46uE +1+py9+Su0j6A7kejtRgUT5sbHqTvwzerDCeawCKfS9OwSkWqcavocbe/rODmUIqf +7GBROZ7ZIZxS44FrKWECgcEAsMXJ7yLTmGxHOoaINWV9sMEGpOopSwE6Ab0fAjWy +JZXlVPJvSTsz6P7Pe441A5fINFeGqwNDuxFHIWE88om0ofLAn7Lg2m+9XelbP0TL +g/3eR2zn/yCd4bng6VS0aUVQUpRij3y+Syd0AoS+YeyPB7s1i9uJrJMZ+xUjUeRa +5EV20DK5JBrJlsPCBIgPVKsk9CbV/UKvGRzac2Fe5eHgSaa3w5U3gpuJxGiACKHV +AHI+YIOEFtnxEizM2/fTnzZo -----END PRIVATE KEY----- diff --git a/test-ca/rsa-3072/client.cert b/test-ca/rsa-3072/client.cert index 8c34746bfc..96abfa4f30 100644 --- a/test-ca/rsa-3072/client.cert +++ b/test-ca/rsa-3072/client.cert @@ -2,25 +2,25 @@ MIIEZzCCAs+gAwIBAgIBFzANBgkqhkiG9w0BAQwFADAxMS8wLQYDVQQDDCZwb255 dG93biBSU0EgMzA3MiBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw MDBaGA80MDk2MDEwMTAwMDAwMFowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50 -MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsyhZxkQPlnCnFsRTVTIp -SeoI5gBTK2OHEs4yQ2Xg8hpN2zPxdSEJUI12dUh0n2pIwHErLexZzsQ7x4Dau0D1 -5d9wTWBQMFCfN7SFMkhBg8BnUSEsQk/gnAKlZLAcQiKKZ00M3REPRUXXsVZJNyd+ -FuYNekM5bMWtnv50PrfIq2/SAGPD+fCAjgT0Jbjhh1wcR0v1AwPbWfuJ2uL5iwTM -Ciy4QNHCUxf6xAxEBkAVCLkOEbl6eaW2X2daCMhAYkWmKD9ECaavmnX/+HGr1ybX -t7oahsSFsJ7oHDl4LiC9oPytU3VXGvDDIU6MnumyoinUJwV9ulV7XdslGI0StLXo -KaPkSMsip3n3iOdlxh/YnwadfgL/ZKIkl9h9c7wAVh0drFd/0/qVbnQugqANa42n -dOM7dcRjzU2Ccz2RmzAA7I/OYeeQYaq5hg9dbmtWUsnNEdb1Gs7IWKrGzf22hlHp -KhlJfFUfLQmS0KUNyR1ufRl9M8RzaswPi3GN2jNF38UhAgMBAAGjgZ4wgZswHwYD -VR0jBBgwFoAUDcEcY+ZpQMXKwqE7i0BMcdAJmkgwUwYDVR0RBEwwSoIOdGVzdHNl +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA5h1pMLe94S5QtsmhwhLC +HDEWCHpXDb++m2F1GehSn2apvMeZ6o0T18x40Hj/YPzGrDuS92EIEbwvEF7tyrHM +kapnbYFi9LE6ld6gQNWRPgZ6Lhs3RtxekxaQX8wHnhiVdDagIjjREyNf6iPGui8M +ApJXiGfJTuEiqd90ePzKOrDXlOKTJTIQojYNzBuZ/YKh9IjcnRCvbfESmklfW72G +eWfqvzmTr8r68j3/gCDgDcuMDgqvTCGR8Ks5nDkT4CIvosWSNmNPNTJZfPUXHwUk +JvIf2TB036Fw44OQzzWk4qtxz+BzbWzgi6Y7G9oXFKZARWlxefMZbRvVV6hRKqid +b8EyIJkVQWJfICP7tGXRDBUmdG3Jc+ult9KdMlHDBQUy8r2SRF2iXB2WpBZWRHze +Y0xNYrDFcZlc7aBwQi4jCABpAwoksAgXbChcn2hSvY0LQNmPXle5gM3Hf0cku7p4 +6eGRVI/H5rGZHDKOFkSbklotrXgjgs6QSf58gUstejKJAgMBAAGjgZ4wgZswHwYD +VR0jBBgwFoAU4cAknhDpJyFlM1j7YLPztd7K2G8wUwYDVR0RBEwwSoIOdGVzdHNl cnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0hwTGM2QB hxAgAQ24AAAAAAAAAAAAAAABMA4GA1UdDwEB/wQEAwIGwDATBgNVHSUEDDAKBggr -BgEFBQcDAjANBgkqhkiG9w0BAQwFAAOCAYEAizmLCc3Gd+rsnpqHxOaEycbpoNhF -b2BwW6ozEO/QSk0iInmrbo37e2dBvnYiblilh2oDBP4UzN7xbwwwmMyCdL5Hcvy7 -Mk9JbjxcwpP4o66zKA8+tEGjC4oqV/y77gb3XJ8tpd9GxypJCLjyEZKpjDLQrx3V -smenIeBYxk/QsKWsUmaODt021oixZO8Xks3UQjPiCGcZ39sl64rDnSsS+qQvcd0O -HwEb/4SfN+Sv8ItkSnMrO2aHYBw8uR5/WTCKK1V+3l1jzMYjQgK8GAotQYXxSG0H -fDpBvIrC3OXttbMhmw5NIJePHzC0YMCU84COTfoy89Yw36CXi3pj6yK4IuKxTVI4 -J0J4Z3EW/Msus0hX9JRZiYzOnloaWye8oXBR1MRZNZF7oYtgaNGqhzBEkm7OpkGr -UM9XpdfBdiidYrOdMwjkxEJR4M//D43dXOnDGEJ3W0PvEQhsMmSE4+TFrXBWYl9q -GkiJoKxC9UVuGajU9JpuxB2bE4D7xWldGxuA +BgEFBQcDAjANBgkqhkiG9w0BAQwFAAOCAYEAWRXDtGRCPv0cfFdSkasWLNetpfZH +EW19guXJFiOm6JFBnrd5t/yMOIV/egRIMszSXzct6IdBCbSW5wWUYR7RPzWLFT97 +gPFkfOcMo7cykpfjGPvhf3b2jj5Xvj6Nb4SeZJYgn4/JvRIsTEtYuhS0zGN/nWGp +dvDSabKeRguRmoGxAH5NoqJiEtFNfBT1DDS99OT6uku2wwXvIJ0CrD+AaNOgqMZJ +GcP18t6VejLWibNPL2YqugBWuVk/wVfQXTZlOImaWOCoYwiMzto7M1V950UtimS2 +nNPa8yNs3fQt+/AcOBv2iRkpKqYimQFQL3bV2CsX2nyV/3rGioFL3mPGtZanSpIj +KJCc9/zMurMjqrccp306NlunJ1Iqea7G9ZqlbaE/2jblYmLxhqG+MJuBCuYrDoch +vVpOGLCwofVPDnwV03IL1flhS6jES62ikCdRK3dpPwMBIw1E9t1qpV9Tw6wBgXZX +z0p+TPkf9kOJO0BdDiM+m2mj1rXJaK3kcGXf -----END CERTIFICATE----- diff --git a/test-ca/rsa-3072/client.chain b/test-ca/rsa-3072/client.chain index 35295b4e36..808b5a392a 100644 --- a/test-ca/rsa-3072/client.chain +++ b/test-ca/rsa-3072/client.chain @@ -2,50 +2,50 @@ MIIEUTCCArmgAwIBAgIBCTANBgkqhkiG9w0BAQwFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMzA3MiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDMwNzIgbGV2ZWwgMiBpbnRlcm1l -ZGlhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDYW3SgPbYqzNwQ -CGhSrzCNCx2x7UJseZFkfc6Df0tZMpd0qvJh3pMiVqDq9l96EM0Uyr6iVFM90Ilu -8vAGkLDqCjZ97wXxj52QDZ6+q+qjpeFdCRR+xIYcuuWskHLi4LzX3tT1Y+C8ew/E -iA82sYWl8Sj3PnCrLEnVS6hAA3sbxaZskOXz7JVTqqMj3y4OrcGdC5DuRZY+JRol -ZNEpW6BwtoREvLNm39vqmcLVtSBWqj3c2W9+DsoHdlbbJecH5XqY8ND9HXwlyINb -bncPGMHA092Aw1g/z05viJugF7t574apUw1RKqEkIwtcpEqDZKfK9hPlkTcyYu0W -K0sKwIofDgB7Qp9DSzT60hjLg+oZopA4kbdmhOWUn1L/qSaBXJV1y6Rtwr9Uz0VN -SWIJMgz8njg4nNCI074luKhqojPR9pSijNkuhxf6Rw8vGmEGFthgn3BlhODozyxk -8S/GeXVNtdo8GFJaY2PQwLC9wJ6LWl8M4R3gysOSRqLbRgR6WUkCAwEAAaOBgzCB -gDAfBgNVHSMEGDAWgBRpF7fHLYkLSELPjsjU2qh7LucbsTAOBgNVHQ8BAf8EBAMC -Af4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQNwRxj -5mlAxcrCoTuLQExx0AmaSDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUA -A4IBgQBiAf8LZqkAaCSivUZiYGjhCXvvvN9JoVyyX4gmO736K2YtR62qh49U25fM -wTtCevxFlo4aa1w3mHMROwTZQXC5B2idOKFptc/Ehbcg68jh8SRu8hG6QTwmDir3 -RiTXaAZrubQMzUBO3/8A9ptFHCxBv7OEvdzhfvMu4Jj5EAsME620KuKdK/bx3s9p -gJawmMvmolIeaw8orwbbmP1fnPCu5tVHLE8Bz0cc5ETfbXy84Pj/wBjebeLC+t/j -YMA3rOpEVQJE13fhYt9nXb8l6L2Wr4YyQ2XZF1oqGZvYFOtSULVjHmNujdwiBuf3 -Gfk6RhtW9YimoqdGT/s4+nMZEDy5G6vRxU6jQfq0yaFxsmDFamPToPHqhTa7vEES -qVpKnKbiwEAuSOmKJemaYaL+SiIv6K4QOcQv1U8NjlvhKwsJ7BFg13YXHGbOFZs6 -DAT9y/MzNQIL22n4YHRLI79HyQkbl4FXDEDZ7Ah1ZlzG+wYmXqKiWEvw1Gw5iHOK -DnVgy+0= +ZGlhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC/OgISzWpvmxuw +B4IDrKHFtBqKl5yPredPHiSWk7gmw1H8Kgy8peDsKhRmDdXo+6uS/mjvYjRYUeWe ++3nDxiYJrSN+qPIHRlii0QLJNa8as6hmhrR5iI+lBUnglRJxWT0xsr/1OrxjoZ2J +Y51TQJdPPOSBFbmCyd2T/QTjTPOXdyoGHwgfP2BpgIw1dvoh7K+/jh2NZg+gHmj1 +WSZbzeJNcnaKbwrQDeaSOBSo1blvW80yDmJYPQyhponMtGe++Gd2+3cUMlIDAUl/ +PqIL5MTUH+hcwPgHDZO9WiYZ6Aosfgauli01UDirslfSi5QgvBqcmoy/yj6t1xjH +/v1LAc01/v5MdhlLIYRT1mwqfYE+YQADLmP7ZivxXI3n0hmVbqK7IoEVxUcWnG0v +kFbTJG4b/EcYPNDQbUEanY0po/iU6l0dZGBrqk6ykwF26xE+y5gO2FMK9MI6cu2f +sNZjUJmJef8HMTfcmviIXlc3eGQG65xO5lSHc6KEbomoUEHDOuUCAwEAAaOBgzCB +gDAfBgNVHSMEGDAWgBRLyOzM8FiprNlyysdCmMY4HJh1izAOBgNVHQ8BAf8EBAMC +Af4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBThwCSe +EOknIWUzWPtgs/O13srYbzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUA +A4IBgQCC4NyElfW2vTkhylb4wXXsm41YKhnH9yiStAd+6PMBnrIjdQhIkvvQ9gyp +72DFod5t8JCOnCq5jgf6uxoJOgn+4FhJ/en1gL+fH8T+9LMB9Vfzr3YT2I7G9tYA +C/CkbsN8h977TyblP56LqVh9jaPB34GT6UvvP/w3fhaIeadeH1DTfRg6O2jwKdeQ +cPQ45bfF1EknHJiJfQC/ul/ygp+7F9KNCYwZ7SYPBKYt1ACpZFQcZYzDtcc3ueI1 +ktsDJPSC+3FpmDJ/vgvqKs7SRWLdCw/lXemx91PdeT8wJCxFDMmLDjks3iP0l9Gk +/jp3gZesuvCPoGkHPfZBNqnRvQ0ShQ+ifwYLnnkaOTtrh2fFgjrVowm5cyVi4ecg +XMx38QhpuaT83N50FpY56jtGJtEKYYRKtyFe2hYSRyoT5mBHTTYqnXSeBCeuvD8o +yEB1FB97HSYxCjCCOn48m3wJY9mfUIHoSMC7Q+EXkE6+DEP8sBLtk1knfnp94Vxe +tU+qFWE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEPzCCAqegAwIBAgIBAjANBgkqhkiG9w0BAQwFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMzA3MiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDMwNzIgQ0EwggGiMA0GCSqGSIb3 -DQEBAQUAA4IBjwAwggGKAoIBgQDPfwaxtqkf/vZlLww8265tmTtltO9/x08ZHZ39 -XWjVQsuRfGv1hnTw/H2OAtJA3TgOUkcctXvhWIC302kPnPYeQJOyquj5HCRpRezX -DZWw6lN9TJAB/h1JEvjazikPvG3jW7/0fQOf8B9iDUfv/OdVOTh+SNWxmkswXpdS -7eXwHfZ7VfAdCY3YRX68LjfpuuckT4mWhA9q2skQ2OKMsLyyOVYJxnEX5e4xytOu -rtCyN5Ng+oMZ1HXjjiwnzj/3MuxdWzIkB5cGlXWEj6ZJUTuesvF/zJ+1n+M/P/mq -g+Fc+I2a1XmbgRzLfyzgRPIJQFfS4V+NXA2YsnhJItlIbE/QuSUupPzxOjXfJre1 -ArRCflh0ELlZPYWbX4dbe49EE5WMsjHKNloi+ZbsXvVjt3jQWQ6BjNRLyNMdfJeX -i4yOznxX7wnHDC3oVyePiLIBzwoHyUItE6o8TortcQD1wbIJOOLz6yV3+ChPq+kN -L84z8ZtOYMz4MePMQRh2Gwz+gwkCAwEAAaOBgzCBgDAfBgNVHSMEGDAWgBRpF7fH -LYkLSELPjsjU2qh7LucbsTAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYwFAYIKwYB -BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRpF7fHLYkLSELPjsjU2qh7LucbsTAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4IBgQBuufGGoWttdM4NOJoU -xZbQWOkaWIObpZ+LS0FZDdLpgH9zBesXK1vaHqeD0hHCF5u+2F7FZJyG5hmGwbuE -bbxJDhnrtWkXOaYVpWvz0063FbdKWQa9RidzC4nOnct4a7soEPV99EZPaci3Ym/K -ZMmzbQYO2b9x/X6lNZbw2GPHa+qyRl7uOpNzAG6MHEHHR+GLAoQLsYUEjm75wVzK -JSz/594cBzzqr1jIBsB9it3J1IP1sKOLXiVZZR8YlpBa6hb92tin3FA3fgTByl7s -fVjk+lbqBela3o1RJUonbHe/lpz8IIxfeQe+sCrhhm4zVK6/cpnFLrOrc6AOYi37 -NVxiMRrnMfZyH+yrKHs+ecreOfSq2h/VTYLZXqgQz30Jxmf2H0MpgxHxn5ukro3Q -yYsSCaDJgzinN1uk0uKkM6rLq9+QGH7hXH5iTfPBh6K9JkA4A90N1nOAXupQG6HV -f5AKbuYKFcTCEaZraS91MzWTeCtAf/RJRSatmq+52hLrSv8= +DQEBAQUAA4IBjwAwggGKAoIBgQCindnncWNELSXM1DvmVEjoqyTf7p2HCdtg/k1D +aH1kyFAdxqBV8tf4hR8SwiU0TRdphc5nWACGZeQP+qMZqRY53CWFcilxSNQQ+ofL +aP0uqb023zphMCVnNQRWyBKXc7znNq09zKyq57OOjgqT7VHaABI0bFJC2a694LwS +e3a0Cv70X3asjlwjysJr178JSTPpgmnS7sOwnIEI9eIJ251F78dJzpSmX9H0iADU +Er/l6rCpiWqFglO6HS5+aikCnK6XNVthe90nQSXjG01I9lmdbzSyCeROWatmtxbQ +ufGh79ayjn3c9keKZApA7ttYQsS1QqEVH7vdhgMUhBx14Qw2HJ7p8Gk4jUydOinw +QeJGYa0/6Orjw1Gtf54L4KQR7be5SO6O4pzg4ZjU6DchbNrWTWSbFH1fCPkjZco/ +HuQeA999x+3E8rQtmqdJCa0XDZatNOihYUWVcZEt+mZUQFOjMwlKPUsgIpzQdGCK +qIRSHE8lSwi1Lj29pDISttwRJN0CAwEAAaOBgzCBgDAfBgNVHSMEGDAWgBRLyOzM +8FiprNlyysdCmMY4HJh1izAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRLyOzM8FiprNlyysdCmMY4HJh1izAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4IBgQAf4lA0wErKKkDdRRrf +Cc0YWDFqLjfU5eBZydSuW6SgSxmZz3u7H/F1ZcJfxEj8z74jCiC+G/8Z+sIFTOI/ +R1ZoW+WhXZDWmqDyhftDmbdssQNR83eoF3FmMRHjsrSqqtX5zIXmH+y2xnqfh050 +rth1n0QPj08qIUWr5+EQFHUEFGht2lETb+6/P3i0r4hBSd1ZCTYGQ0Jjzx0NFEIv +oDGZz6treRrQlTcuQWZkJb4IxzzOdB/ooE1aakxgjn4D0Qfs2Q8n6UegqAS0XfNU +GFjmGOtSJp1U18Jf0/sPX4pQ9Ge4dtmh08eOjxCVq6BftwOH+4ycV9c2c9k1O9cx +BDKHWtyjlLb+rMJSrfW6SQ7YwjlBevfkv7ah84DVexpNedYxRYurhQ9KpTXynVuN +7EefBVNXRoA0C6h58tpjQQVBbYYJFqmp8ocDbnxk8sllGAGeuwvWA3rvnqZL9Yj/ +KsE9pvt4eEtogpYQjZnzBP911CibO4ebHYcaZpyLiKOyj8w= -----END CERTIFICATE----- diff --git a/test-ca/rsa-3072/client.der b/test-ca/rsa-3072/client.der index c0548ce666d578c3f70944da94c8061820c59476..902b40965cffc7427da7bfda40f864395cec0570 100644 GIT binary patch delta 811 zcmV+`1JwNM2Jl z6W7dm(0Kn~{Kl+1lJ{W<5xg%DUhT@U%#o^RZGmF+u{xFBpg`4;J_dR&8#hMWUXvD( zU(5%d7?pH3pdvWY6C+>hBgVQf3<8o@h-b-8;UcNuba?#AI)AX&l;V>mG7zFR4a^&v z{eq$Nh}@kJuWj)Xnn_<c2UYugd!JJ^z3p;0?=+4hpYKA(8N_Ih;8Y;36-g z#gaB-Pc<@GeDxO}1tcc&AK5T;-=T2hgOJZPq~fb_&){=yY~YKgI~&>;6sAB$X>ob; z8EqTYSEx}csDGVr!7?D36+vQOAS3&hJ^R?c}*l&|v0*-%K6~nY-LO%T*d{gKeqM~9F(M^05 z^$aw<^yK=wOSZ!W?;xE5tUrKg)1auvNg2cS^4^ttGS-Q+PcLRFx&T(WSwF#7&|NlV zIEk8A;HYB=jLzCSGgW=(MJrXraEP%n1X*ee&> ze3k!t#)^SU-eZ5pwU(z!k|QXPocH|9y0asyw;ZQ^IyPIUCsHbTuEzD6rEQ@<+BW54 zV)2HdzA&4C3g#;ghatUMP8hJTq4iG=d==Aj3)T5yOQ^(4t)h@8Q7d<8KLY_H4Mg_c pYNcOO!>j>;c300zeoXlv_Ctv~KwSgo6W#7}whdKZN delta 811 zcmV+`1JwNM2yFNwSVX-qvS}-BBy!xi05U-AK0G;oqhuUWTGUO*nM-n09G9xtXF^2`ju{U zE`p#9YmKLL<2!Z4W6e#1b3KupFaYe2&SB?}VXC=?4_$6+R#M5$5!Uq@&d6A*#?Ae< zhEeG%8A*IqA1w)z(4`H@9d3OYeKW*!YRnIdagEwDMFZc(A(Jrz7!(b`9AoBbK*h?! zp*xE}OmWZ&nn;sf0*-%+Ig1I+#&_!Mo|=cm=7h<{>7dv}Z(wj+sxuJp&`M1rB6+KB zjr)6NLB4h(Zdj#mq-+BI2=4QaC3QPjj)HIaLv zi(qKcs)sN{l5WnXL90;DSEbj%b|{@t`4f> z)x`1Zs#6~-7}G$7TRP=&ClxwC(^1#SFYEH}i*i~}F>(>EAHYxrYthg+ciCuuHDllp z0b(Q-J9=+I40!e??K5s}CbK4;0=2y$CIZ2KhW>G46v><8RDXu|_#{(*j6r*w6h7(k zB-@5YF*|j6i;DRce|(?jCKPR6Le<^GsUyt-h>FQh6P4|69-;3XNzsgIS}#5|&po+b z&%E0V+87fln2nPUklz{0?AUcW(vNDPnRG&fxv1-`dC(g!hN1xzMPUhyTop4SU@iqV zwKD0S%?o>XjDMQg1CH5VF<`vm5O7b?Ny>*n{T3Hplkf|A{1J$Hlmu*>9UGJ3_B>Mn z$SBX)({hw(kF3mU(+kS?+^EkCn9$;Wt1rHXVbGUjzU7u;RGtjPh)yY&@6A396o!D5 z@9{$%*ld4D0(x21Oh4Xkj=W$((I#0)62`OQ_aGxjKLh${#gi}s7!={aB%ToICn04s zSo>hJ^R?c}*l&|u0(pN!_Aj7fd<7WVJ6*r%fu#w=T8ZXlbt?AwRA-(T{!2IVhwH3|gNiBO`VO~g--Mgh?msnGo0YD` z(JeZJz2VbY7;TM4S^9GBEjAMpeZ!XD!p?iYe0EMBTo!hjVi6D6U(E%18O1b@H#sy5zqC|pZoENy% zopX!~lOfl!7(8asxzY}$Ful1Vk}A6B!?k6siU{p6>bY~pU48*0fGoV0mV|sWPr5H^ zFuim;do9)-^_hPYfi0o_xkRhH+fr&vOGoK_n;AOMWCeAYiE{>9KVXBmRJIPtv#d+u zBY%y-5Gb}o2*&`lP^;Mbm`p$>_T%N?aV@nxBL?0}qQ0o$v>#G5;b^WkUhnD=eq()2 p$rb#869&?x?#g7#8DB;Z23PI{q`~Q`ev55VKo2gQ6($3tgbc_Biz)yB delta 811 zcmV+`1JwN02-OIXuz$!c+=u~t}Ms@CCBPZRea-kIno`3~;E6JC+E8Z5u?or}=A@UL7v zvZ?wt4&E;}0o`d0zZ3g14Ij{}#xJw`shI)M1%%NQtt_DV@+Z_@e(#U%DfY|@^yonTeQ+F;?O5->i%ieIDeUWsZs5k zZaueL{P|f$#?AP=j$T`8Kmm{jLq-$i6VT(EHVk&ZIK~-p1-UM0Qrem1&dn~mmZj5A zOQ*E~U|?iI65RDld8Q-9_SUZ6@R50tVri5W&V^h1r2|fXC6h1$7!(b`9AoBbK*h?! zp*xE}OmWZ&nn;se0(pP1?9@8r56vub9W!$QR!=A>2kqpB9%hX*x)HDcB>}fa3!}Az z6kdad>KXt(ul*uyX!#UBfMud({9F!FzC=Src-oh~RWp)VsS|B=g-UYIA{R=30I@<1 zC!jh+^zM=%8E{LLnbR15Iqse+f4Ep5{`+9f%q-y6xGaoDraMC@ zlPg+J>3G4|Bb3uVANVNuP7&48`S<39(khmEu8Y3R;N*&7I4g=#j{fRnub%fZo9?WM p=J$1q%c{2DAkbj_ZT?qQf&W}PGYGMuEj&ImIN5^a$vOk>Q=zVfohASP diff --git a/test-ca/rsa-3072/end.expired.crl.pem b/test-ca/rsa-3072/end.expired.crl.pem new file mode 100644 index 0000000000..c16c199a14 --- /dev/null +++ b/test-ca/rsa-3072/end.expired.crl.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICLDCBlQIBATANBgkqhkiG9w0BAQwFADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgMzA3MiBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNTA3MTg0NjAyWhcNMjQw +NTA3MTg0NzAyWqAwMC4wHwYDVR0jBBgwFoAU4cAknhDpJyFlM1j7YLPztd7K2G8w +CwYDVR0UBAQCAgTSMA0GCSqGSIb3DQEBDAUAA4IBgQBBaz8WiCueJJQLbHKgDU84 +vx07XedXlsxdv1xRxCJZieSHVXhlfNo0llvAzVW8MxFBgyyuCpQghIuRBGM4op7I +ydi/tc42A7NRWM0R7QRQrvDe9gMDYM8QUuwGfdSkSjIfyArOHotfy3JMUNcyilLu +yfGWz7jfOLwVISNb1E+vFgcI1X2gih/wQiG3CILUz1oWiQx7u8YtM2w7mY8uIALU +s2553z5vyGNYQs0Hk139rHslj7UrO/3UAuHUD59y/NorZFzvWnj/m+zvBMMAEdsl +SLZVtKmprBHrgh2u1kq12k6ppr0nDBNIHXlZUmlsLafzX98Kwnp6klJR/jcJNZOd +w8g3lLKME5aIqS2gexG/0KzkSPqsbmuIS+CXG80KGw86o3Ho1grvLoN5IaO3wyfC +DDVu6LUa8yqPF+z9D6m0zVbKe6eIu5NXlSFOnJFVEoxRpA7IAPrjEtnI8mnXxlfP ++1uJWSnDL2n0AG8G1mIvuWAffpHdBoQpAUAVVsIOgp0= +-----END X509 CRL----- diff --git a/test-ca/rsa-3072/end.fullchain b/test-ca/rsa-3072/end.fullchain index d9ce71dfcf..1587d5a050 100644 --- a/test-ca/rsa-3072/end.fullchain +++ b/test-ca/rsa-3072/end.fullchain @@ -2,76 +2,76 @@ MIIEUTCCArmgAwIBAgIBEDANBgkqhkiG9w0BAQwFADAxMS8wLQYDVQQDDCZwb255 dG93biBSU0EgMzA3MiBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw MDBaGA80MDk2MDEwMTAwMDAwMFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20w -ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDIUIPfIib/JwIki70sX4Iv -WgJCHLVxAzcf/KdM5UKNpx3n3ILoJMqoFsDsCPtBdbZlXwj8IM+xVlhgqtbhUk8T -9x/emegm+Q7vL3OL6Yj7TlHDi+vclbQYNoKMnL5fhZtd4O3nktVaK5h68irpnqUD -lX9utOV14gSx/0MURW+3Ar8yYwXQgkLolrzhF1lhs9/K0BDiJ5xlVG/xbykKjofd -R/LoohyJw27Y2s5vXQPpqssTXpG1Giy/8J2L0Lrwr1w8sqn6NQ7eLzcB3WkNvxP7 -Mg0f0KvGL7P7qZkB0QWFtfdX/OdROXaeRrNvkf664MQ1D3fOEqrxOXvJfu6i0BSy -Uu8JbGNNYjzxEjY5yrwTt/J1g5pbtNIs4tAnbOr+adQ4f5l5qVHtmm49t1z8+VlF -xs34vI5eW2pAAZAGQ0YT5BPQ45s2DHa/OMYZcAW5LmhS2pnkzs0uupal009Lp7UB -YGBkQhLc9Up5piPF9tau3vCReZBiaZQVzoVb+6VOfyUCAwEAAaOBiTCBhjAfBgNV -HSMEGDAWgBQNwRxj5mlAxcrCoTuLQExx0AmaSDBTBgNVHREETDBKgg50ZXN0c2Vy +ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCpQf7ialcbknwOJb1+J5wx +XOeD7uhdf6/x9zcCuQ6AjNLj7EkIt9XE8euqUx8qGNNAhVs65XEnFTpA01HXyS/r +8u+LclpQMXIRrh/AUAVr0dA4d9lofjVj4A8BYiQVO3pvQgx49ibtM25uJrMmnQK1 +vSAmAsF/hv5xYhTJm+NUhvf4JFN/jEF7mxQ+6fEk24ZGMTt1eYuK+RZ/fJ/mJhRt +XkLV3cSpI80CiIrJThOV7W8eoe8cSdGMalovPjXPPblez7zbDNoYEymYjZMPkN8Z +y+zYdTrSj2qhmXRCg7mo66x50BsuhqIBE0VhCYxcFTMiYC4FNrUy6Z/NC3t3jJrY +A47ZXjFgvOEQcE/RScqHQP0WF12T8At6/BGIepQEbJsdG5Ph9jxTAMgoz9jTcpRo +j6zMatMLyvfcqM8MmNDifqsvvodh0JdjvuWWYlSeDMSITimX780+DRSGgJTv8UMc +2Gx/SAJ6WdVMP95ujrxgQtEmWUgSxrPi9yAjRz/6acUCAwEAAaOBiTCBhjAfBgNV +HSMEGDAWgBThwCSeEOknIWUzWPtgs/O13srYbzBTBgNVHREETDBKgg50ZXN0c2Vy dmVyLmNvbYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3SHBMYzZAGH ECABDbgAAAAAAAAAAAAAAAEwDgYDVR0PAQH/BAQDAgbAMA0GCSqGSIb3DQEBDAUA -A4IBgQCw7NQ64w/NLHEdM3MBVk8oKAft5IYeZo0zuhGv/yUBt0YLo7WDFF6Dhuoa -AD6v/SJsaPkUP4BlomX8XA5SvkRDRHjal75VM5JZqRNtdYVKcs8iF0p/ALFCDSeg -OkT07pIgGXBc/H/7xpFa9zpzO3gvVyV6UlAOqujBXA/rrfNSFrpo0Z2phDll83dB -4my5h+su99Wnm0o1/aXNrrDk4PRiGOCEUth3p7HKh99oh9loDdcXq2u/DBPVbTr6 -QiiCZfYZj5VuowxHNMvnhUWt5207q8OyH9ILKORC7/qkYcTvyAjwN7LXUzElXrao -bFjDDi+qNW5RdwHx/KbJRC93in+SXTXmCarSiLBk1CuZ0xh/Oe6eKn+4WB/++2DN -zCzg1rgsjEamO0MokytaT+l4wdgjlNM+H/go904R1dL59+aF0iqWeq6Lvszg5Iph -OCuKUY7+6mOvnvcym+6sieb3dYrLqrbfINBg/W3+V1aB/1w7MwixoC08PjM42YLk -yTruU6E= +A4IBgQBD9i+gYnwFGNo7Xb/ogaUJxFqJ5mR1Kvb4VGeeGP5LN/KH68OnMGUzsiHI +4qzIROgYN/Xj/qkdEywzKBOJyvzQhvS8GN2Diing+g63ad+Em9XuPzVXm5WuxdEt +OoS94dNZGG2NRln6cu4tNhMSfcOW38LOe798dk4fXBZ2mWIYmNlqW/tt9IKonnSd +F9m9n8m1fxpOFvHHDJIbKenchxKQfyo2N9pbpX3plIpq0QEWH0q5/WTGBUzPokSC +ZJwXuNSdc4wMkyHXsRg8ZtC50g6lML25IpIquujDtWWsigjtMOq5c8VdfgEjgCy8 +lpaEfDNPui9qML10O3st1h31mROBLaH+uUSrvNtSaktLR+l9mxk60WQFdZiJcwZb +P2CDt1S2DsizrEvhI3+NwRAotkMIxwC0UKvY+phMQCb24+XgcS21PCMG3kuivqjg +tB9SNOForjVe7+oRfmN9TckV/IETBtKk7spkyxlfRg8GV+4FpMHpqn6LbVJADy6c +FSajhAw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEUTCCArmgAwIBAgIBCTANBgkqhkiG9w0BAQwFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMzA3MiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDMwNzIgbGV2ZWwgMiBpbnRlcm1l -ZGlhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDYW3SgPbYqzNwQ -CGhSrzCNCx2x7UJseZFkfc6Df0tZMpd0qvJh3pMiVqDq9l96EM0Uyr6iVFM90Ilu -8vAGkLDqCjZ97wXxj52QDZ6+q+qjpeFdCRR+xIYcuuWskHLi4LzX3tT1Y+C8ew/E -iA82sYWl8Sj3PnCrLEnVS6hAA3sbxaZskOXz7JVTqqMj3y4OrcGdC5DuRZY+JRol -ZNEpW6BwtoREvLNm39vqmcLVtSBWqj3c2W9+DsoHdlbbJecH5XqY8ND9HXwlyINb -bncPGMHA092Aw1g/z05viJugF7t574apUw1RKqEkIwtcpEqDZKfK9hPlkTcyYu0W -K0sKwIofDgB7Qp9DSzT60hjLg+oZopA4kbdmhOWUn1L/qSaBXJV1y6Rtwr9Uz0VN -SWIJMgz8njg4nNCI074luKhqojPR9pSijNkuhxf6Rw8vGmEGFthgn3BlhODozyxk -8S/GeXVNtdo8GFJaY2PQwLC9wJ6LWl8M4R3gysOSRqLbRgR6WUkCAwEAAaOBgzCB -gDAfBgNVHSMEGDAWgBRpF7fHLYkLSELPjsjU2qh7LucbsTAOBgNVHQ8BAf8EBAMC -Af4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQNwRxj -5mlAxcrCoTuLQExx0AmaSDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUA -A4IBgQBiAf8LZqkAaCSivUZiYGjhCXvvvN9JoVyyX4gmO736K2YtR62qh49U25fM -wTtCevxFlo4aa1w3mHMROwTZQXC5B2idOKFptc/Ehbcg68jh8SRu8hG6QTwmDir3 -RiTXaAZrubQMzUBO3/8A9ptFHCxBv7OEvdzhfvMu4Jj5EAsME620KuKdK/bx3s9p -gJawmMvmolIeaw8orwbbmP1fnPCu5tVHLE8Bz0cc5ETfbXy84Pj/wBjebeLC+t/j -YMA3rOpEVQJE13fhYt9nXb8l6L2Wr4YyQ2XZF1oqGZvYFOtSULVjHmNujdwiBuf3 -Gfk6RhtW9YimoqdGT/s4+nMZEDy5G6vRxU6jQfq0yaFxsmDFamPToPHqhTa7vEES -qVpKnKbiwEAuSOmKJemaYaL+SiIv6K4QOcQv1U8NjlvhKwsJ7BFg13YXHGbOFZs6 -DAT9y/MzNQIL22n4YHRLI79HyQkbl4FXDEDZ7Ah1ZlzG+wYmXqKiWEvw1Gw5iHOK -DnVgy+0= +ZGlhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC/OgISzWpvmxuw +B4IDrKHFtBqKl5yPredPHiSWk7gmw1H8Kgy8peDsKhRmDdXo+6uS/mjvYjRYUeWe ++3nDxiYJrSN+qPIHRlii0QLJNa8as6hmhrR5iI+lBUnglRJxWT0xsr/1OrxjoZ2J +Y51TQJdPPOSBFbmCyd2T/QTjTPOXdyoGHwgfP2BpgIw1dvoh7K+/jh2NZg+gHmj1 +WSZbzeJNcnaKbwrQDeaSOBSo1blvW80yDmJYPQyhponMtGe++Gd2+3cUMlIDAUl/ +PqIL5MTUH+hcwPgHDZO9WiYZ6Aosfgauli01UDirslfSi5QgvBqcmoy/yj6t1xjH +/v1LAc01/v5MdhlLIYRT1mwqfYE+YQADLmP7ZivxXI3n0hmVbqK7IoEVxUcWnG0v +kFbTJG4b/EcYPNDQbUEanY0po/iU6l0dZGBrqk6ykwF26xE+y5gO2FMK9MI6cu2f +sNZjUJmJef8HMTfcmviIXlc3eGQG65xO5lSHc6KEbomoUEHDOuUCAwEAAaOBgzCB +gDAfBgNVHSMEGDAWgBRLyOzM8FiprNlyysdCmMY4HJh1izAOBgNVHQ8BAf8EBAMC +Af4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBThwCSe +EOknIWUzWPtgs/O13srYbzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUA +A4IBgQCC4NyElfW2vTkhylb4wXXsm41YKhnH9yiStAd+6PMBnrIjdQhIkvvQ9gyp +72DFod5t8JCOnCq5jgf6uxoJOgn+4FhJ/en1gL+fH8T+9LMB9Vfzr3YT2I7G9tYA +C/CkbsN8h977TyblP56LqVh9jaPB34GT6UvvP/w3fhaIeadeH1DTfRg6O2jwKdeQ +cPQ45bfF1EknHJiJfQC/ul/ygp+7F9KNCYwZ7SYPBKYt1ACpZFQcZYzDtcc3ueI1 +ktsDJPSC+3FpmDJ/vgvqKs7SRWLdCw/lXemx91PdeT8wJCxFDMmLDjks3iP0l9Gk +/jp3gZesuvCPoGkHPfZBNqnRvQ0ShQ+ifwYLnnkaOTtrh2fFgjrVowm5cyVi4ecg +XMx38QhpuaT83N50FpY56jtGJtEKYYRKtyFe2hYSRyoT5mBHTTYqnXSeBCeuvD8o +yEB1FB97HSYxCjCCOn48m3wJY9mfUIHoSMC7Q+EXkE6+DEP8sBLtk1knfnp94Vxe +tU+qFWE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEPzCCAqegAwIBAgIBAjANBgkqhkiG9w0BAQwFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMzA3MiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDMwNzIgQ0EwggGiMA0GCSqGSIb3 -DQEBAQUAA4IBjwAwggGKAoIBgQDPfwaxtqkf/vZlLww8265tmTtltO9/x08ZHZ39 -XWjVQsuRfGv1hnTw/H2OAtJA3TgOUkcctXvhWIC302kPnPYeQJOyquj5HCRpRezX -DZWw6lN9TJAB/h1JEvjazikPvG3jW7/0fQOf8B9iDUfv/OdVOTh+SNWxmkswXpdS -7eXwHfZ7VfAdCY3YRX68LjfpuuckT4mWhA9q2skQ2OKMsLyyOVYJxnEX5e4xytOu -rtCyN5Ng+oMZ1HXjjiwnzj/3MuxdWzIkB5cGlXWEj6ZJUTuesvF/zJ+1n+M/P/mq -g+Fc+I2a1XmbgRzLfyzgRPIJQFfS4V+NXA2YsnhJItlIbE/QuSUupPzxOjXfJre1 -ArRCflh0ELlZPYWbX4dbe49EE5WMsjHKNloi+ZbsXvVjt3jQWQ6BjNRLyNMdfJeX -i4yOznxX7wnHDC3oVyePiLIBzwoHyUItE6o8TortcQD1wbIJOOLz6yV3+ChPq+kN -L84z8ZtOYMz4MePMQRh2Gwz+gwkCAwEAAaOBgzCBgDAfBgNVHSMEGDAWgBRpF7fH -LYkLSELPjsjU2qh7LucbsTAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYwFAYIKwYB -BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRpF7fHLYkLSELPjsjU2qh7LucbsTAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4IBgQBuufGGoWttdM4NOJoU -xZbQWOkaWIObpZ+LS0FZDdLpgH9zBesXK1vaHqeD0hHCF5u+2F7FZJyG5hmGwbuE -bbxJDhnrtWkXOaYVpWvz0063FbdKWQa9RidzC4nOnct4a7soEPV99EZPaci3Ym/K -ZMmzbQYO2b9x/X6lNZbw2GPHa+qyRl7uOpNzAG6MHEHHR+GLAoQLsYUEjm75wVzK -JSz/594cBzzqr1jIBsB9it3J1IP1sKOLXiVZZR8YlpBa6hb92tin3FA3fgTByl7s -fVjk+lbqBela3o1RJUonbHe/lpz8IIxfeQe+sCrhhm4zVK6/cpnFLrOrc6AOYi37 -NVxiMRrnMfZyH+yrKHs+ecreOfSq2h/VTYLZXqgQz30Jxmf2H0MpgxHxn5ukro3Q -yYsSCaDJgzinN1uk0uKkM6rLq9+QGH7hXH5iTfPBh6K9JkA4A90N1nOAXupQG6HV -f5AKbuYKFcTCEaZraS91MzWTeCtAf/RJRSatmq+52hLrSv8= +DQEBAQUAA4IBjwAwggGKAoIBgQCindnncWNELSXM1DvmVEjoqyTf7p2HCdtg/k1D +aH1kyFAdxqBV8tf4hR8SwiU0TRdphc5nWACGZeQP+qMZqRY53CWFcilxSNQQ+ofL +aP0uqb023zphMCVnNQRWyBKXc7znNq09zKyq57OOjgqT7VHaABI0bFJC2a694LwS +e3a0Cv70X3asjlwjysJr178JSTPpgmnS7sOwnIEI9eIJ251F78dJzpSmX9H0iADU +Er/l6rCpiWqFglO6HS5+aikCnK6XNVthe90nQSXjG01I9lmdbzSyCeROWatmtxbQ +ufGh79ayjn3c9keKZApA7ttYQsS1QqEVH7vdhgMUhBx14Qw2HJ7p8Gk4jUydOinw +QeJGYa0/6Orjw1Gtf54L4KQR7be5SO6O4pzg4ZjU6DchbNrWTWSbFH1fCPkjZco/ +HuQeA999x+3E8rQtmqdJCa0XDZatNOihYUWVcZEt+mZUQFOjMwlKPUsgIpzQdGCK +qIRSHE8lSwi1Lj29pDISttwRJN0CAwEAAaOBgzCBgDAfBgNVHSMEGDAWgBRLyOzM +8FiprNlyysdCmMY4HJh1izAOBgNVHQ8BAf8EBAMCAf4wHQYDVR0lBBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRLyOzM8FiprNlyysdCmMY4HJh1izAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4IBgQAf4lA0wErKKkDdRRrf +Cc0YWDFqLjfU5eBZydSuW6SgSxmZz3u7H/F1ZcJfxEj8z74jCiC+G/8Z+sIFTOI/ +R1ZoW+WhXZDWmqDyhftDmbdssQNR83eoF3FmMRHjsrSqqtX5zIXmH+y2xnqfh050 +rth1n0QPj08qIUWr5+EQFHUEFGht2lETb+6/P3i0r4hBSd1ZCTYGQ0Jjzx0NFEIv +oDGZz6treRrQlTcuQWZkJb4IxzzOdB/ooE1aakxgjn4D0Qfs2Q8n6UegqAS0XfNU +GFjmGOtSJp1U18Jf0/sPX4pQ9Ge4dtmh08eOjxCVq6BftwOH+4ycV9c2c9k1O9cx +BDKHWtyjlLb+rMJSrfW6SQ7YwjlBevfkv7ah84DVexpNedYxRYurhQ9KpTXynVuN +7EefBVNXRoA0C6h58tpjQQVBbYYJFqmp8ocDbnxk8sllGAGeuwvWA3rvnqZL9Yj/ +KsE9pvt4eEtogpYQjZnzBP911CibO4ebHYcaZpyLiKOyj8w= -----END CERTIFICATE----- diff --git a/test-ca/rsa-3072/end.key b/test-ca/rsa-3072/end.key index 3bbe64a2da..9a593d3e20 100644 --- a/test-ca/rsa-3072/end.key +++ b/test-ca/rsa-3072/end.key @@ -1,40 +1,40 @@ -----BEGIN PRIVATE KEY----- -MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDIUIPfIib/JwIk -i70sX4IvWgJCHLVxAzcf/KdM5UKNpx3n3ILoJMqoFsDsCPtBdbZlXwj8IM+xVlhg -qtbhUk8T9x/emegm+Q7vL3OL6Yj7TlHDi+vclbQYNoKMnL5fhZtd4O3nktVaK5h6 -8irpnqUDlX9utOV14gSx/0MURW+3Ar8yYwXQgkLolrzhF1lhs9/K0BDiJ5xlVG/x -bykKjofdR/LoohyJw27Y2s5vXQPpqssTXpG1Giy/8J2L0Lrwr1w8sqn6NQ7eLzcB -3WkNvxP7Mg0f0KvGL7P7qZkB0QWFtfdX/OdROXaeRrNvkf664MQ1D3fOEqrxOXvJ -fu6i0BSyUu8JbGNNYjzxEjY5yrwTt/J1g5pbtNIs4tAnbOr+adQ4f5l5qVHtmm49 -t1z8+VlFxs34vI5eW2pAAZAGQ0YT5BPQ45s2DHa/OMYZcAW5LmhS2pnkzs0uupal -009Lp7UBYGBkQhLc9Up5piPF9tau3vCReZBiaZQVzoVb+6VOfyUCAwEAAQKCAYAe -p/HSnYGt1Vy21pr0Nkawc/w5/XZILieK0eoRstlpX9zMDfuLxwurx1Wtmd9IAJmS -MIXpviTC/VWnr6WUlLns8opSUSgOBNpEATVUAYDZAv6w6FJHrzKBbSA0IE3jRQmG -x8RpBxf3RYo/sJ2gJMsYvhGjUfR3AsjYq9nqeYj0D2vO7IgohbLzMRSFd0MS2Iok -mgyna8v71v0NzEcR6kfBNgBnGV44OCxX7D6hHPFbGqwbEgNHHdMg6dRWoDJn4NI9 -XdjnXOWNYnh8zBGhRGHAaZiO+UTHZ6aqGuqNZuGgjgibwGMK/6JHrS8uMNo0nehq -WBNg5zUo7NDIUX3SgJU7KYR56vh9pCrmOl43CeWZEG/sXLZ+/YdWpVtFPUycRhRG -kLuSl55LPY0XCDi5q+y7QrM8wn9HIT4/aFiTk5SjMVJBiBRXtmTDUzlPdZjh7e7b -Cx9kM6whq2rcq+2RvVNtNQmdtZjx73bv//nDxi+npINB8n812nSPDPqTtYIEk4EC -gcEA/rRxDbAhRmckby7o5yeDJyR/YPOE7v3LJg/HJ+JkCZ9YHOQ38aeVTT6i8fLB -u5AiSToFC5Jcw8L6xpY0dBmWSLJ2xLikxRzqI8mHHtP6Vb14aPyoa6hlBulUfrMQ -OrYGapNbMzZnaMgFUGhqwfo6JE1S7mm/KHHI662DAlEFalslf6Du8XQPRuu5/3XS -URz5GrrjGK93fbBXJGhdon7ZwRf6SxyYO4EJ/4fU7iqsylZjZxRInarN8GRY3T+D -AAilAoHBAMlVRYvsEQ7LFM5N7qElQxmcI2QxrLJ3ta139UIAeKxh1lYewjaHbWQc -lUHgL9jKNY1oYNYGYBRPP7/Rh1hWsi6SEHaxPsgQbHz3MytSbEnct0yOoaWEg9w8 -ptmIWRtSVsnR0oRdiuclApRpsfuUBMqktkoBpFVTaVNk8Rm23Yn4E6gQy7TGIZRW -6KtdYo4fcJxjrG0iCcST1A9JLqi1j1xfeiJ7lj8zlwLKCjcS352cSlt9tZBqqWSk -rZdLE2RUgQKBwCHU0+NujqzsTFGcWIFDpU8QsP6uueyIt3AhzmFE1+bTTH/h7HBj -wxgUhs4+YW9JcNRrKXplAX9bKbYxA1ycfXLAibgNko1ADvWb8h+tJmY3GYRQcwqB -vpGRcpC1tiUmQmnrksSVqFypnNMWW3/SfeCOiMJ0N1jm7DopvOoU2vRKkQuH09Us -hk70Rqtg+gOeJpRfWITR4bxHLPwABNfto3zbc3qAnNPiivJvF2BfOL5ThTaO4ipX -Iq2Ylpkks4DQpQKBwHpFUCRG7KEYUn1sNOUm1RZjjdbWmDQWoX5FIOzBjofaLypE -Kdyl6JhpB3hnZ4d4XoePgWfZnVYYPvYGkPTkSfggeuEqiZ9E4i4OjsPbnapJ4gQb -hy4XSWFicE4iEUOXgN+2juwWRzpTbrqlahMIdNSArbhKQPwU2R1ta0MbnHWi9IUY -Fi6mOVR2Z31TDHyVuXUwz1HD3zzELoBOCIkrInKOBYWVmsytTyPBgeyqiKWWek4Q -DUk0jcVygX4leRRwgQKBwQDsqdFazYXWbdoTba45rR5sgkTBqik4/wKs6pvutqJz -zy1IpHddED5ToBTuTq5wb4/PvqjvkO5iE3ZSlhmvQphL69zudWhN8R4AbNTaPPap -2/vM13jRQHZXR7cMy4SQVHmJbcDnLJK9iVcLIKbPquENpth2l+VxTSoohM34Rp8J -/ctr2B9wABH9PrJNweP3B/oN27at0OMTv7dj1GBknNt6Bk1tvIDqTNw0zgQ2fyD4 -KDd1Mx6SdXt4zi01xvEuLmA= +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCpQf7ialcbknwO +Jb1+J5wxXOeD7uhdf6/x9zcCuQ6AjNLj7EkIt9XE8euqUx8qGNNAhVs65XEnFTpA +01HXyS/r8u+LclpQMXIRrh/AUAVr0dA4d9lofjVj4A8BYiQVO3pvQgx49ibtM25u +JrMmnQK1vSAmAsF/hv5xYhTJm+NUhvf4JFN/jEF7mxQ+6fEk24ZGMTt1eYuK+RZ/ +fJ/mJhRtXkLV3cSpI80CiIrJThOV7W8eoe8cSdGMalovPjXPPblez7zbDNoYEymY +jZMPkN8Zy+zYdTrSj2qhmXRCg7mo66x50BsuhqIBE0VhCYxcFTMiYC4FNrUy6Z/N +C3t3jJrYA47ZXjFgvOEQcE/RScqHQP0WF12T8At6/BGIepQEbJsdG5Ph9jxTAMgo +z9jTcpRoj6zMatMLyvfcqM8MmNDifqsvvodh0JdjvuWWYlSeDMSITimX780+DRSG +gJTv8UMc2Gx/SAJ6WdVMP95ujrxgQtEmWUgSxrPi9yAjRz/6acUCAwEAAQKCAYAM +karOoAR7du+Q8mMFwwXBkatcnAlz5gdIEeprIJhv2eVQSSvsQpCUmT19rsIF84V+ +iViqwT6bnyMuDLNLcbSGEkqRIasMwPs+Tl6rvpWEefZ7NwU1Ugf/dHRQzzusOvg+ +2loIQolF/JeDBQsxPyAkJFkGkZZSdNEg1N6D0Th6vrIb4oCz3FPBjNTeTiua59Vr +EX1fnijLZ29xBK1wHxxNud3/OUKBJ/gxq7eYttxT+ieSEAbsZBv0UDKFxxoiW2wx +TNrtYz836iYlKIdeuvc5SOA9bLihaCHnqpd4ZPwim/VLFK8Sl8O9Yi5OPBbjMvbS +wot6Pu41MyteB0534gRKXSikyqWf0AvrUGyXXYVMSu6VgdtQvprKqX6MLGgFjf90 +VRna4U94GI4G65Wx16CiFJ8xdfjY4NO3LpQEAa2g9/jKru4hdtlJ5xjQKg8UhsUf +GEsdXtaNbPa9Gpj3r25m9HQoFKDhHZK59GT2NDrRXhu05JOiTjNPETD/wiWuW/EC +gcEA5N9xv/em1gfCkFGv8jbCuAdBo189dnOl5XF/pvgYR0/oqOY5UwMMK1FBpl3b +bGRI1ffvYH+V+o3Iv6ymwJFmqubEc7XY/4Chatzkq/14hgJmijHejxxU3jvwKaH9 +7vGy+jV50wS2aQwNhCvIFrGXf/XYxySxFun2YdeXO4Bg1Wzi5gg0HoWz7WZSavt4 +E2RChVew5bubpMbeYgccGWBmJC2LqPM54+wmCk+1VwNi4bCN+aimIy0nVeZdwEom +z/J1AoHBAL1Rr9a0VA9Uh26PyR2fpyVB+mxOhUa2RR7Pnd4uYQE8qnkb832nkuGp +yA6MwT2noTxiPFBLUSHnezLx/3T62k/wA00/il3plfXoN7mumSieNigj5Cq3uizZ +8mNip+RFIlKojDtN7RjqPd90/mwtXLY/XWznbuGoLX5ua9//dTYiD+WtmmY1RN4f +TnHUSWjorKBMoqnr7EFxBU+usCxuOGLdcvadHPl0M9AP24Z/coBgeIoA/l0SrAGK +AMnKkHQQEQKBwH0HvAJc7h1aW+WvWmj9lV4nSKpRKyh8gRJY8J1sRwceFkG+k25P +6eP4Hd8ewvHxzwBk07ZpvKsFrbdYQDhOtkGCk6uKmiLqSEQyrBFxBNhgk1fHaofP +uGU3ZTm5LxnLnDSn5gdrOaMlXHTp3gLXvaW/zk7sMnoMEfbdadatiTjOpR15Oc+6 +xtJX5YpgGfat/NEPWKoH1T0tDuuKasVKLkJxRyxiwytKJHXZmX0RcoFMjCLpCOmK +j0ST9n9HgvByyQKBwG5B3L6WVz52ZEmnw+FU0euI+WeKc2QzUx4WnEKBkE1AH6hY +9v3/UjPKxZBzuTdHIUghji7VLnModT++YKCoV+ymQ8YBc3wuRf/pNksVvG1Ddxb5 +kDCwv+TPKbNoCY+QE+U/9Cu1vpf8E/zIDkTCRnR9gtOiFZmmcJhphrn19TWJsOh6 +qqlL7MfQQ8dXc0l9+MuC1llP5VBXmlhFzKSTrJMnlYS7C9zcKDDMi3VRVEYf6RO2 +cG2UKkjbLopXRrnRgQKBwQCUibwAah3OMOIQR0iCyOpKdSBaZP4giENpB5haHx8H +rUUxEq8sL3bSnmTw4vKMd3tycVlz8Iu7ri4DGUdgOAq/i9muaBorrpqFU7DMQE8Q +7vFaJmQniPaxGej/sBHXaMNRJz+pJwWDXJX56ozgZ2fgjhi9Mu5wPEsiJKpJ8mZp +3CCvtmAkNRg8enoUaRhZ6ysECVly7oUlHnU6mTqVjtg3wToyLmi8BXlLA6ufxgjh +wTCMu+0MD5R0oJw1aj9WeG0= -----END PRIVATE KEY----- diff --git a/test-ca/rsa-3072/end.revoked.crl.pem b/test-ca/rsa-3072/end.revoked.crl.pem index 758f3b15f5..e30f58afa7 100644 --- a/test-ca/rsa-3072/end.revoked.crl.pem +++ b/test-ca/rsa-3072/end.revoked.crl.pem @@ -1,15 +1,15 @@ -----BEGIN X509 CRL----- -MIICUDCBuQIBATANBgkqhkiG9w0BAQwFADAxMS8wLQYDVQQDDCZwb255dG93biBS -U0EgMzA3MiBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNDA3MTgyNDQyWhcNMjQw -NDEyMTgyNDQyWjAiMCACARAXDTI0MDQwNzE4MjQ0MlowDDAKBgNVHRUEAwoBAaAw -MC4wHwYDVR0jBBgwFoAUDcEcY+ZpQMXKwqE7i0BMcdAJmkgwCwYDVR0UBAQCAgTS -MA0GCSqGSIb3DQEBDAUAA4IBgQCd7J05etqDyqlQIys2a/DbUrWUaiwBoW9YmaEq -H+Kcs8oZYPdbFJxKkJPl3MtEejvmuS5n3gpqDgr4CVyGB4SctoS2KJ4zZcVpbcTE -bfWJXOYyE+AZrNx+NWMWmap6Xmmq7m3BFxxb+RFscQcyqPCKSbkp4yD+Ay4uUzqx -TBo8P0oLZiP1oZVIwavM2ELCu6DCkquUywGrnvLrYPLd1oVfAHXp/bXgGlWRbDeu -kL9qbbwoylJOzm5DABFjbsT+AppVioXcQ08+gGCtxlzfwAjxl3CE+JE48Theh3aa -DMnxC3p1zTHDyI0/MrDzCX7WM8XeNbrGO3hv2mw32wiS6WmICFufAd8jXBh58jNh -DtOA+Mm2/ZwVtqGR2oJt3mpD/LvALZnCjcf1dFUFJEr9VQf0DIfK7r3jKy2HxcxM -RRhj3chgnTDkm/IzZU5QAoPCXddYbqc41KG67X4b512z1Tzd5q80vRb9k6dv3alq -bGOpAlwpiCZdllFvQXhrn3/yUcc= +MIICUjCBuwIBATANBgkqhkiG9w0BAQwFADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgMzA3MiBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNTA3MTg0NzAyWhgPMjEy +NDA0MTMxODQ3MDJaMCIwIAIBEBcNMjQwNTA3MTg0NzAyWjAMMAoGA1UdFQQDCgEB +oDAwLjAfBgNVHSMEGDAWgBThwCSeEOknIWUzWPtgs/O13srYbzALBgNVHRQEBAIC +BNIwDQYJKoZIhvcNAQEMBQADggGBAC7W0+OtIfTaZdo+65OxcrSIKl6rMPhIPicU +BXqs59vQAdes9MgU24593pF+IhukPfyDAXzui/TfpPzlGmR9g7A1iYv91RlrQ7AM +jifiS/k1X0eN9KKTQRXI52eYyAepbIV4XYyixY47RESRf/50mPZkMavRocuPXkUb +kMfTMRjSNAEYUKBmEsuB6AMshXXbZeDc3Yi0sBajvXSABpCzdEkysAhcmSv5taz6 +AymoMAXbPMfkcxQPPAbTa1htsoQPjn11CcuRidQctIl9bBMtQmnnhDTUuAcugpor +aBgCU1Q9EzfUUhChYHrk5jtSkGoveOAbzW/jldqOCt1jus4ahkxjr5hV/Q1LoHSO +dZS34tqFka7G8eVgdzuZvHyhGhcbF2D2A2lXJiUzAiIYjC3JNKeQcLGj+onxQYI1 +8nhf7gwJAxMN+MjVg+AdTQE32Mt3wYRGrVMU5OBwe1y+zG89l56q+CN8oyZgx8IS +8xEWMwo0DlahECzgqzikqRD50JlXWQ== -----END X509 CRL----- diff --git a/test-ca/rsa-3072/inter.cert b/test-ca/rsa-3072/inter.cert index fc48a316b7..63a0790a5a 100644 --- a/test-ca/rsa-3072/inter.cert +++ b/test-ca/rsa-3072/inter.cert @@ -2,25 +2,25 @@ MIIEUTCCArmgAwIBAgIBCTANBgkqhkiG9w0BAQwFADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgMzA3MiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDMwNzIgbGV2ZWwgMiBpbnRlcm1l -ZGlhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDYW3SgPbYqzNwQ -CGhSrzCNCx2x7UJseZFkfc6Df0tZMpd0qvJh3pMiVqDq9l96EM0Uyr6iVFM90Ilu -8vAGkLDqCjZ97wXxj52QDZ6+q+qjpeFdCRR+xIYcuuWskHLi4LzX3tT1Y+C8ew/E -iA82sYWl8Sj3PnCrLEnVS6hAA3sbxaZskOXz7JVTqqMj3y4OrcGdC5DuRZY+JRol -ZNEpW6BwtoREvLNm39vqmcLVtSBWqj3c2W9+DsoHdlbbJecH5XqY8ND9HXwlyINb -bncPGMHA092Aw1g/z05viJugF7t574apUw1RKqEkIwtcpEqDZKfK9hPlkTcyYu0W -K0sKwIofDgB7Qp9DSzT60hjLg+oZopA4kbdmhOWUn1L/qSaBXJV1y6Rtwr9Uz0VN -SWIJMgz8njg4nNCI074luKhqojPR9pSijNkuhxf6Rw8vGmEGFthgn3BlhODozyxk -8S/GeXVNtdo8GFJaY2PQwLC9wJ6LWl8M4R3gysOSRqLbRgR6WUkCAwEAAaOBgzCB -gDAfBgNVHSMEGDAWgBRpF7fHLYkLSELPjsjU2qh7LucbsTAOBgNVHQ8BAf8EBAMC -Af4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQNwRxj -5mlAxcrCoTuLQExx0AmaSDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUA -A4IBgQBiAf8LZqkAaCSivUZiYGjhCXvvvN9JoVyyX4gmO736K2YtR62qh49U25fM -wTtCevxFlo4aa1w3mHMROwTZQXC5B2idOKFptc/Ehbcg68jh8SRu8hG6QTwmDir3 -RiTXaAZrubQMzUBO3/8A9ptFHCxBv7OEvdzhfvMu4Jj5EAsME620KuKdK/bx3s9p -gJawmMvmolIeaw8orwbbmP1fnPCu5tVHLE8Bz0cc5ETfbXy84Pj/wBjebeLC+t/j -YMA3rOpEVQJE13fhYt9nXb8l6L2Wr4YyQ2XZF1oqGZvYFOtSULVjHmNujdwiBuf3 -Gfk6RhtW9YimoqdGT/s4+nMZEDy5G6vRxU6jQfq0yaFxsmDFamPToPHqhTa7vEES -qVpKnKbiwEAuSOmKJemaYaL+SiIv6K4QOcQv1U8NjlvhKwsJ7BFg13YXHGbOFZs6 -DAT9y/MzNQIL22n4YHRLI79HyQkbl4FXDEDZ7Ah1ZlzG+wYmXqKiWEvw1Gw5iHOK -DnVgy+0= +ZGlhdGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC/OgISzWpvmxuw +B4IDrKHFtBqKl5yPredPHiSWk7gmw1H8Kgy8peDsKhRmDdXo+6uS/mjvYjRYUeWe ++3nDxiYJrSN+qPIHRlii0QLJNa8as6hmhrR5iI+lBUnglRJxWT0xsr/1OrxjoZ2J +Y51TQJdPPOSBFbmCyd2T/QTjTPOXdyoGHwgfP2BpgIw1dvoh7K+/jh2NZg+gHmj1 +WSZbzeJNcnaKbwrQDeaSOBSo1blvW80yDmJYPQyhponMtGe++Gd2+3cUMlIDAUl/ +PqIL5MTUH+hcwPgHDZO9WiYZ6Aosfgauli01UDirslfSi5QgvBqcmoy/yj6t1xjH +/v1LAc01/v5MdhlLIYRT1mwqfYE+YQADLmP7ZivxXI3n0hmVbqK7IoEVxUcWnG0v +kFbTJG4b/EcYPNDQbUEanY0po/iU6l0dZGBrqk6ykwF26xE+y5gO2FMK9MI6cu2f +sNZjUJmJef8HMTfcmviIXlc3eGQG65xO5lSHc6KEbomoUEHDOuUCAwEAAaOBgzCB +gDAfBgNVHSMEGDAWgBRLyOzM8FiprNlyysdCmMY4HJh1izAOBgNVHQ8BAf8EBAMC +Af4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBThwCSe +EOknIWUzWPtgs/O13srYbzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUA +A4IBgQCC4NyElfW2vTkhylb4wXXsm41YKhnH9yiStAd+6PMBnrIjdQhIkvvQ9gyp +72DFod5t8JCOnCq5jgf6uxoJOgn+4FhJ/en1gL+fH8T+9LMB9Vfzr3YT2I7G9tYA +C/CkbsN8h977TyblP56LqVh9jaPB34GT6UvvP/w3fhaIeadeH1DTfRg6O2jwKdeQ +cPQ45bfF1EknHJiJfQC/ul/ygp+7F9KNCYwZ7SYPBKYt1ACpZFQcZYzDtcc3ueI1 +ktsDJPSC+3FpmDJ/vgvqKs7SRWLdCw/lXemx91PdeT8wJCxFDMmLDjks3iP0l9Gk +/jp3gZesuvCPoGkHPfZBNqnRvQ0ShQ+ifwYLnnkaOTtrh2fFgjrVowm5cyVi4ecg +XMx38QhpuaT83N50FpY56jtGJtEKYYRKtyFe2hYSRyoT5mBHTTYqnXSeBCeuvD8o +yEB1FB97HSYxCjCCOn48m3wJY9mfUIHoSMC7Q+EXkE6+DEP8sBLtk1knfnp94Vxe +tU+qFWE= -----END CERTIFICATE----- diff --git a/test-ca/rsa-3072/inter.der b/test-ca/rsa-3072/inter.der index 537a16ae39b943370bbe4dffb45638cbc463b316..6dd106a2633f54197f15d0583bba369ec45f94a6 100644 GIT binary patch delta 855 zcmV-d1E~Df2-OIXwtv4m0us$?Z<`yi2Z95vp~bWsikF;^t>;f3B$ku7Cc{zuDh#}( z;Or_CW)0Qo`>T@vXzyY)SW)Gk`+390CJC)0eyH*XMp&ZJ0?9S68ndWohO~KzkEI1k z;FS__Sv@hbzx6u2W1*diW1Uk#mrp$8ffc!e$=#Fv1mjHemw$IE1|J9?KVWHqj5T)p zA?&Zejvb9=51<}s^;src&EidRc8YHb&<*C2I25SWxo=y|G7e%`Jq)3yiOjTTzW8T$ z`*##FQUd`=e?FoMhJ^R?c} z*l&}t0wsTf;M|0j^|rk^A<9X+BjibTefs^S=??3!Eein#%r(S;_P}6-FIy-3aDc6v2^f=|W#neeB z9GHoH0Kd9l@`9hc7t)Ohj2Z1F4+N$y)BveuR2*fD!?njZx#BgF+XE!@g8Ol4m@9O}y-FZJSBrHV?$%_s-EZ!sZm(isDI(LDWth(@zplJs^_CYqO z(Y=2S5`_<be;q!uDm}e$Ut=zAA21pF$yq(I(|Hxdh@oH5X}_IzM@o9J?&i?3Gihqa)ug z4z0nR3y|(bmOdpKC1lYlTcB{ZghafvX5ZWDnZnhzAXch9+}Uq_4$231R@)`#2jzO0 z@X-Aod?m<(TW)s`7{S2P-GIYbKhI8Yh?}4nyLs=1sZ$M6DxoAJ3tXg1gJh@5_7mli zH!@=F7As2%z<-J#4gh;XpF>MD`qCK7gX$TgkT{XIW`yOGpHly+CV^a)b<3n}!oO6{ zMNLU!2{H`)o;Wz1(1_E%CAg?+qBGI?0z@Cd*Uku?L;L5|2MxxtB1TT77Ndf}_00E0TsN3=5jzCgL2$VTXq`BrX|>P9g|{H<$l>uMZt@YjK|Cf7D)&Yt*JuW7 zxwH(;Ku+KP0QQ?j94tY6DjA#D6zft@wPPM*ZjIa`2Iuz~`8q}$R`rOcqNher`#Ab@ z84!Owxf`p|#ZIF^`n1WRak5~=YGc!&@#=*(ySzaXsai^$rsBXrE=cK$CFz=BqW(%E zFX*liIm9p3PYsS+;VTOX>=9tsb{8CG&J~+F3*U4`YOh4(j*;oRt07f`PS z#d`HKt=WM5nl-1P38=N40(8grz=p+f#6iV9sM#oFYUcH~Z#C0<>-ustcz!ZaWY(hvcC`{rGuPszW+9Psa1z=hNmwFb@LD^Qf9N`FXq^p~v^MaijRf6o1| z*7tGdZp5A`l(OH@nLKUO{nCvDdXTdaCN)ep)!WhkPxu#si+h{Z|1|axV%}&WFz%dz zCnAT|vr+`%ql(j2sam(ZLGC?A^3Tz&Vjx{U9h|`=AB(q4n-35hnTiYe_AFy6Z7{FI z05TxnBvmaZa({R+Wi*!-*=dmQxje7bm48&jLuIHT=uG;J+L4DbFho#O`N+!LqNjW| zME%yGp=eyZq07T!rAfFV_{hC{J-Boe&ds`#MxF2Ou%4+7pntdDYYW>Azs?~_W|q7_2#ets z^38tHPGgei;_vBmZn4(lb=kljrjg^mT5Y(Z861u!v?0a%IcMT6kyb0-R&QO1P1Kfj zoA*NKum-kZc5SE*gE%0IUSbN_mW5TtHJiU5tGk-gTj?4+zljiSAl)l0UvSZtq*}vM z1$$7!rZBZJE58B*0RRD`frBuCfG{5h163U(1Q;+DfE2x*6SL+OKI~P#r!5>NgPd$1 z+FFy)0y-4EofEU>6+Y}$zNal5CWD-8AKF@z9s?zR9Zb8K`f}^eI8OJRQjuyKN#jdB z->~JmX|K*yMA0z-qd3{c`K)@WRKoAomdMMpJ3@3V0TJCVA$b64*mj)(3K|m+5S^Ae zPs^`{^48|wC&%ck(u~rI6A~*82F}7S^_n7&PVH_k8OYX)}8xI9wcabTZK(4237Nb#WHOunjCo2q=iNlqBk|He0p;cdX_ z2zIDzZv8&}w$7~H1J9;1d#cxRw#J0%!?1Uqzb7Ys-B%ercs~L{)5is zCV)#}6?G%5tQCC-2Ht4L^7(Qeg^|n`Xt~Ys%a={#2nUI%bOM f7g(D2s1OY2LD3+sKj&sH&J~uF;cjUJBr5=hGT$%V delta 1113 zcmV-f1g87L3d0JJq<^4={sx=WC>FEZ`JMd-AM~W;n50p;GTpp9{nC7HaKPo!!mcs; z?}1&Pz8knjAdGAOv>3na>Vi4~Mx^;y<#TwtDAh42BC^{AB{loD-8)mI@bXIa++U!6 zBw-2m(U*dJU#x^?rbSo@em*s^)a{7Sh*8%~S4?SC!}5eo)qgA|Fkjt0g$l8Y2rLIq zbODasE;v;w3DmoU>k`)bamC`eW!8K%pmD86a)JIbgWtju18mYmdah6U1~5mUTrAjG z+U>6EiCv)_eR1Joqe3|tgTx6>?lciKDtfT?ebVYK*5p%;__&PD) z+oQs=AS)tW$bWT5;oFm;%$urei(*}`ez3ZkY<2>&n|CbIC*O|c2sIA6haq56quMXr zN!fmdu$=sP0Q3POcBR!~XXj9Xb*5-$sQQGs1G&Y$ik-M(SlPXWoFHxE#=>i=QGw~T z04~&k{RlE9skN~svzu_%eCpKwMDPMVjG@J}K?IfZ1%Etk*5GqE5u4*F?%l`>#o@w* zPy4loKl{K7M}ee8cs*B0RRD`frBuCfG{5h163U(1Q;+DfD|xh7}B1!c%?RMR*ZSDdr=YG zeY2C$0y-2hW*E|*w0Na9Y*vhUuzOJv+2D>bzfC!}YaZVey0$sFR?e~f9bu^whi8F(u4fK8T(@qhd#d9jAxkQBl;CDno0J_#Fg-I=rSo~UKh~5S!FDv z&%L*^!43R8R%`Zra%ESBgMlvDEClu$v(-QjQFO*juD|R5+jG~J(YheTj76+bn@l#s zn|L>7CUd2J!`>skafq#9mS)T%dqIPVqnaFl3nq5T<5)FA7-Xs3+J5vi!wSam9>_q64 f@#B8l?HvDUTZ?Q@Ex!guW`sFJ*xNJ&bZ9}*p(1v(dz1gAE7hTh}p zlpuzs93dflxCowZqAK=dFfKn_ewrMn8M}?EVLJUJmm4$*k$=LSAkESzN}YxnF2D5N z^Dds3ZZO?FksVkC!lUA1(V29bhbdtkjH7PVMV{k|*Q7awka1;9@;;frJh+QV!umhz z3`07~q!hV*5e_L1V``0ao_GlFMHZq>uun0?CD^|5x^8syD5q=2N1@ z05qL2ndHq<^jK|)6uhm8DNn;=mtb6rKsxDvdDBi^=>DMyKXXEdqa(@cF9jK3(Qp%Olq&#eA!V-Fu z48J>0*a}8_1<3#cXMd8aZ7wi-gEC(Mg_mdaCyza@=fJ)z$p)f)>Sy-4Mfx-*V}9*g z+z0kR5oxZq)B6#bLZVJAnv0FA!QK&ysD;#tik95_(?;8E8ta=-2#q(lYWe zA4b$qckH6#pIbNM@OnOe%L3AazKg&2HR4;V)|?j&T7HdzFqy*1#?;T}G>Dl5JSAPQ zV-Qk0bUR?-YQ0_BAv~L(h<0*#ZhY^n!8vJR!C(Rh5}j!r`3q$T!!I`6HVTW$nm2A} zDJaR99sUv-e2YVW-2{OB2omQ2f5+jL!G6wBIAnnD!t zalG!p+YF()f@9b%tBmQ7-S*-Rn{dp5f*d}TA(iTiV2Cp$jtJEB`nH0yWgP(gpfj4_ zE}D040Fk|aO|p-C!KLPjs6(|-FfV|S5Lt$pnY;S?4_#Ly|E-c2#wLtit3b7;1-(=0TA#7(Y2v) niex!-IH2bY*tC`ygxjVsmIZ~4E4!hz&@yhs?*~)_gRfq{&bJ8L delta 1069 zcmV+|1k(HK3hN4xv469tGWaqKP;9uYOMdZMvD@__&F`NkQ+?)T-h7hL5R_e}#NEY= z_rLCM>@coRl9~eK0M#m`zFmFVV6w!|62>UC*6(|qLRWSwybt9*Nf1OYpAkjGXzWSqk@FgFkFQkYoI9c;AyG7yU3mD=>QD;hIQ$iOV1k8%Mu;1(lN_wK zE-A;}!~^Y!I>-HXB%E#M@VU4thOdb`I&sE2wP{!ib{Y5(JK)|RM-{*}otHqldlx)` zh!Ugvt?cj-@PBL&gZ2rFLm24MfjfK;dJBaoK|jV-(4m9gG%AKM6Ciu!bW41iS=JxT zh3i}Ol6y60nZU%!wNnHk9=q0bwY*zV`zTfV%tsMd?PL7p7^)beSCFW)lFYTjX{dRBZkni#$dbcZ)m)KuDoT2UZd zqhSM9-Cj@_SoZ9@JBt?69bYM-7^3n08zJ4VUyQT?iYK zLMp;|4+KlH*YA_D0vHrMcKanqTDf2*wM)}nTA8=CxX7lH-2#q(XYbf9 zn`9+3aaQj)S&3bLj0AE0QQ7y|UxxnpR(5 zsu{oWq~o59Ax2A17sOhA3H8P6fUm?a*}^Rg6BTv^_K)2=JxeTJyJx=@%8!)!j-r*N zc@zr*R`p)65%FW|#Rq)DQ^vLK)lCAcDp_5{SPm)|#RSEFsG$C5%B{h2N&!~RW!D=< z9Q_l|Aqr2IP4v&KwZW!*=6QpjVb~DHm#S?#%Tnwh_c)UHCld6@@h zte%-HeO#o)De3{dask1x*?l|v1X0KZ5l?4Q3bw5x|A3!TN6|dE;zl!x$Bx6+4D3uY zMXu;jK$HW28`O*eu0u5anMVT!1|&hPrzyc0UIM|Ux!odL|}+tV5%bp?K|ynj}e6cW<%>pgxSyA~0=%7*Ug z5_jTtK4op1rs;Zi>3F%zGUY6`b%De;sRCNFO;OhiQPiG!*aN}*Kt5VITI-$ytPL(S zYDVI2M%g+=itobPUZ2Q?tv&Dw?ic#e&;o5OO%a@JFK;=UhZ#R6y zRGK{ks|4`3XmyjY0vHs%CZ~OJK8>;#tik95_(?;8E8ta=+yZ%jfpiwD<*~7}_2sjl zMBmbr8oJTN79`X0fEul09KftM7dM(z+gL*SKcEa%IRIJIw`Hb4$Op(i!D5^}2 zygayHQwat8QIX1jQCD%hUmtJdP>9pgE;Nq>gEc|3%POyNWQ?*Ye^mey+Ja1ovLpay zdA9HKxE$`Zz8X`H)blG7ZB-gZH^2SH4PN9~PB(bI-OyNUG_Y+u9h}|Mv;UH+AP2P9 zHD$q98dp_q47@weVw--HBg<~3%Z{4+UDchRI9pRiE-L?jVdy$wv2b)%&j{pjxe4NE ztrMiz_DPT{r1G$_L|2x136*(v_ZUpVWJI08TlA4bB@r{253@XK%ym1%Q>yr~$R7Dh zw2w`-3i_ygEspHkiA41_Na5MORibsYjXiA~Yga2P0;0V+ixe9z#jzL zj8`k_5l6Xy9pxJAGN~6%jj1w^@>7o`HBdgHIrWA zI*E>@1+?So-QCAtF=YuqwM%nBMRj@brg0Sq-OuL0BH~l-+z?>Gi{tmF5q?{a!qHPK nd%wHE)H>8q#`uZvD5F@Les&}J(1Eb9h*U&n%M}0w0{6!tk{KD* delta 1069 zcmV+|1k(G}3e^gbuz#kdZkU$oY^>6-n80Q1i^g>R{T>7+_SZIDy~4vzyEGuAWEzu5 zL5?OH*q{?@4EDEH^!BtmE%=nBJo+QJbBF6F9y&J0feO;w0k_dU_Y*b4Cvk%54SGQ> zra)KpoN>i)$lW+H88iM{gx=^_Li!b^c=k~NA!RxRjsB5q&QsZ-sytRL%C}qEJ2ZgVyX{e z6bG_hwz2Ykm?H0@-<%c)WN{Onn@n(cJB;&?YdJXGmw%N_`?V}z!4CRuQcv?e!eu6r z<@F^$LB=_cpc+|CZ25LMqAy;*?&?kXf7ETd{A03e`ejIhl0?w!IhcE3#{NyvQ|XyO zDi4tPBz5bnv%`j{U<{Om%l>8Ct&`i}CyvopnTw?2nUn#}`G&NtAF=+6k(9&O5MP}- zIXMG3S> zq+-<4$4I3oK!<9-0CSW5reJy1Va=x|(S?_g_*m@f*vYkbwbBTAChZeZ*z7640thmGBE}4@}ZfEX*Y^6%jXYY z2n5{dp2cbPSmgM~bJymW3`un7ez!UqZ*!Isq!Bv<_RoMZNi1b4c@Ti{yL%IpB=ET@ z+o}#S@?C^7W1-~RdP(W06-5~I(!~>D&(0c=b*8%wci!fIc6kmqkMuSAL?H=El9N*8 zL}dqF{7wGP?gP$^*H+^0jEJzD8-X#Dt&aQ98H)!?)cafwixzIXpurqts6) zH3+je&o+0#RojUBzL*$E?_dY6GgfsKYJufZMf#Heb6aO&18>O6)FW_2`<-F@TKv3a zK-S>}FkXOvlp0FbvqgHuz-97&9tZ41cJeh>J9at?03Q*%0KB_4W~G@`u^<~YdcS|F zYbM{vX$oBK6JdUny<&fA8?Y%6k)>s>#~_cWG6}i=F#i5QzKwgzZ(bbWOB#)l{#_s< nHAzuam)HXBDE-YUWb&ar>YSI4K+}|x4Hxq9w_H*Lj@tpx;*J(U diff --git a/test-ca/rsa-4096/end.expired.crl.pem b/test-ca/rsa-4096/end.expired.crl.pem new file mode 100644 index 0000000000..bd441cd7cb --- /dev/null +++ b/test-ca/rsa-4096/end.expired.crl.pem @@ -0,0 +1,17 @@ +-----BEGIN X509 CRL----- +MIICrDCBlQIBATANBgkqhkiG9w0BAQ0FADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgNDA5NiBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNTA3MTg0NjAzWhcNMjQw +NTA3MTg0NzAzWqAwMC4wHwYDVR0jBBgwFoAUvSanfXI+jbIWrMHoA/hJQ4Ir4FUw +CwYDVR0UBAQCAgTSMA0GCSqGSIb3DQEBDQUAA4ICAQBMan1+ztOuDctKt2kHzy+U +s1PchS1vmatBvqI8FMc813nZ+J4HQ+IJX4i7E2RqsA7EWDqFlMocvQuBEMMvE/42 +MtFhNKJ0OVcJuhyOEDI17lT4y4J60P+GclHovfvoWiZoOa/wwh0JMQfLt39adYTP +VPJGimWjjNwyG1MJiiLDDVp6xYO2myzwOC1mKaSxANvEnuGZoh+Du1PBXxLB8E+B +Qrfl2TnQKxllzh7LgIwBKTuO5lp7W92vFa0G1EO+f9gBBoELcoG0xB05G8jfGel/ +SvWxEFDydjYZwOgl5TC1KcYW/BzEnuLb+o9yFHoHHrpf5Y3TZFnA0TS8Xj8iLj4n +Su7wBPYOFQJHmMeVRllLYCQzqFxC3Y6L0jUUn8Exx/xJX/WL5yCZMh6I4ThMzZNh +xrAgnU0KlQ6z4X2Oo0sYXTn00mbN7mQPjzBgogfpyNvl85T16MZuzlNLC2CrmtMg +nmTrbjEjQp+uozhKUMSNj6BoLyR0qxxYILmtFFKr+UvPoGVDjNB9PfqM5PJF9flD +HFWpB58tFi3I1yK3HdXeeq/R22Jn6RApJehHi7F9mxZneN/V1U00wP0rFF2aruqW +8VGQ0oCNamy/G1/ChRCWAm/5ppYoBfLJSR/fH5PKm894cWyWrn7fZYJYc6WoQGZC ++zpRZEzrOv8EuLnM6SHRxw== +-----END X509 CRL----- diff --git a/test-ca/rsa-4096/end.fullchain b/test-ca/rsa-4096/end.fullchain index 31188dd24d..3156d89094 100644 --- a/test-ca/rsa-4096/end.fullchain +++ b/test-ca/rsa-4096/end.fullchain @@ -2,92 +2,92 @@ MIIFUTCCAzmgAwIBAgIBETANBgkqhkiG9w0BAQ0FADAxMS8wLQYDVQQDDCZwb255 dG93biBSU0EgNDA5NiBsZXZlbCAyIGludGVybWVkaWF0ZTAgFw03NTAxMDEwMDAw MDBaGA80MDk2MDEwMTAwMDAwMFowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20w -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCmpW6YlulsrNKwmMBl7IvG -dP79HgQm9tc2Xb3Cw067NCCkZBqTSEGOJhvYoBNrDPa3VvT2tDot+JSlPPojuHOH -6ygeOjbGgQrS2wG30T73EzXDJ3GC6Q16QS2mQFf0nHHO4hy9B6VJBFRdwL4amYGX -sgTakeEZOPXNYp0t+bXduV8LiKpymcZxnj6prI0oeeFGiICSLxB+A7EyVeoncVD8 -2PMT4LOoAaxQyfjZsWfIbCcM64ohJLYKITkZBi3fMxsaJTK7XNoS/A9+R1fMbdxz -qrBZYnx3QbwfO+ebzxkyPzj7ymwLhMEJkRWUq/d56xp8ZWKq6mYN/CusnkuGCScG -Ma53tQjRe3Zg2sWt0uXhUb5f4BIc2zTv2hCy8u24CG3eWDtmFJ5O8R8dK8TV8DOh -NTC3o/2WKOb2lqqX9By9MEf0gClVraYGpDhc6d7pgs9DuWshLEGRgGKqD2EUB7Jd -trHyfZgi76LfnBYHZHETnZtMcHg7jPOQazk43ZeVTfu1LF/BDvptUk/zPcJlJpHl -9SU/QcY5j6AaWU1s+XY5oi9ev+7qTfl/1G26/GOyavplSIKSRNDrOZh7YMb+TdBT -6ZlBKg+Q+SR166uzw4aoYAyUhMv+Zdutk9vgJ47RVpmLpOKZlAHO+Ya0rB+x/ouR -lMPYEF+dOjk5A35vqPEerQIDAQABo4GJMIGGMB8GA1UdIwQYMBaAFD12+yVHWrlg -JrVL01xambe1uMimMFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29tghVzZWNvbmQu +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDI7S3JN7QWe76Jgq3BRXNU +rGTMyFUicC+AHvAtJbYiTXucZ6gcTDyD2KQ4h6FHbDflhIBC+Ya49Pjaz+eV2nyZ +qyrDUYCcQbi9xDctUo1E4GgcAKsBnYhc7+zuo1fax45KWhrgpgkIxd1f3sMcRtkQ +jf4JIT9+fHMvn1e6m/thKCXcdu/B7gUuXQbmUdGHkmjZQVvJ0Xm6tT68iz3/QUWb +G04mv1nbqIzJ1PY6TZ/8dYV2M4Q/FY4Jvj/FNcr+JUQs2GgQMR6oh6Wb6oGnowYo +49aoDyJwAVJbBzwW4GQ5+E4bJDr+qmo4P3Qa+Dn2ldPO9Kz9XLABDwd5YFP0Ks6q +ervGfD77cW1sA2kqO/kEM7/i9rst40E+kS3kTLrspIxhBZ4sevtKfcGHWmD7bcVj +txN2Z5991mLsfx0V+owmqmpLarsffJmAOcxLj6lWrFb25fvITZ4AvsUHGTM8k0eO +LmZUJS6qGztkk/0olzvG6QzhhzPb0xoidQV+rrxWlRQS0vLrPX4fuxYRvMqG7ukS +d+J1PmVtmqbpenbpeLnLMuUstnWBxDepAlqzTVHXC1HUnnnYA8H8QD5aOVrrngKs +DS40akbitbM7IHYSrSxb/DO9KMvPFCes+Sj5bPvZSrPFhvaKUeUr4dpxP8uXjchA +5UMXbzd8w1SaPQKr8LdodQIDAQABo4GJMIGGMB8GA1UdIwQYMBaAFL0mp31yPo2y +FqzB6AP4SUOCK+BVMFMGA1UdEQRMMEqCDnRlc3RzZXJ2ZXIuY29tghVzZWNvbmQu dGVzdHNlcnZlci5jb22CCWxvY2FsaG9zdIcExjNkAYcQIAENuAAAAAAAAAAAAAAA -ATAOBgNVHQ8BAf8EBAMCBsAwDQYJKoZIhvcNAQENBQADggIBAIg8KDmQR/+Fe8o9 -5houTeE53KqSe91v0dqyZzRYudz+iTtIDw8+A7O0fo6gKeYK+P3Y8winVgSNkl6X -NU1rnkmkYtTSx0ilJ0CHar8Ac5P9pmB51WHNpybRhZeQ+Fjs6tjJtXe10hdIFqFu -B/g/NYJ58nUwpqHIA5FyHw2TaxiY4x7WLtqi09HqPXgfkmtgb3N2Agx4MXoyMQXw -8qGZimk3ijDL5w9fCATc6J7FafVY5PjIc9fmmAxJdOd+tzoZb3OWEqQROwP2z4Ax -SSxlKXkQgPG7exOTJPC5KduqDjLyXYQyY6Hk23pJ6acVRRj00sUTYc/OGpF1prsN -d97mdnkONo/0NfpEIQlKkpNS5ERlB178Tf7P7gPOjdlhA4FY8flX8rVorL5GabLE -hJ/lUTq4AMO33SCBta+rOTxDJ6PUTyc1CLM3zzZ3wVXbiPu+mBhJ72AHrjNWdRVq -geVRRfqS/3NbZ2EDb8jK1CNwRPudYfxa/LxlQNbhBTBegJQaStazRXrEwGXyfh4H -7ER28jVXO3Y6CwAfEbsAvLs2ZqWZVbEgGzV6v3+qaybfx2kKXO4TYX6TvWJ/ahuw -KRGRpWWuxyCPqDIJuf8w/v5Bvo17ym9eHOBLGo2R/l0gIjVJUVSX2ALtKP3NKmTy -oTzqnJePQNOUkg0X8vG3XFKO2wHP +ATAOBgNVHQ8BAf8EBAMCBsAwDQYJKoZIhvcNAQENBQADggIBAIF0FqvlsbG09eWz +n0Tf0pMautH3JRB3lJTi8LPZv83SZ46UZAMopqar0mIN6CgI8oYc8biizEAujIHd +4bhKDi0M57rLO8w7H/kp/Tse8ffLLaE0Bj/AqV16LdbHg3ozOHbC8OdUrMnE+Yza +3kyRy5QoqkyNvDy4X1MJBftRkcpRV3G7Xx9v41CI09IuNI8EgzVBs8sqr3FkjLIp +f1UAEtqCTIiyJABlebbv87gc7rS+GlOP1PMrE21VGkY3v/3GDV7kWU43eL7d0Fhs +NLBtOx2c3dOz/5KqIAe01zVlwVcaV1VtDLw7zmKbfpQjy26ly46a+13VnZ84W1NF +Lir/Yeg6YLFwdFXPCORwuQniaK0TpNf2SZArpPKwsURXlnkJlXl29xhMwmREncFb +9JFDJREzmA+zPGrMdTvDU6r4ssge+Uq0j021CvqofC2O7NqJRPU2SOHZvlWidbSN +PW0ca1crKwKulYuZSZ3IKBz34ttvJ5bAHwTbjFcr6hFHuR3lGuwyqRdOjrE4aZsM +zPspeg1gs4OSpqz76IP1dDPx9YpCb/mKCJ01k17iOomOpQW04+nd3cdeMWUJP7VL +c0FFdXnwpnEVB93P5sAi4lPu3BBgwovj96cRfluOwtFTLHu/u8HUOtRQxviJ7yij +WJt+diP60IGwsIhURGXLFQAC98cg -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFUTCCAzmgAwIBAgIBCjANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgNDA5NiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDQwOTYgbGV2ZWwgMiBpbnRlcm1l -ZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC66Ip2Q+5nD2XO -HYbS8ESBaJd331RJ+j52EwCHFs/UNMkhDV/R+lhlE34vTHV5/K0TkwSBgY4ePRId -pKkivi8lchHrm4Y6tSwjRbJoPO5GQxuZwyuM88nMBwilxnIYNuKTLxq4Pch8zkk5 -IGhRJFMRcwvfm3NfBWz+54i/ZZMcwP9k3yQNkK3eJcAykjn3wVxg1D2lF35h0LGu -SBYpMhwZpqz4z9NAvULuybQZc8w/XTO1OYtzBp4JFpCEzupC6BkhhN7Ttjkq0mfT -CngxdsvKRCu5T7Ta6wysp37Hg+bxk25/uYuAuGHzJLUSNCTfqn38ZKF+Iy92+Ntb -kYn28zMtEWwxlpk++vS/Q1Yr8H7PA3VxZXDI8cI8xO7hHWYW0lhbkXb7V2S/+Nyr -Kw/wXc9kwW8s8lut8FChJb77xku43KfsYf+JrpCiTn+VHTH3sv6A0ZK6lMYglLzc -e0QY27KZ4P1sBHbOrN/f0qJHqGzZkcyy6gtxvGT0j7zamjmBjjPjj8cxb0mjdcmr -UIFKlGCRRqoMkyOnnwHCGy+Kp9uP6XiKNa+YKXOSAJMcdvO7d/+m/vGRjflSwr5x -w2l/xka87ZmqawrbaU/lXCnZJws8JkufK01iUM8tkKMKJuBpSwuaFOvTxT1SI1lN -4f59UGRmcEJnFobiFf2IFfFI2xq7fwIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFDBm -GNKetHilNmxWjHmwe1ER3H2zMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggr -BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFD12+yVHWrlgJrVL01xambe1uMim -MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAFFRgG0j8rn21GYW -0wgajHVZ/xmvMUpcno3pfKp9u3CmvN/kKWUyzvLFEYxMsxqfkGe4bwWIi2BAC4oQ -T88ezOfvwnvWSKqx5kUCqqh0YScltA3AGeyNw8weB5f/4TrXiFQXatCl0OCxODqh -7kydekUrpZcU+S+VCxe6MceMM+734XBCqzgxO3MsrUUrZ4R89ZLvLgPAjZhbFjjb -qvMUJWZsplk5m6W2Fq7dTvUsOkWaQ3q5sGkzd7kbDFmDI3crqSILP5iVBc72BGeX -PBvY0onU6W4+JEO3RvkblrFPYO9MrA+MnRxwDNIYY6D6+T+uBvQ4kYm+tYd5XjtW -nF25g8sahKAS9cI55/iurcMc/aKwUpuDAKWhMXYYiC3Az+GXh+e6kbSxQYgKKYsF -ijvDXGxD0NNZSdNa7GquuSQDqg1+I0iToX478naRf0YZLyUFE+cXDroeRC9Gtpip -t31mSW+I711aNmZ1EZfYkvu0p54heaSe+018J5rA1dPvuf/VxTrrqsKBxZ5RpWJ7 -HxDTTsh6ZLN3epGdtTTMKO1JWdsjxWih4QE5xsE4QouFzurYv2SOe8cOYuTwKOMf -jU8zMXLzZZhC7MorbI6ZrvpAESYp4YufPm2E6iDb01dFHaAC+232i+PSpYSovM6U -5qqQq7jRjSJSMOllidL16LmSaj46 +ZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDRF7vBX5tnrLUJ +0tSJ11Y5ZRbKTBf+6MsWkGqTAR0y8Irx7lUQtLkn0DycfBaGCuoKzfJQh4Z3Vw+M +qHzSLInnl+rLvTfrU7eym5SVq8l3vOFGKc1lluTB2d1/uCFUJyKCTmK3hFezRmU6 +mii+aSrhQifmTBfFpKMUgE8rCLqkH6xug+Au9qF4SiUZcyaRt+5iy8JfTzQz5RsN +Xv9NCWCM1Ye64bDYIXCL4jg/9MSRcOltlboHa2dEVcULY7Ojz+1SX4HYZbNsn19X +j067q4Tl2ZAMGYAtnwZ+y7uz244I/UTMuqbxaENgU9+Ag5hTw3Nrc4DupZ4zivh4 +2c7Xx8IumnK357uXFTtKIrS9+uiR6ey06CnXIuuYWfNBX4NLvOMlyW8c+DX48NcG +OU6sNjoRoxskWBPVK0n0qN3x1u1hRyRrkI6BtcERVNUZzuEO5CiA6p0CqJizPDmj +zjWueBfQQoenCvcNG+2d+AQsL8DLqmmLkNSnzT/QWCY1EDM/k03Ww9DN0JSJvwbW +m9FKPfJoWfqDVr8RsvimhuM/iHAL5RxQmdUPjTaPgtwVXqhEBgp4JRxAKURNwTlS +1mQ55OIinZWdmsSA2VdIJI6nQrkwE/Lwn+X02m5EOw+3Fyow2VclaHlOrssReJVT +tWSV3LGSSyMt/9ycEqOK1ruV25b2+wIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFL2d +E7PmFT7sVb6nLRwmg5xsH9paMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFL0mp31yPo2yFqzB6AP4SUOCK+BV +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBADe25ZY28JIPv8xB +sQTsUQ3daVi8fpxfouq9XFpOnw2+MAmWneyK7jaJH4nvkiREtoQrskAGGOExo9hB +P+GrCWexdJTu4Sr0BB1nrxzyYediBjECeuzH0WKByBIl7OqE0odjW+KZe6qye9tU +J8hbQ9M5t7UWCvEC41fE+Qv/a9tgHfv5yYSi3fg+aRg1ljMeWqBbrWZv0uAMOlaQ +mEShjk17ZRAtSxcs1m/xhAoqhH9NEp44Uh99lFeJ6Jpex1LiwJwJRV6h5GHicMob +q/nwuWylYu/JJ7vC8REnafEwn6h3feMcAcM92bNqJiJDfXwBNwf/YpAVQkzRfI2r +UAlC2+IL/6CyeWUZGF1jw2K4l+opJKSp9NryxwinBdvZ+5rs3/Y1g9e1Ko3WK/2N +cxqSO/OM/0JbFY2X2EemXJZoC5mfrOo8P8JKQv2CHDxCsVIK8BKvGR9klBGqUuzH +5gAjBneWl2lwocghtminZFN4niglo2ziIt9eVaCxxDp7G5MrXU0+j+nPUailbo33 +M+Z3GoUkAPRla+e7FT+e+KeecGN2Ogrv9Yls3cPupuyJsHObuHPxmzwWEZ26sO1J +RZpp1lX3ZT9mjkG2+2lHTB/ikbLdNBQXuh/qn5hQXN/XZ40USyP7+qifriSvpO08 +eRLdV0oOc4Ry3Osf9H5fa5w+N+hf -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFPzCCAyegAwIBAgIBAzANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgNDA5NiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowHzEdMBsGA1UEAwwUcG9ueXRvd24gUlNBIDQwOTYgQ0EwggIiMA0GCSqGSIb3 -DQEBAQUAA4ICDwAwggIKAoICAQCghf4Gm9QoFrPb+Z39Bx/0pOSYpFG5Mt28PP3S -fG5wwOXRwq4x+u+BXZ++G7hFIIxr/7QYv+zqgjoCRqT5V+VzeLoo1TEoIrLbBCU1 -+7bdO1Ol8PJK9dxfoH4kYQn20ZeCfF+shGamRVgJfj41sdTtiNCIUddNV0xpVMPy -hEzVLCYwX909hQqxiwgsB050AY7cLjhVKQnUu4TrEtb6ccXiuGXWfDOgca1GcoH+ -MoPfwhIDbNJDeq5P+gYwR6BcLNhZ2u2u64ldoRx/Imd0ubYBR1/aCAlUDYahfJn1 -HlxkqzWTpVQqrKQB1XRFcsMRc8Nc+Dox39ujwrIgKyJdyHVH4duTocybqmqLYl2v -frC6mWx2ArKbdyzSJ9+O5Qg1DrqHIWBSo9ov3EnZfoWwnPx5APQBInal1WJn51CB -daZoZqj6hLgDucW9ip24YljZvYWcIG3jxsJrqlGB6bUALtSA/QgyJqm1sSWzm3DW -fOrU/UTwAj2MocW0QQSV8gU8bdbgczgRm+Mp7t3IC8XhwoVP+7WGP/vAC0eBpEXj -/yFwVIISRihg6yJ4JBmuZg9/pNgNc807gBOfo0Q/M+9KkkbuX6Y31O3Ba+JsSla5 -lYSyHdqEtscfjbCZC8Os9y66kI6O0siPITew5rF3iy0DFtUrxXaiibaZAjFkS3BA -ZHfqxQIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFDBmGNKetHilNmxWjHmwe1ER3H2z +DQEBAQUAA4ICDwAwggIKAoICAQCQy/Jjsa6yjYxdga/6XqGSmA7KiPn3XYXlpIX3 +N5Dh3OhYF1CvBcV69TOt2YD8mjWnoQmotZwCdMf2wIbFccRBxT2o2Shkaub1t281 +03vr+nIzeH4ydV/igXfzwqp4RBm0utIQAX375l2iT8m/whzw71nAhdQVtQbN4CtQ +lKNKSHf0l60URcmpYn/O/bDW93HmbsSeKZSy39CZPG3U/dKNBHqQsxAmNUw21dvR +/0/4F4GLe5vV/zT2EGLeaCEw7pyBJyKH1rNSBOGjitNVqVq3vEHuPUfyz9GtYiBd +Ph2cwSQfi7dMmw8QG5mKC/j2LGMqbTCvxAAyIN4kVS0ncngxZTSXFtlpkPC5PK/U +lX9Uw0NlqCHoTPqN2pGHMTBEUFP5yMrcoqd8NkT91qGhaFy8ocvDYqVJuCL4yL18 +Pbh0E87NupJGne/u46wGI0jROvjIP7eHxnTEz5jOHrBk2VZ62mTzIHsRdgScSmYk +zAJkDOL1N8FZB+EJsJ6pDqC332sL2w2/ziFKZpa8QAiL4RbyzX7RTmOS5+Lv6XNu +sdbiddnAHaaR475abbiiGRyOJbQhxfo5Z+ItkVYr3lZvXYhN1JZ0m/dC6LAGtmB2 +bagOgzggi15iCtmWhVXFNZu/H6u7mtJb6Ro8v4kQbSDdKyxfcNGVpFrDUwV7UMKm +tTErvwIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFL2dE7PmFT7sVb6nLRwmg5xsH9pa MA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw -HQYDVR0OBBYEFDBmGNKetHilNmxWjHmwe1ER3H2zMA8GA1UdEwEB/wQFMAMBAf8w -DQYJKoZIhvcNAQENBQADggIBAChrSeHiWEa9WiomAX+Q628/S9sxom6TqmbkXIJm -wFHFodotEJIOA3SSIsMiV0kBLRu2q+T3Cbu4pulL6vK0sPzx9r4PLxkOsePv6+AG -uyykgAik9HFOG7YCXbRc7feJ7nU0njiJM4OiDyA8qkkLGShCfxSF9L1rnWm5La8a -WbWtfye56QG2Zly3bqh7quMjIUsqdJTgZlWblB1HMD0zVKXzebU/1pRJw3DPR1ll -LKPPvbezwQ38PFZr9nxyZVeGg4Eu2SwE9hmz1UAOUXTGS66/6//bc9eW0bogxYxF -rFGbTDbCm3g3ZiZzpX7D3iO9cYitYZZmzCJ7QYOJo5ocCyZ2yuNYNYJORYxyPoDn -zwsa6oJn+pt2wV5i3AusV1z+wQIJcSRkfiTTAA0+l/6JFy8JY2fe4mSziz67/WvZ -Stfjy858M99Nd+ETD9VyNJND4jimPi16jwRwH8iAxlifnRjEcK+ensNxaV3Ql4ap -ddHR2F5knstikMpbv/N3xgDiKbPD5dXhfAYPAZ+7QWFEqcvNDq2f0jf0Sf3SCYt/ -f6I5jBz7w+DWpf8xHarYpXwwEzcmmuIKm2jmWRafjFNnyo8Ka0gG7CqKEhLWYury -5FUJxkQnWO3eI/7vO1MLT7WAegPsROiU8eN+2u0c/2lbi2xPLb8GRWaEOUTY2zR0 -bzvp +HQYDVR0OBBYEFL2dE7PmFT7sVb6nLRwmg5xsH9paMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQENBQADggIBAB1Mu5n6cuvOOE73nFKRahtJ40s937DluWmvzlRE +0TEAozjZxfmseqlUwu/VlsjLsjtCdC0BEd0vIXkAadh2nQEKGhMPEJ2WOU/Lr4by +1ubeJ8foq9KM0ooTEisNBs7CL/WaIo9O7W4uGcjWkCyIgrlsNK5soqCe40uf/Ry0 +2wTEmzSy5yDXJP4LNsZqTwR+MYf3isGcLvm0pqCaOQfLM9VLBRbfg59+MuvvOWQ9 +IA66eilAHx228gH2eesn5ESy0izsRPI0VfFtxQkHGx05BzIdOBD6+EII5vl7BhKH +M+xL6nSfW3oKh47CHTb7S6ynrebsMbg8Ut5xYJ9N0JxvSPGg4Ey+qlabqny+SU4Y +0//GN4rhbcDpCHaoa279Pv22zqzeA8+mMnuq13K3JtFPijxDqtN+gMnDGYBxMG6D +NVE7Uc5eKwsb85pKvdErGqnkXzOcyHGYFRDaQn+f+Oqs3fEGMmjv16P4RwRzz4+A +uz0vSBF+Ko11u7k44w6Z1N5I8FhU5gytVY9Xj5tqKc8nKWkJu/sais2Z54xWx8Zw +zIsPtqQKqR+qnp1BplGf0v6DzuQmgEthFXUjrKwVfQgG3mjH8vlyHoWRzBdpW4++ +9i53pLxD8gafHdq8a8rcN/5UoSk6ZorqF1ia96gQDOdB0SCtP+dmLs4VlpThbmkk +KwCG -----END CERTIFICATE----- diff --git a/test-ca/rsa-4096/end.key b/test-ca/rsa-4096/end.key index d79b9c58d4..8adde470a4 100644 --- a/test-ca/rsa-4096/end.key +++ b/test-ca/rsa-4096/end.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCmpW6YlulsrNKw -mMBl7IvGdP79HgQm9tc2Xb3Cw067NCCkZBqTSEGOJhvYoBNrDPa3VvT2tDot+JSl -PPojuHOH6ygeOjbGgQrS2wG30T73EzXDJ3GC6Q16QS2mQFf0nHHO4hy9B6VJBFRd -wL4amYGXsgTakeEZOPXNYp0t+bXduV8LiKpymcZxnj6prI0oeeFGiICSLxB+A7Ey -VeoncVD82PMT4LOoAaxQyfjZsWfIbCcM64ohJLYKITkZBi3fMxsaJTK7XNoS/A9+ -R1fMbdxzqrBZYnx3QbwfO+ebzxkyPzj7ymwLhMEJkRWUq/d56xp8ZWKq6mYN/Cus -nkuGCScGMa53tQjRe3Zg2sWt0uXhUb5f4BIc2zTv2hCy8u24CG3eWDtmFJ5O8R8d -K8TV8DOhNTC3o/2WKOb2lqqX9By9MEf0gClVraYGpDhc6d7pgs9DuWshLEGRgGKq -D2EUB7JdtrHyfZgi76LfnBYHZHETnZtMcHg7jPOQazk43ZeVTfu1LF/BDvptUk/z -PcJlJpHl9SU/QcY5j6AaWU1s+XY5oi9ev+7qTfl/1G26/GOyavplSIKSRNDrOZh7 -YMb+TdBT6ZlBKg+Q+SR166uzw4aoYAyUhMv+Zdutk9vgJ47RVpmLpOKZlAHO+Ya0 -rB+x/ouRlMPYEF+dOjk5A35vqPEerQIDAQABAoICAAHjVO3wo8Nh798lU+Szud+t -OqhWeziPyl9oz3oR6WXwkMAcDDsH8gowv1cEdUPcuTzZhNv4rcIQk2qN1s2pzNFI -5kL1aOJ12tAJwCq7eaml85F69GvFxSvR6jj8eKKiVR3BbQ7tM7+wh14qjVzSyWeV -Ej4BshmtjgdeKya2sgtJitygF0JGILvvzYjxlgXT36wDZuWBGAA9fXfzBjydKYw7 -zwE2JgLsxe2CZEnfGyxnoUehsYZvmoph1vpEGifxtchljH4X7raRWYGWQFXmFr3O -vMG+fmeBfKaj8JtQzNnHYpdjszasMd2wYZy2GA8vDTVElsoV7sMQzNPfVT63AtSn -60cQFqUfARBgHPD68pob2KOZ5oQjJ9HDZrZkArRYoQTy/4NRcNKgANlAs8p/rjGx -aukm3KMeLgDNMIXEm19mYQHYp2gpoDG3+6sOlqrCCkneQYYSjv8tuiUcMtPdD8wL -HUBfhQk1UDif7CcC+2r0RrDcJ6SqCrC4Ma/+lVz1cUke6ujampZxW3fjkMovyz3F -YjJDzN8Wv0ZvpiilJU0DOrFV+kw/3jSyc4yfO1WhtWEgEmlkMeEMpqpXlwH+fE6m -uepddsR/NLc3KGPo8k1NbtNPoUC5AgGASpjliR4gJqJUgjnRmYugezBGMw/ow9vZ -gqFdMTShp1GXe1AofCZBAoIBAQDpgwq3oTc4KgRu3CH697Ni9pRR7yws6nyj+zt8 -hPXBHmGinbZhULLnMMuW24czpr4Lk7SGRVoOSuUCt8lKm3pJBnAn9gQ3xCDZudTK -zQDqA8MgvRMOc5NbeFltVFIW4KvWVfda63P9kt64/601lC8MMLeA0sbzgj4BkpKz -JMl+h4apciaBqhCYPM42TfMZjeyxUuOUMerxhO1DQQAtXok2Ve6aartTnomFK4Fe -Ow9WTNg66iEDZuwOjiFGnACkx2LykPaYRsGL7ZzMnmfbMS01bGTrcLFX5ZT9HBzw -QtxlA4vucjbT9lnjbrh1YKG5ycI671fgMZZ8jeKvNhLByLpNAoIBAQC2seWJfI/e -Nq5rHQ8SK4fwPxuH49UKBHzKANn+OF3VD9ka0oBPGH2V69EiFYrpIgx/bZSxL7Vb -jyVWHvQy2gpFwgrtDwHOBfsbNklIXdA35ThZcygeeGe+Dxcbx29nXlRMhNeHjetV -jmMZo7w6F7MyjS9zhiSL37v0oT1ua15ozBQ87VZz/h2moBNC3jTSxbfixu3dzTv1 -YfcnbWEkYAnhsZfo9g4qo9xllaMGIBCIsWagdaHVO134+R2BTyn3iogj1LcLckig -V0jfv4ZnfC7jjoSaXnRxLfKPeYjm9TBTagu7EwJxp2SHErm1rqYitCbMTegzbmOJ -G3qZndIGmWXhAoIBAQCNgqBoEAcKvkvZcwYUtS+89XmE/dBjl+bY6VNvbpQP6H16 -suDnsKP6fxOh5H/WyWG6WlS4WibtKm4Ga6JM2FQPFRu629hKg0z1JSzTidDYAFer -62k1BM10TUbEfqkQvC7mwUoZiz7LmMnoiulI4vhwBsXuB84RnAg/o7fLYKvLRg5R -eZ/kTE+qMo81UZ/VCLE79ON915JtswSmESouVHAKwaDLa4sCbb0hOvA3TstInWEc -su42xZSgbXm09K1fLoXEQh1uwtJgHis7xXNi3jZrfbjbBXwzrCnSCctvvtUZUkDm -y8h2Q4DN1zdpypm3oZFXbdxvPR3ZdZK+Y6KSVTaxAoIBAF5ndK3jwM/Zv6032dbQ -ybDaW1aP40EG6pjTcdHMvKfhRZV3mrfEdvimX23WZe5sGrsqG8CnX3aNdISZACTa -yJ4dU9oFfDBCpOv91EZhu7t2ZfTK7bs5CpqKX62KE8X9V2Am8Nxp+GZAanMQSa5X -GtEPZaqzcWUZ2pzhSMYrEyDh+780AQ11DUtRwkI2YmNbqda0ZqvLZqU41yb3fU/3 -lIOcalwF8XIVNEkF1rTOktyfluFph5OQ1tFVoOp1xsDUQ98IBwISLvczw0NjS4dk -AzKxLVI7Zr4pOQLskVKO9kbUMHWdsBCcp/SoN3BrbAvYvYeq5kbVTvfFTEfe5m1k -jOECggEBAKO2AcO+K2AF+0g4d5KJmAr++86dHuVjOOO3cFPt3+VXss0fIUAIKE7/ -tqGaQ4cNJH0bZJDnD8u2t+rsZeZzXdf051w0eG5IUkumWI0Eq2YXZU3MuAITB3nr -IRc28j3BY4nJgNDe+7vKLSb+If1msQuyJE/VILw95s8DEgNihM7DcBBMO0J6c2mJ -Xk/Q7wIB+JT+ssPpsXacnk1cXwhbW1J9tZT5Iilnv/RORKFWKuE1HriMQsqOXU9i -T1W9/TmdPmOqAnM52qaREXwrUcaKLthbPZzDR5IEU4crYsmpoDnUhr+qm5uUvO3i -LDRccFoG/QLGZgz9aGrQZdr7uRIQ2Ow= +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDI7S3JN7QWe76J +gq3BRXNUrGTMyFUicC+AHvAtJbYiTXucZ6gcTDyD2KQ4h6FHbDflhIBC+Ya49Pja +z+eV2nyZqyrDUYCcQbi9xDctUo1E4GgcAKsBnYhc7+zuo1fax45KWhrgpgkIxd1f +3sMcRtkQjf4JIT9+fHMvn1e6m/thKCXcdu/B7gUuXQbmUdGHkmjZQVvJ0Xm6tT68 +iz3/QUWbG04mv1nbqIzJ1PY6TZ/8dYV2M4Q/FY4Jvj/FNcr+JUQs2GgQMR6oh6Wb +6oGnowYo49aoDyJwAVJbBzwW4GQ5+E4bJDr+qmo4P3Qa+Dn2ldPO9Kz9XLABDwd5 +YFP0Ks6qervGfD77cW1sA2kqO/kEM7/i9rst40E+kS3kTLrspIxhBZ4sevtKfcGH +WmD7bcVjtxN2Z5991mLsfx0V+owmqmpLarsffJmAOcxLj6lWrFb25fvITZ4AvsUH +GTM8k0eOLmZUJS6qGztkk/0olzvG6QzhhzPb0xoidQV+rrxWlRQS0vLrPX4fuxYR +vMqG7ukSd+J1PmVtmqbpenbpeLnLMuUstnWBxDepAlqzTVHXC1HUnnnYA8H8QD5a +OVrrngKsDS40akbitbM7IHYSrSxb/DO9KMvPFCes+Sj5bPvZSrPFhvaKUeUr4dpx +P8uXjchA5UMXbzd8w1SaPQKr8LdodQIDAQABAoICAD8dEWbFUpJFaIJ1Q/MTx7hv +NnKE8wkQSDtsfHESCXYY9J0ailnpMJERufPv1p9CxQQZbNic3M64VHsXF12g9can +V5VmwolSs58YRWS9K5bZDprNMuoc+7qFutzy/iPAz1dXml26idfxnyoAJTV6o7Bp +icSAZxtqKBxrZvk9Cedo3wuzaHh4NbRskEBErxZwzPKBbz2jySL2z7AV5PGLJTwl +hZTyQl2XQjIb7QQ/YePBXpzUbdQLB0TUN9/Ql+Tg+9tCVt3PMBwsD788GGH5+XNa +rhC4QE8Ce0YQrbVZ4uG6t34bEVTxXtAwTl4yXrKwOYomnTgwpzCN8gEUWwq1b5ja +1GPU0MWFKRtgctyr5L38DCITAvzZW7V3vD1AcWgWTtelCkkgF2xPelFx7IDmcivq +sxdNauwpiYlfRd3SKE/YvY3fAmAwm0ldK409zxoMt3CcU5pngGIrlSGIhWMBTJw9 +ZzDa0KRUxSTp/CqIG20TTliYdJS8gYM1Jbcu8s9RrHnndvAvBuyKCKSmByDjodCS +U/TgnCdL7o+pnF/3RRpGw26slkO7G5NWWvywCyPj53o23IBlHA1of0MgVRB5LNqd ++qsRKKJBsgczzKLoC5pytaBSng7nr6W1gExeS24jQjY+IvT8e8aOsY3L4pEO4d9k +UlRUhovaV/6dG9JsuAN5AoIBAQDn1odI5t95AkngifxKG42Zs+hafdoXejOXmqJ9 +W5dGOSmuP25oeKOeQ487HTbSkM97RtTCz/6jX43FiMDHZMpApd0W0lEihcdkOpPv +v/ZhVq1JsXt6Ej0PL28I4Xcwu6trFCF1SqqEy78ug/xSHI4b/pwYSyAxDXFcth42 +e6woTNfLhhQMdtxwWqi2wH7dGrt3WBKRBNiCWrhdkDlVuF1xfweRQptAiYfA1otA +SHVJbB8tEdmhDoS4lFK6Fidys/jnA6JR6scL55RAzPGdPo/AciTzokiK7v/L4bir +WmY9MsoQrFJ5frtcA+NdZrSGCcQAJ1XWcvzWABG4mYAfSEeDAoIBAQDd3e0vW3Zz +8kCVjN3TNMNR3nApnpnBLOfDm7N2mUCHpklslg3ayrlKmtVS/2L5h175LnmYP2w9 +3FxNZhu/M8WOSSlNkGxr5DGBBTbfwH1R6/OCUmyGAyzqqY0/wypBGW8WJkWp7YKE +b5NNCUundqeRi8Xbx+m0uYz5Ql1zueKNqR3hb64ng4ZutMLZq+6d5aqkdebC8+Vn +N0e3/3cPxE0AbSpxUXA8AoM5h01YUvoOXAUZ+Yy0LHvs4cU+wAsMn+g2yghCvoGO +iHagJDVS5qD0GeZM6Nde7vDP/HEZR48scHlUzFsFLxAqaPDBL7mmvAwNNFIprnvj +CQ/aXEssjpanAoIBAC3TL6ZvTBjFJQkm/SFA1PpenzzTx3oAg5Yh0KBqrDoLLnvs +ucwYnG659+O9YIq6aOh7Fa70Ieb1CjbTUxeWiovAvTS3maXzP3hGQ9uN3AtdcJ8y +X6+/TyZjP9VHi6GsVrOxpPNkMNRS2ZU+LW+liUlrSDtdDh3kBFZJASvPwjWtCrKF +7AySqfvjT5nf7rORhyCN3g2gIZOSjwKfcVXKPV4jt8E0oy9cf+LUBW5NZDGBF6B2 ++Mdm8UDywG9b1axMepRfGYSLnZBy09EDMXbdWNi3NyqZFzGvEAyirzffhHnwQhSN +mze8nxgPBK//jws3fvBw1fyved5q4RXV8Yc9aDUCggEAMaEnIWTQRnd2Qv3T0R8I +YhPj+ytjMXceEP+PUYROjwl/ey7Fwp9+e1XPSlWeijrh39Opl4j4aY4Vh6rDoi2u +j3mGJ7eayTeuazIDaGHipqSlQA24APJM5eEvm4fIt+88jjPZeX2LqJxc0uq1ZayB +J2mgxN0fRjILeuaBiRWXvCCMcpVM28HsHG+K9q4jHmb1mPxWtl1gf4o6HMqkk35R +yzqgN+EDvijBueiuQIevL+8dpQXRl6wrvH10ZekHj7dldnwTBPsgeAXGo2P2GalF +b9UrUyDyrGW+sIfDtOfw+vvd6D4eTjaM4y++Szilyspd18ZQasqBI/Qu+6WRm1H6 +GQKCAQEAuVZl9Sj8hurm+byl0cu4fHK1/olERi/99i29Txiy+0xO/jD2qdsE7ZZb +J/IIg1VyqWekvjdCmNp6JN9sukz75t0jDGU8+w/lxbgvVILhD0BVqogifjWN6VV8 +6txVlfbpMYpzZcK1f1tkTZ8kAP3H39IBu81s2eH2rl3S296CcRCdbwIRKbynxtMQ +MkOlVMhFAcBOAXbWThbn/sqsDntotdixRvEPo9WJOIGvmHZ6SdpVcNkHZ1In05TR +DP5h725Z95QyYbMxdSHo7Ga8+GGqGNnWLTnDCafOAbdWQ1hF4ctVyFa36KBOzJfl +6363qdrt9+pZQ/YqKmtoL5ilIZbLKQ== -----END PRIVATE KEY----- diff --git a/test-ca/rsa-4096/end.revoked.crl.pem b/test-ca/rsa-4096/end.revoked.crl.pem index 82884933fa..3ccef4980e 100644 --- a/test-ca/rsa-4096/end.revoked.crl.pem +++ b/test-ca/rsa-4096/end.revoked.crl.pem @@ -1,18 +1,18 @@ -----BEGIN X509 CRL----- -MIIC0DCBuQIBATANBgkqhkiG9w0BAQ0FADAxMS8wLQYDVQQDDCZwb255dG93biBS -U0EgNDA5NiBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNDA3MTgyNDQzWhcNMjQw -NDEyMTgyNDQzWjAiMCACAREXDTI0MDQwNzE4MjQ0M1owDDAKBgNVHRUEAwoBAaAw -MC4wHwYDVR0jBBgwFoAUPXb7JUdauWAmtUvTXFqZt7W4yKYwCwYDVR0UBAQCAgTS -MA0GCSqGSIb3DQEBDQUAA4ICAQAfCTOEfTApBGX0TwH1D/EXT3Q6QbMyUg3Rc904 -OOjdQ64k1a8CQYggNGQUbGiojhy0Eg3wWuFkusf7fvT9VokH4VN1x3a7B2EHw6Qt -mm+YtC5RwkICpzOIgAm85Qwgc7r5hPpZd7fE6fyDLKh//maVor1RTMzHlj5ojEWQ -7CZ9TaSjB8sdjvNxFa82CxlT5DwbaoGzJ0hYxITn7k5pU9uEQnDMlMI1JqQilVmN -JaFh6I6hG9CcV4uc39UqFSV7J24C7YN7zynyJFzH4etbjgw90EGFYED9EK4dWX25 -9Plq8IscolUT2OmNvxgTNX4fUK0ZKcFc6EfBL6o1Zz5uH2FEesOZRSZ6Baf/s7Gx -6WQ2fo51iTPO3YMKfJL4Qx+2Sels6kaYlUspCK3g7mt/sHI5MMFswKLfPK68CqQ2 -x4qHo1Vt4LgO557wMGui18l/iUI9losDIIEmBBGjGExEepY4WdvJEYBgXpRldqCb -XbScDOHNEfOFm8jldc5aYU+v5s1aPk6tpnaMoAn5ua6uAADVw6hyyNbRl9jUH3an -rWEl0QLZM4eHnCZK3xjT4ldVJBxh3rpgJyhYvmc13viUsE1yVs2ARjnClAX9vl7L -sQLvfbrWk4TpSBA14A8puWhULEU2DGrmvfFFo5RsRjHnu+yDy6OZBiDShCnRFraR -Kmf9/w== +MIIC0jCBuwIBATANBgkqhkiG9w0BAQ0FADAxMS8wLQYDVQQDDCZwb255dG93biBS +U0EgNDA5NiBsZXZlbCAyIGludGVybWVkaWF0ZRcNMjQwNTA3MTg0NzAzWhgPMjEy +NDA0MTMxODQ3MDNaMCIwIAIBERcNMjQwNTA3MTg0NzAzWjAMMAoGA1UdFQQDCgEB +oDAwLjAfBgNVHSMEGDAWgBS9Jqd9cj6NshaswegD+ElDgivgVTALBgNVHRQEBAIC +BNIwDQYJKoZIhvcNAQENBQADggIBAIWyums/WQgTzwYokopZzD+8PkXqdVwqk5jn +YGTMIeN8iObkuJcEcgGNkPhT3E7XmaFMLDv4xZBC1Vv0xt2TNU/WkHnWcRchLAsr +Iwy5GbX6BLKhIUrj25NZCmqx4d3I8hCMihenvSEkisc1l0jVhfbG/5LR4TJrAf1D +zshgpTAeXv9v0upd9BK9Ci8E7LSnyNxgysqlPeiMOxMDCW5XN8mr+s/BhiESInUv +3j4XeWRvp4nlM/Ra5nCedx7Gj5IJJGwJEb1L1ZgFX1iHWkxRXokFGCHa3ZadswTX +eRmdlYvj4KrL/LJsPoRKq65B3q9qe07XjPr+NZUAlNKaA1mYXKKtFzchtuYEZRta +VHza5xm1U3ochnKwrp2/lkbdiL5dFEY75gTU07FVbhm7cGn+71+j+36v6HTWwBvA +vgHUy7M9tUoBay68v+r19vel9Epoj9uova2O6lm9Bn0NzDTvT7SLQtGO343Tp6dg +Jr4R8QjclmYFAt036jBZR4JPGKJyCUNgJpKMmTwl6JVIiVgRqEqhGW+Msc8Upf5d +KGtOc3DRhIoykM67PaI0lcXB2xNxL7gXheLM8i3TBEGcUkJ9pSNH7oroPa44dmPp +kh3liSUmZviUhak6eSsjAq5fuG60tx3QSVF+v68QHf3SVlu1pcdY0S3B1M0dGHKt +b3PoTJol -----END X509 CRL----- diff --git a/test-ca/rsa-4096/inter.cert b/test-ca/rsa-4096/inter.cert index e89db40bca..6f7580ba47 100644 --- a/test-ca/rsa-4096/inter.cert +++ b/test-ca/rsa-4096/inter.cert @@ -2,30 +2,30 @@ MIIFUTCCAzmgAwIBAgIBCjANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255 dG93biBSU0EgNDA5NiBDQTAgFw03NTAxMDEwMDAwMDBaGA80MDk2MDEwMTAwMDAw MFowMTEvMC0GA1UEAwwmcG9ueXRvd24gUlNBIDQwOTYgbGV2ZWwgMiBpbnRlcm1l -ZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC66Ip2Q+5nD2XO -HYbS8ESBaJd331RJ+j52EwCHFs/UNMkhDV/R+lhlE34vTHV5/K0TkwSBgY4ePRId -pKkivi8lchHrm4Y6tSwjRbJoPO5GQxuZwyuM88nMBwilxnIYNuKTLxq4Pch8zkk5 -IGhRJFMRcwvfm3NfBWz+54i/ZZMcwP9k3yQNkK3eJcAykjn3wVxg1D2lF35h0LGu -SBYpMhwZpqz4z9NAvULuybQZc8w/XTO1OYtzBp4JFpCEzupC6BkhhN7Ttjkq0mfT -CngxdsvKRCu5T7Ta6wysp37Hg+bxk25/uYuAuGHzJLUSNCTfqn38ZKF+Iy92+Ntb -kYn28zMtEWwxlpk++vS/Q1Yr8H7PA3VxZXDI8cI8xO7hHWYW0lhbkXb7V2S/+Nyr -Kw/wXc9kwW8s8lut8FChJb77xku43KfsYf+JrpCiTn+VHTH3sv6A0ZK6lMYglLzc -e0QY27KZ4P1sBHbOrN/f0qJHqGzZkcyy6gtxvGT0j7zamjmBjjPjj8cxb0mjdcmr -UIFKlGCRRqoMkyOnnwHCGy+Kp9uP6XiKNa+YKXOSAJMcdvO7d/+m/vGRjflSwr5x -w2l/xka87ZmqawrbaU/lXCnZJws8JkufK01iUM8tkKMKJuBpSwuaFOvTxT1SI1lN -4f59UGRmcEJnFobiFf2IFfFI2xq7fwIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFDBm -GNKetHilNmxWjHmwe1ER3H2zMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggr -BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFD12+yVHWrlgJrVL01xambe1uMim -MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAFFRgG0j8rn21GYW -0wgajHVZ/xmvMUpcno3pfKp9u3CmvN/kKWUyzvLFEYxMsxqfkGe4bwWIi2BAC4oQ -T88ezOfvwnvWSKqx5kUCqqh0YScltA3AGeyNw8weB5f/4TrXiFQXatCl0OCxODqh -7kydekUrpZcU+S+VCxe6MceMM+734XBCqzgxO3MsrUUrZ4R89ZLvLgPAjZhbFjjb -qvMUJWZsplk5m6W2Fq7dTvUsOkWaQ3q5sGkzd7kbDFmDI3crqSILP5iVBc72BGeX -PBvY0onU6W4+JEO3RvkblrFPYO9MrA+MnRxwDNIYY6D6+T+uBvQ4kYm+tYd5XjtW -nF25g8sahKAS9cI55/iurcMc/aKwUpuDAKWhMXYYiC3Az+GXh+e6kbSxQYgKKYsF -ijvDXGxD0NNZSdNa7GquuSQDqg1+I0iToX478naRf0YZLyUFE+cXDroeRC9Gtpip -t31mSW+I711aNmZ1EZfYkvu0p54heaSe+018J5rA1dPvuf/VxTrrqsKBxZ5RpWJ7 -HxDTTsh6ZLN3epGdtTTMKO1JWdsjxWih4QE5xsE4QouFzurYv2SOe8cOYuTwKOMf -jU8zMXLzZZhC7MorbI6ZrvpAESYp4YufPm2E6iDb01dFHaAC+232i+PSpYSovM6U -5qqQq7jRjSJSMOllidL16LmSaj46 +ZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDRF7vBX5tnrLUJ +0tSJ11Y5ZRbKTBf+6MsWkGqTAR0y8Irx7lUQtLkn0DycfBaGCuoKzfJQh4Z3Vw+M +qHzSLInnl+rLvTfrU7eym5SVq8l3vOFGKc1lluTB2d1/uCFUJyKCTmK3hFezRmU6 +mii+aSrhQifmTBfFpKMUgE8rCLqkH6xug+Au9qF4SiUZcyaRt+5iy8JfTzQz5RsN +Xv9NCWCM1Ye64bDYIXCL4jg/9MSRcOltlboHa2dEVcULY7Ojz+1SX4HYZbNsn19X +j067q4Tl2ZAMGYAtnwZ+y7uz244I/UTMuqbxaENgU9+Ag5hTw3Nrc4DupZ4zivh4 +2c7Xx8IumnK357uXFTtKIrS9+uiR6ey06CnXIuuYWfNBX4NLvOMlyW8c+DX48NcG +OU6sNjoRoxskWBPVK0n0qN3x1u1hRyRrkI6BtcERVNUZzuEO5CiA6p0CqJizPDmj +zjWueBfQQoenCvcNG+2d+AQsL8DLqmmLkNSnzT/QWCY1EDM/k03Ww9DN0JSJvwbW +m9FKPfJoWfqDVr8RsvimhuM/iHAL5RxQmdUPjTaPgtwVXqhEBgp4JRxAKURNwTlS +1mQ55OIinZWdmsSA2VdIJI6nQrkwE/Lwn+X02m5EOw+3Fyow2VclaHlOrssReJVT +tWSV3LGSSyMt/9ycEqOK1ruV25b2+wIDAQABo4GDMIGAMB8GA1UdIwQYMBaAFL2d +E7PmFT7sVb6nLRwmg5xsH9paMA4GA1UdDwEB/wQEAwIB/jAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFL0mp31yPo2yFqzB6AP4SUOCK+BV +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBADe25ZY28JIPv8xB +sQTsUQ3daVi8fpxfouq9XFpOnw2+MAmWneyK7jaJH4nvkiREtoQrskAGGOExo9hB +P+GrCWexdJTu4Sr0BB1nrxzyYediBjECeuzH0WKByBIl7OqE0odjW+KZe6qye9tU +J8hbQ9M5t7UWCvEC41fE+Qv/a9tgHfv5yYSi3fg+aRg1ljMeWqBbrWZv0uAMOlaQ +mEShjk17ZRAtSxcs1m/xhAoqhH9NEp44Uh99lFeJ6Jpex1LiwJwJRV6h5GHicMob +q/nwuWylYu/JJ7vC8REnafEwn6h3feMcAcM92bNqJiJDfXwBNwf/YpAVQkzRfI2r +UAlC2+IL/6CyeWUZGF1jw2K4l+opJKSp9NryxwinBdvZ+5rs3/Y1g9e1Ko3WK/2N +cxqSO/OM/0JbFY2X2EemXJZoC5mfrOo8P8JKQv2CHDxCsVIK8BKvGR9klBGqUuzH +5gAjBneWl2lwocghtminZFN4niglo2ziIt9eVaCxxDp7G5MrXU0+j+nPUailbo33 +M+Z3GoUkAPRla+e7FT+e+KeecGN2Ogrv9Yls3cPupuyJsHObuHPxmzwWEZ26sO1J +RZpp1lX3ZT9mjkG2+2lHTB/ikbLdNBQXuh/qn5hQXN/XZ40USyP7+qifriSvpO08 +eRLdV0oOc4Ry3Osf9H5fa5w+N+hf -----END CERTIFICATE----- diff --git a/test-ca/rsa-4096/inter.der b/test-ca/rsa-4096/inter.der index b43d2bcdb4842d5f790fb11fa222db23ff1393a0..7844e38cbcc919c0762155a15d74939f8c5f48ad 100644 GIT binary patch delta 1113 zcmV-f1g87d3e^gbwtvwVyTMvqoh)nkc?$D&ayW=1dpGq@xsoPb&zzq<;y6F_#F236ZI!wQYiC4N#S3GzqtES9 zUxCbAaxp zo->O0c-hX^$A7{unsT@2yO$L^N+Ptq`sk7A?6l}9*COkfS@S_(gG;>QCCP6b_%-I;SS^|fa;wBsF<@nIit=s zu6P&FLWidc_YE8Eo%jSSFTl&HX^W85r_DdmSSB?PGk-smP1eKE&CryIzXsNu(Mmn? zXj%G$R=*Ll_@;*AKZtM(S0!k9POi%lc$HJNWR={pl1n2k|JNgPd$1 z+FFz10y-4ECZ~OJK8>;#tik95_(?;8E8ta=FasrjH@4-LHt>=Uzsy0g1nf}_-Dz07 zew<&T>b+cAPM;0FFbS5O?27I-i64pYk|ad7ge$T@1{mQnqu4<|;j0N}v2>K~;VSe5 z9cQl`@?qy<1~CG9?8nh!fyfdi?CONlhhtmfnR}|Td)rhe$Xi3xIk&YI3h@HtSH$@X z|7+WSU>*DU$%LZa_&#YEHI_3TTA*94W^dBq3_4bjm_(tDO?zb!ElU?H)^G8I3Mzzu zO%k3sQXhSkSBdDFUdK}6z?=z1UZLb+;&93vtNHM`Y^7rF$tSzQ@ewC!@i3pLcYWg= z0mD7nvuY+HLw$S!HwXV>kQG8q(R_`oPzgeR+u{rVpt5;o85mt-!(zCX>M10osr1_N z#|Wnd+u8e??BDh^gV(hxjn*sujdL23JM)bHLR%G$m)J+9T$X4HnV+ocJU_xpLj8gq zJVLQj3h)xI86RYn5vo$`$L0Vd26vX1X>g&)A+~6zWK(#aC?%t8;v(N(RiLrNI(r*` zlPg_KK9A|oQK+SEjrTL=cN&Ex0Q6;R=erd@p7^JpaAS5l3h(uaY~91|rtFEZbDOwx z@tZsr5uLiQ?MX$NY1UQuWj|()LALv8M@%2$k+R)16c@T5>YtcUT;JDcjTB2G`}(M# ft|YId?L2uB-B(HubA)o->mT%fUu&EMJ~!xJaSJLH delta 1113 zcmV-f1g87d3e^gbwtu?ligrWpXAfo09fs2IM1g3Rci&V=`aX6O0EZUO)HKN<4PVjv zSY;D_FHCiL{H+s{1c8B$9z7Brq^TmlFC}sj>zjr;wJak=vS>W+MnfB!!z+yQ$;<}` zrN(j?HsX^n8n`{ke9lQZAZSq}QxS6u-QB5WTAc| zFLwCbTak(O^M5lf5o|G*nLhgTze83l@P5w&b#Y~I$nnBF#O~o8W){*|TakAAS7g8V z+^Z`O@LkVj!EY?`TdnX=p(Vci#!I-|r|e<>iLQ{MPJfjhG550mfYFk=l*S;Gyxe<4 z7~8U$;Qed_cFwHd-_oK-sBGDh%(ChWalB;okG$HNIe&qUGvklPF>gtub;+wxfl8EM zkw&TvlOv~}0m2(Eil^I;>3E7Yub3%wk^qw&cJsS;|EB)&k&XFM!oG3CX@AB>yzQB) zYYN+GPvu-G*(VD;CQF|yO=3{bEs&!MCg5pH3z`(`)5SefBUw%1{(VqnW^h7h7KY*# z{fHIuNHE(PyMF=$0RRD`frBuCfG{5h163U(1Q;+DfD|xh7}B1!c%?RMR*ZSDdr=YG zeY2C|0y-2ucKanqTDf2*wM)}nTA8=CxX7lHFasrjQBiKuA3yKg=&mPR@@4|c5NUE{s zMFOg*bYUkYv<<)+?2W_B9tW5I;X2odR2OQ{rO@E9I69&3Or3f~E2Wnd`7f0V7rHUW zj5F?k_u+6tt2i+`b1bbzD`$j!^^)%{1Hg@#TNXIms`C^jW^ATeIh&=n7Ove+^(;C? znnQZIuxT@Qxf={wgCln(o(^*N=TI_1Bxg-Os4Spj?lc9b)@^+Db zMj0<91rz5N4!RyhFGjYQskeP*NpFbnU0OC~brF}?lKZr$o*{Xpp8HLFCz`<3)9<-| z|JB7h>#D+m#hy{6VtXGD(@w~GWV3gAk)5?P%qZ_LW_mY>e#1B!1_2{_-l4?FWy*(%v diff --git a/test-ca/rsa-4096/inter.expired.crl.pem b/test-ca/rsa-4096/inter.expired.crl.pem new file mode 100644 index 0000000000..003e13dcba --- /dev/null +++ b/test-ca/rsa-4096/inter.expired.crl.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICmjCBgwIBATANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255dG93biBS +U0EgNDA5NiBDQRcNMjQwNTA3MTg0NjAxWhcNMjQwNTA3MTg0NzAxWqAwMC4wHwYD +VR0jBBgwFoAUvZ0Ts+YVPuxVvqctHCaDnGwf2lowCwYDVR0UBAQCAgTSMA0GCSqG +SIb3DQEBDQUAA4ICAQAZyzPweAQYd/ejonPE7TaeRS0L0DmPWCvmNj1ihKCr9ws0 +XRoe+hg8G/KMsIHZvfhOWl0m3MadUKbTdWsujAQ9H42yExpgoUInb+ueJ2tueTW6 +/Gihw35+gDCuPpmdGP+TpPmWM0S1GKXOLXHaXEoMAQkBOel0o6M0Np8N1nwcxoIk +3+bu3rBXFN0vD7OOjgEk5F+Kc8k94IEh4B542BSh42/XoV8i6qrsd0Zb2pKauMLr +az6iK6GsxeDKTezWhcu0XGpts70lbX/eNy1YN1ZxcCPxdg4TfE1Sw/Ic6n4EPlP9 +jG4RSqRWTZvoo/cyU0CFaOVFuA3OIKQEHBQHTmjIRRyohc7NJRmHtYAWZdYY1ZC+ +M3pTsJWBixkedcFR4vQS39Gxo2+VtQ+/IzDp/qEBnipY0WkF64xpr5M9NEDTPF5U +NxT53sPpVvz4q2NabmPafya+vLUg5tEd3lDb/Q/cIcIeq6NziakngvvkehsewM4c +jVYbIFTatFesz9EUr2FrLTqOyBZNAY6lpGa8dANxJfUEgUtxCdiFpV6mfIHsscFj +pAlKxzCOwb7QxnoJEDeRjlyJTslAS+3RvR0scYQ+xezE2rJMfu5r+MzvllvBhrkI +WGDG+MHGcEZJfnNwFY9farSOMRoFqEPM4U3Gc6JNqDktKtlxAm33ds9nhWDziA== +-----END X509 CRL----- diff --git a/test-ca/rsa-4096/inter.key b/test-ca/rsa-4096/inter.key index 0b0dc98c3f..199160e8bb 100644 --- a/test-ca/rsa-4096/inter.key +++ b/test-ca/rsa-4096/inter.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC66Ip2Q+5nD2XO -HYbS8ESBaJd331RJ+j52EwCHFs/UNMkhDV/R+lhlE34vTHV5/K0TkwSBgY4ePRId -pKkivi8lchHrm4Y6tSwjRbJoPO5GQxuZwyuM88nMBwilxnIYNuKTLxq4Pch8zkk5 -IGhRJFMRcwvfm3NfBWz+54i/ZZMcwP9k3yQNkK3eJcAykjn3wVxg1D2lF35h0LGu -SBYpMhwZpqz4z9NAvULuybQZc8w/XTO1OYtzBp4JFpCEzupC6BkhhN7Ttjkq0mfT -CngxdsvKRCu5T7Ta6wysp37Hg+bxk25/uYuAuGHzJLUSNCTfqn38ZKF+Iy92+Ntb -kYn28zMtEWwxlpk++vS/Q1Yr8H7PA3VxZXDI8cI8xO7hHWYW0lhbkXb7V2S/+Nyr -Kw/wXc9kwW8s8lut8FChJb77xku43KfsYf+JrpCiTn+VHTH3sv6A0ZK6lMYglLzc -e0QY27KZ4P1sBHbOrN/f0qJHqGzZkcyy6gtxvGT0j7zamjmBjjPjj8cxb0mjdcmr -UIFKlGCRRqoMkyOnnwHCGy+Kp9uP6XiKNa+YKXOSAJMcdvO7d/+m/vGRjflSwr5x -w2l/xka87ZmqawrbaU/lXCnZJws8JkufK01iUM8tkKMKJuBpSwuaFOvTxT1SI1lN -4f59UGRmcEJnFobiFf2IFfFI2xq7fwIDAQABAoICAAcrGwBdK5wNRaDJlh2p9F6o -NcL1sERkEhgyM196+v6PBbW8TxP9D33U6Q6EVq8Wh0bMaSxUXTCAtByp74izFZjQ -jqpkHRpMT4SMzEJeL99G/JyBlT6DLRajoGvHOCIAnOD7OgGd8P4EZV+JBCc0hvEQ -4gAx9JNM4HjIRYDdsu4z4reqLTZN+bUe6oel/w4m/tWB3lliFMlImT/vaNYso1JC -h7jFM7t0ZshEuSEOxWMavnxxWA1R0CbWFDXbv7VQNIKKF4e0Ie4oAq5f5Os0vK0l -vy2Mxols4WAPznd1chqKxn6kjZqit7L9EerAUDe50Loo2968F7pu4e7Znpp3iltb -2YRkBx9XWlrNlwRcdgCB8nHAUHn7+qCBimB0te8/a7TAnkC+IjbAQU3zSRQWVLQu -YXjjXmT+2PJQEu+fDony4xUsXe/RX7JLQ2RLqtKPHrpuAH2mRctMP/ze2yyRDYxU -IiDN/VZSvj0iGuVrsYUIDKEB7lyJ41dv8c/kl/wMcQn17AHrgIe7R6pgN4UtmXE6 -j5aA8+u/cLGhyCJ27Fj3dFsVMHSmJMQFTw3GMEAJCeaM071gP+5RDwilY71ztmPE -uSwla2T5MGSCu0G9in1IOEhh0fdhl27x7vCBJQm+x5hGdMfuC6JIcre7IW+qyHI5 -tcyO12eGYQhG8u+Ql/qxAoIBAQDiAIKWTa/LJgnFUZ6GPi/b+/6jNoTbEmWmMAtA -NePm3p0eqClJyjrB/W7eh1oCOjWovbiUsSdICGkDEcACyaCgNqaGWbHclOqTrj29 -hlB9VQaDwSD9WkO7jig8X6+7JpH1Q1RJpcdT66ZOd05OIgAlCZgL5ImW/t+ISbok -6DMRM5xdVgQZJTiQydUgb6Lk/Nj/0dNJcJOV9vPMtJ39hsYZmiEiO+kGP8oQUTWy -SfqTEbg8e7ONdX8pvZWTbwjMaRTz5Htl4CZ2Ft3QXfw/NNisUoGLxuwfw6152hQS -DljDpR4WDEy/uoQpzJeFOIUXmUAo0Ws4WpQh6qZMaOOs6nbxAoIBAQDTt6Oj6nVr -0/1AUKOr6KBhr8PbG1L2l8EaeszKW3A/jrUYnoHBhqvenQMZ3Dga09IMQHm6rWRC -IehIcA15PkMSUwRsq8hOsnhvH8+M+1Pm9CD1RKzQdoy9JQQcqoRMR6aVqwZ0RVxI -Polu+uXw70Nki/+Q3HUhy5ftmvd5JkKuY7GVV3ngNHxum/T1XO7QrqXkeedyf4WP -saD8XKZiCW430yb4gjbXsG2+I77RfmS901c8CjDos6NsdY8yVSCcsG/LKxaeJDMI -KqX2DLF8uAEedEr8oa+hDEKv4JjHNN7LMqMZzoezg+Q4fi40UmP08yz8OP1uprDf -MEz8fK5bTblvAoIBAQDV4zWzmgJteKp2nDAzTFdvEqaDQO2rh1W8WmvLcTUnIjgA -85VfyIyjW366C88bnIt8D1HJJ3/NpGf+B6Z4/OmPtykSrYCvCiCXc6fq3lr+wqFP -wE/AdtTzhC6ANO7TaEVqoTX8HXDv822JhVAOkg8g/ltvpfKxfLWA/oW0uCzccsPh -ca6fPaKzJNEXyY+Yt9OHCMW2E10Z6IYDjkyXzB1fzYbeJ2T6DRTnLHRtL6Z92Z9L -XqcnkbOvhUUyKztgeXLi/7HpUKIV0L5MnSZFi3YkYFFKQBDoXwCm+cVU8U8AmhxH -MYzRR2wdQwuDgWI0W01lVAztYIwhLToFxp7y31OBAoIBAE4T9lRX/e/DIS1bz9Bx -HNyJvngKbqEkPAGw8d9as12tGlo28nFVYgLZ8q/RyBsUrOz5xiqzETtWV9yG/mEN -Nh0G4qXVAC0Nol6Q47EBauLMe28YYYcLgUGr6gVMWTfsYKHnjZzJi4vVDEgSXURq -aHcnLhvVQZkyBRiKQuO52XOIro/9z6OAl7cO6tql6Cirj+BfmJxgLPheMJmA7ZdQ -FQafZ0rUcrc+iGpLsm5951ceHpi0xW67+PPhsuqD/F/srX3GqTOu8+b6G3RPIBF3 -pmn9xz29vxBsfhdwg8dLVzKmvQGiaecpJ7wxxIZlMBnAqIFn3wa0kJvuqyWeMYrY -ch8CggEALNlW+RXlvpkFDmfv+eHGPsGNo1j5M1cV4Z3kBzh0PwU4exbh1CfgCX2P -jHGTmqWhHj9KyRoZKmydJsfyn1na0nGYAeAZOVAP3kulqrgFhsmPfMRNJZ+h9S5F -opEOdx/xoUTB34oRWYE3yZNZCGGJanicOYepvrkLuCSNqIiDnyHC1HUr/bEtRfx0 -IFfqxZ/uU8uXPRv9sy9qVNF/Z6Q1X5j7jqFLVEpDcVrNfVxTsrXokDF1Kt0Hw2PW -ApODYwgSw6jUs3EfwsKRBRB2MyrG9FM0LJxaDzHul5mA5VYMryLjznutjjmu+sqg -k6V20WJeVe603hHRJqjtMSta3O0k0Q== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDRF7vBX5tnrLUJ +0tSJ11Y5ZRbKTBf+6MsWkGqTAR0y8Irx7lUQtLkn0DycfBaGCuoKzfJQh4Z3Vw+M +qHzSLInnl+rLvTfrU7eym5SVq8l3vOFGKc1lluTB2d1/uCFUJyKCTmK3hFezRmU6 +mii+aSrhQifmTBfFpKMUgE8rCLqkH6xug+Au9qF4SiUZcyaRt+5iy8JfTzQz5RsN +Xv9NCWCM1Ye64bDYIXCL4jg/9MSRcOltlboHa2dEVcULY7Ojz+1SX4HYZbNsn19X +j067q4Tl2ZAMGYAtnwZ+y7uz244I/UTMuqbxaENgU9+Ag5hTw3Nrc4DupZ4zivh4 +2c7Xx8IumnK357uXFTtKIrS9+uiR6ey06CnXIuuYWfNBX4NLvOMlyW8c+DX48NcG +OU6sNjoRoxskWBPVK0n0qN3x1u1hRyRrkI6BtcERVNUZzuEO5CiA6p0CqJizPDmj +zjWueBfQQoenCvcNG+2d+AQsL8DLqmmLkNSnzT/QWCY1EDM/k03Ww9DN0JSJvwbW +m9FKPfJoWfqDVr8RsvimhuM/iHAL5RxQmdUPjTaPgtwVXqhEBgp4JRxAKURNwTlS +1mQ55OIinZWdmsSA2VdIJI6nQrkwE/Lwn+X02m5EOw+3Fyow2VclaHlOrssReJVT +tWSV3LGSSyMt/9ycEqOK1ruV25b2+wIDAQABAoICABkAPFAgr+gYvk7Yjtbqe2IC +edP3fu5ZBHYuuhIuEcE2V3lvtMEkyCIquSHsM78+99a8jaAztuV3G0yyFWFbYk6M +RiP//Hs0DTobIIw4OFng/j38SpW+kfIHLFUUqFDecGG3S1YZH2lis0DrZOVw6r0j +bWTmgqMnDo7UJriFDdgI/NOmthFiJlLH6XazuOVh4kGdjnYEoOp27EylfWOciZcI +AyIv0Tbj4gf/z8JUmy+uxLfN2CqsnMeOyoWURssBViWWy45F3sslT+pGyt8QC6R2 +EU4OZdqj8fa1l+cnYJd8573jsDQbnOQcMz8JEmzVk8FB1CVKLUfex9tKDnw+ON6l +UWcHYTR+eTsP5AEk5KCNQthHH+IVSxq19OLHx9R52BetfejZOOnGWNW4HQO/LRzR +hih9oWDvrKWBVLwB+9RZRwHKXSaMt00HknJ1cNFJBfXbhPG+IUbhhJHoKOGecrOz +ct70Ic3rMmRbtI8RC+n4WLbGCfB/fO1uI/vg4Z/cTST4y/wN2ElwvEzGCW75dC3R +l8azsYW4YDdA4L98A4HJTqXQNkW0N2Zf6+w24NKvGP+BUsvc2ygw3Jw1V13ouyZU +MQbver08bl5I4xCMvTzcE8ZRytNV7TxiypiFBRbhQIsSLqvJdWShCPuvse/eMQqY +og15QJB49CeYFt/oZUSxAoIBAQDsdp0Om/sJCNrG/fQOW3uzvxetIpSLvFjxkHNG +T2GarKaHLp4fZqmQnOoyqMQA61f3moxWYQUY0y+cDdOP39wRiB6PGHNZBoZRD38K +Bk8RcTsIvog0c1rkqKzuBCwOyBQ1JB0AZsd6uPJE96QwdHlE+n1r1BIlbBJmApx9 +7tBTUhkvreBxsamWBHMXAgCOy1dURTrQo0keUWBPzQWMD5qNh7nvUNF++nfXD/z6 +gbuQemWCAJW9bKB6E+a6u3KOfAjuDqUsGuF+f9wY3eJAJwVqwnv4Af56vQstObzb +puqbYUMT5LrjMm+4m2fpE3QRPw+pWMR+pBmuO9ZHQgKOy6WLAoIBAQDiXjWk1Dw+ +zKitdIjqfrg5+gMdi3Q7GGaoWUkCn/hNBf5nZ5g7XR2UbE8I8CsY6Ako/YOk91xz +APFnibX8RI/wDU/Ja1q4NPTukKRAiS8F1yJ223Ko4kqiGi6lKtjC3lt2HM2Vmv3A +mfb10lxPU7ck+5D4Zu97QK32iSydkLV4EKaTfWt9VWHVcIVt28Atr4br4VKJtKfY +HJLb70odpR04UBgObpiyOtp/qwIL8WJJvgHuyXQVDRVxSOuchnkza1SztqyJVMYi +BAeu+arJ5apb+4Y6xWsJnjA6IVWztaGr57pUp3YGLUMe9peuL8T464zwVqgkpBH7 +oDtpBkPCJYJRAoIBAQCsKeBIFsE73rqLT7M2EN2MDYHLiPXml4eaubV0Z6+E0lec +7RArhK/InrbVk5LBqJgvqtKqwZDYdkqfsGFsy2yLRzQYs5CoLNv2gPXZ8qX26R42 +S6MXrTVsbnMaCOebC4nK9zQ2ap6qd6XNGRDuRp9U3ZwbuhhMLtdmdlhCSHJdd9Tm +pg5YOSZkF3FEOyz0ypAWxyD/byN5c35QG9ICHApHKZ7y40Dk1rASYY2rRnGty6/E +a3CarlBZEcxYAMpze1N1ICyaZCfx1l4FrOdiFgcXp+pis/D4pFNS5krfEjSWVMZl +4Y9AhCRboKqTRJqpQ+S/Q+Ys3oXkGaT11NXP6e3pAoIBAFtFEOv8hq3rZrdJHUsu +/KijnU30RFDvbbTDCyT7yumDWSfoJQEKcjq90MAR1c6c/9R/Iu0Ir0XPQ4YziCTG +oCJxu5HCrzlGYNsvhopexY7dRxAVOw3M77qcQ+JkfDFV5hqhUmLXsyhM674BqyZw +4o8Ov0zoc/aGBZ45gLum9QQL8p3VG9nU6zVbwPCigcHp28SPfO/43xPLsYrr2D5L +rJRf9tMa1IZIJIEFOjYGhVKmQbE9mIhEVjju5dCeh4+r3uL27GoSvDBK3641DB+L +cjzUFTLtFlMybM+DUUK8IQtmy0IGoxeqeD2rv0yEBi83CgR9bB4Z6QZDfLDDzd4h +sYECggEAYPF4cjhqJvBGgdT2P8rmTWI+PxJNf2fKeAivLRSvp6wcd8BdtRKLANcv +P42zwvXQWvdGBa3z70ArQNN6uYt9tUG5FyjxSRGr6vXTJsxaJgQqrcfFbhpHSBjW +uZxKSHfZr/PjxsOQBZpJWldfX4EuXp1ZTpOscB9nDVrLDjOgdMBWh6Z1pqe75Wj1 +j2kBjZkA8VvNlAOlOpgMdD+b+f4QUKvOq2Owq5nevtuJ3awCZspNOR4j2Pk378Rv +5ahJE/kyJy1LDjOVUUvLUTqa/OY50V8Fc2HW6Qb7sHy7rPiNzcy6tIXudWqjlRoR +tfpWTny76UNwXv0xLFPbEqnY7ouliQ== -----END PRIVATE KEY----- diff --git a/test-ca/rsa-4096/inter.revoked.crl.pem b/test-ca/rsa-4096/inter.revoked.crl.pem index b62839b361..887e00eb3d 100644 --- a/test-ca/rsa-4096/inter.revoked.crl.pem +++ b/test-ca/rsa-4096/inter.revoked.crl.pem @@ -1,17 +1,17 @@ -----BEGIN X509 CRL----- -MIICvjCBpwIBATANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255dG93biBS -U0EgNDA5NiBDQRcNMjQwNDA3MTgyNDQxWhcNMjQwNDEyMTgyNDQxWjAiMCACAQoX -DTI0MDQwNzE4MjQ0MVowDDAKBgNVHRUEAwoBAaAwMC4wHwYDVR0jBBgwFoAUMGYY -0p60eKU2bFaMebB7URHcfbMwCwYDVR0UBAQCAgTSMA0GCSqGSIb3DQEBDQUAA4IC -AQANok3snTbWa7mhckX4VEOk0sQX2geKmmXeYI4FNMffHdV+9t2+3Te4l+nI5yRM -67/bpPPmvEVDO8vy+i8BW6dd8av3owkXHN7ZF/yjEBeNFPoVqphanisIWVuYs5Hf -yCsihaoHB+M6rXOTMwA2DFxRNtsh4OhbXC341zhgJnL+lkF/tLv5gbP9j2S/iGJf -Wk9hwhxyV60f1PGSGujqtrPAOwXSljbH2Ab9EC53OYcW4UVJ5j41RSXpjz5xqktr -zwJRSC+1I8+0XMX/zc/mZ02W3wR+kJ4TuJHsAodEvrNlFv8kS7bUHIQOHNRhppJ7 -ZV+fBinxppbjNuPHKNSJ4CmEnGtQdsMrv9r8L840AGM/NaN/tYqOpPIpWQn8ZyPk -LNG+KzVeoQV/weo2yfivLIqvsXg0Rfk65F/8AJN5Jna5NZkt5fHUpi0WH6DI0Aed -irGmv7DwUP82RdhhRlWVfkaO6jRjZequeKtCftnoO9HMM61vVD7qb0DCkB3Xilse -+bpuYB88F+OI+dLcMnb6f5I9wKODtfWEuX4vfehZKQUsaajlXkVEh9tSfT+ETkYh -keC/w8YJy7xvqraJWOoF+wlMGntKvP8uIS0hrA4mh0APD7uxpHL05k7ycYiJ61Bs -hTWz1SdAePQjoxMgM6h2attEYyi0R9t9ZBa5Qmv1yeNgUQ== +MIICwDCBqQIBATANBgkqhkiG9w0BAQ0FADAfMR0wGwYDVQQDDBRwb255dG93biBS +U0EgNDA5NiBDQRcNMjQwNTA3MTg0NzAxWhgPMjEyNDA0MTMxODQ3MDFaMCIwIAIB +ChcNMjQwNTA3MTg0NzAxWjAMMAoGA1UdFQQDCgEBoDAwLjAfBgNVHSMEGDAWgBS9 +nROz5hU+7FW+py0cJoOcbB/aWjALBgNVHRQEBAICBNIwDQYJKoZIhvcNAQENBQAD +ggIBAIiX0kRChoO9AKxfeVcowzPNp8+19i2oVST14b9JQ8f1+lfI4xgRwzSlDtt9 +wTp8QlVMcXrY6O7uu0suUiShevRRrp0FqTaIB5TrY0lO+Ni6pUCdp64Di/0qITEZ +JbzlbTaSaCBTb8OIBbQlfO1UsqiZb0CedJ3oWLJKt/u/tZZ1in9hM/A+Pk0Ke1Vx +jPX41VNFPVX2G+asoAiHCakFDA4c66ZtUfE+EjRa6I1foSqH7gJ7i9areieluMym +3qA8BsTTpEjOvSkbwMUtcnGCQ2OceVfeetNxvSGvUcP8b1L8E0OaKX8HVmaXls9F +3eGrMiYnxTNzcrNcB9idc0iMGyNSkFmAffmD+nI8SLIQdLmnkMM5ty8TQYU2/Xob +tSEKWXsSzLkHGn2eTm3WlGRywiSPTfAUq3Eqg1T7E25cizPPe/AJ01GkDFzaeW35 +i0oxcgGEwYs6iwTRZaGjnnPF96nZtExHEU6gf5s8nYBsyfusmhPRrhyjrU3oTX8N +adEhZP27JAdWJniws0TjdDCXNHDQYWsCLZ9qUc3sYt0bqBzW05qoZBAPr/ijYsJC +pdGhvWWTXfbKNL8w7YS3QSyliQUm+oqOl/oPHpQH6oNzZ62TebtENLiaCJxhtsoZ +ixB87BVB5V9hmBxo3y96HOR5ykJVBAtb4pHfQK1ngNzOTCDK -----END X509 CRL----- From 04ef27c7eb2092bb6838d1829106b36d75805624 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 22 May 2024 15:08:05 +0100 Subject: [PATCH 0965/1145] api.rs: format imports --- rustls/tests/api.rs | 40 +++++++++++++--------------- rustls/tests/api_ffdhe.rs | 12 ++++----- rustls/tests/client_cert_verifier.rs | 8 +++--- rustls/tests/key_log_file_env.rs | 7 +++-- rustls/tests/server_cert_verifier.rs | 7 ++--- 5 files changed, 34 insertions(+), 40 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index f520917779..663902f3d7 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -9,16 +9,12 @@ use std::cell::RefCell; mod macros; test_for_each_provider! { -use super::*; - -use std::fmt; use std::fmt::Debug; use std::io::{self, IoSlice, Read, Write}; -use std::mem; use std::ops::{Deref, DerefMut}; use std::sync::atomic::{AtomicUsize, Ordering}; -use std::sync::Arc; -use std::sync::Mutex; +use std::sync::{Arc, Mutex}; +use std::{fmt, mem}; use pki_types::{CertificateDer, IpAddr, ServerName, UnixTime}; use rustls::client::{verify_server_cert_signed_by_trust_anchor, ResolvesClientCert, Resumption}; @@ -32,20 +28,18 @@ use rustls::internal::msgs::handshake::{ }; use rustls::internal::msgs::message::{Message, MessagePayload}; use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert}; -use rustls::SupportedCipherSuite; use rustls::{ - sign, AlertDescription, CertificateError, ConnectionCommon, ContentType, Error, HandshakeKind, - InvalidMessage, KeyLog, PeerIncompatible, PeerMisbehaved, SideData, + sign, AlertDescription, CertificateError, CipherSuite, ClientConfig, ClientConnection, + ConnectionCommon, ConnectionTrafficSecrets, ContentType, DistinguishedName, Error, + HandshakeKind, InvalidMessage, KeyLog, PeerIncompatible, PeerMisbehaved, ProtocolVersion, + ServerConfig, ServerConnection, SideData, SignatureScheme, Stream, StreamOwned, + SupportedCipherSuite, }; -use rustls::{CipherSuite, ProtocolVersion, SignatureScheme}; -use rustls::{ClientConfig, ClientConnection}; -use rustls::{ConnectionTrafficSecrets, DistinguishedName}; -use rustls::{ServerConfig, ServerConnection}; -use rustls::{Stream, StreamOwned}; + +use super::*; mod common; use common::*; - use provider::cipher_suite; use provider::sign::RsaSigningKey; @@ -1392,7 +1386,8 @@ fn client_check_server_certificate_ee_crl_expired() { .only_check_end_entity_revocation(); for version in rustls::ALL_VERSIONS { - let client_config = make_client_config_with_verifier(&[version], enforce_expiration_builder.clone()); + let client_config = + make_client_config_with_verifier(&[version], enforce_expiration_builder.clone()); let mut client = ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); @@ -1406,7 +1401,8 @@ fn client_check_server_certificate_ee_crl_expired() { ))) ); - let client_config = make_client_config_with_verifier(&[version], ignore_expiration_builder.clone()); + let client_config = + make_client_config_with_verifier(&[version], ignore_expiration_builder.clone()); let mut client = ClientConnection::new(Arc::new(client_config), server_name("localhost")).unwrap(); let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); @@ -4023,9 +4019,10 @@ fn early_data_can_be_rejected_by_server() { } mod test_quic { - use super::*; use rustls::quic::{self, ConnectionCommon}; + use super::*; + // Returns the sender's next secrets to use, or the receiver's error. fn step( send: &mut ConnectionCommon, @@ -4738,10 +4735,9 @@ mod test_quic { #[test] fn test_client_does_not_offer_sha1() { - use rustls::internal::msgs::{ - codec::Reader, handshake::HandshakePayload, message::MessagePayload, - message::OutboundOpaqueMessage, - }; + use rustls::internal::msgs::codec::Reader; + use rustls::internal::msgs::handshake::HandshakePayload; + use rustls::internal::msgs::message::{MessagePayload, OutboundOpaqueMessage}; use rustls::HandshakeType; for kt in ALL_KEY_TYPES { diff --git a/rustls/tests/api_ffdhe.rs b/rustls/tests/api_ffdhe.rs index d10d6a7cae..2740db66d2 100644 --- a/rustls/tests/api_ffdhe.rs +++ b/rustls/tests/api_ffdhe.rs @@ -9,11 +9,11 @@ test_for_each_provider! { mod common; use common::*; - use rustls::crypto::CryptoProvider; +use rustls::internal::msgs::base::Payload; +use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; use rustls::internal::msgs::message::{Message, MessagePayload}; -use rustls::internal::msgs::{base::Payload, codec::Codec}; use rustls::version::{TLS12, TLS13}; use rustls::{CipherSuite, ClientConfig}; @@ -340,15 +340,15 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { } mod ffdhe { - use super::provider; use num_bigint::BigUint; use rustls::crypto::{ ActiveKeyExchange, CipherSuiteCommon, CryptoProvider, KeyExchangeAlgorithm, SharedSecret, SupportedKxGroup, }; - use rustls::{ - ffdhe_groups::FfdheGroup, CipherSuite, NamedGroup, SupportedCipherSuite, Tls12CipherSuite, - }; + use rustls::ffdhe_groups::FfdheGroup; + use rustls::{CipherSuite, NamedGroup, SupportedCipherSuite, Tls12CipherSuite}; + + use super::provider; /// A test-only `CryptoProvider`, only supporting FFDHE key exchange pub fn ffdhe_provider() -> CryptoProvider { diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 59027fa514..e42f65f39d 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -6,13 +6,15 @@ mod macros; test_for_each_provider! { mod common; +use std::sync::Arc; + use common::{ do_handshake_until_both_error, do_handshake_until_error, get_client_root_store, make_client_config_with_versions, make_client_config_with_versions_with_auth, make_pair_for_arc_configs, server_config_builder, server_name, webpki_client_verifier_builder, ErrorFromPeer, KeyType, ALL_KEY_TYPES, }; - +use pki_types::{CertificateDer, UnixTime}; use rustls::client::danger::HandshakeSignatureValid; use rustls::internal::msgs::handshake::DistinguishedName; use rustls::server::danger::{ClientCertVerified, ClientCertVerifier}; @@ -21,10 +23,6 @@ use rustls::{ ServerConnection, SignatureScheme, }; -use pki_types::{CertificateDer, UnixTime}; - -use std::sync::Arc; - // Client is authorized! fn ver_ok() -> Result { Ok(ClientCertVerified::assertion()) diff --git a/rustls/tests/key_log_file_env.rs b/rustls/tests/key_log_file_env.rs index 08eb9614df..5363f2fbc8 100644 --- a/rustls/tests/key_log_file_env.rs +++ b/rustls/tests/key_log_file_env.rs @@ -53,10 +53,10 @@ fn serialized(f: impl FnOnce()) { test_for_each_provider! { -use super::*; - -use std::sync::Arc; use std::io::Write; +use std::sync::Arc; + +use super::*; mod common; use common::{ @@ -64,7 +64,6 @@ use common::{ transfer, KeyType, }; - #[test] fn exercise_key_log_file_for_client() { super::serialized(|| { diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index ce3b6c5440..aab32ba405 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -6,14 +6,15 @@ mod macros; test_for_each_provider! { mod common; +use std::sync::Arc; + use common::{ do_handshake, do_handshake_until_both_error, make_client_config_with_versions, - make_pair_for_arc_configs, make_server_config, ErrorFromPeer, ALL_KEY_TYPES, MockServerVerifier, + make_pair_for_arc_configs, make_server_config, ErrorFromPeer, MockServerVerifier, + ALL_KEY_TYPES, }; use rustls::{AlertDescription, Error, InvalidMessage}; -use std::sync::Arc; - #[test] fn client_can_override_certificate_verification() { for kt in ALL_KEY_TYPES.iter() { From 45c8a54589f8a12b86c69a14f2f18abded0f4ea7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 23 May 2024 09:08:39 +0100 Subject: [PATCH 0966/1145] Remove `PayloadU24::new` This had one caller outside of test code. --- rustls/src/msgs/base.rs | 4 ---- rustls/src/msgs/handshake.rs | 2 +- rustls/src/msgs/handshake_test.rs | 4 ++-- rustls/src/msgs/message_test.rs | 2 +- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index 244e774c4a..3ab11be8f4 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -84,10 +84,6 @@ impl fmt::Debug for Payload<'_> { pub(crate) struct PayloadU24<'a>(pub(crate) Payload<'a>); impl<'a> PayloadU24<'a> { - pub(crate) fn new(bytes: Vec) -> PayloadU24<'static> { - PayloadU24(Payload::Owned(bytes)) - } - pub(crate) fn into_owned(self) -> PayloadU24<'static> { PayloadU24(self.0.into_owned()) } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index d6534a9a8d..6f8fddd603 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2236,7 +2236,7 @@ impl<'a> Codec<'a> for CertificateStatus<'a> { impl<'a> CertificateStatus<'a> { pub(crate) fn new(ocsp: Vec) -> CertificateStatus<'static> { CertificateStatus { - ocsp_response: PayloadU24::new(ocsp), + ocsp_response: PayloadU24(Payload::Owned(ocsp)), } } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 9236023dba..b63b5234e6 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -800,7 +800,7 @@ fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13<'static> { cert: CertificateDer::from(vec![3, 4, 5]), exts: vec![ CertificateExtension::CertificateStatus(CertificateStatus { - ocsp_response: PayloadU24::new(vec![1, 2, 3]), + ocsp_response: PayloadU24(Payload::new(vec![1, 2, 3])), }), CertificateExtension::Unknown(UnknownExtension { typ: ExtensionType::Unknown(12345), @@ -887,7 +887,7 @@ fn get_sample_encryptedextensions() -> Vec { fn get_sample_certificatestatus() -> CertificateStatus<'static> { CertificateStatus { - ocsp_response: PayloadU24::new(vec![1, 2, 3]), + ocsp_response: PayloadU24(Payload::new(vec![1, 2, 3])), } } diff --git a/rustls/src/msgs/message_test.rs b/rustls/src/msgs/message_test.rs index ba91c1f6ec..64a61aa17c 100644 --- a/rustls/src/msgs/message_test.rs +++ b/rustls/src/msgs/message_test.rs @@ -105,6 +105,6 @@ fn debug_payload() { assert_eq!("01020304", format!("{:?}", PayloadU16(vec![1, 2, 3, 4]))); assert_eq!( "01020304", - format!("{:?}", PayloadU24::new(vec![1, 2, 3, 4])) + format!("{:?}", PayloadU24(Payload::new(vec![1, 2, 3, 4]))) ); } From 96648336a770b0302433f795c963b1f373b1b019 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 23 May 2024 09:08:31 +0100 Subject: [PATCH 0967/1145] Refactor construction of `CertificatePayloadTls13` --- rustls/src/client/tls13.rs | 25 ++++++++----------------- rustls/src/msgs/handshake.rs | 34 ++++++++++++++++++++++++++++------ rustls/src/server/tls12.rs | 5 +---- rustls/src/server/tls13.rs | 31 ++++--------------------------- 4 files changed, 41 insertions(+), 54 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 917b6a7a77..3dab4a05be 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -25,9 +25,9 @@ use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::enums::{ExtensionType, KeyUpdateRequest}; use crate::msgs::handshake::{ - CertificateEntry, CertificatePayloadTls13, ClientExtension, HandshakeMessagePayload, - HandshakePayload, HasServerExtensions, NewSessionTicketPayloadTls13, PresharedKeyIdentity, - PresharedKeyOffer, ServerExtension, ServerHelloPayload, + CertificatePayloadTls13, ClientExtension, HandshakeMessagePayload, HandshakePayload, + HasServerExtensions, NewSessionTicketPayloadTls13, PresharedKeyIdentity, PresharedKeyOffer, + ServerExtension, ServerHelloPayload, }; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; @@ -786,20 +786,11 @@ fn emit_certificate_tls13( auth_context: Option>, common: &mut CommonState, ) { - let context = auth_context.unwrap_or_default(); - - let mut cert_payload = CertificatePayloadTls13 { - context: PayloadU8::new(context), - entries: Vec::new(), - }; - - if let Some(certkey) = certkey { - for cert in &certkey.cert { - cert_payload - .entries - .push(CertificateEntry::new(cert.clone())); - } - } + let certs = certkey + .map(|ck| ck.cert.as_ref()) + .unwrap_or(&[][..]); + let mut cert_payload = CertificatePayloadTls13::new(certs.iter(), None); + cert_payload.context = PayloadU8::new(auth_context.unwrap_or_default()); let m = Message { version: ProtocolVersion::TLSv1_3, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 6f8fddd603..7b05059a7e 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -5,8 +5,8 @@ use alloc::collections::BTreeSet; use alloc::string::String; use alloc::vec; use alloc::vec::Vec; -use core::fmt; use core::ops::Deref; +use core::{fmt, iter}; use pki_types::{CertificateDer, DnsName}; @@ -1382,7 +1382,7 @@ impl<'a> Codec<'a> for CertificateEntry<'a> { } impl<'a> CertificateEntry<'a> { - pub(crate) fn new(cert: CertificateDer<'static>) -> CertificateEntry<'static> { + pub(crate) fn new(cert: CertificateDer<'a>) -> CertificateEntry<'a> { CertificateEntry { cert, exts: Vec::new(), @@ -1449,10 +1449,32 @@ impl<'a> Codec<'a> for CertificatePayloadTls13<'a> { } impl<'a> CertificatePayloadTls13<'a> { - pub(crate) fn new(entries: Vec>) -> Self { + pub(crate) fn new( + certs: impl Iterator>, + ocsp_response: Option<&'a [u8]>, + ) -> Self { Self { context: PayloadU8::empty(), - entries, + entries: certs + // zip certificate iterator with `ocsp_response` followed by + // an infinite-length iterator of `None`. + .zip( + ocsp_response + .into_iter() + .map(Some) + .chain(iter::repeat(None)), + ) + .map(|(cert, ocsp)| { + let mut e = CertificateEntry::new(cert.clone()); + if let Some(ocsp) = ocsp { + e.exts + .push(CertificateExtension::CertificateStatus( + CertificateStatus::new(ocsp), + )); + } + e + }) + .collect(), } } @@ -2234,9 +2256,9 @@ impl<'a> Codec<'a> for CertificateStatus<'a> { } impl<'a> CertificateStatus<'a> { - pub(crate) fn new(ocsp: Vec) -> CertificateStatus<'static> { + pub(crate) fn new(ocsp: &'a [u8]) -> Self { CertificateStatus { - ocsp_response: PayloadU24(Payload::Owned(ocsp)), + ocsp_response: PayloadU24(Payload::Borrowed(ocsp)), } } diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 4fb9f30d54..287593d491 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -1,4 +1,3 @@ -use alloc::borrow::ToOwned; use alloc::boxed::Box; use alloc::string::ToString; use alloc::sync::Arc; @@ -380,13 +379,11 @@ mod client_hello { } fn emit_cert_status(transcript: &mut HandshakeHash, common: &mut CommonState, ocsp: &[u8]) { - let st = CertificateStatus::new(ocsp.to_owned()); - let c = Message { version: ProtocolVersion::TLSv1_2, payload: MessagePayload::handshake(HandshakeMessagePayload { typ: HandshakeType::CertificateStatus, - payload: HandshakePayload::CertificateStatus(st), + payload: HandshakePayload::CertificateStatus(CertificateStatus::new(ocsp)), }), }; diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 87041af816..79456c6b25 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1,7 +1,5 @@ -use alloc::borrow::ToOwned; use alloc::boxed::Box; use alloc::sync::Arc; -use alloc::vec; use alloc::vec::Vec; pub(super) use client_hello::CompleteClientHelloHandling; @@ -42,9 +40,9 @@ mod client_hello { use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::enums::{Compression, NamedGroup, PSKKeyExchangeMode}; use crate::msgs::handshake::{ - CertReqExtension, CertificateEntry, CertificateExtension, CertificatePayloadTls13, - CertificateRequestPayloadTls13, CertificateStatus, ClientHelloPayload, HelloRetryExtension, - HelloRetryRequest, KeyShareEntry, Random, ServerExtension, ServerHelloPayload, SessionId, + CertReqExtension, CertificatePayloadTls13, CertificateRequestPayloadTls13, + ClientHelloPayload, HelloRetryExtension, HelloRetryRequest, KeyShareEntry, Random, + ServerExtension, ServerHelloPayload, SessionId, }; use crate::server::common::ActiveCertifiedKey; use crate::sign; @@ -703,28 +701,7 @@ mod client_hello { cert_chain: &[CertificateDer<'static>], ocsp_response: Option<&[u8]>, ) { - let mut cert_entries = vec![]; - for cert in cert_chain { - let entry = CertificateEntry { - cert: cert.to_owned(), - exts: Vec::new(), - }; - - cert_entries.push(entry); - } - - if let Some(end_entity_cert) = cert_entries.first_mut() { - // Apply OCSP response to first certificate (we don't support OCSP - // except for leaf certs). - if let Some(ocsp) = ocsp_response { - let cst = CertificateStatus::new(ocsp.to_owned()); - end_entity_cert - .exts - .push(CertificateExtension::CertificateStatus(cst)); - } - } - - let cert_body = CertificatePayloadTls13::new(cert_entries); + let cert_body = CertificatePayloadTls13::new(cert_chain.iter(), ocsp_response); let c = Message { version: ProtocolVersion::TLSv1_3, payload: MessagePayload::handshake(HandshakeMessagePayload { From 091587bc8be555525eb3cdcc4f3a8ea9cb5eca78 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 22 May 2024 10:56:45 +0100 Subject: [PATCH 0968/1145] Derive Clone for `ServerConfig` & `ClientConfig` This seems not to be required now. Possibly a hangover from when these were generic over a `CryptoProvider`. --- rustls/src/client/client_conn.rs | 23 +---------------------- rustls/src/server/server_conn.rs | 27 +-------------------------- 2 files changed, 2 insertions(+), 48 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 5d274ef9a0..4e4215be4f 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -143,7 +143,7 @@ pub trait ResolvesClientCert: fmt::Debug + Send + Sync { /// * [`ClientConfig::key_log`]: key material is not logged. /// /// [`RootCertStore`]: crate::RootCertStore -#[derive(Debug)] +#[derive(Clone, Debug)] pub struct ClientConfig { /// Which ALPN protocols we include in our client hello. /// If empty, no ALPN extension is sent. @@ -373,27 +373,6 @@ impl ClientConfig { } } -impl Clone for ClientConfig { - fn clone(&self) -> Self { - Self { - provider: Arc::::clone(&self.provider), - resumption: self.resumption.clone(), - alpn_protocols: self.alpn_protocols.clone(), - max_fragment_size: self.max_fragment_size, - client_auth_cert_resolver: Arc::clone(&self.client_auth_cert_resolver), - versions: self.versions, - enable_sni: self.enable_sni, - verifier: Arc::clone(&self.verifier), - key_log: Arc::clone(&self.key_log), - enable_secret_extraction: self.enable_secret_extraction, - enable_early_data: self.enable_early_data, - #[cfg(feature = "tls12")] - require_ems: self.require_ems, - time_provider: Arc::clone(&self.time_provider), - } - } -} - /// Configuration for how/when a client is allowed to resume a previous session. #[derive(Clone, Debug)] pub struct Resumption { diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 9dfac10646..1f6228d4da 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -221,7 +221,7 @@ impl<'a> ClientHello<'a> { /// /// [`RootCertStore`]: crate::RootCertStore /// [`ServerSessionMemoryCache`]: crate::server::handy::ServerSessionMemoryCache -#[derive(Debug)] +#[derive(Clone, Debug)] pub struct ServerConfig { /// Source of randomness and other crypto. pub(super) provider: Arc, @@ -339,31 +339,6 @@ pub struct ServerConfig { pub time_provider: Arc, } -// Avoid a `Clone` bound on `C`. -impl Clone for ServerConfig { - fn clone(&self) -> Self { - Self { - provider: Arc::::clone(&self.provider), - ignore_client_order: self.ignore_client_order, - max_fragment_size: self.max_fragment_size, - session_storage: Arc::clone(&self.session_storage), - ticketer: Arc::clone(&self.ticketer), - cert_resolver: Arc::clone(&self.cert_resolver), - alpn_protocols: self.alpn_protocols.clone(), - versions: self.versions, - verifier: Arc::clone(&self.verifier), - key_log: Arc::clone(&self.key_log), - enable_secret_extraction: self.enable_secret_extraction, - max_early_data_size: self.max_early_data_size, - send_half_rtt_data: self.send_half_rtt_data, - send_tls13_tickets: self.send_tls13_tickets, - #[cfg(feature = "tls12")] - require_ems: self.require_ems, - time_provider: Arc::clone(&self.time_provider), - } - } -} - impl ServerConfig { /// Create a builder for a server configuration with /// [the process-default `CryptoProvider`][CryptoProvider#using-the-per-process-default-cryptoprovider] From 06c777bb3f76e1e68fd0abbd19f93330891ac5d4 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 16 May 2024 12:58:33 +0100 Subject: [PATCH 0969/1145] Hide internals from documentation This prevents cargo-semver-checks seeing this part of the API, which improves its accuracy. --- rustls/src/lib.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index ccc27ef627..9924d32de5 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -419,6 +419,7 @@ mod webpki; /// Internal classes that are used in integration tests. /// The contents of this section DO NOT form part of the stable interface. #[allow(missing_docs)] +#[doc(hidden)] pub mod internal { /// Low-level TLS message parsing and encoding functions. pub mod msgs { From 99abca5e4965340cf6d96eaefd64452281376063 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 23 May 2024 10:05:25 +0100 Subject: [PATCH 0970/1145] Prepare 0.23.8 --- Cargo.lock | 14 +++++++------- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 62325ddef9..051739e441 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2181,7 +2181,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.7" +version = "0.23.8" dependencies = [ "aws-lc-rs", "base64 0.22.1", @@ -2215,7 +2215,7 @@ dependencies = [ "fxhash", "itertools 0.13.0", "rayon", - "rustls 0.23.7", + "rustls 0.23.8", "rustls-pemfile 2.1.2", "rustls-pki-types", "tikv-jemallocator", @@ -2228,7 +2228,7 @@ dependencies = [ "hickory-resolver", "regex", "ring", - "rustls 0.23.7", + "rustls 0.23.8", ] [[package]] @@ -2241,7 +2241,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.7", + "rustls 0.23.8", "rustls-pemfile 2.1.2", "rustls-pki-types", "serde", @@ -2259,7 +2259,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.7", + "rustls 0.23.8", "rustls-pemfile 2.1.2", "rustls-pki-types", ] @@ -2295,7 +2295,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.7", + "rustls 0.23.8", "webpki-roots 0.26.1", ] @@ -2317,7 +2317,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.7", + "rustls 0.23.8", "rustls-pki-types", "rustls-webpki 0.102.4", "serde", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 563763cb87..18fe55099a 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -360,7 +360,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.7" +version = "0.23.8" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index a338ddb9d5..efdd19b66e 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.7" +version = "0.23.8" edition = "2021" rust-version = "1.63" license = "Apache-2.0 OR ISC OR MIT" From b00ae7e4cf65e85e0696e7e2d2c29a18832719cc Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 27 May 2024 13:30:36 -0400 Subject: [PATCH 0971/1145] ci: temp. pin nightly to 2024-05-22 There is an upstream issue (ref'd in a comment) that causes an ICE building Rustls tests with current nightly. --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 68f29796f1..e74ea6920d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -46,7 +46,8 @@ jobs: - name: Install ${{ matrix.rust }} toolchain uses: dtolnay/rust-toolchain@master with: - toolchain: ${{ matrix.rust }} + # TODO(XXX): Revert to "matrix.rust" after rust-lang/rust#125474 is fixed. + toolchain: ${{ matrix.rust == 'nightly' && 'nightly-2024-05-22' || matrix.rust }} - name: Install NASM for aws-lc-rs on Windows if: runner.os == 'Windows' From 34d00a32b5adfd6c863c7db9f7dff9f1055f97d6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 27 May 2024 15:52:27 -0400 Subject: [PATCH 0972/1145] deps: update semver compatible dependencies * Updating serde v1.0.202 -> v1.0.203 * Updating serde_derive v1.0.202 -> v1.0.203 * Updating aws-lc-rs v1.7.1 -> v1.7.2 * Updating zeroize v1.7.0 -> v1.8.1 --- Cargo.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 051739e441..4e358ee2b1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -341,9 +341,9 @@ dependencies = [ [[package]] name = "aws-lc-rs" -version = "1.7.1" +version = "1.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8487b59d62764df8231cb371c459314df895b41756df457a1fb1243d65c89195" +checksum = "474d7cec9d0a1126fad1b224b767fcbf351c23b0309bb21ec210bcfd379926a5" dependencies = [ "aws-lc-fips-sys", "aws-lc-sys", @@ -355,9 +355,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.16.0" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c15eb61145320320eb919d9bab524617a7aa4216c78d342fae3a758bc33073e4" +checksum = "7505fc3cb7acbf42699a43a79dd9caa4ed9e99861dfbb837c5c0fb5a0a8d2980" dependencies = [ "bindgen", "cc", @@ -2400,18 +2400,18 @@ checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" [[package]] name = "serde" -version = "1.0.202" +version = "1.0.203" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "226b61a0d411b2ba5ff6d7f73a476ac4f8bb900373459cd00fab8512828ba395" +checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.202" +version = "1.0.203" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6048858004bcff69094cd972ed40a32500f153bd3be9f716b2eed2e8217c4838" +checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" dependencies = [ "proc-macro2", "quote", @@ -3140,9 +3140,9 @@ dependencies = [ [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" dependencies = [ "zeroize_derive", ] From bf0c79b6746f5bac2153e1936796e96d7e625ddf Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 28 May 2024 10:18:54 -0400 Subject: [PATCH 0973/1145] cargo: fix bench profile LTO setting Per upstream docs[0] and a warning in my IDE, the `lto` setting's valid options are: false, true, "fat", "thin", or "off". This commit changes our "yes" value to true. --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 9fe4b16f89..c65c14b58f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,4 +25,4 @@ resolver = "2" [profile.bench] codegen-units = 1 -lto = "yes" +lto = true From 21b51fc2067a047981a71471f6687c2f6868c1f9 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 28 May 2024 10:20:04 -0400 Subject: [PATCH 0974/1145] msgs: fix clippy::use_self finding ``` warning: unnecessary structure name repetition --> rustls/src/msgs/handshake.rs:1385:52 | 1385 | pub(crate) fn new(cert: CertificateDer<'a>) -> CertificateEntry<'a> { | ^^^^^^^^^^^^^^^^^^^^ help: use the applicable keyword: `Self` | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#use_self note: the lint level is defined here --> rustls/src/lib.rs:310:5 | 310 | clippy::use_self, | ^^^^^^^^^^^^^^^^ ``` --- rustls/src/msgs/handshake.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 7b05059a7e..775bd6bab0 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1382,8 +1382,8 @@ impl<'a> Codec<'a> for CertificateEntry<'a> { } impl<'a> CertificateEntry<'a> { - pub(crate) fn new(cert: CertificateDer<'a>) -> CertificateEntry<'a> { - CertificateEntry { + pub(crate) fn new(cert: CertificateDer<'a>) -> Self { + Self { cert, exts: Vec::new(), } From 65d2e867f9cc0ce81dd193d9b7ab2d725591b0d0 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 28 May 2024 15:35:07 -0400 Subject: [PATCH 0975/1145] ci: update cargo-check-external-types toolchain The upstream project cut a 0.1.12 release that now pins Rust nightly-2024-05-01. This commit updates CI to match. --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e74ea6920d..f8c2c194d6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -436,7 +436,7 @@ jobs: - name: Install rust toolchain uses: dtolnay/rust-toolchain@master with: - toolchain: nightly-2024-02-07 + toolchain: nightly-2024-05-01 # ^ sync with https://github.com/awslabs/cargo-check-external-types/blob/main/rust-toolchain.toml - run: cargo install --locked cargo-check-external-types - name: run cargo-check-external-types for rustls/ From 29bdc8cf5258990d93abe97e5fc562467cf9872d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 30 May 2024 10:42:49 -0400 Subject: [PATCH 0976/1145] fix rustc-check-cfg Previously we updated `build.rs` to emit the `rustc-check-cfg` directive required to indicate `bench` and `read_buf` are expected cfg conditions. Unfortunately I only did that in one of the two `main` impls, meaning in some build configurations the clippy warnings persisted. This commit updates both `main`s to do the correct thing. --- rustls/build.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/rustls/build.rs b/rustls/build.rs index 2cf4812151..a22a4c8176 100644 --- a/rustls/build.rs +++ b/rustls/build.rs @@ -4,7 +4,10 @@ /// See the comment in lib.rs to understand why we need this. #[cfg_attr(feature = "read_buf", rustversion::not(nightly))] -fn main() {} +fn main() { + println!("cargo:rustc-check-cfg=cfg(bench)"); + println!("cargo:rustc-check-cfg=cfg(read_buf)"); +} #[cfg(feature = "read_buf")] #[rustversion::nightly] From 80a26feddc40065f07eec82f363e7efbe33b88bb Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 28 May 2024 11:36:06 +0100 Subject: [PATCH 0977/1145] msgs/enums.rs: drop autogenerated file comment --- rustls/src/msgs/enums.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 862023b25d..b2cdd217ed 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -1,6 +1,5 @@ #![allow(clippy::upper_case_acronyms)] #![allow(non_camel_case_types)] -/// This file is autogenerated. See https://github.com/ctz/tls-hacking/ use crate::crypto::KeyExchangeAlgorithm; use crate::msgs::codec::{Codec, Reader}; From cfc6347a8c523a165f41c8cefadc51f0a70cbe63 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 28 May 2024 15:02:54 +0100 Subject: [PATCH 0978/1145] Reuse `has_duplicates` for keyshare groups --- rustls/src/msgs/handshake.rs | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 775bd6bab0..db0a40e906 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -955,19 +955,15 @@ impl ClientHelloPayload { } pub(crate) fn has_keyshare_extension_with_duplicates(&self) -> bool { - if let Some(entries) = self.keyshare_extension() { - let mut seen = BTreeSet::new(); - - for kse in entries { - let grp = u16::from(kse.group); - - if !seen.insert(grp) { - return true; - } - } - } - - false + self.keyshare_extension() + .map(|entries| { + has_duplicates::<_, _, u16>( + entries + .iter() + .map(|kse| u16::from(kse.group)), + ) + }) + .unwrap_or_default() } pub(crate) fn psk(&self) -> Option<&PresharedKeyOffer> { From 849f6d5819d7eb7f5271d867d45dd8cda7bbf81f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 15 May 2024 05:12:36 +0100 Subject: [PATCH 0979/1145] Certificate compression standard encodings --- rustls/src/enums.rs | 20 +++++++++++- rustls/src/msgs/enums.rs | 1 + rustls/src/msgs/handshake.rs | 54 ++++++++++++++++++++++++++++++- rustls/src/msgs/handshake_test.rs | 34 +++++++++++++++---- 4 files changed, 100 insertions(+), 9 deletions(-) diff --git a/rustls/src/enums.rs b/rustls/src/enums.rs index 44057a6f07..f77728270d 100644 --- a/rustls/src/enums.rs +++ b/rustls/src/enums.rs @@ -69,6 +69,7 @@ enum_builder! { CertificateURL => 0x15, CertificateStatus => 0x16, KeyUpdate => 0x18, + CompressedCertificate => 0x19, MessageHash => 0xfe, } } @@ -568,10 +569,23 @@ enum_builder! { } } +enum_builder! { + /// The "TLS Certificate Compression Algorithm IDs" TLS protocol enum. + /// Values in this enum are taken from [RFC8879]. + /// + /// [RFC8879]: https://www.rfc-editor.org/rfc/rfc8879.html#section-7.3 + @U16 + pub enum CertificateCompressionAlgorithm { + Zlib => 1, + Brotli => 2, + Zstd => 3, + } +} + #[cfg(test)] mod tests { use super::*; - use crate::msgs::enums::tests::test_enum8; + use crate::msgs::enums::tests::{test_enum16, test_enum8}; #[test] fn test_enums() { @@ -582,5 +596,9 @@ mod tests { AlertDescription::CloseNotify, AlertDescription::NoApplicationProtocol, ); + test_enum16::( + CertificateCompressionAlgorithm::Zlib, + CertificateCompressionAlgorithm::Zstd, + ); } } diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index b2cdd217ed..010632587e 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -98,6 +98,7 @@ enum_builder! { SCT => 0x0012, Padding => 0x0015, ExtendedMasterSecret => 0x0017, + CompressCertificate => 0x001b, SessionTicket => 0x0023, PreSharedKey => 0x0029, EarlyData => 0x002a, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index db0a40e906..9653474933 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -13,7 +13,9 @@ use pki_types::{CertificateDer, DnsName}; #[cfg(feature = "tls12")] use crate::crypto::ActiveKeyExchange; use crate::crypto::SecureRandom; -use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; +use crate::enums::{ + CertificateCompressionAlgorithm, CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme, +}; use crate::error::InvalidMessage; #[cfg(feature = "tls12")] use crate::ffdhe_groups::FfdheGroup; @@ -535,6 +537,10 @@ impl TlsListElement for ProtocolVersion { const SIZE_LEN: ListLength = ListLength::U8; } +impl TlsListElement for CertificateCompressionAlgorithm { + const SIZE_LEN: ListLength = ListLength::U8; +} + #[derive(Clone, Debug)] pub enum ClientExtension { EcPointFormats(Vec), @@ -553,6 +559,7 @@ pub enum ClientExtension { TransportParameters(Vec), TransportParametersDraft(Vec), EarlyData, + CertificateCompressionAlgorithms(Vec), Unknown(UnknownExtension), } @@ -575,6 +582,7 @@ impl ClientExtension { Self::TransportParameters(_) => ExtensionType::TransportParameters, Self::TransportParametersDraft(_) => ExtensionType::TransportParametersDraft, Self::EarlyData => ExtensionType::EarlyData, + Self::CertificateCompressionAlgorithms(_) => ExtensionType::CompressCertificate, Self::Unknown(ref r) => r.typ, } } @@ -604,6 +612,7 @@ impl Codec<'_> for ClientExtension { Self::TransportParameters(ref r) | Self::TransportParametersDraft(ref r) => { nested.buf.extend_from_slice(r); } + Self::CertificateCompressionAlgorithms(ref r) => r.encode(nested.buf), Self::Unknown(ref r) => r.encode(nested.buf), } } @@ -644,6 +653,9 @@ impl Codec<'_> for ClientExtension { Self::TransportParametersDraft(sub.rest().to_vec()) } ExtensionType::EarlyData if !sub.any_left() => Self::EarlyData, + ExtensionType::CompressCertificate => { + Self::CertificateCompressionAlgorithms(Vec::read(&mut sub)?) + } _ => Self::Unknown(UnknownExtension::read(typ, &mut sub)), }; @@ -2270,6 +2282,40 @@ impl<'a> CertificateStatus<'a> { } } +// -- RFC8879 compressed certificates + +#[derive(Debug)] +pub struct CompressedCertificatePayload<'a> { + pub(crate) alg: CertificateCompressionAlgorithm, + pub(crate) uncompressed_len: u32, + pub(crate) compressed: PayloadU24<'a>, +} + +impl<'a> Codec<'a> for CompressedCertificatePayload<'a> { + fn encode(&self, bytes: &mut Vec) { + self.alg.encode(bytes); + codec::u24(self.uncompressed_len).encode(bytes); + self.compressed.encode(bytes); + } + + fn read(r: &mut Reader<'a>) -> Result { + Ok(Self { + alg: CertificateCompressionAlgorithm::read(r)?, + uncompressed_len: codec::u24::read(r)?.0, + compressed: PayloadU24::read(r)?, + }) + } +} + +impl CompressedCertificatePayload<'_> { + fn into_owned(self) -> CompressedCertificatePayload<'static> { + CompressedCertificatePayload { + compressed: self.compressed.into_owned(), + ..self + } + } +} + #[derive(Debug)] pub enum HandshakePayload<'a> { HelloRequest, @@ -2278,6 +2324,7 @@ pub enum HandshakePayload<'a> { HelloRetryRequest(HelloRetryRequest), Certificate(CertificateChain<'a>), CertificateTls13(CertificatePayloadTls13<'a>), + CompressedCertificate(CompressedCertificatePayload<'a>), ServerKeyExchange(ServerKeyExchangePayload), CertificateRequest(CertificateRequestPayload), CertificateRequestTls13(CertificateRequestPayloadTls13), @@ -2305,6 +2352,7 @@ impl HandshakePayload<'_> { HelloRetryRequest(ref x) => x.encode(bytes), Certificate(ref x) => x.encode(bytes), CertificateTls13(ref x) => x.encode(bytes), + CompressedCertificate(ref x) => x.encode(bytes), ServerKeyExchange(ref x) => x.encode(bytes), ClientKeyExchange(ref x) => x.encode(bytes), CertificateRequest(ref x) => x.encode(bytes), @@ -2331,6 +2379,7 @@ impl HandshakePayload<'_> { HelloRetryRequest(x) => HelloRetryRequest(x), Certificate(x) => Certificate(x.into_owned()), CertificateTls13(x) => CertificateTls13(x.into_owned()), + CompressedCertificate(x) => CompressedCertificate(x.into_owned()), ServerKeyExchange(x) => ServerKeyExchange(x), CertificateRequest(x) => CertificateRequest(x), CertificateRequestTls13(x) => CertificateRequestTls13(x), @@ -2430,6 +2479,9 @@ impl<'a> HandshakeMessagePayload<'a> { let p = CertificateRequestPayload::read(&mut sub)?; HandshakePayload::CertificateRequest(p) } + HandshakeType::CompressedCertificate => HandshakePayload::CompressedCertificate( + CompressedCertificatePayload::read(&mut sub)?, + ), HandshakeType::CertificateVerify => { HandshakePayload::CertificateVerify(DigitallySignedStruct::read(&mut sub)?) } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index b63b5234e6..ef5ac0a7ba 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -4,7 +4,9 @@ use std::{format, println, vec}; use pki_types::{CertificateDer, DnsName}; use super::handshake::{ServerDhParams, ServerKeyExchange, ServerKeyExchangeParams}; -use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; +use crate::enums::{ + CertificateCompressionAlgorithm, CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme, +}; use crate::msgs::base::{Payload, PayloadU16, PayloadU24, PayloadU8}; use crate::msgs::codec::{put_u16, Codec, Reader}; use crate::msgs::enums::{ @@ -15,12 +17,13 @@ use crate::msgs::handshake::{ CertReqExtension, CertificateChain, CertificateEntry, CertificateExtension, CertificatePayloadTls13, CertificateRequestPayload, CertificateRequestPayloadTls13, CertificateStatus, CertificateStatusRequest, ClientExtension, ClientHelloPayload, - ClientSessionTicket, ConvertProtocolNameList, ConvertServerNameList, DistinguishedName, - EcParameters, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, - HelloRetryExtension, HelloRetryRequest, KeyShareEntry, NewSessionTicketExtension, - NewSessionTicketPayload, NewSessionTicketPayloadTls13, PresharedKeyBinder, - PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, ServerEcdhParams, - ServerExtension, ServerHelloPayload, ServerKeyExchangePayload, SessionId, UnknownExtension, + ClientSessionTicket, CompressedCertificatePayload, ConvertProtocolNameList, + ConvertServerNameList, DistinguishedName, EcParameters, HandshakeMessagePayload, + HandshakePayload, HasServerExtensions, HelloRetryExtension, HelloRetryRequest, KeyShareEntry, + NewSessionTicketExtension, NewSessionTicketPayload, NewSessionTicketPayloadTls13, + PresharedKeyBinder, PresharedKeyIdentity, PresharedKeyOffer, ProtocolName, Random, + ServerEcdhParams, ServerExtension, ServerHelloPayload, ServerKeyExchangePayload, SessionId, + UnknownExtension, }; use crate::verify::DigitallySignedStruct; @@ -392,6 +395,11 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload { ClientExtension::ExtendedMasterSecretRequest, ClientExtension::CertificateStatusRequest(CertificateStatusRequest::build_ocsp()), ClientExtension::TransportParameters(vec![1, 2, 3]), + ClientExtension::EarlyData, + ClientExtension::CertificateCompressionAlgorithms(vec![ + CertificateCompressionAlgorithm::Brotli, + CertificateCompressionAlgorithm::Zlib, + ]), ClientExtension::Unknown(UnknownExtension { typ: ExtensionType::Unknown(12345), payload: Payload::Borrowed(&[1, 2, 3]), @@ -811,6 +819,14 @@ fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13<'static> { } } +fn get_sample_compressed_certificate() -> CompressedCertificatePayload<'static> { + CompressedCertificatePayload { + alg: CertificateCompressionAlgorithm::Brotli, + uncompressed_len: 123, + compressed: PayloadU24(Payload::new(vec![1, 2, 3])), + } +} + fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload { ServerKeyExchangePayload::Known(ServerKeyExchange { params: ServerKeyExchangeParams::Ecdh(ServerEcdhParams { @@ -1058,6 +1074,10 @@ fn get_all_tls13_handshake_payloads() -> Vec> { typ: HandshakeType::Certificate, payload: HandshakePayload::CertificateTls13(get_sample_certificatepayloadtls13()), }, + HandshakeMessagePayload { + typ: HandshakeType::CompressedCertificate, + payload: HandshakePayload::CompressedCertificate(get_sample_compressed_certificate()), + }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( From 7e07bcba8317d05d2665a5a346d3aaf99bc8da67 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 22 May 2024 14:22:40 +0100 Subject: [PATCH 0980/1145] Certificate compression foundations This introduces: - a trait to be implemented by compression algorithms - a trait to be implemented by decompression algorithms These are separate, so that (eg) a client that wants to decompress a certificate doesn't also link the corresponding compression code. --- rustls/src/compress.rs | 74 ++++++++++++++++++++++++++++++++++++++++++ rustls/src/lib.rs | 5 +-- 2 files changed, 77 insertions(+), 2 deletions(-) create mode 100644 rustls/src/compress.rs diff --git a/rustls/src/compress.rs b/rustls/src/compress.rs new file mode 100644 index 0000000000..a91ee2f7d8 --- /dev/null +++ b/rustls/src/compress.rs @@ -0,0 +1,74 @@ +//! Certificate compression and decompression support + +use alloc::vec::Vec; +use core::fmt::Debug; + +use crate::enums::CertificateCompressionAlgorithm; + +/// Returns the supported `CertDecompressor` implementations enabled +/// by crate features. +pub fn default_cert_decompressors() -> &'static [&'static dyn CertDecompressor] { + &[] +} + +/// An available certificate decompression algorithm. +pub trait CertDecompressor: Debug + Send + Sync { + /// Decompress `input`, writing the result to `output`. + /// + /// `output` is sized to match the declared length of the decompressed data. + /// + /// `Err(DecompressionFailed)` should be returned if decompression produces more, or fewer + /// bytes than fit in `output`, or if the `input` is in any way malformed. + fn decompress(&self, input: &[u8], output: &mut [u8]) -> Result<(), DecompressionFailed>; + + /// Which algorithm this decompressor handles. + fn algorithm(&self) -> CertificateCompressionAlgorithm; +} + +/// Returns the supported `CertCompressor` implementations enabled +/// by crate features. +pub fn default_cert_compressors() -> &'static [&'static dyn CertCompressor] { + &[] +} + +/// An available certificate compression algorithm. +pub trait CertCompressor: Debug + Send + Sync { + /// Compress `input`, returning the result. + /// + /// `input` is consumed by this function so (if the underlying implementation + /// supports it) the compression can be performed in-place. + /// + /// `level` is a hint as to how much effort to expend on the compression. + /// + /// `Err(CompressionFailed)` may be returned for any reason. + fn compress( + &self, + input: Vec, + level: CompressionLevel, + ) -> Result, CompressionFailed>; + + /// Which algorithm this compressor handles. + fn algorithm(&self) -> CertificateCompressionAlgorithm; +} + +/// A hint for how many resources to dedicate to a compression. +#[derive(Debug, Copy, Clone, Eq, PartialEq)] +pub enum CompressionLevel { + /// This compression is happening interactively during a handshake. + /// + /// Implementations may wish to choose a conservative compression level. + Interactive, + + /// The compression may be amortized over many connections. + /// + /// Implementations may wish to choose an aggressive compression level. + Amortized, +} + +/// A content-less error for when `CertDecompressor::decompress` fails. +#[derive(Debug)] +pub struct DecompressionFailed; + +/// A content-less error for when `CertCompressor::compress` fails. +#[derive(Debug)] +pub struct CompressionFailed; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 9924d32de5..67951e797a 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -384,6 +384,7 @@ mod test_macros; #[macro_use] mod msgs; mod common_state; +pub mod compress; mod conn; /// Crypto provider interface. pub mod crypto; @@ -505,8 +506,8 @@ pub use crate::common_state::{CommonState, HandshakeKind, IoState, Side}; pub use crate::conn::{Connection, Reader, Writer}; pub use crate::conn::{ConnectionCommon, SideData}; pub use crate::enums::{ - AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion, SignatureAlgorithm, - SignatureScheme, + AlertDescription, CertificateCompressionAlgorithm, CipherSuite, ContentType, HandshakeType, + ProtocolVersion, SignatureAlgorithm, SignatureScheme, }; pub use crate::error::{ CertRevocationListError, CertificateError, Error, InvalidMessage, OtherError, PeerIncompatible, From 224d835d549766ac118559e1e22715cb83ba10f0 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 15 May 2024 08:53:14 +0100 Subject: [PATCH 0981/1145] Support certificate compression using zlib-rs --- Cargo.lock | 7 ++++ rustls/Cargo.toml | 2 ++ rustls/src/compress.rs | 73 ++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 80 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4e358ee2b1..c128da88c9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2202,6 +2202,7 @@ dependencies = [ "time", "webpki-roots 0.26.1", "zeroize", + "zlib-rs", ] [[package]] @@ -3157,3 +3158,9 @@ dependencies = [ "quote", "syn 2.0.50", ] + +[[package]] +name = "zlib-rs" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c52105e2dc6760ec88755876659dc301b51f6728f3b7a1bbdeeb66c6af4d44a1" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index efdd19b66e..6067459fd6 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -26,6 +26,7 @@ subtle = { version = "2.5.0", default-features = false } webpki = { package = "rustls-webpki", version = "0.102.4", features = ["alloc"], default-features = false } pki-types = { package = "rustls-pki-types", version = "1.7", features = ["alloc"] } zeroize = "1.7" +zlib-rs = { version = "0.1", optional = true } [features] default = ["aws_lc_rs", "logging", "std", "tls12"] @@ -37,6 +38,7 @@ ring = ["dep:ring", "webpki/ring"] tls12 = [] read_buf = ["rustversion", "std"] fips = ["aws_lc_rs", "aws-lc-rs?/fips"] +zlib = ["dep:zlib-rs"] [dev-dependencies] base64 = "0.22" diff --git a/rustls/src/compress.rs b/rustls/src/compress.rs index a91ee2f7d8..caa9fb82d4 100644 --- a/rustls/src/compress.rs +++ b/rustls/src/compress.rs @@ -8,7 +8,10 @@ use crate::enums::CertificateCompressionAlgorithm; /// Returns the supported `CertDecompressor` implementations enabled /// by crate features. pub fn default_cert_decompressors() -> &'static [&'static dyn CertDecompressor] { - &[] + &[ + #[cfg(feature = "zlib")] + ZLIB_DECOMPRESSOR, + ] } /// An available certificate decompression algorithm. @@ -28,7 +31,10 @@ pub trait CertDecompressor: Debug + Send + Sync { /// Returns the supported `CertCompressor` implementations enabled /// by crate features. pub fn default_cert_compressors() -> &'static [&'static dyn CertCompressor] { - &[] + &[ + #[cfg(feature = "zlib")] + ZLIB_COMPRESSOR, + ] } /// An available certificate compression algorithm. @@ -72,3 +78,66 @@ pub struct DecompressionFailed; /// A content-less error for when `CertCompressor::compress` fails. #[derive(Debug)] pub struct CompressionFailed; + +#[cfg(feature = "zlib")] +mod feat_zlib_rs { + use zlib_rs::c_api::Z_BEST_COMPRESSION; + use zlib_rs::{deflate, inflate, ReturnCode}; + + use super::*; + + /// A certificate decompressor for the Zlib algorithm using the `zlib-rs` crate. + pub const ZLIB_DECOMPRESSOR: &dyn CertDecompressor = &ZlibRsDecompressor; + + #[derive(Debug)] + struct ZlibRsDecompressor; + + impl CertDecompressor for ZlibRsDecompressor { + fn decompress(&self, input: &[u8], output: &mut [u8]) -> Result<(), DecompressionFailed> { + let output_len = output.len(); + match inflate::uncompress_slice(output, input, inflate::InflateConfig::default()) { + (output_filled, ReturnCode::Ok) if output_filled.len() == output_len => Ok(()), + (_, _) => Err(DecompressionFailed), + } + } + + fn algorithm(&self) -> CertificateCompressionAlgorithm { + CertificateCompressionAlgorithm::Zlib + } + } + + /// A certificate compressor for the Zlib algorithm using the `zlib-rs` crate. + pub const ZLIB_COMPRESSOR: &dyn CertCompressor = &ZlibRsCompressor; + + #[derive(Debug)] + struct ZlibRsCompressor; + + impl CertCompressor for ZlibRsCompressor { + fn compress( + &self, + input: Vec, + level: CompressionLevel, + ) -> Result, CompressionFailed> { + let mut output = alloc::vec![0u8; deflate::compress_bound(input.len())]; + let config = match level { + CompressionLevel::Interactive => deflate::DeflateConfig::default(), + CompressionLevel::Amortized => deflate::DeflateConfig::new(Z_BEST_COMPRESSION), + }; + let (output_filled, rc) = deflate::compress_slice(&mut output, &input, config); + if rc != ReturnCode::Ok { + return Err(CompressionFailed); + } + + let used = output_filled.len(); + output.truncate(used); + Ok(output) + } + + fn algorithm(&self) -> CertificateCompressionAlgorithm { + CertificateCompressionAlgorithm::Zlib + } + } +} + +#[cfg(feature = "zlib")] +pub use feat_zlib_rs::{ZLIB_COMPRESSOR, ZLIB_DECOMPRESSOR}; From e14285289a776ded34d6280f0353fb0842a7b69e Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 23 May 2024 12:52:40 +0100 Subject: [PATCH 0982/1145] Support certificate compression using brotli We take a dependency on `brotli-decompressor` crate (even though we only use it through the `brotli` crate) to ensure its version includes a DOS fix. --- Cargo.lock | 38 +++++++++++++++++++ admin/coverage | 4 ++ rustls/Cargo.toml | 3 ++ rustls/src/compress.rs | 84 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 129 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index c128da88c9..5a241a45e3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -73,6 +73,21 @@ dependencies = [ "memchr", ] +[[package]] +name = "alloc-no-stdlib" +version = "2.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cc7bb162ec39d46ab1ca8c77bf72e890535becd1751bb45f64c597edb4c8c6b3" + +[[package]] +name = "alloc-stdlib" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94fb8275041c72129eb51b7d0322c29b8387a0386127718b096429201a5d6ece" +dependencies = [ + "alloc-no-stdlib", +] + [[package]] name = "anstream" version = "0.6.12" @@ -473,6 +488,27 @@ dependencies = [ "tracing", ] +[[package]] +name = "brotli" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74f7971dbd9326d58187408ab83117d8ac1bb9c17b085fdacd1cf2f598719b6b" +dependencies = [ + "alloc-no-stdlib", + "alloc-stdlib", + "brotli-decompressor", +] + +[[package]] +name = "brotli-decompressor" +version = "4.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a45bd2e4095a8b518033b128020dd4a55aab1c0a381ba4404a472630f4bc362" +dependencies = [ + "alloc-no-stdlib", + "alloc-stdlib", +] + [[package]] name = "bumpalo" version = "3.15.3" @@ -2186,6 +2222,8 @@ dependencies = [ "aws-lc-rs", "base64 0.22.1", "bencher", + "brotli", + "brotli-decompressor", "env_logger", "hashbrown", "log", diff --git a/admin/coverage b/admin/coverage index 42e7bad8f4..5b376826dd 100755 --- a/admin/coverage +++ b/admin/coverage @@ -10,6 +10,10 @@ cargo test --locked --all-features cargo test --locked --no-default-features --features tls12,logging,aws_lc_rs,fips,std cargo test --locked --no-default-features --features tls12,logging,ring,std +# ensure both zlib and brotli are tested, irrespective of their order +cargo test --locked $(admin/all-features-except zlib-rs rustls) +cargo test --locked $(admin/all-features-except brotli rustls) + ## bogo cargo test --locked --all-features run_bogo_tests_ring -- --ignored cargo test --locked --all-features run_bogo_tests_aws_lc_rs -- --ignored diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 6067459fd6..5b6a38b8ba 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -17,6 +17,8 @@ rustversion = { version = "1.0.6", optional = true } [dependencies] aws-lc-rs = { version = "1.6", optional = true, default-features = false, features = ["aws-lc-sys"] } +brotli = { version = "6", optional = true, default-features = false, features = ["std"] } +brotli-decompressor = { version = "4.0.1", optional = true } # 4.0.1 required for panic fix hashbrown = { version = "0.14", optional = true, default-features = false, features = ["ahash", "inline-more"] } log = { version = "0.4.4", optional = true } # remove once our MSRV is >= 1.70 @@ -34,6 +36,7 @@ std = ["webpki/std", "pki-types/std", "once_cell/std"] logging = ["log"] aws_lc_rs = ["dep:aws-lc-rs", "webpki/aws_lc_rs"] aws-lc-rs = ["aws_lc_rs"] # Alias because Cargo features commonly use `-` +brotli = ["dep:brotli", "dep:brotli-decompressor", "std"] ring = ["dep:ring", "webpki/ring"] tls12 = [] read_buf = ["rustversion", "std"] diff --git a/rustls/src/compress.rs b/rustls/src/compress.rs index caa9fb82d4..2a00cfb878 100644 --- a/rustls/src/compress.rs +++ b/rustls/src/compress.rs @@ -9,6 +9,8 @@ use crate::enums::CertificateCompressionAlgorithm; /// by crate features. pub fn default_cert_decompressors() -> &'static [&'static dyn CertDecompressor] { &[ + #[cfg(feature = "brotli")] + BROTLI_DECOMPRESSOR, #[cfg(feature = "zlib")] ZLIB_DECOMPRESSOR, ] @@ -32,6 +34,8 @@ pub trait CertDecompressor: Debug + Send + Sync { /// by crate features. pub fn default_cert_compressors() -> &'static [&'static dyn CertCompressor] { &[ + #[cfg(feature = "brotli")] + BROTLI_COMPRESSOR, #[cfg(feature = "zlib")] ZLIB_COMPRESSOR, ] @@ -141,3 +145,83 @@ mod feat_zlib_rs { #[cfg(feature = "zlib")] pub use feat_zlib_rs::{ZLIB_COMPRESSOR, ZLIB_DECOMPRESSOR}; + +#[cfg(feature = "brotli")] +mod feat_brotli { + use std::io::{Cursor, Write}; + + use super::*; + + /// A certificate decompressor for the brotli algorithm using the `brotli` crate. + pub const BROTLI_DECOMPRESSOR: &dyn CertDecompressor = &BrotliDecompressor; + + #[derive(Debug)] + struct BrotliDecompressor; + + impl CertDecompressor for BrotliDecompressor { + fn decompress(&self, input: &[u8], output: &mut [u8]) -> Result<(), DecompressionFailed> { + let mut in_cursor = Cursor::new(input); + let mut out_cursor = Cursor::new(output); + + brotli::BrotliDecompress(&mut in_cursor, &mut out_cursor) + .map_err(|_| DecompressionFailed)?; + + if out_cursor.position() as usize != out_cursor.into_inner().len() { + return Err(DecompressionFailed); + } + + Ok(()) + } + + fn algorithm(&self) -> CertificateCompressionAlgorithm { + CertificateCompressionAlgorithm::Brotli + } + } + + /// A certificate compressor for the brotli algorithm using the `brotli` crate. + pub const BROTLI_COMPRESSOR: &dyn CertCompressor = &BrotliCompressor; + + #[derive(Debug)] + struct BrotliCompressor; + + impl CertCompressor for BrotliCompressor { + fn compress( + &self, + input: Vec, + level: CompressionLevel, + ) -> Result, CompressionFailed> { + let quality = match level { + CompressionLevel::Interactive => QUALITY_FAST, + CompressionLevel::Amortized => QUALITY_SLOW, + }; + let output = Cursor::new(Vec::with_capacity(input.len() / 2)); + let mut compressor = brotli::CompressorWriter::new(output, BUFFER_SIZE, quality, LGWIN); + compressor + .write_all(&input) + .map_err(|_| CompressionFailed)?; + Ok(compressor.into_inner().into_inner()) + } + + fn algorithm(&self) -> CertificateCompressionAlgorithm { + CertificateCompressionAlgorithm::Brotli + } + } + + /// Brotli buffer size. + /// + /// Chosen based on brotli `examples/compress.rs`. + const BUFFER_SIZE: usize = 4096; + + /// This is the default lgwin parameter, see `BrotliEncoderInitParams()` + const LGWIN: u32 = 22; + + /// Compression quality we use for interactive compressions. + /// See for data. + const QUALITY_FAST: u32 = 4; + + /// Compression quality we use for offline compressions (the maximum). + const QUALITY_SLOW: u32 = 11; +} + +#[cfg(feature = "brotli")] +pub use feat_brotli::{BROTLI_COMPRESSOR, BROTLI_DECOMPRESSOR}; From 52e398c01ebdb8245d8a5cb44b5f26f572014828 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 23 May 2024 13:43:56 +0100 Subject: [PATCH 0983/1145] Basic testing of compression/decompression impls --- rustls/src/compress.rs | 82 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/rustls/src/compress.rs b/rustls/src/compress.rs index 2a00cfb878..780164cc29 100644 --- a/rustls/src/compress.rs +++ b/rustls/src/compress.rs @@ -225,3 +225,85 @@ mod feat_brotli { #[cfg(feature = "brotli")] pub use feat_brotli::{BROTLI_COMPRESSOR, BROTLI_DECOMPRESSOR}; + +#[cfg(all(test, any(feature = "brotli", feature = "zlib")))] +pub mod tests { + use std::{println, vec}; + + use super::*; + + #[test] + #[cfg(feature = "zlib")] + fn test_zlib() { + test_compressor(ZLIB_COMPRESSOR, ZLIB_DECOMPRESSOR); + } + + #[test] + #[cfg(feature = "brotli")] + fn test_brotli() { + test_compressor(BROTLI_COMPRESSOR, BROTLI_DECOMPRESSOR); + } + + fn test_compressor(comp: &dyn CertCompressor, decomp: &dyn CertDecompressor) { + assert_eq!(comp.algorithm(), decomp.algorithm()); + for sz in [16, 64, 512, 2048, 8192, 16384] { + test_trivial_pairwise(comp, decomp, sz); + } + test_decompress_wrong_len(comp, decomp); + test_decompress_garbage(decomp); + } + + fn test_trivial_pairwise( + comp: &dyn CertCompressor, + decomp: &dyn CertDecompressor, + plain_len: usize, + ) { + let original = vec![0u8; plain_len]; + + for level in [CompressionLevel::Interactive, CompressionLevel::Amortized] { + let compressed = comp + .compress(original.clone(), level) + .unwrap(); + println!( + "{:?} compressed trivial {} -> {} using {:?} level", + comp.algorithm(), + original.len(), + compressed.len(), + level + ); + let mut recovered = vec![0xffu8; plain_len]; + decomp + .decompress(&compressed, &mut recovered) + .unwrap(); + assert_eq!(original, recovered); + } + } + + fn test_decompress_wrong_len(comp: &dyn CertCompressor, decomp: &dyn CertDecompressor) { + let original = vec![0u8; 2048]; + let compressed = comp + .compress(original.clone(), CompressionLevel::Interactive) + .unwrap(); + println!("{compressed:?}"); + + // too big + let mut recovered = vec![0xffu8; original.len() + 1]; + decomp + .decompress(&compressed, &mut recovered) + .unwrap_err(); + + // too small + let mut recovered = vec![0xffu8; original.len() - 1]; + decomp + .decompress(&compressed, &mut recovered) + .unwrap_err(); + } + + fn test_decompress_garbage(decomp: &dyn CertDecompressor) { + let junk = [0u8; 1024]; + let mut recovered = vec![0u8; 512]; + decomp + .decompress(&junk, &mut recovered) + .unwrap_err(); + } +} From db0a1a29d5899404de3a0b5d2160dc3bb39d7dc7 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 20 May 2024 12:24:26 +0100 Subject: [PATCH 0984/1145] Specify and test later MSRV if zlib-rs is included --- .github/workflows/build.yml | 7 +++++++ README.md | 2 +- rustls/src/lib.rs | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f8c2c194d6..2c6662859c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -111,6 +111,13 @@ jobs: with: toolchain: "1.63" + # zlib-rs is optional and requires a later MSRV + - run: cargo check --locked --lib $(admin/all-features-except zlib rustls) -p rustls + + - uses: dtolnay/rust-toolchain@master + with: + toolchain: "1.75" + - run: cargo check --locked --lib --all-features -p rustls features: diff --git a/README.md b/README.md index 7f5d55b107..3adbaf3c52 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ to a wider set of architectures and environments, or compliance requirements. S Specifying `default-features = false` when depending on rustls will remove the dependency on aws-lc-rs. -Rustls requires Rust 1.63 or later. +Rustls requires Rust 1.63 or later. It has an optional dependency on zlib-rs which requires 1.75 or later. [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 [`crypto::CryptoProvider`]: https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 67951e797a..26878ef764 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -24,7 +24,7 @@ //! Specifying `default-features = false` when depending on rustls will remove the //! dependency on aws-lc-rs. //! -//! Rustls requires Rust 1.63 or later. +//! Rustls requires Rust 1.63 or later. It has an optional dependency on zlib-rs which requires 1.75 or later. //! //! [ring-target-platforms]: https://github.com/briansmith/ring/blob/2e8363b433fa3b3962c877d9ed2e9145612f3160/include/ring-core/target.h#L18-L64 //! [`crypto::CryptoProvider`]: crate::crypto::CryptoProvider From 2fbcb4a0c29173414a3e0351e3880d260c61c826 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 15 May 2024 07:45:04 +0100 Subject: [PATCH 0985/1145] Offer and support certificate decompression on client --- rustls/src/client/builder.rs | 3 +- rustls/src/client/client_conn.rs | 15 +- rustls/src/client/common.rs | 2 + rustls/src/client/hs.rs | 14 ++ rustls/src/client/tls13.rs | 311 ++++++++++++++++++++++++++++++- rustls/src/error.rs | 2 + 6 files changed, 337 insertions(+), 10 deletions(-) diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index eaa265b5d5..8deceae9b0 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -13,7 +13,7 @@ use crate::key_log::NoKeyLog; use crate::msgs::handshake::CertificateChain; use crate::time_provider::TimeProvider; use crate::webpki::{self, WebPkiServerVerifier}; -use crate::{verify, versions}; +use crate::{compress, verify, versions}; impl ConfigBuilder { /// Choose how to verify server certificates. @@ -164,6 +164,7 @@ impl ConfigBuilder { #[cfg(feature = "tls12")] require_ems: cfg!(feature = "fips"), time_provider: self.state.time_provider, + cert_decompressors: compress::default_cert_decompressors().to_vec(), } } } diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 4e4215be4f..28b926cf62 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -26,9 +26,9 @@ use crate::time_provider::TimeProvider; use crate::unbuffered::{EncryptError, TransmitTlsData}; #[cfg(feature = "std")] use crate::WantsVerifier; +use crate::{compress, sign, verify, versions, KeyLog, WantsVersions}; #[cfg(doc)] use crate::{crypto, DistinguishedName}; -use crate::{sign, verify, versions, KeyLog, WantsVersions}; /// A trait for the ability to store client session data, so that sessions /// can be resumed in future connections. @@ -141,6 +141,7 @@ pub trait ResolvesClientCert: fmt::Debug + Send + Sync { /// ids or tickets, with a max of eight tickets per server. /// * [`ClientConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. /// * [`ClientConfig::key_log`]: key material is not logged. +/// * [`ClientConfig::cert_decompressors`]: depends on the crate features, see [`compress::default_cert_decompressors()`]. /// /// [`RootCertStore`]: crate::RootCertStore #[derive(Clone, Debug)] @@ -215,6 +216,18 @@ pub struct ClientConfig { /// How to verify the server certificate chain. pub(super) verifier: Arc, + + /// How to decompress the server's certificate chain. + /// + /// If this is non-empty, the [RFC8779] certificate compression + /// extension is offered, and any compressed certificates are + /// transparently decompressed during the handshake. + /// + /// This only applies to TLS1.3 connections. It is ignored for + /// TLS1.2 connections. + /// + /// [RFC8779]: https://datatracker.ietf.org/doc/rfc8879/ + pub cert_decompressors: Vec<&'static dyn compress::CertDecompressor>, } impl ClientConfig { diff --git a/rustls/src/client/common.rs b/rustls/src/client/common.rs index 86a6ce5cd4..c381c039d6 100644 --- a/rustls/src/client/common.rs +++ b/rustls/src/client/common.rs @@ -38,6 +38,7 @@ impl<'a> ServerCertDetails<'a> { pub(super) struct ClientHelloDetails { pub(super) sent_extensions: Vec, pub(super) extension_order_seed: u16, + pub(super) offered_cert_compression: bool, } impl ClientHelloDetails { @@ -45,6 +46,7 @@ impl ClientHelloDetails { Self { sent_extensions: Vec::new(), extension_order_seed, + offered_cert_compression: false, } } diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index a71b05bf15..fe2697568f 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -279,6 +279,20 @@ fn emit_client_hello_for_retry( ))); } + input.hello.offered_cert_compression = if support_tls13 && !config.cert_decompressors.is_empty() + { + exts.push(ClientExtension::CertificateCompressionAlgorithms( + config + .cert_decompressors + .iter() + .map(|dec| dec.algorithm()) + .collect(), + )); + true + } else { + false + }; + // Extra extensions must be placed before the PSK extension exts.extend(extra_exts.iter().cloned()); diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 3dab4a05be..b880e904c8 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -23,11 +23,12 @@ use crate::hash_hs::{HandshakeHash, HandshakeHashBuffer}; use crate::log::{debug, trace, warn}; use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; +use crate::msgs::codec::{Codec, Reader}; use crate::msgs::enums::{ExtensionType, KeyUpdateRequest}; use crate::msgs::handshake::{ CertificatePayloadTls13, ClientExtension, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, NewSessionTicketPayloadTls13, PresharedKeyIdentity, PresharedKeyOffer, - ServerExtension, ServerHelloPayload, + ServerExtension, ServerHelloPayload, CERTIFICATE_MAX_SIZE_LIMIT, }; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; @@ -40,7 +41,7 @@ use crate::tls13::{ construct_client_verify_message, construct_server_verify_message, Tls13CipherSuite, }; use crate::verify::{self, DigitallySignedStruct}; -use crate::{crypto, KeyLog}; +use crate::{compress, crypto, KeyLog}; // Extensions we expect in plaintext in the ServerHello. static ALLOWED_PLAINTEXT_EXTS: &[ExtensionType] = &[ @@ -449,14 +450,185 @@ impl State for ExpectEncryptedExtensions { cx.common .handshake_kind .get_or_insert(HandshakeKind::Full); - Ok(Box::new(ExpectCertificateOrCertReq { + + Ok(if self.hello.offered_cert_compression { + Box::new(ExpectCertificateOrCompressedCertificateOrCertReq { + config: self.config, + server_name: self.server_name, + randoms: self.randoms, + suite: self.suite, + transcript: self.transcript, + key_schedule: self.key_schedule, + }) + } else { + Box::new(ExpectCertificateOrCertReq { + config: self.config, + server_name: self.server_name, + randoms: self.randoms, + suite: self.suite, + transcript: self.transcript, + key_schedule: self.key_schedule, + }) + }) + } + } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } +} + +struct ExpectCertificateOrCompressedCertificateOrCertReq { + config: Arc, + server_name: ServerName<'static>, + randoms: ConnectionRandoms, + suite: &'static Tls13CipherSuite, + transcript: HandshakeHash, + key_schedule: KeyScheduleHandshake, +} + +impl State for ExpectCertificateOrCompressedCertificateOrCertReq { + fn handle<'m>( + self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { + match m.payload { + MessagePayload::Handshake { + parsed: + HandshakeMessagePayload { + payload: HandshakePayload::CertificateTls13(..), + .. + }, + .. + } => Box::new(ExpectCertificate { config: self.config, server_name: self.server_name, randoms: self.randoms, suite: self.suite, transcript: self.transcript, key_schedule: self.key_schedule, - })) + client_auth: None, + message_already_in_transcript: false, + }) + .handle(cx, m), + MessagePayload::Handshake { + parsed: + HandshakeMessagePayload { + payload: HandshakePayload::CompressedCertificate(..), + .. + }, + .. + } => Box::new(ExpectCompressedCertificate { + config: self.config, + server_name: self.server_name, + randoms: self.randoms, + suite: self.suite, + transcript: self.transcript, + key_schedule: self.key_schedule, + client_auth: None, + }) + .handle(cx, m), + MessagePayload::Handshake { + parsed: + HandshakeMessagePayload { + payload: HandshakePayload::CertificateRequestTls13(..), + .. + }, + .. + } => Box::new(ExpectCertificateRequest { + config: self.config, + server_name: self.server_name, + randoms: self.randoms, + suite: self.suite, + transcript: self.transcript, + key_schedule: self.key_schedule, + offered_cert_compression: true, + }) + .handle(cx, m), + payload => Err(inappropriate_handshake_message( + &payload, + &[ContentType::Handshake], + &[ + HandshakeType::Certificate, + HandshakeType::CertificateRequest, + HandshakeType::CompressedCertificate, + ], + )), + } + } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } +} + +struct ExpectCertificateOrCompressedCertificate { + config: Arc, + server_name: ServerName<'static>, + randoms: ConnectionRandoms, + suite: &'static Tls13CipherSuite, + transcript: HandshakeHash, + key_schedule: KeyScheduleHandshake, + client_auth: Option, +} + +impl State for ExpectCertificateOrCompressedCertificate { + fn handle<'m>( + self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { + match m.payload { + MessagePayload::Handshake { + parsed: + HandshakeMessagePayload { + payload: HandshakePayload::CertificateTls13(..), + .. + }, + .. + } => Box::new(ExpectCertificate { + config: self.config, + server_name: self.server_name, + randoms: self.randoms, + suite: self.suite, + transcript: self.transcript, + key_schedule: self.key_schedule, + client_auth: self.client_auth, + message_already_in_transcript: false, + }) + .handle(cx, m), + MessagePayload::Handshake { + parsed: + HandshakeMessagePayload { + payload: HandshakePayload::CompressedCertificate(..), + .. + }, + .. + } => Box::new(ExpectCompressedCertificate { + config: self.config, + server_name: self.server_name, + randoms: self.randoms, + suite: self.suite, + transcript: self.transcript, + key_schedule: self.key_schedule, + client_auth: self.client_auth, + }) + .handle(cx, m), + payload => Err(inappropriate_handshake_message( + &payload, + &[ContentType::Handshake], + &[ + HandshakeType::Certificate, + HandshakeType::CompressedCertificate, + ], + )), } } @@ -499,6 +671,7 @@ impl State for ExpectCertificateOrCertReq { transcript: self.transcript, key_schedule: self.key_schedule, client_auth: None, + message_already_in_transcript: false, }) .handle(cx, m), MessagePayload::Handshake { @@ -515,6 +688,7 @@ impl State for ExpectCertificateOrCertReq { suite: self.suite, transcript: self.transcript, key_schedule: self.key_schedule, + offered_cert_compression: false, }) .handle(cx, m), payload => Err(inappropriate_handshake_message( @@ -543,6 +717,7 @@ struct ExpectCertificateRequest { suite: &'static Tls13CipherSuite, transcript: HandshakeHash, key_schedule: KeyScheduleHandshake, + offered_cert_compression: bool, } impl State for ExpectCertificateRequest { @@ -599,15 +774,132 @@ impl State for ExpectCertificateRequest { Some(certreq.context.0.clone()), ); - Ok(Box::new(ExpectCertificate { + Ok(if self.offered_cert_compression { + Box::new(ExpectCertificateOrCompressedCertificate { + config: self.config, + server_name: self.server_name, + randoms: self.randoms, + suite: self.suite, + transcript: self.transcript, + key_schedule: self.key_schedule, + client_auth: Some(client_auth), + }) + } else { + Box::new(ExpectCertificate { + config: self.config, + server_name: self.server_name, + randoms: self.randoms, + suite: self.suite, + transcript: self.transcript, + key_schedule: self.key_schedule, + client_auth: Some(client_auth), + message_already_in_transcript: false, + }) + }) + } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } +} + +struct ExpectCompressedCertificate { + config: Arc, + server_name: ServerName<'static>, + randoms: ConnectionRandoms, + suite: &'static Tls13CipherSuite, + transcript: HandshakeHash, + key_schedule: KeyScheduleHandshake, + client_auth: Option, +} + +impl State for ExpectCompressedCertificate { + fn handle<'m>( + mut self: Box, + cx: &mut ClientContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { + self.transcript.add_message(&m); + let compressed_cert = require_handshake_msg_move!( + m, + HandshakeType::CompressedCertificate, + HandshakePayload::CompressedCertificate + )?; + + let decompressor = match self + .config + .cert_decompressors + .iter() + .find(|item| item.algorithm() == compressed_cert.alg) + { + Some(dec) => dec, + None => { + return Err(cx.common.send_fatal_alert( + AlertDescription::BadCertificate, + PeerMisbehaved::SelectedUnofferedCertCompression, + )); + } + }; + + if compressed_cert.uncompressed_len as usize > CERTIFICATE_MAX_SIZE_LIMIT { + return Err(cx.common.send_fatal_alert( + AlertDescription::BadCertificate, + InvalidMessage::MessageTooLarge, + )); + } + + let mut decompress_buffer = vec![0u8; compressed_cert.uncompressed_len as usize]; + if let Err(compress::DecompressionFailed) = + decompressor.decompress(compressed_cert.compressed.0.bytes(), &mut decompress_buffer) + { + return Err(cx.common.send_fatal_alert( + AlertDescription::BadCertificate, + PeerMisbehaved::InvalidCertCompression, + )); + } + + let cert_payload = + match CertificatePayloadTls13::read(&mut Reader::init(&decompress_buffer)) { + Ok(cm) => cm, + Err(err) => { + return Err(cx + .common + .send_fatal_alert(AlertDescription::BadCertificate, err)); + } + }; + trace!( + "Server certificate decompressed using {:?} ({} bytes -> {})", + compressed_cert.alg, + compressed_cert + .compressed + .0 + .bytes() + .len(), + compressed_cert.uncompressed_len, + ); + + let m = Message { + version: ProtocolVersion::TLSv1_3, + payload: MessagePayload::handshake(HandshakeMessagePayload { + typ: HandshakeType::Certificate, + payload: HandshakePayload::CertificateTls13(cert_payload.into_owned()), + }), + }; + + Box::new(ExpectCertificate { config: self.config, server_name: self.server_name, randoms: self.randoms, suite: self.suite, transcript: self.transcript, key_schedule: self.key_schedule, - client_auth: Some(client_auth), - })) + client_auth: self.client_auth, + message_already_in_transcript: true, + }) + .handle(cx, m) } fn into_owned(self: Box) -> hs::NextState<'static> { @@ -623,6 +915,7 @@ struct ExpectCertificate { transcript: HandshakeHash, key_schedule: KeyScheduleHandshake, client_auth: Option, + message_already_in_transcript: bool, } impl State for ExpectCertificate { @@ -634,7 +927,9 @@ impl State for ExpectCertificate { where Self: 'm, { - self.transcript.add_message(&m); + if !self.message_already_in_transcript { + self.transcript.add_message(&m); + } let cert_chain = require_handshake_msg_move!( m, HandshakeType::Certificate, diff --git a/rustls/src/error.rs b/rustls/src/error.rs index d8665489cb..4a9ce85d19 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -195,6 +195,7 @@ pub enum PeerMisbehaved { IllegalMiddleboxChangeCipherSpec, IllegalTlsInnerPlaintext, IncorrectBinder, + InvalidCertCompression, InvalidMaxEarlyDataSize, InvalidKeyShare, KeyEpochWithPendingFragment, @@ -220,6 +221,7 @@ pub enum PeerMisbehaved { SelectedInvalidPsk, SelectedTls12UsingTls13VersionExtension, SelectedUnofferedApplicationProtocol, + SelectedUnofferedCertCompression, SelectedUnofferedCipherSuite, SelectedUnofferedCompression, SelectedUnofferedKxGroup, From c03556c7b194cf3d0d758bb9606fa48fc66faf6a Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 22 May 2024 10:53:29 +0100 Subject: [PATCH 0986/1145] Offer and support certificate compression on server --- rustls/src/error.rs | 1 + rustls/src/msgs/handshake.rs | 18 +++++++ rustls/src/server/builder.rs | 3 +- rustls/src/server/server_conn.rs | 15 +++++- rustls/src/server/tls13.rs | 83 ++++++++++++++++++++++++++++---- rustls/tests/api.rs | 4 +- 6 files changed, 111 insertions(+), 13 deletions(-) diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 4a9ce85d19..d334e1b33d 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -205,6 +205,7 @@ pub enum PeerMisbehaved { MissingKeyShare, MissingPskModesExtension, MissingQuicTransportParameters, + OfferedDuplicateCertificateCompressions, OfferedDuplicateKeyShares, OfferedEarlyDataWithOldProtocolVersion, OfferedEmptyApplicationProtocol, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 9653474933..d7be95780e 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1023,6 +1023,24 @@ impl ClientHelloPayload { self.find_extension(ExtensionType::EarlyData) .is_some() } + + pub(crate) fn certificate_compression_extension( + &self, + ) -> Option<&[CertificateCompressionAlgorithm]> { + let ext = self.find_extension(ExtensionType::CompressCertificate)?; + match *ext { + ClientExtension::CertificateCompressionAlgorithms(ref algs) => Some(algs), + _ => None, + } + } + + pub(crate) fn has_certificate_compression_extension_with_duplicates(&self) -> bool { + if let Some(algs) = self.certificate_compression_extension() { + has_duplicates::<_, _, u16>(algs.iter().cloned()) + } else { + false + } + } } #[derive(Clone, Debug)] diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index cd5bdb8762..b81cf15191 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -11,7 +11,7 @@ use crate::msgs::handshake::CertificateChain; use crate::server::{handy, ResolvesServerCert, ServerConfig}; use crate::time_provider::TimeProvider; use crate::verify::{ClientCertVerifier, NoClientAuth}; -use crate::{versions, NoKeyLog}; +use crate::{compress, versions, NoKeyLog}; impl ConfigBuilder { /// Choose how to verify client certificates. @@ -131,6 +131,7 @@ impl ConfigBuilder { #[cfg(feature = "tls12")] require_ems: cfg!(feature = "fips"), time_provider: self.state.time_provider, + cert_compressors: compress::default_cert_compressors().to_vec(), } } } diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 1f6228d4da..8ac74a9c04 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -32,7 +32,7 @@ use crate::time_provider::TimeProvider; use crate::vecbuf::ChunkVecBuffer; #[cfg(feature = "std")] use crate::WantsVerifier; -use crate::{sign, verify, versions, KeyLog, WantsVersions}; +use crate::{compress, sign, verify, versions, KeyLog, WantsVersions}; /// A trait for the ability to store server session data. /// @@ -218,6 +218,7 @@ impl<'a> ClientHello<'a> { /// * [`ServerConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. /// * [`ServerConfig::key_log`]: key material is not logged. /// * [`ServerConfig::send_tls13_tickets`]: 4 tickets are sent. +/// * [`ServerConfig::cert_compressors`]: depends on the crate features, see [`compress::default_cert_compressors()`]. /// /// [`RootCertStore`]: crate::RootCertStore /// [`ServerSessionMemoryCache`]: crate::server::handy::ServerSessionMemoryCache @@ -337,6 +338,18 @@ pub struct ServerConfig { /// Provides the current system time pub time_provider: Arc, + + /// How to compress the server's certificate chain. + /// + /// If a client supports this extension, and advertises support + /// for one of the compression algorithms included here, the + /// server certificate will be compressed according to [RFC8779]. + /// + /// This only applies to TLS1.3 connections. It is ignored for + /// TLS1.2 connections. + /// + /// [RFC8779]: https://datatracker.ietf.org/doc/rfc8879/ + pub cert_compressors: Vec<&'static dyn compress::CertCompressor>, } impl ServerConfig { diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 79456c6b25..44dc427acf 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -34,15 +34,16 @@ use crate::{rand, verify}; mod client_hello { use super::*; + use crate::compress::{CertCompressor, CompressionLevel}; use crate::crypto::SupportedKxGroup; use crate::enums::SignatureScheme; - use crate::msgs::base::{Payload, PayloadU8}; + use crate::msgs::base::{Payload, PayloadU24, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::enums::{Compression, NamedGroup, PSKKeyExchangeMode}; use crate::msgs::handshake::{ CertReqExtension, CertificatePayloadTls13, CertificateRequestPayloadTls13, - ClientHelloPayload, HelloRetryExtension, HelloRetryRequest, KeyShareEntry, Random, - ServerExtension, ServerHelloPayload, SessionId, + ClientHelloPayload, CompressedCertificatePayload, HelloRetryExtension, HelloRetryRequest, + KeyShareEntry, Random, ServerExtension, ServerHelloPayload, SessionId, }; use crate::server::common::ActiveCertifiedKey; use crate::sign; @@ -158,6 +159,24 @@ mod client_hello { )); } + if client_hello.has_certificate_compression_extension_with_duplicates() { + return Err(cx.common.send_fatal_alert( + AlertDescription::IllegalParameter, + PeerMisbehaved::OfferedDuplicateCertificateCompressions, + )); + } + + let cert_compressor = client_hello + .certificate_compression_extension() + .and_then(|offered| + // prefer server order when choosing a compression: the client's + // extension here does not denote any preference. + self.config + .cert_compressors + .iter() + .find(|compressor| offered.contains(&compressor.algorithm())) + .cloned()); + let early_data_requested = client_hello.early_data_extension_offered(); // EarlyData extension is illegal in second ClientHello @@ -350,12 +369,23 @@ mod client_hello { let doing_client_auth = if full_handshake { let client_auth = emit_certificate_req_tls13(&mut self.transcript, cx, &self.config)?; - emit_certificate_tls13( - &mut self.transcript, - cx.common, - server_key.get_cert(), - ocsp_response, - ); + + if let Some(compressor) = cert_compressor { + emit_compressed_certificate_tls13( + &mut self.transcript, + cx.common, + server_key.get_cert(), + ocsp_response, + compressor, + ); + } else { + emit_certificate_tls13( + &mut self.transcript, + cx.common, + server_key.get_cert(), + ocsp_response, + ); + } emit_certificate_verify_tls13( &mut self.transcript, cx.common, @@ -715,6 +745,41 @@ mod client_hello { common.send_msg(c, true); } + fn emit_compressed_certificate_tls13( + transcript: &mut HandshakeHash, + common: &mut CommonState, + cert_chain: &[CertificateDer<'static>], + ocsp_response: Option<&[u8]>, + cert_compressor: &'static dyn CertCompressor, + ) { + let encoding = + CertificatePayloadTls13::new(cert_chain.iter(), ocsp_response).get_encoding(); + let uncompressed_len = encoding.len() as u32; + + let compressed = match cert_compressor.compress(encoding, CompressionLevel::Interactive) { + Ok(compressed) => PayloadU24(Payload::new(compressed)), + Err(_) => { + return emit_certificate_tls13(transcript, common, cert_chain, ocsp_response); + } + }; + + let c = Message { + version: ProtocolVersion::TLSv1_3, + payload: MessagePayload::handshake(HandshakeMessagePayload { + typ: HandshakeType::CompressedCertificate, + payload: HandshakePayload::CompressedCertificate(CompressedCertificatePayload { + alg: cert_compressor.algorithm(), + uncompressed_len, + compressed, + }), + }), + }; + + trace!("sending compressed certificate {:?}", c); + transcript.add_message(&c); + common.send_msg(c, true); + } + fn emit_certificate_verify_tls13( transcript: &mut HandshakeHash, common: &mut CommonState, diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 663902f3d7..671b45aa92 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -3455,7 +3455,7 @@ fn vectored_write_for_server_handshake_with_half_rtt_data() { let mut pipe = OtherSession::new(&mut client); let wrlen = server.write_tls(&mut pipe).unwrap(); // don't assert exact sizes here, to avoid a brittle test - assert!(wrlen > 3000); // its pretty big (contains cert chain) + assert!(wrlen > 2500); // its pretty big (contains cert chain) assert_eq!(pipe.writevs.len(), 1); // only one writev assert_eq!(pipe.writevs[0].len(), 8); // at least a server hello/ccs/cert/serverkx/0.5rtt data } @@ -3497,7 +3497,7 @@ fn check_half_rtt_does_not_work(server_config: ServerConfig) { let mut pipe = OtherSession::new(&mut client); let wrlen = server.write_tls(&mut pipe).unwrap(); // don't assert exact sizes here, to avoid a brittle test - assert!(wrlen > 3000); // its pretty big (contains cert chain) + assert!(wrlen > 2500); // its pretty big (contains cert chain) assert_eq!(pipe.writevs.len(), 1); // only one writev assert!(pipe.writevs[0].len() >= 6); // at least a server hello/ccs/cert/serverkx data } From b43c7221cf0f85a49c9f788a59f23453d7b6fecc Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 15 May 2024 10:56:42 +0100 Subject: [PATCH 0987/1145] Support certificate compression for bogo tests --- bogo/config.json.in | 4 +- rustls/examples/internal/bogo_shim_impl.rs | 183 ++++++++++++++++++++- 2 files changed, 181 insertions(+), 6 deletions(-) diff --git a/bogo/config.json.in b/bogo/config.json.in index e8f22ba756..199e3606f4 100644 --- a/bogo/config.json.in +++ b/bogo/config.json.in @@ -29,8 +29,7 @@ "EchoTLS13CompatibilitySessionID": "", "ClientOCSPCallback*": "ocsp not supported yet", "ServerOCSPCallback*": "", - "CertCompression*": "not implemented", - "DuplicateCertCompressionExt*": "", + "DuplicateCertCompressionExt*-TLS12": "RFC8879: if TLS 1.2 or earlier is negotiated, the peers MUST ignore this extension", "TLS-ECH-*": "", "ALPS-*": "", "*Kyber*": "", @@ -373,6 +372,7 @@ "EarlyDataWithoutResume-Client-TLS13": ":PEER_MISBEHAVIOUR:", "EarlyDataVersionDowngrade-Client-TLS13": ":PEER_MISBEHAVIOUR:", "EarlyData-SkipEndOfEarlyData-TLS13": ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", + "CertCompressionTooLargeClient-TLS13": ":GARBAGE:", "SkipEarlyData-Interleaved-TLS13": ":PEER_MISBEHAVIOUR:", "SkipEarlyData-TooMuchData-TLS13": ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:", "SkipEarlyData-HRR-FatalAlert-TLS13": ":HANDSHAKE_FAILURE:", diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index c862531cbd..646f4c28dc 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -23,10 +23,10 @@ use rustls::internal::msgs::persist::ServerSessionValue; use rustls::server::danger::{ClientCertVerified, ClientCertVerifier}; use rustls::server::{ClientHello, ServerConfig, ServerConnection, WebPkiClientVerifier}; use rustls::{ - client, server, sign, version, AlertDescription, CertificateError, Connection, - DigitallySignedStruct, DistinguishedName, Error, HandshakeKind, InvalidMessage, NamedGroup, - PeerIncompatible, PeerMisbehaved, ProtocolVersion, RootCertStore, Side, SignatureAlgorithm, - SignatureScheme, SupportedProtocolVersion, + client, compress, server, sign, version, AlertDescription, CertificateCompressionAlgorithm, + CertificateError, Connection, DigitallySignedStruct, DistinguishedName, Error, HandshakeKind, + InvalidMessage, NamedGroup, PeerIncompatible, PeerMisbehaved, ProtocolVersion, RootCertStore, + Side, SignatureAlgorithm, SignatureScheme, SupportedProtocolVersion, }; static BOGO_NACK: i32 = 89; @@ -86,6 +86,7 @@ struct Options { require_ems: bool, expect_handshake_kind: Option>, expect_handshake_kind_resumed: Option>, + install_cert_compression_algs: CompressionAlgs, } impl Options { @@ -138,6 +139,7 @@ impl Options { require_ems: false, expect_handshake_kind: None, expect_handshake_kind_resumed: Some(vec![HandshakeKind::Resumed]), + install_cert_compression_algs: CompressionAlgs::None, } } @@ -573,6 +575,17 @@ fn make_server_cfg(opts: &Options) -> Arc { cfg.send_half_rtt_data = true; } + match opts.install_cert_compression_algs { + CompressionAlgs::All => { + cfg.cert_compressors = vec![&ExpandingAlgorithm, &ShrinkingAlgorithm, &RandomAlgorithm]; + } + CompressionAlgs::One(ShrinkingAlgorithm::ALGORITHM) => { + cfg.cert_compressors = vec![&ShrinkingAlgorithm]; + } + CompressionAlgs::None => {} + _ => unimplemented!(), + } + Arc::new(cfg) } @@ -702,6 +715,18 @@ fn make_client_cfg(opts: &Options) -> Arc { cfg.enable_early_data = true; } + match opts.install_cert_compression_algs { + CompressionAlgs::All => { + cfg.cert_decompressors = + vec![&ExpandingAlgorithm, &ShrinkingAlgorithm, &RandomAlgorithm]; + } + CompressionAlgs::One(ShrinkingAlgorithm::ALGORITHM) => { + cfg.cert_decompressors = vec![&ShrinkingAlgorithm]; + } + CompressionAlgs::None => {} + _ => unimplemented!(), + } + Arc::new(cfg) } @@ -770,6 +795,15 @@ fn handle_err(err: Error) -> ! { | Error::PeerMisbehaved(PeerMisbehaved::SignedKxWithWrongAlgorithm) => { quit(":WRONG_SIGNATURE_TYPE:") } + Error::PeerMisbehaved(PeerMisbehaved::SelectedUnofferedCertCompression) => { + quit(":UNKNOWN_CERT_COMPRESSION_ALG:") + } + Error::PeerMisbehaved(PeerMisbehaved::InvalidCertCompression) => { + quit(":CERT_DECOMPRESSION_FAILED:") + } + Error::PeerMisbehaved(PeerMisbehaved::OfferedDuplicateCertificateCompressions) => { + quit(":ERROR_PARSING_EXTENSION:") + } Error::PeerMisbehaved(_) => quit(":PEER_MISBEHAVIOUR:"), Error::NoCertificatesPresented => quit(":NO_CERTS:"), Error::AlertReceived(AlertDescription::UnexpectedMessage) => quit(":BAD_ALERT:"), @@ -1291,6 +1325,12 @@ pub fn main() { "-expect-extended-master-secret" => { opts.require_ems = true; } + "-install-cert-compression-algs" => { + opts.install_cert_compression_algs = CompressionAlgs::All; + } + "-install-one-cert-compression-alg" => { + opts.install_cert_compression_algs = CompressionAlgs::One(args.remove(0).parse::().unwrap()); + } // defaults: "-enable-all-curves" | @@ -1417,3 +1457,138 @@ pub fn main() { .clone_from(&opts.expect_handshake_kind_resumed); } } + +#[derive(Debug, PartialEq)] +enum CompressionAlgs { + None, + All, + One(u16), +} + +#[derive(Debug)] +struct ShrinkingAlgorithm; + +impl ShrinkingAlgorithm { + const ALGORITHM: u16 = 0xff01; +} + +impl compress::CertDecompressor for ShrinkingAlgorithm { + fn algorithm(&self) -> CertificateCompressionAlgorithm { + CertificateCompressionAlgorithm::Unknown(Self::ALGORITHM) + } + + fn decompress( + &self, + input: &[u8], + output: &mut [u8], + ) -> Result<(), compress::DecompressionFailed> { + if output.len() != input.len() + 2 { + return Err(compress::DecompressionFailed); + } + output[..2].copy_from_slice(&[0, 0]); + output[2..].copy_from_slice(input); + Ok(()) + } +} + +impl compress::CertCompressor for ShrinkingAlgorithm { + fn algorithm(&self) -> CertificateCompressionAlgorithm { + CertificateCompressionAlgorithm::Unknown(Self::ALGORITHM) + } + + fn compress( + &self, + mut input: Vec, + _: compress::CompressionLevel, + ) -> Result, compress::CompressionFailed> { + assert_eq!(input[..2], [0, 0]); + input.drain(0..2); + Ok(input) + } +} + +#[derive(Debug)] +struct ExpandingAlgorithm; + +impl compress::CertDecompressor for ExpandingAlgorithm { + fn algorithm(&self) -> CertificateCompressionAlgorithm { + CertificateCompressionAlgorithm::Unknown(0xff02) + } + + fn decompress( + &self, + input: &[u8], + output: &mut [u8], + ) -> Result<(), compress::DecompressionFailed> { + if output.len() + 4 != input.len() { + return Err(compress::DecompressionFailed); + } + if input[..4] != [1, 2, 3, 4] { + return Err(compress::DecompressionFailed); + } + output.copy_from_slice(&input[4..]); + Ok(()) + } +} + +impl compress::CertCompressor for ExpandingAlgorithm { + fn algorithm(&self) -> CertificateCompressionAlgorithm { + CertificateCompressionAlgorithm::Unknown(0xff02) + } + + fn compress( + &self, + mut input: Vec, + _: compress::CompressionLevel, + ) -> Result, compress::CompressionFailed> { + input.insert(0, 1); + input.insert(1, 2); + input.insert(2, 3); + input.insert(3, 4); + Ok(input) + } +} + +#[derive(Debug)] +struct RandomAlgorithm; + +impl compress::CertDecompressor for RandomAlgorithm { + fn algorithm(&self) -> CertificateCompressionAlgorithm { + CertificateCompressionAlgorithm::Unknown(0xff03) + } + + fn decompress( + &self, + input: &[u8], + output: &mut [u8], + ) -> Result<(), compress::DecompressionFailed> { + if output.len() + 1 != input.len() { + return Err(compress::DecompressionFailed); + } + output.copy_from_slice(&input[1..]); + Ok(()) + } +} + +impl compress::CertCompressor for RandomAlgorithm { + fn algorithm(&self) -> CertificateCompressionAlgorithm { + CertificateCompressionAlgorithm::Unknown(0xff03) + } + + fn compress( + &self, + mut input: Vec, + _: compress::CompressionLevel, + ) -> Result, compress::CompressionFailed> { + let random_byte = { + let mut bytes = [0]; + provider::default_provider() + .secure_random + .fill(&mut bytes) + .unwrap(); + bytes[0] + }; + input.insert(0, random_byte); + Ok(input) + } +} From 403dac5e7eead490340b2e26b51584c27a20fa9f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 21 May 2024 15:22:51 +0100 Subject: [PATCH 0988/1145] Cache certificate compressions Route all certificate compressions through this, as it can decide whether to spend extra time on compression. For no_std, we don't do any caching but just do Interactive-level compressions as usual. --- rustls/src/compress.rs | 336 +++++++++++++++++++++++++++++++ rustls/src/msgs/handshake.rs | 8 + rustls/src/server/builder.rs | 1 + rustls/src/server/server_conn.rs | 7 + rustls/src/server/tls13.rs | 33 ++- rustls/tests/api.rs | 130 ++++++++++++ 6 files changed, 497 insertions(+), 18 deletions(-) diff --git a/rustls/src/compress.rs b/rustls/src/compress.rs index 780164cc29..d962890a3a 100644 --- a/rustls/src/compress.rs +++ b/rustls/src/compress.rs @@ -1,9 +1,17 @@ //! Certificate compression and decompression support +#[cfg(feature = "std")] +use alloc::collections::VecDeque; +use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; +#[cfg(feature = "std")] +use std::sync::Mutex; use crate::enums::CertificateCompressionAlgorithm; +use crate::msgs::base::{Payload, PayloadU24}; +use crate::msgs::codec::Codec; +use crate::msgs::handshake::{CertificatePayloadTls13, CompressedCertificatePayload}; /// Returns the supported `CertDecompressor` implementations enabled /// by crate features. @@ -226,6 +234,184 @@ mod feat_brotli { #[cfg(feature = "brotli")] pub use feat_brotli::{BROTLI_COMPRESSOR, BROTLI_DECOMPRESSOR}; +/// An LRU cache for compressions. +/// +/// The prospect of being able to reuse a given compression for many connections +/// means we can afford to spend more time on that compression (by passing +/// `CompressionLevel::Amortized` to the compressor). +#[derive(Debug)] +pub enum CompressionCache { + /// No caching happens, and compression happens each time using + /// `CompressionLevel::Interactive`. + Disabled, + + /// Compressions are stored in an LRU cache. + #[cfg(feature = "std")] + Enabled(CompressionCacheInner), +} + +/// Innards of an enabled CompressionCache. +/// +/// You cannot make one of these directly. Use [`CompressionCache::new`]. +#[cfg(feature = "std")] +#[derive(Debug)] +pub struct CompressionCacheInner { + /// Maximum size of underlying storage. + size: usize, + + /// LRU-order entries. + /// + /// First is least-used, last is most-used. + entries: Mutex>>, +} + +impl CompressionCache { + /// Make a `CompressionCache` that stores up to `size` compressed + /// certificate messages. + #[cfg(feature = "std")] + pub fn new(size: usize) -> Self { + if size == 0 { + return Self::Disabled; + } + + Self::Enabled(CompressionCacheInner { + size, + entries: Mutex::new(VecDeque::with_capacity(size)), + }) + } + + /// Return a `CompressionCacheEntry`, which is an owning + /// wrapper for a `CompressedCertificatePayload`. + /// + /// `compressor` is the compression function we have negotiated. + /// `original` is the uncompressed certificate message. + pub(crate) fn compression_for( + &self, + compressor: &dyn CertCompressor, + original: &CertificatePayloadTls13, + ) -> Result, CompressionFailed> { + match self { + Self::Disabled => Self::uncached_compression(compressor, original), + + #[cfg(feature = "std")] + Self::Enabled(_) => self.compression_for_impl(compressor, original), + } + } + + #[cfg(feature = "std")] + fn compression_for_impl( + &self, + compressor: &dyn CertCompressor, + original: &CertificatePayloadTls13, + ) -> Result, CompressionFailed> { + let (max_size, entries) = match self { + Self::Enabled(CompressionCacheInner { size, entries }) => (*size, entries), + _ => unreachable!(), + }; + + // context is a per-connection quantity, and included in the compressed data. + // it is not suitable for inclusion in the cache. + if !original.context.0.is_empty() { + return Self::uncached_compression(compressor, original); + } + + // cache probe: + let encoding = original.get_encoding(); + let algorithm = compressor.algorithm(); + + let mut cache = entries + .lock() + .map_err(|_| CompressionFailed)?; + for (i, item) in cache.iter().enumerate() { + if item.algorithm == algorithm && item.original == encoding { + // this item is now MRU + let item = cache.remove(i).unwrap(); + cache.push_back(Arc::clone(&item)); + return Ok(item); + } + } + drop(cache); + + // do compression: + let uncompressed_len = encoding.len() as u32; + let compressed = compressor.compress(encoding.clone(), CompressionLevel::Amortized)?; + let new_entry = Arc::new(CompressionCacheEntry { + algorithm, + original: encoding, + compressed: CompressedCertificatePayload { + alg: algorithm, + uncompressed_len, + compressed: PayloadU24(Payload::new(compressed)), + }, + }); + + // insert into cache + let mut cache = entries + .lock() + .map_err(|_| CompressionFailed)?; + if cache.len() == max_size { + cache.pop_front(); + } + cache.push_back(Arc::clone(&new_entry)); + Ok(new_entry) + } + + /// Compress `original` using `compressor` at `Interactive` level. + fn uncached_compression( + compressor: &dyn CertCompressor, + original: &CertificatePayloadTls13, + ) -> Result, CompressionFailed> { + let algorithm = compressor.algorithm(); + let encoding = original.get_encoding(); + let uncompressed_len = encoding.len() as u32; + let compressed = compressor.compress(encoding, CompressionLevel::Interactive)?; + + // this `CompressionCacheEntry` in fact never makes it into the cache, so + // `original` is left empty + Ok(Arc::new(CompressionCacheEntry { + algorithm, + original: Vec::new(), + compressed: CompressedCertificatePayload { + alg: algorithm, + uncompressed_len, + compressed: PayloadU24(Payload::new(compressed)), + }, + })) + } +} + +impl Default for CompressionCache { + fn default() -> Self { + #[cfg(feature = "std")] + { + // 4 entries allows 2 certificate chains times 2 compression algorithms + Self::new(4) + } + + #[cfg(not(feature = "std"))] + { + Self::Disabled + } + } +} + +#[cfg_attr(not(feature = "std"), allow(dead_code))] +#[derive(Debug)] +pub(crate) struct CompressionCacheEntry { + // cache key is algorithm + original: + algorithm: CertificateCompressionAlgorithm, + original: Vec, + + // cache value is compression result: + compressed: CompressedCertificatePayload<'static>, +} + +impl CompressionCacheEntry { + pub(crate) fn compressed_cert_payload(&self) -> CompressedCertificatePayload { + self.compressed.as_borrowed() + } +} + #[cfg(all(test, any(feature = "brotli", feature = "zlib")))] pub mod tests { use std::{println, vec}; @@ -306,4 +492,154 @@ pub mod tests { .decompress(&junk, &mut recovered) .unwrap_err(); } + + #[test] + #[cfg(all(feature = "brotli", feature = "zlib"))] + fn test_cache_evicts_lru() { + use core::sync::atomic::{AtomicBool, Ordering}; + + use pki_types::CertificateDer; + + let cache = CompressionCache::default(); + + let cert = CertificateDer::from(vec![1]); + + let cert1 = CertificatePayloadTls13::new([&cert].into_iter(), Some(b"1")); + let cert2 = CertificatePayloadTls13::new([&cert].into_iter(), Some(b"2")); + let cert3 = CertificatePayloadTls13::new([&cert].into_iter(), Some(b"3")); + let cert4 = CertificatePayloadTls13::new([&cert].into_iter(), Some(b"4")); + + // insert zlib (1), (2), (3), (4) + + cache + .compression_for( + &RequireCompress(ZLIB_COMPRESSOR, AtomicBool::default(), true), + &cert1, + ) + .unwrap(); + cache + .compression_for( + &RequireCompress(ZLIB_COMPRESSOR, AtomicBool::default(), true), + &cert2, + ) + .unwrap(); + cache + .compression_for( + &RequireCompress(ZLIB_COMPRESSOR, AtomicBool::default(), true), + &cert3, + ) + .unwrap(); + cache + .compression_for( + &RequireCompress(ZLIB_COMPRESSOR, AtomicBool::default(), true), + &cert4, + ) + .unwrap(); + + // -- now full + + // insert brotli (1) evicts zlib (1) + cache + .compression_for( + &RequireCompress(BROTLI_COMPRESSOR, AtomicBool::default(), true), + &cert4, + ) + .unwrap(); + + // now zlib (2), (3), (4) and brotli (4) exist + cache + .compression_for( + &RequireCompress(ZLIB_COMPRESSOR, AtomicBool::default(), false), + &cert2, + ) + .unwrap(); + cache + .compression_for( + &RequireCompress(ZLIB_COMPRESSOR, AtomicBool::default(), false), + &cert3, + ) + .unwrap(); + cache + .compression_for( + &RequireCompress(ZLIB_COMPRESSOR, AtomicBool::default(), false), + &cert4, + ) + .unwrap(); + cache + .compression_for( + &RequireCompress(BROTLI_COMPRESSOR, AtomicBool::default(), false), + &cert4, + ) + .unwrap(); + + // insert zlib (1) requires re-compression & evicts zlib (2) + cache + .compression_for( + &RequireCompress(ZLIB_COMPRESSOR, AtomicBool::default(), true), + &cert1, + ) + .unwrap(); + + // now zlib (1), (3), (4) and brotli (4) exist + // query zlib (4), (3), (1) to demonstrate LRU tracks usage rather than insertion + cache + .compression_for( + &RequireCompress(ZLIB_COMPRESSOR, AtomicBool::default(), false), + &cert4, + ) + .unwrap(); + cache + .compression_for( + &RequireCompress(ZLIB_COMPRESSOR, AtomicBool::default(), false), + &cert3, + ) + .unwrap(); + cache + .compression_for( + &RequireCompress(ZLIB_COMPRESSOR, AtomicBool::default(), false), + &cert1, + ) + .unwrap(); + + // now brotli (4), zlib (4), (3), (1) + // insert brotli (1) evicting brotli (4) + cache + .compression_for( + &RequireCompress(BROTLI_COMPRESSOR, AtomicBool::default(), true), + &cert1, + ) + .unwrap(); + + // verify brotli (4) disappeared + cache + .compression_for( + &RequireCompress(BROTLI_COMPRESSOR, AtomicBool::default(), true), + &cert4, + ) + .unwrap(); + + #[derive(Debug)] + struct RequireCompress(&'static dyn CertCompressor, AtomicBool, bool); + + impl CertCompressor for RequireCompress { + fn compress( + &self, + input: Vec, + level: CompressionLevel, + ) -> Result, CompressionFailed> { + self.1.store(true, Ordering::SeqCst); + self.0.compress(input, level) + } + + fn algorithm(&self) -> CertificateCompressionAlgorithm { + self.0.algorithm() + } + } + + impl Drop for RequireCompress { + fn drop(&mut self) { + assert_eq!(self.1.load(Ordering::SeqCst), self.2); + } + } + } } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index d7be95780e..2102620f66 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2332,6 +2332,14 @@ impl CompressedCertificatePayload<'_> { ..self } } + + pub(crate) fn as_borrowed(&self) -> CompressedCertificatePayload { + CompressedCertificatePayload { + alg: self.alg, + uncompressed_len: self.uncompressed_len, + compressed: PayloadU24(Payload::Borrowed(self.compressed.0.bytes())), + } + } } #[derive(Debug)] diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index b81cf15191..360c4d2019 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -132,6 +132,7 @@ impl ConfigBuilder { require_ems: cfg!(feature = "fips"), time_provider: self.state.time_provider, cert_compressors: compress::default_cert_compressors().to_vec(), + cert_compression_cache: Arc::new(compress::CompressionCache::default()), } } } diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 8ac74a9c04..6a158b5f26 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -219,6 +219,7 @@ impl<'a> ClientHello<'a> { /// * [`ServerConfig::key_log`]: key material is not logged. /// * [`ServerConfig::send_tls13_tickets`]: 4 tickets are sent. /// * [`ServerConfig::cert_compressors`]: depends on the crate features, see [`compress::default_cert_compressors()`]. +/// * [`ServerConfig::cert_compression_cache`]: caches the most recently used 4 compressions /// /// [`RootCertStore`]: crate::RootCertStore /// [`ServerSessionMemoryCache`]: crate::server::handy::ServerSessionMemoryCache @@ -350,6 +351,12 @@ pub struct ServerConfig { /// /// [RFC8779]: https://datatracker.ietf.org/doc/rfc8879/ pub cert_compressors: Vec<&'static dyn compress::CertCompressor>, + + /// Caching for compressed certificates. + /// + /// This is optional: [`compress::CompressionCache::Disabled`] gives + /// a cache that does no caching. + pub cert_compression_cache: Arc, } impl ServerConfig { diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 44dc427acf..620afbbf13 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -34,16 +34,16 @@ use crate::{rand, verify}; mod client_hello { use super::*; - use crate::compress::{CertCompressor, CompressionLevel}; + use crate::compress::CertCompressor; use crate::crypto::SupportedKxGroup; use crate::enums::SignatureScheme; - use crate::msgs::base::{Payload, PayloadU24, PayloadU8}; + use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::enums::{Compression, NamedGroup, PSKKeyExchangeMode}; use crate::msgs::handshake::{ CertReqExtension, CertificatePayloadTls13, CertificateRequestPayloadTls13, - ClientHelloPayload, CompressedCertificatePayload, HelloRetryExtension, HelloRetryRequest, - KeyShareEntry, Random, ServerExtension, ServerHelloPayload, SessionId, + ClientHelloPayload, HelloRetryExtension, HelloRetryRequest, KeyShareEntry, Random, + ServerExtension, ServerHelloPayload, SessionId, }; use crate::server::common::ActiveCertifiedKey; use crate::sign; @@ -374,6 +374,7 @@ mod client_hello { emit_compressed_certificate_tls13( &mut self.transcript, cx.common, + &self.config, server_key.get_cert(), ocsp_response, compressor, @@ -748,30 +749,26 @@ mod client_hello { fn emit_compressed_certificate_tls13( transcript: &mut HandshakeHash, common: &mut CommonState, + config: &ServerConfig, cert_chain: &[CertificateDer<'static>], ocsp_response: Option<&[u8]>, cert_compressor: &'static dyn CertCompressor, ) { - let encoding = - CertificatePayloadTls13::new(cert_chain.iter(), ocsp_response).get_encoding(); - let uncompressed_len = encoding.len() as u32; - - let compressed = match cert_compressor.compress(encoding, CompressionLevel::Interactive) { - Ok(compressed) => PayloadU24(Payload::new(compressed)), - Err(_) => { - return emit_certificate_tls13(transcript, common, cert_chain, ocsp_response); - } + let payload = CertificatePayloadTls13::new(cert_chain.iter(), ocsp_response); + + let entry = match config + .cert_compression_cache + .compression_for(cert_compressor, &payload) + { + Ok(entry) => entry, + Err(_) => return emit_certificate_tls13(transcript, common, cert_chain, ocsp_response), }; let c = Message { version: ProtocolVersion::TLSv1_3, payload: MessagePayload::handshake(HandshakeMessagePayload { typ: HandshakeType::CompressedCertificate, - payload: HandshakePayload::CompressedCertificate(CompressedCertificatePayload { - alg: cert_compressor.algorithm(), - uncompressed_len, - compressed, - }), + payload: HandshakePayload::CompressedCertificate(entry.compressed_cert_payload()), }), }; diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 671b45aa92..a18927ec88 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -6559,6 +6559,136 @@ fn test_pinned_ocsp_response_given_to_custom_server_cert_verifier() { } } +#[cfg(feature = "zlib")] +#[test] +fn test_server_uses_cached_compressed_certificates() { + static COMPRESS_COUNT: AtomicUsize = AtomicUsize::new(0); + + let mut server_config = make_server_config(KeyType::Rsa2048); + server_config.cert_compressors = vec![&CountingCompressor]; + let mut client_config = make_client_config(KeyType::Rsa2048); + client_config.resumption = Resumption::disabled(); + + let server_config = Arc::new(server_config); + let client_config = Arc::new(client_config); + + for _i in 0..10 { + dbg!(_i); + let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); + do_handshake(&mut client, &mut server); + dbg!(client.handshake_kind()); + } + + assert_eq!(COMPRESS_COUNT.load(Ordering::SeqCst), 1); + + #[derive(Debug)] + struct CountingCompressor; + + impl rustls::compress::CertCompressor for CountingCompressor { + fn compress( + &self, + input: Vec, + level: rustls::compress::CompressionLevel, + ) -> Result, rustls::compress::CompressionFailed> { + dbg!(COMPRESS_COUNT.fetch_add(1, Ordering::SeqCst)); + rustls::compress::ZLIB_COMPRESSOR.compress(input, level) + } + + fn algorithm(&self) -> rustls::CertificateCompressionAlgorithm { + rustls::CertificateCompressionAlgorithm::Zlib + } + } +} + +#[test] +fn test_server_uses_uncompressed_certificate_if_compression_fails() { + let mut server_config = make_server_config(KeyType::Rsa2048); + server_config.cert_compressors = vec![&FailingCompressor]; + let mut client_config = make_client_config(KeyType::Rsa2048); + client_config.cert_decompressors = vec![&NeverDecompressor]; + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + do_handshake(&mut client, &mut server); + + #[derive(Debug)] + struct FailingCompressor; + + impl rustls::compress::CertCompressor for FailingCompressor { + fn compress( + &self, + _input: Vec, + _level: rustls::compress::CompressionLevel, + ) -> Result, rustls::compress::CompressionFailed> { + println!("compress called but doesn't work"); + Err(rustls::compress::CompressionFailed) + } + + fn algorithm(&self) -> rustls::CertificateCompressionAlgorithm { + rustls::CertificateCompressionAlgorithm::Zlib + } + } + + #[derive(Debug)] + struct NeverDecompressor; + + impl rustls::compress::CertDecompressor for NeverDecompressor { + fn decompress( + &self, + _input: &[u8], + _output: &mut [u8], + ) -> Result<(), rustls::compress::DecompressionFailed> { + panic!("NeverDecompressor::decompress should not be called"); + } + + fn algorithm(&self) -> rustls::CertificateCompressionAlgorithm { + rustls::CertificateCompressionAlgorithm::Zlib + } + } +} + +#[cfg(feature = "zlib")] +#[test] +fn test_server_can_opt_out_of_compression_cache() { + static COMPRESS_COUNT: AtomicUsize = AtomicUsize::new(0); + + let mut server_config = make_server_config(KeyType::Rsa2048); + server_config.cert_compressors = vec![&AlwaysInteractiveCompressor]; + server_config.cert_compression_cache = Arc::new(rustls::compress::CompressionCache::Disabled); + let mut client_config = make_client_config(KeyType::Rsa2048); + client_config.resumption = Resumption::disabled(); + + let server_config = Arc::new(server_config); + let client_config = Arc::new(client_config); + + for _i in 0..10 { + dbg!(_i); + let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); + do_handshake(&mut client, &mut server); + dbg!(client.handshake_kind()); + } + + assert_eq!(COMPRESS_COUNT.load(Ordering::SeqCst), 10); + + #[derive(Debug)] + struct AlwaysInteractiveCompressor; + + impl rustls::compress::CertCompressor for AlwaysInteractiveCompressor { + fn compress( + &self, + input: Vec, + level: rustls::compress::CompressionLevel, + ) -> Result, rustls::compress::CompressionFailed> { + dbg!(COMPRESS_COUNT.fetch_add(1, Ordering::SeqCst)); + assert_eq!(level, rustls::compress::CompressionLevel::Interactive); + rustls::compress::ZLIB_COMPRESSOR.compress(input, level) + } + + fn algorithm(&self) -> rustls::CertificateCompressionAlgorithm { + rustls::CertificateCompressionAlgorithm::Zlib + } + } +} + struct FakeStream<'a>(&'a [u8]); impl<'a> io::Read for FakeStream<'a> { From c679d02c13e99269db4f73c78e5b02076f8102d2 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 29 May 2024 11:52:30 +0100 Subject: [PATCH 0989/1145] Support client certificate decompression on server --- rustls/examples/internal/bogo_shim_impl.rs | 3 + rustls/src/msgs/handshake.rs | 6 + rustls/src/server/builder.rs | 1 + rustls/src/server/server_conn.rs | 14 ++ rustls/src/server/tls13.rs | 223 +++++++++++++++++++-- 5 files changed, 234 insertions(+), 13 deletions(-) diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 646f4c28dc..1e6895a548 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -578,9 +578,12 @@ fn make_server_cfg(opts: &Options) -> Arc { match opts.install_cert_compression_algs { CompressionAlgs::All => { cfg.cert_compressors = vec![&ExpandingAlgorithm, &ShrinkingAlgorithm, &RandomAlgorithm]; + cfg.cert_decompressors = + vec![&ExpandingAlgorithm, &ShrinkingAlgorithm, &RandomAlgorithm]; } CompressionAlgs::One(ShrinkingAlgorithm::ALGORITHM) => { cfg.cert_compressors = vec![&ShrinkingAlgorithm]; + cfg.cert_decompressors = vec![&ShrinkingAlgorithm]; } CompressionAlgs::None => {} _ => unimplemented!(), diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 2102620f66..47d9202643 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2005,6 +2005,7 @@ impl Codec<'_> for CertificateRequestPayload { pub(crate) enum CertReqExtension { SignatureAlgorithms(Vec), AuthorityNames(Vec), + CertificateCompressionAlgorithms(Vec), Unknown(UnknownExtension), } @@ -2013,6 +2014,7 @@ impl CertReqExtension { match *self { Self::SignatureAlgorithms(_) => ExtensionType::SignatureAlgorithms, Self::AuthorityNames(_) => ExtensionType::CertificateAuthorities, + Self::CertificateCompressionAlgorithms(_) => ExtensionType::CompressCertificate, Self::Unknown(ref r) => r.typ, } } @@ -2026,6 +2028,7 @@ impl Codec<'_> for CertReqExtension { match *self { Self::SignatureAlgorithms(ref r) => r.encode(nested.buf), Self::AuthorityNames(ref r) => r.encode(nested.buf), + Self::CertificateCompressionAlgorithms(ref r) => r.encode(nested.buf), Self::Unknown(ref r) => r.encode(nested.buf), } } @@ -2047,6 +2050,9 @@ impl Codec<'_> for CertReqExtension { let cas = Vec::read(&mut sub)?; Self::AuthorityNames(cas) } + ExtensionType::CompressCertificate => { + Self::CertificateCompressionAlgorithms(Vec::read(&mut sub)?) + } _ => Self::Unknown(UnknownExtension::read(typ, &mut sub)), }; diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 360c4d2019..432a6ea02f 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -133,6 +133,7 @@ impl ConfigBuilder { time_provider: self.state.time_provider, cert_compressors: compress::default_cert_compressors().to_vec(), cert_compression_cache: Arc::new(compress::CompressionCache::default()), + cert_decompressors: compress::default_cert_decompressors().to_vec(), } } } diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 6a158b5f26..49c22264bf 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -220,6 +220,7 @@ impl<'a> ClientHello<'a> { /// * [`ServerConfig::send_tls13_tickets`]: 4 tickets are sent. /// * [`ServerConfig::cert_compressors`]: depends on the crate features, see [`compress::default_cert_compressors()`]. /// * [`ServerConfig::cert_compression_cache`]: caches the most recently used 4 compressions +/// * [`ServerConfig::cert_decompressors`]: depends on the crate features, see [`compress::default_cert_decompressors()`]. /// /// [`RootCertStore`]: crate::RootCertStore /// [`ServerSessionMemoryCache`]: crate::server::handy::ServerSessionMemoryCache @@ -357,6 +358,19 @@ pub struct ServerConfig { /// This is optional: [`compress::CompressionCache::Disabled`] gives /// a cache that does no caching. pub cert_compression_cache: Arc, + + /// How to decompress the clients's certificate chain. + /// + /// If this is non-empty, the [RFC8779] certificate compression + /// extension is offered when requesting client authentication, + /// and any compressed certificates are transparently decompressed + /// during the handshake. + /// + /// This only applies to TLS1.3 connections. It is ignored for + /// TLS1.2 connections. + /// + /// [RFC8779]: https://datatracker.ietf.org/doc/rfc8879/ + pub cert_decompressors: Vec<&'static dyn compress::CertDecompressor>, } impl ServerConfig { diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 620afbbf13..3e80312451 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1,5 +1,6 @@ use alloc::boxed::Box; use alloc::sync::Arc; +use alloc::vec; use alloc::vec::Vec; pub(super) use client_hello::CompleteClientHelloHandling; @@ -12,15 +13,15 @@ use crate::check::{inappropriate_handshake_message, inappropriate_message}; use crate::common_state::{CommonState, HandshakeKind, Protocol, Side, State}; use crate::conn::ConnectionRandoms; use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; -use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; +use crate::error::{Error, InvalidMessage, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHash; #[cfg(feature = "logging")] use crate::log::{debug, trace, warn}; -use crate::msgs::codec::Codec; +use crate::msgs::codec::{Codec, Reader}; use crate::msgs::enums::KeyUpdateRequest; use crate::msgs::handshake::{ - CertificateChain, HandshakeMessagePayload, HandshakePayload, NewSessionTicketExtension, - NewSessionTicketPayloadTls13, + CertificateChain, CertificatePayloadTls13, HandshakeMessagePayload, HandshakePayload, + NewSessionTicketExtension, NewSessionTicketPayloadTls13, CERTIFICATE_MAX_SIZE_LIMIT, }; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; @@ -30,7 +31,7 @@ use crate::tls13::key_schedule::{KeyScheduleTraffic, KeyScheduleTrafficWithClien use crate::tls13::{ construct_client_verify_message, construct_server_verify_message, Tls13CipherSuite, }; -use crate::{rand, verify}; +use crate::{compress, rand, verify}; mod client_hello { use super::*; @@ -438,13 +439,28 @@ mod client_hello { } if doing_client_auth { - Ok(Box::new(ExpectCertificate { - config: self.config, - transcript: self.transcript, - suite: self.suite, - key_schedule: key_schedule_traffic, - send_tickets: self.send_tickets, - })) + if self + .config + .cert_decompressors + .is_empty() + { + Ok(Box::new(ExpectCertificate { + config: self.config, + transcript: self.transcript, + suite: self.suite, + key_schedule: key_schedule_traffic, + send_tickets: self.send_tickets, + message_already_in_transcript: false, + })) + } else { + Ok(Box::new(ExpectCertificateOrCompressedCertificate { + config: self.config, + transcript: self.transcript, + suite: self.suite, + key_schedule: key_schedule_traffic, + send_tickets: self.send_tickets, + })) + } } else if doing_early_data == EarlyDataDecision::Accepted && !cx.common.is_quic() { // Not used for QUIC: RFC 9001 §8.3: Clients MUST NOT send the EndOfEarlyData // message. A server MUST treat receipt of a CRYPTO frame in a 0-RTT packet as a @@ -706,6 +722,17 @@ mod client_hello { cr.extensions .push(CertReqExtension::SignatureAlgorithms(schemes.to_vec())); + if !config.cert_decompressors.is_empty() { + cr.extensions + .push(CertReqExtension::CertificateCompressionAlgorithms( + config + .cert_decompressors + .iter() + .map(|decomp| decomp.algorithm()) + .collect(), + )); + } + let authorities = config.verifier.root_hint_subjects(); if !authorities.is_empty() { cr.extensions @@ -881,12 +908,180 @@ impl State for ExpectAndSkipRejectedEarlyData { } } +struct ExpectCertificateOrCompressedCertificate { + config: Arc, + transcript: HandshakeHash, + suite: &'static Tls13CipherSuite, + key_schedule: KeyScheduleTrafficWithClientFinishedPending, + send_tickets: usize, +} + +impl State for ExpectCertificateOrCompressedCertificate { + fn handle<'m>( + self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { + match m.payload { + MessagePayload::Handshake { + parsed: + HandshakeMessagePayload { + payload: HandshakePayload::CertificateTls13(..), + .. + }, + .. + } => Box::new(ExpectCertificate { + config: self.config, + transcript: self.transcript, + suite: self.suite, + key_schedule: self.key_schedule, + send_tickets: self.send_tickets, + message_already_in_transcript: false, + }) + .handle(cx, m), + + MessagePayload::Handshake { + parsed: + HandshakeMessagePayload { + payload: HandshakePayload::CompressedCertificate(..), + .. + }, + .. + } => Box::new(ExpectCompressedCertificate { + config: self.config, + transcript: self.transcript, + suite: self.suite, + key_schedule: self.key_schedule, + send_tickets: self.send_tickets, + }) + .handle(cx, m), + + payload => Err(inappropriate_handshake_message( + &payload, + &[ContentType::Handshake], + &[ + HandshakeType::Certificate, + HandshakeType::CompressedCertificate, + ], + )), + } + } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } +} + +struct ExpectCompressedCertificate { + config: Arc, + transcript: HandshakeHash, + suite: &'static Tls13CipherSuite, + key_schedule: KeyScheduleTrafficWithClientFinishedPending, + send_tickets: usize, +} + +impl State for ExpectCompressedCertificate { + fn handle<'m>( + mut self: Box, + cx: &mut ServerContext<'_>, + m: Message<'m>, + ) -> hs::NextStateOrError<'m> + where + Self: 'm, + { + self.transcript.add_message(&m); + let compressed_cert = require_handshake_msg_move!( + m, + HandshakeType::CompressedCertificate, + HandshakePayload::CompressedCertificate + )?; + + let decompressor = match self + .config + .cert_decompressors + .iter() + .find(|item| item.algorithm() == compressed_cert.alg) + { + Some(dec) => dec, + None => { + return Err(cx.common.send_fatal_alert( + AlertDescription::BadCertificate, + PeerMisbehaved::SelectedUnofferedCertCompression, + )); + } + }; + + if compressed_cert.uncompressed_len as usize > CERTIFICATE_MAX_SIZE_LIMIT { + return Err(cx.common.send_fatal_alert( + AlertDescription::BadCertificate, + InvalidMessage::MessageTooLarge, + )); + } + + let mut decompress_buffer = vec![0u8; compressed_cert.uncompressed_len as usize]; + if let Err(compress::DecompressionFailed) = + decompressor.decompress(compressed_cert.compressed.0.bytes(), &mut decompress_buffer) + { + return Err(cx.common.send_fatal_alert( + AlertDescription::BadCertificate, + PeerMisbehaved::InvalidCertCompression, + )); + } + + let cert_payload = + match CertificatePayloadTls13::read(&mut Reader::init(&decompress_buffer)) { + Ok(cm) => cm, + Err(err) => { + return Err(cx + .common + .send_fatal_alert(AlertDescription::BadCertificate, err)); + } + }; + trace!( + "Client certificate decompressed using {:?} ({} bytes -> {})", + compressed_cert.alg, + compressed_cert + .compressed + .0 + .bytes() + .len(), + compressed_cert.uncompressed_len, + ); + + let m = Message { + version: ProtocolVersion::TLSv1_3, + payload: MessagePayload::handshake(HandshakeMessagePayload { + typ: HandshakeType::Certificate, + payload: HandshakePayload::CertificateTls13(cert_payload.into_owned()), + }), + }; + + Box::new(ExpectCertificate { + config: self.config, + transcript: self.transcript, + suite: self.suite, + key_schedule: self.key_schedule, + send_tickets: self.send_tickets, + message_already_in_transcript: true, + }) + .handle(cx, m) + } + + fn into_owned(self: Box) -> hs::NextState<'static> { + self + } +} + struct ExpectCertificate { config: Arc, transcript: HandshakeHash, suite: &'static Tls13CipherSuite, key_schedule: KeyScheduleTrafficWithClientFinishedPending, send_tickets: usize, + message_already_in_transcript: bool, } impl State for ExpectCertificate { @@ -898,7 +1093,9 @@ impl State for ExpectCertificate { where Self: 'm, { - self.transcript.add_message(&m); + if !self.message_already_in_transcript { + self.transcript.add_message(&m); + } let certp = require_handshake_msg_move!( m, HandshakeType::Certificate, From fe6297cd2a63b1655844fb573d890d1d0641a3f4 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 29 May 2024 12:21:59 +0100 Subject: [PATCH 0990/1145] Support client certificate compression on client --- rustls/examples/internal/bogo_shim_impl.rs | 2 + rustls/src/client/builder.rs | 2 + rustls/src/client/client_conn.rs | 20 +++++++ rustls/src/client/common.rs | 5 +- rustls/src/client/tls12.rs | 2 + rustls/src/client/tls13.rs | 65 ++++++++++++++++++++-- rustls/src/msgs/handshake.rs | 10 ++++ rustls/tests/api.rs | 65 +++++++++++++--------- 8 files changed, 137 insertions(+), 34 deletions(-) diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 1e6895a548..8958c97595 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -722,9 +722,11 @@ fn make_client_cfg(opts: &Options) -> Arc { CompressionAlgs::All => { cfg.cert_decompressors = vec![&ExpandingAlgorithm, &ShrinkingAlgorithm, &RandomAlgorithm]; + cfg.cert_compressors = vec![&ExpandingAlgorithm, &ShrinkingAlgorithm, &RandomAlgorithm]; } CompressionAlgs::One(ShrinkingAlgorithm::ALGORITHM) => { cfg.cert_decompressors = vec![&ShrinkingAlgorithm]; + cfg.cert_compressors = vec![&ShrinkingAlgorithm]; } CompressionAlgs::None => {} _ => unimplemented!(), diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 8deceae9b0..10d50ebb51 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -164,6 +164,8 @@ impl ConfigBuilder { #[cfg(feature = "tls12")] require_ems: cfg!(feature = "fips"), time_provider: self.state.time_provider, + cert_compressors: compress::default_cert_compressors().to_vec(), + cert_compression_cache: Arc::new(compress::CompressionCache::default()), cert_decompressors: compress::default_cert_decompressors().to_vec(), } } diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 28b926cf62..e23a344172 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -142,6 +142,8 @@ pub trait ResolvesClientCert: fmt::Debug + Send + Sync { /// * [`ClientConfig::alpn_protocols`]: the default is empty -- no ALPN protocol is negotiated. /// * [`ClientConfig::key_log`]: key material is not logged. /// * [`ClientConfig::cert_decompressors`]: depends on the crate features, see [`compress::default_cert_decompressors()`]. +/// * [`ClientConfig::cert_compressors`]: depends on the crate features, see [`compress::default_cert_compressors()`]. +/// * [`ClientConfig::cert_compression_cache`]: caches the most recently used 4 compressions /// /// [`RootCertStore`]: crate::RootCertStore #[derive(Clone, Debug)] @@ -228,6 +230,24 @@ pub struct ClientConfig { /// /// [RFC8779]: https://datatracker.ietf.org/doc/rfc8879/ pub cert_decompressors: Vec<&'static dyn compress::CertDecompressor>, + + /// How to compress the client's certificate chain. + /// + /// If a server supports this extension, and advertises support + /// for one of the compression algorithms included here, the + /// client certificate will be compressed according to [RFC8779]. + /// + /// This only applies to TLS1.3 connections. It is ignored for + /// TLS1.2 connections. + /// + /// [RFC8779]: https://datatracker.ietf.org/doc/rfc8879/ + pub cert_compressors: Vec<&'static dyn compress::CertCompressor>, + + /// Caching for compressed certificates. + /// + /// This is optional: [`compress::CompressionCache::Disabled`] gives + /// a cache that does no caching. + pub cert_compression_cache: Arc, } impl ClientConfig { diff --git a/rustls/src/client/common.rs b/rustls/src/client/common.rs index c381c039d6..6fc4456542 100644 --- a/rustls/src/client/common.rs +++ b/rustls/src/client/common.rs @@ -7,7 +7,7 @@ use super::ResolvesClientCert; use crate::log::{debug, trace}; use crate::msgs::enums::ExtensionType; use crate::msgs::handshake::{CertificateChain, DistinguishedName, ServerExtension}; -use crate::{sign, SignatureScheme}; +use crate::{compress, sign, SignatureScheme}; #[derive(Debug)] pub(super) struct ServerCertDetails<'a> { @@ -76,6 +76,7 @@ pub(super) enum ClientAuthDetails { certkey: Arc, signer: Box, auth_context_tls13: Option>, + compressor: Option<&'static dyn compress::CertCompressor>, }, } @@ -85,6 +86,7 @@ impl ClientAuthDetails { canames: Option<&[DistinguishedName]>, sigschemes: &[SignatureScheme], auth_context_tls13: Option>, + compressor: Option<&'static dyn compress::CertCompressor>, ) -> Self { let acceptable_issuers = canames .unwrap_or_default() @@ -99,6 +101,7 @@ impl ClientAuthDetails { certkey, signer, auth_context_tls13, + compressor, }; } } diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index d4f03b60c4..40324fcb06 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -741,6 +741,7 @@ impl State for ExpectCertificateRequest<'_> { // is entirely duplicated in certreq.sigschemes. const NO_CONTEXT: Option> = None; // TLS 1.2 doesn't use a context. + let no_compression = None; // or compression let client_auth = ClientAuthDetails::resolve( self.config .client_auth_cert_resolver @@ -748,6 +749,7 @@ impl State for ExpectCertificateRequest<'_> { Some(&certreq.canames), &certreq.sigschemes, NO_CONTEXT, + no_compression, ); Ok(Box::new(ExpectServerDone { diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index b880e904c8..abe67fe5e1 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -765,6 +765,16 @@ impl State for ExpectCertificateRequest { )); } + let compat_compressor = certreq + .certificate_compression_extension() + .and_then(|offered| { + self.config + .cert_compressors + .iter() + .find(|compressor| offered.contains(&compressor.algorithm())) + }) + .cloned(); + let client_auth = ClientAuthDetails::resolve( self.config .client_auth_cert_resolver @@ -772,6 +782,7 @@ impl State for ExpectCertificateRequest { certreq.authorities_extension(), &compat_sigschemes, Some(certreq.context.0.clone()), + compat_compressor, ); Ok(if self.offered_cert_compression { @@ -1075,6 +1086,36 @@ impl State for ExpectCertificateVerify<'_> { } } +fn emit_compressed_certificate_tls13( + transcript: &mut HandshakeHash, + certkey: &CertifiedKey, + auth_context: Option>, + compressor: &dyn compress::CertCompressor, + config: &ClientConfig, + common: &mut CommonState, +) { + let mut cert_payload = CertificatePayloadTls13::new(certkey.cert.iter(), None); + cert_payload.context = PayloadU8::new(auth_context.clone().unwrap_or_default()); + + let compressed = match config + .cert_compression_cache + .compression_for(compressor, &cert_payload) + { + Ok(compressed) => compressed, + Err(_) => return emit_certificate_tls13(transcript, Some(certkey), auth_context, common), + }; + + let m = Message { + version: ProtocolVersion::TLSv1_3, + payload: MessagePayload::handshake(HandshakeMessagePayload { + typ: HandshakeType::CompressedCertificate, + payload: HandshakePayload::CompressedCertificate(compressed.compressed_cert_payload()), + }), + }; + transcript.add_message(&m); + common.send_msg(m, true); +} + fn emit_certificate_tls13( transcript: &mut HandshakeHash, certkey: Option<&CertifiedKey>, @@ -1224,13 +1265,25 @@ impl State for ExpectFinished { certkey, signer, auth_context_tls13: auth_context, + compressor, } => { - emit_certificate_tls13( - &mut st.transcript, - Some(&certkey), - auth_context, - cx.common, - ); + if let Some(compressor) = compressor { + emit_compressed_certificate_tls13( + &mut st.transcript, + &certkey, + auth_context, + compressor, + &st.config, + cx.common, + ); + } else { + emit_certificate_tls13( + &mut st.transcript, + Some(&certkey), + auth_context, + cx.common, + ); + } emit_certverify_tls13(&mut st.transcript, signer.as_ref(), cx.common)?; } } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 47d9202643..b0d88d3214 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2110,6 +2110,16 @@ impl CertificateRequestPayloadTls13 { _ => None, } } + + pub(crate) fn certificate_compression_extension( + &self, + ) -> Option<&[CertificateCompressionAlgorithm]> { + let ext = self.find_extension(ExtensionType::CompressCertificate)?; + match *ext { + CertReqExtension::CertificateCompressionAlgorithms(ref comps) => Some(comps), + _ => None, + } + } } // -- NewSessionTicket -- diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index a18927ec88..b2d2b69836 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -6609,40 +6609,51 @@ fn test_server_uses_uncompressed_certificate_if_compression_fails() { let (mut client, mut server) = make_pair_for_configs(client_config, server_config); do_handshake(&mut client, &mut server); +} - #[derive(Debug)] - struct FailingCompressor; +#[test] +fn test_client_uses_uncompressed_certificate_if_compression_fails() { + let mut server_config = make_server_config_with_mandatory_client_auth(KeyType::Rsa2048); + server_config.cert_decompressors = vec![&NeverDecompressor]; + let mut client_config = make_client_config_with_auth(KeyType::Rsa2048); + client_config.cert_compressors = vec![&FailingCompressor]; - impl rustls::compress::CertCompressor for FailingCompressor { - fn compress( - &self, - _input: Vec, - _level: rustls::compress::CompressionLevel, - ) -> Result, rustls::compress::CompressionFailed> { - println!("compress called but doesn't work"); - Err(rustls::compress::CompressionFailed) - } + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + do_handshake(&mut client, &mut server); +} - fn algorithm(&self) -> rustls::CertificateCompressionAlgorithm { - rustls::CertificateCompressionAlgorithm::Zlib - } +#[derive(Debug)] +struct FailingCompressor; + +impl rustls::compress::CertCompressor for FailingCompressor { + fn compress( + &self, + _input: Vec, + _level: rustls::compress::CompressionLevel, + ) -> Result, rustls::compress::CompressionFailed> { + println!("compress called but doesn't work"); + Err(rustls::compress::CompressionFailed) } - #[derive(Debug)] - struct NeverDecompressor; + fn algorithm(&self) -> rustls::CertificateCompressionAlgorithm { + rustls::CertificateCompressionAlgorithm::Zlib + } +} - impl rustls::compress::CertDecompressor for NeverDecompressor { - fn decompress( - &self, - _input: &[u8], - _output: &mut [u8], - ) -> Result<(), rustls::compress::DecompressionFailed> { - panic!("NeverDecompressor::decompress should not be called"); - } +#[derive(Debug)] +struct NeverDecompressor; - fn algorithm(&self) -> rustls::CertificateCompressionAlgorithm { - rustls::CertificateCompressionAlgorithm::Zlib - } +impl rustls::compress::CertDecompressor for NeverDecompressor { + fn decompress( + &self, + _input: &[u8], + _output: &mut [u8], + ) -> Result<(), rustls::compress::DecompressionFailed> { + panic!("NeverDecompressor::decompress should not be called"); + } + + fn algorithm(&self) -> rustls::CertificateCompressionAlgorithm { + rustls::CertificateCompressionAlgorithm::Zlib } } From ef5da46449573f0ca9a2f73dcc9e86a61b30fb51 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 29 May 2024 17:11:31 +0100 Subject: [PATCH 0991/1145] Improve testing of certificate compression errors --- rustls/tests/api.rs | 160 +++++++++++++++++++++++++++++++++++++ rustls/tests/common/mod.rs | 2 +- 2 files changed, 161 insertions(+), 1 deletion(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index b2d2b69836..2bc8dff1b0 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -6700,6 +6700,166 @@ fn test_server_can_opt_out_of_compression_cache() { } } +#[test] +fn test_cert_decompression_by_client_produces_invalid_cert_payload() { + let mut server_config = make_server_config(KeyType::Rsa2048); + server_config.cert_compressors = vec![&IdentityCompressor]; + let mut client_config = make_client_config(KeyType::Rsa2048); + client_config.cert_decompressors = vec![&GarbageDecompressor]; + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + assert_eq!( + do_handshake_until_error(&mut client, &mut server), + Err(ErrorFromPeer::Client(Error::InvalidMessage( + InvalidMessage::MessageTooShort + ))) + ); + transfer(&mut client, &mut server); + assert_eq!( + server.process_new_packets(), + Err(Error::AlertReceived(AlertDescription::BadCertificate)) + ); +} + +#[test] +fn test_cert_decompression_by_server_produces_invalid_cert_payload() { + let mut server_config = make_server_config_with_mandatory_client_auth(KeyType::Rsa2048); + server_config.cert_decompressors = vec![&GarbageDecompressor]; + let mut client_config = make_client_config_with_auth(KeyType::Rsa2048); + client_config.cert_compressors = vec![&IdentityCompressor]; + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + assert_eq!( + do_handshake_until_error(&mut client, &mut server), + Err(ErrorFromPeer::Server(Error::InvalidMessage( + InvalidMessage::MessageTooShort + ))) + ); + transfer(&mut server, &mut client); + assert_eq!( + client.process_new_packets(), + Err(Error::AlertReceived(AlertDescription::BadCertificate)) + ); +} + +#[test] +fn test_cert_decompression_by_server_fails() { + let mut server_config = make_server_config_with_mandatory_client_auth(KeyType::Rsa2048); + server_config.cert_decompressors = vec![&FailingDecompressor]; + let mut client_config = make_client_config_with_auth(KeyType::Rsa2048); + client_config.cert_compressors = vec![&IdentityCompressor]; + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + assert_eq!( + do_handshake_until_error(&mut client, &mut server), + Err(ErrorFromPeer::Server(Error::PeerMisbehaved( + PeerMisbehaved::InvalidCertCompression + ))) + ); + transfer(&mut server, &mut client); + assert_eq!( + client.process_new_packets(), + Err(Error::AlertReceived(AlertDescription::BadCertificate)) + ); +} + +#[cfg(feature = "zlib")] +#[test] +fn test_cert_decompression_by_server_would_result_in_excessively_large_cert() { + let server_config = make_server_config_with_mandatory_client_auth(KeyType::Rsa2048); + let mut client_config = make_client_config_with_auth(KeyType::Rsa2048); + + let big_cert = CertificateDer::from(vec![0u8; 0xffff]); + let key = provider::default_provider() + .key_provider + .load_private_key(KeyType::Rsa2048.get_client_key()) + .unwrap(); + let big_cert_and_key = sign::CertifiedKey::new(vec![big_cert], key); + client_config.client_auth_cert_resolver = Arc::new(AlwaysResolves(big_cert_and_key.into())); + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + assert_eq!( + do_handshake_until_error(&mut client, &mut server), + Err(ErrorFromPeer::Server(Error::InvalidMessage( + InvalidMessage::MessageTooLarge + ))) + ); + transfer(&mut server, &mut client); + assert_eq!( + client.process_new_packets(), + Err(Error::AlertReceived(AlertDescription::BadCertificate)) + ); + + #[derive(Debug)] + struct AlwaysResolves(Arc); + + impl ResolvesClientCert for AlwaysResolves { + fn resolve( + &self, + _root_hint_subjects: &[&[u8]], + _sigschemes: &[SignatureScheme], + ) -> Option> { + Some(self.0.clone()) + } + + fn has_certs(&self) -> bool { + true + } + } +} + +#[derive(Debug)] +struct GarbageDecompressor; + +impl rustls::compress::CertDecompressor for GarbageDecompressor { + fn decompress( + &self, + _input: &[u8], + output: &mut [u8], + ) -> Result<(), rustls::compress::DecompressionFailed> { + output.fill(0xff); + Ok(()) + } + + fn algorithm(&self) -> rustls::CertificateCompressionAlgorithm { + rustls::CertificateCompressionAlgorithm::Zlib + } +} + +#[derive(Debug)] +struct FailingDecompressor; + +impl rustls::compress::CertDecompressor for FailingDecompressor { + fn decompress( + &self, + _input: &[u8], + _output: &mut [u8], + ) -> Result<(), rustls::compress::DecompressionFailed> { + Err(rustls::compress::DecompressionFailed) + } + + fn algorithm(&self) -> rustls::CertificateCompressionAlgorithm { + rustls::CertificateCompressionAlgorithm::Zlib + } +} + +#[derive(Debug)] +struct IdentityCompressor; + +impl rustls::compress::CertCompressor for IdentityCompressor { + fn compress( + &self, + input: Vec, + _level: rustls::compress::CompressionLevel, + ) -> Result, rustls::compress::CompressionFailed> { + Ok(input.to_vec()) + } + + fn algorithm(&self) -> rustls::CertificateCompressionAlgorithm { + rustls::CertificateCompressionAlgorithm::Zlib + } +} + struct FakeStream<'a>(&'a [u8]); impl<'a> io::Read for FakeStream<'a> { diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 2db3e89590..d39a2c48cf 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -337,7 +337,7 @@ impl KeyType { self.get_crl("end", "expired") } - fn get_client_key(&self) -> PrivateKeyDer<'static> { + pub fn get_client_key(&self) -> PrivateKeyDer<'static> { PrivateKeyDer::Pkcs8( rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( self.bytes_for("client.key"), From 4b2afb65852b02f14120a5e5a6eb481a4121083f Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 30 May 2024 09:13:16 +0100 Subject: [PATCH 0992/1145] Fill out certificate compression documentation --- rustls/src/compress.rs | 32 ++++++++++++++++++++++++++++++++ rustls/src/lib.rs | 4 ++++ rustls/src/manual/features.rs | 2 ++ 3 files changed, 38 insertions(+) diff --git a/rustls/src/compress.rs b/rustls/src/compress.rs index d962890a3a..31bc6532af 100644 --- a/rustls/src/compress.rs +++ b/rustls/src/compress.rs @@ -1,4 +1,36 @@ //! Certificate compression and decompression support +//! +//! This crate supports compression and decompression everywhere +//! certificates are used, in accordance with [RFC8879][rfc8879]. +//! +//! Note that this is only supported for TLS1.3 connections. +//! +//! # Getting started +//! +//! Build this crate with the `brotli` and/or `zlib` crate features. This +//! adds dependencies on these crates. They are used by default if enabled. +//! +//! We especially recommend `brotli` as it has the widest deployment so far. +//! +//! # Custom compression/decompression implementations +//! +//! 1. Implement the [`CertCompressor`] and/or [`CertDecompressor`] traits +//! 2. Provide those to: +//! - [`ClientConfig::cert_compressors`][cc_cc] or [`ServerConfig::cert_compressors`][sc_cc]. +//! - [`ClientConfig::cert_decompressors`][cc_cd] or [`ServerConfig::cert_decompressors`][sc_cd]. +//! +//! These are used in these circumstances: +//! +//! | Peer | Client authentication | Server authentication | +//! | ---- | --------------------- | --------------------- | +//! | *Client* | [`ClientConfig::cert_compressors`][cc_cc] | [`ClientConfig::cert_decompressors`][cc_cd] | +//! | *Server* | [`ServerConfig::cert_decompressors`][sc_cd] | [`ServerConfig::cert_compressors`][sc_cc] | +//! +//! [rfc8879]: https://datatracker.ietf.org/doc/html/rfc8879 +//! [cc_cc]: crate::ClientConfig::cert_compressors +//! [sc_cc]: crate::ServerConfig::cert_compressors +//! [cc_cd]: crate::ClientConfig::cert_decompressors +//! [sc_cd]: crate::ServerConfig::cert_decompressors #[cfg(feature = "std")] use alloc::collections::VecDeque; diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 26878ef764..2643e0f7d6 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -299,6 +299,10 @@ //! `std::io::ReadBuf` and related APIs. This reduces costs from initializing //! buffers. Will do nothing on non-Nightly releases. //! +//! - `brotli`: uses the `brotli` crate for RFC8879 certificate compression support. +//! +//! - `zlib`: uses the `zlib-rs` crate for RFC8879 certificate compression support. +//! // Require docs for public APIs, deny unsafe code, etc. #![forbid(unsafe_code, unused_must_use)] diff --git a/rustls/src/manual/features.rs b/rustls/src/manual/features.rs index 2032bd7186..36f2db6c4a 100644 --- a/rustls/src/manual/features.rs +++ b/rustls/src/manual/features.rs @@ -26,6 +26,8 @@ APIs ([`CryptoProvider`] for example). * Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)) * Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)) * OCSP stapling by servers +* [RFC8879](https://tools.ietf.org/html/rfc8879) certificate compression by clients + and servers `*` ## Non-features From a54a83ab50f73ea2b749fdb4e10c229e71e65caa Mon Sep 17 00:00:00 2001 From: Josh Aas Date: Fri, 31 May 2024 08:21:54 -0400 Subject: [PATCH 0993/1145] Update roadmap to reflect initial release of the OpenSSL compatibility layer. --- ROADMAP.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index a1b133c64b..4f2dc88b0e 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -4,9 +4,6 @@ In rough order of priority: -* **OpenSSL API Compatibility Layer**. - Add an OpenSSL C API compatibility layer for adoption purposes. - * **Support Encrypted Client Hello (Client Side)**. Encrypted Client Hello is an upcoming standard from the TLS WG providing better protection for some of the data sent by a client in the initial Client Hello @@ -31,6 +28,11 @@ In rough order of priority: ## Past priorities +Delivered in [rustls-openssl-compat](https://github.com/rustls/rustls-openssl-compat) 0.1.0: + +* **OpenSSL API Compatibility Layer**. + Add an OpenSSL C API compatibility layer for adoption purposes. + Delivered in 0.23.2: * **Support Post-Quantum Hybrid Key Exchange**. From ce11c13c65e10a4ada7b45870acca1c4924ab742 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 21 May 2024 12:56:06 -0400 Subject: [PATCH 0994/1145] provider-example: fix hpke test comment typos --- provider-example/tests/hpke.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provider-example/tests/hpke.rs b/provider-example/tests/hpke.rs index 9925cc2b49..a804369d02 100644 --- a/provider-example/tests/hpke.rs +++ b/provider-example/tests/hpke.rs @@ -6,7 +6,7 @@ use rustls::internal::msgs::handshake::HpkeSymmetricCipherSuite; use rustls_provider_example::HPKE_PROVIDER; use serde::Deserialize; -/// Confirm opne/seal operations work using using the test vectors from [RFC 9180 Appendix A]. +/// Confirm open/seal operations work using the test vectors from [RFC 9180 Appendix A]. /// /// [RFC 9180 Appendix A]: https://www.rfc-editor.org/rfc/rfc9180#TestVectors #[test] From 981b2dd3b18722a927ab9e9980f4224f2fccbe7d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 24 May 2024 15:38:03 -0400 Subject: [PATCH 0995/1145] crypto: offer HpkeSuite from Hpke trait This will make it easier to drop the `HpkeProvider` trait. The only implementation, in the `provider-example` crate, is reworked to support the new trait fn. We can make this breaking change without worrying about semver because the `crypto::hpke` module is docs-hidden and has been considered an internal unstable API. This change also allows deriving `Debug` for the provider example `HpkeRs` struct. --- provider-example/src/hpke.rs | 35 ++++++++++++++++++++--------------- rustls/src/crypto/hpke.rs | 3 +++ 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index 8fbbd952a1..a2269f2708 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -1,7 +1,7 @@ use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; -use core::fmt::{Debug, Formatter}; +use core::fmt::Debug; use std::error::Error as StdError; use hpke_rs_crypto::types::{AeadAlgorithm, KdfAlgorithm, KemAlgorithm}; @@ -21,12 +21,7 @@ struct HpkeRsProvider {} impl HpkeProvider for HpkeRsProvider { fn start(&self, suite: &HpkeSuite) -> Result, Error> { - Ok(Box::new(HpkeRs(hpke_rs::Hpke::new( - hpke_rs::Mode::Base, - KemAlgorithm::try_from(u16::from(suite.kem)).map_err(other_err)?, - KdfAlgorithm::try_from(u16::from(suite.sym.kdf_id)).map_err(other_err)?, - AeadAlgorithm::try_from(u16::from(suite.sym.aead_id)).map_err(other_err)?, - )))) + Ok(Box::new(HpkeRs(*suite))) } fn supports_suite(&self, suite: &HpkeSuite) -> bool { @@ -44,11 +39,17 @@ impl HpkeProvider for HpkeRsProvider { } } -struct HpkeRs(hpke_rs::Hpke); +#[derive(Debug)] +struct HpkeRs(HpkeSuite); -impl Debug for HpkeRs { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - f.debug_struct("HpkeRsHpke").finish() +impl HpkeRs { + fn start(&self) -> Result, Error> { + Ok(hpke_rs::Hpke::new( + hpke_rs::Mode::Base, + KemAlgorithm::try_from(u16::from(self.0.kem)).map_err(other_err)?, + KdfAlgorithm::try_from(u16::from(self.0.sym.kdf_id)).map_err(other_err)?, + AeadAlgorithm::try_from(u16::from(self.0.sym.aead_id)).map_err(other_err)?, + )) } } @@ -62,7 +63,7 @@ impl Hpke for HpkeRs { ) -> Result<(EncapsulatedSecret, Vec), Error> { let pk_r = hpke_rs::HpkePublicKey::new(pub_key.0.clone()); let (enc, ciphertext) = self - .0 + .start()? .seal(&pk_r, info, aad, plaintext, None, None, None) .map_err(other_err)?; Ok((EncapsulatedSecret(enc.to_vec()), ciphertext)) @@ -75,7 +76,7 @@ impl Hpke for HpkeRs { ) -> Result<(EncapsulatedSecret, Box), Error> { let pk_r = hpke_rs::HpkePublicKey::new(pub_key.0.clone()); let (enc, context) = self - .0 + .start()? .setup_sender(&pk_r, info, None, None, None) .map_err(other_err)?; Ok(( @@ -93,7 +94,7 @@ impl Hpke for HpkeRs { secret_key: &HpkePrivateKey, ) -> Result, Error> { let sk_r = hpke_rs::HpkePrivateKey::new(secret_key.secret_bytes().to_vec()); - self.0 + self.start()? .open( enc.0.as_slice(), &sk_r, @@ -116,11 +117,15 @@ impl Hpke for HpkeRs { let sk_r = hpke_rs::HpkePrivateKey::new(secret_key.secret_bytes().to_vec()); Ok(Box::new(HpkeRsReceiver { context: self - .0 + .start()? .setup_receiver(enc.0.as_slice(), &sk_r, info, None, None, None) .map_err(other_err)?, })) } + + fn suite(&self) -> HpkeSuite { + self.0 + } } #[derive(Debug)] diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index 668b3a07be..333e56ff7f 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -90,6 +90,9 @@ pub trait Hpke: Debug + Send + Sync { info: &[u8], secret_key: &HpkePrivateKey, ) -> Result, Error>; + + /// Return the [HpkeSuite] that this HPKE instance supports. + fn suite(&self) -> HpkeSuite; } /// An HPKE sealer context. From d96834dde46203827c18a088306538b3c16a0117 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 24 May 2024 15:39:48 -0400 Subject: [PATCH 0996/1145] crypto: drop &mut from Hpke fns Requiring this was a quirk of the hpke-rs backed impl in the provider crate. With the latest rework to store just the `HpkeSuite` this isn't required anymore. State isn't introduced until a `Sealer`/`Opener` are created. Similarly, our forthcoming `aws-lc-rs` HPKE impl requires no mutability for these trait fns. Like before we can make breaking changes here because the `crypto::hpke` module is docs-hidden. --- provider-example/src/hpke.rs | 8 ++++---- rustls/src/crypto/hpke.rs | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index a2269f2708..f7c7e2c364 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -55,7 +55,7 @@ impl HpkeRs { impl Hpke for HpkeRs { fn seal( - &mut self, + &self, info: &[u8], aad: &[u8], plaintext: &[u8], @@ -70,7 +70,7 @@ impl Hpke for HpkeRs { } fn setup_sealer( - &mut self, + &self, info: &[u8], pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Box), Error> { @@ -86,7 +86,7 @@ impl Hpke for HpkeRs { } fn open( - &mut self, + &self, enc: &EncapsulatedSecret, info: &[u8], aad: &[u8], @@ -109,7 +109,7 @@ impl Hpke for HpkeRs { } fn setup_opener( - &mut self, + &self, enc: &EncapsulatedSecret, info: &[u8], secret_key: &HpkePrivateKey, diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index 333e56ff7f..f8b555a078 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -49,7 +49,7 @@ pub trait Hpke: Debug + Send + Sync { /// using the same `info` and `aad` and the private key corresponding to `pub_key`. RFC 9180 /// refers to `pub_key` as `pkR`. fn seal( - &mut self, + &self, info: &[u8], aad: &[u8], plaintext: &[u8], @@ -61,7 +61,7 @@ pub trait Hpke: Debug + Send + Sync { /// Returns both an encapsulated ciphertext and a sealer context that can be used to seal /// messages to the recipient. RFC 9180 refers to `pub_key` as `pkR`. fn setup_sealer( - &mut self, + &self, info: &[u8], pub_key: &HpkePublicKey, ) -> Result<(EncapsulatedSecret, Box), Error>; @@ -72,7 +72,7 @@ pub trait Hpke: Debug + Send + Sync { /// Returns plaintext if the `info` and `aad` match those used with [Self::seal], and /// decryption with `secret_key` succeeds. RFC 9180 refers to `secret_key` as `skR`. fn open( - &mut self, + &self, enc: &EncapsulatedSecret, info: &[u8], aad: &[u8], @@ -85,7 +85,7 @@ pub trait Hpke: Debug + Send + Sync { /// Returns an opener context that can be used to open sealed messages encrypted to the /// public key corresponding to `secret_key`. RFC 9180 refers to `secret_key` as `skR`. fn setup_opener( - &mut self, + &self, enc: &EncapsulatedSecret, info: &[u8], secret_key: &HpkePrivateKey, From 09aad0fc31e9b33b04737d0b2cfd9ddae16075ce Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 24 May 2024 15:42:31 -0400 Subject: [PATCH 0997/1145] crypto: derive Eq/PartialEq for HpkeSuite It's useful to be able to check these for equality, and all of the field members are themselves `Eq` and `PartialEq`, making this easy to achieve. --- rustls/src/crypto/hpke.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index f8b555a078..6b924ffe3e 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -28,7 +28,7 @@ pub trait HpkeProvider: Debug + Send + Sync + 'static { } /// An HPKE suite, specifying a key encapsulation mechanism and a symmetric cipher suite. -#[derive(Clone, Copy, Debug)] +#[derive(Clone, Copy, Debug, Eq, PartialEq)] pub struct HpkeSuite { /// The choice of HPKE key encapsulation mechanism. pub kem: HpkeKem, From c1a09dc815bab47a64b7b30b3a63bf1523864db6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 24 May 2024 15:49:56 -0400 Subject: [PATCH 0998/1145] crypto: remove HpkeProvider trait With more experience we've discovered the `HpkeProvider` trait isn't required. We can instead get away with having a slice of supported `&dyn Hpke` instances. To facilitate finding a supported suite from that slice a newtype wrapper (`HpkeSuites`) is offered with a `supported()` fn to handle this task. The existing `provider-example` implementation and tests are updated accordingly. --- provider-example/src/hpke.rs | 99 +++++++++++++++++++++++----------- provider-example/src/lib.rs | 5 +- provider-example/tests/hpke.rs | 22 ++++---- rustls/src/crypto/hpke.rs | 19 ------- 4 files changed, 83 insertions(+), 62 deletions(-) diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index f7c7e2c364..59d202077d 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -5,42 +5,81 @@ use core::fmt::Debug; use std::error::Error as StdError; use hpke_rs_crypto::types::{AeadAlgorithm, KdfAlgorithm, KemAlgorithm}; -use hpke_rs_crypto::HpkeCrypto; use hpke_rs_rust_crypto::HpkeRustCrypto; use rustls::crypto::hpke::{ - EncapsulatedSecret, Hpke, HpkeOpener, HpkePrivateKey, HpkeProvider, HpkePublicKey, HpkeSealer, - HpkeSuite, + EncapsulatedSecret, Hpke, HpkeOpener, HpkePrivateKey, HpkePublicKey, HpkeSealer, HpkeSuite, }; +use rustls::internal::msgs::enums::{ + HpkeAead as HpkeAeadId, HpkeKdf as HpkeKdfId, HpkeKem as HpkeKemId, +}; +use rustls::internal::msgs::handshake::HpkeSymmetricCipherSuite; use rustls::{Error, OtherError}; -pub static HPKE_PROVIDER: &'static dyn HpkeProvider = &HpkeRsProvider {}; - -/// A Rustls HPKE provider backed by hpke-rs and the RustCrypto backend. -#[derive(Debug)] -struct HpkeRsProvider {} - -impl HpkeProvider for HpkeRsProvider { - fn start(&self, suite: &HpkeSuite) -> Result, Error> { - Ok(Box::new(HpkeRs(*suite))) - } - - fn supports_suite(&self, suite: &HpkeSuite) -> bool { - let kem = KemAlgorithm::try_from(u16::from(suite.kem)).ok(); - let kdf = KdfAlgorithm::try_from(u16::from(suite.sym.kdf_id)).ok(); - let aead = AeadAlgorithm::try_from(u16::from(suite.sym.aead_id)).ok(); - match (kem, kdf, aead) { - (Some(kem), Some(kdf), Some(aead)) => { - HpkeRustCrypto::supports_kem(kem).is_ok() - && HpkeRustCrypto::supports_kdf(kdf).is_ok() - && HpkeRustCrypto::supports_aead(aead).is_ok() - } - _ => false, - } - } -} - +/// All supported HPKE suites. +/// +/// Note: hpke-rs w/ rust-crypto does not support P-384 and P-521 DH KEMs. +pub static ALL_SUPPORTED_SUITES: &[&dyn Hpke] = &[ + DHKEM_P256_HKDF_SHA256_AES_128, + DHKEM_P256_HKDF_SHA256_AES_256, + DHKEM_P256_HKDF_SHA256_CHACHA20_POLY1305, + DHKEM_X25519_HKDF_SHA256_AES_128, + DHKEM_X25519_HKDF_SHA256_AES_256, + DHKEM_X25519_HKDF_SHA256_CHACHA20_POLY1305, +]; + +pub static DHKEM_P256_HKDF_SHA256_AES_128: &HpkeRs = &HpkeRs(HpkeSuite { + kem: HpkeKemId::DHKEM_P256_HKDF_SHA256, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdfId::HKDF_SHA256, + aead_id: HpkeAeadId::AES_128_GCM, + }, +}); + +pub static DHKEM_P256_HKDF_SHA256_AES_256: &HpkeRs = &HpkeRs(HpkeSuite { + kem: HpkeKemId::DHKEM_P256_HKDF_SHA256, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdfId::HKDF_SHA256, + aead_id: HpkeAeadId::AES_256_GCM, + }, +}); + +pub static DHKEM_P256_HKDF_SHA256_CHACHA20_POLY1305: &HpkeRs = &HpkeRs(HpkeSuite { + kem: HpkeKemId::DHKEM_P256_HKDF_SHA256, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdfId::HKDF_SHA256, + aead_id: HpkeAeadId::CHACHA20_POLY_1305, + }, +}); + +pub static DHKEM_X25519_HKDF_SHA256_AES_128: &HpkeRs = &HpkeRs(HpkeSuite { + kem: HpkeKemId::DHKEM_X25519_HKDF_SHA256, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdfId::HKDF_SHA256, + aead_id: HpkeAeadId::AES_128_GCM, + }, +}); + +pub static DHKEM_X25519_HKDF_SHA256_AES_256: &HpkeRs = &HpkeRs(HpkeSuite { + kem: HpkeKemId::DHKEM_X25519_HKDF_SHA256, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdfId::HKDF_SHA256, + aead_id: HpkeAeadId::AES_256_GCM, + }, +}); + +pub static DHKEM_X25519_HKDF_SHA256_CHACHA20_POLY1305: &HpkeRs = &HpkeRs(HpkeSuite { + kem: HpkeKemId::DHKEM_X25519_HKDF_SHA256, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdfId::HKDF_SHA256, + aead_id: HpkeAeadId::CHACHA20_POLY_1305, + }, +}); + +/// A HPKE suite backed by the [hpke-rs] crate and its rust-crypto cryptography provider. +/// +/// [hpke-rs]: https://github.com/franziskuskiefer/hpke-rs #[derive(Debug)] -struct HpkeRs(HpkeSuite); +pub struct HpkeRs(HpkeSuite); impl HpkeRs { fn start(&self) -> Result, Error> { diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs index e117d1a7c6..c525618c2a 100644 --- a/provider-example/src/lib.rs +++ b/provider-example/src/lib.rs @@ -13,14 +13,11 @@ mod aead; mod hash; mod hmac; #[cfg(feature = "std")] -mod hpke; +pub mod hpke; mod kx; mod sign; mod verify; -#[cfg(feature = "std")] -pub use hpke::HPKE_PROVIDER; - pub fn provider() -> CryptoProvider { CryptoProvider { cipher_suites: ALL_CIPHER_SUITES.to_vec(), diff --git a/provider-example/tests/hpke.rs b/provider-example/tests/hpke.rs index a804369d02..f481238aee 100644 --- a/provider-example/tests/hpke.rs +++ b/provider-example/tests/hpke.rs @@ -1,9 +1,9 @@ use std::fs::File; -use rustls::crypto::hpke::{HpkePrivateKey, HpkePublicKey, HpkeSuite}; +use rustls::crypto::hpke::{Hpke, HpkePrivateKey, HpkePublicKey, HpkeSuite}; use rustls::internal::msgs::enums::{HpkeAead, HpkeKdf, HpkeKem}; use rustls::internal::msgs::handshake::HpkeSymmetricCipherSuite; -use rustls_provider_example::HPKE_PROVIDER; +use rustls_provider_example::hpke::ALL_SUPPORTED_SUITES; use serde::Deserialize; /// Confirm open/seal operations work using the test vectors from [RFC 9180 Appendix A]. @@ -12,15 +12,12 @@ use serde::Deserialize; #[test] fn check_test_vectors() { for (idx, vec) in test_vectors().into_iter().enumerate() { - if !vec.applicable() { + let Some(hpke) = vec.applicable() else { println!("skipping inapplicable vector {idx}"); continue; - } + }; println!("testing vector {idx}"); - let mut hpke = HPKE_PROVIDER - .start(&vec.suite()) - .unwrap(); let pk_r = HpkePublicKey(hex::decode(vec.pk_rm).unwrap()); let sk_r = HpkePrivateKey::from(hex::decode(vec.sk_rm).unwrap()); let info = hex::decode(vec.info).unwrap(); @@ -72,9 +69,16 @@ impl TestVector { } } - fn applicable(&self) -> bool { + fn applicable(&self) -> Option<&'static dyn Hpke> { // Only base mode test vectors for supported suites are applicable. - self.mode == 0 && HPKE_PROVIDER.supports_suite(&self.suite()) + if self.mode == 0 { + return None; + } + + ALL_SUPPORTED_SUITES + .iter() + .find(|hpke| hpke.suite() == self.suite()) + .copied() } } diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index 6b924ffe3e..4c3fefaf08 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -8,25 +8,6 @@ use crate::msgs::enums::HpkeKem; use crate::msgs::handshake::HpkeSymmetricCipherSuite; use crate::Error; -/// A provider for [RFC 9180] Hybrid Public Key Encryption (HPKE) in base mode. -/// -/// At a minimum each provider must support the [HPKE ciphersuite profile] required for -/// encrypted client hello (ECH): -/// * KEM: DHKEM(X25519, HKDF-SHA256) -/// * symmetric ciphersuite: AES-128-GCM w/ HKDF-SHA256 -/// -/// [RFC 9180]: -/// [HPKE ciphersuite profile]: -pub trait HpkeProvider: Debug + Send + Sync + 'static { - /// Start setting up to use HPKE in base mode with the chosen suite. - /// - /// May return an error if the suite is unsupported by the provider. - fn start(&self, suite: &HpkeSuite) -> Result, Error>; - - /// Does the provider support the given [HpkeSuite]? - fn supports_suite(&self, suite: &HpkeSuite) -> bool; -} - /// An HPKE suite, specifying a key encapsulation mechanism and a symmetric cipher suite. #[derive(Clone, Copy, Debug, Eq, PartialEq)] pub struct HpkeSuite { From 141366d985e08d548638aa480718c711d6fd6c5e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 27 May 2024 11:57:50 -0400 Subject: [PATCH 0999/1145] crypto: add fips() fn to Hpke trait Adds a `fips()` fn to the `Hpke` trait, and a default implementation that returns false. --- rustls/src/crypto/hpke.rs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index 4c3fefaf08..8d6794d816 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -72,6 +72,11 @@ pub trait Hpke: Debug + Send + Sync { secret_key: &HpkePrivateKey, ) -> Result, Error>; + /// Return whether the HPKE instance is FIPS compatible. + fn fips(&self) -> bool { + false + } + /// Return the [HpkeSuite] that this HPKE instance supports. fn suite(&self) -> HpkeSuite; } From b3a73f149c26a90066388db6401074f7240d82f0 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 28 May 2024 14:36:43 -0400 Subject: [PATCH 1000/1145] crypto: add HkdfPrkExpand trait, impl for HMAC HKDF The existing `Hkdf` trait is well suited to the TLS 1.3 use-case where all pseudo-random keys (PRKs) extracted using HKDF are only used for an as-is expansion. In this context the PRK is encapsulated in an `HkdfExpander`, and not accessible directly to callers (helping to avoid misuse). In other contexts, notably HPKE, we need to use an HKDF to expand two PRKs that are combined with some other metadata before being used for an expansion. This requires direct access to the PRK bytes, and so can't be done with the existing traits. This commit adds a new `HkdfPrkExpand` trait that uses the existing `Hkdf` trait as a super-trait. It adds one new fn, `extract_prk_from_secret`, that returns the raw PRK. We implement this trait for the `HkdfExpanderUsingHmac` type (and can reuse the code in the existing `Hkdf::extract_from_zero_ikm` and `Hkdf::extract_from_secret` fns that need a PRK. We can't implement this trait for the upstream Ring/aws-lc-rs `RingHkdf` types, as these use an opaque upstream `Prk` type tailored to the extract-and-then-expand usecase. Since a HMAC based HKDF is sufficient for the current needs and implementing the new trait requires no upstream changes we prefer this approach. --- rustls/src/crypto/tls13.rs | 63 ++++++++++++++++++++++++-------------- 1 file changed, 40 insertions(+), 23 deletions(-) diff --git a/rustls/src/crypto/tls13.rs b/rustls/src/crypto/tls13.rs index e6fd4230c8..ca0b3e4692 100644 --- a/rustls/src/crypto/tls13.rs +++ b/rustls/src/crypto/tls13.rs @@ -1,4 +1,5 @@ use alloc::boxed::Box; +use alloc::vec::Vec; use zeroize::Zeroize; @@ -53,33 +54,15 @@ pub struct HkdfUsingHmac<'a>(pub &'a dyn hmac::Hmac); impl<'a> Hkdf for HkdfUsingHmac<'a> { fn extract_from_zero_ikm(&self, salt: Option<&[u8]>) -> Box { let zeroes = [0u8; hmac::Tag::MAX_LEN]; - let salt = match salt { - Some(salt) => salt, - None => &zeroes[..self.0.hash_output_len()], - }; - Box::new(HkdfExpanderUsingHmac( - self.0.with_key( - self.0 - .with_key(salt) - .sign(&[&zeroes[..self.0.hash_output_len()]]) - .as_ref(), - ), - )) + Box::new(HkdfExpanderUsingHmac(self.0.with_key( + &self.extract_prk_from_secret(salt, &zeroes[..self.0.hash_output_len()]), + ))) } fn extract_from_secret(&self, salt: Option<&[u8]>, secret: &[u8]) -> Box { - let zeroes = [0u8; hmac::Tag::MAX_LEN]; - let salt = match salt { - Some(salt) => salt, - None => &zeroes[..self.0.hash_output_len()], - }; Box::new(HkdfExpanderUsingHmac( - self.0.with_key( - self.0 - .with_key(salt) - .sign(&[secret]) - .as_ref(), - ), + self.0 + .with_key(&self.extract_prk_from_secret(salt, secret)), )) } @@ -94,6 +77,21 @@ impl<'a> Hkdf for HkdfUsingHmac<'a> { } } +impl<'a> HkdfPrkExtract for HkdfUsingHmac<'a> { + fn extract_prk_from_secret(&self, salt: Option<&[u8]>, secret: &[u8]) -> Vec { + let zeroes = [0u8; hmac::Tag::MAX_LEN]; + let salt = match salt { + Some(salt) => salt, + None => &zeroes[..self.0.hash_output_len()], + }; + self.0 + .with_key(salt) + .sign(&[secret]) + .as_ref() + .to_vec() + } +} + /// Implementation of `HKDF-Expand` with an implicitly stored and immutable `PRK`. pub trait HkdfExpander: Send + Sync { /// `HKDF-Expand(PRK, info, L)` into a slice. @@ -184,6 +182,25 @@ pub trait Hkdf: Send + Sync { } } +/// An extended HKDF implementation that supports directly extracting a pseudo-random key (PRK). +/// +/// The base [`Hkdf`] trait is tailored to the needs of TLS 1.3, where all extracted PRKs +/// are expanded as-is, and so can be safely encapsulated without exposing the caller +/// to the key material. +/// +/// In other contexts (for example, hybrid public key encryption (HPKE)) it may be necessary +/// to use the extracted PRK directly for purposes other than an immediate expansion. +/// This trait can be implemented to offer this functionality when it is required. +pub(crate) trait HkdfPrkExtract: Hkdf { + /// `HKDF-Extract(salt, secret)` + /// + /// A `salt` of `None` should be treated as a sequence of `HashLen` zero bytes. + /// + /// In most cases you should prefer [`Hkdf::extract_from_secret`] and using the + /// returned [HkdfExpander] instead of handling the PRK directly. + fn extract_prk_from_secret(&self, salt: Option<&[u8]>, secret: &[u8]) -> Vec; +} + /// `HKDF-Expand(PRK, info, L)` to construct any type from a byte array. /// /// - `PRK` is the implicit key material represented by this instance. From 802407057f702e118f1312e0a0faa3056f820911 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 28 May 2024 14:47:01 -0400 Subject: [PATCH 1001/1145] aws_lc_rs: expose ring-like HMAC module This allows users of aws-lc-rs to build HMAC HKDF constructions using the ring-like HMAC algorithms. --- rustls/src/crypto/aws_lc_rs/mod.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index 5c6b87f34f..dac79e0678 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -22,6 +22,8 @@ pub mod sign; #[path = "../ring/hash.rs"] pub(crate) mod hash; +#[path = "../ring/hmac.rs"] +pub(crate) mod hmac; #[path = "../ring/kx.rs"] pub(crate) mod kx; #[path = "../ring/quic.rs"] From f52d1c8f94941cf0d8074fdca171b63d7e27833f Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 28 May 2024 14:48:58 -0400 Subject: [PATCH 1002/1145] crypto: remove gating on ring-like HMAC algos Now that we'll be using these HMAC algorithms from the aws-lc-rs HPKE implementation they should be made available to reference without needing the `tls12` feature enabled. Similarly the `HMAC_SHA512` algorithm should now be usable outside of test contexts. --- rustls/src/crypto/ring/hmac.rs | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index 9bc814de63..7f30aba481 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -5,12 +5,9 @@ use alloc::boxed::Box; use super::ring_like; use crate::crypto; -#[cfg(feature = "tls12")] pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring_like::hmac::HMAC_SHA256); -#[cfg(feature = "tls12")] pub(crate) static HMAC_SHA384: Hmac = Hmac(&ring_like::hmac::HMAC_SHA384); -#[cfg(test)] -#[allow(dead_code)] // only for TLS1.2 prf test +#[allow(dead_code)] // Only used for TLS 1.2 prf test, and aws-lc-rs HPKE suites. pub(crate) static HMAC_SHA512: Hmac = Hmac(&ring_like::hmac::HMAC_SHA512); pub(crate) struct Hmac(&'static ring_like::hmac::Algorithm); From 8f3bb9081b22626ef67b9a38b732e5f3b99b1c31 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 27 May 2024 13:02:03 -0400 Subject: [PATCH 1003/1145] aws_lc_rs: implement HPKE traits This commit introduces a minimal RFC 9180 "Hybrid Public Key Encryption" (HPKE) implementation using crypto primitives (ECDH, HKDF, AEAD) from the `aws-lc-rs` crate. Our implementation is tailored towards the needs of Encrypted Client Hello (ECH) and so: 1. We only implement "base mode" HPKE. 2. We don't implement the secret export support. Care is taken to ensure the implementation is "linker friendly" - unreferenced algorithms will be discarded by the linker. --- rustls/src/crypto/aws_lc_rs/hpke.rs | 945 ++++++++++++++++++++++++++++ rustls/src/crypto/aws_lc_rs/mod.rs | 2 + 2 files changed, 947 insertions(+) create mode 100644 rustls/src/crypto/aws_lc_rs/hpke.rs diff --git a/rustls/src/crypto/aws_lc_rs/hpke.rs b/rustls/src/crypto/aws_lc_rs/hpke.rs new file mode 100644 index 0000000000..ad2b1afdca --- /dev/null +++ b/rustls/src/crypto/aws_lc_rs/hpke.rs @@ -0,0 +1,945 @@ +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec::Vec; +use core::fmt::{self, Debug, Formatter}; + +use aws_lc_rs::aead::{ + self, Aad, BoundKey, Nonce, NonceSequence, OpeningKey, SealingKey, UnboundKey, NONCE_LEN, +}; +use aws_lc_rs::agreement; +use aws_lc_rs::cipher::{AES_128_KEY_LEN, AES_256_KEY_LEN}; +use aws_lc_rs::digest::{SHA256_OUTPUT_LEN, SHA384_OUTPUT_LEN, SHA512_OUTPUT_LEN}; +use zeroize::Zeroize; + +use crate::crypto::aws_lc_rs::hmac::{HMAC_SHA256, HMAC_SHA384, HMAC_SHA512}; +use crate::crypto::hpke::{ + EncapsulatedSecret, Hpke, HpkeOpener, HpkePrivateKey, HpkePublicKey, HpkeSealer, HpkeSuite, +}; +use crate::crypto::tls13::{expand, HkdfExpander, HkdfPrkExtract, HkdfUsingHmac}; +use crate::msgs::enums::{HpkeAead, HpkeKdf, HpkeKem}; +use crate::msgs::handshake::HpkeSymmetricCipherSuite; +use crate::{Error, OtherError}; + +/// Default [RFC 9180] Hybrid Public Key Encryption (HPKE) suites supported by aws-lc-rs cryptography. +pub static ALL_SUPPORTED_SUITES: &[&dyn Hpke] = &[ + DH_KEM_P256_HKDF_SHA256_AES_128, + DH_KEM_P256_HKDF_SHA256_AES_256, + #[cfg(not(feature = "fips"))] + DH_KEM_P256_HKDF_SHA256_CHACHA20_POLY1305, + DH_KEM_P384_HKDF_SHA384_AES_128, + DH_KEM_P384_HKDF_SHA384_AES_256, + #[cfg(not(feature = "fips"))] + DH_KEM_P384_HKDF_SHA384_CHACHA20_POLY1305, + DH_KEM_P521_HKDF_SHA512_AES_128, + DH_KEM_P521_HKDF_SHA512_AES_256, + #[cfg(not(feature = "fips"))] + DH_KEM_P521_HKDF_SHA512_CHACHA20_POLY1305, + #[cfg(not(feature = "fips"))] + DH_KEM_X25519_HKDF_SHA256_AES_128, + #[cfg(not(feature = "fips"))] + DH_KEM_X25519_HKDF_SHA256_AES_256, + #[cfg(not(feature = "fips"))] + DH_KEM_X25519_HKDF_SHA256_CHACHA20_POLY1305, +]; + +/// HPKE suite using ECDH P-256 for agreement, HKDF SHA-256 for key derivation, and AEAD AES-128-GCM +/// for symmetric encryption. +pub static DH_KEM_P256_HKDF_SHA256_AES_128: &HpkeAwsLcRs = + &HpkeAwsLcRs { + suite: HpkeSuite { + kem: HpkeKem::DHKEM_P256_HKDF_SHA256, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA256, + aead_id: HpkeAead::AES_128_GCM, + }, + }, + dh_kem: DH_KEM_P256_HKDF_SHA256, + hkdf: RING_HKDF_HMAC_SHA256, + aead: &aead::AES_128_GCM, + }; + +/// HPKE suite using ECDH P-256 for agreement, HKDF SHA-256 for key derivation and AEAD AES-256-GCM +/// for symmetric encryption. +pub static DH_KEM_P256_HKDF_SHA256_AES_256: &HpkeAwsLcRs = + &HpkeAwsLcRs { + suite: HpkeSuite { + kem: HpkeKem::DHKEM_P256_HKDF_SHA256, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA256, + aead_id: HpkeAead::AES_256_GCM, + }, + }, + dh_kem: DH_KEM_P256_HKDF_SHA256, + hkdf: RING_HKDF_HMAC_SHA256, + aead: &aead::AES_256_GCM, + }; + +/// HPKE suite using ECDH P-256 for agreement, HKDF SHA-256 for key derivation, and AEAD +/// CHACHA20-POLY-1305 for symmetric encryption. +pub static DH_KEM_P256_HKDF_SHA256_CHACHA20_POLY1305: &HpkeAwsLcRs< + CHACHA_KEY_LEN, + SHA256_OUTPUT_LEN, +> = &HpkeAwsLcRs { + suite: HpkeSuite { + kem: HpkeKem::DHKEM_P256_HKDF_SHA256, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA256, + aead_id: HpkeAead::CHACHA20_POLY_1305, + }, + }, + dh_kem: DH_KEM_P256_HKDF_SHA256, + hkdf: RING_HKDF_HMAC_SHA256, + aead: &aead::CHACHA20_POLY1305, +}; + +/// HPKE suite using ECDH P-384 for agreement, HKDF SHA-384 for key derivation, and AEAD AES-128-GCM +/// for symmetric encryption. +pub static DH_KEM_P384_HKDF_SHA384_AES_128: &HpkeAwsLcRs = + &HpkeAwsLcRs { + suite: HpkeSuite { + kem: HpkeKem::DHKEM_P384_HKDF_SHA384, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA384, + aead_id: HpkeAead::AES_128_GCM, + }, + }, + dh_kem: DH_KEM_P384_HKDF_SHA384, + hkdf: RING_HKDF_HMAC_SHA384, + aead: &aead::AES_128_GCM, + }; + +/// HPKE suite using ECDH P-384 for agreement, HKDF SHA-384 for key derivation, and AEAD AES-256-GCM +/// for symmetric encryption. +pub static DH_KEM_P384_HKDF_SHA384_AES_256: &HpkeAwsLcRs = + &HpkeAwsLcRs { + suite: HpkeSuite { + kem: HpkeKem::DHKEM_P384_HKDF_SHA384, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA384, + aead_id: HpkeAead::AES_256_GCM, + }, + }, + dh_kem: DH_KEM_P384_HKDF_SHA384, + hkdf: RING_HKDF_HMAC_SHA384, + aead: &aead::AES_256_GCM, + }; + +/// HPKE suite using ECDH P-384 for agreement, HKDF SHA-384 for key derivation, and AEAD +/// CHACHA20-POLY-1305 for symmetric encryption. +pub static DH_KEM_P384_HKDF_SHA384_CHACHA20_POLY1305: &HpkeAwsLcRs< + CHACHA_KEY_LEN, + SHA384_OUTPUT_LEN, +> = &HpkeAwsLcRs { + suite: HpkeSuite { + kem: HpkeKem::DHKEM_P384_HKDF_SHA384, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA384, + aead_id: HpkeAead::CHACHA20_POLY_1305, + }, + }, + dh_kem: DH_KEM_P384_HKDF_SHA384, + hkdf: RING_HKDF_HMAC_SHA384, + aead: &aead::CHACHA20_POLY1305, +}; + +/// HPKE suite using ECDH P-521 for agreement, HKDF SHA-512 for key derivation, and AEAD AES-128-GCM +/// for symmetric encryption. +pub static DH_KEM_P521_HKDF_SHA512_AES_128: &HpkeAwsLcRs = + &HpkeAwsLcRs { + suite: HpkeSuite { + kem: HpkeKem::DHKEM_P521_HKDF_SHA512, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA512, + aead_id: HpkeAead::AES_128_GCM, + }, + }, + dh_kem: DH_KEM_P521_HKDF_SHA512, + hkdf: RING_HKDF_HMAC_SHA512, + aead: &aead::AES_128_GCM, + }; + +/// HPKE suite using ECDH P-521 for agreement, HKDF SHA-512 for key derivation, and AEAD AES-256-GCM +/// for symmetric encryption. +pub static DH_KEM_P521_HKDF_SHA512_AES_256: &HpkeAwsLcRs = + &HpkeAwsLcRs { + suite: HpkeSuite { + kem: HpkeKem::DHKEM_P521_HKDF_SHA512, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA512, + aead_id: HpkeAead::AES_256_GCM, + }, + }, + dh_kem: DH_KEM_P521_HKDF_SHA512, + hkdf: RING_HKDF_HMAC_SHA512, + aead: &aead::AES_256_GCM, + }; + +/// HPKE suite using ECDH P-521 for agreement, HKDF SHA-512 for key derivation, and AEAD +/// CHACHA20-POLY-1305 for symmetric encryption. +pub static DH_KEM_P521_HKDF_SHA512_CHACHA20_POLY1305: &HpkeAwsLcRs< + CHACHA_KEY_LEN, + SHA512_OUTPUT_LEN, +> = &HpkeAwsLcRs { + suite: HpkeSuite { + kem: HpkeKem::DHKEM_P521_HKDF_SHA512, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA512, + aead_id: HpkeAead::CHACHA20_POLY_1305, + }, + }, + dh_kem: DH_KEM_P521_HKDF_SHA512, + hkdf: RING_HKDF_HMAC_SHA512, + aead: &aead::CHACHA20_POLY1305, +}; + +/// HPKE suite using ECDH X25519 for agreement, HKDF SHA-256 for key derivation, and AEAD AES-128-GCM +/// for symmetric encryption. +pub static DH_KEM_X25519_HKDF_SHA256_AES_128: &HpkeAwsLcRs = + &HpkeAwsLcRs { + suite: HpkeSuite { + kem: HpkeKem::DHKEM_X25519_HKDF_SHA256, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA256, + aead_id: HpkeAead::AES_128_GCM, + }, + }, + dh_kem: DH_KEM_X25519_HKDF_SHA256, + hkdf: RING_HKDF_HMAC_SHA256, + aead: &aead::AES_128_GCM, + }; + +/// HPKE suite using ECDH X25519 for agreement, HKDF SHA-256 for key derivation, and AEAD AES-256-GCM +/// for symmetric encryption. +pub static DH_KEM_X25519_HKDF_SHA256_AES_256: &HpkeAwsLcRs = + &HpkeAwsLcRs { + suite: HpkeSuite { + kem: HpkeKem::DHKEM_X25519_HKDF_SHA256, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA256, + aead_id: HpkeAead::AES_256_GCM, + }, + }, + dh_kem: DH_KEM_X25519_HKDF_SHA256, + hkdf: RING_HKDF_HMAC_SHA256, + aead: &aead::AES_256_GCM, + }; + +/// HPKE suite using ECDH X25519 for agreement, HKDF SHA-256 for key derivation, and AEAD +/// CHACHA20-POLY-1305 for symmetric encryption. +pub static DH_KEM_X25519_HKDF_SHA256_CHACHA20_POLY1305: &HpkeAwsLcRs< + CHACHA_KEY_LEN, + SHA256_OUTPUT_LEN, +> = &HpkeAwsLcRs { + suite: HpkeSuite { + kem: HpkeKem::DHKEM_X25519_HKDF_SHA256, + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA256, + aead_id: HpkeAead::CHACHA20_POLY_1305, + }, + }, + dh_kem: DH_KEM_X25519_HKDF_SHA256, + hkdf: RING_HKDF_HMAC_SHA256, + aead: &aead::CHACHA20_POLY1305, +}; + +/// `HpkeAwsLcRs` holds the concrete instantiations of the algorithms specified by the [HpkeSuite]. +pub struct HpkeAwsLcRs { + suite: HpkeSuite, + dh_kem: &'static DhKem, + hkdf: &'static dyn HkdfPrkExtract, + aead: &'static aead::Algorithm, +} + +impl HpkeAwsLcRs { + /// See RFC 9180 §5.1 "Creating the Encryption Context"[^0]. + /// + /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1 + fn key_schedule( + &self, + shared_secret: KemSharedSecret, + info: &[u8], + ) -> Result, Error> { + // Note: we use an empty IKM for the `psk_id_hash` and `secret` labelled extractions because + // there is no PSK ID in base mode HPKE. + + let suite_id = LabeledSuiteId::Hpke(self.suite); + let psk_id_hash = labeled_extract_for_prk(self.hkdf, suite_id, None, Label::PskIdHash, &[]); + let info_hash = labeled_extract_for_prk(self.hkdf, suite_id, None, Label::InfoHash, info); + let key_schedule_context = [ + &[0][..], // base mode (0x00) + &psk_id_hash, + &info_hash, + ] + .concat(); + + let key = AeadKey(self.key_schedule_labeled_expand::( + &shared_secret, + &key_schedule_context, + Label::Key, + )); + + let base_nonce = self.key_schedule_labeled_expand::( + &shared_secret, + &key_schedule_context, + Label::BaseNonce, + ); + + Ok(KeySchedule { + aead: self.aead, + key, + base_nonce, + seq_num: 0, + }) + } + + fn key_schedule_labeled_expand( + &self, + shared_secret: &KemSharedSecret, + key_schedule_context: &[u8], + label: Label, + ) -> [u8; L] { + let suite_id = LabeledSuiteId::Hpke(self.suite); + labeled_expand::( + suite_id, + labeled_extract_for_expand( + self.hkdf, + suite_id, + Some(&shared_secret.0), + Label::Secret, + &[], + ), + label, + key_schedule_context, + ) + } +} + +impl Hpke for HpkeAwsLcRs { + fn seal( + &self, + info: &[u8], + aad: &[u8], + plaintext: &[u8], + pub_key: &HpkePublicKey, + ) -> Result<(EncapsulatedSecret, Vec), Error> { + let (encap, mut sealer) = self.setup_sealer(info, pub_key)?; + Ok((encap, sealer.seal(aad, plaintext)?)) + } + + fn setup_sealer( + &self, + info: &[u8], + pub_key: &HpkePublicKey, + ) -> Result<(EncapsulatedSecret, Box), Error> { + let (encap, sealer) = Sealer::new(self, info, pub_key)?; + Ok((encap, Box::new(sealer))) + } + + fn open( + &self, + enc: &EncapsulatedSecret, + info: &[u8], + aad: &[u8], + ciphertext: &[u8], + secret_key: &HpkePrivateKey, + ) -> Result, Error> { + self.setup_opener(enc, info, secret_key)? + .open(aad, ciphertext) + } + + fn setup_opener( + &self, + enc: &EncapsulatedSecret, + info: &[u8], + secret_key: &HpkePrivateKey, + ) -> Result, Error> { + Ok(Box::new(Opener::new(self, enc, info, secret_key)?)) + } + + fn fips(&self) -> bool { + matches!( + // We make a FIPS determination based on the suite's DH KEM and AEAD choice. + // We don't need to examine the KDF choice because all supported KDFs are FIPS + // compatible. + (self.suite.kem, self.suite.sym.aead_id), + ( + // Only the NIST "P-curve" DH KEMs are FIPS compatible. + HpkeKem::DHKEM_P256_HKDF_SHA256 + | HpkeKem::DHKEM_P384_HKDF_SHA384 + | HpkeKem::DHKEM_P521_HKDF_SHA512, + // Only the AES AEADs are FIPS compatible. + HpkeAead::AES_128_GCM | HpkeAead::AES_256_GCM, + ) + ) + } + + fn suite(&self) -> HpkeSuite { + self.suite + } +} + +impl Debug for HpkeAwsLcRs { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + self.suite.fmt(f) + } +} + +/// Adapts a [KeySchedule] and [AeadKey] for the role of a [HpkeSealer]. +struct Sealer { + key_schedule: KeySchedule, +} + +impl Sealer { + /// See RFC 9180 §5.1.1 "Encryption to a Public Key"[^0]. + /// + /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1.1 + fn new( + suite: &HpkeAwsLcRs, + info: &[u8], + pub_key: &HpkePublicKey, + ) -> Result<(EncapsulatedSecret, Self), Error> { + // def SetupBaseS(pkR, info): + // shared_secret, enc = Encap(pkR) + // return enc, KeyScheduleS(mode_base, shared_secret, info, + // default_psk, default_psk_id) + + let (shared_secret, enc) = suite.dh_kem.encap(pub_key)?; + let key_schedule = suite.key_schedule(shared_secret, info)?; + Ok((enc, Self { key_schedule })) + } +} + +impl HpkeSealer for Sealer { + fn seal(&mut self, aad: &[u8], plaintext: &[u8]) -> Result, Error> { + // def ContextS.Seal(aad, pt): + // ct = Seal(self.key, self.ComputeNonce(self.seq), aad, pt) + // self.IncrementSeq() + // return ct + + let key = UnboundKey::new(self.key_schedule.aead, &self.key_schedule.key.0) + .map_err(unspecified_err)?; + let mut sealing_key = SealingKey::new(key, &mut self.key_schedule); + + let mut in_out_buffer = Vec::from(plaintext); + sealing_key + .seal_in_place_append_tag(Aad::from(aad), &mut in_out_buffer) + .map_err(unspecified_err)?; + + Ok(in_out_buffer) + } +} + +impl Debug for Sealer { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("Sealer").finish() + } +} + +/// Adapts a [KeySchedule] and [AeadKey] for the role of a [HpkeOpener]. +struct Opener { + key_schedule: KeySchedule, +} + +impl Opener { + /// See RFC 9180 §5.1.1 "Encryption to a Public Key"[^0]. + /// + /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1.1 + fn new( + suite: &HpkeAwsLcRs, + enc: &EncapsulatedSecret, + info: &[u8], + secret_key: &HpkePrivateKey, + ) -> Result { + // def SetupBaseR(enc, skR, info): + // shared_secret = Decap(enc, skR) + // return KeyScheduleR(mode_base, shared_secret, info, + // default_psk, default_psk_id) + Ok(Self { + key_schedule: suite.key_schedule(suite.dh_kem.decap(enc, secret_key)?, info)?, + }) + } +} + +impl HpkeOpener for Opener { + fn open(&mut self, aad: &[u8], ciphertext: &[u8]) -> Result, Error> { + // def ContextR.Open(aad, ct): + // pt = Open(self.key, self.ComputeNonce(self.seq), aad, ct) + // if pt == OpenError: + // raise OpenError + // self.IncrementSeq() + // return pt + + let key = UnboundKey::new(self.key_schedule.aead, &self.key_schedule.key.0) + .map_err(unspecified_err)?; + let mut opening_key = OpeningKey::new(key, &mut self.key_schedule); + + let mut in_out_buffer = Vec::from(ciphertext); + let plaintext = opening_key + .open_in_place(Aad::from(aad), &mut in_out_buffer) + .map_err(unspecified_err)?; + + Ok(plaintext.to_vec()) + } +} + +impl Debug for Opener { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { + f.debug_struct("Opener").finish() + } +} + +/// A Diffie-Hellman (DH) based Key Encapsulation Mechanism (KEM). +/// +/// See RFC 9180 §4.1 "DH-Based KEM (DHKEM)"[^0]. +/// +/// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4.1 +struct DhKem { + id: HpkeKem, + agreement_algorithm: &'static agreement::Algorithm, + hkdf: &'static dyn HkdfPrkExtract, +} + +impl DhKem { + /// See RFC 9180 §4.1 "DH-Based KEM (DHKEM)"[^0]. + /// + /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4.1 + fn encap( + &self, + recipient: &HpkePublicKey, + ) -> Result<(KemSharedSecret, EncapsulatedSecret), Error> { + // def Encap(pkR): + // skE, pkE = GenerateKeyPair() + // dh = DH(skE, pkR) + // enc = SerializePublicKey(pkE) + // + // pkRm = SerializePublicKey(pkR) + // kem_context = concat(enc, pkRm) + // + // shared_secret = ExtractAndExpand(dh, kem_context) + // return shared_secret, enc + + let sk_e = + agreement::PrivateKey::generate(self.agreement_algorithm).map_err(unspecified_err)?; + let enc = sk_e + .compute_public_key() + .map_err(unspecified_err)?; + let pk_r = agreement::UnparsedPublicKey::new(self.agreement_algorithm, &recipient.0); + let kem_context = [enc.as_ref(), pk_r.bytes()].concat(); + + let shared_secret = agreement::agree(&sk_e, &pk_r, aws_lc_rs::error::Unspecified, |dh| { + Ok(self.extract_and_expand(dh, &kem_context)) + }) + .map_err(unspecified_err)?; + + Ok(( + KemSharedSecret(shared_secret), + EncapsulatedSecret(enc.as_ref().into()), + )) + } + + /// See RFC 9180 §4.1 "DH-Based KEM (DHKEM)"[^0]. + /// + /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4.1 + fn decap( + &self, + enc: &EncapsulatedSecret, + recipient: &HpkePrivateKey, + ) -> Result, Error> { + // def Decap(enc, skR): + // pkE = DeserializePublicKey(enc) + // dh = DH(skR, pkE) + // + // pkRm = SerializePublicKey(pk(skR)) + // kem_context = concat(enc, pkRm) + // + // shared_secret = ExtractAndExpand(dh, kem_context) + // return shared_secret + + let pk_e = agreement::UnparsedPublicKey::new(self.agreement_algorithm, &enc.0); + let sk_r = agreement::PrivateKey::from_private_key( + self.agreement_algorithm, + recipient.secret_bytes(), + ) + .map_err(key_rejected_err)?; + let pk_rm = sk_r + .compute_public_key() + .map_err(unspecified_err)?; + let kem_context = [&enc.0, pk_rm.as_ref()].concat(); + + let shared_secret = agreement::agree(&sk_r, &pk_e, aws_lc_rs::error::Unspecified, |dh| { + Ok(self.extract_and_expand(dh, &kem_context)) + }) + .map_err(unspecified_err)?; + + Ok(KemSharedSecret(shared_secret)) + } + + /// See RFC 9180 §4.1 "DH-Based KEM (DHKEM)"[^0]. + /// + /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4.1 + fn extract_and_expand(&self, dh: &[u8], kem_context: &[u8]) -> [u8; KDF_SIZE] { + // def ExtractAndExpand(dh, kem_context): + // eae_prk = LabeledExtract("", "eae_prk", dh) + // shared_secret = LabeledExpand(eae_prk, "shared_secret", + // kem_context, Nsecret) + // return shared_secret + + let suite_id = LabeledSuiteId::Kem(self.id); + labeled_expand( + suite_id, + labeled_extract_for_expand(self.hkdf, suite_id, None, Label::EaePrk, dh), + Label::SharedSecret, + kem_context, + ) + } +} + +static DH_KEM_P256_HKDF_SHA256: &DhKem = &DhKem { + id: HpkeKem::DHKEM_P256_HKDF_SHA256, + agreement_algorithm: &agreement::ECDH_P256, + hkdf: RING_HKDF_HMAC_SHA256, +}; + +static DH_KEM_P384_HKDF_SHA384: &DhKem = &DhKem { + id: HpkeKem::DHKEM_P384_HKDF_SHA384, + agreement_algorithm: &agreement::ECDH_P384, + hkdf: RING_HKDF_HMAC_SHA384, +}; + +static DH_KEM_P521_HKDF_SHA512: &DhKem = &DhKem { + id: HpkeKem::DHKEM_P521_HKDF_SHA512, + agreement_algorithm: &agreement::ECDH_P521, + hkdf: RING_HKDF_HMAC_SHA512, +}; + +static DH_KEM_X25519_HKDF_SHA256: &DhKem = &DhKem { + id: HpkeKem::DHKEM_X25519_HKDF_SHA256, + agreement_algorithm: &agreement::X25519, + hkdf: RING_HKDF_HMAC_SHA256, +}; + +/// KeySchedule holds the derived AEAD key, base nonce, and seq number +/// common to both a [Sealer] and [Opener]. +struct KeySchedule { + aead: &'static aead::Algorithm, + key: AeadKey, + base_nonce: [u8; NONCE_LEN], + seq_num: u32, +} + +impl KeySchedule { + /// See RFC 9180 §5.2 "Encryption and Decryption"[^0]. + /// + /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-5.2 + fn compute_nonce(&self) -> [u8; NONCE_LEN] { + // def Context.ComputeNonce(seq): + // seq_bytes = I2OSP(seq, Nn) + // return xor(self.base_nonce, seq_bytes) + + // Each new N-byte nonce is conceptually two parts: + // * N-4 bytes of the base nonce (0s in `nonce` to XOR in as-is). + // * 4 bytes derived from the sequence number XOR the base nonce. + let mut nonce = [0; NONCE_LEN]; + let seq_bytes = self.seq_num.to_be_bytes(); + nonce[NONCE_LEN - seq_bytes.len()..].copy_from_slice(&seq_bytes); + + for (n, &b) in nonce.iter_mut().zip(&self.base_nonce) { + *n ^= b; + } + + nonce + } + + /// See RFC 9180 §5.2 "Encryption and Decryption"[^0]. + /// + /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-5.2 + fn increment_seq_num(&mut self) -> Result<(), aws_lc_rs::error::Unspecified> { + // def Context.IncrementSeq(): + // if self.seq >= (1 << (8*Nn)) - 1: + // raise MessageLimitReachedError + // self.seq += 1 + + // Determine the maximum sequence number using the AEAD nonce's length in bits. + // Do this as an u128 to prevent overflowing. + let max_seq_num = (1u128 << (NONCE_LEN * 8)) - 1; + + // Promote the u32 sequence number to an u128 and compare against the maximum allowed + // sequence number. + if u128::from(self.seq_num) >= max_seq_num { + return Err(aws_lc_rs::error::Unspecified); + } + + self.seq_num += 1; + Ok(()) + } +} + +impl NonceSequence for &mut KeySchedule { + fn advance(&mut self) -> Result { + let nonce = self.compute_nonce(); + self.increment_seq_num()?; + Nonce::try_assume_unique_for_key(&nonce) + } +} + +/// See RFC 9180 §4 "Cryptographic Dependencies"[^0]. +/// +/// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4 +fn labeled_extract_for_expand( + hkdf: &'static dyn HkdfPrkExtract, + suite_id: LabeledSuiteId, + salt: Option<&[u8]>, + label: Label, + ikm: &[u8], +) -> Box { + // def LabeledExtract(salt, label, ikm): + // labeled_ikm = concat("HPKE-v1", suite_id, label, ikm) + // return Extract(salt, labeled_ikm) + + let labeled_ikm = [&b"HPKE-v1"[..], &suite_id.encoded(), label.as_ref(), ikm].concat(); + hkdf.extract_from_secret(salt, &labeled_ikm) +} + +/// See RFC 9180 §4 "Cryptographic Dependencies"[^0]. +/// +/// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4 +fn labeled_extract_for_prk( + hkdf: &'static dyn HkdfPrkExtract, + suite_id: LabeledSuiteId, + salt: Option<&[u8]>, + label: Label, + ikm: &[u8], +) -> Vec { + // def LabeledExtract(salt, label, ikm): + // labeled_ikm = concat("HPKE-v1", suite_id, label, ikm) + // return Extract(salt, labeled_ikm) + + let labeled_ikm = [&b"HPKE-v1"[..], &suite_id.encoded(), label.as_ref(), ikm].concat(); + hkdf.extract_prk_from_secret(salt, &labeled_ikm) +} + +/// See RFC 9180 §4 "Cryptographic Dependencies"[^0]. +/// +/// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4 +fn labeled_expand( + suite_id: LabeledSuiteId, + expander: Box, + label: Label, + kem_context: &[u8], +) -> [u8; L] { + // def LabeledExpand(prk, label, info, L): + // labeled_info = concat(I2OSP(L, 2), "HPKE-v1", suite_id, + // label, info) + // return Expand(prk, labeled_info, L) + + let output_len = u16::to_be_bytes(L as u16); + let info = &[ + &output_len[..], + b"HPKE-v1", + &suite_id.encoded(), + label.as_ref(), + kem_context, + ]; + + expand(&*expander, info) +} + +/// Label describes the possible labels for use with [labeled_extract_for_expand] and [labeled_expand]. +#[derive(Debug)] +enum Label { + PskIdHash, + InfoHash, + Secret, + Key, + BaseNonce, + EaePrk, + SharedSecret, +} + +impl AsRef<[u8]> for Label { + fn as_ref(&self) -> &[u8] { + match self { + Self::PskIdHash => b"psk_id_hash", + Self::InfoHash => b"info_hash", + Self::Secret => b"secret", + Self::Key => b"key", + Self::BaseNonce => b"base_nonce", + Self::EaePrk => b"eae_prk", + Self::SharedSecret => b"shared_secret", + } + } +} + +/// LabeledSuiteId describes the possible suite ID values for use with [labeled_extract_for_expand] and +/// [labeled_expand]. +#[derive(Debug, Copy, Clone)] +enum LabeledSuiteId { + Hpke(HpkeSuite), + Kem(HpkeKem), +} + +impl LabeledSuiteId { + /// The suite ID encoding depends on the context of use. In the general HPKE context, + /// we use a "HPKE" prefix and encode the entire ciphersuite. In the KEM context we use a + /// "KEM" prefix and only encode the KEM ID. + /// + /// See the bottom of [RFC 9180 §4](https://www.rfc-editor.org/rfc/rfc9180.html#section-4) + /// for more information. + fn encoded(&self) -> Vec { + match self { + Self::Hpke(suite) => [ + &b"HPKE"[..], + &u16::from(suite.kem).to_be_bytes(), + &u16::from(suite.sym.kdf_id).to_be_bytes(), + &u16::from(suite.sym.aead_id).to_be_bytes(), + ] + .concat(), + Self::Kem(kem) => [&b"KEM"[..], &u16::from(*kem).to_be_bytes()].concat(), + } + } +} + +/// A newtype wrapper for an unbound AEAD key. +struct AeadKey([u8; KEY_LEN]); + +impl Drop for AeadKey { + fn drop(&mut self) { + self.0.zeroize() + } +} + +/// A newtype wrapper for a DH KEM shared secret. +struct KemSharedSecret([u8; KDF_LEN]); + +impl Drop for KemSharedSecret { + fn drop(&mut self) { + self.0.zeroize(); + } +} + +fn unspecified_err(_e: aws_lc_rs::error::Unspecified) -> Error { + #[cfg(feature = "std")] + { + Error::Other(OtherError(Arc::new(_e))) + } + #[cfg(not(feature = "std"))] + { + Error::Other(OtherError()) + } +} + +fn key_rejected_err(_e: aws_lc_rs::error::KeyRejected) -> Error { + #[cfg(feature = "std")] + { + Error::Other(OtherError(Arc::new(_e))) + } + #[cfg(not(feature = "std"))] + { + Error::Other(OtherError()) + } +} + +// The `cipher::chacha::KEY_LEN` const is not exported, so we copy it here: +// https://github.com/aws/aws-lc-rs/blob/0186ef7bb1a4d7e140bae8074a9871f49afedf1b/aws-lc-rs/src/cipher/chacha.rs#L13 +const CHACHA_KEY_LEN: usize = 32; + +static RING_HKDF_HMAC_SHA256: &HkdfUsingHmac = &HkdfUsingHmac(&HMAC_SHA256); +static RING_HKDF_HMAC_SHA384: &HkdfUsingHmac = &HkdfUsingHmac(&HMAC_SHA384); +static RING_HKDF_HMAC_SHA512: &HkdfUsingHmac = &HkdfUsingHmac(&HMAC_SHA512); + +#[cfg(test)] +mod tests { + use alloc::format; + use alloc::vec; + + use super::*; + + #[test] + fn smoke_test() { + // Values correspond to the first RFC 9180 base mode test vector. + let pk_rm = &[ + 0x39, 0x48, 0xcf, 0xe0, 0xad, 0x1d, 0xdb, 0x69, 0x5d, 0x78, 0xe, 0x59, 0x7, 0x71, 0x95, + 0xda, 0x6c, 0x56, 0x50, 0x6b, 0x2, 0x73, 0x29, 0x79, 0x4a, 0xb0, 0x2b, 0xca, 0x80, + 0x81, 0x5c, 0x4d, + ][..]; + let sk_rm = &[ + 0x46, 0x12, 0xc5, 0x50, 0x26, 0x3f, 0xc8, 0xad, 0x58, 0x37, 0x5d, 0xf3, 0xf5, 0x57, + 0xaa, 0xc5, 0x31, 0xd2, 0x68, 0x50, 0x90, 0x3e, 0x55, 0xa9, 0xf2, 0x3f, 0x21, 0xd8, + 0x53, 0x4e, 0x8a, 0xc8, + ][..]; + let info = &[ + 0x4f, 0x64, 0x65, 0x20, 0x6f, 0x6e, 0x20, 0x61, 0x20, 0x47, 0x72, 0x65, 0x63, 0x69, + 0x61, 0x6e, 0x20, 0x55, 0x72, 0x6e, + ][..]; + let suite = DH_KEM_X25519_HKDF_SHA256_AES_128; + _ = format!("{suite:?}"); // HpkeAwsLcRs suites should be Debug. + + // We should be able to set up a sealer. + let (enc, mut sealer) = suite + .setup_sealer(info, &HpkePublicKey(pk_rm.into())) + .unwrap(); + + _ = format!("{sealer:?}"); // Sealer should be Debug. + + // Setting up a sealer with an invalid public key should fail. + let bad_setup_res = suite.setup_sealer(info, &HpkePublicKey(vec![])); + assert!(matches!(bad_setup_res.unwrap_err(), Error::Other(_))); + + // We should be able to seal some plaintext. + let aad = &[0xC0, 0xFF, 0xEE]; + let pt = &[0xF0, 0x0D]; + let ct = sealer.seal(aad, pt).unwrap(); + + // We should be able to set up an opener. + let mut opener = suite + .setup_opener(&enc, info, &HpkePrivateKey::from(sk_rm.to_vec())) + .unwrap(); + _ = format!("{opener:?}"); // Opener should be Debug. + + // Setting up an opener with an invalid private key should fail. + let bad_key_res = suite.setup_opener(&enc, info, &HpkePrivateKey::from(vec![])); + assert!(matches!(bad_key_res.unwrap_err(), Error::Other(_))); + + // Opening the plaintext should work with the correct opener and aad. + let pt_prime = opener.open(aad, &ct).unwrap(); + assert_eq!(pt_prime, pt); + + // Opening the plaintext with the correct opener and wrong aad should fail. + let open_res = opener.open(&[0x0], &ct); + assert!(matches!(open_res.unwrap_err(), Error::Other(_))); + + // Opening the plaintext with the wrong opener should fail. + let mut sk_rm_prime = sk_rm.to_vec(); + sk_rm_prime[0] = 0x00; + let mut opener_two = suite + .setup_opener(&enc, info, &HpkePrivateKey::from(sk_rm_prime)) + .unwrap(); + let open_res = opener_two.open(aad, &ct); + assert!(matches!(open_res.unwrap_err(), Error::Other(_))); + } + + #[cfg(not(feature = "fips"))] // Ensure all supported suites are available to test. + #[test] + fn test_fips() { + let testcases: &[(&dyn Hpke, bool)] = &[ + // FIPS compatible. + (DH_KEM_P256_HKDF_SHA256_AES_128, true), + (DH_KEM_P256_HKDF_SHA256_AES_256, true), + (DH_KEM_P384_HKDF_SHA384_AES_128, true), + (DH_KEM_P384_HKDF_SHA384_AES_256, true), + (DH_KEM_P521_HKDF_SHA512_AES_128, true), + (DH_KEM_P521_HKDF_SHA512_AES_256, true), + // AEAD is not FIPS compatible. + (DH_KEM_P256_HKDF_SHA256_CHACHA20_POLY1305, false), + (DH_KEM_P384_HKDF_SHA384_CHACHA20_POLY1305, false), + (DH_KEM_P521_HKDF_SHA512_CHACHA20_POLY1305, false), + // KEM is not FIPS compatible. + (DH_KEM_X25519_HKDF_SHA256_AES_128, false), + (DH_KEM_X25519_HKDF_SHA256_AES_256, false), + (DH_KEM_X25519_HKDF_SHA256_CHACHA20_POLY1305, false), + ]; + for (suite, expected) in testcases { + assert_eq!(suite.fips(), *expected); + } + } +} diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index dac79e0678..ac1982c4f2 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -17,6 +17,8 @@ use crate::suites::SupportedCipherSuite; use crate::webpki::WebPkiSupportedAlgorithms; use crate::Error; +/// Hybrid public key encryption (HPKE). +pub mod hpke; /// Using software keys for authentication. pub mod sign; From d8a9498184094f1f0b3a8e8469e436afd7e69826 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 22 May 2024 13:20:27 -0400 Subject: [PATCH 1004/1145] crypto: un-hide the HPKE module Now that we have an "in-house" implementation of the HPKE traits (via `crypto::aws_lc_rs::hpke` it feels like time to un-hide this module. --- rustls/src/crypto/mod.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 74b19ea634..b73f0115a8 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -48,7 +48,6 @@ pub mod tls12; pub mod tls13; /// Hybrid public key encryption (RFC 9180). -#[doc(hidden)] pub mod hpke; // Message signing interfaces. Re-exported under rustls::sign. Kept crate-internal here to From 209e8929927caf6a681bc30f0059fce12d4eef4d Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 28 May 2024 14:59:13 -0400 Subject: [PATCH 1005/1145] add crate for provider integration tests As an initial starting point, test that the aws-lc-rs HPKE suites from the main rustls crate and the hpke-rs HPKE suites from the provider-example crate can interoperate. This process is slower (~30s) so having the tests in a separate crate is helpful. It also allows us to take heavier deps (like the provider-example crate, hpke-rs and rust crypto). --- .github/workflows/build.yml | 3 + Cargo.lock | 14 ++++- Cargo.toml | 2 + admin/coverage | 3 + provider-example/Cargo.toml | 7 --- rustls-provider-test/Cargo.toml | 14 +++++ rustls-provider-test/README.md | 4 ++ .../tests/hpke.rs | 58 ++++++++++++++----- .../tests/rfc-9180-test-vectors.json | 0 9 files changed, 82 insertions(+), 23 deletions(-) create mode 100644 rustls-provider-test/Cargo.toml create mode 100644 rustls-provider-test/README.md rename {provider-example => rustls-provider-test}/tests/hpke.rs (52%) rename {provider-example => rustls-provider-test}/tests/rfc-9180-test-vectors.json (100%) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2c6662859c..90a613735a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -98,6 +98,9 @@ jobs: - name: cargo build (debug; rustls-provider-example lib in no-std mode) run: cargo build --locked -p rustls-provider-example --no-default-features + - name: cargo build (debug; rustls-provider-test) + run: cargo build --locked -p rustls-provider-test + msrv: name: MSRV runs-on: ubuntu-latest diff --git a/Cargo.lock b/Cargo.lock index 5a241a45e3..04c86c5508 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2346,7 +2346,6 @@ dependencies = [ "der", "ecdsa", "env_logger", - "hex", "hmac", "hpke-rs", "hpke-rs-crypto", @@ -2359,14 +2358,23 @@ dependencies = [ "rustls 0.23.8", "rustls-pki-types", "rustls-webpki 0.102.4", - "serde", - "serde_json", "sha2", "signature", "webpki-roots 0.26.1", "x25519-dalek", ] +[[package]] +name = "rustls-provider-test" +version = "0.1.0" +dependencies = [ + "hex", + "rustls 0.23.8", + "rustls-provider-example", + "serde", + "serde_json", +] + [[package]] name = "rustls-webpki" version = "0.101.7" diff --git a/Cargo.toml b/Cargo.toml index c65c14b58f..78488664ba 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -14,6 +14,8 @@ members = [ "rustls", # experimental post-quantum algorithm support "rustls-post-quantum", + # rustls cryptography provider integration tests + "rustls-provider-test", ] default-members = [ "examples", diff --git a/admin/coverage b/admin/coverage index 5b376826dd..7ab259eec4 100755 --- a/admin/coverage +++ b/admin/coverage @@ -18,4 +18,7 @@ cargo test --locked $(admin/all-features-except brotli rustls) cargo test --locked --all-features run_bogo_tests_ring -- --ignored cargo test --locked --all-features run_bogo_tests_aws_lc_rs -- --ignored +## provider tests +cargo test --locked --package rustls-provider-test + cargo llvm-cov report "$@" diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index 40e214667f..925ba34f18 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -27,16 +27,9 @@ x25519-dalek = "2" [dev-dependencies] env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) -hex = "0.4.3" rcgen = { version = "0.13", features = ["aws_lc_rs"] } -serde = { version = "1", features = ["derive"] } -serde_json = "1" webpki-roots = "0.26" [features] default = ["std"] std = ["hpke-rs/std", "hpke-rs-crypto/std", "pkcs8/std", "rustls/std"] - -[[test]] -name = "hpke" -required-features = ["std"] diff --git a/rustls-provider-test/Cargo.toml b/rustls-provider-test/Cargo.toml new file mode 100644 index 0000000000..205e391df9 --- /dev/null +++ b/rustls-provider-test/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "rustls-provider-test" +version = "0.1.0" +edition = "2021" +license = "Apache-2.0 OR ISC OR MIT" +description = "Integration tests for Rustls cryptography providers" +publish = false + +[dependencies] +hex = "0.4" +provider-example = { package = "rustls-provider-example", version = "0.0.1", path = "../provider-example" } +rustls = { version = "0.23.8", features = ["aws_lc_rs", "logging"], path = "../rustls" } +serde = { version = "1", features = ["derive"] } +serde_json = "1" diff --git a/rustls-provider-test/README.md b/rustls-provider-test/README.md new file mode 100644 index 0000000000..893451940e --- /dev/null +++ b/rustls-provider-test/README.md @@ -0,0 +1,4 @@ +# Rustls Provider Tests + +This crate is an unpublished workspace crate that holds integration tests for different cryptography providers +and associated machinery. We add tests here to avoid taking heavy dependencies on the main rustls crate. diff --git a/provider-example/tests/hpke.rs b/rustls-provider-test/tests/hpke.rs similarity index 52% rename from provider-example/tests/hpke.rs rename to rustls-provider-test/tests/hpke.rs index f481238aee..1d6f910c9d 100644 --- a/provider-example/tests/hpke.rs +++ b/rustls-provider-test/tests/hpke.rs @@ -1,9 +1,9 @@ use std::fs::File; +use rustls::crypto::aws_lc_rs; use rustls::crypto::hpke::{Hpke, HpkePrivateKey, HpkePublicKey, HpkeSuite}; use rustls::internal::msgs::enums::{HpkeAead, HpkeKdf, HpkeKem}; use rustls::internal::msgs::handshake::HpkeSymmetricCipherSuite; -use rustls_provider_example::hpke::ALL_SUPPORTED_SUITES; use serde::Deserialize; /// Confirm open/seal operations work using the test vectors from [RFC 9180 Appendix A]. @@ -12,7 +12,7 @@ use serde::Deserialize; #[test] fn check_test_vectors() { for (idx, vec) in test_vectors().into_iter().enumerate() { - let Some(hpke) = vec.applicable() else { + let Some(hpke_pairs) = vec.applicable() else { println!("skipping inapplicable vector {idx}"); continue; }; @@ -26,14 +26,16 @@ fn check_test_vectors() { let aad = hex::decode(enc.aad).unwrap(); let pt = hex::decode(enc.pt).unwrap(); - let (enc, ciphertext) = hpke - .seal(&info, &aad, &pt, &pk_r) - .unwrap(); + for (sealer, opener) in &hpke_pairs { + let (enc, ciphertext) = sealer + .seal(&info, &aad, &pt, &pk_r) + .unwrap(); - let plaintext = hpke - .open(&enc, &info, &aad, &ciphertext, &sk_r) - .unwrap(); - assert_eq!(plaintext, pt); + let plaintext = opener + .open(&enc, &info, &aad, &ciphertext, &sk_r) + .unwrap(); + assert_eq!(plaintext, pt); + } } } } @@ -69,15 +71,45 @@ impl TestVector { } } - fn applicable(&self) -> Option<&'static dyn Hpke> { + fn applicable(&self) -> Option> { // Only base mode test vectors for supported suites are applicable. - if self.mode == 0 { + if self.mode != 0 { return None; } - ALL_SUPPORTED_SUITES + match ( + Self::lookup_suite(self.suite(), aws_lc_rs::hpke::ALL_SUPPORTED_SUITES), + Self::lookup_suite(self.suite(), provider_example::hpke::ALL_SUPPORTED_SUITES), + ) { + // Both providers support the suite. Test against themselves, and each other. + (Some(aws_suite), Some(hpke_rs_suite)) => Some(vec![ + (aws_suite, aws_suite), + (hpke_rs_suite, hpke_rs_suite), + (aws_suite, hpke_rs_suite), + (hpke_rs_suite, aws_suite), + ]), + + // aws-lc-rs supported the suite, not hpke-rs, test against itself + (Some(aws_suite), None) => Some(vec![(aws_suite, aws_suite)]), + + // hpke-rs supported the suite, not AWS-LC-RS, test against itself + // + // Note: presently there are no suites hpke-rs supports that aws-lc-rs doesn't. This + // is future-proofing. + (None, Some(hpke_rs_suite)) => Some(vec![(hpke_rs_suite, hpke_rs_suite)]), + + // Neither provider supported the suite - nothing to do. + (None, None) => None, + } + } + + fn lookup_suite( + suite: HpkeSuite, + supported: &[&'static dyn Hpke], + ) -> Option<&'static dyn Hpke> { + supported .iter() - .find(|hpke| hpke.suite() == self.suite()) + .find(|s| s.suite() == suite) .copied() } } diff --git a/provider-example/tests/rfc-9180-test-vectors.json b/rustls-provider-test/tests/rfc-9180-test-vectors.json similarity index 100% rename from provider-example/tests/rfc-9180-test-vectors.json rename to rustls-provider-test/tests/rfc-9180-test-vectors.json From 835c17c6b840c10d1c4b656f4a1b220a285d2c79 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 29 May 2024 15:35:43 -0400 Subject: [PATCH 1006/1145] aws_lc_rs: test HPKE impl against test vectors This commit implements a better testing strategy using the RFC 9180 test vectors. Unlike the `rustls-provider-test` test, this version matches the produced `EncapsulatedSecret` and ciphertext values from a `Seal` operation against the expected values from the RFC. We don't do this in the integration test because it requires overriding the DH KEM so that it doesn't produce a randomly generated ephemeral private key during the `Encap` operation. This is obviously not something we want to support in normal usage and so requires some care. To achieve this we introduce a test-only constructor for the aws-lc-rs based `Sealer` that can pass through the pre-specified `skE` to a special test-only DH KEM `Encap` that will use it instead of generating one. These test only functions are not exported, and so we make use of them from a unit test in the same module. This results in some mild duplication of the test vector supporting code, but seems like the best trade-off. We continue to ignore the test vector `shared_secret`, `key_schedule_context`, `secret`, `key`, and `base_nonce` values: exposing these for test interrogation will require even more gross test-only contortions and if we've gotten these intermediate values wrong, the `enc` and `ct` values we _are_ matching would be off, or the unseal would break. --- Cargo.lock | 3 + rustls/Cargo.toml | 3 + rustls/src/crypto/aws_lc_rs/hpke.rs | 202 +++++++++++++++++++++++++++- 3 files changed, 206 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 04c86c5508..218d7db1cd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2226,6 +2226,7 @@ dependencies = [ "brotli-decompressor", "env_logger", "hashbrown", + "hex", "log", "num-bigint", "once_cell", @@ -2235,6 +2236,8 @@ dependencies = [ "rustls-pki-types", "rustls-webpki 0.102.4", "rustversion", + "serde", + "serde_json", "subtle", "tikv-jemallocator", "time", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 5b6a38b8ba..8bdeae8153 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -47,10 +47,13 @@ zlib = ["dep:zlib-rs"] base64 = "0.22" bencher = "0.1.5" env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) +hex = "0.4" log = "0.4.4" num-bigint = "0.4.4" rcgen = { version = "0.13", default-features = false, features = ["aws_lc_rs", "pem"] } rustls-pemfile = "2" +serde = { version = "1", features = ["derive"] } +serde_json = "1" time = { version = "0.3.6", default-features = false } webpki-roots = "0.26" diff --git a/rustls/src/crypto/aws_lc_rs/hpke.rs b/rustls/src/crypto/aws_lc_rs/hpke.rs index ad2b1afdca..6880e7181c 100644 --- a/rustls/src/crypto/aws_lc_rs/hpke.rs +++ b/rustls/src/crypto/aws_lc_rs/hpke.rs @@ -407,6 +407,22 @@ impl Sealer { let key_schedule = suite.key_schedule(shared_secret, info)?; Ok((enc, Self { key_schedule })) } + + /// A **test only** constructor that uses a pre-specified ephemeral agreement private key + /// instead of one that is randomly generated. + #[cfg(test)] + fn test_only_new( + suite: &HpkeAwsLcRs, + info: &[u8], + pub_key: &HpkePublicKey, + sk_e: &[u8], + ) -> Result<(EncapsulatedSecret, Self), Error> { + let (shared_secret, enc) = suite + .dh_kem + .test_only_encap(pub_key, sk_e)?; + let key_schedule = suite.key_schedule(shared_secret, info)?; + Ok((enc, Self { key_schedule })) + } } impl HpkeSealer for Sealer { @@ -509,6 +525,33 @@ impl DhKem { ) -> Result<(KemSharedSecret, EncapsulatedSecret), Error> { // def Encap(pkR): // skE, pkE = GenerateKeyPair() + + let sk_e = + agreement::PrivateKey::generate(self.agreement_algorithm).map_err(unspecified_err)?; + self.encap_impl(recipient, sk_e) + } + + /// A test-only encap operation that uses a fixed `test_only_ske` instead of generating + /// one randomly. + #[cfg(test)] + fn test_only_encap( + &self, + recipient: &HpkePublicKey, + test_only_ske: &[u8], + ) -> Result<(KemSharedSecret, EncapsulatedSecret), Error> { + // For test contexts only, we accept a static sk_e as an argument. + let sk_e = agreement::PrivateKey::from_private_key(self.agreement_algorithm, test_only_ske) + .map_err(key_rejected_err)?; + self.encap_impl(recipient, sk_e) + } + + fn encap_impl( + &self, + recipient: &HpkePublicKey, + sk_e: agreement::PrivateKey, + ) -> Result<(KemSharedSecret, EncapsulatedSecret), Error> { + // def Encap(pkR): + // skE, pkE = GenerateKeyPair() // dh = DH(skE, pkR) // enc = SerializePublicKey(pkE) // @@ -518,8 +561,6 @@ impl DhKem { // shared_secret = ExtractAndExpand(dh, kem_context) // return shared_secret, enc - let sk_e = - agreement::PrivateKey::generate(self.agreement_algorithm).map_err(unspecified_err)?; let enc = sk_e .compute_public_key() .map_err(unspecified_err)?; @@ -943,3 +984,160 @@ mod tests { } } } + +#[cfg(test)] +mod rfc_tests { + use super::*; + + use alloc::string::String; + use std::fs::File; + use std::println; + + use serde::Deserialize; + + /// Confirm open/seal operations work using the test vectors from [RFC 9180 Appendix A]. + /// + /// [RFC 9180 Appendix A]: https://www.rfc-editor.org/rfc/rfc9180#TestVectors + #[test] + fn check_test_vectors() { + for (idx, vec) in test_vectors().into_iter().enumerate() { + let Some(hpke) = vec.applicable() else { + println!("skipping inapplicable vector {idx}"); + continue; + }; + + println!("testing vector {idx}"); + let pk_r = HpkePublicKey(hex::decode(vec.pk_rm).unwrap()); + let sk_r = HpkePrivateKey::from(hex::decode(vec.sk_rm).unwrap()); + let sk_em = hex::decode(vec.sk_em).unwrap(); + let info = hex::decode(vec.info).unwrap(); + let expected_enc = hex::decode(vec.enc).unwrap(); + + let (enc, mut sealer) = hpke + .setup_test_sealer(&info, &pk_r, &sk_em) + .unwrap(); + assert_eq!(enc.0, expected_enc); + + let mut opener = hpke + .setup_opener(&enc, &info, &sk_r) + .unwrap(); + + for test_encryption in vec.encryptions { + let aad = hex::decode(test_encryption.aad).unwrap(); + let pt = hex::decode(test_encryption.pt).unwrap(); + let expected_ct = hex::decode(test_encryption.ct).unwrap(); + + let ciphertext = sealer.seal(&aad, &pt).unwrap(); + assert_eq!(ciphertext, expected_ct); + + let plaintext = opener.open(&aad, &ciphertext).unwrap(); + assert_eq!(plaintext, pt); + } + } + } + + trait TestHpke: Hpke { + fn setup_test_sealer( + &self, + info: &[u8], + pub_key: &HpkePublicKey, + sk_em: &[u8], + ) -> Result<(EncapsulatedSecret, Box), Error>; + } + + impl TestHpke for HpkeAwsLcRs { + fn setup_test_sealer( + &self, + info: &[u8], + pub_key: &HpkePublicKey, + sk_em: &[u8], + ) -> Result<(EncapsulatedSecret, Box), Error> { + let (encap, sealer) = Sealer::test_only_new(self, info, pub_key, sk_em)?; + Ok((encap, Box::new(sealer))) + } + } + + static TEST_SUITES: &[&dyn TestHpke] = &[ + DH_KEM_P256_HKDF_SHA256_AES_128, + DH_KEM_P256_HKDF_SHA256_AES_256, + #[cfg(not(feature = "fips"))] + DH_KEM_P256_HKDF_SHA256_CHACHA20_POLY1305, + DH_KEM_P384_HKDF_SHA384_AES_128, + DH_KEM_P384_HKDF_SHA384_AES_256, + #[cfg(not(feature = "fips"))] + DH_KEM_P384_HKDF_SHA384_CHACHA20_POLY1305, + DH_KEM_P521_HKDF_SHA512_AES_128, + DH_KEM_P521_HKDF_SHA512_AES_256, + #[cfg(not(feature = "fips"))] + DH_KEM_P521_HKDF_SHA512_CHACHA20_POLY1305, + #[cfg(not(feature = "fips"))] + DH_KEM_X25519_HKDF_SHA256_AES_128, + #[cfg(not(feature = "fips"))] + DH_KEM_X25519_HKDF_SHA256_AES_256, + #[cfg(not(feature = "fips"))] + DH_KEM_X25519_HKDF_SHA256_CHACHA20_POLY1305, + ]; + + #[derive(Deserialize, Debug)] + struct TestVector { + mode: u8, + kem_id: u16, + kdf_id: u16, + aead_id: u16, + info: String, + #[serde(rename(deserialize = "pkRm"))] + pk_rm: String, + #[serde(rename(deserialize = "skRm"))] + sk_rm: String, + #[serde(rename(deserialize = "skEm"))] + sk_em: String, + enc: String, + encryptions: Vec, + } + + #[derive(Deserialize, Debug)] + struct TestEncryption { + aad: String, + pt: String, + ct: String, + } + + impl TestVector { + fn suite(&self) -> HpkeSuite { + HpkeSuite { + kem: HpkeKem::from(self.kem_id), + sym: HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::from(self.kdf_id), + aead_id: HpkeAead::from(self.aead_id), + }, + } + } + + fn applicable(&self) -> Option<&'static dyn TestHpke> { + // Only base mode test vectors for supported suites are applicable. + if self.mode != 0 { + return None; + } + + Self::lookup_suite(self.suite(), TEST_SUITES) + } + + fn lookup_suite( + suite: HpkeSuite, + supported: &[&'static dyn TestHpke], + ) -> Option<&'static dyn TestHpke> { + supported + .iter() + .find(|s| s.suite() == suite) + .copied() + } + } + + fn test_vectors() -> Vec { + serde_json::from_reader( + &mut File::open("../rustls-provider-test/tests/rfc-9180-test-vectors.json") + .expect("failed to open test vectors data file"), + ) + .expect("failed to deserialize test vectors") + } +} From e2fe9a339580f652fc244e7b1373006b9ef57fe8 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 31 May 2024 12:49:42 +0100 Subject: [PATCH 1007/1145] handshake_test: tidy runtogethernames --- rustls/src/msgs/handshake_test.rs | 168 +++++++++++++++--------------- 1 file changed, 86 insertions(+), 82 deletions(-) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index ef5ac0a7ba..1bfec4fdf8 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -53,28 +53,28 @@ fn debug_random() { } #[test] -fn rejects_truncated_sessionid() { +fn rejects_truncated_session_id() { let bytes = [32; 32]; let mut rd = Reader::init(&bytes); assert!(SessionId::read(&mut rd).is_err()); } #[test] -fn rejects_sessionid_with_bad_length() { +fn rejects_session_id_with_bad_length() { let bytes = [33; 33]; let mut rd = Reader::init(&bytes); assert!(SessionId::read(&mut rd).is_err()); } #[test] -fn sessionid_with_different_lengths_are_unequal() { +fn session_id_with_different_lengths_are_unequal() { let a = SessionId::read(&mut Reader::init(&[1u8, 1])).unwrap(); let b = SessionId::read(&mut Reader::init(&[2u8, 1, 2])).unwrap(); assert_ne!(a, b); } #[test] -fn accepts_short_sessionid() { +fn accepts_short_session_id() { let bytes = [1; 2]; let mut rd = Reader::init(&bytes); let sess = SessionId::read(&mut rd).unwrap(); @@ -87,7 +87,7 @@ fn accepts_short_sessionid() { } #[test] -fn accepts_empty_sessionid() { +fn accepts_empty_session_id() { let bytes = [0; 1]; let mut rd = Reader::init(&bytes); let sess = SessionId::read(&mut rd).unwrap(); @@ -100,7 +100,7 @@ fn accepts_empty_sessionid() { } #[test] -fn debug_sessionid() { +fn debug_session_id() { let bytes = [ 32, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -114,7 +114,7 @@ fn debug_sessionid() { } #[test] -fn can_roundtrip_unknown_client_ext() { +fn can_round_trip_unknown_client_ext() { let bytes = [0x12u8, 0x34u8, 0, 3, 1, 2, 3]; let mut rd = Reader::init(&bytes); let ext = ClientExtension::read(&mut rd).unwrap(); @@ -160,14 +160,14 @@ fn refuses_helloreq_ext_with_unparsed_bytes() { } #[test] -fn refuses_newsessionticket_ext_with_unparsed_bytes() { +fn refuses_new_session_ticket_ext_with_unparsed_bytes() { let bytes = [0x00u8, 0x2a, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x01]; let mut rd = Reader::init(&bytes); assert!(NewSessionTicketExtension::read(&mut rd).is_err()); } #[test] -fn can_roundtrip_single_sni() { +fn can_round_trip_single_sni() { let bytes = [0, 0, 0, 7, 0, 5, 0, 0, 2, 0x6c, 0x6f]; let mut rd = Reader::init(&bytes); let ext = ClientExtension::read(&mut rd).unwrap(); @@ -189,7 +189,7 @@ fn can_round_trip_mixed_case_sni() { } #[test] -fn can_roundtrip_other_sni_name_types() { +fn can_round_trip_other_sni_name_types() { let bytes = [0, 0, 0, 7, 0, 5, 1, 0, 2, 0x6c, 0x6f]; let mut rd = Reader::init(&bytes); let ext = ClientExtension::read(&mut rd).unwrap(); @@ -216,7 +216,7 @@ fn get_single_hostname_returns_none_for_other_sni_name_types() { } #[test] -fn can_roundtrip_multiname_sni() { +fn can_round_trip_multi_name_sni() { let bytes = [0, 0, 0, 12, 0, 10, 0, 0, 2, 0x68, 0x69, 0, 0, 2, 0x6c, 0x6f]; let mut rd = Reader::init(&bytes); let ext = ClientExtension::read(&mut rd).unwrap(); @@ -265,7 +265,7 @@ fn rejects_truncated_sni() { } #[test] -fn can_roundtrip_psk_identity() { +fn can_round_trip_psk_identity() { let bytes = [0, 0, 0x11, 0x22, 0x33, 0x44]; let psk_id = PresharedKeyIdentity::read(&mut Reader::init(&bytes)).unwrap(); println!("{:?}", psk_id); @@ -281,7 +281,7 @@ fn can_roundtrip_psk_identity() { } #[test] -fn can_roundtrip_psk_offer() { +fn can_round_trip_psk_offer() { let bytes = [ 0, 7, 0, 1, 0x99, 0x11, 0x22, 0x33, 0x44, 0, 4, 3, 0x01, 0x02, 0x3, ]; @@ -297,7 +297,7 @@ fn can_roundtrip_psk_offer() { } #[test] -fn can_roundtrip_certstatusreq_for_ocsp() { +fn can_round_trip_cert_status_req_for_ocsp() { let ext = ClientExtension::CertificateStatusRequest(CertificateStatusRequest::build_ocsp()); println!("{:?}", ext); @@ -313,7 +313,7 @@ fn can_roundtrip_certstatusreq_for_ocsp() { } #[test] -fn can_roundtrip_certstatusreq_for_other() { +fn can_round_trip_cert_status_req_for_other() { let bytes = [ 0, 5, // CertificateStatusRequest 0, 5, 2, // !OCSP @@ -326,7 +326,7 @@ fn can_roundtrip_certstatusreq_for_other() { } #[test] -fn can_roundtrip_multi_proto() { +fn can_round_trip_multi_proto() { let bytes = [0, 16, 0, 8, 0, 6, 2, 0x68, 0x69, 2, 0x6c, 0x6f]; let mut rd = Reader::init(&bytes); let ext = ClientExtension::read(&mut rd).unwrap(); @@ -345,7 +345,7 @@ fn can_roundtrip_multi_proto() { } #[test] -fn can_roundtrip_single_proto() { +fn can_round_trip_single_proto() { let bytes = [0, 16, 0, 5, 0, 3, 2, 0x68, 0x69]; let mut rd = Reader::init(&bytes); let ext = ClientExtension::read(&mut rd).unwrap(); @@ -363,7 +363,7 @@ fn can_roundtrip_single_proto() { } } -fn get_sample_clienthellopayload() -> ClientHelloPayload { +fn get_sample_client_hello_payload() -> ClientHelloPayload { ClientHelloPayload { client_version: ProtocolVersion::TLSv1_2, random: Random::from([0; 32]), @@ -409,18 +409,18 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload { } #[test] -fn can_print_all_clientextensions() { - println!("client hello {:?}", get_sample_clienthellopayload()); +fn can_print_all_client_extensions() { + println!("client hello {:?}", get_sample_client_hello_payload()); } #[test] -fn can_clone_all_clientextensions() { - let _ = get_sample_serverhellopayload().extensions; +fn can_clone_all_client_extensions() { + let _ = get_sample_server_hello_payload().extensions; } #[test] fn client_has_duplicate_extensions_works() { - let mut chp = get_sample_clienthellopayload(); + let mut chp = get_sample_client_hello_payload(); assert!(chp.has_duplicate_extension()); // due to SessionTicketRequest/SessionTicketOffer chp.extensions.drain(1..); @@ -451,7 +451,7 @@ fn test_truncated_psk_offer() { #[test] fn test_truncated_client_hello_is_detected() { - let ch = get_sample_clienthellopayload(); + let ch = get_sample_client_hello_payload(); let enc = ch.get_encoding(); println!("testing {:?} enc {:?}", ch, enc); @@ -466,7 +466,7 @@ fn test_truncated_client_hello_is_detected() { #[test] fn test_truncated_client_extension_is_detected() { - let chp = get_sample_clienthellopayload(); + let chp = get_sample_client_hello_payload(); for ext in &chp.extensions { let mut enc = ext.get_encoding(); @@ -497,7 +497,7 @@ fn test_truncated_client_extension_is_detected() { } fn test_client_extension_getter(typ: ExtensionType, getter: fn(&ClientHelloPayload) -> bool) { - let mut chp = get_sample_clienthellopayload(); + let mut chp = get_sample_client_hello_payload(); let ext = chp.find_extension(typ).unwrap().clone(); chp.extensions = vec![]; @@ -583,8 +583,8 @@ fn client_get_psk_modes() { } #[test] -fn test_truncated_helloretry_extension_is_detected() { - let hrr = get_sample_helloretryrequest(); +fn test_truncated_hello_retry_extension_is_detected() { + let hrr = get_sample_hello_retry_request(); for ext in &hrr.extensions { let mut enc = ext.get_encoding(); @@ -611,8 +611,8 @@ fn test_truncated_helloretry_extension_is_detected() { } } -fn test_helloretry_extension_getter(typ: ExtensionType, getter: fn(&HelloRetryRequest) -> bool) { - let mut hrr = get_sample_helloretryrequest(); +fn test_hello_retry_extension_getter(typ: ExtensionType, getter: fn(&HelloRetryRequest) -> bool) { + let mut hrr = get_sample_hello_retry_request(); let mut exts = core::mem::take(&mut hrr.extensions); exts.retain(|ext| ext.ext_type() == typ); @@ -629,28 +629,28 @@ fn test_helloretry_extension_getter(typ: ExtensionType, getter: fn(&HelloRetryRe } #[test] -fn helloretry_get_requested_key_share_group() { - test_helloretry_extension_getter(ExtensionType::KeyShare, |hrr| { +fn hello_retry_get_requested_key_share_group() { + test_hello_retry_extension_getter(ExtensionType::KeyShare, |hrr| { hrr.requested_key_share_group() .is_some() }); } #[test] -fn helloretry_get_cookie() { - test_helloretry_extension_getter(ExtensionType::Cookie, |hrr| hrr.cookie().is_some()); +fn hello_retry_get_cookie() { + test_hello_retry_extension_getter(ExtensionType::Cookie, |hrr| hrr.cookie().is_some()); } #[test] -fn helloretry_get_supported_versions() { - test_helloretry_extension_getter(ExtensionType::SupportedVersions, |hrr| { +fn hello_retry_get_supported_versions() { + test_hello_retry_extension_getter(ExtensionType::SupportedVersions, |hrr| { hrr.supported_versions().is_some() }); } #[test] fn test_truncated_server_extension_is_detected() { - let shp = get_sample_serverhellopayload(); + let shp = get_sample_server_hello_payload(); for ext in &shp.extensions { let mut enc = ext.get_encoding(); @@ -681,7 +681,7 @@ fn test_truncated_server_extension_is_detected() { } fn test_server_extension_getter(typ: ExtensionType, getter: fn(&ServerHelloPayload) -> bool) { - let mut shp = get_sample_serverhellopayload(); + let mut shp = get_sample_server_hello_payload(); let ext = shp.find_extension(typ).unwrap().clone(); shp.extensions = vec![]; @@ -708,7 +708,7 @@ fn server_get_psk_index() { } #[test] -fn server_get_ecpoints_extension() { +fn server_get_ec_points_extension() { test_server_extension_getter(ExtensionType::ECPointFormats, |shp| { shp.ecpoints_extension().is_some() }); @@ -722,7 +722,7 @@ fn server_get_supported_versions() { } fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry) -> bool) { - let mut ce = get_sample_certificatepayloadtls13() + let mut ce = get_sample_certificate_payload_tls13() .entries .remove(0); let mut exts = core::mem::take(&mut ce.exts); @@ -741,13 +741,13 @@ fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry) } #[test] -fn certentry_get_ocsp_response() { +fn cert_entry_get_ocsp_response() { test_cert_extension_getter(ExtensionType::StatusRequest, |ce| { ce.ocsp_response().is_some() }); } -fn get_sample_serverhellopayload() -> ServerHelloPayload { +fn get_sample_server_hello_payload() -> ServerHelloPayload { ServerHelloPayload { legacy_version: ProtocolVersion::TLSv1_2, random: Random::from([0; 32]), @@ -775,16 +775,16 @@ fn get_sample_serverhellopayload() -> ServerHelloPayload { } #[test] -fn can_print_all_serverextensions() { - println!("server hello {:?}", get_sample_serverhellopayload()); +fn can_print_all_server_extensions() { + println!("server hello {:?}", get_sample_server_hello_payload()); } #[test] -fn can_clone_all_serverextensions() { - let _ = get_sample_serverhellopayload().extensions; +fn can_clone_all_server_extensions() { + let _ = get_sample_server_hello_payload().extensions; } -fn get_sample_helloretryrequest() -> HelloRetryRequest { +fn get_sample_hello_retry_request() -> HelloRetryRequest { HelloRetryRequest { legacy_version: ProtocolVersion::TLSv1_2, session_id: SessionId::empty(), @@ -801,7 +801,7 @@ fn get_sample_helloretryrequest() -> HelloRetryRequest { } } -fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13<'static> { +fn get_sample_certificate_payload_tls13() -> CertificatePayloadTls13<'static> { CertificatePayloadTls13 { context: PayloadU8(vec![1, 2, 3]), entries: vec![CertificateEntry { @@ -827,7 +827,7 @@ fn get_sample_compressed_certificate() -> CompressedCertificatePayload<'static> } } -fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload { +fn get_sample_server_key_exchange_payload_ecdhe() -> ServerKeyExchangePayload { ServerKeyExchangePayload::Known(ServerKeyExchange { params: ServerKeyExchangeParams::Ecdh(ServerEcdhParams { curve_params: EcParameters { @@ -840,7 +840,7 @@ fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload { }) } -fn get_sample_serverkeyexchangepayload_dhe() -> ServerKeyExchangePayload { +fn get_sample_server_key_exchange_payload_dhe() -> ServerKeyExchangePayload { ServerKeyExchangePayload::Known(ServerKeyExchange { params: ServerKeyExchangeParams::Dh(ServerDhParams { dh_p: PayloadU16(vec![1, 2, 3]), @@ -851,11 +851,11 @@ fn get_sample_serverkeyexchangepayload_dhe() -> ServerKeyExchangePayload { }) } -fn get_sample_serverkeyexchangepayload_unknown() -> ServerKeyExchangePayload { +fn get_sample_server_key_exchange_payload_unknown() -> ServerKeyExchangePayload { ServerKeyExchangePayload::Unknown(Payload::Borrowed(&[1, 2, 3])) } -fn get_sample_certificaterequestpayload() -> CertificateRequestPayload { +fn get_sample_certificate_request_payload() -> CertificateRequestPayload { CertificateRequestPayload { certtypes: vec![ClientCertificateType::RSASign], sigschemes: vec![SignatureScheme::ECDSA_NISTP256_SHA256], @@ -863,7 +863,7 @@ fn get_sample_certificaterequestpayload() -> CertificateRequestPayload { } } -fn get_sample_certificaterequestpayloadtls13() -> CertificateRequestPayloadTls13 { +fn get_sample_certificate_request_payload_tls13() -> CertificateRequestPayloadTls13 { CertificateRequestPayloadTls13 { context: PayloadU8(vec![1, 2, 3]), extensions: vec![ @@ -877,14 +877,14 @@ fn get_sample_certificaterequestpayloadtls13() -> CertificateRequestPayloadTls13 } } -fn get_sample_newsessionticketpayload() -> NewSessionTicketPayload { +fn get_sample_new_session_ticket_payload() -> NewSessionTicketPayload { NewSessionTicketPayload { lifetime_hint: 1234, ticket: PayloadU16(vec![1, 2, 3]), } } -fn get_sample_newsessionticketpayloadtls13() -> NewSessionTicketPayloadTls13 { +fn get_sample_new_session_ticket_payload_tls13() -> NewSessionTicketPayloadTls13 { NewSessionTicketPayloadTls13 { lifetime: 123, age_add: 1234, @@ -897,11 +897,11 @@ fn get_sample_newsessionticketpayloadtls13() -> NewSessionTicketPayloadTls13 { } } -fn get_sample_encryptedextensions() -> Vec { - get_sample_serverhellopayload().extensions +fn get_sample_encrypted_extensions() -> Vec { + get_sample_server_hello_payload().extensions } -fn get_sample_certificatestatus() -> CertificateStatus<'static> { +fn get_sample_certificate_status() -> CertificateStatus<'static> { CertificateStatus { ocsp_response: PayloadU24(Payload::new(vec![1, 2, 3])), } @@ -915,15 +915,15 @@ fn get_all_tls12_handshake_payloads() -> Vec> { }, HandshakeMessagePayload { typ: HandshakeType::ClientHello, - payload: HandshakePayload::ClientHello(get_sample_clienthellopayload()), + payload: HandshakePayload::ClientHello(get_sample_client_hello_payload()), }, HandshakeMessagePayload { typ: HandshakeType::ServerHello, - payload: HandshakePayload::ServerHello(get_sample_serverhellopayload()), + payload: HandshakePayload::ServerHello(get_sample_server_hello_payload()), }, HandshakeMessagePayload { typ: HandshakeType::HelloRetryRequest, - payload: HandshakePayload::HelloRetryRequest(get_sample_helloretryrequest()), + payload: HandshakePayload::HelloRetryRequest(get_sample_hello_retry_request()), }, HandshakeMessagePayload { typ: HandshakeType::Certificate, @@ -934,22 +934,24 @@ fn get_all_tls12_handshake_payloads() -> Vec> { HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( - get_sample_serverkeyexchangepayload_ecdhe(), + get_sample_server_key_exchange_payload_ecdhe(), ), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, - payload: HandshakePayload::ServerKeyExchange(get_sample_serverkeyexchangepayload_dhe()), + payload: HandshakePayload::ServerKeyExchange( + get_sample_server_key_exchange_payload_dhe(), + ), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( - get_sample_serverkeyexchangepayload_unknown(), + get_sample_server_key_exchange_payload_unknown(), ), }, HandshakeMessagePayload { typ: HandshakeType::CertificateRequest, - payload: HandshakePayload::CertificateRequest(get_sample_certificaterequestpayload()), + payload: HandshakePayload::CertificateRequest(get_sample_certificate_request_payload()), }, HandshakeMessagePayload { typ: HandshakeType::ServerHelloDone, @@ -961,11 +963,11 @@ fn get_all_tls12_handshake_payloads() -> Vec> { }, HandshakeMessagePayload { typ: HandshakeType::NewSessionTicket, - payload: HandshakePayload::NewSessionTicket(get_sample_newsessionticketpayload()), + payload: HandshakePayload::NewSessionTicket(get_sample_new_session_ticket_payload()), }, HandshakeMessagePayload { typ: HandshakeType::EncryptedExtensions, - payload: HandshakePayload::EncryptedExtensions(get_sample_encryptedextensions()), + payload: HandshakePayload::EncryptedExtensions(get_sample_encrypted_extensions()), }, HandshakeMessagePayload { typ: HandshakeType::KeyUpdate, @@ -981,7 +983,7 @@ fn get_all_tls12_handshake_payloads() -> Vec> { }, HandshakeMessagePayload { typ: HandshakeType::CertificateStatus, - payload: HandshakePayload::CertificateStatus(get_sample_certificatestatus()), + payload: HandshakePayload::CertificateStatus(get_sample_certificate_status()), }, HandshakeMessagePayload { typ: HandshakeType::Unknown(99), @@ -991,7 +993,7 @@ fn get_all_tls12_handshake_payloads() -> Vec> { } #[test] -fn can_roundtrip_all_tls12_handshake_payloads() { +fn can_round_trip_all_tls12_handshake_payloads() { for ref hm in get_all_tls12_handshake_payloads().iter() { println!("{:?}", hm.typ); let bytes = hm.get_encoding(); @@ -1060,19 +1062,19 @@ fn get_all_tls13_handshake_payloads() -> Vec> { }, HandshakeMessagePayload { typ: HandshakeType::ClientHello, - payload: HandshakePayload::ClientHello(get_sample_clienthellopayload()), + payload: HandshakePayload::ClientHello(get_sample_client_hello_payload()), }, HandshakeMessagePayload { typ: HandshakeType::ServerHello, - payload: HandshakePayload::ServerHello(get_sample_serverhellopayload()), + payload: HandshakePayload::ServerHello(get_sample_server_hello_payload()), }, HandshakeMessagePayload { typ: HandshakeType::HelloRetryRequest, - payload: HandshakePayload::HelloRetryRequest(get_sample_helloretryrequest()), + payload: HandshakePayload::HelloRetryRequest(get_sample_hello_retry_request()), }, HandshakeMessagePayload { typ: HandshakeType::Certificate, - payload: HandshakePayload::CertificateTls13(get_sample_certificatepayloadtls13()), + payload: HandshakePayload::CertificateTls13(get_sample_certificate_payload_tls13()), }, HandshakeMessagePayload { typ: HandshakeType::CompressedCertificate, @@ -1081,23 +1083,25 @@ fn get_all_tls13_handshake_payloads() -> Vec> { HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( - get_sample_serverkeyexchangepayload_ecdhe(), + get_sample_server_key_exchange_payload_ecdhe(), ), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, - payload: HandshakePayload::ServerKeyExchange(get_sample_serverkeyexchangepayload_dhe()), + payload: HandshakePayload::ServerKeyExchange( + get_sample_server_key_exchange_payload_dhe(), + ), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( - get_sample_serverkeyexchangepayload_unknown(), + get_sample_server_key_exchange_payload_unknown(), ), }, HandshakeMessagePayload { typ: HandshakeType::CertificateRequest, payload: HandshakePayload::CertificateRequestTls13( - get_sample_certificaterequestpayloadtls13(), + get_sample_certificate_request_payload_tls13(), ), }, HandshakeMessagePayload { @@ -1118,12 +1122,12 @@ fn get_all_tls13_handshake_payloads() -> Vec> { HandshakeMessagePayload { typ: HandshakeType::NewSessionTicket, payload: HandshakePayload::NewSessionTicketTls13( - get_sample_newsessionticketpayloadtls13(), + get_sample_new_session_ticket_payload_tls13(), ), }, HandshakeMessagePayload { typ: HandshakeType::EncryptedExtensions, - payload: HandshakePayload::EncryptedExtensions(get_sample_encryptedextensions()), + payload: HandshakePayload::EncryptedExtensions(get_sample_encrypted_extensions()), }, HandshakeMessagePayload { typ: HandshakeType::KeyUpdate, @@ -1139,7 +1143,7 @@ fn get_all_tls13_handshake_payloads() -> Vec> { }, HandshakeMessagePayload { typ: HandshakeType::CertificateStatus, - payload: HandshakePayload::CertificateStatus(get_sample_certificatestatus()), + payload: HandshakePayload::CertificateStatus(get_sample_certificate_status()), }, HandshakeMessagePayload { typ: HandshakeType::Unknown(99), @@ -1149,7 +1153,7 @@ fn get_all_tls13_handshake_payloads() -> Vec> { } #[test] -fn can_roundtrip_all_tls13_handshake_payloads() { +fn can_round_trip_all_tls13_handshake_payloads() { for ref hm in get_all_tls13_handshake_payloads().iter() { println!("{:?}", hm.typ); let bytes = hm.get_encoding(); @@ -1218,7 +1222,7 @@ fn can_detect_truncation_of_all_tls13_handshake_payloads() { } #[test] -fn cannot_read_messagehash_from_network() { +fn cannot_read_message_hash_from_network() { let mh = HandshakeMessagePayload { typ: HandshakeType::MessageHash, payload: HandshakePayload::MessageHash(Payload::new(vec![1, 2, 3])), From e931e9a12806b02edc8d276addab42e85cd75cf2 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 31 May 2024 12:57:13 +0100 Subject: [PATCH 1008/1145] handshake_test: fix copy-paste error --- rustls/src/msgs/handshake_test.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 1bfec4fdf8..b5da61b126 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -415,7 +415,7 @@ fn can_print_all_client_extensions() { #[test] fn can_clone_all_client_extensions() { - let _ = get_sample_server_hello_payload().extensions; + let _ = get_sample_client_hello_payload().extensions; } #[test] From 853d4c8c626fafbb1ee513b8dc31a379b5f00d1c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 31 May 2024 12:59:25 +0100 Subject: [PATCH 1009/1145] handshake_test: adjust naming of ServerKeyExchangePayload fns --- rustls/src/msgs/handshake_test.rs | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index b5da61b126..8f750eabeb 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -827,7 +827,7 @@ fn get_sample_compressed_certificate() -> CompressedCertificatePayload<'static> } } -fn get_sample_server_key_exchange_payload_ecdhe() -> ServerKeyExchangePayload { +fn get_sample_ecdhe_server_key_exchange_payload() -> ServerKeyExchangePayload { ServerKeyExchangePayload::Known(ServerKeyExchange { params: ServerKeyExchangeParams::Ecdh(ServerEcdhParams { curve_params: EcParameters { @@ -840,7 +840,7 @@ fn get_sample_server_key_exchange_payload_ecdhe() -> ServerKeyExchangePayload { }) } -fn get_sample_server_key_exchange_payload_dhe() -> ServerKeyExchangePayload { +fn get_sample_dhe_server_key_exchange_payload() -> ServerKeyExchangePayload { ServerKeyExchangePayload::Known(ServerKeyExchange { params: ServerKeyExchangeParams::Dh(ServerDhParams { dh_p: PayloadU16(vec![1, 2, 3]), @@ -851,7 +851,7 @@ fn get_sample_server_key_exchange_payload_dhe() -> ServerKeyExchangePayload { }) } -fn get_sample_server_key_exchange_payload_unknown() -> ServerKeyExchangePayload { +fn get_sample_unknown_server_key_exchange_payload() -> ServerKeyExchangePayload { ServerKeyExchangePayload::Unknown(Payload::Borrowed(&[1, 2, 3])) } @@ -934,19 +934,19 @@ fn get_all_tls12_handshake_payloads() -> Vec> { HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( - get_sample_server_key_exchange_payload_ecdhe(), + get_sample_ecdhe_server_key_exchange_payload(), ), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( - get_sample_server_key_exchange_payload_dhe(), + get_sample_dhe_server_key_exchange_payload(), ), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( - get_sample_server_key_exchange_payload_unknown(), + get_sample_unknown_server_key_exchange_payload(), ), }, HandshakeMessagePayload { @@ -1083,19 +1083,19 @@ fn get_all_tls13_handshake_payloads() -> Vec> { HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( - get_sample_server_key_exchange_payload_ecdhe(), + get_sample_ecdhe_server_key_exchange_payload(), ), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( - get_sample_server_key_exchange_payload_dhe(), + get_sample_dhe_server_key_exchange_payload(), ), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( - get_sample_server_key_exchange_payload_unknown(), + get_sample_unknown_server_key_exchange_payload(), ), }, HandshakeMessagePayload { From d202e0d581cfc9e332fb293fec264f4dde6b90dc Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 31 May 2024 13:05:36 +0100 Subject: [PATCH 1010/1145] handshake_test: remove get_ function prefices --- rustls/src/msgs/handshake_test.rs | 162 ++++++++++++++---------------- 1 file changed, 77 insertions(+), 85 deletions(-) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 8f750eabeb..f1fb5711ec 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -200,7 +200,7 @@ fn can_round_trip_other_sni_name_types() { } #[test] -fn get_single_hostname_returns_none_for_other_sni_name_types() { +fn single_hostname_returns_none_for_other_sni_name_types() { let bytes = [0, 0, 0, 7, 0, 5, 1, 0, 2, 0x6c, 0x6f]; let mut rd = Reader::init(&bytes); let ext = ClientExtension::read(&mut rd).unwrap(); @@ -363,7 +363,7 @@ fn can_round_trip_single_proto() { } } -fn get_sample_client_hello_payload() -> ClientHelloPayload { +fn sample_client_hello_payload() -> ClientHelloPayload { ClientHelloPayload { client_version: ProtocolVersion::TLSv1_2, random: Random::from([0; 32]), @@ -410,17 +410,17 @@ fn get_sample_client_hello_payload() -> ClientHelloPayload { #[test] fn can_print_all_client_extensions() { - println!("client hello {:?}", get_sample_client_hello_payload()); + println!("client hello {:?}", sample_client_hello_payload()); } #[test] fn can_clone_all_client_extensions() { - let _ = get_sample_client_hello_payload().extensions; + let _ = sample_client_hello_payload().extensions; } #[test] fn client_has_duplicate_extensions_works() { - let mut chp = get_sample_client_hello_payload(); + let mut chp = sample_client_hello_payload(); assert!(chp.has_duplicate_extension()); // due to SessionTicketRequest/SessionTicketOffer chp.extensions.drain(1..); @@ -451,7 +451,7 @@ fn test_truncated_psk_offer() { #[test] fn test_truncated_client_hello_is_detected() { - let ch = get_sample_client_hello_payload(); + let ch = sample_client_hello_payload(); let enc = ch.get_encoding(); println!("testing {:?} enc {:?}", ch, enc); @@ -466,7 +466,7 @@ fn test_truncated_client_hello_is_detected() { #[test] fn test_truncated_client_extension_is_detected() { - let chp = get_sample_client_hello_payload(); + let chp = sample_client_hello_payload(); for ext in &chp.extensions { let mut enc = ext.get_encoding(); @@ -497,7 +497,7 @@ fn test_truncated_client_extension_is_detected() { } fn test_client_extension_getter(typ: ExtensionType, getter: fn(&ClientHelloPayload) -> bool) { - let mut chp = get_sample_client_hello_payload(); + let mut chp = sample_client_hello_payload(); let ext = chp.find_extension(typ).unwrap().clone(); chp.extensions = vec![]; @@ -514,21 +514,21 @@ fn test_client_extension_getter(typ: ExtensionType, getter: fn(&ClientHelloPaylo } #[test] -fn client_get_sni_extension() { +fn client_sni_extension() { test_client_extension_getter(ExtensionType::ServerName, |chp| { chp.sni_extension().is_some() }); } #[test] -fn client_get_sigalgs_extension() { +fn client_sigalgs_extension() { test_client_extension_getter(ExtensionType::SignatureAlgorithms, |chp| { chp.sigalgs_extension().is_some() }); } #[test] -fn client_get_namedgroups_extension() { +fn client_namedgroups_extension() { test_client_extension_getter(ExtensionType::EllipticCurves, |chp| { chp.namedgroups_extension().is_some() }); @@ -536,47 +536,47 @@ fn client_get_namedgroups_extension() { #[cfg(feature = "tls12")] #[test] -fn client_get_ecpoints_extension() { +fn client_ecpoints_extension() { test_client_extension_getter(ExtensionType::ECPointFormats, |chp| { chp.ecpoints_extension().is_some() }); } #[test] -fn client_get_alpn_extension() { +fn client_alpn_extension() { test_client_extension_getter(ExtensionType::ALProtocolNegotiation, |chp| { chp.alpn_extension().is_some() }); } #[test] -fn client_get_quic_params_extension() { +fn client_quic_params_extension() { test_client_extension_getter(ExtensionType::TransportParameters, |chp| { chp.quic_params_extension().is_some() }); } #[test] -fn client_get_versions_extension() { +fn client_versions_extension() { test_client_extension_getter(ExtensionType::SupportedVersions, |chp| { chp.versions_extension().is_some() }); } #[test] -fn client_get_keyshare_extension() { +fn client_keyshare_extension() { test_client_extension_getter(ExtensionType::KeyShare, |chp| { chp.keyshare_extension().is_some() }); } #[test] -fn client_get_psk() { +fn client_psk() { test_client_extension_getter(ExtensionType::PreSharedKey, |chp| chp.psk().is_some()); } #[test] -fn client_get_psk_modes() { +fn client_psk_modes() { test_client_extension_getter(ExtensionType::PSKKeyExchangeModes, |chp| { chp.psk_modes().is_some() }); @@ -584,7 +584,7 @@ fn client_get_psk_modes() { #[test] fn test_truncated_hello_retry_extension_is_detected() { - let hrr = get_sample_hello_retry_request(); + let hrr = sample_hello_retry_request(); for ext in &hrr.extensions { let mut enc = ext.get_encoding(); @@ -612,7 +612,7 @@ fn test_truncated_hello_retry_extension_is_detected() { } fn test_hello_retry_extension_getter(typ: ExtensionType, getter: fn(&HelloRetryRequest) -> bool) { - let mut hrr = get_sample_hello_retry_request(); + let mut hrr = sample_hello_retry_request(); let mut exts = core::mem::take(&mut hrr.extensions); exts.retain(|ext| ext.ext_type() == typ); @@ -629,7 +629,7 @@ fn test_hello_retry_extension_getter(typ: ExtensionType, getter: fn(&HelloRetryR } #[test] -fn hello_retry_get_requested_key_share_group() { +fn hello_retry_requested_key_share_group() { test_hello_retry_extension_getter(ExtensionType::KeyShare, |hrr| { hrr.requested_key_share_group() .is_some() @@ -637,12 +637,12 @@ fn hello_retry_get_requested_key_share_group() { } #[test] -fn hello_retry_get_cookie() { +fn hello_retry_cookie() { test_hello_retry_extension_getter(ExtensionType::Cookie, |hrr| hrr.cookie().is_some()); } #[test] -fn hello_retry_get_supported_versions() { +fn hello_retry_supported_versions() { test_hello_retry_extension_getter(ExtensionType::SupportedVersions, |hrr| { hrr.supported_versions().is_some() }); @@ -650,7 +650,7 @@ fn hello_retry_get_supported_versions() { #[test] fn test_truncated_server_extension_is_detected() { - let shp = get_sample_server_hello_payload(); + let shp = sample_server_hello_payload(); for ext in &shp.extensions { let mut enc = ext.get_encoding(); @@ -681,7 +681,7 @@ fn test_truncated_server_extension_is_detected() { } fn test_server_extension_getter(typ: ExtensionType, getter: fn(&ServerHelloPayload) -> bool) { - let mut shp = get_sample_server_hello_payload(); + let mut shp = sample_server_hello_payload(); let ext = shp.find_extension(typ).unwrap().clone(); shp.extensions = vec![]; @@ -698,31 +698,31 @@ fn test_server_extension_getter(typ: ExtensionType, getter: fn(&ServerHelloPaylo } #[test] -fn server_get_key_share() { +fn server_key_share() { test_server_extension_getter(ExtensionType::KeyShare, |shp| shp.key_share().is_some()); } #[test] -fn server_get_psk_index() { +fn server_psk_index() { test_server_extension_getter(ExtensionType::PreSharedKey, |shp| shp.psk_index().is_some()); } #[test] -fn server_get_ec_points_extension() { +fn server_ecpoints_extension() { test_server_extension_getter(ExtensionType::ECPointFormats, |shp| { shp.ecpoints_extension().is_some() }); } #[test] -fn server_get_supported_versions() { +fn server_supported_versions() { test_server_extension_getter(ExtensionType::SupportedVersions, |shp| { shp.supported_versions().is_some() }); } fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry) -> bool) { - let mut ce = get_sample_certificate_payload_tls13() + let mut ce = sample_certificate_payload_tls13() .entries .remove(0); let mut exts = core::mem::take(&mut ce.exts); @@ -741,13 +741,13 @@ fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry) } #[test] -fn cert_entry_get_ocsp_response() { +fn cert_entry_ocsp_response() { test_cert_extension_getter(ExtensionType::StatusRequest, |ce| { ce.ocsp_response().is_some() }); } -fn get_sample_server_hello_payload() -> ServerHelloPayload { +fn sample_server_hello_payload() -> ServerHelloPayload { ServerHelloPayload { legacy_version: ProtocolVersion::TLSv1_2, random: Random::from([0; 32]), @@ -776,15 +776,15 @@ fn get_sample_server_hello_payload() -> ServerHelloPayload { #[test] fn can_print_all_server_extensions() { - println!("server hello {:?}", get_sample_server_hello_payload()); + println!("server hello {:?}", sample_server_hello_payload()); } #[test] fn can_clone_all_server_extensions() { - let _ = get_sample_server_hello_payload().extensions; + let _ = sample_server_hello_payload().extensions; } -fn get_sample_hello_retry_request() -> HelloRetryRequest { +fn sample_hello_retry_request() -> HelloRetryRequest { HelloRetryRequest { legacy_version: ProtocolVersion::TLSv1_2, session_id: SessionId::empty(), @@ -801,7 +801,7 @@ fn get_sample_hello_retry_request() -> HelloRetryRequest { } } -fn get_sample_certificate_payload_tls13() -> CertificatePayloadTls13<'static> { +fn sample_certificate_payload_tls13() -> CertificatePayloadTls13<'static> { CertificatePayloadTls13 { context: PayloadU8(vec![1, 2, 3]), entries: vec![CertificateEntry { @@ -819,7 +819,7 @@ fn get_sample_certificate_payload_tls13() -> CertificatePayloadTls13<'static> { } } -fn get_sample_compressed_certificate() -> CompressedCertificatePayload<'static> { +fn sample_compressed_certificate() -> CompressedCertificatePayload<'static> { CompressedCertificatePayload { alg: CertificateCompressionAlgorithm::Brotli, uncompressed_len: 123, @@ -827,7 +827,7 @@ fn get_sample_compressed_certificate() -> CompressedCertificatePayload<'static> } } -fn get_sample_ecdhe_server_key_exchange_payload() -> ServerKeyExchangePayload { +fn sample_ecdhe_server_key_exchange_payload() -> ServerKeyExchangePayload { ServerKeyExchangePayload::Known(ServerKeyExchange { params: ServerKeyExchangeParams::Ecdh(ServerEcdhParams { curve_params: EcParameters { @@ -840,7 +840,7 @@ fn get_sample_ecdhe_server_key_exchange_payload() -> ServerKeyExchangePayload { }) } -fn get_sample_dhe_server_key_exchange_payload() -> ServerKeyExchangePayload { +fn sample_dhe_server_key_exchange_payload() -> ServerKeyExchangePayload { ServerKeyExchangePayload::Known(ServerKeyExchange { params: ServerKeyExchangeParams::Dh(ServerDhParams { dh_p: PayloadU16(vec![1, 2, 3]), @@ -851,11 +851,11 @@ fn get_sample_dhe_server_key_exchange_payload() -> ServerKeyExchangePayload { }) } -fn get_sample_unknown_server_key_exchange_payload() -> ServerKeyExchangePayload { +fn sample_unknown_server_key_exchange_payload() -> ServerKeyExchangePayload { ServerKeyExchangePayload::Unknown(Payload::Borrowed(&[1, 2, 3])) } -fn get_sample_certificate_request_payload() -> CertificateRequestPayload { +fn sample_certificate_request_payload() -> CertificateRequestPayload { CertificateRequestPayload { certtypes: vec![ClientCertificateType::RSASign], sigschemes: vec![SignatureScheme::ECDSA_NISTP256_SHA256], @@ -863,7 +863,7 @@ fn get_sample_certificate_request_payload() -> CertificateRequestPayload { } } -fn get_sample_certificate_request_payload_tls13() -> CertificateRequestPayloadTls13 { +fn sample_certificate_request_payload_tls13() -> CertificateRequestPayloadTls13 { CertificateRequestPayloadTls13 { context: PayloadU8(vec![1, 2, 3]), extensions: vec![ @@ -877,14 +877,14 @@ fn get_sample_certificate_request_payload_tls13() -> CertificateRequestPayloadTl } } -fn get_sample_new_session_ticket_payload() -> NewSessionTicketPayload { +fn sample_new_session_ticket_payload() -> NewSessionTicketPayload { NewSessionTicketPayload { lifetime_hint: 1234, ticket: PayloadU16(vec![1, 2, 3]), } } -fn get_sample_new_session_ticket_payload_tls13() -> NewSessionTicketPayloadTls13 { +fn sample_new_session_ticket_payload_tls13() -> NewSessionTicketPayloadTls13 { NewSessionTicketPayloadTls13 { lifetime: 123, age_add: 1234, @@ -897,17 +897,17 @@ fn get_sample_new_session_ticket_payload_tls13() -> NewSessionTicketPayloadTls13 } } -fn get_sample_encrypted_extensions() -> Vec { - get_sample_server_hello_payload().extensions +fn sample_encrypted_extensions() -> Vec { + sample_server_hello_payload().extensions } -fn get_sample_certificate_status() -> CertificateStatus<'static> { +fn sample_certificate_status() -> CertificateStatus<'static> { CertificateStatus { ocsp_response: PayloadU24(Payload::new(vec![1, 2, 3])), } } -fn get_all_tls12_handshake_payloads() -> Vec> { +fn all_tls12_handshake_payloads() -> Vec> { vec![ HandshakeMessagePayload { typ: HandshakeType::HelloRequest, @@ -915,15 +915,15 @@ fn get_all_tls12_handshake_payloads() -> Vec> { }, HandshakeMessagePayload { typ: HandshakeType::ClientHello, - payload: HandshakePayload::ClientHello(get_sample_client_hello_payload()), + payload: HandshakePayload::ClientHello(sample_client_hello_payload()), }, HandshakeMessagePayload { typ: HandshakeType::ServerHello, - payload: HandshakePayload::ServerHello(get_sample_server_hello_payload()), + payload: HandshakePayload::ServerHello(sample_server_hello_payload()), }, HandshakeMessagePayload { typ: HandshakeType::HelloRetryRequest, - payload: HandshakePayload::HelloRetryRequest(get_sample_hello_retry_request()), + payload: HandshakePayload::HelloRetryRequest(sample_hello_retry_request()), }, HandshakeMessagePayload { typ: HandshakeType::Certificate, @@ -933,25 +933,21 @@ fn get_all_tls12_handshake_payloads() -> Vec> { }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, - payload: HandshakePayload::ServerKeyExchange( - get_sample_ecdhe_server_key_exchange_payload(), - ), + payload: HandshakePayload::ServerKeyExchange(sample_ecdhe_server_key_exchange_payload()), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, - payload: HandshakePayload::ServerKeyExchange( - get_sample_dhe_server_key_exchange_payload(), - ), + payload: HandshakePayload::ServerKeyExchange(sample_dhe_server_key_exchange_payload()), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( - get_sample_unknown_server_key_exchange_payload(), + sample_unknown_server_key_exchange_payload(), ), }, HandshakeMessagePayload { typ: HandshakeType::CertificateRequest, - payload: HandshakePayload::CertificateRequest(get_sample_certificate_request_payload()), + payload: HandshakePayload::CertificateRequest(sample_certificate_request_payload()), }, HandshakeMessagePayload { typ: HandshakeType::ServerHelloDone, @@ -963,11 +959,11 @@ fn get_all_tls12_handshake_payloads() -> Vec> { }, HandshakeMessagePayload { typ: HandshakeType::NewSessionTicket, - payload: HandshakePayload::NewSessionTicket(get_sample_new_session_ticket_payload()), + payload: HandshakePayload::NewSessionTicket(sample_new_session_ticket_payload()), }, HandshakeMessagePayload { typ: HandshakeType::EncryptedExtensions, - payload: HandshakePayload::EncryptedExtensions(get_sample_encrypted_extensions()), + payload: HandshakePayload::EncryptedExtensions(sample_encrypted_extensions()), }, HandshakeMessagePayload { typ: HandshakeType::KeyUpdate, @@ -983,7 +979,7 @@ fn get_all_tls12_handshake_payloads() -> Vec> { }, HandshakeMessagePayload { typ: HandshakeType::CertificateStatus, - payload: HandshakePayload::CertificateStatus(get_sample_certificate_status()), + payload: HandshakePayload::CertificateStatus(sample_certificate_status()), }, HandshakeMessagePayload { typ: HandshakeType::Unknown(99), @@ -994,7 +990,7 @@ fn get_all_tls12_handshake_payloads() -> Vec> { #[test] fn can_round_trip_all_tls12_handshake_payloads() { - for ref hm in get_all_tls12_handshake_payloads().iter() { + for ref hm in all_tls12_handshake_payloads().iter() { println!("{:?}", hm.typ); let bytes = hm.get_encoding(); let mut rd = Reader::init(&bytes); @@ -1009,7 +1005,7 @@ fn can_round_trip_all_tls12_handshake_payloads() { #[test] fn can_into_owned_all_tls12_handshake_payloads() { - for hm in get_all_tls12_handshake_payloads().drain(..) { + for hm in all_tls12_handshake_payloads().drain(..) { let enc = hm.get_encoding(); let debug = format!("{hm:?}"); let other = hm.into_owned(); @@ -1020,7 +1016,7 @@ fn can_into_owned_all_tls12_handshake_payloads() { #[test] fn can_detect_truncation_of_all_tls12_handshake_payloads() { - for hm in get_all_tls12_handshake_payloads().iter() { + for hm in all_tls12_handshake_payloads().iter() { let mut enc = hm.get_encoding(); println!("test {:?} enc {:?}", hm, enc); @@ -1054,7 +1050,7 @@ fn can_detect_truncation_of_all_tls12_handshake_payloads() { } } -fn get_all_tls13_handshake_payloads() -> Vec> { +fn all_tls13_handshake_payloads() -> Vec> { vec![ HandshakeMessagePayload { typ: HandshakeType::HelloRequest, @@ -1062,46 +1058,42 @@ fn get_all_tls13_handshake_payloads() -> Vec> { }, HandshakeMessagePayload { typ: HandshakeType::ClientHello, - payload: HandshakePayload::ClientHello(get_sample_client_hello_payload()), + payload: HandshakePayload::ClientHello(sample_client_hello_payload()), }, HandshakeMessagePayload { typ: HandshakeType::ServerHello, - payload: HandshakePayload::ServerHello(get_sample_server_hello_payload()), + payload: HandshakePayload::ServerHello(sample_server_hello_payload()), }, HandshakeMessagePayload { typ: HandshakeType::HelloRetryRequest, - payload: HandshakePayload::HelloRetryRequest(get_sample_hello_retry_request()), + payload: HandshakePayload::HelloRetryRequest(sample_hello_retry_request()), }, HandshakeMessagePayload { typ: HandshakeType::Certificate, - payload: HandshakePayload::CertificateTls13(get_sample_certificate_payload_tls13()), + payload: HandshakePayload::CertificateTls13(sample_certificate_payload_tls13()), }, HandshakeMessagePayload { typ: HandshakeType::CompressedCertificate, - payload: HandshakePayload::CompressedCertificate(get_sample_compressed_certificate()), + payload: HandshakePayload::CompressedCertificate(sample_compressed_certificate()), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, - payload: HandshakePayload::ServerKeyExchange( - get_sample_ecdhe_server_key_exchange_payload(), - ), + payload: HandshakePayload::ServerKeyExchange(sample_ecdhe_server_key_exchange_payload()), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, - payload: HandshakePayload::ServerKeyExchange( - get_sample_dhe_server_key_exchange_payload(), - ), + payload: HandshakePayload::ServerKeyExchange(sample_dhe_server_key_exchange_payload()), }, HandshakeMessagePayload { typ: HandshakeType::ServerKeyExchange, payload: HandshakePayload::ServerKeyExchange( - get_sample_unknown_server_key_exchange_payload(), + sample_unknown_server_key_exchange_payload(), ), }, HandshakeMessagePayload { typ: HandshakeType::CertificateRequest, payload: HandshakePayload::CertificateRequestTls13( - get_sample_certificate_request_payload_tls13(), + sample_certificate_request_payload_tls13(), ), }, HandshakeMessagePayload { @@ -1122,12 +1114,12 @@ fn get_all_tls13_handshake_payloads() -> Vec> { HandshakeMessagePayload { typ: HandshakeType::NewSessionTicket, payload: HandshakePayload::NewSessionTicketTls13( - get_sample_new_session_ticket_payload_tls13(), + sample_new_session_ticket_payload_tls13(), ), }, HandshakeMessagePayload { typ: HandshakeType::EncryptedExtensions, - payload: HandshakePayload::EncryptedExtensions(get_sample_encrypted_extensions()), + payload: HandshakePayload::EncryptedExtensions(sample_encrypted_extensions()), }, HandshakeMessagePayload { typ: HandshakeType::KeyUpdate, @@ -1143,7 +1135,7 @@ fn get_all_tls13_handshake_payloads() -> Vec> { }, HandshakeMessagePayload { typ: HandshakeType::CertificateStatus, - payload: HandshakePayload::CertificateStatus(get_sample_certificate_status()), + payload: HandshakePayload::CertificateStatus(sample_certificate_status()), }, HandshakeMessagePayload { typ: HandshakeType::Unknown(99), @@ -1154,7 +1146,7 @@ fn get_all_tls13_handshake_payloads() -> Vec> { #[test] fn can_round_trip_all_tls13_handshake_payloads() { - for ref hm in get_all_tls13_handshake_payloads().iter() { + for ref hm in all_tls13_handshake_payloads().iter() { println!("{:?}", hm.typ); let bytes = hm.get_encoding(); let mut rd = Reader::init(&bytes); @@ -1171,7 +1163,7 @@ fn can_round_trip_all_tls13_handshake_payloads() { #[test] fn can_into_owned_all_tls13_handshake_payloads() { - for hm in get_all_tls13_handshake_payloads().drain(..) { + for hm in all_tls13_handshake_payloads().drain(..) { let enc = hm.get_encoding(); let debug = format!("{hm:?}"); let other = hm.into_owned(); @@ -1188,7 +1180,7 @@ fn put_u24(u: u32, b: &mut [u8]) { #[test] fn can_detect_truncation_of_all_tls13_handshake_payloads() { - for hm in get_all_tls13_handshake_payloads().iter() { + for hm in all_tls13_handshake_payloads().iter() { let mut enc = hm.get_encoding(); println!("test {:?} enc {:?}", hm, enc); From 1aba137522cf696b3821734a8380bf32cd69c0fd Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 31 May 2024 13:11:33 +0100 Subject: [PATCH 1011/1145] handshake_test: clarify cloning tests These lost their `clone()` in a historic commit, so were just testing a move. --- rustls/src/msgs/handshake_test.rs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index f1fb5711ec..ccec59a9f7 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -415,7 +415,9 @@ fn can_print_all_client_extensions() { #[test] fn can_clone_all_client_extensions() { - let _ = sample_client_hello_payload().extensions; + let exts = sample_client_hello_payload().extensions; + let exts2 = exts.clone(); + println!("{exts:?}, {exts2:?}"); } #[test] @@ -781,7 +783,9 @@ fn can_print_all_server_extensions() { #[test] fn can_clone_all_server_extensions() { - let _ = sample_server_hello_payload().extensions; + let exts = sample_server_hello_payload().extensions; + let exts2 = exts.clone(); + println!("{exts:?}, {exts2:?}"); } fn sample_hello_retry_request() -> HelloRetryRequest { From 4bd989c7ef7fc1bcced1c4c5e3e180340f1e79a3 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Fri, 31 May 2024 13:22:57 +0100 Subject: [PATCH 1012/1145] handshake_test: reorder items in file tests nearer the top, helpers below their uses. --- rustls/src/msgs/handshake_test.rs | 750 +++++++++++++++--------------- 1 file changed, 375 insertions(+), 375 deletions(-) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index ccec59a9f7..7a3ecafdbd 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -363,51 +363,6 @@ fn can_round_trip_single_proto() { } } -fn sample_client_hello_payload() -> ClientHelloPayload { - ClientHelloPayload { - client_version: ProtocolVersion::TLSv1_2, - random: Random::from([0; 32]), - session_id: SessionId::empty(), - cipher_suites: vec![CipherSuite::TLS_NULL_WITH_NULL_NULL], - compression_methods: vec![Compression::Null], - extensions: vec![ - ClientExtension::EcPointFormats(ECPointFormat::SUPPORTED.to_vec()), - ClientExtension::NamedGroups(vec![NamedGroup::X25519]), - ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]), - ClientExtension::make_sni(&DnsName::try_from("hello").unwrap()), - ClientExtension::SessionTicket(ClientSessionTicket::Request), - ClientExtension::SessionTicket(ClientSessionTicket::Offer(Payload::Borrowed(&[]))), - ClientExtension::Protocols(vec![ProtocolName::from(vec![0])]), - ClientExtension::SupportedVersions(vec![ProtocolVersion::TLSv1_3]), - ClientExtension::KeyShare(vec![KeyShareEntry::new(NamedGroup::X25519, &[1, 2, 3][..])]), - ClientExtension::PresharedKeyModes(vec![PSKKeyExchangeMode::PSK_DHE_KE]), - ClientExtension::PresharedKey(PresharedKeyOffer { - identities: vec![ - PresharedKeyIdentity::new(vec![3, 4, 5], 123456), - PresharedKeyIdentity::new(vec![6, 7, 8], 7891011), - ], - binders: vec![ - PresharedKeyBinder::from(vec![1, 2, 3]), - PresharedKeyBinder::from(vec![3, 4, 5]), - ], - }), - ClientExtension::Cookie(PayloadU16(vec![1, 2, 3])), - ClientExtension::ExtendedMasterSecretRequest, - ClientExtension::CertificateStatusRequest(CertificateStatusRequest::build_ocsp()), - ClientExtension::TransportParameters(vec![1, 2, 3]), - ClientExtension::EarlyData, - ClientExtension::CertificateCompressionAlgorithms(vec![ - CertificateCompressionAlgorithm::Brotli, - CertificateCompressionAlgorithm::Zlib, - ]), - ClientExtension::Unknown(UnknownExtension { - typ: ExtensionType::Unknown(12345), - payload: Payload::Borrowed(&[1, 2, 3]), - }), - ], - } -} - #[test] fn can_print_all_client_extensions() { println!("client hello {:?}", sample_client_hello_payload()); @@ -498,23 +453,6 @@ fn test_truncated_client_extension_is_detected() { } } -fn test_client_extension_getter(typ: ExtensionType, getter: fn(&ClientHelloPayload) -> bool) { - let mut chp = sample_client_hello_payload(); - let ext = chp.find_extension(typ).unwrap().clone(); - - chp.extensions = vec![]; - assert!(!getter(&chp)); - - chp.extensions = vec![ext]; - assert!(getter(&chp)); - - chp.extensions = vec![ClientExtension::Unknown(UnknownExtension { - typ, - payload: Payload::Borrowed(&[]), - })]; - assert!(!getter(&chp)); -} - #[test] fn client_sni_extension() { test_client_extension_getter(ExtensionType::ServerName, |chp| { @@ -584,6 +522,23 @@ fn client_psk_modes() { }); } +fn test_client_extension_getter(typ: ExtensionType, getter: fn(&ClientHelloPayload) -> bool) { + let mut chp = sample_client_hello_payload(); + let ext = chp.find_extension(typ).unwrap().clone(); + + chp.extensions = vec![]; + assert!(!getter(&chp)); + + chp.extensions = vec![ext]; + assert!(getter(&chp)); + + chp.extensions = vec![ClientExtension::Unknown(UnknownExtension { + typ, + payload: Payload::Borrowed(&[]), + })]; + assert!(!getter(&chp)); +} + #[test] fn test_truncated_hello_retry_extension_is_detected() { let hrr = sample_hello_retry_request(); @@ -613,23 +568,6 @@ fn test_truncated_hello_retry_extension_is_detected() { } } -fn test_hello_retry_extension_getter(typ: ExtensionType, getter: fn(&HelloRetryRequest) -> bool) { - let mut hrr = sample_hello_retry_request(); - let mut exts = core::mem::take(&mut hrr.extensions); - exts.retain(|ext| ext.ext_type() == typ); - - assert!(!getter(&hrr)); - - hrr.extensions = exts; - assert!(getter(&hrr)); - - hrr.extensions = vec![HelloRetryExtension::Unknown(UnknownExtension { - typ, - payload: Payload::Borrowed(&[]), - })]; - assert!(!getter(&hrr)); -} - #[test] fn hello_retry_requested_key_share_group() { test_hello_retry_extension_getter(ExtensionType::KeyShare, |hrr| { @@ -650,6 +588,23 @@ fn hello_retry_supported_versions() { }); } +fn test_hello_retry_extension_getter(typ: ExtensionType, getter: fn(&HelloRetryRequest) -> bool) { + let mut hrr = sample_hello_retry_request(); + let mut exts = core::mem::take(&mut hrr.extensions); + exts.retain(|ext| ext.ext_type() == typ); + + assert!(!getter(&hrr)); + + hrr.extensions = exts; + assert!(getter(&hrr)); + + hrr.extensions = vec![HelloRetryExtension::Unknown(UnknownExtension { + typ, + payload: Payload::Borrowed(&[]), + })]; + assert!(!getter(&hrr)); +} + #[test] fn test_truncated_server_extension_is_detected() { let shp = sample_server_hello_payload(); @@ -723,6 +678,13 @@ fn server_supported_versions() { }); } +#[test] +fn cert_entry_ocsp_response() { + test_cert_extension_getter(ExtensionType::StatusRequest, |ce| { + ce.ocsp_response().is_some() + }); +} + fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry) -> bool) { let mut ce = sample_certificate_payload_tls13() .entries @@ -742,40 +704,6 @@ fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry) assert!(!getter(&ce)); } -#[test] -fn cert_entry_ocsp_response() { - test_cert_extension_getter(ExtensionType::StatusRequest, |ce| { - ce.ocsp_response().is_some() - }); -} - -fn sample_server_hello_payload() -> ServerHelloPayload { - ServerHelloPayload { - legacy_version: ProtocolVersion::TLSv1_2, - random: Random::from([0; 32]), - session_id: SessionId::empty(), - cipher_suite: CipherSuite::TLS_NULL_WITH_NULL_NULL, - compression_method: Compression::Null, - extensions: vec![ - ServerExtension::EcPointFormats(ECPointFormat::SUPPORTED.to_vec()), - ServerExtension::ServerNameAck, - ServerExtension::SessionTicketAck, - ServerExtension::RenegotiationInfo(PayloadU8(vec![0])), - ServerExtension::Protocols(vec![ProtocolName::from(vec![0])]), - ServerExtension::KeyShare(KeyShareEntry::new(NamedGroup::X25519, &[1, 2, 3][..])), - ServerExtension::PresharedKey(3), - ServerExtension::ExtendedMasterSecretAck, - ServerExtension::CertificateStatusAck, - ServerExtension::SupportedVersions(ProtocolVersion::TLSv1_2), - ServerExtension::TransportParameters(vec![1, 2, 3]), - ServerExtension::Unknown(UnknownExtension { - typ: ExtensionType::Unknown(12345), - payload: Payload::Borrowed(&[1, 2, 3]), - }), - ], - } -} - #[test] fn can_print_all_server_extensions() { println!("server hello {:?}", sample_server_hello_payload()); @@ -788,126 +716,277 @@ fn can_clone_all_server_extensions() { println!("{exts:?}, {exts2:?}"); } -fn sample_hello_retry_request() -> HelloRetryRequest { - HelloRetryRequest { - legacy_version: ProtocolVersion::TLSv1_2, - session_id: SessionId::empty(), - cipher_suite: CipherSuite::TLS_NULL_WITH_NULL_NULL, - extensions: vec![ - HelloRetryExtension::KeyShare(NamedGroup::X25519), - HelloRetryExtension::Cookie(PayloadU16(vec![0])), - HelloRetryExtension::SupportedVersions(ProtocolVersion::TLSv1_2), - HelloRetryExtension::Unknown(UnknownExtension { - typ: ExtensionType::Unknown(12345), - payload: Payload::Borrowed(&[1, 2, 3]), - }), - ], - } -} +#[test] +fn can_round_trip_all_tls12_handshake_payloads() { + for ref hm in all_tls12_handshake_payloads().iter() { + println!("{:?}", hm.typ); + let bytes = hm.get_encoding(); + let mut rd = Reader::init(&bytes); + let other = HandshakeMessagePayload::read(&mut rd).unwrap(); + assert!(!rd.any_left()); + assert_eq!(hm.get_encoding(), other.get_encoding()); -fn sample_certificate_payload_tls13() -> CertificatePayloadTls13<'static> { - CertificatePayloadTls13 { - context: PayloadU8(vec![1, 2, 3]), - entries: vec![CertificateEntry { - cert: CertificateDer::from(vec![3, 4, 5]), - exts: vec![ - CertificateExtension::CertificateStatus(CertificateStatus { - ocsp_response: PayloadU24(Payload::new(vec![1, 2, 3])), - }), - CertificateExtension::Unknown(UnknownExtension { - typ: ExtensionType::Unknown(12345), - payload: Payload::Borrowed(&[1, 2, 3]), - }), - ], - }], + println!("{:?}", hm); + println!("{:?}", other); } } -fn sample_compressed_certificate() -> CompressedCertificatePayload<'static> { - CompressedCertificatePayload { - alg: CertificateCompressionAlgorithm::Brotli, - uncompressed_len: 123, - compressed: PayloadU24(Payload::new(vec![1, 2, 3])), +#[test] +fn can_into_owned_all_tls12_handshake_payloads() { + for hm in all_tls12_handshake_payloads().drain(..) { + let enc = hm.get_encoding(); + let debug = format!("{hm:?}"); + let other = hm.into_owned(); + assert_eq!(enc, other.get_encoding()); + assert_eq!(debug, format!("{other:?}")); } } -fn sample_ecdhe_server_key_exchange_payload() -> ServerKeyExchangePayload { - ServerKeyExchangePayload::Known(ServerKeyExchange { - params: ServerKeyExchangeParams::Ecdh(ServerEcdhParams { - curve_params: EcParameters { - curve_type: ECCurveType::NamedCurve, - named_group: NamedGroup::X25519, - }, - public: PayloadU8(vec![1, 2, 3]), - }), - dss: DigitallySignedStruct::new(SignatureScheme::RSA_PSS_SHA256, vec![1, 2, 3]), - }) -} - -fn sample_dhe_server_key_exchange_payload() -> ServerKeyExchangePayload { - ServerKeyExchangePayload::Known(ServerKeyExchange { - params: ServerKeyExchangeParams::Dh(ServerDhParams { - dh_p: PayloadU16(vec![1, 2, 3]), - dh_g: PayloadU16(vec![2]), - dh_Ys: PayloadU16(vec![1, 2]), - }), - dss: DigitallySignedStruct::new(SignatureScheme::RSA_PSS_SHA256, vec![1, 2, 3]), - }) -} +#[test] +fn can_detect_truncation_of_all_tls12_handshake_payloads() { + for hm in all_tls12_handshake_payloads().iter() { + let mut enc = hm.get_encoding(); + println!("test {:?} enc {:?}", hm, enc); -fn sample_unknown_server_key_exchange_payload() -> ServerKeyExchangePayload { - ServerKeyExchangePayload::Unknown(Payload::Borrowed(&[1, 2, 3])) -} + // outer truncation + for l in 0..enc.len() { + assert!(HandshakeMessagePayload::read_bytes(&enc[..l]).is_err()) + } -fn sample_certificate_request_payload() -> CertificateRequestPayload { - CertificateRequestPayload { - certtypes: vec![ClientCertificateType::RSASign], - sigschemes: vec![SignatureScheme::ECDSA_NISTP256_SHA256], - canames: vec![DistinguishedName::from(vec![1, 2, 3])], - } -} + // inner truncation + for l in 0..enc.len() - 4 { + put_u24(l as u32, &mut enc[1..]); + println!(" check len {:?} enc {:?}", l, enc); -fn sample_certificate_request_payload_tls13() -> CertificateRequestPayloadTls13 { - CertificateRequestPayloadTls13 { - context: PayloadU8(vec![1, 2, 3]), - extensions: vec![ - CertReqExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]), - CertReqExtension::AuthorityNames(vec![DistinguishedName::from(vec![1, 2, 3])]), - CertReqExtension::Unknown(UnknownExtension { - typ: ExtensionType::Unknown(12345), - payload: Payload::Borrowed(&[1, 2, 3]), - }), - ], + match (hm.typ, l) { + (HandshakeType::ClientHello, 41) + | (HandshakeType::ServerHello, 38) + | (HandshakeType::ServerKeyExchange, _) + | (HandshakeType::ClientKeyExchange, _) + | (HandshakeType::Finished, _) + | (HandshakeType::Unknown(_), _) => continue, + _ => {} + }; + + assert!(HandshakeMessagePayload::read_version( + &mut Reader::init(&enc), + ProtocolVersion::TLSv1_2 + ) + .is_err()); + assert!(HandshakeMessagePayload::read_bytes(&enc).is_err()); + } } } -fn sample_new_session_ticket_payload() -> NewSessionTicketPayload { - NewSessionTicketPayload { - lifetime_hint: 1234, - ticket: PayloadU16(vec![1, 2, 3]), +#[test] +fn can_round_trip_all_tls13_handshake_payloads() { + for ref hm in all_tls13_handshake_payloads().iter() { + println!("{:?}", hm.typ); + let bytes = hm.get_encoding(); + let mut rd = Reader::init(&bytes); + + let other = + HandshakeMessagePayload::read_version(&mut rd, ProtocolVersion::TLSv1_3).unwrap(); + assert!(!rd.any_left()); + assert_eq!(hm.get_encoding(), other.get_encoding()); + + println!("{:?}", hm); + println!("{:?}", other); } } -fn sample_new_session_ticket_payload_tls13() -> NewSessionTicketPayloadTls13 { - NewSessionTicketPayloadTls13 { - lifetime: 123, - age_add: 1234, - nonce: PayloadU8(vec![1, 2, 3]), - ticket: PayloadU16(vec![4, 5, 6]), - exts: vec![NewSessionTicketExtension::Unknown(UnknownExtension { - typ: ExtensionType::Unknown(12345), - payload: Payload::Borrowed(&[1, 2, 3]), - })], +#[test] +fn can_into_owned_all_tls13_handshake_payloads() { + for hm in all_tls13_handshake_payloads().drain(..) { + let enc = hm.get_encoding(); + let debug = format!("{hm:?}"); + let other = hm.into_owned(); + assert_eq!(enc, other.get_encoding()); + assert_eq!(debug, format!("{other:?}")); } } -fn sample_encrypted_extensions() -> Vec { - sample_server_hello_payload().extensions +#[test] +fn can_detect_truncation_of_all_tls13_handshake_payloads() { + for hm in all_tls13_handshake_payloads().iter() { + let mut enc = hm.get_encoding(); + println!("test {:?} enc {:?}", hm, enc); + + // outer truncation + for l in 0..enc.len() { + assert!(HandshakeMessagePayload::read_bytes(&enc[..l]).is_err()) + } + + // inner truncation + for l in 0..enc.len() - 4 { + put_u24(l as u32, &mut enc[1..]); + println!(" check len {:?} enc {:?}", l, enc); + + match (hm.typ, l) { + (HandshakeType::ClientHello, 41) + | (HandshakeType::ServerHello, 38) + | (HandshakeType::ServerKeyExchange, _) + | (HandshakeType::ClientKeyExchange, _) + | (HandshakeType::Finished, _) + | (HandshakeType::Unknown(_), _) => continue, + _ => {} + }; + + assert!(HandshakeMessagePayload::read_version( + &mut Reader::init(&enc), + ProtocolVersion::TLSv1_3 + ) + .is_err()); + } + } } -fn sample_certificate_status() -> CertificateStatus<'static> { - CertificateStatus { - ocsp_response: PayloadU24(Payload::new(vec![1, 2, 3])), +fn put_u24(u: u32, b: &mut [u8]) { + b[0] = (u >> 16) as u8; + b[1] = (u >> 8) as u8; + b[2] = u as u8; +} + +#[test] +fn cannot_read_message_hash_from_network() { + let mh = HandshakeMessagePayload { + typ: HandshakeType::MessageHash, + payload: HandshakePayload::MessageHash(Payload::new(vec![1, 2, 3])), + }; + println!("mh {:?}", mh); + let enc = mh.get_encoding(); + assert!(HandshakeMessagePayload::read_bytes(&enc).is_err()); +} + +#[test] +fn cannot_decode_huge_certificate() { + let mut buf = [0u8; 65 * 1024]; + // exactly 64KB decodes fine + buf[0] = 0x0b; + buf[1] = 0x01; + buf[2] = 0x00; + buf[3] = 0x03; + buf[4] = 0x01; + buf[5] = 0x00; + buf[6] = 0x00; + buf[7] = 0x00; + buf[8] = 0xff; + buf[9] = 0xfd; + HandshakeMessagePayload::read_bytes(&buf).unwrap(); + + // however 64KB + 1 byte does not + buf[1] = 0x01; + buf[2] = 0x00; + buf[3] = 0x04; + buf[4] = 0x01; + buf[5] = 0x00; + buf[6] = 0x01; + assert!(HandshakeMessagePayload::read_bytes(&buf).is_err()); +} + +#[test] +fn can_decode_server_hello_from_api_devicecheck_apple_com() { + let data = include_bytes!("hello-api.devicecheck.apple.com.bin"); + let mut r = Reader::init(data); + let hm = HandshakeMessagePayload::read(&mut r).unwrap(); + println!("msg: {:?}", hm); +} + +#[test] +fn wrapped_dn_encoding() { + let subject = b"subject"; + let dn = DistinguishedName::in_sequence(&subject[..]); + const DER_SEQUENCE_TAG: u8 = 0x30; + let expected_prefix = vec![DER_SEQUENCE_TAG, subject.len() as u8]; + assert_eq!(dn.as_ref(), [expected_prefix, subject.to_vec()].concat()); +} + +fn sample_hello_retry_request() -> HelloRetryRequest { + HelloRetryRequest { + legacy_version: ProtocolVersion::TLSv1_2, + session_id: SessionId::empty(), + cipher_suite: CipherSuite::TLS_NULL_WITH_NULL_NULL, + extensions: vec![ + HelloRetryExtension::KeyShare(NamedGroup::X25519), + HelloRetryExtension::Cookie(PayloadU16(vec![0])), + HelloRetryExtension::SupportedVersions(ProtocolVersion::TLSv1_2), + HelloRetryExtension::Unknown(UnknownExtension { + typ: ExtensionType::Unknown(12345), + payload: Payload::Borrowed(&[1, 2, 3]), + }), + ], + } +} + +fn sample_client_hello_payload() -> ClientHelloPayload { + ClientHelloPayload { + client_version: ProtocolVersion::TLSv1_2, + random: Random::from([0; 32]), + session_id: SessionId::empty(), + cipher_suites: vec![CipherSuite::TLS_NULL_WITH_NULL_NULL], + compression_methods: vec![Compression::Null], + extensions: vec![ + ClientExtension::EcPointFormats(ECPointFormat::SUPPORTED.to_vec()), + ClientExtension::NamedGroups(vec![NamedGroup::X25519]), + ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]), + ClientExtension::make_sni(&DnsName::try_from("hello").unwrap()), + ClientExtension::SessionTicket(ClientSessionTicket::Request), + ClientExtension::SessionTicket(ClientSessionTicket::Offer(Payload::Borrowed(&[]))), + ClientExtension::Protocols(vec![ProtocolName::from(vec![0])]), + ClientExtension::SupportedVersions(vec![ProtocolVersion::TLSv1_3]), + ClientExtension::KeyShare(vec![KeyShareEntry::new(NamedGroup::X25519, &[1, 2, 3][..])]), + ClientExtension::PresharedKeyModes(vec![PSKKeyExchangeMode::PSK_DHE_KE]), + ClientExtension::PresharedKey(PresharedKeyOffer { + identities: vec![ + PresharedKeyIdentity::new(vec![3, 4, 5], 123456), + PresharedKeyIdentity::new(vec![6, 7, 8], 7891011), + ], + binders: vec![ + PresharedKeyBinder::from(vec![1, 2, 3]), + PresharedKeyBinder::from(vec![3, 4, 5]), + ], + }), + ClientExtension::Cookie(PayloadU16(vec![1, 2, 3])), + ClientExtension::ExtendedMasterSecretRequest, + ClientExtension::CertificateStatusRequest(CertificateStatusRequest::build_ocsp()), + ClientExtension::TransportParameters(vec![1, 2, 3]), + ClientExtension::EarlyData, + ClientExtension::CertificateCompressionAlgorithms(vec![ + CertificateCompressionAlgorithm::Brotli, + CertificateCompressionAlgorithm::Zlib, + ]), + ClientExtension::Unknown(UnknownExtension { + typ: ExtensionType::Unknown(12345), + payload: Payload::Borrowed(&[1, 2, 3]), + }), + ], + } +} + +fn sample_server_hello_payload() -> ServerHelloPayload { + ServerHelloPayload { + legacy_version: ProtocolVersion::TLSv1_2, + random: Random::from([0; 32]), + session_id: SessionId::empty(), + cipher_suite: CipherSuite::TLS_NULL_WITH_NULL_NULL, + compression_method: Compression::Null, + extensions: vec![ + ServerExtension::EcPointFormats(ECPointFormat::SUPPORTED.to_vec()), + ServerExtension::ServerNameAck, + ServerExtension::SessionTicketAck, + ServerExtension::RenegotiationInfo(PayloadU8(vec![0])), + ServerExtension::Protocols(vec![ProtocolName::from(vec![0])]), + ServerExtension::KeyShare(KeyShareEntry::new(NamedGroup::X25519, &[1, 2, 3][..])), + ServerExtension::PresharedKey(3), + ServerExtension::ExtendedMasterSecretAck, + ServerExtension::CertificateStatusAck, + ServerExtension::SupportedVersions(ProtocolVersion::TLSv1_2), + ServerExtension::TransportParameters(vec![1, 2, 3]), + ServerExtension::Unknown(UnknownExtension { + typ: ExtensionType::Unknown(12345), + payload: Payload::Borrowed(&[1, 2, 3]), + }), + ], } } @@ -992,68 +1071,6 @@ fn all_tls12_handshake_payloads() -> Vec> { ] } -#[test] -fn can_round_trip_all_tls12_handshake_payloads() { - for ref hm in all_tls12_handshake_payloads().iter() { - println!("{:?}", hm.typ); - let bytes = hm.get_encoding(); - let mut rd = Reader::init(&bytes); - let other = HandshakeMessagePayload::read(&mut rd).unwrap(); - assert!(!rd.any_left()); - assert_eq!(hm.get_encoding(), other.get_encoding()); - - println!("{:?}", hm); - println!("{:?}", other); - } -} - -#[test] -fn can_into_owned_all_tls12_handshake_payloads() { - for hm in all_tls12_handshake_payloads().drain(..) { - let enc = hm.get_encoding(); - let debug = format!("{hm:?}"); - let other = hm.into_owned(); - assert_eq!(enc, other.get_encoding()); - assert_eq!(debug, format!("{other:?}")); - } -} - -#[test] -fn can_detect_truncation_of_all_tls12_handshake_payloads() { - for hm in all_tls12_handshake_payloads().iter() { - let mut enc = hm.get_encoding(); - println!("test {:?} enc {:?}", hm, enc); - - // outer truncation - for l in 0..enc.len() { - assert!(HandshakeMessagePayload::read_bytes(&enc[..l]).is_err()) - } - - // inner truncation - for l in 0..enc.len() - 4 { - put_u24(l as u32, &mut enc[1..]); - println!(" check len {:?} enc {:?}", l, enc); - - match (hm.typ, l) { - (HandshakeType::ClientHello, 41) - | (HandshakeType::ServerHello, 38) - | (HandshakeType::ServerKeyExchange, _) - | (HandshakeType::ClientKeyExchange, _) - | (HandshakeType::Finished, _) - | (HandshakeType::Unknown(_), _) => continue, - _ => {} - }; - - assert!(HandshakeMessagePayload::read_version( - &mut Reader::init(&enc), - ProtocolVersion::TLSv1_2 - ) - .is_err()); - assert!(HandshakeMessagePayload::read_bytes(&enc).is_err()); - } - } -} - fn all_tls13_handshake_payloads() -> Vec> { vec![ HandshakeMessagePayload { @@ -1148,125 +1165,108 @@ fn all_tls13_handshake_payloads() -> Vec> { ] } -#[test] -fn can_round_trip_all_tls13_handshake_payloads() { - for ref hm in all_tls13_handshake_payloads().iter() { - println!("{:?}", hm.typ); - let bytes = hm.get_encoding(); - let mut rd = Reader::init(&bytes); - - let other = - HandshakeMessagePayload::read_version(&mut rd, ProtocolVersion::TLSv1_3).unwrap(); - assert!(!rd.any_left()); - assert_eq!(hm.get_encoding(), other.get_encoding()); - - println!("{:?}", hm); - println!("{:?}", other); +fn sample_certificate_payload_tls13() -> CertificatePayloadTls13<'static> { + CertificatePayloadTls13 { + context: PayloadU8(vec![1, 2, 3]), + entries: vec![CertificateEntry { + cert: CertificateDer::from(vec![3, 4, 5]), + exts: vec![ + CertificateExtension::CertificateStatus(CertificateStatus { + ocsp_response: PayloadU24(Payload::new(vec![1, 2, 3])), + }), + CertificateExtension::Unknown(UnknownExtension { + typ: ExtensionType::Unknown(12345), + payload: Payload::Borrowed(&[1, 2, 3]), + }), + ], + }], } } -#[test] -fn can_into_owned_all_tls13_handshake_payloads() { - for hm in all_tls13_handshake_payloads().drain(..) { - let enc = hm.get_encoding(); - let debug = format!("{hm:?}"); - let other = hm.into_owned(); - assert_eq!(enc, other.get_encoding()); - assert_eq!(debug, format!("{other:?}")); +fn sample_compressed_certificate() -> CompressedCertificatePayload<'static> { + CompressedCertificatePayload { + alg: CertificateCompressionAlgorithm::Brotli, + uncompressed_len: 123, + compressed: PayloadU24(Payload::new(vec![1, 2, 3])), } } -fn put_u24(u: u32, b: &mut [u8]) { - b[0] = (u >> 16) as u8; - b[1] = (u >> 8) as u8; - b[2] = u as u8; +fn sample_ecdhe_server_key_exchange_payload() -> ServerKeyExchangePayload { + ServerKeyExchangePayload::Known(ServerKeyExchange { + params: ServerKeyExchangeParams::Ecdh(ServerEcdhParams { + curve_params: EcParameters { + curve_type: ECCurveType::NamedCurve, + named_group: NamedGroup::X25519, + }, + public: PayloadU8(vec![1, 2, 3]), + }), + dss: DigitallySignedStruct::new(SignatureScheme::RSA_PSS_SHA256, vec![1, 2, 3]), + }) } -#[test] -fn can_detect_truncation_of_all_tls13_handshake_payloads() { - for hm in all_tls13_handshake_payloads().iter() { - let mut enc = hm.get_encoding(); - println!("test {:?} enc {:?}", hm, enc); - - // outer truncation - for l in 0..enc.len() { - assert!(HandshakeMessagePayload::read_bytes(&enc[..l]).is_err()) - } - - // inner truncation - for l in 0..enc.len() - 4 { - put_u24(l as u32, &mut enc[1..]); - println!(" check len {:?} enc {:?}", l, enc); +fn sample_dhe_server_key_exchange_payload() -> ServerKeyExchangePayload { + ServerKeyExchangePayload::Known(ServerKeyExchange { + params: ServerKeyExchangeParams::Dh(ServerDhParams { + dh_p: PayloadU16(vec![1, 2, 3]), + dh_g: PayloadU16(vec![2]), + dh_Ys: PayloadU16(vec![1, 2]), + }), + dss: DigitallySignedStruct::new(SignatureScheme::RSA_PSS_SHA256, vec![1, 2, 3]), + }) +} - match (hm.typ, l) { - (HandshakeType::ClientHello, 41) - | (HandshakeType::ServerHello, 38) - | (HandshakeType::ServerKeyExchange, _) - | (HandshakeType::ClientKeyExchange, _) - | (HandshakeType::Finished, _) - | (HandshakeType::Unknown(_), _) => continue, - _ => {} - }; +fn sample_unknown_server_key_exchange_payload() -> ServerKeyExchangePayload { + ServerKeyExchangePayload::Unknown(Payload::Borrowed(&[1, 2, 3])) +} - assert!(HandshakeMessagePayload::read_version( - &mut Reader::init(&enc), - ProtocolVersion::TLSv1_3 - ) - .is_err()); - } +fn sample_certificate_request_payload() -> CertificateRequestPayload { + CertificateRequestPayload { + certtypes: vec![ClientCertificateType::RSASign], + sigschemes: vec![SignatureScheme::ECDSA_NISTP256_SHA256], + canames: vec![DistinguishedName::from(vec![1, 2, 3])], } } -#[test] -fn cannot_read_message_hash_from_network() { - let mh = HandshakeMessagePayload { - typ: HandshakeType::MessageHash, - payload: HandshakePayload::MessageHash(Payload::new(vec![1, 2, 3])), - }; - println!("mh {:?}", mh); - let enc = mh.get_encoding(); - assert!(HandshakeMessagePayload::read_bytes(&enc).is_err()); +fn sample_certificate_request_payload_tls13() -> CertificateRequestPayloadTls13 { + CertificateRequestPayloadTls13 { + context: PayloadU8(vec![1, 2, 3]), + extensions: vec![ + CertReqExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]), + CertReqExtension::AuthorityNames(vec![DistinguishedName::from(vec![1, 2, 3])]), + CertReqExtension::Unknown(UnknownExtension { + typ: ExtensionType::Unknown(12345), + payload: Payload::Borrowed(&[1, 2, 3]), + }), + ], + } } -#[test] -fn cannot_decode_huge_certificate() { - let mut buf = [0u8; 65 * 1024]; - // exactly 64KB decodes fine - buf[0] = 0x0b; - buf[1] = 0x01; - buf[2] = 0x00; - buf[3] = 0x03; - buf[4] = 0x01; - buf[5] = 0x00; - buf[6] = 0x00; - buf[7] = 0x00; - buf[8] = 0xff; - buf[9] = 0xfd; - HandshakeMessagePayload::read_bytes(&buf).unwrap(); +fn sample_new_session_ticket_payload() -> NewSessionTicketPayload { + NewSessionTicketPayload { + lifetime_hint: 1234, + ticket: PayloadU16(vec![1, 2, 3]), + } +} - // however 64KB + 1 byte does not - buf[1] = 0x01; - buf[2] = 0x00; - buf[3] = 0x04; - buf[4] = 0x01; - buf[5] = 0x00; - buf[6] = 0x01; - assert!(HandshakeMessagePayload::read_bytes(&buf).is_err()); +fn sample_new_session_ticket_payload_tls13() -> NewSessionTicketPayloadTls13 { + NewSessionTicketPayloadTls13 { + lifetime: 123, + age_add: 1234, + nonce: PayloadU8(vec![1, 2, 3]), + ticket: PayloadU16(vec![4, 5, 6]), + exts: vec![NewSessionTicketExtension::Unknown(UnknownExtension { + typ: ExtensionType::Unknown(12345), + payload: Payload::Borrowed(&[1, 2, 3]), + })], + } } -#[test] -fn can_decode_server_hello_from_api_devicecheck_apple_com() { - let data = include_bytes!("hello-api.devicecheck.apple.com.bin"); - let mut r = Reader::init(data); - let hm = HandshakeMessagePayload::read(&mut r).unwrap(); - println!("msg: {:?}", hm); +fn sample_encrypted_extensions() -> Vec { + sample_server_hello_payload().extensions } -#[test] -fn wrapped_dn_encoding() { - let subject = b"subject"; - let dn = DistinguishedName::in_sequence(&subject[..]); - const DER_SEQUENCE_TAG: u8 = 0x30; - let expected_prefix = vec![DER_SEQUENCE_TAG, subject.len() as u8]; - assert_eq!(dn.as_ref(), [expected_prefix, subject.to_vec()].concat()); +fn sample_certificate_status() -> CertificateStatus<'static> { + CertificateStatus { + ocsp_response: PayloadU24(Payload::new(vec![1, 2, 3])), + } } From bacc19c9f04901e9d40f005e5c403a052bfdf17f Mon Sep 17 00:00:00 2001 From: Josh Aas Date: Fri, 31 May 2024 11:09:29 -0400 Subject: [PATCH 1013/1145] General roadmap updates. --- ROADMAP.md | 39 ++++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index 4f2dc88b0e..8cb6cd8cf4 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -2,17 +2,7 @@ ## Future priorities -In rough order of priority: - -* **Support Encrypted Client Hello (Client Side)**. - Encrypted Client Hello is an upcoming standard from the TLS WG providing better - protection for some of the data sent by a client in the initial Client Hello - message. - rustls/rustls#1718 - -* **Additional Performance Optimization**. - Additional performance optimization including CPU usage, latency, and memory - usage. The goal is to outperform OpenSSL across the board if we are not already. +Specific features, in rough order of priority: * **Support RFC 8879 Certificate Compression**. Support for a TLS extension that substantially shrinks certificates (one of the @@ -20,12 +10,39 @@ In rough order of priority: bandwidth used. rustls/rustls#534 +* **Support Encrypted Client Hello (Client Side)**. + Encrypted Client Hello is an upcoming standard from the TLS WG providing better + protection for some of the data sent by a client in the initial Client Hello + message. + rustls/rustls#1718 + * **Enforce Confidentiality / Integrity Limits**. The QUIC use of TLS mandates limited usage of AEAD keys. While TLS 1.3 and 1.2 do not require this, the same kinds of issues can apply here, and we should consider implementing limits for TLS over TCP as well. rustls/rustls#755 +* **Address asynchronous handshake interruption**. + Allow completion of user-provided operations to be deferred. + rustls/rustls#850 + +* **Support Encrypted Client Hello (ECH) (Server Side)**. + Encrypted Client Hello is an upcoming standard from the TLS WG providing better + protection for some of the data sent by a client in the initial Client Hello + message. Rustls already supports client side ECH, we will add server side support. + +General priorities: + +* **Additional Performance Optimization**. + Additional performance optimization including CPU usage, latency, and memory + usage. The goal is to outperform OpenSSL across the board if we are not already. + +* **Improve OpenSSL Compatibility**. + Continue to improve the OpenSSL compatibility layer. + +* **Rustls API Refinements**. + Continue to improve the Rustls API. Aim for ease of use, clarity. + ## Past priorities Delivered in [rustls-openssl-compat](https://github.com/rustls/rustls-openssl-compat) 0.1.0: From 0c85c0199f479e71c8c4811684fd8de779fb8c21 Mon Sep 17 00:00:00 2001 From: Josh Aas Date: Fri, 31 May 2024 11:19:07 -0400 Subject: [PATCH 1014/1145] Add issue number for server-side ECH in the roadmap. --- ROADMAP.md | 1 + 1 file changed, 1 insertion(+) diff --git a/ROADMAP.md b/ROADMAP.md index 8cb6cd8cf4..74269adfb2 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -30,6 +30,7 @@ Specific features, in rough order of priority: Encrypted Client Hello is an upcoming standard from the TLS WG providing better protection for some of the data sent by a client in the initial Client Hello message. Rustls already supports client side ECH, we will add server side support. + rustls/rustls#1980 General priorities: From 503d42bd5ffb62a0d8a98ae7a65ec41d112481c5 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 3 Jun 2024 10:06:45 +0100 Subject: [PATCH 1015/1145] Tidy away unneeded #[allow()]s It is easy to leave around #[allow()]s that no longer have any effect because the code has moved, or the lint has become more precise. This is a quick pass to remove them all, then add back those that were actually having an effect. --- rustls/src/client/hs.rs | 1 - rustls/src/msgs/deframer.rs | 1 - rustls/src/msgs/handshake.rs | 2 -- rustls/src/msgs/mod.rs | 1 - rustls/src/quic.rs | 1 - rustls/src/server/hs.rs | 1 - 6 files changed, 7 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index fe2697568f..71ba54a52e 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -45,7 +45,6 @@ fn find_session( config: &ClientConfig, cx: &mut ClientContext<'_>, ) -> Option> { - #[allow(clippy::let_and_return, clippy::unnecessary_lazy_evaluations)] let found = config .resumption .store diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 8c6ec710bd..013a36fc9e 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -324,7 +324,6 @@ impl MessageDeframer { } /// Read some bytes from `rd`, and add them to our internal buffer. - #[allow(clippy::comparison_chain)] pub fn read( &mut self, rd: &mut dyn io::Read, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index b0d88d3214..413bf27e42 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1,5 +1,3 @@ -#![allow(non_camel_case_types)] - use alloc::collections::BTreeSet; #[cfg(feature = "logging")] use alloc::string::String; diff --git a/rustls/src/msgs/mod.rs b/rustls/src/msgs/mod.rs index a24cfac862..5877eb823f 100644 --- a/rustls/src/msgs/mod.rs +++ b/rustls/src/msgs/mod.rs @@ -1,4 +1,3 @@ -#![allow(clippy::upper_case_acronyms)] #![allow(missing_docs)] #[macro_use] diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index 4f30ac0477..f3d0dba63d 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -875,7 +875,6 @@ impl Keys { /// Once the 1-RTT keys have been exchanged, either side may initiate a key update. Progressive /// update keys can be obtained from the [`Secrets`] returned in [`KeyChange::OneRtt`]. Note that /// only packet keys are updated by key updates; header protection keys remain the same. -#[allow(clippy::large_enum_variant)] pub enum KeyChange { /// Keys for the handshake space Handshake { diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 76cef8bcba..5f622cb4d1 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -640,7 +640,6 @@ pub(super) fn process_client_hello<'a>( Ok((client_hello, sig_schemes.to_owned())) } -#[allow(clippy::large_enum_variant)] pub(crate) enum HandshakeHashOrBuffer { Buffer(HandshakeHashBuffer), Hash(HandshakeHash), From 5faa88c65b3f54324b3c6912dfc1384003639f95 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 3 Jun 2024 10:11:41 +0100 Subject: [PATCH 1016/1145] hs.rs: refactor to eliminate conditional allow() --- rustls/src/client/hs.rs | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 71ba54a52e..947a6ddf02 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -113,24 +113,26 @@ pub(super) fn start_handshake( None }; - #[cfg_attr(not(feature = "tls12"), allow(unused_mut))] - let mut session_id = None; - if let Some(_resuming) = &mut resuming { - #[cfg(feature = "tls12")] - if let ClientSessionValue::Tls12(inner) = &mut _resuming.value { - // If we have a ticket, we use the sessionid as a signal that - // we're doing an abbreviated handshake. See section 3.4 in - // RFC5077. - if !inner.ticket().is_empty() { - inner.session_id = SessionId::random(config.provider.secure_random)?; + let session_id = if let Some(_resuming) = &mut resuming { + debug!("Resuming session"); + + match &mut _resuming.value { + #[cfg(feature = "tls12")] + ClientSessionValue::Tls12(inner) => { + // If we have a ticket, we use the sessionid as a signal that + // we're doing an abbreviated handshake. See section 3.4 in + // RFC5077. + if !inner.ticket().is_empty() { + inner.session_id = SessionId::random(config.provider.secure_random)?; + } + Some(inner.session_id) } - session_id = Some(inner.session_id); + _ => None, } - - debug!("Resuming session"); } else { debug!("Not resuming any session"); - } + None + }; // https://tools.ietf.org/html/rfc8446#appendix-D.4 // https://tools.ietf.org/html/draft-ietf-quic-tls-34#section-8.4 From de851b4601e0b34cd8a9ce443278982292f30baa Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 3 Jun 2024 10:28:43 +0100 Subject: [PATCH 1017/1145] unbuffered examples: avoid clippy lint --- examples/src/bin/unbuffered-async-client.rs | 3 +-- examples/src/bin/unbuffered-client.rs | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/examples/src/bin/unbuffered-async-client.rs b/examples/src/bin/unbuffered-async-client.rs index 342d11e529..d06e261e7f 100644 --- a/examples/src/bin/unbuffered-async-client.rs +++ b/examples/src/bin/unbuffered-async-client.rs @@ -14,8 +14,7 @@ use rustls::unbuffered::{ AppDataRecord, ConnectionState, EncodeError, EncryptError, InsufficientSizeError, UnbufferedStatus, WriteTraffic, }; -#[allow(unused_imports)] -use rustls::version::{TLS12, TLS13}; +use rustls::version::TLS13; use rustls::{ClientConfig, RootCertStore}; #[cfg(not(feature = "async-std"))] use tokio::io::{AsyncReadExt, AsyncWriteExt}; diff --git a/examples/src/bin/unbuffered-client.rs b/examples/src/bin/unbuffered-client.rs index 01e2c5ea76..7ebc5de629 100644 --- a/examples/src/bin/unbuffered-client.rs +++ b/examples/src/bin/unbuffered-client.rs @@ -11,8 +11,7 @@ use rustls::unbuffered::{ AppDataRecord, ConnectionState, EncodeError, EncryptError, InsufficientSizeError, UnbufferedStatus, WriteTraffic, }; -#[allow(unused_imports)] -use rustls::version::{TLS12, TLS13}; +use rustls::version::TLS13; use rustls::{ClientConfig, RootCertStore}; fn main() -> Result<(), Box> { From 590716e478374ad8c268d5ad7ad9964ea9117bdc Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 3 Jun 2024 10:31:03 +0100 Subject: [PATCH 1018/1145] Fix unstable fmt job --- rustls/src/crypto/aws_lc_rs/hpke.rs | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/hpke.rs b/rustls/src/crypto/aws_lc_rs/hpke.rs index 6880e7181c..47b669e9e3 100644 --- a/rustls/src/crypto/aws_lc_rs/hpke.rs +++ b/rustls/src/crypto/aws_lc_rs/hpke.rs @@ -890,8 +890,7 @@ static RING_HKDF_HMAC_SHA512: &HkdfUsingHmac = &HkdfUsingHmac(&HMAC_SHA512); #[cfg(test)] mod tests { - use alloc::format; - use alloc::vec; + use alloc::{format, vec}; use super::*; @@ -987,14 +986,14 @@ mod tests { #[cfg(test)] mod rfc_tests { - use super::*; - use alloc::string::String; use std::fs::File; use std::println; use serde::Deserialize; + use super::*; + /// Confirm open/seal operations work using the test vectors from [RFC 9180 Appendix A]. /// /// [RFC 9180 Appendix A]: https://www.rfc-editor.org/rfc/rfc9180#TestVectors From e754234b64d7724769c458b085a59a4f8ea782e2 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 3 Jun 2024 15:06:39 +0100 Subject: [PATCH 1019/1145] Prepare 0.23.9 --- Cargo.lock | 16 ++++++++-------- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 218d7db1cd..057bca3bd6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2217,7 +2217,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.8" +version = "0.23.9" dependencies = [ "aws-lc-rs", "base64 0.22.1", @@ -2257,7 +2257,7 @@ dependencies = [ "fxhash", "itertools 0.13.0", "rayon", - "rustls 0.23.8", + "rustls 0.23.9", "rustls-pemfile 2.1.2", "rustls-pki-types", "tikv-jemallocator", @@ -2270,7 +2270,7 @@ dependencies = [ "hickory-resolver", "regex", "ring", - "rustls 0.23.8", + "rustls 0.23.9", ] [[package]] @@ -2283,7 +2283,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.8", + "rustls 0.23.9", "rustls-pemfile 2.1.2", "rustls-pki-types", "serde", @@ -2301,7 +2301,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.8", + "rustls 0.23.9", "rustls-pemfile 2.1.2", "rustls-pki-types", ] @@ -2337,7 +2337,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.8", + "rustls 0.23.9", "webpki-roots 0.26.1", ] @@ -2358,7 +2358,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.8", + "rustls 0.23.9", "rustls-pki-types", "rustls-webpki 0.102.4", "sha2", @@ -2372,7 +2372,7 @@ name = "rustls-provider-test" version = "0.1.0" dependencies = [ "hex", - "rustls 0.23.8", + "rustls 0.23.9", "rustls-provider-example", "serde", "serde_json", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 18fe55099a..acda37e080 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -360,7 +360,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.8" +version = "0.23.9" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 8bdeae8153..e91b6187f6 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.8" +version = "0.23.9" edition = "2021" rust-version = "1.63" license = "Apache-2.0 OR ISC OR MIT" From 4451f6b909d8fdb53b5f268825f28fb43be0c474 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 3 Jun 2024 09:57:35 -0400 Subject: [PATCH 1020/1145] docs: add OpenSSF best practices badge --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3adbaf3c52..074a084396 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md). [![Coverage Status (codecov.io)](https://codecov.io/gh/rustls/rustls/branch/main/graph/badge.svg)](https://codecov.io/gh/rustls/rustls/) [![Documentation](https://docs.rs/rustls/badge.svg)](https://docs.rs/rustls/) [![Chat](https://img.shields.io/discord/976380008299917365?logo=discord)](https://discord.gg/MCSB76RU96) +[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9034/badge)](https://www.bestpractices.dev/projects/9034) ## Changelog From bc913b8b35504ae19fd6eb84725f2f9f8c10ca8a Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Tue, 4 Jun 2024 10:18:25 +0100 Subject: [PATCH 1021/1145] ROADMAP: check off cert compression --- ROADMAP.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index 74269adfb2..65da3d0434 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -4,12 +4,6 @@ Specific features, in rough order of priority: -* **Support RFC 8879 Certificate Compression**. - Support for a TLS extension that substantially shrinks certificates (one of the - largest parts of the TLS handshake), improving handshake latency by decreasing - bandwidth used. - rustls/rustls#534 - * **Support Encrypted Client Hello (Client Side)**. Encrypted Client Hello is an upcoming standard from the TLS WG providing better protection for some of the data sent by a client in the initial Client Hello @@ -46,6 +40,14 @@ General priorities: ## Past priorities +Delivered in 0.23.9: + +* **Support RFC 8879 Certificate Compression**. + Support for a TLS extension that substantially shrinks certificates (one of the + largest parts of the TLS handshake), improving handshake latency by decreasing + bandwidth used. + rustls/rustls#534 + Delivered in [rustls-openssl-compat](https://github.com/rustls/rustls-openssl-compat) 0.1.0: * **OpenSSL API Compatibility Layer**. From 11a4c014db7452044357a8d48cd432d917883858 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 3 Jun 2024 13:53:41 +0000 Subject: [PATCH 1022/1145] Add renovate.json --- renovate.json | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 renovate.json diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000000..5db72dd6a9 --- /dev/null +++ b/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended" + ] +} From ca81ff627ad7240acd3c43fe74cb376ae433eb3a Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 3 Jun 2024 10:07:20 -0400 Subject: [PATCH 1023/1145] ci: move renovate.json to .github One less bit of clutter in the top level dir please. --- renovate.json => .github/renovate.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename renovate.json => .github/renovate.json (100%) diff --git a/renovate.json b/.github/renovate.json similarity index 100% rename from renovate.json rename to .github/renovate.json From fd81ca3fccf263eed81930a0a5b6344cac0f96bb Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 3 Jun 2024 10:09:41 -0400 Subject: [PATCH 1024/1145] ci: customize renovate settings The initial renovate config in this commit is borrowed from the rustup project[0] with two small tweaks: 1. The `lockFileMaintenance` config has auto-merge removed - we're using the "forking renovate" bot (because it avoids needing write perm to the repo). This deployment model doesn't support auto-merge (and we'd rather merge by hand anyway to keep a human-in-the-loop). 2. The opentelemetry specific part in the `packageRules` config is removed as not-applicable. [0]: https://github.com/rust-lang/rustup/blob/3ba08da98221b2941aeb858e54cebc059859ffb7/.github/renovate.json --- .github/renovate.json | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/.github/renovate.json b/.github/renovate.json index 5db72dd6a9..b68e661b0a 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,6 +1,41 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "config:recommended" + "config:base" + ], + "labels": [ + "dependencies" + ], + "lockFileMaintenance": { + "enabled": true + }, + "prCreation": "not-pending", + "rangeStrategy": "update-lockfile", + "stabilityDays": 3, + "github-actions": { + "fileMatch": [ + "^ci\\/.*/[^/]+\\.ya?ml$" + ] + }, + "packageRules": [ + { + "matchManagers": [ + "cargo" + ], + "matchUpdateTypes": [ + "patch" + ], + "enabled": false + }, + { + "matchManagers": [ + "cargo" + ], + "matchUpdateTypes": [ + "minor" + ], + "matchCurrentVersion": "!/^0/", + "enabled": false + } ] } From dd5de6b8aa181e2903f5bf311a9f380c8761b6fd Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 3 Jun 2024 10:10:59 -0400 Subject: [PATCH 1025/1145] ci: remove dependabot Renovate[0] offers better Cargo ecosystem integration w.r.t lock file bumps (in particular, leaving the min version in `Cargo.toml` alone). Because Dependabot PRs will bump the minimum versions in `Cargo.toml` alongside semver compatible lockfile updates we've been having to manually recreate its PRs by hand, a chore we'd like to avoid. Unfortunately the upstream feature request that would make this work better has gone unresolved, necessitating a switch to a different solution. --- .github/dependabot.yml | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index ce1ffcc9c8..0000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,15 +0,0 @@ -version: 2 -updates: -- package-ecosystem: cargo - directory: "/" - schedule: - interval: weekly - open-pull-requests-limit: 10 - groups: - crates-io: - patterns: - - "*" -- package-ecosystem: github-actions - directory: "/" - schedule: - interval: weekly From c5fb85f061e15882f53584f9e3318bdccad35790 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Wed, 5 Jun 2024 15:08:46 +0000 Subject: [PATCH 1026/1145] chore(deps): lock file maintenance --- Cargo.lock | 595 ++++++++++++++++++++++++------------------------ fuzz/Cargo.lock | 248 +++++++++----------- 2 files changed, 405 insertions(+), 438 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 057bca3bd6..03d4bfbdfb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "addr2line" -version = "0.21.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb" +checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678" dependencies = [ "gimli", ] @@ -66,9 +66,9 @@ dependencies = [ [[package]] name = "aho-corasick" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" dependencies = [ "memchr", ] @@ -90,47 +90,48 @@ dependencies = [ [[package]] name = "anstream" -version = "0.6.12" +version = "0.6.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96b09b5178381e0874812a9b157f7fe84982617e48f71f4e3235482775e5b540" +checksum = "418c75fa768af9c03be99d17643f93f79bbba589895012a80e3452a19ddda15b" dependencies = [ "anstyle", "anstyle-parse", "anstyle-query", "anstyle-wincon", "colorchoice", + "is_terminal_polyfill", "utf8parse", ] [[package]] name = "anstyle" -version = "1.0.6" +version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8901269c6307e8d93993578286ac0edf7f195079ffff5ebdeea6a59ffb7e36bc" +checksum = "038dfcf04a5feb68e9c60b21c9625a54c2c0616e79b72b0fd87075a056ae1d1b" [[package]] name = "anstyle-parse" -version = "0.2.3" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c75ac65da39e5fe5ab759307499ddad880d724eed2f6ce5b5e8a26f4f387928c" +checksum = "c03a11a9034d92058ceb6ee011ce58af4a9bf61491aa7e1e59ecd24bd40d22d4" dependencies = [ "utf8parse", ] [[package]] name = "anstyle-query" -version = "1.0.2" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e28923312444cdd728e4738b3f9c9cac739500909bb3d3c94b43551b16517648" +checksum = "ad186efb764318d35165f1758e7dcef3b10628e26d41a44bc5550652e6804391" dependencies = [ "windows-sys 0.52.0", ] [[package]] name = "anstyle-wincon" -version = "3.0.2" +version = "3.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cd54b81ec8d6180e24654d0b371ad22fc3dd083b6ff8ba325b72e00c87660a7" +checksum = "61a38449feb7068f52bb06c12759005cf459ee52bb4adc1d5a7c4322d716fb19" dependencies = [ "anstyle", "windows-sys 0.52.0", @@ -144,22 +145,22 @@ checksum = "b3d1d046238990b9cf5bcde22a3fb3584ee5cf65fb2765f454ed428c7a0063da" [[package]] name = "asn1" -version = "0.16.1" +version = "0.16.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "889adc8fd6c1344619926529e605cccad1f832b3a2a5a3fe6d7c8557c8f05368" +checksum = "532ceda058281b62096b2add4ab00ab3a453d30dee28b8890f62461a0109ebbd" dependencies = [ "asn1_derive", ] [[package]] name = "asn1_derive" -version = "0.16.1" +version = "0.16.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2271cec9b830009b9c3b9e21767083c553f51f996b690c476c27f541199aa99" +checksum = "56e6076d38cc17cc22b0f65f31170a2ee1975e6b07f0012893aefd86ce19c987" dependencies = [ "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] @@ -185,28 +186,26 @@ dependencies = [ [[package]] name = "async-channel" -version = "2.2.0" +version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f28243a43d821d11341ab73c80bed182dc015c514b951616cf79bd4af39af0c3" +checksum = "89b47800b0be77592da0afd425cc03468052844aff33b84e33cc696f64e77b6a" dependencies = [ "concurrent-queue", - "event-listener 5.1.0", - "event-listener-strategy 0.5.0", + "event-listener-strategy", "futures-core", "pin-project-lite", ] [[package]] name = "async-executor" -version = "1.8.0" +version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17ae5ebefcc48e7452b4987947920dac9450be1110cadf34d1b8c116bdbaf97c" +checksum = "c8828ec6e544c02b0d6691d21ed9f9218d0384a82542855073c2a3f58304aaf0" dependencies = [ - "async-lock 3.3.0", "async-task", "concurrent-queue", - "fastrand 2.0.1", - "futures-lite 2.2.0", + "fastrand 2.1.0", + "futures-lite 2.3.0", "slab", ] @@ -216,12 +215,12 @@ version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "05b1b633a2115cd122d73b955eadd9916c18c8f510ec9cd1686404c60ad1c29c" dependencies = [ - "async-channel 2.2.0", + "async-channel 2.3.1", "async-executor", - "async-io 2.3.1", - "async-lock 3.3.0", + "async-io 2.3.3", + "async-lock 3.4.0", "blocking", - "futures-lite 2.2.0", + "futures-lite 2.3.0", "once_cell", ] @@ -247,18 +246,18 @@ dependencies = [ [[package]] name = "async-io" -version = "2.3.1" +version = "2.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f97ab0c5b00a7cdbe5a371b9a782ee7be1316095885c8a4ea1daf490eb0ef65" +checksum = "0d6baa8f0178795da0e71bc42c9e5d13261aac7ee549853162e66a241ba17964" dependencies = [ - "async-lock 3.3.0", + "async-lock 3.4.0", "cfg-if", "concurrent-queue", "futures-io", - "futures-lite 2.2.0", + "futures-lite 2.3.0", "parking", - "polling 3.5.0", - "rustix 0.38.31", + "polling 3.7.1", + "rustix 0.38.34", "slab", "tracing", "windows-sys 0.52.0", @@ -275,12 +274,12 @@ dependencies = [ [[package]] name = "async-lock" -version = "3.3.0" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d034b430882f8381900d3fe6f0aaa3ad94f2cb4ac519b429692a1bc2dda4ae7b" +checksum = "ff6e472cdea888a4bd64f342f09b3f50e1886d32afe8df3d663c01140b811b18" dependencies = [ - "event-listener 4.0.3", - "event-listener-strategy 0.4.0", + "event-listener 5.3.1", + "event-listener-strategy", "pin-project-lite", ] @@ -313,9 +312,9 @@ dependencies = [ [[package]] name = "async-task" -version = "4.7.0" +version = "4.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fbb36e985947064623dbd357f727af08ffd077f93d696782f3c56365fa2e2799" +checksum = "8b75356056920673b02621b35afd0f7dda9306d03c79a30f5c56c44cf256e3de" [[package]] name = "async-trait" @@ -325,7 +324,7 @@ checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca" dependencies = [ "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] @@ -336,15 +335,15 @@ checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" [[package]] name = "autocfg" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "aws-lc-fips-sys" -version = "0.12.3" +version = "0.12.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e872633d0107cd8f882b08dd9a6ee0e5bf0511da083778f666e325d597069ae" +checksum = "592ea6b0df0a72ec29701890f4857bc25c5e95a93370afe9d70b5e41db6ffcf3" dependencies = [ "bindgen", "cmake", @@ -385,9 +384,9 @@ dependencies = [ [[package]] name = "backtrace" -version = "0.3.69" +version = "0.3.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2089b7e3f35b9dd2d0ed921ead4f6d318c27680d4a5bd167b3ee120edb105837" +checksum = "17c6a35df3749d2e8bb1b7b21a976d82b15548788d2735b9d82f329268f71a11" dependencies = [ "addr2line", "cc", @@ -434,7 +433,7 @@ version = "0.69.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "cexpr", "clang-sys", "itertools 0.12.1", @@ -447,7 +446,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.50", + "syn 2.0.66", "which", ] @@ -459,9 +458,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.2" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" +checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" [[package]] name = "block-buffer" @@ -474,18 +473,15 @@ dependencies = [ [[package]] name = "blocking" -version = "1.5.1" +version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a37913e8dc4ddcc604f0c6d3bf2887c995153af3611de9e23c352b44c1b9118" +checksum = "703f41c54fc768e63e091340b424302bb1c29ef4aa0c7f10fe849dfb114d29ea" dependencies = [ - "async-channel 2.2.0", - "async-lock 3.3.0", + "async-channel 2.3.1", "async-task", - "fastrand 2.0.1", "futures-io", - "futures-lite 2.2.0", + "futures-lite 2.3.0", "piper", - "tracing", ] [[package]] @@ -511,9 +507,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.15.3" +version = "3.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ea184aa71bb362a1157c896979544cc23974e08fd265f29ea96b59f0b4a555b" +checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" [[package]] name = "byteorder" @@ -523,17 +519,19 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.5.0" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" +checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" [[package]] name = "cc" -version = "1.0.86" +version = "1.0.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f9fa1897e4325be0d68d48df6aa1a71ac2ed4d27723887e7754192705350730" +checksum = "41c270e7540d725e65ac7f1b212ac8ce349719624d7bcff99f8e2e488e8cf03f" dependencies = [ + "jobserver", "libc", + "once_cell", ] [[package]] @@ -588,9 +586,9 @@ dependencies = [ [[package]] name = "clang-sys" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" dependencies = [ "glob", "libc", @@ -616,7 +614,7 @@ dependencies = [ "anstream", "anstyle", "clap_lex", - "strsim 0.11.0", + "strsim 0.11.1", ] [[package]] @@ -628,7 +626,7 @@ dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] @@ -648,15 +646,15 @@ dependencies = [ [[package]] name = "colorchoice" -version = "1.0.0" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" +checksum = "0b6a852b24ab71dffc585bcb46eaf7959d175cb865a7152e35b348d1b2960422" [[package]] name = "concurrent-queue" -version = "2.4.0" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d16048cd947b08fa32c24458a22f5dc5e835264f689f4f5653210c69fd107363" +checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973" dependencies = [ "crossbeam-utils", ] @@ -697,9 +695,9 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.19" +version = "0.8.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" +checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" [[package]] name = "crypto-bigint" @@ -756,14 +754,14 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] name = "data-encoding" -version = "2.5.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e962a19be5cfc3f3bf6dd8f61eb50107f356ad6270fbb3ed41476571db78be5" +checksum = "e8566979429cf69b49a5c740c60791108e86440e8be149bbea4fe54d2c32d6e2" [[package]] name = "der" @@ -830,9 +828,9 @@ dependencies = [ [[package]] name = "either" -version = "1.10.0" +version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11157ac094ffbdde99aa67b23417ebdd801842852b500e395a45a9c0aac03e4a" +checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b" [[package]] name = "elliptic-curve" @@ -863,7 +861,7 @@ dependencies = [ "heck 0.4.1", "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] @@ -887,9 +885,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", "windows-sys 0.52.0", @@ -903,20 +901,9 @@ checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" [[package]] name = "event-listener" -version = "4.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67b215c49b2b248c855fb73579eb1f4f26c38ffdc12973e20e07b91d78d5646e" -dependencies = [ - "concurrent-queue", - "parking", - "pin-project-lite", -] - -[[package]] -name = "event-listener" -version = "5.1.0" +version = "5.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7ad6fd685ce13acd6d9541a30f6db6567a7a24c9ffd4ba2955d29e3f22c8b27" +checksum = "6032be9bd27023a771701cc49f9f053c751055f71efb2e0ae5c15809093675ba" dependencies = [ "concurrent-queue", "parking", @@ -925,21 +912,11 @@ dependencies = [ [[package]] name = "event-listener-strategy" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "958e4d70b6d5e81971bebec42271ec641e7ff4e170a6fa605f2b8a8b65cb97d3" -dependencies = [ - "event-listener 4.0.3", - "pin-project-lite", -] - -[[package]] -name = "event-listener-strategy" -version = "0.5.0" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "feedafcaa9b749175d5ac357452a9d41ea2911da598fde46ce1fe02c37751291" +checksum = "0f214dc438f977e6d4e3500aaa277f5ad94ca83fbbd9b1a15713ce2344ccc5a1" dependencies = [ - "event-listener 5.1.0", + "event-listener 5.3.1", "pin-project-lite", ] @@ -954,9 +931,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.1" +version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" +checksum = "9fc0510504f03c51ada170672ac806f1f105a88aa97a5281117e1ddc3368e51a" [[package]] name = "ff" @@ -970,9 +947,9 @@ dependencies = [ [[package]] name = "fiat-crypto" -version = "0.2.6" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1676f435fc1dadde4d03e43f5d62b259e1ce5f40bd4ffb21db2b42ebe59c1382" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" [[package]] name = "fnv" @@ -1048,11 +1025,11 @@ dependencies = [ [[package]] name = "futures-lite" -version = "2.2.0" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "445ba825b27408685aaecefd65178908c36c6e96aaf6d8599419d46e624192ba" +checksum = "52527eb5074e35e9339c6b4e8d12600c7128b68fb25dcb9fa9dec18f7c25f3a5" dependencies = [ - "fastrand 2.0.1", + "fastrand 2.1.0", "futures-core", "futures-io", "parking", @@ -1106,9 +1083,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.12" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", @@ -1117,9 +1094,9 @@ dependencies = [ [[package]] name = "ghash" -version = "0.5.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d930750de5717d2dd0b8c0d42c076c0e884c81a73e6cab859bbd2339c71e3e40" +checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" dependencies = [ "opaque-debug", "polyval", @@ -1127,9 +1104,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.28.1" +version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253" +checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" [[package]] name = "glob" @@ -1202,9 +1179,9 @@ checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hermit-abi" -version = "0.3.6" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd5256b483761cd23699d0da46cc6fd2ee3be420bbe6d020ae4a091e70b7e9fd" +checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" [[package]] name = "hex" @@ -1214,9 +1191,9 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "hickory-proto" -version = "0.24.0" +version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "091a6fbccf4860009355e3efc52ff4acf37a63489aad7435372d44ceeb6fbbcf" +checksum = "07698b8420e2f0d6447a436ba999ec85d8fbf2a398bbd737b82cac4a2e96e512" dependencies = [ "async-trait", "bytes", @@ -1345,9 +1322,9 @@ dependencies = [ [[package]] name = "http" -version = "0.2.11" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8947b1a6fad4393052c7ba1f4cd97bed3e953a95c79c92ad9b051a04611d9fbb" +checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" dependencies = [ "bytes", "fnv", @@ -1382,9 +1359,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.2.3" +version = "2.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "233cf39063f058ea2caae4091bf4a3ef70a653afbc026f5c4a4135d114e3c177" +checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26" dependencies = [ "equivalent", "hashbrown", @@ -1401,9 +1378,9 @@ dependencies = [ [[package]] name = "instant" -version = "0.1.12" +version = "0.1.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a5bbe824c507c5da5956355e86a746d82e0e1464f65d862cc5e71da70e94b2c" +checksum = "e0242819d153cba4b4b05a5a8f2a7e9bbf97b6055b2a002b395c96b5ff3c0222" dependencies = [ "cfg-if", ] @@ -1425,7 +1402,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f" dependencies = [ - "socket2 0.5.5", + "socket2 0.5.7", "widestring", "windows-sys 0.48.0", "winreg", @@ -1448,6 +1425,12 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "is_terminal_polyfill" +version = "1.70.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8478577c03552c21db0e2724ffb8986a5ce7af88107e6be5d2ee6e158c12800" + [[package]] name = "itertools" version = "0.12.1" @@ -1468,15 +1451,24 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.10" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" +checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" + +[[package]] +name = "jobserver" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2b099aaa34a9751c5bf0878add70444e1ed2dd73f347be99003d4577277de6e" +dependencies = [ + "libc", +] [[package]] name = "js-sys" -version = "0.3.68" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "406cda4b368d531c842222cf9d2600a9a4acce8d29423695379c6868a143a9ee" +checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" dependencies = [ "wasm-bindgen", ] @@ -1507,18 +1499,18 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.153" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "libloading" -version = "0.8.1" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c571b676ddfc9a8c12f1f3d3085a7b163966a8fd8098a90640953ce5f6170161" +checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" dependencies = [ "cfg-if", - "windows-sys 0.48.0", + "windows-targets 0.52.5", ] [[package]] @@ -1541,15 +1533,15 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" [[package]] name = "linux-raw-sys" -version = "0.4.13" +version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "lock_api" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" +checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" dependencies = [ "autocfg", "scopeguard", @@ -1581,9 +1573,9 @@ checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4" [[package]] name = "memchr" -version = "2.7.1" +version = "2.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" +checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" [[package]] name = "minimal-lexical" @@ -1593,9 +1585,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.7.2" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7" +checksum = "87dfd01fe195c66b572b37921ad8803d010623c0aca821bea2302239d155cdae" dependencies = [ "adler", ] @@ -1672,9 +1664,9 @@ dependencies = [ [[package]] name = "num-iter" -version = "0.1.44" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d869c01cc0c455284163fd0092f1f93835385ccab5a98a0dcc497b2f8bf055a9" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" dependencies = [ "autocfg", "num-integer", @@ -1683,9 +1675,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.18" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", "libm", @@ -1703,9 +1695,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.2" +version = "0.35.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441" +checksum = "b8ec7ab813848ba4522158d5517a6093db1ded27575b070f4177b8d12b41db5e" dependencies = [ "memchr", ] @@ -1718,9 +1710,9 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "opaque-debug" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "openssl" @@ -1728,7 +1720,7 @@ version = "0.10.64" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "cfg-if", "foreign-types", "libc", @@ -1745,14 +1737,14 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] name = "openssl-sys" -version = "0.9.101" +version = "0.9.102" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dda2b0f344e78efc2facf7d195d098df0dd72151b26ab98da807afc26c198dff" +checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2" dependencies = [ "cc", "libc", @@ -1790,9 +1782,9 @@ checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae" [[package]] name = "parking_lot" -version = "0.12.1" +version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" +checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" dependencies = [ "lock_api", "parking_lot_core", @@ -1800,30 +1792,30 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.9" +version = "0.9.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" +checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" dependencies = [ "cfg-if", "libc", "redox_syscall", "smallvec", - "windows-targets 0.48.5", + "windows-targets 0.52.5", ] [[package]] name = "paste" -version = "1.0.14" +version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" [[package]] name = "pem" -version = "3.0.3" +version = "3.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b8fcc794035347fb64beda2d3b462595dd2753e3f268d89c5aae77e8cf2c310" +checksum = "8e459365e590736a54c3fa561947c84837534b8e9af6fc5bf781307e82658fae" dependencies = [ - "base64 0.21.7", + "base64 0.22.1", "serde", ] @@ -1835,9 +1827,9 @@ checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "pin-project-lite" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" +checksum = "bda66fc9667c18cb2758a2ac84d1167245054bcf85d5d1aaa6923f45801bdd02" [[package]] name = "pin-utils" @@ -1847,12 +1839,12 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "piper" -version = "0.2.1" +version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "668d31b1c4eba19242f2088b2bf3316b82ca31082a8335764db4e083db7485d4" +checksum = "ae1d5c74c9876f070d3e8fd503d748c7d974c3e48da8f41350fa5222ef9b4391" dependencies = [ "atomic-waker", - "fastrand 2.0.1", + "fastrand 2.1.0", "futures-io", ] @@ -1885,9 +1877,9 @@ checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "platforms" -version = "3.3.0" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "626dec3cac7cc0e1577a2ec3fc496277ec2baa084bebad95bb6fdbfae235f84c" +checksum = "db23d408679286588f4d4644f965003d056e3dd5abcaaa938116871d7ce2fee7" [[package]] name = "polling" @@ -1907,14 +1899,15 @@ dependencies = [ [[package]] name = "polling" -version = "3.5.0" +version = "3.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24f040dee2588b4963afb4e420540439d126f73fdacf4a9c486a96d840bac3c9" +checksum = "5e6a007746f34ed64099e88783b0ae369eaa3da6392868ba262e2af9b8fbaea1" dependencies = [ "cfg-if", "concurrent-queue", + "hermit-abi", "pin-project-lite", - "rustix 0.38.31", + "rustix 0.38.34", "tracing", "windows-sys 0.52.0", ] @@ -1932,9 +1925,9 @@ dependencies = [ [[package]] name = "polyval" -version = "0.6.1" +version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d52cff9d1d4dee5fe6d03729099f4a310a41179e0a10dbf542039873f2e826fb" +checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" dependencies = [ "cfg-if", "cpufeatures", @@ -1956,12 +1949,12 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "prettyplease" -version = "0.2.16" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a41cf62165e97c7f814d2221421dbb9afcbcdb0a88068e5ea206e19951c2cbb5" +checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] @@ -1975,9 +1968,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.78" +version = "1.0.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae" +checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23" dependencies = [ "unicode-ident", ] @@ -1990,9 +1983,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" [[package]] name = "quote" -version = "1.0.35" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] @@ -2063,11 +2056,11 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.4.1" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" +checksum = "469052894dcb553421e483e4209ee581a45100d31b4018de03e5a7ad86374a7e" dependencies = [ - "bitflags 1.3.2", + "bitflags 2.5.0", ] [[package]] @@ -2084,9 +2077,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5bb987efffd3c6d0d8f5f89510bb458559eab11e4f869acb20bf845e016259cd" +checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" dependencies = [ "aho-corasick", "memchr", @@ -2095,9 +2088,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" [[package]] name = "resolv-conf" @@ -2157,9 +2150,9 @@ dependencies = [ [[package]] name = "rustc-demangle" -version = "0.1.23" +version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" +checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustc-hash" @@ -2192,14 +2185,14 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.31" +version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "errno", "libc", - "linux-raw-sys 0.4.13", + "linux-raw-sys 0.4.14", "windows-sys 0.52.0", ] @@ -2241,7 +2234,7 @@ dependencies = [ "subtle", "tikv-jemallocator", "time", - "webpki-roots 0.26.1", + "webpki-roots 0.26.2", "zeroize", "zlib-rs", ] @@ -2289,7 +2282,7 @@ dependencies = [ "serde", "serde_derive", "tokio", - "webpki-roots 0.26.1", + "webpki-roots 0.26.2", ] [[package]] @@ -2338,7 +2331,7 @@ dependencies = [ "aws-lc-rs", "env_logger", "rustls 0.23.9", - "webpki-roots 0.26.1", + "webpki-roots 0.26.2", ] [[package]] @@ -2363,7 +2356,7 @@ dependencies = [ "rustls-webpki 0.102.4", "sha2", "signature", - "webpki-roots 0.26.1", + "webpki-roots 0.26.2", "x25519-dalek", ] @@ -2408,9 +2401,9 @@ checksum = "955d28af4278de8121b7ebeb796b6a45735dc01436d898801014aced2773a3d6" [[package]] name = "ryu" -version = "1.0.17" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "scopeguard" @@ -2444,9 +2437,9 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.22" +version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" @@ -2465,7 +2458,7 @@ checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" dependencies = [ "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] @@ -2517,9 +2510,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.13.1" +version = "1.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6ecd384b10a64542d77071bd64bd7b231f4ed5940fba55e98c3de13824cf3d7" +checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "socket2" @@ -2533,12 +2526,12 @@ dependencies = [ [[package]] name = "socket2" -version = "0.5.5" +version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9" +checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" dependencies = [ "libc", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -2571,9 +2564,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] name = "strsim" -version = "0.11.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ee073c9e4cd00e28217186dbe12796d692868f432bf2e97ee73bed0c56dfa01" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "subtle" @@ -2594,9 +2587,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.50" +version = "2.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74f1bdc9872430ce9b75da68329d1c1746faf50ffac5f19e02b71e37ff881ffb" +checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5" dependencies = [ "proc-macro2", "quote", @@ -2614,22 +2607,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.57" +version = "1.0.61" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e45bcbe8ed29775f228095caf2cd67af7a4ccf756ebff23a306bf3e8b47b24b" +checksum = "c546c80d6be4bc6a00c0f01730c08df82eaa7a7a61f11d656526506112cc1709" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.57" +version = "1.0.61" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a953cb265bef375dae3de6663da4d3804eee9682ea80d8e2542529b73c531c81" +checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533" dependencies = [ "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] @@ -2688,9 +2681,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.37.0" +version = "1.38.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1adbebffeca75fcfd058afa480fb6c0b81e165a0323f9c9d39c9697e37c46787" +checksum = "ba4f4a02a7a80d6f274636f0aa95c7e383b912d41fe721a31f29e29698585a4a" dependencies = [ "backtrace", "bytes", @@ -2698,20 +2691,20 @@ dependencies = [ "mio", "num_cpus", "pin-project-lite", - "socket2 0.5.5", + "socket2 0.5.7", "tokio-macros", "windows-sys 0.48.0", ] [[package]] name = "tokio-macros" -version = "2.2.0" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" +checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] @@ -2726,16 +2719,15 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.10" +version = "0.7.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15" +checksum = "9cf6b47b3771c49ac75ad09a6162f53ad4b8088b76ac60e8ec1455b31a189fe1" dependencies = [ "bytes", "futures-core", "futures-sink", "pin-project-lite", "tokio", - "tracing", ] [[package]] @@ -2757,7 +2749,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] @@ -2837,9 +2829,9 @@ checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" [[package]] name = "value-bag" -version = "1.7.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "126e423afe2dd9ac52142e7e9d5ce4135d7e13776c529d27fd6bc49f19e3280b" +checksum = "5a84c137d37ab0142f0f2ddfe332651fdbf252e7b7dbb4e67b6c1f1b2e925101" [[package]] name = "vcpkg" @@ -2855,9 +2847,9 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "waker-fn" -version = "1.1.1" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f3c4517f54858c779bbcbf228f4fca63d121bf85fbecb2dc578cdf4a39395690" +checksum = "317211a0dc0ceedd78fb2ca9a44aed3d7b9b26f81870d485c07122b4350673b7" [[package]] name = "wasi" @@ -2867,9 +2859,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.91" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1e124130aee3fb58c5bdd6b639a0509486b0338acaaae0c84a5124b0f588b7f" +checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -2877,24 +2869,24 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.91" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9e7e1900c352b609c8488ad12639a311045f40a35491fb69ba8c12f758af70b" +checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" dependencies = [ "bumpalo", "log", "once_cell", "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-futures" -version = "0.4.41" +version = "0.4.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "877b9c3f61ceea0e56331985743b13f3d25c406a7098d45180fb5f09bc19ed97" +checksum = "76bc14366121efc8dbb487ab05bcc9d346b3b5ec0eaa76e46594cabbe51762c0" dependencies = [ "cfg-if", "js-sys", @@ -2904,9 +2896,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.91" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b30af9e2d358182b5c7449424f017eba305ed32a7010509ede96cdc4696c46ed" +checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -2914,28 +2906,28 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.91" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "642f325be6301eb8107a83d12a8ac6c1e1c54345a7ef1a9261962dfefda09e66" +checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.91" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f186bd2dcf04330886ce82d6f33dd75a7bfcf69ecf5763b89fcde53b6ac9838" +checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" [[package]] name = "web-sys" -version = "0.3.68" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96565907687f7aceb35bc5fc03770a8a0471d82e479f25832f54a0e3f4b28446" +checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" dependencies = [ "js-sys", "wasm-bindgen", @@ -2949,9 +2941,9 @@ checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" [[package]] name = "webpki-roots" -version = "0.26.1" +version = "0.26.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009" +checksum = "3c452ad30530b54a4d8e71952716a212b08efd0f3562baa66c29a618b07da7c3" dependencies = [ "rustls-pki-types", ] @@ -2965,14 +2957,14 @@ dependencies = [ "either", "home", "once_cell", - "rustix 0.38.31", + "rustix 0.38.34", ] [[package]] name = "widestring" -version = "1.0.2" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "653f141f39ec16bba3c5abe400a0c60da7468261cc2cbf36805022876bc721a8" +checksum = "7219d36b6eac893fa81e84ebe06485e7dcbb616177469b142df14f1f4deb1311" [[package]] name = "winapi" @@ -2992,11 +2984,11 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.6" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" dependencies = [ - "winapi", + "windows-sys 0.52.0", ] [[package]] @@ -3020,7 +3012,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.3", + "windows-targets 0.52.5", ] [[package]] @@ -3040,17 +3032,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.3" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d380ba1dc7187569a8a9e91ed34b8ccfc33123bbacb8c0aed2d1ad7f3ef2dc5f" +checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" dependencies = [ - "windows_aarch64_gnullvm 0.52.3", - "windows_aarch64_msvc 0.52.3", - "windows_i686_gnu 0.52.3", - "windows_i686_msvc 0.52.3", - "windows_x86_64_gnu 0.52.3", - "windows_x86_64_gnullvm 0.52.3", - "windows_x86_64_msvc 0.52.3", + "windows_aarch64_gnullvm 0.52.5", + "windows_aarch64_msvc 0.52.5", + "windows_i686_gnu 0.52.5", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.5", + "windows_x86_64_gnu 0.52.5", + "windows_x86_64_gnullvm 0.52.5", + "windows_x86_64_msvc 0.52.5", ] [[package]] @@ -3061,9 +3054,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.3" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68e5dcfb9413f53afd9c8f86e56a7b4d86d9a2fa26090ea2dc9e40fba56c6ec6" +checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" [[package]] name = "windows_aarch64_msvc" @@ -3073,9 +3066,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.3" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8dab469ebbc45798319e69eebf92308e541ce46760b49b18c6b3fe5e8965b30f" +checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" [[package]] name = "windows_i686_gnu" @@ -3085,9 +3078,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.3" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a4e9b6a7cac734a8b4138a4e1044eac3404d8326b6c0f939276560687a033fb" +checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" [[package]] name = "windows_i686_msvc" @@ -3097,9 +3096,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.3" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28b0ec9c422ca95ff34a78755cfa6ad4a51371da2a5ace67500cf7ca5f232c58" +checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" [[package]] name = "windows_x86_64_gnu" @@ -3109,9 +3108,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.3" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "704131571ba93e89d7cd43482277d6632589b18ecf4468f591fbae0a8b101614" +checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" [[package]] name = "windows_x86_64_gnullvm" @@ -3121,9 +3120,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.3" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42079295511643151e98d61c38c0acc444e52dd42ab456f7ccfd5152e8ecf21c" +checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" [[package]] name = "windows_x86_64_msvc" @@ -3133,9 +3132,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.3" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0770833d60a970638e989b3fa9fd2bb1aaadcf88963d1659fd7d9990196ed2d6" +checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" [[package]] name = "winreg" @@ -3170,22 +3169,22 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.7.32" +version = "0.7.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" +checksum = "ae87e3fcd617500e5d106f0380cf7b77f3c6092aae37191433159dda23cfb087" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.7.32" +version = "0.7.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" +checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] @@ -3205,7 +3204,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.50", + "syn 2.0.66", ] [[package]] diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index acda37e080..21f4b86968 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "aho-corasick" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" dependencies = [ "memchr", ] @@ -19,9 +19,9 @@ checksum = "64cf76cb6e2222ed0ea86b2b0ee2f71c96ec6edd5af42e84d59160e91b836ec4" [[package]] name = "aws-lc-rs" -version = "1.6.1" +version = "1.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb94ba389c4c48d9dc1983f8653cb92f7d9fc50b261e0501be2b7a636cbcbc4a" +checksum = "474d7cec9d0a1126fad1b224b767fcbf351c23b0309bb21ec210bcfd379926a5" dependencies = [ "aws-lc-sys", "mirai-annotations", @@ -31,11 +31,12 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.13.0" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6e564487156f6ea22217c06263abd92ee65e4d9ff3dbc1f99f703f060f94715" +checksum = "7505fc3cb7acbf42699a43a79dd9caa4ed9e99861dfbb837c5c0fb5a0a8d2980" dependencies = [ "bindgen", + "cc", "cmake", "dunce", "fs_extra", @@ -68,17 +69,19 @@ dependencies = [ [[package]] name = "bitflags" -version = "2.4.2" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" +checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" [[package]] name = "cc" -version = "1.0.83" +version = "1.0.98" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +checksum = "41c270e7540d725e65ac7f1b212ac8ce349719624d7bcff99f8e2e488e8cf03f" dependencies = [ + "jobserver", "libc", + "once_cell", ] [[package]] @@ -98,9 +101,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "clang-sys" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" dependencies = [ "glob", "libc", @@ -124,18 +127,18 @@ checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" [[package]] name = "either" -version = "1.9.0" +version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" +checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b" [[package]] name = "errno" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", - "windows-sys 0.52.0", + "windows-sys", ] [[package]] @@ -146,9 +149,9 @@ checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" [[package]] name = "getrandom" -version = "0.2.12" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", @@ -167,7 +170,7 @@ version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" dependencies = [ - "windows-sys 0.52.0", + "windows-sys", ] [[package]] @@ -179,6 +182,15 @@ dependencies = [ "either", ] +[[package]] +name = "jobserver" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2b099aaa34a9751c5bf0878add70444e1ed2dd73f347be99003d4577277de6e" +dependencies = [ + "libc", +] + [[package]] name = "lazy_static" version = "1.4.0" @@ -193,9 +205,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.153" +version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "libfuzzer-sys" @@ -208,31 +220,31 @@ dependencies = [ [[package]] name = "libloading" -version = "0.8.1" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c571b676ddfc9a8c12f1f3d3085a7b163966a8fd8098a90640953ce5f6170161" +checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" dependencies = [ "cfg-if", - "windows-sys 0.48.0", + "windows-targets", ] [[package]] name = "linux-raw-sys" -version = "0.4.13" +version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "log" -version = "0.4.20" +version = "0.4.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f" +checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" [[package]] name = "memchr" -version = "2.7.1" +version = "2.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "523dc4f511e55ab87b694dc30d0f820d60906ef06413f93d4d7a1385599cc149" +checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" [[package]] name = "minimal-lexical" @@ -264,15 +276,15 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "paste" -version = "1.0.14" +version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" [[package]] name = "prettyplease" -version = "0.2.16" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a41cf62165e97c7f814d2221421dbb9afcbcdb0a88068e5ea206e19951c2cbb5" +checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", "syn", @@ -280,27 +292,27 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.78" +version = "1.0.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2422ad645d89c99f8f3e6b88a9fdeca7fabeac836b1002371c4367c8f984aae" +checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.35" +version = "1.0.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" dependencies = [ "proc-macro2", ] [[package]] name = "regex" -version = "1.10.3" +version = "1.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b62dbe01f0b06f9d8dc7d49e05a0785f153b00b2c227856282f671e0318c9b15" +checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" dependencies = [ "aho-corasick", "memchr", @@ -310,9 +322,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5bb987efffd3c6d0d8f5f89510bb458559eab11e4f869acb20bf845e016259cd" +checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" dependencies = [ "aho-corasick", "memchr", @@ -321,22 +333,23 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.2" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" [[package]] name = "ring" -version = "0.17.7" +version = "0.17.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" +checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d" dependencies = [ "cc", + "cfg-if", "getrandom", "libc", "spin", "untrusted", - "windows-sys 0.48.0", + "windows-sys", ] [[package]] @@ -347,15 +360,15 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustix" -version = "0.38.31" +version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ea3e1a662af26cd7a3ba09c0297a31af215563ecf42817c98df621387f4e949" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ "bitflags", "errno", "libc", "linux-raw-sys", - "windows-sys 0.52.0", + "windows-sys", ] [[package]] @@ -418,9 +431,9 @@ checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" [[package]] name = "syn" -version = "2.0.48" +version = "2.0.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" +checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5" dependencies = [ "proc-macro2", "quote", @@ -457,140 +470,95 @@ dependencies = [ "rustix", ] -[[package]] -name = "windows-sys" -version = "0.48.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" -dependencies = [ - "windows-targets 0.48.5", -] - [[package]] name = "windows-sys" version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.0", -] - -[[package]] -name = "windows-targets" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" -dependencies = [ - "windows_aarch64_gnullvm 0.48.5", - "windows_aarch64_msvc 0.48.5", - "windows_i686_gnu 0.48.5", - "windows_i686_msvc 0.48.5", - "windows_x86_64_gnu 0.48.5", - "windows_x86_64_gnullvm 0.48.5", - "windows_x86_64_msvc 0.48.5", + "windows-targets", ] [[package]] name = "windows-targets" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd" +checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" dependencies = [ - "windows_aarch64_gnullvm 0.52.0", - "windows_aarch64_msvc 0.52.0", - "windows_i686_gnu 0.52.0", - "windows_i686_msvc 0.52.0", - "windows_x86_64_gnu 0.52.0", - "windows_x86_64_gnullvm 0.52.0", - "windows_x86_64_msvc 0.52.0", + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", ] [[package]] name = "windows_aarch64_gnullvm" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" - -[[package]] -name = "windows_aarch64_gnullvm" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" - -[[package]] -name = "windows_aarch64_msvc" -version = "0.48.5" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" [[package]] name = "windows_aarch64_msvc" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" - -[[package]] -name = "windows_i686_gnu" -version = "0.48.5" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" [[package]] name = "windows_i686_gnu" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" +checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" [[package]] -name = "windows_i686_msvc" -version = "0.48.5" +name = "windows_i686_gnullvm" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" [[package]] name = "windows_i686_msvc" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" - -[[package]] -name = "windows_x86_64_gnu" -version = "0.48.5" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" [[package]] name = "windows_x86_64_gnu" -version = "0.52.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" - -[[package]] -name = "windows_x86_64_gnullvm" -version = "0.48.5" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.0" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" +checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" [[package]] name = "windows_x86_64_msvc" -version = "0.48.5" +version = "0.52.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" [[package]] -name = "windows_x86_64_msvc" -version = "0.52.0" +name = "zeroize" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" +dependencies = [ + "zeroize_derive", +] [[package]] -name = "zeroize" -version = "1.7.0" +name = "zeroize_derive" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] From c7ce75138f15c161489f2594e7089162ebfcbdcf Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 6 Jun 2024 10:13:15 +0100 Subject: [PATCH 1027/1145] Avoid incidental use of X25519 in tests Where that's not possible, explicitly configure it. --- rustls/tests/api.rs | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 2bc8dff1b0..3bfc5ede55 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -4392,7 +4392,7 @@ mod test_quic { let random = Random::from(random); let rng = ring::rand::SystemRandom::new(); - let kx = ring::agreement::EphemeralPrivateKey::generate(&ring::agreement::X25519, &rng) + let kx = ring::agreement::EphemeralPrivateKey::generate(&ring::agreement::ECDH_P256, &rng) .unwrap() .compute_public_key() .unwrap(); @@ -4407,10 +4407,10 @@ mod test_quic { compression_methods: vec![Compression::Null], extensions: vec![ ClientExtension::SupportedVersions(vec![ProtocolVersion::TLSv1_3]), - ClientExtension::NamedGroups(vec![NamedGroup::X25519]), + ClientExtension::NamedGroups(vec![NamedGroup::secp256r1]), ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ED25519]), ClientExtension::KeyShare(vec![KeyShareEntry::new( - NamedGroup::X25519, + NamedGroup::secp256r1, kx.as_ref(), )]), ], @@ -4996,10 +4996,10 @@ fn test_client_attempts_to_use_unsupported_kx_group() { // common to both client configs let shared_storage = Arc::new(ClientStorage::new()); - // first, client sends a x25519 and server agrees. x25519 is inserted + // first, client sends a secp-256 share and server agrees. secp-256 is inserted // into kx group cache. let mut client_config_1 = - make_client_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::X25519]); + make_client_config_with_kx_groups(KeyType::Rsa2048, vec![provider::kx_group::SECP256R1]); client_config_1.resumption = Resumption::store(shared_storage.clone()); // second, client only supports secp-384 and so kx group cache @@ -5019,7 +5019,7 @@ fn test_client_attempts_to_use_unsupported_kx_group() { assert_eq!(ops.len(), 9); assert!(matches!( ops[3], - ClientStorageOp::SetKxHint(_, rustls::NamedGroup::X25519) + ClientStorageOp::SetKxHint(_, rustls::NamedGroup::secp256r1) )); // second handshake @@ -5032,7 +5032,7 @@ fn test_client_attempts_to_use_unsupported_kx_group() { assert!(matches!(ops[9], ClientStorageOp::TakeTls13Ticket(_, true))); assert!(matches!( ops[10], - ClientStorageOp::GetKxHint(_, Some(rustls::NamedGroup::X25519)) + ClientStorageOp::GetKxHint(_, Some(rustls::NamedGroup::secp256r1)) )); assert!(matches!( ops[11], @@ -5063,7 +5063,8 @@ fn test_client_sends_share_for_less_preferred_group() { ); client_config_2.resumption = Resumption::store(shared_storage.clone()); - let server_config = make_server_config(KeyType::Rsa2048); + let server_config = + make_server_config_with_kx_groups(KeyType::Rsa2048, provider::ALL_KX_GROUPS.to_vec()); // first handshake let (mut client_1, mut server) = make_pair_for_configs(client_config_1, server_config.clone()); @@ -5632,11 +5633,20 @@ fn test_client_with_custom_verifier_can_accept_ecdsa_sha1_signatures() { Altered::InPlace } - let client_config = client_config_builder_with_versions(&[&rustls::version::TLS12]) - .dangerous() - .with_custom_certificate_verifier(Arc::new(MockServerVerifier::accepts_anything())) - .with_no_client_auth(); - let server_config = make_server_config(KeyType::EcdsaP256); + let kx_groups = provider::ALL_KX_GROUPS; + let client_config = ClientConfig::builder_with_provider( + CryptoProvider { + kx_groups: kx_groups.to_vec(), + ..provider::default_provider() + } + .into(), + ) + .with_protocol_versions(&[&rustls::version::TLS12]) + .unwrap() + .dangerous() + .with_custom_certificate_verifier(Arc::new(MockServerVerifier::accepts_anything())) + .with_no_client_auth(); + let server_config = make_server_config_with_kx_groups(KeyType::EcdsaP256, kx_groups.to_vec()); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); transfer(&mut client, &mut server); server.process_new_packets().unwrap(); From c82a9cbc3555ef802e90478b62469a0ebe5bb7d5 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 6 Jun 2024 09:58:24 +0100 Subject: [PATCH 1028/1145] Disable X25519 key exchange in FIPS mode --- rustls/src/crypto/ring/kx.rs | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index db8734d981..ad3a54da48 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -20,6 +20,12 @@ struct KxGroup { /// The corresponding ring agreement::Algorithm agreement_algorithm: &'static agreement::Algorithm, + + /// Whether the algorithm is allowed by FIPS + /// + /// `SupportedKxGroup::fips()` is true iff the algorithm is allowed, + /// _and_ the implementation is FIPS-validated. + fips_allowed: bool, } impl SupportedKxGroup for KxGroup { @@ -45,7 +51,7 @@ impl SupportedKxGroup for KxGroup { } fn fips(&self) -> bool { - super::fips() + self.fips_allowed && super::fips() } } @@ -59,18 +65,27 @@ impl fmt::Debug for KxGroup { pub static X25519: &dyn SupportedKxGroup = &KxGroup { name: NamedGroup::X25519, agreement_algorithm: &agreement::X25519, + + // "Curves that are included in SP 800-186 but not included in SP 800-56Arev3 are + // not approved for key agreement. E.g., the ECDH X25519 and X448 key agreement + // schemes (defined in RFC 7748) that use Curve25519 and Curve448, respectively, + // are not compliant to SP 800-56Arev3." + // -- + fips_allowed: false, }; /// Ephemeral ECDH on secp256r1 (aka NIST-P256) pub static SECP256R1: &dyn SupportedKxGroup = &KxGroup { name: NamedGroup::secp256r1, agreement_algorithm: &agreement::ECDH_P256, + fips_allowed: true, }; /// Ephemeral ECDH on secp384r1 (aka NIST-P384) pub static SECP384R1: &dyn SupportedKxGroup = &KxGroup { name: NamedGroup::secp384r1, agreement_algorithm: &agreement::ECDH_P384, + fips_allowed: true, }; /// A list of all the key exchange groups supported by rustls. From 7950afc1d17647169879cfff3f84df6af8c73e7c Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 6 Jun 2024 10:54:52 +0100 Subject: [PATCH 1029/1145] bogo: use specific error for PeerMisbehaved::SelectedUnofferedCipherSuite --- bogo/config.json.in | 4 +--- rustls/examples/internal/bogo_shim_impl.rs | 3 +++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/bogo/config.json.in b/bogo/config.json.in index 199e3606f4..b1c0618e93 100644 --- a/bogo/config.json.in +++ b/bogo/config.json.in @@ -179,8 +179,6 @@ "NoSupportedCurves": ":INCOMPATIBLE:", "BadECDHECurve": ":PEER_MISBEHAVIOUR:", "VersionTooLow": ":INCOMPATIBLE:", - "ServerHelloBogusCipher": ":PEER_MISBEHAVIOUR:", - "ServerHelloBogusCipher-TLS13": ":PEER_MISBEHAVIOUR:", "ALPNClient-RejectUnknown-TLS-TLS12": ":PEER_MISBEHAVIOUR:", "ALPNClient-RejectUnknown-TLS-TLS13": ":PEER_MISBEHAVIOUR:", "ALPNClient-EmptyProtocolName-TLS-TLS12": ":PEER_MISBEHAVIOUR:", @@ -259,7 +257,7 @@ "Resume-Server-PSKBinderFirstExtension": ":PEER_MISBEHAVIOUR:", "Resume-Client-PRFMismatch-TLS13": ":PEER_MISBEHAVIOUR:", "Resume-Client-Mismatch-TLS12-TLS13-TLS": ":PEER_MISBEHAVIOUR:", - "Resume-Client-Mismatch-TLS13-TLS12-TLS": ":PEER_MISBEHAVIOUR:", + "Resume-Client-Mismatch-TLS13-TLS12-TLS": ":WRONG_CIPHER_RETURNED:", "NoSupportedCurves-TLS13": ":INCOMPATIBLE:", "BadECDHECurve-TLS13": ":PEER_MISBEHAVIOUR:", "InvalidECDHPoint-Client-TLS13": ":PEER_MISBEHAVIOUR:", diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 8958c97595..9d10930da5 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -809,6 +809,9 @@ fn handle_err(err: Error) -> ! { Error::PeerMisbehaved(PeerMisbehaved::OfferedDuplicateCertificateCompressions) => { quit(":ERROR_PARSING_EXTENSION:") } + Error::PeerMisbehaved(PeerMisbehaved::SelectedUnofferedCipherSuite) => { + quit(":WRONG_CIPHER_RETURNED:") + } Error::PeerMisbehaved(_) => quit(":PEER_MISBEHAVIOUR:"), Error::NoCertificatesPresented => quit(":NO_CERTS:"), Error::AlertReceived(AlertDescription::UnexpectedMessage) => quit(":BAD_ALERT:"), From dafc7ac2349c50095d57f60be36caf0fedb90c41 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 6 Jun 2024 10:56:18 +0100 Subject: [PATCH 1030/1145] Run bogo FIPS tests This is not straightforward because: - the tests want the FIPS selection to be at runtime, so we reconstruct the non-FIPS CryptoProvider and use that unless the `-fips-202205` is passed to the shim. - BoringSSL's FIPS evaluation is (presumably) older than aws-lc-rs, and doesn't include ED25519 (ref. FIPS 186-5) or P521. However, this does provider test coverage that: - X25519 is not usable - chacha20-poly1305 is not usable --- .github/workflows/build.yml | 5 ++++ admin/coverage | 3 +-- bogo/config.json.in | 6 +++++ bogo/runme | 4 +++ rustls/examples/internal/bogo_shim_impl.rs | 30 ++++++++++++++++++---- rustls/tests/bogo.rs | 26 +++++++++---------- 6 files changed, 54 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 90a613735a..5c3286485d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -207,6 +207,11 @@ jobs: env: BOGO_SHIM_PROVIDER: aws-lc-rs + - name: Run test suite (aws-lc-rs-fips) + working-directory: bogo + run: ./runme + env: + BOGO_SHIM_PROVIDER: aws-lc-rs-fips fuzz: name: Smoke-test fuzzing targets diff --git a/admin/coverage b/admin/coverage index 7ab259eec4..f80072fb56 100755 --- a/admin/coverage +++ b/admin/coverage @@ -15,8 +15,7 @@ cargo test --locked $(admin/all-features-except zlib-rs rustls) cargo test --locked $(admin/all-features-except brotli rustls) ## bogo -cargo test --locked --all-features run_bogo_tests_ring -- --ignored -cargo test --locked --all-features run_bogo_tests_aws_lc_rs -- --ignored +cargo test --locked --test bogo -- --ignored --test-threads 1 ## provider tests cargo test --locked --package rustls-provider-test diff --git a/bogo/config.json.in b/bogo/config.json.in index b1c0618e93..6a39eeb73e 100644 --- a/bogo/config.json.in +++ b/bogo/config.json.in @@ -129,6 +129,12 @@ "Client-VerifyDefault-ECDSA_P521_SHA512-TLS13": "", "Client-VerifyDefault-ECDSA_P521_SHA512-TLS12": "", "*-HintMismatch-*": "hints are a boringssl-specific feature", +#if defined(AWS_LC_RS) && defined(FIPS) + "Compliance-fips-202205-TLS-Client-ECDSA_P521_SHA512": "these algorithms are fips approved in aws-lc-rs", + "Compliance-fips-202205-TLS-Server-ECDSA_P521_SHA512": "", + "Compliance-fips-202205-TLS-Client-Ed25519": "", + "Compliance-fips-202205-TLS-Server-Ed25519": "", +#endif "*-QUIC-*" :"", "QUIC-*": "", "*-QUIC": "" diff --git a/bogo/runme b/bogo/runme index d2f0ff924f..eccb8971c3 100755 --- a/bogo/runme +++ b/bogo/runme @@ -14,6 +14,10 @@ case ${BOGO_SHIM_PROVIDER:-ring} in cargo build -p rustls --example bogo_shim $(../admin/all-features-except ring,fips rustls) cpp -P -DAWS_LC_RS config.json.in > config.json ;; + aws-lc-rs-fips) + cargo build -p rustls --example bogo_shim $(../admin/all-features-except ring rustls) + cpp -P -DAWS_LC_RS -DFIPS config.json.in > config.json + ;; existing) ;; *) diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 9d10930da5..33b67651be 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -87,6 +87,7 @@ struct Options { expect_handshake_kind: Option>, expect_handshake_kind_resumed: Option>, install_cert_compression_algs: CompressionAlgs, + provider: CryptoProvider, } impl Options { @@ -140,6 +141,7 @@ impl Options { expect_handshake_kind: None, expect_handshake_kind_resumed: Some(vec![HandshakeKind::Resumed]), install_cert_compression_algs: CompressionAlgs::None, + provider: default_provider(), } } @@ -171,6 +173,16 @@ impl Options { } } +fn default_provider() -> CryptoProvider { + // ensure all suites and kx groups are included (even in fips builds) + // as non-fips test cases require them + CryptoProvider { + kx_groups: provider::ALL_KX_GROUPS.to_vec(), + cipher_suites: provider::ALL_CIPHER_SUITES.to_vec(), + ..provider::default_provider() + } +} + fn load_cert(filename: &str) -> Vec> { let certfile = fs::File::open(filename).expect("cannot open certificate file"); let mut reader = BufReader::new(certfile); @@ -522,13 +534,13 @@ fn make_server_cfg(opts: &Options) -> Arc { .map(|curveid| lookup_kx_group(*curveid)) .collect() } else { - provider::ALL_KX_GROUPS.to_vec() + opts.provider.kx_groups.clone() }; let mut cfg = ServerConfig::builder_with_provider( CryptoProvider { kx_groups, - ..provider::default_provider() + ..opts.provider.clone() } .into(), ) @@ -669,13 +681,13 @@ fn make_client_cfg(opts: &Options) -> Arc { .map(|curveid| lookup_kx_group(*curveid)) .collect() } else { - provider::ALL_KX_GROUPS.to_vec() + opts.provider.kx_groups.clone() }; let cfg = ClientConfig::builder_with_provider( CryptoProvider { kx_groups, - ..provider::default_provider() + ..opts.provider.clone() } .into(), ) @@ -1339,6 +1351,15 @@ pub fn main() { "-install-one-cert-compression-alg" => { opts.install_cert_compression_algs = CompressionAlgs::One(args.remove(0).parse::().unwrap()); } + #[cfg(feature = "fips")] + "-fips-202205" => { + opts.provider = rustls::crypto::default_fips_provider(); + } + #[cfg(not(feature = "fips"))] + "-fips-202205" => { + println!("Not a FIPS build"); + process::exit(BOGO_NACK); + } // defaults: "-enable-all-curves" | @@ -1403,7 +1424,6 @@ pub fn main() { "-no-rsa-pss-rsae-certs" | "-ignore-tls13-downgrade" | "-allow-hint-mismatch" | - "-fips-202205" | "-wpa-202304" | "-srtp-profiles" | "-permute-extensions" | diff --git a/rustls/tests/bogo.rs b/rustls/tests/bogo.rs index 66be49dbad..06595dc9d7 100644 --- a/rustls/tests/bogo.rs +++ b/rustls/tests/bogo.rs @@ -5,31 +5,31 @@ #[test] #[ignore] fn run_bogo_tests_ring() { - use std::process::Command; - - let rc = Command::new("./runme") - .current_dir("../bogo") - .env("BOGO_SHIM_PROVIDER", "ring") - .spawn() - .expect("cannot run bogo/runme") - .wait() - .expect("cannot wait for bogo"); - - assert!(rc.success(), "bogo (ring) exited non-zero"); + run_bogo_tests("ring"); } #[test] #[ignore] fn run_bogo_tests_aws_lc_rs() { + run_bogo_tests("aws-lc-rs"); +} + +#[test] +#[ignore] +fn run_bogo_tests_aws_lc_rs_fips() { + run_bogo_tests("aws-lc-rs-fips"); +} + +fn run_bogo_tests(provider: &str) { use std::process::Command; let rc = Command::new("./runme") .current_dir("../bogo") - .env("BOGO_SHIM_PROVIDER", "aws-lc-rs") + .env("BOGO_SHIM_PROVIDER", provider) .spawn() .expect("cannot run bogo/runme") .wait() .expect("cannot wait for bogo"); - assert!(rc.success(), "bogo (aws-lc-rs) exited non-zero"); + assert!(rc.success(), "bogo ({provider}) exited non-zero"); } From aff6df2128f08f0f794502d321b0b5d3f028b1e2 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Thu, 6 Jun 2024 11:51:36 +0100 Subject: [PATCH 1031/1145] admin/coverage: correct latent zlib-rs feature use --- admin/coverage | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/coverage b/admin/coverage index f80072fb56..4d70addb9e 100755 --- a/admin/coverage +++ b/admin/coverage @@ -11,7 +11,7 @@ cargo test --locked --no-default-features --features tls12,logging,aws_lc_rs,fip cargo test --locked --no-default-features --features tls12,logging,ring,std # ensure both zlib and brotli are tested, irrespective of their order -cargo test --locked $(admin/all-features-except zlib-rs rustls) +cargo test --locked $(admin/all-features-except zlib rustls) cargo test --locked $(admin/all-features-except brotli rustls) ## bogo From c2dfa5c088f7a88ef9c5cf023b32304999f43677 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 6 Jun 2024 14:36:11 -0400 Subject: [PATCH 1032/1145] aws_lc_rs: fix unused import w/ no-std Fixes an unused import warning when building w/ `aws-lc-rs` but not `std`: ``` warning: unused import: `alloc::sync::Arc` --> rustls/src/crypto/aws_lc_rs/hpke.rs:2:5 | 2 | use alloc::sync::Arc; | ^^^^^^^^^^^^^^^^ | = note: `#[warn(unused_imports)]` on by default ``` --- rustls/src/crypto/aws_lc_rs/hpke.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/rustls/src/crypto/aws_lc_rs/hpke.rs b/rustls/src/crypto/aws_lc_rs/hpke.rs index 47b669e9e3..c9af20716e 100644 --- a/rustls/src/crypto/aws_lc_rs/hpke.rs +++ b/rustls/src/crypto/aws_lc_rs/hpke.rs @@ -1,4 +1,5 @@ use alloc::boxed::Box; +#[cfg(feature = "std")] use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::{self, Debug, Formatter}; From 7c900ffefd3f861b122dc36358805b65723dfe83 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 5 Jun 2024 08:00:48 +0100 Subject: [PATCH 1033/1145] Reject excessive warning alerts --- bogo/config.json.in | 1 - rustls/examples/internal/bogo_shim_impl.rs | 3 ++ rustls/src/common_state.rs | 32 ++++++++++++++++++++++ rustls/src/error.rs | 1 + 4 files changed, 36 insertions(+), 1 deletion(-) diff --git a/bogo/config.json.in b/bogo/config.json.in index 6a39eeb73e..e841d4395c 100644 --- a/bogo/config.json.in +++ b/bogo/config.json.in @@ -101,7 +101,6 @@ "FallbackSCSV*": "fallback countermeasure not yet implemented", "RequireAnyClientCertificate-TLS12": "we don't send an alert in this case", "TooManyKeyUpdates": "no limit implemented", - "SendUserCanceledAlerts-TooMany-TLS13": "", "ServerBogusVersion": "we ignore legacy_version if there's an extension", "Renegotiate-Client-*": "no reneg", "Shutdown-Shim-Renegotiate-*": "", diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 33b67651be..ba13ba35da 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -824,6 +824,9 @@ fn handle_err(err: Error) -> ! { Error::PeerMisbehaved(PeerMisbehaved::SelectedUnofferedCipherSuite) => { quit(":WRONG_CIPHER_RETURNED:") } + Error::PeerMisbehaved(PeerMisbehaved::TooManyWarningAlertsReceived) => { + quit(":TOO_MANY_WARNING_ALERTS:") + } Error::PeerMisbehaved(_) => quit(":PEER_MISBEHAVIOUR:"), Error::NoCertificatesPresented => quit(":NO_CERTS:"), Error::AlertReceived(AlertDescription::UnexpectedMessage) => quit(":BAD_ALERT:"), diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 29825ea7d2..5c9e34c355 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -51,6 +51,7 @@ pub struct CommonState { pub(crate) protocol: Protocol, pub(crate) quic: quic::Quic, pub(crate) enable_secret_extraction: bool, + temper_counters: TemperCounters, } impl CommonState { @@ -79,6 +80,7 @@ impl CommonState { protocol: Protocol::Tcp, quic: quic::Quic::default(), enable_secret_extraction: false, + temper_counters: TemperCounters::default(), } } @@ -441,6 +443,8 @@ impl CommonState { // (except, for no good reason, user_cancelled). let err = Error::AlertReceived(alert.description); if alert.level == AlertLevel::Warning { + self.temper_counters + .received_warning_alert()?; if self.is_tls13() && alert.description != AlertDescription::UserCanceled { return Err(self.send_fatal_alert(AlertDescription::DecodeError, err)); } else { @@ -828,5 +832,33 @@ enum Limit { No, } +/// Tracking technically-allowed protocol actions +/// that we limit to avoid denial-of-service vectors. +struct TemperCounters { + allowed_warning_alerts: u8, +} + +impl TemperCounters { + fn received_warning_alert(&mut self) -> Result<(), Error> { + match self.allowed_warning_alerts { + 0 => Err(PeerMisbehaved::TooManyWarningAlertsReceived.into()), + _ => { + self.allowed_warning_alerts -= 1; + Ok(()) + } + } + } +} + +impl Default for TemperCounters { + fn default() -> Self { + Self { + // cf. BoringSSL `kMaxWarningAlerts` + // + allowed_warning_alerts: 4, + } + } +} + const DEFAULT_RECEIVED_PLAINTEXT_LIMIT: usize = 16 * 1024; pub(crate) const DEFAULT_BUFFER_LIMIT: usize = 64 * 1024; diff --git a/rustls/src/error.rs b/rustls/src/error.rs index d334e1b33d..e16eb6410f 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -233,6 +233,7 @@ pub enum PeerMisbehaved { ServerNameMustContainOneHostName, SignedKxWithWrongAlgorithm, SignedHandshakeWithUnadvertisedSigScheme, + TooManyWarningAlertsReceived, TooMuchEarlyDataReceived, UnexpectedCleartextExtension, UnsolicitedCertExtension, From ced1009924e0c7dfc2972a01ca61e86c6cc2f7a6 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 5 Jun 2024 08:48:50 +0100 Subject: [PATCH 1034/1145] Limit rebuffed renegotiation attempts --- rustls/examples/internal/bogo_shim_impl.rs | 1 + rustls/src/common_state.rs | 17 +++++++++++++++++ rustls/src/error.rs | 1 + 3 files changed, 19 insertions(+) diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index ba13ba35da..11bac1077c 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -1376,6 +1376,7 @@ pub fn main() { "-expect-no-session" | "-expect-ticket-renewal" | "-enable-ocsp-stapling" | + "-forbid-renegotiation-after-handshake" | // internal openssl details: "-async" | "-implicit-handshake" | diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 5c9e34c355..af93005c47 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -173,6 +173,8 @@ impl CommonState { Side::Server => HandshakeType::ClientHello, }; if msg.is_handshake_type(reject_ty) { + self.temper_counters + .received_renegotiation_request()?; self.send_warning_alert(AlertDescription::NoRenegotiation); return Ok(state); } @@ -836,6 +838,7 @@ enum Limit { /// that we limit to avoid denial-of-service vectors. struct TemperCounters { allowed_warning_alerts: u8, + allowed_renegotiation_requests: u8, } impl TemperCounters { @@ -848,6 +851,16 @@ impl TemperCounters { } } } + + fn received_renegotiation_request(&mut self) -> Result<(), Error> { + match self.allowed_renegotiation_requests { + 0 => Err(PeerMisbehaved::TooManyRenegotiationRequests.into()), + _ => { + self.allowed_renegotiation_requests -= 1; + Ok(()) + } + } + } } impl Default for TemperCounters { @@ -856,6 +869,10 @@ impl Default for TemperCounters { // cf. BoringSSL `kMaxWarningAlerts` // allowed_warning_alerts: 4, + + // we rebuff renegotiation requests with a `NoRenegotiation` warning alerts. + // a second request after this is fatal. + allowed_renegotiation_requests: 1, } } } diff --git a/rustls/src/error.rs b/rustls/src/error.rs index e16eb6410f..686ac603da 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -233,6 +233,7 @@ pub enum PeerMisbehaved { ServerNameMustContainOneHostName, SignedKxWithWrongAlgorithm, SignedHandshakeWithUnadvertisedSigScheme, + TooManyRenegotiationRequests, TooManyWarningAlertsReceived, TooMuchEarlyDataReceived, UnexpectedCleartextExtension, From a15a579226e7f5b679a91000c8b41f2b783771a4 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 5 Jun 2024 09:01:19 +0100 Subject: [PATCH 1035/1145] Limit key update requests --- bogo/config.json.in | 1 - rustls/examples/internal/bogo_shim_impl.rs | 3 +++ rustls/src/common_state.rs | 18 ++++++++++++++++++ rustls/src/error.rs | 1 + 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/bogo/config.json.in b/bogo/config.json.in index e841d4395c..1d2b264178 100644 --- a/bogo/config.json.in +++ b/bogo/config.json.in @@ -100,7 +100,6 @@ "Resume-Server-OmitPSKsOnSecondClientHello": "not required by RFC", "FallbackSCSV*": "fallback countermeasure not yet implemented", "RequireAnyClientCertificate-TLS12": "we don't send an alert in this case", - "TooManyKeyUpdates": "no limit implemented", "ServerBogusVersion": "we ignore legacy_version if there's an extension", "Renegotiate-Client-*": "no reneg", "Shutdown-Shim-Renegotiate-*": "", diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 11bac1077c..32e739a407 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -827,6 +827,9 @@ fn handle_err(err: Error) -> ! { Error::PeerMisbehaved(PeerMisbehaved::TooManyWarningAlertsReceived) => { quit(":TOO_MANY_WARNING_ALERTS:") } + Error::PeerMisbehaved(PeerMisbehaved::TooManyKeyUpdateRequests) => { + quit(":TOO_MANY_KEY_UPDATES:") + } Error::PeerMisbehaved(_) => quit(":PEER_MISBEHAVIOUR:"), Error::NoCertificatesPresented => quit(":NO_CERTS:"), Error::AlertReceived(AlertDescription::UnexpectedMessage) => quit(":BAD_ALERT:"), diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index af93005c47..9edb8dd582 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -627,6 +627,9 @@ impl CommonState { &mut self, key_update_request: &KeyUpdateRequest, ) -> Result { + self.temper_counters + .received_key_update_request()?; + match key_update_request { KeyUpdateRequest::UpdateNotRequested => Ok(false), KeyUpdateRequest::UpdateRequested => Ok(self.queued_key_update_message.is_none()), @@ -839,6 +842,7 @@ enum Limit { struct TemperCounters { allowed_warning_alerts: u8, allowed_renegotiation_requests: u8, + allowed_key_update_requests: u8, } impl TemperCounters { @@ -861,6 +865,16 @@ impl TemperCounters { } } } + + fn received_key_update_request(&mut self) -> Result<(), Error> { + match self.allowed_key_update_requests { + 0 => Err(PeerMisbehaved::TooManyKeyUpdateRequests.into()), + _ => { + self.allowed_key_update_requests -= 1; + Ok(()) + } + } + } } impl Default for TemperCounters { @@ -873,6 +887,10 @@ impl Default for TemperCounters { // we rebuff renegotiation requests with a `NoRenegotiation` warning alerts. // a second request after this is fatal. allowed_renegotiation_requests: 1, + + // cf. BoringSSL `kMaxKeyUpdates` + // + allowed_key_update_requests: 32, } } } diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 686ac603da..98fbbd890e 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -233,6 +233,7 @@ pub enum PeerMisbehaved { ServerNameMustContainOneHostName, SignedKxWithWrongAlgorithm, SignedHandshakeWithUnadvertisedSigScheme, + TooManyKeyUpdateRequests, TooManyRenegotiationRequests, TooManyWarningAlertsReceived, TooMuchEarlyDataReceived, From b7c9c03742df61d2f3721fe96af6df5510e50938 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 5 Jun 2024 12:18:24 +0100 Subject: [PATCH 1036/1145] Test for renegotiation rejection behaviour This introduces tests `common::RawTls` which allows tests to deliver arbitrary encrypted data. --- rustls/tests/api.rs | 163 +++++++++++++++++++++++++++++++++++-- rustls/tests/common/mod.rs | 132 +++++++++++++++++++++++++++++- 2 files changed, 284 insertions(+), 11 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 3bfc5ede55..f988345c2e 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -21,19 +21,19 @@ use rustls::client::{verify_server_cert_signed_by_trust_anchor, ResolvesClientCe use rustls::crypto::CryptoProvider; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; -use rustls::internal::msgs::enums::AlertLevel; +use rustls::internal::msgs::enums::{AlertLevel, Compression}; use rustls::internal::msgs::handshake::{ - ClientExtension, HandshakeMessagePayload, HandshakePayload, - ServerName as ServerNameExtensionItem, + ClientExtension, ClientHelloPayload, HandshakeMessagePayload, HandshakePayload, Random, + ServerName as ServerNameExtensionItem, SessionId, }; -use rustls::internal::msgs::message::{Message, MessagePayload}; +use rustls::internal::msgs::message::{Message, MessagePayload, PlainMessage}; use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert}; use rustls::{ sign, AlertDescription, CertificateError, CipherSuite, ClientConfig, ClientConnection, ConnectionCommon, ConnectionTrafficSecrets, ContentType, DistinguishedName, Error, - HandshakeKind, InvalidMessage, KeyLog, PeerIncompatible, PeerMisbehaved, ProtocolVersion, - ServerConfig, ServerConnection, SideData, SignatureScheme, Stream, StreamOwned, - SupportedCipherSuite, + HandshakeKind, HandshakeType, InvalidMessage, KeyLog, PeerIncompatible, PeerMisbehaved, + ProtocolVersion, ServerConfig, ServerConnection, SideData, SignatureScheme, Stream, + StreamOwned, SupportedCipherSuite, }; use super::*; @@ -6892,6 +6892,155 @@ impl<'a> io::Write for FakeStream<'a> { } } +#[test] +fn test_illegal_server_renegotiation_attempt_after_tls13_handshake() { + let client_config = + make_client_config_with_versions(KeyType::Rsa2048, &[&rustls::version::TLS13]); + let mut server_config = make_server_config(KeyType::Rsa2048); + server_config.enable_secret_extraction = true; + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + do_handshake(&mut client, &mut server); + + let mut raw_server = RawTls::new_server(server); + + let msg = PlainMessage { + typ: ContentType::Handshake, + version: ProtocolVersion::TLSv1_3, + payload: Payload::new( + HandshakeMessagePayload { + typ: HandshakeType::HelloRequest, + payload: HandshakePayload::HelloRequest, + } + .get_encoding(), + ), + }; + raw_server.encrypt_and_send(&msg, &mut client); + let err = client + .process_new_packets() + .unwrap_err(); + assert_eq!( + err, + Error::InappropriateHandshakeMessage { + expect_types: vec![HandshakeType::NewSessionTicket, HandshakeType::KeyUpdate], + got_type: HandshakeType::HelloRequest + } + ); +} + +#[cfg(feature = "tls12")] +#[test] +fn test_illegal_server_renegotiation_attempt_after_tls12_handshake() { + let client_config = + make_client_config_with_versions(KeyType::Rsa2048, &[&rustls::version::TLS12]); + let mut server_config = make_server_config(KeyType::Rsa2048); + server_config.enable_secret_extraction = true; + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + do_handshake(&mut client, &mut server); + + let mut raw_server = RawTls::new_server(server); + + let msg = PlainMessage { + typ: ContentType::Handshake, + version: ProtocolVersion::TLSv1_3, + payload: Payload::new( + HandshakeMessagePayload { + typ: HandshakeType::HelloRequest, + payload: HandshakePayload::HelloRequest, + } + .get_encoding(), + ), + }; + + // one is allowed (and elicits a warning alert) + raw_server.encrypt_and_send(&msg, &mut client); + client.process_new_packets().unwrap(); + raw_server.receive_and_decrypt(&mut client, |m| { + assert_eq!(format!("{m:?}"), + "Message { version: TLSv1_2, payload: Alert(AlertMessagePayload { level: Warning, description: NoRenegotiation }) }"); + }); + + // second is fatal + raw_server.encrypt_and_send(&msg, &mut client); + assert_eq!( + client + .process_new_packets() + .unwrap_err(), + Error::PeerMisbehaved(PeerMisbehaved::TooManyRenegotiationRequests) + ); +} + +#[test] +fn test_illegal_client_renegotiation_attempt_after_tls13_handshake() { + let mut client_config = + make_client_config_with_versions(KeyType::Rsa2048, &[&rustls::version::TLS13]); + client_config.enable_secret_extraction = true; + let server_config = make_server_config(KeyType::Rsa2048); + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + do_handshake(&mut client, &mut server); + + let mut raw_client = RawTls::new_client(client); + + let msg = PlainMessage { + typ: ContentType::Handshake, + version: ProtocolVersion::TLSv1_3, + payload: Payload::new( + HandshakeMessagePayload { + typ: HandshakeType::ClientHello, + payload: HandshakePayload::ClientHello(ClientHelloPayload { + client_version: ProtocolVersion::TLSv1_2, + random: Random::from([0u8; 32]), + session_id: SessionId::read_bytes(&[0u8]).unwrap(), + cipher_suites: vec![], + compression_methods: vec![Compression::Null], + extensions: vec![ClientExtension::ExtendedMasterSecretRequest], + }), + } + .get_encoding(), + ), + }; + raw_client.encrypt_and_send(&msg, &mut server); + let err = server + .process_new_packets() + .unwrap_err(); + assert_eq!( + format!("{err:?}"), + "InappropriateHandshakeMessage { expect_types: [KeyUpdate], got_type: ClientHello }" + ); +} + +#[cfg(feature = "tls12")] +#[test] +fn test_illegal_client_renegotiation_attempt_during_tls12_handshake() { + let server_config = make_server_config(KeyType::Rsa2048); + let client_config = + make_client_config_with_versions(KeyType::Rsa2048, &[&rustls::version::TLS12]); + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + + let mut client_hello = vec![]; + client + .write_tls(&mut io::Cursor::new(&mut client_hello)) + .unwrap(); + + server + .read_tls(&mut io::Cursor::new(&client_hello)) + .unwrap(); + server + .read_tls(&mut io::Cursor::new(&client_hello)) + .unwrap(); + assert_eq!( + server + .process_new_packets() + .unwrap_err(), + Error::InappropriateHandshakeMessage { + expect_types: vec![HandshakeType::ClientKeyExchange], + got_type: HandshakeType::ClientHello + } + ); +} + } // test_for_each_provider! #[derive(Default, Debug)] diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index d39a2c48cf..db8cc35819 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -10,14 +10,15 @@ use pki_types::{ }; use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier}; +use rustls::crypto::cipher::{InboundOpaqueMessage, MessageDecrypter, MessageEncrypter}; use rustls::crypto::CryptoProvider; -use rustls::internal::msgs::codec::Reader; +use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::message::{Message, OutboundOpaqueMessage, PlainMessage}; use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier}; use rustls::{ - ClientConfig, ClientConnection, Connection, ConnectionCommon, DigitallySignedStruct, Error, - ProtocolVersion, RootCertStore, ServerConfig, ServerConnection, SideData, SignatureScheme, - SupportedCipherSuite, + ClientConfig, ClientConnection, Connection, ConnectionCommon, ContentType, + DigitallySignedStruct, Error, ProtocolVersion, RootCertStore, ServerConfig, ServerConnection, + SideData, SignatureScheme, SupportedCipherSuite, }; use webpki::anchor_from_trusted_cert; @@ -916,3 +917,126 @@ impl Default for MockServerVerifier { } } } + +/// This allows injection/receipt of raw messages into a post-handshake connection. +/// +/// It consumes one of the peers, extracts its secrets, and then reconstitutes the +/// message encrypter/decrypter. It does not do fragmentation/joining. +pub struct RawTls { + encrypter: Box, + enc_seq: u64, + decrypter: Box, + dec_seq: u64, +} + +impl RawTls { + /// conn must be post-handshake, and must have been created with `enable_secret_extraction` + pub fn new_client(conn: ClientConnection) -> Self { + let suite = conn.negotiated_cipher_suite().unwrap(); + Self::new( + suite, + conn.dangerous_extract_secrets() + .unwrap(), + ) + } + + /// conn must be post-handshake, and must have been created with `enable_secret_extraction` + pub fn new_server(conn: ServerConnection) -> Self { + let suite = conn.negotiated_cipher_suite().unwrap(); + Self::new( + suite, + conn.dangerous_extract_secrets() + .unwrap(), + ) + } + + fn new(suite: SupportedCipherSuite, secrets: rustls::ExtractedSecrets) -> Self { + let rustls::ExtractedSecrets { + tx: (tx_seq, tx_keys), + rx: (rx_seq, rx_keys), + } = secrets; + + let encrypter = match (tx_keys, suite) { + ( + rustls::ConnectionTrafficSecrets::Aes256Gcm { key, iv }, + SupportedCipherSuite::Tls13(tls13), + ) => tls13.aead_alg.encrypter(key, iv), + + ( + rustls::ConnectionTrafficSecrets::Aes256Gcm { key, iv }, + SupportedCipherSuite::Tls12(tls12), + ) => tls12 + .aead_alg + .encrypter(key, &iv.as_ref()[..4], &iv.as_ref()[4..]), + + _ => todo!(), + }; + + let decrypter = match (rx_keys, suite) { + ( + rustls::ConnectionTrafficSecrets::Aes256Gcm { key, iv }, + SupportedCipherSuite::Tls13(tls13), + ) => tls13.aead_alg.decrypter(key, iv), + + ( + rustls::ConnectionTrafficSecrets::Aes256Gcm { key, iv }, + SupportedCipherSuite::Tls12(tls12), + ) => tls12 + .aead_alg + .decrypter(key, &iv.as_ref()[..4]), + + _ => todo!(), + }; + + Self { + encrypter, + enc_seq: tx_seq, + decrypter, + dec_seq: rx_seq, + } + } + + pub fn encrypt_and_send( + &mut self, + msg: &PlainMessage, + peer: &mut impl DerefMut>, + ) { + let data = self + .encrypter + .encrypt(msg.borrow_outbound(), self.enc_seq) + .unwrap() + .encode(); + self.enc_seq += 1; + peer.read_tls(&mut io::Cursor::new(data)) + .unwrap(); + } + + pub fn receive_and_decrypt( + &mut self, + peer: &mut impl DerefMut>, + f: impl Fn(Message), + ) { + let mut data = vec![]; + peer.write_tls(&mut io::Cursor::new(&mut data)) + .unwrap(); + + let mut reader = Reader::init(&data); + let content_type = ContentType::read(&mut reader).unwrap(); + let version = ProtocolVersion::read(&mut reader).unwrap(); + let len = u16::read(&mut reader).unwrap(); + let left = &mut data[5..]; + assert_eq!(len as usize, left.len()); + + let inbound = InboundOpaqueMessage::new(content_type, version, left); + let plain = self + .decrypter + .decrypt(inbound, self.dec_seq) + .unwrap(); + self.dec_seq += 1; + + let msg = Message::try_from(plain).unwrap(); + println!("receive_and_decrypt: {msg:?}"); + + f(msg); + } +} From 5dd1998a9ffa48b74707737962e0670903d9af15 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 5 Jun 2024 12:21:13 +0100 Subject: [PATCH 1037/1145] Fix `InvalidMessage::MissingData` message for u16 --- rustls/src/msgs/codec.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index 2af661f639..cc440ec86b 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -203,7 +203,7 @@ impl Codec<'_> for u16 { fn read(r: &mut Reader) -> Result { match r.take(2) { Some(&[b1, b2]) => Ok(Self::from_be_bytes([b1, b2])), - _ => Err(InvalidMessage::MissingData("u8")), + _ => Err(InvalidMessage::MissingData("u16")), } } } From 291ee38966af8eb874b1f7429ed18ffc31db2108 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 5 Jun 2024 14:19:34 +0100 Subject: [PATCH 1038/1145] Limit consecutive empty fragments --- bogo/config.json.in | 2 -- rustls/examples/internal/bogo_shim_impl.rs | 3 +++ rustls/src/error.rs | 1 + rustls/src/msgs/deframer.rs | 22 ++++++++++++++++++++++ 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/bogo/config.json.in b/bogo/config.json.in index 1d2b264178..4b13c5576a 100644 --- a/bogo/config.json.in +++ b/bogo/config.json.in @@ -19,8 +19,6 @@ "DummyPQPadding-*": "not supported", "MTU*": "dtls only", "DisableEverything": "not useful", - "SendEmptyRecords": "non-standard openssl/boringssl behaviour", - "SendEmptyRecords-Async": "", "CheckLeafCurve": "", "SendWarningAlerts": "", "SendWarningAlerts-*": "", diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 32e739a407..48fecfdc9d 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -830,6 +830,9 @@ fn handle_err(err: Error) -> ! { Error::PeerMisbehaved(PeerMisbehaved::TooManyKeyUpdateRequests) => { quit(":TOO_MANY_KEY_UPDATES:") } + Error::PeerMisbehaved(PeerMisbehaved::TooManyEmptyFragments) => { + quit(":TOO_MANY_EMPTY_FRAGMENTS:") + } Error::PeerMisbehaved(_) => quit(":PEER_MISBEHAVIOUR:"), Error::NoCertificatesPresented => quit(":NO_CERTS:"), Error::AlertReceived(AlertDescription::UnexpectedMessage) => quit(":BAD_ALERT:"), diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 98fbbd890e..9c3afd18be 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -233,6 +233,7 @@ pub enum PeerMisbehaved { ServerNameMustContainOneHostName, SignedKxWithWrongAlgorithm, SignedHandshakeWithUnadvertisedSigScheme, + TooManyEmptyFragments, TooManyKeyUpdateRequests, TooManyRenegotiationRequests, TooManyWarningAlertsReceived, diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 013a36fc9e..c8df570217 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -26,6 +26,10 @@ pub struct MessageDeframer { /// If we're in the middle of joining a handshake payload, this is the metadata. joining_hs: Option, + + /// We limit consecutive empty fragments to avoid a route for the peer to send + /// us significant but fruitless traffic. + seen_consecutive_empty_fragments: u8, } impl MessageDeframer { @@ -168,6 +172,20 @@ impl MessageDeframer { return Err(self.set_err(PeerMisbehaved::MessageInterleavedWithHandshakeMessage)); } + match plain_payload_slice.len { + 0 => { + if self.seen_consecutive_empty_fragments + == ALLOWED_CONSECUTIVE_EMPTY_FRAGMENTS_MAX + { + return Err(self.set_err(PeerMisbehaved::TooManyEmptyFragments)); + } + self.seen_consecutive_empty_fragments += 1; + } + _ => { + self.seen_consecutive_empty_fragments = 0; + } + } + // If it's not a handshake message, just return it -- no joining necessary. if typ != ContentType::Handshake { buffer.queue_discard(end); @@ -705,6 +723,10 @@ const MAX_HANDSHAKE_SIZE: u32 = 0xffff; #[cfg(feature = "std")] const READ_SIZE: usize = 4096; +/// cf. BoringSSL's `kMaxEmptyRecords` +/// +const ALLOWED_CONSECUTIVE_EMPTY_FRAGMENTS_MAX: u8 = 32; + #[cfg(feature = "std")] #[cfg(test)] mod tests { From 756b7dcfb10d3abaf3d850320b7e95ad0df52463 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 7 Jun 2024 07:20:24 -0700 Subject: [PATCH 1039/1145] fix lib.rs examples link --- rustls/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 2643e0f7d6..a5429170b7 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -101,7 +101,7 @@ //! If you're already using Tokio for an async runtime you may prefer to use [`tokio-rustls`] instead //! of interacting with rustls directly. //! -//! [examples]: examples/README.md +//! [examples]: https://github.com/rustls/rustls/tree/main/examples //! [`tokio-rustls`]: https://github.com/rustls/tokio-rustls //! //! ### Rustls provides encrypted pipes From 7022b1e00f20301b8175428b301524e9002f3fee Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 10 Jun 2024 17:24:59 -0400 Subject: [PATCH 1040/1145] Revert "ci: temp. pin nightly to 2024-05-22" This reverts commit b00ae7e4cf65e85e0696e7e2d2c29a18832719cc. Latest nightly builds/tests green. --- .github/workflows/build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5c3286485d..ba6398c8a8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -46,8 +46,7 @@ jobs: - name: Install ${{ matrix.rust }} toolchain uses: dtolnay/rust-toolchain@master with: - # TODO(XXX): Revert to "matrix.rust" after rust-lang/rust#125474 is fixed. - toolchain: ${{ matrix.rust == 'nightly' && 'nightly-2024-05-22' || matrix.rust }} + toolchain: ${{ matrix.rust }} - name: Install NASM for aws-lc-rs on Windows if: runner.os == 'Windows' From a01d5adf36ffc79df88692883273ec73535c178c Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 11 Jun 2024 16:49:48 -0400 Subject: [PATCH 1041/1145] msgs: EchConfig -> EchConfigPayload While the upstream specification uses "EchConfig" to describe this message we already deviate from the simple presentation format when we express our type as an `enum`. We want to reserve the `EchConfig` name for just that: a user-facing configuration type for ECH. To avoid having to import `crate::msgs::handshake::EchConfig` with an alias (`EchConfigMsg`, etc) let's just rename the raw message type to `EchConfigPayload`. --- connect-tests/tests/ech.rs | 4 ++-- rustls/src/lib.rs | 2 +- rustls/src/msgs/handshake.rs | 6 +++--- rustls/tests/ech.rs | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/connect-tests/tests/ech.rs b/connect-tests/tests/ech.rs index 12ac1346d9..d0d4464d66 100644 --- a/connect-tests/tests/ech.rs +++ b/connect-tests/tests/ech.rs @@ -5,7 +5,7 @@ mod ech_config { use hickory_resolver::Resolver; use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::enums::EchVersion; - use rustls::internal::msgs::handshake::EchConfig; + use rustls::internal::msgs::handshake::EchConfigPayload; #[test] fn cloudflare() { @@ -27,7 +27,7 @@ mod ech_config { let resolver = Resolver::new(ResolverConfig::google_https(), ResolverOpts::default()).unwrap(); let raw_value = lookup_ech(&resolver, domain); - let parsed_config = EchConfig::read(&mut Reader::init(&raw_value)) + let parsed_config = EchConfigPayload::read(&mut Reader::init(&raw_value)) .expect("failed to deserialize ECH config"); assert_eq!(parsed_config.version, EchVersion::V14); } diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index a5429170b7..5782cfd3ec 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -448,7 +448,7 @@ pub mod internal { pub mod handshake { pub use crate::msgs::handshake::{ CertificateChain, ClientExtension, ClientHelloPayload, DistinguishedName, - EchConfig, EchConfigContents, HandshakeMessagePayload, HandshakePayload, + EchConfigContents, EchConfigPayload, HandshakeMessagePayload, HandshakePayload, HpkeKeyConfig, HpkeSymmetricCipherSuite, KeyShareEntry, Random, ServerName, SessionId, }; diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 413bf27e42..e71b6e7ac4 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2690,12 +2690,12 @@ impl Codec<'_> for EchConfigContents { } #[derive(Clone, Debug, PartialEq)] -pub struct EchConfig { +pub struct EchConfigPayload { pub version: EchVersion, pub contents: EchConfigContents, } -impl Codec<'_> for EchConfig { +impl Codec<'_> for EchConfigPayload { fn encode(&self, bytes: &mut Vec) { self.version.encode(bytes); let mut contents = Vec::with_capacity(128); @@ -2716,7 +2716,7 @@ impl Codec<'_> for EchConfig { } } -impl TlsListElement for EchConfig { +impl TlsListElement for EchConfigPayload { const SIZE_LEN: ListLength = ListLength::U16; } diff --git a/rustls/tests/ech.rs b/rustls/tests/ech.rs index d1f6ee2563..4ed6d9754a 100644 --- a/rustls/tests/ech.rs +++ b/rustls/tests/ech.rs @@ -2,11 +2,11 @@ use base64::prelude::{Engine, BASE64_STANDARD}; use pki_types::DnsName; use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::enums::{EchVersion, HpkeAead, HpkeKdf, HpkeKem}; -use rustls::internal::msgs::handshake::{EchConfig, HpkeKeyConfig, HpkeSymmetricCipherSuite}; +use rustls::internal::msgs::handshake::{EchConfigPayload, HpkeKeyConfig, HpkeSymmetricCipherSuite}; #[test] fn test_decode_config_list() { - fn assert_config(config: &EchConfig, public_name: impl AsRef<[u8]>, max_len: u8) { + fn assert_config(config: &EchConfigPayload, public_name: impl AsRef<[u8]>, max_len: u8) { assert_eq!(config.version, EchVersion::V14); assert_eq!(config.contents.maximum_name_length, max_len); assert_eq!( @@ -83,7 +83,7 @@ fn test_echconfig_serialization() { assert_round_trip_eq(BASE64_ECHCONFIG_LIST_CF); } -fn get_ech_config(s: &str) -> Vec { +fn get_ech_config(s: &str) -> Vec { let bytes = BASE64_STANDARD.decode(s).unwrap(); Vec::<_>::read(&mut Reader::init(&bytes)).unwrap() } From db3a9bd9922698b3d5346c9bb0ce705195ab2243 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 18 Apr 2024 14:29:30 -0400 Subject: [PATCH 1042/1145] connect-tests: fix DNS ECH config list tests The SVCB/HTTPS record handling in hickory-dns 0.24 was stripping the TLS encoded list prefix from the `ECHConfigList` that is serialized into DNS records. This meant our previous `ech.rs` connect test was subtly wrong: it would only ever deserialize a single `EchConfigPayload` from what it found in DNS. This commit updates Rustls to: 1. Use the new `EchConfigListBytes` type from pki-types to represent what it gets from DNS. Soon we will have more API surface expecting this type. 2. Use a hickory-dns release with some upstream fixes that ensure we get the correct wire-encoding of the `ECHConfigList`. 3. Update the ech connect tests unit tests to assert all of the ECH configs that may be found are the correct version. --- Cargo.lock | 42 +++++++++++++++++++------------------- Cargo.toml | 5 +++++ connect-tests/tests/ech.rs | 29 ++++++++++++++++---------- 3 files changed, 44 insertions(+), 32 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 03d4bfbdfb..4ad05e1252 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -283,6 +283,17 @@ dependencies = [ "pin-project-lite", ] +[[package]] +name = "async-recursion" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", +] + [[package]] name = "async-std" version = "1.12.0" @@ -1139,15 +1150,15 @@ dependencies = [ [[package]] name = "h2" -version = "0.3.26" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" +checksum = "fa82e28a107a8cc405f0839610bdc9b15f1e25ec7d696aa5cf173edbcb1486ab" dependencies = [ + "atomic-waker", "bytes", "fnv", "futures-core", "futures-sink", - "futures-util", "http", "indexmap", "slab", @@ -1192,9 +1203,9 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "hickory-proto" version = "0.24.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07698b8420e2f0d6447a436ba999ec85d8fbf2a398bbd737b82cac4a2e96e512" +source = "git+https://github.com/hickory-dns/hickory-dns?rev=6334a01430088ead8642cafaee592ec7bf49831f#6334a01430088ead8642cafaee592ec7bf49831f" dependencies = [ + "async-recursion", "async-trait", "bytes", "cfg-if", @@ -1205,7 +1216,7 @@ dependencies = [ "futures-util", "h2", "http", - "idna 0.4.0", + "idna", "ipnet", "once_cell", "rand", @@ -1223,8 +1234,7 @@ dependencies = [ [[package]] name = "hickory-resolver" version = "0.24.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28757f23aa75c98f254cf0405e6d8c25b831b32921b050a66692427679b1f243" +source = "git+https://github.com/hickory-dns/hickory-dns?rev=6334a01430088ead8642cafaee592ec7bf49831f#6334a01430088ead8642cafaee592ec7bf49831f" dependencies = [ "cfg-if", "futures-util", @@ -1322,9 +1332,9 @@ dependencies = [ [[package]] name = "http" -version = "0.2.12" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" +checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258" dependencies = [ "bytes", "fnv", @@ -1337,16 +1347,6 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" -[[package]] -name = "idna" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d20d6b07bfbc108882d88ed8e37d39636dcc260e15e30c45e6ba089610b917c" -dependencies = [ - "unicode-bidi", - "unicode-normalization", -] - [[package]] name = "idna" version = "0.5.0" @@ -2817,7 +2817,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" dependencies = [ "form_urlencoded", - "idna 0.5.0", + "idna", "percent-encoding", ] diff --git a/Cargo.toml b/Cargo.toml index 78488664ba..0d8dc8e8a0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,3 +28,8 @@ resolver = "2" [profile.bench] codegen-units = 1 lto = true + +[patch.crates-io] +# TODO(XXX): Remove this once 0.25 is released - we want the ECH fixes from +# https://github.com/hickory-dns/hickory-dns/pull/2183 +hickory-resolver = { git = "https://github.com/hickory-dns/hickory-dns", rev = "6334a01430088ead8642cafaee592ec7bf49831f" } diff --git a/connect-tests/tests/ech.rs b/connect-tests/tests/ech.rs index d0d4464d66..ce1599799f 100644 --- a/connect-tests/tests/ech.rs +++ b/connect-tests/tests/ech.rs @@ -6,35 +6,39 @@ mod ech_config { use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::enums::EchVersion; use rustls::internal::msgs::handshake::EchConfigPayload; + use rustls::pki_types::EchConfigListBytes; #[test] fn cloudflare() { - test_deserialize_ech_config("crypto.cloudflare.com"); + test_deserialize_ech_config_list("crypto.cloudflare.com"); } #[test] fn defo_ie() { - test_deserialize_ech_config("defo.ie"); + test_deserialize_ech_config_list("defo.ie"); } #[test] fn tls_ech_dev() { - test_deserialize_ech_config("tls-ech.dev"); + test_deserialize_ech_config_list("tls-ech.dev"); } - /// Lookup the ECH config for a domain and deserialize it. - fn test_deserialize_ech_config(domain: &str) { + /// Lookup the ECH config list for a domain and deserialize it. + fn test_deserialize_ech_config_list(domain: &str) { let resolver = Resolver::new(ResolverConfig::google_https(), ResolverOpts::default()).unwrap(); - let raw_value = lookup_ech(&resolver, domain); - let parsed_config = EchConfigPayload::read(&mut Reader::init(&raw_value)) - .expect("failed to deserialize ECH config"); - assert_eq!(parsed_config.version, EchVersion::V14); + let tls_encoded_list = lookup_ech(&resolver, domain); + let parsed_configs = Vec::::read(&mut Reader::init(&tls_encoded_list)) + .expect("failed to deserialize ECH config list"); + assert!(!parsed_configs.is_empty()); + assert!(parsed_configs + .iter() + .all(|config| config.version == EchVersion::V14)); } /// Use `resolver` to make an HTTPS record type query for `domain`, returning the /// first SvcParam EchConfig value found, panicing if none are returned. - fn lookup_ech(resolver: &Resolver, domain: &str) -> Vec { + fn lookup_ech(resolver: &Resolver, domain: &str) -> EchConfigListBytes<'static> { resolver .lookup(domain, RecordType::HTTPS) .expect("failed to lookup HTTPS record type") @@ -44,11 +48,14 @@ mod ech_config { .svc_params() .iter() .find_map(|sp| match sp { - (SvcParamKey::EchConfig, SvcParamValue::EchConfig(e)) => Some(e.clone().0), + (SvcParamKey::EchConfigList, SvcParamValue::EchConfigList(e)) => { + Some(e.clone().0) + } _ => None, }), _ => None, }) .expect("missing expected HTTPS SvcParam EchConfig record") + .into() } } From 1ce333faae16ffe2d9fba83b7f6a2329111fb981 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 3 Jun 2024 16:31:08 -0400 Subject: [PATCH 1043/1145] crypto: add key generation to Hpke trait For ECH GREASE it's convenient to be able to generate throw-away HPKE key-pairs. Similarly, down the road we may want to support generating server-side ECH configurations, which will require key generation. This commit updates the `Hpke` trait to add a `generate_key_pair()` fn for this purpose. Both the aws-lc-rs and provider-example HPKE trait impls are updated to add this functionality. Along the way I also copied the smoke test and fips unit tests from the aws-lc-rs HPKE provider to the provider-example HPKE provider so that there's coverage of key generation for both. We won't use key generation in the rustls-provider-tests crate since the RFC test vectors come with private key material to use. --- provider-example/src/hpke.rs | 94 ++++++++++++++- rustls/src/crypto/aws_lc_rs/hpke.rs | 178 ++++++++++++++++++---------- rustls/src/crypto/hpke.rs | 6 + 3 files changed, 217 insertions(+), 61 deletions(-) diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index 59d202077d..7a1633f62a 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -2,6 +2,7 @@ use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; +use hpke_rs_crypto::HpkeCrypto; use std::error::Error as StdError; use hpke_rs_crypto::types::{AeadAlgorithm, KdfAlgorithm, KemAlgorithm}; @@ -10,7 +11,7 @@ use rustls::crypto::hpke::{ EncapsulatedSecret, Hpke, HpkeOpener, HpkePrivateKey, HpkePublicKey, HpkeSealer, HpkeSuite, }; use rustls::internal::msgs::enums::{ - HpkeAead as HpkeAeadId, HpkeKdf as HpkeKdfId, HpkeKem as HpkeKemId, + HpkeAead as HpkeAeadId, HpkeKdf as HpkeKdfId, HpkeKem as HpkeKemId, HpkeKem, }; use rustls::internal::msgs::handshake::HpkeSymmetricCipherSuite; use rustls::{Error, OtherError}; @@ -162,6 +163,25 @@ impl Hpke for HpkeRs { })) } + fn generate_key_pair(&self) -> Result<(HpkePublicKey, HpkePrivateKey), Error> { + let kem_algorithm = match self.0.kem { + HpkeKem::DHKEM_P256_HKDF_SHA256 => KemAlgorithm::DhKemP256, + HpkeKem::DHKEM_X25519_HKDF_SHA256 => KemAlgorithm::DhKem25519, + _ => { + // Safety: we don't expose HpkeRs static instances for unsupported algorithms. + unimplemented!() + } + }; + + let secret_key = HpkeRustCrypto::kem_key_gen(kem_algorithm, &mut HpkeRustCrypto::prng()) + .map_err(other_err)?; + let public_key = HpkePublicKey( + HpkeRustCrypto::kem_derive_base(kem_algorithm, &secret_key).map_err(other_err)?, + ); + + Ok((public_key, HpkePrivateKey::from(secret_key))) + } + fn suite(&self) -> HpkeSuite { self.0 } @@ -202,3 +222,75 @@ fn other_err(err: impl StdError + Send + Sync + 'static) -> Error { fn other_err(err: impl Send + Sync + 'static) -> Error { Error::General(alloc::format!("{}", err)); } + +#[cfg(test)] +mod tests { + use alloc::{format, vec}; + + use super::*; + + #[test] + fn smoke_test() { + for suite in ALL_SUPPORTED_SUITES { + _ = format!("{suite:?}"); // HpkeRs suites should be Debug. + + // We should be able to generate a random keypair. + let (pk, sk) = suite.generate_key_pair().unwrap(); + + // Info value corresponds to the first RFC 9180 base mode test vector. + let info = &[ + 0x4f, 0x64, 0x65, 0x20, 0x6f, 0x6e, 0x20, 0x61, 0x20, 0x47, 0x72, 0x65, 0x63, 0x69, + 0x61, 0x6e, 0x20, 0x55, 0x72, 0x6e, + ][..]; + + // We should be able to set up a sealer. + let (enc, mut sealer) = suite.setup_sealer(info, &pk).unwrap(); + + _ = format!("{sealer:?}"); // Sealer should be Debug. + + // Setting up a sealer with an invalid public key should fail. + let bad_setup_res = suite.setup_sealer(info, &HpkePublicKey(vec![])); + assert!(matches!(bad_setup_res.unwrap_err(), Error::Other(_))); + + // We should be able to seal some plaintext. + let aad = &[0xC0, 0xFF, 0xEE]; + let pt = &[0xF0, 0x0D]; + let ct = sealer.seal(aad, pt).unwrap(); + + // We should be able to set up an opener. + let mut opener = suite + .setup_opener(&enc, info, &sk) + .unwrap(); + _ = format!("{opener:?}"); // Opener should be Debug. + + // Setting up an opener with an invalid private key should fail. + let bad_key_res = suite.setup_opener(&enc, info, &HpkePrivateKey::from(vec![])); + assert!(matches!(bad_key_res.unwrap_err(), Error::Other(_))); + + // Opening the plaintext should work with the correct opener and aad. + let pt_prime = opener.open(aad, &ct).unwrap(); + assert_eq!(pt_prime, pt); + + // Opening the plaintext with the correct opener and wrong aad should fail. + let open_res = opener.open(&[0x0], &ct); + assert!(matches!(open_res.unwrap_err(), Error::Other(_))); + + // Opening the plaintext with the wrong opener should fail. + let mut sk_rm_prime = sk.secret_bytes().to_vec(); + sk_rm_prime[10] ^= 0xFF; // Corrupt a byte of the private key. + let mut opener_two = suite + .setup_opener(&enc, info, &HpkePrivateKey::from(sk_rm_prime)) + .unwrap(); + let open_res = opener_two.open(aad, &ct); + assert!(matches!(open_res.unwrap_err(), Error::Other(_))); + } + } + + #[test] + fn test_fips() { + // None of the rust-crypto backed hpke-rs suites should be considered FIPS approved. + assert!(ALL_SUPPORTED_SUITES + .iter() + .all(|suite| !suite.fips())); + } +} diff --git a/rustls/src/crypto/aws_lc_rs/hpke.rs b/rustls/src/crypto/aws_lc_rs/hpke.rs index c9af20716e..996813c78e 100644 --- a/rustls/src/crypto/aws_lc_rs/hpke.rs +++ b/rustls/src/crypto/aws_lc_rs/hpke.rs @@ -10,6 +10,7 @@ use aws_lc_rs::aead::{ use aws_lc_rs::agreement; use aws_lc_rs::cipher::{AES_128_KEY_LEN, AES_256_KEY_LEN}; use aws_lc_rs::digest::{SHA256_OUTPUT_LEN, SHA384_OUTPUT_LEN, SHA512_OUTPUT_LEN}; +use aws_lc_rs::encoding::{AsBigEndian, Curve25519SeedBin, EcPrivateKeyBin}; use zeroize::Zeroize; use crate::crypto::aws_lc_rs::hmac::{HMAC_SHA256, HMAC_SHA384, HMAC_SHA512}; @@ -374,6 +375,10 @@ impl Hpke for HpkeAwsLcRs Result<(HpkePublicKey, HpkePrivateKey), Error> { + (self.dh_kem.key_generator)() + } + fn suite(&self) -> HpkeSuite { self.suite } @@ -513,6 +518,8 @@ impl Debug for Opener { id: HpkeKem, agreement_algorithm: &'static agreement::Algorithm, + key_generator: + &'static (dyn Fn() -> Result<(HpkePublicKey, HpkePrivateKey), Error> + Send + Sync), hkdf: &'static dyn HkdfPrkExtract, } @@ -639,27 +646,85 @@ impl DhKem { static DH_KEM_P256_HKDF_SHA256: &DhKem = &DhKem { id: HpkeKem::DHKEM_P256_HKDF_SHA256, agreement_algorithm: &agreement::ECDH_P256, + key_generator: &|| generate_p_curve_key_pair(&agreement::ECDH_P256), hkdf: RING_HKDF_HMAC_SHA256, }; static DH_KEM_P384_HKDF_SHA384: &DhKem = &DhKem { id: HpkeKem::DHKEM_P384_HKDF_SHA384, agreement_algorithm: &agreement::ECDH_P384, + key_generator: &|| generate_p_curve_key_pair(&agreement::ECDH_P384), hkdf: RING_HKDF_HMAC_SHA384, }; static DH_KEM_P521_HKDF_SHA512: &DhKem = &DhKem { id: HpkeKem::DHKEM_P521_HKDF_SHA512, agreement_algorithm: &agreement::ECDH_P521, + key_generator: &|| generate_p_curve_key_pair(&agreement::ECDH_P521), hkdf: RING_HKDF_HMAC_SHA512, }; static DH_KEM_X25519_HKDF_SHA256: &DhKem = &DhKem { id: HpkeKem::DHKEM_X25519_HKDF_SHA256, agreement_algorithm: &agreement::X25519, + key_generator: &generate_x25519_key_pair, hkdf: RING_HKDF_HMAC_SHA256, }; +/// Generate a NIST P-256, P-384 or P-512 key pair expressed as a raw big-endian fixed-length +/// integer. +/// +/// We must disambiguate the [`AsBigEndian`] trait in-use and this function uses +/// [`AsBigEndian`], which does not support [`agreement::X25519`]. +/// For generating X25519 keys see [`generate_x25519_key_pair`]. +fn generate_p_curve_key_pair( + alg: &'static agreement::Algorithm, +) -> Result<(HpkePublicKey, HpkePrivateKey), Error> { + // We only initialize DH KEM instances that use this function as a key generator + // for non-X25519 algorithms. Debug assert this just in case since `AsBigEndian` + // will panic for this algorithm. + debug_assert_ne!(alg, &agreement::X25519); + let (public_key, private_key) = generate_key_pair(alg)?; + let raw_private_key: EcPrivateKeyBin = private_key + .as_be_bytes() + .map_err(unspecified_err)?; + Ok(( + public_key, + HpkePrivateKey::from(raw_private_key.as_ref().to_vec()), + )) +} + +/// Generate a X25519 key pair expressed as a raw big-endian fixed-length +/// integer. +/// +/// We must disambiguate the [`AsBigEndian`] trait in-use and this function uses +/// [`AsBigEndian`], which only supports [`agreement::X25519`]. +/// For generating P-256, P-384 and P-512 keys see [`generate_p_curve_key_pair`]. +fn generate_x25519_key_pair() -> Result<(HpkePublicKey, HpkePrivateKey), Error> { + let (public_key, private_key) = generate_key_pair(&agreement::X25519)?; + let raw_private_key: Curve25519SeedBin = private_key + .as_be_bytes() + .map_err(unspecified_err)?; + Ok(( + public_key, + HpkePrivateKey::from(raw_private_key.as_ref().to_vec()), + )) +} + +fn generate_key_pair( + alg: &'static agreement::Algorithm, +) -> Result<(HpkePublicKey, agreement::PrivateKey), Error> { + let private_key = agreement::PrivateKey::generate(alg).map_err(unspecified_err)?; + let public_key = HpkePublicKey( + private_key + .compute_public_key() + .map_err(unspecified_err)? + .as_ref() + .to_vec(), + ); + Ok((public_key, private_key)) +} + /// KeySchedule holds the derived AEAD key, base nonce, and seq number /// common to both a [Sealer] and [Opener]. struct KeySchedule { @@ -897,66 +962,59 @@ mod tests { #[test] fn smoke_test() { - // Values correspond to the first RFC 9180 base mode test vector. - let pk_rm = &[ - 0x39, 0x48, 0xcf, 0xe0, 0xad, 0x1d, 0xdb, 0x69, 0x5d, 0x78, 0xe, 0x59, 0x7, 0x71, 0x95, - 0xda, 0x6c, 0x56, 0x50, 0x6b, 0x2, 0x73, 0x29, 0x79, 0x4a, 0xb0, 0x2b, 0xca, 0x80, - 0x81, 0x5c, 0x4d, - ][..]; - let sk_rm = &[ - 0x46, 0x12, 0xc5, 0x50, 0x26, 0x3f, 0xc8, 0xad, 0x58, 0x37, 0x5d, 0xf3, 0xf5, 0x57, - 0xaa, 0xc5, 0x31, 0xd2, 0x68, 0x50, 0x90, 0x3e, 0x55, 0xa9, 0xf2, 0x3f, 0x21, 0xd8, - 0x53, 0x4e, 0x8a, 0xc8, - ][..]; - let info = &[ - 0x4f, 0x64, 0x65, 0x20, 0x6f, 0x6e, 0x20, 0x61, 0x20, 0x47, 0x72, 0x65, 0x63, 0x69, - 0x61, 0x6e, 0x20, 0x55, 0x72, 0x6e, - ][..]; - let suite = DH_KEM_X25519_HKDF_SHA256_AES_128; - _ = format!("{suite:?}"); // HpkeAwsLcRs suites should be Debug. - - // We should be able to set up a sealer. - let (enc, mut sealer) = suite - .setup_sealer(info, &HpkePublicKey(pk_rm.into())) - .unwrap(); - - _ = format!("{sealer:?}"); // Sealer should be Debug. - - // Setting up a sealer with an invalid public key should fail. - let bad_setup_res = suite.setup_sealer(info, &HpkePublicKey(vec![])); - assert!(matches!(bad_setup_res.unwrap_err(), Error::Other(_))); - - // We should be able to seal some plaintext. - let aad = &[0xC0, 0xFF, 0xEE]; - let pt = &[0xF0, 0x0D]; - let ct = sealer.seal(aad, pt).unwrap(); - - // We should be able to set up an opener. - let mut opener = suite - .setup_opener(&enc, info, &HpkePrivateKey::from(sk_rm.to_vec())) - .unwrap(); - _ = format!("{opener:?}"); // Opener should be Debug. - - // Setting up an opener with an invalid private key should fail. - let bad_key_res = suite.setup_opener(&enc, info, &HpkePrivateKey::from(vec![])); - assert!(matches!(bad_key_res.unwrap_err(), Error::Other(_))); - - // Opening the plaintext should work with the correct opener and aad. - let pt_prime = opener.open(aad, &ct).unwrap(); - assert_eq!(pt_prime, pt); - - // Opening the plaintext with the correct opener and wrong aad should fail. - let open_res = opener.open(&[0x0], &ct); - assert!(matches!(open_res.unwrap_err(), Error::Other(_))); - - // Opening the plaintext with the wrong opener should fail. - let mut sk_rm_prime = sk_rm.to_vec(); - sk_rm_prime[0] = 0x00; - let mut opener_two = suite - .setup_opener(&enc, info, &HpkePrivateKey::from(sk_rm_prime)) - .unwrap(); - let open_res = opener_two.open(aad, &ct); - assert!(matches!(open_res.unwrap_err(), Error::Other(_))); + for suite in ALL_SUPPORTED_SUITES { + _ = format!("{suite:?}"); // HpkeAwsLcRs suites should be Debug. + + // We should be able to generate a random keypair. + let (pk, sk) = suite.generate_key_pair().unwrap(); + + // Info value corresponds to the first RFC 9180 base mode test vector. + let info = &[ + 0x4f, 0x64, 0x65, 0x20, 0x6f, 0x6e, 0x20, 0x61, 0x20, 0x47, 0x72, 0x65, 0x63, 0x69, + 0x61, 0x6e, 0x20, 0x55, 0x72, 0x6e, + ][..]; + + // We should be able to set up a sealer. + let (enc, mut sealer) = suite.setup_sealer(info, &pk).unwrap(); + + _ = format!("{sealer:?}"); // Sealer should be Debug. + + // Setting up a sealer with an invalid public key should fail. + let bad_setup_res = suite.setup_sealer(info, &HpkePublicKey(vec![])); + assert!(matches!(bad_setup_res.unwrap_err(), Error::Other(_))); + + // We should be able to seal some plaintext. + let aad = &[0xC0, 0xFF, 0xEE]; + let pt = &[0xF0, 0x0D]; + let ct = sealer.seal(aad, pt).unwrap(); + + // We should be able to set up an opener. + let mut opener = suite + .setup_opener(&enc, info, &sk) + .unwrap(); + _ = format!("{opener:?}"); // Opener should be Debug. + + // Setting up an opener with an invalid private key should fail. + let bad_key_res = suite.setup_opener(&enc, info, &HpkePrivateKey::from(vec![])); + assert!(matches!(bad_key_res.unwrap_err(), Error::Other(_))); + + // Opening the plaintext should work with the correct opener and aad. + let pt_prime = opener.open(aad, &ct).unwrap(); + assert_eq!(pt_prime, pt); + + // Opening the plaintext with the correct opener and wrong aad should fail. + let open_res = opener.open(&[0x0], &ct); + assert!(matches!(open_res.unwrap_err(), Error::Other(_))); + + // Opening the plaintext with the wrong opener should fail. + let mut sk_rm_prime = sk.secret_bytes().to_vec(); + sk_rm_prime[10] ^= 0xFF; // Corrupt a byte of the private key. + let mut opener_two = suite + .setup_opener(&enc, info, &HpkePrivateKey::from(sk_rm_prime)) + .unwrap(); + let open_res = opener_two.open(aad, &ct); + assert!(matches!(open_res.unwrap_err(), Error::Other(_))); + } } #[cfg(not(feature = "fips"))] // Ensure all supported suites are available to test. diff --git a/rustls/src/crypto/hpke.rs b/rustls/src/crypto/hpke.rs index 8d6794d816..a08f7ca62d 100644 --- a/rustls/src/crypto/hpke.rs +++ b/rustls/src/crypto/hpke.rs @@ -72,6 +72,12 @@ pub trait Hpke: Debug + Send + Sync { secret_key: &HpkePrivateKey, ) -> Result, Error>; + /// Generate a new public key and private key pair compatible with this HPKE instance. + /// + /// Key pairs should be encoded as raw big endian fixed length integers sized based + /// on the suite's DH KEM algorithm. + fn generate_key_pair(&self) -> Result<(HpkePublicKey, HpkePrivateKey), Error>; + /// Return whether the HPKE instance is FIPS compatible. fn fips(&self) -> bool { false From 89f190abde4a9e096f8b3101d6a6cf603c580495 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 12 Apr 2024 11:04:47 -0400 Subject: [PATCH 1044/1145] client: make emit_client_hello_for_retry fallible In order to support ECH we need to be prepared for `emit_client_hello_for_retry` to return an `Error` where it was otherwise infallible - this can occur (for e.g.) if the HPKE provider we use for ECH encryption fails. This commit changes `emit_client_hello_for_retry` to return `NextStateOrError` instead of `NextState` in preparation for that. --- rustls/src/client/hs.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 947a6ddf02..3c183ca429 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -146,7 +146,7 @@ pub(super) fn start_handshake( let random = Random::new(config.provider.secure_random)?; let extension_order_seed = crate::rand::random_u16(config.provider.secure_random)?; - Ok(emit_client_hello_for_retry( + emit_client_hello_for_retry( transcript_buffer, None, key_share, @@ -164,7 +164,7 @@ pub(super) fn start_handshake( server_name, }, cx, - )) + ) } struct ExpectServerHello { @@ -200,7 +200,7 @@ fn emit_client_hello_for_retry( suite: Option, mut input: ClientHelloInput, cx: &mut ClientContext<'_>, -) -> NextState<'static> { +) -> NextStateOrError<'static> { let config = &input.config; let support_tls12 = config.supports_version(ProtocolVersion::TLSv1_2) && !cx.common.is_quic(); let support_tls13 = config.supports_version(ProtocolVersion::TLSv1_3); @@ -406,11 +406,11 @@ fn emit_client_hello_for_retry( suite, }; - if support_tls13 && retryreq.is_none() { + Ok(if support_tls13 && retryreq.is_none() { Box::new(ExpectServerHelloOrHelloRetryRequest { next, extra_exts }) } else { Box::new(next) - } + }) } /// Prepare resumption with the session state retrieved from storage. @@ -890,7 +890,7 @@ impl ExpectServerHelloOrHelloRetryRequest { _ => offered_key_share, }; - Ok(emit_client_hello_for_retry( + emit_client_hello_for_retry( transcript_buffer, Some(hrr), Some(key_share), @@ -898,7 +898,7 @@ impl ExpectServerHelloOrHelloRetryRequest { Some(cs), self.next.input, cx, - )) + ) } } From a8fe64a34f3f7619ce9ea848de88d79f6d9583ad Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 12 Apr 2024 11:05:12 -0400 Subject: [PATCH 1045/1145] client: tweak ClientHelloPayload construction Previously we separately iterated the `input.hello.sent_extensions` to track our sent extensions before constructing a `ClientHelloPayload` that contained them. The `ClientHelloPayload` was constructed in-line for the `HandshakeMessagePayload` towards the end of `emit_client_hello_for_retry`. To support ECH we will want to do some additional work with the `ClientHelloPayload`, and so this commit does some minor rearranging to facilitate this. --- rustls/src/client/hs.rs | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 3c183ca429..77f1919f62 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -316,12 +316,6 @@ fn emit_client_hello_for_retry( } }); - // Note what extensions we sent. - input.hello.sent_extensions = exts - .iter() - .map(ClientExtension::ext_type) - .collect(); - let mut cipher_suites: Vec<_> = config .provider .cipher_suites @@ -334,16 +328,25 @@ fn emit_client_hello_for_retry( // We don't do renegotiation at all, in fact. cipher_suites.push(CipherSuite::TLS_EMPTY_RENEGOTIATION_INFO_SCSV); + let chp_payload = ClientHelloPayload { + client_version: ProtocolVersion::TLSv1_2, + random: input.random, + session_id: input.session_id, + cipher_suites, + compression_methods: vec![Compression::Null], + extensions: exts, + }; + + // Note what extensions we sent. + input.hello.sent_extensions = chp_payload + .extensions + .iter() + .map(ClientExtension::ext_type) + .collect(); + let mut chp = HandshakeMessagePayload { typ: HandshakeType::ClientHello, - payload: HandshakePayload::ClientHello(ClientHelloPayload { - client_version: ProtocolVersion::TLSv1_2, - random: input.random, - session_id: input.session_id, - cipher_suites, - compression_methods: vec![Compression::Null], - extensions: exts, - }), + payload: HandshakePayload::ClientHello(chp_payload), }; let early_key_schedule = if let Some(resuming) = tls13_session { From cadd9a8a6fd9db874953f2de62fbd743a4668b93 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 12 Apr 2024 11:05:03 -0400 Subject: [PATCH 1046/1145] ech: initial client side support (minus GREASE) This commit first ECH support to the public API by allowing configuring a client connection with an optional ECH config, constructing an ECH client hello, and confirming its acceptance (both in a normal, and HRR handshake). - Configuration: Since ECH requires TLS 1.3 we offer a configuration entry-point `with_ech(...)` on the `ConfigBuilder` state, and fix the supported protocol versions to only TLS 1.3. Handling configurations in a way that will be forward compatible and adhering to the draft spec requires some extra care. Notably we need to be able to treat ECH configs in an ECH config list with an unsupported version as opaque blobs. This requires splitting our config representation into an enum with two variants: one for a recognized ECH config and one for an unsupported one. Similarly we need to process optional extensions in ECH config contents to ensure that: 1. There MUST NOT be duplicate extensions. 2. We MUST parse and check for unsupported mandatory extensions. An example TLS client that fetches ECH configurations using DNS-over-HTTPS and configures Rustls to use ECH is added to the examples crate. The HTTPS-over-DNS lookup in that example requires adding a new dep on hickory-dns. We use the recently added aws-lc-rs backed HPKE implementations default selection of HPKE suites for the ECH config. - ECH client hello: We now act on the provided ECH configuration when available to produce an appropriate outer/inner client hello. Adding this support requires introduction of a new `EchState` struct for maintaining the required handshake state specific to ECH. We use this in combination with new types for representing the ECH extensions to produce the outer and inner client hello messages. - ECH offer acceptance (no HRR) We now process the result of offering ECH in the non-HRR case. This involves processing the received server hello, attempting to derive and match a shared secret indicating ECH acceptance, and forwarding on our understanding of ECH status (not offered, offered and rejected, or offered and accepted) to later steps of the handshake. If we arrive at the end of the handshake and our ECH offer wasn't accepted, then we emit an appropriate alert and return an error potentially containing ECH configs to retry with from the server's response. If our offer _was_ accepted, we change out the handshake transcript, sent extensions and client hello as if the inner client hello was used as the outer client hello. TLS handshaking continues as normal from that point. - ECH offer acceptance (HRR) In this case we detect ECH acceptance in a slightly different manner. If ECH was accepted we update the separate ECH transcript using the received HRR and proceed to offer ECH again in our retried hello. After this point ECH acceptance is handled as normal. This completes the primary functionality of client-side ECH. The remaining work involves GREASE ECH and extension compression. --- Cargo.lock | 1 + connect-tests/tests/ech.rs | 3 +- examples/Cargo.toml | 1 + examples/src/bin/ech-client.rs | 102 +++++ rustls/src/builder.rs | 3 + rustls/src/client/builder.rs | 29 +- rustls/src/client/client_conn.rs | 17 + rustls/src/client/ech.rs | 668 +++++++++++++++++++++++++++++++ rustls/src/client/hs.rs | 160 +++++++- rustls/src/client/tls13.rs | 96 ++++- rustls/src/enums.rs | 14 + rustls/src/error.rs | 30 +- rustls/src/lib.rs | 6 +- rustls/src/msgs/enums.rs | 16 +- rustls/src/msgs/handshake.rs | 424 ++++++++++++++++++-- rustls/src/tls13/key_schedule.rs | 53 +++ rustls/tests/ech.rs | 53 ++- 17 files changed, 1588 insertions(+), 88 deletions(-) create mode 100644 examples/src/bin/ech-client.rs create mode 100644 rustls/src/client/ech.rs diff --git a/Cargo.lock b/Cargo.lock index 4ad05e1252..791183f006 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2273,6 +2273,7 @@ dependencies = [ "async-std", "docopt", "env_logger", + "hickory-resolver", "log", "mio", "rcgen", diff --git a/connect-tests/tests/ech.rs b/connect-tests/tests/ech.rs index ce1599799f..cb616f2462 100644 --- a/connect-tests/tests/ech.rs +++ b/connect-tests/tests/ech.rs @@ -4,7 +4,6 @@ mod ech_config { use hickory_resolver::proto::rr::{RData, RecordType}; use hickory_resolver::Resolver; use rustls::internal::msgs::codec::{Codec, Reader}; - use rustls::internal::msgs::enums::EchVersion; use rustls::internal::msgs::handshake::EchConfigPayload; use rustls::pki_types::EchConfigListBytes; @@ -33,7 +32,7 @@ mod ech_config { assert!(!parsed_configs.is_empty()); assert!(parsed_configs .iter() - .all(|config| config.version == EchVersion::V14)); + .all(|config| matches!(config, EchConfigPayload::V18(_)))); } /// Use `resolver` to make an HTTPS record type query for `domain`, returning the diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 3e6b123798..2753f2dbca 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -10,6 +10,7 @@ publish = false async-std = { version = "1.12.0", features = ["attributes"], optional = true } docopt = "~1.1" env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) +hickory-resolver = { version = "0.24", features = ["dns-over-https-rustls", "webpki-roots"] } log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } diff --git a/examples/src/bin/ech-client.rs b/examples/src/bin/ech-client.rs new file mode 100644 index 0000000000..820837b695 --- /dev/null +++ b/examples/src/bin/ech-client.rs @@ -0,0 +1,102 @@ +//! This is a simple example demonstrating how to use Encrypted Client Hello (ECH) with +//! rustls and hickory-dns. +//! +//! Note that `unwrap()` is used to deal with networking errors; this is not something +//! that is sensible outside of example code. + +use std::io::{stdout, Read, Write}; +use std::net::TcpStream; +use std::sync::Arc; + +use hickory_resolver::config::{ResolverConfig, ResolverOpts}; +use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; +use hickory_resolver::proto::rr::{RData, RecordType}; +use hickory_resolver::Resolver; +use rustls::client::EchConfig; +use rustls::crypto::aws_lc_rs; +use rustls::crypto::aws_lc_rs::hpke::ALL_SUPPORTED_SUITES; +use rustls::RootCertStore; + +fn main() { + // Find raw ECH configs using DNS-over-HTTPS with Hickory DNS: + let resolver = Resolver::new(ResolverConfig::google_https(), ResolverOpts::default()).unwrap(); + let ech_config_list = lookup_ech_configs(&resolver, "defo.ie"); + + // NOTE: we defer setting up env_logger and setting the trace default filter level until + // after doing the DNS-over-HTTPS lookup above - we don't want to muddy the output + // with the rustls debug logs from the lookup. + env_logger::Builder::new() + .parse_filters("trace") + .init(); + + // Select a compatible ECH config. + let ech_config = EchConfig::new(ech_config_list, ALL_SUPPORTED_SUITES).unwrap(); + + let root_store = RootCertStore { + roots: webpki_roots::TLS_SERVER_ROOTS.into(), + }; + + // Construct a rustls client config with a custom provider, and ECH enabled. + let mut config = + rustls::ClientConfig::builder_with_provider(aws_lc_rs::default_provider().into()) + .with_ech(ech_config) + .unwrap() + .with_root_certificates(root_store) + .with_no_client_auth(); + + // Allow using SSLKEYLOGFILE. + config.key_log = Arc::new(rustls::KeyLogFile::new()); + + // The "inner" SNI that we're really trying to reach. + let server_name = "www.defo.ie".try_into().unwrap(); + let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap(); + // The "outer" server that we're connecting to. + let mut sock = TcpStream::connect("defo.ie:443").unwrap(); + let mut tls = rustls::Stream::new(&mut conn, &mut sock); + tls.write_all( + concat!( + "GET /ech-check.php HTTP/1.1\r\n", + "Host: defo.ie\r\n", + "Connection: close\r\n", + "Accept-Encoding: identity\r\n", + "\r\n" + ) + .as_bytes(), + ) + .unwrap(); + let ciphersuite = tls + .conn + .negotiated_cipher_suite() + .unwrap(); + writeln!( + &mut std::io::stderr(), + "Current ciphersuite: {:?}", + ciphersuite.suite() + ) + .unwrap(); + let mut plaintext = Vec::new(); + tls.read_to_end(&mut plaintext).unwrap(); + stdout().write_all(&plaintext).unwrap(); +} + +// TODO(@cpu): consider upstreaming to hickory-dns +fn lookup_ech_configs(resolver: &Resolver, domain: &str) -> pki_types::EchConfigListBytes<'static> { + resolver + .lookup(domain, RecordType::HTTPS) + .expect("failed to lookup HTTPS record type") + .record_iter() + .find_map(|r| match r.data() { + Some(RData::HTTPS(svcb)) => svcb + .svc_params() + .iter() + .find_map(|sp| match sp { + (SvcParamKey::EchConfigList, SvcParamValue::EchConfigList(e)) => { + Some(e.clone().0) + } + _ => None, + }), + _ => None, + }) + .expect("missing expected HTTPS SvcParam EchConfig record") + .into() +} diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 8a114003b0..a941475310 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -4,6 +4,7 @@ use alloc::vec::Vec; use core::fmt; use core::marker::PhantomData; +use crate::client::EchConfig; use crate::crypto::CryptoProvider; use crate::error::Error; use crate::msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS; @@ -251,6 +252,7 @@ impl ConfigBuilder { provider: self.state.provider, versions: versions::EnabledVersions::new(versions), time_provider: self.state.time_provider, + client_ech_config: None, }, side: self.side, }) @@ -265,6 +267,7 @@ pub struct WantsVerifier { pub(crate) provider: Arc, pub(crate) versions: versions::EnabledVersions, pub(crate) time_provider: Arc, + pub(crate) client_ech_config: Option, } /// Helper trait to abstract [`ConfigBuilder`] over building a [`ClientConfig`] or [`ServerConfig`]. diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 10d50ebb51..04e68865ff 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -6,14 +6,35 @@ use pki_types::{CertificateDer, PrivateKeyDer}; use super::client_conn::Resumption; use crate::builder::{ConfigBuilder, WantsVerifier}; -use crate::client::{handy, ClientConfig, ResolvesClientCert}; +use crate::client::{handy, ClientConfig, EchConfig, ResolvesClientCert}; use crate::crypto::CryptoProvider; use crate::error::Error; use crate::key_log::NoKeyLog; use crate::msgs::handshake::CertificateChain; use crate::time_provider::TimeProvider; +use crate::versions::TLS13; use crate::webpki::{self, WebPkiServerVerifier}; -use crate::{compress, verify, versions}; +use crate::{compress, verify, versions, WantsVersions}; + +impl ConfigBuilder { + /// Enable Encrypted Client Hello (ECH) with the given configuration. + /// + /// This implicitly selects TLS 1.3 as the only supported protocol version to meet the + /// requirement to support ECH. + /// + /// The `ClientConfig` that will be produced by this builder will be specific to the provided + /// [`crate::client::EchConfig`] and may not be appropriate for all connections made by the program. + /// In this case the configuration should only be shared by connections intended for domains + /// that offer the provided [`crate::client::EchConfig`] in their DNS zone. + pub fn with_ech( + self, + config: EchConfig, + ) -> Result, Error> { + let mut res = self.with_protocol_versions(&[&TLS13][..])?; + res.state.client_ech_config = Some(config); + Ok(res) + } +} impl ConfigBuilder { /// Choose how to verify server certificates. @@ -56,6 +77,7 @@ impl ConfigBuilder { versions: self.state.versions, verifier, time_provider: self.state.time_provider, + client_ech_config: self.state.client_ech_config, }, side: PhantomData, } @@ -95,6 +117,7 @@ pub(super) mod danger { versions: self.cfg.state.versions, verifier, time_provider: self.cfg.state.time_provider, + client_ech_config: None, }, side: PhantomData, } @@ -112,6 +135,7 @@ pub struct WantsClientCert { versions: versions::EnabledVersions, verifier: Arc, time_provider: Arc, + client_ech_config: Option, } impl ConfigBuilder { @@ -167,6 +191,7 @@ impl ConfigBuilder { cert_compressors: compress::default_cert_compressors().to_vec(), cert_compression_cache: Arc::new(compress::CompressionCache::default()), cert_decompressors: compress::default_cert_decompressors().to_vec(), + ech_config: self.state.client_ech_config, } } } diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index e23a344172..8627f686b8 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -9,6 +9,7 @@ use pki_types::{ServerName, UnixTime}; use super::handy::NoClientSessionStorage; use super::hs; use crate::builder::ConfigBuilder; +use crate::client::{EchConfig, EchStatus}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, UnbufferedConnectionCommon}; use crate::crypto::{CryptoProvider, SupportedKxGroup}; @@ -134,6 +135,11 @@ pub trait ResolvesClientCert: fmt::Debug + Send + Sync { /// These must be created via the [`ClientConfig::builder()`] or [`ClientConfig::builder_with_provider()`] /// function. /// +/// Note that using [`ClientConfig::with_ech]` will produce a common configuration specific to +/// the provided [`crate::client::EchConfig`] that may not be appropriate for all connections made +/// by the program. In this case the configuration should only be shared by connections intended +/// for domains that offer the provided [`crate::client::EchConfig`] in their DNS zone. +/// /// # Defaults /// /// * [`ClientConfig::max_fragment_size`]: the default is `None` (meaning 16kB). @@ -248,6 +254,9 @@ pub struct ClientConfig { /// This is optional: [`compress::CompressionCache::Disabled`] gives /// a cache that does no caching. pub cert_compression_cache: Arc, + + /// How to offer Encrypted Client Hello (ECH). The default is to not offer ECH. + pub(super) ech_config: Option, } impl ClientConfig { @@ -596,6 +605,7 @@ mod connection { use core::ops::{Deref, DerefMut}; use std::io; + use crate::client::EchStatus; use pki_types::ServerName; use super::ClientConnectionData; @@ -717,6 +727,11 @@ mod connection { self.inner.dangerous_extract_secrets() } + /// Return the connection's Encrypted Client Hello (ECH) status. + pub fn ech_status(&self) -> EchStatus { + self.inner.core.data.ech_status + } + fn write_early_data(&mut self, data: &[u8]) -> io::Result { self.inner .core @@ -913,6 +928,7 @@ impl std::error::Error for EarlyDataError {} pub struct ClientConnectionData { pub(super) early_data: EarlyData, pub(super) resumption_ciphersuite: Option, + pub(super) ech_status: EchStatus, } impl ClientConnectionData { @@ -920,6 +936,7 @@ impl ClientConnectionData { Self { early_data: EarlyData::new(), resumption_ciphersuite: None, + ech_status: EchStatus::NotOffered, } } } diff --git a/rustls/src/client/ech.rs b/rustls/src/client/ech.rs new file mode 100644 index 0000000000..03ff1454b0 --- /dev/null +++ b/rustls/src/client/ech.rs @@ -0,0 +1,668 @@ +use alloc::boxed::Box; +use alloc::vec; +use alloc::vec::Vec; + +use pki_types::{DnsName, EchConfigListBytes, ServerName}; +use subtle::ConstantTimeEq; + +use crate::client::tls13; +use crate::crypto::hash::Hash; +use crate::crypto::hpke::{EncapsulatedSecret, Hpke, HpkePublicKey, HpkeSealer, HpkeSuite}; +use crate::crypto::SecureRandom; +use crate::hash_hs::{HandshakeHash, HandshakeHashBuffer}; +#[cfg(feature = "logging")] +use crate::log::{debug, trace, warn}; +use crate::msgs::base::{Payload, PayloadU16}; +use crate::msgs::codec::{Codec, Reader}; +use crate::msgs::enums::ExtensionType; +use crate::msgs::handshake::{ + ClientExtension, ClientHelloPayload, EchConfigPayload, Encoding, EncryptedClientHello, + EncryptedClientHelloOuter, HandshakeMessagePayload, HandshakePayload, HelloRetryRequest, + HpkeSymmetricCipherSuite, PresharedKeyBinder, PresharedKeyOffer, Random, ServerHelloPayload, + SessionId, +}; +use crate::msgs::message::{Message, MessagePayload}; +use crate::msgs::persist; +use crate::msgs::persist::Retrieved; +use crate::tls13::key_schedule::{ + server_ech_hrr_confirmation_secret, KeyScheduleEarly, KeyScheduleHandshakeStart, +}; +use crate::CipherSuite::TLS_EMPTY_RENEGOTIATION_INFO_SCSV; +use crate::{ + AlertDescription, CommonState, EncryptedClientHelloError, Error, HandshakeType, + PeerIncompatible, PeerMisbehaved, ProtocolVersion, Tls13CipherSuite, +}; + +/// Configuration for performing encrypted client hello. +/// +/// Note: differs from the protocol-encoded EchConfig (`EchConfigMsg`). +#[derive(Clone, Debug)] +pub struct EchConfig { + /// The selected EchConfig. + pub(crate) config: EchConfigPayload, + + /// An HPKE instance corresponding to a suite from the `config` we have selected as + /// a compatible choice. + pub(crate) suite: &'static dyn Hpke, +} + +impl EchConfig { + /// Construct an EchConfig by selecting a ECH config from the provided bytes that is compatible + /// with one of the given HPKE suites. + /// + /// The config list bytes should be sourced from a DNS-over-HTTPS lookup resolving the `HTTPS` + /// resource record for the host name of the server you wish to connect via ECH, + /// and extracting the ECH configuration from the `ech` parameter. The extracted bytes should + /// be base64 decoded to yield the `EchConfigListBytes` you provide to rustls. + /// + /// One of the provided ECH configurations must be compatible with the HPKE provider's supported + /// suites or an error will be returned. + /// + /// See the [ech-client.rs] example for a complete example of fetching ECH configs from DNS. + /// + /// [ech-client.rs]: https://github.com/rustls/rustls/blob/main/provider-example/examples/ech-client.rs + pub fn new( + ech_config_list: EchConfigListBytes<'_>, + hpke_suites: &[&'static dyn Hpke], + ) -> Result { + let ech_configs = Vec::::read(&mut Reader::init(&ech_config_list)) + .map_err(|_| { + Error::InvalidEncryptedClientHello(EncryptedClientHelloError::InvalidConfigList) + })?; + + // Note: we name the index var _i because if the log feature is disabled + // it is unused. + #[cfg_attr(not(feature = "std"), allow(clippy::unused_enumerate_index))] + for (_i, config) in ech_configs.iter().enumerate() { + let contents = match config { + EchConfigPayload::V18(contents) => contents, + EchConfigPayload::Unknown { + version: _version, .. + } => { + warn!( + "ECH config {} has unsupported version {:?}", + _i + 1, + _version + ); + continue; // Unsupported version. + } + }; + + if contents.has_unknown_mandatory_extension() || contents.has_duplicate_extension() { + warn!("ECH config has duplicate, or unknown mandatory extensions: {contents:?}",); + continue; // Unsupported, or malformed extensions. + } + + let key_config = &contents.key_config; + for cipher_suite in &key_config.symmetric_cipher_suites { + if cipher_suite.aead_id.tag_len().is_none() { + continue; // Unsupported EXPORT_ONLY AEAD cipher suite. + } + + let suite = HpkeSuite { + kem: key_config.kem_id, + sym: *cipher_suite, + }; + if let Some(hpke) = hpke_suites + .iter() + .find(|hpke| hpke.suite() == suite) + { + debug!( + "selected ECH config ID {:?} suite {:?}", + key_config.config_id, suite + ); + return Ok(Self { + config: config.clone(), + suite: *hpke, + }); + } + } + } + + Err(EncryptedClientHelloError::NoCompatibleConfig.into()) + } + + /// Compute the HPKE `SetupBaseS` `info` parameter for this ECH configuration. + /// + /// See . + pub(crate) fn hpke_info(&self) -> Vec { + let mut info = Vec::with_capacity(128); + // "tls ech" || 0x00 || ECHConfig + info.extend_from_slice(b"tls ech\0"); + self.config.encode(&mut info); + info + } +} + +/// An enum representing ECH offer status. +#[derive(Debug, Clone, Copy, Eq, PartialEq)] +pub enum EchStatus { + /// ECH was not offered - it is a normal TLS handshake. + NotOffered, + /// ECH was offered but we do not yet know whether the offer was accepted or rejected. + Offered, + /// ECH was offered and the server accepted. + Accepted, + /// ECH was offered and the server rejected. + Rejected, +} + +/// Contextual data for a TLS client handshake that has offered encrypted client hello (ECH). +pub(crate) struct EchState { + // The public DNS name from the ECH configuration we've chosen - this is included as the SNI + // value for the "outer" client hello. It can only be a DnsName, not an IP address. + pub(crate) outer_name: DnsName<'static>, + // If we're resuming in the inner hello, this is the early key schedule to use for encrypting + // early data if the ECH offer is accepted. + pub(crate) early_data_key_schedule: Option, + // A random value we use for the inner hello. + pub(crate) inner_hello_random: Random, + // A transcript buffer maintained for the inner hello. Once ECH is confirmed we switch to + // using this transcript for the handshake. + pub(crate) inner_hello_transcript: HandshakeHashBuffer, + // A source of secure random data. + secure_random: &'static dyn SecureRandom, + // An HPKE sealer context that can be used for encrypting ECH data. + sender: Box, + // The ID of the ECH configuration we've chosen - this is included in the outer ECH extension. + config_id: u8, + // The private server name we'll use for the inner protected hello. + inner_name: ServerName<'static>, + // The advertised maximum name length from the ECH configuration we've chosen - this is used + // for padding calculations. + maximum_name_length: u8, + // A supported symmetric cipher suite from the ECH configuration we've chosen - this is + // included in the outer ECH extension. + cipher_suite: HpkeSymmetricCipherSuite, + // A secret encapsulated to the public key of the remote server. This is included in the + // outer ECH extension for non-retry outer hello messages. + enc: EncapsulatedSecret, + // Whether the inner client hello should contain a server name indication (SNI) extension. + enable_sni: bool, + // The extensions sent in the inner hello. + sent_extensions: Vec, +} + +impl EchState { + pub(crate) fn new( + config: &EchConfig, + inner_name: ServerName<'static>, + client_auth_enabled: bool, + secure_random: &'static dyn SecureRandom, + enable_sni: bool, + ) -> Result { + // TODO(XXX): this would be cleaner as a `let..else` statement once MSRV is 1.64+ + let config_contents = match &config.config { + EchConfigPayload::V18(config_contents) => config_contents, + // the public EchConfig::new() constructor ensures we only have supported + // configurations. + _ => unreachable!("ECH config version mismatch"), + }; + let key_config = &config_contents.key_config; + + // Encapsulate a secret for the server's public key, and set up a sender context + // we can use to seal messages. + let (enc, sender) = config.suite.setup_sealer( + &config.hpke_info(), + &HpkePublicKey(key_config.public_key.0.clone()), + )?; + + // Start a new transcript buffer for the inner hello. + let mut inner_hello_transcript = HandshakeHashBuffer::new(); + if client_auth_enabled { + inner_hello_transcript.set_client_auth_enabled(); + } + + Ok(Self { + secure_random, + sender, + config_id: key_config.config_id, + inner_name, + outer_name: config_contents.public_name.clone(), + maximum_name_length: config_contents.maximum_name_length, + cipher_suite: config.suite.suite().sym, + enc, + inner_hello_random: Random::new(secure_random)?, + inner_hello_transcript, + early_data_key_schedule: None, + enable_sni, + sent_extensions: Vec::new(), + }) + } + + /// Construct a ClientHelloPayload offering ECH. + /// + /// An outer hello, with a protected inner hello for the `inner_name` will be returned, and the + /// ECH context will be updated to reflect the inner hello that was offered. + /// + /// If `retry_req` is `Some`, then the outer hello will be constructed for a hello retry request. + /// + /// If `resuming` is `Some`, then the inner hello will be constructed for a resumption handshake. + pub(crate) fn ech_hello( + &mut self, + mut outer_hello: ClientHelloPayload, + retry_req: Option<&HelloRetryRequest>, + resuming: &Option>, + ) -> Result { + trace!( + "Preparing ECH offer {}", + if retry_req.is_some() { "for retry" } else { "" } + ); + + // Construct the encoded inner hello and update the transcript. + let encoded_inner_hello = self.encode_inner_hello(&outer_hello, retry_req, resuming); + + // Complete the ClientHelloOuterAAD with an ech extension, the payload should be a placeholder + // of size L, all zeroes. L == length of encrypting encoded client hello inner w/ the selected + // HPKE AEAD. (sum of plaintext + tag length, typically). + let payload_len = encoded_inner_hello.len() + + self + .cipher_suite + .aead_id + .tag_len() + // Safety: we've already verified this AEAD is supported when loading the config + // that was used to create the ECH context. All supported AEADs have a tag length. + .unwrap(); + + // Outer hello's created in response to a hello retry request omit the enc value. + let enc = match retry_req.is_some() { + true => Vec::default(), + false => self.enc.0.clone(), + }; + + fn outer_hello_ext(ctx: &EchState, enc: Vec, payload: Vec) -> ClientExtension { + ClientExtension::EncryptedClientHello(EncryptedClientHello::Outer( + EncryptedClientHelloOuter { + cipher_suite: ctx.cipher_suite, + config_id: ctx.config_id, + enc: PayloadU16::new(enc), + payload: PayloadU16::new(payload), + }, + )) + } + + // The outer handshake is not permitted to resume a session. If we're resuming in the + // inner handshake we remove the PSK extension from the outer hello, replacing it + // with a GREASE PSK to implement the "ClientHello Malleability Mitigation" mentioned + // in 10.12.3. + if let Some(ClientExtension::PresharedKey(psk_offer)) = outer_hello.extensions.last_mut() { + self.grease_psk(psk_offer)?; + } + + // To compute the encoded AAD we add a placeholder extension with an empty payload. + outer_hello + .extensions + .push(outer_hello_ext(self, enc.clone(), vec![0; payload_len])); + + // Next we compute the proper extension payload. + let payload = self + .sender + .seal(&outer_hello.get_encoding(), &encoded_inner_hello)?; + + // And then we replace the placeholder extension with the real one. + outer_hello.extensions.pop(); + outer_hello + .extensions + .push(outer_hello_ext(self, enc, payload)); + + Ok(outer_hello) + } + + /// Confirm whether an ECH offer was accepted based on examining the server hello. + pub(crate) fn confirm_acceptance( + self, + ks: &mut KeyScheduleHandshakeStart, + server_hello: &ServerHelloPayload, + hash: &'static dyn Hash, + ) -> Result, Error> { + // Start the inner transcript hash now that we know the hash algorithm to use. + let inner_transcript = self + .inner_hello_transcript + .start_hash(hash); + + // Fork the transcript that we've started with the inner hello to use for a confirmation step. + // We need to preserve the original inner_transcript to use if this confirmation succeeds. + let mut confirmation_transcript = inner_transcript.clone(); + + // Add the server hello confirmation - this differs from the standard server hello encoding. + confirmation_transcript.add_message(&Self::server_hello_conf(server_hello)); + + // Derive a confirmation secret from the inner hello random and the confirmation transcript. + let derived = ks.server_ech_confirmation_secret( + self.inner_hello_random.0.as_ref(), + confirmation_transcript.current_hash(), + ); + + // Check that first 8 digits of the derived secret match the last 8 digits of the original + // server random. This match signals that the server accepted the ECH offer. + // Indexing safety: Random is [0; 32] by construction. + + match ConstantTimeEq::ct_eq(derived.as_ref(), server_hello.random.0[24..].as_ref()).into() { + true => { + trace!("ECH accepted by server"); + Ok(Some(EchAccepted { + transcript: inner_transcript, + random: self.inner_hello_random, + sent_extensions: self.sent_extensions, + })) + } + false => { + trace!("ECH rejected by server"); + Ok(None) + } + } + } + + pub(crate) fn confirm_hrr_acceptance( + &self, + hrr: &HelloRetryRequest, + cs: &Tls13CipherSuite, + common: &mut CommonState, + ) -> Result { + // The client checks for the "encrypted_client_hello" extension. + let ech_conf = match hrr.ech() { + // If none is found, the server has implicitly rejected ECH. + None => return Ok(false), + // Otherwise, if it has a length other than 8, the client aborts the + // handshake with a "decode_error" alert. + Some(ech_conf) if ech_conf.len() != 8 => { + return Err({ + common.send_fatal_alert( + AlertDescription::DecodeError, + PeerMisbehaved::IllegalHelloRetryRequestWithInvalidEch, + ) + }) + } + Some(ech_conf) => ech_conf, + }; + + // Otherwise the client computes hrr_accept_confirmation as described in Section + // 7.2.1 + let confirmation_transcript = self.inner_hello_transcript.clone(); + let mut confirmation_transcript = + confirmation_transcript.start_hash(cs.common.hash_provider); + confirmation_transcript.rollup_for_hrr(); + confirmation_transcript.add_message(&Self::hello_retry_request_conf(hrr)); + + let derived = server_ech_hrr_confirmation_secret( + cs.hkdf_provider, + &self.inner_hello_random.0, + confirmation_transcript.current_hash(), + ); + + match ConstantTimeEq::ct_eq(derived.as_ref(), ech_conf).into() { + true => { + trace!("ECH accepted by server in hello retry request"); + Ok(true) + } + false => { + trace!("ECH rejected by server in hello retry request"); + Ok(false) + } + } + } + + /// Update the ECH context inner hello transcript based on a received hello retry request message. + /// + /// This will start the in-progress transcript using the given `hash`, convert it into an HRR + /// buffer, and then add the hello retry message `m`. + pub(crate) fn transcript_hrr_update(&mut self, hash: &'static dyn Hash, m: &Message) { + trace!("Updating ECH inner transcript for HRR"); + + let inner_transcript = self + .inner_hello_transcript + .clone() + .start_hash(hash); + + let mut inner_transcript_buffer = inner_transcript.into_hrr_buffer(); + inner_transcript_buffer.add_message(m); + self.inner_hello_transcript = inner_transcript_buffer; + } + + fn encode_inner_hello( + &mut self, + outer_hello: &ClientHelloPayload, + retryreq: Option<&HelloRetryRequest>, + resuming: &Option>, + ) -> Vec { + // Start building an inner hello by cloning the initial outer hello. + let mut inner_hello = outer_hello.clone(); + + inner_hello.extensions.retain(|ext| { + match ext.ext_type() { + // SNI is unconditionally removed - it was copied from the outer hello and + // we will conditionally re-add our own SNI for the inner hello later. + ExtensionType::ServerName | + // We may have copied extensions that are only useful in the context where a TLS 1.3 + // connection allows TLS 1.2. This isn't the case for ECH and so we must remove these + // to satisfy a bogo test. + ExtensionType::ExtendedMasterSecret | + ExtensionType::SessionTicket | + ExtensionType::ECPointFormats => false, + // Retain all other extensions. + _ => true, + } + }); + + // Remove the empty renegotiation info SCSV from the inner hello. Similar to the TLS 1.2 + // specific extensions we remove above, this is seen as a TLS 1.2 only feature by bogo. + inner_hello + .cipher_suites + .retain(|cs| *cs != TLS_EMPTY_RENEGOTIATION_INFO_SCSV); + + // Add the correct inner SNI - we only do this when the inner name is a DnsName and SNI + // is enabled. IP addresses should not be used in an SNI extensions. + if self.enable_sni { + if let ServerName::DnsName(inner_name) = &self.inner_name { + inner_hello + .extensions + .insert(0, ClientExtension::make_sni(&inner_name.borrow())); + } + } + + // Add the inner variant extension to the inner hello. + // Section 6.1 rule 4. + let inner_ech_ext = ClientExtension::EncryptedClientHello(EncryptedClientHello::Inner); + if let Some(ClientExtension::PresharedKey(_)) = inner_hello.extensions.last() { + // Insert it before the PSK - this ext always needs to be last. + inner_hello + .extensions + .insert(inner_hello.extensions.len() - 1, inner_ech_ext); + } else { + // Insert it at the end. No PSK to worry about. + inner_hello + .extensions + .push(inner_ech_ext); + } + + // Note which extensions we're sending in the inner hello. This may differ from + // the outer hello (e.g. the inner hello may omit SNI while the outer hello will + // always have the ECH cover name in SNI). + self.sent_extensions = inner_hello + .extensions + .iter() + .map(|ext| ext.ext_type()) + .collect(); + + // Set the inner hello random to the one we generated when creating the ECH state. + // We hold on to the inner_hello_random in the ECH state to use later for confirming + // whether ECH was accepted or not. + inner_hello.random = self.inner_hello_random; + + // If we're resuming, we need to update the PSK binder in the inner hello. + if let Some(resuming) = resuming.as_ref() { + let mut chp = HandshakeMessagePayload { + typ: HandshakeType::ClientHello, + payload: HandshakePayload::ClientHello(inner_hello), + }; + + // Retain the early key schedule we get from processing the binder. + self.early_data_key_schedule = Some(tls13::fill_in_psk_binder( + resuming, + &self.inner_hello_transcript, + &mut chp, + )); + + // fill_in_psk_binder works on an owned HandshakeMessagePayload, so we need to + // extract our inner hello back out of it to retain ownership. + inner_hello = match chp.payload { + HandshakePayload::ClientHello(chp) => chp, + // Safety: we construct the HMP above and know its type unconditionally. + _ => unreachable!(), + }; + } + + // Repeating large extensions between ClientHelloInner and ClientHelloOuter can lead to excessive + // size. To reduce the size impact, the client MAY substitute extensions which it knows will be + // duplicated in ClientHelloOuter. + + // TODO(@cpu): Extension compression would be handled here-ish. + + // 5.1 "Encoding the ClientHelloInner" + + // Setting the legacy_session_id field to the empty string. + // Preserve these for reuse + let original_session_id = inner_hello.session_id; + + // SessionID is required to be empty in the EncodedClientHelloInner. + inner_hello.session_id = SessionId::empty(); + + // Encode the inner hello with the empty session ID. + let mut encoded_hello = inner_hello.get_encoding(); + + // Restore session ID. + inner_hello.session_id = original_session_id; + + trace!("ECH Inner Hello: {:#?}", inner_hello); + + // Calculate padding + // max_name_len = L + let max_name_len = self.maximum_name_length; + let max_name_len = if max_name_len > 0 { max_name_len } else { 255 }; + + let padding_len = match &self.inner_name { + ServerName::DnsName(name) => { + // name.len() = D + // max(0, L - D) + core::cmp::max( + 0, + max_name_len.saturating_sub(name.as_ref().len() as u8) as usize, + ) + } + _ => { + // L + 9 + // "This is the length of a "server_name" extension with an L-byte name." + // We widen to usize here to avoid overflowing u8 + u8. + max_name_len as usize + 9 + } + }; + + // Let L be the length of the EncodedClientHelloInner with all the padding computed so far + // Let N = 31 - ((L - 1) % 32) and add N bytes of padding. + let padding_len = 31 - ((encoded_hello.len() + (padding_len) - 1) % 32); + encoded_hello.extend(vec![0; padding_len]); + + // Construct the inner hello message that will be used for the transcript. + let inner_hello_msg = Message { + version: match retryreq { + // : + // "This value MUST be set to 0x0303 for all records generated + // by a TLS 1.3 implementation ..." + Some(_) => ProtocolVersion::TLSv1_2, + // "... other than an initial ClientHello (i.e., one not + // generated after a HelloRetryRequest), where it MAY also be + // 0x0301 for compatibility purposes" + // + // (retryreq == None means we're in the "initial ClientHello" case) + None => ProtocolVersion::TLSv1_0, + }, + payload: MessagePayload::handshake(HandshakeMessagePayload { + typ: HandshakeType::ClientHello, + payload: HandshakePayload::ClientHello(inner_hello), + }), + }; + + // Update the inner transcript buffer with the inner hello message. + self.inner_hello_transcript + .add_message(&inner_hello_msg); + + encoded_hello + } + + // See https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-18#name-grease-psk + fn grease_psk(&self, psk_offer: &mut PresharedKeyOffer) -> Result<(), Error> { + for ident in psk_offer.identities.iter_mut() { + // "For each PSK identity advertised in the ClientHelloInner, the + // client generates a random PSK identity with the same length." + self.secure_random + .fill(&mut ident.identity.0)?; + // "It also generates a random, 32-bit, unsigned integer to use as + // the obfuscated_ticket_age." + let mut ticket_age = [0_u8; 4]; + self.secure_random + .fill(&mut ticket_age)?; + ident.obfuscated_ticket_age = u32::from_be_bytes(ticket_age); + } + + // "Likewise, for each inner PSK binder, the client generates a random string + // of the same length." + psk_offer.binders = psk_offer + .binders + .iter() + .map(|old_binder| { + // We can't access the wrapped binder PresharedKeyBinder's PayloadU8 mutably, + // so we construct new PresharedKeyBinder's from scratch with the same length. + let mut new_binder = vec![0; old_binder.as_ref().len()]; + self.secure_random + .fill(&mut new_binder)?; + Ok::(PresharedKeyBinder::from(new_binder)) + }) + .collect::>()?; + Ok(()) + } + + fn server_hello_conf(server_hello: &ServerHelloPayload) -> Message { + Self::ech_conf_message(HandshakeMessagePayload { + typ: HandshakeType::ServerHello, + payload: HandshakePayload::ServerHello(server_hello.clone()), + }) + } + + fn hello_retry_request_conf(retry_req: &HelloRetryRequest) -> Message { + Self::ech_conf_message(HandshakeMessagePayload { + typ: HandshakeType::HelloRetryRequest, + payload: HandshakePayload::HelloRetryRequest(retry_req.clone()), + }) + } + + fn ech_conf_message(hmp: HandshakeMessagePayload) -> Message { + let mut hmp_encoded = Vec::new(); + hmp.payload_encode(&mut hmp_encoded, Encoding::EchConfirmation); + Message { + version: ProtocolVersion::TLSv1_3, + payload: MessagePayload::Handshake { + encoded: Payload::new(hmp_encoded), + parsed: hmp, + }, + } + } +} + +/// Returned from EchState::check_acceptance when the server has accepted the ECH offer. +/// +/// Holds the state required to continue the handshake with the inner hello from the ECH offer. +pub(crate) struct EchAccepted { + pub(crate) transcript: HandshakeHash, + pub(crate) random: Random, + pub(crate) sent_extensions: Vec, +} + +pub(crate) fn fatal_alert_required( + retry_configs: Option>, + common: &mut CommonState, +) -> Error { + common.send_fatal_alert( + AlertDescription::EncryptedClientHelloRequired, + PeerIncompatible::ServerRejectedEncryptedClientHello(retry_configs), + ) +} diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 77f1919f62..4c87fc194f 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -15,7 +15,8 @@ use crate::bs_debug; use crate::check::inappropriate_handshake_message; use crate::client::client_conn::ClientConnectionData; use crate::client::common::ClientHelloDetails; -use crate::client::{tls13, ClientConfig}; +use crate::client::ech::EchState; +use crate::client::{tls13, ClientConfig, EchStatus}; use crate::common_state::{CommonState, HandshakeKind, State}; use crate::conn::ConnectionRandoms; use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm}; @@ -146,6 +147,19 @@ pub(super) fn start_handshake( let random = Random::new(config.provider.secure_random)?; let extension_order_seed = crate::rand::random_u16(config.provider.secure_random)?; + let ech_state = match config.ech_config.as_ref() { + Some(ech_config) => Some(EchState::new( + ech_config, + server_name.clone(), + config + .client_auth_cert_resolver + .has_certs(), + config.provider.secure_random, + config.enable_sni, + )?), + None => None, + }; + emit_client_hello_for_retry( transcript_buffer, None, @@ -162,8 +176,10 @@ pub(super) fn start_handshake( hello: ClientHelloDetails::new(extension_order_seed), session_id, server_name, + prev_ech_ext: None, }, cx, + ech_state, ) } @@ -173,6 +189,7 @@ struct ExpectServerHello { early_key_schedule: Option, offered_key_share: Option>, suite: Option, + ech_state: Option, } struct ExpectServerHelloOrHelloRetryRequest { @@ -190,6 +207,7 @@ struct ClientHelloInput { hello: ClientHelloDetails, session_id: SessionId, server_name: ServerName<'static>, + prev_ech_ext: Option, } fn emit_client_hello_for_retry( @@ -200,9 +218,13 @@ fn emit_client_hello_for_retry( suite: Option, mut input: ClientHelloInput, cx: &mut ClientContext<'_>, + mut ech_state: Option, ) -> NextStateOrError<'static> { let config = &input.config; - let support_tls12 = config.supports_version(ProtocolVersion::TLSv1_2) && !cx.common.is_quic(); + // Defense in depth: the ECH state should be None if ECH is disabled based on config + // builder semantics. + let forbids_tls12 = cx.common.is_quic() || ech_state.is_some(); + let support_tls12 = config.supports_version(ProtocolVersion::TLSv1_2) && !forbids_tls12; let support_tls13 = config.supports_version(ProtocolVersion::TLSv1_3); let mut supported_versions = Vec::new(); @@ -248,10 +270,24 @@ fn emit_client_hello_for_retry( )); } - if let (ServerName::DnsName(dns), true) = (&input.server_name, config.enable_sni) { - // We only want to send the SNI extension if the server name contains a DNS name. - exts.push(ClientExtension::make_sni(dns)); - } + match (ech_state.as_ref(), config.enable_sni) { + // If we have ECH state we have a "cover name" to send in the outer hello + // as the SNI domain name. This happens unconditionally so we ignore the + // `enable_sni` value. That will be used later to decide what to do for + // the protected inner hello's SNI. + (Some(ech_state), _) => exts.push(ClientExtension::make_sni(&ech_state.outer_name)), + + // If we have no ECH state, and SNI is enabled, try to use the input server_name + // for the SNI domain name. + (None, true) => { + if let ServerName::DnsName(dns_name) = &input.server_name { + exts.push(ClientExtension::make_sni(dns_name)) + } + } + + // If we have no ECH state, and SNI is not enabled, there's nothing to do. + (None, false) => {} + }; if let Some(key_share) = &key_share { debug_assert!(support_tls13); @@ -297,16 +333,30 @@ fn emit_client_hello_for_retry( // Extra extensions must be placed before the PSK extension exts.extend(extra_exts.iter().cloned()); + // If this is a second client hello we're constructing in response to an HRR, and + // we've rejected ECH, then we need to carry forward the exact same ECH + // extension we used in the first hello. + if matches!(cx.data.ech_status, EchStatus::Rejected) & retryreq.is_some() { + if let Some(prev_ech_ext) = input.prev_ech_ext.take() { + exts.push(prev_ech_ext); + } + } + // Do we have a SessionID or ticket cached for this host? let tls13_session = prepare_resumption(&input.resuming, &mut exts, suite, cx, config); // Extensions MAY be randomized // but they also need to keep the same order as the previous ClientHello exts.sort_by_cached_key(|new_ext| { - // PSK extension is always last - if let ClientExtension::PresharedKey(..) = new_ext { - return u32::MAX; - } + match (&cx.data.ech_status, new_ext) { + // When not offering ECH/GREASE, the PSK extension is always last. + (EchStatus::NotOffered, ClientExtension::PresharedKey(..)) => return u32::MAX, + // When ECH or GREASE are in-play, the ECH extension is always last. + (_, ClientExtension::EncryptedClientHello(_)) => return u32::MAX, + // ... and the PSK extension should be second-to-last. + (_, ClientExtension::PresharedKey(..)) => return u32::MAX - 1, + _ => {} + }; let seed = (input.hello.extension_order_seed as u32) << 16 | (u16::from(new_ext.ext_type()) as u32); @@ -328,7 +378,7 @@ fn emit_client_hello_for_retry( // We don't do renegotiation at all, in fact. cipher_suites.push(CipherSuite::TLS_EMPTY_RENEGOTIATION_INFO_SCSV); - let chp_payload = ClientHelloPayload { + let mut chp_payload = ClientHelloPayload { client_version: ProtocolVersion::TLSv1_2, random: input.random, session_id: input.session_id, @@ -337,6 +387,20 @@ fn emit_client_hello_for_retry( extensions: exts, }; + #[allow(clippy::single_match)] // TODO(@cpu): using a match to reduce churn. + match (cx.data.ech_status, &mut ech_state) { + // If we haven't offered ECH, or have offered ECH but got a non-rejecting HRR, then + // we need to replace the client hello payload with an ECH client hello payload. + (EchStatus::NotOffered | EchStatus::Offered, Some(ech_state)) => { + // Replace the client hello payload with an ECH client hello payload. + chp_payload = ech_state.ech_hello(chp_payload, retryreq, &tls13_session)?; + cx.data.ech_status = EchStatus::Offered; + // Store the ECH extension in case we need to carry it forward in a subsequent hello. + input.prev_ech_ext = chp_payload.extensions.last().cloned(); + } + _ => {} + } + // Note what extensions we sent. input.hello.sent_extensions = chp_payload .extensions @@ -349,11 +413,23 @@ fn emit_client_hello_for_retry( payload: HandshakePayload::ClientHello(chp_payload), }; - let early_key_schedule = if let Some(resuming) = tls13_session { - let schedule = tls13::fill_in_psk_binder(&resuming, &transcript_buffer, &mut chp); - Some((resuming.suite(), schedule)) - } else { - None + let early_key_schedule = match (ech_state.as_mut(), tls13_session) { + // If we're performing ECH and resuming, then the PSK binder will have been dealt with + // separately, and we need to take the early_data_key_schedule computed for the inner hello. + (Some(ech_state), Some(tls13_session)) => ech_state + .early_data_key_schedule + .take() + .map(|schedule| (tls13_session.suite(), schedule)), + + // When we're not doing ECH and resuming, then the PSK binder need to be filled in as + // normal. + (_, Some(tls13_session)) => Some(( + tls13_session.suite(), + tls13::fill_in_psk_binder(&tls13_session, &transcript_buffer, &mut chp), + )), + + // No early key schedule in other cases. + _ => None, }; let ch = Message { @@ -389,14 +465,24 @@ fn emit_client_hello_for_retry( return schedule; } + let (transcript_buffer, random) = match &ech_state { + // When using ECH the early data key schedule is derived based on the inner + // hello transcript and random. + Some(ech_state) => ( + &ech_state.inner_hello_transcript, + &ech_state.inner_hello_random.0, + ), + None => (&transcript_buffer, &input.random.0), + }; + tls13::derive_early_traffic_secret( &*config.key_log, cx, resuming_suite, &schedule, &mut input.sent_tls13_fake_ccs, - &transcript_buffer, - &input.random.0, + transcript_buffer, + random, ); schedule }); @@ -407,6 +493,7 @@ fn emit_client_hello_for_retry( early_key_schedule, offered_key_share: key_share, suite, + ech_state, }; Ok(if support_tls13 && retryreq.is_none() { @@ -702,6 +789,8 @@ impl State for ExpectServerHello { // We always send a key share when TLS 1.3 is enabled. self.offered_key_share.unwrap(), self.input.sent_tls13_fake_ccs, + &m, + self.ech_state, ) } #[cfg(feature = "tls12")] @@ -738,7 +827,7 @@ impl ExpectServerHelloOrHelloRetryRequest { } fn handle_hello_retry_request( - self, + mut self, cx: &mut ClientContext<'_>, m: Message, ) -> NextStateOrError<'static> { @@ -859,10 +948,36 @@ impl ExpectServerHelloOrHelloRetryRequest { } }; + // Or offers ECH related extensions when we didn't offer ECH. + if cx.data.ech_status == EchStatus::NotOffered && hrr.ech().is_some() { + return Err({ + cx.common.send_fatal_alert( + AlertDescription::UnsupportedExtension, + PeerMisbehaved::IllegalHelloRetryRequestWithInvalidEch, + ) + }); + } + // HRR selects the ciphersuite. cx.common.suite = Some(cs); cx.common.handshake_kind = Some(HandshakeKind::FullWithHelloRetryRequest); + // If we offered ECH, we need to confirm that the server accepted it. + match (self.next.ech_state.as_ref(), cs.tls13()) { + (Some(ech_state), Some(tls13_cs)) => { + if !ech_state.confirm_hrr_acceptance(hrr, tls13_cs, cx.common)? { + // If the server did not confirm, then note the new ECH status but + // continue the handshake. We will abort with an ECH required error + // at the end. + cx.data.ech_status = EchStatus::Rejected; + } + } + (Some(_), None) => { + unreachable!("ECH state should only be set when TLS 1.3 was negotiated") + } + _ => {} + }; + // This is the draft19 change where the transcript became a tree let transcript = self .next @@ -871,6 +986,12 @@ impl ExpectServerHelloOrHelloRetryRequest { let mut transcript_buffer = transcript.into_hrr_buffer(); transcript_buffer.add_message(&m); + // If we offered ECH and the server accepted, we also need to update the separate + // ECH transcript with the hello retry request message. + if let Some(ech_state) = self.next.ech_state.as_mut() { + ech_state.transcript_hrr_update(cs.hash_provider(), &m); + } + // Early data is not allowed after HelloRetryrequest if cx.data.early_data.is_enabled() { cx.data.early_data.rejected(); @@ -901,6 +1022,7 @@ impl ExpectServerHelloOrHelloRetryRequest { Some(cs), self.next.input, cx, + self.next.ech_state, ) } } diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index abe67fe5e1..b3f99ca437 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -10,6 +10,7 @@ use super::client_conn::ClientConnectionData; use super::hs::ClientContext; use crate::check::inappropriate_handshake_message; use crate::client::common::{ClientAuthDetails, ClientHelloDetails, ServerCertDetails}; +use crate::client::ech::{self, EchState, EchStatus}; use crate::client::{hs, ClientConfig, ClientSessionStore}; use crate::common_state::{CommonState, HandshakeKind, Protocol, Side, State}; use crate::conn::ConnectionRandoms; @@ -26,9 +27,9 @@ use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::enums::{ExtensionType, KeyUpdateRequest}; use crate::msgs::handshake::{ - CertificatePayloadTls13, ClientExtension, HandshakeMessagePayload, HandshakePayload, - HasServerExtensions, NewSessionTicketPayloadTls13, PresharedKeyIdentity, PresharedKeyOffer, - ServerExtension, ServerHelloPayload, CERTIFICATE_MAX_SIZE_LIMIT, + CertificatePayloadTls13, ClientExtension, EchConfigPayload, HandshakeMessagePayload, + HandshakePayload, HasServerExtensions, NewSessionTicketPayloadTls13, PresharedKeyIdentity, + PresharedKeyOffer, ServerExtension, ServerHelloPayload, CERTIFICATE_MAX_SIZE_LIMIT, }; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; @@ -65,13 +66,15 @@ pub(super) fn handle_server_hello( server_hello: &ServerHelloPayload, mut resuming_session: Option, server_name: ServerName<'static>, - randoms: ConnectionRandoms, + mut randoms: ConnectionRandoms, suite: &'static Tls13CipherSuite, - transcript: HandshakeHash, + mut transcript: HandshakeHash, early_key_schedule: Option, - hello: ClientHelloDetails, + mut hello: ClientHelloDetails, our_key_share: Box, mut sent_tls13_fake_ccs: bool, + server_hello_msg: &Message, + ech_state: Option, ) -> hs::NextStateOrError<'static> { validate_server_hello(cx.common, server_hello)?; @@ -146,7 +149,31 @@ pub(super) fn handle_server_hello( let shared_secret = our_key_share.complete(&their_key_share.payload.0)?; - let key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret); + let mut key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret); + + // If we have ECH state, check that the server accepted our offer. + if let Some(ech_state) = ech_state { + cx.data.ech_status = match ech_state.confirm_acceptance( + &mut key_schedule, + server_hello, + suite.common.hash_provider, + )? { + // The server accepted our ECH offer, so complete the inner transcript with the + // server hello message, and switch the relevant state to the copies for the + // inner client hello. + Some(mut accepted) => { + accepted + .transcript + .add_message(server_hello_msg); + transcript = accepted.transcript; + randoms.client = accepted.random.0; + hello.sent_extensions = accepted.sent_extensions; + EchStatus::Accepted + } + // The server rejected our ECH offer. + None => EchStatus::Rejected, + }; + } // Remember what KX group the server liked for next time. config @@ -392,6 +419,22 @@ impl State for ExpectEncryptedExtensions { validate_encrypted_extensions(cx.common, &self.hello, exts)?; hs::process_alpn_protocol(cx.common, &self.config, exts.alpn_protocol())?; + let ech_retry_configs = match (cx.data.ech_status, exts.server_ech_extension()) { + // If we didn't offer ECH, or ECH was accepted, but the server sent an ECH encrypted + // extension with retry configs, we must error. + (EchStatus::NotOffered | EchStatus::Accepted, Some(_)) => { + return Err(cx.common.send_fatal_alert( + AlertDescription::UnsupportedExtension, + PeerMisbehaved::UnsolicitedEchExtension, + )) + } + // If we offered ECH, and it was rejected, store the retry configs (if any) from + // the server's ECH extension. We will return them in an error produced at the end + // of the handshake. + (EchStatus::Rejected, ext) => ext.map(|ext| ext.retry_configs.to_vec()), + _ => None, + }; + // QUIC transport parameters if cx.common.is_quic() { match exts.quic_params_extension() { @@ -442,6 +485,7 @@ impl State for ExpectEncryptedExtensions { client_auth: None, cert_verified, sig_verified, + ech_retry_configs, })) } else { if exts.early_data_extension_offered() { @@ -459,6 +503,7 @@ impl State for ExpectEncryptedExtensions { suite: self.suite, transcript: self.transcript, key_schedule: self.key_schedule, + ech_retry_configs, }) } else { Box::new(ExpectCertificateOrCertReq { @@ -468,6 +513,7 @@ impl State for ExpectEncryptedExtensions { suite: self.suite, transcript: self.transcript, key_schedule: self.key_schedule, + ech_retry_configs, }) }) } @@ -485,6 +531,7 @@ struct ExpectCertificateOrCompressedCertificateOrCertReq { suite: &'static Tls13CipherSuite, transcript: HandshakeHash, key_schedule: KeyScheduleHandshake, + ech_retry_configs: Option>, } impl State for ExpectCertificateOrCompressedCertificateOrCertReq { @@ -513,6 +560,7 @@ impl State for ExpectCertificateOrCompressedCertificateOrC key_schedule: self.key_schedule, client_auth: None, message_already_in_transcript: false, + ech_retry_configs: self.ech_retry_configs, }) .handle(cx, m), MessagePayload::Handshake { @@ -530,6 +578,7 @@ impl State for ExpectCertificateOrCompressedCertificateOrC transcript: self.transcript, key_schedule: self.key_schedule, client_auth: None, + ech_retry_configs: self.ech_retry_configs, }) .handle(cx, m), MessagePayload::Handshake { @@ -547,6 +596,7 @@ impl State for ExpectCertificateOrCompressedCertificateOrC transcript: self.transcript, key_schedule: self.key_schedule, offered_cert_compression: true, + ech_retry_configs: self.ech_retry_configs, }) .handle(cx, m), payload => Err(inappropriate_handshake_message( @@ -574,6 +624,7 @@ struct ExpectCertificateOrCompressedCertificate { transcript: HandshakeHash, key_schedule: KeyScheduleHandshake, client_auth: Option, + ech_retry_configs: Option>, } impl State for ExpectCertificateOrCompressedCertificate { @@ -602,6 +653,7 @@ impl State for ExpectCertificateOrCompressedCertificate { key_schedule: self.key_schedule, client_auth: self.client_auth, message_already_in_transcript: false, + ech_retry_configs: self.ech_retry_configs, }) .handle(cx, m), MessagePayload::Handshake { @@ -619,6 +671,7 @@ impl State for ExpectCertificateOrCompressedCertificate { transcript: self.transcript, key_schedule: self.key_schedule, client_auth: self.client_auth, + ech_retry_configs: self.ech_retry_configs, }) .handle(cx, m), payload => Err(inappropriate_handshake_message( @@ -644,6 +697,7 @@ struct ExpectCertificateOrCertReq { suite: &'static Tls13CipherSuite, transcript: HandshakeHash, key_schedule: KeyScheduleHandshake, + ech_retry_configs: Option>, } impl State for ExpectCertificateOrCertReq { @@ -672,6 +726,7 @@ impl State for ExpectCertificateOrCertReq { key_schedule: self.key_schedule, client_auth: None, message_already_in_transcript: false, + ech_retry_configs: self.ech_retry_configs, }) .handle(cx, m), MessagePayload::Handshake { @@ -689,6 +744,7 @@ impl State for ExpectCertificateOrCertReq { transcript: self.transcript, key_schedule: self.key_schedule, offered_cert_compression: false, + ech_retry_configs: self.ech_retry_configs, }) .handle(cx, m), payload => Err(inappropriate_handshake_message( @@ -718,6 +774,7 @@ struct ExpectCertificateRequest { transcript: HandshakeHash, key_schedule: KeyScheduleHandshake, offered_cert_compression: bool, + ech_retry_configs: Option>, } impl State for ExpectCertificateRequest { @@ -794,6 +851,7 @@ impl State for ExpectCertificateRequest { transcript: self.transcript, key_schedule: self.key_schedule, client_auth: Some(client_auth), + ech_retry_configs: self.ech_retry_configs, }) } else { Box::new(ExpectCertificate { @@ -805,6 +863,7 @@ impl State for ExpectCertificateRequest { key_schedule: self.key_schedule, client_auth: Some(client_auth), message_already_in_transcript: false, + ech_retry_configs: self.ech_retry_configs, }) }) } @@ -822,6 +881,7 @@ struct ExpectCompressedCertificate { transcript: HandshakeHash, key_schedule: KeyScheduleHandshake, client_auth: Option, + ech_retry_configs: Option>, } impl State for ExpectCompressedCertificate { @@ -909,6 +969,7 @@ impl State for ExpectCompressedCertificate { key_schedule: self.key_schedule, client_auth: self.client_auth, message_already_in_transcript: true, + ech_retry_configs: self.ech_retry_configs, }) .handle(cx, m) } @@ -927,6 +988,7 @@ struct ExpectCertificate { key_schedule: KeyScheduleHandshake, client_auth: Option, message_already_in_transcript: bool, + ech_retry_configs: Option>, } impl State for ExpectCertificate { @@ -980,6 +1042,7 @@ impl State for ExpectCertificate { key_schedule: self.key_schedule, server_cert, client_auth: self.client_auth, + ech_retry_configs: self.ech_retry_configs, })) } @@ -998,6 +1061,7 @@ struct ExpectCertificateVerify<'a> { key_schedule: KeyScheduleHandshake, server_cert: ServerCertDetails<'a>, client_auth: Option, + ech_retry_configs: Option>, } impl State for ExpectCertificateVerify<'_> { @@ -1069,6 +1133,7 @@ impl State for ExpectCertificateVerify<'_> { client_auth: self.client_auth, cert_verified, sig_verified, + ech_retry_configs: self.ech_retry_configs, })) } @@ -1082,6 +1147,7 @@ impl State for ExpectCertificateVerify<'_> { key_schedule: self.key_schedule, server_cert: self.server_cert.into_owned(), client_auth: self.client_auth, + ech_retry_configs: self.ech_retry_configs, }) } } @@ -1209,6 +1275,7 @@ struct ExpectFinished { client_auth: Option, cert_verified: verify::ServerCertVerified, sig_verified: verify::HandshakeSignatureValid, + ech_retry_configs: Option>, } impl State for ExpectFinished { @@ -1261,6 +1328,14 @@ impl State for ExpectFinished { } => { emit_certificate_tls13(&mut st.transcript, None, auth_context, cx.common); } + ClientAuthDetails::Verify { + auth_context_tls13: auth_context, + .. + } if cx.data.ech_status == EchStatus::Rejected => { + // If ECH was offered, and rejected, we MUST respond with + // an empty certificate message. + emit_certificate_tls13(&mut st.transcript, None, auth_context, cx.common); + } ClientAuthDetails::Verify { certkey, signer, @@ -1313,6 +1388,13 @@ impl State for ExpectFinished { cx.common .start_traffic(&mut cx.sendable_plaintext); + // Now that we've reached the end of the normal handshake we must enforce ECH acceptance by + // sending an alert and returning an error (potentially with retry configs) if the server + // did not accept our ECH offer. + if cx.data.ech_status == EchStatus::Rejected { + return Err(ech::fatal_alert_required(st.ech_retry_configs, cx.common)); + } + let st = ExpectTraffic { config: Arc::clone(&st.config), session_storage: Arc::clone(&st.config.resumption.store), diff --git a/rustls/src/enums.rs b/rustls/src/enums.rs index f77728270d..41b28d64ba 100644 --- a/rustls/src/enums.rs +++ b/rustls/src/enums.rs @@ -42,6 +42,7 @@ enum_builder! { UnknownPSKIdentity => 0x73, CertificateRequired => 0x74, NoApplicationProtocol => 0x78, + EncryptedClientHelloRequired => 0x79, // https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-18#section-11.2 } } @@ -582,6 +583,19 @@ enum_builder! { } } +enum_builder! { + /// The type of Encrypted Client Hello (`EchClientHelloType`). + /// + /// Specified in [draft-ietf-tls-esni Section 5]. + /// + /// [draft-ietf-tls-esni Section 5]: + @U8 + pub enum EchClientHelloType { + ClientHelloOuter => 0, + ClientHelloInner => 1 + } +} + #[cfg(test)] mod tests { use super::*; diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 9c3afd18be..ed749ac546 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -6,7 +6,7 @@ use core::fmt; use std::time::SystemTimeError; use crate::enums::{AlertDescription, ContentType, HandshakeType}; -use crate::msgs::handshake::KeyExchangeAlgorithm; +use crate::msgs::handshake::{EchConfigPayload, KeyExchangeAlgorithm}; use crate::rand; /// rustls reports protocol errors using this type. @@ -35,6 +35,9 @@ pub enum Error { got_type: HandshakeType, }, + /// An error occurred while handling Encrypted Client Hello (ECH). + InvalidEncryptedClientHello(EncryptedClientHelloError), + /// The peer sent us a TLS message with invalid contents. InvalidMessage(InvalidMessage), @@ -192,6 +195,7 @@ pub enum PeerMisbehaved { IllegalHelloRetryRequestWithUnofferedNamedGroup, IllegalHelloRetryRequestWithUnsupportedVersion, IllegalHelloRetryRequestWithWrongSessionId, + IllegalHelloRetryRequestWithInvalidEch, IllegalMiddleboxChangeCipherSpec, IllegalTlsInnerPlaintext, IncorrectBinder, @@ -244,6 +248,7 @@ pub enum PeerMisbehaved { UnsolicitedSctList, UnsolicitedServerHelloExtension, WrongGroupForKeyShare, + UnsolicitedEchExtension, } impl From for Error { @@ -281,6 +286,7 @@ pub enum PeerIncompatible { Tls12NotOfferedOrEnabled, Tls13RequiredForQuic, UncompressedEcPointsRequired, + ServerRejectedEncryptedClientHello(Option>), } impl From for Error { @@ -480,6 +486,25 @@ impl From for Error { } } +#[non_exhaustive] +#[derive(Debug, Clone, Eq, PartialEq)] +/// An error that occurred while handling Encrypted Client Hello (ECH). +pub enum EncryptedClientHelloError { + /// The provided ECH configuration list was invalid. + InvalidConfigList, + /// No compatible ECH configuration. + NoCompatibleConfig, + /// The client configuration has server name indication (SNI) disabled. + SniRequired, +} + +impl From for Error { + #[inline] + fn from(e: EncryptedClientHelloError) -> Self { + Self::InvalidEncryptedClientHello(e) + } +} + fn join(items: &[T]) -> String { items .iter() @@ -524,6 +549,9 @@ impl fmt::Display for Error { Self::NoCertificatesPresented => write!(f, "peer sent no certificates"), Self::UnsupportedNameType => write!(f, "presented server name type wasn't supported"), Self::DecryptError => write!(f, "cannot decrypt peer's message"), + Self::InvalidEncryptedClientHello(ref err) => { + write!(f, "encrypted client hello failure: {:?}", err) + } Self::EncryptError => write!(f, "cannot encrypt message"), Self::PeerSentOversizedRecord => write!(f, "peer sent excess record size"), Self::HandshakeNotComplete => write!(f, "handshake not complete"), diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 5782cfd3ec..269329acea 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -514,8 +514,8 @@ pub use crate::enums::{ ProtocolVersion, SignatureAlgorithm, SignatureScheme, }; pub use crate::error::{ - CertRevocationListError, CertificateError, Error, InvalidMessage, OtherError, PeerIncompatible, - PeerMisbehaved, + CertRevocationListError, CertificateError, EncryptedClientHelloError, Error, InvalidMessage, + OtherError, PeerIncompatible, PeerMisbehaved, }; pub use crate::key_log::{KeyLog, NoKeyLog}; #[cfg(feature = "std")] @@ -542,6 +542,7 @@ pub mod client { pub(super) mod builder; mod client_conn; mod common; + mod ech; pub(super) mod handy; mod hs; #[cfg(feature = "tls12")] @@ -555,6 +556,7 @@ pub mod client { }; #[cfg(feature = "std")] pub use client_conn::{ClientConnection, WriteEarlyData}; + pub use ech::{EchConfig, EchStatus}; #[cfg(any(feature = "std", feature = "hashbrown"))] pub use handy::ClientSessionMemoryCache; diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 010632587e..5fc1103eb4 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -116,6 +116,7 @@ enum_builder! { ChannelId => 0x754f, RenegotiationInfo => 0xff01, TransportParametersDraft => 0xffa5, + EncryptedClientHello => 0xfe0d, // https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-18#section-11.1 } } @@ -324,6 +325,19 @@ enum_builder! { } } +impl HpkeAead { + /// Returns the length of the tag for the AEAD algorithm, or none if the AEAD is EXPORT_ONLY. + pub(crate) fn tag_len(&self) -> Option { + match self { + // See RFC 9180 Section 7.3, column `Nt`, the length in bytes of the authentication tag + // for the algorithm. + // https://www.rfc-editor.org/rfc/rfc9180.html#section-7.3 + Self::AES_128_GCM | Self::AES_256_GCM | Self::CHACHA20_POLY_1305 => Some(16), + _ => None, + } + } +} + impl Default for HpkeAead { // TODO(XXX): revisit the default configuration. This is just what Cloudflare ships right now. fn default() -> Self { @@ -340,7 +354,7 @@ enum_builder! { /// [draft-ietf-tls-esni Section 4]: @U16 pub enum EchVersion { - V14 => 0xfe0d, + V18 => 0xfe0d, } } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index e71b6e7ac4..1c580591b3 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -12,7 +12,8 @@ use pki_types::{CertificateDer, DnsName}; use crate::crypto::ActiveKeyExchange; use crate::crypto::SecureRandom; use crate::enums::{ - CertificateCompressionAlgorithm, CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme, + CertificateCompressionAlgorithm, CipherSuite, EchClientHelloType, HandshakeType, + ProtocolVersion, SignatureScheme, }; use crate::error::InvalidMessage; #[cfg(feature = "tls12")] @@ -558,6 +559,7 @@ pub enum ClientExtension { TransportParametersDraft(Vec), EarlyData, CertificateCompressionAlgorithms(Vec), + EncryptedClientHello(EncryptedClientHello), Unknown(UnknownExtension), } @@ -581,6 +583,7 @@ impl ClientExtension { Self::TransportParametersDraft(_) => ExtensionType::TransportParametersDraft, Self::EarlyData => ExtensionType::EarlyData, Self::CertificateCompressionAlgorithms(_) => ExtensionType::CompressCertificate, + Self::EncryptedClientHello(_) => ExtensionType::EncryptedClientHello, Self::Unknown(ref r) => r.typ, } } @@ -611,6 +614,7 @@ impl Codec<'_> for ClientExtension { nested.buf.extend_from_slice(r); } Self::CertificateCompressionAlgorithms(ref r) => r.encode(nested.buf), + Self::EncryptedClientHello(ref r) => r.encode(nested.buf), Self::Unknown(ref r) => r.encode(nested.buf), } } @@ -710,6 +714,7 @@ pub enum ServerExtension { TransportParameters(Vec), TransportParametersDraft(Vec), EarlyData, + EncryptedClientHello(ServerEncryptedClientHello), Unknown(UnknownExtension), } @@ -729,6 +734,7 @@ impl ServerExtension { Self::TransportParameters(_) => ExtensionType::TransportParameters, Self::TransportParametersDraft(_) => ExtensionType::TransportParametersDraft, Self::EarlyData => ExtensionType::EarlyData, + Self::EncryptedClientHello(_) => ExtensionType::EncryptedClientHello, Self::Unknown(ref r) => r.typ, } } @@ -754,6 +760,7 @@ impl Codec<'_> for ServerExtension { Self::TransportParameters(ref r) | Self::TransportParametersDraft(ref r) => { nested.buf.extend_from_slice(r); } + Self::EncryptedClientHello(ref r) => r.encode(nested.buf), Self::Unknown(ref r) => r.encode(nested.buf), } } @@ -781,6 +788,9 @@ impl Codec<'_> for ServerExtension { Self::TransportParametersDraft(sub.rest().to_vec()) } ExtensionType::EarlyData => Self::EarlyData, + ExtensionType::EncryptedClientHello => { + Self::EncryptedClientHello(ServerEncryptedClientHello::read(&mut sub)?) + } _ => Self::Unknown(UnknownExtension::read(typ, &mut sub)), }; @@ -1046,6 +1056,7 @@ pub(crate) enum HelloRetryExtension { KeyShare(NamedGroup), Cookie(PayloadU16), SupportedVersions(ProtocolVersion), + EchHelloRetryRequest(Vec), Unknown(UnknownExtension), } @@ -1055,6 +1066,7 @@ impl HelloRetryExtension { Self::KeyShare(_) => ExtensionType::KeyShare, Self::Cookie(_) => ExtensionType::Cookie, Self::SupportedVersions(_) => ExtensionType::SupportedVersions, + Self::EchHelloRetryRequest(_) => ExtensionType::EncryptedClientHello, Self::Unknown(ref r) => r.typ, } } @@ -1069,6 +1081,9 @@ impl Codec<'_> for HelloRetryExtension { Self::KeyShare(ref r) => r.encode(nested.buf), Self::Cookie(ref r) => r.encode(nested.buf), Self::SupportedVersions(ref r) => r.encode(nested.buf), + Self::EchHelloRetryRequest(ref r) => { + nested.buf.extend_from_slice(r); + } Self::Unknown(ref r) => r.encode(nested.buf), } } @@ -1084,6 +1099,7 @@ impl Codec<'_> for HelloRetryExtension { ExtensionType::SupportedVersions => { Self::SupportedVersions(ProtocolVersion::read(&mut sub)?) } + ExtensionType::EncryptedClientHello => Self::EchHelloRetryRequest(sub.rest().to_vec()), _ => Self::Unknown(UnknownExtension::read(typ, &mut sub)), }; @@ -1106,12 +1122,7 @@ pub struct HelloRetryRequest { impl Codec<'_> for HelloRetryRequest { fn encode(&self, bytes: &mut Vec) { - self.legacy_version.encode(bytes); - HELLO_RETRY_REQUEST_RANDOM.encode(bytes); - self.session_id.encode(bytes); - self.cipher_suite.encode(bytes); - Compression::Null.encode(bytes); - self.extensions.encode(bytes); + self.payload_encode(bytes, Encoding::Standard) } fn read(r: &mut Reader) -> Result { @@ -1148,6 +1159,7 @@ impl HelloRetryRequest { ext.ext_type() != ExtensionType::KeyShare && ext.ext_type() != ExtensionType::SupportedVersions && ext.ext_type() != ExtensionType::Cookie + && ext.ext_type() != ExtensionType::EncryptedClientHello }) } @@ -1180,6 +1192,48 @@ impl HelloRetryRequest { _ => None, } } + + pub(crate) fn ech(&self) -> Option<&Vec> { + let ext = self.find_extension(ExtensionType::EncryptedClientHello)?; + match *ext { + HelloRetryExtension::EchHelloRetryRequest(ref ech) => Some(ech), + _ => None, + } + } + + fn payload_encode(&self, bytes: &mut Vec, purpose: Encoding) { + self.legacy_version.encode(bytes); + HELLO_RETRY_REQUEST_RANDOM.encode(bytes); + self.session_id.encode(bytes); + self.cipher_suite.encode(bytes); + Compression::Null.encode(bytes); + + match purpose { + // Standard encoding encodes extensions as they appear. + Encoding::Standard => { + self.extensions.encode(bytes); + } + // For the purpose of ECH confirmation, the Encrypted Client Hello extension + // must have its payload replaced by 8 zero bytes. + // + // See draft-ietf-tls-esni-18 7.2.1: + // + Encoding::EchConfirmation => { + let extensions = LengthPrefixedBuffer::new(ListLength::U16, bytes); + for ext in &self.extensions { + match ext.ext_type() { + ExtensionType::EncryptedClientHello => { + HelloRetryExtension::EchHelloRetryRequest(vec![0u8; 8]) + .encode(extensions.buf); + } + _ => { + ext.encode(extensions.buf); + } + } + } + } + } + } } #[derive(Clone, Debug)] @@ -1194,16 +1248,7 @@ pub struct ServerHelloPayload { impl Codec<'_> for ServerHelloPayload { fn encode(&self, bytes: &mut Vec) { - self.legacy_version.encode(bytes); - self.random.encode(bytes); - - self.session_id.encode(bytes); - self.cipher_suite.encode(bytes); - self.compression_method.encode(bytes); - - if !self.extensions.is_empty() { - self.extensions.encode(bytes); - } + self.payload_encode(bytes, Encoding::Standard) } // minus version and random, which have already been read. @@ -1276,6 +1321,31 @@ impl ServerHelloPayload { _ => None, } } + + fn payload_encode(&self, bytes: &mut Vec, encoding: Encoding) { + self.legacy_version.encode(bytes); + + match encoding { + // Standard encoding encodes the random value as is. + Encoding::Standard => self.random.encode(bytes), + // When encoding a ServerHello for ECH confirmation, the random value + // has the last 8 bytes zeroed out. + Encoding::EchConfirmation => { + // Indexing safety: self.random is 32 bytes long by definition. + let rand_vec = self.random.get_encoding(); + bytes.extend_from_slice(&rand_vec.as_slice()[..24]); + bytes.extend_from_slice(&[0u8; 8]); + } + } + + self.session_id.encode(bytes); + self.cipher_suite.encode(bytes); + self.compression_method.encode(bytes); + + if !self.extensions.is_empty() { + self.extensions.encode(bytes); + } + } } #[derive(Clone, Default, Debug)] @@ -1916,6 +1986,14 @@ pub(crate) trait HasServerExtensions { } } + fn server_ech_extension(&self) -> Option { + let ext = self.find_extension(ExtensionType::EncryptedClientHello)?; + match ext { + ServerExtension::EncryptedClientHello(ech) => Some(ech.clone()), + _ => None, + } + } + fn early_data_extension_offered(&self) -> bool { self.find_extension(ExtensionType::EarlyData) .is_some() @@ -2447,15 +2525,7 @@ pub struct HandshakeMessagePayload<'a> { impl<'a> Codec<'a> for HandshakeMessagePayload<'a> { fn encode(&self, bytes: &mut Vec) { - // output type, length, and encoded payload - match self.typ { - HandshakeType::HelloRetryRequest => HandshakeType::ServerHello, - _ => self.typ, - } - .encode(bytes); - - let nested = LengthPrefixedBuffer::new(ListLength::U24 { max: usize::MAX }, bytes); - self.payload.encode(nested.buf); + self.payload_encode(bytes, Encoding::Standard); } fn read(r: &mut Reader<'a>) -> Result { @@ -2591,6 +2661,29 @@ impl<'a> HandshakeMessagePayload<'a> { ret } + pub(crate) fn payload_encode(&self, bytes: &mut Vec, encoding: Encoding) { + // output type, length, and encoded payload + match self.typ { + HandshakeType::HelloRetryRequest => HandshakeType::ServerHello, + _ => self.typ, + } + .encode(bytes); + + let nested = LengthPrefixedBuffer::new(ListLength::U24 { max: usize::MAX }, bytes); + + match &self.payload { + // for Server Hello and HelloRetryRequest payloads we need to encode the payload + // differently based on the purpose of the encoding. + HandshakePayload::ServerHello(payload) => payload.payload_encode(nested.buf, encoding), + HandshakePayload::HelloRetryRequest(payload) => { + payload.payload_encode(nested.buf, encoding) + } + + // All other payload types are encoded the same regardless of purpose. + _ => self.payload.encode(nested.buf), + } + } + pub(crate) fn build_handshake_hash(hash: &[u8]) -> Self { Self { typ: HandshakeType::MessageHash, @@ -2663,7 +2756,30 @@ pub struct EchConfigContents { pub key_config: HpkeKeyConfig, pub maximum_name_length: u8, pub public_name: DnsName<'static>, - pub extensions: PayloadU16, + pub extensions: Vec, +} + +impl EchConfigContents { + /// Returns true if there is more than one extension of a given + /// type. + pub(crate) fn has_duplicate_extension(&self) -> bool { + has_duplicates::<_, _, u16>( + self.extensions + .iter() + .map(|ext| ext.ext_type()), + ) + } + + /// Returns true if there is at least one mandatory unsupported extension. + pub(crate) fn has_unknown_mandatory_extension(&self) -> bool { + self.extensions + .iter() + // An extension is considered mandatory if the high bit of its type is set. + .any(|ext| { + matches!(ext.ext_type(), ExtensionType::Unknown(_)) + && u16::from(ext.ext_type()) & 0x8000 != 0 + }) + } } impl Codec<'_> for EchConfigContents { @@ -2684,42 +2800,213 @@ impl Codec<'_> for EchConfigContents { .map_err(|_| InvalidMessage::InvalidServerName)? .to_owned() }, - extensions: PayloadU16::read(r)?, + extensions: Vec::read(r)?, }) } } +/// An encrypted client hello (ECH) config. #[derive(Clone, Debug, PartialEq)] -pub struct EchConfigPayload { - pub version: EchVersion, - pub contents: EchConfigContents, +pub enum EchConfigPayload { + /// A recognized V18 ECH configuration. + V18(EchConfigContents), + /// An unknown version ECH configuration. + Unknown { + version: EchVersion, + contents: PayloadU16, + }, +} + +impl TlsListElement for EchConfigPayload { + const SIZE_LEN: ListLength = ListLength::U16; } impl Codec<'_> for EchConfigPayload { fn encode(&self, bytes: &mut Vec) { - self.version.encode(bytes); - let mut contents = Vec::with_capacity(128); - self.contents.encode(&mut contents); - let length: &mut [u8; 2] = &mut [0, 0]; - codec::put_u16(contents.len() as u16, length); - bytes.extend_from_slice(length); - bytes.extend(contents); + match self { + Self::V18(c) => { + // Write the version, the length, and the contents. + EchVersion::V18.encode(bytes); + let inner = LengthPrefixedBuffer::new(ListLength::U16, bytes); + c.encode(inner.buf); + } + Self::Unknown { version, contents } => { + // Unknown configuration versions are opaque. + version.encode(bytes); + contents.encode(bytes); + } + } } fn read(r: &mut Reader) -> Result { let version = EchVersion::read(r)?; let length = u16::read(r)?; - Ok(Self { - version, - contents: EchConfigContents::read(&mut r.sub(length as usize)?)?, + let mut contents = r.sub(length as usize)?; + + Ok(match version { + EchVersion::V18 => Self::V18(EchConfigContents::read(&mut contents)?), + _ => { + // Note: we don't PayloadU16::read() here because we've already read the length prefix. + let data = PayloadU16::new(contents.rest().into()); + Self::Unknown { + version, + contents: data, + } + } }) } } -impl TlsListElement for EchConfigPayload { +#[derive(Clone, Debug, PartialEq)] +pub enum EchConfigExtension { + Unknown(UnknownExtension), +} + +impl EchConfigExtension { + pub(crate) fn ext_type(&self) -> ExtensionType { + match *self { + Self::Unknown(ref r) => r.typ, + } + } +} + +impl Codec<'_> for EchConfigExtension { + fn encode(&self, bytes: &mut Vec) { + self.ext_type().encode(bytes); + + let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); + match *self { + Self::Unknown(ref r) => r.encode(nested.buf), + } + } + + fn read(r: &mut Reader) -> Result { + let typ = ExtensionType::read(r)?; + let len = u16::read(r)? as usize; + let mut sub = r.sub(len)?; + + #[allow(clippy::match_single_binding)] // Future-proofing. + let ext = match typ { + _ => Self::Unknown(UnknownExtension::read(typ, &mut sub)), + }; + + sub.expect_empty("EchConfigExtension") + .map(|_| ext) + } +} + +impl TlsListElement for EchConfigExtension { const SIZE_LEN: ListLength = ListLength::U16; } +/// Representation of the `ECHClientHello` client extension specified in +/// [draft-ietf-tls-esni Section 5]. +/// +/// [draft-ietf-tls-esni Section 5]: +#[derive(Clone, Debug)] +pub enum EncryptedClientHello { + /// A `ECHClientHello` with type [EchClientHelloType::ClientHelloOuter]. + Outer(EncryptedClientHelloOuter), + /// An empty `ECHClientHello` with type [EchClientHelloType::ClientHelloInner]. + /// + /// This variant has no payload. + Inner, +} + +impl Codec<'_> for EncryptedClientHello { + fn encode(&self, bytes: &mut Vec) { + match self { + Self::Outer(payload) => { + EchClientHelloType::ClientHelloOuter.encode(bytes); + payload.encode(bytes); + } + Self::Inner => { + EchClientHelloType::ClientHelloInner.encode(bytes); + // Empty payload. + } + } + } + + fn read(r: &mut Reader) -> Result { + match EchClientHelloType::read(r)? { + EchClientHelloType::ClientHelloOuter => { + Ok(Self::Outer(EncryptedClientHelloOuter::read(r)?)) + } + EchClientHelloType::ClientHelloInner => Ok(Self::Inner), + _ => Err(InvalidMessage::InvalidContentType), + } + } +} + +/// Representation of the ECHClientHello extension with type outer specified in +/// [draft-ietf-tls-esni Section 5]. +/// +/// [draft-ietf-tls-esni Section 5]: +#[derive(Clone, Debug)] +pub struct EncryptedClientHelloOuter { + /// The cipher suite used to encrypt ClientHelloInner. Must match a value from + /// ECHConfigContents.cipher_suites list. + pub cipher_suite: HpkeSymmetricCipherSuite, + /// The ECHConfigContents.key_config.config_id for the chosen ECHConfig. + pub config_id: u8, + /// The HPKE encapsulated key, used by servers to decrypt the corresponding payload field. + /// This field is empty in a ClientHelloOuter sent in response to a HelloRetryRequest. + pub enc: PayloadU16, + /// The serialized and encrypted ClientHelloInner structure, encrypted using HPKE. + pub payload: PayloadU16, +} + +impl Codec<'_> for EncryptedClientHelloOuter { + fn encode(&self, bytes: &mut Vec) { + self.cipher_suite.encode(bytes); + self.config_id.encode(bytes); + self.enc.encode(bytes); + self.payload.encode(bytes); + } + + fn read(r: &mut Reader) -> Result { + Ok(Self { + cipher_suite: HpkeSymmetricCipherSuite::read(r)?, + config_id: u8::read(r)?, + enc: PayloadU16::read(r)?, + payload: PayloadU16::read(r)?, + }) + } +} + +/// Representation of the ECHEncryptedExtensions extension specified in +/// [draft-ietf-tls-esni Section 5]. +/// +/// [draft-ietf-tls-esni Section 5]: +#[derive(Clone, Debug)] +pub struct ServerEncryptedClientHello { + pub(crate) retry_configs: Vec, +} + +impl Codec<'_> for ServerEncryptedClientHello { + fn encode(&self, bytes: &mut Vec) { + self.retry_configs.encode(bytes); + } + + fn read(r: &mut Reader) -> Result { + Ok(Self { + retry_configs: Vec::::read(r)?, + }) + } +} + +/// The method of encoding to use for a handshake message. +/// +/// In some cases a handshake message may be encoded differently depending on the purpose +/// the encoded message is being used for. For example, a [ServerHelloPayload] may be encoded +/// with the last 8 bytes of the random zeroed out when being encoded for ECH confirmation. +pub(crate) enum Encoding { + /// Standard RFC 8446 encoding. + Standard, + /// Encoding for ECH confirmation. + EchConfirmation, +} + fn has_duplicates, E: Into, T: Eq + Ord>(iter: I) -> bool { let mut seen = BTreeSet::new(); @@ -2731,3 +3018,56 @@ fn has_duplicates, E: Into, T: Eq + Ord>(iter: I) - false } + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_ech_config_dupe_exts() { + let unknown_ext = EchConfigExtension::Unknown(UnknownExtension { + typ: ExtensionType::Unknown(0x42), + payload: Payload::new(vec![0x42]), + }); + let mut config = config_template(); + config + .extensions + .push(unknown_ext.clone()); + config.extensions.push(unknown_ext); + + assert!(config.has_duplicate_extension()); + assert!(!config.has_unknown_mandatory_extension()); + } + + #[test] + fn test_ech_config_mandatory_exts() { + let mandatory_unknown_ext = EchConfigExtension::Unknown(UnknownExtension { + typ: ExtensionType::Unknown(0x42 | 0x8000), // Note: high bit set. + payload: Payload::new(vec![0x42]), + }); + let mut config = config_template(); + config + .extensions + .push(mandatory_unknown_ext); + + assert!(!config.has_duplicate_extension()); + assert!(config.has_unknown_mandatory_extension()); + } + + fn config_template() -> EchConfigContents { + EchConfigContents { + key_config: HpkeKeyConfig { + config_id: 0, + kem_id: HpkeKem::DHKEM_P256_HKDF_SHA256, + public_key: PayloadU16(b"xxx".into()), + symmetric_cipher_suites: vec![HpkeSymmetricCipherSuite { + kdf_id: HpkeKdf::HKDF_SHA256, + aead_id: HpkeAead::AES_128_GCM, + }], + }, + maximum_name_length: 0, + public_name: DnsName::try_from("example.com").unwrap(), + extensions: vec![], + } + } +} diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index d95986ff8d..428da33452 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -23,6 +23,8 @@ enum SecretKind { ExporterMasterSecret, ResumptionMasterSecret, DerivedSecret, + ServerEchConfirmationSecret, + ServerEchHrrConfirmationSecret, } impl SecretKind { @@ -38,6 +40,10 @@ impl SecretKind { ExporterMasterSecret => b"exp master", ResumptionMasterSecret => b"res master", DerivedSecret => b"derived", + // https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-18#section-7.2 + ServerEchConfirmationSecret => b"ech accept confirmation", + // https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-18#section-7.2.1 + ServerEchHrrConfirmationSecret => b"hrr ech accept confirmation", } } @@ -207,6 +213,30 @@ impl KeyScheduleHandshakeStart { new } + pub(crate) fn server_ech_confirmation_secret( + &mut self, + client_hello_inner_random: &[u8], + hs_hash: hash::Output, + ) -> [u8; 8] { + /* + Per ietf-tls-esni-17 section 7.2: + + accept_confirmation = HKDF-Expand-Label( + HKDF-Extract(0, ClientHelloInner.random), + "ech accept confirmation", + transcript_ech_conf,8) + */ + hkdf_expand_label( + self.ks + .suite + .hkdf_provider + .extract_from_secret(None, client_hello_inner_random) + .as_ref(), + SecretKind::ServerEchConfirmationSecret.to_bytes(), + hs_hash.as_ref(), + ) + } + fn into_handshake( self, hs_hash: hash::Output, @@ -775,6 +805,29 @@ fn hkdf_expand_label_slice( }) } +pub(crate) fn server_ech_hrr_confirmation_secret( + hkdf_provider: &'static dyn Hkdf, + client_hello_inner_random: &[u8], + hs_hash: hash::Output, +) -> [u8; 8] { + /* + Per ietf-tls-esni-17 section 7.2.1: + + hrr_accept_confirmation = HKDF-Expand-Label( + HKDF-Extract(0, ClientHelloInner1.random), + "hrr ech accept confirmation", + transcript_hrr_ech_conf, + 8) + */ + hkdf_expand_label( + hkdf_provider + .extract_from_secret(None, client_hello_inner_random) + .as_ref(), + SecretKind::ServerEchHrrConfirmationSecret.to_bytes(), + hs_hash.as_ref(), + ) +} + pub(crate) fn derive_traffic_key(expander: &dyn HkdfExpander, aead_key_len: usize) -> AeadKey { hkdf_expand_label_aead_key(expander, aead_key_len, b"key", &[]) } diff --git a/rustls/tests/ech.rs b/rustls/tests/ech.rs index 4ed6d9754a..444f1e2049 100644 --- a/rustls/tests/ech.rs +++ b/rustls/tests/ech.rs @@ -2,18 +2,19 @@ use base64::prelude::{Engine, BASE64_STANDARD}; use pki_types::DnsName; use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::enums::{EchVersion, HpkeAead, HpkeKdf, HpkeKem}; -use rustls::internal::msgs::handshake::{EchConfigPayload, HpkeKeyConfig, HpkeSymmetricCipherSuite}; +use rustls::internal::msgs::handshake::{ + EchConfigContents, EchConfigPayload, HpkeKeyConfig, HpkeSymmetricCipherSuite, +}; #[test] fn test_decode_config_list() { - fn assert_config(config: &EchConfigPayload, public_name: impl AsRef<[u8]>, max_len: u8) { - assert_eq!(config.version, EchVersion::V14); - assert_eq!(config.contents.maximum_name_length, max_len); + fn assert_config(contents: &EchConfigContents, public_name: impl AsRef<[u8]>, max_len: u8) { + assert_eq!(contents.maximum_name_length, max_len); assert_eq!( - config.contents.public_name, + contents.public_name, DnsName::try_from(public_name.as_ref()).unwrap() ); - assert!(config.contents.extensions.0.is_empty()); + assert!(contents.extensions.is_empty()); } fn assert_key_config( @@ -29,9 +30,12 @@ fn test_decode_config_list() { let config_list = get_ech_config(BASE64_ECHCONFIG_LIST_LOCALHOST); assert_eq!(config_list.len(), 1); - assert_config(&config_list[0], "localhost", 128); + let EchConfigPayload::V18(contents) = &config_list[0] else { + panic!("unexpected ECH config version: {:?}", config_list[0]); + }; + assert_config(contents, "localhost", 128); assert_key_config( - &config_list[0].contents.key_config, + &contents.key_config, 0, HpkeKem::DHKEM_X25519_HKDF_SHA256, vec![ @@ -48,9 +52,12 @@ fn test_decode_config_list() { let config_list = get_ech_config(BASE64_ECHCONFIG_LIST_CF); assert_eq!(config_list.len(), 2); - assert_config(&config_list[0], "cloudflare-esni.com", 37); + let EchConfigPayload::V18(contents_a) = &config_list[0] else { + panic!("unexpected ECH config version: {:?}", config_list[0]); + }; + assert_config(contents_a, "cloudflare-esni.com", 37); assert_key_config( - &config_list[0].contents.key_config, + &contents_a.key_config, 195, HpkeKem::DHKEM_X25519_HKDF_SHA256, vec![HpkeSymmetricCipherSuite { @@ -58,9 +65,12 @@ fn test_decode_config_list() { aead_id: HpkeAead::AES_128_GCM, }], ); - assert_config(&config_list[1], "cloudflare-esni.com", 42); + let EchConfigPayload::V18(contents_b) = &config_list[1] else { + panic!("unexpected ECH config version: {:?}", config_list[1]); + }; + assert_config(contents_b, "cloudflare-esni.com", 42); assert_key_config( - &config_list[1].contents.key_config, + &contents_b.key_config, 3, HpkeKem::DHKEM_P256_HKDF_SHA256, vec![HpkeSymmetricCipherSuite { @@ -68,6 +78,21 @@ fn test_decode_config_list() { aead_id: HpkeAead::AES_128_GCM, }], ); + + let config_list = get_ech_config(BASE64_ECHCONFIG_LIST_WITH_UNSUPPORTED); + assert_eq!(config_list.len(), 4); + // The first config should be unsupported. + assert!(matches!( + config_list[0], + EchConfigPayload::Unknown { + version: EchVersion::Unknown(0xBADD), + .. + } + )); + // The other configs should be recognized. + for config in config_list.iter().skip(1) { + assert!(matches!(config, EchConfigPayload::V18(_))); + } } #[test] @@ -81,6 +106,7 @@ fn test_echconfig_serialization() { assert_round_trip_eq(BASE64_ECHCONFIG_LIST_LOCALHOST); assert_round_trip_eq(BASE64_ECHCONFIG_LIST_CF); + assert_round_trip_eq(BASE64_ECHCONFIG_LIST_WITH_UNSUPPORTED); } fn get_ech_config(s: &str) -> Vec { @@ -95,3 +121,6 @@ const BASE64_ECHCONFIG_LIST_LOCALHOST: &str = // Two EchConfigs, both with server-name "cloudflare-esni.com". const BASE64_ECHCONFIG_LIST_CF: &str = "AK3+DQBCwwAgACAJ9T5U4FeM6631r2bvAuGtmEd8zQaoTkFAtArTcMl/XQAEAAEAASUTY2xvdWRmbGFyZS1lc25pLmNvbQAA/g0AYwMAEABBBGGbUlGLuGRorUeFwmrgHImkrh9uxoPrnFKpS5bQvnc5grfMS3PvymQ2FYL02WQi1ZzZJg5OsYYdzlaGYnEoJNsABAABAAEqE2Nsb3VkZmxhcmUtZXNuaS5jb20AAA=="; + +// Three EchConfigs, the first one with an unsupported version. +const BASE64_ECHCONFIG_LIST_WITH_UNSUPPORTED: &str = "AQW63QAFBQQDAgH+DQBmAAAQAEEE5itp4r9ln5e+Lx4NlIpM1Zdrt6keDUb73ampHp3culoB59aXqAoY+cPEox5W4nyDSNsWGhz1HX7xlC1Lz3IiwQAMAAEAAQABAAIAAQADQA5wdWJsaWMuZXhhbXBsZQAA/g0APQAAIAAgfWYWFXMCFK7ucFMzZvNqYJ6tZcDCCOYjIjRqtbzY3hwABBERIiJADnB1YmxpYy5leGFtcGxlAAD+DQBNAAAgACCFvWoDJ3wlQntS4mngx3qOtSS6HrPS8TJmLUsKxstzVwAMAAEAAQABAAIAAQADQA5wdWJsaWMuZXhhbXBsZQAIqqoABHRlc3Q="; From 7e895b5e765d1b90a3a11cd603ff09048906b9f5 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 18 Apr 2024 16:40:54 -0400 Subject: [PATCH 1047/1145] ech: support client GREASE ECH In the situation where an ECH config is not available some clients may wish to send a "GREASE" ECH extension as an anti-ossification mechanism (see RFC 8701[0] for more information on the general concept of GREASE). To support this we update the configuration to accept an optional ECH mode instead of an optional ECH config. The ECH mode has a variant for enabling ECH that holds an ECH config, and a separate variant that holds only what's required to emit a GREASE ECH extension. We don't automatically fall back to GREASE if ECH configs are provided but none are compatible. If desired this should be handled by the caller. Similarly we don't default to sending GREASE, it is opt-in. [0]: https://www.rfc-editor.org/rfc/rfc8701 --- examples/src/bin/ech-client.rs | 6 +- rustls/src/builder.rs | 6 +- rustls/src/client/builder.rs | 16 ++-- rustls/src/client/client_conn.rs | 4 +- rustls/src/client/ech.rs | 131 +++++++++++++++++++++++++++++-- rustls/src/client/hs.rs | 42 ++++++++-- rustls/src/lib.rs | 2 +- 7 files changed, 178 insertions(+), 29 deletions(-) diff --git a/examples/src/bin/ech-client.rs b/examples/src/bin/ech-client.rs index 820837b695..df40353f76 100644 --- a/examples/src/bin/ech-client.rs +++ b/examples/src/bin/ech-client.rs @@ -30,7 +30,9 @@ fn main() { .init(); // Select a compatible ECH config. - let ech_config = EchConfig::new(ech_config_list, ALL_SUPPORTED_SUITES).unwrap(); + let ech_mode = EchConfig::new(ech_config_list, ALL_SUPPORTED_SUITES) + .unwrap() + .into(); let root_store = RootCertStore { roots: webpki_roots::TLS_SERVER_ROOTS.into(), @@ -39,7 +41,7 @@ fn main() { // Construct a rustls client config with a custom provider, and ECH enabled. let mut config = rustls::ClientConfig::builder_with_provider(aws_lc_rs::default_provider().into()) - .with_ech(ech_config) + .with_ech(ech_mode) .unwrap() .with_root_certificates(root_store) .with_no_client_auth(); diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index a941475310..612df1c424 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -4,7 +4,7 @@ use alloc::vec::Vec; use core::fmt; use core::marker::PhantomData; -use crate::client::EchConfig; +use crate::client::EchMode; use crate::crypto::CryptoProvider; use crate::error::Error; use crate::msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS; @@ -252,7 +252,7 @@ impl ConfigBuilder { provider: self.state.provider, versions: versions::EnabledVersions::new(versions), time_provider: self.state.time_provider, - client_ech_config: None, + client_ech_mode: None, }, side: self.side, }) @@ -267,7 +267,7 @@ pub struct WantsVerifier { pub(crate) provider: Arc, pub(crate) versions: versions::EnabledVersions, pub(crate) time_provider: Arc, - pub(crate) client_ech_config: Option, + pub(crate) client_ech_mode: Option, } /// Helper trait to abstract [`ConfigBuilder`] over building a [`ClientConfig`] or [`ServerConfig`]. diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index 04e68865ff..22ca184cdc 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -6,7 +6,7 @@ use pki_types::{CertificateDer, PrivateKeyDer}; use super::client_conn::Resumption; use crate::builder::{ConfigBuilder, WantsVerifier}; -use crate::client::{handy, ClientConfig, EchConfig, ResolvesClientCert}; +use crate::client::{handy, ClientConfig, EchMode, ResolvesClientCert}; use crate::crypto::CryptoProvider; use crate::error::Error; use crate::key_log::NoKeyLog; @@ -17,7 +17,7 @@ use crate::webpki::{self, WebPkiServerVerifier}; use crate::{compress, verify, versions, WantsVersions}; impl ConfigBuilder { - /// Enable Encrypted Client Hello (ECH) with the given configuration. + /// Enable Encrypted Client Hello (ECH) in the given mode. /// /// This implicitly selects TLS 1.3 as the only supported protocol version to meet the /// requirement to support ECH. @@ -28,10 +28,10 @@ impl ConfigBuilder { /// that offer the provided [`crate::client::EchConfig`] in their DNS zone. pub fn with_ech( self, - config: EchConfig, + mode: EchMode, ) -> Result, Error> { let mut res = self.with_protocol_versions(&[&TLS13][..])?; - res.state.client_ech_config = Some(config); + res.state.client_ech_mode = Some(mode); Ok(res) } } @@ -77,7 +77,7 @@ impl ConfigBuilder { versions: self.state.versions, verifier, time_provider: self.state.time_provider, - client_ech_config: self.state.client_ech_config, + client_ech_mode: self.state.client_ech_mode, }, side: PhantomData, } @@ -117,7 +117,7 @@ pub(super) mod danger { versions: self.cfg.state.versions, verifier, time_provider: self.cfg.state.time_provider, - client_ech_config: None, + client_ech_mode: self.cfg.state.client_ech_mode, }, side: PhantomData, } @@ -135,7 +135,7 @@ pub struct WantsClientCert { versions: versions::EnabledVersions, verifier: Arc, time_provider: Arc, - client_ech_config: Option, + client_ech_mode: Option, } impl ConfigBuilder { @@ -191,7 +191,7 @@ impl ConfigBuilder { cert_compressors: compress::default_cert_compressors().to_vec(), cert_compression_cache: Arc::new(compress::CompressionCache::default()), cert_decompressors: compress::default_cert_decompressors().to_vec(), - ech_config: self.state.client_ech_config, + ech_mode: self.state.client_ech_mode, } } } diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 8627f686b8..bc81ea08f5 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -9,7 +9,7 @@ use pki_types::{ServerName, UnixTime}; use super::handy::NoClientSessionStorage; use super::hs; use crate::builder::ConfigBuilder; -use crate::client::{EchConfig, EchStatus}; +use crate::client::{EchMode, EchStatus}; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, UnbufferedConnectionCommon}; use crate::crypto::{CryptoProvider, SupportedKxGroup}; @@ -256,7 +256,7 @@ pub struct ClientConfig { pub cert_compression_cache: Arc, /// How to offer Encrypted Client Hello (ECH). The default is to not offer ECH. - pub(super) ech_config: Option, + pub(super) ech_mode: Option, } impl ClientConfig { diff --git a/rustls/src/client/ech.rs b/rustls/src/client/ech.rs index 03ff1454b0..0ab27ddcdc 100644 --- a/rustls/src/client/ech.rs +++ b/rustls/src/client/ech.rs @@ -14,12 +14,12 @@ use crate::hash_hs::{HandshakeHash, HandshakeHashBuffer}; use crate::log::{debug, trace, warn}; use crate::msgs::base::{Payload, PayloadU16}; use crate::msgs::codec::{Codec, Reader}; -use crate::msgs::enums::ExtensionType; +use crate::msgs::enums::{ExtensionType, HpkeKem}; use crate::msgs::handshake::{ - ClientExtension, ClientHelloPayload, EchConfigPayload, Encoding, EncryptedClientHello, - EncryptedClientHelloOuter, HandshakeMessagePayload, HandshakePayload, HelloRetryRequest, - HpkeSymmetricCipherSuite, PresharedKeyBinder, PresharedKeyOffer, Random, ServerHelloPayload, - SessionId, + ClientExtension, ClientHelloPayload, EchConfigContents, EchConfigPayload, Encoding, + EncryptedClientHello, EncryptedClientHelloOuter, HandshakeMessagePayload, HandshakePayload, + HelloRetryRequest, HpkeKeyConfig, HpkeSymmetricCipherSuite, PresharedKeyBinder, + PresharedKeyOffer, Random, ServerHelloPayload, SessionId, }; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; @@ -33,6 +33,32 @@ use crate::{ PeerIncompatible, PeerMisbehaved, ProtocolVersion, Tls13CipherSuite, }; +/// Controls how Encrypted Client Hello (ECH) is used in a client handshake. +#[derive(Clone, Debug)] +pub enum EchMode { + /// ECH is enabled and the ClientHello will be encrypted based on the provided + /// configuration. + Enable(EchConfig), + + /// No ECH configuration is available but the client should act as though it were. + /// + /// This is an anti-ossification measure, sometimes referred to as "GREASE"[^0]. + /// [^0]: + Grease(EchGreaseConfig), +} + +impl From for EchMode { + fn from(config: EchConfig) -> Self { + Self::Enable(config) + } +} + +impl From for EchMode { + fn from(config: EchGreaseConfig) -> Self { + Self::Grease(config) + } +} + /// Configuration for performing encrypted client hello. /// /// Note: differs from the protocol-encoded EchConfig (`EchConfigMsg`). @@ -134,11 +160,106 @@ impl EchConfig { } } +/// Configuration for GREASE Encrypted Client Hello. +#[derive(Clone, Debug)] +pub struct EchGreaseConfig { + pub(crate) suite: &'static dyn Hpke, + pub(crate) placeholder_key: HpkePublicKey, +} + +impl EchGreaseConfig { + /// Construct a GREASE ECH configuration. + /// + /// This configuration is used when the client wishes to offer ECH to prevent ossification, + /// but doesn't have a real ECH configuration to use for the remote server. In this case + /// a placeholder or "GREASE"[^0] extension is used. + /// + /// Returns an error if the HPKE provider does not support the given suite. + /// + /// [^0]: + pub fn new(suite: &'static dyn Hpke, placeholder_key: HpkePublicKey) -> Self { + Self { + suite, + placeholder_key, + } + } + + /// Build a GREASE ECH extension based on the placeholder configuration. + /// + /// See for + /// more information. + pub(crate) fn grease_ext( + &self, + secure_random: &'static dyn SecureRandom, + inner_name: ServerName<'static>, + outer_hello: &ClientHelloPayload, + ) -> Result { + trace!("Preparing GREASE ECH extension"); + + // Pick a random config id. + let mut config_id: [u8; 1] = [0; 1]; + secure_random.fill(&mut config_id[..])?; + + let suite = self.suite.suite(); + + // Construct a dummy ECH state - we don't have a real ECH config from a server since + // this is for GREASE. + let mut grease_state = EchState::new( + &EchConfig { + config: EchConfigPayload::V18(EchConfigContents { + key_config: HpkeKeyConfig { + config_id: config_id[0], + kem_id: HpkeKem::DHKEM_P256_HKDF_SHA256, + public_key: PayloadU16(self.placeholder_key.0.clone()), + symmetric_cipher_suites: vec![suite.sym], + }, + maximum_name_length: 0, + public_name: DnsName::try_from("filler").unwrap(), + extensions: Vec::default(), + }), + suite: self.suite, + }, + inner_name, + false, + secure_random, + false, // Does not matter if we enable/disable SNI here. Inner hello is not used. + )?; + + // Construct an inner hello using the outer hello - this allows us to know the size of + // dummy payload we should use for the GREASE extension. + let encoded_inner_hello = grease_state.encode_inner_hello(outer_hello, None, &None); + + // Generate a payload of random data equivalent in length to a real inner hello. + let payload_len = encoded_inner_hello.len() + + suite + .sym + .aead_id + .tag_len() + // Safety: we have confirmed the AEAD is supported when building the config. All + // supported AEADs have a tag length. + .unwrap(); + let mut payload = vec![0; payload_len]; + secure_random.fill(&mut payload)?; + + // Return the GREASE extension. + Ok(ClientExtension::EncryptedClientHello( + EncryptedClientHello::Outer(EncryptedClientHelloOuter { + cipher_suite: suite.sym, + config_id: config_id[0], + enc: PayloadU16(grease_state.enc.0), + payload: PayloadU16::new(payload), + }), + )) + } +} + /// An enum representing ECH offer status. #[derive(Debug, Clone, Copy, Eq, PartialEq)] pub enum EchStatus { /// ECH was not offered - it is a normal TLS handshake. NotOffered, + /// GREASE ECH was sent. This is not considered offering ECH. + Grease, /// ECH was offered but we do not yet know whether the offer was accepted or rejected. Offered, /// ECH was offered and the server accepted. diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 4c87fc194f..1f9209685d 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -16,7 +16,7 @@ use crate::check::inappropriate_handshake_message; use crate::client::client_conn::ClientConnectionData; use crate::client::common::ClientHelloDetails; use crate::client::ech::EchState; -use crate::client::{tls13, ClientConfig, EchStatus}; +use crate::client::{tls13, ClientConfig, EchMode, EchStatus}; use crate::common_state::{CommonState, HandshakeKind, State}; use crate::conn::ConnectionRandoms; use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm}; @@ -147,8 +147,8 @@ pub(super) fn start_handshake( let random = Random::new(config.provider.secure_random)?; let extension_order_seed = crate::rand::random_u16(config.provider.secure_random)?; - let ech_state = match config.ech_config.as_ref() { - Some(ech_config) => Some(EchState::new( + let ech_state = match config.ech_mode.as_ref() { + Some(EchMode::Enable(ech_config)) => Some(EchState::new( ech_config, server_name.clone(), config @@ -157,7 +157,7 @@ pub(super) fn start_handshake( config.provider.secure_random, config.enable_sni, )?), - None => None, + _ => None, }; emit_client_hello_for_retry( @@ -334,9 +334,9 @@ fn emit_client_hello_for_retry( exts.extend(extra_exts.iter().cloned()); // If this is a second client hello we're constructing in response to an HRR, and - // we've rejected ECH, then we need to carry forward the exact same ECH - // extension we used in the first hello. - if matches!(cx.data.ech_status, EchStatus::Rejected) & retryreq.is_some() { + // we've rejected ECH or sent GREASE ECH, then we need to carry forward the + // exact same ECH extension we used in the first hello. + if matches!(cx.data.ech_status, EchStatus::Rejected | EchStatus::Grease) & retryreq.is_some() { if let Some(prev_ech_ext) = input.prev_ech_ext.take() { exts.push(prev_ech_ext); } @@ -387,7 +387,18 @@ fn emit_client_hello_for_retry( extensions: exts, }; - #[allow(clippy::single_match)] // TODO(@cpu): using a match to reduce churn. + let ech_grease_ext = config + .ech_mode + .as_ref() + .and_then(|mode| match mode { + EchMode::Grease(cfg) => Some(cfg.grease_ext( + config.provider.secure_random, + input.server_name.clone(), + &chp_payload, + )), + _ => None, + }); + match (cx.data.ech_status, &mut ech_state) { // If we haven't offered ECH, or have offered ECH but got a non-rejecting HRR, then // we need to replace the client hello payload with an ECH client hello payload. @@ -398,6 +409,21 @@ fn emit_client_hello_for_retry( // Store the ECH extension in case we need to carry it forward in a subsequent hello. input.prev_ech_ext = chp_payload.extensions.last().cloned(); } + // If we haven't offered ECH, and have no ECH state, then consider whether to use GREASE + // ECH. + (EchStatus::NotOffered, None) => { + if let Some(grease_ext) = ech_grease_ext { + // Add the GREASE ECH extension. + let grease_ext = grease_ext?; + chp_payload + .extensions + .push(grease_ext.clone()); + cx.data.ech_status = EchStatus::Grease; + // Store the GREASE ECH extension in case we need to carry it forward in a + // subsequent hello. + input.prev_ech_ext = Some(grease_ext); + } + } _ => {} } diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 269329acea..0bf3eb231d 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -556,7 +556,7 @@ pub mod client { }; #[cfg(feature = "std")] pub use client_conn::{ClientConnection, WriteEarlyData}; - pub use ech::{EchConfig, EchStatus}; + pub use ech::{EchConfig, EchGreaseConfig, EchMode, EchStatus}; #[cfg(any(feature = "std", feature = "hashbrown"))] pub use handy::ClientSessionMemoryCache; From 4f8b059356eeda08cd003cc378c5b7b449dca6cc Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 12 Apr 2024 11:05:27 -0400 Subject: [PATCH 1048/1145] examples: enhance ech-client * Use docopt to make it feasible to provide args/flags * Add flags for choosing CA cert, DNS-over-HTTPS server, etc * Add config for performing placeholder "GREASE" ECH for hosts without ECH configs, doing so by default for hosts without ECH configs, and forcing it if desired * Add config flag for specifying a ECH config from disk. * Add flag for specifying how many requests to do, to test resumption. * Asserts on the expected ECH status after handshaking. --- examples/src/bin/ech-client.rs | 221 ++++++++++++++++++++++++++------- 1 file changed, 177 insertions(+), 44 deletions(-) diff --git a/examples/src/bin/ech-client.rs b/examples/src/bin/ech-client.rs index df40353f76..652ad1cbeb 100644 --- a/examples/src/bin/ech-client.rs +++ b/examples/src/bin/ech-client.rs @@ -3,24 +3,63 @@ //! //! Note that `unwrap()` is used to deal with networking errors; this is not something //! that is sensible outside of example code. +//! +//! Example usage: +//! ``` +//! cargo run --package rustls-provider-example --example ech-client -- --host defo.ie defo.ie www.defo.ie +//! ``` +//! +//! This will perform a DNS-over-HTTPS lookup for the defo.ie ECH config, using it to determine +//! the plaintext SNI to send to the server. The protected encrypted SNI will be "www.defo.ie". +//! An HTTP request for Host: defo.ie will be made once the handshake completes. You should +//! observe output that contains: +//! ``` +//!

SSL_ECH_OUTER_SNI: cover.defo.ie
+//! SSL_ECH_INNER_SNI: www.defo.ie
+//! SSL_ECH_STATUS: success good
+//!

+//! ``` -use std::io::{stdout, Read, Write}; -use std::net::TcpStream; +use std::fs; +use std::io::{stdout, BufReader, Read, Write}; +use std::net::{TcpStream, ToSocketAddrs}; use std::sync::Arc; +use docopt::Docopt; use hickory_resolver::config::{ResolverConfig, ResolverOpts}; use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; use hickory_resolver::proto::rr::{RData, RecordType}; use hickory_resolver::Resolver; -use rustls::client::EchConfig; +use rustls::client::{EchConfig, EchGreaseConfig, EchStatus}; use rustls::crypto::aws_lc_rs; use rustls::crypto::aws_lc_rs::hpke::ALL_SUPPORTED_SUITES; +use rustls::crypto::hpke::Hpke; +use rustls::pki_types::ServerName; use rustls::RootCertStore; +use serde_derive::Deserialize; fn main() { - // Find raw ECH configs using DNS-over-HTTPS with Hickory DNS: - let resolver = Resolver::new(ResolverConfig::google_https(), ResolverOpts::default()).unwrap(); - let ech_config_list = lookup_ech_configs(&resolver, "defo.ie"); + let version = env!("CARGO_PKG_NAME").to_string() + ", version: " + env!("CARGO_PKG_VERSION"); + let args: Args = Docopt::new(USAGE) + .map(|d| d.help(true)) + .map(|d| d.version(Some(version))) + .and_then(|d| d.deserialize()) + .unwrap_or_else(|e| e.exit()); + + // Find raw ECH configs using DNS-over-HTTPS with Hickory DNS. + let resolver_config = if args.flag_cloudflare_dns { + ResolverConfig::cloudflare_https() + } else { + ResolverConfig::google_https() + }; + let resolver = Resolver::new(resolver_config, ResolverOpts::default()).unwrap(); + let server_ech_config = match args.flag_grease { + true => None, // Force the use of the GREASE ext by skipping ECH config lookup + false => match args.flag_ech_config { + Some(path) => Some(read_ech(&path)), + None => lookup_ech_configs(&resolver, &args.arg_outer_hostname), + }, + }; // NOTE: we defer setting up env_logger and setting the trace default filter level until // after doing the DNS-over-HTTPS lookup above - we don't want to muddy the output @@ -29,13 +68,31 @@ fn main() { .parse_filters("trace") .init(); - // Select a compatible ECH config. - let ech_mode = EchConfig::new(ech_config_list, ALL_SUPPORTED_SUITES) - .unwrap() - .into(); + let ech_mode = match server_ech_config { + Some(ech_config_list) => EchConfig::new(ech_config_list, ALL_SUPPORTED_SUITES) + .unwrap() + .into(), + None => { + let (public_key, _) = GREASE_HPKE_SUITE + .generate_key_pair() + .unwrap(); + EchGreaseConfig::new(GREASE_HPKE_SUITE, public_key).into() + } + }; - let root_store = RootCertStore { - roots: webpki_roots::TLS_SERVER_ROOTS.into(), + let root_store = match args.flag_cafile { + Some(file) => { + let mut root_store = RootCertStore::empty(); + let certfile = fs::File::open(file).expect("Cannot open CA file"); + let mut reader = BufReader::new(certfile); + root_store.add_parsable_certificates( + rustls_pemfile::certs(&mut reader).map(|result| result.unwrap()), + ); + root_store + } + None => RootCertStore { + roots: webpki_roots::TLS_SERVER_ROOTS.into(), + }, }; // Construct a rustls client config with a custom provider, and ECH enabled. @@ -48,44 +105,106 @@ fn main() { // Allow using SSLKEYLOGFILE. config.key_log = Arc::new(rustls::KeyLogFile::new()); + let config = Arc::new(config); // The "inner" SNI that we're really trying to reach. - let server_name = "www.defo.ie".try_into().unwrap(); - let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap(); - // The "outer" server that we're connecting to. - let mut sock = TcpStream::connect("defo.ie:443").unwrap(); - let mut tls = rustls::Stream::new(&mut conn, &mut sock); - tls.write_all( - concat!( - "GET /ech-check.php HTTP/1.1\r\n", - "Host: defo.ie\r\n", - "Connection: close\r\n", - "Accept-Encoding: identity\r\n", - "\r\n" - ) - .as_bytes(), - ) - .unwrap(); - let ciphersuite = tls - .conn - .negotiated_cipher_suite() + let server_name: ServerName<'static> = args + .arg_inner_hostname + .clone() + .try_into() .unwrap(); - writeln!( - &mut std::io::stderr(), - "Current ciphersuite: {:?}", - ciphersuite.suite() - ) - .unwrap(); - let mut plaintext = Vec::new(); - tls.read_to_end(&mut plaintext).unwrap(); - stdout().write_all(&plaintext).unwrap(); + + for i in 0..args.flag_num_reqs { + println!("\nRequest {}", i); + let mut conn = rustls::ClientConnection::new(config.clone(), server_name.clone()).unwrap(); + // The "outer" server that we're connecting to. + let sock_addr = ( + args.arg_outer_hostname.as_str(), + args.flag_port.unwrap_or(443), + ) + .to_socket_addrs() + .unwrap() + .next() + .unwrap(); + let mut sock = TcpStream::connect(sock_addr).unwrap(); + let mut tls = rustls::Stream::new(&mut conn, &mut sock); + + let request = + format!( + "GET /{} HTTP/1.1\r\nHost: {}\r\nConnection: close\r\nAccept-Encoding: identity\r\n\r\n", + args.flag_path.clone() + .unwrap_or("ech-check.php".to_owned()), + args.flag_host.as_ref().unwrap_or(&args.arg_inner_hostname), + ); + dbg!(&request); + tls.write_all(request.as_bytes()) + .unwrap(); + assert!(!tls.conn.is_handshaking()); + assert_eq!( + tls.conn.ech_status(), + match args.flag_grease { + true => EchStatus::Grease, + false => EchStatus::Accepted, + } + ); + let mut plaintext = Vec::new(); + tls.read_to_end(&mut plaintext).unwrap(); + stdout().write_all(&plaintext).unwrap(); + } +} + +const USAGE: &str = " +Connects to the TLS server at hostname:PORT. The default PORT +is 443. If an ECH config can be fetched for hostname using +DNS-over-HTTPS, ECH is enabled. Otherwise, a placeholder ECH +extension is sent for anti-ossification testing. + +If --cafile is not supplied, a built-in set of CA certificates +are used from the webpki-roots crate. + +Usage: + ech-client [options] + ech-client (--version | -v) + ech-client (--help | -h) + +Options: + -p, --port PORT Connect to PORT [default: 443]. + --cafile CAFILE Read root certificates from CAFILE. + --path PATH HTTP GET this PATH [default: ech-check.php]. + --host HOST HTTP HOST to use for GET request [default: inner-hostname]. + --google-dns Use Google DNS for the DNS-over-HTTPS lookup [default]. + --cloudflare-dns Use Cloudflare DNS for the DNS-over-HTTPS lookup. + --grease Skip looking up an ECH config and send a GREASE placeholder. + --ech-config ECHFILE Skip looking up an ECH config and read it from the provided file (in binary TLS encoding). + --num-reqs NUM Number of requests to make [default: 1]. + --version, -v Show tool version. + --help, -h Show this screen. +"; + +#[derive(Debug, Deserialize)] +struct Args { + flag_port: Option, + flag_cafile: Option, + flag_path: Option, + flag_host: Option, + #[allow(dead_code)] // implied default + flag_google_dns: bool, + flag_cloudflare_dns: bool, + flag_grease: bool, + flag_ech_config: Option, + flag_num_reqs: usize, + arg_outer_hostname: String, + arg_inner_hostname: String, } // TODO(@cpu): consider upstreaming to hickory-dns -fn lookup_ech_configs(resolver: &Resolver, domain: &str) -> pki_types::EchConfigListBytes<'static> { +fn lookup_ech_configs( + resolver: &Resolver, + domain: &str, +) -> Option> { resolver .lookup(domain, RecordType::HTTPS) - .expect("failed to lookup HTTPS record type") + .ok()? .record_iter() .find_map(|r| match r.data() { Some(RData::HTTPS(svcb)) => svcb @@ -99,6 +218,20 @@ fn lookup_ech_configs(resolver: &Resolver, domain: &str) -> pki_types::EchConfig }), _ => None, }) - .expect("missing expected HTTPS SvcParam EchConfig record") - .into() + .map(Into::into) } + +fn read_ech(path: &str) -> pki_types::EchConfigListBytes<'static> { + let file = fs::File::open(path).unwrap_or_else(|_| panic!("Cannot open ECH file: {path}")); + let mut reader = BufReader::new(file); + let mut bytes = Vec::new(); + reader + .read_to_end(&mut bytes) + .unwrap_or_else(|_| panic!("Cannot read ECH file: {path}")); + bytes.into() +} + +/// A HPKE suite to use for GREASE ECH. +/// +/// A real implementation should vary this suite across all of the suites that are supported. +static GREASE_HPKE_SUITE: &dyn Hpke = aws_lc_rs::hpke::DH_KEM_X25519_HKDF_SHA256_AES_128; From 329751d08f0b0dc090498d42b8cbe5baa0a1fdd2 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 26 Apr 2024 11:02:29 -0400 Subject: [PATCH 1049/1145] bogo: make runme default to aws-lc-rs This matches the rustls crate's current default provider choice. --- bogo/runme | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bogo/runme b/bogo/runme index eccb8971c3..df547bdba5 100755 --- a/bogo/runme +++ b/bogo/runme @@ -5,7 +5,7 @@ set -xe -case ${BOGO_SHIM_PROVIDER:-ring} in +case ${BOGO_SHIM_PROVIDER:-aws-lc-rs} in ring) cargo build -p rustls --example bogo_shim $(../admin/all-features-except aws-lc-rs,aws_lc_rs,fips rustls) cpp -P -DRING config.json.in > config.json From f5b37dab87fc79f6e8f3e4fc5d804dd1a8445ed2 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 30 May 2024 12:46:24 -0400 Subject: [PATCH 1050/1145] client: update FIPS to consider ECH A `ClientConfig` can only be considered FIPS compatible when using ECH if the configured HPKE suite is FIPS compatible. This commit updates `ClientConfig::fips()` to add that consideration. Similarly, it may be helpful to know if a given client connection was created from a FIPS compatible `ClientConfig`. To do this we update the client config data to stash the `ClientConfig::fips()` result when creating a new client connection. A new `ClientConnection::fips()` accessor returns that stashed value. --- rustls/src/client/client_conn.rs | 25 ++++++++++--- rustls/src/client/ech.rs | 10 ++++++ rustls/src/lib.rs | 2 +- rustls/tests/api.rs | 62 ++++++++++++++++++++++++++++++++ 4 files changed, 93 insertions(+), 6 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index bc81ea08f5..e293bea947 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -348,17 +348,20 @@ impl ClientConfig { /// /// This is different from [`CryptoProvider::fips()`]: [`CryptoProvider::fips()`] /// is concerned only with cryptography, whereas this _also_ covers TLS-level - /// configuration that NIST recommends. + /// configuration that NIST recommends, as well as ECH HPKE suites if applicable. pub fn fips(&self) -> bool { + let mut is_fips = self.provider.fips(); + #[cfg(feature = "tls12")] { - self.provider.fips() && self.require_ems + is_fips = is_fips && self.require_ems } - #[cfg(not(feature = "tls12"))] - { - self.provider.fips() + if let Some(ech_mode) = &self.ech_mode { + is_fips = is_fips && ech_mode.fips(); } + + is_fips } /// Return the crypto provider used to construct this client configuration. @@ -732,6 +735,15 @@ mod connection { self.inner.core.data.ech_status } + /// Return true if the connection was made with a `ClientConfig` that is FIPS compatible. + /// + /// This is different from [`crate::crypto::CryptoProvider::fips()`]: + /// it is concerned only with cryptography, whereas this _also_ covers TLS-level + /// configuration that NIST recommends, as well as ECH HPKE suites if applicable. + pub fn fips(&self) -> bool { + self.inner.core.data.fips + } + fn write_early_data(&mut self, data: &[u8]) -> io::Result { self.inner .core @@ -793,6 +805,7 @@ impl ConnectionCore { common_state.protocol = proto; common_state.enable_secret_extraction = config.enable_secret_extraction; let mut data = ClientConnectionData::new(); + data.fips = config.fips(); let mut cx = hs::ClientContext { common: &mut common_state, @@ -929,6 +942,7 @@ pub struct ClientConnectionData { pub(super) early_data: EarlyData, pub(super) resumption_ciphersuite: Option, pub(super) ech_status: EchStatus, + pub(super) fips: bool, } impl ClientConnectionData { @@ -937,6 +951,7 @@ impl ClientConnectionData { early_data: EarlyData::new(), resumption_ciphersuite: None, ech_status: EchStatus::NotOffered, + fips: false, } } } diff --git a/rustls/src/client/ech.rs b/rustls/src/client/ech.rs index 0ab27ddcdc..079429cbc1 100644 --- a/rustls/src/client/ech.rs +++ b/rustls/src/client/ech.rs @@ -47,6 +47,16 @@ pub enum EchMode { Grease(EchGreaseConfig), } +impl EchMode { + /// Returns true if the ECH mode will use a FIPS approved HPKE suite. + pub fn fips(&self) -> bool { + match self { + Self::Enable(ech_config) => ech_config.suite.fips(), + Self::Grease(grease_config) => grease_config.suite.fips(), + } + } +} + impl From for EchMode { fn from(config: EchConfig) -> Self { Self::Enable(config) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 0bf3eb231d..2a536b0d28 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -429,7 +429,7 @@ pub mod internal { /// Low-level TLS message parsing and encoding functions. pub mod msgs { pub mod base { - pub use crate::msgs::base::Payload; + pub use crate::msgs::base::{Payload, PayloadU16}; } pub mod codec { pub use crate::msgs::codec::{Codec, Reader}; diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index f988345c2e..bbd8ef6016 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -28,6 +28,16 @@ use rustls::internal::msgs::handshake::{ }; use rustls::internal::msgs::message::{Message, MessagePayload, PlainMessage}; use rustls::server::{ClientHello, ParsedCertificate, ResolvesServerCert}; +#[cfg(feature = "aws_lc_rs")] +use rustls::{ + client::{EchConfig, EchGreaseConfig, EchMode}, + crypto::aws_lc_rs::hpke::ALL_SUPPORTED_SUITES, + internal::msgs::base::PayloadU16, + internal::msgs::handshake::{ + EchConfigPayload, EchConfigContents, HpkeKeyConfig, HpkeSymmetricCipherSuite, + }, + pki_types::{DnsName, EchConfigListBytes}, +}; use rustls::{ sign, AlertDescription, CertificateError, CipherSuite, ClientConfig, ClientConnection, ConnectionCommon, ConnectionTrafficSecrets, ContentType, DistinguishedName, Error, @@ -6351,6 +6361,58 @@ fn test_server_fips_service_indicator_includes_require_ems() { assert!(!server_config.fips()); } +#[cfg(feature = "aws_lc_rs")] +#[test] +fn test_client_fips_service_indicator_includes_ech_hpke_suite() { + if !provider_is_fips() { + return; + } + + for suite in ALL_SUPPORTED_SUITES { + let (public_key, _) = suite.generate_key_pair().unwrap(); + + let suite_id = suite.suite(); + let bogus_config = EchConfigPayload::V18(EchConfigContents { + key_config: HpkeKeyConfig { + config_id: 10, + kem_id: suite_id.kem, + public_key: PayloadU16(public_key.0.clone()), + symmetric_cipher_suites: vec![HpkeSymmetricCipherSuite { + kdf_id: suite_id.sym.kdf_id, + aead_id: suite_id.sym.aead_id, + }], + }, + maximum_name_length: 0, + public_name: DnsName::try_from("example.com").unwrap(), + extensions: vec![], + }); + let mut bogus_config_bytes = Vec::new(); + vec![bogus_config].encode(&mut bogus_config_bytes); + let ech_config = + EchConfig::new(EchConfigListBytes::from(bogus_config_bytes), &[*suite]).unwrap(); + + // A ECH client configuration should only be considered FIPS approved if the + // ECH HPKE suite is itself FIPS approved. + let config = ClientConfig::builder_with_provider(provider::default_provider().into()) + .with_ech(EchMode::Enable(ech_config)) + .unwrap(); + let config = finish_client_config(KeyType::Rsa2048, config); + assert_eq!(config.fips(), suite.fips()); + + // The same applies if an ECH GREASE client configuration is used. + let config = ClientConfig::builder_with_provider(provider::default_provider().into()) + .with_ech(EchMode::Grease(EchGreaseConfig::new(*suite, public_key))) + .unwrap(); + let config = finish_client_config(KeyType::Rsa2048, config); + assert_eq!(config.fips(), suite.fips()); + + // And a connection made from a client config should retain the fips status of the + // config w.r.t the HPKE suite. + let conn = ClientConnection::new(config.into(), ServerName::DnsName(DnsName::try_from("example.org").unwrap())).unwrap(); + assert_eq!(conn.fips(), suite.fips()); + } +} + #[test] fn test_complete_io_errors_if_close_notify_received_too_early() { let mut server = ServerConnection::new(Arc::new(make_server_config(KeyType::Rsa2048))).unwrap(); From b4eba48fccc80c9e9584c4e027d7aa6a5c966c1c Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 25 Apr 2024 14:21:07 -0400 Subject: [PATCH 1051/1145] bogo: implement most client-side ECH tests w/ aws-lc-rs The bogo shim requires some updates to support new command line flags. Additionally in order to be able to assert some details in errors (e.g. that an ECH required err contained expected retry configs) we have to pipe the `Options` struct deeper into the client/server processing logic. Since `*ring*` has no HPKE provider, it can't do ECH, which means we need an unfortunate number of cfg guards on imports/logic in the shim related to HPKE/ECH. C'est la vie. We can revisit if `*ring*` gains static ECDH or HPKE. Beyond these changes, it's worth discussing the ignored tests. They're either not applicable, or need upstream bogo fixes: "TLS-ECH-Server*": We ignore all the TLS-ECH-Server tests. We haven't implemented server side ECH yet "TLS-ECH-Client-ExpectECHOuterExtensions" "TLS-ECH-Client-CompressSupportedVersions": These rely on extension compression between inner/outer hellos. NYI. "TLS-ECH-Client-SelectECHConfig" "TLS-ECH-Client-NoSupportedConfigs" These are meant to test unsupported configs are handled correctly: we happen to support the HPKE ciphersuites that make them "unsupported". There's a fix for this upstream we can take later. "TLS-ECH-Client-SkipInvalidPublicName*": Our name validation allows underscores in names. We also don't fallback to GREASE when there are no valid ECH configs. "TLS-ECH-Client-NoSupportedConfigs-GREASE": We don't fallback to GREASE for no ECH configs. "TLS-ECH-Client-Reject-ResumeInnerSession-TLS13": This test expects an unexpected extension error in the resumption connection, but this only happens if the outer hello didn't include GREASE PSK. BoringSSL's impl doesn't. Ours does. As a result we produce `:ECH_REJECTED:` instead of :UNEXPECTED_EXTENSION:` and have to ignore this test. "TLS-ECH-Client-TLS12-RejectRetryConfigs" "TLS-ECH-Client-Reject-NoClientCertificate-TLS12" "TLS-ECH-Client-Reject-TLS12" "TLS-ECH-Client-Reject-ResumeInnerSession-TLS12" "TLS-ECH-GREASE-Client-TLS12-RejectRetryConfigs" "TLS-ECH-Client-Reject-EarlyDataRejected-TLS12" "TLS-ECH-Client-Reject-NoClientCertificate-TLS12-Async" We never offer/support TLS 1.2 when using ECH. There's no fallback to plaintext or GREASE for a server that won't support TLS 1.3 --- bogo/config.json.in | 22 ++- rustls/examples/internal/bogo_shim_impl.rs | 177 ++++++++++++++++++--- 2 files changed, 179 insertions(+), 20 deletions(-) diff --git a/bogo/config.json.in b/bogo/config.json.in index 4b13c5576a..b667e1e21e 100644 --- a/bogo/config.json.in +++ b/bogo/config.json.in @@ -28,7 +28,27 @@ "ClientOCSPCallback*": "ocsp not supported yet", "ServerOCSPCallback*": "", "DuplicateCertCompressionExt*-TLS12": "RFC8879: if TLS 1.2 or earlier is negotiated, the peers MUST ignore this extension", - "TLS-ECH-*": "", +#if defined(RING) + "TLS-ECH-*": "*ring* has no HPKE provider for ECH", +#elif defined(AWS_LC_RS) && defined(FIPS) + "TLS-ECH-*": "ECH test suites use non-FIPS approved algos", +#else + "TLS-ECH-Server*": "ECH server support NYI", + "TLS-ECH-Client-ExpectECHOuterExtensions": "ECH extension compression NYI", + "TLS-ECH-Client-CompressSupportedVersions": "ECH extension compression NYI", + "TLS-ECH-Client-SelectECHConfig": "TODO(XXX): re-enable after upstream bogo fix", + "TLS-ECH-Client-NoSupportedConfigs": "TODO(XXX): re-enable after upstream bogo fix", + "TLS-ECH-Client-SkipInvalidPublicName*": "we allow underscore names, don't fallback on no ECH configs", + "TLS-ECH-Client-NoSupportedConfigs-GREASE": "we don't fallback to GREASE for no ECH configs", + "TLS-ECH-Client-TLS12-RejectRetryConfigs": "we disable TLS1.2 w/ ECH", + "TLS-ECH-Client-Reject-NoClientCertificate-TLS12": "we disable TLS1.2 w/ ECH", + "TLS-ECH-Client-Reject-TLS12": "we disable TLS1.2 w/ ECH", + "TLS-ECH-Client-Reject-ResumeInnerSession-TLS12": "we disable TLS1.2 w/ ECH", + "TLS-ECH-GREASE-Client-TLS12-RejectRetryConfigs": "we disable TLS1.2 w/ ECH", + "TLS-ECH-Client-Reject-EarlyDataRejected-TLS12": "we disable TLS1.2 w/ ECH", + "TLS-ECH-Client-Reject-NoClientCertificate-TLS12-Async": "we disable TLS1.2 w/ ECH", + "TLS-ECH-Client-Reject-ResumeInnerSession-TLS13": "assumes no outter GREASE PSK, we send GREASE PSK", +#endif "ALPS-*": "", "*Kyber*": "", "ExtraClientEncryptedExtension-*": "we don't implement ALPS", diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 48fecfdc9d..e6ea4ecb47 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -13,9 +13,7 @@ use base64::prelude::{Engine, BASE64_STANDARD}; use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime}; use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier}; -#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] -use rustls::crypto::aws_lc_rs as provider; -#[cfg(feature = "ring")] +#[cfg(all(feature = "ring", not(feature = "aws_lc_rs")))] use rustls::crypto::ring as provider; use rustls::crypto::{CryptoProvider, SupportedKxGroup}; use rustls::internal::msgs::codec::Codec; @@ -28,6 +26,15 @@ use rustls::{ InvalidMessage, NamedGroup, PeerIncompatible, PeerMisbehaved, ProtocolVersion, RootCertStore, Side, SignatureAlgorithm, SignatureScheme, SupportedProtocolVersion, }; +#[cfg(feature = "aws_lc_rs")] +use rustls::{ + client::{EchConfig, EchGreaseConfig, EchMode, EchStatus}, + crypto::aws_lc_rs as provider, + crypto::aws_lc_rs::hpke, + crypto::hpke::{Hpke, HpkePublicKey}, + internal::msgs::codec::Reader, + internal::msgs::handshake::EchConfigPayload, +}; static BOGO_NACK: i32 = 89; @@ -88,6 +95,13 @@ struct Options { expect_handshake_kind_resumed: Option>, install_cert_compression_algs: CompressionAlgs, provider: CryptoProvider, + ech_config_list: Option>, + expect_ech_accept: bool, + expect_ech_retry_configs: Option>, + on_resume_ech_config_list: Option>, + on_resume_expect_ech_accept: bool, + on_initial_expect_ech_accept: bool, + enable_ech_grease: bool, } impl Options { @@ -142,6 +156,13 @@ impl Options { expect_handshake_kind_resumed: Some(vec![HandshakeKind::Resumed]), install_cert_compression_algs: CompressionAlgs::None, provider: default_provider(), + ech_config_list: None, + expect_ech_accept: false, + expect_ech_retry_configs: None, + on_resume_ech_config_list: None, + on_resume_expect_ech_accept: false, + on_initial_expect_ech_accept: false, + enable_ech_grease: false, } } @@ -690,11 +711,37 @@ fn make_client_cfg(opts: &Options) -> Arc { ..opts.provider.clone() } .into(), - ) - .with_protocol_versions(&opts.supported_versions()) - .expect("inconsistent settings") - .dangerous() - .with_custom_certificate_verifier(Arc::new(DummyServerAuth::new())); + ); + + #[cfg(feature = "aws_lc_rs")] + let cfg = if let Some(ech_config_list) = &opts.ech_config_list { + let ech_mode: EchMode = EchConfig::new(ech_config_list.clone(), hpke::ALL_SUPPORTED_SUITES) + .unwrap_or_else(|_| quit(":INVALID_ECH_CONFIG_LIST:")) + .into(); + + cfg.with_ech(ech_mode) + .expect("invalid ECH config") + } else if opts.enable_ech_grease { + let ech_mode = EchMode::Grease(EchGreaseConfig::new( + GREASE_HPKE_SUITE, + HpkePublicKey(GREASE_25519_PUBKEY.to_vec()), + )); + + cfg.with_ech(ech_mode) + .expect("invalid GREASE ECH config") + } else { + cfg.with_protocol_versions(&opts.supported_versions()) + .expect("inconsistent settings") + }; + + #[cfg(not(feature = "aws_lc_rs"))] + let cfg = cfg + .with_protocol_versions(&opts.supported_versions()) + .expect("inconsistent settings"); + + let cfg = cfg + .dangerous() + .with_custom_certificate_verifier(Arc::new(DummyServerAuth::new())); let mut cfg = if !opts.cert_file.is_empty() && !opts.key_file.is_empty() { let cert = load_cert(&opts.cert_file); @@ -757,7 +804,7 @@ fn quit_err(why: &str) -> ! { process::exit(1) } -fn handle_err(err: Error) -> ! { +fn handle_err(opts: &Options, err: Error) -> ! { println!("TLS error: {:?}", err); thread::sleep(time::Duration::from_millis(100)); @@ -795,12 +842,31 @@ fn handle_err(err: Error) -> ! { | Error::InvalidMessage(InvalidMessage::InvalidEmptyPayload) | Error::InvalidMessage(InvalidMessage::UnknownProtocolVersion) | Error::InvalidMessage(InvalidMessage::MessageTooLarge) => quit(":GARBAGE:"), + Error::InvalidMessage(InvalidMessage::MessageTooShort) + if opts.enable_ech_grease || opts.ech_config_list.is_some() => + { + quit(":ERROR_PARSING_EXTENSION:") + } Error::InvalidMessage(InvalidMessage::UnexpectedMessage(_)) => quit(":GARBAGE:"), + Error::DecryptError if opts.ech_config_list.is_some() => { + quit(":INCONSISTENT_ECH_NEGOTIATION:") + } Error::DecryptError => quit(":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:"), Error::NoApplicationProtocol => quit(":NO_APPLICATION_PROTOCOL:"), Error::PeerIncompatible( PeerIncompatible::ServerSentHelloRetryRequestWithUnknownExtension, ) => quit(":UNEXPECTED_EXTENSION:"), + Error::PeerIncompatible(PeerIncompatible::ServerRejectedEncryptedClientHello( + _retry_configs, + )) => { + #[cfg(feature = "aws_lc_rs")] + if let Some(expected_configs) = &opts.expect_ech_retry_configs { + let expected_configs = + Vec::::read(&mut Reader::init(expected_configs)).unwrap(); + assert_eq!(_retry_configs, Some(expected_configs)); + } + quit(":ECH_REJECTED:") + } Error::PeerIncompatible(_) => quit(":INCOMPATIBLE:"), Error::PeerMisbehaved(PeerMisbehaved::MissingPskModesExtension) => { quit(":MISSING_EXTENSION:") @@ -833,6 +899,19 @@ fn handle_err(err: Error) -> ! { Error::PeerMisbehaved(PeerMisbehaved::TooManyEmptyFragments) => { quit(":TOO_MANY_EMPTY_FRAGMENTS:") } + Error::PeerMisbehaved(PeerMisbehaved::IllegalHelloRetryRequestWithInvalidEch) + | Error::PeerMisbehaved(PeerMisbehaved::UnsolicitedEchExtension) => { + quit(":UNEXPECTED_EXTENSION:") + } + // The TLS-ECH-Client-UnsolicitedInnerServerNameAck test is expected to fail with + // :UNEXPECTED_EXTENSION: when we receive an unsolicited inner hello SNI extension. + // We treat this the same as any unexpected enc'd ext and return :PEER_MISBEHAVIOUR:. + // Convert to the expected if this error occurs when we're configured w/ ECH. + Error::PeerMisbehaved(PeerMisbehaved::UnsolicitedEncryptedExtension) + if opts.ech_config_list.is_some() => + { + quit(":UNEXPECTED_EXTENSION:") + } Error::PeerMisbehaved(_) => quit(":PEER_MISBEHAVIOUR:"), Error::NoCertificatesPresented => quit(":NO_CERTS:"), Error::AlertReceived(AlertDescription::UnexpectedMessage) => quit(":BAD_ALERT:"), @@ -875,14 +954,14 @@ fn server(conn: &mut Connection) -> &mut ServerConnection { const MAX_MESSAGE_SIZE: usize = 0xffff + 5; -fn after_read(sess: &mut Connection, conn: &mut net::TcpStream) { +fn after_read(opts: &Options, sess: &mut Connection, conn: &mut net::TcpStream) { if let Err(err) = sess.process_new_packets() { flush(sess, conn); /* send any alerts before exiting */ - handle_err(err); + handle_err(opts, err); } } -fn read_n_bytes(sess: &mut Connection, conn: &mut net::TcpStream, n: usize) { +fn read_n_bytes(opts: &Options, sess: &mut Connection, conn: &mut net::TcpStream, n: usize) { let mut bytes = [0u8; MAX_MESSAGE_SIZE]; match conn.read(&mut bytes[..n]) { Ok(count) => { @@ -894,17 +973,17 @@ fn read_n_bytes(sess: &mut Connection, conn: &mut net::TcpStream, n: usize) { Err(err) => panic!("invalid read: {}", err), }; - after_read(sess, conn); + after_read(opts, sess, conn); } -fn read_all_bytes(sess: &mut Connection, conn: &mut net::TcpStream) { +fn read_all_bytes(opts: &Options, sess: &mut Connection, conn: &mut net::TcpStream) { match sess.read_tls(conn) { Ok(_) => {} Err(ref err) if err.kind() == io::ErrorKind::ConnectionReset => {} Err(err) => panic!("invalid read: {}", err), }; - after_read(sess, conn); + after_read(opts, sess, conn); } fn exec(opts: &Options, mut sess: Connection, count: usize) { @@ -930,7 +1009,7 @@ fn exec(opts: &Options, mut sess: Connection, count: usize) { { flush(&mut sess, &mut conn); for message_size_estimate in &opts.queue_early_data_after_received_messages { - read_n_bytes(&mut sess, &mut conn, *message_size_estimate); + read_n_bytes(opts, &mut sess, &mut conn, *message_size_estimate); } println!("now ready for early data"); } @@ -956,7 +1035,7 @@ fn exec(opts: &Options, mut sess: Connection, count: usize) { } if sess.wants_read() { - read_all_bytes(&mut sess, &mut conn); + read_all_bytes(opts, &mut sess, &mut conn); } if opts.side == Side::Server && opts.enable_early_data { @@ -1046,6 +1125,18 @@ fn exec(opts: &Options, mut sess: Connection, count: usize) { ); } + #[cfg(feature = "aws_lc_rs")] + { + let ech_accept_required = + (count == 0 && opts.on_initial_expect_ech_accept) || opts.expect_ech_accept; + if ech_accept_required + && !sess.is_handshaking() + && client(&mut sess).ech_status() != EchStatus::Accepted + { + quit_err("ECH was not accepted, but we expect the opposite"); + } + } + let mut buf = [0u8; 1024]; let len = match sess .reader() @@ -1369,6 +1460,38 @@ pub fn main() { println!("Not a FIPS build"); process::exit(BOGO_NACK); } + "-ech-config-list" => { + opts.ech_config_list = Some(BASE64_STANDARD.decode(args.remove(0).as_bytes()) + .expect("invalid ECH config base64").into()); + } + "-expect-ech-accept" => { + opts.expect_ech_accept = true; + } + "-expect-ech-retry-configs" => { + opts.expect_ech_retry_configs = Some(BASE64_STANDARD.decode(args.remove(0).as_bytes()) + .expect("invalid ECH config base64").into()); + } + "-on-resume-ech-config-list" => { + opts.on_resume_ech_config_list = Some(BASE64_STANDARD.decode(args.remove(0).as_bytes()) + .expect("invalid on resume ECH config base64").into()); + } + "-on-resume-expect-ech-accept" => { + opts.on_resume_expect_ech_accept = true; + } + "-expect-no-ech-retry-configs" => { + opts.expect_ech_retry_configs = None; + } + "-on-initial-expect-ech-accept" => { + opts.on_initial_expect_ech_accept = true; + } + "-on-retry-expect-ech-retry-configs" => { + // Note: we treat this the same as -expect-ech-retry-configs + opts.expect_ech_retry_configs = Some(BASE64_STANDARD.decode(args.remove(0).as_bytes()) + .expect("invalid retry ECH config base64").into()); + } + "-enable-ech-grease" => { + opts.enable_ech_grease = true; + } // defaults: "-enable-all-curves" | @@ -1438,7 +1561,8 @@ pub fn main() { "-srtp-profiles" | "-permute-extensions" | "-signed-cert-timestamps" | - "-on-initial-expect-peer-cert-file" => { + "-on-initial-expect-peer-cert-file" | + "-use-custom-verify-callback" => { println!("NYI option {:?}", arg); process::exit(BOGO_NACK); } @@ -1452,7 +1576,7 @@ pub fn main() { println!("opts {:?}", opts); - let (client_cfg, mut server_cfg) = match opts.side { + let (mut client_cfg, mut server_cfg) = match opts.side { Side::Client => (Some(make_client_cfg(&opts)), None), Side::Server => (None, Some(make_server_cfg(&opts))), }; @@ -1491,6 +1615,12 @@ pub fn main() { opts.tickets = false; server_cfg = Some(make_server_cfg(&opts)); } + if opts.on_resume_ech_config_list.is_some() { + opts.ech_config_list + .clone_from(&opts.on_resume_ech_config_list); + opts.expect_ech_accept = opts.on_resume_expect_ech_accept; + client_cfg = Some(make_client_cfg(&opts)); + } opts.expect_handshake_kind .clone_from(&opts.expect_handshake_kind_resumed); } @@ -1630,3 +1760,12 @@ impl compress::CertCompressor for RandomAlgorithm { Ok(input) } } + +#[cfg(feature = "aws_lc_rs")] +static GREASE_HPKE_SUITE: &dyn Hpke = hpke::DH_KEM_X25519_HKDF_SHA256_AES_128; + +#[cfg(feature = "aws_lc_rs")] +const GREASE_25519_PUBKEY: &[u8] = &[ + 0x67, 0x35, 0xCA, 0x50, 0x21, 0xFC, 0x4F, 0xE6, 0x29, 0x3B, 0x31, 0x2C, 0xB5, 0xE0, 0x97, 0xD8, + 0xD0, 0x58, 0x97, 0xCF, 0x5C, 0x15, 0x12, 0x79, 0x4B, 0xEF, 0x1D, 0x98, 0x52, 0x74, 0xDC, 0x5E, +]; From 40037529fbba4828540d6469a35e164cd27f38e0 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 4 Jun 2024 14:35:29 -0400 Subject: [PATCH 1052/1145] deps: use patched trust-dns 0.22 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This avoids breaking our MSRV task due to the later versions of hickory-dns (née trust-dns) that use workspace inheritance. A workspace-level patch must be resolved even for crates that don't require the patched dep, and resolving the patch for 0.22+ requires an MSRV of 1.64+ This can be reverted if there's a finalized 0.25 with the SVCB fixes, or a pre-release, made available. --- Cargo.lock | 229 ++++++++++++++++++--------------- Cargo.toml | 2 +- connect-tests/Cargo.toml | 2 +- connect-tests/tests/ech.rs | 11 +- examples/Cargo.toml | 2 +- examples/src/bin/ech-client.rs | 10 +- 6 files changed, 140 insertions(+), 116 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 791183f006..47881ba981 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -283,17 +283,6 @@ dependencies = [ "pin-project-lite", ] -[[package]] -name = "async-recursion" -version = "1.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.66", -] - [[package]] name = "async-std" version = "1.12.0" @@ -865,14 +854,14 @@ dependencies = [ [[package]] name = "enum-as-inner" -version = "0.6.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ffccbb6966c05b32ef8fbac435df276c4ae4d3dc55a8cd0eb9745e6c12f546a" +checksum = "c9720bba047d567ffc8a3cba48bf19126600e249ab7f128e9233e6376976a116" dependencies = [ "heck 0.4.1", "proc-macro2", "quote", - "syn 2.0.66", + "syn 1.0.109", ] [[package]] @@ -1150,15 +1139,15 @@ dependencies = [ [[package]] name = "h2" -version = "0.4.5" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa82e28a107a8cc405f0839610bdc9b15f1e25ec7d696aa5cf173edbcb1486ab" +checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" dependencies = [ - "atomic-waker", "bytes", "fnv", "futures-core", "futures-sink", + "futures-util", "http", "indexmap", "slab", @@ -1200,60 +1189,6 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" -[[package]] -name = "hickory-proto" -version = "0.24.1" -source = "git+https://github.com/hickory-dns/hickory-dns?rev=6334a01430088ead8642cafaee592ec7bf49831f#6334a01430088ead8642cafaee592ec7bf49831f" -dependencies = [ - "async-recursion", - "async-trait", - "bytes", - "cfg-if", - "data-encoding", - "enum-as-inner", - "futures-channel", - "futures-io", - "futures-util", - "h2", - "http", - "idna", - "ipnet", - "once_cell", - "rand", - "rustls 0.21.12", - "rustls-pemfile 1.0.4", - "thiserror", - "tinyvec", - "tokio", - "tokio-rustls", - "tracing", - "url", - "webpki-roots 0.25.4", -] - -[[package]] -name = "hickory-resolver" -version = "0.24.1" -source = "git+https://github.com/hickory-dns/hickory-dns?rev=6334a01430088ead8642cafaee592ec7bf49831f#6334a01430088ead8642cafaee592ec7bf49831f" -dependencies = [ - "cfg-if", - "futures-util", - "hickory-proto", - "ipconfig", - "lru-cache", - "once_cell", - "parking_lot", - "rand", - "resolv-conf", - "rustls 0.21.12", - "smallvec", - "thiserror", - "tokio", - "tokio-rustls", - "tracing", - "webpki-roots 0.25.4", -] - [[package]] name = "hkdf" version = "0.12.4" @@ -1332,9 +1267,9 @@ dependencies = [ [[package]] name = "http" -version = "1.1.0" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258" +checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" dependencies = [ "bytes", "fnv", @@ -1347,6 +1282,17 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" +[[package]] +name = "idna" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "418a0a6fab821475f634efe3ccc45c013f742efe03d853e8d3355d5cb850ecf8" +dependencies = [ + "matches", + "unicode-bidi", + "unicode-normalization", +] + [[package]] name = "idna" version = "0.5.0" @@ -1571,6 +1517,12 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4" +[[package]] +name = "matches" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5" + [[package]] name = "memchr" version = "2.7.2" @@ -2048,7 +2000,7 @@ checksum = "54077e1872c46788540de1ea3d7f4ccb1983d12f9aa909b234468676c1a36779" dependencies = [ "aws-lc-rs", "pem", - "ring", + "ring 0.17.8", "rustls-pki-types", "time", "yasna", @@ -2112,6 +2064,21 @@ dependencies = [ "subtle", ] +[[package]] +name = "ring" +version = "0.16.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" +dependencies = [ + "cc", + "libc", + "once_cell", + "spin 0.5.2", + "untrusted 0.7.1", + "web-sys", + "winapi", +] + [[package]] name = "ring" version = "0.17.8" @@ -2198,14 +2165,14 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.12" +version = "0.20.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e" +checksum = "1b80e3dec595989ea8510028f30c408a4630db12c9cbb8de34203b89d6577e99" dependencies = [ "log", - "ring", - "rustls-webpki 0.101.7", + "ring 0.16.20", "sct", + "webpki", ] [[package]] @@ -2224,10 +2191,10 @@ dependencies = [ "num-bigint", "once_cell", "rcgen", - "ring", + "ring 0.17.8", "rustls-pemfile 2.1.2", "rustls-pki-types", - "rustls-webpki 0.102.4", + "rustls-webpki", "rustversion", "serde", "serde_json", @@ -2260,10 +2227,10 @@ dependencies = [ name = "rustls-connect-tests" version = "0.0.1" dependencies = [ - "hickory-resolver", "regex", - "ring", + "ring 0.17.8", "rustls 0.23.9", + "trust-dns-resolver", ] [[package]] @@ -2273,7 +2240,6 @@ dependencies = [ "async-std", "docopt", "env_logger", - "hickory-resolver", "log", "mio", "rcgen", @@ -2283,6 +2249,7 @@ dependencies = [ "serde", "serde_derive", "tokio", + "trust-dns-resolver", "webpki-roots 0.26.2", ] @@ -2354,7 +2321,7 @@ dependencies = [ "rsa", "rustls 0.23.9", "rustls-pki-types", - "rustls-webpki 0.102.4", + "rustls-webpki", "sha2", "signature", "webpki-roots 0.26.2", @@ -2372,16 +2339,6 @@ dependencies = [ "serde_json", ] -[[package]] -name = "rustls-webpki" -version = "0.101.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" -dependencies = [ - "ring", - "untrusted 0.9.0", -] - [[package]] name = "rustls-webpki" version = "0.102.4" @@ -2389,7 +2346,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" dependencies = [ "aws-lc-rs", - "ring", + "ring 0.17.8", "rustls-pki-types", "untrusted 0.9.0", ] @@ -2418,7 +2375,7 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ - "ring", + "ring 0.17.8", "untrusted 0.9.0", ] @@ -2710,12 +2667,13 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.24.1" +version = "0.23.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59" dependencies = [ - "rustls 0.21.12", + "rustls 0.20.9", "tokio", + "webpki", ] [[package]] @@ -2762,6 +2720,60 @@ dependencies = [ "once_cell", ] +[[package]] +name = "trust-dns-proto" +version = "0.22.0" +source = "git+https://github.com/cpu/trust-dns?rev=9888378726ada266c1a6ac6b2630c2249f3f62cf#9888378726ada266c1a6ac6b2630c2249f3f62cf" +dependencies = [ + "async-trait", + "bytes", + "cfg-if", + "data-encoding", + "enum-as-inner", + "futures-channel", + "futures-io", + "futures-util", + "h2", + "http", + "idna 0.2.3", + "ipnet", + "lazy_static", + "rand", + "rustls 0.20.9", + "rustls-pemfile 1.0.4", + "smallvec", + "thiserror", + "tinyvec", + "tokio", + "tokio-rustls", + "tracing", + "url", + "webpki", + "webpki-roots 0.22.6", +] + +[[package]] +name = "trust-dns-resolver" +version = "0.22.0" +source = "git+https://github.com/cpu/trust-dns?rev=9888378726ada266c1a6ac6b2630c2249f3f62cf#9888378726ada266c1a6ac6b2630c2249f3f62cf" +dependencies = [ + "cfg-if", + "futures-util", + "ipconfig", + "lazy_static", + "lru-cache", + "parking_lot", + "resolv-conf", + "rustls 0.20.9", + "smallvec", + "thiserror", + "tokio", + "tokio-rustls", + "tracing", + "trust-dns-proto", + "webpki-roots 0.22.6", +] + [[package]] name = "typenum" version = "1.17.0" @@ -2818,7 +2830,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" dependencies = [ "form_urlencoded", - "idna", + "idna 0.5.0", "percent-encoding", ] @@ -2934,11 +2946,24 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "webpki" +version = "0.22.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed63aea5ce73d0ff405984102c42de94fc55a6b75765d621c65262469b3c9b53" +dependencies = [ + "ring 0.17.8", + "untrusted 0.9.0", +] + [[package]] name = "webpki-roots" -version = "0.25.4" +version = "0.22.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" +checksum = "b6c71e40d7d2c34a5106301fb632274ca37242cd0c9d3e64dbece371a40a2d87" +dependencies = [ + "webpki", +] [[package]] name = "webpki-roots" diff --git a/Cargo.toml b/Cargo.toml index 0d8dc8e8a0..de40574b24 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -32,4 +32,4 @@ lto = true [patch.crates-io] # TODO(XXX): Remove this once 0.25 is released - we want the ECH fixes from # https://github.com/hickory-dns/hickory-dns/pull/2183 -hickory-resolver = { git = "https://github.com/hickory-dns/hickory-dns", rev = "6334a01430088ead8642cafaee592ec7bf49831f" } +trust-dns-resolver = { git = "https://github.com/cpu/trust-dns", rev = "9888378726ada266c1a6ac6b2630c2249f3f62cf" } diff --git a/connect-tests/Cargo.toml b/connect-tests/Cargo.toml index 22a15a77ce..e61f7f62e2 100644 --- a/connect-tests/Cargo.toml +++ b/connect-tests/Cargo.toml @@ -10,6 +10,6 @@ publish = false rustls = { path = "../rustls", features = [ "logging" ]} [dev-dependencies] -hickory-resolver = { version = "0.24", features = ["dns-over-https-rustls", "webpki-roots"] } +trust-dns-resolver = { version = "0.22", features = ["dns-over-https-rustls", "webpki-roots"] } regex = "1.0" ring = "0.17" diff --git a/connect-tests/tests/ech.rs b/connect-tests/tests/ech.rs index cb616f2462..fd4dcd0ca4 100644 --- a/connect-tests/tests/ech.rs +++ b/connect-tests/tests/ech.rs @@ -1,11 +1,11 @@ mod ech_config { - use hickory_resolver::config::{ResolverConfig, ResolverOpts}; - use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; - use hickory_resolver::proto::rr::{RData, RecordType}; - use hickory_resolver::Resolver; use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::handshake::EchConfigPayload; use rustls::pki_types::EchConfigListBytes; + use trust_dns_resolver::config::{ResolverConfig, ResolverOpts}; + use trust_dns_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; + use trust_dns_resolver::proto::rr::{RData, RecordType}; + use trust_dns_resolver::Resolver; #[test] fn cloudflare() { @@ -24,8 +24,7 @@ mod ech_config { /// Lookup the ECH config list for a domain and deserialize it. fn test_deserialize_ech_config_list(domain: &str) { - let resolver = - Resolver::new(ResolverConfig::google_https(), ResolverOpts::default()).unwrap(); + let resolver = Resolver::new(ResolverConfig::google(), ResolverOpts::default()).unwrap(); let tls_encoded_list = lookup_ech(&resolver, domain); let parsed_configs = Vec::::read(&mut Reader::init(&tls_encoded_list)) .expect("failed to deserialize ECH config list"); diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 2753f2dbca..33a5a59794 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -10,7 +10,7 @@ publish = false async-std = { version = "1.12.0", features = ["attributes"], optional = true } docopt = "~1.1" env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) -hickory-resolver = { version = "0.24", features = ["dns-over-https-rustls", "webpki-roots"] } +trust-dns-resolver = { version = "0.22", features = ["dns-over-https-rustls", "webpki-roots"] } log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } diff --git a/examples/src/bin/ech-client.rs b/examples/src/bin/ech-client.rs index 652ad1cbeb..8bb7be486f 100644 --- a/examples/src/bin/ech-client.rs +++ b/examples/src/bin/ech-client.rs @@ -26,10 +26,6 @@ use std::net::{TcpStream, ToSocketAddrs}; use std::sync::Arc; use docopt::Docopt; -use hickory_resolver::config::{ResolverConfig, ResolverOpts}; -use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; -use hickory_resolver::proto::rr::{RData, RecordType}; -use hickory_resolver::Resolver; use rustls::client::{EchConfig, EchGreaseConfig, EchStatus}; use rustls::crypto::aws_lc_rs; use rustls::crypto::aws_lc_rs::hpke::ALL_SUPPORTED_SUITES; @@ -37,6 +33,10 @@ use rustls::crypto::hpke::Hpke; use rustls::pki_types::ServerName; use rustls::RootCertStore; use serde_derive::Deserialize; +use trust_dns_resolver::config::{ResolverConfig, ResolverOpts}; +use trust_dns_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; +use trust_dns_resolver::proto::rr::{RData, RecordType}; +use trust_dns_resolver::Resolver; fn main() { let version = env!("CARGO_PKG_NAME").to_string() + ", version: " + env!("CARGO_PKG_VERSION"); @@ -50,7 +50,7 @@ fn main() { let resolver_config = if args.flag_cloudflare_dns { ResolverConfig::cloudflare_https() } else { - ResolverConfig::google_https() + ResolverConfig::google() }; let resolver = Resolver::new(resolver_config, ResolverOpts::default()).unwrap(); let server_ech_config = match args.flag_grease { From f604642d695ab86e21bb70b36125e886763f06f3 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Wed, 12 Jun 2024 10:24:38 -0400 Subject: [PATCH 1053/1145] apply nightly formatting Applies the results of: ``` cargo fmt --all -- --config-path .rustfmt.unstable.toml ``` We run this in a CI job that doesn't block when it fails, and so a couple of import order reformats slipped through unformatted. --- provider-example/src/hpke.rs | 2 +- rustls/src/client/client_conn.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/provider-example/src/hpke.rs b/provider-example/src/hpke.rs index 7a1633f62a..8626c6275c 100644 --- a/provider-example/src/hpke.rs +++ b/provider-example/src/hpke.rs @@ -2,10 +2,10 @@ use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; -use hpke_rs_crypto::HpkeCrypto; use std::error::Error as StdError; use hpke_rs_crypto::types::{AeadAlgorithm, KdfAlgorithm, KemAlgorithm}; +use hpke_rs_crypto::HpkeCrypto; use hpke_rs_rust_crypto::HpkeRustCrypto; use rustls::crypto::hpke::{ EncapsulatedSecret, Hpke, HpkeOpener, HpkePrivateKey, HpkePublicKey, HpkeSealer, HpkeSuite, diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index e293bea947..66c6ec8214 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -608,10 +608,10 @@ mod connection { use core::ops::{Deref, DerefMut}; use std::io; - use crate::client::EchStatus; use pki_types::ServerName; use super::ClientConnectionData; + use crate::client::EchStatus; use crate::common_state::Protocol; use crate::conn::{ConnectionCommon, ConnectionCore}; use crate::error::Error; From 180436a7340663080c5bfb2db1aabee9f5fc4225 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 6 Jun 2024 12:21:43 -0400 Subject: [PATCH 1054/1145] ech: implement inner hello extension compression This commit extends the existing client-side ECH support to enable the "SHOULD" recommendation of compressing extensions that are identical between the outer client hello and the inner client hello. This optimization reduces the overhead of ECH, shrinking the total client hello size. Achieving this is a bit tricky (which is why it was done separately at the end!). To-be-compressed extensions must be in a contiguous block in the inner hello. When we encode that contiguous block for the encoded inner hello, we replace the block with a marker extension listing all of the extension types that were replaced. In the outer hello the compressed extensions must be present in the same relative order (but don't need to be contiguous). With this feature implemented we can also activate a couple of bogo tests that were previously excluded. --- bogo/config.json.in | 2 - rustls/src/client/ech.rs | 171 ++++++++++++++++++++--------------- rustls/src/msgs/enums.rs | 31 ++++++- rustls/src/msgs/handshake.rs | 96 +++++++++++++++++--- 4 files changed, 210 insertions(+), 90 deletions(-) diff --git a/bogo/config.json.in b/bogo/config.json.in index b667e1e21e..a801f82c23 100644 --- a/bogo/config.json.in +++ b/bogo/config.json.in @@ -34,8 +34,6 @@ "TLS-ECH-*": "ECH test suites use non-FIPS approved algos", #else "TLS-ECH-Server*": "ECH server support NYI", - "TLS-ECH-Client-ExpectECHOuterExtensions": "ECH extension compression NYI", - "TLS-ECH-Client-CompressSupportedVersions": "ECH extension compression NYI", "TLS-ECH-Client-SelectECHConfig": "TODO(XXX): re-enable after upstream bogo fix", "TLS-ECH-Client-NoSupportedConfigs": "TODO(XXX): re-enable after upstream bogo fix", "TLS-ECH-Client-SkipInvalidPublicName*": "we allow underscore names, don't fallback on no ECH configs", diff --git a/rustls/src/client/ech.rs b/rustls/src/client/ech.rs index 079429cbc1..80221f2447 100644 --- a/rustls/src/client/ech.rs +++ b/rustls/src/client/ech.rs @@ -19,7 +19,7 @@ use crate::msgs::handshake::{ ClientExtension, ClientHelloPayload, EchConfigContents, EchConfigPayload, Encoding, EncryptedClientHello, EncryptedClientHelloOuter, HandshakeMessagePayload, HandshakePayload, HelloRetryRequest, HpkeKeyConfig, HpkeSymmetricCipherSuite, PresharedKeyBinder, - PresharedKeyOffer, Random, ServerHelloPayload, SessionId, + PresharedKeyOffer, Random, ServerHelloPayload, }; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; @@ -550,62 +550,110 @@ impl EchState { self.inner_hello_transcript = inner_transcript_buffer; } + // 5.1 "Encoding the ClientHelloInner" fn encode_inner_hello( &mut self, outer_hello: &ClientHelloPayload, retryreq: Option<&HelloRetryRequest>, resuming: &Option>, ) -> Vec { - // Start building an inner hello by cloning the initial outer hello. - let mut inner_hello = outer_hello.clone(); - - inner_hello.extensions.retain(|ext| { - match ext.ext_type() { - // SNI is unconditionally removed - it was copied from the outer hello and - // we will conditionally re-add our own SNI for the inner hello later. - ExtensionType::ServerName | - // We may have copied extensions that are only useful in the context where a TLS 1.3 - // connection allows TLS 1.2. This isn't the case for ECH and so we must remove these - // to satisfy a bogo test. - ExtensionType::ExtendedMasterSecret | - ExtensionType::SessionTicket | - ExtensionType::ECPointFormats => false, - // Retain all other extensions. - _ => true, - } - }); + // Start building an inner hello using the outer_hello as a template. + let mut inner_hello = ClientHelloPayload { + // Some information is copied over as-is. + client_version: outer_hello.client_version, + session_id: outer_hello.session_id, + compression_methods: outer_hello.compression_methods.clone(), + + // We will build up the included extensions ourselves. + extensions: vec![], + + // Set the inner hello random to the one we generated when creating the ECH state. + // We hold on to the inner_hello_random in the ECH state to use later for confirming + // whether ECH was accepted or not. + random: self.inner_hello_random, + + // We remove the empty renegotiation info SCSV from the outer hello's ciphersuite. + // Similar to the TLS 1.2 specific extensions we will filter out, this is seen as a + // TLS 1.2 only feature by bogo. + cipher_suites: outer_hello + .cipher_suites + .iter() + .filter(|cs| **cs != TLS_EMPTY_RENEGOTIATION_INFO_SCSV) + .cloned() + .collect(), + }; - // Remove the empty renegotiation info SCSV from the inner hello. Similar to the TLS 1.2 - // specific extensions we remove above, this is seen as a TLS 1.2 only feature by bogo. + // The inner hello will always have an inner variant of the ECH extension added. + // See Section 6.1 rule 4. inner_hello - .cipher_suites - .retain(|cs| *cs != TLS_EMPTY_RENEGOTIATION_INFO_SCSV); - - // Add the correct inner SNI - we only do this when the inner name is a DnsName and SNI - // is enabled. IP addresses should not be used in an SNI extensions. - if self.enable_sni { - if let ServerName::DnsName(inner_name) = &self.inner_name { - inner_hello - .extensions - .insert(0, ClientExtension::make_sni(&inner_name.borrow())); + .extensions + .push(ClientExtension::EncryptedClientHello( + EncryptedClientHello::Inner, + )); + + let inner_sni = match &self.inner_name { + // The inner hello only gets a SNI value if enable_sni is true and the inner name + // is a domain name (not an IP address). + ServerName::DnsName(dns_name) if self.enable_sni => Some(dns_name), + _ => None, + }; + + // Now we consider each of the outer hello's extensions - we can either: + // 1. Omit the extension if it isn't appropriate (e.g. is a TLS 1.2 extension). + // 2. Add the extension to the inner hello as-is. + // 3. Compress the extension, by collecting it into a list of to-be-compressed + // extensions we'll handle separately. + let mut compressed_exts = Vec::with_capacity(outer_hello.extensions.len()); + let mut compressed_ext_types = Vec::with_capacity(outer_hello.extensions.len()); + for ext in &outer_hello.extensions { + // Some outer hello extensions are only useful in the context where a TLS 1.3 + // connection allows TLS 1.2. This isn't the case for ECH so we skip adding them + // to the inner hello. + if matches!( + ext.ext_type(), + ExtensionType::ExtendedMasterSecret + | ExtensionType::SessionTicket + | ExtensionType::ECPointFormats + ) { + continue; + } + + if ext.ext_type() == ExtensionType::ServerName { + // We may want to replace the outer hello SNI with our own inner hello specific SNI. + if let Some(sni_value) = inner_sni { + inner_hello + .extensions + .push(ClientExtension::make_sni(&sni_value.borrow())); + } + // We don't want to add, or compress, the SNI from the outer hello. + continue; } - } - // Add the inner variant extension to the inner hello. - // Section 6.1 rule 4. - let inner_ech_ext = ClientExtension::EncryptedClientHello(EncryptedClientHello::Inner); - if let Some(ClientExtension::PresharedKey(_)) = inner_hello.extensions.last() { - // Insert it before the PSK - this ext always needs to be last. - inner_hello - .extensions - .insert(inner_hello.extensions.len() - 1, inner_ech_ext); - } else { - // Insert it at the end. No PSK to worry about. - inner_hello - .extensions - .push(inner_ech_ext); + // Compressed extensions need to be put aside to include in one contiguous block. + // Uncompressed extensions get added directly to the inner hello. + if ext.ext_type().ech_compress() { + compressed_exts.push(ext.clone()); + compressed_ext_types.push(ext.ext_type()); + } else { + inner_hello.extensions.push(ext.clone()); + } } + // We've added all the uncompressed extensions. Now we need to add the contiguous + // block of to-be-compressed extensions. Where we do this depends on whether the + // last uncompressed extension is a PSK for resumption. In this case we must + // add the to-be-compressed extensions _before_ the PSK. + let compressed_exts_index = + if let Some(ClientExtension::PresharedKey(_)) = inner_hello.extensions.last() { + inner_hello.extensions.len() - 1 + } else { + inner_hello.extensions.len() + }; + inner_hello.extensions.splice( + compressed_exts_index..compressed_exts_index, + compressed_exts, + ); + // Note which extensions we're sending in the inner hello. This may differ from // the outer hello (e.g. the inner hello may omit SNI while the outer hello will // always have the ECH cover name in SNI). @@ -615,11 +663,6 @@ impl EchState { .map(|ext| ext.ext_type()) .collect(); - // Set the inner hello random to the one we generated when creating the ECH state. - // We hold on to the inner_hello_random in the ECH state to use later for confirming - // whether ECH was accepted or not. - inner_hello.random = self.inner_hello_random; - // If we're resuming, we need to update the PSK binder in the inner hello. if let Some(resuming) = resuming.as_ref() { let mut chp = HandshakeMessagePayload { @@ -643,29 +686,13 @@ impl EchState { }; } - // Repeating large extensions between ClientHelloInner and ClientHelloOuter can lead to excessive - // size. To reduce the size impact, the client MAY substitute extensions which it knows will be - // duplicated in ClientHelloOuter. - - // TODO(@cpu): Extension compression would be handled here-ish. - - // 5.1 "Encoding the ClientHelloInner" - - // Setting the legacy_session_id field to the empty string. - // Preserve these for reuse - let original_session_id = inner_hello.session_id; - - // SessionID is required to be empty in the EncodedClientHelloInner. - inner_hello.session_id = SessionId::empty(); - - // Encode the inner hello with the empty session ID. - let mut encoded_hello = inner_hello.get_encoding(); - - // Restore session ID. - inner_hello.session_id = original_session_id; - trace!("ECH Inner Hello: {:#?}", inner_hello); + // Encode the inner hello according to the rules required for ECH. This differs + // from the standard encoding in several ways. Notably this is where we will + // replace the block of contiguous to-be-compressed extensions with a marker. + let mut encoded_hello = inner_hello.ech_inner_encoding(compressed_ext_types); + // Calculate padding // max_name_len = L let max_name_len = self.maximum_name_length; @@ -690,7 +717,7 @@ impl EchState { // Let L be the length of the EncodedClientHelloInner with all the padding computed so far // Let N = 31 - ((L - 1) % 32) and add N bytes of padding. - let padding_len = 31 - ((encoded_hello.len() + (padding_len) - 1) % 32); + let padding_len = 31 - ((encoded_hello.len() + padding_len - 1) % 32); encoded_hello.extend(vec![0; padding_len]); // Construct the inner hello message that will be used for the transcript. diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 5fc1103eb4..38c23c8f6a 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -77,7 +77,7 @@ enum_builder! { /// from the various RFCs covering TLS, and are listed by IANA. /// The `Unknown` item is used when processing unrecognised ordinals. @U16 - pub(crate) enum ExtensionType { + pub enum ExtensionType { ServerName => 0x0000, MaxFragmentLength => 0x0001, ClientCertificateUrl => 0x0002, @@ -117,6 +117,35 @@ enum_builder! { RenegotiationInfo => 0xff01, TransportParametersDraft => 0xffa5, EncryptedClientHello => 0xfe0d, // https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-18#section-11.1 + EncryptedClientHelloOuterExtensions => 0xfd00, // https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-18#section-5.1 + } +} + +impl ExtensionType { + /// Returns true if the extension type can be compressed in an "inner" client hello for ECH. + /// + /// This function should only return true for extension types where the inner hello and outer + /// hello extensions values will always be identical. Extensions that may be identical + /// sometimes (e.g. server name, cert compression methods), but not always, SHOULD NOT be + /// compressed. + /// + /// See [draft-ietf-esni-18 §5](https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-18#section-5) + /// and [draft-ietf-esni-18 §10.5](https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-18#section-10.5) + /// for more information. + pub(crate) fn ech_compress(&self) -> bool { + // We match which extensions we will compress with BoringSSL and Go's stdlib. + matches!( + self, + Self::StatusRequest + | Self::EllipticCurves + | Self::SignatureAlgorithms + | Self::SignatureAlgorithmsCert + | Self::ALProtocolNegotiation + | Self::SupportedVersions + | Self::Cookie + | Self::KeyShare + | Self::PSKKeyExchangeModes + ) } } diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 1c580591b3..cabc27bf83 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -560,6 +560,7 @@ pub enum ClientExtension { EarlyData, CertificateCompressionAlgorithms(Vec), EncryptedClientHello(EncryptedClientHello), + EncryptedClientHelloOuterExtensions(Vec), Unknown(UnknownExtension), } @@ -584,6 +585,9 @@ impl ClientExtension { Self::EarlyData => ExtensionType::EarlyData, Self::CertificateCompressionAlgorithms(_) => ExtensionType::CompressCertificate, Self::EncryptedClientHello(_) => ExtensionType::EncryptedClientHello, + Self::EncryptedClientHelloOuterExtensions(_) => { + ExtensionType::EncryptedClientHelloOuterExtensions + } Self::Unknown(ref r) => r.typ, } } @@ -615,6 +619,7 @@ impl Codec<'_> for ClientExtension { } Self::CertificateCompressionAlgorithms(ref r) => r.encode(nested.buf), Self::EncryptedClientHello(ref r) => r.encode(nested.buf), + Self::EncryptedClientHelloOuterExtensions(ref r) => r.encode(nested.buf), Self::Unknown(ref r) => r.encode(nested.buf), } } @@ -658,6 +663,9 @@ impl Codec<'_> for ClientExtension { ExtensionType::CompressCertificate => { Self::CertificateCompressionAlgorithms(Vec::read(&mut sub)?) } + ExtensionType::EncryptedClientHelloOuterExtensions => { + Self::EncryptedClientHelloOuterExtensions(Vec::read(&mut sub)?) + } _ => Self::Unknown(UnknownExtension::read(typ, &mut sub)), }; @@ -823,15 +831,7 @@ pub struct ClientHelloPayload { impl Codec<'_> for ClientHelloPayload { fn encode(&self, bytes: &mut Vec) { - self.client_version.encode(bytes); - self.random.encode(bytes); - self.session_id.encode(bytes); - self.cipher_suites.encode(bytes); - self.compression_methods.encode(bytes); - - if !self.extensions.is_empty() { - self.extensions.encode(bytes); - } + self.payload_encode(bytes, Encoding::Standard) } fn read(r: &mut Reader) -> Result { @@ -868,7 +868,73 @@ impl TlsListElement for ClientExtension { const SIZE_LEN: ListLength = ListLength::U16; } +impl TlsListElement for ExtensionType { + const SIZE_LEN: ListLength = ListLength::U8; +} + impl ClientHelloPayload { + pub(crate) fn ech_inner_encoding(&self, to_compress: Vec) -> Vec { + let mut bytes = Vec::new(); + self.payload_encode(&mut bytes, Encoding::EchInnerHello { to_compress }); + bytes + } + + pub(crate) fn payload_encode(&self, bytes: &mut Vec, purpose: Encoding) { + self.client_version.encode(bytes); + self.random.encode(bytes); + + match purpose { + // SessionID is required to be empty in the encoded inner client hello. + Encoding::EchInnerHello { .. } => SessionId::empty().encode(bytes), + _ => self.session_id.encode(bytes), + } + + self.cipher_suites.encode(bytes); + self.compression_methods.encode(bytes); + + let to_compress = match purpose { + // Compressed extensions must be replaced in the encoded inner client hello. + Encoding::EchInnerHello { to_compress } if !to_compress.is_empty() => to_compress, + _ => { + if !self.extensions.is_empty() { + self.extensions.encode(bytes); + } + return; + } + }; + + // Safety: not empty check in match guard. + let first_compressed_type = *to_compress.first().unwrap(); + + // Compressed extensions are in a contiguous range and must be replaced + // with a marker extension. + let compressed_start_idx = self + .extensions + .iter() + .position(|ext| ext.ext_type() == first_compressed_type); + let compressed_end_idx = compressed_start_idx.map(|start| start + to_compress.len()); + let marker_ext = ClientExtension::EncryptedClientHelloOuterExtensions(to_compress); + + let exts = self + .extensions + .iter() + .enumerate() + .filter_map(|(i, ext)| { + if Some(i) == compressed_start_idx { + Some(&marker_ext) + } else if Some(i) > compressed_start_idx && Some(i) < compressed_end_idx { + None + } else { + Some(ext) + } + }); + + let nested = LengthPrefixedBuffer::new(ListLength::U16, bytes); + for ext in exts { + ext.encode(nested.buf); + } + } + /// Returns true if there is more than one extension of a given /// type. pub(crate) fn has_duplicate_extension(&self) -> bool { @@ -1209,10 +1275,6 @@ impl HelloRetryRequest { Compression::Null.encode(bytes); match purpose { - // Standard encoding encodes extensions as they appear. - Encoding::Standard => { - self.extensions.encode(bytes); - } // For the purpose of ECH confirmation, the Encrypted Client Hello extension // must have its payload replaced by 8 zero bytes. // @@ -1232,6 +1294,9 @@ impl HelloRetryRequest { } } } + _ => { + self.extensions.encode(bytes); + } } } } @@ -1326,8 +1391,6 @@ impl ServerHelloPayload { self.legacy_version.encode(bytes); match encoding { - // Standard encoding encodes the random value as is. - Encoding::Standard => self.random.encode(bytes), // When encoding a ServerHello for ECH confirmation, the random value // has the last 8 bytes zeroed out. Encoding::EchConfirmation => { @@ -1336,6 +1399,7 @@ impl ServerHelloPayload { bytes.extend_from_slice(&rand_vec.as_slice()[..24]); bytes.extend_from_slice(&[0u8; 8]); } + _ => self.random.encode(bytes), } self.session_id.encode(bytes); @@ -3005,6 +3069,8 @@ pub(crate) enum Encoding { Standard, /// Encoding for ECH confirmation. EchConfirmation, + /// Encoding for ECH inner client hello. + EchInnerHello { to_compress: Vec }, } fn has_duplicates, E: Into, T: Eq + Ord>(iter: I) -> bool { From 246b6370b91d96e8e1a45bf9d8d3a58c4b863edc Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 13 Jun 2024 09:41:17 -0400 Subject: [PATCH 1055/1145] examples: avoid ech-client bare println Use `log::trace!` for writing the current & total number of requests being made instead of a bare `println!`. --- examples/src/bin/ech-client.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/src/bin/ech-client.rs b/examples/src/bin/ech-client.rs index 8bb7be486f..68753c93c5 100644 --- a/examples/src/bin/ech-client.rs +++ b/examples/src/bin/ech-client.rs @@ -26,6 +26,7 @@ use std::net::{TcpStream, ToSocketAddrs}; use std::sync::Arc; use docopt::Docopt; +use log::trace; use rustls::client::{EchConfig, EchGreaseConfig, EchStatus}; use rustls::crypto::aws_lc_rs; use rustls::crypto::aws_lc_rs::hpke::ALL_SUPPORTED_SUITES; @@ -115,7 +116,7 @@ fn main() { .unwrap(); for i in 0..args.flag_num_reqs { - println!("\nRequest {}", i); + trace!("\nRequest {} of {}", i + 1, args.flag_num_reqs); let mut conn = rustls::ClientConnection::new(config.clone(), server_name.clone()).unwrap(); // The "outer" server that we're connecting to. let sock_addr = ( From b8b1822b9a7d4a15d98922b65546343137daa725 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 13 Jun 2024 09:29:21 -0400 Subject: [PATCH 1056/1145] examples: fix ech-client example invocation The ech-client was moved from the provider-example crate into the examples crate, but the usage example in the header comment wasn't updated. --- examples/src/bin/ech-client.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/src/bin/ech-client.rs b/examples/src/bin/ech-client.rs index 68753c93c5..831a1bec77 100644 --- a/examples/src/bin/ech-client.rs +++ b/examples/src/bin/ech-client.rs @@ -6,7 +6,7 @@ //! //! Example usage: //! ``` -//! cargo run --package rustls-provider-example --example ech-client -- --host defo.ie defo.ie www.defo.ie +//! cargo run --package rustls-examples --bin ech-client -- --host defo.ie defo.ie www.defo.ie //! ``` //! //! This will perform a DNS-over-HTTPS lookup for the defo.ie ECH config, using it to determine From 0058b2fac57bc2820fa786e6c024bdada4119991 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 13 Jun 2024 09:31:54 -0400 Subject: [PATCH 1057/1145] examples: add ech-client usage example to --help --- examples/src/bin/ech-client.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/examples/src/bin/ech-client.rs b/examples/src/bin/ech-client.rs index 831a1bec77..e2c45fe846 100644 --- a/examples/src/bin/ech-client.rs +++ b/examples/src/bin/ech-client.rs @@ -168,6 +168,9 @@ Usage: ech-client (--version | -v) ech-client (--help | -h) +Example: + ech-client --host defo.ie defo.ie www.defo.ie + Options: -p, --port PORT Connect to PORT [default: 443]. --cafile CAFILE Read root certificates from CAFILE. From 29d8aaf1666befa61cf6c0a4dcedcff62970beca Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 13 Jun 2024 09:34:48 -0400 Subject: [PATCH 1058/1145] ci: run ech-client in daily-tests Also 'grep' for the HTML output that's rendered when ECH was successful. --- .github/workflows/daily-tests.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index a0533f89d3..3a93f37088 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -115,6 +115,11 @@ jobs: - name: Check server acceptor run: cargo run --locked --bin server_acceptor -- --help + - name: Check ech-client + run: > + cargo run --locked --bin ech-client -- --host defo.ie defo.ie www.defo.ie | + grep 'SSL_ECH_STATUS: success' + - name: Check provider-example client run: cargo run --locked -p rustls-provider-example --example client From f3041a127e50a515385fc54ed1aa1a53515048d9 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 13 Jun 2024 10:35:49 -0400 Subject: [PATCH 1059/1145] client: fix rustdoc with_ech broken link --- rustls/src/client/client_conn.rs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 66c6ec8214..b58eeab386 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -135,10 +135,11 @@ pub trait ResolvesClientCert: fmt::Debug + Send + Sync { /// These must be created via the [`ClientConfig::builder()`] or [`ClientConfig::builder_with_provider()`] /// function. /// -/// Note that using [`ClientConfig::with_ech]` will produce a common configuration specific to -/// the provided [`crate::client::EchConfig`] that may not be appropriate for all connections made -/// by the program. In this case the configuration should only be shared by connections intended -/// for domains that offer the provided [`crate::client::EchConfig`] in their DNS zone. +/// Note that using [`ConfigBuilder::with_ech()`] will produce a common +/// configuration specific to the provided [`crate::client::EchConfig`] that may not be appropriate +/// for all connections made by the program. In this case the configuration should only be shared +/// by connections intended for domains that offer the provided [`crate::client::EchConfig`] in +/// their DNS zone. /// /// # Defaults /// From 65cb1816796329129bfe3a71ebfbb0a0ca04f366 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 13 Jun 2024 10:37:47 -0400 Subject: [PATCH 1060/1145] client: fix ech-client.rs rustdoc link --- rustls/src/client/ech.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/src/client/ech.rs b/rustls/src/client/ech.rs index 80221f2447..37e38583d2 100644 --- a/rustls/src/client/ech.rs +++ b/rustls/src/client/ech.rs @@ -96,7 +96,7 @@ impl EchConfig { /// /// See the [ech-client.rs] example for a complete example of fetching ECH configs from DNS. /// - /// [ech-client.rs]: https://github.com/rustls/rustls/blob/main/provider-example/examples/ech-client.rs + /// [ech-client.rs]: https://github.com/rustls/rustls/blob/main/examples/src/bin/ech-client.rs pub fn new( ech_config_list: EchConfigListBytes<'_>, hpke_suites: &[&'static dyn Hpke], From 29286435df02bbc85a75570c9abb5ec40c8e5fe8 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 13 Jun 2024 10:12:59 -0400 Subject: [PATCH 1061/1145] Cargo: version 0.23.9 -> 0.23.10 --- Cargo.lock | 16 ++++++++-------- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 47881ba981..2cf5a1026e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2177,7 +2177,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.9" +version = "0.23.10" dependencies = [ "aws-lc-rs", "base64 0.22.1", @@ -2217,7 +2217,7 @@ dependencies = [ "fxhash", "itertools 0.13.0", "rayon", - "rustls 0.23.9", + "rustls 0.23.10", "rustls-pemfile 2.1.2", "rustls-pki-types", "tikv-jemallocator", @@ -2229,7 +2229,7 @@ version = "0.0.1" dependencies = [ "regex", "ring 0.17.8", - "rustls 0.23.9", + "rustls 0.23.10", "trust-dns-resolver", ] @@ -2243,7 +2243,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.9", + "rustls 0.23.10", "rustls-pemfile 2.1.2", "rustls-pki-types", "serde", @@ -2262,7 +2262,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.9", + "rustls 0.23.10", "rustls-pemfile 2.1.2", "rustls-pki-types", ] @@ -2298,7 +2298,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.9", + "rustls 0.23.10", "webpki-roots 0.26.2", ] @@ -2319,7 +2319,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.9", + "rustls 0.23.10", "rustls-pki-types", "rustls-webpki", "sha2", @@ -2333,7 +2333,7 @@ name = "rustls-provider-test" version = "0.1.0" dependencies = [ "hex", - "rustls 0.23.9", + "rustls 0.23.10", "rustls-provider-example", "serde", "serde_json", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 21f4b86968..68a9e5fbb5 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -373,7 +373,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.9" +version = "0.23.10" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index e91b6187f6..52767c2935 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.9" +version = "0.23.10" edition = "2021" rust-version = "1.63" license = "Apache-2.0 OR ISC OR MIT" From 5d3caaa67a68e68e63db8da7a40a506a4c45537a Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 13 Jun 2024 11:29:39 -0400 Subject: [PATCH 1062/1145] docs: cross off client-side ECH from roadmap --- ROADMAP.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index 65da3d0434..99b969edb1 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -4,12 +4,6 @@ Specific features, in rough order of priority: -* **Support Encrypted Client Hello (Client Side)**. - Encrypted Client Hello is an upcoming standard from the TLS WG providing better - protection for some of the data sent by a client in the initial Client Hello - message. - rustls/rustls#1718 - * **Enforce Confidentiality / Integrity Limits**. The QUIC use of TLS mandates limited usage of AEAD keys. While TLS 1.3 and 1.2 do not require this, the same kinds of issues can apply here, and we should @@ -40,6 +34,14 @@ General priorities: ## Past priorities +Delivered in 0.23.10: + +* **Support Encrypted Client Hello (Client Side)**. + Encrypted Client Hello is an upcoming standard from the TLS WG providing better + protection for some of the data sent by a client in the initial Client Hello + message. + rustls/rustls#1718 + Delivered in 0.23.9: * **Support RFC 8879 Certificate Compression**. From 35b5dcd72d077ed9ebc83821a2d2b6df93266748 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Thu, 13 Jun 2024 15:24:22 +0000 Subject: [PATCH 1063/1145] fix(deps): update rust crate zlib-rs to 0.2 --- Cargo.lock | 4 ++-- rustls/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2cf5a1026e..3c92799de7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3235,6 +3235,6 @@ dependencies = [ [[package]] name = "zlib-rs" -version = "0.1.1" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c52105e2dc6760ec88755876659dc301b51f6728f3b7a1bbdeeb66c6af4d44a1" +checksum = "059dbb1dfca0db0ceaa1f0b5375158361df7ce98a20a1e93041154034c99e2d2" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 52767c2935..2c50af053d 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -28,7 +28,7 @@ subtle = { version = "2.5.0", default-features = false } webpki = { package = "rustls-webpki", version = "0.102.4", features = ["alloc"], default-features = false } pki-types = { package = "rustls-pki-types", version = "1.7", features = ["alloc"] } zeroize = "1.7" -zlib-rs = { version = "0.1", optional = true } +zlib-rs = { version = "0.2", optional = true } [features] default = ["aws_lc_rs", "logging", "std", "tls12"] From 10d2ae864155eae1b19b389dd77cf4838cfc1833 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Sun, 16 Jun 2024 13:57:28 -0400 Subject: [PATCH 1064/1145] Revert "deps: use patched trust-dns 0.22" This reverts commit 40037529fbba4828540d6469a35e164cd27f38e0. --- Cargo.lock | 229 +++++++++++++++------------------ Cargo.toml | 2 +- connect-tests/Cargo.toml | 2 +- connect-tests/tests/ech.rs | 11 +- examples/Cargo.toml | 2 +- examples/src/bin/ech-client.rs | 10 +- 6 files changed, 116 insertions(+), 140 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3c92799de7..7aad4b371d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -283,6 +283,17 @@ dependencies = [ "pin-project-lite", ] +[[package]] +name = "async-recursion" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", +] + [[package]] name = "async-std" version = "1.12.0" @@ -854,14 +865,14 @@ dependencies = [ [[package]] name = "enum-as-inner" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9720bba047d567ffc8a3cba48bf19126600e249ab7f128e9233e6376976a116" +checksum = "5ffccbb6966c05b32ef8fbac435df276c4ae4d3dc55a8cd0eb9745e6c12f546a" dependencies = [ "heck 0.4.1", "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.66", ] [[package]] @@ -1139,15 +1150,15 @@ dependencies = [ [[package]] name = "h2" -version = "0.3.26" +version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" +checksum = "fa82e28a107a8cc405f0839610bdc9b15f1e25ec7d696aa5cf173edbcb1486ab" dependencies = [ + "atomic-waker", "bytes", "fnv", "futures-core", "futures-sink", - "futures-util", "http", "indexmap", "slab", @@ -1189,6 +1200,60 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" +[[package]] +name = "hickory-proto" +version = "0.24.1" +source = "git+https://github.com/hickory-dns/hickory-dns?rev=6334a01430088ead8642cafaee592ec7bf49831f#6334a01430088ead8642cafaee592ec7bf49831f" +dependencies = [ + "async-recursion", + "async-trait", + "bytes", + "cfg-if", + "data-encoding", + "enum-as-inner", + "futures-channel", + "futures-io", + "futures-util", + "h2", + "http", + "idna", + "ipnet", + "once_cell", + "rand", + "rustls 0.21.12", + "rustls-pemfile 1.0.4", + "thiserror", + "tinyvec", + "tokio", + "tokio-rustls", + "tracing", + "url", + "webpki-roots 0.25.4", +] + +[[package]] +name = "hickory-resolver" +version = "0.24.1" +source = "git+https://github.com/hickory-dns/hickory-dns?rev=6334a01430088ead8642cafaee592ec7bf49831f#6334a01430088ead8642cafaee592ec7bf49831f" +dependencies = [ + "cfg-if", + "futures-util", + "hickory-proto", + "ipconfig", + "lru-cache", + "once_cell", + "parking_lot", + "rand", + "resolv-conf", + "rustls 0.21.12", + "smallvec", + "thiserror", + "tokio", + "tokio-rustls", + "tracing", + "webpki-roots 0.25.4", +] + [[package]] name = "hkdf" version = "0.12.4" @@ -1267,9 +1332,9 @@ dependencies = [ [[package]] name = "http" -version = "0.2.12" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" +checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258" dependencies = [ "bytes", "fnv", @@ -1282,17 +1347,6 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" -[[package]] -name = "idna" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "418a0a6fab821475f634efe3ccc45c013f742efe03d853e8d3355d5cb850ecf8" -dependencies = [ - "matches", - "unicode-bidi", - "unicode-normalization", -] - [[package]] name = "idna" version = "0.5.0" @@ -1517,12 +1571,6 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4" -[[package]] -name = "matches" -version = "0.1.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5" - [[package]] name = "memchr" version = "2.7.2" @@ -2000,7 +2048,7 @@ checksum = "54077e1872c46788540de1ea3d7f4ccb1983d12f9aa909b234468676c1a36779" dependencies = [ "aws-lc-rs", "pem", - "ring 0.17.8", + "ring", "rustls-pki-types", "time", "yasna", @@ -2064,21 +2112,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin 0.5.2", - "untrusted 0.7.1", - "web-sys", - "winapi", -] - [[package]] name = "ring" version = "0.17.8" @@ -2165,14 +2198,14 @@ dependencies = [ [[package]] name = "rustls" -version = "0.20.9" +version = "0.21.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b80e3dec595989ea8510028f30c408a4630db12c9cbb8de34203b89d6577e99" +checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e" dependencies = [ "log", - "ring 0.16.20", + "ring", + "rustls-webpki 0.101.7", "sct", - "webpki", ] [[package]] @@ -2191,10 +2224,10 @@ dependencies = [ "num-bigint", "once_cell", "rcgen", - "ring 0.17.8", + "ring", "rustls-pemfile 2.1.2", "rustls-pki-types", - "rustls-webpki", + "rustls-webpki 0.102.4", "rustversion", "serde", "serde_json", @@ -2227,10 +2260,10 @@ dependencies = [ name = "rustls-connect-tests" version = "0.0.1" dependencies = [ + "hickory-resolver", "regex", - "ring 0.17.8", + "ring", "rustls 0.23.10", - "trust-dns-resolver", ] [[package]] @@ -2240,6 +2273,7 @@ dependencies = [ "async-std", "docopt", "env_logger", + "hickory-resolver", "log", "mio", "rcgen", @@ -2249,7 +2283,6 @@ dependencies = [ "serde", "serde_derive", "tokio", - "trust-dns-resolver", "webpki-roots 0.26.2", ] @@ -2321,7 +2354,7 @@ dependencies = [ "rsa", "rustls 0.23.10", "rustls-pki-types", - "rustls-webpki", + "rustls-webpki 0.102.4", "sha2", "signature", "webpki-roots 0.26.2", @@ -2339,6 +2372,16 @@ dependencies = [ "serde_json", ] +[[package]] +name = "rustls-webpki" +version = "0.101.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +dependencies = [ + "ring", + "untrusted 0.9.0", +] + [[package]] name = "rustls-webpki" version = "0.102.4" @@ -2346,7 +2389,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" dependencies = [ "aws-lc-rs", - "ring 0.17.8", + "ring", "rustls-pki-types", "untrusted 0.9.0", ] @@ -2375,7 +2418,7 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ - "ring 0.17.8", + "ring", "untrusted 0.9.0", ] @@ -2667,13 +2710,12 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.23.4" +version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59" +checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls 0.20.9", + "rustls 0.21.12", "tokio", - "webpki", ] [[package]] @@ -2720,60 +2762,6 @@ dependencies = [ "once_cell", ] -[[package]] -name = "trust-dns-proto" -version = "0.22.0" -source = "git+https://github.com/cpu/trust-dns?rev=9888378726ada266c1a6ac6b2630c2249f3f62cf#9888378726ada266c1a6ac6b2630c2249f3f62cf" -dependencies = [ - "async-trait", - "bytes", - "cfg-if", - "data-encoding", - "enum-as-inner", - "futures-channel", - "futures-io", - "futures-util", - "h2", - "http", - "idna 0.2.3", - "ipnet", - "lazy_static", - "rand", - "rustls 0.20.9", - "rustls-pemfile 1.0.4", - "smallvec", - "thiserror", - "tinyvec", - "tokio", - "tokio-rustls", - "tracing", - "url", - "webpki", - "webpki-roots 0.22.6", -] - -[[package]] -name = "trust-dns-resolver" -version = "0.22.0" -source = "git+https://github.com/cpu/trust-dns?rev=9888378726ada266c1a6ac6b2630c2249f3f62cf#9888378726ada266c1a6ac6b2630c2249f3f62cf" -dependencies = [ - "cfg-if", - "futures-util", - "ipconfig", - "lazy_static", - "lru-cache", - "parking_lot", - "resolv-conf", - "rustls 0.20.9", - "smallvec", - "thiserror", - "tokio", - "tokio-rustls", - "tracing", - "trust-dns-proto", - "webpki-roots 0.22.6", -] - [[package]] name = "typenum" version = "1.17.0" @@ -2830,7 +2818,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" dependencies = [ "form_urlencoded", - "idna 0.5.0", + "idna", "percent-encoding", ] @@ -2946,24 +2934,11 @@ dependencies = [ "wasm-bindgen", ] -[[package]] -name = "webpki" -version = "0.22.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed63aea5ce73d0ff405984102c42de94fc55a6b75765d621c65262469b3c9b53" -dependencies = [ - "ring 0.17.8", - "untrusted 0.9.0", -] - [[package]] name = "webpki-roots" -version = "0.22.6" +version = "0.25.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6c71e40d7d2c34a5106301fb632274ca37242cd0c9d3e64dbece371a40a2d87" -dependencies = [ - "webpki", -] +checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" [[package]] name = "webpki-roots" diff --git a/Cargo.toml b/Cargo.toml index de40574b24..0d8dc8e8a0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -32,4 +32,4 @@ lto = true [patch.crates-io] # TODO(XXX): Remove this once 0.25 is released - we want the ECH fixes from # https://github.com/hickory-dns/hickory-dns/pull/2183 -trust-dns-resolver = { git = "https://github.com/cpu/trust-dns", rev = "9888378726ada266c1a6ac6b2630c2249f3f62cf" } +hickory-resolver = { git = "https://github.com/hickory-dns/hickory-dns", rev = "6334a01430088ead8642cafaee592ec7bf49831f" } diff --git a/connect-tests/Cargo.toml b/connect-tests/Cargo.toml index e61f7f62e2..22a15a77ce 100644 --- a/connect-tests/Cargo.toml +++ b/connect-tests/Cargo.toml @@ -10,6 +10,6 @@ publish = false rustls = { path = "../rustls", features = [ "logging" ]} [dev-dependencies] -trust-dns-resolver = { version = "0.22", features = ["dns-over-https-rustls", "webpki-roots"] } +hickory-resolver = { version = "0.24", features = ["dns-over-https-rustls", "webpki-roots"] } regex = "1.0" ring = "0.17" diff --git a/connect-tests/tests/ech.rs b/connect-tests/tests/ech.rs index fd4dcd0ca4..cb616f2462 100644 --- a/connect-tests/tests/ech.rs +++ b/connect-tests/tests/ech.rs @@ -1,11 +1,11 @@ mod ech_config { + use hickory_resolver::config::{ResolverConfig, ResolverOpts}; + use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; + use hickory_resolver::proto::rr::{RData, RecordType}; + use hickory_resolver::Resolver; use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::handshake::EchConfigPayload; use rustls::pki_types::EchConfigListBytes; - use trust_dns_resolver::config::{ResolverConfig, ResolverOpts}; - use trust_dns_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; - use trust_dns_resolver::proto::rr::{RData, RecordType}; - use trust_dns_resolver::Resolver; #[test] fn cloudflare() { @@ -24,7 +24,8 @@ mod ech_config { /// Lookup the ECH config list for a domain and deserialize it. fn test_deserialize_ech_config_list(domain: &str) { - let resolver = Resolver::new(ResolverConfig::google(), ResolverOpts::default()).unwrap(); + let resolver = + Resolver::new(ResolverConfig::google_https(), ResolverOpts::default()).unwrap(); let tls_encoded_list = lookup_ech(&resolver, domain); let parsed_configs = Vec::::read(&mut Reader::init(&tls_encoded_list)) .expect("failed to deserialize ECH config list"); diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 33a5a59794..2753f2dbca 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -10,7 +10,7 @@ publish = false async-std = { version = "1.12.0", features = ["attributes"], optional = true } docopt = "~1.1" env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) -trust-dns-resolver = { version = "0.22", features = ["dns-over-https-rustls", "webpki-roots"] } +hickory-resolver = { version = "0.24", features = ["dns-over-https-rustls", "webpki-roots"] } log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } diff --git a/examples/src/bin/ech-client.rs b/examples/src/bin/ech-client.rs index e2c45fe846..0612a81810 100644 --- a/examples/src/bin/ech-client.rs +++ b/examples/src/bin/ech-client.rs @@ -27,6 +27,10 @@ use std::sync::Arc; use docopt::Docopt; use log::trace; +use hickory_resolver::config::{ResolverConfig, ResolverOpts}; +use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; +use hickory_resolver::proto::rr::{RData, RecordType}; +use hickory_resolver::Resolver; use rustls::client::{EchConfig, EchGreaseConfig, EchStatus}; use rustls::crypto::aws_lc_rs; use rustls::crypto::aws_lc_rs::hpke::ALL_SUPPORTED_SUITES; @@ -34,10 +38,6 @@ use rustls::crypto::hpke::Hpke; use rustls::pki_types::ServerName; use rustls::RootCertStore; use serde_derive::Deserialize; -use trust_dns_resolver::config::{ResolverConfig, ResolverOpts}; -use trust_dns_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; -use trust_dns_resolver::proto::rr::{RData, RecordType}; -use trust_dns_resolver::Resolver; fn main() { let version = env!("CARGO_PKG_NAME").to_string() + ", version: " + env!("CARGO_PKG_VERSION"); @@ -51,7 +51,7 @@ fn main() { let resolver_config = if args.flag_cloudflare_dns { ResolverConfig::cloudflare_https() } else { - ResolverConfig::google() + ResolverConfig::google_https() }; let resolver = Resolver::new(resolver_config, ResolverOpts::default()).unwrap(); let server_ech_config = match args.flag_grease { From 1c8b1c39ce8345ff26f1d160b5a32feb4867116a Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Sun, 16 Jun 2024 14:00:48 -0400 Subject: [PATCH 1065/1145] deps: use hickory-resolver alpha release This lets us drop a Cargo patch for the `connect-tests` and `examples` workspaces where we depend on hickory-dns, but need SVCB fixes that aren't in a finalized release yet. One upstream API change requires the update of a pattern match arm in the connect test `ech.rs` file, and in the `ech-client.rs` example. --- Cargo.lock | 10 ++++++---- Cargo.toml | 5 ----- connect-tests/Cargo.toml | 2 +- connect-tests/tests/ech.rs | 2 +- examples/Cargo.toml | 2 +- examples/src/bin/ech-client.rs | 4 ++-- 6 files changed, 11 insertions(+), 14 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7aad4b371d..ee734ef9f4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1202,8 +1202,9 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "hickory-proto" -version = "0.24.1" -source = "git+https://github.com/hickory-dns/hickory-dns?rev=6334a01430088ead8642cafaee592ec7bf49831f#6334a01430088ead8642cafaee592ec7bf49831f" +version = "0.25.0-alpha.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2dac1c02877cba0eb1c132ef7bfe13f92aaa44911e89bf9e15eddbb7e4114bed" dependencies = [ "async-recursion", "async-trait", @@ -1233,8 +1234,9 @@ dependencies = [ [[package]] name = "hickory-resolver" -version = "0.24.1" -source = "git+https://github.com/hickory-dns/hickory-dns?rev=6334a01430088ead8642cafaee592ec7bf49831f#6334a01430088ead8642cafaee592ec7bf49831f" +version = "0.25.0-alpha.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37d43169d0878d2a8a2f05f21508368d52656947533e1527c4a75148c50421ed" dependencies = [ "cfg-if", "futures-util", diff --git a/Cargo.toml b/Cargo.toml index 0d8dc8e8a0..78488664ba 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -28,8 +28,3 @@ resolver = "2" [profile.bench] codegen-units = 1 lto = true - -[patch.crates-io] -# TODO(XXX): Remove this once 0.25 is released - we want the ECH fixes from -# https://github.com/hickory-dns/hickory-dns/pull/2183 -hickory-resolver = { git = "https://github.com/hickory-dns/hickory-dns", rev = "6334a01430088ead8642cafaee592ec7bf49831f" } diff --git a/connect-tests/Cargo.toml b/connect-tests/Cargo.toml index 22a15a77ce..71943c5c69 100644 --- a/connect-tests/Cargo.toml +++ b/connect-tests/Cargo.toml @@ -10,6 +10,6 @@ publish = false rustls = { path = "../rustls", features = [ "logging" ]} [dev-dependencies] -hickory-resolver = { version = "0.24", features = ["dns-over-https-rustls", "webpki-roots"] } +hickory-resolver = { version = "0.25.0-alpha.1", features = ["dns-over-https-rustls", "webpki-roots"] } regex = "1.0" ring = "0.17" diff --git a/connect-tests/tests/ech.rs b/connect-tests/tests/ech.rs index cb616f2462..4742285216 100644 --- a/connect-tests/tests/ech.rs +++ b/connect-tests/tests/ech.rs @@ -43,7 +43,7 @@ mod ech_config { .expect("failed to lookup HTTPS record type") .record_iter() .find_map(|r| match r.data() { - Some(RData::HTTPS(svcb)) => svcb + RData::HTTPS(svcb) => svcb .svc_params() .iter() .find_map(|sp| match sp { diff --git a/examples/Cargo.toml b/examples/Cargo.toml index 2753f2dbca..23f6c8f14f 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -10,7 +10,7 @@ publish = false async-std = { version = "1.12.0", features = ["attributes"], optional = true } docopt = "~1.1" env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) -hickory-resolver = { version = "0.24", features = ["dns-over-https-rustls", "webpki-roots"] } +hickory-resolver = { version = "0.25.0-alpha.1", features = ["dns-over-https-rustls", "webpki-roots"] } log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } diff --git a/examples/src/bin/ech-client.rs b/examples/src/bin/ech-client.rs index 0612a81810..4d02bcb1a3 100644 --- a/examples/src/bin/ech-client.rs +++ b/examples/src/bin/ech-client.rs @@ -26,11 +26,11 @@ use std::net::{TcpStream, ToSocketAddrs}; use std::sync::Arc; use docopt::Docopt; -use log::trace; use hickory_resolver::config::{ResolverConfig, ResolverOpts}; use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; use hickory_resolver::proto::rr::{RData, RecordType}; use hickory_resolver::Resolver; +use log::trace; use rustls::client::{EchConfig, EchGreaseConfig, EchStatus}; use rustls::crypto::aws_lc_rs; use rustls::crypto::aws_lc_rs::hpke::ALL_SUPPORTED_SUITES; @@ -211,7 +211,7 @@ fn lookup_ech_configs( .ok()? .record_iter() .find_map(|r| match r.data() { - Some(RData::HTTPS(svcb)) => svcb + RData::HTTPS(svcb) => svcb .svc_params() .iter() .find_map(|sp| match sp { From 7d998cd7efb6ef9d4350aa397d974db72b7e9ef5 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 17 Jun 2024 19:22:31 +0000 Subject: [PATCH 1066/1145] chore(deps): update seanmiddleditch/gha-setup-ninja action to v5 --- .github/workflows/build.yml | 2 +- .github/workflows/daily-tests.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ba6398c8a8..6fe13bd2ed 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -54,7 +54,7 @@ jobs: - name: Install ninja-build tool for aws-lc-fips-sys on Windows if: runner.os == 'Windows' - uses: seanmiddleditch/gha-setup-ninja@v4 + uses: seanmiddleditch/gha-setup-ninja@v5 - name: Install golang for aws-lc-fips-sys on macos if: runner.os == 'MacOS' diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml index 3a93f37088..ec87ef1a0b 100644 --- a/.github/workflows/daily-tests.yml +++ b/.github/workflows/daily-tests.yml @@ -46,7 +46,7 @@ jobs: - name: Install ninja-build tool for aws-lc-fips-sys on Windows if: runner.os == 'Windows' - uses: seanmiddleditch/gha-setup-ninja@v4 + uses: seanmiddleditch/gha-setup-ninja@v5 - name: Build main crate run: cargo build --locked @@ -90,7 +90,7 @@ jobs: - name: Install ninja-build tool for aws-lc-fips-sys on Windows if: runner.os == 'Windows' - uses: seanmiddleditch/gha-setup-ninja@v4 + uses: seanmiddleditch/gha-setup-ninja@v5 - name: Check simple client run: cargo run --locked --bin simpleclient From acc9fe59e44d75a5cc7e3d1ae5ac68c3d768a075 Mon Sep 17 00:00:00 2001 From: Raghu Saxena Date: Tue, 18 Jun 2024 17:56:37 +0800 Subject: [PATCH 1067/1145] Use normal brackets to avoid docopt literal default --- examples/src/bin/ech-client.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/src/bin/ech-client.rs b/examples/src/bin/ech-client.rs index 4d02bcb1a3..5239f05589 100644 --- a/examples/src/bin/ech-client.rs +++ b/examples/src/bin/ech-client.rs @@ -175,7 +175,7 @@ Options: -p, --port PORT Connect to PORT [default: 443]. --cafile CAFILE Read root certificates from CAFILE. --path PATH HTTP GET this PATH [default: ech-check.php]. - --host HOST HTTP HOST to use for GET request [default: inner-hostname]. + --host HOST HTTP HOST to use for GET request (defaults to value of inner-hostname). --google-dns Use Google DNS for the DNS-over-HTTPS lookup [default]. --cloudflare-dns Use Cloudflare DNS for the DNS-over-HTTPS lookup. --grease Skip looking up an ECH config and send a GREASE placeholder. From 48ff7c98764333a6078886a3f8fa3ac41c2db401 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 18 Jun 2024 09:34:23 -0400 Subject: [PATCH 1068/1145] docs: add ech-client.rs to examples/README.md --- examples/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/README.md b/examples/README.md index b807bef1c9..ee12783ad3 100644 --- a/examples/README.md +++ b/examples/README.md @@ -12,6 +12,7 @@ We recommend new users start by looking at `simpleclient.rs` and `simpleserver.r * `simple_0rtt_client.rs` - shows how to make a TLS 1.3 client connection that sends early 0RTT data. * `unbuffered-client.rs` - shows an advanced example of using Rustls lower-level APIs to implement a client that does not buffer any data inside Rustls. * `unbuffered-async-client.rs` - shows an advanced example of using Rustls lower-level APIs to implement a client that does not buffer any data inside Rustls, and that processes TLS events asynchronously. +* `ech-client.rs` - shows how to configure Rustls to use encrypted client hello (ECH), including fetching an ECH config list with DNS-over-HTTPS. ## Server examples From 3bb255cd58cda65f3e8a998f71df03429f03941c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Jun 2024 22:23:10 +0000 Subject: [PATCH 1069/1145] build(deps): bump curve25519-dalek from 4.1.2 to 4.1.3 Bumps [curve25519-dalek](https://github.com/dalek-cryptography/curve25519-dalek) from 4.1.2 to 4.1.3. - [Release notes](https://github.com/dalek-cryptography/curve25519-dalek/releases) - [Commits](https://github.com/dalek-cryptography/curve25519-dalek/compare/curve25519-4.1.2...curve25519-4.1.3) --- updated-dependencies: - dependency-name: curve25519-dalek dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Cargo.lock | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ee734ef9f4..11a0a92863 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -743,15 +743,14 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.1.2" +version = "4.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" dependencies = [ "cfg-if", "cpufeatures", "curve25519-dalek-derive", "fiat-crypto", - "platforms", "rustc_version", "subtle", "zeroize", @@ -1877,12 +1876,6 @@ version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" -[[package]] -name = "platforms" -version = "3.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db23d408679286588f4d4644f965003d056e3dd5abcaaa938116871d7ce2fee7" - [[package]] name = "polling" version = "2.8.0" From 159b08885324f5781b774e7489feb9be9e9aff40 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Wed, 19 Jun 2024 11:17:38 +0100 Subject: [PATCH 1070/1145] api.rs: format --- rustls/tests/api.rs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index bbd8ef6016..10aeb7023a 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -34,7 +34,7 @@ use rustls::{ crypto::aws_lc_rs::hpke::ALL_SUPPORTED_SUITES, internal::msgs::base::PayloadU16, internal::msgs::handshake::{ - EchConfigPayload, EchConfigContents, HpkeKeyConfig, HpkeSymmetricCipherSuite, + EchConfigContents, EchConfigPayload, HpkeKeyConfig, HpkeSymmetricCipherSuite, }, pki_types::{DnsName, EchConfigListBytes}, }; @@ -6408,7 +6408,11 @@ fn test_client_fips_service_indicator_includes_ech_hpke_suite() { // And a connection made from a client config should retain the fips status of the // config w.r.t the HPKE suite. - let conn = ClientConnection::new(config.into(), ServerName::DnsName(DnsName::try_from("example.org").unwrap())).unwrap(); + let conn = ClientConnection::new( + config.into(), + ServerName::DnsName(DnsName::try_from("example.org").unwrap()), + ) + .unwrap(); assert_eq!(conn.fips(), suite.fips()); } } From fbe18f321f22da9bf7a63563c0c1c61ab5ebd5ea Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Wed, 19 Jun 2024 11:57:36 +0100 Subject: [PATCH 1071/1145] Restore `cargo fmt` ability to format integration tests --- rustls/Cargo.toml | 37 +++++++++ rustls/tests/api.rs | 81 +------------------ rustls/tests/api_ffdhe.rs | 12 +-- rustls/tests/client_cert_verifier.rs | 7 +- rustls/tests/key_log_file_env.rs | 39 +-------- rustls/tests/runners/api.rs | 83 ++++++++++++++++++++ rustls/tests/runners/api_ffdhe.rs | 7 ++ rustls/tests/runners/client_cert_verifier.rs | 7 ++ rustls/tests/runners/key_log_file_env.rs | 35 +++++++++ rustls/tests/{ => runners}/macros.rs | 0 rustls/tests/runners/server_cert_verifier.rs | 7 ++ rustls/tests/runners/unbuffered.rs | 7 ++ rustls/tests/server_cert_verifier.rs | 7 +- rustls/tests/unbuffered.rs | 9 +-- 14 files changed, 199 insertions(+), 139 deletions(-) create mode 100644 rustls/tests/runners/api.rs create mode 100644 rustls/tests/runners/api_ffdhe.rs create mode 100644 rustls/tests/runners/client_cert_verifier.rs create mode 100644 rustls/tests/runners/key_log_file_env.rs rename rustls/tests/{ => runners}/macros.rs (100%) create mode 100644 rustls/tests/runners/server_cert_verifier.rs create mode 100644 rustls/tests/runners/unbuffered.rs diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 2c50af053d..b11fda1f1f 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -10,6 +10,7 @@ homepage = "https://github.com/rustls/rustls" repository = "https://github.com/rustls/rustls" categories = ["network-programming", "cryptography"] autobenches = false +autotests = false build = "build.rs" [build-dependencies] @@ -79,6 +80,42 @@ required-features = ["ring"] name = "test_ca" path = "examples/internal/test_ca.rs" +[[test]] +name = "api" +path = "tests/runners/api.rs" + +[[test]] +name = "api_ffdhe" +path = "tests/runners/api_ffdhe.rs" + +[[test]] +name = "bogo" +path = "tests/bogo.rs" + +[[test]] +name = "client_cert_verifier" +path = "tests/runners/client_cert_verifier.rs" + +[[test]] +name = "ech" +path = "tests/ech.rs" + +[[test]] +name = "key_log_file_env" +path = "tests/runners/key_log_file_env.rs" + +[[test]] +name = "process_provider" +path = "tests/process_provider.rs" + +[[test]] +name = "server_cert_verifier" +path = "tests/runners/server_cert_verifier.rs" + +[[test]] +name = "unbuffered" +path = "tests/runners/unbuffered.rs" + [package.metadata.docs.rs] # all non-default features except fips (cannot build on docs.rs environment) features = ["read_buf", "ring"] diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 10aeb7023a..8c9e036579 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -1,14 +1,7 @@ -#![cfg_attr(read_buf, feature(read_buf))] -#![cfg_attr(read_buf, feature(core_io_borrowed_buf))] - //! Assorted public API tests. -use std::cell::RefCell; - -#[macro_use] -mod macros; +#![allow(clippy::duplicate_mod)] -test_for_each_provider! { use std::fmt::Debug; use std::io::{self, IoSlice, Read, Write}; use std::ops::{Deref, DerefMut}; @@ -7106,75 +7099,3 @@ fn test_illegal_client_renegotiation_attempt_during_tls12_handshake() { } ); } - -} // test_for_each_provider! - -#[derive(Default, Debug)] -struct LogCounts { - trace: usize, - debug: usize, - info: usize, - warn: usize, - error: usize, -} - -impl LogCounts { - fn new() -> Self { - Self { - ..Default::default() - } - } - - fn reset(&mut self) { - *self = Self::new(); - } - - fn add(&mut self, level: log::Level) { - match level { - log::Level::Trace => self.trace += 1, - log::Level::Debug => self.debug += 1, - log::Level::Info => self.info += 1, - log::Level::Warn => self.warn += 1, - log::Level::Error => self.error += 1, - } - } -} - -// this must be outside test_for_each_provider!, as we want -// one thread_local!, not one per provider. -thread_local!(static COUNTS: RefCell = RefCell::new(LogCounts::new())); - -struct CountingLogger; - -#[allow(dead_code)] -static LOGGER: CountingLogger = CountingLogger; - -#[allow(dead_code)] -impl CountingLogger { - fn install() { - let _ = log::set_logger(&LOGGER); - log::set_max_level(log::LevelFilter::Trace); - } - - fn reset() { - COUNTS.with(|c| { - c.borrow_mut().reset(); - }); - } -} - -impl log::Log for CountingLogger { - fn enabled(&self, _metadata: &log::Metadata) -> bool { - true - } - - fn log(&self, record: &log::Record) { - println!("logging at {:?}: {:?}", record.level(), record.args()); - - COUNTS.with(|c| { - c.borrow_mut().add(record.level()); - }); - } - - fn flush(&self) {} -} diff --git a/rustls/tests/api_ffdhe.rs b/rustls/tests/api_ffdhe.rs index 2740db66d2..7b9fff4e38 100644 --- a/rustls/tests/api_ffdhe.rs +++ b/rustls/tests/api_ffdhe.rs @@ -1,11 +1,7 @@ -#![cfg(feature = "tls12")] - //! This file contains tests that use the test-only FFDHE KX group (defined in submodule `ffdhe`) -#[macro_use] -mod macros; - -test_for_each_provider! { +#![cfg(feature = "tls12")] +#![allow(clippy::duplicate_mod)] mod common; use common::*; @@ -17,6 +13,8 @@ use rustls::internal::msgs::message::{Message, MessagePayload}; use rustls::version::{TLS12, TLS13}; use rustls::{CipherSuite, ClientConfig}; +use super::*; + #[test] fn config_builder_for_client_rejects_cipher_suites_without_compatible_kx_groups() { let bad_crypto_provider = CryptoProvider { @@ -451,5 +449,3 @@ mod ffdhe { bytes } } - -} // test_for_each_provider! diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index e42f65f39d..a651d6ac78 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -1,9 +1,8 @@ //! Tests for configuring and using a [`ClientCertVerifier`] for a server. -#[macro_use] -mod macros; +#![allow(clippy::duplicate_mod)] -test_for_each_provider! { +use super::*; mod common; use std::sync::Arc; @@ -208,5 +207,3 @@ impl ClientCertVerifier for MockClientVerifier { } } } - -} // test_for_each_provider! diff --git a/rustls/tests/key_log_file_env.rs b/rustls/tests/key_log_file_env.rs index 5363f2fbc8..1d00f0b2aa 100644 --- a/rustls/tests/key_log_file_env.rs +++ b/rustls/tests/key_log_file_env.rs @@ -21,38 +21,9 @@ //! file was created successfully, with the right permissions, etc., and that it //! contains something like what we expect. -use std::env; -use std::sync::{Mutex, Once}; - -#[macro_use] -mod macros; - -/// Approximates `#[serial]` from the `serial_test` crate. -/// -/// No attempt is made to recover from a poisoned mutex, which will -/// happen when `f` panics. In other words, all the tests that use -/// `serialized` will start failing after one test panics. -#[allow(dead_code)] -fn serialized(f: impl FnOnce()) { - // Ensure every test is run serialized - // TODO: Use `std::sync::Lazy` once that is stable. - static mut MUTEX: Option> = None; - static ONCE: Once = Once::new(); - ONCE.call_once(|| unsafe { - MUTEX = Some(Mutex::new(())); - }); - let mutex = unsafe { MUTEX.as_mut() }; - - let _guard = mutex.unwrap().get_mut().unwrap(); - - // XXX: NOT thread safe. - env::set_var("SSLKEYLOGFILE", "./sslkeylogfile.txt"); - - f() -} - -test_for_each_provider! { +#![allow(clippy::duplicate_mod)] +use std::env; use std::io::Write; use std::sync::Arc; @@ -66,7 +37,7 @@ use common::{ #[test] fn exercise_key_log_file_for_client() { - super::serialized(|| { + serialized(|| { let server_config = Arc::new(make_server_config(KeyType::Rsa2048)); env::set_var("SSLKEYLOGFILE", "./sslkeylogfile.txt"); @@ -88,7 +59,7 @@ fn exercise_key_log_file_for_client() { #[test] fn exercise_key_log_file_for_server() { - super::serialized(|| { + serialized(|| { let mut server_config = make_server_config(KeyType::Rsa2048); env::set_var("SSLKEYLOGFILE", "./sslkeylogfile.txt"); @@ -109,5 +80,3 @@ fn exercise_key_log_file_for_server() { } }) } - -} // test_for_each_provider! diff --git a/rustls/tests/runners/api.rs b/rustls/tests/runners/api.rs new file mode 100644 index 0000000000..656e8d629c --- /dev/null +++ b/rustls/tests/runners/api.rs @@ -0,0 +1,83 @@ +#![cfg_attr(read_buf, feature(read_buf))] +#![cfg_attr(read_buf, feature(core_io_borrowed_buf))] + +use std::cell::RefCell; + +#[macro_use] +mod macros; + +test_for_each_provider! { + use super::*; + #[path = "../api.rs"] + mod tests; +} + +// this must be outside tests_with_*, as we want +// one thread_local!, not one per provider. +thread_local!(static COUNTS: RefCell = RefCell::new(LogCounts::new())); + +struct CountingLogger; + +#[allow(dead_code)] +static LOGGER: CountingLogger = CountingLogger; + +#[allow(dead_code)] +impl CountingLogger { + fn install() { + let _ = log::set_logger(&LOGGER); + log::set_max_level(log::LevelFilter::Trace); + } + + fn reset() { + COUNTS.with(|c| { + c.borrow_mut().reset(); + }); + } +} + +impl log::Log for CountingLogger { + fn enabled(&self, _metadata: &log::Metadata) -> bool { + true + } + + fn log(&self, record: &log::Record) { + println!("logging at {:?}: {:?}", record.level(), record.args()); + + COUNTS.with(|c| { + c.borrow_mut().add(record.level()); + }); + } + + fn flush(&self) {} +} + +#[derive(Default, Debug)] +struct LogCounts { + trace: usize, + debug: usize, + info: usize, + warn: usize, + error: usize, +} + +impl LogCounts { + fn new() -> Self { + Self { + ..Default::default() + } + } + + fn reset(&mut self) { + *self = Self::new(); + } + + fn add(&mut self, level: log::Level) { + match level { + log::Level::Trace => self.trace += 1, + log::Level::Debug => self.debug += 1, + log::Level::Info => self.info += 1, + log::Level::Warn => self.warn += 1, + log::Level::Error => self.error += 1, + } + } +} diff --git a/rustls/tests/runners/api_ffdhe.rs b/rustls/tests/runners/api_ffdhe.rs new file mode 100644 index 0000000000..befd52926b --- /dev/null +++ b/rustls/tests/runners/api_ffdhe.rs @@ -0,0 +1,7 @@ +#[macro_use] +mod macros; + +test_for_each_provider! { + #[path = "../api_ffdhe.rs"] + mod tests; +} diff --git a/rustls/tests/runners/client_cert_verifier.rs b/rustls/tests/runners/client_cert_verifier.rs new file mode 100644 index 0000000000..928c9534a6 --- /dev/null +++ b/rustls/tests/runners/client_cert_verifier.rs @@ -0,0 +1,7 @@ +#[macro_use] +mod macros; + +test_for_each_provider! { + #[path = "../client_cert_verifier.rs"] + mod tests; +} diff --git a/rustls/tests/runners/key_log_file_env.rs b/rustls/tests/runners/key_log_file_env.rs new file mode 100644 index 0000000000..b4a6e16736 --- /dev/null +++ b/rustls/tests/runners/key_log_file_env.rs @@ -0,0 +1,35 @@ +use std::env; +use std::sync::{Mutex, Once}; + +#[macro_use] +mod macros; + +test_for_each_provider! { + use super::serialized; + #[path = "../key_log_file_env.rs"] + mod tests; +} + +/// Approximates `#[serial]` from the `serial_test` crate. +/// +/// No attempt is made to recover from a poisoned mutex, which will +/// happen when `f` panics. In other words, all the tests that use +/// `serialized` will start failing after one test panics. +#[allow(dead_code)] +fn serialized(f: impl FnOnce()) { + // Ensure every test is run serialized + // TODO: Use `std::sync::Lazy` once that is stable. + static mut MUTEX: Option> = None; + static ONCE: Once = Once::new(); + ONCE.call_once(|| unsafe { + MUTEX = Some(Mutex::new(())); + }); + let mutex = unsafe { MUTEX.as_mut() }; + + let _guard = mutex.unwrap().get_mut().unwrap(); + + // XXX: NOT thread safe. + env::set_var("SSLKEYLOGFILE", "./sslkeylogfile.txt"); + + f() +} diff --git a/rustls/tests/macros.rs b/rustls/tests/runners/macros.rs similarity index 100% rename from rustls/tests/macros.rs rename to rustls/tests/runners/macros.rs diff --git a/rustls/tests/runners/server_cert_verifier.rs b/rustls/tests/runners/server_cert_verifier.rs new file mode 100644 index 0000000000..e0e8f21ad5 --- /dev/null +++ b/rustls/tests/runners/server_cert_verifier.rs @@ -0,0 +1,7 @@ +#[macro_use] +mod macros; + +test_for_each_provider! { + #[path = "../server_cert_verifier.rs"] + mod tests; +} diff --git a/rustls/tests/runners/unbuffered.rs b/rustls/tests/runners/unbuffered.rs new file mode 100644 index 0000000000..e11afdaa2f --- /dev/null +++ b/rustls/tests/runners/unbuffered.rs @@ -0,0 +1,7 @@ +#[macro_use] +mod macros; + +test_for_each_provider! { + #[path = "../unbuffered.rs"] + mod tests; +} diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index aab32ba405..b0327d4bf1 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -1,9 +1,8 @@ //! Tests for configuring and using a [`ServerCertVerifier`] for a client. -#[macro_use] -mod macros; +#![allow(clippy::duplicate_mod)] -test_for_each_provider! { +use super::*; mod common; use std::sync::Arc; @@ -153,5 +152,3 @@ fn client_can_override_certificate_verification_and_offer_no_signature_schemes() } } } - -} // test_for_each_provider! diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index c2d2f91d31..7bdc030cb9 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -1,7 +1,4 @@ -#[macro_use] -mod macros; - -test_for_each_provider! { +#![allow(clippy::duplicate_mod)] use std::num::NonZeroUsize; use std::sync::Arc; @@ -15,6 +12,8 @@ use rustls::unbuffered::{ use rustls::version::TLS13; use rustls::{ClientConfig, ServerConfig, SideData}; +use super::*; + mod common; use common::*; @@ -932,5 +931,3 @@ fn server_receives_incorrect_first_handshake_message() { _ => panic!("unexpected alert sending state"), }; } - -} // test_for_each_provider! From f8701b723eef674b71c7e678a4f3628487eee9b9 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Wed, 19 Jun 2024 13:22:55 +0100 Subject: [PATCH 1072/1145] Expand and eliminate `test_for_each_provider` macro This allows rustfmt to follow the mod dependencies inside, and therefore format all the test code. --- rustls/tests/runners/api.rs | 18 ++++- rustls/tests/runners/api_ffdhe.rs | 15 ++++- rustls/tests/runners/client_cert_verifier.rs | 15 ++++- rustls/tests/runners/key_log_file_env.rs | 18 ++++- rustls/tests/runners/macros.rs | 70 +++++++++++--------- rustls/tests/runners/server_cert_verifier.rs | 15 ++++- rustls/tests/runners/unbuffered.rs | 15 ++++- 7 files changed, 129 insertions(+), 37 deletions(-) diff --git a/rustls/tests/runners/api.rs b/rustls/tests/runners/api.rs index 656e8d629c..39bb2cf5ad 100644 --- a/rustls/tests/runners/api.rs +++ b/rustls/tests/runners/api.rs @@ -6,8 +6,24 @@ use std::cell::RefCell; #[macro_use] mod macros; -test_for_each_provider! { +#[cfg(feature = "ring")] +#[path = "."] +mod tests_with_ring { use super::*; + + provider_ring!(); + + #[path = "../api.rs"] + mod tests; +} + +#[cfg(feature = "aws_lc_rs")] +#[path = "."] +mod tests_with_aws_lc_rs { + use super::*; + + provider_aws_lc_rs!(); + #[path = "../api.rs"] mod tests; } diff --git a/rustls/tests/runners/api_ffdhe.rs b/rustls/tests/runners/api_ffdhe.rs index befd52926b..242455e764 100644 --- a/rustls/tests/runners/api_ffdhe.rs +++ b/rustls/tests/runners/api_ffdhe.rs @@ -1,7 +1,20 @@ #[macro_use] mod macros; -test_for_each_provider! { +#[cfg(feature = "ring")] +#[path = "."] +mod tests_with_ring { + provider_ring!(); + + #[path = "../api_ffdhe.rs"] + mod tests; +} + +#[cfg(feature = "aws_lc_rs")] +#[path = "."] +mod tests_with_aws_lc_rs { + provider_aws_lc_rs!(); + #[path = "../api_ffdhe.rs"] mod tests; } diff --git a/rustls/tests/runners/client_cert_verifier.rs b/rustls/tests/runners/client_cert_verifier.rs index 928c9534a6..4626270d2c 100644 --- a/rustls/tests/runners/client_cert_verifier.rs +++ b/rustls/tests/runners/client_cert_verifier.rs @@ -1,7 +1,20 @@ #[macro_use] mod macros; -test_for_each_provider! { +#[cfg(feature = "ring")] +#[path = "."] +mod tests_with_ring { + provider_ring!(); + + #[path = "../client_cert_verifier.rs"] + mod tests; +} + +#[cfg(feature = "aws_lc_rs")] +#[path = "."] +mod tests_with_aws_lc_rs { + provider_aws_lc_rs!(); + #[path = "../client_cert_verifier.rs"] mod tests; } diff --git a/rustls/tests/runners/key_log_file_env.rs b/rustls/tests/runners/key_log_file_env.rs index b4a6e16736..1742a8eed1 100644 --- a/rustls/tests/runners/key_log_file_env.rs +++ b/rustls/tests/runners/key_log_file_env.rs @@ -4,8 +4,24 @@ use std::sync::{Mutex, Once}; #[macro_use] mod macros; -test_for_each_provider! { +#[cfg(feature = "ring")] +#[path = "."] +mod tests_with_ring { use super::serialized; + + provider_ring!(); + + #[path = "../key_log_file_env.rs"] + mod tests; +} + +#[cfg(feature = "aws_lc_rs")] +#[path = "."] +mod tests_with_aws_lc_rs { + use super::serialized; + + provider_aws_lc_rs!(); + #[path = "../key_log_file_env.rs"] mod tests; } diff --git a/rustls/tests/runners/macros.rs b/rustls/tests/runners/macros.rs index beaf0cef93..3a55977d42 100644 --- a/rustls/tests/runners/macros.rs +++ b/rustls/tests/runners/macros.rs @@ -1,37 +1,45 @@ -/// Instantiate the given test functions once for each built-in provider. -/// -/// The selected provider module is bound as `provider`; you can rely on this -/// having the union of the public items common to the `rustls::crypto::ring` -/// and `rustls::crypto::aws_lc_rs` modules. +//! Macros that bring a provider into the current scope. +//! +//! The selected provider module is bound as `provider`; you can rely on this +//! having the union of the public items common to the `rustls::crypto::ring` +//! and `rustls::crypto::aws_lc_rs` modules. + #[allow(unused_macros)] -macro_rules! test_for_each_provider { - ($($tt:tt)+) => { - #[cfg(feature = "ring")] - #[path = "."] - mod test_with_ring { - #[allow(unused_imports)] - use rustls::crypto::ring as provider; - #[allow(dead_code)] - const fn provider_is_aws_lc_rs() -> bool { false } - #[allow(dead_code)] - const fn provider_is_ring() -> bool { true } - #[allow(dead_code)] - const fn provider_is_fips() -> bool { false } - $($tt)+ +macro_rules! provider_ring { + () => { + #[allow(unused_imports)] + use rustls::crypto::ring as provider; + #[allow(dead_code)] + const fn provider_is_aws_lc_rs() -> bool { + false + } + #[allow(dead_code)] + const fn provider_is_ring() -> bool { + true } + #[allow(dead_code)] + const fn provider_is_fips() -> bool { + false + } + }; +} - #[cfg(feature = "aws_lc_rs")] - #[path = "."] - mod test_with_aws_lc_rs { - #[allow(unused_imports)] - use rustls::crypto::aws_lc_rs as provider; - #[allow(dead_code)] - const fn provider_is_aws_lc_rs() -> bool { true } - #[allow(dead_code)] - const fn provider_is_ring() -> bool { false } - #[allow(dead_code)] - const fn provider_is_fips() -> bool { cfg!(feature = "fips") } - $($tt)+ +#[allow(unused_macros)] +macro_rules! provider_aws_lc_rs { + () => { + #[allow(unused_imports)] + use rustls::crypto::aws_lc_rs as provider; + #[allow(dead_code)] + const fn provider_is_aws_lc_rs() -> bool { + true + } + #[allow(dead_code)] + const fn provider_is_ring() -> bool { + false + } + #[allow(dead_code)] + const fn provider_is_fips() -> bool { + cfg!(feature = "fips") } }; } diff --git a/rustls/tests/runners/server_cert_verifier.rs b/rustls/tests/runners/server_cert_verifier.rs index e0e8f21ad5..11dd98990f 100644 --- a/rustls/tests/runners/server_cert_verifier.rs +++ b/rustls/tests/runners/server_cert_verifier.rs @@ -1,7 +1,20 @@ #[macro_use] mod macros; -test_for_each_provider! { +#[cfg(feature = "ring")] +#[path = "."] +mod tests_with_ring { + provider_ring!(); + + #[path = "../server_cert_verifier.rs"] + mod tests; +} + +#[cfg(feature = "aws_lc_rs")] +#[path = "."] +mod tests_with_aws_lc_rs { + provider_aws_lc_rs!(); + #[path = "../server_cert_verifier.rs"] mod tests; } diff --git a/rustls/tests/runners/unbuffered.rs b/rustls/tests/runners/unbuffered.rs index e11afdaa2f..3c1f72048a 100644 --- a/rustls/tests/runners/unbuffered.rs +++ b/rustls/tests/runners/unbuffered.rs @@ -1,7 +1,20 @@ #[macro_use] mod macros; -test_for_each_provider! { +#[cfg(feature = "ring")] +#[path = "."] +mod tests_with_ring { + provider_ring!(); + + #[path = "../unbuffered.rs"] + mod tests; +} + +#[cfg(feature = "aws_lc_rs")] +#[path = "."] +mod tests_with_aws_lc_rs { + provider_aws_lc_rs!(); + #[path = "../unbuffered.rs"] mod tests; } From 15940b4238ba034e1b52e4a1121ac70612b96be9 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Wed, 19 Jun 2024 13:44:26 +0100 Subject: [PATCH 1073/1145] api_ffdhe: specify `required-features` --- rustls/Cargo.toml | 1 + rustls/tests/api_ffdhe.rs | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index b11fda1f1f..1def27c710 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -87,6 +87,7 @@ path = "tests/runners/api.rs" [[test]] name = "api_ffdhe" path = "tests/runners/api_ffdhe.rs" +required-features = ["tls12"] [[test]] name = "bogo" diff --git a/rustls/tests/api_ffdhe.rs b/rustls/tests/api_ffdhe.rs index 7b9fff4e38..33253fe2cb 100644 --- a/rustls/tests/api_ffdhe.rs +++ b/rustls/tests/api_ffdhe.rs @@ -1,6 +1,5 @@ //! This file contains tests that use the test-only FFDHE KX group (defined in submodule `ffdhe`) -#![cfg(feature = "tls12")] #![allow(clippy::duplicate_mod)] mod common; From 6c2e27af724ae0dc2bbc1d3b251d1e608d9db797 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Wed, 19 Jun 2024 15:28:38 +0100 Subject: [PATCH 1074/1145] CONTRIBUTING.md: add multi-provider testing notes --- CONTRIBUTING.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ca27e066d7..4d3758be7d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -64,6 +64,28 @@ If you're *looking* for security bugs, this crate is set up for PRs which cause test failures or a significant coverage decrease are unlikely to be accepted. +### Testing with multiple `CryptoProvider`s + +Generally any test that relies on a `CryptoProvider` anywhere, should +be run against all `CryptoProvider`s, such that +`cargo test --all-features` runs the test several times. To achieve that +we have two methods: + +- For unit tests, see `rustls/src/test_macros.rs` which provides the + `test_for_each_provider!` macro. This can be placed around normal + tests and instantiates the tests once per provider. + + Note that rustfmt does not format code inside a macro invocation: + when developing test code, sed `test_for_each_provider! {` to `mod tests {`, + format the code, then sed it back. + +- For integration tests -- where the amount of test code is more significant, + and lack of rustfmt support is more painful -- we instantiate the tests + by importing them multiple times, and then the tests resolve the provider + module to use via `super::provider`. + For example, see `rustls/tests/runners/unbuffered.rs` and + `rustls/tests/unbuffered.rs`. + ## Style guide ### Ordering From 1a69db989c1b6caf84a55299f7f5ea372ab5fda0 Mon Sep 17 00:00:00 2001 From: Raghu Saxena Date: Wed, 19 Jun 2024 11:51:27 +0800 Subject: [PATCH 1075/1145] Use port-prefix naming to lookup the correct ECHConfig Declare port once * Omit unecessary Strip type declaration * Do not specify un-needed `to_string()` * Use `.to_owned()` rather than `.to_string()` * Update binding name from `other` -> `port` --- examples/src/bin/ech-client.rs | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/examples/src/bin/ech-client.rs b/examples/src/bin/ech-client.rs index 5239f05589..b4b6bc01a9 100644 --- a/examples/src/bin/ech-client.rs +++ b/examples/src/bin/ech-client.rs @@ -47,6 +47,8 @@ fn main() { .and_then(|d| d.deserialize()) .unwrap_or_else(|e| e.exit()); + let port = args.flag_port.unwrap_or(443); + // Find raw ECH configs using DNS-over-HTTPS with Hickory DNS. let resolver_config = if args.flag_cloudflare_dns { ResolverConfig::cloudflare_https() @@ -58,7 +60,7 @@ fn main() { true => None, // Force the use of the GREASE ext by skipping ECH config lookup false => match args.flag_ech_config { Some(path) => Some(read_ech(&path)), - None => lookup_ech_configs(&resolver, &args.arg_outer_hostname), + None => lookup_ech_configs(&resolver, &args.arg_outer_hostname, port), }, }; @@ -119,10 +121,7 @@ fn main() { trace!("\nRequest {} of {}", i + 1, args.flag_num_reqs); let mut conn = rustls::ClientConnection::new(config.clone(), server_name.clone()).unwrap(); // The "outer" server that we're connecting to. - let sock_addr = ( - args.arg_outer_hostname.as_str(), - args.flag_port.unwrap_or(443), - ) + let sock_addr = (args.arg_outer_hostname.as_str(), port) .to_socket_addrs() .unwrap() .next() @@ -205,9 +204,17 @@ struct Args { fn lookup_ech_configs( resolver: &Resolver, domain: &str, + port: u16, ) -> Option> { + // For non-standard ports, lookup the ECHConfig using port-prefix naming + // See: https://datatracker.ietf.org/doc/html/rfc9460#section-9.1 + let qname_to_lookup = match port { + 443 => domain.to_owned(), + port => format!("_{port}._https.{domain}"), + }; + resolver - .lookup(domain, RecordType::HTTPS) + .lookup(qname_to_lookup, RecordType::HTTPS) .ok()? .record_iter() .find_map(|r| match r.data() { From 9dfbc8ea110080a2fb890aca140bd788cbe8afcc Mon Sep 17 00:00:00 2001 From: Raghu Saxena Date: Wed, 19 Jun 2024 13:06:16 +0800 Subject: [PATCH 1076/1145] Also debug log public_name --- rustls/src/client/ech.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/client/ech.rs b/rustls/src/client/ech.rs index 37e38583d2..cbdd837ff8 100644 --- a/rustls/src/client/ech.rs +++ b/rustls/src/client/ech.rs @@ -144,8 +144,8 @@ impl EchConfig { .find(|hpke| hpke.suite() == suite) { debug!( - "selected ECH config ID {:?} suite {:?}", - key_config.config_id, suite + "selected ECH config ID {:?} suite {:?} public_name {:?}", + key_config.config_id, suite, contents.public_name ); return Ok(Self { config: config.clone(), From d53e071ced3c3f652230474df2d17b21b85f4bd0 Mon Sep 17 00:00:00 2001 From: Borber Date: Thu, 20 Jun 2024 16:24:20 +0800 Subject: [PATCH 1077/1145] docs: iff => if and only if --- rustls/src/client/hs.rs | 2 +- rustls/src/crypto/ring/kx.rs | 2 +- rustls/src/quic.rs | 2 +- rustls/src/server/hs.rs | 2 +- rustls/src/server/server_conn.rs | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 1f9209685d..30fb2b6ef0 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -621,7 +621,7 @@ pub(super) fn process_alpn_protocol( // RFC 9001 says: "While ALPN only specifies that servers use this alert, QUIC clients MUST // use error 0x0178 to terminate a connection when ALPN negotiation fails." We judge that // the user intended to use ALPN (rather than some out-of-band protocol negotiation - // mechanism) iff any ALPN protocols were configured. This defends against badly-behaved + // mechanism) if and only if any ALPN protocols were configured. This defends against badly-behaved // servers which accept a connection that requires an application-layer protocol they do not // understand. if common.is_quic() && common.alpn_protocol.is_none() && !config.alpn_protocols.is_empty() { diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index ad3a54da48..55dcd2c090 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -23,7 +23,7 @@ struct KxGroup { /// Whether the algorithm is allowed by FIPS /// - /// `SupportedKxGroup::fips()` is true iff the algorithm is allowed, + /// `SupportedKxGroup::fips()` is true if and only if the algorithm is allowed, /// _and_ the implementation is FIPS-validated. fips_allowed: bool, } diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index f3d0dba63d..c04844b55c 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -680,7 +680,7 @@ pub trait PacketKey: Send + Sync { /// the additional authenticated data; and the `payload`. The authentication tag is returned if /// encryption succeeds. /// - /// Fails iff the payload is longer than allowed by the cipher suite's AEAD algorithm. + /// Fails if and only if the payload is longer than allowed by the cipher suite's AEAD algorithm. fn encrypt_in_place( &self, packet_number: u64, diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 5f622cb4d1..e99b6fa0fa 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -109,7 +109,7 @@ impl ExtensionProcessing { // QUIC has strict ALPN, unlike TLS's more backwards-compatible behavior. RFC 9001 // says: "The server MUST treat the inability to select a compatible application // protocol as a connection error of type 0x0178". We judge that ALPN was desired - // (rather than some out-of-band protocol negotiation mechanism) iff any ALPN + // (rather than some out-of-band protocol negotiation mechanism) if and only if any ALPN // protocols were configured locally or offered by the client. This helps prevent // successful establishment of connections between peers that can't understand // each other. diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 49c22264bf..818a9f066a 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -595,7 +595,7 @@ mod connection { /// /// Recovered from the prior session's `set_resumption_data`. Integrity is guaranteed by rustls. /// - /// Returns `Some` iff a valid resumption ticket has been received from the client. + /// Returns `Some` if and only if a valid resumption ticket has been received from the client. pub fn received_resumption_data(&self) -> Option<&[u8]> { self.inner .core From d463346b21bb9b5e9f492d391dc8727c303c26bd Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 17 Jun 2024 13:50:37 +0100 Subject: [PATCH 1078/1145] Fit `received_middlebox_ccs` into `TemperCounters` type --- rustls/src/common_state.rs | 24 ++++++++++++++++++++++-- rustls/src/conn.rs | 18 ++++++------------ 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 9edb8dd582..34e04c981f 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -40,7 +40,6 @@ pub struct CommonState { pub(crate) has_received_close_notify: bool, #[cfg(feature = "std")] pub(crate) has_seen_eof: bool, - pub(crate) received_middlebox_ccs: u8, pub(crate) peer_certificates: Option>, message_fragmenter: MessageFragmenter, pub(crate) received_plaintext: ChunkVecBuffer, @@ -71,7 +70,6 @@ impl CommonState { has_received_close_notify: false, #[cfg(feature = "std")] has_seen_eof: false, - received_middlebox_ccs: 0, peer_certificates: None, message_fragmenter: MessageFragmenter::default(), received_plaintext: ChunkVecBuffer::new(Some(DEFAULT_RECEIVED_PLAINTEXT_LIMIT)), @@ -648,6 +646,11 @@ impl CommonState { .encode(), ); } + + pub(crate) fn received_tls13_change_cipher_spec(&mut self) -> Result<(), Error> { + self.temper_counters + .received_tls13_change_cipher_spec() + } } #[cfg(feature = "std")] @@ -843,6 +846,7 @@ struct TemperCounters { allowed_warning_alerts: u8, allowed_renegotiation_requests: u8, allowed_key_update_requests: u8, + allowed_middlebox_ccs: u8, } impl TemperCounters { @@ -875,6 +879,16 @@ impl TemperCounters { } } } + + fn received_tls13_change_cipher_spec(&mut self) -> Result<(), Error> { + match self.allowed_middlebox_ccs { + 0 => Err(PeerMisbehaved::IllegalMiddleboxChangeCipherSpec.into()), + _ => { + self.allowed_middlebox_ccs -= 1; + Ok(()) + } + } + } } impl Default for TemperCounters { @@ -891,6 +905,12 @@ impl Default for TemperCounters { // cf. BoringSSL `kMaxKeyUpdates` // allowed_key_update_requests: 32, + + // At most two CCS are allowed: one after each ClientHello (recall a second + // ClientHello happens after a HelloRetryRequest). + // + // note BoringSSL allows up to 32. + allowed_middlebox_ccs: 2, } } } diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 20b305a9f3..720ca32bcd 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -343,11 +343,6 @@ pub(crate) struct ConnectionRandoms { pub(crate) server: [u8; 32], } -/// How many ChangeCipherSpec messages we accept and drop in TLS1.3 handshakes. -/// The spec says 1, but implementations (namely the boringssl test suite) get -/// this wrong. BoringSSL itself accepts up to 32. -static TLS13_MAX_DROPPED_CCS: u8 = 2u8; - impl ConnectionRandoms { pub(crate) fn new(client: Random, server: Random) -> Self { Self { @@ -882,9 +877,7 @@ impl ConnectionCore { .may_receive_application_data && self.common_state.is_tls13() { - if !msg.is_valid_ccs() - || self.common_state.received_middlebox_ccs > TLS13_MAX_DROPPED_CCS - { + if !msg.is_valid_ccs() { // "An implementation which receives any other change_cipher_spec value or // which receives a protected change_cipher_spec record MUST abort the // handshake with an "unexpected_message" alert." @@ -892,11 +885,12 @@ impl ConnectionCore { AlertDescription::UnexpectedMessage, PeerMisbehaved::IllegalMiddleboxChangeCipherSpec, )); - } else { - self.common_state.received_middlebox_ccs += 1; - trace!("Dropping CCS"); - return Ok(state); } + + self.common_state + .received_tls13_change_cipher_spec()?; + trace!("Dropping CCS"); + return Ok(state); } // Now we can fully parse the message payload. From 535e794eff4353d5a116e204817998e96001b7e1 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 10 Jun 2024 14:01:01 +0100 Subject: [PATCH 1079/1145] Correct out-of-order `key_update` responses a2fd30c05 introduced `queued_key_update_message` which logically contains an encryption of a key_update response. Because it is encrypted, it must be disbursed _before_ any further encryptions. This didn't happen, for example in this sequence of events: - we receive a key_update with UpdateRequested, and fill in `queued_key_update_message`, - we send any other non-ApplicationData message, adding it to `sendable_tls`, - we send some ApplicationData, moving `queued_key_update_message` into `sendable_tls` This leads to `sendable_tls` containing out-of-order messages, that the peer will fail to decrypt. --- rustls/src/common_state.rs | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 34e04c981f..e0e01a9456 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -364,9 +364,16 @@ impl CommonState { // Put m into sendable_tls for writing. fn queue_tls_message(&mut self, m: OutboundOpaqueMessage) { + self.perhaps_write_key_update(); self.sendable_tls.append(m.encode()); } + pub(crate) fn perhaps_write_key_update(&mut self) { + if let Some(message) = self.queued_key_update_message.take() { + self.sendable_tls.append(message); + } + } + /// Send a raw TLS message, fragmenting it if needed. pub(crate) fn send_msg(&mut self, m: Message, must_encrypt: bool) { { @@ -704,12 +711,6 @@ impl CommonState { self.send_plain_non_buffering(payload, limit) } - - pub(crate) fn perhaps_write_key_update(&mut self) { - if let Some(message) = self.queued_key_update_message.take() { - self.sendable_tls.append(message); - } - } } /// Describes which sort of handshake happened. From 20567b395a25cc895842ad5e170490ad4a2a79b9 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 10 Jun 2024 15:40:23 +0100 Subject: [PATCH 1080/1145] Add `refresh_traffic_keys()` function --- rustls/src/client/tls13.rs | 8 +++++ rustls/src/common_state.rs | 4 +++ rustls/src/conn.rs | 43 ++++++++++++++++++++++++++ rustls/src/msgs/handshake.rs | 7 +++++ rustls/src/msgs/message/mod.rs | 7 +++++ rustls/src/server/tls13.rs | 8 +++++ rustls/src/tls13/key_schedule.rs | 5 +++ rustls/tests/api.rs | 52 ++++++++++++++++++++++++++++++++ 8 files changed, 134 insertions(+) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index b3f99ca437..587ae7634d 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -1554,6 +1554,14 @@ impl State for ExpectTraffic { Ok(self) } + fn send_key_update_request(&mut self, common: &mut CommonState) -> Result<(), Error> { + common.check_aligned_handshake()?; + common.send_msg(Message::build_key_update_request(), true); + self.key_schedule + .update_encrypter(common); + Ok(()) + } + fn export_keying_material( &self, output: &mut [u8], diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index e0e01a9456..34d4fec554 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -798,6 +798,10 @@ pub(crate) trait State: Send + Sync { Err(Error::HandshakeNotComplete) } + fn send_key_update_request(&mut self, _common: &mut CommonState) -> Result<(), Error> { + Err(Error::HandshakeNotComplete) + } + fn handle_decrypt_error(&self) {} fn into_owned(self: Box) -> Box + 'static>; diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 720ca32bcd..bc5df4906d 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -134,6 +134,16 @@ mod connection { Self::Server(server) => server.set_buffer_limit(limit), } } + + /// Sends a TLS1.3 `key_update` message to refresh a connection's keys + /// + /// See [`ConnectionCommon::refresh_traffic_keys()`] for more information. + pub fn refresh_traffic_keys(&mut self) -> Result<(), Error> { + match self { + Self::Client(client) => client.refresh_traffic_keys(), + Self::Server(server) => server.refresh_traffic_keys(), + } + } } impl Deref for Connection { @@ -476,6 +486,39 @@ impl ConnectionCommon { self.sendable_plaintext.set_limit(limit); self.sendable_tls.set_limit(limit); } + + /// Sends a TLS1.3 `key_update` message to refresh a connection's keys. + /// + /// This call refreshes our encryption keys. Once the peer receives the message, + /// it refreshes _its_ encryption and decryption keys and sends a response. + /// Once we receive that response, we refresh our decryption keys to match. + /// At the end of this process, keys in both directions have been refreshed. + /// + /// Note that this process does not happen synchronously: this call just + /// arranges that the `key_update` message will be included in the next + /// `write_tls` output. + /// + /// This fails with `Error::HandshakeNotComplete` if called before the initial + /// handshake is complete, or if a version prior to TLS1.3 is negotiated. + /// + /// # Usage advice + /// Note that other implementations (including rustls) may enforce limits on + /// the number of `key_update` messages allowed on a given connection to prevent + /// denial of service. Therefore, this should be called sparingly. + /// + /// rustls implicitly and automatically refreshes traffic keys when needed + /// according to the selected cipher suite's cryptographic constraints. There + /// is therefore no need to call this manually to avoid cryptographic keys + /// "wearing out". + /// + /// The main reason to call this manually is to roll keys when it is known + /// a connection will be idle for a long period. + pub fn refresh_traffic_keys(&mut self) -> Result<(), Error> { + match &mut self.core.state { + Ok(st) => st.send_key_update_request(&mut self.core.common_state), + Err(e) => Err(e.clone()), + } + } } #[cfg(feature = "std")] diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index cabc27bf83..66d1cb486b 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2703,6 +2703,13 @@ impl<'a> HandshakeMessagePayload<'a> { } } + pub(crate) fn build_key_update_request() -> Self { + Self { + typ: HandshakeType::KeyUpdate, + payload: HandshakePayload::KeyUpdate(KeyUpdateRequest::UpdateRequested), + } + } + pub(crate) fn encoding_for_binder_signing(&self) -> Vec { let mut ret = self.get_encoding(); diff --git a/rustls/src/msgs/message/mod.rs b/rustls/src/msgs/message/mod.rs index c37b9868bd..564d641daf 100644 --- a/rustls/src/msgs/message/mod.rs +++ b/rustls/src/msgs/message/mod.rs @@ -179,6 +179,13 @@ impl Message<'_> { } } + pub fn build_key_update_request() -> Self { + Self { + version: ProtocolVersion::TLSv1_3, + payload: MessagePayload::handshake(HandshakeMessagePayload::build_key_update_request()), + } + } + #[cfg(feature = "std")] pub(crate) fn into_owned(self) -> Message<'static> { let Self { version, payload } = self; diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 3e80312451..6c07e79fd9 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1536,6 +1536,14 @@ impl State for ExpectTraffic { .extract_secrets(Side::Server) } + fn send_key_update_request(&mut self, common: &mut CommonState) -> Result<(), Error> { + common.check_aligned_handshake()?; + common.send_msg(Message::build_key_update_request(), true); + self.key_schedule + .update_encrypter(common); + Ok(()) + } + fn into_owned(self: Box) -> hs::NextState<'static> { self } diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 428da33452..63503136fa 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -496,6 +496,11 @@ impl KeyScheduleTraffic { self.ks.set_encrypter(&secret, common); } + pub(crate) fn update_encrypter(&mut self, common: &mut CommonState) { + let secret = self.next_application_traffic_secret(common.side); + self.ks.set_encrypter(&secret, common); + } + pub(crate) fn update_decrypter(&mut self, common: &mut CommonState) { let secret = self.next_application_traffic_secret(common.side.peer()); self.ks.set_decrypter(&secret, common); diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 8c9e036579..254b1159b0 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -7099,3 +7099,55 @@ fn test_illegal_client_renegotiation_attempt_during_tls12_handshake() { } ); } + +#[test] +fn test_refresh_traffic_keys_during_handshake() { + let (mut client, mut server) = make_pair(KeyType::Ed25519); + assert_eq!( + client + .refresh_traffic_keys() + .unwrap_err(), + Error::HandshakeNotComplete + ); + assert_eq!( + server + .refresh_traffic_keys() + .unwrap_err(), + Error::HandshakeNotComplete + ); +} + +#[test] +fn test_refresh_traffic_keys() { + let (mut client, mut server) = make_pair(KeyType::Ed25519); + do_handshake(&mut client, &mut server); + + fn check_both_directions(client: &mut ClientConnection, server: &mut ServerConnection) { + client + .writer() + .write_all(b"to-server-1") + .unwrap(); + server + .writer() + .write_all(b"to-client-1") + .unwrap(); + transfer(client, server); + server.process_new_packets().unwrap(); + + transfer(server, client); + client.process_new_packets().unwrap(); + + let mut buf = [0u8; 16]; + let len = server.reader().read(&mut buf).unwrap(); + assert_eq!(&buf[..len], b"to-server-1"); + + let len = client.reader().read(&mut buf).unwrap(); + assert_eq!(&buf[..len], b"to-client-1"); + } + + check_both_directions(&mut client, &mut server); + client.refresh_traffic_keys().unwrap(); + check_both_directions(&mut client, &mut server); + server.refresh_traffic_keys().unwrap(); + check_both_directions(&mut client, &mut server); +} From 4dfea58dfe0c510ff40bdd00896b90d8d75aef1c Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 10 Jun 2024 15:47:57 +0100 Subject: [PATCH 1081/1145] bogo: support all KeyUpdate tests --- bogo/config.json.in | 2 -- rustls/examples/internal/bogo_shim_impl.rs | 12 +++++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/bogo/config.json.in b/bogo/config.json.in index a801f82c23..79083f7bdb 100644 --- a/bogo/config.json.in +++ b/bogo/config.json.in @@ -96,8 +96,6 @@ "DelegatedCredentials-*": "not implemented", "CECPQ2*": "no PQC experiments", "*CECPQ2*": "", - "KeyUpdate-FromClient": "not implemented (no API yet)", - "KeyUpdate-FromServer": "", "ExportTrafficSecrets-*": "", "*-InvalidSignature-*-SHA1-*": "no sha1", "NoCommonCurves": "nothing to fall back to", diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index e6ea4ecb47..67c9896e51 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -102,6 +102,7 @@ struct Options { on_resume_expect_ech_accept: bool, on_initial_expect_ech_accept: bool, enable_ech_grease: bool, + send_key_update: bool, } impl Options { @@ -163,6 +164,7 @@ impl Options { on_resume_expect_ech_accept: false, on_initial_expect_ech_accept: false, enable_ech_grease: false, + send_key_update: false, } } @@ -996,6 +998,7 @@ fn exec(opts: &Options, mut sess: Connection, count: usize) { let mut conn = net::TcpStream::connect(&addrs[..]).expect("cannot connect"); let mut sent_shutdown = false; let mut sent_exporter = false; + let mut sent_key_update = false; let mut quench_writes = false; conn.write_all(&opts.shim_id.to_le_bytes()) @@ -1077,6 +1080,11 @@ fn exec(opts: &Options, mut sess: Connection, count: usize) { sent_exporter = true; } + if opts.send_key_update && !sent_key_update && !sess.is_handshaking() { + sess.refresh_traffic_keys().unwrap(); + sent_key_update = true; + } + if !sess.is_handshaking() && opts.only_write_one_byte_after_handshake && !sent_message { println!("writing message and then only one byte of its tls frame"); flush(&mut sess, &mut conn); @@ -1302,13 +1310,15 @@ pub fn main() { "-expect-no-session-id" | "-enable-ed25519" | "-on-resume-expect-no-offer-early-data" | - "-key-update" | //< we could implement an API for this "-expect-tls13-downgrade" | "-enable-signed-cert-timestamps" | "-expect-session-id" => { println!("not checking {}; NYI", arg); } + "-key-update" => { + opts.send_key_update = true; + } "-expect-hrr" => { opts.expect_handshake_kind = Some(vec![HandshakeKind::FullWithHelloRetryRequest]); } From e184380fa12ba1d1a00e60e3ff14b274181ef431 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Tue, 11 Jun 2024 10:25:57 +0100 Subject: [PATCH 1082/1145] Replace record_layer API for encryption sequence exhaustion This removes `encrypt_exhausted`, `wants_close_before_encrypt` and `remaining_write_seq` and unifies those into one API. The single API is shared between the unbuffered and buffered code to avoid these falling out of line. --- rustls/src/common_state.rs | 48 ++++++++++++++++++++++------------- rustls/src/record_layer.rs | 52 +++++++++++++++++++++++--------------- 2 files changed, 62 insertions(+), 38 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 34d4fec554..7da3a77222 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -213,13 +213,20 @@ impl CommonState { payload.clone(), ); - let remaining_encryptions = self - .record_layer - .remaining_write_seq() - .ok_or(EncryptError::EncryptExhausted)?; - - if fragments.len() as u64 > remaining_encryptions.get() { - return Err(EncryptError::EncryptExhausted); + for f in 0..fragments.len() { + match self + .record_layer + .pre_encrypt_action(f as u64) + { + record_layer::PreEncryptAction::Nothing => {} + record_layer::PreEncryptAction::Close => { + self.eager_send_close_notify(outgoing_tls)?; + return Err(EncryptError::EncryptExhausted); + } + record_layer::PreEncryptAction::Refuse => { + return Err(EncryptError::EncryptExhausted); + } + } } self.check_required_size( @@ -298,20 +305,25 @@ impl CommonState { } fn send_single_fragment(&mut self, m: OutboundPlainMessage) { - // Close connection once we start to run out of - // sequence space. - if self + match self .record_layer - .wants_close_before_encrypt() + .next_pre_encrypt_action() { - self.send_close_notify(); - } + record_layer::PreEncryptAction::Nothing => {} - // Refuse to wrap counter at all costs. This - // is basically untestable unfortunately. - if self.record_layer.encrypt_exhausted() { - return; - } + // Close connection once we start to run out of + // sequence space. + record_layer::PreEncryptAction::Close => { + self.send_close_notify(); + return; + } + + // Refuse to wrap counter at all costs. This + // is basically untestable unfortunately. + record_layer::PreEncryptAction::Refuse => { + return; + } + }; let em = self.record_layer.encrypt_outgoing(m); self.queue_tls_message(em); diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index fe391ddd08..4ba00d615b 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -1,5 +1,4 @@ use alloc::boxed::Box; -use core::num::NonZeroU64; use crate::crypto::cipher::{InboundOpaqueMessage, MessageDecrypter, MessageEncrypter}; use crate::error::Error; @@ -7,9 +6,6 @@ use crate::error::Error; use crate::log::trace; use crate::msgs::message::{InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage}; -static SEQ_SOFT_LIMIT: u64 = 0xffff_ffff_ffff_0000u64; -static SEQ_HARD_LIMIT: u64 = 0xffff_ffff_ffff_fffeu64; - #[derive(PartialEq)] enum DirectionState { /// No keying material. @@ -111,7 +107,7 @@ impl RecordLayer { plain: OutboundPlainMessage, ) -> OutboundOpaqueMessage { debug_assert!(self.encrypt_state == DirectionState::Active); - assert!(!self.encrypt_exhausted()); + assert!(self.next_pre_encrypt_action() != PreEncryptAction::Refuse); let seq = self.write_seq; self.write_seq += 1; self.message_encrypter @@ -181,16 +177,23 @@ impl RecordLayer { self.trial_decryption_len = None; } - /// Return true if we are getting close to encrypting too many - /// messages with our encryption key. - pub(crate) fn wants_close_before_encrypt(&self) -> bool { - self.write_seq == SEQ_SOFT_LIMIT + pub(crate) fn next_pre_encrypt_action(&self) -> PreEncryptAction { + self.pre_encrypt_action(0) } - /// Return true if we outright refuse to do anything with the - /// encryption key. - pub(crate) fn encrypt_exhausted(&self) -> bool { - self.write_seq >= SEQ_HARD_LIMIT + /// Return a remedial action when we are near to encrypting too many messages. + /// + /// `add` is added to the current sequence number. `add` as `0` means + /// "the next message processed by `encrypt_outgoing`" + pub(crate) fn pre_encrypt_action(&self, add: u64) -> PreEncryptAction { + let value = self.write_seq.saturating_add(add); + if value == SEQ_SOFT_LIMIT { + PreEncryptAction::Close + } else if value >= SEQ_HARD_LIMIT { + PreEncryptAction::Refuse + } else { + PreEncryptAction::Nothing + } } pub(crate) fn is_encrypting(&self) -> bool { @@ -207,13 +210,6 @@ impl RecordLayer { self.write_seq } - /// Returns the number of remaining write sequences - pub(crate) fn remaining_write_seq(&self) -> Option { - SEQ_SOFT_LIMIT - .checked_sub(self.write_seq) - .and_then(NonZeroU64::new) - } - pub(crate) fn read_seq(&self) -> u64 { self.read_seq } @@ -246,6 +242,22 @@ pub(crate) struct Decrypted<'a> { pub(crate) plaintext: InboundPlainMessage<'a>, } +#[derive(Debug, Eq, PartialEq)] +pub(crate) enum PreEncryptAction { + /// No action is needed before calling `encrypt_outgoing` + Nothing, + + /// A `close_notify` alert should be sent ASAP + Close, + + /// Do not call `encrypt_outgoing` further, it will panic rather than + /// over-use the key. + Refuse, +} + +const SEQ_SOFT_LIMIT: u64 = 0xffff_ffff_ffff_0000u64; +const SEQ_HARD_LIMIT: u64 = 0xffff_ffff_ffff_fffeu64; + #[cfg(test)] mod tests { use super::*; From a7dcf8143b520a19790889d58e6d2b1772f29e4c Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Tue, 11 Jun 2024 11:13:53 +0100 Subject: [PATCH 1083/1145] Obtain encryption sequence limit from suite Limited by SEQ_SOFT_LIMIT for suites that have no limit. --- rustls/src/common_state.rs | 8 +++++++- rustls/src/record_layer.rs | 20 ++++++++++++++++---- rustls/src/tls13/key_schedule.rs | 5 ++++- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 7da3a77222..235341230e 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -428,7 +428,13 @@ impl CommonState { pub(crate) fn start_encryption_tls12(&mut self, secrets: &ConnectionSecrets, side: Side) { let (dec, enc) = secrets.make_cipher_pair(side); self.record_layer - .prepare_message_encrypter(enc); + .prepare_message_encrypter( + enc, + secrets + .suite() + .common + .confidentiality_limit, + ); self.record_layer .prepare_message_decrypter(dec); } diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index 4ba00d615b..31732c7b7e 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -1,4 +1,5 @@ use alloc::boxed::Box; +use core::cmp::min; use crate::crypto::cipher::{InboundOpaqueMessage, MessageDecrypter, MessageEncrypter}; use crate::error::Error; @@ -22,6 +23,7 @@ enum DirectionState { pub struct RecordLayer { message_encrypter: Box, message_decrypter: Box, + write_seq_max: u64, write_seq: u64, read_seq: u64, has_decrypted: bool, @@ -40,6 +42,7 @@ impl RecordLayer { Self { message_encrypter: ::invalid(), message_decrypter: ::invalid(), + write_seq_max: 0, write_seq: 0, read_seq: 0, has_decrypted: false, @@ -117,9 +120,14 @@ impl RecordLayer { /// Prepare to use the given `MessageEncrypter` for future message encryption. /// It is not used until you call `start_encrypting`. - pub(crate) fn prepare_message_encrypter(&mut self, cipher: Box) { + pub(crate) fn prepare_message_encrypter( + &mut self, + cipher: Box, + max_messages: u64, + ) { self.message_encrypter = cipher; self.write_seq = 0; + self.write_seq_max = min(SEQ_SOFT_LIMIT, max_messages); self.encrypt_state = DirectionState::Prepared; } @@ -147,8 +155,12 @@ impl RecordLayer { /// Set and start using the given `MessageEncrypter` for future outgoing /// message encryption. - pub(crate) fn set_message_encrypter(&mut self, cipher: Box) { - self.prepare_message_encrypter(cipher); + pub(crate) fn set_message_encrypter( + &mut self, + cipher: Box, + max_messages: u64, + ) { + self.prepare_message_encrypter(cipher, max_messages); self.start_encrypting(); } @@ -187,7 +199,7 @@ impl RecordLayer { /// "the next message processed by `encrypt_outgoing`" pub(crate) fn pre_encrypt_action(&self, add: u64) -> PreEncryptAction { let value = self.write_seq.saturating_add(add); - if value == SEQ_SOFT_LIMIT { + if value == self.write_seq_max { PreEncryptAction::Close } else if value >= SEQ_HARD_LIMIT { PreEncryptAction::Refuse diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 63503136fa..a4d8015eec 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -602,7 +602,10 @@ impl KeySchedule { common .record_layer - .set_message_encrypter(self.suite.aead_alg.encrypter(key, iv)); + .set_message_encrypter( + self.suite.aead_alg.encrypter(key, iv), + self.suite.common.confidentiality_limit, + ); } fn set_decrypter(&self, secret: &OkmBlock, common: &mut CommonState) { From b04baed06b8f8976c159c739b4cc056117911f46 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Tue, 11 Jun 2024 13:39:05 +0100 Subject: [PATCH 1084/1145] Send `key_update` request when encrypter exhausted --- rustls/src/common_state.rs | 30 ++++++++++---- rustls/src/conn.rs | 36 +++++++++++++---- rustls/src/conn/unbuffered.rs | 3 ++ rustls/src/record_layer.rs | 9 +++-- rustls/tests/api.rs | 73 +++++++++++++++++++++++++++++++++++ rustls/tests/common/mod.rs | 28 ++++++++++++++ 6 files changed, 161 insertions(+), 18 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 235341230e..e22dfe9740 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -51,6 +51,7 @@ pub struct CommonState { pub(crate) quic: quic::Quic, pub(crate) enable_secret_extraction: bool, temper_counters: TemperCounters, + pub(crate) refresh_traffic_keys_pending: Option<()>, } impl CommonState { @@ -79,6 +80,7 @@ impl CommonState { quic: quic::Quic::default(), enable_secret_extraction: false, temper_counters: TemperCounters::default(), + refresh_traffic_keys_pending: None, } } @@ -219,10 +221,16 @@ impl CommonState { .pre_encrypt_action(f as u64) { record_layer::PreEncryptAction::Nothing => {} - record_layer::PreEncryptAction::Close => { - self.eager_send_close_notify(outgoing_tls)?; - return Err(EncryptError::EncryptExhausted); - } + record_layer::PreEncryptAction::RefreshOrClose => match self.negotiated_version { + Some(ProtocolVersion::TLSv1_3) => { + // driven by caller, as we don't have the `State` here + self.refresh_traffic_keys_pending = Some(()); + } + _ => { + self.eager_send_close_notify(outgoing_tls)?; + return Err(EncryptError::EncryptExhausted); + } + }, record_layer::PreEncryptAction::Refuse => { return Err(EncryptError::EncryptExhausted); } @@ -313,9 +321,17 @@ impl CommonState { // Close connection once we start to run out of // sequence space. - record_layer::PreEncryptAction::Close => { - self.send_close_notify(); - return; + record_layer::PreEncryptAction::RefreshOrClose => { + match self.negotiated_version { + Some(ProtocolVersion::TLSv1_3) => { + // driven by caller, as we don't have the `State` here + self.refresh_traffic_keys_pending = Some(()); + } + _ => { + self.send_close_notify(); + return; + } + } } // Refuse to wrap counter at all costs. This diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index bc5df4906d..62b8f8f83c 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -312,10 +312,12 @@ https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eof" impl PlaintextSink for ConnectionCommon { fn write(&mut self, buf: &[u8]) -> io::Result { - Ok(self + let len = self .core .common_state - .buffer_plaintext(buf.into(), &mut self.sendable_plaintext)) + .buffer_plaintext(buf.into(), &mut self.sendable_plaintext); + self.core.maybe_refresh_traffic_keys(); + Ok(len) } fn write_vectored(&mut self, bufs: &[io::IoSlice<'_>]) -> io::Result { @@ -332,10 +334,12 @@ https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eof" OutboundChunks::new(&payload_owner) } }; - Ok(self + let len = self .core .common_state - .buffer_plaintext(payload, &mut self.sendable_plaintext)) + .buffer_plaintext(payload, &mut self.sendable_plaintext); + self.core.maybe_refresh_traffic_keys(); + Ok(len) } fn flush(&mut self) -> io::Result<()> { @@ -514,10 +518,7 @@ impl ConnectionCommon { /// The main reason to call this manually is to roll keys when it is known /// a connection will be idle for a long period. pub fn refresh_traffic_keys(&mut self) -> Result<(), Error> { - match &mut self.core.state { - Ok(st) => st.send_key_update_request(&mut self.core.common_state), - Err(e) => Err(e.clone()), - } + self.core.refresh_traffic_keys() } } @@ -975,6 +976,25 @@ impl ConnectionCore { Err(e) => Err(e.clone()), } } + + /// Trigger a `refresh_traffic_keys` if required by `CommonState`. + fn maybe_refresh_traffic_keys(&mut self) { + if self + .common_state + .refresh_traffic_keys_pending + .take() + .is_some() + { + let _ = self.refresh_traffic_keys(); + } + } + + fn refresh_traffic_keys(&mut self) -> Result<(), Error> { + match &mut self.state { + Ok(st) => st.send_key_update_request(&mut self.common_state), + Err(e) => Err(e.clone()), + } + } } /// Data specific to the peer's side (client or server). diff --git a/rustls/src/conn/unbuffered.rs b/rustls/src/conn/unbuffered.rs index eef4066343..38de79fd86 100644 --- a/rustls/src/conn/unbuffered.rs +++ b/rustls/src/conn/unbuffered.rs @@ -398,6 +398,9 @@ impl WriteTraffic<'_, Data> { application_data: &[u8], outgoing_tls: &mut [u8], ) -> Result { + self.conn + .core + .maybe_refresh_traffic_keys(); self.conn .core .common_state diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index 31732c7b7e..9efc32a1bb 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -200,7 +200,7 @@ impl RecordLayer { pub(crate) fn pre_encrypt_action(&self, add: u64) -> PreEncryptAction { let value = self.write_seq.saturating_add(add); if value == self.write_seq_max { - PreEncryptAction::Close + PreEncryptAction::RefreshOrClose } else if value >= SEQ_HARD_LIMIT { PreEncryptAction::Refuse } else { @@ -259,8 +259,11 @@ pub(crate) enum PreEncryptAction { /// No action is needed before calling `encrypt_outgoing` Nothing, - /// A `close_notify` alert should be sent ASAP - Close, + /// A `key_update` request should be sent ASAP. + /// + /// If that is not possible (for example, the connection is TLS1.2), a `close_notify` + /// alert should be sent instead. + RefreshOrClose, /// Do not call `encrypt_outgoing` further, it will panic rather than /// over-use the key. diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 254b1159b0..d02c6b5a56 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -7151,3 +7151,76 @@ fn test_refresh_traffic_keys() { server.refresh_traffic_keys().unwrap(); check_both_directions(&mut client, &mut server); } + +#[test] +fn test_automatic_refresh_traffic_keys() { + const fn encrypted_size(body: usize) -> usize { + let padding = 1; + let header = 5; + let tag = 16; + header + body + padding + tag + } + + const KEY_UPDATE_SIZE: usize = encrypted_size(5); + const CONFIDENTIALITY_LIMIT: u64 = 1024; + let provider = tls13_aes_128_gcm_with_1024_confidentiality_limit(); + + let client_config = finish_client_config( + KeyType::Ed25519, + ClientConfig::builder_with_provider(provider.clone()) + .with_safe_default_protocol_versions() + .unwrap(), + ); + let server_config = finish_server_config( + KeyType::Ed25519, + ServerConfig::builder_with_provider(provider) + .with_safe_default_protocol_versions() + .unwrap(), + ); + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + do_handshake(&mut client, &mut server); + + for i in 0..(CONFIDENTIALITY_LIMIT + 16) { + let message = format!("{i:08}"); + client + .writer() + .write_all(message.as_bytes()) + .unwrap(); + let transferred = transfer(&mut client, &mut server); + println!( + "{}: {} -> {:?}", + i, + transferred, + server.process_new_packets().unwrap() + ); + + // at CONFIDENTIALITY_LIMIT messages, we also have a key_update message sent + assert_eq!( + transferred, + match i { + CONFIDENTIALITY_LIMIT => KEY_UPDATE_SIZE + encrypted_size(message.len()), + _ => encrypted_size(message.len()), + } + ); + + let mut buf = [0u8; 32]; + let recvd = server.reader().read(&mut buf).unwrap(); + assert_eq!(&buf[..recvd], message.as_bytes()); + } + + // finally, server writes and pumps its key_update response + let message = b"finished"; + server + .writer() + .write_all(message) + .unwrap(); + let transferred = transfer(&mut server, &mut client); + + println!( + "F: {} -> {:?}", + transferred, + client.process_new_packets().unwrap() + ); + assert_eq!(transferred, KEY_UPDATE_SIZE + encrypted_size(message.len())); +} diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index db8cc35819..6344e1a708 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -5,6 +5,7 @@ use std::io; use std::ops::DerefMut; use std::sync::Arc; +use once_cell::sync::OnceCell; use pki_types::{ CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName, UnixTime, }; @@ -1040,3 +1041,30 @@ impl RawTls { f(msg); } } + +pub fn tls13_aes_128_gcm_with_1024_confidentiality_limit() -> Arc { + const CONFIDENTIALITY_LIMIT: u64 = 1024; + + // needed to extend lifetime of Tls13CipherSuite to 'static + static LIMITED_SUITE: OnceCell = OnceCell::new(); + + let limited = LIMITED_SUITE.get_or_init(|| { + let tls13 = provider::cipher_suite::TLS13_AES_128_GCM_SHA256 + .tls13() + .unwrap(); + + rustls::Tls13CipherSuite { + common: rustls::crypto::CipherSuiteCommon { + confidentiality_limit: CONFIDENTIALITY_LIMIT, + ..tls13.common + }, + ..*tls13 + } + }); + + CryptoProvider { + cipher_suites: vec![SupportedCipherSuite::Tls13(limited)], + ..provider::default_provider() + } + .into() +} From 86d9833d5676d44c30837ff16226df68f75a2cc9 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Wed, 12 Jun 2024 16:03:43 +0100 Subject: [PATCH 1085/1145] Correct `confidentiality_limit` for TCP-TLS These were copies of the QUIC values, which made them pessimistic (QUIC's largest message is 2 ** 16, TCP-TLS is 2 ** 14). Double them. Add documentation & references of how these are calculated. --- rustls/src/crypto/aws_lc_rs/tls12.rs | 8 ++++---- rustls/src/crypto/aws_lc_rs/tls13.rs | 11 +++++++++-- rustls/src/crypto/ring/tls12.rs | 8 ++++---- rustls/src/crypto/ring/tls13.rs | 11 +++++++++-- rustls/src/suites.rs | 18 +++++++++++++++++- 5 files changed, 43 insertions(+), 13 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 67c8e9c200..03503618dc 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -52,7 +52,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, - confidentiality_limit: 1 << 23, + confidentiality_limit: 1 << 24, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -66,7 +66,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, - confidentiality_limit: 1 << 23, + confidentiality_limit: 1 << 24, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -80,7 +80,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, - confidentiality_limit: 1 << 23, + confidentiality_limit: 1 << 24, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, @@ -94,7 +94,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, - confidentiality_limit: 1 << 23, + confidentiality_limit: 1 << 24, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index d18c5dccfe..9797dccda0 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -25,6 +25,7 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & common: CipherSuiteCommon { suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, + // ref: confidentiality_limit: u64::MAX, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), @@ -32,7 +33,9 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & quic: Some(&super::quic::KeyBuilder { packet_alg: &aead::CHACHA20_POLY1305, header_alg: &aead::quic::CHACHA20, + // ref: confidentiality_limit: u64::MAX, + // ref: integrity_limit: 1 << 36, }), }; @@ -43,14 +46,16 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, - confidentiality_limit: 1 << 23, + confidentiality_limit: 1 << 24, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA384, hmac::HMAC_SHA384), aead_alg: &Aes256GcmAead(AeadAlgorithm(&aead::AES_256_GCM)), quic: Some(&super::quic::KeyBuilder { packet_alg: &aead::AES_256_GCM, header_alg: &aead::quic::AES_256, + // ref: confidentiality_limit: 1 << 23, + // ref: integrity_limit: 1 << 52, }), }); @@ -63,14 +68,16 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, - confidentiality_limit: 1 << 23, + confidentiality_limit: 1 << 24, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Aes128GcmAead(AeadAlgorithm(&aead::AES_128_GCM)), quic: Some(&super::quic::KeyBuilder { packet_alg: &aead::AES_128_GCM, header_alg: &aead::quic::AES_128, + // ref: confidentiality_limit: 1 << 23, + // ref: integrity_limit: 1 << 52, }), }; diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index bbdad6c957..093c687250 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -50,7 +50,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, - confidentiality_limit: 1 << 23, + confidentiality_limit: 1 << 24, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -64,7 +64,7 @@ pub static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, - confidentiality_limit: 1 << 23, + confidentiality_limit: 1 << 24, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_RSA_SCHEMES, @@ -78,7 +78,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, - confidentiality_limit: 1 << 23, + confidentiality_limit: 1 << 24, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, @@ -92,7 +92,7 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, - confidentiality_limit: 1 << 23, + confidentiality_limit: 1 << 24, }, kx: KeyExchangeAlgorithm::ECDHE, sign: TLS12_ECDSA_SCHEMES, diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index 3c67b5c544..f674051a67 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -24,6 +24,7 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & common: CipherSuiteCommon { suite: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256, hash_provider: &super::hash::SHA256, + // ref: confidentiality_limit: u64::MAX, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), @@ -31,7 +32,9 @@ pub(crate) static TLS13_CHACHA20_POLY1305_SHA256_INTERNAL: &Tls13CipherSuite = & quic: Some(&super::quic::KeyBuilder { packet_alg: &aead::CHACHA20_POLY1305, header_alg: &aead::quic::CHACHA20, + // ref: confidentiality_limit: u64::MAX, + // ref: integrity_limit: 1 << 36, }), }; @@ -42,14 +45,16 @@ pub static TLS13_AES_256_GCM_SHA384: SupportedCipherSuite = common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_256_GCM_SHA384, hash_provider: &super::hash::SHA384, - confidentiality_limit: 1 << 23, + confidentiality_limit: 1 << 24, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA384, hmac::HMAC_SHA384), aead_alg: &Aes256GcmAead(AeadAlgorithm(&aead::AES_256_GCM)), quic: Some(&super::quic::KeyBuilder { packet_alg: &aead::AES_256_GCM, header_alg: &aead::quic::AES_256, + // ref: confidentiality_limit: 1 << 23, + // ref: integrity_limit: 1 << 52, }), }); @@ -62,14 +67,16 @@ pub(crate) static TLS13_AES_128_GCM_SHA256_INTERNAL: &Tls13CipherSuite = &Tls13C common: CipherSuiteCommon { suite: CipherSuite::TLS13_AES_128_GCM_SHA256, hash_provider: &super::hash::SHA256, - confidentiality_limit: 1 << 23, + confidentiality_limit: 1 << 24, }, hkdf_provider: &RingHkdf(hkdf::HKDF_SHA256, hmac::HMAC_SHA256), aead_alg: &Aes128GcmAead(AeadAlgorithm(&aead::AES_128_GCM)), quic: Some(&super::quic::KeyBuilder { packet_alg: &aead::AES_128_GCM, header_alg: &aead::quic::AES_128, + // ref: confidentiality_limit: 1 << 23, + // ref: integrity_limit: 1 << 52, }), }; diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 6dce3242e6..1a8f49a20f 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -27,9 +27,25 @@ pub struct CipherSuiteCommon { /// from an ideal pseudorandom permutation (PRP). /// /// This is to be set on the assumption that messages are maximally sized -- - /// at least 2 ** 14 bytes. It **does not** consider confidentiality limits for + /// each is 214 bytes. It **does not** consider confidentiality limits for /// QUIC connections - see the [`quic::KeyBuilder.confidentiality_limit`] field for /// this context. + /// + /// For AES-GCM implementations, this should be set to 224 to limit attack + /// probability to one in 260. See [AEBounds] (Table 1) and [draft-irtf-aead-limits-08]: + /// + /// ```python + /// >>> p = 2 ** -60 + /// >>> L = (2 ** 14 // 16) + 1 + /// >>> qlim = (math.sqrt(p) * (2 ** (129 // 2)) - 1) / (L + 1) + /// >>> print(int(qlim).bit_length()) + /// 24 + /// ``` + /// [AEBounds]: https://eprint.iacr.org/2024/051.pdf + /// [draft-irtf-aead-limits-08]: https://www.ietf.org/archive/id/draft-irtf-cfrg-aead-limits-08.html#section-5.1.1 + /// + /// For chacha20-poly1305 implementations, this should be set to `u64::MAX`: + /// see pub confidentiality_limit: u64, } From e0c0bf72ce9c74e6348aa3b65eaca4a0f723b2c5 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 14 Jun 2024 14:51:46 +0100 Subject: [PATCH 1086/1145] `write_fragments`: output `sendable_tls` as prefix Overwhelmingly `sendable_tls` is empty in this code path, but when it is not (eg, an alert or other post-handshake handshake message), it _must_ be included before further encryptions are performed. Once that is achieved, we can eliminate the special handling of `queued_key_update_message` in `write_plaintext`. --- rustls/src/common_state.rs | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index e22dfe9740..c7b37c69b6 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -237,12 +237,9 @@ impl CommonState { } } - self.check_required_size( - outgoing_tls, - self.queued_key_update_message - .as_deref(), - fragments, - )?; + self.perhaps_write_key_update(); + + self.check_required_size(outgoing_tls, fragments)?; let fragments = self .message_fragmenter @@ -252,10 +249,7 @@ impl CommonState { payload, ); - let opt_msg = self.queued_key_update_message.take(); - let written = self.write_fragments(outgoing_tls, opt_msg, fragments); - - Ok(written) + Ok(self.write_fragments(outgoing_tls, fragments)) } // Changing the keys must not span any fragmented handshake @@ -548,7 +542,7 @@ impl CommonState { .message_fragmenter .fragment_message(&m); - self.check_required_size(outgoing_tls, None, iter)?; + self.check_required_size(outgoing_tls, iter)?; debug!("Sending warning alert {:?}", AlertDescription::CloseNotify); @@ -556,7 +550,7 @@ impl CommonState { .message_fragmenter .fragment_message(&m); - let written = self.write_fragments(outgoing_tls, None, iter); + let written = self.write_fragments(outgoing_tls, iter); Ok(written) } @@ -569,13 +563,9 @@ impl CommonState { fn check_required_size<'a>( &self, outgoing_tls: &mut [u8], - opt_msg: Option<&[u8]>, fragments: impl Iterator>, ) -> Result<(), EncryptError> { - let mut required_size = 0; - if let Some(message) = opt_msg { - required_size += message.len(); - } + let mut required_size = self.sendable_tls.len(); for m in fragments { required_size += m.encoded_len(&self.record_layer); @@ -593,12 +583,13 @@ impl CommonState { fn write_fragments<'a>( &mut self, outgoing_tls: &mut [u8], - opt_msg: Option>, fragments: impl Iterator>, ) -> usize { let mut written = 0; - if let Some(message) = opt_msg { + // Any pre-existing encrypted messages in `sendable_tls` must + // be output before encrypting any of the `fragments`. + while let Some(message) = self.sendable_tls.pop() { let len = message.len(); outgoing_tls[written..written + len].copy_from_slice(&message); written += len; From 628040ff39d17c47a6fbfeb77c4fef5581227816 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 14 Jun 2024 15:05:54 +0100 Subject: [PATCH 1087/1145] `eager_send_close_notify`: reuse `send_close_notify` Ensures unbuffered API respects the 7d4e809e5 fix. --- rustls/src/common_state.rs | 22 +++------------------- rustls/tests/unbuffered.rs | 24 ++++++++++++++++++++++-- 2 files changed, 25 insertions(+), 21 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index c7b37c69b6..54ba98f2d1 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -534,25 +534,9 @@ impl CommonState { &mut self, outgoing_tls: &mut [u8], ) -> Result { - debug_assert!(self.record_layer.is_encrypting()); - - let m = Message::build_alert(AlertLevel::Warning, AlertDescription::CloseNotify).into(); - - let iter = self - .message_fragmenter - .fragment_message(&m); - - self.check_required_size(outgoing_tls, iter)?; - - debug!("Sending warning alert {:?}", AlertDescription::CloseNotify); - - let iter = self - .message_fragmenter - .fragment_message(&m); - - let written = self.write_fragments(outgoing_tls, iter); - - Ok(written) + self.send_close_notify(); + self.check_required_size(outgoing_tls, [].into_iter())?; + Ok(self.write_fragments(outgoing_tls, [].into_iter())) } fn send_warning_alert_no_log(&mut self, desc: AlertDescription) { diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 7bdc030cb9..24296367b1 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -490,10 +490,30 @@ fn junk_after_close_notify_received() { assert_eq!(discard, 0); } -fn write_traffic) -> Result>( +#[test] +fn queue_close_notify_is_idempotent() { + let mut outcome = handshake(&rustls::version::TLS13); + let mut client = outcome.client.take().unwrap(); + + let mut client_send_buf = [0u8; 128]; + let (len_first, len_second) = write_traffic( + client.process_tls_records(&mut []), + |mut wt: WriteTraffic<_>| { + ( + wt.queue_close_notify(&mut client_send_buf), + wt.queue_close_notify(&mut client_send_buf), + ) + }, + ); + + assert!(len_first.unwrap() > 0); + assert_eq!(len_second.unwrap(), 0); +} + +fn write_traffic) -> R>( status: UnbufferedStatus<'_, '_, T>, mut f: F, -) -> Result { +) -> R { let UnbufferedStatus { discard, state } = status; assert_eq!(discard, 0); let state = state.unwrap(); From 17be276565e49befc5b58ba84a37fdb5ee894166 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 14 Jun 2024 15:34:01 +0100 Subject: [PATCH 1088/1145] unbuffered: add `WriteTraffic::refresh_traffic_keys()` --- rustls/src/conn/unbuffered.rs | 15 ++++ rustls/tests/unbuffered.rs | 125 +++++++++++++++++++++++++++++++++- 2 files changed, 139 insertions(+), 1 deletion(-) diff --git a/rustls/src/conn/unbuffered.rs b/rustls/src/conn/unbuffered.rs index 38de79fd86..9b87e7bf79 100644 --- a/rustls/src/conn/unbuffered.rs +++ b/rustls/src/conn/unbuffered.rs @@ -417,6 +417,21 @@ impl WriteTraffic<'_, Data> { .common_state .eager_send_close_notify(outgoing_tls) } + + /// Arranges for a TLS1.3 `key_update` to be sent. + /// + /// This consumes the `WriteTraffic` state: to actually send the message, + /// call [`UnbufferedConnectionCommon::process_tls_records`] again which will + /// return a `ConnectionState::EncodeTlsData` that emits the `key_update` + /// message. + /// + /// See [`ConnectionCommon::refresh_traffic_keys()`] for full documentation, + /// including why you might call this and in what circumstances it will fail. + /// + /// [`ConnectionCommon::refresh_traffic_keys()`]: crate::ConnectionCommon::refresh_traffic_keys + pub fn refresh_traffic_keys(self) -> Result<(), Error> { + self.conn.core.refresh_traffic_keys() + } } /// A handshake record must be encoded diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 24296367b1..35061b749e 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -10,7 +10,7 @@ use rustls::unbuffered::{ UnbufferedStatus, WriteTraffic, }; use rustls::version::TLS13; -use rustls::{ClientConfig, ServerConfig, SideData}; +use rustls::{ClientConfig, Error, ServerConfig, SideData}; use super::*; @@ -510,6 +510,129 @@ fn queue_close_notify_is_idempotent() { assert_eq!(len_second.unwrap(), 0); } +#[test] +fn refresh_traffic_keys_on_tls12_connection() { + let mut outcome = handshake(&rustls::version::TLS12); + let mut client = outcome.client.take().unwrap(); + + match client.process_tls_records(&mut []) { + UnbufferedStatus { + discard: 0, + state: Ok(ConnectionState::WriteTraffic(wt)), + } => { + assert_eq!( + wt.refresh_traffic_keys().unwrap_err(), + Error::HandshakeNotComplete, + ); + } + st => { + panic!("unexpected client state {st:?}"); + } + }; +} + +#[test] +fn refresh_traffic_keys_manually() { + let mut outcome = handshake(&rustls::version::TLS13); + let mut client = outcome.client.take().unwrap(); + let mut server = outcome.server.take().unwrap(); + + match client.process_tls_records(&mut []) { + UnbufferedStatus { + discard: 0, + state: Ok(ConnectionState::WriteTraffic(wt)), + } => { + wt.refresh_traffic_keys().unwrap(); + } + st => { + panic!("unexpected client state {st:?}"); + } + }; + + let mut buffer = [0u8; 64]; + let used = match client.process_tls_records(&mut []) { + UnbufferedStatus { + discard: 0, + state: Ok(ConnectionState::EncodeTlsData(mut etd)), + } => { + println!("EncodeTlsData"); + etd.encode(&mut buffer).unwrap() + } + st => { + panic!("unexpected client state {st:?}"); + } + }; + + match client.process_tls_records(&mut []) { + UnbufferedStatus { + discard: 0, + state: Ok(ConnectionState::TransmitTlsData(ttd)), + } => { + ttd.done(); + } + st => { + panic!("unexpected client state {st:?}"); + } + }; + + println!("server WriteTraffic"); + let used = match server.process_tls_records(&mut buffer[..used]) { + UnbufferedStatus { + discard: actual_used, + state: Ok(ConnectionState::WriteTraffic(mut wt)), + } => { + assert_eq!(used, actual_used); + wt.encrypt(b"hello", &mut buffer) + .unwrap() + } + st => { + panic!("unexpected server state {st:?}"); + } + }; + + println!("client recv"); + match client.process_tls_records(&mut buffer[..used]) { + UnbufferedStatus { + discard: actual_used, + state: Ok(ConnectionState::ReadTraffic(mut rt)), + } => { + assert_eq!(used, actual_used); + let app_data = rt.next_record().unwrap().unwrap(); + assert_eq!(app_data.payload, b"hello"); + } + st => { + panic!("unexpected client state {st:?}"); + } + }; + + println!("client reply"); + let used = match client.process_tls_records(&mut []) { + UnbufferedStatus { + discard: 0, + state: Ok(ConnectionState::WriteTraffic(mut wt)), + } => wt + .encrypt(b"world", &mut buffer) + .unwrap(), + st => { + panic!("unexpected client state {st:?}"); + } + }; + + match server.process_tls_records(&mut buffer[..used]) { + UnbufferedStatus { + discard: actual_used, + state: Ok(ConnectionState::ReadTraffic(mut rt)), + } => { + assert_eq!(used, actual_used); + let app_data = rt.next_record().unwrap().unwrap(); + assert_eq!(app_data.payload, b"world"); + } + st => { + panic!("unexpected server state {st:?}"); + } + }; +} + fn write_traffic) -> R>( status: UnbufferedStatus<'_, '_, T>, mut f: F, From 7551448d497e1f0f56e521e2399244e45eaf3437 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 14 Jun 2024 16:53:48 +0100 Subject: [PATCH 1089/1145] unbuffered: test automatic key refresh --- rustls/tests/unbuffered.rs | 78 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 35061b749e..66a003fd22 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -633,6 +633,84 @@ fn refresh_traffic_keys_manually() { }; } +#[test] +fn refresh_traffic_keys_automatically() { + const fn encrypted_size(body: usize) -> usize { + let padding = 1; + let header = 5; + let tag = 16; + header + body + padding + tag + } + + const KEY_UPDATE_SIZE: usize = encrypted_size(5); + const CONFIDENTIALITY_LIMIT: usize = 1024; + const CONFIDENTIALITY_LIMIT_PLUS_ONE: usize = CONFIDENTIALITY_LIMIT + 1; + + let client_config = finish_client_config( + KeyType::Rsa2048, + ClientConfig::builder_with_provider(tls13_aes_128_gcm_with_1024_confidentiality_limit()) + .with_safe_default_protocol_versions() + .unwrap(), + ); + + let server_config = make_server_config(KeyType::Rsa2048); + let mut outcome = run( + Arc::new(client_config), + &mut NO_ACTIONS.clone(), + Arc::new(server_config), + &mut NO_ACTIONS.clone(), + ); + let mut server = outcome.server.take().unwrap(); + let mut client = outcome.client.take().unwrap(); + + match client.process_tls_records(&mut []) { + UnbufferedStatus { + discard: 0, + state: Ok(ConnectionState::WriteTraffic(mut wt)), + } => { + // Must happen on a single `WriteTraffic` instance, to + // validate that handshake messages are included + // in the TLS records returned by `WriteTraffic::encrypt` + for i in 0..(CONFIDENTIALITY_LIMIT + 16) { + let message = format!("{i:08}"); + + let mut buffer = [0u8; 64]; + let used = wt + .encrypt(message.as_bytes(), &mut buffer) + .unwrap(); + + assert_eq!( + used, + match i { + // The key_update message triggered by write N appears in write N+1 + CONFIDENTIALITY_LIMIT_PLUS_ONE => + KEY_UPDATE_SIZE + encrypted_size(message.len()), + _ => encrypted_size(message.len()), + } + ); + + match server.process_tls_records(&mut buffer[..used]) { + UnbufferedStatus { + discard: actual_used, + state: Ok(ConnectionState::ReadTraffic(mut rt)), + } => { + assert_eq!(used, actual_used); + let record = rt.next_record().unwrap().unwrap(); + assert_eq!(record.payload, message.as_bytes()); + } + st => { + panic!("unexpected server state {st:?}"); + } + }; + println!("{i}: wrote {used}"); + } + } + st => { + panic!("unexpected client state {st:?}"); + } + }; +} + fn write_traffic) -> R>( status: UnbufferedStatus<'_, '_, T>, mut f: F, From 082b3f830a686a515653549561809628d21ee611 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 17 Jun 2024 12:58:31 +0100 Subject: [PATCH 1090/1145] Test and fix TLS1.2 closure on key exhaustion This was previously untested and... didn't work very well. First, sending a close_notify when `send_single_fragment` refuses to send anything further is not fruitful. Exempt alerts from that (they have very little secret content, and we send few if any on a given connection, so cannot meaningfully contribute to reaching the key's birthday bound.) Second, `send_close_notify` when `send_single_fragment` will itself call `send_close_notify` does not terminate. Use the existing `send_close_notify` idempotency to prevent this. Finally, add an error-level log to this code path. It is uncommon, and fatal to the connection. --- rustls/src/common_state.rs | 30 ++++++++++++++++------- rustls/src/lib.rs | 1 + rustls/tests/api.rs | 50 ++++++++++++++++++++++++++++++++++++-- rustls/tests/common/mod.rs | 27 +++++++++++++++++--- rustls/tests/unbuffered.rs | 2 +- 5 files changed, 94 insertions(+), 16 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 54ba98f2d1..1ef4161546 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -6,7 +6,7 @@ use pki_types::CertificateDer; use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; #[cfg(feature = "logging")] -use crate::log::{debug, warn}; +use crate::log::{debug, error, warn}; use crate::msgs::alert::AlertMessagePayload; use crate::msgs::base::Payload; use crate::msgs::enums::{AlertLevel, KeyUpdateRequest}; @@ -227,6 +227,7 @@ impl CommonState { self.refresh_traffic_keys_pending = Some(()); } _ => { + error!("Traffic keys exhausted, closing connection to prevent security failure"); self.eager_send_close_notify(outgoing_tls)?; return Err(EncryptError::EncryptExhausted); } @@ -307,21 +308,32 @@ impl CommonState { } fn send_single_fragment(&mut self, m: OutboundPlainMessage) { - match self - .record_layer - .next_pre_encrypt_action() - { - record_layer::PreEncryptAction::Nothing => {} + match ( + &m, + self.record_layer + .next_pre_encrypt_action(), + ) { + // Alerts are always sendable -- never quashed by a PreEncryptAction. + ( + OutboundPlainMessage { + typ: ContentType::Alert, + .. + }, + _, + ) => {} + + (_, record_layer::PreEncryptAction::Nothing) => {} // Close connection once we start to run out of // sequence space. - record_layer::PreEncryptAction::RefreshOrClose => { + (_, record_layer::PreEncryptAction::RefreshOrClose) => { match self.negotiated_version { Some(ProtocolVersion::TLSv1_3) => { // driven by caller, as we don't have the `State` here self.refresh_traffic_keys_pending = Some(()); } _ => { + error!("Traffic keys exhausted, closing connection to prevent security failure"); self.send_close_notify(); return; } @@ -330,7 +342,7 @@ impl CommonState { // Refuse to wrap counter at all costs. This // is basically untestable unfortunately. - record_layer::PreEncryptAction::Refuse => { + (_, record_layer::PreEncryptAction::Refuse) => { return; } }; @@ -526,8 +538,8 @@ impl CommonState { return; } debug!("Sending warning alert {:?}", AlertDescription::CloseNotify); - self.send_warning_alert_no_log(AlertDescription::CloseNotify); self.sent_fatal_alert = true; + self.send_warning_alert_no_log(AlertDescription::CloseNotify); } pub(crate) fn eager_send_close_notify( diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 2a536b0d28..bfc59c3a2e 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -380,6 +380,7 @@ mod log { macro_rules! trace ( ($($tt:tt)*) => {{}} ); macro_rules! debug ( ($($tt:tt)*) => {{}} ); macro_rules! warn ( ($($tt:tt)*) => {{}} ); + macro_rules! error ( ($($tt:tt)*) => {{}} ); } #[macro_use] diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index d02c6b5a56..257bf88e16 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -7162,8 +7162,7 @@ fn test_automatic_refresh_traffic_keys() { } const KEY_UPDATE_SIZE: usize = encrypted_size(5); - const CONFIDENTIALITY_LIMIT: u64 = 1024; - let provider = tls13_aes_128_gcm_with_1024_confidentiality_limit(); + let provider = aes_128_gcm_with_1024_confidentiality_limit(); let client_config = finish_client_config( KeyType::Ed25519, @@ -7224,3 +7223,50 @@ fn test_automatic_refresh_traffic_keys() { ); assert_eq!(transferred, KEY_UPDATE_SIZE + encrypted_size(message.len())); } + +#[cfg(feature = "tls12")] +#[test] +fn tls12_connection_fails_after_key_reaches_confidentiality_limit() { + let provider = aes_128_gcm_with_1024_confidentiality_limit(); + + let client_config = finish_client_config( + KeyType::Ed25519, + ClientConfig::builder_with_provider(provider.clone()) + .with_protocol_versions(&[&rustls::version::TLS12]) + .unwrap(), + ); + let server_config = finish_server_config( + KeyType::Ed25519, + ServerConfig::builder_with_provider(provider) + .with_safe_default_protocol_versions() + .unwrap(), + ); + + let (mut client, mut server) = make_pair_for_configs(client_config, server_config); + do_handshake(&mut client, &mut server); + + for i in 0..CONFIDENTIALITY_LIMIT { + let message = format!("{i:08}"); + client + .writer() + .write_all(message.as_bytes()) + .unwrap(); + let transferred = transfer(&mut client, &mut server); + println!( + "{}: {} -> {:?}", + i, + transferred, + server.process_new_packets().unwrap() + ); + + let mut buf = [0u8; 32]; + let recvd = server.reader().read(&mut buf).unwrap(); + + match i { + 1023 => assert_eq!(recvd, 0), + _ => assert_eq!(&buf[..recvd], message.as_bytes()), + } + } +} + +const CONFIDENTIALITY_LIMIT: u64 = 1024; diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 6344e1a708..01398254d1 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -1042,13 +1042,14 @@ impl RawTls { } } -pub fn tls13_aes_128_gcm_with_1024_confidentiality_limit() -> Arc { +pub fn aes_128_gcm_with_1024_confidentiality_limit() -> Arc { const CONFIDENTIALITY_LIMIT: u64 = 1024; // needed to extend lifetime of Tls13CipherSuite to 'static - static LIMITED_SUITE: OnceCell = OnceCell::new(); + static TLS13_LIMITED_SUITE: OnceCell = OnceCell::new(); + static TLS12_LIMITED_SUITE: OnceCell = OnceCell::new(); - let limited = LIMITED_SUITE.get_or_init(|| { + let tls13_limited = TLS13_LIMITED_SUITE.get_or_init(|| { let tls13 = provider::cipher_suite::TLS13_AES_128_GCM_SHA256 .tls13() .unwrap(); @@ -1062,8 +1063,26 @@ pub fn tls13_aes_128_gcm_with_1024_confidentiality_limit() -> Arc tls12, + _ => unreachable!(), + }; + + rustls::Tls12CipherSuite { + common: rustls::crypto::CipherSuiteCommon { + confidentiality_limit: CONFIDENTIALITY_LIMIT, + ..tls12.common + }, + ..*tls12 + } + }); + CryptoProvider { - cipher_suites: vec![SupportedCipherSuite::Tls13(limited)], + cipher_suites: vec![ + SupportedCipherSuite::Tls13(tls13_limited), + SupportedCipherSuite::Tls12(tls12_limited), + ], ..provider::default_provider() } .into() diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 66a003fd22..bbf1676e9b 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -648,7 +648,7 @@ fn refresh_traffic_keys_automatically() { let client_config = finish_client_config( KeyType::Rsa2048, - ClientConfig::builder_with_provider(tls13_aes_128_gcm_with_1024_confidentiality_limit()) + ClientConfig::builder_with_provider(aes_128_gcm_with_1024_confidentiality_limit()) .with_safe_default_protocol_versions() .unwrap(), ); From 8a8023addb9ae311f66b16e272e85654c9588eeb Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Tue, 18 Jun 2024 16:45:55 +0100 Subject: [PATCH 1091/1145] unbuffered: test and fix TLS1.2 closure on key exhaustion Calling `eager_send_close_notify` here was wrong, as it is impossible to communicate to the caller that a message has been written to `outgoing_tls` (via its length), _and_ return the error. Instead, use `send_close_notify` which pends data to be sent on the next `EncodeTlsData` state. --- rustls/src/common_state.rs | 2 +- rustls/tests/unbuffered.rs | 93 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+), 1 deletion(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 1ef4161546..bd1aee578e 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -228,7 +228,7 @@ impl CommonState { } _ => { error!("Traffic keys exhausted, closing connection to prevent security failure"); - self.eager_send_close_notify(outgoing_tls)?; + self.send_close_notify(); return Err(EncryptError::EncryptExhausted); } }, diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index bbf1676e9b..b02683111b 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -711,6 +711,77 @@ fn refresh_traffic_keys_automatically() { }; } +#[test] +fn tls12_connection_fails_after_key_reaches_confidentiality_limit() { + const CONFIDENTIALITY_LIMIT: usize = 1024; + + let client_config = finish_client_config( + KeyType::Ed25519, + ClientConfig::builder_with_provider(aes_128_gcm_with_1024_confidentiality_limit()) + .with_protocol_versions(&[&rustls::version::TLS12]) + .unwrap(), + ); + + let server_config = make_server_config(KeyType::Ed25519); + let mut outcome = run( + Arc::new(client_config), + &mut NO_ACTIONS.clone(), + Arc::new(server_config), + &mut NO_ACTIONS.clone(), + ); + let mut server = outcome.server.take().unwrap(); + let mut client = outcome.client.take().unwrap(); + + match client.process_tls_records(&mut []) { + UnbufferedStatus { + discard: 0, + state: Ok(ConnectionState::WriteTraffic(mut wt)), + } => { + for i in 0..CONFIDENTIALITY_LIMIT { + let message = format!("{i:08}"); + + let mut buffer = [0u8; 64]; + let used = match wt.encrypt(message.as_bytes(), &mut buffer) { + Ok(used) => used, + Err(EncryptError::EncryptExhausted) if i == CONFIDENTIALITY_LIMIT - 1 => { + break; + } + rc @ Err(_) => rc.unwrap(), + }; + + match server.process_tls_records(&mut buffer[..used]) { + UnbufferedStatus { + discard: actual_used, + state: Ok(ConnectionState::ReadTraffic(mut rt)), + } => { + assert_eq!(used, actual_used); + let record = rt.next_record().unwrap().unwrap(); + assert_eq!(record.payload, message.as_bytes()); + } + st => { + panic!("unexpected server state {st:?}"); + } + }; + println!("{i}: wrote {used}"); + } + } + st => { + panic!("unexpected client state {st:?}"); + } + }; + + let mut data = encode_tls_data(client.process_tls_records(&mut [])); + let data_len = data.len(); + + match server.process_tls_records(&mut data) { + UnbufferedStatus { + discard, + state: Ok(ConnectionState::Closed), + } if discard == data_len => {} + st => panic!("unexpected server state {st:?}"), + } +} + fn write_traffic) -> R>( status: UnbufferedStatus<'_, '_, T>, mut f: F, @@ -725,6 +796,28 @@ fn write_traffic) -> R>( } } +fn encode_tls_data(status: UnbufferedStatus<'_, '_, T>) -> Vec { + match status { + UnbufferedStatus { + discard: 0, + state: Ok(ConnectionState::EncodeTlsData(mut etd)), + } => { + let len = match etd.encode(&mut []) { + Err(EncodeError::InsufficientSize(InsufficientSizeError { required_size })) => { + required_size + } + e => panic!("unexpected encode {e:?}"), + }; + let mut buf = vec![0u8; len]; + etd.encode(&mut buf).unwrap(); + buf + } + _ => { + panic!("unexpected state {status:?} (wanted EncodeTlsData)"); + } + } +} + #[derive(Debug)] enum State { Closed, From 10206b2d28f2c27fd770f316528677cfb1bbc190 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 24 Jun 2024 08:53:06 +0000 Subject: [PATCH 1092/1145] chore(deps): lock file maintenance --- Cargo.lock | 168 ++++++++++++++++++++++++------------------------ fuzz/Cargo.lock | 48 +++++++------- 2 files changed, 108 insertions(+), 108 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 11a0a92863..b338ddf11e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -160,7 +160,7 @@ checksum = "56e6076d38cc17cc22b0f65f31170a2ee1975e6b07f0012893aefd86ce19c987" dependencies = [ "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] @@ -256,7 +256,7 @@ dependencies = [ "futures-io", "futures-lite 2.3.0", "parking", - "polling 3.7.1", + "polling 3.7.2", "rustix 0.38.34", "slab", "tracing", @@ -291,7 +291,7 @@ checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11" dependencies = [ "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] @@ -335,7 +335,7 @@ checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca" dependencies = [ "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] @@ -352,9 +352,9 @@ checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "aws-lc-fips-sys" -version = "0.12.8" +version = "0.12.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "592ea6b0df0a72ec29701890f4857bc25c5e95a93370afe9d70b5e41db6ffcf3" +checksum = "6e5cc4286676d121ca5a2ce89e0d4ddbc2d660ac24bb17bc49607d700f49f993" dependencies = [ "bindgen", "cmake", @@ -366,9 +366,9 @@ dependencies = [ [[package]] name = "aws-lc-rs" -version = "1.7.2" +version = "1.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "474d7cec9d0a1126fad1b224b767fcbf351c23b0309bb21ec210bcfd379926a5" +checksum = "bf7d844e282b4b56750b2d4e893b2205581ded8709fddd2b6aa5418c150ca877" dependencies = [ "aws-lc-fips-sys", "aws-lc-sys", @@ -380,9 +380,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.17.0" +version = "0.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7505fc3cb7acbf42699a43a79dd9caa4ed9e99861dfbb837c5c0fb5a0a8d2980" +checksum = "c3a2c29203f6bf296d01141cc8bb9dbd5ecd4c27843f2ee0767bcd5985a927da" dependencies = [ "bindgen", "cc", @@ -395,9 +395,9 @@ dependencies = [ [[package]] name = "backtrace" -version = "0.3.72" +version = "0.3.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17c6a35df3749d2e8bb1b7b21a976d82b15548788d2735b9d82f329268f71a11" +checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a" dependencies = [ "addr2line", "cc", @@ -457,7 +457,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.66", + "syn 2.0.68", "which", ] @@ -536,9 +536,9 @@ checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" [[package]] name = "cc" -version = "1.0.98" +version = "1.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41c270e7540d725e65ac7f1b212ac8ce349719624d7bcff99f8e2e488e8cf03f" +checksum = "c891175c3fb232128f48de6590095e59198bbeb8620c310be349bfc3afd12c7b" dependencies = [ "jobserver", "libc", @@ -608,9 +608,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.4" +version = "4.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90bc066a67923782aa8515dbaea16946c5bcc5addbd668bb80af688e53e548a0" +checksum = "5db83dced34638ad474f39f250d7fea9598bdd239eaced1bdf45d597da0f433f" dependencies = [ "clap_builder", "clap_derive", @@ -618,9 +618,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.2" +version = "4.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae129e2e766ae0ec03484e609954119f123cc1fe650337e155d03b022f24f7b4" +checksum = "f7e204572485eb3fbf28f871612191521df159bc3e15a9f5064c66dba3a8c05f" dependencies = [ "anstream", "anstyle", @@ -630,21 +630,21 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.4" +version = "4.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "528131438037fd55894f62d6e9f068b8f45ac57ffa77517819645d10aed04f64" +checksum = "c780290ccf4fb26629baa7a1081e68ced113f1d3ec302fa5948f1c381ebf06c6" dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] name = "clap_lex" -version = "0.7.0" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "98cc8fbded0c607b7ba9dd60cd98df59af97e84d24e49c8557331cfc26d301ce" +checksum = "4b82cf0babdbd58558212896d1a4272303a57bdb245c2bf1147185fb45640e70" [[package]] name = "cmake" @@ -764,7 +764,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] @@ -871,7 +871,7 @@ dependencies = [ "heck 0.4.1", "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] @@ -1193,6 +1193,12 @@ version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" +[[package]] +name = "hermit-abi" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc" + [[package]] name = "hex" version = "0.4.3" @@ -1392,7 +1398,7 @@ version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "eae7b9aee968036d54dce06cebaefd919e4472e753296daccd6d344e3e2df0c2" dependencies = [ - "hermit-abi", + "hermit-abi 0.3.9", "libc", "windows-sys 0.48.0", ] @@ -1421,7 +1427,7 @@ version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" dependencies = [ - "hermit-abi", + "hermit-abi 0.3.9", "libc", "windows-sys 0.52.0", ] @@ -1485,11 +1491,11 @@ dependencies = [ [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" dependencies = [ - "spin 0.5.2", + "spin", ] [[package]] @@ -1506,9 +1512,9 @@ checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" [[package]] name = "libloading" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" +checksum = "e310b3a6b5907f99202fcdb4960ff45b93735d7c7d96b760fcff8db2dc0e103d" dependencies = [ "cfg-if", "windows-targets 0.52.5", @@ -1574,9 +1580,9 @@ checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4" [[package]] name = "memchr" -version = "2.7.2" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "minimal-lexical" @@ -1586,9 +1592,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87dfd01fe195c66b572b37921ad8803d010623c0aca821bea2302239d155cdae" +checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08" dependencies = [ "adler", ] @@ -1690,15 +1696,15 @@ version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" dependencies = [ - "hermit-abi", + "hermit-abi 0.3.9", "libc", ] [[package]] name = "object" -version = "0.35.0" +version = "0.36.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8ec7ab813848ba4522158d5517a6093db1ded27575b070f4177b8d12b41db5e" +checksum = "576dfe1fc8f9df304abb159d767a29d0476f7750fbf8aa7ad07816004a207434" dependencies = [ "memchr", ] @@ -1738,7 +1744,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] @@ -1894,13 +1900,13 @@ dependencies = [ [[package]] name = "polling" -version = "3.7.1" +version = "3.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e6a007746f34ed64099e88783b0ae369eaa3da6392868ba262e2af9b8fbaea1" +checksum = "a3ed00ed3fbf728b5816498ecd316d1716eecaced9c0c8d2c5a6740ca214985b" dependencies = [ "cfg-if", "concurrent-queue", - "hermit-abi", + "hermit-abi 0.4.0", "pin-project-lite", "rustix 0.38.34", "tracing", @@ -1949,7 +1955,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] @@ -1963,9 +1969,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.85" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] @@ -2051,18 +2057,18 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "469052894dcb553421e483e4209ee581a45100d31b4018de03e5a7ad86374a7e" +checksum = "c82cf8cff14456045f55ec4241383baeff27af886adb72ffb2162f99911de0fd" dependencies = [ "bitflags 2.5.0", ] [[package]] name = "regex" -version = "1.10.4" +version = "1.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" +checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" dependencies = [ "aho-corasick", "memchr", @@ -2072,9 +2078,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.6" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" +checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" dependencies = [ "aho-corasick", "memchr", @@ -2083,9 +2089,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" +checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "resolv-conf" @@ -2117,7 +2123,7 @@ dependencies = [ "cfg-if", "getrandom", "libc", - "spin 0.9.8", + "spin", "untrusted 0.9.0", "windows-sys 0.52.0", ] @@ -2229,7 +2235,7 @@ dependencies = [ "subtle", "tikv-jemallocator", "time", - "webpki-roots 0.26.2", + "webpki-roots 0.26.3", "zeroize", "zlib-rs", ] @@ -2278,7 +2284,7 @@ dependencies = [ "serde", "serde_derive", "tokio", - "webpki-roots 0.26.2", + "webpki-roots 0.26.3", ] [[package]] @@ -2327,7 +2333,7 @@ dependencies = [ "aws-lc-rs", "env_logger", "rustls 0.23.10", - "webpki-roots 0.26.2", + "webpki-roots 0.26.3", ] [[package]] @@ -2352,7 +2358,7 @@ dependencies = [ "rustls-webpki 0.102.4", "sha2", "signature", - "webpki-roots 0.26.2", + "webpki-roots 0.26.3", "x25519-dalek", ] @@ -2454,7 +2460,7 @@ checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" dependencies = [ "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] @@ -2530,12 +2536,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - [[package]] name = "spin" version = "0.9.8" @@ -2566,9 +2566,9 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "0d0208408ba0c3df17ed26eb06992cb1a1268d41b2c0e12e65203fbe3972cee5" [[package]] name = "syn" @@ -2583,9 +2583,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.66" +version = "2.0.68" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5" +checksum = "901fa70d88b9d6c98022e23b4136f9f3e54e4662c3bc1bd1d84a42a9a0f0c1e9" dependencies = [ "proc-macro2", "quote", @@ -2618,7 +2618,7 @@ checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533" dependencies = [ "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] @@ -2700,7 +2700,7 @@ checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] @@ -2745,7 +2745,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] @@ -2808,9 +2808,9 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "url" -version = "2.5.0" +version = "2.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" +checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c" dependencies = [ "form_urlencoded", "idna", @@ -2819,9 +2819,9 @@ dependencies = [ [[package]] name = "utf8parse" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "value-bag" @@ -2874,7 +2874,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", "wasm-bindgen-shared", ] @@ -2908,7 +2908,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2937,9 +2937,9 @@ checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" [[package]] name = "webpki-roots" -version = "0.26.2" +version = "0.26.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c452ad30530b54a4d8e71952716a212b08efd0f3562baa66c29a618b07da7c3" +checksum = "bd7c23921eeb1713a4e851530e9b9756e4fb0e89978582942612524cf09f01cd" dependencies = [ "rustls-pki-types", ] @@ -3180,7 +3180,7 @@ checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] @@ -3200,7 +3200,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.66", + "syn 2.0.68", ] [[package]] diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 68a9e5fbb5..09bed286cd 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -19,9 +19,9 @@ checksum = "64cf76cb6e2222ed0ea86b2b0ee2f71c96ec6edd5af42e84d59160e91b836ec4" [[package]] name = "aws-lc-rs" -version = "1.7.2" +version = "1.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "474d7cec9d0a1126fad1b224b767fcbf351c23b0309bb21ec210bcfd379926a5" +checksum = "bf7d844e282b4b56750b2d4e893b2205581ded8709fddd2b6aa5418c150ca877" dependencies = [ "aws-lc-sys", "mirai-annotations", @@ -31,9 +31,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.17.0" +version = "0.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7505fc3cb7acbf42699a43a79dd9caa4ed9e99861dfbb837c5c0fb5a0a8d2980" +checksum = "c3a2c29203f6bf296d01141cc8bb9dbd5ecd4c27843f2ee0767bcd5985a927da" dependencies = [ "bindgen", "cc", @@ -75,9 +75,9 @@ checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" [[package]] name = "cc" -version = "1.0.98" +version = "1.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41c270e7540d725e65ac7f1b212ac8ce349719624d7bcff99f8e2e488e8cf03f" +checksum = "c891175c3fb232128f48de6590095e59198bbeb8620c310be349bfc3afd12c7b" dependencies = [ "jobserver", "libc", @@ -193,9 +193,9 @@ dependencies = [ [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "lazycell" @@ -220,9 +220,9 @@ dependencies = [ [[package]] name = "libloading" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" +checksum = "e310b3a6b5907f99202fcdb4960ff45b93735d7c7d96b760fcff8db2dc0e103d" dependencies = [ "cfg-if", "windows-targets", @@ -242,9 +242,9 @@ checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" [[package]] name = "memchr" -version = "2.7.2" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "minimal-lexical" @@ -292,9 +292,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.85" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] @@ -310,9 +310,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.10.4" +version = "1.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c117dbdfde9c8308975b6a18d71f3f385c89461f7b3fb054288ecf2a2058ba4c" +checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" dependencies = [ "aho-corasick", "memchr", @@ -322,9 +322,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.6" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86b83b8b9847f9bf95ef68afb0b8e6cdb80f498442f5179a29fad448fcc1eaea" +checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" dependencies = [ "aho-corasick", "memchr", @@ -333,9 +333,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56" +checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "ring" @@ -425,15 +425,15 @@ checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "0d0208408ba0c3df17ed26eb06992cb1a1268d41b2c0e12e65203fbe3972cee5" [[package]] name = "syn" -version = "2.0.66" +version = "2.0.68" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5" +checksum = "901fa70d88b9d6c98022e23b4136f9f3e54e4662c3bc1bd1d84a42a9a0f0c1e9" dependencies = [ "proc-macro2", "quote", From ce6e3b5cc2e149769f5d4979370f50ac911404e6 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 21 Jun 2024 13:45:48 +0100 Subject: [PATCH 1093/1145] unbuffered*-client: address windows stack exhaustion? --- examples/src/bin/unbuffered-async-client.rs | 2 +- examples/src/bin/unbuffered-client.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/src/bin/unbuffered-async-client.rs b/examples/src/bin/unbuffered-async-client.rs index d06e261e7f..60eb0d5848 100644 --- a/examples/src/bin/unbuffered-async-client.rs +++ b/examples/src/bin/unbuffered-async-client.rs @@ -34,7 +34,7 @@ async fn main() -> Result<(), Box> { let config = Arc::new(config); - let mut incoming_tls = [0; INCOMING_TLS_BUFSIZE]; + let mut incoming_tls = vec![0; INCOMING_TLS_BUFSIZE]; let mut outgoing_tls = vec![0; OUTGOING_TLS_INITIAL_BUFSIZE]; converse(&config, &mut incoming_tls, &mut outgoing_tls).await?; diff --git a/examples/src/bin/unbuffered-client.rs b/examples/src/bin/unbuffered-client.rs index 7ebc5de629..fe001273ea 100644 --- a/examples/src/bin/unbuffered-client.rs +++ b/examples/src/bin/unbuffered-client.rs @@ -26,7 +26,7 @@ fn main() -> Result<(), Box> { let config = Arc::new(config); - let mut incoming_tls = [0; INCOMING_TLS_BUFSIZE]; + let mut incoming_tls = vec![0; INCOMING_TLS_BUFSIZE]; let mut outgoing_tls = vec![0; OUTGOING_TLS_INITIAL_BUFSIZE]; converse(&config, false, &mut incoming_tls, &mut outgoing_tls)?; From a5b2fdf9f714e2511c827584c3e9ea8ba703fcb7 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 24 Jun 2024 10:02:08 +0100 Subject: [PATCH 1094/1145] Assert stack size of unbuffered connection types --- rustls/tests/api.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 257bf88e16..e2c3010b11 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -5344,6 +5344,14 @@ fn connection_types_are_not_huge() { // Arbitrary sizes assert_lt(mem::size_of::(), 1600); assert_lt(mem::size_of::(), 1600); + assert_lt( + mem::size_of::(), + 1600, + ); + assert_lt( + mem::size_of::(), + 1600, + ); } #[test] From 33986db3f8cdfa2452403ece070004bb46b22be1 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 21 Jun 2024 15:07:21 +0100 Subject: [PATCH 1095/1145] unbuffered*-client: attempt to fix flickeryness In this case the server's response was split over two packets. Most of the time these arrived together and the test passed. In the case where the server's second packet was slightly delayed, we'd see the first one (but not be able to process it) and then send a close_notify, and clear the `open_connection` flag. That meant we dropped out of the loop with non-zero `incoming_used`; this failed an assertion. Instead: track received/sent close_notify separately, and try to read any remaining incoming data. --- examples/src/bin/unbuffered-async-client.rs | 13 ++++++++----- examples/src/bin/unbuffered-client.rs | 13 ++++++++----- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/examples/src/bin/unbuffered-async-client.rs b/examples/src/bin/unbuffered-async-client.rs index 60eb0d5848..5cfb1390d9 100644 --- a/examples/src/bin/unbuffered-async-client.rs +++ b/examples/src/bin/unbuffered-async-client.rs @@ -53,12 +53,13 @@ async fn converse( let mut incoming_used = 0; let mut outgoing_used = 0; - let mut open_connection = true; + let mut we_closed = false; + let mut peer_closed = false; let mut sent_request = false; let mut received_response = false; let mut iter_count = 0; - while open_connection { + while !(peer_closed || (we_closed && incoming_used == 0)) { let UnbufferedStatus { mut discard, state } = conn.process_tls_records(&mut incoming_tls[..incoming_used]); @@ -134,7 +135,7 @@ async fn converse( // `TransmitTlsData` state. the server should have already written a // response which we can read out from the socket recv_tls(&mut sock, incoming_tls, &mut incoming_used).await?; - } else { + } else if !we_closed { try_or_resize_and_retry( |out_buffer| may_encrypt.queue_close_notify(out_buffer), |e| { @@ -148,12 +149,14 @@ async fn converse( &mut outgoing_used, )?; send_tls(&mut sock, outgoing_tls, &mut outgoing_used).await?; - open_connection = false; + we_closed = true; + } else { + recv_tls(&mut sock, incoming_tls, &mut incoming_used).await?; } } ConnectionState::Closed => { - open_connection = false; + peer_closed = true; } // other states are not expected in this example diff --git a/examples/src/bin/unbuffered-client.rs b/examples/src/bin/unbuffered-client.rs index fe001273ea..ec0f4c1b19 100644 --- a/examples/src/bin/unbuffered-client.rs +++ b/examples/src/bin/unbuffered-client.rs @@ -50,13 +50,14 @@ fn converse( let mut incoming_used = 0; let mut outgoing_used = 0; - let mut open_connection = true; + let mut we_closed = false; + let mut peer_closed = false; let mut sent_request = false; let mut received_response = false; let mut sent_early_data = false; let mut iter_count = 0; - while open_connection { + while !(peer_closed || (we_closed && incoming_used == 0)) { let UnbufferedStatus { mut discard, state } = conn.process_tls_records(&mut incoming_tls[..incoming_used]); @@ -147,7 +148,7 @@ fn converse( // `TransmitTlsData` state. the server should have already written a // response which we can read out from the socket recv_tls(&mut sock, incoming_tls, &mut incoming_used)?; - } else { + } else if !we_closed { try_or_resize_and_retry( |out_buffer| may_encrypt.queue_close_notify(out_buffer), |e| { @@ -161,12 +162,14 @@ fn converse( &mut outgoing_used, )?; send_tls(&mut sock, outgoing_tls, &mut outgoing_used)?; - open_connection = false; + we_closed = true; + } else { + recv_tls(&mut sock, incoming_tls, &mut incoming_used)?; } } ConnectionState::Closed => { - open_connection = false; + peer_closed = true; } // other states are not expected in this example From f90bdc418623a562631272bc49d07591dd6bd79f Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 21 Jun 2024 15:27:28 +0100 Subject: [PATCH 1096/1145] pre_encrypt_action: use match --- rustls/src/record_layer.rs | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index 9efc32a1bb..9b6f70e961 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -198,13 +198,10 @@ impl RecordLayer { /// `add` is added to the current sequence number. `add` as `0` means /// "the next message processed by `encrypt_outgoing`" pub(crate) fn pre_encrypt_action(&self, add: u64) -> PreEncryptAction { - let value = self.write_seq.saturating_add(add); - if value == self.write_seq_max { - PreEncryptAction::RefreshOrClose - } else if value >= SEQ_HARD_LIMIT { - PreEncryptAction::Refuse - } else { - PreEncryptAction::Nothing + match self.write_seq.saturating_add(add) { + v if v == self.write_seq_max => PreEncryptAction::RefreshOrClose, + SEQ_HARD_LIMIT.. => PreEncryptAction::Refuse, + _ => PreEncryptAction::Nothing, } } From 927250cc6aff3732d066681c01fc34d10b2bbed2 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 21 Jun 2024 15:28:50 +0100 Subject: [PATCH 1097/1145] Import `record_layer::PreEncryptAction` --- rustls/src/common_state.rs | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index bd1aee578e..65935a540e 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -16,6 +16,7 @@ use crate::msgs::message::{ Message, MessagePayload, OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PlainMessage, }; +use crate::record_layer::PreEncryptAction; use crate::suites::{PartiallyExtractedSecrets, SupportedCipherSuite}; #[cfg(feature = "tls12")] use crate::tls12::ConnectionSecrets; @@ -220,8 +221,8 @@ impl CommonState { .record_layer .pre_encrypt_action(f as u64) { - record_layer::PreEncryptAction::Nothing => {} - record_layer::PreEncryptAction::RefreshOrClose => match self.negotiated_version { + PreEncryptAction::Nothing => {} + PreEncryptAction::RefreshOrClose => match self.negotiated_version { Some(ProtocolVersion::TLSv1_3) => { // driven by caller, as we don't have the `State` here self.refresh_traffic_keys_pending = Some(()); @@ -232,7 +233,7 @@ impl CommonState { return Err(EncryptError::EncryptExhausted); } }, - record_layer::PreEncryptAction::Refuse => { + PreEncryptAction::Refuse => { return Err(EncryptError::EncryptExhausted); } } @@ -322,11 +323,11 @@ impl CommonState { _, ) => {} - (_, record_layer::PreEncryptAction::Nothing) => {} + (_, PreEncryptAction::Nothing) => {} // Close connection once we start to run out of // sequence space. - (_, record_layer::PreEncryptAction::RefreshOrClose) => { + (_, PreEncryptAction::RefreshOrClose) => { match self.negotiated_version { Some(ProtocolVersion::TLSv1_3) => { // driven by caller, as we don't have the `State` here @@ -342,7 +343,7 @@ impl CommonState { // Refuse to wrap counter at all costs. This // is basically untestable unfortunately. - (_, record_layer::PreEncryptAction::Refuse) => { + (_, PreEncryptAction::Refuse) => { return; } }; From 42437fed76d10c0edd81ce39c179e3258862086f Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 21 Jun 2024 15:31:31 +0100 Subject: [PATCH 1098/1145] Use `mem::take` rather than `Option::take` for flag --- rustls/src/common_state.rs | 8 ++++---- rustls/src/conn.rs | 11 +++++------ 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 65935a540e..f17a025f32 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -52,7 +52,7 @@ pub struct CommonState { pub(crate) quic: quic::Quic, pub(crate) enable_secret_extraction: bool, temper_counters: TemperCounters, - pub(crate) refresh_traffic_keys_pending: Option<()>, + pub(crate) refresh_traffic_keys_pending: bool, } impl CommonState { @@ -81,7 +81,7 @@ impl CommonState { quic: quic::Quic::default(), enable_secret_extraction: false, temper_counters: TemperCounters::default(), - refresh_traffic_keys_pending: None, + refresh_traffic_keys_pending: false, } } @@ -225,7 +225,7 @@ impl CommonState { PreEncryptAction::RefreshOrClose => match self.negotiated_version { Some(ProtocolVersion::TLSv1_3) => { // driven by caller, as we don't have the `State` here - self.refresh_traffic_keys_pending = Some(()); + self.refresh_traffic_keys_pending = true; } _ => { error!("Traffic keys exhausted, closing connection to prevent security failure"); @@ -331,7 +331,7 @@ impl CommonState { match self.negotiated_version { Some(ProtocolVersion::TLSv1_3) => { // driven by caller, as we don't have the `State` here - self.refresh_traffic_keys_pending = Some(()); + self.refresh_traffic_keys_pending = true; } _ => { error!("Traffic keys exhausted, closing connection to prevent security failure"); diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 62b8f8f83c..4860b1f05b 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -979,12 +979,11 @@ impl ConnectionCore { /// Trigger a `refresh_traffic_keys` if required by `CommonState`. fn maybe_refresh_traffic_keys(&mut self) { - if self - .common_state - .refresh_traffic_keys_pending - .take() - .is_some() - { + if mem::take( + &mut self + .common_state + .refresh_traffic_keys_pending, + ) { let _ = self.refresh_traffic_keys(); } } From 8a9ff7d31284250d8b16772bd781cdccc6f19be3 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 21 Jun 2024 15:32:07 +0100 Subject: [PATCH 1099/1145] Lower-case log message --- rustls/src/common_state.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index f17a025f32..7149f38b77 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -228,7 +228,7 @@ impl CommonState { self.refresh_traffic_keys_pending = true; } _ => { - error!("Traffic keys exhausted, closing connection to prevent security failure"); + error!("traffic keys exhausted, closing connection to prevent security failure"); self.send_close_notify(); return Err(EncryptError::EncryptExhausted); } @@ -334,7 +334,7 @@ impl CommonState { self.refresh_traffic_keys_pending = true; } _ => { - error!("Traffic keys exhausted, closing connection to prevent security failure"); + error!("traffic keys exhausted, closing connection to prevent security failure"); self.send_close_notify(); return; } From 183dedca23946a0b1f1fc834677200974b5d1a45 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 21 Jun 2024 15:39:14 +0100 Subject: [PATCH 1100/1145] send_single_fragment: restructure --- rustls/src/common_state.rs | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 7149f38b77..ba4a8d5ea7 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -309,25 +309,22 @@ impl CommonState { } fn send_single_fragment(&mut self, m: OutboundPlainMessage) { - match ( - &m, - self.record_layer - .next_pre_encrypt_action(), - ) { + if m.typ == ContentType::Alert { // Alerts are always sendable -- never quashed by a PreEncryptAction. - ( - OutboundPlainMessage { - typ: ContentType::Alert, - .. - }, - _, - ) => {} + let em = self.record_layer.encrypt_outgoing(m); + self.queue_tls_message(em); + return; + } - (_, PreEncryptAction::Nothing) => {} + match self + .record_layer + .next_pre_encrypt_action() + { + PreEncryptAction::Nothing => {} // Close connection once we start to run out of // sequence space. - (_, PreEncryptAction::RefreshOrClose) => { + PreEncryptAction::RefreshOrClose => { match self.negotiated_version { Some(ProtocolVersion::TLSv1_3) => { // driven by caller, as we don't have the `State` here @@ -343,7 +340,7 @@ impl CommonState { // Refuse to wrap counter at all costs. This // is basically untestable unfortunately. - (_, PreEncryptAction::Refuse) => { + PreEncryptAction::Refuse => { return; } }; From 3ce518b015e3ea5624d50ff4cd22ff37418f7702 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 24 Jun 2024 10:24:39 +0100 Subject: [PATCH 1101/1145] Extract `key_update` sending into `update_encrypter` & rename --- rustls/src/client/tls13.rs | 5 +---- rustls/src/server/tls13.rs | 5 +---- rustls/src/tls13/key_schedule.rs | 9 ++++++++- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 587ae7634d..8f1083c7f8 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -1555,11 +1555,8 @@ impl State for ExpectTraffic { } fn send_key_update_request(&mut self, common: &mut CommonState) -> Result<(), Error> { - common.check_aligned_handshake()?; - common.send_msg(Message::build_key_update_request(), true); self.key_schedule - .update_encrypter(common); - Ok(()) + .request_key_update_and_update_encrypter(common) } fn export_keying_material( diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 6c07e79fd9..42d3c03768 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1537,11 +1537,8 @@ impl State for ExpectTraffic { } fn send_key_update_request(&mut self, common: &mut CommonState) -> Result<(), Error> { - common.check_aligned_handshake()?; - common.send_msg(Message::build_key_update_request(), true); self.key_schedule - .update_encrypter(common); - Ok(()) + .request_key_update_and_update_encrypter(common) } fn into_owned(self: Box) -> hs::NextState<'static> { diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index a4d8015eec..e1790d8302 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -6,6 +6,7 @@ use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter}; use crate::crypto::tls13::{expand, Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::crypto::{hash, hmac, SharedSecret}; use crate::error::Error; +use crate::msgs::message::Message; use crate::suites::PartiallyExtractedSecrets; use crate::{quic, KeyLog, Tls13CipherSuite}; @@ -496,9 +497,15 @@ impl KeyScheduleTraffic { self.ks.set_encrypter(&secret, common); } - pub(crate) fn update_encrypter(&mut self, common: &mut CommonState) { + pub(crate) fn request_key_update_and_update_encrypter( + &mut self, + common: &mut CommonState, + ) -> Result<(), Error> { + common.check_aligned_handshake()?; + common.send_msg_encrypt(Message::build_key_update_request().into()); let secret = self.next_application_traffic_secret(common.side); self.ks.set_encrypter(&secret, common); + Ok(()) } pub(crate) fn update_decrypter(&mut self, common: &mut CommonState) { From 185cc7184a73f6a75fc33930386217e33696d1ad Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 21 Jun 2024 16:11:48 +0100 Subject: [PATCH 1102/1145] Inline single-use `key_update` constructors --- rustls/src/msgs/handshake.rs | 14 -------------- rustls/src/msgs/message/mod.rs | 14 ++++++++++---- 2 files changed, 10 insertions(+), 18 deletions(-) diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 66d1cb486b..94e4f3f2d3 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -2696,20 +2696,6 @@ impl<'a> HandshakeMessagePayload<'a> { .map(|_| Self { typ, payload }) } - pub(crate) fn build_key_update_notify() -> Self { - Self { - typ: HandshakeType::KeyUpdate, - payload: HandshakePayload::KeyUpdate(KeyUpdateRequest::UpdateNotRequested), - } - } - - pub(crate) fn build_key_update_request() -> Self { - Self { - typ: HandshakeType::KeyUpdate, - payload: HandshakePayload::KeyUpdate(KeyUpdateRequest::UpdateRequested), - } - } - pub(crate) fn encoding_for_binder_signing(&self) -> Vec { let mut ret = self.get_encoding(); diff --git a/rustls/src/msgs/message/mod.rs b/rustls/src/msgs/message/mod.rs index 564d641daf..109422ad5a 100644 --- a/rustls/src/msgs/message/mod.rs +++ b/rustls/src/msgs/message/mod.rs @@ -4,8 +4,8 @@ use crate::msgs::alert::AlertMessagePayload; use crate::msgs::base::Payload; use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::codec::{Codec, Reader}; -use crate::msgs::enums::AlertLevel; -use crate::msgs::handshake::HandshakeMessagePayload; +use crate::msgs::enums::{AlertLevel, KeyUpdateRequest}; +use crate::msgs::handshake::{HandshakeMessagePayload, HandshakePayload}; mod inbound; pub use inbound::{BorrowedPayload, InboundOpaqueMessage, InboundPlainMessage}; @@ -175,14 +175,20 @@ impl Message<'_> { pub fn build_key_update_notify() -> Self { Self { version: ProtocolVersion::TLSv1_3, - payload: MessagePayload::handshake(HandshakeMessagePayload::build_key_update_notify()), + payload: MessagePayload::handshake(HandshakeMessagePayload { + typ: HandshakeType::KeyUpdate, + payload: HandshakePayload::KeyUpdate(KeyUpdateRequest::UpdateNotRequested), + }), } } pub fn build_key_update_request() -> Self { Self { version: ProtocolVersion::TLSv1_3, - payload: MessagePayload::handshake(HandshakeMessagePayload::build_key_update_request()), + payload: MessagePayload::handshake(HandshakeMessagePayload { + typ: HandshakeType::KeyUpdate, + payload: HandshakePayload::KeyUpdate(KeyUpdateRequest::UpdateRequested), + }), } } From 6c006f95334e92c4023fffd457ebfe331b4fcc53 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 25 Jun 2024 10:57:04 -0400 Subject: [PATCH 1103/1145] add elided lifetime parameters throughout Our style guide[0] already recommended not eliding generic lifetimes. This commit adds them wherever they were missing. [0]: https://github.com/rustls/rustls/blob/main/CONTRIBUTING.md#dont-elide-generic-lifetimes --- rustls/src/bs_debug.rs | 2 +- rustls/src/check.rs | 4 +- rustls/src/client/client_conn.rs | 6 +-- rustls/src/client/ech.rs | 8 +-- rustls/src/client/hs.rs | 2 +- rustls/src/client/tls12.rs | 2 +- rustls/src/client/tls13.rs | 6 +-- rustls/src/common_state.rs | 8 +-- rustls/src/compress.rs | 8 +-- rustls/src/conn.rs | 10 ++-- rustls/src/conn/unbuffered.rs | 6 +-- rustls/src/crypto/aws_lc_rs/hpke.rs | 10 ++-- rustls/src/crypto/aws_lc_rs/tls12.rs | 4 +- rustls/src/crypto/aws_lc_rs/tls13.rs | 4 +- rustls/src/crypto/cipher.rs | 4 +- rustls/src/crypto/ring/tls12.rs | 4 +- rustls/src/crypto/ring/tls13.rs | 2 +- rustls/src/error.rs | 4 +- rustls/src/hash_hs.rs | 4 +- rustls/src/lock.rs | 4 +- rustls/src/msgs/alert.rs | 2 +- rustls/src/msgs/base.rs | 4 +- rustls/src/msgs/ccs.rs | 2 +- rustls/src/msgs/codec.rs | 12 ++--- rustls/src/msgs/deframer.rs | 2 +- rustls/src/msgs/ffdhe_groups.rs | 10 ++-- rustls/src/msgs/fragmenter.rs | 2 +- rustls/src/msgs/handshake.rs | 80 ++++++++++++++-------------- rustls/src/msgs/handshake_test.rs | 2 +- rustls/src/msgs/macros.rs | 2 +- rustls/src/msgs/message/inbound.rs | 2 +- rustls/src/msgs/message/mod.rs | 2 +- rustls/src/msgs/message/outbound.rs | 4 +- rustls/src/msgs/persist.rs | 2 +- rustls/src/quic.rs | 4 +- rustls/src/record_layer.rs | 2 +- rustls/src/server/common.rs | 2 +- rustls/src/server/handy.rs | 4 +- rustls/src/server/hs.rs | 14 ++--- rustls/src/server/server_conn.rs | 14 ++--- rustls/src/server/tls12.rs | 4 +- rustls/src/server/tls13.rs | 8 +-- rustls/src/verify.rs | 2 +- rustls/src/webpki/verify.rs | 8 +-- 44 files changed, 146 insertions(+), 146 deletions(-) diff --git a/rustls/src/bs_debug.rs b/rustls/src/bs_debug.rs index 858e8bdc3a..46d85abf22 100644 --- a/rustls/src/bs_debug.rs +++ b/rustls/src/bs_debug.rs @@ -13,7 +13,7 @@ use core::fmt; pub(crate) struct BsDebug<'a>(pub(crate) &'a [u8]); impl<'a> fmt::Debug for BsDebug<'a> { - fn fmt(&self, fmt: &mut fmt::Formatter) -> Result<(), fmt::Error> { + fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> { write!(fmt, "b\"")?; for &c in self.0 { // https://doc.rust-lang.org/reference.html#byte-escapes diff --git a/rustls/src/check.rs b/rustls/src/check.rs index d5f1305850..f464ca6934 100644 --- a/rustls/src/check.rs +++ b/rustls/src/check.rs @@ -41,7 +41,7 @@ macro_rules! require_handshake_msg_move( ); pub(crate) fn inappropriate_message( - payload: &MessagePayload, + payload: &MessagePayload<'_>, content_types: &[ContentType], ) -> Error { warn!( @@ -56,7 +56,7 @@ pub(crate) fn inappropriate_message( } pub(crate) fn inappropriate_handshake_message( - payload: &MessagePayload, + payload: &MessagePayload<'_>, content_types: &[ContentType], handshake_types: &[HandshakeType], ) -> Error { diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index b58eeab386..1e2c54de68 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -668,7 +668,7 @@ mod connection { } impl fmt::Debug for ClientConnection { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("ClientConnection") .finish() } @@ -702,7 +702,7 @@ mod connection { /// The server can choose not to accept any sent early data -- /// in this case the data is lost but the connection continues. You /// can tell this happened using `is_early_data_accepted`. - pub fn early_data(&mut self) -> Option { + pub fn early_data(&mut self) -> Option> { if self .inner .core @@ -861,7 +861,7 @@ impl TransmitTlsData<'_, ClientConnectionData> { /// already encoded TLS data /// /// IF allowed by the protocol - pub fn may_encrypt_early_data(&mut self) -> Option { + pub fn may_encrypt_early_data(&mut self) -> Option> { if self .conn .core diff --git a/rustls/src/client/ech.rs b/rustls/src/client/ech.rs index cbdd837ff8..b4c9245c82 100644 --- a/rustls/src/client/ech.rs +++ b/rustls/src/client/ech.rs @@ -537,7 +537,7 @@ impl EchState { /// /// This will start the in-progress transcript using the given `hash`, convert it into an HRR /// buffer, and then add the hello retry message `m`. - pub(crate) fn transcript_hrr_update(&mut self, hash: &'static dyn Hash, m: &Message) { + pub(crate) fn transcript_hrr_update(&mut self, hash: &'static dyn Hash, m: &Message<'_>) { trace!("Updating ECH inner transcript for HRR"); let inner_transcript = self @@ -779,21 +779,21 @@ impl EchState { Ok(()) } - fn server_hello_conf(server_hello: &ServerHelloPayload) -> Message { + fn server_hello_conf(server_hello: &ServerHelloPayload) -> Message<'_> { Self::ech_conf_message(HandshakeMessagePayload { typ: HandshakeType::ServerHello, payload: HandshakePayload::ServerHello(server_hello.clone()), }) } - fn hello_retry_request_conf(retry_req: &HelloRetryRequest) -> Message { + fn hello_retry_request_conf(retry_req: &HelloRetryRequest) -> Message<'_> { Self::ech_conf_message(HandshakeMessagePayload { typ: HandshakeType::HelloRetryRequest, payload: HandshakePayload::HelloRetryRequest(retry_req.clone()), }) } - fn ech_conf_message(hmp: HandshakeMessagePayload) -> Message { + fn ech_conf_message(hmp: HandshakeMessagePayload<'_>) -> Message<'_> { let mut hmp_encoded = Vec::new(); hmp.payload_encode(&mut hmp_encoded, Encoding::EchConfirmation); Message { diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index 30fb2b6ef0..ec13af6c37 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -855,7 +855,7 @@ impl ExpectServerHelloOrHelloRetryRequest { fn handle_hello_retry_request( mut self, cx: &mut ClientContext<'_>, - m: Message, + m: Message<'_>, ) -> NextStateOrError<'static> { let hrr = require_handshake_msg!( m, diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 40324fcb06..8e6fe57ff8 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -52,7 +52,7 @@ mod server_hello { impl CompleteServerHelloHandling { pub(in crate::client) fn handle_server_hello( mut self, - cx: &mut ClientContext, + cx: &mut ClientContext<'_>, suite: &'static Tls12CipherSuite, server_hello: &ServerHelloPayload, tls13_supported: bool, diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index 8f1083c7f8..f7d918ba66 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -62,7 +62,7 @@ static DISALLOWED_TLS13_EXTS: &[ExtensionType] = &[ pub(super) fn handle_server_hello( config: Arc, - cx: &mut ClientContext, + cx: &mut ClientContext<'_>, server_hello: &ServerHelloPayload, mut resuming_session: Option, server_name: ServerName<'static>, @@ -73,7 +73,7 @@ pub(super) fn handle_server_hello( mut hello: ClientHelloDetails, our_key_share: Box, mut sent_tls13_fake_ccs: bool, - server_hello_msg: &Message, + server_hello_msg: &Message<'_>, ech_state: Option, ) -> hs::NextStateOrError<'static> { validate_server_hello(cx.common, server_hello)?; @@ -252,7 +252,7 @@ pub(super) fn initial_key_share( pub(super) fn fill_in_psk_binder( resuming: &persist::Tls13ClientSessionValue, transcript: &HandshakeHashBuffer, - hmp: &mut HandshakeMessagePayload, + hmp: &mut HandshakeMessagePayload<'_>, ) -> KeyScheduleEarly { // We need to know the hash function of the suite we're trying to resume into. let suite = resuming.suite(); diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index ba4a8d5ea7..3afd9eec3d 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -161,7 +161,7 @@ impl CommonState { pub(crate) fn process_main_protocol( &mut self, - msg: Message, + msg: Message<'_>, mut state: Box>, data: &mut Data, sendable_plaintext: Option<&mut ChunkVecBuffer>, @@ -308,7 +308,7 @@ impl CommonState { len } - fn send_single_fragment(&mut self, m: OutboundPlainMessage) { + fn send_single_fragment(&mut self, m: OutboundPlainMessage<'_>) { if m.typ == ContentType::Alert { // Alerts are always sendable -- never quashed by a PreEncryptAction. let em = self.record_layer.encrypt_outgoing(m); @@ -407,7 +407,7 @@ impl CommonState { } /// Send a raw TLS message, fragmenting it if needed. - pub(crate) fn send_msg(&mut self, m: Message, must_encrypt: bool) { + pub(crate) fn send_msg(&mut self, m: Message<'_>, must_encrypt: bool) { { if let Protocol::Quic = self.protocol { if let MessagePayload::Alert(alert) = m.payload { @@ -439,7 +439,7 @@ impl CommonState { } } - pub(crate) fn take_received_plaintext(&mut self, bytes: Payload) { + pub(crate) fn take_received_plaintext(&mut self, bytes: Payload<'_>) { self.received_plaintext .append(bytes.into_vec()); } diff --git a/rustls/src/compress.rs b/rustls/src/compress.rs index 31bc6532af..5ac0147793 100644 --- a/rustls/src/compress.rs +++ b/rustls/src/compress.rs @@ -320,7 +320,7 @@ impl CompressionCache { pub(crate) fn compression_for( &self, compressor: &dyn CertCompressor, - original: &CertificatePayloadTls13, + original: &CertificatePayloadTls13<'_>, ) -> Result, CompressionFailed> { match self { Self::Disabled => Self::uncached_compression(compressor, original), @@ -334,7 +334,7 @@ impl CompressionCache { fn compression_for_impl( &self, compressor: &dyn CertCompressor, - original: &CertificatePayloadTls13, + original: &CertificatePayloadTls13<'_>, ) -> Result, CompressionFailed> { let (max_size, entries) = match self { Self::Enabled(CompressionCacheInner { size, entries }) => (*size, entries), @@ -391,7 +391,7 @@ impl CompressionCache { /// Compress `original` using `compressor` at `Interactive` level. fn uncached_compression( compressor: &dyn CertCompressor, - original: &CertificatePayloadTls13, + original: &CertificatePayloadTls13<'_>, ) -> Result, CompressionFailed> { let algorithm = compressor.algorithm(); let encoding = original.get_encoding(); @@ -439,7 +439,7 @@ pub(crate) struct CompressionCacheEntry { } impl CompressionCacheEntry { - pub(crate) fn compressed_cert_payload(&self) -> CompressedCertificatePayload { + pub(crate) fn compressed_cert_payload(&self) -> CompressedCertificatePayload<'_> { self.compressed.as_borrowed() } } diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 4860b1f05b..8701824492 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -62,7 +62,7 @@ mod connection { } /// Returns an object that allows reading plaintext. - pub fn reader(&mut self) -> Reader { + pub fn reader(&mut self) -> Reader<'_> { match self { Self::Client(conn) => conn.reader(), Self::Server(conn) => conn.reader(), @@ -70,7 +70,7 @@ mod connection { } /// Returns an object that allows writing plaintext. - pub fn writer(&mut self) -> Writer { + pub fn writer(&mut self) -> Writer<'_> { match self { Self::Client(conn) => Writer::new(&mut **conn), Self::Server(conn) => Writer::new(&mut **conn), @@ -525,7 +525,7 @@ impl ConnectionCommon { #[cfg(feature = "std")] impl ConnectionCommon { /// Returns an object that allows reading plaintext. - pub fn reader(&mut self) -> Reader { + pub fn reader(&mut self) -> Reader<'_> { let common = &mut self.core.common_state; Reader { received_plaintext: &mut common.received_plaintext, @@ -537,7 +537,7 @@ impl ConnectionCommon { } /// Returns an object that allows writing plaintext. - pub fn writer(&mut self) -> Writer { + pub fn writer(&mut self) -> Writer<'_> { Writer::new(self) } @@ -910,7 +910,7 @@ impl ConnectionCore { fn process_msg( &mut self, - msg: InboundPlainMessage, + msg: InboundPlainMessage<'_>, state: Box>, sendable_plaintext: Option<&mut ChunkVecBuffer>, ) -> Result>, Error> { diff --git a/rustls/src/conn/unbuffered.rs b/rustls/src/conn/unbuffered.rs index 9b87e7bf79..a6605eb9c5 100644 --- a/rustls/src/conn/unbuffered.rs +++ b/rustls/src/conn/unbuffered.rs @@ -296,7 +296,7 @@ impl<'c, 'i, Data> ReadTraffic<'c, 'i, Data> { /// Decrypts and returns the next available app-data record // TODO deprecate in favor of `Iterator` implementation, which requires in-place decryption - pub fn next_record(&mut self) -> Option> { + pub fn next_record(&mut self) -> Option, Error>> { if self.taken { None } else { @@ -347,7 +347,7 @@ impl<'c, 'i, Data> ReadEarlyData<'c, 'i, Data> { impl<'c, 'i> ReadEarlyData<'c, 'i, ServerConnectionData> { /// decrypts and returns the next available app-data record // TODO deprecate in favor of `Iterator` implementation, which requires in-place decryption - pub fn next_record(&mut self) -> Option> { + pub fn next_record(&mut self) -> Option, Error>> { if self.taken { None } else { @@ -488,7 +488,7 @@ impl TransmitTlsData<'_, Data> { /// Returns an adapter that allows encrypting application data /// /// If allowed at this stage of the handshake process - pub fn may_encrypt_app_data(&mut self) -> Option> { + pub fn may_encrypt_app_data(&mut self) -> Option> { if self .conn .core diff --git a/rustls/src/crypto/aws_lc_rs/hpke.rs b/rustls/src/crypto/aws_lc_rs/hpke.rs index 996813c78e..7f2ee70522 100644 --- a/rustls/src/crypto/aws_lc_rs/hpke.rs +++ b/rustls/src/crypto/aws_lc_rs/hpke.rs @@ -685,7 +685,7 @@ fn generate_p_curve_key_pair( // will panic for this algorithm. debug_assert_ne!(alg, &agreement::X25519); let (public_key, private_key) = generate_key_pair(alg)?; - let raw_private_key: EcPrivateKeyBin = private_key + let raw_private_key: EcPrivateKeyBin<'_> = private_key .as_be_bytes() .map_err(unspecified_err)?; Ok(( @@ -702,7 +702,7 @@ fn generate_p_curve_key_pair( /// For generating P-256, P-384 and P-512 keys see [`generate_p_curve_key_pair`]. fn generate_x25519_key_pair() -> Result<(HpkePublicKey, HpkePrivateKey), Error> { let (public_key, private_key) = generate_key_pair(&agreement::X25519)?; - let raw_private_key: Curve25519SeedBin = private_key + let raw_private_key: Curve25519SeedBin<'_> = private_key .as_be_bytes() .map_err(unspecified_err)?; Ok(( @@ -950,9 +950,9 @@ fn key_rejected_err(_e: aws_lc_rs::error::KeyRejected) -> Error { // https://github.com/aws/aws-lc-rs/blob/0186ef7bb1a4d7e140bae8074a9871f49afedf1b/aws-lc-rs/src/cipher/chacha.rs#L13 const CHACHA_KEY_LEN: usize = 32; -static RING_HKDF_HMAC_SHA256: &HkdfUsingHmac = &HkdfUsingHmac(&HMAC_SHA256); -static RING_HKDF_HMAC_SHA384: &HkdfUsingHmac = &HkdfUsingHmac(&HMAC_SHA384); -static RING_HKDF_HMAC_SHA512: &HkdfUsingHmac = &HkdfUsingHmac(&HMAC_SHA512); +static RING_HKDF_HMAC_SHA256: &HkdfUsingHmac<'static> = &HkdfUsingHmac(&HMAC_SHA256); +static RING_HKDF_HMAC_SHA384: &HkdfUsingHmac<'static> = &HkdfUsingHmac(&HMAC_SHA384); +static RING_HKDF_HMAC_SHA512: &HkdfUsingHmac<'static> = &HkdfUsingHmac(&HMAC_SHA512); #[cfg(test)] mod tests { diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 03503618dc..cfcf77855f 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -301,7 +301,7 @@ impl MessageDecrypter for GcmMessageDecrypter { impl MessageEncrypter for GcmMessageEncrypter { fn encrypt( &mut self, - msg: OutboundPlainMessage, + msg: OutboundPlainMessage<'_>, seq: u64, ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); @@ -382,7 +382,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { fn encrypt( &mut self, - msg: OutboundPlainMessage, + msg: OutboundPlainMessage<'_>, seq: u64, ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index 9797dccda0..2ed8ae80bf 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -232,7 +232,7 @@ struct AeadMessageDecrypter { impl MessageEncrypter for AeadMessageEncrypter { fn encrypt( &mut self, - msg: OutboundPlainMessage, + msg: OutboundPlainMessage<'_>, seq: u64, ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); @@ -293,7 +293,7 @@ struct GcmMessageEncrypter { impl MessageEncrypter for GcmMessageEncrypter { fn encrypt( &mut self, - msg: OutboundPlainMessage, + msg: OutboundPlainMessage<'_>, seq: u64, ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index ec8eecd7c3..64901a577b 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -150,7 +150,7 @@ pub trait MessageEncrypter: Send + Sync { /// `seq` which can be used to derive a unique [`Nonce`]. fn encrypt( &mut self, - msg: OutboundPlainMessage, + msg: OutboundPlainMessage<'_>, seq: u64, ) -> Result; @@ -325,7 +325,7 @@ struct InvalidMessageEncrypter {} impl MessageEncrypter for InvalidMessageEncrypter { fn encrypt( &mut self, - _m: OutboundPlainMessage, + _m: OutboundPlainMessage<'_>, _seq: u64, ) -> Result { Err(Error::EncryptError) diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 093c687250..5bc2926000 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -284,7 +284,7 @@ impl MessageDecrypter for GcmMessageDecrypter { impl MessageEncrypter for GcmMessageEncrypter { fn encrypt( &mut self, - msg: OutboundPlainMessage, + msg: OutboundPlainMessage<'_>, seq: u64, ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); @@ -365,7 +365,7 @@ impl MessageDecrypter for ChaCha20Poly1305MessageDecrypter { impl MessageEncrypter for ChaCha20Poly1305MessageEncrypter { fn encrypt( &mut self, - msg: OutboundPlainMessage, + msg: OutboundPlainMessage<'_>, seq: u64, ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index f674051a67..d390b2a4e2 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -203,7 +203,7 @@ struct Tls13MessageDecrypter { impl MessageEncrypter for Tls13MessageEncrypter { fn encrypt( &mut self, - msg: OutboundPlainMessage, + msg: OutboundPlainMessage<'_>, seq: u64, ) -> Result { let total_len = self.encrypted_payload_len(msg.payload.len()); diff --git a/rustls/src/error.rs b/rustls/src/error.rs index ed749ac546..1637894ff2 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -514,7 +514,7 @@ fn join(items: &[T]) -> String { } impl fmt::Display for Error { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { match *self { Self::InappropriateMessage { ref expect_types, @@ -615,7 +615,7 @@ mod other_error { } impl fmt::Display for OtherError { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { #[cfg(feature = "std")] { write!(f, "{}", self.0) diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index 7b11eb2435..07be5ef5d7 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -34,7 +34,7 @@ impl HandshakeHashBuffer { } /// Hash/buffer a handshake message. - pub(crate) fn add_message(&mut self, m: &Message) { + pub(crate) fn add_message(&mut self, m: &Message<'_>) { if let MessagePayload::Handshake { encoded, .. } = &m.payload { self.buffer .extend_from_slice(encoded.bytes()); @@ -97,7 +97,7 @@ impl HandshakeHash { } /// Hash/buffer a handshake message. - pub(crate) fn add_message(&mut self, m: &Message) -> &mut Self { + pub(crate) fn add_message(&mut self, m: &Message<'_>) -> &mut Self { if let MessagePayload::Handshake { encoded, .. } = &m.payload { self.update_raw(encoded.bytes()); } diff --git a/rustls/src/lock.rs b/rustls/src/lock.rs index fa023856e6..ace0147cb8 100644 --- a/rustls/src/lock.rs +++ b/rustls/src/lock.rs @@ -61,7 +61,7 @@ mod no_std_lock { /// /// This will return `None` in the case the mutex is poisoned. #[inline] - pub fn lock(&self) -> Option> { + pub fn lock(&self) -> Option> { self.inner.lock().ok() } } @@ -69,7 +69,7 @@ mod no_std_lock { /// A lock protecting shared data. pub trait Lock: Debug + Send + Sync { /// Acquire the lock. - fn lock(&self) -> Result, Poisoned>; + fn lock(&self) -> Result, Poisoned>; } /// A lock builder. diff --git a/rustls/src/msgs/alert.rs b/rustls/src/msgs/alert.rs index 3ee5c975e5..e66f64cf96 100644 --- a/rustls/src/msgs/alert.rs +++ b/rustls/src/msgs/alert.rs @@ -17,7 +17,7 @@ impl Codec<'_> for AlertMessagePayload { self.description.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let level = AlertLevel::read(r)?; let description = AlertDescription::read(r)?; r.expect_empty("AlertMessagePayload") diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index 3ab11be8f4..f78d5bd441 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -133,7 +133,7 @@ impl Codec<'_> for PayloadU16 { Self::encode_slice(&self.0, bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let len = u16::read(r)? as usize; let mut sub = r.sub(len)?; let body = sub.rest().to_vec(); @@ -172,7 +172,7 @@ impl Codec<'_> for PayloadU8 { bytes.extend_from_slice(&self.0); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let len = u8::read(r)? as usize; let mut sub = r.sub(len)?; let body = sub.rest().to_vec(); diff --git a/rustls/src/msgs/ccs.rs b/rustls/src/msgs/ccs.rs index d0bdd17470..ac2c9e6a86 100644 --- a/rustls/src/msgs/ccs.rs +++ b/rustls/src/msgs/ccs.rs @@ -11,7 +11,7 @@ impl Codec<'_> for ChangeCipherSpecPayload { 1u8.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let typ = u8::read(r)?; if typ != 1 { return Err(InvalidMessage::InvalidCcs); diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index cc440ec86b..699589162e 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -132,7 +132,7 @@ impl<'a> ReaderMut<'a> { self.buffer.len() } - pub(crate) fn as_reader(&mut self, f: impl FnOnce(&mut Reader) -> T) -> T { + pub(crate) fn as_reader(&mut self, f: impl FnOnce(&mut Reader<'_>) -> T) -> T { let mut r = Reader { buffer: self.buffer, cursor: 0, @@ -180,7 +180,7 @@ impl Codec<'_> for u8 { bytes.push(*self); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { match r.take(1) { Some(&[byte]) => Ok(byte), _ => Err(InvalidMessage::MissingData("u8")), @@ -200,7 +200,7 @@ impl Codec<'_> for u16 { bytes.extend_from_slice(&b16); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { match r.take(2) { Some(&[b1, b2]) => Ok(Self::from_be_bytes([b1, b2])), _ => Err(InvalidMessage::MissingData("u16")), @@ -227,7 +227,7 @@ impl Codec<'_> for u24 { bytes.extend_from_slice(&be_bytes[1..]); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { match r.take(3) { Some(&[a, b, c]) => Ok(Self(u32::from_be_bytes([0, a, b, c]))), _ => Err(InvalidMessage::MissingData("u24")), @@ -240,7 +240,7 @@ impl Codec<'_> for u32 { bytes.extend(Self::to_be_bytes(*self)); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { match r.take(4) { Some(&[a, b, c, d]) => Ok(Self::from_be_bytes([a, b, c, d])), _ => Err(InvalidMessage::MissingData("u32")), @@ -260,7 +260,7 @@ impl Codec<'_> for u64 { bytes.extend_from_slice(&b64); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { match r.take(8) { Some(&[a, b, c, d, e, f, g, h]) => Ok(Self::from_be_bytes([a, b, c, d, e, f, g, h])), _ => Err(InvalidMessage::MissingData("u64")), diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index c8df570217..19d8896251 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -417,7 +417,7 @@ pub struct DeframerVecBuffer { impl DeframerVecBuffer { /// Borrows the initialized contents of this buffer and tracks pending discard operations via /// the `discard` reference - pub fn borrow(&mut self) -> DeframerSliceBuffer { + pub fn borrow(&mut self) -> DeframerSliceBuffer<'_> { DeframerSliceBuffer::new(&mut self.buf[..self.used]) } diff --git a/rustls/src/msgs/ffdhe_groups.rs b/rustls/src/msgs/ffdhe_groups.rs index 719473995b..91db6e6566 100644 --- a/rustls/src/msgs/ffdhe_groups.rs +++ b/rustls/src/msgs/ffdhe_groups.rs @@ -59,7 +59,7 @@ impl<'a> FfdheGroup<'a> { /// FFDHE2048 group defined in [RFC 7919 Appendix A.1] /// /// [RFC 7919 Appendix A.1]: https://datatracker.ietf.org/doc/html/rfc7919#appendix-A.1 -pub const FFDHE2048: FfdheGroup = FfdheGroup { +pub const FFDHE2048: FfdheGroup<'static> = FfdheGroup { p: include_bytes!("ffdhe_groups/ffdhe2048-modulus.bin"), g: &[2], }; @@ -67,7 +67,7 @@ pub const FFDHE2048: FfdheGroup = FfdheGroup { /// FFDHE3072 group defined in [RFC 7919 Appendix A.2] /// /// [RFC 7919 Appendix A.2]: https://datatracker.ietf.org/doc/html/rfc7919#appendix-A.2 -pub const FFDHE3072: FfdheGroup = FfdheGroup { +pub const FFDHE3072: FfdheGroup<'static> = FfdheGroup { p: include_bytes!("ffdhe_groups/ffdhe3072-modulus.bin"), g: &[2], }; @@ -75,7 +75,7 @@ pub const FFDHE3072: FfdheGroup = FfdheGroup { /// FFDHE4096 group defined in [RFC 7919 Appendix A.3] /// /// [RFC 7919 Appendix A.3]: https://datatracker.ietf.org/doc/html/rfc7919#appendix-A.3 -pub const FFDHE4096: FfdheGroup = FfdheGroup { +pub const FFDHE4096: FfdheGroup<'static> = FfdheGroup { p: include_bytes!("ffdhe_groups/ffdhe4096-modulus.bin"), g: &[2], }; @@ -83,7 +83,7 @@ pub const FFDHE4096: FfdheGroup = FfdheGroup { /// FFDHE6144 group defined in [RFC 7919 Appendix A.4] /// /// [RFC 7919 Appendix A.4]: https://datatracker.ietf.org/doc/html/rfc7919#appendix-A.4 -pub const FFDHE6144: FfdheGroup = FfdheGroup { +pub const FFDHE6144: FfdheGroup<'static> = FfdheGroup { p: include_bytes!("ffdhe_groups/ffdhe6144-modulus.bin"), g: &[2], }; @@ -91,7 +91,7 @@ pub const FFDHE6144: FfdheGroup = FfdheGroup { /// FFDHE8192 group defined in [RFC 7919 Appendix A.5] /// /// [RFC 7919 Appendix A.5]: https://datatracker.ietf.org/doc/html/rfc7919#appendix-A.5 -pub const FFDHE8192: FfdheGroup = FfdheGroup { +pub const FFDHE8192: FfdheGroup<'static> = FfdheGroup { p: include_bytes!("ffdhe_groups/ffdhe8192-modulus.bin"), g: &[2], }; diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index 85bc755ad2..987ec7eb70 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -113,7 +113,7 @@ mod tests { use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage}; fn msg_eq( - m: &OutboundPlainMessage, + m: &OutboundPlainMessage<'_>, total_len: usize, typ: &ContentType, version: &ProtocolVersion, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 94e4f3f2d3..a5cd2cf6ed 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -59,7 +59,7 @@ macro_rules! wrapped_payload( self.0.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { Ok(Self($inner::read(r)?)) } } @@ -87,7 +87,7 @@ impl Codec<'_> for Random { bytes.extend_from_slice(&self.0); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let bytes = match r.take(32) { Some(bytes) => bytes, None => return Err(InvalidMessage::MissingData("Random")), @@ -148,7 +148,7 @@ impl Codec<'_> for SessionId { bytes.extend_from_slice(&self.data[..self.len]); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let len = u8::read(r)? as usize; if len > 32 { return Err(InvalidMessage::TrailingData("SessionID")); @@ -196,7 +196,7 @@ impl UnknownExtension { self.payload.encode(bytes); } - fn read(typ: ExtensionType, r: &mut Reader) -> Self { + fn read(typ: ExtensionType, r: &mut Reader<'_>) -> Self { let payload = Payload::read(r).into_owned(); Self { typ, payload } } @@ -226,7 +226,7 @@ impl ServerNamePayload { Self::HostName(hostname) } - fn read_hostname(r: &mut Reader) -> Result { + fn read_hostname(r: &mut Reader<'_>) -> Result { use pki_types::ServerName; let raw = PayloadU16::read(r)?; @@ -267,7 +267,7 @@ impl Codec<'_> for ServerName { self.payload.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let typ = ServerNameType::read(r)?; let payload = match typ { @@ -373,7 +373,7 @@ impl Codec<'_> for KeyShareEntry { self.payload.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let group = NamedGroup::read(r)?; let payload = PayloadU16::read(r)?; @@ -403,7 +403,7 @@ impl Codec<'_> for PresharedKeyIdentity { self.obfuscated_ticket_age.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { Ok(Self { identity: PayloadU16::read(r)?, obfuscated_ticket_age: u32::read(r)?, @@ -443,7 +443,7 @@ impl Codec<'_> for PresharedKeyOffer { self.binders.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { Ok(Self { identities: Vec::read(r)?, binders: Vec::read(r)?, @@ -471,7 +471,7 @@ impl Codec<'_> for OcspCertificateStatusRequest { self.extensions.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { Ok(Self { responder_ids: Vec::read(r)?, extensions: PayloadU16::read(r)?, @@ -496,7 +496,7 @@ impl Codec<'_> for CertificateStatusRequest { } } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let typ = CertificateStatusType::read(r)?; match typ { @@ -624,7 +624,7 @@ impl Codec<'_> for ClientExtension { } } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let typ = ExtensionType::read(r)?; let len = u16::read(r)? as usize; let mut sub = r.sub(len)?; @@ -773,7 +773,7 @@ impl Codec<'_> for ServerExtension { } } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let typ = ExtensionType::read(r)?; let len = u16::read(r)? as usize; let mut sub = r.sub(len)?; @@ -834,7 +834,7 @@ impl Codec<'_> for ClientHelloPayload { self.payload_encode(bytes, Encoding::Standard) } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let mut ret = Self { client_version: ProtocolVersion::read(r)?, random: Random::read(r)?, @@ -1154,7 +1154,7 @@ impl Codec<'_> for HelloRetryExtension { } } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let typ = ExtensionType::read(r)?; let len = u16::read(r)? as usize; let mut sub = r.sub(len)?; @@ -1191,7 +1191,7 @@ impl Codec<'_> for HelloRetryRequest { self.payload_encode(bytes, Encoding::Standard) } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let session_id = SessionId::read(r)?; let cipher_suite = CipherSuite::read(r)?; let compression = Compression::read(r)?; @@ -1317,7 +1317,7 @@ impl Codec<'_> for ServerHelloPayload { } // minus version and random, which have already been read. - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let session_id = SessionId::read(r)?; let suite = CipherSuite::read(r)?; let compression = Compression::read(r)?; @@ -1725,7 +1725,7 @@ impl Codec<'_> for EcParameters { self.named_group.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let ct = ECCurveType::read(r)?; if ct != ECCurveType::NamedCurve { return Err(InvalidMessage::UnsupportedCurveType); @@ -1772,7 +1772,7 @@ impl ClientKeyExchangeParams { #[cfg(feature = "tls12")] impl KxDecode<'_> for ClientKeyExchangeParams { - fn decode(r: &mut Reader, algo: KeyExchangeAlgorithm) -> Result { + fn decode(r: &mut Reader<'_>, algo: KeyExchangeAlgorithm) -> Result { use KeyExchangeAlgorithm::*; Ok(match algo { ECDHE => Self::Ecdh(ClientEcdhParams::read(r)?), @@ -1791,7 +1791,7 @@ impl Codec<'_> for ClientEcdhParams { self.public.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let pb = PayloadU8::read(r)?; Ok(Self { public: pb }) } @@ -1807,7 +1807,7 @@ impl Codec<'_> for ClientDhParams { self.public.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { Ok(Self { public: PayloadU16::read(r)?, }) @@ -1839,7 +1839,7 @@ impl Codec<'_> for ServerEcdhParams { self.public.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let cp = EcParameters::read(r)?; let pb = PayloadU8::read(r)?; @@ -1886,7 +1886,7 @@ impl Codec<'_> for ServerDhParams { self.dh_Ys.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { Ok(Self { dh_p: PayloadU16::read(r)?, dh_g: PayloadU16::read(r)?, @@ -1937,7 +1937,7 @@ impl ServerKeyExchangeParams { #[cfg(feature = "tls12")] impl KxDecode<'_> for ServerKeyExchangeParams { - fn decode(r: &mut Reader, algo: KeyExchangeAlgorithm) -> Result { + fn decode(r: &mut Reader<'_>, algo: KeyExchangeAlgorithm) -> Result { use KeyExchangeAlgorithm::*; Ok(match algo { ECDHE => Self::Ecdh(ServerEcdhParams::read(r)?), @@ -1979,7 +1979,7 @@ impl Codec<'_> for ServerKeyExchangePayload { } } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { // read as Unknown, fully parse when we know the // KeyExchangeAlgorithm Ok(Self::Unknown(Payload::read(r).into_owned())) @@ -2123,7 +2123,7 @@ impl Codec<'_> for CertificateRequestPayload { self.canames.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let certtypes = Vec::read(r)?; let sigschemes = Vec::read(r)?; let canames = Vec::read(r)?; @@ -2173,7 +2173,7 @@ impl Codec<'_> for CertReqExtension { } } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let typ = ExtensionType::read(r)?; let len = u16::read(r)? as usize; let mut sub = r.sub(len)?; @@ -2217,7 +2217,7 @@ impl Codec<'_> for CertificateRequestPayloadTls13 { self.extensions.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let context = PayloadU8::read(r)?; let extensions = Vec::read(r)?; @@ -2285,7 +2285,7 @@ impl Codec<'_> for NewSessionTicketPayload { self.ticket.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let lifetime = u32::read(r)?; let ticket = PayloadU16::read(r)?; @@ -2323,7 +2323,7 @@ impl Codec<'_> for NewSessionTicketExtension { } } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let typ = ExtensionType::read(r)?; let len = u16::read(r)? as usize; let mut sub = r.sub(len)?; @@ -2394,7 +2394,7 @@ impl Codec<'_> for NewSessionTicketPayloadTls13 { self.exts.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let lifetime = u32::read(r)?; let age_add = u32::read(r)?; let nonce = PayloadU8::read(r)?; @@ -2489,7 +2489,7 @@ impl CompressedCertificatePayload<'_> { } } - pub(crate) fn as_borrowed(&self) -> CompressedCertificatePayload { + pub(crate) fn as_borrowed(&self) -> CompressedCertificatePayload<'_> { CompressedCertificatePayload { alg: self.alg, uncompressed_len: self.uncompressed_len, @@ -2769,7 +2769,7 @@ impl Codec<'_> for HpkeSymmetricCipherSuite { self.aead_id.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { Ok(Self { kdf_id: HpkeKdf::read(r)?, aead_id: HpkeAead::read(r)?, @@ -2798,7 +2798,7 @@ impl Codec<'_> for HpkeKeyConfig { .encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { Ok(Self { config_id: u8::read(r)?, kem_id: HpkeKem::read(r)?, @@ -2848,7 +2848,7 @@ impl Codec<'_> for EchConfigContents { self.extensions.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { Ok(Self { key_config: HpkeKeyConfig::read(r)?, maximum_name_length: u8::read(r)?, @@ -2895,7 +2895,7 @@ impl Codec<'_> for EchConfigPayload { } } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let version = EchVersion::read(r)?; let length = u16::read(r)?; let mut contents = r.sub(length as usize)?; @@ -2937,7 +2937,7 @@ impl Codec<'_> for EchConfigExtension { } } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let typ = ExtensionType::read(r)?; let len = u16::read(r)? as usize; let mut sub = r.sub(len)?; @@ -2984,7 +2984,7 @@ impl Codec<'_> for EncryptedClientHello { } } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { match EchClientHelloType::read(r)? { EchClientHelloType::ClientHelloOuter => { Ok(Self::Outer(EncryptedClientHelloOuter::read(r)?)) @@ -3021,7 +3021,7 @@ impl Codec<'_> for EncryptedClientHelloOuter { self.payload.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { Ok(Self { cipher_suite: HpkeSymmetricCipherSuite::read(r)?, config_id: u8::read(r)?, @@ -3045,7 +3045,7 @@ impl Codec<'_> for ServerEncryptedClientHello { self.retry_configs.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { Ok(Self { retry_configs: Vec::::read(r)?, }) diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 7a3ecafdbd..b54e089e71 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -685,7 +685,7 @@ fn cert_entry_ocsp_response() { }); } -fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry) -> bool) { +fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry<'_>) -> bool) { let mut ce = sample_certificate_payload_tls13() .entries .remove(0); diff --git a/rustls/src/msgs/macros.rs b/rustls/src/msgs/macros.rs index 6aa136ba5a..396c012e86 100644 --- a/rustls/src/msgs/macros.rs +++ b/rustls/src/msgs/macros.rs @@ -44,7 +44,7 @@ macro_rules! enum_builder { <$uint>::from(*self).encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { match <$uint>::read(r) { Ok(x) => Ok($enum_name::from(x)), Err(_) => Err(crate::error::InvalidMessage::MissingData(stringify!($enum_name))), diff --git a/rustls/src/msgs/message/inbound.rs b/rustls/src/msgs/message/inbound.rs index 4fb280428c..c2d153231f 100644 --- a/rustls/src/msgs/message/inbound.rs +++ b/rustls/src/msgs/message/inbound.rs @@ -168,7 +168,7 @@ impl InboundPlainMessage<'_> { /// the content type, which is returned. See RFC8446 s5.2. /// /// ContentType(0) is returned if the message payload is empty or all zeroes. -fn unpad_tls13_payload(p: &mut BorrowedPayload) -> ContentType { +fn unpad_tls13_payload(p: &mut BorrowedPayload<'_>) -> ContentType { loop { match p.pop() { Some(0) => {} diff --git a/rustls/src/msgs/message/mod.rs b/rustls/src/msgs/message/mod.rs index 109422ad5a..b1ead38c75 100644 --- a/rustls/src/msgs/message/mod.rs +++ b/rustls/src/msgs/message/mod.rs @@ -89,7 +89,7 @@ impl<'a> MessagePayload<'a> { } impl From> for PlainMessage { - fn from(msg: Message) -> Self { + fn from(msg: Message<'_>) -> Self { let typ = msg.payload.content_type(); let payload = match msg.payload { MessagePayload::ApplicationData(payload) => payload.into_owned(), diff --git a/rustls/src/msgs/message/outbound.rs b/rustls/src/msgs/message/outbound.rs index 4b41e2b8d9..ddb201314e 100644 --- a/rustls/src/msgs/message/outbound.rs +++ b/rustls/src/msgs/message/outbound.rs @@ -175,7 +175,7 @@ impl OutboundOpaqueMessage { /// /// `MessageError` allows callers to distinguish between valid prefixes (might /// become valid if we read more data) and invalid data. - pub fn read(r: &mut Reader) -> Result { + pub fn read(r: &mut Reader<'_>) -> Result { let (typ, version, len) = read_opaque_message_header(r)?; let content = r @@ -225,7 +225,7 @@ impl PrefixedPayload { self.0.extend_from_slice(slice) } - pub fn extend_from_chunks(&mut self, chunks: &OutboundChunks) { + pub fn extend_from_chunks(&mut self, chunks: &OutboundChunks<'_>) { chunks.copy_to_vec(&mut self.0) } diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index 05fba56fa8..775123b746 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -295,7 +295,7 @@ impl Codec<'_> for ServerSessionValue { .encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let has_sni = u8::read(r)?; let sni = if has_sni == 1 { let dns_name = PayloadU8::read(r)?; diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index c04844b55c..1b41acef7d 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -212,7 +212,7 @@ mod connection { } impl Debug for ClientConnection { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("quic::ClientConnection") .finish() } @@ -312,7 +312,7 @@ mod connection { } impl Debug for ServerConnection { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_struct("quic::ServerConnection") .finish() } diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index 9b6f70e961..c06028e82b 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -107,7 +107,7 @@ impl RecordLayer { /// panics if the requisite keying material hasn't been established yet. pub(crate) fn encrypt_outgoing( &mut self, - plain: OutboundPlainMessage, + plain: OutboundPlainMessage<'_>, ) -> OutboundOpaqueMessage { debug_assert!(self.encrypt_state == DirectionState::Active); assert!(self.next_pre_encrypt_action() != PreEncryptAction::Refuse); diff --git a/rustls/src/server/common.rs b/rustls/src/server/common.rs index 973bfe5156..a3d019d1dc 100644 --- a/rustls/src/server/common.rs +++ b/rustls/src/server/common.rs @@ -9,7 +9,7 @@ pub(super) struct ActiveCertifiedKey<'a> { } impl<'a> ActiveCertifiedKey<'a> { - pub(super) fn from_certified_key(key: &sign::CertifiedKey) -> ActiveCertifiedKey { + pub(super) fn from_certified_key(key: &sign::CertifiedKey) -> ActiveCertifiedKey<'_> { ActiveCertifiedKey { key, ocsp: key.ocsp.as_deref(), diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 21bf049a31..24ada20756 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -202,7 +202,7 @@ impl AlwaysResolvesChain { } impl server::ResolvesServerCert for AlwaysResolvesChain { - fn resolve(&self, _client_hello: ClientHello) -> Option> { + fn resolve(&self, _client_hello: ClientHello<'_>) -> Option> { Some(Arc::clone(&self.0)) } } @@ -271,7 +271,7 @@ mod sni_resolver { } impl server::ResolvesServerCert for ResolvesServerCertUsingSni { - fn resolve(&self, client_hello: ClientHello) -> Option> { + fn resolve(&self, client_hello: ClientHello<'_>) -> Option> { if let Some(name) = client_hello.server_name() { self.by_name.get(name).cloned() } else { diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index e99b6fa0fa..a750e31d0a 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -38,7 +38,7 @@ pub(super) type ServerContext<'a> = crate::common_state::Context<'a, ServerConne pub(super) fn can_resume( suite: SupportedCipherSuite, - sni: &Option, + sni: &Option>, using_ems: bool, resumedata: &persist::ServerSessionValue, ) -> bool { @@ -242,7 +242,7 @@ impl ExpectClientHello { self, mut sig_schemes: Vec, client_hello: &ClientHelloPayload, - m: &Message, + m: &Message<'_>, cx: &mut ServerContext<'_>, ) -> NextStateOrError<'static> { let tls13_enabled = self @@ -563,11 +563,11 @@ impl State for ExpectClientHello { /// Note that this will modify `data.sni` even if config or certificate resolution fail. /// /// [`ResolvesServerCert`]: crate::server::ResolvesServerCert -pub(super) fn process_client_hello<'a>( - m: &'a Message, +pub(super) fn process_client_hello<'m>( + m: &'m Message<'m>, done_retry: bool, - cx: &mut ServerContext, -) -> Result<(&'a ClientHelloPayload, Vec), Error> { + cx: &mut ServerContext<'_>, +) -> Result<(&'m ClientHelloPayload, Vec), Error> { let client_hello = require_handshake_msg!(m, HandshakeType::ClientHello, HandshakePayload::ClientHello)?; trace!("we got a clienthello {:?}", client_hello); @@ -597,7 +597,7 @@ pub(super) fn process_client_hello<'a>( // send an Illegal Parameter alert instead of the Internal Error alert // (or whatever) that we'd send if this were checked later or in a // different way. - let sni: Option = match client_hello.sni_extension() { + let sni: Option> = match client_hello.sni_extension() { Some(sni) => { if sni.has_duplicate_names_for_type() { return Err(cx.common.send_fatal_alert( diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index 818a9f066a..737bf5b424 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -119,7 +119,7 @@ pub trait ResolvesServerCert: Debug + Send + Sync { /// ClientHello information. /// /// Return `None` to abort the handshake. - fn resolve(&self, client_hello: ClientHello) -> Option>; + fn resolve(&self, client_hello: ClientHello<'_>) -> Option>; } /// A struct representing the received Client Hello @@ -133,7 +133,7 @@ pub struct ClientHello<'a> { impl<'a> ClientHello<'a> { /// Creates a new ClientHello pub(super) fn new( - server_name: &'a Option, + server_name: &'a Option>, signature_schemes: &'a [SignatureScheme], alpn: Option<&'a Vec>, cipher_suites: &'a [CipherSuite], @@ -157,7 +157,7 @@ impl<'a> ClientHello<'a> { pub fn server_name(&self) -> Option<&str> { self.server_name .as_ref() - .map(>::as_ref) + .map( as AsRef>::as_ref) } /// Get the compatible signature schemes. @@ -637,7 +637,7 @@ mod connection { /// - The client just doesn't support early data. /// - The connection doesn't resume an existing session. /// - The client hasn't sent a full ClientHello yet. - pub fn early_data(&mut self) -> Option { + pub fn early_data(&mut self) -> Option> { let data = &mut self.inner.core.data; if data.early_data.was_accepted() { Some(ReadEarlyData::new(&mut data.early_data)) @@ -654,7 +654,7 @@ mod connection { } impl Debug for ServerConnection { - fn fmt(&self, f: &mut Formatter) -> fmt::Result { + fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result { f.debug_struct("ServerConnection") .finish() } @@ -953,7 +953,7 @@ impl Accepted { }) } - fn client_hello_payload<'a>(message: &'a Message) -> &'a ClientHelloPayload { + fn client_hello_payload<'a>(message: &'a Message<'_>) -> &'a ClientHelloPayload { match &message.payload { crate::msgs::message::MessagePayload::Handshake { parsed, .. } => match &parsed.payload { @@ -1043,7 +1043,7 @@ impl EarlyDataState { } } - pub(super) fn take_received_plaintext(&mut self, bytes: Payload) -> bool { + pub(super) fn take_received_plaintext(&mut self, bytes: Payload<'_>) -> bool { let available = bytes.bytes().len(); match self { Self::Accepted(ref mut received) if received.apply_limit(available) == available => { diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 287593d491..b3bdc30740 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -63,8 +63,8 @@ mod client_hello { pub(in crate::server) fn handle_client_hello( mut self, cx: &mut ServerContext<'_>, - server_key: ActiveCertifiedKey, - chm: &Message, + server_key: ActiveCertifiedKey<'_>, + chm: &Message<'_>, client_hello: &ClientHelloPayload, selected_kxg: &'static dyn SupportedKxGroup, sigschemes_ext: Vec, diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 42d3c03768..58214ac7cf 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -89,7 +89,7 @@ mod client_hello { fn check_binder( &self, suite: &'static Tls13CipherSuite, - client_hello: &Message, + client_hello: &Message<'_>, psk: &[u8], binder: &[u8], ) -> bool { @@ -129,8 +129,8 @@ mod client_hello { pub(in crate::server) fn handle_client_hello( mut self, cx: &mut ServerContext<'_>, - server_key: ActiveCertifiedKey, - chm: &Message, + server_key: ActiveCertifiedKey<'_>, + chm: &Message<'_>, client_hello: &ClientHelloPayload, selected_kxg: &'static dyn SupportedKxGroup, mut sigschemes_ext: Vec, @@ -1491,7 +1491,7 @@ impl ExpectTraffic { impl State for ExpectTraffic { fn handle<'m>( mut self: Box, - cx: &mut ServerContext, + cx: &mut ServerContext<'_>, m: Message<'m>, ) -> hs::NextStateOrError<'m> where diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs index a7deaab394..f87e6c0c7f 100644 --- a/rustls/src/verify.rs +++ b/rustls/src/verify.rs @@ -327,7 +327,7 @@ impl Codec<'_> for DigitallySignedStruct { self.sig.encode(bytes); } - fn read(r: &mut Reader) -> Result { + fn read(r: &mut Reader<'_>) -> Result { let scheme = SignatureScheme::read(r)?; let sig = PayloadU16::read(r)?; diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 637bec2b94..324006c662 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -22,7 +22,7 @@ use crate::verify::{DigitallySignedStruct, HandshakeSignatureValid}; /// same order that the server sent them and may be empty. #[allow(dead_code)] pub fn verify_server_cert_signed_by_trust_anchor( - cert: &ParsedCertificate, + cert: &ParsedCertificate<'_>, roots: &RootCertStore, intermediates: &[CertificateDer<'_>], now: UnixTime, @@ -42,7 +42,7 @@ pub fn verify_server_cert_signed_by_trust_anchor( /// note: this only verifies the name and should be used in conjuction with more verification /// like [verify_server_cert_signed_by_trust_anchor] pub fn verify_server_name( - cert: &ParsedCertificate, + cert: &ParsedCertificate<'_>, server_name: &ServerName<'_>, ) -> Result<(), Error> { cert.0 @@ -203,10 +203,10 @@ pub fn verify_tls13_signature( /// can't include this argument in `verify_server_cert_signed_by_trust_anchor` because /// it will leak the webpki types into Rustls' public API. pub(crate) fn verify_server_cert_signed_by_trust_anchor_impl( - cert: &ParsedCertificate, + cert: &ParsedCertificate<'_>, roots: &RootCertStore, intermediates: &[CertificateDer<'_>], - revocation: Option, + revocation: Option>, now: UnixTime, supported_algs: &[&dyn SignatureVerificationAlgorithm], ) -> Result<(), Error> { From b77229e604a45def49355517ffca33e58e126dc3 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 25 Jun 2024 11:15:24 -0400 Subject: [PATCH 1104/1145] lib: add warn for elided_lifetimes_in_paths Also alphabetizes the warn list. --- rustls/src/lib.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index bfc59c3a2e..efb2e013cb 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -313,9 +313,10 @@ clippy::std_instead_of_core, clippy::use_self, clippy::upper_case_acronyms, + elided_lifetimes_in_paths, + missing_docs, trivial_casts, trivial_numeric_casts, - missing_docs, unreachable_pub, unused_import_braces, unused_extern_crates, From 325a6b6c053b1c479df0a60811a03e559716cc90 Mon Sep 17 00:00:00 2001 From: haouvw Date: Wed, 26 Jun 2024 15:44:30 +0800 Subject: [PATCH 1105/1145] chore: fix some comments Signed-off-by: haouvw --- rustls/src/msgs/codec.rs | 6 +++--- rustls/src/webpki/verify.rs | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index 699589162e..cc3a8d42a9 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -7,7 +7,7 @@ use crate::error::InvalidMessage; /// Wrapper over a slice of bytes that allows reading chunks from /// with the current position state held using a cursor. /// -/// A new reader for a sub section of the the buffer can be created +/// A new reader for a sub section of the buffer can be created /// using the `sub` function or a section of a certain length can /// be obtained using the `take` function pub struct Reader<'a> { @@ -389,8 +389,8 @@ mod tests { let nested = LengthPrefixedBuffer::new(ListLength::U16, &mut buf); nested.buf.push(0xaa); assert_eq!(nested.buf, &vec![0xff, 0xff, 0xaa]); - // <- if the buffer is accidentally read here, there is no possiblity - // that the contents of the length-prefixed buffer are interpretted + // <- if the buffer is accidentally read here, there is no possibility + // that the contents of the length-prefixed buffer are interpreted // as a subsequent encoding (perhaps allowing injection of a different // extension) drop(nested); diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 324006c662..1d2725d2a0 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -39,7 +39,7 @@ pub fn verify_server_cert_signed_by_trust_anchor( } /// Verify that the `end_entity` has an alternative name matching the `server_name` -/// note: this only verifies the name and should be used in conjuction with more verification +/// note: this only verifies the name and should be used in conjunction with more verification /// like [verify_server_cert_signed_by_trust_anchor] pub fn verify_server_name( cert: &ParsedCertificate<'_>, From 8c46c080ed97a64845d3c1b55a88e0f5bbd951ff Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 24 Jun 2024 15:50:16 +0100 Subject: [PATCH 1106/1145] ticketer: reject ciphertexts longer than we produced --- rustls/src/crypto/ring/ticketer.rs | 52 ++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/rustls/src/crypto/ring/ticketer.rs b/rustls/src/crypto/ring/ticketer.rs index fbcaaef6a0..6c4afb4434 100644 --- a/rustls/src/crypto/ring/ticketer.rs +++ b/rustls/src/crypto/ring/ticketer.rs @@ -5,11 +5,14 @@ use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; use core::fmt::{Debug, Formatter}; +use core::sync::atomic::{AtomicUsize, Ordering}; use super::ring_like::aead; use super::ring_like::rand::{SecureRandom, SystemRandom}; use super::TICKETER_AEAD; use crate::error::Error; +#[cfg(feature = "logging")] +use crate::log::debug; use crate::rand::GetRandomFailed; use crate::server::ProducesTickets; @@ -58,6 +61,7 @@ fn make_ticket_generator() -> Result, GetRandomFailed> alg: TICKETER_AEAD, key: aead::LessSafeKey::new(key), lifetime: 60 * 60 * 12, + maximum_ciphertext_len: AtomicUsize::new(0), })) } @@ -69,6 +73,16 @@ struct AeadTicketer { alg: &'static aead::Algorithm, key: aead::LessSafeKey, lifetime: u32, + + /// Tracks the largest ciphertext produced by `encrypt`, and + /// uses it to early-reject `decrypt` queries that are too long. + /// + /// Accepting excessively long ciphertexts means a "Partitioning + /// Oracle Attack" (see ) + /// can be more efficient, though also note that these are thought + /// to be cryptographically hard if the key is full-entropy (as it + /// is here). + maximum_ciphertext_len: AtomicUsize, } impl ProducesTickets for AeadTicketer { @@ -93,17 +107,32 @@ impl ProducesTickets for AeadTicketer { Vec::with_capacity(nonce_buf.len() + message.len() + self.key.algorithm().tag_len()); ciphertext.extend(nonce_buf); ciphertext.extend(message); - self.key + let ciphertext = self + .key .seal_in_place_separate_tag(nonce, aad, &mut ciphertext[nonce_buf.len()..]) .map(|tag| { ciphertext.extend(tag.as_ref()); ciphertext }) - .ok() + .ok()?; + + self.maximum_ciphertext_len + .fetch_max(ciphertext.len(), Ordering::SeqCst); + Some(ciphertext) } /// Decrypt `ciphertext` and recover the original message. fn decrypt(&self, ciphertext: &[u8]) -> Option> { + if ciphertext.len() + > self + .maximum_ciphertext_len + .load(Ordering::SeqCst) + { + #[cfg(debug_assertions)] + debug!("rejected over-length ticket"); + return None; + } + // Non-panicking `let (nonce, ciphertext) = ciphertext.split_at(...)`. let nonce = ciphertext.get(..self.alg.nonce_len())?; let ciphertext = ciphertext.get(nonce.len()..)?; @@ -151,6 +180,25 @@ mod tests { assert_eq!(plain, b"hello world"); } + #[test] + fn refuses_decrypt_before_encrypt() { + let t = Ticketer::new().unwrap(); + assert_eq!(t.decrypt(b"hello"), None); + } + + #[test] + fn refuses_decrypt_larger_than_largest_encryption() { + let t = Ticketer::new().unwrap(); + let mut cipher = t.encrypt(b"hello world").unwrap(); + assert_eq!(t.decrypt(&cipher), Some(b"hello world".to_vec())); + + // obviously this would never work anyway, but this + // and `cannot_decrypt_before_encrypt` exercise the + // first branch in `decrypt()` + cipher.push(0); + assert_eq!(t.decrypt(&cipher), None); + } + #[test] fn ticketswitcher_switching_test() { let t = Arc::new(crate::ticketer::TicketSwitcher::new(1, make_ticket_generator).unwrap()); From 4502d2d489f7c83abd24d421c8e6c4091c467313 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Tue, 25 Jun 2024 14:05:25 +0100 Subject: [PATCH 1107/1145] ticketer: prepend a `key_name` to tickets See RFC5077 for the semantics and purpose of this. Included it in the AAD, but also early-reject incorrect values. This is belt-and-braces, we could remove either without a security problem. This should slightly improve the performance of `TicketSwitcher`. Note that `key_name` is not really a secret: tickets are issued and offered in plaintext in TLS1.2, and issued privately but offered in plaintext in TLS1.3. Therefore it is visible to an attacker in privileged network position, or able to complete a handshake with the server. --- rustls/src/crypto/ring/ticketer.rs | 64 +++++++++++++++++++++++++----- 1 file changed, 55 insertions(+), 9 deletions(-) diff --git a/rustls/src/crypto/ring/ticketer.rs b/rustls/src/crypto/ring/ticketer.rs index 6c4afb4434..1e248dc2b0 100644 --- a/rustls/src/crypto/ring/ticketer.rs +++ b/rustls/src/crypto/ring/ticketer.rs @@ -7,6 +7,8 @@ use core::fmt; use core::fmt::{Debug, Formatter}; use core::sync::atomic::{AtomicUsize, Ordering}; +use subtle::ConstantTimeEq; + use super::ring_like::aead; use super::ring_like::rand::{SecureRandom, SystemRandom}; use super::TICKETER_AEAD; @@ -57,9 +59,15 @@ fn make_ticket_generator() -> Result, GetRandomFailed> let key = aead::UnboundKey::new(TICKETER_AEAD, &key).unwrap(); + let mut key_name = [0u8; 16]; + SystemRandom::new() + .fill(&mut key_name) + .map_err(|_| GetRandomFailed)?; + Ok(Box::new(AeadTicketer { alg: TICKETER_AEAD, key: aead::LessSafeKey::new(key), + key_name, lifetime: 60 * 60 * 12, maximum_ciphertext_len: AtomicUsize::new(0), })) @@ -72,6 +80,7 @@ fn make_ticket_generator() -> Result, GetRandomFailed> struct AeadTicketer { alg: &'static aead::Algorithm, key: aead::LessSafeKey, + key_name: [u8; 16], lifetime: u32, /// Tracks the largest ciphertext produced by `encrypt`, and @@ -101,15 +110,27 @@ impl ProducesTickets for AeadTicketer { .fill(&mut nonce_buf) .ok()?; let nonce = aead::Nonce::assume_unique_for_key(nonce_buf); - let aad = aead::Aad::empty(); - - let mut ciphertext = - Vec::with_capacity(nonce_buf.len() + message.len() + self.key.algorithm().tag_len()); + let aad = aead::Aad::from(self.key_name); + + // ciphertext structure is: + // key_name: [u8; 16] + // nonce: [u8; 12] + // message: [u8, _] + // tag: [u8; 16] + + let mut ciphertext = Vec::with_capacity( + self.key_name.len() + nonce_buf.len() + message.len() + self.key.algorithm().tag_len(), + ); + ciphertext.extend(self.key_name); ciphertext.extend(nonce_buf); ciphertext.extend(message); let ciphertext = self .key - .seal_in_place_separate_tag(nonce, aad, &mut ciphertext[nonce_buf.len()..]) + .seal_in_place_separate_tag( + nonce, + aad, + &mut ciphertext[self.key_name.len() + nonce_buf.len()..], + ) .map(|tag| { ciphertext.extend(tag.as_ref()); ciphertext @@ -133,9 +154,26 @@ impl ProducesTickets for AeadTicketer { return None; } - // Non-panicking `let (nonce, ciphertext) = ciphertext.split_at(...)`. - let nonce = ciphertext.get(..self.alg.nonce_len())?; - let ciphertext = ciphertext.get(nonce.len()..)?; + let (alleged_key_name, ciphertext) = try_split_at(ciphertext, self.key_name.len())?; + + let (nonce, ciphertext) = try_split_at(ciphertext, self.alg.nonce_len())?; + + // checking the key_name is the expected one, *and* then putting it into the + // additionally authenticated data is duplicative. this check quickly rejects + // tickets for a different ticketer (see `TicketSwitcher`), while including it + // in the AAD ensures it is authenticated independent of that check and that + // any attempted attack on the integrity such as [^1] must happen for each + // `key_label`, not over a population of potential keys. this approach + // is overall similar to [^2]. + // + // [^1]: https://eprint.iacr.org/2020/1491.pdf + // [^2]: "Authenticated Encryption with Key Identification", fig 6 + // + if ConstantTimeEq::ct_ne(&self.key_name[..], alleged_key_name).into() { + #[cfg(debug_assertions)] + debug!("rejected ticket with wrong ticket_name"); + return None; + } // This won't fail since `nonce` has the required length. let nonce = aead::Nonce::try_assume_unique_for_key(nonce).ok()?; @@ -144,7 +182,7 @@ impl ProducesTickets for AeadTicketer { let plain_len = self .key - .open_in_place(nonce, aead::Aad::empty(), &mut out) + .open_in_place(nonce, aead::Aad::from(alleged_key_name), &mut out) .ok()? .len(); out.truncate(plain_len); @@ -163,6 +201,14 @@ impl Debug for AeadTicketer { } } +/// Non-panicking `let (nonce, ciphertext) = ciphertext.split_at(...)`. +fn try_split_at(slice: &[u8], mid: usize) -> Option<(&[u8], &[u8])> { + match mid > slice.len() { + true => None, + false => Some(slice.split_at(mid)), + } +} + #[cfg(test)] mod tests { use core::time::Duration; From 90ccaf8f3cd0c2c185a81403e42a6751a8571c0b Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 24 Jun 2024 15:55:38 +0100 Subject: [PATCH 1108/1145] Codec::read_bytes: detect trailing data It is impossible in this interface for the caller to notice that trailing data was present (compared to `Codec::read`), so this function must do it. The immediate impetus for this change is the usage of `ServerSessionValue::read_bytes()` after ticket decryption. Fix a test in handshake_test that was sensitive to this. --- rustls/src/msgs/codec.rs | 8 +++++++- rustls/src/msgs/handshake_test.rs | 8 ++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index cc3a8d42a9..68ad671e41 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -169,9 +169,15 @@ pub trait Codec<'a>: Debug + Sized { /// Function for wrapping a call to the read function in /// a Reader for the slice of bytes provided + /// + /// Returns `Err(InvalidMessage::ExcessData(_))` if + /// `Self::read` does not read the entirety of `bytes`. fn read_bytes(bytes: &'a [u8]) -> Result { let mut reader = Reader::init(bytes); - Self::read(&mut reader) + Self::read(&mut reader).and_then(|r| { + reader.expect_empty("read_bytes")?; + Ok(r) + }) } } diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index b54e089e71..17c1b15e69 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -7,6 +7,7 @@ use super::handshake::{ServerDhParams, ServerKeyExchange, ServerKeyExchangeParam use crate::enums::{ CertificateCompressionAlgorithm, CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme, }; +use crate::error::InvalidMessage; use crate::msgs::base::{Payload, PayloadU16, PayloadU24, PayloadU8}; use crate::msgs::codec::{put_u16, Codec, Reader}; use crate::msgs::enums::{ @@ -872,7 +873,7 @@ fn cannot_decode_huge_certificate() { buf[7] = 0x00; buf[8] = 0xff; buf[9] = 0xfd; - HandshakeMessagePayload::read_bytes(&buf).unwrap(); + HandshakeMessagePayload::read_bytes(&buf[..0x10000 + 7]).unwrap(); // however 64KB + 1 byte does not buf[1] = 0x01; @@ -881,7 +882,10 @@ fn cannot_decode_huge_certificate() { buf[4] = 0x01; buf[5] = 0x00; buf[6] = 0x01; - assert!(HandshakeMessagePayload::read_bytes(&buf).is_err()); + assert_eq!( + HandshakeMessagePayload::read_bytes(&buf[..0x10001 + 7]).unwrap_err(), + InvalidMessage::TrailingData("HandshakeMessagePayload") + ); } #[test] From cf0c947a256c1eb84da8292dee34d8656fb13326 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 24 Jun 2024 16:35:31 +0100 Subject: [PATCH 1109/1145] Improve error specificity for excess-size certificates --- rustls/src/error.rs | 2 ++ rustls/src/msgs/codec.rs | 9 ++++++--- rustls/src/msgs/handshake.rs | 10 +++++++++- rustls/src/msgs/handshake_test.rs | 2 +- rustls/tests/api.rs | 4 ++-- 5 files changed, 20 insertions(+), 7 deletions(-) diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 1637894ff2..1e66d1e641 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -112,6 +112,8 @@ pub enum Error { #[derive(Debug, Clone, Copy, PartialEq)] pub enum InvalidMessage { + /// A certificate payload exceeded rustls's 64KB limit + CertificatePayloadTooLarge, /// An advertised message was larger then expected. HandshakePayloadTooLarge, /// The peer sent us a syntactically incorrect ChangeCipherSpec payload. diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index 68ad671e41..48dfbaf8b2 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -290,7 +290,10 @@ impl<'a, T: Codec<'a> + TlsListElement + Debug> Codec<'a> for Vec { let len = match T::SIZE_LEN { ListLength::U8 => usize::from(u8::read(r)?), ListLength::U16 => usize::from(u16::read(r)?), - ListLength::U24 { max } => Ord::min(usize::from(u24::read(r)?), max), + ListLength::U24 { max, error } => match usize::from(u24::read(r)?) { + len if len > max => return Err(error), + len => len, + }, }; let mut sub = r.sub(len)?; @@ -317,11 +320,11 @@ pub(crate) trait TlsListElement { /// /// The types that appear in lists are limited to three kinds of length prefixes: /// 1, 2, and 3 bytes. For the latter kind, we require a `TlsListElement` implementer -/// to specify a maximum length. +/// to specify a maximum length and error if the actual length is larger. pub(crate) enum ListLength { U8, U16, - U24 { max: usize }, + U24 { max: usize, error: InvalidMessage }, } /// Tracks encoding a length-delimited structure in a single pass. diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index a5cd2cf6ed..cead7a3084 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1447,6 +1447,7 @@ impl<'a> Deref for CertificateChain<'a> { impl TlsListElement for CertificateDer<'_> { const SIZE_LEN: ListLength = ListLength::U24 { max: CERTIFICATE_MAX_SIZE_LIMIT, + error: InvalidMessage::CertificatePayloadTooLarge, }; } @@ -1583,6 +1584,7 @@ impl<'a> CertificateEntry<'a> { impl<'a> TlsListElement for CertificateEntry<'a> { const SIZE_LEN: ListLength = ListLength::U24 { max: CERTIFICATE_MAX_SIZE_LIMIT, + error: InvalidMessage::CertificatePayloadTooLarge, }; } @@ -2726,7 +2728,13 @@ impl<'a> HandshakeMessagePayload<'a> { } .encode(bytes); - let nested = LengthPrefixedBuffer::new(ListLength::U24 { max: usize::MAX }, bytes); + let nested = LengthPrefixedBuffer::new( + ListLength::U24 { + max: usize::MAX, + error: InvalidMessage::MessageTooLarge, + }, + bytes, + ); match &self.payload { // for Server Hello and HelloRetryRequest payloads we need to encode the payload diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index 17c1b15e69..57884bd21b 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -884,7 +884,7 @@ fn cannot_decode_huge_certificate() { buf[6] = 0x01; assert_eq!( HandshakeMessagePayload::read_bytes(&buf[..0x10001 + 7]).unwrap_err(), - InvalidMessage::TrailingData("HandshakeMessagePayload") + InvalidMessage::CertificatePayloadTooLarge ); } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index e2c3010b11..85aa401376 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -6788,7 +6788,7 @@ fn test_cert_decompression_by_client_produces_invalid_cert_payload() { assert_eq!( do_handshake_until_error(&mut client, &mut server), Err(ErrorFromPeer::Client(Error::InvalidMessage( - InvalidMessage::MessageTooShort + InvalidMessage::CertificatePayloadTooLarge ))) ); transfer(&mut client, &mut server); @@ -6809,7 +6809,7 @@ fn test_cert_decompression_by_server_produces_invalid_cert_payload() { assert_eq!( do_handshake_until_error(&mut client, &mut server), Err(ErrorFromPeer::Server(Error::InvalidMessage( - InvalidMessage::MessageTooShort + InvalidMessage::CertificatePayloadTooLarge ))) ); transfer(&mut server, &mut client); From 18aa20abee0cbdd1c64e3e98d7cd1a7ffb883440 Mon Sep 17 00:00:00 2001 From: Bheesham Persaud <171007+bheesham@users.noreply.github.com> Date: Thu, 27 Jun 2024 12:23:46 -0400 Subject: [PATCH 1110/1145] examples Fix minor typo (ciper -> cipher) --- examples/src/bin/tlsclient-mio.rs | 2 +- examples/src/bin/tlsserver-mio.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index d4b51dbd18..aaf424f33e 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -2,7 +2,7 @@ //! //! It uses command line flags to demonstrate configuring a TLS client that may: //! * Specify supported TLS protocol versions -//! * Customize ciper suite selection +//! * Customize cipher suite selection //! * Perform client certificate authentication //! * Disable session tickets //! * Disable SNI diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 08ecae5a54..83ca92f7f7 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -2,7 +2,7 @@ //! //! It uses command line flags to demonstrate configuring a TLS server that may: //! * Specify supported TLS protocol versions -//! * Customize ciper suite selection +//! * Customize cipher suite selection //! * Perform optional or mandatory client certificate authentication //! * Check client certificates for revocation status with CRLs //! * Support session tickets From acf4287fececfae9d99db0bc2d63ce3baa249c1b Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Wed, 3 Jul 2024 11:38:43 +0100 Subject: [PATCH 1111/1145] unbuffered: add missing Deref for `CommonState` This has a number of important APIs, especially `alpn_protocol`, which are currently missing in the unbuffered API. --- rustls/src/conn.rs | 8 ++++++++ rustls/tests/unbuffered.rs | 14 ++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 8701824492..b98f3be65e 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -772,6 +772,14 @@ impl From> for UnbufferedConnectionCommon { } } +impl Deref for UnbufferedConnectionCommon { + type Target = CommonState; + + fn deref(&self) -> &Self::Target { + &self.core.common_state + } +} + pub(crate) struct ConnectionCore { pub(crate) state: Result>, Error>, pub(crate) data: Data, diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index b02683111b..567acd9ab3 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -401,6 +401,20 @@ fn run( assert!(count <= MAX_ITERATIONS, "handshake was not completed"); } + println!("finished with:"); + println!( + " client: {:?} {:?} {:?}", + client.protocol_version(), + client.negotiated_cipher_suite(), + client.handshake_kind() + ); + println!( + " server: {:?} {:?} {:?}", + server.protocol_version(), + server.negotiated_cipher_suite(), + server.handshake_kind() + ); + outcome.server = Some(server); outcome.client = Some(client); outcome From 08bc10d5d367db7b6566671f23db03801c50a45e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 28 Jun 2024 13:08:21 -0400 Subject: [PATCH 1112/1145] common_state: expose key exchange group Similar to `negotiated_cipher_suite()` there's utility in knowing the key exchange group that was used for the connection. Unit tests and examples are updated where relevant. --- rustls-post-quantum/examples/client.rs | 9 +++ rustls/src/client/hs.rs | 9 ++- rustls/src/client/tls12.rs | 4 +- rustls/src/client/tls13.rs | 5 +- rustls/src/common_state.rs | 36 +++++++++++ rustls/src/server/hs.rs | 3 +- rustls/src/server/tls12.rs | 3 + rustls/src/server/tls13.rs | 1 + rustls/tests/api.rs | 84 +++++++++++++++++++++++--- rustls/tests/api_ffdhe.rs | 32 +++++++--- rustls/tests/common/mod.rs | 63 ++++++++++++++++++- 11 files changed, 227 insertions(+), 22 deletions(-) diff --git a/rustls-post-quantum/examples/client.rs b/rustls-post-quantum/examples/client.rs index 574252faad..b37c8970e1 100644 --- a/rustls-post-quantum/examples/client.rs +++ b/rustls-post-quantum/examples/client.rs @@ -52,6 +52,15 @@ fn main() { ciphersuite.suite() ) .unwrap(); + let kx_group = tls + .conn + .negotiated_key_exchange_group() + .unwrap(); + writeln!( + &mut std::io::stderr(), + "Current key exchange group: {kx_group:?}", + ) + .unwrap(); let mut plaintext = Vec::new(); tls.read_to_end(&mut plaintext).unwrap(); stdout().write_all(&plaintext).unwrap(); diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index ec13af6c37..49ce6c798f 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -17,7 +17,7 @@ use crate::client::client_conn::ClientConnectionData; use crate::client::common::ClientHelloDetails; use crate::client::ech::EchState; use crate::client::{tls13, ClientConfig, EchMode, EchStatus}; -use crate::common_state::{CommonState, HandshakeKind, State}; +use crate::common_state::{CommonState, HandshakeKind, KxState, State}; use crate::conn::ConnectionRandoms; use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm}; use crate::enums::{AlertDescription, CipherSuite, ContentType, HandshakeType, ProtocolVersion}; @@ -109,7 +109,11 @@ pub(super) fn start_handshake( let mut resuming = find_session(&server_name, &config, cx); let key_share = if config.supports_version(ProtocolVersion::TLSv1_3) { - Some(tls13::initial_key_share(&config, &server_name)?) + Some(tls13::initial_key_share( + &config, + &server_name, + &mut cx.common.kx_state, + )?) } else { None }; @@ -1035,6 +1039,7 @@ impl ExpectServerHelloOrHelloRetryRequest { } }; + cx.common.kx_state = KxState::Start(skxg); skxg.start()? } _ => offered_key_share, diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 8e6fe57ff8..fe6fecafca 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -13,7 +13,7 @@ use super::hs::ClientContext; use crate::check::{inappropriate_handshake_message, inappropriate_message}; use crate::client::common::{ClientAuthDetails, ServerCertDetails}; use crate::client::{hs, ClientConfig}; -use crate::common_state::{CommonState, HandshakeKind, Side, State}; +use crate::common_state::{CommonState, HandshakeKind, KxState, Side, State}; use crate::conn::ConnectionRandoms; use crate::crypto::KeyExchangeAlgorithm; use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; @@ -929,6 +929,7 @@ impl State for ExpectServerDone<'_> { return Err(PeerMisbehaved::SelectedUnofferedKxGroup.into()); } }; + cx.common.kx_state = KxState::Start(skxg); let kx = skxg.start()?; // 5b. @@ -955,6 +956,7 @@ impl State for ExpectServerDone<'_> { st.randoms, suite, )?; + cx.common.kx_state.complete(); st.config.key_log.log( "CLIENT_RANDOM", diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index f7d918ba66..93d5c6b09a 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -12,7 +12,7 @@ use crate::check::inappropriate_handshake_message; use crate::client::common::{ClientAuthDetails, ClientHelloDetails, ServerCertDetails}; use crate::client::ech::{self, EchState, EchStatus}; use crate::client::{hs, ClientConfig, ClientSessionStore}; -use crate::common_state::{CommonState, HandshakeKind, Protocol, Side, State}; +use crate::common_state::{CommonState, HandshakeKind, KxState, Protocol, Side, State}; use crate::conn::ConnectionRandoms; use crate::crypto::ActiveKeyExchange; use crate::enums::{ @@ -147,6 +147,7 @@ pub(super) fn handle_server_hello( KeySchedulePreHandshake::new(suite) }; + cx.common.kx_state.complete(); let shared_secret = our_key_share.complete(&their_key_share.payload.0)?; let mut key_schedule = key_schedule_pre_handshake.into_handshake(shared_secret); @@ -228,6 +229,7 @@ fn validate_server_hello( pub(super) fn initial_key_share( config: &ClientConfig, server_name: &ServerName<'_>, + kx_state: &mut KxState, ) -> Result, Error> { let group = config .resumption @@ -244,6 +246,7 @@ pub(super) fn initial_key_share( .expect("No kx groups configured") }); + *kx_state = KxState::Start(group); group.start() } diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index 3afd9eec3d..8d8daa7325 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -3,6 +3,7 @@ use alloc::vec::Vec; use pki_types::CertificateDer; +use crate::crypto::SupportedKxGroup; use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; #[cfg(feature = "logging")] @@ -31,6 +32,7 @@ pub struct CommonState { pub(crate) side: Side, pub(crate) record_layer: record_layer::RecordLayer, pub(crate) suite: Option, + pub(crate) kx_state: KxState, pub(crate) alpn_protocol: Option>, pub(crate) aligned_handshake: bool, pub(crate) may_send_application_data: bool, @@ -63,6 +65,7 @@ impl CommonState { side, record_layer: record_layer::RecordLayer::new(), suite: None, + kx_state: KxState::default(), alpn_protocol: None, aligned_handshake: true, may_send_application_data: false, @@ -138,6 +141,22 @@ impl CommonState { self.suite } + /// Retrieves the key exchange group agreed with the peer. + /// + /// This function may return `None` depending on the state of the connection, + /// the type of handshake, and the protocol version. + /// + /// If [`CommonState::is_handshaking()`] is true this function will return `None`. + /// Similarly, if the [`CommonState::handshake_kind()`] is [`HandshakeKind::Resumed`] + /// and the [`CommonState::protocol_version()`] is TLS 1.2, then no key exchange will have + /// occurred and this function will return `None`. + pub fn negotiated_key_exchange_group(&self) -> Option<&'static dyn SupportedKxGroup> { + match self.kx_state { + KxState::Complete(group) => Some(group), + _ => None, + } + } + /// Retrieves the protocol version agreed with the peer. /// /// This returns `None` until the version is agreed. @@ -939,5 +958,22 @@ impl Default for TemperCounters { } } +#[derive(Debug, Default)] +pub(crate) enum KxState { + #[default] + None, + Start(&'static dyn SupportedKxGroup), + Complete(&'static dyn SupportedKxGroup), +} + +impl KxState { + pub(crate) fn complete(&mut self) { + debug_assert!(matches!(self, Self::Start(_))); + if let Self::Start(group) = self { + *self = Self::Complete(*group); + } + } +} + const DEFAULT_RECEIVED_PLAINTEXT_LIMIT: usize = 16 * 1024; pub(crate) const DEFAULT_BUFFER_LIMIT: usize = 64 * 1024; diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index a750e31d0a..9b86a161fe 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -8,7 +8,7 @@ use pki_types::DnsName; use super::server_conn::ServerConnectionData; #[cfg(feature = "tls12")] use super::tls12; -use crate::common_state::{Protocol, State}; +use crate::common_state::{KxState, Protocol, State}; use crate::conn::ConnectionRandoms; use crate::crypto::SupportedKxGroup; use crate::enums::{ @@ -352,6 +352,7 @@ impl ExpectClientHello { debug!("decided upon suite {:?}", suite); cx.common.suite = Some(suite); + cx.common.kx_state = KxState::Start(skxg); // Start handshake hash. let starting_hash = suite.hash_provider(); diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index b3bdc30740..89383f7868 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -37,6 +37,7 @@ mod client_hello { use pki_types::CertificateDer; use super::*; + use crate::common_state::KxState; use crate::crypto::SupportedKxGroup; use crate::enums::SignatureScheme; use crate::msgs::enums::{ClientCertificateType, Compression, ECPointFormat}; @@ -191,6 +192,7 @@ mod client_hello { self.session_id = SessionId::random(self.config.provider.secure_random)?; } + cx.common.kx_state = KxState::Start(selected_kxg); cx.common.handshake_kind = Some(HandshakeKind::Full); self.send_ticket = emit_server_hello( @@ -613,6 +615,7 @@ impl State for ExpectClientKx<'_> { self.randoms, self.suite, )?; + cx.common.kx_state.complete(); self.config.key_log.log( "CLIENT_RANDOM", diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index 58214ac7cf..27c65a0a50 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -351,6 +351,7 @@ mod client_hello { cx.common .handshake_kind .get_or_insert(HandshakeKind::Full); + cx.common.kx_state.complete(); } else { cx.common.handshake_kind = Some(HandshakeKind::Resumed); } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 85aa401376..187a9e5f70 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -34,9 +34,9 @@ use rustls::{ use rustls::{ sign, AlertDescription, CertificateError, CipherSuite, ClientConfig, ClientConnection, ConnectionCommon, ConnectionTrafficSecrets, ContentType, DistinguishedName, Error, - HandshakeKind, HandshakeType, InvalidMessage, KeyLog, PeerIncompatible, PeerMisbehaved, - ProtocolVersion, ServerConfig, ServerConnection, SideData, SignatureScheme, Stream, - StreamOwned, SupportedCipherSuite, + HandshakeKind, HandshakeType, InvalidMessage, KeyLog, NamedGroup, PeerIncompatible, + PeerMisbehaved, ProtocolVersion, ServerConfig, ServerConnection, SideData, SignatureScheme, + Stream, StreamOwned, SupportedCipherSuite, }; use super::*; @@ -45,6 +45,7 @@ mod common; use common::*; use provider::cipher_suite; use provider::sign::RsaSigningKey; +use rustls::ProtocolVersion::TLSv1_2; fn alpn_test_error( server_protos: Vec>, @@ -505,6 +506,10 @@ fn server_can_get_client_cert_after_resumption() { #[test] fn resumption_combinations() { + let expected_kx = match provider_is_fips() { + true => NamedGroup::secp256r1, + false => NamedGroup::X25519, + }; for kt in ALL_KEY_TYPES { let server_config = make_server_config(*kt); for version in rustls::ALL_VERSIONS { @@ -515,6 +520,20 @@ fn resumption_combinations() { assert_eq!(client.handshake_kind(), Some(HandshakeKind::Full)); assert_eq!(server.handshake_kind(), Some(HandshakeKind::Full)); + assert_eq!( + client + .negotiated_key_exchange_group() + .unwrap() + .name(), + expected_kx + ); + assert_eq!( + server + .negotiated_key_exchange_group() + .unwrap() + .name(), + expected_kx + ); let (mut client, mut server) = make_pair_for_configs(client_config.clone(), server_config.clone()); @@ -522,6 +541,22 @@ fn resumption_combinations() { assert_eq!(client.handshake_kind(), Some(HandshakeKind::Resumed)); assert_eq!(server.handshake_kind(), Some(HandshakeKind::Resumed)); + if version.version == TLSv1_2 { + assert!(client + .negotiated_key_exchange_group() + .is_none()); + } else { + assert_eq!( + client + .negotiated_key_exchange_group() + .unwrap() + .name(), + expected_kx + ); + } + assert!(server + .negotiated_key_exchange_group() + .is_none()); } } } @@ -3132,11 +3167,16 @@ fn test_ciphersuites() -> Vec<( #[test] fn negotiated_ciphersuite_default() { + let expected_kx = match provider_is_fips() { + true => NamedGroup::secp256r1, + false => NamedGroup::X25519, + }; for kt in ALL_KEY_TYPES { - do_suite_test( + do_suite_and_kx_test( make_client_config(*kt), make_server_config(*kt), find_suite(CipherSuite::TLS13_AES_256_GCM_SHA384), + expected_kx, ProtocolVersion::TLSv1_3, ); } @@ -3152,6 +3192,10 @@ fn all_suites_covered() { #[test] fn negotiated_ciphersuite_client() { + let expected_kx = match provider_is_fips() { + true => NamedGroup::secp256r1, + false => NamedGroup::X25519, + }; for (version, kt, suite) in test_ciphersuites() { let scs = find_suite(suite); let client_config = finish_client_config( @@ -3167,12 +3211,22 @@ fn negotiated_ciphersuite_client() { .unwrap(), ); - do_suite_test(client_config, make_server_config(kt), scs, version.version); + do_suite_and_kx_test( + client_config, + make_server_config(kt), + scs, + expected_kx, + version.version, + ); } } #[test] fn negotiated_ciphersuite_server() { + let expected_kx = match provider_is_fips() { + true => NamedGroup::secp256r1, + false => NamedGroup::X25519, + }; for (version, kt, suite) in test_ciphersuites() { let scs = find_suite(suite); let server_config = finish_server_config( @@ -3188,12 +3242,22 @@ fn negotiated_ciphersuite_server() { .unwrap(), ); - do_suite_test(make_client_config(kt), server_config, scs, version.version); + do_suite_and_kx_test( + make_client_config(kt), + server_config, + scs, + expected_kx, + version.version, + ); } } #[test] fn negotiated_ciphersuite_server_ignoring_client_preference() { + let expected_kx = match provider_is_fips() { + true => NamedGroup::secp256r1, + false => NamedGroup::X25519, + }; for (version, kt, suite) in test_ciphersuites() { let scs = find_suite(suite); let scs_other = if scs.suite() == CipherSuite::TLS13_AES_256_GCM_SHA384 { @@ -3228,7 +3292,13 @@ fn negotiated_ciphersuite_server_ignoring_client_preference() { .unwrap(), ); - do_suite_test(client_config, server_config, scs, version.version); + do_suite_and_kx_test( + client_config, + server_config, + scs, + expected_kx, + version.version, + ); } } diff --git a/rustls/tests/api_ffdhe.rs b/rustls/tests/api_ffdhe.rs index 33253fe2cb..6409eee1b7 100644 --- a/rustls/tests/api_ffdhe.rs +++ b/rustls/tests/api_ffdhe.rs @@ -10,7 +10,7 @@ use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; use rustls::internal::msgs::message::{Message, MessagePayload}; use rustls::version::{TLS12, TLS13}; -use rustls::{CipherSuite, ClientConfig}; +use rustls::{CipherSuite, ClientConfig, NamedGroup}; use super::*; @@ -61,10 +61,11 @@ fn ffdhe_ciphersuite() { .with_safe_default_protocol_versions() .unwrap(), ); - do_suite_test( + do_suite_and_kx_test( client_config, server_config, expected_cipher_suite, + NamedGroup::FFDHE2048, expected_protocol.version, ); } @@ -179,8 +180,7 @@ fn server_avoids_dhe_cipher_suites_when_client_has_no_known_dhe_in_groups_ext() ); let (mut client, mut server) = make_pair_for_configs(client_config, server_config); - transfer(&mut client, &mut server); - assert!(server.process_new_packets().is_ok()); + do_handshake(&mut client, &mut server); assert_eq!( server .negotiated_cipher_suite() @@ -188,6 +188,13 @@ fn server_avoids_dhe_cipher_suites_when_client_has_no_known_dhe_in_groups_ext() .suite(), CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ); + assert_eq!( + server + .negotiated_key_exchange_group() + .unwrap() + .name(), + NamedGroup::secp256r1, + ) } #[test] @@ -253,6 +260,7 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { ], &TLS12, CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + Some(NamedGroup::secp256r1), ), ( vec![ @@ -262,6 +270,7 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { ], &TLS12, CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + Some(NamedGroup::secp256r1), ), ( vec![ @@ -271,6 +280,7 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { ], &TLS12, CipherSuite::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + Some(NamedGroup::FFDHE2048), ), ( // TLS 1.3, have common @@ -281,6 +291,7 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { ], &TLS13, CipherSuite::TLS13_AES_128_GCM_SHA256, + Some(NamedGroup::secp256r1), ), ( vec![ @@ -290,6 +301,7 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { ], &TLS13, CipherSuite::TLS13_AES_128_GCM_SHA256, + Some(NamedGroup::secp256r1), ), ( vec![ @@ -299,10 +311,11 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { ], &TLS13, CipherSuite::TLS13_AES_128_GCM_SHA256, + Some(NamedGroup::FFDHE2048), ), ]; - for (client_kx_groups, protocol_version, expected_cipher_suite) in test_cases { + for (client_kx_groups, protocol_version, expected_cipher_suite, expected_group) in test_cases { let client_config = finish_client_config( KeyType::Rsa2048, rustls::ClientConfig::builder_with_provider( @@ -323,8 +336,7 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { .into(); let (mut client, mut server) = make_pair_for_arc_configs(&client_config, &server_config); - transfer(&mut client, &mut server); - assert!(dbg!(server.process_new_packets()).is_ok()); + do_handshake(&mut client, &mut server); assert_eq!( server .negotiated_cipher_suite() @@ -333,6 +345,12 @@ fn server_avoids_cipher_suite_with_no_common_kx_groups() { expected_cipher_suite ); assert_eq!(server.protocol_version(), Some(protocol_version.version)); + assert_eq!( + server + .negotiated_key_exchange_group() + .map(|kx| kx.name()), + expected_group, + ); } } diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 01398254d1..76bdd39877 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -18,8 +18,8 @@ use rustls::internal::msgs::message::{Message, OutboundOpaqueMessage, PlainMessa use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier}; use rustls::{ ClientConfig, ClientConnection, Connection, ConnectionCommon, ContentType, - DigitallySignedStruct, Error, ProtocolVersion, RootCertStore, ServerConfig, ServerConnection, - SideData, SignatureScheme, SupportedCipherSuite, + DigitallySignedStruct, Error, NamedGroup, ProtocolVersion, RootCertStore, ServerConfig, + ServerConnection, SideData, SignatureScheme, SupportedCipherSuite, }; use webpki::anchor_from_trusted_cert; @@ -729,10 +729,11 @@ impl io::Read for FailsReads { } } -pub fn do_suite_test( +pub fn do_suite_and_kx_test( client_config: ClientConfig, server_config: ServerConfig, expect_suite: SupportedCipherSuite, + expect_kx: NamedGroup, expect_version: ProtocolVersion, ) { println!( @@ -744,6 +745,12 @@ pub fn do_suite_test( assert_eq!(None, client.negotiated_cipher_suite()); assert_eq!(None, server.negotiated_cipher_suite()); + assert!(client + .negotiated_key_exchange_group() + .is_none()); + assert!(server + .negotiated_key_exchange_group() + .is_none()); assert_eq!(None, client.protocol_version()); assert_eq!(None, server.protocol_version()); assert!(client.is_handshaking()); @@ -758,12 +765,48 @@ pub fn do_suite_test( assert_eq!(Some(expect_version), server.protocol_version()); assert_eq!(None, client.negotiated_cipher_suite()); assert_eq!(Some(expect_suite), server.negotiated_cipher_suite()); + assert!(client + .negotiated_key_exchange_group() + .is_none()); + if matches!(expect_version, ProtocolVersion::TLSv1_2) { + assert!(server + .negotiated_key_exchange_group() + .is_none()); + } else { + assert_eq!( + expect_kx, + server + .negotiated_key_exchange_group() + .unwrap() + .name() + ); + } transfer(&mut server, &mut client); client.process_new_packets().unwrap(); assert_eq!(Some(expect_suite), client.negotiated_cipher_suite()); assert_eq!(Some(expect_suite), server.negotiated_cipher_suite()); + assert_eq!( + expect_kx, + client + .negotiated_key_exchange_group() + .unwrap() + .name() + ); + if matches!(expect_version, ProtocolVersion::TLSv1_2) { + assert!(server + .negotiated_key_exchange_group() + .is_none()); + } else { + assert_eq!( + expect_kx, + server + .negotiated_key_exchange_group() + .unwrap() + .name() + ); + } transfer(&mut client, &mut server); server.process_new_packets().unwrap(); @@ -776,6 +819,20 @@ pub fn do_suite_test( assert_eq!(Some(expect_version), server.protocol_version()); assert_eq!(Some(expect_suite), client.negotiated_cipher_suite()); assert_eq!(Some(expect_suite), server.negotiated_cipher_suite()); + assert_eq!( + expect_kx, + client + .negotiated_key_exchange_group() + .unwrap() + .name() + ); + assert_eq!( + expect_kx, + server + .negotiated_key_exchange_group() + .unwrap() + .name() + ); } fn exactly_one_provider() -> bool { From b70c8be195eeb4d29b96d2333f7fdc93c75d9de5 Mon Sep 17 00:00:00 2001 From: Lukas Velikov Date: Wed, 3 Jul 2024 13:15:20 -0400 Subject: [PATCH 1113/1145] Cargo: update webpki to 0.102.5; update Cargo.lock --- Cargo.lock | 8 ++++---- fuzz/Cargo.lock | 4 ++-- rustls/Cargo.toml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b338ddf11e..1e7c1adbc4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2228,7 +2228,7 @@ dependencies = [ "ring", "rustls-pemfile 2.1.2", "rustls-pki-types", - "rustls-webpki 0.102.4", + "rustls-webpki 0.102.5", "rustversion", "serde", "serde_json", @@ -2355,7 +2355,7 @@ dependencies = [ "rsa", "rustls 0.23.10", "rustls-pki-types", - "rustls-webpki 0.102.4", + "rustls-webpki 0.102.5", "sha2", "signature", "webpki-roots 0.26.3", @@ -2385,9 +2385,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.102.4" +version = "0.102.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" +checksum = "f9a6fccd794a42c2c105b513a2f62bc3fd8f3ba57a4593677ceb0bd035164d78" dependencies = [ "aws-lc-rs", "ring", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 09bed286cd..79a977e1e0 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -401,9 +401,9 @@ checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" [[package]] name = "rustls-webpki" -version = "0.102.4" +version = "0.102.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" +checksum = "f9a6fccd794a42c2c105b513a2f62bc3fd8f3ba57a4593677ceb0bd035164d78" dependencies = [ "aws-lc-rs", "ring", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 1def27c710..e83b0e822f 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -26,7 +26,7 @@ log = { version = "0.4.4", optional = true } once_cell = { version = "1.16", default-features = false, features = ["alloc", "race"] } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } -webpki = { package = "rustls-webpki", version = "0.102.4", features = ["alloc"], default-features = false } +webpki = { package = "rustls-webpki", version = "0.102.5", features = ["alloc"], default-features = false } pki-types = { package = "rustls-pki-types", version = "1.7", features = ["alloc"] } zeroize = "1.7" zlib-rs = { version = "0.2", optional = true } From bd2c5a381ac35424d33a55219986d18ae8c1dd21 Mon Sep 17 00:00:00 2001 From: Lukas Velikov Date: Wed, 19 Jun 2024 13:01:49 -0400 Subject: [PATCH 1114/1145] Expose ParsedCertificate SubjectPublicKeyInfo --- rustls/src/webpki/verify.rs | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 1d2725d2a0..8dc4e18c4d 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -1,7 +1,9 @@ use alloc::vec::Vec; use core::fmt; -use pki_types::{CertificateDer, ServerName, SignatureVerificationAlgorithm, UnixTime}; +use pki_types::{ + CertificateDer, ServerName, SignatureVerificationAlgorithm, SubjectPublicKeyInfoDer, UnixTime, +}; use super::anchors::RootCertStore; use super::pki_error; @@ -125,6 +127,13 @@ impl fmt::Debug for WebPkiSupportedAlgorithms { /// This is used in order to avoid parsing twice when specifying custom verification pub struct ParsedCertificate<'a>(pub(crate) webpki::EndEntityCert<'a>); +impl<'a> ParsedCertificate<'a> { + /// Get the parsed certificate's SubjectPublicKeyInfo (SPKI) + pub fn subject_public_key_info(&self) -> SubjectPublicKeyInfoDer<'static> { + self.0.subject_public_key_info() + } +} + impl<'a> TryFrom<&'a CertificateDer<'a>> for ParsedCertificate<'a> { type Error = Error; fn try_from(value: &'a CertificateDer<'a>) -> Result { From 8840b88c39b6cb2f2837fc9a87b7add3785a0c10 Mon Sep 17 00:00:00 2001 From: Lukas Velikov Date: Wed, 19 Jun 2024 13:03:35 -0400 Subject: [PATCH 1115/1145] Add SigningKey:public_key and CertifiedKey::keys_match with errors --- rustls/src/crypto/signer.rs | 26 ++++++++++++++++++++++++-- rustls/src/error.rs | 36 +++++++++++++++++++++++++++++++++++- rustls/src/lib.rs | 4 ++-- 3 files changed, 61 insertions(+), 5 deletions(-) diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index b6f65747d6..12ff97a0d4 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -3,10 +3,11 @@ use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; -use pki_types::CertificateDer; +use pki_types::{CertificateDer, SubjectPublicKeyInfoDer}; use crate::enums::{SignatureAlgorithm, SignatureScheme}; -use crate::error::Error; +use crate::error::{Error, InconsistentKeys}; +use crate::server::ParsedCertificate; /// An abstract signing key. /// @@ -59,6 +60,12 @@ pub trait SigningKey: Debug + Send + Sync { /// using the chosen scheme. fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option>; + /// Get the RFC 5280-compliant SubjectPublicKeyInfo (SPKI) of this [`SigningKey`] if available. + fn public_key(&self) -> Option> { + // Opt-out by default + None + } + /// What kind of key we have. fn algorithm(&self) -> SignatureAlgorithm; } @@ -105,6 +112,21 @@ impl CertifiedKey { } } + /// Verify the consistency of this [`CertifiedKey`]'s public and private keys. + /// This is done by performing a comparison of SubjectPublicKeyInfo bytes. + pub fn keys_match(&self) -> Result<(), Error> { + let key_spki = match self.key.public_key() { + Some(key) => key, + None => return Err(InconsistentKeys::Unknown.into()), + }; + + let cert = ParsedCertificate::try_from(self.end_entity_cert()?)?; + match key_spki == cert.subject_public_key_info() { + true => Ok(()), + false => Err(InconsistentKeys::KeyMismatch.into()), + } + } + /// The end-entity certificate. pub fn end_entity_cert(&self) -> Result<&CertificateDer<'_>, Error> { self.cert diff --git a/rustls/src/error.rs b/rustls/src/error.rs index 1e66d1e641..f7988e3a95 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -97,6 +97,11 @@ pub enum Error { /// or too large. BadMaxFragmentSize, + /// Specific failure cases from [`keys_match`]. + /// + /// [`keys_match`]: crate::crypto::signer::CertifiedKey::keys_match + InconsistentKeys(InconsistentKeys), + /// Any other error. /// /// This variant should only be used when the error is not better described by a more @@ -107,6 +112,30 @@ pub enum Error { Other(OtherError), } +/// Specific failure cases from [`keys_match`]. +/// +/// [`keys_match`]: crate::crypto::signer::CertifiedKey::keys_match +#[non_exhaustive] +#[derive(Clone, Copy, Debug, Eq, PartialEq)] +pub enum InconsistentKeys { + /// The public key returned by the [`SigningKey`] does not match the public key information in the certificate. + /// + /// [`SigningKey`]: crate::crypto::signer::SigningKey + KeyMismatch, + + /// The [`SigningKey`] cannot produce its corresponding public key. + /// + /// [`SigningKey`]: crate::crypto::signer::SigningKey + Unknown, +} + +impl From for Error { + #[inline] + fn from(e: InconsistentKeys) -> Self { + Self::InconsistentKeys(e) + } +} + /// A corrupt TLS message payload that resulted in an error. #[non_exhaustive] #[derive(Debug, Clone, Copy, PartialEq)] @@ -563,6 +592,9 @@ impl fmt::Display for Error { Self::BadMaxFragmentSize => { write!(f, "the supplied max_fragment_size was too small or large") } + Self::InconsistentKeys(ref why) => { + write!(f, "keys may not be consistent: {:?}", why) + } Self::General(ref err) => write!(f, "unexpected error: {}", err), Self::Other(ref err) => write!(f, "other error: {}", err), } @@ -644,7 +676,7 @@ mod tests { use std::prelude::v1::*; use std::{println, vec}; - use super::{Error, InvalidMessage}; + use super::{Error, InconsistentKeys, InvalidMessage}; use crate::error::{CertRevocationListError, OtherError}; #[test] @@ -731,6 +763,8 @@ mod tests { Error::PeerSentOversizedRecord, Error::NoApplicationProtocol, Error::BadMaxFragmentSize, + Error::InconsistentKeys(InconsistentKeys::KeyMismatch), + Error::InconsistentKeys(InconsistentKeys::Unknown), Error::InvalidCertRevocationList(CertRevocationListError::BadSignature), Error::Other(OtherError( #[cfg(feature = "std")] diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index efb2e013cb..43691e7fd6 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -516,8 +516,8 @@ pub use crate::enums::{ ProtocolVersion, SignatureAlgorithm, SignatureScheme, }; pub use crate::error::{ - CertRevocationListError, CertificateError, EncryptedClientHelloError, Error, InvalidMessage, - OtherError, PeerIncompatible, PeerMisbehaved, + CertRevocationListError, CertificateError, EncryptedClientHelloError, Error, InconsistentKeys, + InvalidMessage, OtherError, PeerIncompatible, PeerMisbehaved, }; pub use crate::key_log::{KeyLog, NoKeyLog}; #[cfg(feature = "std")] From cc393e7a5d0686cc224a9fb90f6618c994144838 Mon Sep 17 00:00:00 2001 From: Lukas Velikov Date: Wed, 3 Jul 2024 13:24:17 -0400 Subject: [PATCH 1116/1145] Add tests for CertifiedKey::keys_match --- rustls/tests/api.rs | 67 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 64 insertions(+), 3 deletions(-) diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 187a9e5f70..3114875d8e 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -34,9 +34,9 @@ use rustls::{ use rustls::{ sign, AlertDescription, CertificateError, CipherSuite, ClientConfig, ClientConnection, ConnectionCommon, ConnectionTrafficSecrets, ContentType, DistinguishedName, Error, - HandshakeKind, HandshakeType, InvalidMessage, KeyLog, NamedGroup, PeerIncompatible, - PeerMisbehaved, ProtocolVersion, ServerConfig, ServerConnection, SideData, SignatureScheme, - Stream, StreamOwned, SupportedCipherSuite, + HandshakeKind, HandshakeType, InconsistentKeys, InvalidMessage, KeyLog, NamedGroup, + PeerIncompatible, PeerMisbehaved, ProtocolVersion, ServerConfig, ServerConnection, SideData, + SignatureScheme, Stream, StreamOwned, SupportedCipherSuite, }; use super::*; @@ -2964,6 +2964,67 @@ fn sni_resolver_rejects_bad_certs() { ); } +#[test] +fn test_keys_match() { + // Consistent: Both of these should have the same SPKI values + let expect_consistent = + sign::CertifiedKey::new(KeyType::Rsa2048.get_chain(), Arc::new(SigningKeySomeSpki)); + assert!(matches!(expect_consistent.keys_match(), Ok(()))); + + // Inconsistent: These should not have the same SPKI values + let expect_inconsistent = + sign::CertifiedKey::new(KeyType::EcdsaP256.get_chain(), Arc::new(SigningKeySomeSpki)); + assert!(matches!( + expect_inconsistent.keys_match(), + Err(Error::InconsistentKeys(InconsistentKeys::KeyMismatch)) + )); + + // Unknown: This signing key returns None for its SPKI, so we can't tell if the certified key is consistent + let expect_unknown = + sign::CertifiedKey::new(KeyType::Rsa2048.get_chain(), Arc::new(SigningKeyNoneSpki)); + assert!(matches!( + expect_unknown.keys_match(), + Err(Error::InconsistentKeys(InconsistentKeys::Unknown)) + )); +} + +/// Represents a SigningKey that returns None for its SPKI via the default impl. +#[derive(Debug)] +struct SigningKeyNoneSpki; + +impl sign::SigningKey for SigningKeyNoneSpki { + fn choose_scheme(&self, _offered: &[SignatureScheme]) -> Option> { + unimplemented!("Not meant to be called during tests") + } + + fn algorithm(&self) -> rustls::SignatureAlgorithm { + unimplemented!("Not meant to be called during tests") + } +} + +/// Represents a SigningKey that returns Some for its SPKI. +#[derive(Debug)] +struct SigningKeySomeSpki; + +impl sign::SigningKey for SigningKeySomeSpki { + fn public_key(&self) -> Option { + let chain = KeyType::Rsa2048.get_chain(); + let cert = ParsedCertificate::try_from(chain.first().unwrap()).unwrap(); + Some( + cert.subject_public_key_info() + .into_owned(), + ) + } + + fn choose_scheme(&self, _offered: &[SignatureScheme]) -> Option> { + unimplemented!("Not meant to be called during tests") + } + + fn algorithm(&self) -> rustls::SignatureAlgorithm { + unimplemented!("Not meant to be called during tests") + } +} + fn do_exporter_test(client_config: ClientConfig, server_config: ServerConfig) { let mut client_secret = [0u8; 64]; let mut server_secret = [0u8; 64]; From 0a0359f622acc6bc19bd571335b4b2da2cc8ccc4 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 5 Jul 2024 13:35:18 +0100 Subject: [PATCH 1117/1145] Avoid markdown footnotes These are apparently non-standard(?) and don't show well in rust doc anyway. --- rustls/src/crypto/aws_lc_rs/hpke.rs | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/hpke.rs b/rustls/src/crypto/aws_lc_rs/hpke.rs index 7f2ee70522..e231a085d9 100644 --- a/rustls/src/crypto/aws_lc_rs/hpke.rs +++ b/rustls/src/crypto/aws_lc_rs/hpke.rs @@ -253,7 +253,7 @@ pub struct HpkeAwsLcRs { } impl HpkeAwsLcRs { - /// See RFC 9180 §5.1 "Creating the Encryption Context"[^0]. + /// See [RFC 9180 §5.1 "Creating the Encryption Context"][0]. /// /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1 fn key_schedule( @@ -396,7 +396,7 @@ struct Sealer { } impl Sealer { - /// See RFC 9180 §5.1.1 "Encryption to a Public Key"[^0]. + /// See [RFC 9180 §5.1.1 "Encryption to a Public Key"][0]. /// /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1.1 fn new( @@ -463,7 +463,7 @@ struct Opener { } impl Opener { - /// See RFC 9180 §5.1.1 "Encryption to a Public Key"[^0]. + /// See [RFC 9180 §5.1.1 "Encryption to a Public Key"][0]. /// /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-5.1.1 fn new( @@ -512,7 +512,7 @@ impl Debug for Opener { @@ -524,7 +524,7 @@ struct DhKem { } impl DhKem { - /// See RFC 9180 §4.1 "DH-Based KEM (DHKEM)"[^0]. + /// See [RFC 9180 §4.1 "DH-Based KEM (DHKEM)"][0]. /// /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4.1 fn encap( @@ -586,7 +586,7 @@ impl DhKem { )) } - /// See RFC 9180 §4.1 "DH-Based KEM (DHKEM)"[^0]. + /// See [RFC 9180 §4.1 "DH-Based KEM (DHKEM)"][0]. /// /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4.1 fn decap( @@ -623,7 +623,7 @@ impl DhKem { Ok(KemSharedSecret(shared_secret)) } - /// See RFC 9180 §4.1 "DH-Based KEM (DHKEM)"[^0]. + /// See [RFC 9180 §4.1 "DH-Based KEM (DHKEM)"][0]. /// /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4.1 fn extract_and_expand(&self, dh: &[u8], kem_context: &[u8]) -> [u8; KDF_SIZE] { @@ -735,7 +735,7 @@ struct KeySchedule { } impl KeySchedule { - /// See RFC 9180 §5.2 "Encryption and Decryption"[^0]. + /// See [RFC 9180 §5.2 "Encryption and Decryption"][0]. /// /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-5.2 fn compute_nonce(&self) -> [u8; NONCE_LEN] { @@ -757,7 +757,7 @@ impl KeySchedule { nonce } - /// See RFC 9180 §5.2 "Encryption and Decryption"[^0]. + /// See [RFC 9180 §5.2 "Encryption and Decryption"][0]. /// /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-5.2 fn increment_seq_num(&mut self) -> Result<(), aws_lc_rs::error::Unspecified> { @@ -789,7 +789,7 @@ impl NonceSequence for &mut KeySchedule { } } -/// See RFC 9180 §4 "Cryptographic Dependencies"[^0]. +/// See [RFC 9180 §4 "Cryptographic Dependencies"][0]. /// /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4 fn labeled_extract_for_expand( @@ -807,7 +807,7 @@ fn labeled_extract_for_expand( hkdf.extract_from_secret(salt, &labeled_ikm) } -/// See RFC 9180 §4 "Cryptographic Dependencies"[^0]. +/// See [RFC 9180 §4 "Cryptographic Dependencies"][0]. /// /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4 fn labeled_extract_for_prk( @@ -825,7 +825,7 @@ fn labeled_extract_for_prk( hkdf.extract_prk_from_secret(salt, &labeled_ikm) } -/// See RFC 9180 §4 "Cryptographic Dependencies"[^0]. +/// See [RFC 9180 §4 "Cryptographic Dependencies"][0]. /// /// [0]: https://www.rfc-editor.org/rfc/rfc9180.html#section-4 fn labeled_expand( From 9c388459b8f8ff166fa446ea6dd2b2108cce3256 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Thu, 20 Jun 2024 16:30:27 +0100 Subject: [PATCH 1118/1145] bench: move to using clap Eradicate the quite wonky manual parsing. This maintains the existing interface to the extent that admin/bench-measure.mk still works. --- Cargo.lock | 1 + rustls/Cargo.toml | 1 + rustls/examples/internal/bench_impl.rs | 271 +++++++++++++++---------- 3 files changed, 171 insertions(+), 102 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1e7c1adbc4..cedc9122ed 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2218,6 +2218,7 @@ dependencies = [ "bencher", "brotli", "brotli-decompressor", + "clap", "env_logger", "hashbrown", "hex", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index e83b0e822f..b34edef4a5 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -47,6 +47,7 @@ zlib = ["dep:zlib-rs"] [dev-dependencies] base64 = "0.22" bencher = "0.1.5" +clap = { version = "4", features = ["derive", "env"] } env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) hex = "0.4" log = "0.4.4" diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index b94932c7a2..cf30f0286f 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -3,12 +3,13 @@ // Note: we don't use any of the standard 'cargo bench', 'test::Bencher', // etc. because it's unstable at the time of writing. +use std::fs; use std::io::{self, Read, Write}; use std::ops::{Deref, DerefMut}; use std::sync::Arc; use std::time::{Duration, Instant}; -use std::{env, fs}; +use clap::Parser; use pki_types::{CertificateDer, PrivateKeyDer}; use rustls::client::Resumption; #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] @@ -27,15 +28,133 @@ use rustls::{ }; pub fn main() { - let mut args = std::env::args(); - if args.len() > 1 { - args.next(); - selected_tests(args); - } else { - all_tests(); + let args = Args::parse(); + + let options = Options { + work_multiplier: args.multiplier, + }; + + match args.command() { + Command::Bulk { + cipher_suite, + plaintext_size, + max_fragment_size, + } => { + for param in lookup_matching_benches(cipher_suite).iter() { + bench_bulk(param, &options, *plaintext_size, *max_fragment_size); + } + } + + Command::Handshake { cipher_suite } + | Command::HandshakeResume { cipher_suite } + | Command::HandshakeTicket { cipher_suite } => { + let resume = ResumptionParam::from_subcommand(args.command()); + + for param in lookup_matching_benches(cipher_suite).iter() { + bench_handshake(param, &options, ClientAuth::No, resume); + } + } + Command::Memory { + cipher_suite, + count, + } => { + for param in lookup_matching_benches(cipher_suite).iter() { + bench_memory(param, *count); + } + } + Command::ListSuites => { + for bench in ALL_BENCHMARKS { + println!( + "{:?} (key={:?} version={:?})", + bench.ciphersuite, bench.key_type, bench.version + ); + } + } + Command::AllTests => { + all_tests(&options); + } } } +#[derive(Parser, Debug)] +#[command(version, about = "Runs rustls benchmarks")] +struct Args { + #[arg( + long, + default_value_t = 1.0, + env = "BENCH_MULTIPLIER", + help = "Multiplies the length of every test by the given float value" + )] + multiplier: f64, + + #[command(subcommand)] + command: Option, +} + +impl Args { + fn command(&self) -> &Command { + self.command + .as_ref() + .unwrap_or(&Command::AllTests) + } +} + +#[derive(Parser, Debug)] +enum Command { + #[command(about = "Runs bulk data benchmarks")] + Bulk { + #[arg(help = "Which cipher suite to use; see `list-suites` for possible values.")] + cipher_suite: String, + + #[arg(default_value_t = 1048576, help = "The size of each data write")] + plaintext_size: u64, + + #[arg(help = "Maximum TLS fragment size")] + max_fragment_size: Option, + }, + + #[command(about = "Runs full handshake speed benchmarks")] + Handshake { + #[arg(help = "Which cipher suite to use; see `list-suites` for possible values.")] + cipher_suite: String, + }, + + #[command(about = "Runs stateful resumed handshake speed benchmarks")] + HandshakeResume { + #[arg(help = "Which cipher suite to use; see `list-suites` for possible values.")] + cipher_suite: String, + }, + + #[command(about = "Runs stateless resumed handshake speed benchmarks")] + HandshakeTicket { + #[arg(help = "Which cipher suite to use; see `list-suites` for possible values.")] + cipher_suite: String, + }, + + #[command( + about = "Runs memory benchmarks", + long_about = "This creates `count` connections in parallel (count / 2 clients connected\n\ + to count / 2 servers), and then moves them in lock-step though the handshake.\n\ + Once the handshake completes the client writes 1KB of data to the server." + )] + Memory { + #[arg(help = "Which cipher suite to use; see `list-suites` for possible values.")] + cipher_suite: String, + + #[arg( + default_value_t = 1000000, + help = "How many connections to create in parallel" + )] + count: u64, + }, + + #[command(about = "Lists the supported values for cipher-suite options")] + ListSuites, + + #[command(about = "Run all tests (the default subcommand)")] + AllTests, +} + fn duration_nanos(d: Duration) -> f64 { (d.as_secs() as f64) + f64::from(d.subsec_nanos()) / 1e9 } @@ -131,6 +250,15 @@ enum ResumptionParam { } impl ResumptionParam { + fn from_subcommand(cmd: &Command) -> Self { + match cmd { + Command::Handshake { .. } => Self::No, + Command::HandshakeResume { .. } => Self::SessionId, + Command::HandshakeTicket { .. } => Self::Tickets, + _ => todo!("unhandled subcommand {cmd:?}"), + } + } + fn label(&self) -> &'static str { match *self { Self::No => "no-resume", @@ -281,6 +409,17 @@ impl KeyType { } } +#[derive(Debug, Clone)] +struct Options { + work_multiplier: f64, +} + +impl Options { + fn apply_work_multiplier(&self, work: u64) -> u64 { + ((work as f64) * self.work_multiplier).round() as u64 + } +} + fn make_server_config( params: &BenchmarkParam, client_auth: ClientAuth, @@ -363,24 +502,18 @@ fn make_client_config( cfg } -fn apply_work_multiplier(work: u64) -> u64 { - let mul = match env::var("BENCH_MULTIPLIER") { - Ok(val) => val - .parse::() - .expect("invalid BENCH_MULTIPLIER value"), - Err(_) => 1., - }; - - ((work as f64) * mul).round() as u64 -} - -fn bench_handshake(params: &BenchmarkParam, clientauth: ClientAuth, resume: ResumptionParam) { +fn bench_handshake( + params: &BenchmarkParam, + options: &Options, + clientauth: ClientAuth, + resume: ResumptionParam, +) { let client_config = Arc::new(make_client_config(params, clientauth, resume)); let server_config = Arc::new(make_server_config(params, clientauth, resume, None)); assert!(params.ciphersuite.version() == params.version); - let rounds = apply_work_multiplier(if resume == ResumptionParam::No { + let rounds = options.apply_work_multiplier(if resume == ResumptionParam::No { 512 } else { 4096 @@ -449,7 +582,12 @@ fn do_handshake(client: &mut ClientConnection, server: &mut ServerConnection) { while do_handshake_step(client, server) {} } -fn bench_bulk(params: &BenchmarkParam, plaintext_size: u64, max_fragment_size: Option) { +fn bench_bulk( + params: &BenchmarkParam, + options: &Options, + plaintext_size: u64, + max_fragment_size: Option, +) { let client_config = Arc::new(make_client_config( params, ClientAuth::No, @@ -471,7 +609,7 @@ fn bench_bulk(params: &BenchmarkParam, plaintext_size: u64, max_fragment_size: O do_handshake(&mut client, &mut server); let buf = vec![0; plaintext_size as usize]; - let total_data = apply_work_multiplier(if plaintext_size < 8192 { + let total_data = options.apply_work_multiplier(if plaintext_size < 8192 { 64 * 1024 * 1024 } else { 1024 * 1024 * 1024 @@ -575,87 +713,16 @@ fn lookup_matching_benches(name: &str) -> Vec<&BenchmarkParam> { r } -fn selected_tests(mut args: env::Args) { - let mode = args - .next() - .expect("first argument must be mode"); - - match mode.as_ref() { - "bulk" => match args.next() { - Some(suite) => { - let len = args - .next() - .map(|arg| { - arg.parse::() - .expect("3rd arg must be plaintext size integer") - }) - .unwrap_or(1048576); - let mfs = args.next().map(|arg| { - arg.parse::() - .expect("4th arg must be max_fragment_size integer") - }); - for param in lookup_matching_benches(&suite).iter() { - bench_bulk(param, len, mfs); - } - } - None => { - panic!("bulk needs ciphersuite argument"); - } - }, - - "handshake" | "handshake-resume" | "handshake-ticket" => match args.next() { - Some(suite) => { - let resume = if mode == "handshake" { - ResumptionParam::No - } else if mode == "handshake-resume" { - ResumptionParam::SessionId - } else { - ResumptionParam::Tickets - }; - - for param in lookup_matching_benches(&suite).iter() { - bench_handshake(param, ClientAuth::No, resume); - } - } - None => { - panic!("handshake* needs ciphersuite argument"); - } - }, - - "memory" => match args.next() { - Some(suite) => { - let count = args - .next() - .map(|arg| { - arg.parse::() - .expect("3rd arg must be connection count integer") - }) - .unwrap_or(1000000); - for param in lookup_matching_benches(&suite).iter() { - bench_memory(param, count); - } - } - None => { - panic!("memory needs ciphersuite argument"); - } - }, - - _ => { - panic!("unsupported mode {:?}", mode); - } - } -} - -fn all_tests() { +fn all_tests(options: &Options) { for test in ALL_BENCHMARKS.iter() { - bench_bulk(test, 1024 * 1024, None); - bench_bulk(test, 1024 * 1024, Some(10000)); - bench_handshake(test, ClientAuth::No, ResumptionParam::No); - bench_handshake(test, ClientAuth::Yes, ResumptionParam::No); - bench_handshake(test, ClientAuth::No, ResumptionParam::SessionId); - bench_handshake(test, ClientAuth::Yes, ResumptionParam::SessionId); - bench_handshake(test, ClientAuth::No, ResumptionParam::Tickets); - bench_handshake(test, ClientAuth::Yes, ResumptionParam::Tickets); + bench_bulk(test, options, 1024 * 1024, None); + bench_bulk(test, options, 1024 * 1024, Some(10000)); + bench_handshake(test, options, ClientAuth::No, ResumptionParam::No); + bench_handshake(test, options, ClientAuth::Yes, ResumptionParam::No); + bench_handshake(test, options, ClientAuth::No, ResumptionParam::SessionId); + bench_handshake(test, options, ClientAuth::Yes, ResumptionParam::SessionId); + bench_handshake(test, options, ClientAuth::No, ResumptionParam::Tickets); + bench_handshake(test, options, ClientAuth::Yes, ResumptionParam::Tickets); } } From cd5601bc948c0da5beedcf3098a91dc3535858a3 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 21 Jun 2024 09:14:10 +0100 Subject: [PATCH 1119/1145] bench_impl.rs: top down reordering --- rustls/examples/internal/bench_impl.rs | 856 ++++++++++++------------- 1 file changed, 428 insertions(+), 428 deletions(-) diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index cf30f0286f..0bc37bf99d 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -155,268 +155,198 @@ enum Command { AllTests, } -fn duration_nanos(d: Duration) -> f64 { - (d.as_secs() as f64) + f64::from(d.subsec_nanos()) / 1e9 +fn all_tests(options: &Options) { + for test in ALL_BENCHMARKS.iter() { + bench_bulk(test, options, 1024 * 1024, None); + bench_bulk(test, options, 1024 * 1024, Some(10000)); + bench_handshake(test, options, ClientAuth::No, ResumptionParam::No); + bench_handshake(test, options, ClientAuth::Yes, ResumptionParam::No); + bench_handshake(test, options, ClientAuth::No, ResumptionParam::SessionId); + bench_handshake(test, options, ClientAuth::Yes, ResumptionParam::SessionId); + bench_handshake(test, options, ClientAuth::No, ResumptionParam::Tickets); + bench_handshake(test, options, ClientAuth::Yes, ResumptionParam::Tickets); + } } -fn time(mut f: F) -> f64 -where - F: FnMut(), -{ - let start = Instant::now(); - f(); - let end = Instant::now(); - duration_nanos(end.duration_since(start)) -} +fn bench_handshake( + params: &BenchmarkParam, + options: &Options, + clientauth: ClientAuth, + resume: ResumptionParam, +) { + let client_config = Arc::new(make_client_config(params, clientauth, resume)); + let server_config = Arc::new(make_server_config(params, clientauth, resume, None)); -fn transfer(left: &mut L, right: &mut R, expect_data: Option) -> f64 -where - L: DerefMut + Deref>, - R: DerefMut + Deref>, - LS: SideData, - RS: SideData, -{ - let mut tls_buf = [0u8; 262144]; - let mut read_time = 0f64; - let mut data_left = expect_data; - let mut data_buf = [0u8; 8192]; + assert!(params.ciphersuite.version() == params.version); - loop { - let mut sz = 0; + let rounds = options.apply_work_multiplier(if resume == ResumptionParam::No { + 512 + } else { + 4096 + }); + let mut client_time = 0f64; + let mut server_time = 0f64; - while left.wants_write() { - let written = left - .write_tls(&mut tls_buf[sz..].as_mut()) - .unwrap(); - if written == 0 { - break; - } + for _ in 0..rounds { + let server_name = "localhost".try_into().unwrap(); + let mut client = ClientConnection::new(Arc::clone(&client_config), server_name).unwrap(); + let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); - sz += written; - } + server_time += time(|| { + transfer(&mut client, &mut server, None); + }); + client_time += time(|| { + transfer(&mut server, &mut client, None); + }); + server_time += time(|| { + transfer(&mut client, &mut server, None); + }); + client_time += time(|| { + transfer(&mut server, &mut client, None); + }); + } - if sz == 0 { - return read_time; - } + println!( + "handshakes\t{:?}\t{:?}\t{:?}\tclient\t{}\t{}\t{:.2}\thandshake/s", + params.version, + params.key_type, + params.ciphersuite.suite(), + if clientauth == ClientAuth::Yes { + "mutual" + } else { + "server-auth" + }, + resume.label(), + (rounds as f64) / client_time + ); + println!( + "handshakes\t{:?}\t{:?}\t{:?}\tserver\t{}\t{}\t{:.2}\thandshake/s", + params.version, + params.key_type, + params.ciphersuite.suite(), + if clientauth == ClientAuth::Yes { + "mutual" + } else { + "server-auth" + }, + resume.label(), + (rounds as f64) / server_time + ); +} - let mut offs = 0; - loop { - let start = Instant::now(); - match right.read_tls(&mut tls_buf[offs..sz].as_ref()) { - Ok(read) => { - right.process_new_packets().unwrap(); - offs += read; - } - Err(err) => { - panic!("error on transfer {}..{}: {}", offs, sz, err); - } - } +fn bench_bulk( + params: &BenchmarkParam, + options: &Options, + plaintext_size: u64, + max_fragment_size: Option, +) { + let client_config = Arc::new(make_client_config( + params, + ClientAuth::No, + ResumptionParam::No, + )); + let server_config = Arc::new(make_server_config( + params, + ClientAuth::No, + ResumptionParam::No, + max_fragment_size, + )); - if let Some(left) = &mut data_left { - loop { - let sz = match right.reader().read(&mut data_buf) { - Ok(sz) => sz, - Err(err) if err.kind() == io::ErrorKind::WouldBlock => break, - Err(err) => panic!("failed to read data: {}", err), - }; + let server_name = "localhost".try_into().unwrap(); + let mut client = ClientConnection::new(client_config, server_name).unwrap(); + client.set_buffer_limit(None); + let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); + server.set_buffer_limit(None); - *left -= sz; - if *left == 0 { - break; - } - } - } + do_handshake(&mut client, &mut server); - let end = Instant::now(); - read_time += duration_nanos(end.duration_since(start)); - if sz == offs { - break; - } - } + let buf = vec![0; plaintext_size as usize]; + let total_data = options.apply_work_multiplier(if plaintext_size < 8192 { + 64 * 1024 * 1024 + } else { + 1024 * 1024 * 1024 + }); + let rounds = total_data / plaintext_size; + let mut time_send = 0f64; + let mut time_recv = 0f64; + + for _ in 0..rounds { + time_send += time(|| { + server.writer().write_all(&buf).unwrap(); + }); + + time_recv += transfer(&mut server, &mut client, Some(buf.len())); } -} -#[derive(PartialEq, Clone, Copy)] -enum ClientAuth { - No, - Yes, + let mfs_str = format!( + "max_fragment_size:{}", + max_fragment_size + .map(|v| v.to_string()) + .unwrap_or_else(|| "default".to_string()) + ); + let total_mbs = ((plaintext_size * rounds) as f64) / (1024. * 1024.); + println!( + "bulk\t{:?}\t{:?}\t{}\tsend\t{:.2}\tMB/s", + params.version, + params.ciphersuite.suite(), + mfs_str, + total_mbs / time_send + ); + println!( + "bulk\t{:?}\t{:?}\t{}\trecv\t{:.2}\tMB/s", + params.version, + params.ciphersuite.suite(), + mfs_str, + total_mbs / time_recv + ); } -#[derive(PartialEq, Clone, Copy)] -enum ResumptionParam { - No, - SessionId, - Tickets, -} +fn bench_memory(params: &BenchmarkParam, conn_count: u64) { + let client_config = Arc::new(make_client_config( + params, + ClientAuth::No, + ResumptionParam::No, + )); + let server_config = Arc::new(make_server_config( + params, + ClientAuth::No, + ResumptionParam::No, + None, + )); -impl ResumptionParam { - fn from_subcommand(cmd: &Command) -> Self { - match cmd { - Command::Handshake { .. } => Self::No, - Command::HandshakeResume { .. } => Self::SessionId, - Command::HandshakeTicket { .. } => Self::Tickets, - _ => todo!("unhandled subcommand {cmd:?}"), - } + // The target here is to end up with conn_count post-handshake + // server and client sessions. + let conn_count = (conn_count / 2) as usize; + let mut servers = Vec::with_capacity(conn_count); + let mut clients = Vec::with_capacity(conn_count); + + for _i in 0..conn_count { + servers.push(ServerConnection::new(Arc::clone(&server_config)).unwrap()); + let server_name = "localhost".try_into().unwrap(); + clients.push(ClientConnection::new(Arc::clone(&client_config), server_name).unwrap()); } - fn label(&self) -> &'static str { - match *self { - Self::No => "no-resume", - Self::SessionId => "sessionid", - Self::Tickets => "tickets", + for _step in 0..5 { + for (client, server) in clients + .iter_mut() + .zip(servers.iter_mut()) + { + do_handshake_step(client, server); } } -} -// copied from tests/api.rs -#[derive(PartialEq, Clone, Copy, Debug)] -enum KeyType { - Rsa2048, - EcdsaP256, - EcdsaP384, - Ed25519, -} - -struct BenchmarkParam { - key_type: KeyType, - ciphersuite: rustls::SupportedCipherSuite, - version: &'static rustls::SupportedProtocolVersion, -} - -impl BenchmarkParam { - const fn new( - key_type: KeyType, - ciphersuite: rustls::SupportedCipherSuite, - version: &'static rustls::SupportedProtocolVersion, - ) -> Self { - Self { - key_type, - ciphersuite, - version, - } - } -} - -static ALL_BENCHMARKS: &[BenchmarkParam] = &[ - #[cfg(all(feature = "tls12", not(feature = "fips")))] - BenchmarkParam::new( - KeyType::Rsa2048, - cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - &rustls::version::TLS12, - ), - #[cfg(all(feature = "tls12", not(feature = "fips")))] - BenchmarkParam::new( - KeyType::EcdsaP256, - cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - &rustls::version::TLS12, - ), - #[cfg(feature = "tls12")] - BenchmarkParam::new( - KeyType::Rsa2048, - cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - &rustls::version::TLS12, - ), - #[cfg(feature = "tls12")] - BenchmarkParam::new( - KeyType::Rsa2048, - cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - &rustls::version::TLS12, - ), - #[cfg(feature = "tls12")] - BenchmarkParam::new( - KeyType::EcdsaP256, - cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - &rustls::version::TLS12, - ), - #[cfg(feature = "tls12")] - BenchmarkParam::new( - KeyType::EcdsaP384, - cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - &rustls::version::TLS12, - ), - #[cfg(not(feature = "fips"))] - BenchmarkParam::new( - KeyType::Rsa2048, - cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, - &rustls::version::TLS13, - ), - BenchmarkParam::new( - KeyType::Rsa2048, - cipher_suite::TLS13_AES_256_GCM_SHA384, - &rustls::version::TLS13, - ), - BenchmarkParam::new( - KeyType::Rsa2048, - cipher_suite::TLS13_AES_128_GCM_SHA256, - &rustls::version::TLS13, - ), - BenchmarkParam::new( - KeyType::EcdsaP256, - cipher_suite::TLS13_AES_128_GCM_SHA256, - &rustls::version::TLS13, - ), - BenchmarkParam::new( - KeyType::Ed25519, - cipher_suite::TLS13_AES_128_GCM_SHA256, - &rustls::version::TLS13, - ), -]; - -impl KeyType { - fn path_for(&self, part: &str) -> String { - match self { - Self::Rsa2048 => format!("test-ca/rsa-2048/{}", part), - Self::EcdsaP256 => format!("test-ca/ecdsa-p256/{}", part), - Self::EcdsaP384 => format!("test-ca/ecdsa-p384/{}", part), - Self::Ed25519 => format!("test-ca/eddsa/{}", part), - } - } - - fn get_chain(&self) -> Vec> { - rustls_pemfile::certs(&mut io::BufReader::new( - fs::File::open(self.path_for("end.fullchain")).unwrap(), - )) - .map(|result| result.unwrap()) - .collect() - } - - fn get_key(&self) -> PrivateKeyDer<'static> { - rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( - fs::File::open(self.path_for("end.key")).unwrap(), - )) - .next() - .unwrap() - .unwrap() - .into() - } - - fn get_client_chain(&self) -> Vec> { - rustls_pemfile::certs(&mut io::BufReader::new( - fs::File::open(self.path_for("client.fullchain")).unwrap(), - )) - .map(|result| result.unwrap()) - .collect() - } - - fn get_client_key(&self) -> PrivateKeyDer<'static> { - rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( - fs::File::open(self.path_for("client.key")).unwrap(), - )) - .next() - .unwrap() - .unwrap() - .into() + for client in clients.iter_mut() { + client + .writer() + .write_all(&[0u8; 1024]) + .unwrap(); } -} - -#[derive(Debug, Clone)] -struct Options { - work_multiplier: f64, -} -impl Options { - fn apply_work_multiplier(&self, work: u64) -> u64 { - ((work as f64) * self.work_multiplier).round() as u64 + for (client, server) in clients + .iter_mut() + .zip(servers.iter_mut()) + { + transfer(client, server, Some(1024)); } } @@ -502,230 +432,300 @@ fn make_client_config( cfg } -fn bench_handshake( - params: &BenchmarkParam, - options: &Options, - clientauth: ClientAuth, - resume: ResumptionParam, -) { - let client_config = Arc::new(make_client_config(params, clientauth, resume)); - let server_config = Arc::new(make_server_config(params, clientauth, resume, None)); - - assert!(params.ciphersuite.version() == params.version); - - let rounds = options.apply_work_multiplier(if resume == ResumptionParam::No { - 512 - } else { - 4096 - }); - let mut client_time = 0f64; - let mut server_time = 0f64; - - for _ in 0..rounds { - let server_name = "localhost".try_into().unwrap(); - let mut client = ClientConnection::new(Arc::clone(&client_config), server_name).unwrap(); - let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); +fn lookup_matching_benches(name: &str) -> Vec<&BenchmarkParam> { + let r: Vec<&BenchmarkParam> = ALL_BENCHMARKS + .iter() + .filter(|params| { + format!("{:?}", params.ciphersuite.suite()).to_lowercase() == name.to_lowercase() + }) + .collect(); - server_time += time(|| { - transfer(&mut client, &mut server, None); - }); - client_time += time(|| { - transfer(&mut server, &mut client, None); - }); - server_time += time(|| { - transfer(&mut client, &mut server, None); - }); - client_time += time(|| { - transfer(&mut server, &mut client, None); - }); + if r.is_empty() { + panic!("unknown suite {:?}", name); } - println!( - "handshakes\t{:?}\t{:?}\t{:?}\tclient\t{}\t{}\t{:.2}\thandshake/s", - params.version, - params.key_type, - params.ciphersuite.suite(), - if clientauth == ClientAuth::Yes { - "mutual" - } else { - "server-auth" - }, - resume.label(), - (rounds as f64) / client_time - ); - println!( - "handshakes\t{:?}\t{:?}\t{:?}\tserver\t{}\t{}\t{:.2}\thandshake/s", - params.version, - params.key_type, - params.ciphersuite.suite(), - if clientauth == ClientAuth::Yes { - "mutual" - } else { - "server-auth" - }, - resume.label(), - (rounds as f64) / server_time - ); + r } -fn do_handshake_step(client: &mut ClientConnection, server: &mut ServerConnection) -> bool { - if server.is_handshaking() || client.is_handshaking() { - transfer(client, server, None); - transfer(server, client, None); - true - } else { - false - } +#[derive(PartialEq, Clone, Copy)] +enum ClientAuth { + No, + Yes, } -fn do_handshake(client: &mut ClientConnection, server: &mut ServerConnection) { - while do_handshake_step(client, server) {} +#[derive(PartialEq, Clone, Copy)] +enum ResumptionParam { + No, + SessionId, + Tickets, } -fn bench_bulk( - params: &BenchmarkParam, - options: &Options, - plaintext_size: u64, - max_fragment_size: Option, -) { - let client_config = Arc::new(make_client_config( - params, - ClientAuth::No, - ResumptionParam::No, - )); - let server_config = Arc::new(make_server_config( - params, - ClientAuth::No, - ResumptionParam::No, - max_fragment_size, - )); +impl ResumptionParam { + fn from_subcommand(cmd: &Command) -> Self { + match cmd { + Command::Handshake { .. } => Self::No, + Command::HandshakeResume { .. } => Self::SessionId, + Command::HandshakeTicket { .. } => Self::Tickets, + _ => todo!("unhandled subcommand {cmd:?}"), + } + } - let server_name = "localhost".try_into().unwrap(); - let mut client = ClientConnection::new(client_config, server_name).unwrap(); - client.set_buffer_limit(None); - let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); - server.set_buffer_limit(None); + fn label(&self) -> &'static str { + match *self { + Self::No => "no-resume", + Self::SessionId => "sessionid", + Self::Tickets => "tickets", + } + } +} - do_handshake(&mut client, &mut server); +#[derive(Debug, Clone)] +struct Options { + work_multiplier: f64, +} - let buf = vec![0; plaintext_size as usize]; - let total_data = options.apply_work_multiplier(if plaintext_size < 8192 { - 64 * 1024 * 1024 - } else { - 1024 * 1024 * 1024 - }); - let rounds = total_data / plaintext_size; - let mut time_send = 0f64; - let mut time_recv = 0f64; +impl Options { + fn apply_work_multiplier(&self, work: u64) -> u64 { + ((work as f64) * self.work_multiplier).round() as u64 + } +} - for _ in 0..rounds { - time_send += time(|| { - server.writer().write_all(&buf).unwrap(); - }); +struct BenchmarkParam { + key_type: KeyType, + ciphersuite: rustls::SupportedCipherSuite, + version: &'static rustls::SupportedProtocolVersion, +} - time_recv += transfer(&mut server, &mut client, Some(buf.len())); +impl BenchmarkParam { + const fn new( + key_type: KeyType, + ciphersuite: rustls::SupportedCipherSuite, + version: &'static rustls::SupportedProtocolVersion, + ) -> Self { + Self { + key_type, + ciphersuite, + version, + } } - - let mfs_str = format!( - "max_fragment_size:{}", - max_fragment_size - .map(|v| v.to_string()) - .unwrap_or_else(|| "default".to_string()) - ); - let total_mbs = ((plaintext_size * rounds) as f64) / (1024. * 1024.); - println!( - "bulk\t{:?}\t{:?}\t{}\tsend\t{:.2}\tMB/s", - params.version, - params.ciphersuite.suite(), - mfs_str, - total_mbs / time_send - ); - println!( - "bulk\t{:?}\t{:?}\t{}\trecv\t{:.2}\tMB/s", - params.version, - params.ciphersuite.suite(), - mfs_str, - total_mbs / time_recv - ); } -fn bench_memory(params: &BenchmarkParam, conn_count: u64) { - let client_config = Arc::new(make_client_config( - params, - ClientAuth::No, - ResumptionParam::No, - )); - let server_config = Arc::new(make_server_config( - params, - ClientAuth::No, - ResumptionParam::No, - None, - )); +// copied from tests/api.rs +#[derive(PartialEq, Clone, Copy, Debug)] +enum KeyType { + Rsa2048, + EcdsaP256, + EcdsaP384, + Ed25519, +} - // The target here is to end up with conn_count post-handshake - // server and client sessions. - let conn_count = (conn_count / 2) as usize; - let mut servers = Vec::with_capacity(conn_count); - let mut clients = Vec::with_capacity(conn_count); +impl KeyType { + fn path_for(&self, part: &str) -> String { + match self { + Self::Rsa2048 => format!("test-ca/rsa-2048/{}", part), + Self::EcdsaP256 => format!("test-ca/ecdsa-p256/{}", part), + Self::EcdsaP384 => format!("test-ca/ecdsa-p384/{}", part), + Self::Ed25519 => format!("test-ca/eddsa/{}", part), + } + } - for _i in 0..conn_count { - servers.push(ServerConnection::new(Arc::clone(&server_config)).unwrap()); - let server_name = "localhost".try_into().unwrap(); - clients.push(ClientConnection::new(Arc::clone(&client_config), server_name).unwrap()); + fn get_chain(&self) -> Vec> { + rustls_pemfile::certs(&mut io::BufReader::new( + fs::File::open(self.path_for("end.fullchain")).unwrap(), + )) + .map(|result| result.unwrap()) + .collect() } - for _step in 0..5 { - for (client, server) in clients - .iter_mut() - .zip(servers.iter_mut()) - { - do_handshake_step(client, server); - } + fn get_key(&self) -> PrivateKeyDer<'static> { + rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( + fs::File::open(self.path_for("end.key")).unwrap(), + )) + .next() + .unwrap() + .unwrap() + .into() } - for client in clients.iter_mut() { - client - .writer() - .write_all(&[0u8; 1024]) - .unwrap(); + fn get_client_chain(&self) -> Vec> { + rustls_pemfile::certs(&mut io::BufReader::new( + fs::File::open(self.path_for("client.fullchain")).unwrap(), + )) + .map(|result| result.unwrap()) + .collect() } - for (client, server) in clients - .iter_mut() - .zip(servers.iter_mut()) - { - transfer(client, server, Some(1024)); + fn get_client_key(&self) -> PrivateKeyDer<'static> { + rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( + fs::File::open(self.path_for("client.key")).unwrap(), + )) + .next() + .unwrap() + .unwrap() + .into() } } -fn lookup_matching_benches(name: &str) -> Vec<&BenchmarkParam> { - let r: Vec<&BenchmarkParam> = ALL_BENCHMARKS - .iter() - .filter(|params| { - format!("{:?}", params.ciphersuite.suite()).to_lowercase() == name.to_lowercase() - }) - .collect(); - - if r.is_empty() { - panic!("unknown suite {:?}", name); +fn do_handshake_step(client: &mut ClientConnection, server: &mut ServerConnection) -> bool { + if server.is_handshaking() || client.is_handshaking() { + transfer(client, server, None); + transfer(server, client, None); + true + } else { + false } +} - r +fn do_handshake(client: &mut ClientConnection, server: &mut ServerConnection) { + while do_handshake_step(client, server) {} } -fn all_tests(options: &Options) { - for test in ALL_BENCHMARKS.iter() { - bench_bulk(test, options, 1024 * 1024, None); - bench_bulk(test, options, 1024 * 1024, Some(10000)); - bench_handshake(test, options, ClientAuth::No, ResumptionParam::No); - bench_handshake(test, options, ClientAuth::Yes, ResumptionParam::No); - bench_handshake(test, options, ClientAuth::No, ResumptionParam::SessionId); - bench_handshake(test, options, ClientAuth::Yes, ResumptionParam::SessionId); - bench_handshake(test, options, ClientAuth::No, ResumptionParam::Tickets); - bench_handshake(test, options, ClientAuth::Yes, ResumptionParam::Tickets); +fn time(mut f: F) -> f64 +where + F: FnMut(), +{ + let start = Instant::now(); + f(); + let end = Instant::now(); + duration_nanos(end.duration_since(start)) +} + +fn transfer(left: &mut L, right: &mut R, expect_data: Option) -> f64 +where + L: DerefMut + Deref>, + R: DerefMut + Deref>, + LS: SideData, + RS: SideData, +{ + let mut tls_buf = [0u8; 262144]; + let mut read_time = 0f64; + let mut data_left = expect_data; + let mut data_buf = [0u8; 8192]; + + loop { + let mut sz = 0; + + while left.wants_write() { + let written = left + .write_tls(&mut tls_buf[sz..].as_mut()) + .unwrap(); + if written == 0 { + break; + } + + sz += written; + } + + if sz == 0 { + return read_time; + } + + let mut offs = 0; + loop { + let start = Instant::now(); + match right.read_tls(&mut tls_buf[offs..sz].as_ref()) { + Ok(read) => { + right.process_new_packets().unwrap(); + offs += read; + } + Err(err) => { + panic!("error on transfer {}..{}: {}", offs, sz, err); + } + } + + if let Some(left) = &mut data_left { + loop { + let sz = match right.reader().read(&mut data_buf) { + Ok(sz) => sz, + Err(err) if err.kind() == io::ErrorKind::WouldBlock => break, + Err(err) => panic!("failed to read data: {}", err), + }; + + *left -= sz; + if *left == 0 { + break; + } + } + } + + let end = Instant::now(); + read_time += duration_nanos(end.duration_since(start)); + if sz == offs { + break; + } + } } } +fn duration_nanos(d: Duration) -> f64 { + (d.as_secs() as f64) + f64::from(d.subsec_nanos()) / 1e9 +} + +static ALL_BENCHMARKS: &[BenchmarkParam] = &[ + #[cfg(all(feature = "tls12", not(feature = "fips")))] + BenchmarkParam::new( + KeyType::Rsa2048, + cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + &rustls::version::TLS12, + ), + #[cfg(all(feature = "tls12", not(feature = "fips")))] + BenchmarkParam::new( + KeyType::EcdsaP256, + cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + &rustls::version::TLS12, + ), + #[cfg(feature = "tls12")] + BenchmarkParam::new( + KeyType::Rsa2048, + cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + &rustls::version::TLS12, + ), + #[cfg(feature = "tls12")] + BenchmarkParam::new( + KeyType::Rsa2048, + cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + &rustls::version::TLS12, + ), + #[cfg(feature = "tls12")] + BenchmarkParam::new( + KeyType::EcdsaP256, + cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + &rustls::version::TLS12, + ), + #[cfg(feature = "tls12")] + BenchmarkParam::new( + KeyType::EcdsaP384, + cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + &rustls::version::TLS12, + ), + #[cfg(not(feature = "fips"))] + BenchmarkParam::new( + KeyType::Rsa2048, + cipher_suite::TLS13_CHACHA20_POLY1305_SHA256, + &rustls::version::TLS13, + ), + BenchmarkParam::new( + KeyType::Rsa2048, + cipher_suite::TLS13_AES_256_GCM_SHA384, + &rustls::version::TLS13, + ), + BenchmarkParam::new( + KeyType::Rsa2048, + cipher_suite::TLS13_AES_128_GCM_SHA256, + &rustls::version::TLS13, + ), + BenchmarkParam::new( + KeyType::EcdsaP256, + cipher_suite::TLS13_AES_128_GCM_SHA256, + &rustls::version::TLS13, + ), + BenchmarkParam::new( + KeyType::Ed25519, + cipher_suite::TLS13_AES_128_GCM_SHA256, + &rustls::version::TLS13, + ), +]; + #[cfg(not(target_env = "msvc"))] #[global_allocator] static GLOBAL: tikv_jemallocator::Jemalloc = tikv_jemallocator::Jemalloc; From f84b9c6915e146d9cdd8e9444f7a1655fe733595 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 21 Jun 2024 09:36:48 +0100 Subject: [PATCH 1120/1145] Extract buffered-specific bulk testing --- rustls/examples/internal/bench_impl.rs | 50 ++++++++++++++++++++------ 1 file changed, 40 insertions(+), 10 deletions(-) diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 0bc37bf99d..cc97835041 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -252,24 +252,41 @@ fn bench_bulk( max_fragment_size, )); + let total_data = options.apply_work_multiplier(if plaintext_size < 8192 { + 64 * 1024 * 1024 + } else { + 1024 * 1024 * 1024 + }); + let rounds = total_data / plaintext_size; + + report_bulk_result( + "bulk", + bench_bulk_buffered(client_config, server_config, plaintext_size, rounds), + plaintext_size, + rounds, + max_fragment_size, + params, + ); +} + +fn bench_bulk_buffered( + client_config: Arc, + server_config: Arc, + plaintext_size: u64, + rounds: u64, +) -> (f64, f64) { let server_name = "localhost".try_into().unwrap(); let mut client = ClientConnection::new(client_config, server_name).unwrap(); client.set_buffer_limit(None); - let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); + let mut server = ServerConnection::new(server_config).unwrap(); server.set_buffer_limit(None); do_handshake(&mut client, &mut server); - let buf = vec![0; plaintext_size as usize]; - let total_data = options.apply_work_multiplier(if plaintext_size < 8192 { - 64 * 1024 * 1024 - } else { - 1024 * 1024 * 1024 - }); - let rounds = total_data / plaintext_size; let mut time_send = 0f64; let mut time_recv = 0f64; + let buf = vec![0; plaintext_size as usize]; for _ in 0..rounds { time_send += time(|| { server.writer().write_all(&buf).unwrap(); @@ -278,6 +295,17 @@ fn bench_bulk( time_recv += transfer(&mut server, &mut client, Some(buf.len())); } + (time_send, time_recv) +} + +fn report_bulk_result( + variant: &str, + (time_send, time_recv): (f64, f64), + plaintext_size: u64, + rounds: u64, + max_fragment_size: Option, + params: &BenchmarkParam, +) { let mfs_str = format!( "max_fragment_size:{}", max_fragment_size @@ -286,14 +314,16 @@ fn bench_bulk( ); let total_mbs = ((plaintext_size * rounds) as f64) / (1024. * 1024.); println!( - "bulk\t{:?}\t{:?}\t{}\tsend\t{:.2}\tMB/s", + "{}\t{:?}\t{:?}\t{}\tsend\t{:.2}\tMB/s", + variant, params.version, params.ciphersuite.suite(), mfs_str, total_mbs / time_send ); println!( - "bulk\t{:?}\t{:?}\t{}\trecv\t{:.2}\tMB/s", + "{}\t{:?}\t{:?}\t{}\trecv\t{:.2}\tMB/s", + variant, params.version, params.ciphersuite.suite(), mfs_str, From 85285ec6d5d6782960cbf326d3338878f81504fd Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 21 Jun 2024 13:14:24 +0100 Subject: [PATCH 1121/1145] Benchmark bulk performance via unbuffered API --- rustls/examples/internal/bench_impl.rs | 286 ++++++++++++++++++++++++- 1 file changed, 282 insertions(+), 4 deletions(-) diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index cc97835041..fe76a56fa9 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -3,15 +3,15 @@ // Note: we don't use any of the standard 'cargo bench', 'test::Bencher', // etc. because it's unstable at the time of writing. -use std::fs; use std::io::{self, Read, Write}; use std::ops::{Deref, DerefMut}; use std::sync::Arc; use std::time::{Duration, Instant}; +use std::{fs, mem}; use clap::Parser; use pki_types::{CertificateDer, PrivateKeyDer}; -use rustls::client::Resumption; +use rustls::client::{Resumption, UnbufferedClientConnection}; #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] use rustls::crypto::aws_lc_rs as provider; #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] @@ -21,7 +21,11 @@ use rustls::crypto::ring as provider; #[cfg(feature = "ring")] use rustls::crypto::ring::{cipher_suite, Ticketer}; use rustls::crypto::CryptoProvider; -use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; +use rustls::server::{ + NoServerSessionStorage, ServerSessionMemoryCache, UnbufferedServerConnection, + WebPkiClientVerifier, +}; +use rustls::unbuffered::{ConnectionState, EncryptError, InsufficientSizeError, UnbufferedStatus}; use rustls::{ ClientConfig, ClientConnection, ConnectionCommon, RootCertStore, ServerConfig, ServerConnection, SideData, @@ -261,7 +265,21 @@ fn bench_bulk( report_bulk_result( "bulk", - bench_bulk_buffered(client_config, server_config, plaintext_size, rounds), + bench_bulk_buffered( + client_config.clone(), + server_config.clone(), + plaintext_size, + rounds, + ), + plaintext_size, + rounds, + max_fragment_size, + params, + ); + + report_bulk_result( + "bulk-unbuffered", + bench_bulk_unbuffered(client_config, server_config, plaintext_size, rounds), plaintext_size, rounds, max_fragment_size, @@ -298,6 +316,40 @@ fn bench_bulk_buffered( (time_send, time_recv) } +fn bench_bulk_unbuffered( + client_config: Arc, + server_config: Arc, + plaintext_size: u64, + rounds: u64, +) -> (f64, f64) { + let server_name = "localhost".try_into().unwrap(); + let mut client = Unbuffered::new_client( + UnbufferedClientConnection::new(client_config, server_name).unwrap(), + ); + let mut server = + Unbuffered::new_server(UnbufferedServerConnection::new(server_config).unwrap()); + + client.handshake(&mut server); + + let mut time_send = 0f64; + let mut time_recv = 0f64; + + let buf = vec![0; plaintext_size as usize]; + for _ in 0..rounds { + time_send += time(|| { + server.write(&buf); + }); + + server.swap_buffers(&mut client); + + time_recv += time(|| { + client.read_and_discard(buf.len()); + }); + } + + (time_send, time_recv) +} + fn report_bulk_result( variant: &str, (time_send, time_recv): (f64, f64), @@ -596,6 +648,232 @@ impl KeyType { } } +struct Unbuffered { + conn: UnbufferedConnection, + input: Vec, + input_used: usize, + output: Vec, + output_used: usize, +} + +impl Unbuffered { + fn new_client(client: UnbufferedClientConnection) -> Self { + Self { + conn: UnbufferedConnection::Client(client), + input: vec![0u8; Self::BUFFER_LEN], + input_used: 0, + output: vec![0u8; Self::BUFFER_LEN], + output_used: 0, + } + } + + fn new_server(server: UnbufferedServerConnection) -> Self { + Self { + conn: UnbufferedConnection::Server(server), + input: vec![0u8; Self::BUFFER_LEN], + input_used: 0, + output: vec![0u8; Self::BUFFER_LEN], + output_used: 0, + } + } + + fn handshake(&mut self, peer: &mut Unbuffered) { + loop { + let mut progress = false; + + if self.communicate() { + self.swap_buffers(peer); + progress = true; + } + + if peer.communicate() { + peer.swap_buffers(self); + progress = true; + } + + if !progress { + return; + } + } + } + + fn swap_buffers(&mut self, peer: &mut Unbuffered) { + // our output becomes peer's input, and peer's input + // becomes our output. + mem::swap(&mut self.input, &mut peer.output); + mem::swap(&mut self.input_used, &mut peer.output_used); + mem::swap(&mut self.output, &mut peer.input); + mem::swap(&mut self.output_used, &mut peer.input_used); + } + + fn communicate(&mut self) -> bool { + let (input_used, output_added) = self.conn.communicate( + &mut self.input[..self.input_used], + &mut self.output[self.output_used..], + ); + assert_eq!(input_used, self.input_used); + self.input_used = 0; + self.output_used += output_added; + self.output_used > 0 + } + + fn write(&mut self, data: &[u8]) { + assert_eq!(self.input_used, 0); + let output_added = match self + .conn + .write(data, &mut self.output[self.output_used..]) + { + Ok(output_added) => output_added, + Err(EncryptError::InsufficientSize(InsufficientSizeError { required_size })) => { + self.output + .resize(self.output_used + required_size, 0); + self.conn + .write(data, &mut self.output[self.output_used..]) + .unwrap() + } + Err(other) => panic!("unexpected write error {other:?}"), + }; + self.output_used += output_added; + } + + fn read_and_discard(&mut self, len: usize) { + assert!(self.input_used > 0); + let input_used = self + .conn + .read_and_discard(len, &mut self.input[..self.input_used]); + assert_eq!(input_used, self.input_used); + self.input_used = 0; + } + + const BUFFER_LEN: usize = 16_384; +} + +enum UnbufferedConnection { + Client(UnbufferedClientConnection), + Server(UnbufferedServerConnection), +} + +impl UnbufferedConnection { + fn communicate(&mut self, input: &mut [u8], output: &mut [u8]) -> (usize, usize) { + let mut input_used = 0; + let mut output_added = 0; + + loop { + match self { + Self::Client(client) => { + match client.process_tls_records(&mut input[input_used..]) { + UnbufferedStatus { + state: Ok(ConnectionState::EncodeTlsData(mut etd)), + discard, + } => { + input_used += discard; + output_added += etd + .encode(&mut output[output_added..]) + .unwrap(); + } + UnbufferedStatus { + state: Ok(ConnectionState::TransmitTlsData(ttd)), + discard, + } => { + input_used += discard; + ttd.done(); + return (input_used, output_added); + } + UnbufferedStatus { + state: Ok(ConnectionState::WriteTraffic(_)), + discard, + } => { + input_used += discard; + return (input_used, output_added); + } + st => { + println!("unexpected client {st:?}"); + return (input_used, output_added); + } + } + } + Self::Server(server) => { + match server.process_tls_records(&mut input[input_used..]) { + UnbufferedStatus { + state: Ok(ConnectionState::EncodeTlsData(mut etd)), + discard, + } => { + input_used += discard; + output_added += etd + .encode(&mut output[output_added..]) + .unwrap(); + } + UnbufferedStatus { + state: Ok(ConnectionState::TransmitTlsData(ttd)), + discard, + } => { + input_used += discard; + ttd.done(); + return (input_used, output_added); + } + UnbufferedStatus { + state: Ok(ConnectionState::WriteTraffic(_)), + discard, + } => { + input_used += discard; + return (input_used, output_added); + } + st => { + println!("unexpected server {st:?}"); + return (input_used, output_added); + } + } + } + } + } + } + + fn write(&mut self, data: &[u8], output: &mut [u8]) -> Result { + match self { + Self::Client(client) => match client.process_tls_records(&mut []) { + UnbufferedStatus { + state: Ok(ConnectionState::WriteTraffic(mut wt)), + .. + } => wt.encrypt(data, output), + st => panic!("unexpected write state: {st:?}"), + }, + Self::Server(server) => match server.process_tls_records(&mut []) { + UnbufferedStatus { + state: Ok(ConnectionState::WriteTraffic(mut wt)), + .. + } => wt.encrypt(data, output), + st => panic!("unexpected write state: {st:?}"), + }, + } + } + + fn read_and_discard(&mut self, mut expected: usize, input: &mut [u8]) -> usize { + let mut input_used = 0; + + let client = match self { + Self::Client(client) => client, + Self::Server(_) => todo!("server read"), + }; + + while expected > 0 { + match client.process_tls_records(&mut input[input_used..]) { + UnbufferedStatus { + state: Ok(ConnectionState::ReadTraffic(mut rt)), + discard, + } => { + input_used += discard; + let record = rt.next_record().unwrap().unwrap(); + input_used += record.discard; + expected -= record.payload.len(); + } + st => panic!("unexpected read state: {st:?}"), + } + } + + input_used + } +} + fn do_handshake_step(client: &mut ClientConnection, server: &mut ServerConnection) -> bool { if server.is_handshaking() || client.is_handshaking() { transfer(client, server, None); From c2d0db5b4ac69fb0e574844f26d9e56c4e1ca33f Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Thu, 27 Jun 2024 14:05:47 +0100 Subject: [PATCH 1122/1145] clippy: disable `incompatible_msrv` in CI We rely on the msrv job for this check, and `clippy::incompatible_msrv` has false positives around tests, and non-core-crate programs like `bench`. --- .github/workflows/build.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6fe13bd2ed..afbca06636 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -407,6 +407,11 @@ jobs: clippy: name: Clippy runs-on: ubuntu-latest + env: + # - we want to be free of any warnings, so deny them + # - disable incompatible_msrv as it does not understand that we apply our + # MSRV to the just the core crate. + CLIPPY_PARAMS: --deny warnings --allow clippy::incompatible_msrv steps: - name: Checkout sources uses: actions/checkout@v4 @@ -418,10 +423,10 @@ jobs: components: clippy # because examples enable rustls' features, `--workspace --no-default-features` is not # the same as `--package rustls --no-default-features` so run it separately - - run: cargo clippy --locked --package rustls --no-default-features --all-targets -- --deny warnings - - run: cargo clippy --locked --workspace --all-features --all-targets -- --deny warnings + - run: cargo clippy --locked --package rustls --no-default-features --all-targets -- $CLIPPY_PARAMS + - run: cargo clippy --locked --workspace --all-features --all-targets -- $CLIPPY_PARAMS # not part of the workspace - - run: cargo clippy --locked --manifest-path=fuzz/Cargo.toml --all-features --all-targets -- --deny warnings + - run: cargo clippy --locked --manifest-path=fuzz/Cargo.toml --all-features --all-targets -- $CLIPPY_PARAMS clippy-nightly: name: Clippy (Nightly) From 9bb69127953481f79a951d2a13d4ef6ea8bcb0ed Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 1 Jul 2024 12:48:09 +0100 Subject: [PATCH 1123/1145] Allow CLI to specify which API to test --- rustls/examples/internal/bench_impl.rs | 66 ++++++++++++++++++-------- 1 file changed, 46 insertions(+), 20 deletions(-) diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index fe76a56fa9..271b7ca60d 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -9,7 +9,7 @@ use std::sync::Arc; use std::time::{Duration, Instant}; use std::{fs, mem}; -use clap::Parser; +use clap::{Parser, ValueEnum}; use pki_types::{CertificateDer, PrivateKeyDer}; use rustls::client::{Resumption, UnbufferedClientConnection}; #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] @@ -36,6 +36,7 @@ pub fn main() { let options = Options { work_multiplier: args.multiplier, + api: args.api, }; match args.command() { @@ -91,6 +92,9 @@ struct Args { )] multiplier: f64, + #[arg(long, value_enum, default_value_t = Api::Both, help = "Choose buffered or unbuffered API")] + api: Api, + #[command(subcommand)] command: Option, } @@ -159,6 +163,23 @@ enum Command { AllTests, } +#[derive(Clone, Copy, Debug, ValueEnum)] +enum Api { + Both, + Buffered, + Unbuffered, +} + +impl Api { + fn use_buffered(&self) -> bool { + matches!(*self, Api::Both | Api::Buffered) + } + + fn use_unbuffered(&self) -> bool { + matches!(*self, Api::Both | Api::Unbuffered) + } +} + fn all_tests(options: &Options) { for test in ALL_BENCHMARKS.iter() { bench_bulk(test, options, 1024 * 1024, None); @@ -263,28 +284,32 @@ fn bench_bulk( }); let rounds = total_data / plaintext_size; - report_bulk_result( - "bulk", - bench_bulk_buffered( - client_config.clone(), - server_config.clone(), + if options.api.use_buffered() { + report_bulk_result( + "bulk", + bench_bulk_buffered( + client_config.clone(), + server_config.clone(), + plaintext_size, + rounds, + ), plaintext_size, rounds, - ), - plaintext_size, - rounds, - max_fragment_size, - params, - ); + max_fragment_size, + params, + ); + } - report_bulk_result( - "bulk-unbuffered", - bench_bulk_unbuffered(client_config, server_config, plaintext_size, rounds), - plaintext_size, - rounds, - max_fragment_size, - params, - ); + if options.api.use_unbuffered() { + report_bulk_result( + "bulk-unbuffered", + bench_bulk_unbuffered(client_config, server_config, plaintext_size, rounds), + plaintext_size, + rounds, + max_fragment_size, + params, + ); + } } fn bench_bulk_buffered( @@ -564,6 +589,7 @@ impl ResumptionParam { #[derive(Debug, Clone)] struct Options { work_multiplier: f64, + api: Api, } impl Options { From 7ee32e838c54c2942ef37c7bfa899372ce5f4bbb Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 1 Jul 2024 14:40:10 +0100 Subject: [PATCH 1124/1145] Extract buffered-specific parts of handshake tests --- rustls/examples/internal/bench_impl.rs | 56 +++++++++++++++++++++----- 1 file changed, 46 insertions(+), 10 deletions(-) diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 271b7ca60d..9e18b19574 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -209,30 +209,59 @@ fn bench_handshake( } else { 4096 }); - let mut client_time = 0f64; - let mut server_time = 0f64; + + if options.api.use_buffered() { + report_handshake_result( + "handshakes", + params, + clientauth, + resume, + rounds, + bench_handshake_buffered(rounds, client_config, server_config), + ); + } +} + +fn bench_handshake_buffered( + rounds: u64, + client_config: Arc, + server_config: Arc, +) -> Timings { + let mut timings = Timings::default(); for _ in 0..rounds { let server_name = "localhost".try_into().unwrap(); let mut client = ClientConnection::new(Arc::clone(&client_config), server_name).unwrap(); let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); - server_time += time(|| { + timings.server += time(|| { transfer(&mut client, &mut server, None); }); - client_time += time(|| { + timings.client += time(|| { transfer(&mut server, &mut client, None); }); - server_time += time(|| { + timings.server += time(|| { transfer(&mut client, &mut server, None); }); - client_time += time(|| { + timings.client += time(|| { transfer(&mut server, &mut client, None); }); } + timings +} + +fn report_handshake_result( + variant: &str, + params: &BenchmarkParam, + clientauth: ClientAuth, + resume: ResumptionParam, + rounds: u64, + timings: Timings, +) { println!( - "handshakes\t{:?}\t{:?}\t{:?}\tclient\t{}\t{}\t{:.2}\thandshake/s", + "{}\t{:?}\t{:?}\t{:?}\tclient\t{}\t{}\t{:.2}\thandshake/s", + variant, params.version, params.key_type, params.ciphersuite.suite(), @@ -242,10 +271,11 @@ fn bench_handshake( "server-auth" }, resume.label(), - (rounds as f64) / client_time + (rounds as f64) / timings.client ); println!( - "handshakes\t{:?}\t{:?}\t{:?}\tserver\t{}\t{}\t{:.2}\thandshake/s", + "{}\t{:?}\t{:?}\t{:?}\tserver\t{}\t{}\t{:.2}\thandshake/s", + variant, params.version, params.key_type, params.ciphersuite.suite(), @@ -255,10 +285,16 @@ fn bench_handshake( "server-auth" }, resume.label(), - (rounds as f64) / server_time + (rounds as f64) / timings.server ); } +#[derive(Debug, Default)] +struct Timings { + client: f64, + server: f64, +} + fn bench_bulk( params: &BenchmarkParam, options: &Options, From 9be5b1a0a1b471e66989010e06e3afb504c9191c Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 1 Jul 2024 15:03:19 +0100 Subject: [PATCH 1125/1145] Correct client handshake performance measurements Previously this ignored all computation taking place in `ClientConnection::new`. That was a small amount in TLS1.2, but larger in TLS1.3. Indicative changes in the results look like: Before: > handshakes TLSv1_3 Rsa2048 TLS13_AES_128_GCM_SHA256 client server-auth no-resume 12802.14 handshake/s > handshakes TLSv1_3 Rsa2048 TLS13_AES_128_GCM_SHA256 server server-auth no-resume 2080.38 handshake/s After: > handshakes TLSv1_3 Rsa2048 TLS13_AES_128_GCM_SHA256 client server-auth no-resume 11518.38 handshake/s > handshakes TLSv1_3 Rsa2048 TLS13_AES_128_GCM_SHA256 server server-auth no-resume 2071.41 handshake/s --- rustls/examples/internal/bench_impl.rs | 33 +++++++++++++++----------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 9e18b19574..9ba7219b1d 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -230,20 +230,24 @@ fn bench_handshake_buffered( let mut timings = Timings::default(); for _ in 0..rounds { - let server_name = "localhost".try_into().unwrap(); - let mut client = ClientConnection::new(Arc::clone(&client_config), server_name).unwrap(); - let mut server = ServerConnection::new(Arc::clone(&server_config)).unwrap(); + let mut client = time(&mut timings.client, || { + let server_name = "localhost".try_into().unwrap(); + ClientConnection::new(Arc::clone(&client_config), server_name).unwrap() + }); + let mut server = time(&mut timings.server, || { + ServerConnection::new(Arc::clone(&server_config)).unwrap() + }); - timings.server += time(|| { + time(&mut timings.server, || { transfer(&mut client, &mut server, None); }); - timings.client += time(|| { + time(&mut timings.client, || { transfer(&mut server, &mut client, None); }); - timings.server += time(|| { + time(&mut timings.server, || { transfer(&mut client, &mut server, None); }); - timings.client += time(|| { + time(&mut timings.client, || { transfer(&mut server, &mut client, None); }); } @@ -367,7 +371,7 @@ fn bench_bulk_buffered( let buf = vec![0; plaintext_size as usize]; for _ in 0..rounds { - time_send += time(|| { + time(&mut time_send, || { server.writer().write_all(&buf).unwrap(); }); @@ -397,13 +401,13 @@ fn bench_bulk_unbuffered( let buf = vec![0; plaintext_size as usize]; for _ in 0..rounds { - time_send += time(|| { + time(&mut time_send, || { server.write(&buf); }); server.swap_buffers(&mut client); - time_recv += time(|| { + time(&mut time_recv, || { client.read_and_discard(buf.len()); }); } @@ -950,14 +954,15 @@ fn do_handshake(client: &mut ClientConnection, server: &mut ServerConnection) { while do_handshake_step(client, server) {} } -fn time(mut f: F) -> f64 +fn time(time_out: &mut f64, mut f: F) -> T where - F: FnMut(), + F: FnMut() -> T, { let start = Instant::now(); - f(); + let r = f(); let end = Instant::now(); - duration_nanos(end.duration_since(start)) + *time_out += duration_nanos(end.duration_since(start)); + r } fn transfer(left: &mut L, right: &mut R, expect_data: Option) -> f64 From eb9b36e9d71487ed1756aa987944ba247b688884 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 1 Jul 2024 15:42:20 +0100 Subject: [PATCH 1126/1145] Benchmark handshaking for unbuffered API --- rustls/examples/internal/bench_impl.rs | 65 +++++++++++++++++++++++++- 1 file changed, 64 insertions(+), 1 deletion(-) diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 9ba7219b1d..dc7e0cf8a4 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -217,7 +217,18 @@ fn bench_handshake( clientauth, resume, rounds, - bench_handshake_buffered(rounds, client_config, server_config), + bench_handshake_buffered(rounds, client_config.clone(), server_config.clone()), + ); + } + + if options.api.use_unbuffered() { + report_handshake_result( + "handshakes-unbuffered", + params, + clientauth, + resume, + rounds, + bench_handshake_unbuffered(rounds, client_config, server_config), ); } } @@ -250,6 +261,58 @@ fn bench_handshake_buffered( time(&mut timings.client, || { transfer(&mut server, &mut client, None); }); + + // check we reached idle + debug_assert!(!client.is_handshaking()); + debug_assert!(!server.is_handshaking()); + } + + timings +} + +fn bench_handshake_unbuffered( + rounds: u64, + client_config: Arc, + server_config: Arc, +) -> Timings { + let mut timings = Timings::default(); + + for _ in 0..rounds { + let client = time(&mut timings.client, || { + let server_name = "localhost".try_into().unwrap(); + UnbufferedClientConnection::new(Arc::clone(&client_config), server_name).unwrap() + }); + let server = time(&mut timings.server, || { + UnbufferedServerConnection::new(Arc::clone(&server_config)).unwrap() + }); + + // nb. buffer allocation is outside the library, so is outside the benchmark scope + let mut client = Unbuffered::new_client(client); + let mut server = Unbuffered::new_server(server); + + let client_wrote = time(&mut timings.client, || client.communicate()); + if client_wrote { + client.swap_buffers(&mut server); + } + + let server_wrote = time(&mut timings.server, || server.communicate()); + if server_wrote { + server.swap_buffers(&mut client); + } + + let client_wrote = time(&mut timings.client, || client.communicate()); + if client_wrote { + client.swap_buffers(&mut server); + } + + let server_wrote = time(&mut timings.server, || server.communicate()); + if server_wrote { + server.swap_buffers(&mut client); + } + + // check we reached idle + debug_assert!(!server.communicate()); + debug_assert!(!client.communicate()); } timings From b7187880b48e5e2f080c2a0cc43455d8d32fa3df Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Wed, 3 Jul 2024 10:12:54 +0100 Subject: [PATCH 1127/1145] add ecdsa+eddsa for aes-256 suite tests This is suite used for comparative handshake benchmarks with openssl. --- admin/bench-measure.mk | 1 + rustls/examples/internal/bench_impl.rs | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/admin/bench-measure.mk b/admin/bench-measure.mk index 5567ad1e6a..0cdcf6278a 100644 --- a/admin/bench-measure.mk +++ b/admin/bench-measure.mk @@ -31,6 +31,7 @@ measure: $(BENCH) $^ bulk TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 $^ bulk TLS13_AES_256_GCM_SHA384 $^ handshake TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + $^ handshake TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 $^ handshake-resume TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 $^ handshake-ticket TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 $^ handshake TLS13_AES_256_GCM_SHA384 diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index dc7e0cf8a4..7cae53de6d 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -1127,7 +1127,7 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[ #[cfg(feature = "tls12")] BenchmarkParam::new( KeyType::EcdsaP256, - cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, &rustls::version::TLS12, ), #[cfg(feature = "tls12")] @@ -1136,6 +1136,12 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[ cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, &rustls::version::TLS12, ), + #[cfg(feature = "tls12")] + BenchmarkParam::new( + KeyType::Ed25519, + cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + &rustls::version::TLS12, + ), #[cfg(not(feature = "fips"))] BenchmarkParam::new( KeyType::Rsa2048, @@ -1147,6 +1153,16 @@ static ALL_BENCHMARKS: &[BenchmarkParam] = &[ cipher_suite::TLS13_AES_256_GCM_SHA384, &rustls::version::TLS13, ), + BenchmarkParam::new( + KeyType::EcdsaP256, + cipher_suite::TLS13_AES_256_GCM_SHA384, + &rustls::version::TLS13, + ), + BenchmarkParam::new( + KeyType::Ed25519, + cipher_suite::TLS13_AES_256_GCM_SHA384, + &rustls::version::TLS13, + ), BenchmarkParam::new( KeyType::Rsa2048, cipher_suite::TLS13_AES_128_GCM_SHA256, From 29257e8daa73d26039c54437325beccbb1c5f6bb Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Wed, 3 Jul 2024 11:46:17 +0100 Subject: [PATCH 1128/1145] Validate resumption benchmarks actually do --- rustls/examples/internal/bench_impl.rs | 40 ++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 7cae53de6d..295d3122fe 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -27,7 +27,7 @@ use rustls::server::{ }; use rustls::unbuffered::{ConnectionState, EncryptError, InsufficientSizeError, UnbufferedStatus}; use rustls::{ - ClientConfig, ClientConnection, ConnectionCommon, RootCertStore, ServerConfig, + ClientConfig, ClientConnection, ConnectionCommon, HandshakeKind, RootCertStore, ServerConfig, ServerConnection, SideData, }; @@ -210,6 +210,14 @@ fn bench_handshake( 4096 }); + // warm up, and prime session cache for resumptions + bench_handshake_buffered( + 1, + ResumptionParam::No, + client_config.clone(), + server_config.clone(), + ); + if options.api.use_buffered() { report_handshake_result( "handshakes", @@ -217,7 +225,7 @@ fn bench_handshake( clientauth, resume, rounds, - bench_handshake_buffered(rounds, client_config.clone(), server_config.clone()), + bench_handshake_buffered(rounds, resume, client_config.clone(), server_config.clone()), ); } @@ -228,13 +236,14 @@ fn bench_handshake( clientauth, resume, rounds, - bench_handshake_unbuffered(rounds, client_config, server_config), + bench_handshake_unbuffered(rounds, resume, client_config, server_config), ); } } fn bench_handshake_buffered( rounds: u64, + resume: ResumptionParam, client_config: Arc, server_config: Arc, ) -> Timings { @@ -265,6 +274,8 @@ fn bench_handshake_buffered( // check we reached idle debug_assert!(!client.is_handshaking()); debug_assert!(!server.is_handshaking()); + debug_assert_eq!(client.handshake_kind(), Some(resume.as_handshake_kind())); + debug_assert_eq!(server.handshake_kind(), Some(resume.as_handshake_kind())); } timings @@ -272,6 +283,7 @@ fn bench_handshake_buffered( fn bench_handshake_unbuffered( rounds: u64, + resume: ResumptionParam, client_config: Arc, server_config: Arc, ) -> Timings { @@ -313,6 +325,14 @@ fn bench_handshake_unbuffered( // check we reached idle debug_assert!(!server.communicate()); debug_assert!(!client.communicate()); + debug_assert_eq!( + client.conn.handshake_kind(), + Some(resume.as_handshake_kind()) + ); + debug_assert_eq!( + server.conn.handshake_kind(), + Some(resume.as_handshake_kind()) + ); } timings @@ -680,6 +700,13 @@ impl ResumptionParam { } } + fn as_handshake_kind(&self) -> HandshakeKind { + match *self { + Self::No => HandshakeKind::Full, + Self::SessionId | Self::Tickets => HandshakeKind::Resumed, + } + } + fn label(&self) -> &'static str { match *self { Self::No => "no-resume", @@ -1001,6 +1028,13 @@ impl UnbufferedConnection { input_used } + + fn handshake_kind(&self) -> Option { + match self { + Self::Client(client) => client.handshake_kind(), + Self::Server(server) => server.handshake_kind(), + } + } } fn do_handshake_step(client: &mut ClientConnection, server: &mut ServerConnection) -> bool { From fefc057f49b8c028c533ccef71a4cfd2b50b8a6b Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 5 Jul 2024 12:35:20 +0100 Subject: [PATCH 1129/1145] Hoist Arc into `make_client/server_config` return type --- rustls/examples/internal/bench_impl.rs | 35 ++++++++------------------ 1 file changed, 11 insertions(+), 24 deletions(-) diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 295d3122fe..c801dc118c 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -199,8 +199,8 @@ fn bench_handshake( clientauth: ClientAuth, resume: ResumptionParam, ) { - let client_config = Arc::new(make_client_config(params, clientauth, resume)); - let server_config = Arc::new(make_server_config(params, clientauth, resume, None)); + let client_config = make_client_config(params, clientauth, resume); + let server_config = make_server_config(params, clientauth, resume, None); assert!(params.ciphersuite.version() == params.version); @@ -388,17 +388,13 @@ fn bench_bulk( plaintext_size: u64, max_fragment_size: Option, ) { - let client_config = Arc::new(make_client_config( - params, - ClientAuth::No, - ResumptionParam::No, - )); - let server_config = Arc::new(make_server_config( + let client_config = make_client_config(params, ClientAuth::No, ResumptionParam::No); + let server_config = make_server_config( params, ClientAuth::No, ResumptionParam::No, max_fragment_size, - )); + ); let total_data = options.apply_work_multiplier(if plaintext_size < 8192 { 64 * 1024 * 1024 @@ -532,17 +528,8 @@ fn report_bulk_result( } fn bench_memory(params: &BenchmarkParam, conn_count: u64) { - let client_config = Arc::new(make_client_config( - params, - ClientAuth::No, - ResumptionParam::No, - )); - let server_config = Arc::new(make_server_config( - params, - ClientAuth::No, - ResumptionParam::No, - None, - )); + let client_config = make_client_config(params, ClientAuth::No, ResumptionParam::No); + let server_config = make_server_config(params, ClientAuth::No, ResumptionParam::No, None); // The target here is to end up with conn_count post-handshake // server and client sessions. @@ -585,7 +572,7 @@ fn make_server_config( client_auth: ClientAuth, resume: ResumptionParam, max_fragment_size: Option, -) -> ServerConfig { +) -> Arc { let provider = Arc::new(provider::default_provider()); let client_auth = match client_auth { ClientAuth::Yes => { @@ -617,14 +604,14 @@ fn make_server_config( } cfg.max_fragment_size = max_fragment_size; - cfg + Arc::new(cfg) } fn make_client_config( params: &BenchmarkParam, clientauth: ClientAuth, resume: ResumptionParam, -) -> ClientConfig { +) -> Arc { let mut root_store = RootCertStore::empty(); let mut rootbuf = io::BufReader::new(fs::File::open(params.key_type.path_for("ca.cert")).unwrap()); @@ -659,7 +646,7 @@ fn make_client_config( cfg.resumption = Resumption::disabled(); } - cfg + Arc::new(cfg) } fn lookup_matching_benches(name: &str) -> Vec<&BenchmarkParam> { From 8b8d5dc588f7602e025cd8d2e1ee44be38d07c30 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Fri, 5 Jul 2024 16:03:27 +0100 Subject: [PATCH 1130/1145] Refactor and explain bulk `total_data` behaviour --- rustls/examples/internal/bench_impl.rs | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index c801dc118c..c028f451f1 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -396,11 +396,15 @@ fn bench_bulk( max_fragment_size, ); - let total_data = options.apply_work_multiplier(if plaintext_size < 8192 { - 64 * 1024 * 1024 - } else { - 1024 * 1024 * 1024 - }); + // for small plaintext_sizes and their associated slowness, send + // less total data + let total_data = options.apply_work_multiplier( + 1024 * 1024 + * match plaintext_size { + ..=8192 => 64, + _ => 1024, + }, + ); let rounds = total_data / plaintext_size; if options.api.use_buffered() { From 0e2d2ac38a624255e5fb37bf46e9f9c8d4143984 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 8 Jul 2024 08:18:43 +0000 Subject: [PATCH 1131/1145] chore(deps): lock file maintenance --- Cargo.lock | 182 ++++++++++++++++++++++++------------------------ fuzz/Cargo.lock | 68 +++++++++--------- 2 files changed, 125 insertions(+), 125 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cedc9122ed..0348d4a842 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -160,7 +160,7 @@ checksum = "56e6076d38cc17cc22b0f65f31170a2ee1975e6b07f0012893aefd86ce19c987" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] @@ -291,7 +291,7 @@ checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] @@ -329,13 +329,13 @@ checksum = "8b75356056920673b02621b35afd0f7dda9306d03c79a30f5c56c44cf256e3de" [[package]] name = "async-trait" -version = "0.1.80" +version = "0.1.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca" +checksum = "6e0c28dcc82d7c8ead5cb13beb15405b57b8546e93215673ff8ca0349a028107" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] @@ -352,9 +352,9 @@ checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "aws-lc-fips-sys" -version = "0.12.9" +version = "0.12.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e5cc4286676d121ca5a2ce89e0d4ddbc2d660ac24bb17bc49607d700f49f993" +checksum = "7cfb6142ca55e3c1be078c970f46b74f93b14e732b664059ef0d0ed718c10829" dependencies = [ "bindgen", "cmake", @@ -366,9 +366,9 @@ dependencies = [ [[package]] name = "aws-lc-rs" -version = "1.7.3" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf7d844e282b4b56750b2d4e893b2205581ded8709fddd2b6aa5418c150ca877" +checksum = "a8a47f2fb521b70c11ce7369a6c5fa4bd6af7e5d62ec06303875bafe7c6ba245" dependencies = [ "aws-lc-fips-sys", "aws-lc-sys", @@ -380,9 +380,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.18.0" +version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3a2c29203f6bf296d01141cc8bb9dbd5ecd4c27843f2ee0767bcd5985a927da" +checksum = "2927c7af777b460b7ccd95f8b67acd7b4c04ec8896bf0c8e80ba30523cffc057" dependencies = [ "bindgen", "cc", @@ -444,7 +444,7 @@ version = "0.69.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "cexpr", "clang-sys", "itertools 0.12.1", @@ -457,7 +457,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.68", + "syn 2.0.69", "which", ] @@ -469,9 +469,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.5.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "block-buffer" @@ -536,9 +536,9 @@ checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" [[package]] name = "cc" -version = "1.0.100" +version = "1.0.105" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c891175c3fb232128f48de6590095e59198bbeb8620c310be349bfc3afd12c7b" +checksum = "5208975e568d83b6b05cc0a063c8e7e9acc2b43bee6da15616a5b73e109d7437" dependencies = [ "jobserver", "libc", @@ -608,9 +608,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.7" +version = "4.5.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5db83dced34638ad474f39f250d7fea9598bdd239eaced1bdf45d597da0f433f" +checksum = "84b3edb18336f4df585bc9aa31dd99c036dfa5dc5e9a2939a722a188f3a8970d" dependencies = [ "clap_builder", "clap_derive", @@ -618,9 +618,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.7" +version = "4.5.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7e204572485eb3fbf28f871612191521df159bc3e15a9f5064c66dba3a8c05f" +checksum = "c1c09dd5ada6c6c78075d6fd0da3f90d8080651e2d6cc8eb2f1aaa4034ced708" dependencies = [ "anstream", "anstyle", @@ -630,14 +630,14 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.5" +version = "4.5.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c780290ccf4fb26629baa7a1081e68ced113f1d3ec302fa5948f1c381ebf06c6" +checksum = "2bac35c6dafb060fd4d275d9a4ffae97917c13a6327903a8be2153cd964f7085" dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] @@ -764,7 +764,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] @@ -838,9 +838,9 @@ dependencies = [ [[package]] name = "either" -version = "1.12.0" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b" +checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" [[package]] name = "elliptic-curve" @@ -871,7 +871,7 @@ dependencies = [ "heck 0.4.1", "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] @@ -1517,7 +1517,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e310b3a6b5907f99202fcdb4960ff45b93735d7c7d96b760fcff8db2dc0e103d" dependencies = [ "cfg-if", - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -1556,9 +1556,9 @@ dependencies = [ [[package]] name = "log" -version = "0.4.21" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" dependencies = [ "value-bag", ] @@ -1629,9 +1629,9 @@ dependencies = [ [[package]] name = "num-bigint" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c165a9ab64cf766f73521c0dd2cfdff64f488b8f0b3e621face3462d3db536d7" +checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" dependencies = [ "num-integer", "num-traits", @@ -1702,9 +1702,9 @@ dependencies = [ [[package]] name = "object" -version = "0.36.0" +version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "576dfe1fc8f9df304abb159d767a29d0476f7750fbf8aa7ad07816004a207434" +checksum = "081b846d1d56ddfc18fdf1a922e4f6e07a11768ea1b92dec44e42b72712ccfce" dependencies = [ "memchr", ] @@ -1727,7 +1727,7 @@ version = "0.10.64" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "cfg-if", "foreign-types", "libc", @@ -1744,7 +1744,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] @@ -1807,7 +1807,7 @@ dependencies = [ "libc", "redox_syscall", "smallvec", - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -1955,7 +1955,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] @@ -2061,7 +2061,7 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c82cf8cff14456045f55ec4241383baeff27af886adb72ffb2162f99911de0fd" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", ] [[package]] @@ -2190,7 +2190,7 @@ version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "errno", "libc", "linux-raw-sys 0.4.14", @@ -2446,29 +2446,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.203" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" +checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.203" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" +checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] name = "serde_json" -version = "1.0.117" +version = "1.0.120" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3" +checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5" dependencies = [ "itoa", "ryu", @@ -2567,9 +2567,9 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "subtle" -version = "2.6.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d0208408ba0c3df17ed26eb06992cb1a1268d41b2c0e12e65203fbe3972cee5" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" @@ -2584,9 +2584,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.68" +version = "2.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "901fa70d88b9d6c98022e23b4136f9f3e54e4662c3bc1bd1d84a42a9a0f0c1e9" +checksum = "201fcda3845c23e8212cd466bfebf0bd20694490fc0356ae8e428e0824a915a6" dependencies = [ "proc-macro2", "quote", @@ -2619,7 +2619,7 @@ checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] @@ -2663,9 +2663,9 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "tinyvec" -version = "1.6.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" +checksum = "ce6b6a2fb3a985e99cebfaefa9faa3024743da73304ca1c683a36429613d3d22" dependencies = [ "tinyvec_macros", ] @@ -2701,7 +2701,7 @@ checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] @@ -2746,7 +2746,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] @@ -2875,7 +2875,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", "wasm-bindgen-shared", ] @@ -2909,7 +2909,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3009,7 +3009,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -3029,18 +3029,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm 0.52.5", - "windows_aarch64_msvc 0.52.5", - "windows_i686_gnu 0.52.5", + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", "windows_i686_gnullvm", - "windows_i686_msvc 0.52.5", - "windows_x86_64_gnu 0.52.5", - "windows_x86_64_gnullvm 0.52.5", - "windows_x86_64_msvc 0.52.5", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", ] [[package]] @@ -3051,9 +3051,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" @@ -3063,9 +3063,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" @@ -3075,15 +3075,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" [[package]] name = "windows_i686_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" @@ -3093,9 +3093,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" @@ -3105,9 +3105,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" @@ -3117,9 +3117,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" @@ -3129,9 +3129,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winreg" @@ -3166,22 +3166,22 @@ dependencies = [ [[package]] name = "zerocopy" -version = "0.7.34" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae87e3fcd617500e5d106f0380cf7b77f3c6092aae37191433159dda23cfb087" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.7.34" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] @@ -3201,7 +3201,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.69", ] [[package]] diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 79a977e1e0..17bd9a71a2 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -19,9 +19,9 @@ checksum = "64cf76cb6e2222ed0ea86b2b0ee2f71c96ec6edd5af42e84d59160e91b836ec4" [[package]] name = "aws-lc-rs" -version = "1.7.3" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf7d844e282b4b56750b2d4e893b2205581ded8709fddd2b6aa5418c150ca877" +checksum = "a8a47f2fb521b70c11ce7369a6c5fa4bd6af7e5d62ec06303875bafe7c6ba245" dependencies = [ "aws-lc-sys", "mirai-annotations", @@ -31,9 +31,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.18.0" +version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3a2c29203f6bf296d01141cc8bb9dbd5ecd4c27843f2ee0767bcd5985a927da" +checksum = "2927c7af777b460b7ccd95f8b67acd7b4c04ec8896bf0c8e80ba30523cffc057" dependencies = [ "bindgen", "cc", @@ -69,15 +69,15 @@ dependencies = [ [[package]] name = "bitflags" -version = "2.5.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "cc" -version = "1.0.100" +version = "1.0.105" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c891175c3fb232128f48de6590095e59198bbeb8620c310be349bfc3afd12c7b" +checksum = "5208975e568d83b6b05cc0a063c8e7e9acc2b43bee6da15616a5b73e109d7437" dependencies = [ "jobserver", "libc", @@ -127,9 +127,9 @@ checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" [[package]] name = "either" -version = "1.12.0" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b" +checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" [[package]] name = "errno" @@ -236,9 +236,9 @@ checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "log" -version = "0.4.21" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] name = "memchr" @@ -425,15 +425,15 @@ checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" [[package]] name = "subtle" -version = "2.6.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d0208408ba0c3df17ed26eb06992cb1a1268d41b2c0e12e65203fbe3972cee5" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.68" +version = "2.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "901fa70d88b9d6c98022e23b4136f9f3e54e4662c3bc1bd1d84a42a9a0f0c1e9" +checksum = "201fcda3845c23e8212cd466bfebf0bd20694490fc0356ae8e428e0824a915a6" dependencies = [ "proc-macro2", "quote", @@ -481,9 +481,9 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ "windows_aarch64_gnullvm", "windows_aarch64_msvc", @@ -497,51 +497,51 @@ dependencies = [ [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" [[package]] name = "windows_i686_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "zeroize" From 54b3b5ed05bbb64235a7a72f3a4a66132ace3155 Mon Sep 17 00:00:00 2001 From: Lukas Velikov Date: Fri, 5 Jul 2024 22:19:02 -0400 Subject: [PATCH 1132/1145] Refactor AlwaysResolvesChain to take existing CertifiedKey --- rustls/src/server/builder.rs | 12 +++++------- rustls/src/server/handy.rs | 20 ++++++-------------- 2 files changed, 11 insertions(+), 21 deletions(-) diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 432a6ea02f..3e0ae082e4 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -7,8 +7,8 @@ use pki_types::{CertificateDer, PrivateKeyDer}; use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::crypto::CryptoProvider; use crate::error::Error; -use crate::msgs::handshake::CertificateChain; use crate::server::{handy, ResolvesServerCert, ServerConfig}; +use crate::sign::CertifiedKey; use crate::time_provider::TimeProvider; use crate::verify::{ClientCertVerifier, NoClientAuth}; use crate::{compress, versions, NoKeyLog}; @@ -74,7 +74,8 @@ impl ConfigBuilder { .provider .key_provider .load_private_key(key_der)?; - let resolver = handy::AlwaysResolvesChain::new(private_key, CertificateChain(cert_chain)); + let certified_key = CertifiedKey::new(cert_chain, private_key); + let resolver = handy::AlwaysResolvesChain::new(certified_key); Ok(self.with_cert_resolver(Arc::new(resolver))) } @@ -100,11 +101,8 @@ impl ConfigBuilder { .provider .key_provider .load_private_key(key_der)?; - let resolver = handy::AlwaysResolvesChain::new_with_extras( - private_key, - CertificateChain(cert_chain), - ocsp, - ); + let certified_key = CertifiedKey::new(cert_chain, private_key); + let resolver = handy::AlwaysResolvesChain::new_with_extras(certified_key, ocsp); Ok(self.with_cert_resolver(Arc::new(resolver))) } diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index 24ada20756..2ce78a920b 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -2,7 +2,6 @@ use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; -use crate::msgs::handshake::CertificateChain; use crate::server::ClientHello; use crate::{server, sign}; @@ -172,23 +171,16 @@ impl server::ProducesTickets for NeverProducesTickets { pub(super) struct AlwaysResolvesChain(Arc); impl AlwaysResolvesChain { - /// Creates an `AlwaysResolvesChain`, using the supplied key and certificate chain. - pub(super) fn new( - private_key: Arc, - chain: CertificateChain<'static>, - ) -> Self { - Self(Arc::new(sign::CertifiedKey::new(chain.0, private_key))) + /// Creates an `AlwaysResolvesChain`, using the supplied `CertifiedKey`. + pub(super) fn new(certified_key: sign::CertifiedKey) -> Self { + Self(Arc::new(certified_key)) } - /// Creates an `AlwaysResolvesChain`, using the supplied key, certificate chain and OCSP response. + /// Creates an `AlwaysResolvesChain`, using the supplied `CertifiedKey` and OCSP response. /// /// If non-empty, the given OCSP response is attached. - pub(super) fn new_with_extras( - private_key: Arc, - chain: CertificateChain<'static>, - ocsp: Vec, - ) -> Self { - let mut r = Self::new(private_key, chain); + pub(super) fn new_with_extras(certified_key: sign::CertifiedKey, ocsp: Vec) -> Self { + let mut r = Self::new(certified_key); { let cert = Arc::make_mut(&mut r.0); From 20fdce6ad961c4b2901b42cc8c0289e4d51b3cd2 Mon Sep 17 00:00:00 2001 From: Lukas Velikov Date: Fri, 5 Jul 2024 22:20:10 -0400 Subject: [PATCH 1133/1145] Call CertifiedKey::keys_match from ConfigBuilder::with_single_cert* --- rustls/src/server/builder.rs | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 3e0ae082e4..6a58a6128e 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -11,7 +11,7 @@ use crate::server::{handy, ResolvesServerCert, ServerConfig}; use crate::sign::CertifiedKey; use crate::time_provider::TimeProvider; use crate::verify::{ClientCertVerifier, NoClientAuth}; -use crate::{compress, versions, NoKeyLog}; +use crate::{compress, versions, InconsistentKeys, NoKeyLog}; impl ConfigBuilder { /// Choose how to verify client certificates. @@ -63,7 +63,9 @@ impl ConfigBuilder { /// `aws-lc-rs` and `ring` [`CryptoProvider`]s support all three encodings, /// but other `CryptoProviders` may not. /// - /// This function fails if `key_der` is invalid. + /// This function fails if `key_der` is invalid, or if the + /// `SubjectPublicKeyInfo` from the private key does not match the public + /// key for the end-entity certificate from the `cert_chain`. pub fn with_single_cert( self, cert_chain: Vec>, @@ -74,7 +76,14 @@ impl ConfigBuilder { .provider .key_provider .load_private_key(key_der)?; + let certified_key = CertifiedKey::new(cert_chain, private_key); + match certified_key.keys_match() { + // Don't treat unknown consistency as an error + Ok(()) | Err(Error::InconsistentKeys(InconsistentKeys::Unknown)) => (), + Err(err) => return Err(err), + } + let resolver = handy::AlwaysResolvesChain::new(certified_key); Ok(self.with_cert_resolver(Arc::new(resolver))) } @@ -89,7 +98,9 @@ impl ConfigBuilder { /// but other `CryptoProviders` may not. /// `ocsp` is a DER-encoded OCSP response. Ignored if zero length. /// - /// This function fails if `key_der` is invalid. + /// This function fails if `key_der` is invalid, or if the + /// `SubjectPublicKeyInfo` from the private key does not match the public + /// key for the end-entity certificate from the `cert_chain`. pub fn with_single_cert_with_ocsp( self, cert_chain: Vec>, @@ -101,7 +112,14 @@ impl ConfigBuilder { .provider .key_provider .load_private_key(key_der)?; + let certified_key = CertifiedKey::new(cert_chain, private_key); + match certified_key.keys_match() { + // Don't treat unknown consistency as an error + Ok(()) | Err(Error::InconsistentKeys(InconsistentKeys::Unknown)) => (), + Err(err) => return Err(err), + } + let resolver = handy::AlwaysResolvesChain::new_with_extras(certified_key, ocsp); Ok(self.with_cert_resolver(Arc::new(resolver))) } From b5895c717c9a485156f9c8a50a1c3be0e1602d1e Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 8 Jul 2024 13:56:23 +0100 Subject: [PATCH 1134/1145] Add `public_key()` for all built-in `SigningKey`s --- rustls/src/crypto/aws_lc_rs/sign.rs | 29 +++++++++++++++++++++++--- rustls/src/crypto/ring/sign.rs | 30 +++++++++++++++++++++++---- rustls/src/crypto/signer.rs | 28 ++++++++++++++++++++++++- rustls/src/x509.rs | 32 ++++++++++++++++++++++++----- rustls/tests/api.rs | 13 ++++++++++++ 5 files changed, 119 insertions(+), 13 deletions(-) diff --git a/rustls/src/crypto/aws_lc_rs/sign.rs b/rustls/src/crypto/aws_lc_rs/sign.rs index e8000a3b1f..b6fc59e833 100644 --- a/rustls/src/crypto/aws_lc_rs/sign.rs +++ b/rustls/src/crypto/aws_lc_rs/sign.rs @@ -7,13 +7,14 @@ use alloc::vec::Vec; use alloc::{format, vec}; use core::fmt::{self, Debug, Formatter}; -use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; +use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer, SubjectPublicKeyInfoDer}; +use webpki::alg_id; use super::ring_like::rand::SystemRandom; -use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, KeyPair, RsaKeyPair}; +use crate::crypto::signer::{public_key_to_spki, Signer, SigningKey}; use crate::enums::{SignatureAlgorithm, SignatureScheme}; use crate::error::Error; -use crate::sign::{Signer, SigningKey}; /// Parse `der` as any supported key encoding/type, returning /// the first which works. @@ -129,6 +130,13 @@ impl SigningKey for RsaSigningKey { .map(|scheme| RsaSigner::new(Arc::clone(&self.key), *scheme)) } + fn public_key(&self) -> Option> { + Some(public_key_to_spki( + &alg_id::RSA_ENCRYPTION, + self.key.public_key(), + )) + } + fn algorithm(&self) -> SignatureAlgorithm { SignatureAlgorithm::RSA } @@ -247,6 +255,17 @@ impl SigningKey for EcdsaSigningKey { } } + fn public_key(&self) -> Option> { + let id = match self.scheme { + SignatureScheme::ECDSA_NISTP256_SHA256 => alg_id::ECDSA_P256, + SignatureScheme::ECDSA_NISTP384_SHA384 => alg_id::ECDSA_P384, + SignatureScheme::ECDSA_NISTP521_SHA512 => alg_id::ECDSA_P521, + _ => unreachable!(), + }; + + Some(public_key_to_spki(&id, self.key.public_key())) + } + fn algorithm(&self) -> SignatureAlgorithm { self.scheme.algorithm() } @@ -331,6 +350,10 @@ impl SigningKey for Ed25519SigningKey { } } + fn public_key(&self) -> Option> { + Some(public_key_to_spki(&alg_id::ED25519, self.key.public_key())) + } + fn algorithm(&self) -> SignatureAlgorithm { self.scheme.algorithm() } diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index 9234d61853..eac5dc7bd1 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -7,14 +7,15 @@ use alloc::vec::Vec; use alloc::{format, vec}; use core::fmt::{self, Debug, Formatter}; -use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; +use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer, SubjectPublicKeyInfoDer}; +use webpki::alg_id; use super::ring_like::io::der; use super::ring_like::rand::{SecureRandom, SystemRandom}; -use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, KeyPair, RsaKeyPair}; +use crate::crypto::signer::{public_key_to_spki, Signer, SigningKey}; use crate::enums::{SignatureAlgorithm, SignatureScheme}; use crate::error::Error; -use crate::sign::{Signer, SigningKey}; use crate::x509::{asn1_wrap, wrap_in_sequence}; /// Parse `der` as any supported key encoding/type, returning @@ -123,6 +124,13 @@ impl SigningKey for RsaSigningKey { .map(|scheme| RsaSigner::new(Arc::clone(&self.key), *scheme)) } + fn public_key(&self) -> Option> { + Some(public_key_to_spki( + &alg_id::RSA_ENCRYPTION, + self.key.public_key(), + )) + } + fn algorithm(&self) -> SignatureAlgorithm { SignatureAlgorithm::RSA } @@ -243,7 +251,7 @@ impl EcdsaSigningKey { _ => unreachable!(), // all callers are in this file }; - let sec1_wrap = asn1_wrap(der::Tag::OctetString as u8, maybe_sec1_der); + let sec1_wrap = asn1_wrap(der::Tag::OctetString as u8, maybe_sec1_der, &[]); let mut pkcs8_inner = Vec::with_capacity(pkcs8_prefix.len() + sec1_wrap.len()); pkcs8_inner.extend_from_slice(pkcs8_prefix); @@ -285,6 +293,16 @@ impl SigningKey for EcdsaSigningKey { } } + fn public_key(&self) -> Option> { + let id = match self.scheme { + SignatureScheme::ECDSA_NISTP256_SHA256 => alg_id::ECDSA_P256, + SignatureScheme::ECDSA_NISTP384_SHA384 => alg_id::ECDSA_P384, + _ => unreachable!(), + }; + + Some(public_key_to_spki(&id, self.key.public_key())) + } + fn algorithm(&self) -> SignatureAlgorithm { self.scheme.algorithm() } @@ -369,6 +387,10 @@ impl SigningKey for Ed25519SigningKey { } } + fn public_key(&self) -> Option> { + Some(public_key_to_spki(&alg_id::ED25519, self.key.public_key())) + } + fn algorithm(&self) -> SignatureAlgorithm { self.scheme.algorithm() } diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index 12ff97a0d4..dcb48e700b 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -3,11 +3,12 @@ use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; -use pki_types::{CertificateDer, SubjectPublicKeyInfoDer}; +use pki_types::{AlgorithmIdentifier, CertificateDer, SubjectPublicKeyInfoDer}; use crate::enums::{SignatureAlgorithm, SignatureScheme}; use crate::error::{Error, InconsistentKeys}; use crate::server::ParsedCertificate; +use crate::x509; /// An abstract signing key. /// @@ -134,3 +135,28 @@ impl CertifiedKey { .ok_or(Error::NoCertificatesPresented) } } + +#[cfg_attr(not(any(feature = "aws_lc_rs", feature = "ring")), allow(dead_code))] +pub(crate) fn public_key_to_spki( + alg_id: &AlgorithmIdentifier, + public_key: impl AsRef<[u8]>, +) -> SubjectPublicKeyInfoDer<'static> { + // SubjectPublicKeyInfo ::= SEQUENCE { + // algorithm AlgorithmIdentifier, + // subjectPublicKey BIT STRING } + // + // AlgorithmIdentifier ::= SEQUENCE { + // algorithm OBJECT IDENTIFIER, + // parameters ANY DEFINED BY algorithm OPTIONAL } + // + // note that the `pki_types::AlgorithmIdentifier` type is the + // concatenation of `algorithm` and `parameters`, but misses the + // outer `Sequence`. + + let mut spki_inner = x509::wrap_in_sequence(alg_id.as_ref()); + spki_inner.extend(&x509::wrap_in_bit_string(public_key.as_ref())); + + let spki = x509::wrap_in_sequence(&spki_inner); + + SubjectPublicKeyInfoDer::from(spki) +} diff --git a/rustls/src/x509.rs b/rustls/src/x509.rs index a023ac7122..722ff8754d 100644 --- a/rustls/src/x509.rs +++ b/rustls/src/x509.rs @@ -2,15 +2,16 @@ use alloc::vec::Vec; -pub(crate) fn asn1_wrap(tag: u8, bytes: &[u8]) -> Vec { - let len = bytes.len(); +pub(crate) fn asn1_wrap(tag: u8, bytes_a: &[u8], bytes_b: &[u8]) -> Vec { + let len = bytes_a.len() + bytes_b.len(); if len <= 0x7f { // Short form let mut ret = Vec::with_capacity(2 + len); ret.push(tag); ret.push(len as u8); - ret.extend_from_slice(bytes); + ret.extend_from_slice(bytes_a); + ret.extend_from_slice(bytes_b); ret } else { // Long form @@ -28,17 +29,24 @@ pub(crate) fn asn1_wrap(tag: u8, bytes: &[u8]) -> Vec { ret.push(0x80 + encoded_bytes as u8); ret.extend_from_slice(&size[leading_zero_bytes..]); - ret.extend_from_slice(bytes); + ret.extend_from_slice(bytes_a); + ret.extend_from_slice(bytes_b); ret } } /// Prepend stuff to `bytes` to put it in a DER SEQUENCE. pub(crate) fn wrap_in_sequence(bytes: &[u8]) -> Vec { - asn1_wrap(DER_SEQUENCE_TAG, bytes) + asn1_wrap(DER_SEQUENCE_TAG, bytes, &[]) +} + +/// Prepend stuff to `bytes` to put it in a DER BIT STRING. +pub(crate) fn wrap_in_bit_string(bytes: &[u8]) -> Vec { + asn1_wrap(DER_BIT_STRING_TAG, &[0u8], bytes) } const DER_SEQUENCE_TAG: u8 = 0x30; +const DER_BIT_STRING_TAG: u8 = 0x03; #[cfg(test)] mod tests { @@ -109,4 +117,18 @@ mod tests { ); assert_eq!(result.len(), 0x1000000 + 6); } + + #[test] + fn test_wrap_in_bit_string() { + // The BIT STRING encoding starts with a single octet on + // the front saying how many bits to disregard from the + // last octet. So this zero means "no bits" unused, which + // is correct because our input is an string of octets. + // + // So if we encode &[0x55u8] with this function, we should get: + // + // 0x03 0x02 0x00 0x55 + // ^ tag ^ len ^ no unused bits ^ value + assert_eq!(wrap_in_bit_string(&[0x55u8]), vec![0x03, 0x02, 0x00, 0x55]); + } } diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 3114875d8e..26ef3c419e 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -7408,4 +7408,17 @@ fn tls12_connection_fails_after_key_reaches_confidentiality_limit() { } } +#[test] +fn test_keys_match_for_all_signing_key_types() { + for kt in ALL_KEY_TYPES { + let key = provider::default_provider() + .key_provider + .load_private_key(kt.get_client_key()) + .unwrap(); + let ck = sign::CertifiedKey::new(kt.get_client_chain(), key); + ck.keys_match().unwrap(); + println!("{kt:?} ok"); + } +} + const CONFIDENTIALITY_LIMIT: u64 = 1024; From bc1e543e072b90f0272a7a2e848893d2529ef040 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 8 Jul 2024 14:07:08 +0100 Subject: [PATCH 1135/1145] ring::sign: tidy up pkcs8 conversion Re-privatise `asn1_wrap` --- rustls/src/crypto/ring/sign.rs | 12 ++++-------- rustls/src/x509.rs | 15 ++++++++++++++- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index eac5dc7bd1..3f5f6f3961 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -10,13 +10,12 @@ use core::fmt::{self, Debug, Formatter}; use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer, SubjectPublicKeyInfoDer}; use webpki::alg_id; -use super::ring_like::io::der; use super::ring_like::rand::{SecureRandom, SystemRandom}; use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, KeyPair, RsaKeyPair}; use crate::crypto::signer::{public_key_to_spki, Signer, SigningKey}; use crate::enums::{SignatureAlgorithm, SignatureScheme}; use crate::error::Error; -use crate::x509::{asn1_wrap, wrap_in_sequence}; +use crate::x509::{wrap_concat_in_sequence, wrap_in_octet_string}; /// Parse `der` as any supported key encoding/type, returning /// the first which works. @@ -251,13 +250,10 @@ impl EcdsaSigningKey { _ => unreachable!(), // all callers are in this file }; - let sec1_wrap = asn1_wrap(der::Tag::OctetString as u8, maybe_sec1_der, &[]); + let sec1_wrap = wrap_in_octet_string(maybe_sec1_der); + let pkcs8 = wrap_concat_in_sequence(pkcs8_prefix, &sec1_wrap); - let mut pkcs8_inner = Vec::with_capacity(pkcs8_prefix.len() + sec1_wrap.len()); - pkcs8_inner.extend_from_slice(pkcs8_prefix); - pkcs8_inner.extend_from_slice(&sec1_wrap); - - EcdsaKeyPair::from_pkcs8(sigalg, &wrap_in_sequence(&pkcs8_inner), rng).map_err(|_| ()) + EcdsaKeyPair::from_pkcs8(sigalg, &pkcs8, rng).map_err(|_| ()) } } diff --git a/rustls/src/x509.rs b/rustls/src/x509.rs index 722ff8754d..029dc02651 100644 --- a/rustls/src/x509.rs +++ b/rustls/src/x509.rs @@ -2,7 +2,7 @@ use alloc::vec::Vec; -pub(crate) fn asn1_wrap(tag: u8, bytes_a: &[u8], bytes_b: &[u8]) -> Vec { +fn asn1_wrap(tag: u8, bytes_a: &[u8], bytes_b: &[u8]) -> Vec { let len = bytes_a.len() + bytes_b.len(); if len <= 0x7f { @@ -40,13 +40,26 @@ pub(crate) fn wrap_in_sequence(bytes: &[u8]) -> Vec { asn1_wrap(DER_SEQUENCE_TAG, bytes, &[]) } +/// Prepend stuff to `bytes_a` + `bytes_b` to put it in a DER SEQUENCE. +#[cfg_attr(not(feature = "ring"), allow(dead_code))] +pub(crate) fn wrap_concat_in_sequence(bytes_a: &[u8], bytes_b: &[u8]) -> Vec { + asn1_wrap(DER_SEQUENCE_TAG, bytes_a, bytes_b) +} + /// Prepend stuff to `bytes` to put it in a DER BIT STRING. pub(crate) fn wrap_in_bit_string(bytes: &[u8]) -> Vec { asn1_wrap(DER_BIT_STRING_TAG, &[0u8], bytes) } +/// Prepend stuff to `bytes` to put it in a DER OCTET STRING. +#[cfg_attr(not(feature = "ring"), allow(dead_code))] +pub(crate) fn wrap_in_octet_string(bytes: &[u8]) -> Vec { + asn1_wrap(DER_OCTET_STRING_TAG, bytes, &[]) +} + const DER_SEQUENCE_TAG: u8 = 0x30; const DER_BIT_STRING_TAG: u8 = 0x03; +const DER_OCTET_STRING_TAG: u8 = 0x04; #[cfg(test)] mod tests { From f781276e6ed67e9e35de09c8dfb977a591b2f033 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 8 Jul 2024 16:06:46 +0100 Subject: [PATCH 1136/1145] x509.rs: move `asn1_wrap` below callers --- rustls/src/x509.rs | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/rustls/src/x509.rs b/rustls/src/x509.rs index 029dc02651..2620fe8a4c 100644 --- a/rustls/src/x509.rs +++ b/rustls/src/x509.rs @@ -2,6 +2,28 @@ use alloc::vec::Vec; +/// Prepend stuff to `bytes` to put it in a DER SEQUENCE. +pub(crate) fn wrap_in_sequence(bytes: &[u8]) -> Vec { + asn1_wrap(DER_SEQUENCE_TAG, bytes, &[]) +} + +/// Prepend stuff to `bytes_a` + `bytes_b` to put it in a DER SEQUENCE. +#[cfg_attr(not(feature = "ring"), allow(dead_code))] +pub(crate) fn wrap_concat_in_sequence(bytes_a: &[u8], bytes_b: &[u8]) -> Vec { + asn1_wrap(DER_SEQUENCE_TAG, bytes_a, bytes_b) +} + +/// Prepend stuff to `bytes` to put it in a DER BIT STRING. +pub(crate) fn wrap_in_bit_string(bytes: &[u8]) -> Vec { + asn1_wrap(DER_BIT_STRING_TAG, &[0u8], bytes) +} + +/// Prepend stuff to `bytes` to put it in a DER OCTET STRING. +#[cfg_attr(not(feature = "ring"), allow(dead_code))] +pub(crate) fn wrap_in_octet_string(bytes: &[u8]) -> Vec { + asn1_wrap(DER_OCTET_STRING_TAG, bytes, &[]) +} + fn asn1_wrap(tag: u8, bytes_a: &[u8], bytes_b: &[u8]) -> Vec { let len = bytes_a.len() + bytes_b.len(); @@ -35,28 +57,6 @@ fn asn1_wrap(tag: u8, bytes_a: &[u8], bytes_b: &[u8]) -> Vec { } } -/// Prepend stuff to `bytes` to put it in a DER SEQUENCE. -pub(crate) fn wrap_in_sequence(bytes: &[u8]) -> Vec { - asn1_wrap(DER_SEQUENCE_TAG, bytes, &[]) -} - -/// Prepend stuff to `bytes_a` + `bytes_b` to put it in a DER SEQUENCE. -#[cfg_attr(not(feature = "ring"), allow(dead_code))] -pub(crate) fn wrap_concat_in_sequence(bytes_a: &[u8], bytes_b: &[u8]) -> Vec { - asn1_wrap(DER_SEQUENCE_TAG, bytes_a, bytes_b) -} - -/// Prepend stuff to `bytes` to put it in a DER BIT STRING. -pub(crate) fn wrap_in_bit_string(bytes: &[u8]) -> Vec { - asn1_wrap(DER_BIT_STRING_TAG, &[0u8], bytes) -} - -/// Prepend stuff to `bytes` to put it in a DER OCTET STRING. -#[cfg_attr(not(feature = "ring"), allow(dead_code))] -pub(crate) fn wrap_in_octet_string(bytes: &[u8]) -> Vec { - asn1_wrap(DER_OCTET_STRING_TAG, bytes, &[]) -} - const DER_SEQUENCE_TAG: u8 = 0x30; const DER_BIT_STRING_TAG: u8 = 0x03; const DER_OCTET_STRING_TAG: u8 = 0x04; From cd9be0d031e19dfc8a165e0fa728f73115eda591 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 8 Jul 2024 10:01:05 +0100 Subject: [PATCH 1137/1145] Prepare 0.23.11 --- Cargo.lock | 16 ++++++++-------- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0348d4a842..16ba4282a6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2211,7 +2211,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.10" +version = "0.23.11" dependencies = [ "aws-lc-rs", "base64 0.22.1", @@ -2252,7 +2252,7 @@ dependencies = [ "fxhash", "itertools 0.13.0", "rayon", - "rustls 0.23.10", + "rustls 0.23.11", "rustls-pemfile 2.1.2", "rustls-pki-types", "tikv-jemallocator", @@ -2265,7 +2265,7 @@ dependencies = [ "hickory-resolver", "regex", "ring", - "rustls 0.23.10", + "rustls 0.23.11", ] [[package]] @@ -2279,7 +2279,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.10", + "rustls 0.23.11", "rustls-pemfile 2.1.2", "rustls-pki-types", "serde", @@ -2297,7 +2297,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.10", + "rustls 0.23.11", "rustls-pemfile 2.1.2", "rustls-pki-types", ] @@ -2333,7 +2333,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.10", + "rustls 0.23.11", "webpki-roots 0.26.3", ] @@ -2354,7 +2354,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.10", + "rustls 0.23.11", "rustls-pki-types", "rustls-webpki 0.102.5", "sha2", @@ -2368,7 +2368,7 @@ name = "rustls-provider-test" version = "0.1.0" dependencies = [ "hex", - "rustls 0.23.10", + "rustls 0.23.11", "rustls-provider-example", "serde", "serde_json", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 17bd9a71a2..6a6309254a 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -373,7 +373,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.10" +version = "0.23.11" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index b34edef4a5..d46bec3997 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.10" +version = "0.23.11" edition = "2021" rust-version = "1.63" license = "Apache-2.0 OR ISC OR MIT" From 7b521dadb98d9198bc8f5e56efe9c14c9690aa83 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Mon, 8 Jul 2024 10:43:34 +0100 Subject: [PATCH 1138/1145] roadmap: reflect 0.23.11 --- ROADMAP.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index 99b969edb1..c9949e4b53 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -4,12 +4,6 @@ Specific features, in rough order of priority: -* **Enforce Confidentiality / Integrity Limits**. - The QUIC use of TLS mandates limited usage of AEAD keys. While TLS 1.3 and 1.2 - do not require this, the same kinds of issues can apply here, and we should - consider implementing limits for TLS over TCP as well. - rustls/rustls#755 - * **Address asynchronous handshake interruption**. Allow completion of user-provided operations to be deferred. rustls/rustls#850 @@ -34,6 +28,14 @@ General priorities: ## Past priorities +Delivered in 0.23.11: + +* **Enforce Confidentiality / Integrity Limits**. + The QUIC use of TLS mandates limited usage of AEAD keys. While TLS 1.3 and 1.2 + do not require this, the same kinds of issues can apply here, and we should + consider implementing limits for TLS over TCP as well. + rustls/rustls#755 + Delivered in 0.23.10: * **Support Encrypted Client Hello (Client Side)**. From 63eecac0a20c84263bd18faa90fe2ecf731de91f Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Sun, 14 Jul 2024 16:13:41 +0000 Subject: [PATCH 1139/1145] chore(deps): update rust crate tikv-jemallocator to 0.6 --- Cargo.lock | 8 ++++---- ci-bench/Cargo.toml | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 16ba4282a6..9ce89d3954 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2624,9 +2624,9 @@ dependencies = [ [[package]] name = "tikv-jemalloc-sys" -version = "0.5.4+5.3.0-patched" +version = "0.6.0+5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9402443cb8fd499b6f327e40565234ff34dbda27460c5b47db0db77443dd85d1" +checksum = "cd3c60906412afa9c2b5b5a48ca6a5abe5736aec9eb48ad05037a677e52e4e2d" dependencies = [ "cc", "libc", @@ -2634,9 +2634,9 @@ dependencies = [ [[package]] name = "tikv-jemallocator" -version = "0.5.4" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "965fe0c26be5c56c94e38ba547249074803efd52adfb66de62107d95aab3eaca" +checksum = "4cec5ff18518d81584f477e9bfdf957f5bb0979b0bac3af4ca30b5b3ae2d2865" dependencies = [ "libc", "tikv-jemalloc-sys", diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index 96cf6cd71a..c1322f132f 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -19,4 +19,4 @@ rustls = { path = "../rustls", features = ["ring", "aws_lc_rs"] } rustls-pemfile = "2" [target.'cfg(not(target_env = "msvc"))'.dependencies] -tikv-jemallocator = "0.5" +tikv-jemallocator = "0.6" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index d46bec3997..f94a40b663 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -60,7 +60,7 @@ time = { version = "0.3.6", default-features = false } webpki-roots = "0.26" [target.'cfg(not(target_env = "msvc"))'.dev-dependencies] -tikv-jemallocator = "0.5" +tikv-jemallocator = "0.6" [[example]] name = "bogo_shim" From 49c31cb91739c16cec52c49c99954764b1eba331 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 15 Jul 2024 06:35:00 +0000 Subject: [PATCH 1140/1145] chore(deps): lock file maintenance --- Cargo.lock | 71 ++++++++++++++++++++++++------------------------- fuzz/Cargo.lock | 9 +++---- 2 files changed, 39 insertions(+), 41 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9ce89d3954..8589cd4469 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -160,7 +160,7 @@ checksum = "56e6076d38cc17cc22b0f65f31170a2ee1975e6b07f0012893aefd86ce19c987" dependencies = [ "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -291,7 +291,7 @@ checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11" dependencies = [ "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -335,7 +335,7 @@ checksum = "6e0c28dcc82d7c8ead5cb13beb15405b57b8546e93215673ff8ca0349a028107" dependencies = [ "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -457,7 +457,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.69", + "syn 2.0.71", "which", ] @@ -530,19 +530,18 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.6.0" +version = "1.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" +checksum = "a12916984aab3fa6e39d655a33e09c0071eb36d6ab3aea5c2d78551f1df6d952" [[package]] name = "cc" -version = "1.0.105" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5208975e568d83b6b05cc0a063c8e7e9acc2b43bee6da15616a5b73e109d7437" +checksum = "324c74f2155653c90b04f25b2a47a8a631360cb908f92a772695f430c7e31052" dependencies = [ "jobserver", "libc", - "once_cell", ] [[package]] @@ -608,9 +607,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.8" +version = "4.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "84b3edb18336f4df585bc9aa31dd99c036dfa5dc5e9a2939a722a188f3a8970d" +checksum = "64acc1846d54c1fe936a78dc189c34e28d3f5afc348403f28ecf53660b9b8462" dependencies = [ "clap_builder", "clap_derive", @@ -618,9 +617,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.8" +version = "4.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1c09dd5ada6c6c78075d6fd0da3f90d8080651e2d6cc8eb2f1aaa4034ced708" +checksum = "6fb8393d67ba2e7bfaf28a23458e4e2b543cc73a99595511eb207fdb8aede942" dependencies = [ "anstream", "anstyle", @@ -637,7 +636,7 @@ dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -764,7 +763,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -871,7 +870,7 @@ dependencies = [ "heck 0.4.1", "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -1744,7 +1743,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -1955,7 +1954,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -2461,7 +2460,7 @@ checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" dependencies = [ "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -2584,9 +2583,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.69" +version = "2.0.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "201fcda3845c23e8212cd466bfebf0bd20694490fc0356ae8e428e0824a915a6" +checksum = "b146dcf730474b4bcd16c311627b31ede9ab149045db4d6088b3becaea046462" dependencies = [ "proc-macro2", "quote", @@ -2604,22 +2603,22 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.61" +version = "1.0.62" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c546c80d6be4bc6a00c0f01730c08df82eaa7a7a61f11d656526506112cc1709" +checksum = "f2675633b1499176c2dff06b0856a27976a8f9d436737b4cf4f312d4d91d8bbb" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.61" +version = "1.0.62" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533" +checksum = "d20468752b09f49e909e55a5d338caa8bedf615594e9d80bc4c565d30faf798c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -2663,9 +2662,9 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "tinyvec" -version = "1.7.0" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce6b6a2fb3a985e99cebfaefa9faa3024743da73304ca1c683a36429613d3d22" +checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938" dependencies = [ "tinyvec_macros", ] @@ -2701,7 +2700,7 @@ checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -2746,7 +2745,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -2875,7 +2874,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", "wasm-bindgen-shared", ] @@ -2909,7 +2908,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3181,7 +3180,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] @@ -3201,11 +3200,11 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.69", + "syn 2.0.71", ] [[package]] name = "zlib-rs" -version = "0.2.0" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "059dbb1dfca0db0ceaa1f0b5375158361df7ce98a20a1e93041154034c99e2d2" +checksum = "e942bb8453553ee59b701f977d5331a512f8dd07906153bbe050cb9bb58a4811" diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 6a6309254a..3186626181 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -75,13 +75,12 @@ checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "cc" -version = "1.0.105" +version = "1.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5208975e568d83b6b05cc0a063c8e7e9acc2b43bee6da15616a5b73e109d7437" +checksum = "324c74f2155653c90b04f25b2a47a8a631360cb908f92a772695f430c7e31052" dependencies = [ "jobserver", "libc", - "once_cell", ] [[package]] @@ -431,9 +430,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.69" +version = "2.0.71" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "201fcda3845c23e8212cd466bfebf0bd20694490fc0356ae8e428e0824a915a6" +checksum = "b146dcf730474b4bcd16c311627b31ede9ab149045db4d6088b3becaea046462" dependencies = [ "proc-macro2", "quote", From dfc8ae597aec24bc159b116ee2d4272dc81e9407 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 15 Jul 2024 12:21:05 -0400 Subject: [PATCH 1141/1145] ci: remove stabilityDays from renovate config Removes `stabilityDays` (since renamed to `minimumReleaseAge`[0]) This was holding PRs back for 3 days after the dep update was released. We want these PRs basically ASAP and can tolerate subsequent point releases if there are post-release issues that cause the upstream to cut follow-ups. [0]: https://docs.renovatebot.com/configuration-options/#minimumreleaseage --- .github/renovate.json | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/renovate.json b/.github/renovate.json index b68e661b0a..7840b8a51b 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -11,7 +11,6 @@ }, "prCreation": "not-pending", "rangeStrategy": "update-lockfile", - "stabilityDays": 3, "github-actions": { "fileMatch": [ "^ci\\/.*/[^/]+\\.ya?ml$" From e58aaa8487fd4c0b8408ee2d9fe9ff31dfc47b54 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Mon, 15 Jul 2024 12:22:09 -0400 Subject: [PATCH 1142/1145] ci: add rebaseWhen to renovate config Adds `rebaseWhen`[0] with the `behind-base-branch` strategy. Previously we used the default (auto), but since our repo doesn't require branches be up-to-date for merge, the bot didn't bother rebasing with this strategy. Using behind-base-branch will do what we want here: have the bot rebase immediately when main updates. [0]: https://docs.renovatebot.com/configuration-options/#rebasewhen --- .github/renovate.json | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/renovate.json b/.github/renovate.json index 7840b8a51b..9e5c0fecde 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -11,6 +11,7 @@ }, "prCreation": "not-pending", "rangeStrategy": "update-lockfile", + "rebaseWhen": "behind-base-branch", "github-actions": { "fileMatch": [ "^ci\\/.*/[^/]+\\.ya?ml$" From 3cc2c2db8a2aef1d6bb59d614bdf70919fedb984 Mon Sep 17 00:00:00 2001 From: Shrey Amin Date: Tue, 23 Jul 2024 04:54:49 -0400 Subject: [PATCH 1143/1145] Support P521 SHA-256/SHA-384 signatures with aws-lc-rs (#2050) --- Cargo.lock | 16 ++++++++-------- fuzz/Cargo.lock | 12 ++++++------ rustls-post-quantum/Cargo.toml | 2 +- rustls/Cargo.toml | 4 ++-- rustls/src/crypto/aws_lc_rs/mod.rs | 4 ++++ 5 files changed, 21 insertions(+), 17 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8589cd4469..01ecc23897 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -366,9 +366,9 @@ dependencies = [ [[package]] name = "aws-lc-rs" -version = "1.8.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8a47f2fb521b70c11ce7369a6c5fa4bd6af7e5d62ec06303875bafe7c6ba245" +checksum = "4ae74d9bd0a7530e8afd1770739ad34b36838829d6ad61818f9230f683f5ad77" dependencies = [ "aws-lc-fips-sys", "aws-lc-sys", @@ -380,9 +380,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.19.0" +version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2927c7af777b460b7ccd95f8b67acd7b4c04ec8896bf0c8e80ba30523cffc057" +checksum = "2e89b6941c2d1a7045538884d6e760ccfffdf8e1ffc2613d8efa74305e1f3752" dependencies = [ "bindgen", "cc", @@ -2228,7 +2228,7 @@ dependencies = [ "ring", "rustls-pemfile 2.1.2", "rustls-pki-types", - "rustls-webpki 0.102.5", + "rustls-webpki 0.102.6", "rustversion", "serde", "serde_json", @@ -2355,7 +2355,7 @@ dependencies = [ "rsa", "rustls 0.23.11", "rustls-pki-types", - "rustls-webpki 0.102.5", + "rustls-webpki 0.102.6", "sha2", "signature", "webpki-roots 0.26.3", @@ -2385,9 +2385,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.102.5" +version = "0.102.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9a6fccd794a42c2c105b513a2f62bc3fd8f3ba57a4593677ceb0bd035164d78" +checksum = "8e6b52d4fda176fd835fdc55a835d4a89b8499cad995885a21149d5ad62f852e" dependencies = [ "aws-lc-rs", "ring", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 3186626181..85e181b6c1 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -19,9 +19,9 @@ checksum = "64cf76cb6e2222ed0ea86b2b0ee2f71c96ec6edd5af42e84d59160e91b836ec4" [[package]] name = "aws-lc-rs" -version = "1.8.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8a47f2fb521b70c11ce7369a6c5fa4bd6af7e5d62ec06303875bafe7c6ba245" +checksum = "4ae74d9bd0a7530e8afd1770739ad34b36838829d6ad61818f9230f683f5ad77" dependencies = [ "aws-lc-sys", "mirai-annotations", @@ -31,9 +31,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.19.0" +version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2927c7af777b460b7ccd95f8b67acd7b4c04ec8896bf0c8e80ba30523cffc057" +checksum = "2e89b6941c2d1a7045538884d6e760ccfffdf8e1ffc2613d8efa74305e1f3752" dependencies = [ "bindgen", "cc", @@ -400,9 +400,9 @@ checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" [[package]] name = "rustls-webpki" -version = "0.102.5" +version = "0.102.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9a6fccd794a42c2c105b513a2f62bc3fd8f3ba57a4593677ceb0bd035164d78" +checksum = "8e6b52d4fda176fd835fdc55a835d4a89b8499cad995885a21149d5ad62f852e" dependencies = [ "aws-lc-rs", "ring", diff --git a/rustls-post-quantum/Cargo.toml b/rustls-post-quantum/Cargo.toml index b0aae2ae4b..df887806a1 100644 --- a/rustls-post-quantum/Cargo.toml +++ b/rustls-post-quantum/Cargo.toml @@ -11,7 +11,7 @@ categories = ["network-programming", "cryptography"] [dependencies] rustls = { version = "0.23.2", features = ["aws_lc_rs"], path = "../rustls" } -aws-lc-rs = { version = "1.6", features = ["unstable"], default-features = false } +aws-lc-rs = { version = "1.8.1", features = ["unstable"], default-features = false } [dev-dependencies] env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index f94a40b663..e6412383de 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -17,7 +17,7 @@ build = "build.rs" rustversion = { version = "1.0.6", optional = true } [dependencies] -aws-lc-rs = { version = "1.6", optional = true, default-features = false, features = ["aws-lc-sys"] } +aws-lc-rs = { version = "1.8.1", optional = true, default-features = false, features = ["aws-lc-sys"] } brotli = { version = "6", optional = true, default-features = false, features = ["std"] } brotli-decompressor = { version = "4.0.1", optional = true } # 4.0.1 required for panic fix hashbrown = { version = "0.14", optional = true, default-features = false, features = ["ahash", "inline-more"] } @@ -26,7 +26,7 @@ log = { version = "0.4.4", optional = true } once_cell = { version = "1.16", default-features = false, features = ["alloc", "race"] } ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } -webpki = { package = "rustls-webpki", version = "0.102.5", features = ["alloc"], default-features = false } +webpki = { package = "rustls-webpki", version = "0.102.6", features = ["alloc"], default-features = false } pki-types = { package = "rustls-pki-types", version = "1.7", features = ["alloc"] } zeroize = "1.7" zlib-rs = { version = "0.2", optional = true } diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index ac1982c4f2..407658ff2b 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -160,6 +160,8 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms webpki_algs::ECDSA_P256_SHA384, webpki_algs::ECDSA_P384_SHA256, webpki_algs::ECDSA_P384_SHA384, + webpki_algs::ECDSA_P521_SHA256, + webpki_algs::ECDSA_P521_SHA384, webpki_algs::ECDSA_P521_SHA512, webpki_algs::ED25519, webpki_algs::RSA_PSS_2048_8192_SHA256_LEGACY_KEY, @@ -177,6 +179,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms &[ webpki_algs::ECDSA_P384_SHA384, webpki_algs::ECDSA_P256_SHA384, + webpki_algs::ECDSA_P521_SHA384, ], ), ( @@ -184,6 +187,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms &[ webpki_algs::ECDSA_P256_SHA256, webpki_algs::ECDSA_P384_SHA256, + webpki_algs::ECDSA_P521_SHA256, ], ), ( From 127a0a769ff5d8fd250170be1fd4e12b49928f8f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 18:12:47 +0000 Subject: [PATCH 1144/1145] build(deps): bump openssl from 0.10.64 to 0.10.66 Bumps [openssl](https://github.com/sfackler/rust-openssl) from 0.10.64 to 0.10.66. - [Release notes](https://github.com/sfackler/rust-openssl/releases) - [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.64...openssl-v0.10.66) --- updated-dependencies: - dependency-name: openssl dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 01ecc23897..e821404389 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1722,9 +1722,9 @@ checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" [[package]] name = "openssl" -version = "0.10.64" +version = "0.10.66" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" +checksum = "9529f4786b70a3e8c61e11179af17ab6188ad8d0ded78c5529441ed39d4bd9c1" dependencies = [ "bitflags 2.6.0", "cfg-if", @@ -1748,9 +1748,9 @@ dependencies = [ [[package]] name = "openssl-sys" -version = "0.9.102" +version = "0.9.103" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2" +checksum = "7f9e8deee91df40a943c71b917e5874b951d32a802526c85721ce3b776c929d6" dependencies = [ "cc", "libc", From ebda3856602f3af2ced19a792e6fed1d70c500e4 Mon Sep 17 00:00:00 2001 From: Shrey Amin Date: Tue, 23 Jul 2024 09:30:14 -0400 Subject: [PATCH 1145/1145] Update version to 0.23.12 --- Cargo.lock | 16 ++++++++-------- fuzz/Cargo.lock | 2 +- rustls/Cargo.toml | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e821404389..1e2d1c4e66 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2210,7 +2210,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.11" +version = "0.23.12" dependencies = [ "aws-lc-rs", "base64 0.22.1", @@ -2251,7 +2251,7 @@ dependencies = [ "fxhash", "itertools 0.13.0", "rayon", - "rustls 0.23.11", + "rustls 0.23.12", "rustls-pemfile 2.1.2", "rustls-pki-types", "tikv-jemallocator", @@ -2264,7 +2264,7 @@ dependencies = [ "hickory-resolver", "regex", "ring", - "rustls 0.23.11", + "rustls 0.23.12", ] [[package]] @@ -2278,7 +2278,7 @@ dependencies = [ "log", "mio", "rcgen", - "rustls 0.23.11", + "rustls 0.23.12", "rustls-pemfile 2.1.2", "rustls-pki-types", "serde", @@ -2296,7 +2296,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.11", + "rustls 0.23.12", "rustls-pemfile 2.1.2", "rustls-pki-types", ] @@ -2332,7 +2332,7 @@ version = "0.1.0" dependencies = [ "aws-lc-rs", "env_logger", - "rustls 0.23.11", + "rustls 0.23.12", "webpki-roots 0.26.3", ] @@ -2353,7 +2353,7 @@ dependencies = [ "rand_core", "rcgen", "rsa", - "rustls 0.23.11", + "rustls 0.23.12", "rustls-pki-types", "rustls-webpki 0.102.6", "sha2", @@ -2367,7 +2367,7 @@ name = "rustls-provider-test" version = "0.1.0" dependencies = [ "hex", - "rustls 0.23.11", + "rustls 0.23.12", "rustls-provider-example", "serde", "serde_json", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index 85e181b6c1..dd5c0aad5d 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -372,7 +372,7 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.11" +version = "0.23.12" dependencies = [ "aws-lc-rs", "log", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index e6412383de..38c5463445 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rustls" -version = "0.23.11" +version = "0.23.12" edition = "2021" rust-version = "1.63" license = "Apache-2.0 OR ISC OR MIT"